2 The FreeBSD Documentation Project
4 $FreeBSD: doc/en_US.ISO8859-1/books/handbook/config/chapter.sgml,v 1.154 2004/06/08 11:41:49 den Exp $
5 $DragonFly: doc/en/books/handbook/config/chapter.sgml,v 1.5 2005/06/28 06:31:14 reed Exp $
8 <chapter id="config-tuning">
12 <firstname>Chern</firstname>
13 <surname>Lee</surname>
14 <contrib>Written by </contrib>
19 <firstname>Mike</firstname>
20 <surname>Smith</surname>
21 <contrib>Based on a tutorial written by </contrib>
26 <firstname>Matt</firstname>
27 <surname>Dillon</surname>
28 <contrib>Also based on tuning(7) written by </contrib>
33 <title>Configuration and Tuning</title>
35 <sect1 id="config-synopsis">
36 <title>Synopsis</title>
38 <indexterm><primary>system configuration</primary></indexterm>
39 <indexterm><primary>system optimization</primary></indexterm>
41 <para>One of the important aspects of &os; is system configuration.
42 Correct system configuration will help prevent headaches during future upgrades.
43 This chapter will explain much of the &os; configuration process,
44 including some of the parameters which
45 can be set to tune a &os; system.
48 <para>After reading this chapter, you will know:
52 <para>How to efficiently work with
53 file systems and swap partitions.</para>
56 <para>The basics of <filename>rc.conf</filename> configuration and
57 <filename>rc.d</filename> startup systems.</para>
60 <para>How to configure and test a network card.</para>
63 <para>How to configure virtual hosts on your network devices.</para>
66 <para>How to use the various configuration files in
67 <filename>/etc</filename>.</para>
70 <para>How to tune &os; using <command>sysctl</command>
74 <para>How to tune disk performance and modify kernel
80 <para>Before reading this chapter, you should:
84 <para>Understand &unix; and &os; basics (<xref
85 linkend="basics">).</para>
88 <para>Be familiar with keeping &os; sources up to date
89 (<xref linkend="updating-setup">), and
90 the basics of kernel configuration/compilation
91 (<xref linkend="kernelconfig">).</para>
97 <sect1 id="configtuning-initial">
98 <title>Initial Configuration</title>
101 <title>Partition Layout</title>
103 <indexterm><primary>partition layout</primary></indexterm>
105 <primary><filename>/etc</filename></primary>
108 <primary><filename>/var</filename></primary>
111 <primary><filename>/usr</filename></primary>
115 <title>Base Partitions</title>
117 <para>When laying out file systems with &man.disklabel.8;
118 or &man.sysinstall.8;, remember that hard
119 drives transfer data faster from the outer
121 Thus smaller and heavier-accessed file systems
122 should be closer to the outside of the drive, while
123 larger partitions like <filename>/usr</filename> should be placed
124 toward the inner. It is a good idea to create
125 partitions in a similar order to: root, swap,
126 <filename>/var</filename>, <filename>/usr</filename>.</para>
128 <para>The size of <filename>/var</filename>
129 reflects the intended machine usage.
130 <filename>/var</filename> is used to hold
131 mailboxes, log files, and printer spools. Mailboxes and log
132 files can grow to unexpected sizes depending
133 on how many users exist and how long log
134 files are kept. Most users would never require a gigabyte,
135 but remember that <filename>/var/tmp</filename>
136 must be large enough to contain packages.
139 <para>The <filename>/usr</filename> partition holds much
140 of the files required to support the system, the &man.ports.7;
141 collection (recommended) and the source code (optional). Both
142 of which are optional at install time.
143 At least 2 gigabytes would be recommended for this partition.</para>
145 <para>When selecting partition sizes, keep the space
146 requirements in mind. Running out of space in
147 one partition while barely using another can be a
150 <note><para>Some users have found that &man.sysinstall.8;'s
151 <literal>Auto-defaults</literal> partition sizer will
152 sometimes select smaller than adequate <filename>/var</filename>
153 and <filename>/</filename> partitions. Partition wisely and
154 generously.</para></note>
158 <sect3 id="swap-design">
159 <title>Swap Partition</title>
161 <indexterm><primary>swap sizing</primary></indexterm>
162 <indexterm><primary>swap partition</primary></indexterm>
164 <para>As a rule of thumb, the swap partition should be
165 about double the size of system memory (RAM). For example,
166 if the machine has 128 megabytes of memory,
167 the swap file should be 256 megabytes. Systems with
168 less memory may perform better with more swap.
169 Less than 256 megabytes of swap is not recommended and
170 memory expansion should be considered.
171 The kernel's VM paging algorithms are tuned to
172 perform best when the swap partition is at least two times the
173 size of main memory. Configuring too little swap can lead to
174 inefficiencies in the VM page scanning code and might create
175 issues later if more memory is added.</para>
177 <para>On larger systems with multiple SCSI disks (or
178 multiple IDE disks operating on different controllers), it is
179 recommend that a swap is configured on each drive (up
180 to four drives). The swap partitions should be
181 approximately the same size. The kernel can handle arbitrary
182 sizes but internal data structures scale to 4 times the
183 largest swap partition. Keeping the swap partitions near the
184 same size will allow the kernel to optimally stripe swap space
186 Large swap sizes are fine, even if swap is not
187 used much. It might be easier to recover
188 from a runaway program before being forced to reboot.</para>
192 <title>Why Partition?</title>
194 <para>Several users think a single large partition will be fine,
195 but there are several reasons why this is a bad idea.
196 First, each partition has different operational
197 characteristics and separating them allows the file system to
198 tune accordingly. For example, the root
199 and <filename>/usr</filename> partitions are read-mostly, without
200 much writing. While a lot of reading and writing could
201 occur in <filename>/var</filename> and
202 <filename>/var/tmp</filename>.</para>
204 <para>By properly partitioning a system, fragmentation
205 introduced in the smaller write heavy partitions
206 will not bleed over into the mostly-read partitions.
207 Keeping the write-loaded partitions closer to
210 increase I/O performance in the partitions where it occurs
211 the most. Now while I/O
212 performance in the larger partitions may be needed,
213 shifting them more toward the edge of the disk will not
214 lead to a significant performance improvement over moving
215 <filename>/var</filename> to the edge.
216 Finally, there are safety concerns. A smaller, neater root
217 partition which is mostly read-only has a greater
218 chance of surviving a bad crash.</para>
224 <sect1 id="configtuning-core-configuration">
225 <title>Core Configuration</title>
228 <primary>rc files</primary>
229 <secondary><filename>rc.conf</filename></secondary>
232 <para>The principal location for system configuration information
233 is within <filename>/etc/rc.conf</filename>. This file
234 contains a wide range of configuration information, principally
235 used at system startup to configure the system. Its name
236 directly implies this; it is configuration information for the
237 <filename>rc*</filename> files.</para>
239 <para>An administrator should make entries in the
240 <filename>rc.conf</filename> file to
241 override the default settings from
242 <filename>/etc/defaults/rc.conf</filename>. The defaults file
243 should not be copied verbatim to <filename>/etc</filename> - it
244 contains default values, not examples. All system-specific
245 changes should be made in the <filename>rc.conf</filename>
248 <para>A number of strategies may be applied in clustered
249 applications to separate site-wide configuration from
250 system-specific configuration in order to keep administration
251 overhead down. The recommended approach is to place site-wide
252 configuration into another file,
253 such as <filename>/etc/rc.conf.site</filename>, and then include
254 this file into <filename>/etc/rc.conf</filename>, which will
255 contain only system-specific information.</para>
257 <para>As <filename>rc.conf</filename> is read by &man.sh.1; it is
258 trivial to achieve this. For example:</para>
261 <listitem><para>rc.conf:</para>
262 <programlisting> . rc.conf.site
263 hostname="node15.example.com"
264 network_interfaces="fxp0 lo0"
265 ifconfig_fxp0="inet 10.1.1.1"</programlisting></listitem>
266 <listitem><para>rc.conf.site:</para>
267 <programlisting> defaultrouter="10.1.1.254"
269 blanktime="100"</programlisting></listitem>
272 <para>The <filename>rc.conf.site</filename> file can then be
273 distributed to every system using <command>rsync</command> or a
274 similar program, while the <filename>rc.conf</filename> file
275 remains unique.</para>
277 <para>Upgrading the system using &man.sysinstall.8;
278 or <command>make world</command> will not overwrite the
279 <filename>rc.conf</filename>
280 file, so system configuration information will not be lost.</para>
284 <sect1 id="configtuning-appconfig">
285 <title>Application Configuration</title>
287 <para>Typically, installed applications have their own
288 configuration files, with their own syntax, etc. It is
289 important that these files be kept separate from the base
290 system, so that they may be easily located and managed by the
291 package management tools.</para>
293 <indexterm><primary>/usr/local/etc</primary></indexterm>
295 <para>Typically, these files are installed in
296 <filename>/usr/local/etc</filename>. In the case where an
297 application has a large number of configuration files, a
298 subdirectory will be created to hold them.</para>
300 <para>Normally, when a port or package is installed, sample
301 configuration files are also installed. These are usually
302 identified with a <filename>.default</filename> suffix. If there
304 configuration files for the application, they will be created by
305 copying the <filename>.default</filename> files.</para>
307 <para>For example, consider the contents of the directory
308 <filename>/usr/local/etc/apache</filename>:</para>
310 <literallayout class="monospaced">-rw-r--r-- 1 root wheel 2184 May 20 1998 access.conf
311 -rw-r--r-- 1 root wheel 2184 May 20 1998 access.conf.default
312 -rw-r--r-- 1 root wheel 9555 May 20 1998 httpd.conf
313 -rw-r--r-- 1 root wheel 9555 May 20 1998 httpd.conf.default
314 -rw-r--r-- 1 root wheel 12205 May 20 1998 magic
315 -rw-r--r-- 1 root wheel 12205 May 20 1998 magic.default
316 -rw-r--r-- 1 root wheel 2700 May 20 1998 mime.types
317 -rw-r--r-- 1 root wheel 2700 May 20 1998 mime.types.default
318 -rw-r--r-- 1 root wheel 7980 May 20 1998 srm.conf
319 -rw-r--r-- 1 root wheel 7933 May 20 1998 srm.conf.default</literallayout>
321 <para>The file sizes show that only the <filename>srm.conf</filename>
322 file has been changed. A later update of the <application>Apache</application> port would not
323 overwrite this changed file.</para>
327 <sect1 id="configtuning-starting-services">
328 <title>Starting Services</title>
330 <indexterm><primary>services</primary></indexterm>
332 <para>It is common for a system to host a number of services.
333 These may be started in several different fashions, each having
334 different advantages.</para>
336 <indexterm><primary>/usr/local/etc/rc.d</primary></indexterm>
338 <para>Software installed from a port or the packages collection
339 will often place a script in
340 <filename>/usr/local/etc/rc.d</filename> which is invoked at
341 system startup with a <option>start</option> argument, and at
342 system shutdown with a <option>stop</option> argument.
343 This is the recommended way for
344 starting system-wide services that are to be run as
345 <username>root</username>, or that
346 expect to be started as <username>root</username>.
347 These scripts are registered as
348 part of the installation of the package, and will be removed
349 when the package is removed.</para>
351 <para>A generic startup script in
352 <filename>/usr/local/etc/rc.d</filename> looks like:</para>
354 <programlisting>#!/bin/sh
359 /usr/local/bin/foobar
362 kill -9 `cat /var/run/foobar.pid`
365 echo "Usage: `basename $0` {start|stop}" >&2
373 <para>The startup scripts of &os; will look in
374 <filename>/usr/local/etc/rc.d</filename> for scripts that have an
375 <literal>.sh</literal> extension and are executable by
376 <username>root</username>. Those scripts that are found are called with
377 an option <option>start</option> at startup, and <option>stop</option>
378 at shutdown to allow them to carry out their purpose. So if you wanted
379 the above sample script to be picked up and run at the proper time during
380 system startup, you should save it to a file called
381 <filename>FooBar.sh</filename> in
382 <filename>/usr/local/etc/rc.d</filename> and make sure it is
383 executable. You can make a shell script executable with &man.chmod.1;
384 as shown below:</para>
386 <screen>&prompt.root; <userinput>chmod 755 <replaceable>FooBar.sh</replaceable></userinput></screen>
388 <para>Some services expect to be invoked by &man.inetd.8; when a
389 connection is received on a suitable port. This is common for
390 mail reader servers (POP and IMAP, etc.). These services are
391 enabled by editing the file <filename>/etc/inetd.conf</filename>.
