[BACK]Return to sysctl.7 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / share / man / man7

Annotation of src/share/man/man7/sysctl.7, Revision 1.1

1.1     ! pavel       1: .\"    $NetBSD: sysctl.3,v 1.191 2006/11/27 17:55:12 elad Exp $
        !             2: .\"
        !             3: .\" Copyright (c) 1993
        !             4: .\"    The Regents of the University of California.  All rights reserved.
        !             5: .\"
        !             6: .\" Redistribution and use in source and binary forms, with or without
        !             7: .\" modification, are permitted provided that the following conditions
        !             8: .\" are met:
        !             9: .\" 1. Redistributions of source code must retain the above copyright
        !            10: .\"    notice, this list of conditions and the following disclaimer.
        !            11: .\" 2. Redistributions in binary form must reproduce the above copyright
        !            12: .\"    notice, this list of conditions and the following disclaimer in the
        !            13: .\"    documentation and/or other materials provided with the distribution.
        !            14: .\" 3. Neither the name of the University nor the names of its contributors
        !            15: .\"    may be used to endorse or promote products derived from this software
        !            16: .\"    without specific prior written permission.
        !            17: .\"
        !            18: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
        !            19: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
        !            20: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
        !            21: .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
        !            22: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
        !            23: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
        !            24: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
        !            25: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
        !            26: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
        !            27: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
        !            28: .\" SUCH DAMAGE.
        !            29: .\"
        !            30: .\"    @(#)sysctl.3    8.4 (Berkeley) 5/9/95
        !            31: .\"
        !            32: .Dd December 4, 2006
        !            33: .Dt SYSCTL 7
        !            34: .Os
        !            35: .Sh NAME
        !            36: .Nm sysctl
        !            37: .Nd system information variables
        !            38: .Sh DESCRIPTION
        !            39: The
        !            40: .Xr sysctl 3
        !            41: library function and the
        !            42: .Xr sysctl 8
        !            43: utility are used to get and set values of system variables, maintained
        !            44: by the kernel.
        !            45: The variables are organized in a tree and identified by a sequence of
        !            46: numbers, conventionally separated by dots with the topmost identifier
        !            47: at the left side.
        !            48: The numbers have corresponding text names.
        !            49: The
        !            50: .Xr sysctlnametomib 3
        !            51: function or the
        !            52: .Fl M
        !            53: argument to the
        !            54: .Xr sysctl 8
        !            55: utility can be used to convert the text representation to the
        !            56: numeric one.
        !            57: .Pp
        !            58: The individual sysctl variables are described below, both the textual
        !            59: and numeric form where applicable.
        !            60: The textual names can be used as argument to the
        !            61: .Xr sysctl 8
        !            62: utility and in the file
        !            63: .Pa /etc/sysctl.conf .
        !            64: The numeric names are usually defined as preprocessor constants and
        !            65: are intended for use by programs.
        !            66: Every such constant expands to one integer, which identifies the
        !            67: sysctl variable relative to the upper level of the tree.
        !            68: See the
        !            69: .Xr sysctl 3
        !            70: manual page for programming examples.
        !            71: .Sh Top level names
        !            72: The top level names are defined with a CTL_ prefix in
        !            73: .Aq Pa sys/sysctl.h ,
        !            74: and are as follows.
        !            75: The next and subsequent levels down are found in the include files
        !            76: listed here, and described in separate sections below.
        !            77: .Bl -column securityXX CTLXSECURITYXX "Next level namesXX"
        !            78: .It Sy Name    Constant        Next level names        Description
        !            79: .It kern       CTL\_KERN       sys/sysctl.h    High kernel limits
        !            80: .It vm CTL\_VM uvm/uvm_param.h Virtual memory
        !            81: .It vfs        CTL\_VFS        sys/mount.h     Filesystem
        !            82: .It net        CTL\_NET        sys/socket.h    Networking
        !            83: .It debug      CTL\_DEBUG      sys/sysctl.h    Debugging
        !            84: .It hw CTL\_HW sys/sysctl.h    Generic CPU, I/O
        !            85: .It machdep    CTL\_MACHDEP    sys/sysctl.h    Machine dependent
        !            86: .It user       CTL\_USER       sys/sysctl.h    User-level
        !            87: .It ddb        CTL\_DDB        sys/sysctl.h    In-kernel debugger
        !            88: .It proc       CTL\_PROC       sys/sysctl.h    Per-process
        !            89: .It vendor     CTL\_VENDOR     ?       Vendor specific
        !            90: .It emul       CTL\_EMUL       sys/sysctl.h    Emulation settings
        !            91: .It security   CTL\_SECURITY   sys/sysctl.h    Security settings
        !            92: .El
        !            93: .Sh The debug.* subtree
        !            94: The debugging variables vary from system to system.
        !            95: A debugging variable may be added or deleted without need to recompile
        !            96: .Nm
        !            97: to know about it.
        !            98: Each time it runs,
        !            99: .Nm
        !           100: gets the list of debugging variables from the kernel and
        !           101: displays their current values.
        !           102: The system defines twenty
        !           103: .Va ( struct ctldebug )
        !           104: variables named
        !           105: .Dv debug0
        !           106: through
        !           107: .Dv debug19 .
        !           108: They are declared as separate variables so that they can be
        !           109: individually initialized at the location of their associated variable.
        !           110: The loader prevents multiple use of the same variable by issuing errors
        !           111: if a variable is initialized in more than one place.
        !           112: For example, to export the variable
        !           113: .Dv dospecialcheck
        !           114: as a debugging variable, the following declaration would be used:
        !           115: .Bd -literal -offset indent -compact
        !           116: int dospecialcheck = 1;
        !           117: struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck };
        !           118: .Ed
        !           119: .Pp
        !           120: Note that the dynamic implementation of
        !           121: .Nm
        !           122: currently in use largely makes this particular
        !           123: .Nm
        !           124: interface obsolete.
        !           125: See
        !           126: .Xr sysctl 8
        !           127: .\" and
        !           128: .\" .Xr sysctl 9
        !           129: for more information.
        !           130: .Sh The vfs.* subtree
        !           131: A distinguished second level name,
        !           132: .Li vfs.generic ( VFS_GENERIC ) ,
        !           133: is used to get general information about all filesystems.
        !           134: One of its third level identifiers is
        !           135: .Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM )
        !           136: that gives the highest valid filesystem type number.
        !           137: Its other third level identifier is
        !           138: .Li vfs.generic.conf ( VFS_CONF )
        !           139: that returns configuration information about the filesystem
        !           140: type given as a fourth level identifier.
        !           141: The remaining second level identifiers are the
        !           142: filesystem type number returned by a
        !           143: .Xr statvfs 2
        !           144: call or from
        !           145: .Li vfs.generic.conf .
        !           146: The third level identifiers available for each filesystem
        !           147: are given in the header file that defines the mount
        !           148: argument structure for that filesystem.
        !           149: .Sh The hw.* subtree
        !           150: The string and integer information available for the
        !           151: .Li hw
        !           152: level is detailed below.
        !           153: The changeable column shows whether a process with appropriate
        !           154: privilege may change the value.
        !           155: .Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent
        !           156: .It Sy Second level name       Type    Changeable
        !           157: .It hw.alignbytes      integer no
        !           158: .It hw.byteorder       integer no
        !           159: .It hw.cnmagic string  yes
        !           160: .It hw.disknames       string  no
        !           161: .It hw.diskstats       struct  no
        !           162: .It hw.machine string  no
        !           163: .It hw.machine_arch    string  no
        !           164: .It hw.model   string  no
        !           165: .It hw.ncpu    integer no
        !           166: .It hw.pagesize        integer no
        !           167: .It hw.physmem integer no
        !           168: .It hw.physmem64       quad    no
        !           169: .It hw.usermem integer no
        !           170: .It hw.usermem64       quad    no
        !           171: .El
        !           172: .Pp
        !           173: .Bl -tag -width "123456"
        !           174: .It Li hw.alignbytes ( HW_ALIGNBYTES )
        !           175: Alignment constraint for all possible data types.
        !           176: This shows the value
        !           177: .Dv ALIGNBYTES
        !           178: in
        !           179: .Pa /usr/include/machine/param.h ,
        !           180: at the kernel compilation time.
        !           181: .It Li hw.byteorder ( HW_BYTEORDER )
        !           182: The byteorder (4,321, or 1,234).
        !           183: .It Li hw.cnmagic ( HW_CNMAGIC )
        !           184: The console magic key sequence.
        !           185: .It Li hw.disknames ( HW_DISKNAMES )
        !           186: The list of (space separated) disk device names on the system.
        !           187: .It Li hw.iostatnames ( HW_IOSTATNAMES )
        !           188: A space separated list of devices that will have I/O statistics
        !           189: collected on them.
        !           190: .It Li hw.iostats ( HW_IOSTATS )
        !           191: Return statistical information on the NFS mounts, disk and tape
        !           192: devices on the system.
        !           193: An array of
        !           194: .Va struct io_sysctl
        !           195: structures is returned,
        !           196: whose size depends on the current number of such objects in the system.
        !           197: The third level name is the size of the
        !           198: .Va struct io_sysctl .
        !           199: The type of object can be determined by examining the
        !           200: .Va type
        !           201: element of
        !           202: .Va struct io_sysctl .
        !           203: Which can be
        !           204: .Dv IOSTAT_DISK
        !           205: (disk drive),
        !           206: .Dv IOSTAT_TAPE
        !           207: (tape drive), or
        !           208: .Dv IOSTAT_NFS
        !           209: (NFS mount).
        !           210: .It Li hw.machine ( HW_MACHINE )
        !           211: The machine class.
        !           212: .It Li hw.machine_arch ( HW_MACHINE_ARCH )
        !           213: The machine CPU class.
        !           214: .It Li hw.model ( HW_MODEL )
        !           215: The machine model.
        !           216: .It Li hw.ncpu ( HW_NCPU )
        !           217: The number of CPUs.
        !           218: .ne 1i
        !           219: .It Li hw.pagesize ( HW_PAGESIZE )
        !           220: The software page size.
        !           221: .It Li hw.physmem ( HW_PHYSMEM )
        !           222: The bytes of physical memory as a 32-bit integer.
        !           223: .It Li hw.physmem64 ( HW_PHYSMEM64 )
        !           224: The bytes of physical memory as a 64-bit integer.
        !           225: .It Li hw.usermem ( HW_USERMEM )
        !           226: The bytes of non-kernel memory as a 32-bit integer.
        !           227: .It Li hw.usermem64 ( HW_USERMEM64 )
        !           228: The bytes of non-kernel memory as a 64-bit integer.
        !           229: .El
        !           230: .Sh The kern.* subtree
        !           231: The string and integer information available for the
        !           232: .Li kern
        !           233: level is detailed below.
        !           234: The changeable column shows whether a process with appropriate
        !           235: privilege may change the value.
        !           236: The types of data currently available are process information,
        !           237: system vnodes, the open file entries, routing table entries,
        !           238: virtual memory statistics, load average history, and clock rate
        !           239: information.
