[CFT] modular kernel config

Alexander Leidinger Alexander at Leidinger.net
Thu Feb 23 08:18:28 UTC 2012

Quoting "Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net> (from Wed,  
22 Feb 2012 22:31:36 +0000):

> On 21. Feb 2012, at 13:35 , Alexander Leidinger wrote:
>> You can download from
>>  http://www.Leidinger.net/FreeBSD/current-patches/
>> The files are
>>  - i386_SMALL
>>  - i386_SMALL_loader.conf
>>  - amd64_SMALL
>>  - amd64_SMALL_loader.conf
> I only looked at the laoder.conf for amd64 and the only comment I  
> have is that I do not have the time to wait minutes for all  
> individual modules to be loaded.  This is going to be really bad for  
> boot time.

Well, nobody forces you to use it. And as can be seen on the lists,  
there are patches floating around to improve the loading speed of the  

This is also just an example to be on par as much as possible with  
GENERIC. People which want to use this kernel most probably want to  
cut the loader.conf down and maybe even want to use the rc.conf  
setting to load modules which are not needed to boot.

>> The new stuff in the kernel config compared to GENERIC is (in order  
>> of number of requests from users):
>> - IPSEC (+ device enc + IPSEC_NAT_T)
> You cannot ship that on by default for non-tecnical reasons in a  
> kernel.  Please do not commit a kernel config that can be booted (no  
> LINT cannot be booted) with these on without consulting appropriate  
> hats upfront.

I planned to contact core to ask if there are some US export  
restrictions to take into account before committing. Do you have a  
different hat in mind?

>> - ALTQ
>> - QUOTA
>> - IPSTEALTH (disabled in loader.conf)
>> - IPFIREWALL_FORWARD (touches every packet, power users which need
>>   a bigger PPS but not this feature can recompile the kernel,
>>   discussed with julian@)
>> - FLOWTABLE (disabled in loader.conf)
> Which is not the same as it's not 100% disabled and will still  
> allocate memory.

I assume this means that the sideeffects are only some conditionals  
more for the packets which pass the corresponding kernel places (to  
check if the feature is enabled, I had a look for the  
IPFIREWALL_FORWARD and IPSTEALTH options regarding this). Regarding  
the memory usage I assume this means that if someone removes the  
loading of modules he does not use from the loader.conf, he will use  
less memory with those things enabled, than would be used by a GENERIC  

Both of those things where taken into account before providing this  
config here. As I wrote above, people which need the last few PPS more  
can compile a kernel without those features (they are power-users),  
while people which do not want to compile kernels at all (and there  
are a lot of such people, just have a look at how many people use  
freebsd-update and you will get an idea about the target audience) get  
more features to play with.

This is also not supposed to replace GENERIC, but it coud be offered  
as an option to install this kernel instead of GENERIC (or we can  
install in in parallel and the user can chose which kernel he wants to  
boot, or ...).



http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID = 72077137

More information about the freebsd-stable mailing list