2013/8/23 Anders Broman <anders.bro...@ericsson.com>: > > > *** E-mail via DME powered by mobile broadband *** > > > --Original message--- > Sender: "Réczey Bálint" <rbal...@gmail.com> > Time: Fri Aug 23 21:00:00 CEST 2013 > Cc: wireshark-dev@wireshark.org, > Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? > > 2013/8/23 Anders Broman <anders.bro...@ericsson.com>: >> >> >> *** E-mail via DME powered by mobile broadband *** >> >> >> --Original message--- >> Sender: "rbal...@gmail.com" <rbal...@gmail.com> >> Time: Fri Aug 23 17:54:00 CEST 2013 >> Cc: wireshark-dev@wireshark.org, >> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? >> >> 2013/8/23 Anders Broman <anders.bro...@ericsson.com>: >>> >>> >>> -----Original Message----- >>> From: rbal...@gmail.com [mailto:rbal...@gmail.com] On Behalf Of Bálint >>> Réczey >>> Sent: den 23 augusti 2013 14:23 >>> To: Anders Broman >>> Cc: Developer support list for Wireshark >>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from >>> dumpcap? >>> >>> 2013/8/23 Anders Broman <anders.bro...@ericsson.com>: >>>> >>>> >>>> -----Original Message----- >>>> From: wireshark-dev-boun...@wireshark.org >>>> [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Bálint >>>> Réczey >>>> Sent: den 23 augusti 2013 12:59 >>>> To: Developer support list for Wireshark >>>>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from >>>>> dumpcap? >>>>> >>>>> 2013/8/23 Anders Broman <anders.bro...@ericsson.com>: >>>>>>> before we change it, should we remember the previous setting and >>>>>>> restore it when dumpcap exits? >>>>>> >>>>>> Preferably yes but I'm not sure it's possible as I think root >>>>>> privileges are required to write to the file and I think dumpcap Drops >>>>>> those after starting to capture. >>>>> And in the configuration the documentation recommends dumpcap does not >>>>> run as root, it has permission to capture only. >>>>> >>>>> Cheers, >>>>> Balint >>>>> >>>>> That's kind of my point after all these years this is still not used by >>>>> every one. >>> >>> >>>>If you mean there are people not reading the documentation, this is >>>>expected. >>>>Why would they read the documentation if Wireshark works well enough for >>>>them? >>>>No one reads all the documentation for all their software. >>>> >>>>When one executes Wireshark as root on Linux a bit warning points her/him >>>>to the documentation explaining why it is a bad idea. >>>>IMO running Wireshark as root or not running it as root makes a difference >>>>for people regarding security. Since Wireshark is a widely known and >>>>respected >security related software we can't leave people uninformed in >>>>this aspect. >>>> >>>>IMO enabling JIT is a way different case. 99% of the users won't notice any >>>>difference since AFAIK BPF execution is already fast enough to not be a >>>>>bottleneck for casual network monitoring and the network professionals who >>>>need top performance are expected to read the documentation anyway >and/or >>>>expected to know about BPF JIT already. >>>> >>>>I suggest reverting the recent JIT related patches and mentioning BPF JIT >>>>in the User Guide. >>>>I think having or not having JIT enabled would not affect enough people to >>>>warrant a note on the welcome screen. >>>>I have attached a patch for the documentation. >>> >>> >>> Thank you that will be useful in any case. >>> How about having it as a command line option? See sample code. Does anyone >>> else have an opinion? >> It could be done, but so far we have already added plenty of code >> instead of recommending >> using echo >> >> Yes but we disagree on this point as I don't think that will work. > I agree that it won't work for most of the people. My point is that > making JIT work for slightly more people > (actually for those who misconfigured Wireshark) is a weak reason for messing > with system configuration and enabling a kernel feature which the > kernel developers do > not trust enough to enable it by default. > > I'm trying to come upp with something acceptable to us both... > > Is it the kernel developers or the distributon setting the imitation? Guy > indicated it's active in BFD systems. Kernel devs provide a default, which can be overriden by the distribution (Debian does not change it and I think it is reasonable.). FreeBSD has a different implementation AFAIK and covers fewer architectures.
