[BACK]Return to sysctl.7 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / share / man / man7

Annotation of src/share/man/man7/sysctl.7, Revision 1.83

1.83    ! wiz         1: .\"    $NetBSD: sysctl.7,v 1.82 2014/06/13 19:09:07 joerg Exp $
1.1       pavel       2: .\"
                      3: .\" Copyright (c) 1993
                      4: .\"    The Regents of the University of California.  All rights reserved.
                      5: .\"
                      6: .\" Redistribution and use in source and binary forms, with or without
                      7: .\" modification, are permitted provided that the following conditions
                      8: .\" are met:
                      9: .\" 1. Redistributions of source code must retain the above copyright
                     10: .\"    notice, this list of conditions and the following disclaimer.
                     11: .\" 2. Redistributions in binary form must reproduce the above copyright
                     12: .\"    notice, this list of conditions and the following disclaimer in the
                     13: .\"    documentation and/or other materials provided with the distribution.
                     14: .\" 3. Neither the name of the University nor the names of its contributors
                     15: .\"    may be used to endorse or promote products derived from this software
                     16: .\"    without specific prior written permission.
                     17: .\"
                     18: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
                     19: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
                     20: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
                     21: .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
                     22: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
                     23: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
                     24: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
                     25: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
                     26: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
                     27: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
                     28: .\" SUCH DAMAGE.
                     29: .\"
                     30: .\"    @(#)sysctl.3    8.4 (Berkeley) 5/9/95
                     31: .\"
1.82      joerg      32: .Dd June 13, 2014
1.1       pavel      33: .Dt SYSCTL 7
                     34: .Os
                     35: .Sh NAME
                     36: .Nm sysctl
                     37: .Nd system information variables
                     38: .Sh DESCRIPTION
                     39: The
                     40: .Xr sysctl 3
                     41: library function and the
                     42: .Xr sysctl 8
                     43: utility are used to get and set values of system variables, maintained
                     44: by the kernel.
                     45: The variables are organized in a tree and identified by a sequence of
                     46: numbers, conventionally separated by dots with the topmost identifier
                     47: at the left side.
                     48: The numbers have corresponding text names.
                     49: The
                     50: .Xr sysctlnametomib 3
                     51: function or the
                     52: .Fl M
                     53: argument to the
                     54: .Xr sysctl 8
                     55: utility can be used to convert the text representation to the
                     56: numeric one.
                     57: .Pp
                     58: The individual sysctl variables are described below, both the textual
                     59: and numeric form where applicable.
                     60: The textual names can be used as argument to the
                     61: .Xr sysctl 8
                     62: utility and in the file
                     63: .Pa /etc/sysctl.conf .
                     64: The numeric names are usually defined as preprocessor constants and
                     65: are intended for use by programs.
                     66: Every such constant expands to one integer, which identifies the
                     67: sysctl variable relative to the upper level of the tree.
                     68: See the
                     69: .Xr sysctl 3
                     70: manual page for programming examples.
1.50      jruoho     71: .Ss Top level names
1.56      uwe        72: The top level names are defined with a
                     73: .Va CTL_
                     74: prefix in
1.33      joerg      75: .In sys/sysctl.h ,
1.1       pavel      76: and are as follows.
                     77: The next and subsequent levels down are found in the include files
                     78: listed here, and described in separate sections below.
1.56      uwe        79: .Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits"
                     80: .It Sy Name  Ta Sy Constant     Ta Sy Next level names Ta Sy Description
                     81: .It kern     Ta Dv CTL_KERN     Ta In sys/sysctl.h     Ta High kernel limits
                     82: .It vm       Ta Dv CTL_VM       Ta In uvm/uvm_param.h  Ta Virtual memory
                     83: .It vfs      Ta Dv CTL_VFS      Ta In sys/mount.h      Ta Filesystem
                     84: .It net      Ta Dv CTL_NET      Ta In sys/socket.h     Ta Networking
                     85: .It debug    Ta Dv CTL_DEBUG    Ta In sys/sysctl.h     Ta Debugging
                     86: .It hw       Ta Dv CTL_HW       Ta In sys/sysctl.h     Ta Generic CPU, I/O
                     87: .It machdep  Ta Dv CTL_MACHDEP  Ta In sys/sysctl.h     Ta Machine dependent
                     88: .It user     Ta Dv CTL_USER     Ta In sys/sysctl.h     Ta User-level
                     89: .It ddb      Ta Dv CTL_DDB      Ta In sys/sysctl.h     Ta In-kernel debugger
                     90: .It proc     Ta Dv CTL_PROC     Ta In sys/sysctl.h     Ta Per-process
                     91: .It vendor   Ta Dv CTL_VENDOR   Ta ?                   Ta Vendor specific
                     92: .It emul     Ta Dv CTL_EMUL     Ta In sys/sysctl.h     Ta Emulation settings
                     93: .It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h     Ta Security settings
1.1       pavel      94: .El
1.50      jruoho     95: .Ss The debug.* subtree
1.1       pavel      96: The debugging variables vary from system to system.
                     97: A debugging variable may be added or deleted without need to recompile
                     98: .Nm
                     99: to know about it.
                    100: Each time it runs,
                    101: .Nm
                    102: gets the list of debugging variables from the kernel and
                    103: displays their current values.
                    104: The system defines twenty
1.56      uwe       105: .Vt ( struct ctldebug )
1.1       pavel     106: variables named
                    107: .Dv debug0
                    108: through
                    109: .Dv debug19 .
                    110: They are declared as separate variables so that they can be
                    111: individually initialized at the location of their associated variable.
                    112: The loader prevents multiple use of the same variable by issuing errors
                    113: if a variable is initialized in more than one place.
                    114: For example, to export the variable
1.56      uwe       115: .Va dospecialcheck
1.1       pavel     116: as a debugging variable, the following declaration would be used:
1.43      jruoho    117: .Pp
1.1       pavel     118: .Bd -literal -offset indent -compact
                    119: int dospecialcheck = 1;
                    120: struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck };
                    121: .Ed
                    122: .Pp
                    123: Note that the dynamic implementation of
                    124: .Nm
                    125: currently in use largely makes this particular
                    126: .Nm
                    127: interface obsolete.
                    128: See
                    129: .Xr sysctl 8
                    130: .\" and
                    131: .\" .Xr sysctl 9
                    132: for more information.
1.50      jruoho    133: .Ss The vfs.* subtree
1.1       pavel     134: A distinguished second level name,
                    135: .Li vfs.generic ( VFS_GENERIC ) ,
1.57      wiz       136: is used to get general information about all file systems.
1.26      elad      137: It has the following third level identifiers:
1.56      uwe       138: .Bl -tag -width "123456"
                    139: .It Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM )
1.57      wiz       140: The highest valid file system type number.
1.56      uwe       141: .It Li vfs.generic.conf ( VFS_CONF )
1.57      wiz       142: Returns configuration information about the file system type given as a fourth
1.26      elad      143: level identifier.
1.59      christos  144: .It Li vfs.generic.usermount ( VFS_USERMOUNT )
1.68      jym       145: Determines if non superuser mounts are allowed, defaults to
1.59      christos  146: .Dv 0 .
                    147: .It Li vfs.generic.magiclinks ( VFS_MAGICLINKS )
                    148: Controls if expansion of variables is going to be performed on pathnames
                    149: or not.
                    150: Defaults to no variable expansion,
                    151: .Dv 0 .
                    152: Variables are of the form
                    153: .Li @name
1.60      christos  154: and the variables supported are described in
                    155: .Xr symlink 7
                    156: under
                    157: .Dq "MAGIC SYMLINKS" .
1.26      elad      158: .El
                    159: .Pp
1.54      christos  160: A second level name for controlling the
                    161: .Xr wapbl 4
                    162: (Write Ahead Physical Block Logging file system journalling)
                    163: capabilities with the following third level identifiers:
1.56      uwe       164: .Bl -tag -width "123456"
                    165: .It Li vfs.wapbl.flush_disk_cache
1.55      wiz       166: Controls whether to attempt to flush the disk cache on each commit.
1.77      apb       167: It defaults to 1 and it should always be on to ensure integrity
                    168: of file system metadata in the event of a power loss.
1.54      christos  169: For slow disks, turning it off can improve performance.
1.56      uwe       170: .It Li vfs.wapbl.verbose_commit
1.55      wiz       171: For each transaction log commit, print the number of bytes written
                    172: and the time it took to commit as seconds.nanoseconds.
1.54      christos  173: .El
                    174: .Pp
1.57      wiz       175: The remaining second level identifiers are the file system names, identified
1.26      elad      176: by the type number returned by a
1.1       pavel     177: .Xr statvfs 2
                    178: call or from
1.27      wiz       179: .Li vfs.generic.conf .
1.56      uwe       180: .Pp
1.57      wiz       181: The third level identifiers available for each file system
1.1       pavel     182: are given in the header file that defines the mount
1.57      wiz       183: argument structure for that file system.
1.50      jruoho    184: .Ss The hw.* subtree
1.1       pavel     185: The string and integer information available for the
                    186: .Li hw
                    187: level is detailed below.
                    188: The changeable column shows whether a process with appropriate
                    189: privilege may change the value.
1.37      jruoho    190: .Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent
1.1       pavel     191: .It Sy Second level name       Type    Changeable
                    192: .It hw.alignbytes      integer no
                    193: .It hw.byteorder       integer no
                    194: .It hw.cnmagic string  yes
                    195: .It hw.disknames       string  no
                    196: .It hw.diskstats       struct  no
                    197: .It hw.machine string  no
                    198: .It hw.machine_arch    string  no
                    199: .It hw.model   string  no
                    200: .It hw.ncpu    integer no
                    201: .It hw.pagesize        integer no
                    202: .It hw.physmem integer no
                    203: .It hw.physmem64       quad    no
                    204: .It hw.usermem integer no
                    205: .It hw.usermem64       quad    no
                    206: .El
                    207: .Pp
                    208: .Bl -tag -width "123456"
                    209: .It Li hw.alignbytes ( HW_ALIGNBYTES )
                    210: Alignment constraint for all possible data types.
                    211: This shows the value
                    212: .Dv ALIGNBYTES
                    213: in
1.56      uwe       214: .In machine/param.h ,
1.1       pavel     215: at the kernel compilation time.
                    216: .It Li hw.byteorder ( HW_BYTEORDER )
1.56      uwe       217: The byteorder (4321, or 1234).
1.1       pavel     218: .It Li hw.cnmagic ( HW_CNMAGIC )
                    219: The console magic key sequence.
                    220: .It Li hw.disknames ( HW_DISKNAMES )
                    221: The list of (space separated) disk device names on the system.
                    222: .It Li hw.iostatnames ( HW_IOSTATNAMES )
                    223: A space separated list of devices that will have I/O statistics
                    224: collected on them.
                    225: .It Li hw.iostats ( HW_IOSTATS )
                    226: Return statistical information on the NFS mounts, disk and tape
                    227: devices on the system.
                    228: An array of
1.56      uwe       229: .Vt struct io_sysctl
1.1       pavel     230: structures is returned,
                    231: whose size depends on the current number of such objects in the system.
                    232: The third level name is the size of the
1.56      uwe       233: .Vt struct io_sysctl .
1.1       pavel     234: The type of object can be determined by examining the
                    235: .Va type
                    236: element of
1.56      uwe       237: .Vt struct io_sysctl .
1.1       pavel     238: Which can be
                    239: .Dv IOSTAT_DISK
                    240: (disk drive),
                    241: .Dv IOSTAT_TAPE
                    242: (tape drive), or
                    243: .Dv IOSTAT_NFS
                    244: (NFS mount).
                    245: .It Li hw.machine ( HW_MACHINE )
                    246: The machine class.
                    247: .It Li hw.machine_arch ( HW_MACHINE_ARCH )
                    248: The machine CPU class.
                    249: .It Li hw.model ( HW_MODEL )
                    250: The machine model.
                    251: .It Li hw.ncpu ( HW_NCPU )
                    252: The number of CPUs.
                    253: .It Li hw.pagesize ( HW_PAGESIZE )
                    254: The software page size.
                    255: .It Li hw.physmem ( HW_PHYSMEM )
                    256: The bytes of physical memory as a 32-bit integer.
                    257: .It Li hw.physmem64 ( HW_PHYSMEM64 )
                    258: The bytes of physical memory as a 64-bit integer.
                    259: .It Li hw.usermem ( HW_USERMEM )
                    260: The bytes of non-kernel memory as a 32-bit integer.
                    261: .It Li hw.usermem64 ( HW_USERMEM64 )
                    262: The bytes of non-kernel memory as a 64-bit integer.
                    263: .El
1.50      jruoho    264: .Ss The kern.* subtree
1.43      jruoho    265: This subtree includes data generally related to the kernel.
1.1       pavel     266: The string and integer information available for the
                    267: .Li kern
                    268: level is detailed below.
                    269: The changeable column shows whether a process with appropriate
                    270: privilege may change the value.
