chore: validate NAUT-1252 memory optimizations (go.mod replace directives)

[matthyx]

Summary

Temporary go.mod replace directives to validate memory savings from 5 upstream PRs before they are merged and released. This lets CI build a testable image.

Pending upstream PRs included

inspektor-gadget/inspektor-gadget (fork: matthyx/inspektor-gadget @ fd383d3):

• #5461 ebpf: release CollectionSpec after programs are attached — ~14 MiB heap
• #5462 oci: release oras target after image operators finish loading — ~27 MiB RssFile
• #5466 ebpf: release ELF/BPF object bytes after spec is loaded — ~6 MiB heap
• #5468 gadgets/trace_capabilities: reduce current_syscall map 1M→10K — ~43 MiB kernel memory

cilium/ebpf (fork: matthyx/ebpf @ 8a32d06):

• #1988 btf: use weak pointers for the kernel BTF global cache — ~17 MiB heap auto-freed

Expected total savings

~64 MiB VmRSS + ~43 MiB kernel memory per node-agent instance.

Cleanup

These replace directives must be removed once the upstream PRs are merged and released into a new IG/cilium-ebpf version.

Test plan

• CI image builds successfully
• node-agent starts and all tracers load without errors
• VmRSS measured at steady state shows ~64 MiB reduction vs baseline
• bpftool map show confirms current_syscall max_entries = 10240

Summary by CodeRabbit

• Chores
  • Updated project dependencies to improve stability and compatibility.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated Go module dependencies and replace directives in go.mod. The change includes bumping an indirect dependency version, updating a module replacement pointer, and adding a new module replacement to redirect to a fork version.

Changes

Cohort / File(s)	Summary
Module Dependencies go.mod	Updated github.com/mdlayher/socket from v0.4.1 to v0.5.1; changed github.com/inspektor-gadget/inspektor-gadget replacement pseudo-version; added new replace directive for github.com/cilium/ebpf pointing to github.com/matthyx/ebpf.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Dependencies hop along with grace,
New versions fill their rightful place,
From socket streams to eBPF's might,
Our modules dance in synchronized flight,
Forks and patches, a rabbit's delight! 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: validating memory optimizations via go.mod replace directives, which matches the changeset's purpose of temporarily redirecting dependencies to forks containing memory-saving improvements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch matthias/naut-1252-memory-optimizations

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

go.mod (1)

468-470: Add explicit removal guardrails for temporary replace directives.

Since these replaces are temporary, add inline TODOs with upstream PR links and the exact removal condition to reduce the chance they remain past validation.

Proposed edit

-replace github.com/inspektor-gadget/inspektor-gadget => github.com/matthyx/inspektor-gadget v0.0.0-20260421100818-fd383d3d7db4
+// TODO(NAUT-1252): temporary for memory validation; remove after upstream PRs `#5461/`#5462/#5466/#5468 are merged and released.
+replace github.com/inspektor-gadget/inspektor-gadget => github.com/matthyx/inspektor-gadget v0.0.0-20260421100818-fd383d3d7db4
 
-replace github.com/cilium/ebpf => github.com/matthyx/ebpf v0.0.0-20260421101317-8a32d06def6c
+// TODO(NAUT-1252): temporary for memory validation; remove after upstream PR `#1988` is merged and released.
+replace github.com/cilium/ebpf => github.com/matthyx/ebpf v0.0.0-20260421101317-8a32d06def6c

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 468 - 470, Add explicit inline TODO comments next to the
two temporary go.mod replace directives (the replace for
github.com/inspektor-gadget/inspektor-gadget and the replace for
github.com/cilium/ebpf) that include the upstream PR links and an exact removal
condition (e.g., "remove when upstream PR `#1234` is merged and version vX.Y.Z is
released" or "remove once tag v0.0.0-20260421+fd383d3 is available"), so the
replaces are self-documented and guarded; update the replace lines to include
those TODO notes so reviewers and CI can easily verify when to remove them.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@go.mod`:
- Around line 468-470: Add explicit inline TODO comments next to the two
temporary go.mod replace directives (the replace for
github.com/inspektor-gadget/inspektor-gadget and the replace for
github.com/cilium/ebpf) that include the upstream PR links and an exact removal
condition (e.g., "remove when upstream PR `#1234` is merged and version vX.Y.Z is
released" or "remove once tag v0.0.0-20260421+fd383d3 is available"), so the
replaces are self-documented and guarded; update the replace lines to include
those TODO notes so reviewers and CI can easily verify when to remove them.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b90f2a78-7c55-4ecd-bb03-9224a1c6befc

📥 Commits

Reviewing files that changed from the base of the PR and between 900e72b and 430b71a.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[github-actions]

Performance Benchmark Results

Node-Agent Resource Usage

Metric	BEFORE	AFTER	Delta
Avg CPU (cores)	0.164	0.165	+0.4%
Peak CPU (cores)	0.173	0.173	-0.3%
Avg Memory (MiB)	417.937	262.448	-37.2%
Peak Memory (MiB)	425.184	265.926	-37.5%

Dedup Effectiveness (AFTER only)

Event Type	Passed	Deduped	Ratio
capabilities	0	0	N/A
hardlink	6000	0	0.0%
http	1702	119447	98.6%
network	901	77992	98.9%
open	36353	619783	94.5%
symlink	6000	0	0.0%
syscall	984	1894	65.8%

Event Counters

Metric	BEFORE	AFTER
capability_counter	12	10
dns_counter	1452	1433
exec_counter	7276	7171
network_counter	95683	94331
open_counter	797682	785576
syscall_counter	3523	3500