version 1.2, 2006/12/23 07:33:16 |
version 1.120, 2017/12/28 23:16:57 |
|
|
.\" |
.\" |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" |
.\" |
.Dd December 4, 2006 |
.Dd December 28, 2017 |
.Dt SYSCTL 7 |
.Dt SYSCTL 7 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
Line 68 sysctl variable relative to the upper le |
|
Line 68 sysctl variable relative to the upper le |
|
See the |
See the |
.Xr sysctl 3 |
.Xr sysctl 3 |
manual page for programming examples. |
manual page for programming examples. |
.Sh Top level names |
.Ss Top level names |
The top level names are defined with a CTL_ prefix in |
The top level names are defined with a |
.Aq Pa sys/sysctl.h , |
.Va CTL_ |
|
prefix in |
|
.In sys/sysctl.h , |
and are as follows. |
and are as follows. |
The next and subsequent levels down are found in the include files |
The next and subsequent levels down are found in the include files |
listed here, and described in separate sections below. |
listed here, and described in separate sections below. |
.Bl -column securityXX CTLXSECURITYXX "Next level namesXX" |
.Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits" |
.It Sy Name Constant Next level names Description |
.It Sy Name Ta Sy Constant Ta Sy Next level names Ta Sy Description |
.It kern CTL\_KERN sys/sysctl.h High kernel limits |
.It kern Ta Dv CTL_KERN Ta In sys/sysctl.h Ta High kernel limits |
.It vm CTL\_VM uvm/uvm_param.h Virtual memory |
.It vm Ta Dv CTL_VM Ta In uvm/uvm_param.h Ta Virtual memory |
.It vfs CTL\_VFS sys/mount.h Filesystem |
.It vfs Ta Dv CTL_VFS Ta In sys/mount.h Ta Filesystem |
.It net CTL\_NET sys/socket.h Networking |
.It net Ta Dv CTL_NET Ta In sys/socket.h Ta Networking |
.It debug CTL\_DEBUG sys/sysctl.h Debugging |
.It debug Ta Dv CTL_DEBUG Ta In sys/sysctl.h Ta Debugging |
.It hw CTL\_HW sys/sysctl.h Generic CPU, I/O |
.It hw Ta Dv CTL_HW Ta In sys/sysctl.h Ta Generic CPU, I/O |
.It machdep CTL\_MACHDEP sys/sysctl.h Machine dependent |
.It machdep Ta Dv CTL_MACHDEP Ta In sys/sysctl.h Ta Machine dependent |
.It user CTL\_USER sys/sysctl.h User-level |
.It user Ta Dv CTL_USER Ta In sys/sysctl.h Ta User-level |
.It ddb CTL\_DDB sys/sysctl.h In-kernel debugger |
.It ddb Ta Dv CTL_DDB Ta In sys/sysctl.h Ta In-kernel debugger |
.It proc CTL\_PROC sys/sysctl.h Per-process |
.It proc Ta Dv CTL_PROC Ta In sys/sysctl.h Ta Per-process |
.It vendor CTL\_VENDOR ? Vendor specific |
.It vendor Ta Dv CTL_VENDOR Ta ? Ta Vendor specific |
.It emul CTL\_EMUL sys/sysctl.h Emulation settings |
.It emul Ta Dv CTL_EMUL Ta In sys/sysctl.h Ta Emulation settings |
.It security CTL\_SECURITY sys/sysctl.h Security settings |
.It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h Ta Security settings |
.El |
.El |
.Sh The debug.* subtree |
.Ss The debug.* subtree |
The debugging variables vary from system to system. |
The debugging variables vary from system to system. |
A debugging variable may be added or deleted without need to recompile |
A debugging variable may be added or deleted without need to recompile |
.Nm |
.Nm |
Line 100 Each time it runs, |
|
Line 102 Each time it runs, |
|
gets the list of debugging variables from the kernel and |
gets the list of debugging variables from the kernel and |
displays their current values. |
displays their current values. |
The system defines twenty |
The system defines twenty |
.Va ( struct ctldebug ) |
.Vt ( struct ctldebug ) |
variables named |
variables named |
.Dv debug0 |
.Dv debug0 |
through |
through |
Line 110 individually initialized at the location |
|
Line 112 individually initialized at the location |
|
The loader prevents multiple use of the same variable by issuing errors |
The loader prevents multiple use of the same variable by issuing errors |
if a variable is initialized in more than one place. |
if a variable is initialized in more than one place. |
For example, to export the variable |
For example, to export the variable |
.Dv dospecialcheck |
.Va dospecialcheck |
as a debugging variable, the following declaration would be used: |
as a debugging variable, the following declaration would be used: |
|
.Pp |
.Bd -literal -offset indent -compact |
.Bd -literal -offset indent -compact |
int dospecialcheck = 1; |
int dospecialcheck = 1; |
struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; |
struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; |
.Ed |
.Ed |
.Pp |
.Pp |
Note that the dynamic implementation of |
Note that the dynamic implementation of |
|
|
.\" and |
.\" and |
.\" .Xr sysctl 9 |
.\" .Xr sysctl 9 |
for more information. |
for more information. |
.Sh The vfs.* subtree |
.Ss The vfs.* subtree |
A distinguished second level name, |
A distinguished second level name, |
.Li vfs.generic ( VFS_GENERIC ) , |
.Li vfs.generic ( Dv VFS_GENERIC ) , |
is used to get general information about all filesystems. |
is used to get general information about all file systems. |
One of its third level identifiers is |
It has the following third level identifiers: |
.Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM ) |
.Bl -tag -width "123456" |
that gives the highest valid filesystem type number. |
.It Li vfs.generic.maxtypenum ( Dv VFS_MAXTYPENUM ) |
Its other third level identifier is |
The highest valid file system type number. |
.Li vfs.generic.conf ( VFS_CONF ) |
.It Li vfs.generic.conf ( Dv VFS_CONF ) |
that returns configuration information about the filesystem |
Returns configuration information about the file system type given as a fourth |
type given as a fourth level identifier. |
level identifier. |
The remaining second level identifiers are the |
.It Li vfs.generic.usermount ( Dv VFS_USERMOUNT ) |
filesystem type number returned by a |
Determines if non superuser mounts are allowed, defaults to |
|
.Dv 0 . |
|
.It Li vfs.generic.magiclinks ( Dv VFS_MAGICLINKS ) |
|
Controls if expansion of variables is going to be performed on pathnames |
|
or not. |
|
Defaults to no variable expansion, |
|
.Dv 0 . |
|
Variables are of the form |
|
.Li @name |
|
and the variables supported are described in |
|
.Xr symlink 7 |
|
under |
|
.Dq "MAGIC SYMLINKS" . |
|
.El |
|
.Pp |
|
A second level name for controlling the |
|
.Xr wapbl 4 |
|
(Write Ahead Physical Block Logging file system journalling) |
|
capabilities with the following third level identifiers: |
|
.Bl -tag -width "123456" |
|
.It Li vfs.wapbl.flush_disk_cache |
|
Controls whether to attempt to flush the disk cache on each commit. |
|
It defaults to 1 and it should always be on to ensure integrity |
|
of file system metadata in the event of a power loss. |
|
For slow disks, turning it off can improve performance. |
|
.It Li vfs.wapbl.verbose_commit |
|
For each transaction log commit, print the number of bytes written |
|
and the time it took to commit as seconds.nanoseconds. |
|
.El |
|
.Pp |
|
The remaining second level identifiers are the file system names, identified |
|
by the type number returned by a |
.Xr statvfs 2 |
.Xr statvfs 2 |
call or from |
call or from |
.Li vfs.generic.conf . |
.Li vfs.generic.conf . |
The third level identifiers available for each filesystem |
.Pp |
|
The third level identifiers available for each file system |
are given in the header file that defines the mount |
are given in the header file that defines the mount |
argument structure for that filesystem. |
argument structure for that file system. |
.Sh The hw.* subtree |
.Ss The hw.* subtree |
The string and integer information available for the |
The string and integer information available for the |
.Li hw |
.Li hw |
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent |
.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It hw.alignbytes integer no |
.It hw.alignbytes integer no |
.It hw.byteorder integer no |
.It hw.byteorder integer no |
.It hw.cnmagic string yes |
.It hw.cnmagic string yes |
Line 163 privilege may change the value. |
|
Line 198 privilege may change the value. |
|
.It hw.machine_arch string no |
.It hw.machine_arch string no |
.It hw.model string no |
.It hw.model string no |
.It hw.ncpu integer no |
.It hw.ncpu integer no |
|
.It hw.ncpuonline integer no |
.It hw.pagesize integer no |
.It hw.pagesize integer no |
.It hw.physmem integer no |
.It hw.physmem integer no |
.It hw.physmem64 quad no |
.It hw.physmem64 quad no |
.It hw.usermem integer no |
.It hw.usermem integer no |
.It hw.usermem64 quad no |
.It hw.usermem64 quad no |
.El |
.El |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li hw.alignbytes ( HW_ALIGNBYTES ) |
.It Li hw.alignbytes ( Dv HW_ALIGNBYTES ) |
Alignment constraint for all possible data types. |
Alignment constraint for all possible data types. |
This shows the value |
This shows the value |
.Dv ALIGNBYTES |
.Dv ALIGNBYTES |
in |
in |
.Pa /usr/include/machine/param.h , |
.In machine/param.h , |
at the kernel compilation time. |
at the kernel compilation time. |
.It Li hw.byteorder ( HW_BYTEORDER ) |
.It Li hw.byteorder ( Dv HW_BYTEORDER ) |
The byteorder (4,321, or 1,234). |
The byteorder (4321, or 1234). |
.It Li hw.cnmagic ( HW_CNMAGIC ) |
.It Li hw.cnmagic ( Dv HW_CNMAGIC ) |
The console magic key sequence. |
The console magic key sequence. |
.It Li hw.disknames ( HW_DISKNAMES ) |
.It Li hw.disknames ( Dv HW_DISKNAMES ) |
The list of (space separated) disk device names on the system. |
The list of (space separated) disk device names on the system. |
.It Li hw.iostatnames ( HW_IOSTATNAMES ) |
.It Li hw.iostatnames ( Dv HW_IOSTATNAMES ) |
A space separated list of devices that will have I/O statistics |
A space separated list of devices that will have I/O statistics |
collected on them. |
collected on them. |
.It Li hw.iostats ( HW_IOSTATS ) |
.It Li hw.iostats ( Dv HW_IOSTATS ) |
Return statistical information on the NFS mounts, disk and tape |
Return statistical information on the NFS mounts, disk and tape |
devices on the system. |
devices on the system. |
An array of |
An array of |
.Va struct io_sysctl |
.Vt struct io_sysctl |
structures is returned, |
structures is returned, |
whose size depends on the current number of such objects in the system. |
whose size depends on the current number of such objects in the system. |
The third level name is the size of the |
The third level name is the size of the |
.Va struct io_sysctl . |
.Vt struct io_sysctl . |
The type of object can be determined by examining the |
The type of object can be determined by examining the |
.Va type |
.Va type |
element of |
element of |
.Va struct io_sysctl . |
.Vt struct io_sysctl . |
Which can be |
Which can be |
.Dv IOSTAT_DISK |
.Dv IOSTAT_DISK |
(disk drive), |
(disk drive), |
|
|
(tape drive), or |
(tape drive), or |
.Dv IOSTAT_NFS |
.Dv IOSTAT_NFS |
(NFS mount). |
(NFS mount). |
.It Li hw.machine ( HW_MACHINE ) |
.It Li hw.machine ( Dv HW_MACHINE ) |
The machine class. |
The machine class. |
.It Li hw.machine_arch ( HW_MACHINE_ARCH ) |
.It Li hw.machine_arch ( Dv HW_MACHINE_ARCH ) |
The machine CPU class. |
The machine CPU class. |
.It Li hw.model ( HW_MODEL ) |
.It Li hw.model ( Dv HW_MODEL ) |
The machine model. |
The machine model. |
.It Li hw.ncpu ( HW_NCPU ) |
.It Li hw.ncpu ( Dv HW_NCPU ) |
The number of CPUs. |
The number of CPUs configured. |
.ne 1i |
.It Li hw.ncpuonline ( Dv HW_NCPUONLINE ) |
.It Li hw.pagesize ( HW_PAGESIZE ) |
The number of CPUs online. |
|
.It Li hw.pagesize ( Dv HW_PAGESIZE ) |
The software page size. |
The software page size. |
.It Li hw.physmem ( HW_PHYSMEM ) |
.It Li hw.physmem ( Dv HW_PHYSMEM ) |
The bytes of physical memory as a 32-bit integer. |
The bytes of physical memory as a 32-bit integer. |
.It Li hw.physmem64 ( HW_PHYSMEM64 ) |
.It Li hw.physmem64 ( Dv HW_PHYSMEM64 ) |
The bytes of physical memory as a 64-bit integer. |
The bytes of physical memory as a 64-bit integer. |
.It Li hw.usermem ( HW_USERMEM ) |
.It Li hw.usermem ( Dv HW_USERMEM ) |
The bytes of non-kernel memory as a 32-bit integer. |
The bytes of non-kernel memory as a 32-bit integer. |
.It Li hw.usermem64 ( HW_USERMEM64 ) |
.It Li hw.usermem64 ( Dv HW_USERMEM64 ) |
The bytes of non-kernel memory as a 64-bit integer. |
The bytes of non-kernel memory as a 64-bit integer. |
.El |
.El |
.Sh The kern.* subtree |
.Ss The kern.* subtree |
|
This subtree includes data generally related to the kernel. |
The string and integer information available for the |
The string and integer information available for the |
.Li kern |
.Li kern |
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
The types of data currently available are process information, |
.Bl -column "kern.posix_reader_writer_locks" \ |
system vnodes, the open file entries, routing table entries, |
"struct kinfo_drivers" "not applicable" |
virtual memory statistics, load average history, and clock rate |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
information. |
.It kern.aio_listio_max integer yes |
.Bl -column "kern.posix_reader_writer_locks" "struct clockrateXXX" -offset indent |
.It kern.aio_max integer yes |
.It Sy Second level name Type Changeable |
.It kern.arandom integer no |
.It kern.argmax integer no |
.It kern.argmax integer no |
.It kern.autonicetime integer yes |
.It kern.boothowto integer no |
.It kern.autoniceval integer yes |
|
.It kern.boottime struct timeval no |
.It kern.boottime struct timeval no |
.It kern.bufq node not applicable |
.It kern.buildinfo string no |
|
.\".It kern.bufq node not applicable |
.It kern.ccpu integer no |
.It kern.ccpu integer no |
.It kern.clockrate struct clockinfo no |
.It kern.clockrate struct clockinfo no |
.It kern.consdev integer no |
.It kern.consdev integer no |
.It kern.cp\_id struct no |
.It kern.coredump node not applicable |
.It kern.cp\_time uint64_t[\|] no |
.It kern.cp_id struct no |
|
.It kern.cp_time uint64_t[\|] no |
|
.It kern.cryptodevallowsoft integer yes |
.It kern.defcorename string yes |
.It kern.defcorename string yes |
|
.It kern.detachall integer yes |
.It kern.domainname string yes |
.It kern.domainname string yes |
.It kern.drivers struct kinfo_drivers no |
.It kern.drivers struct kinfo_drivers no |
|
.It kern.dump_on_panic integer yes |
.It kern.file struct file no |
.It kern.file struct file no |
.It kern.forkfsleep integer yes |
.It kern.forkfsleep integer yes |
.It kern.fscale integer no |
.It kern.fscale integer no |
.It kern.fsync integer no |
.It kern.fsync integer no |
.It kern.hardclock\_ticks integer no |
.It kern.hardclock_ticks integer no |
.It kern.hostid integer yes |
.It kern.hostid integer yes |
.It kern.hostname string yes |
.It kern.hostname string yes |
.It kern.iov\_max integer no |
.It kern.iov_max integer no |
.It kern.job\_control integer no |
.It kern.ipc node not applicable |
|
.It kern.job_control integer no |
.It kern.labeloffset integer no |
.It kern.labeloffset integer no |
.It kern.labelsector integer no |
.It kern.labelsector integer no |
.It kern.login\_name\_max integer no |
.It kern.login_name_max integer no |
.It kern.logsigexit integer yes |
.It kern.logsigexit integer yes |
.It kern.mapped\_files integer no |
.It kern.mapped_files integer no |
.It kern.maxfiles integer yes |
.It kern.maxfiles integer yes |
|
.It kern.maxlwp integer yes |
.It kern.maxpartitions integer no |
.It kern.maxpartitions integer no |
.It kern.maxphys integer no |
.It kern.maxphys integer no |
.It kern.maxproc integer yes |
.It kern.maxproc integer yes |
.It kern.maxptys integer yes |
.It kern.maxptys integer yes |
.It kern.maxvnodes integer yes |
.It kern.maxvnodes integer yes |
|
.It kern.messages integer yes |
.It kern.mbuf node not applicable |
.It kern.mbuf node not applicable |
.It kern.memlock integer no |
.It kern.memlock integer no |
.It kern.memlock\_range integer no |
.It kern.memlock_range integer no |
.It kern.memory\_protection integer no |
.It kern.memory_protection integer no |
.It kern.monotonic\_clock integer no |
.It kern.module node not applicable |
|
.It kern.monotonic_clock integer no |
|
.It kern.mqueue node not applicable |
.It kern.msgbuf integer no |
.It kern.msgbuf integer no |
.It kern.msgbufsize integer no |
.It kern.msgbufsize integer no |
.It kern.ngroups integer no |
