From: William Lallemand Date: Wed, 11 Feb 2026 14:34:43 +0000 (+0100) Subject: MINOR: startup: Add HAVE_WORKING_TCP_MD5SIG in haproxy -vv X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1592ed9854b56cdf67c00774ebb180265d483c20;p=thirdparty%2Fhaproxy.git MINOR: startup: Add HAVE_WORKING_TCP_MD5SIG in haproxy -vv the TCP_MD5SIG ifdef is not enough to check if the feature is usable. The code might compile but the OS could prevent to use it. This patch tries to use the TCP_MD5SIG setsockopt before adding HAVE_WORKING_TCP_MD5SIG in the feature list. so it would prevent to start reg-tests if the OS can't run it. --- diff --git a/reg-tests/connection/tcp_md5_signature.vtc b/reg-tests/connection/tcp_md5_signature.vtc index 383658e74..c82516e0e 100644 --- a/reg-tests/connection/tcp_md5_signature.vtc +++ b/reg-tests/connection/tcp_md5_signature.vtc @@ -1,6 +1,6 @@ varnishtest "Test the support for tcp-md5sig option (linux only)" -feature cmd "$HAPROXY_PROGRAM -cc 'feature(HAVE_TCP_MD5SIG)'" +feature cmd "$HAPROXY_PROGRAM -cc 'feature(HAVE_WORKING_TCP_MD5SIG)'" feature ignore_unknown_macro haproxy h1 -conf { diff --git a/src/proto_tcp.c b/src/proto_tcp.c index 727845263..0b6b71f7e 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -1029,6 +1029,31 @@ static int tcp_get_info(struct connection *conn, long long int *info, int info_n static void __proto_tcp_init(void) { #if defined(__linux__) && defined(TCP_MD5SIG) + /* check if the setsockopt works to register a line in haproxy -vv */ + struct sockaddr_in *addr; + int fd; + struct tcp_md5sig md5 = {}; + + + addr = (struct sockaddr_in *)&md5.tcpm_addr; + + addr->sin_family = AF_INET; + addr->sin_port = 0; + addr->sin_addr.s_addr = htonl(0x7F000001); + + fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (fd < 0) { + goto end; + } + md5.tcpm_keylen = strlcpy2((char*)md5.tcpm_key, "foobar", sizeof(md5.tcpm_key)); + if (setsockopt(fd, IPPROTO_TCP, TCP_MD5SIG, &md5, sizeof(md5)) < 0) { + goto end; + } + hap_register_feature("HAVE_WORKING_TCP_MD5SIG"); +end: + if (fd >= 0) + close(fd); + hap_register_feature("HAVE_TCP_MD5SIG"); #endif }