version 1.97, 2015/12/13 15:13:03 |
version 1.113, 2017/03/25 05:58:50 |
|
|
.\" |
.\" |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" |
.\" |
.Dd December 13, 2015 |
.Dd March 25, 2017 |
.Dt SYSCTL 7 |
.Dt SYSCTL 7 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
Line 188 level is detailed below. |
|
Line 188 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It hw.alignbytes integer no |
.It hw.alignbytes integer no |
.It hw.byteorder integer no |
.It hw.byteorder integer no |
.It hw.cnmagic string yes |
.It hw.cnmagic string yes |
Line 272 The changeable column shows whether a pr |
|
Line 272 The changeable column shows whether a pr |
|
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.posix_reader_writer_locks" \ |
.Bl -column "kern.posix_reader_writer_locks" \ |
"struct kinfo_drivers" "not applicable" |
"struct kinfo_drivers" "not applicable" |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It kern.aio_listio_max integer yes |
.It kern.aio_listio_max integer yes |
.It kern.aio_max integer yes |
.It kern.aio_max integer yes |
.It kern.arandom integer no |
.It kern.arandom integer no |
Line 315 privilege may change the value. |
|
Line 315 privilege may change the value. |
|
.It kern.maxproc integer yes |
.It kern.maxproc integer yes |
.It kern.maxptys integer yes |
.It kern.maxptys integer yes |
.It kern.maxvnodes integer yes |
.It kern.maxvnodes integer yes |
|
.It kern.messages integer yes |
.It kern.mbuf node not applicable |
.It kern.mbuf node not applicable |
.It kern.memlock integer no |
.It kern.memlock integer no |
.It kern.memlock_range integer no |
.It kern.memlock_range integer no |
Line 354 privilege may change the value. |
|
Line 355 privilege may change the value. |
|
.It kern.rtc_offset integer yes |
.It kern.rtc_offset integer yes |
.It kern.saved_ids integer no |
.It kern.saved_ids integer no |
.It kern.sbmax integer yes |
.It kern.sbmax integer yes |
.\".It kern.sched node not applicable |
.It kern.sched node not applicable |
.It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
.It kern.somaxkva integer yes |
.It kern.somaxkva integer yes |
.It kern.synchronized_io integer no |
.It kern.synchronized_io integer no |
|
|
.Vt struct timeval |
.Vt struct timeval |
structure is returned. |
structure is returned. |
This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
|
.It Li kern.bufq |
|
This variable contains information on the |
|
.Xr bufq 9 |
|
subsystem. |
|
Currently, the only third level name implemented is |
|
.Dv kern.bufq.strategies |
|
which provides a list of buffer queue strategies currently available. |
.It Li kern.buildinfo |
.It Li kern.buildinfo |
When the kernel is built, the build environment may optionally provide |
When the kernel is built, the build environment may optionally provide |
arbitrary information to be stored in this variable. |
arbitrary information to be stored in this variable. |
.\" .It Li kern.bufq |
|
.\" XXX: Undocumented. |
|
.It Li kern.ccpu ( Dv KERN_CCPU ) |
.It Li kern.ccpu ( Dv KERN_CCPU ) |
The scheduler exponential decay value. |
The scheduler exponential decay value. |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
Line 428 The third level name is |
|
Line 434 The third level name is |
|
.Dv kern.coredump.setid |
.Dv kern.coredump.setid |
and fourth level variables are described below. |
and fourth level variables are described below. |
.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
.It Sy Fourth level name Sy Type Sy Changeable |
.It Sy Fourth level name Ta Sy Type Ta Sy Changeable |
.It kern.coredump.setid.dump integer yes |
.It kern.coredump.setid.dump integer yes |
.It kern.coredump.setid.group integer yes |
.It kern.coredump.setid.group integer yes |
.It kern.coredump.setid.mode integer yes |
.It kern.coredump.setid.mode integer yes |
Line 456 Mapping of CPU number to CPU id. |
|
Line 462 Mapping of CPU number to CPU id. |
|
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
Returns an array of |
Returns an array of |
.Dv CPUSTATES |
.Dv CPUSTATES |
.Vt uint64_t Ns s. |
.Vt uint64_t Ns s . |
This array contains the |
This array contains the |
number of clock ticks spent in different CPU states. |
number of clock ticks spent in different CPU states. |
