MicroBSD Handbook

8.4 The Configuration File

The general format of a configuration file is quite simple. Each line contains a keyword and one or more arguments. For simplicity, most lines only contain one argument. Anything following a # is considered a comment and ignored. The following sections describe each keyword, generally in the order they are listed in GENERIC, although some related keywords have been grouped together in a single section (such as Networking) even though they are actually scattered throughout the GENERIC file.

Let's look in the /usr/src/sys/conf/GENERIC file:

      # cat /usr/src/sys/conf/GENERIC
      
      #       $MicroBSD: GENERIC,v 1.89 2002/07/06 19:14:20 nordin Exp $
      #
      #       Machine-independent option; used by all architectures for their
      #       GENERIC kernel

      #option         INSECURE        

      option          DDB             
      #option         DDB_SAFE_CONSOLE 
      #makeoptions    DEBUG="-g"      
      #makeoptions    PROF="-pg"      
      #option         GPROF           
      option          DIAGNOSTIC      
      option          KTRACE          
      option          KMEMSTATS       
      option          PTRACE

INSECURE - Leave this by default to secure.
DDB - This compiles in the in-kernel debugger. This isn't available on all platforms. So be sure to read before adding it.
DDB_SAFE_CONSOLE - Allow break into ddb during boot.
DEBUG - Used to put various debugging options in the kernel, where the source has defined them.
makeoptions DEBUG="-g" - Makes bsd.gdb along with bsd. This is useful for debugging crash dumps with gdb.
makeoptions PROF="-pg" - The -pg flag causes the kernel to be compiled with support for profiling. Option GPROF is required to use this option.
GPROF - adds code to the kernel for kernel profiling with kgmon.
DIAGNOSTIC - Adds code to the kernel that does internal consistency checks.
KTRACE - Adds hooks for the system call tracing facility. Which allows users to use ktrace.
KMEMSTATS - collect malloc statistics
PTRACE - ptrace system call.

      
            
      option          CRYPTO          
      option          SYSVMSG         
      option          SYSVSEM         
      option          SYSVSHM         
      option          UVM_SWAP_ENCRYPT
      #option         COMPAT_23       
      option          COMPAT_25       
      option          COMPAT_43       
      #option         TCP_COMPAT_42   
      option          LKM             
      option          FFS             
      option          FFS_SOFTUPDATES 
      option          QUOTA           
      option          EXT2FS          
      option          MFS             
      #option         XFS             
      option          TCP_SACK        
      option          TCP_ECN         
      #option         TCP_FACK        
      #option         TCP_SIGNATURE
      option 	      NFS   
      option          NFSCLIENT       
      option          NFSSERVER       
      option          CD9660          
      option          MSDOSFS         
      option          FDESC           
      option          FIFO            
      option          KERNFS          
      option          NULLFS          
      option          PORTAL          
      option          PROCFS          
      option          UMAPFS          
      option          UNION

CRYPTO - Enables cryptographic framework.
SYSVMSG - System V-like message queues.
SYSVSEM - System V-like semaphores.
SYSVSHM - System V-like memory sharing.
UVM_SWAP_ENCRYPT - Support encryption of pages going to swap.
COMPAT_23, COMPAT_25, COMPAT_43 - Kernel compatibility with BSD 2.3, 2.5, 4.3.
TCP_COMPAT_42 - TCP bug compatibility with 4.2BSD
LKM - Enable loadable kernel modules.
FFS - Berkeley Fast Filesystem (This option is required).
FFS_SOFTUPDATES - Allows for the use of softupdates.
QUOTA - Support for Filesystem Quota's.
EXT2FS - Second Extended File System, This is needed for those of you who want to read Linux partitions.
MFS - Memory File System that stores files in swappable memory.
XFS - Add hooks for using a filesystem that is compatible with the AFS filesystem. Currently used by the Arla/AFS code.
TCP_SACK - Selective Acknowledgements for TCP.
TCP_ECN - Explicit Congestion Notification for TCP.
TCP_FACK - Forward Acknowledgements for TCP.
TCP_SIGNATURE - TCP MD5 Signatures, for BGP routing sessions.
NFS - Network File System, This is needed if you will be using NFS.
NFSCLIENT - Allow for the client-side NFS code to be included in the kernel.
NFSSERVER - Allow for the server-side NFS code to be included in the kernel.
CD9660 - This is iso9660 + rockridge filesystem. This is required to read from CDs.
MSDOSFS - Needed to read MS-DOS FAT filesystems. Also has support for Windows 95 long name + mixed case extensions.
FDESC - Includes code for a file system which can be mounted on /dev/fd.
FIFO - Support for FIFOs. RECOMMENDED.
KERNFS - Includes code that permits the mounting of a special file system (normally mounted on /kern) in which files representing various kernel variables and parameters may be found.
NULLFS - Code to have a loopback filesystem.
PORTAL - Includes the (experimental) portal filesystem. This permits interesting tricks like opening TCP sockets by opening files in the file system.
PROCFS - Includes code for a special file system (conventionally mounted on /proc).
UMAPFS - Includes a loopback file system in which user and group ids may be remapped -- this can be useful when mounting alien file systems with different uids and gids than the local system (eg, remote NFS).
UNION - Includes code for the union file system, which permits directories to be mounted on top of each other in such a way that both file systems remain visible. This code isn't quite stable yet.

