Skip to content

Move network.client.ip out of AppSec into HttpServerDecorator#11208

Open
smola wants to merge 1 commit intomasterfrom
smola/network-client-ip
Open

Move network.client.ip out of AppSec into HttpServerDecorator#11208
smola wants to merge 1 commit intomasterfrom
smola/network-client-ip

Conversation

@smola
Copy link
Copy Markdown
Member

@smola smola commented Apr 27, 2026
edited
Loading

What Does This Do

  • network.client.ip now shares the same activation logic as http.client_ip (DD_APPSEC_ENABLED=true or DD_TRACE_CLIENT_IP_ENABLED=true) and is no longer exclusive to AppSec events. Moved it from GatewayBridge (where it was set only when security events fired) into HttpServerDecorator alongside http.client_ip, using the raw peer/socket IP.

Main changes:

  • dd-java-agent/appsec/src/main/java/com/datadog/appsec/gateway/GatewayBridge.java (older, appsec-only tagging)
  • dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/HttpServerDecorator.java (new tagging)
  • The rest is just small test updates, where dd-java-agent/instrumentation-testing/src/main/groovy/datadog/trace/agent/test/base/HttpServerTest.groovy is the one needing the most attention.

Motivation

Align with spec upgrades, in which network.client.ip becomes more broadly available, just as http.client_ip.

Additional Notes

  • Updated internal spec
  • New system tests: add test for network.client.ip tag system-tests#6707
  • actor.ip remains in AppSec as a deprecated backward-compatibility tag. It does not make sense to broaden it's support and should be scheduled for removal eventually.
  • This PR adds a few comments documenting incorrect behavior for peer IP address collection in Dropwizard and Play. Fixing that is out of the scope of this PR, but hopefully it is now more clear what's going on.
  • APPSEC-62219

Contributor Checklist

Jira ticket: [PROJ-IDENT]

Note: Once your PR is ready to merge, add it to the merge queue by commenting /merge. /merge -c cancels the queue request. /merge -f --reason "reason" skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see this doc.

@smola smola added type: enhancement Enhancements and improvements comp: core Tracer core tag: ai generated Largely based on code generated by an AI or LLM labels Apr 27, 2026
@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Apr 27, 2026
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master smola/network-client-ip
git_commit_date 1777386541 1777386629
git_commit_sha 1b63a9d c716c82
release_version 1.62.0-SNAPSHOT~1b63a9dfca 1.62.0-SNAPSHOT~c716c8233c
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1777388466 1777388466
ci_job_id 1638090325 1638090325
ci_pipeline_id 110162019 110162019
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-wlu5qfji 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-wlu5qfji 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 62 metrics, 9 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.62.0-SNAPSHOT~c716c8233c, baseline=1.62.0-SNAPSHOT~1b63a9dfca

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.07 s) : 0, 1069596
Total [baseline] (8.878 s) : 0, 8878393
Agent [candidate] (1.063 s) : 0, 1063233
Total [candidate] (8.844 s) : 0, 8843917
section iast
Agent [baseline] (1.248 s) : 0, 1248409
Total [baseline] (9.521 s) : 0, 9520640
Agent [candidate] (1.243 s) : 0, 1242667
Total [candidate] (9.52 s) : 0, 9519703
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.07 s -
Agent iast 1.248 s 178.813 ms (16.7%)
Total tracing 8.878 s -
Total iast 9.521 s 642.247 ms (7.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.063 s -
Agent iast 1.243 s 179.433 ms (16.9%)
Total tracing 8.844 s -
Total iast 9.52 s 675.786 ms (7.6%) 
gantt
    title insecure-bank - break down per module: candidate=1.62.0-SNAPSHOT~c716c8233c, baseline=1.62.0-SNAPSHOT~1b63a9dfca

