MirBSD manpage: options(4)

OPTIONS(4)                 BSD Programmer's Manual                  OPTIONS(4)


     options - miscellaneous kernel configuration options


     option ...


     This manual page describes a number of miscellaneous kernel configuration
     options that may be specified in a kernel config file. See config(8) for
     information on how to configure and build kernels. Note: options are
     passed to the compile process as -D flags to the C compiler.

Compatibility Options

     option COMPAT_LINUX
     On those architectures that support it, this enables binary compatibility
     with Linux ELF and a.out applications built for the same architecture.
     This option is supported on the i386 architecture. See compat_linux(8).

     This option also enables execution of ET_DYN binaries, such as ld-

     option COMPAT_OPENBSD
     This enables binary compatibility with OpenBSD applications built for the
     same architecture. This option is available on all architectures. See

Debugging Options

     option DDB
     Compiles in a kernel debugger for diagnosing kernel problems. See ddb(4)
     for details. Note: not available on all architectures.

     option DDB_SAFE_CONSOLE
     Allows a break into the kernel debugger during boot. Useful when debug-
     ging problems that can cause init(8) to fail.

     option KGDB
     Compiles in a remote kernel debugger stub for diagnosing kernel problems
     using the "remote target" feature of gdb. See kgdb(7) for details. Note:
     not available on all architectures.

     makeoptions DEBUG="-g"
     The -g flag causes bsd.gdb to be built in addition to bsd. bsd.gdb is
     useful for debugging kernels and their crash dumps with gdb. Note that
     gdb(1)'s -k flag is obsolete and should not be used. Instead, a crash
     dump can be debugged by starting gdb(1) with the kernel name as an argu-
     ment (no core file) and then use the gdb(1) command "target kcore

     option DEBUG
     Turns on miscellaneous kernel debugging. Since options are turned into
     preprocessor defines (see above), option DEBUG is equivalent to doing a
     #define DEBUG throughout the kernel. Much of the kernel has #ifdef DEBUG
     conditional debugging code. Note that many parts of the kernel (typically
     device drivers) include their own #ifdef XXX_DEBUG conditionals instead.
     This option also turns on certain other options, notably option
     KMEMSTATS, which may decrease system performance.

     option DIAGNOSTIC
     Adds code to the kernel that does internal consistency checks. This code
     will cause the kernel to panic if corruption of internal data structures
     is detected.

     option SMALL_KERNEL
     Removes some optimizations from the kernel to reduce the size of the
     resulting kernel binary. This option can decrease system performance.

     option NO_PROPOLICE
     Do not compile the kernel with the propolice stack protection.

     option GPROF
     Adds code to the kernel for kernel profiling with kgmon(8).

     makeoptions PROF="-pg"
     The -pg flag causes the kernel to be compiled with support for profiling.
     The option GPROF is required for the kernel compile to succeed.

     option KTRACE
     Adds hooks for the system call tracing facility, which allows users to
     watch the system call invocation behavior of processes. See ktrace(1) for

     option PTRACE
     Adds hooks for the process tracing facility, allowing a process to con-
     trol and observe another process. See ptrace(2) for details.

     option RAIDDEBUG
     Be verbose on what RAIDframe does. See raid(4) for details.


     option FFS
     Includes code implementing the Berkeley Fast Filesystem (FFS). Most
     machines need this if they are not running diskless.

     option EXT2FS
     Includes code implementing the Second Extended Filesystem (EXT2FS). This
     is the most commonly used filesystem on the Linux operating system, and
     is provided here for compatibility. Some specific features of EXT2FS like
     the "behavior on errors" are not implemented. This filesystem can't be
     used with uid_t or gid_t values greater than 65535. Also, the filesystem
     will not function correctly on architectures with differing byte-orders.
     That is, a big-endian machine will not be able to read an ext2fs filesys-
     tem created on an i386 or other little-endian machine. See
     mount_ext2fs(8) for details.

     option MFS
     Include the memory filesystem (MFS). This filesystem stores files in
     swappable memory, and produces notable performance improvements when it
     is used as the file store for /tmp or similar mount points. See
     mount_mfs(8) for details.

