version 1.98, 2016/03/30 05:45:26 |
version 1.131, 2018/09/06 10:09:29 |
|
|
.\" |
.\" |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" |
.\" |
.Dd March 30, 2016 |
.Dd September 6, 2018 |
.Dt SYSCTL 7 |
.Dt SYSCTL 7 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
Line 117 as a debugging variable, the following d |
|
Line 117 as a debugging variable, the following d |
|
.Pp |
.Pp |
.Bd -literal -offset indent -compact |
.Bd -literal -offset indent -compact |
int dospecialcheck = 1; |
int dospecialcheck = 1; |
struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; |
struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; |
.Ed |
.Ed |
.Pp |
.Pp |
Note that the dynamic implementation of |
Note that the dynamic implementation of |
Line 188 level is detailed below. |
|
Line 188 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It hw.alignbytes integer no |
.It hw.alignbytes integer no |
.It hw.byteorder integer no |
.It hw.byteorder integer no |
.It hw.cnmagic string yes |
.It hw.cnmagic string yes |
Line 272 The changeable column shows whether a pr |
|
Line 272 The changeable column shows whether a pr |
|
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.posix_reader_writer_locks" \ |
.Bl -column "kern.posix_reader_writer_locks" \ |
"struct kinfo_drivers" "not applicable" |
"struct kinfo_drivers" "not applicable" |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It kern.aio_listio_max integer yes |
.It kern.aio_listio_max integer yes |
.It kern.aio_max integer yes |
.It kern.aio_max integer yes |
.It kern.arandom integer no |
.It kern.arandom integer no |
Line 315 privilege may change the value. |
|
Line 315 privilege may change the value. |
|
.It kern.maxproc integer yes |
.It kern.maxproc integer yes |
.It kern.maxptys integer yes |
.It kern.maxptys integer yes |
.It kern.maxvnodes integer yes |
.It kern.maxvnodes integer yes |
|
.It kern.messages integer yes |
.It kern.mbuf node not applicable |
.It kern.mbuf node not applicable |
.It kern.memlock integer no |
.It kern.memlock integer no |
.It kern.memlock_range integer no |
.It kern.memlock_range integer no |
Line 354 privilege may change the value. |
|
Line 355 privilege may change the value. |
|
.It kern.rtc_offset integer yes |
.It kern.rtc_offset integer yes |
.It kern.saved_ids integer no |
.It kern.saved_ids integer no |
.It kern.sbmax integer yes |
.It kern.sbmax integer yes |
.\".It kern.sched node not applicable |
.It kern.sched node not applicable |
.It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
.It kern.somaxkva integer yes |
.It kern.somaxkva integer yes |
.It kern.synchronized_io integer no |
.It kern.synchronized_io integer no |
Line 371 privilege may change the value. |
|
Line 372 privilege may change the value. |
|
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.aio_listio_max |
.It Li kern.aio_listio_max |
The maximum number of asynchronous |
The maximum number of asynchronous I/O operations in a single list |
.Tn I/O |
I/O call. |
operations in a single list I/O call. |
|
Like with all variables related to |
Like with all variables related to |
.Xr aio 3 , |
.Xr aio 3 , |
the variable may be created and removed dynamically |
the variable may be created and removed dynamically |
Line 383 The maximum number of asynchronous I/O o |
|
Line 383 The maximum number of asynchronous I/O o |
|
.It Li kern.arandom |
.It Li kern.arandom |
This variable picks a random number each time it is queried. |
This variable picks a random number each time it is queried. |
The used random number generator |
The used random number generator |
.Pf ( Tn RNG ) |
.Pf ( RNG ) |
is based on |
is based on |
.Xr arc4random 3 . |
.Xr arc4random 3 . |
.It Li kern.argmax ( Dv KERN_ARGMAX ) |
.It Li kern.argmax ( Dv KERN_ARGMAX ) |
|
|
.Vt struct timeval |
.Vt struct timeval |
structure is returned. |
structure is returned. |
This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
|
.It Li kern.bufq |
|
This variable contains information on the |
|
.Xr bufq 9 |
|
subsystem. |
|
Currently, the only third level name implemented is |
|
.Dv kern.bufq.strategies |
|
which provides a list of buffer queue strategies currently available. |
.It Li kern.buildinfo |
.It Li kern.buildinfo |
When the kernel is built, the build environment may optionally provide |
When the kernel is built, the build environment may optionally provide |
arbitrary information to be stored in this variable. |
arbitrary information to be stored in this variable. |
.\" .It Li kern.bufq |
|
.\" XXX: Undocumented. |
|
.It Li kern.ccpu ( Dv KERN_CCPU ) |
.It Li kern.ccpu ( Dv KERN_CCPU ) |
The scheduler exponential decay value. |
The scheduler exponential decay value. |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
Line 428 The third level name is |
|
Line 433 The third level name is |
|
.Dv kern.coredump.setid |
.Dv kern.coredump.setid |
and fourth level variables are described below. |
and fourth level variables are described below. |
.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
.It Sy Fourth level name Sy Type Sy Changeable |
.It Sy Fourth level name Ta Sy Type Ta Sy Changeable |
.It kern.coredump.setid.dump integer yes |
.It kern.coredump.setid.dump integer yes |
.It kern.coredump.setid.group integer yes |
.It kern.coredump.setid.group integer yes |
.It kern.coredump.setid.mode integer yes |
.It kern.coredump.setid.mode integer yes |
Line 456 Mapping of CPU number to CPU id. |
|
Line 461 Mapping of CPU number to CPU id. |
|
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
Returns an array of |
