freebsd-nq/sys/conf/options

753 lines
19 KiB
Plaintext
Raw Normal View History

1999-08-28 01:08:13 +00:00
# $FreeBSD$
#
# On the handling of kernel options
#
# All kernel options should be listed in NOTES, with suitable
# descriptions. Negative options (options that make some code not
2001-07-08 01:04:10 +00:00
# compile) should be commented out; LINT (generated from NOTES) should
# compile as much code as possible. Try to structure option-using
# code so that a single option only switch code on, or only switch
# code off, to make it possible to have a full compile-test. If
# necessary, you can check for COMPILING_LINT to get maximum code
# coverage.
#
# All new options shall also be listed in either "conf/options" or
2001-07-08 01:04:10 +00:00
# "conf/options.<machine>". Options that affect a single source-file
# <xxx>.[c|s] should be directed into "opt_<xxx>.h", while options
# that affect multiple files should either go in "opt_global.h" if
# this is a kernel-wide option (used just about everywhere), or in
2006-12-18 05:42:33 +00:00
# "opt_<option-name-in-lower-case>.h" if it affects only some files.
2001-07-08 01:04:10 +00:00
# Note that the effect of listing only an option without a
# header-file-name in conf/options (and cousins) is that the last
# convention is followed.
#
# This handling scheme is not yet fully implemented.
#
#
# Format of this file:
# Option name filename
#
# If filename is missing, the default is
# opt_<name-of-option-in-lower-case>.h
AAC_DEBUG opt_aac.h
AHC_ALLOW_MEMIO opt_aic7xxx.h
AHC_TMODE_ENABLE opt_aic7xxx.h
AHC_DUMP_EEPROM opt_aic7xxx.h
AHC_DEBUG opt_aic7xxx.h
AHC_DEBUG_OPTS opt_aic7xxx.h
AHC_REG_PRETTY_PRINT opt_aic7xxx.h
AHD_DEBUG opt_aic79xx.h
AHD_DEBUG_OPTS opt_aic79xx.h
AHD_TMODE_ENABLE opt_aic79xx.h
AHD_REG_PRETTY_PRINT opt_aic79xx.h
ADW_ALLOW_MEMIO opt_adw.h
TWA_DEBUG opt_twa.h
TWA_FLASH_FIRMWARE opt_twa.h
# Debugging options.
DDB
DDB_NUMSYM opt_ddb.h
GDB
KDB opt_global.h
KDB_TRACE opt_kdb.h
KDB_UNATTENDED opt_kdb.h
SYSCTL_DEBUG opt_sysctl.h
NO_SYSCTL_DESCR opt_global.h
1996-12-23 18:42:02 +00:00
# Miscellaneous options.
ADAPTIVE_GIANT opt_adaptive_mutexes.h
ADAPTIVE_SX
ALQ
AUDIT opt_global.h
CODA_COMPAT_5 opt_coda.h
1998-01-25 04:13:25 +00:00
COMPAT_43 opt_compat.h
COMPAT_43TTY opt_compat.h
COMPAT_FREEBSD4 opt_compat.h
2005-06-30 00:09:18 +00:00
COMPAT_FREEBSD5 opt_compat.h
2006-09-26 12:36:34 +00:00
COMPAT_FREEBSD6 opt_compat.h
2000-09-16 18:55:05 +00:00
COMPILING_LINT opt_global.h
CY_PCI_FASTINTR
DIRECTIO
FULL_PREEMPTION opt_sched.h
IPI_PREEMPTION opt_sched.h
GEOM_AES opt_geom.h
GEOM_BDE opt_geom.h
GEOM_BSD opt_geom.h
GEOM_CACHE opt_geom.h
GEOM_CONCAT opt_geom.h
GEOM_ELI opt_geom.h
GEOM_FOX opt_geom.h
GEOM_GATE opt_geom.h
GEOM_JOURNAL opt_geom.h
GEOM_LABEL opt_geom.h
GEOM_MBR opt_geom.h
GEOM_MIRROR opt_geom.h
GEOM_MULTIPATH opt_geom.h
GEOM_NOP opt_geom.h
GEOM_PART_APM opt_geom.h
GEOM_PART_GPT opt_geom.h
GEOM_PART_MBR opt_geom.h
GEOM_PC98 opt_geom.h
2004-08-16 06:36:21 +00:00
GEOM_RAID3 opt_geom.h
2005-01-11 18:18:40 +00:00
GEOM_SHSEC opt_geom.h
GEOM_STRIPE opt_geom.h
GEOM_SUNLABEL opt_geom.h
GEOM_UZIP opt_geom.h
GEOM_VOL opt_geom.h
GEOM_ZERO opt_geom.h
KSE opt_global.h
KSTACK_MAX_PAGES
2004-02-25 09:35:35 +00:00
KSTACK_PAGES
KTRACE
KTRACE_REQUEST_POOL opt_ktrace.h
LIBICONV
MAC
MAC_ALWAYS_LABEL_MBUF opt_mac.h
MAC_BIBA opt_dontuse.h
MAC_BSDEXTENDED opt_dontuse.h
MAC_IFOFF opt_dontuse.h
MAC_LOMAC opt_dontuse.h
MAC_MLS opt_dontuse.h
MAC_NONE opt_dontuse.h
MAC_PARTITION opt_dontuse.h
MAC_PORTACL opt_dontuse.h
MAC_SEEOTHERUIDS opt_dontuse.h
MAC_STATIC opt_mac.h
MAC_STUB opt_dontuse.h
MAC_TEST opt_dontuse.h
MD_ROOT opt_md.h
MD_ROOT_SIZE opt_md.h
2006-03-29 09:57:22 +00:00
MFI_DEBUG opt_mfi.h
MFI_DECODE_LOG opt_mfi.h
MPROF_BUFFERS opt_mprof.h
MPROF_HASH_SIZE opt_mprof.h
2007-03-27 19:32:40 +00:00
NO_ADAPTIVE_MUTEXES opt_adaptive_mutexes.h
NO_ADAPTIVE_RWLOCKS
NSWBUF_MIN opt_swap.h
MBUF_PACKET_ZONE_DISABLE opt_global.h
PANIC_REBOOT_WAIT_TIME opt_panic.h
PPC_DEBUG opt_ppc.h
PPC_PROBE_CHIPSET opt_ppc.h
PPS_SYNC opt_ntp.h
2005-11-23 18:11:24 +00:00
PREEMPTION opt_sched.h
1996-12-23 18:42:02 +00:00
QUOTA
SCHED_4BSD opt_sched.h
SCHED_ULE opt_sched.h
SHOW_BUSYBUFS
SLEEPQUEUE_PROFILING
SLHCI_DEBUG opt_slhci.h
1998-02-04 04:12:29 +00:00
SPX_HACK
SUIDDIR
MSGMNB opt_sysvipc.h
MSGMNI opt_sysvipc.h
MSGSEG opt_sysvipc.h
MSGSSZ opt_sysvipc.h
MSGTQL opt_sysvipc.h
SEMMAP opt_sysvipc.h
SEMMNI opt_sysvipc.h
SEMMNS opt_sysvipc.h
SEMMNU opt_sysvipc.h
SEMMSL opt_sysvipc.h
SEMOPM opt_sysvipc.h
SEMUME opt_sysvipc.h
SHMALL opt_sysvipc.h
SHMMAX opt_sysvipc.h
SHMMAXPGS opt_sysvipc.h
SHMMIN opt_sysvipc.h
SHMMNI opt_sysvipc.h
SHMSEG opt_sysvipc.h
SYSVMSG opt_sysvipc.h
SYSVSEM opt_sysvipc.h
SYSVSHM opt_sysvipc.h
SW_WATCHDOG opt_watchdog.h
TURNSTILE_PROFILING
2004-02-25 09:35:35 +00:00
TTYHOG opt_tty.h
VFS_AIO
VERBOSE_SYSINIT opt_global.h
2002-07-15 15:21:51 +00:00
WLCACHE opt_wavelan.h
WLDEBUG opt_wavelan.h
# POSIX kernel options
2005-12-03 01:40:38 +00:00
P1003_1B_MQUEUE opt_posix.h
2002-09-19 00:48:57 +00:00