.It kern.ngroups integer no |
|
.\".It kern.no_sa_support integer yes |
.It kern.ntptime struct ntptimeval no |
.It kern.ntptime struct ntptimeval no |
.It kern.osrelease string no |
.It kern.osrelease string no |
.It kern.osrev integer no |
.It kern.osrevision integer no |
.It kern.ostype string no |
.It kern.ostype string no |
|
.\".It kern.panic_now integer yes |
.It kern.pipe node not applicable |
.It kern.pipe node not applicable |
.It kern.posix1 integer no |
.It kern.pool struct pool_sysctl no |
.It kern.posix\_barriers integer no |
.\" .It kern.posix node not applicable |
.It kern.posix\_reader\_writer\_locks integer no |
.It kern.posix1version integer no |
.It kern.posix\_semaphores integer no |
.It kern.posix_aio integer no |
.It kern.posix\_spin\_locks integer no |
.It kern.posix_barriers integer no |
.It kern.posix\_threads integer no |
.It kern.posix_reader_writer_locks integer no |
.It kern.posix\_timers integer no |
.\".It kern.posix_sched integer yes |
|
.It kern.posix_semaphores integer no |
|
.It kern.posix_spin_locks integer no |
|
.It kern.posix_threads integer no |
|
.It kern.posix_timers integer no |
.It kern.proc struct kinfo_proc no |
.It kern.proc struct kinfo_proc no |
.It kern.proc2 struct kinfo_proc2 no |
.It kern.proc2 struct kinfo_proc2 no |
.It kern.proc\_args string no |
.It kern.proc_args string no |
.It kern.prof node not applicable |
.It kern.profiling node not applicable |
|
.\".It kern.pset node not applicable |
.It kern.rawpartition integer no |
.It kern.rawpartition integer no |
.It kern.root\_device string no |
.It kern.root_device string no |
.It kern.root\_partition integer no |
.It kern.root_partition integer no |
.It kern.rtc\_offset integer yes |
.It kern.rtc_offset integer yes |
.It kern.saved\_ids integer no |
.It kern.saved_ids integer no |
|
.It kern.sbmax integer yes |
|
.It kern.sched node not applicable |
.It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
.It kern.synchronized\_io integer no |
.It kern.somaxkva integer yes |
.It kern.ipc node not applicable |
.It kern.synchronized_io integer no |
|
.It kern.timecounter node not applicable |
.It kern.timex struct no |
.It kern.timex struct no |
.It kern.tkstat node not applicable |
.It kern.tkstat node not applicable |
|
.It kern.tty node not applicable |
.It kern.urandom integer no |
.It kern.urandom integer no |
|
.It kern.usercrypto integer yes |
|
.It kern.userasymcrypto integer yes |
|
.It kern.veriexec node not applicable |
.It kern.version string no |
.It kern.version string no |
.It kern.vnode struct vnode no |
.It kern.vnode struct vnode no |
.El |
.El |
.ne 1i |
|
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.argmax ( KERN_ARGMAX ) |
.It Li kern.aio_listio_max |
|
The maximum number of asynchronous I/O operations in a single list |
|
I/O call. |
|
Like with all variables related to |
|
.Xr aio 3 , |
|
the variable may be created and removed dynamically |
|
upon loading or unloading the corresponding kernel module. |
|
.It Li kern.aio_max |
|
The maximum number of asynchronous I/O operations. |
|
.It Li kern.arandom |
|
This variable picks a random number each time it is queried. |
|
The used random number generator |
|
.Pf ( RNG ) |
|
is based on |
|
.Xr arc4random 3 . |
|
.It Li kern.argmax ( Dv KERN_ARGMAX ) |
The maximum bytes of argument to |
The maximum bytes of argument to |
.Xr execve 2 . |
.Xr execve 2 . |
.It Li kern.autonicetime ( KERN_AUTONICETIME ) |
.It Li kern.boothowto |
The number of seconds of CPU-time a non-root process may accumulate before |
Flags passed from the boot loader; see |
having its priority lowered from the default to the value of KERN_AUTONICEVAL. |
.Xr reboot 2 |
If set to 0, automatic lowering of priority is not performed, and if set to \-1 |
for the meanings of the flags. |
all non-root processes are immediately lowered. |
.It Li kern.boottime ( Dv KERN_BOOTTIME ) |
.It Li kern.autoniceval ( KERN_AUTONICEVAL ) |
|
The priority assigned for automatically niced processes. |
|
.It Li kern.boottime ( KERN_BOOTTIME ) |
|
A |
A |
.Va struct timeval |
.Vt struct timeval |
structure is returned. |
structure is returned. |
This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
.It Li kern.ccpu ( KERN_CCPU ) |
.It Li kern.bufq |
|
This variable contains information on the |
|
.Xr bufq 9 |
|
subsystem. |
|
Currently, the only third level name implemented is |
|
.Dv kern.bufq.strategies |
|
which provides a list of buffer queue strategies currently available. |
|
.It Li kern.buildinfo |
|
When the kernel is built, the build environment may optionally provide |
|
arbitrary information to be stored in this variable. |
|
.It Li kern.ccpu ( Dv KERN_CCPU ) |
The scheduler exponential decay value. |
The scheduler exponential decay value. |
.It Li kern.clockrate ( KERN_CLOCKRATE ) |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
A |
A |
.Va struct clockinfo |
.Vt struct clockinfo |
structure is returned. |
structure is returned. |
This structure contains the clock, statistics clock and profiling clock |
This structure contains the clock, statistics clock and profiling clock |
frequencies, the number of micro-seconds per hz tick, and the clock |
frequencies, the number of micro-seconds per hz tick, and the clock |
skew rate. |
skew rate. |
.It Li kern.consdev ( KERN_CONSDEV ) |
Refer to |
|
.Xr hz 9 |
|
for additional details. |
|
.It Li kern.consdev ( Dv KERN_CONSDEV ) |
Console device. |
Console device. |
.It Li kern.cp_id ( KERN_CP_ID ) |
.It Li kern.coredump |
|
Settings related to set-id processes coredumps. |
|
By default, set-id processes do not dump core in situations where |
|
other processes would. |
|
The settings in this node allows an administrator to change this |
|
behavior. |
|
.Pp |
|
The third level name is |
|
.Dv kern.coredump.setid |
|
and fourth level variables are described below. |
|
.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
|
.It Sy Fourth level name Ta Sy Type Ta Sy Changeable |
|
.It kern.coredump.setid.dump integer yes |
|
.It kern.coredump.setid.group integer yes |
|
.It kern.coredump.setid.mode integer yes |
|
.It kern.coredump.setid.owner integer yes |
|
.It kern.coredump.setid.path string yes |
|
.El |
|
.Bl -tag -width "123456" |
|
.It Li kern.coredump.setid.dump |
|
If non-zero, set-id processes will dump core. |
|
.It Li kern.coredump.setid.group |
|
The group-id for the set-id processes' coredump. |
|
.It Li kern.coredump.setid.mode |
|
The mode for the set-id processes' coredump. |
|
See |
|
.Xr chmod 1 . |
|
.It Li kern.coredump.setid.owner |
|
The user-id that will be used as the owner of the set-id processes' |
|
coredump. |
|
.It Li kern.coredump.setid.path |
|
The path to which set-id processes' coredumps will be saved to. |
|
Same syntax as kern.defcorename. |
|
.El |
|
.It Li kern.cp_id ( Dv KERN_CP_ID ) |
Mapping of CPU number to CPU id. |
Mapping of CPU number to CPU id. |
.It Li kern.cp_time ( KERN_CP_TIME ) |
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
Returns an array of CPUSTATES uint64_ts. |
Returns an array of |
|
.Dv CPUSTATES |
|
.Vt uint64_t Ns s . |
This array contains the |
This array contains the |
number of clock ticks spent in different CPU states. |
number of clock ticks spent in different CPU states. |
On multi-processor systems, the sum across all CPUs is returned unless |
On multi-processor systems, the sum across all CPUs is returned unless |
appropriate space is given for one data set for each CPU. |
appropriate space is given for one data set for each CPU. |
Data for a specific CPU can also be obtained by adding the number of the |
Data for a specific CPU can also be obtained by adding the number of the |
CPU at the end of the MIB, enlarging it by one. |
CPU at the end of the MIB, enlarging it by one. |
.It Li kern.defcorename ( KERN_DEFCORENAME ) |
.It Li kern.cryptodevallowsoft |
|
This variable controls userland access to hardware versus software transforms |
|
in the |
|
.Xr crypto 4 |
|
system. |
|
The available values are as follows: |
|
.Bl -tag -width XX0 -offset indent |
|
.It Dv < 0 |
|
Always force userlevel requests to use software transforms. |
|
.It Dv = 0 |
|
If present, use hardware and grant userlevel requests for |
|
non-accelerated transforms (handling the latter in software). |
|
.It Dv > 0 |
|
Allow user requests only for transforms which are hardware-accelerated. |
|
.El |
|
.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) |
Default template for the name of core dump files (see also |
Default template for the name of core dump files (see also |
.Li proc.pid.corename |
.Li proc.pid.corename |
in the per-process variables |
in the per-process variables |
|
|
.Xr core 5 |
.Xr core 5 |
for format of this template). |
for format of this template). |
The default value is |
The default value is |
.Nm %n.core |
.Pa %n.core |
and can be changed with the kernel configuration option |
and can be changed with the kernel configuration option |
.Cd options DEFCORENAME |
.Cd options DEFCORENAME |
(see |
(see |
.Xr options 4 |
.Xr options 4 |
). |
). |
.It Li kern.domainname ( KERN_DOMAINNAME ) |
.It Li kern.detachall |
|
Detach all devices at shutdown. |
|
.It Li kern.domainname ( Dv KERN_DOMAINNAME ) |
Get or set the YP domain name. |
Get or set the YP domain name. |
.It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC ) |
.It Li kern.drivers ( Dv KERN_DRIVERS ) |
Perform a crash dump on system panic. |
|
.It Li kern.drivers ( KERN_DRIVERS ) |
|
Return an array of |
Return an array of |
.Va struct kinfo_drivers |
.Vt struct kinfo_drivers |
that contains the name and major device numbers of all the device drivers |
that contains the name and major device numbers of all the device drivers |
in the current kernel. |
in the current kernel. |
The |
The |
Line 379 field is always a NUL terminated string. |
|
Line 513 field is always a NUL terminated string. |
|
The |
The |
.Va d_bmajor |
.Va d_bmajor |
field will be set to \-1 if the driver doesn't have a block device. |
field will be set to \-1 if the driver doesn't have a block device. |
.It Li kern.file ( KERN_FILE ) |
.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) |
|
Perform a crash dump on system |
|
.Xr panic 9 . |
|
.It Li kern.file ( Dv KERN_FILE ) |
Return the entire file table. |
Return the entire file table. |
The returned data consists of a single |
The returned data consists of a single |
.Va struct filelist |
.Vt struct filelist |
followed by an array of |
followed by an array of |
.Va struct file , |
.Vt struct file , |
whose size depends on the current number of such objects in the system. |
whose size depends on the current number of such objects in the system. |
.It Li kern.forkfsleep ( KERN_FORKFSLEEP ) |
.It Li kern.forkfsleep ( Dv KERN_FORKFSLEEP ) |
If |
If |
.Xr fork 2 |
.Xr fork 2 |
system call fails due to limit on number of processes (either |
system call fails due to limit on number of processes (either |
Line 397 error to process. |
|
Line 534 error to process. |
|
Useful to keep heavily forking runaway processes in bay. |
Useful to keep heavily forking runaway processes in bay. |
Default zero (no sleep). |
Default zero (no sleep). |
Maximum is 20 seconds. |
Maximum is 20 seconds. |
.It Li kern.fscale ( KERN_FSCALE ) |
.It Li kern.fscale ( Dv KERN_FSCALE ) |
The kernel fixed-point scale factor. |
The kernel fixed-point scale factor. |
.It Li kern.fsync ( KERN_FSYNC ) |
.It Li kern.fsync ( Dv KERN_FSYNC ) |
Return 1 if the POSIX 1003.1b File Synchronization Option is available |
Return 1 if the |
|
.St -p1003.1b-93 |
|
File Synchronization Option is available |
on this system, |
on this system, |
otherwise 0. |
otherwise\ 0. |
.It Li kern.hardclock_ticks ( KERN_HARDCLOCK_TICKS ) |
.It Li kern.hardclock_ticks ( Dv KERN_HARDCLOCK_TICKS ) |
Returns the number of |
Returns the number of |
.Xr hardclock 9 |
.Xr hardclock 9 |
ticks. |
ticks. |
.It Li kern.hostid ( KERN_HOSTID ) |
.It Li kern.hist |
Get or set the host id. |
This variable contains kernel history data if the kernel was |
.It Li kern.hostname ( KERN_HOSTNAME ) |
configured for any of the options |
Get or set the hostname. |
.Dv UVHMIST , |
.It Li kern.iov_max ( KERN_IOV_MAX ) |
.Dv USB_DEBUG , |
|
.Dv BIOHIST , |
|
or |
|
.Dv SCDEBUG . |
|
(See |
|
.Xr options 4 |
|
for more details.) |
|
The third-level names correspond to each available history table. |
|
The values of the history tables are in an internal format, and can be |
|
decoded by the |
|
.Xr vmstat 1 |
|
utility's |
|
.Fl U |
|
and |
|
.Fl u |
|
options; |
|
the |
|
.Fl l |
|
option can be used to see which tables are available. |
|
.It Li kern.hostid ( Dv KERN_HOSTID ) |
|
Get or set the host identifier. |
|
This is aimed to replace the legacy |
|
.Xr gethostid 3 |
|
and |
|
.Xr sethostid 3 |
|
system calls. |
|
.It Li kern.hostname ( Dv KERN_HOSTNAME ) |
|
Get or set the |
|
.Xr hostname 1 . |
|
.It Li kern.iov_max ( Dv KERN_IOV_MAX ) |
Return the maximum number of |
Return the maximum number of |
.Va iovec |
.Vt iovec |
structures that a process has available for use with |
structures that a process has available for use with |
.Xr preadv 2 , |
.Xr preadv 2 , |
.Xr pwritev 2 , |
.Xr pwritev 2 , |
Line 422 structures that a process has available |
|
Line 590 structures that a process has available |
|
.Xr sendmsg 2 |
.Xr sendmsg 2 |
and |
and |
.Xr writev 2 . |
.Xr writev 2 . |
.It Li kern.job_control ( KERN_JOB_CONTROL ) |
.It Li kern.ipc ( Dv KERN_SYSVIPC ) |
Return 1 if job control is available on this system, otherwise 0. |
Return information about the SysV IPC parameters. |
.It Li kern.labeloffset ( KERN_LABELOFFSET ) |
The third level names for the ipc variables are detailed below. |
The offset within the sector specified by KERN_LABELSECTOR of the |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
|
.It kern.ipc.sysvmsg integer no |
|
.It kern.ipc.sysvsem integer no |
|
.It kern.ipc.sysvshm integer no |
|
.It kern.ipc.sysvipc_info struct no |
|
.It kern.ipc.shmmax integer yes |
|
.It kern.ipc.shmmni integer yes |
|
.It kern.ipc.shmseg integer yes |
|
.It kern.ipc.shmmaxpgs integer yes |
|
.It kern.ipc.shm_use_phys integer yes |
|
.It kern.ipc.msgmni integer yes |
|
.It kern.ipc.msgseg integer yes |
|
.It kern.ipc.semmni integer yes |
|
.It kern.ipc.semmns integer yes |
|
.It kern.ipc.semmnu integer yes |
|
.El |
|
.Bl -tag -width "123456" |
|
.It Li kern.ipc.sysvmsg ( Dv KERN_SYSVIPC_MSG ) |
|
Returns 1 if System V style message queue functionality is available |
|
on this system, |
|
otherwise\ 0. |
|
.It Li kern.ipc.sysvsem ( Dv KERN_SYSVIPC_SEM ) |
|
Returns 1 if System V style semaphore functionality is available |
|
on this system, |
|
otherwise\ 0. |
|
.It Li kern.ipc.sysvshm ( Dv KERN_SYSVIPC_SHM ) |
|
Returns 1 if System V style share memory functionality is available |
|
on this system, |
|
otherwise\ 0. |
|
.It Li kern.ipc.sysvipc_info ( Dv KERN_SYSVIPC_INFO ) |
|
Return System V style IPC configuration and run-time information. |
|
The fourth level name selects the System V style IPC facility. |
|
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
|
.It Sy Fourth level name Ta Sy Type |
|
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
|
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
|
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
|
.El |
|
.Bl -tag -width "123456" |
|
.It Li KERN_SYSVIPC_MSG_INFO |
|
Return information on the System V style message facility. |
|
The |
|
.Sy msg_sysctl_info |
|
structure is defined in |
|
.In sys/msg.h . |
|
.It Li KERN_SYSVIPC_SEM_INFO |
|
Return information on the System V style semaphore facility. |
|
The |
|
.Sy sem_sysctl_info |
|
structure is defined in |
|
.In sys/sem.h . |
|
.It Li KERN_SYSVIPC_SHM_INFO |
|
Return information on the System V style shared memory facility. |
|
The |
|
.Sy shm_sysctl_info |
|
structure is defined in |
|
.In sys/shm.h . |
|
.El |
|
.It Li kern.ipc.shmmax ( Dv KERN_SYSVIPC_SHMMAX ) |
|
Max shared memory segment size in bytes. |
|
.It Li kern.ipc.shmmni ( Dv KERN_SYSVIPC_SHMMNI ) |
|
