version 1.72, 2012/06/22 14:54:35 |
version 1.90, 2015/07/11 16:47:49 |
|
|
.\" |
.\" |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" |
.\" |
.Dd June 20, 2012 |
.Dd July 11, 2015 |
.Dt SYSCTL 7 |
.Dt SYSCTL 7 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
Line 164 capabilities with the following third le |
|
Line 164 capabilities with the following third le |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li vfs.wapbl.flush_disk_cache |
.It Li vfs.wapbl.flush_disk_cache |
Controls whether to attempt to flush the disk cache on each commit. |
Controls whether to attempt to flush the disk cache on each commit. |
It defaults to 1 and it should always be on to ensure data integrity in |
It defaults to 1 and it should always be on to ensure integrity |
case of a crash. |
of file system metadata in the event of a power loss. |
For slow disks, turning it off can improve performance. |
For slow disks, turning it off can improve performance. |
.It Li vfs.wapbl.verbose_commit |
.It Li vfs.wapbl.verbose_commit |
For each transaction log commit, print the number of bytes written |
For each transaction log commit, print the number of bytes written |
Line 198 privilege may change the value. |
|
Line 198 privilege may change the value. |
|
.It hw.machine_arch string no |
.It hw.machine_arch string no |
.It hw.model string no |
.It hw.model string no |
.It hw.ncpu integer no |
.It hw.ncpu integer no |
|
.It hw.ncpuonline integer no |
.It hw.pagesize integer no |
.It hw.pagesize integer no |
.It hw.physmem integer no |
.It hw.physmem integer no |
.It hw.physmem64 quad no |
.It hw.physmem64 quad no |
.It hw.usermem integer no |
.It hw.usermem integer no |
.It hw.usermem64 quad no |
.It hw.usermem64 quad no |
.El |
.El |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li hw.alignbytes ( HW_ALIGNBYTES ) |
.It Li hw.alignbytes ( HW_ALIGNBYTES ) |
Alignment constraint for all possible data types. |
Alignment constraint for all possible data types. |
Line 249 The machine CPU class. |
|
Line 249 The machine CPU class. |
|
.It Li hw.model ( HW_MODEL ) |
.It Li hw.model ( HW_MODEL ) |
The machine model. |
The machine model. |
.It Li hw.ncpu ( HW_NCPU ) |
.It Li hw.ncpu ( HW_NCPU ) |
The number of CPUs. |
The number of CPUs configured. |
|
.It Li hw.ncpuonline ( HW_NCPUONLINE ) |
|
The number of CPUs online. |
.It Li hw.pagesize ( HW_PAGESIZE ) |
.It Li hw.pagesize ( HW_PAGESIZE ) |
The software page size. |
The software page size. |
.It Li hw.physmem ( HW_PHYSMEM ) |
.It Li hw.physmem ( HW_PHYSMEM ) |
Line 277 privilege may change the value. |
|
Line 279 privilege may change the value. |
|
.It kern.argmax integer no |
.It kern.argmax integer no |
.It kern.boothowto integer no |
.It kern.boothowto integer no |
.It kern.boottime struct timeval no |
.It kern.boottime struct timeval no |
|
.It kern.buildinfo string no |
.\".It kern.bufq node not applicable |
.\".It kern.bufq node not applicable |
.It kern.ccpu integer no |
.It kern.ccpu integer no |
.It kern.clockrate struct clockinfo no |
.It kern.clockrate struct clockinfo no |
Line 329 privilege may change the value. |
|
Line 332 privilege may change the value. |
|
.It kern.ostype string no |
.It kern.ostype string no |
.\".It kern.panic_now integer yes |
.\".It kern.panic_now integer yes |
.It kern.pipe node not applicable |
.It kern.pipe node not applicable |
|
.It kern.pool struct pool_sysctl no |
.\" .It kern.posix node not applicable |
.\" .It kern.posix node not applicable |
.It kern.posix1version integer no |
.It kern.posix1version integer no |
.It kern.posix_aio integer no |
.It kern.posix_aio integer no |
|
|
.Vt struct timeval |
.Vt struct timeval |
structure is returned. |
structure is returned. |
This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
|
.It Li kern.buildinfo |
|
When the kernel is built, the build environment may optionally provide |
|
arbitrary information to be stored in this variable. |
.\" .It Li kern.bufq |
.\" .It Li kern.bufq |
.\" XXX: Undocumented. |
.\" XXX: Undocumented. |
.It Li kern.ccpu ( KERN_CCPU ) |
.It Li kern.ccpu ( KERN_CCPU ) |
Line 597 The fourth level name selects the System |
|
Line 604 The fourth level name selects the System |
|
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
.El |
.El |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li KERN_SYSVIPC_MSG_INFO |
