options(4)
- NetBSD Manual Pages
OPTIONS(4) NetBSD Kernel Interfaces Manual OPTIONS(4)
NAME
options -- Miscellaneous kernel configuration options
SYNOPSIS
cinclude ...
config ...
[no] file-system ...
ident ...
include ...
[no] makeoptions ...
maxusers ...
[no] options ...
[no] pseudo-device ...
DESCRIPTION
This manual page describes a number of miscellaneous kernel configuration
options that may be specified in a kernel config file. See config(1) and
config(5) for information on how to configure and build kernels.
The no form removes a previously specified option.
Keywords
The following keywords are recognized in a kernel configuration file:
cinclude "filename"
Conditionally includes another kernel configuration file whose name is
filename, which may be double-quoted and may be an explicit path or rela-
tive to the kernel source directory. Failure to open the named file is
ignored.
config exec_name root on rootdev [type fstype] [dumps on dumpdev]
Defines a configuration whose kernel executable is named exec_name, nor-
mally ``netbsd'', with its root file system of type fstype on the device
rootdev, and optionally specifying the location of kernel core dumps on
the device dumpdev. dev or dumpdev and fstype may be specified as ``?'',
which is a wild card. The root fstype and dumpdev are optional and
assumed to be wild carded if they are not specified.
device_instance at attachment [locators value [...]] [flags value]
Define an instance of the device driver device_instance that attaches to
the bus or device named attachment. An attachment may require additional
information on where the device can be found, such as an address, chan-
nel, function, offset, and/or slot, referred to as locators, whose value
often may be a wild card, ``?''. Some device drivers have one or more
flags that can be adjusted to affect the way they operate.
file-system fs_name [, fs_name [...]]
Include support for the file-system fs_name.
ident "string"
Sets the kernel identification string to string.
include "filename"
Functions the same as cinclude, except failure to open filename produces
a fatal error.
options option_name [, option_name=value [...]]
Specifies (or sets) the option, or comma-separated list of options,
option_name. Some options expect to be assigned a value, which may be an
integer, a double-quoted word, a bare word, or an empty string ("").
Note that those are eventually handled by the C compiler, so the rules of
that language apply.
Note: Options that are not defined by device definition files are passed
to the compile process as -D flags to the C compiler.
makeoptions name=value
Defines a make(1) macro name with the value value in the kernel Makefile.
maxusers integer
Set the maxusers variable in the kernel.
no keyword name [arguments [...]]
For the config(1) keywords file-system, makeoptions, options, and pseudo-
device, no removes the file-system, makeoption, options, or pseudo-
device, name. This is useful when a kernel configuration file includes
another which has undesired options.
For example, a local configuration file that wanted the kitchen sink, but
not COMPAT_09 or bridging, might be:
include "arch/i386/conf/GENERIC"
no options COMPAT_09
no pseudo-device bridge
pseudo-device name [N]
Includes support for the pseudo-device name. Some pseudo-devices can
have multiple or N instances.
Compatibility Options
options COMPAT_09
Enable binary compatibility with NetBSD 0.9. This enables support for
16-bit user, group, and process IDs (following revisions support 32-bit
identifiers). It also allows the use of the deprecated getdomainname(3),
setdomainname(3), and uname(3) syscalls. This option also allows using
numeric file system identifiers rather than strings. Post NetBSD 0.9
versions use string identifiers.
options COMPAT_10
Enable binary compatibility with NetBSD 1.0. This option allows the use
of the file system name of ``ufs'' as an alias for ``ffs''. The name
``ffs'' should be used post 1.0 in /etc/fstab and other files. It also
adds old syscalls for the AT&T System V UNIX shared memory interface.
This was changed post 1.0 to work on 64-bit architectures. This option
also enables ``sgtty'' compatibility, without which programs using the
old interface produce an ``inappropriate ioctl'' error, and /dev/io only
works when this option is set in the kernel, see io(4) on ports that sup-
port it.
options COMPAT_11
Enable binary compatibility with NetBSD 1.1. This allows binaries run-
ning on the i386 port to gain direct access to the io ports by opening
/dev/io read/write. This functionality was replaced by i386_iopl(2) post
1.1. On the Atari port, the location of the disk label was moved after
1.1. When the COMPAT_11 option is set, the kernel will read (pre) 1.1
style disk labels as a last resort. When a disk label is re-written, the
old style label will be replaced with a post 1.1 style label. This also
enables the EXEC_ELF_NOTELESS option.
options COMPAT_12
Enable binary compatibility with NetBSD 1.2. This allows the use of old
syscalls for reboot() and swapon(). The syscall numbers were changed
post 1.2 to add functionality to the reboot(2) syscall, and the new
swapctl(2) interface was introduced. This also enables the
EXEC_ELF_NOTELESS option.
options COMPAT_13
Enable binary compatibility with NetBSD 1.3. This allows the use of old
syscalls for sigaltstack(), and also enables the old swapctl(2) command
SWAP_STATS (now called SWAP_OSTATS), which does not include the se_path
member of struct swapent.
options COMPAT_14
Enable binary compatibility with NetBSD 1.4. This allows some old
ioctl(2) on wscons(4) to be performed, and allows the NFSSVC_BIOD mode of
the nfssvc(2) system call to be used for compatibility with the depre-
cated nfsiod program.
options COMPAT_15
Enable binary compatibility with NetBSD 1.5. Since there were no API
changes from NetBSD 1.5 and NetBSD 1.6, this option does nothing.
options COMPAT_16
Enable binary compatibility with NetBSD 1.6. This allows the use of old
signal trampoline code which has been deprecated with the addition of
siginfo(2).
options COMPAT_20
Enable binary compatibility with NetBSD 2.0. This allows the use of old
syscalls for statfs(), fstatfs(), getfsstat() and fhstatfs(), which have
been deprecated with the addition of the statvfs(2), fstatvfs(2),
getvfsstat(2) and fhstatvfs(2) system calls.
options COMPAT_30
Enable binary compatibility with NetBSD 3.0. See compat_30(8) for
details about the changes made after the NetBSD 3.0 release.
options COMPAT_40
Enable binary compatibility with NetBSD 4.0.
options COMPAT_43
Enables compatibility with 4.3BSD. This adds an old syscall for
lseek(2). It also adds the ioctls for TIOCGETP and TIOCSETP. The return
values for getpid(2), getgid(2), and getuid(2) syscalls are modified as
well, to return the parent's PID and UID as well as the current
process's. It also enables the deprecated NTTYDISC terminal line disci-
pline. It also provides backwards compatibility with ``old''
SIOC[GS]IF{ADDR,DSTADDR,BRDADDR,NETMASK} interface ioctls, including
binary compatibility with code written before the introduction of the
sa_len field in sockaddrs. It also enables support for some older pre
4.4BSD socket calls.
options COMPAT_50
Enable binary compatibility with NetBSD 5.0.
options COMPAT_60
Enable binary compatibility with NetBSD 6.0.
options COMPAT_70
Enable binary compatibility with NetBSD 7.0.
options COMPAT_BSDPTY
This option is currently on by default and enables the pty multiplexer
ptm(4) and ptmx(4) to find and use ptys named /dev/ptyXX (master) and
/dev/ttyXX (slave). Eventually this option will become optional as ptyfs
based pseudo-ttys become the default, see mount_ptyfs(8).
options COMPAT_SVR4
On those architectures that support it, this enables binary compatibility
with AT&T System V.4 UNIX applications built for the same architecture.
This currently includes the i386, m68k, and sparc ports.
options COMPAT_LINUX
On those architectures that support it, this enables binary compatibility
with Linux ELF and a.out(5) applications built for the same architecture.
This currently includes the alpha, arm, i386, m68k, mips, powerpc and
x86_64 ports.
options COMPAT_LINUX32
On those 64 bit architectures that support it, this enables binary com-
patibility with 32 bit Linux binaries. For now this is limited to run-
ning i386 ELF Linux binaries on amd64.
options COMPAT_SUNOS
On those architectures that support it, this enables binary compatibility
with SunOS 4.1 applications built for the same architecture. This cur-
rently includes the sparc, sparc64 and most or all m68k ports. Note that
the sparc64 requires the COMPAT_NETBSD32 option for 64-bit kernels, in
addition to this option.
options COMPAT_ULTRIX
On those architectures that support it, this enables binary compatibility
with ULTRIX applications built for the same architecture. This currently
is limited to the pmax. The functionality of this option is unknown.
options COMPAT_FREEBSD
On those architectures that support it, this enables binary compatibility
with FreeBSD applications built for the same architecture. At the moment
this is limited to the i386 port.
options COMPAT_IBCS2
On those architectures that support it, this enables binary compatibility
with iBCS2 or SVR3 applications built for the same architecture. This is
currently limited to the i386 and vax ports.
options COMPAT_OSF1
On those architectures that support it, this enables binary compatibility
with Digital UNIX (formerly OSF/1) applications built for the same archi-
tecture. This is currently limited to the alpha port.
options COMPAT_NOMID
Enable compatibility with a.out(5) executables that lack a machine ID.
