From ff0fdc7e2ca027d6cb0c63d5c1e57706e7508415 Mon Sep 17 00:00:00 2001
From: Santhosh Fernandes <santhosh.fernandes@gmail.com>
Date: Wed, 26 Oct 2022 14:20:16 +0530
Subject: [PATCH] Update config parameters (#120)

* Update config parameters

Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
Co-authored-by: Jason Niesz <Jason.Niesz@walmart.com>
---
 config/config.go  | 118 ++++++++++++++++++++--------------------------
 config/l3afd.cfg  |  30 ++++--------
 docs/configdoc.md |  83 +++++++++++++++++---------------
 kf/bpf.go         |   4 +-
 4 files changed, 109 insertions(+), 126 deletions(-)

diff --git a/config/config.go b/config/config.go
index 04083703..628fd7e4 100644
--- a/config/config.go
+++ b/config/config.go
@@ -43,29 +43,20 @@ type Config struct {
 
 	SwaggerApiEnabled bool
 
-	// Admin API endpoint config for registering l3afd.
-	AdmindHost       string
-	AdmindUsername   string
-	AdmindApiKey     string
-	AdmindGroupID    int
-	AdmindApiEnabled bool
-
 	// XDP Root program details.
-	XDPRootProgramName              string
-	XDPRootProgramArtifact          string
-	XDPRootProgramMapName           string
-	XDPRootProgramCommand           string
-	XDPRootProgramVersion           string
-	XDPRootProgramUserProgramDaemon bool
+	XDPRootProgramName     string
+	XDPRootProgramArtifact string
+	XDPRootProgramMapName  string
+	XDPRootProgramCommand  string
+	XDPRootProgramVersion  string
 
 	// TC Root program details.
-	TCRootProgramName              string
-	TCRootProgramArtifact          string
-	TCRootProgramIngressMapName    string
-	TCRootProgramEgressMapName     string
-	TCRootProgramCommand           string
-	TCRootProgramVersion           string
-	TCRootProgramUserProgramDaemon bool
+	TCRootProgramName           string
+	TCRootProgramArtifact       string
+	TCRootProgramIngressMapName string
+	TCRootProgramEgressMapName  string
+	TCRootProgramCommand        string
+	TCRootProgramVersion        string
 
 	// ebpf chain details
 	EBPFChainDebugAddr    string
@@ -102,53 +93,46 @@ func ReadConfig(configPath string) (*Config, error) {
 	}
 
