options
— kernel
configuration options
This manual page describes a number of miscellaneous kernel
configuration options that may be specified in a kernel config file. See
config(8) for information on
how to configure and build kernels. Note: options are
passed to the compile process as -D
flags to the C
compiler.
makeoptions DEBUG="-g"
- The
-g
flag causes bsd.gdb
to be built in addition to bsd.
bsd.gdb is useful for debugging kernels and their
crash dumps with gdb. A crash dump can be debugged by starting
gdb(1) with the kernel name
(bsd.gdb) as an argument (no core file) and then
use the gdb(1) command
“target kvm COREFILE”.
makeoptions PROF="-pg"
- The
-pg
flag causes the kernel to be compiled with
support for profiling. The option GPROF
is
required for the kernel compile to succeed.
option ACCOUNTING
- Adds support for the acct(2)
system call.
option DDB
- Compiles in a kernel debugger for diagnosing kernel problems. See
ddb(4) for details.
option DDB_SAFE_CONSOLE
- Allows a break into the kernel debugger during boot. Useful when debugging
problems that can cause
init(8) to fail.
option DDB_STRUCT
- Compiles in symbolic information about the various data structures used by
the kernel, for use within the kernel debugger. This option is currently
not supported on alpha and m88k based platforms.
option DEBUG
- Turns on miscellaneous kernel debugging. Since options are turned into
preprocessor defines (see above),
option DEBUG
is
equivalent to doing a
#define DEBUG
throughout the kernel. Much of the kernel has #ifdef
DEBUG conditional debugging code. Note that many parts of the kernel
(typically device drivers) include their own #ifdef
XXX_DEBUG conditionals instead. This option also turns on certain
other options, notably option KMEMSTATS
.
option DIAGNOSTIC
- Adds code to the kernel that does internal consistency checks. This code
will cause the kernel to panic if corruption of internal data structures
is detected.
option GPROF
- Adds code to the kernel for kernel profiling with
kgmon(8).
option KGDB
- Compiles in a remote kernel debugger stub for diagnosing kernel problems
using the “remote target” feature of gdb. See
kgdb(7) for details.
Note: not available on all architectures.
option KTRACE
- Adds hooks for the system call tracing facility, which allows users to
watch the system call invocation behavior of processes. See
ktrace(1) for details.
option NO_PROPOLICE
- Do not compile the kernel with the ProPolice stack protection. See
gcc-local(1) for more
information about ProPolice.
option PTRACE
- Adds hooks for the process tracing facility, allowing a process to control
and observe another process. See
ptrace(2) for details.
option SMALL_KERNEL
- Removes some features and some optimizations from the kernel to reduce the
size of the resulting kernel binary. This option is used on some
installation media and should not be used for general purpose
kernels.
option VFSLCKDEBUG
- Turns on debugging for the Virtual File System interface. See
vfs(9) for details.
option CD9660
- Includes code for the ISO 9660 + Rock Ridge file system, which is the
standard file system used on many CD-ROMs. It also supports Joliet
extensions. See
mount_cd9660(8) for
details.
option EXT2FS
- Includes code implementing the Second Extended File System
(EXT2FS), commonly used on the Linux operating system.
This option is provided here for compatibility. Some specific features of
EXT2FS like the "behavior on errors" are not
implemented. This file system can't be used with
uid_t
or gid_t
values
greater than 65535. Also, the filesystem will not function correctly on
architectures with differing byte-orders. That is, a big-endian machine
will not be able to read an ext2fs filesystem created on an i386 or other
little-endian machine. See
mount_ext2fs(8) for
details.
option FFS
- Includes code implementing the Berkeley Fast File System
(FFS). Most
machines need this if they are not running diskless.
option FFS2
- Includes code implementing the enhanced Fast File System
(FFS2).
option MFS
- Include the memory file system
(MFS). This file
system stores files in swappable memory, and produces notable performance
improvements when it is used as the file store for
/tmp or similar mount points. See
mount_mfs(8) for
details.
option MSDOSFS
- Includes support for the MS-DOS FAT file system. The kernel also
implements the Windows 95 extensions which permit the use of longer,
mixed-case file names. See
mount_msdos(8) and
fsck_msdos(8) for
details.
