Annotation of src/lib/libc/gen/sysctl.3, Revision 1.165
1.165 ! elad 1: .\" $NetBSD: sysctl.3,v 1.164 2006/01/14 15:40:49 wiz Exp $
1.5 cgd 2: .\"
1.1 cgd 3: .\" Copyright (c) 1993
4: .\" The Regents of the University of California. All rights reserved.
5: .\"
6: .\" Redistribution and use in source and binary forms, with or without
7: .\" modification, are permitted provided that the following conditions
8: .\" are met:
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\" 2. Redistributions in binary form must reproduce the above copyright
12: .\" notice, this list of conditions and the following disclaimer in the
13: .\" documentation and/or other materials provided with the distribution.
1.119 agc 14: .\" 3. Neither the name of the University nor the names of its contributors
1.1 cgd 15: .\" may be used to endorse or promote products derived from this software
16: .\" without specific prior written permission.
17: .\"
18: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28: .\" SUCH DAMAGE.
29: .\"
1.20 perry 30: .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95
1.1 cgd 31: .\"
1.165 ! elad 32: .Dd February 2, 2006
1.1 cgd 33: .Dt SYSCTL 3
34: .Os
35: .Sh NAME
1.134 atatat 36: .Nm sysctl ,
37: .Nm sysctlbyname ,
38: .Nm sysctlgetmibinfo ,
39: .Nm sysctlnametomib
1.1 cgd 40: .Nd get or set system information
1.23 perry 41: .Sh LIBRARY
42: .Lb libc
1.1 cgd 43: .Sh SYNOPSIS
1.115 wiz 44: .In sys/param.h
45: .In sys/sysctl.h
1.1 cgd 46: .Ft int
1.134 atatat 47: .Fn sysctl "int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" \
48: "void *newp" "size_t newlen"
49: .Ft int
50: .Fn sysctlbyname "const char *sname" "void *oldp" "size_t *oldlenp" \
51: "void *newp" "size_t newlen"
52: .Ft int
53: .Fn sysctlgetmibinfo "const char *sname" "int *name" "u_int *namelenp" \
54: "char *cname" "size_t *csz" "struct sysctlnode **rnode" "int v"
55: .Ft int
56: .Fn sysctlnametomib "const char *sname" "int *name" "size_t *namelenp"
1.1 cgd 57: .Sh DESCRIPTION
58: The
1.25 fair 59: .Nm
1.1 cgd 60: function retrieves system information and allows processes with
61: appropriate privileges to set system information.
62: The information available from
1.25 fair 63: .Nm
1.1 cgd 64: consists of integers, strings, and tables.
65: Information may be retrieved and set from the command interface
1.25 fair 66: using the
1.2 jtc 67: .Xr sysctl 8
1.1 cgd 68: utility.
69: .Pp
70: Unless explicitly noted below,
1.25 fair 71: .Nm
1.1 cgd 72: returns a consistent snapshot of the data requested.
73: Consistency is obtained by locking the destination
74: buffer into memory so that the data may be copied out without blocking.
75: Calls to
1.25 fair 76: .Nm
1.1 cgd 77: are serialized to avoid deadlock.
78: .Pp
79: The state is described using a ``Management Information Base'' (MIB)
80: style name, listed in
81: .Fa name ,
82: which is a
83: .Fa namelen
84: length array of integers.
85: .Pp
1.134 atatat 86: The
87: .Fn sysctlbyname
88: function accepts a string representation of a MIB entry and internally
89: maps it to the appropriate numeric MIB representation.
90: Its semantics are otherwise no different from
91: .Fn sysctl .
92: .Pp
1.1 cgd 93: The information is copied into the buffer specified by
94: .Fa oldp .
95: The size of the buffer is given by the location specified by
96: .Fa oldlenp
97: before the call,
98: and that location gives the amount of data copied after a successful call.
99: If the amount of data available is greater
100: than the size of the buffer supplied,
101: the call supplies as much data as fits in the buffer provided
102: and returns with the error code ENOMEM.
103: If the old value is not desired,
104: .Fa oldp
105: and
106: .Fa oldlenp
1.99 wiz 107: should be set to
108: .Dv NULL .
1.1 cgd 109: .Pp
1.25 fair 110: The size of the available data can be determined by calling
111: .Nm
1.99 wiz 112: with a
113: .Dv NULL
114: parameter for
1.1 cgd 115: .Fa oldp .
116: The size of the available data will be returned in the location pointed to by
117: .Fa oldlenp .
118: For some operations, the amount of space may change often.
119: For these operations,
120: the system attempts to round up so that the returned size is
121: large enough for a call to return the data shortly thereafter.
122: .Pp
123: To set a new value,
124: .Fa newp
125: is set to point to a buffer of length
126: .Fa newlen
127: from which the requested value is to be taken.
128: If a new value is not to be set,
129: .Fa newp
1.99 wiz 130: should be set to
131: .Dv NULL
132: and
1.1 cgd 133: .Fa newlen
134: set to 0.
135: .Pp
1.134 atatat 136: The
137: .Fn sysctlnametomib
138: function can be used to map the string representation of a MIB entry
139: to the numeric version.
140: The
141: .Fa name
142: argument should point to an array of integers large enough to hold the
1.135 wiz 143: MIB, and
1.134 atatat 144: .Fa namelenp
145: should indicate the number of integer slots available.
146: Following a successful translation, the size_t indicated by
147: .Fa namelenp
148: will be changed to show the number of slots consumed.
149: .Pp
150: The
151: .Fn sysctlgetmibinfo
1.135 wiz 152: function performs name translation similar to
1.134 atatat 153: .Fn sysctlnametomib ,
154: but also canonicalizes the name (or returns the first erroneous token
155: from the string being parsed) into the space indicated by
156: .Fa cname
157: and
158: .Fa csz .
159: .Fa csz
160: should indicate the size of the buffer pointed to by
161: .Fa cname
162: and on return, will indicate the size of the returned string including
163: the trailing
164: .Sq nul
165: character.
166: .Pp
167: The
168: .Fa rnode
169: and
170: .Fa v
171: arguments to
172: .Fn sysctlgetmibinfo
173: are used to provide a tree for it to parse into, and to get back
174: either a pointer to, or a copy of, the terminal node.
175: If
176: .Fa rnode
177: is
178: .Dv NULL ,
179: .Fn sysctlgetmibinfo
180: uses its own internal tree for parsing, and checks it against the
181: kernel at each call, to make sure that the name-to-number mapping is
1.135 wiz 182: kept up to date.
183: The
1.134 atatat 184: .Fa v
185: argument is ignored in this case.
186: If
187: .Fa rnode
188: is not
189: .Dv NULL
190: but the pointer it references is, on a successful return,
191: .Fa rnode
192: will be adjusted to point to a copy of the terminal node.
193: The
194: .Fa v
195: argument indicates which version of the
196: .Nm
197: node structure the caller wants.
198: The application must later
199: .Fn free
200: this copy.
201: If neither
202: .Fa rnode
203: nor the pointer it references are
204: .Dv NULL ,
205: the pointer is used as the address of a tree over which the parsing is
206: done.
207: In this last case, the tree is not checked against the kernel, no
208: refreshing of the mappings is performed, and the value given by
209: .Fa v
210: must agree with the version indicated by the tree.
211: It is recommended that applications always use
212: .Dv SYSCTL_VERSION
213: as the value for
214: .Fa v ,
215: as defined in the include file
216: .Pa sys/sysctl.h .
217: .Pp
1.1 cgd 218: The top level names are defined with a CTL_ prefix in
1.118 wiz 219: .Aq Pa sys/sysctl.h ,
1.1 cgd 220: and are as follows.
221: The next and subsequent levels down are found in the include files
222: listed here, and described in separate sections below.
223: .Pp
224: .Bl -column CTLXMACHDEPXXX "Next level namesXXXXXX" -offset indent
1.118 wiz 225: .It Sy Name Next level names Description
1.72 hubertf 226: .It CTL\_KERN sys/sysctl.h High kernel limits
227: .It CTL\_VM uvm/uvm_param.h Virtual memory
228: .It CTL\_VFS sys/mount.h Filesystem
229: .It CTL\_NET sys/socket.h Networking
1.1 cgd 230: .It CTL\_DEBUG sys/sysctl.h Debugging
231: .It CTL\_HW sys/sysctl.h Generic CPU, I/O
232: .It CTL\_MACHDEP sys/sysctl.h Machine dependent
1.72 hubertf 233: .It CTL\_USER sys/sysctl.h User-level
234: .It CTL\_DDB sys/sysctl.h In-kernel debugger
1.38 bouyer 235: .It CTL\_PROC sys/sysctl.h Per-process
1.72 hubertf 236: .It CTL\_VENDOR ? Vendor specific
1.128 atatat 237: .It CTL\_EMUL sys/sysctl.h Emulation settings
1.155 elad 238: .It CTL\_SECURITY sys/sysctl.h Security settings
1.1 cgd 239: .El
240: .Pp
241: For example, the following retrieves the maximum number of processes allowed
242: in the system:
243: .Bd -literal -offset indent -compact
244: int mib[2], maxproc;
245: size_t len;
246: .sp
247: mib[0] = CTL_KERN;
248: mib[1] = KERN_MAXPROC;
249: len = sizeof(maxproc);
1.88 ross 250: sysctl(mib, 2, \*[Am]maxproc, \*[Am]len, NULL, 0);
1.1 cgd 251: .Ed
252: .sp
253: To retrieve the standard search path for the system utilities:
254: .Bd -literal -offset indent -compact
255: int mib[2];
256: size_t len;
257: char *p;
258: .sp
259: mib[0] = CTL_USER;
260: mib[1] = USER_CS_PATH;
1.88 ross 261: sysctl(mib, 2, NULL, \*[Am]len, NULL, 0);
1.1 cgd 262: p = malloc(len);
1.88 ross 263: sysctl(mib, 2, p, \*[Am]len, NULL, 0);
1.1 cgd 264: .Ed
265: .Sh CTL_DEBUG
266: The debugging variables vary from system to system.
267: A debugging variable may be added or deleted without need to recompile
1.25 fair 268: .Nm
1.1 cgd 269: to know about it.
270: Each time it runs,
1.25 fair 271: .Nm
1.1 cgd 272: gets the list of debugging variables from the kernel and
273: displays their current values.
1.25 fair 274: The system defines twenty
1.97 wiz 275: .Va ( struct ctldebug )
1.25 fair 276: variables named
277: .Dv debug0
1.1 cgd 278: through
1.25 fair 279: .Dv debug19 .
1.1 cgd 280: They are declared as separate variables so that they can be
281: individually initialized at the location of their associated variable.
282: The loader prevents multiple use of the same variable by issuing errors
283: if a variable is initialized in more than one place.
284: For example, to export the variable
1.25 fair 285: .Dv dospecialcheck
1.1 cgd 286: as a debugging variable, the following declaration would be used:
287: .Bd -literal -offset indent -compact
288: int dospecialcheck = 1;
1.88 ross 289: struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck };
1.1 cgd 290: .Ed
1.128 atatat 291: .Pp
292: Note that the dynamic implementation of
293: .Nm
294: currently in use largely makes this particular
295: .Nm
296: interface obsolete.
297: See
298: .Xr sysctl 8
1.131 wiz 299: .\" and
300: .\" .Xr sysctl 9
1.128 atatat 301: for more information.
1.20 perry 302: .Sh CTL_VFS
303: A distinguished second level name, VFS_GENERIC,
304: is used to get general information about all filesystems.
305: One of its third level identifiers is VFS_MAXTYPENUM
306: that gives the highest valid filesystem type number.
307: Its other third level identifier is VFS_CONF that
308: returns configuration information about the filesystem
1.53 jdolecek 309: type given as a fourth level identifier.
1.20 perry 310: The remaining second level identifiers are the
311: filesystem type number returned by a
1.164 wiz 312: .Xr statvfs 2
1.20 perry 313: call or from VFS_CONF.
314: The third level identifiers available for each filesystem
315: are given in the header file that defines the mount
316: argument structure for that filesystem.
1.1 cgd 317: .Sh CTL_HW
318: The string and integer information available for the CTL_HW level
319: is detailed below.
320: The changeable column shows whether a process with appropriate
321: privilege may change the value.
1.83 simonb 322: .Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent
1.118 wiz 323: .It Sy Second level name Type Changeable
1.161 elad 324: .It HW\_ALIGNBYTES integer no
325: .It HW\_BYTEORDER integer no
326: .It HW\_CNMAGIC string yes
327: .It HW\_DISKNAMES string no
328: .It HW\_DISKSTATS struct no
1.1 cgd 329: .It HW\_MACHINE string no
1.161 elad 330: .It HW\_MACHINE\_ARCH string no
1.1 cgd 331: .It HW\_MODEL string no
332: .It HW\_NCPU integer no
1.161 elad 333: .It HW\_PAGESIZE integer no
1.1 cgd 334: .It HW\_PHYSMEM integer no
1.113 salo 335: .It HW\_PHYSMEM64 quad no
1.1 cgd 336: .It HW\_USERMEM integer no
1.113 salo 337: .It HW\_USERMEM64 quad no
1.1 cgd 338: .El
339: .Pp
340: .Bl -tag -width "123456"
1.113 salo 341: .It Li HW_ALIGNBYTES
342: Alignment constraint for all possible data types.
343: This shows the value
344: .Dv ALIGNBYTES
345: in
346: .Pa /usr/include/machine/param.h ,
347: at the kernel compilation time.
1.161 elad 348: .It Li HW_BYTEORDER
349: The byteorder (4,321, or 1,234).
350: .It Li HW_CNMAGIC
351: The console magic key sequence.
1.83 simonb 352: .It Li HW_DISKNAMES
353: The list of (space separated) disk device names on the system.
354: .It Li HW_DISKSTATS
355: Return statistical information on the disk devices on the system.
356: An array of
357: .Va struct disk_sysctl
358: structures is returned,
359: whose size depends on the current number of such objects in the system.
360: The third level name is the size of the
361: .Va struct disk_sysctl .
1.161 elad 362: .It Li HW_MACHINE
363: The machine class.
364: .It Li HW_MACHINE_ARCH
365: The machine CPU class.
366: .It Li HW_MODEL
367: The machine model.
368: .It Li HW_NCPU
369: The number of CPUs.
370: .ne 1i
371: .It Li HW_PAGESIZE
372: The software page size.