 	return &Config{
-		PIDFilename:                     LoadConfigString(confReader, "l3afd", "pid-file"),
-		DataCenter:                      LoadConfigString(confReader, "l3afd", "datacenter"),
-		BPFDir:                          LoadConfigString(confReader, "l3afd", "bpf-dir"),
-		BPFLogDir:                       LoadConfigString(confReader, "l3afd", "bpf-log-dir"),
-		MinKernelMajorVer:               LoadConfigInt(confReader, "l3afd", "kernel-major-version"),
-		MinKernelMinorVer:               LoadConfigInt(confReader, "l3afd", "kernel-minor-version"),
-		KFRepoURL:                       LoadConfigString(confReader, "kf-repo", "url"),
-		HttpClientTimeout:               LoadConfigDuration(confReader, "l3afd", "http-client-timeout"),
-		MaxNFReStartCount:               LoadConfigInt(confReader, "l3afd", "max-nf-restart-count"),
-		BpfChainingEnabled:              LoadOptionalConfigBool(confReader, "l3afd", "bpf-chaining-enabled", true),
-		MetricsAddr:                     LoadConfigString(confReader, "web", "metrics-addr"),
-		KFPollInterval:                  LoadOptionalConfigDuration(confReader, "web", "kf-poll-interval", 30*time.Second),
-		NMetricSamples:                  LoadOptionalConfigInt(confReader, "web", "n-metric-samples", 20),
-		ShutdownTimeout:                 LoadConfigDuration(confReader, "l3afd", "shutdown-timeout"),
-		SwaggerApiEnabled:               LoadOptionalConfigBool(confReader, "l3afd", "swagger-api-enabled", false),
-		Environment:                     LoadOptionalConfigString(confReader, "l3afd", "environment", ENV_PROD),
-		BpfMapDefaultPath:               LoadOptionalConfigString(confReader, "l3afd", "BpfMapDefaultPath", "/sys/fs/bpf"),
-		AdmindHost:                      LoadConfigString(confReader, "admind", "host"),
-		AdmindUsername:                  LoadConfigString(confReader, "admind", "username"),
-		AdmindApiKey:                    LoadConfigString(confReader, "admind", "api-key"),
-		AdmindGroupID:                   LoadConfigInt(confReader, "admind", "group-id"),
-		AdmindApiEnabled:                LoadOptionalConfigBool(confReader, "admind", "api-enabled", true),
-		XDPRootProgramName:              LoadOptionalConfigString(confReader, "xdp-root-program", "name", "xdp_root"),
-		XDPRootProgramArtifact:          LoadOptionalConfigString(confReader, "xdp-root-program", "artifact", "l3af_xdp_root.tar.gz"),
-		XDPRootProgramMapName:           LoadOptionalConfigString(confReader, "xdp-root-program", "ingress-map-name", "xdp_root_array"),
-		XDPRootProgramCommand:           LoadOptionalConfigString(confReader, "xdp-root-program", "command", "xdp_root"),
-		XDPRootProgramVersion:           LoadOptionalConfigString(confReader, "xdp-root-program", "version", "1.01"),
-		XDPRootProgramUserProgramDaemon: LoadOptionalConfigBool(confReader, "xdp-root-program", "user-program-daemon", false),
-		TCRootProgramName:               LoadOptionalConfigString(confReader, "tc-root-program", "name", "tc_root"),
-		TCRootProgramArtifact:           LoadOptionalConfigString(confReader, "tc-root-program", "artifact", "l3af_tc_root.tar.gz"),
-		TCRootProgramIngressMapName:     LoadOptionalConfigString(confReader, "tc-root-program", "ingress-map-name", "tc/globals/tc_ingress_root_array"),
-		TCRootProgramEgressMapName:      LoadOptionalConfigString(confReader, "tc-root-program", "egress-map-name", "tc/globals/tc_egress_root_array"),
-		TCRootProgramCommand:            LoadOptionalConfigString(confReader, "tc-root-program", "command", "tc_root"),
-		TCRootProgramVersion:            LoadOptionalConfigString(confReader, "tc-root-program", "version", "1.0"),
-		TCRootProgramUserProgramDaemon:  LoadOptionalConfigBool(confReader, "tc-root-program", "user-program-daemon", false),
-		EBPFChainDebugAddr:              LoadOptionalConfigString(confReader, "ebpf-chain-debug", "addr", "0.0.0.0:8899"),
-		EBPFChainDebugEnabled:           LoadOptionalConfigBool(confReader, "ebpf-chain-debug", "enabled", false),
-		L3afConfigsRestAPIAddr:          LoadOptionalConfigString(confReader, "l3af-configs", "restapi-addr", "localhost:53000"),
-		L3afConfigStoreFileName:         LoadOptionalConfigString(confReader, "l3af-config-store", "filename", "/etc/l3afd/l3af-config.json"),
-		MTLSEnabled:                     LoadOptionalConfigBool(confReader, "mtls", "enabled", true),
-		MTLSMinVersion:                  minTLSVersion,
-		MTLSCertDir:                     LoadOptionalConfigString(confReader, "mtls", "cert-dir", "/etc/l3afd/certs"),
-		MTLSCACertFilename:              LoadOptionalConfigString(confReader, "mtls", "cacert-filename", "ca.pem"),
