options
—
Miscellaneous kernel configuration options
cinclude ...
config ...
[no] file-system ...
ident ...
include ...
[no] makeoptions ...
maxusers ...
[no] options ...
[no] pseudo-device ...
This manual page describes a number of miscellaneous kernel configuration
options that may be specified in a kernel config file. See
config(1) and
config(5) for information on how
to configure and build kernels.
The no form removes a previously specified
option.
The following keywords are recognized in a kernel configuration file:
- cinclude
“filename”
- Conditionally includes another kernel configuration file whose name is
filename, which may be double-quoted and may be an
explicit path or relative to the kernel source directory. Failure to open
the named file is ignored.
- config exec_name
root on rootdev [type
fstype] [dumps on dumpdev]
- Defines a configuration whose kernel executable is named
exec_name, normally “netbsd”, with its
root file system of type fstype on the device
rootdev, and optionally specifying the location of
kernel core dumps on the device dumpdev.
dev or dumpdev and
fstype may be specified as “?”, which
is a wild card. The root fstype and
dumpdev are optional and assumed to be wild carded
if they are not specified.
- device_instance at
attachment [locators value
[...]] [flags value]
- Define an instance of the device driver
device_instance that attaches to the bus or device
named attachment. An
attachment may require additional information on
where the device can be found, such as an address, channel, function,
offset, and/or slot, referred to as locators, whose
value often may be a wild card, “?”.
Some device drivers have one or more flags that can
be adjusted to affect the way they operate.
- file-system fs_name [,
fs_name [...]]
- Include support for the file-system fs_name.
- ident “string”
- Sets the kernel identification string to
string.
- include
“filename”
- Functions the same as cinclude, except failure to
open filename produces a fatal error.
- makeoptions name=value
- Defines a make(1) macro
name with the value value in
the kernel Makefile.
- maxusers integer
- Set the maxusers variable in the kernel.
- no keyword
name [arguments [...]]
- For the config(1)
keywords file-system, makeoptions, options, and
pseudo-device, no removes the file-system,
makeoption, options, or pseudo-device, name. This is
useful when a kernel configuration file includes another which has
undesired options.
For example, a local configuration file that wanted the
kitchen sink, but not COMPAT_09 or bridging, might be:
include "arch/i386/conf/GENERIC"
no options COMPAT_09
no pseudo-device bridge
- options option_name [,
option_name=value [...]]
- Specifies (or sets) the option, or comma-separated list of options,
option_name. Some options expect to be assigned a
value, which may be an integer, a double-quoted word, a bare word, or an
empty string (“”). Note that those are eventually handled by
the C compiler, so the rules of that language apply.
Note: Options that are not defined by device
definition files are passed to the compile process as
-D
flags to the C compiler.
- pseudo-device name
[N]
- Includes support for the pseudo-device name. Some
pseudo-devices can have multiple or N
instances.
Note that compatibility options for older NetBSD
releases includes support for newer releases as well. This means that
typically only one of these is necessary, with the
COMPAT_09
option enabling all
NetBSD compatibility. This does not include the
COMPAT_43
or COMPAT_44
options.
options COMPAT_09
- Enable binary compatibility with NetBSD 0.9. This
enables support for 16-bit user, group, and process IDs (following
revisions support 32-bit identifiers). It also allows the use of the
deprecated
getdomainname(3),
setdomainname(3), and
uname(3) syscalls. This
option also allows using numeric file system identifiers rather than
strings. Post NetBSD 0.9 versions use string
identifiers.
options COMPAT_10
- Enable binary compatibility with NetBSD 1.0. This
option allows the use of the file system name of “ufs” as an
alias for “ffs”. The name “ffs” should be used
post 1.0 in /etc/fstab and other files. It also
adds old syscalls for the AT&T System V
UNIX shared memory interface. This was changed post 1.0 to work on
64-bit architectures. This option also enables “sgtty”
compatibility, without which programs using the old interface produce an
“inappropriate ioctl” error, and
/dev/io only works when this option is set in the
kernel, see io(4) on ports that
support it.
options COMPAT_11
- Enable binary compatibility with NetBSD 1.1. This
allows binaries running on the i386 port to gain direct access to the io
ports by opening /dev/io read/write. This
functionality was replaced by
i386_iopl(2) post 1.1. On
the Atari port, the location of the disk label was moved after 1.1. When
the COMPAT_11 option is set, the kernel will read (pre)
1.1 style disk labels as a last resort. When a disk label is re-written,
the old style label will be replaced with a post 1.1 style label. This
also enables the EXEC_ELF_NOTELESS option.
options COMPAT_12
- Enable binary compatibility with NetBSD 1.2. This
allows the use of old syscalls for
reboot
() and
swapon
(). The syscall numbers were changed post
1.2 to add functionality to the
reboot(2) syscall, and the
new swapctl(2) interface
was introduced. This also enables the EXEC_ELF_NOTELESS
option.
options COMPAT_13
- Enable binary compatibility with NetBSD 1.3. This
allows the use of old syscalls for
sigaltstack
(),
and also enables the old
swapctl(2) command
SWAP_STATS
(now called
SWAP_OSTATS
), which does not include the
se_path member of struct
swapent.
options COMPAT_14
- Enable binary compatibility with NetBSD 1.4. This
allows some old ioctl(2) on
wscons(4) to be performed,
and allows the
NFSSVC_BIOD
mode of the
nfssvc(2) system call to be
used for compatibility with the deprecated nfsiod program.
options COMPAT_15
- Enable binary compatibility with NetBSD 1.5. Since
there were no API changes from NetBSD 1.5 and
NetBSD 1.6, this option does nothing.
options COMPAT_16
- Enable binary compatibility with NetBSD 1.6. This
allows the use of old signal trampoline code which has been deprecated
with the addition of
siginfo(2).
options COMPAT_20
- Enable binary compatibility with NetBSD 2.0. This
allows the use of old syscalls for
statfs
(),
fstatfs
(), getfsstat
() and
fhstatfs
(), which have been deprecated with the
addition of the statvfs(2),
fstatvfs(2),
getvfsstat(2) and
fhstatvfs(2) system
calls.
options COMPAT_30
- Enable binary compatibility with NetBSD 3.0. See
compat_30(8) for details
about the changes made after the NetBSD 3.0
release.
options COMPAT_40
- Enable binary compatibility with NetBSD 4.0. This
allows the use of old
ptrace(2) calls for the SH3
platform. It also enables the old
mount(2) system call that did
not include the data length parameter. The power_event_t structure's
pev_switch is filled in.
options COMPAT_43
- Enables compatibility with 4.3BSD. This adds an
old syscall for lseek(2). It
also adds the ioctls for
TIOCGETP
and
TIOCSETP
. The return values for
getpid(2),
getgid(2), and
getuid(2) syscalls are
modified as well, to return the parent's PID and UID as well as the
current process's. It also enables the deprecated
NTTYDISC
terminal line discipline. It also
provides backwards compatibility with “old”
SIOC[GS]IF{ADDR,DSTADDR,BRDADDR,NETMASK} interface ioctls, including
binary compatibility with code written before the introduction of the
sa_len field in sockaddrs. It also enables support for some older pre
4.4BSD socket calls.
options COMPAT_50
- Enable binary compatibility with NetBSD 5.0. This
enables support for the old time_t and
dev_t types as 32 bit, and all the associated kernel
interface changes. It also enables old
gpio(4) and
rnd(4) interfaces.
options COMPAT_60
- Enable binary compatibility with NetBSD 6.0. This
provides old ccd(4) interfaces,
enables support for old
cpuctl(8) microcode
interfaces, and support for the old ptmget
structure.
options COMPAT_70
- Enable binary compatibility with NetBSD 7.0. This
provides support for old
route(4) interfaces.
options COMPAT_BSDPTY
- This option is currently on by default and enables the pty multiplexer
ptm(4) and
ptmx(4) to find and use ptys
named /dev/ptyXX (master) and
/dev/ttyXX (slave). Eventually this option will
become optional as ptyfs based pseudo-ttys become the default, see
mount_ptyfs(8).
options COMPAT_LINUX
- On those architectures that support it, this enables binary compatibility
with Linux ELF and a.out(5)
applications built for the same architecture. This currently includes the
alpha, arm, i386, m68k, mips, powerpc and x86_64 ports.
options COMPAT_LINUX32
- On those 64 bit architectures that support it, this enables binary
compatibility with 32 bit Linux binaries. For now this is limited to
running i386 ELF Linux binaries on amd64.
options COMPAT_SUNOS
- On those architectures that support it, this enables binary compatibility
with SunOS 4.1 applications built for the same architecture. This
currently includes the sparc, sparc64 and most or all m68k ports. Note
that the sparc64 requires the COMPAT_NETBSD32 option for
64-bit kernels, in addition to this option.
options COMPAT_ULTRIX
- On those architectures that support it, this enables binary compatibility
with ULTRIX applications built for the same architecture. This currently
is limited to the pmax. The functionality of this option is unknown.
options COMPAT_FREEBSD
- On those architectures that support it, this enables binary compatibility
with FreeBSD applications built for the same
architecture. At the moment this is limited to the i386 port.
