version 1.97, 2015/12/13 15:13:03 |
version 1.139, 2019/06/01 19:54:34 |
|
|
.\" |
.\" |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" |
.\" |
.Dd December 13, 2015 |
.Dd June 1, 2019 |
.Dt SYSCTL 7 |
.Dt SYSCTL 7 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
Line 117 as a debugging variable, the following d |
|
Line 117 as a debugging variable, the following d |
|
.Pp |
.Pp |
.Bd -literal -offset indent -compact |
.Bd -literal -offset indent -compact |
int dospecialcheck = 1; |
int dospecialcheck = 1; |
struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; |
struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; |
.Ed |
.Ed |
.Pp |
.Pp |
Note that the dynamic implementation of |
Note that the dynamic implementation of |
Line 188 level is detailed below. |
|
Line 188 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It hw.alignbytes integer no |
.It hw.alignbytes integer no |
.It hw.byteorder integer no |
.It hw.byteorder integer no |
.It hw.cnmagic string yes |
.It hw.cnmagic string yes |
Line 272 The changeable column shows whether a pr |
|
Line 272 The changeable column shows whether a pr |
|
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.posix_reader_writer_locks" \ |
.Bl -column "kern.posix_reader_writer_locks" \ |
"struct kinfo_drivers" "not applicable" |
"struct kinfo_drivers" "not applicable" |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It kern.aio_listio_max integer yes |
.It kern.aio_listio_max integer yes |
.It kern.aio_max integer yes |
.It kern.aio_max integer yes |
.It kern.arandom integer no |
.It kern.arandom integer no |
.It kern.argmax integer no |
.It kern.argmax integer no |
.It kern.boothowto integer no |
.It kern.boothowto integer no |
.It kern.boottime struct timeval no |
.It kern.boottime struct timespec no |
.It kern.buildinfo string no |
.It kern.buildinfo string no |
.\".It kern.bufq node not applicable |
.\".It kern.bufq node not applicable |
.It kern.ccpu integer no |
.It kern.ccpu integer no |
Line 293 privilege may change the value. |
|
Line 293 privilege may change the value. |
|
.It kern.domainname string yes |
.It kern.domainname string yes |
.It kern.drivers struct kinfo_drivers no |
.It kern.drivers struct kinfo_drivers no |
.It kern.dump_on_panic integer yes |
.It kern.dump_on_panic integer yes |
|
.It kern.expose_address integer yes |
.It kern.file struct file no |
.It kern.file struct file no |
.It kern.forkfsleep integer yes |
.It kern.forkfsleep integer yes |
.It kern.fscale integer no |
.It kern.fscale integer no |
Line 315 privilege may change the value. |
|
Line 316 privilege may change the value. |
|
.It kern.maxproc integer yes |
.It kern.maxproc integer yes |
.It kern.maxptys integer yes |
.It kern.maxptys integer yes |
.It kern.maxvnodes integer yes |
.It kern.maxvnodes integer yes |
|
.It kern.messages integer yes |
.It kern.mbuf node not applicable |
.It kern.mbuf node not applicable |
.It kern.memlock integer no |
.It kern.memlock integer no |
.It kern.memlock_range integer no |
.It kern.memlock_range integer no |
Line 354 privilege may change the value. |
|
Line 356 privilege may change the value. |
|
.It kern.rtc_offset integer yes |
.It kern.rtc_offset integer yes |
.It kern.saved_ids integer no |
.It kern.saved_ids integer no |
.It kern.sbmax integer yes |
.It kern.sbmax integer yes |
.\".It kern.sched node not applicable |
.It kern.sched node not applicable |
.It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
.It kern.somaxkva integer yes |
.It kern.somaxkva integer yes |
|
.It kern.sooptions integer yes |
.It kern.synchronized_io integer no |
.It kern.synchronized_io integer no |
.It kern.timecounter node not applicable |
.It kern.timecounter node not applicable |
.It kern.timex struct no |
.It kern.timex struct no |
Line 371 privilege may change the value. |
|
Line 374 privilege may change the value. |
|
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li kern.aio_listio_max |
.It Li kern.aio_listio_max |
The maximum number of asynchronous |
The maximum number of asynchronous I/O operations in a single list |
.Tn I/O |
I/O call. |
operations in a single list I/O call. |
|
Like with all variables related to |
Like with all variables related to |
.Xr aio 3 , |
.Xr aio 3 , |
the variable may be created and removed dynamically |
the variable may be created and removed dynamically |
Line 383 The maximum number of asynchronous I/O o |
|
Line 385 The maximum number of asynchronous I/O o |
|
.It Li kern.arandom |
.It Li kern.arandom |
This variable picks a random number each time it is queried. |
This variable picks a random number each time it is queried. |
The used random number generator |
The used random number generator |
.Pf ( Tn RNG ) |
.Pf ( RNG ) |
is based on |
is based on |
.Xr arc4random 3 . |
.Xr arc4random 3 . |
.It Li kern.argmax ( Dv KERN_ARGMAX ) |
.It Li kern.argmax ( Dv KERN_ARGMAX ) |
Line 395 Flags passed from the boot loader; see |
|
Line 397 Flags passed from the boot loader; see |
|
for the meanings of the flags. |
for the meanings of the flags. |
.It Li kern.boottime ( Dv KERN_BOOTTIME ) |
.It Li kern.boottime ( Dv KERN_BOOTTIME ) |
A |
A |
.Vt struct timeval |
.Vt struct timespec |
structure is returned. |
structure is returned. |
This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
|
That time is defined (for this purpose) to be the time at |
|
which the kernel first started accumulating clock ticks. |
|
.It Li kern.bufq |
|
This variable contains information on the |
|
.Xr bufq 9 |
|
subsystem. |
|
Currently, the only third level name implemented is |
|
.Dv kern.bufq.strategies |
|
which provides a list of buffer queue strategies currently available. |
.It Li kern.buildinfo |
.It Li kern.buildinfo |
When the kernel is built, the build environment may optionally provide |
When the kernel is built, the build environment may optionally provide |
arbitrary information to be stored in this variable. |
arbitrary information to be stored in this variable. |
.\" .It Li kern.bufq |
|
.\" XXX: Undocumented. |
|
.It Li kern.ccpu ( Dv KERN_CCPU ) |
.It Li kern.ccpu ( Dv KERN_CCPU ) |
The scheduler exponential decay value. |
The scheduler exponential decay value. |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) |
Line 428 The third level name is |
|
Line 437 The third level name is |
|
.Dv kern.coredump.setid |
.Dv kern.coredump.setid |
and fourth level variables are described below. |
and fourth level variables are described below. |
