1.\" $OpenBSD: options.4,v 1.87 2001/11/06 03:20:34 pvalchev Exp $ 2.\" $NetBSD: options.4,v 1.21 1997/06/25 03:13:00 thorpej Exp $ 3.\" 4.\" Copyright (c) 1998 Theo de Raadt 5.\" Copyright (c) 1998 Todd Miller 6.\" Copyright (c) 1998 Gene Skonicki 7.\" Copyright (c) 1996 8.\" Perry E. Metzger. All rights reserved. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 3. All advertising materials mentioning features or use of this software 19.\" must display the following acknowledgment: 20.\" This product includes software developed for the NetBSD Project 21.\" by Perry E. Metzger. 22.\" 4. The name of the author may not be used to endorse or promote products 23.\" derived from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" 37.Dd August 17, 1997 38.Dt OPTIONS 4 39.Os 40.Sh NAME 41.Nm options 42.Nd miscellaneous kernel configuration options 43.Sh SYNOPSIS 44.Cd option ... 45.Sh DESCRIPTION 46This manual page describes a number of miscellaneous kernel 47configuration options that may be specified in a kernel config file. 48See 49.Xr config 8 50for information on how to configure and build kernels. 51.Em Note: 52options are passed to the compile process as 53.Fl D 54flags to the C compiler. 55.Ss Compatibility Options 56.Bl -ohang 57.It Cd option COMPAT_23 58Enables compatibility with 59.Ox 2.3 . 60This makes it possible to run binaries that use old versions of the 61.Xr msgctl 2 , 62.Xr shmctl 2 63and 64.Xr __semctl 65system calls which changed semantics in 66.Ox 2.4 . 67.It Cd option COMPAT_25 68Enables compatibility with 69.Ox 2.5 . 70This makes it possible to run binaries that use old versions of the 71.Xr statfs 2 , 72.Xr fstatfs 2 73and 74.Xr getfsstat 2 75system calls which were replaced in 76.Ox 2.6 77when 78.Li struct stat 79was expanded. 80.It Cd option COMPAT_SVR4 81On those architectures that support it, this enables binary 82compatibility with 83.At V.4 84binaries built for the same architecture. 85This currently includes the sparc and i386. 86Possibly the most widely known operating system 87based on this binary architecture is Sun's Solaris 2.x. 88See 89.Xr compat_svr4 8 . 90.It Cd option COMPAT_BSDOS 91On those architectures that support it, this enables binary 92compatibility with 93.Em BSD/OS 94applications. 95This option is supported on the i386 architecture. 96See 97.Xr compat_bsdos 8 . 98Requires 99.Cm option COMPAT_43 100also be used for proper operation. 101.It Cd option COMPAT_LINUX 102On those architectures that support it, this enables binary 103compatibility with 104.Em Linux 105ELF and a.out 106applications built for the same architecture. 107This option is supported on the i386 architecture. 108See 109.Xr compat_linux 8 . 110.It Cd option COMPAT_SUNOS 111On those architectures that support it, this enables binary 112compatibility with 113.Em SunOS 4.x 114applications built for the same architecture. 115This option is supported on the sparc and most m68k platforms. 116See 117.Xr compat_sunos 8 . 118.It Cd option COMPAT_ULTRIX 119On those architectures that support it, this enables binary 120compatibility with 121.Tn Ultrix 122applications built for the same architecture. 123This option is available on the little-endian MIPS platforms like the 124pmax and arc. 125See 126.Xr compat_ultrix 8 . 127.It Cd option COMPAT_FREEBSD 128On those architectures that support it, this enables binary 129compatibility with 130.Em FreeBSD 131applications built for the same architecture. 132This option is available on the i386 architecture. 133See 134.Xr compat_freebsd 8 . 135.It Cd option COMPAT_HPUX 136On those architectures that support it, this enables binary 137compatibility with 138.Em HP/UX 139applications built for the same architecture. 140This option is available on some m68k architectures. 141See 142.Xr compat_hpux 8 . 143.It Cd option COMPAT_IBCS2 144On those architectures that support it, this enables binary 145compatibility with 146.Em iBCS2 147applications built for the same architecture. 148This option is available on the i386 architecture. 149See 150.Xr compat_ibcs2 8 . 151.It Cd option COMPAT_NETBSD 152On those architectures that support it, this enables binary 153compatibility with 154.Em NetBSD 155applications built for the same architecture. 