Make kTLS activation more resilient

Author: RaimoNiskanen

lib/ssl/src/inet_tls_dist.erl

@@ -932,8 +932,7 @@ inet_set_ktls(
         ok ?=
             set_ktls(
               KtlsInfo
-              #{ setopt_fun => fun ?MODULE:inet_ktls_setopt/3,
-                 getopt_fun => fun ?MODULE:inet_ktls_getopt/3 }),
+              #{ setopt_fun => fun ?MODULE:inet_ktls_setopt/3}),
         %%
         #socket_options{
            mode = _Mode,
@@ -985,23 +984,11 @@ set_ktls(KtlsInfo) ->
 
 set_ktls_ulp(
   #{ socket := Socket,
-     setopt_fun := SetoptFun,
-     getopt_fun := GetoptFun },
+     setopt_fun := SetoptFun },
   OS) ->
     %%
     {Option, Value} = ktls_opt_ulp(OS),
-    Size = byte_size(Value),
-    _ = SetoptFun(Socket, Option, Value),
-    %%
-    %% Check if kernel module loaded,
-    %% i.e if getopts Level, Opt returns Value
-    %%
-    case GetoptFun(Socket, Option, Size + 1) of
-        {ok, <<Value:Size/binary, 0>>} ->
-            ok;
-        Other ->
-            {error, {ktls_set_ulp_failed, Option, Value, Other}}
-    end.
+    SetoptFun(Socket, Option, Value).
 
 %% Set kTLS cipher
 %%
@@ -1011,26 +998,13 @@ set_ktls_cipher(
          cipher_suite := CipherSuite,
          %%
          socket := Socket,
-         setopt_fun := SetoptFun,
-         getopt_fun := GetoptFun },
+         setopt_fun := SetoptFun },
   OS, CipherState, CipherSeq, TxRx) ->
     maybe
         {ok, {Option, Value}} ?=
             ktls_opt_cipher(
               OS, TLS_version, CipherSuite, CipherState, CipherSeq, TxRx),
-        _ = SetoptFun(Socket, Option, Value),
-        case TxRx of
-            tx ->
-                Size = byte_size(Value),
-                case GetoptFun(Socket, Option, Size) of
-                    {ok, Value} ->
-                        ok;
-                    Other ->
-                        {error, {ktls_set_cipher_failed, Other}}
-                end;
-            rx ->
-                ok
-        end
+        SetoptFun(Socket, Option, Value)
     end.
 
 ktls_os() ->

lib/ssl/test/inet_epmd_cryptcookie_inet_ktls.erl

@@ -286,5 +286,4 @@ supported() ->
 inet_ktls_info(Socket, KtlsInfo) ->
     KtlsInfo
         #{ socket => Socket,
-           setopt_fun => fun inet_tls_dist:inet_ktls_setopt/3,
-           getopt_fun => fun inet_tls_dist:inet_ktls_getopt/3 }.
+           setopt_fun => fun inet_tls_dist:inet_ktls_setopt/3 }.

lib/ssl/test/inet_epmd_cryptcookie_socket_ktls.erl

@@ -233,7 +233,9 @@ stream_send(OutStream = [_ | Socket], Data) ->
     case socket:sendmsg(Socket, #{ iov => Data }) of
         ok ->
             OutStream;
-        {error, closed} ->
+        {error, Reason}
+          when Reason =:= closed;
+               Reason =:= econnreset ->
             [closed | OutStream];
         {error, Reason} ->
             erlang:error({?MODULE, ?FUNCTION_NAME, Reason, [OutStream, Data]})
@@ -273,5 +275,4 @@ supported() ->
 socket_ktls_info(Socket, KtlsInfo) ->
     KtlsInfo
         #{ socket => Socket,
-           setopt_fun => fun socket:setopt_native/3,
-           getopt_fun => fun socket:getopt_native/3 }.
+           setopt_fun => fun socket:setopt_native/3 }.

lib/ssl/test/ssl_test_lib.erl

@@ -4369,8 +4369,7 @@ ktls_os() ->
 ktls_set_ulp(Socket, OS) ->
     inet_tls_dist:set_ktls_ulp(
       #{ socket => Socket,
-         setopt_fun => fun inet_tls_dist:inet_ktls_setopt/3,
-         getopt_fun => fun inet_tls_dist:inet_ktls_getopt/3 },
+         setopt_fun => fun inet_tls_dist:inet_ktls_setopt/3 },
       OS).
 
 ktls_set_cipher(Socket, OS, TxRx, Seed) ->
@@ -4383,8 +4382,7 @@ ktls_set_cipher(Socket, OS, TxRx, Seed) ->
         #{ socket => Socket,
            tls_version => TLS_version,
            cipher_suite => TLS_cipher,
-           setopt_fun => fun inet_tls_dist:inet_ktls_setopt/3,
-           getopt_fun => fun inet_tls_dist:inet_ktls_getopt/3 },
+           setopt_fun => fun inet_tls_dist:inet_ktls_setopt/3 },
     CipherState =
         #cipher_state{
            key = TLS_KEY,