Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/share/man/man7/sysctl.7,v
rcsdiff: /ftp/cvs/cvsroot/src/share/man/man7/sysctl.7,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.10
retrieving revision 1.32
diff -u -p -r1.10 -r1.32
--- src/share/man/man7/sysctl.7	2007/05/17 11:50:10	1.10
+++ src/share/man/man7/sysctl.7	2010/02/21 14:26:33	1.32
@@ -1,4 +1,4 @@
-.\"	$NetBSD: sysctl.7,v 1.10 2007/05/17 11:50:10 yamt Exp $
+.\"	$NetBSD: sysctl.7,v 1.32 2010/02/21 14:26:33 wiz Exp $
 .\"
 .\" Copyright (c) 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"	@(#)sysctl.3	8.4 (Berkeley) 5/9/95
 .\"
-.Dd May 17, 2007
+.Dd February 21, 2010
 .Dt SYSCTL 7
 .Os
 .Sh NAME
@@ -74,21 +74,21 @@ The top level names are defined with a C
 and are as follows.
 The next and subsequent levels down are found in the include files
 listed here, and described in separate sections below.
-.Bl -column securityXX CTLXSECURITYXX "Next level namesXX"
+.Bl -column security CTL_SECURITY "Next level names" "High kernel limits"
 .It Sy Name	Constant	Next level names	Description
-.It kern	CTL\_KERN	sys/sysctl.h	High kernel limits
-.It vm	CTL\_VM	uvm/uvm_param.h	Virtual memory
-.It vfs	CTL\_VFS	sys/mount.h	Filesystem
-.It net	CTL\_NET	sys/socket.h	Networking
-.It debug	CTL\_DEBUG	sys/sysctl.h	Debugging
-.It hw	CTL\_HW	sys/sysctl.h	Generic CPU, I/O
-.It machdep	CTL\_MACHDEP	sys/sysctl.h	Machine dependent
-.It user	CTL\_USER	sys/sysctl.h	User-level
-.It ddb	CTL\_DDB	sys/sysctl.h	In-kernel debugger
-.It proc	CTL\_PROC	sys/sysctl.h	Per-process
-.It vendor	CTL\_VENDOR	?	Vendor specific
-.It emul	CTL\_EMUL	sys/sysctl.h	Emulation settings
-.It security	CTL\_SECURITY	sys/sysctl.h	Security settings
+.It kern	CTL_KERN	sys/sysctl.h	High kernel limits
+.It vm	CTL_VM	uvm/uvm_param.h	Virtual memory
+.It vfs	CTL_VFS	sys/mount.h	Filesystem
+.It net	CTL_NET	sys/socket.h	Networking
+.It debug	CTL_DEBUG	sys/sysctl.h	Debugging
+.It hw	CTL_HW	sys/sysctl.h	Generic CPU, I/O
+.It machdep	CTL_MACHDEP	sys/sysctl.h	Machine dependent
+.It user	CTL_USER	sys/sysctl.h	User-level
+.It ddb	CTL_DDB	sys/sysctl.h	In-kernel debugger
+.It proc	CTL_PROC	sys/sysctl.h	Per-process
+.It vendor	CTL_VENDOR	?	Vendor specific
+.It emul	CTL_EMUL	sys/sysctl.h	Emulation settings
+.It security	CTL_SECURITY	sys/sysctl.h	Security settings
 .El
 .Sh The debug.* subtree
 The debugging variables vary from system to system.
@@ -131,15 +131,17 @@ for more information.
 A distinguished second level name,
 .Li vfs.generic ( VFS_GENERIC ) ,
 is used to get general information about all filesystems.
-One of its third level identifiers is
-.Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM )
-that gives the highest valid filesystem type number.
-Its other third level identifier is
-.Li vfs.generic.conf ( VFS_CONF )
-that returns configuration information about the filesystem
-type given as a fourth level identifier.
-The remaining second level identifiers are the
-filesystem type number returned by a
+It has the following third level identifiers:
+.Bl -tag -width compact
+.It vfs.generic.maxtypenum ( VFS_MAXTYPENUM )
+The highest valid filesystem type number.
+.It vfs.generic.conf ( VFS_CONF )
+Returns configuration information about the file-system type given as a fourth
+level identifier.