156See 157.Xr compat_freebsd 8 . 158.It Cd option COMPAT_OSF1 159On those architectures that support it, this enables binary 160compatibility with 161.Em Digital UNIX 162(formerly 163.Em OSF/1 ) 164applications built for the same architecture. 165This option is available on the alpha architecture. 166See 167.Xr compat_osf1 8 . 168.It Cd option COMPAT_NOMID 169Enables compatibility with a.out executables that lack a machine ID. 170On the i386, this includes 171.Nx 1720.8's ZMAGIC format, 386BSD and BSDI's 173QMAGIC, NMAGIC, and OMAGIC a.out formats. 174On the hp300 and other m68k architectures this permits certain old 175.Bx 4.3 176binaries to work, though its use is discouraged now. 177.It Cd option COMPAT_43 178Use of this option is discouraged. 179It enables compatibility with 180.Bx 4.3 . 181It adds an old syscall for 182.Fn lseek 183as well as ioctls for 184.Dv TIOCGETP 185and 186.Dv TIOCSETP . 187The return values for the 188.Xr getpid 2 , 189.Xr getgid 2 , 190and 191.Xr getuid 2 192system calls are modified as well, to return the parent's PID and UID as well 193as the current process's. 194It also enables the deprecated 195.Dv NTTYDISC 196terminal line discipline. 197It provides backwards compatibility with the 198.Dq old 199SIOC[GS]IF{ADDR,DSTADDR,BRDADDR,NETMASK} interface ioctls, including 200binary compatibility for code written before the introduction of the 201.Li sa_len 202field in sockaddrs. 203It also enables support for some older pre BSD 4.4 socket calls. 204.El 205.Ss Debugging Options 206.Bl -ohang 207.It Cd option DDB 208Compiles in a kernel debugger for diagnosing kernel problems. 209See 210.Xr ddb 4 211for details. 212.Em Note: 213not available on all architectures. 214.It Cd option DDB_SAFE_CONSOLE 215Allows a break into the kernel debugger during boot. 216Useful when debugging problems that can cause init(8) to fail. 217.It Cd option KGDB 218Compiles in a remote kernel debugger stub for diagnosing kernel problems 219using the 220.Dq remote target 221feature of gdb. 222See 223.Xr kgdb 7 224for details. 225.Em Note: 226not available on all architectures. 227.It Cd makeoptions DEBUG="-g" 228The 229.Fl g 230flag causes 231.Pa bsd.gdb 232to be built in addition to 233.Pa bsd . 234.Pa bsd.gdb 235is useful for debugging kernels and their crashdumps with gdb. 236Note that 237.Xr gdb Ns 's 238.Fl k 239flag 240is obsolete and should not be used. 241Instead, a crashdump can be debugged by starting 242.Xr gdb 243with the kernel name as an argument (no core file) and then use the 244.Xr gdb 245command 246.Dq target kcore COREFILE . 247.It Cd option DEBUG 248Turns on miscellaneous kernel debugging. 249Since options are turned into preprocessor defines (see above), 250.Cm option DEBUG 251is equivalent to doing a 252.Em #define DEBUG 253throughout the kernel. 254Much of the kernel has 255.Em #ifdef DEBUG 256conditional debugging code. 257Note that many parts of the kernel (typically device drivers) include their own 258.Em #ifdef XXX_DEBUG 259conditionals instead. 260This option also turns on certain other options, notably 261.Cm option KMEMSTATS , 262which may decrease system performance. 263.It Cd option DIAGNOSTIC 264Adds code to the kernel that does internal consistency checks. 265This code will cause the kernel to panic if corruption of internal data 266structures is detected. 267.It Cd option SMALL_KERNEL 268Removes some optimizations from the kernel to reduce the size of the 269resulting kernel binary. 270This option can decrease system performance. 271.It Cd option GPROF 272Adds code to the kernel for kernel profiling with 273.Xr kgmon 8 . 274.It Cd makeoptions PROF="-pg" 275The 276.Fl pg 277flag causes the kernel to be compiled with support for profiling. 278The 279.Cm option GPROF 280is required for the kernel compile to succeed. 281.It Cd option KTRACE 282Adds hooks for the system call tracing facility, which allows users to 283watch the system call invocation behavior of processes. 284See 285.Xr ktrace 1 286for details. 287.El 288.Ss File Systems 289.Bl -ohang 290.It Cd option FFS 291Includes code implementing the Berkeley Fast File System 292.Em ( FFS ) . 293Most machines need this if they are not running diskless. 