Nftables Steals the Show in Linux 3.13

247

It may have arrived a bit later than originally planned, but Linux 3.13 showed up in full glory on Sunday, complete with several changes that promise to improve the lives of users and developers alike.

“The release got delayed by a week due to travels, but I suspect that’s just as well,” wrote Linux creator Linus Torvalds in the announcement email on Sunday evening. “We had a few fixes come in, and while it wasn’t a lot, I think we’re better off for it.” The patch from the eighth release candidate is “fairly small,” Torvalds added, including primarily some small architecture updates, drivers and networking fixes. The ARM, MIPS, PowerPC, S/390, TuxSPARC and x86 architectures all saw some minor changes, he noted, including some that arose from a networking fix for the Berkeley Packet Filter (BPF) JIT. A few key features stand out as particularly notable in this new Linux release. Here’s a quick run-down.

1. The Debut of Nftables

It’s been clear for several years that Linux’s existing iptables packet-filtering framework suffers from a number of shortcomings, and back in 2009 an alternative called nftables was officially proposed. It wasn’t until this latest Linux release, however, that the technology made it into the mainline kernel.

“iptables has a number of limitations both at the functional and code design level, problems with the system update rules and code duplication, which cause problems for code maintenance and for users,” explains the changelog on KernelNewbies.org.

The new nftables approach can reportedly replace thousands of lines of code. “We do not need a specific extension in kernel-space for each protocol that you want to support,” explains the nftables project page. “As a side effect, you [will] likely not need to upgrade your kernel to obtain new features, as it has been designed to keep most of the logic in user-space.”

nftables provides backwards compatibility with iptables, but it won’t be fully featured until a future release.

2. Another Step for NUMA

Roughly a year ago, the arrival of Linux 3.8 saw the inclusion of a new feature designed to help improve Linux’s performance on non-uniform memory access (NUMA) systems. Most multiprocessors today use NUMA memory designs, yet the kernel’s behavior on such systems has been, “by most accounts, suboptimal,” explained Jonathan Corbet, executive editor at LWN.net, in an article in late 2012. “Processes tend to get separated from their memory, leading to lots of cross-node traffic and poor performance.”

Previously, patch sets were relied upon for partial help, but now Linux 3.13 brings new policies that “attempt to put a process near its memory and can handle cases such as shared pages between processes or transparent huge pages,” the changelog explains. The overall result is improved performance in NUMA systems.

3. A Scalable Block Layer for SSDs

A new block layer in Linux 3.13 is designed to better accommodate the high-performance solid-state disks (SSDs) that are increasingly used for storage.

“With drivers being written for new high IOPS devices, the classic request_fn based driver doesn’t work well enough,” explained developer Jens Axboe in his code commit. “This commit introduces blk-mq, block multi-queue support. The design is centered around per-CPU queues for queuing IO, which then funnel down into x number of hardware submission queues. We might have a 1:1 mapping between the two, or it might be an N:M mapping. That all depends on what the hardware supports.”

Only the virtioblk driver has been ported to this interface in this release, according to the changelog; other drivers will be ported in subsequent ones.

4. Help with Huge Page Workloads

In an improvement that will be particularly useful for enterprise users, Linux 3.13 refines the locking mechanism for page tables so as to improve page-table access scalability in threaded hugepage workloads such as those common on large servers and computational clusters.

“Highly threaded workloads slow down considerably when the transparent huge pages feature is in use,” explained LWN.net’s Corbet last fall in an article on the topic. “Given that huge pages are meant to increase performance, this result is seen as surprising and undesirable.”

The new patch, by contrast, makes it possible “to enjoy the performance benefits that come from using huge pages,” he added.

5. Support for NFC Payments

Finally, further bolstering Linux’s core capabilities in an increasingly mobile world, Linux 3.13 adds support for an API that enables near field communication (NFC) payments via mobile devices. Only the pn544 driver supports this API so far, the changelog notes.

Of course, this is only a small sampling of what’s new in Linux 3.13; other key enhancements include power management support for many AMD Radeon devices, a new power-capping framework, support for the Intel Many Integrated Core Architecture and the enabling of TCP Fast Open by default. A thorough summary is available on KernelNewbies.org.