bpf: migrate non-branching config macros to runtime configuration

[dylandreimerink]

The current step in the clang-freedom (pre-compiled eBPF programs) journey is to start transitioning compile time configuration to load-time (runtime) configuration. The necessary agent and loader infrastructure has been merged.

Runtime configuration can be defined with DECLARE_CONFIG and NODE_CONFIG. See Configuring the Datapath in the Cilium Developer docs for guidelines and principles.

This issue specifically tracks variables which do not influence control flow by enabling or disabling certain code paths. Variables used in #ifdef/#if and if(is_defined(...)) will be converted in 1.19 since dead code elimination only really landed in Linux 5.5, and Cilium 1.18 targets Linux 5.4 which will go EOL at the end of 2025. 1.19 targets Linux 5.10. We can migrate branching macros, too. Additionally, #41628 shipped in 1.19 which added dead code detection in the agent to avoid loading unused maps and tail calls. Branching macros can now safely be ported.

This issue is for migrating node_config.h and WriteNodeConfig entries to config.Node, as well as some leftover per-object configs in ep_config.h. Through this issue, we can coordinate work and keep an overview. If you want to work on a particular (set of) variable(s), drop a comment and we'll spin out an issue or assign you to a list item.

The list may change over time and may grow as we find more work in this category. When migrating variables, do a quick search through Paul's macro documentation for a good docstring to use in DECLARE_CONFIG.

• ep_config.h
  • HOST_EP_ID
  • DIRECT_ROUTING_DEV_IFINDEX
• node_config.h
  • CLUSTER_ID
  • CILIUM_IFINDEX, CILIUM_MAC (bpf: Migrate CILIUM_NET_IFINDEX, CILIUM_NET_MAC, CILIUM_HOST_IFINDEX, CILIUM_HOST_MAC to runtime config #43474)
  • TUNNEL_PORT, TUNNEL_PROTOCOL (bpf, tunnel: TUNNEL_PORT and TUNNEL_PROTOCOL to runtime config #43520)
  • KERNEL_HZ, ENABLE_JIFFIES (bpf: runtime config for KERNEL_HZ and ENABLE_JIFFIES #43112)
  • L2_ANNOUNCEMENTS(_MAX_LIVENESS) (datapath: switch l2-announcement to runtime configs #42587)
  • EPHEMERAL_MIN (bpf: Migrate EPHEMERAL_MIN to runtime config #43564)
  • IS_L3_DEV, NATIVE_DEV_MAC_BY_IFINDEX (Reimplement IS_L3_DEV and NATIVE_DEV_MAC_BY_IFINDEX using a bpf map #39116 & bpf, nodeport: source port ranges converted to runtime config #43680)
  • CLUSTER_ID_MAX (bpf: Migrate CLUSTER_ID_MAX to runtime config #42478)
  • IDENTITY_{LEN,MAX} (bpf: Migrate IDENTITY_LEN, IDENTITY_MAX to runtime config #43507)
  • VTEP_MASK (bpf: runtime config for KERNEL_HZ and ENABLE_JIFFIES #43112)
  • NODEPORT_PORT_* (bpf, nodeport: source port ranges converted to runtime config #43680)
  • IPV4_LOOPBACK (bpf: convert IPV4_LOOPBACK to runtime variable, pass IPv4 addresses using union v4addr #38818)
  • NAT_46X64_PREFIX (bpf, nat46x64: move RFC6052 prefix into node config #43799)
  • CIDR_IDENTITY_RANGE_{START,END} (bpf, datapath: move CIDR identity range to runtime config #44223)
  • HASH_INIT{4,6}_SEED (bpf: source tuple hash seeds from node config #44190)
  • EVENTS_MAP_* (bpf: wire events map rate limits through node config #44795)
  • VLAN_FILTER (Reimplement VLAN_FILTER using global array #38721)
  • Reserved security IDs (HOST_ID, WORLD_ID, ect.)
  • CT_*
  • IPV4_{MASK,GATEWAY,LOOPBACK} (bpf: convert IPV4_LOOPBACK to runtime variable, pass IPv4 addresses using union v4addr #38818)
  • IPV4_SNAT_*
  • IPV4_INTER_CLUSTER_SNAT
  • IPV6_SNAT_*
  • SNAT_COLLISION_RETRIES
  • MONITOR_AGGREGATION
  • MTU
  • DIRECT_ROUTING_DEV_IFINDEX
  • IPV{4,6}_DIRECT_ROUTING
  • IPV{4,6}_RSS_PREFIX[_BITS]
  • LB_SELECTION
  • WG_IFINDEX, WG_PORT, STRICT_IPV4_NET[_SIZE] (bpf: Migrate WG_IFINDEX and WG_PORT to runtime config #41137)