| version 1.117, 2017/07/30 16:07:06 |
version 1.135, 2018/11/04 16:30:28 |
|
|
| .\" |
.\" |
| .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
| .\" |
.\" |
| .Dd July 30, 2017 |
.Dd November 3, 2018 |
| .Dt SYSCTL 7 |
.Dt SYSCTL 7 |
| .Os |
.Os |
| .Sh NAME |
.Sh NAME |
| Line 278 privilege may change the value. |
|
| Line 278 privilege may change the value. |
|
| .It kern.arandom integer no |
.It kern.arandom integer no |
| .It kern.argmax integer no |
.It kern.argmax integer no |
| .It kern.boothowto integer no |
.It kern.boothowto integer no |
| .It kern.boottime struct timeval no |
.It kern.boottime struct timespec no |
| .It kern.buildinfo string no |
.It kern.buildinfo string no |
| .\".It kern.bufq node not applicable |
.\".It kern.bufq node not applicable |
| .It kern.ccpu integer no |
.It kern.ccpu integer no |
| Line 293 privilege may change the value. |
|
| Line 293 privilege may change the value. |
|
| .It kern.domainname string yes |
.It kern.domainname string yes |
| .It kern.drivers struct kinfo_drivers no |
.It kern.drivers struct kinfo_drivers no |
| .It kern.dump_on_panic integer yes |
.It kern.dump_on_panic integer yes |
| |
.It kern.expose_address integer yes |
| .It kern.file struct file no |
.It kern.file struct file no |
| .It kern.forkfsleep integer yes |
.It kern.forkfsleep integer yes |
| .It kern.fscale integer no |
.It kern.fscale integer no |
| Line 358 privilege may change the value. |
|
| Line 359 privilege may change the value. |
|
| .It kern.sched node not applicable |
.It kern.sched node not applicable |
| .It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
| .It kern.somaxkva integer yes |
.It kern.somaxkva integer yes |
| |
.It kern.sooptions integer yes |
| .It kern.synchronized_io integer no |
.It kern.synchronized_io integer no |
| .It kern.timecounter node not applicable |
.It kern.timecounter node not applicable |
| .It kern.timex struct no |
.It kern.timex struct no |
| Line 372 privilege may change the value. |
|
| Line 374 privilege may change the value. |
|
| .El |
.El |
| .Bl -tag -width "123456" |
.Bl -tag -width "123456" |
| .It Li kern.aio_listio_max |
.It Li kern.aio_listio_max |
| The maximum number of asynchronous |
The maximum number of asynchronous I/O operations in a single list |
| .Tn I/O |
I/O call. |
| operations in a single list I/O call. |
|
| Like with all variables related to |
Like with all variables related to |
| .Xr aio 3 , |
.Xr aio 3 , |
| the variable may be created and removed dynamically |
the variable may be created and removed dynamically |
| Line 384 The maximum number of asynchronous I/O o |
|
| Line 385 The maximum number of asynchronous I/O o |
|
| .It Li kern.arandom |
.It Li kern.arandom |
| This variable picks a random number each time it is queried. |
This variable picks a random number each time it is queried. |
| The used random number generator |
The used random number generator |
| .Pf ( Tn RNG ) |
.Pf ( RNG ) |
| is based on |
is based on |
| .Xr arc4random 3 . |
.Xr arc4random 3 . |
| .It Li kern.argmax ( Dv KERN_ARGMAX ) |
.It Li kern.argmax ( Dv KERN_ARGMAX ) |
| Line 396 Flags passed from the boot loader; see |
|
| Line 397 Flags passed from the boot loader; see |
|
| for the meanings of the flags. |
for the meanings of the flags. |
| .It Li kern.boottime ( Dv KERN_BOOTTIME ) |
.It Li kern.boottime ( Dv KERN_BOOTTIME ) |
| A |
A |
| .Vt struct timeval |
.Vt struct timespec |
| structure is returned. |
structure is returned. |
| This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
| |
That time is defined (for this purpose) to be the time at |
| |
which the kernel first started accumulating clock ticks. |
| .It Li kern.bufq |
.It Li kern.bufq |
| This variable contains information on the |
This variable contains information on the |
| .Xr bufq 9 |
.Xr bufq 9 |
| Line 514 field is always a NUL terminated string. |
|
| Line 517 field is always a NUL terminated string. |
|
| The |
The |
| .Va d_bmajor |
.Va d_bmajor |
| field will be set to \-1 if the driver doesn't have a block device. |
field will be set to \-1 if the driver doesn't have a block device. |
| |
.It Li kern.expose_address |
| |
Expose kernel addresses in |
| |
.Xr sysctl 3 |
| |
calls used by |
| |
.Xr fstat 1 |
| |
and |
| |
.Xr sockstat 1 . |
| |
Defaults to |
| |
.Dv 0 . |
| |
Turning it on renders KASLR ineffective. |
| .It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) |
.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) |
| Perform a crash dump on system |
Perform a crash dump on system |
