[BACK]Return to sysctl.7 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / share / man / man7

Annotation of src/share/man/man7/sysctl.7, Revision 1.141

1.141   ! jdolecek    1: .\"    $NetBSD: sysctl.7,v 1.140 2019/08/05 22:03:10 maya Exp $
1.1       pavel       2: .\"
                      3: .\" Copyright (c) 1993
                      4: .\"    The Regents of the University of California.  All rights reserved.
                      5: .\"
                      6: .\" Redistribution and use in source and binary forms, with or without
                      7: .\" modification, are permitted provided that the following conditions
                      8: .\" are met:
                      9: .\" 1. Redistributions of source code must retain the above copyright
                     10: .\"    notice, this list of conditions and the following disclaimer.
                     11: .\" 2. Redistributions in binary form must reproduce the above copyright
                     12: .\"    notice, this list of conditions and the following disclaimer in the
                     13: .\"    documentation and/or other materials provided with the distribution.
                     14: .\" 3. Neither the name of the University nor the names of its contributors
                     15: .\"    may be used to endorse or promote products derived from this software
                     16: .\"    without specific prior written permission.
                     17: .\"
                     18: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
                     19: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
                     20: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
                     21: .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
                     22: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
                     23: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
                     24: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
                     25: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
                     26: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
                     27: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
                     28: .\" SUCH DAMAGE.
                     29: .\"
                     30: .\"    @(#)sysctl.3    8.4 (Berkeley) 5/9/95
                     31: .\"
1.141   ! jdolecek   32: .Dd November 14, 2019
1.1       pavel      33: .Dt SYSCTL 7
                     34: .Os
                     35: .Sh NAME
                     36: .Nm sysctl
                     37: .Nd system information variables
                     38: .Sh DESCRIPTION
                     39: The
                     40: .Xr sysctl 3
                     41: library function and the
                     42: .Xr sysctl 8
                     43: utility are used to get and set values of system variables, maintained
                     44: by the kernel.
                     45: The variables are organized in a tree and identified by a sequence of
                     46: numbers, conventionally separated by dots with the topmost identifier
                     47: at the left side.
                     48: The numbers have corresponding text names.
                     49: The
                     50: .Xr sysctlnametomib 3
                     51: function or the
                     52: .Fl M
                     53: argument to the
                     54: .Xr sysctl 8
                     55: utility can be used to convert the text representation to the
                     56: numeric one.
                     57: .Pp
                     58: The individual sysctl variables are described below, both the textual
                     59: and numeric form where applicable.
                     60: The textual names can be used as argument to the
                     61: .Xr sysctl 8
                     62: utility and in the file
                     63: .Pa /etc/sysctl.conf .
                     64: The numeric names are usually defined as preprocessor constants and
                     65: are intended for use by programs.
                     66: Every such constant expands to one integer, which identifies the
                     67: sysctl variable relative to the upper level of the tree.
                     68: See the
                     69: .Xr sysctl 3
                     70: manual page for programming examples.
1.50      jruoho     71: .Ss Top level names
1.56      uwe        72: The top level names are defined with a
                     73: .Va CTL_
                     74: prefix in
1.33      joerg      75: .In sys/sysctl.h ,
1.1       pavel      76: and are as follows.
                     77: The next and subsequent levels down are found in the include files
                     78: listed here, and described in separate sections below.
1.56      uwe        79: .Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits"
                     80: .It Sy Name  Ta Sy Constant     Ta Sy Next level names Ta Sy Description
                     81: .It kern     Ta Dv CTL_KERN     Ta In sys/sysctl.h     Ta High kernel limits
                     82: .It vm       Ta Dv CTL_VM       Ta In uvm/uvm_param.h  Ta Virtual memory
                     83: .It vfs      Ta Dv CTL_VFS      Ta In sys/mount.h      Ta Filesystem
                     84: .It net      Ta Dv CTL_NET      Ta In sys/socket.h     Ta Networking
                     85: .It debug    Ta Dv CTL_DEBUG    Ta In sys/sysctl.h     Ta Debugging
                     86: .It hw       Ta Dv CTL_HW       Ta In sys/sysctl.h     Ta Generic CPU, I/O
                     87: .It machdep  Ta Dv CTL_MACHDEP  Ta In sys/sysctl.h     Ta Machine dependent
                     88: .It user     Ta Dv CTL_USER     Ta In sys/sysctl.h     Ta User-level
                     89: .It ddb      Ta Dv CTL_DDB      Ta In sys/sysctl.h     Ta In-kernel debugger
                     90: .It proc     Ta Dv CTL_PROC     Ta In sys/sysctl.h     Ta Per-process
                     91: .It vendor   Ta Dv CTL_VENDOR   Ta ?                   Ta Vendor specific
                     92: .It emul     Ta Dv CTL_EMUL     Ta In sys/sysctl.h     Ta Emulation settings
                     93: .It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h     Ta Security settings
1.1       pavel      94: .El
1.50      jruoho     95: .Ss The debug.* subtree
1.1       pavel      96: The debugging variables vary from system to system.
                     97: A debugging variable may be added or deleted without need to recompile
                     98: .Nm
                     99: to know about it.
                    100: Each time it runs,
                    101: .Nm
                    102: gets the list of debugging variables from the kernel and
                    103: displays their current values.
                    104: The system defines twenty
1.56      uwe       105: .Vt ( struct ctldebug )
1.1       pavel     106: variables named
                    107: .Dv debug0
                    108: through
                    109: .Dv debug19 .
                    110: They are declared as separate variables so that they can be
                    111: individually initialized at the location of their associated variable.
                    112: The loader prevents multiple use of the same variable by issuing errors
                    113: if a variable is initialized in more than one place.
                    114: For example, to export the variable
1.56      uwe       115: .Va dospecialcheck
1.1       pavel     116: as a debugging variable, the following declaration would be used:
1.43      jruoho    117: .Pp
1.1       pavel     118: .Bd -literal -offset indent -compact
                    119: int dospecialcheck = 1;
1.114     wiz       120: struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck };
1.1       pavel     121: .Ed
                    122: .Pp
                    123: Note that the dynamic implementation of
                    124: .Nm
                    125: currently in use largely makes this particular
                    126: .Nm
                    127: interface obsolete.
                    128: See
                    129: .Xr sysctl 8
                    130: .\" and
                    131: .\" .Xr sysctl 9
                    132: for more information.
1.50      jruoho    133: .Ss The vfs.* subtree
1.1       pavel     134: A distinguished second level name,
1.91      kamil     135: .Li vfs.generic ( Dv VFS_GENERIC ) ,
1.57      wiz       136: is used to get general information about all file systems.
1.26      elad      137: It has the following third level identifiers:
1.56      uwe       138: .Bl -tag -width "123456"
1.91      kamil     139: .It Li vfs.generic.maxtypenum ( Dv VFS_MAXTYPENUM )
1.57      wiz       140: The highest valid file system type number.
1.91      kamil     141: .It Li vfs.generic.conf ( Dv VFS_CONF )
1.57      wiz       142: Returns configuration information about the file system type given as a fourth
1.26      elad      143: level identifier.
1.91      kamil     144: .It Li vfs.generic.usermount ( Dv VFS_USERMOUNT )
1.68      jym       145: Determines if non superuser mounts are allowed, defaults to
1.59      christos  146: .Dv 0 .
1.91      kamil     147: .It Li vfs.generic.magiclinks ( Dv VFS_MAGICLINKS )
1.59      christos  148: Controls if expansion of variables is going to be performed on pathnames
                    149: or not.
                    150: Defaults to no variable expansion,
                    151: .Dv 0 .
                    152: Variables are of the form
                    153: .Li @name
1.60      christos  154: and the variables supported are described in
                    155: .Xr symlink 7
                    156: under
                    157: .Dq "MAGIC SYMLINKS" .
1.26      elad      158: .El
                    159: .Pp
1.54      christos  160: A second level name for controlling the
                    161: .Xr wapbl 4
                    162: (Write Ahead Physical Block Logging file system journalling)
                    163: capabilities with the following third level identifiers:
1.56      uwe       164: .Bl -tag -width "123456"
                    165: .It Li vfs.wapbl.flush_disk_cache
1.55      wiz       166: Controls whether to attempt to flush the disk cache on each commit.
1.77      apb       167: It defaults to 1 and it should always be on to ensure integrity
                    168: of file system metadata in the event of a power loss.
1.54      christos  169: For slow disks, turning it off can improve performance.
1.56      uwe       170: .It Li vfs.wapbl.verbose_commit
1.55      wiz       171: For each transaction log commit, print the number of bytes written
                    172: and the time it took to commit as seconds.nanoseconds.
1.54      christos  173: .El
                    174: .Pp
1.57      wiz       175: The remaining second level identifiers are the file system names, identified
1.26      elad      176: by the type number returned by a
1.1       pavel     177: .Xr statvfs 2
                    178: call or from
1.27      wiz       179: .Li vfs.generic.conf .
1.56      uwe       180: .Pp
1.57      wiz       181: The third level identifiers available for each file system
1.1       pavel     182: are given in the header file that defines the mount
1.57      wiz       183: argument structure for that file system.
1.50      jruoho    184: .Ss The hw.* subtree
1.1       pavel     185: The string and integer information available for the
                    186: .Li hw
                    187: level is detailed below.
                    188: The changeable column shows whether a process with appropriate
                    189: privilege may change the value.
1.37      jruoho    190: .Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent
1.107     wiz       191: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.1       pavel     192: .It hw.alignbytes      integer no
                    193: .It hw.byteorder       integer no
                    194: .It hw.cnmagic string  yes
                    195: .It hw.disknames       string  no
                    196: .It hw.diskstats       struct  no
                    197: .It hw.machine string  no
                    198: .It hw.machine_arch    string  no
                    199: .It hw.model   string  no
                    200: .It hw.ncpu    integer no
1.84      njoly     201: .It hw.ncpuonline      integer no
1.1       pavel     202: .It hw.pagesize        integer no
                    203: .It hw.physmem integer no
                    204: .It hw.physmem64       quad    no
                    205: .It hw.usermem integer no
                    206: .It hw.usermem64       quad    no
                    207: .El
                    208: .Bl -tag -width "123456"
1.91      kamil     209: .It Li hw.alignbytes ( Dv HW_ALIGNBYTES )
1.1       pavel     210: Alignment constraint for all possible data types.
                    211: This shows the value
                    212: .Dv ALIGNBYTES
                    213: in
1.56      uwe       214: .In machine/param.h ,
1.1       pavel     215: at the kernel compilation time.
1.91      kamil     216: .It Li hw.byteorder ( Dv HW_BYTEORDER )
1.56      uwe       217: The byteorder (4321, or 1234).
1.91      kamil     218: .It Li hw.cnmagic ( Dv HW_CNMAGIC )
1.1       pavel     219: The console magic key sequence.
1.91      kamil     220: .It Li hw.disknames ( Dv HW_DISKNAMES )
1.1       pavel     221: The list of (space separated) disk device names on the system.
1.91      kamil     222: .It Li hw.iostatnames ( Dv HW_IOSTATNAMES )
1.1       pavel     223: A space separated list of devices that will have I/O statistics
                    224: collected on them.
1.91      kamil     225: .It Li hw.iostats ( Dv HW_IOSTATS )
1.1       pavel     226: Return statistical information on the NFS mounts, disk and tape
                    227: devices on the system.
                    228: An array of
1.56      uwe       229: .Vt struct io_sysctl
1.1       pavel     230: structures is returned,
                    231: whose size depends on the current number of such objects in the system.
                    232: The third level name is the size of the
1.56      uwe       233: .Vt struct io_sysctl .
1.1       pavel     234: The type of object can be determined by examining the
                    235: .Va type
                    236: element of
1.56      uwe       237: .Vt struct io_sysctl .
1.1       pavel     238: Which can be
                    239: .Dv IOSTAT_DISK
                    240: (disk drive),
                    241: .Dv IOSTAT_TAPE
                    242: (tape drive), or
                    243: .Dv IOSTAT_NFS
                    244: (NFS mount).
1.91      kamil     245: .It Li hw.machine ( Dv HW_MACHINE )
1.1       pavel     246: The machine class.
1.91      kamil     247: .It Li hw.machine_arch ( Dv HW_MACHINE_ARCH )
1.1       pavel     248: The machine CPU class.
1.91      kamil     249: .It Li hw.model ( Dv HW_MODEL )
1.1       pavel     250: The machine model.
1.91      kamil     251: .It Li hw.ncpu ( Dv HW_NCPU )
1.84      njoly     252: The number of CPUs configured.
1.91      kamil     253: .It Li hw.ncpuonline ( Dv HW_NCPUONLINE )
1.84      njoly     254: The number of CPUs online.
1.91      kamil     255: .It Li hw.pagesize ( Dv HW_PAGESIZE )
1.1       pavel     256: The software page size.
1.91      kamil     257: .It Li hw.physmem ( Dv HW_PHYSMEM )
1.1       pavel     258: The bytes of physical memory as a 32-bit integer.
1.91      kamil     259: .It Li hw.physmem64 ( Dv HW_PHYSMEM64 )
1.1       pavel     260: The bytes of physical memory as a 64-bit integer.
1.91      kamil     261: .It Li hw.usermem ( Dv HW_USERMEM )
1.1       pavel     262: The bytes of non-kernel memory as a 32-bit integer.
1.91      kamil     263: .It Li hw.usermem64 ( Dv HW_USERMEM64 )
1.1       pavel     264: The bytes of non-kernel memory as a 64-bit integer.
                    265: .El
1.50      jruoho    266: .Ss The kern.* subtree
1.43      jruoho    267: This subtree includes data generally related to the kernel.
1.1       pavel     268: The string and integer information available for the
                    269: .Li kern
                    270: level is detailed below.
                    271: The changeable column shows whether a process with appropriate
                    272: privilege may change the value.
1.43      jruoho    273: .Bl -column "kern.posix_reader_writer_locks" \
                    274: "struct kinfo_drivers" "not applicable"
1.107     wiz       275: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.51      jruoho    276: .It kern.aio_listio_max        integer yes
                    277: .It kern.aio_max       integer yes
1.44      jruoho    278: .It kern.arandom       integer no
1.1       pavel     279: .It kern.argmax        integer no
1.39      jruoho    280: .It kern.boothowto     integer no
1.134     kre       281: .It kern.boottime      struct timespec no
1.85      apb       282: .It kern.buildinfo     string  no
1.39      jruoho    283: .\".It kern.bufq       node    not applicable
1.1       pavel     284: .It kern.ccpu  integer no
                    285: .It kern.clockrate     struct clockinfo        no
                    286: .It kern.consdev       integer no
1.39      jruoho    287: .It kern.coredump      node    not applicable
1.21      joerg     288: .It kern.cp_id struct  no
                    289: .It kern.cp_time       uint64_t[\|]    no
1.46      jruoho    290: .It kern.cryptodevallowsoft    integer yes
1.1       pavel     291: .It kern.defcorename   string  yes
1.38      jruoho    292: .It kern.detachall     integer yes
1.1       pavel     293: .It kern.domainname    string  yes
                    294: .It kern.drivers       struct kinfo_drivers    no
1.39      jruoho    295: .It kern.dump_on_panic integer yes
1.132     christos  296: .It kern.expose_address        integer yes
1.1       pavel     297: .It kern.file  struct file     no
                    298: .It kern.forkfsleep    integer yes
                    299: .It kern.fscale        integer no
                    300: .It kern.fsync integer no
1.21      joerg     301: .It kern.hardclock_ticks       integer no
1.1       pavel     302: .It kern.hostid        integer yes
                    303: .It kern.hostname      string  yes
1.21      joerg     304: .It kern.iov_max       integer no
1.39      jruoho    305: .It kern.ipc   node    not applicable
1.21      joerg     306: .It kern.job_control   integer no
1.1       pavel     307: .It kern.labeloffset   integer no
                    308: .It kern.labelsector   integer no
1.21      joerg     309: .It kern.login_name_max        integer no
1.1       pavel     310: .It kern.logsigexit    integer yes
1.140     maya      311: .It kern.lwp   struct kinfo_lwp        yes
1.21      joerg     312: .It kern.mapped_files  integer no
1.1       pavel     313: .It kern.maxfiles      integer yes
1.70      christos  314: .It kern.maxlwp        integer yes
1.1       pavel     315: .It kern.maxpartitions integer no
                    316: .It kern.maxphys       integer no
                    317: .It kern.maxproc       integer yes
                    318: .It kern.maxptys       integer yes
                    319: .It kern.maxvnodes     integer yes
1.116     wiz       320: .It kern.messages      integer yes
1.1       pavel     321: .It kern.mbuf  node    not applicable
                    322: .It kern.memlock       integer no
1.21      joerg     323: .It kern.memlock_range integer no
                    324: .It kern.memory_protection     integer no
1.42      jruoho    325: .It kern.module        node    not applicable
1.21      joerg     326: .It kern.monotonic_clock       integer no
1.49      jruoho    327: .It kern.mqueue        node    not applicable
1.1       pavel     328: .It kern.msgbuf        integer no
                    329: .It kern.msgbufsize    integer no
                    330: .It kern.ngroups       integer no
1.41      jruoho    331: .\".It kern.no_sa_support      integer yes
1.1       pavel     332: .It kern.ntptime       struct ntptimeval       no
                    333: .It kern.osrelease     string  no
1.39      jruoho    334: .It kern.osrevision    integer no
1.1       pavel     335: .It kern.ostype        string  no
1.41      jruoho    336: .\".It kern.panic_now  integer yes
1.1       pavel     337: .It kern.pipe  node    not applicable
1.82      joerg     338: .It kern.pool  struct pool_sysctl      no
1.39      jruoho    339: .\" .It kern.posix     node    not applicable
                    340: .It kern.posix1version integer no
1.51      jruoho    341: .It kern.posix_aio     integer no
1.21      joerg     342: .It kern.posix_barriers        integer no
                    343: .It kern.posix_reader_writer_locks     integer no
1.39      jruoho    344: .\".It kern.posix_sched        integer yes
1.21      joerg     345: .It kern.posix_semaphores      integer no
                    346: .It kern.posix_spin_locks      integer no
                    347: .It kern.posix_threads integer no
                    348: .It kern.posix_timers  integer no
1.1       pavel     349: .It kern.proc  struct kinfo_proc       no
                    350: .It kern.proc2 struct kinfo_proc2      no
1.21      joerg     351: .It kern.proc_args     string  no
1.39      jruoho    352: .It kern.profiling     node    not applicable
1.41      jruoho    353: .\".It kern.pset       node    not applicable
1.1       pavel     354: .It kern.rawpartition  integer no
1.21      joerg     355: .It kern.root_device   string  no
                    356: .It kern.root_partition        integer no
                    357: .It kern.rtc_offset    integer yes
                    358: .It kern.saved_ids     integer no
1.39      jruoho    359: .It kern.sbmax integer yes
1.108     hubertf   360: .It kern.sched node    not applicable
1.1       pavel     361: .It kern.securelevel   integer raise only
1.39      jruoho    362: .It kern.somaxkva      integer yes
1.135     christos  363: .It kern.sooptions     integer yes
1.21      joerg     364: .It kern.synchronized_io       integer no
1.19      christos  365: .It kern.timecounter   node    not applicable
1.1       pavel     366: .It kern.timex struct  no
                    367: .It kern.tkstat        node    not applicable
1.66      christos  368: .It kern.tty   node    not applicable
1.1       pavel     369: .It kern.urandom       integer no
1.45      jruoho    370: .It kern.usercrypto    integer yes
                    371: .It kern.userasymcrypto        integer yes
1.39      jruoho    372: .It kern.veriexec      node    not applicable
1.1       pavel     373: .It kern.version       string  no
                    374: .It kern.vnode struct vnode    no
                    375: .El
                    376: .Bl -tag -width "123456"
1.51      jruoho    377: .It Li kern.aio_listio_max
1.119     wiz       378: The maximum number of asynchronous I/O operations in a single list
                    379: I/O call.
