-
Notifications
You must be signed in to change notification settings - Fork 2.8k
/
NOTES
2873 lines (2574 loc) · 96.4 KB
/
NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#
# NOTES -- Lines that can be cut/pasted into kernel and hints configs.
#
# Lines that begin with 'device', 'options', 'machine', 'ident', 'maxusers',
# 'makeoptions', 'hints' etc go into the kernel configuration that you
# run config(8) with.
#
# Lines that begin with 'hints.' are NOT for config(8), they go into your
# hints file. See /boot/device.hints and/or the 'hints' config(8) directive.
#
# Please use ``make LINT'' to create an old-style LINT file if you want to
# do kernel test-builds.
#
# $FreeBSD$
#
#
# This directive is mandatory; it defines the architecture to be
# configured for; in this case, the 386 family based IBM-PC and
# compatibles.
#
machine i386
#
# This is the ``identification'' of the kernel. Usually this should
# be the same as the name of your kernel.
#
ident LINT
#
# The `maxusers' parameter controls the static sizing of a number of
# internal system tables by a complicated formula defined in param.c.
#
maxusers 10
#
# We want LINT to cover profiling as well
profile 2
#
# The `makeoptions' parameter allows variables to be passed to the
# generated Makefile in the build area.
#
# CONF_CFLAGS gives some extra compiler flags that are added to ${CFLAGS}
# after most other flags. Here we use it to inhibit use of non-optimal
# gcc builtin functions (e.g., memcmp).
#
# DEBUG happens to be magic.
# The following is equivalent to 'config -g KERNELNAME' and creates
# 'kernel.debug' compiled with -g debugging as well as a normal
# 'kernel'. Use 'make install.debug' to install the debug kernel
# but that isn't normally necessary as the debug symbols are not loaded
# by the kernel and are not useful there anyway.
#
# KERNEL can be overridden so that you can change the default name of your
# kernel.
#
makeoptions CONF_CFLAGS=-fno-builtin #Don't allow use of memcmp, etc.
#makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols
#makeoptions KERNEL=foo #Build kernel "foo" and install "/foo"
#
# Certain applications can grow to be larger than the 512M limit
# that FreeBSD initially imposes. Below are some options to
# allow that limit to grow to 1GB, and can be increased further
# with changing the parameters. MAXDSIZ is the maximum that the
# limit can be set to, and the DFLDSIZ is the default value for
# the limit. You might want to set the default lower than the
# max, and explicitly set the maximum with a shell command for processes
# that regularly exceed the limit like INND.
#
options MAXDSIZ="(1024UL*1024*1024)"
options DFLDSIZ="(1024UL*1024*1024)"
#
# BLKDEV_IOSIZE sets the default block size used in user block
# device I/O. Note that this value will be overriden by the label
# when specifying a block device from a label with a non-0
# partition blocksize. The default is PAGE_SIZE.
#
options BLKDEV_IOSIZE=8192
# Options for the VM subsystem
options PQ_CACHESIZE=512 # color for 512k/16k cache
# Deprecated options supported for backwards compatibility
#options PQ_NOOPT # No coloring
#options PQ_LARGECACHE # color for 512k/16k cache
#options PQ_HUGECACHE # color for 1024k/16k cache
#options PQ_MEDIUMCACHE # color for 256k/16k cache
#options PQ_NORMALCACHE # color for 64k/16k cache
# This allows you to actually store this configuration file into
# the kernel binary itself, where it may be later read by saying:
# strings -n 3 /boot/kernel/kernel | sed -n 's/^___//p' > MYKERNEL
#
options INCLUDE_CONFIG_FILE # Include this file in kernel
#
# The root device and filesystem type can be compiled in;
# this provides a fallback option if the root device cannot
# be correctly guesst by the bootstrap code, or an override if
# the RB_DFLTROOT flag (-r) is specified when booting the kernel.
#
options ROOTDEVNAME=\"ufs:da0s2e\"
