#
# EXPERIMENTAL CONFIGURATION OPTIONS (select any combination, carefully)
#
-# nbc = no buffer cache support
-# simple = non-rollover clock support
-# timing = precision timing support
# host = host resource control support
-# fixpri = fixed priority threads
#
# MULTI-PROCESSOR CONFIGURATION (select at most one)
#
# medium = medium scale system configuration
# small = small scale system configuration
# xsmall = extra small scale system configuration
-# bsmall = special extra small scale system configuration for
-# (e.g. for boot floppies)
+# bsmall = special extra small scale system configuration
#
#######################################################################
#
# obsolete timezone spec
options TIMEZONE=0, PST=0
-options QUOTA # # <quota>
-options INET
+options QUOTA # # <quota>
+options INET # # <inet>
options ABSOLUTETIME_SCALAR_TYPE
options NEW_VM_CODE # # <newvm>
options OLD_VM_CODE # # <!newvm>
options HW_AST # Hardware ast support # <hw_ast>
options HW_FOOTPRINT # Cache footprint support # <hw_foot>
+options CONFIG_LCTX # Login Context
+
options MACH # Standard Mach features # <mach>
-options MACH_ASSERT # Compile in assertions # <test>
+options MACH_ASSERT # Compile in assertions # <mach_assert>
options MACH_COMPAT # Vendor syscall compatibility # <mach>
options MACH_COUNTERS # counters # <count>
options MACH_DEBUG # IPC debugging interface # <mdebug>
options MACH_IPC_DEBUG # Enable IPC debugging calls # <ipc_debug>
options MACH_IPC_TEST # Testing code/printfs # <ipc_test>
options MACH_LDEBUG # Sanity-check simple locking # <test>
+options CONFIG_ZLEAKS # Live zone leak debug sysctls # <zleaks>
options MACH_NP # Mach IPC support # <np>
options MACH_NBC # No buffer cache # <nbc>
-options REV_ENDIAN_FS # Reverse Endian FS # <revfs>
options MACH_NET # Fast network access # <mach_net>
options MACH_XP # external pager support # <xp>
options NORMA_IPC # NORMA IPC support # <norma_ipc>
options NORMA_TASK # NORMA task support # <norma_task>
options NORMA_ETHER # NORMA across ethernet # <norma_ether>
options SIMPLE_CLOCK # don't assume fixed tick # <simple_clock>
-options STAT_TIME # Use statistical timing # <!timing>
options XPR_DEBUG # kernel tracing # <xpr_debug>
options KDEBUG # kernel tracing # <kdebug>
options DDM_DEBUG # driverkit-style tracing # <ddm_debug>
options LLC # 802.2 support # <llc>
options LOOP # loopback support # <loop>
options MROUTING # multicast routing # <mrouting>
-options NS # Netware # <ns>
-options PPP # PPP # <ppp>
options ROUTING # routing # <routing>
-options TPIP # # <tpip>
-options TUN # # <tun>
options VLAN # # <vlan>
-options IPDIVERT # Divert sockets (for NAT) # <ipdivert>
-options IPFIREWALL # IP Firewalling (used by NAT) # <ipfirewall>
-#options IPFIREWALL_VERBOSE # # <ipfirewall>
-options IPFIREWALL_FORWARD #Transparent proxy # <ipfirewall>
-options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default # <ipfirewall>
-options IPFIREWALL_KEXT # Kernel extension # <ipfirewall>
+options BOND # # <bond>
+options PF # Packet Filter # <pf>
+options PF_PKTHDR # PF tag inside mbuf pkthdr # <pf_pkthdr>
+options PFLOG # PF log interface # <pflog>
+options IPDIVERT # Divert sockets (for NAT) # <ipdivert>
+options IPFIREWALL # IP Firewalling (used by NAT) # <ipfirewall>
