[NETPATH-666] Create Source Public IP Config

cmd/agent/dist/assets/network_path/spec.yaml

@@ -26,6 +26,15 @@ files:
         Specifies how much time in milliseconds the traceroute should
         wait for a response from each hop before timing out.
       required: false
+    - name: disable_source_public_ip_collection
+      value:
+        type: boolean
+        example: false
+        default: false
+      description: |
+        Disables collection of the source public IP address for all instances.
+        When enabled, the source public IP will not be collected or reported.
+      required: false
   - template: instances
     options:
     - name: hostname
@@ -102,6 +111,15 @@ files:
       description: |
         Destination service name.
       required: false
+    - name: disable_source_public_ip_collection
+      value:
+        type: boolean
+        example: false
+        default: false
+      description: |
+        Disables collection of the source public IP address for this instance.
+        When enabled, the source public IP will not be collected or reported.
+      required: false
     - name: tcp_method
       fleet_configurable: true
       value:

cmd/system-probe/modules/traceroute.go

@@ -182,6 +182,7 @@ func parseParams(req *http.Request) (tracerouteutil.Config, error) {
 	tcpSynParisTracerouteMode := query.Get("tcp_syn_paris_traceroute_mode")
 	disableWindowsDriver := query.Get("disable_windows_driver")
 	reverseDNS := query.Get("reverse_dns")
+	disableSourcePublicIPCollection := query.Get("disable_source_public_ip_collection")
 	tracerouteQueries, err := parseUint(query, "traceroute_queries", 32)
 	if err != nil {
 		return tracerouteutil.Config{}, fmt.Errorf("invalid traceroute_queries: %s", err)
@@ -192,17 +193,18 @@ func parseParams(req *http.Request) (tracerouteutil.Config, error) {
 	}
 
 	return tracerouteutil.Config{
-		DestHostname:              host,
-		DestPort:                  uint16(port),
-		MaxTTL:                    uint8(maxTTL),
-		Timeout:                   time.Duration(timeout),
-		Protocol:                  payload.Protocol(protocol),
-		TCPMethod:                 payload.TCPMethod(tcpMethod),
-		TCPSynParisTracerouteMode: tcpSynParisTracerouteMode == "true",
-		DisableWindowsDriver:      disableWindowsDriver == "true",
-		ReverseDNS:                reverseDNS == "true",
-		TracerouteQueries:         int(tracerouteQueries),
-		E2eQueries:                int(e2eQueries),
+		DestHostname:                    host,
+		DestPort:                        uint16(port),
+		MaxTTL:                          uint8(maxTTL),
+		Timeout:                         time.Duration(timeout),
+		Protocol:                        payload.Protocol(protocol),
+		TCPMethod:                       payload.TCPMethod(tcpMethod),
+		TCPSynParisTracerouteMode:       tcpSynParisTracerouteMode == "true",
+		DisableWindowsDriver:            disableWindowsDriver == "true",
+		ReverseDNS:                      reverseDNS == "true",
+		DisableSourcePublicIPCollection: disableSourcePublicIPCollection == "true",
+		TracerouteQueries:               int(tracerouteQueries),
+		E2eQueries:                      int(e2eQueries),
 	}, nil
 }
 

comp/networkpath/npcollector/impl/config.go

@@ -17,31 +17,32 @@ import (
 )
 
 type collectorConfigs struct {
-	connectionsMonitoringEnabled bool
-	netflowMonitoringEnabled     bool
-	workers                      int
-	timeout                      time.Duration
-	maxTTL                       int
-	pathtestInputChanSize        int
-	pathtestProcessingChanSize   int
-	storeConfig                  pathteststore.Config
-	flushInterval                time.Duration
-	reverseDNSEnabled            bool
-	reverseDNSTimeout            time.Duration
-	disableIntraVPCCollection    bool
-	networkDevicesNamespace      string
-	sourceExcludedConns          map[string][]string
-	destExcludedConns            map[string][]string
-	tcpMethod                    payload.TCPMethod
-	icmpMode                     payload.ICMPMode
-	tcpSynParisTracerouteMode    bool
-	tracerouteQueries            int
-	e2eQueries                   int
-	disableWindowsDriver         bool
-	filterConfig                 []connfilter.Config
-	monitorIPWithoutDomain       bool
-	ddSite                       string
-	sourceProduct                payload.SourceProduct
+	connectionsMonitoringEnabled    bool
+	netflowMonitoringEnabled        bool
+	workers                         int
+	timeout                         time.Duration
+	maxTTL                          int
+	pathtestInputChanSize           int
+	pathtestProcessingChanSize      int
+	storeConfig                     pathteststore.Config
+	flushInterval                   time.Duration
+	reverseDNSEnabled               bool
+	reverseDNSTimeout               time.Duration
+	disableIntraVPCCollection       bool
+	networkDevicesNamespace         string
+	sourceExcludedConns             map[string][]string
+	destExcludedConns               map[string][]string
+	tcpMethod                       payload.TCPMethod
+	icmpMode                        payload.ICMPMode
+	tcpSynParisTracerouteMode       bool
+	tracerouteQueries               int
+	e2eQueries                      int
+	disableWindowsDriver            bool
+	disableSourcePublicIPCollection bool
+	filterConfig                    []connfilter.Config
+	monitorIPWithoutDomain          bool
+	ddSite                          string
+	sourceProduct                   payload.SourceProduct
 }
 
