Annotation of src/share/man/man7/sysctl.7, Revision 1.134
1.134 ! kre 1: .\" $NetBSD: sysctl.7,v 1.133 2018/10/06 13:53:58 wiz Exp $
1.1 pavel 2: .\"
3: .\" Copyright (c) 1993
4: .\" The Regents of the University of California. All rights reserved.
5: .\"
6: .\" Redistribution and use in source and binary forms, with or without
7: .\" modification, are permitted provided that the following conditions
8: .\" are met:
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\" 2. Redistributions in binary form must reproduce the above copyright
12: .\" notice, this list of conditions and the following disclaimer in the
13: .\" documentation and/or other materials provided with the distribution.
14: .\" 3. Neither the name of the University nor the names of its contributors
15: .\" may be used to endorse or promote products derived from this software
16: .\" without specific prior written permission.
17: .\"
18: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28: .\" SUCH DAMAGE.
29: .\"
30: .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95
31: .\"
1.134 ! kre 32: .Dd October 30, 2018
1.1 pavel 33: .Dt SYSCTL 7
34: .Os
35: .Sh NAME
36: .Nm sysctl
37: .Nd system information variables
38: .Sh DESCRIPTION
39: The
40: .Xr sysctl 3
41: library function and the
42: .Xr sysctl 8
43: utility are used to get and set values of system variables, maintained
44: by the kernel.
45: The variables are organized in a tree and identified by a sequence of
46: numbers, conventionally separated by dots with the topmost identifier
47: at the left side.
48: The numbers have corresponding text names.
49: The
50: .Xr sysctlnametomib 3
51: function or the
52: .Fl M
53: argument to the
54: .Xr sysctl 8
55: utility can be used to convert the text representation to the
56: numeric one.
57: .Pp
58: The individual sysctl variables are described below, both the textual
59: and numeric form where applicable.
60: The textual names can be used as argument to the
61: .Xr sysctl 8
62: utility and in the file
63: .Pa /etc/sysctl.conf .
64: The numeric names are usually defined as preprocessor constants and
65: are intended for use by programs.
66: Every such constant expands to one integer, which identifies the
67: sysctl variable relative to the upper level of the tree.
68: See the
69: .Xr sysctl 3
70: manual page for programming examples.
1.50 jruoho 71: .Ss Top level names
1.56 uwe 72: The top level names are defined with a
73: .Va CTL_
74: prefix in
1.33 joerg 75: .In sys/sysctl.h ,
1.1 pavel 76: and are as follows.
77: The next and subsequent levels down are found in the include files
78: listed here, and described in separate sections below.
1.56 uwe 79: .Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits"
80: .It Sy Name Ta Sy Constant Ta Sy Next level names Ta Sy Description
81: .It kern Ta Dv CTL_KERN Ta In sys/sysctl.h Ta High kernel limits
82: .It vm Ta Dv CTL_VM Ta In uvm/uvm_param.h Ta Virtual memory
83: .It vfs Ta Dv CTL_VFS Ta In sys/mount.h Ta Filesystem
84: .It net Ta Dv CTL_NET Ta In sys/socket.h Ta Networking
85: .It debug Ta Dv CTL_DEBUG Ta In sys/sysctl.h Ta Debugging
86: .It hw Ta Dv CTL_HW Ta In sys/sysctl.h Ta Generic CPU, I/O
87: .It machdep Ta Dv CTL_MACHDEP Ta In sys/sysctl.h Ta Machine dependent
88: .It user Ta Dv CTL_USER Ta In sys/sysctl.h Ta User-level
89: .It ddb Ta Dv CTL_DDB Ta In sys/sysctl.h Ta In-kernel debugger
90: .It proc Ta Dv CTL_PROC Ta In sys/sysctl.h Ta Per-process
91: .It vendor Ta Dv CTL_VENDOR Ta ? Ta Vendor specific
92: .It emul Ta Dv CTL_EMUL Ta In sys/sysctl.h Ta Emulation settings
93: .It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h Ta Security settings
1.1 pavel 94: .El
1.50 jruoho 95: .Ss The debug.* subtree
1.1 pavel 96: The debugging variables vary from system to system.
97: A debugging variable may be added or deleted without need to recompile
98: .Nm
99: to know about it.
100: Each time it runs,
101: .Nm
102: gets the list of debugging variables from the kernel and
103: displays their current values.
104: The system defines twenty
1.56 uwe 105: .Vt ( struct ctldebug )
1.1 pavel 106: variables named
107: .Dv debug0
108: through
109: .Dv debug19 .
110: They are declared as separate variables so that they can be
111: individually initialized at the location of their associated variable.
112: The loader prevents multiple use of the same variable by issuing errors
113: if a variable is initialized in more than one place.
114: For example, to export the variable
1.56 uwe 115: .Va dospecialcheck
1.1 pavel 116: as a debugging variable, the following declaration would be used:
1.43 jruoho 117: .Pp
1.1 pavel 118: .Bd -literal -offset indent -compact
119: int dospecialcheck = 1;
1.114 wiz 120: struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck };
1.1 pavel 121: .Ed
122: .Pp
123: Note that the dynamic implementation of
124: .Nm
125: currently in use largely makes this particular
126: .Nm
127: interface obsolete.
128: See
129: .Xr sysctl 8
130: .\" and
131: .\" .Xr sysctl 9
132: for more information.
1.50 jruoho 133: .Ss The vfs.* subtree
1.1 pavel 134: A distinguished second level name,
1.91 kamil 135: .Li vfs.generic ( Dv VFS_GENERIC ) ,
1.57 wiz 136: is used to get general information about all file systems.
1.26 elad 137: It has the following third level identifiers:
1.56 uwe 138: .Bl -tag -width "123456"
1.91 kamil 139: .It Li vfs.generic.maxtypenum ( Dv VFS_MAXTYPENUM )
1.57 wiz 140: The highest valid file system type number.
1.91 kamil 141: .It Li vfs.generic.conf ( Dv VFS_CONF )
1.57 wiz 142: Returns configuration information about the file system type given as a fourth
1.26 elad 143: level identifier.
1.91 kamil 144: .It Li vfs.generic.usermount ( Dv VFS_USERMOUNT )
1.68 jym 145: Determines if non superuser mounts are allowed, defaults to
1.59 christos 146: .Dv 0 .
1.91 kamil 147: .It Li vfs.generic.magiclinks ( Dv VFS_MAGICLINKS )
1.59 christos 148: Controls if expansion of variables is going to be performed on pathnames
149: or not.
150: Defaults to no variable expansion,
151: .Dv 0 .
152: Variables are of the form
153: .Li @name
1.60 christos 154: and the variables supported are described in
155: .Xr symlink 7
156: under
157: .Dq "MAGIC SYMLINKS" .
1.26 elad 158: .El
159: .Pp
1.54 christos 160: A second level name for controlling the
161: .Xr wapbl 4
162: (Write Ahead Physical Block Logging file system journalling)
163: capabilities with the following third level identifiers:
1.56 uwe 164: .Bl -tag -width "123456"
165: .It Li vfs.wapbl.flush_disk_cache
1.55 wiz 166: Controls whether to attempt to flush the disk cache on each commit.
1.77 apb 167: It defaults to 1 and it should always be on to ensure integrity
168: of file system metadata in the event of a power loss.
1.54 christos 169: For slow disks, turning it off can improve performance.
1.56 uwe 170: .It Li vfs.wapbl.verbose_commit
1.55 wiz 171: For each transaction log commit, print the number of bytes written
172: and the time it took to commit as seconds.nanoseconds.
1.54 christos 173: .El
174: .Pp
1.57 wiz 175: The remaining second level identifiers are the file system names, identified
1.26 elad 176: by the type number returned by a
1.1 pavel 177: .Xr statvfs 2
178: call or from
1.27 wiz 179: .Li vfs.generic.conf .
1.56 uwe 180: .Pp
1.57 wiz 181: The third level identifiers available for each file system
1.1 pavel 182: are given in the header file that defines the mount
1.57 wiz 183: argument structure for that file system.
1.50 jruoho 184: .Ss The hw.* subtree
1.1 pavel 185: The string and integer information available for the
186: .Li hw
187: level is detailed below.
188: The changeable column shows whether a process with appropriate
189: privilege may change the value.
1.37 jruoho 190: .Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent
1.107 wiz 191: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.1 pavel 192: .It hw.alignbytes integer no
193: .It hw.byteorder integer no
194: .It hw.cnmagic string yes
195: .It hw.disknames string no
196: .It hw.diskstats struct no
197: .It hw.machine string no
198: .It hw.machine_arch string no
199: .It hw.model string no
200: .It hw.ncpu integer no
1.84 njoly 201: .It hw.ncpuonline integer no
1.1 pavel 202: .It hw.pagesize integer no
203: .It hw.physmem integer no
204: .It hw.physmem64 quad no
205: .It hw.usermem integer no
206: .It hw.usermem64 quad no
207: .El
208: .Bl -tag -width "123456"
1.91 kamil 209: .It Li hw.alignbytes ( Dv HW_ALIGNBYTES )
1.1 pavel 210: Alignment constraint for all possible data types.
211: This shows the value
212: .Dv ALIGNBYTES
213: in
1.56 uwe 214: .In machine/param.h ,
1.1 pavel 215: at the kernel compilation time.
1.91 kamil 216: .It Li hw.byteorder ( Dv HW_BYTEORDER )
1.56 uwe 217: The byteorder (4321, or 1234).
1.91 kamil 218: .It Li hw.cnmagic ( Dv HW_CNMAGIC )
1.1 pavel 219: The console magic key sequence.
1.91 kamil 220: .It Li hw.disknames ( Dv HW_DISKNAMES )
1.1 pavel 221: The list of (space separated) disk device names on the system.
1.91 kamil 222: .It Li hw.iostatnames ( Dv HW_IOSTATNAMES )
1.1 pavel 223: A space separated list of devices that will have I/O statistics
224: collected on them.
1.91 kamil 225: .It Li hw.iostats ( Dv HW_IOSTATS )
1.1 pavel 226: Return statistical information on the NFS mounts, disk and tape
227: devices on the system.
228: An array of
1.56 uwe 229: .Vt struct io_sysctl
1.1 pavel 230: structures is returned,
231: whose size depends on the current number of such objects in the system.
232: The third level name is the size of the
1.56 uwe 233: .Vt struct io_sysctl .
1.1 pavel 234: The type of object can be determined by examining the
235: .Va type
236: element of
1.56 uwe 237: .Vt struct io_sysctl .
1.1 pavel 238: Which can be
239: .Dv IOSTAT_DISK
240: (disk drive),
241: .Dv IOSTAT_TAPE
242: (tape drive), or
243: .Dv IOSTAT_NFS
244: (NFS mount).
1.91 kamil 245: .It Li hw.machine ( Dv HW_MACHINE )
1.1 pavel 246: The machine class.
1.91 kamil 247: .It Li hw.machine_arch ( Dv HW_MACHINE_ARCH )
1.1 pavel 248: The machine CPU class.
1.91 kamil 249: .It Li hw.model ( Dv HW_MODEL )
1.1 pavel 250: The machine model.
1.91 kamil 251: .It Li hw.ncpu ( Dv HW_NCPU )
1.84 njoly 252: The number of CPUs configured.
1.91 kamil 253: .It Li hw.ncpuonline ( Dv HW_NCPUONLINE )
1.84 njoly 254: The number of CPUs online.
1.91 kamil 255: .It Li hw.pagesize ( Dv HW_PAGESIZE )
1.1 pavel 256: The software page size.
1.91 kamil 257: .It Li hw.physmem ( Dv HW_PHYSMEM )
1.1 pavel 258: The bytes of physical memory as a 32-bit integer.
1.91 kamil 259: .It Li hw.physmem64 ( Dv HW_PHYSMEM64 )
1.1 pavel 260: The bytes of physical memory as a 64-bit integer.
1.91 kamil 261: .It Li hw.usermem ( Dv HW_USERMEM )
1.1 pavel 262: The bytes of non-kernel memory as a 32-bit integer.
1.91 kamil 263: .It Li hw.usermem64 ( Dv HW_USERMEM64 )
1.1 pavel 264: The bytes of non-kernel memory as a 64-bit integer.
265: .El
1.50 jruoho 266: .Ss The kern.* subtree
1.43 jruoho 267: This subtree includes data generally related to the kernel.
1.1 pavel 268: The string and integer information available for the
269: .Li kern
270: level is detailed below.
271: The changeable column shows whether a process with appropriate
272: privilege may change the value.
1.43 jruoho 273: .Bl -column "kern.posix_reader_writer_locks" \
274: "struct kinfo_drivers" "not applicable"
1.107 wiz 275: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.51 jruoho 276: .It kern.aio_listio_max integer yes
277: .It kern.aio_max integer yes
1.44 jruoho 278: .It kern.arandom integer no
1.1 pavel 279: .It kern.argmax integer no
1.39 jruoho 280: .It kern.boothowto integer no
1.134 ! kre 281: .It kern.boottime struct timespec no
1.85 apb 282: .It kern.buildinfo string no
1.39 jruoho 283: .\".It kern.bufq node not applicable
1.1 pavel 284: .It kern.ccpu integer no
285: .It kern.clockrate struct clockinfo no
286: .It kern.consdev integer no
1.39 jruoho 287: .It kern.coredump node not applicable
1.21 joerg 288: .It kern.cp_id struct no
289: .It kern.cp_time uint64_t[\|] no
1.46 jruoho 290: .It kern.cryptodevallowsoft integer yes
1.1 pavel 291: .It kern.defcorename string yes
1.38 jruoho 292: .It kern.detachall integer yes
1.1 pavel 293: .It kern.domainname string yes
294: .It kern.drivers struct kinfo_drivers no
1.39 jruoho 295: .It kern.dump_on_panic integer yes
1.132 christos 296: .It kern.expose_address integer yes
1.1 pavel 297: .It kern.file struct file no
298: .It kern.forkfsleep integer yes
299: .It kern.fscale integer no
300: .It kern.fsync integer no
1.21 joerg 301: .It kern.hardclock_ticks integer no
1.1 pavel 302: .It kern.hostid integer yes
303: .It kern.hostname string yes
1.21 joerg 304: .It kern.iov_max integer no
1.39 jruoho 305: .It kern.ipc node not applicable
1.21 joerg 306: .It kern.job_control integer no
1.1 pavel 307: .It kern.labeloffset integer no
308: .It kern.labelsector integer no
1.21 joerg 309: .It kern.login_name_max integer no
1.1 pavel 310: .It kern.logsigexit integer yes
1.21 joerg 311: .It kern.mapped_files integer no
1.1 pavel 312: .It kern.maxfiles integer yes
1.70 christos 313: .It kern.maxlwp integer yes
1.1 pavel 314: .It kern.maxpartitions integer no
315: .It kern.maxphys integer no
316: .It kern.maxproc integer yes
317: .It kern.maxptys integer yes
318: .It kern.maxvnodes integer yes
1.116 wiz 319: .It kern.messages integer yes
1.1 pavel 320: .It kern.mbuf node not applicable
321: .It kern.memlock integer no
1.21 joerg 322: .It kern.memlock_range integer no
323: .It kern.memory_protection integer no
1.42 jruoho 324: .It kern.module node not applicable
1.21 joerg 325: .It kern.monotonic_clock integer no
1.49 jruoho 326: .It kern.mqueue node not applicable
1.1 pavel 327: .It kern.msgbuf integer no
328: .It kern.msgbufsize integer no
329: .It kern.ngroups integer no
1.41 jruoho 330: .\".It kern.no_sa_support integer yes
1.1 pavel 331: .It kern.ntptime struct ntptimeval no
332: .It kern.osrelease string no
1.39 jruoho 333: .It kern.osrevision integer no
1.1 pavel 334: .It kern.ostype string no
1.41 jruoho 335: .\".It kern.panic_now integer yes
1.1 pavel 336: .It kern.pipe node not applicable
1.82 joerg 337: .It kern.pool struct pool_sysctl no
1.39 jruoho 338: .\" .It kern.posix node not applicable
339: .It kern.posix1version integer no
1.51 jruoho 340: .It kern.posix_aio integer no
1.21 joerg 341: .It kern.posix_barriers integer no
342: .It kern.posix_reader_writer_locks integer no
1.39 jruoho 343: .\".It kern.posix_sched integer yes
1.21 joerg 344: .It kern.posix_semaphores integer no
345: .It kern.posix_spin_locks integer no
346: .It kern.posix_threads integer no
347: .It kern.posix_timers integer no
1.1 pavel 348: .It kern.proc struct kinfo_proc no
349: .It kern.proc2 struct kinfo_proc2 no
1.21 joerg 350: .It kern.proc_args string no
1.39 jruoho 351: .It kern.profiling node not applicable
1.41 jruoho 352: .\".It kern.pset node not applicable
1.1 pavel 353: .It kern.rawpartition integer no
1.21 joerg 354: .It kern.root_device string no
355: .It kern.root_partition integer no
356: .It kern.rtc_offset integer yes
357: .It kern.saved_ids integer no
1.39 jruoho 358: .It kern.sbmax integer yes
1.108 hubertf 359: .It kern.sched node not applicable
1.1 pavel 360: .It kern.securelevel integer raise only
1.39 jruoho 361: .It kern.somaxkva integer yes
1.21 joerg 362: .It kern.synchronized_io integer no
1.19 christos 363: .It kern.timecounter node not applicable
1.1 pavel 364: .It kern.timex struct no
365: .It kern.tkstat node not applicable
1.66 christos 366: .It kern.tty node not applicable
1.1 pavel 367: .It kern.urandom integer no
1.45 jruoho 368: .It kern.usercrypto integer yes
369: .It kern.userasymcrypto integer yes
1.39 jruoho 370: .It kern.veriexec node not applicable
1.1 pavel 371: .It kern.version string no
372: .It kern.vnode struct vnode no
373: .El
374: .Bl -tag -width "123456"
1.51 jruoho 375: .It Li kern.aio_listio_max
1.119 wiz 376: The maximum number of asynchronous I/O operations in a single list
377: I/O call.
