kernel configuration options
This manual page describes a number of miscellaneous kernel
configuration options that may be specified in a kernel config file. See
config(8) for information on how to configure and build kernels.
Note: options are passed to the compile process as
-D flags to the C compiler.
- On those architectures that support it, this enables binary compatibility with Linux ELF applications built for the same architecture. This option is supported on the i386 architecture. See compat_linux(8).
-gflag causes bsd.gdb to be built in addition to bsd. bsd.gdb is useful for debugging kernels and their crash dumps with gdb. A crash dump can be debugged by starting gdb(1) with the kernel name (bsd.gdb) as an argument (no core file) and then use the gdb(1) command “target kvm COREFILE”.
-pgflag causes the kernel to be compiled with support for profiling. The
option GPROFis required for the kernel compile to succeed.
- Adds support for the acct(2) system call.
- Compiles in a kernel debugger for diagnosing kernel problems. See ddb(4) for details.
- Allows a break into the kernel debugger during boot. Useful when debugging problems that can cause init(8) to fail.
- Compiles in symbolic information about the various data structures used by the kernel, for use within the kernel debugger. This option is currently not supported on alpha, m88k and vax based platforms.
- Turns on miscellaneous kernel debugging. Since options are turned into
preprocessor defines (see above),
option DEBUGis equivalent to doing a #define DEBUG throughout the kernel. Much of the kernel has #ifdef DEBUG conditional debugging code. Note that many parts of the kernel (typically device drivers) include their own #ifdef XXX_DEBUG conditionals instead. This option also turns on certain other options, notably
- Adds code to the kernel that does internal consistency checks. This code will cause the kernel to panic if corruption of internal data structures is detected.
- Adds code to the kernel for kernel profiling with kgmon(8).
- Compiles in a remote kernel debugger stub for diagnosing kernel problems using the “remote target” feature of gdb. See kgdb(7) for details. Note: not available on all architectures.
- Adds hooks for the system call tracing facility, which allows users to watch the system call invocation behavior of processes. See ktrace(1) for details.
- Do not compile the kernel with the ProPolice stack protection. See gcc-local(1) for more information about ProPolice.
- Adds hooks for the process tracing facility, allowing a process to control and observe another process. See ptrace(2) for details.
- Removes some features and some optimizations from the kernel to reduce the size of the resulting kernel binary. This option is used on some installation media and should not be used for general purpose kernels.
- Turns on debugging for the Virtual File System interface. See vfs(9) for details.
- Includes code for the ISO 9660 + Rock Ridge file system, which is the standard file system used on many CD-ROMs. It also supports Joliet extensions. See mount_cd9660(8) for details.
- Includes code implementing the Second Extended File System
(EXT2FS), commonly used on the Linux operating system.
This option is provided here for compatibility. Some specific features of
EXT2FS like the "behavior on errors" are not
implemented. This file system can't be used with
gid_tvalues greater than 65535. Also, the filesystem will not function correctly on architectures with differing byte-orders. That is, a big-endian machine will not be able to read an ext2fs filesystem created on an i386 or other little-endian machine. See mount_ext2fs(8) for details.
- Includes code implementing the Berkeley Fast File System (FFS). Most machines need this if they are not running diskless.
- Includes code implementing the enhanced Fast File System (FFS2).
- Include the memory file system (MFS). This file system stores files in swappable memory, and produces notable performance improvements when it is used as the file store for /tmp or similar mount points. See mount_mfs(8) for details.
- Includes support for the MS-DOS FAT file system. The kernel also implements the Windows 95 extensions which permit the use of longer, mixed-case file names. See mount_msdos(8) and fsck_msdos(8) for details.
- Include the client side of the NFS (Network File System) remote file sharing protocol. Although the bulk of the code implementing NFS is kernel based, several user level daemons are needed for it to work. See mount_nfs(8) for details on NFS.
- Includes support for reading NTFS file systems. See mount_ntfs(8) for details.
- Includes code for the UDF file systems typically found on DVD discs. See mount_udf(8) for details.
- Includes code for the TMPFS efficient memory file system. See mount_tmpfs(8) for details.
FILE SYSTEM OPTIONS
- Percentage of RAM to use as a file system buffer. It defaults to 20.
- This option changes the behavior of the APPEND and IMMUTABLE flags for a file on an EXT2FS filesystem. Without this option, the superuser or owner of the file can set and clear them. With this option, only the superuser can set them, and they can't be cleared if the securelevel is greater than 0. See also chflags(1).
- Enables a scheme that uses partial ordering of buffer cache operations to
allow metadata updates in FFS to happen asynchronously, increasing write
performance significantly. Normally, the FFS filesystem writes metadata
updates synchronously which exacts a performance penalty in favor of
filesystem integrity. With soft updates, the performance of asynchronous
writes is gained while retaining the safety of synchronous metadata
Soft updates must be enabled on a per-filesystem basis. See mount(8) for details.