.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
.It Sy Fourth level name Sy Type Sy Changeable |
.It Sy Fourth level name Ta Sy Type Ta Sy Changeable |
.It kern.coredump.setid.dump integer yes |
.It kern.coredump.setid.dump integer yes |
.It kern.coredump.setid.group integer yes |
.It kern.coredump.setid.group integer yes |
.It kern.coredump.setid.mode integer yes |
.It kern.coredump.setid.mode integer yes |
Line 456 Mapping of CPU number to CPU id. |
|
Line 465 Mapping of CPU number to CPU id. |
|
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
.It Li kern.cp_time ( Dv KERN_CP_TIME ) |
Returns an array of |
Returns an array of |
.Dv CPUSTATES |
.Dv CPUSTATES |
.Vt uint64_t Ns s. |
.Vt uint64_t Ns s . |
This array contains the |
This array contains the |
number of clock ticks spent in different CPU states. |
number of clock ticks spent in different CPU states. |
On multi-processor systems, the sum across all CPUs is returned unless |
On multi-processor systems, the sum across all CPUs is returned unless |
|
|
system. |
system. |
The available values are as follows: |
The available values are as follows: |
.Bl -tag -width XX0 -offset indent |
.Bl -tag -width XX0 -offset indent |
.It Dv \*[Lt] 0 |
.It Dv < 0 |
Always force userlevel requests to use software transforms. |
Always force userlevel requests to use software transforms. |
.It Dv = 0 |
.It Dv = 0 |
If present, use hardware and grant userlevel requests for |
If present, use hardware and grant userlevel requests for |
non-accelerated transforms (handling the latter in software). |
non-accelerated transforms (handling the latter in software). |
.It Dv \*[Gt] 0 |
.It Dv > 0 |
Allow user requests only for transforms which are hardware-accelerated. |
Allow user requests only for transforms which are hardware-accelerated. |
.El |
.El |
.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) |
.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) |
Line 508 field is always a NUL terminated string. |
|
Line 517 field is always a NUL terminated string. |
|
The |
The |
.Va d_bmajor |
.Va d_bmajor |
field will be set to \-1 if the driver doesn't have a block device. |
field will be set to \-1 if the driver doesn't have a block device. |
|
.It Li kern.expose_address |
|
Expose kernel addresses in |
|
.Xr sysctl 3 |
|
calls used by |
|
.Xr fstat 1 |
|
and |
|
.Xr sockstat 1 . |
|
If it is set to |
|
.Dv 0 |
|
access is not allowed. |
|
If it is set to |
|
.Dv 1 |
|
then only processes that have opened |
|
.Pa /dev/kmem |
|
can have access. |
|
If it is set to |
|
.Dv 2 |
|
every process is allowed. |
|
Defaults to |
|
.Dv 0 |
|
for |
|
.Dv KASLR |
|
kernels |
|
and |
|
.Dv 1 |
|
otherwise. |
|
Allowing general access renders KASLR ineffective; allowing only kmem |
|
accessing programs weakens KASLR if those programs can be subverted |
|
to leak the addresses. |
.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) |
.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) |
Perform a crash dump on system |
Perform a crash dump on system |
.Xr panic 9 . |
.Xr panic 9 . |
|
|
Returns the number of |
Returns the number of |
.Xr hardclock 9 |
.Xr hardclock 9 |
ticks. |
ticks. |
|
.It Li kern.hist |
|
This variable contains kernel history data if the kernel was |
|
configured for any of the options |
|
.Dv UVHMIST , |
|
.Dv USB_DEBUG , |
|
.Dv BIOHIST , |
|
or |
|
.Dv SCDEBUG . |
|
(See |
|
.Xr options 4 |
|
for more details.) |
|
The third-level names correspond to each available history table. |
|
The values of the history tables are in an internal format, and can be |
|
decoded by the |
|
.Xr vmstat 1 |
|
utility's |
|
.Fl U |
|
and |
|
.Fl u |
|
options; |
|
the |
|
.Fl l |
|
option can be used to see which tables are available. |
.It Li kern.hostid ( Dv KERN_HOSTID ) |
.It Li kern.hostid ( Dv KERN_HOSTID ) |
Get or set the host identifier. |
Get or set the host identifier. |
This is aimed to replace the legacy |
This is aimed to replace the legacy |
|
|
Return information about the SysV IPC parameters. |
Return information about the SysV IPC parameters. |
The third level names for the ipc variables are detailed below. |
The third level names for the ipc variables are detailed below. |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvmsg integer no |
.It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvsem integer no |
.It kern.ipc.sysvshm integer no |
.It kern.ipc.sysvshm integer no |
|
|
Return System V style IPC configuration and run-time information. |
Return System V style IPC configuration and run-time information. |
The fourth level name selects the System V style IPC facility. |
The fourth level name selects the System V style IPC facility. |
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
.It Sy Fourth level name Sy Type |
.It Sy Fourth level name Ta Sy Type |
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
Line 700 The third level names for the mbuf varia |
|
Line 761 The third level names for the mbuf varia |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.\" XXX Changeable? really? |
.\" XXX Changeable? really? |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mblowat integer yes |
.It kern.mbuf.mclbytes integer yes |
.It kern.mbuf.mclbytes integer yes |
Line 739 Returns 1 if the |
|
Line 800 Returns 1 if the |
|
.St -p1003.1b-93 |
.St -p1003.1b-93 |
Memory Protection Option is available on this system, |
Memory Protection Option is available on this system, |
otherwise\ 0. |
otherwise\ 0. |
|
.It Li kern.messages |
|
Kernel console message verbosity. |
|
See |
|
.Aq Pa sys/reboot.h |
|
.Bl -column "verbosity" "setting" -offset indent |
|
.It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent |
|
.It 0 Ta Silent Ta Sy AB_SILENT |
|
.It 1 Ta Quiet Ta Sy AB_QUIET |
|
.It 2 Ta Normal Ta Sy AB_NORMAL |
|
.It 3 Ta Verbose Ta Sy AB_VERBOSE |
|
.It 4 Ta Debug Ta Sy AB_DEBUG |
|
.El |
.It Li kern.module |
.It Li kern.module |
Settings related to kernel modules. |
Settings related to kernel modules. |
The third level names for the settings are described below. |
The third level names for the settings are described below. |
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.module.autoload integer yes |
.It kern.module.autoload integer yes |
.It kern.module.autotime integer yes |
.It kern.module.autotime integer yes |
.It kern.module.verbose integer yes |
.It kern.module.verbose boolean yes |
.El |
.El |
.Pp |
.Pp |
The variables are as follows: |
The variables are as follows: |
