From owner-freebsd-questions@FreeBSD.ORG Tue Apr 20 07:42:16 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCFB016A4CE for ; Tue, 20 Apr 2004 07:42:16 -0700 (PDT) Received: from thalia.otenet.gr (thalia.otenet.gr [195.170.0.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id C43FD43D5C for ; Tue, 20 Apr 2004 07:42:14 -0700 (PDT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-a225.otenet.gr [212.205.215.225]) by thalia.otenet.gr (8.12.10/8.12.10) with ESMTP id i3KEg5Q4008830; Tue, 20 Apr 2004 17:42:06 +0300 (EEST) Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.11/8.12.11) with ESMTP id i3KEg3SN019123; Tue, 20 Apr 2004 17:42:03 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.gr (8.12.11/8.12.11/Submit) id i3KDLTLo031529; Tue, 20 Apr 2004 16:21:29 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Tue, 20 Apr 2004 16:21:29 +0300 From: Giorgos Keramidas To: "Kevin D. Kinsey, DaleCo, S.P." Message-ID: <20040420132129.GB744@gothmog.gr> References: <4084290C.4050505@daleco.biz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4084290C.4050505@daleco.biz> cc: Brian Henning cc: freebsd-questions@freebsd.org Subject: Re: kernel config optimized X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Apr 2004 14:42:16 -0000 On 2004-04-19 14:31, "Kevin D. Kinsey, DaleCo, S.P." wrote: > Brian Henning wrote: > >The following is a copy of my kernel config file. I am trying to > >optimize it as much as possible. > > > >do i need any of these psudo devices? > >pseudo-device loop # Network loopback > > Most people would leave this in. I've no idea what might break > without it, but I'll wager something might ... for example, what would > you think of a box that couldn't find "localhost" with both hands? No > lo, that's what you might well get ... Yes please, leave it in! There aren't many things that *do* depend on being able to connect to localhost:* ports for doing useful work. However, one should be very careful with this option. The loopback interface is considered so 'essential' to the Unix culture that a lot of things might implicitly depend on it being there and working all the time. Examples of this include programs like: * Sendmail's local mail submission daemon (which listens for connections to 127.0.0.1:25 by default). * Caching name servers. My workstation at home runs, for various reasons, a caching named service. This happens to listen on 127.0.0.1:53 for incoming connections. Other services might need to use the loopback interface too. It's not as if the code of lo0 takes up a huge amount of memory or space. Risking breakage now or in 'surprisingly unexpected moments' the future just to save a few KB isn't worth the trouble IMHO. > >pseudo-device ether # Ethernet support > >pseudo-device sl 1 # Kernel SLIP > >pseudo-device ppp 1 # Kernel PPP > >pseudo-device tun # Packet tunnel. > > "tun" is necessary for userland PPP. If you take out "tun", "ppp", > and "ether" as well as SLIP, what protocols do you figure on using? > Are you planning on connecting to anything? (Note that I'm not saying > there's no other way, but these are so common ....) I usually remove only SLIP support from my kernels, since I prefer using PPP if available and it generally *is* available at the places I had to move my workstation (either PPP or some form of Ethernet connection). > >pseudo-device pty # Pseudo-ttys (telnet etc) A lot of things can break if you remove this. In fact, a lot of things *will* break since pseudo-ttys are essential for a number of tasks that are considered "very common" in every day Unix operation. For example, without ptys you can't: * Run xterm(1) or any other program that requires ptys, like script(1) or screen(1). * Connect to your machine over telnet, rsh, or ssh. It's not a good idea to remove pty support from your kernel. > I may be wrong, but wouldn't removing this cause remote access (most > of it, ftp, telnet, ssh, etc.) to fail? You're not mistaken. > Most of your list is stuff that is generally standard and fairly > essential ... if you've minimized down this far, I'd say you're > getting close to small enough, wouldn't you? True :) Cheers, - Giorgos