        !           240: .Bl -column "kern.posix_reader_writer_locks" "struct clockrateXXX" -offset indent
        !           241: .It Sy Second level name       Type    Changeable
        !           242: .It kern.argmax        integer no
        !           243: .It kern.autonicetime  integer yes
        !           244: .It kern.autoniceval   integer yes
        !           245: .It kern.boottime      struct timeval  no
        !           246: .It kern.bufq  node    not applicable
        !           247: .It kern.ccpu  integer no
        !           248: .It kern.clockrate     struct clockinfo        no
        !           249: .It kern.consdev       integer no
        !           250: .It kern.cp\_id        struct  no
        !           251: .It kern.cp\_time      uint64_t[\|]    no
        !           252: .It kern.defcorename   string  yes
        !           253: .It kern.domainname    string  yes
        !           254: .It kern.drivers       struct kinfo_drivers    no
        !           255: .It kern.file  struct file     no
        !           256: .It kern.forkfsleep    integer yes
        !           257: .It kern.fscale        integer no
        !           258: .It kern.fsync integer no
        !           259: .It kern.hardclock\_ticks      integer no
        !           260: .It kern.hostid        integer yes
        !           261: .It kern.hostname      string  yes
        !           262: .It kern.iov\_max      integer no
        !           263: .It kern.job\_control  integer no
        !           264: .It kern.labeloffset   integer no
        !           265: .It kern.labelsector   integer no
        !           266: .It kern.login\_name\_max      integer no
        !           267: .It kern.logsigexit    integer yes
        !           268: .It kern.mapped\_files integer no
        !           269: .It kern.maxfiles      integer yes
        !           270: .It kern.maxpartitions integer no
        !           271: .It kern.maxphys       integer no
        !           272: .It kern.maxproc       integer yes
        !           273: .It kern.maxptys       integer yes
        !           274: .It kern.maxvnodes     integer yes
        !           275: .It kern.mbuf  node    not applicable
        !           276: .It kern.memlock       integer no
        !           277: .It kern.memlock\_range        integer no
        !           278: .It kern.memory\_protection    integer no
        !           279: .It kern.monotonic\_clock      integer no
        !           280: .It kern.msgbuf        integer no
        !           281: .It kern.msgbufsize    integer no
        !           282: .It kern.ngroups       integer no
        !           283: .It kern.ntptime       struct ntptimeval       no
        !           284: .It kern.osrelease     string  no
        !           285: .It kern.osrev integer no
        !           286: .It kern.ostype        string  no
        !           287: .It kern.pipe  node    not applicable
        !           288: .It kern.posix1        integer no
        !           289: .It kern.posix\_barriers       integer no
        !           290: .It kern.posix\_reader\_writer\_locks  integer no
        !           291: .It kern.posix\_semaphores     integer no
        !           292: .It kern.posix\_spin\_locks    integer no
        !           293: .It kern.posix\_threads        integer no
        !           294: .It kern.posix\_timers integer no
        !           295: .It kern.proc  struct kinfo_proc       no
        !           296: .It kern.proc2 struct kinfo_proc2      no
        !           297: .It kern.proc\_args    string  no
        !           298: .It kern.prof  node    not applicable
        !           299: .It kern.rawpartition  integer no
        !           300: .It kern.root\_device  string  no
        !           301: .It kern.root\_partition       integer no
        !           302: .It kern.rtc\_offset   integer yes
        !           303: .It kern.saved\_ids    integer no
        !           304: .It kern.securelevel   integer raise only
        !           305: .It kern.synchronized\_io      integer no
        !           306: .It kern.ipc   node    not applicable
        !           307: .It kern.timex struct  no
        !           308: .It kern.tkstat        node    not applicable
        !           309: .It kern.urandom       integer no
        !           310: .It kern.version       string  no
        !           311: .It kern.vnode struct vnode    no
        !           312: .El
        !           313: .ne 1i
        !           314: .Pp
        !           315: .Bl -tag -width "123456"
        !           316: .It Li kern.argmax ( KERN_ARGMAX )
        !           317: The maximum bytes of argument to
        !           318: .Xr execve 2 .
        !           319: .It Li kern.autonicetime ( KERN_AUTONICETIME )
        !           320: The number of seconds of CPU-time a non-root process may accumulate before
        !           321: having its priority lowered from the default to the value of KERN_AUTONICEVAL.
        !           322: If set to 0, automatic lowering of priority is not performed, and if set to \-1
        !           323: all non-root processes are immediately lowered.
        !           324: .It Li kern.autoniceval ( KERN_AUTONICEVAL )
        !           325: The priority assigned for automatically niced processes.
        !           326: .It Li kern.boottime ( KERN_BOOTTIME )
        !           327: A
        !           328: .Va struct timeval
        !           329: structure is returned.
        !           330: This structure contains the time that the system was booted.
        !           331: .It Li kern.ccpu ( KERN_CCPU )
        !           332: The scheduler exponential decay value.
        !           333: .It Li kern.clockrate ( KERN_CLOCKRATE )
        !           334: A
        !           335: .Va struct clockinfo
        !           336: structure is returned.
        !           337: This structure contains the clock, statistics clock and profiling clock
        !           338: frequencies, the number of micro-seconds per hz tick, and the clock
        !           339: skew rate.
        !           340: .It Li kern.consdev ( KERN_CONSDEV )
        !           341: Console device.
        !           342: .It Li kern.cp_id ( KERN_CP_ID )
        !           343: Mapping of CPU number to CPU id.
        !           344: .It Li kern.cp_time ( KERN_CP_TIME )
        !           345: Returns an array of CPUSTATES uint64_ts.
        !           346: This array contains the
        !           347: number of clock ticks spent in different CPU states.
        !           348: On multi-processor systems, the sum across all CPUs is returned unless
        !           349: appropriate space is given for one data set for each CPU.
        !           350: Data for a specific CPU can also be obtained by adding the number of the
        !           351: CPU at the end of the MIB, enlarging it by one.
        !           352: .It Li kern.defcorename ( KERN_DEFCORENAME )
        !           353: Default template for the name of core dump files (see also
        !           354: .Li proc.pid.corename
        !           355: in the per-process variables
        !           356: .Li proc.* ,
        !           357: and
        !           358: .Xr core 5
        !           359: for format of this template).
        !           360: The default value is
        !           361: .Nm %n.core
        !           362: and can be changed with the kernel configuration option
        !           363: .Cd options DEFCORENAME
        !           364: (see
        !           365: .Xr options 4
        !           366: ).
        !           367: .It Li kern.domainname ( KERN_DOMAINNAME )
        !           368: Get or set the YP domain name.
        !           369: .It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC )
        !           370: Perform a crash dump on system panic.
        !           371: .It Li kern.drivers ( KERN_DRIVERS )
        !           372: Return an array of
        !           373: .Va struct kinfo_drivers
        !           374: that contains the name and major device numbers of all the device drivers
        !           375: in the current kernel.
        !           376: The
        !           377: .Va d_name
        !           378: field is always a NUL terminated string.
        !           379: The
        !           380: .Va d_bmajor
        !           381: field will be set to \-1 if the driver doesn't have a block device.
        !           382: .It Li kern.file ( KERN_FILE )
        !           383: Return the entire file table.
        !           384: The returned data consists of a single
        !           385: .Va struct filelist
        !           386: followed by an array of
        !           387: .Va struct file ,
        !           388: whose size depends on the current number of such objects in the system.
        !           389: .It Li kern.forkfsleep ( KERN_FORKFSLEEP )
        !           390: If
        !           391: .Xr fork 2
        !           392: system call fails due to limit on number of processes (either
        !           393: the global maxproc limit or user's one), wait for this many
        !           394: milliseconds before returning
        !           395: .Er EAGAIN
        !           396: error to process.
        !           397: Useful to keep heavily forking runaway processes in bay.
        !           398: Default zero (no sleep).
        !           399: Maximum is 20 seconds.
        !           400: .It Li kern.fscale ( KERN_FSCALE )
        !           401: The kernel fixed-point scale factor.
        !           402: .It Li kern.fsync ( KERN_FSYNC )
        !           403: Return 1 if the POSIX 1003.1b File Synchronization Option is available
        !           404: on this system,
        !           405: otherwise 0.
        !           406: .It Li kern.hardclock_ticks ( KERN_HARDCLOCK_TICKS )
        !           407: Returns the number of
        !           408: .Xr hardclock 9
        !           409: ticks.
        !           410: .It Li kern.hostid ( KERN_HOSTID )
        !           411: Get or set the host id.
        !           412: .It Li kern.hostname ( KERN_HOSTNAME )
        !           413: Get or set the hostname.
        !           414: .It Li kern.iov_max ( KERN_IOV_MAX )
        !           415: Return the maximum number of
        !           416: .Va iovec
        !           417: structures that a process has available for use with
        !           418: .Xr preadv 2 ,
        !           419: .Xr pwritev 2 ,
        !           420: .Xr readv 2 ,
        !           421: .Xr recvmsg 2 ,
        !           422: .Xr sendmsg 2
        !           423: and
        !           424: .Xr writev 2 .
        !           425: .It Li kern.job_control ( KERN_JOB_CONTROL )
        !           426: Return 1 if job control is available on this system, otherwise 0.
        !           427: .It Li kern.labeloffset ( KERN_LABELOFFSET )
        !           428: The offset within the sector specified by KERN_LABELSECTOR of the
        !           429: .Xr disklabel 5 .
        !           430: .It Li kern.labelsector ( KERN_LABELSECTOR )
        !           431: The sector number containing the
        !           432: .Xr disklabel 5 .
        !           433: .It Li kern.login_name_max ( KERN_LOGIN_NAME_MAX )
        !           434: The size of the storage required for a login name, in bytes,
        !           435: including the terminating NUL.
        !           436: .It Li kern.logsigexit ( KERN_LOGSIGEXIT )
        !           437: If this flag is non-zero, the kernel will
        !           438: .Xr log 9
        !           439: all process exits due to signals which create a
        !           440: .Xr core 5
        !           441: file, and whether the coredump was created.
        !           442: .It Li kern.mapped_files ( KERN_MAPPED_FILES )
        !           443: Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available
        !           444: on this system,
        !           445: otherwise 0.
        !           446: .It Li kern.maxfiles ( KERN_MAXFILES )
        !           447: The maximum number of open files that may be open in the system.
        !           448: .It Li kern.maxpartitions ( KERN_MAXPARTITIONS )
        !           449: The maximum number of partitions allowed per disk.
        !           450: .It Li kern.maxphys ( KERN_MAXPHYS )
        !           451: Maximum raw I/O transfer size.
        !           452: .It Li kern.maxproc ( KERN_MAXPROC )
        !           453: The maximum number of simultaneous processes the system will allow.
        !           454: .It Li kern.maxptys ( KERN_MAXPTYS )
        !           455: The maximum number of pseudo terminals.
        !           456: This value can be both raised and lowered, though it cannot
        !           457: be set lower than number of currently used ptys.
        !           458: See also
        !           459: .Xr pty 4 .
        !           460: .It Li kern.maxvnodes ( KERN_MAXVNODES )
        !           461: The maximum number of vnodes available on the system.
        !           462: This can only be raised.
        !           463: .It Li kern.mbuf ( KERN_MBUF )
        !           464: Return information about the mbuf control variables.
        !           465: Mbufs are data structures which store network packets and other data
        !           466: structures in the networking code, see
        !           467: .Xr mbuf 9 .
        !           468: The third level names for the mbuf variables are detailed below.
        !           469: The changeable column shows whether a process with appropriate
        !           470: privilege may change the value.
        !           471: .Bl -column "kern.mbuf.nmbclusters" "struct integerXXX" -offset indent
        !           472: .It Sy Third level name        Type    Changeable
        !           473: .\" XXX Changeable? really?
        !           474: .It kern.mbuf.mblowat  integer yes
        !           475: .It kern.mbuf.mclbytes integer yes
        !           476: .It kern.mbuf.mcllowat integer yes
        !           477: .It kern.mbuf.msize    integer yes
        !           478: .It kern.mbuf.nmbclusters      integer yes
        !           479: .El
        !           480: .Pp
        !           481: The variables are as follows:
        !           482: .Bl -tag -width "123456"
        !           483: .It Li kern.mbuf.mblowat ( MBUF_MBLOWAT )
        !           484: The mbuf low water mark.
        !           485: .It Li kern.mbuf.mclbytes ( MBUF_MCLBYTES )
        !           486: The mbuf cluster size.
        !           487: .It Li kern.mbuf.mcllowat ( MBUF_MCLLOWAT )
        !           488: The mbuf cluster low water mark.
        !           489: .It Li kern.mbuf.msize ( MBUF_MSIZE )
        !           490: The mbuf base size.
        !           491: .It Li kern.mbuf.nmbclusters ( MBUF_NMBCLUSTERS )
        !           492: The limit on the number of mbuf clusters.
        !           493: The variable can only be increased, and only increased on machines with
        !           494: direct-mapped pool pages.
        !           495: .El
        !           496: .It Li kern.memlock ( KERN_MEMLOCK )
        !           497: Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available
        !           498: on this system,
        !           499: otherwise 0.
        !           500: .It Li kern.memlock_range ( KERN_MEMLOCK_RANGE )
        !           501: Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available
        !           502: on this system,
        !           503: otherwise 0.
        !           504: .It Li kern.memory_protection ( KERN_MEMORY_PROTECTION )
        !           505: Returns 1 if the POSIX 1003.1b Memory Protection Option is available
        !           506: on this system,
        !           507: otherwise 0.
        !           508: .It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK )
        !           509: Returns the standard version the implementation of the POSIX 1003.1b
        !           510: Monotonic Clock Option conforms to,
        !           511: otherwise 0.
        !           512: .It Li kern.msgbuf ( KERN_MSGBUF )
        !           513: The kernel message buffer, rotated so that the head of the circular kernel
        !           514: message buffer is at the start of the returned data.
        !           515: The returned data may contain NUL bytes.
        !           516: .It Li kern.msgbufsize ( KERN_MSGBUFSIZE )
        !           517: The maximum number of characters that the kernel message buffer can hold.
        !           518: .It Li kern.ngroups ( KERN_NGROUPS )
        !           519: The maximum number of supplemental groups.
        !           520: .It Li kern.ntptime ( KERN_NTPTIME )
        !           521: A
        !           522: .Va struct ntptimeval
        !           523: structure is returned.
        !           524: This structure contains data used by the
        !           525: .Xr ntpd 8
        !           526: program.