1.43      jruoho    271: .Bl -column "kern.posix_reader_writer_locks" \
                    272: "struct kinfo_drivers" "not applicable"
1.1       pavel     273: .It Sy Second level name       Type    Changeable
1.51      jruoho    274: .It kern.aio_listio_max        integer yes
                    275: .It kern.aio_max       integer yes
1.44      jruoho    276: .It kern.arandom       integer no
1.1       pavel     277: .It kern.argmax        integer no
1.39      jruoho    278: .It kern.boothowto     integer no
1.1       pavel     279: .It kern.boottime      struct timeval  no
1.39      jruoho    280: .\".It kern.bufq       node    not applicable
1.1       pavel     281: .It kern.ccpu  integer no
                    282: .It kern.clockrate     struct clockinfo        no
                    283: .It kern.consdev       integer no
1.39      jruoho    284: .It kern.coredump      node    not applicable
1.21      joerg     285: .It kern.cp_id struct  no
                    286: .It kern.cp_time       uint64_t[\|]    no
1.46      jruoho    287: .It kern.cryptodevallowsoft    integer yes
1.1       pavel     288: .It kern.defcorename   string  yes
1.38      jruoho    289: .It kern.detachall     integer yes
1.1       pavel     290: .It kern.domainname    string  yes
                    291: .It kern.drivers       struct kinfo_drivers    no
1.39      jruoho    292: .It kern.dump_on_panic integer yes
1.1       pavel     293: .It kern.file  struct file     no
                    294: .It kern.forkfsleep    integer yes
                    295: .It kern.fscale        integer no
                    296: .It kern.fsync integer no
1.21      joerg     297: .It kern.hardclock_ticks       integer no
1.1       pavel     298: .It kern.hostid        integer yes
                    299: .It kern.hostname      string  yes
1.21      joerg     300: .It kern.iov_max       integer no
1.39      jruoho    301: .It kern.ipc   node    not applicable
1.21      joerg     302: .It kern.job_control   integer no
1.1       pavel     303: .It kern.labeloffset   integer no
                    304: .It kern.labelsector   integer no
1.21      joerg     305: .It kern.login_name_max        integer no
1.1       pavel     306: .It kern.logsigexit    integer yes
1.21      joerg     307: .It kern.mapped_files  integer no
1.1       pavel     308: .It kern.maxfiles      integer yes
1.70      christos  309: .It kern.maxlwp        integer yes
1.1       pavel     310: .It kern.maxpartitions integer no
                    311: .It kern.maxphys       integer no
                    312: .It kern.maxproc       integer yes
                    313: .It kern.maxptys       integer yes
                    314: .It kern.maxvnodes     integer yes
                    315: .It kern.mbuf  node    not applicable
                    316: .It kern.memlock       integer no
1.21      joerg     317: .It kern.memlock_range integer no
                    318: .It kern.memory_protection     integer no
1.42      jruoho    319: .It kern.module        node    not applicable
1.21      joerg     320: .It kern.monotonic_clock       integer no
1.49      jruoho    321: .It kern.mqueue        node    not applicable
1.1       pavel     322: .It kern.msgbuf        integer no
                    323: .It kern.msgbufsize    integer no
                    324: .It kern.ngroups       integer no
1.41      jruoho    325: .\".It kern.no_sa_support      integer yes
1.1       pavel     326: .It kern.ntptime       struct ntptimeval       no
                    327: .It kern.osrelease     string  no
1.39      jruoho    328: .It kern.osrevision    integer no
1.1       pavel     329: .It kern.ostype        string  no
1.41      jruoho    330: .\".It kern.panic_now  integer yes
1.1       pavel     331: .It kern.pipe  node    not applicable
1.82      joerg     332: .It kern.pool  struct pool_sysctl      no
1.39      jruoho    333: .\" .It kern.posix     node    not applicable
                    334: .It kern.posix1version integer no
1.51      jruoho    335: .It kern.posix_aio     integer no
1.21      joerg     336: .It kern.posix_barriers        integer no
                    337: .It kern.posix_reader_writer_locks     integer no
1.39      jruoho    338: .\".It kern.posix_sched        integer yes
1.21      joerg     339: .It kern.posix_semaphores      integer no
                    340: .It kern.posix_spin_locks      integer no
                    341: .It kern.posix_threads integer no
                    342: .It kern.posix_timers  integer no
1.1       pavel     343: .It kern.proc  struct kinfo_proc       no
                    344: .It kern.proc2 struct kinfo_proc2      no
1.21      joerg     345: .It kern.proc_args     string  no
1.39      jruoho    346: .It kern.profiling     node    not applicable
1.41      jruoho    347: .\".It kern.pset       node    not applicable
1.1       pavel     348: .It kern.rawpartition  integer no
1.21      joerg     349: .It kern.root_device   string  no
                    350: .It kern.root_partition        integer no
                    351: .It kern.rtc_offset    integer yes
                    352: .It kern.saved_ids     integer no
1.39      jruoho    353: .It kern.sbmax integer yes
1.41      jruoho    354: .\".It kern.sched      node    not applicable
1.1       pavel     355: .It kern.securelevel   integer raise only
1.39      jruoho    356: .It kern.somaxkva      integer yes
1.21      joerg     357: .It kern.synchronized_io       integer no
1.19      christos  358: .It kern.timecounter   node    not applicable
1.1       pavel     359: .It kern.timex struct  no
                    360: .It kern.tkstat        node    not applicable
1.66      christos  361: .It kern.tty   node    not applicable
1.1       pavel     362: .It kern.urandom       integer no
1.45      jruoho    363: .It kern.usercrypto    integer yes
                    364: .It kern.userasymcrypto        integer yes
1.39      jruoho    365: .It kern.veriexec      node    not applicable
1.1       pavel     366: .It kern.version       string  no
                    367: .It kern.vnode struct vnode    no
                    368: .El
                    369: .Bl -tag -width "123456"
1.51      jruoho    370: .It Li kern.aio_listio_max
                    371: The maximum number of asynchronous
                    372: .Tn I/O
                    373: operations in a single list I/O call.
                    374: Like with all variables related to
                    375: .Xr aio 3 ,
                    376: the variable may be created and removed dynamically
                    377: upon loading or unloading the corresponding kernel module.
                    378: .It Li kern.aio_max
                    379: The maximum number of asynchronous I/O operations.
1.44      jruoho    380: .It Li kern.arandom
                    381: This variable picks a random number each time it is queried.
                    382: The used random number generator
1.56      uwe       383: .Pf ( Tn RNG )
1.44      jruoho    384: is based on
                    385: .Xr arc4random 3 .
1.1       pavel     386: .It Li kern.argmax ( KERN_ARGMAX )
                    387: The maximum bytes of argument to
                    388: .Xr execve 2 .
1.23      apb       389: .It Li kern.boothowto
                    390: Flags passed from the boot loader; see
                    391: .Xr reboot 2
                    392: for the meanings of the flags.
1.1       pavel     393: .It Li kern.boottime ( KERN_BOOTTIME )
                    394: A
1.56      uwe       395: .Vt struct timeval
1.1       pavel     396: structure is returned.
                    397: This structure contains the time that the system was booted.
1.41      jruoho    398: .\" .It Li kern.bufq
                    399: .\" XXX: Undocumented.
1.1       pavel     400: .It Li kern.ccpu ( KERN_CCPU )
                    401: The scheduler exponential decay value.
                    402: .It Li kern.clockrate ( KERN_CLOCKRATE )
                    403: A
1.56      uwe       404: .Vt struct clockinfo
1.1       pavel     405: structure is returned.
                    406: This structure contains the clock, statistics clock and profiling clock
                    407: frequencies, the number of micro-seconds per hz tick, and the clock
                    408: skew rate.
1.36      jruoho    409: Refer to
                    410: .Xr hz 9
                    411: for additional details.
1.1       pavel     412: .It Li kern.consdev ( KERN_CONSDEV )
                    413: Console device.
1.39      jruoho    414: .It Li kern.coredump
                    415: Settings related to set-id processes coredumps.
                    416: By default, set-id processes do not dump core in situations where
                    417: other processes would.
                    418: The settings in this node allows an administrator to change this
                    419: behavior.
                    420: .Pp
                    421: The third level name is
                    422: .Dv kern.coredump.setid
1.40      jruoho    423: and fourth level variables are described below.
                    424: .Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent
                    425: .It Sy Fourth level name       Type    Changeable
                    426: .It kern.coredump.setid.dump   integer yes
                    427: .It kern.coredump.setid.group  integer yes
                    428: .It kern.coredump.setid.mode   integer yes
                    429: .It kern.coredump.setid.owner  integer yes
                    430: .It kern.coredump.setid.path   string  yes
                    431: .El
1.39      jruoho    432: .Bl -tag -width "123456"
                    433: .It Li kern.coredump.setid.dump
                    434: If non-zero, set-id processes will dump core.
                    435: .It Li kern.coredump.setid.group
                    436: The group-id for the set-id processes' coredump.
                    437: .It Li kern.coredump.setid.mode
                    438: The mode for the set-id processes' coredump.
                    439: See
                    440: .Xr chmod 1 .
                    441: .It Li kern.coredump.setid.owner
                    442: The user-id that will be used as the owner of the set-id processes'
                    443: coredump.
                    444: .It Li kern.coredump.setid.path
                    445: The path to which set-id processes' coredumps will be saved to.
                    446: Same syntax as kern.defcorename.
                    447: .El
1.1       pavel     448: .It Li kern.cp_id ( KERN_CP_ID )
                    449: Mapping of CPU number to CPU id.
                    450: .It Li kern.cp_time ( KERN_CP_TIME )
1.56      uwe       451: Returns an array of
                    452: .Dv CPUSTATES
                    453: .Vt uint64_t Ns s.
1.1       pavel     454: This array contains the
                    455: number of clock ticks spent in different CPU states.
                    456: On multi-processor systems, the sum across all CPUs is returned unless
                    457: appropriate space is given for one data set for each CPU.
                    458: Data for a specific CPU can also be obtained by adding the number of the
                    459: CPU at the end of the MIB, enlarging it by one.
1.46      jruoho    460: .It Li kern.cryptodevallowsoft
                    461: This variable controls userland access to hardware versus software transforms
                    462: in the
                    463: .Xr crypto 4
                    464: system.
                    465: The available values are as follows:
1.47      wiz       466: .Bl -tag -width XX0 -offset indent
                    467: .It Dv \*[Lt] 0
1.46      jruoho    468: Always force userlevel requests to use software transforms.
                    469: .It Dv = 0
                    470: If present, use hardware and grant userlevel requests for
                    471: non-accelerated transforms (handling the latter in software).
1.47      wiz       472: .It Dv \*[Gt] 0
1.46      jruoho    473: Allow user requests only for transforms which are hardware-accelerated.
                    474: .El
1.1       pavel     475: .It Li kern.defcorename ( KERN_DEFCORENAME )
                    476: Default template for the name of core dump files (see also
                    477: .Li proc.pid.corename
                    478: in the per-process variables
                    479: .Li proc.* ,
                    480: and
                    481: .Xr core 5
                    482: for format of this template).
                    483: The default value is
1.56      uwe       484: .Pa %n.core
1.1       pavel     485: and can be changed with the kernel configuration option
                    486: .Cd options DEFCORENAME
                    487: (see
                    488: .Xr options 4
                    489: ).
1.38      jruoho    490: .It Li kern.detachall
                    491: Detach all devices at shutdown.
1.1       pavel     492: .It Li kern.domainname ( KERN_DOMAINNAME )
                    493: Get or set the YP domain name.
                    494: .It Li kern.drivers ( KERN_DRIVERS )
                    495: Return an array of
1.56      uwe       496: .Vt struct kinfo_drivers
1.1       pavel     497: that contains the name and major device numbers of all the device drivers
                    498: in the current kernel.
                    499: The
                    500: .Va d_name
                    501: field is always a NUL terminated string.
                    502: The
                    503: .Va d_bmajor
                    504: field will be set to \-1 if the driver doesn't have a block device.
1.39      jruoho    505: .It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC )
1.41      jruoho    506: Perform a crash dump on system
                    507: .Xr panic 9 .
1.1       pavel     508: .It Li kern.file ( KERN_FILE )
                    509: Return the entire file table.
                    510: The returned data consists of a single
1.56      uwe       511: .Vt struct filelist
1.1       pavel     512: followed by an array of
1.56      uwe       513: .Vt struct file ,
1.1       pavel     514: whose size depends on the current number of such objects in the system.
                    515: .It Li kern.forkfsleep ( KERN_FORKFSLEEP )
                    516: If
                    517: .Xr fork 2
                    518: system call fails due to limit on number of processes (either
                    519: the global maxproc limit or user's one), wait for this many
                    520: milliseconds before returning
                    521: .Er EAGAIN
                    522: error to process.
                    523: Useful to keep heavily forking runaway processes in bay.
                    524: Default zero (no sleep).
                    525: Maximum is 20 seconds.
                    526: .It Li kern.fscale ( KERN_FSCALE )
                    527: The kernel fixed-point scale factor.
                    528: .It Li kern.fsync ( KERN_FSYNC )
1.58      wiz       529: Return 1 if the
                    530: .St -p1003.1b-93
                    531: File Synchronization Option is available
1.1       pavel     532: on this system,
1.56      uwe       533: otherwise\ 0.
1.1       pavel     534: .It Li kern.hardclock_ticks ( KERN_HARDCLOCK_TICKS )
                    535: Returns the number of
                    536: .Xr hardclock 9
                    537: ticks.
                    538: .It Li kern.hostid ( KERN_HOSTID )
1.39      jruoho    539: Get or set the host identifier.
                    540: This is aimed to replace the legacy
                    541: .Xr gethostid 3
                    542: and
                    543: .Xr sethostid 3
                    544: system calls.
1.1       pavel     545: .It Li kern.hostname ( KERN_HOSTNAME )
1.39      jruoho    546: Get or set the
                    547: .Xr hostname 1 .
1.1       pavel     548: .It Li kern.iov_max ( KERN_IOV_MAX )
                    549: Return the maximum number of
1.56      uwe       550: .Vt iovec
1.1       pavel     551: structures that a process has available for use with
                    552: .Xr preadv 2 ,
                    553: .Xr pwritev 2 ,
                    554: .Xr readv 2 ,
                    555: .Xr recvmsg 2 ,
                    556: .Xr sendmsg 2
                    557: and
                    558: .Xr writev 2 .
1.39      jruoho    559: .It Li kern.ipc ( KERN_SYSVIPC )
                    560: Return information about the SysV IPC parameters.
                    561: The third level names for the ipc variables are detailed below.
                    562: .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent
                    563: .It Sy Third level name        Type    Changeable
                    564: .It kern.ipc.sysvmsg   integer no
                    565: .It kern.ipc.sysvsem   integer no
                    566: .It kern.ipc.sysvshm   integer no
                    567: .It kern.ipc.sysvipc_info      struct  no
                    568: .It kern.ipc.shmmax    integer yes
                    569: .It kern.ipc.shmmni    integer yes
                    570: .It kern.ipc.shmseg    integer yes
                    571: .It kern.ipc.shmmaxpgs integer yes
                    572: .It kern.ipc.shm_use_phys      integer yes
                    573: .It kern.ipc.msgmni    integer yes
                    574: .It kern.ipc.msgseg    integer yes
                    575: .It kern.ipc.semmni    integer yes
                    576: .It kern.ipc.semmns    integer yes
                    577: .It kern.ipc.semmnu    integer yes
                    578: .El
                    579: .Bl -tag -width "123456"
                    580: .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG )
                    581: Returns 1 if System V style message queue functionality is available
                    582: on this system,
1.56      uwe       583: otherwise\ 0.
1.39      jruoho    584: .It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM )
                    585: Returns 1 if System V style semaphore functionality is available
                    586: on this system,
1.56      uwe       587: otherwise\ 0.
1.39      jruoho    588: .It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM )
                    589: Returns 1 if System V style share memory functionality is available
                    590: on this system,
1.56      uwe       591: otherwise\ 0.
1.39      jruoho    592: .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO )
                    593: Return System V style IPC configuration and run-time information.
                    594: The fourth level name selects the System V style IPC facility.
                    595: .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent
                    596: .It Sy Fourth level name       Type
                    597: .It KERN_SYSVIPC_MSG_INFO      struct msg_sysctl_info
                    598: .It KERN_SYSVIPC_SEM_INFO      struct sem_sysctl_info
                    599: .It KERN_SYSVIPC_SHM_INFO      struct shm_sysctl_info
                    600: .El
                    601: .Pp
                    602: .Bl -tag -width "123456"
                    603: .It Li KERN_SYSVIPC_MSG_INFO
                    604: Return information on the System V style message facility.
                    605: The
                    606: .Sy msg_sysctl_info
                    607: structure is defined in
                    608: .In sys/msg.h .
                    609: .It Li KERN_SYSVIPC_SEM_INFO
                    610: Return information on the System V style semaphore facility.
                    611: The
                    612: .Sy sem_sysctl_info
                    613: structure is defined in
                    614: .In sys/sem.h .
                    615: .It Li KERN_SYSVIPC_SHM_INFO
                    616: Return information on the System V style shared memory facility.
                    617: The
                    618: .Sy shm_sysctl_info
                    619: structure is defined in
                    620: .In sys/shm.h .
                    621: .El
                    622: .It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX )
                    623: Max shared memory segment size in bytes.
                    624: .It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI )
                    625: Max number of shared memory identifiers.
                    626: .It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG )
                    627: Max shared memory segments per process.
                    628: .It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS )
                    629: Max amount of shared memory in pages.
                    630: .It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS )
                    631: Locking of shared memory in physical memory.
                    632: If 0, memory can be swapped
                    633: out, otherwise it will be locked in physical memory.
                    634: .It Li kern.ipc.msgmni
                    635: Max number of message queue identifiers.
                    636: .It Li kern.ipc.msgseg
                    637: Max number of number of message segments.
                    638: .It Li kern.ipc.semmni
                    639: Max number of number of semaphore identifiers.
                    640: .It Li kern.ipc.semmns
                    641: Max number of number of semaphores in system.
                    642: .It Li kern.ipc.semmnu
                    643: Max number of undo structures in system.
                    644: .El
1.1       pavel     645: .It Li kern.job_control ( KERN_JOB_CONTROL )
1.56      uwe       646: Return 1 if job control is available on this system, otherwise\ 0.
1.1       pavel     647: .It Li kern.labeloffset ( KERN_LABELOFFSET )
1.56      uwe       648: The offset within the sector specified by
                    649: .Dv KERN_LABELSECTOR
                    650: of the
1.1       pavel     651: .Xr disklabel 5 .