Returns an array of |
.Dv CPUSTATES |
.Dv CPUSTATES |
.Vt uint64_t Ns s. |
.Vt uint64_t Ns s . |
This array contains the |
This array contains the |
number of clock ticks spent in different CPU states. |
number of clock ticks spent in different CPU states. |
On multi-processor systems, the sum across all CPUs is returned unless |
On multi-processor systems, the sum across all CPUs is returned unless |
|
|
system. |
system. |
The available values are as follows: |
The available values are as follows: |
.Bl -tag -width XX0 -offset indent |
.Bl -tag -width XX0 -offset indent |
.It Dv \*[Lt] 0 |
.It Dv < 0 |
Always force userlevel requests to use software transforms. |
Always force userlevel requests to use software transforms. |
.It Dv = 0 |
.It Dv = 0 |
If present, use hardware and grant userlevel requests for |
If present, use hardware and grant userlevel requests for |
non-accelerated transforms (handling the latter in software). |
non-accelerated transforms (handling the latter in software). |
.It Dv \*[Gt] 0 |
.It Dv > 0 |
Allow user requests only for transforms which are hardware-accelerated. |
Allow user requests only for transforms which are hardware-accelerated. |
.El |
.El |
.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) |
.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) |
|
|
Returns the number of |
Returns the number of |
.Xr hardclock 9 |
.Xr hardclock 9 |
ticks. |
ticks. |
|
.It Li kern.hist |
|
This variable contains kernel history data if the kernel was |
|
configured for any of the options |
|
.Dv UVHMIST , |
|
.Dv USB_DEBUG , |
|
.Dv BIOHIST , |
|
or |
|
.Dv SCDEBUG . |
|
(See |
|
.Xr options 4 |
|
for more details.) |
|
The third-level names correspond to each available history table. |
|
The values of the history tables are in an internal format, and can be |
|
decoded by the |
|
.Xr vmstat 1 |
|
utility's |
|
.Fl U |
|
and |
|
.Fl u |
|
options; |
|
the |
|
.Fl l |
|
option can be used to see which tables are available. |
.It Li kern.hostid ( Dv KERN_HOSTID ) |
.It Li kern.hostid ( Dv KERN_HOSTID ) |
Get or set the host identifier. |
Get or set the host identifier. |
This is aimed to replace the legacy |
This is aimed to replace the legacy |
|
|
Return information about the SysV IPC parameters. |
Return information about the SysV IPC parameters. |
The third level names for the ipc variables are detailed below. |
The third level names for the ipc variables are detailed below. |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvshm integer no |
.It kern.ipc.sysvshm integer no |
|
|
Return System V style IPC configuration and run-time information. |
Return System V style IPC configuration and run-time information. |
The fourth level name selects the System V style IPC facility. |
The fourth level name selects the System V style IPC facility. |
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
.It Sy Fourth level name Sy Type |
.It Sy Fourth level name Ta Sy Type |
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
Line 700 The third level names for the mbuf varia |
|
Line 728 The third level names for the mbuf varia |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.\" XXX Changeable? really? |
.\" XXX Changeable? really? |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mclbytes integer yes |
.It kern.mbuf.mclbytes integer yes |
Line 739 Returns 1 if the |
|
Line 767 Returns 1 if the |
|
.St -p1003.1b-93 |
.St -p1003.1b-93 |
Memory Protection Option is available on this system, |
Memory Protection Option is available on this system, |
otherwise\ 0. |
otherwise\ 0. |
|
.It Li kern.messages |
|
Kernel console message verbosity. |
|
See |
|
.Aq Pa sys/reboot.h |
|
.Bl -column "verbosity" "setting" -offset indent |
|
.It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent |
|
.It 0 Ta Silent Ta Sy AB_SILENT |
|
.It 1 Ta Quiet Ta Sy AB_QUIET |
|
.It 2 Ta Normal Ta Sy AB_NORMAL |
|
.It 3 Ta Verbose Ta Sy AB_VERBOSE |
|
.It 4 Ta Debug Ta Sy AB_DEBUG |
|
.El |
.It Li kern.module |
.It Li kern.module |
Settings related to kernel modules. |
Settings related to kernel modules. |
The third level names for the settings are described below. |
The third level names for the settings are described below. |
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.module.autoload integer yes |
.It kern.module.autoload integer yes |
.It kern.module.autotime integer yes |
.It kern.module.autotime integer yes |
.It kern.module.verbose integer yes |
.It kern.module.verbose boolean yes |
.El |
.El |
.Pp |
.Pp |
The variables are as follows: |
The variables are as follows: |
Line 770 Returns the standard version the impleme |
|
Line 810 Returns the standard version the impleme |
|
Monotonic Clock Option conforms to, |
Monotonic Clock Option conforms to, |
otherwise\ 0. |
otherwise\ 0. |
.It Li kern.mqueue |
.It Li kern.mqueue |
Settings related to |
Settings related to POSIX message queues; see |
.Tn POSIX |
|
message queues; see |
|
.Xr mqueue 3 . |
.Xr mqueue 3 . |
This node is created dynamically when |
This node is created dynamically when |
the corresponding kernel module is loaded. |
the corresponding kernel module is loaded. |
The third level names for the settings are described below. |
The third level names for the settings are described below. |
.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.mqueue.mq_open_max integer yes |
.It kern.mqueue.mq_open_max integer yes |
.It kern.mqueue.mq_prio_max integer yes |
.It kern.mqueue.mq_prio_max integer yes |
.It kern.mqueue.mq_max_msgsize integer yes |
.It kern.mqueue.mq_max_msgsize integer yes |