294.It Cd option ADOSFS 295Includes code implementing the AmigaDOS Fast File System 296.Em ( ADOSFS ) . 297Note that the Professional and Smart File Systems are 298.Em not 299supported. 300See 301.Xr mount_ados 8 302for details. 303.It Cd option EXT2FS 304Includes code implementing the Second Extended File System 305.Em ( EXT2FS ) . 306This is the most commonly used file system on the Linux operating system, 307and is provided here for compatibility. 308Some specific features of 309.Em EXT2FS 310like the "behavior on errors" are not implemented. 311This file system 312can't be used with 313.Li uid_t 314or 315.Li gid_t 316values greater than 65535. 317Also, the filesystem will not function correctly on architectures with 318differing byte-orders. 319That is, a big-endian machine will not be able to read an 320ext2fs filesystem created on an i386 or other little-endian machine. 321See 322.Xr mount_ext2fs 8 323for details. 324.It Cd option MFS 325Include the memory file system 326.Em ( MFS ) . 327This file system stores files in swappable memory, and produces 328notable performance improvements when it is used as the file store 329for 330.Pa /tmp 331or similar mount points. 332See 333.Xr mount_mfs 8 334for details. 335.It Cd option NFSCLIENT 336Include the client side of the 337.Em NFS 338(Network File System) remote file sharing protocol. 339Although the bulk of the code implementing 340.Em NFS 341is kernel based, several user level daemons are needed for it to work. 342See 343.Xr mount_nfs 8 344for details on NFS. 345.It Cd option CD9660 346Includes code for the ISO 9660 + Rock Ridge file system, which is the 347standard file system used on many CD-ROMs. 348It also supports Joliet extensions. 349See 350.Xr mount_cd9660 8 351for details. 352.It Cd option MSDOSFS 353Includes support for the 354.Tn MS-DOS 355FAT file system. 356The kernel also implements the 357.Tn Windows 95 358extensions which permit the use of longer, mixed-case file names. 359See 360.Xr mount_msdos 8 361and 362.Xr fsck_msdos 8 363for details. 364.It Cd option FDESC 365Includes code for a file system which can be mounted on 366.Pa /dev/fd . 367This filesystem permits access to the per-process file descriptor 368space via special files in the file system. 369See 370.Xr mount_fdesc 8 371for details. 372Note that this facility is redundant, and thus unneeded on most 373.Ox 374systems, since the 375.Xr fd 4 376pseudodevice driver already provides identical functionality. 377On most systems, instances of 378.Xr fd 4 379are mknoded under 380.Pa /dev/fd/ 381and on 382.Pa /dev/stdin , 383.Pa /dev/stdout , 384and 385.Pa /dev/stderr . 386.It Cd option KERNFS 387Includes code which permits the mounting of a special file system 388(normally mounted on 389.Pa /kern ) 390in which files representing various kernel variables and parameters 391may be found. 392See 393.Xr mount_kernfs 8 394for details. 395.It Cd option NULLFS 396Includes code for a loopback file system. 397This permits portions of the file hierarchy to be re-mounted in other places. 398The code really exists to provide an example of a stackable file system layer. 399See 400.Xr mount_null 8 401for details. 402.It Cd option PORTAL 403Includes the (experimental) portal filesystem. 404This permits interesting tricks like opening TCP sockets by opening files in 405the file system. 406The portal file system is conventionally mounted on 407.Pa /p 408and is partially implemented by a special daemon. 409See 410.Xr mount_portal 8 411for details. 412.It Cd option PROCFS 413Includes code for a special file system (conventionally mounted on 414.Pa /proc ) 415in which the process space becomes visible in the file system. 416Among other things, the memory spaces of processes running on the system are 417visible as files, and signals may be sent to processes by writing to 418.Pa ctl 419files in the procfs namespace. 420See 421.Xr mount_procfs 8 422for details. 423.It Cd option UMAPFS 424Includes a loopback file system in which user and group IDs may be 425remapped -- this can be useful when mounting alien file systems with 426different uids and gids than the local system (eg, remote NFS). 427See 428.Xr mount_umap 8 429for details. 