Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

On Aug 23, 2013, at 3:16 PM, Jakub Zawadzki wrote: > Also it's not perfect like BPF VM, check: https://lkml.org/lkml/2012/3/30/384a Presumably meaning https://lkml.org/lkml/2012/3/30/384 as the link didn't work with the final "a". > Don't know if such instruction can happen in BPF fi

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

On Thu, Aug 22, 2013 at 08:45:06PM +0200, Jakub Zawadzki wrote: > On Thu, Aug 22, 2013 at 09:16:04AM -0700, Guy Harris wrote: > > > > On Aug 22, 2013, at 4:46 AM, Anders Broman > > wrote: > > > > > Should we add code to enable the JIT compiler from dumpcap? > > > > Should I add code to enable

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

On Fri, Aug 23, 2013 at 10:23:32AM +, Anders Broman wrote: > > before we change it, should we remember the previous setting and restore it > > when dumpcap exits? > > Preferably yes but I'm not sure it's possible as I think root privileges are > required to write to the file and I think dump

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

On Aug 23, 2013, at 1:01 PM, Réczey Bálint wrote: > FreeBSD has a different implementation AFAIK The first implementation was the WinPcap one, for x86-32 or IA-32 or whatever you want to call the 32-bit version of x86. The FreeBSD people picked that one up, added x86-64 support, and, if I re

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

2013/8/23 Anders Broman : > > > *** E-mail via DME powered by mobile broadband *** > > > --Original message--- > Sender: "Réczey Bálint" > Time: Fri Aug 23 21:00:00 CEST 2013 > Cc: wireshark-dev@wireshark.org, > Subject: Re: [Wireshark-dev] Enablin

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

*** E-mail via DME powered by mobile broadband *** --Original message--- Sender: "Réczey Bálint" Time: Fri Aug 23 21:00:00 CEST 2013 Cc: wireshark-dev@wireshark.org, Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? 2013/8/23 Anders Broman : > >

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

2013/8/23 Anders Broman : > > > *** E-mail via DME powered by mobile broadband *** > > > --Original message--- > Sender: "rbal...@gmail.com" > Time: Fri Aug 23 17:54:00 CEST 2013 > Cc: wireshark-dev@wireshark.org, > Subject: Re: [Wireshark-dev] Enablin

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

*** E-mail via DME powered by mobile broadband *** --Original message--- Sender: "rbal...@gmail.com" Time: Fri Aug 23 17:54:00 CEST 2013 Cc: wireshark-dev@wireshark.org, Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? 2013/8/23 And

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

gusti 2013 12:59 >> To: Developer support list for Wireshark >>> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from >>> dumpcap? >>> >>> 2013/8/23 Anders Broman : >>>>> before we change it, should we remember the p

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

-Original Message- From: rbal...@gmail.com [mailto:rbal...@gmail.com] On Behalf Of Bálint Réczey Sent: den 23 augusti 2013 14:23 To: Anders Broman Cc: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? 2013/8/23 Anders

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

-dev-boun...@wireshark.org >> [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Martin >> Kaiser >> Sent: den 23 augusti 2013 10:36 >> To: wireshark-dev@wireshark.org >> Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? >> >&g

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

-Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Bálint Réczey Sent: den 23 augusti 2013 12:59 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

ailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Martin Kaiser > Sent: den 23 augusti 2013 10:36 > To: wireshark-dev@wireshark.org > Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? > > before we change it, should we remember the previous setting and

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

augusti 2013 10:50 To: Anders Broman Cc: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? Hi, 2013/8/23 Anders Broman : > Bálint Réczey skrev 2013-08-22 23:02: ... >> Regarding Wireshark I would prefer suggesting "

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

Regards Anders -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Martin Kaiser Sent: den 23 augusti 2013 10:36 To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap? bef

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

Hi, 2013/8/23 Anders Broman : > Bálint Réczey skrev 2013-08-22 23:02: ... >> Regarding Wireshark I would prefer suggesting "echo 1 > >> /proc/sys/net/core/bpf_jit_enable" in the documentation >> instead of adding code to enable JIT. >> There may be good reasons for not enabling it by default in th

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

before we change it, should we remember the previous setting and restore it when dumpcap exits? Thus wrote Anders Broman (a.bro...@bredband.net): > Bálint Réczey skrev 2013-08-22 23:02: >> Hi, >> I would be happier if the applications I run did not change kernel >> configuration without my conse

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

Bálint Réczey skrev 2013-08-22 23:02: Hi, I would be happier if the applications I run did not change kernel configuration without my consent. I see your point... Regarding Wireshark I would prefer suggesting "echo 1 > /proc/sys/net/core/bpf_jit_enable" in the documentation instead of adding

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

Hi, I would be happier if the applications I run did not change kernel configuration without my consent. Regarding Wireshark I would prefer suggesting "echo 1 > /proc/sys/net/core/bpf_jit_enable" in the documentation instead of adding code to enable JIT. There may be good reasons for not enabling

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

On Aug 22, 2013, at 11:45 AM, Jakub Zawadzki wrote: > Security issue: > http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html Exploiting a combination of 1) JIT-equipped BPF's ability to put safe-but-still-somewhat-controllable code into the ke

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

On Thu, Aug 22, 2013 at 09:16:04AM -0700, Guy Harris wrote: > > On Aug 22, 2013, at 4:46 AM, Anders Broman wrote: > > > Should we add code to enable the JIT compiler from dumpcap? > > Should I add code to enable the JIT compiler to libpcap while I'm at it? > > Should the Linux kernel folks ena

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

Guy Harris skrev 2013-08-22 18:16: On Aug 22, 2013, at 4:46 AM, Anders Broman wrote: Should we add code to enable the JIT compiler from dumpcap? Should I add code to enable the JIT compiler to libpcap while I'm at it? Should the Linux kernel folks enable it by default? I'm inclined to answe

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

On Aug 22, 2013, at 4:46 AM, Anders Broman wrote: > Should we add code to enable the JIT compiler from dumpcap? Should I add code to enable the JIT compiler to libpcap while I'm at it? Should the Linux kernel folks enable it by default? I'm inclined to answer "yes" to all three questions. I

Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

Included a patch if someone want to have a go at it. From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Anders Broman Sent: den 22 augusti 2013 13:47 To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] Enabling linux kernel jit compiler from

[Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?

Hi Should we add code to enable the JIT compiler from dumpcap? >From netsniff-ng bpf.c int enable_kernel_bpf_jit_compiler(void) { int fd; ssize_t ret; char *file = "/proc/sys/net/core/bpf_jit_enable";