| version 1.97, 2015/12/13 15:13:03 |
version 1.113, 2017/03/25 05:58:50 |
|
|
| .\" |
.\" |
| .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
| .\" |
.\" |
| .Dd December 13, 2015 |
.Dd March 25, 2017 |
| .Dt SYSCTL 7 |
.Dt SYSCTL 7 |
| .Os |
.Os |
| .Sh NAME |
.Sh NAME |
| Line 188 level is detailed below. |
|
| Line 188 level is detailed below. |
|
| The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
| privilege may change the value. |
privilege may change the value. |
| .Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
| .It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
| .It hw.alignbytes integer no |
.It hw.alignbytes integer no |
| .It hw.byteorder integer no |
.It hw.byteorder integer no |
| .It hw.cnmagic string yes |
.It hw.cnmagic string yes |
| Line 272 The changeable column shows whether a pr |
|
| Line 272 The changeable column shows whether a pr |
|
| privilege may change the value. |
privilege may change the value. |
| .Bl -column "kern.posix_reader_writer_locks" \ |
.Bl -column "kern.posix_reader_writer_locks" \ |
| "struct kinfo_drivers" "not applicable" |
"struct kinfo_drivers" "not applicable" |
| .It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
| .It kern.aio_listio_max integer yes |
.It kern.aio_listio_max integer yes |
| .It kern.aio_max integer yes |
.It kern.aio_max integer yes |
| .It kern.arandom integer no |
.It kern.arandom integer no |
| Line 315 privilege may change the value. |
|
| Line 315 privilege may change the value. |
|
| .It kern.maxproc integer yes |
.It kern.maxproc integer yes |
| .It kern.maxptys integer yes |
.It kern.maxptys integer yes |
| .It kern.maxvnodes integer yes |
.It kern.maxvnodes integer yes |
| |
.It kern.messages integer yes |
| .It kern.mbuf node not applicable |
.It kern.mbuf node not applicable |
| .It kern.memlock integer no |
.It kern.memlock integer no |
| .It kern.memlock_range integer no |
.It kern.memlock_range integer no |
| Line 354 privilege may change the value. |
|
| Line 355 privilege may change the value. |
|
| .It kern.rtc_offset integer yes |
.It kern.rtc_offset integer yes |
| .It kern.saved_ids integer no |
.It kern.saved_ids integer no |
| .It kern.sbmax integer yes |
.It kern.sbmax integer yes |
| .\".It kern.sched node not applicable |
.It kern.sched node not applicable |
| .It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
| .It kern.somaxkva integer yes |
.It kern.somaxkva integer yes |
| .It kern.synchronized_io integer no |
.It kern.synchronized_io integer no |
|
|
| .Vt struct timeval |
.Vt struct timeval |
| structure is returned. |
structure is returned. |
| This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
| |
.It Li kern.bufq |
| |
This variable contains information on the |
| |
.Xr bufq 9 |
| |
subsystem. |
| |
Currently, the only third level name implemented is |
| |
.Dv kern.bufq.strategies |
| |
which provides a list of buffer queue strategies currently available. |
| .It Li kern.buildinfo |
.It Li kern.buildinfo |
| When the kernel is built, the build environment may optionally provide |
When the kernel is built, the build environment may optionally provide |
| arbitrary information to be stored in this variable. |
arbitrary information to be stored in this variable. |
| .\" .It Li kern.bufq |
|
| .\" XXX: Undocumented. |
|
| .It Li kern.ccpu ( Dv KERN_CCPU ) |
.It Li kern.ccpu ( Dv KERN_CCPU ) |
| The scheduler exponential decay value. |
The scheduler exponential decay value. |
| .It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
| Line 428 The third level name is |
|
| Line 434 The third level name is |
|
| .Dv kern.coredump.setid |
.Dv kern.coredump.setid |
| and fourth level variables are described below. |
and fourth level variables are described below. |
| .Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
| .It Sy Fourth level name Sy Type Sy Changeable |
.It Sy Fourth level name Ta Sy Type Ta Sy Changeable |
| .It kern.coredump.setid.dump integer yes |
.It kern.coredump.setid.dump integer yes |
| .It kern.coredump.setid.group integer yes |
.It kern.coredump.setid.group integer yes |
| .It kern.coredump.setid.mode integer yes |
.It kern.coredump.setid.mode integer yes |
| Line 456 Mapping of CPU number to CPU id. |
|
| Line 462 Mapping of CPU number to CPU id. |
