On Mon, Mar 09, 2015 at 02:39:20PM -0700, Guy Harris wrote:
>
> On Mar 9, 2015, at 1:32 PM, Peter Wu <peter@xxxxxxxxxxxxx> wrote:
>
> > As far as I know, you can only have one open capture file. Correct me if
> > I am wrong.
>
> That's currently the case, but let's not wire that assumption in; a
> "proper" OS X app would use one UI process for all open files.
Yes, this is the status quo but it would indeed nice to let one process
load many files to reduce startup time and memory footprint.
> (We might implement that by moving packet dissection to separate
> processes, one process for each open file, so that we don't have to
> make per-file private data; we might also, at least on some platforms,
> be able to sandbox the dissection processes, so that, for example, any
> file opening they do must be done for them by the main process, which
> would only allow opening selected files, such as files in the
> preferences directory.)
Coincidentally I have been thinking about using seccomp on Linux (after
reading comments on this LWN page[1]). There are problematic dissectors
such as SSL which may have to read key log files, dissectors needing
name resolution and others, but it is an interesting idea to explore.
Oh, and plugins / statistics will also be more difficult, but it has to
start somewhere.
A file dissector (PNG?) or the logcat format are probably candidates to
start testing as there are no other layers.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
[1]: https://lwn.net/Vulnerabilities/630471/