+options IPFIREWALL_FORWARD #Transparent proxy # <ipfirewall>
+options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default # <ipfirewall>
+options DUMMYNET # dummynet support # <dummynet>
+options TRAFFIC_MGT # traffic management support # <traffic_mgt>
+options IPFW2 # IP firewall (new version) # <ipfw2>
options MULTICAST # Internet Protocol Class-D $
options TCPDEBUG # TCP debug # <tcpdebug>
options RANDOM_IP_ID # random (not sequential) ip ids # <randomipid>
options TCP_DROP_SYNFIN # Drop TCP packets with SYN+FIN set # <tcpdrop_synfin>
options ICMP_BANDLIM # ICMP bandwidth limiting sysctl
+options IFNET_INPUT_SANITY_CHK # allow dlil/ifnet input sanity check # <ifnet_input_chk>
+options SYSV_SEM # SVID semaphores # <sysv_sem>
+options SYSV_MSG # SVID messages # <sysv_msg>
+options SYSV_SHM # SVID shared mem # <sysv_shm>
+options PSYNCH # pthread synch # <psynch>
+options PANIC_INFO # want kernel panic info # <panic_info>
+options DEVELOPMENT # dev kernel # <development>
+
+# secure_kernel - secure kernel from user programs
+options SECURE_KERNEL # <secure_kernel>
+options OLD_SEMWAIT_SIGNAL # old semwait_signal handler
#
# 4.4 general kernel
#
-options COMPAT_43 # 4.3 BSD compatibility # <compat_43>
+options SOCKETS # socket support # <inet, inet6, netat>
options DIAGNOSTIC # diagnostics # <diagnostic>
-options KTRACE # ktrace support # <ktrace>
+options CONFIG_DTRACE # dtrace support # <config_dtrace>
+options GPROF # build profiling # <profile>
+options SENDFILE # sendfile # <sendfile>
+options NETWORKING # networking layer # <inet, inet6, netat>
+options CONFIG_FSE # file system events # <config_fse>
+options CONFIG_IMAGEBOOT # local image boot # <config_imageboot>
+options CONFIG_SOWUPCALL # SB_UPCALL on sowwakeup # <config_sowupcall>
+options CONFIG_MBUF_JUMBO # jumbo cluster pool # <config_mbuf_jumbo>
+options CONFIG_FORCE_OUT_IFP # Enable IP_FORCE_OUT_IFP # <config_force_out_ifp>
+options CONFIG_IFEF_NOWINDOWSCALE # Scale TCP window per driver # <config_ifef_nowindowscale>
+
+options CONFIG_WORKQUEUE # <config_workqueue>
#
# 4.4 filesystems
#
-options FFS # Fast Filesystem Support # <ffs>
-options HFS # HFS/HFS+ support # <hfs>
+options FFS # Fast Filesystem Support # <ffs>
+options HFS # HFS/HFS+ support # <hfs>
options FIFO # fifo support # <fifo>
-options UNION # union_fs support # <union>
options FDESC # fdesc_fs support # <fdesc>
-options CD9660 # ISO 9660 CD-ROM support # <cd9660>
-options VOLFS # volfs support # <volfs>
options DEVFS # devfs support # <devfs>
-options SYNTHFS # synthfs support # <synthfs>
+options JOURNALING # journaling support # <journaling>
+options HFS_COMPRESSION # hfs compression # <hfs_compression>
+options CONFIG_HFS_TRIM # HFS trims unused blocks # <config_hfs_trim>
+
+#
+# file system features
+#
+options QUOTA # file system quotas # <quota>
+options REV_ENDIAN_FS # Reverse Endian FS # <revfs>
+options NAMEDSTREAMS # named stream vnop support # <namedstreams>
+options CONFIG_VOLFS # volfs path support (legacy) # <config_volfs>
+options CONFIG_IMGSRC_ACCESS # source of imageboot dmg # <config_imgsrc_access>
+options CONFIG_TRIGGERS # trigger vnodes # <config_triggers>
#
# NFS support
#
-options NFSCLIENT # Be an NFS client # <nfsserver>
