OPTIONS(4) BSD Programmer's Manual OPTIONS(4)
options - miscellaneous kernel configuration options
option ...
This manual page describes a number of miscellaneous kernel configuration
options that may be specified in a kernel config file. See config(8) for
information on how to configure and build kernels. Note: options are
passed to the compile process as -D flags to the C compiler.
option COMPAT_LINUX
On those architectures that support it, this enables binary compatibility
with Linux ELF and a.out applications built for the same architecture.
This option is supported on the i386 architecture. See compat_linux(8).
This option also enables execution of ET_DYN binaries, such as ld-
linux.so.2.
option COMPAT_OPENBSD
This enables binary compatibility with OpenBSD applications built for the
same architecture. This option is available on all architectures. See
compat_openbsd(8).
option DDB
Compiles in a kernel debugger for diagnosing kernel problems. See ddb(4)
for details. Note: not available on all architectures.
option DDB_SAFE_CONSOLE
Allows a break into the kernel debugger during boot. Useful when debug-
ging problems that can cause init(8) to fail.
option KGDB
Compiles in a remote kernel debugger stub for diagnosing kernel problems
using the "remote target" feature of gdb. See kgdb(7) for details. Note:
not available on all architectures.
makeoptions DEBUG="-g"
The -g flag causes bsd.gdb to be built in addition to bsd. bsd.gdb is
useful for debugging kernels and their crash dumps with gdb. Note that
gdb(1)'s -k flag is obsolete and should not be used. Instead, a crash
dump can be debugged by starting gdb(1) with the kernel name as an argu-
ment (no core file) and then use the gdb(1) command "target kcore
COREFILE".
option DEBUG
Turns on miscellaneous kernel debugging. Since options are turned into
preprocessor defines (see above), option DEBUG is equivalent to doing a
#define DEBUG throughout the kernel. Much of the kernel has #ifdef DEBUG
conditional debugging code. Note that many parts of the kernel (typically
device drivers) include their own #ifdef XXX_DEBUG conditionals instead.
This option also turns on certain other options, notably option
KMEMSTATS, which may decrease system performance.
option DIAGNOSTIC
Adds code to the kernel that does internal consistency checks. This code
will cause the kernel to panic if corruption of internal data structures
is detected.
option SMALL_KERNEL
Removes some optimizations from the kernel to reduce the size of the
resulting kernel binary. This option can decrease system performance.
option NO_PROPOLICE
Do not compile the kernel with the propolice stack protection.
option GPROF
Adds code to the kernel for kernel profiling with kgmon(8).
makeoptions PROF="-pg"
The -pg flag causes the kernel to be compiled with support for profiling.
The option GPROF is required for the kernel compile to succeed.
option KTRACE
Adds hooks for the system call tracing facility, which allows users to
watch the system call invocation behavior of processes. See ktrace(1) for
details.
option PTRACE
Adds hooks for the process tracing facility, allowing a process to con-
trol and observe another process. See ptrace(2) for details.
option RAIDDEBUG
Be verbose on what RAIDframe does. See raid(4) for details.
option FFS
Includes code implementing the Berkeley Fast Filesystem (FFS). Most
machines need this if they are not running diskless.
option EXT2FS
Includes code implementing the Second Extended Filesystem (EXT2FS). This
is the most commonly used filesystem on the Linux operating system, and
is provided here for compatibility. Some specific features of EXT2FS like
the "behavior on errors" are not implemented. This filesystem can't be
used with uid_t or gid_t values greater than 65535. Also, the filesystem
will not function correctly on architectures with differing byte-orders.
