OPTIONS(4) OpenBSD Programmer's Manual OPTIONS(4)NAMEoptions - kernel configuration optionsSYNOPSIS
option ...
DESCRIPTION
This manual page describes a number of miscellaneous kernel configuration
options that may be specified in a kernel config file. See config(8) for
information on how to configure and build kernels. Note: options are
passed to the compile process as -D flags to the C compiler.
COMPATIBILITY OPTIONS
option COMPAT_43
Use of this option is discouraged. It enables compatibility with 4.3BSD.
It adds an old syscall for lseek() as well as ioctls for TIOCGETP and
TIOCSETP. The return values for the getpid(2), getgid(2), and getuid(2)
system calls are modified as well, to return the parent's PID and UID as
well as the current process's. It also enables the deprecated NTTYDISC
terminal line discipline. It provides backwards compatibility with the
``old'' SIOC[GS]IF{ADDR,DSTADDR,BRDADDR,NETMASK} interface ioctls,
including binary compatibility for code written before the introduction
of the sa_len field in sockaddrs. It also enables support for some older
pre 4.4BSD socket calls.
option COMPAT_AOUT
On those ELF architectures that require it, this enables full
compatibility with old a.out binaries, by allowing the a.out dynamic
linking system to reside under /emul/a.out. This option is available on
the i386 architecture. See compat_aout(8).
option COMPAT_FREEBSD
On those architectures that support it, this enables binary compatibility
with FreeBSD applications built for the same architecture. This option
is available on the i386 architecture. See compat_freebsd(8).
option COMPAT_LINUX
On those architectures that support it, this enables binary compatibility
with Linux ELF and a.out applications built for the same architecture.
This option is supported on the i386 architecture. See compat_linux(8).
option COMPAT_O47
Enables compatibility with OpenBSD 4.7. This makes it possible to run
statically-linked binaries that use getpeereid(3) from the time when it
was a system call.
option COMPAT_SVR4
On those architectures that support it, this enables binary compatibility
with AT&T System V.4 UNIX binaries built for the same architecture. This
currently includes the sparc and i386. Possibly the most widely known
operating system based on this binary architecture is Sun's Solaris 2.x.
See compat_svr4(8).
DEBUGGING OPTIONS
makeoptions DEBUG="-g"
The -g flag causes bsd.gdb to be built in addition to bsd. bsd.gdb is
useful for debugging kernels and their crash dumps with gdb. A crash
dump can be debugged by starting gdb(1) with the kernel name (bsd.gdb) as
an argument (no core file) and then use the gdb(1) command ``target kvm
COREFILE''.
makeoptions PROF="-pg"
The -pg flag causes the kernel to be compiled with support for profiling.
The option GPROF is required for the kernel compile to succeed.
option ACCOUNTING
Adds support for the acct(2) system call.
option DDB
Compiles in a kernel debugger for diagnosing kernel problems. See ddb(4)
for details.
option DDB_SAFE_CONSOLE
Allows a break into the kernel debugger during boot. Useful when
debugging problems that can cause init(8) to fail.
option DDB_STRUCT
Compiles in symbolic information about the various data structures used
by the kernel, for use within the kernel debugger. This option is
currently not supported on alpha, m68k, m88k and vax based platforms.
option DEBUG
Turns on miscellaneous kernel debugging. Since options are turned into
preprocessor defines (see above), option DEBUG is equivalent to doing a
#define DEBUG throughout the kernel. Much of the kernel has #ifdef DEBUG
conditional debugging code. Note that many parts of the kernel
(typically device drivers) include their own #ifdef XXX_DEBUG
conditionals instead. This option also turns on certain other options,
notably option KMEMSTATS.
option DIAGNOSTIC
Adds code to the kernel that does internal consistency checks. This code
will cause the kernel to panic if corruption of internal data structures
is detected.
option GPROF
Adds code to the kernel for kernel profiling with kgmon(8).
option KGDB
Compiles in a remote kernel debugger stub for diagnosing kernel problems
using the ``remote target'' feature of gdb. See kgdb(7) for details.
