i386 Kernel Options


Some kernel options only work on certain hardware platforms, while others are found on all platforms. We'll only discuss the kernel options that work on i386 here. For a fairly complete list of kernel options meant for general use, see options(4).

Bus Options

These kernel options affect how hardware busses and associated hardware behaves.

option

PCIVERBOSE

This option makes the computer print vendor names, chips IDs, and such for all PCI devices in the system when those devices are first detected.

option

EISAVERBOSE

This option makes the computer print vendor names, chip IDs, and so on for all EISA devices at boot-time.

option

USBVERBOSE

Whenever a USB device is detected (either at boot-time, or by plugging into the system), this option makes it print out any information it can get from the hardware.

option

PCMCIAVERBOSE

This makes the boot process give more information about the PCMCIA bus and any attached devices.

option

DEBUG_ISAPNP

As you can probably guess by now, this provides additional debugging information about the ISA Plug-and-Play interface during boots.

Debugging Options

In most cases, system developers are the ones interested in ones interested in debugging options. Many of these options aren't particularly useful to people who just want to run OpenBSD.

option

DDB

This compiles the kernel debugger into the kernel. See ddb(4) for more information.

option

DDB_SAFE_CONSOLE

This allows a developer to call up the debugger before the system finishes initializing. It's useful if you're working on init(8).

makeoptions

DEBUG="-g"

This includes the full symbol table in the kernel. If you are developing an OpenBSD kernel, you probably want this.

makeoptions

PROF="-pg"

This builds a kernel with support for profiling.

option

GPROF

This builds the kernel hooks for the profiling tool, kgmon(8).

option

DIAGNOSTIC

This adds internal consistency checks on kernel data. If a system fails a DIAGNOSTIC check, the kernel panics. You might think this is bad, but it's better than running with corrupt data!

option

KGDB

This compiles in a remote kernel debugger, allowing a kernel developer to use gdb(1)'s remote target features.

option

"KGDB_DEVNAME=\"pccom\""

This sets the device name used by the kgdb option.

option

KGDBADDR=0x2f8

This sets the memory address used by the kgdb option.

option

KGDBRATE=9600

This sets the port speed used by the kgdb option.

Security Options

The following options affect system security.

option

UVM_SWAP_ENCRYPT

This supports encrypted swap space. See Chapter 15 for details.

option

INSECURE

This sets the default securelevel to -1, instead of zero. See securelevel(7).

Userland Syscall Options

System calls are the interface the kernel provides to programs running on the system. Removing these options can cause programs to run badly, or not at all.

option

KTRACE

This provides the kernel hooks for ktrace(1), which allows users to track the system calls made by programs they run.

option

KMEMSTATS

This keeps statistics on how memory is used. It adds overhead to the system calls malloc() and free(), dramatically increasing system overhead for trivial things such as networking and the (unsupported) RAID driver.

option

PTRACE

This adds hooks for the ptrace(2) system call, which allows one process to monitor and control another process.

option

CRYPTO

This adds an in-kernel cryptographic engine. The most common user for this is IPSEC, but it's available to other kernel features as well. Se crypto(9) for details.

option

SYSVMSG

This supports System V message queues, as documented in msgctl(2), msgget(2), msgrcv(2), and msgsnd(2). If you don't know what this is, you want it.

option

SYSVSEM

This supports System V-style semaphores. For details, see semctl(2), semget(2), and semop(2). Again, include it unless you specifically know you don't want it.

option

SYSVSHM

If you want to use System V-style shared memory, use this option. You can read about this in shmat(2), shmctl(2), shmdt(2), and shmget(2). Many programs expect to find these features.

option

FIFO

These are "named pipes." Many programs use named pipes, and you should always include them. (If you're using OpenBSD in an embedded system, you might know that you don't need them.)