That is, a big-endian machine will not be able to read an ext2fs filesys-
tem created on an i386 or other little-endian machine. See
mount_ext2fs(8) for details.
option MFS
Include the memory filesystem (MFS). This filesystem stores files in
swappable memory, and produces notable performance improvements when it
is used as the file store for /tmp or similar mount points. See
mount_mfs(8) for details.
option NFSCLIENT
Include the client side of the NFS (Network Filesystem) remote file shar-
ing protocol. Although the bulk of the code implementing NFS is kernel
based, several user level daemons are needed for it to work. See
mount_nfs(8) for details on NFS.
option CD9660
Includes code for the ISO 9660 + Rock Ridge filesystem, which is the
standard filesystem used on many CD-ROMs. It also supports Joliet exten-
sions. See mount_cd9660(8) for details.
option MSDOSFS
Includes support for the MS-DOS FAT filesystem. The kernel also imple-
ments the Windows 95 extensions which permit the use of longer, mixed-
case file names. See mount_msdos(8) and fsck_msdos(8) for details.
option NTFS
Includes support for reading NTFS filesystems. Experimental and read
only. See mount_ntfs(8) for details.
option FDESC
Includes code for a filesystem which can be mounted on /dev/fd. This
filesystem permits access to the per-process file descriptor space via
special files in the filesystem. See mount_fdesc(8) for details. Note
that this facility is redundant, and thus unneeded on most OpenBSD sys-
tems, since the fd(4) pseudo-device driver already provides identical
functionality. On most systems, instances of fd(4) are mknoded under
/dev/fd/ and on /dev/stdin, /dev/stdout, and /dev/stderr.
option KERNFS
Includes code which permits the mounting of a special filesystem (normal-
ly mounted on /kern) in which files representing various kernel variables
and parameters may be found. See mount_kernfs(8) for details.
option NULLFS
Includes code for a loopback filesystem. This permits portions of the
file hierarchy to be re-mounted in other places. The code really exists
to provide an example of a stackable filesystem layer. See mount_null(8)
for details.
option PORTAL
Includes the (experimental) portal filesystem. This permits interesting
tricks like opening TCP sockets by opening files in the filesystem. The
portal filesystem is conventionally mounted on /p and is partially imple-
mented by a special daemon. See mount_portal(8) for details.
option PROCFS
Includes code for a special filesystem (conventionally mounted on /proc)
in which the process space becomes visible in the filesystem. Among other
things, the memory spaces of processes running on the system are visible
as files, and signals may be sent to processes by writing to ctl files in
the procfs namespace. See mount_procfs(8) for details.
option UMAPFS
Includes a loopback filesystem in which user and group IDs may be
remapped -- this can be useful when mounting alien filesystems with dif-
ferent uids and gids than the local system (eg, remote NFS). See
mount_umap(8) for details.
option UNION
Includes code for the union filesystem, which permits directories to be
mounted on top of each other in such a way that both filesystems remain
visible -- this permits tricks like allowing writing (and the deleting of
files) on a read-only filesystem like a CD-ROM by mounting a local writ-
able filesystem on top of the read-only file system. This filesystem is
still experimental and is known to be somewhat unstable. See
mount_union(8) for details.
option FFS_SOFTUPDATES
Enables a scheme that uses partial ordering of buffer cache operations to
allow metadata updates in FFS to happen asynchronously, increasing write
performance significantly. Normally, the FFS filesystem writes metadata
updates synchronously which exacts a performance penalty in favor of
filesystem integrity. With soft updates, the performance of asynchronous
writes is gained while retaining the safety of synchronous metadata up-
dates.
Soft updates must be enabled on a per-filesystem basis. See mount(8) for
details.
Processors with a small kernel address space, such as the sun4 and sun4c,
do not have enough kernel memory to support soft updates. Attempts to use
this option with these CPUs will cause a kernel hang or panic after a
short period of use as the kernel will quickly run out of memory. This is
not related to the amount of physical memory present in the machine -- it
is a limitation of the CPU architecture itself.
option BUFCACHEPERCENT=integer
Percentage of RAM to use as a filesystem buffer. It defaults to 5.
option NFSSERVER
Include the server side of the NFS (Network Filesystem) remote file shar-
ing protocol. Although the bulk of the code implementing NFS is kernel
based, several user level daemons are needed for it to work. See
mountd(8) and nfsd(8) for details.
option QUOTA
Enables kernel support for filesystem quotas. See quotaon(8), edquota(8),
repquota(8), and quota(1) for details. Note that quotas only work on
"ffs" filesystems, although rpc.rquotad(8) permits them to be accessed
over NFS.
option FIFO
Adds support for AT&T System V UNIX style FIFOs (i.e., "named pipes").