Note: not available on all architectures.
option KTRACE
Adds hooks for the system call tracing facility, which allows users to
watch the system call invocation behavior of processes. See ktrace(1)
for details.
option NO_PROPOLICE
Do not compile the kernel with the ProPolice stack protection. See
gcc-local(1) for more information about ProPolice.
option PTRACE
Adds hooks for the process tracing facility, allowing a process to
control and observe another process. See ptrace(2) for details.
option RAIDDEBUG
Be verbose on what RAIDframe does. See raid(4) for details.
option SMALL_KERNEL
Removes some features and some optimizations from the kernel to reduce
the size of the resulting kernel binary. This option is used on some
installation media and should not be used for general purpose kernels.
option VFSDEBUG
Turns on debugging for the Virtual File System interface. See vfs(9) for
details.
FILE SYSTEMS
option CD9660
Includes code for the ISO 9660 + Rock Ridge file system, which is the
standard file system used on many CD-ROMs. It also supports Joliet
extensions. See mount_cd9660(8) for details.
option EXT2FS
Includes code implementing the Second Extended File System (EXT2FS).
This is the most commonly used file system on the Linux operating system,
and is provided here for compatibility. Some specific features of EXT2FS
like the "behavior on errors" are not implemented. This file system
can't be used with uid_t or gid_t values greater than 65535. Also, the
filesystem will not function correctly on architectures with differing
byte-orders. That is, a big-endian machine will not be able to read an
ext2fs filesystem created on an i386 or other little-endian machine. See
mount_ext2fs(8) for details.
option FFS
Includes code implementing the Berkeley Fast File System (FFS). Most
machines need this if they are not running diskless.
option FFS2
Includes code implementing the enhanced Fast File System (FFS2).
option MFS
Include the memory file system (MFS). This file system stores files in
swappable memory, and produces notable performance improvements when it
is used as the file store for /tmp or similar mount points. See
mount_mfs(8) for details.
option MSDOSFS
Includes support for the MS-DOS FAT file system. The kernel also
implements the Windows 95 extensions which permit the use of longer,
mixed-case file names. See mount_msdos(8) and fsck_msdos(8) for details.
option NFSCLIENT
Include the client side of the NFS (Network File System) remote file
sharing protocol. Although the bulk of the code implementing NFS is
kernel based, several user level daemons are needed for it to work. See
mount_nfs(8) for details on NFS.
option NTFS
Includes support for reading NTFS file systems. Experimental and read
only. See mount_ntfs(8) for details.
option PORTAL
Includes the (experimental) portal filesystem. This permits interesting
tricks like opening TCP sockets by opening files in the file system. The
portal file system is conventionally mounted on /p and is partially
implemented by a special daemon. See mount_portal(8) for details.
option PROCFS
Includes code for a special file system (conventionally mounted on /proc)
in which the process space becomes visible in the file system. Among
other things, the memory spaces of processes running on the system are
visible as files, and signals may be sent to processes by writing to ctl
files in the procfs namespace. See mount_procfs(8) for details.
option UDF
Includes code for the UDF file systems typically found on DVD discs. See
mount_udf(8) for details.
option NNPFS
Includes the kernel support for the AFS-compatible Arla filesystem.
Since the xfs interface is simple and generic it can be used for other
filesystems as well. See mount_nnpfs(8) for details.
FILE SYSTEM OPTIONS
option BUFCACHEPERCENT=integer
Percentage of RAM to use as a file system buffer. It defaults to 5.
option EXT2FS_SYSTEM_FLAGS
This option changes the behavior of the APPEND and IMMUTABLE flags for a
file on an EXT2FS filesystem. Without this option, the superuser or
owner of the file can set and clear them. With this option, only the
superuser can set them, and they can't be cleared if the securelevel is
greater than 0. See also chflags(1).
option FFS_SOFTUPDATES
Enables a scheme that uses partial ordering of buffer cache operations to
allow metadata updates in FFS to happen asynchronously, increasing write
performance significantly. Normally, the FFS filesystem writes metadata
updates synchronously which exacts a performance penalty in favor of
filesystem integrity. With soft updates, the performance of asynchronous
writes is gained while retaining the safety of synchronous metadata
updates.
Soft updates must be enabled on a per-filesystem basis. See mount(8) for
details.
Processors with a small kernel address space, such as the sun4 and sun4c,
do not have enough kernel memory to support soft updates. Attempts to
use this option with these CPUs will cause a kernel hang or panic after a
short period of use as the kernel will quickly run out of memory. This
is not related to the amount of physical memory present in the machine --
it is a limitation of the CPU architecture itself.
option FIFO
Adds support for AT&T System V UNIX style FIFOs (i.e., ``named pipes'').