#####################################################################
# SMP OPTIONS:
#
# SMP enables building of a Symmetric MultiProcessor Kernel.
# APIC_IO enables the use of the IO APIC for Symmetric I/O.
#
# Notes:
#
# An SMP kernel will ONLY run on an Intel MP spec. qualified motherboard.
#
# Be sure to disable 'cpu I386_CPU' && 'cpu I486_CPU' for SMP kernels.
#
# Check the 'Rogue SMP hardware' section to see if additional options
# are required by your hardware.
#
# Mandatory:
options SMP # Symmetric MultiProcessor Kernel
options APIC_IO # Symmetric (APIC) I/O
#
# Rogue SMP hardware:
#
# Bridged PCI cards:
#
# The MP tables of most of the current generation MP motherboards
# do NOT properly support bridged PCI cards. To use one of these
# cards you should refer to ???
# SMP Debugging Options:
#
# MUTEX_DEBUG enables various extra assertions in the mutex code.
# WITNESS enables the mutex witness code which detects deadlocks and cycles
# during locking operations.
# WITNESS_DDB causes the witness code to drop into the kernel debugger if
# a lock heirarchy violation occurs or if locks are held when going to
# sleep.
# WITNESS_SKIPSPIN disables the witness checks on spin mutexes.
options MUTEX_DEBUG
options WITNESS
options WITNESS_DDB
options WITNESS_SKIPSPIN
#####################################################################
# CPU OPTIONS
#
# You must specify at least one CPU (the one you intend to run on);
# deleting the specification for CPUs you don't need to use may make
# parts of the system run faster.
# I386_CPU is mutually exclusive with the other CPU types.
#
#cpu I386_CPU
cpu I486_CPU
cpu I586_CPU # aka Pentium(tm)
cpu I686_CPU # aka Pentium Pro(tm)
