Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/share/man/man7/sysctl.7,v
rcsdiff: /ftp/cvs/cvsroot/src/share/man/man7/sysctl.7,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.13
retrieving revision 1.37
diff -u -p -r1.13 -r1.37
--- src/share/man/man7/sysctl.7	2007/06/25 23:36:18	1.13
+++ src/share/man/man7/sysctl.7	2010/04/10 04:49:17	1.37
@@ -1,4 +1,4 @@
-.\"	$NetBSD: sysctl.7,v 1.13 2007/06/25 23:36:18 christos Exp $
+.\"	$NetBSD: sysctl.7,v 1.37 2010/04/10 04:49:17 jruoho Exp $
 .\"
 .\" Copyright (c) 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"	@(#)sysctl.3	8.4 (Berkeley) 5/9/95
 .\"
-.Dd June 19, 2007
+.Dd April 10, 2010
 .Dt SYSCTL 7
 .Os
 .Sh NAME
@@ -70,25 +70,25 @@ See the
 manual page for programming examples.
 .Sh Top level names
 The top level names are defined with a CTL_ prefix in
-.Aq Pa sys/sysctl.h ,
+.In sys/sysctl.h ,
 and are as follows.
 The next and subsequent levels down are found in the include files
 listed here, and described in separate sections below.
-.Bl -column securityXX CTLXSECURITYXX "Next level namesXX"
+.Bl -column security CTL_SECURITY "Next level names" "High kernel limits"
 .It Sy Name	Constant	Next level names	Description
-.It kern	CTL\_KERN	sys/sysctl.h	High kernel limits
-.It vm	CTL\_VM	uvm/uvm_param.h	Virtual memory
-.It vfs	CTL\_VFS	sys/mount.h	Filesystem
-.It net	CTL\_NET	sys/socket.h	Networking
-.It debug	CTL\_DEBUG	sys/sysctl.h	Debugging
-.It hw	CTL\_HW	sys/sysctl.h	Generic CPU, I/O
-.It machdep	CTL\_MACHDEP	sys/sysctl.h	Machine dependent
-.It user	CTL\_USER	sys/sysctl.h	User-level
-.It ddb	CTL\_DDB	sys/sysctl.h	In-kernel debugger
-.It proc	CTL\_PROC	sys/sysctl.h	Per-process
-.It vendor	CTL\_VENDOR	?	Vendor specific
-.It emul	CTL\_EMUL	sys/sysctl.h	Emulation settings
-.It security	CTL\_SECURITY	sys/sysctl.h	Security settings
+.It kern	CTL_KERN	sys/sysctl.h	High kernel limits
+.It vm	CTL_VM	uvm/uvm_param.h	Virtual memory
+.It vfs	CTL_VFS	sys/mount.h	Filesystem
+.It net	CTL_NET	sys/socket.h	Networking
+.It debug	CTL_DEBUG	sys/sysctl.h	Debugging
+.It hw	CTL_HW	sys/sysctl.h	Generic CPU, I/O
+.It machdep	CTL_MACHDEP	sys/sysctl.h	Machine dependent
+.It user	CTL_USER	sys/sysctl.h	User-level
+.It ddb	CTL_DDB	sys/sysctl.h	In-kernel debugger
+.It proc	CTL_PROC	sys/sysctl.h	Per-process
+.It vendor	CTL_VENDOR	?	Vendor specific
+.It emul	CTL_EMUL	sys/sysctl.h	Emulation settings
+.It security	CTL_SECURITY	sys/sysctl.h	Security settings
 .El
 .Sh The debug.* subtree
 The debugging variables vary from system to system.
@@ -131,15 +131,17 @@ for more information.
 A distinguished second level name,
 .Li vfs.generic ( VFS_GENERIC ) ,
 is used to get general information about all filesystems.
-One of its third level identifiers is
-.Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM )
-that gives the highest valid filesystem type number.
-Its other third level identifier is
-.Li vfs.generic.conf ( VFS_CONF )
-that returns configuration information about the filesystem
-type given as a fourth level identifier.
-The remaining second level identifiers are the
-filesystem type number returned by a
+It has the following third level identifiers:
+.Bl -tag -width compact
+.It vfs.generic.maxtypenum ( VFS_MAXTYPENUM )
+The highest valid filesystem type number.
