David Stevens/Beaverton/IBM wrote on 03/22/2012 08:10:44 PM:

> From: David Stevens/Beaverton/IBM
> To: Stefan Berger/Watson/IBM
> Cc: Eric Blake <eblake@redhat.com>, libvir-list@redhat.com
> Date: 03/22/2012 08:10 PM
> Subject: Re: [libvirt] [libvirt PATCHv6 1/1] add DHCP snooping
>
> Stefan Berger/Watson/IBM wrote on 03/22/2012 05:00:45 PM:
>
> > Maybe we should go with the previous code from a while ago which was
> > setting a flag for the thread to die. It caused other work-arounds
> > to become necessary but at least we don't have to deal with possibly
> > async. deaths of threads holding locks.
>
> Yes, I have in mind a way to do this now that should keep the
> simplicity and still not use signals. I'll try this out and
> repost.
>

Ok.
An idea may be that the threat has to 'find' its snoop request in a global list every time it processes a packet. Once it cannot find it anymore, it dies. Removing the request from the global list would be the way to terminate the threat. Also, it would have to hold a look to the snoop request while it does anything else than waiting for packets in the pcap library.

   Stefan