+.El
+.Pp
+The remaining second level identifiers are the file-system names, identified
+by the type number returned by a
 .Xr statvfs 2
 call or from
 .Li vfs.generic.conf .
@@ -152,8 +154,9 @@ The string and integer information avail
 level is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent
+.Bl -column "hw.acpi.supported_states" "integer" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
+.It hw.acpi.supported_states	string	no
 .It hw.alignbytes	integer	no
 .It hw.byteorder	integer	no
 .It hw.cnmagic	string	yes
@@ -171,6 +174,25 @@ privilege may change the value.
 .El
 .Pp
 .Bl -tag -width "123456"
+.It Li hw.acpi.supported_states
+List of possible
+.Tn ACPI
+sleep states.
+The list can contain the following values:
+.Bl -tag -width XS1X
+.It S0
+fully running
+.It S1
+power on suspend (CPU and hard disks are off)
+.It S2
+similar to S3, usually not implemented
+.It S3
+suspend-to-RAM
+.It S4
+suspend-to-disk (needs BIOS support)
+.It S5
+power off
+.El
 .It Li hw.alignbytes ( HW_ALIGNBYTES )
 Alignment constraint for all possible data types.
 This shows the value
@@ -215,7 +237,6 @@ The machine CPU class.
 The machine model.
 .It Li hw.ncpu ( HW_NCPU )
 The number of CPUs.
-.ne 1i
 .It Li hw.pagesize ( HW_PAGESIZE )
 The software page size.
 .It Li hw.physmem ( HW_PHYSMEM )
@@ -237,7 +258,7 @@ The types of data currently available ar
 system vnodes, the open file entries, routing table entries,
 virtual memory statistics, load average history, and clock rate
 information.
-.Bl -column "kern.posix_reader_writer_locks" "struct clockrateXXX" -offset indent
+.Bl -column "kern.posix_reader_writer_locks" "struct kinfo_drivers" "not applicable"
 .It Sy Second level name	Type	Changeable
 .It kern.argmax	integer	no
 .It kern.autonicetime	integer	yes
@@ -247,8 +268,8 @@ information.
 .It kern.ccpu	integer	no
 .It kern.clockrate	struct clockinfo	no
 .It kern.consdev	integer	no
-.It kern.cp\_id	struct	no
-.It kern.cp\_time	uint64_t[\|]	no
+.It kern.cp_id	struct	no
+.It kern.cp_time	uint64_t[\|]	no
 .It kern.defcorename	string	yes
 .It kern.domainname	string	yes
 .It kern.drivers	struct kinfo_drivers	no
@@ -256,16 +277,16 @@ information.
 .It kern.forkfsleep	integer	yes
 .It kern.fscale	integer	no
 .It kern.fsync	integer	no
-.It kern.hardclock\_ticks	integer	no
+.It kern.hardclock_ticks	integer	no
 .It kern.hostid	integer	yes
 .It kern.hostname	string	yes
-.It kern.iov\_max	integer	no
-.It kern.job\_control	integer	no
+.It kern.iov_max	integer	no
+.It kern.job_control	integer	no
 .It kern.labeloffset	integer	no
 .It kern.labelsector	integer	no
-.It kern.login\_name\_max	integer	no
+.It kern.login_name_max	integer	no
 .It kern.logsigexit	integer	yes
-.It kern.mapped\_files	integer	no
+.It kern.mapped_files	integer	no
 .It kern.maxfiles	integer	yes
 .It kern.maxpartitions	integer	no
 .It kern.maxphys	integer	no
@@ -274,9 +295,9 @@ information.
 .It kern.maxvnodes	integer	yes
 .It kern.mbuf	node	not applicable
 .It kern.memlock	integer	no
-.It kern.memlock\_range	integer	no
-.It kern.memory\_protection	integer	no
-.It kern.monotonic\_clock	integer	no
+.It kern.memlock_range	integer	no
+.It kern.memory_protection	integer	no
+.It kern.monotonic_clock	integer	no
 .It kern.msgbuf	integer	no
 .It kern.msgbufsize	integer	no
 .It kern.ngroups	integer	no
@@ -286,32 +307,31 @@ information.
