version 1.12, 2007/06/20 15:29:18 |
version 1.33, 2010/03/22 18:58:32 |
|
|
.\" |
.\" |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" |
.\" |
.Dd June 19, 2007 |
.Dd February 21, 2010 |
.Dt SYSCTL 7 |
.Dt SYSCTL 7 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
|
|
manual page for programming examples. |
manual page for programming examples. |
.Sh Top level names |
.Sh Top level names |
The top level names are defined with a CTL_ prefix in |
The top level names are defined with a CTL_ prefix in |
.Aq Pa sys/sysctl.h , |
.In sys/sysctl.h , |
and are as follows. |
and are as follows. |
The next and subsequent levels down are found in the include files |
The next and subsequent levels down are found in the include files |
listed here, and described in separate sections below. |
listed here, and described in separate sections below. |
.Bl -column securityXX CTLXSECURITYXX "Next level namesXX" |
.Bl -column security CTL_SECURITY "Next level names" "High kernel limits" |
.It Sy Name Constant Next level names Description |
.It Sy Name Constant Next level names Description |
.It kern CTL\_KERN sys/sysctl.h High kernel limits |
.It kern CTL_KERN sys/sysctl.h High kernel limits |
.It vm CTL\_VM uvm/uvm_param.h Virtual memory |
.It vm CTL_VM uvm/uvm_param.h Virtual memory |
.It vfs CTL\_VFS sys/mount.h Filesystem |
.It vfs CTL_VFS sys/mount.h Filesystem |
.It net CTL\_NET sys/socket.h Networking |
.It net CTL_NET sys/socket.h Networking |
.It debug CTL\_DEBUG sys/sysctl.h Debugging |
.It debug CTL_DEBUG sys/sysctl.h Debugging |
.It hw CTL\_HW sys/sysctl.h Generic CPU, I/O |
.It hw CTL_HW sys/sysctl.h Generic CPU, I/O |
.It machdep CTL\_MACHDEP sys/sysctl.h Machine dependent |
.It machdep CTL_MACHDEP sys/sysctl.h Machine dependent |
.It user CTL\_USER sys/sysctl.h User-level |
.It user CTL_USER sys/sysctl.h User-level |
.It ddb CTL\_DDB sys/sysctl.h In-kernel debugger |
.It ddb CTL_DDB sys/sysctl.h In-kernel debugger |
.It proc CTL\_PROC sys/sysctl.h Per-process |
.It proc CTL_PROC sys/sysctl.h Per-process |
.It vendor CTL\_VENDOR ? Vendor specific |
.It vendor CTL_VENDOR ? Vendor specific |
.It emul CTL\_EMUL sys/sysctl.h Emulation settings |
.It emul CTL_EMUL sys/sysctl.h Emulation settings |
.It security CTL\_SECURITY sys/sysctl.h Security settings |
.It security CTL_SECURITY sys/sysctl.h Security settings |
.El |
.El |
.Sh The debug.* subtree |
.Sh The debug.* subtree |
The debugging variables vary from system to system. |
The debugging variables vary from system to system. |
Line 131 for more information. |
|
Line 131 for more information. |
|
A distinguished second level name, |
A distinguished second level name, |
.Li vfs.generic ( VFS_GENERIC ) , |
.Li vfs.generic ( VFS_GENERIC ) , |
is used to get general information about all filesystems. |
is used to get general information about all filesystems. |
One of its third level identifiers is |
It has the following third level identifiers: |
.Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM ) |
.Bl -tag -width compact |
that gives the highest valid filesystem type number. |
.It vfs.generic.maxtypenum ( VFS_MAXTYPENUM ) |
Its other third level identifier is |
The highest valid filesystem type number. |
.Li vfs.generic.conf ( VFS_CONF ) |
.It vfs.generic.conf ( VFS_CONF ) |
that returns configuration information about the filesystem |
Returns configuration information about the file-system type given as a fourth |
type given as a fourth level identifier. |
level identifier. |
The remaining second level identifiers are the |
.El |
filesystem type number returned by a |
.Pp |
|
The remaining second level identifiers are the file-system names, identified |
|
by the type number returned by a |
.Xr statvfs 2 |
.Xr statvfs 2 |
call or from |
call or from |
.Li vfs.generic.conf . |
.Li vfs.generic.conf . |
Line 152 The string and integer information avail |
|
Line 154 The string and integer information avail |
|
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent |
.Bl -column "hw.acpi.supported_states" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
|
.It hw.acpi.supported_states string no |
.It hw.alignbytes integer no |
.It hw.alignbytes integer no |
.It hw.byteorder integer no |
.It hw.byteorder integer no |