P1003_1B_SEMAPHORES opt_posix.h
2004-02-25 09:35:35 +00:00
_KPOSIX_PRIORITY_SCHEDULING opt_posix.h
# Do we want the config file compiled into the kernel?
INCLUDE_CONFIG_FILE opt_config.h
2002-05-16 21:28:32 +00:00
# Options for static filesystems. These should only be used at config
# time, since the corresponding lkms cannot work if there are any static
# dependencies. Unusability is enforced by hiding the defines for the
# options in a never-included header.
CD9660 opt_dontuse.h
CODA opt_dontuse.h
EXT2FS opt_dontuse.h
FDESCFS opt_dontuse.h
HPFS opt_dontuse.h
MSDOSFS opt_dontuse.h
NTFS opt_dontuse.h
NULLFS opt_dontuse.h
NWFS opt_dontuse.h
PORTALFS opt_dontuse.h
PROCFS opt_dontuse.h
PSEUDOFS opt_dontuse.h
REISERFS opt_dontuse.h
SMBFS opt_dontuse.h
TMPFS opt_dontuse.h
UDF opt_dontuse.h
UNIONFS opt_dontuse.h
2005-03-14 16:04:27 +00:00
# Pseudofs debugging
PSEUDOFS_TRACE opt_pseudofs.h
# Broken - ffs_snapshot() dependency from ufs_lookup() :-(
FFS opt_ffs_broken_fixme.h
# These static filesystems have one slightly bogus static dependency in
# sys/i386/i386/autoconf.c. If any of these filesystems are
# statically compiled into the kernel, code for mounting them as root
# filesystems will be enabled - but look below.
NFSCLIENT opt_nfs.h
NFSSERVER opt_nfs.h
NFS4CLIENT opt_nfs.h
# filesystems and libiconv bridge
CD9660_ICONV opt_dontuse.h
MSDOSFS_ICONV opt_dontuse.h
NTFS_ICONV opt_dontuse.h
UDF_ICONV opt_dontuse.h
# If you are following the conditions in the copyright,
# you can enable soft-updates which will speed up a lot of thigs
# and make the system safer from crashes at the same time.
# otherwise a STUB module will be compiled in.
SOFTUPDATES opt_ffs.h
# On small, embedded systems, it can be useful to turn off support for
# snapshots. It saves about 30-40k for a feature that would be lightly
# used, if it is used at all.
NO_FFS_SNAPSHOT opt_ffs.h
Introduce support for POSIX.1e ACLs on UFS-based file systems. This implementation is still experimental, and while fairly broadly tested, is not yet intended for production use. Support for POSIX.1e ACLs on UFS will not be MFC'd to RELENG_4. This implementation works by providing implementations of VOP_[GS]ETACL() for FFS, as well as modifying the appropriate access control and file creation routines. In this implementation, ACLs are backed into extended attributes; the base ACL (owner, group, other) permissions remain in the inode for performance and compatibility reasons, so only the extended and default ACLs are placed in extended attributes. The logic for ACL evaluation is provided by the fs-independent kern/kern_acl.c. o Introduce UFS_ACL, a compile-time configuration option that enables support for ACLs on FFS (and potentially other UFS-based file systems). o Introduce ufs_getacl(), ufs_setacl(), ufs_aclcheck(), which respectively get, set, and check the ACLs on the passed vnode. o Introduce ufs_sync_acl_from_inode(), ufs_sync_inode_from_acl() to maintain access control information between inode permissions and extended attribute data. o Modify ufs_access() to load a file access ACL and invoke vaccess_acl_posix1e() if ACLs are available on the file system o Modify ufs_mkdir() and ufs_makeinode() to associate ACLs with newly created directories and files, inheriting from the parent directory's default ACL. o Enable these new vnode operations and conditionally compiled code paths if UFS_ACL is defined. A few notes: o This implementation is fairly widely tested, but still should be considered experimental. o Currently, ACLs are not exported via NFS, instead, the summarizing file mode/etc from the inode is. This results in conservative protection behavior, similar to the behavior of ACL-nonaware programs acting locally. o It is possible that underlying binary data formats associated with this implementation may change. Consumers of the implementation should expect to find their local configuration obsoleted in the next few months, resulting in possible loss of ACL data during an upgrade. o The extended attributes interface and implementation is still undergoing modification to address portable interface concerns, as well as performance. o Many applications do not yet correctly handle ACLs. In general, due to the POSIX.1e ACL model, behavior of ACL-unaware applications will be conservative with respects to file protection; some caution is recommended. o Instructions for configuring and maintaining ACLs on UFS will be committed in the near future; in the mean time it is possible to reference the README included in the last UFS ACL distribution placed in the TrustedBSD web site: http://www.TrustedBSD.org/downloads/ Substantial debugging, hardware, travel, or connectivity support for this project was provided by: BSDi, Safeport Network Services, and NAI Labs. Significant coding contributions were made by Chris Faulhaber. Additional support was provided by Brian Feldman, Thomas Moestl, and Ilmar Habibulin. Reviewed by: jedgar, keichii, mckusick, trustedbsd-discuss, freebsd-fs Obtained from: TrustedBSD Project
2001-03-26 17:53:19 +00:00
# Enabling this option turns on support for Access Control Lists in UFS,
# which can be used to support high security configurations. Depends on
# UFS_EXTATTR.
UFS_ACL opt_ufs.h
# Enabling this option turns on support for extended attributes in UFS-based
2002-05-16 21:28:32 +00:00
# filesystems, which can be used to support high security configurations
# as well as new filesystem features.
UFS_EXTATTR opt_ufs.h
UFS_EXTATTR_AUTOSTART opt_ufs.h
# Enable fast hash lookups for large directories on UFS-based filesystems.
UFS_DIRHASH opt_ufs.h
# Enable gjournal-based UFS journal.
UFS_GJOURNAL opt_ufs.h
# The below sentence is not in English, and neither is this one.
# We plan to remove the static dependences above, with a
# <filesystem>_ROOT option to control if it usable as root. This list
# allows these options to be present in config files already (though
# they won't make any difference yet).
NFS_ROOT opt_nfsroot.h
# SMB/CIFS requester
NETSMB opt_netsmb.h
# Options used only in subr_param.c.
HZ opt_param.h
MAXFILES opt_param.h
1996-12-23 18:42:02 +00:00
NBUF opt_param.h
NSFBUFS opt_param.h
VM_BCACHE_SIZE_MAX opt_param.h
VM_SWZONE_SIZE_MAX opt_param.h
MAXUSERS
DFLDSIZ opt_param.h
MAXDSIZ opt_param.h
MAXSSIZ opt_param.h
# Generic SCSI options.
1998-09-15 09:59:15 +00:00
CAM_MAX_HIGHPOWER opt_cam.h
CAMDEBUG opt_cam.h
1999-08-16 22:39:53 +00:00
CAM_DEBUG_DELAY opt_cam.h
1998-09-15 09:59:15 +00:00
CAM_DEBUG_BUS opt_cam.h
CAM_DEBUG_TARGET opt_cam.h
CAM_DEBUG_LUN opt_cam.h
CAM_DEBUG_FLAGS opt_cam.h
1996-12-23 18:42:02 +00:00
SCSI_DELAY opt_scsi.h
1998-09-15 09:59:15 +00:00
SCSI_NO_SENSE_STRINGS opt_scsi.h
SCSI_NO_OP_STRINGS opt_scsi.h
# Options used only in cam/scsi/scsi_cd.c
CHANGER_MIN_BUSY_SECONDS opt_cd.h
CHANGER_MAX_BUSY_SECONDS opt_cd.h
# Options used only in cam/scsi/scsi_sa.c.
SA_IO_TIMEOUT opt_sa.h
SA_SPACE_TIMEOUT opt_sa.h
SA_REWIND_TIMEOUT opt_sa.h
SA_ERASE_TIMEOUT opt_sa.h
SA_1FM_AT_EOD opt_sa.h
# Options used only in cam/scsi/scsi_pt.c
SCSI_PT_DEFAULT_TIMEOUT opt_pt.h
# Options used only in cam/scsi/scsi_ses.c
SES_ENABLE_PASSTHROUGH opt_ses.h
# Options used in dev/sym/ (Symbios SCSI driver).
SYM_SETUP_LP_PROBE_MAP opt_sym.h #-Low Priority Probe Map (bits)
# Allows the ncr to take precedence
# 1 (1<<0) -> 810a, 860
# 2 (1<<1) -> 825a, 875, 885, 895
# 4 (1<<2) -> 895a, 896, 1510d
SYM_SETUP_SCSI_DIFF opt_sym.h #-HVD support for 825a, 875, 885
# disabled:0 (default), enabled:1
SYM_SETUP_PCI_PARITY opt_sym.h #-PCI parity checking
# disabled:0, enabled:1 (default)
SYM_SETUP_MAX_LUN opt_sym.h #-Number of LUNs supported
# default:8, range:[1..64]
1996-12-15 16:35:54 +00:00
# Options used only in pci/ncr.c
1996-12-23 18:42:02 +00:00
SCSI_NCR_DEBUG opt_ncr.h
1996-12-23 18:40:40 +00:00
SCSI_NCR_MAX_SYNC opt_ncr.h
SCSI_NCR_MAX_WIDE opt_ncr.h
1996-12-23 18:42:02 +00:00
SCSI_NCR_MYADDR opt_ncr.h
1996-12-15 16:35:54 +00:00
# Options used only in dev/isp/*
ISP_TARGET_MODE opt_isp.h
ISP_FW_CRASH_DUMP opt_isp.h
ISP_DEFAULT_ROLES opt_isp.h
1999-02-09 01:02:37 +00:00
# Options used only in dev/iscsi
ISCSI_INITIATOR_DEBUG opt_iscsi_initiator.h
1999-10-09 20:22:01 +00:00
# Options used in the 'ata' ATA/ATAPI driver
ATA_STATIC_ID opt_ata.h
ATA_NOPCI opt_ata.h
1999-10-09 20:22:01 +00:00
# Net stuff.
ACCEPT_FILTER_DATA
ACCEPT_FILTER_HTTP
ALTQ opt_global.h
ALTQ_CBQ opt_altq.h
ALTQ_RED opt_altq.h
ALTQ_RIO opt_altq.h
ALTQ_HFSC opt_altq.h
ALTQ_CDNR opt_altq.h
ALTQ_PRIQ opt_altq.h
ALTQ_NOPCC opt_altq.h
ALTQ_DEBUG opt_altq.h
BOOTP opt_bootp.h
BOOTP_COMPAT opt_bootp.h
BOOTP_NFSROOT opt_bootp.h
BOOTP_NFSV3 opt_bootp.h
BOOTP_WIRED_TO opt_bootp.h
DEVICE_POLLING
DEV_ENC opt_enc.h
DEV_PF opt_pf.h
DEV_PFLOG opt_pf.h
DEV_PFSYNC opt_pf.h
ETHER_II opt_ef.h
ETHER_8023 opt_ef.h
ETHER_8022 opt_ef.h
ETHER_SNAP opt_ef.h
1996-06-12 19:34:33 +00:00
MROUTING opt_mrouting.h
INET opt_inet.h
INET6 opt_inet6.h
IPSEC opt_ipsec.h
IPSEC_DEBUG opt_ipsec.h
IPSEC_FILTERTUNNEL opt_ipsec.h
IPDIVERT
DUMMYNET opt_ipdn.h
IPFILTER opt_ipfilter.h
IPFILTER_LOG opt_ipfilter.h
IPFILTER_LOOKUP opt_ipfilter.h
IPFILTER_DEFAULT_BLOCK opt_ipfilter.h
1996-06-12 19:34:33 +00:00
IPFIREWALL opt_ipfw.h
IPFIREWALL_VERBOSE opt_ipfw.h
IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h
IPFIREWALL_DEFAULT_TO_ACCEPT opt_ipfw.h
Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland and preserves the ipfw ABI. The ipfw core packet inspection and filtering functions have not been changed, only how ipfw is invoked is different. However there are many changes how ipfw is and its add-on's are handled: In general ipfw is now called through the PFIL_HOOKS and most associated magic, that was in ip_input() or ip_output() previously, is now done in ipfw_check_[in|out]() in the ipfw PFIL handler. IPDIVERT is entirely handled within the ipfw PFIL handlers. A packet to be diverted is checked if it is fragmented, if yes, ip_reass() gets in for reassembly. If not, or all fragments arrived and the packet is complete, divert_packet is called directly. For 'tee' no reassembly attempt is made and a copy of the packet is sent to the divert socket unmodified. The original packet continues its way through ip_input/output(). ipfw 'forward' is done via m_tag's. The ipfw PFIL handlers tag the packet with the new destination sockaddr_in. A check if the new destination is a local IP address is made and the m_flags are set appropriately. ip_input() and ip_output() have some more work to do here. For ip_input() the m_flags are checked and a packet for us is directly sent to the 'ours' section for further processing. Destination changes on the input path are only tagged and the 'srcrt' flag to ip_forward() is set to disable destination checks and ICMP replies at this stage. The tag is going to be handled on output. ip_output() again checks for m_flags and the 'ours' tag. If found, the packet will be dropped back to the IP netisr where it is going to be picked up by ip_input() again and the directly sent to the 'ours' section. When only the destination changes, the route's 'dst' is overwritten with the new destination from the forward m_tag. Then it jumps back at the route lookup again and skips the firewall check because it has been marked with M_SKIP_FIREWALL. ipfw 'forward' has to be compiled into the kernel with 'option IPFIREWALL_FORWARD' to enable it. DUMMYNET is entirely handled within the ipfw PFIL handlers. A packet for a dummynet pipe or queue is directly sent to dummynet_io(). Dummynet will then inject it back into ip_input/ip_output() after it has served its time. Dummynet packets are tagged and will continue from the next rule when they hit the ipfw PFIL handlers again after re-injection. BRIDGING and IPFW_ETHER are not changed yet and use ipfw_chk() directly as they did before. Later this will be changed to dedicated ETHER PFIL_HOOKS. More detailed changes to the code: conf/files Add netinet/ip_fw_pfil.c. conf/options Add IPFIREWALL_FORWARD option. modules/ipfw/Makefile Add ip_fw_pfil.c. net/bridge.c Disable PFIL_HOOKS if ipfw for bridging is active. Bridging ipfw is still directly invoked to handle layer2 headers and packets would get a double ipfw when run through PFIL_HOOKS as well. netinet/ip_divert.c Removed divert_clone() function. It is no longer used. netinet/ip_dummynet.[ch] Neither the route 'ro' nor the destination 'dst' need to be stored while in dummynet transit. Structure members and associated macros are removed. netinet/ip_fastfwd.c Removed all direct ipfw handling code and replace it with the new 'ipfw forward' handling code. netinet/ip_fw.h Removed 'ro' and 'dst' from struct ip_fw_args. netinet/ip_fw2.c (Re)moved some global variables and the module handling. netinet/ip_fw_pfil.c New file containing the ipfw PFIL handlers and module initialization. netinet/ip_input.c Removed all direct ipfw handling code and replace it with the new 'ipfw forward' handling code. ip_forward() does not longer require the 'next_hop' struct sockaddr_in argument. Disable early checks if 'srcrt' is set. netinet/ip_output.c Removed all direct ipfw handling code and replace it with the new 'ipfw forward' handling code. netinet/ip_var.h Add ip_reass() as general function. (Used from ipfw PFIL handlers for IPDIVERT.) netinet/raw_ip.c Directly check if ipfw and dummynet control pointers are active. netinet/tcp_input.c Rework the 'ipfw forward' to local code to work with the new way of forward tags. netinet/tcp_sack.c Remove include 'opt_ipfw.h' which is not needed here. sys/mbuf.h Remove m_claim_next() macro which was exclusively for ipfw 'forward' and is no longer needed. Approved by: re (scottl)
2004-08-17 22:05:54 +00:00
IPFIREWALL_FORWARD opt_ipfw.h
IPFIREWALL_NAT opt_ipfw.h
IPSTEALTH
IPX
LIBMBPOOL
LIBMCHAIN
LIBALIAS
MBUF_STRESS_TEST
NCP
1998-01-09 00:51:57 +00:00
NETATALK opt_atalk.h
PPP_BSDCOMP opt_ppp.h
PPP_DEFLATE opt_ppp.h
1997-10-18 01:15:32 +00:00
PPP_FILTER opt_ppp.h
1999-08-10 09:42:32 +00:00
SLIP_IFF_OPTS opt_slip.h
1997-09-16 18:36:06 +00:00
TCPDEBUG
Initial import of RFC 2385 (TCP-MD5) digest support. This is the first of two commits; bringing in the kernel support first. This can be enabled by compiling a kernel with options TCP_SIGNATURE and FAST_IPSEC. For the uninitiated, this is a TCP option which provides for a means of authenticating TCP sessions which came into being before IPSEC. It is still relevant today, however, as it is used by many commercial router vendors, particularly with BGP, and as such has become a requirement for interconnect at many major Internet points of presence. Several parts of the TCP and IP headers, including the segment payload, are digested with MD5, including a shared secret. The PF_KEY interface is used to manage the secrets using security associations in the SADB. There is a limitation here in that as there is no way to map a TCP flow per-port back to an SPI without polluting tcpcb or using the SPD; the code to do the latter is unstable at this time. Therefore this code only supports per-host keying granularity. Whilst FAST_IPSEC is mutually exclusive with KAME IPSEC (and thus IPv6), TCP_SIGNATURE applies only to IPv4. For the vast majority of prospective users of this feature, this will not pose any problem. This implementation is output-only; that is, the option is honoured when responding to a host initiating a TCP session, but no effort is made [yet] to authenticate inbound traffic. This is, however, sufficient to interwork with Cisco equipment. Tested with a Cisco 2501 running IOS 12.0(27), and Quagga 0.96.4 with local patches. Patches for tcpdump to validate TCP-MD5 sessions are also available from me upon request. Sponsored by: sentex.net
2004-02-11 04:26:04 +00:00
TCP_SIGNATURE opt_inet.h
2006-01-30 13:45:15 +00:00
DEV_VLAN opt_vlan.h
VLAN_ARRAY opt_vlan.h
XBONEHACK
#
# SCTP
#
SCTP opt_sctp.h
SCTP_DEBUG opt_sctp.h # Enable debug printfs
SCTP_WITH_NO_CSUM opt_sctp.h # Use this at your peril
SCTP_LOCK_LOGGING opt_sctp.h # Log to KTR lock activity
SCTP_MBUF_LOGGING opt_sctp.h # Log to KTR general mbuf aloc/free
SCTP_MBCNT_LOGGING opt_sctp.h # Log to KTR mbcnt activity
SCTP_PACKET_LOGGING opt_sctp.h # Log to a packet buffer last N packets
SCTP_LTRACE_CHUNKS opt_sctp.h # Log to KTR chunks processed
SCTP_LTRACE_ERRORS opt_sctp.h # Log to KTR error returns.
#
#
#
# Netgraph(4). Use option NETGRAPH to enable the base netgraph code.
# Each netgraph node type can be either be compiled into the kernel
# or loaded dynamically. To get the former, include the corresponding
# option below. Each type has its own man page, e.g. ng_async(4).
NETGRAPH
NETGRAPH_DEBUG opt_netgraph.h
NETGRAPH_ASYNC opt_netgraph.h
NETGRAPH_ATMLLC opt_netgraph.h
NETGRAPH_ATM_ATMPIF opt_netgraph.h
NETGRAPH_BLUETOOTH opt_netgraph.h
NETGRAPH_BLUETOOTH_BT3C opt_netgraph.h
NETGRAPH_BLUETOOTH_H4 opt_netgraph.h
NETGRAPH_BLUETOOTH_HCI opt_netgraph.h
NETGRAPH_BLUETOOTH_L2CAP opt_netgraph.h
NETGRAPH_BLUETOOTH_SOCKET opt_netgraph.h
NETGRAPH_BLUETOOTH_UBT opt_netgraph.h
NETGRAPH_BLUETOOTH_UBTBCMFW opt_netgraph.h
NETGRAPH_BPF opt_netgraph.h
NETGRAPH_BRIDGE opt_netgraph.h
NETGRAPH_CAR opt_netgraph.h
NETGRAPH_CISCO opt_netgraph.h
NETGRAPH_DEFLATE opt_netgraph.h
NETGRAPH_DEVICE opt_netgraph.h
NETGRAPH_ECHO opt_netgraph.h
NETGRAPH_EIFACE opt_netgraph.h
NETGRAPH_ETHER opt_netgraph.h
NETGRAPH_FEC opt_netgraph.h
NETGRAPH_FRAME_RELAY opt_netgraph.h
2001-09-26 23:50:17 +00:00
NETGRAPH_GIF opt_netgraph.h
NETGRAPH_GIF_DEMUX opt_netgraph.h
NETGRAPH_HOLE opt_netgraph.h
NETGRAPH_IFACE opt_netgraph.h
NETGRAPH_IP_INPUT opt_netgraph.h
2005-02-05 12:15:56 +00:00
NETGRAPH_IPFW opt_netgraph.h
1999-11-16 23:49:07 +00:00
NETGRAPH_KSOCKET opt_netgraph.h
NETGRAPH_L2TP opt_netgraph.h
NETGRAPH_LMI opt_netgraph.h
# MPPC compression requires proprietary files (not included)
NETGRAPH_MPPC_COMPRESSION opt_netgraph.h
NETGRAPH_MPPC_ENCRYPTION opt_netgraph.h
NETGRAPH_NAT opt_netgraph.h
NETGRAPH_NETFLOW opt_netgraph.h
2000-11-16 16:59:26 +00:00
NETGRAPH_ONE2MANY opt_netgraph.h
NETGRAPH_PPP opt_netgraph.h
NETGRAPH_PPPOE opt_netgraph.h
NETGRAPH_PPTPGRE opt_netgraph.h
NETGRAPH_PRED1 opt_netgraph.h
NETGRAPH_RFC1490 opt_netgraph.h
NETGRAPH_SOCKET opt_netgraph.h
NETGRAPH_SPLIT opt_netgraph.h
2004-04-24 22:03:02 +00:00
NETGRAPH_SPPP opt_netgraph.h
NETGRAPH_TAG opt_netgraph.h
2005-06-10 08:05:13 +00:00
NETGRAPH_TCPMSS opt_netgraph.h
NETGRAPH_TEE opt_netgraph.h
NETGRAPH_TTY opt_netgraph.h
NETGRAPH_UI opt_netgraph.h
NETGRAPH_VJC opt_netgraph.h
# NgATM options
NGATM_ATM opt_netgraph.h
NGATM_ATMBASE opt_netgraph.h
NGATM_SSCOP opt_netgraph.h
NGATM_SSCFU opt_netgraph.h
NGATM_UNI opt_netgraph.h
NGATM_CCATM opt_netgraph.h
# DRM options
DRM_DEBUG opt_drm.h
At long last, commit the zero copy sockets code. MAKEDEV: Add MAKEDEV glue for the ti(4) device nodes. ti.4: Update the ti(4) man page to include information on the TI_JUMBO_HDRSPLIT and TI_PRIVATE_JUMBOS kernel options, and also include information about the new character device interface and the associated ioctls. man9/Makefile: Add jumbo.9 and zero_copy.9 man pages and associated links. jumbo.9: New man page describing the jumbo buffer allocator interface and operation. zero_copy.9: New man page describing the general characteristics of the zero copy send and receive code, and what an application author should do to take advantage of the zero copy functionality. NOTES: Add entries for ZERO_COPY_SOCKETS, TI_PRIVATE_JUMBOS, TI_JUMBO_HDRSPLIT, MSIZE, and MCLSHIFT. conf/files: Add uipc_jumbo.c and uipc_cow.c. conf/options: Add the 5 options mentioned above. kern_subr.c: Receive side zero copy implementation. This takes "disposable" pages attached to an mbuf, gives them to a user process, and then recycles the user's page. This is only active when ZERO_COPY_SOCKETS is turned on and the kern.ipc.zero_copy.receive sysctl variable is set to 1. uipc_cow.c: Send side zero copy functions. Takes a page written by the user and maps it copy on write and assigns it kernel virtual address space. Removes copy on write mapping once the buffer has been freed by the network stack. uipc_jumbo.c: Jumbo disposable page allocator code. This allocates (optionally) disposable pages for network drivers that want to give the user the option of doing zero copy receive. uipc_socket.c: Add kern.ipc.zero_copy.{send,receive} sysctls that are enabled if ZERO_COPY_SOCKETS is turned on. Add zero copy send support to sosend() -- pages get mapped into the kernel instead of getting copied if they meet size and alignment restrictions. uipc_syscalls.c:Un-staticize some of the sf* functions so that they can be used elsewhere. (uipc_cow.c) if_media.c: In the SIOCGIFMEDIA ioctl in ifmedia_ioctl(), avoid calling malloc() with M_WAITOK. Return an error if the M_NOWAIT malloc fails. The ti(4) driver and the wi(4) driver, at least, call this with a mutex held. This causes witness warnings for 'ifconfig -a' with a wi(4) or ti(4) board in the system. (I've only verified for ti(4)). ip_output.c: Fragment large datagrams so that each segment contains a multiple of PAGE_SIZE amount of data plus headers. This allows the receiver to potentially do page flipping on receives. if_ti.c: Add zero copy receive support to the ti(4) driver. If TI_PRIVATE_JUMBOS is not defined, it now uses the jumbo(9) buffer allocator for jumbo receive buffers. Add a new character device interface for the ti(4) driver for the new debugging interface. This allows (a patched version of) gdb to talk to the Tigon board and debug the firmware. There are also a few additional debugging ioctls available through this interface. Add header splitting support to the ti(4) driver. Tweak some of the default interrupt coalescing parameters to more useful defaults. Add hooks for supporting transmit flow control, but leave it turned off with a comment describing why it is turned off. if_tireg.h: Change the firmware rev to 12.4.11, since we're really at 12.4.11 plus fixes from 12.4.13. Add defines needed for debugging. Remove the ti_stats structure, it is now defined in sys/tiio.h. ti_fw.h: 12.4.11 firmware. ti_fw2.h: 12.4.11 firmware, plus selected fixes from 12.4.13, and my header splitting patches. Revision 12.4.13 doesn't handle 10/100 negotiation properly. (This firmware is the same as what was in the tree previously, with the addition of header splitting support.) sys/jumbo.h: Jumbo buffer allocator interface. sys/mbuf.h: Add a new external mbuf type, EXT_DISPOSABLE, to indicate that the payload buffer can be thrown away / flipped to a userland process. socketvar.h: Add prototype for socow_setup. tiio.h: ioctl interface to the character portion of the ti(4) driver, plus associated structure/type definitions. uio.h: Change prototype for uiomoveco() so that we'll know whether the source page is disposable. ufs_readwrite.c:Update for new prototype of uiomoveco(). vm_fault.c: In vm_fault(), check to see whether we need to do a page based copy on write fault. vm_object.c: Add a new function, vm_object_allocate_wait(). This does the same thing that vm_object allocate does, except that it gives the caller the opportunity to specify whether it should wait on the uma_zalloc() of the object structre. This allows vm objects to be allocated while holding a mutex. (Without generating WITNESS warnings.) vm_object_allocate() is implemented as a call to vm_object_allocate_wait() with the malloc flag set to M_WAITOK. vm_object.h: Add prototype for vm_object_allocate_wait(). vm_page.c: Add page-based copy on write setup, clear and fault routines. vm_page.h: Add page based COW function prototypes and variable in the vm_page structure. Many thanks to Drew Gallatin, who wrote the zero copy send and receive code, and to all the other folks who have tested and reviewed this code over the years.
2002-06-26 03:37:47 +00:00
ZERO_COPY_SOCKETS opt_zero.h
TI_PRIVATE_JUMBOS opt_ti.h
TI_JUMBO_HDRSPLIT opt_ti.h
# ATM (HARP version) - disabled as not MPSAFE in 7.0
#ATM_CORE opt_atm.h
#ATM_IP opt_atm.h
#ATM_SIGPVC opt_atm.h
#ATM_SPANS opt_atm.h
#ATM_UNI opt_atm.h
(this is an extract from src/share/examples/atm/README) =================================== HARP | Host ATM Research Platform =================================== HARP 3 What is this stuff? ------------------- The Advanced Networking Group (ANG) at the Minnesota Supercomputer Center, Inc. (MSCI), as part of its work on the MAGIC Gigabit Testbed, developed the Host ATM Research Platform (HARP) software, which allows IP hosts to communicate over ATM networks using standard protocols. It is intended to be a high-quality platform for IP/ATM research. HARP provides a way for IP hosts to connect to ATM networks. It supports standard methods of communication using IP over ATM. A host's standard IP software sends and receives datagrams via a HARP ATM interface. HARP provides functionality similar to (and typically replaces) vendor-provided ATM device driver software. HARP includes full source code, making it possible for researchers to experiment with different approaches to running IP over ATM. HARP is self-contained; it requires no other licenses or commercial software packages. HARP implements support for the IETF Classical IP model for using IP over ATM networks, including: o IETF ATMARP address resolution client o IETF ATMARP address resolution server o IETF SCSP/ATMARP server o UNI 3.1 and 3.0 signalling protocols o Fore Systems's SPANS signalling protocol What's supported ---------------- The following are supported by HARP 3: o ATM Host Interfaces - FORE Systems, Inc. SBA-200 and SBA-200E ATM SBus Adapters - FORE Systems, Inc. PCA-200E ATM PCI Adapters - Efficient Networks, Inc. ENI-155p ATM PCI Adapters o ATM Signalling Protocols - The ATM Forum UNI 3.1 signalling protocol - The ATM Forum UNI 3.0 signalling protocol - The ATM Forum ILMI address registration - FORE Systems's proprietary SPANS signalling protocol - Permanent Virtual Channels (PVCs) o IETF "Classical IP and ARP over ATM" model - RFC 1483, "Multiprotocol Encapsulation over ATM Adaptation Layer 5" - RFC 1577, "Classical IP and ARP over ATM" - RFC 1626, "Default IP MTU for use over ATM AAL5" - RFC 1755, "ATM Signaling Support for IP over ATM" - RFC 2225, "Classical IP and ARP over ATM" - RFC 2334, "Server Cache Synchronization Protocol (SCSP)" - Internet Draft draft-ietf-ion-scsp-atmarp-00.txt, "A Distributed ATMARP Service Using SCSP" o ATM Sockets interface - The file atm-sockets.txt contains further information What's not supported -------------------- The following major features of the above list are not currently supported: o UNI point-to-multipoint support o Driver support for Traffic Control/Quality of Service o SPANS multicast and MPP support o SPANS signalling using Efficient adapters This software was developed under the sponsorship of the Defense Advanced Research Projects Agency (DARPA). Reviewed (lightly) by: phk Submitted by: Network Computing Services, Inc.
1998-09-15 11:44:44 +00:00
# XXX Conflict: # of devices vs network protocol (Native ATM).
# This makes "atm.h" unusable.
NATM
# DPT driver debug flags
DPT_MEASURE_PERFORMANCE opt_dpt.h
DPT_HANDLE_TIMEOUTS opt_dpt.h
DPT_TIMEOUT_FACTOR opt_dpt.h
DPT_LOST_IRQ opt_dpt.h
DPT_RESET_HBA opt_dpt.h
# Misc debug flags. Most of these should probably be replaced with
# 'DEBUG', and then let people recompile just the interesting modules
# with 'make CC="cc -DDEBUG"'.
CLUSTERDEBUG opt_debug_cluster.h
DEBUG_1284 opt_ppb_1284.h
VP0_DEBUG opt_vpo.h
LPT_DEBUG opt_lpt.h
1999-01-23 17:07:49 +00:00
PLIP_DEBUG opt_plip.h
LOCKF_DEBUG opt_debug_lockf.h
NETATALKDEBUG opt_atalk.h
SI_DEBUG opt_debug_si.h
# Fb options
FB_DEBUG opt_fb.h
FB_INSTALL_CDEV opt_fb.h
# ppbus related options
PERIPH_1284 opt_ppb_1284.h
DONTPROBE_1284 opt_ppb_1284.h
# smbus related options
ENABLE_ALART opt_intpm.h
# These cause changes all over the kernel
BLKDEV_IOSIZE opt_global.h
MAXPHYS opt_global.h
DFLTPHYS opt_global.h
BURN_BRIDGES opt_global.h
DEBUG opt_global.h
DEBUG_LOCKS opt_global.h
DEBUG_VFS_LOCKS opt_global.h
DIAGNOSTIC opt_global.h
INVARIANT_SUPPORT opt_global.h
INVARIANTS opt_global.h
MCLSHIFT opt_global.h
2004-02-25 09:35:35 +00:00
MUTEX_DEBUG opt_global.h
MUTEX_NOINLINE opt_global.h
LOCK_PROFILING opt_global.h
LOCK_PROFILING_FAST opt_global.h
LOCK_PROFILING_SHARED opt_global.h
MSIZE opt_global.h
REGRESSION opt_global.h
RESTARTABLE_PANICS opt_global.h
RWLOCK_NOINLINE opt_global.h
SX_NOINLINE opt_global.h