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.245 ms) : 0, 1245
crashtracking [candidate] (1.226 ms) : 0, 1226
BytebuddyAgent [baseline] (640.361 ms) : 0, 640361
BytebuddyAgent [candidate] (635.409 ms) : 0, 635409
AgentMeter [baseline] (29.443 ms) : 0, 29443
AgentMeter [candidate] (29.478 ms) : 0, 29478
GlobalTracer [baseline] (248.979 ms) : 0, 248979
GlobalTracer [candidate] (249.017 ms) : 0, 249017
AppSec [baseline] (32.851 ms) : 0, 32851
AppSec [candidate] (32.719 ms) : 0, 32719
Debugger [baseline] (60.075 ms) : 0, 60075
Debugger [candidate] (59.897 ms) : 0, 59897
Remote Config [baseline] (604.555 µs) : 0, 605
Remote Config [candidate] (606.49 µs) : 0, 606
Telemetry [baseline] (10.65 ms) : 0, 10650
Telemetry [candidate] (8.429 ms) : 0, 8429
Flare Poller [baseline] (9.136 ms) : 0, 9136
Flare Poller [candidate] (10.501 ms) : 0, 10501
section iast
crashtracking [baseline] (1.235 ms) : 0, 1235
crashtracking [candidate] (1.228 ms) : 0, 1228
BytebuddyAgent [baseline] (829.092 ms) : 0, 829092
BytebuddyAgent [candidate] (822.922 ms) : 0, 822922
AgentMeter [baseline] (11.291 ms) : 0, 11291
AgentMeter [candidate] (11.291 ms) : 0, 11291
GlobalTracer [baseline] (236.964 ms) : 0, 236964
GlobalTracer [candidate] (237.689 ms) : 0, 237689
IAST [baseline] (28.249 ms) : 0, 28249
IAST [candidate] (29.782 ms) : 0, 29782
AppSec [baseline] (31.165 ms) : 0, 31165
AppSec [candidate] (29.594 ms) : 0, 29594
Debugger [baseline] (62.396 ms) : 0, 62396
Debugger [candidate] (62.423 ms) : 0, 62423
Remote Config [baseline] (521.661 µs) : 0, 522
Remote Config [candidate] (533.236 µs) : 0, 533
Telemetry [baseline] (7.933 ms) : 0, 7933
Telemetry [candidate] (7.874 ms) : 0, 7874
Flare Poller [baseline] (3.362 ms) : 0, 3362
Flare Poller [candidate] (3.357 ms) : 0, 3357
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.62.0-SNAPSHOT~c716c8233c, baseline=1.62.0-SNAPSHOT~1b63a9dfca

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.072 s) : 0, 1071894
Total [baseline] (11.102 s) : 0, 11101628
Agent [candidate] (1.064 s) : 0, 1064395
Total [candidate] (11.062 s) : 0, 11062175
section appsec
Agent [baseline] (1.268 s) : 0, 1268461
Total [baseline] (11.023 s) : 0, 11023323
Agent [candidate] (1.275 s) : 0, 1275478
Total [candidate] (11.114 s) : 0, 11114470
section iast
Agent [baseline] (1.252 s) : 0, 1252477
Total [baseline] (11.3 s) : 0, 11300279
Agent [candidate] (1.246 s) : 0, 1245969
Total [candidate] (11.366 s) : 0, 11366262
section profiling
Agent [baseline] (1.196 s) : 0, 1196227
Total [baseline] (10.971 s) : 0, 10970526
Agent [candidate] (1.194 s) : 0, 1194377
Total [candidate] (10.994 s) : 0, 10994274
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.072 s -
Agent appsec 1.268 s 196.567 ms (18.3%)
Agent iast 1.252 s 180.582 ms (16.8%)
Agent profiling 1.196 s 124.332 ms (11.6%)
Total tracing 11.102 s -
Total appsec 11.023 s -78.305 ms (-0.7%)
Total iast 11.3 s 198.651 ms (1.8%)
Total profiling 10.971 s -131.102 ms (-1.2%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.064 s -
Agent appsec 1.275 s 211.083 ms (19.8%)
Agent iast 1.246 s 181.574 ms (17.1%)
Agent profiling 1.194 s 129.982 ms (12.2%)
Total tracing 11.062 s -
Total appsec 11.114 s 52.295 ms (0.5%)
Total iast 11.366 s 304.087 ms (2.7%)
Total profiling 10.994 s -67.901 ms (-0.6%) 
gantt
    title petclinic - break down per module: candidate=1.62.0-SNAPSHOT~c716c8233c, baseline=1.62.0-SNAPSHOT~1b63a9dfca