.It hw.cnmagic string yes |
.It hw.cnmagic string yes |
Line 171 privilege may change the value. |
|
Line 174 privilege may change the value. |
|
.El |
.El |
.Pp |
.Pp |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
|
.It Li hw.acpi.supported_states |
|
List of possible |
|
.Tn ACPI |
|
sleep states. |
|
The list can contain the following values: |
|
.Bl -tag -width XS1X |
|
.It S0 |
|
fully running |
|
.It S1 |
|
power on suspend (CPU and hard disks are off) |
|
.It S2 |
|
similar to S3, usually not implemented |
|
.It S3 |
|
suspend-to-RAM |
|
.It S4 |
|
suspend-to-disk (needs BIOS support) |
|
.It S5 |
|
power off |
|
.El |
.It Li hw.alignbytes ( HW_ALIGNBYTES ) |
.It Li hw.alignbytes ( HW_ALIGNBYTES ) |
Alignment constraint for all possible data types. |
Alignment constraint for all possible data types. |
This shows the value |
This shows the value |
Line 215 The machine CPU class. |
|
Line 237 The machine CPU class. |
|
The machine model. |
The machine model. |
.It Li hw.ncpu ( HW_NCPU ) |
.It Li hw.ncpu ( HW_NCPU ) |
The number of CPUs. |
The number of CPUs. |
.ne 1i |
|
.It Li hw.pagesize ( HW_PAGESIZE ) |
.It Li hw.pagesize ( HW_PAGESIZE ) |
The software page size. |
The software page size. |
.It Li hw.physmem ( HW_PHYSMEM ) |
.It Li hw.physmem ( HW_PHYSMEM ) |
Line 237 The types of data currently available ar |
|
Line 258 The types of data currently available ar |
|
system vnodes, the open file entries, routing table entries, |
system vnodes, the open file entries, routing table entries, |
virtual memory statistics, load average history, and clock rate |
virtual memory statistics, load average history, and clock rate |
information. |
information. |
.Bl -column "kern.posix_reader_writer_locks" "struct clockrateXXX" -offset indent |
.Bl -column "kern.posix_reader_writer_locks" "struct kinfo_drivers" "not applicable" |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It kern.argmax integer no |
.It kern.argmax integer no |
.It kern.autonicetime integer yes |
.It kern.autonicetime integer yes |
|
|
.It kern.ccpu integer no |
.It kern.ccpu integer no |
.It kern.clockrate struct clockinfo no |
.It kern.clockrate struct clockinfo no |
.It kern.consdev integer no |
.It kern.consdev integer no |
.It kern.cp\_id struct no |
.It kern.cp_id struct no |
.It kern.cp\_time uint64_t[\|] no |
.It kern.cp_time uint64_t[\|] no |
.It kern.defcorename string yes |
.It kern.defcorename string yes |
.It kern.domainname string yes |
.It kern.domainname string yes |
.It kern.drivers struct kinfo_drivers no |
.It kern.drivers struct kinfo_drivers no |
|
|
.It kern.forkfsleep integer yes |
.It kern.forkfsleep integer yes |
.It kern.fscale integer no |
.It kern.fscale integer no |
.It kern.fsync integer no |
.It kern.fsync integer no |
.It kern.hardclock\_ticks integer no |
.It kern.hardclock_ticks integer no |
.It kern.hostid integer yes |
.It kern.hostid integer yes |
.It kern.hostname string yes |
.It kern.hostname string yes |
.It kern.iov\_max integer no |
.It kern.iov_max integer no |
.It kern.job\_control integer no |
.It kern.job_control integer no |
.It kern.labeloffset integer no |
.It kern.labeloffset integer no |
.It kern.labelsector integer no |
.It kern.labelsector integer no |
.It kern.login\_name\_max integer no |
.It kern.login_name_max integer no |
.It kern.logsigexit integer yes |
.It kern.logsigexit integer yes |
.It kern.mapped\_files integer no |
.It kern.mapped_files integer no |
.It kern.maxfiles integer yes |
.It kern.maxfiles integer yes |
.It kern.maxpartitions integer no |
.It kern.maxpartitions integer no |
.It kern.maxphys integer no |
.It kern.maxphys integer no |
|
|
.It kern.maxvnodes integer yes |
.It kern.maxvnodes integer yes |
.It kern.mbuf node not applicable |
.It kern.mbuf node not applicable |
.It kern.memlock integer no |
.It kern.memlock integer no |
.It kern.memlock\_range integer no |
.It kern.memlock_range integer no |
.It kern.memory\_protection integer no |
.It kern.memory_protection integer no |
.It kern.monotonic\_clock integer no |
.It kern.monotonic_clock integer no |
.It kern.msgbuf integer no |
.It kern.msgbuf integer no |
.It kern.msgbufsize integer no |
.It kern.msgbufsize integer no |
.It kern.ngroups integer no |