Max number of shared memory identifiers. |
|
.It Li kern.ipc.shmseg ( Dv KERN_SYSVIPC_SHMSEG ) |
|
Max shared memory segments per process. |
|
.It Li kern.ipc.shmmaxpgs ( Dv KERN_SYSVIPC_SHMMAXPGS ) |
|
Max amount of shared memory in pages. |
|
.It Li kern.ipc.shm_use_phys ( Dv KERN_SYSVIPC_SHMUSEPHYS ) |
|
Locking of shared memory in physical memory. |
|
If 0, memory can be swapped |
|
out, otherwise it will be locked in physical memory. |
|
.It Li kern.ipc.msgmni |
|
Max number of message queue identifiers. |
|
.It Li kern.ipc.msgseg |
|
Max number of number of message segments. |
|
.It Li kern.ipc.semmni |
|
Max number of number of semaphore identifiers. |
|
.It Li kern.ipc.semmns |
|
Max number of number of semaphores in system. |
|
.It Li kern.ipc.semmnu |
|
Max number of undo structures in system. |
|
.El |
|
.It Li kern.job_control ( Dv KERN_JOB_CONTROL ) |
|
Return 1 if job control is available on this system, otherwise\ 0. |
|
.It Li kern.labeloffset ( Dv KERN_LABELOFFSET ) |
|
The offset within the sector specified by |
|
.Dv KERN_LABELSECTOR |
|
of the |
.Xr disklabel 5 . |
.Xr disklabel 5 . |
.It Li kern.labelsector ( KERN_LABELSECTOR ) |
.It Li kern.labelsector ( Dv KERN_LABELSECTOR ) |
The sector number containing the |
The sector number containing the |
.Xr disklabel 5 . |
.Xr disklabel 5 . |
.It Li kern.login_name_max ( KERN_LOGIN_NAME_MAX ) |
.It Li kern.login_name_max ( Dv KERN_LOGIN_NAME_MAX ) |
The size of the storage required for a login name, in bytes, |
The size of the storage required for a login name, in bytes, |
including the terminating NUL. |
including the terminating NUL. |
.It Li kern.logsigexit ( KERN_LOGSIGEXIT ) |
.It Li kern.logsigexit ( Dv KERN_LOGSIGEXIT ) |
If this flag is non-zero, the kernel will |
If this flag is non-zero, the kernel will |
.Xr log 9 |
.Xr log 9 |
all process exits due to signals which create a |
all process exits due to signals which create a |
.Xr core 5 |
.Xr core 5 |
file, and whether the coredump was created. |
file, and whether the coredump was created. |
.It Li kern.mapped_files ( KERN_MAPPED_FILES ) |
.It Li kern.mapped_files ( Dv KERN_MAPPED_FILES ) |
Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available |
Returns 1 if the |
on this system, |
.St -p1003.1b-93 |
otherwise 0. |
Memory Mapped Files Option is available on this system, |
.It Li kern.maxfiles ( KERN_MAXFILES ) |
otherwise\ 0. |
|
.It Li kern.maxfiles ( Dv KERN_MAXFILES ) |
The maximum number of open files that may be open in the system. |
The maximum number of open files that may be open in the system. |
.It Li kern.maxpartitions ( KERN_MAXPARTITIONS ) |
.It Li kern.maxpartitions ( Dv KERN_MAXPARTITIONS ) |
The maximum number of partitions allowed per disk. |
The maximum number of partitions allowed per disk. |
.It Li kern.maxphys ( KERN_MAXPHYS ) |
.It Li kern.maxlwp |
|
The maximum number of Lightweight Processes (threads) the system allows |
|
per uid. |
|
.It Li kern.maxphys ( Dv KERN_MAXPHYS ) |
Maximum raw I/O transfer size. |
Maximum raw I/O transfer size. |
.It Li kern.maxproc ( KERN_MAXPROC ) |
.It Li kern.maxproc ( Dv KERN_MAXPROC ) |
The maximum number of simultaneous processes the system will allow. |
The maximum number of simultaneous processes the system will allow. |
.It Li kern.maxptys ( KERN_MAXPTYS ) |
.It Li kern.maxptys ( Dv KERN_MAXPTYS ) |
The maximum number of pseudo terminals. |
The maximum number of pseudo terminals. |
This value can be both raised and lowered, though it cannot |
This value can be both raised and lowered, though it cannot |
be set lower than number of currently used ptys. |
be set lower than number of currently used ptys. |
See also |
See also |
.Xr pty 4 . |
.Xr pty 4 . |
.It Li kern.maxvnodes ( KERN_MAXVNODES ) |
.It Li kern.maxvnodes ( Dv KERN_MAXVNODES ) |
The maximum number of vnodes available on the system. |
The maximum number of vnodes available on the system. |
This can only be raised. |
This can only be raised. |
.It Li kern.mbuf ( KERN_MBUF ) |
.It Li kern.mbuf ( Dv KERN_MBUF ) |
Return information about the mbuf control variables. |
Return information about the mbuf control variables. |
Mbufs are data structures which store network packets and other data |
Mbufs are data structures which store network packets and other data |
structures in the networking code, see |
structures in the networking code, see |
Line 468 structures in the networking code, see |
|
Line 727 structures in the networking code, see |
|
The third level names for the mbuf variables are detailed below. |
The third level names for the mbuf variables are detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.mbuf.nmbclusters" "struct integerXXX" -offset indent |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.\" XXX Changeable? really? |
.\" XXX Changeable? really? |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mclbytes integer yes |
.It kern.mbuf.mclbytes integer yes |
Line 480 privilege may change the value. |
|
Line 739 privilege may change the value. |
|
.Pp |
.Pp |
The variables are as follows: |
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.mbuf.mblowat ( MBUF_MBLOWAT ) |
.It Li kern.mbuf.mblowat ( Dv MBUF_MBLOWAT ) |
The mbuf low water mark. |
The mbuf low water mark. |
.It Li kern.mbuf.mclbytes ( MBUF_MCLBYTES ) |
.It Li kern.mbuf.mclbytes ( Dv MBUF_MCLBYTES ) |
The mbuf cluster size. |
The mbuf cluster size. |
.It Li kern.mbuf.mcllowat ( MBUF_MCLLOWAT ) |
.It Li kern.mbuf.mcllowat ( Dv MBUF_MCLLOWAT ) |
The mbuf cluster low water mark. |
The mbuf cluster low water mark. |
.It Li kern.mbuf.msize ( MBUF_MSIZE ) |
.It Li kern.mbuf.msize ( Dv MBUF_MSIZE ) |
The mbuf base size. |
The mbuf base size. |
.It Li kern.mbuf.nmbclusters ( MBUF_NMBCLUSTERS ) |
.It Li kern.mbuf.nmbclusters ( Dv MBUF_NMBCLUSTERS ) |
The limit on the number of mbuf clusters. |
The limit on the number of mbuf clusters. |
The variable can only be increased, and only increased on machines with |
The variable can only be increased, and only increased on machines with |
direct-mapped pool pages. |
direct-mapped pool pages. |
.El |
.El |
.It Li kern.memlock ( KERN_MEMLOCK ) |
.It Li kern.memlock ( Dv KERN_MEMLOCK ) |
Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available |
Returns 1 if the |
on this system, |
.St -p1003.1b-93 |
otherwise 0. |
Process Memory Locking Option is available on this system, |
.It Li kern.memlock_range ( KERN_MEMLOCK_RANGE ) |
otherwise\ 0. |
Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available |
.It Li kern.memlock_range ( Dv KERN_MEMLOCK_RANGE ) |
on this system, |
Returns 1 if the |
otherwise 0. |
.St -p1003.1b-93 |
.It Li kern.memory_protection ( KERN_MEMORY_PROTECTION ) |
Range Memory Locking Option is available on this system, |
Returns 1 if the POSIX 1003.1b Memory Protection Option is available |
otherwise\ 0. |
on this system, |
.It Li kern.memory_protection ( Dv KERN_MEMORY_PROTECTION ) |
otherwise 0. |
Returns 1 if the |
.It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK ) |
.St -p1003.1b-93 |
Returns the standard version the implementation of the POSIX 1003.1b |
Memory Protection Option is available on this system, |
|
otherwise\ 0. |
|
.It Li kern.messages |
|
Kernel console message verbosity. |
|
See |
|
.Aq Pa sys/reboot.h |
|
.Bl -column "verbosity" "setting" -offset indent |
|
.It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent |
|
.It 0 Ta Silent Ta Sy AB_SILENT |
|
.It 1 Ta Quiet Ta Sy AB_QUIET |
|
.It 2 Ta Normal Ta Sy AB_NORMAL |
|
.It 3 Ta Verbose Ta Sy AB_VERBOSE |
|
.It 4 Ta Debug Ta Sy AB_DEBUG |
|
.El |
|
.It Li kern.module |
|
Settings related to kernel modules. |
|
The third level names for the settings are described below. |
|
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
|
.It kern.module.autoload integer yes |
|
.It kern.module.autotime integer yes |
|
.It kern.module.verbose integer yes |
|
.El |
|
.Pp |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li kern.module.autoload |
|
A boolean that controls whether kernel modules are loaded automatically. |
|
See |
|
.Xr module 7 |
|
for additional details. |
|
.It Li kern.module.autotime |
|
An integer that controls the delay before an attempt is made to |
|
automatically unload a module that was auto-loaded. |
|
Setting this value to zero disables the auto-unload function. |
|
.It Li kern.module.verbose |
|
A boolean that enables or disables verbose |
|
debug messages related to kernel modules. |
|
.El |
|
.It Li kern.monotonic_clock ( Dv KERN_MONOTONIC_CLOCK ) |
|
Returns the standard version the implementation of the |
|
.St -p1003.1b-93 |
Monotonic Clock Option conforms to, |
Monotonic Clock Option conforms to, |
otherwise 0. |
otherwise\ 0. |
.It Li kern.msgbuf ( KERN_MSGBUF ) |
.It Li kern.mqueue |
|
Settings related to POSIX message queues; see |
|
.Xr mqueue 3 . |
|
This node is created dynamically when |
|
the corresponding kernel module is loaded. |
|
The third level names for the settings are described below. |
|
.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
|
.It kern.mqueue.mq_open_max integer yes |
|
.It kern.mqueue.mq_prio_max integer yes |
|
.It kern.mqueue.mq_max_msgsize integer yes |
|
.It kern.mqueue.mq_def_maxmsg integer yes |
|
.It kern.mqueue.mq_max_maxmsg integer yes |
|
.El |
|
.Pp |
|
The variables are: |
|
.Bl -tag -width "123456" |
|
.It Li kern.mqueue.mq_open_max |
|
The maximum number of message queue descriptors any single process can open. |
|
.It Li kern.mqueue.mq_prio_max |
|
The maximum priority of a message. |
|
.It Li kern.mqueue.mq_max_msgsize |
|
The maximum size of a message in a message queue. |
|
.It Li kern.mqueue.mq_def_maxmsg |
|
The default maximum message count. |
|
.It Li kern.mqueue.mq_max_maxmsg |
|
The maximum number of messages in a message queue. |
|
.El |
|
.It Li kern.msgbuf ( Dv KERN_MSGBUF ) |
The kernel message buffer, rotated so that the head of the circular kernel |
The kernel message buffer, rotated so that the head of the circular kernel |
message buffer is at the start of the returned data. |
message buffer is at the start of the returned data. |
The returned data may contain NUL bytes. |
The returned data may contain NUL bytes. |
.It Li kern.msgbufsize ( KERN_MSGBUFSIZE ) |
.It Li kern.msgbufsize ( Dv KERN_MSGBUFSIZE ) |
The maximum number of characters that the kernel message buffer can hold. |
The maximum number of characters that the kernel message buffer can hold. |
.It Li kern.ngroups ( KERN_NGROUPS ) |
.It Li kern.ngroups ( Dv KERN_NGROUPS ) |
The maximum number of supplemental groups. |
The maximum number of supplemental groups. |
.It Li kern.ntptime ( KERN_NTPTIME ) |
.\" .It Li kern.no_sa_support |
|
.\" XXX: Undocumented. |
|
.It Li kern.ntptime ( Dv KERN_NTPTIME ) |
A |
A |
.Va struct ntptimeval |
.Vt struct ntptimeval |
structure is returned. |
structure is returned. |
This structure contains data used by the |
This structure contains data used by the |
.Xr ntpd 8 |
.Xr ntpd 8 |
program. |
program. |
.It Li kern.osrelease ( KERN_OSRELEASE ) |
.It Li kern.osrelease ( Dv KERN_OSRELEASE ) |
The system release string. |
The system release string. |
.It Li kern.osrevision ( KERN_OSREV ) |
.It Li kern.osrevision ( Dv KERN_OSREV ) |
The system revision string. |
The system revision string. |
.It Li kern.ostype ( KERN_OSTYPE ) |
.It Li kern.ostype ( Dv KERN_OSTYPE ) |
The system type string. |
The system type string. |
.It Li kern.pipe ( KERN_PIPE ) |
.\".It Li kern.panic_now |
|
.\" XXX: Undocumented. |
|
.It Li kern.pipe ( Dv KERN_PIPE ) |
Pipe settings. |
Pipe settings. |
The third level names for the integer pipe settings is detailed below. |
The third level names for the integer pipe settings is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.pipe.maxbigpipesXXX" "integerXXX" -offset indent |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxkvasz integer yes |
.It kern.pipe.maxkvasz integer yes |
Line 546 privilege may change the value. |
|
Line 878 privilege may change the value. |
|
.Pp |
.Pp |
The variables are as follows: |
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.pipe.kvasiz ( KERN_PIPE_KVASIZ ) |
.It Li kern.pipe.kvasiz ( Dv KERN_PIPE_KVASIZ ) |
Amount of kernel memory consumed by pipe buffers. |
Amount of kernel memory consumed by pipe buffers. |
.It Li kern.pipe.maxbigpipes ( KERN_PIPE_MAXBIGPIPES ) |
.It Li kern.pipe.maxbigpipes ( Dv KERN_PIPE_MAXBIGPIPES ) |
Maximum number of "big" pipes. |
Maximum number of |
.It Li kern.pipe.maxkvasz ( KERN_PIPE_MAXKVASZ ) |
.Dq big |
|
pipes. |
|
.It Li kern.pipe.maxkvasz ( Dv KERN_PIPE_MAXKVASZ ) |
Maximum amount of kernel memory to be used for pipes. |
Maximum amount of kernel memory to be used for pipes. |
.It Li kern.pipe.limitkva ( KERN_PIPE_LIMITKVA ) |
.It Li kern.pipe.limitkva ( Dv KERN_PIPE_LIMITKVA ) |
Limit for direct transfers via page loan. |
Limit for direct transfers via page loan. |
.It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES ) |
.It Li kern.pipe.nbigpipes ( Dv KERN_PIPE_NBIGPIPES ) |
Number of "big" pipes. |
Number of |
.El |
.Dq big |
.It Li kern.posix1version ( KERN_POSIX1 ) |
pipes. |
The version of ISO/IEC 9945 (POSIX 1003.1) with which the system |
.El |
attempts to comply. |
.It Li kern.pool |
.It Li kern.posix_barriers ( KERN_POSIX_BARRIERS ) |
Provides statistics about the |
|
.Xr pool 9 |
|
and |
|
.Xr pool_cache 9 |
|
subsystems. |
|
.\" XXX: Undocumented .It Li kern.posix ( ? ) |
|
.\" This is a node in which the only variable is semmax. |
|
.It Li kern.posix1version ( Dv KERN_POSIX1 ) |
|
The version of ISO/IEC 9945 |
|
.Pq St -p1003.1 |
|
with which the system attempts to comply. |
|
.It Li kern.posix_aio |
|
The version of |
|
.St -p1003.1 |
|
and its Asynchronous I/O option to which the system attempts to conform. |
|
.It Li kern.posix_barriers ( Dv KERN_POSIX_BARRIERS ) |
The version of |
The version of |
.St -p1003.1 |
.St -p1003.1 |
and its |
and its |
Barriers |
Barriers |
option to which the system attempts to conform, |
option to which the system attempts to conform, |
otherwise 0. |
otherwise\ 0. |
.It Li kern.posix_reader_writer_locks ( KERN_POSIX_READER_WRITER_LOCKS ) |
.It Li kern.posix_reader_writer_locks ( Dv KERN_POSIX_READER_WRITER_LOCKS ) |
The version of |
The version of |
.St -p1003.1 |
.St -p1003.1 |
and its |
and its |
Read-Write Locks |
Read-Write Locks |
option to which the system attempts to conform, |
option to which the system attempts to conform, |
otherwise 0. |
otherwise\ 0. |
.It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES ) |
.\".It Li kern.posix_sched |
|
.\" XXX: Undocumented. |
|
.It Li kern.posix_semaphores ( Dv KERN_POSIX_SEMAPHORES ) |
The version of |
The version of |
.St -p1003.1 |
.St -p1003.1 |
and its |
and its |
Semaphores |
Semaphores |
option to which the system attempts to conform, |
option to which the system attempts to conform, |
otherwise 0. |
otherwise\ 0. |
.It Li kern.posix_spin_locks ( KERN_POSIX_SPIN_LOCKS ) |
.It Li kern.posix_spin_locks ( Dv KERN_POSIX_SPIN_LOCKS ) |
The version of |
The version of |
.St -p1003.1 |
.St -p1003.1 |
and its |
and its |
Spin Locks |
Spin Locks |
option to which the system attempts to conform, |
option to which the system attempts to conform, |
otherwise 0. |
otherwise\ 0. |
.It Li kern.posix_threads ( KERN_POSIX_THREADS ) |
.It Li kern.posix_threads ( Dv KERN_POSIX_THREADS ) |
The version of |
The version of |
.St -p1003.1 |
.St -p1003.1 |
and its |
and its |
Threads |
Threads |
option to which the system attempts to conform, |
option to which the system attempts to conform, |
otherwise 0. |
otherwise\ 0. |
.It Li kern.posix_timers ( KERN_POSIX_TIMERS ) |
.It Li kern.posix_timers ( Dv KERN_POSIX_TIMERS ) |
The version of |
The version of |
.St -p1003.1 |
.St -p1003.1 |
and its |
and its |
Timers |
Timers |
option to which the system attempts to conform, |
option to which the system attempts to conform, |
otherwise 0. |
otherwise\ 0. |
.It Li kern.proc ( KERN_PROC ) |
.It Li kern.proc ( Dv KERN_PROC ) |
Return the entire process table, or a subset of it. |
Return the entire process table, or a subset of it. |
