[BACK]Return to sysctl.7 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / share / man / man7

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/share/man/man7/sysctl.7 between version 1.97 and 1.139

version 1.97, 2015/12/13 15:13:03 version 1.139, 2019/06/01 19:54:34
Line 29 
Line 29 
 .\"  .\"
 .\"     @(#)sysctl.3    8.4 (Berkeley) 5/9/95  .\"     @(#)sysctl.3    8.4 (Berkeley) 5/9/95
 .\"  .\"
 .Dd December 13, 2015  .Dd June 1, 2019
 .Dt SYSCTL 7  .Dt SYSCTL 7
 .Os  .Os
 .Sh NAME  .Sh NAME
Line 117  as a debugging variable, the following d
Line 117  as a debugging variable, the following d
 .Pp  .Pp
 .Bd -literal -offset indent -compact  .Bd -literal -offset indent -compact
 int dospecialcheck = 1;  int dospecialcheck = 1;
 struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck };  struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck };
 .Ed  .Ed
 .Pp  .Pp
 Note that the dynamic implementation of  Note that the dynamic implementation of
Line 188  level is detailed below.
Line 188  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent  .Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent
 .It Sy Second level name        Sy Type Sy Changeable  .It Sy Second level name Ta Sy Type Ta Sy Changeable
 .It hw.alignbytes       integer no  .It hw.alignbytes       integer no
 .It hw.byteorder        integer no  .It hw.byteorder        integer no
 .It hw.cnmagic  string  yes  .It hw.cnmagic  string  yes
Line 272  The changeable column shows whether a pr
Line 272  The changeable column shows whether a pr
 privilege may change the value.  privilege may change the value.
 .Bl -column "kern.posix_reader_writer_locks" \  .Bl -column "kern.posix_reader_writer_locks" \
 "struct kinfo_drivers" "not applicable"  "struct kinfo_drivers" "not applicable"
 .It Sy Second level name        Sy Type Sy Changeable  .It Sy Second level name Ta Sy Type Ta Sy Changeable
 .It kern.aio_listio_max integer yes  .It kern.aio_listio_max integer yes
 .It kern.aio_max        integer yes  .It kern.aio_max        integer yes
 .It kern.arandom        integer no  .It kern.arandom        integer no
 .It kern.argmax integer no  .It kern.argmax integer no
 .It kern.boothowto      integer no  .It kern.boothowto      integer no
 .It kern.boottime       struct timeval  no  .It kern.boottime       struct timespec no
 .It kern.buildinfo      string  no  .It kern.buildinfo      string  no
 .\".It kern.bufq        node    not applicable  .\".It kern.bufq        node    not applicable
 .It kern.ccpu   integer no  .It kern.ccpu   integer no
Line 293  privilege may change the value.
Line 293  privilege may change the value.
 .It kern.domainname     string  yes  .It kern.domainname     string  yes
 .It kern.drivers        struct kinfo_drivers    no  .It kern.drivers        struct kinfo_drivers    no
 .It kern.dump_on_panic  integer yes  .It kern.dump_on_panic  integer yes
   .It kern.expose_address integer yes
 .It kern.file   struct file     no  .It kern.file   struct file     no
 .It kern.forkfsleep     integer yes  .It kern.forkfsleep     integer yes
 .It kern.fscale integer no  .It kern.fscale integer no
Line 315  privilege may change the value.
Line 316  privilege may change the value.
 .It kern.maxproc        integer yes  .It kern.maxproc        integer yes
 .It kern.maxptys        integer yes  .It kern.maxptys        integer yes
 .It kern.maxvnodes      integer yes  .It kern.maxvnodes      integer yes
   .It kern.messages       integer yes
 .It kern.mbuf   node    not applicable  .It kern.mbuf   node    not applicable
 .It kern.memlock        integer no  .It kern.memlock        integer no
 .It kern.memlock_range  integer no  .It kern.memlock_range  integer no
Line 354  privilege may change the value.
Line 356  privilege may change the value.
 .It kern.rtc_offset     integer yes  .It kern.rtc_offset     integer yes
 .It kern.saved_ids      integer no  .It kern.saved_ids      integer no
 .It kern.sbmax  integer yes  .It kern.sbmax  integer yes
 .\".It kern.sched       node    not applicable  .It kern.sched  node    not applicable
 .It kern.securelevel    integer raise only  .It kern.securelevel    integer raise only
 .It kern.somaxkva       integer yes  .It kern.somaxkva       integer yes
   .It kern.sooptions      integer yes
 .It kern.synchronized_io        integer no  .It kern.synchronized_io        integer no
 .It kern.timecounter    node    not applicable  .It kern.timecounter    node    not applicable
 .It kern.timex  struct  no  .It kern.timex  struct  no
Line 371  privilege may change the value.
Line 374  privilege may change the value.
 .El  .El
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li kern.aio_listio_max  .It Li kern.aio_listio_max
 The maximum number of asynchronous  The maximum number of asynchronous I/O operations in a single list
 .Tn I/O  I/O call.
 operations in a single list I/O call.  
 Like with all variables related to  Like with all variables related to
 .Xr aio 3 ,  .Xr aio 3 ,
 the variable may be created and removed dynamically  the variable may be created and removed dynamically
Line 383  The maximum number of asynchronous I/O o
Line 385  The maximum number of asynchronous I/O o
 .It Li kern.arandom  .It Li kern.arandom
 This variable picks a random number each time it is queried.  This variable picks a random number each time it is queried.
 The used random number generator  The used random number generator
 .Pf ( Tn RNG )  .Pf ( RNG )
 is based on  is based on
 .Xr arc4random 3 .  .Xr arc4random 3 .
 .It Li kern.argmax ( Dv KERN_ARGMAX )  .It Li kern.argmax ( Dv KERN_ARGMAX )
Line 395  Flags passed from the boot loader; see
Line 397  Flags passed from the boot loader; see
 for the meanings of the flags.  for the meanings of the flags.
 .It Li kern.boottime ( Dv KERN_BOOTTIME )  .It Li kern.boottime ( Dv KERN_BOOTTIME )
 A  A
 .Vt struct timeval  .Vt struct timespec
 structure is returned.  structure is returned.
 This structure contains the time that the system was booted.  This structure contains the time that the system was booted.
   That time is defined (for this purpose) to be the time at
   which the kernel first started accumulating clock ticks.
   .It Li kern.bufq
   This variable contains information on the
   .Xr bufq 9
   subsystem.
   Currently, the only third level name implemented is
   .Dv kern.bufq.strategies
   which provides a list of buffer queue strategies currently available.
 .It Li kern.buildinfo  .It Li kern.buildinfo
 When the kernel is built, the build environment may optionally provide  When the kernel is built, the build environment may optionally provide
 arbitrary information to be stored in this variable.  arbitrary information to be stored in this variable.
 .\" .It Li kern.bufq  
 .\" XXX: Undocumented.  
