NAME
options —
Miscellaneous kernel
configuration options
SYNOPSIS
cinclude ...
config ...
[no] file-system ...
ident ...
include ...
[no] makeoptions ...
maxusers ...
[no] options ...
[no] pseudo-device ...
DESCRIPTION
This manual page describes a number of miscellaneous kernel configuration
options that may be specified in a kernel config file. See
config(1) and
config(5) for information on how
to configure and build kernels.
The
no form removes a previously specified option.
Keywords
The following keywords are recognized in a kernel configuration file:
- cinclude
“filename”
- Conditionally includes another kernel configuration file
whose name is filename, which may be double-quoted
and may be an explicit path or relative to the kernel source directory.
Failure to open the named file is ignored.
- config exec_name
root on rootdev
[type fstype]
[dumps on dumpdev]
- Defines a configuration whose kernel executable is named
exec_name, normally “netbsd”, with its
root file system of type fstype on the device
rootdev, and optionally specifying the location of
kernel core dumps on the device dumpdev.
dev or dumpdev and
fstype may be specified as “?”, which is
a wild card. The root fstype and
dumpdev are optional and assumed to be wild carded
if they are not specified.
- device_instance
at attachment
[locators value
[...]] [flags
value]
- Define an instance of the device driver
device_instance that attaches to the bus or device
named attachment. An
attachment may require additional information on
where the device can be found, such as an address, channel, function,
offset, and/or slot, referred to as locators, whose
value often may be a wild card, “?”.
Some device drivers have one or more flags that can
be adjusted to affect the way they operate.
- file-system
fs_name [,
fs_name [...]]
- Include support for the file-system
fs_name.
- ident
“string”
- Sets the kernel identification string to
string.
- include
“filename”
- Functions the same as cinclude,
except failure to open filename produces a fatal
error.
- options
option_name [,
option_name=value
[...]]
- Specifies (or sets) the option, or comma-separated list
of options, option_name. Some options expect to be
assigned a value, which may be an integer, a double-quoted word, a bare
word, or an empty string (“”). Note that those are eventually
handled by the C compiler, so the rules of that language apply.
Note: Options that are not defined by device definition
files are passed to the compile process as -D flags to
the C compiler.
- makeoptions
name=value
- Defines a
make(1) macro
name with the value value in
the kernel Makefile.
- maxusers
integer
- Set the maxusers variable in the kernel.
- no keyword
name [arguments
[...]]
- For the
config(1)
keywords file-system, makeoptions, options, and
pseudo-device, no removes the file-system,
makeoption, options, or pseudo-device, name. This is
useful when a kernel configuration file includes another which has
undesired options.
For example, a local configuration file that wanted the kitchen sink, but
not COMPAT_09 or bridging, might be:
include "arch/i386/conf/GENERIC"
no options COMPAT_09
no pseudo-device bridge
- pseudo-device
name
[N]
- Includes support for the pseudo-device
name. Some pseudo-devices can have multiple or
N instances.
Compatibility Options
- options COMPAT_09
- Enable binary compatibility with NetBSD
0.9. This enables support for 16-bit user, group, and process IDs
(following revisions support 32-bit identifiers). It also allows the use
of the deprecated
getdomainname(3),
setdomainname(3), and
uname(3) syscalls. This
option also allows using numeric file system identifiers rather than
strings. Post NetBSD 0.9 versions use string
identifiers.
- options COMPAT_10
- Enable binary compatibility with NetBSD
1.0. This option allows the use of the file system name of
“ufs” as an alias for “ffs”. The name
“ffs” should be used post 1.0 in /etc/fstab
and other files. It also adds old syscalls for the
AT&T System V UNIX shared memory
interface. This was changed post 1.0 to work on 64-bit architectures. This
option also enables “sgtty” compatibility, without which
programs using the old interface produce an “inappropriate
ioctl” error, and /dev/io only works when this
option is set in the kernel, see
io(4) on ports that support
it.
- options COMPAT_11
- Enable binary compatibility with NetBSD
1.1. This allows binaries running on the i386 port to gain direct
access to the io ports by opening /dev/io read/write.
This functionality was replaced by
i386_iopl(2) post 1.1. On
the Atari port, the location of the disk label was moved after 1.1. When
the COMPAT_11 option is set, the kernel will read (pre)
1.1 style disk labels as a last resort. When a disk label is re-written,
the old style label will be replaced with a post 1.1 style label. This
also enables the EXEC_ELF_NOTELESS option.
- options COMPAT_12
- Enable binary compatibility with NetBSD
1.2. This allows the use of old syscalls for
reboot() and swapon(). The syscall
numbers were changed post 1.2 to add functionality to the
reboot(2) syscall, and the
new swapctl(2) interface
was introduced. This also enables the EXEC_ELF_NOTELESS
option.
- options COMPAT_13
- Enable binary compatibility with NetBSD
1.3. This allows the use of old syscalls for
sigaltstack(), and also enables the old
swapctl(2) command
SWAP_STATS
(now called
SWAP_OSTATS
), which does not include the
se_path member of struct
swapent.
- options COMPAT_14
- Enable binary compatibility with NetBSD
1.4. This allows some old
ioctl(2) on
wscons(4) to be performed,
and allows the
NFSSVC_BIOD
mode of the
nfssvc(2) system call to be
used for compatibility with the deprecated nfsiod program.
- options COMPAT_15
- Enable binary compatibility with NetBSD
1.5. Since there were no API changes from NetBSD
1.5 and NetBSD 1.6, this option does
nothing.
- options COMPAT_16
- Enable binary compatibility with NetBSD
1.6. This allows the use of old signal trampoline code which has
been deprecated with the addition of
siginfo(2).
- options COMPAT_20
- Enable binary compatibility with NetBSD
2.0. This allows the use of old syscalls for
statfs(), fstatfs(),
getfsstat() and fhstatfs(), which have
been deprecated with the addition of the
statvfs(2),
fstatvfs(2),
getvfsstat(2) and
fhstatvfs(2) system
calls.
- options COMPAT_30
- Enable binary compatibility with NetBSD
3.0. See
compat_30(8) for details
about the changes made after the NetBSD 3.0
release.
- options COMPAT_40
- Enable binary compatibility with NetBSD
4.0.
- options COMPAT_43
- Enables compatibility with
4.3BSD. This adds an old syscall for
lseek(2). It also adds the
ioctls for
TIOCGETP
and
TIOCSETP
. The return values for
getpid(2),
getgid(2), and
getuid(2) syscalls are
modified as well, to return the parent's PID and UID as well as the
current process's. It also enables the deprecated
NTTYDISC
terminal line discipline. It also
provides backwards compatibility with “old”
SIOC[GS]IF{ADDR,DSTADDR,BRDADDR,NETMASK} interface ioctls, including
binary compatibility with code written before the introduction of the
sa_len field in sockaddrs. It also enables support for some older pre
4.4BSD socket calls.
- options COMPAT_50
- Enable binary compatibility with NetBSD
5.0.
- options COMPAT_60
- Enable binary compatibility with NetBSD
6.0.
- options COMPAT_70
- Enable binary compatibility with NetBSD
7.0.
- options COMPAT_BSDPTY
- This option is currently on by default and enables the
pty multiplexer ptm(4) and
ptmx(4) to find and use ptys
named /dev/ptyXX (master) and
/dev/ttyXX (slave). Eventually this option will become
optional as ptyfs based pseudo-ttys become the default, see
mount_ptyfs(8).
- options COMPAT_SVR4
- On those architectures that support it, this enables
binary compatibility with AT&T System V
Release 4 UNIX applications built for the same architecture.
This currently includes the i386, m68k, and sparc ports.
- options COMPAT_LINUX
- On those architectures that support it, this enables
binary compatibility with Linux ELF and
a.out(5) applications built
for the same architecture. This currently includes the alpha, arm, i386,
m68k, mips, powerpc and x86_64 ports.
- options COMPAT_LINUX32
- On those 64 bit architectures that support it, this
enables binary compatibility with 32 bit Linux binaries. For now this is
limited to running i386 ELF Linux binaries on amd64.
- options COMPAT_SUNOS
- On those architectures that support it, this enables
binary compatibility with SunOS 4.1 applications built for the same
architecture. This currently includes the sparc, sparc64 and most or all
m68k ports. Note that the sparc64 requires the
COMPAT_NETBSD32 option for 64-bit kernels, in addition
to this option.
- options COMPAT_ULTRIX
- On those architectures that support it, this enables
binary compatibility with ULTRIX applications built for the same
architecture. This currently is limited to the pmax. The functionality of
this option is unknown.
- options COMPAT_FREEBSD
- On those architectures that support it, this enables
binary compatibility with FreeBSD applications
built for the same architecture. At the moment this is limited to the i386
port.
- options COMPAT_IBCS2
- On those architectures that support it, this enables
binary compatibility with iBCS2 or SVR3 applications built for the same
architecture. This is currently limited to the i386 and vax ports.
- options COMPAT_OSF1
- On those architectures that support it, this enables
binary compatibility with Digital UNIX (formerly
OSF/1) applications built for the same architecture. This is currently
limited to the alpha port.
- options COMPAT_NOMID
- Enable compatibility with
a.out(5) executables that
lack a machine ID. This includes NetBSD 0.8's
ZMAGIC format, and 386BSD and BSDI's QMAGIC, NMAGIC, and OMAGIC
a.out(5) formats.