An array of |
An array of |
.Va struct kinfo_proc |
.Vt struct kinfo_proc |
structures is returned, |
structures is returned, |
whose size depends on the current number of such objects in the system. |
whose size depends on the current number of such objects in the system. |
The third and fourth level numeric names are as follows: |
The third and fourth level numeric names are as follows: |
.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.It Sy Third level name Fourth level is: |
.It Sy Third level name Ta Sy Fourth level is : |
.It KERN\_PROC\_ALL None |
.It KERN_PROC_ALL None |
.It KERN\_PROC\_GID A group ID |
.It KERN_PROC_GID A group ID |
.It KERN\_PROC\_PID A process ID |
.It KERN_PROC_PID A process ID |
.It KERN\_PROC\_PGRP A process group |
.It KERN_PROC_PGRP A process group |
.It KERN\_PROC\_RGID A real group ID |
.It KERN_PROC_RGID A real group ID |
.It KERN\_PROC\_RUID A real user ID |
.It KERN_PROC_RUID A real user ID |
.It KERN\_PROC\_SESSION A session ID |
.It KERN_PROC_SESSION A session ID |
.It KERN\_PROC\_TTY A tty device |
.It KERN_PROC_TTY A tty device |
.It KERN\_PROC\_UID A user ID |
.It KERN_PROC_UID A user ID |
.El |
.El |
.It Li kern.proc2 ( KERN_PROC2 ) |
.It Li kern.proc2 ( Dv KERN_PROC2 ) |
As for KERN_PROC, but an array of |
As for |
.Va struct kinfo_proc2 |
.Dv KERN_PROC , |
|
but an array of |
|
.Vt struct kinfo_proc2 |
structures are returned. |
structures are returned. |
The fifth level name is the size of the |
The fifth level name is the size of the |
.Va struct kinfo_proc2 |
.Vt struct kinfo_proc2 |
and the sixth level name is the number of structures to return. |
and the sixth level name is the number of structures to return. |
.It Li kern.proc_args ( KERN_PROC_ARGS ) |
.It Li kern.proc_args ( Dv KERN_PROC_ARGS ) |
Return the argv or environment strings (or the number thereof) |
Return the argv or environment strings (or the number thereof) |
of a process. |
of a process. |
Multiple strings are returned separated by NUL characters. |
Multiple strings are returned separated by NUL characters. |
The third level name is the process ID. |
The third level name is the process ID. |
The fourth level name is as follows: |
The fourth level name is as follows: |
.Bl -column "Third level nameXXXXXX" -offset indent |
.Bl -column "KERN_PROG_PATHNAME" "The full pathname of the executable" -offset indent |
.It KERN\_PROC\_ARGV The argv strings |
.It Dv KERN_PROC_ARGV The argv strings |
.It KERN\_PROC\_ENV The environ strings |
.It Dv KERN_PROC_ENV The environ strings |
.It KERN\_PROC\_NARGV The number of argv strings |
.It Dv KERN_PROC_NARGV The number of argv strings |
.It KERN\_PROC\_NENV The number of environ strings |
.It Dv KERN_PROC_NENV The number of environ strings |
|
.It Dv KERN_PROC_PATHNAME The full pathname of the executable |
.El |
.El |
.It Li kern.profiling ( KERN_PROF ) |
.It Li kern.profiling ( Dv KERN_PROF ) |
Return profiling information about the kernel. |
Return profiling information about the kernel. |
If the kernel is not compiled for profiling, |
If the kernel is not compiled for profiling, |
attempts to retrieve any of the KERN_PROF values will |
attempts to retrieve any of the |
fail with |
.Dv KERN_PROF |
|
values will fail with |
.Er EOPNOTSUPP . |
.Er EOPNOTSUPP . |
The third level names for the string and integer profiling information |
The third level names for the string and integer profiling information |
is detailed below. |
is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" -offset indent |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.gmonparam struct gmonparam no |
.It kern.profiling.gmonparam struct gmonparam no |
Line 661 privilege may change the value. |
|
Line 1016 privilege may change the value. |
|
.Pp |
.Pp |
The variables are as follows: |
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.profiling.count ( GPROF_COUNT ) |
.It Li kern.profiling.count ( Dv GPROF_COUNT ) |
Array of statistical program counter counts. |
Array of statistical program counter counts. |
.It Li kern.profiling.froms ( GPROF_FROMS ) |
.It Li kern.profiling.froms ( Dv GPROF_FROMS ) |
Array indexed by program counter of call-from points. |
Array indexed by program counter of call-from points. |
.It Li kern.profiling.gmonparams ( GPROF_GMONPARAM ) |
.It Li kern.profiling.gmonparams ( Dv GPROF_GMONPARAM ) |
Structure giving the sizes of the above arrays. |
Structure giving the sizes of the above arrays. |
.It Li kern.profiling.state ( GPROF_STATE ) |
.It Li kern.profiling.state ( Dv GPROF_STATE ) |
Profiling state. |
Profiling state. |
If set to GMON_PROF_ON, starts profiling. |
If set to |
If set to GMON_PROF_OFF, stops profiling. |
.Dv GMON_PROF_ON , |
.It Li kern.profiling.tos ( GPROF_TOS ) |
starts profiling. |
|
If set to |
|
.Dv GMON_PROF_OFF , |
|
stops profiling. |
|
.It Li kern.profiling.tos ( Dv GPROF_TOS ) |
Array of |
Array of |
.Va struct tostruct |
.Vt struct tostruct |
describing destination of calls and their counts. |
describing destination of calls and their counts. |
.El |
.El |
.It Li kern.rawpartition ( KERN_RAWPARTITION ) |
.\" .It Li kern.pset |
|
.\" XXX: Undocumented. |
|
.It Li kern.rawpartition ( Dv KERN_RAWPARTITION ) |
The raw partition of a disk (a == 0). |
The raw partition of a disk (a == 0). |
.It Li kern.root_device ( KERN_ROOT_DEVICE ) |
.It Li kern.root_device ( Dv KERN_ROOT_DEVICE ) |
The name of the root device (e.g., |
The name of the root device (e.g., |
.Dq wd0 ) . |
.Dq wd0 ) . |
.It Li kern.root_partition ( KERN_ROOT_PARTITION ) |
.It Li kern.root_partition ( Dv KERN_ROOT_PARTITION ) |
The root partition on the root device (a == 0). |
The root partition on the root device (a == 0). |
.It Li kern.rtc_offset ( KERN_RTC_OFFSET ) |
.It Li kern.rtc_offset ( Dv KERN_RTC_OFFSET ) |
Return the offset of real time clock from UTC in minutes. |
Return the offset of real time clock from UTC in minutes. |
.It Li kern.saved_ids ( KERN_SAVED_IDS ) |
.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) |
Returns 1 if saved set-group and saved set-user ID is available. |
Returns 1 if saved set-group and saved set-user ID is available. |
.It Li kern.sbmax ( KERN_SBMAX ) |
.It Li kern.sbmax ( Dv KERN_SBMAX ) |
Maximum socket buffer size. |
Maximum socket buffer size. |
.\" XXX units? |
.\" XXX units? |
.It Li kern.securelevel ( KERN_SECURELVL ) |
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
The system security level. |
See |
This level may be raised by processes with appropriate privilege. |
.Xr secmodel_securelevel 9 . |
It may only be lowered by process 1. |
.It Li kern.sched ( dynamic ) |
.It Li kern.somaxkva ( KERN_SOMAXKVA ) |
Influence the scheduling of LWPs, their priorisation and how they are |
Maximum amount of kernel memory to be used for socket buffers. |
distributed on and moved between CPUs. |
.\" XXX units? |
.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent |
.It Li kern.synchronized_io ( KERN_SYNCHRONIZED_IO ) |
.It Sy Third level name Sy Type Sy Changeable |
Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available |
.It kern.sched.cacheht_time integer yes |
on this system, |
.It kern.sched.balance_period integer yes |
otherwise 0. |
.It kern.sched.average_weight integer yes |
.It Li kern.ipc ( KERN_SYSVIPC ) |
.It kern.sched.min_catch integer yes |
Return information about the SysV IPC parameters. |
.It kern.sched.timesoftints integer yes |
The third level names for the ipc variables are detailed below. |
.It kern.sched.kpreempt_pri integer yes |
.Bl -column "KERN_SYSVIPC_MSGXXX" "integerXXX" "noXXX" -offset indent |
.It kern.sched.upreempt_pri integer yes |
.It Sy Third level name Type Changeable |
.It kern.sched.maxts integer yes |
.It kern.ipc.sysvmsg integer no |
.It kern.sched.mints integer yes |
.It kern.ipc.sysvsem integer no |
.It kern.sched.name string no |
.It kern.ipc.sysvshm integer no |
.It kern.sched.rtts integer no |
.It kern.ipc.sysvipc_info struct no |
.It kern.sched.pri_min integer no |
.It kern.ipc.shmmax integer no |
.It kern.sched.pri_max integer no |
.It kern.ipc.shmmni integer yes |
|
.It kern.ipc.shmseg integer yes |
|
.It kern.ipc.shmmaxpgs integer yes |
|
.It kern.ipc.shm_use_phys integer yes |
|
.El |
.El |
|
.Pp |
|
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG ) |
.It Li kern.sched.cacheht_time ( dynamic ) |
Returns 1 if System V style message queue functionality is available |
Cache hotness time in which a LWP is kept on one particular CPU |
on this system, |
and not moved to another CPU. |
otherwise 0. |
This reduces the overhead of flushing and reloading caches. |
.It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM ) |
Defaults to 3ms. |
Returns 1 if System V style semaphore functionality is available |
Needs to be given in |
on this system, |
.Dq hz |
otherwise 0. |
units, see |
.It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM ) |
.Xr mstohz 9 . |
Returns 1 if System V style share memory functionality is available |
.It Li kern.sched.balance_period ( dynamic ) |
on this system, |
Interval at which the CPU queues are checked for re-balancing. |
otherwise 0. |
Defaults to 300ms. |
.It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO ) |
Needs to be given in |
Return System V style IPC configuration and run-time information. |
.Dq hz |
The fourth level name selects the System V style IPC facility. |
units, see |
.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent |
.Xr mstohz 9 . |
.It Sy Fourth level name Type |
.It Li kern.sched.average_weight ( dynamic ) |
.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info |
Can be used to influence how likely LWPs are to be migrated from |
.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info |
one CPU's queue of LWPs that are ready to run to a different, idle CPU. |
.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info |
The value gives the percentage for weighting the average count of |
|
migratable threads from the past against the current number of |
|
migratable threads. |
|
A small value gives more weight to the past, a larger values more weight |
|
on the current situation. |
|
Defaults to 50 and must be between 0 and 100. |
|
.It Li kern.sched.min_catch ( dynamic ) |
|
Minimum count of migratable (runable) threads for catching (stealing) |
|
from another CPU. |
|
Defaults to 1 but can be increased to decrease chance of thread |
|
migration between CPUs. |
|
.It Li kern.sched.timesoftints ( dynamic ) |
|
Enable tracking of CPU time for soft interrupts |
|
as part of a LWP's real execution time. |
|
Set to a non-zero value to enable, |
|
and see |
|
.Xr ps 1 |
|
for printing CPU times. |
|
.It Li kern.sched.kpreempt_pri ( dynamic ) |
|
Minimum priority to trigger kernel preemption. |
|
.It Li kern.sched.upreempt_pri ( dynamic ) |
|
Minimum priority to trigger user preemption. |
|
.It Li kern.sched.maxts ( dynamic ) |
|
Scheduler specific maximal time quantum (in milliseconds). |
|
Must be set to a value larger than |
|
.Dq mints |
|
and between 10 and |
|
.Dq hz |
|
as given by the |
|
.Dv kern.clockrate |
|
sysctl. |
|
Provided by the M2 scheduler. |
|
.It Li kern.sched.mints ( dynamic ) |
|
Scheduler specific minimal time quantum (in milliseconds). |
|
Must be set to a value smaller than |
|
.Dq maxts |
|
and between 1 and |
|
.Dq hz |
|
as given by the |
|
.Dq kern.clockrate |
|
sysctl. |
|
Provided by the M2 scheduler. |
|
.It Li kern.sched.name ( dynamic ) |
|
Scheduler name. |
|
Provided both by the M2 and the 4BSD scheduler. |
|
.It Li kern.sched.rtts ( dynamic ) |
|
Fixed scheduler specific round-robin time quantum in milliseconds. |
|
Provided both by the M2 and the 4BSD scheduler. |
|
.It Li kern.sched.pri_min ( dynamic ) |
|
Minimal POSIX real-time priority. |
|
See |
|
.Xr sched 3 . |
|
.It Li kern.sched.pri_max ( dynamic ) |
|
Maximal POSIX real-time priority. |
|
See |
|
.Xr sched 3 . |
|
.El |
|
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
|
Maximum amount of kernel memory to be used for socket buffers. |
|
.\" XXX units? |
|
.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) |
|
Returns 1 if the |
|
.St -p1003.1b-93 |
|
Synchronized I/O Option is available on this system, |
|
otherwise\ 0. |
|
.It Li kern.timecounter ( dynamic ) |
|
Display and control the timecounter source of the system. |
|
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
|
.It kern.timecounter.choice string no |
|
.It kern.timecounter.hardware string yes |
|
.It kern.timecounter.timestepwarnings integer yes |
.El |
.El |
.Pp |
.Pp |
|
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li KERN_SYSVIPC_MSG_INFO |
.It Li kern.timecounter.choice ( dynamic ) |
Return information on the System V style message facility. |
The list of available timecounters with their quality and frequency. |
The |
.It Li kern.timecounter.hardware ( dynamic ) |
.Sy msg_sysctl_info |
The currently selected timecounter source. |
structure is defined in |
.It Li kern.timecounter.timestepwarnings ( dynamic ) |
.Aq Pa sys/msg.h . |
If non-zero display a message each time the time is stepped. |
.It Li KERN_SYSVIPC_SEM_INFO |
|
Return information on the System V style semaphore facility. |
|
The |
|
.Sy sem_sysctl_info |
|
structure is defined in |
|
.Aq Pa sys/sem.h . |
|
.It Li KERN_SYSVIPC_SHM_INFO |
|
Return information on the System V style shared memory facility. |
|
The |
|
.Sy shm_sysctl_info |
|
structure is defined in |
|
.Aq Pa sys/shm.h . |
|
.El |
|
.It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX ) |
|
Max shared memory segment size in bytes. |
|
.It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI ) |
|
Max number of shared memory identifiers. |
|
.It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG ) |
|
Max shared memory segments per process. |
|
.It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS ) |
|
Max amount of shared memory in pages. |
|
.It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS ) |
|
Locking of shared memory in physical memory. |
|
If 0, memory can be swaped |
|
out, otherwise it will be locked in physical memory. |
|
.El |
.El |
.It Li kern.timex ( KERN_TIMEX ) |
.It Li kern.timex ( Dv KERN_TIMEX ) |
Not available. |
Not available. |
.It Li kern.tkstat ( KERN_TKSTAT ) |
.It Li kern.tkstat ( Dv KERN_TKSTAT ) |
Return information about the number of characters sent and received |
Return information about the number of characters sent and received |
on ttys. |
on ttys. |
The third level names for the tty statistic variables are detailed below. |
The third level names for the tty statistic variables are detailed below. |
The changeable column shows whether a process |
The changeable column shows whether a process |
with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nout quad no |
.It kern.tkstat.nout quad no |
Line 790 with appropriate privilege may change th |
|
Line 1196 with appropriate privilege may change th |
|
.Pp |
.Pp |
The variables are as follows: |
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.tkstat.cancc ( KERN_TKSTAT_CANCC ) |
.It Li kern.tkstat.cancc ( Dv KERN_TKSTAT_CANCC ) |
The number of canonical input characters. |
The number of canonical input characters. |
.It Li kern.tkstat.nin ( KERN_TKSTAT_NIN ) |
.It Li kern.tkstat.nin ( Dv KERN_TKSTAT_NIN ) |
The total number of input characters. |
The total number of input characters. |
.It Li kern.tkstat.nout ( KERN_TKSTAT_NOUT ) |
.It Li kern.tkstat.nout ( Dv KERN_TKSTAT_NOUT ) |
The total number of output characters. |
The total number of output characters. |
.It Li kern.tkstat.rawcc ( KERN_TKSTAT_RAWCC ) |
.It Li kern.tkstat.rawcc ( Dv KERN_TKSTAT_RAWCC ) |
The number of raw input characters. |
The number of raw input characters. |
.El |
.El |
.It Li kern.urandom ( KERN_URND ) |
.It Li kern.tty |
|
The third level names for the tty setup variables are detailed below. |
|
The changeable column shows whether a process |
|
with appropriate privilege may change the value. |
|
.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent |
|
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
|
.It kern.tty.qsize int yes |