option NFSCLIENT
- Include the client side of the NFS (Network File System)
remote file sharing protocol. Although the bulk of the code implementing
NFS is kernel based, several user level daemons are
needed for it to work. See
mount_nfs(8) for details
on NFS.
option NTFS
- Includes support for reading NTFS file systems. See
mount_ntfs(8) for
details.
option UDF
- Includes code for the UDF file systems typically found on DVD discs. See
mount_udf(8) for
details.
option TMPFS
- Includes code for the TMPFS efficient memory file system. See
mount_tmpfs(8) for
details.
option
BUFCACHEPERCENT=
integer
- Percentage of RAM to use as a file system buffer. It defaults to 20.
option EXT2FS_SYSTEM_FLAGS
- This option changes the behavior of the APPEND and IMMUTABLE flags for a
file on an EXT2FS filesystem. Without this option, the
superuser or owner of the file can set and clear them. With this option,
only the superuser can set them, and they can't be cleared if the
securelevel is greater than 0. See also
chflags(1).
option FFS_SOFTUPDATES
- Enables a scheme that uses partial ordering of buffer cache operations to
allow metadata updates in FFS to happen asynchronously, increasing write
performance significantly. Normally, the FFS filesystem writes metadata
updates synchronously which exacts a performance penalty in favor of
filesystem integrity. With soft updates, the performance of asynchronous
writes is gained while retaining the safety of synchronous metadata
updates.
Soft updates must be enabled on a per-filesystem basis. See
mount(8) for details.
Processors with a small kernel address space, such as the sun4
and sun4c, do not have enough kernel memory to support soft updates.
Attempts to use this option with these CPUs will cause a kernel hang or
panic after a short period of use as the kernel will quickly run out of
memory. This is not related to the amount of physical memory present in
the machine -- it is a limitation of the CPU architecture itself.
option FIFO
- Adds support for AT&T System V UNIX
style FIFOs (i.e., “named pipes”). This option is
recommended in almost all cases as many programs use these.
option NFSSERVER
- Include the server side of the NFS (Network File System)
remote file sharing protocol. Although the bulk of the code implementing
NFS is kernel based, several user level daemons are
needed for it to work. See
mountd(8) and
nfsd(8) for details.
option QUOTA
- Enables kernel support for file system quotas. See
quotaon(8),
edquota(8),
repquota(8), and
quota(1) for details. Note
that quotas only work on “ffs” file systems, although
rpc.rquotad(8) permits
them to be accessed over NFS.
option UFS_DIRHASH
- This option enables using an in memory hash table to speed lookups in
large directories.
option APERTURE
- Provide in-kernel support for controlling VGA framebuffer mapping and PCI
configuration registers by user-processes (such as an X Window System
server). This option is supported on the alpha,
amd64, i386,
macppc, and sparc64
architectures.
option BOOT_CONFIG
- Adds support for the
-c
boot option (User Kernel
Config). Allows modification of kernel settings (e.g., device parameters)
before booting the system.
option CRYPTO
- Enables support for the kernel cryptographic framework. See
crypto(9) for details.
While not IP specific, this option is usually used in conjunction with
option IPSEC.
option EISAVERBOSE
- Makes the boot process more verbose for EISA peripherals.
option INSECURE
- Hardwires the kernel security level at -1. This means that the system
always runs in securelevel 0 mode, even when running multiuser. See
init(8) for details on the
implications of this. The kernel secure level may be manipulated by the
superuser by altering the
kern.securelevel
sysctl variable. (It should be noted that the securelevel may only be
lowered by a call from process ID 1, i.e.,
init(8).) See also
sysctl(8) and
sysctl(3).
option KMEMSTATS
- The kernel memory allocator,
malloc(9), will keep
statistics on its performance if this option is enabled. Note that this
option is silently turned on by the
DEBUG
option.
option MACOBIOVERBOSE
- Makes the boot process more verbose for OBIO peripherals on the
macppc architecture.
option MULTIPROCESSOR
- On those architectures that have it, this enables multiprocessor
support.