 .It Li kern.ccpu ( Dv KERN_CCPU )  .It Li kern.ccpu ( Dv KERN_CCPU )
 The scheduler exponential decay value.  The scheduler exponential decay value.
 .It Li kern.clockrate ( Dv KERN_CLOCKRATE )  .It Li kern.clockrate ( Dv KERN_CLOCKRATE )
Line 428  The third level name is
Line 437  The third level name is
 .Dv kern.coredump.setid  .Dv kern.coredump.setid
 and fourth level variables are described below.  and fourth level variables are described below.
 .Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent  .Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent
 .It Sy Fourth level name        Sy Type Sy Changeable  .It Sy Fourth level name Ta Sy Type Ta Sy Changeable
 .It kern.coredump.setid.dump    integer yes  .It kern.coredump.setid.dump    integer yes
 .It kern.coredump.setid.group   integer yes  .It kern.coredump.setid.group   integer yes
 .It kern.coredump.setid.mode    integer yes  .It kern.coredump.setid.mode    integer yes
Line 456  Mapping of CPU number to CPU id.
Line 465  Mapping of CPU number to CPU id.
 .It Li kern.cp_time ( Dv KERN_CP_TIME )  .It Li kern.cp_time ( Dv KERN_CP_TIME )
 Returns an array of  Returns an array of
 .Dv CPUSTATES  .Dv CPUSTATES
 .Vt uint64_t Ns s.  .Vt uint64_t Ns s .
 This array contains the  This array contains the
 number of clock ticks spent in different CPU states.  number of clock ticks spent in different CPU states.
 On multi-processor systems, the sum across all CPUs is returned unless  On multi-processor systems, the sum across all CPUs is returned unless
Line 470  in the
Line 479  in the
 system.  system.
 The available values are as follows:  The available values are as follows:
 .Bl -tag -width XX0 -offset indent  .Bl -tag -width XX0 -offset indent
 .It Dv \*[Lt] 0  .It Dv < 0
 Always force userlevel requests to use software transforms.  Always force userlevel requests to use software transforms.
 .It Dv = 0  .It Dv = 0
 If present, use hardware and grant userlevel requests for  If present, use hardware and grant userlevel requests for
 non-accelerated transforms (handling the latter in software).  non-accelerated transforms (handling the latter in software).
 .It Dv \*[Gt] 0  .It Dv > 0
 Allow user requests only for transforms which are hardware-accelerated.  Allow user requests only for transforms which are hardware-accelerated.
 .El  .El
 .It Li kern.defcorename ( Dv KERN_DEFCORENAME )  .It Li kern.defcorename ( Dv KERN_DEFCORENAME )
Line 508  field is always a NUL terminated string.
Line 517  field is always a NUL terminated string.
 The  The
 .Va d_bmajor  .Va d_bmajor
 field will be set to \-1 if the driver doesn't have a block device.  field will be set to \-1 if the driver doesn't have a block device.
   .It Li kern.expose_address
   Expose kernel addresses in
   .Xr sysctl 3
   calls used by
   .Xr fstat 1
   and
   .Xr sockstat 1 .
   If it is set to
   .Dv 0
   access is not allowed.
   If it is set to
   .Dv 1
   then only processes that have opened
   .Pa /dev/kmem
   can have access.
   If it is set to
   .Dv 2
   every process is allowed.
   Defaults to
   .Dv 0
   for
   .Dv KASLR
   kernels
   and
   .Dv 1
   otherwise.
   Allowing general access renders KASLR ineffective; allowing only kmem
   accessing programs weakens KASLR if those programs can be subverted
   to leak the addresses.
 .It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC )  .It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC )
 Perform a crash dump on system  Perform a crash dump on system
 .Xr panic 9 .  .Xr panic 9 .
Line 541  otherwise\ 0.
Line 579  otherwise\ 0.
 Returns the number of  Returns the number of
 .Xr hardclock 9  .Xr hardclock 9
 ticks.  ticks.
   .It Li kern.hist
   This variable contains kernel history data if the kernel was
   configured for any of the options
   .Dv UVHMIST ,
   .Dv USB_DEBUG ,
   .Dv BIOHIST ,
   or
   .Dv SCDEBUG .
   (See
   .Xr options 4
   for more details.)
   The third-level names correspond to each available history table.
   The values of the history tables are in an internal format, and can be
   decoded by the
   .Xr vmstat 1
   utility's
   .Fl U
   and
   .Fl u
   options;
   the
   .Fl l
   option can be used to see which tables are available.
 .It Li kern.hostid ( Dv KERN_HOSTID )  .It Li kern.hostid ( Dv KERN_HOSTID )
 Get or set the host identifier.  Get or set the host identifier.
 This is aimed to replace the legacy  This is aimed to replace the legacy
Line 566  and
Line 627  and
 Return information about the SysV IPC parameters.  Return information about the SysV IPC parameters.
 The third level names for the ipc variables are detailed below.  The third level names for the ipc variables are detailed below.
 .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent  .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It kern.ipc.sysvmsg    integer no  .It kern.ipc.sysvmsg    integer no
 .It kern.ipc.sysvsem    integer no  .It kern.ipc.sysvsem    integer no
 .It kern.ipc.sysvshm    integer no  .It kern.ipc.sysvshm    integer no
Line 599  otherwise\ 0.
Line 660  otherwise\ 0.
 Return System V style IPC configuration and run-time information.  Return System V style IPC configuration and run-time information.
 The fourth level name selects the System V style IPC facility.  The fourth level name selects the System V style IPC facility.
 .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent  .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent
 .It Sy Fourth level name        Sy Type  .It Sy Fourth level name Ta Sy Type
 .It KERN_SYSVIPC_MSG_INFO       struct msg_sysctl_info  .It KERN_SYSVIPC_MSG_INFO       struct msg_sysctl_info
 .It KERN_SYSVIPC_SEM_INFO       struct sem_sysctl_info  .It KERN_SYSVIPC_SEM_INFO       struct sem_sysctl_info
 .It KERN_SYSVIPC_SHM_INFO       struct shm_sysctl_info  .It KERN_SYSVIPC_SHM_INFO       struct shm_sysctl_info
Line 700  The third level names for the mbuf varia
Line 761  The third level names for the mbuf varia
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent  .Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .\" XXX Changeable? really?  .\" XXX Changeable? really?
 .It kern.mbuf.mblowat   integer yes  .It kern.mbuf.mblowat   integer yes
 .It kern.mbuf.mclbytes  integer yes  .It kern.mbuf.mclbytes  integer yes
Line 739  Returns 1 if the
Line 800  Returns 1 if the
 .St -p1003.1b-93  .St -p1003.1b-93
 Memory Protection Option is available on this system,  Memory Protection Option is available on this system,
 otherwise\ 0.  otherwise\ 0.
   .It Li kern.messages
   Kernel console message verbosity.