.It Li KERN_SYSVIPC_MSG_INFO |
Return information on the System V style message facility. |
Return information on the System V style message facility. |
Line 739 The third level names for the settings a |
|
Line 745 The third level names for the settings a |
|
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
.It Sy Third level name Type Changeable |
.It Sy Third level name Type Changeable |
.It kern.module.autoload integer yes |
.It kern.module.autoload integer yes |
|
.It kern.module.autotime integer yes |
.It kern.module.verbose integer yes |
.It kern.module.verbose integer yes |
.El |
.El |
.Pp |
.Pp |
Line 749 A boolean that controls whether kernel m |
|
Line 756 A boolean that controls whether kernel m |
|
See |
See |
.Xr module 7 |
.Xr module 7 |
for additional details. |
for additional details. |
|
.It Li kern.module.autotime |
|
An integer that controls the delay before an attempt is made to |
|
automatically unload a module that was auto-loaded. |
|
Setting this value to zero disables the auto-unload function. |
.It Li kern.module.verbose |
.It Li kern.module.verbose |
A boolean that enables or disables verbose |
A boolean that enables or disables verbose |
debug messages related to kernel modules. |
debug messages related to kernel modules. |
|
|
.Dq big |
.Dq big |
pipes. |
pipes. |
.El |
.El |
|
.It Li kern.pool |
|
Provides statistics about the |
|
.Xr pool 9 |
|
and |
|
.Xr pool_cache 9 |
|
subsystems. |
.\" XXX: Undocumented .It Li kern.posix ( ? ) |
.\" XXX: Undocumented .It Li kern.posix ( ? ) |
.\" This is a node in which the only variable is semmax. |
.\" This is a node in which the only variable is semmax. |
.It Li kern.posix1version ( KERN_POSIX1 ) |
.It Li kern.posix1version ( KERN_POSIX1 ) |
Line 1178 protocol number, though this is not alwa |
|
Line 1195 protocol number, though this is not alwa |
|
.It net.inet6 IPv6 values yes |
.It net.inet6 IPv6 values yes |
.It net.key IPsec key management values yes |
.It net.key IPsec key management values yes |
.El |
.El |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li net.route ( PF_ROUTE ) |
.It Li net.route ( PF_ROUTE ) |
.\" XXX really? |
.\" XXX really? |
Line 1210 The currently defined protocols and name |
|
Line 1226 The currently defined protocols and name |
|
.It arp keep integer yes |
.It arp keep integer yes |
.It arp log_movements integer yes |
.It arp log_movements integer yes |
.It arp log_permanent_modify integer yes |
.It arp log_permanent_modify integer yes |
|
.It arp log_unknown_network integer yes |
.It arp log_wrong_iface integer yes |
.It arp log_wrong_iface integer yes |
.It arp prune integer yes |
.It arp prune integer yes |
.It arp refresh integer yes |
.It arp refresh integer yes |
Line 1225 The currently defined protocols and name |
|
Line 1242 The currently defined protocols and name |
|
.It ip allowsrcrt integer yes |
.It ip allowsrcrt integer yes |
.It ip anonportalgo.selected string yes |
.It ip anonportalgo.selected string yes |
.It ip anonportalgo.available string yes |
.It ip anonportalgo.available string yes |
|
.It ip anonportalgo.reserve struct yes |
.It ip anonportmax integer yes |
.It ip anonportmax integer yes |
.It ip anonportmin integer yes |
.It ip anonportmin integer yes |
.It ip checkinterface integer yes |
.It ip checkinterface integer yes |
Line 1329 Disabled by default. |
|
Line 1347 Disabled by default. |
|
If set to 1, the host accepts source routed packets. |
If set to 1, the host accepts source routed packets. |
.It Li ip.anonportalgo.available |
.It Li ip.anonportalgo.available |
The available RFC 6056 port randomization algorithms. |
The available RFC 6056 port randomization algorithms. |
|
.It Li ip.anonportalgo.reserve |
|
A bitmask of ports that will not be used during anonymous or privileged |
|
port selection. |
.It Li ip.anonportalgo.selected |
.It Li ip.anonportalgo.selected |
The currently selected RFC 6056 port randomization algorithm. |
The currently selected RFC 6056 port randomization algorithm. |
.It Li ip.anonportmax |
.It Li ip.anonportmax |
Line 1468 Number of ticks to delay sending an ACK. |
|
Line 1489 Number of ticks to delay sending an ACK. |
|
Perform TCP checksum on loopback. |
Perform TCP checksum on loopback. |
.It Li tcp.init_win |
.It Li tcp.init_win |
A value indicating the TCP initial congestion window. |