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.234 ms) : 0, 1234
crashtracking [candidate] (1.232 ms) : 0, 1232
BytebuddyAgent [baseline] (641.294 ms) : 0, 641294
BytebuddyAgent [candidate] (635.381 ms) : 0, 635381
AgentMeter [baseline] (29.75 ms) : 0, 29750
AgentMeter [candidate] (29.395 ms) : 0, 29395
GlobalTracer [baseline] (250.715 ms) : 0, 250715
GlobalTracer [candidate] (249.009 ms) : 0, 249009
AppSec [baseline] (33.001 ms) : 0, 33001
AppSec [candidate] (32.612 ms) : 0, 32612
Debugger [baseline] (61.611 ms) : 0, 61611
Debugger [candidate] (60.492 ms) : 0, 60492
Remote Config [baseline] (590.007 µs) : 0, 590
Remote Config [candidate] (596.088 µs) : 0, 596
Telemetry [baseline] (9.138 ms) : 0, 9138
Telemetry [candidate] (9.199 ms) : 0, 9199
Flare Poller [baseline] (8.393 ms) : 0, 8393
Flare Poller [candidate] (10.475 ms) : 0, 10475
section appsec
crashtracking [baseline] (1.259 ms) : 0, 1259
crashtracking [candidate] (1.213 ms) : 0, 1213
BytebuddyAgent [baseline] (676.912 ms) : 0, 676912
BytebuddyAgent [candidate] (680.767 ms) : 0, 680767
AgentMeter [baseline] (12.192 ms) : 0, 12192
AgentMeter [candidate] (12.35 ms) : 0, 12350
GlobalTracer [baseline] (249.547 ms) : 0, 249547
GlobalTracer [candidate] (251.24 ms) : 0, 251240
IAST [baseline] (24.681 ms) : 0, 24681
IAST [candidate] (24.862 ms) : 0, 24862
AppSec [baseline] (185.502 ms) : 0, 185502
AppSec [candidate] (186.474 ms) : 0, 186474
Debugger [baseline] (65.231 ms) : 0, 65231
Debugger [candidate] (65.299 ms) : 0, 65299
Remote Config [baseline] (580.431 µs) : 0, 580
Remote Config [candidate] (581.812 µs) : 0, 582
Telemetry [baseline] (7.92 ms) : 0, 7920
Telemetry [candidate] (7.915 ms) : 0, 7915
Flare Poller [baseline] (7.907 ms) : 0, 7907
Flare Poller [candidate] (8.083 ms) : 0, 8083
section iast
crashtracking [baseline] (1.23 ms) : 0, 1230
crashtracking [candidate] (1.226 ms) : 0, 1226
BytebuddyAgent [baseline] (829.631 ms) : 0, 829631
BytebuddyAgent [candidate] (824.343 ms) : 0, 824343
AgentMeter [baseline] (11.378 ms) : 0, 11378
AgentMeter [candidate] (11.297 ms) : 0, 11297
GlobalTracer [baseline] (239.637 ms) : 0, 239637
GlobalTracer [candidate] (237.975 ms) : 0, 237975
IAST [baseline] (27.399 ms) : 0, 27399
IAST [candidate] (27.488 ms) : 0, 27488
AppSec [baseline] (31.665 ms) : 0, 31665
AppSec [candidate] (32.341 ms) : 0, 32341
Debugger [baseline] (63.374 ms) : 0, 63374
Debugger [candidate] (63.101 ms) : 0, 63101
Remote Config [baseline] (525.64 µs) : 0, 526
Remote Config [candidate] (523.12 µs) : 0, 523
Telemetry [baseline] (7.907 ms) : 0, 7907
Telemetry [candidate] (7.97 ms) : 0, 7970
Flare Poller [baseline] (3.406 ms) : 0, 3406
Flare Poller [candidate] (3.429 ms) : 0, 3429
section profiling
crashtracking [baseline] (1.186 ms) : 0, 1186
crashtracking [candidate] (1.185 ms) : 0, 1185
BytebuddyAgent [baseline] (698.055 ms) : 0, 698055
BytebuddyAgent [candidate] (697.705 ms) : 0, 697705
AgentMeter [baseline] (9.016 ms) : 0, 9016
AgentMeter [candidate] (8.978 ms) : 0, 8978
GlobalTracer [baseline] (209.881 ms) : 0, 209881
GlobalTracer [candidate] (209.169 ms) : 0, 209169
AppSec [baseline] (33.041 ms) : 0, 33041
AppSec [candidate] (32.906 ms) : 0, 32906
Debugger [baseline] (66.23 ms) : 0, 66230
Debugger [candidate] (66.113 ms) : 0, 66113
Remote Config [baseline] (587.339 µs) : 0, 587
Remote Config [candidate] (570.149 µs) : 0, 570
Telemetry [baseline] (8.135 ms) : 0, 8135
Telemetry [candidate] (8.056 ms) : 0, 8056
Flare Poller [baseline] (3.565 ms) : 0, 3565
Flare Poller [candidate] (3.517 ms) : 0, 3517
ProfilingAgent [baseline] (94.365 ms) : 0, 94365
ProfilingAgent [candidate] (94.331 ms) : 0, 94331
Profiling [baseline] (94.93 ms) : 0, 94930
Profiling [candidate] (94.898 ms) : 0, 94898
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master smola/network-client-ip
git_commit_date 1777386541 1777386629
git_commit_sha 1b63a9d c716c82
release_version 1.62.0-SNAPSHOT~1b63a9dfca 1.62.0-SNAPSHOT~c716c8233c
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1777388945 1777388945
ci_job_id 1638090327 1638090327
ci_pipeline_id 110162019 110162019
