Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OpenBSD-5.7)
Apropos / Subsearch:
optional field

OPTIONS(4)               BSD Kernel Interfaces Manual               OPTIONS(4)

     options -- kernel configuration options

     option ...

     This manual page describes a number of miscellaneous kernel configuration
     options that may be specified in a kernel config file.  See config(8) for
     information on how to configure and build kernels.  Note: options are
     passed to the compile process as -D flags to the C compiler.

     option COMPAT_LINUX
     On those architectures that support it, this enables binary compatibility
     with Linux ELF applications built for the same architecture.  This option
     is supported on the i386 architecture.  See compat_linux(8).

     makeoptions DEBUG="-g"
     The -g flag causes bsd.gdb to be built in addition to bsd.  bsd.gdb is
     useful for debugging kernels and their crash dumps with gdb.  A crash
     dump can be debugged by starting gdb(1) with the kernel name (bsd.gdb) as
     an argument (no core file) and then use the gdb(1) command ``target kvm

     makeoptions PROF="-pg"
     The -pg flag causes the kernel to be compiled with support for profiling.
     The option GPROF is required for the kernel compile to succeed.

     option ACCOUNTING
     Adds support for the acct(2) system call.

     option DDB
     Compiles in a kernel debugger for diagnosing kernel problems.  See ddb(4)
     for details.

     option DDB_SAFE_CONSOLE
     Allows a break into the kernel debugger during boot.  Useful when debug-
     ging problems that can cause init(8) to fail.

     option DDB_STRUCT
     Compiles in symbolic information about the various data structures used
     by the kernel, for use within the kernel debugger.  This option is cur-
     rently not supported on alpha, m88k and vax based platforms.

     option DEBUG
     Turns on miscellaneous kernel debugging.  Since options are turned into
     preprocessor defines (see above), option DEBUG is equivalent to doing a
     #define DEBUG throughout the kernel.  Much of the kernel has #ifdef DEBUG
     conditional debugging code.  Note that many parts of the kernel (typi-
     cally device drivers) include their own #ifdef XXX_DEBUG conditionals
     instead.  This option also turns on certain other options, notably option

     option DIAGNOSTIC
     Adds code to the kernel that does internal consistency checks.  This code
     will cause the kernel to panic if corruption of internal data structures
     is detected.

     option GPROF
     Adds code to the kernel for kernel profiling with kgmon(8).

     option KGDB
     Compiles in a remote kernel debugger stub for diagnosing kernel problems
     using the ``remote target'' feature of gdb.  See kgdb(7) for details.
     Note: not available on all architectures.

     option KTRACE
     Adds hooks for the system call tracing facility, which allows users to
     watch the system call invocation behavior of processes.  See ktrace(1)
     for details.

     option NO_PROPOLICE
     Do not compile the kernel with the ProPolice stack protection.  See
     gcc-local(1) for more information about ProPolice.

     option PTRACE
     Adds hooks for the process tracing facility, allowing a process to con-
     trol and observe another process.  See ptrace(2) for details.

     option SMALL_KERNEL
     Removes some features and some optimizations from the kernel to reduce
     the size of the resulting kernel binary.  This option is used on some
     installation media and should not be used for general purpose kernels.

     option VFSLCKDEBUG
     Turns on debugging for the Virtual File System interface.  See vfs(9) for

     option CD9660
     Includes code for the ISO 9660 + Rock Ridge file system, which is the
     standard file system used on many CD-ROMs.  It also supports Joliet
     extensions.  See mount_cd9660(8) for details.

     option EXT2FS
     Includes code implementing the Second Extended File System (EXT2FS), com-
     monly used on the Linux operating system.  This option is provided here
     for compatibility.  Some specific features of EXT2FS like the "behavior
     on errors" are not implemented.  This file system can't be used with
     uid_t or gid_t values greater than 65535.  Also, the filesystem will not
     function correctly on architectures with differing byte-orders.  That is,
     a big-endian machine will not be able to read an ext2fs filesystem cre-
     ated on an i386 or other little-endian machine.  See mount_ext2fs(8) for

     option FFS
     Includes code implementing the Berkeley Fast File System (FFS).  Most
     machines need this if they are not running diskless.

     option FFS2
     Includes code implementing the enhanced Fast File System (FFS2).

     option MFS
     Include the memory file system (MFS).  This file system stores files in
     swappable memory, and produces notable performance improvements when it
     is used as the file store for /tmp or similar mount points.  See
     mount_mfs(8) for details.