        !           527: .It Li kern.osrelease ( KERN_OSRELEASE )
        !           528: The system release string.
        !           529: .It Li kern.osrevision ( KERN_OSREV )
        !           530: The system revision string.
        !           531: .It Li kern.ostype ( KERN_OSTYPE )
        !           532: The system type string.
        !           533: .It Li kern.pipe ( KERN_PIPE )
        !           534: Pipe settings.
        !           535: The third level names for the  integer pipe settings is detailed below.
        !           536: The changeable column shows whether a process with appropriate
        !           537: privilege may change the value.
        !           538: .Bl -column "kern.pipe.maxbigpipesXXX" "integerXXX" -offset indent
        !           539: .It Sy Third level name        Type    Changeable
        !           540: .It kern.pipe.kvasiz   integer yes
        !           541: .It kern.pipe.maxbigpipes      integer yes
        !           542: .It kern.pipe.maxkvasz integer yes
        !           543: .It kern.pipe.limitkva integer yes
        !           544: .It kern.pipe.nbigpipes        integer yes
        !           545: .El
        !           546: .Pp
        !           547: The variables are as follows:
        !           548: .Bl -tag -width "123456"
        !           549: .It Li kern.pipe.kvasiz ( KERN_PIPE_KVASIZ )
        !           550: Amount of kernel memory consumed by pipe buffers.
        !           551: .It Li kern.pipe.maxbigpipes ( KERN_PIPE_MAXBIGPIPES )
        !           552: Maximum number of "big" pipes.
        !           553: .It Li kern.pipe.maxkvasz ( KERN_PIPE_MAXKVASZ )
        !           554: Maximum amount of kernel memory to be used for pipes.
        !           555: .It Li kern.pipe.limitkva ( KERN_PIPE_LIMITKVA )
        !           556: Limit for direct transfers via page loan.
        !           557: .It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES )
        !           558: Number of "big" pipes.
        !           559: .El
        !           560: .It Li kern.posix1version ( KERN_POSIX1 )
        !           561: The version of ISO/IEC 9945 (POSIX 1003.1) with which the system
        !           562: attempts to comply.
        !           563: .It Li kern.posix_barriers ( KERN_POSIX_BARRIERS )
        !           564: The version of
        !           565: .St -p1003.1
        !           566: and its
        !           567: Barriers
        !           568: option to which the system attempts to conform,
        !           569: otherwise 0.
        !           570: .It Li kern.posix_reader_writer_locks ( KERN_POSIX_READER_WRITER_LOCKS )
        !           571: The version of
        !           572: .St -p1003.1
        !           573: and its
        !           574: Read-Write Locks
        !           575: option to which the system attempts to conform,
        !           576: otherwise 0.
        !           577: .It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES )
        !           578: The version of
        !           579: .St -p1003.1
        !           580: and its
        !           581: Semaphores
        !           582: option to which the system attempts to conform,
        !           583: otherwise 0.
        !           584: .It Li kern.posix_spin_locks ( KERN_POSIX_SPIN_LOCKS )
        !           585: The version of
        !           586: .St -p1003.1
        !           587: and its
        !           588: Spin Locks
        !           589: option to which the system attempts to conform,
        !           590: otherwise 0.
        !           591: .It Li kern.posix_threads ( KERN_POSIX_THREADS )
        !           592: The version of
        !           593: .St -p1003.1
        !           594: and its
        !           595: Threads
        !           596: option to which the system attempts to conform,
        !           597: otherwise 0.
        !           598: .It Li kern.posix_timers ( KERN_POSIX_TIMERS )
        !           599: The version of
        !           600: .St -p1003.1
        !           601: and its
        !           602: Timers
        !           603: option to which the system attempts to conform,
        !           604: otherwise 0.
        !           605: .It Li kern.proc ( KERN_PROC )
        !           606: Return the entire process table, or a subset of it.
        !           607: An array of
        !           608: .Va struct kinfo_proc
        !           609: structures is returned,
        !           610: whose size depends on the current number of such objects in the system.
        !           611: The third and fourth level numeric names are as follows:
        !           612: .Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent
        !           613: .It Sy Third level name        Fourth level is:
        !           614: .It KERN\_PROC\_ALL    None
        !           615: .It KERN\_PROC\_GID    A group ID
        !           616: .It KERN\_PROC\_PID    A process ID
        !           617: .It KERN\_PROC\_PGRP   A process group
        !           618: .It KERN\_PROC\_RGID   A real group ID
        !           619: .It KERN\_PROC\_RUID   A real user ID
        !           620: .It KERN\_PROC\_SESSION        A session ID
        !           621: .It KERN\_PROC\_TTY    A tty device
        !           622: .It KERN\_PROC\_UID    A user ID
        !           623: .El
        !           624: .It Li kern.proc2 ( KERN_PROC2 )
        !           625: As for KERN_PROC, but an array of
        !           626: .Va struct kinfo_proc2
        !           627: structures are returned.
        !           628: The fifth level name is the size of the
        !           629: .Va struct kinfo_proc2
        !           630: and the sixth level name is the number of structures to return.
        !           631: .It Li kern.proc_args ( KERN_PROC_ARGS )
        !           632: Return the argv or environment strings (or the number thereof)
        !           633: of a process.
        !           634: Multiple strings are returned separated by NUL characters.
        !           635: The third level name is the process ID.
        !           636: The fourth level name is as follows:
        !           637: .Bl -column "Third level nameXXXXXX" -offset indent
        !           638: .It KERN\_PROC\_ARGV   The argv strings
        !           639: .It KERN\_PROC\_ENV    The environ strings
        !           640: .It KERN\_PROC\_NARGV  The number of argv strings
        !           641: .It KERN\_PROC\_NENV   The number of environ strings
        !           642: .El
        !           643: .It Li kern.profiling ( KERN_PROF )
        !           644: Return profiling information about the kernel.
        !           645: If the kernel is not compiled for profiling,
        !           646: attempts to retrieve any of the KERN_PROF values will
        !           647: fail with
        !           648: .Er EOPNOTSUPP .
        !           649: The third level names for the string and integer profiling information
        !           650: is detailed below.
        !           651: The changeable column shows whether a process with appropriate
        !           652: privilege may change the value.
        !           653: .Bl -column "kern.profiling.gmonparam" "struct gmonparam" -offset indent
        !           654: .It Sy Third level name        Type    Changeable
        !           655: .It kern.profiling.count       u_short[\|]     yes
        !           656: .It kern.profiling.froms       u_short[\|]     yes
        !           657: .It kern.profiling.gmonparam   struct gmonparam        no
        !           658: .It kern.profiling.state       integer yes
        !           659: .It kern.profiling.tos struct tostruct yes
        !           660: .El
        !           661: .Pp
        !           662: The variables are as follows:
        !           663: .Bl -tag -width "123456"
        !           664: .It Li kern.profiling.count ( GPROF_COUNT )
        !           665: Array of statistical program counter counts.
        !           666: .It Li kern.profiling.froms ( GPROF_FROMS )
        !           667: Array indexed by program counter of call-from points.
        !           668: .It Li kern.profiling.gmonparams ( GPROF_GMONPARAM )
        !           669: Structure giving the sizes of the above arrays.
        !           670: .It Li kern.profiling.state ( GPROF_STATE )
        !           671: Profiling state.
        !           672: If set to GMON_PROF_ON, starts profiling.
        !           673: If set to GMON_PROF_OFF, stops profiling.
        !           674: .It Li kern.profiling.tos ( GPROF_TOS )
        !           675: Array of
        !           676: .Va struct tostruct
        !           677: describing destination of calls and their counts.
        !           678: .El
        !           679: .It Li kern.rawpartition ( KERN_RAWPARTITION )
        !           680: The raw partition of a disk (a == 0).
        !           681: .It Li kern.root_device ( KERN_ROOT_DEVICE )
        !           682: The name of the root device (e.g.,
        !           683: .Dq wd0 ) .
        !           684: .It Li kern.root_partition ( KERN_ROOT_PARTITION )
        !           685: The root partition on the root device (a == 0).
        !           686: .It Li kern.rtc_offset ( KERN_RTC_OFFSET )
        !           687: Return the offset of real time clock from UTC in minutes.
        !           688: .It Li kern.saved_ids ( KERN_SAVED_IDS )
        !           689: Returns 1 if saved set-group and saved set-user ID is available.
        !           690: .It Li kern.sbmax ( KERN_SBMAX )
        !           691: Maximum socket buffer size.
        !           692: .\" XXX units?
        !           693: .It Li kern.securelevel ( KERN_SECURELVL )
        !           694: The system security level.
        !           695: This level may be raised by processes with appropriate privilege.
        !           696: It may only be lowered by process 1.
        !           697: .It Li kern.somaxkva ( KERN_SOMAXKVA )
        !           698: Maximum amount of kernel memory to be used for socket buffers.
        !           699: .\" XXX units?
        !           700: .It Li kern.synchronized_io ( KERN_SYNCHRONIZED_IO )
        !           701: Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available
        !           702: on this system,
        !           703: otherwise 0.
        !           704: .It Li kern.ipc ( KERN_SYSVIPC )
        !           705: Return information about the SysV IPC parameters. The third
        !           706: level names for the ipc variables are detailed below.
        !           707: .Bl -column "KERN_SYSVIPC_MSGXXX" "integerXXX" "noXXX" -offset indent
        !           708: .It Sy Third level name        Type            Changeable
        !           709: .It kern.ipc.sysvmsg   integer         no
        !           710: .It kern.ipc.sysvsem   integer         no
        !           711: .It kern.ipc.sysvshm   integer         no
        !           712: .It kern.ipc.sysvipc_info      struct          no
        !           713: .It kern.ipc.shmmax    integer         no
        !           714: .It kern.ipc.shmmni    integer         yes
        !           715: .It kern.ipc.shmseg    integer         yes
        !           716: .It kern.ipc.shmmaxpgs integer         yes
        !           717: .It kern.ipc.shm_use_phys      integer         yes
        !           718: .El
        !           719: .Bl -tag -width "123456"
        !           720: .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG )
        !           721: Returns 1 if System V style message queue functionality is available
        !           722: on this system,
        !           723: otherwise 0.
        !           724: .It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM )
        !           725: Returns 1 if System V style semaphore functionality is available
        !           726: on this system,
        !           727: otherwise 0.
        !           728: .It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM )
        !           729: Returns 1 if System V style share memory functionality is available
        !           730: on this system,
        !           731: otherwise 0.
        !           732: .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO )
        !           733: Return System V style IPC configuration and run-time information.
        !           734: The fourth level name selects the System V style IPC facility.
        !           735: .Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent
        !           736: .It Sy Fourth level name       Type
        !           737: .It KERN\_SYSVIPC\_MSG\_INFO   struct msg_sysctl_info
        !           738: .It KERN\_SYSVIPC\_SEM\_INFO   struct sem_sysctl_info
        !           739: .It KERN\_SYSVIPC\_SHM\_INFO   struct shm_sysctl_info
        !           740: .El
        !           741: .Pp
        !           742: .Bl -tag -width "123456"
        !           743: .It Li KERN_SYSVIPC_MSG_INFO
        !           744: Return information on the System V style message facility.
        !           745: The
        !           746: .Sy msg_sysctl_info
        !           747: structure is defined in
        !           748: .Aq Pa sys/msg.h .
        !           749: .It Li KERN_SYSVIPC_SEM_INFO
        !           750: Return information on the System V style semaphore facility.
        !           751: The
        !           752: .Sy sem_sysctl_info
        !           753: structure is defined in
        !           754: .Aq Pa sys/sem.h .
        !           755: .It Li KERN_SYSVIPC_SHM_INFO
        !           756: Return information on the System V style shared memory facility.
        !           757: The
        !           758: .Sy shm_sysctl_info
        !           759: structure is defined in
        !           760: .Aq Pa sys/shm.h .
        !           761: .El
        !           762: .It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX )
        !           763: Max shared memory segment size in bytes.
        !           764: .It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI )
        !           765: Max number of shared memory identifiers.
        !           766: .It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG )
        !           767: Max shared memory segments per process.
        !           768: .It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS )
        !           769: Max amount of shared memory in pages.
        !           770: .It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS )
        !           771: Locking of shared memory in physical memory. If 0, memory can be swaped
        !           772: out, otherwise it will be locked in physical memory.
        !           773: .El
        !           774: .It Li kern.timex ( KERN_TIMEX )
        !           775: Not available.
        !           776: .It Li kern.tkstat ( KERN_TKSTAT )
        !           777: Return information about the number of characters sent and received
        !           778: on ttys.
        !           779: The third level names for the tty statistic variables are detailed below.
        !           780: The changeable column shows whether a process
        !           781: with appropriate privilege may change the value.
