datadog-agent
datadog-agent copied to clipboard
DataDog
bump `github.com/DataDog/go-libddwaf/v2` to `v3`
What does this PR do?
https://github.com/DataDog/datadog-agent/pull/27150 bumped dd-trace-go to the latest version which is using go-libddwaf/v3. To not have to depend on v2 and v3 at the same time in the agent, this PR converts the serverless ASM usage to go-libddwaf/v3.
Motivation
Simplify dependencies.
Additional Notes
Possible Drawbacks / Trade-offs
Describe how to test/QA your changes
:warning::rotating_light: Warning, this pull request increases the binary size of serverless extension by 174800 bytes. Each MB of binary size increase means about 10ms of additional cold start time, so this pull request would increase cold start time by 1ms.
If you have questions, we are happy to help, come visit us in the #serverless slack channel and provide a link to this comment.
Debug info
These dependencies were added to the serverless extension by this pull request:
github.com/DataDog/go-libddwaf/v3/internal/lib
View dependency graphs for each added dependency in the artifacts section of the github action.
We suggest you consider adding the !serverless build tag to remove any new dependencies not needed in the serverless extension.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Serverless Benchmark Results
BenchmarkStartEndInvocation comparison between d2054c27123125b38fe349616fb80b479233a1c3 and 636959611e1a983c0b9d428a3acba2f5d7bfa3ff.
tl;dr
Use these benchmarks as an insight tool during development.
-
Skim down the
vs basecolumn in each chart. If there is a~, then there was no statistically significant change to the benchmark. Otherwise, ensure the estimated percent change is either negative or very small. -
The last row of each chart is the
geomean. Ensure this percentage is either negative or very small.
What is this benchmarking?
The BenchmarkStartEndInvocation compares the amount of time it takes to call the start-invocation and end-invocation endpoints. For universal instrumentation languages (Dotnet, Golang, Java, Ruby), this represents the majority of the duration overhead added by our tracing layer.
The benchmark is run using a large variety of lambda request payloads. In the charts below, there is one row for each event payload type.
How do I interpret these charts?
The charts below comes from benchstat. They represent the statistical change in duration (sec/op), memory overhead (B/op), and allocations (allocs/op).
The benchstat docs explain how to interpret these charts.
Before the comparison table, we see common file-level configuration. If there are benchmarks with different configuration (for example, from different packages), benchstat will print separate tables for each configuration.
The table then compares the two input files for each benchmark. It shows the median and 95% confidence interval summaries for each benchmark before and after the change, and an A/B comparison under "vs base". ... The p-value measures how likely it is that any differences were due to random chance (i.e., noise). The "~" means benchstat did not detect a statistically significant difference between the two inputs. ...
Note that "statistically significant" is not the same as "large": with enough low-noise data, even very small changes can be distinguished from noise and considered statistically significant. It is, of course, generally easier to distinguish large changes from noise.
Finally, the last row of the table shows the geometric mean of each column, giving an overall picture of how the benchmarks changed. Proportional changes in the geomean reflect proportional changes in the benchmarks. For example, given n benchmarks, if sec/op for one of them increases by a factor of 2, then the sec/op geomean will increase by a factor of ⁿ√2.
I need more help
First off, do not worry if the benchmarks are failing. They are not tests. The intention is for them to be a tool for you to use during development.
If you would like a hand interpreting the results come chat with us in #serverless-agent in the internal DataDog slack or in #serverless in the public DataDog slack. We're happy to help!
