version 1.15, 2008/09/21 11:13:14 |
version 1.52, 2010/12/11 19:55:53 |
|
|
.\" |
.\" |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" |
.\" |
.Dd September 21, 2008 |
.Dd December 11, 2010 |
.Dt SYSCTL 7 |
.Dt SYSCTL 7 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
Line 68 sysctl variable relative to the upper le |
|
Line 68 sysctl variable relative to the upper le |
|
See the |
See the |
.Xr sysctl 3 |
.Xr sysctl 3 |
manual page for programming examples. |
manual page for programming examples. |
.Sh Top level names |
.Ss Top level names |
The top level names are defined with a CTL_ prefix in |
The top level names are defined with a CTL_ prefix in |
.Aq Pa sys/sysctl.h , |
.In sys/sysctl.h , |
and are as follows. |
and are as follows. |
The next and subsequent levels down are found in the include files |
The next and subsequent levels down are found in the include files |
listed here, and described in separate sections below. |
listed here, and described in separate sections below. |
.Bl -column securityXX CTLXSECURITYXX "Next level namesXX" |
.Bl -column security CTL_SECURITY "Next level names" "High kernel limits" |
.It Sy Name Constant Next level names Description |
.It Sy Name Constant Next level names Description |
.It kern CTL\_KERN sys/sysctl.h High kernel limits |
.It kern CTL_KERN sys/sysctl.h High kernel limits |
.It vm CTL\_VM uvm/uvm_param.h Virtual memory |
.It vm CTL_VM uvm/uvm_param.h Virtual memory |
.It vfs CTL\_VFS sys/mount.h Filesystem |
.It vfs CTL_VFS sys/mount.h Filesystem |
.It net CTL\_NET sys/socket.h Networking |
.It net CTL_NET sys/socket.h Networking |
.It debug CTL\_DEBUG sys/sysctl.h Debugging |
.It debug CTL_DEBUG sys/sysctl.h Debugging |
.It hw CTL\_HW sys/sysctl.h Generic CPU, I/O |
.It hw CTL_HW sys/sysctl.h Generic CPU, I/O |
.It machdep CTL\_MACHDEP sys/sysctl.h Machine dependent |
.It machdep CTL_MACHDEP sys/sysctl.h Machine dependent |
.It user CTL\_USER sys/sysctl.h User-level |
.It user CTL_USER sys/sysctl.h User-level |
.It ddb CTL\_DDB sys/sysctl.h In-kernel debugger |
.It ddb CTL_DDB sys/sysctl.h In-kernel debugger |
.It proc CTL\_PROC sys/sysctl.h Per-process |
.It proc CTL_PROC sys/sysctl.h Per-process |
.It vendor CTL\_VENDOR ? Vendor specific |
.It vendor CTL_VENDOR ? Vendor specific |
.It emul CTL\_EMUL sys/sysctl.h Emulation settings |
.It emul CTL_EMUL sys/sysctl.h Emulation settings |
.It security CTL\_SECURITY sys/sysctl.h Security settings |
.It security CTL_SECURITY sys/sysctl.h Security settings |
.El |
.El |
.Sh The debug.* subtree |
.Ss The debug.* subtree |
The debugging variables vary from system to system. |
The debugging variables vary from system to system. |
A debugging variable may be added or deleted without need to recompile |
A debugging variable may be added or deleted without need to recompile |
.Nm |
.Nm |
Line 112 if a variable is initialized in more tha |
|
Line 112 if a variable is initialized in more tha |
|
For example, to export the variable |
For example, to export the variable |
.Dv dospecialcheck |
.Dv dospecialcheck |
as a debugging variable, the following declaration would be used: |
as a debugging variable, the following declaration would be used: |
|
.Pp |
.Bd -literal -offset indent -compact |
.Bd -literal -offset indent -compact |
int dospecialcheck = 1; |
int dospecialcheck = 1; |
struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; |
struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; |
|
|
.\" and |
.\" and |
.\" .Xr sysctl 9 |
.\" .Xr sysctl 9 |
for more information. |
for more information. |
.Sh The vfs.* subtree |
.Ss The vfs.* subtree |
A distinguished second level name, |
A distinguished second level name, |
.Li vfs.generic ( VFS_GENERIC ) , |
.Li vfs.generic ( VFS_GENERIC ) , |
is used to get general information about all filesystems. |
is used to get general information about all filesystems. |
One of its third level identifiers is |
It has the following third level identifiers: |
.Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM ) |
.Bl -tag -width compact |
that gives the highest valid filesystem type number. |
.It vfs.generic.maxtypenum ( VFS_MAXTYPENUM ) |
Its other third level identifier is |
The highest valid filesystem type number. |
.Li vfs.generic.conf ( VFS_CONF ) |
.It vfs.generic.conf ( VFS_CONF ) |
that returns configuration information about the filesystem |
Returns configuration information about the file-system type given as a fourth |
type given as a fourth level identifier. |
level identifier. |
The remaining second level identifiers are the |
.El |
filesystem type number returned by a |
.Pp |
|
The remaining second level identifiers are the file-system names, identified |
|
by the type number returned by a |
.Xr statvfs 2 |
.Xr statvfs 2 |
call or from |
call or from |
.Li vfs.generic.conf . |
.Li vfs.generic.conf . |
The third level identifiers available for each filesystem |
The third level identifiers available for each filesystem |
are given in the header file that defines the mount |
are given in the header file that defines the mount |
argument structure for that filesystem. |
argument structure for that filesystem. |
.Sh The hw.* subtree |
.Ss The hw.* subtree |
The string and integer information available for the |
The string and integer information available for the |
.Li hw |
.Li hw |
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent |
.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It hw.acpi.supported_states string no |
|
.It hw.alignbytes integer no |
.It hw.alignbytes integer no |
.It hw.byteorder integer no |
.It hw.byteorder integer no |
.It hw.cnmagic string yes |
.It hw.cnmagic string yes |
Line 172 privilege may change the value. |
|
Line 174 privilege may change the value. |
|
.El |
.El |
.Pp |
.Pp |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li hw.acpi.support_states |
|
List of possible |
|
.Tn ACPI |
|
sleep states. |
|
The list can contain the following values: |
|
.Bl -tag -width XS1X |
|
.It S0 |
|
fully running |
|
.It S1 |
|
power on suspend (CPU and hard disks are off) |
|
.It S2 |
|
similar to S3, usually not implemented |
|
.It S3 |
|
suspend-to-RAM |
|
.It S4 |
|
suspend-to-disk (needs BIOS support) |
|
.It S5 |
|
power off |
|
.El |
|
.It Li hw.alignbytes ( HW_ALIGNBYTES ) |
.It Li hw.alignbytes ( HW_ALIGNBYTES ) |
Alignment constraint for all possible data types. |
Alignment constraint for all possible data types. |
This shows the value |
This shows the value |
Line 235 The machine CPU class. |
|
Line 218 The machine CPU class. |
|
The machine model. |
The machine model. |
.It Li hw.ncpu ( HW_NCPU ) |
.It Li hw.ncpu ( HW_NCPU ) |
The number of CPUs. |
The number of CPUs. |
.ne 1i |
|
.It Li hw.pagesize ( HW_PAGESIZE ) |
.It Li hw.pagesize ( HW_PAGESIZE ) |
The software page size. |
The software page size. |
.It Li hw.physmem ( HW_PHYSMEM ) |
.It Li hw.physmem ( HW_PHYSMEM ) |
Line 247 The bytes of non-kernel memory as a 32-b |
|
Line 229 The bytes of non-kernel memory as a 32-b |
|
.It Li hw.usermem64 ( HW_USERMEM64 ) |
.It Li hw.usermem64 ( HW_USERMEM64 ) |
The bytes of non-kernel memory as a 64-bit integer. |
The bytes of non-kernel memory as a 64-bit integer. |
.El |
.El |
.Sh The kern.* subtree |
.Ss The kern.* subtree |
|
This subtree includes data generally related to the kernel. |
The string and integer information available for the |
The string and integer information available for the |
.Li kern |
.Li kern |
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
The types of data currently available are process information, |
.Bl -column "kern.posix_reader_writer_locks" \ |
system vnodes, the open file entries, routing table entries, |