-		MTLSServerCertFilename:          LoadOptionalConfigString(confReader, "mtls", "server-cert-filename", "server.crt"),
-		MTLSServerKeyFilename:           LoadOptionalConfigString(confReader, "mtls", "server-key-filename", "server.key"),
-		MTLSCertExpiryWarningDays:       LoadOptionalConfigInt(confReader, "mtls", "cert-expiry-warning-days", 30),
-		MTLSSANMatchRules:               strings.Split(LoadOptionalConfigString(confReader, "mtls", "san-match-rules", ""), ","),
+		PIDFilename:                 LoadConfigString(confReader, "l3afd", "pid-file"),
+		DataCenter:                  LoadConfigString(confReader, "l3afd", "datacenter"),
+		BPFDir:                      LoadConfigString(confReader, "l3afd", "bpf-dir"),
+		BPFLogDir:                   LoadOptionalConfigString(confReader, "l3afd", "bpf-log-dir", ""),
+		MinKernelMajorVer:           LoadOptionalConfigInt(confReader, "l3afd", "kernel-major-version", 5),
+		MinKernelMinorVer:           LoadOptionalConfigInt(confReader, "l3afd", "kernel-minor-version", 1),
+		KFRepoURL:                   LoadConfigString(confReader, "kf-repo", "url"),
+		HttpClientTimeout:           LoadOptionalConfigDuration(confReader, "l3afd", "http-client-timeout", 10*time.Second),
+		MaxNFReStartCount:           LoadOptionalConfigInt(confReader, "l3afd", "max-nf-restart-count", 3),
+		BpfChainingEnabled:          LoadConfigBool(confReader, "l3afd", "bpf-chaining-enabled"),
+		MetricsAddr:                 LoadConfigString(confReader, "web", "metrics-addr"),
+		KFPollInterval:              LoadOptionalConfigDuration(confReader, "web", "kf-poll-interval", 30*time.Second),
+		NMetricSamples:              LoadOptionalConfigInt(confReader, "web", "n-metric-samples", 20),
+		ShutdownTimeout:             LoadOptionalConfigDuration(confReader, "l3afd", "shutdown-timeout", 5*time.Second),
+		SwaggerApiEnabled:           LoadOptionalConfigBool(confReader, "l3afd", "swagger-api-enabled", false),
+		Environment:                 LoadOptionalConfigString(confReader, "l3afd", "environment", ENV_PROD),
+		BpfMapDefaultPath:           LoadConfigString(confReader, "l3afd", "BpfMapDefaultPath"),
+		XDPRootProgramName:          LoadOptionalConfigString(confReader, "xdp-root-program", "name", "xdp_root"),
+		XDPRootProgramArtifact:      LoadOptionalConfigString(confReader, "xdp-root-program", "artifact", "l3af_xdp_root.tar.gz"),
+		XDPRootProgramMapName:       LoadOptionalConfigString(confReader, "xdp-root-program", "ingress-map-name", "xdp_root_array"),
+		XDPRootProgramCommand:       LoadOptionalConfigString(confReader, "xdp-root-program", "command", "xdp_root"),
+		XDPRootProgramVersion:       LoadOptionalConfigString(confReader, "xdp-root-program", "version", "1.01"),
+		TCRootProgramName:           LoadOptionalConfigString(confReader, "tc-root-program", "name", "tc_root"),
+		TCRootProgramArtifact:       LoadOptionalConfigString(confReader, "tc-root-program", "artifact", "l3af_tc_root.tar.gz"),
+		TCRootProgramIngressMapName: LoadOptionalConfigString(confReader, "tc-root-program", "ingress-map-name", "tc/globals/tc_ingress_root_array"),
+		TCRootProgramEgressMapName:  LoadOptionalConfigString(confReader, "tc-root-program", "egress-map-name", "tc/globals/tc_egress_root_array"),
+		TCRootProgramCommand:        LoadOptionalConfigString(confReader, "tc-root-program", "command", "tc_root"),
+		TCRootProgramVersion:        LoadOptionalConfigString(confReader, "tc-root-program", "version", "1.0"),
+		EBPFChainDebugAddr:          LoadOptionalConfigString(confReader, "ebpf-chain-debug", "addr", "localhost:8899"),
+		EBPFChainDebugEnabled:       LoadOptionalConfigBool(confReader, "ebpf-chain-debug", "enabled", false),
+		L3afConfigsRestAPIAddr:      LoadOptionalConfigString(confReader, "l3af-configs", "restapi-addr", "localhost:53000"),
+		L3afConfigStoreFileName:     LoadConfigString(confReader, "l3af-config-store", "filename"),
+		MTLSEnabled:                 LoadOptionalConfigBool(confReader, "mtls", "enabled", true),
+		MTLSMinVersion:              minTLSVersion,
+		MTLSCertDir:                 LoadOptionalConfigString(confReader, "mtls", "cert-dir", ""),
+		MTLSCACertFilename:          LoadOptionalConfigString(confReader, "mtls", "cacert-filename", "ca.pem"),
+		MTLSServerCertFilename:      LoadOptionalConfigString(confReader, "mtls", "server-cert-filename", "server.crt"),
+		MTLSServerKeyFilename:       LoadOptionalConfigString(confReader, "mtls", "server-key-filename", "server.key"),
+		MTLSCertExpiryWarningDays:   LoadOptionalConfigInt(confReader, "mtls", "cert-expiry-warning-days", 30),
+		MTLSSANMatchRules:           strings.Split(LoadOptionalConfigString(confReader, "mtls", "san-match-rules", ""), ","),
 	}, nil
 }
 