.It kern.ngroups integer no |
|
|
.It kern.ostype string no |
.It kern.ostype string no |
.It kern.pipe node not applicable |
.It kern.pipe node not applicable |
.It kern.posix1 integer no |
.It kern.posix1 integer no |
.It kern.posix\_barriers integer no |
.It kern.posix_barriers integer no |
.It kern.posix\_reader\_writer\_locks integer no |
.It kern.posix_reader_writer_locks integer no |
.It kern.posix\_semaphores integer no |
.It kern.posix_semaphores integer no |
.It kern.posix\_spin\_locks integer no |
.It kern.posix_spin_locks integer no |
.It kern.posix\_threads integer no |
.It kern.posix_threads integer no |
.It kern.posix\_timers integer no |
.It kern.posix_timers integer no |
.It kern.proc struct kinfo_proc no |
.It kern.proc struct kinfo_proc no |
.It kern.proc2 struct kinfo_proc2 no |
.It kern.proc2 struct kinfo_proc2 no |
.It kern.proc\_args string no |
.It kern.proc_args string no |
.It kern.prof node not applicable |
.It kern.prof node not applicable |
.It kern.rawpartition integer no |
.It kern.rawpartition integer no |
.It kern.root\_device string no |
.It kern.root_device string no |
.It kern.root\_partition integer no |
.It kern.root_partition integer no |
.It kern.rtc\_offset integer yes |
.It kern.rtc_offset integer yes |
.It kern.saved\_ids integer no |
.It kern.saved_ids integer no |
.It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
.It kern.synchronized\_io integer no |
.It kern.synchronized_io integer no |
.It kern.ipc node not applicable |
.It kern.ipc node not applicable |
|
.It kern.timecounter node not applicable |
.It kern.timex struct no |
.It kern.timex struct no |
.It kern.tkstat node not applicable |
.It kern.tkstat node not applicable |
.It kern.urandom integer no |
.It kern.urandom integer no |
.It kern.version string no |
.It kern.version string no |
.It kern.vnode struct vnode no |
.It kern.vnode struct vnode no |
.El |
.El |
.ne 1i |
|
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.argmax ( KERN_ARGMAX ) |
.It Li kern.argmax ( KERN_ARGMAX ) |
The maximum bytes of argument to |
The maximum bytes of argument to |
Line 323 If set to 0, automatic lowering of prior |
|
Line 343 If set to 0, automatic lowering of prior |
|
all non-root processes are immediately lowered. |
all non-root processes are immediately lowered. |
.It Li kern.autoniceval ( KERN_AUTONICEVAL ) |
.It Li kern.autoniceval ( KERN_AUTONICEVAL ) |
The priority assigned for automatically niced processes. |
The priority assigned for automatically niced processes. |
|
.It Li kern.boothowto |
|
Flags passed from the boot loader; see |
|
.Xr reboot 2 |
|
for the meanings of the flags. |
.It Li kern.boottime ( KERN_BOOTTIME ) |
.It Li kern.boottime ( KERN_BOOTTIME ) |
A |
A |
.Va struct timeval |
.Va struct timeval |
Line 468 structures in the networking code, see |
|
Line 492 structures in the networking code, see |
|
The third level names for the mbuf variables are detailed below. |
The third level names for the mbuf variables are detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.mbuf.nmbclusters" "struct integerXXX" -offset indent |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.\" XXX Changeable? really? |
.\" XXX Changeable? really? |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mblowat integer yes |
|
|
The third level names for the integer pipe settings is detailed below. |
The third level names for the integer pipe settings is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.pipe.maxbigpipesXXX" "integerXXX" -offset indent |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxbigpipes integer yes |
|
|
structures is returned, |
structures is returned, |
whose size depends on the current number of such objects in the system. |
whose size depends on the current number of such objects in the system. |
The third and fourth level numeric names are as follows: |
The third and fourth level numeric names are as follows: |
.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.It Sy Third level name Fourth level is: |
.It Sy Third level name Fourth level is: |
.It KERN\_PROC\_ALL None |
.It KERN_PROC_ALL None |
.It KERN\_PROC\_GID A group ID |
.It KERN_PROC_GID A group ID |
.It KERN\_PROC\_PID A process ID |
.It KERN_PROC_PID A process ID |