> > Anyway a majority vote? I'm OK with that. Cheers, Balint > > >> >> 71f7093 Output a warning about kernel BPF JIT compiler beeing activated. >> dumpcap.c | 2 +- >> tshark.c | 8 ++++++++ >> 2 files changed, 9 insertions(+), 1 deletion(-) >> f9aaaeb Output a warning about kernel BPF JIT compiler beeing activated. >> dumpcap.c | 6 ++++++ >> 1 file changed, 6 insertions(+) >> 347ea71 Only enable the Linux kernel BPF JIT compiler if we're on Linux. >> dumpcap.c | 32 ++++++++++++++++++++++---------- >> 1 file changed, 22 insertions(+), 10 deletions(-) >> 5928ded Enable Kernel BPF JIT compiler from dumpcap. >> dumpcap.c | 21 +++++++++++++++++++++ >> 1 file changed, 21 insertions(+) >> >> >>> >>>>Maybe working with the kernel developers to enable BPF JIT by default would >>>>also be useful. >>> Not sure how to do that. >> Asking around on the kernel mailing list could help, I think. >> >> Cheers, >> Balint >> >>> >>> >>>> >>>>> >>>>> Regards >>>>> Anders >>>>> >>>>> -----Original Message----- >>>>> From: wireshark-dev-boun...@wireshark.org >>>>> [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Martin >>>>> Kaiser >>>>> Sent: den 23 augusti 2013 10:36 >>>>> To: wireshark-dev@wireshark.org >>>>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from >>>>> dumpcap? >>>>> >>>>> before we change it, should we remember the previous setting and restore >>>>> it when dumpcap exits? >>>>> >>>>> Thus wrote Anders Broman (a.bro...@bredband.net): >>>>> >>>>>> Bálint Réczey skrev 2013-08-22 23:02: >>>>>>> Hi, >>>>> >>>>>>> I would be happier if the applications I run did not change kernel >>>>>>> configuration without my consent. >>>>>> I see your point... >>>>> >>>>>>> Regarding Wireshark I would prefer suggesting "echo 1 > >>>>>>> /proc/sys/net/core/bpf_jit_enable" in the documentation instead of >>>>>>> adding code to enable JIT. >>>>>>> There may be good reasons for not enabling it by default in the Linux >>>>>>> kernel. >>>>>> The problematic thing is that people seldom reads the documentation, >>>>>> the setting gets reset at a reboot and it's easy to forget to >>>>>> re-enable it. The ideal thing would be if dumpcap >>>>>> - Had a preference/command line flag whether to use JIT or not. >>>>>> - If told to use it check if it was enabled or not used JIT and put >>>>>> it back to zero if not set when starting. >>>>>> Wireshark could then default to use JIT and some warnings could be >>>>>> displayed in the welcome screen and in dumpcaps help output. >>>>> >>>>>> netsniff-ng activates it by default it seems. >>>>>> Regards >>>>>> Anders >>>>> >>>>>>> Cheers, >>>>>>> Balint >>>>> >>>>>>> 2013/8/22 Anders Broman <a.bro...@bredband.net>: >>>>>>>> Guy Harris skrev 2013-08-22 18:16: >>>>> >>>>>>>>> On Aug 22, 2013, at 4:46 AM, Anders Broman >>>>>>>>> <anders.bro...@ericsson.com> >>>>>>>>> wrote: >>>>> >>>>>>>>>> Should we add code to enable the JIT compiler from dumpcap? >>>>>>>>> Should I add code to enable the JIT compiler to libpcap while I'm at >>>>>>>>> it? >>>>> >>>>>>>>> Should the Linux kernel folks enable it by default? >>>>> >>>>>>>>> I'm inclined to answer "yes" to all three questions. I think the >>>>>>>>> FreeBSD JIT compiler is enabled by default. I'm surprised that the >>>>>>>>> Linux one isn't. >>>>>>>> I checked in the dumpcap code. I agree that it might be useful in >>>>>>>> libpcap too, root privileges are required to change it I think. >>>>>>>> and Yes >>>>> >>>>>>>>> I'm surprised that the Linux one isn't >>>>>>>> Regards >>>>>>>> Anders ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
