Annotation of src/share/man/man7/sysctl.7, Revision 1.83
1.83 ! wiz 1: .\" $NetBSD: sysctl.7,v 1.82 2014/06/13 19:09:07 joerg Exp $
1.1 pavel 2: .\"
3: .\" Copyright (c) 1993
4: .\" The Regents of the University of California. All rights reserved.
5: .\"
6: .\" Redistribution and use in source and binary forms, with or without
7: .\" modification, are permitted provided that the following conditions
8: .\" are met:
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\" 2. Redistributions in binary form must reproduce the above copyright
12: .\" notice, this list of conditions and the following disclaimer in the
13: .\" documentation and/or other materials provided with the distribution.
14: .\" 3. Neither the name of the University nor the names of its contributors
15: .\" may be used to endorse or promote products derived from this software
16: .\" without specific prior written permission.
17: .\"
18: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28: .\" SUCH DAMAGE.
29: .\"
30: .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95
31: .\"
1.82 joerg 32: .Dd June 13, 2014
1.1 pavel 33: .Dt SYSCTL 7
34: .Os
35: .Sh NAME
36: .Nm sysctl
37: .Nd system information variables
38: .Sh DESCRIPTION
39: The
40: .Xr sysctl 3
41: library function and the
42: .Xr sysctl 8
43: utility are used to get and set values of system variables, maintained
44: by the kernel.
45: The variables are organized in a tree and identified by a sequence of
46: numbers, conventionally separated by dots with the topmost identifier
47: at the left side.
48: The numbers have corresponding text names.
49: The
50: .Xr sysctlnametomib 3
51: function or the
52: .Fl M
53: argument to the
54: .Xr sysctl 8
55: utility can be used to convert the text representation to the
56: numeric one.
57: .Pp
58: The individual sysctl variables are described below, both the textual
59: and numeric form where applicable.
60: The textual names can be used as argument to the
61: .Xr sysctl 8
62: utility and in the file
63: .Pa /etc/sysctl.conf .
64: The numeric names are usually defined as preprocessor constants and
65: are intended for use by programs.
66: Every such constant expands to one integer, which identifies the
67: sysctl variable relative to the upper level of the tree.
68: See the
69: .Xr sysctl 3
70: manual page for programming examples.
1.50 jruoho 71: .Ss Top level names
1.56 uwe 72: The top level names are defined with a
73: .Va CTL_
74: prefix in
1.33 joerg 75: .In sys/sysctl.h ,
1.1 pavel 76: and are as follows.
77: The next and subsequent levels down are found in the include files
78: listed here, and described in separate sections below.
1.56 uwe 79: .Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits"
80: .It Sy Name Ta Sy Constant Ta Sy Next level names Ta Sy Description
81: .It kern Ta Dv CTL_KERN Ta In sys/sysctl.h Ta High kernel limits
82: .It vm Ta Dv CTL_VM Ta In uvm/uvm_param.h Ta Virtual memory
83: .It vfs Ta Dv CTL_VFS Ta In sys/mount.h Ta Filesystem
84: .It net Ta Dv CTL_NET Ta In sys/socket.h Ta Networking
85: .It debug Ta Dv CTL_DEBUG Ta In sys/sysctl.h Ta Debugging
86: .It hw Ta Dv CTL_HW Ta In sys/sysctl.h Ta Generic CPU, I/O
87: .It machdep Ta Dv CTL_MACHDEP Ta In sys/sysctl.h Ta Machine dependent
88: .It user Ta Dv CTL_USER Ta In sys/sysctl.h Ta User-level
89: .It ddb Ta Dv CTL_DDB Ta In sys/sysctl.h Ta In-kernel debugger
90: .It proc Ta Dv CTL_PROC Ta In sys/sysctl.h Ta Per-process
91: .It vendor Ta Dv CTL_VENDOR Ta ? Ta Vendor specific
92: .It emul Ta Dv CTL_EMUL Ta In sys/sysctl.h Ta Emulation settings
93: .It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h Ta Security settings
1.1 pavel 94: .El
1.50 jruoho 95: .Ss The debug.* subtree
1.1 pavel 96: The debugging variables vary from system to system.
97: A debugging variable may be added or deleted without need to recompile
98: .Nm
99: to know about it.
100: Each time it runs,
101: .Nm
102: gets the list of debugging variables from the kernel and
103: displays their current values.
104: The system defines twenty
1.56 uwe 105: .Vt ( struct ctldebug )
1.1 pavel 106: variables named
107: .Dv debug0
108: through
109: .Dv debug19 .
110: They are declared as separate variables so that they can be
111: individually initialized at the location of their associated variable.
112: The loader prevents multiple use of the same variable by issuing errors
113: if a variable is initialized in more than one place.