        !           782: .Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent
        !           783: .It Sy Third level name        Type    Changeable
        !           784: .It kern.tkstat.cancc  quad    no
        !           785: .It kern.tkstat.nin    quad    no
        !           786: .It kern.tkstat.nout   quad    no
        !           787: .It kern.tkstat.rawcc  quad    no
        !           788: .El
        !           789: .Pp
        !           790: The variables are as follows:
        !           791: .Bl -tag -width "123456"
        !           792: .It Li kern.tkstat.cancc ( KERN_TKSTAT_CANCC )
        !           793: The number of canonical input characters.
        !           794: .It Li kern.tkstat.nin ( KERN_TKSTAT_NIN )
        !           795: The total number of input characters.
        !           796: .It Li kern.tkstat.nout ( KERN_TKSTAT_NOUT )
        !           797: The total number of output characters.
        !           798: .It Li kern.tkstat.rawcc ( KERN_TKSTAT_RAWCC )
        !           799: The number of raw input characters.
        !           800: .El
        !           801: .It Li kern.urandom ( KERN_URND )
        !           802: Random integer value.
        !           803: .It Li kern.veriexec
        !           804: Tunings for Verixec.
        !           805: .Bl -tag -width "123456"
        !           806: .It Li kern.veriexec.algorithms
        !           807: Returns a string with the supported algorithms in Veriexec.
        !           808: .It Li kern.veriexec.count
        !           809: Sub-nodes are added to this node as new mounts are monitored by Veriexec.
        !           810: Each mount will be under its own
        !           811: .No tableN
        !           812: node.
        !           813: Under each node there will be three variables, indicating the mount
        !           814: point, the file-system type, and the number of entries.
        !           815: .It Li kern.veriexec.strict
        !           816: Controls the strict level of Veriexec.
        !           817: See
        !           818: .Xr security 8
        !           819: for more information on each level's implications.
        !           820: .It Li kern.veriexec.verbose
        !           821: Controls the verbosity level of Veriexec.
        !           822: If 0, only the minimal
        !           823: indication required will be given about what's happening - fingerprint
        !           824: mismatches, removal of entries from the tables, modification of a
        !           825: fingerprinted file.
        !           826: If 1, more messages will be printed (ie., when a file with a valid
        !           827: fingerprint is accessed).
        !           828: Verbose level 2 is debug mode.
        !           829: .El
        !           830: .It Li kern.version ( KERN_VERSION )
        !           831: The system version string.
        !           832: .It Li kern.vnode ( KERN_VNODE )
        !           833: Return the entire vnode table.
        !           834: Note, the vnode table is not necessarily a consistent snapshot of
        !           835: the system.
        !           836: The returned data consists of an array whose size depends on the
        !           837: current number of such objects in the system.
        !           838: Each element of the array contains the kernel address of a vnode
        !           839: .Va struct vnode *
        !           840: followed by the vnode itself
        !           841: .Va struct vnode .
        !           842: .It Li kern.coredump.setid
        !           843: Settings related to set-id processes coredumps.
        !           844: By default, set-id processes do not dump core in situations where
        !           845: other processes would.
        !           846: The settings in this node allows an administrator to change this
        !           847: behavior.
        !           848: .Pp
        !           849: .Bl -tag -width "123456"
        !           850: .It Li kern.coredump.setid.dump
        !           851: If non-zero, set-id processes will dump core.
        !           852: .It Li kern.coredump.setid.group
        !           853: The group-id for the set-id processes' coredump.
        !           854: .It Li kern.coredump.setid.mode
        !           855: The mode for the set-id processes' coredump.
        !           856: See
        !           857: .Xr chmod 1 .
        !           858: .It Li kern.coredump.setid.owner
        !           859: The user-id that will be used as the owner of the set-id processes'
        !           860: coredump.
        !           861: .It Li kern.coredump.setid.path
        !           862: The path to which set-id processes' coredumps will be saved to.
        !           863: Same syntax as kern.defcorename.
        !           864: .El
        !           865: .\" XXX kern.lwp
        !           866: .El
        !           867: .Sh The machdep.* subtree
        !           868: The set of variables defined is architecture dependent.
        !           869: Most architectures define at least the following variables.
        !           870: .Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent
        !           871: .It Sy Second level name       Type    Changeable
        !           872: .It Li CPU_CONSDEV     dev_t   no
        !           873: .El
        !           874: .Sh The net.* subtree
        !           875: The string and integer information available for the
        !           876: .Li net
        !           877: level is detailed below.
        !           878: The changeable column shows whether a process with appropriate
        !           879: privilege may change the value.
        !           880: The second and third levels are typically the protocol family and
        !           881: protocol number, though this is not always the case.
        !           882: .Bl -column "Second level nameX" "IPsec key management valuesX" -offset indent
        !           883: .It Sy Second level name       Type    Changeable
        !           884: .It net.route  routing messages        no
        !           885: .It net.inet   IPv4 values     yes
        !           886: .It net.inet6  IPv6 values     yes
        !           887: .It net.key    IPsec key management values     yes
        !           888: .El
        !           889: .Pp
        !           890: .Bl -tag -width "123456"
        !           891: .It Li net.route ( PF_ROUTE )
        !           892: .\" XXX really?
        !           893: Return the entire routing table or a subset of it.
        !           894: The data is returned as a sequence of routing messages (see
        !           895: .Xr route 4
        !           896: for the header file, format and meaning).
        !           897: The length of each message is contained in the message header.
        !           898: .Pp
        !           899: The third level name is a protocol number, which is currently always 0.
        !           900: The fourth level name is an address family, which may be set to 0 to
        !           901: select all address families.
        !           902: The fifth and sixth level names are as follows:
        !           903: .Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent
        !           904: .It Sy Fifth level name        Sixth level is:
        !           905: .It NET\_RT\_FLAGS     rtflags
        !           906: .It NET\_RT\_DUMP      None
        !           907: .It NET\_RT\_IFLIST    None
        !           908: .El
        !           909: .It Li net.inet ( PF_INET )
        !           910: Get or set various global information about the IPv4
        !           911: .Pq Internet Protocol version 4 .
        !           912: The third level name is the protocol.
        !           913: The fourth level name is the variable name.
        !           914: The currently defined protocols and names are:
        !           915: .Bl -column "Protocol name" "sack.globalmaxholes" "integer" -offset 4n
        !           916: .It Sy Protocol name   Variable name   Type    Changeable
        !           917: .It arp        down    integer yes
        !           918: .It arp        keep    integer yes
        !           919: .It arp        prune   integer yes
        !           920: .It arp        refresh integer yes
        !           921: .It carp       allow   integer yes
        !           922: .It carp       preempt integer yes
        !           923: .It carp       log     integer yes
        !           924: .It carp       arpbalance      integer yes
        !           925: .It icmp       errppslimit     integer yes
        !           926: .It icmp       maskrepl        integer yes
        !           927: .It icmp       rediraccept     integer yes
        !           928: .It icmp       redirtimeout    integer yes
        !           929: .It ip allowsrcrt      integer yes
        !           930: .It ip anonportmax     integer yes
        !           931: .It ip anonportmin     integer yes
        !           932: .It ip checkinterface  integer yes
        !           933: .It ip directed-broadcast      integer yes
        !           934: .It ip do_loopback_cksum       integer yes
        !           935: .It ip forwarding      integer yes
        !           936: .It ip forwsrcrt       integer yes
        !           937: .It ip gifttl  integer yes
        !           938: .It ip grettl  integer yes
        !           939: .It ip hostzerobroadcast       integer yes
        !           940: .It ip lowportmin      integer yes
        !           941: .It ip lowportmax      integer yes
        !           942: .It ip maxflows        integer yes
        !           943: .It ip maxfragpackets  integer yes
        !           944: .It ip mtudisc integer yes
        !           945: .It ip mtudisctimeout  integer yes
        !           946: .It ip random_id       integer yes
        !           947: .It ip redirect        integer yes
        !           948: .It ip subnetsarelocal integer yes
        !           949: .It ip ttl     integer yes
        !           950: .It tcp        rfc1323 integer yes
        !           951: .It tcp        sendspace       integer yes
        !           952: .It tcp        recvspace       integer yes
        !           953: .It tcp        mssdflt integer yes
        !           954: .It tcp        syn_cache_limit integer yes
        !           955: .It tcp        syn_bucket_limit        integer yes
        !           956: .It tcp        syn_cache_interval      integer yes
        !           957: .It tcp        init_win        integer yes
        !           958: .It tcp        init_win_local  integer yes
        !           959: .It tcp        mss_ifmtu       integer yes
        !           960: .It tcp        win_scale       integer yes
        !           961: .It tcp        timestamps      integer yes
        !           962: .It tcp        compat_42       integer yes
        !           963: .It tcp        cwm     integer yes
        !           964: .It tcp        cwm_burstsize   integer yes
        !           965: .It tcp        ack_on_push     integer yes
        !           966: .It tcp        keepidle        integer yes
        !           967: .It tcp        keepintvl       integer yes
        !           968: .It tcp        keepcnt integer yes
        !           969: .It tcp        slowhz  integer no
        !           970: .It tcp        log_refused     integer yes
        !           971: .It tcp        rstppslimit     integer yes
        !           972: .It tcp        ident   struct  no
        !           973: .It tcp        sack.enable     integer yes
        !           974: .It tcp        sack.globalholes        integer no
        !           975: .It tcp        sack.globalmaxholes     integer yes
        !           976: .It tcp        sack.maxholes   integer yes
        !           977: .It tcp        ecn.enable      integer yes
        !           978: .It tcp        ecn.maxretries  integer yes
        !           979: .It tcp        congctl.selected        string  yes
        !           980: .It tcp        congctl.available       string  yes
        !           981: .It tcp        abc.enable      integer yes
        !           982: .It tcp        abc.aggressive  integer yes
        !           983: .It udp        checksum        integer yes
        !           984: .It udp        do_loopback_cksum       integer yes
        !           985: .It udp        recvspace       integer yes
        !           986: .It udp        sendspace       integer yes
        !           987: .El
        !           988: .Pp
        !           989: The variables are as follows:
        !           990: .Bl -tag -width "123456"
        !           991: .It Li arp.down
        !           992: Failed ARP entry lifetime.
        !           993: .It Li arp.keep
        !           994: Valid ARP entry lifetime.
        !           995: .It Li arp.prune
        !           996: ARP cache pruning interval.
        !           997: .It Li arp.refresh
        !           998: ARP entry refresh interval.
        !           999: .It Li carp.allow
        !          1000: If set to 0, incoming
        !          1001: .Xr carp 4
        !          1002: packets will not be processed.
        !          1003: If set to any other value, processing will occur.
        !          1004: Enabled by default.
        !          1005: .It Li carp.arpbalance
        !          1006: If set to any value other than 0, the ARP balancing functionality of
        !          1007: .Xr carp 4
        !          1008: is enabled.
        !          1009: When ARP requests are received for an IP address which is part of any virtual
        !          1010: host, carp will hash the source IP in the ARP request to select one of the
        !          1011: virtual hosts from the set of all the virtual hosts which have that IP address.
        !          1012: The master of that host will respond with the correct virtual MAC address.
        !          1013: Disabled by default.
        !          1014: .It Li carp.log
        !          1015: If set to any value other than 0,
        !          1016: .Xr carp 4
        !          1017: will log errors.
        !          1018: Disabled by default.
        !          1019: .It Li carp.preempt
        !          1020: If set to 0,
        !          1021: .Xr carp 4
        !          1022: will not attempt to become master if it is receiving advertisements from
        !          1023: another active master.
        !          1024: If set to any other value, carp will become master of the virtual host if it
        !          1025: believes it can send advertisements more frequently than the current master.
        !          1026: Disabled by default.
        !          1027: .It Li ip.allowsrcrt
        !          1028: If set to 1, the host accepts source routed packets.
        !          1029: .It Li ip.anonportmax
        !          1030: The highest port number to use for TCP and UDP ephemeral port allocation.
        !          1031: This cannot be set to less than 1024 or greater than 65535, and must
        !          1032: be greater than
        !          1033: .Li ip.anonportmin .
        !          1034: .It Li ip.anonportmin
        !          1035: The lowest port number to use for TCP and UDP ephemeral port allocation.
        !          1036: This cannot be set to less than 1024 or greater than 65535.
        !          1037: .It Li ip.checkinterface
        !          1038: If set to non-zero, the host will reject packets addressed to it
        !          1039: that arrive on an interface not bound to that address.
        !          1040: Currently, this must be disabled if ipnat is used to translate the
        !          1041: destination address to another local interface, or if addresses
        !          1042: are added to the loopback interface instead of the interface where
        !          1043: the packets for those packets are received.
        !          1044: .It Li ip.directed-broadcast
        !          1045: If set to 1, enables directed broadcast behavior for the host.