                    652: .It Li kern.labelsector ( KERN_LABELSECTOR )
                    653: The sector number containing the
                    654: .Xr disklabel 5 .
                    655: .It Li kern.login_name_max ( KERN_LOGIN_NAME_MAX )
                    656: The size of the storage required for a login name, in bytes,
                    657: including the terminating NUL.
                    658: .It Li kern.logsigexit ( KERN_LOGSIGEXIT )
                    659: If this flag is non-zero, the kernel will
                    660: .Xr log 9
                    661: all process exits due to signals which create a
                    662: .Xr core 5
                    663: file, and whether the coredump was created.
                    664: .It Li kern.mapped_files ( KERN_MAPPED_FILES )
1.58      wiz       665: Returns 1 if the
                    666: .St -p1003.1b-93
                    667: Memory Mapped Files Option is available on this system,
1.56      uwe       668: otherwise\ 0.
1.1       pavel     669: .It Li kern.maxfiles ( KERN_MAXFILES )
                    670: The maximum number of open files that may be open in the system.
                    671: .It Li kern.maxpartitions ( KERN_MAXPARTITIONS )
                    672: The maximum number of partitions allowed per disk.
1.71      wiz       673: .It Li kern.maxlwp
1.70      christos  674: The maximum number of Lightweight Processes (threads) the system allows
                    675: per uid.
1.1       pavel     676: .It Li kern.maxphys ( KERN_MAXPHYS )
                    677: Maximum raw I/O transfer size.
                    678: .It Li kern.maxproc ( KERN_MAXPROC )
                    679: The maximum number of simultaneous processes the system will allow.
                    680: .It Li kern.maxptys ( KERN_MAXPTYS )
                    681: The maximum number of pseudo terminals.
                    682: This value can be both raised and lowered, though it cannot
                    683: be set lower than number of currently used ptys.
                    684: See also
                    685: .Xr pty 4 .
                    686: .It Li kern.maxvnodes ( KERN_MAXVNODES )
                    687: The maximum number of vnodes available on the system.
                    688: This can only be raised.
                    689: .It Li kern.mbuf ( KERN_MBUF )
                    690: Return information about the mbuf control variables.
                    691: Mbufs are data structures which store network packets and other data
                    692: structures in the networking code, see
                    693: .Xr mbuf 9 .
                    694: The third level names for the mbuf variables are detailed below.
                    695: The changeable column shows whether a process with appropriate
                    696: privilege may change the value.
1.21      joerg     697: .Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent
1.1       pavel     698: .It Sy Third level name        Type    Changeable
                    699: .\" XXX Changeable? really?
                    700: .It kern.mbuf.mblowat  integer yes
                    701: .It kern.mbuf.mclbytes integer yes
                    702: .It kern.mbuf.mcllowat integer yes
                    703: .It kern.mbuf.msize    integer yes
                    704: .It kern.mbuf.nmbclusters      integer yes
                    705: .El
                    706: .Pp
                    707: The variables are as follows:
                    708: .Bl -tag -width "123456"
                    709: .It Li kern.mbuf.mblowat ( MBUF_MBLOWAT )
                    710: The mbuf low water mark.
                    711: .It Li kern.mbuf.mclbytes ( MBUF_MCLBYTES )
                    712: The mbuf cluster size.
                    713: .It Li kern.mbuf.mcllowat ( MBUF_MCLLOWAT )
                    714: The mbuf cluster low water mark.
                    715: .It Li kern.mbuf.msize ( MBUF_MSIZE )
                    716: The mbuf base size.
                    717: .It Li kern.mbuf.nmbclusters ( MBUF_NMBCLUSTERS )
                    718: The limit on the number of mbuf clusters.
                    719: The variable can only be increased, and only increased on machines with
                    720: direct-mapped pool pages.
                    721: .El
                    722: .It Li kern.memlock ( KERN_MEMLOCK )
1.58      wiz       723: Returns 1 if the
                    724: .St -p1003.1b-93
                    725: Process Memory Locking Option is available on this system,
1.56      uwe       726: otherwise\ 0.
1.1       pavel     727: .It Li kern.memlock_range ( KERN_MEMLOCK_RANGE )
1.58      wiz       728: Returns 1 if the
                    729: .St -p1003.1b-93
                    730: Range Memory Locking Option is available on this system,
1.56      uwe       731: otherwise\ 0.
1.1       pavel     732: .It Li kern.memory_protection ( KERN_MEMORY_PROTECTION )
1.58      wiz       733: Returns 1 if the
                    734: .St -p1003.1b-93
                    735: Memory Protection Option is available on this system,
1.56      uwe       736: otherwise\ 0.
1.42      jruoho    737: .It Li kern.module
                    738: Settings related to kernel modules.
                    739: The third level names for the settings are described below.
                    740: .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent
                    741: .It Sy Third level name        Type    Changeable
                    742: .It kern.module.autoload       integer yes
1.78      pgoyette  743: .It kern.module.autotime       integer yes
1.42      jruoho    744: .It kern.module.verbose        integer yes
                    745: .El
                    746: .Pp
                    747: The variables are as follows:
                    748: .Bl -tag -width "123456"
                    749: .It Li kern.module.autoload
                    750: A boolean that controls whether kernel modules are loaded automatically.
1.52      jruoho    751: See
1.53      jruoho    752: .Xr module 7
1.42      jruoho    753: for additional details.
1.78      pgoyette  754: .It Li kern.module.autotime
                    755: An integer that controls the delay before an attempt is made to
1.79      wiz       756: automatically unload a module that was auto-loaded.
                    757: Setting this value to zero disables the auto-unload function.
1.42      jruoho    758: .It Li kern.module.verbose
                    759: A boolean that enables or disables verbose
                    760: debug messages related to kernel modules.
                    761: .El
1.49      jruoho    762: .It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK )
1.58      wiz       763: Returns the standard version the implementation of the
                    764: .St -p1003.1b-93
1.49      jruoho    765: Monotonic Clock Option conforms to,
1.56      uwe       766: otherwise\ 0.
1.48      jruoho    767: .It Li kern.mqueue
                    768: Settings related to
                    769: .Tn POSIX
                    770: message queues; see
                    771: .Xr mqueue 3 .
                    772: This node is created dynamically when
                    773: the corresponding kernel module is loaded.
                    774: The third level names for the settings are described below.
                    775: .Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent
                    776: .It Sy Third level name        Type    Changeable
                    777: .It kern.mqueue.mq_open_max    integer yes
                    778: .It kern.mqueue.mq_prio_max    integer yes
                    779: .It kern.mqueue.mq_max_msgsize integer yes
                    780: .It kern.mqueue.mq_def_maxmsg  integer yes
                    781: .It kern.mqueue.mq_max_maxmsg  integer yes
                    782: .El
                    783: .Pp
                    784: The variables are:
                    785: .Bl -tag -width "123456"
                    786: .It Li kern.mqueue.mq_open_max
                    787: The maximum number of message queue descriptors any single process can open.
                    788: .It Li kern.mqueue.mq_prio_max
                    789: The maximum priority of a message.
                    790: .It Li kern.mqueue.mq_max_msgsize
                    791: The maximum size of a message in a message queue.
                    792: .It Li kern.mqueue.mq_def_maxmsg
                    793: The default maximum message count.
                    794: .It Li kern.mqueue.mq_max_maxmsg
                    795: The maximum number of messages in a message queue.
                    796: .El
1.1       pavel     797: .It Li kern.msgbuf ( KERN_MSGBUF )
                    798: The kernel message buffer, rotated so that the head of the circular kernel
                    799: message buffer is at the start of the returned data.
                    800: The returned data may contain NUL bytes.
                    801: .It Li kern.msgbufsize ( KERN_MSGBUFSIZE )
                    802: The maximum number of characters that the kernel message buffer can hold.
                    803: .It Li kern.ngroups ( KERN_NGROUPS )
                    804: The maximum number of supplemental groups.
1.41      jruoho    805: .\" .It Li kern.no_sa_support
                    806: .\" XXX: Undocumented.
1.1       pavel     807: .It Li kern.ntptime ( KERN_NTPTIME )
                    808: A
1.56      uwe       809: .Vt struct ntptimeval
1.1       pavel     810: structure is returned.
                    811: This structure contains data used by the
                    812: .Xr ntpd 8
                    813: program.
                    814: .It Li kern.osrelease ( KERN_OSRELEASE )
                    815: The system release string.
                    816: .It Li kern.osrevision ( KERN_OSREV )
                    817: The system revision string.
                    818: .It Li kern.ostype ( KERN_OSTYPE )
                    819: The system type string.
1.41      jruoho    820: .\".It Li kern.panic_now
                    821: .\" XXX: Undocumented.
1.1       pavel     822: .It Li kern.pipe ( KERN_PIPE )
                    823: Pipe settings.
                    824: The third level names for the  integer pipe settings is detailed below.
                    825: The changeable column shows whether a process with appropriate
                    826: privilege may change the value.
1.21      joerg     827: .Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent
1.1       pavel     828: .It Sy Third level name        Type    Changeable
                    829: .It kern.pipe.kvasiz   integer yes
                    830: .It kern.pipe.maxbigpipes      integer yes
                    831: .It kern.pipe.maxkvasz integer yes
                    832: .It kern.pipe.limitkva integer yes
                    833: .It kern.pipe.nbigpipes        integer yes
                    834: .El
                    835: .Pp
                    836: The variables are as follows:
                    837: .Bl -tag -width "123456"
                    838: .It Li kern.pipe.kvasiz ( KERN_PIPE_KVASIZ )
                    839: Amount of kernel memory consumed by pipe buffers.
                    840: .It Li kern.pipe.maxbigpipes ( KERN_PIPE_MAXBIGPIPES )
1.56      uwe       841: Maximum number of
                    842: .Dq big
                    843: pipes.
1.1       pavel     844: .It Li kern.pipe.maxkvasz ( KERN_PIPE_MAXKVASZ )
                    845: Maximum amount of kernel memory to be used for pipes.
                    846: .It Li kern.pipe.limitkva ( KERN_PIPE_LIMITKVA )
                    847: Limit for direct transfers via page loan.
                    848: .It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES )
1.56      uwe       849: Number of
                    850: .Dq big
                    851: pipes.
1.1       pavel     852: .El
1.82      joerg     853: .It Li kern.pool
                    854: Provides statistics about the
1.83    ! wiz       855: .Xr pool 9
1.82      joerg     856: and
                    857: .Xr pool_cache 9
                    858: subsystems.
1.39      jruoho    859: .\" XXX: Undocumented .It Li kern.posix ( ? )
                    860: .\"     This is a node in which the only variable is semmax.
1.1       pavel     861: .It Li kern.posix1version ( KERN_POSIX1 )
1.58      wiz       862: The version of ISO/IEC 9945
                    863: .Pq St -p1003.1
                    864: with which the system attempts to comply.
1.51      jruoho    865: .It Li kern.posix_aio
                    866: The version of
                    867: .St -p1003.1
                    868: and its Asynchronous I/O option to which the system attempts to conform.
1.1       pavel     869: .It Li kern.posix_barriers ( KERN_POSIX_BARRIERS )
                    870: The version of
                    871: .St -p1003.1
                    872: and its
                    873: Barriers
                    874: option to which the system attempts to conform,
1.56      uwe       875: otherwise\ 0.
1.1       pavel     876: .It Li kern.posix_reader_writer_locks ( KERN_POSIX_READER_WRITER_LOCKS )
                    877: The version of
                    878: .St -p1003.1
                    879: and its
                    880: Read-Write Locks
                    881: option to which the system attempts to conform,
1.56      uwe       882: otherwise\ 0.
1.41      jruoho    883: .\".It Li kern.posix_sched
                    884: .\" XXX: Undocumented.
1.1       pavel     885: .It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES )
                    886: The version of
                    887: .St -p1003.1
                    888: and its
                    889: Semaphores
                    890: option to which the system attempts to conform,
1.56      uwe       891: otherwise\ 0.
1.1       pavel     892: .It Li kern.posix_spin_locks ( KERN_POSIX_SPIN_LOCKS )
                    893: The version of
                    894: .St -p1003.1
                    895: and its
                    896: Spin Locks
                    897: option to which the system attempts to conform,
1.56      uwe       898: otherwise\ 0.
1.1       pavel     899: .It Li kern.posix_threads ( KERN_POSIX_THREADS )
                    900: The version of
                    901: .St -p1003.1
                    902: and its
                    903: Threads
                    904: option to which the system attempts to conform,
1.56      uwe       905: otherwise\ 0.
1.1       pavel     906: .It Li kern.posix_timers ( KERN_POSIX_TIMERS )
                    907: The version of
                    908: .St -p1003.1
                    909: and its
                    910: Timers
                    911: option to which the system attempts to conform,
1.56      uwe       912: otherwise\ 0.
1.1       pavel     913: .It Li kern.proc ( KERN_PROC )
                    914: Return the entire process table, or a subset of it.
                    915: An array of
1.56      uwe       916: .Vt struct kinfo_proc
1.1       pavel     917: structures is returned,
                    918: whose size depends on the current number of such objects in the system.
                    919: The third and fourth level numeric names are as follows:
1.21      joerg     920: .Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent
1.1       pavel     921: .It Sy Third level name        Fourth level is:
1.21      joerg     922: .It KERN_PROC_ALL      None
                    923: .It KERN_PROC_GID      A group ID
                    924: .It KERN_PROC_PID      A process ID
                    925: .It KERN_PROC_PGRP     A process group
                    926: .It KERN_PROC_RGID     A real group ID
                    927: .It KERN_PROC_RUID     A real user ID
                    928: .It KERN_PROC_SESSION  A session ID
                    929: .It KERN_PROC_TTY      A tty device
                    930: .It KERN_PROC_UID      A user ID
1.1       pavel     931: .El
                    932: .It Li kern.proc2 ( KERN_PROC2 )
1.56      uwe       933: As for
                    934: .Dv KERN_PROC ,
                    935: but an array of
                    936: .Vt struct kinfo_proc2
1.1       pavel     937: structures are returned.
                    938: The fifth level name is the size of the
1.56      uwe       939: .Vt struct kinfo_proc2
1.1       pavel     940: and the sixth level name is the number of structures to return.
                    941: .It Li kern.proc_args ( KERN_PROC_ARGS )
                    942: Return the argv or environment strings (or the number thereof)
                    943: of a process.
                    944: Multiple strings are returned separated by NUL characters.
                    945: The third level name is the process ID.
                    946: The fourth level name is as follows:
1.21      joerg     947: .Bl -column "KERN_PROG_NARGV" "The number of environ strings" -offset indent
                    948: .It KERN_PROC_ARGV     The argv strings
                    949: .It KERN_PROC_ENV      The environ strings
                    950: .It KERN_PROC_NARGV    The number of argv strings
                    951: .It KERN_PROC_NENV     The number of environ strings
1.1       pavel     952: .El
                    953: .It Li kern.profiling ( KERN_PROF )
                    954: Return profiling information about the kernel.
                    955: If the kernel is not compiled for profiling,
1.56      uwe       956: attempts to retrieve any of the
                    957: .Dv KERN_PROF
                    958: values will fail with
1.1       pavel     959: .Er EOPNOTSUPP .
                    960: The third level names for the string and integer profiling information
                    961: is detailed below.
                    962: The changeable column shows whether a process with appropriate
                    963: privilege may change the value.
1.21      joerg     964: .Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent
1.1       pavel     965: .It Sy Third level name        Type    Changeable
                    966: .It kern.profiling.count       u_short[\|]     yes
                    967: .It kern.profiling.froms       u_short[\|]     yes
                    968: .It kern.profiling.gmonparam   struct gmonparam        no
                    969: .It kern.profiling.state       integer yes
                    970: .It kern.profiling.tos struct tostruct yes
                    971: .El
                    972: .Pp
                    973: The variables are as follows:
                    974: .Bl -tag -width "123456"
                    975: .It Li kern.profiling.count ( GPROF_COUNT )
                    976: Array of statistical program counter counts.