+.It vfs.generic.conf ( VFS_CONF )
+Returns configuration information about the file-system type given as a fourth
+level identifier.
+.El
+.Pp
+The remaining second level identifiers are the file-system names, identified
+by the type number returned by a
 .Xr statvfs 2
 call or from
 .Li vfs.generic.conf .
@@ -152,7 +154,7 @@ The string and integer information avail
 level is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent
+.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It hw.alignbytes	integer	no
 .It hw.byteorder	integer	no
@@ -215,7 +217,6 @@ The machine CPU class.
 The machine model.
 .It Li hw.ncpu ( HW_NCPU )
 The number of CPUs.
-.ne 1i
 .It Li hw.pagesize ( HW_PAGESIZE )
 The software page size.
 .It Li hw.physmem ( HW_PHYSMEM )
@@ -237,7 +238,7 @@ The types of data currently available ar
 system vnodes, the open file entries, routing table entries,
 virtual memory statistics, load average history, and clock rate
 information.
-.Bl -column "kern.posix_reader_writer_locks" "struct clockrateXXX" -offset indent
+.Bl -column "kern.posix_reader_writer_locks" "struct kinfo_drivers" "not applicable"
 .It Sy Second level name	Type	Changeable
 .It kern.argmax	integer	no
 .It kern.autonicetime	integer	yes
@@ -247,8 +248,8 @@ information.
 .It kern.ccpu	integer	no
 .It kern.clockrate	struct clockinfo	no
 .It kern.consdev	integer	no
-.It kern.cp\_id	struct	no
-.It kern.cp\_time	uint64_t[\|]	no
+.It kern.cp_id	struct	no
+.It kern.cp_time	uint64_t[\|]	no
 .It kern.defcorename	string	yes
 .It kern.domainname	string	yes
 .It kern.drivers	struct kinfo_drivers	no
@@ -256,16 +257,16 @@ information.
 .It kern.forkfsleep	integer	yes
 .It kern.fscale	integer	no
 .It kern.fsync	integer	no
-.It kern.hardclock\_ticks	integer	no
+.It kern.hardclock_ticks	integer	no
 .It kern.hostid	integer	yes
 .It kern.hostname	string	yes
-.It kern.iov\_max	integer	no
-.It kern.job\_control	integer	no
+.It kern.iov_max	integer	no
+.It kern.job_control	integer	no
 .It kern.labeloffset	integer	no
 .It kern.labelsector	integer	no
-.It kern.login\_name\_max	integer	no
+.It kern.login_name_max	integer	no
 .It kern.logsigexit	integer	yes
-.It kern.mapped\_files	integer	no
+.It kern.mapped_files	integer	no
 .It kern.maxfiles	integer	yes
 .It kern.maxpartitions	integer	no
 .It kern.maxphys	integer	no
@@ -274,9 +275,9 @@ information.
 .It kern.maxvnodes	integer	yes
 .It kern.mbuf	node	not applicable
 .It kern.memlock	integer	no
-.It kern.memlock\_range	integer	no
-.It kern.memory\_protection	integer	no
-.It kern.monotonic\_clock	integer	no
+.It kern.memlock_range	integer	no
+.It kern.memory_protection	integer	no
+.It kern.monotonic_clock	integer	no
 .It kern.msgbuf	integer	no
 .It kern.msgbufsize	integer	no
 .It kern.ngroups	integer	no
@@ -286,32 +287,31 @@ information.