- options COMPAT_NETBSD32
- On those architectures that support it, this enables
binary compatibility with 32-bit applications built for the same
architecture. This is currently limited to the amd64 and sparc64 ports,
and only applicable for 64-bit kernels.
- options COMPAT_SVR4_32
- On those architectures that support it, this enables
binary compatibility with 32-bit SVR4 applications built for the same
architecture. This is currently limited to the sparc64 port, and only
applicable for 64-bit kernels.
- options COMPAT_AOUT_M68K
- On m68k architectures which have switched to ELF, this
enables binary compatibility with NetBSD/m68k
a.out(5) executables on
NetBSD/m68k ELF kernels. This handles alignment
incompatibility of m68k ABI between a.out and ELF which causes the
structure padding differences. Currently only some system calls which use
struct stat are adjusted and some binaries which use
sysctl(3) to retrieve
network details would not work properly.
- options EMUL_NATIVEROOT=string
- Just like emulated binaries first try looking up files in
an emulation root (e.g. /emul/linux) before looking them
up in real root, this option causes native binaries to first look up files
in an "emulation" directory too. This can be useful to test an
amd64 kernel on top of an i386 system before full migration: by unpacking
the amd64 distribution in e.g. /emul/netbsd64 and
specifying that location as EMUL_NATIVEROOT, native
amd64 binaries can be run while the root file system remains populated
with i386 binaries. Beware of /dev incompatibilities
between i386 and amd64 if you do this.
- options EXEC_ELF_NOTELESS
- Run unidentified ELF binaries as
NetBSD binaries. This might be needed for very old
NetBSD ELF binaries on some archs. These old
binaries didn't contain an appropriate
.note.netbsd.ident
section, and thus can't be
identified by the kernel as NetBSD binaries
otherwise. Beware - if this option is on, the kernel would run
any unknown ELF binaries as if they were
NetBSD binaries.
Debugging Options
- options DDB
- Compiles in a kernel debugger for diagnosing kernel
problems. See ddb(4) for
details. NOTE: not available on all architectures.
- options DDB_FROMCONSOLE=integer
- If set to non-zero, DDB may be entered by sending a break
on a serial console or by a special key sequence on a graphics console. A
value of "0" ignores console breaks or key sequences. If not
explicitly specified, the default value is "1". Note that this
sets the value of the ddb.fromconsole
sysctl(3) variable which may
be changed at run time -- see
sysctl(8) for details.
- options DDB_HISTORY_SIZE=integer
- If this is non-zero, enable history editing in the kernel
debugger and set the size of the history to this value.
- options DDB_ONPANIC
- The default if not specified is “1” - just
enter into DDB. If set to “2” the kernel will attempt to print
out a stack trace before entering into DDB. If set to “0” the
kernel will attempt to print out a stack trace and reboot the system. If
set to “-1” then neither a stack trace is printed or DDB
entered - it is as if DDB were not compiled into the kernel. Note that
this sets the value of the ddb.onpanic
sysctl(3) variable which may
be changed at run time -- see
sysctl(8) for details.
- options DDB_COMMANDONENTER=string
- This option specify commands which will be executed on
each entry to DDB. This sets the default value of the
ddb.commandonenter
sysctl(3) variable which may
be changed at run time.
- options DDB_BREAK_CHAR=integer
- This option overrides using break to enter the kernel
debugger on the serial console. The value given is the ASCII value to be
used instead. This is currently only supported by the com driver.
- options DDB_VERBOSE_HELP
- This option adds more verbose descriptions to the
help command.
- options KGDB
- Compiles in a remote kernel debugger stub for diagnosing
kernel problems using the “remote target” feature of gdb. See
gdb(1) for details.
NOTE: not available on all architectures.
- options KGDB_DEV
- Device number (as a
dev_t
) of
kgdb device.
- options KGDB_DEVADDR
- Memory address of kgdb device.
- options KGDB_DEVMODE
- Permissions of kgdb device.
- options KGDB_DEVNAME
- Device name of kgdb device.
- options KGDB_DEVRATE
- Baud rate of kgdb device.
- makeoptions DEBUG="-g"
- The -g flag causes
netbsd.gdb to be built in addition to
netbsd. netbsd.gdb is useful for
debugging kernel crash dumps with gdb. See
gdb(1) for details. This also
turns on options DEBUG (which see).
- options DEBUG
- Turns on miscellaneous kernel debugging. Since options
are turned into preprocessor defines (see above), options
DEBUG is equivalent to doing a #define DEBUG
throughout the kernel. Much of the kernel has #ifdef
DEBUG conditionalized debugging code. Note that many parts of the
kernel (typically device drivers) include their own #ifdef
XXX_DEBUG conditionals instead. This option also turns on certain
other options, which may decrease system performance. Systems with this
option are not suitable for regular use, and are intended only for
debugging or looking for bugs.
- options DIAGNOSTIC
- Adds code to the kernel that does internal consistency
checks. This code will cause the kernel to panic if corruption of internal
data structures is detected. Historically, the performance degradation is
sufficiently small that it is reasonable for systems with
options DIAGNOSTIC to be in production use, with the
real consideration not being performance but instead a preference for more
panics versus continued operation with undetected problems.
- options LOCKDEBUG
- Adds code to the kernel to detect incorrect use of
locking primitives (mutex, rwlock). This code will cause the kernel to
check for dead lock conditions. It will also check for memory being freed
to not contain initialised lock primitives. Functions for use in
ddb(4) to check lock chains
etc. are also enabled. These checks are very expensive and can decrease
performance on multi-processor machines by a factor of three.
- options KDTRACE_HOOKS
- Adds hooks for the DTrace tracing facility, which allows
users to analyze many aspects of system and application behavior. See
dtrace(1) for details.
- options KSTACK_CHECK_MAGIC
- Check kernel stack usage and panic if stack overflow is
detected. This check is performance sensitive because it scans stack on
each context switch.
- options KTRACE
- Add hooks for the system call tracing facility, which
allows users to watch the system call invocation behavior of processes.
See ktrace(1) for
details.
- options MSGBUFSIZE=integer
- This option sets the size of the kernel message buffer.
This buffer holds the kernel output of printf() when not
(yet) read by syslogd(8).
This is particularly useful when the system has crashed and you wish to
lookup the kernel output from just before the crash. Also, since the
autoconfig output becomes more and more verbose, it sometimes happens that
the message buffer overflows before
syslogd(8) was able to read
it. Note that not all systems are capable of obtaining a variable sized
message buffer. There are also some systems on which memory contents are
not preserved across reboots.
- options KERNHIST
- Enables the kernel history logs, which create in-memory
traces of various kernel activities. These logs can be displayed by using
show kernhist from DDB. See the kernel source file
sys/kern/kern_history.c and the
kernhist(9) manual for
details.
- options KERNHIST_PRINT
- Prints the kernel history logs on the system console as
entries are added. Note that the output is extremely
voluminous, so this option is really only useful for debugging the very
earliest parts of kernel initialization.
- options UVMHIST
- Like KERNHIST, it enables the UVM
history logs. These logs can be displayed by using show
kernhist from DDB. See the kernel source file
sys/uvm/uvm_stat.c for details.
- options UVMHIST_PRINT
- Like UVMHIST, it prints the UVM history
logs on the system console as entries are added. Note that the output is
extremely voluminous, so this option is really only
useful for debugging the very earliest parts of kernel
initialization.
- options UVMHIST_MAPHIST_SIZE
- Set the size of the “maphist” kernel history.
The default is 100. This option depends upon the UVMHIST
option.
- options UVMHIST_PDHIST_SIZE
- Set the size of the “pdhist” kernel history.
The default is 100. This option depends upon the UVMHIST
option.
- options BIOHIST
- Like KERNHIST, it enables the BIO
history logs. These logs can be displayed by using show
kernhist from DDB, and can help in debugging problems with Buffered
I/O operations. See the kernel source file
sys/kern/vfs_vio.c for details.
- options BIOHIST_PRINT
- Like BIOHIST, it prints the BIO history
logs on the system console as entries are added. Note that the output is
extremely voluminous, so this option is really only
useful for debugging the very earliest parts of kernel
initialization.
- options BIOHIST_SIZE
- Set the size of the “biohist” kernel history.
The default is 500. This option depends upon the BIOHIST
option.
File Systems
- file-system FFS
- Includes code implementing the Berkeley Fast File System
(FFS). Most machines need this if they are not running
diskless.
- file-system EXT2FS
- Includes code implementing the Second Extended File
System (ext2), revision 0 and revision 1 with the
filetype, sparse_super and
large_file options. This is the most commonly used file
system on the Linux operating system, and is provided here for
compatibility. Some of the specific features of ext2
like the "behavior on errors" are not implemented. See
mount_ext2fs(8) for
details.
- file-system LFS
- [EXPERIMENTAL] Include the
Log-structured File System (LFS). See
mount_lfs(8) and
newfs_lfs(8) for
details.
- file-system MFS
- Include the Memory File System (MFS).
This file system stores files in swappable memory, and produces notable
performance improvements when it is used as the file store for
/tmp and similar file systems. See
mount_mfs(8) for
details.
- file-system NFS
- Include the client side of the Network File System (NFS)
remote file sharing protocol. Although the bulk of the code implementing
NFS is kernel based, several user level daemons are needed for it to work.
See mount_nfs(8) for
details.