|
| .It Li kern.cp_time ( Dv KERN_CP_TIME ) |
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
| Returns an array of |
Returns an array of |
| .Dv CPUSTATES |
.Dv CPUSTATES |
| .Vt uint64_t Ns s. |
.Vt uint64_t Ns s . |
| This array contains the |
This array contains the |
| number of clock ticks spent in different CPU states. |
number of clock ticks spent in different CPU states. |
| On multi-processor systems, the sum across all CPUs is returned unless |
On multi-processor systems, the sum across all CPUs is returned unless |
|
|
| Returns the number of |
Returns the number of |
| .Xr hardclock 9 |
.Xr hardclock 9 |
| ticks. |
ticks. |
| |
.It Li kern.hist |
| |
This variable contains kernel history data if the kernel was |
| |
configured for any of the options |
| |
.Dv UVHMIST , |
| |
.Dv USB_DEBUG , |
| |
.Dv BIOHIST , |
| |
or |
| |
.Dv SCDEBUG . |
| |
(See |
| |
.Xr options 4 |
| |
for more details.) |
| |
The third-level names correspond to each available history table. |
| |
The values of the history tables are in an internal format, and can be |
| |
decoded by the |
| |
.Xr vmstat 1 |
| |
utility's |
| |
.Fl U |
| |
and |
| |
.Fl u |
| |
options; |
| |
the |
| |
.Fl l |
| |
option can be used to see which tables are available. |
| .It Li kern.hostid ( Dv KERN_HOSTID ) |
.It Li kern.hostid ( Dv KERN_HOSTID ) |
| Get or set the host identifier. |
Get or set the host identifier. |
| This is aimed to replace the legacy |
This is aimed to replace the legacy |
|
|
| Return information about the SysV IPC parameters. |
Return information about the SysV IPC parameters. |
| The third level names for the ipc variables are detailed below. |
The third level names for the ipc variables are detailed below. |
| .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvmsg integer no |
| .It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvsem integer no |
| .It kern.ipc.sysvshm integer no |
.It kern.ipc.sysvshm integer no |
|
|
| Return System V style IPC configuration and run-time information. |
Return System V style IPC configuration and run-time information. |
| The fourth level name selects the System V style IPC facility. |
The fourth level name selects the System V style IPC facility. |
| .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
| .It Sy Fourth level name Sy Type |
.It Sy Fourth level name Ta Sy Type |
| .It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
| .It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
| .It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
| Line 700 The third level names for the mbuf varia |
|
| Line 729 The third level names for the mbuf varia |
|
| The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
| privilege may change the value. |
privilege may change the value. |
| .Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .\" XXX Changeable? really? |
.\" XXX Changeable? really? |
| .It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mblowat integer yes |
| .It kern.mbuf.mclbytes integer yes |
.It kern.mbuf.mclbytes integer yes |
| Line 739 Returns 1 if the |
|
| Line 768 Returns 1 if the |
|
| .St -p1003.1b-93 |
.St -p1003.1b-93 |
| Memory Protection Option is available on this system, |
Memory Protection Option is available on this system, |
| otherwise\ 0. |
otherwise\ 0. |
| |
.It Li kern.messages |
| |
Kernel console message verbosity. |
| |
See |
| |
.Sy \<sys/reboot.h\> |
| |
.Bl -column "verbosity" "setting" -offset indent |
| |
.It Sy Verbosity Setting |
| |
.It \ \ \ \ 0 Silent Sy AB_SILENT |
| |
.It \ \ \ \ 1 Quiet Sy AB_QUIET |
| |
.It \ \ \ \ 2 Normal Sy AB_NORMAL |
| |
.It \ \ \ \ 3 Verbose Sy AB_VERBOSE |
| |
.It \ \ \ \ 4 Debug Sy AB_DEBUG |
| |
.El |
| .It Li kern.module |
.It Li kern.module |
| Settings related to kernel modules. |
Settings related to kernel modules. |
| The third level names for the settings are described below. |
The third level names for the settings are described below. |
| .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.module.autoload integer yes |
.It kern.module.autoload integer yes |
| .It kern.module.autotime integer yes |
.It kern.module.autotime integer yes |
| .It kern.module.verbose integer yes |
.It kern.module.verbose integer yes |
| Line 778 This node is created dynamically when |