|
.El |
|
.Pp |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li kern.tty.qsize |
|
Control/display the size of the default input and output queues selected |
|
during tty creation. |
|
Is converted to a power of two and its range is between |
|
.Dv 1024 |
|
and |
|
.Dv 65536 . |
|
.El |
|
.It Li kern.uidinfo |
|
Resource usage for the current user. |
|
.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
|
.It kern.uidinfo.proccnt integer no |
|
.It kern.uidinfo.lwpcnt integer no |
|
.It kern.uidinfo.lockcnt integer no |
|
.It kern.uidinfo.sbsize integer no |
|
.El |
|
.Bl -tag -width "123456" |
|
.It Li kern.uidinfo.proccnt |
|
Returns the number of active processes for the current user. |
|
.It Li kern.uidinfo.lwpcnt |
|
Returns the number of active threads for the current user; the first thread |
|
of each process is not counted. |
|
.It Li kern.uidinfo.lockcnt |
|
Number of locks held by the current user. |
|
.It Li kern.uidinfo.sbsize |
|
Number of bytes in socket buffers allocated to the current user. |
|
.El |
|
.It Li kern.urandom ( Dv KERN_URND ) |
Random integer value. |
Random integer value. |
|
.It Li kern.usercrypto |
|
When enabled, allows userland to |
|
.Xr open 2 |
|
the |
|
.Pa /dev/crypto |
|
special device, used by the |
|
.Xr crypto 4 |
|
system. |
|
.It Li kern.userasymcrypto |
|
Enables or disables the use of software asymmetric crypto support in the |
|
.Xr crypto 4 |
|
system. |
.It Li kern.veriexec |
.It Li kern.veriexec |
Tunings for Verixec. |
Runtime information for |
|
.Xr veriexec 8 . |
|
.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
|
.It kern.veriexec.algorithms string no |
|
.It kern.veriexec.count node not applicable |
|
.It kern.veriexec.strict integer yes |
|
.It kern.veriexec.verbose integer yes |
|
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.veriexec.algorithms |
.It Li kern.veriexec.algorithms |
Returns a string with the supported algorithms in Veriexec. |
Returns a string with the supported algorithms in Veriexec. |
Line 812 Each mount will be under its own |
|
Line 1277 Each mount will be under its own |
|
.No tableN |
.No tableN |
node. |
node. |
Under each node there will be three variables, indicating the mount |
Under each node there will be three variables, indicating the mount |
point, the file-system type, and the number of entries. |
point, the file system type, and the number of entries. |
.It Li kern.veriexec.strict |
.It Li kern.veriexec.strict |
Controls the strict level of Veriexec. |
Controls the strict level of Veriexec. |
See |
See |
.Xr security 8 |
.Xr security 7 |
for more information on each level's implications. |
for more information on each level's implications. |
.It Li kern.veriexec.verbose |
.It Li kern.veriexec.verbose |
Controls the verbosity level of Veriexec. |
Controls the verbosity level of Veriexec. |
Line 828 If 1, more messages will be printed (ie. |
|
Line 1293 If 1, more messages will be printed (ie. |
|
fingerprint is accessed). |
fingerprint is accessed). |
Verbose level 2 is debug mode. |
Verbose level 2 is debug mode. |
.El |
.El |
.It Li kern.version ( KERN_VERSION ) |
.It Li kern.version ( Dv KERN_VERSION ) |
The system version string. |
The system version string. |
.It Li kern.vnode ( KERN_VNODE ) |
.It Li kern.vnode ( Dv KERN_VNODE ) |
Return the entire vnode table. |
Return the entire vnode table. |
Note, the vnode table is not necessarily a consistent snapshot of |
Note, the vnode table is not necessarily a consistent snapshot of |
the system. |
the system. |
The returned data consists of an array whose size depends on the |
The returned data consists of an array whose size depends on the |
current number of such objects in the system. |
current number of such objects in the system. |
Each element of the array contains the kernel address of a vnode |
Each element of the array contains the kernel address of a vnode |
.Va struct vnode * |
.Vt struct vnode * |
followed by the vnode itself |
followed by the vnode itself |
.Va struct vnode . |
.Vt struct vnode . |
.It Li kern.coredump.setid |
.\" XXX: Undocumented: kern.lwp: no children? |
Settings related to set-id processes coredumps. |
|
By default, set-id processes do not dump core in situations where |
|
other processes would. |
|
The settings in this node allows an administrator to change this |
|
behavior. |
|
.Pp |
|
.Bl -tag -width "123456" |
|
.It Li kern.coredump.setid.dump |
|
If non-zero, set-id processes will dump core. |
|
.It Li kern.coredump.setid.group |
|
The group-id for the set-id processes' coredump. |
|
.It Li kern.coredump.setid.mode |
|
The mode for the set-id processes' coredump. |
|
See |
|
.Xr chmod 1 . |
|
.It Li kern.coredump.setid.owner |
|
The user-id that will be used as the owner of the set-id processes' |
|
coredump. |
|
.It Li kern.coredump.setid.path |
|
The path to which set-id processes' coredumps will be saved to. |
|
Same syntax as kern.defcorename. |
|
.El |
|
.\" XXX kern.lwp |
|
.El |
.El |
.Sh The machdep.* subtree |
.Ss The machdep.* subtree |
The set of variables defined is architecture dependent. |
The set of variables defined is architecture dependent. |
Most architectures define at least the following variables. |
Most architectures define at least the following variables. |
.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent |
.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It Li CPU_CONSDEV dev_t no |
.It Li machdep.booted_kernel string no |
.El |
.El |
.Sh The net.* subtree |
.\" XXX: Document the above. |
|
.Ss The net.* subtree |
The string and integer information available for the |
The string and integer information available for the |
.Li net |
.Li net |
level is detailed below. |
level is detailed below. |
Line 880 The changeable column shows whether a pr |
|
Line 1323 The changeable column shows whether a pr |
|
privilege may change the value. |
privilege may change the value. |
The second and third levels are typically the protocol family and |
The second and third levels are typically the protocol family and |
protocol number, though this is not always the case. |
protocol number, though this is not always the case. |
.Bl -column "Second level nameX" "IPsec key management valuesX" -offset indent |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It net.route routing messages no |
.It net.route routing messages no |
.It net.inet IPv4 values yes |
.It net.inet IPv4 values yes |
.It net.inet6 IPv6 values yes |
.It net.inet6 IPv6 values yes |
.It net.key IPsec key management values yes |
.It net.key IPsec key management values yes |
.El |
.El |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li net.route ( PF_ROUTE ) |
.It Li net.route ( Dv PF_ROUTE ) |
.\" XXX really? |
.\" XXX really? |
Return the entire routing table or a subset of it. |
Return the entire routing table or a subset of it. |
The data is returned as a sequence of routing messages (see |
The data is returned as a sequence of routing messages (see |
Line 897 The data is returned as a sequence of ro |
|
Line 1339 The data is returned as a sequence of ro |
|
for the header file, format and meaning). |
for the header file, format and meaning). |
The length of each message is contained in the message header. |
The length of each message is contained in the message header. |
.Pp |
.Pp |
The third level name is a protocol number, which is currently always 0. |
The third level name is a protocol number, which is currently always\ 0. |
The fourth level name is an address family, which may be set to 0 to |
The fourth level name is an address family, which may be set to 0 to |
select all address families. |
select all address families. |
The fifth and sixth level names are as follows: |
The fifth and sixth level names are as follows: |
.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.It Sy Fifth level name Sixth level is: |
.It Sy Fifth level name Ta Sy Sixth level is : |
.It NET\_RT\_FLAGS rtflags |
.It NET_RT_FLAGS rtflags |
.It NET\_RT\_DUMP None |
.It NET_RT_DUMP None |
.It NET\_RT\_IFLIST None |
.It NET_RT_IFLIST None |
.El |
.El |
.It Li net.inet ( PF_INET ) |
.It Li net.inet ( Dv PF_INET ) |
Get or set various global information about the IPv4 |
Get or set various global information about the IPv4 |
.Pq Internet Protocol version 4 . |
.Pq Internet Protocol version 4 . |
The third level name is the protocol. |
The third level name is the protocol. |
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol name" "sack.globalmaxholes" "integer" -offset 4n |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.It Sy Protocol name Variable name Type Changeable |
.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable |
.It arp down integer yes |
.It arp down integer yes |
.It arp keep integer yes |
.It arp keep integer yes |
.It arp prune integer yes |
.It arp log_movements integer yes |
.It arp refresh integer yes |
.It arp log_permanent_modify integer yes |
|
.It arp log_unknown_network integer yes |
|
.It arp log_wrong_iface integer yes |
.It carp allow integer yes |
.It carp allow integer yes |
.It carp preempt integer yes |
.It carp preempt integer yes |
.It carp log integer yes |
.It carp log integer yes |
Line 927 The currently defined protocols and name |
|
Line 1371 The currently defined protocols and name |
|
.It icmp maskrepl integer yes |
.It icmp maskrepl integer yes |
.It icmp rediraccept integer yes |
.It icmp rediraccept integer yes |
.It icmp redirtimeout integer yes |
.It icmp redirtimeout integer yes |
|
.It icmp bmcastecho integer yes |
.It ip allowsrcrt integer yes |
.It ip allowsrcrt integer yes |
|
.It ip anonportalgo.selected string yes |
|
.It ip anonportalgo.available string yes |
|
.It ip anonportalgo.reserve struct yes |
.It ip anonportmax integer yes |
.It ip anonportmax integer yes |
.It ip anonportmin integer yes |
.It ip anonportmin integer yes |
.It ip checkinterface integer yes |
.It ip checkinterface integer yes |
|
.It ip dad_count integer yes |
.It ip directed-broadcast integer yes |
.It ip directed-broadcast integer yes |
.It ip do_loopback_cksum integer yes |
.It ip do_loopback_cksum integer yes |
.It ip forwarding integer yes |
.It ip forwarding integer yes |
.It ip forwsrcrt integer yes |
.It ip forwsrcrt integer yes |
.It ip gifttl integer yes |
.It ip gifttl integer yes |
.It ip grettl integer yes |
.It ip grettl integer yes |
|
.It ip hashsize integer yes |
.It ip hostzerobroadcast integer yes |
.It ip hostzerobroadcast integer yes |
.It ip lowportmin integer yes |
.It ip lowportmin integer yes |
.It ip lowportmax integer yes |
.It ip lowportmax integer yes |
Line 960 The currently defined protocols and name |
|
Line 1410 The currently defined protocols and name |
|
.It tcp mss_ifmtu integer yes |
.It tcp mss_ifmtu integer yes |
.It tcp win_scale integer yes |
.It tcp win_scale integer yes |
.It tcp timestamps integer yes |
.It tcp timestamps integer yes |
.It tcp compat_42 integer yes |
|
.It tcp cwm integer yes |
.It tcp cwm integer yes |
.It tcp cwm_burstsize integer yes |
.It tcp cwm_burstsize integer yes |
.It tcp ack_on_push integer yes |
.It tcp ack_on_push integer yes |
Line 968 The currently defined protocols and name |
|
Line 1417 The currently defined protocols and name |
|
.It tcp keepintvl integer yes |
.It tcp keepintvl integer yes |
.It tcp keepcnt integer yes |
.It tcp keepcnt integer yes |
.It tcp slowhz integer no |
.It tcp slowhz integer no |
|
.It tcp keepinit integer yes |
.It tcp log_refused integer yes |
.It tcp log_refused integer yes |
.It tcp rstppslimit integer yes |
.It tcp rstppslimit integer yes |
.It tcp ident struct no |
.It tcp ident struct no |
|
.It tcp drop struct no |
.It tcp sack.enable integer yes |
.It tcp sack.enable integer yes |
.It tcp sack.globalholes integer no |
.It tcp sack.globalholes integer no |
.It tcp sack.globalmaxholes integer yes |
.It tcp sack.globalmaxholes integer yes |
Line 993 The variables are as follows: |
|
Line 1444 The variables are as follows: |
|
Failed ARP entry lifetime. |
Failed ARP entry lifetime. |
.It Li arp.keep |
.It Li arp.keep |
Valid ARP entry lifetime. |
Valid ARP entry lifetime. |
.It Li arp.prune |
|
ARP cache pruning interval. |
|
.It Li arp.refresh |
|
ARP entry refresh interval. |
|
.It Li carp.allow |
.It Li carp.allow |
If set to 0, incoming |
If set to 0, incoming |
.Xr carp 4 |
.Xr carp 4 |
Line 1027 believes it can send advertisements more |
|
Line 1474 believes it can send advertisements more |
|
Disabled by default. |
Disabled by default. |
.It Li ip.allowsrcrt |
.It Li ip.allowsrcrt |
If set to 1, the host accepts source routed packets. |
If set to 1, the host accepts source routed packets. |
|
.It Li ip.anonportalgo.available |
|
The available RFC 6056 port randomization algorithms. |
|
.It Li ip.anonportalgo.reserve |
|
A bitmask of ports that will not be used during anonymous or privileged |
|
port selection. |
|
.It Li ip.anonportalgo.selected |
|
The currently selected RFC 6056 port randomization algorithm. |
.It Li ip.anonportmax |
.It Li ip.anonportmax |
The highest port number to use for TCP and UDP ephemeral port allocation. |
The highest port number to use for TCP and UDP ephemeral port allocation. |
This cannot be set to less than 1024 or greater than 65535, and must |
This cannot be set to less than 1024 or greater than 65535, and must |
Line 1042 Currently, this must be disabled if ipna |
|
Line 1496 Currently, this must be disabled if ipna |
|
destination address to another local interface, or if addresses |
destination address to another local interface, or if addresses |
are added to the loopback interface instead of the interface where |
are added to the loopback interface instead of the interface where |
the packets for those packets are received. |
the packets for those packets are received. |
|
.It Li ip.dad_count |
|
The number of |
|
.Xr arp 4 |
|
probes sent for Address Conflict Detection. |
|
Set to 0 to disable this. |
.It Li ip.directed-broadcast |
.It Li ip.directed-broadcast |
If set to 1, enables directed broadcast behavior for the host. |
If set to 1, enables directed broadcast behavior for the host. |
.It Li ip.do_loopback_cksum |
.It Li ip.do_loopback_cksum |
Line 1060 tunnel interface. |
|
Line 1519 tunnel interface. |
|
The maximum time-to-live (hop count) value for an IPv4 packet generated by |
The maximum time-to-live (hop count) value for an IPv4 packet generated by |
.Xr gre 4 |
.Xr gre 4 |
tunnel interface. |
tunnel interface. |
|
.It Li ip.hashsize |
|
The size of IPv4 Fast Forward hash table. |
|
This value must be a power of 2 (64, 256...). |
|
A larger hash table size results in fewer collisions. |
|
Also see |
|
.Li ip.maxflows . |
.It Li ip.hostzerobroadcast |
.It Li ip.hostzerobroadcast |
All zeroes address is broadcast address. |
All zeroes address is broadcast address. |
.It Li ip.lowportmax |
.It Li ip.lowportmax |
Line 1073 This cannot be set to less than 0 or gre |
|
Line 1538 This cannot be set to less than 0 or gre |
|
be smaller than |
be smaller than |
.Li ip.lowportmax . |
.Li ip.lowportmax . |
.It Li ip.maxflows |
.It Li ip.maxflows |
IP Fast Forwarding is enabled by default. |
IPv4 Fast Forwarding is enabled by default. |
If set to 0, IP Fast Forwarding is disabled. |
If set to 0, IPv4 Fast Forwarding is disabled. |
.Li ip.maxflows |
.Li ip.maxflows |
controls the maximum amount of flows which can be created. |
controls the maximum amount of flows which can be created. |
The default value is 256. |
The default value is 256. |
|
|
This defaults to 600 seconds. |
This defaults to 600 seconds. |
.It Li icmp.returndatabytes |
.It Li icmp.returndatabytes |
Number of bytes to return in an ICMP error message. |
Number of bytes to return in an ICMP error message. |
|
.It Li icmp.bmcastecho |
|
If set to 1, enables responding to ICMP echo or timestamp request to the |
|
broadcast address. |
.It Li tcp.ack_on_push |
.It Li tcp.ack_on_push |
If set to 1, TCP is to immediately transmit an ACK upon reception of |
If set to 1, TCP is to immediately transmit an ACK upon reception of |
