[v1.19] ipsec: remove legacy datapath code #39354
Description
For v1.18 we merged #37723. With v1.19 we can start removing some datapath code that was only needed for compatibility with v1.17:
- The support for ESP-in-VXLAN in from-overlay: datapath: remove IPsec logic in bpf_overlay #41540
- The support for RevDNAT of IPSec connections in from-container. This RevDNAT now happens in to-host: bpf: lxc: don't special-case the RevDNAT path for IPsec configs #41487
- The old
EncryptedOverlayconfig option can also go away: ipsec: remove / deprecate support for mcast's encrypted overlay mode #41740 - clean up the bpftrace logic: check-encryption-leak: don't skip plain-text TCP RST packets #41765
- remove the last bits of ESP tracing in
from-overlay: bpf:ipsec: cleanup ESP tracing in from_overlay #42242 - stop routing encrypted traffic through
cilium_host: ipsec: remove forwarding of encrypted traffic via cilium_host #41699 - stop reducing the MTU for encrypted traffic: ipsec: don't reduce post-encrypt MTU for tunnel overhead #41573