Updated: 2021/Dec/3

OPTIONS(4)                   Device Drivers Manual                  OPTIONS(4)

     options - Miscellaneous kernel configuration options

     cinclude ...
     config ...
     [no] file-system ...
     ident ...
     include ...
     [no] makeoptions ...
     maxusers ...
     [no] options ...
     [no] pseudo-device ...

     This manual page describes a number of miscellaneous kernel configuration
     options that may be specified in a kernel config file.  See config(1) and
     config(5) for information on how to configure and build kernels.

     The no form removes a previously specified option.

     The following keywords are recognized in a kernel configuration file:

     cinclude "filename"
     Conditionally includes another kernel configuration file whose name is
     filename, which may be double-quoted and may be an explicit path or
     relative to the kernel source directory.  Failure to open the named file
     is ignored.

     config exec_name root on rootdev [type fstype] [dumps on dumpdev]
     Defines a configuration whose kernel executable is named exec_name,
     normally "netbsd", with its root file system of type fstype on the device
     rootdev, and optionally specifying the location of kernel core dumps on
     the device dumpdev.  dev or dumpdev and fstype may be specified as "?",
     which is a wild card.  The root fstype and dumpdev are optional and
     assumed to be wild carded if they are not specified.

     device_instance at attachment [locators value [...]] [flags value]
     Define an instance of the device driver device_instance that attaches to
     the bus or device named attachment.  An attachment may require additional
     information on where the device can be found, such as an address,
     channel, function, offset, and/or slot, referred to as locators, whose
     value often may be a wild card, "?".  Some device drivers have one or
     more flags that can be adjusted to affect the way they operate.

     file-system fs_name [, fs_name [...]]
     Include support for the file-system fs_name.

     ident "string"
     Sets the kernel identification string to string.

     include "filename"
     Functions the same as cinclude, except failure to open filename produces
     a fatal error.

     makeoptions name=value
     Defines a make(1) macro name with the value value in the kernel Makefile.

     maxusers integer
     Set the maxusers variable in the kernel.

     no keyword name [arguments [...]]
     For the config(1) keywords file-system, makeoptions, options, and pseudo-
     device, no removes the file-system, makeoption, options, or pseudo-
     device, name.  This is useful when a kernel configuration file includes
     another which has undesired options.

     For example, a local configuration file that wanted the kitchen sink, but
     not COMPAT_09 or bridging, might be:

           include "arch/i386/conf/GENERIC"
           no options COMPAT_09
           no pseudo-device bridge

     options option_name [, option_name=value [...]]
     Specifies (or sets) the option, or comma-separated list of options,
     option_name.  Some options expect to be assigned a value, which may be an
     integer, a double-quoted word, a bare word, or an empty string ("").
     Note that those are eventually handled by the C compiler, so the rules of
     that language apply.

     Note: Options that are not defined by device definition files are passed
     to the compile process as -D flags to the C compiler.

     pseudo-device name [N]
     Includes support for the pseudo-device name.  Some pseudo-devices can
     have multiple or N instances.

   Compatibility Options
     Note that compatibility options for older NetBSD releases includes
     support for newer releases as well.  This means that typically only one
     of these is necessary, with the COMPAT_09 option enabling all NetBSD
     compatibility.  This does not include the COMPAT_43 or COMPAT_44 options.

     options COMPAT_09
     Enable binary compatibility with NetBSD 0.9.  This enables support for
     16-bit user, group, and process IDs (following revisions support 32-bit
     identifiers).  It also allows the use of the deprecated getdomainname(3),
     setdomainname(3), and uname(3) syscalls.  This option also allows using
     numeric file system identifiers rather than strings.  Post NetBSD 0.9
     versions use string identifiers.

     options COMPAT_10
     Enable binary compatibility with NetBSD 1.0.  This option allows the use
     of the file system name of "ufs" as an alias for "ffs".  The name "ffs"
     should be used post 1.0 in /etc/fstab and other files.  It also adds old
     syscalls for the AT&T System V UNIX shared memory interface.  This was
     changed post 1.0 to work on 64-bit architectures.  This option also
     enables "sgtty" compatibility, without which programs using the old
     interface produce an "inappropriate ioctl" error, and /dev/io only works
     when this option is set in the kernel, see io(4) on ports that support

     options COMPAT_11
     Enable binary compatibility with NetBSD 1.1.  This allows binaries
     running on the i386 port to gain direct access to the io ports by opening
     /dev/io read/write.  This functionality was replaced by i386_iopl(2) post
     1.1.  On the Atari port, the location of the disk label was moved after
     1.1.  When the COMPAT_11 option is set, the kernel will read (pre) 1.1
     style disk labels as a last resort.  When a disk label is re-written, the
     old style label will be replaced with a post 1.1 style label.  This also
     enables the EXEC_ELF_NOTELESS option.

     options COMPAT_12
     Enable binary compatibility with NetBSD 1.2.  This allows the use of old
     syscalls for reboot() and swapon().  The syscall numbers were changed
     post 1.2 to add functionality to the reboot(2) syscall, and the new
     swapctl(2) interface was introduced.  This also enables the
     EXEC_ELF_NOTELESS option.

     options COMPAT_13
     Enable binary compatibility with NetBSD 1.3.  This allows the use of old
     syscalls for sigaltstack(), and also enables the old swapctl(2) command
     SWAP_STATS (now called SWAP_OSTATS), which does not include the se_path
     member of struct swapent.

     options COMPAT_14
     Enable binary compatibility with NetBSD 1.4.  This allows some old
     ioctl(2) on wscons(4) to be performed, and allows the NFSSVC_BIOD mode of
     the nfssvc(2) system call to be used for compatibility with the
     deprecated nfsiod program.

     options COMPAT_15
     Enable binary compatibility with NetBSD 1.5.  Since there were no API
     changes from NetBSD 1.5 and NetBSD 1.6, this option does nothing.

     options COMPAT_16
     Enable binary compatibility with NetBSD 1.6.  This allows the use of old
     signal trampoline code which has been deprecated with the addition of

     options COMPAT_20
     Enable binary compatibility with NetBSD 2.0.  This allows the use of old
     syscalls for statfs(), fstatfs(), getfsstat() and fhstatfs(), which have
     been deprecated with the addition of the statvfs(2), fstatvfs(2),
     getvfsstat(2) and fhstatvfs(2) system calls.

     options COMPAT_30
     Enable binary compatibility with NetBSD 3.0.  See compat_30(8) for
     details about the changes made after the NetBSD 3.0 release.

     options COMPAT_40
     Enable binary compatibility with NetBSD 4.0.  This allows the use of old
     ptrace(2) calls for the SH3 platform.  It also enables the old mount(2)
     system call that did not include the data length parameter.  The
     power_event_t structure's pev_switch is filled in.

     options COMPAT_43
     Enables compatibility with 4.3BSD.  This adds an old syscall for
     lseek(2).  It also adds the ioctls for TIOCGETP and TIOCSETP.  The return
     values for getpid(2), getgid(2), and getuid(2) syscalls are modified as
     well, to return the parent's PID and UID as well as the current
     process's.  It also enables the deprecated NTTYDISC terminal line
     discipline.  It also provides backwards compatibility with "old"
     SIOC[GS]IF{ADDR,DSTADDR,BRDADDR,NETMASK} interface ioctls, including
     binary compatibility with code written before the introduction of the
     sa_len field in sockaddrs.  It also enables support for some older pre
     4.4BSD socket calls.

     options COMPAT_50
     Enable binary compatibility with NetBSD 5.0.  This enables support for
     the old time_t and dev_t types as 32 bit, and all the associated kernel
     interface changes.  It also enables old gpio(4) and rnd(4) interfaces.

     options COMPAT_60
     Enable binary compatibility with NetBSD 6.0.  This provides old ccd(4)
     interfaces, enables support for old cpuctl(8) microcode interfaces, and
     support for the old ptmget structure.

     options COMPAT_70
     Enable binary compatibility with NetBSD 7.0.  This provides support for
     old route(4) interfaces.

     options COMPAT_80
     Enable binary compatibility with NetBSD 8.0.

     options COMPAT_90
     Enable binary compatibility with NetBSD 9.0.

     options COMPAT_BSDPTY
     This option is currently on by default and enables the pty multiplexer
     ptm(4) and ptmx(4) to find and use ptys named /dev/ptyXX (master) and
     /dev/ttyXX (slave).  Eventually this option will become optional as ptyfs
     based pseudo-ttys become the default, see mount_ptyfs(8).

     options COMPAT_LINUX
     On those architectures that support it, this enables binary compatibility
     with Linux ELF and a.out(5) applications built for the same architecture.
     This currently includes the alpha, arm, i386, m68k, mips, powerpc and
     x86_64 ports.

     options COMPAT_LINUX32
     On those 64 bit architectures that support it, this enables binary
     compatibility with 32 bit Linux binaries.  For now this is limited to
     running i386 ELF Linux binaries on amd64.

     options COMPAT_SUNOS
     On those architectures that support it, this enables binary compatibility
     with SunOS 4.1 applications built for the same architecture.  This
     currently includes the sparc, sparc64 and most or all m68k ports.  Note
     that the sparc64 requires the COMPAT_NETBSD32 option for 64-bit kernels,
     in addition to this option.