392 See &man.inetd.8; for details on editing this file.</para>
394 <para>Some additional system services may not be covered by the
395 toggles in <filename>/etc/rc.conf</filename>. These are
396 traditionally enabled by placing the command(s) to invoke them
397 in <filename>/etc/rc.local</filename>. As of &os; 3.1 there
398 is no default <filename>/etc/rc.local</filename>; if it is
399 created by the administrator it will however be honored in the
400 normal fashion. Note that <filename>rc.local</filename> is
401 generally regarded as the location of last resort; if there is a
402 better place to start a service, do it there.</para>
404 <note><para>Do <emphasis>not</emphasis> place any commands in
405 <filename>/etc/rc.conf</filename>. To start daemons, or
406 run any commands at boot time, place a script in
407 <filename>/usr/local/etc/rc.d</filename> instead.</para>
410 <para>It is also possible to use the &man.cron.8; daemon to start
411 system services. This approach has a number of advantages, not
412 least being that because &man.cron.8; runs these processes as the
413 owner of the <command>crontab</command>, services may be started
414 and maintained by non-<username>root</username> users.</para>
416 <para>This takes advantage of a feature of &man.cron.8;: the
417 time specification may be replaced by <literal>@reboot</literal>,
419 cause the job to be run when &man.cron.8; is started shortly after
423 <sect1 id="configtuning-cron">
427 <firstname>Tom</firstname>
428 <surname>Rhodes</surname>
429 <contrib>Contributed by </contrib>
434 <title>Configuring the <command>cron</command> Utility</title>
436 <indexterm><primary>cron</primary>
437 <secondary>configuration</secondary></indexterm>
439 <para>One of the most useful utilities in &os; is &man.cron.8;. The
440 <command>cron</command> utility runs in the background and constantly
441 checks the <filename>/etc/crontab</filename> file. The <command>cron</command>
442 utility also checks the <filename>/var/cron/tabs</filename> directory, in
443 search of new <filename>crontab</filename> files. These
444 <filename>crontab</filename> files store information about specific
445 functions which <command>cron</command> is supposed to perform at
446 certain times.</para>
448 <para>The <command>cron</command> utility uses two different
449 types of configuration files, the system crontab and user crontabs. The
450 only difference between these two formats is the sixth field. In the
451 system crontab, the sixth field is the name of a user for the command
452 to run as. This gives the system crontab the ability to run commands
453 as any user. In a user crontab, the sixth field is the command to run,
454 and all commands run as the user who created the crontab; this is an
455 important security feature.</para>
458 <para>User crontabs allow individual users to schedule tasks without the
459 need for root privileges. Commands in a user's crontab run with the
460 permissions of the user who owns the crontab.</para>
462 <para>The <username>root</username> user can have a user crontab just like
463 any other user. This one is different from
464 <filename>/etc/crontab</filename> (the system crontab). Because of the
465 system crontab, there's usually no need to create a user crontab
466 for <username>root</username>.</para>
469 <para>Let us take a look at the <filename>/etc/crontab</filename> file
470 (the system crontab):</para>
473 <programlisting># /etc/crontab - root's crontab for &os;
475 # $&os;: src/etc/crontab,v 1.32 2002/11/22 16:13:39 tom Exp $
476 # <co id="co-comments">
479 PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin <co id="co-env">
483 #minute hour mday month wday who command <co id="co-field-descr">
486 */5 * * * * root /usr/libexec/atrun <co id="co-main">
490 <callout arearefs="co-comments">
491 <para>Like most &os; configuration files, the <literal>#</literal>
492 character represents a comment. A comment can be placed in
493 the file as a reminder of what and why a desired action is performed.
494 Comments cannot be on the same line as a command or else they will
495 be interpreted as part of the command; they must be on a new line.
496 Blank lines are ignored.</para>
499 <callout arearefs="co-env">
500 <para>First, the environment must be defined. The equals
501 (<literal>=</literal>) character is used to define any environment
502 settings, as with this example where it is used for the <envar>SHELL</envar>,
503 <envar>PATH</envar>, and <envar>HOME</envar> options. If the shell line is
504 omitted, <command>cron</command> will use the default, which is
505 <command>sh</command>. If the <envar>PATH</envar> variable is
506 omitted, no default will be used and file locations will need to
507 be absolute. If <envar>HOME</envar> is omitted, <command>cron</command>
508 will use the invoking users home directory.</para>
511 <callout arearefs="co-field-descr">
512 <para>This line defines a total of seven fields. Listed here are the
513 values <literal>minute</literal>, <literal>hour</literal>,
514 <literal>mday</literal>, <literal>month</literal>, <literal>wday</literal>,
515 <literal>who</literal>, and <literal>command</literal>. These
516 are almost all self explanatory. <literal>minute</literal> is the time in minutes the
517 command will be run. <literal>hour</literal> is similar to the <literal>minute</literal> option, just in
518 hours. <literal>mday</literal> stands for day of the month. <literal>month</literal> is similar to <literal>hour</literal>
519 and <literal>minute</literal>, as it designates the month. The <literal>wday</literal> option stands for
520 day of the week. All these fields must be numeric values, and follow
521 the twenty-four hour clock. The <literal>who</literal> field is special,
522 and only exists in the <filename>/etc/crontab</filename> file.
523 This field specifies which user the command should be run as.
524 When a user installs his or her <filename>crontab</filename> file, they
525 will not have this option. Finally, the <literal>command</literal> option is listed.
526 This is the last field, so naturally it should designate the command
527 to be executed.</para>
530 <callout arearefs="co-main">
531 <para>This last line will define the values discussed above. Notice here
532 we have a <literal>*/5</literal> listing, followed by several more
533 <literal>*</literal> characters. These <literal>*</literal> characters
534 mean <quote>first-last</quote>, and can be interpreted as
535 <emphasis>every</emphasis> time. So, judging by this line,
536 it is apparent that the <command>atrun</command> command is to be invoked by
537 <username>root</username> every five minutes regardless of what
538 day or month it is. For more information on the <command>atrun</command> command,
539 see the &man.atrun.8; manual page.</para>
541 <para>Commands can have any number of flags passed to them; however,
542 commands which extend to multiple lines need to be broken with the backslash
543 <quote>\</quote> continuation character.</para>
547 <para>This is the basic set up for every
548 <filename>crontab</filename> file, although there is one thing
549 different about this one. Field number six, where we specified
550 the username, only exists in the system
551 <filename>/etc/crontab</filename> file. This field should be
552 omitted for individual user <filename>crontab</filename>
556 <sect2 id="configtuning-installcrontab">
557 <title>Installing a Crontab</title>
560 <para>You must not use the procedure described here to
561 edit/install the system crontab. Simply use your favorite
562 editor: the <command>cron</command> utility will notice that the file
563 has changed and immediately begin using the updated version.
565 <ulink url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/admin.html#ROOT-NOT-FOUND-CRON-ERRORS">
566 this FAQ entry </ulink> for more information.</para>
569 <para>To install a freshly written user
570 <filename>crontab</filename>, first use your favorite editor to create
571 a file in the proper format, and then use the
572 <command>crontab</command> utility. The most common usage
575 <screen>&prompt.user; <userinput>crontab crontab-file</userinput></screen>
577 <para>In this example, <filename>crontab-file</filename> is the filename
578 of a <filename>crontab</filename> that was previously created.</para>
580 <para>There is also an option to list installed
581 <filename>crontab</filename> files: just pass the
582 <option>-l</option> option to <command>crontab</command> and look
583 over the output.</para>
585 <para>For users who wish to begin their own crontab file from scratch,
586 without the use of a template, the <command>crontab -e</command>
587 option is available. This will invoke the selected editor
588 with an empty file. When the file is saved, it will be
589 automatically installed by the <command>crontab</command> command.
592 <para>If you later want to remove your user <filename>crontab</filename>
593 completely, use <command>crontab</command> with the <option>-r</option>
600 <sect1 id="configtuning-rcNG">
604 <firstname>Tom</firstname>
605 <surname>Rhodes</surname>
606 <contrib>Contributed by </contrib>
612 <title>Using rc under &os;</title>
614 <indexterm><primary>rcNG</primary></indexterm>
616 <para>&os; uses the &netbsd;
617 <filename>rc.d</filename> system for system initialization.
618 Users should notice the files listed in the
619 <filename>/etc/rc.d</filename> directory. Many of these files
620 are for basic services which can be controlled with the
621 <option>start</option>, <option>stop</option>,
622 and <option>restart</option> options.
623 For instance, &man.sshd.8; can be restarted with the following
626 <screen>&prompt.root; <userinput>/etc/rc.d/sshd restart</userinput></screen>
628 <para>This procedure is similar for other services. Of course,
629 services are usually started automatically as specified in
630 &man.rc.conf.5;. For example, enabling the Network Address
631 Translation daemon at startup is as simple as adding the
632 following line to <filename>/etc/rc.conf</filename>:</para>
634 <programlisting>natd_enable="YES"</programlisting>
636 <para>If a <option>natd_enable="NO"</option> line is already
637 present, then simply change the <option>NO</option> to
638 <option>YES</option>. The rc scripts will automatically load
639 any other dependent services during the next reboot, as
640 described below.</para>
642 <para>Since the <filename>rc.d</filename> system is primarily
643 intended to start/stop services at system startup/shutdown time,
644 the standard <option>start</option>,
645 <option>stop</option> and <option>restart</option> options will only
646 perform their action if the appropriate
647 <filename>/etc/rc.conf</filename> variables are set. For
648 instance the above <command>sshd restart</command> command will
649 only work if <varname>sshd_enable</varname> is set to
650 <option>YES</option> in <filename>/etc/rc.conf</filename>. To
651 <option>start</option>, <option>stop</option> or
652 <option>restart</option> a service regardless of the settings in
653 <filename>/etc/rc.conf</filename>, the commands should be
654 prefixed with <quote>force</quote>. For instance to restart
655 <command>sshd</command> regardless of the current
656 <filename>/etc/rc.conf</filename> setting, execute the following
659 <screen>&prompt.root; <userinput>/etc/rc.d/sshd forcerestart</userinput></screen>
661 <para>It is easy to check if a service is enabled in
662 <filename>/etc/rc.conf</filename> by running the appropriate
663 <filename>rc.d</filename> script with the option
664 <option>rcvar</option>. Thus, an administrator can check that
665 <command>sshd</command> is in fact enabled in
666 <filename>/etc/rc.conf</filename> by running:</para>
668 <screen>&prompt.root; <userinput>/etc/rc.d/sshd rcvar</userinput>
670 $sshd_enable=YES</screen>
673 <para>The second line (<literal># sshd</literal>) is the output
674 from the <command>sshd</command> command, not a <username>root</username>
678 <para>To determine if a service is running, a
679 <option>status</option> option is available. For instance to
680 verify that <command>sshd</command> is actually started:</para>
682 <screen>&prompt.root; <userinput>/etc/rc.d/sshd status</userinput>
683 sshd is running as pid 433.</screen>
685 <para>It is also possible to <option>reload</option> a service.
686 This will attempt to send a signal to an individual service, forcing the
687 service to reload its configuration files. In most cases this
688 means sending the service a <literal>SIGHUP</literal>
691 <para>The <application>rcNG</application> structure is used both
692 for network services and system initialization. Some services are run
693 only at boot; and the RCNG system is what triggers them.
695 <para>Many system services depend on other services to function
696 properly. For example, NIS and other RPC-based services may
697 fail to start until after the <command>rpcbind</command>
698 (portmapper) service has started. To resolve this issue,
699 information about dependencies and other meta-data is included
700 in the comments at the top of each startup script. The
701 &man.rcorder.8; program is then used to parse these comments
702 during system initialization to determine the order in which
703 system services should be invoked to satisfy the dependencies.
704 The following words may be included at the top of each startup
709 <para><literal>PROVIDE</literal>: Specifies the services this file provides.</para>
713 <para><literal>REQUIRE</literal>: Lists services which are required for this
714 service. This file will run <emphasis>after</emphasis>
715 the specified services.</para>
719 <para><literal>BEFORE</literal>: Lists services which depend on this service.
720 This file will run <emphasis>before</emphasis>
721 the specified services.</para>
725 <para>KEYWORD: When &man.rcorder.8; uses the <option>-k</option>
726 option, then only the rc.d files matching this keyword are used.
727 For example, when using <option>-k shutdown</option>, only the
728 <filename>rc.d</filename> scripts defining the
729 <literal>shutdown</literal> keyword are used.
732 <para>Previously this was used to define *BSD dependent features.
736 <para>With the <option>-s</option> option, &man.rcorder.8 will
737 skip any <filename>rc.d</filename> script defining the
738 corresponding keyword to skip. For example, scripts defining the
739 <literal>nostart</literal> keyword are skipped at boot time.</para>
743 <para>By using this method, an administrator can easily control system
744 services without the hassle of <quote>runlevels</quote> like
745 some other &unix; operating systems.</para>
747 <para>Additional information about the &os;
748 <filename>rc.d</filename> system can be found in the &man.rc.8;
749 and &man.rc.subr.8; manual pages.</para>
752 <sect1 id="config-network-setup">
756 <firstname>Marc</firstname>
757 <surname>Fonvieille</surname>
758 <contrib>Contributed by </contrib>
759 <!-- 6 October 2002 -->
764 <title>Setting Up Network Interface Cards</title>
766 <indexterm><primary>network card configuration</primary></indexterm>
768 <para>Nowadays we can not think about a computer without thinking
769 about a network connection. Adding and configuring a network
770 card is a common task for any &os; administrator.</para>
773 <title>Locating the Correct Driver</title>
776 <primary>network card configuration</primary>
777 <secondary>locating the driver</secondary>
780 <para>Before you begin, you should know the model of the card
781 you have, the chip it uses, and whether it is a PCI or ISA card.
782 &os; supports a wide variety of both PCI and ISA cards.