options COMPAT_NOMID
- Enable compatibility with
a.out(5) executables that
lack a machine ID. This includes NetBSD 0.8's
ZMAGIC format, and 386BSD and BSDI's QMAGIC, NMAGIC, and OMAGIC
a.out(5) formats.
options COMPAT_NETBSD32
- On those architectures that support it, this enables binary compatibility
with 32-bit applications built for the same architecture. This is
currently limited to the amd64 and sparc64 ports, and only applicable for
64-bit kernels.
options COMPAT_AOUT_M68K
- On m68k architectures which have switched to ELF, this enables binary
compatibility with NetBSD/m68k
a.out(5) executables on
NetBSD/m68k ELF kernels. This handles alignment
incompatibility of m68k ABI between a.out and ELF which causes the
structure padding differences. Currently only some system calls which use
struct stat are adjusted and some binaries which use
sysctl(3) to retrieve
network details would not work properly.
options EMUL_NATIVEROOT=string
- Just like emulated binaries first try looking up files in an emulation
root (e.g. /emul/linux) before looking them up in
real root, this option causes native binaries to first look up files in an
"emulation" directory too. This can be useful to test an amd64
kernel on top of an i386 system before full migration: by unpacking the
amd64 distribution in e.g. /emul/netbsd64 and
specifying that location as
EMUL_NATIVEROOT
,
native amd64 binaries can be run while the root file system remains
populated with i386 binaries. Beware of /dev
incompatibilities between i386 and amd64 if you do this.
options EXEC_ELF_NOTELESS
- Run unidentified ELF binaries as NetBSD binaries.
This might be needed for very old NetBSD ELF
binaries on some archs. These old binaries didn't contain an appropriate
.note.netbsd.ident
section, and thus can't be
identified by the kernel as NetBSD binaries
otherwise. Beware - if this option is on, the kernel would run
any unknown ELF binaries as if they were
NetBSD binaries.
options DDB
- Compiles in a kernel debugger for diagnosing kernel problems. See
ddb(4) for details.
NOTE: not available on all architectures.
options DDB_FROMCONSOLE=integer
- If set to non-zero, DDB may be entered by sending a break on a serial
console or by a special key sequence on a graphics console. A value of
"0" ignores console breaks or key sequences. If not explicitly
specified, the default value is "1". Note that this sets the
value of the ddb.fromconsole
sysctl(3) variable which may
be changed at run time — see
sysctl(8) for details.
options DDB_HISTORY_SIZE=integer
- If this is non-zero, enable history editing in the kernel debugger and set
the size of the history to this value.
options DDB_ONPANIC
- The default if not specified is “1” - just enter into DDB.
If set to “0” the kernel will attempt to print out a stack
trace and reboot the system. If set to “-1” then neither a
stack trace is printed or DDB entered - it is as if DDB were not compiled
into the kernel. Note that this sets the value of the
ddb.onpanic
sysctl(3) variable which may
be changed at run time — see
sysctl(8) for details.
options DDB_COMMANDONENTER=string
- This option specify commands which will be executed on each entry to DDB.
This sets the default value of the ddb.commandonenter
sysctl(3) variable which may
be changed at run time.
options DDB_BREAK_CHAR=integer
- This option overrides using break to enter the kernel debugger on the
serial console. The value given is the ASCII value to be used instead.
This is currently only supported by the com driver.
options DDB_VERBOSE_HELP
- This option adds more verbose descriptions to the help
command.
options DDB_PANICSTACKFRAMES=integer
- Number of stack frames to display on panic. Useful to avoid scrolling away
the interesting frames on a glass tty. Default value is
65535
(all frames), useful value around
10
.
options KGDB
- Compiles in a remote kernel debugger stub for diagnosing kernel problems
using the “remote target” feature of gdb. See
gdb(1) for details.
NOTE: not available on all architectures.
options KGDB_DEV
- Device number (as a
dev_t
) of kgdb device.
options KGDB_DEVADDR
- Memory address of kgdb device.
options KGDB_DEVMODE
- Permissions of kgdb device.
options KGDB_DEVNAME
- Device name of kgdb device.
options KGDB_DEVRATE
- Baud rate of kgdb device.
makeoptions DEBUG="-g"
- The
-g
flag causes
netbsd.gdb to be built in addition to
netbsd. netbsd.gdb is
useful for debugging kernel crash dumps with gdb. See
gdb(1) for details.
options DEBUG
- Turns on miscellaneous kernel debugging. Since options are turned into
preprocessor defines (see above), options DEBUG is
equivalent to doing a #define DEBUG throughout the
kernel. Much of the kernel has #ifdef DEBUG
conditionalized debugging code. Note that many parts of the kernel
(typically device drivers) include their own #ifdef
XXX_DEBUG conditionals instead. This option also turns on certain
other options, which may decrease system performance. Systems with this
option are not suitable for regular use, and are intended only for
debugging or looking for bugs.
options DIAGNOSTIC
- Adds code to the kernel that does internal consistency checks. This code
will cause the kernel to panic if corruption of internal data structures
is detected. Historically, the performance degradation is sufficiently
small that it is reasonable for systems with options
DIAGNOSTIC to be in production use, with the real consideration not
being performance but instead a preference for more panics versus
continued operation with undetected problems.
options LOCKDEBUG
- Adds code to the kernel to detect incorrect use of locking primitives
(mutex, rwlock). This code will cause the kernel to check for dead lock
conditions. It will also check for memory being freed to not contain
initialised lock primitives. Functions for use in
ddb(4) to check lock chains
etc. are also enabled. These checks are very expensive and can decrease
performance on multi-processor machines by a factor of three.
options KDTRACE_HOOKS
- Adds hooks for the DTrace tracing facility, which allows users to analyze
many aspects of system and application behavior. See
dtrace(1) for details.
options KSTACK_CHECK_MAGIC
- Check kernel stack usage and panic if stack overflow is detected. This
check is performance sensitive because it scans stack on each context
switch.
options KTRACE
- Add hooks for the system call tracing facility, which allows users to
watch the system call invocation behavior of processes. See
ktrace(1) for details.
options MSGBUFSIZE=integer
- This option sets the size of the kernel message buffer. This buffer holds
the kernel output of
printf
() when not (yet) read
by syslogd(8). This is
particularly useful when the system has crashed and you wish to lookup the
kernel output from just before the crash. Also, since the autoconfig
output becomes more and more verbose, it sometimes happens that the
message buffer overflows before
syslogd(8) was able to read
it. Note that not all systems are capable of obtaining a variable sized
message buffer. There are also some systems on which memory contents are
not preserved across reboots.
options KERNHIST
- Enables the kernel history logs, which create in-memory traces of various
kernel activities. These logs can be displayed by using
show kernhist
from DDB. See the kernel source file
sys/kern/kern_history.c and the
kernhist(9) manual for
details.
options KERNHIST_PRINT
- Prints the kernel history logs on the system console as entries are added.
Note that the output is extremely voluminous, so this
option is really only useful for debugging the very earliest parts of
kernel initialization.
options UVMHIST
- Like KERNHIST, it enables the UVM history logs. These
logs can be displayed by using
show kernhist
from
DDB. See the kernel source file sys/uvm/uvm_stat.c
for details.
options UVMHIST_PRINT
- Like UVMHIST, it prints the UVM history logs on the
system console as entries are added. Note that the output is
extremely voluminous, so this option is really only
useful for debugging the very earliest parts of kernel
initialization.
options UVMHIST_MAPHIST_SIZE
- Set the size of the “maphist” kernel history. The default is
100. This option depends upon the UVMHIST option.
options UVMHIST_PDHIST_SIZE
- Set the size of the “pdhist” kernel history. The default is
100. This option depends upon the UVMHIST option.
options BIOHIST
- Like KERNHIST, it enables the BIO history logs. These
logs can be displayed by using
show kernhist
from
DDB, and can help in debugging problems with Buffered I/O operations. See
the kernel source file sys/kern/vfs_vio.c for
details.
options BIOHIST_PRINT
- Like BIOHIST, it prints the BIO history logs on the
system console as entries are added. Note that the output is
extremely voluminous, so this option is really only
useful for debugging the very earliest parts of kernel
initialization.
options BIOHIST_SIZE
- Set the size of the “biohist” kernel history. The default is
500. This option depends upon the BIOHIST option.
file-system FFS
- Includes code implementing the Berkeley Fast File System
(FFS). Most machines need this if they are not running
diskless.
file-system EXT2FS
- Includes code implementing the Second Extended File System
(ext2), revision 0 and revision 1 with the
filetype, sparse_super and
large_file options. This is the most commonly used file
system on the Linux operating system, and is provided here for
compatibility. Some of the specific features of ext2
like the "behavior on errors" are not implemented. See
mount_ext2fs(8) for
details.
file-system LFS
- [EXPERIMENTAL] Include the Log-structured File System
(LFS). See
mount_lfs(8) and
newfs_lfs(8) for
details.
file-system MFS
- Include the Memory File System (MFS). This file system
stores files in swappable memory, and produces notable performance
improvements when it is used as the file store for
/tmp and similar file systems. See
mount_mfs(8) for
details.