This includes NetBSD 0.8's ZMAGIC format, and 386BSD and BSDI's QMAGIC,
NMAGIC, and OMAGIC a.out(5) formats.
options COMPAT_NETBSD32
On those architectures that support it, this enables binary compatibility
with 32-bit applications built for the same architecture. This is cur-
rently limited to the amd64 and sparc64 ports, and only applicable for
64-bit kernels.
options COMPAT_SVR4_32
On those architectures that support it, this enables binary compatibility
with 32-bit SVR4 applications built for the same architecture. This is
currently limited to the sparc64 port, and only applicable for 64-bit
kernels.
options COMPAT_AOUT_M68K
On m68k architectures which have switched to ELF, this enables binary
compatibility with NetBSD/m68k a.out(5) executables on NetBSD/m68k ELF
kernels. This handles alignment incompatibility of m68k ABI between
a.out and ELF which causes the structure padding differences. Currently
only some system calls which use struct stat are adjusted and some bina-
ries which use sysctl(3) to retrieve network details would not work prop-
erly.
options EMUL_NATIVEROOT=string
Just like emulated binaries first try looking up files in an emulation
root (e.g. /emul/linux) before looking them up in real root, this option
causes native binaries to first look up files in an "emulation" directory
too. This can be useful to test an amd64 kernel on top of an i386 system
before full migration: by unpacking the amd64 distribution in e.g.
/emul/netbsd64 and specifying that location as EMUL_NATIVEROOT, native
amd64 binaries can be run while the root file system remains populated
with i386 binaries. Beware of /dev incompatibilities between i386 and
amd64 if you do this.
options EXEC_ELF_NOTELESS
Run unidentified ELF binaries as NetBSD binaries. This might be needed
for very old NetBSD ELF binaries on some archs. These old binaries
didn't contain an appropriate .note.netbsd.ident section, and thus can't
be identified by the kernel as NetBSD binaries otherwise. Beware - if
this option is on, the kernel would run any unknown ELF binaries as if
they were NetBSD binaries.
Debugging Options
options DDB
Compiles in a kernel debugger for diagnosing kernel problems. See ddb(4)
for details. NOTE: not available on all architectures.
options DDB_FROMCONSOLE=integer
If set to non-zero, DDB may be entered by sending a break on a serial
console or by a special key sequence on a graphics console. A value of
"0" ignores console breaks or key sequences. If not explicitly speci-
fied, the default value is "1". Note that this sets the value of the
ddb.fromconsole sysctl(3) variable which may be changed at run time --
see sysctl(8) for details.
options DDB_HISTORY_SIZE=integer
If this is non-zero, enable history editing in the kernel debugger and
set the size of the history to this value.
options DDB_ONPANIC
The default if not specified is ``1'' - just enter into DDB. If set to
``2'' the kernel will attempt to print out a stack trace before entering
into DDB. If set to ``0'' the kernel will attempt to print out a stack
trace and reboot the system. If set to ``-1'' then neither a stack trace
is printed or DDB entered - it is as if DDB were not compiled into the
kernel. Note that this sets the value of the ddb.onpanic sysctl(3) vari-
able which may be changed at run time -- see sysctl(8) for details.
options DDB_COMMANDONENTER=string
This option specify commands which will be executed on each entry to DDB.
This sets the default value of the ddb.commandonenter sysctl(3) variable
which may be changed at run time.
options DDB_BREAK_CHAR=integer
This option overrides using break to enter the kernel debugger on the
serial console. The value given is the ASCII value to be used instead.
This is currently only supported by the com driver.
options DDB_VERBOSE_HELP
This option adds more verbose descriptions to the help command.
options KGDB
Compiles in a remote kernel debugger stub for diagnosing kernel problems
using the ``remote target'' feature of gdb. See gdb(1) for details.
NOTE: not available on all architectures.
options KGDB_DEV
Device number (as a dev_t) of kgdb device.
options KGDB_DEVADDR
Memory address of kgdb device.
options KGDB_DEVMODE
Permissions of kgdb device.
options KGDB_DEVNAME
Device name of kgdb device.
options KGDB_DEVRATE
Baud rate of kgdb device.
makeoptions DEBUG="-g"
The -g flag causes netbsd.gdb to be built in addition to netbsd.
netbsd.gdb is useful for debugging kernel crash dumps with gdb. See
gdb(1) for details. This also turns on options DEBUG (which see).
options DEBUG
Turns on miscellaneous kernel debugging. Since options are turned into
preprocessor defines (see above), options DEBUG is equivalent to doing a
#define DEBUG throughout the kernel. Much of the kernel has #ifdef DEBUG
conditionalized debugging code. Note that many parts of the kernel (typ-
ically device drivers) include their own #ifdef XXX_DEBUG conditionals
instead. This option also turns on certain other options, which may
decrease system performance. Systems with this option are not suitable
for regular use, and are intended only for debugging or looking for bugs.
options DIAGNOSTIC
Adds code to the kernel that does internal consistency checks. This code
will cause the kernel to panic if corruption of internal data structures
is detected. Historically, the performance degradation is sufficiently
small that it is reasonable for systems with options DIAGNOSTIC to be in
production use, with the real consideration not being performance but
instead a preference for more panics versus continued operation with
undetected problems.
options LOCKDEBUG
Adds code to the kernel to detect incorrect use of locking primitives
(mutex, rwlock). This code will cause the kernel to check for dead lock
conditions. It will also check for memory being freed to not contain
initialised lock primitives. Functions for use in ddb(4) to check lock
chains etc. are also enabled. These checks are very expensive and can
decrease performance on multi-processor machines by a factor of three.
options KDTRACE_HOOKS
Adds hooks for the DTrace tracing facility, which allows users to analyze
many aspects of system and application behavior. See dtrace(1) for
details.
options KSTACK_CHECK_MAGIC
Check kernel stack usage and panic if stack overflow is detected. This
check is performance sensitive because it scans stack on each context
switch.
options KTRACE
Add hooks for the system call tracing facility, which allows users to
watch the system call invocation behavior of processes. See ktrace(1)
for details.
options MSGBUFSIZE=integer
This option sets the size of the kernel message buffer. This buffer
holds the kernel output of printf() when not (yet) read by syslogd(8).
This is particularly useful when the system has crashed and you wish to
lookup the kernel output from just before the crash. Also, since the
autoconfig output becomes more and more verbose, it sometimes happens
that the message buffer overflows before syslogd(8) was able to read it.
Note that not all systems are capable of obtaining a variable sized mes-
sage buffer. There are also some systems on which memory contents are
not preserved across reboots.
options KERNHIST
Enables the kernel history logs, which create in-memory traces of various
kernel activities. These logs can be displayed by using show kernhist
from DDB. See the kernel source file sys/kern/kern_history.c and the
kernhist(9) manual for details.
options KERNHIST_PRINT
Prints the kernel history logs on the system console as entries are
added. Note that the output is extremely voluminous, so this option is
really only useful for debugging the very earliest parts of kernel ini-
tialization.
options UVMHIST
Like KERNHIST, it enables the UVM history logs. These logs can be dis-
played by using show kernhist from DDB. See the kernel source file
sys/uvm/uvm_stat.c for details.
options UVMHIST_PRINT
Like UVMHIST, it prints the UVM history logs on the system console as
entries are added. Note that the output is extremely voluminous, so this
option is really only useful for debugging the very earliest parts of
kernel initialization.
options UVMHIST_MAPHIST_SIZE
Set the size of the ``maphist'' kernel history. The default is 100.
This option depends upon the UVMHIST option.
options UVMHIST_PDHIST_SIZE
Set the size of the ``pdhist'' kernel history. The default is 100. This
option depends upon the UVMHIST option.
options BIOHIST
Like KERNHIST, it enables the BIO history logs. These logs can be dis-
played by using show kernhist from DDB, and can help in debugging prob-
lems with Buffered I/O operations. See the kernel source file
sys/kern/vfs_vio.c for details.
options BIOHIST_PRINT
Like BIOHIST, it prints the BIO history logs on the system console as
entries are added. Note that the output is extremely voluminous, so this
option is really only useful for debugging the very earliest parts of
kernel initialization.
options BIOHIST_SIZE
Set the size of the ``biohist'' kernel history. The default is 500.
This option depends upon the BIOHIST option.
File Systems
file-system FFS
Includes code implementing the Berkeley Fast File System (FFS). Most
machines need this if they are not running diskless.
file-system EXT2FS
Includes code implementing the Second Extended File System (ext2), revi-
sion 0 and revision 1 with the filetype, sparse_super and large_file
options. This is the most commonly used file system on the Linux operat-
ing system, and is provided here for compatibility. Some of the specific
features of ext2 like the "behavior on errors" are not implemented. See
mount_ext2fs(8) for details.
file-system LFS
[EXPERIMENTAL] Include the Log-structured File System (LFS). See
mount_lfs(8) and newfs_lfs(8) for details.
file-system MFS
Include the Memory File System (MFS). This file system stores files in
swappable memory, and produces notable performance improvements when it
is used as the file store for /tmp and similar file systems. See
mount_mfs(8) for details.
file-system NFS
Include the client side of the Network File System (NFS) remote file
sharing protocol. Although the bulk of the code implementing NFS is ker-
nel based, several user level daemons are needed for it to work. See
mount_nfs(8) for details.
file-system CD9660
Includes code for the ISO 9660 + Rock Ridge file system, which is the
standard file system on many CD-ROM discs. Useful primarily if you have
a CD-ROM drive. See mount_cd9660(8) for details.
file-system MSDOSFS
Includes the MS-DOS FAT file system, which is reportedly still used by
unfortunate people who have not heard about NetBSD. Also implements the
Windows 95 extensions to the same, which permit the use of longer, mixed
case file names. See mount_msdos(8) and fsck_msdos(8) for details.
file-system NTFS
[EXPERIMENTAL] Includes code for the Microsoft Windows NT file system.
