DataDog · vicweiss · Oct 9, 2024 · Oct 10, 2024 · Oct 10, 2024 · Oct 10, 2024
@@ -155,6 +155,8 @@ import (
 	"github.com/DataDog/datadog-agent/pkg/util/optional"
 	"github.com/DataDog/datadog-agent/pkg/version"
 
+	rdnsquerier "github.com/DataDog/datadog-agent/comp/rdnsquerier/def"
+
 	// runtime init routines
 	ddruntime "github.com/DataDog/datadog-agent/pkg/runtime"
 )
@@ -255,6 +257,7 @@ func run(log log.Component,
 	settings settings.Component,
 	_ optional.Option[gui.Component],
 	_ agenttelemetry.Component,
+	rdnsquerier rdnsquerier.Component,
 ) error {
 	defer func() {
 		stopAgent()
@@ -319,6 +322,7 @@ func run(log log.Component,
 		cloudfoundrycontainer,
 		jmxlogger,
 		settings,
+		rdnsquerier,
 	); err != nil {
 		return err
 	}
@@ -494,6 +498,7 @@ func startAgent(
 	_ cloudfoundrycontainer.Component,
 	jmxLogger jmxlogger.Component,
 	settings settings.Component,
+	rdnsquerier rdnsquerier.Component,
 ) error {
 	var err error
 
@@ -571,6 +576,7 @@ func startAgent(
 
 	// TODO: (components) - Until the checks are components we set there context so they can depends on components.
 	check.InitializeInventoryChecksContext(invChecks)
+	check.InitializeRDNSQuerierContext(rdnsquerier)
 
 	// Init JMX runner and inject dogstatsd component
 	jmxfetch.InitRunner(server, jmxLogger)

@@ -11,4 +11,5 @@ package rdnsquerier
 // Component is the component type.
 type Component interface {
 	GetHostname([]byte, func(string), func(string, error)) error
+	GetHostnameSync(string) (string, error)
 }
@@ -29,3 +29,8 @@ func (q *rdnsQuerierImplNone) GetHostname(_ []byte, _ func(string), _ func(strin
 	// noop
 	return nil
 }
+
+func (q *rdnsQuerierImplNone) GetHostnameSync(_ string) (string, error) {
+	// noop
+	return "", nil
+}
@@ -9,7 +9,9 @@ package rdnsquerierimpl
 import (
 	"context"
 	"fmt"
+	"net"
 	"net/netip"
+	"sync"
 
 	"github.com/DataDog/datadog-agent/comp/core/config"
 	log "github.com/DataDog/datadog-agent/comp/core/log/def"
@@ -181,6 +183,52 @@ func (q *rdnsQuerierImpl) GetHostname(ipAddr []byte, updateHostnameSync func(str
 	return nil
 }
 
+// GetHostnameSync attempts to resolve the hostname for the given IP address synchronously.
+// If the IP address is invalid then an error is returned.
+// If the IP address is not in the private address space then it is ignored - no lookup is performed and nil error is returned.
+// If the IP address is in the private address space then the IP address will be resolved to a hostname.
+func (q *rdnsQuerierImpl) GetHostnameSync(ipAddr string) (string, error) {
+	q.internalTelemetry.total.Inc()
+
+	// netipAddr, ok := netip.AddrFromSlice(ipAddr)
+	netipAddr := net.ParseIP(ipAddr).To4()
+	if netipAddr == nil {
+		q.internalTelemetry.invalidIPAddress.Inc()
+		return "", fmt.Errorf("invalid IP address %v", ipAddr)
+	}
+
+	if !netipAddr.IsPrivate() {
+		q.logger.Tracef("Reverse DNS Enrichment IP address %s is not in the private address space", netipAddr)
+		return "", nil
+	}
+	q.internalTelemetry.private.Inc()
+
+	var hostname string
+	var err error
+	var wg sync.WaitGroup
+
+	wg.Add(1)
+	err = q.GetHostname(
+		netipAddr,
+		func(h string) {
+			hostname = h
+			wg.Done()
+		},
+		func(h string, e error) {
+			hostname = h
+			err = e
+			wg.Done()
+		},
+	)
+	if err != nil {
+		q.logger.Tracef("Error resolving reverse DNS enrichment for source IP address: %v error: %v", ipAddr, err)
+		wg.Done()
+	}
+	wg.Wait()
+
+	return hostname, err
+}
+
 func (q *rdnsQuerierImpl) start(_ context.Context) error {
 	if q.started {
 		q.logger.Debugf("Reverse DNS Enrichment already started")

