Wireshark-dev: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Fri, 23 Aug 2013 14:11:21 +0000

-----Original Message-----
From: rbalint@xxxxxxxxx [mailto:rbalint@xxxxxxxxx] On Behalf Of Bálint Réczey
Sent: den 23 augusti 2013 14:23
To: Anders Broman
Cc: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>:
>
>
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx 
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Bálint 
> Réczey
> Sent: den 23 augusti 2013 12:59
> To: Developer support list for Wireshark
>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
>>
>> 2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>:
>>>> before we change it, should we remember the previous setting and restore it when dumpcap exits?
>>>
>>> Preferably yes but I'm not sure it's possible as I think root 
>>> privileges are required to write to the file and I think dumpcap Drops those after starting to capture.
>> And in the configuration the documentation recommends dumpcap does not run as root, it has permission to capture only.
>>
>> Cheers,
>> Balint
>>
>> That's kind of my point after all these years this is still not used by every one.


>If you mean there are people not reading the documentation, this is expected.
>Why would they read the documentation if Wireshark works well enough for them?
>No one reads all the documentation for all their software.
>
>When one executes Wireshark as root on Linux a bit warning points her/him to the documentation explaining why it is a bad idea.
>IMO running Wireshark as root or not running it as root makes a difference for people regarding security. Since Wireshark is a widely known and respected >security related software we can't leave people uninformed in this aspect.
>
>IMO enabling JIT is a way different case. 99% of the users won't notice any difference since AFAIK BPF execution is already fast enough to not be a >bottleneck for casual network monitoring and the network professionals who need top performance are expected to read the documentation anyway >and/or expected to know about BPF JIT already.
>
>I suggest reverting the recent JIT related patches and mentioning BPF JIT in the User Guide.
>I think having or not having JIT enabled would not affect enough people to warrant a note on the welcome screen.
>I have attached a patch for the documentation.


Thank you that will be useful in any case.
How about having it as a command line option? See sample code.  Does anyone else have an opinion?

>Maybe working with the kernel developers to enable BPF JIT by default would also be useful.
Not sure how to do that.


>
>>
>> Regards
>> Anders
>>
>> -----Original Message-----
>> From: wireshark-dev-bounces@xxxxxxxxxxxxx
>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Martin 
>> Kaiser
>> Sent: den 23 augusti 2013 10:36
>> To: wireshark-dev@xxxxxxxxxxxxx
>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
>>
>> before we change it, should we remember the previous setting and restore it when dumpcap exits?
>>
>> Thus wrote Anders Broman (a.broman@xxxxxxxxxxxx):
>>
>>> Bálint Réczey skrev 2013-08-22 23:02:
>>>> Hi,
>>
>>>> I would be happier if the applications I run did not change kernel 
>>>> configuration without my consent.
>>> I see your point...
>>
>>>> Regarding Wireshark I would prefer suggesting "echo 1 > 
>>>> /proc/sys/net/core/bpf_jit_enable" in the documentation instead of 
>>>> adding code to enable JIT.
>>>> There may be good reasons for not enabling it by default in the Linux kernel.
>>> The problematic thing is that people seldom reads the documentation, 
>>> the setting gets reset at a reboot and it's easy to forget to 
>>> re-enable it. The ideal thing would be if dumpcap
>>> - Had a preference/command line flag whether to use JIT or not.
>>> - If told to use it check if it was enabled or not used JIT and put 
>>> it back to zero if not set when starting.
>>> Wireshark could then default to use JIT and some warnings could be 
>>> displayed in the welcome screen and in dumpcaps help output.
>>
>>> netsniff-ng activates it by default it seems.
>>> Regards
>>> Anders
>>
>>>> Cheers,
>>>> Balint
>>
>>>> 2013/8/22 Anders Broman <a.broman@xxxxxxxxxxxx>:
>>>>> Guy Harris skrev 2013-08-22 18:16:
>>
>>>>>> On Aug 22, 2013, at 4:46 AM, Anders Broman 
>>>>>> <anders.broman@xxxxxxxxxxxx>
>>>>>> wrote:
>>
>>>>>>> Should we add code to enable the JIT compiler from dumpcap?
>>>>>> Should I add code to enable the JIT compiler to libpcap while I'm at it?
>>
>>>>>> Should the Linux kernel folks enable it by default?
>>
>>>>>> I'm inclined to answer "yes" to all three questions.  I think the 
>>>>>> FreeBSD JIT compiler is enabled by default.  I'm surprised that the Linux one isn't.
>>>>> I checked in the dumpcap code. I agree that it might be useful in 
>>>>> libpcap too, root privileges are required to change it I think. 
>>>>> and Yes
>>
>>>>>> I'm surprised that the Linux one isn't
>>>>> Regards
>>>>> Anders

Attachment: jit.patch
Description: jit.patch