Line 770 Returns the standard version the impleme |
|
Line 843 Returns the standard version the impleme |
|
Monotonic Clock Option conforms to, |
Monotonic Clock Option conforms to, |
otherwise\ 0. |
otherwise\ 0. |
.It Li kern.mqueue |
.It Li kern.mqueue |
Settings related to |
Settings related to POSIX message queues; see |
.Tn POSIX |
|
message queues; see |
|
.Xr mqueue 3 . |
.Xr mqueue 3 . |
This node is created dynamically when |
This node is created dynamically when |
the corresponding kernel module is loaded. |
the corresponding kernel module is loaded. |
The third level names for the settings are described below. |
The third level names for the settings are described below. |
.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.mqueue.mq_open_max integer yes |
.It kern.mqueue.mq_open_max integer yes |
.It kern.mqueue.mq_prio_max integer yes |
.It kern.mqueue.mq_prio_max integer yes |
.It kern.mqueue.mq_max_msgsize integer yes |
.It kern.mqueue.mq_max_msgsize integer yes |
Line 830 The third level names for the integer p |
|
Line 901 The third level names for the integer p |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.kvasiz integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxbigpipes integer yes |
.It kern.pipe.maxkvasz integer yes |
.It kern.pipe.maxkvasz integer yes |
Line 923 structures is returned, |
|
Line 994 structures is returned, |
|
whose size depends on the current number of such objects in the system. |
whose size depends on the current number of such objects in the system. |
The third and fourth level numeric names are as follows: |
The third and fourth level numeric names are as follows: |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent |
.It Sy Third level name Sy Fourth level is: |
.It Sy Third level name Ta Sy Fourth level is : |
.It KERN_PROC_ALL None |
.It KERN_PROC_ALL None |
.It KERN_PROC_GID A group ID |
.It KERN_PROC_GID A group ID |
.It KERN_PROC_PID A process ID |
.It KERN_PROC_PID A process ID |
Line 955 The fourth level name is as follows: |
|
Line 1026 The fourth level name is as follows: |
|
.It Dv KERN_PROC_NARGV The number of argv strings |
.It Dv KERN_PROC_NARGV The number of argv strings |
.It Dv KERN_PROC_NENV The number of environ strings |
.It Dv KERN_PROC_NENV The number of environ strings |
.It Dv KERN_PROC_PATHNAME The full pathname of the executable |
.It Dv KERN_PROC_PATHNAME The full pathname of the executable |
|
.It Dv KERN_PROC_CWD The current working directory |
.El |
.El |
.It Li kern.profiling ( Dv KERN_PROF ) |
.It Li kern.profiling ( Dv KERN_PROF ) |
Return profiling information about the kernel. |
Return profiling information about the kernel. |
Line 968 is detailed below. |
|
Line 1040 is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.count u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.froms u_short[\|] yes |
.It kern.profiling.gmonparam struct gmonparam no |
.It kern.profiling.gmonparam struct gmonparam no |
Line 1011 Return the offset of real time clock fro |
|
Line 1083 Return the offset of real time clock fro |
|
.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) |
.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) |
Returns 1 if saved set-group and saved set-user ID is available. |
Returns 1 if saved set-group and saved set-user ID is available. |
.It Li kern.sbmax ( Dv KERN_SBMAX ) |
.It Li kern.sbmax ( Dv KERN_SBMAX ) |
Maximum socket buffer size. |
Maximum socket buffer size in bytes. |
.\" XXX units? |
|
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
See |
See |
.Xr secmodel_securelevel 9 . |
.Xr secmodel_securelevel 9 . |
.\" .It Li kern.sched |
.It Li kern.sched ( dynamic ) |
.\" XXX: Undocumented. |
Influence the scheduling of LWPs, their priorisation and how they are |
|
distributed on and moved between CPUs. |
|
.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent |
|
.It Sy Third level name Sy Type Sy Changeable |
|
.It kern.sched.cacheht_time integer yes |
|
.It kern.sched.balance_period integer yes |
|
.It kern.sched.average_weight integer yes |
|
.It kern.sched.min_catch integer yes |
|
.It kern.sched.timesoftints integer yes |
|
.It kern.sched.kpreempt_pri integer yes |
|
.It kern.sched.upreempt_pri integer yes |
|
.It kern.sched.maxts integer yes |
|
.It kern.sched.mints integer yes |
|
.It kern.sched.name string no |
|
.It kern.sched.rtts integer no |
|
.It kern.sched.pri_min integer no |
|
.It kern.sched.pri_max integer no |
|
.El |
|
.Pp |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li kern.sched.cacheht_time ( dynamic ) |
|
Cache hotness time in which a LWP is kept on one particular CPU |
|
and not moved to another CPU. |
|
This reduces the overhead of flushing and reloading caches. |
|
Defaults to 3ms. |
|
Needs to be given in |
|
.Dq hz |
|
units, see |
|
.Xr mstohz 9 . |
|
.It Li kern.sched.balance_period ( dynamic ) |
|
Interval at which the CPU queues are checked for re-balancing. |
|
Defaults to 300ms. |
|
Needs to be given in |
|
.Dq hz |
|
units, see |
|
.Xr mstohz 9 . |
|
.It Li kern.sched.average_weight ( dynamic ) |
|
Can be used to influence how likely LWPs are to be migrated from |
|
one CPU's queue of LWPs that are ready to run to a different, idle CPU. |
|
The value gives the percentage for weighting the average count of |
|
migratable threads from the past against the current number of |
|
migratable threads. |
|
A small value gives more weight to the past, a larger values more weight |
|
on the current situation. |
|
Defaults to 50 and must be between 0 and 100. |
|
.It Li kern.sched.min_catch ( dynamic ) |
|
Minimum count of migratable (runable) threads for catching (stealing) |
|
from another CPU. |
|
Defaults to 1 but can be increased to decrease chance of thread |
|
migration between CPUs. |
|
.It Li kern.sched.timesoftints ( dynamic ) |
|
Enable tracking of CPU time for soft interrupts |
|
as part of a LWP's real execution time. |
|
Set to a non-zero value to enable, |
|
and see |
|
.Xr ps 1 |
|
for printing CPU times. |
|
.It Li kern.sched.kpreempt_pri ( dynamic ) |
|
Minimum priority to trigger kernel preemption. |
|
.It Li kern.sched.upreempt_pri ( dynamic ) |
|
Minimum priority to trigger user preemption. |
|
.It Li kern.sched.maxts ( dynamic ) |
|
Scheduler specific maximal time quantum (in milliseconds). |
|
Must be set to a value larger than |
|
.Dq mints |
|
and between 10 and |
|
.Dq hz |
|
as given by the |
|
.Dv kern.clockrate |
|
sysctl. |
|
Provided by the M2 scheduler. |
|
.It Li kern.sched.mints ( dynamic ) |