1.51      jruoho    380: Like with all variables related to
                    381: .Xr aio 3 ,
                    382: the variable may be created and removed dynamically
                    383: upon loading or unloading the corresponding kernel module.
                    384: .It Li kern.aio_max
                    385: The maximum number of asynchronous I/O operations.
1.44      jruoho    386: .It Li kern.arandom
                    387: This variable picks a random number each time it is queried.
                    388: The used random number generator
1.119     wiz       389: .Pf ( RNG )
1.44      jruoho    390: is based on
                    391: .Xr arc4random 3 .
1.91      kamil     392: .It Li kern.argmax ( Dv KERN_ARGMAX )
1.1       pavel     393: The maximum bytes of argument to
                    394: .Xr execve 2 .
1.23      apb       395: .It Li kern.boothowto
                    396: Flags passed from the boot loader; see
                    397: .Xr reboot 2
                    398: for the meanings of the flags.
1.91      kamil     399: .It Li kern.boottime ( Dv KERN_BOOTTIME )
1.1       pavel     400: A
1.134     kre       401: .Vt struct timespec
1.1       pavel     402: structure is returned.
                    403: This structure contains the time that the system was booted.
1.134     kre       404: That time is defined (for this purpose) to be the time at
                    405: which the kernel first started accumulating clock ticks.
1.104     pgoyette  406: .It Li kern.bufq
                    407: This variable contains information on the
                    408: .Xr bufq 9
                    409: subsystem.
                    410: Currently, the only third level name implemented is
                    411: .Dv kern.bufq.strategies
                    412: which provides a list of buffer queue strategies currently available.
1.85      apb       413: .It Li kern.buildinfo
                    414: When the kernel is built, the build environment may optionally provide
                    415: arbitrary information to be stored in this variable.
1.91      kamil     416: .It Li kern.ccpu ( Dv KERN_CCPU )
1.1       pavel     417: The scheduler exponential decay value.
1.91      kamil     418: .It Li kern.clockrate ( Dv KERN_CLOCKRATE )
1.1       pavel     419: A
1.56      uwe       420: .Vt struct clockinfo
1.1       pavel     421: structure is returned.
                    422: This structure contains the clock, statistics clock and profiling clock
                    423: frequencies, the number of micro-seconds per hz tick, and the clock
                    424: skew rate.
1.36      jruoho    425: Refer to
                    426: .Xr hz 9
                    427: for additional details.
1.91      kamil     428: .It Li kern.consdev ( Dv KERN_CONSDEV )
1.1       pavel     429: Console device.
1.39      jruoho    430: .It Li kern.coredump
                    431: Settings related to set-id processes coredumps.
                    432: By default, set-id processes do not dump core in situations where
                    433: other processes would.
                    434: The settings in this node allows an administrator to change this
                    435: behavior.
                    436: .Pp
                    437: The third level name is
                    438: .Dv kern.coredump.setid
1.40      jruoho    439: and fourth level variables are described below.
                    440: .Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent
1.107     wiz       441: .It Sy Fourth level name Ta Sy Type Ta Sy Changeable
1.40      jruoho    442: .It kern.coredump.setid.dump   integer yes
                    443: .It kern.coredump.setid.group  integer yes
                    444: .It kern.coredump.setid.mode   integer yes
                    445: .It kern.coredump.setid.owner  integer yes
                    446: .It kern.coredump.setid.path   string  yes
                    447: .El
1.39      jruoho    448: .Bl -tag -width "123456"
                    449: .It Li kern.coredump.setid.dump
                    450: If non-zero, set-id processes will dump core.
                    451: .It Li kern.coredump.setid.group
                    452: The group-id for the set-id processes' coredump.
                    453: .It Li kern.coredump.setid.mode
                    454: The mode for the set-id processes' coredump.
                    455: See
                    456: .Xr chmod 1 .
                    457: .It Li kern.coredump.setid.owner
                    458: The user-id that will be used as the owner of the set-id processes'
                    459: coredump.
                    460: .It Li kern.coredump.setid.path
                    461: The path to which set-id processes' coredumps will be saved to.
                    462: Same syntax as kern.defcorename.
                    463: .El
1.91      kamil     464: .It Li kern.cp_id ( Dv KERN_CP_ID )
1.1       pavel     465: Mapping of CPU number to CPU id.
1.91      kamil     466: .It Li kern.cp_time ( Dv KERN_CP_TIME )
1.56      uwe       467: Returns an array of
                    468: .Dv CPUSTATES
1.101     wiz       469: .Vt uint64_t Ns s .
1.1       pavel     470: This array contains the
                    471: number of clock ticks spent in different CPU states.
                    472: On multi-processor systems, the sum across all CPUs is returned unless
                    473: appropriate space is given for one data set for each CPU.
                    474: Data for a specific CPU can also be obtained by adding the number of the
                    475: CPU at the end of the MIB, enlarging it by one.
1.46      jruoho    476: .It Li kern.cryptodevallowsoft
                    477: This variable controls userland access to hardware versus software transforms
                    478: in the
                    479: .Xr crypto 4
                    480: system.
                    481: The available values are as follows:
1.47      wiz       482: .Bl -tag -width XX0 -offset indent
1.114     wiz       483: .It Dv < 0
1.46      jruoho    484: Always force userlevel requests to use software transforms.
                    485: .It Dv = 0
                    486: If present, use hardware and grant userlevel requests for
                    487: non-accelerated transforms (handling the latter in software).
1.114     wiz       488: .It Dv > 0
1.46      jruoho    489: Allow user requests only for transforms which are hardware-accelerated.
                    490: .El
1.91      kamil     491: .It Li kern.defcorename ( Dv KERN_DEFCORENAME )
1.1       pavel     492: Default template for the name of core dump files (see also
                    493: .Li proc.pid.corename
                    494: in the per-process variables
                    495: .Li proc.* ,
                    496: and
                    497: .Xr core 5
                    498: for format of this template).
                    499: The default value is
1.56      uwe       500: .Pa %n.core
1.1       pavel     501: and can be changed with the kernel configuration option
                    502: .Cd options DEFCORENAME
                    503: (see
                    504: .Xr options 4
                    505: ).
1.38      jruoho    506: .It Li kern.detachall
                    507: Detach all devices at shutdown.
1.91      kamil     508: .It Li kern.domainname ( Dv KERN_DOMAINNAME )
1.1       pavel     509: Get or set the YP domain name.
1.91      kamil     510: .It Li kern.drivers ( Dv KERN_DRIVERS )
1.1       pavel     511: Return an array of
1.56      uwe       512: .Vt struct kinfo_drivers
1.1       pavel     513: that contains the name and major device numbers of all the device drivers
                    514: in the current kernel.
                    515: The
                    516: .Va d_name
                    517: field is always a NUL terminated string.
                    518: The
                    519: .Va d_bmajor
                    520: field will be set to \-1 if the driver doesn't have a block device.
1.132     christos  521: .It Li kern.expose_address
                    522: Expose kernel addresses in
                    523: .Xr sysctl 3
                    524: calls used by
                    525: .Xr fstat 1
                    526: and
                    527: .Xr sockstat 1 .
1.137     wiz       528: If it is set to
1.136     christos  529: .Dv 0
                    530: access is not allowed.
                    531: If it is set to
                    532: .Dv 1
                    533: then only processes that have opened
                    534: .Pa /dev/kmem
                    535: can have access.
1.137     wiz       536: If it is set to
1.136     christos  537: .Dv 2
                    538: every process is allowed.
1.132     christos  539: Defaults to
1.137     wiz       540: .Dv 0
1.136     christos  541: for
                    542: .Dv KASLR
                    543: kernels
                    544: and
                    545: .Dv 1
                    546: otherwise.
                    547: Allowing general access renders KASLR ineffective; allowing only kmem
1.137     wiz       548: accessing programs weakens KASLR if those programs can be subverted
1.136     christos  549: to leak the addresses.
1.91      kamil     550: .It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC )
1.41      jruoho    551: Perform a crash dump on system
                    552: .Xr panic 9 .
1.91      kamil     553: .It Li kern.file ( Dv KERN_FILE )
1.1       pavel     554: Return the entire file table.
                    555: The returned data consists of a single
1.56      uwe       556: .Vt struct filelist
1.1       pavel     557: followed by an array of
1.56      uwe       558: .Vt struct file ,
1.1       pavel     559: whose size depends on the current number of such objects in the system.
1.91      kamil     560: .It Li kern.forkfsleep ( Dv KERN_FORKFSLEEP )
1.1       pavel     561: If
                    562: .Xr fork 2
                    563: system call fails due to limit on number of processes (either
                    564: the global maxproc limit or user's one), wait for this many
                    565: milliseconds before returning
                    566: .Er EAGAIN
                    567: error to process.
                    568: Useful to keep heavily forking runaway processes in bay.
                    569: Default zero (no sleep).
                    570: Maximum is 20 seconds.
1.91      kamil     571: .It Li kern.fscale ( Dv KERN_FSCALE )
1.1       pavel     572: The kernel fixed-point scale factor.
1.91      kamil     573: .It Li kern.fsync ( Dv KERN_FSYNC )
1.58      wiz       574: Return 1 if the
                    575: .St -p1003.1b-93
                    576: File Synchronization Option is available
1.1       pavel     577: on this system,
1.56      uwe       578: otherwise\ 0.
1.91      kamil     579: .It Li kern.hardclock_ticks ( Dv KERN_HARDCLOCK_TICKS )
1.1       pavel     580: Returns the number of
                    581: .Xr hardclock 9
                    582: ticks.
1.105     pgoyette  583: .It Li kern.hist
                    584: This variable contains kernel history data if the kernel was
                    585: configured for any of the options
                    586: .Dv UVHMIST ,
                    587: .Dv USB_DEBUG ,
                    588: .Dv BIOHIST ,
                    589: or
                    590: .Dv SCDEBUG .
                    591: (See
                    592: .Xr options 4
                    593: for more details.)
                    594: The third-level names correspond to each available history table.
                    595: The values of the history tables are in an internal format, and can be
                    596: decoded by the
                    597: .Xr vmstat 1
                    598: utility's
1.106     wiz       599: .Fl U
1.105     pgoyette  600: and
1.106     wiz       601: .Fl u
1.105     pgoyette  602: options;
1.106     wiz       603: the
                    604: .Fl l
                    605: option can be used to see which tables are available.
1.91      kamil     606: .It Li kern.hostid ( Dv KERN_HOSTID )
1.39      jruoho    607: Get or set the host identifier.
                    608: This is aimed to replace the legacy
                    609: .Xr gethostid 3
                    610: and
                    611: .Xr sethostid 3
                    612: system calls.
1.91      kamil     613: .It Li kern.hostname ( Dv KERN_HOSTNAME )
1.39      jruoho    614: Get or set the
                    615: .Xr hostname 1 .
1.91      kamil     616: .It Li kern.iov_max ( Dv KERN_IOV_MAX )
1.1       pavel     617: Return the maximum number of
1.56      uwe       618: .Vt iovec
1.1       pavel     619: structures that a process has available for use with
                    620: .Xr preadv 2 ,
                    621: .Xr pwritev 2 ,
                    622: .Xr readv 2 ,
                    623: .Xr recvmsg 2 ,
                    624: .Xr sendmsg 2
                    625: and
                    626: .Xr writev 2 .
1.91      kamil     627: .It Li kern.ipc ( Dv KERN_SYSVIPC )
1.39      jruoho    628: Return information about the SysV IPC parameters.
                    629: The third level names for the ipc variables are detailed below.
                    630: .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent
1.107     wiz       631: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.39      jruoho    632: .It kern.ipc.sysvmsg   integer no
                    633: .It kern.ipc.sysvsem   integer no
                    634: .It kern.ipc.sysvshm   integer no
                    635: .It kern.ipc.sysvipc_info      struct  no
                    636: .It kern.ipc.shmmax    integer yes
                    637: .It kern.ipc.shmmni    integer yes
                    638: .It kern.ipc.shmseg    integer yes
                    639: .It kern.ipc.shmmaxpgs integer yes
                    640: .It kern.ipc.shm_use_phys      integer yes
                    641: .It kern.ipc.msgmni    integer yes
                    642: .It kern.ipc.msgseg    integer yes
                    643: .It kern.ipc.semmni    integer yes
                    644: .It kern.ipc.semmns    integer yes
                    645: .It kern.ipc.semmnu    integer yes
                    646: .El
                    647: .Bl -tag -width "123456"
1.91      kamil     648: .It Li kern.ipc.sysvmsg ( Dv KERN_SYSVIPC_MSG )
1.39      jruoho    649: Returns 1 if System V style message queue functionality is available
                    650: on this system,
1.56      uwe       651: otherwise\ 0.
1.91      kamil     652: .It Li kern.ipc.sysvsem ( Dv KERN_SYSVIPC_SEM )
1.39      jruoho    653: Returns 1 if System V style semaphore functionality is available
                    654: on this system,
1.56      uwe       655: otherwise\ 0.
1.91      kamil     656: .It Li kern.ipc.sysvshm ( Dv KERN_SYSVIPC_SHM )
1.39      jruoho    657: Returns 1 if System V style share memory functionality is available
                    658: on this system,
1.56      uwe       659: otherwise\ 0.
1.91      kamil     660: .It Li kern.ipc.sysvipc_info ( Dv KERN_SYSVIPC_INFO )
1.39      jruoho    661: Return System V style IPC configuration and run-time information.
                    662: The fourth level name selects the System V style IPC facility.
                    663: .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent
1.107     wiz       664: .It Sy Fourth level name Ta Sy Type
1.39      jruoho    665: .It KERN_SYSVIPC_MSG_INFO      struct msg_sysctl_info
                    666: .It KERN_SYSVIPC_SEM_INFO      struct sem_sysctl_info
                    667: .It KERN_SYSVIPC_SHM_INFO      struct shm_sysctl_info
                    668: .El
                    669: .Bl -tag -width "123456"
                    670: .It Li KERN_SYSVIPC_MSG_INFO
                    671: Return information on the System V style message facility.
                    672: The
                    673: .Sy msg_sysctl_info
                    674: structure is defined in
                    675: .In sys/msg.h .
                    676: .It Li KERN_SYSVIPC_SEM_INFO
                    677: Return information on the System V style semaphore facility.
                    678: The
                    679: .Sy sem_sysctl_info
                    680: structure is defined in
                    681: .In sys/sem.h .
                    682: .It Li KERN_SYSVIPC_SHM_INFO
                    683: Return information on the System V style shared memory facility.
                    684: The
                    685: .Sy shm_sysctl_info
                    686: structure is defined in
                    687: .In sys/shm.h .
                    688: .El
1.91      kamil     689: .It Li kern.ipc.shmmax ( Dv KERN_SYSVIPC_SHMMAX )
1.39      jruoho    690: Max shared memory segment size in bytes.
1.91      kamil     691: .It Li kern.ipc.shmmni ( Dv KERN_SYSVIPC_SHMMNI )
1.39      jruoho    692: Max number of shared memory identifiers.
1.91      kamil     693: .It Li kern.ipc.shmseg ( Dv KERN_SYSVIPC_SHMSEG )
1.39      jruoho    694: Max shared memory segments per process.
1.91      kamil     695: .It Li kern.ipc.shmmaxpgs ( Dv KERN_SYSVIPC_SHMMAXPGS )
1.39      jruoho    696: Max amount of shared memory in pages.
1.91      kamil     697: .It Li kern.ipc.shm_use_phys ( Dv KERN_SYSVIPC_SHMUSEPHYS )
1.39      jruoho    698: Locking of shared memory in physical memory.
                    699: If 0, memory can be swapped
                    700: out, otherwise it will be locked in physical memory.
                    701: .It Li kern.ipc.msgmni
                    702: Max number of message queue identifiers.
                    703: .It Li kern.ipc.msgseg
                    704: Max number of number of message segments.
                    705: .It Li kern.ipc.semmni
                    706: Max number of number of semaphore identifiers.
                    707: .It Li kern.ipc.semmns
                    708: Max number of number of semaphores in system.
                    709: .It Li kern.ipc.semmnu
                    710: Max number of undo structures in system.
                    711: .El
1.91      kamil     712: .It Li kern.job_control ( Dv KERN_JOB_CONTROL )
1.56      uwe       713: Return 1 if job control is available on this system, otherwise\ 0.
1.91      kamil     714: .It Li kern.labeloffset ( Dv KERN_LABELOFFSET )
1.56      uwe       715: The offset within the sector specified by
                    716: .Dv KERN_LABELSECTOR
                    717: of the
1.1       pavel     718: .Xr disklabel 5 .
1.91      kamil     719: .It Li kern.labelsector ( Dv KERN_LABELSECTOR )
1.1       pavel     720: The sector number containing the
                    721: .Xr disklabel 5 .
