Home News Software Linux Kernel Development Nftables Steals the Show in Linux 3.13

Nftables Steals the Show in Linux 3.13

It may have arrived a bit later than originally planned, but Linux 3.13 showed up in full glory on Sunday, complete with several changes that promise to improve the lives of users and developers alike.

"The release got delayed by a week due to travels, but I suspect that's just as well," wrote Linux creator Linus Torvalds in the announcement email on Sunday evening. "We had a few fixes come in, and while it wasn't a lot, I think we're better off for it." The patch from the eighth release candidate is "fairly small," Torvalds added, including primarily some small architecture updates, drivers and networking fixes. The ARM, MIPS, PowerPC, S/390, TuxSPARC and x86 architectures all saw some minor changes, he noted, including some that arose from a networking fix for the Berkeley Packet Filter (BPF) JIT. A few key features stand out as particularly notable in this new Linux release. Here's a quick run-down.

1. The Debut of Nftables

It's been clear for several years that Linux's existing iptables packet-filtering framework suffers from a number of shortcomings, and back in 2009 an alternative called nftables was officially proposed. It wasn't until this latest Linux release, however, that the technology made it into the mainline kernel.

"iptables has a number of limitations both at the functional and code design level, problems with the system update rules and code duplication, which cause problems for code maintenance and for users," explains the changelog on

The new nftables approach can reportedly replace thousands of lines of code. "We do not need a specific extension in kernel-space for each protocol that you want to support," explains the nftables project page. "As a side effect, you [will] likely not need to upgrade your kernel to obtain new features, as it has been designed to keep most of the logic in user-space."

nftables provides backwards compatibility with iptables, but it won't be fully featured until a future release.

2. Another Step for NUMA

Roughly a year ago, the arrival of Linux 3.8 saw the inclusion of a new feature designed to help improve Linux's performance on non-uniform memory access (NUMA) systems. Most multiprocessors today use NUMA memory designs, yet the kernel's behavior on such systems has been, "by most accounts, suboptimal," explained Jonathan Corbet, executive editor at, in an article in late 2012. "Processes tend to get separated from their memory, leading to lots of cross-node traffic and poor performance."

Previously, patch sets were relied upon for partial help, but now Linux 3.13 brings new policies that "attempt to put a process near its memory and can handle cases such as shared pages between processes or transparent huge pages," the changelog explains. The overall result is improved performance in NUMA systems.

3. A Scalable Block Layer for SSDs

A new block layer in Linux 3.13 is designed to better accommodate the high-performance solid-state disks (SSDs) that are increasingly used for storage.

"With drivers being written for new high IOPS devices, the classic request_fn based driver doesn't work well enough," explained developer Jens Axboe in his code commit. "This commit introduces blk-mq, block multi-queue support. The design is centered around per-CPU queues for queuing IO, which then funnel down into x number of hardware submission queues. We might have a 1:1 mapping between the two, or it might be an N:M mapping. That all depends on what the hardware supports."

Only the virtioblk driver has been ported to this interface in this release, according to the changelog; other drivers will be ported in subsequent ones.

4. Help with Huge Page Workloads

In an improvement that will be particularly useful for enterprise users, Linux 3.13 refines the locking mechanism for page tables so as to improve page-table access scalability in threaded huge page workloads such as those common on large servers and computational clusters.

"Highly threaded workloads slow down considerably when the transparent huge pages feature is in use," explained's Corbet last fall in an article on the topic. "Given that huge pages are meant to increase performance, this result is seen as surprising and undesirable."

The new patch, by contrast, makes it possible "to enjoy the performance benefits that come from using huge pages," he added.

5. Support for NFC Payments

Finally, further bolstering Linux's core capabilities in an increasingly mobile world, Linux 3.13 adds support for an API that enables near field communication (NFC) payments via mobile devices. Only the pn544 driver supports this API so far, the changelog notes.

Of course, this is only a small sampling of what's new in Linux 3.13; other key enhancements include power management support for many AMD Radeon devices, a new power-capping framework, support for the Intel Many Integrated Core Architecture and the enabling of TCP Fast Open by default. A thorough summary is available on




Subscribe to Comments Feed

    There are lot of clashes between so many versions of unix. Almost all the drivers install is a mess. you can insist for drivers for linux ubuntu, debian .. so on. Second mutiarch is a must. Third linux installation always follows a huge down load, We are interested in linux cdreleased with all the drivers and multiarch. We dont want android to penetrate linux market Thanks Karthik

  • kneekoo Said:

    Clashes? Every distro maker tries to provide something better for some people, which is great. Back in 2001 I started using Windows XP and I didn't want to go back to older Windows versions because they were worse. But that didn't make Windows XP good enough for me. So at some point in time I found an operating system that made more sense to me and settled with it. I use Linux Mint. Others prefer Arch, Fedora, Ubuntu etc. There's something for everyone, so I don't see a problem between "so many versions of unix" but constructive competition. The drivers will be a success story when the hardware manufacturers will get their jobs done properly by either documenting their hardware or making their own drivers. Linux is not to blame in this case. I'm not interested in "Linux with all the drivers" but a great Linux platform with decent support out of the box and after that, it's up to the hardware manufacturers. That's where I put my high expectations regarding drivers. The huge download you mention is normal. Any stand-alone operating system put on a CD/DVD has the same fate. The software doesn't get updated while the CD/DVD sits on a shelf, but what I love about some Linux distros is that their net-install ISOs allow you to get the installer and install everything from the internet, so when your setup is done you'll have the latest version, no post-install updates required. Android is Linux, so there's no problem if Android gets chosen over the traditional Linux in some cases. After all, the mobile and desktop environments are very different and those having PCs will choose the good old Linux over Android, even if the latter would have impeccable hardware support - which is not the case.

  • Marcin Said:

    So over a year ago I failed badly on installing fresh 64-bit Slackware on 4-disk RAID 10 array because there was a massive confusion on RAID support and GPT. I even reached kernel module *name* compatibility issue. Seriously guys, WTH? Those are real problems. Windows 7 installed and Slack couldn't. Apocalypse is so close.

  • cyberoptiq Said:

    Driver install a mess?? Linux installation always follow a huge download?? Since when?? And how can Android be a threat to Linux?? I think you need to learn some more Linux before speaking from your limited Linux experience!!

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Linux Training / Board

/** BC-056 Ameex changes to add tracking code - 2016-01-22 **/ ?>