Processors with a small kernel address space, such as the sun4 and sun4c, do not have enough kernel memory to support soft updates. Attempts to use this option with these CPUs will cause a kernel hang or panic after a short period of use as the kernel will quickly run out of memory. This is not related to the amount of physical memory present in the machine -- it is a limitation of the CPU architecture itself.
- Adds support for AT&T System V UNIX style FIFOs (i.e., “named pipes”). This option is recommended in almost all cases as many programs use these.
- Include the server side of the NFS (Network File System) remote file sharing protocol. Although the bulk of the code implementing NFS is kernel based, several user level daemons are needed for it to work. See mountd(8) and nfsd(8) for details.
- Enables kernel support for file system quotas. See quotaon(8), edquota(8), repquota(8), and quota(1) for details. Note that quotas only work on “ffs” file systems, although rpc.rquotad(8) permits them to be accessed over NFS.
- This option enables using an in memory hash table to speed lookups in large directories.
- Provide in-kernel support for controlling VGA framebuffer mapping and PCI configuration registers by user-processes (such as an X Window System server). This option is supported on the alpha, amd64, i386, macppc, and sparc64 architectures.
- Adds support for the
-cboot option (User Kernel Config). Allows modification of kernel settings (e.g., device parameters) before booting the system.
- Enables support for the kernel cryptographic framework. See crypto(9) for details. While not IP specific, this option is usually used in conjunction with option IPSEC.
- Makes the boot process more verbose for EISA peripherals.
- Hardwires the kernel security level at -1. This means that the system always runs in securelevel 0 mode, even when running multiuser. See init(8) for details on the implications of this. The kernel secure level may be manipulated by the superuser by altering the kern.securelevel sysctl variable. (It should be noted that the securelevel may only be lowered by a call from process ID 1, i.e., init(8).) See also sysctl(8) and sysctl(3).
- The kernel memory allocator,
malloc(9), will keep statistics on its performance if this option
is enabled. Note that this option is silently turned on by the
- Makes the boot process more verbose for OBIO peripherals on the macppc architecture.
- On those architectures that have it, this enables multiprocessor support.
- Makes the boot process more verbose for PCI peripherals (vendor names and other information is printed, etc.).
- Makes the boot process more verbose for PCMCIA peripherals.
- Enable userland manipulation of per-process Local Descriptor Table (LDT) entries; see i386_set_ldt(2) and the machdep.userldt sysctl(8). This option is supported on the i386 architecture.
- Enables the user level access to the PCI bus configuration space through ioctls on the /dev/pci device. It's used by the Xorg(1) server on some architectures. See pci(4) for details.
- Enables kernel support for encrypting pages that are written out to swap storage. Swap encryption prevents sensitive data from remaining on the disk even after the operating system has been shut down. This option should be turned on if cryptographic filesystems are used. The sysctl variable vm.swapencrypt.enable controls its behaviour. See sysctl(8) and sysctl(3) for details.
- This option enables debugging information to be conditionally logged in case IPSEC encounters errors. The option IPSEC is required along with this option. Debug logging can be turned on/off through the use of the net.inet.ip.encdebug sysctl variable. If net.inet.ip.encdebug is 1, debug logging is on. See sysctl(8) and sysctl(3) for details.
- Includes support for the IPv6 protocol stack. See inet6(4) for details. INET6 enables multicast routing code as well.
- This option enables IP security protocol support. See ipsec(4) for more details.
- Enables PFKEYv2 (RFC 2367) support. While not IP specific, this option is usually used in conjunction with option IPSEC.
- Includes support for IP multicast routers. Multicast routing is controlled by the mrouted(8) daemon.
- The option sets the default value of net.inet6.icmp6.nd6_debug to 1, for debugging IPv6 neighbor discovery protocol handling. See sysctl(3) for details.
- Includes pipex in-kernel acceleration for PPPoE, L2TP or PPTP. See pipex(4) for details.
- Enables BSD compressor for PPP connections.
- For use in conjunction with PPP_BSDCOMP; provides an interface to zlib for PPP for deflate compression/decompression.
- Enables zero-copy socket splicing in the kernel. See
SO_SPLICEin setsockopt(2) and sosplice(9) for details.
- Turns on Explicit Congestion Notification (RFC 3168). ECN allows intermediate routers to use the Congestion Experienced codepoint in the IP header as an indication of congestion, and allows TCP to adjust the transmission rate using this signal. Both communication endpoints negotiate enabling ECN functionality at the TCP connection establishment.