.It KERN\_PROC\_PGRP A process group |
.It KERN_PROC_PGRP A process group |
.It KERN\_PROC\_RGID A real group ID |
.It KERN_PROC_RGID A real group ID |
.It KERN\_PROC\_RUID A real user ID |
.It KERN_PROC_RUID A real user ID |
.It KERN\_PROC\_SESSION A session ID |
.It KERN_PROC_SESSION A session ID |
.It KERN\_PROC\_TTY A tty device |
.It KERN_PROC_TTY A tty device |
.It KERN\_PROC\_UID A user ID |
.It KERN_PROC_UID A user ID |
.El |
.El |
.It Li kern.proc2 ( KERN_PROC2 ) |
.It Li kern.proc2 ( KERN_PROC2 ) |
As for KERN_PROC, but an array of |
As for KERN_PROC, but an array of |
|
|
Multiple strings are returned separated by NUL characters. |
Multiple strings are returned separated by NUL characters. |
The third level name is the process ID. |
The third level name is the process ID. |
The fourth level name is as follows: |
The fourth level name is as follows: |
.Bl -column "Third level nameXXXXXX" -offset indent |
.Bl -column "KERN_PROG_NARGV" "The number of environ strings" -offset indent |
.It KERN\_PROC\_ARGV The argv strings |
.It KERN_PROC_ARGV The argv strings |
.It KERN\_PROC\_ENV The environ strings |
.It KERN_PROC_ENV The environ strings |
.It KERN\_PROC\_NARGV The number of argv strings |
.It KERN_PROC_NARGV The number of argv strings |
.It KERN\_PROC\_NENV The number of environ strings |
.It KERN_PROC_NENV The number of environ strings |
.El |
.El |
.It Li kern.profiling ( KERN_PROF ) |
.It Li kern.profiling ( KERN_PROF ) |
Return profiling information about the kernel. |
Return profiling information about the kernel. |
Line 650 The third level names for the string and |
|
Line 674 The third level names for the string and |
|
is detailed below. |
is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" -offset indent |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
Line 691 Returns 1 if saved set-group and saved s |
|
Line 715 Returns 1 if saved set-group and saved s |
|
Maximum socket buffer size. |
Maximum socket buffer size. |
.\" XXX units? |
.\" XXX units? |
.It Li kern.securelevel ( KERN_SECURELVL ) |
.It Li kern.securelevel ( KERN_SECURELVL ) |
The system security level. |
See |
This level may be raised by processes with appropriate privilege. |
.Xr secmodel_securelevel 9 . |
It may only be lowered by process 1. |
|
.It Li kern.somaxkva ( KERN_SOMAXKVA ) |
.It Li kern.somaxkva ( KERN_SOMAXKVA ) |
Maximum amount of kernel memory to be used for socket buffers. |
Maximum amount of kernel memory to be used for socket buffers. |
.\" XXX units? |
.\" XXX units? |
|
|
.It Li kern.ipc ( KERN_SYSVIPC ) |
.It Li kern.ipc ( KERN_SYSVIPC ) |
Return information about the SysV IPC parameters. |
Return information about the SysV IPC parameters. |
The third level names for the ipc variables are detailed below. |
The third level names for the ipc variables are detailed below. |
.Bl -column "KERN_SYSVIPC_MSGXXX" "integerXXX" "noXXX" -offset indent |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvshm integer no |
.It kern.ipc.sysvshm integer no |
.It kern.ipc.sysvipc_info struct no |
.It kern.ipc.sysvipc_info struct no |
.It kern.ipc.shmmax integer no |
.It kern.ipc.shmmax integer yes |
.It kern.ipc.shmmni integer yes |
.It kern.ipc.shmmni integer yes |
.It kern.ipc.shmseg integer yes |
.It kern.ipc.shmseg integer yes |
.It kern.ipc.shmmaxpgs integer yes |
.It kern.ipc.shmmaxpgs integer yes |
.It kern.ipc.shm_use_phys integer yes |
.It kern.ipc.shm_use_phys integer yes |
|
.It kern.ipc.msgmni integer yes |
|
.It kern.ipc.msgseg integer yes |
|
.It kern.ipc.semmni integer yes |
|
.It kern.ipc.semmns integer yes |
|
.It kern.ipc.semmnu integer yes |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG ) |
.It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG ) |
|
|
.It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO ) |
.It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO ) |
Return System V style IPC configuration and run-time information. |
Return System V style IPC configuration and run-time information. |
The fourth level name selects the System V style IPC facility. |
The fourth level name selects the System V style IPC facility. |
.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent |
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