Benchmark stats
goos: linux
goarch: amd64
pkg: github.com/DataDog/datadog-agent/pkg/serverless/daemon
cpu: AMD EPYC 7763 64-Core Processor
│ baseline/benchmark.log │ current/benchmark.log │
│ sec/op │ sec/op vs base │
api-gateway-appsec.json 82.77µ ± 7% 83.72µ ± 6% ~ (p=0.353 n=10)
api-gateway-kong-appsec.json 64.72µ ± 1% 65.89µ ± 1% +1.81% (p=0.001 n=10)
api-gateway-kong.json 62.68µ ± 1% 64.08µ ± 2% +2.22% (p=0.000 n=10)
api-gateway-non-proxy-async.json 99.69µ ± 1% 104.26µ ± 1% +4.58% (p=0.000 n=10)
api-gateway-non-proxy.json 100.5µ ± 1% 104.3µ ± 1% +3.79% (p=0.000 n=10)
api-gateway-websocket-connect.json 66.54µ ± 1% 68.98µ ± 1% +3.67% (p=0.000 n=10)
api-gateway-websocket-default.json 59.65µ ± 1% 62.55µ ± 1% +4.86% (p=0.000 n=10)
api-gateway-websocket-disconnect.json 60.22µ ± 2% 62.60µ ± 1% +3.95% (p=0.001 n=10)
api-gateway.json 111.7µ ± 1% 114.5µ ± 1% +2.51% (p=0.000 n=10)
application-load-balancer.json 61.23µ ± 2% 62.72µ ± 1% +2.43% (p=0.002 n=10)
cloudfront.json 45.77µ ± 1% 46.35µ ± 1% ~ (p=0.190 n=10)
cloudwatch-events.json 36.95µ ± 2% 37.41µ ± 2% ~ (p=0.684 n=10)
cloudwatch-logs.json 64.52µ ± 2% 65.41µ ± 1% +1.39% (p=0.002 n=10)
custom.json 29.48µ ± 2% 30.35µ ± 2% +2.94% (p=0.001 n=10)
dynamodb.json 91.86µ ± 1% 93.29µ ± 1% +1.55% (p=0.011 n=10)
empty.json 27.93µ ± 1% 28.77µ ± 3% +2.99% (p=0.000 n=10)
eventbridge-custom.json 40.33µ ± 1% 41.93µ ± 2% +3.98% (p=0.000 n=10)
http-api.json 71.53µ ± 2% 73.03µ ± 1% +2.10% (p=0.007 n=10)
kinesis-batch.json 69.08µ ± 1% 69.95µ ± 1% ~ (p=0.052 n=10)
kinesis.json 52.92µ ± 1% 53.61µ ± 2% +1.30% (p=0.029 n=10)
s3.json 57.71µ ± 2% 58.89µ ± 2% +2.05% (p=0.001 n=10)
sns-batch.json 87.47µ ± 2% 89.92µ ± 1% +2.79% (p=0.000 n=10)
sns.json 62.95µ ± 2% 65.83µ ± 4% +4.57% (p=0.001 n=10)
snssqs.json 111.1µ ± 1% 113.5µ ± 3% +2.24% (p=0.007 n=10)
snssqs_no_dd_context.json 96.42µ ± 1% 99.20µ ± 2% +2.89% (p=0.001 n=10)
sqs-aws-header.json 54.02µ ± 2% 55.40µ ± 2% +2.56% (p=0.000 n=10)
sqs-batch.json 92.64µ ± 1% 94.70µ ± 1% +2.23% (p=0.002 n=10)
sqs.json 67.90µ ± 3% 69.61µ ± 2% +2.52% (p=0.004 n=10)
sqs_no_dd_context.json 60.79µ ± 2% 62.44µ ± 2% +2.71% (p=0.015 n=10)
geomean 64.75µ 66.44µ +2.60%
│ baseline/benchmark.log │ current/benchmark.log │
│ B/op │ B/op vs base │
api-gateway-appsec.json 37.25Ki ± 0% 37.26Ki ± 0% ~ (p=0.893 n=10)
api-gateway-kong-appsec.json 26.92Ki ± 0% 26.92Ki ± 0% ~ (p=0.782 n=10)
api-gateway-kong.json 24.41Ki ± 0% 24.41Ki ± 0% ~ (p=0.424 n=10)