     options COMPAT_ULTRIX
     On those architectures that support it, this enables binary compatibility
     with ULTRIX applications built for the same architecture.  This currently
     is limited to the pmax.  The functionality of this option is unknown.

     options COMPAT_FREEBSD
     On those architectures that support it, this enables binary compatibility
     with FreeBSD applications built for the same architecture.  At the moment
     this is limited to the i386 port.

     options COMPAT_NOMID
     Enable compatibility with a.out(5) executables that lack a machine ID.
     This includes NetBSD 0.8's ZMAGIC format, and 386BSD and BSDI's QMAGIC,
     NMAGIC, and OMAGIC a.out(5) formats.

     options COMPAT_NETBSD32
     On those architectures that support it, this enables binary compatibility
     with 32-bit applications built for the same architecture.  This is
     currently limited to the amd64 and sparc64 ports, and only applicable for
     64-bit kernels.

     options COMPAT_AOUT_M68K
     On m68k architectures which have switched to ELF, this enables binary
     compatibility with NetBSD/m68k a.out(5) executables on NetBSD/m68k ELF
     kernels.  This handles alignment incompatibility of m68k ABI between
     a.out and ELF which causes the structure padding differences.  Currently
     only some system calls which use struct stat are adjusted and some
     binaries which use sysctl(3) to retrieve network details would not work

     options EMUL_NATIVEROOT=string
     Just like emulated binaries first try looking up files in an emulation
     root (e.g.  /emul/linux) before looking them up in real root, this option
     causes native binaries to first look up files in an "emulation" directory
     too.  This can be useful to test an amd64 kernel on top of an i386 system
     before full migration: by unpacking the amd64 distribution in e.g.
     /emul/netbsd64 and specifying that location as EMUL_NATIVEROOT, native
     amd64 binaries can be run while the root file system remains populated
     with i386 binaries.  Beware of /dev incompatibilities between i386 and
     amd64 if you do this.

     options EXEC_ELF_NOTELESS
     Run unidentified ELF binaries as NetBSD binaries.  This might be needed
     for very old NetBSD ELF binaries on some archs.  These old binaries
     didn't contain an appropriate .note.netbsd.ident section, and thus can't
     be identified by the kernel as NetBSD binaries otherwise.  Beware - if
     this option is on, the kernel would run any unknown ELF binaries as if
     they were NetBSD binaries.

   Debugging Options
     options DDB
     Compiles in a kernel debugger for diagnosing kernel problems.  See ddb(4)
     for details.  NOTE: not available on all architectures.

     options DDB_FROMCONSOLE=integer
     If set to non-zero, DDB may be entered by sending a break on a serial
     console or by a special key sequence on a graphics console.  A value of
     "0" ignores console breaks or key sequences.  If not explicitly
     specified, the default value is "1".  Note that this sets the value of
     the ddb.fromconsole sysctl(3) variable which may be changed at run time
     -- see sysctl(8) for details.

     options DDB_HISTORY_SIZE=integer
     If this is non-zero, enable history editing in the kernel debugger and
     set the size of the history to this value.

     options DDB_ONPANIC
     The default if not specified is "1" - just enter into DDB.  If set to "0"
     the kernel will attempt to print out a stack trace and reboot the system.
     If set to "-1" then neither a stack trace is printed or DDB entered - it
     is as if DDB were not compiled into the kernel.  Note that this sets the
     value of the ddb.onpanic sysctl(3) variable which may be changed at run
     time -- see sysctl(8) for details.

     options DDB_COMMANDONENTER=string
     This option specify commands which will be executed on each entry to DDB.
     This sets the default value of the ddb.commandonenter sysctl(3) variable
     which may be changed at run time.

     options DDB_BREAK_CHAR=integer
     This option overrides using break to enter the kernel debugger on the
     serial console.  The value given is the ASCII value to be used instead.
     This is currently only supported by the com driver.

     options CNMAGIC=string
     This option overrides the cnmagic(9) string used to enter the kernel

     options DDB_VERBOSE_HELP
     This option adds more verbose descriptions to the help command.

     options DDB_PANICSTACKFRAMES=integer
     Number of stack frames to display on panic.  Useful to avoid scrolling
     away the interesting frames on a glass tty.  Default value is 65535 (all
     frames), useful value around 10.

     options KGDB
     Compiles in a remote kernel debugger stub for diagnosing kernel problems
     using the "remote target" feature of gdb.  See gdb(1) for details.  NOTE:
     not available on all architectures.

     options KGDB_DEV
     Device number (as a dev_t) of kgdb device.

     options KGDB_DEVADDR
     Memory address of kgdb device.

     options KGDB_DEVMODE
     Permissions of kgdb device.

     options KGDB_DEVNAME
     Device name of kgdb device.

     options KGDB_DEVRATE
     Baud rate of kgdb device.

     makeoptions DEBUG="-g"
     The -g flag causes netbsd.gdb to be built in addition to netbsd.
     netbsd.gdb is useful for debugging kernel crash dumps with gdb.  See
     gdb(1) for details.

     options DEBUG
     Turns on miscellaneous kernel debugging.  Since options are turned into
     preprocessor defines (see above), options DEBUG is equivalent to doing a
     #define DEBUG throughout the kernel.  Much of the kernel has #ifdef DEBUG
     conditionalized debugging code.  Note that many parts of the kernel
     (typically device drivers) include their own #ifdef XXX_DEBUG
     conditionals instead.  This option also turns on certain other options,
     which may decrease system performance.  Systems with this option are not
     suitable for regular use, and are intended only for debugging or looking
     for bugs.

     options DIAGNOSTIC
     Adds code to the kernel that does internal consistency checks.  This code
     will cause the kernel to panic if corruption of internal data structures
     is detected.  Historically, the performance degradation is sufficiently
     small that it is reasonable for systems with options DIAGNOSTIC to be in
     production use, with the real consideration not being performance but
     instead a preference for more panics versus continued operation with
     undetected problems.

     options LOCKDEBUG
     Adds code to the kernel to detect incorrect use of locking primitives
     (mutex, rwlock).  This code will cause the kernel to check for dead lock
     conditions.  It will also check for memory being freed to not contain
     initialised lock primitives.  Functions for use in ddb(4) to check lock
     chains etc. are also enabled.  These checks are very expensive and can
     decrease performance on multi-processor machines by a factor of three.

     options KDTRACE_HOOKS
     Adds hooks for the DTrace tracing facility, which allows users to analyze
     many aspects of system and application behavior.  See dtrace(1) for

     Check kernel stack usage and panic if stack overflow is detected.  This
     check is performance sensitive because it scans stack on each context

     options KTRACE
     Add hooks for the system call tracing facility, which allows users to
     watch the system call invocation behavior of processes.  See ktrace(1)
     for details.

     options MSGBUFSIZE=integer
     This option sets the size of the kernel message buffer.  This buffer
     holds the kernel output of printf() when not (yet) read by syslogd(8).
     This is particularly useful when the system has crashed and you wish to
     lookup the kernel output from just before the crash.  Also, since the
     autoconfig output becomes more and more verbose, it sometimes happens
     that the message buffer overflows before syslogd(8) was able to read it.
     Note that not all systems are capable of obtaining a variable sized
     message buffer.  There are also some systems on which memory contents are
     not preserved across reboots.

     options KERNHIST
     Enables the kernel history logs, which create in-memory traces of various
     kernel activities.  These logs can be displayed by using show kernhist
     from DDB.  See the kernel source file sys/kern/kern_history.c and the
     kernhist(9) manual for details.

     options KERNHIST_PRINT
     Prints the kernel history logs on the system console as entries are
     added.  Note that the output is extremely voluminous, so this option is
     really only useful for debugging the very earliest parts of kernel

     options UVMHIST
     Like KERNHIST, it enables the UVM history logs.  These logs can be
     displayed by using show kernhist from DDB.  See the kernel source file
     sys/uvm/uvm_stat.c for details.

     options UVMHIST_PRINT
     Like UVMHIST, it prints the UVM history logs on the system console as
     entries are added.  Note that the output is extremely voluminous, so this
     option is really only useful for debugging the very earliest parts of
     kernel initialization.

     Set the size of the "maphist" kernel history.  The default is 100.  This
     option depends upon the UVMHIST option.

     Set the size of the "pdhist" kernel history.  The default is 100.  This
     option depends upon the UVMHIST option.

     options BIOHIST
     Like KERNHIST, it enables the BIO history logs.  These logs can be
     displayed by using show kernhist from DDB, and can help in debugging
     problems with Buffered I/O operations.  See the kernel source file
     sys/kern/vfs_vio.c for details.

     options BIOHIST_PRINT
     Like BIOHIST, it prints the BIO history logs on the system console as
     entries are added.  Note that the output is extremely voluminous, so this
     option is really only useful for debugging the very earliest parts of
     kernel initialization.

     options BIOHIST_SIZE
     Set the size of the "biohist" kernel history.  The default is 500.  This
     option depends upon the BIOHIST option.