|
Scheduler specific minimal time quantum (in milliseconds). |
|
Must be set to a value smaller than |
|
.Dq maxts |
|
and between 1 and |
|
.Dq hz |
|
as given by the |
|
.Dq kern.clockrate |
|
sysctl. |
|
Provided by the M2 scheduler. |
|
.It Li kern.sched.name ( dynamic ) |
|
Scheduler name. |
|
Provided both by the M2 and the 4BSD scheduler. |
|
.It Li kern.sched.rtts ( dynamic ) |
|
Fixed scheduler specific round-robin time quantum in milliseconds. |
|
Provided both by the M2 and the 4BSD scheduler. |
|
.It Li kern.sched.pri_min ( dynamic ) |
|
Minimal POSIX real-time priority. |
|
See |
|
.Xr sched 3 . |
|
.It Li kern.sched.pri_max ( dynamic ) |
|
Maximal POSIX real-time priority. |
|
See |
|
.Xr sched 3 . |
|
.El |
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
Maximum amount of kernel memory to be used for socket buffers. |
Maximum amount of kernel memory to be used for socket buffers in bytes. |
.\" XXX units? |
.It Li kern.sooptions |
|
Set the default socket option flags for |
|
.Xr socket 2 |
|
creation. |
|
See |
|
.Xr setsockopt 2 |
|
for a list of supported flags. |
.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) |
.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) |
Returns 1 if the |
Returns 1 if the |
.St -p1003.1b-93 |
.St -p1003.1b-93 |
|
|
.It Li kern.timecounter ( dynamic ) |
.It Li kern.timecounter ( dynamic ) |
Display and control the timecounter source of the system. |
Display and control the timecounter source of the system. |
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.timecounter.choice string no |
.It kern.timecounter.choice string no |
.It kern.timecounter.hardware string yes |
.It kern.timecounter.hardware string yes |
.It kern.timecounter.timestepwarnings integer yes |
.It kern.timecounter.timestepwarnings integer yes |
Line 1053 The third level names for the tty statis |
|
Line 1226 The third level names for the tty statis |
|
The changeable column shows whether a process |
The changeable column shows whether a process |
with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.cancc quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nin quad no |
.It kern.tkstat.nout quad no |
.It kern.tkstat.nout quad no |
Line 1076 The third level names for the tty setup |
|
Line 1249 The third level names for the tty setup |
|
The changeable column shows whether a process |
The changeable column shows whether a process |
with appropriate privilege may change the value. |
with appropriate privilege may change the value. |
.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent |
.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.tty.qsize int yes |
.It kern.tty.qsize int yes |
.El |
.El |
.Pp |
.Pp |
|
|
.It Li kern.uidinfo |
.It Li kern.uidinfo |
Resource usage for the current user. |
Resource usage for the current user. |
.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent |
.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.uidinfo.proccnt integer no |
.It kern.uidinfo.proccnt integer no |
.It kern.uidinfo.lwpcnt integer no |
.It kern.uidinfo.lwpcnt integer no |
.It kern.uidinfo.lockcnt integer no |
.It kern.uidinfo.lockcnt integer no |
|
.It kern.uidinfo.semcnt integer no |
.It kern.uidinfo.sbsize integer no |
.It kern.uidinfo.sbsize integer no |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
Line 1107 Returns the number of active threads for |
|
Line 1281 Returns the number of active threads for |
|
of each process is not counted. |
of each process is not counted. |
.It Li kern.uidinfo.lockcnt |
.It Li kern.uidinfo.lockcnt |
Number of locks held by the current user. |
Number of locks held by the current user. |
|
.It Li kern.uidinfo.semcnt |
|
Number of semaphores held by the current user. |
.It Li kern.uidinfo.sbsize |
.It Li kern.uidinfo.sbsize |
Number of bytes in socket buffers allocated to the current user. |
Number of bytes in socket buffers allocated to the current user. |
.El |
.El |
|
|
Runtime information for |
Runtime information for |
.Xr veriexec 8 . |
.Xr veriexec 8 . |
.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It kern.veriexec.algorithms string no |
.It kern.veriexec.algorithms string no |
.It kern.veriexec.count node not applicable |
.It kern.veriexec.count node not applicable |
.It kern.veriexec.strict integer yes |
.It kern.veriexec.strict integer yes |
Line 1177 followed by the vnode itself |
|
Line 1353 followed by the vnode itself |
|
The set of variables defined is architecture dependent. |
The set of variables defined is architecture dependent. |
Most architectures define at least the following variables. |
Most architectures define at least the following variables. |
.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It Li machdep.booted_kernel string no |
.It Li machdep.booted_kernel string no |
.El |
.El |
.\" XXX: Document the above. |
.\" XXX: Document the above. |
Line 1190 privilege may change the value. |
|
Line 1366 privilege may change the value. |
|
The second and third levels are typically the protocol family and |
The second and third levels are typically the protocol family and |
protocol number, though this is not always the case. |
protocol number, though this is not always the case. |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It net.route routing messages no |
.It net.route routing messages no |
.It net.inet IPv4 values yes |
.It net.inet IPv4 values yes |
.It net.inet6 IPv6 values yes |
.It net.inet6 IPv6 values yes |
Line 1210 The fourth level name is an address fami |
|
Line 1386 The fourth level name is an address fami |
|
select all address families. |
select all address families. |
The fifth and sixth level names are as follows: |
The fifth and sixth level names are as follows: |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.Bl -column "Fifth level name" "Sixth level is:" -offset indent |
.It Sy Fifth level name Sy Sixth level is: |
.It Sy Fifth level name Ta Sy Sixth level is : |
.It NET_RT_FLAGS rtflags |
.It NET_RT_FLAGS rtflags |
.It NET_RT_DUMP None |
.It NET_RT_DUMP None |
.It NET_RT_IFLIST None |
.It NET_RT_IFLIST None |
Line 1222 The third level name is the protocol. |
|
Line 1398 The third level name is the protocol. |
|
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.It Sy Protocol Variable Sy Type Sy Changeable |
.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable |
.It arp down integer yes |
.It arp down integer yes |
.It arp keep integer yes |
.It arp keep integer yes |