See mount_ntfs(8) for details.
file-system FDESC
Includes code for a file system, conventionally mounted on /dev/fd, which
permits access to the per-process file descriptor space via special files
in the file system. See mount_fdesc(8) for details. Note that this
facility is redundant, and thus unneeded on most NetBSD systems, since
the fd(4) pseudo-device driver already provides identical functionality.
On most NetBSD systems, instances of fd(4) are mknoded under /dev/fd/ and
on /dev/stdin, /dev/stdout, and /dev/stderr.
file-system KERNFS
Includes code which permits the mounting of a special file system (nor-
mally mounted on /kern) in which files representing various kernel vari-
ables and parameters may be found. See mount_kernfs(8) for details.
file-system NULLFS
Includes code for a loopback file system. This permits portions of the
file hierarchy to be re-mounted in other places. The code really exists
to provide an example of a stackable file system layer. See
mount_null(8) for details.
file-system OVERLAY
Includes code for a file system filter. This permits the overlay file
system to intercept all access to an underlying file system. This file
system is intended to serve as an example of a stacking file system which
has a need to interpose itself between an underlying file system and all
other access. See mount_overlay(8) for details.
file-system PROCFS
Includes code for a special file system (conventionally mounted on /proc)
in which the process space becomes visible in the file system. Among
other things, the memory spaces of processes running on the system are
visible as files, and signals may be sent to processes by writing to ctl
files in the procfs namespace. See mount_procfs(8) for details.
file-system UDF
[EXPERIMENTAL] Includes code for the UDF file system commonly found on CD
and DVD media but also on USB sticks. Currently supports read and write
access upto UDF 2.01 and somewhat limited write support for UDF 2.50. It
is marked experimental since there is no fsck_udf(8). See mount_udf(8)
for details.
file-system UMAPFS
Includes a loopback file system in which user and group IDs may be
remapped -- this can be useful when mounting alien file systems with dif-
ferent UIDs and GIDs than the local system. See mount_umap(8) for
details.
file-system UNION
[EXPERIMENTAL] Includes code for the union file system, which permits
directories to be mounted on top of each other in such a way that both
file systems remain visible -- this permits tricks like allowing writing
(and the deleting of files) on a read-only file system like a CD-ROM by
mounting a local writable file system on top of the read-only file sys-
tem. See mount_union(8) for details.
file-system CODA
[EXPERIMENTAL] Includes code for the Coda file system. Coda is a dis-
tributed file system like NFS and AFS. It is freely available, like NFS,
but it functions much like AFS in being a ``stateful'' file system. Both
Coda and AFS cache files on your local machine to improve performance.
Then Coda goes a step further than AFS by letting you access the cached
files when there is no available network, viz. disconnected laptops and
network outages. In Coda, both the client and server are outside the
kernel which makes them easier to experiment with. Coda is available for
several UNIX and non-UNIX platforms. See
http://www.coda.cs.cmu.edu
for more details. NOTE: You also need to enable the pseudo-device,
vcoda, for the Coda file system to work.
file-system SMBFS
[EXPERIMENTAL] Includes code for the SMB/CIFS file system. See
mount_smbfs(8) for details. NOTE: You also need to enable the pseudo-
device, nsmb, for the SMB file system to work.
file-system PTYFS
[EXPERIMENTAL] Includes code for a special file system (normally mounted
on /dev/pts) in which pseudo-terminal slave devices become visible in the
file system. See mount_ptyfs(8) for details.
file-system TMPFS
Includes code for the efficient memory file system, normally used over
/tmp. See mount_tmpfs(8) for details.
file-system PUFFS
Includes kernel support for the pass-to-userspace framework file system.
It can be used to implement file system functionality in userspace. See
puffs(3) for more details. This enables for example sshfs:
mount_psshfs(8).
File System Options
options DISKLABEL_EI
Enable ``Endian-Independent'' disklabel(5) support. This allows a system
to recognize a disklabel written in the other byte order. For writing,
when a label already exists, its byte order is preserved. Otherwise, a
new label is written in the native byte order. To specify the byte order
explicitly, the -F option of disklabel(8) should be used with the -B
option in order to avoid using ioctl(2), which results in the default
behavior explained above. At the moment this option is restricted to the
following ports: amd64, bebox, emips, epoc32, evbarm, i386, ibmnws, lan-
disk, mvmeppc, prep, rs6000, sandpoint, xen, and zaurus; also to machines
of the evbmips and evbppc ports that support Master Boot Record (MBR).
options MAGICLINKS
Enables the expansion of special strings (beginning with ``@'') when
traversing symbolic links. See symlink(7) for a list of supported
strings. Note that this option only controls the enabling of this fea-
ture by the kernel at boot-up. This feature can still be manipulated
with the sysctl(8) command regardless of the setting of this option.
options NFSSERVER
Include the server side of the NFS (Network File System) remote file
sharing protocol. Although the bulk of the code implementing NFS is ker-
nel based, several user level daemons are needed for it to work. See
mountd(8) and nfsd(8) for details.
options NVNODE=integer
This option sets the size of the cache used by the name-to-inode transla-
tion routines, (a.k.a. the namei() cache, though called by many other
names in the kernel source). By default, this cache has (NPROC + NTEXT +
100) entries (NPROC set as 20 + 16 * MAXUSERS and NTEXT as 80 + NPROC /
8). A reasonable way to derive a value of NVNODE, should you notice a
large number of namei cache misses with a tool such as systat(1), is to
examine your system's current computed value with sysctl(8), (which calls
this parameter "kern.maxvnodes") and to increase this value until either
the namei cache hit rate improves or it is determined that your system
does not benefit substantially from an increase in the size of the namei
cache.
options NAMECACHE_ENTER_REVERSE
Causes the namei cache to always enter a reverse mapping (vnode -> name)
as well as a normal one. Normally, this is already done for directory
vnodes, to speed up the getcwd operation. This option will cause longer
hash chains in the reverse cache, and thus slow down getcwd somewhat.
However, it does make vnode -> path translations possible in some cases.
For now, only useful if strict /proc/#/maps emulation for Linux binaries
is required.
Options for FFS/UFS File Systems
options WAPBL
Enable ``Write Ahead Physical Block Logging file system journaling''.
This provides rapid file system consistency checking after a system out-
age. It also provides better general use performance over regular FFS.
See also wapbl(4).
options QUOTA
Enables kernel support for traditional quotas in FFS. Traditional quotas
store the quota information in external files and require quotacheck(8)
and quotaon(8) at boot time. Traditional quotas are limited to 32-bit
sizes and are at this point considered a legacy feature.
options QUOTA2
Enables kernel support for in-volume quotas in FFS. The quota informa-
tion is file system metadata maintained by fsck(8) and/or WAPBL journal-
ing. MFS volumes can also use QUOTA2 quotas; see mount_mfs(8) for more
information.
options FFS_EI
Enable ``Endian-Independent'' FFS support. This allows a system to mount
an FFS file system created for another architecture, at a small perfor-
mance cost for all FFS file systems. See also newfs(8), fsck_ffs(8),
dumpfs(8) for file system byte order status and manipulation.
options FFS_NO_SNAPSHOT
Disable support for the creation of file system internal snapshot of FFS
file systems. Maybe useful for install media kernels, small memory sys-
tems and embedded systems which don't require the snapshot support.
options UFS_EXTATTR
Enable extended attribute support for UFS1 file systems.
options UFS_DIRHASH
Increase lookup performance by maintaining in-core hash tables for large
directories.
Options for the LFS File System
options LFS_EI
Enable ``Endian-Independent'' LFS support. This allows (at a small per-
formance cost) mounting an LFS file system created for another architec-
ture.
options LFS_DIRHASH
Increase lookup performance by maintaining in-core hash tables for large
directories.
Options for the ext2fs File System
options EXT2FS_SYSTEM_FLAGS
This option changes the behavior of the APPEND and IMMUTABLE flags for a
file on an ext2 file system. Without this option, the superuser or owner
of the file can set and clear them. With this option, only the superuser
can set them, and they can't be cleared if the securelevel is greater
than 0. See also chflags(1) and secmodel_securelevel(9).
