Absolute Openbsd Unix For The Practical Paranoid [Electronic resources] نسخه متنی

i386 Kernel Options

Some kernel options only work on certain hardware platforms, while others are found on all platforms. We'll only discuss the kernel options that work on i386 here. For a fairly complete list of kernel options meant for general use, see options(4).

Bus Options

These kernel options affect how hardware busses and associated hardware behaves.

This option makes the computer print vendor names, chips IDs, and such for all PCI devices in the system when those devices are first detected.

This option makes the computer print vendor names, chip IDs, and so on for all EISA devices at boot-time.

Whenever a USB device is detected (either at boot-time, or by plugging into the system), this option makes it print out any information it can get from the hardware.

This makes the boot process give more information about the PCMCIA bus and any attached devices.

As you can probably guess by now, this provides additional debugging information about the ISA Plug-and-Play interface during boots.

Debugging Options

In most cases, system developers are the ones interested in ones interested in debugging options. Many of these options aren't particularly useful to people who just want to run OpenBSD.

This compiles the kernel debugger into the kernel. See ddb(4) for more information.

This allows a developer to call up the debugger before the system finishes initializing. It's useful if you're working on init(8).

This includes the full symbol table in the kernel. If you are developing an OpenBSD kernel, you probably want this.

This builds a kernel with support for profiling.

This builds the kernel hooks for the profiling tool, kgmon(8).

This adds internal consistency checks on kernel data. If a system fails a DIAGNOSTIC check, the kernel panics. You might think this is bad, but it's better than running with corrupt data!

This compiles in a remote kernel debugger, allowing a kernel developer to use gdb(1)'s remote target features.

This sets the device name used by the kgdb option.

This sets the memory address used by the kgdb option.

This sets the port speed used by the kgdb option.

Security Options

The following options affect system security.

This supports encrypted swap space. See Chapter 15 for details.

This sets the default securelevel to -1, instead of zero. See securelevel(7).

Userland Syscall Options

System calls are the interface the kernel provides to programs running on the system. Removing these options can cause programs to run badly, or not at all.

This provides the kernel hooks for ktrace(1), which allows users to track the system calls made by programs they run.

This keeps statistics on how memory is used. It adds overhead to the system calls malloc() and free(), dramatically increasing system overhead for trivial things such as networking and the (unsupported) RAID driver.

This adds hooks for the ptrace(2) system call, which allows one process to monitor and control another process.

This adds an in-kernel cryptographic engine. The most common user for this is IPSEC, but it's available to other kernel features as well. Se crypto(9) for details.

This supports System V message queues, as documented in msgctl(2), msgget(2), msgrcv(2), and msgsnd(2). If you don't know what this is, you want it.

This supports System V-style semaphores. For details, see semctl(2), semget(2), and semop(2). Again, include it unless you specifically know you don't want it.

If you want to use System V-style shared memory, use this option. You can read about this in shmat(2), shmctl(2), shmdt(2), and shmget(2). Many programs expect to find these features.

These are "named pipes." Many programs use named pipes, and you should always include them. (If you're using OpenBSD in an embedded system, you might know that you don't need them.)

Filesystem Options

These options support the various file systems that OpenBSD can use. If you don't include the option for a filesystem, you cannot access disks formatted in that manner.

This is the standard UNIX file system. It is required.

Soft Updates greatly enhance FFS. You almost certainly want this. See Chapter 15.

This allows you to set quotas on how much disk a user can take up.

This is the standard Linux file system.

This option allows you to create virtual disks out of memory. Such disks are extremely fast, and excellent for many short-term operations.

This supports the AFS-compatible Arla filesystem. See mount_xfs(8) for details.

This allows your system to access NFS mounts exported from other machines. See mount_nfs(8).

This allows your system to export NFS file systems to other machines. See mountd(8) and nfsd(8) for details.

This supports CD-ROMs. See Chapter 15.

This tells your kernel how to access MS-DOS formatted disks, which is the default floppy disk format. See Chapter 15.

This allows programs to access the per-process file descriptor space. This is not needed on most OpenBSD systems, as the fd(4) pseudo-device provides identical functionality.

The kernel file system creates a directory, traditionally mounted on /kern, which exports a variety of kernel information. See mount_kernfs(8). If you don't want to use this, don't need it.

This lets the kernel "layer" file systems on top of each other, basically remounting directories at different locations. This nifty trick is discussed in mount_null(8).

The portal filesystem provides a map between the filesystem and the kernel. It allows you to, say, create a TCP connection by opening a file. It is highly experimental; see mount_portal(8).

The process filesystem gives details on processes running in system. See Chapter 15.