A value indicating the TCP initial congestion window. |
If this value is 0, an auto-tuning algorithm designed to use an initial |
The valid range |
window of approximately 4K bytes is in use. |
is 0 to 10 (maximum specified by RFC6928), |
Otherwise, this value indicates a fixed number of packets. |
with a default of 4 (approximately 4K per RFC3390). |
.It Li tcp.init_win_local |
.It Li tcp.init_win_local |
Like |
Like |
.Li tcp.init_win , |
.Li tcp.init_win , |
Line 1599 The currently defined protocols and name |
|
Line 1620 The currently defined protocols and name |
|
.It ip6 accept_rtadv integer yes |
.It ip6 accept_rtadv integer yes |
.It ip6 anonportalgo.selected string yes |
.It ip6 anonportalgo.selected string yes |
.It ip6 anonportalgo.available string yes |
.It ip6 anonportalgo.available string yes |
|
.It ip6 anonportalgo.reserve struct yes |
.It ip6 anonportmax integer yes |
.It ip6 anonportmax integer yes |
.It ip6 anonportmin integer yes |
.It ip6 anonportmin integer yes |
.It ip6 auto_flowlabel integer yes |
.It ip6 auto_flowlabel integer yes |
Line 1614 The currently defined protocols and name |
|
Line 1636 The currently defined protocols and name |
|
.It ip6 log_interval integer yes |
.It ip6 log_interval integer yes |
.It ip6 lowportmax integer yes |
.It ip6 lowportmax integer yes |
.It ip6 lowportmin integer yes |
.It ip6 lowportmin integer yes |
|
.It ip6 maxdynroutes integer yes |
|
.It ip6 maxifprefixes integer yes |
|
.It ip6 maxifdefrouters integer yes |
.It ip6 maxflows integer yes |
.It ip6 maxflows integer yes |
.It ip6 maxfragpackets integer yes |
.It ip6 maxfragpackets integer yes |
.It ip6 maxfrags integer yes |
.It ip6 maxfrags integer yes |
|
.It ip6 neighborgcthresh integer yes |
.It ip6 redirect integer yes |
.It ip6 redirect integer yes |
.It ip6 rr_prune integer yes |
.It ip6 rr_prune integer yes |
.It ip6 use_deprecated integer yes |
.It ip6 use_deprecated integer yes |
Line 1636 The node must be a host |
|
Line 1662 The node must be a host |
|
for the option to be meaningful. |
for the option to be meaningful. |
.It Li ip6.anonportalgo.available |
.It Li ip6.anonportalgo.available |
The available RFC 6056 port randomization algorithms. |
The available RFC 6056 port randomization algorithms. |
|
.It Li ip6.anonportalgo.reserve |
|
A bitmask of ports that will not be used during anonymous or privileged |
|
port selection. |
.It Li ip6.anonportalgo.selected |
.It Li ip6.anonportalgo.selected |
The currently selected RFC 6056 port randomization algorithm. |
The currently selected RFC 6056 port randomization algorithm. |
.It Li ip6.anonportmax |
.It Li ip6.anonportmax |
Line 1715 The lowest port number to use for TCP an |
|
Line 1744 The lowest port number to use for TCP an |
|
This cannot be set to less than 0 or greater than 1024, and must |
This cannot be set to less than 0 or greater than 1024, and must |
be smaller than |
be smaller than |
.Li ip6.lowportmax . |
.Li ip6.lowportmax . |
|
.It Li ip6.maxdynroutes |
|
Maximum number of routes created by redirect. |
|
Set it to negative to disable. |
|
The default value is 4096. |
|
.It Li ip6.maxifprefixes |
|
Maximum number of prefixes created by route advertisements per interface. |
|
Set it to negative to disable. |
|
The default value is 16. |
|
.It Li ip6.maxifdefrouters 16 |
|
Maximum number of default routers created by route advertisements per interface. |
|
Set it to negative to disable. |
|
The default value is 16. |
.It Li ip6.maxflows |
.It Li ip6.maxflows |
IPv6 Fast Forwarding is enabled by default. |
IPv6 Fast Forwarding is enabled by default. |
If set to 0, IPv6 Fast Forwarding is disabled. |
If set to 0, IPv6 Fast Forwarding is disabled. |
Line 1731 The maximum number of fragments the node |
|
Line 1772 The maximum number of fragments the node |
|
0 means that the node will not accept any fragments. |
0 means that the node will not accept any fragments. |
\-1 means that the node will accept as many fragments as it receives. |
\-1 means that the node will accept as many fragments as it receives. |
The flag is provided basically for avoiding possible DoS attacks. |
The flag is provided basically for avoiding possible DoS attacks. |
|
.It Li ip6.neighborgcthresh |
|
Maximum number of entries in neighbor cache. |
|
Set to negative to disable. |
|