This option is recommended in almost all cases as many programs use
these.
option NFSSERVER
Include the server side of the NFS (Network File System) remote file
sharing protocol. Although the bulk of the code implementing NFS is
kernel based, several user level daemons are needed for it to work. See
mountd(8) and nfsd(8) for details.
option QUOTA
Enables kernel support for file system quotas. See quotaon(8),
edquota(8), repquota(8), and quota(1) for details. Note that quotas only
work on ``ffs'' file systems, although rpc.rquotad(8) permits them to be
accessed over NFS.
option UFS_DIRHASH
This option enables using an in memory hash table to speed lookups in
large directories.
MISCELLANEOUS OPTIONS
option APERTURE
Provide in-kernel support for controlling VGA framebuffer mapping and PCI
configuration registers by user-processes (such as an X Window System
server). This option is supported on the alpha, amd64, i386, macppc, and
sparc64 architectures.
option BOOT_CONFIG
Adds support for the -c boot option (User Kernel Config). Allows
modification of kernel settings (e.g., device parameters) before booting
the system.
option CCDNBUF=integer
The ccd(4) device driver uses ``component buffers'' to distribute I/O
requests to the components of a concatenated disk. It keeps a freelist
of buffer headers in order to reduce use of the kernel memory allocator.
CCDNBUF is the number of buffer headers allocated on the freelist for
each component buffer. It defaults to 8.
option CRYPTO
Enables support for the kernel cryptographic framework. See crypto(9)
for details. While not IP specific, this option is usually used in
conjunction with option IPSEC.
option EISAVERBOSE
Makes the boot process more verbose for EISA peripherals.
option INSECURE
Hardwires the kernel security level at -1. This means that the system
always runs in securelevel 0 mode, even when running multiuser. See
init(8) for details on the implications of this. The kernel secure level
may be manipulated by the superuser by altering the kern.securelevel
sysctl variable. (It should be noted that the securelevel may only be
lowered by a call from process ID 1, i.e., init(8).) See also sysctl(8)
and sysctl(3).
option KMEMSTATS
The kernel memory allocator, malloc(9), will keep statistics on its
performance if this option is enabled. Note that this option is silently
turned on by the DEBUG option.
option LKM
Enables support for loadable kernel modules. See lkm(4) for details.
Note: This option is not yet available on all architectures.
option MACOBIOVERBOSE
Makes the boot process more verbose for OBIO peripherals on the macppc
architecture.
option MULTIPROCESSOR
On those architectures that have it, this enables multiprocessor support.
option PCIVERBOSE
Makes the boot process more verbose for PCI peripherals (vendor names and
other information is printed, etc.).
option PCMCIAVERBOSE
Makes the boot process more verbose for PCMCIA peripherals.
option RAID_AUTOCONFIG
Adds support for auto-configuring the RAIDframe devices during the kernel
initialization. See raid(4) and raidctl(8) for details.
option USER_LDT
Enable userland manipulation of per-process Local Descriptor Table (LDT)
entries; see i386_set_ldt(2) and the machdep.userldt sysctl(8). This
option is supported on the i386 architecture.
option USER_PCICONF
Enables the user level access to the PCI bus configuration space through
ioctls on the /dev/pci device. It's used by the Xorg(1) server on some
architectures. See pci(4) for details.
option UVM_SWAP_ENCRYPT
Enables kernel support for encrypting pages that are written out to swap
storage. Swap encryption prevents sensitive data from remaining on the
disk even after the operating system has been shut down. This option
should be turned on if cryptographic filesystems are used. The sysctl
variable vm.swapencrypt.enable controls its behaviour. See sysctl(8) and
sysctl(3) for details.