-options NFSSERVER # Be an NFS server # <nfsclient>
+options NFSCLIENT # Be an NFS client # <nfsclient>
+options NFSSERVER # Be an NFS server # <nfsserver>
#
# AppleTalk Support
#
-options NETAT # AppleTalk support # <netat>
-options AURP_SUPPORT # AppleTalk Update Routing # <netat>
+options NETAT # AppleTalk support # <netat>
+#options AURP_SUPPORT # AppleTalk Update Routing # <netat>
+
#
# Machine Independent Apple Features
#
options KERNOBJC # Objective-C support # <kernobjc>
options OBJCTEST # Objc internal test # <objctest>
options KERNEL_STACK # MI kernel stack support # <kernstack>
-profile # build a profiling kernel # <profile>
+profile # build a profiling kernel # <profile>
#
# Point-to-Point Protocol support
options IPSEC # IP security # <ipsec>
options IPSEC_ESP # IP security # <ipsec>
options "IPV6FIREWALL" # IPv6 Firewall Feature # <ipv6firewall>
-options "IPV6FIREWALL_DEFAULT_TO_ACCEPT" #IPv6 Firewall Feature # <ipv6firewall>
-options "IPV6FIREWALL_VERBOSE" #IPv6 Firewall Feature # <ipv6firewall>
+options "IPV6FIREWALL_DEFAULT_TO_ACCEPT" #IPv6 Firewall Feature # <ipv6firewall>
+#options "IPV6FIREWALL_VERBOSE" #IPv6 Firewall Feature # <ipv6firewall>
pseudo-device gif 1 # <gif>
pseudo-device dummy 2 # <dummy>
pseudo-device stf 1 # <stf>
options crypto # <ipsec,crypto>
+options ALLCRYPTO # <xlarge,large,medium>
+options randomipid # <inet,randomipid>
+
+options ZLIB # inflate/deflate support # <zlib>
+
+options IF_BRIDGE # <if_bridge>
makeoptions LIBDRIVER = "libDriver_kern.o" # <libdriver>
makeoptions LIBOBJC = "libkobjc.o" # <kernobjc>
maxusers 50 # <large>
maxusers 32 # <medium>
maxusers 16 # <small>
-maxusers 8 # <xsmall,msmall>
+maxusers 8 # <xsmall>
maxusers 2 # <bsmall>
#
pseudo-device cpus 2 # <multi2>
pseudo-device cpus 1 # <!multi64,multi32,multi16,multi2>
+#
+# configurable kernel event related resources
+#
+options CONFIG_KN_HASHSIZE=64 # <medium,large,xlarge>
+options CONFIG_KN_HASHSIZE=48 # <small,xsmall>
+options CONFIG_KN_HASHSIZE=20 # <bsmall>
+
+#
+# configurable vfs related resources
+# CONFIG_VNODES - used to pre allocate vnode related resources
+# CONFIG_VNODE_FREE_MIN - mininmum number of free vnodes
+# CONFIG_NC_HASH - name cache hash table allocation
+# CONFIG_VFS_NAMES - name strings
+#
+# 263168 magic number for medium CONFIG_VNODES is based on memory
+# Number vnodes is (memsize/64k) + 1024
+# This is the calculation that is used by launchd in tiger
+# we are clipping the max based on 16G
+# ie ((16*1024*1024*1024)/(64 *1024)) + 1024 = 263168;
+
+options CONFIG_VNODES=263168 # <large,xlarge>
+options CONFIG_VNODES=263168 # <medium>
+options CONFIG_VNODES=10240 # <small>
+options CONFIG_VNODES=750 # <bsmall>
+
+options CONFIG_VNODE_FREE_MIN=500 # <large,xlarge>
+options CONFIG_VNODE_FREE_MIN=300 # <medium>
+options CONFIG_VNODE_FREE_MIN=200 # <small>
+options CONFIG_VNODE_FREE_MIN=100 # <xsmall>
+options CONFIG_VNODE_FREE_MIN=75 # <bsmall>
+
+options CONFIG_NC_HASH=5120 # <large,xlarge>
+options CONFIG_NC_HASH=4096 # <medium>
+options CONFIG_NC_HASH=2048 # <small,xsmall>
+options CONFIG_NC_HASH=1024 # <bsmall>
+
+options CONFIG_VFS_NAMES=5120 # <large,xlarge>
+options CONFIG_VFS_NAMES=4096 # <medium>
+options CONFIG_VFS_NAMES=3072 # <small,xsmall>
+options CONFIG_VFS_NAMES=2048 # <bsmall>