api-gateway-non-proxy-async.json 48.00Ki ± 0% 48.01Ki ± 0% ~ (p=0.118 n=10)
api-gateway-non-proxy.json 47.23Ki ± 0% 47.22Ki ± 0% ~ (p=0.853 n=10)
api-gateway-websocket-connect.json 25.45Ki ± 0% 25.44Ki ± 0% ~ (p=0.402 n=10)
api-gateway-websocket-default.json 21.34Ki ± 0% 21.35Ki ± 0% +0.05% (p=0.019 n=10)
api-gateway-websocket-disconnect.json 21.12Ki ± 0% 21.13Ki ± 0% +0.06% (p=0.001 n=10)
api-gateway.json 49.51Ki ± 0% 49.53Ki ± 0% ~ (p=0.239 n=10)
application-load-balancer.json 22.31Ki ± 0% 22.32Ki ± 0% ~ (p=0.446 n=10)
cloudfront.json 17.63Ki ± 0% 17.64Ki ± 0% ~ (p=0.324 n=10)
cloudwatch-events.json 11.69Ki ± 0% 11.68Ki ± 0% ~ (p=0.565 n=10)
cloudwatch-logs.json 53.36Ki ± 0% 53.37Ki ± 0% ~ (p=0.128 n=10)
custom.json 9.707Ki ± 0% 9.714Ki ± 0% ~ (p=0.402 n=10)
dynamodb.json 40.68Ki ± 0% 40.68Ki ± 0% ~ (p=0.781 n=10)
empty.json 9.271Ki ± 0% 9.286Ki ± 0% +0.17% (p=0.022 n=10)
eventbridge-custom.json 13.40Ki ± 0% 13.40Ki ± 0% ~ (p=0.926 n=10)
http-api.json 23.71Ki ± 0% 23.70Ki ± 0% ~ (p=0.811 n=10)
kinesis-batch.json 27.00Ki ± 0% 27.01Ki ± 0% ~ (p=0.493 n=10)
kinesis.json 17.79Ki ± 0% 17.79Ki ± 0% ~ (p=0.305 n=10)
s3.json 20.32Ki ± 0% 20.33Ki ± 0% ~ (p=0.542 n=10)
sns-batch.json 38.60Ki ± 0% 38.63Ki ± 0% ~ (p=0.109 n=10)
sns.json 23.97Ki ± 0% 23.97Ki ± 0% ~ (p=0.756 n=10)
snssqs.json 50.72Ki ± 0% 50.75Ki ± 0% ~ (p=0.353 n=10)
snssqs_no_dd_context.json 44.79Ki ± 0% 44.83Ki ± 0% ~ (p=0.184 n=10)
sqs-aws-header.json 18.80Ki ± 0% 18.83Ki ± 1% ~ (p=0.592 n=10)
sqs-batch.json 41.62Ki ± 0% 41.66Ki ± 1% ~ (p=0.382 n=10)
sqs.json 25.54Ki ± 0% 25.59Ki ± 1% ~ (p=0.247 n=10)
sqs_no_dd_context.json 20.69Ki ± 1% 20.65Ki ± 1% ~ (p=0.089 n=10)
geomean 25.69Ki 25.70Ki +0.04%
│ baseline/benchmark.log │ current/benchmark.log │
│ allocs/op │ allocs/op vs base │
api-gateway-appsec.json 629.5 ± 0% 629.5 ± 0% ~ (p=1.000 n=10)
api-gateway-kong-appsec.json 488.0 ± 0% 488.0 ± 0% ~ (p=1.000 n=10)
api-gateway-kong.json 466.0 ± 0% 466.0 ± 0% ~ (p=1.000 n=10) ¹
api-gateway-non-proxy-async.json 725.0 ± 0% 725.5 ± 0% ~ (p=1.000 n=10)
api-gateway-non-proxy.json 716.0 ± 0% 716.0 ± 0% ~ (p=1.000 n=10)
api-gateway-websocket-connect.json 453.0 ± 0% 453.0 ± 0% ~ (p=1.000 n=10) ¹
api-gateway-websocket-default.json 379.0 ± 0% 379.0 ± 0% ~ (p=1.000 n=10)
api-gateway-websocket-disconnect.json 369.0 ± 0% 370.0 ± 0% ~ (p=0.070 n=10)
api-gateway.json 790.0 ± 0% 790.5 ± 0% ~ (p=1.000 n=10)
application-load-balancer.json 352.0 ± 0% 352.0 ± 0% ~ (p=1.000 n=10)