"struct kinfo_drivers" "not applicable" |
virtual memory statistics, load average history, and clock rate |
|
information. |
|
.Bl -column "kern.posix_reader_writer_locks" "struct clockrateXXX" -offset indent |
|
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
|
.It kern.aio_listio_max integer yes |
|
.It kern.aio_max integer yes |
|
.It kern.arandom integer no |
.It kern.argmax integer no |
.It kern.argmax integer no |
.It kern.autonicetime integer yes |
.It kern.boothowto integer no |
.It kern.autoniceval integer yes |
|
.It kern.boottime struct timeval no |
.It kern.boottime struct timeval no |
.It kern.bufq node not applicable |
.\".It kern.bufq node not applicable |
.It kern.ccpu integer no |
.It kern.ccpu integer no |
.It kern.clockrate struct clockinfo no |
.It kern.clockrate struct clockinfo no |
.It kern.consdev integer no |
.It kern.consdev integer no |
.It kern.cp\_id struct no |
.It kern.coredump node not applicable |
.It kern.cp\_time uint64_t[\|] no |
.It kern.cp_id struct no |
|
.It kern.cp_time uint64_t[\|] no |
|
.It kern.cryptodevallowsoft integer yes |
.It kern.defcorename string yes |
.It kern.defcorename string yes |
|
.It kern.detachall integer yes |
.It kern.domainname string yes |
.It kern.domainname string yes |
.It kern.drivers struct kinfo_drivers no |
.It kern.drivers struct kinfo_drivers no |
|
.It kern.dump_on_panic integer yes |
.It kern.file struct file no |
.It kern.file struct file no |
.It kern.forkfsleep integer yes |
.It kern.forkfsleep integer yes |
.It kern.fscale integer no |
.It kern.fscale integer no |
.It kern.fsync integer no |
.It kern.fsync integer no |
.It kern.hardclock\_ticks integer no |
.It kern.hardclock_ticks integer no |
.It kern.hostid integer yes |
.It kern.hostid integer yes |
.It kern.hostname string yes |
.It kern.hostname string yes |
.It kern.iov\_max integer no |
.It kern.iov_max integer no |
.It kern.job\_control integer no |
.It kern.ipc node not applicable |
|
.It kern.job_control integer no |
.It kern.labeloffset integer no |
.It kern.labeloffset integer no |
.It kern.labelsector integer no |
.It kern.labelsector integer no |
.It kern.login\_name\_max integer no |
.It kern.login_name_max integer no |
.It kern.logsigexit integer yes |
.It kern.logsigexit integer yes |
.It kern.mapped\_files integer no |
.It kern.mapped_files integer no |
.It kern.maxfiles integer yes |
.It kern.maxfiles integer yes |
.It kern.maxpartitions integer no |
.It kern.maxpartitions integer no |
.It kern.maxphys integer no |
.It kern.maxphys integer no |
|
|
.It kern.maxvnodes integer yes |
.It kern.maxvnodes integer yes |
.It kern.mbuf node not applicable |
.It kern.mbuf node not applicable |
.It kern.memlock integer no |
.It kern.memlock integer no |
.It kern.memlock\_range integer no |
.It kern.memlock_range integer no |
.It kern.memory\_protection integer no |
.It kern.memory_protection integer no |
.It kern.monotonic\_clock integer no |
.It kern.module node not applicable |
|
.It kern.monotonic_clock integer no |
|
.It kern.mqueue node not applicable |
.It kern.msgbuf integer no |
.It kern.msgbuf integer no |
.It kern.msgbufsize integer no |
.It kern.msgbufsize integer no |
.It kern.ngroups integer no |
.It kern.ngroups integer no |
|
.\".It kern.no_sa_support integer yes |
.It kern.ntptime struct ntptimeval no |
.It kern.ntptime struct ntptimeval no |
.It kern.osrelease string no |
.It kern.osrelease string no |
.It kern.osrev integer no |
.It kern.osrevision integer no |
.It kern.ostype string no |
.It kern.ostype string no |
|
.\".It kern.panic_now integer yes |
.It kern.pipe node not applicable |
.It kern.pipe node not applicable |
.It kern.posix1 integer no |
.\" .It kern.posix node not applicable |
.It kern.posix\_barriers integer no |
.It kern.posix1version integer no |
.It kern.posix\_reader\_writer\_locks integer no |
.It kern.posix_aio integer no |
.It kern.posix\_semaphores integer no |
.It kern.posix_barriers integer no |
.It kern.posix\_spin\_locks integer no |
.It kern.posix_reader_writer_locks integer no |
.It kern.posix\_threads integer no |
.\".It kern.posix_sched integer yes |
.It kern.posix\_timers integer no |
.It kern.posix_semaphores integer no |
|
.It kern.posix_spin_locks integer no |
|
.It kern.posix_threads integer no |
|
.It kern.posix_timers integer no |
.It kern.proc struct kinfo_proc no |
.It kern.proc struct kinfo_proc no |
.It kern.proc2 struct kinfo_proc2 no |
.It kern.proc2 struct kinfo_proc2 no |
.It kern.proc\_args string no |
.It kern.proc_args string no |
.It kern.prof node not applicable |
.It kern.profiling node not applicable |
|
.\".It kern.pset node not applicable |
.It kern.rawpartition integer no |
.It kern.rawpartition integer no |
.It kern.root\_device string no |
.It kern.root_device string no |
.It kern.root\_partition integer no |
.It kern.root_partition integer no |
.It kern.rtc\_offset integer yes |
.It kern.rtc_offset integer yes |
.It kern.saved\_ids integer no |
.It kern.saved_ids integer no |
|
.It kern.sbmax integer yes |
|
.\".It kern.sched node not applicable |
.It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
.It kern.synchronized\_io integer no |
.It kern.somaxkva integer yes |
.It kern.ipc node not applicable |
.It kern.synchronized_io integer no |
|
.It kern.timecounter node not applicable |
.It kern.timex struct no |
.It kern.timex struct no |
.It kern.tkstat node not applicable |
.It kern.tkstat node not applicable |
.It kern.urandom integer no |
.It kern.urandom integer no |
|
.It kern.usercrypto integer yes |
|
.It kern.userasymcrypto integer yes |
|
.It kern.veriexec node not applicable |
.It kern.version string no |
.It kern.version string no |
.It kern.vnode struct vnode no |
.It kern.vnode struct vnode no |
.El |
.El |
.ne 1i |
|
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
|
.It Li kern.aio_listio_max |
|
The maximum number of asynchronous |
|
.Tn I/O |
|
operations in a single list I/O call. |
|
Like with all variables related to |
|
.Xr aio 3 , |
|
the variable may be created and removed dynamically |
|
upon loading or unloading the corresponding kernel module. |
|
.It Li kern.aio_max |
|
The maximum number of asynchronous I/O operations. |
|
.It Li kern.arandom |
|
This variable picks a random number each time it is queried. |
|
The used random number generator |
|
.Pq Tn RNG |
|
is based on |
|
.Xr arc4random 3 . |
.It Li kern.argmax ( KERN_ARGMAX ) |
.It Li kern.argmax ( KERN_ARGMAX ) |
The maximum bytes of argument to |
The maximum bytes of argument to |
.Xr execve 2 . |
.Xr execve 2 . |
.It Li kern.autonicetime ( KERN_AUTONICETIME ) |
.It Li kern.boothowto |
The number of seconds of CPU-time a non-root process may accumulate before |
Flags passed from the boot loader; see |
having its priority lowered from the default to the value of KERN_AUTONICEVAL. |
.Xr reboot 2 |
If set to 0, automatic lowering of priority is not performed, and if set to \-1 |
for the meanings of the flags. |
all non-root processes are immediately lowered. |
|
.It Li kern.autoniceval ( KERN_AUTONICEVAL ) |
|
The priority assigned for automatically niced processes. |
|
.It Li kern.boottime ( KERN_BOOTTIME ) |
.It Li kern.boottime ( KERN_BOOTTIME ) |
A |
A |
.Va struct timeval |
.Va struct timeval |
structure is returned. |
structure is returned. |
This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
|
.\" .It Li kern.bufq |
|
.\" XXX: Undocumented. |
.It Li kern.ccpu ( KERN_CCPU ) |
.It Li kern.ccpu ( KERN_CCPU ) |
The scheduler exponential decay value. |
The scheduler exponential decay value. |
.It Li kern.clockrate ( KERN_CLOCKRATE ) |
.It Li kern.clockrate ( KERN_CLOCKRATE ) |
Line 357 structure is returned. |