430.It Cd option UNION 431Includes code for the union file system, which permits directories to 432be mounted on top of each other in such a way that both file systems 433remain visible -- this permits tricks like allowing writing (and the 434deleting of files) on a read-only file system like a CD-ROM by 435mounting a local writable file system on top of the read-only file 436system. 437This filesystem is still experimental and is known to be somewhat unstable. 438See 439.Xr mount_union 8 440for details. 441.It Cd option XFS 442Includes the kernel support for the AFS-compatible Arla filesystem. 443Since the xfs interface is simple and generic it can be used for other 444filesystems as well. 445See 446.Xr mount_xfs 8 447for details. 448.El 449.Ss File System Options 450.Bl -ohang 451.It Cd option FFS_SOFTUPDATES 452Enables a scheme that uses partial ordering of buffer cache operations 453to allow metadata updates in FFS to happen asynchronously, increasing write 454performance significantly. 455Normally, the FFS filesystem writes metadata updates synchronously which exacts 456a performance penalty in favor of filesystem integrity. 457With soft updates, you gain the performance of asynchronous writes while 458retaining the safety of synchronous metadata updates. 459.Pp 460Soft updates must be enabled on a per-filesystem basis. 461See 462.Xr mount 8 463for details. 464.Pp 465Processors with a small kernel address space, such as the sun4 and sun4c, do 466not have enough kernel memory to support soft updates. 467Attempts to use this option with these CPUs will cause a kernel hang or panic 468after a short period of use as the kernel will quickly run out of memory. 469This is not related to the amount of physical memory present in the machine -- 470it is a limitation of the CPU architecture itself. 471.It Cd option BUFCACHEPERCENT=integer 472Percentage of RAM to use as a file system buffer. 473It defaults to 5. 474.It Cd option NFSSERVER 475Include the server side of the 476.Em NFS 477(Network File System) remote file sharing protocol. 478Although the bulk of the code implementing 479.Em NFS 480is kernel based, several user level daemons are needed for it to 481work. 482See 483.Xr mountd 8 484and 485.Xr nfsd 8 486for details. 487.It Cd option QUOTA 488Enables kernel support for file system quotas. 489See 490.Xr quotaon 8 , 491.Xr edquota 8 , 492.Xr repquota 8 , 493and 494.Xr quota 1 495for details. 496Note that quotas only work on 497.Dq ffs 498file systems, although 499.Xr rpc.rquotad 8 500permits them to be accessed over 501.Em NFS . 502.It Cd option FIFO 503Adds support for 504.At V 505style FIFOs (i.e., 506.Dq named pipes ) . 507This option is recommended in almost all cases as many programs use these. 508.It Cd option EXT2FS_SYSTEM_FLAGS 509This option changes the behavior of the APPEND and IMMUTABLE flags 510for a file on an 511.Em EXT2FS 512filesystem. 513Without this option, the superuser or owner of the file can set and clear them. 514With this option, only the superuser can set them, and they can't be cleared 515if the securelevel is greater than 0. 516See also 517.Xr chflags 1 . 518.El 519.Ss Miscellaneous Options 520.Bl -ohang 521.It Cd option PCIVERBOSE 522Makes the boot process more verbose for PCI peripherals 523(vendor names and other information is printed, etc.). 524.It Cd option EISAVERBOSE 525Makes the boot process more verbose for EISA peripherals. 526.It Cd option PCMCIAVERBOSE 527Makes the boot process more verbose for PCMCIA peripherals. 528.It Cd option MACOBIOVERBOSE 529Makes the boot process more verbose for Mac OBIO peripherals. 530.It Cd option APERTURE 531Provide in-kernel support for VGA framebuffer mapping by user-processes 532(such as an X windows server). 533This option is supported in the i386 architecture. 534.It Cd option XSERVER 535Support for X windows in the console driver. 536.It Cd option LKM 537Enables support for loadable kernel modules. 538See 539.Xr lkm 4 540for details. 541.Em Note: 542This option is not yet available on all architectures. 543.It Cd option CRYPTO 544Enables support for the kernel cryptographic framework. 545See 546.Xr crypto 9 547for details. 