        !          1046: .It Li ip.do_loopback_cksum
        !          1047: Perform IP checksum on loopback.
        !          1048: .It Li ip.forwarding
        !          1049: If set to 1, enables IP forwarding for the host,
        !          1050: meaning that the host is acting as a router.
        !          1051: .It Li ip.forwsrcrt
        !          1052: If set to 1, enables forwarding of source-routed packets for the host.
        !          1053: This value may only be changed if the kernel security level is less than 1.
        !          1054: .It Li ip.gifttl
        !          1055: The maximum time-to-live (hop count) value for an IPv4 packet generated by
        !          1056: .Xr gif 4
        !          1057: tunnel interface.
        !          1058: .It Li ip.grettl
        !          1059: The maximum time-to-live (hop count) value for an IPv4 packet generated by
        !          1060: .Xr gre 4
        !          1061: tunnel interface.
        !          1062: .It Li ip.hostzerobroadcast
        !          1063: All zeroes address is broadcast address.
        !          1064: .It Li ip.lowportmax
        !          1065: The highest port number to use for TCP and UDP reserved port allocation.
        !          1066: This cannot be set to less than 0 or greater than 1024, and must
        !          1067: be greater than
        !          1068: .Li ip.lowportmin .
        !          1069: .It Li ip.lowportmin
        !          1070: The lowest port number to use for TCP and UDP reserved port allocation.
        !          1071: This cannot be set to less than 0 or greater than 1024, and must
        !          1072: be smaller than
        !          1073: .Li ip.lowportmax .
        !          1074: .It Li ip.maxflows
        !          1075: IP Fast Forwarding is enabled by default.
        !          1076: If set to 0, IP Fast Forwarding is disabled.
        !          1077: .Li ip.maxflows
        !          1078: controls the maximum amount of flows which can be created.
        !          1079: The default value is 256.
        !          1080: .It Li ip.maxfragpackets
        !          1081: The maximum number of fragmented packets the node will accept.
        !          1082: 0 means that the node will not accept any fragmented packets.
        !          1083: \-1 means that the node will accept as many fragmented packets as it receives.
        !          1084: The flag is provided basically for avoiding possible DoS attacks.
        !          1085: .It Li ip.mtudisc
        !          1086: If set to 1, enables Path MTU Discovery (RFC 1191).
        !          1087: When Path MTU Discovery is enabled, the transmitted TCP segment
        !          1088: size will be determined by the advertised maximum segment size
        !          1089: (MSS) from the remote end, as constrained by the path MTU.
        !          1090: If MTU Discovery is disabled, the transmitted segment size will
        !          1091: never be greater than
        !          1092: .Li tcp.mssdflt
        !          1093: (the local maximum segment size).
        !          1094: .It Li ip.mtudisctimeout
        !          1095: The number of seconds in which a route added by the Path MTU
        !          1096: Discovery engine will time out.
        !          1097: When the route times out, the Path
        !          1098: MTU Discovery engine will attempt to probe a larger path MTU.
        !          1099: .It Li ip.random_id
        !          1100: Assign random ip_id values.
        !          1101: .It Li ip.redirect
        !          1102: If set to 1, ICMP redirects may be sent by the host.
        !          1103: This option is ignored unless the host is routing IP packets,
        !          1104: and should normally be enabled on all systems.
        !          1105: .It Li ip.subnetsarelocal
        !          1106: If set to 1, subnets are to be considered local addresses.
        !          1107: .It Li ip.ttl
        !          1108: The maximum time-to-live (hop count) value for an IP packet sourced by
        !          1109: the system.
        !          1110: This value applies to normal transport protocols, not to ICMP.
        !          1111: .It Li icmp.errppslimit
        !          1112: The variable specifies the maximum number of outgoing ICMP error messages,
        !          1113: per second.
        !          1114: ICMP error messages that exceeded the value are subject to rate limitation
        !          1115: and will not go out from the node.
        !          1116: Negative value disables rate limitation.
        !          1117: .It Li icmp.maskrepl
        !          1118: If set to 1, ICMP network mask requests are to be answered.
        !          1119: .It Li icmp.rediraccept
        !          1120: If set to non-zero, the host will accept ICMP redirect packets.
        !          1121: Note that routers will never accept ICMP redirect packets,
        !          1122: and the variable is meaningful on IP hosts only.
        !          1123: .It Li icmp.redirtimeout
        !          1124: The variable specifies lifetime of routing entries generated by incoming
        !          1125: ICMP redirect.
        !          1126: This defaults to 600 seconds.
        !          1127: .It Li icmp.returndatabytes
        !          1128: Number of bytes to return in an ICMP error message.
        !          1129: .It Li tcp.ack_on_push
        !          1130: If set to 1, TCP is to immediately transmit an ACK upon reception of
        !          1131: a packet with PUSH set.
        !          1132: This can avoid losing a round trip time in some rare situations,
        !          1133: but has the caveat of potentially defeating TCP's delayed ACK algorithm.
        !          1134: Use of this option is generally not recommended, but
        !          1135: the variable exists in case your configuration really needs it.
        !          1136: .It Li tcp.compat_42
        !          1137: If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation.
        !          1138: Use of this option is not recommended, although it may be
        !          1139: required in order to communicate with extremely old TCP implementations.
        !          1140: .It Li tcp.cwm
        !          1141: If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window
        !          1142: Monitoring algorithm.
        !          1143: This algorithm prevents line-rate bursts of packets that could
        !          1144: otherwise occur when data begins flowing on an idle TCP connection.
        !          1145: These line-rate bursts can contribute to network and router congestion.
        !          1146: This can be particularly useful on World Wide Web servers
        !          1147: which support HTTP/1.1, which has lingering connections.
        !          1148: .It Li tcp.cwm_burstsize
        !          1149: The Congestion Window Monitoring allowed burst size, in terms
        !          1150: of packet count.
        !          1151: .It Li tcp.delack_ticks
        !          1152: Number of ticks to delay sending an ACK.
        !          1153: .It Li tcp.do_loopback_cksum
        !          1154: Perform TCP checksum on loopback.
        !          1155: .It Li tcp.init_win
        !          1156: A value indicating the TCP initial congestion window.
        !          1157: If this value is 0, an auto-tuning algorithm designed to use an initial
        !          1158: window of approximately 4K bytes is in use.
        !          1159: Otherwise, this value indicates a fixed number of packets.
        !          1160: .It Li tcp.init_win_local
        !          1161: Like
        !          1162: .Li tcp.init_win ,
        !          1163: but used when communicating with hosts on a local network.
        !          1164: .It Li tcp.keepcnt
        !          1165: Number of keepalive probes sent before declaring a connection dead.
        !          1166: If set to zero, there is no limit;
        !          1167: keepalives will be sent until some kind of
        !          1168: response is received from the peer.
        !          1169: .It Li tcp.keepidle
        !          1170: Time a connection must be idle before keepalives are sent (if keepalives
        !          1171: are enabled for the connection).
        !          1172: See also tcp.slowhz.
        !          1173: .It Li tcp.keepintvl
        !          1174: Time after a keepalive probe is sent until, in the absence of any response,
        !          1175: another probe is sent.
        !          1176: See also tcp.slowhz.
        !          1177: .It Li tcp.log_refused
        !          1178: If set to 1, refused TCP connections to the host will be logged.
        !          1179: .It Li tcp.mss_ifmtu
        !          1180: If set to 1, TCP calculates the outgoing maximum segment size based on
        !          1181: the MTU of the appropriate interface.
        !          1182: If set to 0, it is calculated based on the greater of the MTU of the
        !          1183: interface, and the largest (non-loopback) interface MTU on the system.
        !          1184: .It Li tcp.mssdflt
        !          1185: The default maximum segment size both advertised to the peer
        !          1186: and to use when either the peer does not advertise a maximum segment size to
        !          1187: us during connection setup or Path MTU Discovery
        !          1188: .Li ( ip.mtudisc )
        !          1189: is disabled.
        !          1190: Do not change this value unless you really know what you are doing.
        !          1191: .It Li tcp.newreno
        !          1192: If set to 1, enables the use of J.
        !          1193: Hoe's NewReno congestion control algorithm.
        !          1194: This algorithm improves the start-up behavior of TCP connections.
        !          1195: .It Li tcp.recvspace
        !          1196: The default TCP receive buffer size.
        !          1197: .It Li tcp.rfc1323
        !          1198: If set to 1, enables RFC 1323 extensions to TCP.
        !          1199: .It Li tcp.rstppslimit
        !          1200: The variable specifies the maximum number of outgoing TCP RST packets,
        !          1201: per second.
        !          1202: TCP RST packet that exceeded the value are subject to rate limitation
        !          1203: and will not go out from the node.
        !          1204: Negative value disables rate limitation.
        !          1205: .It Li tcp.sack.enable
        !          1206: If set to 1, enables RFC 2018 Selective ACKnowledgement.
        !          1207: .It Li tcp.sack.globalholes
        !          1208: Global number of TCP SACK holes.
        !          1209: .It Li tcp.sack.globalmaxholes
        !          1210: Global maximum number of TCP SACK holes.
        !          1211: .It Li tcp.sack.maxholes
        !          1212: Maximum number of TCP SACK holes allowed per connection.
        !          1213: .It Li tcp.ecn.enable
        !          1214: If set to 1, enables RFC 3168 Explicit Congestion Notification.
        !          1215: .It Li tcp.ecn.maxretries
        !          1216: Number of times to retry sending the ECN-setup packet.
        !          1217: .It Li tcp.sendspace
        !          1218: The default TCP send buffer size.
        !          1219: .It Li tcp.slowhz
        !          1220: The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks
        !          1221: of a clock that ticks tcp.slowhz times per second.
        !          1222: (That is, their values
        !          1223: must be divided by the tcp.slowhz value to get times in seconds.)
        !          1224: .It Li tcp.syn_bucket_limit
        !          1225: The maximum number of entries allowed per hash bucket in the TCP
        !          1226: compressed state engine.
        !          1227: .It Li tcp.syn_cache_limit
        !          1228: The maximum number of entries allowed in the TCP compressed state
        !          1229: engine.
        !          1230: .It Li tcp.timestamps
        !          1231: If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options,
        !          1232: used for measuring TCP round trip times, are enabled.
        !          1233: .It Li tcp.win_scale
        !          1234: If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options,
        !          1235: for increasing the TCP window size, are enabled.
        !          1236: .It Li tcp.congctl.available
        !          1237: The available TCP congestion control algorithms.
        !          1238: .It Li tcp.congctl.selected
        !          1239: The currently selected TCP congestion control algorithm.
        !          1240: .It Li tcp.abc.enable
        !          1241: If set to 1, use RFC 3465 Appropriate Byte Counting (ABC).
        !          1242: If set to 0, use traditional Packet Counting.
        !          1243: .It Li tcp.abc.aggressive
        !          1244: Choose the L parameter found in RFC 3465.
        !          1245: L is the maximum cwnd increase for an ack during slow start.
        !          1246: If set to 1, use L=2*SMSS.
        !          1247: If set to 0, use L=1*SMSS.
        !          1248: It has no effect unless tcp.abc.enable is set to 1.
        !          1249: .It Li udp.checksum
        !          1250: If set to 1, UDP checksums are being computed.
        !          1251: Received non-zero UDP checksums are always checked.
        !          1252: Disabling UDP checksums is strongly discouraged.
        !          1253: .It Li udp.sendspace
        !          1254: The default UDP send buffer size.
        !          1255: .It Li udp.recvspace
        !          1256: The default UDP receive buffer size.
        !          1257: .El
        !          1258: .Pp
        !          1259: For variables net.*.ipsec, please refer to
        !          1260: .Xr ipsec 4 .
        !          1261: .It Li net.inet6 ( PF_INET6 )
        !          1262: Get or set various global information about the IPv6
        !          1263: .Pq Internet Protocol version 6 .
        !          1264: The third level name is the protocol.
        !          1265: The fourth level name is the variable name.
