Absolute Openbsd Unix For The Practical Paranoid [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Absolute Openbsd Unix For The Practical Paranoid [Electronic resources] - نسخه متنی

Michael W. Lucas

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید



i386 Kernel Options

Some kernel options only work on certain hardware platforms, while others are found on all platforms. We'll only discuss the kernel options that work on i386 here. For a fairly complete list of kernel options meant for general use, see options(4).


Bus Options


These kernel options affect how hardware busses and associated hardware behaves.









option


PCIVERBOSE


This option makes the computer print vendor names, chips IDs, and such for all PCI devices in the system when those devices are first detected.








option


EISAVERBOSE


This option makes the computer print vendor names, chip IDs, and so on for all EISA devices at boot-time.








option


USBVERBOSE


Whenever a USB device is detected (either at boot-time, or by plugging into the system), this option makes it print out any information it can get from the hardware.








option


PCMCIAVERBOSE


This makes the boot process give more information about the PCMCIA bus and any attached devices.








option


DEBUG_ISAPNP


As you can probably guess by now, this provides additional debugging information about the ISA Plug-and-Play interface during boots.


Debugging Options


In most cases, system developers are the ones interested in ones interested in debugging options. Many of these options aren't particularly useful to people who just want to run OpenBSD.








option


DDB


This compiles the kernel debugger into the kernel. See ddb(4) for more information.








option


DDB_SAFE_CONSOLE


This allows a developer to call up the debugger before the system finishes initializing. It's useful if you're working on init(8).








makeoptions


DEBUG="-g"


This includes the full symbol table in the kernel. If you are developing an OpenBSD kernel, you probably want this.








makeoptions


PROF="-pg"


This builds a kernel with support for profiling.








option


GPROF


This builds the kernel hooks for the profiling tool, kgmon(8).









option


DIAGNOSTIC


This adds internal consistency checks on kernel data. If a system fails a DIAGNOSTIC check, the kernel panics. You might think this is bad, but it's better than running with corrupt data!








option


KGDB


This compiles in a remote kernel debugger, allowing a kernel developer to use gdb(1)'s remote target features.








option


"KGDB_DEVNAME=\"pccom\"


This sets the device name used by the kgdb option.








option


KGDBADDR=0x2f8


This sets the memory address used by the kgdb option.








option


KGDBRATE=9600


This sets the port speed used by the kgdb option.


Security Options


The following options affect system security.








option


UVM_SWAP_ENCRYPT


This supports encrypted swap space. See Chapter 15 for details.








option


INSECURE


This sets the default securelevel to -1, instead of zero. See securelevel(7).


Userland Syscall Options


System calls are the interface the kernel provides to programs running on the system. Removing these options can cause programs to run badly, or not at all.








option


KTRACE


This provides the kernel hooks for ktrace(1), which allows users to track the system calls made by programs they run.








option


KMEMSTATS


This keeps statistics on how memory is used. It adds overhead to the system calls malloc() and free(), dramatically increasing system overhead for trivial things such as networking and the (unsupported) RAID driver.








option


PTRACE


This adds hooks for the ptrace(2) system call, which allows one process to monitor and control another process.









option


CRYPTO


This adds an in-kernel cryptographic engine. The most common user for this is IPSEC, but it's available to other kernel features as well. Se crypto(9) for details.








option


SYSVMSG


This supports System V message queues, as documented in msgctl(2), msgget(2), msgrcv(2), and msgsnd(2). If you don't know what this is, you want it.








option


SYSVSEM


This supports System V-style semaphores. For details, see semctl(2), semget(2), and semop(2). Again, include it unless you specifically know you don't want it.








option


SYSVSHM


If you want to use System V-style shared memory, use this option. You can read about this in shmat(2), shmctl(2), shmdt(2), and shmget(2). Many programs expect to find these features.








option


FIFO


These are "named pipes." Many programs use named pipes, and you should always include them. (If you're using OpenBSD in an embedded system, you might know that you don't need them.)


Filesystem Options


These options support the various file systems that OpenBSD can use. If you don't include the option for a filesystem, you cannot access disks formatted in that manner.








option


FFS


This is the standard UNIX file system. It is required.








option


FFS_SOFTUPDATES


Soft Updates greatly enhance FFS. You almost certainly want this. See Chapter 15.








option


QUOTA


This allows you to set quotas on how much disk a user can take up.








option


EXT2FS


This is the standard Linux file system.








option


MFS


This option allows you to create virtual disks out of memory. Such disks are extremely fast, and excellent for many short-term operations.








option


XFS


This supports the AFS-compatible Arla filesystem. See mount_xfs(8) for details.









option


NFSCLIENT


This allows your system to access NFS mounts exported from other machines. See mount_nfs(8).








option


NFSSERVER


This allows your system to export NFS file systems to other machines. See mountd(8) and nfsd(8) for details.








option


CD9660


This supports CD-ROMs. See Chapter 15.








option


MSDOSFS


This tells your kernel how to access MS-DOS formatted disks, which is the default floppy disk format. See Chapter 15.








option


FDESC


This allows programs to access the per-process file descriptor space. This is not needed on most OpenBSD systems, as the fd(4) pseudo-device provides identical functionality.








option


KERNFS


The kernel file system creates a directory, traditionally mounted on /kern, which exports a variety of kernel information. See mount_kernfs(8). If you don't want to use this, don't need it.








option


NULLFS


This lets the kernel "layer" file systems on top of each other, basically remounting directories at different locations. This nifty trick is discussed in mount_null(8).








option


PORTAL


The portal filesystem provides a map between the filesystem and the kernel. It allows you to, say, create a TCP connection by opening a file. It is highly experimental; see mount_portal(8).








option


PROCFS


The process filesystem gives details on processes running in system. See Chapter 15.








option


UMAPFS


This is nullfs, plus the ability to remap user ID and group ID numbers. It's useful for mounting foreign file systems where these values are different — say, over NFS. See mount_umap(8).








option


UNION


This is a massively cool, but slightly buggy option where the kernel can create a stackable filesystem where both layers are visible. See mount_union(8).



