| version 1.95, 2015/11/23 23:23:25 |
version 1.105, 2017/01/01 23:59:19 |
|
|
| .\" |
.\" |
| .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
| .\" |
.\" |
| .Dd November 24, 2015 |
.Dd November 17, 2016 |
| .Dt SYSCTL 7 |
.Dt SYSCTL 7 |
| .Os |
.Os |
| .Sh NAME |
.Sh NAME |
| Line 315 privilege may change the value. |
|
| Line 315 privilege may change the value. |
|
| .It kern.maxproc integer yes |
.It kern.maxproc integer yes |
| .It kern.maxptys integer yes |
.It kern.maxptys integer yes |
| .It kern.maxvnodes integer yes |
.It kern.maxvnodes integer yes |
| |
.It kern.messages integer yes |
| .It kern.mbuf node not applicable |
.It kern.mbuf node not applicable |
| .It kern.memlock integer no |
.It kern.memlock integer no |
| .It kern.memlock_range integer no |
.It kern.memlock_range integer no |
|
|
| .Vt struct timeval |
.Vt struct timeval |
| structure is returned. |
structure is returned. |
| This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
| |
.It Li kern.bufq |
| |
This variable contains information on the |
| |
.Xr bufq 9 |
| |
subsystem. |
| |
Currently, the only third level name implemented is |
| |
.Dv kern.bufq.strategies |
| |
which provides a list of buffer queue strategies currently available. |
| .It Li kern.buildinfo |
.It Li kern.buildinfo |
| When the kernel is built, the build environment may optionally provide |
When the kernel is built, the build environment may optionally provide |
| arbitrary information to be stored in this variable. |
arbitrary information to be stored in this variable. |
| .\" .It Li kern.bufq |
|
| .\" XXX: Undocumented. |
|
| .It Li kern.ccpu ( Dv KERN_CCPU ) |
.It Li kern.ccpu ( Dv KERN_CCPU ) |
| The scheduler exponential decay value. |
The scheduler exponential decay value. |
| .It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
| Line 456 Mapping of CPU number to CPU id. |
|
| Line 462 Mapping of CPU number to CPU id. |
|
| .It Li kern.cp_time ( Dv KERN_CP_TIME ) |
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
| Returns an array of |
Returns an array of |
| .Dv CPUSTATES |
.Dv CPUSTATES |
| .Vt uint64_t Ns s. |
.Vt uint64_t Ns s . |
| This array contains the |
This array contains the |
| number of clock ticks spent in different CPU states. |
number of clock ticks spent in different CPU states. |
| On multi-processor systems, the sum across all CPUs is returned unless |
On multi-processor systems, the sum across all CPUs is returned unless |
|
|
| Returns the number of |
Returns the number of |
| .Xr hardclock 9 |
.Xr hardclock 9 |
| ticks. |
ticks. |
| |
.It Li kern.hist |
| |
This variable contains kernel history data if the kernel was |
| |
configured for any of the options |
| |
.Dv UVHMIST , |
| |
.Dv USB_DEBUG , |
| |
.Dv BIOHIST , |
| |
or |
| |
.Dv SCDEBUG . |
| |
(See |
| |
.Xr options 4 |
| |
for more details.) |
| |
The third-level names correspond to each available history table. |
| |
The values of the history tables are in an internal format, and can be |
| |
decoded by the |
| |
.Xr vmstat 1 |
| |
utility's |
| |
.Dv -U |
| |
and |
| |
.Dv u |
| |
options; |
| |
the -l option can be used to see which tables are available. |
| .It Li kern.hostid ( Dv KERN_HOSTID ) |
.It Li kern.hostid ( Dv KERN_HOSTID ) |
| Get or set the host identifier. |
Get or set the host identifier. |
| This is aimed to replace the legacy |
This is aimed to replace the legacy |
| Line 739 Returns 1 if the |
|
| Line 766 Returns 1 if the |
|
| .St -p1003.1b-93 |
.St -p1003.1b-93 |
| Memory Protection Option is available on this system, |
Memory Protection Option is available on this system, |
| otherwise\ 0. |
otherwise\ 0. |
| |
.It Li kern.messages |
| |
Kernel console message verbosity. |
| |
See |
| |
.Sy \<sys/reboot.h\> |
| |
.Bl -column "verbosity" "setting" -offset indent |
| |
.It Sy Verbosity Setting |
| |
.It \ \ \ \ 0 Silent Sy AB_SILENT |
| |
.It \ \ \ \ 1 Quiet Sy AB_QUIET |
| |
.It \ \ \ \ 2 Normal Sy AB_NORMAL |
| |
.It \ \ \ \ 3 Verbose Sy AB_VERBOSE |
| |
.It \ \ \ \ 4 Debug Sy AB_DEBUG |
| |
.El |
| .It Li kern.module |
.It Li kern.module |
| Settings related to kernel modules. |
Settings related to kernel modules. |
| The third level names for the settings are described below. |
The third level names for the settings are described below. |
| Line 1229 The currently defined protocols and name |
|
| Line 1268 The currently defined protocols and name |
|
| .It arp log_permanent_modify integer yes |
.It arp log_permanent_modify integer yes |
| .It arp log_unknown_network integer yes |
.It arp log_unknown_network integer yes |
| .It arp log_wrong_iface integer yes |
.It arp log_wrong_iface integer yes |
| .It arp prune integer yes |
|
| .It arp refresh integer yes |
|
| .It carp allow integer yes |
.It carp allow integer yes |
| .It carp preempt integer yes |
.It carp preempt integer yes |
| .It carp log integer yes |
.It carp log integer yes |
| Line 1247 The currently defined protocols and name |
|
| Line 1284 The currently defined protocols and name |
|
| .It ip anonportmax integer yes |
.It ip anonportmax integer yes |
| .It ip anonportmin integer yes |
.It ip anonportmin integer yes |
| .It ip checkinterface integer yes |
.It ip checkinterface integer yes |
| |
.It ip dad_count integer yes |
| .It ip directed-broadcast integer yes |
.It ip directed-broadcast integer yes |
| .It ip do_loopback_cksum integer yes |
.It ip do_loopback_cksum integer yes |
| .It ip forwarding integer yes |
.It ip forwarding integer yes |
| Line 1312 The variables are as follows: |
|
| Line 1350 The variables are as follows: |
|
| Failed ARP entry lifetime. |
Failed ARP entry lifetime. |
| .It Li arp.keep |
.It Li arp.keep |
| Valid ARP entry lifetime. |
Valid ARP entry lifetime. |
| .It Li arp.prune |
|
| ARP cache pruning interval. |
|
| .It Li arp.refresh |
|
| ARP entry refresh interval. |
|
| .It Li carp.allow |
.It Li carp.allow |
| If set to 0, incoming |
If set to 0, incoming |
| .Xr carp 4 |
.Xr carp 4 |
| Line 1368 Currently, this must be disabled if ipna |
|
| Line 1402 Currently, this must be disabled if ipna |
|
| destination address to another local interface, or if addresses |
destination address to another local interface, or if addresses |
| are added to the loopback interface instead of the interface where |
are added to the loopback interface instead of the interface where |
| the packets for those packets are received. |
the packets for those packets are received. |
| |
.It Li ip.dad_count |
| |
The number of |
| |
.Xr arp 4 |
| |
probes sent for Address Conflict Detection. |
| |
Set to 0 to disable this. |
| .It Li ip.directed-broadcast |
.It Li ip.directed-broadcast |
| If set to 1, enables directed broadcast behavior for the host. |
If set to 1, enables directed broadcast behavior for the host. |
| .It Li ip.do_loopback_cksum |
.It Li ip.do_loopback_cksum |
| Line 1619 The currently defined protocols and name |
|
| Line 1658 The currently defined protocols and name |
|
| .It icmp6 rediraccept integer yes |
.It icmp6 rediraccept integer yes |
| .It icmp6 redirtimeout integer yes |
.It icmp6 redirtimeout integer yes |
| .It ip6 accept_rtadv integer yes |
.It ip6 accept_rtadv integer yes |
| |
.It ip6 addctlpolicy struct in6_addrpolicy no |
| .It ip6 anonportalgo.selected string yes |
.It ip6 anonportalgo.selected string yes |
| .It ip6 anonportalgo.available string yes |
.It ip6 anonportalgo.available string yes |
| .It ip6 anonportalgo.reserve struct yes |
.It ip6 anonportalgo.reserve struct yes |
| Line 1774 The maximum number of fragments the node |
|
| Line 1814 The maximum number of fragments the node |
|
| \-1 means that the node will accept as many fragments as it receives. |
\-1 means that the node will accept as many fragments as it receives. |
| The flag is provided basically for avoiding possible DoS attacks. |
The flag is provided basically for avoiding possible DoS attacks. |
| .It Li ip6.neighborgcthresh |
.It Li ip6.neighborgcthresh |
| Maximum number of entries in neighbor cache. |
Maximum number of entries in neighbor cache per interface. |
| Set to negative to disable. |
Set to negative to disable. |
| The default value is 2048. |
The default value is 2048. |
| .It Li ip6.redirect |
.It Li ip6.redirect |
| Line 2419 The available third and fourth level nam |
|
| Line 2459 The available third and fourth level nam |
|
| .\".It Li security.pax.aslr.stack_len integer yes |
.\".It Li security.pax.aslr.stack_len integer yes |
| .It Li security.pax.mprotect.enabled integer yes |
.It Li security.pax.mprotect.enabled integer yes |
| .It Li security.pax.mprotect.global integer yes |
.It Li security.pax.mprotect.global integer yes |
| |
.It Li security.pax.mprotect.ptrace integer yes |
| .It Li security.pax.segvguard.enabled integer yes |
.It Li security.pax.segvguard.enabled integer yes |
| .It Li security.pax.segvguard.expiry_timeout integer yes |
.It Li security.pax.segvguard.expiry_timeout integer yes |
| .It Li security.pax.segvguard.global integer yes |
.It Li security.pax.segvguard.global integer yes |
| Line 2466 except those exempted with |
|
| Line 2507 except those exempted with |
|
| Otherwise, all programs will not get the PaX MPROTECT restrictions, |
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
| except those specifically marked as such with |
except those specifically marked as such with |
| .Xr paxctl 8 . |
.Xr paxctl 8 . |
| |
.It Li security.pax.mprotect.ptrace |
| |
This variable allows |
| |
.Xr ptrace 2 |
| |
to override PaX MPROTECT permissions. |
| |
It can have the following values: |
| |
.Bl -tag -width XX -compact |
| |
.It 0 |
| |
Does not let override any permissions. |
| |
.It 1 |
| |
Disables PaX MPROTECT from processes that start executing while traced (default). |
| |
.It 2 |
| |
Bypasses PaX MPROTECT for all processes being traced. |
| |
.El |
| .It Li security.pax.segvguard.enabled |
.It Li security.pax.segvguard.enabled |
| Enable PaX Segvguard. |
Enable PaX Segvguard. |
| .Pp |
.Pp |
![[BACK]](/icons/back.gif){kind=icon}
Return to sysctl.7 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / share / man / man7