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-pa9eid4u 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-pa9eid4u 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 2 performance regressions! Performance is the same for 16 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast:high_load better
[-256.193µs; -82.077µs] or [-9.271%; -2.970%]		 unsure
[-606.131µs; -117.220µs] or [-7.677%; -1.485%]		 unstable
[-85.339op/s; +208.527op/s] or [-6.497%; +15.875%]		 2.594ms 7.534ms 1375.125op/s 2.763ms 7.896ms 1313.531op/s
scenario:load:insecure-bank:profiling:high_load better
[-190.669µs; -49.130µs] or [-10.149%; -2.615%]		 unstable
[-1220.835µs; -301.468µs] or [-20.947%; -5.173%]		 unstable
[-17.943op/s; +461.756op/s] or [-0.963%; +24.774%]		 1.759ms 5.067ms 2085.750op/s 1.879ms 5.828ms 1863.844op/s
scenario:load:petclinic:code_origins:high_load worse
[+0.809ms; +1.718ms] or [+4.664%; +9.905%]		 unsure
[+0.334ms; +1.867ms] or [+1.172%; +6.543%]		 unstable
[-41.474op/s; +10.974op/s] or [-15.760%; +4.170%]		 18.604ms 29.644ms 247.906op/s 17.341ms 28.543ms 263.156op/s
scenario:load:petclinic:appsec:high_load worse
[+0.688ms; +1.417ms] or [+3.709%; +7.639%]		 unsure
[+70.243µs; +1259.273µs] or [+0.230%; +4.131%]		 unstable
[-35.007op/s; +13.632op/s] or [-14.216%; +5.536%]		 19.597ms 31.152ms 235.562op/s 18.545ms 30.487ms 246.250op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~c716c8233c, baseline=1.62.0-SNAPSHOT~1b63a9dfca
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.354 ms) : 1339, 1368
.   : milestone, 1354,
iast (3.488 ms) : 3443, 3534
.   : milestone, 3488,
iast_FULL (5.993 ms) : 5932, 6053
.   : milestone, 5993,
iast_GLOBAL (3.707 ms) : 3648, 3765
.   : milestone, 3707,
profiling (2.436 ms) : 2412, 2460
.   : milestone, 2436,
tracing (1.886 ms) : 1871, 1901
.   : milestone, 1886,
section candidate
no_agent (1.23 ms) : 1219, 1241
.   : milestone, 1230,
iast (3.328 ms) : 3285, 3372
.   : milestone, 3328,
iast_FULL (5.964 ms) : 5904, 6025
.   : milestone, 5964,
iast_GLOBAL (3.719 ms) : 3656, 3781
.   : milestone, 3719,
profiling (2.169 ms) : 2149, 2189
.   : milestone, 2169,
tracing (1.947 ms) : 1930, 1963
.   : milestone, 1947,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.354 ms [1.339 ms, 1.368 ms] -
iast 3.488 ms [3.443 ms, 3.534 ms] 2.135 ms (157.7%)
iast_FULL 5.993 ms [5.932 ms, 6.053 ms] 4.639 ms (342.7%)
iast_GLOBAL 3.707 ms [3.648 ms, 3.765 ms] 2.353 ms (173.8%)
profiling 2.436 ms [2.412 ms, 2.46 ms] 1.083 ms (80.0%)
tracing 1.886 ms [1.871 ms, 1.901 ms] 532.754 µs (39.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.23 ms [1.219 ms, 1.241 ms] -
iast 3.328 ms [3.285 ms, 3.372 ms] 2.098 ms (170.6%)
iast_FULL 5.964 ms [5.904 ms, 6.025 ms] 4.734 ms (384.9%)
iast_GLOBAL 3.719 ms [3.656 ms, 3.781 ms] 2.489 ms (202.4%)
profiling 2.169 ms [2.149 ms, 2.189 ms] 939.066 µs (76.4%)
tracing 1.947 ms [1.93 ms, 1.963 ms] 716.588 µs (58.3%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~c716c8233c, baseline=1.62.0-SNAPSHOT~1b63a9dfca
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.857 ms) : 18667, 19046
.   : milestone, 18857,
appsec (18.955 ms) : 18761, 19148
.   : milestone, 18955,
code_origins (17.729 ms) : 17554, 17904
.   : milestone, 17729,
iast (18.118 ms) : 17935, 18301
.   : milestone, 18118,
profiling (17.966 ms) : 17790, 18141
.   : milestone, 17966,
tracing (17.937 ms) : 17762, 18112
.   : milestone, 17937,
section candidate
no_agent (18.072 ms) : 17890, 18254
.   : milestone, 18072,
appsec (19.814 ms) : 19613, 20016
.   : milestone, 19814,
code_origins (18.826 ms) : 18639, 19013
.   : milestone, 18826,
iast (18.458 ms) : 18270, 18645
.   : milestone, 18458,
profiling (18.134 ms) : 17953, 18315
.   : milestone, 18134,
tracing (18.077 ms) : 17895, 18258
.   : milestone, 18077,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.857 ms [18.667 ms, 19.046 ms] -
appsec 18.955 ms [18.761 ms, 19.148 ms] 98.297 µs (0.5%)
code_origins 17.729 ms [17.554 ms, 17.904 ms] -1.128 ms (-6.0%)
iast 18.118 ms [17.935 ms, 18.301 ms] -738.776 µs (-3.9%)
profiling 17.966 ms [17.79 ms, 18.141 ms] -890.555 µs (-4.7%)