|
Line 371 structure is returned. |
|
This structure contains the clock, statistics clock and profiling clock |
This structure contains the clock, statistics clock and profiling clock |
frequencies, the number of micro-seconds per hz tick, and the clock |
frequencies, the number of micro-seconds per hz tick, and the clock |
skew rate. |
skew rate. |
|
Refer to |
|
.Xr hz 9 |
|
for additional details. |
.It Li kern.consdev ( KERN_CONSDEV ) |
.It Li kern.consdev ( KERN_CONSDEV ) |
Console device. |
Console device. |
|
.It Li kern.coredump |
|
Settings related to set-id processes coredumps. |
|
By default, set-id processes do not dump core in situations where |
|
other processes would. |
|
The settings in this node allows an administrator to change this |
|
behavior. |
|
.Pp |
|
The third level name is |
|
.Dv kern.coredump.setid |
|
and fourth level variables are described below. |
|
.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
|
.It Sy Fourth level name Type Changeable |
|
.It kern.coredump.setid.dump integer yes |
|
.It kern.coredump.setid.group integer yes |
|
.It kern.coredump.setid.mode integer yes |
|
.It kern.coredump.setid.owner integer yes |
|
.It kern.coredump.setid.path string yes |
|
.El |
|
.Bl -tag -width "123456" |
|
.It Li kern.coredump.setid.dump |
|
If non-zero, set-id processes will dump core. |
|
.It Li kern.coredump.setid.group |
|
The group-id for the set-id processes' coredump. |
|
.It Li kern.coredump.setid.mode |
|
The mode for the set-id processes' coredump. |
|
See |
|
.Xr chmod 1 . |
|
.It Li kern.coredump.setid.owner |
|
The user-id that will be used as the owner of the set-id processes' |
|
coredump. |
|
.It Li kern.coredump.setid.path |
|
The path to which set-id processes' coredumps will be saved to. |
|
Same syntax as kern.defcorename. |
|
.El |
.It Li kern.cp_id ( KERN_CP_ID ) |
.It Li kern.cp_id ( KERN_CP_ID ) |
Mapping of CPU number to CPU id. |
Mapping of CPU number to CPU id. |
.It Li kern.cp_time ( KERN_CP_TIME ) |
.It Li kern.cp_time ( KERN_CP_TIME ) |
Line 369 On multi-processor systems, the sum acro |
|
Line 420 On multi-processor systems, the sum acro |
|
appropriate space is given for one data set for each CPU. |
appropriate space is given for one data set for each CPU. |
Data for a specific CPU can also be obtained by adding the number of the |
Data for a specific CPU can also be obtained by adding the number of the |
CPU at the end of the MIB, enlarging it by one. |
CPU at the end of the MIB, enlarging it by one. |
|
.It Li kern.cryptodevallowsoft |
|
This variable controls userland access to hardware versus software transforms |
|
in the |
|
.Xr crypto 4 |
|
system. |
|
The available values are as follows: |
|
.Bl -tag -width XX0 -offset indent |
|
.It Dv \*[Lt] 0 |
|
Always force userlevel requests to use software transforms. |
|
.It Dv = 0 |
|
If present, use hardware and grant userlevel requests for |
|
non-accelerated transforms (handling the latter in software). |
|
.It Dv \*[Gt] 0 |
|
Allow user requests only for transforms which are hardware-accelerated. |
|
.El |
.It Li kern.defcorename ( KERN_DEFCORENAME ) |
.It Li kern.defcorename ( KERN_DEFCORENAME ) |
Default template for the name of core dump files (see also |
Default template for the name of core dump files (see also |
.Li proc.pid.corename |
.Li proc.pid.corename |
Line 384 and can be changed with the kernel confi |
|
Line 450 and can be changed with the kernel confi |
|
(see |
(see |
.Xr options 4 |
.Xr options 4 |
). |
). |
|
.It Li kern.detachall |
|
Detach all devices at shutdown. |
.It Li kern.domainname ( KERN_DOMAINNAME ) |
.It Li kern.domainname ( KERN_DOMAINNAME ) |
Get or set the YP domain name. |
Get or set the YP domain name. |
.It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC ) |
|
Perform a crash dump on system panic. |
|
.It Li kern.drivers ( KERN_DRIVERS ) |
.It Li kern.drivers ( KERN_DRIVERS ) |
Return an array of |
Return an array of |
.Va struct kinfo_drivers |
.Va struct kinfo_drivers |
Line 399 field is always a NUL terminated string. |
|
Line 465 field is always a NUL terminated string. |
|
The |
The |
.Va d_bmajor |
.Va d_bmajor |
field will be set to \-1 if the driver doesn't have a block device. |
field will be set to \-1 if the driver doesn't have a block device. |
|
.It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC ) |
|
Perform a crash dump on system |
|
.Xr panic 9 . |
.It Li kern.file ( KERN_FILE ) |
.It Li kern.file ( KERN_FILE ) |
Return the entire file table. |
Return the entire file table. |
The returned data consists of a single |
The returned data consists of a single |
Line 428 Returns the number of |
|
Line 497 Returns the number of |
|
.Xr hardclock 9 |
.Xr hardclock 9 |
ticks. |
ticks. |
.It Li kern.hostid ( KERN_HOSTID ) |
.It Li kern.hostid ( KERN_HOSTID ) |
Get or set the host id. |
Get or set the host identifier. |
|
This is aimed to replace the legacy |
|
.Xr gethostid 3 |
|
and |
|
.Xr sethostid 3 |
|
system calls. |
.It Li kern.hostname ( KERN_HOSTNAME ) |
.It Li kern.hostname ( KERN_HOSTNAME ) |
Get or set the hostname. |
Get or set the |
|
.Xr hostname 1 . |
.It Li kern.iov_max ( KERN_IOV_MAX ) |
.It Li kern.iov_max ( KERN_IOV_MAX ) |
Return the maximum number of |
Return the maximum number of |
.Va iovec |
.Va iovec |
Line 442 structures that a process has available |
|
Line 517 structures that a process has available |
|
.Xr sendmsg 2 |
.Xr sendmsg 2 |
and |
and |
.Xr writev 2 . |
.Xr writev 2 . |
|
.It Li kern.ipc ( KERN_SYSVIPC ) |
|
Return information about the SysV IPC parameters. |
|
The third level names for the ipc variables are detailed below. |
|
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Type Changeable |
|
.It kern.ipc.sysvmsg integer no |
|
.It kern.ipc.sysvsem integer no |
|
.It kern.ipc.sysvshm integer no |
|
.It kern.ipc.sysvipc_info struct no |
|
.It kern.ipc.shmmax integer yes |
|
.It kern.ipc.shmmni integer yes |
|
.It kern.ipc.shmseg integer yes |
|
.It kern.ipc.shmmaxpgs integer yes |
|
.It kern.ipc.shm_use_phys integer yes |
|
.It kern.ipc.msgmni integer yes |
|
.It kern.ipc.msgseg integer yes |
|
.It kern.ipc.semmni integer yes |
|
.It kern.ipc.semmns integer yes |
|
.It kern.ipc.semmnu integer yes |
|
.El |
|
.Bl -tag -width "123456" |
|
.It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG ) |
|
Returns 1 if System V style message queue functionality is available |
|
on this system, |
|
otherwise 0. |
|
.It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM ) |
|
Returns 1 if System V style semaphore functionality is available |
|
on this system, |
|
otherwise 0. |
|
.It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM ) |
|
Returns 1 if System V style share memory functionality is available |
|
on this system, |
|
otherwise 0. |
|
.It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO ) |
|
Return System V style IPC configuration and run-time information. |
|
The fourth level name selects the System V style IPC facility. |
|
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
|
.It Sy Fourth level name Type |
|
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
|
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
|
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
|
.El |
|
.Pp |
|
.Bl -tag -width "123456" |
|
.It Li KERN_SYSVIPC_MSG_INFO |
|
Return information on the System V style message facility. |
|
The |
|
.Sy msg_sysctl_info |
|
structure is defined in |
|
.In sys/msg.h . |
|
.It Li KERN_SYSVIPC_SEM_INFO |
|
Return information on the System V style semaphore facility. |
|
The |
|
.Sy sem_sysctl_info |
|
structure is defined in |
|
.In sys/sem.h . |
|
.It Li KERN_SYSVIPC_SHM_INFO |
|