Filesystem Options

These options support the various file systems that OpenBSD can use. If you don't include the option for a filesystem, you cannot access disks formatted in that manner.

option

FFS

This is the standard UNIX file system. It is required.

option

FFS_SOFTUPDATES

Soft Updates greatly enhance FFS. You almost certainly want this. See Chapter 15.

option

QUOTA

This allows you to set quotas on how much disk a user can take up.

option

EXT2FS

This is the standard Linux file system.

option

MFS

This option allows you to create virtual disks out of memory. Such disks are extremely fast, and excellent for many short-term operations.

option

XFS

This supports the AFS-compatible Arla filesystem. See mount_xfs(8) for details.

option

NFSCLIENT

This allows your system to access NFS mounts exported from other machines. See mount_nfs(8).

option

NFSSERVER

This allows your system to export NFS file systems to other machines. See mountd(8) and nfsd(8) for details.

option

CD9660

This supports CD-ROMs. See Chapter 15.

option

MSDOSFS

This tells your kernel how to access MS-DOS formatted disks, which is the default floppy disk format. See Chapter 15.

option

FDESC

This allows programs to access the per-process file descriptor space. This is not needed on most OpenBSD systems, as the fd(4) pseudo-device provides identical functionality.

option

KERNFS

The kernel file system creates a directory, traditionally mounted on /kern, which exports a variety of kernel information. See mount_kernfs(8). If you don't want to use this, don't need it.

option

NULLFS

This lets the kernel "layer" file systems on top of each other, basically remounting directories at different locations. This nifty trick is discussed in mount_null(8).

option

PORTAL

The portal filesystem provides a map between the filesystem and the kernel. It allows you to, say, create a TCP connection by opening a file. It is highly experimental; see mount_portal(8).

option

PROCFS

The process filesystem gives details on processes running in system. See Chapter 15.

option

UMAPFS

This is nullfs, plus the ability to remap user ID and group ID numbers. It's useful for mounting foreign file systems where these values are different — say, over NFS. See mount_umap(8).

option

UNION

This is a massively cool, but slightly buggy option where the kernel can create a stackable filesystem where both layers are visible. See mount_union(8).

Networking Options

The following options all alter networking behavior.

option

GATEWAY

This option increases NMBCLUSTERS and sets sysctl net.inet.ip.forwarding to 1. These effects can be achieved separately without recompiling the kernel by, well, increasing NMBCLUSTERS and changing the sysctl.

option

INET

This gives the kernel basic networking functionality.

option

ALTQ

This enables up simple rate-limiting and traffic shaping. See altqd(8).

option

INET6

This tells the kernel about IPv6.

option

PULLDOWN_TEST

This helps IPv6 handle erratic packet flows. If you're using IPv6, you want this.

option

IPSEC

IPSec is the standard built-in security for IPv6.

option

KEY

This option supports PFKEYv2. If you have the IPSEC option, you automatically get this. You can read about PFKEYv2 in RFC 2367.

option

NS

This option supports the Xerox Network Systems networking protocols. Most people don't need it. See ns(4).

option

NSIP

This option supports tunneling XNS over TCP/IP. If you don't need XNS support, you certainly don't need this!

option

IPX

This gives the kernel support for the Internet Packet Exchange protocol popular in older Netware environments.

option

IPXIP

This lets the kernel support "tunnels" to put IPX over an IP network.

option

ISO,TPIP

This supports the ISO protocols that use the ISO addressing scheme, such as CLNP or TP. See ios(4).

option

EON

This lets you tunnel ISO protocols over TCP/IP.

option

NETATALK

This lets the kernel understand Apple's AppleTalk protocol.

option

CCITT,LLC,HDLC

This supports X.25 protocols. It's been neglected for some time, so it's probably scary and certainly buggy.

option

PPP_BSDCOMP

This is the standard compression style for PPP connections. It's only used by pppd(8).

option

PPP_DEFLATE

This is the interface to the zlib library for PPP connections, as used by pppd(8).

