2013/8/23 Anders Broman <anders.bro...@ericsson.com>: > > > -----Original Message----- > From: rbal...@gmail.com [mailto:rbal...@gmail.com] On Behalf Of Bálint Réczey > Sent: den 23 augusti 2013 14:23 > To: Anders Broman > Cc: Developer support list for Wireshark > Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? > > 2013/8/23 Anders Broman <anders.bro...@ericsson.com>: >> >> >> -----Original Message----- >> From: wireshark-dev-boun...@wireshark.org >> [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Bálint >> Réczey >> Sent: den 23 augusti 2013 12:59 >> To: Developer support list for Wireshark >>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from >>> dumpcap? >>> >>> 2013/8/23 Anders Broman <anders.bro...@ericsson.com>: >>>>> before we change it, should we remember the previous setting and restore >>>>> it when dumpcap exits? >>>> >>>> Preferably yes but I'm not sure it's possible as I think root >>>> privileges are required to write to the file and I think dumpcap Drops >>>> those after starting to capture. >>> And in the configuration the documentation recommends dumpcap does not run >>> as root, it has permission to capture only. >>> >>> Cheers, >>> Balint >>> >>> That's kind of my point after all these years this is still not used by >>> every one. > > >>If you mean there are people not reading the documentation, this is expected. >>Why would they read the documentation if Wireshark works well enough for them? >>No one reads all the documentation for all their software. >> >>When one executes Wireshark as root on Linux a bit warning points her/him to >>the documentation explaining why it is a bad idea. >>IMO running Wireshark as root or not running it as root makes a difference >>for people regarding security. Since Wireshark is a widely known and >>respected >security related software we can't leave people uninformed in this >>aspect. >> >>IMO enabling JIT is a way different case. 99% of the users won't notice any >>difference since AFAIK BPF execution is already fast enough to not be a >>>bottleneck for casual network monitoring and the network professionals who >>need top performance are expected to read the documentation anyway >and/or >>expected to know about BPF JIT already. >> >>I suggest reverting the recent JIT related patches and mentioning BPF JIT in >>the User Guide. >>I think having or not having JIT enabled would not affect enough people to >>warrant a note on the welcome screen. >>I have attached a patch for the documentation. > > > Thank you that will be useful in any case. > How about having it as a command line option? See sample code. Does anyone > else have an opinion? It could be done, but so far we have already added plenty of code instead of recommending using echo: 71f7093 Output a warning about kernel BPF JIT compiler beeing activated. dumpcap.c | 2 +- tshark.c | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) f9aaaeb Output a warning about kernel BPF JIT compiler beeing activated. dumpcap.c | 6 ++++++ 1 file changed, 6 insertions(+) 347ea71 Only enable the Linux kernel BPF JIT compiler if we're on Linux. dumpcap.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) 5928ded Enable Kernel BPF JIT compiler from dumpcap. dumpcap.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
> >>Maybe working with the kernel developers to enable BPF JIT by default would >>also be useful. > Not sure how to do that. Asking around on the kernel mailing list could help, I think. Cheers, Balint > > >> >>> >>> Regards >>> Anders >>> >>> -----Original Message----- >>> From: wireshark-dev-boun...@wireshark.org >>> [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Martin >>> Kaiser >>> Sent: den 23 augusti 2013 10:36 >>> To: wireshark-dev@wireshark.org >>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from >>> dumpcap? >>> >>> before we change it, should we remember the previous setting and restore it >>> when dumpcap exits? >>> >>> Thus wrote Anders Broman (a.bro...@bredband.net): >>> >>>> Bálint Réczey skrev 2013-08-22 23:02: >>>>> Hi, >>> >>>>> I would be happier if the applications I run did not change kernel >>>>> configuration without my consent. >>>> I see your point... >>> >>>>> Regarding Wireshark I would prefer suggesting "echo 1 > >>>>> /proc/sys/net/core/bpf_jit_enable" in the documentation instead of >>>>> adding code to enable JIT. >>>>> There may be good reasons for not enabling it by default in the Linux >>>>> kernel. >>>> The problematic thing is that people seldom reads the documentation, >>>> the setting gets reset at a reboot and it's easy to forget to >>>> re-enable it. The ideal thing would be if dumpcap >>>> - Had a preference/command line flag whether to use JIT or not. >>>> - If told to use it check if it was enabled or not used JIT and put >>>> it back to zero if not set when starting. >>>> Wireshark could then default to use JIT and some warnings could be >>>> displayed in the welcome screen and in dumpcaps help output. >>> >>>> netsniff-ng activates it by default it seems. >>>> Regards >>>> Anders >>> >>>>> Cheers, >>>>> Balint >>> >>>>> 2013/8/22 Anders Broman <a.bro...@bredband.net>: >>>>>> Guy Harris skrev 2013-08-22 18:16: >>> >>>>>>> On Aug 22, 2013, at 4:46 AM, Anders Broman >>>>>>> <anders.bro...@ericsson.com> >>>>>>> wrote: >>> >>>>>>>> Should we add code to enable the JIT compiler from dumpcap? >>>>>>> Should I add code to enable the JIT compiler to libpcap while I'm at it? >>> >>>>>>> Should the Linux kernel folks enable it by default? >>> >>>>>>> I'm inclined to answer "yes" to all three questions. I think the >>>>>>> FreeBSD JIT compiler is enabled by default. I'm surprised that the >>>>>>> Linux one isn't. >>>>>> I checked in the dumpcap code. I agree that it might be useful in >>>>>> libpcap too, root privileges are required to change it I think. >>>>>> and Yes >>> >>>>>>> I'm surprised that the Linux one isn't >>>>>> Regards >>>>>> Anders ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
