Wireshark-dev: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Réczey Bálint <rbalint@xxxxxxxxx>
Date: Fri, 23 Aug 2013 22:01:00 +0200
2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>:
>
>
> *** E-mail via DME powered by mobile broadband ***
>
>
> --Original message---
> Sender: "Réczey Bálint" <rbalint@xxxxxxxxx>
> Time: Fri Aug 23 21:00:00 CEST 2013
> Cc: wireshark-dev@xxxxxxxxxxxxx,
> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
>
> 2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>:
>>
>>
>> *** E-mail via DME powered by mobile broadband ***
>>
>>
>> --Original message---
>> Sender: "rbalint@xxxxxxxxx" <rbalint@xxxxxxxxx>
>> Time: Fri Aug 23 17:54:00 CEST 2013
>> Cc: wireshark-dev@xxxxxxxxxxxxx,
>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
>>
>> 2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>:
>>>
>>>
>>> -----Original Message-----
>>> From: rbalint@xxxxxxxxx [mailto:rbalint@xxxxxxxxx] On Behalf Of Bálint Réczey
>>> Sent: den 23 augusti 2013 14:23
>>> To: Anders Broman
>>> Cc: Developer support list for Wireshark
>>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
>>>
>>> 2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>:
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: wireshark-dev-bounces@xxxxxxxxxxxxx
>>>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Bálint
>>>> Réczey
>>>> Sent: den 23 augusti 2013 12:59
>>>> To: Developer support list for Wireshark
>>>>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
>>>>>
>>>>> 2013/8/23 Anders Broman <anders.broman@xxxxxxxxxxxx>:
>>>>>>> before we change it, should we remember the previous setting and restore it when dumpcap exits?
>>>>>>
>>>>>> Preferably yes but I'm not sure it's possible as I think root
>>>>>> privileges are required to write to the file and I think dumpcap Drops those after starting to capture.
>>>>> And in the configuration the documentation recommends dumpcap does not run as root, it has permission to capture only.
>>>>>
>>>>> Cheers,
>>>>> Balint
>>>>>
>>>>> That's kind of my point after all these years this is still not used by every one.
>>>
>>>
>>>>If you mean there are people not reading the documentation, this is expected.
>>>>Why would they read the documentation if Wireshark works well enough for them?
>>>>No one reads all the documentation for all their software.
>>>>
>>>>When one executes Wireshark as root on Linux a bit warning points her/him to the documentation explaining why it is a bad idea.
>>>>IMO running Wireshark as root or not running it as root makes a difference for people regarding security. Since Wireshark is a widely known and respected >security related software we can't leave people uninformed in this aspect.
>>>>
>>>>IMO enabling JIT is a way different case. 99% of the users won't notice any difference since AFAIK BPF execution is already fast enough to not be a >bottleneck for casual network monitoring and the network professionals who need top performance are expected to read the documentation anyway >and/or expected to know about BPF JIT already.
>>>>
>>>>I suggest reverting the recent JIT related patches and mentioning BPF JIT in the User Guide.
>>>>I think having or not having JIT enabled would not affect enough people to warrant a note on the welcome screen.
>>>>I have attached a patch for the documentation.
>>>
>>>
>>> Thank you that will be useful in any case.
>>> How about having it as a command line option? See sample code.  Does anyone else have an opinion?
>> It could be done, but so far we have already added plenty of code
>> instead of recommending
>> using echo
>>
>> Yes but we disagree on this point as I don't think that will work.
> I agree that it won't work for most of the people. My point is that
> making JIT work for slightly more people
> (actually for those who misconfigured Wireshark) is a weak reason for messing
> with system configuration and enabling a kernel feature which the
> kernel developers do
> not trust enough to enable it by default.
>
> I'm trying to come upp with something acceptable to us both...
>
> Is it the kernel developers or the distributon setting the imitation? Guy indicated it's active in BFD systems.
Kernel devs provide a default, which can be overriden by the
distribution (Debian does not change it and I think it
is reasonable.).
FreeBSD has a different implementation AFAIK and covers fewer architectures.

>
> Anyway a majority vote?
I'm OK with that.