a packet with PUSH set. |
a packet with PUSH set. |
Line 1134 This can avoid losing a round trip time |
|
Line 1602 This can avoid losing a round trip time |
|
but has the caveat of potentially defeating TCP's delayed ACK algorithm. |
but has the caveat of potentially defeating TCP's delayed ACK algorithm. |
Use of this option is generally not recommended, but |
Use of this option is generally not recommended, but |
the variable exists in case your configuration really needs it. |
the variable exists in case your configuration really needs it. |
.It Li tcp.compat_42 |
|
If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation. |
|
Use of this option is not recommended, although it may be |
|
required in order to communicate with extremely old TCP implementations. |
|
.It Li tcp.cwm |
.It Li tcp.cwm |
If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window |
If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window |
Monitoring algorithm. |
Monitoring algorithm. |
Line 1155 Number of ticks to delay sending an ACK. |
|
Line 1619 Number of ticks to delay sending an ACK. |
|
Perform TCP checksum on loopback. |
Perform TCP checksum on loopback. |
.It Li tcp.init_win |
.It Li tcp.init_win |
A value indicating the TCP initial congestion window. |
A value indicating the TCP initial congestion window. |
If this value is 0, an auto-tuning algorithm designed to use an initial |
The valid range |
window of approximately 4K bytes is in use. |
is 0 to 10 (maximum specified by RFC6928), |
Otherwise, this value indicates a fixed number of packets. |
with a default of 4 (approximately 4K per RFC3390). |
.It Li tcp.init_win_local |
.It Li tcp.init_win_local |
Like |
Like |
.Li tcp.init_win , |
.Li tcp.init_win , |
Line 1177 another probe is sent. |
|
Line 1641 another probe is sent. |
|
See also tcp.slowhz. |
See also tcp.slowhz. |
.It Li tcp.log_refused |
.It Li tcp.log_refused |
If set to 1, refused TCP connections to the host will be logged. |
If set to 1, refused TCP connections to the host will be logged. |
|
.It Li tcp.keepinit |
|
Timeout in seconds during connection establishment. |
.It Li tcp.mss_ifmtu |
.It Li tcp.mss_ifmtu |
If set to 1, TCP calculates the outgoing maximum segment size based on |
If set to 1, TCP calculates the outgoing maximum segment size based on |
the MTU of the appropriate interface. |
the MTU of the appropriate interface. |
Line 1189 us during connection setup or Path MTU D |
|
Line 1655 us during connection setup or Path MTU D |
|
.Li ( ip.mtudisc ) |
.Li ( ip.mtudisc ) |
is disabled. |
is disabled. |
Do not change this value unless you really know what you are doing. |
Do not change this value unless you really know what you are doing. |
.It Li tcp.newreno |
|
If set to 1, enables the use of J. |
|
Hoe's NewReno congestion control algorithm. |
|
This algorithm improves the start-up behavior of TCP connections. |
|
.It Li tcp.recvspace |
.It Li tcp.recvspace |
The default TCP receive buffer size. |
The default TCP receive buffer size. |
.It Li tcp.rfc1323 |
.It Li tcp.rfc1323 |
|
|
TCP RST packet that exceeded the value are subject to rate limitation |
TCP RST packet that exceeded the value are subject to rate limitation |
and will not go out from the node. |
and will not go out from the node. |
Negative value disables rate limitation. |
Negative value disables rate limitation. |
|
.It Li tcp.ident |
|
Return the user ID of a connected socket pair. |
|
(RFC1413 Identification Protocol lookups.) |
|
.It Li tcp.drop |
|
Drop a TCP socket pair connection. |
.It Li tcp.sack.enable |
.It Li tcp.sack.enable |
If set to 1, enables RFC 2018 Selective ACKnowledgement. |
If set to 1, enables RFC 2018 Selective ACKnowledgement. |
.It Li tcp.sack.globalholes |
.It Li tcp.sack.globalholes |
Line 1251 It has no effect unless tcp.abc.enable i |
|
Line 1718 It has no effect unless tcp.abc.enable i |
|
If set to 1, UDP checksums are being computed. |
If set to 1, UDP checksums are being computed. |
Received non-zero UDP checksums are always checked. |
Received non-zero UDP checksums are always checked. |
Disabling UDP checksums is strongly discouraged. |
Disabling UDP checksums is strongly discouraged. |
.It Li udp.sendspace |
|
The default UDP send buffer size. |
|
.It Li udp.recvspace |
.It Li udp.recvspace |
The default UDP receive buffer size. |
The default UDP receive buffer size. |
|
.It Li udp.sendspace |
|
The default UDP send buffer size. |
.El |
.El |
.Pp |
.Pp |
For variables net.*.ipsec, please refer to |
For variables net.*.ipsec, please refer to |
.Xr ipsec 4 . |
.Xr ipsec 4 . |
.It Li net.inet6 ( PF_INET6 ) |
.It Li net.inet6 ( Dv PF_INET6 ) |
Get or set various global information about the IPv6 |
Get or set various global information about the IPv6 |
.Pq Internet Protocol version 6 . |
.Pq Internet Protocol version 6 . |
The third level name is the protocol. |
The third level name is the protocol. |
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.It Sy Protocol name Variable name Type Changeable |
.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable |
.It icmp6 errppslimit integer yes |
.It icmp6 errppslimit integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_lowat integer yes |
.It icmp6 mtudisc_lowat integer yes |
Line 1281 The currently defined protocols and name |
|
Line 1748 The currently defined protocols and name |
|
.It icmp6 rediraccept integer yes |
.It icmp6 rediraccept integer yes |
.It icmp6 redirtimeout integer yes |
.It icmp6 redirtimeout integer yes |
.It ip6 accept_rtadv integer yes |
.It ip6 accept_rtadv integer yes |
|
.It ip6 addctlpolicy struct in6_addrpolicy no |
|
.It ip6 anonportalgo.selected string yes |
|
.It ip6 anonportalgo.available string yes |
|
.It ip6 anonportalgo.reserve struct yes |
.It ip6 anonportmax integer yes |
.It ip6 anonportmax integer yes |
.It ip6 anonportmin integer yes |
.It ip6 anonportmin integer yes |
.It ip6 auto_flowlabel integer yes |
.It ip6 auto_flowlabel integer yes |
Line 1288 The currently defined protocols and name |
|
Line 1759 The currently defined protocols and name |
|
.It ip6 defmcasthlim integer yes |
.It ip6 defmcasthlim integer yes |
.It ip6 forwarding integer yes |
.It ip6 forwarding integer yes |
.It ip6 gifhlim integer yes |
.It ip6 gifhlim integer yes |
|
.It ip6 hashsize integer yes |
.It ip6 hlim integer yes |
.It ip6 hlim integer yes |
.It ip6 hdrnestlimit integer yes |
.It ip6 hdrnestlimit integer yes |
.It ip6 kame_version string no |
.It ip6 kame_version string no |
Line 1295 The currently defined protocols and name |
|
Line 1767 The currently defined protocols and name |
|
.It ip6 log_interval integer yes |
.It ip6 log_interval integer yes |
.It ip6 lowportmax integer yes |
.It ip6 lowportmax integer yes |
.It ip6 lowportmin integer yes |
.It ip6 lowportmin integer yes |
|
.It ip6 maxdynroutes integer yes |
|
.It ip6 maxifprefixes integer yes |
|
.It ip6 maxifdefrouters integer yes |
|
.It ip6 maxflows integer yes |
.It ip6 maxfragpackets integer yes |
.It ip6 maxfragpackets integer yes |
.It ip6 maxfrags integer yes |
.It ip6 maxfrags integer yes |
|
.It ip6 neighborgcthresh integer yes |
.It ip6 redirect integer yes |
.It ip6 redirect integer yes |
.It ip6 rr_prune integer yes |
.It ip6 rr_prune integer yes |
.It ip6 use_deprecated integer yes |
.It ip6 use_deprecated integer yes |
Line 1314 and autoconfigures address prefixes and |
|
Line 1791 and autoconfigures address prefixes and |
|
The node must be a host |
The node must be a host |
.Pq not a router |
.Pq not a router |
for the option to be meaningful. |
for the option to be meaningful. |
|
.It Li ip6.anonportalgo.available |
|
The available RFC 6056 port randomization algorithms. |
|
.It Li ip6.anonportalgo.reserve |
|
A bitmask of ports that will not be used during anonymous or privileged |
|
port selection. |
|
.It Li ip6.anonportalgo.selected |
|
The currently selected RFC 6056 port randomization algorithm. |
.It Li ip6.anonportmax |
.It Li ip6.anonportmax |
The highest port number to use for TCP and UDP ephemeral port allocation. |
The highest port number to use for TCP and UDP ephemeral port allocation. |
This cannot be set to less than 1024 or greater than 65535, and must |
This cannot be set to less than 1024 or greater than 65535, and must |
Line 1355 tunnel interface. |
|
Line 1839 tunnel interface. |
|
.It Li ip6.hdrnestlimit |
.It Li ip6.hdrnestlimit |
The number of IPv6 extension headers permitted on incoming IPv6 packets. |
The number of IPv6 extension headers permitted on incoming IPv6 packets. |
If set to 0, the node will accept as many extension headers as possible. |
If set to 0, the node will accept as many extension headers as possible. |
|
.It Li ip6.hashsize |
|
The size of IPv6 Fast Forward hash table. |
|
This value must be a power of 2 (64, 256, ...). |
|
A larger hash table size results in fewer collisions. |
|
Also see |
|
.Li ip6.maxflows . |
.It Li ip6.hlim |
.It Li ip6.hlim |
The default hop limit value for an IPv6 unicast packet sourced by the node. |
The default hop limit value for an IPv6 unicast packet sourced by the node. |
This value applies to all the transport protocols on top of IPv6. |
This value applies to all the transport protocols on top of IPv6. |
Line 1385 The lowest port number to use for TCP an |
|
Line 1875 The lowest port number to use for TCP an |
|
This cannot be set to less than 0 or greater than 1024, and must |
This cannot be set to less than 0 or greater than 1024, and must |
be smaller than |
be smaller than |
.Li ip6.lowportmax . |
.Li ip6.lowportmax . |
|
.It Li ip6.maxdynroutes |
|
Maximum number of routes created by redirect. |
|
Set it to negative to disable. |
|
The default value is 4096. |
|
.It Li ip6.maxifprefixes |
|
Maximum number of prefixes created by route advertisements per interface. |
|
Set it to negative to disable. |
|
The default value is 16. |
|
.It Li ip6.maxifdefrouters 16 |
|
Maximum number of default routers created by route advertisements per interface. |
|
Set it to negative to disable. |
|
The default value is 16. |
|
.It Li ip6.maxflows |
|
IPv6 Fast Forwarding is enabled by default. |
|
If set to 0, IPv6 Fast Forwarding is disabled. |
|
.Li ip6.maxflows |
|
controls the maximum amount of flows which can be created. |
|
The default value is 256. |
.It Li ip6.maxfragpackets |
.It Li ip6.maxfragpackets |
The maximum number of fragmented packets the node will accept. |
The maximum number of fragmented packets the node will accept. |
0 means that the node will not accept any fragmented packets. |
0 means that the node will not accept any fragmented packets. |
Line 1395 The maximum number of fragments the node |
|
Line 1903 The maximum number of fragments the node |
|
0 means that the node will not accept any fragments. |
0 means that the node will not accept any fragments. |
\-1 means that the node will accept as many fragments as it receives. |
\-1 means that the node will accept as many fragments as it receives. |
The flag is provided basically for avoiding possible DoS attacks. |
The flag is provided basically for avoiding possible DoS attacks. |
|
.It Li ip6.neighborgcthresh |
|
Maximum number of entries in neighbor cache per interface. |
|
Set to negative to disable. |
|
The default value is 2048. |
.It Li ip6.redirect |
.It Li ip6.redirect |
If set to 1, ICMPv6 redirects may be sent by the node. |
If set to 1, ICMPv6 redirects may be sent by the node. |
This option is ignored unless the node is routing IP packets, |
This option is ignored unless the node is routing IP packets, |
Line 1502 Default UDP receive buffer size. |
|
Line 2014 Default UDP receive buffer size. |
|
Default UDP send buffer size. |
Default UDP send buffer size. |
.El |
.El |
.Pp |
.Pp |
We reuse net.*.tcp for |
We reuse net.*.tcp for TCP over IPv6, |
.Tn TCP |
|
over |
|
.Tn IPv6 , |
|
and therefore we do not have variables net.*.tcp6. |
and therefore we do not have variables net.*.tcp6. |
Variables net.inet6.udp6 have identical meaning to net.inet.udp. |
Variables net.inet6.udp6 have identical meaning to net.inet.udp. |
Please refer to |
Please refer to |
Line 1513 Please refer to |
|
Line 2022 Please refer to |
|
section above. |
section above. |
For variables net.*.ipsec6, please refer to |
For variables net.*.ipsec6, please refer to |
.Xr ipsec 4 . |
.Xr ipsec 4 . |
.It Li net.key ( PF_KEY ) |
.It Li net.key ( Dv PF_KEY ) |
Get or set various global information about the IPsec key management. |
Get or set various global information about the IPsec key management. |
The third level name is the variable name. |
The third level name is the variable name. |
The currently defined variable and names are: |
The currently defined variable and names are: |
.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.It Sy Variable name Type Changeable |
.It Sy Variable Type Ta Sy Changeable |
.It debug integer yes |
.It debug integer yes |
|
.It enabled integer yes |
|
.It used integer no |
.It spi_try integer yes |
.It spi_try integer yes |
.It spi_min_value integer yes |
.It spi_min_value integer yes |
.It spi_max_value integer yes |
.It spi_max_value integer yes |
Line 1530 The currently defined variable and names |
|
Line 2041 The currently defined variable and names |
|
.It esp_auth integer yes |
.It esp_auth integer yes |
.It ah_keymin integer yes |
.It ah_keymin integer yes |
.El |
.El |
|
.Pp |
The variables are as follows: |
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li debug |
.It Li debug |
Turn on debugging message from within the kernel. |
Turn on debugging message from within the kernel. |
The value is a bitmap, as defined in |
The value is a bitmap, as defined in |
.Pa /usr/include/netkey/key_debug.h . |
.In netkey/key_debug.h . |
|
.It Li enabled |
|
Control processing of IPsec control messages. |
|
.Bl -tag -width indent |
|
.It 0 |
|
Never allow IPsec processing |
|
.It 1 |
|
Allow IPsec processing when SPD policies are present. |
|
.It 2 |
|
Force IPsec processing even when SPD policies are not present. |
|
.El |
|
.It Li used |
|
Based on if IPsec is enabled, and SPD rule existance, show if |
|
IPsec is being used. |
|
Note that currently once IPsec is being used, it cannot be disabled. |
.It Li spi_try |
.It Li spi_try |
The number of times the kernel will try to obtain an unique SPI |
The number of times the kernel will try to obtain an unique SPI |
when it generates it from random number generator. |
when it generates it from random number generator. |
Line 1566 The value is used when the kernel create |
|
Line 2092 The value is used when the kernel create |
|
on ACQUIRE PF_KEY message. |
on ACQUIRE PF_KEY message. |
.El |
.El |
.El |
.El |
.Sh The proc.* subtree |
.Ss The proc.* subtree |
The string and integer information available for the |
The string and integer information available for the |
.Li proc |
.Li proc |
level is detailed below. |
level is detailed below. |
Line 1580 When a set-user-ID or set-group-ID binar |
|
Line 2106 When a set-user-ID or set-group-ID binar |
|
value of PROC_PID_CORENAME is reset to the system default value. |
value of PROC_PID_CORENAME is reset to the system default value. |
The second level name is either the magic value PROC_CURPROC, which |
The second level name is either the magic value PROC_CURPROC, which |
points to the current process, or the PID of the target process. |
points to the current process, or the PID of the target process. |
.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It proc.pid.corename string yes |
.It proc.pid.corename string yes |
.It proc.pid.rlimit node not applicable |
.It proc.pid.rlimit node not applicable |
.It proc.pid.stopfork int yes |
.It proc.pid.stopfork int yes |
.It proc.pid.stopexec int yes |
.It proc.pid.stopexec int yes |
.It proc.pid.stopexit int yes |
.It proc.pid.stopexit int yes |
|
.It proc.pid.paxflags int no |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.Pp |
.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) |
.It Li proc.pid.corename ( PROC_PID_CORENAME ) |
|
The template used for the core dump file name (see |
