5.6-compatibility, per-host connect error counter is reset only after the

successful connection, not when a client reply packet is received
(that still might be invalid).

(test case was merged with perfschema 5.6.17)

sql/sql_acl.cc

@@ -10841,7 +10841,6 @@ struct MPVIO_EXT :public MYSQL_PLUGIN_VIO
     uint pkt_len;
   } cached_server_packet;
   int packets_read, packets_written; ///< counters for send/received packets
-  uint connect_errors;      ///< if there were connect errors for this host
   bool make_it_fail;
   /** when plugin returns a failure this tells us what really happened */
   enum { SUCCESS, FAILURE, RESTART } status;
@@ -11392,9 +11391,6 @@ static ulong parse_client_handshake_packet(MPVIO_EXT *mpvio,
   */
   DBUG_ASSERT(net->read_pos[pkt_len] == 0);
 
-  if (mpvio->connect_errors)
-    reset_host_connect_errors(thd->main_security_ctx.ip);
-
   ulong client_capabilities= uint2korr(net->read_pos);
   if (client_capabilities & CLIENT_PROTOCOL_41)
   {
@@ -11972,8 +11968,6 @@ static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name,
   Perform the handshake, authorize the client and update thd sctx variables.
 
   @param thd                     thread handle
-  @param connect_errors          number of previous failed connect attemps
-                                 from this host
   @param com_change_user_pkt_len size of the COM_CHANGE_USER packet
                                  (without the first, command, byte) or 0
                                  if it's not a COM_CHANGE_USER (that is, if
@@ -11982,8 +11976,7 @@ static int do_auth_once(THD *thd, const LEX_STRING *auth_plugin_name,
   @retval 0  success, thd is updated.
   @retval 1  error
 */
-bool acl_authenticate(THD *thd, uint connect_errors,
-                      uint com_change_user_pkt_len)
+bool acl_authenticate(THD *thd, uint com_change_user_pkt_len)
 {
   int res= CR_OK;
   MPVIO_EXT mpvio;
@@ -11997,7 +11990,6 @@ bool acl_authenticate(THD *thd, uint connect_errors,
   mpvio.write_packet= server_mpvio_write_packet;
   mpvio.info= server_mpvio_info;
   mpvio.thd= thd;
-  mpvio.connect_errors= connect_errors;
   mpvio.status= MPVIO_EXT::FAILURE;
   mpvio.make_it_fail= false;
   mpvio.auth_info.host_or_ip= thd->security_ctx->host_or_ip;

sql/sql_acl.h

@@ -202,7 +202,7 @@ my_bool acl_reload(THD *thd);
 void acl_free(bool end=0);
 ulong acl_get(const char *host, const char *ip,
               const char *user, const char *db, my_bool db_is_pattern);
-bool acl_authenticate(THD *thd, uint connect_errors, uint com_change_user_pkt_len);
+bool acl_authenticate(THD *thd, uint com_change_user_pkt_len);
 bool acl_getroot(Security_context *sctx, char *user, char *host,
                  char *ip, char *db);
 bool acl_check_host(const char *host, const char *ip);

sql/sql_connect.cc

@@ -1067,7 +1067,7 @@ static int check_connection(THD *thd)
     return 1; /* The error is set by alloc(). */
   }
 
-  auth_rc= acl_authenticate(thd, connect_errors, 0);
+  auth_rc= acl_authenticate(thd, 0);
   if (auth_rc == 0 && connect_errors != 0)
   {
     /*

sql/sql_parse.cc

@@ -1224,7 +1224,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
       auth_rc= 1;
     }
     else
-      auth_rc= acl_authenticate(thd, 0, packet_length);
+      auth_rc= acl_authenticate(thd, packet_length);
 
     mysql_audit_notify_connection_change_user(thd);
     if (auth_rc)