As mentioned earlier you have to activate ALTQ in FreeBSD to make it possible for it to perform traffic shaping. This involves recompiling the kernel which will also include any available security update. To include security updates for the userland you'll have to recompile that too. Normally you don't have to recompile the whole userland for a security update. Instructions for patching only the vulnerable parts are included in the security advisories. Sooner or later you will however have to upgrade the whole operating system so this will be a good time to learn it while the system configuration is still very basic. The tasks to accomplish all this have been put together in a generic guide in the next section. For now, you'll start by making the necessary configurations to the kernel and the compilation environment.
Adding ALTQ to the kernel
ALTQ is not supported by every network driver in FreeBSD. Before you continue you should make sure your network card is listed on the altq manual page.
The kernel is unique to your computer's architecture so there is a kernel configuration file for each supported architecture and you have to edit the correct one. You should already know what architecture you're using since you had to choose the correct one when you downloaded the installation CD. If you forgot, you can check it like this:
# uname -p
The following example is carried out on an Intel Core2 Duo which belongs to the amd64 architecture. If you're not using amd64 chances are huge you're using i386 instead and you have to replace amd64, in the folder paths below, with i386 or whatever architecture you're using.
Start by making a copy of the GENERIC kernel configuration file so you can modify it without altering the default one. Remember that Unix is always case sensitive.
# cp /usr/src/sys/amd64/conf/GENERIC /usr/src/sys/amd64/conf/MYKERNEL
Now, open the copy in the editor.
# ee /usr/src/sys/amd64/conf/MYKERNEL
Add the following lines to the end of the file:
device pf device pflog options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_PRIQ
If you have an SMP capable AMD CPU you should also add the following line to tell the kernel not to use its unstable time stamp counter.
Other kernel changes
Located at the beginning of the kernel configuration file you'll find this line:
Change it to:
This is to make sure the boot messages correctly reports the fact that you're running a modified kernel and not the generic one shipped with FreeBSD.
If you browse through the kernel configuration file you'll notice that it supports tons of hardware that you don't use. If you feel brave you could optionally comment out all those drivers you don't need but be careful since there are dependencies between some of them. Even though you comment out some drivers, they will still be built as modules and be available to you on demand. The benefit of removing them from the config file, is that they won't automatically be loaded into memory during boot. This will speed up the boot procedure and put less strain on the router's resources.
When you feel ready, exit the editor and save your changes.
Stability is extremely important in FreeBSD. Optimizing the compilation process too extremely isn't an option. If you do and run into trouble, you will probably have a very difficult time finding someone willing to help you. One small, harmless optimization you can do is to tell the compiler to optimize the code for your specific CPU type. You can do this by adding the following line to /etc/make.conf:
Normally you define an exact CPU type there but since gcc version 4.2 the "native" option is available and will automatically figure out your CPU type.
- The GENERIC kernel configuration file resides in /usr/src/sys/arch/conf where arch is your computer's architecture (e.g. i386, amd64 and ia64). Your custom kernel configuration file must be stored here too.
- /etc/make.conf is the configuration file for the compiler.
- Building and Installing a Custom Kernel in the FreeBSD handbook.