On multi-processor systems, the sum across all CPUs is returned unless |
On multi-processor systems, the sum across all CPUs is returned unless |
|
|
Returns the number of |
Returns the number of |
.Xr hardclock 9 |
.Xr hardclock 9 |
ticks. |
ticks. |
|
.It Li kern.hist |
|
This variable contains kernel history data if the kernel was |
|
configured for any of the options |
|
.Dv UVHMIST , |
|
.Dv USB_DEBUG , |
|
.Dv BIOHIST , |
|
or |
|
.Dv SCDEBUG . |
|
(See |
|
.Xr options 4 |
|
for more details.) |
|
The third-level names correspond to each available history table. |
|
The values of the history tables are in an internal format, and can be |
|
decoded by the |
|
.Xr vmstat 1 |
|
utility's |
|
.Fl U |
|
and |
|
.Fl u |
|
options; |
|
the |
|
.Fl l |
|
option can be used to see which tables are available. |
.It Li kern.hostid ( Dv KERN_HOSTID ) |
.It Li kern.hostid ( Dv KERN_HOSTID ) |
Get or set the host identifier. |
Get or set the host identifier. |
This is aimed to replace the legacy |
This is aimed to replace the legacy |
|
|
Return information about the SysV IPC parameters. |
Return information about the SysV IPC parameters. |
The third level names for the ipc variables are detailed below. |
The third level names for the ipc variables are detailed below. |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvshm integer no |
.It kern.ipc.sysvshm integer no |
|
|
Return System V style IPC configuration and run-time information. |
Return System V style IPC configuration and run-time information. |
The fourth level name selects the System V style IPC facility. |
The fourth level name selects the System V style IPC facility. |
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
.It Sy Fourth level name Sy Type |
.It Sy Fourth level name Ta Sy Type |
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
Line 700 The third level names for the mbuf varia |
|
Line 729 The third level names for the mbuf varia |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.\" XXX Changeable? really? |
.\" XXX Changeable? really? |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mclbytes integer yes |
.It kern.mbuf.mclbytes integer yes |
Line 739 Returns 1 if the |
|
Line 768 Returns 1 if the |
|
.St -p1003.1b-93 |
.St -p1003.1b-93 |
Memory Protection Option is available on this system, |
Memory Protection Option is available on this system, |
otherwise\ 0. |
otherwise\ 0. |
|
.It Li kern.messages |
|
Kernel console message verbosity. |
|
See |
|
.Sy \<sys/reboot.h\> |
|
.Bl -column "verbosity" "setting" -offset indent |
|
.It Sy Verbosity Setting |
|
.It \ \ \ \ 0 Silent Sy AB_SILENT |
|
.It \ \ \ \ 1 Quiet Sy AB_QUIET |
|
.It \ \ \ \ 2 Normal Sy AB_NORMAL |
|
.It \ \ \ \ 3 Verbose Sy AB_VERBOSE |
|
.It \ \ \ \ 4 Debug Sy AB_DEBUG |
|
.El |
.It Li kern.module |
.It Li kern.module |
Settings related to kernel modules. |
Settings related to kernel modules. |
The third level names for the settings are described below. |
The third level names for the settings are described below. |
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.module.autoload integer yes |
.It kern.module.autoload integer yes |
.It kern.module.autotime integer yes |
.It kern.module.autotime integer yes |
.It kern.module.verbose integer yes |
.It kern.module.verbose integer yes |
Line 778 This node is created dynamically when |
|
Line 819 This node is created dynamically when |
|
the corresponding kernel module is loaded. |
the corresponding kernel module is loaded. |
The third level names for the settings are described below. |
The third level names for the settings are described below. |
.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.mqueue.mq_open_max integer yes |
.It kern.mqueue.mq_open_max integer yes |
.It kern.mqueue.mq_prio_max integer yes |
.It kern.mqueue.mq_prio_max integer yes |
.It kern.mqueue.mq_max_msgsize integer yes |
.It kern.mqueue.mq_max_msgsize integer yes |
Line 830 The third level names for the integer p |
|
Line 871 The third level names for the integer p |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxkvasz integer yes |
.It kern.pipe.maxkvasz integer yes |
Line 923 structures is returned, |
|
Line 964 structures is returned, |
|
whose size depends on the current number of such objects in the system. |