   See
   .Aq Pa sys/reboot.h
   .Bl -column "verbosity" "setting" -offset indent
   .It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent
   .It 0 Ta Silent Ta Sy AB_SILENT
   .It 1 Ta Quiet Ta Sy AB_QUIET
   .It 2 Ta Normal Ta Sy AB_NORMAL
   .It 3 Ta Verbose Ta Sy AB_VERBOSE
   .It 4 Ta Debug Ta Sy AB_DEBUG
   .El
 .It Li kern.module  .It Li kern.module
 Settings related to kernel modules.  Settings related to kernel modules.
 The third level names for the settings are described below.  The third level names for the settings are described below.
 .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent  .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It kern.module.autoload        integer yes  .It kern.module.autoload        integer yes
 .It kern.module.autotime        integer yes  .It kern.module.autotime        integer yes
 .It kern.module.verbose integer yes  .It kern.module.verbose boolean yes
 .El  .El
 .Pp  .Pp
 The variables are as follows:  The variables are as follows:
Line 770  Returns the standard version the impleme
Line 843  Returns the standard version the impleme
 Monotonic Clock Option conforms to,  Monotonic Clock Option conforms to,
 otherwise\ 0.  otherwise\ 0.
 .It Li kern.mqueue  .It Li kern.mqueue
 Settings related to  Settings related to POSIX message queues; see
 .Tn POSIX  
 message queues; see  
 .Xr mqueue 3 .  .Xr mqueue 3 .
 This node is created dynamically when  This node is created dynamically when
 the corresponding kernel module is loaded.  the corresponding kernel module is loaded.
 The third level names for the settings are described below.  The third level names for the settings are described below.
 .Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent  .Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It kern.mqueue.mq_open_max     integer yes  .It kern.mqueue.mq_open_max     integer yes
 .It kern.mqueue.mq_prio_max     integer yes  .It kern.mqueue.mq_prio_max     integer yes
 .It kern.mqueue.mq_max_msgsize  integer yes  .It kern.mqueue.mq_max_msgsize  integer yes
Line 830  The third level names for the  integer p
Line 901  The third level names for the  integer p
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent  .Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It kern.pipe.kvasiz    integer yes  .It kern.pipe.kvasiz    integer yes
 .It kern.pipe.maxbigpipes       integer yes  .It kern.pipe.maxbigpipes       integer yes
 .It kern.pipe.maxkvasz  integer yes  .It kern.pipe.maxkvasz  integer yes
Line 923  structures is returned,
Line 994  structures is returned,
 whose size depends on the current number of such objects in the system.  whose size depends on the current number of such objects in the system.
 The third and fourth level numeric names are as follows:  The third and fourth level numeric names are as follows:
 .Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent  .Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent
 .It Sy Third level name Sy Fourth level is:  .It Sy Third level name Ta Sy Fourth level is :
 .It KERN_PROC_ALL       None  .It KERN_PROC_ALL       None
 .It KERN_PROC_GID       A group ID  .It KERN_PROC_GID       A group ID
 .It KERN_PROC_PID       A process ID  .It KERN_PROC_PID       A process ID
Line 955  The fourth level name is as follows:
Line 1026  The fourth level name is as follows:
 .It Dv KERN_PROC_NARGV  The number of argv strings  .It Dv KERN_PROC_NARGV  The number of argv strings
 .It Dv KERN_PROC_NENV   The number of environ strings  .It Dv KERN_PROC_NENV   The number of environ strings
 .It Dv KERN_PROC_PATHNAME       The full pathname of the executable  .It Dv KERN_PROC_PATHNAME       The full pathname of the executable
   .It Dv KERN_PROC_CWD    The current working directory
 .El  .El
 .It Li kern.profiling ( Dv KERN_PROF )  .It Li kern.profiling ( Dv KERN_PROF )
 Return profiling information about the kernel.  Return profiling information about the kernel.
Line 968  is detailed below.
Line 1040  is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent  .Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It kern.profiling.count        u_short[\|]     yes  .It kern.profiling.count        u_short[\|]     yes
 .It kern.profiling.froms        u_short[\|]     yes  .It kern.profiling.froms        u_short[\|]     yes
 .It kern.profiling.gmonparam    struct gmonparam        no  .It kern.profiling.gmonparam    struct gmonparam        no
Line 1011  Return the offset of real time clock fro
Line 1083  Return the offset of real time clock fro
 .It Li kern.saved_ids ( Dv KERN_SAVED_IDS )  .It Li kern.saved_ids ( Dv KERN_SAVED_IDS )
 Returns 1 if saved set-group and saved set-user ID is available.  Returns 1 if saved set-group and saved set-user ID is available.
 .It Li kern.sbmax ( Dv KERN_SBMAX )  .It Li kern.sbmax ( Dv KERN_SBMAX )
 Maximum socket buffer size.  Maximum socket buffer size in bytes.
 .\" XXX units?  
 .It Li kern.securelevel ( Dv KERN_SECURELVL )  .It Li kern.securelevel ( Dv KERN_SECURELVL )
 See  See
 .Xr secmodel_securelevel 9 .  .Xr secmodel_securelevel 9 .
 .\" .It Li kern.sched  .It Li kern.sched ( dynamic )
 .\" XXX: Undocumented.  Influence the scheduling of LWPs, their priorisation and how they are
   distributed on and moved between CPUs.
   .Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent
   .It Sy Third level name    Sy Type       Sy Changeable
   .It kern.sched.cacheht_time        integer       yes
   .It kern.sched.balance_period      integer       yes
   .It kern.sched.average_weight      integer       yes
   .It kern.sched.min_catch           integer       yes
   .It kern.sched.timesoftints        integer       yes
   .It kern.sched.kpreempt_pri        integer       yes
   .It kern.sched.upreempt_pri        integer       yes
   .It kern.sched.maxts       integer       yes
   .It kern.sched.mints       integer       yes
   .It kern.sched.name        string        no
   .It kern.sched.rtts        integer       no
   .It kern.sched.pri_min     integer       no
   .It kern.sched.pri_max     integer       no
   .El
   .Pp
   The variables are as follows:
   .Bl -tag -width "123456"
   .It Li kern.sched.cacheht_time ( dynamic )
   Cache hotness time in which a LWP is kept on one particular CPU
   and not moved to another CPU.
   This reduces the overhead of flushing and reloading caches.
   Defaults to 3ms.
   Needs to be given in
   .Dq hz
   units, see
   .Xr mstohz 9 .
   .It Li kern.sched.balance_period ( dynamic )
   Interval at which the CPU queues are checked for re-balancing.
   Defaults to 300ms.
   Needs to be given in
   .Dq hz
   units, see
   .Xr mstohz 9 .
   .It Li kern.sched.average_weight ( dynamic )
   Can be used to influence how likely LWPs are to be migrated from
   one CPU's queue of LWPs that are ready to run to a different, idle CPU.