file-system NFS
- Include the client side of the Network File System (NFS) remote file
sharing protocol. Although the bulk of the code implementing NFS is kernel
based, several user level daemons are needed for it to work. See
mount_nfs(8) for
details.
file-system CD9660
- Includes code for the ISO 9660 + Rock Ridge file system, which is the
standard file system on many CD-ROM discs. Useful primarily if you have a
CD-ROM drive. See
mount_cd9660(8) for
details.
file-system MSDOSFS
- Includes the MS-DOS FAT file system, which is reportedly still used by
unfortunate people who have not heard about
NetBSD. Also implements the Windows 95 extensions
to the same, which permit the use of longer, mixed case file names. See
mount_msdos(8) and
fsck_msdos(8) for
details.
file-system NTFS
- [EXPERIMENTAL] Includes code for the Microsoft Windows
NT file system. See
mount_ntfs(8) for
details.
file-system FDESC
- Includes code for a file system, conventionally mounted on
/dev/fd, which permits access to the per-process
file descriptor space via special files in the file system. See
mount_fdesc(8) for
details. Note that this facility is redundant, and thus unneeded on most
NetBSD systems, since the
fd(4) pseudo-device driver
already provides identical functionality. On most
NetBSD systems, instances of
fd(4) are mknoded under
/dev/fd/ and on
/dev/stdin, /dev/stdout,
and /dev/stderr.
file-system KERNFS
- Includes code which permits the mounting of a special file system
(normally mounted on /kern) in which files
representing various kernel variables and parameters may be found. See
mount_kernfs(8) for
details.
file-system NULLFS
- Includes code for a loopback file system. This permits portions of the
file hierarchy to be re-mounted in other places. The code really exists to
provide an example of a stackable file system layer. See
mount_null(8) for
details.
file-system OVERLAY
- Includes code for a file system filter. This permits the overlay file
system to intercept all access to an underlying file system. This file
system is intended to serve as an example of a stacking file system which
has a need to interpose itself between an underlying file system and all
other access. See
mount_overlay(8) for
details.
file-system PROCFS
- Includes code for a special file system (conventionally mounted on
/proc) in which the process space becomes visible
in the file system. Among other things, the memory spaces of processes
running on the system are visible as files, and signals may be sent to
processes by writing to ctl files in the procfs
namespace. See
mount_procfs(8) for
details.
file-system UDF
- [EXPERIMENTAL] Includes code for the UDF file system
commonly found on CD and DVD media but also on USB sticks. Currently
supports read and write access upto UDF 2.01 and somewhat limited write
support for UDF 2.50. It is marked experimental since there is no
fsck_udf(8). See
mount_udf(8) for
details.
file-system UMAPFS
- Includes a loopback file system in which user and group IDs may be
remapped — this can be useful when mounting alien file systems with
different UIDs and GIDs than the local system. See
mount_umap(8) for
details.
file-system UNION
- [EXPERIMENTAL] Includes code for the union file system,
which permits directories to be mounted on top of each other in such a way
that both file systems remain visible — this permits tricks like
allowing writing (and the deleting of files) on a read-only file system
like a CD-ROM by mounting a local writable file system on top of the
read-only file system. See
mount_union(8) for
details.
file-system CODA
- [EXPERIMENTAL] Includes code for the Coda file system.
Coda is a distributed file system like NFS and AFS. It is freely
available, like NFS, but it functions much like AFS in being a
“stateful” file system. Both Coda and AFS cache files on
your local machine to improve performance. Then Coda goes a step further
than AFS by letting you access the cached files when there is no available
network, viz. disconnected laptops and network outages. In Coda, both the
client and server are outside the kernel which makes them easier to
experiment with. Coda is available for several UNIX and non-UNIX
platforms. See
http://www.coda.cs.cmu.edu
for more details. NOTE: You also need to enable the
pseudo-device, vcoda, for the Coda file system to work.
file-system SMBFS
- [EXPERIMENTAL] Includes code for the SMB/CIFS file
system. See
mount_smbfs(8) for
details. NOTE: You also need to enable the
pseudo-device, nsmb, for the SMB file system to work.
file-system PTYFS
- Includes code for a special file system (normally mounted on
/dev/pts) in which pseudo-terminal slave devices
become visible in the file system. See
mount_ptyfs(8) for
details.
file-system TMPFS
- Includes code for the efficient memory file system, normally used over
/tmp. See
mount_tmpfs(8) for
details.
file-system PUFFS
- Includes kernel support for the pass-to-userspace framework file system.
It can be used to implement file system functionality in userspace. See
puffs(3) for more details.
This enables for example sshfs:
mount_psshfs(8).
options DISKLABEL_EI
- Enable “Endian-Independent”
disklabel(5) support.
This allows a system to recognize a disklabel written in the other byte
order. For writing, when a label already exists, its byte order is
preserved. Otherwise, a new label is written in the native byte order. To
specify the byte order explicitly, the
-F
option
of disklabel(8) should be
used with the -B
option in order to avoid using
ioctl(2), which results in
the default behavior explained above. At the moment this option is
restricted to the following ports: amd64, bebox, emips, epoc32, evbarm,
i386, ibmnws, landisk, mvmeppc, prep, rs6000, sandpoint, xen, and zaurus;
also to machines of the evbmips and evbppc ports that support Master Boot
Record (MBR).
options MAGICLINKS
- Enables the expansion of special strings (beginning with
“@”) when traversing symbolic links. See
symlink(7) for a list of
supported strings. Note that this option only controls the enabling of
this feature by the kernel at boot-up. This feature can still be
manipulated with the
sysctl(8) command regardless
of the setting of this option.
options NFSSERVER
- Include the server side of the NFS (Network File System)
remote file sharing protocol. Although the bulk of the code implementing
NFS is kernel based, several user level daemons are
needed for it to work. See
mountd(8) and
nfsd(8) for details.
options NVNODE=integer
- This option sets the size of the cache used by the name-to-inode
translation routines, (a.k.a. the
namei
() cache,
though called by many other names in the kernel source). By default, this
cache has (NPROC + NTEXT + 100
) entries (NPROC set
as 20 + 16 * MAXUSERS and NTEXT as 80 + NPROC / 8). A reasonable way to
derive a value of NVNODE
, should you notice a
large number of namei cache misses with a tool such as
systat(1), is to examine
your system's current computed value with
sysctl(8), (which calls this
parameter "kern.maxvnodes") and to increase this value until
either the namei cache hit rate improves or it is determined that your
system does not benefit substantially from an increase in the size of the
namei cache.
options NAMECACHE_ENTER_REVERSE
- Causes the namei cache to always enter a reverse mapping (vnode ->
name) as well as a normal one. Normally, this is already done for
directory vnodes, to speed up the getcwd operation. This option will cause
longer hash chains in the reverse cache, and thus slow down getcwd
somewhat. However, it does make vnode -> path translations possible in
some cases. For now, only useful if strict
/proc/#/maps emulation for Linux binaries is
required.
options APPLE_UFS
- Enable support for UFS file systems created on Mac OS X.
options FFS_EI
- Enable “Endian-Independent” FFS support. This allows a
system to mount an FFS file system created for another architecture, at a
small performance cost for all FFS file systems. See also
newfs(8),
fsck_ffs(8),
dumpfs(8) for file system
byte order status and manipulation.
options FFS_NO_SNAPSHOT
- Disable support for the creation of file system internal snapshot of FFS
file systems. Maybe useful for install media kernels, small memory systems
and embedded systems which don't require the snapshot support.
options QUOTA
- Enables kernel support for traditional quotas in FFS. Traditional quotas
store the quota information in external files and require
quotacheck(8) and
quotaon(8) at boot time.
Traditional quotas are limited to 32-bit sizes and are at this point
considered a legacy feature.
options QUOTA2
- Enables kernel support for in-volume quotas in FFS. The quota information
is file system metadata maintained by
fsck(8) and/or WAPBL
journaling. MFS volumes can also use
QUOTA2
quotas; see mount_mfs(8)
for more information.
options UFS_DIRHASH
- Increase lookup performance by maintaining in-core hash tables for large
directories.
options UFS_EXTATTR
- Enable extended attribute support for UFS1 file systems.
options WAPBL
- Enable “Write Ahead Physical Block Logging file system
journaling”. This provides rapid file system consistency checking
after a system outage. It also provides better general use performance
over regular FFS. See also
wapbl(4).
options LFS_EI
- Enable “Endian-Independent” LFS support. This allows (at a
small performance cost) mounting an LFS file system created for another
architecture.
options LFS_DIRHASH
- Increase lookup performance by maintaining in-core hash tables for large
directories.
options EXT2FS_SYSTEM_FLAGS
- This option changes the behavior of the APPEND and IMMUTABLE flags for a
file on an ext2 file system. Without this option, the
superuser or owner of the file can set and clear them. With this option,
only the superuser can set them, and they can't be cleared if the
securelevel is greater than 0. See also
chflags(1) and
secmodel_securelevel(9).
options NFS_BOOT_BOOTP
- Enable use of the BOOTP protocol (RFCs 951 and 1048) to get configuration
information if NFS is used to mount the root file system. See
diskless(8) for
details.
