address review comments

DataDog · Mar 7, 2025 · 14ff5fe · 14ff5fe
1 parent c67e24e
commit 14ff5fe
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 12 deletions.
diff --git a/pkg/config/setup/system_probe.go b/pkg/config/setup/system_probe.go
@@ -370,7 +370,7 @@ func InitSystemProbeConfig(cfg pkgconfigmodel.Config) {
 	eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "enable_discarders"), false) // will be set to true by sanitize() if enable_kernel_filters is true
 	eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "flush_discarder_window"), 3)
 	eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "pid_cache_size"), 10000)
-	eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "dns_resolver_cache_size"), 1024)
+	eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "dns_resolution.cache_size"), 1024)
 	eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "dns_resolution.enabled"), true)
 	eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "events_stats.tags_cardinality"), "high")
 	eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "custom_sensitive_words"), []string{})

diff --git a/pkg/security/probe/config/config.go b/pkg/security/probe/config/config.go
@@ -200,7 +200,7 @@ func NewConfig() (*Config, error) {
 		NetworkExtraPrivateIPRanges: getStringSlice("network.extra_private_ip_ranges"),
 		StatsPollingInterval:        time.Duration(getInt("events_stats.polling_interval")) * time.Second,
 		SyscallsMonitorEnabled:      getBool("syscalls_monitor.enabled"),
-		DNSResolverCacheSize:        getInt("dns_resolver_cache_size"),
+		DNSResolverCacheSize:        getInt("dns_resolution.cache_size"),
 		DNSResolutionEnabled:        getBool("dns_resolution.enabled"),
 
 		// event server

diff --git a/pkg/security/probe/probe_ebpf.go b/pkg/security/probe/probe_ebpf.go
@@ -1351,11 +1351,12 @@ func (p *EBPFProbe) handleEvent(CPU int, data []byte) {
 			seclog.Errorf("failed to decode accept event: %s (offset %d, len %d)", err, offset, len(data))
 			return
 		}
-		ip, ok := netip.AddrFromSlice(event.Accept.Addr.IPNet.IP)
-		if ok {
-			event.Accept.Hostnames = p.Resolvers.DNSResolver.HostListFromIP(ip)
+		if p.config.Probe.DNSResolutionEnabled {
+			ip, ok := netip.AddrFromSlice(event.Accept.Addr.IPNet.IP)
+			if ok {
+				event.Accept.Hostnames = p.Resolvers.DNSResolver.HostListFromIP(ip)
+			}
 		}
-
 	case model.BindEventType:
 		if _, err = event.Bind.UnmarshalBinary(data[offset:]); err != nil {
 			seclog.Errorf("failed to decode bind event: %s (offset %d, len %d)", err, offset, len(data))
@@ -1366,11 +1367,12 @@ func (p *EBPFProbe) handleEvent(CPU int, data []byte) {
 			seclog.Errorf("failed to decode connect event: %s (offset %d, len %d)", err, offset, len(data))
 			return
 		}
-		ip, ok := netip.AddrFromSlice(event.Connect.Addr.IPNet.IP)
-		if ok {
-			event.Connect.Hostnames = p.Resolvers.DNSResolver.HostListFromIP(ip)
+		if p.config.Probe.DNSResolutionEnabled {
+			ip, ok := netip.AddrFromSlice(event.Connect.Addr.IPNet.IP)
+			if ok {
+				event.Connect.Hostnames = p.Resolvers.DNSResolver.HostListFromIP(ip)
+			}
 		}
-
 	case model.SyscallsEventType:
 		if _, err = event.Syscalls.UnmarshalBinary(data[offset:]); err != nil {
 			seclog.Errorf("failed to decode syscalls event: %s (offset %d, len %d)", err, offset, len(data))

diff --git a/pkg/security/probe/probe_monitor.go b/pkg/security/probe/probe_monitor.go
@@ -118,8 +118,10 @@ func (m *EBPFMonitors) SendStats() error {
 			}
 		}
 
-		if err := resolvers.DNSResolver.SendStats(); err != nil {
-			return fmt.Errorf("failed to send process_resolver stats: %w", err)
+		if m.ebpfProbe.config.Probe.DNSResolutionEnabled {
+			if err := resolvers.DNSResolver.SendStats(); err != nil {
+				return fmt.Errorf("failed to send process_resolver stats: %w", err)
+			}
 		}
 	}