     option MSDOSFS
     Includes support for the MS-DOS FAT file system.  The kernel also imple-
     ments the Windows 95 extensions which permit the use of longer, mixed-
     case file names.  See mount_msdos(8) and fsck_msdos(8) for details.

     option NFSCLIENT
     Include the client side of the NFS (Network File System) remote file
     sharing protocol.  Although the bulk of the code implementing NFS is ker-
     nel based, several user level daemons are needed for it to work.  See
     mount_nfs(8) for details on NFS.

     option NTFS
     Includes support for reading NTFS file systems.  See mount_ntfs(8) for

     option UDF
     Includes code for the UDF file systems typically found on DVD discs.  See
     mount_udf(8) for details.

     option TMPFS
     Includes code for the TMPFS efficient memory file system.  See
     mount_tmpfs(8) for details.

     option BUFCACHEPERCENT=integer
     Percentage of RAM to use as a file system buffer.  It defaults to 20.

     This option changes the behavior of the APPEND and IMMUTABLE flags for a
     file on an EXT2FS filesystem.  Without this option, the superuser or
     owner of the file can set and clear them.  With this option, only the
     superuser can set them, and they can't be cleared if the securelevel is
     greater than 0.  See also chflags(1).

     Enables a scheme that uses partial ordering of buffer cache operations to
     allow metadata updates in FFS to happen asynchronously, increasing write
     performance significantly.  Normally, the FFS filesystem writes metadata
     updates synchronously which exacts a performance penalty in favor of
     filesystem integrity.  With soft updates, the performance of asynchronous
     writes is gained while retaining the safety of synchronous metadata

     Soft updates must be enabled on a per-filesystem basis.  See mount(8) for

     Processors with a small kernel address space, such as the sun4 and sun4c,
     do not have enough kernel memory to support soft updates.  Attempts to
     use this option with these CPUs will cause a kernel hang or panic after a
     short period of use as the kernel will quickly run out of memory.  This
     is not related to the amount of physical memory present in the machine --
     it is a limitation of the CPU architecture itself.

     option FIFO
     Adds support for AT&T System V UNIX style FIFOs (i.e., ``named pipes'').
     This option is recommended in almost all cases as many programs use

     option NFSSERVER
     Include the server side of the NFS (Network File System) remote file
     sharing protocol.  Although the bulk of the code implementing NFS is ker-
     nel based, several user level daemons are needed for it to work.  See
     mountd(8) and nfsd(8) for details.

     option QUOTA
     Enables kernel support for file system quotas.  See quotaon(8),
     edquota(8), repquota(8), and quota(1) for details.  Note that quotas only
     work on ``ffs'' file systems, although rpc.rquotad(8) permits them to be
     accessed over NFS.

     option UFS_DIRHASH
     This option enables using an in memory hash table to speed lookups in
     large directories.

     option APERTURE
     Provide in-kernel support for controlling VGA framebuffer mapping and PCI
     configuration registers by user-processes (such as an X Window System
     server).  This option is supported on the alpha, amd64, i386, macppc, and
     sparc64 architectures.

     option BOOT_CONFIG
     Adds support for the -c boot option (User Kernel Config).  Allows modifi-
     cation of kernel settings (e.g., device parameters) before booting the

     option CRYPTO
     Enables support for the kernel cryptographic framework.  See crypto(9)
     for details.  While not IP specific, this option is usually used in con-
     junction with option IPSEC.

     option EISAVERBOSE
     Makes the boot process more verbose for EISA peripherals.

     option INSECURE
     Hardwires the kernel security level at -1.  This means that the system
     always runs in securelevel 0 mode, even when running multiuser.  See
     init(8) for details on the implications of this.  The kernel secure level
     may be manipulated by the superuser by altering the kern.securelevel
     sysctl variable.  (It should be noted that the securelevel may only be
     lowered by a call from process ID 1, i.e., init(8).)  See also sysctl(8)
     and sysctl(3).

     option KMEMSTATS
     The kernel memory allocator, malloc(9), will keep statistics on its per-
     formance if this option is enabled.  Note that this option is silently
     turned on by the DEBUG option.

     Makes the boot process more verbose for OBIO peripherals on the macppc

     On those architectures that have it, this enables multiprocessor support.

     option PCIVERBOSE
     Makes the boot process more verbose for PCI peripherals (vendor names and
     other information is printed, etc.).

     Makes the boot process more verbose for PCMCIA peripherals.

     option USER_LDT
     Enable userland manipulation of per-process Local Descriptor Table (LDT)
     entries; see i386_set_ldt(2) and the machdep.userldt sysctl(8).  This
     option is supported on the i386 architecture.

     option USER_PCICONF
     Enables the user level access to the PCI bus configuration space through
     ioctls on the /dev/pci device.  It's used by the Xorg(1) server on some
     architectures.  See pci(4) for details.

     option UVM_SWAP_ENCRYPT
     Enables kernel support for encrypting pages that are written out to swap
     storage.  Swap encryption prevents sensitive data from remaining on the
     disk even after the operating system has been shut down.  This option
     should be turned on if cryptographic filesystems are used.  The sysctl
     variable vm.swapencrypt.enable controls its behaviour.  See sysctl(8) and
     sysctl(3) for details.

     option ENCDEBUG
     This option enables debugging information to be conditionally logged in
     case IPSEC encounters errors.  The option IPSEC is required along with
     this option.  Debug logging can be turned on/off through the use of the
     net.inet.ip.encdebug sysctl variable.  If net.inet.ip.encdebug is 1,
     debug logging is on.  See sysctl(8) and sysctl(3) for details.

     option INET
     Includes support for the TCP/IP protocol stack.  This option is currently
     required.  See inet(4) for details.

     option INET6
     Includes support for the IPv6 protocol stack.  See inet6(4) for details.
     Unlike INET, INET6 enables multicast routing code as well.  This option
     requires INET at this moment, but it should not.

     option IPSEC
     This option enables IP security protocol support.  See ipsec(4) for more

     option KEY
     Enables PFKEYv2 (RFC 2367) support.  While not IP specific, this option
     is usually used in conjunction with option IPSEC.

     option MROUTING
     Includes support for IP multicast routers.  INET should be set along with
     this.  Multicast routing is controlled by the mrouted(8) daemon.

     option ND6_DEBUG
     The option sets the default value of net.inet6.icmp6.nd6_debug to 1, for
     debugging IPv6 neighbor discovery protocol handling.  See sysctl(3) for

     option PIPEX
     Includes pipex in-kernel acceleration for PPPoE, L2TP or PPTP.  See
     pipex(4) for details.

     option PPP_BSDCOMP
     Enables BSD compressor for PPP connections.

     option PPP_DEFLATE
     For use in conjunction with PPP_BSDCOMP; provides an interface to zlib
     for PPP for deflate compression/decompression.

     option SOCKET_SPLICE
     Enables zero-copy socket splicing in the kernel.  See SO_SPLICE in
     setsockopt(2) and sosplice(9) for details.

     option TCP_ECN
     Turns on Explicit Congestion Notification (RFC 3168).  ECN allows inter-
     mediate routers to use the Congestion Experienced codepoint in the IP
     header as an indication of congestion, and allows TCP to adjust the
     transmission rate using this signal.  Both communication endpoints nego-
     tiate enabling ECN functionality at the TCP connection establishment.

     option TCP_FACK
     Turns on forward acknowledgements allowing a more precise estimate of
     outstanding data during the fast recovery phase by using SACK informa-
     tion.  This option can only be used together with TCP_SACK.

     option TCP_SACK
     Turns on selective acknowledgements.  Additional information about seg-
     ments already received can be transmitted back to the sender, thus indi-
     cating segments that have been lost and allowing for a swifter recovery.
     Both communication endpoints need to support SACK.  The fallback behav-
     iour is NewReno fast recovery phase, which allows one lost segment to be
     recovered per round trip time.  When more than one segment has been
     dropped per window, the transmission can continue without waiting for a
     retransmission timeout.

     option TCP_SIGNATURE
     Turns on support for the TCP MD5 Signature option (RFC 2385).  This is
     used by Internet backbone routers to provide per-packet authentication
     for the TCP packets used to communicate BGP routing information.  You
     will also need a routing daemon that supports this option in order to
     actually use it.

     option BUFPAGES=value
     option NBUF=value
     These options set the number of pages available for the buffer cache.
     Their default value is a machine dependent value, often calculated as
     between 5% and 10% of total available RAM.

     option DST=value
     If value is non-zero, indicates that the hardware realtime clock device
     is one hour ahead of the offset given in 'TIMEZONE', due to Daylight Sav-
     ing Time (DST).  If value is zero, the hardware realtime clock device is
     not in Daylight Saving Time.