                    977: .It Li kern.profiling.froms ( GPROF_FROMS )
                    978: Array indexed by program counter of call-from points.
                    979: .It Li kern.profiling.gmonparams ( GPROF_GMONPARAM )
                    980: Structure giving the sizes of the above arrays.
                    981: .It Li kern.profiling.state ( GPROF_STATE )
                    982: Profiling state.
1.56      uwe       983: If set to
                    984: .Dv GMON_PROF_ON ,
                    985: starts profiling.
                    986: If set to
                    987: .Dv GMON_PROF_OFF ,
                    988: stops profiling.
1.1       pavel     989: .It Li kern.profiling.tos ( GPROF_TOS )
                    990: Array of
1.56      uwe       991: .Vt struct tostruct
1.1       pavel     992: describing destination of calls and their counts.
                    993: .El
1.41      jruoho    994: .\" .It Li kern.pset
                    995: .\" XXX: Undocumented.
1.1       pavel     996: .It Li kern.rawpartition ( KERN_RAWPARTITION )
                    997: The raw partition of a disk (a == 0).
                    998: .It Li kern.root_device ( KERN_ROOT_DEVICE )
                    999: The name of the root device (e.g.,
                   1000: .Dq wd0 ) .
                   1001: .It Li kern.root_partition ( KERN_ROOT_PARTITION )
                   1002: The root partition on the root device (a == 0).
                   1003: .It Li kern.rtc_offset ( KERN_RTC_OFFSET )
                   1004: Return the offset of real time clock from UTC in minutes.
                   1005: .It Li kern.saved_ids ( KERN_SAVED_IDS )
                   1006: Returns 1 if saved set-group and saved set-user ID is available.
                   1007: .It Li kern.sbmax ( KERN_SBMAX )
                   1008: Maximum socket buffer size.
                   1009: .\" XXX units?
                   1010: .It Li kern.securelevel ( KERN_SECURELVL )
1.25      elad     1011: See
                   1012: .Xr secmodel_securelevel 9 .
1.41      jruoho   1013: .\" .It Li kern.sched
                   1014: .\" XXX: Undocumented.
1.1       pavel    1015: .It Li kern.somaxkva ( KERN_SOMAXKVA )
                   1016: Maximum amount of kernel memory to be used for socket buffers.
                   1017: .\" XXX units?
                   1018: .It Li kern.synchronized_io ( KERN_SYNCHRONIZED_IO )
1.58      wiz      1019: Returns 1 if the
                   1020: .St -p1003.1b-93
                   1021: Synchronized I/O Option is available on this system,
1.56      uwe      1022: otherwise\ 0.
1.19      christos 1023: .It Li kern.timecounter ( dynamic )
                   1024: Display and control the timecounter source of the system.
1.21      joerg    1025: .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent
1.19      christos 1026: .It Sy Third level name        Type    Changeable
                   1027: .It kern.timecounter.choice    string  no
                   1028: .It kern.timecounter.hardware  string  yes
                   1029: .It kern.timecounter.timestepwarnings  integer yes
                   1030: .El
                   1031: .Pp
                   1032: The variables are as follows:
                   1033: .Bl -tag -width "123456"
                   1034: .It Li kern.timecounter.choice ( dynamic )
                   1035: The list of available timecounters with their quality and frequency.
                   1036: .It Li kern.timecounter.hardware ( dynamic )
                   1037: The currently selected timecounter source.
                   1038: .It Li kern.timecounter.timestepwarnings ( dynamic )
                   1039: If non-zero display a message each time the time is stepped.
                   1040: .El
1.1       pavel    1041: .It Li kern.timex ( KERN_TIMEX )
                   1042: Not available.
                   1043: .It Li kern.tkstat ( KERN_TKSTAT )
                   1044: Return information about the number of characters sent and received
                   1045: on ttys.
                   1046: The third level names for the tty statistic variables are detailed below.
                   1047: The changeable column shows whether a process
                   1048: with appropriate privilege may change the value.
1.21      joerg    1049: .Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent
1.1       pavel    1050: .It Sy Third level name        Type    Changeable
                   1051: .It kern.tkstat.cancc  quad    no
                   1052: .It kern.tkstat.nin    quad    no
                   1053: .It kern.tkstat.nout   quad    no
                   1054: .It kern.tkstat.rawcc  quad    no
                   1055: .El
                   1056: .Pp
                   1057: The variables are as follows:
                   1058: .Bl -tag -width "123456"
                   1059: .It Li kern.tkstat.cancc ( KERN_TKSTAT_CANCC )
                   1060: The number of canonical input characters.
                   1061: .It Li kern.tkstat.nin ( KERN_TKSTAT_NIN )
                   1062: The total number of input characters.
                   1063: .It Li kern.tkstat.nout ( KERN_TKSTAT_NOUT )
                   1064: The total number of output characters.
                   1065: .It Li kern.tkstat.rawcc ( KERN_TKSTAT_RAWCC )
                   1066: The number of raw input characters.
                   1067: .El
1.66      christos 1068: .It Li kern.tty
                   1069: The third level names for the tty setup variables are detailed below.
                   1070: The changeable column shows whether a process
                   1071: with appropriate privilege may change the value.
                   1072: .Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent
                   1073: .It Sy Third level name        Type    Changeable
                   1074: .It kern.tty.qsize     int     yes
                   1075: .El
                   1076: .Pp
                   1077: The variables are as follows:
                   1078: .Bl -tag -width "123456"
                   1079: .It Li kern.tty.qsize
                   1080: Control/display the size of the default input and output queues selected
                   1081: during tty creation.
                   1082: Is converted to a power of two and its range is between
                   1083: .Dv 1024
                   1084: and
                   1085: .Dv 65536 .
                   1086: .El
1.70      christos 1087: .It Li kern.uidinfo
                   1088: Resource usage for the current user.
                   1089: .Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent
                   1090: .It Sy Third level name        Type    Changeable
                   1091: .It kern.uidinfo.proccnt       integer no
                   1092: .It kern.uidinfo.lwpcnt        integer no
                   1093: .It kern.uidinfo.lockcnt       integer no
                   1094: .It kern.uidinfo.sbsize        integer no
                   1095: .El
                   1096: .Bl -tag -width "123456"
                   1097: .It Li kern.uidinfo.proccnt
                   1098: Returns the number of active processes for the current user.
                   1099: .It Li kern.uidinfo.lwpcnt
                   1100: Returns the number of active threads for the current user; the first thread
                   1101: of each process is not counted.
                   1102: .It Li kern.uidinfo.lockcnt
                   1103: Number of locks held by the current user.
                   1104: .It Li kern.uidinfo.sbsize
                   1105: Number of bytes in socket buffers allocated to the current user.
                   1106: .El
1.1       pavel    1107: .It Li kern.urandom ( KERN_URND )
                   1108: Random integer value.
1.45      jruoho   1109: .It Li kern.usercrypto
                   1110: When enabled, allows userland to
                   1111: .Xr open 2
                   1112: the
                   1113: .Pa /dev/crypto
                   1114: special device, used by the
                   1115: .Xr crypto 4
                   1116: system.
                   1117: .It Li kern.userasymcrypto
                   1118: Enables or disables the use of software asymmetric crypto support in the
                   1119: .Xr crypto 4
                   1120: system.
1.1       pavel    1121: .It Li kern.veriexec
1.40      jruoho   1122: Runtime information for
                   1123: .Xr veriexec 8 .
                   1124: .Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent
                   1125: .It Sy Third level name        Type    Changeable
                   1126: .It kern.veriexec.algorithms   string  no
                   1127: .It kern.veriexec.count        node    not applicable
                   1128: .It kern.veriexec.strict       integer yes
                   1129: .It kern.veriexec.verbose      integer yes
                   1130: .El
1.1       pavel    1131: .Bl -tag -width "123456"
                   1132: .It Li kern.veriexec.algorithms
                   1133: Returns a string with the supported algorithms in Veriexec.
                   1134: .It Li kern.veriexec.count
                   1135: Sub-nodes are added to this node as new mounts are monitored by Veriexec.
                   1136: Each mount will be under its own
                   1137: .No tableN
                   1138: node.
                   1139: Under each node there will be three variables, indicating the mount
1.57      wiz      1140: point, the file system type, and the number of entries.
1.1       pavel    1141: .It Li kern.veriexec.strict
                   1142: Controls the strict level of Veriexec.
                   1143: See
1.62      jruoho   1144: .Xr security 7
1.1       pavel    1145: for more information on each level's implications.
                   1146: .It Li kern.veriexec.verbose
                   1147: Controls the verbosity level of Veriexec.
                   1148: If 0, only the minimal
                   1149: indication required will be given about what's happening - fingerprint
                   1150: mismatches, removal of entries from the tables, modification of a
                   1151: fingerprinted file.
                   1152: If 1, more messages will be printed (ie., when a file with a valid
                   1153: fingerprint is accessed).
                   1154: Verbose level 2 is debug mode.
                   1155: .El
                   1156: .It Li kern.version ( KERN_VERSION )
                   1157: The system version string.
                   1158: .It Li kern.vnode ( KERN_VNODE )
                   1159: Return the entire vnode table.
                   1160: Note, the vnode table is not necessarily a consistent snapshot of
                   1161: the system.
                   1162: The returned data consists of an array whose size depends on the
                   1163: current number of such objects in the system.
                   1164: Each element of the array contains the kernel address of a vnode
1.56      uwe      1165: .Vt struct vnode *
1.1       pavel    1166: followed by the vnode itself
1.56      uwe      1167: .Vt struct vnode .
1.43      jruoho   1168: .\" XXX: Undocumented: kern.lwp: no children?
1.1       pavel    1169: .El
1.50      jruoho   1170: .Ss The machdep.* subtree
1.1       pavel    1171: The set of variables defined is architecture dependent.
                   1172: Most architectures define at least the following variables.
1.43      jruoho   1173: .Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent
1.1       pavel    1174: .It Sy Second level name       Type    Changeable
1.43      jruoho   1175: .It Li machdep.booted_kernel   string  no
1.1       pavel    1176: .El
1.43      jruoho   1177: .\" XXX: Document the above.
1.50      jruoho   1178: .Ss The net.* subtree
1.1       pavel    1179: The string and integer information available for the
                   1180: .Li net
                   1181: level is detailed below.
                   1182: The changeable column shows whether a process with appropriate
                   1183: privilege may change the value.
                   1184: The second and third levels are typically the protocol family and
                   1185: protocol number, though this is not always the case.
1.21      joerg    1186: .Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent
1.1       pavel    1187: .It Sy Second level name       Type    Changeable
                   1188: .It net.route  routing messages        no
                   1189: .It net.inet   IPv4 values     yes
                   1190: .It net.inet6  IPv6 values     yes
                   1191: .It net.key    IPsec key management values     yes
                   1192: .El
                   1193: .Pp
                   1194: .Bl -tag -width "123456"
                   1195: .It Li net.route ( PF_ROUTE )
                   1196: .\" XXX really?
                   1197: Return the entire routing table or a subset of it.
                   1198: The data is returned as a sequence of routing messages (see
                   1199: .Xr route 4
                   1200: for the header file, format and meaning).
                   1201: The length of each message is contained in the message header.
                   1202: .Pp
1.56      uwe      1203: The third level name is a protocol number, which is currently always\ 0.
1.1       pavel    1204: The fourth level name is an address family, which may be set to 0 to
                   1205: select all address families.
                   1206: The fifth and sixth level names are as follows:
1.21      joerg    1207: .Bl -column "Fifth level name" "Sixth level is:" -offset indent
1.1       pavel    1208: .It Sy Fifth level name        Sixth level is:
1.21      joerg    1209: .It NET_RT_FLAGS       rtflags
                   1210: .It NET_RT_DUMP        None
                   1211: .It NET_RT_IFLIST      None
1.1       pavel    1212: .El
                   1213: .It Li net.inet ( PF_INET )
                   1214: Get or set various global information about the IPv4
                   1215: .Pq Internet Protocol version 4 .
                   1216: The third level name is the protocol.
                   1217: The fourth level name is the variable name.
                   1218: The currently defined protocols and names are:
1.21      joerg    1219: .Bl -column "Protocol name" "sack.globalmaxholes" "integer" "Changeable" -offset 4n
1.1       pavel    1220: .It Sy Protocol name   Variable name   Type    Changeable
                   1221: .It arp        down    integer yes
                   1222: .It arp        keep    integer yes
1.65      christos 1223: .It arp        log_movements   integer yes
                   1224: .It arp        log_permanent_modify    integer yes
                   1225: .It arp        log_wrong_iface integer yes
1.1       pavel    1226: .It arp        prune   integer yes
                   1227: .It arp        refresh integer yes
                   1228: .It carp       allow   integer yes
                   1229: .It carp       preempt integer yes
                   1230: .It carp       log     integer yes
                   1231: .It carp       arpbalance      integer yes
                   1232: .It icmp       errppslimit     integer yes
                   1233: .It icmp       maskrepl        integer yes
                   1234: .It icmp       rediraccept     integer yes
                   1235: .It icmp       redirtimeout    integer yes
1.28      christos 1236: .It icmp       bmcastecho      integer yes
1.1       pavel    1237: .It ip allowsrcrt      integer yes
1.72      christos 1238: .It ip         anonportalgo.selected   string  yes
                   1239: .It ip         anonportalgo.available  string  yes
1.74      christos 1240: .It ip         anonportalgo.reserve    struct  yes
1.1       pavel    1241: .It ip anonportmax     integer yes
                   1242: .It ip anonportmin     integer yes
                   1243: .It ip checkinterface  integer yes
                   1244: .It ip directed-broadcast      integer yes
                   1245: .It ip do_loopback_cksum       integer yes
                   1246: .It ip forwarding      integer yes
                   1247: .It ip forwsrcrt       integer yes
                   1248: .It ip gifttl  integer yes
                   1249: .It ip grettl  integer yes
1.8       liamjfoy 1250: .It ip hashsize        integer yes
1.1       pavel    1251: .It ip hostzerobroadcast       integer yes
                   1252: .It ip lowportmin      integer yes
                   1253: .It ip lowportmax      integer yes
                   1254: .It ip maxflows        integer yes
                   1255: .It ip maxfragpackets  integer yes
                   1256: .It ip mtudisc integer yes
                   1257: .It ip mtudisctimeout  integer yes
                   1258: .It ip random_id       integer yes
                   1259: .It ip redirect        integer yes
                   1260: .It ip subnetsarelocal integer yes
                   1261: .It ip ttl     integer yes
                   1262: .It tcp        rfc1323 integer yes
                   1263: .It tcp        sendspace       integer yes
                   1264: .It tcp        recvspace       integer yes
                   1265: .It tcp        mssdflt integer yes
                   1266: .It tcp        syn_cache_limit integer yes
                   1267: .It tcp        syn_bucket_limit        integer yes
                   1268: .It tcp        syn_cache_interval      integer yes
                   1269: .It tcp        init_win        integer yes
                   1270: .It tcp        init_win_local  integer yes
                   1271: .It tcp        mss_ifmtu       integer yes
                   1272: .It tcp        win_scale       integer yes
                   1273: .It tcp        timestamps      integer yes
                   1274: .It tcp        compat_42       integer yes
                   1275: .It tcp        cwm     integer yes
                   1276: .It tcp        cwm_burstsize   integer yes
                   1277: .It tcp        ack_on_push     integer yes
                   1278: .It tcp        keepidle        integer yes
                   1279: .It tcp        keepintvl       integer yes
                   1280: .It tcp        keepcnt integer yes
                   1281: .It tcp        slowhz  integer no
1.12      christos 1282: .It tcp        keepinit        integer yes
1.1       pavel    1283: .It tcp        log_refused     integer yes
                   1284: .It tcp        rstppslimit     integer yes
                   1285: .It tcp        ident   struct  no
1.13      christos 1286: .It tcp        drop    struct  no
1.1       pavel    1287: .It tcp        sack.enable     integer yes
                   1288: .It tcp        sack.globalholes        integer no
                   1289: .It tcp        sack.globalmaxholes     integer yes
                   1290: .It tcp        sack.maxholes   integer yes
                   1291: .It tcp        ecn.enable      integer yes
                   1292: .It tcp        ecn.maxretries  integer yes
                   1293: .It tcp        congctl.selected        string  yes
                   1294: .It tcp        congctl.available       string  yes
                   1295: .It tcp        abc.enable      integer yes
                   1296: .It tcp        abc.aggressive  integer yes
                   1297: .It udp        checksum        integer yes
                   1298: .It udp        do_loopback_cksum       integer yes
                   1299: .It udp        recvspace       integer yes
                   1300: .It udp        sendspace       integer yes
                   1301: .El
                   1302: .Pp
                   1303: The variables are as follows:
                   1304: .Bl -tag -width "123456"
                   1305: .It Li arp.down
                   1306: Failed ARP entry lifetime.
