Add *.local and *.internal to NPCollector default exclude filters#51138
Add *.local and *.internal to NPCollector default exclude filters#51138AlexandreYang wants to merge 7 commits into
Conversation
|
@codex review |
github-actions
Bot
added
the
short review
|
|
Codex Review: Didn't find any major issues. Breezy! ℹ️ About Codex in GitHubCodex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback". |
Adds *.local (RFC 6762 mDNS) and *.internal (IANA reserved for internal-only use) to the default exclude filters in the network_path collector, so connections to those domains are not traced by default. Users can re-include them via an include filter in network_path.collector.filters.
|
@codex review |
AlexandreYang
changed the title
|
Codex Review: Didn't find any major issues. Chef's kiss. ℹ️ About Codex in GitHubCodex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback". |
AlexandreYang
added
qa/done
Files inventory check summaryFile checks results against ancestor 824cf285: Results for datadog-agent_7.81.0~devel.git.165.3b1f3d2.pipeline.114628602-1_amd64.deb:No change detected |
Static quality checks✅ Please find below the results from static quality gates Successful checksInfo
29 successful checks with minimal change (< 2 KiB)
|
Regression DetectorRegression Detector ResultsMetrics dashboard Baseline: 824cf28 Optimization Goals: ✅ No significant changes detected
|
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | docker_containers_cpu | % cpu utilization | +0.48 | [-2.51, +3.48] | 1 | Logs |
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | quality_gate_logs | % cpu utilization | +1.97 | [+0.94, +3.00] | 1 | Logs bounds checks dashboard |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | +1.42 | [+1.23, +1.60] | 1 | Logs |
| ➖ | file_tree | memory utilization | +0.65 | [+0.60, +0.70] | 1 | Logs |
| ➖ | docker_containers_cpu | % cpu utilization | +0.48 | [-2.51, +3.48] | 1 | Logs |
| ➖ | docker_containers_memory | memory utilization | +0.27 | [+0.17, +0.37] | 1 | Logs |
| ➖ | ddot_metrics_sum_cumulative | memory utilization | +0.26 | [+0.10, +0.41] | 1 | Logs |
| ➖ | otlp_ingest_metrics | memory utilization | +0.24 | [+0.08, +0.39] | 1 | Logs |
| ➖ | ddot_metrics_sum_delta | memory utilization | +0.08 | [-0.11, +0.27] | 1 | Logs |
| ➖ | file_to_blackhole_500ms_latency | egress throughput | +0.07 | [-0.34, +0.49] | 1 | Logs |
| ➖ | ddot_logs | memory utilization | +0.06 | [-0.01, +0.13] | 1 | Logs |
| ➖ | file_to_blackhole_1000ms_latency | egress throughput | +0.05 | [-0.39, +0.48] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api | ingress throughput | +0.04 | [-0.17, +0.25] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | +0.03 | [-0.08, +0.13] | 1 | Logs |
| ➖ | ddot_metrics_sum_cumulativetodelta_exporter | memory utilization | -0.01 | [-0.25, +0.23] | 1 | Logs |
| ➖ | file_to_blackhole_100ms_latency | egress throughput | -0.02 | [-0.16, +0.13] | 1 | Logs |
| ➖ | file_to_blackhole_0ms_latency | egress throughput | -0.03 | [-0.55, +0.50] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api_v3 | ingress throughput | -0.05 | [-0.25, +0.16] | 1 | Logs |
| ➖ | quality_gate_idle_all_features | memory utilization | -0.16 | [-0.23, -0.10] | 1 | Logs bounds checks dashboard |
| ➖ | ddot_metrics | memory utilization | -0.23 | [-0.43, -0.03] | 1 | Logs |
| ➖ | quality_gate_idle | memory utilization | -0.32 | [-0.37, -0.27] | 1 | Logs bounds checks dashboard |
| ➖ | uds_dogstatsd_20mb_12k_contexts_20_senders | memory utilization | -0.32 | [-0.37, -0.27] | 1 | Logs |
| ➖ | quality_gate_metrics_logs | memory utilization | -0.43 | [-0.68, -0.19] | 1 | Logs bounds checks dashboard |
| ➖ | otlp_ingest_logs | memory utilization | -0.88 | [-1.00, -0.77] | 1 | Logs |
Bounds Checks: ✅ Passed
| perf | experiment | bounds_check_name | replicates_passed | observed_value | links |
|---|---|---|---|---|---|
| ✅ | docker_containers_cpu | simple_check_run | 10/10 | 705 ≥ 26 | |
| ✅ | docker_containers_memory | memory_usage | 10/10 | 248.90MiB ≤ 370MiB | |
| ✅ | docker_containers_memory | simple_check_run | 10/10 | 701 ≥ 26 | |
| ✅ | file_to_blackhole_0ms_latency | memory_usage | 10/10 | 0.16GiB ≤ 1.20GiB | |
| ✅ | file_to_blackhole_0ms_latency | missed_bytes | 10/10 | 0B = 0B | |
| ✅ | file_to_blackhole_1000ms_latency | memory_usage | 10/10 | 0.20GiB ≤ 1.20GiB | |
