FreeBSD/Linux Kernel Cross Reference
sys/conf/NOTES

   # $FreeBSD: src/sys/conf/NOTES,v 1.1516 2008/11/12 09:52:06 yongari Exp $
   #
   # NOTES -- Lines that can be cut/pasted into kernel and hints configs.
   #
   # Lines that begin with 'device', 'options', 'machine', 'ident', 'maxusers',
   # 'makeoptions', 'hints', etc. go into the kernel configuration that you
   # run config(8) with.
   #
   # Lines that begin with 'hint.' are NOT for config(8), they go into your
  # hints file.  See /boot/device.hints and/or the 'hints' config(8) directive.
  #
  # Please use ``make LINT'' to create an old-style LINT file if you want to
  # do kernel test-builds.
  #
  # This file contains machine independent kernel configuration notes.  For
  # machine dependent notes, look in /sys/<arch>/conf/NOTES.
  #
  
  #
  # NOTES conventions and style guide:
  #
  # Large block comments should begin and end with a line containing only a
  # comment character.
  #
  # To describe a particular object, a block comment (if it exists) should
  # come first.  Next should come device, options, and hints lines in that
  # order.  All device and option lines must be described by a comment that
  # doesn't just expand the device or option name.  Use only a concise
  # comment on the same line if possible.  Very detailed descriptions of
  # devices and subsystems belong in man pages.
  #
  # A space followed by a tab separates 'options' from an option name.  Two
  # spaces followed by a tab separate 'device' from a device name.  Comments
  # after an option or device should use one space after the comment character.
  # To comment out a negative option that disables code and thus should not be
  # enabled for LINT builds, precede 'options' with "#!".
  #
  
  #
  # This is the ``identification'' of the kernel.  Usually this should
  # be the same as the name of your kernel.
  #
  ident           LINT
  
  #
  # The `maxusers' parameter controls the static sizing of a number of
  # internal system tables by a formula defined in subr_param.c.
  # Omitting this parameter or setting it to 0 will cause the system to
  # auto-size based on physical memory.
  #
  maxusers        10
  
  #
  # The `makeoptions' parameter allows variables to be passed to the
  # generated Makefile in the build area.
  #
  # CONF_CFLAGS gives some extra compiler flags that are added to ${CFLAGS}
  # after most other flags.  Here we use it to inhibit use of non-optimal
  # gcc built-in functions (e.g., memcmp).
  #
  # DEBUG happens to be magic.
  # The following is equivalent to 'config -g KERNELNAME' and creates
  # 'kernel.debug' compiled with -g debugging as well as a normal
  # 'kernel'.  Use 'make install.debug' to install the debug kernel
  # but that isn't normally necessary as the debug symbols are not loaded
  # by the kernel and are not useful there anyway.
  #
  # KERNEL can be overridden so that you can change the default name of your
  # kernel.
  #
  # MODULES_OVERRIDE can be used to limit modules built to a specific list.
  #
  makeoptions     CONF_CFLAGS=-fno-builtin  #Don't allow use of memcmp, etc.
  #makeoptions    DEBUG=-g                #Build kernel with gdb(1) debug symbols
  #makeoptions    KERNEL=foo              #Build kernel "foo" and install "/foo"
  # Only build ext2fs module plus those parts of the sound system I need.
  #makeoptions    MODULES_OVERRIDE="ext2fs sound/sound sound/driver/maestro3"
  makeoptions     DESTDIR=/tmp
  
  #
  # FreeBSD processes are subject to certain limits to their consumption
  # of system resources.  See getrlimit(2) for more details.  Each
  # resource limit has two values, a "soft" limit and a "hard" limit.
  # The soft limits can be modified during normal system operation, but
  # the hard limits are set at boot time.  Their default values are
  # in sys/<arch>/include/vmparam.h.  There are two ways to change them:
  # 
  # 1.  Set the values at kernel build time.  The options below are one
  #     way to allow that limit to grow to 1GB.  They can be increased
  #     further by changing the parameters:
  #       
  # 2.  In /boot/loader.conf, set the tunables kern.maxswzone,
  #     kern.maxbcache, kern.maxtsiz, kern.dfldsiz, kern.maxdsiz,
  #     kern.dflssiz, kern.maxssiz and kern.sgrowsiz.
  #
  # The options in /boot/loader.conf override anything in the kernel
  # configuration file.  See the function init_param1 in
  # sys/kern/subr_param.c for more details.
  #
 
 options         MAXDSIZ=(1024UL*1024*1024)
 options         MAXSSIZ=(128UL*1024*1024)
 options         DFLDSIZ=(1024UL*1024*1024)
 
 #
 # BLKDEV_IOSIZE sets the default block size used in user block
 # device I/O.  Note that this value will be overridden by the label
 # when specifying a block device from a label with a non-0
 # partition blocksize.  The default is PAGE_SIZE.
 #
 options         BLKDEV_IOSIZE=8192
 
 #
 # MAXPHYS and DFLTPHYS
 #
 # These are the max and default 'raw' I/O block device access sizes.
 # Reads and writes will be split into DFLTPHYS chunks. Some applications
 # have better performance with larger raw I/O access sizes. Typically
 # MAXPHYS should be twice the size of DFLTPHYS. Note that certain VM
 # parameters are derived from these values and making them too large
 # can make an an unbootable kernel.
 #
 # The defaults are 64K and 128K respectively.
 options         DFLTPHYS=(64*1024)
 options         MAXPHYS=(128*1024)
 
 
 # This allows you to actually store this configuration file into
 # the kernel binary itself. See config(8) for more details.
 #
 options         INCLUDE_CONFIG_FILE     # Include this file in kernel
 
 options         GEOM_AES                # Don't use, use GEOM_BDE
 options         GEOM_BDE                # Disk encryption.
 options         GEOM_BSD                # BSD disklabels
 options         GEOM_CACHE              # Disk cache.
 options         GEOM_CONCAT             # Disk concatenation.
 options         GEOM_ELI                # Disk encryption.
 options         GEOM_FOX                # Redundant path mitigation
 options         GEOM_GATE               # Userland services.
 options         GEOM_JOURNAL            # Journaling.
 options         GEOM_LABEL              # Providers labelization.
 options         GEOM_LINUX_LVM          # Linux LVM2 volumes
 options         GEOM_MBR                # DOS/MBR partitioning
 options         GEOM_MIRROR             # Disk mirroring.
 options         GEOM_MULTIPATH          # Disk multipath
 options         GEOM_NOP                # Test class.
 options         GEOM_PART_APM           # Apple partitioning
 options         GEOM_PART_BSD           # BSD disklabel
 options         GEOM_PART_GPT           # GPT partitioning
 options         GEOM_PART_MBR           # MBR partitioning
 options         GEOM_PART_PC98          # PC-9800 disk partitioning
 options         GEOM_PART_VTOC8         # SMI VTOC8 disk label
 options         GEOM_PC98               # NEC PC9800 partitioning
 options         GEOM_RAID3              # RAID3 functionality.
 options         GEOM_SHSEC              # Shared secret.
 options         GEOM_STRIPE             # Disk striping.
 options         GEOM_SUNLABEL           # Sun/Solaris partitioning
 options         GEOM_UZIP               # Read-only compressed disks
 options         GEOM_VIRSTOR            # Virtual storage.
 options         GEOM_VOL                # Volume names from UFS superblock
 options         GEOM_ZERO               # Performance testing helper.
 