.It arp log_movements integer yes |
.It arp log_movements integer yes |
.It arp log_permanent_modify integer yes |
.It arp log_permanent_modify integer yes |
.It arp log_unknown_network integer yes |
.It arp log_unknown_network integer yes |
.It arp log_wrong_iface integer yes |
.It arp log_wrong_iface integer yes |
.It arp prune integer yes |
|
.It arp refresh integer yes |
|
.It carp allow integer yes |
.It carp allow integer yes |
.It carp preempt integer yes |
.It carp preempt integer yes |
.It carp log integer yes |
.It carp log integer yes |
Line 1247 The currently defined protocols and name |
|
Line 1421 The currently defined protocols and name |
|
.It ip anonportmax integer yes |
.It ip anonportmax integer yes |
.It ip anonportmin integer yes |
.It ip anonportmin integer yes |
.It ip checkinterface integer yes |
.It ip checkinterface integer yes |
|
.It ip dad_count integer yes |
.It ip directed-broadcast integer yes |
.It ip directed-broadcast integer yes |
.It ip do_loopback_cksum integer yes |
.It ip do_loopback_cksum integer yes |
.It ip forwarding integer yes |
.It ip forwarding integer yes |
Line 1277 The currently defined protocols and name |
|
Line 1452 The currently defined protocols and name |
|
.It tcp mss_ifmtu integer yes |
.It tcp mss_ifmtu integer yes |
.It tcp win_scale integer yes |
.It tcp win_scale integer yes |
.It tcp timestamps integer yes |
.It tcp timestamps integer yes |
.It tcp compat_42 integer yes |
|
.It tcp cwm integer yes |
.It tcp cwm integer yes |
.It tcp cwm_burstsize integer yes |
.It tcp cwm_burstsize integer yes |
.It tcp ack_on_push integer yes |
.It tcp ack_on_push integer yes |
Line 1312 The variables are as follows: |
|
Line 1486 The variables are as follows: |
|
Failed ARP entry lifetime. |
Failed ARP entry lifetime. |
.It Li arp.keep |
.It Li arp.keep |
Valid ARP entry lifetime. |
Valid ARP entry lifetime. |
.It Li arp.prune |
|
ARP cache pruning interval. |
|
.It Li arp.refresh |
|
ARP entry refresh interval. |
|
.It Li carp.allow |
.It Li carp.allow |
If set to 0, incoming |
If set to 0, incoming |
.Xr carp 4 |
.Xr carp 4 |
Line 1364 This cannot be set to less than 1024 or |
|
Line 1534 This cannot be set to less than 1024 or |
|
.It Li ip.checkinterface |
.It Li ip.checkinterface |
If set to non-zero, the host will reject packets addressed to it |
If set to non-zero, the host will reject packets addressed to it |
that arrive on an interface not bound to that address. |
that arrive on an interface not bound to that address. |
Currently, this must be disabled if ipnat is used to translate the |
Currently, this must be disabled if NAT is used to translate the |
destination address to another local interface, or if addresses |
destination address to another local interface, or if addresses |
are added to the loopback interface instead of the interface where |
are added to the loopback interface instead of the interface where |
the packets for those packets are received. |
the packets for those packets are received. |
|
.It Li ip.dad_count |
|
The number of |
|
.Xr arp 4 |
|
probes sent for Address Conflict Detection. |
|
Set to 0 to disable this. |
.It Li ip.directed-broadcast |
.It Li ip.directed-broadcast |
If set to 1, enables directed broadcast behavior for the host. |
If set to 1, enables directed broadcast behavior for the host. |
.It Li ip.do_loopback_cksum |
.It Li ip.do_loopback_cksum |
Line 1469 This can avoid losing a round trip time |
|
Line 1644 This can avoid losing a round trip time |
|
but has the caveat of potentially defeating TCP's delayed ACK algorithm. |
but has the caveat of potentially defeating TCP's delayed ACK algorithm. |
Use of this option is generally not recommended, but |
Use of this option is generally not recommended, but |
the variable exists in case your configuration really needs it. |
the variable exists in case your configuration really needs it. |
.It Li tcp.compat_42 |
|
If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation. |
|
Use of this option is not recommended, although it may be |
|
required in order to communicate with extremely old TCP implementations. |
|
.It Li tcp.cwm |
.It Li tcp.cwm |
If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window |
If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window |
Monitoring algorithm. |
Monitoring algorithm. |
Line 1604 The third level name is the protocol. |
|
Line 1775 The third level name is the protocol. |
|
The fourth level name is the variable name. |
The fourth level name is the variable name. |
The currently defined protocols and names are: |
The currently defined protocols and names are: |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent |
.It Sy Protocol Variable Sy Type Sy Changeable |
.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable |
.It icmp6 errppslimit integer yes |
.It icmp6 errppslimit integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_hiwat integer yes |
.It icmp6 mtudisc_lowat integer yes |
.It icmp6 mtudisc_lowat integer yes |
Line 1775 The maximum number of fragments the node |
|
Line 1946 The maximum number of fragments the node |
|
\-1 means that the node will accept as many fragments as it receives. |
\-1 means that the node will accept as many fragments as it receives. |
The flag is provided basically for avoiding possible DoS attacks. |
The flag is provided basically for avoiding possible DoS attacks. |
.It Li ip6.neighborgcthresh |
.It Li ip6.neighborgcthresh |
Maximum number of entries in neighbor cache. |
Maximum number of entries in neighbor cache per interface. |
Set to negative to disable. |
Set to negative to disable. |
The default value is 2048. |
The default value is 2048. |
.It Li ip6.redirect |
.It Li ip6.redirect |
Line 1885 Default UDP receive buffer size. |
|
Line 2056 Default UDP receive buffer size. |
|
Default UDP send buffer size. |
Default UDP send buffer size. |
.El |
.El |
.Pp |
.Pp |
We reuse net.*.tcp for |
We reuse net.*.tcp for TCP over IPv6, |
.Tn TCP |
|
over |
|
.Tn IPv6 , |
|
and therefore we do not have variables net.*.tcp6. |
and therefore we do not have variables net.*.tcp6. |
Variables net.inet6.udp6 have identical meaning to net.inet.udp. |
Variables net.inet6.udp6 have identical meaning to net.inet.udp. |
Please refer to |
Please refer to |
Line 1901 Get or set various global information ab |
|
Line 2069 Get or set various global information ab |
|
The third level name is the variable name. |
The third level name is the variable name. |