1.51 jruoho 378: Like with all variables related to
379: .Xr aio 3 ,
380: the variable may be created and removed dynamically
381: upon loading or unloading the corresponding kernel module.
382: .It Li kern.aio_max
383: The maximum number of asynchronous I/O operations.
1.44 jruoho 384: .It Li kern.arandom
385: This variable picks a random number each time it is queried.
386: The used random number generator
1.119 wiz 387: .Pf ( RNG )
1.44 jruoho 388: is based on
389: .Xr arc4random 3 .
1.91 kamil 390: .It Li kern.argmax ( Dv KERN_ARGMAX )
1.1 pavel 391: The maximum bytes of argument to
392: .Xr execve 2 .
1.23 apb 393: .It Li kern.boothowto
394: Flags passed from the boot loader; see
395: .Xr reboot 2
396: for the meanings of the flags.
1.91 kamil 397: .It Li kern.boottime ( Dv KERN_BOOTTIME )
1.1 pavel 398: A
1.134 ! kre 399: .Vt struct timespec
1.1 pavel 400: structure is returned.
401: This structure contains the time that the system was booted.
1.134 ! kre 402: That time is defined (for this purpose) to be the time at
! 403: which the kernel first started accumulating clock ticks.
1.104 pgoyette 404: .It Li kern.bufq
405: This variable contains information on the
406: .Xr bufq 9
407: subsystem.
408: Currently, the only third level name implemented is
409: .Dv kern.bufq.strategies
410: which provides a list of buffer queue strategies currently available.
1.85 apb 411: .It Li kern.buildinfo
412: When the kernel is built, the build environment may optionally provide
413: arbitrary information to be stored in this variable.
1.91 kamil 414: .It Li kern.ccpu ( Dv KERN_CCPU )
1.1 pavel 415: The scheduler exponential decay value.
1.91 kamil 416: .It Li kern.clockrate ( Dv KERN_CLOCKRATE )
1.1 pavel 417: A
1.56 uwe 418: .Vt struct clockinfo
1.1 pavel 419: structure is returned.
420: This structure contains the clock, statistics clock and profiling clock
421: frequencies, the number of micro-seconds per hz tick, and the clock
422: skew rate.
1.36 jruoho 423: Refer to
424: .Xr hz 9
425: for additional details.
1.91 kamil 426: .It Li kern.consdev ( Dv KERN_CONSDEV )
1.1 pavel 427: Console device.
1.39 jruoho 428: .It Li kern.coredump
429: Settings related to set-id processes coredumps.
430: By default, set-id processes do not dump core in situations where
431: other processes would.
432: The settings in this node allows an administrator to change this
433: behavior.
434: .Pp
435: The third level name is
436: .Dv kern.coredump.setid
1.40 jruoho 437: and fourth level variables are described below.
438: .Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent
1.107 wiz 439: .It Sy Fourth level name Ta Sy Type Ta Sy Changeable
1.40 jruoho 440: .It kern.coredump.setid.dump integer yes
441: .It kern.coredump.setid.group integer yes
442: .It kern.coredump.setid.mode integer yes
443: .It kern.coredump.setid.owner integer yes
444: .It kern.coredump.setid.path string yes
445: .El
1.39 jruoho 446: .Bl -tag -width "123456"
447: .It Li kern.coredump.setid.dump
448: If non-zero, set-id processes will dump core.
449: .It Li kern.coredump.setid.group
450: The group-id for the set-id processes' coredump.
451: .It Li kern.coredump.setid.mode
452: The mode for the set-id processes' coredump.
453: See
454: .Xr chmod 1 .
455: .It Li kern.coredump.setid.owner
456: The user-id that will be used as the owner of the set-id processes'
457: coredump.
458: .It Li kern.coredump.setid.path
459: The path to which set-id processes' coredumps will be saved to.
460: Same syntax as kern.defcorename.
461: .El
1.91 kamil 462: .It Li kern.cp_id ( Dv KERN_CP_ID )
1.1 pavel 463: Mapping of CPU number to CPU id.
1.91 kamil 464: .It Li kern.cp_time ( Dv KERN_CP_TIME )
1.56 uwe 465: Returns an array of
466: .Dv CPUSTATES
1.101 wiz 467: .Vt uint64_t Ns s .
1.1 pavel 468: This array contains the
469: number of clock ticks spent in different CPU states.
470: On multi-processor systems, the sum across all CPUs is returned unless
471: appropriate space is given for one data set for each CPU.
472: Data for a specific CPU can also be obtained by adding the number of the
473: CPU at the end of the MIB, enlarging it by one.
1.46 jruoho 474: .It Li kern.cryptodevallowsoft
475: This variable controls userland access to hardware versus software transforms
476: in the
477: .Xr crypto 4
478: system.
479: The available values are as follows:
1.47 wiz 480: .Bl -tag -width XX0 -offset indent
1.114 wiz 481: .It Dv < 0
1.46 jruoho 482: Always force userlevel requests to use software transforms.
483: .It Dv = 0
484: If present, use hardware and grant userlevel requests for
485: non-accelerated transforms (handling the latter in software).
1.114 wiz 486: .It Dv > 0
1.46 jruoho 487: Allow user requests only for transforms which are hardware-accelerated.
488: .El
1.91 kamil 489: .It Li kern.defcorename ( Dv KERN_DEFCORENAME )
1.1 pavel 490: Default template for the name of core dump files (see also
491: .Li proc.pid.corename
492: in the per-process variables
493: .Li proc.* ,
494: and
495: .Xr core 5
496: for format of this template).
497: The default value is
1.56 uwe 498: .Pa %n.core
1.1 pavel 499: and can be changed with the kernel configuration option
500: .Cd options DEFCORENAME
501: (see
502: .Xr options 4
503: ).
1.38 jruoho 504: .It Li kern.detachall
505: Detach all devices at shutdown.
1.91 kamil 506: .It Li kern.domainname ( Dv KERN_DOMAINNAME )
1.1 pavel 507: Get or set the YP domain name.
1.91 kamil 508: .It Li kern.drivers ( Dv KERN_DRIVERS )
1.1 pavel 509: Return an array of
1.56 uwe 510: .Vt struct kinfo_drivers
1.1 pavel 511: that contains the name and major device numbers of all the device drivers
512: in the current kernel.
513: The
514: .Va d_name
515: field is always a NUL terminated string.
516: The
517: .Va d_bmajor
518: field will be set to \-1 if the driver doesn't have a block device.
1.132 christos 519: .It Li kern.expose_address
520: Expose kernel addresses in
521: .Xr sysctl 3
522: calls used by
523: .Xr fstat 1
524: and
525: .Xr sockstat 1 .
526: Defaults to
527: .Dv 0 .
528: Turning it on renders KASLR ineffective.
1.91 kamil 529: .It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC )
1.41 jruoho 530: Perform a crash dump on system
531: .Xr panic 9 .
1.91 kamil 532: .It Li kern.file ( Dv KERN_FILE )
1.1 pavel 533: Return the entire file table.
534: The returned data consists of a single
1.56 uwe 535: .Vt struct filelist
1.1 pavel 536: followed by an array of
1.56 uwe 537: .Vt struct file ,
1.1 pavel 538: whose size depends on the current number of such objects in the system.
1.91 kamil 539: .It Li kern.forkfsleep ( Dv KERN_FORKFSLEEP )
1.1 pavel 540: If
541: .Xr fork 2
542: system call fails due to limit on number of processes (either
543: the global maxproc limit or user's one), wait for this many
544: milliseconds before returning
545: .Er EAGAIN
546: error to process.
547: Useful to keep heavily forking runaway processes in bay.
548: Default zero (no sleep).
549: Maximum is 20 seconds.
1.91 kamil 550: .It Li kern.fscale ( Dv KERN_FSCALE )
1.1 pavel 551: The kernel fixed-point scale factor.
1.91 kamil 552: .It Li kern.fsync ( Dv KERN_FSYNC )
1.58 wiz 553: Return 1 if the
554: .St -p1003.1b-93
555: File Synchronization Option is available
1.1 pavel 556: on this system,
1.56 uwe 557: otherwise\ 0.
1.91 kamil 558: .It Li kern.hardclock_ticks ( Dv KERN_HARDCLOCK_TICKS )
1.1 pavel 559: Returns the number of
560: .Xr hardclock 9
561: ticks.
1.105 pgoyette 562: .It Li kern.hist
563: This variable contains kernel history data if the kernel was
564: configured for any of the options
565: .Dv UVHMIST ,
566: .Dv USB_DEBUG ,
567: .Dv BIOHIST ,
568: or
569: .Dv SCDEBUG .
570: (See
571: .Xr options 4
572: for more details.)
573: The third-level names correspond to each available history table.
574: The values of the history tables are in an internal format, and can be
575: decoded by the
576: .Xr vmstat 1
577: utility's
1.106 wiz 578: .Fl U
1.105 pgoyette 579: and
1.106 wiz 580: .Fl u
1.105 pgoyette 581: options;
1.106 wiz 582: the
583: .Fl l
584: option can be used to see which tables are available.
1.91 kamil 585: .It Li kern.hostid ( Dv KERN_HOSTID )
1.39 jruoho 586: Get or set the host identifier.
587: This is aimed to replace the legacy
588: .Xr gethostid 3
589: and
590: .Xr sethostid 3
591: system calls.
1.91 kamil 592: .It Li kern.hostname ( Dv KERN_HOSTNAME )
1.39 jruoho 593: Get or set the
594: .Xr hostname 1 .
1.91 kamil 595: .It Li kern.iov_max ( Dv KERN_IOV_MAX )
1.1 pavel 596: Return the maximum number of
1.56 uwe 597: .Vt iovec
1.1 pavel 598: structures that a process has available for use with
599: .Xr preadv 2 ,
600: .Xr pwritev 2 ,
601: .Xr readv 2 ,
602: .Xr recvmsg 2 ,
603: .Xr sendmsg 2
604: and
605: .Xr writev 2 .
1.91 kamil 606: .It Li kern.ipc ( Dv KERN_SYSVIPC )
1.39 jruoho 607: Return information about the SysV IPC parameters.
608: The third level names for the ipc variables are detailed below.
609: .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent
1.107 wiz 610: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.39 jruoho 611: .It kern.ipc.sysvmsg integer no
612: .It kern.ipc.sysvsem integer no
613: .It kern.ipc.sysvshm integer no
614: .It kern.ipc.sysvipc_info struct no
615: .It kern.ipc.shmmax integer yes
616: .It kern.ipc.shmmni integer yes
617: .It kern.ipc.shmseg integer yes
618: .It kern.ipc.shmmaxpgs integer yes
619: .It kern.ipc.shm_use_phys integer yes
620: .It kern.ipc.msgmni integer yes
621: .It kern.ipc.msgseg integer yes
622: .It kern.ipc.semmni integer yes
623: .It kern.ipc.semmns integer yes
624: .It kern.ipc.semmnu integer yes
625: .El
626: .Bl -tag -width "123456"
1.91 kamil 627: .It Li kern.ipc.sysvmsg ( Dv KERN_SYSVIPC_MSG )
1.39 jruoho 628: Returns 1 if System V style message queue functionality is available
629: on this system,
1.56 uwe 630: otherwise\ 0.
1.91 kamil 631: .It Li kern.ipc.sysvsem ( Dv KERN_SYSVIPC_SEM )
1.39 jruoho 632: Returns 1 if System V style semaphore functionality is available
633: on this system,
1.56 uwe 634: otherwise\ 0.
1.91 kamil 635: .It Li kern.ipc.sysvshm ( Dv KERN_SYSVIPC_SHM )
1.39 jruoho 636: Returns 1 if System V style share memory functionality is available
637: on this system,
1.56 uwe 638: otherwise\ 0.
1.91 kamil 639: .It Li kern.ipc.sysvipc_info ( Dv KERN_SYSVIPC_INFO )
1.39 jruoho 640: Return System V style IPC configuration and run-time information.
641: The fourth level name selects the System V style IPC facility.
642: .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent
1.107 wiz 643: .It Sy Fourth level name Ta Sy Type
1.39 jruoho 644: .It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info
645: .It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info
646: .It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info
647: .El
648: .Bl -tag -width "123456"
649: .It Li KERN_SYSVIPC_MSG_INFO
650: Return information on the System V style message facility.
651: The
652: .Sy msg_sysctl_info
653: structure is defined in
654: .In sys/msg.h .
655: .It Li KERN_SYSVIPC_SEM_INFO
656: Return information on the System V style semaphore facility.
657: The
658: .Sy sem_sysctl_info
659: structure is defined in
660: .In sys/sem.h .
661: .It Li KERN_SYSVIPC_SHM_INFO
662: Return information on the System V style shared memory facility.
663: The
664: .Sy shm_sysctl_info
665: structure is defined in
666: .In sys/shm.h .
667: .El
1.91 kamil 668: .It Li kern.ipc.shmmax ( Dv KERN_SYSVIPC_SHMMAX )
1.39 jruoho 669: Max shared memory segment size in bytes.
1.91 kamil 670: .It Li kern.ipc.shmmni ( Dv KERN_SYSVIPC_SHMMNI )
1.39 jruoho 671: Max number of shared memory identifiers.
1.91 kamil 672: .It Li kern.ipc.shmseg ( Dv KERN_SYSVIPC_SHMSEG )
1.39 jruoho 673: Max shared memory segments per process.
1.91 kamil 674: .It Li kern.ipc.shmmaxpgs ( Dv KERN_SYSVIPC_SHMMAXPGS )
1.39 jruoho 675: Max amount of shared memory in pages.
1.91 kamil 676: .It Li kern.ipc.shm_use_phys ( Dv KERN_SYSVIPC_SHMUSEPHYS )
1.39 jruoho 677: Locking of shared memory in physical memory.
678: If 0, memory can be swapped
679: out, otherwise it will be locked in physical memory.
680: .It Li kern.ipc.msgmni
681: Max number of message queue identifiers.
682: .It Li kern.ipc.msgseg
683: Max number of number of message segments.
684: .It Li kern.ipc.semmni
685: Max number of number of semaphore identifiers.
686: .It Li kern.ipc.semmns
687: Max number of number of semaphores in system.
688: .It Li kern.ipc.semmnu
689: Max number of undo structures in system.
690: .El
1.91 kamil 691: .It Li kern.job_control ( Dv KERN_JOB_CONTROL )
1.56 uwe 692: Return 1 if job control is available on this system, otherwise\ 0.
1.91 kamil 693: .It Li kern.labeloffset ( Dv KERN_LABELOFFSET )
1.56 uwe 694: The offset within the sector specified by
695: .Dv KERN_LABELSECTOR
696: of the
1.1 pavel 697: .Xr disklabel 5 .
1.91 kamil 698: .It Li kern.labelsector ( Dv KERN_LABELSECTOR )
1.1 pavel 699: The sector number containing the
700: .Xr disklabel 5 .
1.91 kamil 701: .It Li kern.login_name_max ( Dv KERN_LOGIN_NAME_MAX )
1.1 pavel 702: The size of the storage required for a login name, in bytes,
703: including the terminating NUL.
1.91 kamil 704: .It Li kern.logsigexit ( Dv KERN_LOGSIGEXIT )
1.1 pavel 705: If this flag is non-zero, the kernel will
706: .Xr log 9
707: all process exits due to signals which create a
708: .Xr core 5
709: file, and whether the coredump was created.
1.91 kamil 710: .It Li kern.mapped_files ( Dv KERN_MAPPED_FILES )
1.58 wiz 711: Returns 1 if the
712: .St -p1003.1b-93
713: Memory Mapped Files Option is available on this system,
1.56 uwe 714: otherwise\ 0.