The template used for the core dump file name (see |
.Xr core 5 |
.Xr core 5 |
for details). |
for details). |
The base name must either be |
The base name must either be |
.Nm core |
.Pa core |
or end with the suffix ``.core'' (the super-user may set arbitrary names). |
or end with the suffix |
By default it points to KERN_DEFCORENAME. |
.Pa .core |
.It Li proc.pid.rlimit ( PROC_PID_LIMIT ) |
(the super-user may set arbitrary names). |
|
By default it points to |
|
.Dv KERN_DEFCORENAME . |
|
.It Li proc.pid.rlimit ( Dv PROC_PID_LIMIT ) |
Return resources limits, as defined for the |
Return resources limits, as defined for the |
.Xr getrlimit 2 |
.Xr getrlimit 2 |
and |
and |
.Xr setrlimit 2 |
.Xr setrlimit 2 |
system calls. |
system calls. |
The fourth level name is one of: |
The fourth level name is one of: |
.Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA |
.Bl -tag -width "123456" |
.It Li proc.pid.rlimit.cputime ( PROC_PID_LIMIT_CPU ) |
.It Li proc.pid.rlimit.cputime ( Dv PROC_PID_LIMIT_CPU ) |
The maximum amount of CPU time (in seconds) to be used by each process. |
The maximum amount of CPU time (in seconds) to be used by each process. |
.It Li proc.pid.rlimit.filesize ( PROC_PID_LIMIT_FSIZE ) |
.It Li proc.pid.rlimit.filesize ( Dv PROC_PID_LIMIT_FSIZE ) |
The largest size (in bytes) file that may be created. |
The largest size (in bytes) file that may be created. |
.It Li proc.pid.rlimit.datasize ( PROC_PID_LIMIT_DATA ) |
.It Li proc.pid.rlimit.datasize ( Dv PROC_PID_LIMIT_DATA ) |
The maximum size (in bytes) of the data segment for a process; |
The maximum size (in bytes) of the data segment for a process; |
this defines how far a program may extend its break with the |
this defines how far a program may extend its break with the |
.Xr sbrk 2 |
.Xr sbrk 2 |
system call. |
system call. |
.It Li proc.pid.rlimit.stacksize ( PROC_PID_LIMIT_STACK ) |
.It Li proc.pid.rlimit.stacksize ( Dv PROC_PID_LIMIT_STACK ) |
The maximum size (in bytes) of the stack segment for a process; |
The maximum size (in bytes) of the stack segment for a process; |
this defines how far a program's stack segment may be extended. |
this defines how far a program's stack segment may be extended. |
Stack extension is performed automatically by the system. |
Stack extension is performed automatically by the system. |
.It Li proc.pid.rlimit.coredumpsize ( PROC_PID_LIMIT_CORE ) |
.It Li proc.pid.rlimit.coredumpsize ( Dv PROC_PID_LIMIT_CORE ) |
The largest size (in bytes) |
The largest size (in bytes) |
.Pa core |
.Pa core |
file that may be created. |
file that may be created. |
.It Li proc.pid.rlimit.memoryuse ( PROC_PID_LIMIT_RSS ) |
.It Li proc.pid.rlimit.memoryuse ( Dv PROC_PID_LIMIT_RSS ) |
The maximum size (in bytes) to which a process's resident set size may |
The maximum size (in bytes) to which a process's resident set size may |
grow. |
grow. |
This imposes a limit on the amount of physical memory to be given to |
This imposes a limit on the amount of physical memory to be given to |
a process; if memory is tight, the system will prefer to take memory |
a process; if memory is tight, the system will prefer to take memory |
from processes that are exceeding their declared resident set size. |
from processes that are exceeding their declared resident set size. |
.It Li proc.pid.rlimit.memorylocked ( PROC_PID_LIMIT_MEMLOCK ) |
.It Li proc.pid.rlimit.memorylocked ( Dv PROC_PID_LIMIT_MEMLOCK ) |
The maximum size (in bytes) which a process may lock into memory |
The maximum size (in bytes) which a process may lock into memory |
using the |
using the |
.Xr mlock 2 |
.Xr mlock 2 |
function. |
function. |
.It Li proc.pid.rlimit.maxproc ( PROC_PID_LIMIT_NPROC ) |
.It Li proc.pid.rlimit.maxproc ( Dv PROC_PID_LIMIT_NPROC ) |
The maximum number of simultaneous processes for this user id. |
The maximum number of simultaneous processes for this user id. |
.It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE ) |
.It Li proc.pid.rlimit.descriptors ( Dv PROC_PID_LIMIT_NOFILE ) |
The maximum number of open files for this process. |
The maximum number of open files for this process. |
.\" XXX proc.pid.rlimit.sbsize |
.It Li proc.pid.rlimit.sbsize ( Dv PROC_PID_LIMIT_SBSIZE ) |
|
The maximum size (in bytes) of the socket buffers |
|
set by the |
|
.Xr setsockopt 2 |
|
.Dv SO_RCVBUF |
|
and |
|
.Dv SO_SNDBUF |
|
options. |
|
.It Li proc.pid.rlimit.vmemoryuse ( Dv PROC_PID_LIMIT_AS ) |
|
The maximum size (in bytes) which a process can obtain. |
|
.It Li proc.pid.rlimit.maxlwp ( Dv PROC_PID_LIMIT_NTHR ) |
|
The maximum number of threads that cen be created and running at one time in |
|
the process. |
|
The first thread of each process is not counted against this. |
.El |
.El |
.Pp |
.Pp |
The fifth level name is one of |
The fifth level name is one of |
.Li soft ( PROC_PID_LIMIT_TYPE_SOFT ) or |
.Li soft ( Dv PROC_PID_LIMIT_TYPE_SOFT ) |
.Li hard ( PROC_PID_LIMIT_TYPE_HARD ) , |
or |
|
.Li hard ( Dv PROC_PID_LIMIT_TYPE_HARD ) , |
to select respectively the soft or hard limit. |
to select respectively the soft or hard limit. |
Both are of type integer. |
Both are of type integer. |
.It Li proc.pid.stopfork ( PROC_PID_STOPFORK ) |
.It Li proc.pid.stopfork ( Dv PROC_PID_STOPFORK ) |
If non zero, the process' children will be stopped after |
If non zero, the process' children will be stopped after |
.Xr fork 2 |
.Xr fork 2 |
calls. |
calls. |
The children is created in the SSTOP state and is never scheduled |
The children are created in the SSTOP state and are never scheduled |
for running before being stopped. |
for running before being stopped. |
This feature helps attaching a process with a debugger such as |
This feature enables attaching to a process with a debugger such as |
.Xr gdb 1 |
.Xr gdb 1 |
before it had the opportunity to actually do anything. |
before the process has the opportunity to actually do anything. |
.Pp |
.Pp |
This value is inherited by the process's children, and it also |
This value is inherited by the process's children, and it also |
apply to emulation specific system calls that fork a new process, such as |
applies to emulation specific system calls that fork a new process, such as |
.Fn sproc |
.Fn sproc |
or |
or |
.Fn clone . |
.Fn clone . |
.It Li proc.pid.stopexec ( PROC_PID_STOPEXEC ) |
.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) |
If non zero, the process will be stopped on next |
If non zero, the process will be stopped on the next |
.Xr exec 3 |
.Xr exec 3 |
call. |
call. |
The process created by |
The process created by |
.Xr exec 3 |
.Xr exec 3 |
is created in the SSTOP state and is never scheduled for running |
is created in the SSTOP state and is never scheduled for running |
before being stopped. |
before being stopped. |
This feature helps attaching a process with a debugger such as |
This feature enables attaching to a process with a debugger such as |
.Xr gdb 1 |
.Xr gdb 1 |
before it had the opportunity to actually do anything. |
before the process has the opportunity to actually do anything. |
.Pp |
.Pp |
This value is inherited by the process's children. |
This value is inherited by the process's children. |
.It Li proc.pid.stopexit ( PROC_PID_STOPEXIT ) |
.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) |
If non zero, the process will be stopped on when it has cause to exit, |
If non zero, the process will be stopped when it has cause to exit, |
either by way of calling |
either by way of calling |
.Xr exit 3 , |
.Xr exit 3 , |
.Xr _exit 2 , |
.Xr _exit 2 , |
or by the receipt of a specific signal. |
or by the receipt of a specific signal. |
The process is stopped before any of its resources or vm space is |
The process is stopped before any of its resources or vm space is |
released allowing examination of the termination state of a process |
released allowing examination of the termination state of the process |
before it disappears. |
before it disappears. |
This feature can be used to examine the final conditions of the |
This feature can be used to examine the final conditions of the |
process's vmspace via |
process's vmspace via |
Line 1691 or its resource settings with |
|
Line 2234 or its resource settings with |
|
before it disappears. |
before it disappears. |
.Pp |
.Pp |
This value is also inherited by the process's children. |
This value is also inherited by the process's children. |
|
.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) |
|
This read-only variable returns the current value of the process's pax |
|
flags (see |
|
.Xr paxctl 8 ) . |
.El |
.El |
.Sh The user.* subtree ( CTL_USER ) |
.Ss The user.* subtree ( Dv CTL_USER ) |
The string and integer information available for the |
The string and integer information available for the |
.Li user |
.Li user |
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It user.atexit_max integer no |
.It user.atexit_max integer no |
.It user.bc_base_max integer no |
.It user.bc_base_max integer no |
.It user.bc_dim_max integer no |
.It user.bc_dim_max integer no |
Line 1724 privilege may change the value. |
|
Line 2271 privilege may change the value. |
|
.It user.tzname_max integer no |
.It user.tzname_max integer no |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.Pp |
.It Li user.atexit_max ( Dv USER_ATEXIT_MAX ) |
.It Li user.atexit_max ( USER_ATEXIT_MAX ) |
|
The maximum number of functions that may be registered with |
The maximum number of functions that may be registered with |
.Xr atexit 3 . |
.Xr atexit 3 . |
.It Li user.bc_base_max ( USER_BC_BASE_MAX ) |
.It Li user.bc_base_max ( Dv USER_BC_BASE_MAX ) |
The maximum ibase/obase values in the |
The maximum ibase/obase values in the |
.Xr bc 1 |
.Xr bc 1 |
utility. |
utility. |
.It Li user.bc_dim_max ( USER_BC_DIM_MAX ) |
.It Li user.bc_dim_max ( Dv USER_BC_DIM_MAX ) |
The maximum array size in the |
The maximum array size in the |
.Xr bc 1 |
.Xr bc 1 |
utility. |
utility. |
.It Li user.bc_scale_max ( USER_BC_SCALE_MAX ) |
.It Li user.bc_scale_max ( Dv USER_BC_SCALE_MAX ) |
The maximum scale value in the |
The maximum scale value in the |
.Xr bc 1 |
.Xr bc 1 |
utility. |
utility. |
.It Li user.bc_string_max ( USER_BC_STRING_MAX ) |
.It Li user.bc_string_max ( Dv USER_BC_STRING_MAX ) |
The maximum string length in the |
The maximum string length in the |
.Xr bc 1 |
.Xr bc 1 |
utility. |
utility. |
.It Li user.coll_weights_max ( USER_COLL_WEIGHTS_MAX ) |
.It Li user.coll_weights_max ( Dv USER_COLL_WEIGHTS_MAX ) |
The maximum number of weights that can be assigned to any entry of |
The maximum number of weights that can be assigned to any entry of |
the LC_COLLATE order keyword in the locale definition file. |
the LC_COLLATE order keyword in the locale definition file. |
.It Li user.cs_path ( USER_CS_PATH ) |
.It Li user.cs_path ( USER_CS_PATH ) |
Return a value for the |
Return a value for the |
.Ev PATH |
.Ev PATH |
environment variable that finds all the standard utilities. |
environment variable that finds all the standard utilities. |
.It Li user.expr_nest_max ( USER_EXPR_NEST_MAX ) |
.It Li user.expr_nest_max ( Dv USER_EXPR_NEST_MAX ) |
The maximum number of expressions that can be nested within |
The maximum number of expressions that can be nested within |
parenthesis by the |
parenthesis by the |
.Xr expr 1 |
.Xr expr 1 |
utility. |
utility. |
.It Li user.line_max ( USER_LINE_MAX ) |
.It Li user.line_max ( Dv USER_LINE_MAX ) |
The maximum length in bytes of a text-processing utility's input |
The maximum length in bytes of a text-processing utility's input |
line. |
line. |
.It Li user.posix2_char_term ( USER_POSIX2_CHAR_TERM ) |
.It Li user.posix2_char_term ( Dv USER_POSIX2_CHAR_TERM ) |
Return 1 if the system supports at least one terminal type capable of |
Return 1 if the system supports at least one terminal type capable of |
all operations described in POSIX 1003.2, otherwise 0. |
all operations described in |
.It Li user.posix2_c_bind ( USER_POSIX2_C_BIND ) |
.St -p1003.2 , |
|
otherwise\ 0. |
|
.It Li user.posix2_c_bind ( Dv USER_POSIX2_C_BIND ) |
Return 1 if the system's C-language development facilities support the |
Return 1 if the system's C-language development facilities support the |
C-Language Bindings Option, otherwise 0. |
C-Language Bindings Option, otherwise\ 0. |
.It Li user.posix2_c_dev ( USER_POSIX2_C_DEV ) |
.It Li user.posix2_c_dev ( Dv USER_POSIX2_C_DEV ) |
Return 1 if the system supports the C-Language Development Utilities Option, |
Return 1 if the system supports the C-Language Development Utilities Option, |
otherwise 0. |
otherwise\ 0. |
.It Li user.posix2_fort_dev ( USER_POSIX2_FORT_DEV ) |
.It Li user.posix2_fort_dev ( Dv USER_POSIX2_FORT_DEV ) |
Return 1 if the system supports the FORTRAN Development Utilities Option, |
Return 1 if the system supports the FORTRAN Development Utilities Option, |
otherwise 0. |
otherwise\ 0. |
.It Li user.posix2_fort_run ( USER_POSIX2_FORT_RUN ) |
.It Li user.posix2_fort_run ( Dv USER_POSIX2_FORT_RUN ) |
Return 1 if the system supports the FORTRAN Runtime Utilities Option, |
Return 1 if the system supports the FORTRAN Runtime Utilities Option, |
otherwise 0. |
otherwise\ 0. |
.It Li user.posix2_localedef ( USER_POSIX2_LOCALEDEF ) |
.It Li user.posix2_localedef ( Dv USER_POSIX2_LOCALEDEF ) |
Return 1 if the system supports the creation of locales, otherwise 0. |
Return 1 if the system supports the creation of locales, otherwise\ 0. |
.It Li user.posix2_sw_dev ( USER_POSIX2_SW_DEV ) |
.It Li user.posix2_sw_dev ( Dv USER_POSIX2_SW_DEV ) |
Return 1 if the system supports the Software Development Utilities Option, |
Return 1 if the system supports the Software Development Utilities Option, |
otherwise 0. |
otherwise\ 0. |
.It Li user.posix2_upe ( USER_POSIX2_UPE ) |
.It Li user.posix2_upe ( Dv USER_POSIX2_UPE ) |
Return 1 if the system supports the User Portability Utilities Option, |
Return 1 if the system supports the User Portability Utilities Option, |
otherwise 0. |
otherwise\ 0. |
.It Li user.posix2_version ( USER_POSIX2_VERSION ) |
.It Li user.posix2_version ( Dv USER_POSIX2_VERSION ) |
The version of POSIX 1003.2 with which the system attempts to comply. |
The version of |
.It Li user.re_dup_max ( USER_RE_DUP_MAX ) |
.St -p1003.2 |
|
with which the system attempts to comply. |
|
.It Li user.re_dup_max ( Dv USER_RE_DUP_MAX ) |
The maximum number of repeated occurrences of a regular expression |
The maximum number of repeated occurrences of a regular expression |
permitted when using interval notation. |
permitted when using interval notation. |
.ne 1i |
.It Li user.stream_max ( Dv USER_STREAM_MAX ) |
.It Li user.stream_max ( USER_STREAM_MAX ) |
|
The minimum maximum number of streams that a process may have open |
The minimum maximum number of streams that a process may have open |
at any one time. |
at any one time. |
.It Li user.tzname_max ( USER_TZNAME_MAX ) |
.It Li user.tzname_max ( Dv USER_TZNAME_MAX ) |
The minimum maximum number of types supported for the name of a |
The minimum maximum number of types supported for the name of a |
timezone. |
timezone. |
.El |
.El |
.Sh The vm.* subtree ( CTL_VM ) |
.Ss The vm.* subtree ( Dv CTL_VM ) |
The string and integer information available for the |
The string and integer information available for the |
.Li vm |
.Li vm |
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level nameXXXXXX" "struct uvmexp_sysctlXXX" -offset indent |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It vm.anonmax int yes |
.It vm.anonmax int yes |
.It vm.anonmin int yes |
.It vm.anonmin int yes |
.It vm.bufcache int yes |
.It vm.bufcache int yes |
Line 1820 privilege may change the value. |
|
Line 2369 privilege may change the value. |
|
.It vm.uvmexp struct uvmexp no |
.It vm.uvmexp struct uvmexp no |
.It vm.uvmexp2 struct uvmexp_sysctl no |
.It vm.uvmexp2 struct uvmexp_sysctl no |
.It vm.vmmeter struct vmtotal no |
.It vm.vmmeter struct vmtotal no |
|
.It vm.proc.map struct kinfo_vmentry no |
|
.It vm.guard_size unsigned int no |
|
.It vm.thread_guard_size unsigned int yes |
.El |