 #
 # The root device and filesystem type can be compiled in;
 # this provides a fallback option if the root device cannot
 # be correctly guessed by the bootstrap code, or an override if
 # the RB_DFLTROOT flag (-r) is specified when booting the kernel.
 #
 options         ROOTDEVNAME=\"ufs:da0s2e\"
 
 
 #####################################################################
 # Scheduler options:
 #
 # Specifying one of SCHED_4BSD or SCHED_ULE is mandatory.  These options
 # select which scheduler is compiled in.
 #
 # SCHED_4BSD is the historical, proven, BSD scheduler.  It has a global run
 # queue and no CPU affinity which makes it suboptimal for SMP.  It has very
 # good interactivity and priority selection.
 #
 # SCHED_ULE provides significant performance advantages over 4BSD on many
 # workloads on SMP machines.  It supports cpu-affinity, per-cpu runqueues
 # and scheduler locks.  It also has a stronger notion of interactivity 
 # which leads to better responsiveness even on uniprocessor machines.  This
 # will eventually become the default scheduler.
 #
 # SCHED_STATS is a debugging option which keeps some stats in the sysctl
 # tree at 'kern.sched.stats' and is useful for debugging scheduling decisions.
 #
 options         SCHED_4BSD
 options         SCHED_STATS
 #options        SCHED_ULE
 
 #####################################################################
 # SMP OPTIONS:
 #
 # SMP enables building of a Symmetric MultiProcessor Kernel.
 
 # Mandatory:
 options         SMP                     # Symmetric MultiProcessor Kernel
 
 # ADAPTIVE_MUTEXES changes the behavior of blocking mutexes to spin
 # if the thread that currently owns the mutex is executing on another
 # CPU.  This behaviour is enabled by default, so this option can be used
 # to disable it.
 options         NO_ADAPTIVE_MUTEXES
 
 # ADAPTIVE_RWLOCKS changes the behavior of reader/writer locks to spin
 # if the thread that currently owns the rwlock is executing on another
 # CPU.  This behaviour is enabled by default, so this option can be used
 # to disable it.
 options         NO_ADAPTIVE_RWLOCKS
 
 # ADAPTIVE_SX changes the behavior of sx locks to spin if the thread
 # that currently owns the lock is executing on another CPU.  Note that
 # in addition to enabling this option, individual sx locks must be
 # initialized with the SX_ADAPTIVESPIN flag.
 options         ADAPTIVE_SX
 
 # MUTEX_NOINLINE forces mutex operations to call functions to perform each
 # operation rather than inlining the simple cases.  This can be used to
 # shrink the size of the kernel text segment.  Note that this behavior is
 # already implied by the INVARIANT_SUPPORT, INVARIANTS, KTR, LOCK_PROFILING,
 # and WITNESS options.
 options         MUTEX_NOINLINE
 
 # RWLOCK_NOINLINE forces rwlock operations to call functions to perform each
 # operation rather than inlining the simple cases.  This can be used to
 # shrink the size of the kernel text segment.  Note that this behavior is
 # already implied by the INVARIANT_SUPPORT, INVARIANTS, KTR, LOCK_PROFILING,
 # and WITNESS options.
 options         RWLOCK_NOINLINE
 
 # SX_NOINLINE forces sx lock operations to call functions to perform each
 # operation rather than inlining the simple cases.  This can be used to
 # shrink the size of the kernel text segment.  Note that this behavior is
 # already implied by the INVARIANT_SUPPORT, INVARIANTS, KTR, LOCK_PROFILING,
 # and WITNESS options.
 options         SX_NOINLINE
 
 # SMP Debugging Options:
 #
 # PREEMPTION allows the threads that are in the kernel to be preempted by
 #         higher priority [interrupt] threads.  It helps with interactivity
 #         and allows interrupt threads to run sooner rather than waiting.
 #         WARNING! Only tested on amd64 and i386.
 # FULL_PREEMPTION instructs the kernel to preempt non-realtime kernel
 #         threads.  Its sole use is to expose race conditions and other
 #         bugs during development.  Enabling this option will reduce
 #         performance and increase the frequency of kernel panics by
 #         design.  If you aren't sure that you need it then you don't.
 #         Relies on the PREEMPTION option.  DON'T TURN THIS ON.
 # MUTEX_DEBUG enables various extra assertions in the mutex code.
 # SLEEPQUEUE_PROFILING enables rudimentary profiling of the hash table
 #         used to hold active sleep queues as well as sleep wait message
 #         frequency.
 # TURNSTILE_PROFILING enables rudimentary profiling of the hash table
 #         used to hold active lock queues.
 # WITNESS enables the witness code which detects deadlocks and cycles
 #         during locking operations.
 # WITNESS_KDB causes the witness code to drop into the kernel debugger if
 #         a lock hierarchy violation occurs or if locks are held when going to
 #         sleep.
 # WITNESS_SKIPSPIN disables the witness checks on spin mutexes.
 options         PREEMPTION
 options         FULL_PREEMPTION
 options         MUTEX_DEBUG
 options         WITNESS
 options         WITNESS_KDB
 options         WITNESS_SKIPSPIN
 
 # LOCK_PROFILING - Profiling locks.  See LOCK_PROFILING(9) for details.
 options         LOCK_PROFILING
 # Set the number of buffers and the hash size.  The hash size MUST be larger
 # than the number of buffers.  Hash size should be prime.
 options         MPROF_BUFFERS="1536"
 options         MPROF_HASH_SIZE="1543"
 
 # Profiling for internal hash tables.
 options         SLEEPQUEUE_PROFILING
 options         TURNSTILE_PROFILING
 
 
 #####################################################################
 # COMPATIBILITY OPTIONS
 
 #
 # Implement system calls compatible with 4.3BSD and older versions of
 # FreeBSD.  You probably do NOT want to remove this as much current code
 # still relies on the 4.3 emulation.  Note that some architectures that
 # are supported by FreeBSD do not include support for certain important
 # aspects of this compatibility option, namely those related to the
 # signal delivery mechanism.
 #
 options         COMPAT_43
 
 # Old tty interface.
 options         COMPAT_43TTY
 
 # Enable FreeBSD4 compatibility syscalls
 options         COMPAT_FREEBSD4
 
 # Enable FreeBSD5 compatibility syscalls
 options         COMPAT_FREEBSD5
 
 # Enable FreeBSD6 compatibility syscalls
 options         COMPAT_FREEBSD6
 
 # Enable FreeBSD7 compatibility syscalls
 options         COMPAT_FREEBSD7
 
 #
 # These three options provide support for System V Interface
 # Definition-style interprocess communication, in the form of shared
 # memory, semaphores, and message queues, respectively.
 #
 options         SYSVSHM
 options         SYSVSEM
 options         SYSVMSG
 