     option NFSCLIENT
     Include the client side of the NFS (Network Filesystem) remote file shar-
     ing protocol. Although the bulk of the code implementing NFS is kernel
     based, several user level daemons are needed for it to work. See
     mount_nfs(8) for details on NFS.

     option CD9660
     Includes code for the ISO 9660 + Rock Ridge filesystem, which is the
     standard filesystem used on many CD-ROMs. It also supports Joliet exten-
     sions. See mount_cd9660(8) for details.

     option MSDOSFS
     Includes support for the MS-DOS FAT filesystem. The kernel also imple-
     ments the Windows 95 extensions which permit the use of longer, mixed-
     case file names. See mount_msdos(8) and fsck_msdos(8) for details.

     option NTFS
     Includes support for reading NTFS filesystems. Experimental and read
     only. See mount_ntfs(8) for details.

     option FDESC
     Includes code for a filesystem which can be mounted on /dev/fd. This
     filesystem permits access to the per-process file descriptor space via
     special files in the filesystem. See mount_fdesc(8) for details. Note
     that this facility is redundant, and thus unneeded on most OpenBSD sys-
     tems, since the fd(4) pseudo-device driver already provides identical
     functionality. On most systems, instances of fd(4) are mknoded under
     /dev/fd/ and on /dev/stdin, /dev/stdout, and /dev/stderr.

     option KERNFS
     Includes code which permits the mounting of a special filesystem (normal-
     ly mounted on /kern) in which files representing various kernel variables
     and parameters may be found. See mount_kernfs(8) for details.

     option NULLFS
     Includes code for a loopback filesystem. This permits portions of the
     file hierarchy to be re-mounted in other places. The code really exists
     to provide an example of a stackable filesystem layer. See mount_null(8)
     for details.

     option PORTAL
     Includes the (experimental) portal filesystem. This permits interesting
     tricks like opening TCP sockets by opening files in the filesystem. The
     portal filesystem is conventionally mounted on /p and is partially imple-
     mented by a special daemon. See mount_portal(8) for details.

     option PROCFS
     Includes code for a special filesystem (conventionally mounted on /proc)
     in which the process space becomes visible in the filesystem. Among other
     things, the memory spaces of processes running on the system are visible
     as files, and signals may be sent to processes by writing to ctl files in
     the procfs namespace. See mount_procfs(8) for details.

     option UMAPFS
     Includes a loopback filesystem in which user and group IDs may be
     remapped -- this can be useful when mounting alien filesystems with dif-
     ferent uids and gids than the local system (eg, remote NFS). See
     mount_umap(8) for details.

     option UNION
     Includes code for the union filesystem, which permits directories to be
     mounted on top of each other in such a way that both filesystems remain
     visible -- this permits tricks like allowing writing (and the deleting of
     files) on a read-only filesystem like a CD-ROM by mounting a local writ-
     able filesystem on top of the read-only file system. This filesystem is
     still experimental and is known to be somewhat unstable. See
     mount_union(8) for details.

Filesystem Options

     Enables a scheme that uses partial ordering of buffer cache operations to
     allow metadata updates in FFS to happen asynchronously, increasing write
     performance significantly. Normally, the FFS filesystem writes metadata
     updates synchronously which exacts a performance penalty in favor of
     filesystem integrity. With soft updates, the performance of asynchronous
     writes is gained while retaining the safety of synchronous metadata up-

     Soft updates must be enabled on a per-filesystem basis. See mount(8) for

     Processors with a small kernel address space, such as the sun4 and sun4c,
     do not have enough kernel memory to support soft updates. Attempts to use
     this option with these CPUs will cause a kernel hang or panic after a
     short period of use as the kernel will quickly run out of memory. This is
     not related to the amount of physical memory present in the machine -- it
     is a limitation of the CPU architecture itself.

     option BUFCACHEPERCENT=integer
     Percentage of RAM to use as a filesystem buffer. It defaults to 5.

     option NFSSERVER
     Include the server side of the NFS (Network Filesystem) remote file shar-
     ing protocol. Although the bulk of the code implementing NFS is kernel
     based, several user level daemons are needed for it to work. See
     mountd(8) and nfsd(8) for details.

     option QUOTA
     Enables kernel support for filesystem quotas. See quotaon(8), edquota(8),
     repquota(8), and quota(1) for details. Note that quotas only work on
     "ffs" filesystems, although rpc.rquotad(8) permits them to be accessed
     over NFS.

     option FIFO
     Adds support for AT&T System V UNIX style FIFOs (i.e., "named pipes").
     This option is recommended in almost all cases as many programs use

     This option changes the behavior of the APPEND and IMMUTABLE flags for a
     file on an EXT2FS filesystem. Without this option, the superuser or owner
     of the file can set and clear them. With this option, only the superuser
     can set them, and they can't be cleared if the securelevel is greater
     than 0. See also chflags(1).

     option UFS_EXTATTR
     This option enables Extended Attribute support for UFS filesystems.