NETWORKING OPTIONS
option ALTQ
Enables ALTQ (Alternate Queuing). See pfctl(8) and pf.conf(5) to set up
the interface transmission rate and queueing disciplines. ALTQ_CBQ,
ALTQ_RED, ALTQ_PRIQ and ALTQ_HFSC are enabled by default with option ALTQ
in OpenBSD. See altq(9) for details on ALTQ.
option ALTQ_NOPCC
Disables use of processor cycle counter (e.g., Pentium TSC on i386 and
PCC on alpha) to measure time in ALTQ. This option should be defined for
a non-Pentium i386 CPU which does not have TSC, SMP (per-CPU counters are
not in sync), or power management which affects processor cycle counter.
option ALTQ_RIO
Enables ALTQ's RIO (RED with In/Out) module. The original RIO has 2 sets
of RED parameters; one for in-profile packets and the other for out-of-
profile packets. At the ingress of the network, profile meters tag
packets as IN or OUT based on contracted profiles for customers. Inside
the network, IN packets receive preferential treatment by the RIO
dropper. ALTQ/RIO has 3 drop precedence levels defined for the Assured
Forwarding PHB of DiffServ (RFC 2597).
option ENCDEBUG
This option enables debugging information to be conditionally logged in
case IPSEC encounters errors. The option IPSEC is required along with
this option. Debug logging can be turned on/off through the use of the
net.inet.ip.encdebug sysctl variable. If net.ipsec.encap.encdebug is 1,
debug logging is on. See sysctl(8) and sysctl(3) for details.
option INET
Includes support for the TCP/IP protocol stack. This option is currently
required. See inet(4) for details.
option INET6
Includes support for the IPv6 protocol stack. See inet6(4) for details.
Unlike INET, INET6 enables multicast routing code as well. This option
requires INET at this moment, but it should not.
option IPSEC
This option enables IP security protocol support. See ipsec(4) for more
details.
option KEY
Enables PFKEYv2 (RFC 2367) support. While not IP specific, this option
is usually used in conjunction with option IPSEC.
option MROUTING
Includes support for IP multicast routers. INET should be set along with
this. Multicast routing is controlled by the mrouted(8) daemon.
option ND6_DEBUG
The option sets the default value of net.inet6.icmp6.nd6_debug to 1, for
debugging IPv6 neighbor discovery protocol handling. See sysctl(3) for
details.
option NETATALK
Include kernel support for the AppleTalk family of protocols. This suite
of supporting code is sometimes called netatalk support.
option PPP_BSDCOMP
Enables BSD compressor for PPP connections.
option PPP_DEFLATE
For use in conjunction with PPP_BSDCOMP; provides an interface to zlib
for PPP for deflate compression/decompression.
option SOCKET_SPLICE
Enables zero-copy socket splicing in the kernel. See SO_SPLICE in
setsockopt(2).
option TCP_ECN
Turns on Explicit Congestion Notification (RFC 3168). ECN allows
intermediate routers to use the Congestion Experienced codepoint in the
IP header as an indication of congestion, and allows TCP to adjust the
transmission rate using this signal. Both communication endpoints
negotiate enabling ECN functionality at the TCP connection establishment.
option TCP_FACK
Turns on forward acknowledgements allowing a more precise estimate of
outstanding data during the fast recovery phase by using SACK
information. This option can only be used together with TCP_SACK.
option TCP_SACK
Turns on selective acknowledgements. Additional information about
segments already received can be transmitted back to the sender, thus
indicating segments that have been lost and allowing for a swifter
recovery. Both communication endpoints need to support SACK. The
fallback behaviour is NewReno fast recovery phase, which allows one lost
segment to be recovered per round trip time. When more than one segment
has been dropped per window, the transmission can continue without
waiting for a retransmission timeout.
option TCP_SIGNATURE
Turns on support for the TCP MD5 Signature option (RFC 2385). This is
used by Internet backbone routers to provide per-packet authentication
for the TCP packets used to communicate BGP routing information. You
will also need a routing daemon that supports this option in order to
actually use it.
OPERATION RELATED OPTIONS
option APM_NOPRINT
This option is supported on the i386 architecture. When enabled, kernel
messages regarding the status of the automatic power management system
(APM) are suppressed. APM status can still be obtained using apm(8)
and/or apmd(8).
option BUFPAGES=value
option NBUF=value
These options set the number of pages available for the buffer cache.
Their default value is a machine dependent value, often calculated as
between 5% and 10% of total available RAM.
option DST=value
If value is non-zero, indicates that the hardware realtime clock device
is one hour ahead of the offset given in `TIMEZONE', due to Daylight
Saving Time (DST). If value is zero, the hardware realtime clock device
is not in Daylight Saving Time.
option NKMEMPAGES=value
option NKMEMPAGES_MAX=value
option NKMEMPAGES_MIN=value
Size of kernel malloc area in PAGE_SIZE-sized logical pages. This area
is covered by the kernel submap kmem_map. The kernel attempts to auto-
size this map based on the amount of physical memory in the system.