whose size depends on the current number of such objects in the system. |
The third and fourth level numeric names are as follows: |
The third and fourth level numeric names are as follows: |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.It Sy Third level name Sy Fourth level is: |
.It Sy Third level name Ta Sy Fourth level is : |
.It KERN_PROC_ALL None |
.It KERN_PROC_ALL None |
.It KERN_PROC_GID A group ID |
.It KERN_PROC_GID A group ID |
.It KERN_PROC_PID A process ID |
.It KERN_PROC_PID A process ID |
Line 968 is detailed below. |
|
Line 1009 is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.gmonparam struct gmonparam no |
.It kern.profiling.gmonparam struct gmonparam no |
Line 1016 Maximum socket buffer size. |
|
Line 1057 Maximum socket buffer size. |
|
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
See |
See |
.Xr secmodel_securelevel 9 . |
.Xr secmodel_securelevel 9 . |
.\" .It Li kern.sched |
.It Li kern.sched ( dynamic ) |
.\" XXX: Undocumented. |
Influence the scheduling of LWPs, their priorisation and how they are |
|
distributed on and moved between CPUs. |
|
.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Sy Type Sy Changeable |
|
.It kern.sched.cacheht_time integer yes |
|
.It kern.sched.balance_period integer yes |
|
.It kern.sched.average_weight integer yes |
|
.It kern.sched.min_catch integer yes |
|
.It kern.sched.timesoftints integer yes |
|
.It kern.sched.kpreempt_pri integer yes |
|
.It kern.sched.upreempt_pri integer yes |
|
.It kern.sched.maxts integer yes |
|
.It kern.sched.mints integer yes |
|
.It kern.sched.name string no |
|
.It kern.sched.rtts integer no |
|
.It kern.sched.pri_min integer no |
|
.It kern.sched.pri_max integer no |
|
.El |
|
.Pp |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li kern.sched.cacheht_time ( dynamic ) |
|
Cache hotness time in which a LWP is kept on one particular CPU |
|
and not moved to another CPU. |
|
This reduces the overhead of flushing and reloading caches. |
|
Defaults to 3ms. |
|
Needs to be given in |
|
.Dq hz |
|
units, see |
|
.Xr mstohz 9 . |
|
.It Li kern.sched.balance_period ( dynamic ) |
|
Interval at which the CPU queues are checked for re-balancing. |
|
Defaults to 300ms. |
|
Needs to be given in |
|
.Dq hz |
|
units, see |
|
.Xr mstohz 9 . |
|
.It Li kern.sched.average_weight ( dynamic ) |
|
Can be used to influence how likely LWPs are to be migrated from |
|
one CPU's queue of LWPs that are ready to run to a different, idle CPU. |
|
The value gives the percentage for weighting the average count of |
|
migratable threads from the past against the current number of |
|
migratable threads. |
|
A small value gives more weight to the past, a larger values more weight |
|
on the current situation. |
|
Defaults to 50 and must be between 0 and 100. |
|
.It Li kern.sched.min_catch ( dynamic ) |
|
Minimum count of migratable (runable) threads for catching (stealing) |
|
from another CPU. |
|
Defaults to 1 but can be increased to decrease chance of thread |
|
migration between CPUs. |
|
.It Li kern.sched.timesoftints ( dynamic ) |
|
Enable tracking of CPU time for soft interrupts |
|
as part of a LWP's real execution time. |
|
Set to a non-zero value to enable, |
|
and see |
|
.Xr ps 1 |
|
for printing CPU times. |
|
.It Li kern.sched.kpreempt_pri ( dynamic ) |
|
Minimum priority to trigger kernel preemption. |
|
.It Li kern.sched.upreempt_pri ( dynamic ) |
|
Minimum priority to trigger user preemption. |
|
.It Li kern.sched.maxts ( dynamic ) |
|
Scheduler specific maximal time quantum (in milliseconds). |
|
Must be set to a value larger than |
|
.Dq mints |
|
and between 10 and |
|
.Dq hz |
|
as given by the |
|
.Dv kern.clockrate |
|
sysctl. |
|
Provided by the M2 scheduler. |
|
.It Li kern.sched.mints ( dynamic ) |
|
Scheduler specific minimal time quantum (in milliseconds). |
|
Must be set to a value smaller than |
|
.Dq maxts |
|
and between 1 and |
|
.Dq hz |
|
as given by the |
|
.Dq kern.clockrate |
|
sysctl. |
|
Provided by the M2 scheduler. |
|
.It Li kern.sched.name ( dynamic ) |
|
Scheduler name. |
|
Provided both by the M2 and the 4BSD scheduler. |
|
.It Li kern.sched.rtts ( dynamic ) |
|
Fixed scheduler specific round-robin time quantum in milliseconds. |
|
Provided both by the M2 and the 4BSD scheduler. |
|
