I've thought that it's kinda helpful to share with others interesting parts of your kernel's configs. Especially with comments!

Let's start with me
#Yeah, project evil, but it works with my WiFi
options NDISAPI
device ndis

#IPFW
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
#By default it's deny so i prefer to add this to kernel in case i forgot to add rule in config to be able to connect after restart.
options IPFIREWALL_DEFAULT_TO_ACCEPT
#Forwarding, divert and shaping. Useful for gateways
options IPFIREWALL_FORWARD
options IPDIVERT
options DUMMYNET

#This is allows me to use big resolution in console
#line
# allscreens_flags="-g 132x60 MODE_279"
#in /etc/rc.conf
options VESA
options SC_PIXEL_MODE

#Disables Ctrl+Alt+Del reboot
options SC_DISABLE_REBOOT
#changes default console colors
options SC_NORM_ATTR=(FG_GREEN|BG_BLACK)
options SC_KERNEL_CONS_ATTR=(FG_YELLOW|BG_BLACK)
#Allows veeeeery long scroll on console
options SC_HISTORY_SIZE=8192

#This is for FAST_IPSEC
device crypto
device cryptodev
options IPSEC

#Various pseudo interfaces very usefull for servers
device vlan
device tap #Virtual Ethernet driver
device gre #IP over IP tunneling
device if_bridge #Bridge interface
device carp #Common Address Redundancy Protocol
device enc #IPsec interface
device lagg #Link aggregation interface

#Yes, Use two firewalls. i.ve just love pf's NAT
device pf #PF OpenBSD packet-filter firewall
device pflog #logging support interface for PF
#Synchronization between redundant firewalls with carp
device pfsync #synchronization interface for PF

#ALTQ for pf
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_PRIQ

#Good for http servers. See tuning(7) to know how to use it.
options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP


#NetGraph for VPN server/client
options NETGRAPH
options NETGRAPH_BPF
options NETGRAPH_IFACE
options NETGRAPH_KSOCKET
options NETGRAPH_MPPC_ENCRYPTION
options NETGRAPH_PPP
options NETGRAPH_PPTPGRE
options NETGRAPH_SOCKET
options NETGRAPH_TCPMSS

#This is for polling(4)
options HZ=1000
options DEVICE_POLLING

PS. May be create thread with some useful sysctl's with comments?

Many of that settings do not need custom kernel ....


Less is more:

cpu I686_CPU
ident kernel

options SCHED_ULE
options PREEMPTION
options INET
options INET6
options SCTP
options FFS
options SOFTUPDATES
options UFS_ACL
options UFS_DIRHASH
options UFS_GJOURNAL
options COMPAT_FREEBSD4
options COMPAT_FREEBSD5
options COMPAT_FREEBSD6
options COMPAT_FREEBSD7
options SCSI_DELAY=5000
options _KPOSIX_PRIORITY_SCHEDULING
options KBD_INSTALL_CDEV
options STOP_NMI

options SMP
device apic

device eisa
device pci

device atkbdc
device atkbd
device psm

device vga

device sc

device pmtimer
device loop
device ether
device tun
device pty
device md
device gif
device faith

device bpf

nodevice io
nodevice mem

PS. May be create thread with some useful sysctl's with comments?

Please take a look at this project proposal: http://www.freebsd.org/projects/ideas/#p-docsysctl

The sysctls should be documented in the base system, not a forum.

Please take a look at this project proposal: http://www.freebsd.org/projects/ideas/#p-docsysctl

The sysctls should be documented in the base system, not a forum.

yeh, thanks for link, but i meant something like performance tuning sysctls that i have on almost every my highload servers.

kern.ipc.somaxconn=4096
kern.ipc.shmmax=2147483648
kern.ipc.shmall=32768
kern.maxfiles=204800
kern.maxfilesperproc=200000
kern.maxvnodes=200000
kern.ipc.nmbclusters=200000
net.inet.tcp.recvspace=8192
net.inet.tcp.sendspace=16384
net.inet.ip.portrange.first=1024
net.inet.ip.portrange.last=65535
net.inet.udp.blackhole=1
net.inet.tcp.blackhole=2
net.inet.tcp.msl=3000
net.inet.tcp.maxtcptw=40960
net.inet.tcp.nolocaltimewait=1
net.inet.ip.redirect=0
net.inet.icmp.maskrepl=1
net.inet.icmp.drop_redirect=1
net.inet.ip.forwarding=1
net.inet.ip.fastforwarding=1

Please take a look at this project proposal: http://www.freebsd.org/projects/ideas/#p-docsysctl

The sysctls should be documented in the base system, not a forum.

That's a slightly different proposal, though - this would be about "sysctl x y and z are worth looking at", while that project is about providing answers to "what does sysctl x do".

