Linus Torvalds and his development team have not stopped their efforts for continuing with the development of the Linux Kernel despite the problems that I know are currently experiencing worldwide due to Covid-19.
And it is that even that I know it is working on the candidate release for the new version from Kernel 5.6, also already working on the next version 5.7 that if everything continues on the march we will see it released during this spring.
Improvements for nftables
And is that about this new version of Linux Kernel 5.7 that developers of the filtering and modification subsystem Netfilter network packets they made known by posting a set of patches that significantly speed up the processing of large sets of nftables, that require verifying the combination of subnets, network ports, protocol, and MAC addresses.
The patches have already been accepted in the nf-next branch, which will be proposed for inclusion in the Linux 5.7 kernel. The most notable acceleration was achieved by using AVX2 instructions (similar optimizations based on NEON instructions for ARM are planned to be published in the future).
Optimizations were introduced in the module nft_set_pipapo (PIle PACKET POlicies), which solves the problem of comparing packet content with arbitrary field state ranges used in filtering rules, such as IP and network port ranges (nft_set_rbtree and nft_set_hash manipulate interval assignment and direct reflection of values).
Vectorized with 2-bit AVX256 instructions, the pipapo version on a system with an AMD Epyc 7402 processor showed a 420% performance increase when analyzing 30 registers that included port protocol packets.
The increase in the comparison of subnet packets and port number when analyzing 1000 entries was 87% for IPv4 and 128% for IPv6.
Another optimization, which allows the use of 8-bit mapping groups instead of 4-bit ones, it also showed a notable performance increase: 66% when analyzing 30 thousand port protocol entries, 43% - IPv4 port subnet and 61% - IPv6 port subnet.
In total, taking AVX2 optimizations into account, pipapo's performance increased in these tests by 766%, 168%, and 269%, respectively.
The characteristics obtained for complex comparisons are ahead of checking individual fields in rbtree (with the exception of the port + protocol binding test), but so far they lag behind direct checks using hashes and drop-based processors. In netdev.
NVMe SSD Boot Enhancements
Another change that will accompany the Linux 5.7 Kernel is a enhancement to speed up system boot from NVMe SSD. That's thanks to Intel developer Josh Triplett, who pointed out that the time it takes to see if an nvme boot drive is ready to use is 100ms. Since NVME SSDs are usually very fast, Triplett changed the timeout from 100 milliseconds to 1 ms.
According to the developer, this gained about 0.2 seconds in startup time. Although that does not make an incredibly big difference, it is of course a principle of 'every bit counts'.
Also, those 0.2 seconds can be crucial in some applications, such as virtual machine setup or camera systems that need to be ready to film almost immediately.
ExFAT file system driver
Last but not least, another of the novelties that we can find in Linux 5.7 is a new exFAT filesystem driver, which will now provide greater support for the driver that is currently in the Kernel, since the current version is limited because it is based on an old driver.
The new controller to be included will be Samsung has been working on, making it possible to work with larger media formatted using the exFAT file system. The new driver will be known as EXFAT_FS, but the old interim driver (CONFIG_STAGING_EXFAT_FS) will not go away yet. The two pilots will initially live side by side, but this won't be the case forever.