 
 #####################################################################
 # DEBUGGING OPTIONS
 
 #
 # Compile with kernel debugger related code.
 #
 options         KDB
 
 #
 # Print a stack trace of the current thread on the console for a panic.
 #
 options         KDB_TRACE
 
 #
 # Don't enter the debugger for a panic. Intended for unattended operation
 # where you may want to enter the debugger from the console, but still want
 # the machine to recover from a panic.
 #
 options         KDB_UNATTENDED
 
 #
 # Enable the ddb debugger backend.
 #
 options         DDB
 
 #
 # Print the numerical value of symbols in addition to the symbolic
 # representation.
 #
 options         DDB_NUMSYM
 
 #
 # Enable the remote gdb debugger backend.
 #
 options         GDB
 
 #
 # Enable the kernel DTrace hooks which are required to load the DTrace
 # kernel modules.
 #
 options         KDTRACE_HOOKS
 
 #
 # SYSCTL_DEBUG enables a 'sysctl' debug tree that can be used to dump the
 # contents of the registered sysctl nodes on the console.  It is disabled by
 # default because it generates excessively verbose console output that can
 # interfere with serial console operation.
 #
 options         SYSCTL_DEBUG
 
 #
 # DEBUG_MEMGUARD builds and enables memguard(9), a replacement allocator
 # for the kernel used to detect modify-after-free scenarios.  See the
 # memguard(9) man page for more information on usage.
 #
 options         DEBUG_MEMGUARD
 
 #
 # DEBUG_REDZONE enables buffer underflows and buffer overflows detection for
 # malloc(9).
 #
 options         DEBUG_REDZONE
 
 #
 # KTRACE enables the system-call tracing facility ktrace(2).  To be more
 # SMP-friendly, KTRACE uses a worker thread to process most trace events
 # asynchronously to the thread generating the event.  This requires a
 # pre-allocated store of objects representing trace events.  The
 # KTRACE_REQUEST_POOL option specifies the initial size of this store.
 # The size of the pool can be adjusted both at boottime and runtime via
 # the kern.ktrace_request_pool tunable and sysctl.
 #
 options         KTRACE                  #kernel tracing
 options         KTRACE_REQUEST_POOL=101
 
 #
 # KTR is a kernel tracing mechanism imported from BSD/OS.  Currently
 # it has no userland interface aside from a few sysctl's.  It is
 # enabled with the KTR option.  KTR_ENTRIES defines the number of
 # entries in the circular trace buffer; it must be a power of two.
 # KTR_COMPILE defines the mask of events to compile into the kernel as
 # defined by the KTR_* constants in <sys/ktr.h>.  KTR_MASK defines the
 # initial value of the ktr_mask variable which determines at runtime
 # what events to trace.  KTR_CPUMASK determines which CPU's log
 # events, with bit X corresponding to CPU X.  KTR_VERBOSE enables
 # dumping of KTR events to the console by default.  This functionality
 # can be toggled via the debug.ktr_verbose sysctl and defaults to off
 # if KTR_VERBOSE is not defined.
 #
 options         KTR
 options         KTR_ENTRIES=1024
 options         KTR_COMPILE=(KTR_INTR|KTR_PROC)
 options         KTR_MASK=KTR_INTR
 options         KTR_CPUMASK=0x3
 options         KTR_VERBOSE
 
 #
 # ALQ(9) is a facility for the asynchronous queuing of records from the kernel
 # to a vnode, and is employed by services such as KTR(4) to produce trace
 # files based on a kernel event stream.  Records are written asynchronously
 # in a worker thread.
 #
 options         ALQ
 options         KTR_ALQ
 
 #
 # The INVARIANTS option is used in a number of source files to enable
 # extra sanity checking of internal structures.  This support is not
 # enabled by default because of the extra time it would take to check
 # for these conditions, which can only occur as a result of
 # programming errors.
 #
 options         INVARIANTS
 
 #
 # The INVARIANT_SUPPORT option makes us compile in support for
 # verifying some of the internal structures.  It is a prerequisite for
 # 'INVARIANTS', as enabling 'INVARIANTS' will make these functions be
 # called.  The intent is that you can set 'INVARIANTS' for single
 # source files (by changing the source file or specifying it on the
 # command line) if you have 'INVARIANT_SUPPORT' enabled.  Also, if you
 # wish to build a kernel module with 'INVARIANTS', then adding
 # 'INVARIANT_SUPPORT' to your kernel will provide all the necessary
 # infrastructure without the added overhead.
 #
 options         INVARIANT_SUPPORT
 
 #
 # The DIAGNOSTIC option is used to enable extra debugging information
 # from some parts of the kernel.  As this makes everything more noisy,
 # it is disabled by default.
 #
 options         DIAGNOSTIC
 
 #
 # REGRESSION causes optional kernel interfaces necessary only for regression
 # testing to be enabled.  These interfaces may constitute security risks
 # when enabled, as they permit processes to easily modify aspects of the
 # run-time environment to reproduce unlikely or unusual (possibly normally
 # impossible) scenarios.
 #
 options         REGRESSION
 
 #
 # RESTARTABLE_PANICS allows one to continue from a panic as if it were
 # a call to the debugger to continue from a panic as instead.  It is only
 # useful if a kernel debugger is present.  To restart from a panic, reset
 # the panicstr variable to NULL and continue execution.  This option is
 # for development use only and should NOT be used in production systems
 # to "workaround" a panic.
 #
 #options        RESTARTABLE_PANICS
 
 #
 # This option let some drivers co-exist that can't co-exist in a running
 # system.  This is used to be able to compile all kernel code in one go for
 # quality assurance purposes (like this file, which the option takes it name
 # from.)
 #
 options         COMPILING_LINT
 
 #
 # STACK enables the stack(9) facility, allowing the capture of kernel stack
 # for the purpose of procinfo(1), etc.  stack(9) will also be compiled in
 # automatically if DDB(4) is compiled into the kernel.
 #
 options         STACK
 
 
 #####################################################################
 # PERFORMANCE MONITORING OPTIONS
 
 #
 # The hwpmc driver that allows the use of in-CPU performance monitoring
 # counters for performance monitoring.  The base kernel needs to configured
 # with the 'options' line, while the hwpmc device can be either compiled
 # in or loaded as a loadable kernel module.
 #
 # Additional configuration options may be required on specific architectures,
 # please see hwpmc(4).
 
 device          hwpmc                   # Driver (also a loadable module)
 options         HWPMC_HOOKS             # Other necessary kernel hooks
 
 
 #####################################################################
 # NETWORKING OPTIONS
 
 #
 # Protocol families
 #
 options         INET                    #Internet communications protocols
 options         INET6                   #IPv6 communications protocols
 
 options         ROUTETABLES=2           # max 16. 1 is back compatible.
 