   File Systems
     file-system FFS
     Includes code implementing the Berkeley Fast File System (FFS).  Most
     machines need this if they are not running diskless.

     file-system EXT2FS
     Includes code implementing the Second Extended File System (ext2),
     revision 0 and revision 1 with the filetype, sparse_super and large_file
     options.  This is the most commonly used file system on the Linux
     operating system, and is provided here for compatibility.  Some of the
     specific features of ext2 like the "behavior on errors" are not
     implemented.  See mount_ext2fs(8) for details.

     file-system LFS
     [EXPERIMENTAL] Include the Log-structured File System (LFS).  See
     mount_lfs(8) and newfs_lfs(8) for details.

     file-system MFS
     Include the Memory File System (MFS).  This file system stores files in
     swappable memory, and produces notable performance improvements when it
     is used as the file store for /tmp and similar file systems.  See
     mount_mfs(8) for details.

     file-system NFS
     Include the client side of the Network File System (NFS) remote file
     sharing protocol.  Although the bulk of the code implementing NFS is
     kernel based, several user level daemons are needed for it to work.  See
     mount_nfs(8) for details.

     file-system CD9660
     Includes code for the ISO 9660 + Rock Ridge file system, which is the
     standard file system on many CD-ROM discs.  Useful primarily if you have
     a CD-ROM drive.  See mount_cd9660(8) for details.

     file-system MSDOSFS
     Includes the MS-DOS FAT file system, which is reportedly still used by
     unfortunate people who have not heard about NetBSD.  Also implements the
     Windows 95 extensions to the same, which permit the use of longer, mixed
     case file names.  See mount_msdos(8) and fsck_msdos(8) for details.

     file-system NTFS
     [EXPERIMENTAL] Includes code for the Microsoft Windows NT file system.
     See mount_ntfs(8) for details.

     file-system FDESC
     Includes code for a file system, conventionally mounted on /dev/fd, which
     permits access to the per-process file descriptor space via special files
     in the file system.  See mount_fdesc(8) for details.  Note that this
     facility is redundant, and thus unneeded on most NetBSD systems, since
     the fd(4) pseudo-device driver already provides identical functionality.
     On most NetBSD systems, instances of fd(4) are mknoded under /dev/fd/ and
     on /dev/stdin, /dev/stdout, and /dev/stderr.

     file-system KERNFS
     Includes code which permits the mounting of a special file system
     (normally mounted on /kern) in which files representing various kernel
     variables and parameters may be found.  See mount_kernfs(8) for details.

     file-system NULLFS
     Includes code for a loopback file system.  This permits portions of the
     file hierarchy to be re-mounted in other places.  The code really exists
     to provide an example of a stackable file system layer.  See
     mount_null(8) for details.

     file-system OVERLAY
     Includes code for a file system filter.  This permits the overlay file
     system to intercept all access to an underlying file system.  This file
     system is intended to serve as an example of a stacking file system which
     has a need to interpose itself between an underlying file system and all
     other access.  See mount_overlay(8) for details.

     file-system PROCFS
     Includes code for a special file system (conventionally mounted on /proc)
     in which the process space becomes visible in the file system.  Among
     other things, the memory spaces of processes running on the system are
     visible as files, and signals may be sent to processes by writing to ctl
     files in the procfs namespace.  See mount_procfs(8) for details.

     file-system UDF
     [EXPERIMENTAL] Includes code for the UDF file system commonly found on CD
     and DVD media but also on USB sticks.  Currently supports read and write
     access up to UDF 2.01 and somewhat limited write support for UDF 2.50.
     It is marked experimental since there is no fsck_udf(8).  See
     mount_udf(8) for details.

     file-system UMAPFS
     Includes a loopback file system in which user and group IDs may be
     remapped -- this can be useful when mounting alien file systems with
     different UIDs and GIDs than the local system.  See mount_umap(8) for

     file-system UNION
     [EXPERIMENTAL] Includes code for the union file system, which permits
     directories to be mounted on top of each other in such a way that both
     file systems remain visible -- this permits tricks like allowing writing
     (and the deleting of files) on a read-only file system like a CD-ROM by
     mounting a local writable file system on top of the read-only file
     system.  See mount_union(8) for details.

     file-system CODA
     [EXPERIMENTAL] Includes code for the Coda file system.  Coda is a
     distributed file system like NFS and AFS.  It is freely available, like
     NFS, but it functions much like AFS in being a "stateful" file system.
     Both Coda and AFS cache files on your local machine to improve
     performance.  Then Coda goes a step further than AFS by letting you
     access the cached files when there is no available network, viz.
     disconnected laptops and network outages.  In Coda, both the client and
     server are outside the kernel which makes them easier to experiment with.
     Coda is available for several UNIX and non-UNIX platforms.  See
     http://www.coda.cs.cmu.edu for more details.  NOTE: You also need to
     enable the pseudo-device, vcoda, for the Coda file system to work.

     file-system PTYFS
     Includes code for a special file system (normally mounted on /dev/pts) in
     which pseudo-terminal slave devices become visible in the file system.
     See mount_ptyfs(8) for details.

     file-system TMPFS
     Includes code for the efficient memory file system, normally used over
     /tmp.  See mount_tmpfs(8) for details.

     file-system PUFFS
     Includes kernel support for the pass-to-userspace framework file system.
     It can be used to implement file system functionality in userspace.  See
     puffs(3) for more details.  This enables for example sshfs:

   File System Options
     options DISKLABEL_EI
     Enable "Endian-Independent" disklabel(5) support.  This allows a system
     to recognize a disklabel written in the other byte order.  For writing,
     when a label already exists, its byte order is preserved.  Otherwise, a
     new label is written in the native byte order.  To specify the byte order
     explicitly, the -F option of disklabel(8) should be used with the -B
     option in order to avoid using ioctl(2), which results in the default
     behavior explained above.  At the moment this option is restricted to the
     following ports: amd64, bebox, emips, epoc32, evbarm, i386, ibmnws,
     landisk, mvmeppc, prep, rs6000, sandpoint, xen, and zaurus; also to
     machines of the evbmips and evbppc ports that support Master Boot Record

     options MAGICLINKS
     Enables the expansion of special strings (beginning with "@") when
     traversing symbolic links.  See symlink(7) for a list of supported
     strings.  Note that this option only controls the enabling of this
     feature by the kernel at boot-up.  This feature can still be manipulated
     with the sysctl(8) command regardless of the setting of this option.

     options NFSSERVER
     Include the server side of the NFS (Network File System) remote file
     sharing protocol.  Although the bulk of the code implementing NFS is
     kernel based, several user level daemons are needed for it to work.  See
     mountd(8) and nfsd(8) for details.

     options NVNODE=integer
     This option sets the size of the cache used by the name-to-inode
     translation routines, (a.k.a. the namei() cache, though called by many
     other names in the kernel source).  By default, this cache has (NPROC +
     NTEXT + 100) entries (NPROC set as 20 + 16 * MAXUSERS and NTEXT as 80 +
     NPROC / 8).  A reasonable way to derive a value of NVNODE, should you
     notice a large number of namei cache misses with a tool such as
     systat(1), is to examine your system's current computed value with
     sysctl(8), (which calls this parameter "kern.maxvnodes") and to increase
     this value until either the namei cache hit rate improves or it is
     determined that your system does not benefit substantially from an
     increase in the size of the namei cache.

     Causes the namei cache to always enter a reverse mapping (vnode -> name)
     as well as a normal one.  Normally, this is already done for directory
     vnodes, to speed up the getcwd operation.  This option will cause longer
     hash chains in the reverse cache, and thus slow down getcwd somewhat.
     However, it does make vnode -> path translations possible in some cases.
     For now, only useful if strict /proc/#/maps emulation for Linux binaries
     is required.

   Options for FFS/UFS File Systems
     options APPLE_UFS
     Enable support for UFS file systems created on Mac OS X.

     options FFS_EI
     Enable "Endian-Independent" FFS support.  This allows a system to mount
     an FFS file system created for another architecture, at a small
     performance cost for all FFS file systems.  See also newfs(8),
     fsck_ffs(8), dumpfs(8) for file system byte order status and

     options FFS_NO_SNAPSHOT
     Disable support for the creation of file system internal snapshot of FFS
     file systems.  Maybe useful for install media kernels, small memory
     systems and embedded systems which don't require the snapshot support.

     options QUOTA
     Enables kernel support for traditional quotas in FFS.  Traditional quotas
     store the quota information in external files and require quotacheck(8)
     and quotaon(8) at boot time.  Traditional quotas are limited to 32-bit
     sizes and are at this point considered a legacy feature.

     options QUOTA2
     Enables kernel support for in-volume quotas in FFS.  The quota
     information is file system metadata maintained by fsck(8) and/or WAPBL
     journaling.  MFS volumes can also use QUOTA2 quotas; see mount_mfs(8) for
     more information.

     options UFS_DIRHASH
     Increase lookup performance by maintaining in-core hash tables for large

     options UFS_EXTATTR
     Enable extended attribute support for UFS1 file systems.

     options WAPBL
     Enable "Write Ahead Physical Block Logging file system journaling".  This
     provides rapid file system consistency checking after a system outage.
     It also provides better general use performance over regular FFS.  See
     also wapbl(4).

