discovery: load libdd_discovery via CGO bindings

Improves

discovery: use dd_discovery_cgo build tag instead of built-in cgo

fix omnibus build for CGo library integration

Implement some improvements

Author: martavicentenavarro

omnibus/config/software/datadog-agent.rb

@@ -186,6 +186,10 @@
       copy 'bin/system-probe/system-probe.exe', "#{install_dir}/bin/agent"
     else
       copy "bin/system-probe/system-probe", "#{install_dir}/embedded/bin"
+      if linux_target?
+        mkdir "#{install_dir}/embedded/lib"
+        copy 'pkg/discovery/module/rust/libdd_discovery.so', "#{install_dir}/embedded/lib"
+      end
     end
 
     # Add SELinux policy for system-probe

pkg/discovery/module/impl_linux.go

@@ -3,6 +3,8 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2024-present Datadog, Inc.
 
+//go:build !dd_discovery_cgo
+
 package module
 
 import (
@@ -11,7 +13,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"net/http"
 	"os"
 	"regexp"
 	"slices"
@@ -30,40 +31,20 @@ import (
 	"github.com/DataDog/datadog-agent/pkg/discovery/usm"
 	"github.com/DataDog/datadog-agent/pkg/languagedetection/privileged"
 	"github.com/DataDog/datadog-agent/pkg/network"
-	"github.com/DataDog/datadog-agent/pkg/system-probe/api/module"
+	probemodule "github.com/DataDog/datadog-agent/pkg/system-probe/api/module"
 	sysconfigtypes "github.com/DataDog/datadog-agent/pkg/system-probe/config/types"
-	"github.com/DataDog/datadog-agent/pkg/system-probe/utils"
 	"github.com/DataDog/datadog-agent/pkg/util/kernel"
 	"github.com/DataDog/datadog-agent/pkg/util/kernel/netns"
 	"github.com/DataDog/datadog-agent/pkg/util/log"
 )
 
-const (
-	pathServices = "/services"
-)
-
 var (
 	// apmInjectorRegex matches the APM auto-injector launcher.preload.so library path
 	apmInjectorRegex = regexp.MustCompile(`/opt/datadog-packages/datadog-apm-inject/[^/]+/inject/launcher\.preload\.so`)
 )
 
-// Ensure discovery implements the module.Module interface.
-var _ module.Module = &discovery{}
-
-// discovery is an implementation of the Module interface for the discovery module.
-type discovery struct {
-	core core.Discovery
-
-	config *core.DiscoveryConfig
-
-	mux *sync.RWMutex
-
-	// privilegedDetector is used to detect the language of a process.
-	privilegedDetector privileged.LanguageDetector
-}
-
 // NewDiscoveryModule creates a new discovery system probe module.
-func NewDiscoveryModule(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) {
+func NewDiscoveryModule(_ *sysconfigtypes.Config, _ probemodule.FactoryDependencies) (probemodule.Module, error) {
 	cfg := core.NewConfig()
 
 	d := &discovery{
@@ -78,63 +59,6 @@ func NewDiscoveryModule(_ *sysconfigtypes.Config, _ module.FactoryDependencies)
 	return d, nil
 }
 
-// GetStats returns the stats of the discovery module.
-func (s *discovery) GetStats() map[string]any {
-	return nil
-}
-
-// Register registers the discovery module with the provided HTTP mux.
-func (s *discovery) Register(httpMux *module.Router) error {
-	httpMux.HandleFunc("/status", s.handleStatusEndpoint)
-	httpMux.HandleFunc("/state", s.handleStateEndpoint)
-	httpMux.HandleFunc(pathServices, utils.WithConcurrencyLimit(utils.DefaultMaxConcurrentRequests, s.handleServices))
-
-	return nil
-}
-
-// Close cleans resources used by the discovery module.
-func (s *discovery) Close() {
-	s.mux.Lock()
-	defer s.mux.Unlock()
-
-	s.core.Close()
-}
-
-// handleStatusEndpoint is the handler for the /status endpoint.
-// Reports the status of the discovery module.
-func (s *discovery) handleStatusEndpoint(w http.ResponseWriter, _ *http.Request) {
-	_, _ = w.Write([]byte("Discovery Module is running"))
-}
-
-// handleStateEndpoint is the handler for the /state endpoint.
-// Returns the internal state of the discovery module.
-func (s *discovery) handleStateEndpoint(w http.ResponseWriter, _ *http.Request) {
-	s.mux.Lock()
-	defer s.mux.Unlock()
-
-	state := make(map[string]interface{})
-
-	utils.WriteAsJSON(w, state, utils.CompactOutput)
-}
-
-func (s *discovery) handleServices(w http.ResponseWriter, req *http.Request) {
-	params, err := core.ParseParamsFromRequest(req)
-	if err != nil {
-		_ = log.Errorf("invalid params to /discovery%s: %v", pathServices, err)
-		w.WriteHeader(http.StatusBadRequest)
-		return
-	}
-
-	services, err := s.getServices(params)
-	if err != nil {
-		_ = log.Errorf("failed to handle /discovery%s: %v", pathServices, err)
-		w.WriteHeader(http.StatusInternalServerError)
-		return
-	}
-
-	utils.WriteAsJSON(w, services, utils.CompactOutput)
-}
-
 // socketInfo stores information related to each socket.
 type socketInfo struct {
 	port uint16