 # In order to enable IPSEC you MUST also add device crypto to 
 # your kernel configuration
 options         IPSEC                   #IP security (requires device crypto)
 #options        IPSEC_DEBUG             #debug for IP security
 #
 # Set IPSEC_FILTERTUNNEL to force packets coming through a tunnel
 # to be processed by any configured packet filtering twice.
 # The default is that packets coming out of a tunnel are _not_ processed;
 # they are assumed trusted.
 #
 # IPSEC history is preserved for such packets, and can be filtered
 # using ipfw(8)'s 'ipsec' keyword, when this option is enabled.
 #
 #options        IPSEC_FILTERTUNNEL      #filter ipsec packets from a tunnel
 
 options         IPX                     #IPX/SPX communications protocols
 
 options         NCP                     #NetWare Core protocol
 
 options         NETATALK                #Appletalk communications protocols
 options         NETATALKDEBUG           #Appletalk debugging
 
 #
 # SMB/CIFS requester
 # NETSMB enables support for SMB protocol, it requires LIBMCHAIN and LIBICONV
 # options.
 options         NETSMB                  #SMB/CIFS requester
 
 # mchain library. It can be either loaded as KLD or compiled into kernel
 options         LIBMCHAIN
 
 # libalias library, performing NAT
 options         LIBALIAS
 
 #
 # SCTP is a NEW transport protocol defined by
 # RFC2960 updated by RFC3309 and RFC3758.. and
 # soon to have a new base RFC and many many more
 # extensions. This release supports all the extensions
 # including many drafts (most about to become RFC's).
 # It is the premeier SCTP implementation in the NET
 # and is quite well tested.
 #
 # Note YOU MUST have both INET and INET6 defined.
 # you don't have to enable V6, but SCTP is 
 # dual stacked and so far we have not teased apart
 # the V6 and V4.. since an association can span
 # both a V6 and V4 address at the SAME time :-)
 #
 options         SCTP
 # There are bunches of options:
 # this one turns on all sorts of
 # nastly printing that you can
 # do. Its all controled by a
 # bit mask (settable by socket opt and
 # by sysctl). Including will not cause
 # logging until you set the bits.. but it
 # can be quite verbose.. so without this
 # option we don't do any of the tests for
 # bits and prints.. which makes the code run
 # faster.. if you are not debugging don't use.
 options SCTP_DEBUG
 #
 # This option turns off the CRC32c checksum. Basically
 # You will not be able to talk to anyone else that
 # has not done this. Its more for expermentation to
 # see how much CPU the CRC32c really takes. Most new
 # cards for TCP support checksum offload.. so this 
 # option gives you a "view" into what SCTP would be
 # like with such an offload (which only exists in
 # high in iSCSI boards so far). With the new
 # splitting 8's algorithm its not as bad as it used
 # to be.. but it does speed things up try only
 # for in a captured lab environment :-)
 options SCTP_WITH_NO_CSUM
 #
 
 #
 # All that options after that turn on specific types of
 # logging. You can monitor CWND growth, flight size
 # and all sorts of things. Go look at the code and
 # see. I have used this to produce interesting 
 # charts and graphs as well :->
 # 
 # I have not yet commited the tools to get and print
 # the logs, I will do that eventually .. before then
 # if you want them send me an email rrs@freebsd.org
 # You basically must have KTR enabled for these
 # and you then set the sysctl to turn on/off various
 # logging bits. Use ktrdump to pull the log and run
 # it through a dispaly program.. and graphs and other
 # things too.
 #
 options         SCTP_LOCK_LOGGING
 options         SCTP_MBUF_LOGGING
 options         SCTP_MBCNT_LOGGING
 options         SCTP_PACKET_LOGGING
 options         SCTP_LTRACE_CHUNKS
 options         SCTP_LTRACE_ERRORS
 
 
 # altq(9). Enable the base part of the hooks with the ALTQ option.
 # Individual disciplines must be built into the base system and can not be
 # loaded as modules at this point. ALTQ requires a stable TSC so if yours is
 # broken or changes with CPU throttling then you must also have the ALTQ_NOPCC
 # option.
 options         ALTQ
 options         ALTQ_CBQ        # Class Based Queueing
 options         ALTQ_RED        # Random Early Detection
 options         ALTQ_RIO        # RED In/Out
 options         ALTQ_HFSC       # Hierarchical Packet Scheduler
 options         ALTQ_CDNR       # Traffic conditioner
 options         ALTQ_PRIQ       # Priority Queueing
 options         ALTQ_NOPCC      # Required if the TSC is unusable
 options         ALTQ_DEBUG
 
 # netgraph(4). Enable the base netgraph code with the NETGRAPH option.
 # Individual node types can be enabled with the corresponding option
 # listed below; however, this is not strictly necessary as netgraph
 # will automatically load the corresponding KLD module if the node type
 # is not already compiled into the kernel. Each type below has a
 # corresponding man page, e.g., ng_async(8).
 options         NETGRAPH                # netgraph(4) system
 options         NETGRAPH_DEBUG          # enable extra debugging, this
                                         # affects netgraph(4) and nodes
 # Node types
 options         NETGRAPH_ASYNC
 options         NETGRAPH_ATMLLC
 options         NETGRAPH_ATM_ATMPIF
 options         NETGRAPH_BLUETOOTH              # ng_bluetooth(4)
 options         NETGRAPH_BLUETOOTH_BT3C         # ng_bt3c(4)
 options         NETGRAPH_BLUETOOTH_HCI          # ng_hci(4)
 options         NETGRAPH_BLUETOOTH_L2CAP        # ng_l2cap(4)
 options         NETGRAPH_BLUETOOTH_SOCKET       # ng_btsocket(4)
 options         NETGRAPH_BLUETOOTH_UBT          # ng_ubt(4)
 options         NETGRAPH_BLUETOOTH_UBTBCMFW     # ubtbcmfw(4)
 options         NETGRAPH_BPF
 options         NETGRAPH_BRIDGE
 options         NETGRAPH_CAR
 options         NETGRAPH_CISCO
 options         NETGRAPH_DEFLATE
 options         NETGRAPH_DEVICE
 options         NETGRAPH_ECHO
 options         NETGRAPH_EIFACE
 options         NETGRAPH_ETHER
 options         NETGRAPH_FEC
 options         NETGRAPH_FRAME_RELAY
 options         NETGRAPH_GIF
 options         NETGRAPH_GIF_DEMUX
 options         NETGRAPH_HOLE
 options         NETGRAPH_IFACE
 options         NETGRAPH_IP_INPUT
 options         NETGRAPH_IPFW
 options         NETGRAPH_KSOCKET
 options         NETGRAPH_L2TP
 options         NETGRAPH_LMI
 # MPPC compression requires proprietary files (not included)
 #options        NETGRAPH_MPPC_COMPRESSION
 options         NETGRAPH_MPPC_ENCRYPTION
 options         NETGRAPH_NETFLOW
 options         NETGRAPH_NAT
 options         NETGRAPH_ONE2MANY
 options         NETGRAPH_PPP
 options         NETGRAPH_PPPOE
 options         NETGRAPH_PPTPGRE
 options         NETGRAPH_PRED1
 options         NETGRAPH_RFC1490
 options         NETGRAPH_SOCKET
 options         NETGRAPH_SPLIT
 options         NETGRAPH_SPPP
 options         NETGRAPH_TAG
 options         NETGRAPH_TCPMSS
 options         NETGRAPH_TEE
 options         NETGRAPH_UI
 options         NETGRAPH_VJC
 
 # NgATM - Netgraph ATM
 options         NGATM_ATM
 options         NGATM_ATMBASE
 options         NGATM_SSCOP
 options         NGATM_SSCFU
 options         NGATM_UNI
 options         NGATM_CCATM
 
 device          mn      # Munich32x/Falc54 Nx64kbit/sec cards.
 