Options for the NFS File System
options NFS_BOOT_BOOTP
Enable use of the BOOTP protocol (RFCs 951 and 1048) to get configuration
information if NFS is used to mount the root file system. See
diskless(8) for details.
options NFS_BOOT_BOOTSTATIC
Enable use of static values defined as ``NFS_BOOTSTATIC_MYIP'',
``NFS_BOOTSTATIC_GWIP'', ``NFS_BOOTSTATIC_SERVADDR'', and
``NFS_BOOTSTATIC_SERVER'' in kernel options to get configuration informa-
tion if NFS is used to mount the root file system.
options NFS_BOOT_DHCP
Same as ``NFS_BOOT_BOOTP'', but use the DHCP extensions to the BOOTP pro-
tocol (RFC 1541).
options NFS_BOOT_BOOTP_REQFILE
Specifies the string sent in the bp_file field of the BOOTP/DHCP request
packet.
options NFS_BOOT_BOOTPARAM
Enable use of the BOOTPARAM protocol, consisting of RARP and BOOTPARAM
RPC, to get configuration information if NFS is used to mount the root
file system. See diskless(8) for details.
options NFS_BOOT_RWSIZE=value
Set the initial NFS read and write sizes for diskless-boot requests. The
normal default is 8Kbytes. This option provides a way to lower the value
(e.g., to 1024 bytes) as a workaround for buggy network interface cards
or boot PROMs. Once booted, the read and write request sizes can be
increased by remounting the file system. See mount_nfs(8) for details.
options NFS_V2_ONLY
Reduce the size of the NFS client code by omitting code that's only
required for NFSv3 and NQNFS support, leaving only that code required to
use NFSv2 servers.
options NFS_BOOT_TCP
Use NFS over TCP instead of the default UDP, for mounting root.
Buffer queue strategy options
The following options enable alternative buffer queue strategies.
options BUFQ_READPRIO
Enable experimental buffer queue strategy for disk I/O. In the default
strategy, outstanding disk requests are ordered by sector number and sent
to the disk, regardless of whether the operation is a read or write; this
option gives priority to issuing read requests over write requests.
Although requests may therefore be issued out of sector-order, causing
more seeks and thus lower overall throughput, interactive system respon-
siveness under heavy disk I/O load may be improved, as processes blocking
on disk reads are serviced sooner (file writes typically don't cause
applications to block). The performance effect varies greatly depending
on the hardware, drive firmware, file system configuration, workload, and
desired performance trade-off. Systems using drive write-cache (most
modern IDE disks, by default) are unlikely to benefit and may well suf-
fer; such disks acknowledge writes very quickly, and optimize them inter-
nally according to physical layout. Giving these disks as many requests
to work with as possible (the standard strategy) will typically produce
the best results, especially if the drive has a large cache; the drive
will silently complete writes from cache as it seeks for reads. Disks
that support a large number of concurrent tagged requests (SCSI disks and
many hardware RAID controllers) expose this internal scheduling with
tagged responses, and don't block for reads; such disks may not see a
noticeable difference with either strategy. However, if IDE disks are
run with write-cache disabled for safety, writes are not acknowledged
until actually completed, and only one request can be outstanding; a
large number of small writes in one locality can keep the disk busy,
starving reads elsewhere on the disk. Such systems are likely to see the
most benefit from this option. Finally, the performance interaction of
this option with ffs soft dependencies can be subtle, as that mechanism
can drastically alter the workload for file system metadata writes.
options BUFQ_PRIOCSCAN
Enable another buffer queue strategy for disk I/O, per-priority cyclical
scan.
options NEW_BUFQ_STRATEGY
Synonym of BUFQ_READPRIO.
Miscellaneous Options
options CPU_UCODE
Support cpu microcode loading via cpuctl(8).
options MEMORY_DISK_DYNAMIC
This option makes the md(4) RAM disk size dynamically sized. It is
incompatible with mdsetimage(8).
options MEMORY_DISK_HOOKS
This option allows for some machine dependent functions to be called when
the md(4) RAM disk driver is configured. This can result in automati-
cally loading a RAM disk from floppy on open (among other things).
options MEMORY_DISK_IS_ROOT
Forces the md(4) RAM disk to be the root device. This can only be over-
ridden when the kernel is booted in the 'ask-for-root' mode.
options MEMORY_DISK_ROOT_SIZE=integer
Allocates the given number of 512 byte blocks as memory for the md(4) RAM
disk, to be populated with mdsetimage(8).
options MEMORY_DISK_SERVER=0
Do not include the interface to a userland memory disk server process.
Per default, this option is set to 1, including the support code. Useful
for install media kernels.
options MEMORY_DISK_RBFLAGS=value
This option sets the reboot(2) flags used when booting with a memory disk
as root file system. Possible values include RB_AUTOBOOT (boot in the
usual fashion - default value), and RB_SINGLE (boot in single-user mode).
options MODULAR
Enables the framework for kernel modules (see module(7)).
options MODULAR_DEFAULT_AUTOLOAD
Enables the autoloading of kernel modules by default. This sets the
default value of the kern.module.autoload sysctl(3) variable which may be
changed at run time.
options VND_COMPRESSION
Enables the vnd(4) driver to also handle compressed images. See
vndcompress(1), vnd(4) and vnconfig(8) for more information.
options SPLDEBUG
Help the kernel programmer find bugs related to the interrupt priority
level. When spllower() or splraise() changes the current CPU's interrupt
priority level to or from IPL_HIGH, record a backtrace. Read
i386/return_address(9) for caveats about collecting backtraces. This
feature is experimental, and it is only available on i386. See
sys/kern/subr_spldebug.c.
options TFTPROOT
Download the root memory disk through TFTP at root mount time. This
enables the use of a root RAM disk without requiring it to be embedded in
the kernel using mdsetimage(8). The RAM disk name is obtained using
DHCP's filename parameter. This option requires MEMORY_DISK_HOOKS,
MEMORY_DISK_DYNAMIC, and MEMORY_DISK_IS_ROOT. It is incompatible with
MEMORY_DISK_ROOT_SIZE.
options HZ=integer
On ports that support it, set the system clock frequency (see hz(9)) to
the supplied value. Handle with care.
options NTP
Turns on in-kernel precision timekeeping support used by software imple-
menting NTP (Network Time Protocol, RFC 1305). The NTP option adds an
in-kernel Phase-Locked Loop (PLL) for normal NTP operation, and a Fre-
quency-Locked Loop (FLL) for intermittently-connected operation. ntpd(8)
will employ a user-level PLL when kernel support is unavailable, but the
in-kernel version has lower latency and more precision, and so typically
keeps much better time.
The interface to the kernel NTP support is provided by the ntp_adjtime(2)
and ntp_gettime(2) system calls, which are intended for use by ntpd(8)
and are enabled by the option. On systems with sub-microsecond resolu-
tion timers, or where (HZ/100000) is not an integer, the NTP option also
enables extended-precision arithmetic to keep track of fractional clock
ticks at NTP time-format precision.
options PPS_SYNC
This option enables a kernel serial line discipline for receiving time
phase signals from an external reference clock such as a radio clock.
(The NTP option (which see) must be on if the PPS_SYNC option is used).
Some reference clocks generate a Pulse Per Second (PPS) signal in phase
with their time source. The PPS line discipline receives this signal on
either the data leads or the DCD control lead of a serial port.
NTP uses the PPS signal to discipline the local clock oscillator to a
high degree of precision (typically less than 50 microseconds in time and
0.1 ppm in accuracy). PPS can also generate a serial output pulse when
the system receives a PPS interrupt. This can be used to measure the
system interrupt latency and thus calibrate NTP to account for it. Using
PPS usually requires a gadget box to convert from TTL to RS-232 signal
levels. The gadget box and PPS are described in more detail in the HTML
documentation for ntpd(8) in /usr/share/doc/html/ntp.
NetBSD currently supports this option in com(4) and zsc(4).
options SETUIDSCRIPTS
Allows scripts with the setuid bit set to execute as the effective user
rather than the real user, just like binary executables.
NOTE: Using this option will also enable options FDSCRIPTS
options FDSCRIPTS
Allows execution of scripts with the execute bit set, but not the read
bit, by opening the file and passing the file descriptor to the shell,
rather than the filename.
NOTE: Execute only (non-readable) scripts will have argv[0] set to
/dev/fd/*. What this option allows as far as security is concerned, is
the ability to safely ensure that the correct script is run by the inter-
preter, as it is passed as an already open file.
options RTC_OFFSET=integer
The kernel (and typically the hardware battery backed-up clock on those
machines that have one) keeps time in UTC (Universal Coordinated Time,
once known as GMT, or Greenwich Mean Time) and not in the time of the
local time zone. The RTC_OFFSET option is used on some ports (such as
the i386) to tell the kernel that the hardware clock is offset from UTC
by the specified number of minutes. This is typically used when a
machine boots several operating systems and one of them wants the hard-
ware clock to run in the local time zone and not in UTC, e.g.
RTC_OFFSET=300 means the hardware clock is set to US Eastern Time (300
minutes behind UTC), and not UTC. (Note: RTC_OFFSET is used to initial-
ize a kernel variable named rtc_offset which is the source actually used
to determine the clock offset, and which may be accessed via the
kern.rtc_offset sysctl variable. See sysctl(8) and sysctl(3) for
details. Since the kernel clock is initialized from the hardware clock
very early in the boot process, it is not possible to meaningfully change
rtc_offset in system initialization scripts. Changing this value cur-
rently may only be done at kernel compile time or by patching the kernel
and rebooting).
