diff --git a/pkg/config/setup/system_probe.go b/pkg/config/setup/system_probe.go index ace09ac4aef85e..48180d4b4b055e 100644 --- a/pkg/config/setup/system_probe.go +++ b/pkg/config/setup/system_probe.go @@ -370,7 +370,7 @@ func InitSystemProbeConfig(cfg pkgconfigmodel.Config) { eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "enable_discarders"), false) // will be set to true by sanitize() if enable_kernel_filters is true eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "flush_discarder_window"), 3) eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "pid_cache_size"), 10000) - eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "dns_resolver_cache_size"), 1024) + eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "dns_resolution.cache_size"), 1024) eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "dns_resolution.enabled"), true) eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "events_stats.tags_cardinality"), "high") eventMonitorBindEnvAndSetDefault(cfg, join(evNS, "custom_sensitive_words"), []string{}) diff --git a/pkg/security/probe/config/config.go b/pkg/security/probe/config/config.go index 883dbb823be4e3..a7edd0d3f9940b 100644 --- a/pkg/security/probe/config/config.go +++ b/pkg/security/probe/config/config.go @@ -200,7 +200,7 @@ func NewConfig() (*Config, error) { NetworkExtraPrivateIPRanges: getStringSlice("network.extra_private_ip_ranges"), StatsPollingInterval: time.Duration(getInt("events_stats.polling_interval")) * time.Second, SyscallsMonitorEnabled: getBool("syscalls_monitor.enabled"), - DNSResolverCacheSize: getInt("dns_resolver_cache_size"), + DNSResolverCacheSize: getInt("dns_resolution.cache_size"), DNSResolutionEnabled: getBool("dns_resolution.enabled"), // event server diff --git a/pkg/security/probe/probe_ebpf.go b/pkg/security/probe/probe_ebpf.go index 344fa1a9fb4210..0633bf44b6535c 100644 --- a/pkg/security/probe/probe_ebpf.go +++ b/pkg/security/probe/probe_ebpf.go @@ -1351,11 +1351,12 @@ func (p *EBPFProbe) handleEvent(CPU int, data []byte) { seclog.Errorf("failed to decode accept event: %s (offset %d, len %d)", err, offset, len(data)) return } - ip, ok := netip.AddrFromSlice(event.Accept.Addr.IPNet.IP) - if ok { - event.Accept.Hostnames = p.Resolvers.DNSResolver.HostListFromIP(ip) + if p.config.Probe.DNSResolutionEnabled { + ip, ok := netip.AddrFromSlice(event.Accept.Addr.IPNet.IP) + if ok { + event.Accept.Hostnames = p.Resolvers.DNSResolver.HostListFromIP(ip) + } } - case model.BindEventType: if _, err = event.Bind.UnmarshalBinary(data[offset:]); err != nil { seclog.Errorf("failed to decode bind event: %s (offset %d, len %d)", err, offset, len(data)) @@ -1366,11 +1367,12 @@ func (p *EBPFProbe) handleEvent(CPU int, data []byte) { seclog.Errorf("failed to decode connect event: %s (offset %d, len %d)", err, offset, len(data)) return } - ip, ok := netip.AddrFromSlice(event.Connect.Addr.IPNet.IP) - if ok { - event.Connect.Hostnames = p.Resolvers.DNSResolver.HostListFromIP(ip) + if p.config.Probe.DNSResolutionEnabled { + ip, ok := netip.AddrFromSlice(event.Connect.Addr.IPNet.IP) + if ok { + event.Connect.Hostnames = p.Resolvers.DNSResolver.HostListFromIP(ip) + } } - case model.SyscallsEventType: if _, err = event.Syscalls.UnmarshalBinary(data[offset:]); err != nil { seclog.Errorf("failed to decode syscalls event: %s (offset %d, len %d)", err, offset, len(data)) diff --git a/pkg/security/probe/probe_monitor.go b/pkg/security/probe/probe_monitor.go index 7ff95983c98853..5215b0c1bc98d7 100644 --- a/pkg/security/probe/probe_monitor.go +++ b/pkg/security/probe/probe_monitor.go @@ -118,8 +118,10 @@ func (m *EBPFMonitors) SendStats() error { } } - if err := resolvers.DNSResolver.SendStats(); err != nil { - return fmt.Errorf("failed to send process_resolver stats: %w", err) + if m.ebpfProbe.config.Probe.DNSResolutionEnabled { + if err := resolvers.DNSResolver.SendStats(); err != nil { + return fmt.Errorf("failed to send process_resolver stats: %w", err) + } } }