 .It kern.ostype	string	no
 .It kern.pipe	node	not applicable
 .It kern.posix1	integer	no
-.It kern.posix\_barriers	integer	no
-.It kern.posix\_reader\_writer\_locks	integer	no
-.It kern.posix\_semaphores	integer	no
-.It kern.posix\_spin\_locks	integer	no
-.It kern.posix\_threads	integer	no
-.It kern.posix\_timers	integer	no
+.It kern.posix_barriers	integer	no
+.It kern.posix_reader_writer_locks	integer	no
+.It kern.posix_semaphores	integer	no
+.It kern.posix_spin_locks	integer	no
+.It kern.posix_threads	integer	no
+.It kern.posix_timers	integer	no
 .It kern.proc	struct kinfo_proc	no
 .It kern.proc2	struct kinfo_proc2	no
-.It kern.proc\_args	string	no
+.It kern.proc_args	string	no
 .It kern.prof	node	not applicable
 .It kern.rawpartition	integer	no
-.It kern.root\_device	string	no
-.It kern.root\_partition	integer	no
-.It kern.rtc\_offset	integer	yes
-.It kern.saved\_ids	integer	no
+.It kern.root_device	string	no
+.It kern.root_partition	integer	no
+.It kern.rtc_offset	integer	yes
+.It kern.saved_ids	integer	no
 .It kern.securelevel	integer	raise only
-.It kern.synchronized\_io	integer	no
+.It kern.synchronized_io	integer	no
 .It kern.ipc	node	not applicable
+.It kern.timecounter	node	not applicable
 .It kern.timex	struct	no
 .It kern.tkstat	node	not applicable
 .It kern.urandom	integer	no
 .It kern.version	string	no
 .It kern.vnode	struct vnode	no
 .El
-.ne 1i
-.Pp
 .Bl -tag -width "123456"
 .It Li kern.argmax ( KERN_ARGMAX )
 The maximum bytes of argument to
@@ -323,6 +343,10 @@ If set to 0, automatic lowering of prior
 all non-root processes are immediately lowered.
 .It Li kern.autoniceval ( KERN_AUTONICEVAL )
 The priority assigned for automatically niced processes.
+.It Li kern.boothowto
+Flags passed from the boot loader; see
+.Xr reboot 2
+for the meanings of the flags.
 .It Li kern.boottime ( KERN_BOOTTIME )
 A
 .Va struct timeval
@@ -468,7 +492,7 @@ structures in the networking code, see
 The third level names for the mbuf variables are detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "kern.mbuf.nmbclusters" "struct integerXXX" -offset indent
+.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent
 .It Sy Third level name	Type	Changeable
 .\" XXX Changeable? really?
 .It kern.mbuf.mblowat	integer	yes
@@ -535,7 +559,7 @@ Pipe settings.
 The third level names for the  integer pipe settings is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "kern.pipe.maxbigpipesXXX" "integerXXX" -offset indent
+.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent
 .It Sy Third level name	Type	Changeable
 .It kern.pipe.kvasiz	integer	yes
 .It kern.pipe.maxbigpipes	integer	yes
@@ -609,17 +633,17 @@ An array of
 structures is returned,
 whose size depends on the current number of such objects in the system.
 The third and fourth level numeric names are as follows:
-.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent
+.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent
 .It Sy Third level name	Fourth level is:
-.It KERN\_PROC\_ALL	None
-.It KERN\_PROC\_GID	A group ID
-.It KERN\_PROC\_PID	A process ID
-.It KERN\_PROC\_PGRP	A process group
-.It KERN\_PROC\_RGID	A real group ID
-.It KERN\_PROC\_RUID	A real user ID
-.It KERN\_PROC\_SESSION	A session ID
-.It KERN\_PROC\_TTY	A tty device
-.It KERN\_PROC\_UID	A user ID
+.It KERN_PROC_ALL	None
+.It KERN_PROC_GID	A group ID
+.It KERN_PROC_PID	A process ID
+.It KERN_PROC_PGRP	A process group
+.It KERN_PROC_RGID	A real group ID
+.It KERN_PROC_RUID	A real user ID
+.It KERN_PROC_SESSION	A session ID
+.It KERN_PROC_TTY	A tty device
+.It KERN_PROC_UID	A user ID
 .El
 .It Li kern.proc2 ( KERN_PROC2 )
 As for KERN_PROC, but an array of
@@ -634,11 +658,11 @@ of a process.