- file-system CD9660
- Includes code for the ISO 9660 + Rock Ridge file system,
which is the standard file system on many CD-ROM discs. Useful primarily
if you have a CD-ROM drive. See
mount_cd9660(8) for
details.
- file-system MSDOSFS
- Includes the MS-DOS FAT file system, which is reportedly
still used by unfortunate people who have not heard about
NetBSD. Also implements the Windows 95 extensions
to the same, which permit the use of longer, mixed case file names. See
mount_msdos(8) and
fsck_msdos(8) for
details.
- file-system NTFS
- [EXPERIMENTAL] Includes code for the
Microsoft Windows NT file system. See
mount_ntfs(8) for
details.
- file-system FDESC
- Includes code for a file system, conventionally mounted
on /dev/fd, which permits access to the per-process file
descriptor space via special files in the file system. See
mount_fdesc(8) for
details. Note that this facility is redundant, and thus unneeded on most
NetBSD systems, since the
fd(4) pseudo-device driver
already provides identical functionality. On most
NetBSD systems, instances of
fd(4) are mknoded under
/dev/fd/ and on /dev/stdin,
/dev/stdout, and /dev/stderr.
- file-system KERNFS
- Includes code which permits the mounting of a special
file system (normally mounted on /kern) in which files
representing various kernel variables and parameters may be found. See
mount_kernfs(8) for
details.
- file-system NULLFS
- Includes code for a loopback file system. This permits
portions of the file hierarchy to be re-mounted in other places. The code
really exists to provide an example of a stackable file system layer. See
mount_null(8) for
details.
- file-system OVERLAY
- Includes code for a file system filter. This permits the
overlay file system to intercept all access to an underlying file system.
This file system is intended to serve as an example of a stacking file
system which has a need to interpose itself between an underlying file
system and all other access. See
mount_overlay(8) for
details.
- file-system PROCFS
- Includes code for a special file system (conventionally
mounted on /proc) in which the process space becomes
visible in the file system. Among other things, the memory spaces of
processes running on the system are visible as files, and signals may be
sent to processes by writing to ctl files in the procfs
namespace. See
mount_procfs(8) for
details.
- file-system UDF
- [EXPERIMENTAL] Includes code for the
UDF file system commonly found on CD and DVD media but also on USB sticks.
Currently supports read and write access upto UDF 2.01 and somewhat
limited write support for UDF 2.50. It is marked experimental since there
is no fsck_udf(8). See
mount_udf(8) for
details.
- file-system UMAPFS
- Includes a loopback file system in which user and group
IDs may be remapped -- this can be useful when mounting alien file systems
with different UIDs and GIDs than the local system. See
mount_umap(8) for
details.
- file-system UNION
- [EXPERIMENTAL] Includes code for the
union file system, which permits directories to be mounted on top of each
other in such a way that both file systems remain visible -- this permits
tricks like allowing writing (and the deleting of files) on a read-only
file system like a CD-ROM by mounting a local writable file system on top
of the read-only file system. See
mount_union(8) for
details.
- file-system CODA
- [EXPERIMENTAL] Includes code for the
Coda file system. Coda is a distributed file system like NFS and AFS. It
is freely available, like NFS, but it functions much like AFS in being a
“stateful” file system. Both Coda and AFS cache files on your
local machine to improve performance. Then Coda goes a step further than
AFS by letting you access the cached files when there is no available
network, viz. disconnected laptops and network outages. In Coda, both the
client and server are outside the kernel which makes them easier to
experiment with. Coda is available for several UNIX and non-UNIX
platforms. See
http://www.coda.cs.cmu.edu
for more details. NOTE: You also need to enable the
pseudo-device, vcoda, for the Coda file system to work.
- file-system SMBFS
- [EXPERIMENTAL] Includes code for the
SMB/CIFS file system. See
mount_smbfs(8) for
details. NOTE: You also need to enable the
pseudo-device, nsmb, for the SMB file system to work.
- file-system PTYFS
- [EXPERIMENTAL] Includes code for a
special file system (normally mounted on /dev/pts) in
which pseudo-terminal slave devices become visible in the file system. See
mount_ptyfs(8) for
details.
- file-system TMPFS
- Includes code for the efficient memory file system,
normally used over /tmp. See
mount_tmpfs(8) for
details.
- file-system PUFFS
- Includes kernel support for the pass-to-userspace
framework file system. It can be used to implement file system
functionality in userspace. See
puffs(3) for more details.
This enables for example sshfs:
mount_psshfs(8).
File System Options
- options DISKLABEL_EI
- Enable “Endian-Independent”
disklabel(5) support.
This allows a system to recognize a disklabel written in the other byte
order. For writing, when a label already exists, its byte order is
preserved. Otherwise, a new label is written in the native byte order. To
specify the byte order explicitly, the -F option of
disklabel(8) should be
used with the -B option in order to avoid using
ioctl(2), which results in
the default behavior explained above. At the moment this option is
restricted to the following ports: amd64, bebox, emips, epoc32, evbarm,
i386, ibmnws, landisk, mvmeppc, prep, rs6000, sandpoint, xen, and zaurus;
also to machines of the evbmips and evbppc ports that support Master Boot
Record (MBR).
- options MAGICLINKS
- Enables the expansion of special strings (beginning with
“@”) when traversing symbolic links. See
symlink(7) for a list of
supported strings. Note that this option only controls the enabling of
this feature by the kernel at boot-up. This feature can still be
manipulated with the
sysctl(8) command regardless
of the setting of this option.
- options NFSSERVER
- Include the server side of the NFS
(Network File System) remote file sharing protocol. Although the bulk of
the code implementing NFS is kernel based, several user
level daemons are needed for it to work. See
mountd(8) and
nfsd(8) for details.
- options NVNODE=integer
- This option sets the size of the cache used by the
name-to-inode translation routines, (a.k.a. the namei()
cache, though called by many other names in the kernel source). By
default, this cache has
(NPROC + NTEXT + 100)
entries (NPROC set as 20 + 16 * MAXUSERS and NTEXT as 80 + NPROC / 8). A
reasonable way to derive a value of NVNODE
, should
you notice a large number of namei cache misses with a tool such as
systat(1), is to examine
your system's current computed value with
sysctl(8), (which calls this
parameter "kern.maxvnodes") and to increase this value until
either the namei cache hit rate improves or it is determined that your
system does not benefit substantially from an increase in the size of the
namei cache.
- options NAMECACHE_ENTER_REVERSE
- Causes the namei cache to always enter a reverse mapping
(vnode -> name) as well as a normal one. Normally, this is already done
for directory vnodes, to speed up the getcwd operation. This option will
cause longer hash chains in the reverse cache, and thus slow down getcwd
somewhat. However, it does make vnode -> path translations possible in
some cases. For now, only useful if strict /proc/#/maps
emulation for Linux binaries is required.
Options for FFS/UFS File
Systems
- options WAPBL
- Enable “Write Ahead Physical Block Logging file
system journaling”. This provides rapid file system consistency
checking after a system outage. It also provides better general use
performance over regular FFS. See also
wapbl(4).
- options QUOTA
- Enables kernel support for traditional quotas in FFS.
Traditional quotas store the quota information in external files and
require quotacheck(8)
and quotaon(8) at boot
time. Traditional quotas are limited to 32-bit sizes and are at this point
considered a legacy feature.
- options QUOTA2
- Enables kernel support for in-volume quotas in FFS. The
quota information is file system metadata maintained by
fsck(8) and/or WAPBL
journaling. MFS volumes can also use
QUOTA2
quotas; see mount_mfs(8)
for more information.
- options FFS_EI
- Enable “Endian-Independent” FFS support. This
allows a system to mount an FFS file system created for another
architecture, at a small performance cost for all FFS file systems. See
also newfs(8),
fsck_ffs(8),
dumpfs(8) for file system
byte order status and manipulation.
- options FFS_NO_SNAPSHOT
- Disable support for the creation of file system internal
snapshot of FFS file systems. Maybe useful for install media kernels,
small memory systems and embedded systems which don't require the snapshot
support.
- options UFS_EXTATTR
- Enable extended attribute support for UFS1 file
systems.
- options UFS_DIRHASH
- Increase lookup performance by maintaining in-core hash
tables for large directories.
Options for the LFS File
System
- options LFS_EI
- Enable “Endian-Independent” LFS support. This
allows (at a small performance cost) mounting an LFS file system created
for another architecture.
- options LFS_DIRHASH
- Increase lookup performance by maintaining in-core hash
tables for large directories.
Options for the ext2fs
File System
- options EXT2FS_SYSTEM_FLAGS
- This option changes the behavior of the APPEND and
IMMUTABLE flags for a file on an ext2 file system.
Without this option, the superuser or owner of the file can set and clear
them. With this option, only the superuser can set them, and they can't be
cleared if the securelevel is greater than 0. See also
chflags(1) and
secmodel_securelevel(9).
Options for the NFS File
System
- options NFS_BOOT_BOOTP
- Enable use of the BOOTP protocol (RFCs 951 and 1048) to
get configuration information if NFS is used to mount the root file
system. See diskless(8)
for details.
- options NFS_BOOT_BOOTSTATIC
- Enable use of static values defined as
“NFS_BOOTSTATIC_MYIP”, “NFS_BOOTSTATIC_GWIP”,
“NFS_BOOTSTATIC_SERVADDR”, and
“NFS_BOOTSTATIC_SERVER” in kernel options to get configuration
information if NFS is used to mount the root file system.
