Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Oct 2000 23:51:10 -0500
From:      "Doug Poland" <doug@polands.org>
To:        "Matt Rudderham" <matt@researcher.com>, "ListServer FreeBSD Questions" <FreeBSD-Questions@FreeBSD.ORG>
Subject:   RE: kernel bloat
Message-ID:  <NDBBKMNOJKJGAEKJNLIAIEIPELAA.doug@polands.org>
In-Reply-To: <NDBBLEKOOLGIBFPGLFEKEEOPCEAA.matt@researcher.com>

next in thread | previous in thread | raw e-mail | index | archive | help
>
> >Hi,
> >
> >I've just recompiled custom kernel to include
> >firewall options IPFIREWALL, IPDIVERT,
> >IPFIREWALL_VERBOSE, IPFIREWALL_VERBOSE=100,
> >and ICMP_BANDLIM.
> >
> >My previous kernel was a slim, trim 1789667
> >bytes. The new kernel is weighs in at a
> >whopping 7121175 bytes!  That's 1.7MB to 7.1MB!
> >
> >Since this is a modest 80486 with only 20MB RAM,
> >and it's sole purpose in life is to route, I'm
> >trying to keep the kernel and the OS as unencumbered
> >as possible.
> >
> >Is this kernel bloat the price I pay for packet
> >filtering?  Will a 7.1MB kernel on a 20MB 486
> >perform adequately as a router for a cable modem?
>
> Hmm, That does sound a little on the heavy side, I have many of those
> options compiled into mine, IPFIREWALL, etc.. all except the ICMP_BANDLIm
> which wouldn't be a bad idea come to think of it, and mine weighs
> in at only
> 1915262 about 1.8Mb if my math is right, but certainly much less than your
> 7.1, Why not send out your kernel config file as a starter?
> Sounds more like you compiled LINT or something:)
> - Matt
>
Here's my kernel...

#
# NEBO -- kernel configuration file for FreeBSD/i386 router/firewall
#
# $Id: NEBO,v 1.2 2000/10/06 04:19:34 root Exp root $
#
# $Log: NEBO,v $
# Revision 1.2  2000/10/06 04:19:34  root
# initial rev
#
#

machine		i386
cpu		I486_CPU
ident		NEBO
maxusers	32

options 	IPFIREWALL		#firewall
options 	IPDIVERT		#divert sockets
options 	IPFIREWALL_VERBOSE	#print information about
					# dropped packets
options 	IPFIREWALL_VERBOSE_LIMIT=100	#limit verbosity
options 	ICMP_BANDLIM

options 	MATH_EMULATE		#Support for x87 emulation
options 	INET			#InterNETworking
options 	INET6			#IPv6 communications protocols
options 	FFS			#Berkeley Fast Filesystem
options 	FFS_ROOT		#FFS usable as root device [keep this!]
options 	SOFTUPDATES		#Enable FFS soft updates support
options 	MD_ROOT			#MD is a potential root device
options 	NFS			#Network Filesystem
options 	NFS_ROOT		#NFS usable as root device, NFS required
options 	MSDOSFS			#MSDOS Filesystem
options 	CD9660			#ISO 9660 Filesystem
options 	PROCFS			#Process filesystem
options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
options 	UCONSOLE		#Allow users to grab the console
options 	USERCONFIG		#boot -c editor
options 	VISUAL_USERCONFIG	#visual boot -c editor
options 	KTRACE			#ktrace(1) support
options 	P1003_1B		#Posix P1003_1B real-time extensions
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev

device		isa

# Floppy drives
device		fdc0	at isa? port IO_FD1 irq 6 drq 2
device		fd0	at fdc0 drive 0

# ATA and ATAPI devices
device		ata0	at isa? port IO_WD1 irq 14
device		ata1	at isa? port IO_WD2 irq 15
device		ata
device		atadisk			# ATA disk drives
options 	ATA_STATIC_ID		#Static device numbering

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc0	at isa? port IO_KBD
device		atkbd0	at atkbdc? irq 1 flags 0x1
device		psm0	at atkbdc? irq 12

device		vga0	at isa?

# splash screen/screen saver
pseudo-device	splash

# syscons is the default console driver, resembling an SCO console
device		sc0	at isa? flags 0x100

# Floating point support - do not disable.
device		npx0	at nexus? port IO_NPX irq 13

# ISA Ethernet NICs.
device		ed0	at isa? port 0x300 irq 10 iomem 0xcc000
device		ed1	at isa? port 0x240 irq 3 iomem 0xc0000

# Pseudo devices - the number indicates how many units to allocated.
pseudo-device	loop		# Network loopback
pseudo-device	ether		# Ethernet support
pseudo-device	ppp	1	# Kernel PPP
pseudo-device	tun		# Packet tunnel.
pseudo-device	pty		# Pseudo-ttys (telnet etc)
pseudo-device	md		# Memory "disks"
pseudo-device	gif	4	# IPv6 and IPv4 tunneling
pseudo-device	faith	1	# IPv6-to-IPv4 relaying (translation)

# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device	bpf		#Berkeley packet filter



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBKMNOJKJGAEKJNLIAIEIPELAA.doug>