114: For example, to export the variable
1.56 uwe 115: .Va dospecialcheck
1.1 pavel 116: as a debugging variable, the following declaration would be used:
1.43 jruoho 117: .Pp
1.1 pavel 118: .Bd -literal -offset indent -compact
119: int dospecialcheck = 1;
120: struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck };
121: .Ed
122: .Pp
123: Note that the dynamic implementation of
124: .Nm
125: currently in use largely makes this particular
126: .Nm
127: interface obsolete.
128: See
129: .Xr sysctl 8
130: .\" and
131: .\" .Xr sysctl 9
132: for more information.
1.50 jruoho 133: .Ss The vfs.* subtree
1.1 pavel 134: A distinguished second level name,
135: .Li vfs.generic ( VFS_GENERIC ) ,
1.57 wiz 136: is used to get general information about all file systems.
1.26 elad 137: It has the following third level identifiers:
1.56 uwe 138: .Bl -tag -width "123456"
139: .It Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM )
1.57 wiz 140: The highest valid file system type number.
1.56 uwe 141: .It Li vfs.generic.conf ( VFS_CONF )
1.57 wiz 142: Returns configuration information about the file system type given as a fourth
1.26 elad 143: level identifier.
1.59 christos 144: .It Li vfs.generic.usermount ( VFS_USERMOUNT )
1.68 jym 145: Determines if non superuser mounts are allowed, defaults to
1.59 christos 146: .Dv 0 .
147: .It Li vfs.generic.magiclinks ( VFS_MAGICLINKS )
148: Controls if expansion of variables is going to be performed on pathnames
149: or not.
150: Defaults to no variable expansion,
151: .Dv 0 .
152: Variables are of the form
153: .Li @name
1.60 christos 154: and the variables supported are described in
155: .Xr symlink 7
156: under
157: .Dq "MAGIC SYMLINKS" .
1.26 elad 158: .El
159: .Pp
1.54 christos 160: A second level name for controlling the
161: .Xr wapbl 4
162: (Write Ahead Physical Block Logging file system journalling)
163: capabilities with the following third level identifiers:
1.56 uwe 164: .Bl -tag -width "123456"
165: .It Li vfs.wapbl.flush_disk_cache
1.55 wiz 166: Controls whether to attempt to flush the disk cache on each commit.
1.77 apb 167: It defaults to 1 and it should always be on to ensure integrity
168: of file system metadata in the event of a power loss.
1.54 christos 169: For slow disks, turning it off can improve performance.
1.56 uwe 170: .It Li vfs.wapbl.verbose_commit
1.55 wiz 171: For each transaction log commit, print the number of bytes written
172: and the time it took to commit as seconds.nanoseconds.
1.54 christos 173: .El
174: .Pp
1.57 wiz 175: The remaining second level identifiers are the file system names, identified
1.26 elad 176: by the type number returned by a
1.1 pavel 177: .Xr statvfs 2
178: call or from
1.27 wiz 179: .Li vfs.generic.conf .
1.56 uwe 180: .Pp
1.57 wiz 181: The third level identifiers available for each file system
1.1 pavel 182: are given in the header file that defines the mount
1.57 wiz 183: argument structure for that file system.
1.50 jruoho 184: .Ss The hw.* subtree
1.1 pavel 185: The string and integer information available for the
186: .Li hw
187: level is detailed below.
188: The changeable column shows whether a process with appropriate
189: privilege may change the value.
1.37 jruoho 190: .Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent
1.1 pavel 191: .It Sy Second level name Type Changeable
192: .It hw.alignbytes integer no
193: .It hw.byteorder integer no
194: .It hw.cnmagic string yes
195: .It hw.disknames string no
196: .It hw.diskstats struct no
197: .It hw.machine string no
198: .It hw.machine_arch string no
199: .It hw.model string no
200: .It hw.ncpu integer no
201: .It hw.pagesize integer no
202: .It hw.physmem integer no
203: .It hw.physmem64 quad no
204: .It hw.usermem integer no
205: .It hw.usermem64 quad no
206: .El
207: .Pp
208: .Bl -tag -width "123456"
209: .It Li hw.alignbytes ( HW_ALIGNBYTES )
210: Alignment constraint for all possible data types.
211: This shows the value
212: .Dv ALIGNBYTES
213: in
1.56 uwe 214: .In machine/param.h ,
1.1 pavel 215: at the kernel compilation time.
216: .It Li hw.byteorder ( HW_BYTEORDER )
1.56 uwe 217: The byteorder (4321, or 1234).
1.1 pavel 218: .It Li hw.cnmagic ( HW_CNMAGIC )
219: The console magic key sequence.
220: .It Li hw.disknames ( HW_DISKNAMES )
221: The list of (space separated) disk device names on the system.