      
      #option         GATEWAY         
      option          INET            
      option          ALTQ            
      option          INET6           
      option          PULLDOWN_TEST   
      option          IPSEC           
      #option         KEY             
      #option         NS              
      #option         NSIP            
      #option         IPX             
      #option         IPXIP           
      #option         ISO,TPIP        
      #option         EON             
      #option         NETATALK        
      #option         CCITT,LLC,HDLC  
      option          PPP_BSDCOMP     
      option          PPP_DEFLATE
      #option         MROUTING        
      option          NETWORK_PORT_ACL

GATEWAY - Enables IPFORWARDING and (on most ports) increases the size of NMBCLUSTERS.
INET - Includes support for the TCP/IP protocol stack. This option is REQUIRED.
ALTQ - ALTQ base.
INET6 - Includes support for the IPv6 protocol.
PULLDOWN_TEST - use m_pulldown for IPv6 packet parsing.
IPSEC - This option enables IP security protocol support. See ipsec man pages for more details. This now implies option KEY, which gives support for PFKEYv2.
KEY - Enables PF_KEY.
NS - Include support for the Xerox XNS protocol stack.
NSIP - XNS tunneling over IP.
IPX, IPXIP - Include support for Internetwork Packet Exchange protocol commonly in use by Novell NetWare.
ISO,TPIP - Include support for the ubiquitous OSI protocol stack.
EON - Include support for OSI tunneling over IP.
NETATALK - Include kernel support for the AppleTalk family of protocols.
CCITT,LLC,HDLC - Include support for the X.25 protocol stack.
PPP_BSDCOMP - PPP BSD compression.
PPP_DEFLATE - Used in conjunction with PPP_BSDCOMP.
MROUTING - Includes support for IP multicast routers.
NETWORK_PORT_ACL - Flexible network port access control.


      pseudo-device   pf      1       
      pseudo-device   pflog   1       
      pseudo-device   loop    2       
      pseudo-device   bpfilter 8      
      pseudo-device   sl      2       
      pseudo-device   ppp     2       
      pseudo-device   sppp    1       
      pseudo-device   tun     2       
      pseudo-device   enc     1       
      pseudo-device   bridge  2       
      pseudo-device   vlan    2       
      pseudo-device   gre     1       
      #pseudo-device  strip   1       

      pseudo-device   pty     64      
      pseudo-device   tb      1       
      pseudo-device   vnd     4       
      pseudo-device   ccd     4       
      pseudo-device   ksyms   1       
      pseudo-device   systrace 1

pf - Enables packet filter.
pflog - Packet filter log interface.This opiton is required to work packet filter.
loop - Network loopback device.
bffilter - This option requires packet filter.
sl - CSLIP protocol.
ppp - Enables PPP protocol.
sppp - Enables Sync. PPP or HDLS.
tun - Enables network tunneling over tty.
enc - Encapsulation interface for IPSEC (RECOMENDED).
bridge - Enables support for network bridging.
vlan - IEEE 802.1Q VLAN.
gre - GRE encapsulation interface.
strip - Starmode radio Ip interface.
pty - Enables pseudo terminals.
tb - Tablet line discipline.
vnd - Paging to files.
ccd - Concatenated disk devices.
ksyms - kernel symbols device.
systrace - System call tracing device.


      # for IPv6
      pseudo-device   gif     4       
      #pseudo-device  faith   1       

      option          BOOT_CONFIG     

      # Stephanie: MicroBSD hardening
      #option         STEPHANIE_VERBOSE       

      # Stephanie: Features
      #option         SNEEK                   
      option          TPE                     
      option          PRIVACY                 
      #option         SYMLINKS                
      #option         LDSTRIP                 
      option          K5                      

      # Stephanie: Sub-options for k5
      #option         K5_SAVEKMEM             
      #option         K5_SUGIDONLY            
      #option         K5_STRICT               
      #option         K5_VERBOSE

gif - IPv4/IPv6 over IPv4/IPv6 tunnel.
faith - IPv4/IPv6 tvp relay translation interface.
BOOT_CONFIG - Add support fot boot -c.

STEPHANIE MODULES

STEPHANIE_VERBOSE - Be verbose for Stephanie kernel module (not recommended).
SNEEK - Stephanie execve logging module.
TPE - Trusted path Execution.
PRIVACY - Privacy modification.
SYMLINKS - Restricted symlinks.
LDSTRIP - ld.so environment variable stripping.
K5 - Binary integrity verification.
K5_SAVEKMEM - Save kernel memory (half-size chunks).
K5_SUGIDONLY - Verify integrity of S[UG]IDs only.
K5_STRICT - Access denied if binary not in DB.
K5_VERBOSE - Be very verbose (k5, not recommended).

Now view the /usr/src/sys/arch/$ARCH/conf/GENERIC. In this file there are only devices and little kernel options which are explained in every line, and if you have a simple knowledge of kernel configuration you will not have much problems.Don't forget to edit the line include "../../../conf/GENERIC" and change it to include "../../../conf/NEWKERNEL" where NEWKERNEL is the name of your custom kernel configuration.

Prev	Home	Next
Building and Installing a Custom Kernel		Boot time configuration

This, and other documents, can be downloaded from MicroBSD.

For questions about MicroBSD, read the documentation before contacting <MicroBSD Support>.
Copyright © 1995-2003 by The FreeBSD Documentation Project, OpenBSD FAQ Copyright © 1998-2003 OpenBSD, Modified for MicroBSD