Wireshark mailing list archives
Re: Enabling linux kernel jit compiler from dumpcap?
From: Réczey Bálint <rbalint () gmail com>
Date: Fri, 23 Aug 2013 22:01:00 +0200
2013/8/23 Anders Broman <anders.broman () ericsson com>:
*** E-mail via DME powered by mobile broadband *** --Original message--- Sender: "Réczey Bálint" <rbalint () gmail com> Time: Fri Aug 23 21:00:00 CEST 2013 Cc: wireshark-dev () wireshark org, Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? 2013/8/23 Anders Broman <anders.broman () ericsson com>:*** E-mail via DME powered by mobile broadband *** --Original message--- Sender: "rbalint () gmail com" <rbalint () gmail com> Time: Fri Aug 23 17:54:00 CEST 2013 Cc: wireshark-dev () wireshark org, Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? 2013/8/23 Anders Broman <anders.broman () ericsson com>:-----Original Message----- From: rbalint () gmail com [mailto:rbalint () gmail com] On Behalf Of Bálint Réczey Sent: den 23 augusti 2013 14:23 To: Anders Broman Cc: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? 2013/8/23 Anders Broman <anders.broman () ericsson com>:-----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Bálint Réczey Sent: den 23 augusti 2013 12:59 To: Developer support list for WiresharkSubject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? 2013/8/23 Anders Broman <anders.broman () ericsson com>:before we change it, should we remember the previous setting and restore it when dumpcap exits?Preferably yes but I'm not sure it's possible as I think root privileges are required to write to the file and I think dumpcap Drops those after starting to capture.And in the configuration the documentation recommends dumpcap does not run as root, it has permission to capture only. Cheers, Balint That's kind of my point after all these years this is still not used by every one.If you mean there are people not reading the documentation, this is expected. Why would they read the documentation if Wireshark works well enough for them? No one reads all the documentation for all their software. When one executes Wireshark as root on Linux a bit warning points her/him to the documentation explaining why it is a bad idea. IMO running Wireshark as root or not running it as root makes a difference for people regarding security. Since Wireshark is a widely known and respected >security related software we can't leave people uninformed in this aspect. IMO enabling JIT is a way different case. 99% of the users won't notice any difference since AFAIK BPF execution is already fast enough to not be a >bottleneck for casual network monitoring and the network professionals who need top performance are expected to read the documentation anyway >and/or expected to know about BPF JIT already. I suggest reverting the recent JIT related patches and mentioning BPF JIT in the User Guide. I think having or not having JIT enabled would not affect enough people to warrant a note on the welcome screen. I have attached a patch for the documentation.Thank you that will be useful in any case. How about having it as a command line option? See sample code. Does anyone else have an opinion?It could be done, but so far we have already added plenty of code instead of recommending using echo Yes but we disagree on this point as I don't think that will work.I agree that it won't work for most of the people. My point is that making JIT work for slightly more people (actually for those who misconfigured Wireshark) is a weak reason for messing with system configuration and enabling a kernel feature which the kernel developers do not trust enough to enable it by default. I'm trying to come upp with something acceptable to us both... Is it the kernel developers or the distributon setting the imitation? Guy indicated it's active in BFD systems.
Kernel devs provide a default, which can be overriden by the distribution (Debian does not change it and I think it is reasonable.). FreeBSD has a different implementation AFAIK and covers fewer architectures.
Anyway a majority vote?
I'm OK with that. Cheers, Balint
71f7093 Output a warning about kernel BPF JIT compiler beeing activated. dumpcap.c | 2 +- tshark.c | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) f9aaaeb Output a warning about kernel BPF JIT compiler beeing activated. dumpcap.c | 6 ++++++ 1 file changed, 6 insertions(+) 347ea71 Only enable the Linux kernel BPF JIT compiler if we're on Linux. dumpcap.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) 5928ded Enable Kernel BPF JIT compiler from dumpcap. dumpcap.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)Maybe working with the kernel developers to enable BPF JIT by default would also be useful.Not sure how to do that.Asking around on the kernel mailing list could help, I think. Cheers, BalintRegards Anders -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Martin Kaiser Sent: den 23 augusti 2013 10:36 To: wireshark-dev () wireshark org Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? before we change it, should we remember the previous setting and restore it when dumpcap exits? Thus wrote Anders Broman (a.broman () bredband net):Bálint Réczey skrev 2013-08-22 23:02:Hi,I would be happier if the applications I run did not change kernel configuration without my consent.I see your point...Regarding Wireshark I would prefer suggesting "echo 1 > /proc/sys/net/core/bpf_jit_enable" in the documentation instead of adding code to enable JIT. There may be good reasons for not enabling it by default in the Linux kernel.The problematic thing is that people seldom reads the documentation, the setting gets reset at a reboot and it's easy to forget to re-enable it. The ideal thing would be if dumpcap - Had a preference/command line flag whether to use JIT or not. - If told to use it check if it was enabled or not used JIT and put it back to zero if not set when starting. Wireshark could then default to use JIT and some warnings could be displayed in the welcome screen and in dumpcaps help output.netsniff-ng activates it by default it seems. Regards AndersCheers, Balint2013/8/22 Anders Broman <a.broman () bredband net>:Guy Harris skrev 2013-08-22 18:16:On Aug 22, 2013, at 4:46 AM, Anders Broman <anders.broman () ericsson com> wrote:Should we add code to enable the JIT compiler from dumpcap?Should I add code to enable the JIT compiler to libpcap while I'm at it?Should the Linux kernel folks enable it by default?I'm inclined to answer "yes" to all three questions. I think the FreeBSD JIT compiler is enabled by default. I'm surprised that the Linux one isn't.I checked in the dumpcap code. I agree that it might be useful in libpcap too, root privileges are required to change it I think. and YesI'm surprised that the Linux one isn'tRegards Anders
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Enabling linux kernel jit compiler from dumpcap?, (continued)
- Re: Enabling linux kernel jit compiler from dumpcap? Jakub Zawadzki (Aug 23)
- Re: Enabling linux kernel jit compiler from dumpcap? Bálint Réczey (Aug 23)
- Re: Enabling linux kernel jit compiler from dumpcap? Anders Broman (Aug 23)
- Re: Enabling linux kernel jit compiler from dumpcap? Jakub Zawadzki (Aug 22)
- Re: Enabling linux kernel jit compiler from dumpcap? Guy Harris (Aug 22)
- Re: Enabling linux kernel jit compiler from dumpcap? Jakub Zawadzki (Aug 23)
- Re: Enabling linux kernel jit compiler from dumpcap? Guy Harris (Aug 23)
- Re: Enabling linux kernel jit compiler from dumpcap? Réczey Bálint (Aug 23)
- Re: Enabling linux kernel jit compiler from dumpcap? Réczey Bálint (Aug 23)
- Re: Enabling linux kernel jit compiler from dumpcap? Guy Harris (Aug 23)