This option is recommended in almost all cases as many programs use
these.
option EXT2FS_SYSTEM_FLAGS
This option changes the behavior of the APPEND and IMMUTABLE flags for a
file on an EXT2FS filesystem. Without this option, the superuser or owner
of the file can set and clear them. With this option, only the superuser
can set them, and they can't be cleared if the securelevel is greater
than 0. See also chflags(1).
option UFS_EXTATTR
This option enables Extended Attribute support for UFS filesystems.
option UFS_EXTATTR_AUTOSTART
This option causes Extended Attributes to be started and enabled when
each UFS filesystem is mounted. The attribute storage is expected to be
(relative to mount point) /.attribute/{system|user}/<attrname>
option UFS_DIRHASH
This option enables using an in memory hash table to speed lookups in
large directories.
option PCIVERBOSE
Makes the boot process more verbose for PCI peripherals (vendor names and
other information is printed, etc.).
option PCMCIAVERBOSE
Makes the boot process more verbose for PCMCIA peripherals.
option MACOBIOVERBOSE
Makes the boot process more verbose for Mac OBIO peripherals.
option APERTURE
Provide in-kernel support for controlling VGA framebuffer mapping and PCI
configuration registers by user-processes (such as an X Window System
server). This option is supported on the alpha, i386, macppc, and sparc64
architectures.
option LKM
Enables support for loadable kernel modules. See lkm(4) for details.
Note: This option is not yet available on all architectures.
option CRYPTO
Enables support for the kernel cryptographic framework. See crypto(9) for
details. While not IP specific, this option is usually used in conjunc-
tion with option IPSEC.
option INSECURE
Hardwires the kernel security level at -1. This means that the system al-
ways runs in securelevel 0 mode, even when running multiuser. See init(8)
for details on the implications of this. The kernel secure level may be
manipulated by the superuser by altering the kern.securelevel sysctl
variable. (It should be noted that the securelevel may only be lowered by
a call from process ID 1, i.e., init(8).) See also sysctl(8) and
sysctl(3).
option CCDNBUF=integer
The ccd(4) device driver uses "component buffers" to distribute I/O re-
quests to the components of a concatenated disk. It keeps a freelist of
buffer headers in order to reduce use of the kernel memory allocator.
CCDNBUF is the number of buffer headers allocated on the freelist for
each component buffer. It defaults to 8.
option KMEMSTATS
The kernel memory allocator, malloc(9), will keep statistics on its per-
formance if this option is enabled. Unfortunately, this option therefore
essentially disables MALLOC() and FREE() forms of the memory allocator,
which are used to enhance the performance of certain critical sections of
code in the kernel. This option therefore can lead to a significant de-
crease in the performance of certain code in the kernel if enabled. Exam-
ples of such code include the namei() routine, the ccd(4) driver, the
ncr(4) driver, and much of the networking code. Note that this option is
silently turned on by the DEBUG option.
option BOOT_CONFIG
Adds support for the -c boot option (User Kernel Config). Allows modifi-
cation of kernel settings (e.g., device parameters) before booting the
system.
option RAID_AUTOCONFIG
Adds support for auto-configuring the RAIDframe devices during the kernel
initialization. See raid(4) and raidctl(8) for details.
option UVM_SWAP_ENCRYPT
Enables kernel support for encrypting pages that are written out to swap
storage. Swap encryption prevents sensitive data from remaining on the
disk even after the operating system has been shut down. This option
should be turned on if cryptographic filesystems are used. The sysctl
variable vm.swapencrypt.enable controls its behaviour. See sysctl(8) and
sysctl(3) for details.
option USER_PCICONF
Enables the user level access to the PCI bus configuration space through
ioctls on the /dev/pci device. It's used by the XFree86(1) server on some
architectures. See pci(4) for details.
option PCIAGP
Enables ioctl(2) access to the AGP GART on the supported chipsets. It's
used by the XFree86(1) server on some architectures. See vga(4) for de-
tails.
option INCLUDE_CONFIG_FILE
Includes the configuration file given to config(8) in the kernel image.