 .It kern.ostype	string	no
 .It kern.pipe	node	not applicable
 .It kern.posix1	integer	no
-.It kern.posix\_barriers	integer	no
-.It kern.posix\_reader\_writer\_locks	integer	no
-.It kern.posix\_semaphores	integer	no
-.It kern.posix\_spin\_locks	integer	no
-.It kern.posix\_threads	integer	no
-.It kern.posix\_timers	integer	no
+.It kern.posix_barriers	integer	no
+.It kern.posix_reader_writer_locks	integer	no
+.It kern.posix_semaphores	integer	no
+.It kern.posix_spin_locks	integer	no
+.It kern.posix_threads	integer	no
+.It kern.posix_timers	integer	no
 .It kern.proc	struct kinfo_proc	no
 .It kern.proc2	struct kinfo_proc2	no
-.It kern.proc\_args	string	no
+.It kern.proc_args	string	no
 .It kern.prof	node	not applicable
 .It kern.rawpartition	integer	no
-.It kern.root\_device	string	no
-.It kern.root\_partition	integer	no
-.It kern.rtc\_offset	integer	yes
-.It kern.saved\_ids	integer	no
+.It kern.root_device	string	no
+.It kern.root_partition	integer	no
+.It kern.rtc_offset	integer	yes
+.It kern.saved_ids	integer	no
 .It kern.securelevel	integer	raise only
-.It kern.synchronized\_io	integer	no
+.It kern.synchronized_io	integer	no
 .It kern.ipc	node	not applicable
+.It kern.timecounter	node	not applicable
 .It kern.timex	struct	no
 .It kern.tkstat	node	not applicable
 .It kern.urandom	integer	no
 .It kern.version	string	no
 .It kern.vnode	struct vnode	no
 .El
-.ne 1i
-.Pp
 .Bl -tag -width "123456"
 .It Li kern.argmax ( KERN_ARGMAX )
 The maximum bytes of argument to
@@ -323,6 +323,10 @@ If set to 0, automatic lowering of prior
 all non-root processes are immediately lowered.
 .It Li kern.autoniceval ( KERN_AUTONICEVAL )
 The priority assigned for automatically niced processes.
+.It Li kern.boothowto
+Flags passed from the boot loader; see
+.Xr reboot 2
+for the meanings of the flags.
 .It Li kern.boottime ( KERN_BOOTTIME )
 A
 .Va struct timeval
@@ -337,6 +341,9 @@ structure is returned.
 This structure contains the clock, statistics clock and profiling clock
 frequencies, the number of micro-seconds per hz tick, and the clock
 skew rate.
+Refer to
+.Xr hz 9
+for additional details.
 .It Li kern.consdev ( KERN_CONSDEV )
 Console device.
 .It Li kern.cp_id ( KERN_CP_ID )
@@ -468,7 +475,7 @@ structures in the networking code, see
 The third level names for the mbuf variables are detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "kern.mbuf.nmbclusters" "struct integerXXX" -offset indent
+.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent
 .It Sy Third level name	Type	Changeable
 .\" XXX Changeable? really?
 .It kern.mbuf.mblowat	integer	yes
@@ -535,7 +542,7 @@ Pipe settings.
 The third level names for the  integer pipe settings is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "kern.pipe.maxbigpipesXXX" "integerXXX" -offset indent
+.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent
 .It Sy Third level name	Type	Changeable
 .It kern.pipe.kvasiz	integer	yes
 .It kern.pipe.maxbigpipes	integer	yes
@@ -609,17 +616,17 @@ An array of
 structures is returned,
 whose size depends on the current number of such objects in the system.
 The third and fourth level numeric names are as follows:
-.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent
+.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent
 .It Sy Third level name	Fourth level is:
-.It KERN\_PROC\_ALL	None
-.It KERN\_PROC\_GID	A group ID
-.It KERN\_PROC\_PID	A process ID
-.It KERN\_PROC\_PGRP	A process group
-.It KERN\_PROC\_RGID	A real group ID
-.It KERN\_PROC\_RUID	A real user ID
-.It KERN\_PROC\_SESSION	A session ID
-.It KERN\_PROC\_TTY	A tty device
-.It KERN\_PROC\_UID	A user ID
+.It KERN_PROC_ALL	None
+.It KERN_PROC_GID	A group ID
+.It KERN_PROC_PID	A process ID
+.It KERN_PROC_PGRP	A process group
+.It KERN_PROC_RGID	A real group ID
+.It KERN_PROC_RUID	A real user ID
+.It KERN_PROC_SESSION	A session ID
+.It KERN_PROC_TTY	A tty device
+.It KERN_PROC_UID	A user ID
 .El
 .It Li kern.proc2 ( KERN_PROC2 )
 As for KERN_PROC, but an array of
@@ -634,11 +641,11 @@ of a process.
 Multiple strings are returned separated by NUL characters.
 The third level name is the process ID.