1.91      kamil     722: .It Li kern.login_name_max ( Dv KERN_LOGIN_NAME_MAX )
1.1       pavel     723: The size of the storage required for a login name, in bytes,
                    724: including the terminating NUL.
1.91      kamil     725: .It Li kern.logsigexit ( Dv KERN_LOGSIGEXIT )
1.1       pavel     726: If this flag is non-zero, the kernel will
                    727: .Xr log 9
                    728: all process exits due to signals which create a
                    729: .Xr core 5
                    730: file, and whether the coredump was created.
1.140     maya      731: .It Li kern.lwp ( Dv KERN_LWP )
                    732: Returns information about the current light-weight process.
                    733: The
                    734: .Sy kinfo_lwp
                    735: structure is defined in
                    736: .In sys/sysctl.h .
1.91      kamil     737: .It Li kern.mapped_files ( Dv KERN_MAPPED_FILES )
1.58      wiz       738: Returns 1 if the
                    739: .St -p1003.1b-93
                    740: Memory Mapped Files Option is available on this system,
1.56      uwe       741: otherwise\ 0.
1.91      kamil     742: .It Li kern.maxfiles ( Dv KERN_MAXFILES )
1.1       pavel     743: The maximum number of open files that may be open in the system.
1.91      kamil     744: .It Li kern.maxpartitions ( Dv KERN_MAXPARTITIONS )
1.1       pavel     745: The maximum number of partitions allowed per disk.
1.71      wiz       746: .It Li kern.maxlwp
1.70      christos  747: The maximum number of Lightweight Processes (threads) the system allows
                    748: per uid.
1.91      kamil     749: .It Li kern.maxphys ( Dv KERN_MAXPHYS )
1.1       pavel     750: Maximum raw I/O transfer size.
1.91      kamil     751: .It Li kern.maxproc ( Dv KERN_MAXPROC )
1.1       pavel     752: The maximum number of simultaneous processes the system will allow.
1.91      kamil     753: .It Li kern.maxptys ( Dv KERN_MAXPTYS )
1.1       pavel     754: The maximum number of pseudo terminals.
                    755: This value can be both raised and lowered, though it cannot
                    756: be set lower than number of currently used ptys.
                    757: See also
                    758: .Xr pty 4 .
1.91      kamil     759: .It Li kern.maxvnodes ( Dv KERN_MAXVNODES )
1.1       pavel     760: The maximum number of vnodes available on the system.
                    761: This can only be raised.
1.91      kamil     762: .It Li kern.mbuf ( Dv KERN_MBUF )
1.1       pavel     763: Return information about the mbuf control variables.
                    764: Mbufs are data structures which store network packets and other data
                    765: structures in the networking code, see
                    766: .Xr mbuf 9 .
                    767: The third level names for the mbuf variables are detailed below.
                    768: The changeable column shows whether a process with appropriate
                    769: privilege may change the value.
1.21      joerg     770: .Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent
1.107     wiz       771: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.1       pavel     772: .\" XXX Changeable? really?
                    773: .It kern.mbuf.mblowat  integer yes
                    774: .It kern.mbuf.mclbytes integer yes
                    775: .It kern.mbuf.mcllowat integer yes
                    776: .It kern.mbuf.msize    integer yes
                    777: .It kern.mbuf.nmbclusters      integer yes
                    778: .El
                    779: .Pp
                    780: The variables are as follows:
                    781: .Bl -tag -width "123456"
1.91      kamil     782: .It Li kern.mbuf.mblowat ( Dv MBUF_MBLOWAT )
1.1       pavel     783: The mbuf low water mark.
1.91      kamil     784: .It Li kern.mbuf.mclbytes ( Dv MBUF_MCLBYTES )
1.1       pavel     785: The mbuf cluster size.
1.91      kamil     786: .It Li kern.mbuf.mcllowat ( Dv MBUF_MCLLOWAT )
1.1       pavel     787: The mbuf cluster low water mark.
1.91      kamil     788: .It Li kern.mbuf.msize ( Dv MBUF_MSIZE )
1.1       pavel     789: The mbuf base size.
1.91      kamil     790: .It Li kern.mbuf.nmbclusters ( Dv MBUF_NMBCLUSTERS )
1.1       pavel     791: The limit on the number of mbuf clusters.
                    792: The variable can only be increased, and only increased on machines with
                    793: direct-mapped pool pages.
                    794: .El
1.91      kamil     795: .It Li kern.memlock ( Dv KERN_MEMLOCK )
1.58      wiz       796: Returns 1 if the
                    797: .St -p1003.1b-93
                    798: Process Memory Locking Option is available on this system,
1.56      uwe       799: otherwise\ 0.
1.91      kamil     800: .It Li kern.memlock_range ( Dv KERN_MEMLOCK_RANGE )
1.58      wiz       801: Returns 1 if the
                    802: .St -p1003.1b-93
                    803: Range Memory Locking Option is available on this system,
1.56      uwe       804: otherwise\ 0.
1.91      kamil     805: .It Li kern.memory_protection ( Dv KERN_MEMORY_PROTECTION )
1.58      wiz       806: Returns 1 if the
                    807: .St -p1003.1b-93
                    808: Memory Protection Option is available on this system,
1.56      uwe       809: otherwise\ 0.
1.102     pgoyette  810: .It Li kern.messages
                    811: Kernel console message verbosity.
                    812: See
1.116     wiz       813: .Aq Pa sys/reboot.h
1.102     pgoyette  814: .Bl -column "verbosity" "setting" -offset indent
1.116     wiz       815: .It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent
                    816: .It 0 Ta Silent Ta Sy AB_SILENT
                    817: .It 1 Ta Quiet Ta Sy AB_QUIET
                    818: .It 2 Ta Normal Ta Sy AB_NORMAL
                    819: .It 3 Ta Verbose Ta Sy AB_VERBOSE
                    820: .It 4 Ta Debug Ta Sy AB_DEBUG
1.102     pgoyette  821: .El
1.42      jruoho    822: .It Li kern.module
                    823: Settings related to kernel modules.
                    824: The third level names for the settings are described below.
                    825: .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent
1.107     wiz       826: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.42      jruoho    827: .It kern.module.autoload       integer yes
1.78      pgoyette  828: .It kern.module.autotime       integer yes
1.121     pgoyette  829: .It kern.module.verbose        boolean yes
1.42      jruoho    830: .El
                    831: .Pp
                    832: The variables are as follows:
                    833: .Bl -tag -width "123456"
                    834: .It Li kern.module.autoload
                    835: A boolean that controls whether kernel modules are loaded automatically.
1.52      jruoho    836: See
1.53      jruoho    837: .Xr module 7
1.42      jruoho    838: for additional details.
1.78      pgoyette  839: .It Li kern.module.autotime
                    840: An integer that controls the delay before an attempt is made to
1.79      wiz       841: automatically unload a module that was auto-loaded.
                    842: Setting this value to zero disables the auto-unload function.
1.42      jruoho    843: .It Li kern.module.verbose
                    844: A boolean that enables or disables verbose
                    845: debug messages related to kernel modules.
                    846: .El
1.91      kamil     847: .It Li kern.monotonic_clock ( Dv KERN_MONOTONIC_CLOCK )
1.58      wiz       848: Returns the standard version the implementation of the
                    849: .St -p1003.1b-93
1.49      jruoho    850: Monotonic Clock Option conforms to,
1.56      uwe       851: otherwise\ 0.
1.48      jruoho    852: .It Li kern.mqueue
1.119     wiz       853: Settings related to POSIX message queues; see
1.48      jruoho    854: .Xr mqueue 3 .
                    855: This node is created dynamically when
                    856: the corresponding kernel module is loaded.
                    857: The third level names for the settings are described below.
                    858: .Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent
1.107     wiz       859: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.48      jruoho    860: .It kern.mqueue.mq_open_max    integer yes
                    861: .It kern.mqueue.mq_prio_max    integer yes
                    862: .It kern.mqueue.mq_max_msgsize integer yes
                    863: .It kern.mqueue.mq_def_maxmsg  integer yes
                    864: .It kern.mqueue.mq_max_maxmsg  integer yes
                    865: .El
                    866: .Pp
                    867: The variables are:
                    868: .Bl -tag -width "123456"
                    869: .It Li kern.mqueue.mq_open_max
                    870: The maximum number of message queue descriptors any single process can open.
                    871: .It Li kern.mqueue.mq_prio_max
                    872: The maximum priority of a message.
                    873: .It Li kern.mqueue.mq_max_msgsize
                    874: The maximum size of a message in a message queue.
                    875: .It Li kern.mqueue.mq_def_maxmsg
                    876: The default maximum message count.
                    877: .It Li kern.mqueue.mq_max_maxmsg
                    878: The maximum number of messages in a message queue.
                    879: .El
1.91      kamil     880: .It Li kern.msgbuf ( Dv KERN_MSGBUF )
1.1       pavel     881: The kernel message buffer, rotated so that the head of the circular kernel
                    882: message buffer is at the start of the returned data.
                    883: The returned data may contain NUL bytes.
1.91      kamil     884: .It Li kern.msgbufsize ( Dv KERN_MSGBUFSIZE )
1.1       pavel     885: The maximum number of characters that the kernel message buffer can hold.
1.91      kamil     886: .It Li kern.ngroups ( Dv KERN_NGROUPS )
1.1       pavel     887: The maximum number of supplemental groups.
1.41      jruoho    888: .\" .It Li kern.no_sa_support
                    889: .\" XXX: Undocumented.
1.91      kamil     890: .It Li kern.ntptime ( Dv KERN_NTPTIME )
1.1       pavel     891: A
1.56      uwe       892: .Vt struct ntptimeval
1.1       pavel     893: structure is returned.
                    894: This structure contains data used by the
                    895: .Xr ntpd 8
                    896: program.
1.91      kamil     897: .It Li kern.osrelease ( Dv KERN_OSRELEASE )
1.1       pavel     898: The system release string.
1.91      kamil     899: .It Li kern.osrevision ( Dv KERN_OSREV )
1.1       pavel     900: The system revision string.
1.91      kamil     901: .It Li kern.ostype ( Dv KERN_OSTYPE )
1.1       pavel     902: The system type string.
1.41      jruoho    903: .\".It Li kern.panic_now
                    904: .\" XXX: Undocumented.
1.91      kamil     905: .It Li kern.pipe ( Dv KERN_PIPE )
1.1       pavel     906: Pipe settings.
                    907: The third level names for the  integer pipe settings is detailed below.
                    908: The changeable column shows whether a process with appropriate
                    909: privilege may change the value.
1.21      joerg     910: .Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent
1.107     wiz       911: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.1       pavel     912: .It kern.pipe.kvasiz   integer yes
                    913: .It kern.pipe.maxbigpipes      integer yes
                    914: .It kern.pipe.maxkvasz integer yes
                    915: .It kern.pipe.limitkva integer yes
                    916: .It kern.pipe.nbigpipes        integer yes
                    917: .El
                    918: .Pp
                    919: The variables are as follows:
                    920: .Bl -tag -width "123456"
1.91      kamil     921: .It Li kern.pipe.kvasiz ( Dv KERN_PIPE_KVASIZ )
1.1       pavel     922: Amount of kernel memory consumed by pipe buffers.
1.91      kamil     923: .It Li kern.pipe.maxbigpipes ( Dv KERN_PIPE_MAXBIGPIPES )
1.56      uwe       924: Maximum number of
                    925: .Dq big
                    926: pipes.
1.91      kamil     927: .It Li kern.pipe.maxkvasz ( Dv KERN_PIPE_MAXKVASZ )
1.1       pavel     928: Maximum amount of kernel memory to be used for pipes.
1.91      kamil     929: .It Li kern.pipe.limitkva ( Dv KERN_PIPE_LIMITKVA )
1.1       pavel     930: Limit for direct transfers via page loan.
1.91      kamil     931: .It Li kern.pipe.nbigpipes ( Dv KERN_PIPE_NBIGPIPES )
1.56      uwe       932: Number of
                    933: .Dq big
                    934: pipes.
1.1       pavel     935: .El
1.82      joerg     936: .It Li kern.pool
                    937: Provides statistics about the
1.83      wiz       938: .Xr pool 9
1.82      joerg     939: and
                    940: .Xr pool_cache 9
                    941: subsystems.
1.39      jruoho    942: .\" XXX: Undocumented .It Li kern.posix ( ? )
                    943: .\"     This is a node in which the only variable is semmax.
1.91      kamil     944: .It Li kern.posix1version ( Dv KERN_POSIX1 )
1.58      wiz       945: The version of ISO/IEC 9945
                    946: .Pq St -p1003.1
                    947: with which the system attempts to comply.
1.51      jruoho    948: .It Li kern.posix_aio
                    949: The version of
                    950: .St -p1003.1
                    951: and its Asynchronous I/O option to which the system attempts to conform.
1.91      kamil     952: .It Li kern.posix_barriers ( Dv KERN_POSIX_BARRIERS )
1.1       pavel     953: The version of
                    954: .St -p1003.1
                    955: and its
                    956: Barriers
                    957: option to which the system attempts to conform,
1.56      uwe       958: otherwise\ 0.
1.91      kamil     959: .It Li kern.posix_reader_writer_locks ( Dv KERN_POSIX_READER_WRITER_LOCKS )
1.1       pavel     960: The version of
                    961: .St -p1003.1
                    962: and its
                    963: Read-Write Locks
                    964: option to which the system attempts to conform,
1.56      uwe       965: otherwise\ 0.
1.41      jruoho    966: .\".It Li kern.posix_sched
                    967: .\" XXX: Undocumented.
1.91      kamil     968: .It Li kern.posix_semaphores ( Dv KERN_POSIX_SEMAPHORES )
1.1       pavel     969: The version of
                    970: .St -p1003.1
                    971: and its
                    972: Semaphores
                    973: option to which the system attempts to conform,
1.56      uwe       974: otherwise\ 0.
1.91      kamil     975: .It Li kern.posix_spin_locks ( Dv KERN_POSIX_SPIN_LOCKS )
1.1       pavel     976: The version of
                    977: .St -p1003.1
                    978: and its
                    979: Spin Locks
                    980: option to which the system attempts to conform,
1.56      uwe       981: otherwise\ 0.
1.91      kamil     982: .It Li kern.posix_threads ( Dv KERN_POSIX_THREADS )
1.1       pavel     983: The version of
                    984: .St -p1003.1
                    985: and its
                    986: Threads
                    987: option to which the system attempts to conform,
1.56      uwe       988: otherwise\ 0.
1.91      kamil     989: .It Li kern.posix_timers ( Dv KERN_POSIX_TIMERS )
1.1       pavel     990: The version of
                    991: .St -p1003.1
                    992: and its
                    993: Timers
                    994: option to which the system attempts to conform,
1.56      uwe       995: otherwise\ 0.
1.91      kamil     996: .It Li kern.proc ( Dv KERN_PROC )
1.1       pavel     997: Return the entire process table, or a subset of it.
                    998: An array of
1.56      uwe       999: .Vt struct kinfo_proc
1.1       pavel    1000: structures is returned,
                   1001: whose size depends on the current number of such objects in the system.
                   1002: The third and fourth level numeric names are as follows:
1.21      joerg    1003: .Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent
1.111     pgoyette 1004: .It Sy Third level name Ta Sy Fourth level is :
1.21      joerg    1005: .It KERN_PROC_ALL      None
                   1006: .It KERN_PROC_GID      A group ID
                   1007: .It KERN_PROC_PID      A process ID
                   1008: .It KERN_PROC_PGRP     A process group
                   1009: .It KERN_PROC_RGID     A real group ID
                   1010: .It KERN_PROC_RUID     A real user ID
                   1011: .It KERN_PROC_SESSION  A session ID
                   1012: .It KERN_PROC_TTY      A tty device
                   1013: .It KERN_PROC_UID      A user ID
1.1       pavel    1014: .El
1.91      kamil    1015: .It Li kern.proc2 ( Dv KERN_PROC2 )
1.56      uwe      1016: As for
                   1017: .Dv KERN_PROC ,
                   1018: but an array of
                   1019: .Vt struct kinfo_proc2
1.1       pavel    1020: structures are returned.
                   1021: The fifth level name is the size of the
1.56      uwe      1022: .Vt struct kinfo_proc2
1.1       pavel    1023: and the sixth level name is the number of structures to return.
1.91      kamil    1024: .It Li kern.proc_args ( Dv KERN_PROC_ARGS )
1.1       pavel    1025: Return the argv or environment strings (or the number thereof)
                   1026: of a process.
                   1027: Multiple strings are returned separated by NUL characters.
                   1028: The third level name is the process ID.
                   1029: The fourth level name is as follows:
1.93      christos 1030: .Bl -column "KERN_PROG_PATHNAME" "The full pathname of the executable" -offset indent
1.92      wiz      1031: .It Dv KERN_PROC_ARGV  The argv strings
                   1032: .It Dv KERN_PROC_ENV   The environ strings
                   1033: .It Dv KERN_PROC_NARGV The number of argv strings
                   1034: .It Dv KERN_PROC_NENV  The number of environ strings
1.93      christos 1035: .It Dv KERN_PROC_PATHNAME      The full pathname of the executable
1.139     kamil    1036: .It Dv KERN_PROC_CWD   The current working directory
1.1       pavel    1037: .El
1.91      kamil    1038: .It Li kern.profiling ( Dv KERN_PROF )
1.1       pavel    1039: Return profiling information about the kernel.
                   1040: If the kernel is not compiled for profiling,
1.56      uwe      1041: attempts to retrieve any of the
                   1042: .Dv KERN_PROF
                   1043: values will fail with
1.1       pavel    1044: .Er EOPNOTSUPP .
                   1045: The third level names for the string and integer profiling information
                   1046: is detailed below.
                   1047: The changeable column shows whether a process with appropriate
                   1048: privilege may change the value.
1.21      joerg    1049: .Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent
1.107     wiz      1050: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.1       pavel    1051: .It kern.profiling.count       u_short[\|]     yes
                   1052: .It kern.profiling.froms       u_short[\|]     yes
                   1053: .It kern.profiling.gmonparam   struct gmonparam        no
                   1054: .It kern.profiling.state       integer yes
                   1055: .It kern.profiling.tos struct tostruct yes
                   1056: .El
                   1057: .Pp
                   1058: The variables are as follows:
                   1059: .Bl -tag -width "123456"
1.91      kamil    1060: .It Li kern.profiling.count ( Dv GPROF_COUNT )
1.1       pavel    1061: Array of statistical program counter counts.