NOTE: Unfortunately, in many cases where the hardware clock is kept in
local time, it is adjusted for Daylight Savings Time; this means that
attempting to use RTC_OFFSET to let NetBSD coexist with such an operating
system, like Windows, would necessitate changing RTC_OFFSET twice a year.
As such, this solution is imperfect.
options MAXUPRC=integer
Sets the soft RLIMIT_NPROC resource limit, which specifies the maximum
number of simultaneous processes a user is permitted to run, for process
0; this value is inherited by its child processes. It defaults to
CHILD_MAX, which is currently defined to be 160. Setting MAXUPRC to a
value less than CHILD_MAX is not permitted, as this would result in a
violation of the semantics of ISO/IEC 9945-1:1990 (``POSIX.1'').
options NOFILE=integer
Sets the soft RLIMIT_NOFILE resource limit, which specifies the maximum
number of open file descriptors for each process; this value is inherited
by its child processes. It defaults to OPEN_MAX, which is currently
defined to be 128.
options MAXFILES=integer
Sets the default value of the kern.maxfiles sysctl variable, which indi-
cates the maximum number of files that may be open in the system.
options DEFCORENAME=string
Sets the default value of the kern.defcorename sysctl variable, otherwise
it is set to %n.core. See sysctl(8) and sysctl(3) for details.
options RASOPS_CLIPPING
Enables clipping within the rasops raster-console output system. NOTE:
only available on architectures that use rasops for console output.
options RASOPS_SMALL
Removes optimized character writing code from the rasops raster-console
output system. NOTE: only available on architectures that use rasops for
console output.
options INCLUDE_CONFIG_FILE
Embeds the kernel config file used to define the kernel in the kernel
binary itself. The embedded data also includes any files directly
included by the config file itself, e.g. GENERIC.local or std.$MACHINE.
The embedded config file can be extracted from the resulting kernel with
config(1) -x, or by the following command:
strings netbsd | sed -n 's/^_CFG_//p' | unvis
options INCLUDE_JUST_CONFIG
Similar to the above option, but includes just the actual config file,
not any included files.
options PIPE_SOCKETPAIR
Use slower, but smaller socketpair(2)-based pipe implementation instead
of default faster, but bigger one. Primarily useful for installation
kernels.
options USERCONF
Compiles in the in-kernel device configuration manager. See userconf(4)
for details.
options PERFCTRS
Compiles in kernel support for CPU performance-monitoring counters. See
pmc(1) for details. NOTE: not available on all architectures.
options SCDEBUG_DEFAULT
Used with the options SYSCALL_DEBUG described below to choose which types
of events are displayed.
SCDEBUG_CALLS Show system call entry points.
SCDEBUG_RETURNS Show system call exit points.
SCDEBUG_ALL Show all system call requestes, including unim-
plemented calls.
SCDEBUG_SHOWARGS Show the arguments provided.
SCDEBUG_KERNHIST Store a restricted form of the system call debug
in a kernel history instead of printing it to the
console. This option relies upon options
KERNHIST.
The default value is (SCDEBUG_CALLS|SCDEBUG_RETURNS|SCDEBUG_SHOWARGS).
options SYSCALL_DEBUG
Useful for debugging system call issues, usually in early single user
bringup. By default, writes entries to the system console for most sys-
tem call events. Can be configured with the options SCDEBUG_DEFAULT
option to to use the options KERNHIST facility instead.
options SYSCALL_STATS
Count the number of times each system call number is called. The values
can be read through the sysctl interface and displayed using systat(1).
NOTE: not yet available on all architectures.
options SYSCALL_TIMES
Count the time spent (using cpu_counter32()) in each system call. NOTE:
Using this option will also enable options SYSCALL_STATS.
options SYSCALL_TIMES_HASCOUNTER
Force use of cpu_counter32() even if cpu_hascounter() reports false.
Useful for systems where the cycle counter doesn't run at a constant rate
(e.g. Soekris boxes).
options XSERVER_DDB
A supplement to XSERVER that adds support for entering ddb(4) while in
X11.
options FILEASSOC
Support for fileassoc(9). Required for options PAX_SEGVGUARD and
pseudo-device veriexec.
options FILEASSOC_NHOOKS=integer
Number of storage slots per file for fileassoc(9). Default is 4.
Networking Options
options GATEWAY
Enables IPFORWARDING (which see) and (on most ports) increases the size
of NMBCLUSTERS (which see). In general, GATEWAY is used to indicate that
a system should act as a router, and IPFORWARDING is not invoked
directly. (Note that GATEWAY has no impact on protocols other than IP,
such as CLNP). GATEWAY option also compiles IPv4 and IPv6 fast forward-
ing code into the kernel.
options ICMPPRINTFS
The ICMPPRINTFS option will enable debugging information to be printed
about the icmp(4) protocol.
options IPFORWARDING=value
If value is 1 this enables IP routing behavior. If value is 0 (the
default), it disables it. The GATEWAY option sets this to 1 automati-
cally. With this option enabled, the machine will forward IP datagrams
destined for other machines between its interfaces. Note that even with-
out this option, the kernel will still forward some packets (such as
source routed packets) -- removing GATEWAY and IPFORWARDING is insuffi-
cient to stop all routing through a bastion host on a firewall -- source
routing is controlled independently. To turn off source routing, use
options IPFORWSRCRT=0 (which see). Note that IP forwarding may be turned
on and off independently of the setting of the IPFORWARDING option
through the use of the net.inet.ip.forwarding sysctl variable. If
net.inet.ip.forwarding is 1, IP forwarding is on. See sysctl(8) and
sysctl(3) for details.
options IPFORWSRCRT=value
If value is set to zero, source routing of IP datagrams is turned off.
If value is set to one (the default) or the option is absent, source
routed IP datagrams are forwarded by the machine. Note that source rout-
ing of IP packets may be turned on and off independently of the setting
of the IPFORWSRCRT option through the use of the net.inet.ip.forwsrcrt
sysctl variable. If net.inet.ip.forwsrcrt is 1, forwarding of source
routed IP datagrams is on. See sysctl(8) and sysctl(3) for details.
options IFA_STATS
Tells the kernel to maintain per-address statistics on bytes sent and
received over (currently) Internet and AppleTalk addresses. The option
is not recommended as it degrades system stability.
options IFQ_MAXLEN=value
Increases the allowed size of the network interface packet queues. The
default queue size is 50 packets, and you do not normally need to
increase it.
options IPSELSRC
Includes support for source-address selection policies. See
in_getifa(9).
options MROUTING
Includes support for IP multicast routers. You certainly want INET with
this. Multicast routing is controlled by the mrouted(8) daemon. See
also option PIM.
options PIM
Includes support for Protocol Independent Multicast (PIM) routing. You
need MROUTING and INET with this. Software using this can be found e.g.
in pkgsrc/net/xorp.
options INET
Includes support for the TCP/IP protocol stack. You almost certainly
want this. See inet(4) for details.
options INET6
Includes support for the IPv6 protocol stack. See inet6(4) for details.
Unlike INET, INET6 enables multicast routing code as well. This option
requires INET at this moment, but it should not.
options ND6_DEBUG
The option sets the default value of net.inet6.icmp6.nd6_debug to 1, for
debugging IPv6 neighbor discovery protocol handling. See sysctl(3) for
details.
options IPSEC
Includes support for the IPsec protocol, using the implementation derived
from OpenBSD, relying on opencrypto(9) to carry out cryptographic opera-
tions. See fast_ipsec(4) for details.
options IPSEC_DEBUG
Enables debugging code in IPsec stack. See ipsec(4) for details. The
IPSEC option includes support for IPsec Network Address Translator tra-
versal (NAT-T), as described in RFCs 3947 and 3948. This feature might
be patent-encumbered in some countries.
options ALTQ
Enabled ALTQ (Alternate Queueing). For simple rate-limiting, use
tbrconfig(8) to set up the interface transmission rate. To use queueing
disciplines, their appropriate kernel options should also be defined
(documented below). Queueing disciplines are managed by altqd(8). See
altq(9) for details.
options ALTQ_HFSC
Include support for ALTQ-implemented HFSC (Hierarchical Fair Service
Curve) module. HFSC supports both link-sharing and guaranteed real-time
services. HFSC employs a service curve based QoS model, and its unique
feature is an ability to decouple delay and bandwidth allocation.