 The fourth level name is as follows:
-.Bl -column "Third level nameXXXXXX" -offset indent
-.It KERN\_PROC\_ARGV	The argv strings
-.It KERN\_PROC\_ENV	The environ strings
-.It KERN\_PROC\_NARGV	The number of argv strings
-.It KERN\_PROC\_NENV	The number of environ strings
+.Bl -column "KERN_PROG_NARGV" "The number of environ strings" -offset indent
+.It KERN_PROC_ARGV	The argv strings
+.It KERN_PROC_ENV	The environ strings
+.It KERN_PROC_NARGV	The number of argv strings
+.It KERN_PROC_NENV	The number of environ strings
 .El
 .It Li kern.profiling ( KERN_PROF )
 Return profiling information about the kernel.
@@ -650,7 +657,7 @@ The third level names for the string and
 is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "kern.profiling.gmonparam" "struct gmonparam" -offset indent
+.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent
 .It Sy Third level name	Type	Changeable
 .It kern.profiling.count	u_short[\|]	yes
 .It kern.profiling.froms	u_short[\|]	yes
@@ -691,9 +698,8 @@ Returns 1 if saved set-group and saved s
 Maximum socket buffer size.
 .\" XXX units?
 .It Li kern.securelevel ( KERN_SECURELVL )
-The system security level.
-This level may be raised by processes with appropriate privilege.
-It may only be lowered by process 1.
+See
+.Xr secmodel_securelevel 9 .
 .It Li kern.somaxkva ( KERN_SOMAXKVA )
 Maximum amount of kernel memory to be used for socket buffers.
 .\" XXX units?
@@ -704,17 +710,22 @@ otherwise 0.
 .It Li kern.ipc ( KERN_SYSVIPC )
 Return information about the SysV IPC parameters.
 The third level names for the ipc variables are detailed below.
-.Bl -column "KERN_SYSVIPC_MSGXXX" "integerXXX" "noXXX" -offset indent
-.It Sy Third level name	Type		Changeable
-.It kern.ipc.sysvmsg	integer		no
-.It kern.ipc.sysvsem	integer		no
-.It kern.ipc.sysvshm	integer		no
-.It kern.ipc.sysvipc_info	struct		no
-.It kern.ipc.shmmax	integer		no
-.It kern.ipc.shmmni	integer		yes
-.It kern.ipc.shmseg	integer		yes
-.It kern.ipc.shmmaxpgs	integer		yes
-.It kern.ipc.shm_use_phys	integer		yes
+.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent
+.It Sy Third level name	Type	Changeable
+.It kern.ipc.sysvmsg	integer	no
+.It kern.ipc.sysvsem	integer	no
+.It kern.ipc.sysvshm	integer	no
+.It kern.ipc.sysvipc_info	struct	no
+.It kern.ipc.shmmax	integer	yes
+.It kern.ipc.shmmni	integer	yes
+.It kern.ipc.shmseg	integer	yes
+.It kern.ipc.shmmaxpgs	integer	yes
+.It kern.ipc.shm_use_phys	integer	yes
+.It kern.ipc.msgmni	integer	yes
+.It kern.ipc.msgseg	integer	yes
+.It kern.ipc.semmni	integer	yes
+.It kern.ipc.semmns	integer	yes
+.It kern.ipc.semmnu	integer	yes
 .El
 .Bl -tag -width "123456"
 .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG )
@@ -732,11 +743,11 @@ otherwise 0.
 .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO )
 Return System V style IPC configuration and run-time information.
 The fourth level name selects the System V style IPC facility.
-.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent
+.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent
 .It Sy Fourth level name	Type
-.It KERN\_SYSVIPC\_MSG\_INFO	struct msg_sysctl_info
-.It KERN\_SYSVIPC\_SEM\_INFO	struct sem_sysctl_info
-.It KERN\_SYSVIPC\_SHM\_INFO	struct shm_sysctl_info
+.It KERN_SYSVIPC_MSG_INFO	struct msg_sysctl_info
+.It KERN_SYSVIPC_SEM_INFO	struct sem_sysctl_info
+.It KERN_SYSVIPC_SHM_INFO	struct shm_sysctl_info
 .El
 .Pp
 .Bl -tag -width "123456"
@@ -745,19 +756,19 @@ Return information on the System V style
 The
 .Sy msg_sysctl_info
 structure is defined in
-.Aq Pa sys/msg.h .
+.In sys/msg.h .
 .It Li KERN_SYSVIPC_SEM_INFO
 Return information on the System V style semaphore facility.
 The
 .Sy sem_sysctl_info
 structure is defined in
-.Aq Pa sys/sem.h .
+.In sys/sem.h .