                   1307: .It Li arp.keep
                   1308: Valid ARP entry lifetime.
                   1309: .It Li arp.prune
                   1310: ARP cache pruning interval.
                   1311: .It Li arp.refresh
                   1312: ARP entry refresh interval.
                   1313: .It Li carp.allow
                   1314: If set to 0, incoming
                   1315: .Xr carp 4
                   1316: packets will not be processed.
                   1317: If set to any other value, processing will occur.
                   1318: Enabled by default.
                   1319: .It Li carp.arpbalance
                   1320: If set to any value other than 0, the ARP balancing functionality of
                   1321: .Xr carp 4
                   1322: is enabled.
                   1323: When ARP requests are received for an IP address which is part of any virtual
                   1324: host, carp will hash the source IP in the ARP request to select one of the
                   1325: virtual hosts from the set of all the virtual hosts which have that IP address.
                   1326: The master of that host will respond with the correct virtual MAC address.
                   1327: Disabled by default.
                   1328: .It Li carp.log
                   1329: If set to any value other than 0,
                   1330: .Xr carp 4
                   1331: will log errors.
                   1332: Disabled by default.
                   1333: .It Li carp.preempt
                   1334: If set to 0,
                   1335: .Xr carp 4
                   1336: will not attempt to become master if it is receiving advertisements from
                   1337: another active master.
                   1338: If set to any other value, carp will become master of the virtual host if it
                   1339: believes it can send advertisements more frequently than the current master.
                   1340: Disabled by default.
                   1341: .It Li ip.allowsrcrt
                   1342: If set to 1, the host accepts source routed packets.
1.72      christos 1343: .It Li ip.anonportalgo.available
                   1344: The available RFC 6056 port randomization algorithms.
1.74      christos 1345: .It Li ip.anonportalgo.reserve
                   1346: A bitmask of ports that will not be used during anonymous or privileged
                   1347: port selection.
1.72      christos 1348: .It Li ip.anonportalgo.selected
                   1349: The currently selected RFC 6056 port randomization algorithm.
1.1       pavel    1350: .It Li ip.anonportmax
                   1351: The highest port number to use for TCP and UDP ephemeral port allocation.
                   1352: This cannot be set to less than 1024 or greater than 65535, and must
                   1353: be greater than
                   1354: .Li ip.anonportmin .
                   1355: .It Li ip.anonportmin
                   1356: The lowest port number to use for TCP and UDP ephemeral port allocation.
                   1357: This cannot be set to less than 1024 or greater than 65535.
                   1358: .It Li ip.checkinterface
                   1359: If set to non-zero, the host will reject packets addressed to it
                   1360: that arrive on an interface not bound to that address.
                   1361: Currently, this must be disabled if ipnat is used to translate the
                   1362: destination address to another local interface, or if addresses
                   1363: are added to the loopback interface instead of the interface where
                   1364: the packets for those packets are received.
                   1365: .It Li ip.directed-broadcast
                   1366: If set to 1, enables directed broadcast behavior for the host.
                   1367: .It Li ip.do_loopback_cksum
                   1368: Perform IP checksum on loopback.
                   1369: .It Li ip.forwarding
                   1370: If set to 1, enables IP forwarding for the host,
                   1371: meaning that the host is acting as a router.
                   1372: .It Li ip.forwsrcrt
                   1373: If set to 1, enables forwarding of source-routed packets for the host.
                   1374: This value may only be changed if the kernel security level is less than 1.
                   1375: .It Li ip.gifttl
                   1376: The maximum time-to-live (hop count) value for an IPv4 packet generated by
                   1377: .Xr gif 4
                   1378: tunnel interface.
                   1379: .It Li ip.grettl
                   1380: The maximum time-to-live (hop count) value for an IPv4 packet generated by
                   1381: .Xr gre 4
                   1382: tunnel interface.
1.8       liamjfoy 1383: .It Li ip.hashsize
                   1384: The size of IPv4 Fast Forward hash table.
                   1385: This value must be a power of 2 (64, 256...).
                   1386: A larger hash table size results in fewer collisions.
                   1387: Also see
                   1388: .Li ip.maxflows .
1.1       pavel    1389: .It Li ip.hostzerobroadcast
                   1390: All zeroes address is broadcast address.
                   1391: .It Li ip.lowportmax
                   1392: The highest port number to use for TCP and UDP reserved port allocation.
                   1393: This cannot be set to less than 0 or greater than 1024, and must
                   1394: be greater than
                   1395: .Li ip.lowportmin .
                   1396: .It Li ip.lowportmin
                   1397: The lowest port number to use for TCP and UDP reserved port allocation.
                   1398: This cannot be set to less than 0 or greater than 1024, and must
                   1399: be smaller than
                   1400: .Li ip.lowportmax .
                   1401: .It Li ip.maxflows
1.5       liamjfoy 1402: IPv4 Fast Forwarding is enabled by default.
                   1403: If set to 0, IPv4 Fast Forwarding is disabled.
1.1       pavel    1404: .Li ip.maxflows
                   1405: controls the maximum amount of flows which can be created.
                   1406: The default value is 256.
                   1407: .It Li ip.maxfragpackets
                   1408: The maximum number of fragmented packets the node will accept.
                   1409: 0 means that the node will not accept any fragmented packets.
                   1410: \-1 means that the node will accept as many fragmented packets as it receives.
                   1411: The flag is provided basically for avoiding possible DoS attacks.
                   1412: .It Li ip.mtudisc
                   1413: If set to 1, enables Path MTU Discovery (RFC 1191).
                   1414: When Path MTU Discovery is enabled, the transmitted TCP segment
                   1415: size will be determined by the advertised maximum segment size
                   1416: (MSS) from the remote end, as constrained by the path MTU.
                   1417: If MTU Discovery is disabled, the transmitted segment size will
                   1418: never be greater than
                   1419: .Li tcp.mssdflt
                   1420: (the local maximum segment size).
                   1421: .It Li ip.mtudisctimeout
                   1422: The number of seconds in which a route added by the Path MTU
                   1423: Discovery engine will time out.
                   1424: When the route times out, the Path
                   1425: MTU Discovery engine will attempt to probe a larger path MTU.
                   1426: .It Li ip.random_id
                   1427: Assign random ip_id values.
                   1428: .It Li ip.redirect
                   1429: If set to 1, ICMP redirects may be sent by the host.
                   1430: This option is ignored unless the host is routing IP packets,
                   1431: and should normally be enabled on all systems.
                   1432: .It Li ip.subnetsarelocal
                   1433: If set to 1, subnets are to be considered local addresses.
                   1434: .It Li ip.ttl
                   1435: The maximum time-to-live (hop count) value for an IP packet sourced by
                   1436: the system.
                   1437: This value applies to normal transport protocols, not to ICMP.
                   1438: .It Li icmp.errppslimit
                   1439: The variable specifies the maximum number of outgoing ICMP error messages,
                   1440: per second.
                   1441: ICMP error messages that exceeded the value are subject to rate limitation
                   1442: and will not go out from the node.
                   1443: Negative value disables rate limitation.
                   1444: .It Li icmp.maskrepl
                   1445: If set to 1, ICMP network mask requests are to be answered.
                   1446: .It Li icmp.rediraccept
                   1447: If set to non-zero, the host will accept ICMP redirect packets.
                   1448: Note that routers will never accept ICMP redirect packets,
                   1449: and the variable is meaningful on IP hosts only.
                   1450: .It Li icmp.redirtimeout
                   1451: The variable specifies lifetime of routing entries generated by incoming
                   1452: ICMP redirect.
                   1453: This defaults to 600 seconds.
                   1454: .It Li icmp.returndatabytes
                   1455: Number of bytes to return in an ICMP error message.
1.28      christos 1456: .It Li icmp.bmcastecho
                   1457: If set to 1, enables responding to ICMP echo or timestamp request to the
                   1458: broadcast address.
1.1       pavel    1459: .It Li tcp.ack_on_push
                   1460: If set to 1, TCP is to immediately transmit an ACK upon reception of
                   1461: a packet with PUSH set.
                   1462: This can avoid losing a round trip time in some rare situations,
                   1463: but has the caveat of potentially defeating TCP's delayed ACK algorithm.
                   1464: Use of this option is generally not recommended, but
                   1465: the variable exists in case your configuration really needs it.
                   1466: .It Li tcp.compat_42
                   1467: If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation.
                   1468: Use of this option is not recommended, although it may be
                   1469: required in order to communicate with extremely old TCP implementations.
                   1470: .It Li tcp.cwm
                   1471: If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window
                   1472: Monitoring algorithm.
                   1473: This algorithm prevents line-rate bursts of packets that could
                   1474: otherwise occur when data begins flowing on an idle TCP connection.
                   1475: These line-rate bursts can contribute to network and router congestion.
                   1476: This can be particularly useful on World Wide Web servers
                   1477: which support HTTP/1.1, which has lingering connections.
                   1478: .It Li tcp.cwm_burstsize
                   1479: The Congestion Window Monitoring allowed burst size, in terms
                   1480: of packet count.
                   1481: .It Li tcp.delack_ticks
                   1482: Number of ticks to delay sending an ACK.
                   1483: .It Li tcp.do_loopback_cksum
                   1484: Perform TCP checksum on loopback.
                   1485: .It Li tcp.init_win
1.76      wiz      1486: A value indicating the TCP initial congestion window.
                   1487: The valid range
1.75      christos 1488: is 0 to 10 (maximum specified by draft-ietf-tcpm-initcwnd-08.txt),
                   1489: with a default of 4 (approximately 4K per RFC3390).
1.1       pavel    1490: .It Li tcp.init_win_local
                   1491: Like
                   1492: .Li tcp.init_win ,
                   1493: but used when communicating with hosts on a local network.
                   1494: .It Li tcp.keepcnt
                   1495: Number of keepalive probes sent before declaring a connection dead.
                   1496: If set to zero, there is no limit;
                   1497: keepalives will be sent until some kind of
                   1498: response is received from the peer.
                   1499: .It Li tcp.keepidle
                   1500: Time a connection must be idle before keepalives are sent (if keepalives
                   1501: are enabled for the connection).
                   1502: See also tcp.slowhz.
                   1503: .It Li tcp.keepintvl
                   1504: Time after a keepalive probe is sent until, in the absence of any response,
                   1505: another probe is sent.
                   1506: See also tcp.slowhz.
                   1507: .It Li tcp.log_refused
                   1508: If set to 1, refused TCP connections to the host will be logged.
1.12      christos 1509: .It Li tcp.keepinit
                   1510: Timeout in seconds during connection establishment.
1.1       pavel    1511: .It Li tcp.mss_ifmtu
                   1512: If set to 1, TCP calculates the outgoing maximum segment size based on
                   1513: the MTU of the appropriate interface.
                   1514: If set to 0, it is calculated based on the greater of the MTU of the
                   1515: interface, and the largest (non-loopback) interface MTU on the system.
                   1516: .It Li tcp.mssdflt
                   1517: The default maximum segment size both advertised to the peer
                   1518: and to use when either the peer does not advertise a maximum segment size to
                   1519: us during connection setup or Path MTU Discovery
                   1520: .Li ( ip.mtudisc )
                   1521: is disabled.
                   1522: Do not change this value unless you really know what you are doing.
                   1523: .It Li tcp.recvspace
                   1524: The default TCP receive buffer size.
                   1525: .It Li tcp.rfc1323
                   1526: If set to 1, enables RFC 1323 extensions to TCP.
                   1527: .It Li tcp.rstppslimit
                   1528: The variable specifies the maximum number of outgoing TCP RST packets,
                   1529: per second.
                   1530: TCP RST packet that exceeded the value are subject to rate limitation
                   1531: and will not go out from the node.
                   1532: Negative value disables rate limitation.
1.13      christos 1533: .It Li tcp.ident
                   1534: Return the user ID of a connected socket pair.
                   1535: (RFC1413 Identification Protocol lookups.)
                   1536: .It Li tcp.drop
                   1537: Drop a TCP socket pair connection.
1.1       pavel    1538: .It Li tcp.sack.enable
                   1539: If set to 1, enables RFC 2018 Selective ACKnowledgement.
                   1540: .It Li tcp.sack.globalholes
                   1541: Global number of TCP SACK holes.
                   1542: .It Li tcp.sack.globalmaxholes
                   1543: Global maximum number of TCP SACK holes.
                   1544: .It Li tcp.sack.maxholes
                   1545: Maximum number of TCP SACK holes allowed per connection.
                   1546: .It Li tcp.ecn.enable
                   1547: If set to 1, enables RFC 3168 Explicit Congestion Notification.
                   1548: .It Li tcp.ecn.maxretries
                   1549: Number of times to retry sending the ECN-setup packet.
                   1550: .It Li tcp.sendspace
                   1551: The default TCP send buffer size.
                   1552: .It Li tcp.slowhz
                   1553: The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks
                   1554: of a clock that ticks tcp.slowhz times per second.
                   1555: (That is, their values
                   1556: must be divided by the tcp.slowhz value to get times in seconds.)
                   1557: .It Li tcp.syn_bucket_limit
                   1558: The maximum number of entries allowed per hash bucket in the TCP
                   1559: compressed state engine.
                   1560: .It Li tcp.syn_cache_limit
                   1561: The maximum number of entries allowed in the TCP compressed state
                   1562: engine.
                   1563: .It Li tcp.timestamps
                   1564: If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options,
                   1565: used for measuring TCP round trip times, are enabled.
                   1566: .It Li tcp.win_scale
                   1567: If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options,
                   1568: for increasing the TCP window size, are enabled.
                   1569: .It Li tcp.congctl.available
                   1570: The available TCP congestion control algorithms.
                   1571: .It Li tcp.congctl.selected
                   1572: The currently selected TCP congestion control algorithm.
                   1573: .It Li tcp.abc.enable
                   1574: If set to 1, use RFC 3465 Appropriate Byte Counting (ABC).
                   1575: If set to 0, use traditional Packet Counting.
                   1576: .It Li tcp.abc.aggressive
                   1577: Choose the L parameter found in RFC 3465.
                   1578: L is the maximum cwnd increase for an ack during slow start.
                   1579: If set to 1, use L=2*SMSS.
                   1580: If set to 0, use L=1*SMSS.
                   1581: It has no effect unless tcp.abc.enable is set to 1.
                   1582: .It Li udp.checksum
                   1583: If set to 1, UDP checksums are being computed.
                   1584: Received non-zero UDP checksums are always checked.
                   1585: Disabling UDP checksums is strongly discouraged.
1.67      christos 1586: .It Li udp.recvspace
                   1587: The default UDP receive buffer size.