- Turns on forward acknowledgements allowing a more precise estimate of outstanding data during the fast recovery phase by using SACK information. This option can only be used together with TCP_SACK.
- Turns on selective acknowledgements. Additional information about segments already received can be transmitted back to the sender, thus indicating segments that have been lost and allowing for a swifter recovery. Both communication endpoints need to support SACK. The fallback behaviour is NewReno fast recovery phase, which allows one lost segment to be recovered per round trip time. When more than one segment has been dropped per window, the transmission can continue without waiting for a retransmission timeout.
- Turns on support for the TCP MD5 Signature option (RFC 2385). This is used by Internet backbone routers to provide per-packet authentication for the TCP packets used to communicate BGP routing information. You will also need a routing daemon that supports this option in order to actually use it.
OPERATION RELATED OPTIONS
- These options set the number of pages available for the buffer cache. Their default value is a machine dependent value, often calculated as between 5% and 10% of total available RAM.
- If value is non-zero, indicates that the hardware realtime clock device is one hour ahead of the offset given in ‘TIMEZONE’, due to Daylight Saving Time (DST). If value is zero, the hardware realtime clock device is not in Daylight Saving Time.
- Size of kernel malloc area in PAGE_SIZE-sized logical pages. This area is covered by the kernel submap kmem_map. The kernel attempts to auto-size this map based on the amount of physical memory in the system. Platform-specific code may place bounds on this computed size, which may be viewed with the sysctl(8) variable vm.nkmempages. See /usr/include/machine/param.h for the default upper bound. The related option ‘NKMEMPAGES_MAX’ allows the bounds to be overridden in the kernel configuration file in the event the computed value is insufficient resulting in an “out of space in kmem_map” panic.
- value indicates the time zone offset of the hardware
realtime clock device, in minutes, from UTC. It is useful when the
hardware realtime clock device is configured with local time, when
dual-booting OpenBSD with other operating systems
on a single machine. For instance, if the hardware realtime clock is set
to Tokyo time, value should be
-540as Tokyo local time is 9 hours ahead of UTC. Double quotes are needed when specifying a negative value.
SCSI SUBSYSTEM OPTIONS
- Delay for value seconds before starting to probe the first SCSI bus. This can be used if a SCSI device needs extra time to get ready.
- Enable printing of SCSI subsystem debugging info to the console. Each of SCSIDEBUG_LEVEL, SCSIDEBUG_BUSES, SCSIDEBUG_TARGETS and SCSIDEBUG_LUNS must have non-zero values for any debugging info to be printed. Only SCSIDEBUG_LEVEL has a default value (SDEV_DB1 | SDEV_DB2) that is non-zero.
- Define which SCSI buses will print debug info. Each bit enables debugging info for the corresponding bus. e.g. a value of 0x1 enables debug info for bus 0.
- Define which of the four levels of debugging info are printed. Each bit
enables a level, and multiple levels are specified by setting multiple
0x0010 (SDEV_DB1) SCSI commands, errors, and data 0x0020 (SDEV_DB2) routine flow 0x0040 (SDEV_DB3) routine internals 0x0080 (SDEV_DB4) miscellaneous addition debugging
If SCSIDEBUG_LEVEL is undefined, a value of 0x0030 (SDEV_DB1|SDEV_DB2) is used.
- Define which SCSI luns will print debug info. Each bit enables debugging info for the corresponding lun.
- Define which SCSI targets will print debug info. Each bit enables debugging info for the corresponding target.
- Terser SCSI error messages. This omits the table for decoding ASC/ASCQ info, saving about 30KB.
SYSTEM V IPC OPTIONS
- Number of semaphore identifiers (also called semaphore handles and semaphore sets) available in the system. Default value is 10. The kernel allocates memory for the control structures at startup, so arbitrarily large values should be avoided.
- Maximum number of semaphores in all sets in the system. Default value is 60.
- Maximum number of semaphore undo structures in the system. Default value is 30.
- Maximum number of per-process undo operation entries in the system. Semaphore undo operations are invoked by the kernel when semop(2) is called with the SEM_UNDO flag and the process holding the semaphores terminates unexpectedly. Default value is 10.
- Sets the maximum number of AT&T System V UNIX style shared memory pages that are available through the shmget(2) system call. Default value is 1024 on most architectures. See /usr/include/machine/vmparam.h for the default.
- Includes support for AT&T System V UNIX style message queues. See msgctl(2), msgget(2), msgrcv(2), msgsnd(2).
- Includes support for AT&T System V UNIX style semaphores. See semctl(2), semget(2), semop(2).
- Includes support for AT&T System V UNIX style shared memory. See shmat(2), shmctl(2), shmdt(2), shmget(2).
intro(4), files.conf(5), config(8), sysctl(8)
options man page first appeared in