1.91      kamil    1062: .It Li kern.profiling.froms ( Dv GPROF_FROMS )
1.1       pavel    1063: Array indexed by program counter of call-from points.
1.91      kamil    1064: .It Li kern.profiling.gmonparams ( Dv GPROF_GMONPARAM )
1.1       pavel    1065: Structure giving the sizes of the above arrays.
1.91      kamil    1066: .It Li kern.profiling.state ( Dv GPROF_STATE )
1.1       pavel    1067: Profiling state.
1.56      uwe      1068: If set to
                   1069: .Dv GMON_PROF_ON ,
                   1070: starts profiling.
                   1071: If set to
                   1072: .Dv GMON_PROF_OFF ,
                   1073: stops profiling.
1.91      kamil    1074: .It Li kern.profiling.tos ( Dv GPROF_TOS )
1.1       pavel    1075: Array of
1.56      uwe      1076: .Vt struct tostruct
1.1       pavel    1077: describing destination of calls and their counts.
                   1078: .El
1.41      jruoho   1079: .\" .It Li kern.pset
                   1080: .\" XXX: Undocumented.
1.91      kamil    1081: .It Li kern.rawpartition ( Dv KERN_RAWPARTITION )
1.1       pavel    1082: The raw partition of a disk (a == 0).
1.91      kamil    1083: .It Li kern.root_device ( Dv KERN_ROOT_DEVICE )
1.1       pavel    1084: The name of the root device (e.g.,
                   1085: .Dq wd0 ) .
1.91      kamil    1086: .It Li kern.root_partition ( Dv KERN_ROOT_PARTITION )
1.1       pavel    1087: The root partition on the root device (a == 0).
1.91      kamil    1088: .It Li kern.rtc_offset ( Dv KERN_RTC_OFFSET )
1.1       pavel    1089: Return the offset of real time clock from UTC in minutes.
1.91      kamil    1090: .It Li kern.saved_ids ( Dv KERN_SAVED_IDS )
1.1       pavel    1091: Returns 1 if saved set-group and saved set-user ID is available.
1.91      kamil    1092: .It Li kern.sbmax ( Dv KERN_SBMAX )
1.135     christos 1093: Maximum socket buffer size in bytes.
1.91      kamil    1094: .It Li kern.securelevel ( Dv KERN_SECURELVL )
1.25      elad     1095: See
                   1096: .Xr secmodel_securelevel 9 .
1.108     hubertf  1097: .It Li kern.sched ( dynamic )
                   1098: Influence the scheduling of LWPs, their priorisation and how they are
                   1099: distributed on and moved between CPUs.
                   1100: .Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent
                   1101: .It Sy Third level name           Sy Type       Sy Changeable
                   1102: .It kern.sched.cacheht_time       integer       yes
                   1103: .It kern.sched.balance_period     integer       yes
                   1104: .It kern.sched.average_weight     integer       yes
                   1105: .It kern.sched.min_catch          integer       yes
                   1106: .It kern.sched.timesoftints       integer       yes
                   1107: .It kern.sched.kpreempt_pri       integer       yes
                   1108: .It kern.sched.upreempt_pri       integer       yes
                   1109: .It kern.sched.maxts      integer       yes
1.109     wiz      1110: .It kern.sched.mints      integer       yes
                   1111: .It kern.sched.name       string        no
1.108     hubertf  1112: .It kern.sched.rtts       integer       no
                   1113: .It kern.sched.pri_min    integer       no
                   1114: .It kern.sched.pri_max    integer       no
                   1115: .El
                   1116: .Pp
                   1117: The variables are as follows:
                   1118: .Bl -tag -width "123456"
                   1119: .It Li kern.sched.cacheht_time ( dynamic )
                   1120: Cache hotness time in which a LWP is kept on one particular CPU
1.109     wiz      1121: and not moved to another CPU.
                   1122: This reduces the overhead of flushing and reloading caches.
1.108     hubertf  1123: Defaults to 3ms.
1.109     wiz      1124: Needs to be given in
1.108     hubertf  1125: .Dq hz
                   1126: units, see
                   1127: .Xr mstohz 9 .
                   1128: .It Li kern.sched.balance_period ( dynamic )
                   1129: Interval at which the CPU queues are checked for re-balancing.
                   1130: Defaults to 300ms.
1.109     wiz      1131: Needs to be given in
1.108     hubertf  1132: .Dq hz
                   1133: units, see
                   1134: .Xr mstohz 9 .
                   1135: .It Li kern.sched.average_weight ( dynamic )
                   1136: Can be used to influence how likely LWPs are to be migrated from
1.109     wiz      1137: one CPU's queue of LWPs that are ready to run to a different, idle CPU.
1.108     hubertf  1138: The value gives the percentage for weighting the average count of
                   1139: migratable threads from the past against the current number of
1.109     wiz      1140: migratable threads.
                   1141: A small value gives more weight to the past, a larger values more weight
1.108     hubertf  1142: on the current situation.
1.109     wiz      1143: Defaults to 50 and must be between 0 and 100.
1.108     hubertf  1144: .It Li kern.sched.min_catch ( dynamic )
                   1145: Minimum count of migratable (runable) threads for catching (stealing)
                   1146: from another CPU.
                   1147: Defaults to 1 but can be increased to decrease chance of thread
1.109     wiz      1148: migration between CPUs.
1.108     hubertf  1149: .It Li kern.sched.timesoftints ( dynamic )
                   1150: Enable tracking of CPU time for soft interrupts
                   1151: as part of a LWP's real execution time.
                   1152: Set to a non-zero value to enable,
                   1153: and see
                   1154: .Xr ps 1
                   1155: for printing CPU times.
                   1156: .It Li kern.sched.kpreempt_pri ( dynamic )
                   1157: Minimum priority to trigger kernel preemption.
                   1158: .It Li kern.sched.upreempt_pri ( dynamic )
                   1159: Minimum priority to trigger user preemption.
                   1160: .It Li kern.sched.maxts ( dynamic )
                   1161: Scheduler specific maximal time quantum (in milliseconds).
                   1162: Must be set to a value larger than
                   1163: .Dq mints
                   1164: and between 10 and
1.109     wiz      1165: .Dq hz
1.108     hubertf  1166: as given by the
                   1167: .Dv kern.clockrate
                   1168: sysctl.
                   1169: Provided by the M2 scheduler.
                   1170: .It Li kern.sched.mints ( dynamic )
                   1171: Scheduler specific minimal time quantum (in milliseconds).
                   1172: Must be set to a value smaller than
                   1173: .Dq maxts
                   1174: and between 1 and
1.109     wiz      1175: .Dq hz
1.108     hubertf  1176: as given by the
                   1177: .Dq kern.clockrate
                   1178: sysctl.
                   1179: Provided by the M2 scheduler.
                   1180: .It Li kern.sched.name ( dynamic )
1.109     wiz      1181: Scheduler name.
1.108     hubertf  1182: Provided both by the M2 and the 4BSD scheduler.
                   1183: .It Li kern.sched.rtts ( dynamic )
                   1184: Fixed scheduler specific round-robin time quantum in milliseconds.
                   1185: Provided both by the M2 and the 4BSD scheduler.
                   1186: .It Li kern.sched.pri_min ( dynamic )
                   1187: Minimal POSIX real-time priority.
                   1188: See
                   1189: .Xr sched 3 .
                   1190: .It Li kern.sched.pri_max ( dynamic )
                   1191: Maximal POSIX real-time priority.
                   1192: See
                   1193: .Xr sched 3 .
                   1194: .El
1.91      kamil    1195: .It Li kern.somaxkva ( Dv KERN_SOMAXKVA )
1.135     christos 1196: Maximum amount of kernel memory to be used for socket buffers in bytes.
                   1197: .It Li kern.sooptions
                   1198: Set the default socket option flags for
                   1199: .Xr socket 2
                   1200: creation.
                   1201: See
                   1202: .Xr setsockopt 2
                   1203: for a list of supported flags.
1.91      kamil    1204: .It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO )
1.58      wiz      1205: Returns 1 if the
                   1206: .St -p1003.1b-93
                   1207: Synchronized I/O Option is available on this system,
1.56      uwe      1208: otherwise\ 0.
1.19      christos 1209: .It Li kern.timecounter ( dynamic )
                   1210: Display and control the timecounter source of the system.
1.21      joerg    1211: .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent
1.107     wiz      1212: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.19      christos 1213: .It kern.timecounter.choice    string  no
                   1214: .It kern.timecounter.hardware  string  yes
                   1215: .It kern.timecounter.timestepwarnings  integer yes
                   1216: .El
                   1217: .Pp
                   1218: The variables are as follows:
                   1219: .Bl -tag -width "123456"
                   1220: .It Li kern.timecounter.choice ( dynamic )
                   1221: The list of available timecounters with their quality and frequency.
                   1222: .It Li kern.timecounter.hardware ( dynamic )
                   1223: The currently selected timecounter source.
                   1224: .It Li kern.timecounter.timestepwarnings ( dynamic )
                   1225: If non-zero display a message each time the time is stepped.
                   1226: .El
1.91      kamil    1227: .It Li kern.timex ( Dv KERN_TIMEX )
1.1       pavel    1228: Not available.
1.91      kamil    1229: .It Li kern.tkstat ( Dv KERN_TKSTAT )
1.1       pavel    1230: Return information about the number of characters sent and received
                   1231: on ttys.
                   1232: The third level names for the tty statistic variables are detailed below.
                   1233: The changeable column shows whether a process
                   1234: with appropriate privilege may change the value.
1.21      joerg    1235: .Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent
1.107     wiz      1236: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.1       pavel    1237: .It kern.tkstat.cancc  quad    no
                   1238: .It kern.tkstat.nin    quad    no
                   1239: .It kern.tkstat.nout   quad    no
                   1240: .It kern.tkstat.rawcc  quad    no
                   1241: .El
                   1242: .Pp
                   1243: The variables are as follows:
                   1244: .Bl -tag -width "123456"
1.91      kamil    1245: .It Li kern.tkstat.cancc ( Dv KERN_TKSTAT_CANCC )
1.1       pavel    1246: The number of canonical input characters.
1.91      kamil    1247: .It Li kern.tkstat.nin ( Dv KERN_TKSTAT_NIN )
1.1       pavel    1248: The total number of input characters.
1.91      kamil    1249: .It Li kern.tkstat.nout ( Dv KERN_TKSTAT_NOUT )
1.1       pavel    1250: The total number of output characters.
1.91      kamil    1251: .It Li kern.tkstat.rawcc ( Dv KERN_TKSTAT_RAWCC )
1.1       pavel    1252: The number of raw input characters.
                   1253: .El
1.66      christos 1254: .It Li kern.tty
                   1255: The third level names for the tty setup variables are detailed below.
                   1256: The changeable column shows whether a process
                   1257: with appropriate privilege may change the value.
                   1258: .Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent
1.107     wiz      1259: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.66      christos 1260: .It kern.tty.qsize     int     yes
                   1261: .El
                   1262: .Pp
                   1263: The variables are as follows:
                   1264: .Bl -tag -width "123456"
                   1265: .It Li kern.tty.qsize
                   1266: Control/display the size of the default input and output queues selected
                   1267: during tty creation.
                   1268: Is converted to a power of two and its range is between
                   1269: .Dv 1024
                   1270: and
                   1271: .Dv 65536 .
                   1272: .El
1.70      christos 1273: .It Li kern.uidinfo
                   1274: Resource usage for the current user.
                   1275: .Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent
1.107     wiz      1276: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.70      christos 1277: .It kern.uidinfo.proccnt       integer no
                   1278: .It kern.uidinfo.lwpcnt        integer no
                   1279: .It kern.uidinfo.lockcnt       integer no
1.138     christos 1280: .It kern.uidinfo.semcnt        integer no
1.70      christos 1281: .It kern.uidinfo.sbsize        integer no
                   1282: .El
                   1283: .Bl -tag -width "123456"
                   1284: .It Li kern.uidinfo.proccnt
                   1285: Returns the number of active processes for the current user.
                   1286: .It Li kern.uidinfo.lwpcnt
                   1287: Returns the number of active threads for the current user; the first thread
                   1288: of each process is not counted.
                   1289: .It Li kern.uidinfo.lockcnt
                   1290: Number of locks held by the current user.
1.138     christos 1291: .It Li kern.uidinfo.semcnt
                   1292: Number of semaphores held by the current user.
1.70      christos 1293: .It Li kern.uidinfo.sbsize
                   1294: Number of bytes in socket buffers allocated to the current user.
                   1295: .El
1.91      kamil    1296: .It Li kern.urandom ( Dv KERN_URND )
1.1       pavel    1297: Random integer value.
1.45      jruoho   1298: .It Li kern.usercrypto
                   1299: When enabled, allows userland to
                   1300: .Xr open 2
                   1301: the
                   1302: .Pa /dev/crypto
                   1303: special device, used by the
                   1304: .Xr crypto 4
                   1305: system.
                   1306: .It Li kern.userasymcrypto
                   1307: Enables or disables the use of software asymmetric crypto support in the
                   1308: .Xr crypto 4
                   1309: system.
1.1       pavel    1310: .It Li kern.veriexec
1.40      jruoho   1311: Runtime information for
                   1312: .Xr veriexec 8 .
                   1313: .Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent
1.107     wiz      1314: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.40      jruoho   1315: .It kern.veriexec.algorithms   string  no
                   1316: .It kern.veriexec.count        node    not applicable
                   1317: .It kern.veriexec.strict       integer yes
                   1318: .It kern.veriexec.verbose      integer yes
                   1319: .El
1.1       pavel    1320: .Bl -tag -width "123456"
                   1321: .It Li kern.veriexec.algorithms
                   1322: Returns a string with the supported algorithms in Veriexec.
                   1323: .It Li kern.veriexec.count
                   1324: Sub-nodes are added to this node as new mounts are monitored by Veriexec.
                   1325: Each mount will be under its own
                   1326: .No tableN
                   1327: node.
                   1328: Under each node there will be three variables, indicating the mount
1.57      wiz      1329: point, the file system type, and the number of entries.
1.1       pavel    1330: .It Li kern.veriexec.strict
                   1331: Controls the strict level of Veriexec.
                   1332: See
1.62      jruoho   1333: .Xr security 7
1.1       pavel    1334: for more information on each level's implications.
                   1335: .It Li kern.veriexec.verbose
                   1336: Controls the verbosity level of Veriexec.
                   1337: If 0, only the minimal
                   1338: indication required will be given about what's happening - fingerprint
                   1339: mismatches, removal of entries from the tables, modification of a
                   1340: fingerprinted file.
                   1341: If 1, more messages will be printed (ie., when a file with a valid
                   1342: fingerprint is accessed).
                   1343: Verbose level 2 is debug mode.
                   1344: .El
1.91      kamil    1345: .It Li kern.version ( Dv KERN_VERSION )
1.1       pavel    1346: The system version string.
1.91      kamil    1347: .It Li kern.vnode ( Dv KERN_VNODE )
1.1       pavel    1348: Return the entire vnode table.
                   1349: Note, the vnode table is not necessarily a consistent snapshot of
                   1350: the system.
                   1351: The returned data consists of an array whose size depends on the
                   1352: current number of such objects in the system.
                   1353: Each element of the array contains the kernel address of a vnode
1.56      uwe      1354: .Vt struct vnode *
1.1       pavel    1355: followed by the vnode itself
1.56      uwe      1356: .Vt struct vnode .
1.1       pavel    1357: .El
1.50      jruoho   1358: .Ss The machdep.* subtree
1.1       pavel    1359: The set of variables defined is architecture dependent.
                   1360: Most architectures define at least the following variables.
1.43      jruoho   1361: .Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent
1.107     wiz      1362: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.43      jruoho   1363: .It Li machdep.booted_kernel   string  no
1.1       pavel    1364: .El
1.43      jruoho   1365: .\" XXX: Document the above.
1.50      jruoho   1366: .Ss The net.* subtree
1.1       pavel    1367: The string and integer information available for the
                   1368: .Li net
                   1369: level is detailed below.
                   1370: The changeable column shows whether a process with appropriate
                   1371: privilege may change the value.
                   1372: The second and third levels are typically the protocol family and
                   1373: protocol number, though this is not always the case.
1.21      joerg    1374: .Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent
1.107     wiz      1375: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.1       pavel    1376: .It net.route  routing messages        no
                   1377: .It net.inet   IPv4 values     yes
                   1378: .It net.inet6  IPv6 values     yes
                   1379: .It net.key    IPsec key management values     yes
                   1380: .El
                   1381: .Bl -tag -width "123456"
1.91      kamil    1382: .It Li net.route ( Dv PF_ROUTE )
1.1       pavel    1383: .\" XXX really?
                   1384: Return the entire routing table or a subset of it.
                   1385: The data is returned as a sequence of routing messages (see
                   1386: .Xr route 4
                   1387: for the header file, format and meaning).
                   1388: The length of each message is contained in the message header.
                   1389: .Pp
1.56      uwe      1390: The third level name is a protocol number, which is currently always\ 0.
1.1       pavel    1391: The fourth level name is an address family, which may be set to 0 to
                   1392: select all address families.
                   1393: The fifth and sixth level names are as follows:
1.21      joerg    1394: .Bl -column "Fifth level name" "Sixth level is:" -offset indent
1.111     pgoyette 1395: .It Sy Fifth level name Ta Sy Sixth level is :
1.21      joerg    1396: .It NET_RT_FLAGS       rtflags
                   1397: .It NET_RT_DUMP        None
                   1398: .It NET_RT_IFLIST      None
1.1       pavel    1399: .El
1.91      kamil    1400: .It Li net.inet ( Dv PF_INET )
1.1       pavel    1401: Get or set various global information about the IPv4
                   1402: .Pq Internet Protocol version 4 .
                   1403: The third level name is the protocol.
                   1404: The fourth level name is the variable name.
