Hi,
In capture.c, when the parent needs to stop the child, it executes a TerminateProcess; there is a comment saying that this is not a good way to do it, since it forcefully terminates the process.
I've introduced a shared event between both processes, by which the parent can tell the child to stop; the child then sets ld.go to false and stops things orderly. I've put it both in capture_stop and in kill_capture_child and it seems to work OK; however, the later uses SIGTERM in unix and this seems to be more similar to an immediate ExitProcess in the child, which might be a better option.
I'm thinking on using events -which I suppose would translate to signals in unix- to be able to pause a capture, and to restart it -i.e. to use a new temporary file- without killing and respawning the child process, which takes quite long; however, I have been reading the thread on security where the possibility of changing the capturer into a smaller priviledged process has been commented, and this might make the effort useless. Is there a decision on whether this is going to be implemented?
I am sending this as a diff file I hope can be read. It looks similar to the patches I have seen in the list.
<<capture.diff>>
Regards,
Francisco
Attachment:
capture.diff
Description: Binary data