diff --git a/config/l3afd.cfg b/config/l3afd.cfg
index 92e768e8..a35a4130 100644
--- a/config/l3afd.cfg
+++ b/config/l3afd.cfg
@@ -2,7 +2,7 @@
 
 [l3afd]
 pid-file: ./l3afd.pid
-datacenter: dummy
+datacenter: dc
 bpf-dir: /dev/shm
 bpf-log-dir:
 kernel-major-version: 4
@@ -14,57 +14,47 @@ bpf-chaining-enabled: true
 swagger-api-enabled: false
 # PROD | DEV
 environment: PROD
-#BpfMapDefaultPath is base path for storing maps 
+# BpfMapDefaultPath is base path for storing maps
 BpfMapDefaultPath: /sys/fs/bpf
 
 
 [kf-repo]
-url:
+url: http://localhost:8000/
 
 [web]
 metrics-addr: 0.0.0.0:8898
 kf-poll-interval: 30s
 n-metric-samples: 20
 
-[admind]
-host: 
-username: 
-api-key: 
-group-id: 0
-api-enabled: true
-
-
 [xdp-root-program]
 name: xdp-root
 artifact: xdp-root.tar.gz
-ingress-map-name: root_array
+ingress-map-name: xdp_root_array
 command: xdp_root
-version: 1.01
-is-user-program: false
+version: latest
 
 [tc-root-program]
-name: tc_root
+name: tc-root
 artifact: l3af_tc_root.tar.gz
 ingress-map-name: tc/globals/tc_ingress_root_array
 egress-map-name: tc/globals/tc_egress_root_array
 command: tc_root
-version: 1.0
-is-user-program: false
+version: latest
 
 [ebpf-chain-debug]
-addr: 0.0.0.0:8899
+addr: localhost:8899
 enabled: true
 
 [l3af-configs]
 restapi-addr: localhost:53000
 
 [l3af-config-store]
-filename: "/etc/l3afd/l3af-config.json"
+filename: /var/l3afd/l3af-config.json
 
 [mtls]
 enabled: true
 # TLS_1_2 or TLS_1_3
-min-tls-version: TLS_1_2
+min-tls-version: TLS_1_3
 cert-dir: /etc/l3af/certs
 cacert-filename: ca.pem
 server-crt-filename: server.crt
diff --git a/docs/configdoc.md b/docs/configdoc.md
index c72fad9a..b80a4d03 100644
--- a/docs/configdoc.md
+++ b/docs/configdoc.md
@@ -1,6 +1,6 @@
 # L3AFD Config Options Documentation
 
-See [l3afd.cfg](https://github.com/l3af-project/l3af-arch/blob/main/dev_environment/cfg/l3afd.cfg) for a full example configuration.
+See [l3afd.cfg](https://github.com/l3af-project/l3afd/blob/main/config/l3afd.cfg) for a full example configuration.
 
