freebsd系统下编译内核

一、按你要求修改部份源程序,在此举例修改syslimits.h文件的NGROUPS_MAX参数,NGROUPS_MAX涉及samba的用户组数,默认最多只有16个组,如果你的组超过了16个,就要修改此参数,然后重新编译内核了。
[[email protected] ~]# vi /usr/src/sys/sys/syslimits.h
change:
#define NGROUPS_MAX 16
to:
#define NGROUPS_MAX 64
:wq
二、到内核配置文件目录
(1)如果是AMD64位的系统,就要cd /usr/src/sys/amd64/conf/此例是32位系统,所以是到i386目录
[[email protected] ~]# cd /usr/src/sys/i386/conf/
(2)拷贝默认的GENERIC内核配置文件为newkernel
[[email protected] ~]# cp GENERIC newkernel
(3)然后修改newkernel配置文件,以下是我加入的参数,如参数功能自己网上查查吧,这里不做详解了!
[root@www.itkylin.com ~]# vi newkernel

ident           SMP-GENERIC
options         SMP
options		MPTABLE_FORCE_HTT
options         QUOTA
options         COMPAT_FREEBSD5
options         UNIONFS                 # Union filesystem
device          bktr
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPFIREWALL_FORWARD
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT
device          carp
device          pf
device          pflog
device          pfsync
device          vlan
device          gre
options         IPSTEALTH
options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
options         GEOM_UZIP
options         GEOM_LABEL
options         INCLUDE_CONFIG_FILE
options         NETGRAPH                #netgraph(4) system
options         NETGRAPH_ASYNC
options         NETGRAPH_BPF
options         NETGRAPH_BRIDGE
options         NETGRAPH_CISCO
options         NETGRAPH_ECHO
options         NETGRAPH_ETHER
options         NETGRAPH_FRAME_RELAY
options         NETGRAPH_HOLE
options         NETGRAPH_IFACE
options         NETGRAPH_KSOCKET
options         NETGRAPH_LMI
options         NETGRAPH_MPPC_ENCRYPTION
options         NETGRAPH_ONE2MANY
options         NETGRAPH_PPP
options         NETGRAPH_PPPOE
options         NETGRAPH_PPTPGRE
options         NETGRAPH_RFC1490
options         NETGRAPH_SOCKET
options         NETGRAPH_TEE
options         NETGRAPH_TTY
options         NETGRAPH_UI
options         NETGRAPH_VJC
device          ubsa
device          ucom
options         FAST_IPSEC
device          crypto          # core crypto support
device          cryptodev       # /dev/crypto for access to h/w
device          rndtest         # FIPS 140-2 entropy tester
device          hifn            # Hifn 7951, 7781, etc.
options         HIFN_DEBUG      # enable debugging support: hw.hifn.debug
options         HIFN_RNDTEST    # enable rndtest support
device          ubsec           # Broadcom 5501, 5601, 58xx
options         ALTQ
options         ALTQ_CBQ
options         ALTQ_RED
options         ALTQ_RIO
options         ALTQ_HFSC
options         ALTQ_PRIQ
options         ALTQ_NOPCC      # Required for SMP builds !!
#Bridging
device          if_bridge
options         MSGMNB=8192     # max # of bytes in a queue
options         MSGMNI=40       # number of message queue identifiers
options         MSGSEG=512      # number of message segments per queue
options         MSGSSZ=32       # size of a message segment
options         MSGTQL=2048     # max messages in system
device          tap
device          hme
#Needed for FreeSBIE 2
options         NULLFS
device          speaker
options         DEVICE_POLLING
options         SC_DISABLE_REBOOT
options         ZERO_COPY_SOCKETS
options         TCP_SIGNATURE
#To make an SMP kernel, the next two lines are needed
#options         SMP                     # Symmetric MultiProcessor Kernel
#Allow gmirror to function
#options         GEOM_MIRROR
#options         GEOM_MBR
#options         itkylin.com
#options         NF_SOCKOPT
options         QUOTA
device          tap
options         IPFILTER
options         IPFILTER_LOG
options         IPFILTER_DEFAULT_BLOCK
options         SC_DISABLE_REBOOT

三、执行以下命令开始编译安装内核
[[email protected] ~]# cd /usr/src/sys/i386/conf/
[[email protected] ~]# config newkernel
[[email protected] ~]#cd ../compile/newkernel
[[email protected] ~]#make cleandepend
[[email protected] ~]#make depend
[[email protected] ~]#make
[[email protected] ~]#make install

四、因为内核开启了pf防火墙功能,所以要修改sysctl.conf和rc.conf配置文件
[[email protected] ~]#vi /etc/sysctl.conf
kern.timecounter.hardware=TSC
net.inet.tcp.path_mtu_discovery=0
net.inet.ip.forwarding=1
:wq
[[email protected] ~]#vi /etc/rc.conf
#Enable PF firewall
pf_enable=”YES”
pf_rules=”/etc/pf.conf”
pf_flags=””
#Enable PF logging
pflog_enable=”YES”
pflog_logfile=”/var/log/pflog”
pflog_flags=””
:wq
[[email protected] ~]#vi /etc/pf.conf
pass in all
pass out all
:wq
五、重新启动系统后会用新的内核了!
[[email protected] ~]#reboot