 .It Li KERN_SYSVIPC_SHM_INFO
 Return information on the System V style shared memory facility.
 The
 .Sy shm_sysctl_info
 structure is defined in
-.Aq Pa sys/shm.h .
+.In sys/shm.h .
 .El
 .It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX )
 Max shared memory segment size in bytes.
@@ -771,6 +782,34 @@ Max amount of shared memory in pages.
 Locking of shared memory in physical memory.
 If 0, memory can be swapped
 out, otherwise it will be locked in physical memory.
+.It Li kern.ipc.msgmni
+Max number of message queue identifiers.
+.It Li kern.ipc.msgseg
+Max number of number of message segments.
+.It Li kern.ipc.semmni
+Max number of number of semaphore identifiers.
+.It Li kern.ipc.semmns
+Max number of number of semaphores in system.
+.It Li kern.ipc.semmnu
+Max number of undo structures in system.
+.El
+.It Li kern.timecounter ( dynamic )
+Display and control the timecounter source of the system.
+.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent
+.It Sy Third level name	Type	Changeable
+.It kern.timecounter.choice	string	no
+.It kern.timecounter.hardware	string	yes
+.It kern.timecounter.timestepwarnings	integer	yes
+.El
+.Pp
+The variables are as follows:
+.Bl -tag -width "123456"
+.It Li kern.timecounter.choice ( dynamic )
+The list of available timecounters with their quality and frequency.
+.It Li kern.timecounter.hardware ( dynamic )
+The currently selected timecounter source.
+.It Li kern.timecounter.timestepwarnings ( dynamic )
+If non-zero display a message each time the time is stepped.
 .El
 .It Li kern.timex ( KERN_TIMEX )
 Not available.
@@ -780,7 +819,7 @@ on ttys.
 The third level names for the tty statistic variables are detailed below.
 The changeable column shows whether a process
 with appropriate privilege may change the value.
-.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent
+.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent
 .It Sy Third level name	Type	Changeable
 .It kern.tkstat.cancc	quad	no
 .It kern.tkstat.nin	quad	no
@@ -868,7 +907,7 @@ Same syntax as kern.defcorename.
 .Sh The machdep.* subtree
 The set of variables defined is architecture dependent.
 Most architectures define at least the following variables.
-.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent
+.Bl -column "Second level name" "Type" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It Li CPU_CONSDEV	dev_t	no
 .El
@@ -880,7 +919,7 @@ The changeable column shows whether a pr
 privilege may change the value.
 The second and third levels are typically the protocol family and
 protocol number, though this is not always the case.
-.Bl -column "Second level nameX" "IPsec key management valuesX" -offset indent
+.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It net.route	routing messages	no
 .It net.inet	IPv4 values	yes
@@ -901,11 +940,11 @@ The third level name is a protocol numbe
 The fourth level name is an address family, which may be set to 0 to
 select all address families.
 The fifth and sixth level names are as follows:
-.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent
+.Bl -column "Fifth level name" "Sixth level is:" -offset indent
 .It Sy Fifth level name	Sixth level is:
-.It NET\_RT\_FLAGS	rtflags
-.It NET\_RT\_DUMP	None
-.It NET\_RT\_IFLIST	None
+.It NET_RT_FLAGS	rtflags
+.It NET_RT_DUMP	None
+.It NET_RT_IFLIST	None
 .El
 .It Li net.inet ( PF_INET )
 Get or set various global information about the IPv4
@@ -913,7 +952,7 @@ Get or set various global information ab
 The third level name is the protocol.
 The fourth level name is the variable name.
 The currently defined protocols and names are:
-.Bl -column "Protocol name" "sack.globalmaxholes" "integer" -offset 4n
+.Bl -column "Protocol name" "sack.globalmaxholes" "integer" "Changeable" -offset 4n
 .It Sy Protocol name	Variable name	Type	Changeable
 .It arp	down	integer	yes
 .It arp	keep	integer	yes
@@ -927,6 +966,7 @@ The currently defined protocols and name
 .It icmp	maskrepl	integer	yes
 .It icmp	rediraccept	integer	yes
 .It icmp	redirtimeout	integer	yes
+.It icmp	bmcastecho	integer	yes
 .It ip	allowsrcrt	integer	yes
 .It ip	anonportmax	integer	yes
 .It ip	anonportmin	integer	yes
@@ -1136,6 +1176,9 @@ ICMP redirect.