.It Sy Fourth level name Type |
.It Sy Fourth level name Type |
.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info |
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
.El |
.El |
.Pp |
.Pp |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
Line 745 Return information on the System V style |
|
Line 773 Return information on the System V style |
|
The |
The |
.Sy msg_sysctl_info |
.Sy msg_sysctl_info |
structure is defined in |
structure is defined in |
.Aq Pa sys/msg.h . |
.In sys/msg.h . |
.It Li KERN_SYSVIPC_SEM_INFO |
.It Li KERN_SYSVIPC_SEM_INFO |
Return information on the System V style semaphore facility. |
Return information on the System V style semaphore facility. |
The |
The |
.Sy sem_sysctl_info |
.Sy sem_sysctl_info |
structure is defined in |
structure is defined in |
.Aq Pa sys/sem.h . |
.In sys/sem.h . |
.It Li KERN_SYSVIPC_SHM_INFO |
.It Li KERN_SYSVIPC_SHM_INFO |
Return information on the System V style shared memory facility. |
Return information on the System V style shared memory facility. |
The |
The |
.Sy shm_sysctl_info |
.Sy shm_sysctl_info |
structure is defined in |
structure is defined in |
.Aq Pa sys/shm.h . |
.In sys/shm.h . |
.El |
.El |
.It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX ) |
.It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX ) |
Max shared memory segment size in bytes. |
Max shared memory segment size in bytes. |
Line 771 Max amount of shared memory in pages. |
|
Line 799 Max amount of shared memory in pages. |
|
Locking of shared memory in physical memory. |
Locking of shared memory in physical memory. |
If 0, memory can be swapped |
If 0, memory can be swapped |
out, otherwise it will be locked in physical memory. |
out, otherwise it will be locked in physical memory. |
|
.It Li kern.ipc.msgmni |
|
Max number of message queue identifiers. |
|
.It Li kern.ipc.msgseg |
|
Max number of number of message segments. |
|
.It Li kern.ipc.semmni |
|
Max number of number of semaphore identifiers. |
|
.It Li kern.ipc.semmns |
|
Max number of number of semaphores in system. |
|
.It Li kern.ipc.semmnu |
|
Max number of undo structures in system. |
|
.El |
|
.It Li kern.timecounter ( dynamic ) |
|
Display and control the timecounter source of the system. |
|
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Type Changeable |
|
.It kern.timecounter.choice string no |
|
.It kern.timecounter.hardware string yes |
|
.It kern.timecounter.timestepwarnings integer yes |
|
.El |
|
.Pp |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li kern.timecounter.choice ( dynamic ) |
|
The list of available timecounters with their quality and frequency. |
|
.It Li kern.timecounter.hardware ( dynamic ) |
|
The currently selected timecounter source. |
|
.It Li kern.timecounter.timestepwarnings ( dynamic ) |
|
If non-zero display a message each time the time is stepped. |
.El |
.El |
.It Li kern.timex ( KERN_TIMEX ) |
.It Li kern.timex ( KERN_TIMEX ) |
Not available. |
Not available. |
|
|
The third level names for the tty statistic variables are detailed below. |
The third level names for the tty statistic variables are detailed below. |
The changeable column shows whether a process |
The changeable column shows whether a process |
with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nin quad no |
Line 868 Same syntax as kern.defcorename. |
|
Line 924 Same syntax as kern.defcorename. |
|
.Sh The machdep.* subtree |
.Sh The machdep.* subtree |
The set of variables defined is architecture dependent. |
The set of variables defined is architecture dependent. |
Most architectures define at least the following variables. |
Most architectures define at least the following variables. |
.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent |
.Bl -column "Second level name" "Type" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It Li CPU_CONSDEV dev_t no |
.It Li CPU_CONSDEV dev_t no |
.El |
.El |
Line 880 The changeable column shows whether a pr |
|
Line 936 The changeable column shows whether a pr |
|
privilege may change the value. |
privilege may change the value. |
The second and third levels are typically the protocol family and |
The second and third levels are typically the protocol family and |