Line 830 The third level names for the integer p |
|
Line 868 The third level names for the integer p |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxkvasz integer yes |
.It kern.pipe.maxkvasz integer yes |
Line 923 structures is returned, |
|
Line 961 structures is returned, |
|
whose size depends on the current number of such objects in the system. |
whose size depends on the current number of such objects in the system. |
The third and fourth level numeric names are as follows: |
The third and fourth level numeric names are as follows: |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.It Sy Third level name Sy Fourth level is: |
.It Sy Third level name Ta Sy Fourth level is : |
.It KERN_PROC_ALL None |
.It KERN_PROC_ALL None |
.It KERN_PROC_GID A group ID |
.It KERN_PROC_GID A group ID |
.It KERN_PROC_PID A process ID |
.It KERN_PROC_PID A process ID |
Line 968 is detailed below. |
|
Line 1006 is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.gmonparam struct gmonparam no |
.It kern.profiling.gmonparam struct gmonparam no |
Line 1016 Maximum socket buffer size. |
|
Line 1054 Maximum socket buffer size. |
|
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
See |
See |
.Xr secmodel_securelevel 9 . |
.Xr secmodel_securelevel 9 . |
.\" .It Li kern.sched |
.It Li kern.sched ( dynamic ) |
.\" XXX: Undocumented. |
Influence the scheduling of LWPs, their priorisation and how they are |
|
distributed on and moved between CPUs. |
|
.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Sy Type Sy Changeable |
|
.It kern.sched.cacheht_time integer yes |
|
.It kern.sched.balance_period integer yes |
|
.It kern.sched.average_weight integer yes |
|
.It kern.sched.min_catch integer yes |
|
.It kern.sched.timesoftints integer yes |
|
.It kern.sched.kpreempt_pri integer yes |
|
.It kern.sched.upreempt_pri integer yes |
|
.It kern.sched.maxts integer yes |
|
.It kern.sched.mints integer yes |
|
.It kern.sched.name string no |
|
.It kern.sched.rtts integer no |
|
.It kern.sched.pri_min integer no |
|
.It kern.sched.pri_max integer no |
|
.El |
|
.Pp |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li kern.sched.cacheht_time ( dynamic ) |
|
Cache hotness time in which a LWP is kept on one particular CPU |
|
and not moved to another CPU. |
|
This reduces the overhead of flushing and reloading caches. |
|
Defaults to 3ms. |
|
Needs to be given in |
|
.Dq hz |
|
units, see |
|
.Xr mstohz 9 . |
|
.It Li kern.sched.balance_period ( dynamic ) |
|
Interval at which the CPU queues are checked for re-balancing. |
|
Defaults to 300ms. |
|
Needs to be given in |
|
.Dq hz |
|
units, see |
|
.Xr mstohz 9 . |
|
.It Li kern.sched.average_weight ( dynamic ) |
|
Can be used to influence how likely LWPs are to be migrated from |
|
one CPU's queue of LWPs that are ready to run to a different, idle CPU. |
|
The value gives the percentage for weighting the average count of |
|
migratable threads from the past against the current number of |
|
migratable threads. |
|
A small value gives more weight to the past, a larger values more weight |
|
on the current situation. |
|
Defaults to 50 and must be between 0 and 100. |
|
.It Li kern.sched.min_catch ( dynamic ) |
|
Minimum count of migratable (runable) threads for catching (stealing) |
|
from another CPU. |
|
Defaults to 1 but can be increased to decrease chance of thread |
|
migration between CPUs. |
|
.It Li kern.sched.timesoftints ( dynamic ) |
|
Enable tracking of CPU time for soft interrupts |
|
as part of a LWP's real execution time. |
|
Set to a non-zero value to enable, |
|
and see |
|
.Xr ps 1 |
|
for printing CPU times. |
|
.It Li kern.sched.kpreempt_pri ( dynamic ) |
|
Minimum priority to trigger kernel preemption. |
|
.It Li kern.sched.upreempt_pri ( dynamic ) |
|
Minimum priority to trigger user preemption. |
|
.It Li kern.sched.maxts ( dynamic ) |
|
Scheduler specific maximal time quantum (in milliseconds). |
|
Must be set to a value larger than |
|
.Dq mints |
|
and between 10 and |
|
.Dq hz |
|
as given by the |
|
.Dv kern.clockrate |
|
sysctl. |
|
Provided by the M2 scheduler. |
|
.It Li kern.sched.mints ( dynamic ) |
|
Scheduler specific minimal time quantum (in milliseconds). |
|
Must be set to a value smaller than |
|
.Dq maxts |
|
and between 1 and |
|
.Dq hz |
|
as given by the |
|
.Dq kern.clockrate |
|
sysctl. |
|
Provided by the M2 scheduler. |
|
.It Li kern.sched.name ( dynamic ) |
|
Scheduler name. |
|
Provided both by the M2 and the 4BSD scheduler. |
|
.It Li kern.sched.rtts ( dynamic ) |
|
Fixed scheduler specific round-robin time quantum in milliseconds. |
|
Provided both by the M2 and the 4BSD scheduler. |
|
.It Li kern.sched.pri_min ( dynamic ) |
|
Minimal POSIX real-time priority. |
|
See |
|
.Xr sched 3 . |
|
.It Li kern.sched.pri_max ( dynamic ) |
|
Maximal POSIX real-time priority. |
|
See |
|
.Xr sched 3 . |
|
.El |
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
Maximum amount of kernel memory to be used for socket buffers. |
Maximum amount of kernel memory to be used for socket buffers. |
.\" XXX units? |
.\" XXX units? |
|
|
.It Li kern.timecounter ( dynamic ) |
.It Li kern.timecounter ( dynamic ) |
Display and control the timecounter source of the system. |
Display and control the timecounter source of the system. |
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.timecounter.choice string no |
.It kern.timecounter.choice string no |
.It kern.timecounter.hardware string yes |
.It kern.timecounter.hardware string yes |
.It kern.timecounter.timestepwarnings integer yes |