Return information on the System V style shared memory facility. |
|
The |
|
.Sy shm_sysctl_info |
|
structure is defined in |
|
.In sys/shm.h . |
|
.El |
|
.It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX ) |
|
Max shared memory segment size in bytes. |
|
.It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI ) |
|
Max number of shared memory identifiers. |
|
.It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG ) |
|
Max shared memory segments per process. |
|
.It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS ) |
|
Max amount of shared memory in pages. |
|
.It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS ) |
|
Locking of shared memory in physical memory. |
|
If 0, memory can be swapped |
|
out, otherwise it will be locked in physical memory. |
|
.It Li kern.ipc.msgmni |
|
Max number of message queue identifiers. |
|
.It Li kern.ipc.msgseg |
|
Max number of number of message segments. |
|
.It Li kern.ipc.semmni |
|
Max number of number of semaphore identifiers. |
|
.It Li kern.ipc.semmns |
|
Max number of number of semaphores in system. |
|
.It Li kern.ipc.semmnu |
|
Max number of undo structures in system. |
|
.El |
.It Li kern.job_control ( KERN_JOB_CONTROL ) |
.It Li kern.job_control ( KERN_JOB_CONTROL ) |
Return 1 if job control is available on this system, otherwise 0. |
Return 1 if job control is available on this system, otherwise 0. |
.It Li kern.labeloffset ( KERN_LABELOFFSET ) |
.It Li kern.labeloffset ( KERN_LABELOFFSET ) |
Line 488 structures in the networking code, see |
|
Line 649 structures in the networking code, see |
|
The third level names for the mbuf variables are detailed below. |
The third level names for the mbuf variables are detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.mbuf.nmbclusters" "struct integerXXX" -offset indent |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.\" XXX Changeable? really? |
.\" XXX Changeable? really? |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mblowat integer yes |
|
|
Returns 1 if the POSIX 1003.1b Memory Protection Option is available |
Returns 1 if the POSIX 1003.1b Memory Protection Option is available |
on this system, |
on this system, |
otherwise 0. |
otherwise 0. |
|
.It Li kern.module |
|
Settings related to kernel modules. |
|
The third level names for the settings are described below. |
|
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Type Changeable |
|
.It kern.module.autoload integer yes |
|
.It kern.module.verbose integer yes |
|
.El |
|
.Pp |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li kern.module.autoload |
|
A boolean that controls whether kernel modules are loaded automatically. |
|
See |
|
.Xr module 9 |
|
for additional details. |
|
.It Li kern.module.verbose |
|
A boolean that enables or disables verbose |
|
debug messages related to kernel modules. |
|
.El |
.It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK ) |
.It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK ) |
Returns the standard version the implementation of the POSIX 1003.1b |
Returns the standard version the implementation of the POSIX 1003.1b |
Monotonic Clock Option conforms to, |
Monotonic Clock Option conforms to, |
otherwise 0. |
otherwise 0. |
|
.It Li kern.mqueue |
|
Settings related to |
|
.Tn POSIX |
|
message queues; see |
|
.Xr mqueue 3 . |
|
This node is created dynamically when |
|
the corresponding kernel module is loaded. |
|
The third level names for the settings are described below. |
|
.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Type Changeable |
|
.It kern.mqueue.mq_open_max integer yes |
|
.It kern.mqueue.mq_prio_max integer yes |
|
.It kern.mqueue.mq_max_msgsize integer yes |
|
.It kern.mqueue.mq_def_maxmsg integer yes |
|
.It kern.mqueue.mq_max_maxmsg integer yes |
|
.El |
|
.Pp |
|
The variables are: |
|
.Bl -tag -width "123456" |
|
.It Li kern.mqueue.mq_open_max |
|
The maximum number of message queue descriptors any single process can open. |
|
.It Li kern.mqueue.mq_prio_max |
|
The maximum priority of a message. |
|
.It Li kern.mqueue.mq_max_msgsize |
|
The maximum size of a message in a message queue. |
|
.It Li kern.mqueue.mq_def_maxmsg |
|
The default maximum message count. |
|
.It Li kern.mqueue.mq_max_maxmsg |
|
The maximum number of messages in a message queue. |
|
.El |
.It Li kern.msgbuf ( KERN_MSGBUF ) |
.It Li kern.msgbuf ( KERN_MSGBUF ) |
The kernel message buffer, rotated so that the head of the circular kernel |
The kernel message buffer, rotated so that the head of the circular kernel |
message buffer is at the start of the returned data. |
message buffer is at the start of the returned data. |
Line 537 The returned data may contain NUL bytes. |
|
Line 748 The returned data may contain NUL bytes. |
|
The maximum number of characters that the kernel message buffer can hold. |
The maximum number of characters that the kernel message buffer can hold. |
.It Li kern.ngroups ( KERN_NGROUPS ) |
.It Li kern.ngroups ( KERN_NGROUPS ) |
The maximum number of supplemental groups. |
The maximum number of supplemental groups. |
|
.\" .It Li kern.no_sa_support |
|
.\" XXX: Undocumented. |
.It Li kern.ntptime ( KERN_NTPTIME ) |
.It Li kern.ntptime ( KERN_NTPTIME ) |
A |
A |
.Va struct ntptimeval |
.Va struct ntptimeval |
Line 550 The system release string. |
|
Line 763 The system release string. |
|
The system revision string. |
The system revision string. |
.It Li kern.ostype ( KERN_OSTYPE ) |
.It Li kern.ostype ( KERN_OSTYPE ) |
The system type string. |
The system type string. |
|
.\".It Li kern.panic_now |
|
.\" XXX: Undocumented. |
.It Li kern.pipe ( KERN_PIPE ) |
.It Li kern.pipe ( KERN_PIPE ) |
Pipe settings. |
Pipe settings. |
The third level names for the integer pipe settings is detailed below. |
The third level names for the integer pipe settings is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.pipe.maxbigpipesXXX" "integerXXX" -offset indent |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxbigpipes integer yes |
Line 577 Limit for direct transfers via page loan |
|
Line 792 Limit for direct transfers via page loan |
|
.It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES ) |
.It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES ) |
Number of "big" pipes. |
Number of "big" pipes. |
.El |
.El |
|
.\" XXX: Undocumented .It Li kern.posix ( ? ) |
|
.\" This is a node in which the only variable is semmax. |
.It Li kern.posix1version ( KERN_POSIX1 ) |
.It Li kern.posix1version ( KERN_POSIX1 ) |
The version of ISO/IEC 9945 (POSIX 1003.1) with which the system |
The version of ISO/IEC 9945 (POSIX 1003.1) with which the system |
attempts to comply. |
attempts to comply. |
|
.It Li kern.posix_aio |
|
The version of |
|
.St -p1003.1 |
|
and its Asynchronous I/O option to which the system attempts to conform. |
.It Li kern.posix_barriers ( KERN_POSIX_BARRIERS ) |
.It Li kern.posix_barriers ( KERN_POSIX_BARRIERS ) |
The version of |
The version of |
.St -p1003.1 |
.St -p1003.1 |
|
|
Read-Write Locks |
Read-Write Locks |
option to which the system attempts to conform, |
option to which the system attempts to conform, |
otherwise 0. |
otherwise 0. |
|
.\".It Li kern.posix_sched |
|
.\" XXX: Undocumented. |
.It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES ) |
.It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES ) |
The version of |
The version of |
.St -p1003.1 |
.St -p1003.1 |
|
|
structures is returned, |
structures is returned, |
whose size depends on the current number of such objects in the system. |
whose size depends on the current number of such objects in the system. |
The third and fourth level numeric names are as follows: |
