-----Original Message----- From: rbal...@gmail.com [mailto:rbal...@gmail.com] On Behalf Of Bálint Réczey Sent: den 23 augusti 2013 14:23 To: Anders Broman Cc: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
2013/8/23 Anders Broman <anders.bro...@ericsson.com>: > > > -----Original Message----- > From: wireshark-dev-boun...@wireshark.org > [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Bálint > Réczey > Sent: den 23 augusti 2013 12:59 > To: Developer support list for Wireshark >> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? >> >> 2013/8/23 Anders Broman <anders.bro...@ericsson.com>: >>>> before we change it, should we remember the previous setting and restore >>>> it when dumpcap exits? >>> >>> Preferably yes but I'm not sure it's possible as I think root >>> privileges are required to write to the file and I think dumpcap Drops >>> those after starting to capture. >> And in the configuration the documentation recommends dumpcap does not run >> as root, it has permission to capture only. >> >> Cheers, >> Balint >> >> That's kind of my point after all these years this is still not used by >> every one. >If you mean there are people not reading the documentation, this is expected. >Why would they read the documentation if Wireshark works well enough for them? >No one reads all the documentation for all their software. > >When one executes Wireshark as root on Linux a bit warning points her/him to >the documentation explaining why it is a bad idea. >IMO running Wireshark as root or not running it as root makes a difference for >people regarding security. Since Wireshark is a widely known and respected >>security related software we can't leave people uninformed in this aspect. > >IMO enabling JIT is a way different case. 99% of the users won't notice any >difference since AFAIK BPF execution is already fast enough to not be a >>bottleneck for casual network monitoring and the network professionals who >need top performance are expected to read the documentation anyway >and/or >expected to know about BPF JIT already. > >I suggest reverting the recent JIT related patches and mentioning BPF JIT in >the User Guide. >I think having or not having JIT enabled would not affect enough people to >warrant a note on the welcome screen. >I have attached a patch for the documentation. Thank you that will be useful in any case. How about having it as a command line option? See sample code. Does anyone else have an opinion? >Maybe working with the kernel developers to enable BPF JIT by default would >also be useful. Not sure how to do that. > >> >> Regards >> Anders >> >> -----Original Message----- >> From: wireshark-dev-boun...@wireshark.org >> [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Martin >> Kaiser >> Sent: den 23 augusti 2013 10:36 >> To: wireshark-dev@wireshark.org >> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? >> >> before we change it, should we remember the previous setting and restore it >> when dumpcap exits? >> >> Thus wrote Anders Broman (a.bro...@bredband.net): >> >>> Bálint Réczey skrev 2013-08-22 23:02: >>>> Hi, >> >>>> I would be happier if the applications I run did not change kernel >>>> configuration without my consent. >>> I see your point... >> >>>> Regarding Wireshark I would prefer suggesting "echo 1 > >>>> /proc/sys/net/core/bpf_jit_enable" in the documentation instead of >>>> adding code to enable JIT. >>>> There may be good reasons for not enabling it by default in the Linux >>>> kernel. >>> The problematic thing is that people seldom reads the documentation, >>> the setting gets reset at a reboot and it's easy to forget to >>> re-enable it. The ideal thing would be if dumpcap >>> - Had a preference/command line flag whether to use JIT or not. >>> - If told to use it check if it was enabled or not used JIT and put >>> it back to zero if not set when starting. >>> Wireshark could then default to use JIT and some warnings could be >>> displayed in the welcome screen and in dumpcaps help output. >> >>> netsniff-ng activates it by default it seems. >>> Regards >>> Anders >> >>>> Cheers, >>>> Balint >> >>>> 2013/8/22 Anders Broman <a.bro...@bredband.net>: >>>>> Guy Harris skrev 2013-08-22 18:16: >> >>>>>> On Aug 22, 2013, at 4:46 AM, Anders Broman >>>>>> <anders.bro...@ericsson.com> >>>>>> wrote: >> >>>>>>> Should we add code to enable the JIT compiler from dumpcap? >>>>>> Should I add code to enable the JIT compiler to libpcap while I'm at it? >> >>>>>> Should the Linux kernel folks enable it by default? >> >>>>>> I'm inclined to answer "yes" to all three questions. I think the >>>>>> FreeBSD JIT compiler is enabled by default. I'm surprised that the >>>>>> Linux one isn't. >>>>> I checked in the dumpcap code. I agree that it might be useful in >>>>> libpcap too, root privileges are required to change it I think. >>>>> and Yes >> >>>>>> I'm surprised that the Linux one isn't >>>>> Regards >>>>> Anders
jit.patch
Description: jit.patch
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