 func newConfig(agentConfig config.Component, logger log.Component) *collectorConfigs {
@@ -66,23 +67,24 @@ func newConfig(agentConfig config.Component, logger log.Component) *collectorCon
 			MaxPerMinute:     agentConfig.GetInt("network_path.collector.pathtest_max_per_minute"),
 			MaxBurstDuration: agentConfig.GetDuration("network_path.collector.pathtest_max_burst_duration"),
 		},
-		flushInterval:             agentConfig.GetDuration("network_path.collector.flush_interval"),
-		reverseDNSEnabled:         agentConfig.GetBool("network_path.collector.reverse_dns_enrichment.enabled"),
-		reverseDNSTimeout:         agentConfig.GetDuration("network_path.collector.reverse_dns_enrichment.timeout") * time.Millisecond,
-		disableIntraVPCCollection: agentConfig.GetBool("network_path.collector.disable_intra_vpc_collection"),
-		sourceExcludedConns:       agentConfig.GetStringMapStringSlice("network_path.collector.source_excludes"),
-		destExcludedConns:         agentConfig.GetStringMapStringSlice("network_path.collector.dest_excludes"),
-		tcpMethod:                 payload.MakeTCPMethod(agentConfig.GetString("network_path.collector.tcp_method")),
-		icmpMode:                  payload.MakeICMPMode(agentConfig.GetString("network_path.collector.icmp_mode")),
-		tcpSynParisTracerouteMode: agentConfig.GetBool("network_path.collector.tcp_syn_paris_traceroute_mode"),
-		tracerouteQueries:         agentConfig.GetInt("network_path.collector.traceroute_queries"),
-		e2eQueries:                agentConfig.GetInt("network_path.collector.e2e_queries"),
-		disableWindowsDriver:      agentConfig.GetBool("network_path.collector.disable_windows_driver"),
-		networkDevicesNamespace:   agentConfig.GetString("network_devices.namespace"),
-		filterConfig:              filterConfigs,
-		monitorIPWithoutDomain:    agentConfig.GetBool("network_path.collector.monitor_ip_without_domain"),
-		ddSite:                    agentConfig.GetString("site"),
-		sourceProduct:             payload.GetSourceProduct(agentConfig.GetString("infrastructure_mode")),
+		flushInterval:                   agentConfig.GetDuration("network_path.collector.flush_interval"),
+		reverseDNSEnabled:               agentConfig.GetBool("network_path.collector.reverse_dns_enrichment.enabled"),
+		reverseDNSTimeout:               agentConfig.GetDuration("network_path.collector.reverse_dns_enrichment.timeout") * time.Millisecond,
+		disableIntraVPCCollection:       agentConfig.GetBool("network_path.collector.disable_intra_vpc_collection"),
+		sourceExcludedConns:             agentConfig.GetStringMapStringSlice("network_path.collector.source_excludes"),
+		destExcludedConns:               agentConfig.GetStringMapStringSlice("network_path.collector.dest_excludes"),
+		tcpMethod:                       payload.MakeTCPMethod(agentConfig.GetString("network_path.collector.tcp_method")),
+		icmpMode:                        payload.MakeICMPMode(agentConfig.GetString("network_path.collector.icmp_mode")),
+		tcpSynParisTracerouteMode:       agentConfig.GetBool("network_path.collector.tcp_syn_paris_traceroute_mode"),
+		tracerouteQueries:               agentConfig.GetInt("network_path.collector.traceroute_queries"),
+		e2eQueries:                      agentConfig.GetInt("network_path.collector.e2e_queries"),
+		disableWindowsDriver:            agentConfig.GetBool("network_path.collector.disable_windows_driver"),
+		disableSourcePublicIPCollection: agentConfig.GetBool("network_path.collector.disable_source_public_ip_collection"),
+		networkDevicesNamespace:         agentConfig.GetString("network_devices.namespace"),
+		filterConfig:                    filterConfigs,
+		monitorIPWithoutDomain:          agentConfig.GetBool("network_path.collector.monitor_ip_without_domain"),
+		ddSite:                          agentConfig.GetString("site"),
+		sourceProduct:                   payload.GetSourceProduct(agentConfig.GetString("infrastructure_mode")),
 	}
 }
 