The third and fourth level numeric names are as follows: |
.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.It Sy Third level name Fourth level is: |
.It Sy Third level name Fourth level is: |
.It KERN\_PROC\_ALL None |
.It KERN_PROC_ALL None |
.It KERN\_PROC\_GID A group ID |
.It KERN_PROC_GID A group ID |
.It KERN\_PROC\_PID A process ID |
.It KERN_PROC_PID A process ID |
.It KERN\_PROC\_PGRP A process group |
.It KERN_PROC_PGRP A process group |
.It KERN\_PROC\_RGID A real group ID |
.It KERN_PROC_RGID A real group ID |
.It KERN\_PROC\_RUID A real user ID |
.It KERN_PROC_RUID A real user ID |
.It KERN\_PROC\_SESSION A session ID |
.It KERN_PROC_SESSION A session ID |
.It KERN\_PROC\_TTY A tty device |
.It KERN_PROC_TTY A tty device |
.It KERN\_PROC\_UID A user ID |
.It KERN_PROC_UID A user ID |
.El |
.El |
.It Li kern.proc2 ( KERN_PROC2 ) |
.It Li kern.proc2 ( KERN_PROC2 ) |
As for KERN_PROC, but an array of |
As for KERN_PROC, but an array of |
|
|
Multiple strings are returned separated by NUL characters. |
Multiple strings are returned separated by NUL characters. |
The third level name is the process ID. |
The third level name is the process ID. |
The fourth level name is as follows: |
The fourth level name is as follows: |
.Bl -column "Third level nameXXXXXX" -offset indent |
.Bl -column "KERN_PROG_NARGV" "The number of environ strings" -offset indent |
.It KERN\_PROC\_ARGV The argv strings |
.It KERN_PROC_ARGV The argv strings |
.It KERN\_PROC\_ENV The environ strings |
.It KERN_PROC_ENV The environ strings |
.It KERN\_PROC\_NARGV The number of argv strings |
.It KERN_PROC_NARGV The number of argv strings |
.It KERN\_PROC\_NENV The number of environ strings |
.It KERN_PROC_NENV The number of environ strings |
.El |
.El |
.It Li kern.profiling ( KERN_PROF ) |
.It Li kern.profiling ( KERN_PROF ) |
Return profiling information about the kernel. |
Return profiling information about the kernel. |
Line 670 The third level names for the string and |
|
Line 893 The third level names for the string and |
|
is detailed below. |
is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" -offset indent |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
|
|
.Va struct tostruct |
.Va struct tostruct |
describing destination of calls and their counts. |
describing destination of calls and their counts. |
.El |
.El |
|
.\" .It Li kern.pset |
|
.\" XXX: Undocumented. |
.It Li kern.rawpartition ( KERN_RAWPARTITION ) |
.It Li kern.rawpartition ( KERN_RAWPARTITION ) |
The raw partition of a disk (a == 0). |
The raw partition of a disk (a == 0). |
.It Li kern.root_device ( KERN_ROOT_DEVICE ) |
.It Li kern.root_device ( KERN_ROOT_DEVICE ) |
Line 711 Returns 1 if saved set-group and saved s |
|
Line 936 Returns 1 if saved set-group and saved s |
|
Maximum socket buffer size. |
Maximum socket buffer size. |
.\" XXX units? |
.\" XXX units? |
.It Li kern.securelevel ( KERN_SECURELVL ) |
.It Li kern.securelevel ( KERN_SECURELVL ) |
The system security level. |
See |
This level may be raised by processes with appropriate privilege. |
.Xr secmodel_securelevel 9 . |
It may only be lowered by process 1. |
.\" .It Li kern.sched |
|
.\" XXX: Undocumented. |
.It Li kern.somaxkva ( KERN_SOMAXKVA ) |
.It Li kern.somaxkva ( KERN_SOMAXKVA ) |
Maximum amount of kernel memory to be used for socket buffers. |
Maximum amount of kernel memory to be used for socket buffers. |
.\" XXX units? |
.\" XXX units? |
Line 721 Maximum amount of kernel memory to be us |
|
Line 947 Maximum amount of kernel memory to be us |
|
Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available |
Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available |
on this system, |
on this system, |
otherwise 0. |
otherwise 0. |
.It Li kern.ipc ( KERN_SYSVIPC ) |
.It Li kern.timecounter ( dynamic ) |
Return information about the SysV IPC parameters. |
Display and control the timecounter source of the system. |
The third level names for the ipc variables are detailed below. |
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
.Bl -column "KERN_SYSVIPC_MSGXXX" "integerXXX" "noXXX" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.timecounter.choice string no |
.It kern.ipc.sysvmsg integer no |
.It kern.timecounter.hardware string yes |
.It kern.ipc.sysvsem integer no |
.It kern.timecounter.timestepwarnings integer yes |
.It kern.ipc.sysvshm integer no |
|
.It kern.ipc.sysvipc_info struct no |
|
.It kern.ipc.shmmax integer no |
|
.It kern.ipc.shmmni integer yes |
|
.It kern.ipc.shmseg integer yes |
|
.It kern.ipc.shmmaxpgs integer yes |
|
.It kern.ipc.shm_use_phys integer yes |
|
.El |
|
.Bl -tag -width "123456" |
|
.It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG ) |
|
Returns 1 if System V style message queue functionality is available |
|
on this system, |
|
otherwise 0. |
|
.It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM ) |
|
Returns 1 if System V style semaphore functionality is available |
|
on this system, |
|
otherwise 0. |
|
.It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM ) |
|
Returns 1 if System V style share memory functionality is available |
|
on this system, |
|
otherwise 0. |
|
.It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO ) |
|
Return System V style IPC configuration and run-time information. |
|
The fourth level name selects the System V style IPC facility. |
|
.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent |
|
.It Sy Fourth level name Type |
|
.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info |
|
.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info |
|
.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info |
|
.El |
.El |
.Pp |
.Pp |
|
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li KERN_SYSVIPC_MSG_INFO |
.It Li kern.timecounter.choice ( dynamic ) |
Return information on the System V style message facility. |
The list of available timecounters with their quality and frequency. |
The |
.It Li kern.timecounter.hardware ( dynamic ) |
.Sy msg_sysctl_info |
The currently selected timecounter source. |
structure is defined in |
.It Li kern.timecounter.timestepwarnings ( dynamic ) |
.Aq Pa sys/msg.h . |
If non-zero display a message each time the time is stepped. |
.It Li KERN_SYSVIPC_SEM_INFO |
|
Return information on the System V style semaphore facility. |
|
The |
|
.Sy sem_sysctl_info |
|
structure is defined in |
|
.Aq Pa sys/sem.h . |
|
.It Li KERN_SYSVIPC_SHM_INFO |
|
Return information on the System V style shared memory facility. |
|
The |
|
.Sy shm_sysctl_info |
|
structure is defined in |
|
.Aq Pa sys/shm.h . |
|
.El |
|
.It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX ) |
|
Max shared memory segment size in bytes. |
|
.It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI ) |
|
Max number of shared memory identifiers. |
|
.It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG ) |
|
Max shared memory segments per process. |
|
.It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS ) |
|
Max amount of shared memory in pages. |
|
.It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS ) |
|
Locking of shared memory in physical memory. |
|
If 0, memory can be swapped |
|
out, otherwise it will be locked in physical memory. |
|
.El |
.El |
.It Li kern.timex ( KERN_TIMEX ) |
.It Li kern.timex ( KERN_TIMEX ) |
Not available. |
Not available. |
|
|
The third level names for the tty statistic variables are detailed below. |
The third level names for the tty statistic variables are detailed below. |
The changeable column shows whether a process |
The changeable column shows whether a process |
with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nin quad no |
Line 821 The number of raw input characters. |