It can be recovered later by executing strings -n4 /bsd | sed -n
's/^=CF=//p'
option IPFORWARDING
Enables IP routing behavior. With this option enabled, the machine will
forward IP datagrams between its interfaces that are destined for other
machines. Note that even without this option, the kernel will still for-
ward some packets (such as source routed packets) -- removing
IPFORWARDING is insufficient to stop all routing through a bastion host
on a firewall -- source routing is controlled independently. Note that IP
forwarding may be turned on and off independently of the setting of the
IPFORWARDING option through the use of the net.inet.ip.forwarding sysctl
variable. If net.inet.ip.forwarding is 1, IP forwarding is on. See
sysctl(8) and sysctl(3) for details.
option MROUTING
Includes support for IP multicast routers. INET should be set along with
this. Multicast routing is controlled by the mrouted(8) daemon.
option INET
Includes support for the TCP/IP protocol stack. This option is currently
required. See inet(4) for details.
option INET6
Includes support for the IPv6 protocol stack. See inet6(4) for details.
Unlike INET, INET6 enables multicast routing code as well. This option
requires INET at this moment, but it should not.
option ND6_DEBUG
The option sets the default value of net.inet6.icmp6.nd6_debug to 1, for
debugging IPv6 neighbor discovery protocol handling. See sysctl(3) for
details.
option IPX, IPXIP
Include support for Internetwork Packet Exchange protocol commonly in use
by Novell NetWare.
option NETATALK
Include kernel support for the AppleTalk family of protocols. This suite
of supporting code is sometimes called netatalk support.
option TCP_COMPAT_42
Use of this option is extremely discouraged, so it should not be enabled.
If any other machines on the network require enabling this, it's recom-
mended that they be disconnected from the network.
TCP bug compatibility with 4.2BSD. In 4.2BSD, TCP sequence numbers were
32-bit signed values. Modern implementations of TCP use unsigned values.
This option clamps the initial sequence number to start in the range 2^31
rather than the full unsigned range of 2^32. Also, under 4.2BSD,
keepalive packets must contain at least one byte or else the remote end
will not respond.
option TCP_SACK
Turns on selective acknowledgements. Additional information about seg-
ments already received can be transmitted back to the sender, thus indi-
cating segments that have been lost and allowing for a swifter recovery.
Both communication endpoints need to support SACK. The fallback behaviour
is NewReno fast recovery phase, which allows one lost segment to be
recovered per round trip time. When more than one segment has been
dropped per window, the transmission can continue without waiting for a
retransmission timeout.
option TCP_FACK
Turns on forward acknowledgements allowing a more precise estimate of
outstanding data during the fast recovery phase by using SACK informa-
tion. This option can only be used together with TCP_SACK.
option TCP_ECN
Turns on Explicit Congestion Notification (RFC 3168). ECN allows inter-
mediate routers to use the Congestion Experienced codepoint in the IP
header as an indication of congestion, and allows TCP to adjust the
transmission rate using this signal. Both communication endpoints nego-
tiate enabling ECN functionality at the TCP connection establishment.
option TCP_SIGNATURE
Turns on support for the TCP MD5 Signature option (RFC 2385). This is
used by Internet backbone routers to provide per-packet authentication
for the TCP packets used to communicate BGP routing information. You will
also need a routing daemon that supports this option in order to actually
use it.
option PPP_FILTER
This option turns on pcap(3) based filtering for ppp connections. This
option is used by pppd(8) which needs to be compiled with PPP_FILTER de-
fined (the current default).
option PPP_BSDCOMP
Enables BSD compressor for PPP connections.
option PPP_DEFLATE
This option is currently not supported in MirOS.
option IPSEC
This option enables IP security protocol support. See ipsec(4) for more
details.
