We currently build CONFIG_IPV6=m.
This seems to be not really well-supported in mainline kernels - see
https://lore.kernel.org/netdev/20201115224509.2020651-1-flokli@flokli.de/T/#u
Compiling it as a module doesn't give too much benefit - even for people
who did explicitly set `enableIPv6` to false, the `ipv6` module was
still loaded, as soon as another module was loaded that requires it
(bridge,br_netfilter,wireguard,ip6table_mangle,sctp,…).
By compiling it in, we only loose the possibility to not add it to
`boot.kernelModules` anymore (as it's part of the kernel directly). The
space savings are negligible.
People wanting to disable IPv6 still get the appropriate sysctls and
options set (while having the kernel code loaded), nothing is really
changing here.
This config value ensures that when booting through e.g. UEFI, the
existing framebuffer contents stay put until the first character is
printed. As the default NixOS stage-1 immediately outputs a welcome
message on init, this does not impact it, but it will allow for a cleaner boot when
configured as such.
With the fix in kernel configuration merging, some kernel configuration items
marked as mandatory now correctly trigger an error when unused (while they
previously were unused).
Since we select everything as a module, snd_hda_codec_ca0132 is built as
well. DSP loading is not enabled by default, but without it the
soundcard produces timeouts within ALSA and does not emit sound.
Explicitly enable the firmware loading to ensure Soundblaster
Z/Zx/ZxR/Recon devices can be used with NixOS.
The patch to enable this by default in the kernel is staged for 5.8.
This will switch the default TCP congestion control algorithm from
new Reno to CUBIC. CUBIC is the default since Linux kernel 2.6.19
(see 597811ec167fa) and most (all?) distributions keep this default
(e.g. Debian and Ubuntu). On NixOS the default was still new Reno
because generate-config.pl changes TCP_CONG_CUBIC from y to m (since we
try to build everything as a module by default).
To check the active and available algorithms:
$ sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = cubic
$ sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = cubic reno
Note: E.g. x86_64_defconfig sets TCP_CONG_CUBIC=y indirectly via
CONFIG_TCP_CONG_ADVANCED=y (but CUBIC is also the default if set to no,
see net/ipv4/Kconfig).
CONFIG_IP_MULTIPLE_TABLES is part of the default x86 kernel config but
absent from the Aarch64 one. Adding explicitely this flag together
with its dependency IP_ADVANCED_ROUTER.
Both of these config flags are needed to use the routing policy
facilities.
This reverts a small bit of af808bd82 from PR #73328. Fixes#79304:
tests.installer.simpleUefiSystemdBoot.x86_64-linux
I still don't know why the regression happened, but this feature doesn't
seem important enough to block channel now, though it reportedly helps
to mitigate spectre 2 attack CVE-2017-5715.
xdp socket support (AF_XDP) is the new way of implementing high
performance networking on linux. on arch linux and debian this is
already enabled (checked via the links from the nixos manual).
moreover, these flags are suggested by the bpf documentation at cilium:
https://cilium.readthedocs.io/en/latest/bpf/#compiling-the-kernel
additionally the flag `BPF_JIT_ALWAYS_ON` on was suggested to help
spectre attack mitigations:
290af86629
Remove the "version" parameter in order to make it more widely
available.
Starts making some kernel configuration helpers available.
The intent is to be able to better build and check the linux kernel
configuration.