                   1405: The currently defined protocols and names are:
1.92      wiz      1406: .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent
1.107     wiz      1407: .It Sy Protocol        Variable Ta Sy Type Ta Sy Changeable
1.1       pavel    1408: .It arp        down    integer yes
                   1409: .It arp        keep    integer yes
1.65      christos 1410: .It arp        log_movements   integer yes
                   1411: .It arp        log_permanent_modify    integer yes
1.86      christos 1412: .It arp        log_unknown_network     integer yes
1.65      christos 1413: .It arp        log_wrong_iface integer yes
1.1       pavel    1414: .It carp       allow   integer yes
                   1415: .It carp       preempt integer yes
                   1416: .It carp       log     integer yes
                   1417: .It carp       arpbalance      integer yes
                   1418: .It icmp       errppslimit     integer yes
                   1419: .It icmp       maskrepl        integer yes
                   1420: .It icmp       rediraccept     integer yes
                   1421: .It icmp       redirtimeout    integer yes
1.28      christos 1422: .It icmp       bmcastecho      integer yes
1.1       pavel    1423: .It ip allowsrcrt      integer yes
1.72      christos 1424: .It ip         anonportalgo.selected   string  yes
                   1425: .It ip         anonportalgo.available  string  yes
1.74      christos 1426: .It ip         anonportalgo.reserve    struct  yes
1.1       pavel    1427: .It ip anonportmax     integer yes
                   1428: .It ip anonportmin     integer yes
                   1429: .It ip checkinterface  integer yes
1.103     roy      1430: .It ip dad_count       integer yes
1.1       pavel    1431: .It ip directed-broadcast      integer yes
                   1432: .It ip do_loopback_cksum       integer yes
                   1433: .It ip forwarding      integer yes
                   1434: .It ip forwsrcrt       integer yes
                   1435: .It ip gifttl  integer yes
                   1436: .It ip grettl  integer yes
1.8       liamjfoy 1437: .It ip hashsize        integer yes
1.1       pavel    1438: .It ip hostzerobroadcast       integer yes
                   1439: .It ip lowportmin      integer yes
                   1440: .It ip lowportmax      integer yes
                   1441: .It ip maxflows        integer yes
                   1442: .It ip maxfragpackets  integer yes
                   1443: .It ip mtudisc integer yes
                   1444: .It ip mtudisctimeout  integer yes
                   1445: .It ip random_id       integer yes
                   1446: .It ip redirect        integer yes
                   1447: .It ip subnetsarelocal integer yes
                   1448: .It ip ttl     integer yes
                   1449: .It tcp        rfc1323 integer yes
                   1450: .It tcp        sendspace       integer yes
                   1451: .It tcp        recvspace       integer yes
                   1452: .It tcp        mssdflt integer yes
                   1453: .It tcp        syn_cache_limit integer yes
                   1454: .It tcp        syn_bucket_limit        integer yes
                   1455: .It tcp        syn_cache_interval      integer yes
                   1456: .It tcp        init_win        integer yes
                   1457: .It tcp        init_win_local  integer yes
                   1458: .It tcp        mss_ifmtu       integer yes
                   1459: .It tcp        win_scale       integer yes
                   1460: .It tcp        timestamps      integer yes
                   1461: .It tcp        cwm     integer yes
                   1462: .It tcp        cwm_burstsize   integer yes
                   1463: .It tcp        ack_on_push     integer yes
                   1464: .It tcp        keepidle        integer yes
                   1465: .It tcp        keepintvl       integer yes
                   1466: .It tcp        keepcnt integer yes
                   1467: .It tcp        slowhz  integer no
1.12      christos 1468: .It tcp        keepinit        integer yes
1.1       pavel    1469: .It tcp        log_refused     integer yes
                   1470: .It tcp        rstppslimit     integer yes
                   1471: .It tcp        ident   struct  no
1.13      christos 1472: .It tcp        drop    struct  no
1.1       pavel    1473: .It tcp        sack.enable     integer yes
                   1474: .It tcp        sack.globalholes        integer no
                   1475: .It tcp        sack.globalmaxholes     integer yes
                   1476: .It tcp        sack.maxholes   integer yes
                   1477: .It tcp        ecn.enable      integer yes
                   1478: .It tcp        ecn.maxretries  integer yes
                   1479: .It tcp        congctl.selected        string  yes
                   1480: .It tcp        congctl.available       string  yes
                   1481: .It tcp        abc.enable      integer yes
                   1482: .It tcp        abc.aggressive  integer yes
                   1483: .It udp        checksum        integer yes
                   1484: .It udp        do_loopback_cksum       integer yes
                   1485: .It udp        recvspace       integer yes
                   1486: .It udp        sendspace       integer yes
                   1487: .El
                   1488: .Pp
                   1489: The variables are as follows:
                   1490: .Bl -tag -width "123456"
                   1491: .It Li arp.down
                   1492: Failed ARP entry lifetime.
                   1493: .It Li arp.keep
                   1494: Valid ARP entry lifetime.
                   1495: .It Li carp.allow
                   1496: If set to 0, incoming
                   1497: .Xr carp 4
                   1498: packets will not be processed.
                   1499: If set to any other value, processing will occur.
                   1500: Enabled by default.
                   1501: .It Li carp.arpbalance
                   1502: If set to any value other than 0, the ARP balancing functionality of
                   1503: .Xr carp 4
                   1504: is enabled.
                   1505: When ARP requests are received for an IP address which is part of any virtual
                   1506: host, carp will hash the source IP in the ARP request to select one of the
                   1507: virtual hosts from the set of all the virtual hosts which have that IP address.
                   1508: The master of that host will respond with the correct virtual MAC address.
                   1509: Disabled by default.
                   1510: .It Li carp.log
                   1511: If set to any value other than 0,
                   1512: .Xr carp 4
                   1513: will log errors.
                   1514: Disabled by default.
                   1515: .It Li carp.preempt
                   1516: If set to 0,
                   1517: .Xr carp 4
                   1518: will not attempt to become master if it is receiving advertisements from
                   1519: another active master.
                   1520: If set to any other value, carp will become master of the virtual host if it
                   1521: believes it can send advertisements more frequently than the current master.
                   1522: Disabled by default.
                   1523: .It Li ip.allowsrcrt
                   1524: If set to 1, the host accepts source routed packets.
1.72      christos 1525: .It Li ip.anonportalgo.available
                   1526: The available RFC 6056 port randomization algorithms.
1.74      christos 1527: .It Li ip.anonportalgo.reserve
                   1528: A bitmask of ports that will not be used during anonymous or privileged
                   1529: port selection.
1.72      christos 1530: .It Li ip.anonportalgo.selected
                   1531: The currently selected RFC 6056 port randomization algorithm.
1.1       pavel    1532: .It Li ip.anonportmax
                   1533: The highest port number to use for TCP and UDP ephemeral port allocation.
                   1534: This cannot be set to less than 1024 or greater than 65535, and must
                   1535: be greater than
                   1536: .Li ip.anonportmin .
                   1537: .It Li ip.anonportmin
                   1538: The lowest port number to use for TCP and UDP ephemeral port allocation.
                   1539: This cannot be set to less than 1024 or greater than 65535.
                   1540: .It Li ip.checkinterface
                   1541: If set to non-zero, the host will reject packets addressed to it
                   1542: that arrive on an interface not bound to that address.
1.129     maxv     1543: Currently, this must be disabled if NAT is used to translate the
1.1       pavel    1544: destination address to another local interface, or if addresses
                   1545: are added to the loopback interface instead of the interface where
                   1546: the packets for those packets are received.
1.103     roy      1547: .It Li ip.dad_count
                   1548: The number of
                   1549: .Xr arp 4
                   1550: probes sent for Address Conflict Detection.
                   1551: Set to 0 to disable this.
1.1       pavel    1552: .It Li ip.directed-broadcast
                   1553: If set to 1, enables directed broadcast behavior for the host.
                   1554: .It Li ip.do_loopback_cksum
                   1555: Perform IP checksum on loopback.
                   1556: .It Li ip.forwarding
                   1557: If set to 1, enables IP forwarding for the host,
                   1558: meaning that the host is acting as a router.
                   1559: .It Li ip.forwsrcrt
                   1560: If set to 1, enables forwarding of source-routed packets for the host.
                   1561: This value may only be changed if the kernel security level is less than 1.
                   1562: .It Li ip.gifttl
                   1563: The maximum time-to-live (hop count) value for an IPv4 packet generated by
                   1564: .Xr gif 4
                   1565: tunnel interface.
                   1566: .It Li ip.grettl
                   1567: The maximum time-to-live (hop count) value for an IPv4 packet generated by
                   1568: .Xr gre 4
                   1569: tunnel interface.
1.8       liamjfoy 1570: .It Li ip.hashsize
                   1571: The size of IPv4 Fast Forward hash table.
                   1572: This value must be a power of 2 (64, 256...).
                   1573: A larger hash table size results in fewer collisions.
                   1574: Also see
                   1575: .Li ip.maxflows .
1.1       pavel    1576: .It Li ip.hostzerobroadcast
                   1577: All zeroes address is broadcast address.
                   1578: .It Li ip.lowportmax
                   1579: The highest port number to use for TCP and UDP reserved port allocation.
                   1580: This cannot be set to less than 0 or greater than 1024, and must
                   1581: be greater than
                   1582: .Li ip.lowportmin .
                   1583: .It Li ip.lowportmin
                   1584: The lowest port number to use for TCP and UDP reserved port allocation.
                   1585: This cannot be set to less than 0 or greater than 1024, and must
                   1586: be smaller than
                   1587: .Li ip.lowportmax .
                   1588: .It Li ip.maxflows
1.5       liamjfoy 1589: IPv4 Fast Forwarding is enabled by default.
                   1590: If set to 0, IPv4 Fast Forwarding is disabled.
1.1       pavel    1591: .Li ip.maxflows
                   1592: controls the maximum amount of flows which can be created.
                   1593: The default value is 256.
                   1594: .It Li ip.maxfragpackets
                   1595: The maximum number of fragmented packets the node will accept.
                   1596: 0 means that the node will not accept any fragmented packets.
                   1597: \-1 means that the node will accept as many fragmented packets as it receives.
                   1598: The flag is provided basically for avoiding possible DoS attacks.
                   1599: .It Li ip.mtudisc
                   1600: If set to 1, enables Path MTU Discovery (RFC 1191).
                   1601: When Path MTU Discovery is enabled, the transmitted TCP segment
                   1602: size will be determined by the advertised maximum segment size
                   1603: (MSS) from the remote end, as constrained by the path MTU.
                   1604: If MTU Discovery is disabled, the transmitted segment size will
                   1605: never be greater than
                   1606: .Li tcp.mssdflt
                   1607: (the local maximum segment size).
                   1608: .It Li ip.mtudisctimeout
                   1609: The number of seconds in which a route added by the Path MTU
                   1610: Discovery engine will time out.
                   1611: When the route times out, the Path
                   1612: MTU Discovery engine will attempt to probe a larger path MTU.
                   1613: .It Li ip.random_id
                   1614: Assign random ip_id values.
                   1615: .It Li ip.redirect
                   1616: If set to 1, ICMP redirects may be sent by the host.
                   1617: This option is ignored unless the host is routing IP packets,
                   1618: and should normally be enabled on all systems.
                   1619: .It Li ip.subnetsarelocal
                   1620: If set to 1, subnets are to be considered local addresses.
                   1621: .It Li ip.ttl
                   1622: The maximum time-to-live (hop count) value for an IP packet sourced by
                   1623: the system.
                   1624: This value applies to normal transport protocols, not to ICMP.
                   1625: .It Li icmp.errppslimit
                   1626: The variable specifies the maximum number of outgoing ICMP error messages,
                   1627: per second.
                   1628: ICMP error messages that exceeded the value are subject to rate limitation
                   1629: and will not go out from the node.
                   1630: Negative value disables rate limitation.
                   1631: .It Li icmp.maskrepl
                   1632: If set to 1, ICMP network mask requests are to be answered.
                   1633: .It Li icmp.rediraccept
                   1634: If set to non-zero, the host will accept ICMP redirect packets.
                   1635: Note that routers will never accept ICMP redirect packets,
                   1636: and the variable is meaningful on IP hosts only.
                   1637: .It Li icmp.redirtimeout
                   1638: The variable specifies lifetime of routing entries generated by incoming
                   1639: ICMP redirect.
                   1640: This defaults to 600 seconds.
                   1641: .It Li icmp.returndatabytes
                   1642: Number of bytes to return in an ICMP error message.
1.28      christos 1643: .It Li icmp.bmcastecho
                   1644: If set to 1, enables responding to ICMP echo or timestamp request to the
                   1645: broadcast address.
1.1       pavel    1646: .It Li tcp.ack_on_push
                   1647: If set to 1, TCP is to immediately transmit an ACK upon reception of
                   1648: a packet with PUSH set.
                   1649: This can avoid losing a round trip time in some rare situations,
                   1650: but has the caveat of potentially defeating TCP's delayed ACK algorithm.
                   1651: Use of this option is generally not recommended, but
                   1652: the variable exists in case your configuration really needs it.
                   1653: .It Li tcp.cwm
                   1654: If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window
                   1655: Monitoring algorithm.
                   1656: This algorithm prevents line-rate bursts of packets that could
                   1657: otherwise occur when data begins flowing on an idle TCP connection.
                   1658: These line-rate bursts can contribute to network and router congestion.
                   1659: This can be particularly useful on World Wide Web servers
                   1660: which support HTTP/1.1, which has lingering connections.
                   1661: .It Li tcp.cwm_burstsize
                   1662: The Congestion Window Monitoring allowed burst size, in terms
                   1663: of packet count.
                   1664: .It Li tcp.delack_ticks
                   1665: Number of ticks to delay sending an ACK.
                   1666: .It Li tcp.do_loopback_cksum
                   1667: Perform TCP checksum on loopback.
                   1668: .It Li tcp.init_win
1.76      wiz      1669: A value indicating the TCP initial congestion window.
                   1670: The valid range
1.87      matt     1671: is 0 to 10 (maximum specified by RFC6928),
1.75      christos 1672: with a default of 4 (approximately 4K per RFC3390).
1.1       pavel    1673: .It Li tcp.init_win_local
                   1674: Like
                   1675: .Li tcp.init_win ,
                   1676: but used when communicating with hosts on a local network.
                   1677: .It Li tcp.keepcnt
                   1678: Number of keepalive probes sent before declaring a connection dead.
                   1679: If set to zero, there is no limit;
                   1680: keepalives will be sent until some kind of
                   1681: response is received from the peer.
                   1682: .It Li tcp.keepidle
                   1683: Time a connection must be idle before keepalives are sent (if keepalives
                   1684: are enabled for the connection).
                   1685: See also tcp.slowhz.
                   1686: .It Li tcp.keepintvl
                   1687: Time after a keepalive probe is sent until, in the absence of any response,
                   1688: another probe is sent.
                   1689: See also tcp.slowhz.
                   1690: .It Li tcp.log_refused
                   1691: If set to 1, refused TCP connections to the host will be logged.
1.12      christos 1692: .It Li tcp.keepinit
                   1693: Timeout in seconds during connection establishment.
1.1       pavel    1694: .It Li tcp.mss_ifmtu
                   1695: If set to 1, TCP calculates the outgoing maximum segment size based on
                   1696: the MTU of the appropriate interface.
                   1697: If set to 0, it is calculated based on the greater of the MTU of the
                   1698: interface, and the largest (non-loopback) interface MTU on the system.
                   1699: .It Li tcp.mssdflt
                   1700: The default maximum segment size both advertised to the peer
                   1701: and to use when either the peer does not advertise a maximum segment size to
                   1702: us during connection setup or Path MTU Discovery
                   1703: .Li ( ip.mtudisc )
                   1704: is disabled.
                   1705: Do not change this value unless you really know what you are doing.
                   1706: .It Li tcp.recvspace
                   1707: The default TCP receive buffer size.
                   1708: .It Li tcp.rfc1323
                   1709: If set to 1, enables RFC 1323 extensions to TCP.
                   1710: .It Li tcp.rstppslimit
                   1711: The variable specifies the maximum number of outgoing TCP RST packets,
                   1712: per second.
                   1713: TCP RST packet that exceeded the value are subject to rate limitation
                   1714: and will not go out from the node.
                   1715: Negative value disables rate limitation.
1.13      christos 1716: .It Li tcp.ident
                   1717: Return the user ID of a connected socket pair.
                   1718: (RFC1413 Identification Protocol lookups.)
                   1719: .It Li tcp.drop
                   1720: Drop a TCP socket pair connection.
1.1       pavel    1721: .It Li tcp.sack.enable
                   1722: If set to 1, enables RFC 2018 Selective ACKnowledgement.
                   1723: .It Li tcp.sack.globalholes
                   1724: Global number of TCP SACK holes.
                   1725: .It Li tcp.sack.globalmaxholes
                   1726: Global maximum number of TCP SACK holes.
                   1727: .It Li tcp.sack.maxholes
                   1728: Maximum number of TCP SACK holes allowed per connection.
                   1729: .It Li tcp.ecn.enable
                   1730: If set to 1, enables RFC 3168 Explicit Congestion Notification.
                   1731: .It Li tcp.ecn.maxretries
                   1732: Number of times to retry sending the ECN-setup packet.
                   1733: .It Li tcp.sendspace
                   1734: The default TCP send buffer size.
                   1735: .It Li tcp.slowhz
                   1736: The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks
                   1737: of a clock that ticks tcp.slowhz times per second.
                   1738: (That is, their values
                   1739: must be divided by the tcp.slowhz value to get times in seconds.)
                   1740: .It Li tcp.syn_bucket_limit
                   1741: The maximum number of entries allowed per hash bucket in the TCP
                   1742: compressed state engine.
                   1743: .It Li tcp.syn_cache_limit
                   1744: The maximum number of entries allowed in the TCP compressed state
                   1745: engine.
                   1746: .It Li tcp.timestamps
                   1747: If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options,
                   1748: used for measuring TCP round trip times, are enabled.
                   1749: .It Li tcp.win_scale
                   1750: If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options,
                   1751: for increasing the TCP window size, are enabled.
                   1752: .It Li tcp.congctl.available
                   1753: The available TCP congestion control algorithms.
                   1754: .It Li tcp.congctl.selected
                   1755: The currently selected TCP congestion control algorithm.
                   1756: .It Li tcp.abc.enable
                   1757: If set to 1, use RFC 3465 Appropriate Byte Counting (ABC).
                   1758: If set to 0, use traditional Packet Counting.
                   1759: .It Li tcp.abc.aggressive
                   1760: Choose the L parameter found in RFC 3465.
                   1761: L is the maximum cwnd increase for an ack during slow start.
                   1762: If set to 1, use L=2*SMSS.
                   1763: If set to 0, use L=1*SMSS.
                   1764: It has no effect unless tcp.abc.enable is set to 1.