#
# Options for CPU features.
#
# CPU_BLUELIGHTNING_FPU_OP_CACHE enables FPU operand cache on IBM
# BlueLightning CPU. It works only with Cyrix FPU, and this option
# should not be used with Intel FPU.
#
# CPU_BLUELIGHTNING_3X enables triple-clock mode on IBM Blue Lightning
# CPU if CPU supports it. The default is double-clock mode on
# BlueLightning CPU box.
#
# CPU_BTB_EN enables branch target buffer on Cyrix 5x86 (NOTE 1).
#
# CPU_DIRECT_MAPPED_CACHE sets L1 cache of Cyrix 486DLC CPU in direct
# mapped mode. Default is 2-way set associative mode.
#
# CPU_CYRIX_NO_LOCK enables weak locking for the entire address space
# of Cyrix 6x86 and 6x86MX CPUs by setting the NO_LOCK bit of CCR1.
# Otherwise, the NO_LOCK bit of CCR1 is cleared. (NOTE 3)
#
# CPU_DISABLE_5X86_LSSER disables load store serialize (i.e. enables
# reorder). This option should not be used if you use memory mapped
# I/O device(s).
#
# CPU_FASTER_5X86_FPU enables faster FPU exception handler.
#
# CPU_I486_ON_386 enables CPU cache on i486 based CPU upgrade products
# for i386 machines.
#
# CPU_IORT defines I/O clock delay time (NOTE 1). Default values of
# I/O clock delay time on Cyrix 5x86 and 6x86 are 0 and 7,respectively
# (no clock delay).
#
# CPU_L2_LATENCY specifed the L2 cache latency value. This option is used
# only when CPU_PPRO2CELERON is defined and Mendocino Celeron is detected.
# The default value is 5.
#
# CPU_LOOP_EN prevents flushing the prefetch buffer if the destination
# of a jump is already present in the prefetch buffer on Cyrix 5x86(NOTE
# 1).
#
# CPU_PPRO2CELERON enables L2 cache of Mendocino Celeron CPUs. This option
# is useful when you use Socket 8 to Socket 370 converter, because most Pentium
# Pro BIOSs do not enable L2 cache of Mendocino Celeron CPUs.
#
# CPU_RSTK_EN enables return stack on Cyrix 5x86 (NOTE 1).
#
# CPU_SUSP_HLT enables suspend on HALT. If this option is set, CPU
# enters suspend mode following execution of HALT instruction.
#
# CPU_WT_ALLOC enables write allocation on Cyrix 6x86/6x86MX and AMD
# K5/K6/K6-2 cpus.
#
# CYRIX_CACHE_WORKS enables CPU cache on Cyrix 486 CPUs with cache
# flush at hold state.
#
# CYRIX_CACHE_REALLY_WORKS enables (1) CPU cache on Cyrix 486 CPUs
# without cache flush at hold state, and (2) write-back CPU cache on
# Cyrix 6x86 whose revision < 2.7 (NOTE 2).
#
# NO_F00F_HACK disables the hack that prevents Pentiums (and ONLY
# Pentiums) from locking up when a LOCK CMPXCHG8B instruction is
# executed. This option is only needed if I586_CPU is also defined,
# and should be included for any non-Pentium CPU that defines it.
#
# NO_MEMORY_HOLE is an optimisation for systems with AMD K6 processors
# which indicates that the 15-16MB range is *definitely* not being
# occupied by an ISA memory hole.
#
# NOTE 1: The options, CPU_BTB_EN, CPU_LOOP_EN, CPU_IORT,
# CPU_LOOP_EN and CPU_RSTK_EN should not be used because of CPU bugs.
# These options may crash your system.
#
# NOTE 2: If CYRIX_CACHE_REALLY_WORKS is not set, CPU cache is enabled
# in write-through mode when revision < 2.7. If revision of Cyrix
# 6x86 >= 2.7, CPU cache is always enabled in write-back mode.
#
# NOTE 3: This option may cause failures for software that requires
# locked cycles in order to operate correctly.
#
options CPU_BLUELIGHTNING_FPU_OP_CACHE
options CPU_BLUELIGHTNING_3X
options CPU_BTB_EN
options CPU_DIRECT_MAPPED_CACHE
options CPU_DISABLE_5X86_LSSER
options CPU_FASTER_5X86_FPU
options CPU_I486_ON_386
options CPU_IORT
options CPU_L2_LATENCY=5
options CPU_LOOP_EN
options CPU_PPRO2CELERON
options CPU_RSTK_EN
options CPU_SUSP_HLT
options CPU_WT_ALLOC
options CYRIX_CACHE_WORKS
options CYRIX_CACHE_REALLY_WORKS
#options NO_F00F_HACK
#
# A math emulator is mandatory if you wish to run on hardware which
# does not have a floating-point processor. Pick either the original,
# bogus (but freely-distributable) math emulator, or a much more
# fully-featured but GPL-licensed emulator taken from Linux.
#
options MATH_EMULATE #Support for x87 emulation
# Don't enable both of these in a real config.
options GPL_MATH_EMULATE #Support for x87 emulation via
#new math emulator
#####################################################################
# COMPATIBILITY OPTIONS
#
# Implement system calls compatible with 4.3BSD and older versions of
# FreeBSD. You probably do NOT want to remove this as much current code
# still relies on the 4.3 emulation.
#
options COMPAT_43
#
# These three options provide support for System V Interface
# Definition-style interprocess communication, in the form of shared
# memory, semaphores, and message queues, respectively.
#
options SYSVSHM
options SYSVSEM
options SYSVMSG
#####################################################################
# DEBUGGING OPTIONS
#
# Enable the kernel debugger.
#
options DDB
#
# Don't drop into DDB for a panic. Intended for unattended operation
# where you may want to drop to DDB from the console, but still want
# the machine to recover from a panic
#
options DDB_UNATTENDED
#
# If using GDB remote mode to debug the kernel, there's a non-standard
# extension to the remote protocol that can be used to use the serial
# port as both the debugging port and the system console. It's non-
# standard and you're on your own if you enable it. See also the
# "remotechat" variables in the FreeBSD specific version of gdb.
#
options GDB_REMOTE_CHAT
#
# KTRACE enables the system-call tracing facility ktrace(2).
#
options KTRACE #kernel tracing
#
# KTR is a kernel tracing mechanism imported from BSD/OS. Currently it
# has no userland interface aside from a few sysctl's. It is enabled with
# the KTR option. The KTR_EXTEND option causes trace events to be generated
# as a string from snprintf rather than as a string and up to 5 argument
# pointers. KTR_ENTRIES defines the number of entries in the circular trace
# buffer. KTR_COMPILE defines the mask of events to compile into the kernel
# as defined by the KTR_* constants in <sys/ktr.h>. KTR_MASK defines the
# initial value of the ktr_mask variable which determines at runtime what
# events to trace. KTR_CPUMASK determines which CPU's log events, with
# bit X corresponding to cpu X. KTR_VERBOSE enables dumping of KTR events
# to the console by default. This functionality can be toggled via the
# debug.ktr_verbose sysctl and defaults to off if KTR_VERBOSE is not defined.
#
options KTR
options KTR_EXTEND
options KTR_ENTRIES=1024
options KTR_COMPILE="(KTR_INTR|KTR_PROC)"
options KTR_MASK=KTR_INTR
options KTR_CPUMASK=0x3
options KTR_VERBOSE
#
# The INVARIANTS option is used in a number of source files to enable
# extra sanity checking of internal structures. This support is not
# enabled by default because of the extra time it would take to check
# for these conditions, which can only occur as a result of
# programming errors.
#
options INVARIANTS
#
# The INVARIANT_SUPPORT option makes us compile in support for
# verifying some of the internal structures. It is a prerequisite for
# 'INVARIANTS', as enabling 'INVARIANTS' will make these functions be
# called. The intent is that you can set 'INVARIANTS' for single
# source files (by changing the source file or specifying it on the
# command line) if you have 'INVARIANT_SUPPORT' enabled. Also, if you
# wish to build a kernel module with 'INVARIANTS', then adding
# 'INVARIANT_SUPPORT' to your kernel will provide all the necessary
# infrastructure without the added overhead.
#
options INVARIANT_SUPPORT
#
# The DIAGNOSTIC option is used to enable extra debugging information
# from some parts of the kernel. As this makes everything more noisy,
# it is disabled by default.
#
options DIAGNOSTIC
#
# REGRESSION causes optional kernel interfaces necessary only for regression
# testing to be enabled. These interfaces may consitute security risks
# when enabled, as they permit processes to easily modify aspects of the
# run-time environment to reproduce unlikely or unusual (possibly normally
# impossible) scenarios.
#
options REGRESSION
#
# PERFMON causes the driver for Pentium/Pentium Pro performance counters
# to be compiled. See perfmon(4) for more information.
#
options PERFMON
#
# This option let some drivers co-exist that can't co-exist in a running
# system. This is used to be able to compile all kernel code in one go for
# quality assurance purposes (like this file, which the option takes it name
# from.)
#
options COMPILING_LINT
# XXX - this doesn't belong here.
# Allow ordinary users to take the console - this is useful for X.
options UCONSOLE
# XXX - this doesn't belong here either
#options USERCONFIG #boot -c editor
#options INTRO_USERCONFIG #imply -c and show intro screen
#options VISUAL_USERCONFIG #visual boot -c editor
#####################################################################
# NETWORKING OPTIONS
#
# Protocol families:
# Only the INET (Internet) family is officially supported in FreeBSD.
# Source code for the NS (Xerox Network Service) is provided for amusement
# value.
#
options INET #Internet communications protocols
options INET6 #IPv6 communications protocols
options IPSEC #IP security
options IPSEC_ESP #IP security (crypto; define w/ IPSEC)
options IPSEC_DEBUG #debug for IP security
options IPX #IPX/SPX communications protocols
options IPXIP #IPX in IP encapsulation (not available)
options IPTUNNEL #IP in IPX encapsulation (not available)
options NCP #NetWare Core protocol
options NETATALK #Appletalk communications protocols
options NETATALKDEBUG #Appletalk debugging
# These are currently broken but are shipped due to interest.
#options NS #Xerox NS protocols
#options NSIP #XNS over IP
# mchain library. It can be either loaded as KLD or compiled into kernel
options LIBMCHAIN
# netgraph(4). Enable the base netgraph code with the NETGRAPH option.
# Individual node types can be enabled with the corresponding option
# listed below; however, this is not strictly necessary as netgraph
# will automatically load the corresponding KLD module if the node type
# is not already compiled into the kernel. Each type below has a
# corresponding man page, e.g., ng_async(8).
options NETGRAPH #netgraph(4) system
options NETGRAPH_ASYNC
options NETGRAPH_BPF
options NETGRAPH_CISCO
options NETGRAPH_ECHO
options NETGRAPH_ETHER
options NETGRAPH_FRAME_RELAY
options NETGRAPH_HOLE
options NETGRAPH_IFACE
options NETGRAPH_KSOCKET
options NETGRAPH_LMI
# MPPC compression requires proprietary files (not included)
#options NETGRAPH_MPPC_COMPRESSION
options NETGRAPH_MPPC_ENCRYPTION
options NETGRAPH_ONE2MANY
options NETGRAPH_PPP
options NETGRAPH_PPPOE
options NETGRAPH_PPTPGRE
options NETGRAPH_RFC1490
options NETGRAPH_SOCKET
options NETGRAPH_TEE
options NETGRAPH_TTY
options NETGRAPH_UI
options NETGRAPH_VJC
device mn # Munich32x/Falc54 Nx64kbit/sec cards.