- options NFS_BOOT_DHCP
- Same as “NFS_BOOT_BOOTP”, but use the DHCP
extensions to the BOOTP protocol (RFC 1541).
- options NFS_BOOT_BOOTP_REQFILE
- Specifies the string sent in the bp_file field of the
BOOTP/DHCP request packet.
- options NFS_BOOT_BOOTPARAM
- Enable use of the BOOTPARAM protocol, consisting of RARP
and BOOTPARAM RPC, to get configuration information if NFS is used to
mount the root file system. See
diskless(8) for
details.
- options NFS_BOOT_RWSIZE=value
- Set the initial NFS read and write sizes for
diskless-boot requests. The normal default is 8Kbytes. This option
provides a way to lower the value (e.g., to 1024 bytes) as a workaround
for buggy network interface cards or boot PROMs. Once booted, the read and
write request sizes can be increased by remounting the file system. See
mount_nfs(8) for
details.
- options NFS_V2_ONLY
- Reduce the size of the NFS client code by omitting code
that's only required for NFSv3 and NQNFS support, leaving only that code
required to use NFSv2 servers.
- options NFS_BOOT_TCP
- Use NFS over TCP instead of the default UDP, for mounting
root.
Buffer queue strategy
options
The following options enable alternative buffer queue strategies.
- options BUFQ_READPRIO
- Enable experimental buffer queue strategy for disk I/O.
In the default strategy, outstanding disk requests are ordered by sector
number and sent to the disk, regardless of whether the operation is a read
or write; this option gives priority to issuing read requests over write
requests. Although requests may therefore be issued out of sector-order,
causing more seeks and thus lower overall throughput, interactive system
responsiveness under heavy disk I/O load may be improved, as processes
blocking on disk reads are serviced sooner (file writes typically don't
cause applications to block). The performance effect varies greatly
depending on the hardware, drive firmware, file system configuration,
workload, and desired performance trade-off. Systems using drive
write-cache (most modern IDE disks, by default) are unlikely to benefit
and may well suffer; such disks acknowledge writes very quickly, and
optimize them internally according to physical layout. Giving these disks
as many requests to work with as possible (the standard strategy) will
typically produce the best results, especially if the drive has a large
cache; the drive will silently complete writes from cache as it seeks for
reads. Disks that support a large number of concurrent tagged requests
(SCSI disks and many hardware RAID controllers) expose this internal
scheduling with tagged responses, and don't block for reads; such disks
may not see a noticeable difference with either strategy. However, if IDE
disks are run with write-cache disabled for safety, writes are not
acknowledged until actually completed, and only one request can be
outstanding; a large number of small writes in one locality can keep the
disk busy, starving reads elsewhere on the disk. Such systems are likely
to see the most benefit from this option. Finally, the performance
interaction of this option with ffs soft dependencies can be subtle, as
that mechanism can drastically alter the workload for file system metadata
writes.
- options BUFQ_PRIOCSCAN
- Enable another buffer queue strategy for disk I/O,
per-priority cyclical scan.
- options NEW_BUFQ_STRATEGY
- Synonym of BUFQ_READPRIO.
Miscellaneous Options
- options CPU_UCODE
- Support cpu microcode loading via
cpuctl(8).
- options MEMORY_DISK_DYNAMIC
- This option makes the
md(4) RAM disk size dynamically
sized. It is incompatible with
mdsetimage(8).
- options MEMORY_DISK_HOOKS
- This option allows for some machine dependent functions
to be called when the md(4) RAM
disk driver is configured. This can result in automatically loading a RAM
disk from floppy on open (among other things).
- options MEMORY_DISK_IS_ROOT
- Forces the
md(4) RAM disk to be the root
device. This can only be overridden when the kernel is booted in the
'ask-for-root' mode.
- options
MEMORY_DISK_ROOT_SIZE=integer
- Allocates the given number of 512 byte blocks as memory
for the md(4) RAM disk, to be
populated with
mdsetimage(8).
- options MEMORY_DISK_SERVER=0
- Do not include the interface to a userland memory disk
server process. Per default, this option is set to 1, including the
support code. Useful for install media kernels.
- options MEMORY_DISK_RBFLAGS=value
- This option sets the
reboot(2) flags used when
booting with a memory disk as root file system. Possible values include
RB_AUTOBOOT
(boot in the usual fashion - default
value), and RB_SINGLE
(boot in single-user
mode).
- options MODULAR
- Enables the framework for kernel modules (see
module(7)).
- options MODULAR_DEFAULT_AUTOLOAD
- Enables the autoloading of kernel modules by default.
This sets the default value of the kern.module.autoload
sysctl(3) variable which may
be changed at run time.
- options VND_COMPRESSION
- Enables the
vnd(4) driver to also handle
compressed images. See
vndcompress(1),
vnd(4) and
vnconfig(8) for more
information.
- options SPLDEBUG
- Help the kernel programmer find bugs related to the
interrupt priority level. When spllower() or
splraise() changes the current CPU's interrupt priority
level to or from
IPL_HIGH
, record a backtrace.
Read
i386/return_address(9)
for caveats about collecting backtraces. This feature is experimental, and
it is only available on i386. See
sys/kern/subr_spldebug.c.
- options TFTPROOT
- Download the root memory disk through TFTP at root mount
time. This enables the use of a root RAM disk without requiring it to be
embedded in the kernel using
mdsetimage(8). The RAM
disk name is obtained using DHCP's filename parameter. This option
requires MEMORY_DISK_HOOKS,
MEMORY_DISK_DYNAMIC, and
MEMORY_DISK_IS_ROOT. It is incompatible with
MEMORY_DISK_ROOT_SIZE.
- options HZ=integer
- On ports that support it, set the system clock frequency
(see hz(9)) to the supplied
value. Handle with care.
- options NTP
- Turns on in-kernel precision timekeeping support used by
software implementing NTP (Network Time Protocol, RFC
1305). The NTP option adds an in-kernel Phase-Locked
Loop (PLL) for normal NTP operation, and a
Frequency-Locked Loop (FLL) for intermittently-connected operation.
ntpd(8) will employ a
user-level PLL when kernel support is unavailable, but the in-kernel
version has lower latency and more precision, and so typically keeps much
better time.
The interface to the kernel NTP support is provided by the
ntp_adjtime(2) and
ntp_gettime(2) system
calls, which are intended for use by
ntpd(8) and are enabled by the
option. On systems with sub-microsecond resolution timers, or where
(HZ/100000) is not an integer, the NTP option also
enables extended-precision arithmetic to keep track of fractional clock
ticks at NTP time-format precision.
- options PPS_SYNC
- This option enables a kernel serial line discipline for
receiving time phase signals from an external reference clock such as a
radio clock. (The NTP option (which see) must be on if
the PPS_SYNC option is used). Some reference clocks
generate a Pulse Per Second (PPS) signal in phase with their time source.
The PPS line discipline receives this signal on either
the data leads or the DCD control lead of a serial port.
NTP uses the PPS signal to discipline the local clock
oscillator to a high degree of precision (typically less than 50
microseconds in time and 0.1 ppm in accuracy). PPS can
also generate a serial output pulse when the system receives a PPS
interrupt. This can be used to measure the system interrupt latency and
thus calibrate NTP to account for it. Using
PPS usually requires a gadget box to convert from TTL to
RS-232 signal levels. The gadget box and PPS are described in more detail
in the HTML documentation for
ntpd(8) in
/usr/share/doc/html/ntp.
NetBSD currently supports this option in
com(4) and
zsc(4).
- options SETUIDSCRIPTS
- Allows scripts with the setuid bit set to execute as the
effective user rather than the real user, just like binary executables.
NOTE: Using this option will also enable
options FDSCRIPTS
- options FDSCRIPTS
- Allows execution of scripts with the execute bit set, but
not the read bit, by opening the file and passing the file descriptor to
the shell, rather than the filename.
NOTE: Execute only (non-readable) scripts will have
argv[0] set to /dev/fd/*. What
this option allows as far as security is concerned, is the ability to
safely ensure that the correct script is run by the interpreter, as it is
passed as an already open file.
- options RTC_OFFSET=integer
- The kernel (and typically the hardware battery backed-up
clock on those machines that have one) keeps time in UTC
(Universal Coordinated Time, once known as GMT, or
Greenwich Mean Time) and not in the time of the local time zone. The
RTC_OFFSET option is used on some ports (such as the
i386) to tell the kernel that the hardware clock is offset from
UTC by the specified number of minutes. This is
typically used when a machine boots several operating systems and one of
them wants the hardware clock to run in the local time zone and not in
UTC, e.g. RTC_OFFSET=300 means the
hardware clock is set to US Eastern Time (300 minutes behind
UTC), and not UTC. (Note:
RTC_OFFSET is used to initialize a kernel variable named
rtc_offset which is the source actually used to
determine the clock offset, and which may be accessed via the
kern.rtc_offset sysctl variable. See
sysctl(8) and
sysctl(3) for details. Since
the kernel clock is initialized from the hardware clock very early in the
boot process, it is not possible to meaningfully change
rtc_offset in system initialization scripts.
Changing this value currently may only be done at kernel compile time or
by patching the kernel and rebooting).