1.1       pavel    1588: .It Li udp.sendspace
                   1589: The default UDP send buffer size.
                   1590: .El
                   1591: .Pp
                   1592: For variables net.*.ipsec, please refer to
                   1593: .Xr ipsec 4 .
                   1594: .It Li net.inet6 ( PF_INET6 )
                   1595: Get or set various global information about the IPv6
                   1596: .Pq Internet Protocol version 6 .
                   1597: The third level name is the protocol.
                   1598: The fourth level name is the variable name.
                   1599: The currently defined protocols and names are:
1.21      joerg    1600: .Bl -column "Protocol name" "do_loopback_cksum" "integer" "Changeable" -offset indent
1.1       pavel    1601: .It Sy Protocol name   Variable name   Type    Changeable
                   1602: .It icmp6      errppslimit     integer yes
                   1603: .It icmp6      mtudisc_hiwat   integer yes
                   1604: .It icmp6      mtudisc_lowat   integer yes
                   1605: .It icmp6      nd6_debug       integer yes
                   1606: .It icmp6      nd6_delay       integer yes
                   1607: .It icmp6      nd6_maxnudhint  integer yes
                   1608: .It icmp6      nd6_mmaxtries   integer yes
                   1609: .It icmp6      nd6_prune       integer yes
                   1610: .It icmp6      nd6_umaxtries   integer yes
                   1611: .It icmp6      nd6_useloopback integer yes
                   1612: .It icmp6      nodeinfo        integer yes
                   1613: .It icmp6      rediraccept     integer yes
                   1614: .It icmp6      redirtimeout    integer yes
                   1615: .It ip6        accept_rtadv    integer yes
1.72      christos 1616: .It ip6        anonportalgo.selected   string  yes
                   1617: .It ip6        anonportalgo.available  string  yes
1.74      christos 1618: .It ip6 anonportalgo.reserve   struct  yes
1.1       pavel    1619: .It ip6        anonportmax     integer yes
                   1620: .It ip6        anonportmin     integer yes
                   1621: .It ip6        auto_flowlabel  integer yes
                   1622: .It ip6        dad_count       integer yes
                   1623: .It ip6        defmcasthlim    integer yes
                   1624: .It ip6        forwarding      integer yes
                   1625: .It ip6        gifhlim integer yes
1.7       liamjfoy 1626: .It ip6        hashsize        integer yes
1.1       pavel    1627: .It ip6        hlim    integer yes
                   1628: .It ip6        hdrnestlimit    integer yes
                   1629: .It ip6        kame_version    string  no
                   1630: .It ip6        keepfaith       integer yes
                   1631: .It ip6        log_interval    integer yes
                   1632: .It ip6        lowportmax      integer yes
                   1633: .It ip6        lowportmin      integer yes
1.73      christos 1634: .It ip6        maxdynroutes    integer yes
                   1635: .It ip6        maxifprefixes   integer yes
                   1636: .It ip6        maxifdefrouters integer yes
1.5       liamjfoy 1637: .It ip6        maxflows        integer yes
1.1       pavel    1638: .It ip6        maxfragpackets  integer yes
                   1639: .It ip6        maxfrags        integer yes
1.73      christos 1640: .It ip6        neighborgcthresh        integer yes
1.1       pavel    1641: .It ip6        redirect        integer yes
                   1642: .It ip6        rr_prune        integer yes
                   1643: .It ip6        use_deprecated  integer yes
                   1644: .It ip6        v6only  integer yes
                   1645: .It udp6       do_loopback_cksum       integer yes
                   1646: .It udp6       recvspace       integer yes
                   1647: .It udp6       sendspace       integer yes
                   1648: .El
                   1649: .Pp
                   1650: The variables are as follows:
                   1651: .Bl -tag -width "123456"
                   1652: .It Li ip6.accept_rtadv
                   1653: If set to non-zero, the node will accept ICMPv6 router advertisement packets
                   1654: and autoconfigures address prefixes and default routers.
                   1655: The node must be a host
                   1656: .Pq not a router
                   1657: for the option to be meaningful.
1.72      christos 1658: .It Li ip6.anonportalgo.available
                   1659: The available RFC 6056 port randomization algorithms.
1.74      christos 1660: .It Li ip6.anonportalgo.reserve
                   1661: A bitmask of ports that will not be used during anonymous or privileged
                   1662: port selection.
1.72      christos 1663: .It Li ip6.anonportalgo.selected
                   1664: The currently selected RFC 6056 port randomization algorithm.
1.1       pavel    1665: .It Li ip6.anonportmax
                   1666: The highest port number to use for TCP and UDP ephemeral port allocation.
                   1667: This cannot be set to less than 1024 or greater than 65535, and must
                   1668: be greater than
                   1669: .Li ip6.anonportmin .
                   1670: .It Li ip6.anonportmin
                   1671: The lowest port number to use for TCP and UDP ephemeral port allocation.
                   1672: This cannot be set to less than 1024 or greater than 65535.
                   1673: .It Li ip6.auto_flowlabel
                   1674: On connected transport protocol packets,
                   1675: fill IPv6 flowlabel field to help intermediate routers to identify packet flows.
                   1676: .It Li ip6.dad_count
                   1677: The variable configures number of IPv6 DAD
                   1678: .Pq duplicated address detection
                   1679: probe packets.
                   1680: The packets will be generated when IPv6 interface addresses are configured.
                   1681: .It Li ip6.defmcasthlim
                   1682: The default hop limit value for an IPv6 multicast packet sourced by the node.
                   1683: This value applies to all the transport protocols on top of IPv6.
                   1684: There are APIs to override the value, as documented in
                   1685: .Xr ip6 4 .
                   1686: .It Li ip6.forwarding
                   1687: If set to 1, enables IPv6 forwarding for the node,
                   1688: meaning that the node is acting as a router.
                   1689: If set to 0, disables IPv6 forwarding for the node,
                   1690: meaning that the node is acting as a host.
                   1691: IPv6 specification defines node behavior for
                   1692: .Dq router
                   1693: case and
                   1694: .Dq host
                   1695: case quite differently, and changing this variable during operation
                   1696: may cause serious trouble.
                   1697: It is recommended to configure the variable at bootstrap time,
                   1698: and bootstrap time only.
                   1699: .It Li ip6.gifhlim
                   1700: The maximum hop limit value for an IPv6 packet generated by
                   1701: .Xr gif 4
                   1702: tunnel interface.
                   1703: .It Li ip6.hdrnestlimit
                   1704: The number of IPv6 extension headers permitted on incoming IPv6 packets.
                   1705: If set to 0, the node will accept as many extension headers as possible.
1.7       liamjfoy 1706: .It Li ip6.hashsize
                   1707: The size of IPv6 Fast Forward hash table.
1.56      uwe      1708: This value must be a power of 2 (64, 256, ...).
1.7       liamjfoy 1709: A larger hash table size results in fewer collisions.
                   1710: Also see
                   1711: .Li ip6.maxflows .
1.1       pavel    1712: .It Li ip6.hlim
                   1713: The default hop limit value for an IPv6 unicast packet sourced by the node.
                   1714: This value applies to all the transport protocols on top of IPv6.
                   1715: There are APIs to override the value, as documented in
                   1716: .Xr ip6 4 .
                   1717: .It Li ip6.kame_version
                   1718: The string identifies the version of KAME IPv6 stack implemented in the kernel.
                   1719: .It Li ip6.keepfaith
                   1720: If set to non-zero, it enables
                   1721: .Dq FAITH
                   1722: TCP relay IPv6-to-IPv4 translator code in the kernel.
                   1723: Refer
                   1724: .Xr faith 4
                   1725: and
                   1726: .Xr faithd 8
                   1727: for detail.
                   1728: .It Li ip6.log_interval
                   1729: The variable controls amount of logs generated by IPv6 packet
                   1730: forwarding engine, by setting interval between log output
                   1731: .Pq in seconds .
                   1732: .It Li ip6.lowportmax
                   1733: The highest port number to use for TCP and UDP reserved port allocation.
                   1734: This cannot be set to less than 0 or greater than 1024, and must
                   1735: be greater than
                   1736: .Li ip6.lowportmin .
                   1737: .It Li ip6.lowportmin
                   1738: The lowest port number to use for TCP and UDP reserved port allocation.
                   1739: This cannot be set to less than 0 or greater than 1024, and must
                   1740: be smaller than
                   1741: .Li ip6.lowportmax .
1.73      christos 1742: .It Li ip6.maxdynroutes
                   1743: Maximum number of routes created by redirect.
                   1744: Set it to negative to disable.
                   1745: The default value is 4096.
                   1746: .It Li ip6.maxifprefixes
                   1747: Maximum number of prefixes created by route advertisements per interface.
                   1748: Set it to negative to disable.
                   1749: The default value is 16.
                   1750: .It Li ip6.maxifdefrouters 16
                   1751: Maximum number of default routers created by route advertisements per interface.
                   1752: Set it to negative to disable.
                   1753: The default value is 16.
1.5       liamjfoy 1754: .It Li ip6.maxflows
                   1755: IPv6 Fast Forwarding is enabled by default.
                   1756: If set to 0, IPv6 Fast Forwarding is disabled.
                   1757: .Li ip6.maxflows
                   1758: controls the maximum amount of flows which can be created.
1.6       liamjfoy 1759: The default value is 256.
1.1       pavel    1760: .It Li ip6.maxfragpackets
                   1761: The maximum number of fragmented packets the node will accept.
                   1762: 0 means that the node will not accept any fragmented packets.
                   1763: \-1 means that the node will accept as many fragmented packets as it receives.
                   1764: The flag is provided basically for avoiding possible DoS attacks.
                   1765: .It Li ip6.maxfrags
                   1766: The maximum number of fragments the node will accept.
                   1767: 0 means that the node will not accept any fragments.
                   1768: \-1 means that the node will accept as many fragments as it receives.
                   1769: The flag is provided basically for avoiding possible DoS attacks.
1.73      christos 1770: .It Li ip6.neighborgcthresh
                   1771: Maximum number of entries in neighbor cache.
                   1772: Set to negative to disable.
                   1773: The default value is 2048.
1.1       pavel    1774: .It Li ip6.redirect
                   1775: If set to 1, ICMPv6 redirects may be sent by the node.
                   1776: This option is ignored unless the node is routing IP packets,
                   1777: and should normally be enabled on all systems.
                   1778: .It Li ip6.rr_prune
                   1779: The variable specifies interval between IPv6 router renumbering prefix
                   1780: babysitting, in seconds.
                   1781: .It Li ip6.use_deprecated
                   1782: The variable controls use of deprecated address, specified in RFC 2462 5.5.4.
                   1783: .It Li ip6.v6only
                   1784: The variable specifies initial value for
                   1785: .Dv IPV6_V6ONLY
                   1786: socket option for
                   1787: .Dv AF_INET6
                   1788: socket.
                   1789: Please refer to
                   1790: .Xr ip6 4
                   1791: for detail.
                   1792: .It Li icmp6.errppslimit
                   1793: The variable specifies the maximum number of outgoing ICMPv6 error messages,
                   1794: per second.
                   1795: ICMPv6 error messages that exceeded the value are subject to rate limitation
                   1796: and will not go out from the node.
                   1797: Negative value disables rate limitation.
                   1798: .It Li icmp6.mtudisc_hiwat
                   1799: .It Li icmp6.mtudisc_lowat
                   1800: The variables define the maximum number of routing table entries,
                   1801: created due to path MTU discovery
                   1802: .Pq prevents denial-of-service attacks with ICMPv6 too big messages .
                   1803: When IPv6 path MTU discovery happens, we keep path MTU information into
                   1804: the routing table.
                   1805: If the number of routing table entries exceed the value,
                   1806: the kernel will not attempt to keep the path MTU information.
                   1807: .Li icmp6.mtudisc_hiwat
                   1808: is used when we have verified ICMPv6 too big messages.
                   1809: .Li icmp6.mtudisc_lowat
                   1810: is used when we have unverified ICMPv6 too big messages.
                   1811: Verification is performed by using address/port pairs kept in connected pcbs.
                   1812: Negative value disables the upper limit.
                   1813: .It Li icmp6.nd6_debug
                   1814: If set to non-zero, kernel IPv6 neighbor discovery code will generate
                   1815: debugging messages.
                   1816: The debug outputs are useful to diagnose IPv6 interoperability issues.
                   1817: The flag must be set to 0 for normal operation.
                   1818: .It Li icmp6.nd6_delay
                   1819: The variable specifies
                   1820: .Dv DELAY_FIRST_PROBE_TIME
                   1821: timing constant in IPv6 neighbor discovery specification
                   1822: .Pq RFC 2461 ,
                   1823: in seconds.
                   1824: .It Li icmp6.nd6_maxnudhint
                   1825: IPv6 neighbor discovery permits upper layer protocols to supply reachability
                   1826: hints, to avoid unnecessary neighbor discovery exchanges.
                   1827: The variable defines the number of consecutive hints the neighbor discovery
                   1828: layer will take.
                   1829: For example, by setting the variable to 3, neighbor discovery layer
                   1830: will take 3 consecutive hints in maximum.
                   1831: After receiving 3 hints, neighbor discovery layer will perform
                   1832: normal neighbor discovery process.
                   1833: .It Li icmp6.nd6_mmaxtries
                   1834: The variable specifies
                   1835: .Dv MAX_MULTICAST_SOLICIT
                   1836: constant in IPv6 neighbor discovery specification
                   1837: .Pq RFC 2461 .
                   1838: .It Li icmp6.nd6_prune
                   1839: The variable specifies interval between IPv6 neighbor cache babysitting,
                   1840: in seconds.
                   1841: .It Li icmp6.nd6_umaxtries
                   1842: The variable specifies
                   1843: .Dv MAX_UNICAST_SOLICIT
                   1844: constant in IPv6 neighbor discovery specification
                   1845: .Pq RFC 2461 .
                   1846: .It Li icmp6.nd6_useloopback
                   1847: If set to non-zero, kernel IPv6 stack will use loopback interface for
                   1848: local traffic.
                   1849: .It Li icmp6.nodeinfo
                   1850: The variable enables responses to ICMPv6 node information queries.
                   1851: If you set the variable to 0, responses will not be generated for
                   1852: ICMPv6 node information queries.
                   1853: Since node information queries can have a security impact, it is
                   1854: possible to fine tune which responses should be answered.
                   1855: Two separate bits can be set.
                   1856: .Bl -tag -width "12345"
                   1857: .It 1
                   1858: Respond to ICMPv6 FQDN queries, e.g.
                   1859: .Li ping6 -w .
                   1860: .It 2
                   1861: Respond to ICMPv6 node addresses queries, e.g.
                   1862: .Li ping6 -a .
                   1863: .El
                   1864: .It Li icmp6.rediraccept
                   1865: If set to non-zero, the host will accept ICMPv6 redirect packets.
                   1866: Note that IPv6 routers will never accept ICMPv6 redirect packets,
                   1867: and the variable is meaningful on IPv6 hosts
                   1868: .Pq non-router
                   1869: only.
                   1870: .It Li icmp6.redirtimeout
                   1871: The variable specifies lifetime of routing entries generated by incoming
                   1872: ICMPv6 redirect.
                   1873: .It Li udp6.do_loopback_cksum
                   1874: Perform UDP checksum on loopback.
                   1875: .It Li udp6.recvspace
                   1876: Default UDP receive buffer size.
                   1877: .It Li udp6.sendspace
                   1878: Default UDP send buffer size.
                   1879: .El
                   1880: .Pp
                   1881: We reuse net.*.tcp for
                   1882: .Tn TCP
                   1883: over
                   1884: .Tn IPv6 ,
                   1885: and therefore we do not have variables net.*.tcp6.
                   1886: Variables net.inet6.udp6 have identical meaning to net.inet.udp.