protocol number, though this is not always the case. |
protocol number, though this is not always the case. |
.Bl -column "Second level nameX" "IPsec key management valuesX" -offset indent |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It net.route routing messages no |
.It net.route routing messages no |
.It net.inet IPv4 values yes |
.It net.inet IPv4 values yes |
Line 901 The third level name is a protocol numbe |
|
Line 957 The third level name is a protocol numbe |
|
The fourth level name is an address family, which may be set to 0 to |
The fourth level name is an address family, which may be set to 0 to |
select all address families. |
select all address families. |
The fifth and sixth level names are as follows: |
The fifth and sixth level names are as follows: |
.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.It Sy Fifth level name Sixth level is: |
.It Sy Fifth level name Sixth level is: |
.It NET\_RT\_FLAGS rtflags |
.It NET_RT_FLAGS rtflags |
.It NET\_RT\_DUMP None |
.It NET_RT_DUMP None |
.It NET\_RT\_IFLIST None |
.It NET_RT_IFLIST None |
.El |
.El |
.It Li net.inet ( PF_INET ) |
.It Li net.inet ( PF_INET ) |
Get or set various global information about the IPv4 |
Get or set various global information about the IPv4 |
Line 913 Get or set various global information ab |
|
Line 969 Get or set various global information ab |
|
The third level name is the protocol. |
The third level name is the protocol. |
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol name" "sack.globalmaxholes" "integer" -offset 4n |
.Bl -column "Protocol name" "sack.globalmaxholes" "integer" "Changeable" -offset 4n |
.It Sy Protocol name Variable name Type Changeable |
.It Sy Protocol name Variable name Type Changeable |
.It arp down integer yes |
.It arp down integer yes |
.It arp keep integer yes |
.It arp keep integer yes |
Line 927 The currently defined protocols and name |
|
Line 983 The currently defined protocols and name |
|
.It icmp maskrepl integer yes |
.It icmp maskrepl integer yes |
.It icmp rediraccept integer yes |
.It icmp rediraccept integer yes |
.It icmp redirtimeout integer yes |
.It icmp redirtimeout integer yes |
|
.It icmp bmcastecho integer yes |
.It ip allowsrcrt integer yes |
.It ip allowsrcrt integer yes |
.It ip anonportmax integer yes |
.It ip anonportmax integer yes |
.It ip anonportmin integer yes |
.It ip anonportmin integer yes |
Line 973 The currently defined protocols and name |
|
Line 1030 The currently defined protocols and name |
|
.It tcp log_refused integer yes |
.It tcp log_refused integer yes |
.It tcp rstppslimit integer yes |
.It tcp rstppslimit integer yes |
.It tcp ident struct no |
.It tcp ident struct no |
|
.It tcp drop struct no |
.It tcp sack.enable integer yes |
.It tcp sack.enable integer yes |
.It tcp sack.globalholes integer no |
.It tcp sack.globalholes integer no |
.It tcp sack.globalmaxholes integer yes |
.It tcp sack.globalmaxholes integer yes |
|
|
This defaults to 600 seconds. |
This defaults to 600 seconds. |
.It Li icmp.returndatabytes |
.It Li icmp.returndatabytes |
Number of bytes to return in an ICMP error message. |
Number of bytes to return in an ICMP error message. |
|
.It Li icmp.bmcastecho |
|
If set to 1, enables responding to ICMP echo or timestamp request to the |
|
broadcast address. |
.It Li tcp.ack_on_push |
.It Li tcp.ack_on_push |
If set to 1, TCP is to immediately transmit an ACK upon reception of |
If set to 1, TCP is to immediately transmit an ACK upon reception of |
a packet with PUSH set. |
a packet with PUSH set. |
|
|
TCP RST packet that exceeded the value are subject to rate limitation |
TCP RST packet that exceeded the value are subject to rate limitation |
and will not go out from the node. |
and will not go out from the node. |
Negative value disables rate limitation. |
Negative value disables rate limitation. |
|
.It Li tcp.ident |
|
Return the user ID of a connected socket pair. |
|
(RFC1413 Identification Protocol lookups.) |
|
.It Li tcp.drop |
|
Drop a TCP socket pair connection. |
.It Li tcp.sack.enable |
.It Li tcp.sack.enable |
If set to 1, enables RFC 2018 Selective ACKnowledgement. |
If set to 1, enables RFC 2018 Selective ACKnowledgement. |
.It Li tcp.sack.globalholes |