Networking Options


The following options all alter networking behavior.








option


GATEWAY


This option increases NMBCLUSTERS and sets sysctl net.inet.ip.forwarding to 1. These effects can be achieved separately without recompiling the kernel by, well, increasing NMBCLUSTERS and changing the sysctl.








option


INET


This gives the kernel basic networking functionality.








option


ALTQ


This enables up simple rate-limiting and traffic shaping. See altqd(8).








option


INET6


This tells the kernel about IPv6.








option


PULLDOWN_TEST


This helps IPv6 handle erratic packet flows. If you're using IPv6, you want this.








option


IPSEC


IPSec is the standard built-in security for IPv6.








option


KEY


This option supports PFKEYv2. If you have the IPSEC option, you automatically get this. You can read about PFKEYv2 in RFC 2367.








option


NS


This option supports the Xerox Network Systems networking protocols. Most people don't need it. See ns(4).








option


NSIP


This option supports tunneling XNS over TCP/IP. If you don't need XNS support, you certainly don't need this!








option


IPX


This gives the kernel support for the Internet Packet Exchange protocol popular in older Netware environments.








option


IPXIP


This lets the kernel support "tunnels" to put IPX over an IP network.








option


ISO,TPIP


This supports the ISO protocols that use the ISO addressing scheme, such as CLNP or TP. See ios(4).









option


EON


This lets you tunnel ISO protocols over TCP/IP.








option


NETATALK


This lets the kernel understand Apple's AppleTalk protocol.








option


CCITT,LLC,HDLC


This supports X.25 protocols. It's been neglected for some time, so it's probably scary and certainly buggy.








option


PPP_BSDCOMP


This is the standard compression style for PPP connections. It's only used by pppd(8).








option


PPP_DEFLATE


This is the interface to the zlib library for PPP connections, as used by pppd(8).








option


MROUTING


This supports the kernel part of multicast routing. If you're building a multicast router, you want this. If you don't know what multicast routing is, you aren't doing it. See mrouted(8).








option


TCP_SACK


This enables Selective Acknowledgements allow for faster recovery from interrupted TCP connections.








option


TCP_FACK


Forward Acknowledgements help reduce congestion on TCP networks, but both sides of every connection must understand forward acknowledgements. It can only be used with TCP_FACK.








option


TCP_SIGNATURE


This computes MD5 checksums of TCP packets. While this sounds truly nifty, only Internet backbone routers use it to verify BGP routing information. As such, it's not exactly useful to most people. If you're building a BGP-speaking router out of an OpenBSD box, however, you might find this useful.


Console Options


The following options all affect how the wscons platform-independent console driver behaves.








option


WSDISPLAY_COMPAT_USL


This supports switching between multiple virtual consoles.








option


WSDISPLAY_COMPAT_RAWKBD


This supports raw keyboard code compatibility, without the wscons framework. The X Window System needs this.









option


WSDISPLAY_DEFAULTSCREENS


This is the number of virtual consoles.








option


WSDISPLAY_COMPAT_PCVT


This gives the console compatibility with pcvt, needed for X.


Binary Compatibility Options


These options provide compatibility with other operating systems. Some of these are network compatibility features, but most cover OpenBSD's support for foreign ABIs, as discussed in Chapter 13.








option


TCP_COMPAT_42


You might need this option to connect to systems with a BSD 4.2 TCP stack. You really don't want to communicate with those systems; in fact, such systems should be disconnected from the network, as they're almost certainly insecure and unstable.








option


COMPAT_23


Provides compatibility with older releases of OpenBSD. Older versions of OpenBSD had different msgtcl(2), shmctl(2), and semctl(2) system calls. You only need this option if you're running binaries compiled under OpenBSD 2.3 or earlier.








option


COMPAT_25


The statfs(2), fstatfs(2), and fetfsstat(2) system calls changed after OpenBSD 2.5. If you are using binaries compiled on OpenBSD 2.5 or earlier, you need this.








option


COMPAT_43


This option supports a whole host of system calls from BSD 4.3, in the late 80s. If you have binaries built for BSD 4.3, you need this. These programs almost certainly have security holes.








option


COMPAT_SVR4


This option allows binary compatibility with i386 Solaris (or, if you're running on sparc, sparc Solaris). See compat_svr4(8).








option


COMPAT_IBCS2


This option supports Intel Binary Compatibility Standard 2 binaries, as found in SCO UNIX and SVR3.








option


COMPAT_LINUX


This supports binary compatibility with i386 Linux binaries.








option


COMPAT_FREEBSD


This supports binary compatibility with i386 FreeBSD binaries.









option


COMPAT_BSDOS


This option allows the system to run BSD/OS binaries. You must have COMPAT_43 in your kernel for this to work. See compat_bsdos(8).


Misc Options


These options are a scattered mix of things that don't fit elsewhere.








option


BOOT_CONFIG


This supports boot-time kernel configuration, as discussed in Chapter 11.








option


NTP


This adds kernel support for a userland daemon (i.e., ntpd) setting the time.








option


USER_LDT


This lets programs set the local descriptor table. It's only necessary if you're using the Wine win32 emulator.








option


XSERVER


This changes the console driver so that you can use the X windows system on the local display.








option


APERTURE


This supports VGA framebuffer mapping, so you can run X on the local display.








option


USER_PCICONF


This allows on X server to reconfigure PCI cards.








option


LKM


This supports loadable kernel modules. LKMs are not common in OpenBSD.

/ 298