 This defaults to 600 seconds.
 .It Li icmp.returndatabytes
 Number of bytes to return in an ICMP error message.
+.It Li icmp.bmcastecho
+If set to 1, enables responding to ICMP echo or timestamp request to the
+broadcast address.
 .It Li tcp.ack_on_push
 If set to 1, TCP is to immediately transmit an ACK upon reception of
 a packet with PUSH set.
@@ -1277,7 +1320,7 @@ Get or set various global information ab
 The third level name is the protocol.
 The fourth level name is the variable name.
 The currently defined protocols and names are:
-.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent
+.Bl -column "Protocol name" "do_loopback_cksum" "integer" "Changeable" -offset indent
 .It Sy Protocol name	Variable name	Type	Changeable
 .It icmp6	errppslimit	integer	yes
 .It icmp6	mtudisc_hiwat	integer	yes
@@ -1543,7 +1586,7 @@ For variables net.*.ipsec6, please refer
 Get or set various global information about the IPsec key management.
 The third level name is the variable name.
 The currently defined variable and names are:
-.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent
+.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent
 .It Sy Variable name	Type	Changeable
 .It debug	integer	yes
 .It spi_try	integer	yes
@@ -1556,6 +1599,7 @@ The currently defined variable and names
 .It esp_auth	integer	yes
 .It ah_keymin	integer	yes
 .El
+.Pp
 The variables are as follows:
 .Bl -tag -width "123456"
 .It Li debug
@@ -1606,7 +1650,7 @@ When a set-user-ID or set-group-ID binar
 value of PROC_PID_CORENAME is reset to the system default value.
 The second level name is either the magic value PROC_CURPROC, which
 points to the current process, or the PID of the target process.
-.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent
+.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent
 .It Sy Third level name	Type	Changeable
 .It proc.pid.corename	string	yes
 .It proc.pid.rlimit	node	not applicable
@@ -1615,7 +1659,6 @@ points to the current process, or the PI
 .It proc.pid.stopexit	int	yes
 .El
 .Bl -tag -width "123456"
-.Pp
 .It Li proc.pid.corename ( PROC_PID_CORENAME )
 The template used for the core dump file name (see
 .Xr core 5
@@ -1664,7 +1707,14 @@ function.
 The maximum number of simultaneous processes for this user id.
 .It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE )
 The maximum number of open files for this process.
-.\" XXX proc.pid.rlimit.sbsize
+.It Li proc.pid.rlimit.sbsize ( PROC_PID_LIMIT_SBSIZE )
+The maximum size (in bytes) of the socket buffers
+set by the
+.Xr setsockopt 2
+.Dv SO_RCVBUF
+and
+.Dv SO_SNDBUF
+options.
 .El
 .Pp
 The fifth level name is one of
@@ -1724,7 +1774,7 @@ The string and integer information avail
 level is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent
+.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It user.atexit_max	integer	no
 .It user.bc_base_max	integer	no
@@ -1750,7 +1800,6 @@ privilege may change the value.
 .It user.tzname_max	integer	no
 .El
 .Bl -tag -width "123456"
-.Pp
 .It Li user.atexit_max ( USER_ATEXIT_MAX )
 The maximum number of functions that may be registered with
 .Xr atexit 3 .
@@ -1813,7 +1862,6 @@ The version of POSIX 1003.2 with which t
 .It Li user.re_dup_max ( USER_RE_DUP_MAX )
 The maximum number of repeated occurrences of a regular expression
 permitted when using interval notation.
-.ne 1i
 .It Li user.stream_max ( USER_STREAM_MAX )
 The minimum maximum number of streams that a process may have open
 at any one time.
@@ -1827,7 +1875,7 @@ The string and integer information avail
 level is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
-.Bl -column "Second level nameXXXXXX" "struct uvmexp_sysctlXXX" -offset indent
+.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It vm.anonmax	int	yes
 .It vm.anonmin	int	yes
@@ -1888,6 +1936,8 @@ The value of the maxslp kernel global va
 Return system wide virtual memory statistics.
 The returned data consists of a
 .Va struct vmtotal .
+.It vm.user_va0_disable
+A flag which controls whether user processes can map virtual address 0.