1.91 kamil 715: .It Li kern.maxfiles ( Dv KERN_MAXFILES )
1.1 pavel 716: The maximum number of open files that may be open in the system.
1.91 kamil 717: .It Li kern.maxpartitions ( Dv KERN_MAXPARTITIONS )
1.1 pavel 718: The maximum number of partitions allowed per disk.
1.71 wiz 719: .It Li kern.maxlwp
1.70 christos 720: The maximum number of Lightweight Processes (threads) the system allows
721: per uid.
1.91 kamil 722: .It Li kern.maxphys ( Dv KERN_MAXPHYS )
1.1 pavel 723: Maximum raw I/O transfer size.
1.91 kamil 724: .It Li kern.maxproc ( Dv KERN_MAXPROC )
1.1 pavel 725: The maximum number of simultaneous processes the system will allow.
1.91 kamil 726: .It Li kern.maxptys ( Dv KERN_MAXPTYS )
1.1 pavel 727: The maximum number of pseudo terminals.
728: This value can be both raised and lowered, though it cannot
729: be set lower than number of currently used ptys.
730: See also
731: .Xr pty 4 .
1.91 kamil 732: .It Li kern.maxvnodes ( Dv KERN_MAXVNODES )
1.1 pavel 733: The maximum number of vnodes available on the system.
734: This can only be raised.
1.91 kamil 735: .It Li kern.mbuf ( Dv KERN_MBUF )
1.1 pavel 736: Return information about the mbuf control variables.
737: Mbufs are data structures which store network packets and other data
738: structures in the networking code, see
739: .Xr mbuf 9 .
740: The third level names for the mbuf variables are detailed below.
741: The changeable column shows whether a process with appropriate
742: privilege may change the value.
1.21 joerg 743: .Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent
1.107 wiz 744: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.1 pavel 745: .\" XXX Changeable? really?
746: .It kern.mbuf.mblowat integer yes
747: .It kern.mbuf.mclbytes integer yes
748: .It kern.mbuf.mcllowat integer yes
749: .It kern.mbuf.msize integer yes
750: .It kern.mbuf.nmbclusters integer yes
751: .El
752: .Pp
753: The variables are as follows:
754: .Bl -tag -width "123456"
1.91 kamil 755: .It Li kern.mbuf.mblowat ( Dv MBUF_MBLOWAT )
1.1 pavel 756: The mbuf low water mark.
1.91 kamil 757: .It Li kern.mbuf.mclbytes ( Dv MBUF_MCLBYTES )
1.1 pavel 758: The mbuf cluster size.
1.91 kamil 759: .It Li kern.mbuf.mcllowat ( Dv MBUF_MCLLOWAT )
1.1 pavel 760: The mbuf cluster low water mark.
1.91 kamil 761: .It Li kern.mbuf.msize ( Dv MBUF_MSIZE )
1.1 pavel 762: The mbuf base size.
1.91 kamil 763: .It Li kern.mbuf.nmbclusters ( Dv MBUF_NMBCLUSTERS )
1.1 pavel 764: The limit on the number of mbuf clusters.
765: The variable can only be increased, and only increased on machines with
766: direct-mapped pool pages.
767: .El
1.91 kamil 768: .It Li kern.memlock ( Dv KERN_MEMLOCK )
1.58 wiz 769: Returns 1 if the
770: .St -p1003.1b-93
771: Process Memory Locking Option is available on this system,
1.56 uwe 772: otherwise\ 0.
1.91 kamil 773: .It Li kern.memlock_range ( Dv KERN_MEMLOCK_RANGE )
1.58 wiz 774: Returns 1 if the
775: .St -p1003.1b-93
776: Range Memory Locking Option is available on this system,
1.56 uwe 777: otherwise\ 0.
1.91 kamil 778: .It Li kern.memory_protection ( Dv KERN_MEMORY_PROTECTION )
1.58 wiz 779: Returns 1 if the
780: .St -p1003.1b-93
781: Memory Protection Option is available on this system,
1.56 uwe 782: otherwise\ 0.
1.102 pgoyette 783: .It Li kern.messages
784: Kernel console message verbosity.
785: See
1.116 wiz 786: .Aq Pa sys/reboot.h
1.102 pgoyette 787: .Bl -column "verbosity" "setting" -offset indent
1.116 wiz 788: .It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent
789: .It 0 Ta Silent Ta Sy AB_SILENT
790: .It 1 Ta Quiet Ta Sy AB_QUIET
791: .It 2 Ta Normal Ta Sy AB_NORMAL
792: .It 3 Ta Verbose Ta Sy AB_VERBOSE
793: .It 4 Ta Debug Ta Sy AB_DEBUG
1.102 pgoyette 794: .El
1.42 jruoho 795: .It Li kern.module
796: Settings related to kernel modules.
797: The third level names for the settings are described below.
798: .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent
1.107 wiz 799: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.42 jruoho 800: .It kern.module.autoload integer yes
1.78 pgoyette 801: .It kern.module.autotime integer yes
1.121 pgoyette 802: .It kern.module.verbose boolean yes
1.42 jruoho 803: .El
804: .Pp
805: The variables are as follows:
806: .Bl -tag -width "123456"
807: .It Li kern.module.autoload
808: A boolean that controls whether kernel modules are loaded automatically.
1.52 jruoho 809: See
1.53 jruoho 810: .Xr module 7
1.42 jruoho 811: for additional details.
1.78 pgoyette 812: .It Li kern.module.autotime
813: An integer that controls the delay before an attempt is made to
1.79 wiz 814: automatically unload a module that was auto-loaded.
815: Setting this value to zero disables the auto-unload function.
1.42 jruoho 816: .It Li kern.module.verbose
817: A boolean that enables or disables verbose
818: debug messages related to kernel modules.
819: .El
1.91 kamil 820: .It Li kern.monotonic_clock ( Dv KERN_MONOTONIC_CLOCK )
1.58 wiz 821: Returns the standard version the implementation of the
822: .St -p1003.1b-93
1.49 jruoho 823: Monotonic Clock Option conforms to,
1.56 uwe 824: otherwise\ 0.
1.48 jruoho 825: .It Li kern.mqueue
1.119 wiz 826: Settings related to POSIX message queues; see
1.48 jruoho 827: .Xr mqueue 3 .
828: This node is created dynamically when
829: the corresponding kernel module is loaded.
830: The third level names for the settings are described below.
831: .Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent
1.107 wiz 832: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.48 jruoho 833: .It kern.mqueue.mq_open_max integer yes
834: .It kern.mqueue.mq_prio_max integer yes
835: .It kern.mqueue.mq_max_msgsize integer yes
836: .It kern.mqueue.mq_def_maxmsg integer yes
837: .It kern.mqueue.mq_max_maxmsg integer yes
838: .El
839: .Pp
840: The variables are:
841: .Bl -tag -width "123456"
842: .It Li kern.mqueue.mq_open_max
843: The maximum number of message queue descriptors any single process can open.
844: .It Li kern.mqueue.mq_prio_max
845: The maximum priority of a message.
846: .It Li kern.mqueue.mq_max_msgsize
847: The maximum size of a message in a message queue.
848: .It Li kern.mqueue.mq_def_maxmsg
849: The default maximum message count.
850: .It Li kern.mqueue.mq_max_maxmsg
851: The maximum number of messages in a message queue.
852: .El
1.91 kamil 853: .It Li kern.msgbuf ( Dv KERN_MSGBUF )
1.1 pavel 854: The kernel message buffer, rotated so that the head of the circular kernel
855: message buffer is at the start of the returned data.
856: The returned data may contain NUL bytes.
1.91 kamil 857: .It Li kern.msgbufsize ( Dv KERN_MSGBUFSIZE )
1.1 pavel 858: The maximum number of characters that the kernel message buffer can hold.
1.91 kamil 859: .It Li kern.ngroups ( Dv KERN_NGROUPS )
1.1 pavel 860: The maximum number of supplemental groups.
1.41 jruoho 861: .\" .It Li kern.no_sa_support
862: .\" XXX: Undocumented.
1.91 kamil 863: .It Li kern.ntptime ( Dv KERN_NTPTIME )
1.1 pavel 864: A
1.56 uwe 865: .Vt struct ntptimeval
1.1 pavel 866: structure is returned.
867: This structure contains data used by the
868: .Xr ntpd 8
869: program.
1.91 kamil 870: .It Li kern.osrelease ( Dv KERN_OSRELEASE )
1.1 pavel 871: The system release string.
1.91 kamil 872: .It Li kern.osrevision ( Dv KERN_OSREV )
1.1 pavel 873: The system revision string.
1.91 kamil 874: .It Li kern.ostype ( Dv KERN_OSTYPE )
1.1 pavel 875: The system type string.
1.41 jruoho 876: .\".It Li kern.panic_now
877: .\" XXX: Undocumented.
1.91 kamil 878: .It Li kern.pipe ( Dv KERN_PIPE )
1.1 pavel 879: Pipe settings.
880: The third level names for the integer pipe settings is detailed below.
881: The changeable column shows whether a process with appropriate
882: privilege may change the value.
1.21 joerg 883: .Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent
1.107 wiz 884: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.1 pavel 885: .It kern.pipe.kvasiz integer yes
886: .It kern.pipe.maxbigpipes integer yes
887: .It kern.pipe.maxkvasz integer yes
888: .It kern.pipe.limitkva integer yes
889: .It kern.pipe.nbigpipes integer yes
890: .El
891: .Pp
892: The variables are as follows:
893: .Bl -tag -width "123456"
1.91 kamil 894: .It Li kern.pipe.kvasiz ( Dv KERN_PIPE_KVASIZ )
1.1 pavel 895: Amount of kernel memory consumed by pipe buffers.
1.91 kamil 896: .It Li kern.pipe.maxbigpipes ( Dv KERN_PIPE_MAXBIGPIPES )
1.56 uwe 897: Maximum number of
898: .Dq big
899: pipes.
1.91 kamil 900: .It Li kern.pipe.maxkvasz ( Dv KERN_PIPE_MAXKVASZ )
1.1 pavel 901: Maximum amount of kernel memory to be used for pipes.
1.91 kamil 902: .It Li kern.pipe.limitkva ( Dv KERN_PIPE_LIMITKVA )
1.1 pavel 903: Limit for direct transfers via page loan.
1.91 kamil 904: .It Li kern.pipe.nbigpipes ( Dv KERN_PIPE_NBIGPIPES )
1.56 uwe 905: Number of
906: .Dq big
907: pipes.
1.1 pavel 908: .El
1.82 joerg 909: .It Li kern.pool
910: Provides statistics about the
1.83 wiz 911: .Xr pool 9
1.82 joerg 912: and
913: .Xr pool_cache 9
914: subsystems.
1.39 jruoho 915: .\" XXX: Undocumented .It Li kern.posix ( ? )
916: .\" This is a node in which the only variable is semmax.
1.91 kamil 917: .It Li kern.posix1version ( Dv KERN_POSIX1 )
1.58 wiz 918: The version of ISO/IEC 9945
919: .Pq St -p1003.1
920: with which the system attempts to comply.
1.51 jruoho 921: .It Li kern.posix_aio
922: The version of
923: .St -p1003.1
924: and its Asynchronous I/O option to which the system attempts to conform.
1.91 kamil 925: .It Li kern.posix_barriers ( Dv KERN_POSIX_BARRIERS )
1.1 pavel 926: The version of
927: .St -p1003.1
928: and its
929: Barriers
930: option to which the system attempts to conform,
1.56 uwe 931: otherwise\ 0.
1.91 kamil 932: .It Li kern.posix_reader_writer_locks ( Dv KERN_POSIX_READER_WRITER_LOCKS )
1.1 pavel 933: The version of
934: .St -p1003.1
935: and its
936: Read-Write Locks
937: option to which the system attempts to conform,
1.56 uwe 938: otherwise\ 0.
1.41 jruoho 939: .\".It Li kern.posix_sched
940: .\" XXX: Undocumented.
1.91 kamil 941: .It Li kern.posix_semaphores ( Dv KERN_POSIX_SEMAPHORES )
1.1 pavel 942: The version of
943: .St -p1003.1
944: and its
945: Semaphores
946: option to which the system attempts to conform,
1.56 uwe 947: otherwise\ 0.
1.91 kamil 948: .It Li kern.posix_spin_locks ( Dv KERN_POSIX_SPIN_LOCKS )
1.1 pavel 949: The version of
950: .St -p1003.1
951: and its
952: Spin Locks
953: option to which the system attempts to conform,
1.56 uwe 954: otherwise\ 0.
1.91 kamil 955: .It Li kern.posix_threads ( Dv KERN_POSIX_THREADS )
1.1 pavel 956: The version of
957: .St -p1003.1
958: and its
959: Threads
960: option to which the system attempts to conform,
1.56 uwe 961: otherwise\ 0.
1.91 kamil 962: .It Li kern.posix_timers ( Dv KERN_POSIX_TIMERS )
1.1 pavel 963: The version of
964: .St -p1003.1
965: and its
966: Timers
967: option to which the system attempts to conform,
1.56 uwe 968: otherwise\ 0.
1.91 kamil 969: .It Li kern.proc ( Dv KERN_PROC )
1.1 pavel 970: Return the entire process table, or a subset of it.
971: An array of
1.56 uwe 972: .Vt struct kinfo_proc
1.1 pavel 973: structures is returned,
974: whose size depends on the current number of such objects in the system.
975: The third and fourth level numeric names are as follows:
1.21 joerg 976: .Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent
1.111 pgoyette 977: .It Sy Third level name Ta Sy Fourth level is :
1.21 joerg 978: .It KERN_PROC_ALL None
979: .It KERN_PROC_GID A group ID
980: .It KERN_PROC_PID A process ID
981: .It KERN_PROC_PGRP A process group
982: .It KERN_PROC_RGID A real group ID
983: .It KERN_PROC_RUID A real user ID
984: .It KERN_PROC_SESSION A session ID
985: .It KERN_PROC_TTY A tty device
986: .It KERN_PROC_UID A user ID
1.1 pavel 987: .El
1.91 kamil 988: .It Li kern.proc2 ( Dv KERN_PROC2 )
1.56 uwe 989: As for
990: .Dv KERN_PROC ,
991: but an array of
992: .Vt struct kinfo_proc2
1.1 pavel 993: structures are returned.
994: The fifth level name is the size of the
1.56 uwe 995: .Vt struct kinfo_proc2
1.1 pavel 996: and the sixth level name is the number of structures to return.
1.91 kamil 997: .It Li kern.proc_args ( Dv KERN_PROC_ARGS )
1.1 pavel 998: Return the argv or environment strings (or the number thereof)
999: of a process.
1000: Multiple strings are returned separated by NUL characters.
1001: The third level name is the process ID.
1002: The fourth level name is as follows:
1.93 christos 1003: .Bl -column "KERN_PROG_PATHNAME" "The full pathname of the executable" -offset indent
1.92 wiz 1004: .It Dv KERN_PROC_ARGV The argv strings
1005: .It Dv KERN_PROC_ENV The environ strings
1006: .It Dv KERN_PROC_NARGV The number of argv strings
1007: .It Dv KERN_PROC_NENV The number of environ strings
1.93 christos 1008: .It Dv KERN_PROC_PATHNAME The full pathname of the executable
1.1 pavel 1009: .El
1.91 kamil 1010: .It Li kern.profiling ( Dv KERN_PROF )
1.1 pavel 1011: Return profiling information about the kernel.
1012: If the kernel is not compiled for profiling,
1.56 uwe 1013: attempts to retrieve any of the
1014: .Dv KERN_PROF
1015: values will fail with
1.1 pavel 1016: .Er EOPNOTSUPP .
1017: The third level names for the string and integer profiling information
1018: is detailed below.
1019: The changeable column shows whether a process with appropriate
1020: privilege may change the value.
1.21 joerg 1021: .Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent
1.107 wiz 1022: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.1 pavel 1023: .It kern.profiling.count u_short[\|] yes
1024: .It kern.profiling.froms u_short[\|] yes
1025: .It kern.profiling.gmonparam struct gmonparam no
1026: .It kern.profiling.state integer yes
1027: .It kern.profiling.tos struct tostruct yes
1028: .El
1029: .Pp
1030: The variables are as follows:
1031: .Bl -tag -width "123456"
1.91 kamil 1032: .It Li kern.profiling.count ( Dv GPROF_COUNT )
1.1 pavel 1033: Array of statistical program counter counts.
1.91 kamil 1034: .It Li kern.profiling.froms ( Dv GPROF_FROMS )
1.1 pavel 1035: Array indexed by program counter of call-from points.
1.91 kamil 1036: .It Li kern.profiling.gmonparams ( Dv GPROF_GMONPARAM )
1.1 pavel 1037: Structure giving the sizes of the above arrays.
