X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/0c530ab8987f0ae6a1a3d9284f40182b88852816..db6096698656d32db7df630594bd9617ee54f828:/bsd/conf/MASTER?ds=inline diff --git a/bsd/conf/MASTER b/bsd/conf/MASTER index 9ccacbf12..17c0acc52 100644 --- a/bsd/conf/MASTER +++ b/bsd/conf/MASTER @@ -46,11 +46,7 @@ # # EXPERIMENTAL CONFIGURATION OPTIONS (select any combination, carefully) # -# nbc = no buffer cache support -# simple = non-rollover clock support -# timing = precision timing support # host = host resource control support -# fixpri = fixed priority threads # # MULTI-PROCESSOR CONFIGURATION (select at most one) # @@ -65,8 +61,7 @@ # medium = medium scale system configuration # small = small scale system configuration # xsmall = extra small scale system configuration -# bsmall = special extra small scale system configuration for -# (e.g. for boot floppies) +# bsmall = special extra small scale system configuration # ####################################################################### # @@ -85,15 +80,17 @@ ident NeXT # obsolete timezone spec options TIMEZONE=0, PST=0 -options QUOTA # # -options INET +options QUOTA # # +options INET # # options ABSOLUTETIME_SCALAR_TYPE options NEW_VM_CODE # # options OLD_VM_CODE # # options HW_AST # Hardware ast support # options HW_FOOTPRINT # Cache footprint support # +options CONFIG_LCTX # Login Context + options MACH # Standard Mach features # -options MACH_ASSERT # Compile in assertions # +options MACH_ASSERT # Compile in assertions # options MACH_COMPAT # Vendor syscall compatibility # options MACH_COUNTERS # counters # options MACH_DEBUG # IPC debugging interface # @@ -104,9 +101,9 @@ options MACH_IPC_COMPAT # Enable old IPC interface # options MACH_IPC_DEBUG # Enable IPC debugging calls # options MACH_IPC_TEST # Testing code/printfs # options MACH_LDEBUG # Sanity-check simple locking # +options CONFIG_ZLEAKS # Live zone leak debug sysctls # options MACH_NP # Mach IPC support # options MACH_NBC # No buffer cache # -options REV_ENDIAN_FS # Reverse Endian FS # options MACH_NET # Fast network access # options MACH_XP # external pager support # options NORMA_IPC # NORMA IPC support # @@ -117,6 +114,8 @@ options NORMA_ETHER # NORMA across ethernet # options SIMPLE_CLOCK # don't assume fixed tick # options XPR_DEBUG # kernel tracing # options KDEBUG # kernel tracing # +options IST_KDEBUG # limited kernel tracing # +options NO_KDEBUG # no kernel tracing # options DDM_DEBUG # driverkit-style tracing # options MACH_OLD_VM_COPY # Old vm_copy technology # options NO_DIRECT_RPC # for untyped mig servers # @@ -126,63 +125,101 @@ options ISO # ISO stack # options LLC # 802.2 support # options LOOP # loopback support # options MROUTING # multicast routing # -options NS # Netware # -options PPP # PPP # options ROUTING # routing # -options TPIP # # -options TUN # # options VLAN # # options BOND # # -options NETMIBS # # -options IPDIVERT # Divert sockets (for NAT) # -options IPFIREWALL # IP Firewalling (used by NAT) # -#options IPFIREWALL_VERBOSE # # -options IPFIREWALL_FORWARD #Transparent proxy # -options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default # -#options IPFIREWALL_KEXT # Kernel extension # +options PF # Packet Filter # +options PF_ALTQ # PF ALTQ (Alternate Queueing) # +options PFLOG # PF log interface # +options PKTSCHED_CBQ # CBQ packet scheduler # +options PKTSCHED_HFSC # H-FSC packet scheduler # +options PKTSCHED_PRIQ # PRIQ packet scheduler # +options PKTSCHED_FAIRQ # FAIRQ packet scheduler # +options CLASSQ_BLUE # BLUE queueing algorithm # +options CLASSQ_RED # RED queueing algorithm # +options CLASSQ_RIO # RIO queueing algorithm # +options IPDIVERT # Divert sockets (for NAT) # +options IPFIREWALL # IP Firewalling (used by NAT) # +options IPFIREWALL_FORWARD #Transparent proxy # +options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default # options DUMMYNET # dummynet support # +options TRAFFIC_MGT # traffic management support # options IPFW2 # IP firewall (new version) # options MULTICAST # Internet Protocol Class-D $ options TCPDEBUG # TCP debug # options RANDOM_IP_ID # random (not sequential) ip ids # options TCP_DROP_SYNFIN # Drop TCP packets with SYN+FIN set # options ICMP_BANDLIM # ICMP bandwidth limiting sysctl -options AUDIT # Security event auditing # +options IFNET_INPUT_SANITY_CHK # allow dlil/ifnet input sanity check # +options SYSV_SEM # SVID semaphores # +options SYSV_MSG # SVID messages # +options SYSV_SHM # SVID shared mem # +options PSYNCH # pthread synch # +options DEVELOPMENT # dev kernel # + +# secure_kernel - secure kernel from user programs +options SECURE_KERNEL # +options OLD_SEMWAIT_SIGNAL # old semwait_signal handler # # 4.4 general kernel # -options COMPAT_43_TTY # 4.3 BSD tty compat # -options COMPAT_43_SOCKET # 4.3 BSD socket compat # +options SOCKETS # socket support # options DIAGNOSTIC # diagnostics # -options KTRACE # ktrace support # +options CONFIG_DTRACE # dtrace support # options GPROF # build profiling # +options SENDFILE # sendfile # +options NETWORKING # networking layer # +options CONFIG_FSE # file system events # +options CONFIG_IMAGEBOOT # local image boot # +options CONFIG_SOWUPCALL # SB_UPCALL on sowwakeup # +options CONFIG_MBUF_JUMBO # jumbo cluster pool # +options CONFIG_FORCE_OUT_IFP # Enable IP_FORCE_OUT_IFP # +options CONFIG_IFEF_NOWINDOWSCALE # Scale TCP window per driver # + +options CONFIG_WORKQUEUE # # # 4.4 filesystems # -options FFS # Fast Filesystem Support # -options HFS # HFS/HFS+ support # +options FFS # Fast Filesystem Support # +options HFS # HFS/HFS+ support # options FIFO # fifo support # -options UNION # union_fs support # options FDESC # fdesc_fs support # -options CD9660 # ISO 9660 CD-ROM support # -options VOLFS # volfs support # options DEVFS # devfs support # -options SYNTHFS # synthfs support # +options JOURNALING # journaling support # +options HFS_COMPRESSION # hfs compression # +options CONFIG_HFS_STD # hfs standard support # +options CONFIG_HFS_TRIM # hfs trims unused blocks # +options CONFIG_HFS_MOUNT_UNMAP #hfs trims blocks at mount # + + +# +# file system features +# +options QUOTA # file system quotas # +options REV_ENDIAN_FS # Reverse Endian FS # +options NAMEDSTREAMS # named stream vnop support # +options CONFIG_VOLFS # volfs path support (legacy) # +options CONFIG_IMGSRC_ACCESS # source of imageboot dmg # +options CONFIG_TRIGGERS # trigger vnodes # +options CONFIG_VFS_FUNNEL # thread unsafe vfs's # +options CONFIG_EXT_RESOLVER # e.g. memberd # +options CONFIG_SEARCHFS # searchfs syscall support # # # NFS support # -options NFSCLIENT # Be an NFS client # -options NFSSERVER # Be an NFS server # +options NFSCLIENT # Be an NFS client # +options NFSSERVER # Be an NFS server # # # AppleTalk Support # -options NETAT # AppleTalk support # +options NETAT # AppleTalk support # #options AURP_SUPPORT # AppleTalk Update Routing # + # # Machine Independent Apple Features # @@ -192,7 +229,7 @@ options DRIVERKIT # driverkit support # options KERNOBJC # Objective-C support # options OBJCTEST # Objc internal test # options KERNEL_STACK # MI kernel stack support # -profile # build a profiling kernel # +profile # build a profiling kernel # # # Point-to-Point Protocol support @@ -211,10 +248,15 @@ options "IPV6FIREWALL_DEFAULT_TO_ACCEPT" #IPv6 Firewall