NOTE: Unfortunately, in many cases where the hardware
clock is kept in local time, it is adjusted for Daylight Savings Time;
this means that attempting to use RTC_OFFSET to let
NetBSD coexist with such an operating system, like
Windows, would necessitate changing RTC_OFFSET twice a
year. As such, this solution is imperfect.
- options MAXUPRC=integer
- Sets the soft
RLIMIT_NPROC
resource limit, which specifies the maximum number of simultaneous
processes a user is permitted to run, for process 0; this value is
inherited by its child processes. It defaults to
CHILD_MAX, which is currently defined to be 160. Setting
MAXUPRC to a value less than CHILD_MAX
is not permitted, as this would result in a violation of the semantics of
IEEE Std 1003.1-1990 (“POSIX.1”).
- options NOFILE=integer
- Sets the soft
RLIMIT_NOFILE
resource limit, which specifies the maximum number of open file
descriptors for each process; this value is inherited by its child
processes. It defaults to OPEN_MAX, which is currently
defined to be 128.
- options MAXFILES=integer
- Sets the default value of the
kern.maxfiles sysctl variable, which indicates the
maximum number of files that may be open in the system.
- options DEFCORENAME=string
- Sets the default value of the
kern.defcorename sysctl variable, otherwise it is set to
%n.core. See
sysctl(8) and
sysctl(3) for details.
- options RASOPS_CLIPPING
- Enables clipping within the rasops
raster-console output system. NOTE: only available on
architectures that use rasops for console output.
- options RASOPS_SMALL
- Removes optimized character writing code from the
rasops raster-console output system.
NOTE: only available on architectures that use
rasops for console output.
- options INCLUDE_CONFIG_FILE
- Embeds the kernel config file used to define the kernel
in the kernel binary itself. The embedded data also includes any files
directly included by the config file itself, e.g.
GENERIC.local or std.$MACHINE. The
embedded config file can be extracted from the resulting kernel with
config(1)
-x, or by the following command:
strings netbsd | sed -n 's/^_CFG_//p' | unvis
- options INCLUDE_JUST_CONFIG
- Similar to the above option, but includes just the actual
config file, not any included files.
- options PIPE_SOCKETPAIR
- Use slower, but smaller socketpair(2)-based pipe
implementation instead of default faster, but bigger one. Primarily useful
for installation kernels.
- options USERCONF
- Compiles in the in-kernel device configuration manager.
See userconf(4) for
details.
- options PERFCTRS
- Compiles in kernel support for CPU performance-monitoring
counters. See pmc(1) for
details. NOTE: not available on all architectures.
- options SCDEBUG_DEFAULT
- Used with the options SYSCALL_DEBUG
described below to choose which types of events are displayed.
SCDEBUG_CALLS
- Show system call entry points.
SCDEBUG_RETURNS
- Show system call exit points.
SCDEBUG_ALL
- Show all system call requestes, including unimplemented
calls.
SCDEBUG_SHOWARGS
- Show the arguments provided.
SCDEBUG_KERNHIST
- Store a restricted form of the system call debug in a
kernel history instead of printing it to the console. This option
relies upon options KERNHIST.
The default value is
(SCDEBUG_CALLS|SCDEBUG_RETURNS|SCDEBUG_SHOWARGS)
.
- options SYSCALL_DEBUG
- Useful for debugging system call issues, usually in early
single user bringup. By default, writes entries to the system console for
most system call events. Can be configured with the options
SCDEBUG_DEFAULT option to to use the options
KERNHIST facility instead.
- options SYSCALL_STATS
- Count the number of times each system call number is
called. The values can be read through the sysctl interface and displayed
using systat(1).
NOTE: not yet available on all architectures.
- options SYSCALL_TIMES
- Count the time spent (using
cpu_counter32()) in each system call.
NOTE: Using this option will also enable
options SYSCALL_STATS.
- options SYSCALL_TIMES_HASCOUNTER
- Force use of cpu_counter32() even if
cpu_hascounter() reports false. Useful for systems where
the cycle counter doesn't run at a constant rate (e.g. Soekris
boxes).
- options XSERVER_DDB
- A supplement to XSERVER that adds support for entering
ddb(4) while in X11.
- options FILEASSOC
- Support for
fileassoc(9). Required
for options PAX_SEGVGUARD and
pseudo-device veriexec.
- options FILEASSOC_NHOOKS=integer
- Number of storage slots per file for
fileassoc(9). Default is
4.
Networking Options
- options GATEWAY
- Enables IPFORWARDING (which see) and
(on most ports) increases the size of NMBCLUSTERS (which
see). In general, GATEWAY is used to indicate that a
system should act as a router, and IPFORWARDING is not
invoked directly. (Note that GATEWAY has no impact on
protocols other than IP, such as CLNP). GATEWAY option
also compiles IPv4 and IPv6 fast forwarding code into the kernel.
- options ICMPPRINTFS
- The ICMPPRINTFS option will enable
debugging information to be printed about the
icmp(4) protocol.
- options IPFORWARDING=value
- If value is 1 this enables IP routing
behavior. If value is 0 (the default), it disables it.
The GATEWAY option sets this to 1 automatically. With
this option enabled, the machine will forward IP datagrams destined for
other machines between its interfaces. Note that even without this option,
the kernel will still forward some packets (such as source routed packets)
-- removing GATEWAY and IPFORWARDING
is insufficient to stop all routing through a bastion host on a firewall
-- source routing is controlled independently. To turn off source routing,
use options IPFORWSRCRT=0 (which see). Note that IP
forwarding may be turned on and off independently of the setting of the
IPFORWARDING option through the use of the
net.inet.ip.forwarding sysctl variable. If
net.inet.ip.forwarding is 1, IP forwarding is on. See
sysctl(8) and
sysctl(3) for details.
- options IPFORWSRCRT=value
- If value is set to zero, source routing
of IP datagrams is turned off. If value is set to one
(the default) or the option is absent, source routed IP datagrams are
forwarded by the machine. Note that source routing of IP packets may be
turned on and off independently of the setting of the
IPFORWSRCRT option through the use of the
net.inet.ip.forwsrcrt sysctl variable. If
net.inet.ip.forwsrcrt is 1, forwarding of source routed
IP datagrams is on. See
sysctl(8) and
sysctl(3) for details.
- options IFA_STATS
- Tells the kernel to maintain per-address statistics on
bytes sent and received over (currently) Internet and AppleTalk addresses.
The option is not recommended as it degrades system stability.
- options IFQ_MAXLEN=value
- Increases the allowed size of the network interface
packet queues. The default queue size is 50 packets, and you do not
normally need to increase it.
- options IPSELSRC
- Includes support for source-address selection policies.
See in_getifa(9).
- options MROUTING
- Includes support for IP multicast routers. You certainly
want INET with this. Multicast routing is controlled by
the mrouted(8) daemon. See
also option PIM.
- options PIM
- Includes support for Protocol Independent Multicast (PIM)
routing. You need MROUTING and INET
with this. Software using this can be found e.g. in
pkgsrc/net/xorp.
- options INET
- Includes support for the TCP/IP protocol stack. You
almost certainly want this. See
inet(4) for details.
- options INET6
- Includes support for the IPv6 protocol stack. See
inet6(4) for details. Unlike
INET, INET6 enables multicast routing
code as well. This option requires INET at this moment,
but it should not.
- options ND6_DEBUG
- The option sets the default value of
net.inet6.icmp6.nd6_debug to 1, for debugging IPv6 neighbor discovery
protocol handling. See
sysctl(3) for details.
- options IPSEC
- Includes support for the IPsec protocol, using the
implementation derived from OpenBSD, relying on
opencrypto(9) to carry
out cryptographic operations. See
fast_ipsec(4) for
details.
- options IPSEC_DEBUG
- Enables debugging code in IPsec stack. See
ipsec(4) for details. The
IPSEC option includes support for IPsec Network Address
Translator traversal (NAT-T), as described in RFCs 3947 and 3948. This
feature might be patent-encumbered in some countries.
- options ALTQ
- Enabled ALTQ (Alternate Queueing). For simple
rate-limiting, use
tbrconfig(8) to set up
the interface transmission rate. To use queueing disciplines, their
appropriate kernel options should also be defined (documented below).
Queueing disciplines are managed by
altqd(8). See
altq(9) for details.
- options ALTQ_HFSC
- Include support for ALTQ-implemented HFSC (Hierarchical
Fair Service Curve) module. HFSC supports both link-sharing and guaranteed
real-time services. HFSC employs a service curve based QoS model, and its
unique feature is an ability to decouple delay and bandwidth allocation.
Requires ALTQ_RED to use the RED queueing discipline on
HFSC classes, or ALTQ_RIO to use the RIO queueing
discipline on HFSC classes. This option assumes
ALTQ.
- options ALTQ_PRIQ
- Include support for ALTQ-implemented PRIQ (Priority
Queueing). PRIQ implements a simple priority-based queueing discipline. A
higher priority class is always served first. Requires
ALTQ_RED to use the RED queueing discipline on HFSC
classes, or ALTQ_RIO to use the RIO queueing discipline
on HFSC classes. This option assumes ALTQ.
- options ALTQ_WFQ
- Include support for ALTQ-implemented WFQ (Weighted Fair
Queueing). WFQ implements a weighted-round robin scheduler for a set of
queues. A weight can be assigned to each queue to give a different
proportion of the link capacity. A hash function is used to map a flow to
one of a set of queues. This option assumes ALTQ.