options NFS_BOOT_BOOTSTATIC
- Enable use of static values defined as
“NFS_BOOTSTATIC_MYIP”, “NFS_BOOTSTATIC_GWIP”,
“NFS_BOOTSTATIC_SERVADDR”, and
“NFS_BOOTSTATIC_SERVER” in kernel options to get
configuration information if NFS is used to mount the root file
system.
options NFS_BOOT_DHCP
- Same as “NFS_BOOT_BOOTP”, but use the DHCP extensions to the
BOOTP protocol (RFC 1541).
options NFS_BOOT_BOOTP_REQFILE
- Specifies the string sent in the bp_file field of the BOOTP/DHCP request
packet.
options NFS_BOOT_BOOTPARAM
- Enable use of the BOOTPARAM protocol, consisting of RARP and BOOTPARAM
RPC, to get configuration information if NFS is used to mount the root
file system. See
diskless(8) for
details.
options NFS_BOOT_RWSIZE=value
- Set the initial NFS read and write sizes for diskless-boot requests. The
normal default is 8Kbytes. This option provides a way to lower the value
(e.g., to 1024 bytes) as a workaround for buggy network interface cards or
boot PROMs. Once booted, the read and write request sizes can be increased
by remounting the file system. See
mount_nfs(8) for
details.
options NFS_V2_ONLY
- Reduce the size of the NFS client code by omitting code that's only
required for NFSv3 and NQNFS support, leaving only that code required to
use NFSv2 servers.
options NFS_BOOT_TCP
- Use NFS over TCP instead of the default UDP, for mounting root.
The following options enable alternative buffer queue strategies.
options BUFQ_READPRIO
- Enable alternate buffer queue strategy for disk I/O. In the default
strategy, outstanding disk requests are ordered by sector number and sent
to the disk, regardless of whether the operation is a read or write; this
option gives priority to issuing read requests over write requests.
Although requests may therefore be issued out of sector-order, causing
more seeks and thus lower overall throughput, interactive system
responsiveness under heavy disk I/O load may be improved, as processes
blocking on disk reads are serviced sooner (file writes typically don't
cause applications to block). The performance effect varies greatly
depending on the hardware, drive firmware, file system configuration,
workload, and desired performance trade-off. Systems using drive
write-cache (most modern IDE disks, by default) are unlikely to benefit
and may well suffer; such disks acknowledge writes very quickly, and
optimize them internally according to physical layout. Giving these disks
as many requests to work with as possible (the standard strategy) will
typically produce the best results, especially if the drive has a large
cache; the drive will silently complete writes from cache as it seeks for
reads. Disks that support a large number of concurrent tagged requests
(SCSI disks and many hardware RAID controllers) expose this internal
scheduling with tagged responses, and don't block for reads; such disks
may not see a noticeable difference with either strategy. However, if IDE
disks are run with write-cache disabled for safety, writes are not
acknowledged until actually completed, and only one request can be
outstanding; a large number of small writes in one locality can keep the
disk busy, starving reads elsewhere on the disk. Such systems are likely
to see the most benefit from this option. Finally, the performance
interaction of this option with ffs soft dependencies can be subtle, as
that mechanism can drastically alter the workload for file system metadata
writes.
options BUFQ_PRIOCSCAN
- Enable another buffer queue strategy for disk I/O, per-priority cyclical
scan.
options NEW_BUFQ_STRATEGY
- Synonym of BUFQ_READPRIO.
options CPU_UCODE
- Support cpu microcode loading via
cpuctl(8).
options MEMORY_DISK_DYNAMIC
- This option makes the md(4) RAM
disk size dynamically sized. It is incompatible with
mdsetimage(8).
options MEMORY_DISK_HOOKS
- This option allows for some machine dependent functions to be called when
the md(4) RAM disk driver is
configured. This can result in automatically loading a RAM disk from
floppy on open (among other things).
options MEMORY_DISK_IS_ROOT
- Forces the md(4) RAM disk to be
the root device. This can only be overridden when the kernel is booted in
the 'ask-for-root' mode.
options MEMORY_DISK_ROOT_SIZE=integer
- Allocates the given number of 512 byte blocks as memory for the
md(4) RAM disk, to be populated
with mdsetimage(8).
options MEMORY_DISK_SERVER=0
- Do not include the interface to a userland memory disk server process. Per
default, this option is set to 1, including the support code. Useful for
install media kernels.
options MEMORY_DISK_RBFLAGS=value
- This option sets the
reboot(2) flags used when
booting with a memory disk as root file system. Possible values include
RB_AUTOBOOT
(boot in the usual fashion - default
value), and RB_SINGLE
(boot in single-user
mode).
options MODULAR
- Enables the framework for kernel modules (see
module(7)).
options MODULAR_DEFAULT_AUTOLOAD
- Enables the autoloading of kernel modules by default. This sets the
default value of the kern.module.autoload
sysctl(3) variable which may
be changed at run time.
options VND_COMPRESSION
- Enables the vnd(4) driver to
also handle compressed images. See
vndcompress(1),
vnd(4) and
vnconfig(8) for more
information.
options SELFRELOC
- Make the kernel able to self relocate at bootstrap, so that it can run
whatever its load address is. This is intented to be used withe the
reloc
boostrap command documented in
x86/boot(8), to workaround
UEFI bugs, and is only available on amd64.
options SPLDEBUG
- Help the kernel programmer find bugs related to the interrupt priority
level. When
spllower
() or
splraise
() changes the current CPU's interrupt
priority level to or from IPL_HIGH
, record a
backtrace. Read
i386/return_address(9)
for caveats about collecting backtraces. This feature is experimental, and
it is only available on i386. See
sys/kern/subr_spldebug.c.
options TFTPROOT
- Download the root memory disk through TFTP at root mount time. This
enables the use of a root RAM disk without requiring it to be embedded in
the kernel using
mdsetimage(8). The RAM
disk name is obtained using DHCP's filename parameter. This option
requires MEMORY_DISK_HOOKS,
MEMORY_DISK_DYNAMIC, and
MEMORY_DISK_IS_ROOT. It is incompatible with
MEMORY_DISK_ROOT_SIZE.
options HZ=integer
- On ports that support it, set the system clock frequency (see
hz(9)) to the supplied value.
Handle with care.
options NTP
- Turns on in-kernel precision timekeeping support used by software
implementing NTP (Network Time Protocol, RFC 1305). The
NTP option adds an in-kernel Phase-Locked Loop (PLL) for
normal NTP operation, and a Frequency-Locked Loop (FLL)
for intermittently-connected operation.
ntpd(8) will employ a
user-level PLL when kernel support is unavailable, but the in-kernel
version has lower latency and more precision, and so typically keeps much
better time.
The interface to the kernel NTP support is
provided by the
ntp_adjtime(2) and
ntp_gettime(2) system
calls, which are intended for use by
ntpd(8) and are enabled by
the option. On systems with sub-microsecond resolution timers, or where
(HZ/100000) is not an integer, the NTP option also
enables extended-precision arithmetic to keep track of fractional clock
ticks at NTP time-format precision.
options PPS_SYNC
- This option enables a kernel serial line discipline for receiving time
phase signals from an external reference clock such as a radio clock. (The
NTP option (which see) must be on if the
PPS_SYNC option is used). Some reference clocks generate
a Pulse Per Second (PPS) signal in phase with their time source. The
PPS line discipline receives this signal on either the
data leads or the DCD control lead of a serial port.
NTP uses the PPS signal to discipline the
local clock oscillator to a high degree of precision (typically less
than 50 microseconds in time and 0.1 ppm in accuracy).
PPS can also generate a serial output pulse when the
system receives a PPS interrupt. This can be used to measure the system
interrupt latency and thus calibrate NTP to account
for it. Using PPS usually requires a gadget box to
convert from TTL to RS-232 signal levels. The gadget box and PPS are
described in more detail in the HTML documentation for
ntpd(8) in
/usr/share/doc/html/ntp.
NetBSD currently supports this option
in com(4) and
zsc(4).
options SETUIDSCRIPTS
- Allows scripts with the setuid bit set to execute as the effective user
rather than the real user, just like binary executables.
NOTE: Using this option will also enable
options FDSCRIPTS
options FDSCRIPTS
- Allows execution of scripts with the execute bit set, but not the read
bit, by opening the file and passing the file descriptor to the shell,
rather than the filename.
NOTE: Execute only (non-readable) scripts
will have argv[0] set to
/dev/fd/*. What this option allows as far as
security is concerned, is the ability to safely ensure that the correct
script is run by the interpreter, as it is passed as an already open
file.
options RTC_OFFSET=integer
- The kernel (and typically the hardware battery backed-up clock on those
machines that have one) keeps time in UTC (Universal
Coordinated Time, once known as GMT, or Greenwich Mean
Time) and not in the time of the local time zone. The
RTC_OFFSET option is used on some ports (such as the
i386) to tell the kernel that the hardware clock is offset from
UTC by the specified number of minutes. This is
typically used when a machine boots several operating systems and one of
them wants the hardware clock to run in the local time zone and not in
UTC, e.g. RTC_OFFSET=300 means the
hardware clock is set to US Eastern Time (300 minutes behind
UTC), and not UTC. (Note:
RTC_OFFSET is used to initialize a kernel variable named
rtc_offset which is the source actually used to
determine the clock offset, and which may be accessed via the
kern.rtc_offset sysctl variable. See
sysctl(8) and
sysctl(3) for details. Since
the kernel clock is initialized from the hardware clock very early in the
boot process, it is not possible to meaningfully change
rtc_offset in system initialization scripts.
