Custom kernel poll summary (was: Re: Reducing the need to
compile a custom kernel)
Ian Smith
smithi at nimnet.asn.au
Tue Feb 14 15:43:54 UTC 2012
On Tue, 14 Feb 2012 2:37:55 +0100, Alexander Leidinger wrote:
> Here is what I got, the first column is the number of requests, the second
> what is requested, and the 3rd my comments (basically it means, if there is a
> comment, it is not needed/possible to include in a modular kernel):
> ---snip---
[..]
> 1 IPFIREWALL_FORWARD -> performance impact too big if unused (julian)
I expect Julian will object if I've mis-paraphrased or over-simplified
something I recall him saying at least a couple of years ago :)
[..]
> 4 ALTQ* -> does add code to the pf module
> other impact?
ipfw(8) can also apply ALTQ tags, but relies on pfctl(8) to setup the
queues - or so I read; I've not used it here. From altq(4):
ALTQ Enable ALTQ.
ALTQ_CBQ Build the ``Class Based Queuing'' discipline.
ALTQ_RED Build the ``Random Early Detection'' extension.
ALTQ_RIO Build ``Random Early Drop'' for input and output.
ALTQ_HFSC Build the ``Hierarchical Packet Scheduler'' discipline.
ALTQ_CDNR Build the traffic conditioner. This option is meaningless at
the moment as the conditioner is not used by any of the
available disciplines or consumers.
ALTQ_PRIQ Build the ``Priority Queuing'' discipline.
ALTQ_NOPCC Required if the TSC is unusable.
ALTQ_DEBUG Enable additional debugging facilities.
Note that ALTQ-disciplines cannot be loaded as kernel modules. In order
to use a certain discipline you have to build it into a custom kernel.
The pf(4) interface, that is required for the configuration process of
ALTQ can be loaded as a module.
So which disciplines would one choose? Seeming an unlikely candidate?
> 1 IPSTEALTH -> changes ipfw module only?
I don't think this is specific to ipfw. From /sys/conf/NOTES:
# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding
# packets without touching the TTL). This can be useful to hide firewalls
# from traceroute and similar tools.
But can it be disabled once added to kernel? It's no good as a default.
> 1 IPFIREWALL_VERBOSE_LIMIT=5 -> changes ipfw module only?
> loader tunable?
> 1 IPFIREWALL_VERBOSE -> changes ipfw module only?
> loader tunable?
sysctl.conf: net.inet.ip.fw.verbose and net.inet.ip.fw.verbose_limit
cheers, Ian
More information about the freebsd-stable
mailing list