   Options for the LFS File System
     options LFS_EI
     Enable "Endian-Independent" LFS support.  This allows (at a small
     performance cost) mounting an LFS file system created for another

     options LFS_DIRHASH
     Increase lookup performance by maintaining in-core hash tables for large

   Options for the ext2fs File System
     options EXT2FS_SYSTEM_FLAGS
     This option changes the behavior of the APPEND and IMMUTABLE flags for a
     file on an ext2 file system.  Without this option, the superuser or owner
     of the file can set and clear them.  With this option, only the superuser
     can set them, and they can't be cleared if the securelevel is greater
     than 0.  See also chflags(1) and secmodel_securelevel(9).

   Options for the NFS File System
     options NFS_BOOT_BOOTP
     Enable use of the BOOTP protocol (RFCs 951 and 1048) to get configuration
     information if NFS is used to mount the root file system.  See
     diskless(8) for details.

     Enable use of static values defined as "NFS_BOOTSTATIC_MYIP",
     "NFS_BOOTSTATIC_SERVER" in kernel options to get configuration
     information if NFS is used to mount the root file system.

     options NFS_BOOT_DHCP
     Same as "NFS_BOOT_BOOTP", but use the DHCP extensions to the BOOTP
     protocol (RFC 1541).

     Specifies the string sent in the bp_file field of the BOOTP/DHCP request

     Enable use of the BOOTPARAM protocol, consisting of RARP and BOOTPARAM
     RPC, to get configuration information if NFS is used to mount the root
     file system.  See diskless(8) for details.

     options NFS_BOOT_RWSIZE=value
     Set the initial NFS read and write sizes for diskless-boot requests.  The
     normal default is 8Kbytes.  This option provides a way to lower the value
     (e.g., to 1024 bytes) as a workaround for buggy network interface cards
     or boot PROMs.  Once booted, the read and write request sizes can be
     increased by remounting the file system.  See mount_nfs(8) for details.

     options NFS_V2_ONLY
     Reduce the size of the NFS client code by omitting code that's only
     required for NFSv3 and NQNFS support, leaving only that code required to
     use NFSv2 servers.

     options NFS_BOOT_UDP
     Use NFS over UDP instead of the default TCP, for mounting root.

   Buffer queue strategy options
     The following options enable alternative buffer queue strategies.

     options BUFQ_READPRIO
     Enable alternate buffer queue strategy for disk I/O.  In the default
     strategy, outstanding disk requests are ordered by sector number and sent
     to the disk, regardless of whether the operation is a read or write; this
     option gives priority to issuing read requests over write requests.
     Although requests may therefore be issued out of sector-order, causing
     more seeks and thus lower overall throughput, interactive system
     responsiveness under heavy disk I/O load may be improved, as processes
     blocking on disk reads are serviced sooner (file writes typically don't
     cause applications to block).  The performance effect varies greatly
     depending on the hardware, drive firmware, file system configuration,
     workload, and desired performance trade-off.  Systems using drive write-
     cache (most modern IDE disks, by default) are unlikely to benefit and may
     well suffer; such disks acknowledge writes very quickly, and optimize
     them internally according to physical layout.  Giving these disks as many
     requests to work with as possible (the standard strategy) will typically
     produce the best results, especially if the drive has a large cache; the
     drive will silently complete writes from cache as it seeks for reads.
     Disks that support a large number of concurrent tagged requests (SCSI
     disks and many hardware RAID controllers) expose this internal scheduling
     with tagged responses, and don't block for reads; such disks may not see
     a noticeable difference with either strategy.  However, if IDE disks are
     run with write-cache disabled for safety, writes are not acknowledged
     until actually completed, and only one request can be outstanding; a
     large number of small writes in one locality can keep the disk busy,
     starving reads elsewhere on the disk.  Such systems are likely to see the
     most benefit from this option.  Finally, the performance interaction of
     this option with ffs soft dependencies can be subtle, as that mechanism
     can drastically alter the workload for file system metadata writes.

     options BUFQ_PRIOCSCAN
     Enable another buffer queue strategy for disk I/O, per-priority cyclical

     options NEW_BUFQ_STRATEGY
     Synonym of BUFQ_READPRIO.

   Miscellaneous Options
     options CPU_UCODE
     Support cpu microcode loading via cpuctl(8).

     This option makes the md(4) RAM disk size dynamically sized.  It is
     incompatible with mdsetimage(8).

     options MEMORY_DISK_HOOKS
     This option allows for some machine dependent functions to be called when
     the md(4) RAM disk driver is configured.  This can result in
     automatically loading a RAM disk from floppy on open (among other

     options MEMORY_DISK_IS_ROOT
     Forces the md(4) RAM disk to be the root device.  This can only be
     overridden when the kernel is booted in the 'ask-for-root' mode.

     options MEMORY_DISK_ROOT_SIZE=integer
     Allocates the given number of 512 byte blocks as memory for the md(4) RAM
     disk, to be populated with mdsetimage(8).

     options MEMORY_DISK_SERVER=0
     Do not include the interface to a userland memory disk server process.
     Per default, this option is set to 1, including the support code.  Useful
     for install media kernels.

     options MEMORY_DISK_RBFLAGS=value
     This option sets the reboot(2) flags used when booting with a memory disk
     as root file system.  Possible values include RB_AUTOBOOT (boot in the
     usual fashion - default value), and RB_SINGLE (boot in single-user mode).

     options MODULAR
     Enables the framework for kernel modules (see module(7)).

     Enables the autoloading of kernel modules by default.  This sets the
     default value of the kern.module.autoload sysctl(3) variable which may be
     changed at run time.

     options VND_COMPRESSION
     Enables the vnd(4) driver to also handle compressed images.  See
     vndcompress(1), vnd(4) and vnconfig(8) for more information.

     options SPLDEBUG
     Help the kernel programmer find bugs related to the interrupt priority
     level.  When spllower() or splraise() changes the current CPU's interrupt
     priority level to or from IPL_HIGH, record a backtrace.  Read
     i386/return_address(9) for caveats about collecting backtraces.  This
     feature is experimental, and it is only available on i386.  See

     options TFTPROOT
     Download the root memory disk through TFTP at root mount time.  This
     enables the use of a root RAM disk without requiring it to be embedded in
     the kernel using mdsetimage(8).  The RAM disk name is obtained using
     DHCP's filename parameter.  This option requires MEMORY_DISK_HOOKS and
     MEMORY_DISK_DYNAMIC.  It is incompatible with MEMORY_DISK_ROOT_SIZE.

     options HZ=integer
     On ports that support it, set the system clock frequency (see hz(9)) to
     the supplied value.  Handle with care.

     options NTP
     Turns on in-kernel precision timekeeping support used by software
     implementing NTP (Network Time Protocol, RFC 1305).  The NTP option adds
     an in-kernel Phase-Locked Loop (PLL) for normal NTP operation, and a
     Frequency-Locked Loop (FLL) for intermittently-connected operation.
     ntpd(8) will employ a user-level PLL when kernel support is unavailable,
     but the in-kernel version has lower latency and more precision, and so
     typically keeps much better time.

     The interface to the kernel NTP support is provided by the ntp_adjtime(2)
     and ntp_gettime(2) system calls, which are intended for use by ntpd(8)
     and are enabled by the option.  On systems with sub-microsecond
     resolution timers, or where (HZ/100000) is not an integer, the NTP option
     also enables extended-precision arithmetic to keep track of fractional
     clock ticks at NTP time-format precision.

     options PPS_SYNC
     This option enables a kernel serial line discipline for receiving time
     phase signals from an external reference clock such as a radio clock.
     (The NTP option (which see) must be on if the PPS_SYNC option is used).
     Some reference clocks generate a Pulse Per Second (PPS) signal in phase
     with their time source.  The PPS line discipline receives this signal on
     either the data leads or the DCD control lead of a serial port.

     NTP uses the PPS signal to discipline the local clock oscillator to a
     high degree of precision (typically less than 50 microseconds in time and
     0.1 ppm in accuracy).  PPS can also generate a serial output pulse when
     the system receives a PPS interrupt.  This can be used to measure the
     system interrupt latency and thus calibrate NTP to account for it.  Using
     PPS usually requires a gadget box to convert from TTL to RS-232 signal
     levels.  The gadget box and PPS are described in more detail in the HTML
     documentation for ntpd(8) in /usr/share/doc/html/ntp.

     NetBSD currently supports this option in com(4) and zsc(4).

     options SETUIDSCRIPTS
     Allows scripts with the setuid bit set to execute as the effective user
     rather than the real user, just like binary executables.

     NOTE: Using this option will also enable options FDSCRIPTS

     options FDSCRIPTS
     Allows execution of scripts with the execute bit set, but not the read
     bit, by opening the file and passing the file descriptor to the shell,
     rather than the filename.

