-
Notifications
You must be signed in to change notification settings - Fork 730
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sysdig capture running endless while using filters #1696
Comments
right the timing check happens after the filter so it'd run until the filter is matched. It could be moved up at a non-zero but ultimately meaningless cost. The real skill here would be to try to do it at almost no cost. The other "bug" in the current implementation is the reference time stamp isn't set until the first matched packet. I call it a "bug" in quotes here because "capture for n seconds after the first match" is useful and it's what it currently does under these constraints. So I guess the way to maintain this albeit undocumented backward compatibility would be to make the timer still start on first match and the capture stop after the time lapse. I'll do a PR that does this "at cost" - at a likely unmeasurable overhead and hopefully we'll be good to go. |
The timeout check was being after packets were filtered meaning that a timeout could possibly never be observed. This was changed so the timeout check could be triggered by any event, not just ones matching the filter. Also, the start of the timer was being triggered by the first matched event. This is a useful yet previously undocumented behavior so it has been preserved and documented in the help text.
The timeout check was being after packets were filtered meaning that a timeout could possibly never be observed. This was changed to introduce an optional system that allows people to specify whether they want the clock to be triggered by any packet (a) or a filtered match (f). They can specify this optionally after the -M argument. If a user uses a number with no argument, backwards compatibility is maintained (which is 'ff'). Otherwise they can specify either 1 or 2 letters such as, for example "15aa" or "12af" or just "11a". The help text has been modified to talk about these new options.
The timeout check was being after packets were filtered meaning that a timeout could possibly never be observed. This was changed to introduce an optional system that allows people to specify whether they want the clock to be triggered by any packet (a) or a filtered match (f). They can specify this optionally after the -M argument. If a user uses a number with no argument, backwards compatibility is maintained (which is 'ff'). Otherwise they can specify either 1 or 2 letters such as, for example "15aa" or "12af" or just "11a". The help text has been modified to talk about these new options.
The timeout check was being after packets were filtered meaning that a timeout could possibly never be observed. This was changed to introduce an optional system that allows people to specify whether they want the clock to be triggered by any packet (a) or a filtered match (f). They can specify this optionally after the -M argument. If a user uses a number with no argument, backwards compatibility is maintained (which is 'ff'). Otherwise they can specify either 1 or 2 letters such as, for example "15aa" or "12af" or just "11a". The help text has been modified to talk about these new options.
The timeout check was being after packets were filtered meaning that a timeout could possibly never be observed. This was changed so the timeout check could be triggered by any event, not just ones matching the filter. Also, the start of the timer was being triggered by the first matched event. This is a useful yet previously undocumented behavior so it has been preserved and documented in the help text.
so i've got two options for PRs to fix the issue. I like the second one myself - it's a stronger offering and maintains full backwards compatibility. |
The timeout check was being after packets were filtered meaning that a timeout could possibly never be observed. This was changed to introduce an optional system that allows people to specify whether they want the clock to be triggered by any packet (a) or a filtered match (f). They can specify this optionally after the -M argument. If a user uses a number with no argument, backwards compatibility is maintained (which is 'ff'). Otherwise they can specify either 1 or 2 letters such as, for example "15aa" or "12af" or just "11a". The help text has been modified to talk about these new options.
The timeout check was being after packets were filtered meaning that a timeout could possibly never be observed. This was changed to introduce an optional system that allows people to specify whether they want the clock to be triggered by any packet (a) or a filtered match (f). They can specify this optionally after the -M argument. If a user uses a number with no argument, backwards compatibility is maintained (which is 'ff'). Otherwise they can specify either 1 or 2 letters such as, for example "15aa" or "12af" or just "11a". The help text has been modified to talk about these new options.
The timeout check was being after packets were filtered meaning that a timeout could possibly never be observed. This was changed to introduce an optional system that allows people to specify whether they want the clock to be triggered by any packet (a) or a filtered match (f). They can specify this optionally after the -M argument. If a user uses a number with no argument, backwards compatibility is maintained (which is 'ff'). Otherwise they can specify either 1 or 2 letters such as, for example "15aa" or "12af" or just "11a". The help text has been modified to talk about these new options. sysdig-CLA-1.0-signed-off-by: Christopher McKenzie <kristopolous@yahoo.com>
The timeout check was being after packets were filtered meaning that a timeout could possibly never be observed. This was changed so the timeout check could be triggered by any event, not just ones matching the filter. Also, the start of the timer was being triggered by the first matched event. This is a useful yet previously undocumented behavior so it has been preserved and documented in the help text. sysdig-CLA-1.0-signed-off-by: Christopher McKenzie <kristopolous@yahoo.com>
The timeout check was being triggered only after filtered events thus a timeout could possibly never be observed. This was changed so the timeout check could be triggered by any event, not just ones matching the filter. Also, the start of the timer was being triggered by the first matched event. This is a useful yet previously undocumented behavior so it has been preserved and documented in the help text. sysdig-CLA-1.0-signed-off-by: Christopher McKenzie <kristopolous@yahoo.com>
The timeout check was being triggered only by filter-matched events which meant a timeout could possibly never be observed. This was changed to introduce an optional system that allows people to specify whether they want the clock to be triggered by any packet (a) or a filtered match (f). They can specify this optionally after the -M argument. If a user uses a number with no argument, backwards compatibility is maintained (which is 'ff'). Otherwise they can specify either 1 or 2 letters such as, for example "15aa" or "12af" or just "11a". The help text has been modified to talk about these new options. sysdig-CLA-1.0-signed-off-by: Christopher McKenzie <kristopolous@yahoo.com>
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
While running the sysdig capture without any filters the -M time value is picked up correctly and ends after the time specified time
But if I am using filters it just runs endless and require me to send the break single to end it
The text was updated successfully, but these errors were encountered: