1.\" $OpenBSD: options.4,v 1.81 2001/08/12 19:35:36 heko Exp $ 2.\" $NetBSD: options.4,v 1.21 1997/06/25 03:13:00 thorpej Exp $ 3.\" 4.\" Copyright (c) 1998 Theo de Raadt 5.\" Copyright (c) 1998 Todd Miller 6.\" Copyright (c) 1998 Gene Skonicki 7.\" Copyright (c) 1996 8.\" Perry E. Metzger. All rights reserved. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 3. All advertising materials mentioning features or use of this software 19.\" must display the following acknowledgment: 20.\" This product includes software developed for the NetBSD Project 21.\" by Perry E. Metzger. 22.\" 4. The name of the author may not be used to endorse or promote products 23.\" derived from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" 37.Dd August 17, 1997 38.Dt OPTIONS 4 39.Os 40.Sh NAME 41.Nm options 42.Nd miscellaneous kernel configuration options 43.Sh SYNOPSIS 44.Cd option ... 45.Sh DESCRIPTION 46This manual page describes a number of miscellaneous kernel 47configuration options that may be specified in a kernel config file. 48See 49.Xr config 8 50for information on how to configure and build kernels. 51.Em Note: 52options are passed to the compile process as 53.Fl D 54flags to the C compiler. 55.Ss Compatibility Options 56.Bl -ohang 57.It Cd option COMPAT_23 58Enables compatibility with 59.Ox 2.3 . 60This makes it possible to run binaries that use old versions of the 61.Xr msgctl 2 , 62.Xr shmctl 2 63and 64.Xr __semctl 65system calls which changed semantics in 66.Ox 2.4 . 67.It Cd option COMPAT_25 68Enables compatibility with 69.Ox 2.5 . 70This makes it possible to run binaries that use old versions of the 71.Xr statfs 2 , 72.Xr fstatfs 2 73and 74.Xr getfsstat 2 75system calls which were replaced in 76.Ox 2.6 77when 78.Li struct stat 79was expanded. 80.It Cd option COMPAT_SVR4 81On those architectures that support it, this enables binary 82compatibility with 83.At V.4 84binaries built for the same architecture. 85This currently includes the sparc and i386. 86Possibly the most widely known operating system 87based on this binary architecture is Sun's Solaris 2.x. 88See 89.Xr compat_svr4 8 . 90.It Cd option COMPAT_BSDOS 91On those architectures that support it, this enables binary 92compatibility with 93.Em BSD/OS 94applications. 95This option is supported on the i386 architecture. 96See 97.Xr compat_bsdos 8 . 98Requires 99.Cm option COMPAT_43 100also be used for proper operation. 101.It Cd option COMPAT_LINUX 102On those architectures that support it, this enables binary 103compatibility with 104.Em Linux 105ELF and a.out 106applications built for the same architecture. 107This option is supported on the i386 architecture. 108See 109.Xr compat_linux 8 . 110.It Cd option COMPAT_SUNOS 111On those architectures that support it, this enables binary 112compatibility with 113.Em SunOS 4.x 114applications built for the same architecture. 115This option is supported on the sparc and most m68k platforms. 116See 117.Xr compat_sunos 8 . 118.It Cd option COMPAT_ULTRIX 119On those architectures that support it, this enables binary 120compatibility with 121.Tn Ultrix 122applications built for the same architecture. 123This option is available on the little-endian MIPS platforms like the 124pmax and arc. 125See 126.Xr compat_ultrix 8 . 127.It Cd option COMPAT_FREEBSD 128On those architectures that support it, this enables binary 129compatibility with 130.Em FreeBSD 131applications built for the same architecture. 132This option is available on the i386 architecture. 133See 134.Xr compat_freebsd 8 . 135.It Cd option COMPAT_HPUX 136On those architectures that support it, this enables binary 137compatibility with 138.Em HP/UX 139applications built for the same architecture. 140This option is available on some m68k architectures. 141See 142.Xr compat_hpux 8 . 143.It Cd option COMPAT_IBCS2 144On those architectures that support it, this enables binary 145compatibility with 146.Em iBCS2 147applications built for the same architecture. 148This option is available on the i386 architecture. 149See 150.Xr compat_ibcs2 8 . 