device lmc # tulip based LanMedia WAN cards
device musycc # LMC/SBE LMC1504 quad T1/E1
#
# Network interfaces:
# The `loop' device is MANDATORY when networking is enabled.
# The `ether' device provides generic code to handle
# Ethernets; it is MANDATORY when a Ethernet device driver is
# configured or token-ring is enabled.
# The 'fddi' device provides generic code to support FDDI.
# The `sppp' device serves a similar role for certain types
# of synchronous PPP links (like `cx', `ar').
# The `sl' device implements the Serial Line IP (SLIP) service.
# The `ppp' device implements the Point-to-Point Protocol.
# The `bpf' device enables the Berkeley Packet Filter. Be
# aware of the legal and administrative consequences of enabling this
# option. The number of devices determines the maximum number of
# simultaneous BPF clients programs runnable.
# The `disc' device implements a minimal network interface,
# which throws away all packets sent and never receives any. It is
# included for testing purposes. This shows up as the 'ds' interface.
# The `tap' device is a pty-like virtual Ethernet interface
# The `tun' device implements (user-)ppp and nos-tun
# The `gif' device implements IPv6 over IP4 tunneling,
# IPv4 over IPv6 tunneling, IPv4 over IPv4 tunneling and
# IPv6 over IPv6 tunneling.
# The XBONEHACK option allows the same pair of addresses to be configured on
# multiple gif interfaces.
# The `faith' device captures packets sent to it and diverts them
# to the IPv4/IPv6 translation daemon.
# The `stf' device implements 6to4 encapsulation.
# The `ef' device provides support for multiple ethernet frame types
# specified via ETHER_* options. See ef(4) for details.
#
# The PPP_BSDCOMP option enables support for compress(1) style entire
# packet compression, the PPP_DEFLATE is for zlib/gzip style compression.
# PPP_FILTER enables code for filtering the ppp data stream and selecting
# events for resetting the demand dial activity timer - requires bpf.
# See pppd(8) for more details.
#
device ether #Generic Ethernet
device vlan 1 #VLAN support
device token #Generic TokenRing
device fddi #Generic FDDI
device sppp #Generic Synchronous PPP
device loop 1 #Network loopback device
device bpf #Berkeley packet filter
device disc #Discard device (ds0, ds1, etc)
device tap #Virtual Ethernet driver
device tun #Tunnel driver (ppp(8), nos-tun(8))
device sl #Serial Line IP
device ppp 2 #Point-to-point protocol
options PPP_BSDCOMP #PPP BSD-compress support
options PPP_DEFLATE #PPP zlib/deflate/gzip support
options PPP_FILTER #enable bpf filtering (needs bpf)
device ef # Multiple ethernet frames support
options ETHER_II # enable Ethernet_II frame
options ETHER_8023 # enable Ethernet_802.3 (Novell) frame
options ETHER_8022 # enable Ethernet_802.2 frame
options ETHER_SNAP # enable Ethernet_802.2/SNAP frame
# for IPv6
device gif 4 #IPv6 and IPv4 tunneling
options XBONEHACK
device faith 1 #for IPv6 and IPv4 translation
device stf #6to4 IPv6 over IPv4 encapsulation
#
# Internet family options:
#
# MROUTING enables the kernel multicast packet forwarder, which works
# with mrouted(8).
#
# IPFIREWALL enables support for IP firewall construction, in
# conjunction with the `ipfw' program. IPFIREWALL_VERBOSE sends
# logged packets to the system logger. IPFIREWALL_VERBOSE_LIMIT
# limits the number of times a matching entry can be logged.
#
# WARNING: IPFIREWALL defaults to a policy of "deny ip from any to any"
# and if you do not add other rules during startup to allow access,
# YOU WILL LOCK YOURSELF OUT. It is suggested that you set firewall_type=open
# in /etc/rc.conf when first enabling this feature, then refining the
# firewall rules in /etc/rc.firewall after you've tested that the new kernel
# feature works properly.
#
# IPFIREWALL_DEFAULT_TO_ACCEPT causes the default rule (at boot) to
# allow everything. Use with care, if a cracker can crash your
# firewall machine, they can get to your protected machines. However,
# if you are using it as an as-needed filter for specific problems as
# they arise, then this may be for you. Changing the default to 'allow'
# means that you won't get stuck if the kernel and /sbin/ipfw binary get
# out of sync.
#
# IPDIVERT enables the divert IP sockets, used by ``ipfw divert''
#
# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding
# packets without touching the ttl). This can be useful to hide firewalls
# from traceroute and similar tools.
#
# TCPDEBUG is undocumented.
#
options MROUTING # Multicast routing
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about
# dropped packets
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPV6FIREWALL #firewall for IPv6
options IPV6FIREWALL_VERBOSE
options IPV6FIREWALL_VERBOSE_LIMIT=100
options IPV6FIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT #divert sockets
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPFILTER_DEFAULT_BLOCK #block all packets by default