783 Check the Hardware Compatibility List for your release to see
784 if your card is supported.</para>
786 <para>Once you are sure your card is supported, you need
787 to determine the proper driver for the card. The file
788 <filename>/usr/src/sys/i386/conf/LINT</filename> will give you
789 the list of network interfaces drivers with some information
790 about the supported chipsets/cards. If you have doubts about
791 which driver is the correct one, read the manual page of the
792 driver. The manual page will give you more information about
793 the supported hardware and even the possible problems that
796 <para>If you own a common card, most of the time you will not
797 have to look very hard for a driver. Drivers for common
798 network cards are present in the <filename>GENERIC</filename>
799 kernel, so your card should show up during boot, like so:</para>
801 <screen>dc0: <82c169 PNIC 10/100BaseTX> port 0xa000-0xa0ff mem 0xd3800000-0xd38
802 000ff irq 15 at device 11.0 on pci0
803 dc0: Ethernet address: 00:a0:cc:da:da:da
804 miibus0: <MII bus> on dc0
805 ukphy0: <Generic IEEE 802.3u media interface> on miibus0
806 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
807 dc1: <82c169 PNIC 10/100BaseTX> port 0x9800-0x98ff mem 0xd3000000-0xd30
808 000ff irq 11 at device 12.0 on pci0
809 dc1: Ethernet address: 00:a0:cc:da:da:db
810 miibus1: <MII bus> on dc1
811 ukphy1: <Generic IEEE 802.3u media interface> on miibus1
812 ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto</screen>
814 <para>In this example, we see that two cards using the &man.dc.4;
815 driver are present on the system.</para>
817 <para>To use your network card, you will need to load the proper
818 driver. This may be accomplished in one of two ways. The
819 easiest way is to simply load a kernel module for your network
820 card with &man.kldload.8;. A module is not available for all
821 network card drivers (ISA cards and cards using the &man.ed.4;
822 driver, for example). Alternatively, you may statically compile
823 the support for your card into your kernel. Check
824 <filename>/usr/src/sys/i386/conf/LINT</filename> and the
825 manual page of the driver to know what to add in your kernel
826 configuration file. For more information about recompiling your
827 kernel, please see <xref linkend="kernelconfig">. If your card
828 was detected at boot by your kernel (<filename>GENERIC</filename>)
829 you do not have to build a new kernel.</para>
833 <title>Configuring the Network Card</title>
836 <primary>Network card configuration</primary>
837 <secondary>configuration</secondary>
840 <para>Once the right driver is loaded for the network card, the
841 card needs to be configured. As with many other things, the
842 network card may have been configured at installation time by
843 <application>sysinstall</application>.</para>
845 <para>To display the configuration for the network interfaces on
846 your system, enter the following command:</para>
848 <screen>&prompt.user; <userinput>ifconfig</userinput>
849 dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
850 inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255
851 ether 00:a0:cc:da:da:da
852 media: Ethernet autoselect (100baseTX <full-duplex>)
854 dc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
855 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
856 ether 00:a0:cc:da:da:db
857 media: Ethernet 10baseT/UTP
859 lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
860 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
861 inet 127.0.0.1 netmask 0xff000000
862 tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500</screen>
865 <para>Note that entries concerning IPv6
866 (<literal>inet6</literal> etc.) were omitted in this
870 <para>In this example, the following devices were
875 <para><devicename>dc0</devicename>: The first Ethernet
880 <para><devicename>dc1</devicename>: The second Ethernet
885 <para><devicename>lp0</devicename>: The parallel port
890 <para><devicename>lo0</devicename>: The loopback device</para>
894 <para><devicename>tun0</devicename>: The tunnel device used by
895 <application>ppp</application></para>
899 <para>&os; uses the driver name followed by the order in
900 which one the card is detected at the kernel boot to name the
901 network card, starting the count at zero. For example,
902 <devicename>sis2</devicename> would be the third network card
903 on the system using the &man.sis.4; driver.</para>
905 <para>In this example, the <devicename>dc0</devicename> device is
906 up and running. The key indicators are:</para>
910 <para><literal>UP</literal> means that the card is configured
915 <para>The card has an Internet (<literal>inet</literal>)
916 address (in this case
917 <hostid role="ipaddr">192.168.1.3</hostid>).</para>
921 <para>It has a valid subnet mask (<literal>netmask</literal>;
922 <hostid role="netmask">0xffffff00</hostid> is the same as
923 <hostid role="netmask">255.255.255.0</hostid>).</para>
927 <para>It has a valid broadcast address (in this case,
928 <hostid role="ipaddr">192.168.1.255</hostid>).</para>
932 <para>The MAC address of the card (<literal>ether</literal>)
933 is <hostid role="mac">00:a0:cc:da:da:da</hostid></para>
937 <para>The physical media selection is on autoselection mode
938 (<literal>media: Ethernet autoselect (100baseTX
939 <full-duplex>)</literal>). We see that
940 <devicename>dc1</devicename> was configured to run with
941 <literal>10baseT/UTP</literal> media. For more
942 information on available media types for a driver, please
943 refer to its manual page.</para>
947 <para>The status of the link (<literal>status</literal>)
948 is <literal>active</literal>, i.e. the carrier is detected.
949 For <devicename>dc1</devicename>, we see
950 <literal>status: no carrier</literal>. This is normal when
951 an ethernet cable is not plugged into the card.</para>
955 <para>If the &man.ifconfig.8; output had shown something similar
958 <screen>dc0: flags=8843<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
959 ether 00:a0:cc:da:da:da</screen>
961 <para>it would indicate the card has not been configured.</para>
963 <para>To configure your card, you need <username>root</username>
964 privileges. The network card configuration can be done from the
965 command line with &man.ifconfig.8; as root.</para>
968 &prompt.root; <userinput>ifconfig dc0 inet 192.168.1.3 netmask 255.255.255.0</userinput>
972 <para>Manually configuring the care has the disadvantage that you
973 would have to do it after each reboot of the system. The file
974 <filename>/etc/rc.conf</filename> is where to add the network
975 card's configuration.</para>
977 <para>Open <filename>/etc/rc.conf</filename> in your favorite
978 editor. You need to add a line for each network card present on
979 the system, for example in our case, we added these lines:</para>
981 <programlisting>ifconfig_dc0="inet 192.168.1.3 netmask 255.255.255.0"
982 ifconfig_dc1="inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP"</programlisting>
984 <para>You have to replace <devicename>dc0</devicename>,
985 <devicename>dc1</devicename>, and so on, with
986 the correct device for your cards, and the addresses with the
987 proper ones. You should read the card driver and
988 &man.ifconfig.8; manual pages for more details about the allowed
989 options and also &man.rc.conf.5; manual page for more
990 information on the syntax of
991 <filename>/etc/rc.conf</filename>.</para>
993 <para>If you configured the network during installation, some
994 lines about the network card(s) may be already present. Double
995 check <filename>/etc/rc.conf</filename> before adding any
998 <para>You will also have to edit the file
999 <filename>/etc/hosts</filename> to add the names and the IP
1000 addresses of various machines of the LAN, if they are not already
1001 there. For more information please refer to &man.hosts.5;
1002 and to <filename>/usr/share/examples/etc/hosts</filename>.</para>
1006 <title>Testing and Troubleshooting</title>
1008 <para>Once you have made the necessary changes in
1009 <filename>/etc/rc.conf</filename>, you should reboot your
1010 system. This will allow the change(s) to the interface(s) to
1011 be applied, and verify that the system restarts without any
1012 configuration errors.</para>
1014 <para>Once the system has been rebooted, you should test the
1015 network interfaces.</para>
1018 <title>Testing the Ethernet Card</title>
1021 <primary>network card configuration</primary>
1022 <secondary>testing the card</secondary>
1025 <para>To verify that an Ethernet card is configured correctly,
1026 you have to try two things. First, ping the interface itself,
1027 and then ping another machine on the LAN.</para>
1029 <para>First test the local interface:</para>
1031 <screen>&prompt.user; <userinput>ping -c5 192.168.1.3</userinput>
1032 PING 192.168.1.3 (192.168.1.3): 56 data bytes
1033 64 bytes from 192.168.1.3: icmp_seq=0 ttl=64 time=0.082 ms
1034 64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.074 ms
1035 64 bytes from 192.168.1.3: icmp_seq=2 ttl=64 time=0.076 ms
1036 64 bytes from 192.168.1.3: icmp_seq=3 ttl=64 time=0.108 ms
1037 64 bytes from 192.168.1.3: icmp_seq=4 ttl=64 time=0.076 ms
1039 --- 192.168.1.3 ping statistics ---
1040 5 packets transmitted, 5 packets received, 0% packet loss
1041 round-trip min/avg/max/stddev = 0.074/0.083/0.108/0.013 ms</screen>
1043 <para>Now we have to ping another machine on the LAN:</para>
1045 <screen>&prompt.user; <userinput>ping -c5 192.168.1.2</userinput>
1046 PING 192.168.1.2 (192.168.1.2): 56 data bytes
1047 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.726 ms
1048 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.766 ms
1049 64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.700 ms
1050 64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.747 ms
1051 64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=0.704 ms
1053 --- 192.168.1.2 ping statistics ---
1054 5 packets transmitted, 5 packets received, 0% packet loss
1055 round-trip min/avg/max/stddev = 0.700/0.729/0.766/0.025 ms</screen>
1057 <para>You could also use the machine name instead of
1058 <hostid role="ipaddr">192.168.1.2</hostid> if you have set up the
1059 <filename>/etc/hosts</filename> file.</para>
1063 <title>Troubleshooting</title>
1066 <primary>network card configuration</primary>
1067 <secondary>troubleshooting</secondary>
1070 <para>Troubleshooting hardware and software configurations is always
1071 a pain, and a pain which can be alleviated by checking the simple
1072 things first. Is your network cable plugged in? Have you properly
1073 configured the network services? Did you configure the firewall
1074 correctly? Is the card you are using supported by &os;? Always
1075 check the hardware notes before sending off a bug report. Update
1076 your version of &os; to the latest PREVIEW version. Check the
1077 mailing list archives, or perhaps search the Internet.</para>
1079 <para>If the card works, yet performance is poor, it would be
1080 worthwhile to read over the &man.tuning.7; manual page. You
1081 can also check the network configuration as incorrect network
1082 settings can cause slow connections.</para>
1084 <para>Some users experience one or two <quote>device
1085 timeouts</quote>, which is normal for some cards. If they
1086 continue, or are bothersome, you may wish to be sure the
1087 device is not conflicting with another device. Double check
1088 the cable connections. Perhaps you may just need to get
1089 another card.</para>
1091 <para>At times, users see a few <errorname>watchdog timeout</errorname>
1092 errors. The first thing to do here is to check your network
1093 cable. Many cards require a PCI slot which supports Bus
1094 Mastering. On some old motherboards, only one PCI slot allows
1095 it (usually slot 0). Check the network card and the
1096 motherboard documentation to determine if that may be the
1099 <para><errorname>No route to host</errorname> messages occur if the
1100 system is unable to route a packet to the destination host.
1101 This can happen if no default route is specified, or if a
1102 cable is unplugged. Check the output of <command>netstat
1103 -rn</command> and make sure there is a valid route to the host
1104 you are trying to reach. If there is not, read on to <xref
1105 linkend="advanced-networking">.</para>
1107 <para><errorname>ping: sendto: Permission denied</errorname> error
1108 messages are often caused by a misconfigured firewall. If
1109 <command>ipfw</command> is enabled in the kernel but no rules
1110 have been defined, then the default policy is to deny all
1111 traffic, even ping requests! Read on to <xref
1112 linkend="firewalls"> for more information.</para>
1114 <para>Sometimes performance of the card is poor, or below average.
1115 In these cases it is best to set the media selection mode
1116 from <literal>autoselect</literal> to the correct media selection.
1117 While this usually works for most hardware, it may not resolve
1118 this issue for everyone. Again, check all the network settings,
1119 and read over the &man.tuning.7; manual page.</para>
1125 <sect1 id="configtuning-virtual-hosts">
1126 <title>Virtual Hosts</title>
1128 <indexterm><primary>virtual hosts</primary></indexterm>
1129 <indexterm><primary>IP aliases</primary></indexterm>
1131 <para>A very common use of &os; is virtual site hosting, where
1132 one server appears to the network as many servers. This is
1133 achieved by assigning multiple network addresses to a single
1136 <para>A given network interface has one <quote>real</quote> address,
1137 and may have any number of <quote>alias</quote> addresses.
1139 normally added by placing alias entries in
1140 <filename>/etc/rc.conf</filename>.</para>
1142 <para>An alias entry for the interface <devicename>fxp0</devicename>
1145 <programlisting>ifconfig_fxp0_alias0="inet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx"</programlisting>
1147 <para>Note that alias entries must start with alias0 and proceed
1148 upwards in order, (for example, _alias1, _alias2, and so on).
1149 The configuration process will stop at the first missing number.
1152 <para>The calculation of alias netmasks is important, but
1153 fortunately quite simple. For a given interface, there must be
1154 one address which correctly represents the network's netmask.
1155 Any other addresses which fall within this network must have a
1156 netmask of all <literal>1</literal>s.</para>
1158 <para>For example, consider the case where the
1159 <devicename>fxp0</devicename> interface is
1160 connected to two networks, the <hostid role="ipaddr">10.1.1.0</hostid>
1161 network with a netmask of <hostid role="netmask">255.255.255.0</hostid>
1162 and the <hostid role="ipaddr">202.0.75.16</hostid> network with
1163 a netmask of <hostid role="netmask">255.255.255.240</hostid>.