- options ALTQ_FIFOQ
- Include support for ALTQ-implemented FIFO queueing. FIFOQ
is a simple drop-tail FIFO (First In, First Out) queueing discipline. This
option assumes ALTQ.
- options ALTQ_RIO
- Include support for ALTQ-implemented RIO (RED with
In/Out). The original RIO has 2 sets of RED parameters; one for in-profile
packets and the other for out-of-profile packets. At the ingress of the
network, profile meters tag packets as IN or OUT based on contracted
profiles for customers. Inside the network, IN packets receive
preferential treatment by the RIO dropper. ALTQ/RIO has 3 drop precedence
levels defined for the Assured Forwarding PHB of DiffServ (RFC 2597). This
option assumes ALTQ.
- options ALTQ_BLUE
- Include support for ALTQ-implemented Blue buffer
management. Blue is another active buffer management mechanism. This
option assumes ALTQ.
- options ALTQ_FLOWVALVE
- Include support for ALTQ-implemented Flowvalve. Flowvalve
is a simple implementation of a RED penalty box that identifies and
punishes misbehaving flows. This option requires
ALTQ_RED and assumes ALTQ.
- options ALTQ_CDNR
- Include support for ALTQ-implemented CDNR (diffserv
traffic conditioner) packet marking/manipulation. Traffic conditioners are
components to meter, mark, or drop incoming packets according to some
rules. As opposed to queueing disciplines, traffic conditioners handle
incoming packets at an input interface. This option assumes
ALTQ.
- options ALTQ_NOPCC
- Disables use of processor cycle counter to measure time
in ALTQ. This option should be defined for a non-Pentium i386 CPU which
does not have TSC, SMP (per-CPU counters are not in sync), or power
management which affects processor cycle counter. This option assumes
ALTQ.
- options ALTQ_IPSEC
- Include support for IPsec in IPv4 ALTQ. This option
assumes ALTQ.
- options ALTQ_JOBS
- Include support for ALTQ-implemented JoBS (Joint Buffer
Management and Scheduling). This option assumes
ALTQ.
- options ALTQ_AFMAP
- Include support for an undocumented ALTQ feature that is
used to map an IP flow to an ATM VC (Virtual Circuit). This option assumes
ALTQ.
- options ALTQ_LOCALQ
- Include support for ALTQ-implemented local queues. Its
practical use is undefined. Assumes ALTQ.
- options SUBNETSARELOCAL
- Sets default value for net.inet.ip.subnetsarelocal
variable, which controls whether non-directly-connected subnets of
connected networks are considered "local" for purposes of
choosing the MSS for a TCP connection. This is mostly present for historic
reasons and completely irrelevant if you enable Path MTU discovery.
- options HOSTZEROBROADCAST
- Sets default value for net.inet.ip.hostzerobroadcast
variable, which controls whether the zeroth host address of each connected
subnet is also considered a broadcast address. Default value is
"1", for compatibility with old systems; if this is set to zero
on all hosts on a subnet, you should be able to fit an extra host per
subnet on the ".0" address.
- options MCLSHIFT=value
- This option is the base-2 logarithm of the size of mbuf
clusters. The BSD networking stack keeps network
packets in a linked list, or chain, of kernel buffer objects called mbufs.
The system provides larger mbuf clusters as an optimization for large
packets, instead of using long chains for large packets. The mbuf cluster
size, or MCLBYTES, must be a power of two, and is
computed as two raised to the power MCLSHIFT. On systems
with Ethernet network adapters, MCLSHIFT is often set to
11, giving 2048-byte mbuf clusters, large enough to hold a 1500-byte
Ethernet frame in a single cluster. Systems with network interfaces
supporting larger frame sizes like ATM, FDDI, or HIPPI may perform better
with MCLSHIFT set to 12 or 13, giving mbuf cluster sizes
of 4096 and 8192 bytes, respectively.
- options NETATALK
- Include support for the AppleTalk protocol stack. The
kernel provides provision for the Datagram Delivery
Protocol (DDP), providing SOCK_DGRAM support and AppleTalk routing.
This stack is used by the NETATALK package, which adds
support for AppleTalk server services via user libraries and
applications.
- options BLUETOOTH
- Include support for the Bluetooth protocol stack. See
bluetooth(4) for
details.
- options IPNOPRIVPORTS
- Normally, only root can bind a socket descriptor to a
so-called “privileged” TCP port, that is, a port number in the
range 0-1023. This option eliminates those checks from the kernel. This
can be useful if there is a desire to allow daemons without privileges to
bind those ports, e.g., on firewalls. The security tradeoffs in doing this
are subtle. This option should only be used by experts.
- options TCP_COMPAT_42
- TCP bug compatibility with
4.2BSD. In 4.2BSD, TCP
sequence numbers were 32-bit signed values. Modern implementations of TCP
use unsigned values. This option clamps the initial sequence number to
start in the range 2^31 rather than the full unsigned range of 2^32. Also,
under 4.2BSD, keepalive packets must contain at
least one byte or else the remote end would not respond.
- options TCP_DEBUG
- Record the last TCP_NDEBUG TCP packets
with SO_DEBUG set, and decode to the console if
tcpconsdebug is set.
- options TCP_NDEBUG
- Number of packets to record for
TCP_DEBUG. Defaults to 100.
- options TCP_SENDSPACE=value
- options TCP_RECVSPACE=value
- These options set the max TCP window size to other sizes
than the default. The TCP window sizes can be altered via
sysctl(8) as well.
- options TCP_INIT_WIN=value
- This option sets the initial TCP window size for
non-local connections, which is used when the transmission starts. The
default size is 1, but if the machine should act more aggressively, the
initial size can be set to some other value. The initial TCP window size
can be set via sysctl(8) as
well.
- options TCP_SIGNATURE
- Enable MD5 TCP signatures (RFC 2385) to protect BGP
sessions.
- options IPFILTER_LOG
- This option, in conjunction with
pseudo-device ipfilter, enables logging of IP packets
using IP-Filter.
- options IPFILTER_LOOKUP
- This option enables the IP-Filter
ippool(8) functionality to
be enabled.
- options IPFILTER_COMPAT
- This option enables older IP-Filter binaries to
work.
- options IPFILTER_DEFAULT_BLOCK
- This option sets the default policy of IP-Filter. If it
is set, IP-Filter will block packets by default.
- options BRIDGE_IPF
- This option causes bridge devices to
use the IP and/or IPv6 filtering hooks, forming a link-layer filter that
uses protocol-layer rules. This option assumes the presence of
pseudo-device ipfilter.
- options MBUFTRACE
- This option can help track down mbuf leaks. When enabled,
mbufs are tagged with the devices and protocols using them, which slightly
decreases network performance. This additional information can be viewed
with netstat(1):
netstat
-mssv
Not all devices or protocols support this option.
- options SYSCTL_DISALLOW_CREATE
- Disallows the creation or deletion of nodes from the
sysctl tree, as well as the assigning of descriptions to nodes that lack
them, by any process. These operations are still available to kernel
sub-systems, including loadable kernel modules.
- options SYSCTL_DISALLOW_KWRITE
- Prevents processes from adding nodes to the sysctl tree
that make existing kernel memory areas writable. Sections of kernel memory
can still be read and new nodes that own their own data may still be
writable.
- options SYSCTL_DEBUG_SETUP
- Causes the SYSCTL_SETUP routines to print a brief message
when they are invoked. This is merely meant as an aid in determining the
order in which sections of the tree are created.
- options SYSCTL_DEBUG_CREATE
- Prints a message each time
sysctl_create(), the function that adds nodes to the
tree, is called.
- options SYSCTL_INCLUDE_DESCR
- Causes the kernel to include short, human readable
descriptions for nodes in the sysctl tree. The descriptions can be
retrieved programmatically (see
sysctl(3)), or by the sysctl
binary itself (see
sysctl(8)). The descriptions
are meant to give an indication of the purpose and/or effects of a given
node's value, not replace the documentation for the given subsystem as a
whole.
System V IPC Options
- options SYSVMSG
- Includes support for AT&T
System V UNIX style message queues. See
msgctl(2),
msgget(2),
msgrcv(2),
msgsnd(2).
- options SYSVSEM
- Includes support for AT&T
System V UNIX style semaphores. See
semctl(2),
semget(2),
semop(2).
- options SEMMNI=value
- Sets the number of AT&T
System V UNIX style semaphore identifiers. The GENERIC config
file for your port will have the default.
- options SEMMNS=value
- Sets the number of AT&T
System V UNIX style semaphores in the system. The GENERIC
config file for your port will have the default.
- options SEMUME=value
- Sets the maximum number of undo entries per process for
AT&T System V UNIX style semaphores. The
GENERIC config file for your port will have the default.
- options SEMMNU=value
- Sets the number of undo structures in the system for
AT&T System V UNIX style semaphores. The
GENERIC config file for your port will have the default.
- options SYSVSHM
- Includes support for AT&T
System V UNIX style shared memory. See
shmat(2),
shmctl(2),
shmdt(2),
shmget(2).
- options SHMMAXPGS=value
- Sets the maximum number of AT&T
System V UNIX style shared memory pages that are available
through the shmget(2) system
call. Default value is 1024 on most ports. See
/usr/include/machine/vmparam.h for the default.