 
 ```
@@ -27,14 +27,14 @@ environment: PROD
 
 
 ## [l3afd]
-| FieldName     | Example       | Description     | Required        |
+| FieldName     | Default       | Description     | Required        |
 | ------------- | ------------- | --------------- | --------------- |
 |pid-file| `"./l3afd.pid"`  | The path to the l3afd.pid file which contains process id of L3afd | Yes |
 |datacenter| `"dummy"` | Name of Datacenter| Yes |
 |bpf-dir| `"/dev/shm"` | Absolute Path where eBPF packages are to be extracted | Yes |
 |bpf-log-dir|`""`      | Absolute Path for log files, which is passed to applications on the command line. L3afd does not store any logs itself.| No |
-|kernel-major-version|`"4"`|Major version of the kernel| Only on linux |
-|kernel-minor-version|`"15"`|Minor version of the kernel (Ex 4.15)| Only on linux |
+|kernel-major-version|`"4"`|Major version of the kernel required to run eBPF programs (Linux Only) | No |
+|kernel-minor-version|`"15"`|Minor version of the kernel required to run eBPF programs (Linux Only)| No |
 |shutdown-timeout|`"1s"`|Maximum amount of time allowed for l3afd to gracefully stop. After shutdown-timeout, l3afd will exit even if it could not stop applications.| No |
 |http-client-timeout|`"10s"`|Maximum amount of time allowed to get HTTP response headers when fetching a package from a repository| No |
 |max-nf-restart-count|`"3"`|Maximum number of tries to restart eBPF applications if they are not running| No |
@@ -44,56 +44,65 @@ environment: PROD
 |BpfMapDefaultPath|`"/sys/fs/bpf"`|The base pin path for eBPF maps| Yes |
 
 ## [kf-repo]
-| FieldName     | Example       | Description     | Required        |
-| ------------- | ------------- | --------------- | --------------- |
-|url| `"http://localhost:8000/"`|Default repository from which to download eBPF packages| No |
+| FieldName     | Default       | Description     | Required |
+| ------------- | ------------- | --------------- |----------|
+|url| `"http://localhost:8000/"`|Default repository from which to download eBPF packages| Yes      |
 
 ## [web]
-| FieldName     | Example       | Description     |  Required        |
-| ------------- | ------------- | --------------- |  --------------- |
-|metrics-addr|`"0.0.0.0:8898"`|Prometheus endpoint for pulling/scraping the metrics.  For more info about Prometheus see [prometheus.io](https://prometheus.io/) | Yes |
-|kf-poll-interval|`"30s"`|Periodic interval at which to scrape metrics using Prometheus| Yes |
-|n-metric-samples|`"20"`|Number of Metric Samples| Yes |
+
+| FieldName     | Default       | Description     | Required |
+| ------------- | ------------- | --------------- |----------|
+|metrics-addr|`"0.0.0.0:8898"`|Prometheus endpoint for pulling/scraping the metrics.  For more info about Prometheus see [prometheus.io](https://prometheus.io/) | Yes      |
+|kf-poll-interval|`"30s"`|Periodic interval at which to scrape metrics using Prometheus| No       |
+|n-metric-samples|`"20"`|Number of Metric Samples| No       |
 
 
 ## [xdp-root-program]
-| FieldName     | Example       | Description     | Required        |
+This section is needed when bpf-chaining-enabled is set to true.
+
+| FieldName     | Default       | Description     | Required        |
 | ------------- | ------------- | --------------- | --------------- |
 |name|`"xdp-root"`|Name of subdirectory in which to extract artifact| Yes |
 |artifact|`"xdp-root.tar.gz"`|Filename of xdp-root package. Only tar.gz and .zip formats are supported| Yes |
 |ingress-map-name|`"root_array"`|Ingress map name of xdp-root program| Yes |
 |command|`"xdp_root"`|Command to run xdp-root program| Yes |
 |version|`"1.01"`|Version of xdp-root program| Yes |
-|user-program-daemon|`"false"`|Set to true it requires l3afd to stop the application (via SIGTERM on Linux or SIGKILL on Windows)| Yes |
 
 ## [tc-root-program]
-| FieldName     | Example       | Description     | Required        |
-| ------------- | ------------- | --------------- | --------------- |
-|name|`"tc_root"`|Name of subdirectory in which to extract artifact| Yes |
-|artifact|`"l3af_tc_root.tar.gz"`|Filename of tc_root package| Yes |
-|ingress-map-name|`"tc_ingress_root_array"`|Ingress map name of tc_root program| Yes |
-|egress-map-name|`"tc_egress_root_array"`|Egress map name of tc_root program,for more info about ingress/egress check [cilium](https://docs.cilium.io/en/v1.9/concepts/ebpf/intro/)| Yes |
-|command|`"tc_root"`|Command to run tc_root program| Yes |
-|version|`"1.0"`|Version of tc_root program| Yes |
-|user-program-daemon|`"false"`|Set to true it requires l3afd to stop the application (via SIGTERM on Linux or SIGKILL on Windows)| Yes |
+This section is needed when bpf-chaining-enabled is set to true.
+
+| FieldName     | Default                   | Description     | Required        |
+| ------------- |---------------------------| --------------- | --------------- |
+|name| `"tc_root"`               |Name of subdirectory in which to extract artifact| Yes |
+|artifact| `"l3af_tc_root.tar.gz"`   |Filename of tc_root package| Yes |
+|ingress-map-name| `"tc_ingress_root_array"` |Ingress map name of tc_root program| Yes |
+|egress-map-name| `"tc_egress_root_array"`  |Egress map name of tc_root program,for more info about ingress/egress check [cilium](https://docs.cilium.io/en/v1.9/concepts/ebpf/intro/)| Yes |
+|command| `"tc_root"`               |Command to run tc_root program| Yes |
+|version| `"1.0"`                   |Version of tc_root program| Yes |
+
+## [ebpf-chain-debug]
+| FieldName | Default            | Description                                                    | Required |
+|-----------|--------------------|----------------------------------------------------------------|----------|
+| addr      | `"localhost:8899"` | Hostname and Port of chaining debug REST API                   | No       |
+| enabled   | `"true"`           | Boolean to check ebpf chaining debug details is enabled or not | No       |
 
 ## [l3af-configs]
-| FieldName     | Example       | Description     | Required        |