.It Li tcp.sack.globalholes |
Line 1271 Get or set various global information ab |
|
Line 1337 Get or set various global information ab |
|
The third level name is the protocol. |
The third level name is the protocol. |
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent |
.Bl -column "Protocol name" "do_loopback_cksum" "integer" "Changeable" -offset indent |
.It Sy Protocol name Variable name Type Changeable |
.It Sy Protocol name Variable name Type Changeable |
.It icmp6 errppslimit integer yes |
.It icmp6 errppslimit integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_hiwat integer yes |
Line 1537 For variables net.*.ipsec6, please refer |
|
Line 1603 For variables net.*.ipsec6, please refer |
|
Get or set various global information about the IPsec key management. |
Get or set various global information about the IPsec key management. |
The third level name is the variable name. |
The third level name is the variable name. |
The currently defined variable and names are: |
The currently defined variable and names are: |
.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.It Sy Variable name Type Changeable |
.It Sy Variable name Type Changeable |
.It debug integer yes |
.It debug integer yes |
.It spi_try integer yes |
.It spi_try integer yes |
Line 1550 The currently defined variable and names |
|
Line 1616 The currently defined variable and names |
|
.It esp_auth integer yes |
.It esp_auth integer yes |
.It ah_keymin integer yes |
.It ah_keymin integer yes |
.El |
.El |
|
.Pp |
The variables are as follows: |
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li debug |
.It Li debug |
Line 1600 When a set-user-ID or set-group-ID binar |
|
Line 1667 When a set-user-ID or set-group-ID binar |
|
value of PROC_PID_CORENAME is reset to the system default value. |
value of PROC_PID_CORENAME is reset to the system default value. |
The second level name is either the magic value PROC_CURPROC, which |
The second level name is either the magic value PROC_CURPROC, which |
points to the current process, or the PID of the target process. |
points to the current process, or the PID of the target process. |
.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It proc.pid.corename string yes |
.It proc.pid.corename string yes |
.It proc.pid.rlimit node not applicable |
.It proc.pid.rlimit node not applicable |
Line 1609 points to the current process, or the PI |
|
Line 1676 points to the current process, or the PI |
|
.It proc.pid.stopexit int yes |
.It proc.pid.stopexit int yes |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.Pp |
|
.It Li proc.pid.corename ( PROC_PID_CORENAME ) |
.It Li proc.pid.corename ( PROC_PID_CORENAME ) |
The template used for the core dump file name (see |
The template used for the core dump file name (see |
.Xr core 5 |
.Xr core 5 |
|
|
The maximum number of simultaneous processes for this user id. |
The maximum number of simultaneous processes for this user id. |
.It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE ) |
.It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE ) |
The maximum number of open files for this process. |
The maximum number of open files for this process. |
.\" XXX proc.pid.rlimit.sbsize |
.It Li proc.pid.rlimit.sbsize ( PROC_PID_LIMIT_SBSIZE ) |
|
The maximum size (in bytes) of the socket buffers |
|
set by the |
|
.Xr setsockopt 2 |
|
.Dv SO_RCVBUF |
|
and |
|
.Dv SO_SNDBUF |
|
options. |
.El |
.El |
.Pp |
.Pp |
The fifth level name is one of |
The fifth level name is one of |
Line 1718 The string and integer information avail |
|
Line 1791 The string and integer information avail |
|
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It user.atexit_max integer no |
.It user.atexit_max integer no |
.It user.bc_base_max integer no |
.It user.bc_base_max integer no |
Line 1744 privilege may change the value. |
|
Line 1817 privilege may change the value. |
|
.It user.tzname_max integer no |
.It user.tzname_max integer no |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.Pp |
|
.It Li user.atexit_max ( USER_ATEXIT_MAX ) |
.It Li user.atexit_max ( USER_ATEXIT_MAX ) |
The maximum number of functions that may be registered with |
The maximum number of functions that may be registered with |
.Xr atexit 3 . |