222: .It Li hw.iostatnames ( HW_IOSTATNAMES )
223: A space separated list of devices that will have I/O statistics
224: collected on them.
225: .It Li hw.iostats ( HW_IOSTATS )
226: Return statistical information on the NFS mounts, disk and tape
227: devices on the system.
228: An array of
1.56 uwe 229: .Vt struct io_sysctl
1.1 pavel 230: structures is returned,
231: whose size depends on the current number of such objects in the system.
232: The third level name is the size of the
1.56 uwe 233: .Vt struct io_sysctl .
1.1 pavel 234: The type of object can be determined by examining the
235: .Va type
236: element of
1.56 uwe 237: .Vt struct io_sysctl .
1.1 pavel 238: Which can be
239: .Dv IOSTAT_DISK
240: (disk drive),
241: .Dv IOSTAT_TAPE
242: (tape drive), or
243: .Dv IOSTAT_NFS
244: (NFS mount).
245: .It Li hw.machine ( HW_MACHINE )
246: The machine class.
247: .It Li hw.machine_arch ( HW_MACHINE_ARCH )
248: The machine CPU class.
249: .It Li hw.model ( HW_MODEL )
250: The machine model.
251: .It Li hw.ncpu ( HW_NCPU )
252: The number of CPUs.
253: .It Li hw.pagesize ( HW_PAGESIZE )
254: The software page size.
255: .It Li hw.physmem ( HW_PHYSMEM )
256: The bytes of physical memory as a 32-bit integer.
257: .It Li hw.physmem64 ( HW_PHYSMEM64 )
258: The bytes of physical memory as a 64-bit integer.
259: .It Li hw.usermem ( HW_USERMEM )
260: The bytes of non-kernel memory as a 32-bit integer.
261: .It Li hw.usermem64 ( HW_USERMEM64 )
262: The bytes of non-kernel memory as a 64-bit integer.
263: .El
1.50 jruoho 264: .Ss The kern.* subtree
1.43 jruoho 265: This subtree includes data generally related to the kernel.
1.1 pavel 266: The string and integer information available for the
267: .Li kern
268: level is detailed below.
269: The changeable column shows whether a process with appropriate
270: privilege may change the value.
1.43 jruoho 271: .Bl -column "kern.posix_reader_writer_locks" \
272: "struct kinfo_drivers" "not applicable"
1.1 pavel 273: .It Sy Second level name Type Changeable
1.51 jruoho 274: .It kern.aio_listio_max integer yes
275: .It kern.aio_max integer yes
1.44 jruoho 276: .It kern.arandom integer no
1.1 pavel 277: .It kern.argmax integer no
1.39 jruoho 278: .It kern.boothowto integer no
1.1 pavel 279: .It kern.boottime struct timeval no
1.39 jruoho 280: .\".It kern.bufq node not applicable
1.1 pavel 281: .It kern.ccpu integer no
282: .It kern.clockrate struct clockinfo no
283: .It kern.consdev integer no
1.39 jruoho 284: .It kern.coredump node not applicable
1.21 joerg 285: .It kern.cp_id struct no
286: .It kern.cp_time uint64_t[\|] no
1.46 jruoho 287: .It kern.cryptodevallowsoft integer yes
1.1 pavel 288: .It kern.defcorename string yes
1.38 jruoho 289: .It kern.detachall integer yes
1.1 pavel 290: .It kern.domainname string yes
291: .It kern.drivers struct kinfo_drivers no
1.39 jruoho 292: .It kern.dump_on_panic integer yes
1.1 pavel 293: .It kern.file struct file no
294: .It kern.forkfsleep integer yes
295: .It kern.fscale integer no
296: .It kern.fsync integer no
1.21 joerg 297: .It kern.hardclock_ticks integer no
1.1 pavel 298: .It kern.hostid integer yes
299: .It kern.hostname string yes
1.21 joerg 300: .It kern.iov_max integer no
1.39 jruoho 301: .It kern.ipc node not applicable
1.21 joerg 302: .It kern.job_control integer no
1.1 pavel 303: .It kern.labeloffset integer no
304: .It kern.labelsector integer no
1.21 joerg 305: .It kern.login_name_max integer no
1.1 pavel 306: .It kern.logsigexit integer yes
1.21 joerg 307: .It kern.mapped_files integer no
1.1 pavel 308: .It kern.maxfiles integer yes
1.70 christos 309: .It kern.maxlwp integer yes
1.1 pavel 310: .It kern.maxpartitions integer no
311: .It kern.maxphys integer no
312: .It kern.maxproc integer yes
313: .It kern.maxptys integer yes
314: .It kern.maxvnodes integer yes
315: .It kern.mbuf node not applicable
316: .It kern.memlock integer no
1.21 joerg 317: .It kern.memlock_range integer no