Changing this value currently may only be done at kernel compile time or
by patching the kernel and rebooting).
NOTE: Unfortunately, in many cases where the
hardware clock is kept in local time, it is adjusted for Daylight
Savings Time; this means that attempting to use
RTC_OFFSET to let NetBSD
coexist with such an operating system, like Windows, would necessitate
changing RTC_OFFSET twice a year. As such, this
solution is imperfect.
options MAXUPRC=integer
- Sets the soft
RLIMIT_NPROC
resource limit, which
specifies the maximum number of simultaneous processes a user is permitted
to run, for process 0; this value is inherited by its child processes. It
defaults to CHILD_MAX, which is currently defined to be
160. Setting MAXUPRC to a value less than
CHILD_MAX is not permitted, as this would result in a
violation of the semantics of IEEE Std 1003.1-1990
(“POSIX.1”).
options NOFILE=integer
- Sets the soft
RLIMIT_NOFILE
resource limit, which
specifies the maximum number of open file descriptors for each process;
this value is inherited by its child processes. It defaults to
OPEN_MAX, which is currently defined to be 128.
options MAXFILES=integer
- Sets the default value of the kern.maxfiles sysctl
variable, which indicates the maximum number of files that may be open in
the system.
options DEFCORENAME=string
- Sets the default value of the kern.defcorename sysctl
variable, otherwise it is set to
%n.core
. See
sysctl(8) and
sysctl(3) for details.
options RASOPS_CLIPPING
- Enables clipping within the
rasops
raster-console
output system. NOTE: only available on architectures
that use rasops
for console output.
options RASOPS_SMALL
- Removes optimized character writing code from the
rasops
raster-console output system.
NOTE: only available on architectures that use
rasops
for console output.
options INCLUDE_CONFIG_FILE
- Embeds the kernel config file used to define the kernel in the kernel
binary itself. The embedded data also includes any files directly included
by the config file itself, e.g. GENERIC.local or
std.$MACHINE. The embedded config file can be
extracted from the resulting kernel with
config(1)
-x
, or by the following command:
strings netbsd | sed -n 's/^_CFG_//p' | unvis
options INCLUDE_JUST_CONFIG
- Similar to the above option, but includes just the actual config file, not
any included files.
options PIPE_SOCKETPAIR
- Use slower, but smaller socketpair(2)-based pipe implementation instead of
default faster, but bigger one. Primarily useful for installation
kernels.
options USERCONF
- Compiles in the in-kernel device configuration manager. See
userconf(4) for
details.
options SCDEBUG_DEFAULT
- Used with the
options SYSCALL_DEBUG
described
below to choose which types of events are displayed.
SCDEBUG_CALLS
- Show system call entry points.
SCDEBUG_RETURNS
- Show system call exit points.
SCDEBUG_ALL
- Show all system call requestes, including unimplemented calls.
SCDEBUG_SHOWARGS
- Show the arguments provided.
SCDEBUG_KERNHIST
- Store a restricted form of the system call debug in a kernel history
instead of printing it to the console. This option relies upon
options KERNHIST
.
The default value is
(SCDEBUG_CALLS|SCDEBUG_RETURNS|SCDEBUG_SHOWARGS)
.
options SYSCALL_DEBUG
- Useful for debugging system call issues, usually in early single user
bringup. By default, writes entries to the system console for most system
call events. Can be configured with the
options
SCDEBUG_DEFAULT
option to to use the options
KERNHIST
facility instead.
options SYSCALL_STATS
- Count the number of times each system call number is called. The values
can be read through the sysctl interface and displayed using
systat(1).
NOTE: not yet available on all architectures.
options SYSCALL_TIMES
- Count the time spent (using
cpu_counter32
()) in
each system call. NOTE: Using this option will also
enable options SYSCALL_STATS
.
options SYSCALL_TIMES_HASCOUNTER
- Force use of
cpu_counter32
() even if
cpu_hascounter
() reports false. Useful for systems
where the cycle counter doesn't run at a constant rate (e.g. Soekris
boxes).
options XSERVER_DDB
- A supplement to XSERVER that adds support for entering
ddb(4) while in X11.
options FILEASSOC
- Support for fileassoc(9).
Required for
options PAX_SEGVGUARD
and
pseudo-device veriexec
.
options FILEASSOC_NHOOKS=integer
- Number of storage slots per file for
fileassoc(9). Default is
4.
options GATEWAY
- Enables IPFORWARDING and (on most ports) increases the
size of NMBCLUSTERS. In general,
GATEWAY is used to indicate that a system should act as
a router, and IPFORWARDING is not invoked directly.
(Note that GATEWAY has no impact on protocols other than
IP). GATEWAY option also compiles IPv4 and IPv6 fast
forwarding code into the kernel.
options IPFORWARDING=value
- If value is 1 this enables IP routing behavior. If
value is 0 (the default), it disables it. The
GATEWAY option sets this to 1 automatically. With this
option enabled, the machine will forward IP datagrams destined for other
machines between its interfaces. Note that even without this option, the
kernel will still forward some packets (such as source routed packets)
— removing GATEWAY and
IPFORWARDING is insufficient to stop all routing through
a bastion host on a firewall — source routing is controlled
independently. Note that IP forwarding may be turned on and off
independently of the setting of the IPFORWARDING option
through the use of the net.inet.ip.forwarding sysctl
variable. If net.inet.ip.forwarding is 1, IP forwarding
is on. See sysctl(8) and
sysctl(3) for details.
options IFA_STATS
- Tells the kernel to maintain per-address statistics on bytes sent and
received over (currently) Internet and AppleTalk addresses. The option is
not recommended as it degrades system stability.
options IFQ_MAXLEN=value
- Increases the allowed size of the network interface packet queues. The
default queue size is 50 packets, and you do not normally need to increase
it.
options IPSELSRC
- Includes support for source-address selection policies. See
in_getifa(9).
options MROUTING
- Includes support for IP multicast routers. You certainly want
INET with this. Multicast routing is controlled by the
mrouted(8) daemon. See also
option
PIM
.
options PIM
- Includes support for Protocol Independent Multicast (PIM) routing. You
need MROUTING and INET with this.
Software using this can be found e.g. in
pkgsrc/net/xorp.
options INET
- Includes support for the TCP/IP protocol stack. You almost certainly want
this. See inet(4) for
details.
options INET6
- Includes support for the IPv6 protocol stack. See
inet6(4) for details. Unlike
INET, INET6 enables multicast routing
code as well. This option requires INET at this moment,
but it should not.
options ND6_DEBUG
- The option sets the default value of net.inet6.icmp6.nd6_debug to 1, for
debugging IPv6 neighbor discovery protocol handling. See
sysctl(3) for details.
options IPSEC
- Includes support for the IPsec protocol, using the implementation derived
from OpenBSD, relying on
opencrypto(9) to carry
out cryptographic operations. See
ipsec(4) for details.
options IPSEC_DEBUG
- Enables debugging code in IPsec stack. See
ipsec(4) for details. The
IPSEC
option includes support for IPsec Network
Address Translator traversal (NAT-T), as described in RFCs 3947 and 3948.
This feature might be patent-encumbered in some countries.
options ALTQ
- Enabled ALTQ (Alternate Queueing). For simple rate-limiting, use
tbrconfig(8) to set up
the interface transmission rate. To use queueing disciplines, their
appropriate kernel options should also be defined (documented below).
Queueing disciplines are managed by
altqd(8). See
altq(9) for details.
options ALTQ_HFSC
- Include support for ALTQ-implemented HFSC (Hierarchical Fair Service
Curve) module. HFSC supports both link-sharing and guaranteed real-time
services. HFSC employs a service curve based QoS model, and its unique
feature is an ability to decouple delay and bandwidth allocation. Requires
ALTQ_RED to use the RED queueing discipline on HFSC
classes, or ALTQ_RIO to use the RIO queueing discipline
on HFSC classes. This option assumes ALTQ.
options ALTQ_PRIQ
- Include support for ALTQ-implemented PRIQ (Priority Queueing). PRIQ
implements a simple priority-based queueing discipline. A higher priority
class is always served first. Requires ALTQ_RED to use
the RED queueing discipline on HFSC classes, or ALTQ_RIO
to use the RIO queueing discipline on HFSC classes. This option assumes
ALTQ.
options ALTQ_WFQ
- Include support for ALTQ-implemented WFQ (Weighted Fair Queueing). WFQ
implements a weighted-round robin scheduler for a set of queues. A weight
can be assigned to each queue to give a different proportion of the link
capacity. A hash function is used to map a flow to one of a set of queues.