.It Li kern.sched.pri_min ( dynamic ) |
|
Minimal POSIX real-time priority. |
|
See |
|
.Xr sched 3 . |
|
.It Li kern.sched.pri_max ( dynamic ) |
|
Maximal POSIX real-time priority. |
|
See |
|
.Xr sched 3 . |
|
.El |
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
Maximum amount of kernel memory to be used for socket buffers. |
Maximum amount of kernel memory to be used for socket buffers. |
.\" XXX units? |
.\" XXX units? |
|
|
.It Li kern.timecounter ( dynamic ) |
.It Li kern.timecounter ( dynamic ) |
Display and control the timecounter source of the system. |
Display and control the timecounter source of the system. |
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.timecounter.choice string no |
.It kern.timecounter.choice string no |
.It kern.timecounter.hardware string yes |
.It kern.timecounter.hardware string yes |
.It kern.timecounter.timestepwarnings integer yes |
.It kern.timecounter.timestepwarnings integer yes |
Line 1053 The third level names for the tty statis |
|
Line 1190 The third level names for the tty statis |
|
The changeable column shows whether a process |
The changeable column shows whether a process |
with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nout quad no |
.It kern.tkstat.nout quad no |
Line 1076 The third level names for the tty setup |
|
Line 1213 The third level names for the tty setup |
|
The changeable column shows whether a process |
The changeable column shows whether a process |
with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent |
.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.tty.qsize int yes |
.It kern.tty.qsize int yes |
.El |
.El |
.Pp |
.Pp |
|
|
.It Li kern.uidinfo |
.It Li kern.uidinfo |
Resource usage for the current user. |
Resource usage for the current user. |
.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent |
.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.uidinfo.proccnt integer no |
.It kern.uidinfo.proccnt integer no |
.It kern.uidinfo.lwpcnt integer no |
.It kern.uidinfo.lwpcnt integer no |
.It kern.uidinfo.lockcnt integer no |
.It kern.uidinfo.lockcnt integer no |
|
|
Runtime information for |
Runtime information for |
.Xr veriexec 8 . |
.Xr veriexec 8 . |
.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.veriexec.algorithms string no |
.It kern.veriexec.algorithms string no |
.It kern.veriexec.count node not applicable |
.It kern.veriexec.count node not applicable |
.It kern.veriexec.strict integer yes |
.It kern.veriexec.strict integer yes |
Line 1177 followed by the vnode itself |
|
Line 1314 followed by the vnode itself |
|
The set of variables defined is architecture dependent. |
The set of variables defined is architecture dependent. |
Most architectures define at least the following variables. |
Most architectures define at least the following variables. |
.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It Li machdep.booted_kernel string no |
.It Li machdep.booted_kernel string no |
.El |
.El |
.\" XXX: Document the above. |
.\" XXX: Document the above. |
Line 1190 privilege may change the value. |
|
Line 1327 privilege may change the value. |
|
The second and third levels are typically the protocol family and |
The second and third levels are typically the protocol family and |
protocol number, though this is not always the case. |
protocol number, though this is not always the case. |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It net.route routing messages no |
.It net.route routing messages no |
.It net.inet IPv4 values yes |
.It net.inet IPv4 values yes |
.It net.inet6 IPv6 values yes |
.It net.inet6 IPv6 values yes |
Line 1210 The fourth level name is an address fami |
|
Line 1347 The fourth level name is an address fami |
|
select all address families. |
select all address families. |
The fifth and sixth level names are as follows: |
The fifth and sixth level names are as follows: |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.It Sy Fifth level name Sy Sixth level is: |
.It Sy Fifth level name Ta Sy Sixth level is : |
.It NET_RT_FLAGS rtflags |
.It NET_RT_FLAGS rtflags |
.It NET_RT_DUMP None |
.It NET_RT_DUMP None |
.It NET_RT_IFLIST None |
.It NET_RT_IFLIST None |
Line 1222 The third level name is the protocol. |
|
Line 1359 The third level name is the protocol. |