1.91 kamil 1038: .It Li kern.profiling.state ( Dv GPROF_STATE )
1.1 pavel 1039: Profiling state.
1.56 uwe 1040: If set to
1041: .Dv GMON_PROF_ON ,
1042: starts profiling.
1043: If set to
1044: .Dv GMON_PROF_OFF ,
1045: stops profiling.
1.91 kamil 1046: .It Li kern.profiling.tos ( Dv GPROF_TOS )
1.1 pavel 1047: Array of
1.56 uwe 1048: .Vt struct tostruct
1.1 pavel 1049: describing destination of calls and their counts.
1050: .El
1.41 jruoho 1051: .\" .It Li kern.pset
1052: .\" XXX: Undocumented.
1.91 kamil 1053: .It Li kern.rawpartition ( Dv KERN_RAWPARTITION )
1.1 pavel 1054: The raw partition of a disk (a == 0).
1.91 kamil 1055: .It Li kern.root_device ( Dv KERN_ROOT_DEVICE )
1.1 pavel 1056: The name of the root device (e.g.,
1057: .Dq wd0 ) .
1.91 kamil 1058: .It Li kern.root_partition ( Dv KERN_ROOT_PARTITION )
1.1 pavel 1059: The root partition on the root device (a == 0).
1.91 kamil 1060: .It Li kern.rtc_offset ( Dv KERN_RTC_OFFSET )
1.1 pavel 1061: Return the offset of real time clock from UTC in minutes.
1.91 kamil 1062: .It Li kern.saved_ids ( Dv KERN_SAVED_IDS )
1.1 pavel 1063: Returns 1 if saved set-group and saved set-user ID is available.
1.91 kamil 1064: .It Li kern.sbmax ( Dv KERN_SBMAX )
1.1 pavel 1065: Maximum socket buffer size.
1066: .\" XXX units?
1.91 kamil 1067: .It Li kern.securelevel ( Dv KERN_SECURELVL )
1.25 elad 1068: See
1069: .Xr secmodel_securelevel 9 .
1.108 hubertf 1070: .It Li kern.sched ( dynamic )
1071: Influence the scheduling of LWPs, their priorisation and how they are
1072: distributed on and moved between CPUs.
1073: .Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent
1074: .It Sy Third level name Sy Type Sy Changeable
1075: .It kern.sched.cacheht_time integer yes
1076: .It kern.sched.balance_period integer yes
1077: .It kern.sched.average_weight integer yes
1078: .It kern.sched.min_catch integer yes
1079: .It kern.sched.timesoftints integer yes
1080: .It kern.sched.kpreempt_pri integer yes
1081: .It kern.sched.upreempt_pri integer yes
1082: .It kern.sched.maxts integer yes
1.109 wiz 1083: .It kern.sched.mints integer yes
1084: .It kern.sched.name string no
1.108 hubertf 1085: .It kern.sched.rtts integer no
1086: .It kern.sched.pri_min integer no
1087: .It kern.sched.pri_max integer no
1088: .El
1089: .Pp
1090: The variables are as follows:
1091: .Bl -tag -width "123456"
1092: .It Li kern.sched.cacheht_time ( dynamic )
1093: Cache hotness time in which a LWP is kept on one particular CPU
1.109 wiz 1094: and not moved to another CPU.
1095: This reduces the overhead of flushing and reloading caches.
1.108 hubertf 1096: Defaults to 3ms.
1.109 wiz 1097: Needs to be given in
1.108 hubertf 1098: .Dq hz
1099: units, see
1100: .Xr mstohz 9 .
1101: .It Li kern.sched.balance_period ( dynamic )
1102: Interval at which the CPU queues are checked for re-balancing.
1103: Defaults to 300ms.
1.109 wiz 1104: Needs to be given in
1.108 hubertf 1105: .Dq hz
1106: units, see
1107: .Xr mstohz 9 .
1108: .It Li kern.sched.average_weight ( dynamic )
1109: Can be used to influence how likely LWPs are to be migrated from
1.109 wiz 1110: one CPU's queue of LWPs that are ready to run to a different, idle CPU.
1.108 hubertf 1111: The value gives the percentage for weighting the average count of
1112: migratable threads from the past against the current number of
1.109 wiz 1113: migratable threads.
1114: A small value gives more weight to the past, a larger values more weight
1.108 hubertf 1115: on the current situation.
1.109 wiz 1116: Defaults to 50 and must be between 0 and 100.
1.108 hubertf 1117: .It Li kern.sched.min_catch ( dynamic )
1118: Minimum count of migratable (runable) threads for catching (stealing)
1119: from another CPU.
1120: Defaults to 1 but can be increased to decrease chance of thread
1.109 wiz 1121: migration between CPUs.
1.108 hubertf 1122: .It Li kern.sched.timesoftints ( dynamic )
1123: Enable tracking of CPU time for soft interrupts
1124: as part of a LWP's real execution time.
1125: Set to a non-zero value to enable,
1126: and see
1127: .Xr ps 1
1128: for printing CPU times.
1129: .It Li kern.sched.kpreempt_pri ( dynamic )
1130: Minimum priority to trigger kernel preemption.
1131: .It Li kern.sched.upreempt_pri ( dynamic )
1132: Minimum priority to trigger user preemption.
1133: .It Li kern.sched.maxts ( dynamic )
1134: Scheduler specific maximal time quantum (in milliseconds).
1135: Must be set to a value larger than
1136: .Dq mints
1137: and between 10 and
1.109 wiz 1138: .Dq hz
1.108 hubertf 1139: as given by the
1140: .Dv kern.clockrate
1141: sysctl.
1142: Provided by the M2 scheduler.
1143: .It Li kern.sched.mints ( dynamic )
1144: Scheduler specific minimal time quantum (in milliseconds).
1145: Must be set to a value smaller than
1146: .Dq maxts
1147: and between 1 and
1.109 wiz 1148: .Dq hz
1.108 hubertf 1149: as given by the
1150: .Dq kern.clockrate
1151: sysctl.
1152: Provided by the M2 scheduler.
1153: .It Li kern.sched.name ( dynamic )
1.109 wiz 1154: Scheduler name.
1.108 hubertf 1155: Provided both by the M2 and the 4BSD scheduler.
1156: .It Li kern.sched.rtts ( dynamic )
1157: Fixed scheduler specific round-robin time quantum in milliseconds.
1158: Provided both by the M2 and the 4BSD scheduler.
1159: .It Li kern.sched.pri_min ( dynamic )
1160: Minimal POSIX real-time priority.
1161: See
1162: .Xr sched 3 .
1163: .It Li kern.sched.pri_max ( dynamic )
1164: Maximal POSIX real-time priority.
1165: See
1166: .Xr sched 3 .
1167: .El
1.91 kamil 1168: .It Li kern.somaxkva ( Dv KERN_SOMAXKVA )
1.1 pavel 1169: Maximum amount of kernel memory to be used for socket buffers.
1170: .\" XXX units?
1.91 kamil 1171: .It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO )
1.58 wiz 1172: Returns 1 if the
1173: .St -p1003.1b-93
1174: Synchronized I/O Option is available on this system,
1.56 uwe 1175: otherwise\ 0.
1.19 christos 1176: .It Li kern.timecounter ( dynamic )
1177: Display and control the timecounter source of the system.
1.21 joerg 1178: .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent
1.107 wiz 1179: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.19 christos 1180: .It kern.timecounter.choice string no
1181: .It kern.timecounter.hardware string yes
1182: .It kern.timecounter.timestepwarnings integer yes
1183: .El
1184: .Pp
1185: The variables are as follows:
1186: .Bl -tag -width "123456"
1187: .It Li kern.timecounter.choice ( dynamic )
1188: The list of available timecounters with their quality and frequency.
1189: .It Li kern.timecounter.hardware ( dynamic )
1190: The currently selected timecounter source.
1191: .It Li kern.timecounter.timestepwarnings ( dynamic )
1192: If non-zero display a message each time the time is stepped.
1193: .El
1.91 kamil 1194: .It Li kern.timex ( Dv KERN_TIMEX )
1.1 pavel 1195: Not available.
1.91 kamil 1196: .It Li kern.tkstat ( Dv KERN_TKSTAT )
1.1 pavel 1197: Return information about the number of characters sent and received
1198: on ttys.
1199: The third level names for the tty statistic variables are detailed below.
1200: The changeable column shows whether a process
1201: with appropriate privilege may change the value.
1.21 joerg 1202: .Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent
1.107 wiz 1203: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.1 pavel 1204: .It kern.tkstat.cancc quad no
1205: .It kern.tkstat.nin quad no
1206: .It kern.tkstat.nout quad no
1207: .It kern.tkstat.rawcc quad no
1208: .El
1209: .Pp
1210: The variables are as follows:
1211: .Bl -tag -width "123456"
1.91 kamil 1212: .It Li kern.tkstat.cancc ( Dv KERN_TKSTAT_CANCC )
1.1 pavel 1213: The number of canonical input characters.
1.91 kamil 1214: .It Li kern.tkstat.nin ( Dv KERN_TKSTAT_NIN )
1.1 pavel 1215: The total number of input characters.
1.91 kamil 1216: .It Li kern.tkstat.nout ( Dv KERN_TKSTAT_NOUT )
1.1 pavel 1217: The total number of output characters.
1.91 kamil 1218: .It Li kern.tkstat.rawcc ( Dv KERN_TKSTAT_RAWCC )
1.1 pavel 1219: The number of raw input characters.
1220: .El
1.66 christos 1221: .It Li kern.tty
1222: The third level names for the tty setup variables are detailed below.
1223: The changeable column shows whether a process
1224: with appropriate privilege may change the value.
1225: .Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent
1.107 wiz 1226: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.66 christos 1227: .It kern.tty.qsize int yes
1228: .El
1229: .Pp
1230: The variables are as follows:
1231: .Bl -tag -width "123456"
1232: .It Li kern.tty.qsize
1233: Control/display the size of the default input and output queues selected
1234: during tty creation.
1235: Is converted to a power of two and its range is between
1236: .Dv 1024
1237: and
1238: .Dv 65536 .
1239: .El
1.70 christos 1240: .It Li kern.uidinfo
1241: Resource usage for the current user.
1242: .Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent
1.107 wiz 1243: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.70 christos 1244: .It kern.uidinfo.proccnt integer no
1245: .It kern.uidinfo.lwpcnt integer no
1246: .It kern.uidinfo.lockcnt integer no
1247: .It kern.uidinfo.sbsize integer no
1248: .El
1249: .Bl -tag -width "123456"
1250: .It Li kern.uidinfo.proccnt
1251: Returns the number of active processes for the current user.
1252: .It Li kern.uidinfo.lwpcnt
1253: Returns the number of active threads for the current user; the first thread
1254: of each process is not counted.
1255: .It Li kern.uidinfo.lockcnt
1256: Number of locks held by the current user.
1257: .It Li kern.uidinfo.sbsize
1258: Number of bytes in socket buffers allocated to the current user.
1259: .El
1.91 kamil 1260: .It Li kern.urandom ( Dv KERN_URND )
1.1 pavel 1261: Random integer value.
1.45 jruoho 1262: .It Li kern.usercrypto
1263: When enabled, allows userland to
1264: .Xr open 2
1265: the
1266: .Pa /dev/crypto
1267: special device, used by the
1268: .Xr crypto 4
1269: system.
1270: .It Li kern.userasymcrypto
1271: Enables or disables the use of software asymmetric crypto support in the
1272: .Xr crypto 4
1273: system.
1.1 pavel 1274: .It Li kern.veriexec
1.40 jruoho 1275: Runtime information for
1276: .Xr veriexec 8 .
1277: .Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent
1.107 wiz 1278: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.40 jruoho 1279: .It kern.veriexec.algorithms string no
1280: .It kern.veriexec.count node not applicable
1281: .It kern.veriexec.strict integer yes
1282: .It kern.veriexec.verbose integer yes
1283: .El
1.1 pavel 1284: .Bl -tag -width "123456"
1285: .It Li kern.veriexec.algorithms
1286: Returns a string with the supported algorithms in Veriexec.
1287: .It Li kern.veriexec.count
1288: Sub-nodes are added to this node as new mounts are monitored by Veriexec.
1289: Each mount will be under its own
1290: .No tableN
1291: node.
1292: Under each node there will be three variables, indicating the mount
1.57 wiz 1293: point, the file system type, and the number of entries.
1.1 pavel 1294: .It Li kern.veriexec.strict
1295: Controls the strict level of Veriexec.
1296: See
1.62 jruoho 1297: .Xr security 7
1.1 pavel 1298: for more information on each level's implications.
1299: .It Li kern.veriexec.verbose
1300: Controls the verbosity level of Veriexec.
1301: If 0, only the minimal
1302: indication required will be given about what's happening - fingerprint
1303: mismatches, removal of entries from the tables, modification of a
1304: fingerprinted file.
1305: If 1, more messages will be printed (ie., when a file with a valid
1306: fingerprint is accessed).
1307: Verbose level 2 is debug mode.
1308: .El
1.91 kamil 1309: .It Li kern.version ( Dv KERN_VERSION )
1.1 pavel 1310: The system version string.
1.91 kamil 1311: .It Li kern.vnode ( Dv KERN_VNODE )
1.1 pavel 1312: Return the entire vnode table.
1313: Note, the vnode table is not necessarily a consistent snapshot of
1314: the system.
1315: The returned data consists of an array whose size depends on the
1316: current number of such objects in the system.
1317: Each element of the array contains the kernel address of a vnode
1.56 uwe 1318: .Vt struct vnode *
1.1 pavel 1319: followed by the vnode itself
1.56 uwe 1320: .Vt struct vnode .
1.43 jruoho 1321: .\" XXX: Undocumented: kern.lwp: no children?
1.1 pavel 1322: .El
1.50 jruoho 1323: .Ss The machdep.* subtree
1.1 pavel 1324: The set of variables defined is architecture dependent.
1325: Most architectures define at least the following variables.
1.43 jruoho 1326: .Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent
1.107 wiz 1327: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.43 jruoho 1328: .It Li machdep.booted_kernel string no
1.1 pavel 1329: .El
1.43 jruoho 1330: .\" XXX: Document the above.
1.50 jruoho 1331: .Ss The net.* subtree
1.1 pavel 1332: The string and integer information available for the
1333: .Li net
1334: level is detailed below.
1335: The changeable column shows whether a process with appropriate
1336: privilege may change the value.
1337: The second and third levels are typically the protocol family and
1338: protocol number, though this is not always the case.
1.21 joerg 1339: .Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent
1.107 wiz 1340: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.1 pavel 1341: .It net.route routing messages no
1342: .It net.inet IPv4 values yes
1343: .It net.inet6 IPv6 values yes
1344: .It net.key IPsec key management values yes
1345: .El
1346: .Bl -tag -width "123456"
1.91 kamil 1347: .It Li net.route ( Dv PF_ROUTE )
1.1 pavel 1348: .\" XXX really?
1349: Return the entire routing table or a subset of it.
1350: The data is returned as a sequence of routing messages (see
1351: .Xr route 4
1352: for the header file, format and meaning).
1353: The length of each message is contained in the message header.
1354: .Pp
1.56 uwe 1355: The third level name is a protocol number, which is currently always\ 0.
1.1 pavel 1356: The fourth level name is an address family, which may be set to 0 to
1357: select all address families.
1358: The fifth and sixth level names are as follows:
1.21 joerg 1359: .Bl -column "Fifth level name" "Sixth level is:" -offset indent
1.111 pgoyette 1360: .It Sy Fifth level name Ta Sy Sixth level is :
1.21 joerg 1361: .It NET_RT_FLAGS rtflags
1362: .It NET_RT_DUMP None
1363: .It NET_RT_IFLIST None
1.1 pavel 1364: .El
1.91 kamil 1365: .It Li net.inet ( Dv PF_INET )
1.1 pavel 1366: Get or set various global information about the IPv4
1367: .Pq Internet Protocol version 4 .
1368: The third level name is the protocol.
1369: The fourth level name is the variable name.
