mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-12-04 05:58:57 +00:00
542970fa2d
Having IPSEC compiled into the kernel imposes a non-trivial performance penalty on multi-threaded workloads due to IPSEC refcounting. In my benchmarks of multi-threaded UDP transmit (connected sockets), I've seen a roughly 20% performance penalty when the IPSEC option is included in the kernel (16.8Mpps vs 13.8Mpps with 32 senders on a 14 core / 28 HTT Xeon 2697v3)). This is largely due to key_addref() incrementing and decrementing an atomic reference count on the default policy. This cause all CPUs to stall on the same cacheline, as it bounces between different CPUs. Given that relatively few users use ipsec, and that it can be loaded as a module, it seems reasonable to ask those users to load the ipsec module so as to avoid imposing this penalty on the GENERIC kernel. Its my hope that this will make FreeBSD look better in "out of the box" benchmark comparisons with other operating systems. Many thanks to ae for fixing auto-loading of ipsec.ko when ifconfig tries to configure ipsec, and to cy for volunteering to ensure the the racoon ports will load the ipsec.ko module Reviewed by: cem, cy, delphij, gnn, jhb, jpaetzel Differential Revision: https://reviews.freebsd.org/D20163
158 lines
5.8 KiB
Plaintext
158 lines
5.8 KiB
Plaintext
#
|
|
# GENERIC -- Generic kernel configuration file for FreeBSD/RISC-V
|
|
#
|
|
# For more information on this file, please read the config(5) manual page,
|
|
# and/or the handbook section on Kernel Configuration Files:
|
|
#
|
|
# https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
|
|
#
|
|
# The handbook is also available locally in /usr/share/doc/handbook
|
|
# if you've installed the doc distribution, otherwise always see the
|
|
# FreeBSD World Wide Web server (https://www.FreeBSD.org/) for the
|
|
# latest information.
|
|
#
|
|
# An exhaustive list of options and more detailed explanations of the
|
|
# device lines is also present in the ../../conf/NOTES and NOTES files.
|
|
# If you are in doubt as to the purpose or necessity of a line, check first
|
|
# in NOTES.
|
|
#
|
|
# $FreeBSD$
|
|
|
|
cpu RISCV
|
|
ident GENERIC
|
|
|
|
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
|
|
# makeoptions WITH_CTF=1 # Run ctfconvert(1) for DTrace support
|
|
|
|
# FIXME: linker error. "--relax and -r may not be used together"
|
|
makeoptions WITHOUT_MODULES="usb otusfw mwlfw ispfw mwlfw ralfw rtwnfw"
|
|
# makeoptions NO_MODULES
|
|
|
|
options SCHED_ULE # ULE scheduler
|
|
options PREEMPTION # Enable kernel thread preemption
|
|
options VIMAGE # Subsystem virtualization, e.g. VNET
|
|
options INET # InterNETworking
|
|
options INET6 # IPv6 communications protocols
|
|
options TCP_HHOOK # hhook(9) framework for TCP
|
|
options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5
|
|
options TCP_OFFLOAD # TCP offload
|
|
options SCTP # Stream Control Transmission Protocol
|
|
options FFS # Berkeley Fast Filesystem
|
|
options SOFTUPDATES # Enable FFS soft updates support
|
|
options UFS_ACL # Support for access control lists
|
|
options UFS_DIRHASH # Improve performance on big directories
|
|
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
|
|
options QUOTA # Enable disk quotas for UFS
|
|
options NFSCL # Network Filesystem Client
|
|
options NFSD # Network Filesystem Server
|
|
options NFSLOCKD # Network Lock Manager
|
|
options NFS_ROOT # NFS usable as /, requires NFSCL
|
|
options MSDOSFS # MSDOS Filesystem
|
|
options CD9660 # ISO 9660 Filesystem
|
|
options PROCFS # Process filesystem (requires PSEUDOFS)
|
|
options PSEUDOFS # Pseudo-filesystem framework
|
|
options GEOM_PART_GPT # GUID Partition Tables.