option PCIVERBOSE
- Makes the boot process more verbose for PCI peripherals (vendor names and
other information is printed, etc.).
option PCMCIAVERBOSE
- Makes the boot process more verbose for PCMCIA peripherals.
option USER_PCICONF
- Enables the user level access to the PCI bus configuration space through
ioctls on the /dev/pci device. It's used by the
Xorg(1) server on some
architectures. See pci(4) for
details.
option
UVM_SWAP_ENCRYPT
- Enables kernel support for encrypting pages that are written out to swap
storage. Swap encryption prevents sensitive data from remaining on the
disk even after the operating system has been shut down. This option
should be turned on if cryptographic filesystems are used. The sysctl
variable
vm.swapencrypt.enable
controls its behaviour. See
sysctl(8) and
sysctl(3) for details.
option ENCDEBUG
- This option enables debugging information to be conditionally logged in
case IPSEC encounters errors. The option IPSEC is
required along with this option. Debug logging can be turned on/off
through the use of the net.inet.ip.encdebug sysctl
variable. If net.inet.ip.encdebug is 1, debug logging is
on. See sysctl(8) and
sysctl(3) for details.
option INET6
- Includes support for the IPv6 protocol stack. See
inet6(4) for details.
INET6 enables
multicast routing code as well.
option IPSEC
- This option enables IP security protocol support. See
ipsec(4) for more
details.
option KEY
- Enables PFKEYv2 (RFC 2367) support. While not IP specific, this option is
usually used in conjunction with option IPSEC.
option MROUTING
- Includes support for IP multicast routers. Multicast routing is controlled
by the mrouted(8)
daemon.
option
ND6_DEBUG
- The option sets the default value of
net.inet6.icmp6.nd6_debug
to 1, for debugging IPv6 neighbor discovery protocol handling. See
sysctl(3) for details.
option PIPEX
- Includes pipex in-kernel acceleration for PPPoE, L2TP or PPTP. See
pipex(4) for details.
option PPP_BSDCOMP
- Enables BSD compressor for PPP connections.
option PPP_DEFLATE
- For use in conjunction with PPP_BSDCOMP; provides an interface to zlib for
PPP for deflate compression/decompression.
option SOCKET_SPLICE
- Enables zero-copy socket splicing in the kernel. See
SO_SPLICE
in
setsockopt(2) and
sosplice(9) for
details.
option TCP_ECN
- Turns on Explicit Congestion Notification (RFC 3168).
ECN allows intermediate routers to use the Congestion
Experienced codepoint in the IP header as an indication of congestion, and
allows TCP to adjust the transmission rate using this signal. Both
communication endpoints negotiate enabling ECN
functionality at the TCP connection establishment.
option TCP_FACK
- Turns on forward acknowledgements allowing a more precise estimate of
outstanding data during the fast recovery phase by using
SACK information. This option can only be used together
with
TCP_SACK.
option TCP_SACK
- Turns on selective acknowledgements. Additional information about segments
already received can be transmitted back to the sender, thus indicating
segments that have been lost and allowing for a swifter recovery. Both
communication endpoints need to support SACK. The
fallback behaviour is NewReno fast recovery phase, which allows one lost
segment to be recovered per round trip time. When more than one segment
has been dropped per window, the transmission can continue without waiting
for a retransmission timeout.
option TCP_SIGNATURE
- Turns on support for the TCP MD5 Signature option (RFC 2385). This is used
by Internet backbone routers to provide per-packet authentication for the
TCP packets used to communicate BGP routing information. You will also
need a routing daemon that supports this option in order to actually use
it.
option BUFPAGES=
value
option NBUF=
value
- These options set the number of pages available for the buffer cache.
Their default value is a machine dependent value, often calculated as
between 5% and 10% of total available RAM.
option DST=
value
- If value is non-zero, indicates that the hardware
realtime clock device is one hour ahead of the offset given in
‘TIMEZONE’, due to Daylight Saving Time (DST). If
value is zero, the hardware realtime clock device is
not in Daylight Saving Time.
option NKMEMPAGES=
value
option
NKMEMPAGES_MAX=
value
- Size of kernel malloc area in PAGE_SIZE-sized logical pages. This area is
covered by the kernel submap
kmem_map. The
kernel attempts to auto-size this map based on the amount of physical
memory in the system. Platform-specific code may place bounds on this
computed size, which may be viewed with the
sysctl(8) variable
vm.nkmempages.