        !          1266: The currently defined protocols and names are:
        !          1267: .Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent
        !          1268: .It Sy Protocol name   Variable name   Type    Changeable
        !          1269: .It icmp6      errppslimit     integer yes
        !          1270: .It icmp6      mtudisc_hiwat   integer yes
        !          1271: .It icmp6      mtudisc_lowat   integer yes
        !          1272: .It icmp6      nd6_debug       integer yes
        !          1273: .It icmp6      nd6_delay       integer yes
        !          1274: .It icmp6      nd6_maxnudhint  integer yes
        !          1275: .It icmp6      nd6_mmaxtries   integer yes
        !          1276: .It icmp6      nd6_prune       integer yes
        !          1277: .It icmp6      nd6_umaxtries   integer yes
        !          1278: .It icmp6      nd6_useloopback integer yes
        !          1279: .It icmp6      nodeinfo        integer yes
        !          1280: .It icmp6      rediraccept     integer yes
        !          1281: .It icmp6      redirtimeout    integer yes
        !          1282: .It ip6        accept_rtadv    integer yes
        !          1283: .It ip6        anonportmax     integer yes
        !          1284: .It ip6        anonportmin     integer yes
        !          1285: .It ip6        auto_flowlabel  integer yes
        !          1286: .It ip6        dad_count       integer yes
        !          1287: .It ip6        defmcasthlim    integer yes
        !          1288: .It ip6        forwarding      integer yes
        !          1289: .It ip6        gifhlim integer yes
        !          1290: .It ip6        hlim    integer yes
        !          1291: .It ip6        hdrnestlimit    integer yes
        !          1292: .It ip6        kame_version    string  no
        !          1293: .It ip6        keepfaith       integer yes
        !          1294: .It ip6        log_interval    integer yes
        !          1295: .It ip6        lowportmax      integer yes
        !          1296: .It ip6        lowportmin      integer yes
        !          1297: .It ip6        maxfragpackets  integer yes
        !          1298: .It ip6        maxfrags        integer yes
        !          1299: .It ip6        redirect        integer yes
        !          1300: .It ip6        rr_prune        integer yes
        !          1301: .It ip6        use_deprecated  integer yes
        !          1302: .It ip6        v6only  integer yes
        !          1303: .It udp6       do_loopback_cksum       integer yes
        !          1304: .It udp6       recvspace       integer yes
        !          1305: .It udp6       sendspace       integer yes
        !          1306: .El
        !          1307: .Pp
        !          1308: The variables are as follows:
        !          1309: .Bl -tag -width "123456"
        !          1310: .It Li ip6.accept_rtadv
        !          1311: If set to non-zero, the node will accept ICMPv6 router advertisement packets
        !          1312: and autoconfigures address prefixes and default routers.
        !          1313: The node must be a host
        !          1314: .Pq not a router
        !          1315: for the option to be meaningful.
        !          1316: .It Li ip6.anonportmax
        !          1317: The highest port number to use for TCP and UDP ephemeral port allocation.
        !          1318: This cannot be set to less than 1024 or greater than 65535, and must
        !          1319: be greater than
        !          1320: .Li ip6.anonportmin .
        !          1321: .It Li ip6.anonportmin
        !          1322: The lowest port number to use for TCP and UDP ephemeral port allocation.
        !          1323: This cannot be set to less than 1024 or greater than 65535.
        !          1324: .It Li ip6.auto_flowlabel
        !          1325: On connected transport protocol packets,
        !          1326: fill IPv6 flowlabel field to help intermediate routers to identify packet flows.
        !          1327: .It Li ip6.dad_count
        !          1328: The variable configures number of IPv6 DAD
        !          1329: .Pq duplicated address detection
        !          1330: probe packets.
        !          1331: The packets will be generated when IPv6 interface addresses are configured.
        !          1332: .It Li ip6.defmcasthlim
        !          1333: The default hop limit value for an IPv6 multicast packet sourced by the node.
        !          1334: This value applies to all the transport protocols on top of IPv6.
        !          1335: There are APIs to override the value, as documented in
        !          1336: .Xr ip6 4 .
        !          1337: .It Li ip6.forwarding
        !          1338: If set to 1, enables IPv6 forwarding for the node,
        !          1339: meaning that the node is acting as a router.
        !          1340: If set to 0, disables IPv6 forwarding for the node,
        !          1341: meaning that the node is acting as a host.
        !          1342: IPv6 specification defines node behavior for
        !          1343: .Dq router
        !          1344: case and
        !          1345: .Dq host
        !          1346: case quite differently, and changing this variable during operation
        !          1347: may cause serious trouble.
        !          1348: It is recommended to configure the variable at bootstrap time,
        !          1349: and bootstrap time only.
        !          1350: .It Li ip6.gifhlim
        !          1351: The maximum hop limit value for an IPv6 packet generated by
        !          1352: .Xr gif 4
        !          1353: tunnel interface.
        !          1354: .It Li ip6.hdrnestlimit
        !          1355: The number of IPv6 extension headers permitted on incoming IPv6 packets.
        !          1356: If set to 0, the node will accept as many extension headers as possible.
        !          1357: .It Li ip6.hlim
        !          1358: The default hop limit value for an IPv6 unicast packet sourced by the node.
        !          1359: This value applies to all the transport protocols on top of IPv6.
        !          1360: There are APIs to override the value, as documented in
        !          1361: .Xr ip6 4 .
        !          1362: .It Li ip6.kame_version
        !          1363: The string identifies the version of KAME IPv6 stack implemented in the kernel.
        !          1364: .It Li ip6.keepfaith
        !          1365: If set to non-zero, it enables
        !          1366: .Dq FAITH
        !          1367: TCP relay IPv6-to-IPv4 translator code in the kernel.
        !          1368: Refer
        !          1369: .Xr faith 4
        !          1370: and
        !          1371: .Xr faithd 8
        !          1372: for detail.
        !          1373: .It Li ip6.log_interval
        !          1374: The variable controls amount of logs generated by IPv6 packet
        !          1375: forwarding engine, by setting interval between log output
        !          1376: .Pq in seconds .
        !          1377: .It Li ip6.lowportmax
        !          1378: The highest port number to use for TCP and UDP reserved port allocation.
        !          1379: This cannot be set to less than 0 or greater than 1024, and must
        !          1380: be greater than
        !          1381: .Li ip6.lowportmin .
        !          1382: .It Li ip6.lowportmin
        !          1383: The lowest port number to use for TCP and UDP reserved port allocation.
        !          1384: This cannot be set to less than 0 or greater than 1024, and must
        !          1385: be smaller than
        !          1386: .Li ip6.lowportmax .
        !          1387: .It Li ip6.maxfragpackets
        !          1388: The maximum number of fragmented packets the node will accept.
        !          1389: 0 means that the node will not accept any fragmented packets.
        !          1390: \-1 means that the node will accept as many fragmented packets as it receives.
        !          1391: The flag is provided basically for avoiding possible DoS attacks.
        !          1392: .It Li ip6.maxfrags
        !          1393: The maximum number of fragments the node will accept.
        !          1394: 0 means that the node will not accept any fragments.
        !          1395: \-1 means that the node will accept as many fragments as it receives.
        !          1396: The flag is provided basically for avoiding possible DoS attacks.
        !          1397: .It Li ip6.redirect
        !          1398: If set to 1, ICMPv6 redirects may be sent by the node.
        !          1399: This option is ignored unless the node is routing IP packets,
        !          1400: and should normally be enabled on all systems.
        !          1401: .It Li ip6.rr_prune
        !          1402: The variable specifies interval between IPv6 router renumbering prefix
        !          1403: babysitting, in seconds.
        !          1404: .It Li ip6.use_deprecated
        !          1405: The variable controls use of deprecated address, specified in RFC 2462 5.5.4.
        !          1406: .It Li ip6.v6only
        !          1407: The variable specifies initial value for
        !          1408: .Dv IPV6_V6ONLY
        !          1409: socket option for
        !          1410: .Dv AF_INET6
        !          1411: socket.
        !          1412: Please refer to
        !          1413: .Xr ip6 4
        !          1414: for detail.
        !          1415: .It Li icmp6.errppslimit
        !          1416: The variable specifies the maximum number of outgoing ICMPv6 error messages,
        !          1417: per second.
        !          1418: ICMPv6 error messages that exceeded the value are subject to rate limitation
        !          1419: and will not go out from the node.
        !          1420: Negative value disables rate limitation.
        !          1421: .It Li icmp6.mtudisc_hiwat
        !          1422: .It Li icmp6.mtudisc_lowat
        !          1423: The variables define the maximum number of routing table entries,
        !          1424: created due to path MTU discovery
        !          1425: .Pq prevents denial-of-service attacks with ICMPv6 too big messages .
        !          1426: When IPv6 path MTU discovery happens, we keep path MTU information into
        !          1427: the routing table.
        !          1428: If the number of routing table entries exceed the value,
        !          1429: the kernel will not attempt to keep the path MTU information.
        !          1430: .Li icmp6.mtudisc_hiwat
        !          1431: is used when we have verified ICMPv6 too big messages.
        !          1432: .Li icmp6.mtudisc_lowat
        !          1433: is used when we have unverified ICMPv6 too big messages.
        !          1434: Verification is performed by using address/port pairs kept in connected pcbs.
        !          1435: Negative value disables the upper limit.
        !          1436: .It Li icmp6.nd6_debug
        !          1437: If set to non-zero, kernel IPv6 neighbor discovery code will generate
        !          1438: debugging messages.
        !          1439: The debug outputs are useful to diagnose IPv6 interoperability issues.
        !          1440: The flag must be set to 0 for normal operation.
        !          1441: .It Li icmp6.nd6_delay
        !          1442: The variable specifies
        !          1443: .Dv DELAY_FIRST_PROBE_TIME
        !          1444: timing constant in IPv6 neighbor discovery specification
        !          1445: .Pq RFC 2461 ,
        !          1446: in seconds.
        !          1447: .It Li icmp6.nd6_maxnudhint
        !          1448: IPv6 neighbor discovery permits upper layer protocols to supply reachability
        !          1449: hints, to avoid unnecessary neighbor discovery exchanges.
        !          1450: The variable defines the number of consecutive hints the neighbor discovery
        !          1451: layer will take.
        !          1452: For example, by setting the variable to 3, neighbor discovery layer
        !          1453: will take 3 consecutive hints in maximum.
        !          1454: After receiving 3 hints, neighbor discovery layer will perform
        !          1455: normal neighbor discovery process.
        !          1456: .It Li icmp6.nd6_mmaxtries
        !          1457: The variable specifies
        !          1458: .Dv MAX_MULTICAST_SOLICIT
        !          1459: constant in IPv6 neighbor discovery specification
        !          1460: .Pq RFC 2461 .
        !          1461: .It Li icmp6.nd6_prune
        !          1462: The variable specifies interval between IPv6 neighbor cache babysitting,
        !          1463: in seconds.
        !          1464: .It Li icmp6.nd6_umaxtries
        !          1465: The variable specifies
        !          1466: .Dv MAX_UNICAST_SOLICIT
        !          1467: constant in IPv6 neighbor discovery specification
        !          1468: .Pq RFC 2461 .
        !          1469: .It Li icmp6.nd6_useloopback
        !          1470: If set to non-zero, kernel IPv6 stack will use loopback interface for
        !          1471: local traffic.
        !          1472: .It Li icmp6.nodeinfo
        !          1473: The variable enables responses to ICMPv6 node information queries.
        !          1474: If you set the variable to 0, responses will not be generated for
        !          1475: ICMPv6 node information queries.
        !          1476: Since node information queries can have a security impact, it is
        !          1477: possible to fine tune which responses should be answered.
        !          1478: Two separate bits can be set.
        !          1479: .Bl -tag -width "12345"
        !          1480: .It 1
        !          1481: Respond to ICMPv6 FQDN queries, e.g.
        !          1482: .Li ping6 -w .
        !          1483: .It 2
        !          1484: Respond to ICMPv6 node addresses queries, e.g.
        !          1485: .Li ping6 -a .
        !          1486: .El
        !          1487: .It Li icmp6.rediraccept
        !          1488: If set to non-zero, the host will accept ICMPv6 redirect packets.
        !          1489: Note that IPv6 routers will never accept ICMPv6 redirect packets,
        !          1490: and the variable is meaningful on IPv6 hosts
        !          1491: .Pq non-router
        !          1492: only.
        !          1493: .It Li icmp6.redirtimeout
        !          1494: The variable specifies lifetime of routing entries generated by incoming
        !          1495: ICMPv6 redirect.
        !          1496: .It Li udp6.do_loopback_cksum
        !          1497: Perform UDP checksum on loopback.
        !          1498: .It Li udp6.recvspace
        !          1499: Default UDP receive buffer size.
        !          1500: .It Li udp6.sendspace
        !          1501: Default UDP send buffer size.
        !          1502: .El
        !          1503: .Pp
        !          1504: We reuse net.*.tcp for
        !          1505: .Tn TCP
        !          1506: over
        !          1507: .Tn IPv6 ,
        !          1508: and therefore we do not have variables net.*.tcp6.
        !          1509: Variables net.inet6.udp6 have identical meaning to net.inet.udp.
        !          1510: Please refer to
        !          1511: .Li PF_INET
        !          1512: section above.
        !          1513: For variables net.*.ipsec6, please refer to
        !          1514: .Xr ipsec 4 .
        !          1515: .It Li net.key ( PF_KEY )
        !          1516: Get or set various global information about the IPsec key management.
