OpenBSD manual page server

Manual Page Search Parameters

OPTIONS(4) Device Drivers Manual OPTIONS(4)

optionskernel configuration options

option ...

This manual page describes a number of miscellaneous kernel configuration options that may be specified in a kernel config file. See config(8) for information on how to configure and build kernels. : options are passed to the compile process as -D flags to the C compiler.

makeoptions DEBUG=""
Do not build the debug kernel bsd.gdb. Normally, bsd.gdb is built (in addition to the regular bsd kernel) and is used for debugging kernels and their crash dumps with gdb(1). A crash dump can be debugged by starting gdb with bsd.gdb as an argument (no core file) and then using the gdb command “target kvm COREFILE”.
makeoptions PROF="-pg"
The -pg flag causes the kernel to be compiled with support for profiling. The option GPROF is required for the kernel compile to succeed.
option ACCOUNTING
Adds support for the acct(2) system call.
option DDB
Compiles in a kernel debugger for diagnosing kernel problems. See ddb(4).
option DDB_SAFE_CONSOLE
Allows a break into the kernel debugger during boot. Useful when debugging problems that can cause init(8) to fail.
option DEBUG
Turns on miscellaneous kernel debugging. Since options are turned into preprocessor defines (see above), option DEBUG is equivalent to doing a throughout the kernel. Much of the kernel has #ifdef DEBUG conditional debugging code. Note that many parts of the kernel (typically device drivers) include their own #ifdef XXX_DEBUG conditionals instead.
option DIAGNOSTIC
Adds code to the kernel that does internal consistency checks. This code will cause the kernel to panic if corruption of internal data structures is detected.
option GPROF
Adds code to the kernel for kernel profiling with kgmon(8).
option KTRACE
Adds hooks for the system call tracing facility, which allows users to watch the system call invocation behavior of processes. See ktrace(1).
option KUBSAN
Detect undefined behavior in the kernel. See kubsan(4).
option NO_PROPOLICE
Do not compile the kernel with the ProPolice stack protection. See gcc-local(1) for more information about ProPolice.
option PTRACE
Adds hooks for the process tracing facility, allowing a process to control and observe another process. See ptrace(2).
option SMALL_KERNEL
Removes some features and some optimizations from the kernel to reduce the size of the resulting kernel binary. This option is used on some installation media and should not be used for general purpose kernels.
option VFSLCKDEBUG
Turns on debugging for the Virtual File System interface. See vfs(9).
option WITNESS
Compiles in a lock checker for detecting lock order violations in the kernel. See witness(4).
option WITNESS_COUNT=integer
Maximum number of lock types that are tracked by witness(4). It defaults to 1536.
option WITNESS_LOCKTRACE
Enable witness(4) lock stack trace saving at boot. The feature is disabled by default and has to be enabled by setting the kern.witness.locktrace sysctl(8) variable.
option WITNESS_WATCH
Enable witness(4) at boot. By default, the subsystem is disabled and has to be enabled at runtime by raising the kern.witness.watch sysctl(8) variable.

option CD9660
Includes code for the ISO 9660 + Rock Ridge file system, which is the standard file system used on many CD-ROMs. It also supports Joliet extensions. See mount_cd9660(8).
option EXT2FS
Includes code implementing the Second Extended File System (EXT2FS), commonly used on the Linux operating system. This option is provided here for compatibility. Some specific features of EXT2FS like the "behavior on errors" are not implemented. This file system can't be used with uid_t or gid_t values greater than 65535. Also, the filesystem will not function correctly on architectures with differing byte-orders. That is, a big-endian machine will not be able to read an ext2fs filesystem created on an i386 or other little-endian machine. See mount_ext2fs(8).
option FFS
Includes code implementing the Berkeley Fast File System (). Most machines need this if they are not running diskless.
option FFS2
Includes code implementing the enhanced Fast File System ().
option MFS
Include the memory file system (). This file system stores files in swappable memory, and produces notable performance improvements when it is used as the file store for /tmp or similar mount points. See mount_mfs(8).
option MSDOSFS
Includes support for the MS-DOS FAT file system. The kernel also implements the Windows 95 extensions which permit the use of longer, mixed-case file names. See mount_msdos(8) and fsck_msdos(8).
option NFSCLIENT
Include the client side of the NFS (Network File System) remote file sharing protocol. Although the bulk of the code implementing NFS is kernel based, several user level daemons are needed for it to work. See mount_nfs(8) for details on NFS.
option NTFS
Includes support for reading NTFS file systems. See mount_ntfs(8).
option UDF
Includes code for the UDF file systems typically found on DVD discs. See mount_udf(8).
option TMPFS
Includes code for the TMPFS efficient memory file system. See mount_tmpfs(8).

option BUFCACHEPERCENT=integer
The maximum percentage of DMA-reachable physical memory the buffer cache may use.
option EXT2FS_SYSTEM_FLAGS
This option changes the behavior of the APPEND and IMMUTABLE flags for a file on an EXT2FS filesystem. Without this option, the superuser or owner of the file can set and clear them. With this option, only the superuser can set them, and they can't be cleared if the securelevel is greater than 0. See also chflags(1).
option FFS_SOFTUPDATES
Enables a scheme that uses partial ordering of buffer cache operations to allow metadata updates in FFS to happen asynchronously, increasing write performance significantly. Normally, the FFS filesystem writes metadata updates synchronously which exacts a performance penalty in favor of filesystem integrity. With soft updates, the performance of asynchronous writes is gained while retaining the safety of synchronous metadata updates.

Soft updates must be enabled on a per-filesystem basis. See mount(8).

option FIFO
Adds support for AT&T System V UNIX style FIFOs (i.e., “named pipes”). This option is recommended in almost all cases as many programs use these.
option NFSSERVER
Include the server side of the NFS (Network File System) remote file sharing protocol. Although the bulk of the code implementing NFS is kernel based, several user level daemons are needed for it to work. See mountd(8) and nfsd(8).
option QUOTA
Enables kernel support for file system quotas. See quotaon(8), edquota(8), repquota(8), and quota(1). Note that quotas only work on “ffs” file systems, although rpc.rquotad(8) permits them to be accessed over NFS.
option UFS_DIRHASH
This option enables using an in memory hash table to speed lookups in large directories.

option APERTURE
Provide in-kernel support for controlling VGA framebuffer mapping and PCI configuration registers by user-processes (such as an X Window System server). See xf86(4). This option is supported on the alpha, amd64, i386, macppc, and sparc64 architectures.
option BOOT_CONFIG
Adds support for the -c boot option (User Kernel Config). Allows modification of kernel settings (e.g., device parameters) before booting the system. See boot_config(8).
option CRYPTO
Enables support for the kernel cryptographic framework. See crypto(9). While not IP specific, this option is usually used in conjunction with option IPSEC.
option EISAVERBOSE
Makes the boot process more verbose for EISA peripherals. See eisa(4).
option KMEMSTATS
The kernel memory allocator, malloc(9), will keep statistics on its performance if this option is enabled.
option MULTIPROCESSOR
On those architectures that have it, this enables multiprocessor support.
option PCIVERBOSE
Makes the boot process more verbose for PCI peripherals (vendor names and other information is printed, etc.). See pci(4).
option PCMCIAVERBOSE
Makes the boot process more verbose for PCMCIA peripherals. See pcmcia(4).
option USER_PCICONF
Enables the user level access to the PCI bus configuration space through ioctls on the /dev/pci device. It's used by Xorg(1) and pcidump(8). See pci(4).
option UVM_SWAP_ENCRYPT
Enables kernel support for encrypting pages that are written out to swap storage. Swap encryption prevents sensitive data from remaining on the disk even after the operating system has been shut down. This option should be turned on if cryptographic filesystems are used. The sysctl variable controls its behaviour. See sysctl(8) and sysctl(2).

option ENCDEBUG
This option permits the conditional logging of IPsec debugging information, and requires the IPSEC option. Debug logging can be turned on/off through the use of the net.inet.ip.encdebug sysctl variable. If net.inet.ip.encdebug is 1, debug logging is on. See sysctl(8) and sysctl(2).
option INET6
Includes support for the IPv6 protocol stack. See inet6(4). enables multicast routing code as well.
option IPSEC
This option enables IP security protocol support. See ipsec(4) for more details.
option MROUTING
Includes support for IP multicast routers. Multicast routing is controlled by the mrouted(8) daemon.
option ND6_DEBUG
The option sets the default value of to 1, for debugging IPv6 neighbor discovery protocol handling. See sysctl(2).
option PIPEX
Includes pipex in-kernel acceleration for PPPoE, L2TP or PPTP. See pipex(4).
option PPP_BSDCOMP
Enables BSD compressor for PPP connections.
option PPP_DEFLATE
For use in conjunction with PPP_BSDCOMP; provides an interface to zlib for PPP for deflate compression/decompression.
option PPPOE_TERM_UNKNOWN_SESSIONS
Send PADT to terminate open sessions before connecting. See pppoe(4).
option SOCKET_SPLICE
Enables zero-copy socket splicing in the kernel. See SO_SPLICE in setsockopt(2) and sosplice(9).
option TCP_ECN
Turns on Explicit Congestion Notification (RFC 3168). ECN allows intermediate routers to use the Congestion Experienced codepoint in the IP header as an indication of congestion, and allows TCP to adjust the transmission rate using this signal. Both communication endpoints negotiate enabling ECN functionality at the TCP connection establishment.
option TCP_SIGNATURE
Turns on support for the TCP MD5 Signature option (RFC 2385). This is used by Internet backbone routers to provide per-packet authentication for the TCP packets used to communicate BGP routing information. You will also need a routing daemon that supports this option in order to actually use it.
option BUFPAGES=value
This option sets the number of pages available for the buffer cache. The default value is machine dependent, often calculated as between 5% and 10% of total available RAM.