comp/networkpath/npcollector/impl/config_test.go

@@ -60,54 +60,56 @@ func TestNewConfig(t *testing.T) {
 					MaxPerMinute:     150,
 					MaxBurstDuration: 30 * time.Second,
 				},
-				flushInterval:             10 * time.Second,
-				reverseDNSEnabled:         true,
-				reverseDNSTimeout:         5000 * time.Millisecond,
-				disableIntraVPCCollection: false,
-				sourceExcludedConns:       map[string][]string{},
-				destExcludedConns:         map[string][]string{},
-				tcpMethod:                 "",
-				icmpMode:                  "",
-				tcpSynParisTracerouteMode: false,
-				tracerouteQueries:         3,
-				e2eQueries:                50,
-				disableWindowsDriver:      false,
-				networkDevicesNamespace:   "default",
-				filterConfig:              []connfilter.Config{},
-				monitorIPWithoutDomain:    false,
-				ddSite:                    "datadoghq.com",
-				sourceProduct:             payload.SourceProductNetworkPath,
+				flushInterval:                   10 * time.Second,
+				reverseDNSEnabled:               true,
+				reverseDNSTimeout:               5000 * time.Millisecond,
+				disableIntraVPCCollection:       false,
+				sourceExcludedConns:             map[string][]string{},
+				destExcludedConns:               map[string][]string{},
+				tcpMethod:                       "",
+				icmpMode:                        "",
+				tcpSynParisTracerouteMode:       false,
+				tracerouteQueries:               3,
+				e2eQueries:                      50,
+				disableWindowsDriver:            false,
+				disableSourcePublicIPCollection: false,
+				networkDevicesNamespace:         "default",
+				filterConfig:                    []connfilter.Config{},
+				monitorIPWithoutDomain:          false,
+				ddSite:                          "datadoghq.com",
+				sourceProduct:                   payload.SourceProductNetworkPath,
 			},
 		},
 		{
 			name: "custom configuration with filters",
 			configOverride: map[string]any{
-				"network_path.connections_monitoring.enabled":           false,
-				"network_path.collector.workers":                        8,
-				"network_path.collector.timeout":                        5000,
-				"network_path.collector.max_ttl":                        64,
-				"network_path.collector.input_chan_size":                200,
-				"network_path.collector.processing_chan_size":           200,
-				"network_path.collector.pathtest_contexts_limit":        10000,
-				"network_path.collector.pathtest_ttl":                   120 * time.Second,
-				"network_path.collector.pathtest_interval":              30 * time.Second,
-				"network_path.collector.pathtest_max_per_minute":        200,
-				"network_path.collector.pathtest_max_burst_duration":    20 * time.Second,
-				"network_path.collector.flush_interval":                 30 * time.Second,
-				"network_path.collector.reverse_dns_enrichment.enabled": false,
-				"network_path.collector.reverse_dns_enrichment.timeout": 2000,
-				"network_path.collector.disable_intra_vpc_collection":   true,
-				"network_path.collector.tcp_method":                     "sack",
-				"network_path.collector.icmp_mode":                      "all",
-				"network_path.collector.tcp_syn_paris_traceroute_mode":  true,
-				"network_path.collector.traceroute_queries":             5,
-				"network_path.collector.e2e_queries":                    5,
-				"network_path.collector.disable_windows_driver":         true,
-				"network_path.collector.monitor_ip_without_domain":      true,
-				"network_devices.namespace":                             "custom-ns",
-				"site":                                                  "datadoghq.eu",
-				"network_path.collector.source_excludes":                map[string][]string{"ip": {"192.168.1.1"}},
-				"network_path.collector.dest_excludes":                  map[string][]string{"ip": {"10.0.0.1"}},
+				"network_path.connections_monitoring.enabled":                false,
+				"network_path.collector.workers":                             8,
+				"network_path.collector.timeout":                             5000,
+				"network_path.collector.max_ttl":                             64,
+				"network_path.collector.input_chan_size":                     200,
+				"network_path.collector.processing_chan_size":                200,
+				"network_path.collector.pathtest_contexts_limit":             10000,
+				"network_path.collector.pathtest_ttl":                        120 * time.Second,
+				"network_path.collector.pathtest_interval":                   30 * time.Second,
+				"network_path.collector.pathtest_max_per_minute":             200,
+				"network_path.collector.pathtest_max_burst_duration":         20 * time.Second,
+				"network_path.collector.flush_interval":                      30 * time.Second,
+				"network_path.collector.reverse_dns_enrichment.enabled":      false,
+				"network_path.collector.reverse_dns_enrichment.timeout":      2000,
+				"network_path.collector.disable_intra_vpc_collection":        true,
+				"network_path.collector.tcp_method":                          "sack",
+				"network_path.collector.icmp_mode":                           "all",
+				"network_path.collector.tcp_syn_paris_traceroute_mode":       true,
+				"network_path.collector.traceroute_queries":                  5,
+				"network_path.collector.e2e_queries":                         5,
+				"network_path.collector.disable_windows_driver":              true,
+				"network_path.collector.disable_source_public_ip_collection": true,
+				"network_path.collector.monitor_ip_without_domain":           true,
+				"network_devices.namespace":                                  "custom-ns",
+				"site":                                                       "datadoghq.eu",
+				"network_path.collector.source_excludes":                     map[string][]string{"ip": {"192.168.1.1"}},
+				"network_path.collector.dest_excludes":                       map[string][]string{"ip": {"10.0.0.1"}},
 				"network_path.collector.filters": []map[string]any{
 					{
 						"type":         "include",
@@ -131,19 +133,20 @@ func TestNewConfig(t *testing.T) {
 					MaxPerMinute:     200,
 					MaxBurstDuration: 20 * time.Second,
 				},
-				flushInterval:             30 * time.Second,
-				reverseDNSEnabled:         false,
-				reverseDNSTimeout:         2000 * time.Millisecond,
-				disableIntraVPCCollection: true,
-				sourceExcludedConns:       map[string][]string{"ip": {"192.168.1.1"}},
-				destExcludedConns:         map[string][]string{"ip": {"10.0.0.1"}},
-				tcpMethod:                 payload.TCPConfigSACK,
-				icmpMode:                  payload.ICMPModeAll,
-				tcpSynParisTracerouteMode: true,
-				tracerouteQueries:         5,
-				e2eQueries:                5,
-				disableWindowsDriver:      true,
-				networkDevicesNamespace:   "custom-ns",
+				flushInterval:                   30 * time.Second,
+				reverseDNSEnabled:               false,
+				reverseDNSTimeout:               2000 * time.Millisecond,
+				disableIntraVPCCollection:       true,
+				sourceExcludedConns:             map[string][]string{"ip": {"192.168.1.1"}},
+				destExcludedConns:               map[string][]string{"ip": {"10.0.0.1"}},
+				tcpMethod:                       payload.TCPConfigSACK,
+				icmpMode:                        payload.ICMPModeAll,
+				tcpSynParisTracerouteMode:       true,
+				tracerouteQueries:               5,
+				e2eQueries:                      5,
+				disableWindowsDriver:            true,
+				disableSourcePublicIPCollection: true,
+				networkDevicesNamespace:         "custom-ns",
 				filterConfig: []connfilter.Config{
 					{
 						Type:        "include",