.It kern.timecounter.timestepwarnings integer yes |
Line 1053 The third level names for the tty statis |
|
Line 1187 The third level names for the tty statis |
|
The changeable column shows whether a process |
The changeable column shows whether a process |
with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nout quad no |
.It kern.tkstat.nout quad no |
Line 1076 The third level names for the tty setup |
|
Line 1210 The third level names for the tty setup |
|
The changeable column shows whether a process |
The changeable column shows whether a process |
with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent |
.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.tty.qsize int yes |
.It kern.tty.qsize int yes |
.El |
.El |
.Pp |
.Pp |
|
|
.It Li kern.uidinfo |
.It Li kern.uidinfo |
Resource usage for the current user. |
Resource usage for the current user. |
.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent |
.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.uidinfo.proccnt integer no |
.It kern.uidinfo.proccnt integer no |
.It kern.uidinfo.lwpcnt integer no |
.It kern.uidinfo.lwpcnt integer no |
.It kern.uidinfo.lockcnt integer no |
.It kern.uidinfo.lockcnt integer no |
|
|
Runtime information for |
Runtime information for |
.Xr veriexec 8 . |
.Xr veriexec 8 . |
.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.veriexec.algorithms string no |
.It kern.veriexec.algorithms string no |
.It kern.veriexec.count node not applicable |
.It kern.veriexec.count node not applicable |
.It kern.veriexec.strict integer yes |
.It kern.veriexec.strict integer yes |
Line 1177 followed by the vnode itself |
|
Line 1311 followed by the vnode itself |
|
The set of variables defined is architecture dependent. |
The set of variables defined is architecture dependent. |
Most architectures define at least the following variables. |
Most architectures define at least the following variables. |
.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It Li machdep.booted_kernel string no |
.It Li machdep.booted_kernel string no |
.El |
.El |
.\" XXX: Document the above. |
.\" XXX: Document the above. |
Line 1190 privilege may change the value. |
|
Line 1324 privilege may change the value. |
|
The second and third levels are typically the protocol family and |
The second and third levels are typically the protocol family and |
protocol number, though this is not always the case. |
protocol number, though this is not always the case. |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It net.route routing messages no |
.It net.route routing messages no |
.It net.inet IPv4 values yes |
.It net.inet IPv4 values yes |
.It net.inet6 IPv6 values yes |
.It net.inet6 IPv6 values yes |
Line 1210 The fourth level name is an address fami |
|
Line 1344 The fourth level name is an address fami |
|
select all address families. |
select all address families. |
The fifth and sixth level names are as follows: |
The fifth and sixth level names are as follows: |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.It Sy Fifth level name Sy Sixth level is: |
.It Sy Fifth level name Ta Sy Sixth level is : |
.It NET_RT_FLAGS rtflags |
.It NET_RT_FLAGS rtflags |
.It NET_RT_DUMP None |
.It NET_RT_DUMP None |
.It NET_RT_IFLIST None |
.It NET_RT_IFLIST None |
Line 1222 The third level name is the protocol. |
|
Line 1356 The third level name is the protocol. |
|
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.It Sy Protocol Variable Sy Type Sy Changeable |
.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable |
.It arp down integer yes |
.It arp down integer yes |
.It arp keep integer yes |
.It arp keep integer yes |
.It arp log_movements integer yes |
.It arp log_movements integer yes |
.It arp log_permanent_modify integer yes |
.It arp log_permanent_modify integer yes |
.It arp log_unknown_network integer yes |
.It arp log_unknown_network integer yes |
.It arp log_wrong_iface integer yes |
.It arp log_wrong_iface integer yes |
.It arp prune integer yes |
|
.It arp refresh integer yes |
|
.It carp allow integer yes |
.It carp allow integer yes |
.It carp preempt integer yes |
.It carp preempt integer yes |
.It carp log integer yes |
.It carp log integer yes |
Line 1247 The currently defined protocols and name |
|
Line 1379 The currently defined protocols and name |
|
.It ip anonportmax integer yes |
.It ip anonportmax integer yes |
.It ip anonportmin integer yes |
.It ip anonportmin integer yes |
.It ip checkinterface integer yes |
.It ip checkinterface integer yes |
|
.It ip dad_count integer yes |
.It ip directed-broadcast integer yes |
.It ip directed-broadcast integer yes |
.It ip do_loopback_cksum integer yes |
.It ip do_loopback_cksum integer yes |
.It ip forwarding integer yes |
.It ip forwarding integer yes |
Line 1277 The currently defined protocols and name |
|
Line 1410 The currently defined protocols and name |
|
.It tcp mss_ifmtu integer yes |
.It tcp mss_ifmtu integer yes |
.It tcp win_scale integer yes |
.It tcp win_scale integer yes |
.It tcp timestamps integer yes |
.It tcp timestamps integer yes |
.It tcp compat_42 integer yes |
|
.It tcp cwm integer yes |
.It tcp cwm integer yes |
.It tcp cwm_burstsize integer yes |
.It tcp cwm_burstsize integer yes |
.It tcp ack_on_push integer yes |
.It tcp ack_on_push integer yes |
Line 1312 The variables are as follows: |
|
Line 1444 The variables are as follows: |
|
Failed ARP entry lifetime. |
Failed ARP entry lifetime. |
.It Li arp.keep |
.It Li arp.keep |
Valid ARP entry lifetime. |
Valid ARP entry lifetime. |
.It Li arp.prune |
|
ARP cache pruning interval. |
|
.It Li arp.refresh |
|
ARP entry refresh interval. |
|
.It Li carp.allow |
.It Li carp.allow |
If set to 0, incoming |
If set to 0, incoming |
.Xr carp 4 |
.Xr carp 4 |
Line 1364 This cannot be set to less than 1024 or |
|
Line 1492 This cannot be set to less than 1024 or |
|
.It Li ip.checkinterface |
.It Li ip.checkinterface |
If set to non-zero, the host will reject packets addressed to it |
If set to non-zero, the host will reject packets addressed to it |
that arrive on an interface not bound to that address. |
that arrive on an interface not bound to that address. |
Currently, this must be disabled if ipnat is used to translate the |
Currently, this must be disabled if NAT is used to translate the |
destination address to another local interface, or if addresses |
destination address to another local interface, or if addresses |
are added to the loopback interface instead of the interface where |
are added to the loopback interface instead of the interface where |
the packets for those packets are received. |
the packets for those packets are received. |
|
.It Li ip.dad_count |
|
The number of |
|
.Xr arp 4 |
|
probes sent for Address Conflict Detection. |
|
Set to 0 to disable this. |
.It Li ip.directed-broadcast |
.It Li ip.directed-broadcast |
If set to 1, enables directed broadcast behavior for the host. |
If set to 1, enables directed broadcast behavior for the host. |
.It Li ip.do_loopback_cksum |
.It Li ip.do_loopback_cksum |
Line 1469 This can avoid losing a round trip time |
|
Line 1602 This can avoid losing a round trip time |
|
but has the caveat of potentially defeating TCP's delayed ACK algorithm. |
but has the caveat of potentially defeating TCP's delayed ACK algorithm. |
Use of this option is generally not recommended, but |
Use of this option is generally not recommended, but |
the variable exists in case your configuration really needs it. |
the variable exists in case your configuration really needs it. |
.It Li tcp.compat_42 |
|
If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation. |
|
Use of this option is not recommended, although it may be |
|
required in order to communicate with extremely old TCP implementations. |
|
.It Li tcp.cwm |
.It Li tcp.cwm |
If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window |
If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window |
Monitoring algorithm. |
Monitoring algorithm. |
Line 1604 The third level name is the protocol. |
|
Line 1733 The third level name is the protocol. |
|
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.It Sy Protocol Variable Sy Type Sy Changeable |
.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable |
.It icmp6 errppslimit integer yes |
.It icmp6 errppslimit integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_lowat integer yes |
.It icmp6 mtudisc_lowat integer yes |
Line 1885 Default UDP receive buffer size. |
|
Line 2014 Default UDP receive buffer size. |
|
Default UDP send buffer size. |
Default UDP send buffer size. |
.El |
.El |
.Pp |
.Pp |
We reuse net.*.tcp for |
We reuse net.*.tcp for TCP over IPv6, |
.Tn TCP |
|
over |
|
.Tn IPv6 , |
|
and therefore we do not have variables net.*.tcp6. |
and therefore we do not have variables net.*.tcp6. |
Variables net.inet6.udp6 have identical meaning to net.inet.udp. |
Variables net.inet6.udp6 have identical meaning to net.inet.udp. |
Please refer to |
Please refer to |
Line 1901 Get or set various global information ab |
|
Line 2027 Get or set various global information ab |
|
The third level name is the variable name. |
The third level name is the variable name. |
The currently defined variable and names are: |
The currently defined variable and names are: |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.It Sy Variable Type Sy Changeable |
.It Sy Variable Type Ta Sy Changeable |
.It debug integer yes |
.It debug integer yes |
.It enabled integer yes |
.It enabled integer yes |
.It used integer no |
.It used integer no |
Line 1915 The currently defined variable and names |
|
Line 2041 The currently defined variable and names |
|
.It esp_auth integer yes |
.It esp_auth integer yes |
.It ah_keymin integer yes |
.It ah_keymin integer yes |
.El |
.El |
.Pp |
|
The variables are as follows: |
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li debug |
.It Li debug |
Turn on debugging message from within the kernel. |
Turn on debugging message from within the kernel. |
The value is a bitmap, as defined in |
The value is a bitmap, as defined in |
.In netkey/key_debug.h . |
.In netipsec/key_debug.h . |
.It Li enabled |
.It Li enabled |
Control processing of IPsec control messages. |
Control processing of IPsec control messages. |
.Bl -tag -width indent |
.Bl -tag -width indent |
Line 1933 Allow IPsec processing when SPD policies |
|
Line 2058 Allow IPsec processing when SPD policies |
|
Force IPsec processing even when SPD policies are not present. |
Force IPsec processing even when SPD policies are not present. |
.El |
.El |
.It Li used |
.It Li used |
Based on if IPsec is enabled, and SPD rule existance, show if |
Based on if IPsec is enabled, and SPD rule existence, show if |
IPsec is being used. |
IPsec is being used. |
Note that currenly once IPsec is being used, it cannot be disabled. |
Note that currently once IPsec is being used, it cannot be disabled. |
.It Li spi_try |
.It Li spi_try |
The number of times the kernel will try to obtain an unique SPI |
The number of times the kernel will try to obtain an unique SPI |
when it generates it from random number generator. |
when it generates it from random number generator. |
Line 1965 Minimum AH key length, in bits, |
|
Line 2090 Minimum AH key length, in bits, |
|
The value is used when the kernel creates proposal payload |
The value is used when the kernel creates proposal payload |
on ACQUIRE PF_KEY message. |
on ACQUIRE PF_KEY message. |
.El |
.El |
|
.It Li net.local ( Dv PF_LOCAL ) |
|
Get or set various global information about |
|
.Dv AF_LOCAL |
|
type sockets. |
|
For some variables, the third level name is the variable name: |
|
.Bl -column "Variable" "integer" "Changeable" -offset indent |
|
.It Sy Variable Type Ta Sy Changeable |
|
.It inflight integer no |
|
.It deferred integer no |
|
.El |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li inflight |
|
The number of file descriptors currently passed between processes, |
|
.Qq in flight . |
|
.It Li deferred |
|
The number of file descriptors passed between processes that have been |
|
deferred for cleanup by a kernel task. |
|
.El |
|
.Pp |
|
Other variables are specific to a socket type: |
|
.Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent |
|
.It Sy "Socket Type" Sy Variable Type Ta Sy Changeable |
|
.It dgram pcblist struct no |
|
.It dgram recvspace integer yes |
|
.It dgram sendspace integer yes |
|
.It seqpacket pcblist struct no |
|
.It stream pcblist struct no |
|
.It stream recvspace integer yes |
|
.It stream sendspace integer yes |
|
.El |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li dgram.pcblist |
|
The Protocol Control Block list structure for datagram sockets. |
|
Parsed by |
|
.Xr netstat 8 |
|
or |
|
.Xr sockstat 8 . |
|
.It Li dgram.recvspace |
|
The default datagram receive buffer size. |
|
.It Li dgram.sendspace |
|
The default datagram send buffer size. |
|
.It Li seqpacket.pcblist |
|
The Protocol Control Block list structure for Sequential Packet sockets. |
|
Parsed by |
|
.Xr netstat 8 |
|
or |
|
.Xr sockstat 8 . |
|
.It Li stream.pcblist |
|
The Protocol Control Block list structure for stream sockets. |
|
Parsed by |
|
.Xr netstat 8 |
|
or |
|
.Xr sockstat 8 . |
|
.It Li stream.recvspace |
|
The default stream receive buffer size. |
|
.It Li stream.sendspace |
|
The default stream send buffer size. |
|
.El |
.El |
.El |
.Ss The proc.* subtree |
.Ss The proc.* subtree |
The string and integer information available for the |
The string and integer information available for the |
Line 1981 value of PROC_PID_CORENAME is reset to t |
|
Line 2166 value of PROC_PID_CORENAME is reset to t |
|
The second level name is either the magic value PROC_CURPROC, which |
The second level name is either the magic value PROC_CURPROC, which |
points to the current process, or the PID of the target process. |
points to the current process, or the PID of the target process. |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It proc.pid.corename string yes |
.It proc.pid.corename string yes |
.It proc.pid.rlimit node not applicable |
.It proc.pid.rlimit node not applicable |
.It proc.pid.stopfork int yes |
.It proc.pid.stopfork int yes |
.It proc.pid.stopexec int yes |
.It proc.pid.stopexec int yes |
.It proc.pid.stopexit int yes |
.It proc.pid.stopexit int yes |
|
.It proc.pid.paxflags int no |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) |
.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) |
Line 2066 Both are of type integer. |
|
Line 2252 Both are of type integer. |
|
If non zero, the process' children will be stopped after |
If non zero, the process' children will be stopped after |
.Xr fork 2 |
.Xr fork 2 |
calls. |
calls. |
The children is created in the SSTOP state and is never scheduled |
The children are created in the SSTOP state and are never scheduled |
for running before being stopped. |
for running before being stopped. |
This feature helps attaching a process with a debugger such as |
This feature enables attaching to a process with a debugger such as |
.Xr gdb 1 |
.Xr gdb 1 |
before it had the opportunity to actually do anything. |
before the process has the opportunity to actually do anything. |
.Pp |
.Pp |
This value is inherited by the process's children, and it also |
This value is inherited by the process's children, and it also |
apply to emulation specific system calls that fork a new process, such as |
applies to emulation specific system calls that fork a new process, such as |
.Fn sproc |
.Fn sproc |
or |
or |
.Fn clone . |
.Fn clone . |
.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) |
.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) |
If non zero, the process will be stopped on next |
If non zero, the process will be stopped on the next |
.Xr exec 3 |
.Xr exec 3 |
call. |
call. |
The process created by |
The process created by |
.Xr exec 3 |
.Xr exec 3 |
is created in the SSTOP state and is never scheduled for running |
is created in the SSTOP state and is never scheduled for running |
before being stopped. |
before being stopped. |
This feature helps attaching a process with a debugger such as |
This feature enables attaching to a process with a debugger such as |
.Xr gdb 1 |
.Xr gdb 1 |
before it had the opportunity to actually do anything. |
before the process has the opportunity to actually do anything. |
.Pp |
.Pp |
This value is inherited by the process's children. |
This value is inherited by the process's children. |
.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) |
.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) |
If non zero, the process will be stopped on when it has cause to exit, |
If non zero, the process will be stopped when it has cause to exit, |
either by way of calling |
either by way of calling |
.Xr exit 3 , |
.Xr exit 3 , |
.Xr _exit 2 , |
.Xr _exit 2 , |
or by the receipt of a specific signal. |
or by the receipt of a specific signal. |
The process is stopped before any of its resources or vm space is |
The process is stopped before any of its resources or vm space is |
released allowing examination of the termination state of a process |
released allowing examination of the termination state of the process |
before it disappears. |
before it disappears. |
This feature can be used to examine the final conditions of the |
This feature can be used to examine the final conditions of the |
process's vmspace via |
process's vmspace via |
Line 2107 or its resource settings with |
|
Line 2293 or its resource settings with |
|
before it disappears. |
before it disappears. |
.Pp |
.Pp |
This value is also inherited by the process's children. |
This value is also inherited by the process's children. |
|
.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) |
|
This read-only variable returns the current value of the process's pax |
|
flags (see |
|
.Xr paxctl 8 ) . |
.El |
.El |
.Ss The user.* subtree ( Dv CTL_USER ) |
.Ss The user.* subtree ( Dv CTL_USER ) |
The string and integer information available for the |
The string and integer information available for the |
Line 2115 level is detailed below. |
|
Line 2305 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It user.atexit_max integer no |
.It user.atexit_max integer no |
.It user.bc_base_max integer no |
.It user.bc_base_max integer no |
.It user.bc_dim_max integer no |
.It user.bc_dim_max integer no |
Line 2220 level is detailed below. |
|
Line 2410 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It vm.anonmax int yes |
.It vm.anonmax int yes |
.It vm.anonmin int yes |
.It vm.anonmin int yes |
.It vm.bufcache int yes |
.It vm.bufcache int yes |
Line 2239 privilege may change the value. |
|
Line 2429 privilege may change the value. |
|
.It vm.uvmexp2 struct uvmexp_sysctl no |
.It vm.uvmexp2 struct uvmexp_sysctl no |
.It vm.vmmeter struct vmtotal no |
.It vm.vmmeter struct vmtotal no |
.It vm.proc.map struct kinfo_vmentry no |
.It vm.proc.map struct kinfo_vmentry no |
|
.It vm.guard_size unsigned int no |
|
.It vm.thread_guard_size unsigned int yes |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li vm.anonmax ( Dv VM_ANONMAX ) |
.It Li vm.anonmax ( Dv VM_ANONMAX ) |
Line 2284 The returned data consists of a |
|
Line 2476 The returned data consists of a |
|
A flag which controls whether user processes can map virtual address\ 0. |
A flag which controls whether user processes can map virtual address\ 0. |
.It Li vm.proc.map ( Dv VM_PROC ) |
.It Li vm.proc.map ( Dv VM_PROC ) |
The third level is |
The third level is |
.dv VM_PROC_MAP , |
.Dv VM_PROC_MAP , |
the fourth is the pid of the process to display the vm object entries for, and |
the fourth is the pid of the process to display the vm object entries for, and |
the fifth is the size of |
the fifth is the size of |
.Vt struct kinfo_vmentry . |
.Vt struct kinfo_vmentry . |
Line 2301 The returned data consists of a |
|
Line 2493 The returned data consists of a |
|
Return system wide virtual memory statistics. |
Return system wide virtual memory statistics. |
The returned data consists of a |
The returned data consists of a |
.Vt struct uvmexp_sysctl . |
.Vt struct uvmexp_sysctl . |
|
.It Li vm.guard_size |
|
Return system wide guard size for the main thread of a program. |
|
.It Li vm.thread_guard_size |
|
Return system wide default size for the guard area of all other threads |
|
of a program. |
.\" XXX vm.idlezero |
.\" XXX vm.idlezero |
.El |
.El |
.Ss The ddb.* subtree ( Dv CTL_DDB ) |
.Ss The ddb.* subtree ( Dv CTL_DDB ) |
Line 2309 The information available for the |
|
Line 2506 The information available for the |
|
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.\" XXX sort |
|
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It ddb.radix integer yes |
.It ddb.commandonenter string yes |
|
.It ddb.dumpstack integer yes |
|
.It ddb.fromconsole integer yes |
|
.It ddb.lines integer yes |
.It ddb.maxoff integer yes |
.It ddb.maxoff integer yes |
.It ddb.maxwidth integer yes |
.It ddb.maxwidth integer yes |
.It ddb.lines integer yes |
|
.It ddb.tabstops integer yes |
|
.It ddb.onpanic integer yes |
.It ddb.onpanic integer yes |
.It ddb.fromconsole integer yes |
.It ddb.panicstackframes integer yes |
|
.It ddb.radix integer yes |
|
.It ddb.tabstops integer yes |
.It ddb.tee_msgbuf integer yes |
.It ddb.tee_msgbuf integer yes |
.It ddb.commandonenter string yes |
|
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li ddb.radix ( Dv DDBCTL_RADIX ) |
.It Li ddb.commandonenter |
The input and output radix. |
If not empty, the string is used as the DDB command to be executed each time |
|
DDB is entered. |
|
.It Li ddb.dumpstack |
|
A value of 1 causes a stack trace to be printed on entering ddb from a panic. |
|
A value of 0 disables this behaviour. |
|
The default value is 1. |
|
.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) |
|
If not zero, DDB may be entered by sending a break on a serial |
|
console or by a special key sequence on a graphics console. |
|
.It Li ddb.lines ( Dv DDBCTL_LINES ) |
|
Number of display lines. |
.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) |
.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) |
The maximum symbol offset. |
The maximum symbol offset. |
.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) |
.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) |
The maximum output line width. |
The maximum output line width. |
.It Li ddb.lines ( Dv DDBCTL_LINES ) |
|
Number of display lines. |
|
.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) |
|
Tab width. |
|
.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) |
.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) |
If greater than zero, DDB will be entered if the kernel panics. |
If greater than zero, DDB will be entered if the kernel panics. |
A value of 1 causes the system to enter DDB on panic, while a value of 2 |
A value of 1 causes the system to enter DDB on panic. |
causes the kernel to attempt to print out a stack trace before entering DDB. |
|
A value of 0 causes the kernel to attempt to print a stack trace, then |
A value of 0 causes the kernel to attempt to print a stack trace, then |
reboot, while a value of \-1 means neither a stack trace will be printed |
reboot, while a value of \-1 means neither a stack trace will be printed |
nor DDB entered. |
nor DDB entered. |
.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) |
.It Li ddb.panicstackframes |
If not zero, DDB may be entered by sending a break on a serial |
Number of stack frames to display on panic. |
console or by a special key sequence on a graphics console. |
Useful to avoid scrolling away the interesting frames on a glass tty. |
|
Default value is |
|
.Dv 65535 |
|
(all frames), useful value around |
|
.Dv 10 . |
|
.It Li ddb.radix ( Dv DDBCTL_RADIX ) |
|
The input and output radix. |
|
.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) |
|
Tab width. |
.It Li ddb.tee_msgbuf |
.It Li ddb.tee_msgbuf |
If not zero, DDB will output also to the kernel message buffer. |
If not zero, DDB will output also to the kernel message buffer. |
.It Li ddb.commandonenter |
|
If not empty, a command to be executed on each enter to the |
|
.Tn DDB . |
|
.\" |
|
.\" XXX: (a) ddb.commandonenter is missing in ddb(4); |
|
.\" (b) No DDBCTL definitions for tee_msgbuf and commandonenter. |
|
.El |
.El |
.Pp |
.Pp |
Some of these |
Some of these MIB |
.Tn MIB |
|
nodes are also available as variables from within the debugger. |
nodes are also available as variables from within the debugger. |
See |
See |
.Xr ddb 4 |
.Xr ddb 4 |
Line 2366 level contains various security-related |
|
Line 2570 level contains various security-related |
|
the system. |
the system. |
The available second level names are: |
The available second level names are: |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It Li security.curtain integer yes |
.It Li security.curtain integer yes |
.It Li security.models node not applicable |
.It Li security.models node not applicable |
.It Li security.pax node not applicable |
.It Li security.pax node not applicable |
Line 2375 The available second level names are: |
|
Line 2579 The available second level names are: |
|
Available settings are detailed below. |
Available settings are detailed below. |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li security.curtain |
.It Li security.curtain |
If non-zero, will filter return objects according to the user |
If non-zero, will filter return objects according to the user ID |
.Tn ID |
|
requesting information about them, preventing users from |
requesting information about them, preventing users from |
accessing any objects they do not own. |
accessing any objects they do not own. |
.Pp |
.Pp |
Line 2420 The available third and fourth level nam |
|
Line 2623 The available third and fourth level nam |
|
.\".It Li security.pax.aslr.stack_len integer yes |
.\".It Li security.pax.aslr.stack_len integer yes |
.It Li security.pax.mprotect.enabled integer yes |
.It Li security.pax.mprotect.enabled integer yes |
.It Li security.pax.mprotect.global integer yes |
.It Li security.pax.mprotect.global integer yes |
|
.It Li security.pax.mprotect.ptrace integer yes |
.It Li security.pax.segvguard.enabled integer yes |
.It Li security.pax.segvguard.enabled integer yes |
.It Li security.pax.segvguard.expiry_timeout integer yes |
.It Li security.pax.segvguard.expiry_timeout integer yes |
.It Li security.pax.segvguard.global integer yes |
.It Li security.pax.segvguard.global integer yes |
Line 2467 except those exempted with |
|
Line 2671 except those exempted with |
|
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
except those specifically marked as such with |
except those specifically marked as such with |
.Xr paxctl 8 . |
.Xr paxctl 8 . |
|
.It Li security.pax.mprotect.ptrace |
|
This variable allows |
|
.Xr ptrace 2 |
|
to override PaX MPROTECT permissions. |
|
It can have the following values: |
|
.Bl -tag -width XX -compact |
|
.It 0 |
|
Does not let override any permissions. |
|
.It 1 |
|
Disables PaX MPROTECT from processes that start executing while traced (default). |
|
.It 2 |
|
Bypasses PaX MPROTECT for all processes being traced. |
|
.El |
.It Li security.pax.segvguard.enabled |
.It Li security.pax.segvguard.enabled |
Enable PaX Segvguard. |
Enable PaX Segvguard. |
.Pp |
.Pp |
|
|
toplevel name is reserved to be used by vendors who wish to |
toplevel name is reserved to be used by vendors who wish to |
have their own private MIB tree. |
have their own private MIB tree. |
Intended use is to store values under |
Intended use is to store values under |
.Dq vendor.\*[Lt]yourname\*[Gt].* . |
.Dq vendor.<yourname>.* . |
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr sysctl 3 , |
.Xr sysctl 3 , |
.Xr ipsec 4 , |
.Xr ipsec 4 , |