 #
 # Network interfaces:
 #  The `loop' device is MANDATORY when networking is enabled.
 #  The `ether' device provides generic code to handle
 #  Ethernets; it is MANDATORY when an Ethernet device driver is
 #  configured or token-ring is enabled.
 #  The `vlan' device implements the VLAN tagging of Ethernet frames
 #  according to IEEE 802.1Q.  It requires `device miibus'.
 #  The `wlan' device provides generic code to support 802.11
 #  drivers, including host AP mode; it is MANDATORY for the wi,
 #  and ath drivers and will eventually be required by all 802.11 drivers.
 #  The `wlan_wep', `wlan_tkip', and `wlan_ccmp' devices provide
 #  support for WEP, TKIP, and AES-CCMP crypto protocols optionally
 #  used with 802.11 devices that depend on the `wlan' module.
 #  The `wlan_xauth' device provides support for external (i.e. user-mode)
 #  authenticators for use with 802.11 drivers that use the `wlan'
 #  module and support 802.1x and/or WPA security protocols.
 #  The `wlan_acl' device provides a MAC-based access control mechanism
 #  for use with 802.11 drivers operating in ap mode and using the
 #  `wlan' module.
 #  The `fddi' device provides generic code to support FDDI.
 #  The `arcnet' device provides generic code to support Arcnet.
 #  The `sppp' device serves a similar role for certain types
 #  of synchronous PPP links (like `cx', `ar').
 #  The `sl' device implements the Serial Line IP (SLIP) service.
 #  The `ppp' device implements the Point-to-Point Protocol.
 #  The `bpf' device enables the Berkeley Packet Filter.  Be
 #  aware of the legal and administrative consequences of enabling this
 #  option.  The number of devices determines the maximum number of
 #  simultaneous BPF clients programs runnable.  DHCP requires bpf.
 #  The `disc' device implements a minimal network interface,
 #  which throws away all packets sent and never receives any.  It is
 #  included for testing and benchmarking purposes.
 #  The `edsc' device implements a minimal Ethernet interface,
 #  which discards all packets sent and receives none.
 #  The `tap' device is a pty-like virtual Ethernet interface
 #  The `tun' device implements (user-)ppp and nos-tun
 #  The `gif' device implements IPv6 over IP4 tunneling,
 #  IPv4 over IPv6 tunneling, IPv4 over IPv4 tunneling and
 #  IPv6 over IPv6 tunneling.
 #  The `gre' device implements two types of IP4 over IP4 tunneling:
 #  GRE and MOBILE, as specified in the RFC1701 and RFC2004.
 #  The XBONEHACK option allows the same pair of addresses to be configured on
 #  multiple gif interfaces.
 #  The `faith' device captures packets sent to it and diverts them
 #  to the IPv4/IPv6 translation daemon.
 #  The `stf' device implements 6to4 encapsulation.
 #  The `ef' device provides support for multiple ethernet frame types
 #  specified via ETHER_* options. See ef(4) for details.
 #
 # The pf packet filter consists of three devices:
 #  The `pf' device provides /dev/pf and the firewall code itself.
 #  The `pflog' device provides the pflog0 interface which logs packets.
 #  The `pfsync' device provides the pfsync0 interface used for
 #   synchronization of firewall state tables (over the net).
 #
 # The PPP_BSDCOMP option enables support for compress(1) style entire
 # packet compression, the PPP_DEFLATE is for zlib/gzip style compression.
 # PPP_FILTER enables code for filtering the ppp data stream and selecting
 # events for resetting the demand dial activity timer - requires bpf.
 # See pppd(8) for more details.
 #
 device          ether                   #Generic Ethernet
 device          vlan                    #VLAN support (needs miibus)
 device          wlan                    #802.11 support
 options         IEEE80211_DEBUG         #enable debugging msgs
 options         IEEE80211_AMPDU_AGE     #age frames in AMPDU reorder q's
 device          wlan_wep                #802.11 WEP support
 device          wlan_ccmp               #802.11 CCMP support
 device          wlan_tkip               #802.11 TKIP support
 device          wlan_xauth              #802.11 external authenticator support
 device          wlan_acl                #802.11 MAC ACL support
 device          wlan_amrr               #AMRR transmit rate control algorithm
 device          token                   #Generic TokenRing
 device          fddi                    #Generic FDDI
 device          arcnet                  #Generic Arcnet
 device          sppp                    #Generic Synchronous PPP
 device          loop                    #Network loopback device
 device          bpf                     #Berkeley packet filter
 device          disc                    #Discard device based on loopback
 device          edsc                    #Ethernet discard device
 device          tap                     #Virtual Ethernet driver
 device          tun                     #Tunnel driver (ppp(8), nos-tun(8))
 device          gre                     #IP over IP tunneling
 device          if_bridge               #Bridge interface
 device          pf                      #PF OpenBSD packet-filter firewall
 device          pflog                   #logging support interface for PF
 device          pfsync                  #synchronization interface for PF
 device          carp                    #Common Address Redundancy Protocol
 device          enc                     #IPsec interface
 device          lagg                    #Link aggregation interface
 
 device          ef                      # Multiple ethernet frames support
 options         ETHER_II                # enable Ethernet_II frame
 options         ETHER_8023              # enable Ethernet_802.3 (Novell) frame
 options         ETHER_8022              # enable Ethernet_802.2 frame
 options         ETHER_SNAP              # enable Ethernet_802.2/SNAP frame
 
 # for IPv6
 device          gif                     #IPv6 and IPv4 tunneling
 options         XBONEHACK
 device          faith                   #for IPv6 and IPv4 translation
 device          stf                     #6to4 IPv6 over IPv4 encapsulation
 