+
+options CONFIG_MAX_CLUSTERS=8 # <xlarge,large,medium>
+options CONFIG_MAX_CLUSTERS=4 # <small,xsmall,bsmall>
+
+#
+# configurable kauth credential related resources
+#
+options KAUTH_CRED_PRIMES_COUNT=7 # <medium,large,xlarge>
+options KAUTH_CRED_PRIMES_COUNT=3 # <bsmall,xsmall,small>
+
+options KAUTH_CRED_PRIMES="{97, 241, 397, 743, 1499, 3989, 7499}" # <medium,large,xlarge>
+options KAUTH_CRED_PRIMES="{5, 17, 97}" # <bsmall,xsmall,small>
+
+#
+# configurable options for minumum number of buffers for kernel memory
+#
+options CONFIG_MIN_NBUF=256 # <medium,large,xlarge>
+options CONFIG_MIN_NBUF=128 # <small>
+options CONFIG_MIN_NBUF=80 # <xsmall>
+options CONFIG_MIN_NBUF=64 # <bsmall>
+
+options CONFIG_MIN_NIOBUF=128 # <medium,large,xlarge>
+options CONFIG_MIN_NIOBUF=64 # <xsmall,small>
+options CONFIG_MIN_NIOBUF=32 # <bsmall>
+
+#
+# set maximum space used for packet buffers
+#
+options CONFIG_NMBCLUSTERS="((1024 * 1024) / MCLBYTES)" # <large,xlarge>
+options CONFIG_NMBCLUSTERS="((1024 * 512) / MCLBYTES)" # <medium>
+options CONFIG_NMBCLUSTERS="((1024 * 256) / MCLBYTES)" # <bsmall,xsmall,small>
+
+#
+# set maximum space used for packet buffers
+#
+options CONFIG_USESOCKTHRESHOLD=1 # <large,xlarge,medium>
+options CONFIG_USESOCKTHRESHOLD=0 # <bsmall,xsmall,small>
+
+#
+# Configure size of TCP hash table
+#
+options CONFIG_TCBHASHSIZE=4096 # <medium,large,xlarge>
+options CONFIG_TCBHASHSIZE=128 # <xsmall,small,bsmall>
+
+#
+# configurable async IO options
+# CONFIG_AIO_MAX - system wide limit of async IO requests.
+# CONFIG_AIO_PROCESS_MAX - process limit of async IO requests.
+# CONFIG_AIO_THREAD_COUNT - number of async IO worker threads created.
+#
+options CONFIG_AIO_MAX=360 # <xlarge>
+options CONFIG_AIO_MAX=180 # <large>
+options CONFIG_AIO_MAX=90 # <medium>
+options CONFIG_AIO_MAX=45 # <small>
+options CONFIG_AIO_MAX=20 # <xsmall>
+options CONFIG_AIO_MAX=10 # <bsmall>
+
+options CONFIG_AIO_PROCESS_MAX=64 # <xlarge>
+options CONFIG_AIO_PROCESS_MAX=32 # <large>
+options CONFIG_AIO_PROCESS_MAX=16 # <medium>
+options CONFIG_AIO_PROCESS_MAX=12 # <small>
+options CONFIG_AIO_PROCESS_MAX=8 # <xsmall>
+options CONFIG_AIO_PROCESS_MAX=4 # <bsmall>
+
+options CONFIG_AIO_THREAD_COUNT=16 # <xlarge>
+options CONFIG_AIO_THREAD_COUNT=8 # <large>
+options CONFIG_AIO_THREAD_COUNT=4 # <medium>
+options CONFIG_AIO_THREAD_COUNT=3 # <small>
+options CONFIG_AIO_THREAD_COUNT=2 # <xsmall,bsmall>
+
+#
+# configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in
+# sync with osfmk/conf/MASTER until we fix the config system...) todo XXX
+#
+options CONFIG_THREAD_MAX=2560 # <medium,large,xlarge>
+options CONFIG_THREAD_MAX=1536 # <small,xsmall>
+options CONFIG_THREAD_MAX=1024 # <bsmall>
+
+options CONFIG_MAXVIFS=32 # <medium,large,xlarge>
+options CONFIG_MAXVIFS=16 # <small,xsmall>
+options CONFIG_MAXVIFS=2 # <bsmall>
+
+options CONFIG_MFCTBLSIZ=256 # <medium,large,xlarge>
+options CONFIG_MFCTBLSIZ=128 # <small,xsmall>
+options CONFIG_MFCTBLSIZ=16 # <bsmall>
+
+#
+# configurable kernel message buffer size
+#
+options CONFIG_MSG_BSIZE=4096 # <bsmall,small,xsmall>
+options CONFIG_MSG_BSIZE=16384 # <medium,large,xlarge>
+
+#
+# configurable kernel - use these options to strip strings from panic
+# and printf calls.