tracing 17.937 ms [17.762 ms, 18.112 ms] -919.648 µs (-4.9%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.072 ms [17.89 ms, 18.254 ms] -
appsec 19.814 ms [19.613 ms, 20.016 ms] 1.742 ms (9.6%)
code_origins 18.826 ms [18.639 ms, 19.013 ms] 753.98 µs (4.2%)
iast 18.458 ms [18.27 ms, 18.645 ms] 385.427 µs (2.1%)
profiling 18.134 ms [17.953 ms, 18.315 ms] 61.751 µs (0.3%)
tracing 18.077 ms [17.895 ms, 18.258 ms] 4.562 µs (0.0%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master smola/network-client-ip
git_commit_date 1777386541 1777386629
git_commit_sha 1b63a9d c716c82
release_version 1.62.0-SNAPSHOT~1b63a9dfca 1.62.0-SNAPSHOT~c716c8233c
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1777388994 1777388994
ci_job_id 1638090338 1638090338
ci_pipeline_id 110162019 110162019
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-3p665bar 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-3p665bar 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~c716c8233c, baseline=1.62.0-SNAPSHOT~1b63a9dfca
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.453 s) : 15453000, 15453000
.   : milestone, 15453000,
appsec (14.74 s) : 14740000, 14740000
.   : milestone, 14740000,
iast (18.816 s) : 18816000, 18816000
.   : milestone, 18816000,
iast_GLOBAL (17.701 s) : 17701000, 17701000
.   : milestone, 17701000,
profiling (15.067 s) : 15067000, 15067000
.   : milestone, 15067000,
tracing (14.797 s) : 14797000, 14797000
.   : milestone, 14797000,
section candidate
no_agent (15.426 s) : 15426000, 15426000
.   : milestone, 15426000,
appsec (14.719 s) : 14719000, 14719000
.   : milestone, 14719000,
iast (18.47 s) : 18470000, 18470000
.   : milestone, 18470000,
iast_GLOBAL (17.922 s) : 17922000, 17922000
.   : milestone, 17922000,
profiling (15.512 s) : 15512000, 15512000
.   : milestone, 15512000,
tracing (14.74 s) : 14740000, 14740000
.   : milestone, 14740000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.453 s [15.453 s, 15.453 s] -
appsec 14.74 s [14.74 s, 14.74 s] -713.0 ms (-4.6%)
iast 18.816 s [18.816 s, 18.816 s] 3.363 s (21.8%)
iast_GLOBAL 17.701 s [17.701 s, 17.701 s] 2.248 s (14.5%)
profiling 15.067 s [15.067 s, 15.067 s] -386.0 ms (-2.5%)
tracing 14.797 s [14.797 s, 14.797 s] -656.0 ms (-4.2%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.426 s [15.426 s, 15.426 s] -
appsec 14.719 s [14.719 s, 14.719 s] -707.0 ms (-4.6%)
iast 18.47 s [18.47 s, 18.47 s] 3.044 s (19.7%)
iast_GLOBAL 17.922 s [17.922 s, 17.922 s] 2.496 s (16.2%)
profiling 15.512 s [15.512 s, 15.512 s] 86.0 ms (0.6%)
tracing 14.74 s [14.74 s, 14.74 s] -686.0 ms (-4.4%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~c716c8233c, baseline=1.62.0-SNAPSHOT~1b63a9dfca
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.483 ms) : 1471, 1495
.   : milestone, 1483,
appsec (3.805 ms) : 3584, 4026
.   : milestone, 3805,
iast (2.268 ms) : 2198, 2337
.   : milestone, 2268,
iast_GLOBAL (2.322 ms) : 2251, 2392
.   : milestone, 2322,
profiling (2.098 ms) : 2043, 2153
.   : milestone, 2098,
tracing (2.071 ms) : 2018, 2124
.   : milestone, 2071,
section candidate
no_agent (1.484 ms) : 1472, 1496
.   : milestone, 1484,
appsec (3.805 ms) : 3581, 4028
.   : milestone, 3805,
iast (2.273 ms) : 2203, 2343
.   : milestone, 2273,
iast_GLOBAL (2.314 ms) : 2244, 2385
.   : milestone, 2314,
profiling (2.096 ms) : 2041, 2150
.   : milestone, 2096,
tracing (2.068 ms) : 2014, 2121
.   : milestone, 2068,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.483 ms [1.471 ms, 1.495 ms] -
appsec 3.805 ms [3.584 ms, 4.026 ms] 2.322 ms (156.5%)
iast 2.268 ms [2.198 ms, 2.337 ms] 784.76 µs (52.9%)
iast_GLOBAL 2.322 ms [2.251 ms, 2.392 ms] 838.477 µs (56.5%)
profiling 2.098 ms [2.043 ms, 2.153 ms] 614.693 µs (41.4%)
tracing 2.071 ms [2.018 ms, 2.124 ms] 588.08 µs (39.7%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.484 ms [1.472 ms, 1.496 ms] -
appsec 3.805 ms [3.581 ms, 4.028 ms] 2.321 ms (156.4%)
iast 2.273 ms [2.203 ms, 2.343 ms] 788.966 µs (53.2%)
iast_GLOBAL 2.314 ms [2.244 ms, 2.385 ms] 830.209 µs (55.9%)
profiling 2.096 ms [2.041 ms, 2.15 ms] 611.546 µs (41.2%)
tracing 2.068 ms [2.014 ms, 2.121 ms] 583.754 µs (39.3%)

