search

mozillazg / ptcpdump

Process-aware, eBPF-based tcpdump
MIT License
486 stars 38 forks source link

[Feature Request] Follow fork flag #14

Closed halfcrazy closed 5 months ago

halfcrazy commented 5 months ago

Like what strace works. https://man7.org/linux/man-pages/man1/strace.1.html

-f --follow-forks Trace child processes as they are created by currently traced processes as a result of the fork(2), vfork(2) and clone(2) system calls. Note that -p PID -f will attach all threads of process PID if it is multi-threaded, not only thread with thread_id = PID.

Example test.sh

curl https://baidu.com
curl https://qq.com