option ENCDEBUG
This option enables debugging information to be conditionally logged in
case IPSEC encounters errors. The option IPSEC is required along with
this option. Debug logging can be turned on/off through the use of the
net.inet.ip.encdebug sysctl variable. If net.ipsec.encap.encdebug is 1,
debug logging is on. See sysctl(8) and sysctl(3) for details.
option KEY
Enables PFKEYv2 (RFC 2367) support. While not IP specific, this option is
usually used in conjunction with option IPSEC.
option ALTQ
Enables ALTQ (Alternate Queuing). See pfctl(8) and pf.conf(5) to set up
the interface transmission rate and queueing disciplines. ALTQ_CBQ,
ALTQ_RED, ALTQ_PRIQ and ALTQ_HFSC are enabled by default with option ALTQ
in OpenBSD. See altq(9) for details on ALTQ.
option ALTQ_RIO
Enables ALTQ's RIO (RED with In/Out) module. The original RIO has 2 sets
of RED parameters; one for in-profile packets and the other for out-of-
profile packets. At the ingress of the network, profile meters tag pack-
ets as IN or OUT based on contracted profiles for customers. Inside the
network, IN packets receive preferential treatment by the RIO dropper.
ALTQ/RIO has 3 drop precedence levels defined for the Assured Forwarding
PHB of DiffServ (RFC 2597).
option ALTQ_NOPCC
Disables use of processor cycle counter (e.g., Pentium TSC on i386 and
PCC on alpha) to measure time in ALTQ. This option should be defined for
a non-Pentium i386 CPU which does not have TSC, SMP (per-CPU counters are
not in sync), or power management which affects processor cycle counter.
option SCSITERSE
Terser SCSI error messages. This omits the table for decoding ASC/ASCQ
info, saving about 30KB.
option SCSIDEBUG
Enable printing of SCSI subsystem debugging info to the console. Each of
SCSIDEBUG_LEVEL, SCSIDEBUG_BUSES, SCSIDEBUG_TARGETS and SCSIDEBUG_LUNS
must have non-zero values for any debugging info to be printed. Only
SCSI_DEBUG_LEVEL has a default value that is non-zero.
option SCSIDEBUG_LEVEL=value
Define which of the four levels of debugging info are printed. Each bit
enables a level, and multiple levels are specified by setting multiple
bits.
0x0010 (SDEV_DB1) SCSI commands, errors, and data
0x0020 (SDEV_DB2) routine flow
0x0040 (SDEV_DB3) routine internals
0x0080 (SDEV_DB4) miscellaneous addition debugging
If SCSIDEBUG_LEVEL is undefined, a value of 0x0030 (SDEV_DB1|SDEV_DB2) is
used.
option SCSIDEBUG_BUSES=value
Define which SCSI buses will print debug info. Each bit enables debugging
info for the corresponding bus. e.g. a value of 0x1 enables debug info
for bus 0.
option SCSIDEBUG_TARGETS=value
Define which SCSI targets will print debug info. Each bit enables debug-
ging info for the corresponding target.
option SCSIDEBUG_LUNS=value
Define which SCSI luns will print debug info. Each bit enables debugging
info for the corresponding lun.
option SCSIFORCELUN_BUSES=value
Define which SCSI buses will do full lun scanning. SCSIFORCELUN_TARGETS
must also be set to a non-zero value for this option to take effect. Each
bit enables a full lun scan for the corresponding SCSI bus. The lun scan
normally terminates if identical INQUIRY data is seen for lun 0 and
another lun, as this usually means the target cannot distinguish between
different luns. But some devices (e.g. some external RAID devices) can
legitimately supply identical INQUIRY data for several luns.
option SCSIFORCELUN_TARGETS=value
Define which SCSI targets will do full lun scanning. SCSIFORCELUN_BUSES
must also be set to a non-zero value for this option to have any effect.