373: .It Li HW_PHYSMEM
374: The bytes of physical memory as a 32-bit integer.
375: .It Li HW_PHYSMEM64
376: The bytes of physical memory as a 64-bit integer.
377: .It Li HW_USERMEM
378: The bytes of non-kernel memory as a 32-bit integer.
379: .It Li HW_USERMEM64
380: The bytes of non-kernel memory as a 64-bit integer.
1.1 cgd 381: .El
382: .Sh CTL_KERN
383: The string and integer information available for the CTL_KERN level
384: is detailed below.
385: The changeable column shows whether a process with appropriate
386: privilege may change the value.
387: The types of data currently available are process information,
388: system vnodes, the open file entries, routing table entries,
389: virtual memory statistics, load average history, and clock rate
390: information.
1.121 dsl 391: .Bl -column "KERNXPOSIXXREADERXWRITERXLOCKS" "struct clockrateXXX" -offset indent
1.118 wiz 392: .It Sy Second level name Type Changeable
1.1 cgd 393: .It KERN\_ARGMAX integer no
1.11 explorer 394: .It KERN\_AUTONICETIME integer yes
395: .It KERN\_AUTONICEVAL integer yes
1.1 cgd 396: .It KERN\_BOOTTIME struct timeval no
1.163 elad 397: .It KERN\_BUFQ node not applicable
1.57 simonb 398: .It KERN\_CCPU integer no
1.1 cgd 399: .It KERN\_CLOCKRATE struct clockinfo no
1.163 elad 400: .It KERN\_CONSDEV integer no
401: .It KERN\_CP\_ID struct no
1.137 cube 402: .It KERN\_CP\_TIME uint64_t[\|] no
1.38 bouyer 403: .It KERN\_DEFCORENAME string yes
1.3 cgd 404: .It KERN\_DOMAINNAME string yes
1.121 dsl 405: .It KERN\_DRIVERS struct kinfo_drivers no
1.1 cgd 406: .It KERN\_FILE struct file no
1.103 jdolecek 407: .It KERN\_FORKFSLEEP integer yes
1.57 simonb 408: .It KERN\_FSCALE integer no
1.29 kleink 409: .It KERN\_FSYNC integer no
1.163 elad 410: .It KERN\_HARDCLOCK\_TICKS integer no
1.1 cgd 411: .It KERN\_HOSTID integer yes
412: .It KERN\_HOSTNAME string yes
1.31 kleink 413: .It KERN\_IOV\_MAX integer no
1.1 cgd 414: .It KERN\_JOB\_CONTROL integer no
1.102 scw 415: .It KERN\_LABELOFFSET integer no
416: .It KERN\_LABELSECTOR integer no
1.37 kleink 417: .It KERN\_LOGIN\_NAME\_MAX integer no
1.49 fair 418: .It KERN\_LOGSIGEXIT integer yes
1.37 kleink 419: .It KERN\_MAPPED\_FILES integer no
1.1 cgd 420: .It KERN\_MAXFILES integer yes
1.4 cgd 421: .It KERN\_MAXPARTITIONS integer no
1.163 elad 422: .It KERN\_MAXPHYS integer no
1.1 cgd 423: .It KERN\_MAXPROC integer yes
1.69 jdolecek 424: .It KERN\_MAXPTYS integer yes
1.1 cgd 425: .It KERN\_MAXVNODES integer yes
1.57 simonb 426: .It KERN\_MBUF node not applicable
1.36 kleink 427: .It KERN\_MEMLOCK integer no
428: .It KERN\_MEMLOCK\_RANGE integer no
429: .It KERN\_MEMORY\_PROTECTION integer no
1.85 kleink 430: .It KERN\_MONOTONIC\_CLOCK integer no
1.163 elad 431: .It KERN\_MSGBUF integer no
1.16 leo 432: .It KERN\_MSGBUFSIZE integer no
1.1 cgd 433: .It KERN\_NGROUPS integer no
1.57 simonb 434: .It KERN\_NTPTIME struct ntptimeval no
1.1 cgd 435: .It KERN\_OSRELEASE string no
436: .It KERN\_OSREV integer no
437: .It KERN\_OSTYPE string no
1.163 elad 438: .It KERN\_PIPE node not applicable
1.1 cgd 439: .It KERN\_POSIX1 integer no
1.108 kleink 440: .It KERN\_POSIX\_BARRIERS integer no
441: .It KERN\_POSIX\_READER\_WRITER\_LOCKS integer no
442: .It KERN\_POSIX\_SEMAPHORES integer no
443: .It KERN\_POSIX\_SPIN\_LOCKS integer no
444: .It KERN\_POSIX\_THREADS integer no
445: .It KERN\_POSIX\_TIMERS integer no
1.57 simonb 446: .It KERN\_PROC struct kinfo_proc no
447: .It KERN\_PROC2 struct kinfo_proc2 no
448: .It KERN\_PROC\_ARGS string no
1.1 cgd 449: .It KERN\_PROF node not applicable
1.6 thorpej 450: .It KERN\_RAWPARTITION integer no
1.57 simonb 451: .It KERN\_ROOT\_DEVICE string no
1.121 dsl 452: .It KERN\_ROOT\_PARTITION integer no
1.142 christos 453: .It KERN\_RTC\_OFFSET integer yes
1.1 cgd 454: .It KERN\_SAVED\_IDS integer no
455: .It KERN\_SECURELVL integer raise only
1.31 kleink 456: .It KERN\_SYNCHRONIZED\_IO integer no
1.57 simonb 457: .It KERN\_SYSVIPC\_INFO node not applicable
1.29 kleink 458: .It KERN\_SYSVMSG integer no
459: .It KERN\_SYSVSEM integer no
460: .It KERN\_SYSVSHM integer no
1.163 elad 461: .It KERN\_TIMEX struct no
1.84 simonb 462: .It KERN\_TKSTAT node not applicable
1.163 elad 463: .It KERN\_URANDOM integer no
1.147 elad 464: .It KERN\_VERIEXEC node not applicable
1.1 cgd 465: .It KERN\_VERSION string no
466: .It KERN\_VNODE struct vnode no
467: .El
1.20 perry 468: .ne 1i
1.1 cgd 469: .Pp
470: .Bl -tag -width "123456"
471: .It Li KERN_ARGMAX
472: The maximum bytes of argument to
1.25 fair 473: .Xr execve 2 .
1.11 explorer 474: .It Li KERN_AUTONICETIME
1.129 wiz 475: The number of seconds of CPU-time a non-root process may accumulate before
1.11 explorer 476: having its priority lowered from the default to the value of KERN_AUTONICEVAL.
1.99 wiz 477: If set to 0, automatic lowering of priority is not performed, and if set to \-1
1.11 explorer 478: all non-root processes are immediately lowered.
479: .It Li KERN_AUTONICEVAL
480: The priority assigned for automatically niced processes.
1.1 cgd 481: .It Li KERN_BOOTTIME
482: A
483: .Va struct timeval
484: structure is returned.
485: This structure contains the time that the system was booted.
1.57 simonb 486: .It Li KERN_CCPU
487: The scheduler exponential decay value.
1.1 cgd 488: .It Li KERN_CLOCKRATE
489: A
490: .Va struct clockinfo
491: structure is returned.
492: This structure contains the clock, statistics clock and profiling clock
1.3 cgd 493: frequencies, the number of micro-seconds per hz tick, and the clock
494: skew rate.
1.163 elad 495: .It Li KERN_CONSDEV
496: Console device.
497: .It Li KERN_CP_ID
498: Mapping of CPU number to CPU id.
1.57 simonb 499: .It Li KERN_CP_TIME
1.137 cube 500: Returns an array of CPUSTATES uint64_ts.
1.98 wiz 501: This array contains the
1.57 simonb 502: number of clock ticks spent in different CPU states.
1.137 cube 503: On multi-processor systems, the sum across all CPUs is returned unless
1.129 wiz 504: appropriate space is given for one data set for each CPU.
1.137 cube 505: Data for a specific CPU can also be obtained by adding the number of the
506: CPU at the end of the MIB, enlarging it by one.
1.38 bouyer 507: .It Li KERN_DEFCORENAME
508: Default template for the name of core dump files (see also PROC_PID_CORENAME
509: in the per-process variables CTL_PROC, and
510: .Xr core 5
1.98 wiz 511: for format of this template).
512: The default value is
1.38 bouyer 513: .Nm %n.core
514: and can be changed with the kernel configuration option
515: .Cd options DEFCORENAME
1.77 wiz 516: (see
1.38 bouyer 517: .Xr options 4
518: ).
1.3 cgd 519: .It Li KERN_DOMAINNAME
520: Get or set the YP domain name.
1.163 elad 521: .It Li KERN_DUMP_ON_PANIC
522: Perform a crash dump on system panic.
1.121 dsl 523: .It Li KERN_DRIVERS
1.122 dsl 524: Return an array of
1.121 dsl 525: .Va struct kinfo_drivers
1.122 dsl 526: that contains the name and major device numbers of all the device drivers
527: in the current kernel.
1.121 dsl 528: The
529: .Va d_name
530: field is always a NUL terminated string.
531: The
532: .Va d_bmajor
1.123 wiz 533: field will be set to \-1 if the driver doesn't have a block device.
1.1 cgd 534: .It Li KERN_FILE
535: Return the entire file table.
536: The returned data consists of a single
1.153 isaki 537: .Va struct filelist
1.1 cgd 538: followed by an array of
539: .Va struct file ,
540: whose size depends on the current number of such objects in the system.
1.103 jdolecek 541: .It Li KERN_FORKFSLEEP
542: If
543: .Xr fork 2
544: system call fails due to limit on number of processes (either
545: the global maxproc limit or user's one), wait for this many
1.141 enami 546: milliseconds before returning
1.103 jdolecek 547: .Er EAGAIN
1.105 wiz 548: error to process.
549: Useful to keep heavily forking runaway processes in bay.
550: Default zero (no sleep).
551: Maximum is 20 seconds.
1.163 elad 552: .It Li KERN_FSCALE
553: The kernel fixed-point scale factor.
1.29 kleink 554: .It Li KERN_FSYNC
1.31 kleink 555: Return 1 if the POSIX 1003.1b File Synchronization Option is available
556: on this system,
1.29 kleink 557: otherwise 0.
1.163 elad 558: .It Li KERN_HARDCLOCK_TICKS
559: Returns the number of
560: .Xr hardclock 9
561: ticks.
1.1 cgd 562: .It Li KERN_HOSTID
563: Get or set the host id.
564: .It Li KERN_HOSTNAME
565: Get or set the hostname.
1.31 kleink 566: .It Li KERN_IOV_MAX
567: Return the maximum number of
568: .Va iovec
569: structures that a process has available for use with
570: .Xr preadv 2 ,
571: .Xr pwritev 2 ,
572: .Xr readv 2 ,
573: .Xr recvmsg 2 ,
574: .Xr sendmsg 2
575: and
576: .Xr writev 2 .
1.1 cgd 577: .It Li KERN_JOB_CONTROL
578: Return 1 if job control is available on this system, otherwise 0.
1.102 scw 579: .It Li KERN_LABELOFFSET
580: The offset within the sector specified by KERN_LABELSECTOR of the
581: .Xr disklabel 5 .
582: .It Li KERN_LABELSECTOR
583: The sector number containing the
584: .Xr disklabel 5 .
1.37 kleink 585: .It Li KERN_LOGIN_NAME_MAX
586: The size of the storage required for a login name, in bytes,
587: including the terminating NUL.
1.49 fair 588: .It Li KERN_LOGSIGEXIT
589: If this flag is non-zero, the kernel will
590: .Xr log 9
591: all process exits due to signals which create a
592: .Xr core 5
593: file, and whether the coredump was created.
1.36 kleink 594: .It Li KERN_MAPPED_FILES
595: Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available
596: on this system,
597: otherwise 0.
1.1 cgd 598: .It Li KERN_MAXFILES
599: The maximum number of open files that may be open in the system.
1.4 cgd 600: .It Li KERN_MAXPARTITIONS
601: The maximum number of partitions allowed per disk.
1.163 elad 602: .It Li KERN_MAXPHYS
603: Maximum raw I/O transfer size.
1.1 cgd 604: .It Li KERN_MAXPROC
605: The maximum number of simultaneous processes the system will allow.
1.69 jdolecek 606: .It Li KERN_MAXPTYS
1.98 wiz 607: The maximum number of pseudo terminals.
608: This value can be both raised and lowered, though it cannot
609: be set lower than number of currently used ptys.
610: See also
1.69 jdolecek 611: .Xr pty 4 .
1.1 cgd 612: .It Li KERN_MAXVNODES
1.98 wiz 613: The maximum number of vnodes available on the system.
614: This can only be raised.
1.57 simonb 615: .It Li KERN_MBUF
616: Return information about the mbuf control variables.
617: the third level names for the mbuf variables are detailed below.
618: The changeable column shows whether a process with appropriate
619: privilege may change the value.
620: .Bl -column "MBUFXNMBCLUSTERSXXX" "struct integerXXX" -offset indent
1.118 wiz 621: .It Sy Third level name Type Changeable
1.163 elad 622: .It MBUF\_MBLOWAT integer yes
623: .It MBUF\_MCLBYTES integer yes
624: .It MBUF\_MCLLOWAT integer yes
1.57 simonb 625: .It MBUF\_MSIZE integer yes
626: .It MBUF\_NMBCLUSTERS integer yes
627: .El
628: .Pp
629: The variables are as follows:
630: .Bl -tag -width "123456"
1.163 elad 631: .It Li MBUF_MBLOWAT
632: The mbuf low water mark.
633: .It Li MBUF_MCLBYTES
634: The mbuf cluster size.
635: .It Li MBUF_MCLLOWAT
636: The mbuf cluster low water mark.
1.57 simonb 637: .It Li MBUF_MSIZE
638: The mbuf base size.
639: .It Li MBUF_NMBCLUSTERS
640: The limit on the number of mbuf clusters.
641: The variable can only be increased, and only increased on machines with
1.157 simonb 642: direct-mapped pool pages.
1.57 simonb 643: .El
1.36 kleink 644: .It Li KERN_MEMLOCK
645: Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available
646: on this system,
647: otherwise 0.
648: .It Li KERN_MEMLOCK_RANGE
649: Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available
650: on this system,
651: otherwise 0.