pkg/discovery/module/impl_linux_test.go

@@ -5,224 +5,28 @@
 
 // This doesn't need BPF, but it's built with this tag to only run with
 // system-probe tests.
-//go:build test && linux_bpf
+//go:build test && linux_bpf && !dd_discovery_cgo
 
 package module
 
 import (
-	"bytes"
-	"context"
-	"encoding/json"
 	"net"
-	"net/http"
-	"net/http/httptest"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strconv"
 	"strings"
-	"syscall"
 	"testing"
 
-	gorillamux "github.com/gorilla/mux"
 	"github.com/prometheus/procfs"
-	"github.com/shirou/gopsutil/v4/process"
 	"github.com/stretchr/testify/require"
-	"golang.org/x/sys/unix"
 
-	"github.com/DataDog/datadog-agent/pkg/discovery/core"
 	"github.com/DataDog/datadog-agent/pkg/discovery/language"
-	"github.com/DataDog/datadog-agent/pkg/discovery/model"
 	"github.com/DataDog/datadog-agent/pkg/network"
 	"github.com/DataDog/datadog-agent/pkg/network/protocols/http/testutil"
-	usmtestutil "github.com/DataDog/datadog-agent/pkg/network/usm/testutil"
-	"github.com/DataDog/datadog-agent/pkg/system-probe/api/module"
-	"github.com/DataDog/datadog-agent/pkg/system-probe/config"
 	"github.com/DataDog/datadog-agent/pkg/util/kernel"
 )
 
