fix the parsing of addr

[AsafEitani]

fix #1260

[yanivagman]

most likely related to #988

[simar7]

Data point: Just loaded a fresh Tracee and I think the issue is still there.

tracee@e568d7d2e632[/tracee]$ sudo ./dist/tracee-ebpf \
  -o format:json \
  -o option:parse-arguments \
  --trace comm=bash \
  --trace follow \
  --trace event!='sched*' | \
  ./dist/tracee-rules \
  --input-tracee file:stdin \
  --input-tracee format:json
Loaded 14 signature(s): [TRC-1 TRC-13 TRC-2 TRC-14 TRC-3 TRC-11 TRC-9 TRC-4 TRC-5 TRC-12 TRC-8 TRC-6 TRC-10 TRC-7]
2022/04/13 21:01:31 error handling event by signature Standard Input/Output Over Socket: couldn't convert arg to addr
2022/04/13 21:01:31 error handling event by signature Standard Input/Output Over Socket: couldn't convert arg to addr
2022/04/13 21:01:31 error handling event by signature Standard Input/Output Over Socket: couldn't convert arg to addr
2022/04/13 21:01:31 error handling event by signature Standard Input/Output Over Socket: couldn't convert arg to addr

The trigger was me ssh-ing into the VM.

[rafaeldtinoco]

I'm moving this to draft and stale status until this is re-worked/re-discussed.

[yanivagman]

@AsafEitani I see that @NDStrahilevitz is making changes in SockAddr parsing logic. Do you still want to keep this PR opened or can we close it?

[AsafEitani]

Old PR