version 1.95, 2015/11/23 23:23:25 |
version 1.105, 2017/01/01 23:59:19 |
|
|
.\" |
.\" |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" |
.\" |
.Dd November 24, 2015 |
.Dd November 17, 2016 |
.Dt SYSCTL 7 |
.Dt SYSCTL 7 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
Line 315 privilege may change the value. |
|
Line 315 privilege may change the value. |
|
.It kern.maxproc integer yes |
.It kern.maxproc integer yes |
.It kern.maxptys integer yes |
.It kern.maxptys integer yes |
.It kern.maxvnodes integer yes |
.It kern.maxvnodes integer yes |
|
.It kern.messages integer yes |
.It kern.mbuf node not applicable |
.It kern.mbuf node not applicable |
.It kern.memlock integer no |
.It kern.memlock integer no |
.It kern.memlock_range integer no |
.It kern.memlock_range integer no |
|
|
.Vt struct timeval |
.Vt struct timeval |
structure is returned. |
structure is returned. |
This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
|
.It Li kern.bufq |
|
This variable contains information on the |
|
.Xr bufq 9 |
|
subsystem. |
|
Currently, the only third level name implemented is |
|
.Dv kern.bufq.strategies |
|
which provides a list of buffer queue strategies currently available. |
.It Li kern.buildinfo |
.It Li kern.buildinfo |
When the kernel is built, the build environment may optionally provide |
When the kernel is built, the build environment may optionally provide |
arbitrary information to be stored in this variable. |
arbitrary information to be stored in this variable. |
.\" .It Li kern.bufq |
|
.\" XXX: Undocumented. |
|
.It Li kern.ccpu ( Dv KERN_CCPU ) |
.It Li kern.ccpu ( Dv KERN_CCPU ) |
The scheduler exponential decay value. |
The scheduler exponential decay value. |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
Line 456 Mapping of CPU number to CPU id. |
|
Line 462 Mapping of CPU number to CPU id. |
|
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
Returns an array of |
Returns an array of |
.Dv CPUSTATES |
.Dv CPUSTATES |
.Vt uint64_t Ns s. |
.Vt uint64_t Ns s . |
This array contains the |
This array contains the |
number of clock ticks spent in different CPU states. |
number of clock ticks spent in different CPU states. |
On multi-processor systems, the sum across all CPUs is returned unless |
On multi-processor systems, the sum across all CPUs is returned unless |
|
|
Returns the number of |
Returns the number of |
.Xr hardclock 9 |
.Xr hardclock 9 |
ticks. |
ticks. |
|
.It Li kern.hist |
|
This variable contains kernel history data if the kernel was |
|
configured for any of the options |
|
.Dv UVHMIST , |
|
.Dv USB_DEBUG , |
|
.Dv BIOHIST , |
|
or |
|
.Dv SCDEBUG . |
|
(See |
|
.Xr options 4 |
|
for more details.) |
|
The third-level names correspond to each available history table. |
|
The values of the history tables are in an internal format, and can be |
|
decoded by the |
|
.Xr vmstat 1 |
|
utility's |
|
.Dv -U |
|
and |
|
.Dv u |
|
options; |
|
the -l option can be used to see which tables are available. |
.It Li kern.hostid ( Dv KERN_HOSTID ) |
.It Li kern.hostid ( Dv KERN_HOSTID ) |
Get or set the host identifier. |
Get or set the host identifier. |
This is aimed to replace the legacy |
This is aimed to replace the legacy |
Line 739 Returns 1 if the |
|
Line 766 Returns 1 if the |
|
.St -p1003.1b-93 |
.St -p1003.1b-93 |
Memory Protection Option is available on this system, |
Memory Protection Option is available on this system, |
otherwise\ 0. |
otherwise\ 0. |
|
.It Li kern.messages |
|
Kernel console message verbosity. |
|
See |
|
.Sy \<sys/reboot.h\> |
|
.Bl -column "verbosity" "setting" -offset indent |
|
.It Sy Verbosity Setting |
|
.It \ \ \ \ 0 Silent Sy AB_SILENT |
|
.It \ \ \ \ 1 Quiet Sy AB_QUIET |
|
.It \ \ \ \ 2 Normal Sy AB_NORMAL |
|
.It \ \ \ \ 3 Verbose Sy AB_VERBOSE |
|
.It \ \ \ \ 4 Debug Sy AB_DEBUG |
|
.El |
.It Li kern.module |
.It Li kern.module |
Settings related to kernel modules. |
Settings related to kernel modules. |
The third level names for the settings are described below. |
The third level names for the settings are described below. |
Line 1229 The currently defined protocols and name |
|
Line 1268 The currently defined protocols and name |
|
.It arp log_permanent_modify integer yes |
.It arp log_permanent_modify integer yes |
.It arp log_unknown_network integer yes |
.It arp log_unknown_network integer yes |
.It arp log_wrong_iface integer yes |
.It arp log_wrong_iface integer yes |
.It arp prune integer yes |
|
.It arp refresh integer yes |
|
.It carp allow integer yes |
.It carp allow integer yes |
.It carp preempt integer yes |
.It carp preempt integer yes |
.It carp log integer yes |
.It carp log integer yes |
Line 1247 The currently defined protocols and name |
|
Line 1284 The currently defined protocols and name |
|
.It ip anonportmax integer yes |
.It ip anonportmax integer yes |
.It ip anonportmin integer yes |
.It ip anonportmin integer yes |
.It ip checkinterface integer yes |
.It ip checkinterface integer yes |
|
.It ip dad_count integer yes |
.It ip directed-broadcast integer yes |
.It ip directed-broadcast integer yes |
.It ip do_loopback_cksum integer yes |
.It ip do_loopback_cksum integer yes |
.It ip forwarding integer yes |
.It ip forwarding integer yes |
Line 1312 The variables are as follows: |
|
Line 1350 The variables are as follows: |
|
Failed ARP entry lifetime. |
Failed ARP entry lifetime. |
.It Li arp.keep |
.It Li arp.keep |
Valid ARP entry lifetime. |
Valid ARP entry lifetime. |
.It Li arp.prune |
|
ARP cache pruning interval. |
|
.It Li arp.refresh |
|
ARP entry refresh interval. |
|
.It Li carp.allow |
.It Li carp.allow |
If set to 0, incoming |
If set to 0, incoming |
.Xr carp 4 |
.Xr carp 4 |
Line 1368 Currently, this must be disabled if ipna |
|
Line 1402 Currently, this must be disabled if ipna |
|
destination address to another local interface, or if addresses |
destination address to another local interface, or if addresses |
are added to the loopback interface instead of the interface where |
are added to the loopback interface instead of the interface where |
the packets for those packets are received. |
the packets for those packets are received. |
|
.It Li ip.dad_count |
|
The number of |
|
.Xr arp 4 |
|
probes sent for Address Conflict Detection. |
|
Set to 0 to disable this. |
.It Li ip.directed-broadcast |
.It Li ip.directed-broadcast |
If set to 1, enables directed broadcast behavior for the host. |
If set to 1, enables directed broadcast behavior for the host. |
.It Li ip.do_loopback_cksum |
.It Li ip.do_loopback_cksum |
Line 1619 The currently defined protocols and name |
|
Line 1658 The currently defined protocols and name |
|
.It icmp6 rediraccept integer yes |
.It icmp6 rediraccept integer yes |
.It icmp6 redirtimeout integer yes |
.It icmp6 redirtimeout integer yes |
.It ip6 accept_rtadv integer yes |
.It ip6 accept_rtadv integer yes |
|
.It ip6 addctlpolicy struct in6_addrpolicy no |
.It ip6 anonportalgo.selected string yes |
.It ip6 anonportalgo.selected string yes |
.It ip6 anonportalgo.available string yes |
.It ip6 anonportalgo.available string yes |
.It ip6 anonportalgo.reserve struct yes |
.It ip6 anonportalgo.reserve struct yes |
Line 1774 The maximum number of fragments the node |
|
Line 1814 The maximum number of fragments the node |
|
\-1 means that the node will accept as many fragments as it receives. |
\-1 means that the node will accept as many fragments as it receives. |
The flag is provided basically for avoiding possible DoS attacks. |
The flag is provided basically for avoiding possible DoS attacks. |
.It Li ip6.neighborgcthresh |
.It Li ip6.neighborgcthresh |
Maximum number of entries in neighbor cache. |
Maximum number of entries in neighbor cache per interface. |
Set to negative to disable. |
Set to negative to disable. |
The default value is 2048. |
The default value is 2048. |
.It Li ip6.redirect |
.It Li ip6.redirect |
Line 2419 The available third and fourth level nam |
|
Line 2459 The available third and fourth level nam |
|
.\".It Li security.pax.aslr.stack_len integer yes |
.\".It Li security.pax.aslr.stack_len integer yes |
.It Li security.pax.mprotect.enabled integer yes |
.It Li security.pax.mprotect.enabled integer yes |
.It Li security.pax.mprotect.global integer yes |
.It Li security.pax.mprotect.global integer yes |
|
.It Li security.pax.mprotect.ptrace integer yes |
.It Li security.pax.segvguard.enabled integer yes |
.It Li security.pax.segvguard.enabled integer yes |
.It Li security.pax.segvguard.expiry_timeout integer yes |
.It Li security.pax.segvguard.expiry_timeout integer yes |
.It Li security.pax.segvguard.global integer yes |
.It Li security.pax.segvguard.global integer yes |
Line 2466 except those exempted with |
|
Line 2507 except those exempted with |
|
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
except those specifically marked as such with |
except those specifically marked as such with |
.Xr paxctl 8 . |
.Xr paxctl 8 . |
|
.It Li security.pax.mprotect.ptrace |
|
This variable allows |
|
.Xr ptrace 2 |
|
to override PaX MPROTECT permissions. |
|
It can have the following values: |
|
.Bl -tag -width XX -compact |
|
.It 0 |
|
Does not let override any permissions. |
|
.It 1 |
|
Disables PaX MPROTECT from processes that start executing while traced (default). |
|
.It 2 |
|
Bypasses PaX MPROTECT for all processes being traced. |
|
.El |
.It Li security.pax.segvguard.enabled |
.It Li security.pax.segvguard.enabled |
Enable PaX Segvguard. |
Enable PaX Segvguard. |
.Pp |
.Pp |