Requires ALTQ_RED to use the RED queueing discipline on HFSC classes, or
ALTQ_RIO to use the RIO queueing discipline on HFSC classes. This option
assumes ALTQ.
options ALTQ_PRIQ
Include support for ALTQ-implemented PRIQ (Priority Queueing). PRIQ
implements a simple priority-based queueing discipline. A higher prior-
ity class is always served first. Requires ALTQ_RED to use the RED
queueing discipline on HFSC classes, or ALTQ_RIO to use the RIO queueing
discipline on HFSC classes. This option assumes ALTQ.
options ALTQ_WFQ
Include support for ALTQ-implemented WFQ (Weighted Fair Queueing). WFQ
implements a weighted-round robin scheduler for a set of queues. A
weight can be assigned to each queue to give a different proportion of
the link capacity. A hash function is used to map a flow to one of a set
of queues. This option assumes ALTQ.
options ALTQ_FIFOQ
Include support for ALTQ-implemented FIFO queueing. FIFOQ is a simple
drop-tail FIFO (First In, First Out) queueing discipline. This option
assumes ALTQ.
options ALTQ_RIO
Include support for ALTQ-implemented RIO (RED with In/Out). The original
RIO has 2 sets of RED parameters; one for in-profile packets and the
other for out-of-profile packets. At the ingress of the network, profile
meters tag packets as IN or OUT based on contracted profiles for cus-
tomers. Inside the network, IN packets receive preferential treatment by
the RIO dropper. ALTQ/RIO has 3 drop precedence levels defined for the
Assured Forwarding PHB of DiffServ (RFC 2597). This option assumes ALTQ.
options ALTQ_BLUE
Include support for ALTQ-implemented Blue buffer management. Blue is
another active buffer management mechanism. This option assumes ALTQ.
options ALTQ_FLOWVALVE
Include support for ALTQ-implemented Flowvalve. Flowvalve is a simple
implementation of a RED penalty box that identifies and punishes misbe-
having flows. This option requires ALTQ_RED and assumes ALTQ.
options ALTQ_CDNR
Include support for ALTQ-implemented CDNR (diffserv traffic conditioner)
packet marking/manipulation. Traffic conditioners are components to
meter, mark, or drop incoming packets according to some rules. As
opposed to queueing disciplines, traffic conditioners handle incoming
packets at an input interface. This option assumes ALTQ.
options ALTQ_NOPCC
Disables use of processor cycle counter to measure time in ALTQ. This
option should be defined for a non-Pentium i386 CPU which does not have
TSC, SMP (per-CPU counters are not in sync), or power management which
affects processor cycle counter. This option assumes ALTQ.
options ALTQ_IPSEC
Include support for IPsec in IPv4 ALTQ. This option assumes ALTQ.
options ALTQ_JOBS
Include support for ALTQ-implemented JoBS (Joint Buffer Management and
Scheduling). This option assumes ALTQ.
options ALTQ_AFMAP
Include support for an undocumented ALTQ feature that is used to map an
IP flow to an ATM VC (Virtual Circuit). This option assumes ALTQ.
options ALTQ_LOCALQ
Include support for ALTQ-implemented local queues. Its practical use is
undefined. Assumes ALTQ.
options SUBNETSARELOCAL
Sets default value for net.inet.ip.subnetsarelocal variable, which con-
trols whether non-directly-connected subnets of connected networks are
considered "local" for purposes of choosing the MSS for a TCP connection.
This is mostly present for historic reasons and completely irrelevant if
you enable Path MTU discovery.
options HOSTZEROBROADCAST
Sets default value for net.inet.ip.hostzerobroadcast variable, which con-
trols whether the zeroth host address of each connected subnet is also
considered a broadcast address. Default value is "1", for compatibility
with old systems; if this is set to zero on all hosts on a subnet, you
should be able to fit an extra host per subnet on the ".0" address.
options MCLSHIFT=value
This option is the base-2 logarithm of the size of mbuf clusters. The
BSD networking stack keeps network packets in a linked list, or chain, of
kernel buffer objects called mbufs. The system provides larger mbuf
clusters as an optimization for large packets, instead of using long
chains for large packets. The mbuf cluster size, or MCLBYTES, must be a
power of two, and is computed as two raised to the power MCLSHIFT. On
systems with Ethernet network adapters, MCLSHIFT is often set to 11, giv-
ing 2048-byte mbuf clusters, large enough to hold a 1500-byte Ethernet
frame in a single cluster. Systems with network interfaces supporting
larger frame sizes like ATM, FDDI, or HIPPI may perform better with
MCLSHIFT set to 12 or 13, giving mbuf cluster sizes of 4096 and 8192
bytes, respectively.
options NETATALK
Include support for the AppleTalk protocol stack. The kernel provides
provision for the Datagram Delivery Protocol (DDP), providing SOCK_DGRAM
support and AppleTalk routing. This stack is used by the NETATALK pack-
age, which adds support for AppleTalk server services via user libraries
and applications.
options BLUETOOTH
Include support for the Bluetooth protocol stack. See bluetooth(4) for
details.
options IPNOPRIVPORTS
Normally, only root can bind a socket descriptor to a so-called
``privileged'' TCP port, that is, a port number in the range 0-1023.
This option eliminates those checks from the kernel. This can be useful
if there is a desire to allow daemons without privileges to bind those
ports, e.g., on firewalls. The security tradeoffs in doing this are sub-
tle. This option should only be used by experts.
options TCP_COMPAT_42
TCP bug compatibility with 4.2BSD. In 4.2BSD, TCP sequence numbers were
32-bit signed values. Modern implementations of TCP use unsigned values.
This option clamps the initial sequence number to start in the range 2^31
rather than the full unsigned range of 2^32. Also, under 4.2BSD,
keepalive packets must contain at least one byte or else the remote end
would not respond.
options TCP_DEBUG
Record the last TCP_NDEBUG TCP packets with SO_DEBUG set, and decode to
the console if tcpconsdebug is set.
options TCP_NDEBUG
Number of packets to record for TCP_DEBUG. Defaults to 100.
options TCP_SENDSPACE=value
options TCP_RECVSPACE=value
These options set the max TCP window size to other sizes than the
default. The TCP window sizes can be altered via sysctl(8) as well.
options TCP_INIT_WIN=value
This option sets the initial TCP window size for non-local connections,
which is used when the transmission starts. The default size is 1, but
if the machine should act more aggressively, the initial size can be set
to some other value. The initial TCP window size can be set via
sysctl(8) as well.
options TCP_SIGNATURE
Enable MD5 TCP signatures (RFC 2385) to protect BGP sessions.
options IPFILTER_LOG
This option, in conjunction with pseudo-device ipfilter, enables logging
of IP packets using IP-Filter.
options IPFILTER_LOOKUP
This option enables the IP-Filter ippool(8) functionality to be enabled.
options IPFILTER_COMPAT
This option enables older IP-Filter binaries to work.
options IPFILTER_DEFAULT_BLOCK
This option sets the default policy of IP-Filter. If it is set, IP-Fil-
ter will block packets by default.
options BRIDGE_IPF
This option causes bridge devices to use the IP and/or IPv6 filtering
hooks, forming a link-layer filter that uses protocol-layer rules. This
option assumes the presence of pseudo-device ipfilter.
options MBUFTRACE
This option can help track down mbuf leaks. When enabled, mbufs are
tagged with the devices and protocols using them, which slightly
decreases network performance. This additional information can be viewed
with netstat(1):
netstat -mssv
Not all devices or protocols support this option.
Sysctl Related Options
options SYSCTL_DISALLOW_CREATE
Disallows the creation or deletion of nodes from the sysctl tree, as well
as the assigning of descriptions to nodes that lack them, by any process.
These operations are still available to kernel sub-systems, including
loadable kernel modules.
options SYSCTL_DISALLOW_KWRITE
Prevents processes from adding nodes to the sysctl tree that make exist-
ing kernel memory areas writable. Sections of kernel memory can still be
read and new nodes that own their own data may still be writable.
options SYSCTL_DEBUG_SETUP
Causes the SYSCTL_SETUP routines to print a brief message when they are
invoked. This is merely meant as an aid in determining the order in
which sections of the tree are created.
options SYSCTL_DEBUG_CREATE
Prints a message each time sysctl_create(), the function that adds nodes
to the tree, is called.
options SYSCTL_INCLUDE_DESCR
Causes the kernel to include short, human readable descriptions for nodes
in the sysctl tree. The descriptions can be retrieved programmatically
(see sysctl(3)), or by the sysctl binary itself (see sysctl(8)). The
descriptions are meant to give an indication of the purpose and/or
effects of a given node's value, not replace the documentation for the
given subsystem as a whole.
System V IPC Options
options SYSVMSG
Includes support for AT&T System V UNIX style message queues. See
msgctl(2), msgget(2), msgrcv(2), msgsnd(2).
options SYSVSEM
Includes support for AT&T System V UNIX style semaphores. See semctl(2),
semget(2), semop(2).
options SEMMNI=value
Sets the number of AT&T System V UNIX style semaphore identifiers. The
GENERIC config file for your port will have the default.
options SEMMNS=value
Sets the number of AT&T System V UNIX style semaphores in the system.
The GENERIC config file for your port will have the default.
options SEMUME=value
Sets the maximum number of undo entries per process for AT&T System V
UNIX style semaphores. The GENERIC config file for your port will have
the default.
options SEMMNU=value
Sets the number of undo structures in the system for AT&T System V UNIX
style semaphores. The GENERIC config file for your port will have the
default.
options SYSVSHM
Includes support for AT&T System V UNIX style shared memory. See
shmat(2), shmctl(2), shmdt(2), shmget(2).
options SHMMAXPGS=value
Sets the maximum number of AT&T System V UNIX style shared memory pages
that are available through the shmget(2) system call. Default value is
1024 on most ports. See /usr/include/machine/vmparam.h for the default.
