Forgot your password?
typodupeerror
Operating Systems Upgrades Linux

Linux 3.13 Released 141

Posted by timothy
from the lucky-numbers dept.
diegocg writes "Linux kernel 3.13 has been released. This release includes nftables (the successor of iptables); a revamp of the block layer designed for high-performance SSDs; a framework to cap power consumption in Intel RAPL devices; improved squashfs performance; AMD Radeon power management enabled by default and automatic AMD Radeon GPU switching; improved NUMA and hugepage performance; TCP Fast Open enabled by default; support for NFC payments; support for the High-Availability Seamless Redundancy protocol; new drivers; and many other small improvements. Here's the full list of changes."
This discussion has been archived. No new comments can be posted.

Linux 3.13 Released

Comments Filter:
  • nftables (Score:2, Interesting)

    by Anonymous Coward on Monday January 20, 2014 @07:51AM (#46012013)

    There's a compatibility wrapper, right? Right? Because nftables is an awful terrible complicated pile of needless complexity. It should be possible to set up a simple deny-inbound firewall ruleset in just a few lines, or..........I'm just not going to upgrade! Yeah. That's the idea.

  • by StripedCow (776465) on Monday January 20, 2014 @07:54AM (#46012021)

    This release includes nftables (the successor of iptables)

    Why does every network management tool include their own ugly, broken little programming language for configuring it?

    Why not just use an existing language?

    Like, when I get a packet from the network, I can just use Python:

    if packet.origin == "127.0.0.1":
        packet.drop()
    elif packet.port == 80:
        packet.forward(port = 1024)

    etcetera.

  • I am a bit astounded. Why would you want to compile that into an OS kernel ?? Please enlighten me.
  • Just my luck... (Score:2, Interesting)

    by Anonymous Coward on Monday January 20, 2014 @08:55AM (#46012281)

    I FINNALY managed to wrap my head around how iptables work... Oh well, hopefully the new one will be easier.

  • by RabidReindeer (2625839) on Monday January 20, 2014 @09:05AM (#46012333)

    Probably because of the extremely high performance requirements. There's a lot of packets going through a 10Gbit interface and if you run some Python code for each of them you're gonna choke the machine.

    That would be true if it were impossible to compile Python code to something efficient.

    And the style of code used above (and typical network configuration scripts) would compile to something very efficient. In fact, a compiler can compile that code to the current configuration language whenever possible.

    Systems like IPTABLES are based on declarative syntax. When you "program" by declaration, you are working with a limited syntax to perform limited functions. That also limits your flexibility, but the tradeoff is that the functions that you can do are so well-defined that you can be assured that anything you compile will operate in a way that minimizes surprises. It also means that you can optimize things more precisely because you don't have to support many possibilities, only a few. The #1 feature of declarative programming is that you don't have lots of loops and decisions to debug. Or optimize.

    The "tables" part of IPTABLES also contributes to that functionality. There are a limited set of table types pre-defined with specific uses. By compiling the rules into tables, very efficient processing can be done. After all, optimized table handling is one of the oldest and most intensively-studied disciplines of Computer Science.

    Even IPTABLES wasn't totally restricted to table-driven functions, though. As an extendable architecture, if you really wanted to, you could define your own abilities to the system, including modules incorporating user-written code. It's just that they had pre-defined and fine-tuned the most commonly-used features.

"Call immediately. Time is running out. We both need to do something monstrous before we die." -- Message from Ralph Steadman to Hunter Thompson

Working...