.Xr atexit 3 . |
Line 1807 The version of POSIX 1003.2 with which t |
|
Line 1879 The version of POSIX 1003.2 with which t |
|
.It Li user.re_dup_max ( USER_RE_DUP_MAX ) |
.It Li user.re_dup_max ( USER_RE_DUP_MAX ) |
The maximum number of repeated occurrences of a regular expression |
The maximum number of repeated occurrences of a regular expression |
permitted when using interval notation. |
permitted when using interval notation. |
.ne 1i |
|
.It Li user.stream_max ( USER_STREAM_MAX ) |
.It Li user.stream_max ( USER_STREAM_MAX ) |
The minimum maximum number of streams that a process may have open |
The minimum maximum number of streams that a process may have open |
at any one time. |
at any one time. |
Line 1821 The string and integer information avail |
|
Line 1892 The string and integer information avail |
|
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level nameXXXXXX" "struct uvmexp_sysctlXXX" -offset indent |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It vm.anonmax int yes |
.It vm.anonmax int yes |
.It vm.anonmin int yes |
.It vm.anonmin int yes |
Line 1882 The value of the maxslp kernel global va |
|
Line 1953 The value of the maxslp kernel global va |
|
Return system wide virtual memory statistics. |
Return system wide virtual memory statistics. |
The returned data consists of a |
The returned data consists of a |
.Va struct vmtotal . |
.Va struct vmtotal . |
|
.It vm.user_va0_disable |
|
A flag which controls whether user processes can map virtual address 0. |
.It Li vm.uspace ( VM_USPACE ) |
.It Li vm.uspace ( VM_USPACE ) |
The number of bytes allocated for each kernel stack. |
The number of bytes allocated for each kernel stack. |
.It Li vm.uvmexp ( VM_UVMEXP ) |
.It Li vm.uvmexp ( VM_UVMEXP ) |
Line 1901 level is detailed below. |
|
Line 1974 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.\" XXX sort |
.\" XXX sort |
.Bl -column "ddb.fromconsoleXXX" "integerXXX" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
.It ddb.radix integer yes |
.It ddb.radix integer yes |
.It ddb.maxoff integer yes |
.It ddb.maxoff integer yes |
Line 1921 Number of display lines. |
|
Line 1994 Number of display lines. |
|
.It Li ddb.tabstops ( DBCTL_TABSTOPS ) |
.It Li ddb.tabstops ( DBCTL_TABSTOPS ) |
Tab width. |
Tab width. |
.It Li ddb.onpanic ( DBCTL_ONPANIC ) |
.It Li ddb.onpanic ( DBCTL_ONPANIC ) |
If non-zero, DDB will be entered when the kernel panics. |
If non-zero, DDB will be entered if the kernel panics. |
.It Li ddb.fromconsole ( DBCTL_FROMCONSOLE ) |
.It Li ddb.fromconsole ( DBCTL_FROMCONSOLE ) |
If not zero, DDB may be entered by sending a break on a serial |
If not zero, DDB may be entered by sending a break on a serial |
console or by a special key sequence on a graphics console. |
console or by a special key sequence on a graphics console. |
|
|
.It Li security.models |
.It Li security.models |
.Nx |
.Nx |
supports pluggable security models. |
supports pluggable security models. |
Every security model used, whether if loaded as an LKM or built with the system, |
Every security model used, whether if loaded as a module or built with the system, |
is required to add an entry to this node with at least one element, |
is required to add an entry to this node with at least one element, |
.Dq name , |
.Dq name , |
indicating the name of the security model. |
indicating the name of the security model. |
|
|
.Xr security 8 . |
.Xr security 8 . |
.Pp |
.Pp |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
|
.It Li security.pax.aslr.enable |
|
Enable PaX ASLR (Address Space Layout Randomization). |
|
.Pp |
|
The value of this |
|
knob must be non-zero for PaX ASLR to be enabled, even if a program is set to |
|
explicit enable. |
|
.It Li security.pax.aslr.global |
|
Specifies the default global policy for programs without an |
|
explicit enable/disable flag. |
|
.Pp |
|
When non-zero, all programs will get PaX ASLR, except those exempted with |
|
.Xr paxctl 8 . |
|
Otherwise, all programs will not get PaX ASLR, except those specifically |
|
marked as such with |
|
.Xr paxctl 8 . |
.It Li security.pax.mprotect.enable |
.It Li security.pax.mprotect.enable |
Enable PaX MPROTECT restrictions. |
Enable PaX MPROTECT restrictions. |
.Pp |
.Pp |