 Multiple strings are returned separated by NUL characters.
 The third level name is the process ID.
 The fourth level name is as follows:
-.Bl -column "Third level nameXXXXXX" -offset indent
-.It KERN\_PROC\_ARGV	The argv strings
-.It KERN\_PROC\_ENV	The environ strings
-.It KERN\_PROC\_NARGV	The number of argv strings
-.It KERN\_PROC\_NENV	The number of environ strings
+.Bl -column "KERN_PROG_NARGV" "The number of environ strings" -offset indent
+.It KERN_PROC_ARGV	The argv strings
+.It KERN_PROC_ENV	The environ strings
+.It KERN_PROC_NARGV	The number of argv strings
+.It KERN_PROC_NENV	The number of environ strings
 .El
 .It Li kern.profiling ( KERN_PROF )
 Return profiling information about the kernel.
@@ -650,7 +674,7 @@ The third level names for the string and
 is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "kern.profiling.gmonparam" "struct gmonparam" -offset indent
+.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent
 .It Sy Third level name	Type	Changeable
 .It kern.profiling.count	u_short[\|]	yes
 .It kern.profiling.froms	u_short[\|]	yes
@@ -691,9 +715,8 @@ Returns 1 if saved set-group and saved s
 Maximum socket buffer size.
 .\" XXX units?
 .It Li kern.securelevel ( KERN_SECURELVL )
-The system security level.
-This level may be raised by processes with appropriate privilege.
-It may only be lowered by process 1.
+See
+.Xr secmodel_securelevel 9 .
 .It Li kern.somaxkva ( KERN_SOMAXKVA )
 Maximum amount of kernel memory to be used for socket buffers.
 .\" XXX units?
@@ -704,17 +727,22 @@ otherwise 0.
 .It Li kern.ipc ( KERN_SYSVIPC )
 Return information about the SysV IPC parameters.
 The third level names for the ipc variables are detailed below.
-.Bl -column "KERN_SYSVIPC_MSGXXX" "integerXXX" "noXXX" -offset indent
-.It Sy Third level name	Type		Changeable
-.It kern.ipc.sysvmsg	integer		no
-.It kern.ipc.sysvsem	integer		no
-.It kern.ipc.sysvshm	integer		no
-.It kern.ipc.sysvipc_info	struct		no
-.It kern.ipc.shmmax	integer		no
-.It kern.ipc.shmmni	integer		yes
-.It kern.ipc.shmseg	integer		yes
-.It kern.ipc.shmmaxpgs	integer		yes
-.It kern.ipc.shm_use_phys	integer		yes
+.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent
+.It Sy Third level name	Type	Changeable
+.It kern.ipc.sysvmsg	integer	no
+.It kern.ipc.sysvsem	integer	no
+.It kern.ipc.sysvshm	integer	no
+.It kern.ipc.sysvipc_info	struct	no
+.It kern.ipc.shmmax	integer	yes
+.It kern.ipc.shmmni	integer	yes
+.It kern.ipc.shmseg	integer	yes
+.It kern.ipc.shmmaxpgs	integer	yes
+.It kern.ipc.shm_use_phys	integer	yes
+.It kern.ipc.msgmni	integer	yes
+.It kern.ipc.msgseg	integer	yes
+.It kern.ipc.semmni	integer	yes
+.It kern.ipc.semmns	integer	yes
+.It kern.ipc.semmnu	integer	yes
 .El
 .Bl -tag -width "123456"
 .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG )
@@ -732,11 +760,11 @@ otherwise 0.
 .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO )
 Return System V style IPC configuration and run-time information.
 The fourth level name selects the System V style IPC facility.
-.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent
+.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent
 .It Sy Fourth level name	Type
-.It KERN\_SYSVIPC\_MSG\_INFO	struct msg_sysctl_info
-.It KERN\_SYSVIPC\_SEM\_INFO	struct sem_sysctl_info
-.It KERN\_SYSVIPC\_SHM\_INFO	struct shm_sysctl_info
+.It KERN_SYSVIPC_MSG_INFO	struct msg_sysctl_info
+.It KERN_SYSVIPC_SEM_INFO	struct sem_sysctl_info
+.It KERN_SYSVIPC_SHM_INFO	struct shm_sysctl_info
 .El
 .Pp
 .Bl -tag -width "123456"
@@ -771,6 +799,34 @@ Max amount of shared memory in pages.