cloudfront.json 284.0 ± 0% 284.0 ± 0% ~ (p=0.628 n=10)
cloudwatch-events.json 220.0 ± 0% 220.0 ± 0% ~ (p=0.474 n=10)
cloudwatch-logs.json 215.0 ± 0% 216.0 ± 0% ~ (p=0.170 n=10)
custom.json 168.0 ± 0% 168.0 ± 0% ~ (p=1.000 n=10) ¹
dynamodb.json 589.0 ± 0% 589.0 ± 0% ~ (p=1.000 n=10)
empty.json 159.5 ± 0% 160.0 ± 1% ~ (p=0.350 n=10)
eventbridge-custom.json 254.0 ± 0% 254.0 ± 0% ~ (p=1.000 n=10)
http-api.json 432.5 ± 0% 432.0 ± 0% ~ (p=1.000 n=10)
kinesis-batch.json 390.0 ± 0% 390.5 ± 0% ~ (p=0.350 n=10)
kinesis.json 285.0 ± 0% 285.0 ± 0% ~ (p=0.582 n=10)
s3.json 357.5 ± 0% 358.0 ± 0% ~ (p=0.647 n=10)
sns-batch.json 454.0 ± 0% 454.5 ± 0% ~ (p=0.575 n=10)
sns.json 323.0 ± 0% 323.0 ± 0% ~ (p=0.921 n=10)
snssqs.json 450.0 ± 0% 450.0 ± 0% ~ (p=0.726 n=10)
snssqs_no_dd_context.json 399.0 ± 0% 400.0 ± 0% ~ (p=0.180 n=10)
sqs-aws-header.json 274.0 ± 1% 274.5 ± 1% ~ (p=0.333 n=10)
sqs-batch.json 503.0 ± 0% 504.0 ± 1% ~ (p=0.371 n=10)
sqs.json 351.0 ± 1% 351.5 ± 1% ~ (p=0.399 n=10)
sqs_no_dd_context.json 325.0 ± 1% 324.0 ± 1% ~ (p=0.104 n=10)
geomean 376.6 376.8 +0.07%
¹ all samples are equal
Go Package Import Differences
Baseline: d2054c27123125b38fe349616fb80b479233a1c3 Comparison: 080a425861446e22a669f0d5df6446446480667c
| binary | os | arch | change |
|---|---|---|---|
| serverless | linux | amd64 | +0, -4
-github.com/DataDog/go-libddwaf/v2
-github.com/DataDog/go-libddwaf/v2/internal/lib
-github.com/DataDog/go-libddwaf/v2/internal/log
-github.com/DataDog/go-libddwaf/v2/internal/noopfree
|
| serverless | linux | arm64 | +0, -4
-github.com/DataDog/go-libddwaf/v2
-github.com/DataDog/go-libddwaf/v2/internal/lib
-github.com/DataDog/go-libddwaf/v2/internal/log
-github.com/DataDog/go-libddwaf/v2/internal/noopfree
|
![cit-pr-commenter[bot] avatar](https://avatars.githubusercontent.com/in/330445?v=4 "Published by a pub.dev verified publisher"){kind=small}
Test changes on VM
Use this command from test-infra-definitions to manually test this PR changes on a VM:
inv create-vm --pipeline-id=37969274 --os-family=ubuntu
Note: This applies to commit 080a4258
![pr-commenter[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}
The issue mentioned in the github action comment in this PR is a build of libddwaf that can be found here of 2MB. This library is essentially to ASM on serverless.
:steam_locomotive: MergeQueue: pull request added to the queue
The median merge time in main is 25m.
Use /merge -c to cancel this operation!