                   1765: .It Li udp.checksum
                   1766: If set to 1, UDP checksums are being computed.
                   1767: Received non-zero UDP checksums are always checked.
                   1768: Disabling UDP checksums is strongly discouraged.
1.67      christos 1769: .It Li udp.recvspace
                   1770: The default UDP receive buffer size.
1.1       pavel    1771: .It Li udp.sendspace
                   1772: The default UDP send buffer size.
                   1773: .El
                   1774: .Pp
                   1775: For variables net.*.ipsec, please refer to
                   1776: .Xr ipsec 4 .
1.91      kamil    1777: .It Li net.inet6 ( Dv PF_INET6 )
1.1       pavel    1778: Get or set various global information about the IPv6
                   1779: .Pq Internet Protocol version 6 .
                   1780: The third level name is the protocol.
                   1781: The fourth level name is the variable name.
                   1782: The currently defined protocols and names are:
1.92      wiz      1783: .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent
1.107     wiz      1784: .It Sy Protocol        Variable Ta Sy Type Ta Sy Changeable
1.1       pavel    1785: .It icmp6      errppslimit     integer yes
                   1786: .It icmp6      mtudisc_hiwat   integer yes
                   1787: .It icmp6      mtudisc_lowat   integer yes
                   1788: .It icmp6      nd6_debug       integer yes
                   1789: .It icmp6      nd6_delay       integer yes
                   1790: .It icmp6      nd6_maxnudhint  integer yes
                   1791: .It icmp6      nd6_mmaxtries   integer yes
                   1792: .It icmp6      nd6_prune       integer yes
                   1793: .It icmp6      nd6_umaxtries   integer yes
                   1794: .It icmp6      nd6_useloopback integer yes
                   1795: .It icmp6      nodeinfo        integer yes
                   1796: .It icmp6      rediraccept     integer yes
                   1797: .It icmp6      redirtimeout    integer yes
                   1798: .It ip6        accept_rtadv    integer yes
1.96      christos 1799: .It ip6        addctlpolicy    struct in6_addrpolicy   no
1.72      christos 1800: .It ip6        anonportalgo.selected   string  yes
                   1801: .It ip6        anonportalgo.available  string  yes
1.90      kamil    1802: .It ip6        anonportalgo.reserve    struct  yes
1.1       pavel    1803: .It ip6        anonportmax     integer yes
                   1804: .It ip6        anonportmin     integer yes
                   1805: .It ip6        auto_flowlabel  integer yes
                   1806: .It ip6        dad_count       integer yes
                   1807: .It ip6        defmcasthlim    integer yes
                   1808: .It ip6        forwarding      integer yes
                   1809: .It ip6        gifhlim integer yes
1.7       liamjfoy 1810: .It ip6        hashsize        integer yes
1.1       pavel    1811: .It ip6        hlim    integer yes
                   1812: .It ip6        hdrnestlimit    integer yes
                   1813: .It ip6        kame_version    string  no
                   1814: .It ip6        keepfaith       integer yes
                   1815: .It ip6        log_interval    integer yes
                   1816: .It ip6        lowportmax      integer yes
                   1817: .It ip6        lowportmin      integer yes
1.73      christos 1818: .It ip6        maxdynroutes    integer yes
                   1819: .It ip6        maxifprefixes   integer yes
                   1820: .It ip6        maxifdefrouters integer yes
1.5       liamjfoy 1821: .It ip6        maxflows        integer yes
1.1       pavel    1822: .It ip6        maxfragpackets  integer yes
                   1823: .It ip6        maxfrags        integer yes
1.73      christos 1824: .It ip6        neighborgcthresh        integer yes
1.1       pavel    1825: .It ip6        redirect        integer yes
                   1826: .It ip6        rr_prune        integer yes
                   1827: .It ip6        use_deprecated  integer yes
                   1828: .It ip6        v6only  integer yes
                   1829: .It udp6       do_loopback_cksum       integer yes
                   1830: .It udp6       recvspace       integer yes
                   1831: .It udp6       sendspace       integer yes
                   1832: .El
                   1833: .Pp
                   1834: The variables are as follows:
                   1835: .Bl -tag -width "123456"
                   1836: .It Li ip6.accept_rtadv
                   1837: If set to non-zero, the node will accept ICMPv6 router advertisement packets
                   1838: and autoconfigures address prefixes and default routers.
                   1839: The node must be a host
                   1840: .Pq not a router
                   1841: for the option to be meaningful.
1.72      christos 1842: .It Li ip6.anonportalgo.available
                   1843: The available RFC 6056 port randomization algorithms.
1.74      christos 1844: .It Li ip6.anonportalgo.reserve
                   1845: A bitmask of ports that will not be used during anonymous or privileged
                   1846: port selection.
1.72      christos 1847: .It Li ip6.anonportalgo.selected
                   1848: The currently selected RFC 6056 port randomization algorithm.
1.1       pavel    1849: .It Li ip6.anonportmax
                   1850: The highest port number to use for TCP and UDP ephemeral port allocation.
                   1851: This cannot be set to less than 1024 or greater than 65535, and must
                   1852: be greater than
                   1853: .Li ip6.anonportmin .
                   1854: .It Li ip6.anonportmin
                   1855: The lowest port number to use for TCP and UDP ephemeral port allocation.
                   1856: This cannot be set to less than 1024 or greater than 65535.
                   1857: .It Li ip6.auto_flowlabel
                   1858: On connected transport protocol packets,
                   1859: fill IPv6 flowlabel field to help intermediate routers to identify packet flows.
                   1860: .It Li ip6.dad_count
                   1861: The variable configures number of IPv6 DAD
                   1862: .Pq duplicated address detection
                   1863: probe packets.
                   1864: The packets will be generated when IPv6 interface addresses are configured.
                   1865: .It Li ip6.defmcasthlim
                   1866: The default hop limit value for an IPv6 multicast packet sourced by the node.
                   1867: This value applies to all the transport protocols on top of IPv6.
                   1868: There are APIs to override the value, as documented in
                   1869: .Xr ip6 4 .
                   1870: .It Li ip6.forwarding
                   1871: If set to 1, enables IPv6 forwarding for the node,
                   1872: meaning that the node is acting as a router.
                   1873: If set to 0, disables IPv6 forwarding for the node,
                   1874: meaning that the node is acting as a host.
                   1875: IPv6 specification defines node behavior for
                   1876: .Dq router
                   1877: case and
                   1878: .Dq host
                   1879: case quite differently, and changing this variable during operation
                   1880: may cause serious trouble.
                   1881: It is recommended to configure the variable at bootstrap time,
                   1882: and bootstrap time only.
                   1883: .It Li ip6.gifhlim
                   1884: The maximum hop limit value for an IPv6 packet generated by
                   1885: .Xr gif 4
                   1886: tunnel interface.
                   1887: .It Li ip6.hdrnestlimit
                   1888: The number of IPv6 extension headers permitted on incoming IPv6 packets.
                   1889: If set to 0, the node will accept as many extension headers as possible.
1.7       liamjfoy 1890: .It Li ip6.hashsize
                   1891: The size of IPv6 Fast Forward hash table.
1.56      uwe      1892: This value must be a power of 2 (64, 256, ...).
1.7       liamjfoy 1893: A larger hash table size results in fewer collisions.
                   1894: Also see
                   1895: .Li ip6.maxflows .
1.1       pavel    1896: .It Li ip6.hlim
                   1897: The default hop limit value for an IPv6 unicast packet sourced by the node.
                   1898: This value applies to all the transport protocols on top of IPv6.
                   1899: There are APIs to override the value, as documented in
                   1900: .Xr ip6 4 .
                   1901: .It Li ip6.kame_version
                   1902: The string identifies the version of KAME IPv6 stack implemented in the kernel.
                   1903: .It Li ip6.keepfaith
                   1904: If set to non-zero, it enables
                   1905: .Dq FAITH
                   1906: TCP relay IPv6-to-IPv4 translator code in the kernel.
                   1907: Refer
                   1908: .Xr faith 4
                   1909: and
                   1910: .Xr faithd 8
                   1911: for detail.
                   1912: .It Li ip6.log_interval
                   1913: The variable controls amount of logs generated by IPv6 packet
                   1914: forwarding engine, by setting interval between log output
                   1915: .Pq in seconds .
                   1916: .It Li ip6.lowportmax
                   1917: The highest port number to use for TCP and UDP reserved port allocation.
                   1918: This cannot be set to less than 0 or greater than 1024, and must
                   1919: be greater than
                   1920: .Li ip6.lowportmin .
                   1921: .It Li ip6.lowportmin
                   1922: The lowest port number to use for TCP and UDP reserved port allocation.
                   1923: This cannot be set to less than 0 or greater than 1024, and must
                   1924: be smaller than
                   1925: .Li ip6.lowportmax .
1.73      christos 1926: .It Li ip6.maxdynroutes
                   1927: Maximum number of routes created by redirect.
                   1928: Set it to negative to disable.
                   1929: The default value is 4096.
                   1930: .It Li ip6.maxifprefixes
                   1931: Maximum number of prefixes created by route advertisements per interface.
                   1932: Set it to negative to disable.
                   1933: The default value is 16.
                   1934: .It Li ip6.maxifdefrouters 16
                   1935: Maximum number of default routers created by route advertisements per interface.
                   1936: Set it to negative to disable.
                   1937: The default value is 16.
1.5       liamjfoy 1938: .It Li ip6.maxflows
                   1939: IPv6 Fast Forwarding is enabled by default.
                   1940: If set to 0, IPv6 Fast Forwarding is disabled.
                   1941: .Li ip6.maxflows
                   1942: controls the maximum amount of flows which can be created.
1.6       liamjfoy 1943: The default value is 256.
1.1       pavel    1944: .It Li ip6.maxfragpackets
                   1945: The maximum number of fragmented packets the node will accept.
                   1946: 0 means that the node will not accept any fragmented packets.
                   1947: \-1 means that the node will accept as many fragmented packets as it receives.
                   1948: The flag is provided basically for avoiding possible DoS attacks.
                   1949: .It Li ip6.maxfrags
                   1950: The maximum number of fragments the node will accept.
                   1951: 0 means that the node will not accept any fragments.
                   1952: \-1 means that the node will accept as many fragments as it receives.
                   1953: The flag is provided basically for avoiding possible DoS attacks.
1.73      christos 1954: .It Li ip6.neighborgcthresh
1.98      ozaki-r  1955: Maximum number of entries in neighbor cache per interface.
1.73      christos 1956: Set to negative to disable.
                   1957: The default value is 2048.
1.1       pavel    1958: .It Li ip6.redirect
                   1959: If set to 1, ICMPv6 redirects may be sent by the node.
                   1960: This option is ignored unless the node is routing IP packets,
                   1961: and should normally be enabled on all systems.
                   1962: .It Li ip6.rr_prune
                   1963: The variable specifies interval between IPv6 router renumbering prefix
                   1964: babysitting, in seconds.
                   1965: .It Li ip6.use_deprecated
                   1966: The variable controls use of deprecated address, specified in RFC 2462 5.5.4.
                   1967: .It Li ip6.v6only
                   1968: The variable specifies initial value for
                   1969: .Dv IPV6_V6ONLY
                   1970: socket option for
                   1971: .Dv AF_INET6
                   1972: socket.
                   1973: Please refer to
                   1974: .Xr ip6 4
                   1975: for detail.
                   1976: .It Li icmp6.errppslimit
                   1977: The variable specifies the maximum number of outgoing ICMPv6 error messages,
                   1978: per second.
                   1979: ICMPv6 error messages that exceeded the value are subject to rate limitation
                   1980: and will not go out from the node.
                   1981: Negative value disables rate limitation.
                   1982: .It Li icmp6.mtudisc_hiwat
                   1983: .It Li icmp6.mtudisc_lowat
                   1984: The variables define the maximum number of routing table entries,
                   1985: created due to path MTU discovery
                   1986: .Pq prevents denial-of-service attacks with ICMPv6 too big messages .
                   1987: When IPv6 path MTU discovery happens, we keep path MTU information into
                   1988: the routing table.
                   1989: If the number of routing table entries exceed the value,
                   1990: the kernel will not attempt to keep the path MTU information.
                   1991: .Li icmp6.mtudisc_hiwat
                   1992: is used when we have verified ICMPv6 too big messages.
                   1993: .Li icmp6.mtudisc_lowat
                   1994: is used when we have unverified ICMPv6 too big messages.
                   1995: Verification is performed by using address/port pairs kept in connected pcbs.
                   1996: Negative value disables the upper limit.
                   1997: .It Li icmp6.nd6_debug
                   1998: If set to non-zero, kernel IPv6 neighbor discovery code will generate
                   1999: debugging messages.
                   2000: The debug outputs are useful to diagnose IPv6 interoperability issues.
                   2001: The flag must be set to 0 for normal operation.
                   2002: .It Li icmp6.nd6_delay
                   2003: The variable specifies
                   2004: .Dv DELAY_FIRST_PROBE_TIME
                   2005: timing constant in IPv6 neighbor discovery specification
                   2006: .Pq RFC 2461 ,
                   2007: in seconds.
                   2008: .It Li icmp6.nd6_maxnudhint
                   2009: IPv6 neighbor discovery permits upper layer protocols to supply reachability
                   2010: hints, to avoid unnecessary neighbor discovery exchanges.
                   2011: The variable defines the number of consecutive hints the neighbor discovery
                   2012: layer will take.
                   2013: For example, by setting the variable to 3, neighbor discovery layer
                   2014: will take 3 consecutive hints in maximum.
                   2015: After receiving 3 hints, neighbor discovery layer will perform
                   2016: normal neighbor discovery process.
                   2017: .It Li icmp6.nd6_mmaxtries
                   2018: The variable specifies
                   2019: .Dv MAX_MULTICAST_SOLICIT
                   2020: constant in IPv6 neighbor discovery specification
                   2021: .Pq RFC 2461 .
                   2022: .It Li icmp6.nd6_prune
                   2023: The variable specifies interval between IPv6 neighbor cache babysitting,
                   2024: in seconds.
                   2025: .It Li icmp6.nd6_umaxtries
                   2026: The variable specifies
                   2027: .Dv MAX_UNICAST_SOLICIT
                   2028: constant in IPv6 neighbor discovery specification
                   2029: .Pq RFC 2461 .
                   2030: .It Li icmp6.nd6_useloopback
                   2031: If set to non-zero, kernel IPv6 stack will use loopback interface for
                   2032: local traffic.
                   2033: .It Li icmp6.nodeinfo
                   2034: The variable enables responses to ICMPv6 node information queries.
                   2035: If you set the variable to 0, responses will not be generated for
                   2036: ICMPv6 node information queries.
                   2037: Since node information queries can have a security impact, it is
                   2038: possible to fine tune which responses should be answered.
                   2039: Two separate bits can be set.
                   2040: .Bl -tag -width "12345"
                   2041: .It 1
                   2042: Respond to ICMPv6 FQDN queries, e.g.
                   2043: .Li ping6 -w .
                   2044: .It 2
                   2045: Respond to ICMPv6 node addresses queries, e.g.
                   2046: .Li ping6 -a .
                   2047: .El
                   2048: .It Li icmp6.rediraccept
                   2049: If set to non-zero, the host will accept ICMPv6 redirect packets.
                   2050: Note that IPv6 routers will never accept ICMPv6 redirect packets,
                   2051: and the variable is meaningful on IPv6 hosts
                   2052: .Pq non-router
                   2053: only.
                   2054: .It Li icmp6.redirtimeout
                   2055: The variable specifies lifetime of routing entries generated by incoming
                   2056: ICMPv6 redirect.
                   2057: .It Li udp6.do_loopback_cksum
                   2058: Perform UDP checksum on loopback.
                   2059: .It Li udp6.recvspace
                   2060: Default UDP receive buffer size.
                   2061: .It Li udp6.sendspace
                   2062: Default UDP send buffer size.
                   2063: .El
                   2064: .Pp
1.119     wiz      2065: We reuse net.*.tcp for TCP over IPv6,
1.1       pavel    2066: and therefore we do not have variables net.*.tcp6.
                   2067: Variables net.inet6.udp6 have identical meaning to net.inet.udp.
                   2068: Please refer to
                   2069: .Li PF_INET
                   2070: section above.
                   2071: For variables net.*.ipsec6, please refer to
                   2072: .Xr ipsec 4 .
1.91      kamil    2073: .It Li net.key ( Dv PF_KEY )
1.1       pavel    2074: Get or set various global information about the IPsec key management.
                   2075: The third level name is the variable name.
                   2076: The currently defined variable and names are:
1.21      joerg    2077: .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent
1.107     wiz      2078: .It Sy Variable        Type Ta Sy Changeable
1.1       pavel    2079: .It debug      integer yes
1.80      christos 2080: .It enabled    integer yes
                   2081: .It used       integer no
1.1       pavel    2082: .It spi_try    integer yes
                   2083: .It spi_min_value      integer yes
                   2084: .It spi_max_value      integer yes
                   2085: .It larval_lifetime    integer yes
                   2086: .It blockacq_count     integer yes
                   2087: .It blockacq_lifetime  integer yes
                   2088: .It esp_keymin integer yes
                   2089: .It esp_auth   integer yes
                   2090: .It ah_keymin  integer yes
                   2091: .El
                   2092: The variables are as follows:
                   2093: .Bl -tag -width "123456"
                   2094: .It Li debug
                   2095: Turn on debugging message from within the kernel.
                   2096: The value is a bitmap, as defined in
1.131     maxv     2097: .In netipsec/key_debug.h .
1.80      christos 2098: .It Li enabled
1.81      christos 2099: Control processing of IPsec control messages.
                   2100: .Bl -tag -width indent
                   2101: .It 0
                   2102: Never allow IPsec processing
                   2103: .It 1
                   2104: Allow IPsec processing when SPD policies are present.
                   2105: .It 2
                   2106: Force IPsec processing even when SPD policies are not present.
                   2107: .El
1.80      christos 2108: .It Li used
1.128     eadler   2109: Based on if IPsec is enabled, and SPD rule existence, show if
1.80      christos 2110: IPsec is being used.
1.110     abhinav  2111: Note that currently once IPsec is being used, it cannot be disabled.
1.1       pavel    2112: .It Li spi_try
                   2113: The number of times the kernel will try to obtain an unique SPI
                   2114: when it generates it from random number generator.
                   2115: .It Li spi_min_value
                   2116: Minimum SPI value when generating it within the kernel.