1370: The currently defined protocols and names are:
1.92 wiz 1371: .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent
1.107 wiz 1372: .It Sy Protocol Variable Ta Sy Type Ta Sy Changeable
1.1 pavel 1373: .It arp down integer yes
1374: .It arp keep integer yes
1.65 christos 1375: .It arp log_movements integer yes
1376: .It arp log_permanent_modify integer yes
1.86 christos 1377: .It arp log_unknown_network integer yes
1.65 christos 1378: .It arp log_wrong_iface integer yes
1.1 pavel 1379: .It carp allow integer yes
1380: .It carp preempt integer yes
1381: .It carp log integer yes
1382: .It carp arpbalance integer yes
1383: .It icmp errppslimit integer yes
1384: .It icmp maskrepl integer yes
1385: .It icmp rediraccept integer yes
1386: .It icmp redirtimeout integer yes
1.28 christos 1387: .It icmp bmcastecho integer yes
1.1 pavel 1388: .It ip allowsrcrt integer yes
1.72 christos 1389: .It ip anonportalgo.selected string yes
1390: .It ip anonportalgo.available string yes
1.74 christos 1391: .It ip anonportalgo.reserve struct yes
1.1 pavel 1392: .It ip anonportmax integer yes
1393: .It ip anonportmin integer yes
1394: .It ip checkinterface integer yes
1.103 roy 1395: .It ip dad_count integer yes
1.1 pavel 1396: .It ip directed-broadcast integer yes
1397: .It ip do_loopback_cksum integer yes
1398: .It ip forwarding integer yes
1399: .It ip forwsrcrt integer yes
1400: .It ip gifttl integer yes
1401: .It ip grettl integer yes
1.8 liamjfoy 1402: .It ip hashsize integer yes
1.1 pavel 1403: .It ip hostzerobroadcast integer yes
1404: .It ip lowportmin integer yes
1405: .It ip lowportmax integer yes
1406: .It ip maxflows integer yes
1407: .It ip maxfragpackets integer yes
1408: .It ip mtudisc integer yes
1409: .It ip mtudisctimeout integer yes
1410: .It ip random_id integer yes
1411: .It ip redirect integer yes
1412: .It ip subnetsarelocal integer yes
1413: .It ip ttl integer yes
1414: .It tcp rfc1323 integer yes
1415: .It tcp sendspace integer yes
1416: .It tcp recvspace integer yes
1417: .It tcp mssdflt integer yes
1418: .It tcp syn_cache_limit integer yes
1419: .It tcp syn_bucket_limit integer yes
1420: .It tcp syn_cache_interval integer yes
1421: .It tcp init_win integer yes
1422: .It tcp init_win_local integer yes
1423: .It tcp mss_ifmtu integer yes
1424: .It tcp win_scale integer yes
1425: .It tcp timestamps integer yes
1426: .It tcp cwm integer yes
1427: .It tcp cwm_burstsize integer yes
1428: .It tcp ack_on_push integer yes
1429: .It tcp keepidle integer yes
1430: .It tcp keepintvl integer yes
1431: .It tcp keepcnt integer yes
1432: .It tcp slowhz integer no
1.12 christos 1433: .It tcp keepinit integer yes
1.1 pavel 1434: .It tcp log_refused integer yes
1435: .It tcp rstppslimit integer yes
1436: .It tcp ident struct no
1.13 christos 1437: .It tcp drop struct no
1.1 pavel 1438: .It tcp sack.enable integer yes
1439: .It tcp sack.globalholes integer no
1440: .It tcp sack.globalmaxholes integer yes
1441: .It tcp sack.maxholes integer yes
1442: .It tcp ecn.enable integer yes
1443: .It tcp ecn.maxretries integer yes
1444: .It tcp congctl.selected string yes
1445: .It tcp congctl.available string yes
1446: .It tcp abc.enable integer yes
1447: .It tcp abc.aggressive integer yes
1448: .It udp checksum integer yes
1449: .It udp do_loopback_cksum integer yes
1450: .It udp recvspace integer yes
1451: .It udp sendspace integer yes
1452: .El
1453: .Pp
1454: The variables are as follows:
1455: .Bl -tag -width "123456"
1456: .It Li arp.down
1457: Failed ARP entry lifetime.
1458: .It Li arp.keep
1459: Valid ARP entry lifetime.
1460: .It Li carp.allow
1461: If set to 0, incoming
1462: .Xr carp 4
1463: packets will not be processed.
1464: If set to any other value, processing will occur.
1465: Enabled by default.
1466: .It Li carp.arpbalance
1467: If set to any value other than 0, the ARP balancing functionality of
1468: .Xr carp 4
1469: is enabled.
1470: When ARP requests are received for an IP address which is part of any virtual
1471: host, carp will hash the source IP in the ARP request to select one of the
1472: virtual hosts from the set of all the virtual hosts which have that IP address.
1473: The master of that host will respond with the correct virtual MAC address.
1474: Disabled by default.
1475: .It Li carp.log
1476: If set to any value other than 0,
1477: .Xr carp 4
1478: will log errors.
1479: Disabled by default.
1480: .It Li carp.preempt
1481: If set to 0,
1482: .Xr carp 4
1483: will not attempt to become master if it is receiving advertisements from
1484: another active master.
1485: If set to any other value, carp will become master of the virtual host if it
1486: believes it can send advertisements more frequently than the current master.
1487: Disabled by default.
1488: .It Li ip.allowsrcrt
1489: If set to 1, the host accepts source routed packets.
1.72 christos 1490: .It Li ip.anonportalgo.available
1491: The available RFC 6056 port randomization algorithms.
1.74 christos 1492: .It Li ip.anonportalgo.reserve
1493: A bitmask of ports that will not be used during anonymous or privileged
1494: port selection.
1.72 christos 1495: .It Li ip.anonportalgo.selected
1496: The currently selected RFC 6056 port randomization algorithm.
1.1 pavel 1497: .It Li ip.anonportmax
1498: The highest port number to use for TCP and UDP ephemeral port allocation.
1499: This cannot be set to less than 1024 or greater than 65535, and must
1500: be greater than
1501: .Li ip.anonportmin .
1502: .It Li ip.anonportmin
1503: The lowest port number to use for TCP and UDP ephemeral port allocation.
1504: This cannot be set to less than 1024 or greater than 65535.
1505: .It Li ip.checkinterface
1506: If set to non-zero, the host will reject packets addressed to it
1507: that arrive on an interface not bound to that address.
1.129 maxv 1508: Currently, this must be disabled if NAT is used to translate the
1.1 pavel 1509: destination address to another local interface, or if addresses
1510: are added to the loopback interface instead of the interface where
1511: the packets for those packets are received.
1.103 roy 1512: .It Li ip.dad_count
1513: The number of
1514: .Xr arp 4
1515: probes sent for Address Conflict Detection.
1516: Set to 0 to disable this.
1.1 pavel 1517: .It Li ip.directed-broadcast
1518: If set to 1, enables directed broadcast behavior for the host.
1519: .It Li ip.do_loopback_cksum
1520: Perform IP checksum on loopback.
1521: .It Li ip.forwarding
1522: If set to 1, enables IP forwarding for the host,
1523: meaning that the host is acting as a router.
1524: .It Li ip.forwsrcrt
1525: If set to 1, enables forwarding of source-routed packets for the host.
1526: This value may only be changed if the kernel security level is less than 1.
1527: .It Li ip.gifttl
1528: The maximum time-to-live (hop count) value for an IPv4 packet generated by
1529: .Xr gif 4
1530: tunnel interface.
1531: .It Li ip.grettl
1532: The maximum time-to-live (hop count) value for an IPv4 packet generated by
1533: .Xr gre 4
1534: tunnel interface.
1.8 liamjfoy 1535: .It Li ip.hashsize
1536: The size of IPv4 Fast Forward hash table.
1537: This value must be a power of 2 (64, 256...).
1538: A larger hash table size results in fewer collisions.
1539: Also see
1540: .Li ip.maxflows .
1.1 pavel 1541: .It Li ip.hostzerobroadcast
1542: All zeroes address is broadcast address.
1543: .It Li ip.lowportmax
1544: The highest port number to use for TCP and UDP reserved port allocation.
1545: This cannot be set to less than 0 or greater than 1024, and must
1546: be greater than
1547: .Li ip.lowportmin .
1548: .It Li ip.lowportmin
1549: The lowest port number to use for TCP and UDP reserved port allocation.
1550: This cannot be set to less than 0 or greater than 1024, and must
1551: be smaller than
1552: .Li ip.lowportmax .
1553: .It Li ip.maxflows
1.5 liamjfoy 1554: IPv4 Fast Forwarding is enabled by default.
1555: If set to 0, IPv4 Fast Forwarding is disabled.
1.1 pavel 1556: .Li ip.maxflows
1557: controls the maximum amount of flows which can be created.
1558: The default value is 256.
1559: .It Li ip.maxfragpackets
1560: The maximum number of fragmented packets the node will accept.
1561: 0 means that the node will not accept any fragmented packets.
1562: \-1 means that the node will accept as many fragmented packets as it receives.
1563: The flag is provided basically for avoiding possible DoS attacks.
1564: .It Li ip.mtudisc
1565: If set to 1, enables Path MTU Discovery (RFC 1191).
1566: When Path MTU Discovery is enabled, the transmitted TCP segment
1567: size will be determined by the advertised maximum segment size
1568: (MSS) from the remote end, as constrained by the path MTU.
1569: If MTU Discovery is disabled, the transmitted segment size will
1570: never be greater than
1571: .Li tcp.mssdflt
1572: (the local maximum segment size).
1573: .It Li ip.mtudisctimeout
1574: The number of seconds in which a route added by the Path MTU
1575: Discovery engine will time out.
1576: When the route times out, the Path
1577: MTU Discovery engine will attempt to probe a larger path MTU.
1578: .It Li ip.random_id
1579: Assign random ip_id values.
1580: .It Li ip.redirect
1581: If set to 1, ICMP redirects may be sent by the host.
1582: This option is ignored unless the host is routing IP packets,
1583: and should normally be enabled on all systems.
1584: .It Li ip.subnetsarelocal
1585: If set to 1, subnets are to be considered local addresses.
1586: .It Li ip.ttl
1587: The maximum time-to-live (hop count) value for an IP packet sourced by
1588: the system.
1589: This value applies to normal transport protocols, not to ICMP.
1590: .It Li icmp.errppslimit
1591: The variable specifies the maximum number of outgoing ICMP error messages,
1592: per second.
1593: ICMP error messages that exceeded the value are subject to rate limitation
1594: and will not go out from the node.
1595: Negative value disables rate limitation.
1596: .It Li icmp.maskrepl
1597: If set to 1, ICMP network mask requests are to be answered.
1598: .It Li icmp.rediraccept
1599: If set to non-zero, the host will accept ICMP redirect packets.
1600: Note that routers will never accept ICMP redirect packets,
1601: and the variable is meaningful on IP hosts only.
1602: .It Li icmp.redirtimeout
1603: The variable specifies lifetime of routing entries generated by incoming
1604: ICMP redirect.
1605: This defaults to 600 seconds.
1606: .It Li icmp.returndatabytes
1607: Number of bytes to return in an ICMP error message.
1.28 christos 1608: .It Li icmp.bmcastecho
1609: If set to 1, enables responding to ICMP echo or timestamp request to the
1610: broadcast address.
1.1 pavel 1611: .It Li tcp.ack_on_push
1612: If set to 1, TCP is to immediately transmit an ACK upon reception of
1613: a packet with PUSH set.
1614: This can avoid losing a round trip time in some rare situations,
1615: but has the caveat of potentially defeating TCP's delayed ACK algorithm.
1616: Use of this option is generally not recommended, but
1617: the variable exists in case your configuration really needs it.
1618: .It Li tcp.cwm
1619: If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window
1620: Monitoring algorithm.
1621: This algorithm prevents line-rate bursts of packets that could
1622: otherwise occur when data begins flowing on an idle TCP connection.
1623: These line-rate bursts can contribute to network and router congestion.
1624: This can be particularly useful on World Wide Web servers
1625: which support HTTP/1.1, which has lingering connections.
1626: .It Li tcp.cwm_burstsize
1627: The Congestion Window Monitoring allowed burst size, in terms
1628: of packet count.
1629: .It Li tcp.delack_ticks
1630: Number of ticks to delay sending an ACK.
1631: .It Li tcp.do_loopback_cksum
1632: Perform TCP checksum on loopback.
1633: .It Li tcp.init_win
1.76 wiz 1634: A value indicating the TCP initial congestion window.
1635: The valid range
1.87 matt 1636: is 0 to 10 (maximum specified by RFC6928),
1.75 christos 1637: with a default of 4 (approximately 4K per RFC3390).
1.1 pavel 1638: .It Li tcp.init_win_local
1639: Like
1640: .Li tcp.init_win ,
1641: but used when communicating with hosts on a local network.
1642: .It Li tcp.keepcnt
1643: Number of keepalive probes sent before declaring a connection dead.
1644: If set to zero, there is no limit;
1645: keepalives will be sent until some kind of
1646: response is received from the peer.
1647: .It Li tcp.keepidle
1648: Time a connection must be idle before keepalives are sent (if keepalives
1649: are enabled for the connection).
1650: See also tcp.slowhz.
1651: .It Li tcp.keepintvl
1652: Time after a keepalive probe is sent until, in the absence of any response,
1653: another probe is sent.
1654: See also tcp.slowhz.
1655: .It Li tcp.log_refused
1656: If set to 1, refused TCP connections to the host will be logged.
1.12 christos 1657: .It Li tcp.keepinit
1658: Timeout in seconds during connection establishment.
1.1 pavel 1659: .It Li tcp.mss_ifmtu
1660: If set to 1, TCP calculates the outgoing maximum segment size based on
1661: the MTU of the appropriate interface.
1662: If set to 0, it is calculated based on the greater of the MTU of the
1663: interface, and the largest (non-loopback) interface MTU on the system.
1664: .It Li tcp.mssdflt
1665: The default maximum segment size both advertised to the peer
1666: and to use when either the peer does not advertise a maximum segment size to
1667: us during connection setup or Path MTU Discovery
1668: .Li ( ip.mtudisc )
1669: is disabled.
1670: Do not change this value unless you really know what you are doing.
1671: .It Li tcp.recvspace
1672: The default TCP receive buffer size.
1673: .It Li tcp.rfc1323
1674: If set to 1, enables RFC 1323 extensions to TCP.
1675: .It Li tcp.rstppslimit
1676: The variable specifies the maximum number of outgoing TCP RST packets,
1677: per second.
1678: TCP RST packet that exceeded the value are subject to rate limitation
1679: and will not go out from the node.
1680: Negative value disables rate limitation.
1.13 christos 1681: .It Li tcp.ident
1682: Return the user ID of a connected socket pair.
1683: (RFC1413 Identification Protocol lookups.)
1684: .It Li tcp.drop
1685: Drop a TCP socket pair connection.
1.1 pavel 1686: .It Li tcp.sack.enable
1687: If set to 1, enables RFC 2018 Selective ACKnowledgement.
1688: .It Li tcp.sack.globalholes
1689: Global number of TCP SACK holes.
1690: .It Li tcp.sack.globalmaxholes
1691: Global maximum number of TCP SACK holes.
1692: .It Li tcp.sack.maxholes
1693: Maximum number of TCP SACK holes allowed per connection.
1694: .It Li tcp.ecn.enable
1695: If set to 1, enables RFC 3168 Explicit Congestion Notification.
1696: .It Li tcp.ecn.maxretries
1697: Number of times to retry sending the ECN-setup packet.
1698: .It Li tcp.sendspace
1699: The default TCP send buffer size.
1700: .It Li tcp.slowhz
1701: The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks
1702: of a clock that ticks tcp.slowhz times per second.
1703: (That is, their values
1704: must be divided by the tcp.slowhz value to get times in seconds.)
1705: .It Li tcp.syn_bucket_limit
1706: The maximum number of entries allowed per hash bucket in the TCP
1707: compressed state engine.
1708: .It Li tcp.syn_cache_limit
1709: The maximum number of entries allowed in the TCP compressed state
1710: engine.
1711: .It Li tcp.timestamps
1712: If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options,
1713: used for measuring TCP round trip times, are enabled.
1714: .It Li tcp.win_scale
1715: If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options,
1716: for increasing the TCP window size, are enabled.
1717: .It Li tcp.congctl.available
1718: The available TCP congestion control algorithms.
1719: .It Li tcp.congctl.selected
1720: The currently selected TCP congestion control algorithm.
1721: .It Li tcp.abc.enable
1722: If set to 1, use RFC 3465 Appropriate Byte Counting (ABC).
1723: If set to 0, use traditional Packet Counting.
1724: .It Li tcp.abc.aggressive
1725: Choose the L parameter found in RFC 3465.
1726: L is the maximum cwnd increase for an ack during slow start.
1727: If set to 1, use L=2*SMSS.
1728: If set to 0, use L=1*SMSS.
1729: It has no effect unless tcp.abc.enable is set to 1.
1730: .It Li udp.checksum
1731: If set to 1, UDP checksums are being computed.
1732: Received non-zero UDP checksums are always checked.
1733: Disabling UDP checksums is strongly discouraged.
1.67 christos 1734: .It Li udp.recvspace
1735: The default UDP receive buffer size.
1.1 pavel 1736: .It Li udp.sendspace
1737: The default UDP send buffer size.
1738: .El
1739: .Pp
1740: For variables net.*.ipsec, please refer to
1741: .Xr ipsec 4 .