Feature # pseudo-device dummy 2 # -pseudo-device faith 1 # pseudo-device stf 1 # options crypto # +options ALLCRYPTO # +options randomipid # + +options ZLIB # inflate/deflate support # + +options IF_BRIDGE # makeoptions LIBDRIVER = "libDriver_kern.o" # makeoptions LIBOBJC = "libkobjc.o" # @@ -223,7 +265,7 @@ maxusers 64 # maxusers 50 # maxusers 32 # maxusers 16 # -maxusers 8 # +maxusers 8 # maxusers 2 # # @@ -235,22 +277,233 @@ pseudo-device cpus 16 # pseudo-device cpus 2 # pseudo-device cpus 1 # +# +# configurable kernel event related resources +# +options CONFIG_KN_HASHSIZE=64 # +options CONFIG_KN_HASHSIZE=48 # +options CONFIG_KN_HASHSIZE=20 # + +# +# configurable vfs related resources +# CONFIG_VNODES - used to pre allocate vnode related resources +# CONFIG_VNODE_FREE_MIN - mininmum number of free vnodes +# CONFIG_NC_HASH - name cache hash table allocation +# CONFIG_VFS_NAMES - name strings +# +# 263168 magic number for medium CONFIG_VNODES is based on memory +# Number vnodes is (memsize/64k) + 1024 +# This is the calculation that is used by launchd in tiger +# we are clipping the max based on 16G +# ie ((16*1024*1024*1024)/(64 *1024)) + 1024 = 263168; + +options CONFIG_VNODES=263168 # +options CONFIG_VNODES=263168 # +options CONFIG_VNODES=10240 # +options CONFIG_VNODES=750 # + +options CONFIG_VNODE_FREE_MIN=500 # +options CONFIG_VNODE_FREE_MIN=300 # +options CONFIG_VNODE_FREE_MIN=200 # +options CONFIG_VNODE_FREE_MIN=100 # +options CONFIG_VNODE_FREE_MIN=75 # + +options CONFIG_NC_HASH=5120 # +options CONFIG_NC_HASH=4096 # +options CONFIG_NC_HASH=2048 # +options CONFIG_NC_HASH=1024 # + +options CONFIG_VFS_NAMES=5120 # +options CONFIG_VFS_NAMES=4096 # +options CONFIG_VFS_NAMES=3072 # +options CONFIG_VFS_NAMES=2048 # + +options CONFIG_MAX_CLUSTERS=8 # +options CONFIG_MAX_CLUSTERS=4 # + +# +# configurable kauth credential related resources +# +options KAUTH_CRED_PRIMES_COUNT=7 # +options KAUTH_CRED_PRIMES_COUNT=3 # + +options KAUTH_CRED_PRIMES="{97, 241, 397, 743, 1499, 3989, 7499}" # +options KAUTH_CRED_PRIMES="{5, 17, 97}" # + +# +# configurable options for minumum number of buffers for kernel memory +# +options CONFIG_MIN_NBUF=256 # +options CONFIG_MIN_NBUF=128 # +options CONFIG_MIN_NBUF=80 # +options CONFIG_MIN_NBUF=64 # + +options CONFIG_MIN_NIOBUF=128 # +options CONFIG_MIN_NIOBUF=64 # +options CONFIG_MIN_NIOBUF=32 # + +# +# set maximum space used for packet buffers +# +options CONFIG_NMBCLUSTERS="((1024 * 1024) / MCLBYTES)" # +options CONFIG_NMBCLUSTERS="((1024 * 512) / MCLBYTES)" # +options CONFIG_NMBCLUSTERS="((1024 * 256) / MCLBYTES)" # + +# +# Configure size of TCP hash table +# +options CONFIG_TCBHASHSIZE=4096 # +options CONFIG_TCBHASHSIZE=128 # + +# +# Configure bandwidth limiting sysctl +# +options CONFIG_ICMP_BANDLIM=250 # +options CONFIG_ICMP_BANDLIM=50 # + +# +# configurable async IO options +# CONFIG_AIO_MAX - system wide limit of async IO requests. +# CONFIG_AIO_PROCESS_MAX - process limit of async IO requests. +# CONFIG_AIO_THREAD_COUNT - number of async IO worker threads created. +# +options CONFIG_AIO_MAX=360 # +options CONFIG_AIO_MAX=180 # +options CONFIG_AIO_MAX=90 # +options CONFIG_AIO_MAX=45 # +options CONFIG_AIO_MAX=20 # +options CONFIG_AIO_MAX=10 # + +options CONFIG_AIO_PROCESS_MAX=64 # +options CONFIG_AIO_PROCESS_MAX=32 # +options CONFIG_AIO_PROCESS_MAX=16 # +options CONFIG_AIO_PROCESS_MAX=12 # +options CONFIG_AIO_PROCESS_MAX=8 # +options CONFIG_AIO_PROCESS_MAX=4 # + +options CONFIG_AIO_THREAD_COUNT=16 # +options CONFIG_AIO_THREAD_COUNT=8 # +options CONFIG_AIO_THREAD_COUNT=4 # +options CONFIG_AIO_THREAD_COUNT=3 # +options CONFIG_AIO_THREAD_COUNT=2 # + +# +# configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in +# sync with osfmk/conf/MASTER until we fix the config system...) todo XXX +# +options CONFIG_THREAD_MAX=2560 # +options CONFIG_THREAD_MAX=1536 # +options CONFIG_THREAD_MAX=1024 # + +options CONFIG_MAXVIFS=32 # +options CONFIG_MAXVIFS=16 # +options CONFIG_MAXVIFS=2 # + +options CONFIG_MFCTBLSIZ=256 # +options CONFIG_MFCTBLSIZ=128 # +options CONFIG_MFCTBLSIZ=16 # + +# +# configurable kernel message buffer size +# +options CONFIG_MSG_BSIZE=4096 # +options CONFIG_MSG_BSIZE=16384 # + +# +# configurable kernel - use these options to strip strings from panic +# and printf calls. +# no_panic_str - saves around 50K of kernel footprint. +# no_printf_str - saves around 45K of kernel footprint. +# +options CONFIG_NO_PANIC_STRINGS # +options CONFIG_NO_PRINTF_STRINGS # +options CONFIG_NO_KPRINTF_STRINGS # + +# +# use finer-grained lock groups for the proc subsystem +# +options CONFIG_FINE_LOCK_GROUPS # + +# +# configurable kernel - general switch to say we are building for an +# embedded device +# +options CONFIG_EMBEDDED # + +# only execute signed code. Hang this off config_embedded since there's +# nothing more appropriate right now +# +options CONFIG_ENFORCE_SIGNED_CODE # + +# support dynamic signing of code +# +options CONFIG_DYNAMIC_CODE_SIGNING # + +# +# code decryption... used on embedded for app protection +# must be set in all the bsd/conf and osfmk/conf MASTER files +# +options CONFIG_CODE_DECRYPTION # + +# +# User Content Protection, used on embedded +# +options CONFIG_PROTECT # + +# +# enable per-process memory priority tracking +# +options CONFIG_MEMORYSTATUS # + +# +# enable jetsam - used on embedded +# +options CONFIG_JETSAM # + +# +# enable freezing of suspended processes - used on embedded +# +options CONFIG_FREEZE # + +options CHECK_CS_VALIDATION_BITMAP # + +# +# memory pressure event support +# must be set in both bsd/conf and osfmk/conf MASTER files +# +options VM_PRESSURE_EVENTS # + # # Ethernet (ARP) # -pseudo-device ether +pseudo-device ether # # # Network loopback device # -pseudo-device loop +pseudo-device loop # # # UCB pseudo terminal service # -pseudo-device pty 128 init pty_init +pseudo-device pty 512 init pty_init # +pseudo-device pty 256 init pty_init # +pseudo-device pty 128 init pty_init # +pseudo-device pty 48 init pty_init # +pseudo-device pty 16 init pty_init # +pseudo-device pty 8 init pty_init # +# +# Cloning pseudo terminal service +# +pseudo-device ptmx 1 init ptmx_init # # vnode device -pseudo-device vndevice 4 init vndevice_init +# +pseudo-device vndevice 16 init vndevice_init # +pseudo-device vndevice 8 init vndevice_init # +pseudo-device vndevice 4 init vndevice_init # +pseudo-device vndevice 3 init vndevice_init # +pseudo-device vndevice 2 init vndevice_init # +pseudo-device vndevice 2 init vndevice_init # # # memory device @@ -260,11 +513,11 @@ pseudo-device mdevdevice 1 init mdevinit # # packet filter device # -pseudo-device bpfilter 4 init bpf_init +pseudo-device bpfilter 4 init bpf_init # # # fsevents device -pseudo-device fsevents 1 init fsevents_init +pseudo-device fsevents 1 init fsevents_init # # # shim to "linux" mach disk drivers (mach drivers must also be turned on) @@ -273,4 +526,10 @@ pseudo-device fsevents 1 init fsevents_init #pseudo-device diskshim pseudo-device random 1 init random_init - +pseudo-device dtrace 1 init dtrace_init # +pseudo-device helper 1 init helper_init # +pseudo-device lockstat 1 init lockstat_init # +pseudo-device sdt 1 init sdt_init # +pseudo-device systrace 1 init systrace_init # +pseudo-device fbt 1 init fbt_init # +pseudo-device profile_prvd 1 init profile_init #