The currently defined variable and names are: |
The currently defined variable and names are: |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent |
.It Sy Variable Type Sy Changeable |
.It Sy Variable Type Ta Sy Changeable |
.It debug integer yes |
.It debug integer yes |
.It enabled integer yes |
.It enabled integer yes |
.It used integer no |
.It used integer no |
Line 1915 The currently defined variable and names |
|
Line 2083 The currently defined variable and names |
|
.It esp_auth integer yes |
.It esp_auth integer yes |
.It ah_keymin integer yes |
.It ah_keymin integer yes |
.El |
.El |
.Pp |
|
The variables are as follows: |
The variables are as follows: |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li debug |
.It Li debug |
Turn on debugging message from within the kernel. |
Turn on debugging message from within the kernel. |
The value is a bitmap, as defined in |
The value is a bitmap, as defined in |
.In netkey/key_debug.h . |
.In netipsec/key_debug.h . |
.It Li enabled |
.It Li enabled |
Control processing of IPsec control messages. |
Control processing of IPsec control messages. |
.Bl -tag -width indent |
.Bl -tag -width indent |
Line 1933 Allow IPsec processing when SPD policies |
|
Line 2100 Allow IPsec processing when SPD policies |
|
Force IPsec processing even when SPD policies are not present. |
Force IPsec processing even when SPD policies are not present. |
.El |
.El |
.It Li used |
.It Li used |
Based on if IPsec is enabled, and SPD rule existance, show if |
Based on if IPsec is enabled, and SPD rule existence, show if |
IPsec is being used. |
IPsec is being used. |
Note that currenly once IPsec is being used, it cannot be disabled. |
Note that currently once IPsec is being used, it cannot be disabled. |
.It Li spi_try |
.It Li spi_try |
The number of times the kernel will try to obtain an unique SPI |
The number of times the kernel will try to obtain an unique SPI |
when it generates it from random number generator. |
when it generates it from random number generator. |
Line 1965 Minimum AH key length, in bits, |
|
Line 2132 Minimum AH key length, in bits, |
|
The value is used when the kernel creates proposal payload |
The value is used when the kernel creates proposal payload |
on ACQUIRE PF_KEY message. |
on ACQUIRE PF_KEY message. |
.El |
.El |
|
.It Li net.local ( Dv PF_LOCAL ) |
|
Get or set various global information about |
|
.Dv AF_LOCAL |
|
type sockets. |
|
For some variables, the third level name is the variable name: |
|
.Bl -column "Variable" "integer" "Changeable" -offset indent |
|
.It Sy Variable Type Ta Sy Changeable |
|
.It inflight integer no |
|
.It deferred integer no |
|
.El |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li inflight |
|
The number of file descriptors currently passed between processes, |
|
.Qq in flight . |
|
.It Li deferred |
|
The number of file descriptors passed between processes that have been |
|
deferred for cleanup by a kernel task. |
|
.El |
|
.Pp |
|
Other variables are specific to a socket type: |
|
.Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent |
|
.It Sy "Socket Type" Sy Variable Type Ta Sy Changeable |
|
.It dgram pcblist struct no |
|
.It dgram recvspace integer yes |
|
.It dgram sendspace integer yes |
|
.It seqpacket pcblist struct no |
|
.It stream pcblist struct no |
|
.It stream recvspace integer yes |
|
.It stream sendspace integer yes |
|
.El |
|
The variables are as follows: |
|
.Bl -tag -width "123456" |
|
.It Li dgram.pcblist |
|
The Protocol Control Block list structure for datagram sockets. |
|
Parsed by |
|
.Xr netstat 1 |
|
or |
|
.Xr sockstat 1 . |
|
.It Li dgram.recvspace |
|
The default datagram receive buffer size. |
|
.It Li dgram.sendspace |
|
The default datagram send buffer size. |
|
.It Li seqpacket.pcblist |
|
The Protocol Control Block list structure for Sequential Packet sockets. |
|
Parsed by |
|
.Xr netstat 1 |
|
or |
|
.Xr sockstat 1 . |
|
.It Li stream.pcblist |
|
The Protocol Control Block list structure for stream sockets. |
|
Parsed by |
|
.Xr netstat 1 |
|
or |
|
.Xr sockstat 1 . |
|
.It Li stream.recvspace |
|
The default stream receive buffer size. |
|
.It Li stream.sendspace |
|
The default stream send buffer size. |
|
.El |
.El |
.El |
.Ss The proc.* subtree |
.Ss The proc.* subtree |
The string and integer information available for the |
The string and integer information available for the |
Line 1981 value of PROC_PID_CORENAME is reset to t |
|
Line 2208 value of PROC_PID_CORENAME is reset to t |
|
The second level name is either the magic value PROC_CURPROC, which |
The second level name is either the magic value PROC_CURPROC, which |
points to the current process, or the PID of the target process. |
points to the current process, or the PID of the target process. |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent |
.It Sy Third level name Sy Type Sy Changeable |
.It Sy Third level name Ta Sy Type Ta Sy Changeable |
.It proc.pid.corename string yes |
.It proc.pid.corename string yes |
.It proc.pid.rlimit node not applicable |
.It proc.pid.rlimit node not applicable |
.It proc.pid.stopfork int yes |
.It proc.pid.stopfork int yes |
.It proc.pid.stopexec int yes |
.It proc.pid.stopexec int yes |
.It proc.pid.stopexit int yes |
.It proc.pid.stopexit int yes |
|
.It proc.pid.paxflags int no |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) |
.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) |
Line 2066 Both are of type integer. |
|
Line 2294 Both are of type integer. |
|
If non zero, the process' children will be stopped after |
If non zero, the process' children will be stopped after |
.Xr fork 2 |
.Xr fork 2 |
calls. |
calls. |
The children is created in the SSTOP state and is never scheduled |
The children are created in the SSTOP state and are never scheduled |
for running before being stopped. |
for running before being stopped. |
This feature helps attaching a process with a debugger such as |
This feature enables attaching to a process with a debugger such as |
.Xr gdb 1 |
.Xr gdb 1 |
before it had the opportunity to actually do anything. |
before the process has the opportunity to actually do anything. |
.Pp |
.Pp |
This value is inherited by the process's children, and it also |
This value is inherited by the process's children, and it also |
apply to emulation specific system calls that fork a new process, such as |
applies to emulation specific system calls that fork a new process, such as |
.Fn sproc |
