src/share/man/man7/sysctl.7 - diff

Return to sysctl.7 CVS log

Up to [cvs.NetBSD.org] / src / share / man / man7

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/share/man/man7/sysctl.7 between version 1.123 and 1.142

version 1.123, 2018/02/22 14:37:53

version 1.142, 2019/11/16 17:33:09

Line 29

.\"

.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95

.\"

.Dd February 22, 2018

.Dd November 14, 2019

.Dt SYSCTL 7

.Os

.Sh NAME

Line 278 privilege may change the value.

.It kern.arandom integer no

.It kern.argmax integer no

.It kern.boothowto integer no

.It kern.boottime struct timeval no

.It kern.boottime struct timespec no

.It kern.buildinfo string no

.\".It kern.bufq node not applicable

.It kern.ccpu integer no

Line 293 privilege may change the value.

.It kern.domainname string yes

.It kern.drivers struct kinfo_drivers no

.It kern.dump_on_panic integer yes

.It kern.expose_address integer yes

.It kern.file struct file no

.It kern.forkfsleep integer yes

.It kern.fscale integer no

Line 307 privilege may change the value.

Line 308 privilege may change the value.

.It kern.labelsector integer no

.It kern.login_name_max integer no

.It kern.logsigexit integer yes

.It kern.lwp struct kinfo_lwp yes

.It kern.mapped_files integer no

.It kern.maxfiles integer yes

.It kern.maxlwp integer yes

Line 358 privilege may change the value.

Line 360 privilege may change the value.

.It kern.sched node not applicable

.It kern.securelevel integer raise only

.It kern.somaxkva integer yes

.It kern.sooptions integer yes

.It kern.synchronized_io integer no

.It kern.timecounter node not applicable

.It kern.timex struct no

Line 380 the variable may be created and removed

Line 383 the variable may be created and removed

upon loading or unloading the corresponding kernel module.

.It Li kern.aio_max

The maximum number of asynchronous I/O operations.

.It Li kern.arandom

.It Li kern.arandom ( Dv KERN_ARND )

This variable picks a random number each time it is queried.

This variable returns up to 256 bytes of random data.

Multiple queries can be used to obtain an infinite amount of

non-blocking cryptographically secure random data.

The used random number generator

.Pf ( RNG )

is based on

Line 395 Flags passed from the boot loader; see

Line 400 Flags passed from the boot loader; see

for the meanings of the flags.

.It Li kern.boottime ( Dv KERN_BOOTTIME )

.Vt struct timeval

.Vt struct timespec

structure is returned.

This structure contains the time that the system was booted.

That time is defined (for this purpose) to be the time at

which the kernel first started accumulating clock ticks.

.It Li kern.bufq

This variable contains information on the

.Xr bufq 9

Line 513 field is always a NUL terminated string.

Line 520 field is always a NUL terminated string.

The

.Va d_bmajor

field will be set to \-1 if the driver doesn't have a block device.

.It Li kern.expose_address

Expose kernel addresses in

.Xr sysctl 3

calls used by

.Xr fstat 1

and

.Xr sockstat 1 .

If it is set to

.Dv 0

access is not allowed.

If it is set to

.Dv 1

then only processes that have opened

.Pa /dev/kmem

can have access.

If it is set to

.Dv 2

every process is allowed.

Defaults to

.Dv 0

for

.Dv KASLR

kernels

and

.Dv 1

otherwise.

Allowing general access renders KASLR ineffective; allowing only kmem

accessing programs weakens KASLR if those programs can be subverted

to leak the addresses.

.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC )

Perform a crash dump on system

.Xr panic 9 .

Line 694 If this flag is non-zero, the kernel wil

Line 730 If this flag is non-zero, the kernel wil

all process exits due to signals which create a

.Xr core 5

file, and whether the coredump was created.

.It Li kern.lwp ( Dv KERN_LWP )

Returns information about the current light-weight process.

The

.Sy kinfo_lwp

structure is defined in

.In sys/sysctl.h .