1164 We want the system to appear at <hostid role="ipaddr">10.1.1.1</hostid>
1165 through <hostid role="ipaddr">10.1.1.5</hostid> and at
1166 <hostid role="ipaddr">202.0.75.17</hostid> through
1167 <hostid role="ipaddr">202.0.75.20</hostid>.</para>
1169 <para>The following entries configure the adapter correctly for
1170 this arrangement:</para>
1172 <programlisting> ifconfig_fxp0="inet 10.1.1.1 netmask 255.255.255.0"
1173 ifconfig_fxp0_alias0="inet 10.1.1.2 netmask 255.255.255.255"
1174 ifconfig_fxp0_alias1="inet 10.1.1.3 netmask 255.255.255.255"
1175 ifconfig_fxp0_alias2="inet 10.1.1.4 netmask 255.255.255.255"
1176 ifconfig_fxp0_alias3="inet 10.1.1.5 netmask 255.255.255.255"
1177 ifconfig_fxp0_alias4="inet 202.0.75.17 netmask 255.255.255.240"
1178 ifconfig_fxp0_alias5="inet 202.0.75.18 netmask 255.255.255.255"
1179 ifconfig_fxp0_alias6="inet 202.0.75.19 netmask 255.255.255.255"
1180 ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"</programlisting>
1184 <sect1 id="configtuning-configfiles">
1185 <title>Configuration Files</title>
1188 <title><filename>/etc</filename> Layout</title>
1189 <para>There are a number of directories in which configuration
1190 information is kept. These include:</para>
1192 <informaltable frame="none">
1196 <entry><filename>/etc</filename></entry>
1197 <entry>Generic system configuration information; data here is
1198 system-specific.</entry>
1201 <entry><filename>/etc/defaults</filename></entry>
1202 <entry>Default versions of system configuration files.</entry>
1205 <entry><filename>/etc/mail</filename></entry>
1206 <entry>Extra &man.sendmail.8; configuration, other
1207 MTA configuration files.
1211 <entry><filename>/etc/ppp</filename></entry>
1212 <entry>Configuration for both user- and kernel-ppp programs.
1216 <entry><filename>/etc/namedb</filename></entry>
1217 <entry>Default location for &man.named.8; data. Normally
1218 <filename>named.conf</filename> and zone files are stored
1222 <entry><filename>/usr/local/etc</filename></entry>
1223 <entry>Configuration files for installed applications.
1224 May contain per-application subdirectories.</entry>
1227 <entry><filename>/usr/local/etc/rc.d</filename></entry>
1228 <entry>Start/stop scripts for installed applications.</entry>
1231 <entry><filename>/var/db</filename></entry>
1232 <entry>Automatically generated system-specific database files,
1233 such as the package database, the locate database, and so
1242 <title>Hostnames</title>
1244 <indexterm><primary>hostname</primary></indexterm>
1245 <indexterm><primary>DNS</primary></indexterm>
1248 <title><filename>/etc/resolv.conf</filename></title>
1251 <primary><filename>resolv.conf</filename></primary>
1254 <para><filename>/etc/resolv.conf</filename> dictates how &os;'s
1255 resolver accesses the Internet Domain Name System (DNS).</para>
1257 <para>The most common entries to <filename>resolv.conf</filename> are:
1260 <informaltable frame="none">
1264 <entry><literal>nameserver</literal></entry>
1265 <entry>The IP address of a name server the resolver
1266 should query. The servers are queried in the order
1267 listed with a maximum of three.</entry>
1270 <entry><literal>search</literal></entry>
1271 <entry>Search list for hostname lookup. This is normally
1272 determined by the domain of the local hostname.</entry>
1275 <entry><literal>domain</literal></entry>
1276 <entry>The local domain name.</entry>
1282 <para>A typical <filename>resolv.conf</filename>:</para>
1284 <programlisting>search example.com
1285 nameserver 147.11.1.11
1286 nameserver 147.11.100.30</programlisting>
1288 <note><para>Only one of the <literal>search</literal> and
1289 <literal>domain</literal> options should be used.</para></note>
1291 <para>If you are using DHCP, &man.dhclient.8; usually rewrites
1292 <filename>resolv.conf</filename> with information received from the
1297 <title><filename>/etc/hosts</filename></title>
1299 <indexterm><primary>hosts</primary></indexterm>
1301 <para><filename>/etc/hosts</filename> is a simple text
1302 database reminiscent of the old Internet. It works in
1303 conjunction with DNS and NIS providing name to IP address
1304 mappings. Local computers connected via a LAN can be placed
1305 in here for simplistic naming purposes instead of setting up
1306 a &man.named.8; server. Additionally,
1307 <filename>/etc/hosts</filename> can be used to provide a
1308 local record of Internet names, reducing the need to query
1309 externally for commonly accessed names.</para>
1311 <programlisting># $&os;$
1314 # This file should contain the addresses and aliases
1315 # for local hosts that share this file.
1316 # In the presence of the domain name service or NIS, this file may
1317 # not be consulted at all; see /etc/nsswitch.conf for the resolution order.
1320 ::1 localhost localhost.my.domain myname.my.domain
1321 127.0.0.1 localhost localhost.my.domain myname.my.domain
1324 # Imaginary network.
1325 #10.0.0.2 myname.my.domain myname
1326 #10.0.0.3 myfriend.my.domain myfriend
1328 # According to RFC 1918, you can use the following IP networks for
1329 # private nets which will never be connected to the Internet:
1331 # 10.0.0.0 - 10.255.255.255
1332 # 172.16.0.0 - 172.31.255.255
1333 # 192.168.0.0 - 192.168.255.255
1335 # In case you want to be able to connect to the Internet, you need
1336 # real official assigned numbers. PLEASE PLEASE PLEASE do not try
1337 # to invent your own network numbers but instead get one from your
1338 # network provider (if any) or from the Internet Registry (ftp to
1339 # rs.internic.net, directory `/templates').
1342 <para><filename>/etc/hosts</filename> takes on the simple format
1345 <programlisting>[Internet address] [official hostname] [alias1] [alias2] ...</programlisting>
1347 <para>For example:</para>
1349 <programlisting>10.0.0.1 myRealHostname.example.com myRealHostname foobar1 foobar2</programlisting>
1351 <para>Consult &man.hosts.5; for more information.</para>
1356 <title>Log File Configuration</title>
1358 <indexterm><primary>log files</primary></indexterm>
1361 <title><filename>syslog.conf</filename></title>
1363 <indexterm><primary>syslog.conf</primary></indexterm>
1365 <para><filename>syslog.conf</filename> is the configuration file
1366 for the &man.syslogd.8; program. It indicates which types
1367 of <command>syslog</command> messages are logged to particular
1370 <programlisting># $&os;$
1372 # Spaces ARE valid field separators in this file. However,
1373 # other *nix-like systems still insist on using tabs as field
1374 # separators. If you are sharing this file between systems, you
1375 # may want to use only tabs as field separators here.
1376 # Consult the syslog.conf(5) manual page.
1377 *.err;kern.debug;auth.notice;mail.crit /dev/console
1378 *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
1379 security.* /var/log/security
1380 mail.info /var/log/maillog
1381 lpr.info /var/log/lpd-errs
1382 cron.* /var/log/cron
1384 *.notice;news.err root
1387 # uncomment this to log all writes to /dev/console to /var/log/console.log
1388 #console.info /var/log/console.log
1389 # uncomment this to enable logging of all log messages to /var/log/all.log
1390 #*.* /var/log/all.log
1391 # uncomment this to enable logging to a remote log host named loghost
1393 # uncomment these if you're running inn
1394 # news.crit /var/log/news/news.crit
1395 # news.err /var/log/news/news.err
1396 # news.notice /var/log/news/news.notice
1398 *.* /var/log/slip.log
1400 *.* /var/log/ppp.log</programlisting>
1402 <para>Consult the &man.syslog.conf.5; manual page for more
1407 <title><filename>newsyslog.conf</filename></title>
1409 <indexterm><primary>newsyslog.conf</primary></indexterm>
1411 <para><filename>newsyslog.conf</filename> is the configuration
1412 file for &man.newsyslog.8;, a program that is normally scheduled
1413 to run by &man.cron.8;. &man.newsyslog.8; determines when log
1414 files require archiving or rearranging.
1415 <filename>logfile</filename> is moved to
1416 <filename>logfile.0</filename>, <filename>logfile.0</filename>
1417 is moved to <filename>logfile.1</filename>, and so on.
1418 Alternatively, the log files may be archived in &man.gzip.1; format
1419 causing them to be named: <filename>logfile.0.gz</filename>,
1420 <filename>logfile.1.gz</filename>, and so on.</para>
1422 <para><filename>newsyslog.conf</filename> indicates which log
1423 files are to be managed, how many are to be kept, and when
1424 they are to be touched. Log files can be rearranged and/or
1425 archived when they have either reached a certain size, or at a
1426 certain periodic time/date.</para>
1428 <programlisting># configuration file for newsyslog
1429 # $&os;$
1431 # filename [owner:group] mode count size when [ZB] [/pid_file] [sig_num]
1432 /var/log/cron 600 3 100 * Z
1433 /var/log/amd.log 644 7 100 * Z
1434 /var/log/kerberos.log 644 7 100 * Z
1435 /var/log/lpd-errs 644 7 100 * Z
1436 /var/log/maillog 644 7 * @T00 Z
1437 /var/log/sendmail.st 644 10 * 168 B
1438 /var/log/messages 644 5 100 * Z
1439 /var/log/all.log 600 7 * @T00 Z
1440 /var/log/slip.log 600 3 100 * Z
1441 /var/log/ppp.log 600 3 100 * Z
1442 /var/log/security 600 10 100 * Z
1443 /var/log/wtmp 644 3 * @01T05 B
1444 /var/log/daily.log 640 7 * @T00 Z
1445 /var/log/weekly.log 640 5 1 $W6D0 Z
1446 /var/log/monthly.log 640 12 * $M1D0 Z
1447 /var/log/console.log 640 5 100 * Z</programlisting>
1449 <para>Consult the &man.newsyslog.8; manual page for more
1455 <title><filename>sysctl.conf</filename></title>
1457 <indexterm><primary>sysctl.conf</primary></indexterm>
1458 <indexterm><primary>sysctl</primary></indexterm>
1460 <para><filename>sysctl.conf</filename> looks much like
1461 <filename>rc.conf</filename>. Values are set in a
1462 <literal>variable=value</literal>
1463 form. The specified values are set after the system goes into
1464 multi-user mode. Not all variables are settable in this mode.</para>
1466 <para>A sample <filename>sysctl.conf</filename> turning off logging
1467 of fatal signal exits and letting Linux programs know they are really
1468 running under &os;:</para>
1470 <programlisting>kern.logsigexit=0 # Do not log fatal signal exits (e.g. sig 11)
1471 compat.linux.osname=&os;
1472 <!-- todo: reed: check this -->
1473 compat.linux.osrelease=4.3-STABLE</programlisting>
1477 <sect1 id="configtuning-sysctl">
1478 <title>Tuning with sysctl</title>
1480 <indexterm><primary>sysctl</primary></indexterm>
1482 <primary>tuning</primary>
1483 <secondary>with sysctl</secondary>
1486 <para>&man.sysctl.8; is an interface that allows you to make changes
1487 to a running &os; system. This includes many advanced
1488 options of the TCP/IP stack and virtual memory system that can
1489 dramatically improve performance for an experienced system
1490 administrator. Over five hundred system variables can be read
1491 and set using &man.sysctl.8;.</para>
1493 <para>At its core, &man.sysctl.8; serves two functions: to read and
1494 to modify system settings.</para>
1496 <para>To view all readable variables:</para>
1498 <screen>&prompt.user; <userinput>sysctl -a</userinput></screen>
1500 <para>To read a particular variable, for example,
1501 <varname>kern.maxproc</varname>:</para>
1503 <screen>&prompt.user; <userinput>sysctl kern.maxproc</userinput>
1504 kern.maxproc: 1044</screen>
1506 <para>To set a particular variable, use the intuitive
1507 <replaceable>variable</replaceable>=<replaceable>value</replaceable>
1510 <screen>&prompt.root; <userinput>sysctl kern.maxfiles=5000</userinput>
1511 kern.maxfiles: 2088 -> 5000</screen>
1513 <para>Settings of sysctl variables are usually either strings,
1514 numbers, or booleans (a boolean being <literal>1</literal> for yes
1515 or a <literal>0</literal> for no).</para>
1517 <sect2 id="sysctl-readonly">
1521 <firstname>Tom</firstname>
1522 <surname>Rhodes</surname>
1523 <contrib>Contributed by </contrib>
1524 <!-- 31 January 2003 -->
1528 <title>&man.sysctl.8; Read-only</title>
1530 <para>In some cases it may be desirable to modify read-only &man.sysctl.8;
1531 values. While this is not recommended, it is also sometimes unavoidable.</para>
1533 <para>For instance on some laptop models the &man.cardbus.4; device will
1534 not probe memory ranges, and fail with errors which look similar to:</para>
1536 <screen>cbb0: Could not map register memory
1537 device_probe_and_attach: cbb0 attach returned 12</screen>
1539 <para>Cases like the one above usually require the modification of some
1540 default &man.sysctl.8; settings which are set read only. To overcome
1541 these situations a user can put &man.sysctl.8; <quote>OIDs</quote>
1542 in their local <filename>/boot/loader.conf</filename>. Default
1543 settings are located in the <filename>/boot/defaults/loader.conf</filename>
1546 <para>Fixing the problem mentioned above would require a user to set
1547 <option>hw.pci.allow_unsupported_io_range=1</option> in the aforementioned
1548 file. Now &man.cardbus.4; will work properly.</para>
1553 <sect1 id="configtuning-disk">
1554 <title>Tuning Disks</title>
1557 <title>Sysctl Variables</title>
1560 <title><varname>vfs.vmiodirenable</varname></title>
1563 <primary><varname>vfs.vmiodirenable</varname></primary>
1566 <para>The <varname>vfs.vmiodirenable</varname> sysctl variable
1567 may be set to either 0 (off) or 1 (on); it is 1 by default.