   The value gives the percentage for weighting the average count of
   migratable threads from the past against the current number of
   migratable threads.
   A small value gives more weight to the past, a larger values more weight
   on the current situation.
   Defaults to 50 and must be between 0 and 100.
   .It Li kern.sched.min_catch ( dynamic )
   Minimum count of migratable (runable) threads for catching (stealing)
   from another CPU.
   Defaults to 1 but can be increased to decrease chance of thread
   migration between CPUs.
   .It Li kern.sched.timesoftints ( dynamic )
   Enable tracking of CPU time for soft interrupts
   as part of a LWP's real execution time.
   Set to a non-zero value to enable,
   and see
   .Xr ps 1
   for printing CPU times.
   .It Li kern.sched.kpreempt_pri ( dynamic )
   Minimum priority to trigger kernel preemption.
   .It Li kern.sched.upreempt_pri ( dynamic )
   Minimum priority to trigger user preemption.
   .It Li kern.sched.maxts ( dynamic )
   Scheduler specific maximal time quantum (in milliseconds).
   Must be set to a value larger than
   .Dq mints
   and between 10 and
   .Dq hz
   as given by the
   .Dv kern.clockrate
   sysctl.
   Provided by the M2 scheduler.
   .It Li kern.sched.mints ( dynamic )
   Scheduler specific minimal time quantum (in milliseconds).
   Must be set to a value smaller than
   .Dq maxts
   and between 1 and
   .Dq hz
   as given by the
   .Dq kern.clockrate
   sysctl.
   Provided by the M2 scheduler.
   .It Li kern.sched.name ( dynamic )
   Scheduler name.
   Provided both by the M2 and the 4BSD scheduler.
   .It Li kern.sched.rtts ( dynamic )
   Fixed scheduler specific round-robin time quantum in milliseconds.
   Provided both by the M2 and the 4BSD scheduler.
   .It Li kern.sched.pri_min ( dynamic )
   Minimal POSIX real-time priority.
   See
   .Xr sched 3 .
   .It Li kern.sched.pri_max ( dynamic )
   Maximal POSIX real-time priority.
   See
   .Xr sched 3 .
   .El
 .It Li kern.somaxkva ( Dv KERN_SOMAXKVA )  .It Li kern.somaxkva ( Dv KERN_SOMAXKVA )
 Maximum amount of kernel memory to be used for socket buffers.  Maximum amount of kernel memory to be used for socket buffers in bytes.
 .\" XXX units?  .It Li kern.sooptions
   Set the default socket option flags for
   .Xr socket 2
   creation.
   See
   .Xr setsockopt 2
   for a list of supported flags.
 .It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO )  .It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO )
 Returns 1 if the  Returns 1 if the
 .St -p1003.1b-93  .St -p1003.1b-93
Line 1029  otherwise\ 0.
Line 1202  otherwise\ 0.
 .It Li kern.timecounter ( dynamic )  .It Li kern.timecounter ( dynamic )
 Display and control the timecounter source of the system.  Display and control the timecounter source of the system.
 .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent  .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It kern.timecounter.choice     string  no  .It kern.timecounter.choice     string  no
 .It kern.timecounter.hardware   string  yes  .It kern.timecounter.hardware   string  yes
 .It kern.timecounter.timestepwarnings   integer yes  .It kern.timecounter.timestepwarnings   integer yes
Line 1053  The third level names for the tty statis
Line 1226  The third level names for the tty statis
 The changeable column shows whether a process  The changeable column shows whether a process
 with appropriate privilege may change the value.  with appropriate privilege may change the value.
 .Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent  .Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It kern.tkstat.cancc   quad    no  .It kern.tkstat.cancc   quad    no
 .It kern.tkstat.nin     quad    no  .It kern.tkstat.nin     quad    no
 .It kern.tkstat.nout    quad    no  .It kern.tkstat.nout    quad    no
Line 1076  The third level names for the tty setup 
Line 1249  The third level names for the tty setup 
 The changeable column shows whether a process  The changeable column shows whether a process
 with appropriate privilege may change the value.  with appropriate privilege may change the value.
 .Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent  .Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It kern.tty.qsize      int     yes  .It kern.tty.qsize      int     yes
 .El  .El
 .Pp  .Pp
Line 1093  and
Line 1266  and
 .It Li kern.uidinfo  .It Li kern.uidinfo
 Resource usage for the current user.  Resource usage for the current user.
 .Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent  .Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It kern.uidinfo.proccnt        integer no  .It kern.uidinfo.proccnt        integer no
 .It kern.uidinfo.lwpcnt integer no  .It kern.uidinfo.lwpcnt integer no
 .It kern.uidinfo.lockcnt        integer no  .It kern.uidinfo.lockcnt        integer no
   .It kern.uidinfo.semcnt integer no
 .It kern.uidinfo.sbsize integer no  .It kern.uidinfo.sbsize integer no
 .El  .El
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
Line 1107  Returns the number of active threads for
Line 1281  Returns the number of active threads for
 of each process is not counted.  of each process is not counted.
 .It Li kern.uidinfo.lockcnt  .It Li kern.uidinfo.lockcnt
 Number of locks held by the current user.  Number of locks held by the current user.
   .It Li kern.uidinfo.semcnt
   Number of semaphores held by the current user.
 .It Li kern.uidinfo.sbsize  .It Li kern.uidinfo.sbsize
 Number of bytes in socket buffers allocated to the current user.  Number of bytes in socket buffers allocated to the current user.
 .El  .El
Line 1128  system.
Line 1304  system.
 Runtime information for  Runtime information for
 .Xr veriexec 8 .  .Xr veriexec 8 .
 .Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent  .Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It kern.veriexec.algorithms    string  no  .It kern.veriexec.algorithms    string  no
 .It kern.veriexec.count node    not applicable  .It kern.veriexec.count node    not applicable
 .It kern.veriexec.strict        integer yes  .It kern.veriexec.strict        integer yes
Line 1177  followed by the vnode itself
Line 1353  followed by the vnode itself
 The set of variables defined is architecture dependent.  The set of variables defined is architecture dependent.
 Most architectures define at least the following variables.  Most architectures define at least the following variables.
 .Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent  .Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent
 .It Sy Second level name        Sy Type Sy Changeable  .It Sy Second level name Ta Sy Type Ta Sy Changeable
 .It Li machdep.booted_kernel    string  no  .It Li machdep.booted_kernel    string  no
 .El  .El
 .\" XXX: Document the above.  .\" XXX: Document the above.
Line 1190  privilege may change the value.
Line 1366  privilege may change the value.
 The second and third levels are typically the protocol family and  The second and third levels are typically the protocol family and
 protocol number, though this is not always the case.  protocol number, though this is not always the case.