     NOTE: Execute only (non-readable) scripts will have argv[0] set to
     /dev/fd/*.  What this option allows as far as security is concerned, is
     the ability to safely ensure that the correct script is run by the
     interpreter, as it is passed as an already open file.

     options RTC_OFFSET=integer
     The kernel (and typically the hardware battery backed-up clock on those
     machines that have one) keeps time in UTC (Universal Coordinated Time,
     once known as GMT, or Greenwich Mean Time) and not in the time of the
     local time zone.  The RTC_OFFSET option is used on some ports (such as
     the i386) to tell the kernel that the hardware clock is offset from UTC
     by the specified number of minutes.  This is typically used when a
     machine boots several operating systems and one of them wants the
     hardware clock to run in the local time zone and not in UTC, e.g.
     RTC_OFFSET=300 means the hardware clock is set to US Eastern Time (300
     minutes behind UTC), and not UTC.  (Note: RTC_OFFSET is used to
     initialize a kernel variable named rtc_offset which is the source
     actually used to determine the clock offset, and which may be accessed
     via the kern.rtc_offset sysctl variable.  See sysctl(8) and sysctl(3) for
     details.  Since the kernel clock is initialized from the hardware clock
     very early in the boot process, it is not possible to meaningfully change
     rtc_offset in system initialization scripts.  Changing this value
     currently may only be done at kernel compile time or by patching the
     kernel and rebooting).

     NOTE: Unfortunately, in many cases where the hardware clock is kept in
     local time, it is adjusted for Daylight Savings Time; this means that
     attempting to use RTC_OFFSET to let NetBSD coexist with such an operating
     system, like Windows, would necessitate changing RTC_OFFSET twice a year.
     As such, this solution is imperfect.

     options MAXUPRC=integer
     Sets the soft RLIMIT_NPROC resource limit, which specifies the maximum
     number of simultaneous processes a user is permitted to run, for process
     0; this value is inherited by its child processes.  It defaults to
     CHILD_MAX, which is currently defined to be 160.  Setting MAXUPRC to a
     value less than CHILD_MAX is not permitted, as this would result in a
     violation of the semantics of IEEE Std 1003.1-1990 ("POSIX.1").

     options NOFILE=integer
     Sets the soft RLIMIT_NOFILE resource limit, which specifies the maximum
     number of open file descriptors for each process; this value is inherited
     by its child processes.  It defaults to OPEN_MAX, which is currently
     defined to be 128.

     options MAXFILES=integer
     Sets the default value of the kern.maxfiles sysctl variable, which
     indicates the maximum number of files that may be open in the system.

     options DEFCORENAME=string
     Sets the default value of the kern.defcorename sysctl variable, otherwise
     it is set to %n.core.  See sysctl(8) and sysctl(3) for details.

     options RASOPS_CLIPPING
     Enables clipping within the rasops raster-console output system.  NOTE:
     only available on architectures that use rasops for console output.

     options RASOPS_SMALL
     Removes optimized character writing code from the rasops raster-console
     output system.  NOTE: only available on architectures that use rasops for
     console output.

     Embeds the kernel config file used to define the kernel in the kernel
     binary itself.  The embedded data also includes any files directly
     included by the config file itself, e.g.  GENERIC.local or std.$MACHINE.
     The embedded config file can be extracted from the resulting kernel with
     config(1) -x, or by the following command:

           strings netbsd | sed -n 's/^_CFG_//p' | unvis

     Similar to the above option, but includes just the actual config file,
     not any included files.

     options PIPE_SOCKETPAIR
     Use slower, but smaller socketpair(2)-based pipe implementation instead
     of default faster, but bigger one.  Primarily useful for installation

     options USERCONF
     Compiles in the in-kernel device configuration manager.  See userconf(4)
     for details.

     options SCDEBUG_DEFAULT
     Used with the options SYSCALL_DEBUG described below to choose which types
     of events are displayed.

           SCDEBUG_CALLS     Show system call entry points.
           SCDEBUG_RETURNS   Show system call exit points.
           SCDEBUG_ALL       Show all system call requests, including
                             unimplemented calls.
           SCDEBUG_SHOWARGS  Show the arguments provided.
           SCDEBUG_KERNHIST  Store a restricted form of the system call debug
                             in a kernel history instead of printing it to the
                             console.  This option relies upon options


     options SYSCALL_DEBUG
     Useful for debugging system call issues, usually in early single user
     bringup.  By default, writes entries to the system console for most
     system call events.  Can be configured with the options SCDEBUG_DEFAULT
     option to to use the options KERNHIST facility instead.

     options SYSCALL_STATS
     Count the number of times each system call number is called.  The values
     can be read through the sysctl interface and displayed using systat(1).
     NOTE: not yet available on all architectures.

     options SYSCALL_TIMES
     Count the time spent (using cpu_counter32()) in each system call.  NOTE:
     Using this option will also enable options SYSCALL_STATS.

     Force use of cpu_counter32() even if cpu_hascounter() reports false.
     Useful for systems where the cycle counter doesn't run at a constant rate
     (e.g. Soekris boxes).

     options XSERVER_DDB
     A supplement to XSERVER that adds support for entering ddb(4) while in

     options FILEASSOC
     Support for fileassoc(9).  Required for options PAX_SEGVGUARD and
     pseudo-device veriexec.

     options FILEASSOC_NHOOKS=integer
     Number of storage slots per file for fileassoc(9).  Default is 4.

   Networking Options
     options GATEWAY
     Enables IPFORWARDING and (on most ports) increases the size of
     NMBCLUSTERS.  In general, GATEWAY is used to indicate that a system
     should act as a router, and IPFORWARDING is not invoked directly.  (Note
     that GATEWAY has no impact on protocols other than IP).  GATEWAY option
     also compiles IPv4 and IPv6 fast forwarding code into the kernel.

     options IPFORWARDING=value
     If value is 1 this enables IP routing behavior.  If value is 0 (the
     default), it disables it.  The GATEWAY option sets this to 1
     automatically.  With this option enabled, the machine will forward IP
     datagrams destined for other machines between its interfaces.  Note that
     even without this option, the kernel will still forward some packets
     (such as source routed packets) -- removing GATEWAY and IPFORWARDING is
     insufficient to stop all routing through a bastion host on a firewall --
     source routing is controlled independently.  Note that IP forwarding may
     be turned on and off independently of the setting of the IPFORWARDING
     option through the use of the net.inet.ip.forwarding sysctl variable.  If
     net.inet.ip.forwarding is 1, IP forwarding is on.  See sysctl(8) and
     sysctl(3) for details.

     options IFA_STATS
     Tells the kernel to maintain per-address statistics on bytes sent and
     received over (currently) Internet and AppleTalk addresses.  The option
     is not recommended as it degrades system stability.

     options IFQ_MAXLEN=value
     Increases the allowed size of the network interface packet queues.  The
     default queue size is 50 packets, and you do not normally need to
     increase it.

     options IPSELSRC
     Includes support for source-address selection policies.  See

     options MROUTING
     Includes support for IP multicast routers.  You certainly want INET with
     this.  Multicast routing is controlled by the mrouted(8) daemon.  See
     also option PIM.

     options PIM
     Includes support for Protocol Independent Multicast (PIM) routing.  You
     need MROUTING and INET with this.  Software using this can be found e.g.
     in pkgsrc/net/xorp.

     options INET
     Includes support for the TCP/IP protocol stack.  You almost certainly
     want this.  See inet(4) for details.

     options INET6
     Includes support for the IPv6 protocol stack.  See inet6(4) for details.
     Unlike INET, INET6 enables multicast routing code as well.  This option
     requires INET at this moment, but it should not.

     options ND6_DEBUG
     The option sets the default value of net.inet6.icmp6.nd6_debug to 1, for
     debugging IPv6 neighbor discovery protocol handling.  See sysctl(3) for

     options IPSEC
     Includes support for the IPsec protocol, using the implementation derived
     from OpenBSD, relying on opencrypto(9) to carry out cryptographic
     operations.  See ipsec(4) for details.

     options IPSEC_DEBUG
     Enables debugging code in IPsec stack.  See ipsec(4) for details.  The
     IPSEC option includes support for IPsec Network Address Translator
     traversal (NAT-T), as described in RFCs 3947 and 3948.  This feature
     might be patent-encumbered in some countries.

     options ALTQ
     Enabled ALTQ (Alternate Queueing).  For simple rate-limiting, use
     tbrconfig(8) to set up the interface transmission rate.  To use queueing
     disciplines, their appropriate kernel options should also be defined
     (documented below).  Queueing disciplines are managed by altqd(8).  See
     altq(9) for details.

     options ALTQ_HFSC
     Include support for ALTQ-implemented HFSC (Hierarchical Fair Service
     Curve) module.  HFSC supports both link-sharing and guaranteed real-time
     services.  HFSC employs a service curve based QoS model, and its unique
     feature is an ability to decouple delay and bandwidth allocation.
     Requires ALTQ_RED to use the RED queueing discipline on HFSC classes, or
     ALTQ_RIO to use the RIO queueing discipline on HFSC classes.  This option
     assumes ALTQ.

     options ALTQ_PRIQ
     Include support for ALTQ-implemented PRIQ (Priority Queueing).  PRIQ
     implements a simple priority-based queueing discipline.  A higher
     priority class is always served first.  Requires ALTQ_RED to use the RED
     queueing discipline on HFSC classes, or ALTQ_RIO to use the RIO queueing
     discipline on HFSC classes.  This option assumes ALTQ.