1568 This variable controls how directories are cached by the
1569 system. Most directories are small, using just a single
1570 fragment (typically 1 K) in the file system and less
1571 (typically 512 bytes) in the buffer cache.
1572 However, when operating in the default mode the buffer
1573 cache will only cache a fixed number of directories even if
1574 you have a huge amount of memory. Turning on this sysctl
1575 allows the buffer cache to use the VM Page Cache to cache the
1576 directories, making all the memory available for caching
1577 directories. However,
1578 the minimum in-core memory used to cache a directory is the
1579 physical page size (typically 4 K) rather than 512
1580 bytes. We recommend turning this option on if you are running
1581 any services which manipulate large numbers of files. Such
1582 services can include web caches, large mail systems, and news
1583 systems. Turning on this option will generally not reduce
1584 performance even with the wasted memory but you should
1585 experiment to find out.</para>
1589 <title><varname>vfs.write_behind</varname></title>
1592 <primary><varname>vfs.write_behind</varname></primary>
1595 <para>The <varname>vfs.write_behind</varname> sysctl variable
1596 defaults to <literal>1</literal> (on). This tells the file system
1597 to issue media writes as full clusters are collected, which
1598 typically occurs when writing large sequential files. The idea
1599 is to avoid saturating the buffer cache with dirty buffers when
1600 it would not benefit I/O performance. However, this may stall
1601 processes and under certain circumstances you may wish to turn it
1606 <title><varname>vfs.hirunningspace</varname></title>
1609 <primary><varname>vfs.hirunningspace</varname></primary>
1612 <para>The <varname>vfs.hirunningspace</varname> sysctl variable
1613 determines how much outstanding write I/O may be queued to disk
1614 controllers system-wide at any given instance. The default is
1615 usually sufficient but on machines with lots of disks you may
1616 want to bump it up to four or five <emphasis>megabytes</emphasis>.
1617 Note that setting too high a value (exceeding the buffer cache's
1618 write threshold) can lead to extremely bad clustering
1619 performance. Do not set this value arbitrarily high! Higher
1620 write values may add latency to reads occurring at the same time.
1623 <para>There are various other buffer-cache and VM page cache
1624 related sysctls. We do not recommend modifying these values.
1625 The VM system does an extremely good job of
1626 automatically tuning itself.</para>
1630 <title><varname>vm.swap_idle_enabled</varname></title>
1633 <primary><varname>vm.swap_idle_enabled</varname></primary>
1636 <para>The <varname>vm.swap_idle_enabled</varname> sysctl variable
1637 is useful in large multi-user systems where you have lots of
1638 users entering and leaving the system and lots of idle processes.
1639 Such systems tend to generate a great deal of continuous pressure
1640 on free memory reserves. Turning this feature on and tweaking
1641 the swapout hysteresis (in idle seconds) via
1642 <varname>vm.swap_idle_threshold1</varname> and
1643 <varname>vm.swap_idle_threshold2</varname> allows you to depress
1644 the priority of memory pages associated with idle processes more
1645 quickly then the normal pageout algorithm. This gives a helping
1646 hand to the pageout daemon. Do not turn this option on unless
1647 you need it, because the tradeoff you are making is essentially
1648 pre-page memory sooner rather than later; thus eating more swap
1649 and disk bandwidth. In a small system this option will have a
1650 determinable effect but in a large system that is already doing
1651 moderate paging this option allows the VM system to stage whole
1652 processes into and out of memory easily.</para>
1656 <title><varname>hw.ata.wc</varname></title>
1659 <primary><varname>hw.ata.wc</varname></primary>
1662 <para>IDE drives lie about when a write completes. With IDE write
1663 caching turned on, IDE hard drives not only write data
1664 to disk out of order, but will sometimes delay writing some
1665 blocks indefinitely when under heavy disk loads. A crash or
1666 power failure may cause serious file system corruption. Turning
1667 off write caching will remove the danger of this data loss, but
1668 will also cause disk operations to proceed
1669 <emphasis>very slowly.</emphasis> Change this only if prepared
1670 to suffer with the disk slowdown.</para>
1672 <para>Changing this variable must be done from the
1673 boot loader at boot time. Attempting to do it after the
1674 kernel boots will have no effect.</para>
1676 <para>For more information, please see &man.ata.4;.</para>
1681 <sect2 id="soft-updates">
1682 <title>Soft Updates</title>
1684 <indexterm><primary>Soft Updates</primary></indexterm>
1685 <indexterm><primary>tunefs</primary></indexterm>
1687 <para>The &man.tunefs.8; program can be used to fine-tune a
1688 file system. This program has many different options, but for
1689 now we are only concerned with toggling Soft Updates on and
1690 off, which is done by:</para>
1692 <screen>&prompt.root; <userinput>tunefs -n enable /filesystem</userinput>
1693 &prompt.root; <userinput>tunefs -n disable /filesystem</userinput></screen>
1695 <para>A filesystem cannot be modified with &man.tunefs.8; while
1696 it is mounted. A good time to enable Soft Updates is before any
1697 partitions have been mounted, in single-user mode.</para>
1699 <note><para>It is possible to enable Soft Updates
1700 at filesystem creation time, through use of the <literal>-U</literal>
1701 option to &man.newfs.8;.</para></note>
1703 <para>Soft Updates drastically improves meta-data performance, mainly
1704 file creation and deletion, through the use of a memory cache. We
1705 recommend to use Soft Updates on all of your file systems. There
1706 are two downsides to Soft Updates that you should be aware of: First,
1707 Soft Updates guarantees filesystem consistency in the case of a crash
1708 but could very easily be several seconds (even a minute!) behind
1709 updating the physical disk. If your system crashes you may lose more
1710 work than otherwise. Secondly, Soft Updates delays the freeing of
1711 filesystem blocks. If you have a filesystem (such as the root
1712 filesystem) which is almost full, performing a major update, such as
1713 <command>make installworld</command>, can cause the filesystem to run
1714 out of space and the update to fail.</para>
1717 <title>More Details about Soft Updates</title>
1720 <primary>Soft Updates</primary>
1721 <secondary>details</secondary>
1724 <para>There are two traditional approaches to writing a file
1725 systems meta-data back to disk. (Meta-data updates are
1726 updates to non-content data like inodes or
1727 directories.)</para>
1729 <para>Historically, the default behavior was to write out
1730 meta-data updates synchronously. If a directory had been
1731 changed, the system waited until the change was actually
1732 written to disk. The file data buffers (file contents) were
1733 passed through the buffer cache and backed up
1734 to disk later on asynchronously. The advantage of this
1735 implementation is that it operates safely. If there is
1736 a failure during an update, the meta-data are always in a
1737 consistent state. A file is either created completely
1738 or not at all. If the data blocks of a file did not find
1739 their way out of the buffer cache onto the disk by the time
1740 of the crash, &man.fsck.8; is able to recognize this and
1741 repair the filesystem by setting the file length to
1742 0. Additionally, the implementation is clear and simple.
1743 The disadvantage is that meta-data changes are slow. An
1744 <command>rm -r</command>, for instance, touches all the files
1745 in a directory sequentially, but each directory
1746 change (deletion of a file) will be written synchronously
1747 to the disk. This includes updates to the directory itself,
1748 to the inode table, and possibly to indirect blocks
1749 allocated by the file. Similar considerations apply for
1750 unrolling large hierarchies (<command>tar -x</command>).</para>
1752 <para>The second case is asynchronous meta-data updates. This
1753 is the default for Linux/ext2fs and
1754 <command>mount -o async</command> for *BSD ufs. All
1755 meta-data updates are simply being passed through the buffer
1756 cache too, that is, they will be intermixed with the updates
1757 of the file content data. The advantage of this
1758 implementation is there is no need to wait until each
1759 meta-data update has been written to disk, so all operations
1760 which cause huge amounts of meta-data updates work much
1761 faster than in the synchronous case. Also, the
1762 implementation is still clear and simple, so there is a low
1763 risk for bugs creeping into the code. The disadvantage is
1764 that there is no guarantee at all for a consistent state of
1765 the filesystem. If there is a failure during an operation
1766 that updated large amounts of meta-data (like a power
1767 failure, or someone pressing the reset button),
1769 will be left in an unpredictable state. There is no opportunity
1770 to examine the state of the filesystem when the system
1771 comes up again; the data blocks of a file could already have
1772 been written to the disk while the updates of the inode
1773 table or the associated directory were not. It is actually
1774 impossible to implement a <command>fsck</command> which is
1775 able to clean up the resulting chaos (because the necessary
1776 information is not available on the disk). If the
1777 filesystem has been damaged beyond repair, the only choice
1778 is to use &man.newfs.8; on it and restore it from backup.
1781 <para>The usual solution for this problem was to implement
1782 <emphasis>dirty region logging</emphasis>, which is also
1783 referred to as <emphasis>journaling</emphasis>, although that
1784 term is not used consistently and is occasionally applied
1785 to other forms of transaction logging as well. Meta-data
1786 updates are still written synchronously, but only into a
1787 small region of the disk. Later on they will be moved
1788 to their proper location. Because the logging
1789 area is a small, contiguous region on the disk, there
1790 are no long distances for the disk heads to move, even
1791 during heavy operations, so these operations are quicker
1792 than synchronous updates.
1793 Additionally the complexity of the implementation is fairly
1794 limited, so the risk of bugs being present is low. A disadvantage
1795 is that all meta-data are written twice (once into the
1796 logging region and once to the proper location) so for
1797 normal work, a performance <quote>pessimization</quote>
1798 might result. On the other hand, in case of a crash, all
1799 pending meta-data operations can be quickly either rolled-back
1800 or completed from the logging area after the system comes
1801 up again, resulting in a fast filesystem startup.</para>
1803 <para>Kirk McKusick, the developer of Berkeley FFS,
1804 solved this problem with Soft Updates: all pending
1805 meta-data updates are kept in memory and written out to disk
1806 in a sorted sequence (<quote>ordered meta-data
1807 updates</quote>). This has the effect that, in case of
1808 heavy meta-data operations, later updates to an item
1809 <quote>catch</quote> the earlier ones if the earlier ones are still in
1810 memory and have not already been written to disk. So all
1811 operations on, say, a directory are generally performed in
1812 memory before the update is written to disk (the data
1813 blocks are sorted according to their position so
1814 that they will not be on the disk ahead of their meta-data).
1815 If the system crashes, this causes an implicit <quote>log
1816 rewind</quote>: all operations which did not find their way
1817 to the disk appear as if they had never happened. A
1818 consistent filesystem state is maintained that appears to
1819 be the one of 30 to 60 seconds earlier. The
1820 algorithm used guarantees that all resources in use
1821 are marked as such in their appropriate bitmaps: blocks and inodes.
1822 After a crash, the only resource allocation error
1823 that occurs is that resources are
1824 marked as <quote>used</quote> which are actually <quote>free</quote>.
1825 &man.fsck.8; recognizes this situation,
1826 and frees the resources that are no longer used. It is safe to
1827 ignore the dirty state of the filesystem after a crash by
1828 forcibly mounting it with <command>mount -f</command>. In
1829 order to free resources that may be unused, &man.fsck.8;
1830 needs to be run at a later time.</para>
1832 <para>The advantage is that meta-data operations are nearly as
1833 fast as asynchronous updates (i.e. faster than with
1834 <emphasis>logging</emphasis>, which has to write the
1835 meta-data twice). The disadvantages are the complexity of
1836 the code (implying a higher risk for bugs in an area that
1837 is highly sensitive regarding loss of user data), and a
1838 higher memory consumption. Additionally there are some
1839 idiosyncrasies one has to get used to.
1840 After a crash, the state of the filesystem appears to be
1841 somewhat <quote>older</quote>. In situations where
1842 the standard synchronous approach would have caused some
1843 zero-length files to remain after the
1844 <command>fsck</command>, these files do not exist at all
1845 with a Soft Updates filesystem because neither the meta-data
1846 nor the file contents have ever been written to disk.