.El |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li vm.anonmax ( VM_ANONMAX ) |
.It Li vm.anonmax ( Dv VM_ANONMAX ) |
The percentage of physical memory which will be reclaimed |
The percentage of physical memory which will be reclaimed |
from other types of memory usage to store anonymous application data. |
from other types of memory usage to store anonymous application data. |
.It Li vm.anonmin ( VM_ANONMIN ) |
.It Li vm.anonmin ( Dv VM_ANONMIN ) |
The percentage of physical memory which will be always be available for |
The percentage of physical memory which will be always be available for |
anonymous application data. |
anonymous application data. |
.It Li vm.bufcache ( VM_BUFCACHE ) |
.It Li vm.bufcache ( Dv VM_BUFCACHE ) |
The percentage of physical memory which will be available |
The percentage of physical memory which will be available |
for the buffer cache. |
for the buffer cache. |
.It Li vm.bufmem ( VM_BUFMEM ) |
.It Li vm.bufmem ( Dv VM_BUFMEM ) |
The amount of kernel memory that is being used by the buffer cache. |
The amount of kernel memory that is being used by the buffer cache. |
.It Li vm.bufmem_lowater ( VM_BUFMEM_LOWATER ) |
.It Li vm.bufmem_lowater ( Dv VM_BUFMEM_LOWATER ) |
The minimum amount of kernel memory to reserve for the |
The minimum amount of kernel memory to reserve for the |
buffer cache. |
buffer cache. |
.It Li vm.bufmem_hiwater ( VM_BUFMEM_HIWATER ) |
.It Li vm.bufmem_hiwater ( Dv VM_BUFMEM_HIWATER ) |
The maximum amount of kernel memory to be used for the |
The maximum amount of kernel memory to be used for the |
buffer cache. |
buffer cache. |
.It Li vm.execmax ( VM_EXECMAX ) |
.It Li vm.execmax ( Dv VM_EXECMAX ) |
The percentage of physical memory which will be reclaimed |
The percentage of physical memory which will be reclaimed |
from other types of memory usage to store cached executable data. |
from other types of memory usage to store cached executable data. |
.It Li vm.execmin ( VM_EXECMIN ) |
.It Li vm.execmin ( Dv VM_EXECMIN ) |
The percentage of physical memory which will be always be available for |
The percentage of physical memory which will be always be available for |
cached executable data. |
cached executable data. |
.It Li vm.filemax ( VM_FILEMAX ) |
.It Li vm.filemax ( Dv VM_FILEMAX ) |
The percentage of physical memory which will be reclaimed |
The percentage of physical memory which will be reclaimed |
from other types of memory usage to store cached file data. |
from other types of memory usage to store cached file data. |
.It Li vm.filemin ( VM_FILEMIN ) |
.It Li vm.filemin ( Dv VM_FILEMIN ) |
The percentage of physical memory which will be always be available for |
The percentage of physical memory which will be always be available for |
cached file data. |
cached file data. |
.It Li vm.loadavg ( VM_LOADAVG ) |
.It Li vm.loadavg ( Dv VM_LOADAVG ) |
Return the load average history. |
Return the load average history. |
The returned data consists of a |
The returned data consists of a |
.Va struct loadavg . |
.Vt struct loadavg . |
.It Li vm.maxslp ( VM_MAXSLP ) |
.It Li vm.maxslp ( Dv VM_MAXSLP ) |
The value of the maxslp kernel global variable. |
The value of the maxslp kernel global variable. |
.It Li vm.vmmeter ( VM_METER ) |
.It Li vm.vmmeter ( Dv VM_METER ) |
Return system wide virtual memory statistics. |
Return system wide virtual memory statistics. |
The returned data consists of a |
The returned data consists of a |
.Va struct vmtotal . |
.Vt struct vmtotal . |
.It Li vm.uspace ( VM_USPACE ) |
.It vm.user_va0_disable |
|
A flag which controls whether user processes can map virtual address\ 0. |
|
.It Li vm.proc.map ( Dv VM_PROC ) |
|
The third level is |
|
.Dv VM_PROC_MAP , |
|
the fourth is the pid of the process to display the vm object entries for, and |
|
the fifth is the size of |
|
.Vt struct kinfo_vmentry . |
|
Returns an array of |
|
.Vt struct kinfo_vmentry |
|
objects. |
|
.It Li vm.uspace ( Dv VM_USPACE ) |
The number of bytes allocated for each kernel stack. |
The number of bytes allocated for each kernel stack. |
.It Li vm.uvmexp ( VM_UVMEXP ) |
.It Li vm.uvmexp ( Dv VM_UVMEXP ) |
Return system wide virtual memory statistics. |
Return system wide virtual memory statistics. |
The returned data consists of a |
The returned data consists of a |
.Va struct uvmexp . |
.Vt struct uvmexp . |
.It Li vm.uvmexp2 ( VM_UVMEXP2 ) |
.It Li vm.uvmexp2 ( Dv VM_UVMEXP2 ) |
Return system wide virtual memory statistics. |
Return system wide virtual memory statistics. |
The returned data consists of a |
The returned data consists of a |
.Va struct uvmexp_sysctl . |
.Vt struct uvmexp_sysctl . |
|
.It Li vm.guard_size |
|
Return system wide guard size for the main thread of a program. |
|
.It Li vm.thread_guard_size |
|
Return system wide default size for the guard area of all other threads |
|
of a program. |
.\" XXX vm.idlezero |
.\" XXX vm.idlezero |
.El |
.El |
.Sh The ddb.* subtree ( CTL_DDB ) |
.Ss The ddb.* subtree ( Dv CTL_DDB ) |
The integer information available for the |
The information available for the |
.Li ddb |
.Li ddb |
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.\" XXX sort |
.\" XXX sort |
.Bl -column "ddb.fromconsoleXXX" "integerXXX" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It ddb.radix integer yes |
.It ddb.radix integer yes |
.It ddb.maxoff integer yes |
.It ddb.maxoff integer yes |
|
.It ddb.maxwidth integer yes |
.It ddb.lines integer yes |
.It ddb.lines integer yes |
.It ddb.tabstops integer yes |
.It ddb.tabstops integer yes |
.It ddb.onpanic integer yes |
.It ddb.onpanic integer yes |
.It ddb.fromconsole integer yes |
.It ddb.fromconsole integer yes |
|
.It ddb.tee_msgbuf integer yes |
|
.It ddb.commandonenter string yes |
|
.It ddb.panicstackframes integer yes |
.El |
.El |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li ddb.radix ( DBCTL_RADIX ) |
.It Li ddb.radix ( Dv DDBCTL_RADIX ) |
The input and output radix. |
The input and output radix. |
.It Li ddb.maxoff ( DBCTL_MAXOFF ) |
.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) |
The maximum symbol offset. |
The maximum symbol offset. |
.It Li ddb.lines ( DBCTL_LINES ) |
.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) |
|
The maximum output line width. |
|
.It Li ddb.lines ( Dv DDBCTL_LINES ) |
Number of display lines. |
Number of display lines. |
.It Li ddb.tabstops ( DBCTL_TABSTOPS ) |
.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) |
Tab width. |
Tab width. |
.It Li ddb.onpanic ( DBCTL_ONPANIC ) |
.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) |
If non-zero, DDB will be entered when the kernel panics. |
If greater than zero, DDB will be entered if the kernel panics. |
.It Li ddb.fromconsole ( DBCTL_FROMCONSOLE ) |
A value of 1 causes the system to enter DDB on panic, while a value of 2 |
|
causes the kernel to attempt to print out a stack trace before entering DDB. |
|
A value of 0 causes the kernel to attempt to print a stack trace, then |
|
reboot, while a value of \-1 means neither a stack trace will be printed |
|
nor DDB entered. |
|
.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) |
If not zero, DDB may be entered by sending a break on a serial |
If not zero, DDB may be entered by sending a break on a serial |
console or by a special key sequence on a graphics console. |
console or by a special key sequence on a graphics console. |
.\" XXX tee_msgbuf maxwidth commandonenter |
.It Li ddb.tee_msgbuf |
|
If not zero, DDB will output also to the kernel message buffer. |
|
.It Li ddb.commandonenter |
|
If not empty, a command to be executed on each enter to the DDB. |
|
.It Li ddb.panicstackframes |
|
Number of stack frames to display on panic. |
|
Useful to avoid scrolling away the interesting frames on a glass tty. |
|
Default value is |
|
.Dv 65535 |
|
(all frames), useful value around |
|
.Dv 10 . |
.El |
.El |
.Pp |
.Pp |
These MIB nodes are also available as variables from within the DDB. |
Some of these MIB |
|
nodes are also available as variables from within the debugger. |
See |
See |
.Xr ddb 4 |
.Xr ddb 4 |
for more details. |
for more details. |
.Sh The security.* subtree ( CTL_SECURITY ) |
.Ss The security.* subtree ( Dv CTL_SECURITY ) |
The |
The |
.Li security |
.Li security |
level contains various security-related settings for |
level contains various security-related settings for |
the system. |
the system. |
Available settings are detailed below. |
The available second level names are: |
|
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
|
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
|
.It Li security.curtain integer yes |
|
.It Li security.models node not applicable |
|
.It Li security.pax node not applicable |
|
.El |
.Pp |
.Pp |
|
Available settings are detailed below. |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li security.curtain |
.It Li security.curtain |
If non-zero, will filter return objects according to the user-id |
If non-zero, will filter return objects according to the user ID |
requesting information about them, preventing from users any |
requesting information about them, preventing users from |
access to objects they don't own. |
accessing any objects they do not own. |
.Pp |
.Pp |
At the moment, it affects |
At the moment, it affects |
.Xr ps 1 , |
.Xr ps 1 , |
|
|
.Dv PF_UNIX |
.Dv PF_UNIX |
PCBs), and |
PCBs), and |
.Xr w 1 . |
.Xr w 1 . |
|
.It Li security.models |
|
.Nx |
|
supports pluggable security models. |
|
Every security model used, whether if loaded as a module or built with the system, |
|
is required to add an entry to this node with at least one element, |
|
.Dq name , |
|
indicating the name of the security model. |
|
.Pp |
|
In addition to the name, any settings and other information private to the |
|
security model will be available under this node. |
|
See |
|
.Xr secmodel 9 |
|
for more information. |
.It Li security.pax |
.It Li security.pax |
Settings for PaX -- exploit mitigation features. |
Settings for PaX -- exploit mitigation features. |
.Pp |
For more information on any of the PaX features, please see |
|
.Xr paxctl 8 |
|
and |
|
.Xr security 7 . |
|
The available third and fourth level names are: |
|
.Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \ |
|
-offset 2n |
|
.It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable |
|
.It Li security.pax.aslr.enabled integer yes |
|
.\".It Li security.pax.aslr.exec_len integer yes |
|
.It Li security.pax.aslr.global integer yes |
|
.\".It Li security.pax.aslr.mmap_len integer yes |
|
.\".It Li security.pax.aslr.stack_len integer yes |
|
.It Li security.pax.mprotect.enabled integer yes |
|
.It Li security.pax.mprotect.global integer yes |
|
.It Li security.pax.mprotect.ptrace integer yes |
|
.It Li security.pax.segvguard.enabled integer yes |
|
.It Li security.pax.segvguard.expiry_timeout integer yes |
|
.It Li security.pax.segvguard.global integer yes |
|
.It Li security.pax.segvguard.max_crashes integer yes |
|
.It Li security.pax.segvguard.suspend_timeout integer yes |
|
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li security.pax.mprotect.enable |
.It Li security.pax.aslr.enabled |
|
Enable PaX ASLR (Address Space Layout Randomization). |
|
.Pp |
|
The value of this |
|
knob must be non-zero for PaX ASLR to be enabled, even if a program is set to |
|
explicit enable. |
|
.\".It Li security.pax.aslr.exec_len |
|
.\" XXX: Undocumented. |
|
.It Li security.pax.aslr.global |
|
Specifies the default global policy for programs without an |
|
explicit enable/disable flag. |
|
.Pp |
|
When non-zero, all programs will get PaX ASLR, except those exempted with |
|
.Xr paxctl 8 . |
|
Otherwise, all programs will not get PaX ASLR, except those specifically |
|
marked as such with |
|
.Xr paxctl 8 . |
|
.\".It Li security.pax.aslr.mmap_len |
|
.\" XXX: Undocumented. |
|
.\" .It Li security.pax.aslr.stack_len |
|
.\" XXX: Undocumented. |
|
.It Li security.pax.mprotect.enabled |
Enable PaX MPROTECT restrictions. |
Enable PaX MPROTECT restrictions. |
.Pp |
.Pp |
These are |
These are |
Line 1954 explicit enable/disable flag. |
|
Line 2604 explicit enable/disable flag. |
|
.Pp |
.Pp |
When non-zero, all programs will get the PaX MPROTECT restrictions, |
When non-zero, all programs will get the PaX MPROTECT restrictions, |
except those exempted with |
except those exempted with |
.Xr paxctl 1 . |
.Xr paxctl 8 . |
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
except those specifically marked as such with |
except those specifically marked as such with |
.Xr paxctl 1 . |
.Xr paxctl 8 . |
.It Li security.pax.segvguard.enable |
.It Li security.pax.mprotect.ptrace |
|
This variable allows |
|
.Xr ptrace 2 |
|
to override PaX MPROTECT permissions. |
|
It can have the following values: |
|
.Bl -tag -width XX -compact |
|
.It 0 |
|
Does not let override any permissions. |
|
.It 1 |
|
Disables PaX MPROTECT from processes that start executing while traced (default). |
|
.It 2 |
|
Bypasses PaX MPROTECT for all processes being traced. |
|
.El |
|
.It Li security.pax.segvguard.enabled |
Enable PaX Segvguard. |
Enable PaX Segvguard. |
.Pp |
.Pp |
Please see |
|
.Xr security 8 |
|
for more information. |
|
.Pp |
|
PaX Segvguard can detect and prevent certain exploitation attempts, where |
PaX Segvguard can detect and prevent certain exploitation attempts, where |
an attacker may try for example to brute-force function return addresses |
an attacker may try for example to brute-force function return addresses |
of respawning daemons. |
of respawning daemons. |
|
|
.Nx |
.Nx |
interface and implementation of the Segvguard is still experimental, and may |
interface and implementation of the Segvguard is still experimental, and may |
change in future releases. |
change in future releases. |
|
.It Li security.pax.segvguard.expiry_timeout |
|
If the max number was not reached within this timeout (in seconds), the entry |
|
will expire. |
.It Li security.pax.segvguard.global |
.It Li security.pax.segvguard.global |
Specifies the default global policy for programs without an |
Specifies the default global policy for programs without an |
explicit enable/disable flag. |
explicit enable/disable flag. |
.Pp |
.Pp |
When non-zero, all programs will get the PaX Segvguard, |
When non-zero, all programs will get the PaX Segvguard, |
except those exempted with |
except those exempted with |
.Xr paxctl 1 . |
.Xr paxctl 8 . |
Otherwise, no program will get the PaX Segvguard restrictions, |
Otherwise, no program will get the PaX Segvguard restrictions, |
except those specifically marked as such with |
except those specifically marked as such with |
.Xr paxctl 1 . |
.Xr paxctl 8 . |
.It Li security.pax.segvguard.expiry_timeout |
.It Li security.pax.segvguard.max_crashes |
If the max number was not reached within this timeout (in seconds), the entry |
The maximum number of segfaults a program can receive before suspension. |
will expire. |
|
.It Li security.pax.segvguard.suspend_timeout |
.It Li security.pax.segvguard.suspend_timeout |
Number of seconds to suspend a user from running a faulting program when the |
Number of seconds to suspend a user from running a faulting program when the |
limit was exceeded. |
limit was exceeded. |
.It Li security.pax.segvguard.max_crashes |
|
Max number of segfaults a program can receive before suspension. |
|
.El |
.El |
.El |
.El |
.Sh The vendor.* subtree ( CTL_VENDOR ) |
.Ss The vendor.* subtree ( Dv CTL_VENDOR ) |
The |
The |
.Li vendor |
.Li vendor |
toplevel name is reserved to be used by vendors who wish to |
toplevel name is reserved to be used by vendors who wish to |
have their own private MIB tree. |
have their own private MIB tree. |
Intended use is to store values under |
Intended use is to store values under |
.Dq vendor.\*[Lt]yourname\*[Gt].* . |
.Dq vendor.<yourname>.* . |
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr sysctl 3 , |
.Xr sysctl 3 , |
.Xr ipsec 4 , |
.Xr ipsec 4 , |
.Xr tcp 4 , |
.Xr tcp 4 , |
.Xr security 8 , |
.Xr security 7 , |
.Xr sysctl 8 |
.Xr sysctl 8 |
.Sh HISTORY |
.Sh HISTORY |
The |
The |