|
| Line 819 This node is created dynamically when |
|
| the corresponding kernel module is loaded. |
the corresponding kernel module is loaded. |
| The third level names for the settings are described below. |
The third level names for the settings are described below. |
| .Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.mqueue.mq_open_max integer yes |
.It kern.mqueue.mq_open_max integer yes |
| .It kern.mqueue.mq_prio_max integer yes |
.It kern.mqueue.mq_prio_max integer yes |
| .It kern.mqueue.mq_max_msgsize integer yes |
.It kern.mqueue.mq_max_msgsize integer yes |
| Line 830 The third level names for the integer p |
|
| Line 871 The third level names for the integer p |
|
| The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
| privilege may change the value. |
privilege may change the value. |
| .Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.pipe.kvasiz integer yes |
.It kern.pipe.kvasiz integer yes |
| .It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxbigpipes integer yes |
| .It kern.pipe.maxkvasz integer yes |
.It kern.pipe.maxkvasz integer yes |
| Line 923 structures is returned, |
|
| Line 964 structures is returned, |
|
| whose size depends on the current number of such objects in the system. |
whose size depends on the current number of such objects in the system. |
| The third and fourth level numeric names are as follows: |
The third and fourth level numeric names are as follows: |
| .Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
| .It Sy Third level name Sy Fourth level is: |
.It Sy Third level name Ta Sy Fourth level is : |
| .It KERN_PROC_ALL None |
.It KERN_PROC_ALL None |
| .It KERN_PROC_GID A group ID |
.It KERN_PROC_GID A group ID |
| .It KERN_PROC_PID A process ID |
.It KERN_PROC_PID A process ID |
| Line 968 is detailed below. |
|
| Line 1009 is detailed below. |
|
| The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
| privilege may change the value. |
privilege may change the value. |
| .Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.profiling.count u_short[\|] yes |
.It kern.profiling.count u_short[\|] yes |
| .It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
| .It kern.profiling.gmonparam struct gmonparam no |
.It kern.profiling.gmonparam struct gmonparam no |
| Line 1016 Maximum socket buffer size. |
|
| Line 1057 Maximum socket buffer size. |
|
| .It Li kern.securelevel ( Dv KERN_SECURELVL ) |
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
| See |
See |
| .Xr secmodel_securelevel 9 . |
.Xr secmodel_securelevel 9 . |
| .\" .It Li kern.sched |
.It Li kern.sched ( dynamic ) |
| .\" XXX: Undocumented. |
Influence the scheduling of LWPs, their priorisation and how they are |
| |
distributed on and moved between CPUs. |
| |
.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent |
| |
.It Sy Third level name Sy Type Sy Changeable |
| |
.It kern.sched.cacheht_time integer yes |
| |
.It kern.sched.balance_period integer yes |
| |
.It kern.sched.average_weight integer yes |
| |
.It kern.sched.min_catch integer yes |
| |
.It kern.sched.timesoftints integer yes |
| |
.It kern.sched.kpreempt_pri integer yes |
| |
.It kern.sched.upreempt_pri integer yes |
| |
.It kern.sched.maxts integer yes |
| |
.It kern.sched.mints integer yes |
| |
.It kern.sched.name string no |
| |
.It kern.sched.rtts integer no |
| |
.It kern.sched.pri_min integer no |
| |
.It kern.sched.pri_max integer no |
| |
.El |
| |
.Pp |
| |
The variables are as follows: |
| |
.Bl -tag -width "123456" |
| |
.It Li kern.sched.cacheht_time ( dynamic ) |
| |
Cache hotness time in which a LWP is kept on one particular CPU |
| |
and not moved to another CPU. |
| |
This reduces the overhead of flushing and reloading caches. |
| |
Defaults to 3ms. |
| |
Needs to be given in |
| |
.Dq hz |
| |
units, see |
| |
.Xr mstohz 9 . |
| |
.It Li kern.sched.balance_period ( dynamic ) |
| |
Interval at which the CPU queues are checked for re-balancing. |
| |
Defaults to 300ms. |
| |
Needs to be given in |
| |
.Dq hz |
| |
units, see |
| |
.Xr mstohz 9 . |
| |
.It Li kern.sched.average_weight ( dynamic ) |
| |
Can be used to influence how likely LWPs are to be migrated from |
| |
one CPU's queue of LWPs that are ready to run to a different, idle CPU. |
| |