        !          1517: The third level name is the variable name.
        !          1518: The currently defined variable and names are:
        !          1519: .Bl -column "blockacq_lifetime" "integer" "yes" -offset indent
        !          1520: .It Sy Variable name   Type    Changeable
        !          1521: .It debug      integer yes
        !          1522: .It spi_try    integer yes
        !          1523: .It spi_min_value      integer yes
        !          1524: .It spi_max_value      integer yes
        !          1525: .It larval_lifetime    integer yes
        !          1526: .It blockacq_count     integer yes
        !          1527: .It blockacq_lifetime  integer yes
        !          1528: .It esp_keymin integer yes
        !          1529: .It esp_auth   integer yes
        !          1530: .It ah_keymin  integer yes
        !          1531: .El
        !          1532: The variables are as follows:
        !          1533: .Bl -tag -width "123456"
        !          1534: .It Li debug
        !          1535: Turn on debugging message from within the kernel.
        !          1536: The value is a bitmap, as defined in
        !          1537: .Pa /usr/include/netkey/key_debug.h .
        !          1538: .It Li spi_try
        !          1539: The number of times the kernel will try to obtain an unique SPI
        !          1540: when it generates it from random number generator.
        !          1541: .It Li spi_min_value
        !          1542: Minimum SPI value when generating it within the kernel.
        !          1543: .It Li spi_max_value
        !          1544: Maximum SPI value when generating it within the kernel.
        !          1545: .It Li larval_lifetime
        !          1546: Lifetime for LARVAL SAD entries, in seconds.
        !          1547: .It Li blockacq_count
        !          1548: Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message.
        !          1549: It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the
        !          1550: key management daemon.
        !          1551: .It Li blockacq_lifetime
        !          1552: Lifetime of ACQUIRE PF_KEY message.
        !          1553: .It Li esp_keymin
        !          1554: Minimum ESP key length, in bits.
        !          1555: The value is used when the kernel creates proposal payload
        !          1556: on ACQUIRE PF_KEY message.
        !          1557: .It Li esp_auth
        !          1558: Whether ESP authentication should be used or not.
        !          1559: Non-zero value indicates that ESP authentication should be used.
        !          1560: The value is used when the kernel creates proposal payload
        !          1561: on ACQUIRE PF_KEY message.
        !          1562: .It Li ah_keymin
        !          1563: Minimum AH key length, in bits,
        !          1564: The value is used when the kernel creates proposal payload
        !          1565: on ACQUIRE PF_KEY message.
        !          1566: .El
        !          1567: .El
        !          1568: .Sh The proc.* subtree
        !          1569: The string and integer information available for the
        !          1570: .Li proc
        !          1571: level is detailed below.
        !          1572: The changeable column shows whether a process with appropriate
        !          1573: privilege may change the value.
        !          1574: These values are per-process,
        !          1575: and as such may change from one process to another.
        !          1576: When a process is created,
        !          1577: the default values are inherited from its parent.
        !          1578: When a set-user-ID or set-group-ID binary is executed, the
        !          1579: value of PROC_PID_CORENAME is reset to the system default value.
        !          1580: The second level name is either the magic value PROC_CURPROC, which
        !          1581: points to the current process, or the PID of the target process.
        !          1582: .Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent
        !          1583: .It Sy Third level name        Type    Changeable
        !          1584: .It proc.pid.corename  string  yes
        !          1585: .It proc.pid.rlimit    node    not applicable
        !          1586: .It proc.pid.stopfork  int     yes
        !          1587: .It proc.pid.stopexec  int     yes
        !          1588: .It proc.pid.stopexit  int     yes
        !          1589: .El
        !          1590: .Bl -tag -width "123456"
        !          1591: .Pp
        !          1592: .It Li proc.pid.corename ( PROC_PID_CORENAME )
        !          1593: The template used for the core dump file name (see
        !          1594: .Xr core 5
        !          1595: for details).
        !          1596: The base name must either be
        !          1597: .Nm core
        !          1598: or end with the suffix ``.core'' (the super-user may set arbitrary names).
        !          1599: By default it points to KERN_DEFCORENAME.
        !          1600: .It Li proc.pid.rlimit ( PROC_PID_LIMIT )
        !          1601: Return resources limits, as defined for the
        !          1602: .Xr getrlimit 2
        !          1603: and
        !          1604: .Xr setrlimit 2
        !          1605: system calls.
        !          1606: The fourth level name is one of:
        !          1607: .Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA
        !          1608: .It Li proc.pid.rlimit.cputime ( PROC_PID_LIMIT_CPU )
        !          1609: The maximum amount of CPU time (in seconds) to be used by each process.
        !          1610: .It Li proc.pid.rlimit.filesize ( PROC_PID_LIMIT_FSIZE )
        !          1611: The largest size (in bytes) file that may be created.
        !          1612: .It Li proc.pid.rlimit.datasize ( PROC_PID_LIMIT_DATA )
        !          1613: The maximum size (in bytes) of the data segment for a process;
        !          1614: this defines how far a program may extend its break with the
        !          1615: .Xr sbrk 2
        !          1616: system call.
        !          1617: .It Li proc.pid.rlimit.stacksize ( PROC_PID_LIMIT_STACK )
        !          1618: The maximum size (in bytes) of the stack segment for a process;
        !          1619: this defines how far a program's stack segment may be extended.
        !          1620: Stack extension is performed automatically by the system.
        !          1621: .It Li proc.pid.rlimit.coredumpsize ( PROC_PID_LIMIT_CORE )
        !          1622: The largest size (in bytes)
        !          1623: .Pa core
        !          1624: file that may be created.
        !          1625: .It Li proc.pid.rlimit.memoryuse ( PROC_PID_LIMIT_RSS )
        !          1626: The maximum size (in bytes) to which a process's resident set size may
        !          1627: grow.
        !          1628: This imposes a limit on the amount of physical memory to be given to
        !          1629: a process; if memory is tight, the system will prefer to take memory
        !          1630: from processes that are exceeding their declared resident set size.
        !          1631: .It Li proc.pid.rlimit.memorylocked ( PROC_PID_LIMIT_MEMLOCK )
        !          1632: The maximum size (in bytes) which a process may lock into memory
        !          1633: using the
        !          1634: .Xr mlock 2
        !          1635: function.
        !          1636: .It Li proc.pid.rlimit.maxproc ( PROC_PID_LIMIT_NPROC )
        !          1637: The maximum number of simultaneous processes for this user id.
        !          1638: .It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE )
        !          1639: The maximum number of open files for this process.
        !          1640: .\" XXX proc.pid.rlimit.sbsize
        !          1641: .El
        !          1642: .Pp
        !          1643: The fifth level name is one of
        !          1644: .Li soft ( PROC_PID_LIMIT_TYPE_SOFT ) or
        !          1645: .Li hard ( PROC_PID_LIMIT_TYPE_HARD ) ,
        !          1646: to select respectively the soft or hard limit.
        !          1647: Both are of type integer.
        !          1648: .It Li proc.pid.stopfork ( PROC_PID_STOPFORK )
        !          1649: If non zero, the process' children will be stopped after
        !          1650: .Xr fork 2
        !          1651: calls.
        !          1652: The children is created in the SSTOP state and is never scheduled
        !          1653: for running before being stopped.
        !          1654: This feature helps attaching a process with a debugger such as
        !          1655: .Xr gdb 1
        !          1656: before it had the opportunity to actually do anything.
        !          1657: .Pp
        !          1658: This value is inherited by the process's children, and it also
        !          1659: apply to emulation specific system calls that fork a new process, such as
        !          1660: .Fn sproc
        !          1661: or
        !          1662: .Fn clone .
        !          1663: .It Li proc.pid.stopexec ( PROC_PID_STOPEXEC )
        !          1664: If non zero, the process will be stopped on next
        !          1665: .Xr exec 3
        !          1666: call.
        !          1667: The process created by
        !          1668: .Xr exec 3
        !          1669: is created in the SSTOP state and is never scheduled for running
        !          1670: before being stopped.
        !          1671: This feature helps attaching a process with a debugger such as
        !          1672: .Xr gdb 1
        !          1673: before it had the opportunity to actually do anything.
        !          1674: .Pp
        !          1675: This value is inherited by the process's children.
        !          1676: .It Li proc.pid.stopexit ( PROC_PID_STOPEXIT )
        !          1677: If non zero, the process will be stopped on when it has cause to exit,
        !          1678: either by way of calling
        !          1679: .Xr exit 3 ,
        !          1680: .Xr _exit 2 ,
        !          1681: or by the receipt of a specific signal.
        !          1682: The process is stopped before any of its resources or vm space is
        !          1683: released allowing examination of the termination state of a process
        !          1684: before it disappears.
        !          1685: This feature can be used to examine the final conditions of the
        !          1686: process's vmspace via
        !          1687: .Xr pmap 1
        !          1688: or its resource settings with
        !          1689: .Xr sysctl 8
        !          1690: before it disappears.
        !          1691: .Pp
        !          1692: This value is also inherited by the process's children.
        !          1693: .El
        !          1694: .Sh The user.* subtree ( CTL_USER )
        !          1695: The string and integer information available for the
        !          1696: .Li user
        !          1697: level is detailed below.
        !          1698: The changeable column shows whether a process with appropriate
        !          1699: privilege may change the value.
        !          1700: .Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent
        !          1701: .It Sy Second level name       Type    Changeable
        !          1702: .It user.atexit_max    integer no
        !          1703: .It user.bc_base_max   integer no
        !          1704: .It user.bc_dim_max    integer no
        !          1705: .It user.bc_scale_max  integer no
        !          1706: .It user.bc_string_max integer no
        !          1707: .It user.coll_weights_max      integer no
        !          1708: .It user.cs_path       string  no
        !          1709: .It user.expr_nest_max integer no
        !          1710: .It user.line_max      integer no
        !          1711: .It user.posix2_c_bind integer no
        !          1712: .It user.posix2_c_dev  integer no
        !          1713: .It user.posix2_char_term      integer no
        !          1714: .It user.posix2_fort_dev       integer no
        !          1715: .It user.posix2_fort_run       integer no
        !          1716: .It user.posix2_localedef      integer no
        !          1717: .It user.posix2_sw_dev integer no
        !          1718: .It user.posix2_upe    integer no
        !          1719: .It user.posix2_version        integer no
        !          1720: .It user.re_dup_max    integer no
        !          1721: .It user.stream_max    integer no
        !          1722: .It user.stream_max    integer no
        !          1723: .It user.tzname_max    integer no
        !          1724: .El
        !          1725: .Bl -tag -width "123456"
        !          1726: .Pp
        !          1727: .It Li user.atexit_max ( USER_ATEXIT_MAX )
        !          1728: The maximum number of functions that may be registered with
        !          1729: .Xr atexit 3 .
        !          1730: .It Li user.bc_base_max ( USER_BC_BASE_MAX )
        !          1731: The maximum ibase/obase values in the
        !          1732: .Xr bc 1
        !          1733: utility.
        !          1734: .It Li user.bc_dim_max ( USER_BC_DIM_MAX )
        !          1735: The maximum array size in the
        !          1736: .Xr bc 1
        !          1737: utility.
        !          1738: .It Li user.bc_scale_max ( USER_BC_SCALE_MAX )
        !          1739: The maximum scale value in the
        !          1740: .Xr bc 1
        !          1741: utility.
        !          1742: .It Li user.bc_string_max ( USER_BC_STRING_MAX )
        !          1743: The maximum string length in the
        !          1744: .Xr bc 1
        !          1745: utility.
        !          1746: .It Li user.coll_weights_max ( USER_COLL_WEIGHTS_MAX )
        !          1747: The maximum number of weights that can be assigned to any entry of
        !          1748: the LC_COLLATE order keyword in the locale definition file.
        !          1749: .It Li user.cs_path ( USER_CS_PATH )
        !          1750: Return a value for the
        !          1751: .Ev PATH
        !          1752: environment variable that finds all the standard utilities.
        !          1753: .It Li user.expr_nest_max ( USER_EXPR_NEST_MAX )
        !          1754: The maximum number of expressions that can be nested within
        !          1755: parenthesis by the
        !          1756: .Xr expr 1
        !          1757: utility.
        !          1758: .It Li user.line_max ( USER_LINE_MAX )
        !          1759: The maximum length in bytes of a text-processing utility's input
        !          1760: line.
        !          1761: .It Li user.posix2_char_term ( USER_POSIX2_CHAR_TERM )
        !          1762: Return 1 if the system supports at least one terminal type capable of
        !          1763: all operations described in POSIX 1003.2, otherwise 0.
        !          1764: .It Li user.posix2_c_bind ( USER_POSIX2_C_BIND )
        !          1765: Return 1 if the system's C-language development facilities support the
        !          1766: C-Language Bindings Option, otherwise 0.