VFS_BIO_DEBUG opt_global.h
# These are VM related options
VM_KMEM_SIZE opt_vm.h
VM_KMEM_SIZE_SCALE opt_vm.h
VM_KMEM_SIZE_MAX opt_vm.h
NO_SWAPPING opt_vm.h
MALLOC_MAKE_FAILURES opt_vm.h
MALLOC_PROFILE opt_vm.h
# The MemGuard replacement allocator used for tamper-after-free detection
DEBUG_MEMGUARD opt_vm.h
# The RedZone malloc(9) protection
DEBUG_REDZONE opt_vm.h
# Standard SMP options
SMP opt_global.h
# Size of the kernel message buffer
MSGBUF_SIZE opt_msgbuf.h
# NFS options
NFS_MINATTRTIMO opt_nfs.h
NFS_MAXATTRTIMO opt_nfs.h
NFS_MINDIRATTRTIMO opt_nfs.h
NFS_MAXDIRATTRTIMO opt_nfs.h
NFS_GATHERDELAY opt_nfs.h
NFS_WDELAYHASHSIZ opt_nfs.h
NFS_DEBUG opt_nfs.h
# For the Bt848/Bt848A/Bt849/Bt878/Bt879 driver
OVERRIDE_CARD opt_bktr.h
OVERRIDE_TUNER opt_bktr.h
OVERRIDE_DBX opt_bktr.h
OVERRIDE_MSP opt_bktr.h
BROOKTREE_SYSTEM_DEFAULT opt_bktr.h
2000-10-17 07:59:56 +00:00
BROOKTREE_ALLOC_PAGES opt_bktr.h
BKTR_OVERRIDE_CARD opt_bktr.h
BKTR_OVERRIDE_TUNER opt_bktr.h
BKTR_OVERRIDE_DBX opt_bktr.h
BKTR_OVERRIDE_MSP opt_bktr.h
BKTR_SYSTEM_DEFAULT opt_bktr.h
BKTR_ALLOC_PAGES opt_bktr.h
BKTR_USE_PLL opt_bktr.h
BKTR_GPIO_ACCESS opt_bktr.h
BKTR_NO_MSP_RESET opt_bktr.h
BKTR_430_FX_MODE opt_bktr.h
BKTR_SIS_VIA_MODE opt_bktr.h
BKTR_USE_FREEBSD_SMBUS opt_bktr.h
BKTR_NEW_MSP34XX_DRIVER opt_bktr.h
BREAK_TO_DEBUGGER opt_comconsole.h
ALT_BREAK_TO_DEBUGGER opt_comconsole.h
# Options to support PPS
UART_PPS_ON_CTS opt_uart.h
1998-10-28 08:37:10 +00:00
# options for bus/device framework
BUS_DEBUG opt_bus.h
# options for USB support
USB_DEBUG opt_usb.h
USBVERBOSE opt_usb.h
UKBD_DFLT_KEYMAP opt_ukbd.h
UPLCOM_INTR_INTERVAL opt_uplcom.h
UVSCOM_DEFAULT_OPKTSIZE opt_uvscom.h
UVSCOM_INTR_INTERVAL opt_uvscom.h
1998-12-28 16:31:26 +00:00
# Embedded system options
INIT_PATH
ROOTDEVNAME
FDC_DEBUG opt_fdc.h
PCFCLOCK_VERBOSE opt_pcfclock.h
PCFCLOCK_MAX_RETRIES opt_pcfclock.h
KTR opt_global.h
2002-09-22 07:14:27 +00:00
KTR_ALQ opt_ktr.h
KTR_MASK opt_ktr.h
KTR_CPUMASK opt_ktr.h
KTR_COMPILE opt_global.h
KTR_ENTRIES opt_global.h
KTR_VERBOSE opt_ktr.h
WITNESS opt_global.h
WITNESS_KDB opt_witness.h
WITNESS_SKIPSPIN opt_witness.h
# options for ACPI support
ACPI_DEBUG opt_acpi.h
ACPI_MAX_THREADS opt_acpi.h
ACPI_NO_SEMAPHORES opt_acpi.h
# ISA support
DEV_ISA opt_isa.h
ISAPNP opt_isa.h
2001-01-29 09:43:36 +00:00
# various 'device presence' options.
2004-02-25 09:35:35 +00:00
DEV_BPF opt_bpf.h
DEV_MCA opt_mca.h
DEV_CARP opt_carp.h
DEV_SPLASH opt_splash.h
# EISA support
DEV_EISA opt_eisa.h
EISA_SLOTS opt_eisa.h
# ed driver
ED_HPP opt_ed.h
ED_3C503 opt_ed.h
ED_SIC opt_ed.h
2006-04-10 20:04:22 +00:00
# bce driver
BCE_DEBUG opt_bce.h
# wi driver
WI_SYMBOL_FIRMWARE opt_wi.h
SOCKBUF_DEBUG opt_global.h
# options for ubsec driver
UBSEC_DEBUG opt_ubsec.h
UBSEC_RNDTEST opt_ubsec.h
UBSEC_NO_RNG opt_ubsec.h
# options for hifn driver
HIFN_DEBUG opt_hifn.h
HIFN_RNDTEST opt_hifn.h
# options for safenet driver
SAFE_DEBUG opt_safe.h
SAFE_NO_RNG opt_safe.h
SAFE_RNDTEST opt_safe.h
# syscons options
MAXCONS opt_syscons.h
SC_ALT_MOUSE_IMAGE opt_syscons.h
SC_CUT_SPACES2TABS opt_syscons.h
SC_CUT_SEPCHARS opt_syscons.h
SC_DEBUG_LEVEL opt_syscons.h
SC_DFLT_FONT opt_syscons.h
SC_DISABLE_KDBKEY opt_syscons.h
SC_DISABLE_REBOOT opt_syscons.h
SC_HISTORY_SIZE opt_syscons.h
SC_KERNEL_CONS_ATTR opt_syscons.h
SC_KERNEL_CONS_REV_ATTR opt_syscons.h
SC_MOUSE_CHAR opt_syscons.h
SC_NO_CUTPASTE opt_syscons.h
SC_NO_FONT_LOADING opt_syscons.h
SC_NO_HISTORY opt_syscons.h
SC_NO_MODE_CHANGE opt_syscons.h
2004-02-25 09:35:35 +00:00
SC_NO_SUSPEND_VTYSWITCH opt_syscons.h
SC_NO_SYSMOUSE opt_syscons.h
SC_NORM_ATTR opt_syscons.h
SC_NORM_REV_ATTR opt_syscons.h
SC_PIXEL_MODE opt_syscons.h
SC_RENDER_DEBUG opt_syscons.h
SC_TWOBUTTON_MOUSE opt_syscons.h
# options for printf
PRINTF_BUFR_SIZE opt_printf.h
# kbd options
KBD_DISABLE_KEYMAP_LOAD opt_kbd.h
KBD_INSTALL_CDEV opt_kbd.h
KBD_MAXRETRY opt_kbd.h
KBD_MAXWAIT opt_kbd.h
KBD_RESETDELAY opt_kbd.h
KBDIO_DEBUG opt_kbd.h
2003-06-25 14:51:20 +00:00
# options for the Atheros driver
ATH_DEBUG opt_ath.h
ATH_TXBUF opt_ath.h
ATH_RXBUF opt_ath.h
ATH_DIAGAPI opt_ath.h
ATH_TX99_DIAG opt_ath.h
# dcons options
DCONS_BUF_SIZE opt_dcons.h
DCONS_POLL_HZ opt_dcons.h
DCONS_FORCE_CONSOLE opt_dcons.h
DCONS_FORCE_GDB opt_dcons.h
# Static unit counts
NI4BTRC opt_i4b.h
NI4BRBCH opt_i4b.h
NI4BTEL opt_i4b.h
#XXXBZ#NI4BIPR opt_i4b.h
#XXXBZ#NI4BING opt_i4b.h
#XXXBZ#NI4BISPPP opt_i4b.h
# VFS options
LOOKUP_SHARED opt_vfs.h
# HWPMC options
HWPMC_HOOKS
2005-12-12 01:14:59 +00:00
# XBOX options for FreeBSD/i386, but some files are MI
XBOX opt_xbox.h
2005-12-12 01:14:59 +00:00
# XFS
XFS
# Interrupt filtering
INTR_FILTER opt_global.h