.Fn sproc |
or |
or |
.Fn clone . |
.Fn clone . |
.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) |
.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) |
If non zero, the process will be stopped on next |
If non zero, the process will be stopped on the next |
.Xr exec 3 |
.Xr exec 3 |
call. |
call. |
The process created by |
The process created by |
.Xr exec 3 |
.Xr exec 3 |
is created in the SSTOP state and is never scheduled for running |
is created in the SSTOP state and is never scheduled for running |
before being stopped. |
before being stopped. |
This feature helps attaching a process with a debugger such as |
This feature enables attaching to a process with a debugger such as |
.Xr gdb 1 |
.Xr gdb 1 |
before it had the opportunity to actually do anything. |
before the process has the opportunity to actually do anything. |
.Pp |
.Pp |
This value is inherited by the process's children. |
This value is inherited by the process's children. |
.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) |
.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) |
If non zero, the process will be stopped on when it has cause to exit, |
If non zero, the process will be stopped when it has cause to exit, |
either by way of calling |
either by way of calling |
.Xr exit 3 , |
.Xr exit 3 , |
.Xr _exit 2 , |
.Xr _exit 2 , |
or by the receipt of a specific signal. |
or by the receipt of a specific signal. |
The process is stopped before any of its resources or vm space is |
The process is stopped before any of its resources or vm space is |
released allowing examination of the termination state of a process |
released allowing examination of the termination state of the process |
before it disappears. |
before it disappears. |
This feature can be used to examine the final conditions of the |
This feature can be used to examine the final conditions of the |
process's vmspace via |
process's vmspace via |
Line 2107 or its resource settings with |
|
Line 2335 or its resource settings with |
|
before it disappears. |
before it disappears. |
.Pp |
.Pp |
This value is also inherited by the process's children. |
This value is also inherited by the process's children. |
|
.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) |
|
This read-only variable returns the current value of the process's pax |
|
flags (see |
|
.Xr paxctl 8 ) . |
.El |
.El |
.Ss The user.* subtree ( Dv CTL_USER ) |
.Ss The user.* subtree ( Dv CTL_USER ) |
The string and integer information available for the |
The string and integer information available for the |
Line 2115 level is detailed below. |
|
Line 2347 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It user.atexit_max integer no |
.It user.atexit_max integer no |
.It user.bc_base_max integer no |
.It user.bc_base_max integer no |
.It user.bc_dim_max integer no |
.It user.bc_dim_max integer no |
Line 2220 level is detailed below. |
|
Line 2452 level is detailed below. |
|
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It vm.anonmax int yes |
.It vm.anonmax int yes |
.It vm.anonmin int yes |
.It vm.anonmin int yes |
.It vm.bufcache int yes |
.It vm.bufcache int yes |
Line 2239 privilege may change the value. |
|
Line 2471 privilege may change the value. |
|
.It vm.uvmexp2 struct uvmexp_sysctl no |
.It vm.uvmexp2 struct uvmexp_sysctl no |
.It vm.vmmeter struct vmtotal no |
.It vm.vmmeter struct vmtotal no |
.It vm.proc.map struct kinfo_vmentry no |
.It vm.proc.map struct kinfo_vmentry no |
|
.It vm.guard_size unsigned int no |
|
.It vm.thread_guard_size unsigned int yes |
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li vm.anonmax ( Dv VM_ANONMAX ) |
.It Li vm.anonmax ( Dv VM_ANONMAX ) |
Line 2284 The returned data consists of a |
|
Line 2518 The returned data consists of a |
|
A flag which controls whether user processes can map virtual address\ 0. |
A flag which controls whether user processes can map virtual address\ 0. |
.It Li vm.proc.map ( Dv VM_PROC ) |
.It Li vm.proc.map ( Dv VM_PROC ) |
The third level is |
The third level is |
.dv VM_PROC_MAP , |
.Dv VM_PROC_MAP , |
the fourth is the pid of the process to display the vm object entries for, and |
the fourth is the pid of the process to display the vm object entries for, and |
the fifth is the size of |
the fifth is the size of |
.Vt struct kinfo_vmentry . |
.Vt struct kinfo_vmentry . |
Line 2301 The returned data consists of a |
|
Line 2535 The returned data consists of a |
|
Return system wide virtual memory statistics. |
Return system wide virtual memory statistics. |
The returned data consists of a |
The returned data consists of a |
.Vt struct uvmexp_sysctl . |
.Vt struct uvmexp_sysctl . |
|
.It Li vm.guard_size |
|
Return system wide guard size for the main thread of a program. |
|
.It Li vm.thread_guard_size |
|
Return system wide default size for the guard area of all other threads |
|
of a program. |
.\" XXX vm.idlezero |
.\" XXX vm.idlezero |
.El |
.El |
.Ss The ddb.* subtree ( Dv CTL_DDB ) |
.Ss The ddb.* subtree ( Dv CTL_DDB ) |
Line 2309 The information available for the |
|
Line 2548 The information available for the |
|
level is detailed below. |
level is detailed below. |
The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
privilege may change the value. |
privilege may change the value. |
.\" XXX sort |
|
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It ddb.radix integer yes |
.It ddb.commandonenter string yes |
|
.It ddb.dumpstack integer yes |
|
.It ddb.fromconsole integer yes |
|
.It ddb.lines integer yes |
.It ddb.maxoff integer yes |
.It ddb.maxoff integer yes |
.It ddb.maxwidth integer yes |
.It ddb.maxwidth integer yes |
.It ddb.lines integer yes |
|
.It ddb.tabstops integer yes |
|
.It ddb.onpanic integer yes |
.It ddb.onpanic integer yes |
.It ddb.fromconsole integer yes |
.It ddb.panicstackframes integer yes |
|
.It ddb.radix integer yes |
|
.It ddb.tabstops integer yes |
.It ddb.tee_msgbuf integer yes |
.It ddb.tee_msgbuf integer yes |
.It ddb.commandonenter string yes |
|
.El |
.El |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li ddb.radix ( Dv DDBCTL_RADIX ) |
.It Li ddb.commandonenter |
The input and output radix. |
If not empty, the string is used as the DDB command to be executed each time |
|
DDB is entered. |
|
.It Li ddb.dumpstack |
|
A value of 1 causes a stack trace to be printed on entering ddb from a panic. |
|
A value of 0 disables this behaviour. |
|
The default value is 1. |
|
.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) |