                   2117: .It Li spi_max_value
                   2118: Maximum SPI value when generating it within the kernel.
                   2119: .It Li larval_lifetime
                   2120: Lifetime for LARVAL SAD entries, in seconds.
                   2121: .It Li blockacq_count
                   2122: Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message.
                   2123: It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the
                   2124: key management daemon.
                   2125: .It Li blockacq_lifetime
                   2126: Lifetime of ACQUIRE PF_KEY message.
                   2127: .It Li esp_keymin
                   2128: Minimum ESP key length, in bits.
                   2129: The value is used when the kernel creates proposal payload
                   2130: on ACQUIRE PF_KEY message.
                   2131: .It Li esp_auth
                   2132: Whether ESP authentication should be used or not.
                   2133: Non-zero value indicates that ESP authentication should be used.
                   2134: The value is used when the kernel creates proposal payload
                   2135: on ACQUIRE PF_KEY message.
                   2136: .It Li ah_keymin
                   2137: Minimum AH key length, in bits,
                   2138: The value is used when the kernel creates proposal payload
                   2139: on ACQUIRE PF_KEY message.
                   2140: .El
1.126     christos 2141: .It Li net.local ( Dv PF_LOCAL )
                   2142: Get or set various global information about
                   2143: .Dv AF_LOCAL
                   2144: type sockets.
                   2145: For some variables, the third level name is the variable name:
                   2146: .Bl -column "Variable" "integer" "Changeable" -offset indent
                   2147: .It Sy Variable        Type Ta Sy Changeable
                   2148: .It inflight   integer no
                   2149: .It deferred   integer no
                   2150: .El
                   2151: The variables are as follows:
                   2152: .Bl -tag -width "123456"
                   2153: .It Li inflight
                   2154: The number of file descriptors currently passed between processes,
                   2155: .Qq in flight .
                   2156: .It Li deferred
                   2157: The number of file descriptors passed between processes that have been
                   2158: deferred for cleanup by a kernel task.
                   2159: .El
                   2160: .Pp
                   2161: Other variables are specific to a socket type:
                   2162: .Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent
1.127     wiz      2163: .It Sy "Socket Type"   Sy Variable     Type Ta Sy Changeable
1.126     christos 2164: .It dgram      pcblist struct  no
                   2165: .It dgram      recvspace       integer yes
                   2166: .It dgram      sendspace       integer yes
                   2167: .It seqpacket  pcblist struct  no
                   2168: .It stream     pcblist struct  no
                   2169: .It stream     recvspace       integer yes
                   2170: .It stream     sendspace       integer yes
                   2171: .El
                   2172: The variables are as follows:
                   2173: .Bl -tag -width "123456"
                   2174: .It Li dgram.pcblist
                   2175: The Protocol Control Block list structure for datagram sockets.
                   2176: Parsed by
1.133     wiz      2177: .Xr netstat 1
1.126     christos 2178: or
1.133     wiz      2179: .Xr sockstat 1 .
1.126     christos 2180: .It Li dgram.recvspace
                   2181: The default datagram receive buffer size.
                   2182: .It Li dgram.sendspace
                   2183: The default datagram send buffer size.
                   2184: .It Li seqpacket.pcblist
                   2185: The Protocol Control Block list structure for Sequential Packet sockets.
                   2186: Parsed by
1.133     wiz      2187: .Xr netstat 1
1.126     christos 2188: or
1.133     wiz      2189: .Xr sockstat 1 .
1.126     christos 2190: .It Li stream.pcblist
                   2191: The Protocol Control Block list structure for stream sockets.
                   2192: Parsed by
1.133     wiz      2193: .Xr netstat 1
1.126     christos 2194: or
1.133     wiz      2195: .Xr sockstat 1 .
1.126     christos 2196: .It Li stream.recvspace
                   2197: The default stream receive buffer size.
                   2198: .It Li stream.sendspace
                   2199: The default stream send buffer size.
                   2200: .El
1.1       pavel    2201: .El
1.50      jruoho   2202: .Ss The proc.* subtree
1.1       pavel    2203: The string and integer information available for the
                   2204: .Li proc
                   2205: level is detailed below.
                   2206: The changeable column shows whether a process with appropriate
                   2207: privilege may change the value.
                   2208: These values are per-process,
                   2209: and as such may change from one process to another.
                   2210: When a process is created,
                   2211: the default values are inherited from its parent.
                   2212: When a set-user-ID or set-group-ID binary is executed, the
                   2213: value of PROC_PID_CORENAME is reset to the system default value.
                   2214: The second level name is either the magic value PROC_CURPROC, which
                   2215: points to the current process, or the PID of the target process.
1.21      joerg    2216: .Bl -column "proc.pid.corename" "string" "not applicable" -offset indent
1.107     wiz      2217: .It Sy Third level name Ta Sy Type Ta Sy Changeable
1.1       pavel    2218: .It proc.pid.corename  string  yes
                   2219: .It proc.pid.rlimit    node    not applicable
                   2220: .It proc.pid.stopfork  int     yes
                   2221: .It proc.pid.stopexec  int     yes
                   2222: .It proc.pid.stopexit  int     yes
1.111     pgoyette 2223: .It proc.pid.paxflags  int     no
1.1       pavel    2224: .El
                   2225: .Bl -tag -width "123456"
1.91      kamil    2226: .It Li proc.pid.corename ( Dv PROC_PID_CORENAME )
1.1       pavel    2227: The template used for the core dump file name (see
                   2228: .Xr core 5
                   2229: for details).
                   2230: The base name must either be
1.56      uwe      2231: .Pa core
                   2232: or end with the suffix
                   2233: .Pa .core
                   2234: (the super-user may set arbitrary names).
                   2235: By default it points to
                   2236: .Dv KERN_DEFCORENAME .
1.91      kamil    2237: .It Li proc.pid.rlimit ( Dv PROC_PID_LIMIT )
1.1       pavel    2238: Return resources limits, as defined for the
                   2239: .Xr getrlimit 2
                   2240: and
                   2241: .Xr setrlimit 2
                   2242: system calls.
                   2243: The fourth level name is one of:
1.56      uwe      2244: .Bl -tag -width "123456"
1.91      kamil    2245: .It Li proc.pid.rlimit.cputime ( Dv PROC_PID_LIMIT_CPU )
1.1       pavel    2246: The maximum amount of CPU time (in seconds) to be used by each process.
1.91      kamil    2247: .It Li proc.pid.rlimit.filesize ( Dv PROC_PID_LIMIT_FSIZE )
1.1       pavel    2248: The largest size (in bytes) file that may be created.
1.91      kamil    2249: .It Li proc.pid.rlimit.datasize ( Dv PROC_PID_LIMIT_DATA )
1.1       pavel    2250: The maximum size (in bytes) of the data segment for a process;
                   2251: this defines how far a program may extend its break with the
                   2252: .Xr sbrk 2
                   2253: system call.
1.91      kamil    2254: .It Li proc.pid.rlimit.stacksize ( Dv PROC_PID_LIMIT_STACK )
1.1       pavel    2255: The maximum size (in bytes) of the stack segment for a process;
                   2256: this defines how far a program's stack segment may be extended.
                   2257: Stack extension is performed automatically by the system.
1.91      kamil    2258: .It Li proc.pid.rlimit.coredumpsize ( Dv PROC_PID_LIMIT_CORE )
1.1       pavel    2259: The largest size (in bytes)
                   2260: .Pa core
                   2261: file that may be created.
1.91      kamil    2262: .It Li proc.pid.rlimit.memoryuse ( Dv PROC_PID_LIMIT_RSS )
1.1       pavel    2263: The maximum size (in bytes) to which a process's resident set size may
                   2264: grow.
                   2265: This imposes a limit on the amount of physical memory to be given to
                   2266: a process; if memory is tight, the system will prefer to take memory
                   2267: from processes that are exceeding their declared resident set size.
1.91      kamil    2268: .It Li proc.pid.rlimit.memorylocked ( Dv PROC_PID_LIMIT_MEMLOCK )
1.1       pavel    2269: The maximum size (in bytes) which a process may lock into memory
                   2270: using the
                   2271: .Xr mlock 2
                   2272: function.
1.91      kamil    2273: .It Li proc.pid.rlimit.maxproc ( Dv PROC_PID_LIMIT_NPROC )
1.1       pavel    2274: The maximum number of simultaneous processes for this user id.
1.91      kamil    2275: .It Li proc.pid.rlimit.descriptors ( Dv PROC_PID_LIMIT_NOFILE )
1.1       pavel    2276: The maximum number of open files for this process.
1.91      kamil    2277: .It Li proc.pid.rlimit.sbsize ( Dv PROC_PID_LIMIT_SBSIZE )
1.22      snj      2278: The maximum size (in bytes) of the socket buffers
                   2279: set by the
                   2280: .Xr setsockopt 2
                   2281: .Dv SO_RCVBUF
                   2282: and
                   2283: .Dv SO_SNDBUF
                   2284: options.
1.91      kamil    2285: .It Li proc.pid.rlimit.vmemoryuse ( Dv PROC_PID_LIMIT_AS )
1.88      kamil    2286: The maximum size (in bytes) which a process can obtain.
1.91      kamil    2287: .It Li proc.pid.rlimit.maxlwp ( Dv PROC_PID_LIMIT_NTHR )
1.88      kamil    2288: The maximum number of threads that cen be created and running at one time in
                   2289: the process.
                   2290: The first thread of each process is not counted against this.
1.1       pavel    2291: .El
                   2292: .Pp
                   2293: The fifth level name is one of
1.91      kamil    2294: .Li soft ( Dv PROC_PID_LIMIT_TYPE_SOFT )
1.56      uwe      2295: or
1.91      kamil    2296: .Li hard ( Dv PROC_PID_LIMIT_TYPE_HARD ) ,
1.1       pavel    2297: to select respectively the soft or hard limit.
                   2298: Both are of type integer.
1.91      kamil    2299: .It Li proc.pid.stopfork ( Dv PROC_PID_STOPFORK )
1.1       pavel    2300: If non zero, the process' children will be stopped after
                   2301: .Xr fork 2
                   2302: calls.
1.112     pgoyette 2303: The children are created in the SSTOP state and are never scheduled
1.1       pavel    2304: for running before being stopped.
1.113     pgoyette 2305: This feature enables attaching to a process with a debugger such as
1.1       pavel    2306: .Xr gdb 1
1.113     pgoyette 2307: before the process has the opportunity to actually do anything.
1.1       pavel    2308: .Pp
                   2309: This value is inherited by the process's children, and it also
1.112     pgoyette 2310: applies to emulation specific system calls that fork a new process, such as
1.1       pavel    2311: .Fn sproc
                   2312: or
                   2313: .Fn clone .
1.91      kamil    2314: .It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC )
1.112     pgoyette 2315: If non zero, the process will be stopped on the next
1.1       pavel    2316: .Xr exec 3
                   2317: call.
                   2318: The process created by
                   2319: .Xr exec 3
                   2320: is created in the SSTOP state and is never scheduled for running
                   2321: before being stopped.
1.112     pgoyette 2322: This feature enables attaching to a process with a debugger such as
1.1       pavel    2323: .Xr gdb 1
1.113     pgoyette 2324: before the process has the opportunity to actually do anything.
1.1       pavel    2325: .Pp
                   2326: This value is inherited by the process's children.
1.91      kamil    2327: .It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT )
1.112     pgoyette 2328: If non zero, the process will be stopped when it has cause to exit,
1.1       pavel    2329: either by way of calling
                   2330: .Xr exit 3 ,
                   2331: .Xr _exit 2 ,
                   2332: or by the receipt of a specific signal.
                   2333: The process is stopped before any of its resources or vm space is
1.112     pgoyette 2334: released allowing examination of the termination state of the process
1.1       pavel    2335: before it disappears.
                   2336: This feature can be used to examine the final conditions of the
                   2337: process's vmspace via
                   2338: .Xr pmap 1
                   2339: or its resource settings with
                   2340: .Xr sysctl 8
                   2341: before it disappears.
                   2342: .Pp
                   2343: This value is also inherited by the process's children.
1.111     pgoyette 2344: .It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS )
                   2345: This read-only variable returns the current value of the process's pax
                   2346: flags (see
                   2347: .Xr paxctl 8 ) .
1.1       pavel    2348: .El
1.91      kamil    2349: .Ss The user.* subtree ( Dv CTL_USER )
1.1       pavel    2350: The string and integer information available for the
                   2351: .Li user
                   2352: level is detailed below.
                   2353: The changeable column shows whether a process with appropriate
                   2354: privilege may change the value.
1.21      joerg    2355: .Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent
1.107     wiz      2356: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.1       pavel    2357: .It user.atexit_max    integer no
                   2358: .It user.bc_base_max   integer no
                   2359: .It user.bc_dim_max    integer no
                   2360: .It user.bc_scale_max  integer no
                   2361: .It user.bc_string_max integer no
                   2362: .It user.coll_weights_max      integer no
                   2363: .It user.cs_path       string  no
                   2364: .It user.expr_nest_max integer no
                   2365: .It user.line_max      integer no
                   2366: .It user.posix2_c_bind integer no
                   2367: .It user.posix2_c_dev  integer no
                   2368: .It user.posix2_char_term      integer no
                   2369: .It user.posix2_fort_dev       integer no
                   2370: .It user.posix2_fort_run       integer no
                   2371: .It user.posix2_localedef      integer no
                   2372: .It user.posix2_sw_dev integer no
                   2373: .It user.posix2_upe    integer no
                   2374: .It user.posix2_version        integer no
                   2375: .It user.re_dup_max    integer no
                   2376: .It user.stream_max    integer no
                   2377: .It user.stream_max    integer no
                   2378: .It user.tzname_max    integer no
                   2379: .El
                   2380: .Bl -tag -width "123456"
1.91      kamil    2381: .It Li user.atexit_max ( Dv USER_ATEXIT_MAX )
1.1       pavel    2382: The maximum number of functions that may be registered with
                   2383: .Xr atexit 3 .
1.91      kamil    2384: .It Li user.bc_base_max ( Dv USER_BC_BASE_MAX )
1.1       pavel    2385: The maximum ibase/obase values in the
                   2386: .Xr bc 1
                   2387: utility.
1.91      kamil    2388: .It Li user.bc_dim_max ( Dv USER_BC_DIM_MAX )
1.1       pavel    2389: The maximum array size in the
                   2390: .Xr bc 1
                   2391: utility.
1.91      kamil    2392: .It Li user.bc_scale_max ( Dv USER_BC_SCALE_MAX )
1.1       pavel    2393: The maximum scale value in the
                   2394: .Xr bc 1
                   2395: utility.
1.91      kamil    2396: .It Li user.bc_string_max ( Dv USER_BC_STRING_MAX )
1.1       pavel    2397: The maximum string length in the
                   2398: .Xr bc 1
                   2399: utility.
1.91      kamil    2400: .It Li user.coll_weights_max ( Dv USER_COLL_WEIGHTS_MAX )
1.1       pavel    2401: The maximum number of weights that can be assigned to any entry of
                   2402: the LC_COLLATE order keyword in the locale definition file.
                   2403: .It Li user.cs_path ( USER_CS_PATH )
                   2404: Return a value for the
                   2405: .Ev PATH
                   2406: environment variable that finds all the standard utilities.
1.91      kamil    2407: .It Li user.expr_nest_max ( Dv USER_EXPR_NEST_MAX )
1.1       pavel    2408: The maximum number of expressions that can be nested within
                   2409: parenthesis by the
                   2410: .Xr expr 1
                   2411: utility.
1.91      kamil    2412: .It Li user.line_max ( Dv USER_LINE_MAX )
1.1       pavel    2413: The maximum length in bytes of a text-processing utility's input
                   2414: line.
1.91      kamil    2415: .It Li user.posix2_char_term ( Dv USER_POSIX2_CHAR_TERM )
1.1       pavel    2416: Return 1 if the system supports at least one terminal type capable of
1.58      wiz      2417: all operations described in
                   2418: .St -p1003.2 ,
                   2419: otherwise\ 0.
1.91      kamil    2420: .It Li user.posix2_c_bind ( Dv USER_POSIX2_C_BIND )
1.1       pavel    2421: Return 1 if the system's C-language development facilities support the
1.56      uwe      2422: C-Language Bindings Option, otherwise\ 0.
1.91      kamil    2423: .It Li user.posix2_c_dev ( Dv USER_POSIX2_C_DEV )
1.1       pavel    2424: Return 1 if the system supports the C-Language Development Utilities Option,
1.56      uwe      2425: otherwise\ 0.
1.91      kamil    2426: .It Li user.posix2_fort_dev ( Dv USER_POSIX2_FORT_DEV )
1.1       pavel    2427: Return 1 if the system supports the FORTRAN Development Utilities Option,
1.56      uwe      2428: otherwise\ 0.
1.91      kamil    2429: .It Li user.posix2_fort_run ( Dv USER_POSIX2_FORT_RUN )
1.1       pavel    2430: Return 1 if the system supports the FORTRAN Runtime Utilities Option,
1.56      uwe      2431: otherwise\ 0.
1.91      kamil    2432: .It Li user.posix2_localedef ( Dv USER_POSIX2_LOCALEDEF )
1.56      uwe      2433: Return 1 if the system supports the creation of locales, otherwise\ 0.
1.91      kamil    2434: .It Li user.posix2_sw_dev ( Dv USER_POSIX2_SW_DEV )
1.1       pavel    2435: Return 1 if the system supports the Software Development Utilities Option,
1.56      uwe      2436: otherwise\ 0.
1.91      kamil    2437: .It Li user.posix2_upe ( Dv USER_POSIX2_UPE )
1.1       pavel    2438: Return 1 if the system supports the User Portability Utilities Option,
1.56      uwe      2439: otherwise\ 0.
1.91      kamil    2440: .It Li user.posix2_version ( Dv USER_POSIX2_VERSION )
1.58      wiz      2441: The version of
                   2442: .St -p1003.2
                   2443: with which the system attempts to comply.
1.91      kamil    2444: .It Li user.re_dup_max ( Dv USER_RE_DUP_MAX )
1.1       pavel    2445: The maximum number of repeated occurrences of a regular expression
                   2446: permitted when using interval notation.
1.91      kamil    2447: .It Li user.stream_max ( Dv USER_STREAM_MAX )
1.1       pavel    2448: The minimum maximum number of streams that a process may have open
                   2449: at any one time.