VM Related Options
options NMBCLUSTERS=value
The number of mbuf clusters the kernel supports. Mbuf clusters are
MCLBYTES in size (usually 2k). This is used to compute the size of the
kernel VM map mb_map, which maps mbuf clusters. Default on most ports is
1024 (2048 with ``options GATEWAY'' ). See /usr/include/machine/param.h
for exact default information. Increase this value if you get ``mclpool
limit reached'' messages.
options NKMEMPAGES=value
options NKMEMPAGES_MIN=value
options NKMEMPAGES_MAX=value
Size of kernel VM map kmem_map, in PAGE_SIZE-sized chunks (the VM page
size; this value may be read from the sysctl(8) variable hw.pagesize ).
This VM map is used to map the kernel malloc arena. The kernel attempts
to auto-size this map based on the amount of physical memory in the sys-
tem. Platform-specific code may place bounds on this computed size,
which may be viewed with the sysctl(8) variable vm.nkmempages. See
/usr/include/machine/param.h for the default upper and lower bounds. The
related options `NKMEMPAGES_MIN' and `NKMEMPAGES_MAX' allow the bounds to
be overridden in the kernel configuration file. These options are pro-
vided in the event the computed value is insufficient resulting in an
``out of space in kmem_map'' panic.
options SB_MAX=value
Sets the max size in bytes that a socket buffer is allowed to occupy.
The default is 256k, but sometimes it needs to be increased, for example
when using large TCP windows. This option can be changed via sysctl(8)
as well.
options SOMAXKVA=value
Sets the maximum size of kernel virtual memory that the socket buffers
are allowed to use. The default is 16MB, but in situations where for
example large TCP windows are used this value must also be increased.
This option can be changed via sysctl(8) as well.
options BUFCACHE=value
Size of the buffer cache as a percentage of total available RAM. Ignored
if BUFPAGES is also specified.
options NBUF=value
Sets the number of buffer headers available, i.e., the number of open
files that may have a buffer cache entry. Each buffer header requires
MAXBSIZE (machine dependent, but usually 65536) bytes. The default value
is machine dependent, but is usually equal to the value of BUFPAGES.
options BUFPAGES=value
These options set the number of pages available for the buffer cache.
Their default value is a machine dependent value, often calculated as
between 5% and 10% of total available RAM.
options MAXTSIZ=bytes
Sets the maximum size limit of a process' text segment. See
/usr/include/machine/vmparam.h for the port-specific default.
options DFLDSIZ=bytes
Sets the default size limit of a process' data segment, the value that
will be returned as the soft limit for RLIMIT_DATA (as returned by
getrlimit(2)). See /usr/include/machine/vmparam.h for the port-specific
default.
options MAXDSIZ=bytes
Sets the maximum size limit of a process' data segment, the value that
will be returned as the hard limit for RLIMIT_DATA (as returned by
getrlimit(2)). See /usr/include/machine/vmparam.h for the port-specific
default.
options DFLSSIZ=bytes
Sets the default size limit of a process' stack segment, the value that
will be returned as the soft limit for RLIMIT_STACK (as returned by
getrlimit(2)). See /usr/include/machine/vmparam.h for the port-specific
default.
options MAXSSIZ=bytes
Sets the maximum size limit of a process' stack segment, the value that
will be returned as the hard limit for RLIMIT_STACK (as returned by
getrlimit(2)). See /usr/include/machine/vmparam.h for the port-specific
default.
options DUMP_ON_PANIC=integer
Defaults to one. If set to zero, the kernel will not dump to the dump
device when it panics, though dumps can still be forced via ddb(4) with
the ``sync'' command. Note that this sets the value of the
kern.dump_on_panic sysctl(3) variable which may be changed at run time --
see sysctl(8) for details.
options USE_TOPDOWN_VM
User space memory allocations (as made by mmap(2)) will be arranged in a
``top down'' fashion instead of the traditional ``upwards from MAXDSIZ +
vm_daddr'' method. This includes the placement of ld.so(1). Arranging
memory in this manner allows either (or both of) the heap or mmap(2)
allocated space to grow larger than traditionally possible. This option
is not available on all ports, but is instead expected to be offered on a
port-by-port basis, after which some ports will commit to using it by
default. See the files /usr/include/uvm/uvm_param.h for some implementa-
tion details, and /usr/include/machine/vmparam.h for port specific
details including availability.
options VMSWAP
Enable paging device/file support. This option is on by default.
options PDPOLICY_CLOCKPRO
Use CLOCK-Pro, an alternative page replace policy.
Security Options
options INSECURE
Initializes the kernel security level with -1 instead of 0. This means
that the system always starts in secure level -1 mode, even when running
multiuser, unless the securelevel variable is set to value > -1 in
/etc/rc.conf. In this case the kernel security level will be raised to
that value when the /etc/rc.d/securelevel script is run during system
startup. See the manual page for init(8) for details on the implications
of this. The kernel secure level may manipulated by the superuser by
altering the kern.securelevel sysctl(3) variable (the secure level may
only be lowered by a call from process ID 1, i.e., init(8)). See also
secmodel_securelevel(9), sysctl(8) and sysctl(3).
options VERIFIED_EXEC_FP_MD5
Enables support for MD5 hashes in Veriexec.
options VERIFIED_EXEC_FP_SHA1
Enables support for SHA1 hashes in Veriexec.
options VERIFIED_EXEC_FP_RMD160
Enables support for RMD160 hashes in Veriexec.
options VERIFIED_EXEC_FP_SHA256
Enables support for SHA256 hashes in Veriexec.
options VERIFIED_EXEC_FP_SHA384
Enables support for SHA384 hashes in Veriexec.
options VERIFIED_EXEC_FP_SHA512
Enables support for SHA512 hashes in Veriexec.
options PAX_MPROTECT=value
Enables PaX MPROTECT, mprotect(2) restrictions from the PaX project.
The value is the default value for the global knob, see sysctl(3). If 0,
PaX MPROTECT will be enabled only if explicitly set on programs using
paxctl(8). If 1, PaX MPROTECT will be enabled for all programs. Pro-
grams can be exempted using paxctl(8).
See security(7) for more details.
options PAX_SEGVGUARD=value
Enables PaX Segvguard. Requires options FILEASSOC.
The value is the default value for the global knob, see sysctl(3). If 0,
PaX Segvguard will be enabled only if explicitly set on programs using
paxctl(8). If 1, PaX Segvguard will be enabled to all programs, and
exemption can be done using paxctl(8).
See security(7) for more details.
options PAX_ASLR=value
Enables PaX ASLR.
The value is the default value for the global knob, see sysctl(3). If 0,
PaX ASLR will be enabled only if explicitly set on programs using
paxctl(8). If 1, PaX ASLR will be enabled to all programs, and exemption
can be done using paxctl(8).
See security(7) for more details.
options USER_VA0_DISABLE_DEFAULT=value
Sets the initial value of the flag which controls whether user programs
can map virtual address 0. The flag can be changed at runtime by
sysctl(3).
amiga-specific Options
options BB060STUPIDROM
When the bootloader (which passes AmigaOS ROM information) claims we have
a 68060 CPU without FPU, go look into the Processor Configuration Regis-
ter (PCR) to find out. You need this with Amiga ROMs up to (at least)
V40.xxx (OS3.1), when you boot via the bootblocks and don't have a DraCo.
options IOBZCLOCK=frequency
The IOBlix boards come with two different serial master clocks: older
ones use 24 MHz, newer ones use 22.1184 MHz. The driver normally assumes
the latter. If your board uses 24 MHz, you can recompile your kernel
with options IOBZCLOCK=24000000 or patch the kernel variable iobzclock to
the same value.
options LIMITMEM=value
If there, limit the part of the first memory bank used by NetBSD to value
megabytes. Default is unlimited.
options P5PPC68KBOARD
Add special support for Phase5 mixed 68k+PPC boards. Currently, this
only affects rebooting from NetBSD and is only needed on 68040+PPC, not
on 68060+PPC; without this, affected machines will hang after NetBSD has
shut down and will only restart after a keyboard reset or a power cycle.
atari-specific Options
options DISKLABEL_AHDI
Include support for AHDI (native Atari) disklabels.
options DISKLABEL_NBDA
Include support for NetBSD/atari labels. If you don't set this option,
it will be set automatically. NetBSD/atari will not work without it.
options FALCON_SCSI
Include support for the 5380-SCSI configuration as found on the Falcon.
options RELOC_KERNEL
If set, the kernel will relocate itself to TT-RAM, if possible. This
will give you a slightly faster system. Beware that on some TT030 sys-
tems, the system will frequently dump with MMU-faults with this option
enabled.
options SERCONSOLE
Allow the modem1-port to act as the system-console. A carrier should be
active on modem1 during system boot to active the console functionality.
options TT_SCSI
Include support for the 5380-SCSI configuration as found on the TT030 and
Hades.
i386-specific Options
options CPURESET_DELAY=value
Specifies the time (in millisecond) to wait before doing a hardware reset
in the last phase of a reboot. This gives the user a chance to see error
messages from the shutdown operations (like NFS unmounts, buffer cache
flush, etc ...). Setting this to 0 will disable the delay. Default is 2
seconds.
options VM86
Include support for virtual 8086 mode, used by DOS emulators and X
servers to run BIOS code, e.g., for some VESA routines.