This option assumes ALTQ.
options ALTQ_FIFOQ
- Include support for ALTQ-implemented FIFO queueing. FIFOQ is a simple
drop-tail FIFO (First In, First Out) queueing discipline. This option
assumes ALTQ.
options ALTQ_RIO
- Include support for ALTQ-implemented RIO (RED with In/Out). The original
RIO has 2 sets of RED parameters; one for in-profile packets and the other
for out-of-profile packets. At the ingress of the network, profile meters
tag packets as IN or OUT based on contracted profiles for customers.
Inside the network, IN packets receive preferential treatment by the RIO
dropper. ALTQ/RIO has 3 drop precedence levels defined for the Assured
Forwarding PHB of DiffServ (RFC 2597). This option assumes
ALTQ.
options ALTQ_BLUE
- Include support for ALTQ-implemented Blue buffer management. Blue is
another active buffer management mechanism. This option assumes
ALTQ.
options ALTQ_FLOWVALVE
- Include support for ALTQ-implemented Flowvalve. Flowvalve is a simple
implementation of a RED penalty box that identifies and punishes
misbehaving flows. This option requires ALTQ_RED and
assumes ALTQ.
options ALTQ_CDNR
- Include support for ALTQ-implemented CDNR (diffserv traffic conditioner)
packet marking/manipulation. Traffic conditioners are components to meter,
mark, or drop incoming packets according to some rules. As opposed to
queueing disciplines, traffic conditioners handle incoming packets at an
input interface. This option assumes ALTQ.
options ALTQ_NOPCC
- Disables use of processor cycle counter to measure time in ALTQ. This
option should be defined for a non-Pentium i386 CPU which does not have
TSC, SMP (per-CPU counters are not in sync), or power management which
affects processor cycle counter. This option assumes
ALTQ.
options ALTQ_IPSEC
- Include support for IPsec in IPv4 ALTQ. This option assumes
ALTQ.
options ALTQ_JOBS
- Include support for ALTQ-implemented JoBS (Joint Buffer Management and
Scheduling). This option assumes ALTQ.
options ALTQ_AFMAP
- Include support for an undocumented ALTQ feature that is used to map an IP
flow to an ATM VC (Virtual Circuit). This option assumes
ALTQ.
options ALTQ_LOCALQ
- Include support for ALTQ-implemented local queues. Its practical use is
undefined. Assumes ALTQ.
options SUBNETSARELOCAL
- Sets default value for net.inet.ip.subnetsarelocal variable, which
controls whether non-directly-connected subnets of connected networks are
considered "local" for purposes of choosing the MSS for a TCP
connection. This is mostly present for historic reasons and completely
irrelevant if you enable Path MTU discovery.
options HOSTZEROBROADCAST
- Sets default value for net.inet.ip.hostzerobroadcast variable, which
controls whether the zeroth host address of each connected subnet is also
considered a broadcast address. Default value is "1", for
compatibility with old systems; if this is set to zero on all hosts on a
subnet, you should be able to fit an extra host per subnet on the
".0" address.
options MCLSHIFT=value
- This option is the base-2 logarithm of the size of mbuf clusters. The
BSD networking stack keeps network packets in a
linked list, or chain, of kernel buffer objects called mbufs. The system
provides larger mbuf clusters as an optimization for large packets,
instead of using long chains for large packets. The mbuf cluster size, or
MCLBYTES, must be a power of two, and is computed as two
raised to the power MCLSHIFT. On systems with Ethernet
network adapters, MCLSHIFT is often set to 11, giving
2048-byte mbuf clusters, large enough to hold a 1500-byte Ethernet frame
in a single cluster. Systems with network interfaces supporting larger
frame sizes like ATM, FDDI, or HIPPI may perform better with
MCLSHIFT set to 12 or 13, giving mbuf cluster sizes of
4096 and 8192 bytes, respectively.
options NETATALK
- Include support for the AppleTalk protocol stack. The kernel provides
provision for the Datagram Delivery Protocol (DDP),
providing SOCK_DGRAM support and AppleTalk routing. This stack is used by
the NETATALK package, which adds support for AppleTalk
server services via user libraries and applications.
options BLUETOOTH
- Include support for the Bluetooth protocol stack. See
bluetooth(4) for
details.
options IPNOPRIVPORTS
- Normally, only root can bind a socket descriptor to a so-called
“privileged” TCP port, that is, a port number in the range
0-1023. This option eliminates those checks from the kernel. This can be
useful if there is a desire to allow daemons without privileges to bind
those ports, e.g., on firewalls. The security tradeoffs in doing this are
subtle. This option should only be used by experts.
options TCP_DEBUG
- Record the last TCP_NDEBUG TCP packets with SO_DEBUG
set, and decode to the console if tcpconsdebug is
set.
options TCP_NDEBUG
- Number of packets to record for TCP_DEBUG. Defaults to
100.
options TCP_SENDSPACE=value
options TCP_RECVSPACE=value
- These options set the max TCP window size to other sizes than the default.
The TCP window sizes can be altered via
sysctl(8) as well.
options TCP_INIT_WIN=value
- This option sets the initial TCP window size for non-local connections,
which is used when the transmission starts. The default size is 1, but if
the machine should act more aggressively, the initial size can be set to
some other value. The initial TCP window size can be set via
sysctl(8) as well.
options TCP_SIGNATURE
- Enable MD5 TCP signatures (RFC 2385) to protect BGP sessions.
options IPFILTER_LOG
- This option, in conjunction with pseudo-device ipfilter,
enables logging of IP packets using IP-Filter.
options IPFILTER_LOOKUP
- This option enables the IP-Filter
ippool(8) functionality to
be enabled.
options IPFILTER_COMPAT
- This option enables older IP-Filter binaries to work.
options IPFILTER_DEFAULT_BLOCK
- This option sets the default policy of IP-Filter. If it is set, IP-Filter
will block packets by default.
options BRIDGE_IPF
- This option causes bridge devices to use the IP and/or
IPv6 filtering hooks, forming a link-layer filter that uses protocol-layer
rules. This option assumes the presence of pseudo-device
ipfilter.
options MBUFTRACE
- This option can help track down mbuf leaks. When enabled, mbufs are tagged
with the devices and protocols using them, which slightly decreases
network performance. This additional information can be viewed with
netstat(1):
netstat
-mssv
Not all devices or protocols support this option.
options SYSCTL_DISALLOW_CREATE
- Disallows the creation or deletion of nodes from the sysctl tree, as well
as the assigning of descriptions to nodes that lack them, by any process.
These operations are still available to kernel sub-systems, including
loadable kernel modules.
options SYSCTL_DISALLOW_KWRITE
- Prevents processes from adding nodes to the sysctl tree that make existing
kernel memory areas writable. Sections of kernel memory can still be read
and new nodes that own their own data may still be writable.
options SYSCTL_DEBUG_SETUP
- Causes the SYSCTL_SETUP routines to print a brief message when they are
invoked. This is merely meant as an aid in determining the order in which
sections of the tree are created.
options SYSCTL_DEBUG_CREATE
- Prints a message each time
sysctl_create
(), the
function that adds nodes to the tree, is called.
options SYSCTL_INCLUDE_DESCR
- Causes the kernel to include short, human readable descriptions for nodes
in the sysctl tree. The descriptions can be retrieved programmatically
(see sysctl(3)), or by the
sysctl binary itself (see
sysctl(8)). The descriptions
are meant to give an indication of the purpose and/or effects of a given
node's value, not replace the documentation for the given subsystem as a
whole.
options SYSVMSG
- Includes support for AT&T System V UNIX
style message queues. See
msgctl(2),
msgget(2),
msgrcv(2),
msgsnd(2).
options SYSVSEM
- Includes support for AT&T System V UNIX
style semaphores. See
semctl(2),
semget(2),
semop(2).
options SEMMNI=value
- Sets the number of AT&T System V UNIX
style semaphore identifiers. The GENERIC config file for your port will
have the default.
options SEMMNS=value
- Sets the number of AT&T System V UNIX
style semaphores in the system. The GENERIC config file for your port will
have the default.
options SEMUME=value
- Sets the maximum number of undo entries per process for
AT&T System V UNIX style semaphores.
The GENERIC config file for your port will have the default.
options SEMMNU=value
- Sets the number of undo structures in the system for
AT&T System V UNIX style semaphores.
The GENERIC config file for your port will have the default.
options SYSVSHM
- Includes support for AT&T System V UNIX
style shared memory. See
shmat(2),
shmctl(2),
shmdt(2),
shmget(2).
options SHMMAXPGS=value
- Sets the maximum number of AT&T System V
UNIX style shared memory pages that are available through the
shmget(2) system call.
Default value is 1024 on most ports. See
/usr/include/machine/vmparam.h for the
default.
options NMBCLUSTERS=value
- The number of mbuf clusters the kernel supports. Mbuf clusters are
MCLBYTES in size (usually 2k). This is used to compute the size of the
kernel VM map mb_map, which maps mbuf clusters. The
default value is calculated from the amount of physical memory.
Architectures without direct mapping also limit it based on the kmem_map
size, which is used as backing store. Some archs limit the value with
‘NMBCLUSTERS_MAX’. See
/usr/include/machine/param.h for those archs. This
value can be accessed via the kern.mbuf.nmbclusters sysctl variable.
