The FreeBSD Kernel
So what is the kernel? In plain old english, it is the core part of the
FreeBSD OS. The center of the universe...or something to that effect. It is
responsible for interacting with the underlying hardware. It provides scheduling
and a TCP/IP network stack, among several things.
A D V E R T I S E M E N T
So who cares about the kernel? Well, it is important
because it can be rebuilt to support new hardware, turn on/off options (eg.,
firewall), and can be tweaked to streamline your system. In the next section we
will cover how to rebuild your kernel to do several things. It is common place
on FreeBSD help lines (mailling-lists, etc) to hear "Rebuild your kernel with
options IPSEC" or "What options are built with your kernel?"
First off, your system comes with a kernel (duh) and this
kernel is called GENERIC. To display what kernel you are running, you can type:
# uname -v
FreeBSD 4.6-RELEASE #0: Fri Sep 6 02:30:32 MDT 2002
This kernel version happens to be 4.6-RELEASE and was
compiled from sources with a config file: /usr/src/sys/compile/GENERIC by
firstname.lastname@example.org. What? Its rather simple actually. Let's move onto
the next section about building to further explain.
Building a Kernel
I have mentioned earlier that you can build a kernel to
add or remove options (ie enable or disable functionality). So how do you do it?
# cd /sys/i386/conf
This directory contains a kernel config file and inormation
about all available kernel options (called LINT). Let's look:
# ls -l
-rw------- 1 root wheel 9371 Sep 13 19:35 GENERIC
-rw------- 1 root wheel 100041 Oct 6 18:34 LINT
The file called GENERIC is the config file for the GENERIC
kernel. The file called LINT is for documentation purposes. It contains all (all
properly documented) kernel options available. For example, if we wanted to
enable firewall support in the kernel we would look up the options in the LINT
file and added them to our kernel config file.
The whole concept of build a kernel is based on building
one of these 'config' files, which contain different options and then running a
few commands against the config file. So lets actually rebuild a kernel! First,
lets make our own kernel config file by copying the GENERIC file to another file
called LOCAL(name doesn't matter):
# cp GENERIC LOCAL
Now lets add our firewall options to enable firewalling.
First let's look it up in LINT:
# less LINT
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
Ah ha! we need to add 'options IPFIREWALL' to our LOCAL file
to enable firewalling. Let's do that:
# vi LOCAL
OK. Now we need to do the actual rebuild. To do this we
follow the following steps:
# config LOCAL
Don't forget to do a ``make depend''
Kernel build directory is ../../compile/LOCAL
# cd ../../compile/LOCAL
# make depend && make
You will now see a bunch of crap fly by on your screen. This
is normal. It is actually compiling a kernel!!
Now, once the above gets done (may take a while), you will
need to install the kernel. To do this, simple type:
# make install
You will once again see a bunch of things flying by on your
screen. This is normal. It is actually installing the kernel binary in / and
also correpsonding kernel modules in /modules. It also does fancy things like
making backups of your old /kernel file and modules directory.
Now, all you have to do is reboot and your new kernel will
be active. You can verify this with `uname -v` after it finishes booting up.
Keep in mind that there is a lot more interesting things to do with this
process. I will save that for someone else to fill in the blanks...or you can
shoot me an email if you have questions.