X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/e2fac8b15b12a7979f72090454d850e612fc5b13..b0d623f7f2ae71ed96e60569f61f9a9a27016e80:/bsd/conf/MASTER diff --git a/bsd/conf/MASTER b/bsd/conf/MASTER index 9459048eb..ec9ff0940 100644 --- a/bsd/conf/MASTER +++ b/bsd/conf/MASTER @@ -126,7 +126,11 @@ options ROUTING # routing # options NETMIBS # # options VLAN # # options BOND # # +options PF # Packet Filter # +options PF_PKTHDR # PF tag inside mbuf pkthdr # +options PFLOG # PF log interface # options IPDIVERT # Divert sockets (for NAT) # +options IPFLOW # IP fast forwarding # options IPFIREWALL # IP Firewalling (used by NAT) # options IPFIREWALL_FORWARD #Transparent proxy # options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default # @@ -139,21 +143,22 @@ options RANDOM_IP_ID # random (not sequential) ip ids # options TCP_DROP_SYNFIN # Drop TCP packets with SYN+FIN set # options ICMP_BANDLIM # ICMP bandwidth limiting sysctl options IFNET_INPUT_SANITY_CHK # allow dlil/ifnet input sanity check # -options AUDIT # Security event auditing # options SYSV_SEM # SVID semaphores # options SYSV_MSG # SVID messages # options SYSV_SHM # SVID shared mem # +options PSYNCH # pthread synch # options PANIC_INFO # want kernel panic info # options DEVELOPMENT # dev kernel # # secure_kernel - secure kernel from user programs options SECURE_KERNEL # +options OLD_SEMWAIT_SIGNAL # old semwait_signal handler + # # 4.4 general kernel # options SOCKETS # socket support # -options COMPAT_43_TTY # 4.3 BSD tty compat # options DIAGNOSTIC # diagnostics # options CONFIG_DTRACE # dtrace support # options GPROF # build profiling # @@ -162,14 +167,15 @@ options NETWORKING # networking layer # options CONFIG_FSE # file system events # options CONFIG_IMAGEBOOT # local image boot # options CONFIG_SOWUPCALL # SB_UPCALL on sowwakeup # -options CONFIG_FORCE_OUT_IFP # Force IP output to use an interface # options CONFIG_MBUF_NOEXPAND # limit mbuf expansion # options CONFIG_MBUF_JUMBO # jumbo cluster pool # -options CONFIG_SCOPEDROUTING # scoped routing on by default # -options CONFIG_IP_EDGEHOLE # Drop tagged packets at EDGE interface # +options CONFIG_MBUF_TAGS_MALLOC # use malloc for tags # +options CONFIG_FORCE_OUT_IFP # Enable IP_FORCE_OUT_IFP # +options CONFIG_IFEF_NOWINDOWSCALE # Scale TCP window per driver # options CONFIG_WORKQUEUE # + # # 4.4 filesystems # @@ -178,9 +184,9 @@ options HFS # HFS/HFS+ support # options FIFO # fifo support # options UNION # union_fs support # options FDESC # fdesc_fs support # -options CD9660 # ISO 9660 CD-ROM support # options DEVFS # devfs support # options JOURNALING # journaling support # +options HFS_COMPRESSION # hfs compression # # # file system features @@ -282,7 +288,7 @@ options CONFIG_VNODES=263168 # options CONFIG_VNODES=263168 # options CONFIG_VNODES=10240 # options CONFIG_VNODES=1024 # -options CONFIG_VNODES=640 # +options CONFIG_VNODES=750 # options CONFIG_VNODE_FREE_MIN=500 # options CONFIG_VNODE_FREE_MIN=300 # @@ -328,10 +334,11 @@ options CONFIG_NMBCLUSTERS="((1024 * 1024) / MCLBYTES)" # options CONFIG_NMBCLUSTERS="((1024 * 512) / MCLBYTES)" # options CONFIG_NMBCLUSTERS="((1024 * 256) / MCLBYTES)" # +# # set maximum space used for packet buffers # -options CONFIG_USESOCKTHRESHOLD=1 # -options CONFIG_USESOCKTHRESHOLD=0 # +options CONFIG_USESOCKTHRESHOLD=1 # +options CONFIG_USESOCKTHRESHOLD=0 # # # Configure size of TCP hash table @@ -397,6 +404,11 @@ options CONFIG_NO_KPRINTF_STRINGS # # options CONFIG_EMBEDDED # +# only execute signed code. Hang this off config_embedded since there's +# nothing more appropriate right now +# +options CONFIG_ENFORCE_SIGNED_CODE # + # # code decryption... used on embedded for app protection # must be set in all the bsd/conf and osfmk/conf MASTER files