Increase this value if you get “mclpool limit reached”
messages.
options NMBCLUSTERS_MAX=value
- The upper limit of NMBCLUSTERS.
options NKMEMPAGES=value
options NKMEMPAGES_MIN=value
options NKMEMPAGES_MAX=value
- Size of kernel VM map kmem_map, in PAGE_SIZE-sized
chunks (the VM page size; this value may be read from the
sysctl(8) variable
hw.pagesize ). This VM map is used to map the kernel
malloc arena. The kernel attempts to auto-size this map based on the
amount of physical memory in the system. Platform-specific code may place
bounds on this computed size, which may be viewed with the
sysctl(8) variable
vm.nkmempages. See
/usr/include/machine/param.h for the default upper
and lower bounds. The related options ‘NKMEMPAGES_MIN’ and
‘NKMEMPAGES_MAX’ allow the bounds to be overridden in the
kernel configuration file. These options are provided in the event the
computed value is insufficient resulting in an “out of space in
kmem_map” panic.
options SB_MAX=value
- Sets the max size in bytes that a socket buffer is allowed to occupy. The
default is 256k, but sometimes it needs to be increased, for example when
using large TCP windows. This option can be changed via
sysctl(8) as well.
options SOMAXKVA=value
- Sets the maximum size of kernel virtual memory that the socket buffers are
allowed to use. The default is 16MB, but in situations where for example
large TCP windows are used this value must also be increased. This option
can be changed via sysctl(8)
as well.
options BUFCACHE=value
- Size of the buffer cache as a percentage of total available RAM. Ignored
if BUFPAGES is also specified.
options NBUF=value
- Sets the number of buffer headers available, i.e., the number of open
files that may have a buffer cache entry. Each buffer header requires
MAXBSIZE (machine dependent, but usually 65536) bytes. The default value
is machine dependent, but is usually equal to the value of BUFPAGES.
options BUFPAGES=value
- These options set the number of pages available for the buffer cache.
Their default value is a machine dependent value, often calculated as
between 5% and 10% of total available RAM.
options MAXTSIZ=bytes
- Sets the maximum size limit of a process' text segment. See
/usr/include/machine/vmparam.h for the
port-specific default.
options DFLDSIZ=bytes
- Sets the default size limit of a process' data segment, the value that
will be returned as the soft limit for
RLIMIT_DATA
(as returned by
getrlimit(2)). See
/usr/include/machine/vmparam.h for the
port-specific default.
options MAXDSIZ=bytes
- Sets the maximum size limit of a process' data segment, the value that
will be returned as the hard limit for
RLIMIT_DATA
(as returned by
getrlimit(2)). See
/usr/include/machine/vmparam.h for the
port-specific default.
options DFLSSIZ=bytes
- Sets the default size limit of a process' stack segment, the value that
will be returned as the soft limit for
RLIMIT_STACK
(as returned by
getrlimit(2)). See
/usr/include/machine/vmparam.h for the
port-specific default.
options MAXSSIZ=bytes
- Sets the maximum size limit of a process' stack segment, the value that
will be returned as the hard limit for
RLIMIT_STACK
(as returned by
getrlimit(2)). See
/usr/include/machine/vmparam.h for the
port-specific default.
options DUMP_ON_PANIC=integer
- Defaults to one. If set to zero, the kernel will not dump to the dump
device when it panics, though dumps can still be forced via
ddb(4) with the
“sync” command. Note that this sets the value of the
kern.dump_on_panic
sysctl(3) variable which may
be changed at run time — see
sysctl(8) for details.
options USE_TOPDOWN_VM
- User space memory allocations (as made by
mmap(2)) will be arranged in a
“top down” fashion instead of the traditional
“upwards from MAXDSIZ + vm_daddr” method. This includes the
placement of ld.so(1).
Arranging memory in this manner allows either (or both of) the heap or
mmap(2) allocated space to
grow larger than traditionally possible. This option is not available on
all ports, but is instead expected to be offered on a port-by-port basis,
after which some ports will commit to using it by default. See the files
/usr/include/uvm/uvm_param.h for some
implementation details, and
/usr/include/machine/vmparam.h for port specific
details including availability.
options VMSWAP
- Enable paging device/file support. This option is on by default.
options PDPOLICY_CLOCKPRO
- Use CLOCK-Pro, an alternative page replace policy.
options INSECURE
- Initializes the kernel security level with -1 instead of 0. This means
that the system always starts in secure level -1 mode, even when running
multiuser, unless the securelevel variable is set to value > -1 in
/etc/rc.conf. In this case the kernel security
level will be raised to that value when the
/etc/rc.d/securelevel script is run during system
startup. See the manual page for
init(8) for details on the
implications of this. The kernel secure level may manipulated by the
superuser by altering the kern.securelevel
sysctl(3) variable (the
secure level may only be lowered by a call from process ID 1, i.e.,
init(8)). See also
secmodel_securelevel(9),
sysctl(8) and
sysctl(3).
options VERIFIED_EXEC_FP_SHA256
- Enables support for SHA256 hashes in Veriexec.
options VERIFIED_EXEC_FP_SHA384
- Enables support for SHA384 hashes in Veriexec.
options VERIFIED_EXEC_FP_SHA512
- Enables support for SHA512 hashes in Veriexec.
options PAX_MPROTECT=value
- Enables PaX MPROTECT,
mprotect(2) restrictions
from the PaX project.
The value is the default value for the
global knob, see
sysctl(3). If 0, PaX
MPROTECT will be enabled only if explicitly set on programs using
paxctl(8). If 1, PaX
MPROTECT will be enabled for all programs. Programs can be exempted
using paxctl(8).
See
security(7) for more
details.
options PAX_SEGVGUARD=value
- Enables PaX Segvguard. Requires
options FILEASSOC
.
The value is the default value for the
global knob, see
sysctl(3). If 0, PaX
Segvguard will be enabled only if explicitly set on programs using
paxctl(8). If 1, PaX
Segvguard will be enabled to all programs, and exemption can be done
using paxctl(8).
See
security(7) for more
details.
options PAX_ASLR=value
- Enables PaX ASLR.
The value is the default value for the
global knob, see
sysctl(3). If 0, PaX ASLR
will be enabled only if explicitly set on programs using
paxctl(8). If 1, PaX ASLR
will be enabled to all programs, and exemption can be done using
paxctl(8).
See
security(7) for more
details.
options USER_VA0_DISABLE_DEFAULT=value
- Sets the initial value of the flag which controls whether user programs
can map virtual address 0. The flag can be changed at runtime by
sysctl(3).
options KASAN
- Enables Kernel Address Sanitizer. Should not be used in conjunction with
KLEAK. NOTE: not available on all architectures.
options KASLR
- Enables Kernel ASLR. This randomizes the location of the kernel image in
memory. NOTE: not available on all architectures.
options KLEAK
- Enables the KLEAK feature, that allows to detect kernel information leaks.
Should not be used in conjunction with KASAN. NOTE: not
available on all architectures.
options SVS
- Enables Separate Virtual Space. On architectures that are designed to
function with a shared address space, this option explicitly isolates the
kernel and user spaces. NOTE: not available on all
architectures.
options BB060STUPIDROM
- When the bootloader (which passes AmigaOS ROM information) claims we have
a 68060 CPU without FPU, go look into the Processor Configuration Register
(PCR) to find out. You need this with Amiga ROMs up to (at least) V40.xxx
(OS3.1), when you boot via the bootblocks and don't have a DraCo.
options IOBZCLOCK=frequency
- The IOBlix boards come with two different serial master clocks: older ones
use 24 MHz, newer ones use 22.1184 MHz. The driver normally assumes the
latter. If your board uses 24 MHz, you can recompile your kernel with
options IOBZCLOCK=24000000 or patch the kernel variable iobzclock to the
same value.
options LIMITMEM=value
- If there, limit the part of the first memory bank used by
NetBSD to value megabytes. Default is
unlimited.
options P5PPC68KBOARD
- Add special support for Phase5 mixed 68k+PPC boards. Currently, this only
affects rebooting from NetBSD and is only needed
on 68040+PPC, not on 68060+PPC; without this, affected machines will hang
after NetBSD has shut down and will only restart
after a keyboard reset or a power cycle.
options DISKLABEL_AHDI
- Include support for AHDI (native Atari) disklabels.
options DISKLABEL_NBDA
- Include support for NetBSD/atari labels. If you
don't set this option, it will be set automatically.
