From owner-freebsd-questions Wed Oct 11 6:10: 7 2000 Delivered-To: freebsd-questions@freebsd.org Received: from smtp.newresources.com (newresources.com [38.156.90.40]) by hub.freebsd.org (Postfix) with ESMTP id DBBEE37B503 for ; Wed, 11 Oct 2000 06:09:58 -0700 (PDT) Received: from judah ([206.209.126.23]) by smtp.newresources.com (Lotus Domino Release 5.0.1a) with SMTP id 2000101108193484:3668 ; Wed, 11 Oct 2000 08:19:34 -0500 From: "Doug Poland" To: Cc: "ListServer FreeBSD Questions" Subject: RE: kernel bloat Date: Wed, 11 Oct 2000 08:09:54 -0500 Message-ID: MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20001010223726.H25121@149.211.6.64.reflexcom.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal X-MIMETrack: Itemize by SMTP Server on NRCSMTP/NRC(Release 5.0.1a|August 17, 1999) at 10/11/2000 08:19:35 AM, Serialize by Router on NRCSMTP/NRC(Release 5.0.1a|August 17, 1999) at 10/11/2000 08:19:37 AM, Serialize complete at 10/11/2000 08:19:37 AM Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="US-ASCII" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > From: Crist J . Clark [mailto:cjclark@reflexnet.net] > Sent: Wednesday, October 11, 2000 00:37 > To: Doug Poland > Cc: Matt Rudderham; ListServer FreeBSD Questions > Subject: Re: kernel bloat > > > On Tue, Oct 10, 2000 at 11:51:10PM -0500, Doug Poland wrote: > > > > > > >Hi, > > > > > > > >I've just recompiled custom kernel to include > > > >firewall options IPFIREWALL, IPDIVERT, > > > >IPFIREWALL_VERBOSE, IPFIREWALL_VERBOSE=100, > > > >and ICMP_BANDLIM. > > > > > > > >My previous kernel was a slim, trim 1789667 > > > >bytes. The new kernel is weighs in at a > > > >whopping 7121175 bytes! That's 1.7MB to 7.1MB! > > > > > > > >Since this is a modest 80486 with only 20MB RAM, > > > >and it's sole purpose in life is to route, I'm > > > >trying to keep the kernel and the OS as unencumbered > > > >as possible. > > > > > > > >Is this kernel bloat the price I pay for packet > > > >filtering? Will a 7.1MB kernel on a 20MB 486 > > > >perform adequately as a router for a cable modem? > > > > > > Hmm, That does sound a little on the heavy side, I > > > have many of those options compiled into mine, > > > IPFIREWALL, etc.. all except the ICMP_BANDLIm > > > which wouldn't be a bad idea come to think of it, > > > and mine weighs in at only 1915262 about 1.8Mb > > > if my math is right, but certainly much less than > > > your 7.1, Why not send out your kernel config file > > > as a starter? > > > Sounds more like you compiled LINT or something:) > > > - Matt > > > > > Here's my kernel... > > It really sounds like you compiled a debug kernel. > You didn't put a '-g' in somewhere did you? > No, I didn't supply any -g switches on the command line. What I usually do for a compile on such a slow machine is # make depend; make; make install; shutdown -r now and walk away. Perhaps something "went wrong" and I never saw any messages on the console. Oh well, I'll just recompile and see what happens. > Anyway, I marked a bunch of stuff you don't need. > Thanks for scubbing my kernel. Just for clarification, do your [keep this] comments apply to the line before, or the line after :) Regards, Doug > > # > > # NEBO -- kernel configuration file for FreeBSD/i386 router/firewall > > # > > # $Id: NEBO,v 1.2 2000/10/06 04:19:34 root Exp root $ > > # > > # $Log: NEBO,v $ > > # Revision 1.2 2000/10/06 04:19:34 root > > # initial rev > > # > > # > > > > machine i386 > > cpu I486_CPU > > ident NEBO > > maxusers 32 > > > > options IPFIREWALL #firewall > > options IPDIVERT #divert sockets > > options IPFIREWALL_VERBOSE #print information about > > # dropped packets > > options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity > > options ICMP_BANDLIM > > > > options MATH_EMULATE #Support for x87 emulation > > options INET #InterNETworking > > options INET6 #IPv6 communications protocols > > options FFS #Berkeley Fast Filesystem > > options FFS_ROOT #FFS usable as root device > [keep this!] > > options SOFTUPDATES #Enable FFS soft updates support > #options MD_ROOT #MD is a potential root device > #options NFS #Network Filesystem > #options NFS_ROOT #NFS usable as root device, NFS required > #options MSDOSFS #MSDOS Filesystem > #options CD9660 #ISO 9660 Filesystem > #options PROCFS #Process filesystem > > None of these typically need be in the kernel. They will be loaded > dynamically as modules if needed. They only need to be in the kernel > if they are required at boot (before / is mounted and /modules > available). > > > options COMPAT_43 #Compatible with BSD 4.3 > [KEEP THIS!] > > options UCONSOLE #Allow users to grab the console > #options USERCONFIG #boot -c editor > #options VISUAL_USERCONFIG #visual boot -c editor > > Not needed if you are configuring the kernel here. > > #options KTRACE #ktrace(1) support > > Does not cost a lot, but if this is going to be a working box, and not > development, you probably don't need it. > > > options P1003_1B #Posix P1003_1B real-time extensions > > options KBD_INSTALL_CDEV # install a CDEV entry in /dev > > > > device isa > > > > # Floppy drives > > device fdc0 at isa? port IO_FD1 irq 6 drq 2 > > device fd0 at fdc0 drive 0 > > > > # ATA and ATAPI devices > > device ata0 at isa? port IO_WD1 irq 14 > > device ata1 at isa? port IO_WD2 irq 15 > > device ata > > device atadisk # ATA disk drives > > options ATA_STATIC_ID #Static device numbering > > > > # atkbdc0 controls both the keyboard and the PS/2 mouse > > device atkbdc0 at isa? port IO_KBD > > device atkbd0 at atkbdc? irq 1 flags 0x1 > > device psm0 at atkbdc? irq 12 > > > > device vga0 at isa? > > > > # splash screen/screen saver > > pseudo-device splash > > > > # syscons is the default console driver, resembling an SCO console > > device sc0 at isa? flags 0x100 > > > > # Floating point support - do not disable. > > device npx0 at nexus? port IO_NPX irq 13 > > > > # ISA Ethernet NICs. > > device ed0 at isa? port 0x300 irq 10 iomem 0xcc000 > > device ed1 at isa? port 0x240 irq 3 iomem 0xc0000 > > > > # Pseudo devices - the number indicates how many units to allocated. > > pseudo-device loop # Network loopback > > pseudo-device ether # Ethernet support > #pseudo-device ppp 1 # Kernel PPP > #pseudo-device tun # Packet tunnel. > > pseudo-device pty # Pseudo-ttys (telnet etc) > #pseudo-device md # Memory "disks" > > pseudo-device gif 4 # IPv6 and IPv4 tunneling > > pseudo-device faith 1 # IPv6-to-IPv4 relaying > (translation) > > Devices you probably will not be using. > > > # The `bpf' pseudo-device enables the Berkeley Packet Filter. > > # Be aware of the administrative consequences of enabling this! > > pseudo-device bpf #Berkeley packet filter > > All the IPv6 is left in, but you probably can lose it. Dunno how much > that would save you. > > But like I said, you must have built a debug kernel or something, I > just built a kernel with your file, > > # ls -l kernel > -rwxr-xr-x 1 root wheel 1821698 Oct 10 22:35 kernel > > -- > Crist J. Clark cjclark@alum.mit.edu > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message