@smola smola force-pushed the smola/network-client-ip branch 4 times, most recently from 4e0646d to 21b2fc1 Compare April 28, 2026 07:03
@smola
Move network.client.ip out of AppSec into HttpServerDecorator
c716c82 
network.client.ip now shares the same activation logic as http.client_ip
(DD_APPSEC_ENABLED or DD_TRACE_CLIENT_IP_ENABLED) and is no longer
exclusive to AppSec events. Move it from GatewayBridge (where it was
set only when security events fired) into HttpServerDecorator alongside
http.client_ip, using the raw peer/socket IP.

actor.ip remains in AppSec as a deprecated backward-compatibility tag.
@smola smola force-pushed the smola/network-client-ip branch from 21b2fc1 to c716c82 Compare April 28, 2026 14:30
@smola smola marked this pull request as ready for review April 28, 2026 15:38
@smola smola requested review from a team as code owners April 28, 2026 15:38
@smola smola requested review from jandro996, manuel-alvarez-alvarez and mtoffl01 and removed request for a team April 28, 2026 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

@jandro996 jandro996 Awaiting requested review from jandro996 jandro996 is a code owner automatically assigned from DataDog/asm-java

@mtoffl01 mtoffl01 Awaiting requested review from mtoffl01 mtoffl01 is a code owner automatically assigned from DataDog/apm-sdk-capabilities-java

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

comp: core Tracer core tag: ai generated Largely based on code generated by an AI or LLM type: enhancement Enhancements and improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@smola