-func findService(pid int, services []model.Service) *model.Service {
-	for _, s := range services {
-		if s.PID == pid {
-			return &s
-		}
-	}
-
-	return nil
-}
-
-type testDiscoveryModule struct {
-	url string
-}
-
-func setupDiscoveryModule(t *testing.T) *testDiscoveryModule {
-	t.Helper()
-	mux := gorillamux.NewRouter()
-
-	mod, err := NewDiscoveryModule(nil, module.FactoryDependencies{})
-	require.NoError(t, err)
-	discovery := mod.(*discovery)
-
-	discovery.Register(module.NewRouter(string(config.DiscoveryModule), mux))
-	t.Cleanup(discovery.Close)
-
-	srv := httptest.NewServer(mux)
-	t.Cleanup(srv.Close)
-
-	return &testDiscoveryModule{
-		url: srv.URL,
-	}
-}
-
-// makeRequest wraps the request to the discovery module, setting the JSON body if provided,
-// and returning the response as the given type.
-func makeRequest[T any](t require.TestingT, url string, params *core.Params) *T {
-	var body *bytes.Buffer
-	if params != nil {
-		jsonData, err := params.ToJSON()
-		require.NoError(t, err, "failed to serialize params to JSON")
-		body = bytes.NewBuffer(jsonData)
-	}
-
-	var req *http.Request
-	var err error
-	if body != nil {
-		req, err = http.NewRequest(http.MethodPost, url, body)
-		req.Header.Set("Content-Type", "application/json")
-	} else {
-		req, err = http.NewRequest(http.MethodPost, url, nil)
-	}
-	require.NoError(t, err, "failed to create request")
-
-	resp, err := http.DefaultClient.Do(req)
-	require.NoError(t, err, "failed to send request")
-	defer resp.Body.Close()
-
-	res := new(T)
-	err = json.NewDecoder(resp.Body).Decode(res)
-	require.NoError(t, err, "failed to decode response")
-
-	return res
-}
-
-// getRunningPids wraps the process.Pids function, returning a slice of ints
-// that can be used as the pids query param.
-func getRunningPids(t require.TestingT) []int32 {
-	pids, err := process.Pids()
-	require.NoError(t, err)
-	return pids
-}
-
-func startTCPServer(t *testing.T, proto string, address string) (*os.File, *net.TCPAddr) {
-	listener, err := net.Listen(proto, address)
-	require.NoError(t, err)
-	t.Cleanup(func() { _ = listener.Close() })
-	tcpAddr := listener.Addr().(*net.TCPAddr)
-
-	f, err := listener.(*net.TCPListener).File()
-	defer listener.Close()
-	require.NoError(t, err)
-
-	return f, tcpAddr
-}
-
-func startTCPClient(t *testing.T, proto string, server *net.TCPAddr) (*os.File, *net.TCPAddr) {
-	client, err := net.DialTCP(proto, nil, server)
-	require.NoError(t, err)
-	t.Cleanup(func() { _ = client.Close() })
-
-	f, err := client.File()
-	defer client.Close()
-	require.NoError(t, err)
-
-	return f, client.LocalAddr().(*net.TCPAddr)
-}
-
-func startUDPServer(t *testing.T, proto string, address string) (*os.File, *net.UDPAddr) {
-	lnPacket, err := net.ListenPacket(proto, address)
-	require.NoError(t, err)
-	t.Cleanup(func() { _ = lnPacket.Close() })
-
-	f, err := lnPacket.(*net.UDPConn).File()
-	defer lnPacket.Close()
-	require.NoError(t, err)
-
-	return f, lnPacket.LocalAddr().(*net.UDPAddr)
-}
-
-func startUDPClient(t *testing.T, proto string, server *net.UDPAddr) (*os.File, *net.UDPAddr) {
-	udpClient, err := net.DialUDP(proto, nil, server)
-	require.NoError(t, err)
-	t.Cleanup(func() { _ = udpClient.Close() })
-
-	f, err := udpClient.File()
-	defer udpClient.Close()
-	require.NoError(t, err)
-
-	return f, udpClient.LocalAddr().(*net.UDPAddr)
-}
-
-func disableCloseOnExec(t *testing.T, f *os.File) {
-	_, _, syserr := syscall.Syscall(syscall.SYS_FCNTL, f.Fd(), syscall.F_SETFD, 0)
-	require.Equal(t, syscall.Errno(0x0), syserr)
-}
-
-func startProcessWithFile(t *testing.T, f *os.File) *exec.Cmd {
-	ctx, cancel := context.WithCancel(context.Background())
-
-	// Disable close-on-exec so that the process gets it
-	t.Cleanup(func() { f.Close() })
-	disableCloseOnExec(t, f)
-
-	cmd := exec.CommandContext(ctx, "sleep", "1000")
-	t.Cleanup(func() {
-		cancel()
-		_ = cmd.Wait()
-	})
-	err := cmd.Start()
-	require.NoError(t, err)
-	f.Close()
-
-	return cmd
-}
-
-func makeAlias(t *testing.T, alias string, serverBin string) string {
-	binDir := filepath.Dir(serverBin)
-	aliasPath := filepath.Join(binDir, alias)
-
-	target, err := os.Readlink(aliasPath)
-	if err == nil && target == serverBin {
-		return aliasPath
-	}
-
-	os.Remove(aliasPath)
-	err = os.Symlink(serverBin, aliasPath)
-	require.NoError(t, err)
-
-	return aliasPath
-}
-
-func buildFakeServer(t *testing.T) string {
-	curDir, err := testutil.CurDir()
-	require.NoError(t, err)
-	serverBin, err := usmtestutil.BuildGoBinaryWrapper(filepath.Join(curDir, "testutil"), "fake_server")
-	require.NoError(t, err)
-
-	for _, alias := range []string{"java", "node", "sshd", "dotnet"} {
-		makeAlias(t, alias, serverBin)
-	}
-
-	return filepath.Dir(serverBin)
-}
-
-func newDiscovery() *discovery {
-	mod, err := NewDiscoveryModule(nil, module.FactoryDependencies{})
-	if err != nil {
-		panic(err)
-	}
-	return mod.(*discovery)
-}
-
 // addSockets adds only listening sockets to a map to be used for later looksups.
 func addSockets[P procfs.NetTCP | procfs.NetUDP](sockMap map[uint64]socketInfo, sockets P,
 	family network.ConnectionFamily, ctype network.ConnectionType, state uint64,
@@ -315,21 +119,6 @@ func BenchmarkGetNSInfoOld(b *testing.B) {
 	}
 }
 
-func createTracerMemfd(t *testing.T, data []byte) int {
-	t.Helper()
-	fd, err := unix.MemfdCreate("datadog-tracer-info-xxx", 0)
-	require.NoError(t, err)
-	t.Cleanup(func() { unix.Close(fd) })
-	err = unix.Ftruncate(fd, int64(len(data)))
-	require.NoError(t, err)
-	mappedData, err := unix.Mmap(fd, 0, len(data), unix.PROT_READ|unix.PROT_WRITE, unix.MAP_SHARED)
-	require.NoError(t, err)
-	copy(mappedData, data)
-	err = unix.Munmap(mappedData)
-	require.NoError(t, err)
-	return fd
-}
-
 func TestValidInvalidTracerMetadata(t *testing.T) {
 	discovery := newDiscovery()
 	require.NotEmpty(t, discovery)