        !          1767: .It Li user.posix2_c_dev ( USER_POSIX2_C_DEV )
        !          1768: Return 1 if the system supports the C-Language Development Utilities Option,
        !          1769: otherwise 0.
        !          1770: .It Li user.posix2_fort_dev ( USER_POSIX2_FORT_DEV )
        !          1771: Return 1 if the system supports the FORTRAN Development Utilities Option,
        !          1772: otherwise 0.
        !          1773: .It Li user.posix2_fort_run ( USER_POSIX2_FORT_RUN )
        !          1774: Return 1 if the system supports the FORTRAN Runtime Utilities Option,
        !          1775: otherwise 0.
        !          1776: .It Li user.posix2_localedef ( USER_POSIX2_LOCALEDEF )
        !          1777: Return 1 if the system supports the creation of locales, otherwise 0.
        !          1778: .It Li user.posix2_sw_dev ( USER_POSIX2_SW_DEV )
        !          1779: Return 1 if the system supports the Software Development Utilities Option,
        !          1780: otherwise 0.
        !          1781: .It Li user.posix2_upe ( USER_POSIX2_UPE )
        !          1782: Return 1 if the system supports the User Portability Utilities Option,
        !          1783: otherwise 0.
        !          1784: .It Li user.posix2_version ( USER_POSIX2_VERSION )
        !          1785: The version of POSIX 1003.2 with which the system attempts to comply.
        !          1786: .It Li user.re_dup_max ( USER_RE_DUP_MAX )
        !          1787: The maximum number of repeated occurrences of a regular expression
        !          1788: permitted when using interval notation.
        !          1789: .ne 1i
        !          1790: .It Li user.stream_max ( USER_STREAM_MAX )
        !          1791: The minimum maximum number of streams that a process may have open
        !          1792: at any one time.
        !          1793: .It Li user.tzname_max ( USER_TZNAME_MAX )
        !          1794: The minimum maximum number of types supported for the name of a
        !          1795: timezone.
        !          1796: .El
        !          1797: .Sh The vm.* subtree ( CTL_VM )
        !          1798: The string and integer information available for the
        !          1799: .Li vm
        !          1800: level is detailed below.
        !          1801: The changeable column shows whether a process with appropriate
        !          1802: privilege may change the value.
        !          1803: .Bl -column "Second level nameXXXXXX" "struct uvmexp_sysctlXXX" -offset indent
        !          1804: .It Sy Second level name       Type    Changeable
        !          1805: .It vm.anonmax int     yes
        !          1806: .It vm.anonmin int     yes
        !          1807: .It vm.bufcache        int     yes
        !          1808: .It vm.bufmem  int     no
        !          1809: .It vm.bufmem_hiwater  int     yes
        !          1810: .It vm.bufmem_lowater  int     yes
        !          1811: .It vm.execmax int     yes
        !          1812: .It vm.execmin int     yes
        !          1813: .It vm.filemax int     yes
        !          1814: .It vm.filemin int     yes
        !          1815: .It vm.loadavg struct loadavg  no
        !          1816: .It vm.maxslp  int     no
        !          1817: .It vm.nkmempages      int     no
        !          1818: .It vm.uspace  int     no
        !          1819: .It vm.uvmexp  struct uvmexp   no
        !          1820: .It vm.uvmexp2 struct uvmexp_sysctl    no
        !          1821: .It vm.vmmeter struct vmtotal  no
        !          1822: .El
        !          1823: .Pp
        !          1824: .Bl -tag -width "123456"
        !          1825: .It Li vm.anonmax ( VM_ANONMAX )
        !          1826: The percentage of physical memory which will be reclaimed
        !          1827: from other types of memory usage to store anonymous application data.
        !          1828: .It Li vm.anonmin ( VM_ANONMIN )
        !          1829: The percentage of physical memory which will be always be available for
        !          1830: anonymous application data.
        !          1831: .It Li vm.bufcache ( VM_BUFCACHE )
        !          1832: The percentage of physical memory which will be available
        !          1833: for the buffer cache.
        !          1834: .It Li vm.bufmem ( VM_BUFMEM )
        !          1835: The amount of kernel memory that is being used by the buffer cache.
        !          1836: .It Li vm.bufmem_lowater ( VM_BUFMEM_LOWATER )
        !          1837: The minimum amount of kernel memory to reserve for the
        !          1838: buffer cache.
        !          1839: .It Li vm.bufmem_hiwater ( VM_BUFMEM_HIWATER )
        !          1840: The maximum amount of kernel memory to be used for the
        !          1841: buffer cache.
        !          1842: .It Li vm.execmax ( VM_EXECMAX )
        !          1843: The percentage of physical memory which will be reclaimed
        !          1844: from other types of memory usage to store cached executable data.
        !          1845: .It Li vm.execmin ( VM_EXECMIN )
        !          1846: The percentage of physical memory which will be always be available for
        !          1847: cached executable data.
        !          1848: .It Li vm.filemax ( VM_FILEMAX )
        !          1849: The percentage of physical memory which will be reclaimed
        !          1850: from other types of memory usage to store cached file data.
        !          1851: .It Li vm.filemin ( VM_FILEMIN )
        !          1852: The percentage of physical memory which will be always be available for
        !          1853: cached file data.
        !          1854: .It Li vm.loadavg ( VM_LOADAVG )
        !          1855: Return the load average history.
        !          1856: The returned data consists of a
        !          1857: .Va struct loadavg .
        !          1858: .It Li vm.maxslp ( VM_MAXSLP )
        !          1859: The value of the maxslp kernel global variable.
        !          1860: .It Li vm.vmmeter ( VM_METER )
        !          1861: Return system wide virtual memory statistics.
        !          1862: The returned data consists of a
        !          1863: .Va struct vmtotal .
        !          1864: .It Li vm.uspace ( VM_USPACE )
        !          1865: The number of bytes allocated for each kernel stack.
        !          1866: .It Li vm.uvmexp ( VM_UVMEXP )
        !          1867: Return system wide virtual memory statistics.
        !          1868: The returned data consists of a
        !          1869: .Va struct uvmexp .
        !          1870: .It Li vm.uvmexp2 ( VM_UVMEXP2 )
        !          1871: Return system wide virtual memory statistics.
        !          1872: The returned data consists of a
        !          1873: .Va struct uvmexp_sysctl .
        !          1874: .\" XXX vm.idlezero
        !          1875: .El
        !          1876: .Sh The ddb.* subtree ( CTL_DDB )
        !          1877: The integer information available for the
        !          1878: .Li ddb
        !          1879: level is detailed below.
        !          1880: The changeable column shows whether a process with appropriate
        !          1881: privilege may change the value.
        !          1882: .\" XXX sort
        !          1883: .Bl -column "ddb.fromconsoleXXX" "integerXXX" -offset indent
        !          1884: .It Sy Second level name       Type    Changeable
        !          1885: .It ddb.radix  integer yes
        !          1886: .It ddb.maxoff integer yes
        !          1887: .It ddb.lines  integer yes
        !          1888: .It ddb.tabstops       integer yes
        !          1889: .It ddb.onpanic        integer yes
        !          1890: .It ddb.fromconsole    integer yes
        !          1891: .El
        !          1892: .Pp
        !          1893: .Bl -tag -width "123456"
        !          1894: .It Li ddb.radix ( DBCTL_RADIX )
        !          1895: The input and output radix.
        !          1896: .It Li ddb.maxoff ( DBCTL_MAXOFF )
        !          1897: The maximum symbol offset.
        !          1898: .It Li ddb.lines ( DBCTL_LINES )
        !          1899: Number of display lines.
        !          1900: .It Li ddb.tabstops ( DBCTL_TABSTOPS )
        !          1901: Tab width.
        !          1902: .It Li ddb.onpanic ( DBCTL_ONPANIC )
        !          1903: If non-zero, DDB will be entered when the kernel panics.
        !          1904: .It Li ddb.fromconsole ( DBCTL_FROMCONSOLE )
        !          1905: If not zero, DDB may be entered by sending a break on a serial
        !          1906: console or by a special key sequence on a graphics console.
        !          1907: .\" XXX tee_msgbuf maxwidth commandonenter
        !          1908: .El
        !          1909: .Pp
        !          1910: These MIB nodes are also available as variables from within the DDB.
        !          1911: See
        !          1912: .Xr ddb 4
        !          1913: for more details.
        !          1914: .Sh The security.* subtree ( CTL_SECURITY )
        !          1915: The
        !          1916: .Li security
        !          1917: level contains various security-related settings for
        !          1918: the system. Available settings are detailed below.
        !          1919: .Pp
        !          1920: .Bl -tag -width "123456"
        !          1921: .It Li security.curtain
        !          1922: If non-zero, will filter return objects according to the user-id
        !          1923: requesting information about them, preventing from users any
        !          1924: access to objects they don't own.
        !          1925: .Pp
        !          1926: At the moment, it affects
        !          1927: .Xr ps 1 ,
        !          1928: .Xr netstat 1
        !          1929: (for
        !          1930: .Dv PF_INET ,
        !          1931: .Dv PF_INET6 ,
        !          1932: and
        !          1933: .Dv PF_UNIX
        !          1934: PCBs), and
        !          1935: .Xr w 1 .
        !          1936: .It Li security.pax
        !          1937: Settings for PaX -- exploit mitigation features.
        !          1938: .Pp
        !          1939: .Bl -tag -width "123456"
        !          1940: .It Li security.pax.mprotect.enable
        !          1941: Enable PaX MPROTECT restrictions.
        !          1942: .Pp
        !          1943: These are
        !          1944: .Xr mprotect 2
        !          1945: restrictions to better enforce a W^X policy. The value of this
        !          1946: knob must be non-zero for PaX MPROTECT to be enabled, even if a
        !          1947: program is set to explicit enable.
        !          1948: .It Li security.pax.mprotect.global
        !          1949: Specifies the default global policy for programs without an
        !          1950: explicit enable/disable flag.
        !          1951: .Pp
        !          1952: When non-zero, all programs will get the PaX MPROTECT restrictions,
        !          1953: except those exempted with
        !          1954: .Xr paxctl 1  .
        !          1955: Otherwise, all programs will not get the PaX MPROTECT restrictions,
        !          1956: except those specifically marked as such with
        !          1957: .Xr paxctl 1 .
        !          1958: .It Li security.pax.segvguard.enable
        !          1959: Enable PaX Segvguard.
        !          1960: .Pp
        !          1961: Please see
        !          1962: .Xr security 8
        !          1963: for more information.
        !          1964: .Pp
        !          1965: PaX Segvguard can detect and prevent certain exploitation attempts, where
        !          1966: an attacker may try for example to brute-force function return addresses
        !          1967: of respawning daemons.
        !          1968: .Pp
        !          1969: .Em Note :
        !          1970: The
        !          1971: .Nx
        !          1972: interface and implementation of the Segvguard is still experimental, and may
        !          1973: change in future releases.
        !          1974: .It Li security.pax.segvguard.global
        !          1975: Specifies the default global policy for programs without an
        !          1976: explicit enable/disable flag.
        !          1977: .Pp
        !          1978: When non-zero, all programs will get the PaX Segvguard,
        !          1979: except those exempted with
        !          1980: .Xr paxctl 1  .
        !          1981: Otherwise, all programs will not get the PaX Segvguard restrictions,
        !          1982: except those specifically marked as such with
        !          1983: .Xr paxctl 1 .
        !          1984: .It Li security.pax.segvguard.expiry_timeout
        !          1985: If the max number was not reached within this timeout (in seconds), the entry
        !          1986: will expire.
        !          1987: .It Li security.pax.segvguard.suspend_timeout
        !          1988: Number of seconds to suspend a user from running a faulting program when the
        !          1989: limit was exceeded.
        !          1990: .It Li security.pax.segvguard.max_crashes
        !          1991: Max number of segfaults a program can receive before suspension.
        !          1992: .El
        !          1993: .El
        !          1994: .Sh The vendor.* subtree ( CTL_VENDOR )
        !          1995: The
        !          1996: .Li vendor
        !          1997: toplevel name is reserved to be used by vendors who wish to
        !          1998: have their own private MIB tree.
        !          1999: Intended use is to store values under
        !          2000: .Dq vendor.\*[Lt]yourname\*[Gt].* .
        !          2001: .Sh SEE ALSO
        !          2002: .Xr sysctl 3 ,
        !          2003: .Xr ipsec 4 ,
        !          2004: .Xr tcp 4 ,
        !          2005: .Xr security 8 ,
        !          2006: .Xr sysctl 8
        !          2007: .Sh HISTORY
        !          2008: The
        !          2009: .Nm
        !          2010: variables first appeared in
        !          2011: .Bx 4.4 .

CVSweb <webmaster@jp.NetBSD.org>