     option NKMEMPAGES=value
     option NKMEMPAGES_MAX=value
     Size of kernel malloc area in PAGE_SIZE-sized logical pages.  This area
     is covered by the kernel submap kmem_map.  The kernel attempts to auto-
     size this map based on the amount of physical memory in the system.
     Platform-specific code may place bounds on this computed size, which may
     be viewed with the sysctl(8) variable vm.nkmempages.  See
     /usr/include/machine/param.h for the default upper bound.  The related
     option 'NKMEMPAGES_MAX' allows the bounds to be overridden in the kernel
     configuration file in the event the computed value is insufficient
     resulting in an ``out of space in kmem_map'' panic.

     option "TIMEZONE=value"
     value indicates the time zone offset of the hardware realtime clock
     device, in minutes, from UTC.  It is useful when the hardware realtime
     clock device is configured with local time, when dual-booting OpenBSD
     with other operating systems on a single machine.  For instance, if the
     hardware realtime clock is set to Tokyo time, value should be -540 as
     Tokyo local time is 9 hours ahead of UTC.  Double quotes are needed when
     specifying a negative value.

     option SCSI_DELAY=value
     Delay for value seconds before starting to probe the first SCSI bus.
     This can be used if a SCSI device needs extra time to get ready.

     option SCSIDEBUG
     Enable printing of SCSI subsystem debugging info to the console.  Each of
     must have non-zero values for any debugging info to be printed.  Only
     SCSIDEBUG_LEVEL has a default value (SDEV_DB1 | SDEV_DB2) that is non-

     option SCSIDEBUG_BUSES=value
     Define which SCSI buses will print debug info.  Each bit enables debug-
     ging info for the corresponding bus.  e.g. a value of 0x1 enables debug
     info for bus 0.

     option SCSIDEBUG_LEVEL=value
     Define which of the four levels of debugging info are printed.  Each bit
     enables a level, and multiple levels are specified by setting multiple

           0x0010  (SDEV_DB1) SCSI commands, errors, and data
           0x0020  (SDEV_DB2) routine flow
           0x0040  (SDEV_DB3) routine internals
           0x0080  (SDEV_DB4) miscellaneous addition debugging

     If SCSIDEBUG_LEVEL is undefined, a value of 0x0030 (SDEV_DB1|SDEV_DB2) is

     option SCSIDEBUG_LUNS=value
     Define which SCSI luns will print debug info.  Each bit enables debugging
     info for the corresponding lun.

     option SCSIDEBUG_TARGETS=value
     Define which SCSI targets will print debug info.  Each bit enables debug-
     ging info for the corresponding target.

     option SCSITERSE
     Terser SCSI error messages.  This omits the table for decoding ASC/ASCQ
     info, saving about 30KB.

     option SEMMNI=value
     Number of semaphore identifiers (also called semaphore handles and sema-
     phore sets) available in the system.  Default value is 10.  The kernel
     allocates memory for the control structures at startup, so arbitrarily
     large values should be avoided.

     option SEMMNS=value
     Maximum number of semaphores in all sets in the system.  Default value is

     option SEMMNU=value
     Maximum number of semaphore undo structures in the system.  Default value
     is 30.

     option SEMUME=value
     Maximum number of per-process undo operation entries in the system.  Sem-
     aphore undo operations are invoked by the kernel when semop(2) is called
     with the SEM_UNDO flag and the process holding the semaphores terminates
     unexpectedly.  Default value is 10.

     option SHMMAXPGS=value
     Sets the maximum number of AT&T System V UNIX style shared memory pages
     that are available through the shmget(2) system call.  Default value is
     1024 on most architectures.  See /usr/include/machine/vmparam.h for the

     option SYSVMSG
     Includes support for AT&T System V UNIX style message queues.  See
     msgctl(2), msgget(2), msgrcv(2), msgsnd(2).

     option SYSVSEM
     Includes support for AT&T System V UNIX style semaphores.  See semctl(2),
     semget(2), semop(2).

     option SYSVSHM
     Includes support for AT&T System V UNIX style shared memory.  See
     shmat(2), shmctl(2), shmdt(2), shmget(2).

     intro(4), files.conf(5), config(8), sysctl(8)

     The options man page first appeared in OpenBSD 2.3.

     The INET option should not be required.

BSD                            January 21, 2015                            BSD