PONG on failed authentication is never received

[arcivanov]

• fluentd 1.1.0
• Fedora 27
• Configuration

<system>
  log_level debug
</system>
<source>
  @type forward
  port 24224
</source>
<source>
  @type forward
  port 24225
  <security>
    self_hostname fluenttest
    shared_key abcd1234
  </security>
</source>
<source>
  @type forward
  port 24226
  <security>
    self_hostname fluenttest
    shared_key 1234abcd
    user_auth true
    <user>
      username foo
      password bar
    </user>
  </security>
</source>
<match **>
  @type file
  @id output1
  path /fluentd/log/data.*.log
  symlink_path /fluentd/log/data.log
  append true
  time_slice_format %Y%m%d
  time_slice_wait 10m
  time_format %Y%m%dT%H%M%S%z
  buffer_path /fluentd/log/data.*.log
  <format>
    @type json
  </format>
</match>

I'm developing a new version of fluent/fluent-logger-python#124. As part of the testing suite I'm using docker with the real-life version of fluentd (1.1.0 currently) to verify proper functionality.

What I'm finding is that it looks like FluentD, upon receiving an incorrect shared key or user creds, is sending a PONG, but is also immediately closing the connection. This causes the receiving client to receive an EOF instead of a PONG.

What should be happening is the FluentD server sending a PONG, sending a socket RDWR shutdown, but should defer closing the actual socket for N seconds (15? 30?) to ensure that the client actually has a chance to receive the PONG with failed authentication reason.

[arcivanov]

Yep, this line is incorrect: https://github.com/fluent/fluentd/blob/master/lib/fluent/plugin/in_forward.rb#L203

It should be:

• shutdown write
• read waiting for EOF for a max of closing timeout
• close

[arcivanov]

In lieu of redoing all the networking the above fix should increase the likelihood that the data is actually going to be written.