A walk through the kernel configuration

Before we dive into configuring various aspects of network setup, we want to walk through the necessary bits that have to or can be present in the kernel. See Chapter 9 for more details on compiling the kernel, we will concentrate on the configuration of the kernel here. We will take the i386/GENERIC config file as an example here. Config files for other platforms should contain similar information, the comments in the config files give additional hints. Besides the information given here, each kernel option is also documented in the options(4) manpage, and there is usually a manpage for each driver too, e.g. tlp(4).

# $NetBSD: GENERIC,v 1.354.2.15 2001/05/06 15:18:54 he Exp $

The first line of each config file shows the version, which is 1.354.2.15 here. It can be used to compare against other versions via CVS, or when reporting bugs.

options NTP # NTP phase/frequency locked loop

If you want to run the Network Time Protocol (NTP), this option can be enabled for maximum precision.

If the option is not present, NTP will still work. See ntpd(8) for more information.

file-system NFS # Network File System client

If you want to use another machine’s harddisk via the Network File System (NFS), this option is needed.

Section 11.3.3 gives more information on NFS.

options NFSSERVER # Network File System server

This option includes the server side of the NFS remote file sharing protocol. Enable if you want to allow other machines to use your harddisk. Section 11.3.3 contains more information on NFS.

#options GATEWAY # packet forwarding

Chapter 11 Networking If you want to setup a router that forwards packets between networks or network interfaces, setting this option is needed. If doesn’t only switch on packet forwarding, but also increases some buffers. See options(4) for details.

options INET # IP + ICMP + TCP + UDP

This enables the TCP/IP code in the kernel. Even if you don’t want/use networking, you will still need this for machine-internal communication of subsystems like the X Window System. See inet(4) for more details.

options INET6 # IPV6

If you want to use IPv6, this is your option. If you don’t want IPv6, which is part of NetBSD since the 1.5 release, you can remove/comment out that option. See the inet6(4) manpage and Section 11.1.7 for more information on the next generation Internet protocol.

#options IPSEC # IP security

Includes support for the IPsec protocol, including key and policy management, authentication and compression. This option can be used without the previous option INET6, if you just want to use IPsec with IPv4, which is possible. See ipsec(4) for more information.

#options IPSEC_ESP # IP security (encryption part; define w/IPSEC) This option is needed in addition to IPSEC if encryption is wanted in IPsec.

#options MROUTING # IP multicast routing

If multicast services like the MBone services should be routed, this option needs to be included. Note that the routing itself is controlled by the mrouted(8) daemon.

options NS # XNS

#options NSIP # XNS tunneling over IP

These options enables the Xerox Network Systems(TM) protocol family. It’s not related to the TCP/IP protocol stack, and in rare use today. The ns(4) manpage has some details.

options ISO,TPIP # OSI

#options EON # OSI tunneling over IP

These options include the OSI protocol stack, that was said for a long time to be the future of networking. It’s mostly history these days. :-) See the iso(4) manpage for more information.

options CCITT,LLC,HDLC # X.25

These options enable the X.25 protocol set for transmission of data over serial lines. It is/was used mostly in conjunction with the OSI protocols and in WAN networking.

options NETATALK # AppleTalk networking protocols

Include support for the AppleTalk protocol stack. Userland server programs are needed to make use of that. See pkgsrc/net/netatalk and pkgsrc/net/netatalk-asun for such packages. More information on the AppleTalk protocol and protocol stack are available in the atalk(4) manpage.

Chapter 11 Networking options PPP_BSDCOMP # BSD-Compress compression support for PPP options PPP_DEFLATE # Deflate compression support for PPP

options PPP_FILTER # Active filter support for PPP (requires bpf) These options tune various aspects of the Point-to-Point protocol. The first two determine the

compression algorithms used and available, while the third one enables code to filter some packets.

options PFIL_HOOKS # pfil(9) packet filter hooks options IPFILTER_LOG # ipmon(8) log support

These options enable firewalling in NetBSD, using IPfilter. See the ipf(4) and ipf(8) manpages for more information on operation of IPfilter, and Section 11.3.1.1 for a configuration example.

# Compatibility with 4.2BSD implementation of TCP/IP. Not recommended.

#options TCP_COMPAT_42

This option is only needed if you have machines on the network that still run 4.2BSD or a network stack derived from it. If you’ve got one or more 4.2BSD-systems on your network, you’ve to pay attention to set the right broadcast-address, as 4.2BSD has a bug in its networking code, concerning the broadcast address. This bug forces you to set all host-bits in the broadcast-address to “0”. The TCP_COMPAT_42 option helps you ensuring this.

options NFS_BOOT_DHCP,NFS_BOOT_BOOTPARAM

These options enable lookup of data via DHCP or the BOOTPARAM protocol if the kernel is told to use a NFS root file system. See the diskless(8) manpage for more information.

# Kernel root file system and dump configuration.

config netbsd root on ? type ?