| .Xr panic 9 . |
.Xr panic 9 . |
| Line 787 The third level names for the settings a |
|
| Line 800 The third level names for the settings a |
|
| .It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.module.autoload integer yes |
.It kern.module.autoload integer yes |
| .It kern.module.autotime integer yes |
.It kern.module.autotime integer yes |
| .It kern.module.verbose integer yes |
.It kern.module.verbose boolean yes |
| .El |
.El |
| .Pp |
.Pp |
| The variables are as follows: |
The variables are as follows: |
| Line 811 Returns the standard version the impleme |
|
| Line 824 Returns the standard version the impleme |
|
| Monotonic Clock Option conforms to, |
Monotonic Clock Option conforms to, |
| otherwise\ 0. |
otherwise\ 0. |
| .It Li kern.mqueue |
.It Li kern.mqueue |
| Settings related to |
Settings related to POSIX message queues; see |
| .Tn POSIX |
|
| message queues; see |
|
| .Xr mqueue 3 . |
.Xr mqueue 3 . |
| This node is created dynamically when |
This node is created dynamically when |
| the corresponding kernel module is loaded. |
the corresponding kernel module is loaded. |
| Line 1052 Return the offset of real time clock fro |
|
| Line 1063 Return the offset of real time clock fro |
|
| .It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) |
.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) |
| Returns 1 if saved set-group and saved set-user ID is available. |
Returns 1 if saved set-group and saved set-user ID is available. |
| .It Li kern.sbmax ( Dv KERN_SBMAX ) |
.It Li kern.sbmax ( Dv KERN_SBMAX ) |
| Maximum socket buffer size. |
Maximum socket buffer size in bytes. |
| .\" XXX units? |
|
| .It Li kern.securelevel ( Dv KERN_SECURELVL ) |
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
| See |
See |
| .Xr secmodel_securelevel 9 . |
.Xr secmodel_securelevel 9 . |
|
|
| .Xr sched 3 . |
.Xr sched 3 . |
| .El |
.El |
| .It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
| Maximum amount of kernel memory to be used for socket buffers. |
Maximum amount of kernel memory to be used for socket buffers in bytes. |
| .\" XXX units? |
.It Li kern.sooptions |
| |
Set the default socket option flags for |
| |
.Xr socket 2 |
| |
creation. |
| |
See |
| |
.Xr setsockopt 2 |
| |
for a list of supported flags. |
| .It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) |
.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) |
| Returns 1 if the |
Returns 1 if the |
| .St -p1003.1b-93 |
.St -p1003.1b-93 |
| Line 1495 This cannot be set to less than 1024 or |
|
| Line 1511 This cannot be set to less than 1024 or |
|
| .It Li ip.checkinterface |
.It Li ip.checkinterface |
| If set to non-zero, the host will reject packets addressed to it |
If set to non-zero, the host will reject packets addressed to it |
| that arrive on an interface not bound to that address. |
that arrive on an interface not bound to that address. |
| Currently, this must be disabled if ipnat is used to translate the |
Currently, this must be disabled if NAT is used to translate the |
| destination address to another local interface, or if addresses |
destination address to another local interface, or if addresses |
| are added to the loopback interface instead of the interface where |
are added to the loopback interface instead of the interface where |
| the packets for those packets are received. |
the packets for those packets are received. |
| Line 2017 Default UDP receive buffer size. |
|
| Line 2033 Default UDP receive buffer size. |
|
| Default UDP send buffer size. |
Default UDP send buffer size. |
| .El |
.El |
| .Pp |
.Pp |
| We reuse net.*.tcp for |
We reuse net.*.tcp for TCP over IPv6, |
| .Tn TCP |
|
| over |
|
| .Tn IPv6 , |
|
| and therefore we do not have variables net.*.tcp6. |
and therefore we do not have variables net.*.tcp6. |
| Variables net.inet6.udp6 have identical meaning to net.inet.udp. |
Variables net.inet6.udp6 have identical meaning to net.inet.udp. |
| Please refer to |
Please refer to |
| Line 2047 The currently defined variable and names |
|
| Line 2060 The currently defined variable and names |
|
| .It esp_auth integer yes |
.It esp_auth integer yes |
| .It ah_keymin integer yes |
.It ah_keymin integer yes |
| .El |
.El |
| .Pp |
|
| The variables are as follows: |
The variables are as follows: |
| .Bl -tag -width "123456" |
.Bl -tag -width "123456" |
| .It Li debug |
.It Li debug |
| Turn on debugging message from within the kernel. |
Turn on debugging message from within the kernel. |
| The value is a bitmap, as defined in |
The value is a bitmap, as defined in |
| .In netkey/key_debug.h . |
.In netipsec/key_debug.h . |
| .It Li enabled |
.It Li enabled |
| Control processing of IPsec control messages. |
Control processing of IPsec control messages. |
| .Bl -tag -width indent |
.Bl -tag -width indent |
| Line 2065 Allow IPsec processing when SPD policies |
|
| Line 2077 Allow IPsec processing when SPD policies |
|
| Force IPsec processing even when SPD policies are not present. |
Force IPsec processing even when SPD policies are not present. |
| .El |
.El |
| .It Li used |
.It Li used |
| Based on if IPsec is enabled, and SPD rule existance, show if |
Based on if IPsec is enabled, and SPD rule existence, show if |
| IPsec is being used. |
IPsec is being used. |
| Note that currently once IPsec is being used, it cannot be disabled. |
Note that currently once IPsec is being used, it cannot be disabled. |
| .It Li spi_try |
.It Li spi_try |
| Line 2097 Minimum AH key length, in bits, |
|
| Line 2109 Minimum AH key length, in bits, |
|
| The value is used when the kernel creates proposal payload |
The value is used when the kernel creates proposal payload |
| on ACQUIRE PF_KEY message. |
on ACQUIRE PF_KEY message. |
| .El |
.El |
| |
.It Li net.local ( Dv PF_LOCAL ) |
| |
Get or set various global information about |
| |
.Dv AF_LOCAL |
| |
type sockets. |
| |
For some variables, the third level name is the variable name: |
| |
.Bl -column "Variable" "integer" "Changeable" -offset indent |
| |
.It Sy Variable Type Ta Sy Changeable |
| |
.It inflight integer no |
| |
.It deferred integer no |
| |
.El |
| |
The variables are as follows: |
| |
.Bl -tag -width "123456" |
| |
.It Li inflight |
| |
The number of file descriptors currently passed between processes, |
| |
.Qq in flight . |
| |
.It Li deferred |
| |
The number of file descriptors passed between processes that have been |
| |
deferred for cleanup by a kernel task. |
| |
.El |
| |
.Pp |
| |
Other variables are specific to a socket type: |
| |
.Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent |
| |
.It Sy "Socket Type" Sy Variable Type Ta Sy Changeable |
| |
.It dgram pcblist struct no |
| |
.It dgram recvspace integer yes |
| |
.It dgram sendspace integer yes |
| |
.It seqpacket pcblist struct no |
| |
.It stream pcblist struct no |
| |
.It stream recvspace integer yes |
| |
.It stream sendspace integer yes |
| |
.El |
| |
The variables are as follows: |
| |
.Bl -tag -width "123456" |
| |
.It Li dgram.pcblist |
| |
The Protocol Control Block list structure for datagram sockets. |
| |
Parsed by |
| |
.Xr netstat 1 |
| |
or |
| |
.Xr sockstat 1 . |
| |
.It Li dgram.recvspace |
| |
The default datagram receive buffer size. |
| |
.It Li dgram.sendspace |
| |
The default datagram send buffer size. |
| |
.It Li seqpacket.pcblist |
| |
The Protocol Control Block list structure for Sequential Packet sockets. |
| |
Parsed by |
| |
.Xr netstat 1 |
| |
or |
| |
.Xr sockstat 1 . |
| |
.It Li stream.pcblist |
| |
The Protocol Control Block list structure for stream sockets. |
| |
Parsed by |
| |
.Xr netstat 1 |
| |
or |
| |
.Xr sockstat 1 . |
| |
.It Li stream.recvspace |
| |
The default stream receive buffer size. |
| |
.It Li stream.sendspace |
| |
The default stream send buffer size. |
| |
.El |
| .El |
.El |
| .Ss The proc.* subtree |
.Ss The proc.* subtree |
| The string and integer information available for the |
The string and integer information available for the |
| Line 2453 The information available for the |
|
| Line 2525 The information available for the |
|
| level is detailed below. |
level is detailed below. |
| The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
| privilege may change the value. |
privilege may change the value. |
| .\" XXX sort |
|
| .Bl -column "Second level name" "integer" "Changeable" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
| .It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
| .It ddb.radix integer yes |
.It ddb.commandonenter string yes |
| |
.It ddb.dumpstack integer yes |
| |
.It ddb.fromconsole integer yes |
| |
.It ddb.lines integer yes |
| .It ddb.maxoff integer yes |
.It ddb.maxoff integer yes |
| .It ddb.maxwidth integer yes |
.It ddb.maxwidth integer yes |
| .It ddb.lines integer yes |
|
| .It ddb.tabstops integer yes |
|
| .It ddb.onpanic integer yes |
.It ddb.onpanic integer yes |
| .It ddb.fromconsole integer yes |
.It ddb.panicstackframes integer yes |
| |
.It ddb.radix integer yes |
| |
.It ddb.tabstops integer yes |
| .It ddb.tee_msgbuf integer yes |
.It ddb.tee_msgbuf integer yes |
| .It ddb.commandonenter string yes |
|
| .El |
.El |
| .Bl -tag -width "123456" |
.Bl -tag -width "123456" |
| .It Li ddb.radix ( Dv DDBCTL_RADIX ) |
.It Li ddb.commandonenter |
| The input and output radix. |
If not empty, the string is used as the DDB command to be executed each time |
| |
DDB is entered. |
| |
.It Li ddb.dumpstack |
| |
A value of 1 causes a stack trace to be printed on entering ddb from a panic. |
| |
A value of 0 disables this behaviour. |
| |
The default value is 1. |
| |
.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) |
| |
If not zero, DDB may be entered by sending a break on a serial |
| |
console or by a special key sequence on a graphics console. |
| |
.It Li ddb.lines ( Dv DDBCTL_LINES ) |
| |
Number of display lines. |
| .It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) |
.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) |
| The maximum symbol offset. |
The maximum symbol offset. |
| .It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) |
.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) |
| The maximum output line width. |
The maximum output line width. |
| .It Li ddb.lines ( Dv DDBCTL_LINES ) |
|
| Number of display lines. |
|
| .It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) |
|
| Tab width. |
|
| .It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) |
.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) |
| If greater than zero, DDB will be entered if the kernel panics. |
If greater than zero, DDB will be entered if the kernel panics. |
| A value of 1 causes the system to enter DDB on panic, while a value of 2 |
A value of 1 causes the system to enter DDB on panic. |
| causes the kernel to attempt to print out a stack trace before entering DDB. |
|
| A value of 0 causes the kernel to attempt to print a stack trace, then |
A value of 0 causes the kernel to attempt to print a stack trace, then |
| reboot, while a value of \-1 means neither a stack trace will be printed |
reboot, while a value of \-1 means neither a stack trace will be printed |
| nor DDB entered. |
nor DDB entered. |
| .It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) |
.It Li ddb.panicstackframes |
| If not zero, DDB may be entered by sending a break on a serial |
Number of stack frames to display on panic. |
| console or by a special key sequence on a graphics console. |
Useful to avoid scrolling away the interesting frames on a glass tty. |
| |
Default value is |
| |
.Dv 65535 |
| |
(all frames), useful value around |
| |
.Dv 10 . |
| |
.It Li ddb.radix ( Dv DDBCTL_RADIX ) |
| |
The input and output radix. |
| |
.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) |
| |
Tab width. |
| .It Li ddb.tee_msgbuf |
.It Li ddb.tee_msgbuf |
| If not zero, DDB will output also to the kernel message buffer. |
If not zero, DDB will output also to the kernel message buffer. |
| .It Li ddb.commandonenter |
|
| If not empty, a command to be executed on each enter to the |
|
| .Tn DDB . |
|
| .\" |
|
| .\" XXX: (a) ddb.commandonenter is missing in ddb(4); |
|
| .\" (b) No DDBCTL definitions for tee_msgbuf and commandonenter. |
|
| .El |
.El |
| .Pp |
.Pp |
| Some of these |
Some of these MIB |
| .Tn MIB |
|
| nodes are also available as variables from within the debugger. |
nodes are also available as variables from within the debugger. |
| See |
See |
| .Xr ddb 4 |
.Xr ddb 4 |
| Line 2519 The available second level names are: |
|
| Line 2598 The available second level names are: |
|
| Available settings are detailed below. |
Available settings are detailed below. |
| .Bl -tag -width "123456" |
.Bl -tag -width "123456" |
| .It Li security.curtain |
.It Li security.curtain |
| If non-zero, will filter return objects according to the user |
If non-zero, will filter return objects according to the user ID |
| .Tn ID |
|
| requesting information about them, preventing users from |
requesting information about them, preventing users from |
| accessing any objects they do not own. |
accessing any objects they do not own. |
| .Pp |
.Pp |
|
|
| .Xr secmodel 9 |
.Xr secmodel 9 |
| for more information. |
for more information. |
| .It Li security.pax |
.It Li security.pax |
| Settings for PaX -- exploit mitigation features. |
Settings for PaX \(em exploit mitigation features. |
| For more information on any of the PaX features, please see |
For more information on any of the PaX features, please see |
| .Xr paxctl 8 |
.Xr paxctl 8 |
| and |
and |
![[BACK]](/icons/back.gif){kind=icon}
Return to sysctl.7 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / share / man / man7