 Locking of shared memory in physical memory.
 If 0, memory can be swapped
 out, otherwise it will be locked in physical memory.
+.It Li kern.ipc.msgmni
+Max number of message queue identifiers.
+.It Li kern.ipc.msgseg
+Max number of number of message segments.
+.It Li kern.ipc.semmni
+Max number of number of semaphore identifiers.
+.It Li kern.ipc.semmns
+Max number of number of semaphores in system.
+.It Li kern.ipc.semmnu
+Max number of undo structures in system.
+.El
+.It Li kern.timecounter ( dynamic )
+Display and control the timecounter source of the system.
+.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent
+.It Sy Third level name	Type	Changeable
+.It kern.timecounter.choice	string	no
+.It kern.timecounter.hardware	string	yes
+.It kern.timecounter.timestepwarnings	integer	yes
+.El
+.Pp
+The variables are as follows:
+.Bl -tag -width "123456"
+.It Li kern.timecounter.choice ( dynamic )
+The list of available timecounters with their quality and frequency.
+.It Li kern.timecounter.hardware ( dynamic )
+The currently selected timecounter source.
+.It Li kern.timecounter.timestepwarnings ( dynamic )
+If non-zero display a message each time the time is stepped.
 .El
 .It Li kern.timex ( KERN_TIMEX )
 Not available.
@@ -780,7 +836,7 @@ on ttys.
 The third level names for the tty statistic variables are detailed below.
 The changeable column shows whether a process
 with appropriate privilege may change the value.
-.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent
+.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent
 .It Sy Third level name	Type	Changeable
 .It kern.tkstat.cancc	quad	no
 .It kern.tkstat.nin	quad	no
@@ -868,7 +924,7 @@ Same syntax as kern.defcorename.
 .Sh The machdep.* subtree
 The set of variables defined is architecture dependent.
 Most architectures define at least the following variables.
-.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent
+.Bl -column "Second level name" "Type" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It Li CPU_CONSDEV	dev_t	no
 .El
@@ -880,7 +936,7 @@ The changeable column shows whether a pr
 privilege may change the value.
 The second and third levels are typically the protocol family and
 protocol number, though this is not always the case.
-.Bl -column "Second level nameX" "IPsec key management valuesX" -offset indent
+.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It net.route	routing messages	no
 .It net.inet	IPv4 values	yes
@@ -901,11 +957,11 @@ The third level name is a protocol numbe
 The fourth level name is an address family, which may be set to 0 to
 select all address families.
 The fifth and sixth level names are as follows:
-.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent
+.Bl -column "Fifth level name" "Sixth level is:" -offset indent
 .It Sy Fifth level name	Sixth level is:
-.It NET\_RT\_FLAGS	rtflags
-.It NET\_RT\_DUMP	None
-.It NET\_RT\_IFLIST	None
+.It NET_RT_FLAGS	rtflags
+.It NET_RT_DUMP	None
+.It NET_RT_IFLIST	None
 .El
 .It Li net.inet ( PF_INET )
 Get or set various global information about the IPv4
@@ -913,7 +969,7 @@ Get or set various global information ab
 The third level name is the protocol.
 The fourth level name is the variable name.
 The currently defined protocols and names are:
-.Bl -column "Protocol name" "sack.globalmaxholes" "integer" -offset 4n
+.Bl -column "Protocol name" "sack.globalmaxholes" "integer" "Changeable" -offset 4n
 .It Sy Protocol name	Variable name	Type	Changeable
 .It arp	down	integer	yes
 .It arp	keep	integer	yes
@@ -927,6 +983,7 @@ The currently defined protocols and name
 .It icmp	maskrepl	integer	yes
 .It icmp	rediraccept	integer	yes
 .It icmp	redirtimeout	integer	yes
+.It icmp	bmcastecho	integer	yes
 .It ip	allowsrcrt	integer	yes
 .It ip	anonportmax	integer	yes
 .It ip	anonportmin	integer	yes
@@ -969,9 +1026,11 @@ The currently defined protocols and name
 .It tcp	keepintvl	integer	yes
 .It tcp	keepcnt	integer	yes
 .It tcp	slowhz	integer	no
+.It tcp	keepinit	integer	yes
 .It tcp	log_refused	integer	yes
 .It tcp	rstppslimit	integer	yes
 .It tcp	ident	struct	no
+.It tcp	drop	struct	no
 .It tcp	sack.enable	integer	yes
 .It tcp	sack.globalholes	integer	no
 .It tcp	sack.globalmaxholes	integer	yes
@@ -1134,6 +1193,9 @@ ICMP redirect.