| ✅ | file_to_blackhole_1000ms_latency | missed_bytes | 10/10 | 0B = 0B | |
| ✅ | file_to_blackhole_100ms_latency | memory_usage | 10/10 | 0.17GiB ≤ 1.20GiB | |
| ✅ | file_to_blackhole_100ms_latency | missed_bytes | 10/10 | 0B = 0B | |
| ✅ | file_to_blackhole_500ms_latency | memory_usage | 10/10 | 0.18GiB ≤ 1.20GiB | |
| ✅ | file_to_blackhole_500ms_latency | missed_bytes | 10/10 | 0B = 0B | |
| ✅ | quality_gate_idle | intake_connections | 10/10 | 3 ≤ 4 | bounds checks dashboard |
| ✅ | quality_gate_idle | memory_usage | 10/10 | 143.45MiB ≤ 147MiB | bounds checks dashboard |
| ✅ | quality_gate_idle | total_bytes_received | 10/10 | 741.89KiB ≤ 819.20KiB | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | intake_connections | 10/10 | 2 ≤ 4 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | memory_usage | 10/10 | 427.20MiB ≤ 495MiB | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | total_bytes_received | 10/10 | 1.12MiB ≤ 1.25MiB | bounds checks dashboard |
| ✅ | quality_gate_logs | intake_connections | 10/10 | 4 ≤ 6 | bounds checks dashboard |
| ✅ | quality_gate_logs | memory_usage | 10/10 | 175.99MiB ≤ 195MiB | bounds checks dashboard |
| ✅ | quality_gate_logs | missed_bytes | 10/10 | 0B = 0B | bounds checks dashboard |
| ✅ | quality_gate_logs | total_bytes_received | 10/10 | 264.35MiB ≤ 292MiB | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | cpu_usage | 10/10 | 347.75 ≤ 2000 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | intake_connections | 10/10 | 3 ≤ 6 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | memory_usage | 10/10 | 376.66MiB ≤ 430MiB | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | missed_bytes | 10/10 | 0B = 0B | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | total_bytes_received | 10/10 | 0.94GiB ≤ 1.04GiB | bounds checks dashboard |
Explanation
Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
CI Pass/Fail Decision
✅ Passed. All Quality Gates passed.
- quality_gate_logs, bounds check missed_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check missed_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bbb5eee04c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
/integrate -d |
|
View all feedbacks in Devflow UI.
No services specified and BIA didn't detect any impacted services. Please provide a branch name ( |
|
/integrate -b npp-staging -d |
|
View all feedbacks in Devflow UI.
No services specified and BIA didn't detect any impacted services. Please provide a branch name ( |
1 participant
What does this PR do?
Adds
*.localand*.internalto the built-in default exclude filters in the network_path collector (NPCollector), so connections to those domains are no longer traced by default.Implemented by appending two entries to
defaultConfigincomp/networkpath/npcollector/impl/connfilter/defaultconnfilters.go. Adds one table-driven test case inconnfilter_test.gocovering positive matches (printer.local,foo.bar.local,compute.internal,foo.bar.internal) and negative matches (local.example.com,internal.example.com) to guard against accidental over-matching.Motivation
.localis reserved for mDNS (RFC 6762) and.internalis in the IANA Special-Use Domain Names registry for internal-only use. Connections to hostnames in those TLDs are not meaningful network path data and add noise. Both are standards-backed, so excluding them universally (rather than only in EUDM mode) is safe.Users who do want to trace specific internal hosts can opt back in by adding an
includefilter undernetwork_path.collector.filters— user-defined filters are appended after defaults and the last matching filter wins.Describe how you validated your changes
dda inv test --targets=./comp/networkpath/npcollector/impl/connfilter— all 24 tests pass, including the new case asserting that*.local/*.internalare excluded by default and thatlocal.example.com/internal.example.comare not falsely matched.Additional Notes
Scoped narrowly: domain filters only, no IP/CIDR additions (link-local 169.254.0.0/16, fe80::/10, loopback, cloud metadata IPs) in this PR. Those would be a defensible follow-up but have separate review concerns (e.g. cloud metadata at 169.254.169.254).
No release note — the override path keeps this strictly opt-out, and customers can re-include affected hostnames via existing config.