     This option causes Extended Attributes to be started and enabled when
     each UFS filesystem is mounted. The attribute storage is expected to be
     (relative to mount point) /.attribute/{system|user}/<attrname>

     option UFS_DIRHASH
     This option enables using an in memory hash table to speed lookups in
     large directories.

Miscellaneous Options

     option PCIVERBOSE
     Makes the boot process more verbose for PCI peripherals (vendor names and
     other information is printed, etc.).

     Makes the boot process more verbose for PCMCIA peripherals.

     Makes the boot process more verbose for Mac OBIO peripherals.

     option APERTURE
     Provide in-kernel support for controlling VGA framebuffer mapping and PCI
     configuration registers by user-processes (such as an X Window System
     server). This option is supported on the alpha, i386, macppc, and sparc64

     option LKM
     Enables support for loadable kernel modules. See lkm(4) for details.
     Note: This option is not yet available on all architectures.

     option CRYPTO
     Enables support for the kernel cryptographic framework. See crypto(9) for
     details. While not IP specific, this option is usually used in conjunc-
     tion with option IPSEC.

     option INSECURE
     Hardwires the kernel security level at -1. This means that the system al-
     ways runs in securelevel 0 mode, even when running multiuser. See init(8)
     for details on the implications of this. The kernel secure level may be
     manipulated by the superuser by altering the kern.securelevel sysctl
     variable. (It should be noted that the securelevel may only be lowered by
     a call from process ID 1, i.e., init(8).) See also sysctl(8) and

     option CCDNBUF=integer
     The ccd(4) device driver uses "component buffers" to distribute I/O re-
     quests to the components of a concatenated disk. It keeps a freelist of
     buffer headers in order to reduce use of the kernel memory allocator.
     CCDNBUF is the number of buffer headers allocated on the freelist for
     each component buffer. It defaults to 8.

     option KMEMSTATS
     The kernel memory allocator, malloc(9), will keep statistics on its per-
     formance if this option is enabled. Unfortunately, this option therefore
     essentially disables MALLOC() and FREE() forms of the memory allocator,
     which are used to enhance the performance of certain critical sections of
     code in the kernel. This option therefore can lead to a significant de-
     crease in the performance of certain code in the kernel if enabled. Exam-
     ples of such code include the namei() routine, the ccd(4) driver, the
     ncr(4) driver, and much of the networking code. Note that this option is
     silently turned on by the DEBUG option.

     option BOOT_CONFIG
     Adds support for the -c boot option (User Kernel Config). Allows modifi-
     cation of kernel settings (e.g., device parameters) before booting the

     Adds support for auto-configuring the RAIDframe devices during the kernel
     initialization. See raid(4) and raidctl(8) for details.

     option UVM_SWAP_ENCRYPT
     Enables kernel support for encrypting pages that are written out to swap
     storage. Swap encryption prevents sensitive data from remaining on the
     disk even after the operating system has been shut down. This option
     should be turned on if cryptographic filesystems are used. The sysctl
     variable vm.swapencrypt.enable controls its behaviour. See sysctl(8) and
     sysctl(3) for details.

     option USER_PCICONF
     Enables the user level access to the PCI bus configuration space through
     ioctls on the /dev/pci device. It's used by the XFree86(1) server on some
     architectures. See pci(4) for details.

     option PCIAGP
     Enables ioctl(2) access to the AGP GART on the supported chipsets. It's
     used by the XFree86(1) server on some architectures. See vga(4) for de-

     Includes the configuration file given to config(8) in the kernel image.
     It can be recovered later by executing strings -n4 /bsd | sed -n