548While not IP specific, this option is usually used in conjunction with option 549.Em IPSEC . 550.It Cd option INSECURE 551Hardwires the kernel security level at \-1. 552This means that the system always runs in securelevel 0 mode, even when 553running multiuser. 554See 555.Xr init 8 556for details on the implications of this. 557The kernel secure level may be manipulated by the superuser by altering the 558.Em kern.securelevel 559sysctl variable. 560(It should be noted that the securelevel may only be lowered by a call from 561process ID 1, i.e., 562.Xr init 8 . ) 563See also 564.Xr sysctl 8 565and 566.Xr sysctl 3 . 567.It Cd option CCDNBUF=integer 568The 569.Xr ccd 4 570device driver uses 571.Dq component buffers 572to distribute I/O requests to the components of a concatenated disk. 573It keeps a freelist of buffer 574headers in order to reduce use of the kernel memory allocator. 575.Em CCDNBUF 576is the number of buffer headers allocated on the freelist for 577each component buffer. 578It defaults to 8. 579.It Cd option KMEMSTATS 580The kernel memory allocator, 581.Xr malloc 9 , 582will keep statistics on its performance if this option is enabled. 583Unfortunately, this option therefore essentially disables 584.Fn MALLOC 585and 586.Fn FREE 587forms of the memory allocator, which are used to enhance the 588performance of certain critical sections of code in the kernel. 589This option therefore can lead to a significant decrease in the performance 590of certain code in the kernel if enabled. 591Examples of such code include the 592.Fn namei 593routine, the 594.Xr ccd 4 595driver, 596the 597.Xr ncr 4 598driver, and much of the networking code. 599Note that this option is silently turned on by the 600.Em DEBUG 601option. 602.It Cd option BOOT_CONFIG 603Adds support for the 604.Fl c 605boot option (User Kernel Config). 606Allows modification of kernel settings (e.g., device parameters) before 607booting the system. 608.It Cd option UVM_SWAP_ENCRYPT 609Enables kernel support for encrypting pages that are written out to 610swap storage. 611Swap encryption prevents sensitive data from remaining 612on the disk even after the operating system has been shut down. 613This option should be turned on if cryptographic filesystems are used. 614The sysctl variable 615.Em vm.swapencrypt.enable 616controls its behaviour. 617See 618.Xr sysctl 8 619and 620.Xr sysctl 3 621for details. 622.It Cd option USER_PCICONF 623Enables the user level acces to the PCI bus configuration space 624through ioctls on the 625.Pa /dev/pci 626device. 627It's used by the 628.Xr XFree86 1 629server on some architectures. 630See 631.Xr pci 4 632for details. 633.El 634.Ss Networking Options 635.Bl -ohang 636.It Cd option GATEWAY 637Enables 638.Em IPFORWARDING 639and (on most ports) increases the size of 640.Em NMBCLUSTERS . 641In general, 642.Em GATEWAY 643is used to indicate that a system should act as a router, and 644.Em IPFORWARDING 645is not invoked directly. 646(Note that 647.Em GATEWAY 648has no impact on protocols other than IP, such as CLNP or XNS.) 649.It Cd option IPFORWARDING 650Enables IP routing behavior. 651With this option enabled, the machine 652will forward IP datagrams between its interfaces that are destined for 653other machines. 654Note that even without this option, the kernel will 655still forward some packets (such as source routed packets) -- removing 656.Em GATEWAY 657and 658.Em IPFORWARDING 659is insufficient to stop all routing through a bastion host on a 660firewall -- source routing is controlled independently. 661Note that IP 662forwarding may be turned on and off independently of the setting of the 663.Em IPFORWARDING 664option through the use of the 665.Em net.inet.ip.forwarding 666sysctl variable. 667If 668.Em net.inet.ip.forwarding 669is 1, IP forwarding is on. 670See 671.Xr sysctl 8 672and 673.Xr sysctl 3 674for details. 675.It Cd option MROUTING 676Includes support for IP multicast routers. 677.Em INET 678should be set along with this. 679Multicast routing is controlled by the 680.Xr mrouted 8 681daemon. 682.It Cd option INET 683Includes support for the TCP/IP protocol stack. 684This option is currently required. 685See 686.Xr inet 4 687for details. 