# stupid question about kernel



## sancho (Jul 22, 2011)

Hi guys

Why do we still need to rebuild FreeBSD kernel to add/disable some functionality?
Why not use minimal standard kernel and the rest functionality such as hardware drivers, options etc built into kernel modules.
I'd like to not rebuild kernel, like in Solaris OS.

Sorry for my bad english.


----------



## SirDice (Jul 22, 2011)

sancho said:
			
		

> Why do we still need to rebuild FreeBSD kernel to add/disable some functionality?


That's a direct effect of having a monolithic kernel



> I'd like to not rebuild kernel, like in Solaris OS.


You don't have too. The GENERIC kernel works fine for most people. Additional hardware drivers can be loaded as modules.


----------



## Bunyan (Jul 22, 2011)

This is my config built from scratch

```
cpu		I686_CPU		# aka Pentium 4
ident	 	FREEBSD	
makeoptions     NO_MODULES=yes
#options 	INCLUDE_CONFIG_FILE     # Include this file in kernel 
options 	GEOM_BDE		# Disk encryption.
options 	GEOM_ELI		# Disk encryption.
options 	GEOM_LABEL		# Providers labelization.
options 	GEOM_UZIP		# Read-only compressed disks
options 	GEOM_VOL		# Volume names from UFS superblock
# Scheduler options:
options 	SCHED_ULE               # ULE scheduler
options 	PREEMPTION              # Enable kernel thread preemption
# COMPATIBILITY OPTIONS
options 	COMPAT_43
options 	COMPAT_43TTY		# BSD 4.3 TTY compat (sgtty)
options 	COMPAT_FREEBSD4		# Compatible with FreeBSD4
options 	COMPAT_FREEBSD5		# Compatible with FreeBSD5
options 	COMPAT_FREEBSD6		# Compatible with FreeBSD6
options 	COMPAT_FREEBSD7		# Compatible with FreeBSD7
options 	SYSVSHM			# SYSV-style shared memory
options 	SYSVMSG			# SYSV-style message queues
options 	SYSVSEM			# SYSV-style semaphores
options 	P1003_1B_SEMAPHORES	# POSIX-style semaphores
#####################################################################
# NETWORKING OPTIONS
options 	INET			#Internet communications protocols
options 	IPSEC			#IP security (requires device crypto)
# Network interfaces:
#  The `loop' device is MANDATORY when networking is enabled.
device		loop
#  The `ether' device provides generic code to handle
#  Ethernets; it is MANDATORY when an Ethernet device driver is
#  configured or token-ring is enabled.
device		ether
#  The `bpf' device enables the Berkeley Packet Filter.  Be
#  aware of the legal and administrative consequences of enabling this
#  option.  The number of devices determines the maximum number of
#  simultaneous BPF clients programs runnable.  DHCP requires bpf.
device		bpf
#device		if_bridge
# Link aggregation interface:
#device		lagg
# The pf packet filter consists of three devices:
#  The `pf' device prodevice		soundvides /dev/pf and the firewall code itself.
#  The `pflog' device provides the pflog0 interface which logs packets.
#  The `pfsync' device provides the pfsync0 interface used for
#   synchronization of firewall state tables (over the net).
#device		pf
#device		pflog
#device		pfsync
# Internet family options:
# IPFIREWALL enables support for IP firewall construction, in
# conjunction with the `ipfw' program.  IPFIREWALL_VERBOSE sends
# logged packets to the system logger.  IPFIREWALL_VERBOSE_LIMIT
# limits the number of times a matching entry can be logged.
options 	IPFIREWALL		#firewall
options 	IPFIREWALL_VERBOSE	#enable logging to syslogd(8)
options 	IPFIREWALL_VERBOSE_LIMIT=100	#limit verbosity
#options 	IPFIREWALL_DEFAULT_TO_ACCEPT	#allow everything by default
options		IPFIREWALL_FORWARD
options 	IPDIVERT		#divert sockets
options		DUMMYNET		# "dummynet" bandwidth limiter.                
#options 	IPFILTER		#ipfilter support
#options 	IPFILTER_LOG		#ipfilter logging
#options 	IPFILTER_LOOKUP		#ipfilter pools
#options 	IPFILTER_DEFAULT_BLOCK	#block all packets by default
#options 	IPSTEALTH		#support for stealth forwarding
# Statically Link in accept filters
options 	ACCEPT_FILTER_DATA
options 	ACCEPT_FILTER_DNS
options 	ACCEPT_FILTER_HTTP
#####################################################################
# FILESYSTEM OPTIONS
# One of these is mandatory:
options 	FFS			#Fast filesystem
# The rest are optional:
options 	CD9660			#ISO 9660 filesystem
options		UDF			#Universal Disk Format 
options		UDF_ICONV
#options		NTFS			# NTFS filesystem 
options 	MSDOSFS			#MS DOS File System (FAT, FAT32)
options 	PROCFS			#Process filesystem (requires PSEUDOFS)
options 	PSEUDOFS		#Pseudo-filesystem framework
# Soft updates is a technique for improving filesystem speed and
# making abrupt shutdown less risky.
#
options 	SOFTUPDATES
# Extended attributes allow additional data to be associated with files,
# and is used for ACLs, Capabilities, and MAC labels.
# See src/sys/ufs/ufs/README.extattr for more information.
options 	UFS_EXTATTR