#config netbsd root on sd0a type ffs

#config netbsd root on ? type nfs

These lines tell where the kernel looks for it’s root file system, and which filesystem type it is expected to have. If you want to make a kernel that uses a NFS root filesystem via the tlp0 interface, you can do this with “root on tlp0 type nfs”. If a?is used instead of a device/type, the kernel tries to figure one out on it’s own.

# ISA serial interfaces

com0 at isa? port 0x3f8 irq 4 # Standard PC serial ports com1 at isa? port 0x2f8 irq 3

com2 at isa? port 0x3e8 irq 5

If you want to use PPP or SLIP, you will need some serial (com) interfaces. Others with attachment on USB, PCMCIA or PUC will do as well.

# Network Interfaces

This rather long list contains all sort of network drivers. Please pick the one that matches your hardware, according to the comments. For most drivers, there’s also a manual page available, e.g. tlp(4), ne(4), etc.

# MII/PHY support

Chapter 11 Networking This section lists media independent interfaces for network cards. Pick one that matches your hardware.

If in doubt, enable them all and see what the kernel picks. See the mii(4) manpage for more information.

# USB Ethernet adapters

aue* at uhub? port ? # ADMtek AN986 Pegasus based adapters cue* at uhub? port ? # CATC USB-EL1201A based adapters

kue* at uhub? port ? # Kawasaki LSI KL5KUSB101B based adapters USB-ethernet adapters only have about 2MBit/s bandwidth, but they are very convenient to use. Of course this needs other USB related options which we won’t cover here, as well as the necessary hardware. See the corresponding manpages for more information.

# network pseudo-devices

pseudo-device bpfilter 8 # Berkeley packet filter

This pseudo-device allows sniffing packets of all sorts. It’s needed for tcpdump, but also rarpd and some other applications that need to know about network traffic. See bpf(4) for more information.

pseudo-device ipfilter # IP filter (firewall) and NAT This one enables the IPfilter’s packet filtering kernel interface used for firewalling, NAT (IP Masquerading) etc. See ipf(4) and Section 11.3.1.1 for more information.

pseudo-device loop # network loopback

This is the “lo0” software loopback network device which is used by some programs these days, as well as for routing things. Should not be omitted. See lo(4) for more details.

pseudo-device ppp 2 # Point-to-Point Protocol

If you want to use PPP either over a serial interface or ethernet (PPPoE), you will need this option. See ppp(4) for details on this interface.

pseudo-device sl 2 # Serial Line IP

Serial Line IP is a simple encapsulation for IP over (well :) serial lines. It does not include negotiation of IP addresses and other options, which is the reason that it’s not in widespread use today any more. See sl(4).

pseudo-device strip 2 # Starmode Radio IP (Metricom) If you happen to have one of the old Metricon Ricochet packet radio wireless network devices, use this pseudo-device to use it. See the strip(4) manpage for detailed information.

pseudo-device tun 2 # network tunneling over tty

This network device can be used to tunnel network packets to a device file,/dev/tun*. Packets routed to the tun0 interface can be read from/dev/tun0, and data written to/dev/tun0will be sent out the tun0 network interface. This can be used to implement e.g. QoS routing in userland. See tun(4) for details.

pseudo-device gre 2 # generic L3 over IP tunnel

Chapter 11 Networking The GRE encapsulation can be used to tunnel arbitrary layer 3 packets over IP, e.g. to implement VPNs.

See gre(4) for more.

pseudo-device ipip 2 # IP Encapsulation within IP (RFC 2003) Another IP-in-IP encapsulation device, with a different encapsulation format. See the ipip(4) manpage for details.

pseudo-device gif 4 # IPv[46] over IPv[46] tunnel (RFC 1933) Using the GIF interface allows to tunnel e.g. IPv6 over IPv4, which can be used to get IPv6 connectivity if no IPv6-capable uplink (ISP) is available. Other mixes of operations are possible, too. See the gif(4) manpage for some examples.

#pseudo-device faith 1 # IPv[46] tcp relay translation i/f The faith interface captures IPv6 TCP traffic, for implementing userland IPv6-to-IPv4 TCP relays e.g.

for protocol transitions. See the faith(4) manpage for more details on this device.

#pseudo-device stf 1 # 6to4 IPv6 over IPv4 encapsulation This add a network device that can be used to tunnel IPv6 over IPv4 without setting up a configured tunnel before. The source address of outgoing packets contains the IPv4 address, which allows routing replies back via IPv4. See the stf(4) manpage and Section 11.3.5 for more details.

pseudo-device vlan # IEEE 802.1q encapsulation

This interface provides support for IEEE 802.1Q Virtual LANs, which allows tagging Ethernet frames with a “vlan” ID. Using properly configured switches (that also have to support VLAN, of course), this can be used to build virtual LANs where one set of machines doesn’t see traffic from the other (broadcast and other). The vlan(4) manpage tells more about this.