The value gives the percentage for weighting the average count of |
| |
migratable threads from the past against the current number of |
| |
migratable threads. |
| |
A small value gives more weight to the past, a larger values more weight |
| |
on the current situation. |
| |
Defaults to 50 and must be between 0 and 100. |
| |
.It Li kern.sched.min_catch ( dynamic ) |
| |
Minimum count of migratable (runable) threads for catching (stealing) |
| |
from another CPU. |
| |
Defaults to 1 but can be increased to decrease chance of thread |
| |
migration between CPUs. |
| |
.It Li kern.sched.timesoftints ( dynamic ) |
| |
Enable tracking of CPU time for soft interrupts |
| |
as part of a LWP's real execution time. |
| |
Set to a non-zero value to enable, |
| |
and see |
| |
.Xr ps 1 |
| |
for printing CPU times. |
| |
.It Li kern.sched.kpreempt_pri ( dynamic ) |
| |
Minimum priority to trigger kernel preemption. |
| |
.It Li kern.sched.upreempt_pri ( dynamic ) |
| |
Minimum priority to trigger user preemption. |
| |
.It Li kern.sched.maxts ( dynamic ) |
| |
Scheduler specific maximal time quantum (in milliseconds). |
| |
Must be set to a value larger than |
| |
.Dq mints |
| |
and between 10 and |
| |
.Dq hz |
| |
as given by the |
| |
.Dv kern.clockrate |
| |
sysctl. |
| |
Provided by the M2 scheduler. |
| |
.It Li kern.sched.mints ( dynamic ) |
| |
Scheduler specific minimal time quantum (in milliseconds). |
| |
Must be set to a value smaller than |
| |
.Dq maxts |
| |
and between 1 and |
| |
.Dq hz |
| |
as given by the |
| |
.Dq kern.clockrate |
| |
sysctl. |
| |
Provided by the M2 scheduler. |
| |
.It Li kern.sched.name ( dynamic ) |
| |
Scheduler name. |
| |
Provided both by the M2 and the 4BSD scheduler. |
| |
.It Li kern.sched.rtts ( dynamic ) |
| |
Fixed scheduler specific round-robin time quantum in milliseconds. |
| |
Provided both by the M2 and the 4BSD scheduler. |
| |
.It Li kern.sched.pri_min ( dynamic ) |
| |
Minimal POSIX real-time priority. |
| |
See |
| |
.Xr sched 3 . |
| |
.It Li kern.sched.pri_max ( dynamic ) |
| |
Maximal POSIX real-time priority. |
| |
See |
| |
.Xr sched 3 . |
| |
.El |
| .It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
| Maximum amount of kernel memory to be used for socket buffers. |
Maximum amount of kernel memory to be used for socket buffers. |
| .\" XXX units? |
.\" XXX units? |
|
|
| .It Li kern.timecounter ( dynamic ) |
.It Li kern.timecounter ( dynamic ) |
| Display and control the timecounter source of the system. |
Display and control the timecounter source of the system. |
| .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.timecounter.choice string no |
.It kern.timecounter.choice string no |
| .It kern.timecounter.hardware string yes |
.It kern.timecounter.hardware string yes |
| .It kern.timecounter.timestepwarnings integer yes |
.It kern.timecounter.timestepwarnings integer yes |
| Line 1053 The third level names for the tty statis |
|
| Line 1190 The third level names for the tty statis |
|
| The changeable column shows whether a process |
The changeable column shows whether a process |
| with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
| .Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.tkstat.cancc quad no |
.It kern.tkstat.cancc quad no |
| .It kern.tkstat.nin quad no |
.It kern.tkstat.nin quad no |
| .It kern.tkstat.nout quad no |
.It kern.tkstat.nout quad no |
| Line 1076 The third level names for the tty setup |
|
| Line 1213 The third level names for the tty setup |
|
| The changeable column shows whether a process |
The changeable column shows whether a process |
| with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
| .Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent |
.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.tty.qsize int yes |
.It kern.tty.qsize int yes |
| .El |
.El |
| .Pp |
.Pp |
|
|
| .It Li kern.uidinfo |
.It Li kern.uidinfo |
| Resource usage for the current user. |
Resource usage for the current user. |
| .Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent |
.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.uidinfo.proccnt integer no |
.It kern.uidinfo.proccnt integer no |
| .It kern.uidinfo.lwpcnt integer no |
.It kern.uidinfo.lwpcnt integer no |
| .It kern.uidinfo.lockcnt integer no |