|
Line 994 The number of raw input characters. |
|
.El |
.El |
.It Li kern.urandom ( KERN_URND ) |
.It Li kern.urandom ( KERN_URND ) |
Random integer value. |
Random integer value. |
|
.It Li kern.usercrypto |
|
When enabled, allows userland to |
|
.Xr open 2 |
|
the |
|
.Pa /dev/crypto |
|
special device, used by the |
|
.Xr crypto 4 |
|
system. |
|
.It Li kern.userasymcrypto |
|
Enables or disables the use of software asymmetric crypto support in the |
|
.Xr crypto 4 |
|
system. |
.It Li kern.veriexec |
.It Li kern.veriexec |
Tunings for Verixec. |
Runtime information for |
|
.Xr veriexec 8 . |
|
.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Type Changeable |
|
.It kern.veriexec.algorithms string no |
|
.It kern.veriexec.count node not applicable |
|
.It kern.veriexec.strict integer yes |
|
.It kern.veriexec.verbose integer yes |
|
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.veriexec.algorithms |
.It Li kern.veriexec.algorithms |
Returns a string with the supported algorithms in Veriexec. |
Returns a string with the supported algorithms in Veriexec. |
Line 860 Each element of the array contains the k |
|
Line 1053 Each element of the array contains the k |
|
.Va struct vnode * |
.Va struct vnode * |
followed by the vnode itself |
followed by the vnode itself |
.Va struct vnode . |
.Va struct vnode . |
.It Li kern.coredump.setid |
.\" XXX: Undocumented: kern.lwp: no children? |
Settings related to set-id processes coredumps. |
|
By default, set-id processes do not dump core in situations where |
|
other processes would. |
|
The settings in this node allows an administrator to change this |
|
behavior. |
|
.Pp |
|
.Bl -tag -width "123456" |
|
.It Li kern.coredump.setid.dump |
|
If non-zero, set-id processes will dump core. |
|
.It Li kern.coredump.setid.group |
|
The group-id for the set-id processes' coredump. |
|
.It Li kern.coredump.setid.mode |
|
The mode for the set-id processes' coredump. |
|
See |
|
.Xr chmod 1 . |
|
.It Li kern.coredump.setid.owner |
|
The user-id that will be used as the owner of the set-id processes' |
|
coredump. |
|
.It Li kern.coredump.setid.path |
|
The path to which set-id processes' coredumps will be saved to. |
|
Same syntax as kern.defcorename. |
|
.El |
.El |
.\" XXX kern.lwp |
.Ss The machdep.* subtree |
.El |
|
.Sh The machdep.* subtree |
|
The set of variables defined is architecture dependent. |
The set of variables defined is architecture dependent. |
Most architectures define at least the following variables. |
Most architectures define at least the following variables. |
.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent |
.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It Li CPU_CONSDEV dev_t no |
.It Li machdep.booted_kernel string no |
.El |
.El |
.Sh The net.* subtree |
.\" XXX: Document the above. |
|
.Ss The net.* subtree |
The string and integer information available for the |
The string and integer information available for the |
.Li net |
.Li net |
level is detailed below. |
level is detailed below. |
Line 900 The changeable column shows whether a pr |
|
Line 1071 The changeable column shows whether a pr |
|
privilege may change the value. |
privilege may change the value. |
The second and third levels are typically the protocol family and |
The second and third levels are typically the protocol family and |
protocol number, though this is not always the case. |
protocol number, though this is not always the case. |
.Bl -column "Second level nameX" "IPsec key management valuesX" -offset indent |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It net.route routing messages no |
.It net.route routing messages no |
.It net.inet IPv4 values yes |
.It net.inet IPv4 values yes |
Line 921 The third level name is a protocol numbe |
|
Line 1092 The third level name is a protocol numbe |
|
The fourth level name is an address family, which may be set to 0 to |
The fourth level name is an address family, which may be set to 0 to |
select all address families. |
select all address families. |
The fifth and sixth level names are as follows: |
The fifth and sixth level names are as follows: |
.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.It Sy Fifth level name Sixth level is: |
.It Sy Fifth level name Sixth level is: |
.It NET\_RT\_FLAGS rtflags |
.It NET_RT_FLAGS rtflags |
.It NET\_RT\_DUMP None |
.It NET_RT_DUMP None |
.It NET\_RT\_IFLIST None |
.It NET_RT_IFLIST None |
.El |
.El |
.It Li net.inet ( PF_INET ) |
.It Li net.inet ( PF_INET ) |
Get or set various global information about the IPv4 |
Get or set various global information about the IPv4 |
Line 933 Get or set various global information ab |
|
Line 1104 Get or set various global information ab |
|
The third level name is the protocol. |
The third level name is the protocol. |
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol name" "sack.globalmaxholes" "integer" -offset 4n |
.Bl -column "Protocol name" "sack.globalmaxholes" "integer" "Changeable" -offset 4n |
.It Sy Protocol name Variable name Type Changeable |
.It Sy Protocol name Variable name Type Changeable |
.It arp down integer yes |
.It arp down integer yes |
.It arp keep integer yes |
.It arp keep integer yes |
Line 947 The currently defined protocols and name |
|
Line 1118 The currently defined protocols and name |
|
.It icmp maskrepl integer yes |
.It icmp maskrepl integer yes |
.It icmp rediraccept integer yes |
.It icmp rediraccept integer yes |
.It icmp redirtimeout integer yes |
.It icmp redirtimeout integer yes |
|
.It icmp bmcastecho integer yes |
.It ip allowsrcrt integer yes |
.It ip allowsrcrt integer yes |
.It ip anonportmax integer yes |
.It ip anonportmax integer yes |
.It ip anonportmin integer yes |
.It ip anonportmin integer yes |
|
|
This defaults to 600 seconds. |
This defaults to 600 seconds. |
.It Li icmp.returndatabytes |
.It Li icmp.returndatabytes |
Number of bytes to return in an ICMP error message. |
Number of bytes to return in an ICMP error message. |
|
.It Li icmp.bmcastecho |
|
If set to 1, enables responding to ICMP echo or timestamp request to the |
|
broadcast address. |
.It Li tcp.ack_on_push |
.It Li tcp.ack_on_push |
If set to 1, TCP is to immediately transmit an ACK upon reception of |
If set to 1, TCP is to immediately transmit an ACK upon reception of |
a packet with PUSH set. |
a packet with PUSH set. |
Line 1297 Get or set various global information ab |
|
Line 1472 Get or set various global information ab |
|
The third level name is the protocol. |
The third level name is the protocol. |
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent |
.Bl -column "Protocol name" "do_loopback_cksum" "integer" "Changeable" -offset indent |
.It Sy Protocol name Variable name Type Changeable |
.It Sy Protocol name Variable name Type Changeable |
.It icmp6 errppslimit integer yes |
.It icmp6 errppslimit integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_hiwat integer yes |
Line 1563 For variables net.*.ipsec6, please refer |
|
Line 1738 For variables net.*.ipsec6, please refer |
|
Get or set various global information about the IPsec key management. |
Get or set various global information about the IPsec key management. |
The third level name is the variable name. |
The third level name is the variable name. |
The currently defined variable and names are: |
The currently defined variable and names are: |
.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.It Sy Variable name Type Changeable |
.It Sy Variable name Type Changeable |
.It debug integer yes |
.It debug integer yes |
.It spi_try integer yes |
.It spi_try integer yes |
Line 1576 The currently defined variable and names |