151.It Cd option COMPAT_NETBSD 152On those architectures that support it, this enables binary 153compatibility with 154.Em NetBSD 155applications built for the same architecture. 156See 157.Xr compat_freebsd 8 . 158.It Cd option COMPAT_OSF1 159On those architectures that support it, this enables binary 160compatibility with 161.Em Digital UNIX 162(formerly 163.Em OSF/1 ) 164applications built for the same architecture. 165This option is available on the alpha architecture. 166See 167.Xr compat_osf1 8 . 168.It Cd option COMPAT_NOMID 169Enables compatibility with a.out executables that lack a machine ID. 170On the i386, this includes 171.Nx 1720.8's ZMAGIC format, 386BSD and BSDI's 173QMAGIC, NMAGIC, and OMAGIC a.out formats. 174On the hp300 and other m68k architectures this permits certain old 175.Bx 4.3 176binaries to work, though its use is discouraged now. 177.It Cd option COMPAT_43 178Use of this option is discouraged. 179It enables compatibility with 180.Bx 4.3 . 181It adds an old syscall for 182.Fn lseek 183as well as ioctls for 184.Dv TIOCGETP 185and 186.Dv TIOCSETP . 187The return values for the 188.Xr getpid 2 , 189.Xr getgid 2 , 190and 191.Xr getuid 2 192system calls are modified as well, to return the parent's PID and UID as well 193as the current process's. 194It also enables the deprecated 195.Dv NTTYDISC 196terminal line discipline. 197It provides backwards compatibility with the 198.Dq old 199SIOC[GS]IF{ADDR,DSTADDR,BRDADDR,NETMASK} interface ioctls, including 200binary compatibility for code written before the introduction of the 201.Li sa_len 202field in sockaddrs. 203It also enables support for some older pre BSD 4.4 socket calls. 204.El 205.Ss Debugging Options 206.Bl -ohang 207.It Cd option DDB 208Compiles in a kernel debugger for diagnosing kernel problems. 209See 210.Xr ddb 4 211for details. 212.Em Note: 213not available on all architectures. 214.It Cd option DDB_SAFE_CONSOLE 215Allows a break into the kernel debugger during boot. 216Useful when debugging problems that can cause init(8) to fail. 217.It Cd option KGDB 218Compiles in a remote kernel debugger stub for diagnosing kernel problems 219using the 220.Dq remote target 221feature of gdb. 222See 223.Xr gdb 1 224for details. 225.Em Note: 226not available on all architectures. 227.It Cd makeoptions DEBUG="-g" 228The 229.Fl g 230flag causes 231.Pa bsd.gdb 232to be built in addition to 233.Pa bsd . 234.Pa bsd.gdb 235is useful for debugging kernel crash dumps with gdb. 236Note that 237.Xr gdb Ns 's 238.Fl k 239flag 240is obsolete and should not be used. 241Instead, the kernel can be debugged by starting 242.Xr gdb 243with the kernel name as an argument (no core file) and then use the 244.Xr gdb 245command 246.Dq target kcore COREFILE . 247.It Cd option DEBUG 248Turns on miscellaneous kernel debugging. 249Since options are turned into preprocessor defines (see above), 250.Cm option DEBUG 251is equivalent to doing a 252.Em #define DEBUG 253throughout the kernel. 254Much of the kernel has 255.Em #ifdef DEBUG 256conditional debugging code. 257Note that many parts of the kernel (typically device drivers) include their own 258.Em #ifdef XXX_DEBUG 259conditionals instead. 260This option also turns on certain other options, notably 261.Cm option KMEMSTATS , 262which may decrease system performance. 263.It Cd option DIAGNOSTIC 264Adds code to the kernel that does internal consistency checks. 265This code will cause the kernel to panic if corruption of internal data 266structures is detected. 267.It Cd option SMALL_KERNEL 268Removes some optimizations from the kernel to reduce the size of the 269resulting kernel binary. 270This option can decrease system performance. 271.It Cd option GPROF 272Adds code to the kernel for kernel profiling with 273.Xr kgmon 8 . 274.It Cd makeoptions PROF="-pg" 275The 276.Fl pg 277flag causes the kernel to be compiled with support for profiling. 278The 279.Cm option GPROF 280is required for the kernel compile to succeed. 281.It Cd option KTRACE 282Adds hooks for the system call tracing facility, which allows users to 283watch the system call invocation behavior of processes. 284See 285.Xr ktrace 1 286for details. 287.El 288.Ss File Systems 289.Bl -ohang 290.It Cd option FFS 291Includes code implementing the Berkeley Fast File System 292.Em ( FFS ) . 293Most machines need this if they are not running diskless. 294.It Cd option ADOSFS 295Includes code implementing the AmigaDOS Fast File System 296.Em ( ADOSFS ) . 297Note that the Professional and Smart File Systems are 298.Em not 299supported. See 300.Xr mount_ados 8 301for details. 302.It Cd option EXT2FS 303Includes code implementing the Second Extended File System 304.Em ( EXT2FS ) . 305This is the most commonly used file system on the Linux operating system, 306and is provided here for compatibility. 307Some specific features of 308.Em EXT2FS 309like the "behavior on errors" are not implemented. 310This file system 311can't be used with 312.Li uid_t 313or 314.Li gid_t 315values greater than 65535. 316Also, the filesystem will not function correctly on architectures with 317differing byte-orders. 318That is, a big-endian machine will not be able to read an 319ext2fs filesystem created on an i386 or other little-endian machine. 320See 321.Xr mount_ext2fs 8 322for details. 323.It Cd option MFS 324Include the memory file system 325.Em ( MFS ) . 326This file system stores files in swappable memory, and produces 327notable performance improvements when it is used as the file store 328for 329.Pa /tmp 330or similar mount points. 331See 332.Xr mount_mfs 8 333for details. 334.It Cd option NFSCLIENT 335Include the client side of the 336.Em NFS 337(Network File System) remote file sharing protocol. 338Although the bulk of the code implementing 339.Em NFS 340is kernel based, several user level daemons are needed for it to work. 341See 342.Xr mount_nfs 8 343for details on NFS. 344.It Cd option CD9660 345Includes code for the ISO 9660 + Rock Ridge file system, which is the 346standard file system used on many CD-ROMs. 347It also supports Joliet extensions. 348See 349.Xr mount_cd9660 8 350for details. 351.It Cd option MSDOSFS 352Includes support for the 353.Tn MS-DOS 354FAT file system. 355The kernel also implements the 356.Tn Windows 95 357extensions which permit the use of longer, mixed-case file names. 358See 359.Xr mount_msdos 8 360and 361.Xr fsck_msdos 8 362for details. 363.It Cd option FDESC 364Includes code for a file system which can be mounted on 365.Pa /dev/fd . 366This filesystem permits access to the per-process file descriptor 367space via special files in the file system. 368See 369.Xr mount_fdesc 8 370for details. 371Note that this facility is redundant, and thus unneeded on most 372.Ox 373systems, since the 374.Xr fd 4 375pseudodevice driver already provides identical functionality. 376On most systems, instances of 377.Xr fd 4 378are mknoded under 379.Pa /dev/fd/ 380and on 381.Pa /dev/stdin , 382.Pa /dev/stdout , 383and 384.Pa /dev/stderr . 385.It Cd option KERNFS 386Includes code which permits the mounting of a special file system 387(normally mounted on 388.Pa /kern ) 389in which files representing various kernel variables and parameters 390may be found. 391See 392.Xr mount_kernfs 8 393for details. 394.It Cd option NULLFS 395Includes code for a loopback file system. 396This permits portions of the file hierarchy to be re-mounted in other places. 397The code really exists to provide an example of a stackable file system layer. 398See 399.Xr mount_null 8 400for details. 401.It Cd option PORTAL 402Includes the (experimental) portal filesystem. 403This permits interesting tricks like opening TCP sockets by opening files in 404the file system. 405The portal file system is conventionally mounted on 406.Pa /p 407and is partially implemented by a special daemon. 408See 409.Xr mount_portal 8 410for details. 411.It Cd option PROCFS 412Includes code for a special file system (conventionally mounted on 413.Pa /proc ) 414in which the process space becomes visible in the file system. 415Among other things, the memory spaces of processes running on the system are 416visible as files, and signals may be sent to processes by writing to 417.Pa ctl 418files in the procfs namespace. 419See 420.Xr mount_procfs 8 421for details. 422.It Cd option UMAPFS 423Includes a loopback file system in which user and group IDs may be 424remapped -- this can be useful when mounting alien file systems with 425different uids and gids than the local system (eg, remote NFS). 426See 427.Xr mount_umap 8 428for details. 429.It Cd option UNION 430Includes code for the union file system, which permits directories to 431be mounted on top of each other in such a way that both file systems 432remain visible -- this permits tricks like allowing writing (and the 433deleting of files) on a read-only file system like a CD-ROM by 434mounting a local writable file system on top of the read-only file 435system. 436This filesystem is still experimental and is known to be somewhat unstable. 437See 438.Xr mount_union 8 439for details. 440.El 441.Ss File System Options 442.Bl -ohang 443.It Cd option FFS_SOFTUPDATES 444Enables a scheme that uses partial ordering of buffer cache operations 445to allow metadata updates in FFS to happen asynchronously, increasing write 446performance significantly. 447Normally, the FFS filesystem writes metadata updates synchronously which exacts 448a performance penalty in favor of filesystem integrity. 449With soft updates, you gain the performance of asynchronous writes while 450retaining the safety of synchronous metadata updates. 451.Pp 452Soft updates must be enabled on a per-filesystem basis. 453See 454.Xr mount 8 455for details. 456.Pp 457Processors with a small kernel address space, such as the sun4 and sun4c, do 458not have enough kernel memory to support soft updates. 459Attempts to use this option with these CPUs will cause a kernel hang or panic 460after a short period of use as the kernel will quickly run out of memory. 461This is not related to the amount of physical memory present in the machine -- 462it is a limitation of the CPU architecture itself. 463.It Cd option BUFCACHEPERCENT=integer 464Percentage of RAM to use as a file system buffer. 465It defaults to 5. 466.It Cd option NFSSERVER 467Include the server side of the 468.Em NFS 469(Network File System) remote file sharing protocol. 470Although the bulk of the code implementing 471.Em NFS 472is kernel based, several user level daemons are needed for it to 473work. 474See 475.Xr mountd 8 476and 477.Xr nfsd 8 478for details. 479.It Cd option QUOTA 480Enables kernel support for file system quotas. 481See 482.Xr quotaon 8 , 483.Xr edquota 8 , 484.Xr repquota 8 , 485and 486.Xr quota 1 487for details. 488Note that quotas only work on 489.Dq ffs 490file systems, although 491.Xr rpc.rquotad 8 492permits them to be accessed over 493.Em NFS . 494.It Cd option FIFO 495Adds support for 496.At V 497style FIFOs (i.e., 498.Dq named pipes ) . 499This option is recommended in almost all cases as many programs use these. 500.It Cd option EXT2FS_SYSTEM_FLAGS 501This option changes the behavior of the APPEND and IMMUTABLE flags 502for a file on an 503.Em EXT2FS 504filesystem. 505Without this option, the superuser or owner of the file can set and clear them. 506With this option, only the superuser can set them, and they can't be cleared 507if the securelevel is greater than 0. 508See also 509.Xr chflags 1 . 510.El 511.Ss Miscellaneous Options 512.Bl -ohang 513.It Cd option PCIVERBOSE 514Makes the boot process more verbose for PCI peripherals 515(vendor names and other information is printed, etc.). 516.It Cd option EISAVERBOSE 517Makes the boot process more verbose for EISA peripherals. 518.It Cd option PCMCIAVERBOSE 519Makes the boot process more verbose for PCMCIA peripherals. 520.It Cd option MACOBIOVERBOSE 521Makes the boot process more verbose for Mac OBIO peripherals. 522.It Cd option APERTURE 523Provide in-kernel support for VGA framebuffer mapping by user-processes 524(such as an X windows server). 525This option is supported in the i386 architecture. 526.It Cd option XSERVER 527Support for X windows in the console driver. 528.It Cd option LKM 529Enables support for loadable kernel modules. 530See 531.Xr lkm 4 532for details. 533.Em Note: 534This option is not yet available on all architectures. 535.It Cd option CRYPTO 536Enables support for the kernel cryptographic framework. 537See 538.Xr crypto 9 539for details. 540While not IP specific, this option is usually used in conjunction with option 541.Em IPSEC . 542.It Cd option INSECURE 543Hardwires the kernel security level at \-1. 544This means that the system always runs in securelevel 0 mode, even when 545running multiuser. 546See 547.Xr init 8 548for details on the implications of this. 549The kernel secure level may be manipulated by the superuser by altering the 550.Em kern.securelevel 551sysctl variable. 552(It should be noted that the securelevel may only be lowered by a call from 553process ID 1, i.e., 554.Xr init 8 . ) 555See also 556.Xr sysctl 8 557and 558.Xr sysctl 3 . 559.It Cd option CCDNBUF=integer 560The 561.Xr ccd 4 562device driver uses 563.Dq component buffers 564to distribute I/O requests to the components of a concatenated disk. 565It keeps a freelist of buffer 566headers in order to reduce use of the kernel memory allocator. 567.Em CCDNBUF 568is the number of buffer headers allocated on the freelist for 569each component buffer. 570It defaults to 8. 571.It Cd option KMEMSTATS 572The kernel memory allocator, 573.Xr malloc 9 , 574will keep statistics on its performance if this option is enabled. 575Unfortunately, this option therefore essentially disables 576.Fn MALLOC 577and 578.Fn FREE 579forms of the memory allocator, which are used to enhance the 580performance of certain critical sections of code in the kernel. 581This option therefore can lead to a significant decrease in the performance 582of certain code in the kernel if enabled. 583Examples of such code include the 584.Fn namei 585routine, the 586.Xr ccd 4 587driver, 588the 589.Xr ncr 4 590driver, and much of the networking code. 591Note that this option is silently turned on by the 592.Em DEBUG 593option. 594.It Cd option BOOT_CONFIG 595Adds support for the 596.Fl c 597boot option (User Kernel Config). 598Allows modification of kernel settings (i.e., device parameters) before 599booting the system. 600.It Cd option UVM_SWAP_ENCRYPT 601Enables kernel support for encrypting pages that are written out to 602swap storage. 603Swap encryption prevents sensitive data from remaining 604on the disk even after the operating system has been shut down. 605This option should be turned on if cryptographic filesystems are used. 606The sysctl variable 607.Em vm.swapencrypt.enable 608controls its behaviour. 609See 610.Xr sysctl 8 611and 612.Xr sysctl 3 613for details. 614.It Cd option USER_PCICONF 615Enables the user level acces to the PCI bus configuration space 616through ioctls on the 617.Pa /dev/pci 618device. 619It's used by the 620.Xr XFree86 1 621server on some architectures. 622See 623.Xr pci 4 624for details. 625.El 626.Ss Networking Options 627.Bl -ohang 628.It Cd option GATEWAY 629Enables 630.Em IPFORWARDING 631and (on most ports) increases the size of 632.Em NMBCLUSTERS . 633In general, 634.Em GATEWAY 635is used to indicate that a system should act as a router, and 636.Em IPFORWARDING 637is not invoked directly. 638(Note that 639.Em GATEWAY 640has no impact on protocols other than IP, such as CLNP or XNS.) 641.It Cd option IPFORWARDING 642Enables IP routing behavior. 643With this option enabled, the machine 644will forward IP datagrams between its interfaces that are destined for 645other machines. 646Note that even without this option, the kernel will 647still forward some packets (such as source routed packets) -- removing 648.Em GATEWAY 649and 650.Em IPFORWARDING 651is insufficient to stop all routing through a bastion host on a 652firewall -- source routing is controlled independently. 653Note that IP 654forwarding may be turned on and off independently of the setting of the 655.Em IPFORWARDING 656option through the use of the 657.Em net.inet.ip.forwarding 658sysctl variable. 659If 660.Em net.inet.ip.forwarding 661is 1, IP forwarding is on. 662See 663.Xr sysctl 8 664and 665.Xr sysctl 3 666for details. 667.It Cd option MROUTING 668Includes support for IP multicast routers. 669.Em INET 670should be set along with this. 671Multicast routing is controlled by the 672.Xr mrouted 8 673daemon. 674.It Cd option INET 675Includes support for the TCP/IP protocol stack. 676This option is currently required. 677See 678.Xr inet 4 679for details. 680.It Cd options INET6 681Includes support for the 682.Tn IPv6 683protocol stack. 684See 685.Xr inet6 4 686for details. 687Unlike 688.Em INET , 689.Em INET6 690enables multicast routing code as well. 691This option requires 692.Em INET 693at this moment, but it should not. 694.It Cd options ND6_DEBUG 695The option sets the default value of net.inet6.icmp6.nd6_debug to 1, 696for debugging IPv6 neighbor discovery protocol handling. 697See 698.Xr sysctl 3 699for details. 700.It Cd option NS 701Include support for the Xerox XNS protocol stack. 702See 703.Xr ns 4 704for details. 705.It Cd option ISO,TPIP 706Include support for the ubiquitous OSI protocol stack. 707See 708.Xr iso 4 709for details. 710.It Cd option EON 711Include support for OSI tunneling over IP. 712.It Cd option CCITT,LLC,HDLC 713Include support for the X.25 protocol stack. 714The state of this code is currently unknown. 715It probably contains bugs. 716.It Cd option IPX, IPXIP 717Include support for Internetwork Packet Exchange protocol commonly in 718use by 719.Tn Novell NetWare . 720.It Cd option NETATALK 721Include kernel support for the AppleTalk family of protocols. 722This suite of supporting code is sometimes called 723.Em netatalk 724support. 725.It Cd option TCP_COMPAT_42 726Use of this option is 727.Em extremely 728discouraged, so it should not be enabled. 729If any other machines on the network require enabling this, it's 730recommended that 731.Em they 732be disconnected from the network. 733.Pp 734TCP bug compatibility with 735.Bx 4.2 . 736In 737.Bx 4.2 , 738TCP sequence numbers 739were 32-bit signed values. 740Modern implementations of TCP use unsigned values. 741This option clamps the initial sequence number to start in 742the range 2^31 rather than the full unsigned range of 2^32. 743Also, under 744.Bx 4.2 , 745keepalive packets must contain at least one byte or else 746the remote end will not respond. 747.It Cd option TCP_SACK 748Turns on selective acknowledgements. 749Additional information about 750segments already received can be transmitted back to the sender, 751thus indicating segments that have been lost and allowing for 752a swifter recovery. 753Both communication endpoints need to support 754.Em SACK . 755The fallback behaviour is NewReno fast recovery phase, which allows 756one lost segment to be recovered per round trip time. 757When more then one segment has been dropped per window, the transmission can 758continue without waiting for a retransmission timeout. 759.It Cd option TCP_FACK 760Turns on forward acknowledgements allowing a more precise estimate of 761outstanding data during the fast recovery phase by using 762.Em SACK 763information. 764This option can only be used together with 765.Em TCP_SACK . 766.It Cd option TCP_SIGNATURE 767Turns on support for the TCP MD5 Signature option (RFC 2385). 768This is used by 769Internet backbone routers to provide per-packet authentication for the TCP 770packets used to communicate BGP routing information. 771You will also need a 772routing daemon that supports this option in order to actually use it. 773.It Cd option PPP_FILTER 774This option turns on 775.Xr pcap 3 776based filtering for ppp connections. 777This option is used by 778.Xr pppd 8 779which needs to be compiled with 780.Em PPP_FILTER 781defined (the current default). 782.It Cd option PPP_BSDCOMP 783Enables BSD compressor for PPP connections. 784.It Cd option PPP_DEFLATE 785For use in conjunction with PPP_BSDCOMP; provides an interface to zlib for PPP 786for deflate compression/decompression. 787.It Cd option IPSEC 788This option enables IP security protocol support. 789See 790.Xr ipsec 4 791for more details. 792.It Cd option ENCDEBUG 793This option enables debugging information to be conditionally logged 794in case IPSEC encounters errors. 795The option 796.Em IPSEC 797is required along with this option. 798Debug logging can be turned on/off through the use of the 799.Em net.inet.ip.encdebug 800sysctl variable. 801If 802.Em net.ipsec.encap.encdebug 803is 1, debug logging is on. 804See 805.Xr sysctl 8 806and 807.Xr sysctl 3 808for details. 809.It Cd option KEY 810Enables PFKEYv2 (RFC 2367) support. 811While not IP specific, this option is usually used in conjunction with option 812.Em IPSEC . 813.It Cd option ALTQ 814Enables ALTQ (Alternate Queueing). For simple rate-limiting, use 815.Xr tbrconfig 8 816to set up the interface transmission rate. To use queueing disciplines, 817their options should also be defined. Queueing disciplines are 818managed by 819.Xr altqd 8 . 820See 821.Xr altq 9 822for details on ALTQ. 823.It Cd option ALTQ_CBQ 824Enables ALTQ's CBQ (Class-based Queueing) module. CBQ achieves both 825partitioning and sharing of link bandwidth by hierarchically 826structured classes. Each class has its own queue and is assigned its 827share of bandwidth. A child class can borrow bandwidth from its 828parent class as long as excess bandwidth is available. 829.It Cd option ALTQ_HFSC 830Enables ALTQ's HFSC (Hierarchical Fair Service Curve) module. 831HFSC supports both link-sharing and guaranteed real-time services. 832H-FSC employs a service curve based QoS model, and its unique feature 833is an ability to decouple delay and bandwidth allocation. 834.It Cd option ALTQ_PRIQ 835Enables ALTQ's PRIQ (Priority Queueing) module. 836PRIQ implements a simple priority-based queueing. A higher priority 837class is always served first. 838.It Cd option ALTQ_WFQ 839Enables ALTQ's WFQ (Weighted Fair Queueing) module. 840WFQ implements a weighted-round robin scheduler for a set of queues. 841A weight can be assigned to each queue to give a different proportion 842of the link capacity. A hash function is used to map a flow to one of 843a set of queues. 844.It Cd option ALTQ_FIFOQ 845Enables ALTQ's FIFO queue module. 846FIFOQ is a simple drop-tail FIFO queue. 847.It Cd option ALTQ_RED 848Enables ALTQ's RED (Random Early Detection) module. 849RED is an implicit congestion notification mechanism that exercises 850packet dropping or packet marking stochastically according to the 851average queue length. RED can be viewed as an active buffer 852management mechanism and can be integrated into other queueing 853disciplines. 854.It Cd option ALTQ_RIO 855Enables ALTQ's RIO (RED with In/Oout) module. 856The original RIO has 2 sets of RED parameters; one for in-profile 857packets and the other for out-of-profile packets. At the ingress of 858the network, profile meters tag packets as IN or OUT based on 859contracted profiles for customers. Inside the network, IN packets 860receive preferential treatment by the RIO dropper. 861ALTQ/RIO has 3 drop precedence levels defined for the Assured Forwarding 862PHB of DiffServ (RFC2597). 863.It Cd option ALTQ_BLUE 864Enables ALTQ's Blue module. 865Blue is another active buffer management mechanism. 866.It Cd option ALTQ_FLOWVALVE 867Enables ALTQ's Flowvalve module. Flowvalve is a simple implementation 868of a RED penalty box that identifies and punishes misbehaving flows. 869.It Cd option ALTQ_CDNR 870Enables ALTQ's CDNR (diffserfv traffic conditioner) module. 871Traffic conditioners are components to meter, mark, or drop incoming 872packets according to some rules. As opposed to queueing disciplines, 873traffic conditioners handle incoming packets at an input interface. 874.It Cd option ALTQ_NOPCC 875Disables use of processor cycle counter (e.g., Pentium TSC on i386 and 876PCC on alpha) to measure time in ALTQ. This option should be defined 877for a non-Pentium i386 CPU which does not have TSC, SMP (per-CPU 878counters are not in sync), or power management which affects processor 879cycle counter. 880.El 881.Ss SCSI Subsystem Options 882.Bl -ohang 883.It Cd option SCSITERSE 884Terser SCSI error messages. 885This omits the table for decoding ASC/ASCQ info, saving about 8 bytes or so. 886.It Cd option SCSIDEBUG 887Prints extra debugging info for the SCSI subsystem to the console. 888.El 889.Ss System V IPC Options 890.Bl -ohang 891.It Cd option SYSVMSG 892Includes support for 893.At V 894style message queues. 895See 896.Xr msgctl 2 , 897.Xr msgget 2 , 898.Xr msgrcv 2 , 899.Xr msgsnd 2 . 900.It Cd option SYSVSEM 901Includes support for 902.At V 903style semaphores. 904See 905.Xr semctl 2 , 906.Xr semget 2 , 907.Xr semop 2 . 908.It Cd option SYSVSHM 909Includes support for 910.At V 911style shared memory. 912See 913.Xr shmat 2 , 914.Xr shmctl 2 , 915.Xr shmdt 2 , 916.Xr shmget 2 . 917.It Cd option SHMMAXPGS=value 918Sets the maximum number of 919.At V 920style shared memory pages that are available through the 921.Xr shmget 2 922system call. 923Default value is 1024 on most ports. 924See 925.Pa /usr/include/machine/vmparam.h 926for the default. 927.It Cd option SEMMNI=value 928Number of semaphore identifiers (also called semaphore handles 929and semaphore sets) available in the system. Default value is 10. 930The kernel allocates memory for the control structures at startup, 931so you should avoid arbitrarily large values. 932.It Cd option SEMMNS=value 933Maximum number of semaphores in all sets in the system. Default 934value is 60. 935.It Cd option SEMMNU=value 936Maximum number of semaphore undo structures in the system. 937Default value is 30. 938.It Cd option SEMUME=value 939Maximum number of per-process undo operation entries in the 940system. Semaphore undo operations are invoked by the kernel 941when 942.Xr semop 2 943is called with the SEM_UNDO flag and the process holding 944the semaphores terminates unexpectedly. Default value is 10. 945.El 946.Ss Operation Related Options 947.Bl -ohang 948.It Cd option NMBCLUSTERS=value 949Size of kernel mbuf cluster map, 950.Em mb_map , 951in CLBYTES-sized logical pages. 952Default on most ports is 256 (512 with 953.Dq option GATEWAY ) . 954See 955.Pa /usr/include/machine/param.h 956for exact default information. 957Increase this value if 958.Dq mclpool limit reached 959messages appear. 960.It Cd option NKMEMCLUSTERS=value 961Size of kernel malloc area in CLBYTES-sized logical pages. 962This area is covered by the kernel submap 963.Em kmem_map . 964See 965.Pa /usr/include/machine/param.h 966for the default value, which is port specific. 967Increase this value if 968.Dq out of space in kmem_map 969panics happen. 970.\" , which mean the system has run out of malloc-able kernel memory. 971.It Cd option NBUF=value 972.It Cd option BUFPAGES=value 973These options set the number of pages available for the buffer cache. 974Their default value is a machine dependent value, often calculated as 975between 5% and 10% of total available RAM. 976.It Cd option NTP 977Modify the scheduler code to add hooks necessary for running an NTP 978daemon. 979.Xr xntpd 8 980is available as part of the port collection. 981.It Cd option APM_NOPRINT 982This option is supported on the i386 architecture. 983When enabled kernel messages regarding the status of the automatic power 984management system 985.Tn ( APM ) 986are suppressed. 987.Tn APM 988status can still be obtained using 989.Xr apm 8 990and/or 991.Xr apmd 8 . 992.El 993.\" The following requests should be uncommented and used where appropriate. 994.\" .Sh FILES 995.\" .Sh EXAMPLES 996.Sh SEE ALSO 997.Xr X 1 , 998.Xr gdb 1 , 999.Xr ktrace 1 , 1000.Xr quota 1 , 1001.Xr gettimeofday 2 , 1002.Xr i386_iopl 2 , 1003.Xr msgctl 2 , 1004.Xr msgget 2 , 1005.Xr msgrcv 2 , 1006.Xr msgsnd 2 , 1007.Xr semctl 2 , 1008.Xr semget 2 , 1009.Xr semop 2 , 1010.Xr shmat 2 , 1011.Xr shmctl 2 , 1012.Xr shmdt 2 , 1013.Xr shmget 2 , 1014.Xr sysctl 3 , 1015.Xr ddb 4 , 1016.Xr inet 4 , 1017.Xr ipsec 4 , 1018.Xr iso 4 , 1019.Xr lkm 4 , 1020.Xr ns 4 , 1021.Xr pci 4 , 1022.Xr xf86 4 , 1023.Xr apm 8 , 1024.Xr apmd 8 , 1025.Xr config 8 , 1026.Xr edquota 8 , 1027.Xr init 8 , 1028.Xr mount_cd9660 8 , 1029.Xr mount_fdesc 8 , 1030.Xr mount_kernfs 8 , 1031.Xr mount_mfs 8 , 1032.Xr mount_msdos 8 , 1033.Xr mount_nfs 8 , 1034.Xr mount_null 8 , 1035.Xr mount_portal 8 , 1036.Xr mount_procfs 8 , 1037.Xr mount_umap 8 , 1038.Xr mount_union 8 , 1039.Xr mrouted 8 , 1040.Xr quotaon 8 , 1041.Xr rpc.rquotad 8 , 1042.Xr sysctl 8 , 1043.Xr xntpd 8 , 1044.Xr altq 9 1045.Sh HISTORY 1046The 1047.Nm 1048man page first appeared in 1049.Ox 2.3 . 1050.Sh BUGS 1051The 1052.Em INET 1053option should not be required. 1054