1.91 kamil 1742: .It Li net.inet6 ( Dv PF_INET6 )
1.1 pavel 1743: Get or set various global information about the IPv6
1744: .Pq Internet Protocol version 6 .
1745: The third level name is the protocol.
1746: The fourth level name is the variable name.
1747: The currently defined protocols and names are:
1.92 wiz 1748: .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent
1.107 wiz 1749: .It Sy Protocol Variable Ta Sy Type Ta Sy Changeable
1.1 pavel 1750: .It icmp6 errppslimit integer yes
1751: .It icmp6 mtudisc_hiwat integer yes
1752: .It icmp6 mtudisc_lowat integer yes
1753: .It icmp6 nd6_debug integer yes
1754: .It icmp6 nd6_delay integer yes
1755: .It icmp6 nd6_maxnudhint integer yes
1756: .It icmp6 nd6_mmaxtries integer yes
1757: .It icmp6 nd6_prune integer yes
1758: .It icmp6 nd6_umaxtries integer yes
1759: .It icmp6 nd6_useloopback integer yes
1760: .It icmp6 nodeinfo integer yes
1761: .It icmp6 rediraccept integer yes
1762: .It icmp6 redirtimeout integer yes
1763: .It ip6 accept_rtadv integer yes
1.96 christos 1764: .It ip6 addctlpolicy struct in6_addrpolicy no
1.72 christos 1765: .It ip6 anonportalgo.selected string yes
1766: .It ip6 anonportalgo.available string yes
1.90 kamil 1767: .It ip6 anonportalgo.reserve struct yes
1.1 pavel 1768: .It ip6 anonportmax integer yes
1769: .It ip6 anonportmin integer yes
1770: .It ip6 auto_flowlabel integer yes
1771: .It ip6 dad_count integer yes
1772: .It ip6 defmcasthlim integer yes
1773: .It ip6 forwarding integer yes
1774: .It ip6 gifhlim integer yes
1.7 liamjfoy 1775: .It ip6 hashsize integer yes
1.1 pavel 1776: .It ip6 hlim integer yes
1777: .It ip6 hdrnestlimit integer yes
1778: .It ip6 kame_version string no
1779: .It ip6 keepfaith integer yes
1780: .It ip6 log_interval integer yes
1781: .It ip6 lowportmax integer yes
1782: .It ip6 lowportmin integer yes
1.73 christos 1783: .It ip6 maxdynroutes integer yes
1784: .It ip6 maxifprefixes integer yes
1785: .It ip6 maxifdefrouters integer yes
1.5 liamjfoy 1786: .It ip6 maxflows integer yes
1.1 pavel 1787: .It ip6 maxfragpackets integer yes
1788: .It ip6 maxfrags integer yes
1.73 christos 1789: .It ip6 neighborgcthresh integer yes
1.1 pavel 1790: .It ip6 redirect integer yes
1791: .It ip6 rr_prune integer yes
1792: .It ip6 use_deprecated integer yes
1793: .It ip6 v6only integer yes
1794: .It udp6 do_loopback_cksum integer yes
1795: .It udp6 recvspace integer yes
1796: .It udp6 sendspace integer yes
1797: .El
1798: .Pp
1799: The variables are as follows:
1800: .Bl -tag -width "123456"
1801: .It Li ip6.accept_rtadv
1802: If set to non-zero, the node will accept ICMPv6 router advertisement packets
1803: and autoconfigures address prefixes and default routers.
1804: The node must be a host
1805: .Pq not a router
1806: for the option to be meaningful.
1.72 christos 1807: .It Li ip6.anonportalgo.available
1808: The available RFC 6056 port randomization algorithms.
1.74 christos 1809: .It Li ip6.anonportalgo.reserve
1810: A bitmask of ports that will not be used during anonymous or privileged
1811: port selection.
1.72 christos 1812: .It Li ip6.anonportalgo.selected
1813: The currently selected RFC 6056 port randomization algorithm.
1.1 pavel 1814: .It Li ip6.anonportmax
1815: The highest port number to use for TCP and UDP ephemeral port allocation.
1816: This cannot be set to less than 1024 or greater than 65535, and must
1817: be greater than
1818: .Li ip6.anonportmin .
1819: .It Li ip6.anonportmin
1820: The lowest port number to use for TCP and UDP ephemeral port allocation.
1821: This cannot be set to less than 1024 or greater than 65535.
1822: .It Li ip6.auto_flowlabel
1823: On connected transport protocol packets,
1824: fill IPv6 flowlabel field to help intermediate routers to identify packet flows.
1825: .It Li ip6.dad_count
1826: The variable configures number of IPv6 DAD
1827: .Pq duplicated address detection
1828: probe packets.
1829: The packets will be generated when IPv6 interface addresses are configured.
1830: .It Li ip6.defmcasthlim
1831: The default hop limit value for an IPv6 multicast packet sourced by the node.
1832: This value applies to all the transport protocols on top of IPv6.
1833: There are APIs to override the value, as documented in
1834: .Xr ip6 4 .
1835: .It Li ip6.forwarding
1836: If set to 1, enables IPv6 forwarding for the node,
1837: meaning that the node is acting as a router.
1838: If set to 0, disables IPv6 forwarding for the node,
1839: meaning that the node is acting as a host.
1840: IPv6 specification defines node behavior for
1841: .Dq router
1842: case and
1843: .Dq host
1844: case quite differently, and changing this variable during operation
1845: may cause serious trouble.
1846: It is recommended to configure the variable at bootstrap time,
1847: and bootstrap time only.
1848: .It Li ip6.gifhlim
1849: The maximum hop limit value for an IPv6 packet generated by
1850: .Xr gif 4
1851: tunnel interface.
1852: .It Li ip6.hdrnestlimit
1853: The number of IPv6 extension headers permitted on incoming IPv6 packets.
1854: If set to 0, the node will accept as many extension headers as possible.
1.7 liamjfoy 1855: .It Li ip6.hashsize
1856: The size of IPv6 Fast Forward hash table.
1.56 uwe 1857: This value must be a power of 2 (64, 256, ...).
1.7 liamjfoy 1858: A larger hash table size results in fewer collisions.
1859: Also see
1860: .Li ip6.maxflows .
1.1 pavel 1861: .It Li ip6.hlim
1862: The default hop limit value for an IPv6 unicast packet sourced by the node.
1863: This value applies to all the transport protocols on top of IPv6.
1864: There are APIs to override the value, as documented in
1865: .Xr ip6 4 .
1866: .It Li ip6.kame_version
1867: The string identifies the version of KAME IPv6 stack implemented in the kernel.
1868: .It Li ip6.keepfaith
1869: If set to non-zero, it enables
1870: .Dq FAITH
1871: TCP relay IPv6-to-IPv4 translator code in the kernel.
1872: Refer
1873: .Xr faith 4
1874: and
1875: .Xr faithd 8
1876: for detail.
1877: .It Li ip6.log_interval
1878: The variable controls amount of logs generated by IPv6 packet
1879: forwarding engine, by setting interval between log output
1880: .Pq in seconds .
1881: .It Li ip6.lowportmax
1882: The highest port number to use for TCP and UDP reserved port allocation.
1883: This cannot be set to less than 0 or greater than 1024, and must
1884: be greater than
1885: .Li ip6.lowportmin .
1886: .It Li ip6.lowportmin
1887: The lowest port number to use for TCP and UDP reserved port allocation.
1888: This cannot be set to less than 0 or greater than 1024, and must
1889: be smaller than
1890: .Li ip6.lowportmax .
1.73 christos 1891: .It Li ip6.maxdynroutes
1892: Maximum number of routes created by redirect.
1893: Set it to negative to disable.
1894: The default value is 4096.
1895: .It Li ip6.maxifprefixes
1896: Maximum number of prefixes created by route advertisements per interface.
1897: Set it to negative to disable.
1898: The default value is 16.
1899: .It Li ip6.maxifdefrouters 16
1900: Maximum number of default routers created by route advertisements per interface.
1901: Set it to negative to disable.
1902: The default value is 16.
1.5 liamjfoy 1903: .It Li ip6.maxflows
1904: IPv6 Fast Forwarding is enabled by default.
1905: If set to 0, IPv6 Fast Forwarding is disabled.
1906: .Li ip6.maxflows
1907: controls the maximum amount of flows which can be created.
1.6 liamjfoy 1908: The default value is 256.
1.1 pavel 1909: .It Li ip6.maxfragpackets
1910: The maximum number of fragmented packets the node will accept.
1911: 0 means that the node will not accept any fragmented packets.
1912: \-1 means that the node will accept as many fragmented packets as it receives.
1913: The flag is provided basically for avoiding possible DoS attacks.
1914: .It Li ip6.maxfrags
1915: The maximum number of fragments the node will accept.
1916: 0 means that the node will not accept any fragments.
1917: \-1 means that the node will accept as many fragments as it receives.
1918: The flag is provided basically for avoiding possible DoS attacks.
1.73 christos 1919: .It Li ip6.neighborgcthresh
1.98 ozaki-r 1920: Maximum number of entries in neighbor cache per interface.
1.73 christos 1921: Set to negative to disable.
1922: The default value is 2048.
1.1 pavel 1923: .It Li ip6.redirect
1924: If set to 1, ICMPv6 redirects may be sent by the node.
1925: This option is ignored unless the node is routing IP packets,
1926: and should normally be enabled on all systems.
1927: .It Li ip6.rr_prune
1928: The variable specifies interval between IPv6 router renumbering prefix
1929: babysitting, in seconds.
1930: .It Li ip6.use_deprecated
1931: The variable controls use of deprecated address, specified in RFC 2462 5.5.4.
1932: .It Li ip6.v6only
1933: The variable specifies initial value for
1934: .Dv IPV6_V6ONLY
1935: socket option for
1936: .Dv AF_INET6
1937: socket.
1938: Please refer to
1939: .Xr ip6 4
1940: for detail.
1941: .It Li icmp6.errppslimit
1942: The variable specifies the maximum number of outgoing ICMPv6 error messages,
1943: per second.
1944: ICMPv6 error messages that exceeded the value are subject to rate limitation
1945: and will not go out from the node.
1946: Negative value disables rate limitation.
1947: .It Li icmp6.mtudisc_hiwat
1948: .It Li icmp6.mtudisc_lowat
1949: The variables define the maximum number of routing table entries,
1950: created due to path MTU discovery
1951: .Pq prevents denial-of-service attacks with ICMPv6 too big messages .
1952: When IPv6 path MTU discovery happens, we keep path MTU information into
1953: the routing table.
1954: If the number of routing table entries exceed the value,
1955: the kernel will not attempt to keep the path MTU information.
1956: .Li icmp6.mtudisc_hiwat
1957: is used when we have verified ICMPv6 too big messages.
1958: .Li icmp6.mtudisc_lowat
1959: is used when we have unverified ICMPv6 too big messages.
1960: Verification is performed by using address/port pairs kept in connected pcbs.
1961: Negative value disables the upper limit.
1962: .It Li icmp6.nd6_debug
1963: If set to non-zero, kernel IPv6 neighbor discovery code will generate
1964: debugging messages.
1965: The debug outputs are useful to diagnose IPv6 interoperability issues.
1966: The flag must be set to 0 for normal operation.
1967: .It Li icmp6.nd6_delay
1968: The variable specifies
1969: .Dv DELAY_FIRST_PROBE_TIME
1970: timing constant in IPv6 neighbor discovery specification
1971: .Pq RFC 2461 ,
1972: in seconds.
1973: .It Li icmp6.nd6_maxnudhint
1974: IPv6 neighbor discovery permits upper layer protocols to supply reachability
1975: hints, to avoid unnecessary neighbor discovery exchanges.
1976: The variable defines the number of consecutive hints the neighbor discovery
1977: layer will take.
1978: For example, by setting the variable to 3, neighbor discovery layer
1979: will take 3 consecutive hints in maximum.
1980: After receiving 3 hints, neighbor discovery layer will perform
1981: normal neighbor discovery process.
1982: .It Li icmp6.nd6_mmaxtries
1983: The variable specifies
1984: .Dv MAX_MULTICAST_SOLICIT
1985: constant in IPv6 neighbor discovery specification
1986: .Pq RFC 2461 .
1987: .It Li icmp6.nd6_prune
1988: The variable specifies interval between IPv6 neighbor cache babysitting,
1989: in seconds.
1990: .It Li icmp6.nd6_umaxtries
1991: The variable specifies
1992: .Dv MAX_UNICAST_SOLICIT
1993: constant in IPv6 neighbor discovery specification
1994: .Pq RFC 2461 .
1995: .It Li icmp6.nd6_useloopback
1996: If set to non-zero, kernel IPv6 stack will use loopback interface for
1997: local traffic.
1998: .It Li icmp6.nodeinfo
1999: The variable enables responses to ICMPv6 node information queries.
2000: If you set the variable to 0, responses will not be generated for
2001: ICMPv6 node information queries.
2002: Since node information queries can have a security impact, it is
2003: possible to fine tune which responses should be answered.
2004: Two separate bits can be set.
2005: .Bl -tag -width "12345"
2006: .It 1
2007: Respond to ICMPv6 FQDN queries, e.g.
2008: .Li ping6 -w .
2009: .It 2
2010: Respond to ICMPv6 node addresses queries, e.g.
2011: .Li ping6 -a .
2012: .El
2013: .It Li icmp6.rediraccept
2014: If set to non-zero, the host will accept ICMPv6 redirect packets.
2015: Note that IPv6 routers will never accept ICMPv6 redirect packets,
2016: and the variable is meaningful on IPv6 hosts
2017: .Pq non-router
2018: only.
2019: .It Li icmp6.redirtimeout
2020: The variable specifies lifetime of routing entries generated by incoming
2021: ICMPv6 redirect.
2022: .It Li udp6.do_loopback_cksum
2023: Perform UDP checksum on loopback.
2024: .It Li udp6.recvspace
2025: Default UDP receive buffer size.
2026: .It Li udp6.sendspace
2027: Default UDP send buffer size.
2028: .El
2029: .Pp
1.119 wiz 2030: We reuse net.*.tcp for TCP over IPv6,
1.1 pavel 2031: and therefore we do not have variables net.*.tcp6.
2032: Variables net.inet6.udp6 have identical meaning to net.inet.udp.
2033: Please refer to
2034: .Li PF_INET
2035: section above.
2036: For variables net.*.ipsec6, please refer to
2037: .Xr ipsec 4 .
1.91 kamil 2038: .It Li net.key ( Dv PF_KEY )
1.1 pavel 2039: Get or set various global information about the IPsec key management.
2040: The third level name is the variable name.
2041: The currently defined variable and names are:
1.21 joerg 2042: .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent
1.107 wiz 2043: .It Sy Variable Type Ta Sy Changeable
1.1 pavel 2044: .It debug integer yes
1.80 christos 2045: .It enabled integer yes
2046: .It used integer no
1.1 pavel 2047: .It spi_try integer yes
2048: .It spi_min_value integer yes
2049: .It spi_max_value integer yes
2050: .It larval_lifetime integer yes
2051: .It blockacq_count integer yes
2052: .It blockacq_lifetime integer yes
2053: .It esp_keymin integer yes
2054: .It esp_auth integer yes
2055: .It ah_keymin integer yes
2056: .El
2057: The variables are as follows:
2058: .Bl -tag -width "123456"
2059: .It Li debug
2060: Turn on debugging message from within the kernel.
2061: The value is a bitmap, as defined in
1.131 maxv 2062: .In netipsec/key_debug.h .
1.80 christos 2063: .It Li enabled
1.81 christos 2064: Control processing of IPsec control messages.
2065: .Bl -tag -width indent
2066: .It 0
2067: Never allow IPsec processing
2068: .It 1
2069: Allow IPsec processing when SPD policies are present.
2070: .It 2
2071: Force IPsec processing even when SPD policies are not present.
2072: .El
1.80 christos 2073: .It Li used
1.128 eadler 2074: Based on if IPsec is enabled, and SPD rule existence, show if
1.80 christos 2075: IPsec is being used.
1.110 abhinav 2076: Note that currently once IPsec is being used, it cannot be disabled.
1.1 pavel 2077: .It Li spi_try
2078: The number of times the kernel will try to obtain an unique SPI
2079: when it generates it from random number generator.
2080: .It Li spi_min_value
2081: Minimum SPI value when generating it within the kernel.
2082: .It Li spi_max_value
2083: Maximum SPI value when generating it within the kernel.
2084: .It Li larval_lifetime
2085: Lifetime for LARVAL SAD entries, in seconds.
2086: .It Li blockacq_count
2087: Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message.
2088: It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the
2089: key management daemon.
2090: .It Li blockacq_lifetime
2091: Lifetime of ACQUIRE PF_KEY message.
2092: .It Li esp_keymin
2093: Minimum ESP key length, in bits.