|
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.It Sy Protocol Variable Sy Type Sy Changeable |
.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable |
.It arp down integer yes |
.It arp down integer yes |
.It arp keep integer yes |
.It arp keep integer yes |
.It arp log_movements integer yes |
.It arp log_movements integer yes |
.It arp log_permanent_modify integer yes |
.It arp log_permanent_modify integer yes |
.It arp log_unknown_network integer yes |
.It arp log_unknown_network integer yes |
.It arp log_wrong_iface integer yes |
.It arp log_wrong_iface integer yes |
.It arp prune integer yes |
|
.It arp refresh integer yes |
|
.It carp allow integer yes |
.It carp allow integer yes |
.It carp preempt integer yes |
.It carp preempt integer yes |
.It carp log integer yes |
.It carp log integer yes |
Line 1247 The currently defined protocols and name |
|
Line 1382 The currently defined protocols and name |
|
.It ip anonportmax integer yes |
.It ip anonportmax integer yes |
.It ip anonportmin integer yes |
.It ip anonportmin integer yes |
.It ip checkinterface integer yes |
.It ip checkinterface integer yes |
|
.It ip dad_count integer yes |
.It ip directed-broadcast integer yes |
.It ip directed-broadcast integer yes |
.It ip do_loopback_cksum integer yes |
.It ip do_loopback_cksum integer yes |
.It ip forwarding integer yes |
.It ip forwarding integer yes |
Line 1312 The variables are as follows: |
|
Line 1448 The variables are as follows: |
|
Failed ARP entry lifetime. |
Failed ARP entry lifetime. |
.It Li arp.keep |
.It Li arp.keep |
Valid ARP entry lifetime. |
Valid ARP entry lifetime. |
.It Li arp.prune |
|
ARP cache pruning interval. |
|
.It Li arp.refresh |
|
ARP entry refresh interval. |
|
.It Li carp.allow |
.It Li carp.allow |
If set to 0, incoming |
If set to 0, incoming |
.Xr carp 4 |
.Xr carp 4 |
Line 1368 Currently, this must be disabled if ipna |
|
Line 1500 Currently, this must be disabled if ipna |
|
destination address to another local interface, or if addresses |
destination address to another local interface, or if addresses |
are added to the loopback interface instead of the interface where |
are added to the loopback interface instead of the interface where |
the packets for those packets are received. |
the packets for those packets are received. |
|
.It Li ip.dad_count |
|
The number of |
|
.Xr arp 4 |
|
probes sent for Address Conflict Detection. |
|
Set to 0 to disable this. |
.It Li ip.directed-broadcast |
.It Li ip.directed-broadcast |
If set to 1, enables directed broadcast behavior for the host. |
If set to 1, enables directed broadcast behavior for the host. |
.It Li ip.do_loopback_cksum |
.It Li ip.do_loopback_cksum |
Line 1604 The third level name is the protocol. |
|
Line 1741 The third level name is the protocol. |
|
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.It Sy Protocol Variable Sy Type Sy Changeable |
.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable |
.It icmp6 errppslimit integer yes |
.It icmp6 errppslimit integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_lowat integer yes |
.It icmp6 mtudisc_lowat integer yes |
Line 1775 The maximum number of fragments the node |
|
Line 1912 The maximum number of fragments the node |
|
\-1 means that the node will accept as many fragments as it receives. |
\-1 means that the node will accept as many fragments as it receives. |
The flag is provided basically for avoiding possible DoS attacks. |
The flag is provided basically for avoiding possible DoS attacks. |
.It Li ip6.neighborgcthresh |
.It Li ip6.neighborgcthresh |
Maximum number of entries in neighbor cache. |
Maximum number of entries in neighbor cache per interface. |
Set to negative to disable. |
Set to negative to disable. |
The default value is 2048. |
The default value is 2048. |
.It Li ip6.redirect |
.It Li ip6.redirect |
Line 1901 Get or set various global information ab |
|
Line 2038 Get or set various global information ab |
|
The third level name is the variable name. |
The third level name is the variable name. |
The currently defined variable and names are: |
The currently defined variable and names are: |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.It Sy Variable Type Sy Changeable |