Each bit enables a full lun scan for the corresponding target on the
buses specified by SCSIFORCELUN_BUSES.
option SYSVMSG
Includes support for AT&T System V UNIX style message queues. See
msgctl(2), msgget(2), msgrcv(2), msgsnd(2).
option SYSVSEM
Includes support for AT&T System V UNIX style semaphores. See semctl(2),
semget(2), semop(2).
option VFORK_SHM
Allows for evil things with vfork(2). Normally, doing anything else after
a vfork than execve(2) family call or _exit(2) is undefined. With this
option, the old-fashioned behaviour of the child and parent sharing the
memory until the lock is released is restored. This will break on some
arches.
option SYSVSHM
Includes support for AT&T System V UNIX style shared memory. See
shmat(2), shmctl(2), shmdt(2), shmget(2).
option SHMMAXPGS=value
Sets the maximum number of AT&T System V UNIX style shared memory pages
that are available through the shmget(2) system call. Default value is
1024 on most architectures. See /usr/include/machine/vmparam.h for the
default.
option SEMMNI=value
Number of semaphore identifiers (also called semaphore handles and sema-
phore sets) available in the system. Default value is 10. The kernel al-
locates memory for the control structures at startup, so arbitrarily
large values should be avoided.
option SEMMNS=value
Maximum number of semaphores in all sets in the system. Default value is
60.
option SEMMNU=value
Maximum number of semaphore undo structures in the system. Default value
is 30.
option SEMUME=value
Maximum number of per-process undo operation entries in the system. Sema-
phore undo operations are invoked by the kernel when semop(2) is called
with the SEM_UNDO flag and the process holding the semaphores terminates
unexpectedly. Default value is 10.
option NKMEMPAGES=value
option NKMEMPAGES_MIN=value
option NKMEMPAGES_MAX=value
Size of kernel malloc area in PAGE_SIZE-sized logical pages. This area is
covered by the kernel submap kmem_map. The kernel attempts to auto-size
this map based on the amount of physical memory in the system. Platform-
specific code may place bounds on this computed size, which may be viewed
with the sysctl(8) variable vm.nkmempages. See
/usr/include/machine/param.h for the default upper and lower bounds. The
related options 'NKMEMPAGES_MIN' and 'NKMEMPAGES_MAX' allow the bounds to
be overridden in the kernel configuration file. These options are provid-
ed in the event the computed value is insufficient resulting in an "out
of space in kmem_map" panic.
option NBUF=value
option BUFPAGES=value
These options set the number of pages available for the buffer cache.
Their default value is a machine dependent value, often calculated as
between 5% and 10% of total available RAM.
option DUMMY_NOPS
This option is supported on the i386 architecture. When enabled, it
speeds up interrupt processing by removing delays while accessing the in-
terrupt controller. Care should be taken when using this option.
option APM_NOPRINT
This option is supported on the i386 architecture. When enabled, kernel
messages regarding the status of the automatic power management system
(APM) are suppressed. APM status can still be obtained using apm(8)
and/or apmd(8).
option "TIMEZONE=value"
value indicates the timezone offset of hardware realtime clock device, in
minutes, from UTC. It is useful when hardware realtime clock device is
configured with local time, when dual-booting OpenBSD with other operat-
ing systems on a single machine. For instance, if hardware realtime clock
is set to Tokyo time, value should be -540 as Tokyo local time is 9 hours
ahead of UTC. Double quotes are needed when specifying a negative value.
gdb(1), ktrace(1), quota(1), gettimeofday(2), i386_iopl(2), msgctl(2),
msgget(2), msgrcv(2), msgsnd(2), ptrace(2), semctl(2), semget(2),
semop(2), shmat(2), shmctl(2), shmdt(2), shmget(2), sysctl(3), ddb(4),
inet(4), ipsec(4), iso(4), lkm(4), ns(4), pci(4), xf86(4), X(7), apm(8),
apmd(8), config(8), edquota(8), init(8), mount_cd9660(8), mount_fdesc(8),
mount_kernfs(8), mount_mfs(8), mount_msdos(8), mount_nfs(8),
mount_null(8), mount_portal(8), mount_procfs(8), mount_umap(8),
mount_union(8), mrouted(8), quotaon(8), rpc.rquotad(8), sysctl(8),
altq(9)
The options man page first appeared in OpenBSD 2.3.
The INET option should not be required.
MirBSD #10-current March 21, 2004 9