From be87bc538e201e866f02b236b9de5daa79ace3fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gustavo=20I=C3=B1iguez=20Goia?= <gooffy1@gmail.com>
Date: Tue, 30 Apr 2024 23:26:47 +0200
Subject: [PATCH] build parent process hierarchy of already running processes

We build the parent process tree of a process when it's executed
for the first time.
Now we also build the tree when an already running process opens a new
outbound connection by the first time.
---
 daemon/procmon/ebpf/find.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/daemon/procmon/ebpf/find.go b/daemon/procmon/ebpf/find.go
index 0890e1c3..b3856906 100644
--- a/daemon/procmon/ebpf/find.go
+++ b/daemon/procmon/ebpf/find.go
@@ -180,6 +180,7 @@ func findConnProcess(value *networkEventT, connKey string) (proc *procmon.Proces
 	proc = procmon.NewProcess(int(value.Pid), comm)
 	proc.UID = int(value.UID)
 	procmon.EventsCache.Add(proc)
+	procmon.EventsCache.Update(proc, nil)
 	log.Debug("[ebpf conn] not in cache, NOR in execEvents: %s, %d -> %s -> %s", connKey, proc.ID, proc.Path, proc.Args)
 
 	return