Compile and deploy FreeBSD kernel

sycuredsycured
2 min read

Sometimes it's necessary to build a new kernel to add some modules. In my case, it's adding RACK TCP Stack.

Requirements:

  • node to compile the kernel
  • servers to receive and boot the new kernel

Compile the new kernel

Check sources

First, a little check that sources are available:

ls /usr/src/sys/amd64/conf/

if it's not the case, you need a few steps (for example with FreeBSD 13.1-RELEASE on AMD64):

cd /tmp
fetch http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/13.1-RELEASE/src.txz
tar -zxf -C / src.txz
rm src.txz
freebsd-update fetch install

New kernel: RACK

Sources are available so it's time to create the configuration file, build the kernel and install it.

Create the configuration file

cat > /usr/src/sys/amd64/conf/RACK <<EOF
include GENERIC
ident RACK
makeoptions WITH_EXTRA_TCP_STACKS=1
options RATELIMIT
options TCPHPTS
EOF

Time to build and install it

make -j 8 KERNCONF=RACK buildkernel
make installkernel KERNCONF=RACK KODIR=/boot/kernel.rack

Deployment

local node

rsync -avz --progress -h /boot/kernel.rack REMOTE_NODE:/tmp

remote node

As root:

mv /tmp/kernel.rack /boot/
chown -R root:root /boot/kernel.rack

Configure /boot/loader.conf like:

kernel="kernel.rack"
bootfile="kernel.rack"
module_path="/boot/kernel.rack"
autoboot_wait="0"
autoboot_delay="0"
beastie_disable="YES"
boot_serial="YES"
loader_logo="none"
cryptodev_load="YES"
cc_htcp_load="YES"

New lines added from the configuration in my previous post: Install FreeBSD 13.1 on Oracle Cloud:

  • kernel="kernel.rack"
  • bootfile="kernel.rack"
  • module_path="/boot/kernel.rack"
  • cc_htcp_load="YES"

Add at the top of /etc/rc.conf

kld_list="${kld_list} /boot/kernel.rack/tcp_bbr.ko"

Now, a little sysctl configuration to use the new stack

cat >> /etc/sysctl.conf <<EOF
net.inet.tcp.cc.algorithm=htcp
net.inet.tcp.functions_default=bbr
net.inet.tcp.functions_inherit_listen_socket_stack=0
EOF

Reboot on the new kernel

reboot

Conclusion

It's not very complicated to build and deploy this kernel including RACK stack (HTCP and BBR)

At scale, it's needed to build a pkg and use an internal repository.

0
Subscribe to my newsletter

Read articles from sycured directly inside your inbox. Subscribe to the newsletter, and don't miss out.

FreeBSD

Written by

sycured
sycured

Designing, building, and running secure infrastructure on public, hybrid, and private clouds.