Noted from this commit: if you are routing over IPv6 directly to another address, the sysctl net.inet6.icmp6.nd6_onlink_ns_rfc4861 must be set to 1.
rdist has been removed. Does anyone mind? I don’t think so.
sys_pipe has been modified to avoid contention on DragonFly, which means better performance as tasks get handed between processors. See the commit message for details.
Matthew Dillon has added KVABIO, an API for avoiding the need to sync the TLB across all CPUs before continuing. What’s this mean? The more CPUs you are dealing with, the longer it takes to make sure all of them have the same cached view of the virtual memory. There’s a tradeoff – caching that view speeds up memory access, but the time cost of the synchronization can erase those benefits.
This API is now supported for NVMe and swap, HAMMER2, and tmpfs. Note that those last two links show a huge drop in IPI messaging. In the real world, this showed about a 5% improvement in performance for CPU-intensive work like complete synth builds. (Based on IRC conversations.)
The ppp kernel module has been removed. It’s still possible to run ppp(8) in userland, with tun(4), so it’s only a change in strategy, not result.
This is a bugfix release, adding HAMMER2 support in initrd, among other cleanup commits. The tag message lists the changes. There’s no huge changes, but it’s only a bugfix release.
I’ve got a long backlog of things to link to, so here’s the start: ifconfig now has an ‘lscan’ option, to show long SSIDs. “Long” means 14+ characters, in this case.
(Can you use emoji to create a SSID? That breaks character count and it’s just plain hard to read. Hmm.)
You can make them, but you can’t mount them. Tomohiro Kusumi’s note that mkfs_hammer2 works on Linux is of little wide practical use, but it’s a sign of progress to a larger goal.
I should have linked this with yesterday’s post: Sepherosa Ziehau put together some extended benchmarks on his changes between DragonFly 4.8 and 5.0, and their effects on latency using nginx to serve a lot of requests.
An optimization that applies to you only if you are on DragonFly, running nginx, and dealing with many requests: there’s a sysctl that specifically increases available sockets, which will decrease latency; Sepherosa Ziehau’s commit message gives stats.
SSH in DragonFly 5, by default, does not make a password authentication request on outgoing ssh sessions. You can manually add the option or change the config. Or use public keys, which is really the best idea if at all possible.
DragonFly has also gained the vmx(4) virtual network driver. This is in DragonFly-current now and will be in the 5.0 release.
kcollect(8) (see previous mention) now supports saving data to dbm files, thanks to Harald Brinkhof.
In addition to the already-mentioned ipfw per-CPU state tracking, Sepherosa Ziehau has added per-CPU state tables to ipfw, and his commit documents the improvement in performance/latency. He’s also added ipfw support to sshlockout(8).
Sepherosa Ziehau has made some improvements to ipfw in DragonFly, moving it to per-CPU state tracking among other things. (I haven’t mentioned just ipfw in foreeeever.)
His commit message describes the improvements. Of most interest: it reduces the performance impact of running ipfw in his tests to almost nothing. Does this translate to ipfw on other BSDs? I don’t know.
“gee, we have a 6-digit PID, might as well make it work to a million!”
Here’s the first of several commits to support this, and here’s the highest load averages I’ve ever seen.
There’s a new facility in DragonFly: kcollect(8). It holds automatically-collected kernel data for about the last day, and can output to gnuplot. Note the automatic collection part; your system will always be able to tell you about weirdness – assuming that weirdness extends to one of the features kcollect tracks. Here’s some of the commits.
Matthew Dillon’s found a solution to the problem of hardlinks in HAMMER2, and so moved on to dirents. The design document has a significant update to match.
sshlockout(8) will now lock out based on number of attempts, just so that you don’t have huge logs of stubborn but stupid SSH brute force attacks.