|
|
# options GEOM_RAID # Soft RAID functionality.
|
|
options GEOM_LABEL # Provides labelization
|
|
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
|
|
options KTRACE # ktrace(1) support
|
|
# options STACK # stack(9) support
|
|
options SYSVSHM # SYSV-style shared memory
|
|
options SYSVMSG # SYSV-style message queues
|
|
options SYSVSEM # SYSV-style semaphores
|
|
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
|
|
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
|
|
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
|
|
# options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
|
|
options AUDIT # Security event auditing
|
|
options CAPABILITY_MODE # Capsicum capability mode
|
|
options CAPABILITIES # Capsicum capabilities
|
|
options MAC # TrustedBSD MAC Framework
|
|
options KDTRACE_FRAME # Ensure frames are compiled in
|
|
options KDTRACE_HOOKS # Kernel DTrace hooks
|
|
options FPE # Floating-point extension support
|
|
options RACCT # Resource accounting framework
|
|
options RACCT_DEFAULT_TO_DISABLED # Set kern.racct.enable=0 by default
|
|
options RCTL # Resource limits
|
|
options SMP
|
|
options INTRNG
|
|
|
|
# RISC-V SBI console
|
|
device rcons
|
|
|
|
# VirtIO support
|
|
device virtio # Generic VirtIO bus (required)
|
|
device virtio_pci # VirtIO PCI device
|
|
device vtnet # VirtIO Ethernet device
|
|
device virtio_blk # VirtIO Block device
|
|
device virtio_mmio # VirtIO MMIO bus
|
|
|
|
# DTrace support
|
|
# device dtrace
|
|
# device dtrace_profile
|
|
# device dtrace_sdt
|
|
# device dtrace_fbt
|
|
# device dtrace_systrace
|
|
# device dtrace_prototype
|
|
# device dtraceall
|
|
|
|
# Serial (COM) ports
|
|
device uart # Generic UART driver
|
|
device uart_lowrisc # lowRISC UART driver
|
|
device uart_ns8250 # ns8250-type UART driver
|
|
|
|
|
|
# Ethernet drivers
|
|
device miibus # MII bus support
|
|
device cgem # Cadence Gigabit Ethernet MAC
|
|
device xae # Xilinx AXI Ethernet MAC
|
|
|
|
# DMA support
|
|
device xdma # DMA interface
|
|
device axidma # Xilinx AXI DMA Controller
|
|
|
|
# Uncomment for memory disk
|
|
# options MD_ROOT
|
|
# options MD_ROOT_SIZE=32768 # 32MB ram disk
|
|
# makeoptions MFS_IMAGE=/path/to/img
|
|
# options ROOTDEVNAME=\"ufs:/dev/md0\"
|
|
|
|
# Uncomment for virtio block device
|
|
# options ROOTDEVNAME=\"ufs:/dev/vtbd0\"
|
|
|
|
# Debugging support. Always need this:
|
|
options KDB # Enable kernel debugger support.
|
|
options KDB_TRACE # Print a stack trace for a panic.
|
|
# For full debugger support use (turn off in stable branch):
|
|
options DDB # Support DDB.
|
|
# options GDB # Support remote GDB.
|
|
options DEADLKRES # Enable the deadlock resolver
|
|
options INVARIANTS # Enable calls of extra sanity checking
|
|
options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS
|
|
options WITNESS # Enable checks to detect deadlocks and cycles
|
|
# options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed
|
|
options MALLOC_DEBUG_MAXZONES=8 # Separate malloc(9) zones
|
|
# options EARLY_PRINTF
|
|
options VERBOSE_SYSINIT=0 # Support debug.verbose_sysinit, off by default
|
|
|
|
# Kernel dump features.
|
|
options ZSTDIO # zstd-compressed kernel and user dumps
|
|
|
|
# Pseudo devices.
|
|
device crypto # core crypto support
|
|
device loop # Network loopback
|
|
device random # Entropy device
|
|
device ether # Ethernet support
|
|
device vlan # 802.1Q VLAN support
|
|
device tuntap # Packet tunnel.
|
|
device md # Memory "disks"
|
|
device gif # IPv6 and IPv4 tunneling
|
|
device firmware # firmware assist module
|
|
|
|
# The `bpf' device enables the Berkeley Packet Filter.
|
|
# Be aware of the administrative consequences of enabling this!
|
|
# Note that 'bpf' is required for DHCP.
|
|
device bpf # Berkeley packet filter
|
|
|
|
options FDT
|