options IPSTEALTH #support for stealth forwarding
options TCPDEBUG
# RANDOM_IP_ID causes the ID field in IP packets to be randomized
# instead of incremented by 1 with each packet generated. This
# option closes a minor information leak which allows remote
# observers to determine the rate of packet generation on the
# machine by watching the counter.
options RANDOM_IP_ID
# Statically Link in accept filters
options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP
# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This
# prevents nmap et al. from identifying the TCP/IP stack, but breaks support
# for RFC1644 extensions and is not recommended for web servers.
#
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
# DUMMYNET enables the "dummynet" bandwidth limiter. You need
# IPFIREWALL as well. See the dummynet(4) manpage for more info.
# BRIDGE enables bridging between ethernet cards -- see bridge(4).
# You can use IPFIREWALL and dummynet together with bridging.
options DUMMYNET
options BRIDGE
#
# ATM (HARP version) options
#
# ATM_CORE includes the base ATM functionality code. This must be included
# for ATM support.
#
# ATM_IP includes support for running IP over ATM.
#
# At least one (and usually only one) of the following signalling managers
# must be included (note that all signalling managers include PVC support):
# ATM_SIGPVC includes support for the PVC-only signalling manager `sigpvc'.
# ATM_SPANS includes support for the `spans' signalling manager, which runs
# the FORE Systems's proprietary SPANS signalling protocol.
# ATM_UNI includes support for the `uni30' and `uni31' signalling managers,
# which run the ATM Forum UNI 3.x signalling protocols.
#
# The `hea' driver provides support for the Efficient Networks, Inc.
# ENI-155p ATM PCI Adapter.
#
# The `hfa' driver provides support for the FORE Systems, Inc.
# PCA-200E ATM PCI Adapter.
#
options ATM_CORE #core ATM protocol family
options ATM_IP #IP over ATM support
options ATM_SIGPVC #SIGPVC signalling manager
options ATM_SPANS #SPANS signalling manager
options ATM_UNI #UNI signalling manager
device hea #Efficient ENI-155p ATM PCI
device hfa #FORE PCA-200E ATM PCI
#####################################################################
# FILESYSTEM OPTIONS
#
# Only the root, /usr, and /tmp filesystems need be statically
# compiled; everything else will be automatically loaded at mount
# time. (Exception: the UFS family--- FFS --- cannot
# currently be demand-loaded.) Some people still prefer to statically
# compile other filesystems as well.
#
# NB: The NULL, PORTAL, UMAP and UNION filesystems are known to be
# buggy, and WILL panic your system if you attempt to do anything with
# them. They are included here as an incentive for some enterprising
# soul to sit down and fix them.
#
# One of these is mandatory:
options FFS #Fast filesystem
options NFS #Network File System
# The rest are optional:
#options NFS_NOSERVER #Disable the NFS-server code.
options CD9660 #ISO 9660 filesystem
options FDESCFS #File descriptor filesystem
options HPFS #OS/2 File system
options MSDOSFS #MS DOS File System (FAT, FAT32)
options NTFS #NT File System
options NULLFS #NULL filesystem
options NWFS #NetWare filesystem
options PORTALFS #Portal filesystem
options PROCFS #Process filesystem
options PSEUDOFS #Pseudo-filesystem framework
options UMAPFS #UID map filesystem
options UNIONFS #Union filesystem
# options NODEVFS #disable devices filesystem
# The xFS_ROOT options REQUIRE the associated ``options xFS''
options NFS_ROOT #NFS usable as root device
# This code enables IFS, an FFS which exports inodes as the namespace.
# You can find details in src/sys/ufs/ifs/README .
options IFS
# Soft updates is a technique for improving file system speed and
# making abrupt shutdown less risky.
#
options SOFTUPDATES
# Extended attributes allow additional data to be associated with files,
# and is used for ACLs, Capabilities, and MAC labels.
# See src/sys/ufs/ufs/README.extattr for more information.
options UFS_EXTATTR
options UFS_EXTATTR_AUTOSTART
# Access Control List support for UFS filesystems. The current ACL
# implementation requires extended attribute support, UFS_EXTATTR,
# for the underlying filesystem.
# See src/sys/ufs/ufs/README.acls for more information.
options UFS_ACL
# Make space in the kernel for a root filesystem on a md device.
# Define to the number of kilobytes to reserve for the filesystem.
options MD_ROOT_SIZE=10
# Make the md device a potential root device, either with preloaded
# images of type mfs_root or md_root.
options MD_ROOT
# Allow this many swap-devices.
#
# In order to manage swap, the system must reserve bitmap space that
# scales with the largest mounted swap device multiplied by NSWAPDEV,
# irregardless of whether other swap devices exist or not. So it
# is not a good idea to make this value too large.
options NSWAPDEV=5
# Disk quotas are supported when this option is enabled.
options QUOTA #enable disk quotas
# If you are running a machine just as a fileserver for PC and MAC
# users, using SAMBA or Netatalk, you may consider setting this option
# and keeping all those users' directories on a filesystem that is
# mounted with the suiddir option. This gives new files the same
# ownership as the directory (similar to group). It's a security hole
# if you let these users run programs, so confine it to file-servers
# (but it'll save you lots of headaches in those cases). Root owned
# directories are exempt and X bits are cleared. The suid bit must be
# set on the directory as well; see chmod(1) PC owners can't see/set
# ownerships so they keep getting their toes trodden on. This saves
# you all the support calls as the filesystem it's used on will act as
# they expect: "It's my dir so it must be my file".
#
options SUIDDIR
# NFS options:
options NFS_MINATTRTIMO=3 # VREG attrib cache timeout in sec
options NFS_MAXATTRTIMO=60
options NFS_MINDIRATTRTIMO=30 # VDIR attrib cache timeout in sec
options NFS_MAXDIRATTRTIMO=60
options NFS_GATHERDELAY=10 # Default write gather delay (msec)
options NFS_UIDHASHSIZ=29 # Tune the size of nfssvc_sock with this
options NFS_WDELAYHASHSIZ=16 # and with this
options NFS_MUIDHASHSIZ=63 # Tune the size of nfsmount with this
options NFS_DEBUG # Enable NFS Debugging
# Coda stuff:
options CODA #CODA filesystem.
device vcoda 4 #coda minicache <-> venus comm.