1847 Disk space is not released until the updates have been
1848 written to disk, which may take place some time after
1849 running <command>rm</command>. This may cause problems
1850 when installing large amounts of data on a filesystem
1851 that does not have enough free space to hold all the files
1857 <sect1 id="configtuning-kernel-limits">
1858 <title>Tuning Kernel Limits</title>
1861 <primary>tuning</primary>
1862 <secondary>kernel limits</secondary>
1865 <sect2 id="file-process-limits">
1866 <title>File/Process Limits</title>
1868 <sect3 id="kern-maxfiles">
1869 <title><varname>kern.maxfiles</varname></title>
1872 <primary><varname>kern.maxfiles</varname></primary>
1875 <para><varname>kern.maxfiles</varname> can be raised or
1876 lowered based upon your system requirements. This variable
1877 indicates the maximum number of file descriptors on your
1878 system. When the file descriptor table is full,
1879 <errorname>file: table is full</errorname> will show up repeatedly
1880 in the system message buffer, which can be viewed with the
1881 <command>dmesg</command> command.</para>
1883 <para>Each open file, socket, or fifo uses one file
1884 descriptor. A large-scale production server may easily
1885 require many thousands of file descriptors, depending on the
1886 kind and number of services running concurrently.</para>
1888 <para><varname>kern.maxfile</varname>'s default value is
1889 dictated by the <option>MAXUSERS</option> option in your
1890 kernel configuration file. <varname>kern.maxfiles</varname> grows
1891 proportionally to the value of <option>MAXUSERS</option>. When
1892 compiling a custom kernel, it is a good idea to set this kernel
1893 configuration option according to the uses of your system. From
1894 this number, the kernel is given most of its pre-defined limits.
1895 Even though a production machine may not actually have 256 users
1896 connected at once, the resources needed may be similar to a
1897 high-scale web server.</para>
1899 <note><para>Setting <option>MAXUSERS</option> to
1900 <literal>0</literal> in your kernel configuration file will choose
1901 a reasonable default value based on the amount of RAM present in
1902 your system. It is set to 0 in the default GENERIC kernel.</para></note>
1907 <title><varname>kern.ipc.somaxconn</varname></title>
1910 <primary><varname>kern.ipc.somaxconn</varname></primary>
1913 <para>The <varname>kern.ipc.somaxconn</varname> sysctl variable
1914 limits the size of the listen queue for accepting new TCP
1915 connections. The default value of <literal>128</literal> is
1916 typically too low for robust handling of new connections in a
1917 heavily loaded web server environment. For such environments, it
1918 is recommended to increase this value to <literal>1024</literal> or
1919 higher. The service daemon may itself limit the listen queue size
1920 (e.g. &man.sendmail.8;, or <application>Apache</application>) but
1921 will often have a directive in its configuration file to adjust
1922 the queue size. Large listen queues also do a better job of
1923 avoiding Denial of Service (<abbrev>DoS</abbrev>) attacks.</para>
1928 <title>Network Limits</title>
1930 <para>The <option>NMBCLUSTERS</option> kernel configuration
1931 option dictates the amount of network Mbufs available to the
1932 system. A heavily-trafficked server with a low number of Mbufs
1933 will hinder &os;'s ability. Each cluster represents
1934 approximately 2 K of memory, so a value of 1024 represents 2
1935 megabytes of kernel memory reserved for network buffers. A
1936 simple calculation can be done to figure out how many are
1937 needed. If you have a web server which maxes out at 1000
1938 simultaneous connections, and each connection eats a 16 K receive
1939 and 16 K send buffer, you need approximately 32 MB worth of
1940 network buffers to cover the web server. A good rule of thumb is
1941 to multiply by 2, so 2x32 MB / 2 KB =
1942 64 MB / 2 kB = 32768. We recommend
1943 values between 4096 and 32768 for machines with greater amounts
1944 of memory. Under no circumstances should you specify an
1945 arbitrarily high value for this parameter as it could lead to a
1946 boot time crash. The <option>-m</option> option to
1947 &man.netstat.1; may be used to observe network cluster
1948 use. <varname>kern.ipc.nmbclusters</varname> loader tunable should
1949 be used to tune this at boot time.</para>
1951 <para>For busy servers that make extensive use of the
1952 &man.sendfile.2; system call, it may be necessary to increase
1953 the number of &man.sendfile.2; buffers via the
1954 <option>NSFBUFS</option> kernel configuration option or by
1955 setting its value in <filename>/boot/loader.conf</filename>
1956 (see &man.loader.8; for details). A common indicator that
1957 this parameter needs to be adjusted is when processes are seen
1958 in the <errorname>sfbufa</errorname> state. The sysctl
1959 variable <varname>kern.ipc.nsfbufs</varname> is a read-only
1960 glimpse at the kernel configured variable. This parameter
1961 nominally scales with <varname>kern.maxusers</varname>,
1962 however it may be necessary to tune accordingly.</para>
1965 <para>Even though a socket has been marked as non-blocking,
1966 calling &man.sendfile.2; on the non-blocking socket may
1967 result in the &man.sendfile.2; call blocking until enough
1968 <literal>struct sf_buf</literal>'s are made
1973 <title><varname>net.inet.ip.portrange.*</varname></title>
1976 <primary>net.inet.ip.portrange.*</primary>
1979 <para>The <varname>net.inet.ip.portrange.*</varname> sysctl
1980 variables control the port number ranges automatically bound to TCP
1981 and UDP sockets. There are three ranges: a low range, a default
1982 range, and a high range. Most network programs use the default
1983 range which is controlled by the
1984 <varname>net.inet.ip.portrange.first</varname> and
1985 <varname>net.inet.ip.portrange.last</varname>, which default to
1986 1024 and 5000, respectively. Bound port ranges are used for
1987 outgoing connections, and it is possible to run the system out of
1988 ports under certain circumstances. This most commonly occurs
1989 when you are running a heavily loaded web proxy. The port range
1990 is not an issue when running servers which handle mainly incoming
1991 connections, such as a normal web server, or has a limited number
1992 of outgoing connections, such as a mail relay. For situations
1993 where you may run yourself out of ports, it is recommended to
1994 increase <varname>net.inet.ip.portrange.last</varname> modestly.
1995 A value of <literal>10000</literal>, <literal>20000</literal> or
1996 <literal>30000</literal> may be reasonable. You should also
1997 consider firewall effects when changing the port range. Some
1998 firewalls may block large ranges of ports (usually low-numbered
1999 ports) and expect systems to use higher ranges of ports for
2000 outgoing connections — for this reason it is recommended that
2001 <varname>net.inet.ip.portrange.first</varname> be lowered.</para>
2005 <title>TCP Bandwidth Delay Product</title>
2008 <primary>TCP Bandwidth Delay Product Limiting</primary>
2009 <secondary><varname>net.inet.tcp.inflight_enable</varname></secondary>
2012 <para>The TCP Bandwidth Delay Product Limiting is similar to
2013 TCP/Vegas in <application>&netbsd;</application>.
2015 <indexterm><primary>&netbsd;</primary></indexterm>
2018 enabled by setting <varname>net.inet.tcp.inflight_enable</varname>
2019 sysctl variable to <literal>1</literal>. The system will attempt
2020 to calculate the bandwidth delay product for each connection and
2021 limit the amount of data queued to the network to just the amount
2022 required to maintain optimum throughput.</para>
2024 <para>This feature is useful if you are serving data over modems,
2025 Gigabit Ethernet, or even high speed WAN links (or any other link
2026 with a high bandwidth delay product), especially if you are also
2027 using window scaling or have configured a large send window. If
2028 you enable this option, you should also be sure to set
2029 <varname>net.inet.tcp.inflight_debug</varname> to
2030 <literal>0</literal> (disable debugging), and for production use
2031 setting <varname>net.inet.tcp.inflight_min</varname> to at least
2032 <literal>6144</literal> may be beneficial. However, note that
2033 setting high minimums may effectively disable bandwidth limiting
2034 depending on the link. The limiting feature reduces the amount of
2035 data built up in intermediate route and switch packet queues as
2036 well as reduces the amount of data built up in the local host's
2037 interface queue. With fewer packets queued up, interactive
2038 connections, especially over slow modems, will also be able to
2039 operate with lower <emphasis>Round Trip Times</emphasis>. However,
2040 note that this feature only effects data transmission (uploading
2041 / server side). It has no effect on data reception (downloading).
2044 <para>Adjusting <varname>net.inet.tcp.inflight_stab</varname> is
2045 <emphasis>not</emphasis> recommended. This parameter defaults to
2046 20, representing 2 maximal packets added to the bandwidth delay
2047 product window calculation. The additional window is required to
2048 stabilize the algorithm and improve responsiveness to changing
2049 conditions, but it can also result in higher ping times over slow
2050 links (though still much lower than you would get without the
2051 inflight algorithm). In such cases, you may wish to try reducing
2052 this parameter to 15, 10, or 5; and may also have to reduce
2053 <varname>net.inet.tcp.inflight_min</varname> (for example, to
2054 3500) to get the desired effect. Reducing these parameters
2055 should be done as a last resort only.</para>
2060 <sect1 id="adding-swap-space">
2061 <title>Adding Swap Space</title>
2063 <para>No matter how well you plan, sometimes a system does not run
2064 as you expect. If you find you need more swap space, it is
2065 simple enough to add. You have three ways to increase swap
2066 space: adding a new hard drive, enabling swap over NFS, and
2067 creating a swap file on an existing partition.</para>
2069 <sect2 id="new-drive-swap">
2070 <title>Swap on a New Hard Drive</title>
2072 <para>The best way to add swap, of course, is to use this as an
2073 excuse to add another hard drive. You can always use another
2074 hard drive, after all. If you can do this, go reread the
2075 discussion of <ulink
2076 url="configtuning-initial.html#SWAP-DESIGN">swap space
2077 </ulink> from the <ulink
2078 url="configtuning-initial.html">Initial Configuration</ulink>
2079 section of the Handbook for some suggestions on how to best
2080 arrange your swap.</para>
2083 <sect2 id="nfs-swap">
2084 <title>Swapping over NFS</title>
2086 <para>Swapping over NFS is only recommended if you do not have a
2087 local hard disk to swap to. Even though &os; has an excellent
2088 NFS implementation, NFS swapping will be limited
2089 by the available network bandwidth and puts an additional
2090 burden on the NFS server.</para>
2093 <sect2 id="create-swapfile">
2094 <title>Swapfiles</title>
2096 <para>You can create a file of a specified size to use as a swap
2097 file. In our example here we will use a 64MB file called
2098 <filename>/usr/swap0</filename>. You can use any name you
2099 want, of course.</para>
2102 <title>Creating a Swapfile</title>
2106 <para>Be certain that your kernel configuration includes
2107 the vnode driver. It is <emphasis>not</emphasis> in recent versions of
2108 <filename>GENERIC</filename>.</para>
2110 <programlisting>pseudo-device vn 1 #Vnode driver (turns a file into a device)</programlisting>
2114 <para>Create a vn-device:</para>
2115 <screen>&prompt.root; <userinput>cd /dev</userinput>
2116 &prompt.root; <userinput>sh MAKEDEV vn0</userinput></screen>
2120 <para>Create a swapfile (<filename>/usr/swap0</filename>):</para>
2122 <screen>&prompt.root; <userinput>dd if=/dev/zero of=/usr/swap0 bs=1024k count=64</userinput></screen>
2126 <para>Set proper permissions on (<filename>/usr/swap0</filename>):</para>
2128 <screen>&prompt.root; <userinput>chmod 0600 /usr/swap0</userinput></screen>
2132 <para>Enable the swap file in <filename>/etc/rc.conf</filename>:</para>
2134 <programlisting>swapfile="/usr/swap0" # Set to name of swapfile if aux swapfile desired.</programlisting>
2139 <para>Reboot the machine or to enable the swap file immediately,
2142 <screen>&prompt.root; <userinput>vnconfig -e /dev/vn0b /usr/swap0 swap</userinput></screen>
2150 <sect1 id="acpi-overview">
2154 <firstname>Hiten</firstname>
2155 <surname>Pandya</surname>
2156 <contrib>Written by </contrib>
2159 <firstname>Tom</firstname>
2160 <surname>Rhodes</surname>
2165 <title>Power and Resource Management</title>
2167 <para>It is very important to utilize hardware resources in an
2168 efficient manner. Before <acronym>ACPI</acronym> was introduced,
2169 it was very difficult and inflexible for operating systems to manage
2170 the power usage and thermal properties of a system. The hardware was
2171 controlled by some sort of <acronym>BIOS</acronym> embedded
2172 interface, such as <emphasis>Plug and Play BIOS (PNPBIOS)</emphasis>, or
2173 <emphasis>Advanced Power Management (APM)</emphasis> and so on.
2174 Power and Resource Management is one of the key components of a modern
2175 operating system. For example, you may want an operating system to
2176 monitor system limits (and possibly alert you) in case your system
2177 temperature increased unexpectedly.</para>
2179 <para>In this section, we will provide
2180 comprehensive information about <acronym>ACPI</acronym>. References
2181 will be provided for further reading at the end. Please be aware
2182 that <acronym>ACPI</acronym> is available on &os; systems as a
2183 default kernel module. </para>
2185 <sect2 id="acpi-intro">
2186 <title>What Is ACPI?</title>
2188 <para>Advanced Configuration and Power Interface
2189 (<acronym>ACPI</acronym>) is a standard written by
2190 an alliance of vendors to provide a standard interface for
2191 hardware resources and power management (hence the name).
2192 It is a key element in <emphasis>Operating System-directed
2193 configuration and Power Management</emphasis>, i.e.: it provides
2194 more control and flexibility to the operating system
2195 (<acronym>OS</acronym>).