.It kern.uidinfo.lockcnt integer no |
|
|
| Runtime information for |
Runtime information for |
| .Xr veriexec 8 . |
.Xr veriexec 8 . |
| .Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It kern.veriexec.algorithms string no |
.It kern.veriexec.algorithms string no |
| .It kern.veriexec.count node not applicable |
.It kern.veriexec.count node not applicable |
| .It kern.veriexec.strict integer yes |
.It kern.veriexec.strict integer yes |
| Line 1177 followed by the vnode itself |
|
| Line 1314 followed by the vnode itself |
|
| The set of variables defined is architecture dependent. |
The set of variables defined is architecture dependent. |
| Most architectures define at least the following variables. |
Most architectures define at least the following variables. |
| .Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
| .It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
| .It Li machdep.booted_kernel string no |
.It Li machdep.booted_kernel string no |
| .El |
.El |
| .\" XXX: Document the above. |
.\" XXX: Document the above. |
| Line 1190 privilege may change the value. |
|
| Line 1327 privilege may change the value. |
|
| The second and third levels are typically the protocol family and |
The second and third levels are typically the protocol family and |
| protocol number, though this is not always the case. |
protocol number, though this is not always the case. |
| .Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
| .It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
| .It net.route routing messages no |
.It net.route routing messages no |
| .It net.inet IPv4 values yes |
.It net.inet IPv4 values yes |
| .It net.inet6 IPv6 values yes |
.It net.inet6 IPv6 values yes |
| Line 1210 The fourth level name is an address fami |
|
| Line 1347 The fourth level name is an address fami |
|
| select all address families. |
select all address families. |
| The fifth and sixth level names are as follows: |
The fifth and sixth level names are as follows: |
| .Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
| .It Sy Fifth level name Sy Sixth level is: |
.It Sy Fifth level name Ta Sy Sixth level is : |
| .It NET_RT_FLAGS rtflags |
.It NET_RT_FLAGS rtflags |
| .It NET_RT_DUMP None |
.It NET_RT_DUMP None |
| .It NET_RT_IFLIST None |
.It NET_RT_IFLIST None |
| Line 1222 The third level name is the protocol. |
|
| Line 1359 The third level name is the protocol. |
|
| The fourth level name is the variable name. |
The fourth level name is the variable name. |
| The currently defined protocols and names are: |
The currently defined protocols and names are: |
| .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
| .It Sy Protocol Variable Sy Type Sy Changeable |
.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable |
| .It arp down integer yes |
.It arp down integer yes |
| .It arp keep integer yes |
.It arp keep integer yes |
| .It arp log_movements integer yes |
.It arp log_movements integer yes |
| .It arp log_permanent_modify integer yes |
.It arp log_permanent_modify integer yes |
| .It arp log_unknown_network integer yes |
.It arp log_unknown_network integer yes |
| .It arp log_wrong_iface integer yes |
.It arp log_wrong_iface integer yes |
| .It arp prune integer yes |
|
| .It arp refresh integer yes |
|
| .It carp allow integer yes |
.It carp allow integer yes |
| .It carp preempt integer yes |
.It carp preempt integer yes |
| .It carp log integer yes |
.It carp log integer yes |
| Line 1247 The currently defined protocols and name |
|
| Line 1382 The currently defined protocols and name |
|
| .It ip anonportmax integer yes |
.It ip anonportmax integer yes |
| .It ip anonportmin integer yes |
.It ip anonportmin integer yes |
| .It ip checkinterface integer yes |
.It ip checkinterface integer yes |
| |
.It ip dad_count integer yes |
| .It ip directed-broadcast integer yes |
.It ip directed-broadcast integer yes |
| .It ip do_loopback_cksum integer yes |
.It ip do_loopback_cksum integer yes |
| .It ip forwarding integer yes |
.It ip forwarding integer yes |
| Line 1312 The variables are as follows: |
|
| Line 1448 The variables are as follows: |
|
| Failed ARP entry lifetime. |
Failed ARP entry lifetime. |
| .It Li arp.keep |
.It Li arp.keep |
| Valid ARP entry lifetime. |