2094: The value is used when the kernel creates proposal payload
2095: on ACQUIRE PF_KEY message.
2096: .It Li esp_auth
2097: Whether ESP authentication should be used or not.
2098: Non-zero value indicates that ESP authentication should be used.
2099: The value is used when the kernel creates proposal payload
2100: on ACQUIRE PF_KEY message.
2101: .It Li ah_keymin
2102: Minimum AH key length, in bits,
2103: The value is used when the kernel creates proposal payload
2104: on ACQUIRE PF_KEY message.
2105: .El
1.126 christos 2106: .It Li net.local ( Dv PF_LOCAL )
2107: Get or set various global information about
2108: .Dv AF_LOCAL
2109: type sockets.
2110: For some variables, the third level name is the variable name:
2111: .Bl -column "Variable" "integer" "Changeable" -offset indent
2112: .It Sy Variable Type Ta Sy Changeable
2113: .It inflight integer no
2114: .It deferred integer no
2115: .El
2116: The variables are as follows:
2117: .Bl -tag -width "123456"
2118: .It Li inflight
2119: The number of file descriptors currently passed between processes,
2120: .Qq in flight .
2121: .It Li deferred
2122: The number of file descriptors passed between processes that have been
2123: deferred for cleanup by a kernel task.
2124: .El
2125: .Pp
2126: Other variables are specific to a socket type:
2127: .Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent
1.127 wiz 2128: .It Sy "Socket Type" Sy Variable Type Ta Sy Changeable
1.126 christos 2129: .It dgram pcblist struct no
2130: .It dgram recvspace integer yes
2131: .It dgram sendspace integer yes
2132: .It seqpacket pcblist struct no
2133: .It stream pcblist struct no
2134: .It stream recvspace integer yes
2135: .It stream sendspace integer yes
2136: .El
2137: The variables are as follows:
2138: .Bl -tag -width "123456"
2139: .It Li dgram.pcblist
2140: The Protocol Control Block list structure for datagram sockets.
2141: Parsed by
1.133 wiz 2142: .Xr netstat 1
1.126 christos 2143: or
1.133 wiz 2144: .Xr sockstat 1 .
1.126 christos 2145: .It Li dgram.recvspace
2146: The default datagram receive buffer size.
2147: .It Li dgram.sendspace
2148: The default datagram send buffer size.
2149: .It Li seqpacket.pcblist
2150: The Protocol Control Block list structure for Sequential Packet sockets.
2151: Parsed by
1.133 wiz 2152: .Xr netstat 1
1.126 christos 2153: or
1.133 wiz 2154: .Xr sockstat 1 .
1.126 christos 2155: .It Li stream.pcblist
2156: The Protocol Control Block list structure for stream sockets.
2157: Parsed by
1.133 wiz 2158: .Xr netstat 1
1.126 christos 2159: or
1.133 wiz 2160: .Xr sockstat 1 .
1.126 christos 2161: .It Li stream.recvspace
2162: The default stream receive buffer size.
2163: .It Li stream.sendspace
2164: The default stream send buffer size.
2165: .El
1.1 pavel 2166: .El
1.50 jruoho 2167: .Ss The proc.* subtree
1.1 pavel 2168: The string and integer information available for the
2169: .Li proc
2170: level is detailed below.
2171: The changeable column shows whether a process with appropriate
2172: privilege may change the value.
2173: These values are per-process,
2174: and as such may change from one process to another.
2175: When a process is created,
2176: the default values are inherited from its parent.
2177: When a set-user-ID or set-group-ID binary is executed, the
2178: value of PROC_PID_CORENAME is reset to the system default value.
2179: The second level name is either the magic value PROC_CURPROC, which
2180: points to the current process, or the PID of the target process.
1.21 joerg 2181: .Bl -column "proc.pid.corename" "string" "not applicable" -offset indent
1.107 wiz 2182: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.1 pavel 2183: .It proc.pid.corename string yes
2184: .It proc.pid.rlimit node not applicable
2185: .It proc.pid.stopfork int yes
2186: .It proc.pid.stopexec int yes
2187: .It proc.pid.stopexit int yes
1.111 pgoyette 2188: .It proc.pid.paxflags int no
1.1 pavel 2189: .El
2190: .Bl -tag -width "123456"
1.91 kamil 2191: .It Li proc.pid.corename ( Dv PROC_PID_CORENAME )
1.1 pavel 2192: The template used for the core dump file name (see
2193: .Xr core 5
2194: for details).
2195: The base name must either be
1.56 uwe 2196: .Pa core
2197: or end with the suffix
2198: .Pa .core
2199: (the super-user may set arbitrary names).
2200: By default it points to
2201: .Dv KERN_DEFCORENAME .
1.91 kamil 2202: .It Li proc.pid.rlimit ( Dv PROC_PID_LIMIT )
1.1 pavel 2203: Return resources limits, as defined for the
2204: .Xr getrlimit 2
2205: and
2206: .Xr setrlimit 2
2207: system calls.
2208: The fourth level name is one of:
1.56 uwe 2209: .Bl -tag -width "123456"
1.91 kamil 2210: .It Li proc.pid.rlimit.cputime ( Dv PROC_PID_LIMIT_CPU )
1.1 pavel 2211: The maximum amount of CPU time (in seconds) to be used by each process.
1.91 kamil 2212: .It Li proc.pid.rlimit.filesize ( Dv PROC_PID_LIMIT_FSIZE )
1.1 pavel 2213: The largest size (in bytes) file that may be created.
1.91 kamil 2214: .It Li proc.pid.rlimit.datasize ( Dv PROC_PID_LIMIT_DATA )
1.1 pavel 2215: The maximum size (in bytes) of the data segment for a process;
2216: this defines how far a program may extend its break with the
2217: .Xr sbrk 2
2218: system call.
1.91 kamil 2219: .It Li proc.pid.rlimit.stacksize ( Dv PROC_PID_LIMIT_STACK )
1.1 pavel 2220: The maximum size (in bytes) of the stack segment for a process;
2221: this defines how far a program's stack segment may be extended.
2222: Stack extension is performed automatically by the system.
1.91 kamil 2223: .It Li proc.pid.rlimit.coredumpsize ( Dv PROC_PID_LIMIT_CORE )
1.1 pavel 2224: The largest size (in bytes)
2225: .Pa core
2226: file that may be created.
1.91 kamil 2227: .It Li proc.pid.rlimit.memoryuse ( Dv PROC_PID_LIMIT_RSS )
1.1 pavel 2228: The maximum size (in bytes) to which a process's resident set size may
2229: grow.
2230: This imposes a limit on the amount of physical memory to be given to
2231: a process; if memory is tight, the system will prefer to take memory
2232: from processes that are exceeding their declared resident set size.
1.91 kamil 2233: .It Li proc.pid.rlimit.memorylocked ( Dv PROC_PID_LIMIT_MEMLOCK )
1.1 pavel 2234: The maximum size (in bytes) which a process may lock into memory
2235: using the
2236: .Xr mlock 2
2237: function.
1.91 kamil 2238: .It Li proc.pid.rlimit.maxproc ( Dv PROC_PID_LIMIT_NPROC )
1.1 pavel 2239: The maximum number of simultaneous processes for this user id.
1.91 kamil 2240: .It Li proc.pid.rlimit.descriptors ( Dv PROC_PID_LIMIT_NOFILE )
1.1 pavel 2241: The maximum number of open files for this process.
1.91 kamil 2242: .It Li proc.pid.rlimit.sbsize ( Dv PROC_PID_LIMIT_SBSIZE )
1.22 snj 2243: The maximum size (in bytes) of the socket buffers
2244: set by the
2245: .Xr setsockopt 2
2246: .Dv SO_RCVBUF
2247: and
2248: .Dv SO_SNDBUF
2249: options.
1.91 kamil 2250: .It Li proc.pid.rlimit.vmemoryuse ( Dv PROC_PID_LIMIT_AS )
1.88 kamil 2251: The maximum size (in bytes) which a process can obtain.
1.91 kamil 2252: .It Li proc.pid.rlimit.maxlwp ( Dv PROC_PID_LIMIT_NTHR )
1.88 kamil 2253: The maximum number of threads that cen be created and running at one time in
2254: the process.
2255: The first thread of each process is not counted against this.
1.1 pavel 2256: .El
2257: .Pp
2258: The fifth level name is one of
1.91 kamil 2259: .Li soft ( Dv PROC_PID_LIMIT_TYPE_SOFT )
1.56 uwe 2260: or
1.91 kamil 2261: .Li hard ( Dv PROC_PID_LIMIT_TYPE_HARD ) ,
1.1 pavel 2262: to select respectively the soft or hard limit.
2263: Both are of type integer.
1.91 kamil 2264: .It Li proc.pid.stopfork ( Dv PROC_PID_STOPFORK )
1.1 pavel 2265: If non zero, the process' children will be stopped after
2266: .Xr fork 2
2267: calls.
1.112 pgoyette 2268: The children are created in the SSTOP state and are never scheduled
1.1 pavel 2269: for running before being stopped.
1.113 pgoyette 2270: This feature enables attaching to a process with a debugger such as
1.1 pavel 2271: .Xr gdb 1
1.113 pgoyette 2272: before the process has the opportunity to actually do anything.
1.1 pavel 2273: .Pp
2274: This value is inherited by the process's children, and it also
1.112 pgoyette 2275: applies to emulation specific system calls that fork a new process, such as
1.1 pavel 2276: .Fn sproc
2277: or
2278: .Fn clone .
1.91 kamil 2279: .It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC )
1.112 pgoyette 2280: If non zero, the process will be stopped on the next
1.1 pavel 2281: .Xr exec 3
2282: call.
2283: The process created by
2284: .Xr exec 3
2285: is created in the SSTOP state and is never scheduled for running
2286: before being stopped.
1.112 pgoyette 2287: This feature enables attaching to a process with a debugger such as
1.1 pavel 2288: .Xr gdb 1
1.113 pgoyette 2289: before the process has the opportunity to actually do anything.
1.1 pavel 2290: .Pp
2291: This value is inherited by the process's children.
1.91 kamil 2292: .It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT )
1.112 pgoyette 2293: If non zero, the process will be stopped when it has cause to exit,
1.1 pavel 2294: either by way of calling
2295: .Xr exit 3 ,
2296: .Xr _exit 2 ,
2297: or by the receipt of a specific signal.
2298: The process is stopped before any of its resources or vm space is
1.112 pgoyette 2299: released allowing examination of the termination state of the process
1.1 pavel 2300: before it disappears.
2301: This feature can be used to examine the final conditions of the
2302: process's vmspace via
2303: .Xr pmap 1
2304: or its resource settings with
2305: .Xr sysctl 8
2306: before it disappears.
2307: .Pp
2308: This value is also inherited by the process's children.
1.111 pgoyette 2309: .It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS )
2310: This read-only variable returns the current value of the process's pax
2311: flags (see
2312: .Xr paxctl 8 ) .
1.1 pavel 2313: .El
1.91 kamil 2314: .Ss The user.* subtree ( Dv CTL_USER )
1.1 pavel 2315: The string and integer information available for the
2316: .Li user
2317: level is detailed below.
2318: The changeable column shows whether a process with appropriate
2319: privilege may change the value.
1.21 joerg 2320: .Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent
1.107 wiz 2321: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.1 pavel 2322: .It user.atexit_max integer no
2323: .It user.bc_base_max integer no
2324: .It user.bc_dim_max integer no
2325: .It user.bc_scale_max integer no
2326: .It user.bc_string_max integer no
2327: .It user.coll_weights_max integer no
2328: .It user.cs_path string no
2329: .It user.expr_nest_max integer no
2330: .It user.line_max integer no
2331: .It user.posix2_c_bind integer no
2332: .It user.posix2_c_dev integer no
2333: .It user.posix2_char_term integer no
2334: .It user.posix2_fort_dev integer no
2335: .It user.posix2_fort_run integer no
2336: .It user.posix2_localedef integer no
2337: .It user.posix2_sw_dev integer no
2338: .It user.posix2_upe integer no
2339: .It user.posix2_version integer no
2340: .It user.re_dup_max integer no
2341: .It user.stream_max integer no
2342: .It user.stream_max integer no
2343: .It user.tzname_max integer no
2344: .El
2345: .Bl -tag -width "123456"
1.91 kamil 2346: .It Li user.atexit_max ( Dv USER_ATEXIT_MAX )
1.1 pavel 2347: The maximum number of functions that may be registered with
2348: .Xr atexit 3 .
1.91 kamil 2349: .It Li user.bc_base_max ( Dv USER_BC_BASE_MAX )
1.1 pavel 2350: The maximum ibase/obase values in the
2351: .Xr bc 1
2352: utility.
1.91 kamil 2353: .It Li user.bc_dim_max ( Dv USER_BC_DIM_MAX )
1.1 pavel 2354: The maximum array size in the
2355: .Xr bc 1
2356: utility.
1.91 kamil 2357: .It Li user.bc_scale_max ( Dv USER_BC_SCALE_MAX )
1.1 pavel 2358: The maximum scale value in the
2359: .Xr bc 1
2360: utility.
1.91 kamil 2361: .It Li user.bc_string_max ( Dv USER_BC_STRING_MAX )
1.1 pavel 2362: The maximum string length in the
2363: .Xr bc 1
2364: utility.
1.91 kamil 2365: .It Li user.coll_weights_max ( Dv USER_COLL_WEIGHTS_MAX )
1.1 pavel 2366: The maximum number of weights that can be assigned to any entry of
2367: the LC_COLLATE order keyword in the locale definition file.
2368: .It Li user.cs_path ( USER_CS_PATH )
2369: Return a value for the
2370: .Ev PATH
2371: environment variable that finds all the standard utilities.
1.91 kamil 2372: .It Li user.expr_nest_max ( Dv USER_EXPR_NEST_MAX )
1.1 pavel 2373: The maximum number of expressions that can be nested within
2374: parenthesis by the
2375: .Xr expr 1
2376: utility.
1.91 kamil 2377: .It Li user.line_max ( Dv USER_LINE_MAX )
1.1 pavel 2378: The maximum length in bytes of a text-processing utility's input
2379: line.
1.91 kamil 2380: .It Li user.posix2_char_term ( Dv USER_POSIX2_CHAR_TERM )
1.1 pavel 2381: Return 1 if the system supports at least one terminal type capable of
1.58 wiz 2382: all operations described in
2383: .St -p1003.2 ,
2384: otherwise\ 0.
1.91 kamil 2385: .It Li user.posix2_c_bind ( Dv USER_POSIX2_C_BIND )
1.1 pavel 2386: Return 1 if the system's C-language development facilities support the
1.56 uwe 2387: C-Language Bindings Option, otherwise\ 0.
1.91 kamil 2388: .It Li user.posix2_c_dev ( Dv USER_POSIX2_C_DEV )
1.1 pavel 2389: Return 1 if the system supports the C-Language Development Utilities Option,
1.56 uwe 2390: otherwise\ 0.
1.91 kamil 2391: .It Li user.posix2_fort_dev ( Dv USER_POSIX2_FORT_DEV )
1.1 pavel 2392: Return 1 if the system supports the FORTRAN Development Utilities Option,
1.56 uwe 2393: otherwise\ 0.
1.91 kamil 2394: .It Li user.posix2_fort_run ( Dv USER_POSIX2_FORT_RUN )
1.1 pavel 2395: Return 1 if the system supports the FORTRAN Runtime Utilities Option,
1.56 uwe 2396: otherwise\ 0.
1.91 kamil 2397: .It Li user.posix2_localedef ( Dv USER_POSIX2_LOCALEDEF )
1.56 uwe 2398: Return 1 if the system supports the creation of locales, otherwise\ 0.
1.91 kamil 2399: .It Li user.posix2_sw_dev ( Dv USER_POSIX2_SW_DEV )
1.1 pavel 2400: Return 1 if the system supports the Software Development Utilities Option,
1.56 uwe 2401: otherwise\ 0.
1.91 kamil 2402: .It Li user.posix2_upe ( Dv USER_POSIX2_UPE )
1.1 pavel 2403: Return 1 if the system supports the User Portability Utilities Option,
1.56 uwe 2404: otherwise\ 0.
1.91 kamil 2405: .It Li user.posix2_version ( Dv USER_POSIX2_VERSION )
1.58 wiz 2406: The version of
2407: .St -p1003.2
2408: with which the system attempts to comply.
1.91 kamil 2409: .It Li user.re_dup_max ( Dv USER_RE_DUP_MAX )
1.1 pavel 2410: The maximum number of repeated occurrences of a regular expression
2411: permitted when using interval notation.
1.91 kamil 2412: .It Li user.stream_max ( Dv USER_STREAM_MAX )
1.1 pavel 2413: The minimum maximum number of streams that a process may have open
2414: at any one time.