Platform-specific code may place bounds on this computed size, which may
be viewed with the sysctl(8) variable vm.nkmempages. See
/usr/include/machine/param.h for the default upper and lower bounds. The
related options `NKMEMPAGES_MIN' and `NKMEMPAGES_MAX' allow the bounds to
be overridden in the kernel configuration file. These options are
provided in the event the computed value is insufficient resulting in an
``out of space in kmem_map'' panic.
option "TIMEZONE=value"
value indicates the time zone offset of the hardware realtime clock
device, in minutes, from UTC. It is useful when the hardware realtime
clock device is configured with local time, when dual-booting OpenBSD
with other operating systems on a single machine. For instance, if the
hardware realtime clock is set to Tokyo time, value should be -540 as
Tokyo local time is 9 hours ahead of UTC. Double quotes are needed when
specifying a negative value.
SCSI SUBSYSTEM OPTIONS
option SCSI_DELAY=value
Delay for value seconds before starting to probe the first SCSI bus.
This can be used if a SCSI device needs extra time to get ready.
option SCSIDEBUG
Enable printing of SCSI subsystem debugging info to the console. Each of
SCSIDEBUG_LEVEL, SCSIDEBUG_BUSES, SCSIDEBUG_TARGETS and SCSIDEBUG_LUNS
must have non-zero values for any debugging info to be printed. Only
SCSIDEBUG_LEVEL
option SCSIDEBUG_BUSES=value
Define which SCSI buses will print debug info. Each bit enables
debugging info for the corresponding bus. e.g. a value of 0x1 enables
debug info for bus 0. has a default value that is non-zero.
option SCSIDEBUG_LEVEL=value
Define which of the four levels of debugging info are printed. Each bit
enables a level, and multiple levels are specified by setting multiple
bits.
0x0010 (SDEV_DB1) SCSI commands, errors, and data
0x0020 (SDEV_DB2) routine flow
0x0040 (SDEV_DB3) routine internals
0x0080 (SDEV_DB4) miscellaneous addition debugging
If SCSIDEBUG_LEVEL is undefined, a value of 0x0030 (SDEV_DB1|SDEV_DB2) is
used.
option SCSIDEBUG_LUNS=value
Define which SCSI luns will print debug info. Each bit enables debugging
info for the corresponding lun.
option SCSIDEBUG_TARGETS=value
Define which SCSI targets will print debug info. Each bit enables
debugging info for the corresponding target.
option SCSITERSE
Terser SCSI error messages. This omits the table for decoding ASC/ASCQ
info, saving about 30KB.
SYSTEM V IPC OPTIONS
option SEMMNI=value
Number of semaphore identifiers (also called semaphore handles and
semaphore sets) available in the system. Default value is 10. The
kernel allocates memory for the control structures at startup, so
arbitrarily large values should be avoided.
option SEMMNS=value
Maximum number of semaphores in all sets in the system. Default value is
60.
option SEMMNU=value
Maximum number of semaphore undo structures in the system. Default value
is 30.
option SEMUME=value
Maximum number of per-process undo operation entries in the system.
Semaphore undo operations are invoked by the kernel when semop(2) is
called with the SEM_UNDO flag and the process holding the semaphores
terminates unexpectedly. Default value is 10.
option SHMMAXPGS=value
Sets the maximum number of AT&T System V UNIX style shared memory pages
that are available through the shmget(2) system call. Default value is
1024 on most architectures. See /usr/include/machine/vmparam.h for the
default.
option SYSVMSG
Includes support for AT&T System V UNIX style message queues. See
msgctl(2), msgget(2), msgrcv(2), msgsnd(2).
option SYSVSEM
Includes support for AT&T System V UNIX style semaphores. See semctl(2),
semget(2), semop(2).
option SYSVSHM
Includes support for AT&T System V UNIX style shared memory. See
shmat(2), shmctl(2), shmdt(2), shmget(2).
SEE ALSOintro(4), files.conf(5), config(8), sysctl(8)HISTORY
The options man page first appeared in OpenBSD 2.3.
BUGS
The INET option should not be required.
OpenBSD 4.9 January 31, 2011 OpenBSD 4.9