Networking Options

     option IPFORWARDING
     Enables IP routing behavior. With this option enabled, the machine will
     forward IP datagrams between its interfaces that are destined for other
     machines. Note that even without this option, the kernel will still for-
     ward some packets (such as source routed packets) -- removing
     IPFORWARDING is insufficient to stop all routing through a bastion host
     on a firewall -- source routing is controlled independently. Note that IP
     forwarding may be turned on and off independently of the setting of the
     IPFORWARDING option through the use of the net.inet.ip.forwarding sysctl
     variable. If net.inet.ip.forwarding is 1, IP forwarding is on. See
     sysctl(8) and sysctl(3) for details.

     option MROUTING
     Includes support for IP multicast routers. INET should be set along with
     this. Multicast routing is controlled by the mrouted(8) daemon.

     option INET
     Includes support for the TCP/IP protocol stack. This option is currently
     required. See inet(4) for details.

     option INET6
     Includes support for the IPv6 protocol stack. See inet6(4) for details.
     Unlike INET, INET6 enables multicast routing code as well. This option
     requires INET at this moment, but it should not.

     option ND6_DEBUG
     The option sets the default value of net.inet6.icmp6.nd6_debug to 1, for
     debugging IPv6 neighbor discovery protocol handling. See sysctl(3) for

     option IPX, IPXIP
     Include support for Internetwork Packet Exchange protocol commonly in use
     by Novell NetWare.

     option NETATALK
     Include kernel support for the AppleTalk family of protocols. This suite
     of supporting code is sometimes called netatalk support.

     option TCP_COMPAT_42
     Use of this option is extremely discouraged, so it should not be enabled.
     If any other machines on the network require enabling this, it's recom-
     mended that they be disconnected from the network.

     TCP bug compatibility with 4.2BSD. In 4.2BSD, TCP sequence numbers were
     32-bit signed values. Modern implementations of TCP use unsigned values.
     This option clamps the initial sequence number to start in the range 2^31
     rather than the full unsigned range of 2^32. Also, under 4.2BSD,
     keepalive packets must contain at least one byte or else the remote end
     will not respond.

     option TCP_SACK
     Turns on selective acknowledgements. Additional information about seg-
     ments already received can be transmitted back to the sender, thus indi-
     cating segments that have been lost and allowing for a swifter recovery.
     Both communication endpoints need to support SACK. The fallback behaviour
     is NewReno fast recovery phase, which allows one lost segment to be
     recovered per round trip time. When more than one segment has been
     dropped per window, the transmission can continue without waiting for a
     retransmission timeout.

     option TCP_FACK
     Turns on forward acknowledgements allowing a more precise estimate of
     outstanding data during the fast recovery phase by using SACK informa-
     tion. This option can only be used together with TCP_SACK.

     option TCP_ECN
     Turns on Explicit Congestion Notification (RFC 3168). ECN allows inter-
     mediate routers to use the Congestion Experienced codepoint in the IP
     header as an indication of congestion, and allows TCP to adjust the
     transmission rate using this signal. Both communication endpoints nego-
     tiate enabling ECN functionality at the TCP connection establishment.

     option TCP_SIGNATURE
     Turns on support for the TCP MD5 Signature option (RFC 2385). This is
     used by Internet backbone routers to provide per-packet authentication
     for the TCP packets used to communicate BGP routing information. You will
     also need a routing daemon that supports this option in order to actually
     use it.

     option PPP_FILTER
     This option turns on pcap(3) based filtering for ppp connections. This
     option is used by pppd(8) which needs to be compiled with PPP_FILTER de-
     fined (the current default).

     option PPP_BSDCOMP
     Enables BSD compressor for PPP connections.

     option PPP_DEFLATE
     This option is currently not supported in MirOS.

     option IPSEC
     This option enables IP security protocol support. See ipsec(4) for more

     option ENCDEBUG
     This option enables debugging information to be conditionally logged in
     case IPSEC encounters errors. The option IPSEC is required along with
     this option. Debug logging can be turned on/off through the use of the
     net.inet.ip.encdebug sysctl variable. If net.ipsec.encap.encdebug is 1,
     debug logging is on. See sysctl(8) and sysctl(3) for details.

     option KEY
     Enables PFKEYv2 (RFC 2367) support. While not IP specific, this option is
     usually used in conjunction with option IPSEC.