#
# Add support for the EXT2FS filesystem of Linux fame. Be a bit
# careful with this - the ext2fs code has a tendency to lag behind
# changes and not be exercised very much, so mounting read/write could
# be dangerous (and even mounting read only could result in panics.)
#
options EXT2FS
# Use real implementations of the aio_* system calls. There are numerous
# stability issues in the current aio code that make it unsuitable for
# inclusion on shell boxes.
options VFS_AIO
# Enable the code UFS IO optimization through the VM system. This allows
# use VM operations instead of copying operations when possible.
#
# Even with this enabled, actual use of the code is still controlled by the
# sysctl vfs.ioopt. 0 gives no optimization, 1 gives normal (use VM
# operations if a request happens to fit), 2 gives agressive optimization
# (the operations are split to do as much as possible through the VM system.)
#
# Enabling this will probably not give an overall speedup except for
# special workloads.
options ENABLE_VFS_IOOPT
# Cryptographically secure random number generator; /dev/[u]random
device random
#####################################################################
# POSIX P1003.1B
# Real time extensions added in the 1993 Posix
# P1003_1B: Infrastructure
# _KPOSIX_PRIORITY_SCHEDULING: Build in _POSIX_PRIORITY_SCHEDULING
# _KPOSIX_VERSION: Version kernel is built for
options P1003_1B
options _KPOSIX_PRIORITY_SCHEDULING
options _KPOSIX_VERSION=199309L
#####################################################################
# CLOCK OPTIONS
# The granularity of operation is controlled by the kernel option HZ whose
# default value (100) means a granularity of 10ms. For an accurate simulation
# of high data rates it might be necessary to reduce the timer granularity to
# 1ms or less. Consider, however, that some interfaces using programmed I/O
# may require a considerable time to output packets. So, reducing the
# granularity too much might actually cause ticks to be missed thus reducing
# the accuracy of operation.
options HZ=100
# Other clock options
options CLK_CALIBRATION_LOOP
options CLK_USE_I8254_CALIBRATION
options CLK_USE_TSC_CALIBRATION
#####################################################################
# SCSI DEVICES
# SCSI DEVICE CONFIGURATION
# The SCSI subsystem consists of the `base' SCSI code, a number of
# high-level SCSI device `type' drivers, and the low-level host-adapter
# device drivers. The host adapters are listed in the ISA and PCI
# device configuration sections below.
#
# Beginning with FreeBSD 2.0.5 you can wire down your SCSI devices so
# that a given bus, target, and LUN always come on line as the same
# device unit. In earlier versions the unit numbers were assigned
# in the order that the devices were probed on the SCSI bus. This
# means that if you removed a disk drive, you may have had to rewrite
# your /etc/fstab file, and also that you had to be careful when adding
# a new disk as it may have been probed earlier and moved your device
# configuration around.
# This old behavior is maintained as the default behavior. The unit
# assignment begins with the first non-wired down unit for a device
# type. For example, if you wire a disk as "da3" then the first
# non-wired disk will be assigned da4.
# The syntax for wiring down devices is:
hint.scbus.0.at="ahc0"
hint.scbus.1.at="ahc1"
hint.scbus.1.bus="0"
hint.scbus.3.at="ahc2"
hint.scbus.3.bus="0"
hint.scbus.2.at="ahc2"
hint.scbus.2.bus="1"
hint.da.0.at="scbus0"
hint.da.0.target="0"
hint.da.0.unit="0"
hint.da.1.at="scbus3"
hint.da.1.target="1"
hint.da.2.at="scbus2"
hint.da.2.target="3"
hint.sa.1.at="scbus1"
hint.sa.1.target="6"