1.91      kamil    2450: .It Li user.tzname_max ( Dv USER_TZNAME_MAX )
1.1       pavel    2451: The minimum maximum number of types supported for the name of a
                   2452: timezone.
                   2453: .El
1.91      kamil    2454: .Ss The vm.* subtree ( Dv CTL_VM )
1.1       pavel    2455: The string and integer information available for the
                   2456: .Li vm
                   2457: level is detailed below.
                   2458: The changeable column shows whether a process with appropriate
                   2459: privilege may change the value.
1.21      joerg    2460: .Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent
1.107     wiz      2461: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.1       pavel    2462: .It vm.anonmax int     yes
                   2463: .It vm.anonmin int     yes
                   2464: .It vm.bufcache        int     yes
                   2465: .It vm.bufmem  int     no
                   2466: .It vm.bufmem_hiwater  int     yes
                   2467: .It vm.bufmem_lowater  int     yes
                   2468: .It vm.execmax int     yes
                   2469: .It vm.execmin int     yes
                   2470: .It vm.filemax int     yes
                   2471: .It vm.filemin int     yes
                   2472: .It vm.loadavg struct loadavg  no
                   2473: .It vm.maxslp  int     no
                   2474: .It vm.nkmempages      int     no
                   2475: .It vm.uspace  int     no
                   2476: .It vm.uvmexp  struct uvmexp   no
                   2477: .It vm.uvmexp2 struct uvmexp_sysctl    no
                   2478: .It vm.vmmeter struct vmtotal  no
1.93      christos 2479: .It vm.proc.map        struct kinfo_vmentry    no
1.115     joerg    2480: .It vm.guard_size      unsigned int    no
                   2481: .It vm.thread_guard_size       unsigned int    yes
1.1       pavel    2482: .El
                   2483: .Bl -tag -width "123456"
1.91      kamil    2484: .It Li vm.anonmax ( Dv VM_ANONMAX )
1.1       pavel    2485: The percentage of physical memory which will be reclaimed
                   2486: from other types of memory usage to store anonymous application data.
1.91      kamil    2487: .It Li vm.anonmin ( Dv VM_ANONMIN )
1.1       pavel    2488: The percentage of physical memory which will be always be available for
                   2489: anonymous application data.
1.91      kamil    2490: .It Li vm.bufcache ( Dv VM_BUFCACHE )
1.1       pavel    2491: The percentage of physical memory which will be available
                   2492: for the buffer cache.
1.91      kamil    2493: .It Li vm.bufmem ( Dv VM_BUFMEM )
1.1       pavel    2494: The amount of kernel memory that is being used by the buffer cache.
1.91      kamil    2495: .It Li vm.bufmem_lowater ( Dv VM_BUFMEM_LOWATER )
1.1       pavel    2496: The minimum amount of kernel memory to reserve for the
                   2497: buffer cache.
1.91      kamil    2498: .It Li vm.bufmem_hiwater ( Dv VM_BUFMEM_HIWATER )
1.1       pavel    2499: The maximum amount of kernel memory to be used for the
                   2500: buffer cache.
1.91      kamil    2501: .It Li vm.execmax ( Dv VM_EXECMAX )
1.1       pavel    2502: The percentage of physical memory which will be reclaimed
                   2503: from other types of memory usage to store cached executable data.
1.91      kamil    2504: .It Li vm.execmin ( Dv VM_EXECMIN )
1.1       pavel    2505: The percentage of physical memory which will be always be available for
                   2506: cached executable data.
1.91      kamil    2507: .It Li vm.filemax ( Dv VM_FILEMAX )
1.1       pavel    2508: The percentage of physical memory which will be reclaimed
                   2509: from other types of memory usage to store cached file data.
1.91      kamil    2510: .It Li vm.filemin ( Dv VM_FILEMIN )
1.1       pavel    2511: The percentage of physical memory which will be always be available for
                   2512: cached file data.
1.91      kamil    2513: .It Li vm.loadavg ( Dv VM_LOADAVG )
1.1       pavel    2514: Return the load average history.
                   2515: The returned data consists of a
1.56      uwe      2516: .Vt struct loadavg .
1.91      kamil    2517: .It Li vm.maxslp ( Dv VM_MAXSLP )
1.1       pavel    2518: The value of the maxslp kernel global variable.
1.91      kamil    2519: .It Li vm.vmmeter ( Dv VM_METER )
1.1       pavel    2520: Return system wide virtual memory statistics.
                   2521: The returned data consists of a
1.56      uwe      2522: .Vt struct vmtotal .
1.31      drochner 2523: .It vm.user_va0_disable
1.56      uwe      2524: A flag which controls whether user processes can map virtual address\ 0.
1.93      christos 2525: .It Li vm.proc.map ( Dv VM_PROC )
1.94      wiz      2526: The third level is
1.116     wiz      2527: .Dv VM_PROC_MAP ,
1.93      christos 2528: the fourth is the pid of the process to display the vm object entries for, and
                   2529: the fifth is the size of
                   2530: .Vt struct kinfo_vmentry .
                   2531: Returns an array of
                   2532: .Vt struct kinfo_vmentry
                   2533: objects.
1.141   ! jdolecek 2534: .It Li vm.ubc_direct
        !          2535: Use direct map for UBC I/O, avoiding need to map and unmap buffer memory.
        !          2536: Speeds up operation for fast I/O devices like NVMe, especially
        !          2537: on multi-CPU systems.
        !          2538: Only available on some architectures.
        !          2539: Currently still experimental, default is off.
1.91      kamil    2540: .It Li vm.uspace ( Dv VM_USPACE )
1.1       pavel    2541: The number of bytes allocated for each kernel stack.
1.91      kamil    2542: .It Li vm.uvmexp ( Dv VM_UVMEXP )
1.1       pavel    2543: Return system wide virtual memory statistics.
                   2544: The returned data consists of a
1.56      uwe      2545: .Vt struct uvmexp .
1.91      kamil    2546: .It Li vm.uvmexp2 ( Dv VM_UVMEXP2 )
1.1       pavel    2547: Return system wide virtual memory statistics.
                   2548: The returned data consists of a
1.56      uwe      2549: .Vt struct uvmexp_sysctl .
1.115     joerg    2550: .It Li vm.guard_size
                   2551: Return system wide guard size for the main thread of a program.
                   2552: .It Li vm.thread_guard_size
                   2553: Return system wide default size for the guard area of all other threads
                   2554: of a program.
1.1       pavel    2555: .\" XXX vm.idlezero
                   2556: .El
1.91      kamil    2557: .Ss The ddb.* subtree ( Dv CTL_DDB )
1.34      jruoho   2558: The information available for the
1.1       pavel    2559: .Li ddb
                   2560: level is detailed below.
                   2561: The changeable column shows whether a process with appropriate
                   2562: privilege may change the value.
1.21      joerg    2563: .Bl -column "Second level name" "integer" "Changeable" -offset indent
1.107     wiz      2564: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.122     sevan    2565: .It ddb.commandonenter string  yes
1.125     wiz      2566: .It ddb.dumpstack      integer yes
1.122     sevan    2567: .It ddb.fromconsole    integer yes
                   2568: .It ddb.lines  integer yes
1.1       pavel    2569: .It ddb.maxoff integer yes
1.34      jruoho   2570: .It ddb.maxwidth       integer yes
1.122     sevan    2571: .It ddb.onpanic        integer yes
                   2572: .It ddb.panicstackframes       integer yes
                   2573: .It ddb.radix  integer yes
1.1       pavel    2574: .It ddb.tabstops       integer yes
1.34      jruoho   2575: .It ddb.tee_msgbuf     integer yes
1.1       pavel    2576: .El
                   2577: .Bl -tag -width "123456"
1.122     sevan    2578: .It Li ddb.commandonenter
1.124     sevan    2579: If not empty, the string is used as the DDB command to be executed each time
                   2580: DDB is entered.
1.123     sevan    2581: .It Li ddb.dumpstack
                   2582: A value of 1 causes a stack trace to be printed on entering ddb from a panic.
1.125     wiz      2583: A value of 0 disables this behaviour.
                   2584: The default value is 1.
1.122     sevan    2585: .It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE )
                   2586: If not zero, DDB may be entered by sending a break on a serial
                   2587: console or by a special key sequence on a graphics console.
                   2588: .It Li ddb.lines ( Dv DDBCTL_LINES )
                   2589: Number of display lines.
1.91      kamil    2590: .It Li ddb.maxoff ( Dv DDBCTL_MAXOFF )
1.1       pavel    2591: The maximum symbol offset.
1.91      kamil    2592: .It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH )
1.34      jruoho   2593: The maximum output line width.
1.91      kamil    2594: .It Li ddb.onpanic ( Dv DDBCTL_ONPANIC )
1.63      riz      2595: If greater than zero, DDB will be entered if the kernel panics.
1.123     sevan    2596: A value of 1 causes the system to enter DDB on panic.
1.63      riz      2597: A value of 0 causes the kernel to attempt to print a stack trace, then
1.64      wiz      2598: reboot, while a value of \-1 means neither a stack trace will be printed
1.63      riz      2599: nor DDB entered.
1.118     christos 2600: .It Li ddb.panicstackframes
                   2601: Number of stack frames to display on panic.
1.120     wiz      2602: Useful to avoid scrolling away the interesting frames on a glass tty.
1.118     christos 2603: Default value is
                   2604: .Dv 65535
                   2605: (all frames), useful value around
                   2606: .Dv 10 .
1.122     sevan    2607: .It Li ddb.radix ( Dv DDBCTL_RADIX )
                   2608: The input and output radix.
                   2609: .It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS )
                   2610: Tab width.
                   2611: .It Li ddb.tee_msgbuf
                   2612: If not zero, DDB will output also to the kernel message buffer.
1.1       pavel    2613: .El
                   2614: .Pp
1.119     wiz      2615: Some of these MIB
1.34      jruoho   2616: nodes are also available as variables from within the debugger.
1.1       pavel    2617: See
                   2618: .Xr ddb 4
                   2619: for more details.
1.91      kamil    2620: .Ss The security.* subtree ( Dv CTL_SECURITY )
1.1       pavel    2621: The
                   2622: .Li security
                   2623: level contains various security-related settings for
1.2       wiz      2624: the system.
1.43      jruoho   2625: The available second level names are:
                   2626: .Bl -column "Second level name" "integer" "Changeable" -offset indent
1.107     wiz      2627: .It Sy Second level name Ta Sy Type Ta Sy Changeable
1.43      jruoho   2628: .It Li security.curtain        integer yes
                   2629: .It Li security.models node    not applicable
                   2630: .It Li security.pax    node    not applicable
                   2631: .El
                   2632: .Pp
1.2       wiz      2633: Available settings are detailed below.
1.1       pavel    2634: .Bl -tag -width "123456"
                   2635: .It Li security.curtain
1.119     wiz      2636: If non-zero, will filter return objects according to the user ID
1.95      pgoyette 2637: requesting information about them, preventing users from
                   2638: accessing any objects they do not own.
1.1       pavel    2639: .Pp
                   2640: At the moment, it affects
                   2641: .Xr ps 1 ,
                   2642: .Xr netstat 1
                   2643: (for
                   2644: .Dv PF_INET ,
                   2645: .Dv PF_INET6 ,
                   2646: and
                   2647: .Dv PF_UNIX
                   2648: PCBs), and
                   2649: .Xr w 1 .
1.4       elad     2650: .It Li security.models
                   2651: .Nx
                   2652: supports pluggable security models.
1.17      ad       2653: Every security model used, whether if loaded as a module or built with the system,
1.4       elad     2654: is required to add an entry to this node with at least one element,
                   2655: .Dq name ,
                   2656: indicating the name of the security model.
                   2657: .Pp
                   2658: In addition to the name, any settings and other information private to the
                   2659: security model will be available under this node.
                   2660: See
                   2661: .Xr secmodel 9
                   2662: for more information.
1.1       pavel    2663: .It Li security.pax
1.133     wiz      2664: Settings for PaX \(em exploit mitigation features.
1.4       elad     2665: For more information on any of the PaX features, please see
                   2666: .Xr paxctl 8
                   2667: and
1.62      jruoho   2668: .Xr security 7 .
1.43      jruoho   2669: The available third and fourth level names are:
                   2670: .Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \
                   2671: -offset 2n
                   2672: .It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable
                   2673: .It Li security.pax.aslr.enabled       integer yes
                   2674: .\".It Li security.pax.aslr.exec_len   integer yes
                   2675: .It Li security.pax.aslr.global        integer yes
                   2676: .\".It Li security.pax.aslr.mmap_len   integer yes
                   2677: .\".It Li security.pax.aslr.stack_len  integer yes
                   2678: .It Li security.pax.mprotect.enabled   integer yes
                   2679: .It Li security.pax.mprotect.global    integer yes
1.100     christos 2680: .It Li security.pax.mprotect.ptrace    integer yes
1.43      jruoho   2681: .It Li security.pax.segvguard.enabled  integer yes
                   2682: .It Li security.pax.segvguard.expiry_timeout   integer yes
                   2683: .It Li security.pax.segvguard.global   integer yes
                   2684: .It Li security.pax.segvguard.max_crashes      integer yes
                   2685: .It Li security.pax.segvguard.suspend_timeout  integer yes
                   2686: .El
1.1       pavel    2687: .Bl -tag -width "123456"
1.43      jruoho   2688: .It Li security.pax.aslr.enabled
1.14      elad     2689: Enable PaX ASLR (Address Space Layout Randomization).
                   2690: .Pp
                   2691: The value of this
                   2692: knob must be non-zero for PaX ASLR to be enabled, even if a program is set to
                   2693: explicit enable.
1.43      jruoho   2694: .\".It Li security.pax.aslr.exec_len
                   2695: .\" XXX: Undocumented.
1.14      elad     2696: .It Li security.pax.aslr.global
                   2697: Specifies the default global policy for programs without an
                   2698: explicit enable/disable flag.
                   2699: .Pp
                   2700: When non-zero, all programs will get PaX ASLR, except those exempted with
1.69      wiz      2701: .Xr paxctl 8 .
1.14      elad     2702: Otherwise, all programs will not get PaX ASLR, except those specifically
                   2703: marked as such with
                   2704: .Xr paxctl 8 .
1.43      jruoho   2705: .\".It Li security.pax.aslr.mmap_len
                   2706: .\" XXX: Undocumented.
                   2707: .\" .It Li security.pax.aslr.stack_len
                   2708: .\" XXX: Undocumented.
                   2709: .It Li security.pax.mprotect.enabled
1.1       pavel    2710: Enable PaX MPROTECT restrictions.
                   2711: .Pp
                   2712: These are
                   2713: .Xr mprotect 2
1.2       wiz      2714: restrictions to better enforce a W^X policy.
                   2715: The value of this
1.1       pavel    2716: knob must be non-zero for PaX MPROTECT to be enabled, even if a
                   2717: program is set to explicit enable.
                   2718: .It Li security.pax.mprotect.global
                   2719: Specifies the default global policy for programs without an
                   2720: explicit enable/disable flag.
                   2721: .Pp
                   2722: When non-zero, all programs will get the PaX MPROTECT restrictions,
                   2723: except those exempted with
1.69      wiz      2724: .Xr paxctl 8 .
1.1       pavel    2725: Otherwise, all programs will not get the PaX MPROTECT restrictions,
                   2726: except those specifically marked as such with
1.4       elad     2727: .Xr paxctl 8 .
1.100     christos 2728: .It Li security.pax.mprotect.ptrace
                   2729: This variable allows
                   2730: .Xr ptrace 2
                   2731: to override PaX MPROTECT permissions.
                   2732: It can have the following values:
                   2733: .Bl -tag -width XX -compact
                   2734: .It 0
                   2735: Does not let override any permissions.
                   2736: .It 1
                   2737: Disables PaX MPROTECT from processes that start executing while traced (default).
                   2738: .It 2
                   2739: Bypasses PaX MPROTECT for all processes being traced.
                   2740: .El
1.43      jruoho   2741: .It Li security.pax.segvguard.enabled
1.1       pavel    2742: Enable PaX Segvguard.
                   2743: .Pp
                   2744: PaX Segvguard can detect and prevent certain exploitation attempts, where
                   2745: an attacker may try for example to brute-force function return addresses
                   2746: of respawning daemons.
                   2747: .Pp
                   2748: .Em Note :
                   2749: The
                   2750: .Nx
                   2751: interface and implementation of the Segvguard is still experimental, and may
                   2752: change in future releases.
1.43      jruoho   2753: .It Li security.pax.segvguard.expiry_timeout
                   2754: If the max number was not reached within this timeout (in seconds), the entry
                   2755: will expire.
1.1       pavel    2756: .It Li security.pax.segvguard.global
                   2757: Specifies the default global policy for programs without an
                   2758: explicit enable/disable flag.
                   2759: .Pp
                   2760: When non-zero, all programs will get the PaX Segvguard,
                   2761: except those exempted with
1.69      wiz      2762: .Xr paxctl 8 .
1.2       wiz      2763: Otherwise, no program will get the PaX Segvguard restrictions,
1.1       pavel    2764: except those specifically marked as such with
1.4       elad     2765: .Xr paxctl 8 .
1.43      jruoho   2766: .It Li security.pax.segvguard.max_crashes
                   2767: The maximum number of segfaults a program can receive before suspension.
1.1       pavel    2768: .It Li security.pax.segvguard.suspend_timeout
                   2769: Number of seconds to suspend a user from running a faulting program when the
                   2770: limit was exceeded.
                   2771: .El
                   2772: .El
1.91      kamil    2773: .Ss The vendor.* subtree ( Dv CTL_VENDOR )
1.1       pavel    2774: The
                   2775: .Li vendor
                   2776: toplevel name is reserved to be used by vendors who wish to
                   2777: have their own private MIB tree.
                   2778: Intended use is to store values under
1.114     wiz      2779: .Dq vendor.<yourname>.* .
1.1       pavel    2780: .Sh SEE ALSO
                   2781: .Xr sysctl 3 ,
                   2782: .Xr ipsec 4 ,
                   2783: .Xr tcp 4 ,
1.62      jruoho   2784: .Xr security 7 ,
1.1       pavel    2785: .Xr sysctl 8
                   2786: .Sh HISTORY
                   2787: The
                   2788: .Nm
                   2789: variables first appeared in
                   2790: .Bx 4.4 .

CVSweb <webmaster@jp.NetBSD.org>