2196 Modern systems <quote>stretched</quote> the limits of the
2197 current Plug and Play interfaces (such as APM), prior to the introduction of
2198 <acronym>ACPI</acronym>. <acronym>ACPI</acronym> is the direct
2199 successor to <acronym>APM</acronym>
2200 (Advanced Power Management).</para>
2203 <sect2 id="acpi-old-spec">
2204 <title>Shortcomings of Advanced Power Management (APM)</title>
2206 <para>The <emphasis>Advanced Power Management (APM)</emphasis>
2207 facility control's the power usage of a system based on its
2208 activity. The APM BIOS is supplied by the (system) vendor and
2209 it is specific to the hardware platform. An APM driver in the
2210 OS mediates access to the <emphasis>APM Software Interface</emphasis>,
2211 which allows management of power levels.</para>
2213 <para>There are four major problems in APM. Firstly, power
2214 management is done by the (vendor-specific) BIOS, and the OS
2215 does not have any knowledge of it. One example of this, is when
2216 the user sets idle-time values for a hard drive in the APM BIOS,
2217 that when exceeded, it (BIOS) would spin down the hard drive,
2218 without the consent of the OS. Secondly, the APM logic is
2219 embedded in the BIOS, and it operates outside the scope of the
2220 OS. This means users can only fix problems in their APM BIOS by
2221 flashing a new one into the ROM; which, is a very dangerous
2222 procedure, and if it fails, it could leave the system in an
2223 unrecoverable state. Thirdly, APM is a vendor-specific
2224 technology, which, means that there is a lot or parity
2225 (duplication of efforts) and bugs found in one vendor's BIOS,
2226 may not be solved in others. Last but not the least, the APM
2227 BIOS did not have enough room to implement a sophisticated power
2228 policy, or one that can adapt very well to the purpose of the
2231 <para><emphasis>Plug and Play BIOS (PNPBIOS)</emphasis> was
2232 unreliable in many situations. PNPBIOS is 16-bit technology,
2233 so the OS has to use 16-bit emulation in order to
2234 <quote>interface</quote> with PNPBIOS methods.</para>
2236 <para>The &os; <acronym>APM</acronym> driver is documented in
2237 the &man.apm.4; manual page.</para>
2240 <sect2 id="acpi-config">
2241 <title>Configuring <acronym>ACPI</acronym></title>
2243 <para>The <filename>acpi.ko</filename> driver is loaded by default
2244 at start up by the &man.loader.8; and should <emphasis>not</emphasis>
2245 be compiled into the kernel. The reasoning behind this is that modules
2246 are easier to work with, say if switching to another <filename>acpi.ko</filename>
2247 without doing a kernel rebuild. This has the advantage of making testing easier.
2248 Another reason is that starting <acronym>ACPI</acronym> after a system has been
2249 brought up is not too useful, and in some cases can be fatal. In doubt, just
2250 disable <acronym>ACPI</acronym> all together. This driver should not and can not
2251 be unloaded because the system bus uses it for various hardware interactions.
2252 <acronym>ACPI</acronym> can be disabled with the &man.acpiconf.8; utility.
2253 In fact most of the interaction with <acronym>ACPI</acronym> can be done via
2254 &man.acpiconf.8;. Basically this means, if anything about <acronym>ACPI</acronym>
2255 is in the &man.dmesg.8; output, then most likely it is already running.</para>
2257 <note><para><acronym>ACPI</acronym> and <acronym>APM</acronym> cannot coexist and
2258 should be used separately. The last one to load will terminate if the driver
2259 notices the other running.</para></note>
2261 <para>In the simplest form, <acronym>ACPI</acronym> can be used to put the
2262 system into a sleep mode with &man.acpiconf.8;, the <option>-s</option>
2263 flag, and a <literal>1-5</literal> option. Most users will only need
2264 <literal>1</literal>. Option <literal>5</literal> will do a soft-off
2265 which is the same action as:</para>
2267 <screen>&prompt.root; <userinput>halt -p</userinput></screen>
2269 <para>The other options are available. Check out the &man.acpiconf.8;
2270 manual page for more information.</para>
2274 <sect1 id="ACPI-debug">
2278 <firstname>Nate</firstname>
2279 <surname>Lawson</surname>
2280 <contrib>Written by </contrib>
2285 <firstname>Peter</firstname>
2286 <surname>Schultz</surname>
2287 <contrib>With contributions from </contrib>
2290 <firstname>Tom</firstname>
2291 <surname>Rhodes</surname>
2296 <title>Using and Debugging &os; <acronym>ACPI</acronym></title>
2298 <para><acronym>ACPI</acronym> is a fundamentally new way of
2299 discovering devices, managing power usage, and providing
2300 standardized access to various hardware previously managed
2301 by the <acronym>BIOS</acronym>. Progress is being made toward
2302 <acronym>ACPI</acronym> working on all systems, but bugs in some
2303 motherboards' <firstterm><acronym>ACPI</acronym> Machine
2304 Language</firstterm> (<acronym>AML</acronym>) bytecode,
2305 incompleteness in &os;'s kernel subsystems, and bugs in the Intel
2306 <acronym>ACPI-CA</acronym> interpreter continue to appear.</para>
2308 <para>This document is intended to help you assist the &os;
2309 <acronym>ACPI</acronym> maintainers in identifying the root cause
2310 of problems you observe and debugging and developing a solution.
2311 Thanks for reading this and we hope we can solve your system's
2314 <sect2 id="ACPI-submitdebug">
2315 <title>Submitting Debugging Information</title>
2318 <para>Before submitting a problem, be sure you are running the latest
2319 <acronym>BIOS</acronym> version and, if available, embedded
2320 controller firmware version.</para>
2323 <para>For those of you that want to submit a problem right away,
2324 please send the following information to
2325 &a.bugs.name;</para>
2329 <para>Description of the buggy behavior, including system type
2330 and model and anything that causes the bug to appear. Also,
2331 please note as accurately as possible when the bug began
2332 occurring if it is new for you.</para>
2336 <para>The dmesg output after <quote>boot
2337 <option>-v</option></quote>, including any error messages
2338 generated by you exercising the bug.</para>
2342 <para>dmesg output from <quote>boot
2343 <option>-v</option></quote> with <acronym>ACPI</acronym>
2344 disabled, if disabling it helps fix the problem.</para>
2348 <para>Output from <quote>sysctl hw.acpi</quote>. This is also
2349 a good way of figuring out what features your system
2354 <para><acronym>URL</acronym> where your
2355 <firstterm><acronym>ACPI</acronym> Source Language</firstterm>
2356 (<acronym>ASL</acronym>)
2357 can be found. Do <emphasis>not</emphasis> send the
2358 <acronym>ASL</acronym> directly to the list as it can be
2359 very large. Generate a copy of your <acronym>ASL</acronym>
2360 by running this command:</para>
2362 <screen>&prompt.root; <userinput>acpidump -t -d > <replaceable>name</replaceable>-<replaceable>system</replaceable>.asl</userinput></screen>
2364 <para>(Substitute your login name for
2365 <replaceable>name</replaceable> and manufacturer/model for
2366 <replaceable>system</replaceable>. Example:
2367 <filename>njl-FooCo6000.asl</filename>)</para>
2373 <sect2 id="ACPI-background">
2374 <title>Background</title>
2376 <para><acronym>ACPI</acronym> is present in all modern computers
2377 that conform to the ia32 (x86), ia64 (Itanium), and amd64 (AMD)
2378 architectures. The full standard has many features including
2379 <acronym>CPU</acronym> performance management, power planes
2380 control, thermal zones, various battery systems, embedded
2381 controllers, and bus enumeration. Most systems implement less
2382 than the full standard. For instance, a desktop system usually
2383 only implements the bus enumeration parts while a laptop might
2384 have cooling and battery management support as well. Laptops
2385 also have suspend and resume, with their own associated
2388 <para>An <acronym>ACPI</acronym>-compliant system has various
2389 components. The <acronym>BIOS</acronym> and chipset vendors
2390 provide various fixed tables (e.g., <acronym>FADT</acronym>)
2391 in memory that specify things like the <acronym>APIC</acronym>
2392 map (used for <acronym>SMP</acronym>), config registers, and
2393 simple configuration values. Additionally, a table of bytecode
2394 (the <firstterm>Differentiated System Description Table</firstterm>
2395 <acronym>DSDT</acronym>) is provided that specifies a
2396 tree-like name space of devices and methods.</para>
2398 <para>The <acronym>ACPI</acronym> driver must parse the fixed
2399 tables, implement an interpreter for the bytecode, and modify
2400 device drivers and the kernel to accept information from the
2401 <acronym>ACPI</acronym> subsystem. For &os;, Intel has
2402 provided an interpreter (<acronym>ACPI-CA</acronym>) that is
2403 shared with Linux and &netbsd;.
2405 <indexterm><primary>&netbsd;</primary></indexterm>
2408 <acronym>ACPI-CA</acronym> source code is
2409 <filename role="directory">src/sys/contrib/dev/acpica-unix-YYYYMMDD</filename>,
2410 where YYYYMMDD is the release date of the ACPI-CA source code. The
2411 glue code that allows <acronym>ACPI-CA</acronym> to work on
2412 &os; is in <filename>src/sys/dev/acpica5/Osd</filename>. Finally,
2413 drivers that implement various <acronym>ACPI</acronym> devices
2414 are found in <filename role="directory">src/sys/dev/acpica5</filename>,
2415 and architecture-dependent code resides in
2416 <filename role="directory">/sys/<replaceable>arch</replaceable>/acpica5</filename>.
2420 <sect2 id="ACPI-comprob">
2421 <title>Common Problems</title>
2423 <para>For <acronym>ACPI</acronym> to work correctly, all the parts
2424 have to work correctly. Here are some common problems, in order
2425 of frequency of appearance, and some possible workarounds or
2429 <title>Suspend/Resume</title>
2431 <para><acronym>ACPI</acronym> has three suspend to
2432 <acronym>RAM</acronym> (<acronym>STR</acronym>) states,
2433 <literal>S1</literal>-<literal>S3</literal>, and one suspend
2434 to disk state (<literal>STD</literal>), called
2435 <literal>S4</literal>. <literal>S5</literal> is
2436 <quote>soft off</quote> and is the normal state your system
2437 is in when plugged in but not powered up.
2438 <literal>S4</literal> can actually be implemented two separate
2439 ways. <literal>S4</literal><acronym>BIOS</acronym> is a
2440 <acronym>BIOS</acronym>-assisted suspend to disk.
2441 <literal>S4</literal><acronym>OS</acronym> is implemented
2442 entirely by the operating system.</para>
2444 <para>Start by checking <command>sysctl</command>
2445 <option>hw.acpi</option> for the suspend-related items. Here
2446 are the results for my Thinkpad:</para>
2448 <screen>hw.acpi.supported_sleep_state: S3 S4 S5</screen>
2449 <screen>hw.acpi.s4bios: 0</screen>
2451 <para>This means that I can use <command>acpiconf -s</command>
2452 to test <literal>S3</literal>,
2453 <literal>S4</literal><acronym>OS</acronym>, and
2454 <literal>S5</literal>. If <option>s4bios</option> was one
2455 (<literal>1</literal>), I would have
2456 <literal>S4</literal><acronym>BIOS</acronym>
2457 support instead of <literal>S4</literal>
2458 <acronym>OS</acronym>.</para>
2460 <para>When testing suspend/resume, start with
2461 <literal>S1</literal>, if supported. This state is most
2462 likely to work since it doesn't require much driver support.
2463 No one has implemented <literal>S2</literal> but if you have
2464 it, it's similar to <literal>S1</literal>. The next thing
2465 to try is <literal>S3</literal>. This is the deepest
2466 <acronym>STR</acronym> state and requires a lot of driver
2467 support to properly reinitialize your hardware. If you have
2468 problems resuming, feel free to email the &a.bugs.name; list but
2469 do not expect the problem to be resolved since there are a lot
2470 of drivers/hardware that need more testing and work.</para>
2472 <para>To help isolate the problem, remove as many drivers from
2473 your kernel as possible. If it works, you can narrow down
2474 which driver is the problem by loading drivers until it fails
2475 again. Typically binary drivers like
2476 <filename>nvidia.ko</filename>, <application>X11</application>
2477 display drivers, and <acronym>USB</acronym> will have the most
2478 problems while Ethernet interfaces usually work fine. If you
2479 can load/unload the drivers ok, you can automate this by
2480 putting the appropriate commands in
2481 <filename>/etc/rc.suspend</filename> and
2482 <filename>/etc/rc.resume</filename>. There is a
2483 commented-out example for unloading and loading a driver. Try
2484 setting <option>hw.acpi.reset_video</option> to zero (0) if
2485 your display is messed up after resume. Try setting longer or
2486 shorter values for <option>hw.acpi.sleep_delay</option> to see
2487 if that helps.</para>
2489 <para>Another thing to try is load a recent Linux distribution
2490 with <acronym>ACPI</acronym> support and test their
2491 suspend/resume support on the same hardware. If it works
2492 on Linux, it's likely a &os; driver problem and narrowing down
2493 which driver causes the problems will help us fix the problem.
