A Network Tutorial/How-To Guide
for the FreeBSD OS
by Nick Rogness
Introduction
So what is the kernel? In plain old english, it is the core part of the FreeBSD OS. The center of the universe...or something to that effect. It is responsible for interacting with the underlying hardware. It provides scheduling and a TCP/IP network stack, among several things.
So who cares about the kernel? Well, it is important because it can be rebuilt to support new hardware, turn on/off options (eg., firewall), and can be tweaked to streamline your system. In the next section we will cover how to rebuild your kernel to do several things. It is common place on FreeBSD help lines (mailling-lists, etc) to hear "Rebuild your kernel with options IPSEC" or "What options are built with your kernel?"
First off, your system comes with a kernel (duh) and this kernel is called GENERIC. To display what kernel you are running, you can type:
# uname -v FreeBSD 4.6-RELEASE #0: Fri Sep 6 02:30:32 MDT 2002 root@skywalker.rogness.net:/usr/src/sys/compile/GENERICThis kernel version happens to be 4.6-RELEASE and was compiled from sources with a config file: /usr/src/sys/compile/GENERIC by root@skywalker.rogness.net. What? Its rather simple actually. Let's move onto the next section about building to further explain.
I have mentioned earlier that you can build a kernel to add or remove options (ie enable or disable functionality). So how do you do it? Simple, first:
# cd /sys/i386/confThis directory contains a kernel config file and inormation about all available kernel options (called LINT). Let's look:
# ls -l total 108 -rw------- 1 root wheel 9371 Sep 13 19:35 GENERIC -rw------- 1 root wheel 100041 Oct 6 18:34 LINTThe file called GENERIC is the config file for the GENERIC kernel. The file called LINT is for documentation purposes. It contains all (all properly documented) kernel options available. For example, if we wanted to enable firewall support in the kernel we would look up the options in the LINT file and added them to our kernel config file.
The whole concept of build a kernel is based on building one of these 'config' files, which contain different options and then running a few commands against the config file. So lets actually rebuild a kernel! First, lets make our own kernel config file by copying the GENERIC file to another file called LOCAL(name doesn't matter):
# cp GENERIC LOCALNow lets add our firewall options to enable firewalling. First let's look it up in LINT:
# less LINT ... options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by defaultAh ha! we need to add 'options IPFIREWALL' to our LOCAL file to enable firewalling. Let's do that:
# vi LOCAL ...[insert] options IPFIREWALL ...[save] #OK. Now we need to do the actual rebuild. To do this we follow the following steps:
# config LOCAL Don't forget to do a ``make depend'' Kernel build directory is ../../compile/LOCAL # cd ../../compile/LOCAL # make depend && makeYou will now see a bunch of crap fly by on your screen. This is normal. It is actually compiling a kernel!!
Now, once the above gets done (may take a while), you will need to install the kernel. To do this, simple type:
# make installYou will once again see a bunch of things flying by on your screen. This is normal. It is actually installing the kernel binary in / and also correpsonding kernel modules in /modules. It also does fancy things like making backups of your old /kernel file and modules directory.
Now, all you have to do is reboot and your new kernel will be active. You can verify this with `uname -v` after it finishes booting up. Keep in mind that there is a lot more interesting things to do with this process. I will save that for someone else to fill in the blanks...or you can shoot me an email if you have questions.