652: .It Li KERN_MEMORY_PROTECTION
653: Returns 1 if the POSIX 1003.1b Memory Protection Option is available
654: on this system,
1.85 kleink 655: otherwise 0.
656: .It Li KERN_MONOTONIC_CLOCK
657: Returns the standard version the implementation of the POSIX 1003.1b
658: Monotonic Clock Option conforms to,
1.36 kleink 659: otherwise 0.
1.58 simonb 660: .It Li KERN_MSGBUF
661: The kernel message buffer, rotated so that the head of the circular kernel
662: message buffer is returned at the start of the buffer specified by
663: .Fa oldp .
664: The returned data may contain NUL bytes.
1.16 leo 665: .It Li KERN_MSGBUFSIZE
666: The maximum number of characters that the kernel message buffer can hold.
1.1 cgd 667: .It Li KERN_NGROUPS
668: The maximum number of supplemental groups.
1.57 simonb 669: .It Li KERN_NTPTIME
670: A
671: .Va struct ntptimeval
672: structure is returned.
673: This structure contains data used by the
674: .Xr ntpd 8
675: program.
1.1 cgd 676: .It Li KERN_OSRELEASE
677: The system release string.
678: .It Li KERN_OSREV
679: The system revision string.
680: .It Li KERN_OSTYPE
681: The system type string.
1.163 elad 682: .It Li KERN_PIPE
683: Pipe settings.
684: The third level names for the integer pipe settings is detailed below.
685: The changeable column shows whether a process with appropriate
686: privilege may change the value.
687: .Bl -column "KERNXPIPEXFOOXXX" "integerXXX" -offset indent
688: .It Sy Third level name Type Changeable
689: .It KERN\_PIPE\_KVASIZ integer yes
690: .It KERN\_PIPE\_MAXBIGPIPES integer yes
691: .It KERN\_PIPE\_MAXKVASZ integer yes
692: .It KERN\_PIPE\_LIMITKVA integer yes
693: .It KERN\_PIPE\_NBIGPIPES integer yes
694: .El
695: .Pp
696: The variables are as follows:
697: .Bl -tag -width "123456"
698: .It Li KERN_PIPE_KVASIZ
699: Amount of kernel memory consumed by pipe buffers.
700: .It Li KERN_PIPE_MAXBIGPIPES
701: Maximum number of "big" pipes.
702: .It Li KERN_PIPE_MAXKVASZ
703: Maximum amount of kernel memory to be used for pipes.
704: .It Li KERN_PIPE_LIMITKVA
705: Limit for direct transfers via page loan.
706: .It Li KERN_PIPE_NBIGPIPES
707: Number of "big" pipes.
708: .El
1.1 cgd 709: .It Li KERN_POSIX1
710: The version of ISO/IEC 9945 (POSIX 1003.1) with which the system
711: attempts to comply.
1.108 kleink 712: .It Li KERN_POSIX_BARRIERS
713: The version of
714: .St -p1003.1
715: and its
716: Barriers
717: option to which the system attempts to conform,
718: otherwise 0.
719: .It Li KERN_POSIX_READER_WRITER_LOCKS
720: The version of
721: .St -p1003.1
722: and its
723: Read-Write Locks
724: option to which the system attempts to conform,
725: otherwise 0.
726: .It Li KERN_POSIX_SEMAPHORES
727: The version of
728: .St -p1003.1
729: and its
730: Semaphores
731: option to which the system attempts to conform,
732: otherwise 0.
733: .It Li KERN_POSIX_SPIN_LOCKS
734: The version of
735: .St -p1003.1
736: and its
737: Spin Locks
738: option to which the system attempts to conform,
739: otherwise 0.
740: .It Li KERN_POSIX_THREADS
741: The version of
742: .St -p1003.1
743: and its
744: Threads
745: option to which the system attempts to conform,
746: otherwise 0.
747: .It Li KERN_POSIX_TIMERS
748: The version of
749: .St -p1003.1
750: and its
751: Timers
752: option to which the system attempts to conform,
753: otherwise 0.
1.1 cgd 754: .It Li KERN_PROC
755: Return the entire process table, or a subset of it.
756: An array of
757: .Va struct kinfo_proc
758: structures is returned,
759: whose size depends on the current number of such objects in the system.
760: The third and fourth level names are as follows:
761: .Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent
1.118 wiz 762: .It Sy Third level name Fourth level is:
1.1 cgd 763: .It KERN\_PROC\_ALL None
1.163 elad 764: .It KERN\_PROC\_GID A group ID
1.1 cgd 765: .It KERN\_PROC\_PID A process ID
766: .It KERN\_PROC\_PGRP A process group
1.163 elad 767: .It KERN\_PROC\_RGID A real group ID
768: .It KERN\_PROC\_RUID A real user ID
1.57 simonb 769: .It KERN\_PROC\_SESSION A session ID
1.1 cgd 770: .It KERN\_PROC\_TTY A tty device
771: .It KERN\_PROC\_UID A user ID
1.57 simonb 772: .El
773: .It Li KERN_PROC2
774: As for KERN_PROC, but an array of
775: .Va struct kinfo_proc2
1.98 wiz 776: structures are returned.
777: The fifth level name is the size of the
1.57 simonb 778: .Va struct kinfo_proc2
779: and the sixth level name is the number of structures to return.
780: .It Li KERN_PROC_ARGS
781: Return the argv or environment strings (or the number thereof)
1.98 wiz 782: of a process.
783: Multiple strings are returned separated by NUL characters.
784: The third level name is the process ID.
785: The fourth level name is as follows:
1.57 simonb 786: .Bl -column "Third level nameXXXXXX" -offset indent
787: .It KERN\_PROC\_ARGV The argv strings
1.163 elad 788: .It KERN\_PROC\_ENV The environ strings
1.57 simonb 789: .It KERN\_PROC\_NARGV The number of argv strings
790: .It KERN\_PROC\_NENV The number of environ strings
1.1 cgd 791: .El
792: .It Li KERN_PROF
793: Return profiling information about the kernel.
794: If the kernel is not compiled for profiling,
795: attempts to retrieve any of the KERN_PROF values will
796: fail with EOPNOTSUPP.
1.25 fair 797: The third level names for the string and integer profiling information
1.1 cgd 798: is detailed below.
799: The changeable column shows whether a process with appropriate
800: privilege may change the value.
801: .Bl -column "GPROFXGMONPARAMXXX" "struct gmonparamXXX" -offset indent
1.118 wiz 802: .It Sy Third level name Type Changeable
1.1 cgd 803: .It GPROF\_COUNT u_short[\|] yes
804: .It GPROF\_FROMS u_short[\|] yes
1.163 elad 805: .It GPROF\_GMONPARAM struct gmonparam no
806: .It GPROF\_STATE integer yes
1.1 cgd 807: .It GPROF\_TOS struct tostruct yes
808: .El
809: .Pp
810: The variables are as follows:
811: .Bl -tag -width "123456"
1.163 elad 812: .It Li GPROF_COUNT
813: Array of statistical program counter counts.
814: .It Li GPROF_FROMS
815: Array indexed by program counter of call-from points.
816: .It Li GPROF_GMONPARAM
817: Structure giving the sizes of the above arrays.
1.1 cgd 818: .It Li GPROF_STATE
1.144 wiz 819: Profiling state.
820: If set to GMON_PROF_ON, starts profiling.
821: If set to GMON_PROF_OFF, stops profiling.
1.1 cgd 822: .It Li GPROF_TOS
823: Array of
824: .Va struct tostruct
825: describing destination of calls and their counts.
826: .El
1.6 thorpej 827: .It Li KERN_RAWPARTITION
828: The raw partition of a disk (a == 0).
1.57 simonb 829: .It Li KERN_ROOT_DEVICE
1.123 wiz 830: The name of the root device (e.g.,
831: .Dq wd0 ) .
1.121 dsl 832: .It Li KERN_ROOT_PARTITION
833: The root partition on the root device (a == 0).
1.57 simonb 834: .It Li KERN_RTC_OFFSET
835: Return the offset of real time clock from UTC in minutes.
1.1 cgd 836: .It Li KERN_SAVED_IDS
837: Returns 1 if saved set-group and saved set-user ID is available.
1.163 elad 838: .It Li KERN_SBMAX
839: Maximum socket buffer size.
1.1 cgd 840: .It Li KERN_SECURELVL
841: The system security level.
842: This level may be raised by processes with appropriate privilege.
843: It may only be lowered by process 1.
1.163 elad 844: .It Li KERN_SOMAXKVA
845: Maximum amount of kernel memory to be used for socket buffers.
1.31 kleink 846: .It Li KERN_SYNCHRONIZED_IO
847: Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available
848: on this system,
849: otherwise 0.
1.57 simonb 850: .It Li KERN_SYSVIPC_INFO
851: Return System V style IPC configuration and run-time information.
852: The third level name selects the System V style IPC facility.
853: .Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent
1.117 wiz 854: .It Sy Third level name Type
1.57 simonb 855: .It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info
856: .It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info
857: .It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info
858: .El
859: .Pp
860: .Bl -tag -width "123456"
861: .It Li KERN_SYSVIPC_MSG_INFO
1.98 wiz 862: Return information on the System V style message facility.
863: The
1.57 simonb 864: .Sy msg_sysctl_info
865: structure is defined in
866: .Aq Pa sys/msg.h .
867: .It Li KERN_SYSVIPC_SEM_INFO
1.98 wiz 868: Return information on the System V style semaphore facility.
869: The
1.57 simonb 870: .Sy sem_sysctl_info
871: structure is defined in
872: .Aq Pa sys/sem.h .
873: .It Li KERN_SYSVIPC_SHM_INFO
1.98 wiz 874: Return information on the System V style shared memory facility.
875: The
1.57 simonb 876: .Sy shm_sysctl_info
877: structure is defined in
878: .Aq Pa sys/shm.h .
879: .El
1.29 kleink 880: .It Li KERN_SYSVMSG
1.31 kleink 881: Returns 1 if System V style message queue functionality is available
882: on this system,
883: otherwise 0.
1.29 kleink 884: .It Li KERN_SYSVSEM
1.31 kleink 885: Returns 1 if System V style semaphore functionality is available
886: on this system,
887: otherwise 0.
1.29 kleink 888: .It Li KERN_SYSVSHM
1.31 kleink 889: Returns 1 if System V style share memory functionality is available
890: on this system,
891: otherwise 0.
1.163 elad 892: .It Li KERN_TIMEX
893: Not available.
1.84 simonb 894: .It Li KERN_TKSTAT
895: Return information about the number of characters sent and received
1.98 wiz 896: on ttys.
897: The third level names for the tty statistic variables are detailed below.
898: The changeable column shows whether a process
1.84 simonb 899: with appropriate privilege may change the value.
900: .Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent
1.118 wiz 901: .It Sy Third level name Type Changeable
1.163 elad 902: .It KERN\_TKSTAT\_CANCC quad no
1.84 simonb 903: .It KERN\_TKSTAT\_NIN quad no
904: .It KERN\_TKSTAT\_NOUT quad no
905: .It KERN\_TKSTAT\_RAWCC quad no
906: .El
907: .Pp
908: The variables are as follows:
909: .Bl -tag -width "123456"
1.163 elad 910: .It Li KERN_TKSTAT_CANCC
911: The number of canonical input characters.
1.84 simonb 912: .It Li KERN_TKSTAT_NIN
913: The total number of input characters.
914: .It Li KERN_TKSTAT_NOUT
915: The total number of output characters.
916: .It Li KERN_TKSTAT_RAWCC
917: The number of raw input characters.
918: .El
1.163 elad 919: .It Li KERN_URND
920: Random integer value.
1.147 elad 921: .It Li KERN_VERIEXEC
1.149 wiz 922: Tunings for Verified Exec.
923: Third level names for the veriexec variables are detailed below.
1.147 elad 924: The changeable column shows whether a process with appropriate
925: privilege may change the value or only raise it.
926: Only the superuser can modify these variables.
927: .Bl -column "VERIEXECXALGORITHMSXXX" "struct integerXXX" -offset indent
928: .It Sy Third level name Type Changeable
929: .It VERIEXEC\_ALGORITHMS string no
1.158 elad 930: .It VERIEXEC\_COUNT node not applicable
1.163 elad 931: .It VERIEXEC\_STRICT integer raise only
932: .It VERIEXEC\_VERBOSE integer yes
1.147 elad 933: .El
934: .Pp
935: The variables are as follows:
936: .Bl -tag -width "123456"
1.163 elad 937: .It Li VERIEXEC_ALGORITHMS
938: Returns a string with the supported algorithms in Verified Exec.
939: .It Li VERIEXEC_COUNT
940: Variables are added to this node as new hash tables are created to
941: contain Verified Exec data for a new device.
942: Each variable in the node
943: will have a name in the form of
944: .No dev_ Ns Aq id
945: where
946: .Aq id
947: is the device id.
948: For example, the variable for the root device may be dev_0.
949: The value of this
950: variable will be the amount of fingerprinted files on the device.
1.147 elad 951: .It Li VERIEXEC_STRICT
1.149 wiz 952: Controls the strict level of Verified Exec.
953: The strict level defines how
1.147 elad 954: Verified Exec will treat various situations.
955: In strict level 0, the system is in learning mode and will only warn about
956: fingerprint mismatches, aswell as allow removal of fingerprinted files.
1.150 elad 957: It is the only level where fingerprints can be loaded.
958: In strict level 1, the system is in IDS mode.
959: It will deny access to files with mismatched fingerprints.
960: In strict level 2, the system is in IPS mode.
1.149 wiz 961: It has all effects of
1.150 elad 962: strict level 1, plus it will deny write access to monitored files,
963: prevent their removal, and enforce access type (direct, indirect, file).
1.151 wiz 964: Strict level 3 operates as lockdown mode.
965: It will have all effects of
1.150 elad 966: strict level 2, but it will also prevent access to non-monitored files.
967: Furthermore, it will prevent addition of new files to the system, and
968: allow writing only to files opened before the strict level was raised.
1.163 elad 969: .It Li VERIEXEC_VERBOSE
970: Controls the verbosity level of Verified Exec.
971: If 0, only the minimal
972: indication required will be given about what's happening - fingerprint
973: mismatches, removal of entries from the tables, modification of a
974: fingerprinted file.
975: If 1, more messages will be printed (ie., when a file with a valid
976: fingerprint is accessed).
977: Verbose level 2 is debug mode.
1.147 elad 978: .El
1.1 cgd 979: .It Li KERN_VERSION
980: The system version string.