2494 Note that the <acronym>ACPI</acronym> maintainers do not
2495 usually maintain other drivers (e.g sound,
2496 <acronym>ATA</acronym>, etc.) so any work done on tracking
2497 down a driver problem should probably eventually be posted
2498 to the &a.bugs.name; list and mailed to the driver
2499 maintainer. If you are feeling adventurous, go ahead and
2500 start putting some debugging &man.printf.3;s in a problematic
2501 driver to track down where in its resume function it
2504 <para>Finally, try disabling <acronym>ACPI</acronym> and
2505 enabling <acronym>APM</acronym> instead. If suspend/resume
2506 works with <acronym>APM</acronym>, you may be better off
2507 sticking with <acronym>APM</acronym>, especially on older
2508 hardware (pre-2000). It took vendors a while to get
2509 <acronym>ACPI</acronym> support correct and older hardware is
2510 more likely to have <acronym>BIOS</acronym> problems with
2511 <acronym>ACPI</acronym>.</para>
2515 <title>System Hangs (temporary or permanent)</title>
2517 <para>Most system hangs are a result of lost interrupts or an
2518 interrupt storm. Chipsets have a lot of problems based on how
2519 the <acronym>BIOS</acronym> configures interrupts before boot,
2520 correctness of the <acronym>APIC</acronym>
2521 (<acronym>MADT</acronym>) table, and routing of the
2522 <firstterm>System Control Interrupt</firstterm>
2523 (<acronym>SCI</acronym>).</para>
2525 <para>Interrupt storms can be distinguished from lost interrupts
2526 by checking the output of <command>vmstat -i</command>
2527 and looking at the line that has
2528 <literal>acpi0</literal>. If the counter is increasing at more
2529 than a couple per second, you have an interrupt storm. If the
2530 system appears hung, try breaking to <acronym>DDB</acronym>
2531 (<keycombo action="simul"><keycap>CTRL</keycap>
2532 <keycap>ALT</keycap><keycap>ESC</keycap></keycombo> on
2533 console) and type <option>show interrupts</option>.</para>
2535 <para>Your best hope when dealing with interrupt problems is to
2536 try disabling <acronym>APIC</acronym> support with
2537 <literal>hint.apic.0.disabled="1"</literal> in
2538 <filename>loader.conf</filename>.</para>
2542 <title>Panics</title>
2544 <para>Panics are relatively rare for <acronym>ACPI</acronym> and
2545 are the top priority to be fixed. The first step is to
2546 isolate the steps to reproduce the panic (if possible)
2547 and get a backtrace. Follow the advice for enabling
2548 <option>options DDB</option> and setting up a serial console
2549 (see <xref linkend="serialconsole-ddb">)
2550 or setting up a &man.dump.8; partition. You can get a
2551 backtrace in <acronym>DDB</acronym> with
2552 <option>tr</option>. If you have to handwrite the
2553 backtrace, be sure to at least get the lowest five (5) and top
2554 five (5) lines in the trace.</para>
2556 <para>Then, try to isolate the problem by booting with
2557 <acronym>ACPI</acronym> disabled. If that works, you can
2558 isolate the <acronym>ACPI</acronym> subsystem by using various
2559 values of <option>debug.acpi.disable</option>. See the
2560 &man.acpi.4; manual page for some examples.</para>
2564 <title>System Powers Up After Suspend or Shutdown</title>
2565 <para>First, try setting
2566 <option>hw.acpi.disable_on_poweroff=</option><quote>0</quote>
2567 in &man.loader.conf.5;. This keeps <acronym>ACPI</acronym>
2568 from disabling various events during the shutdown process.
2569 Some systems need this value set to <quote>1</quote> (the
2570 default) for the same reason. This usually fixes
2571 the problem of a system powering up spontaneously after a
2572 suspend or poweroff.</para>
2576 <title>Other Problems</title>
2578 <para>If you have other problems with <acronym>ACPI</acronym>
2579 (working with a docking station, devices not detected, etc.),
2580 please email a description to the mailing list as well;
2581 however, some of these issues may be related to unfinished
2582 parts of the <acronym>ACPI</acronym> subsystem so they might
2583 take a while to be implemented. Please be patient and
2584 prepared to test patches we may send you.</para>
2588 <sect2 id="ACPI-aslanddump">
2589 <title><acronym>ASL</acronym>, <command>acpidump</command>, and
2590 <acronym>IASL</acronym></title>
2592 <para>The most common problem is the <acronym>BIOS</acronym>
2593 vendors providing incorrect (or outright buggy!) bytecode. This
2594 is usually manifested by kernel console messages like
2597 <screen>ACPI-1287: *** Error: Method execution failed [\\_SB_.PCI0.LPC0.FIGD._STA] (Node 0xc3f6d160), AE_NOT_FOUND</screen>
2599 <para>Often, you can resolve these problems by updating your
2600 <acronym>BIOS</acronym> to the latest revision. Most console
2601 messages are harmless but if you have other problems like
2602 battery status not working, they're a good place to start
2603 looking for problems in the <acronym>AML</acronym>. The
2604 bytecode, known as <acronym>AML</acronym>, is compiled from a
2605 source language called <acronym>ASL</acronym>. The
2606 <acronym>AML</acronym> is found in the table known as the
2607 <acronym>DSDT</acronym>. To get a copy of your
2608 <acronym>ASL</acronym>, use &man.acpidump.8;. You should use
2609 both the <option>-t</option> (show contents of the fixed tables)
2610 and <option>-d</option> (disassemble <acronym>AML</acronym> to
2611 <acronym>ASL</acronym>) options. See the
2612 <link linkend="ACPI-submitdebug">Submitting Debugging
2613 Information</link> section for an example syntax.</para>
2615 <para>The simplest first check you can do is to recompile your
2616 <acronym>ASL</acronym> to check for errors. Warnings can
2617 usually be ignored but errors are bugs that will usually prevent
2618 <acronym>ACPI</acronym> from working correctly. To recompile
2619 your <acronym>ASL</acronym>, issue the following command:</para>
2621 <screen>&prompt.root; <userinput>iasl your.asl</userinput></screen>
2624 <sect2 id="ACPI-fixasl">
2625 <title>Fixing Your <acronym>ASL</acronym></title>
2627 <para>In the long run, our goal is for almost everyone to have
2628 <acronym>ACPI</acronym> work without any user intervention. At
2629 this point, however, we are still developing workarounds for
2630 common mistakes made by the <acronym>BIOS</acronym> vendors.
2631 The Microsoft interpreter (<filename>acpi.sys</filename> and
2632 <filename>acpiec.sys</filename>) does not strictly check for
2633 adherence to the standard, and thus many <acronym>BIOS</acronym>
2634 vendors who only test <acronym>ACPI</acronym> under Windows
2635 never fix their <acronym>ASL</acronym>. We hope to continue to
2636 identify and document exactly what non-standard behavior is
2637 allowed by Microsoft's interpreter and replicate it so &os; can
2638 work without forcing users to fix the <acronym>ASL</acronym>.
2639 As a workaround and to help us identify behavior, you can fix
2640 the <acronym>ASL</acronym> manually. If this works for you,
2641 please send a &man.diff.1; of the old and new
2642 <acronym>ASL</acronym> so we can possibly work around the buggy
2643 behavior in <acronym>ACPI-CA</acronym> and thus make your fix
2646 <para>Here is a list of common error messages, their cause, and
2647 how to fix them:</para>
2650 <title>_OS dependencies</title>
2652 <para>Some <acronym>AML</acronym> assumes the world consists of
2653 various Windows versions. You can tell &os; to claim it is
2654 any <acronym>OS</acronym> to see if this fixes problems you
2655 may have. An easy way to override this is to set
2656 <option>hw.acpi.osname</option>=<quote>Windows 2001</quote>
2657 in <filename>/boot/loader.conf</filename> or other similar
2658 strings you find in the <acronym>ASL</acronym>.</para>
2661 <title>Missing Return statements</title>
2663 <para>Some methods do not explicitly return a value as the
2664 standard requires. While <acronym>ACPI-CA</acronym>
2665 does not handle this, &os; has a workaround that allows it to
2666 return the value implicitly. You can also add explicit
2667 Return statements where required if you know what value should
2668 be returned. To force <command>iasl</command> to compile the
2669 <acronym>ASL</acronym>, use the <option>-f</option>
2674 <title>Overriding the Default <acronym>AML</acronym></title>
2676 <para>After you customize <filename>your.asl</filename>, you
2677 will want to compile it, run:</para>
2679 <screen>&prompt.root; <userinput>iasl your.asl</userinput></screen>
2681 <para>You can add the <option>-f</option> flag to force creation
2682 of the <acronym>AML</acronym>, even if there are errors during
2683 compilation. Remember that some errors (e.g., missing Return
2684 statements) are automatically worked around by the
2687 <para><filename>DSDT.aml</filename> is the default output
2688 filename for <command>iasl</command>. You can load this
2689 instead of your <acronym>BIOS</acronym>'s buggy copy (which
2690 is still present in flash memory) by editing
2691 <filename>/boot/loader.conf</filename> as
2694 <programlisting>acpi_dsdt_load="YES"
2695 acpi_dsdt_name="/boot/DSDT.aml"</programlisting>
2697 <para>Be sure to copy your <filename>DSDT.aml</filename> to the
2698 <filename role="directory">/boot</filename> directory.</para>
2701 <sect2 id="ACPI-debugoutput">
2702 <title>Getting Debugging Output From
2703 <acronym>ACPI</acronym></title>
2705 <para>The <acronym>ACPI</acronym> driver has a very flexible
2706 debugging facility. It allows you to specify a set of subsystems
2707 as well as the level of verbosity. The subsystems you wish to
2708 debug are specified as <quote>layers</quote> and are broken down
2709 into <acronym>ACPI-CA</acronym> components (ACPI_ALL_COMPONENTS)
2710 and <acronym>ACPI</acronym> hardware support (ACPI_ALL_DRIVERS).
2711 The verbosity of debugging output is specified as the
2712 <quote>level</quote> and ranges from ACPI_LV_ERROR (just report
2713 errors) to ACPI_LV_VERBOSE (everything). The
2714 <quote>level</quote> is a bitmask so multiple options can be set
2715 at once, separated by spaces. In practice, you will want to use
2716 a serial console to log the output if it is so long
2717 it flushes the console message buffer. </para>
2719 <para>Debugging output is not enabled by default. To enable it,
2720 add <option>options ACPI_DEBUG</option> to your kernel config
2721 if <acronym>ACPI</acronym> is compiled into the kernel. You can
2722 add <option>ACPI_DEBUG=1</option> to your
2723 <filename>/etc/make.conf</filename> to enable it globally. If
2724 it is a module, you can recompile just your
2725 <filename>acpi.ko</filename> module as follows:</para>
2727 <screen>&prompt.root; <userinput>cd /sys/dev/acpica5
2728 && make clean &&
2729 make ACPI_DEBUG=1</userinput></screen>
2731 <para>Install <filename>acpi.ko</filename> in
2732 <filename role="directory">/boot/kernel</filename> and add your
2733 desired level and layer to <filename>loader.conf</filename>.
2734 This example enables debug messages for all
2735 <acronym>ACPI-CA</acronym> components and all
2736 <acronym>ACPI</acronym> hardware drivers
2737 (<acronym>CPU</acronym>, <acronym>LID</acronym>, etc.) It will
2738 only output error messages, the least verbose level.</para>
2740 <programlisting>debug.acpi.layer="ACPI_ALL_COMPONENTS ACPI_ALL_DRIVERS"
2741 debug.acpi.level="ACPI_LV_ERROR"</programlisting>
2743 <para>If the information you want is triggered by a specific event
2744 (say, a suspend and then resume), you can leave out changes to
2745 <filename>loader.conf</filename> and instead use
2746 <command>sysctl</command> to specify the layer and level after
2747 booting and preparing your system for the specific event. The
2748 <command>sysctl</command>s are named the same as the tunables
2749 in <filename>loader.conf</filename>.</para>
2752 <sect2 id="ACPI-References">
2753 <title>References</title>
2755 <para>More information about <acronym>ACPI</acronym> may be found
2756 in the following locations:</para>
2760 <para>The FreeBSD &a.acpi; (This is FreeBSD-specific; posting
2761 &os; questions here may not generate much of an answer.)</para>
2765 <para>The <acronym>ACPI</acronym> Mailing List Archives (FreeBSD)
2766 <ulink url="http://lists.freebsd.org/pipermail/freebsd-acpi/"></ulink></para>
2770 <para>The old <acronym>ACPI</acronym> Mailing List Archives (FreeBSD)
2771 <ulink url="http://home.jp.FreeBSD.org/mail-list/acpi-jp/"></ulink></para>
2775 <para>The <acronym>ACPI</acronym> 2.0 Specification
2776 <ulink url="http://acpi.info/spec.htm"></ulink></para>
2780 <para>&os; Manual pages:
2783 &man.acpidb.8;</para>
2788 url="http://www.cpqlinux.com/acpi-howto.html#fix_broken_dsdt">
2789 <acronym>DSDT</acronym> debugging resource</ulink>.
2790 (Uses Compaq as an example but generally useful.)</para>
2800 sgml-declaration: "../chapter.decl"
2803 sgml-always-quote-attributes: t
2804 sgml-parent-document: ("../book.sgml" "part" "chapter")