[USM] Protocol classification: add classification of TLS using Application Data

[Yumasi]

What does this PR do?

This PR allows us to classify a connection by parsing a valid Application data TLS record header. This allows us to classify the connection in case we miss the TLS handshake.

A description of how we classify TLS, including this new method can be found here.

Motivation

Additional Notes

Possible Drawbacks / Trade-offs

Describe how to test/QA your changes

[guyarb]

@Yumasi please add detailed explanation in the PR description (or better, in a doc) about the new algorithm with references for the TLS RFCs or wire-protocol

[pr-commenter[bot]]

Bloop Bleep... Dogbot Here

Regression Detector Results

Run ID: 0265d613-7346-432e-88a4-42ecc163fba4 Baseline: ff3eefad6f31c6721aac938cc25a8e6a5e5ea45a Comparison: 469a4d38383754c94ce237af21235dffb4aaebea

Performance changes are noted in the perf column of each table:

• ✅ = significantly better comparison variant performance
• ❌ = significantly worse comparison variant performance
• ➖ = no significant change in performance

Experiments with missing or malformed data

• basic_py_check

Usually, this warning means that there is no usable optimization goal data for that experiment, which could be a result of misconfiguration.

No significant changes in experiment optimization goals

Confidence level: 90.00% Effect size tolerance: |Δ mean %| ≥ 5.00%

There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.

Experiments ignored for regressions

Regressions in experiments with settings containing erratic: true are ignored.

perf	experiment	goal	Δ mean %	Δ mean % CI
➖	file_to_blackhole	% cpu utilization	-0.87	[-7.40, +5.66]

Fine details of change detection per experiment

perf	experiment	goal	Δ mean %	Δ mean % CI
➖	process_agent_standard_check_with_stats	memory utilization	+0.45	[+0.42, +0.49]
➖	file_tree	memory utilization	+0.29	[+0.21, +0.38]
➖	uds_dogstatsd_to_api_cpu	% cpu utilization	+0.27	[-1.16, +1.70]
➖	process_agent_real_time_mode	memory utilization	+0.27	[+0.23, +0.30]
➖	process_agent_standard_check	memory utilization	+0.14	[+0.10, +0.18]
➖	otel_to_otel_logs	ingress throughput	+0.07	[-0.56, +0.69]
➖	tcp_dd_logs_filter_exclude	ingress throughput	+0.00	[-0.00, +0.00]
➖	uds_dogstatsd_to_api	ingress throughput	+0.00	[-0.00, +0.00]
➖	trace_agent_json	ingress throughput	-0.01	[-0.05, +0.04]
➖	trace_agent_msgpack	ingress throughput	-0.04	[-0.05, -0.02]
➖	idle	memory utilization	-0.04	[-0.08, -0.01]
➖	tcp_syslog_to_blackhole	ingress throughput	-0.26	[-0.32, -0.21]
➖	file_to_blackhole	% cpu utilization	-0.87	[-7.40, +5.66]

Explanation

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

3. Its configuration does not mark it "erratic".

[Yumasi]

/merge

[dd-devflow[bot]]

:steam_locomotive: MergeQueue

Pull request added to the queue.

This build is going to start soon! (estimated merge in less than 27m)

Use /merge -c to cancel this operation!