.It Li kern.mapped_files ( Dv KERN_MAPPED_FILES )

Returns 1 if the

.St -p1003.1b-93

Line 993 The fourth level name is as follows:

Line 1035 The fourth level name is as follows:

.It Dv KERN_PROC_NARGV The number of argv strings

.It Dv KERN_PROC_NENV The number of environ strings

.It Dv KERN_PROC_PATHNAME The full pathname of the executable

.It Dv KERN_PROC_CWD The current working directory

.El

.It Li kern.profiling ( Dv KERN_PROF )

Return profiling information about the kernel.

Line 1049 Return the offset of real time clock fro

Line 1092 Return the offset of real time clock fro

.It Li kern.saved_ids ( Dv KERN_SAVED_IDS )

Returns 1 if saved set-group and saved set-user ID is available.

.It Li kern.sbmax ( Dv KERN_SBMAX )

Maximum socket buffer size.

Maximum socket buffer size in bytes.

.\" XXX units?

.It Li kern.securelevel ( Dv KERN_SECURELVL )

See

.Xr secmodel_securelevel 9 .

Line 1153 See

Line 1195 See

.Xr sched 3 .

.El

.It Li kern.somaxkva ( Dv KERN_SOMAXKVA )

Maximum amount of kernel memory to be used for socket buffers.

Maximum amount of kernel memory to be used for socket buffers in bytes.

.\" XXX units?

.It Li kern.sooptions

Set the default socket option flags for

.Xr socket 2

creation.

See

.Xr setsockopt 2

for a list of supported flags.

.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO )

Returns 1 if the

.St -p1003.1b-93

Line 1231 Resource usage for the current user.

Line 1279 Resource usage for the current user.

.It kern.uidinfo.proccnt integer no

.It kern.uidinfo.lwpcnt integer no

.It kern.uidinfo.lockcnt integer no

.It kern.uidinfo.semcnt integer no

.It kern.uidinfo.sbsize integer no

.El

.Bl -tag -width "123456"

Line 1241 Returns the number of active threads for

Line 1290 Returns the number of active threads for

of each process is not counted.

.It Li kern.uidinfo.lockcnt

Number of locks held by the current user.

.It Li kern.uidinfo.semcnt

Number of semaphores held by the current user.

.It Li kern.uidinfo.sbsize

Number of bytes in socket buffers allocated to the current user.

.El

Line 1305 Each element of the array contains the k

Line 1356 Each element of the array contains the k

.Vt struct vnode *

followed by the vnode itself

.Vt struct vnode .

.\" XXX: Undocumented: kern.lwp: no children?

.El

.Ss The machdep.* subtree

The set of variables defined is architecture dependent.

Line 1492 This cannot be set to less than 1024 or

Line 1542 This cannot be set to less than 1024 or

.It Li ip.checkinterface

If set to non-zero, the host will reject packets addressed to it

that arrive on an interface not bound to that address.

Currently, this must be disabled if ipnat is used to translate the

Currently, this must be disabled if NAT is used to translate the

destination address to another local interface, or if addresses

are added to the loopback interface instead of the interface where

the packets for those packets are received.

Line 2041 The currently defined variable and names

Line 2091 The currently defined variable and names

.It esp_auth integer yes

.It ah_keymin integer yes

.El

.Pp

The variables are as follows:

.Bl -tag -width "123456"

.It Li debug

Turn on debugging message from within the kernel.

The value is a bitmap, as defined in

.In netkey/key_debug.h .

.In netipsec/key_debug.h .

.It Li enabled

Control processing of IPsec control messages.

.Bl -tag -width indent

Line 2059 Allow IPsec processing when SPD policies

Line 2108 Allow IPsec processing when SPD policies

Force IPsec processing even when SPD policies are not present.

.El

.It Li used

Based on if IPsec is enabled, and SPD rule existance, show if

Based on if IPsec is enabled, and SPD rule existence, show if

IPsec is being used.

Note that currently once IPsec is being used, it cannot be disabled.

.It Li spi_try

Line 2091 Minimum AH key length, in bits,

Line 2140 Minimum AH key length, in bits,

The value is used when the kernel creates proposal payload

on ACQUIRE PF_KEY message.

.El

.It Li net.local ( Dv PF_LOCAL )

Get or set various global information about

.Dv AF_LOCAL

type sockets.

For some variables, the third level name is the variable name:

.Bl -column "Variable" "integer" "Changeable" -offset indent

.It Sy Variable Type Ta Sy Changeable

.It inflight integer no

.It deferred integer no

.El

The variables are as follows:

.Bl -tag -width "123456"

.It Li inflight

The number of file descriptors currently passed between processes,

.Qq in flight .

.It Li deferred

The number of file descriptors passed between processes that have been

deferred for cleanup by a kernel task.

.El

.Pp

Other variables are specific to a socket type:

.Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent

.It Sy "Socket Type" Sy Variable Type Ta Sy Changeable

.It dgram pcblist struct no

.It dgram recvspace integer yes

.It dgram sendspace integer yes

.It seqpacket pcblist struct no

.It stream pcblist struct no

.It stream recvspace integer yes

.It stream sendspace integer yes

.El

The variables are as follows:

.Bl -tag -width "123456"

.It Li dgram.pcblist

The Protocol Control Block list structure for datagram sockets.

Parsed by

.Xr netstat 1

.Xr sockstat 1 .

.It Li dgram.recvspace

The default datagram receive buffer size.

.It Li dgram.sendspace

The default datagram send buffer size.

.It Li seqpacket.pcblist

The Protocol Control Block list structure for Sequential Packet sockets.

Parsed by

.Xr netstat 1

.Xr sockstat 1 .

.It Li stream.pcblist

The Protocol Control Block list structure for stream sockets.

Parsed by

.Xr netstat 1

.Xr sockstat 1 .

.It Li stream.recvspace

The default stream receive buffer size.

.It Li stream.sendspace

The default stream send buffer size.

.El

.Ss The proc.* subtree

The string and integer information available for the

Line 2424 the fifth is the size of

Line 2533 the fifth is the size of

Returns an array of

.Vt struct kinfo_vmentry

objects.

.It Li vm.ubc_direct

Use direct map for UBC I/O, avoiding need to map and unmap buffer memory.

Speeds up operation for fast I/O devices like NVMe, especially

on multi-CPU systems.

Only available on some architectures.

Currently still experimental, default is off.

.It Li vm.uspace ( Dv VM_USPACE )

The number of bytes allocated for each kernel stack.

.It Li vm.uvmexp ( Dv VM_UVMEXP )

Line 2450 privilege may change the value.

Line 2565 privilege may change the value.

.Bl -column "Second level name" "integer" "Changeable" -offset indent

.It Sy Second level name Ta Sy Type Ta Sy Changeable

.It ddb.commandonenter string yes

.It ddb.dumpstack integer yes

.It ddb.fromconsole integer yes

.It ddb.lines integer yes

.It ddb.maxoff integer yes

Line 2463 privilege may change the value.

Line 2578 privilege may change the value.

.El

.Bl -tag -width "123456"

.It Li ddb.commandonenter

If not empty, a command to be executed on each enter to the DDB.

If not empty, the string is used as the DDB command to be executed each time

DDB is entered.

.It Li ddb.dumpstack

A value of 1 causes a stack trace to be printed on entering ddb from a panic.

A value of 0 disables this behaviour. The default value is 1.

A value of 0 disables this behaviour.

The default value is 1.

.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE )

If not zero, DDB may be entered by sending a break on a serial

console or by a special key sequence on a graphics console.

Line 2546 See

Line 2663 See

.Xr secmodel 9

for more information.

.It Li security.pax

Settings for PaX -- exploit mitigation features.

Settings for PaX \(em exploit mitigation features.

For more information on any of the PaX features, please see

.Xr paxctl 8

and

CVSweb <webmaster@jp.NetBSD.org>