|
If not zero, DDB may be entered by sending a break on a serial |
|
console or by a special key sequence on a graphics console. |
|
.It Li ddb.lines ( Dv DDBCTL_LINES ) |
|
Number of display lines. |
.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) |
.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) |
The maximum symbol offset. |
The maximum symbol offset. |
.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) |
.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) |
The maximum output line width. |
The maximum output line width. |
.It Li ddb.lines ( Dv DDBCTL_LINES ) |
|
Number of display lines. |
|
.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) |
|
Tab width. |
|
.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) |
.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) |
If greater than zero, DDB will be entered if the kernel panics. |
If greater than zero, DDB will be entered if the kernel panics. |
A value of 1 causes the system to enter DDB on panic, while a value of 2 |
A value of 1 causes the system to enter DDB on panic. |
causes the kernel to attempt to print out a stack trace before entering DDB. |
|
A value of 0 causes the kernel to attempt to print a stack trace, then |
A value of 0 causes the kernel to attempt to print a stack trace, then |
reboot, while a value of \-1 means neither a stack trace will be printed |
reboot, while a value of \-1 means neither a stack trace will be printed |
nor DDB entered. |
nor DDB entered. |
.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) |
.It Li ddb.panicstackframes |
If not zero, DDB may be entered by sending a break on a serial |
Number of stack frames to display on panic. |
console or by a special key sequence on a graphics console. |
Useful to avoid scrolling away the interesting frames on a glass tty. |
|
Default value is |
|
.Dv 65535 |
|
(all frames), useful value around |
|
.Dv 10 . |
|
.It Li ddb.radix ( Dv DDBCTL_RADIX ) |
|
The input and output radix. |
|
.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) |
|
Tab width. |
.It Li ddb.tee_msgbuf |
.It Li ddb.tee_msgbuf |
If not zero, DDB will output also to the kernel message buffer. |
If not zero, DDB will output also to the kernel message buffer. |
.It Li ddb.commandonenter |
|
If not empty, a command to be executed on each enter to the |
|
.Tn DDB . |
|
.\" |
|
.\" XXX: (a) ddb.commandonenter is missing in ddb(4); |
|
.\" (b) No DDBCTL definitions for tee_msgbuf and commandonenter. |
|
.El |
.El |
.Pp |
.Pp |
Some of these |
Some of these MIB |
.Tn MIB |
|
nodes are also available as variables from within the debugger. |
nodes are also available as variables from within the debugger. |
See |
See |
.Xr ddb 4 |
.Xr ddb 4 |
Line 2366 level contains various security-related |
|
Line 2612 level contains various security-related |
|
the system. |
the system. |
The available second level names are: |
The available second level names are: |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
.It Sy Second level name Sy Type Sy Changeable |
.It Sy Second level name Ta Sy Type Ta Sy Changeable |
.It Li security.curtain integer yes |
.It Li security.curtain integer yes |
.It Li security.models node not applicable |
.It Li security.models node not applicable |
.It Li security.pax node not applicable |
.It Li security.pax node not applicable |
Line 2375 The available second level names are: |
|
Line 2621 The available second level names are: |
|
Available settings are detailed below. |
Available settings are detailed below. |
.Bl -tag -width "123456" |
.Bl -tag -width "123456" |
.It Li security.curtain |
.It Li security.curtain |
If non-zero, will filter return objects according to the user |
If non-zero, will filter return objects according to the user ID |
.Tn ID |
|
requesting information about them, preventing users from |
requesting information about them, preventing users from |
accessing any objects they do not own. |
accessing any objects they do not own. |
.Pp |
.Pp |
|
|
.Xr secmodel 9 |
.Xr secmodel 9 |
for more information. |
for more information. |
.It Li security.pax |
.It Li security.pax |
Settings for PaX -- exploit mitigation features. |
Settings for PaX \(em exploit mitigation features. |
For more information on any of the PaX features, please see |
For more information on any of the PaX features, please see |
.Xr paxctl 8 |
.Xr paxctl 8 |
and |
and |
Line 2420 The available third and fourth level nam |
|
Line 2665 The available third and fourth level nam |
|
.\".It Li security.pax.aslr.stack_len integer yes |
.\".It Li security.pax.aslr.stack_len integer yes |
.It Li security.pax.mprotect.enabled integer yes |
.It Li security.pax.mprotect.enabled integer yes |
.It Li security.pax.mprotect.global integer yes |
.It Li security.pax.mprotect.global integer yes |
|
.It Li security.pax.mprotect.ptrace integer yes |
.It Li security.pax.segvguard.enabled integer yes |
.It Li security.pax.segvguard.enabled integer yes |
.It Li security.pax.segvguard.expiry_timeout integer yes |
.It Li security.pax.segvguard.expiry_timeout integer yes |
.It Li security.pax.segvguard.global integer yes |
.It Li security.pax.segvguard.global integer yes |
Line 2467 except those exempted with |
|
Line 2713 except those exempted with |
|
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
except those specifically marked as such with |
except those specifically marked as such with |
.Xr paxctl 8 . |
.Xr paxctl 8 . |
|
.It Li security.pax.mprotect.ptrace |
|
This variable allows |
|
.Xr ptrace 2 |
|
to override PaX MPROTECT permissions. |
|
It can have the following values: |
|
.Bl -tag -width XX -compact |
|
.It 0 |
|
Does not let override any permissions. |
|
.It 1 |
|
Disables PaX MPROTECT from processes that start executing while traced (default). |
|
.It 2 |
|
Bypasses PaX MPROTECT for all processes being traced. |
|
.El |
.It Li security.pax.segvguard.enabled |
.It Li security.pax.segvguard.enabled |
Enable PaX Segvguard. |
Enable PaX Segvguard. |
.Pp |
.Pp |
|
|
toplevel name is reserved to be used by vendors who wish to |
toplevel name is reserved to be used by vendors who wish to |
have their own private MIB tree. |
have their own private MIB tree. |
Intended use is to store values under |
Intended use is to store values under |
.Dq vendor.\*[Lt]yourname\*[Gt].* . |
.Dq vendor.<yourname>.* . |
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr sysctl 3 , |
.Xr sysctl 3 , |
.Xr ipsec 4 , |
.Xr ipsec 4 , |