688.It Cd options INET6 689Includes support for the 690.Tn IPv6 691protocol stack. 692See 693.Xr inet6 4 694for details. 695Unlike 696.Em INET , 697.Em INET6 698enables multicast routing code as well. 699This option requires 700.Em INET 701at this moment, but it should not. 702.It Cd options ND6_DEBUG 703The option sets the default value of net.inet6.icmp6.nd6_debug to 1, 704for debugging IPv6 neighbor discovery protocol handling. 705See 706.Xr sysctl 3 707for details. 708.It Cd option NS 709Include support for the Xerox XNS protocol stack. 710See 711.Xr ns 4 712for details. 713.It Cd option ISO,TPIP 714Include support for the ubiquitous OSI protocol stack. 715See 716.Xr iso 4 717for details. 718.It Cd option EON 719Include support for OSI tunneling over IP. 720.It Cd option CCITT,LLC,HDLC 721Include support for the X.25 protocol stack. 722The state of this code is currently unknown. 723It probably contains bugs. 724.It Cd option IPX, IPXIP 725Include support for Internetwork Packet Exchange protocol commonly in 726use by 727.Tn Novell NetWare . 728.It Cd option NETATALK 729Include kernel support for the AppleTalk family of protocols. 730This suite of supporting code is sometimes called 731.Em netatalk 732support. 733.It Cd option TCP_COMPAT_42 734Use of this option is 735.Em extremely 736discouraged, so it should not be enabled. 737If any other machines on the network require enabling this, it's 738recommended that 739.Em they 740be disconnected from the network. 741.Pp 742TCP bug compatibility with 743.Bx 4.2 . 744In 745.Bx 4.2 , 746TCP sequence numbers 747were 32-bit signed values. 748Modern implementations of TCP use unsigned values. 749This option clamps the initial sequence number to start in 750the range 2^31 rather than the full unsigned range of 2^32. 751Also, under 752.Bx 4.2 , 753keepalive packets must contain at least one byte or else 754the remote end will not respond. 755.It Cd option TCP_SACK 756Turns on selective acknowledgements. 757Additional information about 758segments already received can be transmitted back to the sender, 759thus indicating segments that have been lost and allowing for 760a swifter recovery. 761Both communication endpoints need to support 762.Em SACK . 763The fallback behaviour is NewReno fast recovery phase, which allows 764one lost segment to be recovered per round trip time. 765When more then one segment has been dropped per window, the transmission can 766continue without waiting for a retransmission timeout. 767.It Cd option TCP_FACK 768Turns on forward acknowledgements allowing a more precise estimate of 769outstanding data during the fast recovery phase by using 770.Em SACK 771information. 772This option can only be used together with 773.Em TCP_SACK . 774.It Cd option TCP_SIGNATURE 775Turns on support for the TCP MD5 Signature option (RFC 2385). 776This is used by 777Internet backbone routers to provide per-packet authentication for the TCP 778packets used to communicate BGP routing information. 779You will also need a 780routing daemon that supports this option in order to actually use it. 781.It Cd option PPP_FILTER 782This option turns on 783.Xr pcap 3 784based filtering for ppp connections. 785This option is used by 786.Xr pppd 8 787which needs to be compiled with 788.Em PPP_FILTER 789defined (the current default). 790.It Cd option PPP_BSDCOMP 791Enables BSD compressor for PPP connections. 792.It Cd option PPP_DEFLATE 793For use in conjunction with PPP_BSDCOMP; provides an interface to zlib for PPP 794for deflate compression/decompression. 795.It Cd option IPSEC 796This option enables IP security protocol support. 797See 798.Xr ipsec 4 799for more details. 800.It Cd option ENCDEBUG 801This option enables debugging information to be conditionally logged 802in case IPSEC encounters errors. 803The option 804.Em IPSEC 805is required along with this option. 806Debug logging can be turned on/off through the use of the 807.Em net.inet.ip.encdebug 808sysctl variable. 809If 810.Em net.ipsec.encap.encdebug 811is 1, debug logging is on. 812See 813.Xr sysctl 8 814and 815.Xr sysctl 3 816for details. 817.It Cd option KEY 818Enables PFKEYv2 (RFC 2367) support. 819While not IP specific, this option is usually used in conjunction with option 820.Em IPSEC . 