This is nullfs, plus the ability to remap user ID and group ID numbers. It's useful for mounting foreign file systems where these values are different — say, over NFS. See mount_umap(8).

This is a massively cool, but slightly buggy option where the kernel can create a stackable filesystem where both layers are visible. See mount_union(8).

Networking Options

The following options all alter networking behavior.

This option increases NMBCLUSTERS and sets sysctl net.inet.ip.forwarding to 1. These effects can be achieved separately without recompiling the kernel by, well, increasing NMBCLUSTERS and changing the sysctl.

This gives the kernel basic networking functionality.

This enables up simple rate-limiting and traffic shaping. See altqd(8).

This tells the kernel about IPv6.

This helps IPv6 handle erratic packet flows. If you're using IPv6, you want this.

IPSec is the standard built-in security for IPv6.

This option supports PFKEYv2. If you have the IPSEC option, you automatically get this. You can read about PFKEYv2 in RFC 2367.

This option supports the Xerox Network Systems networking protocols. Most people don't need it. See ns(4).

This option supports tunneling XNS over TCP/IP. If you don't need XNS support, you certainly don't need this!

This gives the kernel support for the Internet Packet Exchange protocol popular in older Netware environments.

This lets the kernel support "tunnels" to put IPX over an IP network.

This supports the ISO protocols that use the ISO addressing scheme, such as CLNP or TP. See ios(4).

This lets you tunnel ISO protocols over TCP/IP.

This lets the kernel understand Apple's AppleTalk protocol.

This supports X.25 protocols. It's been neglected for some time, so it's probably scary and certainly buggy.

This is the standard compression style for PPP connections. It's only used by pppd(8).

This is the interface to the zlib library for PPP connections, as used by pppd(8).

This supports the kernel part of multicast routing. If you're building a multicast router, you want this. If you don't know what multicast routing is, you aren't doing it. See mrouted(8).

This enables Selective Acknowledgements allow for faster recovery from interrupted TCP connections.

Forward Acknowledgements help reduce congestion on TCP networks, but both sides of every connection must understand forward acknowledgements. It can only be used with TCP_FACK.

This computes MD5 checksums of TCP packets. While this sounds truly nifty, only Internet backbone routers use it to verify BGP routing information. As such, it's not exactly useful to most people. If you're building a BGP-speaking router out of an OpenBSD box, however, you might find this useful.

Console Options

The following options all affect how the wscons platform-independent console driver behaves.

This supports switching between multiple virtual consoles.

This supports raw keyboard code compatibility, without the wscons framework. The X Window System needs this.

This is the number of virtual consoles.

This gives the console compatibility with pcvt, needed for X.

Binary Compatibility Options

These options provide compatibility with other operating systems. Some of these are network compatibility features, but most cover OpenBSD's support for foreign ABIs, as discussed in Chapter 13.

You might need this option to connect to systems with a BSD 4.2 TCP stack. You really don't want to communicate with those systems; in fact, such systems should be disconnected from the network, as they're almost certainly insecure and unstable.

Provides compatibility with older releases of OpenBSD. Older versions of OpenBSD had different msgtcl(2), shmctl(2), and semctl(2) system calls. You only need this option if you're running binaries compiled under OpenBSD 2.3 or earlier.

The statfs(2), fstatfs(2), and fetfsstat(2) system calls changed after OpenBSD 2.5. If you are using binaries compiled on OpenBSD 2.5 or earlier, you need this.

This option supports a whole host of system calls from BSD 4.3, in the late 80s. If you have binaries built for BSD 4.3, you need this. These programs almost certainly have security holes.

This option allows binary compatibility with i386 Solaris (or, if you're running on sparc, sparc Solaris). See compat_svr4(8).

This option supports Intel Binary Compatibility Standard 2 binaries, as found in SCO UNIX and SVR3.

This supports binary compatibility with i386 Linux binaries.

This supports binary compatibility with i386 FreeBSD binaries.

This option allows the system to run BSD/OS binaries. You must have COMPAT_43 in your kernel for this to work. See compat_bsdos(8).

Misc Options

These options are a scattered mix of things that don't fit elsewhere.

This supports boot-time kernel configuration, as discussed in Chapter 11.

This adds kernel support for a userland daemon (i.e., ntpd) setting the time.

This lets programs set the local descriptor table. It's only necessary if you're using the Wine win32 emulator.

This changes the console driver so that you can use the X windows system on the local display.

This supports VGA framebuffer mapping, so you can run X on the local display.

This allows on X server to reconfigure PCI cards.

This supports loadable kernel modules. LKMs are not common in OpenBSD.