     option ALTQ
     Enables ALTQ (Alternate Queuing). See pfctl(8) and pf.conf(5) to set up
     the interface transmission rate and queueing disciplines. ALTQ_CBQ,
     ALTQ_RED, ALTQ_PRIQ and ALTQ_HFSC are enabled by default with option ALTQ
     in OpenBSD. See altq(9) for details on ALTQ.

     option ALTQ_RIO
     Enables ALTQ's RIO (RED with In/Out) module. The original RIO has 2 sets
     of RED parameters; one for in-profile packets and the other for out-of-
     profile packets. At the ingress of the network, profile meters tag pack-
     ets as IN or OUT based on contracted profiles for customers. Inside the
     network, IN packets receive preferential treatment by the RIO dropper.
     ALTQ/RIO has 3 drop precedence levels defined for the Assured Forwarding
     PHB of DiffServ (RFC 2597).

     option ALTQ_NOPCC
     Disables use of processor cycle counter (e.g., Pentium TSC on i386 and
     PCC on alpha) to measure time in ALTQ. This option should be defined for
     a non-Pentium i386 CPU which does not have TSC, SMP (per-CPU counters are
     not in sync), or power management which affects processor cycle counter.

SCSI Subsystem Options

     option SCSITERSE
     Terser SCSI error messages. This omits the table for decoding ASC/ASCQ
     info, saving about 30KB.

     option SCSIDEBUG
     Enable printing of SCSI subsystem debugging info to the console. Each of
     must have non-zero values for any debugging info to be printed. Only
     SCSI_DEBUG_LEVEL has a default value that is non-zero.

     option SCSIDEBUG_LEVEL=value
     Define which of the four levels of debugging info are printed. Each bit
     enables a level, and multiple levels are specified by setting multiple

           0x0010  (SDEV_DB1) SCSI commands, errors, and data
           0x0020  (SDEV_DB2) routine flow
           0x0040  (SDEV_DB3) routine internals
           0x0080  (SDEV_DB4) miscellaneous addition debugging

     If SCSIDEBUG_LEVEL is undefined, a value of 0x0030 (SDEV_DB1|SDEV_DB2) is

     option SCSIDEBUG_BUSES=value
     Define which SCSI buses will print debug info. Each bit enables debugging
     info for the corresponding bus. e.g. a value of 0x1 enables debug info
     for bus 0.

     option SCSIDEBUG_TARGETS=value
     Define which SCSI targets will print debug info. Each bit enables debug-
     ging info for the corresponding target.

     option SCSIDEBUG_LUNS=value
     Define which SCSI luns will print debug info. Each bit enables debugging
     info for the corresponding lun.

     option SCSIFORCELUN_BUSES=value
     Define which SCSI buses will do full lun scanning. SCSIFORCELUN_TARGETS
     must also be set to a non-zero value for this option to take effect. Each
     bit enables a full lun scan for the corresponding SCSI bus. The lun scan
     normally terminates if identical INQUIRY data is seen for lun 0 and
     another lun, as this usually means the target cannot distinguish between
     different luns. But some devices (e.g. some external RAID devices) can
     legitimately supply identical INQUIRY data for several luns.

     option SCSIFORCELUN_TARGETS=value
     Define which SCSI targets will do full lun scanning. SCSIFORCELUN_BUSES
     must also be set to a non-zero value for this option to have any effect.
     Each bit enables a full lun scan for the corresponding target on the
     buses specified by SCSIFORCELUN_BUSES.

System V IPC Options

     option SYSVMSG
     Includes support for AT&T System V UNIX style message queues. See
     msgctl(2), msgget(2), msgrcv(2), msgsnd(2).

     option SYSVSEM
     Includes support for AT&T System V UNIX style semaphores. See semctl(2),
     semget(2), semop(2).

     option VFORK_SHM
     Allows for evil things with vfork(2). Normally, doing anything else after
     a vfork than execve(2) family call or _exit(2) is undefined. With this
     option, the old-fashioned behaviour of the child and parent sharing the
     memory until the lock is released is restored. This will break on some

     option SYSVSHM
     Includes support for AT&T System V UNIX style shared memory. See
     shmat(2), shmctl(2), shmdt(2), shmget(2).