Valid ARP entry lifetime. |
| .It Li arp.prune |
|
| ARP cache pruning interval. |
|
| .It Li arp.refresh |
|
| ARP entry refresh interval. |
|
| .It Li carp.allow |
.It Li carp.allow |
| If set to 0, incoming |
If set to 0, incoming |
| .Xr carp 4 |
.Xr carp 4 |
| Line 1368 Currently, this must be disabled if ipna |
|
| Line 1500 Currently, this must be disabled if ipna |
|
| destination address to another local interface, or if addresses |
destination address to another local interface, or if addresses |
| are added to the loopback interface instead of the interface where |
are added to the loopback interface instead of the interface where |
| the packets for those packets are received. |
the packets for those packets are received. |
| |
.It Li ip.dad_count |
| |
The number of |
| |
.Xr arp 4 |
| |
probes sent for Address Conflict Detection. |
| |
Set to 0 to disable this. |
| .It Li ip.directed-broadcast |
.It Li ip.directed-broadcast |
| If set to 1, enables directed broadcast behavior for the host. |
If set to 1, enables directed broadcast behavior for the host. |
| .It Li ip.do_loopback_cksum |
.It Li ip.do_loopback_cksum |
| Line 1604 The third level name is the protocol. |
|
| Line 1741 The third level name is the protocol. |
|
| The fourth level name is the variable name. |
The fourth level name is the variable name. |
| The currently defined protocols and names are: |
The currently defined protocols and names are: |
| .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
| .It Sy Protocol Variable Sy Type Sy Changeable |
.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable |
| .It icmp6 errppslimit integer yes |
.It icmp6 errppslimit integer yes |
| .It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_hiwat integer yes |
| .It icmp6 mtudisc_lowat integer yes |
.It icmp6 mtudisc_lowat integer yes |
| Line 1775 The maximum number of fragments the node |
|
| Line 1912 The maximum number of fragments the node |
|
| \-1 means that the node will accept as many fragments as it receives. |
\-1 means that the node will accept as many fragments as it receives. |
| The flag is provided basically for avoiding possible DoS attacks. |
The flag is provided basically for avoiding possible DoS attacks. |
| .It Li ip6.neighborgcthresh |
.It Li ip6.neighborgcthresh |
| Maximum number of entries in neighbor cache. |
Maximum number of entries in neighbor cache per interface. |
| Set to negative to disable. |
Set to negative to disable. |
| The default value is 2048. |
The default value is 2048. |
| .It Li ip6.redirect |
.It Li ip6.redirect |
| Line 1901 Get or set various global information ab |
|
| Line 2038 Get or set various global information ab |
|
| The third level name is the variable name. |
The third level name is the variable name. |
| The currently defined variable and names are: |
The currently defined variable and names are: |
| .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
| .It Sy Variable Type Sy Changeable |
.It Sy Variable Type Ta Sy Changeable |
| .It debug integer yes |
.It debug integer yes |
| .It enabled integer yes |
.It enabled integer yes |
| .It used integer no |
.It used integer no |
| Line 1935 Force IPsec processing even when SPD pol |
|
| Line 2072 Force IPsec processing even when SPD pol |
|
| .It Li used |
.It Li used |
| Based on if IPsec is enabled, and SPD rule existance, show if |
Based on if IPsec is enabled, and SPD rule existance, show if |
| IPsec is being used. |
IPsec is being used. |
| Note that currenly once IPsec is being used, it cannot be disabled. |
Note that currently once IPsec is being used, it cannot be disabled. |
| .It Li spi_try |
.It Li spi_try |
| The number of times the kernel will try to obtain an unique SPI |
The number of times the kernel will try to obtain an unique SPI |
| when it generates it from random number generator. |
when it generates it from random number generator. |
| Line 1981 value of PROC_PID_CORENAME is reset to t |
|
| Line 2118 value of PROC_PID_CORENAME is reset to t |
|
| The second level name is either the magic value PROC_CURPROC, which |
The second level name is either the magic value PROC_CURPROC, which |
| points to the current process, or the PID of the target process. |
points to the current process, or the PID of the target process. |