|
Line 1751 The currently defined variable and names |
|
.It esp_auth integer yes |
.It esp_auth integer yes |
.It ah_keymin integer yes |
.It ah_keymin integer yes |
.El |
.El |
|
.Pp |
The variables are as follows: |
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li debug |
.It Li debug |
Line 1612 The value is used when the kernel create |
|
Line 1788 The value is used when the kernel create |
|
on ACQUIRE PF_KEY message. |
on ACQUIRE PF_KEY message. |
.El |
.El |
.El |
.El |
.Sh The proc.* subtree |
.Ss The proc.* subtree |
The string and integer information available for the |
The string and integer information available for the |
.Li proc |
.Li proc |
level is detailed below. |
level is detailed below. |
Line 1626 When a set-user-ID or set-group-ID binar |
|
Line 1802 When a set-user-ID or set-group-ID binar |
|
value of PROC_PID_CORENAME is reset to the system default value. |
value of PROC_PID_CORENAME is reset to the system default value. |
The second level name is either the magic value PROC_CURPROC, which |
The second level name is either the magic value PROC_CURPROC, which |
points to the current process, or the PID of the target process. |
points to the current process, or the PID of the target process. |
.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It proc.pid.corename string yes |
.It proc.pid.corename string yes |
.It proc.pid.rlimit node not applicable |
.It proc.pid.rlimit node not applicable |
Line 1635 points to the current process, or the PI |
|
Line 1811 points to the current process, or the PI |
|
.It proc.pid.stopexit int yes |
.It proc.pid.stopexit int yes |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.Pp |
|
.It Li proc.pid.corename ( PROC_PID_CORENAME ) |
.It Li proc.pid.corename ( PROC_PID_CORENAME ) |
The template used for the core dump file name (see |
The template used for the core dump file name (see |
.Xr core 5 |
.Xr core 5 |
|
|
The maximum number of simultaneous processes for this user id. |
The maximum number of simultaneous processes for this user id. |
.It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE ) |
.It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE ) |
The maximum number of open files for this process. |
The maximum number of open files for this process. |
.\" XXX proc.pid.rlimit.sbsize |
.It Li proc.pid.rlimit.sbsize ( PROC_PID_LIMIT_SBSIZE ) |
|
The maximum size (in bytes) of the socket buffers |
|
set by the |
|
.Xr setsockopt 2 |
|
.Dv SO_RCVBUF |
|
and |
|
.Dv SO_SNDBUF |
|
options. |
.El |
.El |
.Pp |
.Pp |
The fifth level name is one of |
The fifth level name is one of |
Line 1738 before it disappears. |
|
Line 1920 before it disappears. |
|
.Pp |
.Pp |
This value is also inherited by the process's children. |
This value is also inherited by the process's children. |
.El |
.El |
.Sh The user.* subtree ( CTL_USER ) |
.Ss The user.* subtree ( CTL_USER ) |
The string and integer information available for the |
The string and integer information available for the |
.Li user |
.Li user |
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It user.atexit_max integer no |
.It user.atexit_max integer no |
.It user.bc_base_max integer no |
.It user.bc_base_max integer no |
Line 1770 privilege may change the value. |
|
Line 1952 privilege may change the value. |
|
.It user.tzname_max integer no |
.It user.tzname_max integer no |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.Pp |
|
.It Li user.atexit_max ( USER_ATEXIT_MAX ) |
.It Li user.atexit_max ( USER_ATEXIT_MAX ) |
The maximum number of functions that may be registered with |
The maximum number of functions that may be registered with |
.Xr atexit 3 . |
.Xr atexit 3 . |
Line 1833 The version of POSIX 1003.2 with which t |
|
Line 2014 The version of POSIX 1003.2 with which t |
|
.It Li user.re_dup_max ( USER_RE_DUP_MAX ) |
.It Li user.re_dup_max ( USER_RE_DUP_MAX ) |
The maximum number of repeated occurrences of a regular expression |
The maximum number of repeated occurrences of a regular expression |
permitted when using interval notation. |
permitted when using interval notation. |
.ne 1i |
|
.It Li user.stream_max ( USER_STREAM_MAX ) |
.It Li user.stream_max ( USER_STREAM_MAX ) |
The minimum maximum number of streams that a process may have open |
The minimum maximum number of streams that a process may have open |
at any one time. |
at any one time. |
Line 1841 at any one time. |
|
Line 2021 at any one time. |
|
The minimum maximum number of types supported for the name of a |
The minimum maximum number of types supported for the name of a |
timezone. |
timezone. |
.El |
.El |
.Sh The vm.* subtree ( CTL_VM ) |
.Ss The vm.* subtree ( CTL_VM ) |
The string and integer information available for the |
The string and integer information available for the |
.Li vm |
.Li vm |
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level nameXXXXXX" "struct uvmexp_sysctlXXX" -offset indent |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It vm.anonmax int yes |
.It vm.anonmax int yes |
.It vm.anonmin int yes |
.It vm.anonmin int yes |
Line 1908 The value of the maxslp kernel global va |
|
Line 2088 The value of the maxslp kernel global va |
|
Return system wide virtual memory statistics. |
Return system wide virtual memory statistics. |
The returned data consists of a |
The returned data consists of a |
.Va struct vmtotal . |
.Va struct vmtotal . |
|
.It vm.user_va0_disable |
|
A flag which controls whether user processes can map virtual address 0. |
.It Li vm.uspace ( VM_USPACE ) |
.It Li vm.uspace ( VM_USPACE ) |
The number of bytes allocated for each kernel stack. |
The number of bytes allocated for each kernel stack. |
.It Li vm.uvmexp ( VM_UVMEXP ) |
.It Li vm.uvmexp ( VM_UVMEXP ) |
Line 1920 The returned data consists of a |
|
Line 2102 The returned data consists of a |
|
.Va struct uvmexp_sysctl . |
.Va struct uvmexp_sysctl . |
.\" XXX vm.idlezero |
.\" XXX vm.idlezero |
.El |
.El |
.Sh The ddb.* subtree ( CTL_DDB ) |
.Ss The ddb.* subtree ( CTL_DDB ) |
The integer information available for the |
The information available for the |
.Li ddb |
.Li ddb |
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.\" XXX sort |
.\" XXX sort |
.Bl -column "ddb.fromconsoleXXX" "integerXXX" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It ddb.radix integer yes |
.It ddb.radix integer yes |
.It ddb.maxoff integer yes |
.It ddb.maxoff integer yes |
|
.It ddb.maxwidth integer yes |
.It ddb.lines integer yes |
.It ddb.lines integer yes |
.It ddb.tabstops integer yes |
.It ddb.tabstops integer yes |
.It ddb.onpanic integer yes |
.It ddb.onpanic integer yes |
.It ddb.fromconsole integer yes |
.It ddb.fromconsole integer yes |
|
.It ddb.tee_msgbuf integer yes |
|
.It ddb.commandonenter string yes |
.El |
.El |
.Pp |
.Pp |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li ddb.radix ( DBCTL_RADIX ) |
.It Li ddb.radix ( DDBCTL_RADIX ) |
The input and output radix. |
The input and output radix. |
.It Li ddb.maxoff ( DBCTL_MAXOFF ) |
.It Li ddb.maxoff ( DDBCTL_MAXOFF ) |
The maximum symbol offset. |
The maximum symbol offset. |
.It Li ddb.lines ( DBCTL_LINES ) |
.It Li ddb.maxwidth ( DDBCTL_MAXWIDTH ) |
|
The maximum output line width. |
|
.It Li ddb.lines ( DDBCTL_LINES ) |
Number of display lines. |
Number of display lines. |
.It Li ddb.tabstops ( DBCTL_TABSTOPS ) |
.It Li ddb.tabstops ( DDBCTL_TABSTOPS ) |
Tab width. |
Tab width. |
.It Li ddb.onpanic ( DBCTL_ONPANIC ) |
.It Li ddb.onpanic ( DDBCTL_ONPANIC ) |
If non-zero, DDB will be entered when the kernel panics. |
If non-zero, DDB will be entered if the kernel panics. |
.It Li ddb.fromconsole ( DBCTL_FROMCONSOLE ) |
.It Li ddb.fromconsole ( DDBCTL_FROMCONSOLE ) |
