Home page logo
/

wireshark logo Wireshark mailing list archives

Re: Enabling linux kernel jit compiler from dumpcap?
From: Bálint Réczey <balint () balintreczey hu>
Date: Fri, 23 Aug 2013 14:23:19 +0200

2013/8/23 Anders Broman <anders.broman () ericsson com>:


-----Original Message-----
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Bálint 
Réczey
Sent: den 23 augusti 2013 12:59
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

2013/8/23 Anders Broman <anders.broman () ericsson com>:
before we change it, should we remember the previous setting and restore it when dumpcap exits?

Preferably yes but I'm not sure it's possible as I think root
privileges are required to write to the file and I think dumpcap Drops those after starting to capture.
And in the configuration the documentation recommends dumpcap does not run as root, it has permission to capture only.

Cheers,
Balint

That's kind of my point after all these years this is still not used by every one.
If you mean there are people not reading the documentation, this is expected.
Why would they read the documentation if Wireshark works well enough for them?
No one reads all the documentation for all their software.

When one executes Wireshark as root on Linux a bit warning points her/him to the
documentation explaining why it is a bad idea.
IMO running Wireshark as root or not running it as root makes a
difference for people
regarding security. Since Wireshark is a widely known and respected
security related
software we can't leave people uninformed in this aspect.

IMO enabling JIT is a way different case. 99% of the users won't
notice any difference
since AFAIK BPF execution is already fast enough to not be a
bottleneck for casual
network monitoring and the network professionals who need top
performance are expected
to read the documentation anyway and/or expected to know about BPF JIT already.

I suggest reverting the recent JIT related patches and mentioning BPF
JIT in the User Guide.
I think having or not having JIT enabled would not affect enough
people to warrant a note on the
welcome screen.
I have attached a patch for the documentation.

Maybe working with the kernel developers to enable BPF JIT by default
would also be useful.

Cheers,
Balint



Regards
Anders

-----Original Message-----
From: wireshark-dev-bounces () wireshark org
[mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Martin
Kaiser
Sent: den 23 augusti 2013 10:36
To: wireshark-dev () wireshark org
Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

before we change it, should we remember the previous setting and restore it when dumpcap exits?

Thus wrote Anders Broman (a.broman () bredband net):

Bálint Réczey skrev 2013-08-22 23:02:
Hi,

I would be happier if the applications I run did not change kernel
configuration without my consent.
I see your point...

Regarding Wireshark I would prefer suggesting "echo 1 >
/proc/sys/net/core/bpf_jit_enable" in the documentation instead of
adding code to enable JIT.
There may be good reasons for not enabling it by default in the Linux kernel.
The problematic thing is that people seldom reads the documentation,
the setting gets reset at a reboot and it's easy to forget to
re-enable it. The ideal thing would be if dumpcap
- Had a preference/command line flag whether to use JIT or not.
- If told to use it check if it was enabled or not used JIT and put
it back to zero if not set when starting.
Wireshark could then default to use JIT and some warnings could be
displayed in the welcome screen and in dumpcaps help output.

netsniff-ng activates it by default it seems.
Regards
Anders

Cheers,
Balint

2013/8/22 Anders Broman <a.broman () bredband net>:
Guy Harris skrev 2013-08-22 18:16:

On Aug 22, 2013, at 4:46 AM, Anders Broman
<anders.broman () ericsson com>
wrote:

Should we add code to enable the JIT compiler from dumpcap?
Should I add code to enable the JIT compiler to libpcap while I'm at it?

Should the Linux kernel folks enable it by default?

I'm inclined to answer "yes" to all three questions.  I think the
FreeBSD JIT compiler is enabled by default.  I'm surprised that the Linux one isn't.
I checked in the dumpcap code. I agree that it might be useful in
libpcap too, root privileges are required to change it I think. and
Yes

I'm surprised that the Linux one isn't
Regards
Anders

Attachment: 0001-Mention-BPF-JIT-in-User-Guide.patch
Description:

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]