.It Sy Variable Type Ta Sy Changeable |
.It debug integer yes |
.It debug integer yes |
.It enabled integer yes |
.It enabled integer yes |
.It used integer no |
.It used integer no |
Line 1935 Force IPsec processing even when SPD pol |
|
Line 2072 Force IPsec processing even when SPD pol |
|
.It Li used |
.It Li used |
Based on if IPsec is enabled, and SPD rule existance, show if |
Based on if IPsec is enabled, and SPD rule existance, show if |
IPsec is being used. |
IPsec is being used. |
Note that currenly once IPsec is being used, it cannot be disabled. |
Note that currently once IPsec is being used, it cannot be disabled. |
.It Li spi_try |
.It Li spi_try |
The number of times the kernel will try to obtain an unique SPI |
The number of times the kernel will try to obtain an unique SPI |
when it generates it from random number generator. |
when it generates it from random number generator. |
Line 1981 value of PROC_PID_CORENAME is reset to t |
|
Line 2118 value of PROC_PID_CORENAME is reset to t |
|
The second level name is either the magic value PROC_CURPROC, which |
The second level name is either the magic value PROC_CURPROC, which |
points to the current process, or the PID of the target process. |
points to the current process, or the PID of the target process. |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It proc.pid.corename string yes |
.It proc.pid.corename string yes |
.It proc.pid.rlimit node not applicable |
.It proc.pid.rlimit node not applicable |
.It proc.pid.stopfork int yes |
.It proc.pid.stopfork int yes |
.It proc.pid.stopexec int yes |
.It proc.pid.stopexec int yes |
.It proc.pid.stopexit int yes |
.It proc.pid.stopexit int yes |
|
.It proc.pid.paxflags int no |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) |
.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) |
Line 2066 Both are of type integer. |
|
Line 2204 Both are of type integer. |
|
If non zero, the process' children will be stopped after |
If non zero, the process' children will be stopped after |
.Xr fork 2 |
.Xr fork 2 |
calls. |
calls. |
The children is created in the SSTOP state and is never scheduled |
The children are created in the SSTOP state and are never scheduled |
for running before being stopped. |
for running before being stopped. |
This feature helps attaching a process with a debugger such as |
This feature enables attaching to a process with a debugger such as |
.Xr gdb 1 |
.Xr gdb 1 |
before it had the opportunity to actually do anything. |
before the process has the opportunity to actually do anything. |
.Pp |
.Pp |
This value is inherited by the process's children, and it also |
This value is inherited by the process's children, and it also |
apply to emulation specific system calls that fork a new process, such as |
applies to emulation specific system calls that fork a new process, such as |
.Fn sproc |
.Fn sproc |
or |
or |
.Fn clone . |
.Fn clone . |
.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) |
.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) |
If non zero, the process will be stopped on next |
If non zero, the process will be stopped on the next |
.Xr exec 3 |
.Xr exec 3 |
call. |
call. |
The process created by |
The process created by |
.Xr exec 3 |
.Xr exec 3 |
is created in the SSTOP state and is never scheduled for running |
is created in the SSTOP state and is never scheduled for running |
before being stopped. |
before being stopped. |
This feature helps attaching a process with a debugger such as |
This feature enables attaching to a process with a debugger such as |
.Xr gdb 1 |
.Xr gdb 1 |
before it had the opportunity to actually do anything. |
before the process has the opportunity to actually do anything. |
.Pp |
.Pp |
This value is inherited by the process's children. |
This value is inherited by the process's children. |
.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) |
.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) |
If non zero, the process will be stopped on when it has cause to exit, |
If non zero, the process will be stopped when it has cause to exit, |
either by way of calling |
either by way of calling |
.Xr exit 3 , |
.Xr exit 3 , |
.Xr _exit 2 , |
.Xr _exit 2 , |
or by the receipt of a specific signal. |
or by the receipt of a specific signal. |