options USER_LDT
Include i386-specific system calls for modifying the local descriptor ta-
ble, used by Windows emulators.
options PAE
Enable PAE (Physical Address Extension) mode. PAE permits up to 36 bits
physical addressing (64GB of physical memory), and turns physical
addresses to 64 bits entities in the memory management subsystem. User-
land virtual address space remains at 32 bits (4GB). PAE mode is
required to enable the NX/XD (No-eXecute/eXecute Disable) bit for pages,
which allows marking certain ones as not being executable. Any attempt
to execute code from such a page will raise an exception.
options REALBASEMEM=integer
Overrides the base memory size passed in from the boot block. (Value
given in kilobytes.) Use this option only if the boot block reports the
size incorrectly. (Note that some BIOSes put the extended BIOS data area
at the top of base memory, and therefore report a smaller base memory
size to prevent programs overwriting it. This is correct behavior, and
you should not use the REALBASEMEM option to access this memory).
options SPECTRE_V2_GCC_MITIGATION=1
Enable GCC-specific Spectre variant 2 mitigations. For 32-bit kernels
this means these options:
-mindirect-branch=thunk -mindirect-branch-register
For 64-bit kernels this means these options:
-mindirect-branch=thunk-inline -mindirect-branch-register
options REALEXTMEM=integer
Overrides the extended memory size passed in from the boot block. (Value
given in kilobytes. Extended memory does not include the first
megabyte.) Use this option only if the boot block reports the size
incorrectly.
options CYRIX_CACHE_WORKS
Relevant only to the Cyrix 486DLC CPU. This option is used to turn on
the cache in hold-flush mode. It is not turned on by default because it
is known to have problems in certain motherboard implementations.
options CYRIX_CACHE_REALLY_WORKS
Relevant only to the Cyrix 486DLC CPU. This option is used to turn on
the cache in write-back mode. It is not turned on by default because it
is known to have problems in certain motherboard implementations. In
order for this option to take effect, option CYRIX_CACHE_WORKS must also
be specified.
options PCIBIOS
Enable support for initializing the PCI bus using information from the
BIOS. See pcibios(4) for details.
options MTRR
Include support for accessing MTRR registers from user-space. See
i386_get_mtrr(2).
options BEEP_ONHALT
Make the system speaker emit several beeps when it is completely safe to
power down the computer after a halt(8) command. Requires sysbeep(4)
support.
options BEEP_ONHALT_COUNT=times
Number of times to beep the speaker when options BEEP_ONHALT is enabled.
Defaults to 3.
options BEEP_ONHALT_PITCH=hz
The tone frequency used when options BEEP_ONHALT option, in hertz.
Defaults to 1500.
options BEEP_ONHALT_PERIOD=msecs
The duration of each beep when options BEEP_ONHALT is enabled, in mil-
liseconds. Defaults to 250.
options MULTIBOOT
Makes the kernel Multiboot-compliant, allowing it to be booted through a
Multiboot-compliant boot manager such as GRUB. See multiboot(8) for more
information.
options SPLASHSCREEN
Display a splash screen during boot.
options SPLASHSCREEN_PROGRESS
Display a progress bar at the splash screen during boot. This option
requires SPLASHSCREEN.
isa-specific Options
Options specific to isa(4) busses.
options PCIC_ISA_ALLOC_IOBASE=address, PCIC_ISA_ALLOC_IOSIZE=size
Control the section of IO bus space used for PCMCIA bus space mapping.
Ideally the probed defaults are satisfactory, however in practice that is
not always the case. See pcmcia(4) for details.
options PCIC_ISA_INTR_ALLOC_MASK=mask
Controls the allowable interrupts that may be used for PCMCIA devices.
This mask is a logical-or of power-of-2s of allowable interrupts:
IRQ Val IRQ Val IRQ Val IRQ Val
0 0x0001 4 0x0010 8 0x0100 12 0x1000
1 0x0002 5 0x0020 9 0x0200 13 0x2000
2 0x0004 6 0x0040 10 0x0400 14 0x4000
3 0x0008 7 0x0080 11 0x0800 15 0x8000
options PCKBC_CNATTACH_SELFTEST
Perform a self test of the keyboard controller before attaching it as a
console. This might be necessary on machines where we boot on cold iron,
and pckbc refuses to talk until we request a self test. Currently only
the netwinder port uses it.
options PCKBD_CNATTACH_MAY_FAIL
If this option is set the PS/2 keyboard will not be used as the console
if it cannot be found during boot. This allows other keyboards, like
USB, to be the console keyboard.
options PCKBD_LAYOUT=layout
Sets the default keyboard layout, see pckbd(4).
m68k-specific Options
options FPU_EMULATE
Include support for MC68881/MC68882 emulator.
options FPSP
Include support for 68040 floating point.
options M68020,M68030,M68040,M68060
Include support for a specific CPU, at least one (the one you are using)
should be specified.
options M060SP
Include software support for 68060. This provides emulation of unimple-
mented integer instructions as well as emulation of unimplemented float-
ing point instructions and data types and software support for floating
point traps.
powerpc-specific Options (OEA Only)
options PMAP_MEMLIMIT=value
Limit the amount of memory seen by the kernel to value bytes.
options PTEGCOUNT=value
Specify the size of the page table as value PTE groups. Normally, one
PTEG is allocated per physical page frame.
sparc-specific Options
options AUDIO_DEBUG
Enable simple event debugging of the logging of the audio(4) device.
options BLINK
Enable blinking of LED. Blink rate is full cycle every N seconds for N <
then current load average. See getloadavg(3).
options COUNT_SW_LEFTOVERS
Count how many times the sw SCSI device has left 3, 2, 1 and 0 in the
sw_3_leftover, sw_2_leftover, sw_1_leftover, and sw_0_leftover variables
accessible from ddb(4). See sw(4).
options DEBUG_ALIGN
Adds debugging messages calls when user-requested alignment fault han-
dling happens.
options DEBUG_EMUL
Adds debugging messages calls for emulated floating point and alignment
fixing operations.
options DEBUG_SVR4
Prints registers messages calls for emulated SVR4 getcontext and setcon-
text operations. See options COMPAT_SVR4.
options EXTREME_DEBUG
Adds debugging functions callable from ddb(4). The debug_pagetables,
test_region and print_fe_map functions print information about page
tables for the SUN4M platforms only.
options EXTREME_EXTREME_DEBUG
Adds extra info to options EXTREME_DEBUG.
options FPU_CONTEXT
Make options COMPAT_SVR4 getcontext and setcontext include floating point
registers.
options MAGMA_DEBUG
Adds debugging messages to the magma(4) device.
options RASTERCONS_FULLSCREEN
Use the entire screen for the console.
options RASTERCONS_SMALLFONT
Use the Fixed font on the console, instead of the normal font.
options SUN4
Support sun4 class machines.
options SUN4C
Support sun4c class machines.
options SUN4M
Support sun4m class machines.
options SUN4_MMU3L
Enable support for sun4 3-level MMU machines.
options V9
Enable SPARC V9 assembler in ddb(4).
sparc64-specific Options
options AUDIO_DEBUG
Enable simple event debugging of the logging of the audio(4) device.
options BLINK
Enable blinking of LED. Blink rate is full cycle every N seconds for N <
then current load average. See getloadavg(3).
x68k-specific Options
options EXTENDED_MEMORY
Include support for extended memory, e.g., TS-6BE16 and 060turbo on-
board.
options JUPITER
Include support for Jupiter-X MPU accelerator
options ZSCONSOLE,ZSCN_SPEED=value
Use the built-in serial port as the system-console. Speed is specified
in bps, defaults to 9600.
options ITE_KERNEL_ATTR=value
Set the kernel message attribute for ITE. Value, an integer, is a logi-
cal or of the following values:
1 color inversed
2 underlined
4 bolded
SEE ALSO
config(1), gcc(1), gdb(1), ktrace(1), pmc(1), quota(1), vndcompress(1),
gettimeofday(2), i386_get_mtrr(2), i386_iopl(2), msgctl(2), msgget(2),
msgrcv(2), msgsnd(2), ntp_adjtime(2), ntp_gettime(2), reboot(2),
semctl(2), semget(2), semop(2), shmat(2), shmctl(2), shmdt(2), shmget(2),
sysctl(3), apm(4), ddb(4), inet(4), iso(4), md(4), pcibios(4), pcmcia(4),
ppp(4), userconf(4), vnd(4), wscons(4), config(5), edquota(8), init(8),
mdsetimage(8), mount_cd9660(8), mount_fdesc(8), mount_kernfs(8),
mount_lfs(8), mount_mfs(8), mount_msdos(8), mount_nfs(8), mount_ntfs(8),
mount_null(8), mount_portal(8), mount_procfs(8), mount_udf(8),
mount_umap(8), mount_union(8), mrouted(8), newfs_lfs(8), ntpd(8),
quotaon(8), rpc.rquotad(8), sysctl(8), in_getifa(9), kernhist(9)
HISTORY
The options man page first appeared in NetBSD 1.3.
BUGS
The EON option should be a pseudo-device, and is also very fragile.
NetBSD 8.1 April 5, 2018 NetBSD 8.1
Powered by man-cgi (2021-06-01).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.