options 	UFS_EXTATTR_AUTOSTART
# Access Control List support for UFS filesystems.  The current ACL
# implementation requires extended attribute support, UFS_EXTATTR,
# for the underlying filesystem.
# See src/sys/ufs/ufs/README.acls for more information.
options 	UFS_ACL
options 	SUIDDIR
# Use real implementations of the aio_* system calls.  There are numerous
# stability and security issues in the current aio code that make it
# unsuitable for inclusion on machines with untrusted local users.
options 	VFS_AIO
# Cryptographically secure random number generator; /dev/random
device		random
# Optional character code conversion support with LIBICONV.
# Each option requires their base file system and LIBICONV.
options 	CD9660_ICONV
options 	MSDOSFS_ICONV
#####################################################################
# CLOCK OPTIONS
options 	HZ=100
#####################################################################
# SCSI DEVICES
# SCSI DEVICE CONFIGURATION
device		scbus		#base SCSI code
device		da		#SCSI direct access devices (aka disks)
device		cd		#SCSI CD-ROMs
device		pass		#CAM passthrough driver
#####################################################################
# MISCELLANEOUS DEVICES AND OPTIONS
device		pty		#BSD-style compatibility pseudo ttys
device		md		#Memory/malloc disk
# Kernel side iconv library
options 	LIBICONV
#####################################################################
# HARDWARE DEVICE CONFIGURATION
device		eisa            # The EISA bus device is `eisa'.  It provides auto-detection and
device		pci             # PCI bus & PCI options
device		agp             # AGP GART support
# The syscons console driver (SCO color console compatible).
device		sc
options 	MAXCONS=16		# number of virtual consoles
options 	SC_PIXEL_MODE		# add support for the raster text mode
options		VESA			# support for VESA VGA video modes
device		vga			# Video card driver for VGA adapters.
options		KBD_INSTALL_CDEV
# ACPI support using the Intel ACPI Component Architecture reference
# implementation.
device		acpi
# Direct Rendering modules for 3D acceleration.
device		drm		# DRM core module required by DRM drivers
device		i915drm		# Intel i830 through i915
device		ata
device		atadisk		# ATA disk drives
device		atapicd		# ATAPI CDROM drives
device		atapifd		# ATAPI floppy drives
device		atapicam	# emulate ATAPI devices as SCSI ditto via CAM
				# needs CAM to be present (scbus & pass)
# Modular ATA
device		atacore		# Core ATA functionality
device		ataintel	# Intel
# Standard floppy disk controllers and floppy tapes, supports
# the Y-E DATA External FDD (PC Card)
#
device		fdc
# uart: newbusified driver for serial interfaces.  It consolidates the sio(4),
#	sab(4) and zs(4) drivers.
device		uart
# Network interfaces:
# MII bus support is required for some PCI 10/100 ethernet NICs,
# namely those which use MII-compliant transceivers or implement
# transceiver control interfaces that operate like an MII. Adding
# "device miibus" to the kernel config pulls in support for
# the generic miibus API and all of the PHY drivers, including a
# generic one for PHYs that aren't specifically handled by an
# individual driver.
device		miibus
# PCI Ethernet NICs that use the common MII bus controller code.
device		fxp		# Intel EtherExpress PRO/100B (82557, 82558)
device		rl		# RealTek 8129/8139
# Sound drivers
device		sound           # sound: The generic sound driver.
device		snd_ich         # Intel ICH AC'97 and some more audio controllers embedded in a chipset, 
# Parallel-Port Bus
device		ppc             # ppc	ISA-bus parallel port interfaces.
device		ppbus		# Parallel port bus (required)
#####################################################################
# USB support
device		uhci            # UHCI controller
device		ehci            # EHCI controller
device		usb             # General USB code (mandatory for USB)
device		umass		# USB mass storage devices
device		ukbd            # USB keyboard
device		ums             # USB mouse
#####################################################################
# crypto subsystem
# This is a port of the OpenBSD crypto framework.  Include this when
# configuring IPSEC and when you have a h/w crypto device to accelerate
# user applications that link to OpenSSL.
#
# Drivers are ports from OpenBSD with some simple enhancements that have
# been fed back to OpenBSD.
device		crypto		# core crypto support
device		cryptodev	# /dev/crypto for access to h/w
#####################################################################
# ABI Emulation
options 	COMPAT_LINUX    # Enable Linux ABI emulation
options 	LINPROCFS       # Enable the linux-like proc filesystem support
options 	LINSYSFS        # Enable the linux-like sys filesystem support
```