-| ------------- | ------------- | --------------- | --------------- |
-|restapi-addr|`"localhost:53000"`| Hostname and Port of l3af-configs REST API | Yes |
+| FieldName     | Default       | Description     | Required |
+| ------------- | ------------- | --------------- |----------|
+|restapi-addr|`"localhost:53000"`| Hostname and Port of l3af-configs REST API | No       |
 
-# [l3af-config-store]
-| FieldName     | Example       | Description     | Required        |
+## [l3af-config-store]
+| FieldName     | Default       | Description     | Required        |
 | ------------- | ------------- | --------------- | --------------- |
 |filename|`"/etc/l3afd/l3af-config.json"`|Absolute path of persistent config file where we are storing L3afBPFPrograms objects. For more info see [models](https://github.com/l3af-project/l3afd/blob/main/models/l3afd.go)| Yes |
 
-# [mtls]
-| FieldName     | Example       | Description                                                                                                                                                                                                               | Required |
-| ------------- | ------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|
-|enabled| `"true"` | Boolean to check mtls enabled or not on REST API exposed by l3afd                                                                                                                                                         | Yes     |
-|min-tls-version|`"1.3"`| Minimum tls version allowed                                                                                                                                                                                               | No      |
-|cert-dir|`"/etc/l3af/certs"`| Absolute path of ca certificates. On Linux this points to a filesystem directory, but on Windows it can point to [certificate store](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/certificate-stores) | Yes     |
-|server-crt-filename|`"server.crt"`| Server's ca certificate filename                                                                                                                                                                                          | Yes     |
-|server-key-filename|`"server.key"`| Server's mtls key filename                                                                                                                                                                                                | Yes     |
-|cert-expiry-warning-days|`"30"`| How many days before expiry you want warning                                                                                                                                                                              | No      |
+## [mtls]
+| FieldName     | Default       | Description                                                                                                                                                                                                                  | Required |
+| ------------- | ------------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
+|enabled| `"true"` | Boolean controlling whether mTLS is enabled or not on the REST API exposed by l3afd                                                                                                                                          | No       |
+|min-tls-version|`"1.3"`| Minimum tls version allowed                                                                                                                                                                                                  | No       |
+|cert-dir|`"/etc/l3af/certs"`| Absolute path of CA certificates. On Linux this points to a filesystem directory, but on Windows it can point to a [certificate store](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/certificate-stores) | No       |
+|server-crt-filename|`"server.crt"`| Server's ca certificate filename                                                                                                                                                                                             | No       |
+|server-key-filename|`"server.key"`| Server's mtls key filename                                                                                                                                                                                                   | No       |
+|cert-expiry-warning-days|`"30"`| How many days before expiry you want warning                                                                                                                                                                                 | No       |
 |san-match-rules|`".*l3af.l3af.io,^l3afd.l3af.io$"`| List of domain names (exact match) or regular expressions to validate client SAN DNS Names against                                                                                                                                                                  | No      |
diff --git a/kf/bpf.go b/kf/bpf.go
index 9bc753ea..6a36fe1e 100644
--- a/kf/bpf.go
+++ b/kf/bpf.go
@@ -95,7 +95,7 @@ func LoadRootProgram(ifaceName string, direction string, progType string, conf *
 				Artifact:          conf.XDPRootProgramArtifact,
 				MapName:           conf.XDPRootProgramMapName,
 				Version:           conf.XDPRootProgramVersion,
-				UserProgramDaemon: conf.XDPRootProgramUserProgramDaemon,
+				UserProgramDaemon: false,
 				CmdStart:          conf.XDPRootProgramCommand,
 				CmdStop:           conf.XDPRootProgramCommand,
 				CmdStatus:         "",
@@ -119,7 +119,7 @@ func LoadRootProgram(ifaceName string, direction string, progType string, conf *
 				Name:              conf.TCRootProgramName,
 				Artifact:          conf.TCRootProgramArtifact,
 				Version:           conf.TCRootProgramVersion,
-				UserProgramDaemon: conf.TCRootProgramUserProgramDaemon,
+				UserProgramDaemon: false,
 				CmdStart:          conf.TCRootProgramCommand,
 				CmdStop:           conf.TCRootProgramCommand,
 				CmdStatus:         "",