     options ALTQ_WFQ
     Include support for ALTQ-implemented WFQ (Weighted Fair Queueing).  WFQ
     implements a weighted-round robin scheduler for a set of queues.  A
     weight can be assigned to each queue to give a different proportion of
     the link capacity.  A hash function is used to map a flow to one of a set
     of queues.  This option assumes ALTQ.

     options ALTQ_FIFOQ
     Include support for ALTQ-implemented FIFO queueing.  FIFOQ is a simple
     drop-tail FIFO (First In, First Out) queueing discipline.  This option
     assumes ALTQ.

     options ALTQ_RIO
     Include support for ALTQ-implemented RIO (RED with In/Out).  The original
     RIO has 2 sets of RED parameters; one for in-profile packets and the
     other for out-of-profile packets.  At the ingress of the network, profile
     meters tag packets as IN or OUT based on contracted profiles for
     customers.  Inside the network, IN packets receive preferential treatment
     by the RIO dropper.  ALTQ/RIO has 3 drop precedence levels defined for
     the Assured Forwarding PHB of DiffServ (RFC 2597).  This option assumes

     options ALTQ_BLUE
     Include support for ALTQ-implemented Blue buffer management.  Blue is
     another active buffer management mechanism.  This option assumes ALTQ.

     options ALTQ_FLOWVALVE
     Include support for ALTQ-implemented Flowvalve.  Flowvalve is a simple
     implementation of a RED penalty box that identifies and punishes
     misbehaving flows.  This option requires ALTQ_RED and assumes ALTQ.

     options ALTQ_CDNR
     Include support for ALTQ-implemented CDNR (diffserv traffic conditioner)
     packet marking/manipulation.  Traffic conditioners are components to
     meter, mark, or drop incoming packets according to some rules.  As
     opposed to queueing disciplines, traffic conditioners handle incoming
     packets at an input interface.  This option assumes ALTQ.

     options ALTQ_NOPCC
     Disables use of processor cycle counter to measure time in ALTQ.  This
     option should be defined for a non-Pentium i386 CPU which does not have
     TSC, SMP (per-CPU counters are not in sync), or power management which
     affects processor cycle counter.  This option assumes ALTQ.

     options ALTQ_IPSEC
     Include support for IPsec in IPv4 ALTQ.  This option assumes ALTQ.

     options ALTQ_JOBS
     Include support for ALTQ-implemented JoBS (Joint Buffer Management and
     Scheduling).  This option assumes ALTQ.

     options ALTQ_AFMAP
     Include support for an undocumented ALTQ feature that is used to map an
     IP flow to an ATM VC (Virtual Circuit).  This option assumes ALTQ.

     options ALTQ_LOCALQ
     Include support for ALTQ-implemented local queues.  Its practical use is
     undefined.  Assumes ALTQ.

     Sets default value for net.inet.ip.subnetsarelocal variable, which
     controls whether non-directly-connected subnets of connected networks are
     considered "local" for purposes of choosing the MSS for a TCP connection.
     This is mostly present for historic reasons and completely irrelevant if
     you enable Path MTU discovery.

     Sets default value for net.inet.ip.hostzerobroadcast variable, which
     controls whether the zeroth host address of each connected subnet is also
     considered a broadcast address.  Default value is "1", for compatibility
     with old systems; if this is set to zero on all hosts on a subnet, you
     should be able to fit an extra host per subnet on the ".0" address.

     options MCLSHIFT=value
     This option is the base-2 logarithm of the size of mbuf clusters.  The
     BSD networking stack keeps network packets in a linked list, or chain, of
     kernel buffer objects called mbufs.  The system provides larger mbuf
     clusters as an optimization for large packets, instead of using long
     chains for large packets.  The mbuf cluster size, or MCLBYTES, must be a
     power of two, and is computed as two raised to the power MCLSHIFT.  On
     systems with Ethernet network adapters, MCLSHIFT is often set to 11,
     giving 2048-byte mbuf clusters, large enough to hold a 1500-byte Ethernet
     frame in a single cluster.  Systems with network interfaces supporting
     larger frame sizes like ATM, FDDI, or HIPPI may perform better with
     MCLSHIFT set to 12 or 13, giving mbuf cluster sizes of 4096 and 8192
     bytes, respectively.

     options NETATALK
     Include support for the AppleTalk protocol stack.  The kernel provides
     provision for the Datagram Delivery Protocol (DDP), providing SOCK_DGRAM
     support and AppleTalk routing.  This stack is used by the NETATALK
     package, which adds support for AppleTalk server services via user
     libraries and applications.

     options BLUETOOTH
     Include support for the Bluetooth protocol stack.  See bluetooth(4) for

     options IPNOPRIVPORTS
     Normally, only root can bind a socket descriptor to a so-called
     "privileged" TCP port, that is, a port number in the range 0-1023.  This
     option eliminates those checks from the kernel.  This can be useful if
     there is a desire to allow daemons without privileges to bind those
     ports, e.g., on firewalls.  The security tradeoffs in doing this are
     subtle.  This option should only be used by experts.

     options TCP_DEBUG
     Record the last TCP_NDEBUG TCP packets with SO_DEBUG set, and decode to
     the console if tcpconsdebug is set.

     options TCP_NDEBUG
     Number of packets to record for TCP_DEBUG.  Defaults to 100.

     options TCP_SENDSPACE=value

     options TCP_RECVSPACE=value
     These options set the max TCP window size to other sizes than the
     default.  The TCP window sizes can be altered via sysctl(8) as well.

     options TCP_INIT_WIN=value
     This option sets the initial TCP window size for non-local connections,
     which is used when the transmission starts.  The default size is 1, but
     if the machine should act more aggressively, the initial size can be set
     to some other value.  The initial TCP window size can be set via
     sysctl(8) as well.

     options TCP_SIGNATURE
     Enable MD5 TCP signatures (RFC 2385) to protect BGP sessions.

     options IPFILTER_LOG
     This option, in conjunction with pseudo-device ipfilter, enables logging
     of IP packets using IP-Filter.

     options IPFILTER_LOOKUP
     This option enables the IP-Filter ippool(8) functionality to be enabled.

     options IPFILTER_COMPAT
     This option enables older IP-Filter binaries to work.

     This option sets the default policy of IP-Filter.  If it is set, IP-
     Filter will block packets by default.

     options MBUFTRACE
     This option can help track down mbuf leaks.  When enabled, mbufs are
     tagged with the devices and protocols using them.  This can significantly
     decrease network performance, particularly on MP systems.  This
     additional information can be viewed with netstat(1):
           netstat -mssv
     Not all devices or protocols support this option.

   Sysctl Related Options
     Disallows the creation or deletion of nodes from the sysctl tree, as well
     as the assigning of descriptions to nodes that lack them, by any process.
     These operations are still available to kernel sub-systems, including
     loadable kernel modules.

     Prevents processes from adding nodes to the sysctl tree that make
     existing kernel memory areas writable.  Sections of kernel memory can
     still be read and new nodes that own their own data may still be

     Causes the SYSCTL_SETUP routines to print a brief message when they are
     invoked.  This is merely meant as an aid in determining the order in
     which sections of the tree are created.

     Prints a message each time sysctl_create(), the function that adds nodes
     to the tree, is called.

     Causes the kernel to include short, human readable descriptions for nodes
     in the sysctl tree.  The descriptions can be retrieved programmatically
     (see sysctl(3)), or by the sysctl binary itself (see sysctl(8)).  The
     descriptions are meant to give an indication of the purpose and/or
     effects of a given node's value, not replace the documentation for the
     given subsystem as a whole.

   System V IPC Options
     options SYSVMSG
     Includes support for AT&T System V UNIX style message queues.  See
     msgctl(2), msgget(2), msgrcv(2), msgsnd(2).

     options SYSVSEM
     Includes support for AT&T System V UNIX style semaphores.  See semctl(2),
     semget(2), semop(2).

     options SEMMNI=value
     Sets the number of AT&T System V UNIX style semaphore identifiers.  The
     GENERIC config file for your port will have the default.

     options SEMMNS=value
     Sets the number of AT&T System V UNIX style semaphores in the system.
     The GENERIC config file for your port will have the default.

     options SEMUME=value
     Sets the maximum number of undo entries per process for AT&T System V
     UNIX style semaphores.  The GENERIC config file for your port will have
     the default.

     options SEMMNU=value
     Sets the number of undo structures in the system for AT&T System V UNIX
     style semaphores.  The GENERIC config file for your port will have the

     options SYSVSHM
     Includes support for AT&T System V UNIX style shared memory.  See
     shmat(2), shmctl(2), shmdt(2), shmget(2).

     options SHMMAXPGS=value
     Sets the maximum number of AT&T System V UNIX style shared memory pages
     that are available through the shmget(2) system call.  Default value is
     1024 on most ports.  See /usr/include/machine/vmparam.h for the default.