comp/networkpath/npcollector/impl/npcollector.go

@@ -367,17 +367,18 @@ func (s *npCollectorImpl) runTracerouteForPath(ptest *pathteststore.PathtestCont
 	}
 
 	cfg := config.Config{
-		DestHostname:              ptest.Pathtest.Hostname,
-		DestPort:                  ptest.Pathtest.Port,
-		MaxTTL:                    uint8(s.collectorConfigs.maxTTL),
-		Timeout:                   s.collectorConfigs.timeout,
-		Protocol:                  ptest.Pathtest.Protocol,
-		TCPMethod:                 s.collectorConfigs.tcpMethod,
-		TCPSynParisTracerouteMode: s.collectorConfigs.tcpSynParisTracerouteMode,
-		DisableWindowsDriver:      s.collectorConfigs.disableWindowsDriver,
-		ReverseDNS:                false, // Do not run reverse DNS in datadog-traceroute, it's handled in npcollector
-		TracerouteQueries:         s.collectorConfigs.tracerouteQueries,
-		E2eQueries:                s.collectorConfigs.e2eQueries,
+		DestHostname:                    ptest.Pathtest.Hostname,
+		DestPort:                        ptest.Pathtest.Port,
+		MaxTTL:                          uint8(s.collectorConfigs.maxTTL),
+		Timeout:                         s.collectorConfigs.timeout,
+		Protocol:                        ptest.Pathtest.Protocol,
+		TCPMethod:                       s.collectorConfigs.tcpMethod,
+		TCPSynParisTracerouteMode:       s.collectorConfigs.tcpSynParisTracerouteMode,
+		DisableWindowsDriver:            s.collectorConfigs.disableWindowsDriver,
+		DisableSourcePublicIPCollection: s.collectorConfigs.disableSourcePublicIPCollection,
+		ReverseDNS:                      false, // Do not run reverse DNS in datadog-traceroute, it's handled in npcollector
+		TracerouteQueries:               s.collectorConfigs.tracerouteQueries,
+		E2eQueries:                      s.collectorConfigs.e2eQueries,
 	}
 
 	s.logger.Debugf("Running traceroute with config: %+v", cfg)