1.91 kamil 2415: .It Li user.tzname_max ( Dv USER_TZNAME_MAX )
1.1 pavel 2416: The minimum maximum number of types supported for the name of a
2417: timezone.
2418: .El
1.91 kamil 2419: .Ss The vm.* subtree ( Dv CTL_VM )
1.1 pavel 2420: The string and integer information available for the
2421: .Li vm
2422: level is detailed below.
2423: The changeable column shows whether a process with appropriate
2424: privilege may change the value.
1.21 joerg 2425: .Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent
1.107 wiz 2426: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.1 pavel 2427: .It vm.anonmax int yes
2428: .It vm.anonmin int yes
2429: .It vm.bufcache int yes
2430: .It vm.bufmem int no
2431: .It vm.bufmem_hiwater int yes
2432: .It vm.bufmem_lowater int yes
2433: .It vm.execmax int yes
2434: .It vm.execmin int yes
2435: .It vm.filemax int yes
2436: .It vm.filemin int yes
2437: .It vm.loadavg struct loadavg no
2438: .It vm.maxslp int no
2439: .It vm.nkmempages int no
2440: .It vm.uspace int no
2441: .It vm.uvmexp struct uvmexp no
2442: .It vm.uvmexp2 struct uvmexp_sysctl no
2443: .It vm.vmmeter struct vmtotal no
1.93 christos 2444: .It vm.proc.map struct kinfo_vmentry no
1.115 joerg 2445: .It vm.guard_size unsigned int no
2446: .It vm.thread_guard_size unsigned int yes
1.1 pavel 2447: .El
2448: .Bl -tag -width "123456"
1.91 kamil 2449: .It Li vm.anonmax ( Dv VM_ANONMAX )
1.1 pavel 2450: The percentage of physical memory which will be reclaimed
2451: from other types of memory usage to store anonymous application data.
1.91 kamil 2452: .It Li vm.anonmin ( Dv VM_ANONMIN )
1.1 pavel 2453: The percentage of physical memory which will be always be available for
2454: anonymous application data.
1.91 kamil 2455: .It Li vm.bufcache ( Dv VM_BUFCACHE )
1.1 pavel 2456: The percentage of physical memory which will be available
2457: for the buffer cache.
1.91 kamil 2458: .It Li vm.bufmem ( Dv VM_BUFMEM )
1.1 pavel 2459: The amount of kernel memory that is being used by the buffer cache.
1.91 kamil 2460: .It Li vm.bufmem_lowater ( Dv VM_BUFMEM_LOWATER )
1.1 pavel 2461: The minimum amount of kernel memory to reserve for the
2462: buffer cache.
1.91 kamil 2463: .It Li vm.bufmem_hiwater ( Dv VM_BUFMEM_HIWATER )
1.1 pavel 2464: The maximum amount of kernel memory to be used for the
2465: buffer cache.
1.91 kamil 2466: .It Li vm.execmax ( Dv VM_EXECMAX )
1.1 pavel 2467: The percentage of physical memory which will be reclaimed
2468: from other types of memory usage to store cached executable data.
1.91 kamil 2469: .It Li vm.execmin ( Dv VM_EXECMIN )
1.1 pavel 2470: The percentage of physical memory which will be always be available for
2471: cached executable data.
1.91 kamil 2472: .It Li vm.filemax ( Dv VM_FILEMAX )
1.1 pavel 2473: The percentage of physical memory which will be reclaimed
2474: from other types of memory usage to store cached file data.
1.91 kamil 2475: .It Li vm.filemin ( Dv VM_FILEMIN )
1.1 pavel 2476: The percentage of physical memory which will be always be available for
2477: cached file data.
1.91 kamil 2478: .It Li vm.loadavg ( Dv VM_LOADAVG )
1.1 pavel 2479: Return the load average history.
2480: The returned data consists of a
1.56 uwe 2481: .Vt struct loadavg .
1.91 kamil 2482: .It Li vm.maxslp ( Dv VM_MAXSLP )
1.1 pavel 2483: The value of the maxslp kernel global variable.
1.91 kamil 2484: .It Li vm.vmmeter ( Dv VM_METER )
1.1 pavel 2485: Return system wide virtual memory statistics.
2486: The returned data consists of a
1.56 uwe 2487: .Vt struct vmtotal .
1.31 drochner 2488: .It vm.user_va0_disable
1.56 uwe 2489: A flag which controls whether user processes can map virtual address\ 0.
1.93 christos 2490: .It Li vm.proc.map ( Dv VM_PROC )
1.94 wiz 2491: The third level is
1.116 wiz 2492: .Dv VM_PROC_MAP ,
1.93 christos 2493: the fourth is the pid of the process to display the vm object entries for, and
2494: the fifth is the size of
2495: .Vt struct kinfo_vmentry .
2496: Returns an array of
2497: .Vt struct kinfo_vmentry
2498: objects.
1.91 kamil 2499: .It Li vm.uspace ( Dv VM_USPACE )
1.1 pavel 2500: The number of bytes allocated for each kernel stack.
1.91 kamil 2501: .It Li vm.uvmexp ( Dv VM_UVMEXP )
1.1 pavel 2502: Return system wide virtual memory statistics.
2503: The returned data consists of a
1.56 uwe 2504: .Vt struct uvmexp .
1.91 kamil 2505: .It Li vm.uvmexp2 ( Dv VM_UVMEXP2 )
1.1 pavel 2506: Return system wide virtual memory statistics.
2507: The returned data consists of a
1.56 uwe 2508: .Vt struct uvmexp_sysctl .
1.115 joerg 2509: .It Li vm.guard_size
2510: Return system wide guard size for the main thread of a program.
2511: .It Li vm.thread_guard_size
2512: Return system wide default size for the guard area of all other threads
2513: of a program.
1.1 pavel 2514: .\" XXX vm.idlezero
2515: .El
1.91 kamil 2516: .Ss The ddb.* subtree ( Dv CTL_DDB )
1.34 jruoho 2517: The information available for the
1.1 pavel 2518: .Li ddb
2519: level is detailed below.
2520: The changeable column shows whether a process with appropriate
2521: privilege may change the value.
1.21 joerg 2522: .Bl -column "Second level name" "integer" "Changeable" -offset indent
1.107 wiz 2523: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.122 sevan 2524: .It ddb.commandonenter string yes
1.125 wiz 2525: .It ddb.dumpstack integer yes
1.122 sevan 2526: .It ddb.fromconsole integer yes
2527: .It ddb.lines integer yes
1.1 pavel 2528: .It ddb.maxoff integer yes
1.34 jruoho 2529: .It ddb.maxwidth integer yes
1.122 sevan 2530: .It ddb.onpanic integer yes
2531: .It ddb.panicstackframes integer yes
2532: .It ddb.radix integer yes
1.1 pavel 2533: .It ddb.tabstops integer yes
1.34 jruoho 2534: .It ddb.tee_msgbuf integer yes
1.1 pavel 2535: .El
2536: .Bl -tag -width "123456"
1.122 sevan 2537: .It Li ddb.commandonenter
1.124 sevan 2538: If not empty, the string is used as the DDB command to be executed each time
2539: DDB is entered.
1.123 sevan 2540: .It Li ddb.dumpstack
2541: A value of 1 causes a stack trace to be printed on entering ddb from a panic.
1.125 wiz 2542: A value of 0 disables this behaviour.
2543: The default value is 1.
1.122 sevan 2544: .It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE )
2545: If not zero, DDB may be entered by sending a break on a serial
2546: console or by a special key sequence on a graphics console.
2547: .It Li ddb.lines ( Dv DDBCTL_LINES )
2548: Number of display lines.
1.91 kamil 2549: .It Li ddb.maxoff ( Dv DDBCTL_MAXOFF )
1.1 pavel 2550: The maximum symbol offset.
1.91 kamil 2551: .It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH )
1.34 jruoho 2552: The maximum output line width.
1.91 kamil 2553: .It Li ddb.onpanic ( Dv DDBCTL_ONPANIC )
1.63 riz 2554: If greater than zero, DDB will be entered if the kernel panics.
1.123 sevan 2555: A value of 1 causes the system to enter DDB on panic.
1.63 riz 2556: A value of 0 causes the kernel to attempt to print a stack trace, then
1.64 wiz 2557: reboot, while a value of \-1 means neither a stack trace will be printed
1.63 riz 2558: nor DDB entered.
1.118 christos 2559: .It Li ddb.panicstackframes
2560: Number of stack frames to display on panic.
1.120 wiz 2561: Useful to avoid scrolling away the interesting frames on a glass tty.
1.118 christos 2562: Default value is
2563: .Dv 65535
2564: (all frames), useful value around
2565: .Dv 10 .
1.122 sevan 2566: .It Li ddb.radix ( Dv DDBCTL_RADIX )
2567: The input and output radix.
2568: .It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS )
2569: Tab width.
2570: .It Li ddb.tee_msgbuf
2571: If not zero, DDB will output also to the kernel message buffer.
1.1 pavel 2572: .El
2573: .Pp
1.119 wiz 2574: Some of these MIB
1.34 jruoho 2575: nodes are also available as variables from within the debugger.
1.1 pavel 2576: See
2577: .Xr ddb 4
2578: for more details.
1.91 kamil 2579: .Ss The security.* subtree ( Dv CTL_SECURITY )
1.1 pavel 2580: The
2581: .Li security
2582: level contains various security-related settings for
1.2 wiz 2583: the system.
1.43 jruoho 2584: The available second level names are:
2585: .Bl -column "Second level name" "integer" "Changeable" -offset indent
1.107 wiz 2586: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.43 jruoho 2587: .It Li security.curtain integer yes
2588: .It Li security.models node not applicable
2589: .It Li security.pax node not applicable
2590: .El
2591: .Pp
1.2 wiz 2592: Available settings are detailed below.
1.1 pavel 2593: .Bl -tag -width "123456"
2594: .It Li security.curtain
1.119 wiz 2595: If non-zero, will filter return objects according to the user ID
1.95 pgoyette 2596: requesting information about them, preventing users from
2597: accessing any objects they do not own.
1.1 pavel 2598: .Pp
2599: At the moment, it affects
2600: .Xr ps 1 ,
2601: .Xr netstat 1
2602: (for
2603: .Dv PF_INET ,
2604: .Dv PF_INET6 ,
2605: and
2606: .Dv PF_UNIX
2607: PCBs), and
2608: .Xr w 1 .
1.4 elad 2609: .It Li security.models
2610: .Nx
2611: supports pluggable security models.
1.17 ad 2612: Every security model used, whether if loaded as a module or built with the system,
1.4 elad 2613: is required to add an entry to this node with at least one element,
2614: .Dq name ,
2615: indicating the name of the security model.
2616: .Pp
2617: In addition to the name, any settings and other information private to the
2618: security model will be available under this node.
2619: See
2620: .Xr secmodel 9
2621: for more information.
1.1 pavel 2622: .It Li security.pax
1.133 wiz 2623: Settings for PaX \(em exploit mitigation features.
1.4 elad 2624: For more information on any of the PaX features, please see
2625: .Xr paxctl 8
2626: and
1.62 jruoho 2627: .Xr security 7 .
1.43 jruoho 2628: The available third and fourth level names are:
2629: .Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \
2630: -offset 2n
2631: .It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable
2632: .It Li security.pax.aslr.enabled integer yes
2633: .\".It Li security.pax.aslr.exec_len integer yes
2634: .It Li security.pax.aslr.global integer yes
2635: .\".It Li security.pax.aslr.mmap_len integer yes
2636: .\".It Li security.pax.aslr.stack_len integer yes
2637: .It Li security.pax.mprotect.enabled integer yes
2638: .It Li security.pax.mprotect.global integer yes
1.100 christos 2639: .It Li security.pax.mprotect.ptrace integer yes
1.43 jruoho 2640: .It Li security.pax.segvguard.enabled integer yes
2641: .It Li security.pax.segvguard.expiry_timeout integer yes
2642: .It Li security.pax.segvguard.global integer yes
2643: .It Li security.pax.segvguard.max_crashes integer yes
2644: .It Li security.pax.segvguard.suspend_timeout integer yes
2645: .El
1.1 pavel 2646: .Bl -tag -width "123456"
1.43 jruoho 2647: .It Li security.pax.aslr.enabled
1.14 elad 2648: Enable PaX ASLR (Address Space Layout Randomization).
2649: .Pp
2650: The value of this
2651: knob must be non-zero for PaX ASLR to be enabled, even if a program is set to
2652: explicit enable.
1.43 jruoho 2653: .\".It Li security.pax.aslr.exec_len
2654: .\" XXX: Undocumented.
1.14 elad 2655: .It Li security.pax.aslr.global
2656: Specifies the default global policy for programs without an
2657: explicit enable/disable flag.
2658: .Pp
2659: When non-zero, all programs will get PaX ASLR, except those exempted with
1.69 wiz 2660: .Xr paxctl 8 .
1.14 elad 2661: Otherwise, all programs will not get PaX ASLR, except those specifically
2662: marked as such with
2663: .Xr paxctl 8 .
1.43 jruoho 2664: .\".It Li security.pax.aslr.mmap_len
2665: .\" XXX: Undocumented.
2666: .\" .It Li security.pax.aslr.stack_len
2667: .\" XXX: Undocumented.
2668: .It Li security.pax.mprotect.enabled
1.1 pavel 2669: Enable PaX MPROTECT restrictions.
2670: .Pp
2671: These are
2672: .Xr mprotect 2
1.2 wiz 2673: restrictions to better enforce a W^X policy.
2674: The value of this
1.1 pavel 2675: knob must be non-zero for PaX MPROTECT to be enabled, even if a
2676: program is set to explicit enable.
2677: .It Li security.pax.mprotect.global
2678: Specifies the default global policy for programs without an
2679: explicit enable/disable flag.
2680: .Pp
2681: When non-zero, all programs will get the PaX MPROTECT restrictions,
2682: except those exempted with
1.69 wiz 2683: .Xr paxctl 8 .
1.1 pavel 2684: Otherwise, all programs will not get the PaX MPROTECT restrictions,
2685: except those specifically marked as such with
1.4 elad 2686: .Xr paxctl 8 .
1.100 christos 2687: .It Li security.pax.mprotect.ptrace
2688: This variable allows
2689: .Xr ptrace 2
2690: to override PaX MPROTECT permissions.
2691: It can have the following values:
2692: .Bl -tag -width XX -compact
2693: .It 0
2694: Does not let override any permissions.
2695: .It 1
2696: Disables PaX MPROTECT from processes that start executing while traced (default).
2697: .It 2
2698: Bypasses PaX MPROTECT for all processes being traced.
2699: .El
1.43 jruoho 2700: .It Li security.pax.segvguard.enabled
1.1 pavel 2701: Enable PaX Segvguard.
2702: .Pp
2703: PaX Segvguard can detect and prevent certain exploitation attempts, where
2704: an attacker may try for example to brute-force function return addresses
2705: of respawning daemons.
2706: .Pp
2707: .Em Note :
2708: The
2709: .Nx
2710: interface and implementation of the Segvguard is still experimental, and may
2711: change in future releases.
1.43 jruoho 2712: .It Li security.pax.segvguard.expiry_timeout
2713: If the max number was not reached within this timeout (in seconds), the entry
2714: will expire.
1.1 pavel 2715: .It Li security.pax.segvguard.global
2716: Specifies the default global policy for programs without an
2717: explicit enable/disable flag.
2718: .Pp
2719: When non-zero, all programs will get the PaX Segvguard,
2720: except those exempted with
1.69 wiz 2721: .Xr paxctl 8 .
1.2 wiz 2722: Otherwise, no program will get the PaX Segvguard restrictions,
1.1 pavel 2723: except those specifically marked as such with
1.4 elad 2724: .Xr paxctl 8 .
1.43 jruoho 2725: .It Li security.pax.segvguard.max_crashes
2726: The maximum number of segfaults a program can receive before suspension.
1.1 pavel 2727: .It Li security.pax.segvguard.suspend_timeout
2728: Number of seconds to suspend a user from running a faulting program when the
2729: limit was exceeded.
2730: .El
2731: .El
1.91 kamil 2732: .Ss The vendor.* subtree ( Dv CTL_VENDOR )
1.1 pavel 2733: The
2734: .Li vendor
2735: toplevel name is reserved to be used by vendors who wish to
2736: have their own private MIB tree.
2737: Intended use is to store values under
1.114 wiz 2738: .Dq vendor.<yourname>.* .
1.1 pavel 2739: .Sh SEE ALSO
2740: .Xr sysctl 3 ,
2741: .Xr ipsec 4 ,
2742: .Xr tcp 4 ,
1.62 jruoho 2743: .Xr security 7 ,
1.1 pavel 2744: .Xr sysctl 8
2745: .Sh HISTORY
2746: The
2747: .Nm
2748: variables first appeared in
2749: .Bx 4.4 .
CVSweb <webmaster@jp.NetBSD.org>