981: .It Li KERN_VNODE
982: Return the entire vnode table.
983: Note, the vnode table is not necessarily a consistent snapshot of
984: the system.
985: The returned data consists of an array whose size depends on the
986: current number of such objects in the system.
987: Each element of the array contains the kernel address of a vnode
988: .Va struct vnode *
989: followed by the vnode itself
990: .Va struct vnode .
991: .El
992: .Sh CTL_MACHDEP
993: The set of variables defined is architecture dependent.
994: Most architectures define at least the following variables.
995: .Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent
1.118 wiz 996: .It Sy Second level name Type Changeable
1.1 cgd 997: .It Li CPU_CONSDEV dev_t no
998: .El
999: .Sh CTL_NET
1000: The string and integer information available for the CTL_NET level
1001: is detailed below.
1002: The changeable column shows whether a process with appropriate
1003: privilege may change the value.
1.146 atatat 1004: The second and third levels are typically the protocol family and
1005: protocol number, though this is not always the case.
1.1 cgd 1006: .Bl -column "Second level nameXXXXXX" "routing messagesXXX" -offset indent
1.118 wiz 1007: .It Sy Second level name Type Changeable
1.1 cgd 1008: .It PF\_ROUTE routing messages no
1.41 itojun 1009: .It PF\_INET IPv4 values yes
1010: .It PF\_INET6 IPv6 values yes
1.93 itojun 1011: .It PF\_KEY IPsec key management values yes
1.1 cgd 1012: .El
1013: .Pp
1014: .Bl -tag -width "123456"
1015: .It Li PF_ROUTE
1016: Return the entire routing table or a subset of it.
1017: The data is returned as a sequence of routing messages (see
1018: .Xr route 4
1019: for the header file, format and meaning).
1020: The length of each message is contained in the message header.
1021: .Pp
1022: The third level name is a protocol number, which is currently always 0.
1023: The fourth level name is an address family, which may be set to 0 to
1024: select all address families.
1025: The fifth and sixth level names are as follows:
1026: .Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent
1.118 wiz 1027: .It Sy Fifth level name Sixth level is:
1.1 cgd 1028: .It NET\_RT\_FLAGS rtflags
1029: .It NET\_RT\_DUMP None
1030: .It NET\_RT\_IFLIST None
1031: .El
1032: .It Li PF_INET
1.41 itojun 1033: Get or set various global information about the IPv4
1034: .Pq Internet Protocol version 4 .
1.1 cgd 1035: The third level name is the protocol.
1036: The fourth level name is the variable name.
1037: The currently defined protocols and names are:
1.9 thorpej 1038: .Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent
1.118 wiz 1039: .It Sy Protocol name Variable name Type Changeable
1.160 elad 1040: .It arp down integer yes
1041: .It arp keep integer yes
1042: .It arp prune integer yes
1043: .It arp refresh integer yes
1044: .It icmp errppslimit integer yes
1045: .It icmp maskrepl integer yes
1046: .It icmp rediraccept integer yes
1047: .It icmp redirtimeout integer yes
1048: .It ip allowsrcrt integer yes
1049: .It ip anonportmax integer yes
1050: .It ip anonportmin integer yes
1051: .It ip checkinterface integer yes
1052: .It ip directed-broadcast integer yes
1053: .It ip do_loopback_cksum integer yes
1.1 cgd 1054: .It ip forwarding integer yes
1.8 thorpej 1055: .It ip forwsrcrt integer yes
1.41 itojun 1056: .It ip gifttl integer yes
1.90 martin 1057: .It ip grettl integer yes
1.160 elad 1058: .It ip hostzerobroadcast integer yes
1.67 itojun 1059: .It ip lowportmin integer yes
1060: .It ip lowportmax integer yes
1.160 elad 1061: .It ip maxfragpackets integer yes
1062: .It ip mtudisc integer yes
1063: .It ip mtudisctimeout integer yes
1064: .It ip random_id integer yes
1065: .It ip redirect integer yes
1066: .It ip subnetsarelocal integer yes
1067: .It ip ttl integer yes
1.8 thorpej 1068: .It tcp rfc1323 integer yes
1.15 thorpej 1069: .It tcp sendspace integer yes
1070: .It tcp recvspace integer yes
1.26 thorpej 1071: .It tcp mssdflt integer yes
1.15 thorpej 1072: .It tcp syn_cache_limit integer yes
1073: .It tcp syn_bucket_limit integer yes
1074: .It tcp syn_cache_interval integer yes
1.18 thorpej 1075: .It tcp init_win integer yes
1.110 thorpej 1076: .It tcp init_win_local integer yes
1.24 kml 1077: .It tcp mss_ifmtu integer yes
1.26 thorpej 1078: .It tcp sack integer yes
1079: .It tcp win_scale integer yes
1080: .It tcp timestamps integer yes
1081: .It tcp compat_42 integer yes
1082: .It tcp cwm integer yes
1083: .It tcp cwm_burstsize integer yes
1.28 thorpej 1084: .It tcp ack_on_push integer yes
1.32 mouse 1085: .It tcp keepidle integer yes
1086: .It tcp keepintvl integer yes
1.54 itojun 1087: .It tcp keepcnt integer yes
1.32 mouse 1088: .It tcp slowhz integer no
1.33 matt 1089: .It tcp newreno integer yes
1.35 ad 1090: .It tcp log_refused integer yes
1.63 itojun 1091: .It tcp rstppslimit integer yes
1.116 christos 1092: .It tcp ident struct no
1.1 cgd 1093: .It udp checksum integer yes
1.160 elad 1094: .It udp do_loopback_cksum integer yes
1095: .It udp recvspace integer yes
1.15 thorpej 1096: .It udp sendspace integer yes
1.1 cgd 1097: .El
1098: .Pp
1099: The variables are as follows:
1100: .Bl -tag -width "123456"
1.160 elad 1101: .It Li arp.down
1102: Failed ARP entry lifetime.
1103: .It Li arp.keep
1104: Valid ARP entry lifetime.
1105: .It Li arp.prune
1106: ARP cache pruning interval.
1107: .It Li arp.refresh
1108: ARP entry refresh interval.
1.17 thorpej 1109: .It Li ip.allowsrcrt
1.144 wiz 1110: If set to 1, the host accepts source routed packets.
1.19 lukem 1111: .It Li ip.anonportmax
1112: The highest port number to use for TCP and UDP ephemeral port allocation.
1.67 itojun 1113: This cannot be set to less than 1024 or greater than 65535, and must
1.19 lukem 1114: be greater than
1115: .Li ip.anonportmin .
1.160 elad 1116: .It Li ip.anonportmin
1117: The lowest port number to use for TCP and UDP ephemeral port allocation.
1118: This cannot be set to less than 1024 or greater than 65535.
1119: .It Li ip.checkinterface
1120: If set to non-zero, the host will reject packets addressed to it
1121: that arrive on an interface not bound to that address.
1122: Currently, this must be disabled if ipnat is used to translate the
1123: destination address to another local interface, or if addresses
1124: are added to the loopback interface instead of the interface where
1125: the packets for those packets are received.
1126: .It Li ip.directed-broadcast
1127: If set to 1, enables directed broadcast behavior for the host.
1128: .It Li ip.do_loopback_cksum
1129: Perform IP checksum on loopback.
1130: .It Li ip.forwarding
1131: If set to 1, enables IP forwarding for the host,
1132: meaning that the host is acting as a router.
1133: .It Li ip.forwsrcrt
1134: If set to 1, enables forwarding of source-routed packets for the host.
1135: This value may only be changed if the kernel security level is less than 1.
1.41 itojun 1136: .It Li ip.gifttl
1137: The maximum time-to-live (hop count) value for an IPv4 packet generated by
1138: .Xr gif 4
1.90 martin 1139: tunnel interface.
1140: .It Li ip.grettl
1141: The maximum time-to-live (hop count) value for an IPv4 packet generated by
1142: .Xr gre 4
1.41 itojun 1143: tunnel interface.
1.160 elad 1144: .It Li ip.hostzerobroadcast
1145: All zeroes address is broadcast address.
1146: .It Li ip.lowportmax
1147: The highest port number to use for TCP and UDP reserved port allocation.
1148: This cannot be set to less than 0 or greater than 1024, and must
1149: be greater than
1150: .Li ip.lowportmin .
1.67 itojun 1151: .It Li ip.lowportmin
1152: The lowest port number to use for TCP and UDP reserved port allocation.
1153: This cannot be set to less than 0 or greater than 1024, and must
1154: be smaller than
1155: .Li ip.lowportmax .
1.75 itojun 1156: .It Li ip.maxfragpackets
1157: The maximum number of fragmented packets the node will accept.
1158: 0 means that the node will not accept any fragmented packets.
1.99 wiz 1159: \-1 means that the node will accept as many fragmented packets as it receives.
1.75 itojun 1160: The flag is provided basically for avoiding possible DoS attacks.
1.160 elad 1161: .It Li ip.mtudisc
1162: If set to 1, enables Path MTU Discovery (RFC 1191).
1163: When Path MTU Discovery is enabled, the transmitted TCP segment
1164: size will be determined by the advertised maximum segment size
1165: (MSS) from the remote end, as constrained by the path MTU.
1166: If MTU Discovery is disabled, the transmitted segment size will
1167: never be greater than
1168: .Li tcp.mssdflt
1169: (the local maximum segment size).
1170: .It Li ip.mtudisctimeout
1171: The number of seconds in which a route added by the Path MTU
1172: Discovery engine will time out.
1173: When the route times out, the Path
1174: MTU Discovery engine will attempt to probe a larger path MTU.
1175: .It Li ip.random_id
1176: Assign random ip_id values.
1177: .It Li ip.redirect
1178: If set to 1, ICMP redirects may be sent by the host.
1179: This option is ignored unless the host is routing IP packets,
1180: and should normally be enabled on all systems.
1181: .It Li ip.subnetsarelocal
1182: If set to 1, subnets are to be considered local addresses.
1183: .It Li ip.ttl
1184: The maximum time-to-live (hop count) value for an IP packet sourced by
1185: the system.
1186: This value applies to normal transport protocols, not to ICMP.
1.62 itojun 1187: .It Li icmp.errppslimit
1188: The variable specifies the maximum number of outgoing ICMP error messages,
1189: per second.
1190: ICMP error messages that exceeded the value are subject to rate limitation
1191: and will not go out from the node.
1.65 itojun 1192: Negative value disables rate limitation.
1.160 elad 1193: .It Li icmp.maskrepl
1194: If set to 1, ICMP network mask requests are to be answered.
1.80 kml 1195: .It Li icmp.rediraccept
1196: If set to non-zero, the host will accept ICMP redirect packets.
1197: Note that routers will never accept ICMP redirect packets,
1198: and the variable is meaningful on IP hosts only.
1199: .It Li icmp.redirtimeout
1200: The variable specifies lifetime of routing entries generated by incoming
1.95 itojun 1201: ICMP redirect.
1202: This defaults to 600 seconds.
1.160 elad 1203: .It Li icmp.returndatabytes
1204: Number of bytes to return in an ICMP error message.
1205: .It Li tcp.ack_on_push
1206: If set to 1, TCP is to immediately transmit an ACK upon reception of
1207: a packet with PUSH set.
1208: This can avoid losing a round trip time in some rare situations,
1209: but has the caveat of potentially defeating TCP's delayed ACK algorithm.
1210: Use of this option is generally not recommended, but
1211: the variable exists in case your configuration really needs it.
1.26 thorpej 1212: .It Li tcp.compat_42
1.144 wiz 1213: If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation.
1.98 wiz 1214: Use of this option is not recommended, although it may be
1.26 thorpej 1215: required in order to communicate with extremely old TCP implementations.
1216: .It Li tcp.cwm
1.144 wiz 1217: If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window
1218: Monitoring algorithm.
1.98 wiz 1219: This algorithm prevents line-rate bursts of packets that could
1220: otherwise occur when data begins flowing on an idle TCP connection.
1221: These line-rate bursts can contribute to network and router congestion.
1222: This can be particularly useful on World Wide Web servers
1.26 thorpej 1223: which support HTTP/1.1, which has lingering connections.
1.28 thorpej 1224: .It Li tcp.cwm_burstsize
1.144 wiz 1225: The Congestion Window Monitoring allowed burst size, in terms
1.28 thorpej 1226: of packet count.
1.160 elad 1227: .It Li tcp.delack_ticks
1228: Number of ticks to delay sending an ACK.
1229: .It Li tcp.do_loopback_cksum
1230: Perform TCP checksum on loopback.
1231: .It Li tcp.init_win
1232: A value indicating the TCP initial congestion window.
1233: If this value is 0, an auto-tuning algorithm designed to use an initial
1234: window of approximately 4K bytes is in use.
1235: Otherwise, this value indicates a fixed number of packets.
1236: .It Li tcp.init_win_local
1237: Like
1238: .Li tcp.init_win ,
1239: but used when communicating with hosts on a local network.
1240: .It Li tcp.keepcnt
1241: Number of keepalive probes sent before declaring a connection dead.
1242: If set to zero, there is no limit;
1243: keepalives will be sent until some kind of
1244: response is received from the peer.
1.32 mouse 1245: .It Li tcp.keepidle
1246: Time a connection must be idle before keepalives are sent (if keepalives
1.98 wiz 1247: are enabled for the connection).
1248: See also tcp.slowhz.
1.32 mouse 1249: .It Li tcp.keepintvl
1250: Time after a keepalive probe is sent until, in the absence of any response,
1.98 wiz 1251: another probe is sent.
1252: See also tcp.slowhz.
1.160 elad 1253: .It Li tcp.log_refused
1254: If set to 1, refused TCP connections to the host will be logged.
1255: .It Li tcp.mss_ifmtu
1256: If set to 1, TCP calculates the outgoing maximum segment size based on
1257: the MTU of the appropriate interface.
1258: If set to 0, it is calculated based on the greater of the MTU of the
1259: interface, and the largest (non-loopback) interface MTU on the system.
1260: .It Li tcp.mssdflt
1261: The default maximum segment size both advertised to the peer
1262: and to use when either the peer does not advertise a maximum segment size to
1263: us during connection setup or Path MTU Discovery
1264: .Li ( ip.mtudisc )
1265: is disabled.
1266: Do not change this value unless you really know what you are doing.
1.33 matt 1267: .It Li tcp.newreno
1.144 wiz 1268: If set to 1, enables the use of J.
1269: Hoe's NewReno congestion control algorithm.
1.98 wiz 1270: This algorithm improves the start-up behavior of TCP connections.
1.160 elad 1271: .It Li tcp.recvspace
1272: The default TCP receive buffer size.
1273: .It Li tcp.rfc1323
1274: If set to 1, enables RFC 1323 extensions to TCP.
1.63 itojun 1275: .It Li tcp.rstppslimit
1276: The variable specifies the maximum number of outgoing TCP RST packets,
1277: per second.
1278: TCP RST packet that exceeded the value are subject to rate limitation
1279: and will not go out from the node.
1.65 itojun 1280: Negative value disables rate limitation.
1.160 elad 1281: .It Li tcp.sack.enable
1282: If set to 1, enables RFC 2018 Selective ACKnowledgement.
1283: .It Li tcp.sack.globalholes
1284: Global number of TCP SACK holes.
1285: .It Li tcp.sack.globalmaxholes
1286: Global maximum number of TCP SACK holes.
1287: .It Li tcp.sack.maxholes
1288: Maximum number of TCP SACK holes allowed per connection.
1289: .It Li tcp.sendspace
1290: The default TCP send buffer size.
1291: .It Li tcp.slowhz
1292: The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks
1293: of a clock that ticks tcp.slowhz times per second.
1294: (That is, their values
1295: must be divided by the tcp.slowhz value to get times in seconds.)
1296: .It Li tcp.syn_bucket_limit
1297: The maximum number of entries allowed per hash bucket in the TCP
1298: compressed state engine.
1299: .It Li tcp.syn_cache_limit
1300: The maximum number of entries allowed in the TCP compressed state
1301: engine.
1302: .It Li tcp.timestamps
1303: If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options,
1304: used for measuring TCP round trip times, are enabled.
1305: .It Li tcp.win_scale
1306: If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options,
1307: for increasing the TCP window size, are enabled.
1.1 cgd 1308: .It Li udp.checksum
1.144 wiz 1309: If set to 1, UDP checksums are being computed.
1.136 heas 1310: Received non-zero UDP checksums are always checked.
1.1 cgd 1311: Disabling UDP checksums is strongly discouraged.
1.15 thorpej 1312: .It Li udp.sendspace
1.144 wiz 1313: The default UDP send buffer size.
1.15 thorpej 1314: .It Li udp.recvspace
1.144 wiz 1315: The default UDP receive buffer size.
1.34 erh 1316: .El
1.39 hwr 1317: .Pp
1318: For variables net.*.ipsec, please refer to
1319: .Xr ipsec 4 .
1.41 itojun 1320: .It Li PF_INET6
1321: Get or set various global information about the IPv6
1322: .Pq Internet Protocol version 6 .
1323: The third level name is the protocol.
1324: The fourth level name is the variable name.
1325: The currently defined protocols and names are:
1326: .Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent
1.117 wiz 1327: .It Sy Protocol name Variable name Type Changeable
1.160 elad 1328: .It icmp6 errppslimit integer yes
1329: .It icmp6 mtudisc_hiwat integer yes
1330: .It icmp6 mtudisc_lowat integer yes
1331: .It icmp6 nd6_debug integer yes
1332: .It icmp6 nd6_delay integer yes
1333: .It icmp6 nd6_maxnudhint integer yes
1334: .It icmp6 nd6_mmaxtries integer yes
1335: .It icmp6 nd6_prune integer yes
1336: .It icmp6 nd6_umaxtries integer yes
1337: .It icmp6 nd6_useloopback integer yes
1338: .It icmp6 nodeinfo integer yes
1339: .It icmp6 rediraccept integer yes
1340: .It icmp6 redirtimeout integer yes
1341: .It ip6 accept_rtadv integer yes
1342: .It ip6 anonportmax integer yes
1343: .It ip6 anonportmin integer yes
1344: .It ip6 auto_flowlabel integer yes
1345: .It ip6 dad_count integer yes
1346: .It ip6 defmcasthlim integer yes
1.41 itojun 1347: .It ip6 forwarding integer yes
1.160 elad 1348: .It ip6 gifhlim integer yes
1.41 itojun 1349: .It ip6 hlim integer yes
1.160 elad 1350: .It ip6 hdrnestlimit integer yes
1351: .It ip6 kame_version string no
1.41 itojun 1352: .It ip6 keepfaith integer yes
1353: .It ip6 log_interval integer yes
1.160 elad 1354: .It ip6 lowportmax integer yes
1355: .It ip6 lowportmin integer yes
1356: .It ip6 maxfragpackets integer yes
1357: .It ip6 maxfrags integer yes
1358: .It ip6 redirect integer yes
1359: .It ip6 rr_prune integer yes
1.46 itojun 1360: .It ip6 use_deprecated integer yes
1.92 itojun 1361: .It ip6 v6only integer yes
1.160 elad 1362: .It udp6 do_loopback_cksum integer yes
1363: .It udp6 recvspace integer yes
1.55 itojun 1364: .It udp6 sendspace integer yes
1.41 itojun 1365: .El
1366: .Pp
1367: The variables are as follows:
1368: .Bl -tag -width "123456"
1.160 elad 1369: .It Li ip6.accept_rtadv
1370: If set to non-zero, the node will accept ICMPv6 router advertisement packets
1371: and autoconfigures address prefixes and default routers.
1372: The node must be a host
1373: .Pq not a router
1374: for the option to be meaningful.
1375: .It Li ip6.anonportmax
1376: The highest port number to use for TCP and UDP ephemeral port allocation.
1377: This cannot be set to less than 1024 or greater than 65535, and must
1378: be greater than
1379: .Li ip6.anonportmin .
1380: .It Li ip6.anonportmin
1381: The lowest port number to use for TCP and UDP ephemeral port allocation.
1382: This cannot be set to less than 1024 or greater than 65535.
1383: .It Li ip6.auto_flowlabel
1384: On connected transport protocol packets,
1385: fill IPv6 flowlabel field to help intermediate routers to identify packet flows.
1386: .It Li ip6.dad_count
1387: The variable configures number of IPv6 DAD
1388: .Pq duplicated address detection
1389: probe packets.
1390: The packets will be generated when IPv6 interface addresses are configured.
1391: .It Li ip6.defmcasthlim
1392: The default hop limit value for an IPv6 multicast packet sourced by the node.
1393: This value applies to all the transport protocols on top of IPv6.
1394: There are APIs to override the value, as documented in
1395: .Xr ip6 4 .
1.41 itojun 1396: .It Li ip6.forwarding
1.144 wiz 1397: If set to 1, enables IPv6 forwarding for the node,
1.41 itojun 1398: meaning that the node is acting as a router.
1.144 wiz 1399: If set to 0, disables IPv6 forwarding for the node,
1.47 itojun 1400: meaning that the node is acting as a host.
1401: IPv6 specification defines node behavior for
1402: .Dq router
1403: case and
1404: .Dq host
1405: case quite differently, and changing this variable during operation
1406: may cause serious trouble.
1407: It is recommended to configure the variable at bootstrap time,
1408: and bootstrap time only.
1.160 elad 1409: .It Li ip6.gifhlim
1410: The maximum hop limit value for an IPv6 packet generated by
1411: .Xr gif 4
1412: tunnel interface.
1413: .It Li ip6.hdrnestlimit
1414: The number of IPv6 extension headers permitted on incoming IPv6 packets.
1415: If set to 0, the node will accept as many extension headers as possible.
1.41 itojun 1416: .It Li ip6.hlim
1417: The default hop limit value for an IPv6 unicast packet sourced by the node.
1418: This value applies to all the transport protocols on top of IPv6.
1419: There are APIs to override the value, as documented in
1420: .Xr ip6 4 .
1.160 elad 1421: .It Li ip6.kame_version
1422: The string identifies the version of KAME IPv6 stack implemented in the kernel.
1.41 itojun 1423: .It Li ip6.keepfaith
1424: If set to non-zero, it enables
1425: .Dq FAITH
1426: TCP relay IPv6-to-IPv4 translator code in the kernel.
1427: Refer
1428: .Xr faith 4
1429: and
1430: .Xr faithd 8
1431: for detail.
1432: .It Li ip6.log_interval
1433: The variable controls amount of logs generated by IPv6 packet
1.107 jschauma 1434: forwarding engine, by setting interval between log output
1.41 itojun 1435: .Pq in seconds .
1.160 elad 1436: .It Li ip6.lowportmax
1437: The highest port number to use for TCP and UDP reserved port allocation.
1438: This cannot be set to less than 0 or greater than 1024, and must
1439: be greater than
1440: .Li ip6.lowportmin .
1441: .It Li ip6.lowportmin
1442: The lowest port number to use for TCP and UDP reserved port allocation.
1443: This cannot be set to less than 0 or greater than 1024, and must
1444: be smaller than
1445: .Li ip6.lowportmax .
1446: .It Li ip6.maxfragpackets
1447: The maximum number of fragmented packets the node will accept.
1448: 0 means that the node will not accept any fragmented packets.
1449: \-1 means that the node will accept as many fragmented packets as it receives.
1450: The flag is provided basically for avoiding possible DoS attacks.
1451: .It Li ip6.maxfrags
1452: The maximum number of fragments the node will accept.
1453: 0 means that the node will not accept any fragments.
1454: \-1 means that the node will accept as many fragments as it receives.
1455: The flag is provided basically for avoiding possible DoS attacks.
1456: .It Li ip6.redirect
1457: If set to 1, ICMPv6 redirects may be sent by the node.
1458: This option is ignored unless the node is routing IP packets,
1459: and should normally be enabled on all systems.
1.44 itojun 1460: .It Li ip6.rr_prune
1461: The variable specifies interval between IPv6 router renumbering prefix
1462: babysitting, in seconds.
1.160 elad 1463: .It Li ip6.use_deprecated
1464: The variable controls use of deprecated address, specified in RFC 2462 5.5.4.
1.92 itojun 1465: .It Li ip6.v6only
1.46 itojun 1466: The variable specifies initial value for
1.91 itojun 1467: .Dv IPV6_V6ONLY
1.46 itojun 1468: socket option for
1469: .Dv AF_INET6
1470: socket.
1471: Please refer to
1472: .Xr ip6 4
1473: for detail.
1.160 elad 1474: .It Li icmp6.errppslimit
1475: The variable specifies the maximum number of outgoing ICMPv6 error messages,
1476: per second.
1477: ICMPv6 error messages that exceeded the value are subject to rate limitation
1478: and will not go out from the node.
1479: Negative value disables rate limitation.
1480: .It Li icmp6.mtudisc_hiwat
1481: .It Li icmp6.mtudisc_lowat
1482: The variables define the maximum number of routing table entries,
1483: created due to path MTU discovery
1484: .Pq prevents denial-of-service attacks with ICMPv6 too big messages .
1485: When IPv6 path MTU discovery happens, we keep path MTU information into
1486: the routing table.
1487: If the number of routing table entries exceed the value,
1488: the kernel will not attempt to keep the path MTU information.
1489: .Li icmp6.mtudisc_hiwat
1490: is used when we have verified ICMPv6 too big messages.
1491: .Li icmp6.mtudisc_lowat
1492: is used when we have unverified ICMPv6 too big messages.
1493: Verification is performed by using address/port pairs kept in connected pcbs.
1494: Negative value disables the upper limit.
1495: .It Li icmp6.nd6_debug
1496: If set to non-zero, kernel IPv6 neighbor discovery code will generate
1497: debugging messages.
1498: The debug outputs are useful to diagnose IPv6 interoperability issues.
1499: The flag must be set to 0 for normal operation.
1.41 itojun 1500: .It Li icmp6.nd6_delay
1501: The variable specifies
1502: .Dv DELAY_FIRST_PROBE_TIME
1503: timing constant in IPv6 neighbor discovery specification
1.120 wiz 1504: .Pq RFC 2461 ,
1.41 itojun 1505: in seconds.
1.160 elad 1506: .It Li icmp6.nd6_maxnudhint
1507: IPv6 neighbor discovery permits upper layer protocols to supply reachability
1508: hints, to avoid unnecessary neighbor discovery exchanges.
1509: The variable defines the number of consecutive hints the neighbor discovery
1510: layer will take.
1511: For example, by setting the variable to 3, neighbor discovery layer
1512: will take 3 consecutive hints in maximum.
1513: After receiving 3 hints, neighbor discovery layer will perform
1514: normal neighbor discovery process.
1515: .It Li icmp6.nd6_mmaxtries
1.41 itojun 1516: The variable specifies
1.160 elad 1517: .Dv MAX_MULTICAST_SOLICIT
1.41 itojun 1518: constant in IPv6 neighbor discovery specification
1.120 wiz 1519: .Pq RFC 2461 .
1.160 elad 1520: .It Li icmp6.nd6_prune
1521: The variable specifies interval between IPv6 neighbor cache babysitting,
1522: in seconds.
1523: .It Li icmp6.nd6_umaxtries
1.41 itojun 1524: The variable specifies
1.160 elad 1525: .Dv MAX_UNICAST_SOLICIT
1.41 itojun 1526: constant in IPv6 neighbor discovery specification
1.120 wiz 1527: .Pq RFC 2461 .
1.41 itojun 1528: .It Li icmp6.nd6_useloopback
1529: If set to non-zero, kernel IPv6 stack will use loopback interface for
1530: local traffic.
1.43 itojun 1531: .It Li icmp6.nodeinfo
1.79 itojun 1532: The variable enables responses to ICMPv6 node information queries.
1.107 jschauma 1533: If you set the variable to 0, responses will not be generated for
1.79 itojun 1534: ICMPv6 node information queries.
1535: Since node information queries can have a security impact, it is
1536: possible to fine tune which responses should be answered.
1537: Two separate bits can be set.
1538: .Bl -tag -width "12345"
1539: .It 1
1540: Respond to ICMPv6 FQDN queries, e.g.
1541: .Li ping6 -w .
1542: .It 2
1543: Respond to ICMPv6 node addresses queries, e.g.
1544: .Li ping6 -a .
1545: .El
1.160 elad 1546: .It Li icmp6.rediraccept
1547: If set to non-zero, the host will accept ICMPv6 redirect packets.
1548: Note that IPv6 routers will never accept ICMPv6 redirect packets,
1549: and the variable is meaningful on IPv6 hosts
1550: .Pq non-router
1551: only.
1552: .It Li icmp6.redirtimeout
1553: The variable specifies lifetime of routing entries generated by incoming
1554: ICMPv6 redirect.
1555: .It Li udp6.do_loopback_cksum
1556: Perform UDP checksum on loopback.
1557: .It Li udp6.recvspace
1558: Default UDP receive buffer size.
1559: .It Li udp6.sendspace
1560: Default UDP send buffer size.
1.41 itojun 1561: .El
1562: .Pp
1.54 itojun 1563: We reuse net.*.tcp for
1564: .Tn TCP
1565: over
1566: .Tn IPv6 ,
1567: and therefore we do not have variables net.*.tcp6.
1568: Variables net.inet6.udp6 have identical meaning to net.inet.udp.
1.41 itojun 1569: Please refer to
1570: .Li PF_INET
1571: section above.
1572: For variables net.*.ipsec6, please refer to
1573: .Xr ipsec 4 .
1.93 itojun 1574: .It Li PF_KEY
1575: Get or set various global information about the IPsec key management.
1576: The third level name is the variable name.
1577: The currently defined variable and names are:
1578: .Bl -column "blockacq_lifetime" "integer" "yes" -offset indent
1.118 wiz 1579: .It Sy Variable name Type Changeable
1.93 itojun 1580: .It debug integer yes
1581: .It spi_try integer yes
1582: .It spi_min_value integer yes
1583: .It spi_max_value integer yes
1584: .It larval_lifetime integer yes
1585: .It blockacq_count integer yes
1586: .It blockacq_lifetime integer yes
1587: .It esp_keymin integer yes
1588: .It esp_auth integer yes
1589: .It ah_keymin integer yes
1590: .El
1591: The variables are as follows:
1592: .Bl -tag -width "123456"
1593: .It Li debug
1594: Turn on debugging message from within the kernel.
1595: The value is a bitmap, as defined in
1596: .Pa /usr/include/netkey/key_debug.h .
1597: .It Li spi_try
1598: The number of times the kernel will try to obtain an unique SPI
1599: when it generates it from random number generator.
1600: .It Li spi_min_value
1601: Minimum SPI value when generating it within the kernel.
1602: .It Li spi_max_value
1603: Maximum SPI value when generating it within the kernel.
1604: .It Li larval_lifetime
1605: Lifetime for LARVAL SAD entries, in seconds.
1606: .It Li blockacq_count
1607: Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message.
1608: It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the
1609: key management daemon.
1610: .It Li blockacq_lifetime
1611: Lifetime of ACQUIRE PF_KEY message.
1612: .It Li esp_keymin
1613: Minimum ESP key length, in bits.
1614: The value is used when the kernel creates proposal payload
1615: on ACQUIRE PF_KEY message.
1616: .It Li esp_auth
1617: Whether ESP authentication should be used or not.
1618: Non-zero value indicates that ESP authentication should be used.
1619: The value is used when the kernel creates proposal payload
1620: on ACQUIRE PF_KEY message.
1621: .It Li ah_keymin
1.96 wiz 1622: Minimum AH key length, in bits,
1.93 itojun 1623: The value is used when the kernel creates proposal payload
1624: on ACQUIRE PF_KEY message.
1625: .El
1.1 cgd 1626: .El
1.38 bouyer 1627: .Sh CTL_PROC
1628: The string and integer information available for the CTL_PROC
1629: is detailed below.
1630: The changeable column shows whether a process with appropriate
1631: privilege may change the value.
1.98 wiz 1632: These values are per-process,
1633: and as such may change from one process to another.
1634: When a process is created,
1635: the default values are inherited from its parent.
1636: When a set-user-ID or set-group-ID binary is executed, the
1.38 bouyer 1637: value of PROC_PID_CORENAME is reset to the system default value.
1638: The second level name is either the magic value PROC_CURPROC, which
1639: points to the current process, or the PID of the target process.
1640: .Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent
1.118 wiz 1641: .It Sy Third level name Type Changeable
1.38 bouyer 1642: .It PROC\_PID\_CORENAME string yes
1643: .It PROC\_PID\_LIMIT node not applicable
1.126 atatat 1644: .It PROC\_PID\_STOPFORK int yes
1645: .It PROC\_PID\_STOPEXEC int yes
1646: .It PROC\_PID\_STOPEXIT int yes
1.38 bouyer 1647: .El
1648: .Bl -tag -width "123456"
1649: .Pp
1650: .It Li PROC_PID_CORENAME
1651: The template used for the core dump file name (see
1652: .Xr core 5
1.98 wiz 1653: for details).
1654: The base name must either be
1.38 bouyer 1655: .Nm core
1.98 wiz 1656: or end with the suffix ``.core'' (the super-user may set arbitrary names).
1657: By default it points to KERN_DEFCORENAME.
1.38 bouyer 1658: .It Li PROC_PID_LIMIT
1659: Return resources limits, as defined for the
1660: .Xr getrlimit 2
1.77 wiz 1661: and
1.38 bouyer 1662: .Xr setrlimit 2
1663: system calls.
1664: The fourth level name is one of:
1665: .Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA
1666: .It Li PROC_PID_LIMIT_CPU
1.129 wiz 1667: The maximum amount of CPU time (in seconds) to be used by each process.
1.38 bouyer 1668: .It Li PROC_PID_LIMIT_FSIZE
1669: The largest size (in bytes) file that may be created.
1670: .It Li PROC_PID_LIMIT_DATA
1671: The maximum size (in bytes) of the data segment for a process;
1672: this defines how far a program may extend its break with the
1673: .Xr sbrk 2
1674: system call.
1675: .It Li PROC_PID_LIMIT_STACK
1676: The maximum size (in bytes) of the stack segment for a process;
1677: this defines how far a program's stack segment may be extended.
1678: Stack extension is performed automatically by the system.
1679: .It Li PROC_PID_LIMIT_CORE
1680: The largest size (in bytes)
1681: .Pa core
1682: file that may be created.
1683: .It Li PROC_PID_LIMIT_RSS
1684: The maximum size (in bytes) to which a process's resident set size may
1685: grow.
1686: This imposes a limit on the amount of physical memory to be given to
1687: a process; if memory is tight, the system will prefer to take memory
1688: from processes that are exceeding their declared resident set size.
1689: .It Li PROC_PID_LIMIT_MEMLOCK
1690: The maximum size (in bytes) which a process may lock into memory
1691: using the
1692: .Xr mlock 2
1693: function.
1694: .It Li PROC_PID_LIMIT_NPROC
1695: The maximum number of simultaneous processes for this user id.
1696: .It Li PROC_PID_LIMIT_NOFILE
1697: The maximum number of open files for this process.
1698: .El
1699: .Pp
1700: The fifth level name is one of PROC_PID_LIMIT_TYPE_SOFT or
1701: PROC_PID_LIMIT_TYPE_HARD, to select respectively the soft or hard limit.
1702: Both are of type integer.
1.126 atatat 1703: .It Li PROC_PID_STOPFORK
1.101 wiz 1704: If non zero, the process' children will be stopped after
1.100 manu 1705: .Xr fork 2
1.101 wiz 1706: calls.
1707: The children is created in the SSTOP state and is never scheduled
1708: for running before being stopped.
1709: This feature helps attaching a process with a debugger such as
1.100 manu 1710: .Xr gdb 1
1711: before it had the opportunity to actually do anything.
1712: .Pp
1713: This value is inherited by the process's children, and it also
1.101 wiz 1714: apply to emulation specific system calls that fork a new process, such as
1715: .Fn sproc
1716: or
1.100 manu 1717: .Fn clone .
1.126 atatat 1718: .It Li PROC_PID_STOPEXEC
1719: If non zero, the process will be stopped on next
1720: .Xr exec 3
1721: call.
1722: The process created by
1723: .Xr exec 3
1724: is created in the SSTOP state and is never scheduled for running
1725: before being stopped.
1726: This feature helps attaching a process with a debugger such as
1727: .Xr gdb 1
1728: before it had the opportunity to actually do anything.
1729: .Pp
1730: This value is inherited by the process's children.
1731: .It Li PROC_PID_STOPEXIT
1732: If non zero, the process will be stopped on when it has cause to exit,
1733: either by way of calling
1734: .Xr exit 3 ,
1735: .Xr _exit 2 ,
1736: or by the receipt of a specific signal.
1737: The process is stopped before any of its resources or vm space is
1738: released allowing examination of the termination state of a process
1739: before it disappears.
1740: This feature can be used to examine the final conditions of the
1741: process's vmspace via
1742: .Xr pmap 1
1743: or its resource settings with
1744: .Xr sysctl 8
1745: before it disappears.
1746: .Pp
1747: This value is also inherited by the process's children.
1.38 bouyer 1748: .El
1.1 cgd 1749: .Sh CTL_USER
1750: The string and integer information available for the CTL_USER level
1751: is detailed below.
1752: The changeable column shows whether a process with appropriate
1753: privilege may change the value.
1754: .Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent
1.118 wiz 1755: .It Sy Second level name Type Changeable
1.1 cgd 1756: .It USER\_BC\_BASE\_MAX integer no
1757: .It USER\_BC\_DIM\_MAX integer no
1758: .It USER\_BC\_SCALE\_MAX integer no
1759: .It USER\_BC\_STRING\_MAX integer no
1760: .It USER\_COLL\_WEIGHTS\_MAX integer no
1761: .It USER\_CS\_PATH string no
1762: .It USER\_EXPR\_NEST\_MAX integer no
1763: .It USER\_LINE\_MAX integer no
1764: .It USER\_POSIX2\_CHAR\_TERM integer no
1765: .It USER\_POSIX2\_C\_BIND integer no
1766: .It USER\_POSIX2\_C\_DEV integer no
1767: .It USER\_POSIX2\_FORT\_DEV integer no
1768: .It USER\_POSIX2\_FORT\_RUN integer no
1769: .It USER\_POSIX2\_LOCALEDEF integer no
1770: .It USER\_POSIX2\_SW\_DEV integer no
1771: .It USER\_POSIX2\_UPE integer no
1772: .It USER\_POSIX2\_VERSION integer no
1773: .It USER\_RE\_DUP\_MAX integer no
1774: .It USER\_STREAM\_MAX integer no
1775: .It USER\_TZNAME\_MAX integer no
1.106 kleink 1776: .It USER\_ATEXIT\_MAX integer no
1.1 cgd 1777: .El
1778: .Bl -tag -width "123456"
1779: .Pp
1780: .It Li USER_BC_BASE_MAX
1781: The maximum ibase/obase values in the
1782: .Xr bc 1
1783: utility.
1784: .It Li USER_BC_DIM_MAX
1785: The maximum array size in the
1786: .Xr bc 1
1787: utility.
1788: .It Li USER_BC_SCALE_MAX
1789: The maximum scale value in the
1790: .Xr bc 1
1791: utility.
1792: .It Li USER_BC_STRING_MAX
1793: The maximum string length in the
1794: .Xr bc 1
1795: utility.
1796: .It Li USER_COLL_WEIGHTS_MAX
1797: The maximum number of weights that can be assigned to any entry of
1798: the LC_COLLATE order keyword in the locale definition file.
1799: .It Li USER_CS_PATH
1800: Return a value for the
1801: .Ev PATH
1802: environment variable that finds all the standard utilities.
1803: .It Li USER_EXPR_NEST_MAX
1804: The maximum number of expressions that can be nested within
1805: parenthesis by the
1806: .Xr expr 1
1807: utility.
1808: .It Li USER_LINE_MAX
1809: The maximum length in bytes of a text-processing utility's input
1810: line.
1811: .It Li USER_POSIX2_CHAR_TERM
1812: Return 1 if the system supports at least one terminal type capable of
1813: all operations described in POSIX 1003.2, otherwise 0.
1814: .It Li USER_POSIX2_C_BIND
1815: Return 1 if the system's C-language development facilities support the
1816: C-Language Bindings Option, otherwise 0.
1817: .It Li USER_POSIX2_C_DEV
1818: Return 1 if the system supports the C-Language Development Utilities Option,
1819: otherwise 0.
1820: .It Li USER_POSIX2_FORT_DEV
1821: Return 1 if the system supports the FORTRAN Development Utilities Option,
1822: otherwise 0.
1823: .It Li USER_POSIX2_FORT_RUN
1824: Return 1 if the system supports the FORTRAN Runtime Utilities Option,
1825: otherwise 0.
1826: .It Li USER_POSIX2_LOCALEDEF
1827: Return 1 if the system supports the creation of locales, otherwise 0.
1828: .It Li USER_POSIX2_SW_DEV
1829: Return 1 if the system supports the Software Development Utilities Option,
1830: otherwise 0.
1831: .It Li USER_POSIX2_UPE
1832: Return 1 if the system supports the User Portability Utilities Option,
1833: otherwise 0.
1834: .It Li USER_POSIX2_VERSION
1835: The version of POSIX 1003.2 with which the system attempts to comply.
1836: .It Li USER_RE_DUP_MAX
1837: The maximum number of repeated occurrences of a regular expression
1838: permitted when using interval notation.
1.20 perry 1839: .ne 1i
1.1 cgd 1840: .It Li USER_STREAM_MAX
1841: The minimum maximum number of streams that a process may have open
1842: at any one time.
1843: .It Li USER_TZNAME_MAX
1844: The minimum maximum number of types supported for the name of a
1845: timezone.
1.106 kleink 1846: .It Li USER_ATEXIT_MAX
1.141 enami 1847: The maximum number of functions that may be registered with
1.106 kleink 1848: .Xr atexit 3 .
1.1 cgd 1849: .El
1850: .Sh CTL_VM
1851: The string and integer information available for the CTL_VM level
1852: is detailed below.
1853: The changeable column shows whether a process with appropriate
1854: privilege may change the value.
1855: .Bl -column "Second level nameXXXXXX" "struct loadavgXXX" -offset indent
1.118 wiz 1856: .It Sy Second level name Type Changeable
1.81 chs 1857: .It VM\_ANONMAX int yes
1858: .It VM\_ANONMIN int yes
1.140 daniel 1859: .It VM\_BUFCACHE int yes
1860: .It VM\_BUFMEM int no
1.162 elad 1861: .It VM\_BUFMEM_HIWATER int yes
1.140 daniel 1862: .It VM\_BUFMEM_LOWATER int yes
1.81 chs 1863: .It VM\_EXECMAX int yes
1864: .It VM\_EXECMIN int yes
1865: .It VM\_FILEMAX int yes
1866: .It VM\_FILEMIN int yes
1.1 cgd 1867: .It VM\_LOADAVG struct loadavg no
1.81 chs 1868: .It VM\_MAXSLP int no
1.1 cgd 1869: .It VM\_METER struct vmtotal no
1.81 chs 1870: .It VM\_NKMEMPAGES int no
1871: .It VM\_USPACE int no
1872: .It VM\_UVMEXP struct uvmexp no
1873: .It VM\_UVMEXP2 struct uvmexp_sysctl no
1.1 cgd 1874: .El
1875: .Pp
1876: .Bl -tag -width "123456"
1.81 chs 1877: .It Li VM_ANONMAX
1878: The percentage of physical memory which will be reclaimed
1879: from other types of memory usage to store anonymous application data.
1880: .It Li VM_ANONMIN
1881: The percentage of physical memory which will be always be available for
1882: anonymous application data.
1.140 daniel 1883: .It Li VM_BUFCACHE
1884: The percentage of kernel memory which will be available
1885: for the buffer cache.
1886: .It Li VM_BUFMEM
1887: The amount of kernel memory that is being used by the buffer cache.
1888: .It Li VM_BUFMEM_LOWATER
1889: The minimum amount of kernel memory to reserve for the
1890: buffer cache.
1891: .It Li VM_BUFMEM_HIWATER
1.141 enami 1892: The maximum amount of kernel memory to be used for the
1.140 daniel 1893: buffer cache.
1.81 chs 1894: .It Li VM_EXECMAX
1895: The percentage of physical memory which will be reclaimed
1896: from other types of memory usage to store cached executable data.
1897: .It Li VM_EXECMIN
1898: The percentage of physical memory which will be always be available for
1899: cached executable data.
1900: .It Li VM_FILEMAX
1901: The percentage of physical memory which will be reclaimed
1902: from other types of memory usage to store cached file data.
1903: .It Li VM_FILEMIN
1904: The percentage of physical memory which will be always be available for
1905: cached file data.
1.1 cgd 1906: .It Li VM_LOADAVG
1907: Return the load average history.
1908: The returned data consists of a
1909: .Va struct loadavg .
1.81 chs 1910: .It Li VM_MAXSLP
1911: The value of the maxslp kernel global variable.
1.1 cgd 1912: .It Li VM_METER
1.81 chs 1913: Return system wide virtual memory statistics.
1.1 cgd 1914: The returned data consists of a
1915: .Va struct vmtotal .
1.81 chs 1916: .It Li VM_USPACE
1917: The number of bytes allocated for each kernel stack.
1918: .It Li VM_UVMEXP
1919: Return system wide virtual memory statistics.
1920: The returned data consists of a
1921: .Va struct uvmexp .
1922: .It Li VM_UVMEXP2
1923: Return system wide virtual memory statistics.
1924: The returned data consists of a
1925: .Va struct uvmexp_sysctl .
1.1 cgd 1926: .El
1.12 thorpej 1927: .Sh CTL_DDB
1928: The integer information available for the CTL_DDB level is detailed below.
1929: The changeable column shows whether a process with appropriate
1930: privilege may change the value.
1931: .Bl -column "DBCTL_TABSTOPSXXX" "integerXXX" -offset indent
1.118 wiz 1932: .It Sy Second level name Type Changeable
1.12 thorpej 1933: .It DBCTL\_RADIX integer yes
1934: .It DBCTL\_MAXOFF integer yes
1935: .It DBCTL\_LINES integer yes
1936: .It DBCTL\_TABSTOPS integer yes
1937: .It DBCTL\_ONPANIC integer yes
1.40 jdolecek 1938: .It DBCTL\_FROMCONSOLE integer yes
1.12 thorpej 1939: .El
1940: .Pp
1941: .Bl -tag -width "123456"
1942: .It Li DBCTL_RADIX
1943: The input and output radix.
1944: .It Li DBCTL_MAXOFF
1945: The maximum symbol offset.
1946: .It Li DBCTL_LINES
1947: Number of display lines.
1948: .It Li DBCTL_TABSTOPS
1949: Tab width.
1950: .It Li DBCTL_ONPANIC
1951: If non-zero, DDB will be entered when the kernel panics.
1.40 jdolecek 1952: .It Li DBCTL_FROMCONSOLE
1953: If not zero, DDB may be entered by sending a break on a serial
1954: console or by a special key sequence on a graphics console.
1.12 thorpej 1955: .El
1956: .Pp
1.98 wiz 1957: These MIB nodes are also available as variables from within the DDB.
1958: See
1.12 thorpej 1959: .Xr ddb 4
1960: for more details.
1.155 elad 1961: .Sh CTL_SECURITY
1962: The security level contains various security-related settings for
1963: the system. Available settings are detailed below.
1964: .Pp
1965: .Bl -tag -width "123456"
1.165 ! elad 1966: .It Li security.curtain
1.155 elad 1967: If non-zero, will filter return objects according to the user-id
1968: requesting information about them, preventing from users any
1969: access to objects they don't own.
1970: .Pp
1971: At the moment, it affects
1.156 wiz 1972: .Xr ps 1 ,
1.155 elad 1973: .Xr netstat 1
1974: (for
1.156 wiz 1975: .Dv PF_INET ,
1976: .Dv PF_INET6 ,
1.155 elad 1977: and
1.156 wiz 1978: .Dv PF_UNIX
1.155 elad 1979: PCBs), and
1980: .Xr w 1 .
1.165 ! elad 1981: .It Li security.setid_core
! 1982: Settings related to set-id processes coredumps.
! 1983: By default, set-id processes do not dump core in situations where
! 1984: other processes would.
! 1985: The settings in this node allows an administrator to change this
! 1986: behavior.
! 1987: .Pp
! 1988: .Bl -tag -width "123456"
! 1989: .It Li security.setid_core.dump
! 1990: If non-zero, set-id processes will dump core.
! 1991: .It Li security.setid_core.group
! 1992: The group-id for the set-id processes' coredump.
! 1993: .It Li security.setid_core.mode
! 1994: The mode for the set-id processes' coredump.
! 1995: See
! 1996: .Xr chmod 1 .
! 1997: .It Li security.setid_core.owner
! 1998: The user-id that will be used as the owner of the set-id processes'
! 1999: coredump.
! 2000: .It Li security.setid_core.path
! 2001: The path to which set-id processes' coredumps will be saved to.
! 2002: Same syntax as kern.defcorename.
! 2003: .El
1.155 elad 2004: .El
1.72 hubertf 2005: .Sh CTL_VENDOR
2006: The "vendor" toplevel name is reserved to be used by vendors who wish to
1.98 wiz 2007: have their own private MIB tree.
2008: Intended use is to store values under
1.89 ross 2009: .Dq vendor.\*[Lt]yourname\*[Gt].* .
1.128 atatat 2010: .Sh DYNAMIC OPERATIONS
2011: Several meta-identifiers are provided to perform operations on the
2012: .Nm
2013: tree itself, or support alternate means of accessing the data
2014: instrumented by the
2015: .Nm
2016: tree.
1.130 atatat 2017: .Bl -column CTLXCREATESYMXXX
1.128 atatat 2018: .It Sy Name Description
2019: .It CTL\_QUERY Retrieve a mapping of names to numbers below a given node
2020: .It CTL\_CREATE Create a new node
2021: .It CTL\_CREATESYM Create a new node by its kernel symbol
2022: .It CTL\_DESTROY Destroy a node
1.132 atatat 2023: .It CTL\_DESCRIBE Retrieve node descriptions
1.128 atatat 2024: .El
2025: .Pp
2026: The core interface to all of these meta-functions is the structure
2027: that the kernel uses to describe the tree internally, as defined in
1.129 wiz 2028: .Aq Pa sys/sysctl.h
1.128 atatat 2029: as:
2030: .Pp
2031: .Bd -literal
2032: struct sysctlnode {
1.132 atatat 2033: uint32_t sysctl_flags; /* flags and type */
2034: int32_t sysctl_num; /* mib number */
1.128 atatat 2035: char sysctl_name[SYSCTL_NAMELEN]; /* node name */
1.132 atatat 2036: uint32_t sysctl_ver; /* node's version vs. rest of tree */
2037: uint32_t __rsvd;
1.128 atatat 2038: union {
2039: struct {
1.132 atatat 2040: uint32_t suc_csize; /* size of child node array */
2041: uint32_t suc_clen; /* number of valid children */
2042: struct sysctlnode* suc_child; /* array of child nodes */
2043: } scu_child;
2044: struct {
2045: void *sud_data; /* pointer to external data */
2046: size_t sud_offset; /* offset to data */
2047: } scu_data;
2048: int32_t scu_alias; /* node this node refers to */
2049: int32_t scu_idata; /* immediate "int" data */
1.128 atatat 2050: u_quad_t scu_qdata; /* immediate "u_quad_t" data */
2051: } sysctl_un;
1.132 atatat 2052: size_t _sysctl_size; /* size of instrumented data */
2053: sysctlfn _sysctl_func; /* access helper function */
1.128 atatat 2054: struct sysctlnode *sysctl_parent; /* parent of this node */
1.132 atatat 2055: const char *sysctl_desc; /* description of node */
1.128 atatat 2056: };
2057:
1.132 atatat 2058: #define sysctl_csize sysctl_un.scu_child.suc_csize
2059: #define sysctl_clen sysctl_un.scu_child.suc_clen
2060: #define sysctl_child sysctl_un.scu_child.suc_child
2061: #define sysctl_data sysctl_un.scu_data.sud_data
2062: #define sysctl_offset sysctl_un.scu_data.sud_offset
2063: #define sysctl_alias sysctl_un.scu_alias
2064: #define sysctl_idata sysctl_un.scu_idata
2065: #define sysctl_qdata sysctl_un.scu_qdata
1.128 atatat 2066: .Ed
2067: .Pp
2068: Querying the tree to discover the name to number mapping permits
2069: dynamic discovery of all the data that the tree currently has
2070: instrumented.
2071: For example, to discover all the nodes below the
2072: CTL_VFS node:
2073: .Pp
2074: .Bd -literal -offset indent -compact
1.132 atatat 2075: struct sysctlnode query, vfs[128];
1.128 atatat 2076: int mib[2];
2077: size_t len;
2078: .sp
2079: mib[0] = CTL_VFS;
2080: mib[1] = CTL_QUERY;
1.133 snj 2081: memset(\*[Am]query, 0, sizeof(query));
1.132 atatat 2082: query.sysctl_flags = SYSCTL_VERSION;
1.128 atatat 2083: len = sizeof(vfs);
1.132 atatat 2084: sysctl(mib, 2, \*[Am]vfs[0], \*[Am]len, \*[Am]query, sizeof(query));
1.128 atatat 2085: .Ed
2086: .Pp
1.132 atatat 2087: Note that a reference to an empty node with
2088: .Fa sysctl_flags
2089: set to
2090: .Dv SYSCTL_VERSION
2091: is passed to sysctl in order to indicate the version that the program
2092: is using.
2093: All dynamic operations passing nodes into sysctl require that the
2094: version be explicitly specified.
2095: .Pp
1.128 atatat 2096: Creation and destruction of nodes works by constructing part of a new
2097: node description (or a description of the existing node) and invoking
2098: CTL_CREATE (or CTL_CREATESYM) or CTL_DESTROY at the parent of the new
2099: node, with a pointer to the new node passed via the
2100: .Fa new
2101: and
2102: .Fa newlen
2103: arguments.
2104: If valid values for
2105: .Fa old
2106: and
2107: .Fa oldlenp
2108: are passed, a copy of the new node once in the tree will be returned.
2109: If the create operation fails because a node with the same name or MIB
2110: number exists, a copy of the conflicting node will be returned.
2111: .Pp
2112: The minimum requirements for creating a node are setting the
2113: .Fa sysctl_flags
2114: to indicate the new node's type,
2115: .Fa sysctl_num
2116: to either the new node's number (or CTL_CREATE or CTL_CREATESYM if a
2117: dynamically allocated MIB number is acceptable),
2118: .Fa sysctl_size
2119: to the size of the data to be instrumented (which must agree with the
2120: given type), and
2121: .Fa sysctl_name
2122: must be set to the new node's name.
2123: Nodes that are not of type
2124: .Dq node
2125: must also have some description of the data to be instrumented, which
2126: will vary depending on what is to be instrumented.
2127: .Pp
2128: If existing kernel data is to be covered by this new node, its address
2129: should be given in
2130: .Fa sysctl_data
2131: or, if CTL_CREATESYM is used,
2132: .Fa sysctl_data
2133: should be set to a string containing its name from the kernel's symbol
2134: table.
2135: If new data is to be instrumented and an initial value is available,
2136: the new integer or quad type data should be placed into either
2137: .Fa sysctl_idata
2138: or
2139: .Fa sysctl_qdata ,
2140: respectively, along with the SYSCTL_IMMEDIATE flag being set, or
2141: .Fa sysctl_data
2142: should be set to point to a copy of the new data, and the
2143: SYSCTL_OWNDATA flag must be set.
2144: This latter method is the only way that new string and struct type
2145: nodes can be initialized.
2146: Invalid kernel addresses are accepted, but any attempt to access those
2147: nodes will return an error.
2148: .Pp
2149: The
2150: .Fa sysctl_csize ,
2151: .Fa sysctl_clen ,
2152: .Fa sysctl_child ,
2153: .Fa sysctl_parent ,
2154: and
2155: .Fa sysctl_alias
2156: members are used by the kernel to link the tree together and must be
1.129 wiz 2157: .Dv NULL
2158: or 0.
1.128 atatat 2159: Nodes created in this manner cannot have helper functions, so
2160: .Fa sysctl_func
1.129 wiz 2161: must also be
2162: .Dv NULL .
1.128 atatat 2163: If the
2164: .Fa sysctl_ver
2165: member is non-zero, it must match either the version of the parent or
2166: the version at the root of the MIB or an error is returned.
2167: This can be used to ensure that nodes are only added or removed from a
2168: known state of the tree.
2169: Note: It may not be possible to determine the version at the root
2170: of the tree.
2171: .Pp
2172: This example creates a new subtree and adds a node to it that controls the
2173: .Fa audiodebug
2174: kernel variable, thereby making it tunable at at any time, without
2175: needing to use
2176: .Xr ddb 4
2177: or
2178: .Xr kvm 3
2179: to alter the kernel's memory directly.
2180: .Pp
2181: .Bd -literal -offset indent -compact
2182: struct sysctlnode node;
2183: int mib[2];
2184: size_t len;
2185: .sp
2186: mib[0] = CTL_CREATE; /* create at top-level */
2187: len = sizeof(node);
2188: memset(\*[Am]node, 0, len);
1.132 atatat 2189: node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_NODE;
1.128 atatat 2190: snprintf(node.sysctl_name, sizeof(node.sysctl_name), "local");
2191: node.sysctl_num = CTL_CREATE; /* request dynamic MIB number */
2192: sysctl(\*[Am]mib[0], 1, \*[Am]node, \*[Am]len, \*[Am]node, len);
2193: .sp
2194: mib[0] = node.sysctl_num; /* use new MIB number */
2195: mib[1] = CTL_CREATESYM; /* create at second level */
2196: len = sizeof(node);
2197: memset(\*[Am]node, 0, len);
1.132 atatat 2198: node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_INT;
1.128 atatat 2199: snprintf(node.sysctl_name, sizeof(node.sysctl_name), "audiodebug");
2200: node.sysctl_num = CTL_CREATE;
2201: node.sysctl_data = "audiodebug"; /* kernel symbol to be used */
2202: sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len);
2203: .Ed
2204: .Pp
1.129 wiz 2205: The process for deleting nodes is similar, but less data needs to
1.128 atatat 2206: be supplied.
2207: Only the
2208: .Fa sysctl_num
2209: field
2210: needs to be filled in; almost all other fields must be left blank.
2211: The
2212: .Fa sysctl_name
2213: and/or
2214: .Fa sysctl_ver
2215: fields can be filled in with the name and version of the existing node
2216: as additional checks on what will be deleted.
2217: If all the given data fail to match any node, nothing will be deleted.
2218: If valid values for
2219: .Fa old
2220: and
2221: .Fa oldlenp
2222: are supplied and a node is deleted, a copy of what was in the MIB tree
2223: will be returned.
2224: .Pp
2225: This sample code shows the deletion of the two nodes created in the
2226: above example:
2227: .Pp
2228: .Bd -literal -offset indent -compact
2229: int mib[2];
2230: .sp
2231: len = sizeof(node);
2232: memset(\*[Am]node, 0, len);
1.132 atatat 2233: node.sysctl_flags = SYSCTL_VERSION;
1.128 atatat 2234: .sp
2235: mib[0] = 3214; /* assumed number for "local" */
2236: mib[1] = CTL_DESTROY;
2237: node.sysctl_num = 3215; /* assumed number for "audiodebug" */
2238: sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len);
2239: .sp
2240: mib[0] = CTL_DESTROY;
2241: node.sysctl_num = 3214; /* now deleting "local" */
2242: sysctl(\*[Am]mib[0], 1, NULL, NULL, \*[Am]node, len);
2243: .Ed
1.130 atatat 2244: .Pp
1.132 atatat 2245: Descriptions of each of the nodes can also be retrieved, if they are
2246: available.
2247: Descriptions can be retrieved in bulk at each level or on a per-node
2248: basis.
2249: The layout of the buffer into which the descriptions are returned is a
2250: series of variable length structures, each of which describes its own
2251: size.
2252: The length indicated includes the terminating
2253: .Sq nul
2254: character.
2255: Nodes that have no description or where the description is not
2256: available are indicated by an empty string.
2257: The
2258: .Fa descr_ver
2259: will match the
2260: .Fa sysctl_ver
2261: value for a given node, so that descriptions for nodes whose number
2262: have been recycled can be detected and ignored or discarded.
2263: .Pp
2264: .Bd -literal
2265: struct sysctldesc {
2266: int32_t descr_num; /* mib number of node */
2267: uint32_t descr_ver; /* version of node */
2268: uint32_t descr_len; /* length of description string */
2269: char descr_str[1]; /* not really 1...see above */
2270: };
2271: .Ed
2272: .Pp
2273: The
2274: .Fn NEXT_DESCR
2275: macro can be used to skip to the next description in the retrieved
2276: list.
2277: .Pp
2278: .Bd -literal -offset indent -compact
2279: struct sysctlnode desc;
2280: struct sysctldesc *d;
2281: char buf[1024];
2282: int mib[2];
2283: size_t len;
2284: .sp
2285: /* retrieve kern-level descriptions */
2286: mib[0] = CTL_KERN;
2287: mib[1] = CTL_DESCRIBE;
2288: d = (struct sysctldesc *)\*[Am]buf[0];
2289: len = sizeof(buf);
2290: sysctl(mib, 2, d, \*[Am]len, NULL, 0);
1.133 snj 2291: while ((caddr_t)d \*[Lt] (caddr_t)\*[Am]buf[len]) {
2292: printf("node %d: %.*s\\n", d-\*[Gt]descr_num, d-\*[Gt]descr_len,
2293: d-\*[Gt]descr_str);
1.132 atatat 2294: d = NEXT_DESCR(d);
2295: }
2296: .sp
2297: /* retrieve description for kern.securelevel */
2298: memset(\*[Am]desc, 0, sizeof(desc));
2299: desc.sysctl_flags = SYSCTL_VERSION;
2300: desc.sysctl_num = KERN_SECURELEVEL;
2301: d = (struct sysctldesc *)\*[Am]buf[0];
2302: len = sizeof(buf);
2303: sysctl(mib, 2, d, \*[Am]len, \*[Am]desc, sizeof(desc));
1.133 snj 2304: printf("kern.securelevel: %.*s\\n", d-\*[Gt]descr_len, d-\*[Gt]descr_str);
1.132 atatat 2305: .Ed
2306: .Pp
2307: Descriptions can also be set as follows, subject to the following rules:
2308: .Pp
2309: .Bl -bullet -compact
2310: .It
2311: The kernel securelevel is at zero or lower
2312: .It
2313: The caller has super-user privileges
2314: .It
2315: The node does not currently have a description
2316: .It
2317: The node is not marked as
2318: .Dq permanent
2319: .El
2320: .Pp
2321: .Bd -literal -offset indent -compact
2322: struct sysctlnode desc;
2323: int mib[2];
2324: .sp
2325: /* presuming the given top-level node was just added... */
2326: mib[0] = 3214; /* mib numbers taken from previous examples */
2327: mib[1] = CTL_DESCRIBE;
2328: memset(\*[Am]desc, 0, sizeof(desc));
2329: desc.sysctl_flags = SYSCTL_VERSION;
2330: desc.sysctl_num = 3215;
2331: desc.sysctl_desc = "audio debug control knob";
2332: sysctl(mib, 2, NULL, NULL, \*[Am]desc, sizeof(desc));
2333: .Ed
2334: .Pp
1.141 enami 2335: Upon successfully setting a description, the new description will be
1.132 atatat 2336: returned in the space indicated by the
2337: .Fa oldp
1.133 snj 2338: and
1.132 atatat 2339: .Fa oldlenp
2340: arguments.
1.133 snj 2341: .Pp
1.130 atatat 2342: The
2343: .Fa sysctl_flags
1.132 atatat 2344: field in the struct sysctlnode contains the sysctl version, node type
2345: information, and a number of flags.
1.130 atatat 2346: The macros
1.132 atatat 2347: .Fn SYSCTL_VERS ,
2348: .Fn SYSCTL_TYPE ,
1.130 atatat 2349: and
2350: .Fn SYSCTL_FLAGS
2351: can be used to access the different fields.
2352: Valid flags are:
1.132 atatat 2353: .Bl -column CTLFLAGXPERMANENTXXX
1.130 atatat 2354: .It Sy Name Description
1.132 atatat 2355: .It CTLFLAG\_READONLY Node is read-only
2356: .It CTLFLAG\_READONLY1 Node becomes read-only at securelevel 1
2357: .It CTLFLAG\_READONLY2 Node becomes read-only at securelevel 2
2358: .It CTLFLAG\_READWRITE Node is writable by the superuser
2359: .It CTLFLAG\_ANYWRITE Node is writable by anyone
2360: .It CTLFLAG\_PRIVATE Node is readable only by the superuser
2361: .It CTLFLAG\_PERMANENT Node cannot be removed (cannot be set by
1.130 atatat 2362: processes)
1.132 atatat 2363: .It CTLFLAG\_OWNDATA Node owns data and does not instrument
1.130 atatat 2364: existing data
1.132 atatat 2365: .It CTLFLAG\_IMMEDIATE Node contains instrumented data and does not
1.130 atatat 2366: instrument existing data
1.132 atatat 2367: .It CTLFLAG\_HEX Node's contents should be displayed in a hexadecimal
1.130 atatat 2368: form
1.132 atatat 2369: .It CTLFLAG\_ROOT Node is the root of a tree (cannot be set at
1.130 atatat 2370: any time)
1.132 atatat 2371: .It CTLFLAG\_ANYNUMBER Node matches any MIB number (cannot be set by
1.130 atatat 2372: processes)
1.132 atatat 2373: .It CTLFLAG\_HIDDEN Node not displayed by default
2374: .It CTLFLAG\_ALIAS Node refers to a sibling node (cannot be set
1.130 atatat 2375: by processes)
1.132 atatat 2376: .It CTLFLAG\_OWNDESC Node owns its own description string space
1.130 atatat 2377: .El
1.1 cgd 2378: .Sh RETURN VALUES
2379: If the call to
1.25 fair 2380: .Nm
1.20 perry 2381: is successful, the number of bytes copied out is returned.
1.1 cgd 2382: Otherwise \-1 is returned and
2383: .Va errno
2384: is set appropriately.
1.78 wiz 2385: .Sh FILES
1.87 ross 2386: .Bl -tag -width \*[Lt]netinet6/udp6Xvar.h\*[Gt] -compact
1.118 wiz 2387: .It Aq Pa sys/sysctl.h
1.78 wiz 2388: definitions for top level identifiers, second level kernel and hardware
2389: identifiers, and user level identifiers
1.118 wiz 2390: .It Aq Pa sys/socket.h
1.78 wiz 2391: definitions for second level network identifiers
1.118 wiz 2392: .It Aq Pa sys/gmon.h
1.78 wiz 2393: definitions for third level profiling identifiers
1.118 wiz 2394: .It Aq Pa uvm/uvm_param.h
1.78 wiz 2395: definitions for second level virtual memory identifiers
1.118 wiz 2396: .It Aq Pa netinet/in.h
1.78 wiz 2397: definitions for third level IPv4/v6 identifiers and
2398: fourth level IPv4/v6 identifiers
1.118 wiz 2399: .It Aq Pa netinet/icmp_var.h
1.78 wiz 2400: definitions for fourth level ICMP identifiers
1.118 wiz 2401: .It Aq Pa netinet/icmp6.h
1.78 wiz 2402: definitions for fourth level ICMPv6 identifiers
1.118 wiz 2403: .It Aq Pa netinet/tcp_var.h
1.78 wiz 2404: definitions for fourth level TCP identifiers
1.118 wiz 2405: .It Aq Pa netinet/udp_var.h
1.78 wiz 2406: definitions for fourth level UDP identifiers
1.118 wiz 2407: .It Aq Pa netinet6/udp6_var.h
1.78 wiz 2408: definitions for fourth level IPv6 UDP identifiers
1.118 wiz 2409: .It Aq Pa netinet6/ipsec.h
1.78 wiz 2410: definitions for fourth level IPsec identifiers
1.118 wiz 2411: .It Aq Pa netkey/key_var.h
1.93 itojun 2412: definitions for third level PF_KEY identifiers
1.128 atatat 2413: .It Aq Pa machine/cpu.h
2414: definitions for second level machdep identifiers
1.78 wiz 2415: .El
1.1 cgd 2416: .Sh ERRORS
2417: The following errors may be reported:
2418: .Bl -tag -width Er
2419: .It Bq Er EFAULT
2420: The buffer
2421: .Fa name ,
2422: .Fa oldp ,
2423: .Fa newp ,
2424: or length pointer
2425: .Fa oldlenp
1.128 atatat 2426: contains an invalid address, or the requested value is temporarily
2427: unavailable.
1.1 cgd 2428: .It Bq Er EINVAL
2429: The
2430: .Fa name
1.128 atatat 2431: array is zero or greater than CTL_MAXNAME.
1.1 cgd 2432: .It Bq Er EINVAL
2433: A non-null
2434: .Fa newp
2435: is given and its specified length in
2436: .Fa newlen
1.128 atatat 2437: is too large or too small, or the given value is not acceptable for
2438: the given node.
1.1 cgd 2439: .It Bq Er ENOMEM
2440: The length pointed to by
2441: .Fa oldlenp
2442: is too short to hold the requested value.
1.128 atatat 2443: .It Bq Er EISDIR
2444: The
2445: .Fa name
2446: array specifies an intermediate rather than terminal name.
1.1 cgd 2447: .It Bq Er ENOTDIR
2448: The
2449: .Fa name
1.128 atatat 2450: array specifies a node below a node that addresses data.
2451: .It Bq Er ENOENT
2452: The
2453: .Fa name
2454: array specifies a node that does not exist in the tree.
2455: .It Bq Er ENOENT
2456: An attempt was made to destroy a node that does not exist, or to
2457: create or destroy a node below a node that does not exist.
2458: .It Bq Er ENOTEMPTY
2459: An attempt was made to destroy a node that still has children.
1.1 cgd 2460: .It Bq Er EOPNOTSUPP
2461: The
2462: .Fa name
1.128 atatat 2463: array specifies a value that is unknown or a meta-operation was
2464: attempted that the requested node does not support.
1.1 cgd 2465: .It Bq Er EPERM
2466: An attempt is made to set a read-only value.
2467: .It Bq Er EPERM
1.128 atatat 2468: A process without appropriate privilege attempts to set a value or to
2469: create or destroy a node.
1.8 thorpej 2470: .It Bq Er EPERM
2471: An attempt to change a value protected by the current kernel security
2472: level is made.
1.1 cgd 2473: .El
2474: .Sh SEE ALSO
1.60 enami 2475: .Xr ipsec 4 ,
1.124 jhawk 2476: .Xr tcp 4 ,
1.131 wiz 2477: .Xr sysctl 8
2478: .\" .Xr sysctl 9
1.1 cgd 2479: .Sh HISTORY
2480: The
1.25 fair 2481: .Nm
1.21 perry 2482: function first appeared in
2483: .Bx 4.4 .
CVSweb <webmaster@jp.NetBSD.org>