- options NMBCLUSTERS=value
- The number of mbuf clusters the kernel supports. Mbuf
clusters are MCLBYTES in size (usually 2k). This is used to compute the
size of the kernel VM map mb_map, which maps mbuf
clusters. Default on most ports is 1024 (2048 with “options
GATEWAY” ). See /usr/include/machine/param.h for
exact default information. Increase this value if you get “mclpool
limit reached” messages.
- options NKMEMPAGES=value
- options NKMEMPAGES_MIN=value
- options NKMEMPAGES_MAX=value
- Size of kernel VM map kmem_map, in
PAGE_SIZE-sized chunks (the VM page size; this value may be read from the
sysctl(8) variable
hw.pagesize ). This VM map is used to map the kernel
malloc arena. The kernel attempts to auto-size this map based on the
amount of physical memory in the system. Platform-specific code may place
bounds on this computed size, which may be viewed with the
sysctl(8) variable
vm.nkmempages. See
/usr/include/machine/param.h for the default upper and
lower bounds. The related options ‘NKMEMPAGES_MIN’ and
‘NKMEMPAGES_MAX’ allow the bounds to be overridden in the
kernel configuration file. These options are provided in the event the
computed value is insufficient resulting in an “out of space in
kmem_map” panic.
- options SB_MAX=value
- Sets the max size in bytes that a socket buffer is
allowed to occupy. The default is 256k, but sometimes it needs to be
increased, for example when using large TCP windows. This option can be
changed via sysctl(8) as
well.
- options SOMAXKVA=value
- Sets the maximum size of kernel virtual memory that the
socket buffers are allowed to use. The default is 16MB, but in situations
where for example large TCP windows are used this value must also be
increased. This option can be changed via
sysctl(8) as well.
- options BUFCACHE=value
- Size of the buffer cache as a percentage of total
available RAM. Ignored if BUFPAGES is also specified.
- options NBUF=value
- Sets the number of buffer headers available, i.e., the
number of open files that may have a buffer cache entry. Each buffer
header requires MAXBSIZE (machine dependent, but usually 65536) bytes. The
default value is machine dependent, but is usually equal to the value of
BUFPAGES.
- options BUFPAGES=value
- These options set the number of pages available for the
buffer cache. Their default value is a machine dependent value, often
calculated as between 5% and 10% of total available RAM.
- options MAXTSIZ=bytes
- Sets the maximum size limit of a process' text segment.
See /usr/include/machine/vmparam.h for the port-specific
default.
- options DFLDSIZ=bytes
- Sets the default size limit of a process' data segment,
the value that will be returned as the soft limit for
RLIMIT_DATA
(as returned by
getrlimit(2)). See
/usr/include/machine/vmparam.h for the port-specific
default.
- options MAXDSIZ=bytes
- Sets the maximum size limit of a process' data segment,
the value that will be returned as the hard limit for
RLIMIT_DATA
(as returned by
getrlimit(2)). See
/usr/include/machine/vmparam.h for the port-specific
default.
- options DFLSSIZ=bytes
- Sets the default size limit of a process' stack segment,
the value that will be returned as the soft limit for
RLIMIT_STACK
(as returned by
getrlimit(2)). See
/usr/include/machine/vmparam.h for the port-specific
default.
- options MAXSSIZ=bytes
- Sets the maximum size limit of a process' stack segment,
the value that will be returned as the hard limit for
RLIMIT_STACK
(as returned by
getrlimit(2)). See
/usr/include/machine/vmparam.h for the port-specific
default.
- options DUMP_ON_PANIC=integer
- Defaults to one. If set to zero, the kernel will not dump
to the dump device when it panics, though dumps can still be forced via
ddb(4) with the
“sync” command. Note that this sets the value of the
kern.dump_on_panic
sysctl(3) variable which may
be changed at run time -- see
sysctl(8) for details.
- options USE_TOPDOWN_VM
- User space memory allocations (as made by
mmap(2)) will be arranged in a
“top down” fashion instead of the traditional “upwards
from MAXDSIZ + vm_daddr” method. This includes the placement of
ld.so(1). Arranging memory in
this manner allows either (or both of) the heap or
mmap(2) allocated space to
grow larger than traditionally possible. This option is not available on
all ports, but is instead expected to be offered on a port-by-port basis,
after which some ports will commit to using it by default. See the files
/usr/include/uvm/uvm_param.h for some implementation
details, and /usr/include/machine/vmparam.h for port
specific details including availability.
- options VMSWAP
- Enable paging device/file support. This option is on by
default.
- options PDPOLICY_CLOCKPRO
- Use CLOCK-Pro, an alternative page replace policy.
Security Options
- options INSECURE
- Initializes the kernel security level with -1 instead of
0. This means that the system always starts in secure level -1 mode, even
when running multiuser, unless the securelevel variable is set to value
> -1 in /etc/rc.conf. In this case the kernel
security level will be raised to that value when the
/etc/rc.d/securelevel script is run during system
startup. See the manual page for
init(8) for details on the
implications of this. The kernel secure level may manipulated by the
superuser by altering the kern.securelevel
sysctl(3) variable (the
secure level may only be lowered by a call from process ID 1, i.e.,
init(8)). See also
secmodel_securelevel(9),
sysctl(8) and
sysctl(3).
- options VERIFIED_EXEC_FP_MD5
- Enables support for MD5 hashes in Veriexec.
- options VERIFIED_EXEC_FP_SHA1
- Enables support for SHA1 hashes in Veriexec.
- options VERIFIED_EXEC_FP_RMD160
- Enables support for RMD160 hashes in Veriexec.
- options VERIFIED_EXEC_FP_SHA256
- Enables support for SHA256 hashes in Veriexec.
- options VERIFIED_EXEC_FP_SHA384
- Enables support for SHA384 hashes in Veriexec.
- options VERIFIED_EXEC_FP_SHA512
- Enables support for SHA512 hashes in Veriexec.
- options PAX_MPROTECT=value
- Enables PaX MPROTECT,
mprotect(2) restrictions
from the PaX project.
The value is the default value for the
global knob, see
sysctl(3). If 0, PaX
MPROTECT will be enabled only if explicitly set on programs using
paxctl(8). If 1, PaX
MPROTECT will be enabled for all programs. Programs can be exempted using
paxctl(8).
See security(7) for more
details.
- options PAX_SEGVGUARD=value
- Enables PaX Segvguard. Requires options
FILEASSOC.
The value is the default value for the
global knob, see
sysctl(3). If 0, PaX
Segvguard will be enabled only if explicitly set on programs using
paxctl(8). If 1, PaX
Segvguard will be enabled to all programs, and exemption can be done using
paxctl(8).
See security(7) for more
details.
- options PAX_ASLR=value
- Enables PaX ASLR.
The value is the default value for the
global knob, see
sysctl(3). If 0, PaX ASLR
will be enabled only if explicitly set on programs using
paxctl(8). If 1, PaX ASLR
will be enabled to all programs, and exemption can be done using
paxctl(8).
See security(7) for more
details.
- options
USER_VA0_DISABLE_DEFAULT=value
- Sets the initial value of the flag which controls whether
user programs can map virtual address 0. The flag can be changed at
runtime by sysctl(3).
amiga-specific Options
- options BB060STUPIDROM
- When the bootloader (which passes AmigaOS ROM
information) claims we have a 68060 CPU without FPU, go look into the
Processor Configuration Register (PCR) to find out. You need this with
Amiga ROMs up to (at least) V40.xxx (OS3.1), when you boot via the
bootblocks and don't have a DraCo.
- options IOBZCLOCK=frequency
- The IOBlix boards come with two different serial master
clocks: older ones use 24 MHz, newer ones use 22.1184 MHz. The driver
normally assumes the latter. If your board uses 24 MHz, you can recompile
your kernel with options IOBZCLOCK=24000000 or patch the kernel variable
iobzclock to the same value.
- options LIMITMEM=value
- If there, limit the part of the first memory bank used by
NetBSD to value megabytes. Default is
unlimited.
- options P5PPC68KBOARD
- Add special support for Phase5 mixed 68k+PPC boards.
Currently, this only affects rebooting from NetBSD
and is only needed on 68040+PPC, not on 68060+PPC; without this, affected
machines will hang after NetBSD has shut down and
will only restart after a keyboard reset or a power cycle.
atari-specific Options
- options DISKLABEL_AHDI
- Include support for AHDI (native Atari) disklabels.
- options DISKLABEL_NBDA
- Include support for NetBSD/atari
labels. If you don't set this option, it will be set automatically.
NetBSD/atari will not work without it.
- options FALCON_SCSI
- Include support for the 5380-SCSI configuration as found
on the Falcon.
- options RELOC_KERNEL
- If set, the kernel will relocate itself to TT-RAM, if
possible. This will give you a slightly faster system.
Beware that on some TT030 systems, the system will
frequently dump with MMU-faults with this option enabled.
- options SERCONSOLE
- Allow the modem1-port to act as the system-console. A
carrier should be active on modem1 during system boot to active the
console functionality.
- options TT_SCSI
- Include support for the 5380-SCSI configuration as found
on the TT030 and Hades.
i386-specific Options
- options CPURESET_DELAY=value
- Specifies the time (in millisecond) to wait before doing
a hardware reset in the last phase of a reboot. This gives the user a
chance to see error messages from the shutdown operations (like NFS
unmounts, buffer cache flush, etc ...). Setting this to 0 will disable the
delay. Default is 2 seconds.