821.It Cd option ALTQ 822Enables ALTQ (Alternate Queueing). 823For simple rate-limiting, use 824.Xr tbrconfig 8 825to set up the interface transmission rate. 826To use queueing disciplines, their options should also be defined. 827Queueing disciplines are managed by 828.Xr altqd 8 . 829See 830.Xr altq 9 831for details on ALTQ. 832.It Cd option ALTQ_CBQ 833Enables ALTQ's CBQ (Class-based Queueing) module. 834CBQ achieves both partitioning and sharing of link bandwidth by hierarchically 835structured classes. 836Each class has its own queue and is assigned its share of bandwidth. 837A child class can borrow bandwidth from its parent class as long as excess 838bandwidth is available. 839.It Cd option ALTQ_HFSC 840Enables ALTQ's HFSC (Hierarchical Fair Service Curve) module. 841HFSC supports both link-sharing and guaranteed real-time services. 842H-FSC employs a service curve based QoS model, and its unique feature 843is an ability to decouple delay and bandwidth allocation. 844.It Cd option ALTQ_PRIQ 845Enables ALTQ's PRIQ (Priority Queueing) module. 846PRIQ implements a simple priority-based queueing. 847A higher priority class is always served first. 848.It Cd option ALTQ_WFQ 849Enables ALTQ's WFQ (Weighted Fair Queueing) module. 850WFQ implements a weighted-round robin scheduler for a set of queues. 851A weight can be assigned to each queue to give a different proportion 852of the link capacity. 853A hash function is used to map a flow to one of a set of queues. 854.It Cd option ALTQ_FIFOQ 855Enables ALTQ's FIFO queue module. 856FIFOQ is a simple drop-tail FIFO queue. 857.It Cd option ALTQ_RED 858Enables ALTQ's RED (Random Early Detection) module. 859RED is an implicit congestion notification mechanism that exercises 860packet dropping or packet marking stochastically according to the 861average queue length. 862RED can be viewed as an active buffer management mechanism and can be 863integrated into other queueing disciplines. 864.It Cd option ALTQ_RIO 865Enables ALTQ's RIO (RED with In/Oout) module. 866The original RIO has 2 sets of RED parameters; one for in-profile 867packets and the other for out-of-profile packets. 868At the ingress of the network, profile meters tag packets as IN or 869OUT based on contracted profiles for customers. 870Inside the network, IN packets receive preferential treatment by 871the RIO dropper. 872ALTQ/RIO has 3 drop precedence levels defined for the Assured Forwarding 873PHB of DiffServ (RFC2597). 874.It Cd option ALTQ_BLUE 875Enables ALTQ's Blue module. 876Blue is another active buffer management mechanism. 877.It Cd option ALTQ_FLOWVALVE 878Enables ALTQ's Flowvalve module. 879Flowvalve is a simple implementation of a RED penalty box that identifies 880and punishes misbehaving flows. 881.It Cd option ALTQ_CDNR 882Enables ALTQ's CDNR (diffserfv traffic conditioner) module. 883Traffic conditioners are components to meter, mark, or drop incoming 884packets according to some rules. 885As opposed to queueing disciplines, traffic conditioners handle incoming 886packets at an input interface. 887.It Cd option ALTQ_NOPCC 888Disables use of processor cycle counter (e.g., Pentium TSC on i386 and 889PCC on alpha) to measure time in ALTQ. 890This option should be defined for a non-Pentium i386 CPU which does not 891have TSC, SMP (per-CPU counters are not in sync), or power management 892which affects processor cycle counter. 893.El 894.Ss SCSI Subsystem Options 895.Bl -ohang 896.It Cd option SCSITERSE 897Terser SCSI error messages. 898This omits the table for decoding ASC/ASCQ info, saving about 8 bytes or so. 899.It Cd option SCSIDEBUG 900Prints extra debugging info for the SCSI subsystem to the console. 901.El 902.Ss System V IPC Options 903.Bl -ohang 904.It Cd option SYSVMSG 905Includes support for 906.At V 907style message queues. 908See 909.Xr msgctl 2 , 910.Xr msgget 2 , 911.Xr msgrcv 2 , 912.Xr msgsnd 2 . 913.It Cd option SYSVSEM 914Includes support for 915.At V 916style semaphores. 917See 918.Xr semctl 2 , 919.Xr semget 2 , 920.Xr semop 2 . 921.It Cd option SYSVSHM 922Includes support for 923.At V 924style shared memory. 925See 926.Xr shmat 2 , 927.Xr shmctl 2 , 928.Xr shmdt 2 , 929.Xr shmget 2 . 