 .It Li vm.uspace ( VM_USPACE )
 The number of bytes allocated for each kernel stack.
 .It Li vm.uvmexp ( VM_UVMEXP )
@@ -1901,40 +1951,54 @@ The returned data consists of a
 .\" XXX vm.idlezero
 .El
 .Sh The ddb.* subtree ( CTL_DDB )
-The integer information available for the
+The information available for the
 .Li ddb
 level is detailed below.
 The changeable column shows whether a process with appropriate
 privilege may change the value.
 .\" XXX sort
-.Bl -column "ddb.fromconsoleXXX" "integerXXX" -offset indent
+.Bl -column "Second level name" "integer" "Changeable" -offset indent
 .It Sy Second level name	Type	Changeable
 .It ddb.radix	integer	yes
 .It ddb.maxoff	integer	yes
+.It ddb.maxwidth	integer	yes
 .It ddb.lines	integer	yes
 .It ddb.tabstops	integer	yes
 .It ddb.onpanic	integer	yes
 .It ddb.fromconsole	integer	yes
+.It ddb.tee_msgbuf	integer	yes
+.It ddb.commandonenter	string	yes
 .El
 .Pp
 .Bl -tag -width "123456"
-.It Li ddb.radix ( DBCTL_RADIX )
+.It Li ddb.radix ( DDBCTL_RADIX )
 The input and output radix.
-.It Li ddb.maxoff ( DBCTL_MAXOFF )
+.It Li ddb.maxoff ( DDBCTL_MAXOFF )
 The maximum symbol offset.
-.It Li ddb.lines ( DBCTL_LINES )
+.It Li ddb.maxwidth ( DDBCTL_MAXWIDTH )
+The maximum output line width.
+.It Li ddb.lines ( DDBCTL_LINES )
 Number of display lines.
-.It Li ddb.tabstops ( DBCTL_TABSTOPS )
+.It Li ddb.tabstops ( DDBCTL_TABSTOPS )
 Tab width.
-.It Li ddb.onpanic ( DBCTL_ONPANIC )
-If non-zero, DDB will be entered when the kernel panics.
-.It Li ddb.fromconsole ( DBCTL_FROMCONSOLE )
+.It Li ddb.onpanic ( DDBCTL_ONPANIC )
+If non-zero, DDB will be entered if the kernel panics.
+.It Li ddb.fromconsole ( DDBCTL_FROMCONSOLE )
 If not zero, DDB may be entered by sending a break on a serial
 console or by a special key sequence on a graphics console.
-.\" XXX tee_msgbuf maxwidth commandonenter
+.It Li ddb.tee_msgbuf
+If not zero, DDB will output also to the kernel message buffer.
+.It Li ddb.commandonenter
+If not empty, a command to be executed on each enter to the
+.Tn DDB .
+.\"
+.\" XXX: (a) ddb.commandonenter is missing in ddb(4);
+.\"	 (b) No DDBCTL definitions for tee_msgbuf and commandonenter.
 .El
 .Pp
-These MIB nodes are also available as variables from within the DDB.
+Some of these
+.Tn MIB
+nodes are also available as variables from within the debugger.
 See
 .Xr ddb 4
 for more details.
@@ -1964,7 +2028,7 @@ PCBs), and
 .It Li security.models
 .Nx
 supports pluggable security models.
-Every security model used, whether if loaded as an LKM or built with the system,
+Every security model used, whether if loaded as a module or built with the system,
 is required to add an entry to this node with at least one element,
 .Dq name ,
 indicating the name of the security model.
@@ -1982,6 +2046,21 @@ and
 .Xr security 8 .
 .Pp
 .Bl -tag -width "123456"
+.It Li security.pax.aslr.enable
+Enable PaX ASLR (Address Space Layout Randomization).
+.Pp
+The value of this
+knob must be non-zero for PaX ASLR to be enabled, even if a program is set to
+explicit enable.
+.It Li security.pax.aslr.global
+Specifies the default global policy for programs without an
+explicit enable/disable flag.
+.Pp
+When non-zero, all programs will get PaX ASLR, except those exempted with
+.Xr paxctl 8  .
+Otherwise, all programs will not get PaX ASLR, except those specifically
+marked as such with
+.Xr paxctl 8 .
 .It Li security.pax.mprotect.enable
 Enable PaX MPROTECT restrictions.
 .Pp