 .Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent  .Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent
 .It Sy Second level name        Sy Type Sy Changeable  .It Sy Second level name Ta Sy Type Ta Sy Changeable
 .It net.route   routing messages        no  .It net.route   routing messages        no
 .It net.inet    IPv4 values     yes  .It net.inet    IPv4 values     yes
 .It net.inet6   IPv6 values     yes  .It net.inet6   IPv6 values     yes
Line 1210  The fourth level name is an address fami
Line 1386  The fourth level name is an address fami
 select all address families.  select all address families.
 The fifth and sixth level names are as follows:  The fifth and sixth level names are as follows:
 .Bl -column "Fifth level name" "Sixth level is:" -offset indent  .Bl -column "Fifth level name" "Sixth level is:" -offset indent
 .It Sy Fifth level name Sy Sixth level is:  .It Sy Fifth level name Ta Sy Sixth level is :
 .It NET_RT_FLAGS        rtflags  .It NET_RT_FLAGS        rtflags
 .It NET_RT_DUMP None  .It NET_RT_DUMP None
 .It NET_RT_IFLIST       None  .It NET_RT_IFLIST       None
Line 1222  The third level name is the protocol.
Line 1398  The third level name is the protocol.
 The fourth level name is the variable name.  The fourth level name is the variable name.
 The currently defined protocols and names are:  The currently defined protocols and names are:
 .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent  .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent
 .It Sy Protocol Variable        Sy Type Sy Changeable  .It Sy Protocol Variable Ta Sy Type Ta Sy Changeable
 .It arp down    integer yes  .It arp down    integer yes
 .It arp keep    integer yes  .It arp keep    integer yes
 .It arp log_movements   integer yes  .It arp log_movements   integer yes
 .It arp log_permanent_modify    integer yes  .It arp log_permanent_modify    integer yes
 .It arp log_unknown_network     integer yes  .It arp log_unknown_network     integer yes
 .It arp log_wrong_iface integer yes  .It arp log_wrong_iface integer yes
 .It arp prune   integer yes  
 .It arp refresh integer yes  
 .It carp        allow   integer yes  .It carp        allow   integer yes
 .It carp        preempt integer yes  .It carp        preempt integer yes
 .It carp        log     integer yes  .It carp        log     integer yes
Line 1247  The currently defined protocols and name
Line 1421  The currently defined protocols and name
 .It ip  anonportmax     integer yes  .It ip  anonportmax     integer yes
 .It ip  anonportmin     integer yes  .It ip  anonportmin     integer yes
 .It ip  checkinterface  integer yes  .It ip  checkinterface  integer yes
   .It ip  dad_count       integer yes
 .It ip  directed-broadcast      integer yes  .It ip  directed-broadcast      integer yes
 .It ip  do_loopback_cksum       integer yes  .It ip  do_loopback_cksum       integer yes
 .It ip  forwarding      integer yes  .It ip  forwarding      integer yes
Line 1277  The currently defined protocols and name
Line 1452  The currently defined protocols and name
 .It tcp mss_ifmtu       integer yes  .It tcp mss_ifmtu       integer yes
 .It tcp win_scale       integer yes  .It tcp win_scale       integer yes
 .It tcp timestamps      integer yes  .It tcp timestamps      integer yes
 .It tcp compat_42       integer yes  
 .It tcp cwm     integer yes  .It tcp cwm     integer yes
 .It tcp cwm_burstsize   integer yes  .It tcp cwm_burstsize   integer yes
 .It tcp ack_on_push     integer yes  .It tcp ack_on_push     integer yes
Line 1312  The variables are as follows:
Line 1486  The variables are as follows:
 Failed ARP entry lifetime.  Failed ARP entry lifetime.
 .It Li arp.keep  .It Li arp.keep
 Valid ARP entry lifetime.  Valid ARP entry lifetime.
 .It Li arp.prune  
 ARP cache pruning interval.  
 .It Li arp.refresh  
 ARP entry refresh interval.  
 .It Li carp.allow  .It Li carp.allow
 If set to 0, incoming  If set to 0, incoming
 .Xr carp 4  .Xr carp 4
Line 1364  This cannot be set to less than 1024 or 
Line 1534  This cannot be set to less than 1024 or 
 .It Li ip.checkinterface  .It Li ip.checkinterface
 If set to non-zero, the host will reject packets addressed to it  If set to non-zero, the host will reject packets addressed to it
 that arrive on an interface not bound to that address.  that arrive on an interface not bound to that address.
 Currently, this must be disabled if ipnat is used to translate the  Currently, this must be disabled if NAT is used to translate the
 destination address to another local interface, or if addresses  destination address to another local interface, or if addresses
 are added to the loopback interface instead of the interface where  are added to the loopback interface instead of the interface where
 the packets for those packets are received.  the packets for those packets are received.
   .It Li ip.dad_count
   The number of
   .Xr arp 4
   probes sent for Address Conflict Detection.
   Set to 0 to disable this.
 .It Li ip.directed-broadcast  .It Li ip.directed-broadcast
 If set to 1, enables directed broadcast behavior for the host.  If set to 1, enables directed broadcast behavior for the host.
 .It Li ip.do_loopback_cksum  .It Li ip.do_loopback_cksum
Line 1469  This can avoid losing a round trip time 
Line 1644  This can avoid losing a round trip time 
 but has the caveat of potentially defeating TCP's delayed ACK algorithm.  but has the caveat of potentially defeating TCP's delayed ACK algorithm.
 Use of this option is generally not recommended, but  Use of this option is generally not recommended, but
 the variable exists in case your configuration really needs it.  the variable exists in case your configuration really needs it.
 .It Li tcp.compat_42  
 If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation.  
 Use of this option is not recommended, although it may be  
 required in order to communicate with extremely old TCP implementations.  
 .It Li tcp.cwm  .It Li tcp.cwm
 If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window  If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window
 Monitoring algorithm.  Monitoring algorithm.
Line 1604  The third level name is the protocol.
Line 1775  The third level name is the protocol.
 The fourth level name is the variable name.  The fourth level name is the variable name.
 The currently defined protocols and names are:  The currently defined protocols and names are:
 .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent  .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent
 .It Sy Protocol Variable        Sy Type Sy Changeable  .It Sy Protocol Variable Ta Sy Type Ta Sy Changeable
 .It icmp6       errppslimit     integer yes  .It icmp6       errppslimit     integer yes
 .It icmp6       mtudisc_hiwat   integer yes  .It icmp6       mtudisc_hiwat   integer yes
 .It icmp6       mtudisc_lowat   integer yes  .It icmp6       mtudisc_lowat   integer yes
Line 1775  The maximum number of fragments the node
Line 1946  The maximum number of fragments the node
 \-1 means that the node will accept as many fragments as it receives.  \-1 means that the node will accept as many fragments as it receives.
 The flag is provided basically for avoiding possible DoS attacks.  The flag is provided basically for avoiding possible DoS attacks.
 .It Li ip6.neighborgcthresh  .It Li ip6.neighborgcthresh
 Maximum number of entries in neighbor cache.  Maximum number of entries in neighbor cache per interface.