930.It Cd option SHMMAXPGS=value 931Sets the maximum number of 932.At V 933style shared memory pages that are available through the 934.Xr shmget 2 935system call. 936Default value is 1024 on most ports. 937See 938.Pa /usr/include/machine/vmparam.h 939for the default. 940.It Cd option SEMMNI=value 941Number of semaphore identifiers (also called semaphore handles 942and semaphore sets) available in the system. 943Default value is 10. 944The kernel allocates memory for the control structures at startup, 945so you should avoid arbitrarily large values. 946.It Cd option SEMMNS=value 947Maximum number of semaphores in all sets in the system. 948Default value is 60. 949.It Cd option SEMMNU=value 950Maximum number of semaphore undo structures in the system. 951Default value is 30. 952.It Cd option SEMUME=value 953Maximum number of per-process undo operation entries in the 954system. 955Semaphore undo operations are invoked by the kernel when 956.Xr semop 2 957is called with the SEM_UNDO flag and the process holding 958the semaphores terminates unexpectedly. 959Default value is 10. 960.El 961.Ss Operation Related Options 962.Bl -ohang 963.It Cd option NMBCLUSTERS=value 964Size of kernel mbuf cluster map, 965.Em mb_map , 966in CLBYTES-sized logical pages. 967Default on most ports is 256 (512 with 968.Dq option GATEWAY ) . 969See 970.Pa /usr/include/machine/param.h 971for exact default information. 972Increase this value if 973.Dq mclpool limit reached 974messages appear. 975.It Cd option NKMEMCLUSTERS=value 976Size of kernel malloc area in CLBYTES-sized logical pages. 977This area is covered by the kernel submap 978.Em kmem_map . 979See 980.Pa /usr/include/machine/param.h 981for the default value, which is port specific. 982Increase this value if 983.Dq out of space in kmem_map 984panics happen. 985.\" , which mean the system has run out of malloc-able kernel memory. 986.It Cd option NBUF=value 987.It Cd option BUFPAGES=value 988These options set the number of pages available for the buffer cache. 989Their default value is a machine dependent value, often calculated as 990between 5% and 10% of total available RAM. 991.It Cd option NTP 992Modify the scheduler code to add hooks necessary for running an NTP daemon. 993.Xr xntpd 8 994is available as part of the port collection. 995.It Cd option APM_NOPRINT 996This option is supported on the i386 architecture. 997When enabled kernel messages regarding the status of the automatic power 998management system 999.Tn ( APM ) 1000are suppressed. 1001.Tn APM 1002status can still be obtained using 1003.Xr apm 8 1004and/or 1005.Xr apmd 8 . 1006.It Cd RFORK_FDSHARE 1007This option enables sharing of file descriptor tables between processes that 1008request it. 1009It is needed for the 1010.Xr rfork 1011system call to work properly and for some programs to run under Linux emulation. 1012It's disabled by default for security reasons, because it allows any malicious 1013user to crash the system. 1014.El 1015.\" The following requests should be uncommented and used where appropriate. 1016.\" .Sh FILES 1017.\" .Sh EXAMPLES 1018.Sh SEE ALSO 1019.Xr X 1 , 1020.Xr gdb 1 , 1021.Xr ktrace 1 , 1022.Xr quota 1 , 1023.Xr gettimeofday 2 , 1024.Xr i386_iopl 2 , 1025.Xr msgctl 2 , 1026.Xr msgget 2 , 1027.Xr msgrcv 2 , 1028.Xr msgsnd 2 , 1029.Xr semctl 2 , 1030.Xr semget 2 , 1031.Xr semop 2 , 1032.Xr shmat 2 , 1033.Xr shmctl 2 , 1034.Xr shmdt 2 , 1035.Xr shmget 2 , 1036.Xr sysctl 3 , 1037.Xr ddb 4 , 1038.Xr inet 4 , 1039.Xr ipsec 4 , 1040.Xr iso 4 , 1041.Xr lkm 4 , 1042.Xr ns 4 , 1043.Xr pci 4 , 1044.Xr xf86 4 , 1045.Xr apm 8 , 1046.Xr apmd 8 , 1047.Xr config 8 , 1048.Xr edquota 8 , 1049.Xr init 8 , 1050.Xr mount_cd9660 8 , 1051.Xr mount_fdesc 8 , 1052.Xr mount_kernfs 8 , 1053.Xr mount_mfs 8 , 1054.Xr mount_msdos 8 , 1055.Xr mount_nfs 8 , 1056.Xr mount_null 8 , 1057.Xr mount_portal 8 , 1058.Xr mount_procfs 8 , 1059.Xr mount_umap 8 , 1060.Xr mount_union 8 , 1061.Xr mrouted 8 , 1062.Xr quotaon 8 , 1063.Xr rpc.rquotad 8 , 1064.Xr sysctl 8 , 1065.Xr xntpd 8 , 1066.Xr altq 9 1067.Sh HISTORY 1068The 1069.Nm 1070man page first appeared in 1071.Ox 2.3 . 1072.Sh BUGS 1073The 1074.Em INET 1075option should not be required. 1076