 This defaults to 600 seconds.
 .It Li icmp.returndatabytes
 Number of bytes to return in an ICMP error message.
+.It Li icmp.bmcastecho
+If set to 1, enables responding to ICMP echo or timestamp request to the
+broadcast address.
 .It Li tcp.ack_on_push
 If set to 1, TCP is to immediately transmit an ACK upon reception of
 a packet with PUSH set.
@@ -1184,6 +1246,8 @@ another probe is sent.
 See also tcp.slowhz.
 .It Li tcp.log_refused
 If set to 1, refused TCP connections to the host will be logged.
+.It Li tcp.keepinit
+Timeout in seconds during connection establishment.
 .It Li tcp.mss_ifmtu
 If set to 1, TCP calculates the outgoing maximum segment size based on
 the MTU of the appropriate interface.
@@ -1196,10 +1260,6 @@ us during connection setup or Path MTU D
 .Li ( ip.mtudisc )
 is disabled.
 Do not change this value unless you really know what you are doing.
-.It Li tcp.newreno
-If set to 1, enables the use of J.
-Hoe's NewReno congestion control algorithm.
-This algorithm improves the start-up behavior of TCP connections.
 .It Li tcp.recvspace
 The default TCP receive buffer size.
 .It Li tcp.rfc1323
@@ -1210,6 +1270,11 @@ per second.
 TCP RST packet that exceeded the value are subject to rate limitation
 and will not go out from the node.
 Negative value disables rate limitation.
+.It Li tcp.ident
+Return the user ID of a connected socket pair.
+(RFC1413 Identification Protocol lookups.)
+.It Li tcp.drop
+Drop a TCP socket pair connection.
 .It Li tcp.sack.enable
 If set to 1, enables RFC 2018 Selective ACKnowledgement.
 .It Li tcp.sack.globalholes
@@ -1272,7 +1337,7 @@ Get or set various global information ab
 The third level name is the protocol.
 The fourth level name is the variable name.
 The currently defined protocols and names are:
-.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent
+.Bl -column "Protocol name" "do_loopback_cksum" "integer" "Changeable" -offset indent
 .It Sy Protocol name	Variable name	Type	Changeable
 .It icmp6	errppslimit	integer	yes
 .It icmp6	mtudisc_hiwat	integer	yes
@@ -1538,7 +1603,7 @@ For variables net.*.ipsec6, please refer
 Get or set various global information about the IPsec key management.
 The third level name is the variable name.
 The currently defined variable and names are:
-.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent
+.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent
 .It Sy Variable name	Type	Changeable
 .It debug	integer	yes
 .It spi_try	integer	yes
@@ -1551,6 +1616,7 @@ The currently defined variable and names
 .It esp_auth	integer	yes
 .It ah_keymin	integer	yes
 .El
+.Pp
 The variables are as follows:
 .Bl -tag -width "123456"
 .It Li debug
@@ -1601,7 +1667,7 @@ When a set-user-ID or set-group-ID binar
 value of PROC_PID_CORENAME is reset to the system default value.
 The second level name is either the magic value PROC_CURPROC, which
 points to the current process, or the PID of the target process.
-.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent
+.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent
 .It Sy Third level name	Type	Changeable
 .It proc.pid.corename	string	yes
 .It proc.pid.rlimit	node	not applicable
@@ -1610,7 +1676,6 @@ points to the current process, or the PI
 .It proc.pid.stopexit	int	yes
 .El
 .Bl -tag -width "123456"
-.Pp
 .It Li proc.pid.corename ( PROC_PID_CORENAME )
 The template used for the core dump file name (see
 .Xr core 5
@@ -1659,7 +1724,14 @@ function.