| .Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
| .It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
| .It proc.pid.corename string yes |
.It proc.pid.corename string yes |
| .It proc.pid.rlimit node not applicable |
.It proc.pid.rlimit node not applicable |
| .It proc.pid.stopfork int yes |
.It proc.pid.stopfork int yes |
| .It proc.pid.stopexec int yes |
.It proc.pid.stopexec int yes |
| .It proc.pid.stopexit int yes |
.It proc.pid.stopexit int yes |
| |
.It proc.pid.paxflags int no |
| .El |
.El |
| .Bl -tag -width "123456" |
.Bl -tag -width "123456" |
| .It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) |
.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) |
| Line 2066 Both are of type integer. |
|
| Line 2204 Both are of type integer. |
|
| If non zero, the process' children will be stopped after |
If non zero, the process' children will be stopped after |
| .Xr fork 2 |
.Xr fork 2 |
| calls. |
calls. |
| The children is created in the SSTOP state and is never scheduled |
The children are created in the SSTOP state and are never scheduled |
| for running before being stopped. |
for running before being stopped. |
| This feature helps attaching a process with a debugger such as |
This feature enables attaching to a process with a debugger such as |
| .Xr gdb 1 |
.Xr gdb 1 |
| before it had the opportunity to actually do anything. |
before the process has the opportunity to actually do anything. |
| .Pp |
.Pp |
| This value is inherited by the process's children, and it also |
This value is inherited by the process's children, and it also |
| apply to emulation specific system calls that fork a new process, such as |
applies to emulation specific system calls that fork a new process, such as |
| .Fn sproc |
.Fn sproc |
| or |
or |
| .Fn clone . |
.Fn clone . |
| .It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) |
.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) |
| If non zero, the process will be stopped on next |
If non zero, the process will be stopped on the next |
| .Xr exec 3 |
.Xr exec 3 |
| call. |
call. |
| The process created by |
The process created by |
| .Xr exec 3 |
.Xr exec 3 |
| is created in the SSTOP state and is never scheduled for running |
is created in the SSTOP state and is never scheduled for running |
| before being stopped. |
before being stopped. |
| This feature helps attaching a process with a debugger such as |
This feature enables attaching to a process with a debugger such as |
| .Xr gdb 1 |
.Xr gdb 1 |
| before it had the opportunity to actually do anything. |
before the process has the opportunity to actually do anything. |
| .Pp |
.Pp |
| This value is inherited by the process's children. |
This value is inherited by the process's children. |
| .It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) |
.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) |
| If non zero, the process will be stopped on when it has cause to exit, |
If non zero, the process will be stopped when it has cause to exit, |
| either by way of calling |
either by way of calling |
| .Xr exit 3 , |
.Xr exit 3 , |
| .Xr _exit 2 , |
.Xr _exit 2 , |
| or by the receipt of a specific signal. |
or by the receipt of a specific signal. |
| The process is stopped before any of its resources or vm space is |
The process is stopped before any of its resources or vm space is |
| released allowing examination of the termination state of a process |
released allowing examination of the termination state of the process |
| before it disappears. |
before it disappears. |
| This feature can be used to examine the final conditions of the |
This feature can be used to examine the final conditions of the |
| process's vmspace via |
process's vmspace via |
| Line 2107 or its resource settings with |
|
| Line 2245 or its resource settings with |
|
| before it disappears. |
before it disappears. |
| .Pp |
.Pp |
| This value is also inherited by the process's children. |
This value is also inherited by the process's children. |
| |
.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) |
| |
This read-only variable returns the current value of the process's pax |
| |
flags (see |
| |
.Xr paxctl 8 ) . |
| .El |
.El |
| .Ss The user.* subtree ( Dv CTL_USER ) |