# "units" (SCSI logical unit number) that are not specified are
# treated as if specified as LUN 0.
# All SCSI devices allocate as many units as are required.
# The ch driver drives SCSI Media Changer ("jukebox") devices.
#
# The da driver drives SCSI Direct Access ("disk") and Optical Media
# ("WORM") devices.
#
# The sa driver drives SCSI Sequential Access ("tape") devices.
#
# The cd driver drives SCSI Read Only Direct Access ("cd") devices.
#
# The ses driver drives SCSI Envinronment Services ("ses") and
# SAF-TE ("SCSI Accessable Fault-Tolerant Enclosure") devices.
#
# The pt driver drives SCSI Processor devices.
#
#
# Target Mode support is provided here but also requires that a SIM
# (SCSI Host Adapter Driver) provide support as well.
#
# The targ driver provides target mode support as a Processor type device.
# It exists to give the minimal context necessary to respond to Inquiry
# commands. There is a sample user application that shows how the rest
# of the command support might be done in /usr/share/examples/scsi_target.
#
# The targbh driver provides target mode support and exists to respond
# to incoming commands that do not otherwise have a logical unit assigned
# to them.
#
# The "unknown" device (uk? in pre-2.0.5) is now part of the base SCSI
# configuration as the "pass" driver.
device scbus #base SCSI code
device ch #SCSI media changers
device da #SCSI direct access devices (aka disks)
device sa #SCSI tapes
device cd #SCSI CD-ROMs
device ses #SCSI Environmental Services (and SAF-TE)
device pt #SCSI processor
device targ #SCSI Target Mode Code
device targbh #SCSI Target Mode Blackhole Device
device pass #CAM passthrough driver
# CAM OPTIONS:
# debugging options:
# -- NOTE -- If you specify one of the bus/target/lun options, you must
# specify them all!
# CAMDEBUG: When defined enables debugging macros
# CAM_DEBUG_BUS: Debug the given bus. Use -1 to debug all busses.
# CAM_DEBUG_TARGET: Debug the given target. Use -1 to debug all targets.
# CAM_DEBUG_LUN: Debug the given lun. Use -1 to debug all luns.
# CAM_DEBUG_FLAGS: OR together CAM_DEBUG_INFO, CAM_DEBUG_TRACE,
# CAM_DEBUG_SUBTRACE, and CAM_DEBUG_CDB
#
# CAM_MAX_HIGHPOWER: Maximum number of concurrent high power (start unit) cmds
# SCSI_NO_SENSE_STRINGS: When defined disables sense descriptions
# SCSI_NO_OP_STRINGS: When defined disables opcode descriptions
# SCSI_DELAY: The number of MILLISECONDS to freeze the SIM (scsi adapter)
# queue after a bus reset, and the number of milliseconds to
# freeze the device queue after a bus device reset.
options CAMDEBUG
options CAM_DEBUG_BUS=-1
options CAM_DEBUG_TARGET=-1
options CAM_DEBUG_LUN=-1
options CAM_DEBUG_FLAGS="CAM_DEBUG_INFO|CAM_DEBUG_TRACE|CAM_DEBUG_CDB"
options CAM_MAX_HIGHPOWER=4
options SCSI_NO_SENSE_STRINGS
options SCSI_NO_OP_STRINGS
options SCSI_DELAY=8000 # Be pessimistic about Joe SCSI device
# Options for the CAM CDROM driver:
# CHANGER_MIN_BUSY_SECONDS: Guaranteed minimum time quantum for a changer LUN
# CHANGER_MAX_BUSY_SECONDS: Maximum time quantum per changer LUN, only
# enforced if there is I/O waiting for another LUN
# The compiled in defaults for these variables are 2 and 10 seconds,
# respectively.
#
# These can also be changed on the fly with the following sysctl variables:
# kern.cam.cd.changer.min_busy_seconds
# kern.cam.cd.changer.max_busy_seconds
#
options CHANGER_MIN_BUSY_SECONDS=2
options CHANGER_MAX_BUSY_SECONDS=10
# Options for the CAM sequential access driver:
# SA_SPACE_TIMEOUT: Timeout for space operations, in minutes
# SA_REWIND_TIMEOUT: Timeout for rewind operations, in minutes
# SA_ERASE_TIMEOUT: Timeout for erase operations, in minutes
# SA_1FM_AT_EOD: Default to model which only has a default one filemark at EOT.
options SA_SPACE_TIMEOUT="(60)"
options SA_REWIND_TIMEOUT="(2*60)"
options SA_ERASE_TIMEOUT="(4*60)"
options SA_1FM_AT_EOD
# Optional timeout for the CAM processor target (pt) device
# This is specified in seconds. The default is 60 seconds.
options SCSI_PT_DEFAULT_TIMEOUT="60"
# Optional enable of doing SES passthrough on other devices (e.g., disks)
#
# Normally disabled because a lot of newer SCSI disks report themselves
# as having SES capabilities, but this can then clot up attempts to build
# build a topology with the SES device that's on the box these drives
# are in....
options SES_ENABLE_PASSTHROUGH
#####################################################################
# MISCELLANEOUS DEVICES AND OPTIONS
# The `pty' device usually turns out to be ``effectively mandatory'',
# as it is required for `telnetd', `rlogind', `screen', `emacs', and
# `xterm', among others.
device pty #Pseudo ttys
device speaker #Play IBM BASIC-style noises out your speaker
device gzip #Exec gzipped a.out's
device md #Memory/malloc disk
device snp #Snoop device - to look at pty/vty/etc..
device ccd 4 #Concatenated disk driver
# Configuring Vinum into the kernel is not necessary, since the kld
# module gets started automatically when vinum(8) starts. This
# device is also untested. Use at your own risk.
#
# The option VINUMDEBUG must match the value set in CFLAGS
# in src/sbin/vinum/Makefile. Failure to do so will result in
# the following message from vinum(8):
#
# Can't get vinum config: Invalid argument
#
# see vinum(4) for more reasons not to use these options.
device vinum #Vinum concat/mirror/raid driver
options VINUMDEBUG #enable Vinum debugging hooks
# Kernel side iconv library
options LIBICONV