----------



## sancho (Jul 22, 2011)

SirDice said:
			
		

> That's a direct effect of having a monolithic kernel


As i can see, monolithic kernel refers kernel architecture but not the ability to use modules.
FreeBSD and Solaris are both have monolithic kernels.
But Solaris kernel consists of a *small static core* and many dynamically loadable kernel modules, which loaded automatically as needed. So, the kernel is fully dynamically configurable.



			
				SirDice said:
			
		

> You don't have too. The GENERIC kernel works fine for most people. Additional hardware drivers can be loaded as modules.


It is not. GENERIC kernel is useless in real world.
The main purpose of GENERIC kernel is to boot on wide hardware configurations, which is needed during installation process.
Built-in and loaded as module option may have different behavior. For example, ipfw as module does not have IPFIREWALL_FORWARD option. So, if i need IPFIREWALL_FORWARD i have to rebuild kernel.
In addition, device drivers behave differently then loaded as module or not.


----------



## UNIXgod (Jul 22, 2011)

The answer to this question is covered in the handbook:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-custom-kernel.html


----------



## SirDice (Jul 25, 2011)

sancho said:
			
		

> It is not. GENERIC kernel is useless in real world.
> The main purpose of GENERIC kernel is to boot on wide hardware configurations, which is needed during installation process.



Contradictio in terminus.


----------



## fonz (Jul 25, 2011)

sancho said:
			
		

> GENERIC kernel is useless in real world.


Don't be ridiculous.

Fonz


----------



## fluca1978 (Aug 16, 2011)

I guess here you have the best of two worlds: if your hardware is not changing and your system has a fixed setup, a monolithic kernel will help you save memory and will work faster (no inter-module communication); if your setup is changing, having KLD will help to stay on track with it. Moreover, KLD can become a security issue, and that is why some secure levels do not allow them to happen while the system is running...


----------