option

MROUTING

This supports the kernel part of multicast routing. If you're building a multicast router, you want this. If you don't know what multicast routing is, you aren't doing it. See mrouted(8).

option

TCP_SACK

This enables Selective Acknowledgements allow for faster recovery from interrupted TCP connections.

option

TCP_FACK

Forward Acknowledgements help reduce congestion on TCP networks, but both sides of every connection must understand forward acknowledgements. It can only be used with TCP_FACK.

option

TCP_SIGNATURE

This computes MD5 checksums of TCP packets. While this sounds truly nifty, only Internet backbone routers use it to verify BGP routing information. As such, it's not exactly useful to most people. If you're building a BGP-speaking router out of an OpenBSD box, however, you might find this useful.

Console Options

The following options all affect how the wscons platform-independent console driver behaves.

option

WSDISPLAY_COMPAT_USL

This supports switching between multiple virtual consoles.

option

WSDISPLAY_COMPAT_RAWKBD

This supports raw keyboard code compatibility, without the wscons framework. The X Window System needs this.

option

WSDISPLAY_DEFAULTSCREENS

This is the number of virtual consoles.

option

WSDISPLAY_COMPAT_PCVT

This gives the console compatibility with pcvt, needed for X.

Binary Compatibility Options

These options provide compatibility with other operating systems. Some of these are network compatibility features, but most cover OpenBSD's support for foreign ABIs, as discussed in Chapter 13.

option

TCP_COMPAT_42

You might need this option to connect to systems with a BSD 4.2 TCP stack. You really don't want to communicate with those systems; in fact, such systems should be disconnected from the network, as they're almost certainly insecure and unstable.

option

COMPAT_23

Provides compatibility with older releases of OpenBSD. Older versions of OpenBSD had different msgtcl(2), shmctl(2), and semctl(2) system calls. You only need this option if you're running binaries compiled under OpenBSD 2.3 or earlier.

option

COMPAT_25

The statfs(2), fstatfs(2), and fetfsstat(2) system calls changed after OpenBSD 2.5. If you are using binaries compiled on OpenBSD 2.5 or earlier, you need this.

option

COMPAT_43

This option supports a whole host of system calls from BSD 4.3, in the late 80s. If you have binaries built for BSD 4.3, you need this. These programs almost certainly have security holes.

option

COMPAT_SVR4

This option allows binary compatibility with i386 Solaris (or, if you're running on sparc, sparc Solaris). See compat_svr4(8).

option

COMPAT_IBCS2

This option supports Intel Binary Compatibility Standard 2 binaries, as found in SCO UNIX and SVR3.

option

COMPAT_LINUX

This supports binary compatibility with i386 Linux binaries.

option

COMPAT_FREEBSD

This supports binary compatibility with i386 FreeBSD binaries.

option

COMPAT_BSDOS

This option allows the system to run BSD/OS binaries. You must have COMPAT_43 in your kernel for this to work. See compat_bsdos(8).

Misc Options

These options are a scattered mix of things that don't fit elsewhere.

option

BOOT_CONFIG

This supports boot-time kernel configuration, as discussed in Chapter 11.

option

NTP

This adds kernel support for a userland daemon (i.e., ntpd) setting the time.

option

USER_LDT

This lets programs set the local descriptor table. It's only necessary if you're using the Wine win32 emulator.

option

XSERVER

This changes the console driver so that you can use the X windows system on the local display.

option

APERTURE

This supports VGA framebuffer mapping, so you can run X on the local display.

option

USER_PCICONF

This allows on X server to reconfigure PCI cards.

option

LKM

This supports loadable kernel modules. LKMs are not common in OpenBSD.




Absolute Openbsd(c) Unix for the Practical Paranoid
Absolute OpenBSD: Unix for the Practical Paranoid
ISBN: 1886411999
EAN: 2147483647
Year: 2005
Pages: 298

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net