.Ss The user.* subtree ( Dv CTL_USER ) |
| The string and integer information available for the |
The string and integer information available for the |
| Line 2115 level is detailed below. |
|
| Line 2257 level is detailed below. |
|
| The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
| privilege may change the value. |
privilege may change the value. |
| .Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
| .It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
| .It user.atexit_max integer no |
.It user.atexit_max integer no |
| .It user.bc_base_max integer no |
.It user.bc_base_max integer no |
| .It user.bc_dim_max integer no |
.It user.bc_dim_max integer no |
| Line 2220 level is detailed below. |
|
| Line 2362 level is detailed below. |
|
| The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
| privilege may change the value. |
privilege may change the value. |
| .Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
| .It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
| .It vm.anonmax int yes |
.It vm.anonmax int yes |
| .It vm.anonmin int yes |
.It vm.anonmin int yes |
| .It vm.bufcache int yes |
.It vm.bufcache int yes |
| Line 2311 The changeable column shows whether a pr |
|
| Line 2453 The changeable column shows whether a pr |
|
| privilege may change the value. |
privilege may change the value. |
| .\" XXX sort |
.\" XXX sort |
| .Bl -column "Second level name" "integer" "Changeable" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
| .It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
| .It ddb.radix integer yes |
.It ddb.radix integer yes |
| .It ddb.maxoff integer yes |
.It ddb.maxoff integer yes |
| .It ddb.maxwidth integer yes |
.It ddb.maxwidth integer yes |
| Line 2366 level contains various security-related |
|
| Line 2508 level contains various security-related |
|
| the system. |
the system. |
| The available second level names are: |
The available second level names are: |
| .Bl -column "Second level name" "integer" "Changeable" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
| .It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
| .It Li security.curtain integer yes |
.It Li security.curtain integer yes |
| .It Li security.models node not applicable |
.It Li security.models node not applicable |
| .It Li security.pax node not applicable |
.It Li security.pax node not applicable |
| Line 2420 The available third and fourth level nam |
|
| Line 2562 The available third and fourth level nam |
|
| .\".It Li security.pax.aslr.stack_len integer yes |
.\".It Li security.pax.aslr.stack_len integer yes |
| .It Li security.pax.mprotect.enabled integer yes |
.It Li security.pax.mprotect.enabled integer yes |
| .It Li security.pax.mprotect.global integer yes |
.It Li security.pax.mprotect.global integer yes |
| |
.It Li security.pax.mprotect.ptrace integer yes |
| .It Li security.pax.segvguard.enabled integer yes |
.It Li security.pax.segvguard.enabled integer yes |
| .It Li security.pax.segvguard.expiry_timeout integer yes |
.It Li security.pax.segvguard.expiry_timeout integer yes |
| .It Li security.pax.segvguard.global integer yes |
.It Li security.pax.segvguard.global integer yes |
| Line 2467 except those exempted with |
|
| Line 2610 except those exempted with |
|
| Otherwise, all programs will not get the PaX MPROTECT restrictions, |
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
| except those specifically marked as such with |
except those specifically marked as such with |
| .Xr paxctl 8 . |
.Xr paxctl 8 . |
| |
.It Li security.pax.mprotect.ptrace |
| |
This variable allows |
| |
.Xr ptrace 2 |
| |
to override PaX MPROTECT permissions. |
| |
It can have the following values: |
| |
.Bl -tag -width XX -compact |
| |
.It 0 |
| |
Does not let override any permissions. |
| |
.It 1 |
| |
Disables PaX MPROTECT from processes that start executing while traced (default). |
| |
.It 2 |
| |
Bypasses PaX MPROTECT for all processes being traced. |
| |
.El |
| .It Li security.pax.segvguard.enabled |
.It Li security.pax.segvguard.enabled |
| Enable PaX Segvguard. |
Enable PaX Segvguard. |
| .Pp |
.Pp |
![[BACK]](/icons/back.gif){kind=icon}
Return to sysctl.7 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / share / man / man7