-
Notifications
You must be signed in to change notification settings - Fork 3.7k
Convert ENCRYPTION_STRICT_MODE (option.Config.EnableEncryptionStrictMode) to load-time config #42655
Copy link
Copy link
Closed as not planned
Closed as not planned
Task
Copy link
Labels
area/datapathImpacts bpf/ or low-level forwarding details, including map management and monitor messages.Impacts bpf/ or low-level forwarding details, including map management and monitor messages.area/encryptionImpacts encryption support such as IPSec, WireGuard, or kTLS.Impacts encryption support such as IPSec, WireGuard, or kTLS.area/loaderImpacts the loading of BPF programs into the kernel.Impacts the loading of BPF programs into the kernel.kind/enhancementThis would improve or streamline existing functionality.This would improve or streamline existing functionality.staleThe stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.
Description
Metadata
Metadata
Assignees
Labels
area/datapathImpacts bpf/ or low-level forwarding details, including map management and monitor messages.Impacts bpf/ or low-level forwarding details, including map management and monitor messages.area/encryptionImpacts encryption support such as IPSec, WireGuard, or kTLS.Impacts encryption support such as IPSec, WireGuard, or kTLS.area/loaderImpacts the loading of BPF programs into the kernel.Impacts the loading of BPF programs into the kernel.kind/enhancementThis would improve or streamline existing functionality.This would improve or streamline existing functionality.staleThe stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.
Convert this macro to use
DECLARE_CONFIGorNODE_CONFIGfor runtime configuration.Current definition location:
pkg/datapath/linux/config/config.go:240-262BPF usage: Used to enforce strict encryption mode where all traffic must be encrypted
Configuration source:
option.Config.EnableEncryptionStrictMode