If not zero, DDB may be entered by sending a break on a serial |
If not zero, DDB may be entered by sending a break on a serial |
console or by a special key sequence on a graphics console. |
console or by a special key sequence on a graphics console. |
.\" XXX tee_msgbuf maxwidth commandonenter |
.It Li ddb.tee_msgbuf |
|
If not zero, DDB will output also to the kernel message buffer. |
|
.It Li ddb.commandonenter |
|
If not empty, a command to be executed on each enter to the |
|
.Tn DDB . |
|
.\" |
|
.\" XXX: (a) ddb.commandonenter is missing in ddb(4); |
|
.\" (b) No DDBCTL definitions for tee_msgbuf and commandonenter. |
.El |
.El |
.Pp |
.Pp |
These MIB nodes are also available as variables from within the DDB. |
Some of these |
|
.Tn MIB |
|
nodes are also available as variables from within the debugger. |
See |
See |
.Xr ddb 4 |
.Xr ddb 4 |
for more details. |
for more details. |
.Sh The security.* subtree ( CTL_SECURITY ) |
.Ss The security.* subtree ( CTL_SECURITY ) |
The |
The |
.Li security |
.Li security |
level contains various security-related settings for |
level contains various security-related settings for |
the system. |
the system. |
|
The available second level names are: |
|
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
|
.It Sy Second level name Type Changeable |
|
.It Li security.curtain integer yes |
|
.It Li security.models node not applicable |
|
.It Li security.pax node not applicable |
|
.El |
|
.Pp |
Available settings are detailed below. |
Available settings are detailed below. |
.Pp |
.Pp |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li security.curtain |
.It Li security.curtain |
If non-zero, will filter return objects according to the user-id |
If non-zero, will filter return objects according to the user |
|
.Tn ID |
requesting information about them, preventing from users any |
requesting information about them, preventing from users any |
access to objects they don't own. |
access to objects they do not own. |
.Pp |
.Pp |
At the moment, it affects |
At the moment, it affects |
.Xr ps 1 , |
.Xr ps 1 , |
|
|
.It Li security.models |
.It Li security.models |
.Nx |
.Nx |
supports pluggable security models. |
supports pluggable security models. |
Every security model used, whether if loaded as an LKM or built with the system, |
Every security model used, whether if loaded as a module or built with the system, |
is required to add an entry to this node with at least one element, |
is required to add an entry to this node with at least one element, |
.Dq name , |
.Dq name , |
indicating the name of the security model. |
indicating the name of the security model. |
Line 2000 For more information on any of the PaX f |
|
Line 2205 For more information on any of the PaX f |
|
.Xr paxctl 8 |
.Xr paxctl 8 |
and |
and |
.Xr security 8 . |
.Xr security 8 . |
|
The available third and fourth level names are: |
|
.Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \ |
|
-offset 2n |
|
.It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable |
|
.It Li security.pax.aslr.enabled integer yes |
|
.\".It Li security.pax.aslr.exec_len integer yes |
|
.It Li security.pax.aslr.global integer yes |
|
.\".It Li security.pax.aslr.mmap_len integer yes |
|
.\".It Li security.pax.aslr.stack_len integer yes |
|
.It Li security.pax.mprotect.enabled integer yes |
|
.It Li security.pax.mprotect.global integer yes |
|
.It Li security.pax.segvguard.enabled integer yes |
|
.It Li security.pax.segvguard.expiry_timeout integer yes |
|
.It Li security.pax.segvguard.global integer yes |
|
.It Li security.pax.segvguard.max_crashes integer yes |
|
.It Li security.pax.segvguard.suspend_timeout integer yes |
|
.El |
.Pp |
.Pp |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li security.pax.aslr.enable |
.It Li security.pax.aslr.enabled |
Enable PaX ASLR (Address Space Layout Randomization). |
Enable PaX ASLR (Address Space Layout Randomization). |
.Pp |
.Pp |
The value of this |
The value of this |
knob must be non-zero for PaX ASLR to be enabled, even if a program is set to |
knob must be non-zero for PaX ASLR to be enabled, even if a program is set to |
explicit enable. |
explicit enable. |
|
.\".It Li security.pax.aslr.exec_len |
|
.\" XXX: Undocumented. |
.It Li security.pax.aslr.global |
.It Li security.pax.aslr.global |
Specifies the default global policy for programs without an |
Specifies the default global policy for programs without an |
explicit enable/disable flag. |
explicit enable/disable flag. |
Line 2017 When non-zero, all programs will get PaX |
|
Line 2241 When non-zero, all programs will get PaX |
|
Otherwise, all programs will not get PaX ASLR, except those specifically |
Otherwise, all programs will not get PaX ASLR, except those specifically |
marked as such with |
marked as such with |
.Xr paxctl 8 . |
.Xr paxctl 8 . |
.It Li security.pax.mprotect.enable |
.\".It Li security.pax.aslr.mmap_len |
|
.\" XXX: Undocumented. |
|
.\" .It Li security.pax.aslr.stack_len |
|
.\" XXX: Undocumented. |
|
.It Li security.pax.mprotect.enabled |
Enable PaX MPROTECT restrictions. |
Enable PaX MPROTECT restrictions. |
.Pp |
.Pp |
These are |
These are |
Line 2036 except those exempted with |
|
Line 2264 except those exempted with |
|
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
except those specifically marked as such with |
except those specifically marked as such with |
.Xr paxctl 8 . |
.Xr paxctl 8 . |
.It Li security.pax.segvguard.enable |
.It Li security.pax.segvguard.enabled |
Enable PaX Segvguard. |
Enable PaX Segvguard. |
.Pp |
.Pp |
PaX Segvguard can detect and prevent certain exploitation attempts, where |
PaX Segvguard can detect and prevent certain exploitation attempts, where |
|
|
.Nx |
.Nx |
interface and implementation of the Segvguard is still experimental, and may |
interface and implementation of the Segvguard is still experimental, and may |
change in future releases. |
change in future releases. |
|
.It Li security.pax.segvguard.expiry_timeout |
|
If the max number was not reached within this timeout (in seconds), the entry |
|
will expire. |
.It Li security.pax.segvguard.global |
.It Li security.pax.segvguard.global |
Specifies the default global policy for programs without an |
Specifies the default global policy for programs without an |
explicit enable/disable flag. |
explicit enable/disable flag. |
Line 2058 except those exempted with |
|
Line 2289 except those exempted with |
|
Otherwise, no program will get the PaX Segvguard restrictions, |
Otherwise, no program will get the PaX Segvguard restrictions, |
except those specifically marked as such with |
except those specifically marked as such with |
.Xr paxctl 8 . |
.Xr paxctl 8 . |
.It Li security.pax.segvguard.expiry_timeout |
.It Li security.pax.segvguard.max_crashes |
If the max number was not reached within this timeout (in seconds), the entry |
The maximum number of segfaults a program can receive before suspension. |
will expire. |
|
.It Li security.pax.segvguard.suspend_timeout |
.It Li security.pax.segvguard.suspend_timeout |
Number of seconds to suspend a user from running a faulting program when the |
Number of seconds to suspend a user from running a faulting program when the |
limit was exceeded. |
limit was exceeded. |
.It Li security.pax.segvguard.max_crashes |
|
Max number of segfaults a program can receive before suspension. |
|
.El |
.El |
.El |
.El |
.Sh The vendor.* subtree ( CTL_VENDOR ) |
.Ss The vendor.* subtree ( CTL_VENDOR ) |
The |
The |
.Li vendor |
.Li vendor |
toplevel name is reserved to be used by vendors who wish to |
toplevel name is reserved to be used by vendors who wish to |