MINOR: startup: Add HAVE_WORKING_TCP_MD5SIG in haproxy -vv

the TCP_MD5SIG ifdef is not enough to check if the feature is usable. The code might compile but the OS could prevent to use it. This patch tries to use the TCP_MD5SIG setsockopt before adding HAVE_WORKING_TCP_MD5SIG in the feature list. so it would prevent to start reg-tests if the OS can't run it.
2026-02-18 18:19:39 -05:00 · 2026-02-11 15:34:43 +01:00 · 2026-02-11 15:34:43 +01:00 · 1592ed9854
commit 1592ed9854
parent f9b3319f48
2 changed files with 26 additions and 1 deletions
--- a/reg-tests/connection/tcp_md5_signature.vtc
+++ b/reg-tests/connection/tcp_md5_signature.vtc
@ -1,6 +1,6 @@
 varnishtest "Test the support for tcp-md5sig option (linux only)"

-feature cmd "$HAPROXY_PROGRAM -cc 'feature(HAVE_TCP_MD5SIG)'"
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(HAVE_WORKING_TCP_MD5SIG)'"
 feature ignore_unknown_macro

 haproxy h1 -conf {
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@ -1029,6 +1029,31 @@ static int tcp_get_info(struct connection *conn, long long int *info, int info_n
 static void __proto_tcp_init(void)
 {
 #if defined(__linux__) && defined(TCP_MD5SIG)
+	/* check if the setsockopt works to register a line in haproxy -vv */
+	struct sockaddr_in *addr;
+	int fd;
+	struct tcp_md5sig md5 = {};
+
+
+	addr = (struct sockaddr_in *)&md5.tcpm_addr;
+
+	addr->sin_family = AF_INET;
+	addr->sin_port = 0;
+	addr->sin_addr.s_addr = htonl(0x7F000001);
+
+	fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+	if (fd < 0) {
+		goto end;
+	}
+	md5.tcpm_keylen = strlcpy2((char*)md5.tcpm_key, "foobar", sizeof(md5.tcpm_key));
+	if (setsockopt(fd, IPPROTO_TCP, TCP_MD5SIG, &md5, sizeof(md5)) < 0) {
+		goto end;
+	}
+	hap_register_feature("HAVE_WORKING_TCP_MD5SIG");
+end:
+	if (fd >= 0)
+		close(fd);
+
 	hap_register_feature("HAVE_TCP_MD5SIG");
 #endif
 }