 Set to negative to disable.  Set to negative to disable.
 The default value is 2048.  The default value is 2048.
 .It Li ip6.redirect  .It Li ip6.redirect
Line 1885  Default UDP receive buffer size.
Line 2056  Default UDP receive buffer size.
 Default UDP send buffer size.  Default UDP send buffer size.
 .El  .El
 .Pp  .Pp
 We reuse net.*.tcp for  We reuse net.*.tcp for TCP over IPv6,
 .Tn TCP  
 over  
 .Tn IPv6 ,  
 and therefore we do not have variables net.*.tcp6.  and therefore we do not have variables net.*.tcp6.
 Variables net.inet6.udp6 have identical meaning to net.inet.udp.  Variables net.inet6.udp6 have identical meaning to net.inet.udp.
 Please refer to  Please refer to
Line 1901  Get or set various global information ab
Line 2069  Get or set various global information ab
 The third level name is the variable name.  The third level name is the variable name.
 The currently defined variable and names are:  The currently defined variable and names are:
 .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent  .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent
 .It Sy Variable Type    Sy Changeable  .It Sy Variable Type Ta Sy Changeable
 .It debug       integer yes  .It debug       integer yes
 .It enabled     integer yes  .It enabled     integer yes
 .It used        integer no  .It used        integer no
Line 1915  The currently defined variable and names
Line 2083  The currently defined variable and names
 .It esp_auth    integer yes  .It esp_auth    integer yes
 .It ah_keymin   integer yes  .It ah_keymin   integer yes
 .El  .El
 .Pp  
 The variables are as follows:  The variables are as follows:
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li debug  .It Li debug
 Turn on debugging message from within the kernel.  Turn on debugging message from within the kernel.
 The value is a bitmap, as defined in  The value is a bitmap, as defined in
 .In netkey/key_debug.h .  .In netipsec/key_debug.h .
 .It Li enabled  .It Li enabled
 Control processing of IPsec control messages.  Control processing of IPsec control messages.
 .Bl -tag -width indent  .Bl -tag -width indent
Line 1933  Allow IPsec processing when SPD policies
Line 2100  Allow IPsec processing when SPD policies
 Force IPsec processing even when SPD policies are not present.  Force IPsec processing even when SPD policies are not present.
 .El  .El
 .It Li used  .It Li used
 Based on if IPsec is enabled, and SPD rule existance, show if  Based on if IPsec is enabled, and SPD rule existence, show if
 IPsec is being used.  IPsec is being used.
 Note that currenly once IPsec is being used, it cannot be disabled.  Note that currently once IPsec is being used, it cannot be disabled.
 .It Li spi_try  .It Li spi_try
 The number of times the kernel will try to obtain an unique SPI  The number of times the kernel will try to obtain an unique SPI
 when it generates it from random number generator.  when it generates it from random number generator.
Line 1965  Minimum AH key length, in bits,
Line 2132  Minimum AH key length, in bits,
 The value is used when the kernel creates proposal payload  The value is used when the kernel creates proposal payload
 on ACQUIRE PF_KEY message.  on ACQUIRE PF_KEY message.
 .El  .El
   .It Li net.local ( Dv PF_LOCAL )
   Get or set various global information about
   .Dv AF_LOCAL
   type sockets.
   For some variables, the third level name is the variable name:
   .Bl -column "Variable" "integer" "Changeable" -offset indent
   .It Sy Variable Type Ta Sy Changeable
   .It inflight    integer no
   .It deferred    integer no
   .El
   The variables are as follows:
   .Bl -tag -width "123456"
   .It Li inflight
   The number of file descriptors currently passed between processes,
   .Qq in flight .
   .It Li deferred
   The number of file descriptors passed between processes that have been
   deferred for cleanup by a kernel task.
   .El
   .Pp
   Other variables are specific to a socket type:
   .Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent
   .It Sy "Socket Type"    Sy Variable     Type Ta Sy Changeable
   .It dgram       pcblist struct  no
   .It dgram       recvspace       integer yes
   .It dgram       sendspace       integer yes
   .It seqpacket   pcblist struct  no
   .It stream      pcblist struct  no
   .It stream      recvspace       integer yes
   .It stream      sendspace       integer yes
   .El
   The variables are as follows:
   .Bl -tag -width "123456"
   .It Li dgram.pcblist
   The Protocol Control Block list structure for datagram sockets.
   Parsed by
   .Xr netstat 1
   or
   .Xr sockstat 1 .
   .It Li dgram.recvspace
   The default datagram receive buffer size.
   .It Li dgram.sendspace
   The default datagram send buffer size.
   .It Li seqpacket.pcblist
   The Protocol Control Block list structure for Sequential Packet sockets.
   Parsed by
   .Xr netstat 1
   or
   .Xr sockstat 1 .
   .It Li stream.pcblist
   The Protocol Control Block list structure for stream sockets.
   Parsed by
   .Xr netstat 1
   or
   .Xr sockstat 1 .
   .It Li stream.recvspace
   The default stream receive buffer size.
   .It Li stream.sendspace
   The default stream send buffer size.
   .El
 .El  .El
 .Ss The proc.* subtree  .Ss The proc.* subtree
 The string and integer information available for the  The string and integer information available for the
Line 1981  value of PROC_PID_CORENAME is reset to t
Line 2208  value of PROC_PID_CORENAME is reset to t
 The second level name is either the magic value PROC_CURPROC, which  The second level name is either the magic value PROC_CURPROC, which
 points to the current process, or the PID of the target process.  points to the current process, or the PID of the target process.
 .Bl -column "proc.pid.corename" "string" "not applicable" -offset indent  .Bl -column "proc.pid.corename" "string" "not applicable" -offset indent
 .It Sy Third level name Sy Type Sy Changeable  .It Sy Third level name Ta Sy Type Ta Sy Changeable
 .It proc.pid.corename   string  yes  .It proc.pid.corename   string  yes
 .It proc.pid.rlimit     node    not applicable  .It proc.pid.rlimit     node    not applicable
 .It proc.pid.stopfork   int     yes  .It proc.pid.stopfork   int     yes
 .It proc.pid.stopexec   int     yes  .It proc.pid.stopexec   int     yes
 .It proc.pid.stopexit   int     yes  .It proc.pid.stopexit   int     yes
   .It proc.pid.paxflags   int     no
 .El  .El
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li proc.pid.corename ( Dv PROC_PID_CORENAME )  .It Li proc.pid.corename ( Dv PROC_PID_CORENAME )
Line 2066  Both are of type integer.
Line 2294  Both are of type integer.
 If non zero, the process' children will be stopped after  If non zero, the process' children will be stopped after
 .Xr fork 2  .Xr fork 2
 calls.  calls.
 The children is created in the SSTOP state and is never scheduled  The children are created in the SSTOP state and are never scheduled
 for running before being stopped.  for running before being stopped.
