From 3e1d8c713c55bdd04748f4af7c896de9f36473d1 Mon Sep 17 00:00:00 2001 From: Ben Date: Thu, 16 Apr 2026 22:59:44 +0300 Subject: [PATCH 1/2] fix: remove DNS events from dedup cache DNS events don't benefit from deduplication because the system resolver cache already limits DNS traffic at the network layer. Events reaching the eBPF tracer are almost always unique (cache misses or TTL expiry), so the dedup key computation was wasted work. Benchmark data confirms 0% dedup ratio for DNS events. Signed-off-by: Ben --- pkg/containerwatcher/v2/event_handler_factory.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pkg/containerwatcher/v2/event_handler_factory.go b/pkg/containerwatcher/v2/event_handler_factory.go index 5349abbda..06a1878d4 100644 --- a/pkg/containerwatcher/v2/event_handler_factory.go +++ b/pkg/containerwatcher/v2/event_handler_factory.go @@ -49,7 +49,6 @@ func (ma *ManagerAdapter) ReportEvent(eventType utils.EventType, event utils.K8s const ( dedupTTLOpen uint16 = 156 // 10s dedupTTLNetwork uint16 = 78 // 5s - dedupTTLDNS uint16 = 156 // 10s dedupTTLCapabilities uint16 = 156 // 10s dedupTTLHTTP uint16 = 31 // 2s dedupTTLSSH uint16 = 156 // 10s @@ -228,10 +227,9 @@ func computeEventDedupKey(enrichedEvent *events.EnrichedEvent) (key uint64, ttl dst := e.GetDstEndpoint() return dedupcache.ComputeNetworkKey(mntns, pid, dst.Addr, e.GetDstPort(), e.GetProto()), dedupTTLNetwork, true } - case utils.DnsEventType: - if e, ok := event.(utils.DNSEvent); ok { - return dedupcache.ComputeDNSKey(mntns, e.GetDNSName()), dedupTTLDNS, true - } + // DNS events are not deduplicated: the system resolver cache already + // limits DNS traffic at the network layer, so events reaching the eBPF + // tracer are almost always unique. case utils.CapabilitiesEventType: if e, ok := event.(utils.CapabilitiesEvent); ok { pid := uint32(0) From 6f8b984f6c4b31e5222edf56f58765ff0e9cd106 Mon Sep 17 00:00:00 2001 From: Ben Date: Thu, 16 Apr 2026 23:13:08 +0300 Subject: [PATCH 2/2] fix: retry pip install in benchmark to handle transient SSL errors Signed-off-by: Ben --- .github/workflows/benchmark.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml index abb43c4ad..cf262a25f 100644 --- a/.github/workflows/benchmark.yaml +++ b/.github/workflows/benchmark.yaml @@ -99,7 +99,7 @@ jobs: python-version: '3.12' - name: Install Python dependencies - run: pip install -r benchmark/requirements.txt + run: pip install -r benchmark/requirements.txt || pip install -r benchmark/requirements.txt - name: Run benchmark env: