[BACK]Return to sysctl.7 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / share / man / man7

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/share/man/man7/sysctl.7 between version 1.15 and 1.52

version 1.15, 2008/09/21 11:13:14 version 1.52, 2010/12/11 19:55:53
Line 29 
Line 29 
 .\"  .\"
 .\"     @(#)sysctl.3    8.4 (Berkeley) 5/9/95  .\"     @(#)sysctl.3    8.4 (Berkeley) 5/9/95
 .\"  .\"
 .Dd September 21, 2008  .Dd December 11, 2010
 .Dt SYSCTL 7  .Dt SYSCTL 7
 .Os  .Os
 .Sh NAME  .Sh NAME
Line 68  sysctl variable relative to the upper le
Line 68  sysctl variable relative to the upper le
 See the  See the
 .Xr sysctl 3  .Xr sysctl 3
 manual page for programming examples.  manual page for programming examples.
 .Sh Top level names  .Ss Top level names
 The top level names are defined with a CTL_ prefix in  The top level names are defined with a CTL_ prefix in
 .Aq Pa sys/sysctl.h ,  .In sys/sysctl.h ,
 and are as follows.  and are as follows.
 The next and subsequent levels down are found in the include files  The next and subsequent levels down are found in the include files
 listed here, and described in separate sections below.  listed here, and described in separate sections below.
 .Bl -column securityXX CTLXSECURITYXX "Next level namesXX"  .Bl -column security CTL_SECURITY "Next level names" "High kernel limits"
 .It Sy Name     Constant        Next level names        Description  .It Sy Name     Constant        Next level names        Description
 .It kern        CTL\_KERN       sys/sysctl.h    High kernel limits  .It kern        CTL_KERN        sys/sysctl.h    High kernel limits
 .It vm  CTL\_VM uvm/uvm_param.h Virtual memory  .It vm  CTL_VM  uvm/uvm_param.h Virtual memory
 .It vfs CTL\_VFS        sys/mount.h     Filesystem  .It vfs CTL_VFS sys/mount.h     Filesystem
 .It net CTL\_NET        sys/socket.h    Networking  .It net CTL_NET sys/socket.h    Networking
 .It debug       CTL\_DEBUG      sys/sysctl.h    Debugging  .It debug       CTL_DEBUG       sys/sysctl.h    Debugging
 .It hw  CTL\_HW sys/sysctl.h    Generic CPU, I/O  .It hw  CTL_HW  sys/sysctl.h    Generic CPU, I/O
 .It machdep     CTL\_MACHDEP    sys/sysctl.h    Machine dependent  .It machdep     CTL_MACHDEP     sys/sysctl.h    Machine dependent
 .It user        CTL\_USER       sys/sysctl.h    User-level  .It user        CTL_USER        sys/sysctl.h    User-level
 .It ddb CTL\_DDB        sys/sysctl.h    In-kernel debugger  .It ddb CTL_DDB sys/sysctl.h    In-kernel debugger
 .It proc        CTL\_PROC       sys/sysctl.h    Per-process  .It proc        CTL_PROC        sys/sysctl.h    Per-process
 .It vendor      CTL\_VENDOR     ?       Vendor specific  .It vendor      CTL_VENDOR      ?       Vendor specific
 .It emul        CTL\_EMUL       sys/sysctl.h    Emulation settings  .It emul        CTL_EMUL        sys/sysctl.h    Emulation settings
 .It security    CTL\_SECURITY   sys/sysctl.h    Security settings  .It security    CTL_SECURITY    sys/sysctl.h    Security settings
 .El  .El
 .Sh The debug.* subtree  .Ss The debug.* subtree
 The debugging variables vary from system to system.  The debugging variables vary from system to system.
 A debugging variable may be added or deleted without need to recompile  A debugging variable may be added or deleted without need to recompile
 .Nm  .Nm
Line 112  if a variable is initialized in more tha
Line 112  if a variable is initialized in more tha
 For example, to export the variable  For example, to export the variable
 .Dv dospecialcheck  .Dv dospecialcheck
 as a debugging variable, the following declaration would be used:  as a debugging variable, the following declaration would be used:
   .Pp
 .Bd -literal -offset indent -compact  .Bd -literal -offset indent -compact
 int dospecialcheck = 1;  int dospecialcheck = 1;
 struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck };  struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck };
Line 127  See
Line 128  See
 .\" and  .\" and
 .\" .Xr sysctl 9  .\" .Xr sysctl 9
 for more information.  for more information.
 .Sh The vfs.* subtree  .Ss The vfs.* subtree
 A distinguished second level name,  A distinguished second level name,
 .Li vfs.generic ( VFS_GENERIC ) ,  .Li vfs.generic ( VFS_GENERIC ) ,
 is used to get general information about all filesystems.  is used to get general information about all filesystems.
 One of its third level identifiers is  It has the following third level identifiers:
 .Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM )  .Bl -tag -width compact
 that gives the highest valid filesystem type number.  .It vfs.generic.maxtypenum ( VFS_MAXTYPENUM )
 Its other third level identifier is  The highest valid filesystem type number.
 .Li vfs.generic.conf ( VFS_CONF )  .It vfs.generic.conf ( VFS_CONF )
 that returns configuration information about the filesystem  Returns configuration information about the file-system type given as a fourth
 type given as a fourth level identifier.  level identifier.
 The remaining second level identifiers are the  .El
 filesystem type number returned by a  .Pp
   The remaining second level identifiers are the file-system names, identified
   by the type number returned by a
 .Xr statvfs 2  .Xr statvfs 2
 call or from  call or from
 .Li vfs.generic.conf .  .Li vfs.generic.conf .
 The third level identifiers available for each filesystem  The third level identifiers available for each filesystem
 are given in the header file that defines the mount  are given in the header file that defines the mount
 argument structure for that filesystem.  argument structure for that filesystem.
 .Sh The hw.* subtree  .Ss The hw.* subtree
 The string and integer information available for the  The string and integer information available for the
 .Li hw  .Li hw
 level is detailed below.  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent  .Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
 .It hw.acpi.supported_states    string  no  
 .It hw.alignbytes       integer no  .It hw.alignbytes       integer no
 .It hw.byteorder        integer no  .It hw.byteorder        integer no
 .It hw.cnmagic  string  yes  .It hw.cnmagic  string  yes
Line 172  privilege may change the value.
Line 174  privilege may change the value.
 .El  .El
 .Pp  .Pp
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li hw.acpi.support_states  
 List of possible  
 .Tn ACPI  
 sleep states.  
 The list can contain the following values:  
 .Bl -tag -width XS1X  
 .It S0  
 fully running  
 .It S1  
 power on suspend (CPU and hard disks are off)  
 .It S2  
 similar to S3, usually not implemented  
 .It S3  
 suspend-to-RAM  
 .It S4  
 suspend-to-disk (needs BIOS support)  
 .It S5  
 power off  
 .El  
 .It Li hw.alignbytes ( HW_ALIGNBYTES )  .It Li hw.alignbytes ( HW_ALIGNBYTES )
 Alignment constraint for all possible data types.  Alignment constraint for all possible data types.
 This shows the value  This shows the value
Line 235  The machine CPU class.
Line 218  The machine CPU class.
 The machine model.  The machine model.
 .It Li hw.ncpu ( HW_NCPU )  .It Li hw.ncpu ( HW_NCPU )
 The number of CPUs.  The number of CPUs.
 .ne 1i  
 .It Li hw.pagesize ( HW_PAGESIZE )  .It Li hw.pagesize ( HW_PAGESIZE )
 The software page size.  The software page size.
 .It Li hw.physmem ( HW_PHYSMEM )  .It Li hw.physmem ( HW_PHYSMEM )
Line 247  The bytes of non-kernel memory as a 32-b
Line 229  The bytes of non-kernel memory as a 32-b
 .It Li hw.usermem64 ( HW_USERMEM64 )  .It Li hw.usermem64 ( HW_USERMEM64 )
 The bytes of non-kernel memory as a 64-bit integer.  The bytes of non-kernel memory as a 64-bit integer.
 .El  .El
 .Sh The kern.* subtree  .Ss The kern.* subtree
   This subtree includes data generally related to the kernel.
 The string and integer information available for the  The string and integer information available for the
 .Li kern  .Li kern
 level is detailed below.  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 The types of data currently available are process information,  .Bl -column "kern.posix_reader_writer_locks" \
 system vnodes, the open file entries, routing table entries,  "struct kinfo_drivers" "not applicable"
 virtual memory statistics, load average history, and clock rate  
 information.  
 .Bl -column "kern.posix_reader_writer_locks" "struct clockrateXXX" -offset indent  
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
   .It kern.aio_listio_max integer yes
   .It kern.aio_max        integer yes
   .It kern.arandom        integer no
 .It kern.argmax integer no  .It kern.argmax integer no
 .It kern.autonicetime   integer yes  .It kern.boothowto      integer no
 .It kern.autoniceval    integer yes  
 .It kern.boottime       struct timeval  no  .It kern.boottime       struct timeval  no
 .It kern.bufq   node    not applicable  .\".It kern.bufq        node    not applicable
 .It kern.ccpu   integer no  .It kern.ccpu   integer no
 .It kern.clockrate      struct clockinfo        no  .It kern.clockrate      struct clockinfo        no
 .It kern.consdev        integer no  .It kern.consdev        integer no
 .It kern.cp\_id struct  no  .It kern.coredump       node    not applicable
 .It kern.cp\_time       uint64_t[\|]    no  .It kern.cp_id  struct  no
   .It kern.cp_time        uint64_t[\|]    no
   .It kern.cryptodevallowsoft     integer yes
 .It kern.defcorename    string  yes  .It kern.defcorename    string  yes
   .It kern.detachall      integer yes
 .It kern.domainname     string  yes  .It kern.domainname     string  yes
 .It kern.drivers        struct kinfo_drivers    no  .It kern.drivers        struct kinfo_drivers    no
   .It kern.dump_on_panic  integer yes
 .It kern.file   struct file     no  .It kern.file   struct file     no
 .It kern.forkfsleep     integer yes  .It kern.forkfsleep     integer yes
 .It kern.fscale integer no  .It kern.fscale integer no
 .It kern.fsync  integer no  .It kern.fsync  integer no
 .It kern.hardclock\_ticks       integer no  .It kern.hardclock_ticks        integer no
 .It kern.hostid integer yes  .It kern.hostid integer yes
 .It kern.hostname       string  yes  .It kern.hostname       string  yes
 .It kern.iov\_max       integer no  .It kern.iov_max        integer no
 .It kern.job\_control   integer no  .It kern.ipc    node    not applicable
   .It kern.job_control    integer no
 .It kern.labeloffset    integer no  .It kern.labeloffset    integer no
 .It kern.labelsector    integer no  .It kern.labelsector    integer no
 .It kern.login\_name\_max       integer no  .It kern.login_name_max integer no
 .It kern.logsigexit     integer yes  .It kern.logsigexit     integer yes
 .It kern.mapped\_files  integer no  .It kern.mapped_files   integer no
 .It kern.maxfiles       integer yes  .It kern.maxfiles       integer yes
 .It kern.maxpartitions  integer no  .It kern.maxpartitions  integer no
 .It kern.maxphys        integer no  .It kern.maxphys        integer no
Line 294  information.
Line 281  information.
 .It kern.maxvnodes      integer yes  .It kern.maxvnodes      integer yes
 .It kern.mbuf   node    not applicable  .It kern.mbuf   node    not applicable
 .It kern.memlock        integer no  .It kern.memlock        integer no
 .It kern.memlock\_range integer no  .It kern.memlock_range  integer no
 .It kern.memory\_protection     integer no  .It kern.memory_protection      integer no
 .It kern.monotonic\_clock       integer no  .It kern.module node    not applicable
   .It kern.monotonic_clock        integer no
   .It kern.mqueue node    not applicable
 .It kern.msgbuf integer no  .It kern.msgbuf integer no
 .It kern.msgbufsize     integer no  .It kern.msgbufsize     integer no
 .It kern.ngroups        integer no  .It kern.ngroups        integer no
   .\".It kern.no_sa_support       integer yes
 .It kern.ntptime        struct ntptimeval       no  .It kern.ntptime        struct ntptimeval       no
 .It kern.osrelease      string  no  .It kern.osrelease      string  no
 .It kern.osrev  integer no  .It kern.osrevision     integer no
 .It kern.ostype string  no  .It kern.ostype string  no
   .\".It kern.panic_now   integer yes
 .It kern.pipe   node    not applicable  .It kern.pipe   node    not applicable
 .It kern.posix1 integer no  .\" .It kern.posix      node    not applicable
 .It kern.posix\_barriers        integer no  .It kern.posix1version  integer no
 .It kern.posix\_reader\_writer\_locks   integer no  .It kern.posix_aio      integer no
 .It kern.posix\_semaphores      integer no  .It kern.posix_barriers integer no
 .It kern.posix\_spin\_locks     integer no  .It kern.posix_reader_writer_locks      integer no
 .It kern.posix\_threads integer no  .\".It kern.posix_sched integer yes
 .It kern.posix\_timers  integer no  .It kern.posix_semaphores       integer no
   .It kern.posix_spin_locks       integer no
   .It kern.posix_threads  integer no
   .It kern.posix_timers   integer no
 .It kern.proc   struct kinfo_proc       no  .It kern.proc   struct kinfo_proc       no
 .It kern.proc2  struct kinfo_proc2      no  .It kern.proc2  struct kinfo_proc2      no
 .It kern.proc\_args     string  no  .It kern.proc_args      string  no
 .It kern.prof   node    not applicable  .It kern.profiling      node    not applicable
   .\".It kern.pset        node    not applicable
 .It kern.rawpartition   integer no  .It kern.rawpartition   integer no
 .It kern.root\_device   string  no  .It kern.root_device    string  no
 .It kern.root\_partition        integer no  .It kern.root_partition integer no
 .It kern.rtc\_offset    integer yes  .It kern.rtc_offset     integer yes
 .It kern.saved\_ids     integer no  .It kern.saved_ids      integer no
   .It kern.sbmax  integer yes
   .\".It kern.sched       node    not applicable
 .It kern.securelevel    integer raise only  .It kern.securelevel    integer raise only
 .It kern.synchronized\_io       integer no  .It kern.somaxkva       integer yes
 .It kern.ipc    node    not applicable  .It kern.synchronized_io        integer no
   .It kern.timecounter    node    not applicable
 .It kern.timex  struct  no  .It kern.timex  struct  no
 .It kern.tkstat node    not applicable  .It kern.tkstat node    not applicable
 .It kern.urandom        integer no  .It kern.urandom        integer no
   .It kern.usercrypto     integer yes
   .It kern.userasymcrypto integer yes
   .It kern.veriexec       node    not applicable
 .It kern.version        string  no  .It kern.version        string  no
 .It kern.vnode  struct vnode    no  .It kern.vnode  struct vnode    no
 .El  .El
 .ne 1i  
 .Pp  
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
   .It Li kern.aio_listio_max
   The maximum number of asynchronous
   .Tn I/O
   operations in a single list I/O call.
   Like with all variables related to
   .Xr aio 3 ,
   the variable may be created and removed dynamically
   upon loading or unloading the corresponding kernel module.
   .It Li kern.aio_max
   The maximum number of asynchronous I/O operations.
   .It Li kern.arandom
   This variable picks a random number each time it is queried.
   The used random number generator
   .Pq Tn RNG
   is based on
   .Xr arc4random 3 .
 .It Li kern.argmax ( KERN_ARGMAX )  .It Li kern.argmax ( KERN_ARGMAX )
 The maximum bytes of argument to  The maximum bytes of argument to
 .Xr execve 2 .  .Xr execve 2 .
 .It Li kern.autonicetime ( KERN_AUTONICETIME )  .It Li kern.boothowto
 The number of seconds of CPU-time a non-root process may accumulate before  Flags passed from the boot loader; see
 having its priority lowered from the default to the value of KERN_AUTONICEVAL.  .Xr reboot 2
 If set to 0, automatic lowering of priority is not performed, and if set to \-1  for the meanings of the flags.
 all non-root processes are immediately lowered.  
 .It Li kern.autoniceval ( KERN_AUTONICEVAL )  
 The priority assigned for automatically niced processes.  
 .It Li kern.boottime ( KERN_BOOTTIME )  .It Li kern.boottime ( KERN_BOOTTIME )
 A  A
 .Va struct timeval  .Va struct timeval
 structure is returned.  structure is returned.
 This structure contains the time that the system was booted.  This structure contains the time that the system was booted.
   .\" .It Li kern.bufq
   .\" XXX: Undocumented.
 .It Li kern.ccpu ( KERN_CCPU )  .It Li kern.ccpu ( KERN_CCPU )
 The scheduler exponential decay value.  The scheduler exponential decay value.
 .It Li kern.clockrate ( KERN_CLOCKRATE )  .It Li kern.clockrate ( KERN_CLOCKRATE )
Line 357  structure is returned.
Line 371  structure is returned.
 This structure contains the clock, statistics clock and profiling clock  This structure contains the clock, statistics clock and profiling clock
 frequencies, the number of micro-seconds per hz tick, and the clock  frequencies, the number of micro-seconds per hz tick, and the clock
 skew rate.  skew rate.
   Refer to
   .Xr hz 9
   for additional details.
 .It Li kern.consdev ( KERN_CONSDEV )  .It Li kern.consdev ( KERN_CONSDEV )
 Console device.  Console device.
   .It Li kern.coredump
   Settings related to set-id processes coredumps.
   By default, set-id processes do not dump core in situations where
   other processes would.
   The settings in this node allows an administrator to change this
   behavior.
   .Pp
   The third level name is
   .Dv kern.coredump.setid
   and fourth level variables are described below.
   .Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent
   .It Sy Fourth level name        Type    Changeable
   .It kern.coredump.setid.dump    integer yes
   .It kern.coredump.setid.group   integer yes
   .It kern.coredump.setid.mode    integer yes
   .It kern.coredump.setid.owner   integer yes
   .It kern.coredump.setid.path    string  yes
   .El
   .Bl -tag -width "123456"
   .It Li kern.coredump.setid.dump
   If non-zero, set-id processes will dump core.
   .It Li kern.coredump.setid.group
   The group-id for the set-id processes' coredump.
   .It Li kern.coredump.setid.mode
   The mode for the set-id processes' coredump.
   See
   .Xr chmod 1 .
   .It Li kern.coredump.setid.owner
   The user-id that will be used as the owner of the set-id processes'
   coredump.
   .It Li kern.coredump.setid.path
   The path to which set-id processes' coredumps will be saved to.
   Same syntax as kern.defcorename.
   .El
 .It Li kern.cp_id ( KERN_CP_ID )  .It Li kern.cp_id ( KERN_CP_ID )
 Mapping of CPU number to CPU id.  Mapping of CPU number to CPU id.
 .It Li kern.cp_time ( KERN_CP_TIME )  .It Li kern.cp_time ( KERN_CP_TIME )
Line 369  On multi-processor systems, the sum acro
Line 420  On multi-processor systems, the sum acro
 appropriate space is given for one data set for each CPU.  appropriate space is given for one data set for each CPU.
 Data for a specific CPU can also be obtained by adding the number of the  Data for a specific CPU can also be obtained by adding the number of the
 CPU at the end of the MIB, enlarging it by one.  CPU at the end of the MIB, enlarging it by one.
   .It Li kern.cryptodevallowsoft
   This variable controls userland access to hardware versus software transforms
   in the
   .Xr crypto 4
   system.
   The available values are as follows:
   .Bl -tag -width XX0 -offset indent
   .It Dv \*[Lt] 0
   Always force userlevel requests to use software transforms.
   .It Dv = 0
   If present, use hardware and grant userlevel requests for
   non-accelerated transforms (handling the latter in software).
   .It Dv \*[Gt] 0
   Allow user requests only for transforms which are hardware-accelerated.
   .El
 .It Li kern.defcorename ( KERN_DEFCORENAME )  .It Li kern.defcorename ( KERN_DEFCORENAME )
 Default template for the name of core dump files (see also  Default template for the name of core dump files (see also
 .Li proc.pid.corename  .Li proc.pid.corename
Line 384  and can be changed with the kernel confi
Line 450  and can be changed with the kernel confi
 (see  (see
 .Xr options 4  .Xr options 4
 ).  ).
   .It Li kern.detachall
   Detach all devices at shutdown.
 .It Li kern.domainname ( KERN_DOMAINNAME )  .It Li kern.domainname ( KERN_DOMAINNAME )
 Get or set the YP domain name.  Get or set the YP domain name.
 .It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC )  
 Perform a crash dump on system panic.  
 .It Li kern.drivers ( KERN_DRIVERS )  .It Li kern.drivers ( KERN_DRIVERS )
 Return an array of  Return an array of
 .Va struct kinfo_drivers  .Va struct kinfo_drivers
Line 399  field is always a NUL terminated string.
Line 465  field is always a NUL terminated string.
 The  The
 .Va d_bmajor  .Va d_bmajor
 field will be set to \-1 if the driver doesn't have a block device.  field will be set to \-1 if the driver doesn't have a block device.
   .It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC )
   Perform a crash dump on system
   .Xr panic 9 .
 .It Li kern.file ( KERN_FILE )  .It Li kern.file ( KERN_FILE )
 Return the entire file table.  Return the entire file table.
 The returned data consists of a single  The returned data consists of a single
Line 428  Returns the number of
Line 497  Returns the number of
 .Xr hardclock 9  .Xr hardclock 9
 ticks.  ticks.
 .It Li kern.hostid ( KERN_HOSTID )  .It Li kern.hostid ( KERN_HOSTID )
 Get or set the host id.  Get or set the host identifier.
   This is aimed to replace the legacy
   .Xr gethostid 3
   and
   .Xr sethostid 3
   system calls.
 .It Li kern.hostname ( KERN_HOSTNAME )  .It Li kern.hostname ( KERN_HOSTNAME )
 Get or set the hostname.  Get or set the
   .Xr hostname 1 .
 .It Li kern.iov_max ( KERN_IOV_MAX )  .It Li kern.iov_max ( KERN_IOV_MAX )
 Return the maximum number of  Return the maximum number of
 .Va iovec  .Va iovec
Line 442  structures that a process has available 
Line 517  structures that a process has available 
 .Xr sendmsg 2  .Xr sendmsg 2
 and  and
 .Xr writev 2 .  .Xr writev 2 .
   .It Li kern.ipc ( KERN_SYSVIPC )
   Return information about the SysV IPC parameters.
   The third level names for the ipc variables are detailed below.
   .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent
   .It Sy Third level name Type    Changeable
   .It kern.ipc.sysvmsg    integer no
   .It kern.ipc.sysvsem    integer no
   .It kern.ipc.sysvshm    integer no
   .It kern.ipc.sysvipc_info       struct  no
   .It kern.ipc.shmmax     integer yes
   .It kern.ipc.shmmni     integer yes
   .It kern.ipc.shmseg     integer yes
   .It kern.ipc.shmmaxpgs  integer yes
   .It kern.ipc.shm_use_phys       integer yes
   .It kern.ipc.msgmni     integer yes
   .It kern.ipc.msgseg     integer yes
   .It kern.ipc.semmni     integer yes
   .It kern.ipc.semmns     integer yes
   .It kern.ipc.semmnu     integer yes
   .El
   .Bl -tag -width "123456"
   .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG )
   Returns 1 if System V style message queue functionality is available
   on this system,
   otherwise 0.
   .It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM )
   Returns 1 if System V style semaphore functionality is available
   on this system,
   otherwise 0.
   .It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM )
   Returns 1 if System V style share memory functionality is available
   on this system,
   otherwise 0.
   .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO )
   Return System V style IPC configuration and run-time information.
   The fourth level name selects the System V style IPC facility.
   .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent
   .It Sy Fourth level name        Type
   .It KERN_SYSVIPC_MSG_INFO       struct msg_sysctl_info
   .It KERN_SYSVIPC_SEM_INFO       struct sem_sysctl_info
   .It KERN_SYSVIPC_SHM_INFO       struct shm_sysctl_info
   .El
   .Pp
   .Bl -tag -width "123456"
   .It Li KERN_SYSVIPC_MSG_INFO
   Return information on the System V style message facility.
   The
   .Sy msg_sysctl_info
   structure is defined in
   .In sys/msg.h .
   .It Li KERN_SYSVIPC_SEM_INFO
   Return information on the System V style semaphore facility.
   The
   .Sy sem_sysctl_info
   structure is defined in
   .In sys/sem.h .
   .It Li KERN_SYSVIPC_SHM_INFO
   Return information on the System V style shared memory facility.
   The
   .Sy shm_sysctl_info
   structure is defined in
   .In sys/shm.h .
   .El
   .It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX )
   Max shared memory segment size in bytes.
   .It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI )
   Max number of shared memory identifiers.
   .It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG )
   Max shared memory segments per process.
   .It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS )
   Max amount of shared memory in pages.
   .It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS )
   Locking of shared memory in physical memory.
   If 0, memory can be swapped
   out, otherwise it will be locked in physical memory.
   .It Li kern.ipc.msgmni
   Max number of message queue identifiers.
   .It Li kern.ipc.msgseg
   Max number of number of message segments.
   .It Li kern.ipc.semmni
   Max number of number of semaphore identifiers.
   .It Li kern.ipc.semmns
   Max number of number of semaphores in system.
   .It Li kern.ipc.semmnu
   Max number of undo structures in system.
   .El
 .It Li kern.job_control ( KERN_JOB_CONTROL )  .It Li kern.job_control ( KERN_JOB_CONTROL )
 Return 1 if job control is available on this system, otherwise 0.  Return 1 if job control is available on this system, otherwise 0.
 .It Li kern.labeloffset ( KERN_LABELOFFSET )  .It Li kern.labeloffset ( KERN_LABELOFFSET )
Line 488  structures in the networking code, see
Line 649  structures in the networking code, see
 The third level names for the mbuf variables are detailed below.  The third level names for the mbuf variables are detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "kern.mbuf.nmbclusters" "struct integerXXX" -offset indent  .Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent
 .It Sy Third level name Type    Changeable  .It Sy Third level name Type    Changeable
 .\" XXX Changeable? really?  .\" XXX Changeable? really?
 .It kern.mbuf.mblowat   integer yes  .It kern.mbuf.mblowat   integer yes
Line 525  otherwise 0.
Line 686  otherwise 0.
 Returns 1 if the POSIX 1003.1b Memory Protection Option is available  Returns 1 if the POSIX 1003.1b Memory Protection Option is available
 on this system,  on this system,
 otherwise 0.  otherwise 0.
   .It Li kern.module
   Settings related to kernel modules.
   The third level names for the settings are described below.
   .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent
   .It Sy Third level name Type    Changeable
   .It kern.module.autoload        integer yes
   .It kern.module.verbose integer yes
   .El
   .Pp
   The variables are as follows:
   .Bl -tag -width "123456"
   .It Li kern.module.autoload
   A boolean that controls whether kernel modules are loaded automatically.
   See
   .Xr module 9
   for additional details.
   .It Li kern.module.verbose
   A boolean that enables or disables verbose
   debug messages related to kernel modules.
   .El
 .It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK )  .It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK )
 Returns the standard version the implementation of the POSIX 1003.1b  Returns the standard version the implementation of the POSIX 1003.1b
 Monotonic Clock Option conforms to,  Monotonic Clock Option conforms to,
 otherwise 0.  otherwise 0.
   .It Li kern.mqueue
   Settings related to
   .Tn POSIX
   message queues; see
   .Xr mqueue 3 .
   This node is created dynamically when
   the corresponding kernel module is loaded.
   The third level names for the settings are described below.
   .Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent
   .It Sy Third level name Type    Changeable
   .It kern.mqueue.mq_open_max     integer yes
   .It kern.mqueue.mq_prio_max     integer yes
   .It kern.mqueue.mq_max_msgsize  integer yes
   .It kern.mqueue.mq_def_maxmsg   integer yes
   .It kern.mqueue.mq_max_maxmsg   integer yes
   .El
   .Pp
   The variables are:
   .Bl -tag -width "123456"
   .It Li kern.mqueue.mq_open_max
   The maximum number of message queue descriptors any single process can open.
   .It Li kern.mqueue.mq_prio_max
   The maximum priority of a message.
   .It Li kern.mqueue.mq_max_msgsize
   The maximum size of a message in a message queue.
   .It Li kern.mqueue.mq_def_maxmsg
   The default maximum message count.
   .It Li kern.mqueue.mq_max_maxmsg
   The maximum number of messages in a message queue.
   .El
 .It Li kern.msgbuf ( KERN_MSGBUF )  .It Li kern.msgbuf ( KERN_MSGBUF )
 The kernel message buffer, rotated so that the head of the circular kernel  The kernel message buffer, rotated so that the head of the circular kernel
 message buffer is at the start of the returned data.  message buffer is at the start of the returned data.
Line 537  The returned data may contain NUL bytes.
Line 748  The returned data may contain NUL bytes.
 The maximum number of characters that the kernel message buffer can hold.  The maximum number of characters that the kernel message buffer can hold.
 .It Li kern.ngroups ( KERN_NGROUPS )  .It Li kern.ngroups ( KERN_NGROUPS )
 The maximum number of supplemental groups.  The maximum number of supplemental groups.
   .\" .It Li kern.no_sa_support
   .\" XXX: Undocumented.
 .It Li kern.ntptime ( KERN_NTPTIME )  .It Li kern.ntptime ( KERN_NTPTIME )
 A  A
 .Va struct ntptimeval  .Va struct ntptimeval
Line 550  The system release string.
Line 763  The system release string.
 The system revision string.  The system revision string.
 .It Li kern.ostype ( KERN_OSTYPE )  .It Li kern.ostype ( KERN_OSTYPE )
 The system type string.  The system type string.
   .\".It Li kern.panic_now
   .\" XXX: Undocumented.
 .It Li kern.pipe ( KERN_PIPE )  .It Li kern.pipe ( KERN_PIPE )
 Pipe settings.  Pipe settings.
 The third level names for the  integer pipe settings is detailed below.  The third level names for the  integer pipe settings is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "kern.pipe.maxbigpipesXXX" "integerXXX" -offset indent  .Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent
 .It Sy Third level name Type    Changeable  .It Sy Third level name Type    Changeable
 .It kern.pipe.kvasiz    integer yes  .It kern.pipe.kvasiz    integer yes
 .It kern.pipe.maxbigpipes       integer yes  .It kern.pipe.maxbigpipes       integer yes
Line 577  Limit for direct transfers via page loan
Line 792  Limit for direct transfers via page loan
 .It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES )  .It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES )
 Number of "big" pipes.  Number of "big" pipes.
 .El  .El
   .\" XXX: Undocumented .It Li kern.posix ( ? )
   .\"      This is a node in which the only variable is semmax.
 .It Li kern.posix1version ( KERN_POSIX1 )  .It Li kern.posix1version ( KERN_POSIX1 )
 The version of ISO/IEC 9945 (POSIX 1003.1) with which the system  The version of ISO/IEC 9945 (POSIX 1003.1) with which the system
 attempts to comply.  attempts to comply.
   .It Li kern.posix_aio
   The version of
   .St -p1003.1
   and its Asynchronous I/O option to which the system attempts to conform.
 .It Li kern.posix_barriers ( KERN_POSIX_BARRIERS )  .It Li kern.posix_barriers ( KERN_POSIX_BARRIERS )
 The version of  The version of
 .St -p1003.1  .St -p1003.1
Line 594  and its
Line 815  and its
 Read-Write Locks  Read-Write Locks
 option to which the system attempts to conform,  option to which the system attempts to conform,
 otherwise 0.  otherwise 0.
   .\".It Li kern.posix_sched
   .\" XXX: Undocumented.
 .It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES )  .It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES )
 The version of  The version of
 .St -p1003.1  .St -p1003.1
Line 629  An array of
Line 852  An array of
 structures is returned,  structures is returned,
 whose size depends on the current number of such objects in the system.  whose size depends on the current number of such objects in the system.
 The third and fourth level numeric names are as follows:  The third and fourth level numeric names are as follows:
 .Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent  .Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent
 .It Sy Third level name Fourth level is:  .It Sy Third level name Fourth level is:
 .It KERN\_PROC\_ALL     None  .It KERN_PROC_ALL       None
 .It KERN\_PROC\_GID     A group ID  .It KERN_PROC_GID       A group ID
 .It KERN\_PROC\_PID     A process ID  .It KERN_PROC_PID       A process ID
 .It KERN\_PROC\_PGRP    A process group  .It KERN_PROC_PGRP      A process group
 .It KERN\_PROC\_RGID    A real group ID  .It KERN_PROC_RGID      A real group ID
 .It KERN\_PROC\_RUID    A real user ID  .It KERN_PROC_RUID      A real user ID
 .It KERN\_PROC\_SESSION A session ID  .It KERN_PROC_SESSION   A session ID
 .It KERN\_PROC\_TTY     A tty device  .It KERN_PROC_TTY       A tty device
 .It KERN\_PROC\_UID     A user ID  .It KERN_PROC_UID       A user ID
 .El  .El
 .It Li kern.proc2 ( KERN_PROC2 )  .It Li kern.proc2 ( KERN_PROC2 )
 As for KERN_PROC, but an array of  As for KERN_PROC, but an array of
Line 654  of a process.
Line 877  of a process.
 Multiple strings are returned separated by NUL characters.  Multiple strings are returned separated by NUL characters.
 The third level name is the process ID.  The third level name is the process ID.
 The fourth level name is as follows:  The fourth level name is as follows:
 .Bl -column "Third level nameXXXXXX" -offset indent  .Bl -column "KERN_PROG_NARGV" "The number of environ strings" -offset indent
 .It KERN\_PROC\_ARGV    The argv strings  .It KERN_PROC_ARGV      The argv strings
 .It KERN\_PROC\_ENV     The environ strings  .It KERN_PROC_ENV       The environ strings
 .It KERN\_PROC\_NARGV   The number of argv strings  .It KERN_PROC_NARGV     The number of argv strings
 .It KERN\_PROC\_NENV    The number of environ strings  .It KERN_PROC_NENV      The number of environ strings
 .El  .El
 .It Li kern.profiling ( KERN_PROF )  .It Li kern.profiling ( KERN_PROF )
 Return profiling information about the kernel.  Return profiling information about the kernel.
Line 670  The third level names for the string and
Line 893  The third level names for the string and
 is detailed below.  is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "kern.profiling.gmonparam" "struct gmonparam" -offset indent  .Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent
 .It Sy Third level name Type    Changeable  .It Sy Third level name Type    Changeable
 .It kern.profiling.count        u_short[\|]     yes  .It kern.profiling.count        u_short[\|]     yes
 .It kern.profiling.froms        u_short[\|]     yes  .It kern.profiling.froms        u_short[\|]     yes
Line 696  Array of
Line 919  Array of
 .Va struct tostruct  .Va struct tostruct
 describing destination of calls and their counts.  describing destination of calls and their counts.
 .El  .El
   .\" .It Li kern.pset
   .\" XXX: Undocumented.
 .It Li kern.rawpartition ( KERN_RAWPARTITION )  .It Li kern.rawpartition ( KERN_RAWPARTITION )
 The raw partition of a disk (a == 0).  The raw partition of a disk (a == 0).
 .It Li kern.root_device ( KERN_ROOT_DEVICE )  .It Li kern.root_device ( KERN_ROOT_DEVICE )
Line 711  Returns 1 if saved set-group and saved s
Line 936  Returns 1 if saved set-group and saved s
 Maximum socket buffer size.  Maximum socket buffer size.
 .\" XXX units?  .\" XXX units?
 .It Li kern.securelevel ( KERN_SECURELVL )  .It Li kern.securelevel ( KERN_SECURELVL )
 The system security level.  See
 This level may be raised by processes with appropriate privilege.  .Xr secmodel_securelevel 9 .
 It may only be lowered by process 1.  .\" .It Li kern.sched
   .\" XXX: Undocumented.
 .It Li kern.somaxkva ( KERN_SOMAXKVA )  .It Li kern.somaxkva ( KERN_SOMAXKVA )
 Maximum amount of kernel memory to be used for socket buffers.  Maximum amount of kernel memory to be used for socket buffers.
 .\" XXX units?  .\" XXX units?
Line 721  Maximum amount of kernel memory to be us
Line 947  Maximum amount of kernel memory to be us
 Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available  Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available
 on this system,  on this system,
 otherwise 0.  otherwise 0.
 .It Li kern.ipc ( KERN_SYSVIPC )  .It Li kern.timecounter ( dynamic )
 Return information about the SysV IPC parameters.  Display and control the timecounter source of the system.
 The third level names for the ipc variables are detailed below.  .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent
 .Bl -column "KERN_SYSVIPC_MSGXXX" "integerXXX" "noXXX" -offset indent  .It Sy Third level name Type    Changeable
 .It Sy Third level name Type            Changeable  .It kern.timecounter.choice     string  no
 .It kern.ipc.sysvmsg    integer         no  .It kern.timecounter.hardware   string  yes
 .It kern.ipc.sysvsem    integer         no  .It kern.timecounter.timestepwarnings   integer yes
 .It kern.ipc.sysvshm    integer         no  
 .It kern.ipc.sysvipc_info       struct          no  
 .It kern.ipc.shmmax     integer         no  
 .It kern.ipc.shmmni     integer         yes  
 .It kern.ipc.shmseg     integer         yes  
 .It kern.ipc.shmmaxpgs  integer         yes  
 .It kern.ipc.shm_use_phys       integer         yes  
 .El  
 .Bl -tag -width "123456"  
 .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG )  
 Returns 1 if System V style message queue functionality is available  
 on this system,  
 otherwise 0.  
 .It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM )  
 Returns 1 if System V style semaphore functionality is available  
 on this system,  
 otherwise 0.  
 .It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM )  
 Returns 1 if System V style share memory functionality is available  
 on this system,  
 otherwise 0.  
 .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO )  
 Return System V style IPC configuration and run-time information.  
 The fourth level name selects the System V style IPC facility.  
 .Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent  
 .It Sy Fourth level name        Type  
 .It KERN\_SYSVIPC\_MSG\_INFO    struct msg_sysctl_info  
 .It KERN\_SYSVIPC\_SEM\_INFO    struct sem_sysctl_info  
 .It KERN\_SYSVIPC\_SHM\_INFO    struct shm_sysctl_info  
 .El  .El
 .Pp  .Pp
   The variables are as follows:
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li KERN_SYSVIPC_MSG_INFO  .It Li kern.timecounter.choice ( dynamic )
 Return information on the System V style message facility.  The list of available timecounters with their quality and frequency.
 The  .It Li kern.timecounter.hardware ( dynamic )
 .Sy msg_sysctl_info  The currently selected timecounter source.
 structure is defined in  .It Li kern.timecounter.timestepwarnings ( dynamic )
 .Aq Pa sys/msg.h .  If non-zero display a message each time the time is stepped.
 .It Li KERN_SYSVIPC_SEM_INFO  
 Return information on the System V style semaphore facility.  
 The  
 .Sy sem_sysctl_info  
 structure is defined in  
 .Aq Pa sys/sem.h .  
 .It Li KERN_SYSVIPC_SHM_INFO  
 Return information on the System V style shared memory facility.  
 The  
 .Sy shm_sysctl_info  
 structure is defined in  
 .Aq Pa sys/shm.h .  
 .El  
 .It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX )  
 Max shared memory segment size in bytes.  
 .It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI )  
 Max number of shared memory identifiers.  
 .It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG )  
 Max shared memory segments per process.  
 .It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS )  
 Max amount of shared memory in pages.  
 .It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS )  
 Locking of shared memory in physical memory.  
 If 0, memory can be swapped  
 out, otherwise it will be locked in physical memory.  
 .El  .El
 .It Li kern.timex ( KERN_TIMEX )  .It Li kern.timex ( KERN_TIMEX )
 Not available.  Not available.
Line 800  on ttys.
Line 973  on ttys.
 The third level names for the tty statistic variables are detailed below.  The third level names for the tty statistic variables are detailed below.
 The changeable column shows whether a process  The changeable column shows whether a process
 with appropriate privilege may change the value.  with appropriate privilege may change the value.
 .Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent  .Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent
 .It Sy Third level name Type    Changeable  .It Sy Third level name Type    Changeable
 .It kern.tkstat.cancc   quad    no  .It kern.tkstat.cancc   quad    no
 .It kern.tkstat.nin     quad    no  .It kern.tkstat.nin     quad    no
Line 821  The number of raw input characters.
Line 994  The number of raw input characters.
 .El  .El
 .It Li kern.urandom ( KERN_URND )  .It Li kern.urandom ( KERN_URND )
 Random integer value.  Random integer value.
   .It Li kern.usercrypto
   When enabled, allows userland to
   .Xr open 2
   the
   .Pa /dev/crypto
   special device, used by the
   .Xr crypto 4
   system.
   .It Li kern.userasymcrypto
   Enables or disables the use of software asymmetric crypto support in the
   .Xr crypto 4
   system.
 .It Li kern.veriexec  .It Li kern.veriexec
 Tunings for Verixec.  Runtime information for
   .Xr veriexec 8 .
   .Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent
   .It Sy Third level name Type    Changeable
   .It kern.veriexec.algorithms    string  no
   .It kern.veriexec.count node    not applicable
   .It kern.veriexec.strict        integer yes
   .It kern.veriexec.verbose       integer yes
   .El
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li kern.veriexec.algorithms  .It Li kern.veriexec.algorithms
 Returns a string with the supported algorithms in Veriexec.  Returns a string with the supported algorithms in Veriexec.
Line 860  Each element of the array contains the k
Line 1053  Each element of the array contains the k
 .Va struct vnode *  .Va struct vnode *
 followed by the vnode itself  followed by the vnode itself
 .Va struct vnode .  .Va struct vnode .
 .It Li kern.coredump.setid  .\" XXX: Undocumented: kern.lwp: no children?
 Settings related to set-id processes coredumps.  
 By default, set-id processes do not dump core in situations where  
 other processes would.  
 The settings in this node allows an administrator to change this  
 behavior.  
 .Pp  
 .Bl -tag -width "123456"  
 .It Li kern.coredump.setid.dump  
 If non-zero, set-id processes will dump core.  
 .It Li kern.coredump.setid.group  
 The group-id for the set-id processes' coredump.  
 .It Li kern.coredump.setid.mode  
 The mode for the set-id processes' coredump.  
 See  
 .Xr chmod 1 .  
 .It Li kern.coredump.setid.owner  
 The user-id that will be used as the owner of the set-id processes'  
 coredump.  
 .It Li kern.coredump.setid.path  
 The path to which set-id processes' coredumps will be saved to.  
 Same syntax as kern.defcorename.  
 .El  .El
 .\" XXX kern.lwp  .Ss The machdep.* subtree
 .El  
 .Sh The machdep.* subtree  
 The set of variables defined is architecture dependent.  The set of variables defined is architecture dependent.
 Most architectures define at least the following variables.  Most architectures define at least the following variables.
 .Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent  .Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
 .It Li CPU_CONSDEV      dev_t   no  .It Li machdep.booted_kernel    string  no
 .El  .El
 .Sh The net.* subtree  .\" XXX: Document the above.
   .Ss The net.* subtree
 The string and integer information available for the  The string and integer information available for the
 .Li net  .Li net
 level is detailed below.  level is detailed below.
Line 900  The changeable column shows whether a pr
Line 1071  The changeable column shows whether a pr
 privilege may change the value.  privilege may change the value.
 The second and third levels are typically the protocol family and  The second and third levels are typically the protocol family and
 protocol number, though this is not always the case.  protocol number, though this is not always the case.
 .Bl -column "Second level nameX" "IPsec key management valuesX" -offset indent  .Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
 .It net.route   routing messages        no  .It net.route   routing messages        no
 .It net.inet    IPv4 values     yes  .It net.inet    IPv4 values     yes
Line 921  The third level name is a protocol numbe
Line 1092  The third level name is a protocol numbe
 The fourth level name is an address family, which may be set to 0 to  The fourth level name is an address family, which may be set to 0 to
 select all address families.  select all address families.
 The fifth and sixth level names are as follows:  The fifth and sixth level names are as follows:
 .Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent  .Bl -column "Fifth level name" "Sixth level is:" -offset indent
 .It Sy Fifth level name Sixth level is:  .It Sy Fifth level name Sixth level is:
 .It NET\_RT\_FLAGS      rtflags  .It NET_RT_FLAGS        rtflags
 .It NET\_RT\_DUMP       None  .It NET_RT_DUMP None
 .It NET\_RT\_IFLIST     None  .It NET_RT_IFLIST       None
 .El  .El
 .It Li net.inet ( PF_INET )  .It Li net.inet ( PF_INET )
 Get or set various global information about the IPv4  Get or set various global information about the IPv4
Line 933  Get or set various global information ab
Line 1104  Get or set various global information ab
 The third level name is the protocol.  The third level name is the protocol.
 The fourth level name is the variable name.  The fourth level name is the variable name.
 The currently defined protocols and names are:  The currently defined protocols and names are:
 .Bl -column "Protocol name" "sack.globalmaxholes" "integer" -offset 4n  .Bl -column "Protocol name" "sack.globalmaxholes" "integer" "Changeable" -offset 4n
 .It Sy Protocol name    Variable name   Type    Changeable  .It Sy Protocol name    Variable name   Type    Changeable
 .It arp down    integer yes  .It arp down    integer yes
 .It arp keep    integer yes  .It arp keep    integer yes
Line 947  The currently defined protocols and name
Line 1118  The currently defined protocols and name
 .It icmp        maskrepl        integer yes  .It icmp        maskrepl        integer yes
 .It icmp        rediraccept     integer yes  .It icmp        rediraccept     integer yes
 .It icmp        redirtimeout    integer yes  .It icmp        redirtimeout    integer yes
   .It icmp        bmcastecho      integer yes
 .It ip  allowsrcrt      integer yes  .It ip  allowsrcrt      integer yes
 .It ip  anonportmax     integer yes  .It ip  anonportmax     integer yes
 .It ip  anonportmin     integer yes  .It ip  anonportmin     integer yes
Line 1156  ICMP redirect.
Line 1328  ICMP redirect.
 This defaults to 600 seconds.  This defaults to 600 seconds.
 .It Li icmp.returndatabytes  .It Li icmp.returndatabytes
 Number of bytes to return in an ICMP error message.  Number of bytes to return in an ICMP error message.
   .It Li icmp.bmcastecho
   If set to 1, enables responding to ICMP echo or timestamp request to the
   broadcast address.
 .It Li tcp.ack_on_push  .It Li tcp.ack_on_push
 If set to 1, TCP is to immediately transmit an ACK upon reception of  If set to 1, TCP is to immediately transmit an ACK upon reception of
 a packet with PUSH set.  a packet with PUSH set.
Line 1297  Get or set various global information ab
Line 1472  Get or set various global information ab
 The third level name is the protocol.  The third level name is the protocol.
 The fourth level name is the variable name.  The fourth level name is the variable name.
 The currently defined protocols and names are:  The currently defined protocols and names are:
 .Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent  .Bl -column "Protocol name" "do_loopback_cksum" "integer" "Changeable" -offset indent
 .It Sy Protocol name    Variable name   Type    Changeable  .It Sy Protocol name    Variable name   Type    Changeable
 .It icmp6       errppslimit     integer yes  .It icmp6       errppslimit     integer yes
 .It icmp6       mtudisc_hiwat   integer yes  .It icmp6       mtudisc_hiwat   integer yes
Line 1563  For variables net.*.ipsec6, please refer
Line 1738  For variables net.*.ipsec6, please refer
 Get or set various global information about the IPsec key management.  Get or set various global information about the IPsec key management.
 The third level name is the variable name.  The third level name is the variable name.
 The currently defined variable and names are:  The currently defined variable and names are:
 .Bl -column "blockacq_lifetime" "integer" "yes" -offset indent  .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent
 .It Sy Variable name    Type    Changeable  .It Sy Variable name    Type    Changeable
 .It debug       integer yes  .It debug       integer yes
 .It spi_try     integer yes  .It spi_try     integer yes
Line 1576  The currently defined variable and names
Line 1751  The currently defined variable and names
 .It esp_auth    integer yes  .It esp_auth    integer yes
 .It ah_keymin   integer yes  .It ah_keymin   integer yes
 .El  .El
   .Pp
 The variables are as follows:  The variables are as follows:
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li debug  .It Li debug
Line 1612  The value is used when the kernel create
Line 1788  The value is used when the kernel create
 on ACQUIRE PF_KEY message.  on ACQUIRE PF_KEY message.
 .El  .El
 .El  .El
 .Sh The proc.* subtree  .Ss The proc.* subtree
 The string and integer information available for the  The string and integer information available for the
 .Li proc  .Li proc
 level is detailed below.  level is detailed below.
Line 1626  When a set-user-ID or set-group-ID binar
Line 1802  When a set-user-ID or set-group-ID binar
 value of PROC_PID_CORENAME is reset to the system default value.  value of PROC_PID_CORENAME is reset to the system default value.
 The second level name is either the magic value PROC_CURPROC, which  The second level name is either the magic value PROC_CURPROC, which
 points to the current process, or the PID of the target process.  points to the current process, or the PID of the target process.
 .Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent  .Bl -column "proc.pid.corename" "string" "not applicable" -offset indent
 .It Sy Third level name Type    Changeable  .It Sy Third level name Type    Changeable
 .It proc.pid.corename   string  yes  .It proc.pid.corename   string  yes
 .It proc.pid.rlimit     node    not applicable  .It proc.pid.rlimit     node    not applicable
Line 1635  points to the current process, or the PI
Line 1811  points to the current process, or the PI
 .It proc.pid.stopexit   int     yes  .It proc.pid.stopexit   int     yes
 .El  .El
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .Pp  
 .It Li proc.pid.corename ( PROC_PID_CORENAME )  .It Li proc.pid.corename ( PROC_PID_CORENAME )
 The template used for the core dump file name (see  The template used for the core dump file name (see
 .Xr core 5  .Xr core 5
Line 1684  function.
Line 1859  function.
 The maximum number of simultaneous processes for this user id.  The maximum number of simultaneous processes for this user id.
 .It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE )  .It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE )
 The maximum number of open files for this process.  The maximum number of open files for this process.
 .\" XXX proc.pid.rlimit.sbsize  .It Li proc.pid.rlimit.sbsize ( PROC_PID_LIMIT_SBSIZE )
   The maximum size (in bytes) of the socket buffers
   set by the
   .Xr setsockopt 2
   .Dv SO_RCVBUF
   and
   .Dv SO_SNDBUF
   options.
 .El  .El
 .Pp  .Pp
 The fifth level name is one of  The fifth level name is one of
Line 1738  before it disappears.
Line 1920  before it disappears.
 .Pp  .Pp
 This value is also inherited by the process's children.  This value is also inherited by the process's children.
 .El  .El
 .Sh The user.* subtree ( CTL_USER )  .Ss The user.* subtree ( CTL_USER )
 The string and integer information available for the  The string and integer information available for the
 .Li user  .Li user
 level is detailed below.  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent  .Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
 .It user.atexit_max     integer no  .It user.atexit_max     integer no
 .It user.bc_base_max    integer no  .It user.bc_base_max    integer no
Line 1770  privilege may change the value.
Line 1952  privilege may change the value.
 .It user.tzname_max     integer no  .It user.tzname_max     integer no
 .El  .El
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .Pp  
 .It Li user.atexit_max ( USER_ATEXIT_MAX )  .It Li user.atexit_max ( USER_ATEXIT_MAX )
 The maximum number of functions that may be registered with  The maximum number of functions that may be registered with
 .Xr atexit 3 .  .Xr atexit 3 .
Line 1833  The version of POSIX 1003.2 with which t
Line 2014  The version of POSIX 1003.2 with which t
 .It Li user.re_dup_max ( USER_RE_DUP_MAX )  .It Li user.re_dup_max ( USER_RE_DUP_MAX )
 The maximum number of repeated occurrences of a regular expression  The maximum number of repeated occurrences of a regular expression
 permitted when using interval notation.  permitted when using interval notation.
 .ne 1i  
 .It Li user.stream_max ( USER_STREAM_MAX )  .It Li user.stream_max ( USER_STREAM_MAX )
 The minimum maximum number of streams that a process may have open  The minimum maximum number of streams that a process may have open
 at any one time.  at any one time.
Line 1841  at any one time.
Line 2021  at any one time.
 The minimum maximum number of types supported for the name of a  The minimum maximum number of types supported for the name of a
 timezone.  timezone.
 .El  .El
 .Sh The vm.* subtree ( CTL_VM )  .Ss The vm.* subtree ( CTL_VM )
 The string and integer information available for the  The string and integer information available for the
 .Li vm  .Li vm
 level is detailed below.  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "Second level nameXXXXXX" "struct uvmexp_sysctlXXX" -offset indent  .Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
 .It vm.anonmax  int     yes  .It vm.anonmax  int     yes
 .It vm.anonmin  int     yes  .It vm.anonmin  int     yes
Line 1908  The value of the maxslp kernel global va
Line 2088  The value of the maxslp kernel global va
 Return system wide virtual memory statistics.  Return system wide virtual memory statistics.
 The returned data consists of a  The returned data consists of a
 .Va struct vmtotal .  .Va struct vmtotal .
   .It vm.user_va0_disable
   A flag which controls whether user processes can map virtual address 0.
 .It Li vm.uspace ( VM_USPACE )  .It Li vm.uspace ( VM_USPACE )
 The number of bytes allocated for each kernel stack.  The number of bytes allocated for each kernel stack.
 .It Li vm.uvmexp ( VM_UVMEXP )  .It Li vm.uvmexp ( VM_UVMEXP )
Line 1920  The returned data consists of a
Line 2102  The returned data consists of a
 .Va struct uvmexp_sysctl .  .Va struct uvmexp_sysctl .
 .\" XXX vm.idlezero  .\" XXX vm.idlezero
 .El  .El
 .Sh The ddb.* subtree ( CTL_DDB )  .Ss The ddb.* subtree ( CTL_DDB )
 The integer information available for the  The information available for the
 .Li ddb  .Li ddb
 level is detailed below.  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .\" XXX sort  .\" XXX sort
 .Bl -column "ddb.fromconsoleXXX" "integerXXX" -offset indent  .Bl -column "Second level name" "integer" "Changeable" -offset indent
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
 .It ddb.radix   integer yes  .It ddb.radix   integer yes
 .It ddb.maxoff  integer yes  .It ddb.maxoff  integer yes
   .It ddb.maxwidth        integer yes
 .It ddb.lines   integer yes  .It ddb.lines   integer yes
 .It ddb.tabstops        integer yes  .It ddb.tabstops        integer yes
 .It ddb.onpanic integer yes  .It ddb.onpanic integer yes
 .It ddb.fromconsole     integer yes  .It ddb.fromconsole     integer yes
   .It ddb.tee_msgbuf      integer yes
   .It ddb.commandonenter  string  yes
 .El  .El
 .Pp  .Pp
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li ddb.radix ( DBCTL_RADIX )  .It Li ddb.radix ( DDBCTL_RADIX )
 The input and output radix.  The input and output radix.
 .It Li ddb.maxoff ( DBCTL_MAXOFF )  .It Li ddb.maxoff ( DDBCTL_MAXOFF )
 The maximum symbol offset.  The maximum symbol offset.
 .It Li ddb.lines ( DBCTL_LINES )  .It Li ddb.maxwidth ( DDBCTL_MAXWIDTH )
   The maximum output line width.
   .It Li ddb.lines ( DDBCTL_LINES )
 Number of display lines.  Number of display lines.
 .It Li ddb.tabstops ( DBCTL_TABSTOPS )  .It Li ddb.tabstops ( DDBCTL_TABSTOPS )
 Tab width.  Tab width.
 .It Li ddb.onpanic ( DBCTL_ONPANIC )  .It Li ddb.onpanic ( DDBCTL_ONPANIC )
 If non-zero, DDB will be entered when the kernel panics.  If non-zero, DDB will be entered if the kernel panics.
 .It Li ddb.fromconsole ( DBCTL_FROMCONSOLE )  .It Li ddb.fromconsole ( DDBCTL_FROMCONSOLE )
 If not zero, DDB may be entered by sending a break on a serial  If not zero, DDB may be entered by sending a break on a serial
 console or by a special key sequence on a graphics console.  console or by a special key sequence on a graphics console.
 .\" XXX tee_msgbuf maxwidth commandonenter  .It Li ddb.tee_msgbuf
   If not zero, DDB will output also to the kernel message buffer.
   .It Li ddb.commandonenter
   If not empty, a command to be executed on each enter to the
   .Tn DDB .
   .\"
   .\" XXX: (a) ddb.commandonenter is missing in ddb(4);
   .\"      (b) No DDBCTL definitions for tee_msgbuf and commandonenter.
 .El  .El
 .Pp  .Pp
 These MIB nodes are also available as variables from within the DDB.  Some of these
   .Tn MIB
   nodes are also available as variables from within the debugger.
 See  See
 .Xr ddb 4  .Xr ddb 4
 for more details.  for more details.
 .Sh The security.* subtree ( CTL_SECURITY )  .Ss The security.* subtree ( CTL_SECURITY )
 The  The
 .Li security  .Li security
 level contains various security-related settings for  level contains various security-related settings for
 the system.  the system.
   The available second level names are:
   .Bl -column "Second level name" "integer" "Changeable" -offset indent
   .It Sy Second level name        Type    Changeable
   .It Li security.curtain integer yes
   .It Li security.models  node    not applicable
   .It Li security.pax     node    not applicable
   .El
   .Pp
 Available settings are detailed below.  Available settings are detailed below.
 .Pp  .Pp
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li security.curtain  .It Li security.curtain
 If non-zero, will filter return objects according to the user-id  If non-zero, will filter return objects according to the user
   .Tn ID
 requesting information about them, preventing from users any  requesting information about them, preventing from users any
 access to objects they don't own.  access to objects they do not own.
 .Pp  .Pp
 At the moment, it affects  At the moment, it affects
 .Xr ps 1 ,  .Xr ps 1 ,
Line 1984  PCBs), and
Line 2189  PCBs), and
 .It Li security.models  .It Li security.models
 .Nx  .Nx
 supports pluggable security models.  supports pluggable security models.
 Every security model used, whether if loaded as an LKM or built with the system,  Every security model used, whether if loaded as a module or built with the system,
 is required to add an entry to this node with at least one element,  is required to add an entry to this node with at least one element,
 .Dq name ,  .Dq name ,
 indicating the name of the security model.  indicating the name of the security model.
Line 2000  For more information on any of the PaX f
Line 2205  For more information on any of the PaX f
 .Xr paxctl 8  .Xr paxctl 8
 and  and
 .Xr security 8 .  .Xr security 8 .
   The available third and fourth level names are:
   .Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \
   -offset 2n
   .It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable
   .It Li security.pax.aslr.enabled        integer yes
   .\".It Li security.pax.aslr.exec_len    integer yes
   .It Li security.pax.aslr.global integer yes
   .\".It Li security.pax.aslr.mmap_len    integer yes
   .\".It Li security.pax.aslr.stack_len   integer yes
   .It Li security.pax.mprotect.enabled    integer yes
   .It Li security.pax.mprotect.global     integer yes
   .It Li security.pax.segvguard.enabled   integer yes
   .It Li security.pax.segvguard.expiry_timeout    integer yes
   .It Li security.pax.segvguard.global    integer yes
   .It Li security.pax.segvguard.max_crashes       integer yes
   .It Li security.pax.segvguard.suspend_timeout   integer yes
   .El
 .Pp  .Pp
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li security.pax.aslr.enable  .It Li security.pax.aslr.enabled
 Enable PaX ASLR (Address Space Layout Randomization).  Enable PaX ASLR (Address Space Layout Randomization).
 .Pp  .Pp
 The value of this  The value of this
 knob must be non-zero for PaX ASLR to be enabled, even if a program is set to  knob must be non-zero for PaX ASLR to be enabled, even if a program is set to
 explicit enable.  explicit enable.
   .\".It Li security.pax.aslr.exec_len
   .\" XXX: Undocumented.
 .It Li security.pax.aslr.global  .It Li security.pax.aslr.global
 Specifies the default global policy for programs without an  Specifies the default global policy for programs without an
 explicit enable/disable flag.  explicit enable/disable flag.
Line 2017  When non-zero, all programs will get PaX
Line 2241  When non-zero, all programs will get PaX
 Otherwise, all programs will not get PaX ASLR, except those specifically  Otherwise, all programs will not get PaX ASLR, except those specifically
 marked as such with  marked as such with
 .Xr paxctl 8 .  .Xr paxctl 8 .
 .It Li security.pax.mprotect.enable  .\".It Li security.pax.aslr.mmap_len
   .\" XXX: Undocumented.
   .\" .It Li security.pax.aslr.stack_len
   .\" XXX: Undocumented.
   .It Li security.pax.mprotect.enabled
 Enable PaX MPROTECT restrictions.  Enable PaX MPROTECT restrictions.
 .Pp  .Pp
 These are  These are
Line 2036  except those exempted with
Line 2264  except those exempted with
 Otherwise, all programs will not get the PaX MPROTECT restrictions,  Otherwise, all programs will not get the PaX MPROTECT restrictions,
 except those specifically marked as such with  except those specifically marked as such with
 .Xr paxctl 8 .  .Xr paxctl 8 .
 .It Li security.pax.segvguard.enable  .It Li security.pax.segvguard.enabled
 Enable PaX Segvguard.  Enable PaX Segvguard.
 .Pp  .Pp
 PaX Segvguard can detect and prevent certain exploitation attempts, where  PaX Segvguard can detect and prevent certain exploitation attempts, where
Line 2048  The
Line 2276  The
 .Nx  .Nx
 interface and implementation of the Segvguard is still experimental, and may  interface and implementation of the Segvguard is still experimental, and may
 change in future releases.  change in future releases.
   .It Li security.pax.segvguard.expiry_timeout
   If the max number was not reached within this timeout (in seconds), the entry
   will expire.
 .It Li security.pax.segvguard.global  .It Li security.pax.segvguard.global
 Specifies the default global policy for programs without an  Specifies the default global policy for programs without an
 explicit enable/disable flag.  explicit enable/disable flag.
Line 2058  except those exempted with
Line 2289  except those exempted with
 Otherwise, no program will get the PaX Segvguard restrictions,  Otherwise, no program will get the PaX Segvguard restrictions,
 except those specifically marked as such with  except those specifically marked as such with
 .Xr paxctl 8 .  .Xr paxctl 8 .
 .It Li security.pax.segvguard.expiry_timeout  .It Li security.pax.segvguard.max_crashes
 If the max number was not reached within this timeout (in seconds), the entry  The maximum number of segfaults a program can receive before suspension.
 will expire.  
 .It Li security.pax.segvguard.suspend_timeout  .It Li security.pax.segvguard.suspend_timeout
 Number of seconds to suspend a user from running a faulting program when the  Number of seconds to suspend a user from running a faulting program when the
 limit was exceeded.  limit was exceeded.
 .It Li security.pax.segvguard.max_crashes  
 Max number of segfaults a program can receive before suspension.  
 .El  .El
 .El  .El
 .Sh The vendor.* subtree ( CTL_VENDOR )  .Ss The vendor.* subtree ( CTL_VENDOR )
 The  The
 .Li vendor  .Li vendor
 toplevel name is reserved to be used by vendors who wish to  toplevel name is reserved to be used by vendors who wish to

Legend:
Removed from v.1.15  
changed lines
  Added in v.1.52

CVSweb <webmaster@jp.NetBSD.org>