 This feature helps attaching a process with a debugger such as  This feature enables attaching to a process with a debugger such as
 .Xr gdb 1  .Xr gdb 1
 before it had the opportunity to actually do anything.  before the process has the opportunity to actually do anything.
 .Pp  .Pp
 This value is inherited by the process's children, and it also  This value is inherited by the process's children, and it also
 apply to emulation specific system calls that fork a new process, such as  applies to emulation specific system calls that fork a new process, such as
 .Fn sproc  .Fn sproc
 or  or
 .Fn clone .  .Fn clone .
 .It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC )  .It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC )
 If non zero, the process will be stopped on next  If non zero, the process will be stopped on the next
 .Xr exec 3  .Xr exec 3
 call.  call.
 The process created by  The process created by
 .Xr exec 3  .Xr exec 3
 is created in the SSTOP state and is never scheduled for running  is created in the SSTOP state and is never scheduled for running
 before being stopped.  before being stopped.
 This feature helps attaching a process with a debugger such as  This feature enables attaching to a process with a debugger such as
 .Xr gdb 1  .Xr gdb 1
 before it had the opportunity to actually do anything.  before the process has the opportunity to actually do anything.
 .Pp  .Pp
 This value is inherited by the process's children.  This value is inherited by the process's children.
 .It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT )  .It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT )
 If non zero, the process will be stopped on when it has cause to exit,  If non zero, the process will be stopped when it has cause to exit,
 either by way of calling  either by way of calling
 .Xr exit 3 ,  .Xr exit 3 ,
 .Xr _exit 2 ,  .Xr _exit 2 ,
 or by the receipt of a specific signal.  or by the receipt of a specific signal.
 The process is stopped before any of its resources or vm space is  The process is stopped before any of its resources or vm space is
 released allowing examination of the termination state of a process  released allowing examination of the termination state of the process
 before it disappears.  before it disappears.
 This feature can be used to examine the final conditions of the  This feature can be used to examine the final conditions of the
 process's vmspace via  process's vmspace via
Line 2107  or its resource settings with
Line 2335  or its resource settings with
 before it disappears.  before it disappears.
 .Pp  .Pp
 This value is also inherited by the process's children.  This value is also inherited by the process's children.
   .It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS )
   This read-only variable returns the current value of the process's pax
   flags (see
   .Xr paxctl 8 ) .
 .El  .El
 .Ss The user.* subtree ( Dv CTL_USER )  .Ss The user.* subtree ( Dv CTL_USER )
 The string and integer information available for the  The string and integer information available for the
Line 2115  level is detailed below.
Line 2347  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent  .Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent
 .It Sy Second level name        Sy Type Sy Changeable  .It Sy Second level name Ta Sy Type Ta Sy Changeable
 .It user.atexit_max     integer no  .It user.atexit_max     integer no
 .It user.bc_base_max    integer no  .It user.bc_base_max    integer no
 .It user.bc_dim_max     integer no  .It user.bc_dim_max     integer no
Line 2220  level is detailed below.
Line 2452  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent  .Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent
 .It Sy Second level name        Sy Type Sy Changeable  .It Sy Second level name Ta Sy Type Ta Sy Changeable
 .It vm.anonmax  int     yes  .It vm.anonmax  int     yes
 .It vm.anonmin  int     yes  .It vm.anonmin  int     yes
 .It vm.bufcache int     yes  .It vm.bufcache int     yes
Line 2239  privilege may change the value.
Line 2471  privilege may change the value.
 .It vm.uvmexp2  struct uvmexp_sysctl    no  .It vm.uvmexp2  struct uvmexp_sysctl    no
 .It vm.vmmeter  struct vmtotal  no  .It vm.vmmeter  struct vmtotal  no
 .It vm.proc.map struct kinfo_vmentry    no  .It vm.proc.map struct kinfo_vmentry    no
   .It vm.guard_size       unsigned int    no
   .It vm.thread_guard_size        unsigned int    yes
 .El  .El
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li vm.anonmax ( Dv VM_ANONMAX )  .It Li vm.anonmax ( Dv VM_ANONMAX )
Line 2284  The returned data consists of a
Line 2518  The returned data consists of a
 A flag which controls whether user processes can map virtual address\ 0.  A flag which controls whether user processes can map virtual address\ 0.
 .It Li vm.proc.map ( Dv VM_PROC )  .It Li vm.proc.map ( Dv VM_PROC )
 The third level is  The third level is
 .dv VM_PROC_MAP ,  .Dv VM_PROC_MAP ,
 the fourth is the pid of the process to display the vm object entries for, and  the fourth is the pid of the process to display the vm object entries for, and
 the fifth is the size of  the fifth is the size of
 .Vt struct kinfo_vmentry .  .Vt struct kinfo_vmentry .
Line 2301  The returned data consists of a
Line 2535  The returned data consists of a
 Return system wide virtual memory statistics.  Return system wide virtual memory statistics.
 The returned data consists of a  The returned data consists of a
 .Vt struct uvmexp_sysctl .  .Vt struct uvmexp_sysctl .
   .It Li vm.guard_size
   Return system wide guard size for the main thread of a program.
   .It Li vm.thread_guard_size
   Return system wide default size for the guard area of all other threads
   of a program.
 .\" XXX vm.idlezero  .\" XXX vm.idlezero
 .El  .El
 .Ss The ddb.* subtree ( Dv CTL_DDB )  .Ss The ddb.* subtree ( Dv CTL_DDB )
Line 2309  The information available for the
Line 2548  The information available for the
 level is detailed below.  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .\" XXX sort  
 .Bl -column "Second level name" "integer" "Changeable" -offset indent  .Bl -column "Second level name" "integer" "Changeable" -offset indent
 .It Sy Second level name        Sy Type Sy Changeable  .It Sy Second level name Ta Sy Type Ta Sy Changeable
 .It ddb.radix   integer yes  .It ddb.commandonenter  string  yes
   .It ddb.dumpstack       integer yes
   .It ddb.fromconsole     integer yes
   .It ddb.lines   integer yes
 .It ddb.maxoff  integer yes  .It ddb.maxoff  integer yes
 .It ddb.maxwidth        integer yes  .It ddb.maxwidth        integer yes
 .It ddb.lines   integer yes  
 .It ddb.tabstops        integer yes  
 .It ddb.onpanic integer yes  .It ddb.onpanic integer yes
 .It ddb.fromconsole     integer yes  .It ddb.panicstackframes        integer yes
   .It ddb.radix   integer yes
   .It ddb.tabstops        integer yes
 .It ddb.tee_msgbuf      integer yes  .It ddb.tee_msgbuf      integer yes
 .It ddb.commandonenter  string  yes  
 .El  .El
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li ddb.radix ( Dv DDBCTL_RADIX )  .It Li ddb.commandonenter
 The input and output radix.  If not empty, the string is used as the DDB command to be executed each time
   DDB is entered.
