Skip to content

Convert ENABLE_IPSEC (`pkg/datapath/linux/ipsec/cell.go` - `option.Config.EnableIPsec`) to load-time config

Convert this macro to use DECLARE_CONFIG or NODE_CONFIG for runtime configuration.

Current definition location: pkg/datapath/linux/ipsec/cell.go:52-54

if out.IPsecAgent.Enabled() {
    out.NodeDefines = map[string]string{
        "ENABLE_IPSEC": "1",
    }
}

BPF usage: Used in conditionals throughout the datapath, particularly in:

  • bpf/bpf_host.c - IPsec tunnel handling
  • bpf/lib/encap.h - Encryption encapsulation

Configuration source: option.Config.EnableIPsec