The default value is 2048. |
.It Li ip6.redirect |
.It Li ip6.redirect |
If set to 1, ICMPv6 redirects may be sent by the node. |
If set to 1, ICMPv6 redirects may be sent by the node. |
This option is ignored unless the node is routing IP packets, |
This option is ignored unless the node is routing IP packets, |
Line 1856 The currently defined variable and names |
|
Line 1901 The currently defined variable and names |
|
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.It Sy Variable name Type Changeable |
.It Sy Variable name Type Changeable |
.It debug integer yes |
.It debug integer yes |
|
.It enabled integer yes |
|
.It used integer no |
.It spi_try integer yes |
.It spi_try integer yes |
.It spi_min_value integer yes |
.It spi_min_value integer yes |
.It spi_max_value integer yes |
.It spi_max_value integer yes |
Line 1873 The variables are as follows: |
|
Line 1920 The variables are as follows: |
|
Turn on debugging message from within the kernel. |
Turn on debugging message from within the kernel. |
The value is a bitmap, as defined in |
The value is a bitmap, as defined in |
.In netkey/key_debug.h . |
.In netkey/key_debug.h . |
|
.It Li enabled |
|
Control processing of IPsec control messages. |
|
.Bl -tag -width indent |
|
.It 0 |
|
Never allow IPsec processing |
|
.It 1 |
|
Allow IPsec processing when SPD policies are present. |
|
.It 2 |
|
Force IPsec processing even when SPD policies are not present. |
|
.El |
|
.It Li used |
|
Based on if IPsec is enabled, and SPD rule existance, show if |
|
IPsec is being used. |
|
Note that currenly once IPsec is being used, it cannot be disabled. |
.It Li spi_try |
.It Li spi_try |
The number of times the kernel will try to obtain an unique SPI |
The number of times the kernel will try to obtain an unique SPI |
when it generates it from random number generator. |
when it generates it from random number generator. |
|
|
and |
and |
.Dv SO_SNDBUF |
.Dv SO_SNDBUF |
options. |
options. |
|
.It Li proc.pid.rlimit.vmemoryuse ( PROC_PID_LIMIT_AS ) |
|
The maximum size (in bytes) which a process can obtain. |
|
.It Li proc.pid.rlimit.maxlwp ( PROC_PID_LIMIT_NTHR ) |
|
The maximum number of threads that cen be created and running at one time in |
|
the process. |
|
The first thread of each process is not counted against this. |
.El |
.El |
.Pp |
.Pp |
The fifth level name is one of |
The fifth level name is one of |
Line 2170 privilege may change the value. |
|
Line 2237 privilege may change the value. |
|
.It vm.uvmexp2 struct uvmexp_sysctl no |
.It vm.uvmexp2 struct uvmexp_sysctl no |
.It vm.vmmeter struct vmtotal no |
.It vm.vmmeter struct vmtotal no |
.El |
.El |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li vm.anonmax ( VM_ANONMAX ) |
.It Li vm.anonmax ( VM_ANONMAX ) |
The percentage of physical memory which will be reclaimed |
The percentage of physical memory which will be reclaimed |
Line 2244 privilege may change the value. |
|
Line 2310 privilege may change the value. |
|
.It ddb.tee_msgbuf integer yes |
.It ddb.tee_msgbuf integer yes |
.It ddb.commandonenter string yes |
.It ddb.commandonenter string yes |
.El |
.El |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li ddb.radix ( DDBCTL_RADIX ) |
.It Li ddb.radix ( DDBCTL_RADIX ) |
The input and output radix. |
The input and output radix. |
Line 2296 The available second level names are: |
|
Line 2361 The available second level names are: |
|
.El |
.El |
.Pp |
.Pp |
Available settings are detailed below. |
Available settings are detailed below. |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li security.curtain |
.It Li security.curtain |
If non-zero, will filter return objects according to the user |
If non-zero, will filter return objects according to the user |
Line 2350 The available third and fourth level nam |
|
Line 2414 The available third and fourth level nam |
|
.It Li security.pax.segvguard.max_crashes integer yes |
.It Li security.pax.segvguard.max_crashes integer yes |
.It Li security.pax.segvguard.suspend_timeout integer yes |
.It Li security.pax.segvguard.suspend_timeout integer yes |
.El |
.El |
.Pp |
|
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li security.pax.aslr.enabled |
.It Li security.pax.aslr.enabled |
Enable PaX ASLR (Address Space Layout Randomization). |
Enable PaX ASLR (Address Space Layout Randomization). |