From ee9bccf1ca3c97352dab78ef092618cfd3d17eea Mon Sep 17 00:00:00 2001
From: Jason Dellaluce <jasondellaluce@gmail.com>
Date: Tue, 2 Jan 2024 19:21:36 +0000
Subject: [PATCH] fix(userspace/libsinsp): consistent thread info filtering
 while dumping

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
---
 userspace/libsinsp/sinsp.cpp      | 22 ++++++++++++++++++++--
 userspace/libsinsp/threadinfo.cpp |  1 +
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/userspace/libsinsp/sinsp.cpp b/userspace/libsinsp/sinsp.cpp
index afa73b0122..32864bc4f6 100644
--- a/userspace/libsinsp/sinsp.cpp
+++ b/userspace/libsinsp/sinsp.cpp
@@ -974,8 +974,26 @@ void sinsp::on_new_entry_from_proc(void* context,
 		{
 			if(m_filter != nullptr && is_capture())
 			{
-				// we'll run the filter when we see the fds and possibly clear the filtered_out flag
-				newti->m_filtered_out = true;
+				scap_evt tscapevt;
+				tscapevt.tid = tid;
+				tscapevt.ts = 0;
+				tscapevt.type = PPME_SYSCALL_READ_X;
+				tscapevt.len = 0;
+				tscapevt.nparams = 0;
+
+				auto tinfo = find_thread(tid, true);
+				sinsp_evt tevt;
+				tevt.m_pevt = &tscapevt;
+				tevt.m_inspector = this;
+				tevt.m_info = &(g_infotables.m_event_info[PPME_SYSCALL_READ_X]);
+				tevt.m_cpuid = 0;
+				tevt.m_evtnum = 0;
+				tevt.m_tinfo = tinfo.get();
+				tevt.m_fdinfo = NULL;
+				tinfo->m_lastevent_fd = -1;
+				tinfo->m_lastevent_data = NULL;
+
+				tinfo->m_filtered_out = !m_filter->run(&tevt);
 			}
 
 			// we shouldn't see any fds yet
diff --git a/userspace/libsinsp/threadinfo.cpp b/userspace/libsinsp/threadinfo.cpp
index 4156b1f713..e4dc1d2b39 100644
--- a/userspace/libsinsp/threadinfo.cpp
+++ b/userspace/libsinsp/threadinfo.cpp
@@ -144,6 +144,7 @@ void sinsp_threadinfo::init()
 	m_exe_ino_mtime = 0;
 	m_exe_ino_ctime_duration_clone_ts = 0;
 	m_exe_ino_ctime_duration_pidns_start = 0;
+	m_filtered_out = false;
 
 	memset(&m_user, 0, sizeof(scap_userinfo));
 	memset(&m_group, 0, sizeof(scap_groupinfo));