The process is stopped before any of its resources or vm space is |
The process is stopped before any of its resources or vm space is |
released allowing examination of the termination state of a process |
released allowing examination of the termination state of the process |
before it disappears. |
before it disappears. |
This feature can be used to examine the final conditions of the |
This feature can be used to examine the final conditions of the |
process's vmspace via |
process's vmspace via |
Line 2107 or its resource settings with |
|
Line 2245 or its resource settings with |
|
before it disappears. |
before it disappears. |
.Pp |
.Pp |
This value is also inherited by the process's children. |
This value is also inherited by the process's children. |
|
.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) |
|
This read-only variable returns the current value of the process's pax |
|
flags (see |
|
.Xr paxctl 8 ) . |
.El |
.El |
.Ss The user.* subtree ( Dv CTL_USER ) |
.Ss The user.* subtree ( Dv CTL_USER ) |
The string and integer information available for the |
The string and integer information available for the |
Line 2115 level is detailed below. |
|
Line 2257 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It user.atexit_max integer no |
.It user.atexit_max integer no |
.It user.bc_base_max integer no |
.It user.bc_base_max integer no |
.It user.bc_dim_max integer no |
.It user.bc_dim_max integer no |
Line 2220 level is detailed below. |
|
Line 2362 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It vm.anonmax int yes |
.It vm.anonmax int yes |
.It vm.anonmin int yes |
.It vm.anonmin int yes |
.It vm.bufcache int yes |
.It vm.bufcache int yes |
Line 2311 The changeable column shows whether a pr |
|
Line 2453 The changeable column shows whether a pr |
|
privilege may change the value. |
privilege may change the value. |
.\" XXX sort |
.\" XXX sort |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It ddb.radix integer yes |
.It ddb.radix integer yes |
.It ddb.maxoff integer yes |
.It ddb.maxoff integer yes |
.It ddb.maxwidth integer yes |
.It ddb.maxwidth integer yes |
Line 2366 level contains various security-related |
|
Line 2508 level contains various security-related |
|
the system. |
the system. |
The available second level names are: |
The available second level names are: |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It Li security.curtain integer yes |
.It Li security.curtain integer yes |
.It Li security.models node not applicable |
.It Li security.models node not applicable |
.It Li security.pax node not applicable |
.It Li security.pax node not applicable |
Line 2420 The available third and fourth level nam |
|
Line 2562 The available third and fourth level nam |
|
.\".It Li security.pax.aslr.stack_len integer yes |
.\".It Li security.pax.aslr.stack_len integer yes |
.It Li security.pax.mprotect.enabled integer yes |
.It Li security.pax.mprotect.enabled integer yes |
.It Li security.pax.mprotect.global integer yes |
.It Li security.pax.mprotect.global integer yes |
|
.It Li security.pax.mprotect.ptrace integer yes |
.It Li security.pax.segvguard.enabled integer yes |
.It Li security.pax.segvguard.enabled integer yes |
.It Li security.pax.segvguard.expiry_timeout integer yes |
.It Li security.pax.segvguard.expiry_timeout integer yes |
.It Li security.pax.segvguard.global integer yes |
.It Li security.pax.segvguard.global integer yes |
Line 2467 except those exempted with |
|
Line 2610 except those exempted with |
|
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
except those specifically marked as such with |
except those specifically marked as such with |
.Xr paxctl 8 . |
.Xr paxctl 8 . |
|
.It Li security.pax.mprotect.ptrace |
|
This variable allows |
|
.Xr ptrace 2 |
|
to override PaX MPROTECT permissions. |
|
It can have the following values: |
|
.Bl -tag -width XX -compact |
|
.It 0 |
|
Does not let override any permissions. |
|
.It 1 |
|
Disables PaX MPROTECT from processes that start executing while traced (default). |
|
.It 2 |
|
Bypasses PaX MPROTECT for all processes being traced. |
|
.El |
.It Li security.pax.segvguard.enabled |
.It Li security.pax.segvguard.enabled |
Enable PaX Segvguard. |
Enable PaX Segvguard. |
.Pp |
.Pp |