- options VM86
- Include support for virtual 8086 mode, used by DOS
emulators and X servers to run BIOS code, e.g., for some VESA
routines.
- options USER_LDT
- Include i386-specific system calls for modifying the
local descriptor table, used by Windows emulators.
- options PAE
- Enable PAE (Physical Address Extension) mode. PAE permits
up to 36 bits physical addressing (64GB of physical memory), and turns
physical addresses to 64 bits entities in the memory management subsystem.
Userland virtual address space remains at 32 bits (4GB). PAE mode is
required to enable the NX/XD (No-eXecute/eXecute Disable) bit for pages,
which allows marking certain ones as not being executable. Any attempt to
execute code from such a page will raise an exception.
- options REALBASEMEM=integer
- Overrides the base memory size passed in from the boot
block. (Value given in kilobytes.) Use this option only if the boot block
reports the size incorrectly. (Note that some BIOSes put the extended BIOS
data area at the top of base memory, and therefore report a smaller base
memory size to prevent programs overwriting it. This is correct behavior,
and you should not use the REALBASEMEM option to access
this memory).
- options REALEXTMEM=integer
- Overrides the extended memory size passed in from the
boot block. (Value given in kilobytes. Extended memory does not include
the first megabyte.) Use this option only if the boot block reports the
size incorrectly.
- options CYRIX_CACHE_WORKS
- Relevant only to the Cyrix 486DLC CPU. This option is
used to turn on the cache in hold-flush mode. It is not turned on by
default because it is known to have problems in certain motherboard
implementations.
- options CYRIX_CACHE_REALLY_WORKS
- Relevant only to the Cyrix 486DLC CPU. This option is
used to turn on the cache in write-back mode. It is not turned on by
default because it is known to have problems in certain motherboard
implementations. In order for this option to take effect, option
CYRIX_CACHE_WORKS must also be specified.
- options PCIBIOS
- Enable support for initializing the PCI bus using
information from the BIOS. See
pcibios(4) for
details.
- options MTRR
- Include support for accessing MTRR registers from
user-space. See
i386_get_mtrr(2).
- options BEEP_ONHALT
- Make the system speaker emit several beeps when it is
completely safe to power down the computer after a
halt(8) command. Requires
sysbeep(4) support.
- options BEEP_ONHALT_COUNT=times
- Number of times to beep the speaker when
options BEEP_ONHALT is enabled. Defaults to 3.
- options BEEP_ONHALT_PITCH=hz
- The tone frequency used when options
BEEP_ONHALT option, in hertz. Defaults to 1500.
- options BEEP_ONHALT_PERIOD=msecs
- The duration of each beep when options
BEEP_ONHALT is enabled, in milliseconds. Defaults to 250.
- options MULTIBOOT
- Makes the kernel Multiboot-compliant, allowing it to be
booted through a Multiboot-compliant boot manager such as GRUB. See
multiboot(8) for more
information.
- options SPLASHSCREEN
- Display a splash screen during boot.
- options SPLASHSCREEN_PROGRESS
- Display a progress bar at the splash screen during boot.
This option requires SPLASHSCREEN.
isa-specific Options
Options specific to
isa(4) busses.
- options PCIC_ISA_ALLOC_IOBASE=address,
PCIC_ISA_ALLOC_IOSIZE=size
- Control the section of IO bus space used for PCMCIA bus
space mapping. Ideally the probed defaults are satisfactory, however in
practice that is not always the case. See
pcmcia(4) for details.
- options
PCIC_ISA_INTR_ALLOC_MASK=mask
- Controls the allowable interrupts that may be used for
PCMCIA devices. This mask is a logical-or of power-of-2s of allowable
interrupts:
IRQ Val IRQ Val IRQ Val IRQ Val
0 0x0001 4 0x0010 8 0x0100 12 0x1000
1 0x0002 5 0x0020 9 0x0200 13 0x2000
2 0x0004 6 0x0040 10 0x0400 14 0x4000
3 0x0008 7 0x0080 11 0x0800 15 0x8000
- options PCKBC_CNATTACH_SELFTEST
- Perform a self test of the keyboard controller before
attaching it as a console. This might be necessary on machines where we
boot on cold iron, and pckbc refuses to talk until we request a self test.
Currently only the netwinder port uses it.
- options PCKBD_CNATTACH_MAY_FAIL
- If this option is set the PS/2 keyboard will not be used
as the console if it cannot be found during boot. This allows other
keyboards, like USB, to be the console keyboard.
- options PCKBD_LAYOUT=layout
- Sets the default keyboard layout, see
pckbd(4).
m68k-specific Options
- options FPU_EMULATE
- Include support for MC68881/MC68882 emulator.
- options FPSP
- Include support for 68040 floating point.
- options
M68020,M68030,M68040,M68060
- Include support for a specific CPU, at least one (the one
you are using) should be specified.
- options M060SP
- Include software support for 68060. This provides
emulation of unimplemented integer instructions as well as emulation of
unimplemented floating point instructions and data types and software
support for floating point traps.
powerpc-specific Options
(OEA Only)
- options PMAP_MEMLIMIT=value
- Limit the amount of memory seen by the kernel to
value bytes.
- options PTEGCOUNT=value
- Specify the size of the page table as
value PTE groups. Normally, one PTEG is allocated
per physical page frame.
sparc-specific Options
- options AUDIO_DEBUG
- Enable simple event debugging of the logging of the
audio(4) device.
- options BLINK
- Enable blinking of LED. Blink rate is full cycle every N
seconds for N < then current load average. See
getloadavg(3).
- options COUNT_SW_LEFTOVERS
- Count how many times the sw SCSI device has left 3, 2, 1
and 0 in the sw_3_leftover, sw_2_leftover, sw_1_leftover, and
sw_0_leftover variables accessible from
ddb(4). See
sw(4).
- options DEBUG_ALIGN
- Adds debugging messages calls when user-requested
alignment fault handling happens.
- options DEBUG_EMUL
- Adds debugging messages calls for emulated floating point
and alignment fixing operations.
- options DEBUG_SVR4
- Prints registers messages calls for emulated SVR4
getcontext and setcontext operations. See options
COMPAT_SVR4.
- options EXTREME_DEBUG
- Adds debugging functions callable from
ddb(4). The debug_pagetables,
test_region and print_fe_map functions print information about page tables
for the SUN4M platforms only.
- options EXTREME_EXTREME_DEBUG
- Adds extra info to options
EXTREME_DEBUG.
- options FPU_CONTEXT
- Make options COMPAT_SVR4 getcontext and
setcontext include floating point registers.
- options MAGMA_DEBUG
- Adds debugging messages to the
magma(4) device.
- options RASTERCONS_FULLSCREEN
- Use the entire screen for the console.
- options RASTERCONS_SMALLFONT
- Use the Fixed font on the console, instead of the normal
font.
- options SUN4
- Support sun4 class machines.
- options SUN4C
- Support sun4c class machines.
- options SUN4M
- Support sun4m class machines.
- options SUN4_MMU3L
- Enable support for sun4 3-level MMU machines.
- options V9
- Enable SPARC V9 assembler in
ddb(4).
sparc64-specific Options
- options AUDIO_DEBUG
- Enable simple event debugging of the logging of the
audio(4) device.
- options BLINK
- Enable blinking of LED. Blink rate is full cycle every N
seconds for N < then current load average. See
getloadavg(3).
x68k-specific Options
- options EXTENDED_MEMORY
- Include support for extended memory, e.g., TS-6BE16 and
060turbo on-board.
- options JUPITER
- Include support for Jupiter-X MPU accelerator
- options ZSCONSOLE,ZSCN_SPEED=value
- Use the built-in serial port as the system-console. Speed
is specified in bps, defaults to 9600.
- options ITE_KERNEL_ATTR=value
- Set the kernel message attribute for ITE. Value, an
integer, is a logical or of the following values:
- 1
- color inversed
- 2
- underlined
- 4
- bolded
SEE ALSO
config(1),
gdb(1),
ktrace(1),
pmc(1),
quota(1),
vndcompress(1),
gettimeofday(2),
i386_get_mtrr(2),
i386_iopl(2),
msgctl(2),
msgget(2),
msgrcv(2),
msgsnd(2),
ntp_adjtime(2),
ntp_gettime(2),
reboot(2),
semctl(2),
semget(2),
semop(2),
shmat(2),
shmctl(2),
shmdt(2),
shmget(2),
sysctl(3),
apm(4),
ddb(4),
inet(4),
iso(4),
md(4),
pcibios(4),
pcmcia(4),
ppp(4),
userconf(4),
vnd(4),
wscons(4),
config(5),
edquota(8),
init(8),
mdsetimage(8),
mount_cd9660(8),
mount_fdesc(8),
mount_kernfs(8),
mount_lfs(8),
mount_mfs(8),
mount_msdos(8),
mount_nfs(8),
mount_ntfs(8),
mount_null(8),
mount_portal(8),
mount_procfs(8),
mount_udf(8),
mount_umap(8),
mount_union(8),
mrouted(8),
newfs_lfs(8),
ntpd(8),
quotaon(8),
rpc.rquotad(8),
sysctl(8),
in_getifa(9),
kernhist(9)
HISTORY
The
options man page first appeared in
NetBSD
1.3.
BUGS
The
EON option should be a pseudo-device, and is also very
fragile.