 #
 # Internet family options:
 #
 # MROUTING enables the kernel multicast packet forwarder, which works
 # with mrouted and XORP.
 #
 # IPFIREWALL enables support for IP firewall construction, in
 # conjunction with the `ipfw' program.  IPFIREWALL_VERBOSE sends
 # logged packets to the system logger.  IPFIREWALL_VERBOSE_LIMIT
 # limits the number of times a matching entry can be logged.
 #
 # WARNING:  IPFIREWALL defaults to a policy of "deny ip from any to any"
 # and if you do not add other rules during startup to allow access,
 # YOU WILL LOCK YOURSELF OUT.  It is suggested that you set firewall_type=open
 # in /etc/rc.conf when first enabling this feature, then refining the
 # firewall rules in /etc/rc.firewall after you've tested that the new kernel
 # feature works properly.
 #
 # IPFIREWALL_DEFAULT_TO_ACCEPT causes the default rule (at boot) to
 # allow everything.  Use with care, if a cracker can crash your
 # firewall machine, they can get to your protected machines.  However,
 # if you are using it as an as-needed filter for specific problems as
 # they arise, then this may be for you.  Changing the default to 'allow'
 # means that you won't get stuck if the kernel and /sbin/ipfw binary get
 # out of sync.
 #
 # IPDIVERT enables the divert IP sockets, used by ``ipfw divert''.  It
 # depends on IPFIREWALL if compiled into the kernel.
 #
 # IPFIREWALL_FORWARD enables changing of the packet destination either
 # to do some sort of policy routing or transparent proxying.  Used by
 # ``ipfw forward''. All  redirections apply to locally generated
 # packets too.  Because of this great care is required when
 # crafting the ruleset.
 #
 # IPFIREWALL_NAT adds support for in kernel nat in ipfw, and it requires
 # LIBALIAS.
 #
 # IPSTEALTH enables code to support stealth forwarding (i.e., forwarding
 # packets without touching the TTL).  This can be useful to hide firewalls
 # from traceroute and similar tools.
 #
 # TCPDEBUG enables code which keeps traces of the TCP state machine
 # for sockets with the SO_DEBUG option set, which can then be examined
 # using the trpt(8) utility.
 #
 options         MROUTING                # Multicast routing
 options         IPFIREWALL              #firewall
 options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
 options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
 options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
 options         IPFIREWALL_FORWARD      #packet destination changes
 options         IPFIREWALL_NAT          #ipfw kernel nat support
 options         IPDIVERT                #divert sockets
 options         IPFILTER                #ipfilter support
 options         IPFILTER_LOG            #ipfilter logging
 options         IPFILTER_LOOKUP         #ipfilter pools
 options         IPFILTER_DEFAULT_BLOCK  #block all packets by default
 options         IPSTEALTH               #support for stealth forwarding
 options         TCPDEBUG
 
 # The MBUF_STRESS_TEST option enables options which create
 # various random failures / extreme cases related to mbuf
 # functions.  See mbuf(9) for a list of available test cases.
 # MBUF_PROFILING enables code to profile the mbuf chains
 # exiting the system (via participating interfaces) and
 # return a logarithmic histogram of monitored parameters
 # (e.g. packet size, wasted space, number of mbufs in chain).
 options         MBUF_STRESS_TEST
 options         MBUF_PROFILING
 
 # Statically Link in accept filters
 options         ACCEPT_FILTER_DATA
 options         ACCEPT_FILTER_DNS
 options         ACCEPT_FILTER_HTTP
 
 # TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are
 # carried in TCP option 19. This option is commonly used to protect
 # TCP sessions (e.g. BGP) where IPSEC is not available nor desirable.
 # This is enabled on a per-socket basis using the TCP_MD5SIG socket option.
 # This requires the use of 'device crypto', 'options IPSEC'
 # or 'device cryptodev'.
 options         TCP_SIGNATURE           #include support for RFC 2385
 
 # DUMMYNET enables the "dummynet" bandwidth limiter.  You need IPFIREWALL
 # as well.  See dummynet(4) and ipfw(8) for more info.  When you run
 # DUMMYNET it is advisable to also have at least "options HZ=1000" to achieve
 # a smooth scheduling of the traffic.
 options         DUMMYNET
 
 # Zero copy sockets support.  This enables "zero copy" for sending and
 # receiving data via a socket.  The send side works for any type of NIC,
 # the receive side only works for NICs that support MTUs greater than the
 # page size of your architecture and that support header splitting.  See
 # zero_copy(9) for more details.
 options         ZERO_COPY_SOCKETS
 
 
 #####################################################################
 # FILESYSTEM OPTIONS
 
 #
 # Only the root, /usr, and /tmp filesystems need be statically
 # compiled; everything else will be automatically loaded at mount
 # time.  (Exception: the UFS family--- FFS --- cannot
 # currently be demand-loaded.)  Some people still prefer to statically
 # compile other filesystems as well.
 #
 # NB: The PORTAL filesystem is known to be buggy, and WILL panic your
 # system if you attempt to do anything with it.  It is included here
 # as an incentive for some enterprising soul to sit down and fix it.
 # The UNION filesystem was known to be buggy in the past.  It is now
 # being actively maintained, although there are still some issues being
 # resolved.
 #
 
 # One of these is mandatory:
 options         FFS                     #Fast filesystem
 options         NFSCLIENT               #Network File System client
 
 # The rest are optional:
 options         CD9660                  #ISO 9660 filesystem
 options         FDESCFS                 #File descriptor filesystem
 options         HPFS                    #OS/2 File system
 options         MSDOSFS                 #MS DOS File System (FAT, FAT32)
 options         NFSSERVER               #Network File System server
 options         NFSLOCKD                #Network Lock Manager
 options         NTFS                    #NT File System
 options         NULLFS                  #NULL filesystem
 # Broken (depends on NCP):
 #options        NWFS                    #NetWare filesystem
 options         PORTALFS                #Portal filesystem
 options         PROCFS                  #Process filesystem (requires PSEUDOFS)
 options         PSEUDOFS                #Pseudo-filesystem framework
 options         PSEUDOFS_TRACE          #Debugging support for PSEUDOFS
 options         SMBFS                   #SMB/CIFS filesystem
 options         UDF                     #Universal Disk Format
 options         UNIONFS                 #Union filesystem
 # The xFS_ROOT options REQUIRE the associated ``options xFS''
 options         NFS_ROOT                #NFS usable as root device
 
 # Soft updates is a technique for improving filesystem speed and
 # making abrupt shutdown less risky.
 #
 options         SOFTUPDATES
 
 # Extended attributes allow additional data to be associated with files,
 # and is used for ACLs, Capabilities, and MAC labels.
 # See src/sys/ufs/ufs/README.extattr for more information.
 options         UFS_EXTATTR
 options         UFS_EXTATTR_AUTOSTART
 
 # Access Control List support for UFS filesystems.  The current ACL
 # implementation requires extended attribute support, UFS_EXTATTR,
 # for the underlying filesystem.
 # See src/sys/ufs/ufs/README.acls for more information.
 options         UFS_ACL
 
 # Directory hashing improves the speed of operations on very large
 # directories at the expense of some memory.
 options         UFS_DIRHASH
 
 # Gjournal-based UFS journaling support.
 options         UFS_GJOURNAL
 
 # Make space in the kernel for a root filesystem on a md device.
 # Define to the number of kilobytes to reserve for the filesystem.
 options         MD_ROOT_SIZE=10
 
 # Make the md device a potential root device, either with preloaded
 # images of type mfs_root or md_root.
 options         MD_ROOT
 
 # Disk quotas are supported when this option is enabled.
 options         QUOTA                   #enable disk quotas
 
 # If you are running a machine just as a fileserver for PC and MAC
 # users, using SAMBA or Netatalk, you may consider setting this option
 # and keeping all those users' directories on a filesystem that is
 # mounted with the suiddir option. This gives new files the same
 # ownership as the directory (similar to group). It's a security hole
 # if you let these users run programs, so confine it to file-servers
 # (but it'll save you lots of headaches in those cases). Root owned
 # directories are exempt and X bits are cleared. The suid bit must be
 # set on the directory as well; see chmod(1) PC owners can't see/set
 # ownerships so they keep getting their toes trodden on. This saves
 # you all the support calls as the filesystem it's used on will act as
 # they expect: "It's my dir so it must be my file".
 #
 options         SUIDDIR
 