option NKMEMPAGES=value
option NKMEMPAGES_MAX=value
Size of kernel malloc area in PAGE_SIZE-sized logical pages. This area is covered by the kernel submap . The kernel attempts to auto-size this map based on the amount of physical memory in the system. Platform-specific code may place bounds on this computed size, which may be viewed with the sysctl(8) variable . See /usr/include/machine/param.h for the default upper bound. The related option ‘NKMEMPAGES_MAX’ allows the bounds to be overridden in the kernel configuration file in the event the computed value is insufficient resulting in an “out of space in kmem_map” panic.

See scsi(4).

option SCSI_DELAY=value
Delay for value seconds before starting to probe the first SCSI bus. This can be used if a SCSI device needs extra time to get ready.
option SCSIDEBUG
Enable printing of SCSI subsystem debugging info to the console. Each of SCSIDEBUG_LEVEL, , and must have non-zero values for any debugging info to be printed. Only SCSIDEBUG_LEVEL has a default value (SDEV_DB1 | SDEV_DB2) that is non-zero.
option SCSIDEBUG_BUSES=value
Define which SCSI buses will print debug info. Each bit enables debugging info for the corresponding bus. e.g. a value of 0x1 enables debug info for bus 0.
option SCSIDEBUG_LEVEL=value
Define which of the four levels of debugging info are printed. Each bit enables a level, and multiple levels are specified by setting multiple bits.
0x0010	(SDEV_DB1) SCSI commands, errors, and data
0x0020	(SDEV_DB2) routine flow
0x0040	(SDEV_DB3) routine internals
0x0080	(SDEV_DB4) miscellaneous addition debugging

If SCSIDEBUG_LEVEL is undefined, a value of 0x0030 (SDEV_DB1|SDEV_DB2) is used.

option SCSIDEBUG_LUNS=value
Define which SCSI luns will print debug info. Each bit enables debugging info for the corresponding lun.
option SCSIDEBUG_TARGETS=value
Define which SCSI targets will print debug info. Each bit enables debugging info for the corresponding target.
option SCSITERSE
Terser SCSI error messages. This omits the table for decoding ASC/ASCQ info, saving about 30KB.

option SEMMNI=value
Number of semaphore identifiers (also called semaphore handles and semaphore sets) available in the system. Default value is 10. The kernel allocates memory for the control structures at startup, so arbitrarily large values should be avoided.
option SEMMNS=value
Maximum number of semaphores in all sets in the system. Default value is 60.
option SEMMNU=value
Maximum number of semaphore undo structures in the system. Default value is 30.
option SEMUME=value
Maximum number of per-process undo operation entries in the system. Semaphore undo operations are invoked by the kernel when semop(2) is called with the SEM_UNDO flag and the process holding the semaphores terminates unexpectedly. Default value is 10.
option SHMMAXPGS=value
Sets the maximum number of AT&T System V UNIX style shared memory pages that are available through the shmget(2) system call. Default value is 1024 on most architectures. See /usr/include/machine/vmparam.h for the default.
option SYSVMSG
Includes support for AT&T System V UNIX style message queues. See msgctl(2), msgget(2), msgrcv(2), msgsnd(2).
option SYSVSEM
Includes support for AT&T System V UNIX style semaphores. See semctl(2), semget(2), semop(2).
option SYSVSHM
Includes support for AT&T System V UNIX style shared memory. See shmat(2), shmctl(2), shmdt(2), shmget(2).

intro(4), files.conf(5), config(8), sysctl(8)

The options man page first appeared in OpenBSD 2.3.

November 5, 2019 OpenBSD-6.9