The latter isn't very useful if you don't know about sysctl x in the first place, and that's what a forum thread could be useful for.

killabsd:
cpu I686_CPU
ident killabsd

options SMP # Symmetric MultiProcessor Kernel
device apic # I/O APIC


options MD_ROOT
device md

options SCHED_ULE # FreeBSD new sheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
#options INET6
options FFS # Berkeley Fast Filesystem
#options NTFS
options SOFTUPDATES # Enable FFS soft updates support
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options UDF
options LIBICONV
options CD9660_ICONV
options MSDOSFS_ICONV
#options NTFS_ICONV
options GEOM_LABEL # Provides labelization
options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!]
#options COMPAT_FREEBSD5
#options COMPAT_FREEBSD4
options COMPAT_FREEBSD6
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options STOP_NMI # Stop CPUS using NMI instead of IPI
options AUDIT # Security event auditing

device npx

device pci

device ata
device atadisk # ATA disk drives
device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
options ATA_STATIC_ID # Static device numbering

device scbus # SCSI bus (required for SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)

device atkbdc # AT keyboard controller
device atkbd # AT keyboard

device vga # VGA video card driver

device sc
options SC_ALT_MOUSE_IMAGE
options SC_MOUSE_CHAR=0x3
options SC_HISTORY_SIZE=500

options VESA
options SC_PIXEL_MODE

device pmtimer

device miibus # MII bus support
device rl # RealTek 8129/8139
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device pty # Pseudo-ttys (telnet etc)
#device gif # IPv6 and IPv4 tunneling
#device faith # IPv6-to-IPv4 relaying (translation)
device firmware # firmware assist module

device bpf # Berkeley packet filter

device uhci # UHCI PCI->USB interface
#device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
device ugen # Generic
device uhid # "Human Interface Devices"
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse

#device firewire # FireWire bus code
#device sbp # SCSI over FireWire (Requires scbus and da)

device sound
device snd_ich

options GEOM_ELI
device crypto

device splash





sysctl.conf
security.bsd.see_other_uids=0

kern.coredump=0

#net.inet.tcp.delayed_ack=0
#kern.ipc.maxsockbuf=2097152
#kern.ipc.somaxconn=512
#kern.maxfiles=65536
#kern.maxfilesperproc=32768
#net.inet.tcp.sendspace=65535
#net.inet.tcp.recvspace=65535
#net.inet.udp.recvspace=65535
#net.inet.udp.maxdgram=57344
#net.local.stream.recvspace=65535
#net.local.stream.sendspace=65535
#kern.ipc.nmbclusters=65535

vfs.usermount=1

net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.ip.random_id=1

among commented lines in sysctl.conf something caused my rtorrent to make FreeBSD to lag when downloading at medium and high speed.

I've never seen the sense in ``optimized custom kernels''.

There is performance improvement vs. the GENERIC kernel, and additional modules can be loaded with kldload(8).

There are only a few options which make some difference and can't be loaded dynamically, you don't need a ``custom kernel'' for that, `echo "option X" >> GENERIC' will do the trick just as well.

your probably right.
However, how much disk space does GENERIC take?
my custom kernel takes 3.9M + modules
This might be important when loading kernel from usb pen-drives


There are only a few options which make some difference and can't be loaded dynamically, you don't need a ``custom kernel'' for that, `echo "option X" > GENERIC' will do the trick just as well.

echo "option X" > GENERIC
will erease GENERIC, and leave you with unusable kernel config
you probably mean
echo "option X" >> GENERIC

However, how much disk space does GENERIC take?
my custom kernel takes 3.9M + modules
This might be important when loading kernel from usb pen-drives

Of course there are some situations where the GENERIC kernel doesn't suffice for one reason or the other, but in most cases it does.

echo "option X" > GENERIC
will erease GENERIC, and leave you with unusable kernel config
you probably mean
echo "option X" >> GENERIC

Whoops, yes, I meant >> (of course).

I've never seen the sense in ``optimized custom kernels''.

There is performance improvement vs. the GENERIC kernel, and additional modules can be loaded with kldload(8).
Well, that would be why you don't see any sense in it. Kldload versus built in isn't going to have much difference if any at all. The real reason to do an optimized custom kernel is mainly to take out things.

The main advantage comes from doing things like removing the older cpu revisions, hardware you don't own and such. I tend to even consider removing the hardware that I may or may not need from the main kernel and just loading it via modules as needed.

The reason being that you waste time and energy compiling things you don't need, if it's in the kernel then it's malloced at all times and if I understand correctly can't be unmalloced. Which leads to somewhat more sluggish performance. But admittedly you may or may not notice enough difference to justify the time.

That's a slightly different proposal, though - this would be about "sysctl x y and z are worth looking at", while that project is about providing answers to "what does sysctl x do".

The latter isn't very useful if you don't know about sysctl x in the first place, and that's what a forum thread could be useful for.
I'd argue that's what tuning(7) (http://www.freebsd.org/cgi/man.cgi?query=tuning&apropos=0&sektion=7&manpath=FreeBSD+7.0-RELEASE&format=html) is for.

My kernel config just removes all devices/options for which I have no hardware, then adds in pf and friends.

... `echo "option X" >> GENERIC' will do the trick just as well.

True, until you need to rebuild GENERIC. The argument can be made that the method you're using merely appends the lines to the end of the file and shoul be easily removed, however it's advisable to make a copy of GENERIC, name it something else, and do the edits from there.

Also, IIRC, if you sync your system source via csup, GENERIC most likely will be over-written, removing the changes you made. I may be wrong (maybe csup doesn't mess with files that have been edited locally?), but why tempt fate like that? ;)

Here be my FAMP/Gateway's config (7.1-PRE)

include GENERIC
#include "SKYNET.nodev"

ident SKYNET
#options SMP
#SMP is now included by default in the generic kernel
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options IPSTEALTH

options DUMMYNET

options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET

options GEOM_MIRROR

device sound
device snd_hda

options NETATALK
nomakeoptions DEBUG


I don't remember why NETATALK is in there, i think it was left over from when I was trying to netboot an ageing macbook from a CD image ...