   VM Related Options
     options NMBCLUSTERS=value
     The number of mbuf clusters the kernel supports.  Mbuf clusters are
     MCLBYTES in size (usually 2k).  The default value is calculated from the
     amount of physical memory.  Architectures without direct mapping also
     limit it based on the kmem_map size, which is used as backing store.
     Some archs limit the value with `NMBCLUSTERS_MAX'.  See
     /usr/include/machine/param.h for those archs.  This value can be accessed
     via the kern.mbuf.nmbclusters sysctl variable.  Increase this value if
     you get "mclpool limit reached" messages.

     options NMBCLUSTERS_MAX=value
     The upper limit of NMBCLUSTERS.

     options NKMEMPAGES=value

     options NKMEMPAGES_MIN=value

     options NKMEMPAGES_MAX=value
     Size of kernel VM map kmem_map, in PAGE_SIZE-sized chunks (the VM page
     size; this value may be read from the sysctl(8) variable hw.pagesize ).
     This VM map is used to map the kernel malloc arena.  The kernel attempts
     to auto-size this map based on the amount of physical memory in the
     system.  Platform-specific code may place bounds on this computed size,
     which may be viewed with the sysctl(8) variable vm.nkmempages.  See
     /usr/include/machine/param.h for the default upper and lower bounds.  The
     related options `NKMEMPAGES_MIN' and `NKMEMPAGES_MAX' allow the bounds to
     be overridden in the kernel configuration file.  These options are
     provided in the event the computed value is insufficient resulting in an
     "out of space in kmem_map" panic.

     options SB_MAX=value
     Sets the max size in bytes that a socket buffer is allowed to occupy.
     The default is 256k, but sometimes it needs to be increased, for example
     when using large TCP windows.  This option can be changed via sysctl(8)
     as well.

     options SOMAXKVA=value
     Sets the maximum size of kernel virtual memory that the socket buffers
     are allowed to use.  The default is 16MB, but in situations where for
     example large TCP windows are used this value must also be increased.
     This option can be changed via sysctl(8) as well.

     options BUFCACHE=value
     Size of the buffer cache as a percentage of total available RAM.  Ignored
     if BUFPAGES is also specified.

     options NBUF=value
     Sets the number of buffer headers available, i.e., the number of open
     files that may have a buffer cache entry.  Each buffer header requires
     MAXBSIZE (machine dependent, but usually 65536) bytes.  The default value
     is machine dependent, but is usually equal to the value of BUFPAGES.

     options BUFPAGES=value
     These options set the number of pages available for the buffer cache.
     Their default value is a machine dependent value, often calculated as
     between 5% and 10% of total available RAM.

     options MAXTSIZ=bytes
     Sets the maximum size limit of a process' text segment.  See
     /usr/include/machine/vmparam.h for the port-specific default.

     options DFLDSIZ=bytes
     Sets the default size limit of a process' data segment, the value that
     will be returned as the soft limit for RLIMIT_DATA (as returned by
     getrlimit(2)).  See /usr/include/machine/vmparam.h for the port-specific

     options MAXDSIZ=bytes
     Sets the maximum size limit of a process' data segment, the value that
     will be returned as the hard limit for RLIMIT_DATA (as returned by
     getrlimit(2)).  See /usr/include/machine/vmparam.h for the port-specific

     options DFLSSIZ=bytes
     Sets the default size limit of a process' stack segment, the value that
     will be returned as the soft limit for RLIMIT_STACK (as returned by
     getrlimit(2)).  See /usr/include/machine/vmparam.h for the port-specific

     options MAXSSIZ=bytes
     Sets the maximum size limit of a process' stack segment, the value that
     will be returned as the hard limit for RLIMIT_STACK (as returned by
     getrlimit(2)).  See /usr/include/machine/vmparam.h for the port-specific

     options DUMP_ON_PANIC=integer
     Defaults to one.  If set to zero, the kernel will not dump to the dump
     device when it panics, though dumps can still be forced via ddb(4) with
     the "sync" command.  Note that this sets the value of the
     kern.dump_on_panic sysctl(3) variable which may be changed at run time --
     see sysctl(8) for details.

     options VMSWAP
     Enable paging device/file support.  This option is on by default.

     Store swap in plaintext, not encrypted, which may expose secrets if the
     underlying nonvolatile medium is disclosed.  This option is off by
     default; it is available only for extremely slow machines where the
     performance impact of swapping early at boot outweighs the security
     risks.  Swap encryption can still be turned on dynamically with the
     vm.swap_encrypt sysctl(7) knob.

     Use CLOCK-Pro, an alternative page replace policy.

   Security Options
     options INSECURE
     Initializes the kernel security level with -1 instead of 0.  This means
     that the system always starts in secure level -1 mode, even when running
     multiuser, unless the securelevel variable is set to value > -1 in
     /etc/rc.conf.  In this case the kernel security level will be raised to
     that value when the /etc/rc.d/securelevel script is run during system
     startup.  See the manual page for init(8) for details on the implications
     of this.  The kernel secure level may manipulated by the superuser by
     altering the kern.securelevel sysctl(3) variable (the secure level may
     only be lowered by a call from process ID 1, i.e., init(8)).  See also
     secmodel_securelevel(9), sysctl(8) and sysctl(3).

     options VERIFIED_EXEC_FP_SHA256
     Enables support for SHA256 hashes in Veriexec.

     options VERIFIED_EXEC_FP_SHA384
     Enables support for SHA384 hashes in Veriexec.

     options VERIFIED_EXEC_FP_SHA512
     Enables support for SHA512 hashes in Veriexec.

     options PAX_MPROTECT=value
     Enables PaX MPROTECT, mprotect(2) restrictions from the PaX project.

     The value is the default value for the global knob, see sysctl(3).  If 0,
     PaX MPROTECT will be enabled only if explicitly set on programs using
     paxctl(8).  If 1, PaX MPROTECT will be enabled for all programs.
     Programs can be exempted using paxctl(8).

     See security(7) for more details.

     options PAX_SEGVGUARD=value
     Enables PaX Segvguard.  Requires options FILEASSOC.

     The value is the default value for the global knob, see sysctl(3).  If 0,
     PaX Segvguard will be enabled only if explicitly set on programs using
     paxctl(8).  If 1, PaX Segvguard will be enabled to all programs, and
     exemption can be done using paxctl(8).

     See security(7) for more details.

     options PAX_ASLR=value
     Enables PaX ASLR.

     The value is the default value for the global knob, see sysctl(3).  If 0,
     PaX ASLR will be enabled only if explicitly set on programs using
     paxctl(8).  If 1, PaX ASLR will be enabled to all programs, and exemption
     can be done using paxctl(8).

     See security(7) for more details.

     options USER_VA0_DISABLE_DEFAULT=value
     Sets the initial value of the flag which controls whether user programs
     can map virtual address 0.  The flag can be changed at runtime by

     options KASAN
     Enables Kernel Address Sanitizer.  NOTE: not available on all

     options KASLR
     Enables Kernel ASLR.  This randomizes the location of the kernel image in
     memory.  NOTE: not available on all architectures.

     options SVS
     Enables Separate Virtual Space.  On architectures that are designed to
     function with a shared address space, this option explicitly isolates the
     kernel and user spaces.  NOTE: not available on all architectures.

   amiga-specific Options
     options BB060STUPIDROM
     When the bootloader (which passes AmigaOS ROM information) claims we have
     a 68060 CPU without FPU, go look into the Processor Configuration
     Register (PCR) to find out.  You need this with Amiga ROMs up to (at
     least) V40.xxx (OS3.1), when you boot via the bootblocks and don't have a

     options IOBZCLOCK=frequency
     The IOBlix boards come with two different serial master clocks: older
     ones use 24 MHz, newer ones use 22.1184 MHz.  The driver normally assumes
     the latter.  If your board uses 24 MHz, you can recompile your kernel
     with options IOBZCLOCK=24000000 or patch the kernel variable iobzclock to
     the same value.

     options LIMITMEM=value
     If there, limit the part of the first memory bank used by NetBSD to value
     megabytes.  Default is unlimited.

     options P5PPC68KBOARD
     Add special support for Phase5 mixed 68k+PPC boards.  Currently, this
     only affects rebooting from NetBSD and is only needed on 68040+PPC, not
     on 68060+PPC; without this, affected machines will hang after NetBSD has
     shut down and will only restart after a keyboard reset or a power cycle.

   atari-specific Options
     options DISKLABEL_AHDI
     Include support for AHDI (native Atari) disklabels.

     options DISKLABEL_NBDA
     Include support for NetBSD/atari labels.  If you don't set this option,
     it will be set automatically.  NetBSD/atari will not work without it.

     options FALCON_SCSI
     Include support for the 5380-SCSI configuration as found on the Falcon.

     options RELOC_KERNEL
     If set, the kernel will relocate itself to TT-RAM, if possible.  This
     will give you a slightly faster system.  Beware that on some TT030
     systems, the system will frequently dump with MMU-faults with this option

     options SERCONSOLE
     Allow the modem1-port to act as the system-console.  A carrier should be
     active on modem1 during system boot to active the console functionality.

     options TT_SCSI
     Include support for the 5380-SCSI configuration as found on the TT030 and

   i386-specific Options
     options CPURESET_DELAY=value
     Specifies the time (in millisecond) to wait before doing a hardware reset
     in the last phase of a reboot.  This gives the user a chance to see error
     messages from the shutdown operations (like NFS unmounts, buffer cache
     flush, etc ...).  Setting this to 0 will disable the delay.  Default is 2

     options USER_LDT
     Include i386-specific system calls for modifying the local descriptor
     table, used by Windows emulators.

     options PAE
     Enable PAE (Physical Address Extension) mode.  PAE permits up to 36 bits
     physical addressing (64GB of physical memory), and turns physical
     addresses to 64 bits entities in the memory management subsystem.
     Userland virtual address space remains at 32 bits (4GB).  PAE mode is
     required to enable the NX/XD (No-eXecute/eXecute Disable) bit for pages,
     which allows marking certain ones as not being executable.  Any attempt
     to execute code from such a page will raise an exception.

     options REALBASEMEM=integer
     Overrides the base memory size passed in from the boot block.  (Value
     given in kilobytes.)  Use this option only if the boot block reports the
     size incorrectly.  (Note that some BIOSes put the extended BIOS data area
     at the top of base memory, and therefore report a smaller base memory
     size to prevent programs overwriting it.  This is correct behavior, and
     you should not use the REALBASEMEM option to access this memory).

