Sysdig capture running endless while using filters

[Sarang-Sangram]

While running the sysdig capture without any filters the -M time value is picked up correctly and ends after the time specified time

[root@host2 bin]# sysdig -w my-sysdig.scap.gz -M 10 -z
[root@host2 bin]# ls
kubectl-capture  my-sysdig.scap.gz 

But if I am using filters it just runs endless and require me to send the break single to end it

[root@host2 bin]# sysdig "container.name contains test-container" -w my-sysdig.scap.gz -M 10 -z
^C[root@host2 bin]# 

[kristopolous]

right the timing check happens after the filter so it'd run until the filter is matched. It could be moved up at a non-zero but ultimately meaningless cost. The real skill here would be to try to do it at almost no cost.

The other "bug" in the current implementation is the reference time stamp isn't set until the first matched packet. I call it a "bug" in quotes here because "capture for n seconds after the first match" is useful and it's what it currently does under these constraints.

So I guess the way to maintain this albeit undocumented backward compatibility would be to make the timer still start on first match and the capture stop after the time lapse.

I'll do a PR that does this "at cost" - at a likely unmeasurable overhead and hopefully we'll be good to go.

[kristopolous]

so i've got two options for PRs to fix the issue. I like the second one myself - it's a stronger offering and maintains full backwards compatibility.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.