Date: Tue, 10 Oct 2000 23:51:10 -0500 From: "Doug Poland" <doug@polands.org> To: "Matt Rudderham" <matt@researcher.com>, "ListServer FreeBSD Questions" <FreeBSD-Questions@FreeBSD.ORG> Subject: RE: kernel bloat Message-ID: <NDBBKMNOJKJGAEKJNLIAIEIPELAA.doug@polands.org> In-Reply-To: <NDBBLEKOOLGIBFPGLFEKEEOPCEAA.matt@researcher.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > >Hi, > > > >I've just recompiled custom kernel to include > >firewall options IPFIREWALL, IPDIVERT, > >IPFIREWALL_VERBOSE, IPFIREWALL_VERBOSE=100, > >and ICMP_BANDLIM. > > > >My previous kernel was a slim, trim 1789667 > >bytes. The new kernel is weighs in at a > >whopping 7121175 bytes! That's 1.7MB to 7.1MB! > > > >Since this is a modest 80486 with only 20MB RAM, > >and it's sole purpose in life is to route, I'm > >trying to keep the kernel and the OS as unencumbered > >as possible. > > > >Is this kernel bloat the price I pay for packet > >filtering? Will a 7.1MB kernel on a 20MB 486 > >perform adequately as a router for a cable modem? > > Hmm, That does sound a little on the heavy side, I have many of those > options compiled into mine, IPFIREWALL, etc.. all except the ICMP_BANDLIm > which wouldn't be a bad idea come to think of it, and mine weighs > in at only > 1915262 about 1.8Mb if my math is right, but certainly much less than your > 7.1, Why not send out your kernel config file as a starter? > Sounds more like you compiled LINT or something:) > - Matt > Here's my kernel... # # NEBO -- kernel configuration file for FreeBSD/i386 router/firewall # # $Id: NEBO,v 1.2 2000/10/06 04:19:34 root Exp root $ # # $Log: NEBO,v $ # Revision 1.2 2000/10/06 04:19:34 root # initial rev # # machine i386 cpu I486_CPU ident NEBO maxusers 32 options IPFIREWALL #firewall options IPDIVERT #divert sockets options IPFIREWALL_VERBOSE #print information about # dropped packets options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity options ICMP_BANDLIM options MATH_EMULATE #Support for x87 emulation options INET #InterNETworking options INET6 #IPv6 communications protocols options FFS #Berkeley Fast Filesystem options FFS_ROOT #FFS usable as root device [keep this!] options SOFTUPDATES #Enable FFS soft updates support options MD_ROOT #MD is a potential root device options NFS #Network Filesystem options NFS_ROOT #NFS usable as root device, NFS required options MSDOSFS #MSDOS Filesystem options CD9660 #ISO 9660 Filesystem options PROCFS #Process filesystem options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options UCONSOLE #Allow users to grab the console options USERCONFIG #boot -c editor options VISUAL_USERCONFIG #visual boot -c editor options KTRACE #ktrace(1) support options P1003_1B #Posix P1003_1B real-time extensions options KBD_INSTALL_CDEV # install a CDEV entry in /dev device isa # Floppy drives device fdc0 at isa? port IO_FD1 irq 6 drq 2 device fd0 at fdc0 drive 0 # ATA and ATAPI devices device ata0 at isa? port IO_WD1 irq 14 device ata1 at isa? port IO_WD2 irq 15 device ata device atadisk # ATA disk drives options ATA_STATIC_ID #Static device numbering # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc0 at isa? port IO_KBD device atkbd0 at atkbdc? irq 1 flags 0x1 device psm0 at atkbdc? irq 12 device vga0 at isa? # splash screen/screen saver pseudo-device splash # syscons is the default console driver, resembling an SCO console device sc0 at isa? flags 0x100 # Floating point support - do not disable. device npx0 at nexus? port IO_NPX irq 13 # ISA Ethernet NICs. device ed0 at isa? port 0x300 irq 10 iomem 0xcc000 device ed1 at isa? port 0x240 irq 3 iomem 0xc0000 # Pseudo devices - the number indicates how many units to allocated. pseudo-device loop # Network loopback pseudo-device ether # Ethernet support pseudo-device ppp 1 # Kernel PPP pseudo-device tun # Packet tunnel. pseudo-device pty # Pseudo-ttys (telnet etc) pseudo-device md # Memory "disks" pseudo-device gif 4 # IPv6 and IPv4 tunneling pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) # The `bpf' pseudo-device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! pseudo-device bpf #Berkeley packet filter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBKMNOJKJGAEKJNLIAIEIPELAA.doug>