[libvirt] [libvirt PATCHv6 1/1] add DHCP snooping

[David Stevens]

Stefan Berger/Watson/IBM wrote on 03/22/2012 05:33:41 PM:

> 
> Ok.
> An idea may be that the threat has to 'find' its snoop request in a 
> global list every time it processes a packet. Once it cannot find it
> anymore, it dies. Removing the request from the global list would be
> the way to terminate the threat. Also, it would have to hold a look 
> to the snoop request while it does anything else than waiting for 
> packets in the pcap library.

        Actually, that's exactly what I was going to do -- a hash list
of valid threads and exit if it isn't in the list; then still remove
the req's and free them as the current code does, which means they
won't interfere with each other, but the cancel code can be separated,
in the same place, but synchronous with no signal; Thread management
independent of req management.

                                                        +_DLS