@@ -986,3 +986,46 @@ func TestCachePersist(t *testing.T) {
 	})
 	ts.validateExpected(t, expectedTelemetry)
 }
+
+func TestGetHostnameSync(t *testing.T) {
+	overrides := map[string]interface{}{
+		"network_devices.netflow.reverse_dns_enrichment_enabled": true,
+	}
+	ts := testSetup(t, overrides, true, nil)
+	internalRDNSQuerier := ts.rdnsQuerier.(*rdnsQuerierImpl)
+
+	// Test with invalid IP address
+	hostname, err := internalRDNSQuerier.GetHostnameSync("invalid_ip")
+	assert.Error(t, err)
+	assert.Equal(t, "", hostname)
+
+	// Test with IP address not in private range
+	hostname, err = internalRDNSQuerier.GetHostnameSync("8.8.8.8")
+	assert.NoError(t, err)
+	assert.Equal(t, "", hostname)
+
+	// Test with IP address in private range
+	hostname, err = internalRDNSQuerier.GetHostnameSync("192.168.1.100")
+	assert.NoError(t, err)
+	assert.NotEqual(t, "", hostname)
+
+	// Test with IP address in private range but cache miss
+	hostname, err = internalRDNSQuerier.GetHostnameSync("192.168.1.101")
+	assert.NoError(t, err)
+	assert.NotEqual(t, "", hostname)
+
+	// // Test with a valid IP address that resolves to a hostname
+	hostname, err = internalRDNSQuerier.GetHostnameSync("192.168.1.100") // cached from earlier test
+	assert.NoError(t, err)
+	assert.Equal(t, "fakehostname-192.168.1.100", hostname)
+
+	// Test with an empty string as input
+	hostname, err = internalRDNSQuerier.GetHostnameSync("")
+	assert.Error(t, err)
+	assert.Equal(t, "", hostname)
+
+	// Test with an IPv6 address
+	hostname, err = internalRDNSQuerier.GetHostnameSync("2001:4860:4860::8888") // Google Public DNS
+	assert.Error(t, err)
+	assert.Equal(t, "", hostname)
+}
@@ -65,6 +65,7 @@ import (
 	integrations "github.com/DataDog/datadog-agent/comp/logs/integrations/def"
 	"github.com/DataDog/datadog-agent/comp/metadata/inventorychecks"
 	"github.com/DataDog/datadog-agent/comp/metadata/inventorychecks/inventorychecksimpl"
+	rdnsquerier "github.com/DataDog/datadog-agent/comp/rdnsquerier/def"
 	"github.com/DataDog/datadog-agent/comp/remote-config/rcservice"
 	"github.com/DataDog/datadog-agent/comp/remote-config/rcservicemrf"
 	"github.com/DataDog/datadog-agent/comp/serializer/compression/compressionimpl"
@@ -264,6 +265,7 @@ func run(
 	jmxLogger jmxlogger.Component,
 	telemetry telemetry.Component,
 	logReceiver optional.Option[integrations.Component],
+	rdnsquerier rdnsquerier.Component,
 ) error {
 	previousIntegrationTracing := false
 	previousIntegrationTracingExhaustive := false
@@ -288,6 +290,8 @@ func run(
 
 	// TODO: (components) - Until the checks are components we set there context so they can depends on components.
 	check.InitializeInventoryChecksContext(invChecks)
+	check.InitializeRDNSQuerierContext(rdnsquerier)
+
 	pkgcollector.InitPython(common.GetPythonPaths()...)
 	commonchecks.RegisterChecks(wmeta, config, telemetry)
 