     Enable GCC-specific Spectre variant 2 mitigations.  For 32-bit kernels
     this means these options:

           -mindirect-branch=thunk -mindirect-branch-register

     For 64-bit kernels this means these options:

           -mindirect-branch=thunk-inline -mindirect-branch-register

     options REALEXTMEM=integer
     Overrides the extended memory size passed in from the boot block.  (Value
     given in kilobytes.  Extended memory does not include the first
     megabyte.)  Use this option only if the boot block reports the size

     options CYRIX_CACHE_WORKS
     Relevant only to the Cyrix 486DLC CPU.  This option is used to turn on
     the cache in hold-flush mode.  It is not turned on by default because it
     is known to have problems in certain motherboard implementations.

     Relevant only to the Cyrix 486DLC CPU.  This option is used to turn on
     the cache in write-back mode.  It is not turned on by default because it
     is known to have problems in certain motherboard implementations.  In
     order for this option to take effect, option CYRIX_CACHE_WORKS must also
     be specified.

     options PCIBIOS
     Enable support for initializing the PCI bus using information from the
     BIOS.  See pcibios(4) for details.

     options MTRR
     Include support for accessing MTRR registers from user-space.  See

     options BEEP_ONHALT
     Make the system speaker emit several beeps when it is completely safe to
     power down the computer after a halt(8) command.  Requires sysbeep(4)

     options BEEP_ONHALT_COUNT=times
     Number of times to beep the speaker when options BEEP_ONHALT is enabled.
     Defaults to 3.

     options BEEP_ONHALT_PITCH=hz
     The tone frequency used when options BEEP_ONHALT option, in hertz.
     Defaults to 1500.

     options BEEP_ONHALT_PERIOD=msecs
     The duration of each beep when options BEEP_ONHALT is enabled, in
     milliseconds.  Defaults to 250.

     options MULTIBOOT
     Makes the kernel Multiboot-compliant, allowing it to be booted through a
     Multiboot-compliant boot manager such as GRUB.  See multiboot(8) for more

     options SPLASHSCREEN
     Display a splash screen during boot.

   isa-specific Options
     Options specific to isa(4) busses.

     Control the section of IO bus space used for PCMCIA bus space mapping.
     Ideally the probed defaults are satisfactory, however in practice that is
     not always the case.  See pcmcia(4) for details.

     options PCIC_ISA_INTR_ALLOC_MASK=mask
     Controls the allowable interrupts that may be used for PCMCIA devices.
     This mask is a logical-or of power-of-2s of allowable interrupts:

         IRQ Val      IRQ Val      IRQ Val       IRQ Val
          0  0x0001    4  0x0010    8  0x0100    12  0x1000
          1  0x0002    5  0x0020    9  0x0200    13  0x2000
          2  0x0004    6  0x0040   10  0x0400    14  0x4000
          3  0x0008    7  0x0080   11  0x0800    15  0x8000

     Perform a self test of the keyboard controller before attaching it as a
     console.  This might be necessary on machines where we boot on cold iron,
     and pckbc refuses to talk until we request a self test.  Currently only
     the netwinder port uses it.

     If this option is set the PS/2 keyboard will not be used as the console
     if it cannot be found during boot.  This allows other keyboards, like
     USB, to be the console keyboard.

     options PCKBD_LAYOUT=layout
     Sets the default keyboard layout, see pckbd(4).

   m68k-specific Options
     options FPU_EMULATE
     Include support for MC68881/MC68882 emulator.

     options FPSP
     Include support for 68040 floating point.

     options M68020,M68030,M68040,M68060
     Include support for a specific CPU, at least one (the one you are using)
     should be specified.

     options M060SP
     Include software support for 68060.  This provides emulation of
     unimplemented integer instructions as well as emulation of unimplemented
     floating point instructions and data types and software support for
     floating point traps.

   powerpc-specific Options (OEA Only)
     options PMAP_MEMLIMIT=value
     Limit the amount of memory seen by the kernel to value bytes.

     options PTEGCOUNT=value
     Specify the size of the page table as value PTE groups.  Normally, one
     PTEG is allocated per physical page frame.

   sparc-specific Options
     options AUDIO_DEBUG
     Enable simple event debugging of the logging of the audio(4) device.

     options BLINK
     Enable blinking of LED.  Blink rate is full cycle every N seconds for N <
     then current load average.  See getloadavg(3).

     Count how many times the sw SCSI device has left 3, 2, 1 and 0 in the
     sw_3_leftover, sw_2_leftover, sw_1_leftover, and sw_0_leftover variables
     accessible from ddb(4).  See sw(4).

     options DEBUG_ALIGN
     Adds debugging messages calls when user-requested alignment fault
     handling happens.

     options DEBUG_EMUL
     Adds debugging messages calls for emulated floating point and alignment
     fixing operations.

     options EXTREME_DEBUG
     Adds debugging functions callable from ddb(4).  The debug_pagetables,
     test_region and print_fe_map functions print information about page
     tables for the SUN4M platforms only.

     Adds extra info to options EXTREME_DEBUG.

     options FPU_CONTEXT
     Make options COMPAT_SVR4 getcontext and setcontext include floating point

     options MAGMA_DEBUG
     Adds debugging messages to the magma(4) device.

     Use the entire screen for the console.

     Use the Fixed font on the console, instead of the normal font.

     options SUN4
     Support sun4 class machines.

     options SUN4C
     Support sun4c class machines.

     options SUN4M
     Support sun4m class machines.

     options SUN4_MMU3L
     Enable support for sun4 3-level MMU machines.

     options V9
     Enable SPARC V9 assembler in ddb(4).

   sparc64-specific Options
     options AUDIO_DEBUG
     Enable simple event debugging of the logging of the audio(4) device.

     options BLINK
     Enable blinking of LED.  Blink rate is full cycle every N seconds for N <
     then current load average.  See getloadavg(3).

   x68k-specific Options
     options EXTENDED_MEMORY
     Include support for extended memory, e.g., TS-6BE16 and 060turbo on-

     options JUPITER
     Include support for Jupiter-X MPU accelerator

     options ZSCONSOLE,ZSCN_SPEED=value
     Use the built-in serial port as the system-console.  Speed is specified
     in bps, defaults to 9600.

     options ITE_KERNEL_ATTR=value
     Set the kernel message attribute for ITE.  Value, an integer, is a
     logical or of the following values:
           1     color inversed
           2     underlined
           4     bolded

   x86-specific Options
     options NO_PCI_MSI_MSIX
     Disable support for MSI/MSIX in the kernel.  See pci_msi(9) for details
     of MSI/MSIX support

     options NO_PREEMPTION
     Disables kpreempt(9) support in the kernel.

     config(1), gcc(1), gdb(1), ktrace(1), quota(1), vndcompress(1),
     gettimeofday(2), i386_get_mtrr(2), i386_iopl(2), msgctl(2), msgget(2),
     msgrcv(2), msgsnd(2), ntp_adjtime(2), ntp_gettime(2), reboot(2),
     semctl(2), semget(2), semop(2), shmat(2), shmctl(2), shmdt(2), shmget(2),
     sysctl(3), apm(4), ddb(4), inet(4), md(4), pcibios(4), pcmcia(4), ppp(4),
     userconf(4), vnd(4), wscons(4), config(5), edquota(8), init(8),
     mdsetimage(8), mount_cd9660(8), mount_fdesc(8), mount_kernfs(8),
     mount_lfs(8), mount_mfs(8), mount_msdos(8), mount_nfs(8), mount_ntfs(8),
     mount_null(8), mount_portal(8), mount_procfs(8), mount_udf(8),
     mount_umap(8), mount_union(8), mrouted(8), newfs_lfs(8), ntpd(8),
     quotaon(8), rpc.rquotad(8), sysctl(8), cnmagic(9), in_getifa(9),

     The options man page first appeared in NetBSD 1.3.

NetBSD 9.99                    November 16, 2021                   NetBSD 9.99