 The maximum number of simultaneous processes for this user id.
 .It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE )
 The maximum number of open files for this process.
-.\" XXX proc.pid.rlimit.sbsize
+.It Li proc.pid.rlimit.sbsize ( PROC_PID_LIMIT_SBSIZE )
+The maximum size (in bytes) of the socket buffers
+set by the
+.Xr setsockopt 2
+.Dv SO_RCVBUF
+and
+.Dv SO_SNDBUF
+options.
 .El
 .Pp
 The fifth level name is one of
@@ -1719,7 +1791,7 @@ The string and integer information avail
 level is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent
+.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It user.atexit_max	integer	no
 .It user.bc_base_max	integer	no
@@ -1745,7 +1817,6 @@ privilege may change the value.
 .It user.tzname_max	integer	no
 .El
 .Bl -tag -width "123456"
-.Pp
 .It Li user.atexit_max ( USER_ATEXIT_MAX )
 The maximum number of functions that may be registered with
 .Xr atexit 3 .
@@ -1808,7 +1879,6 @@ The version of POSIX 1003.2 with which t
 .It Li user.re_dup_max ( USER_RE_DUP_MAX )
 The maximum number of repeated occurrences of a regular expression
 permitted when using interval notation.
-.ne 1i
 .It Li user.stream_max ( USER_STREAM_MAX )
 The minimum maximum number of streams that a process may have open
 at any one time.
@@ -1822,7 +1892,7 @@ The string and integer information avail
 level is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "Second level nameXXXXXX" "struct uvmexp_sysctlXXX" -offset indent
+.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It vm.anonmax	int	yes
 .It vm.anonmin	int	yes
@@ -1883,6 +1953,8 @@ The value of the maxslp kernel global va
 Return system wide virtual memory statistics.
 The returned data consists of a
 .Va struct vmtotal .
+.It vm.user_va0_disable
+A flag which controls whether user processes can map virtual address 0.
 .It Li vm.uspace ( VM_USPACE )
 The number of bytes allocated for each kernel stack.
 .It Li vm.uvmexp ( VM_UVMEXP )
@@ -1902,7 +1974,7 @@ level is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
 .\" XXX sort
-.Bl -column "ddb.fromconsoleXXX" "integerXXX" -offset indent
+.Bl -column "Second level name" "integer" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It ddb.radix	integer	yes
 .It ddb.maxoff	integer	yes
@@ -1922,7 +1994,7 @@ Number of display lines.
 .It Li ddb.tabstops ( DBCTL_TABSTOPS )
 Tab width.
 .It Li ddb.onpanic ( DBCTL_ONPANIC )
-If non-zero, DDB will be entered when the kernel panics.
+If non-zero, DDB will be entered if the kernel panics.
 .It Li ddb.fromconsole ( DBCTL_FROMCONSOLE )
 If not zero, DDB may be entered by sending a break on a serial
 console or by a special key sequence on a graphics console.
@@ -1959,7 +2031,7 @@ PCBs), and
 .It Li security.models
 .Nx
 supports pluggable security models.
-Every security model used, whether if loaded as an LKM or built with the system,
+Every security model used, whether if loaded as a module or built with the system,
 is required to add an entry to this node with at least one element,
 .Dq name ,
 indicating the name of the security model.
@@ -1977,6 +2049,21 @@ and
 .Xr security 8 .
 .Pp
 .Bl -tag -width "123456"
+.It Li security.pax.aslr.enable
+Enable PaX ASLR (Address Space Layout Randomization).
+.Pp
+The value of this
+knob must be non-zero for PaX ASLR to be enabled, even if a program is set to
+explicit enable.
+.It Li security.pax.aslr.global
+Specifies the default global policy for programs without an
+explicit enable/disable flag.
+.Pp
+When non-zero, all programs will get PaX ASLR, except those exempted with
+.Xr paxctl 8  .
+Otherwise, all programs will not get PaX ASLR, except those specifically
+marked as such with
+.Xr paxctl 8 .
 .It Li security.pax.mprotect.enable
 Enable PaX MPROTECT restrictions.
 .Pp