                   1887: Please refer to
                   1888: .Li PF_INET
                   1889: section above.
                   1890: For variables net.*.ipsec6, please refer to
                   1891: .Xr ipsec 4 .
                   1892: .It Li net.key ( PF_KEY )
                   1893: Get or set various global information about the IPsec key management.
                   1894: The third level name is the variable name.
                   1895: The currently defined variable and names are:
1.21      joerg    1896: .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent
1.1       pavel    1897: .It Sy Variable name   Type    Changeable
                   1898: .It debug      integer yes
1.80      christos 1899: .It enabled    integer yes
                   1900: .It used       integer no
1.1       pavel    1901: .It spi_try    integer yes
                   1902: .It spi_min_value      integer yes
                   1903: .It spi_max_value      integer yes
                   1904: .It larval_lifetime    integer yes
                   1905: .It blockacq_count     integer yes
                   1906: .It blockacq_lifetime  integer yes
                   1907: .It esp_keymin integer yes
                   1908: .It esp_auth   integer yes
                   1909: .It ah_keymin  integer yes
                   1910: .El
1.21      joerg    1911: .Pp
1.1       pavel    1912: The variables are as follows:
                   1913: .Bl -tag -width "123456"
                   1914: .It Li debug
                   1915: Turn on debugging message from within the kernel.
                   1916: The value is a bitmap, as defined in
1.56      uwe      1917: .In netkey/key_debug.h .
1.80      christos 1918: .It Li enabled
1.81      christos 1919: Control processing of IPsec control messages.
                   1920: .Bl -tag -width indent
                   1921: .It 0
                   1922: Never allow IPsec processing
                   1923: .It 1
                   1924: Allow IPsec processing when SPD policies are present.
                   1925: .It 2
                   1926: Force IPsec processing even when SPD policies are not present.
                   1927: .El
1.80      christos 1928: .It Li used
                   1929: Based on if IPsec is enabled, and SPD rule existance, show if
                   1930: IPsec is being used.
                   1931: Note that currenly once IPsec is being used, it cannot be disabled.
1.1       pavel    1932: .It Li spi_try
                   1933: The number of times the kernel will try to obtain an unique SPI
                   1934: when it generates it from random number generator.
                   1935: .It Li spi_min_value
                   1936: Minimum SPI value when generating it within the kernel.
                   1937: .It Li spi_max_value
                   1938: Maximum SPI value when generating it within the kernel.
                   1939: .It Li larval_lifetime
                   1940: Lifetime for LARVAL SAD entries, in seconds.
                   1941: .It Li blockacq_count
                   1942: Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message.
                   1943: It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the
                   1944: key management daemon.
                   1945: .It Li blockacq_lifetime
                   1946: Lifetime of ACQUIRE PF_KEY message.
                   1947: .It Li esp_keymin
                   1948: Minimum ESP key length, in bits.
                   1949: The value is used when the kernel creates proposal payload
                   1950: on ACQUIRE PF_KEY message.
                   1951: .It Li esp_auth
                   1952: Whether ESP authentication should be used or not.
                   1953: Non-zero value indicates that ESP authentication should be used.
                   1954: The value is used when the kernel creates proposal payload
                   1955: on ACQUIRE PF_KEY message.
                   1956: .It Li ah_keymin
                   1957: Minimum AH key length, in bits,
                   1958: The value is used when the kernel creates proposal payload
                   1959: on ACQUIRE PF_KEY message.
                   1960: .El
                   1961: .El
1.50      jruoho   1962: .Ss The proc.* subtree
1.1       pavel    1963: The string and integer information available for the
                   1964: .Li proc
                   1965: level is detailed below.
                   1966: The changeable column shows whether a process with appropriate
                   1967: privilege may change the value.
                   1968: These values are per-process,
                   1969: and as such may change from one process to another.
                   1970: When a process is created,
                   1971: the default values are inherited from its parent.
                   1972: When a set-user-ID or set-group-ID binary is executed, the
                   1973: value of PROC_PID_CORENAME is reset to the system default value.
                   1974: The second level name is either the magic value PROC_CURPROC, which
                   1975: points to the current process, or the PID of the target process.
1.21      joerg    1976: .Bl -column "proc.pid.corename" "string" "not applicable" -offset indent
1.1       pavel    1977: .It Sy Third level name        Type    Changeable
                   1978: .It proc.pid.corename  string  yes
                   1979: .It proc.pid.rlimit    node    not applicable
                   1980: .It proc.pid.stopfork  int     yes
                   1981: .It proc.pid.stopexec  int     yes
                   1982: .It proc.pid.stopexit  int     yes
                   1983: .El
                   1984: .Bl -tag -width "123456"
                   1985: .It Li proc.pid.corename ( PROC_PID_CORENAME )
                   1986: The template used for the core dump file name (see
                   1987: .Xr core 5
                   1988: for details).
                   1989: The base name must either be
1.56      uwe      1990: .Pa core
                   1991: or end with the suffix
                   1992: .Pa .core
                   1993: (the super-user may set arbitrary names).
                   1994: By default it points to
                   1995: .Dv KERN_DEFCORENAME .
1.1       pavel    1996: .It Li proc.pid.rlimit ( PROC_PID_LIMIT )
                   1997: Return resources limits, as defined for the
                   1998: .Xr getrlimit 2
                   1999: and
                   2000: .Xr setrlimit 2
                   2001: system calls.
                   2002: The fourth level name is one of:
1.56      uwe      2003: .Bl -tag -width "123456"
1.1       pavel    2004: .It Li proc.pid.rlimit.cputime ( PROC_PID_LIMIT_CPU )
                   2005: The maximum amount of CPU time (in seconds) to be used by each process.
                   2006: .It Li proc.pid.rlimit.filesize ( PROC_PID_LIMIT_FSIZE )
                   2007: The largest size (in bytes) file that may be created.
                   2008: .It Li proc.pid.rlimit.datasize ( PROC_PID_LIMIT_DATA )
                   2009: The maximum size (in bytes) of the data segment for a process;
                   2010: this defines how far a program may extend its break with the
                   2011: .Xr sbrk 2
                   2012: system call.
                   2013: .It Li proc.pid.rlimit.stacksize ( PROC_PID_LIMIT_STACK )
                   2014: The maximum size (in bytes) of the stack segment for a process;
                   2015: this defines how far a program's stack segment may be extended.
                   2016: Stack extension is performed automatically by the system.
                   2017: .It Li proc.pid.rlimit.coredumpsize ( PROC_PID_LIMIT_CORE )
                   2018: The largest size (in bytes)
                   2019: .Pa core
                   2020: file that may be created.
                   2021: .It Li proc.pid.rlimit.memoryuse ( PROC_PID_LIMIT_RSS )
                   2022: The maximum size (in bytes) to which a process's resident set size may
                   2023: grow.
                   2024: This imposes a limit on the amount of physical memory to be given to
                   2025: a process; if memory is tight, the system will prefer to take memory
                   2026: from processes that are exceeding their declared resident set size.
                   2027: .It Li proc.pid.rlimit.memorylocked ( PROC_PID_LIMIT_MEMLOCK )
                   2028: The maximum size (in bytes) which a process may lock into memory
                   2029: using the
                   2030: .Xr mlock 2
                   2031: function.
                   2032: .It Li proc.pid.rlimit.maxproc ( PROC_PID_LIMIT_NPROC )
                   2033: The maximum number of simultaneous processes for this user id.
                   2034: .It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE )
                   2035: The maximum number of open files for this process.
1.22      snj      2036: .It Li proc.pid.rlimit.sbsize ( PROC_PID_LIMIT_SBSIZE )
                   2037: The maximum size (in bytes) of the socket buffers
                   2038: set by the
                   2039: .Xr setsockopt 2
                   2040: .Dv SO_RCVBUF
                   2041: and
                   2042: .Dv SO_SNDBUF
                   2043: options.
1.1       pavel    2044: .El
                   2045: .Pp
                   2046: The fifth level name is one of
1.56      uwe      2047: .Li soft ( PROC_PID_LIMIT_TYPE_SOFT )
                   2048: or
1.1       pavel    2049: .Li hard ( PROC_PID_LIMIT_TYPE_HARD ) ,
                   2050: to select respectively the soft or hard limit.
                   2051: Both are of type integer.
                   2052: .It Li proc.pid.stopfork ( PROC_PID_STOPFORK )
                   2053: If non zero, the process' children will be stopped after
                   2054: .Xr fork 2
                   2055: calls.
                   2056: The children is created in the SSTOP state and is never scheduled
                   2057: for running before being stopped.
                   2058: This feature helps attaching a process with a debugger such as
                   2059: .Xr gdb 1
                   2060: before it had the opportunity to actually do anything.
                   2061: .Pp
                   2062: This value is inherited by the process's children, and it also
                   2063: apply to emulation specific system calls that fork a new process, such as
                   2064: .Fn sproc
                   2065: or
                   2066: .Fn clone .
                   2067: .It Li proc.pid.stopexec ( PROC_PID_STOPEXEC )
                   2068: If non zero, the process will be stopped on next
                   2069: .Xr exec 3
                   2070: call.
                   2071: The process created by
                   2072: .Xr exec 3
                   2073: is created in the SSTOP state and is never scheduled for running
                   2074: before being stopped.
                   2075: This feature helps attaching a process with a debugger such as
                   2076: .Xr gdb 1
                   2077: before it had the opportunity to actually do anything.
                   2078: .Pp
                   2079: This value is inherited by the process's children.
                   2080: .It Li proc.pid.stopexit ( PROC_PID_STOPEXIT )
                   2081: If non zero, the process will be stopped on when it has cause to exit,
                   2082: either by way of calling
                   2083: .Xr exit 3 ,
                   2084: .Xr _exit 2 ,
                   2085: or by the receipt of a specific signal.
                   2086: The process is stopped before any of its resources or vm space is
                   2087: released allowing examination of the termination state of a process
                   2088: before it disappears.
                   2089: This feature can be used to examine the final conditions of the
                   2090: process's vmspace via
                   2091: .Xr pmap 1
                   2092: or its resource settings with
                   2093: .Xr sysctl 8
                   2094: before it disappears.
                   2095: .Pp
                   2096: This value is also inherited by the process's children.
                   2097: .El
1.50      jruoho   2098: .Ss The user.* subtree ( CTL_USER )
1.1       pavel    2099: The string and integer information available for the
                   2100: .Li user
                   2101: level is detailed below.
                   2102: The changeable column shows whether a process with appropriate
                   2103: privilege may change the value.
1.21      joerg    2104: .Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent
1.1       pavel    2105: .It Sy Second level name       Type    Changeable
                   2106: .It user.atexit_max    integer no
                   2107: .It user.bc_base_max   integer no
                   2108: .It user.bc_dim_max    integer no
                   2109: .It user.bc_scale_max  integer no
                   2110: .It user.bc_string_max integer no
                   2111: .It user.coll_weights_max      integer no
                   2112: .It user.cs_path       string  no
                   2113: .It user.expr_nest_max integer no
                   2114: .It user.line_max      integer no
                   2115: .It user.posix2_c_bind integer no
                   2116: .It user.posix2_c_dev  integer no
                   2117: .It user.posix2_char_term      integer no
                   2118: .It user.posix2_fort_dev       integer no
                   2119: .It user.posix2_fort_run       integer no
                   2120: .It user.posix2_localedef      integer no
                   2121: .It user.posix2_sw_dev integer no
                   2122: .It user.posix2_upe    integer no
                   2123: .It user.posix2_version        integer no
                   2124: .It user.re_dup_max    integer no
                   2125: .It user.stream_max    integer no
                   2126: .It user.stream_max    integer no
                   2127: .It user.tzname_max    integer no
                   2128: .El
                   2129: .Bl -tag -width "123456"
                   2130: .It Li user.atexit_max ( USER_ATEXIT_MAX )
                   2131: The maximum number of functions that may be registered with
                   2132: .Xr atexit 3 .
                   2133: .It Li user.bc_base_max ( USER_BC_BASE_MAX )
                   2134: The maximum ibase/obase values in the
                   2135: .Xr bc 1
                   2136: utility.
                   2137: .It Li user.bc_dim_max ( USER_BC_DIM_MAX )
                   2138: The maximum array size in the
                   2139: .Xr bc 1
                   2140: utility.
                   2141: .It Li user.bc_scale_max ( USER_BC_SCALE_MAX )
                   2142: The maximum scale value in the
                   2143: .Xr bc 1
                   2144: utility.
                   2145: .It Li user.bc_string_max ( USER_BC_STRING_MAX )
                   2146: The maximum string length in the
                   2147: .Xr bc 1
                   2148: utility.
                   2149: .It Li user.coll_weights_max ( USER_COLL_WEIGHTS_MAX )
                   2150: The maximum number of weights that can be assigned to any entry of
                   2151: the LC_COLLATE order keyword in the locale definition file.
                   2152: .It Li user.cs_path ( USER_CS_PATH )
                   2153: Return a value for the
                   2154: .Ev PATH
                   2155: environment variable that finds all the standard utilities.
                   2156: .It Li user.expr_nest_max ( USER_EXPR_NEST_MAX )
                   2157: The maximum number of expressions that can be nested within
                   2158: parenthesis by the
                   2159: .Xr expr 1
                   2160: utility.
                   2161: .It Li user.line_max ( USER_LINE_MAX )
                   2162: The maximum length in bytes of a text-processing utility's input
                   2163: line.
                   2164: .It Li user.posix2_char_term ( USER_POSIX2_CHAR_TERM )
                   2165: Return 1 if the system supports at least one terminal type capable of
1.58      wiz      2166: all operations described in
                   2167: .St -p1003.2 ,
                   2168: otherwise\ 0.
1.1       pavel    2169: .It Li user.posix2_c_bind ( USER_POSIX2_C_BIND )
                   2170: Return 1 if the system's C-language development facilities support the
1.56      uwe      2171: C-Language Bindings Option, otherwise\ 0.
1.1       pavel    2172: .It Li user.posix2_c_dev ( USER_POSIX2_C_DEV )
                   2173: Return 1 if the system supports the C-Language Development Utilities Option,
1.56      uwe      2174: otherwise\ 0.
1.1       pavel    2175: .It Li user.posix2_fort_dev ( USER_POSIX2_FORT_DEV )
                   2176: Return 1 if the system supports the FORTRAN Development Utilities Option,
1.56      uwe      2177: otherwise\ 0.
1.1       pavel    2178: .It Li user.posix2_fort_run ( USER_POSIX2_FORT_RUN )
                   2179: Return 1 if the system supports the FORTRAN Runtime Utilities Option,
1.56      uwe      2180: otherwise\ 0.
1.1       pavel    2181: .It Li user.posix2_localedef ( USER_POSIX2_LOCALEDEF )
1.56      uwe      2182: Return 1 if the system supports the creation of locales, otherwise\ 0.
1.1       pavel    2183: .It Li user.posix2_sw_dev ( USER_POSIX2_SW_DEV )
                   2184: Return 1 if the system supports the Software Development Utilities Option,
1.56      uwe      2185: otherwise\ 0.
1.1       pavel    2186: .It Li user.posix2_upe ( USER_POSIX2_UPE )
                   2187: Return 1 if the system supports the User Portability Utilities Option,
1.56      uwe      2188: otherwise\ 0.
1.1       pavel    2189: .It Li user.posix2_version ( USER_POSIX2_VERSION )
1.58      wiz      2190: The version of
                   2191: .St -p1003.2
                   2192: with which the system attempts to comply.
1.1       pavel    2193: .It Li user.re_dup_max ( USER_RE_DUP_MAX )
                   2194: The maximum number of repeated occurrences of a regular expression
                   2195: permitted when using interval notation.
                   2196: .It Li user.stream_max ( USER_STREAM_MAX )
                   2197: The minimum maximum number of streams that a process may have open
                   2198: at any one time.