+# no_panic_str - saves around 50K of kernel footprint.
+# no_printf_str - saves around 45K of kernel footprint.
+#
+options CONFIG_NO_PANIC_STRINGS # <no_panic_str>
+options CONFIG_NO_PRINTF_STRINGS # <no_printf_str>
+options CONFIG_NO_KPRINTF_STRINGS # <no_kprintf_str>
+
+#
+# use finer-grained lock groups for the proc subsystem
+#
+options CONFIG_FINE_LOCK_GROUPS # <medium,large,xlarge>
+
+#
+# configurable kernel - general switch to say we are building for an
+# embedded device
+#
+options CONFIG_EMBEDDED # <config_embedded>
+
+# only execute signed code. Hang this off config_embedded since there's
+# nothing more appropriate right now
+#
+options CONFIG_ENFORCE_SIGNED_CODE # <config_embedded>
+
+# support dynamic signing of code
+#
+options CONFIG_DYNAMIC_CODE_SIGNING # <dynamic_codesigning>
+
+#
+# code decryption... used on embedded for app protection
+# must be set in all the bsd/conf and osfmk/conf MASTER files
+#
+options CONFIG_CODE_DECRYPTION # <config_embedded>
+
+#
+# User Content Protection, used on embedded
+#
+
+options CONFIG_PROTECT # <config_protect>
+
+#
+# freeze - support app hibernation, used on embedded
+# CONFIG_FREEZE_SUSPENDED_MIN is the minimum number of suspended
+# processes to be left unhibernated
+#
+options CONFIG_FREEZE # <freeze>
+
+options CHECK_CS_VALIDATION_BITMAP # <config_cs_validation_bitmap>
+
#
# Ethernet (ARP)
#
-pseudo-device ether
+pseudo-device ether # <networking,inet,inet6,netat>
#
# Network loopback device
#
-pseudo-device loop
+pseudo-device loop # <networking,inet,inet6,netat>
#
# UCB pseudo terminal service
#
-pseudo-device pty 128 init pty_init
+pseudo-device pty 512 init pty_init # <xlarge>
+pseudo-device pty 256 init pty_init # <large>
+pseudo-device pty 128 init pty_init # <medium>
+pseudo-device pty 48 init pty_init # <small>
+pseudo-device pty 16 init pty_init # <xsmall>
+pseudo-device pty 8 init pty_init # <bsmall>
+#
+# Cloning pseudo terminal service
+#
+pseudo-device ptmx 1 init ptmx_init
#
# vnode device
-pseudo-device vndevice 4 init vndevice_init
+#
+pseudo-device vndevice 16 init vndevice_init # <xlarge>
+pseudo-device vndevice 8 init vndevice_init # <large>
+pseudo-device vndevice 4 init vndevice_init # <medium>
+pseudo-device vndevice 3 init vndevice_init # <small>
+pseudo-device vndevice 2 init vndevice_init # <xsmall>
+pseudo-device vndevice 2 init vndevice_init # <bsmall>
+
+#
+# memory device
+pseudo-device mdevdevice 1 init mdevinit
#
#
# packet filter device
#
-pseudo-device bpfilter 4 init bpf_init
+pseudo-device bpfilter 4 init bpf_init # <networking,inet,inet6,netat>
+
+#
+# fsevents device
+pseudo-device fsevents 1 init fsevents_init # <config_fse>
#
# shim to "linux" mach disk drivers (mach drivers must also be turned on)
#pseudo-device diskshim
pseudo-device random 1 init random_init
+pseudo-device dtrace 1 init dtrace_init # <config_dtrace>
+pseudo-device helper 1 init helper_init # <config_dtrace>
+pseudo-device lockstat 1 init lockstat_init # <config_dtrace>
+pseudo-device sdt 1 init sdt_init # <config_dtrace>
+pseudo-device systrace 1 init systrace_init # <config_dtrace>
+pseudo-device fbt 1 init fbt_init # <config_dtrace>
+pseudo-device profile_prvd 1 init profile_init # <config_dtrace>