Wireshark-dev: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
From: Réczey Bálint <rbalint@xxxxxxxxx>
Date: Fri, 23 Aug 2013 21:00:08 +0200
2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>: > > > *** E-mail via DME powered by mobile broadband *** > > > --Original message--- > Sender: "rbalint@xxxxxxxxx" <rbalint@xxxxxxxxx> > Time: Fri Aug 23 17:54:00 CEST 2013 > Cc: wireshark-dev@xxxxxxxxxxxxx, > Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? > > 2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>: >> >> >> -----Original Message----- >> From: rbalint@xxxxxxxxx [mailto:rbalint@xxxxxxxxx] On Behalf Of Bálint Réczey >> Sent: den 23 augusti 2013 14:23 >> To: Anders Broman >> Cc: Developer support list for Wireshark >> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? >> >> 2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>: >>> >>> >>> -----Original Message----- >>> From: wireshark-dev-bounces@xxxxxxxxxxxxx >>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Bálint >>> Réczey >>> Sent: den 23 augusti 2013 12:59 >>> To: Developer support list for Wireshark >>>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? >>>> >>>> 2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>: >>>>>> before we change it, should we remember the previous setting and restore it when dumpcap exits? >>>>> >>>>> Preferably yes but I'm not sure it's possible as I think root >>>>> privileges are required to write to the file and I think dumpcap Drops those after starting to capture. >>>> And in the configuration the documentation recommends dumpcap does not run as root, it has permission to capture only. >>>> >>>> Cheers, >>>> Balint >>>> >>>> That's kind of my point after all these years this is still not used by every one. >> >> >>>If you mean there are people not reading the documentation, this is expected. >>>Why would they read the documentation if Wireshark works well enough for them? >>>No one reads all the documentation for all their software. >>> >>>When one executes Wireshark as root on Linux a bit warning points her/him to the documentation explaining why it is a bad idea. >>>IMO running Wireshark as root or not running it as root makes a difference for people regarding security. Since Wireshark is a widely known and respected >security related software we can't leave people uninformed in this aspect. >>> >>>IMO enabling JIT is a way different case. 99% of the users won't notice any difference since AFAIK BPF execution is already fast enough to not be a >bottleneck for casual network monitoring and the network professionals who need top performance are expected to read the documentation anyway >and/or expected to know about BPF JIT already. >>> >>>I suggest reverting the recent JIT related patches and mentioning BPF JIT in the User Guide. >>>I think having or not having JIT enabled would not affect enough people to warrant a note on the welcome screen. >>>I have attached a patch for the documentation. >> >> >> Thank you that will be useful in any case. >> How about having it as a command line option? See sample code. Does anyone else have an opinion? > It could be done, but so far we have already added plenty of code > instead of recommending > using echo > > Yes but we disagree on this point as I don't think that will work. I agree that it won't work for most of the people. My point is that making JIT work for slightly more people (actually for those who misconfigured Wireshark) is a weak reason for messing with system configuration and enabling a kernel feature which the kernel developers do not trust enough to enable it by default. > > 71f7093 Output a warning about kernel BPF JIT compiler beeing activated. > dumpcap.c | 2 +- > tshark.c | 8 ++++++++ > 2 files changed, 9 insertions(+), 1 deletion(-) > f9aaaeb Output a warning about kernel BPF JIT compiler beeing activated. > dumpcap.c | 6 ++++++ > 1 file changed, 6 insertions(+) > 347ea71 Only enable the Linux kernel BPF JIT compiler if we're on Linux. > dumpcap.c | 32 ++++++++++++++++++++++---------- > 1 file changed, 22 insertions(+), 10 deletions(-) > 5928ded Enable Kernel BPF JIT compiler from dumpcap. > dumpcap.c | 21 +++++++++++++++++++++ > 1 file changed, 21 insertions(+) > > >> >>>Maybe working with the kernel developers to enable BPF JIT by default would also be useful. >> Not sure how to do that. > Asking around on the kernel mailing list could help, I think. > > Cheers, > Balint > >> >> >>> >>>> >>>> Regards >>>> Anders >>>> >>>> -----Original Message----- >>>> From: wireshark-dev-bounces@xxxxxxxxxxxxx >>>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Martin >>>> Kaiser >>>> Sent: den 23 augusti 2013 10:36 >>>> To: wireshark-dev@xxxxxxxxxxxxx >>>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? >>>> >>>> before we change it, should we remember the previous setting and restore it when dumpcap exits? >>>> >>>> Thus wrote Anders Broman (a.broman@xxxxxxxxxxxx): >>>> >>>>> Bálint Réczey skrev 2013-08-22 23:02: >>>>>> Hi, >>>> >>>>>> I would be happier if the applications I run did not change kernel >>>>>> configuration without my consent. >>>>> I see your point... >>>> >>>>>> Regarding Wireshark I would prefer suggesting "echo 1 > >>>>>> /proc/sys/net/core/bpf_jit_enable" in the documentation instead of >>>>>> adding code to enable JIT. >>>>>> There may be good reasons for not enabling it by default in the Linux kernel. >>>>> The problematic thing is that people seldom reads the documentation, >>>>> the setting gets reset at a reboot and it's easy to forget to >>>>> re-enable it. The ideal thing would be if dumpcap >>>>> - Had a preference/command line flag whether to use JIT or not. >>>>> - If told to use it check if it was enabled or not used JIT and put >>>>> it back to zero if not set when starting. >>>>> Wireshark could then default to use JIT and some warnings could be >>>>> displayed in the welcome screen and in dumpcaps help output. >>>> >>>>> netsniff-ng activates it by default it seems. >>>>> Regards >>>>> Anders >>>> >>>>>> Cheers, >>>>>> Balint >>>> >>>>>> 2013/8/22 Anders Broman <a.broman@xxxxxxxxxxxx>: >>>>>>> Guy Harris skrev 2013-08-22 18:16: >>>> >>>>>>>> On Aug 22, 2013, at 4:46 AM, Anders Broman >>>>>>>> <anders.broman@xxxxxxxxxxxx> >>>>>>>> wrote: >>>> >>>>>>>>> Should we add code to enable the JIT compiler from dumpcap? >>>>>>>> Should I add code to enable the JIT compiler to libpcap while I'm at it? >>>> >>>>>>>> Should the Linux kernel folks enable it by default? >>>> >>>>>>>> I'm inclined to answer "yes" to all three questions. I think the >>>>>>>> FreeBSD JIT compiler is enabled by default. I'm surprised that the Linux one isn't. >>>>>>> I checked in the dumpcap code. I agree that it might be useful in >>>>>>> libpcap too, root privileges are required to change it I think. >>>>>>> and Yes >>>> >>>>>>>> I'm surprised that the Linux one isn't >>>>>>> Regards >>>>>>> Anders
- References:
- Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
- From: Anders Broman
- Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
- Prev by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 51476: /trunk/ /trunk/: dumpcap.c
- Next by Date: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
- Previous by thread: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
- Next by thread: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
- Index(es):
- Get Wireshark
- Download
- Code of Conduct