                   2199: .It Li user.tzname_max ( USER_TZNAME_MAX )
                   2200: The minimum maximum number of types supported for the name of a
                   2201: timezone.
                   2202: .El
1.50      jruoho   2203: .Ss The vm.* subtree ( CTL_VM )
1.1       pavel    2204: The string and integer information available for the
                   2205: .Li vm
                   2206: level is detailed below.
                   2207: The changeable column shows whether a process with appropriate
                   2208: privilege may change the value.
1.21      joerg    2209: .Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent
1.1       pavel    2210: .It Sy Second level name       Type    Changeable
                   2211: .It vm.anonmax int     yes
                   2212: .It vm.anonmin int     yes
                   2213: .It vm.bufcache        int     yes
                   2214: .It vm.bufmem  int     no
                   2215: .It vm.bufmem_hiwater  int     yes
                   2216: .It vm.bufmem_lowater  int     yes
                   2217: .It vm.execmax int     yes
                   2218: .It vm.execmin int     yes
                   2219: .It vm.filemax int     yes
                   2220: .It vm.filemin int     yes
                   2221: .It vm.loadavg struct loadavg  no
                   2222: .It vm.maxslp  int     no
                   2223: .It vm.nkmempages      int     no
                   2224: .It vm.uspace  int     no
                   2225: .It vm.uvmexp  struct uvmexp   no
                   2226: .It vm.uvmexp2 struct uvmexp_sysctl    no
                   2227: .It vm.vmmeter struct vmtotal  no
                   2228: .El
                   2229: .Pp
                   2230: .Bl -tag -width "123456"
                   2231: .It Li vm.anonmax ( VM_ANONMAX )
                   2232: The percentage of physical memory which will be reclaimed
                   2233: from other types of memory usage to store anonymous application data.
                   2234: .It Li vm.anonmin ( VM_ANONMIN )
                   2235: The percentage of physical memory which will be always be available for
                   2236: anonymous application data.
                   2237: .It Li vm.bufcache ( VM_BUFCACHE )
                   2238: The percentage of physical memory which will be available
                   2239: for the buffer cache.
                   2240: .It Li vm.bufmem ( VM_BUFMEM )
                   2241: The amount of kernel memory that is being used by the buffer cache.
                   2242: .It Li vm.bufmem_lowater ( VM_BUFMEM_LOWATER )
                   2243: The minimum amount of kernel memory to reserve for the
                   2244: buffer cache.
                   2245: .It Li vm.bufmem_hiwater ( VM_BUFMEM_HIWATER )
                   2246: The maximum amount of kernel memory to be used for the
                   2247: buffer cache.
                   2248: .It Li vm.execmax ( VM_EXECMAX )
                   2249: The percentage of physical memory which will be reclaimed
                   2250: from other types of memory usage to store cached executable data.
                   2251: .It Li vm.execmin ( VM_EXECMIN )
                   2252: The percentage of physical memory which will be always be available for
                   2253: cached executable data.
                   2254: .It Li vm.filemax ( VM_FILEMAX )
                   2255: The percentage of physical memory which will be reclaimed
                   2256: from other types of memory usage to store cached file data.
                   2257: .It Li vm.filemin ( VM_FILEMIN )
                   2258: The percentage of physical memory which will be always be available for
                   2259: cached file data.
                   2260: .It Li vm.loadavg ( VM_LOADAVG )
                   2261: Return the load average history.
                   2262: The returned data consists of a
1.56      uwe      2263: .Vt struct loadavg .
1.1       pavel    2264: .It Li vm.maxslp ( VM_MAXSLP )
                   2265: The value of the maxslp kernel global variable.
                   2266: .It Li vm.vmmeter ( VM_METER )
                   2267: Return system wide virtual memory statistics.
                   2268: The returned data consists of a
1.56      uwe      2269: .Vt struct vmtotal .
1.31      drochner 2270: .It vm.user_va0_disable
1.56      uwe      2271: A flag which controls whether user processes can map virtual address\ 0.
1.1       pavel    2272: .It Li vm.uspace ( VM_USPACE )
                   2273: The number of bytes allocated for each kernel stack.
                   2274: .It Li vm.uvmexp ( VM_UVMEXP )
                   2275: Return system wide virtual memory statistics.
                   2276: The returned data consists of a
1.56      uwe      2277: .Vt struct uvmexp .
1.1       pavel    2278: .It Li vm.uvmexp2 ( VM_UVMEXP2 )
                   2279: Return system wide virtual memory statistics.
                   2280: The returned data consists of a
1.56      uwe      2281: .Vt struct uvmexp_sysctl .
1.1       pavel    2282: .\" XXX vm.idlezero
                   2283: .El
1.50      jruoho   2284: .Ss The ddb.* subtree ( CTL_DDB )
1.34      jruoho   2285: The information available for the
1.1       pavel    2286: .Li ddb
                   2287: level is detailed below.
                   2288: The changeable column shows whether a process with appropriate
                   2289: privilege may change the value.
                   2290: .\" XXX sort
1.21      joerg    2291: .Bl -column "Second level name" "integer" "Changeable" -offset indent
1.1       pavel    2292: .It Sy Second level name       Type    Changeable
                   2293: .It ddb.radix  integer yes
                   2294: .It ddb.maxoff integer yes
1.34      jruoho   2295: .It ddb.maxwidth       integer yes
1.1       pavel    2296: .It ddb.lines  integer yes
                   2297: .It ddb.tabstops       integer yes
                   2298: .It ddb.onpanic        integer yes
                   2299: .It ddb.fromconsole    integer yes
1.34      jruoho   2300: .It ddb.tee_msgbuf     integer yes
                   2301: .It ddb.commandonenter string  yes
1.1       pavel    2302: .El
                   2303: .Pp
                   2304: .Bl -tag -width "123456"
1.35      jruoho   2305: .It Li ddb.radix ( DDBCTL_RADIX )
1.1       pavel    2306: The input and output radix.
1.35      jruoho   2307: .It Li ddb.maxoff ( DDBCTL_MAXOFF )
1.1       pavel    2308: The maximum symbol offset.
1.34      jruoho   2309: .It Li ddb.maxwidth ( DDBCTL_MAXWIDTH )
                   2310: The maximum output line width.
1.35      jruoho   2311: .It Li ddb.lines ( DDBCTL_LINES )
1.1       pavel    2312: Number of display lines.
1.35      jruoho   2313: .It Li ddb.tabstops ( DDBCTL_TABSTOPS )
1.1       pavel    2314: Tab width.
1.35      jruoho   2315: .It Li ddb.onpanic ( DDBCTL_ONPANIC )
1.63      riz      2316: If greater than zero, DDB will be entered if the kernel panics.
                   2317: A value of 1 causes the system to enter DDB on panic, while a value of 2
                   2318: causes the kernel to attempt to print out a stack trace before entering DDB.
                   2319: A value of 0 causes the kernel to attempt to print a stack trace, then
1.64      wiz      2320: reboot, while a value of \-1 means neither a stack trace will be printed
1.63      riz      2321: nor DDB entered.
1.35      jruoho   2322: .It Li ddb.fromconsole ( DDBCTL_FROMCONSOLE )
1.1       pavel    2323: If not zero, DDB may be entered by sending a break on a serial
                   2324: console or by a special key sequence on a graphics console.
1.34      jruoho   2325: .It Li ddb.tee_msgbuf
                   2326: If not zero, DDB will output also to the kernel message buffer.
                   2327: .It Li ddb.commandonenter
                   2328: If not empty, a command to be executed on each enter to the
                   2329: .Tn DDB .
                   2330: .\"
                   2331: .\" XXX: (a) ddb.commandonenter is missing in ddb(4);
                   2332: .\"     (b) No DDBCTL definitions for tee_msgbuf and commandonenter.
1.1       pavel    2333: .El
                   2334: .Pp
1.34      jruoho   2335: Some of these
                   2336: .Tn MIB
                   2337: nodes are also available as variables from within the debugger.
1.1       pavel    2338: See
                   2339: .Xr ddb 4
                   2340: for more details.
1.50      jruoho   2341: .Ss The security.* subtree ( CTL_SECURITY )
1.1       pavel    2342: The
                   2343: .Li security
                   2344: level contains various security-related settings for
1.2       wiz      2345: the system.
1.43      jruoho   2346: The available second level names are:
                   2347: .Bl -column "Second level name" "integer" "Changeable" -offset indent
                   2348: .It Sy Second level name       Type    Changeable
                   2349: .It Li security.curtain        integer yes
                   2350: .It Li security.models node    not applicable
                   2351: .It Li security.pax    node    not applicable
                   2352: .El
                   2353: .Pp
1.2       wiz      2354: Available settings are detailed below.
1.1       pavel    2355: .Pp
                   2356: .Bl -tag -width "123456"
                   2357: .It Li security.curtain
1.43      jruoho   2358: If non-zero, will filter return objects according to the user
                   2359: .Tn ID
1.1       pavel    2360: requesting information about them, preventing from users any
1.43      jruoho   2361: access to objects they do not own.
1.1       pavel    2362: .Pp
                   2363: At the moment, it affects
                   2364: .Xr ps 1 ,
                   2365: .Xr netstat 1
                   2366: (for
                   2367: .Dv PF_INET ,
                   2368: .Dv PF_INET6 ,
                   2369: and
                   2370: .Dv PF_UNIX
                   2371: PCBs), and
                   2372: .Xr w 1 .
1.4       elad     2373: .It Li security.models
                   2374: .Nx
                   2375: supports pluggable security models.
1.17      ad       2376: Every security model used, whether if loaded as a module or built with the system,
1.4       elad     2377: is required to add an entry to this node with at least one element,
                   2378: .Dq name ,
                   2379: indicating the name of the security model.
                   2380: .Pp
                   2381: In addition to the name, any settings and other information private to the
                   2382: security model will be available under this node.
                   2383: See
                   2384: .Xr secmodel 9
                   2385: for more information.
1.1       pavel    2386: .It Li security.pax
                   2387: Settings for PaX -- exploit mitigation features.
1.4       elad     2388: For more information on any of the PaX features, please see
                   2389: .Xr paxctl 8
                   2390: and
1.62      jruoho   2391: .Xr security 7 .
1.43      jruoho   2392: The available third and fourth level names are:
                   2393: .Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \
                   2394: -offset 2n
                   2395: .It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable
                   2396: .It Li security.pax.aslr.enabled       integer yes
                   2397: .\".It Li security.pax.aslr.exec_len   integer yes
                   2398: .It Li security.pax.aslr.global        integer yes
                   2399: .\".It Li security.pax.aslr.mmap_len   integer yes
                   2400: .\".It Li security.pax.aslr.stack_len  integer yes
                   2401: .It Li security.pax.mprotect.enabled   integer yes
                   2402: .It Li security.pax.mprotect.global    integer yes
                   2403: .It Li security.pax.segvguard.enabled  integer yes
                   2404: .It Li security.pax.segvguard.expiry_timeout   integer yes
                   2405: .It Li security.pax.segvguard.global   integer yes
                   2406: .It Li security.pax.segvguard.max_crashes      integer yes
                   2407: .It Li security.pax.segvguard.suspend_timeout  integer yes
                   2408: .El
1.1       pavel    2409: .Pp
                   2410: .Bl -tag -width "123456"
1.43      jruoho   2411: .It Li security.pax.aslr.enabled
1.14      elad     2412: Enable PaX ASLR (Address Space Layout Randomization).
                   2413: .Pp
                   2414: The value of this
                   2415: knob must be non-zero for PaX ASLR to be enabled, even if a program is set to
                   2416: explicit enable.
1.43      jruoho   2417: .\".It Li security.pax.aslr.exec_len
                   2418: .\" XXX: Undocumented.
1.14      elad     2419: .It Li security.pax.aslr.global
                   2420: Specifies the default global policy for programs without an
                   2421: explicit enable/disable flag.
                   2422: .Pp
                   2423: When non-zero, all programs will get PaX ASLR, except those exempted with
1.69      wiz      2424: .Xr paxctl 8 .
1.14      elad     2425: Otherwise, all programs will not get PaX ASLR, except those specifically
                   2426: marked as such with
                   2427: .Xr paxctl 8 .
1.43      jruoho   2428: .\".It Li security.pax.aslr.mmap_len
                   2429: .\" XXX: Undocumented.
                   2430: .\" .It Li security.pax.aslr.stack_len
                   2431: .\" XXX: Undocumented.
                   2432: .It Li security.pax.mprotect.enabled
1.1       pavel    2433: Enable PaX MPROTECT restrictions.
                   2434: .Pp
                   2435: These are
                   2436: .Xr mprotect 2
1.2       wiz      2437: restrictions to better enforce a W^X policy.
                   2438: The value of this
1.1       pavel    2439: knob must be non-zero for PaX MPROTECT to be enabled, even if a
                   2440: program is set to explicit enable.
                   2441: .It Li security.pax.mprotect.global
                   2442: Specifies the default global policy for programs without an
                   2443: explicit enable/disable flag.
                   2444: .Pp
                   2445: When non-zero, all programs will get the PaX MPROTECT restrictions,
                   2446: except those exempted with
1.69      wiz      2447: .Xr paxctl 8 .
1.1       pavel    2448: Otherwise, all programs will not get the PaX MPROTECT restrictions,
                   2449: except those specifically marked as such with
1.4       elad     2450: .Xr paxctl 8 .
1.43      jruoho   2451: .It Li security.pax.segvguard.enabled
1.1       pavel    2452: Enable PaX Segvguard.
                   2453: .Pp
                   2454: PaX Segvguard can detect and prevent certain exploitation attempts, where
                   2455: an attacker may try for example to brute-force function return addresses
                   2456: of respawning daemons.
                   2457: .Pp
                   2458: .Em Note :
                   2459: The
                   2460: .Nx
                   2461: interface and implementation of the Segvguard is still experimental, and may
                   2462: change in future releases.
1.43      jruoho   2463: .It Li security.pax.segvguard.expiry_timeout
                   2464: If the max number was not reached within this timeout (in seconds), the entry
                   2465: will expire.
1.1       pavel    2466: .It Li security.pax.segvguard.global
                   2467: Specifies the default global policy for programs without an
                   2468: explicit enable/disable flag.
                   2469: .Pp
                   2470: When non-zero, all programs will get the PaX Segvguard,
                   2471: except those exempted with
1.69      wiz      2472: .Xr paxctl 8 .
1.2       wiz      2473: Otherwise, no program will get the PaX Segvguard restrictions,
1.1       pavel    2474: except those specifically marked as such with
1.4       elad     2475: .Xr paxctl 8 .
1.43      jruoho   2476: .It Li security.pax.segvguard.max_crashes
                   2477: The maximum number of segfaults a program can receive before suspension.
1.1       pavel    2478: .It Li security.pax.segvguard.suspend_timeout
                   2479: Number of seconds to suspend a user from running a faulting program when the
                   2480: limit was exceeded.
                   2481: .El
                   2482: .El
1.50      jruoho   2483: .Ss The vendor.* subtree ( CTL_VENDOR )
1.1       pavel    2484: The
                   2485: .Li vendor
                   2486: toplevel name is reserved to be used by vendors who wish to
                   2487: have their own private MIB tree.
                   2488: Intended use is to store values under
                   2489: .Dq vendor.\*[Lt]yourname\*[Gt].* .
                   2490: .Sh SEE ALSO
                   2491: .Xr sysctl 3 ,
                   2492: .Xr ipsec 4 ,
                   2493: .Xr tcp 4 ,
1.62      jruoho   2494: .Xr security 7 ,
1.1       pavel    2495: .Xr sysctl 8
                   2496: .Sh HISTORY
                   2497: The
                   2498: .Nm
                   2499: variables first appeared in
                   2500: .Bx 4.4 .

CVSweb <webmaster@jp.NetBSD.org>