Cheers,
Balint

>
>
>>
>> 71f7093 Output a warning about kernel BPF JIT compiler beeing activated.
>>  dumpcap.c |    2 +-
>>  tshark.c  |    8 ++++++++
>>  2 files changed, 9 insertions(+), 1 deletion(-)
>> f9aaaeb Output a warning about kernel BPF JIT compiler beeing activated.
>>  dumpcap.c |    6 ++++++
>>  1 file changed, 6 insertions(+)
>> 347ea71 Only enable the Linux kernel BPF JIT compiler if we're on Linux.
>>  dumpcap.c |   32 ++++++++++++++++++++++----------
>>  1 file changed, 22 insertions(+), 10 deletions(-)
>> 5928ded Enable Kernel BPF JIT compiler from dumpcap.
>>  dumpcap.c |   21 +++++++++++++++++++++
>>  1 file changed, 21 insertions(+)
>>
>>
>>>
>>>>Maybe working with the kernel developers to enable BPF JIT by default would also be useful.
>>> Not sure how to do that.
>> Asking around on the kernel mailing list could help, I think.
>>
>> Cheers,
>> Balint
>>
>>>
>>>
>>>>
>>>>>
>>>>> Regards
>>>>> Anders
>>>>>
>>>>> -----Original Message-----
>>>>> From: wireshark-dev-bounces@xxxxxxxxxxxxx
>>>>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Martin
>>>>> Kaiser
>>>>> Sent: den 23 augusti 2013 10:36
>>>>> To: wireshark-dev@xxxxxxxxxxxxx
>>>>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
>>>>>
>>>>> before we change it, should we remember the previous setting and restore it when dumpcap exits?
>>>>>
>>>>> Thus wrote Anders Broman (a.broman@xxxxxxxxxxxx):
>>>>>
>>>>>> Bálint Réczey skrev 2013-08-22 23:02:
>>>>>>> Hi,
>>>>>
>>>>>>> I would be happier if the applications I run did not change kernel
>>>>>>> configuration without my consent.
>>>>>> I see your point...
>>>>>
>>>>>>> Regarding Wireshark I would prefer suggesting "echo 1 >
>>>>>>> /proc/sys/net/core/bpf_jit_enable" in the documentation instead of
>>>>>>> adding code to enable JIT.
>>>>>>> There may be good reasons for not enabling it by default in the Linux kernel.
>>>>>> The problematic thing is that people seldom reads the documentation,
>>>>>> the setting gets reset at a reboot and it's easy to forget to
>>>>>> re-enable it. The ideal thing would be if dumpcap
>>>>>> - Had a preference/command line flag whether to use JIT or not.
>>>>>> - If told to use it check if it was enabled or not used JIT and put
>>>>>> it back to zero if not set when starting.
>>>>>> Wireshark could then default to use JIT and some warnings could be
>>>>>> displayed in the welcome screen and in dumpcaps help output.
>>>>>
>>>>>> netsniff-ng activates it by default it seems.
>>>>>> Regards
>>>>>> Anders
>>>>>
>>>>>>> Cheers,
>>>>>>> Balint
>>>>>
>>>>>>> 2013/8/22 Anders Broman <a.broman@xxxxxxxxxxxx>:
>>>>>>>> Guy Harris skrev 2013-08-22 18:16:
>>>>>
>>>>>>>>> On Aug 22, 2013, at 4:46 AM, Anders Broman
>>>>>>>>> <anders.broman@xxxxxxxxxxxx>
>>>>>>>>> wrote:
>>>>>
>>>>>>>>>> Should we add code to enable the JIT compiler from dumpcap?
>>>>>>>>> Should I add code to enable the JIT compiler to libpcap while I'm at it?
>>>>>
>>>>>>>>> Should the Linux kernel folks enable it by default?
>>>>>
>>>>>>>>> I'm inclined to answer "yes" to all three questions.  I think the
>>>>>>>>> FreeBSD JIT compiler is enabled by default.  I'm surprised that the Linux one isn't.
>>>>>>>> I checked in the dumpcap code. I agree that it might be useful in
>>>>>>>> libpcap too, root privileges are required to change it I think.
>>>>>>>> and Yes
>>>>>
>>>>>>>>> I'm surprised that the Linux one isn't
>>>>>>>> Regards
>>>>>>>> Anders