     option SHMMAXPGS=value
     Sets the maximum number of AT&T System V UNIX style shared memory pages
     that are available through the shmget(2) system call. Default value is
     1024 on most architectures. See /usr/include/machine/vmparam.h for the

     option SEMMNI=value
     Number of semaphore identifiers (also called semaphore handles and sema-
     phore sets) available in the system. Default value is 10. The kernel al-
     locates memory for the control structures at startup, so arbitrarily
     large values should be avoided.

     option SEMMNS=value
     Maximum number of semaphores in all sets in the system. Default value is

     option SEMMNU=value
     Maximum number of semaphore undo structures in the system. Default value
     is 30.

     option SEMUME=value
     Maximum number of per-process undo operation entries in the system. Sema-
     phore undo operations are invoked by the kernel when semop(2) is called
     with the SEM_UNDO flag and the process holding the semaphores terminates
     unexpectedly. Default value is 10.

     option NKMEMPAGES=value

     option NKMEMPAGES_MIN=value

     option NKMEMPAGES_MAX=value
     Size of kernel malloc area in PAGE_SIZE-sized logical pages. This area is
     covered by the kernel submap kmem_map. The kernel attempts to auto-size
     this map based on the amount of physical memory in the system. Platform-
     specific code may place bounds on this computed size, which may be viewed
     with the sysctl(8) variable vm.nkmempages. See
     /usr/include/machine/param.h for the default upper and lower bounds. The
     related options 'NKMEMPAGES_MIN' and 'NKMEMPAGES_MAX' allow the bounds to
     be overridden in the kernel configuration file. These options are provid-
     ed in the event the computed value is insufficient resulting in an "out
     of space in kmem_map" panic.

     option NBUF=value

     option BUFPAGES=value
     These options set the number of pages available for the buffer cache.
     Their default value is a machine dependent value, often calculated as
     between 5% and 10% of total available RAM.

     option DUMMY_NOPS
     This option is supported on the i386 architecture. When enabled, it
     speeds up interrupt processing by removing delays while accessing the in-
     terrupt controller. Care should be taken when using this option.

     option APM_NOPRINT
     This option is supported on the i386 architecture. When enabled, kernel
     messages regarding the status of the automatic power management system
     (APM) are suppressed. APM status can still be obtained using apm(8)
     and/or apmd(8).

     option "TIMEZONE=value"
     value indicates the timezone offset of hardware realtime clock device, in
     minutes, from UTC. It is useful when hardware realtime clock device is
     configured with local time, when dual-booting OpenBSD with other operat-
     ing systems on a single machine. For instance, if hardware realtime clock
     is set to Tokyo time, value should be -540 as Tokyo local time is 9 hours
     ahead of UTC. Double quotes are needed when specifying a negative value.


     gdb(1), ktrace(1), quota(1), gettimeofday(2), i386_iopl(2), msgctl(2),
     msgget(2), msgrcv(2), msgsnd(2), ptrace(2), semctl(2), semget(2),
     semop(2), shmat(2), shmctl(2), shmdt(2), shmget(2), sysctl(3), ddb(4),
     inet(4), ipsec(4), iso(4), lkm(4), ns(4), pci(4), xf86(4), X(7), apm(8),
     apmd(8), config(8), edquota(8), init(8), mount_cd9660(8), mount_fdesc(8),
     mount_kernfs(8), mount_mfs(8), mount_msdos(8), mount_nfs(8),
     mount_null(8), mount_portal(8), mount_procfs(8), mount_umap(8),
     mount_union(8), mrouted(8), quotaon(8), rpc.rquotad(8), sysctl(8),


     The options man page first appeared in OpenBSD 2.3.


     The INET option should not be required.

MirBSD #10-current              March 21, 2004                               9

Generated on 2022-12-24 01:00:14 by $MirOS: src/scripts/roff2htm,v 1.113 2022/12/21 23:14:31 tg Exp $ — This product includes material provided by mirabilos.

These manual pages and other documentation are copyrighted by their respective writers; their sources are available at the project’s CVSweb, AnonCVS and other mirrors. The rest is Copyright © 2002–2022 MirBSD.

This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report — diffs preferred.

Kontakt / Impressum & Datenschutzerklärung