mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

build parent process hierarchy of already running processes

Browse source 
We build the parent process tree of a process when it's executed
for the first time.
Now we also build the tree when an already running process opens a new
outbound connection by the first time.
This commit is contained in:
Gustavo Iñiguez Goia 2024-04-30 23:26:47 +02:00
parent 0a911ef791
commit be87bc538e
Failed to generate hash of commit
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
daemon/procmon/ebpf/find.go
View file

@ -180,6 +180,7 @@ func findConnProcess(value *networkEventT, connKey string) (proc *procmon.Proces
proc = procmon.NewProcess(int(value.Pid), comm) proc = procmon.NewProcess(int(value.Pid), comm)
proc.UID = int(value.UID) proc.UID = int(value.UID)
procmon.EventsCache.Add(proc) procmon.EventsCache.Add(proc)
procmon.EventsCache.Update(proc, nil)
log.Debug("[ebpf conn] not in cache, NOR in execEvents: %s, %d -> %s -> %s", connKey, proc.ID, proc.Path, proc.Args) log.Debug("[ebpf conn] not in cache, NOR in execEvents: %s, %d -> %s -> %s", connKey, proc.ID, proc.Path, proc.Args)
return return