NetBSD/atari will not work without it.
options FALCON_SCSI
- Include support for the 5380-SCSI configuration as found on the
Falcon.
options RELOC_KERNEL
- If set, the kernel will relocate itself to TT-RAM, if possible. This will
give you a slightly faster system. Beware that on some
TT030 systems, the system will frequently dump with MMU-faults with this
option enabled.
options SERCONSOLE
- Allow the modem1-port to act as the system-console. A carrier should be
active on modem1 during system boot to active the console
functionality.
options TT_SCSI
- Include support for the 5380-SCSI configuration as found on the TT030 and
Hades.
options CPURESET_DELAY=value
- Specifies the time (in millisecond) to wait before doing a hardware reset
in the last phase of a reboot. This gives the user a chance to see error
messages from the shutdown operations (like NFS unmounts, buffer cache
flush, etc ...). Setting this to 0 will disable the delay. Default is 2
seconds.
options USER_LDT
- Include i386-specific system calls for modifying the local descriptor
table, used by Windows emulators.
options PAE
- Enable PAE (Physical Address Extension) mode. PAE permits up to 36 bits
physical addressing (64GB of physical memory), and turns physical
addresses to 64 bits entities in the memory management subsystem. Userland
virtual address space remains at 32 bits (4GB). PAE mode is required to
enable the NX/XD (No-eXecute/eXecute Disable) bit for pages, which allows
marking certain ones as not being executable. Any attempt to execute code
from such a page will raise an exception.
options REALBASEMEM=integer
- Overrides the base memory size passed in from the boot block. (Value given
in kilobytes.) Use this option only if the boot block reports the size
incorrectly. (Note that some BIOSes put the extended BIOS data area at the
top of base memory, and therefore report a smaller base memory size to
prevent programs overwriting it. This is correct behavior, and you should
not use the REALBASEMEM option to access this
memory).
options SPECTRE_V2_GCC_MITIGATION=1
- Enable GCC-specific Spectre variant 2 mitigations. For 32-bit kernels this
means these options:
-mindirect-branch=thunk -mindirect-branch-register
For 64-bit kernels this means these options:
-mindirect-branch=thunk-inline -mindirect-branch-register
options REALEXTMEM=integer
- Overrides the extended memory size passed in from the boot block. (Value
given in kilobytes. Extended memory does not include the first megabyte.)
Use this option only if the boot block reports the size incorrectly.
options CYRIX_CACHE_WORKS
- Relevant only to the Cyrix 486DLC CPU. This option is used to turn on the
cache in hold-flush mode. It is not turned on by default because it is
known to have problems in certain motherboard implementations.
options CYRIX_CACHE_REALLY_WORKS
- Relevant only to the Cyrix 486DLC CPU. This option is used to turn on the
cache in write-back mode. It is not turned on by default because it is
known to have problems in certain motherboard implementations. In order
for this option to take effect, option CYRIX_CACHE_WORKS
must also be specified.
options PCIBIOS
- Enable support for initializing the PCI bus using information from the
BIOS. See pcibios(4) for
details.
options MTRR
- Include support for accessing MTRR registers from user-space. See
i386_get_mtrr(2).
options BEEP_ONHALT
- Make the system speaker emit several beeps when it is completely safe to
power down the computer after a
halt(8) command. Requires
sysbeep(4) support.
options BEEP_ONHALT_COUNT=times
- Number of times to beep the speaker when
options
BEEP_ONHALT
is enabled. Defaults to 3.
options BEEP_ONHALT_PITCH=hz
- The tone frequency used when
options BEEP_ONHALT
option, in hertz. Defaults to 1500.
options BEEP_ONHALT_PERIOD=msecs
- The duration of each beep when
options BEEP_ONHALT
is enabled, in milliseconds. Defaults to 250.
options MULTIBOOT
- Makes the kernel Multiboot-compliant, allowing it to be booted through a
Multiboot-compliant boot manager such as GRUB. See
multiboot(8) for more
information.
options SPLASHSCREEN
- Display a splash screen during boot.
Options specific to isa(4) busses.
options PCIC_ISA_ALLOC_IOBASE=address,
PCIC_ISA_ALLOC_IOSIZE=size
- Control the section of IO bus space used for PCMCIA bus space mapping.
Ideally the probed defaults are satisfactory, however in practice that is
not always the case. See
pcmcia(4) for details.
options PCIC_ISA_INTR_ALLOC_MASK=mask
- Controls the allowable interrupts that may be used for PCMCIA devices.
This mask is a logical-or of power-of-2s of allowable interrupts:
IRQ Val IRQ Val IRQ Val IRQ Val
0 0x0001 4 0x0010 8 0x0100 12 0x1000
1 0x0002 5 0x0020 9 0x0200 13 0x2000
2 0x0004 6 0x0040 10 0x0400 14 0x4000
3 0x0008 7 0x0080 11 0x0800 15 0x8000
options PCKBC_CNATTACH_SELFTEST
- Perform a self test of the keyboard controller before attaching it as a
console. This might be necessary on machines where we boot on cold iron,
and pckbc refuses to talk until we request a self test. Currently only the
netwinder port uses it.
options PCKBD_CNATTACH_MAY_FAIL
- If this option is set the PS/2 keyboard will not be used as the console if
it cannot be found during boot. This allows other keyboards, like USB, to
be the console keyboard.
options PCKBD_LAYOUT=layout
- Sets the default keyboard layout, see
pckbd(4).
options FPU_EMULATE
- Include support for MC68881/MC68882 emulator.
options FPSP
- Include support for 68040 floating point.
options M68020,M68030,M68040,M68060
- Include support for a specific CPU, at least one (the one you are using)
should be specified.
options M060SP
- Include software support for 68060. This provides emulation of
unimplemented integer instructions as well as emulation of unimplemented
floating point instructions and data types and software support for
floating point traps.
options PMAP_MEMLIMIT=value
- Limit the amount of memory seen by the kernel to
value bytes.
options PTEGCOUNT=value
- Specify the size of the page table as value PTE
groups. Normally, one PTEG is allocated per physical page frame.
options AUDIO_DEBUG
- Enable simple event debugging of the logging of the
audio(4) device.
options BLINK
- Enable blinking of LED. Blink rate is full cycle every N seconds for N
< then current load average. See
getloadavg(3).
options COUNT_SW_LEFTOVERS
- Count how many times the sw SCSI device has left 3, 2, 1 and 0 in the
sw_3_leftover, sw_2_leftover, sw_1_leftover, and sw_0_leftover variables
accessible from ddb(4). See
sw(4).
options DEBUG_ALIGN
- Adds debugging messages calls when user-requested alignment fault handling
happens.
options DEBUG_EMUL
- Adds debugging messages calls for emulated floating point and alignment
fixing operations.
options EXTREME_DEBUG
- Adds debugging functions callable from
ddb(4). The debug_pagetables,
test_region and print_fe_map functions print information about page tables
for the SUN4M platforms only.
options EXTREME_EXTREME_DEBUG
- Adds extra info to options EXTREME_DEBUG.
options FPU_CONTEXT
- Make options COMPAT_SVR4 getcontext and setcontext
include floating point registers.
options MAGMA_DEBUG
- Adds debugging messages to the
magma(4) device.
options RASTERCONS_FULLSCREEN
- Use the entire screen for the console.
options RASTERCONS_SMALLFONT
- Use the Fixed font on the console, instead of the normal font.
options SUN4
- Support sun4 class machines.
options SUN4C
- Support sun4c class machines.
options SUN4M
- Support sun4m class machines.
options SUN4_MMU3L
- Enable support for sun4 3-level MMU machines.
options V9
- Enable SPARC V9 assembler in
ddb(4).
options AUDIO_DEBUG
- Enable simple event debugging of the logging of the
audio(4) device.
options BLINK
- Enable blinking of LED. Blink rate is full cycle every N seconds for N
< then current load average. See
getloadavg(3).
options EXTENDED_MEMORY
- Include support for extended memory, e.g., TS-6BE16 and 060turbo
on-board.
options JUPITER
- Include support for Jupiter-X MPU accelerator
options ZSCONSOLE,ZSCN_SPEED=value
- Use the built-in serial port as the system-console. Speed is specified in
bps, defaults to 9600.
options ITE_KERNEL_ATTR=value
- Set the kernel message attribute for ITE. Value, an integer, is a logical
or of the following values:
- 1
- color inversed
- 2
- underlined
- 4
- bolded
options NO_PCI_MSI_MSIX
- Disable support for MSI/MSIX in the kernel. See
pci_msi(9) for details of
MSI/MSIX support
options NO_PREEMPTION
- Disables kpreempt(9)
support in the kernel.
config(1),
gcc(1),
gdb(1),
ktrace(1),
quota(1),
vndcompress(1),
gettimeofday(2),
i386_get_mtrr(2),
i386_iopl(2),
msgctl(2),
msgget(2),
msgrcv(2),
msgsnd(2),
ntp_adjtime(2),
ntp_gettime(2),
reboot(2),
semctl(2),
semget(2),
semop(2),
shmat(2),
shmctl(2),
shmdt(2),
shmget(2),
sysctl(3),
apm(4),
ddb(4),
inet(4),
md(4),
pcibios(4),
pcmcia(4),
ppp(4),
userconf(4),
vnd(4),
wscons(4),
config(5),
edquota(8),
init(8),
mdsetimage(8),
mount_cd9660(8),
mount_fdesc(8),
mount_kernfs(8),
mount_lfs(8),
mount_mfs(8),
mount_msdos(8),
mount_nfs(8),
mount_ntfs(8),
mount_null(8),
mount_portal(8),
mount_procfs(8),
mount_udf(8),
mount_umap(8),
mount_union(8),
mrouted(8),
newfs_lfs(8),
ntpd(8),
quotaon(8),
rpc.rquotad(8),
sysctl(8),
in_getifa(9),
kernhist(9)
The options
man page first appeared in
NetBSD 1.3.