   .It Li ddb.dumpstack
   A value of 1 causes a stack trace to be printed on entering ddb from a panic.
   A value of 0 disables this behaviour.
   The default value is 1.
   .It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE )
   If not zero, DDB may be entered by sending a break on a serial
   console or by a special key sequence on a graphics console.
   .It Li ddb.lines ( Dv DDBCTL_LINES )
   Number of display lines.
 .It Li ddb.maxoff ( Dv DDBCTL_MAXOFF )  .It Li ddb.maxoff ( Dv DDBCTL_MAXOFF )
 The maximum symbol offset.  The maximum symbol offset.
 .It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH )  .It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH )
 The maximum output line width.  The maximum output line width.
 .It Li ddb.lines ( Dv DDBCTL_LINES )  
 Number of display lines.  
 .It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS )  
 Tab width.  
 .It Li ddb.onpanic ( Dv DDBCTL_ONPANIC )  .It Li ddb.onpanic ( Dv DDBCTL_ONPANIC )
 If greater than zero, DDB will be entered if the kernel panics.  If greater than zero, DDB will be entered if the kernel panics.
 A value of 1 causes the system to enter DDB on panic, while a value of 2  A value of 1 causes the system to enter DDB on panic.
 causes the kernel to attempt to print out a stack trace before entering DDB.  
 A value of 0 causes the kernel to attempt to print a stack trace, then  A value of 0 causes the kernel to attempt to print a stack trace, then
 reboot, while a value of \-1 means neither a stack trace will be printed  reboot, while a value of \-1 means neither a stack trace will be printed
 nor DDB entered.  nor DDB entered.
 .It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE )  .It Li ddb.panicstackframes
 If not zero, DDB may be entered by sending a break on a serial  Number of stack frames to display on panic.
 console or by a special key sequence on a graphics console.  Useful to avoid scrolling away the interesting frames on a glass tty.
   Default value is
   .Dv 65535
   (all frames), useful value around
   .Dv 10 .
   .It Li ddb.radix ( Dv DDBCTL_RADIX )
   The input and output radix.
   .It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS )
   Tab width.
 .It Li ddb.tee_msgbuf  .It Li ddb.tee_msgbuf
 If not zero, DDB will output also to the kernel message buffer.  If not zero, DDB will output also to the kernel message buffer.
 .It Li ddb.commandonenter  
 If not empty, a command to be executed on each enter to the  
 .Tn DDB .  
 .\"  
 .\" XXX: (a) ddb.commandonenter is missing in ddb(4);  
 .\"      (b) No DDBCTL definitions for tee_msgbuf and commandonenter.  
 .El  .El
 .Pp  .Pp
 Some of these  Some of these MIB
 .Tn MIB  
 nodes are also available as variables from within the debugger.  nodes are also available as variables from within the debugger.
 See  See
 .Xr ddb 4  .Xr ddb 4
Line 2366  level contains various security-related 
Line 2612  level contains various security-related 
 the system.  the system.
 The available second level names are:  The available second level names are:
 .Bl -column "Second level name" "integer" "Changeable" -offset indent  .Bl -column "Second level name" "integer" "Changeable" -offset indent
 .It Sy Second level name        Sy Type Sy Changeable  .It Sy Second level name Ta Sy Type Ta Sy Changeable
 .It Li security.curtain integer yes  .It Li security.curtain integer yes
 .It Li security.models  node    not applicable  .It Li security.models  node    not applicable
 .It Li security.pax     node    not applicable  .It Li security.pax     node    not applicable
Line 2375  The available second level names are:
Line 2621  The available second level names are:
 Available settings are detailed below.  Available settings are detailed below.
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li security.curtain  .It Li security.curtain
 If non-zero, will filter return objects according to the user  If non-zero, will filter return objects according to the user ID
 .Tn ID  
 requesting information about them, preventing users from  requesting information about them, preventing users from
 accessing any objects they do not own.  accessing any objects they do not own.
 .Pp  .Pp
Line 2404  See
Line 2649  See
 .Xr secmodel 9  .Xr secmodel 9
 for more information.  for more information.
 .It Li security.pax  .It Li security.pax
 Settings for PaX -- exploit mitigation features.  Settings for PaX \(em exploit mitigation features.
 For more information on any of the PaX features, please see  For more information on any of the PaX features, please see
 .Xr paxctl 8  .Xr paxctl 8
 and  and
Line 2420  The available third and fourth level nam
Line 2665  The available third and fourth level nam
 .\".It Li security.pax.aslr.stack_len   integer yes  .\".It Li security.pax.aslr.stack_len   integer yes
 .It Li security.pax.mprotect.enabled    integer yes  .It Li security.pax.mprotect.enabled    integer yes
 .It Li security.pax.mprotect.global     integer yes  .It Li security.pax.mprotect.global     integer yes
   .It Li security.pax.mprotect.ptrace     integer yes
 .It Li security.pax.segvguard.enabled   integer yes  .It Li security.pax.segvguard.enabled   integer yes
 .It Li security.pax.segvguard.expiry_timeout    integer yes  .It Li security.pax.segvguard.expiry_timeout    integer yes
 .It Li security.pax.segvguard.global    integer yes  .It Li security.pax.segvguard.global    integer yes
Line 2467  except those exempted with
Line 2713  except those exempted with
 Otherwise, all programs will not get the PaX MPROTECT restrictions,  Otherwise, all programs will not get the PaX MPROTECT restrictions,
 except those specifically marked as such with  except those specifically marked as such with
 .Xr paxctl 8 .  .Xr paxctl 8 .
   .It Li security.pax.mprotect.ptrace
   This variable allows
   .Xr ptrace 2
   to override PaX MPROTECT permissions.
   It can have the following values:
   .Bl -tag -width XX -compact
   .It 0
   Does not let override any permissions.
   .It 1
   Disables PaX MPROTECT from processes that start executing while traced (default).
   .It 2
   Bypasses PaX MPROTECT for all processes being traced.
   .El
 .It Li security.pax.segvguard.enabled  .It Li security.pax.segvguard.enabled
 Enable PaX Segvguard.  Enable PaX Segvguard.
 .Pp  .Pp
Line 2505  The
Line 2764  The
 toplevel name is reserved to be used by vendors who wish to  toplevel name is reserved to be used by vendors who wish to
 have their own private MIB tree.  have their own private MIB tree.
 Intended use is to store values under  Intended use is to store values under
 .Dq vendor.\*[Lt]yourname\*[Gt].* .  .Dq vendor.<yourname>.* .
 .Sh SEE ALSO  .Sh SEE ALSO
 .Xr sysctl 3 ,  .Xr sysctl 3 ,
 .Xr ipsec 4 ,  .Xr ipsec 4 ,

Legend:
Removed from v.1.97  
changed lines
  Added in v.1.139

CVSweb <webmaster@jp.NetBSD.org>