 # NFS options:
 options         NFS_MINATTRTIMO=3       # VREG attrib cache timeout in sec
 options         NFS_MAXATTRTIMO=60
 options         NFS_MINDIRATTRTIMO=30   # VDIR attrib cache timeout in sec
 options         NFS_MAXDIRATTRTIMO=60
 options         NFS_GATHERDELAY=10      # Default write gather delay (msec)
 options         NFS_WDELAYHASHSIZ=16    # and with this
 options         NFS_DEBUG               # Enable NFS Debugging
 
 # Coda stuff:
 options         CODA                    #CODA filesystem.
 device          vcoda                   #coda minicache <-> venus comm.
 # Use the old Coda 5.x venus<->kernel interface instead of the new
 # realms-aware 6.x protocol.
 #options        CODA_COMPAT_5
 
 #
 # Add support for the EXT2FS filesystem of Linux fame.  Be a bit
 # careful with this - the ext2fs code has a tendency to lag behind
 # changes and not be exercised very much, so mounting read/write could
 # be dangerous (and even mounting read only could result in panics.)
 #
 options         EXT2FS
 
 #
 # Add support for the ReiserFS filesystem (used in Linux). Currently,
 # this is limited to read-only access.
 #
 options         REISERFS
 
 #
 # Add support for the SGI XFS filesystem. Currently,
 # this is limited to read-only access.
 #
 options         XFS
 
 # Use real implementations of the aio_* system calls.  There are numerous
 # stability and security issues in the current aio code that make it
 # unsuitable for inclusion on machines with untrusted local users.
 options         VFS_AIO
 
 # Cryptographically secure random number generator; /dev/random
 device          random
 
 # The system memory devices; /dev/mem, /dev/kmem
 device          mem
 
 # Optional character code conversion support with LIBICONV.
 # Each option requires their base file system and LIBICONV.
 options         CD9660_ICONV
 options         MSDOSFS_ICONV
 options         NTFS_ICONV
 options         UDF_ICONV
 
 
 #####################################################################
 # POSIX P1003.1B
 
 # Real time extensions added in the 1993 POSIX
 # _KPOSIX_PRIORITY_SCHEDULING: Build in _POSIX_PRIORITY_SCHEDULING
 
 options         _KPOSIX_PRIORITY_SCHEDULING
 # p1003_1b_semaphores are very experimental,
 # user should be ready to assist in debugging if problems arise.
 options         P1003_1B_SEMAPHORES
 
 # POSIX message queue
 options         P1003_1B_MQUEUE
 
 #####################################################################
 # SECURITY POLICY PARAMETERS
 
 # Support for BSM audit
 options         AUDIT
 
 # Support for Mandatory Access Control (MAC):
 options         MAC
 options         MAC_BIBA
 options         MAC_BSDEXTENDED
 options         MAC_IFOFF
 options         MAC_LOMAC
 options         MAC_MLS
 options         MAC_NONE
 options         MAC_PARTITION
 options         MAC_PORTACL
 options         MAC_SEEOTHERUIDS
 options         MAC_STUB
 options         MAC_TEST
 
 
 #####################################################################
 # CLOCK OPTIONS
 
 # The granularity of operation is controlled by the kernel option HZ whose
 # default value (1000 on most architectures) means a granularity of 1ms
 # (1s/HZ).  Historically, the default was 100, but finer granularity is
 # required for DUMMYNET and other systems on modern hardware.  There are
 # reasonable arguments that HZ should, in fact, be 100 still; consider,
 # that reducing the granularity too much might cause excessive overhead in
 # clock interrupt processing, potentially causing ticks to be missed and thus
 # actually reducing the accuracy of operation.
 
 options         HZ=100
 
 # Enable support for the kernel PLL to use an external PPS signal,
 # under supervision of [x]ntpd(8)
 # More info in ntpd documentation: http://www.eecis.udel.edu/~ntp
 
 options         PPS_SYNC
 
 
 #####################################################################
 # SCSI DEVICES
 
 # SCSI DEVICE CONFIGURATION
 
 # The SCSI subsystem consists of the `base' SCSI code, a number of
 # high-level SCSI device `type' drivers, and the low-level host-adapter
 # device drivers.  The host adapters are listed in the ISA and PCI
 # device configuration sections below.
 #
 # It is possible to wire down your SCSI devices so that a given bus,
 # target, and LUN always come on line as the same device unit.  In
 # earlier versions the unit numbers were assigned in the order that
 # the devices were probed on the SCSI bus.  This means that if you
 # removed a disk drive, you may have had to rewrite your /etc/fstab
 # file, and also that you had to be careful when adding a new disk
 # as it may have been probed earlier and moved your device configuration
 # around.  (See also option GEOM_VOL for a different solution to this
 # problem.)
 
 # This old behavior is maintained as the default behavior.  The unit
 # assignment begins with the first non-wired down unit for a device
 # type.  For example, if you wire a disk as "da3" then the first
 # non-wired disk will be assigned da4.
 
 # The syntax for wiring down devices is:
 
 hint.scbus.0.at="ahc0"
 hint.scbus.1.at="ahc1"
 hint.scbus.1.bus="0"
 hint.scbus.3.at="ahc2"
 hint.scbus.3.bus="0"
 hint.scbus.2.at="ahc2"
 hint.scbus.2.bus="1"
 hint.da.0.at="scbus0"
 hint.da.0.target="0"
 hint.da.0.unit="0"
 hint.da.1.at="scbus3"
 hint.da.1.target="1"
 hint.da.2.at="scbus2"
 hint.da.2.target="3"
 hint.sa.1.at="scbus1"
 hint.sa.1.target="6"
 
 # "units" (SCSI logical unit number) that are not specified are
 # treated as if specified as LUN 0.
 
 # All SCSI devices allocate as many units as are required.
 
 # The ch driver drives SCSI Media Changer ("jukebox") devices.
 #
 # The da driver drives SCSI Direct Access ("disk") and Optical Media
 # ("WORM") devices.
 #
 # The sa driver drives SCSI Sequential Access ("tape") devices.
 #
 # The cd driver drives SCSI Read Only Direct Access ("cd") devices.
 #
 # The ses driver drives SCSI Environment Services ("ses") and
 # SAF-TE ("SCSI Accessible Fault-Tolerant Enclosure") devices.
 #
 # The pt driver drives SCSI Processor devices.
 #
 # The sg driver provides a passthrough API that is compatible with the
 # Linux SG driver.  It will work in conjunction with the COMPAT_LINUX
 # option to run linux SG apps.  It can also stand on its own and provide
 # source level API compatiblity for porting apps to FreeBSD.
 #
 # Target Mode support is provided here but also requires that a SIM
 # (SCSI Host Adapter Driver) provide support as well.
 #
 # The targ driver provides target mode support as a Processor type device.
 # It exists to give the minimal context necessary to respond to Inquiry
 # commands. There is a sample user application that shows how the rest
 # of the command support might be done in /usr/share/examples/scsi_target.
 #
 # The targbh driver provides target mode support and exists to respond
 # to incoming commands that do not otherwise have a logical unit assigned
 # to them.
 #
 # The "unknown" device (uk? in pre-2.0.5) is now part of the base SCSI
 # configuration as the "pass" driver.
 