See /usr/include/machine/param.h for the default
upper bound. The related option ‘NKMEMPAGES_MAX’ allows the
bounds to be overridden in the kernel configuration file in the event the
computed value is insufficient resulting in an “out of space in
kmem_map” panic.
option
"TIMEZONE=
value"
- value indicates the time zone offset of the hardware
realtime clock device, in minutes, from UTC. It is useful when the
hardware realtime clock device is configured with local time, when
dual-booting OpenBSD with other operating systems
on a single machine. For instance, if the hardware realtime clock is set
to Tokyo time, value should be
-540
as Tokyo local time is 9 hours ahead of UTC.
Double quotes are needed when specifying a negative
value.
option SCSI_DELAY=
value
- Delay for value seconds before starting to probe the
first SCSI bus. This can be used if a SCSI device needs extra time to get
ready.
option SCSIDEBUG
- Enable printing of SCSI subsystem debugging info to the console. Each of
SCSIDEBUG_LEVEL,
SCSIDEBUG_BUSES,
SCSIDEBUG_TARGETS
and
SCSIDEBUG_LUNS
must have non-zero values for any debugging info to be printed. Only
SCSIDEBUG_LEVEL has a default value (SDEV_DB1 |
SDEV_DB2) that is non-zero.
option
SCSIDEBUG_BUSES=
value
- Define which SCSI buses will print debug info. Each bit enables debugging
info for the corresponding bus. e.g. a value of 0x1 enables debug info for
bus 0.
option
SCSIDEBUG_LEVEL=
value
- Define which of the four levels of debugging info are printed. Each bit
enables a level, and multiple levels are specified by setting multiple
bits.
0x0010 (SDEV_DB1) SCSI commands, errors, and data
0x0020 (SDEV_DB2) routine flow
0x0040 (SDEV_DB3) routine internals
0x0080 (SDEV_DB4) miscellaneous addition debugging
If SCSIDEBUG_LEVEL is undefined, a value of
0x0030 (SDEV_DB1|SDEV_DB2) is used.
option
SCSIDEBUG_LUNS=
value
- Define which SCSI luns will print debug info. Each bit enables debugging
info for the corresponding lun.
option
SCSIDEBUG_TARGETS=
value
- Define which SCSI targets will print debug info. Each bit enables
debugging info for the corresponding target.
option SCSITERSE
- Terser SCSI error messages. This omits the table for decoding ASC/ASCQ
info, saving about 30KB.
option SEMMNI=
value
- Number of semaphore identifiers (also called semaphore handles and
semaphore sets) available in the system. Default value is 10. The kernel
allocates memory for the control structures at startup, so arbitrarily
large values should be avoided.
option SEMMNS=
value
- Maximum number of semaphores in all sets in the system. Default value is
60.
option SEMMNU=
value
- Maximum number of semaphore undo structures in the system. Default value
is 30.
option SEMUME=
value
- Maximum number of per-process undo operation entries in the system.
Semaphore undo operations are invoked by the kernel when
semop(2) is called with the
SEM_UNDO flag and the process holding the semaphores terminates
unexpectedly. Default value is 10.
option SHMMAXPGS=
value
- Sets the maximum number of AT&T System V
UNIX style shared memory pages that are available through the
shmget(2) system call.
Default value is 1024 on most architectures. See
/usr/include/machine/vmparam.h for the
default.
option SYSVMSG
- Includes support for AT&T System V UNIX
style message queues. See
msgctl(2),
msgget(2),
msgrcv(2),
msgsnd(2).
option SYSVSEM
- Includes support for AT&T System V UNIX
style semaphores. See
semctl(2),
semget(2),
semop(2).
option SYSVSHM
- Includes support for AT&T System V UNIX
style shared memory. See
shmat(2),
shmctl(2),
shmdt(2),
shmget(2).
The options
man page first appeared in
OpenBSD 2.3.