@@ -10,6 +10,7 @@ import (
 	"sync"
 
 	"github.com/DataDog/datadog-agent/comp/metadata/inventorychecks"
+	rdnsquerier "github.com/DataDog/datadog-agent/comp/rdnsquerier/def"
 )
 
 // checkContext holds a list of reference to different components used by Go and Python checks.
@@ -20,7 +21,8 @@ import (
 // of C to Go. This way python checks can submit metadata to inventorychecks through the 'SetCheckMetadata' python
 // method.
 type checkContext struct {
-	ic inventorychecks.Component
+	ic          inventorychecks.Component
+	rdnsquerier rdnsquerier.Component
 }
 
 var ctx checkContext
@@ -47,10 +49,32 @@ func InitializeInventoryChecksContext(ic inventorychecks.Component) {
 	}
 }
 
+// GetRDNSQuerierContext returns a reference to the rdnsquerier component for Python and Go checks to use.
+func GetRDNSQuerierContext() (rdnsquerier.Component, error) {
+	checkContextMutex.Lock()
+	defer checkContextMutex.Unlock()
+
+	if ctx.rdnsquerier == nil {
+		return nil, errors.New("rdnsquerier context was not set")
+	}
+	return ctx.rdnsquerier, nil
+}
+
+// InitializeRDNSQuerierContext set the reference to rdnsquerier in checkContext
+func InitializeRDNSQuerierContext(rdnsquerier rdnsquerier.Component) {
+	checkContextMutex.Lock()
+	defer checkContextMutex.Unlock()
+
+	if ctx.rdnsquerier == nil {
+		ctx.rdnsquerier = rdnsquerier
+	}
+}
+
 // ReleaseContext reset to nil all the references hold by the current context
 func ReleaseContext() {
 	checkContextMutex.Lock()
 	defer checkContextMutex.Unlock()
 
 	ctx.ic = nil
+	ctx.rdnsquerier = nil
 }
@@ -21,6 +21,7 @@ import (
 	"github.com/DataDog/datadog-agent/pkg/networkdevice/profile/profiledefinition"
 	"github.com/DataDog/datadog-agent/pkg/networkdevice/utils"
 
+	"github.com/DataDog/datadog-agent/pkg/collector/check"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/snmp/internal/checkconfig"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/snmp/internal/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/snmp/internal/lldp"
@@ -214,6 +215,11 @@ func buildNetworkDeviceMetadata(deviceID string, idTags []string, config *checkc
 		vendor = config.ProfileDef.Device.Vendor
 	}
 
+	hostname := ""
+	if rdnsquerier, err := check.GetRDNSQuerierContext(); err == nil {
+		hostname, _ = rdnsquerier.GetHostnameSync(config.IPAddress)
+	}
+
 	return devicemetadata.DeviceMetadata{
 		ID:             deviceID,
 		IDTags:         idTags,
@@ -238,6 +244,7 @@ func buildNetworkDeviceMetadata(deviceID string, idTags []string, config *checkc
 		OsHostname:     osHostname,
 		DeviceType:     deviceType,
 		Integration:    common.SnmpIntegrationName,
+		RDNSHostname:   hostname,
 	}
 }
 

@@ -73,6 +73,7 @@ type DeviceMetadata struct {
 	OsHostname     string       `json:"os_hostname,omitempty"`
 	Integration    string       `json:"integration,omitempty"` // indicates the source of the data SNMP, meraki_api, etc.
 	DeviceType     string       `json:"device_type,omitempty"`
+	RDNSHostname   string       `json:"rdns_hostname,omitempty"`
 }
 
 // DeviceOID device scan oid data

@@ -0,0 +1,11 @@
+# Each section from every release note are combined when the
+# CHANGELOG.rst is rendered. So the text needs to be worded so that
+# it does not depend on any information only available in another
+# section. This may mean repeating some details, but each section
+# must be readable independently of the other.
+#
+# Each section note must be formatted as reStructuredText.
+---
+features:
+  - |
+    Added support for enrighing SNMP IPs with hostnames via rDNS lookups