 device          scbus           #base SCSI code
 device          ch              #SCSI media changers
 device          da              #SCSI direct access devices (aka disks)
 device          sa              #SCSI tapes
 device          cd              #SCSI CD-ROMs
 device          ses             #SCSI Environmental Services (and SAF-TE)
 device          pt              #SCSI processor
 device          targ            #SCSI Target Mode Code
 device          targbh          #SCSI Target Mode Blackhole Device
 device          pass            #CAM passthrough driver
 device          sg              #Linux SCSI passthrough
 
 # CAM OPTIONS:
 # debugging options:
 # -- NOTE --  If you specify one of the bus/target/lun options, you must
 #             specify them all!
 # CAMDEBUG: When defined enables debugging macros
 # CAM_DEBUG_BUS:  Debug the given bus.  Use -1 to debug all busses.
 # CAM_DEBUG_TARGET:  Debug the given target.  Use -1 to debug all targets.
 # CAM_DEBUG_LUN:  Debug the given lun.  Use -1 to debug all luns.
 # CAM_DEBUG_FLAGS:  OR together CAM_DEBUG_INFO, CAM_DEBUG_TRACE,
 #                   CAM_DEBUG_SUBTRACE, and CAM_DEBUG_CDB
 #
 # CAM_MAX_HIGHPOWER: Maximum number of concurrent high power (start unit) cmds
 # SCSI_NO_SENSE_STRINGS: When defined disables sense descriptions
 # SCSI_NO_OP_STRINGS: When defined disables opcode descriptions
 # SCSI_DELAY: The number of MILLISECONDS to freeze the SIM (scsi adapter)
 #             queue after a bus reset, and the number of milliseconds to
 #             freeze the device queue after a bus device reset.  This
 #             can be changed at boot and runtime with the
 #             kern.cam.scsi_delay tunable/sysctl.
 options         CAMDEBUG
 options         CAM_DEBUG_BUS=-1
 options         CAM_DEBUG_TARGET=-1
 options         CAM_DEBUG_LUN=-1
 options         CAM_DEBUG_FLAGS=(CAM_DEBUG_INFO|CAM_DEBUG_TRACE|CAM_DEBUG_CDB)
 options         CAM_MAX_HIGHPOWER=4
 options         SCSI_NO_SENSE_STRINGS
 options         SCSI_NO_OP_STRINGS
 options         SCSI_DELAY=5000 # Be pessimistic about Joe SCSI device
 
 # Options for the CAM CDROM driver:
 # CHANGER_MIN_BUSY_SECONDS: Guaranteed minimum time quantum for a changer LUN
 # CHANGER_MAX_BUSY_SECONDS: Maximum time quantum per changer LUN, only
 #                           enforced if there is I/O waiting for another LUN
 # The compiled in defaults for these variables are 2 and 10 seconds,
 # respectively.
 #
 # These can also be changed on the fly with the following sysctl variables:
 # kern.cam.cd.changer.min_busy_seconds
 # kern.cam.cd.changer.max_busy_seconds
 #
 options         CHANGER_MIN_BUSY_SECONDS=2
 options         CHANGER_MAX_BUSY_SECONDS=10
 
 # Options for the CAM sequential access driver:
 # SA_IO_TIMEOUT: Timeout for read/write/wfm  operations, in minutes
 # SA_SPACE_TIMEOUT: Timeout for space operations, in minutes
 # SA_REWIND_TIMEOUT: Timeout for rewind operations, in minutes
 # SA_ERASE_TIMEOUT: Timeout for erase operations, in minutes
 # SA_1FM_AT_EOD: Default to model which only has a default one filemark at EOT.
 options         SA_IO_TIMEOUT=4
 options         SA_SPACE_TIMEOUT=60
 options         SA_REWIND_TIMEOUT=(2*60)
 options         SA_ERASE_TIMEOUT=(4*60)
 options         SA_1FM_AT_EOD
 
 # Optional timeout for the CAM processor target (pt) device
 # This is specified in seconds.  The default is 60 seconds.
 options         SCSI_PT_DEFAULT_TIMEOUT=60
 
 # Optional enable of doing SES passthrough on other devices (e.g., disks)
 #
 # Normally disabled because a lot of newer SCSI disks report themselves
 # as having SES capabilities, but this can then clot up attempts to build
 # build a topology with the SES device that's on the box these drives
 # are in....
 options         SES_ENABLE_PASSTHROUGH
 
 
 #####################################################################
 # MISCELLANEOUS DEVICES AND OPTIONS
 
 device          pty             #BSD-style compatibility pseudo ttys
 device          nmdm            #back-to-back tty devices
 device          md              #Memory/malloc disk
 device          snp             #Snoop device - to look at pty/vty/etc..
 device          ccd             #Concatenated disk driver
 device          firmware        #firmware(9) support
 
 # Kernel side iconv library
 options         LIBICONV
 
 # Size of the kernel message buffer.  Should be N * pagesize.
 options         MSGBUF_SIZE=40960
 
 
 #####################################################################
 # HARDWARE DEVICE CONFIGURATION
 
 # For ISA the required hints are listed.
 # EISA, MCA, PCI, CardBus, SD/MMC and pccard are self identifying buses, so
 # no hints are needed.
 
 #
 # Mandatory devices:
 #
 
 # These options are valid for other keyboard drivers as well.
 options         KBD_DISABLE_KEYMAP_LOAD # refuse to load a keymap
 options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev
 
 options         FB_DEBUG                # Frame buffer debugging
 
 device          splash                  # Splash screen and screen saver support
 
 # Various screen savers.
 device          blank_saver
 device          daemon_saver
 device          dragon_saver
 device          fade_saver
 device          fire_saver
 device          green_saver
 device          logo_saver
 device          rain_saver
 device          snake_saver
 device          star_saver
 device          warp_saver
 
 # The syscons console driver (SCO color console compatible).
 device          sc
 hint.sc.0.at="isa"
 options         MAXCONS=16              # number of virtual consoles
 options         SC_ALT_MOUSE_IMAGE      # simplified mouse cursor in text mode
 options         SC_DFLT_FONT            # compile font in
 makeoptions     SC_DFLT_FONT=cp850
 options         SC_DISABLE_KDBKEY       # disable `debug' key
 options         SC_DISABLE_REBOOT       # disable reboot key sequence
 options         SC_HISTORY_SIZE=200     # number of history buffer lines
 options         SC_MOUSE_CHAR=0x3       # char code for text mode mouse cursor
 options         SC_PIXEL_MODE           # add support for the raster text mode
 
 # The following options will let you change the default colors of syscons.
 options         SC_NORM_ATTR=(FG_GREEN|BG_BLACK)
 options         SC_NORM_REV_ATTR=(FG_YELLOW|BG_GREEN)
 options         SC_KERNEL_CONS_ATTR=(FG_RED|BG_BLACK)
 options         SC_KERNEL_CONS_REV_ATTR=(FG_BLACK|BG_RED)
 
 # The following options will let you change the default behaviour of
 # cut-n-paste feature
 options         SC_CUT_SPACES2TABS      # convert leading spaces into tabs
 options         SC_CUT_SEPCHARS=\"x09\" # set of characters that delimit words
                                         # (default is single space - \"x