From owner-freebsd-questions Tue Oct 10 22:37:39 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id CB87E37B503 for ; Tue, 10 Oct 2000 22:37:34 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 10 Oct 2000 22:36:16 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e9B5bQq08722; Tue, 10 Oct 2000 22:37:26 -0700 (PDT) (envelope-from cjc) Date: Tue, 10 Oct 2000 22:37:26 -0700 From: "Crist J . Clark" To: Doug Poland Cc: Matt Rudderham , ListServer FreeBSD Questions Subject: Re: kernel bloat Message-ID: <20001010223726.H25121@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from doug@polands.org on Tue, Oct 10, 2000 at 11:51:10PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Oct 10, 2000 at 11:51:10PM -0500, Doug Poland wrote: > > > > >Hi, > > > > > >I've just recompiled custom kernel to include > > >firewall options IPFIREWALL, IPDIVERT, > > >IPFIREWALL_VERBOSE, IPFIREWALL_VERBOSE=100, > > >and ICMP_BANDLIM. > > > > > >My previous kernel was a slim, trim 1789667 > > >bytes. The new kernel is weighs in at a > > >whopping 7121175 bytes! That's 1.7MB to 7.1MB! > > > > > >Since this is a modest 80486 with only 20MB RAM, > > >and it's sole purpose in life is to route, I'm > > >trying to keep the kernel and the OS as unencumbered > > >as possible. > > > > > >Is this kernel bloat the price I pay for packet > > >filtering? Will a 7.1MB kernel on a 20MB 486 > > >perform adequately as a router for a cable modem? > > > > Hmm, That does sound a little on the heavy side, I have many of those > > options compiled into mine, IPFIREWALL, etc.. all except the ICMP_BANDLIm > > which wouldn't be a bad idea come to think of it, and mine weighs > > in at only > > 1915262 about 1.8Mb if my math is right, but certainly much less than your > > 7.1, Why not send out your kernel config file as a starter? > > Sounds more like you compiled LINT or something:) > > - Matt > > > Here's my kernel... It really sounds like you compiled a debug kernel. You didn't put a '-g' in somewhere did you? Anyway, I marked a bunch of stuff you don't need. > # > # NEBO -- kernel configuration file for FreeBSD/i386 router/firewall > # > # $Id: NEBO,v 1.2 2000/10/06 04:19:34 root Exp root $ > # > # $Log: NEBO,v $ > # Revision 1.2 2000/10/06 04:19:34 root > # initial rev > # > # > > machine i386 > cpu I486_CPU > ident NEBO > maxusers 32 > > options IPFIREWALL #firewall > options IPDIVERT #divert sockets > options IPFIREWALL_VERBOSE #print information about > # dropped packets > options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity > options ICMP_BANDLIM > > options MATH_EMULATE #Support for x87 emulation > options INET #InterNETworking > options INET6 #IPv6 communications protocols > options FFS #Berkeley Fast Filesystem > options FFS_ROOT #FFS usable as root device [keep this!] > options SOFTUPDATES #Enable FFS soft updates support #options MD_ROOT #MD is a potential root device #options NFS #Network Filesystem #options NFS_ROOT #NFS usable as root device, NFS required #options MSDOSFS #MSDOS Filesystem #options CD9660 #ISO 9660 Filesystem #options PROCFS #Process filesystem None of these typically need be in the kernel. They will be loaded dynamically as modules if needed. They only need to be in the kernel if they are required at boot (before / is mounted and /modules available). > options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] > options UCONSOLE #Allow users to grab the console #options USERCONFIG #boot -c editor #options VISUAL_USERCONFIG #visual boot -c editor Not needed if you are configuring the kernel here. #options KTRACE #ktrace(1) support Does not cost a lot, but if this is going to be a working box, and not development, you probably don't need it. > options P1003_1B #Posix P1003_1B real-time extensions > options KBD_INSTALL_CDEV # install a CDEV entry in /dev > > device isa > > # Floppy drives > device fdc0 at isa? port IO_FD1 irq 6 drq 2 > device fd0 at fdc0 drive 0 > > # ATA and ATAPI devices > device ata0 at isa? port IO_WD1 irq 14 > device ata1 at isa? port IO_WD2 irq 15 > device ata > device atadisk # ATA disk drives > options ATA_STATIC_ID #Static device numbering > > # atkbdc0 controls both the keyboard and the PS/2 mouse > device atkbdc0 at isa? port IO_KBD > device atkbd0 at atkbdc? irq 1 flags 0x1 > device psm0 at atkbdc? irq 12 > > device vga0 at isa? > > # splash screen/screen saver > pseudo-device splash > > # syscons is the default console driver, resembling an SCO console > device sc0 at isa? flags 0x100 > > # Floating point support - do not disable. > device npx0 at nexus? port IO_NPX irq 13 > > # ISA Ethernet NICs. > device ed0 at isa? port 0x300 irq 10 iomem 0xcc000 > device ed1 at isa? port 0x240 irq 3 iomem 0xc0000 > > # Pseudo devices - the number indicates how many units to allocated. > pseudo-device loop # Network loopback > pseudo-device ether # Ethernet support #pseudo-device ppp 1 # Kernel PPP #pseudo-device tun # Packet tunnel. > pseudo-device pty # Pseudo-ttys (telnet etc) #pseudo-device md # Memory "disks" > pseudo-device gif 4 # IPv6 and IPv4 tunneling > pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) Devices you probably will not be using. > # The `bpf' pseudo-device enables the Berkeley Packet Filter. > # Be aware of the administrative consequences of enabling this! > pseudo-device bpf #Berkeley packet filter All the IPv6 is left in, but you probably can lose it. Dunno how much that would save you. But like I said, you must have built a debug kernel or something, I just built a kernel with your file, # ls -l kernel -rwxr-xr-x 1 root wheel 1821698 Oct 10 22:35 kernel -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message