318: .It kern.memory_protection integer no
1.42 jruoho 319: .It kern.module node not applicable
1.21 joerg 320: .It kern.monotonic_clock integer no
1.49 jruoho 321: .It kern.mqueue node not applicable
1.1 pavel 322: .It kern.msgbuf integer no
323: .It kern.msgbufsize integer no
324: .It kern.ngroups integer no
1.41 jruoho 325: .\".It kern.no_sa_support integer yes
1.1 pavel 326: .It kern.ntptime struct ntptimeval no
327: .It kern.osrelease string no
1.39 jruoho 328: .It kern.osrevision integer no
1.1 pavel 329: .It kern.ostype string no
1.41 jruoho 330: .\".It kern.panic_now integer yes
1.1 pavel 331: .It kern.pipe node not applicable
1.82 joerg 332: .It kern.pool struct pool_sysctl no
1.39 jruoho 333: .\" .It kern.posix node not applicable
334: .It kern.posix1version integer no
1.51 jruoho 335: .It kern.posix_aio integer no
1.21 joerg 336: .It kern.posix_barriers integer no
337: .It kern.posix_reader_writer_locks integer no
1.39 jruoho 338: .\".It kern.posix_sched integer yes
1.21 joerg 339: .It kern.posix_semaphores integer no
340: .It kern.posix_spin_locks integer no
341: .It kern.posix_threads integer no
342: .It kern.posix_timers integer no
1.1 pavel 343: .It kern.proc struct kinfo_proc no
344: .It kern.proc2 struct kinfo_proc2 no
1.21 joerg 345: .It kern.proc_args string no
1.39 jruoho 346: .It kern.profiling node not applicable
1.41 jruoho 347: .\".It kern.pset node not applicable
1.1 pavel 348: .It kern.rawpartition integer no
1.21 joerg 349: .It kern.root_device string no
350: .It kern.root_partition integer no
351: .It kern.rtc_offset integer yes
352: .It kern.saved_ids integer no
1.39 jruoho 353: .It kern.sbmax integer yes
1.41 jruoho 354: .\".It kern.sched node not applicable
1.1 pavel 355: .It kern.securelevel integer raise only
1.39 jruoho 356: .It kern.somaxkva integer yes
1.21 joerg 357: .It kern.synchronized_io integer no
1.19 christos 358: .It kern.timecounter node not applicable
1.1 pavel 359: .It kern.timex struct no
360: .It kern.tkstat node not applicable
1.66 christos 361: .It kern.tty node not applicable
1.1 pavel 362: .It kern.urandom integer no
1.45 jruoho 363: .It kern.usercrypto integer yes
364: .It kern.userasymcrypto integer yes
1.39 jruoho 365: .It kern.veriexec node not applicable
1.1 pavel 366: .It kern.version string no
367: .It kern.vnode struct vnode no
368: .El
369: .Bl -tag -width "123456"
1.51 jruoho 370: .It Li kern.aio_listio_max
371: The maximum number of asynchronous
372: .Tn I/O
373: operations in a single list I/O call.
374: Like with all variables related to
375: .Xr aio 3 ,
376: the variable may be created and removed dynamically
377: upon loading or unloading the corresponding kernel module.
378: .It Li kern.aio_max
379: The maximum number of asynchronous I/O operations.
1.44 jruoho 380: .It Li kern.arandom
381: This variable picks a random number each time it is queried.
382: The used random number generator
1.56 uwe 383: .Pf ( Tn RNG )
1.44 jruoho 384: is based on
385: .Xr arc4random 3 .
1.1 pavel 386: .It Li kern.argmax ( KERN_ARGMAX )
387: The maximum bytes of argument to
388: .Xr execve 2 .
1.23 apb 389: .It Li kern.boothowto
390: Flags passed from the boot loader; see
391: .Xr reboot 2
392: for the meanings of the flags.
1.1 pavel 393: .It Li kern.boottime ( KERN_BOOTTIME )
394: A
1.56 uwe 395: .Vt struct timeval
1.1 pavel 396: structure is returned.
397: This structure contains the time that the system was booted.
1.41 jruoho 398: .\" .It Li kern.bufq
399: .\" XXX: Undocumented.
1.1 pavel 400: .It Li kern.ccpu ( KERN_CCPU )
401: The scheduler exponential decay value.
402: .It Li kern.clockrate ( KERN_CLOCKRATE )
403: A
1.56 uwe 404: .Vt struct clockinfo
1.1 pavel 405: structure is returned.
406: This structure contains the clock, statistics clock and profiling clock
407: frequencies, the number of micro-seconds per hz tick, and the clock
408: skew rate.
1.36 jruoho 409: Refer to
410: .Xr hz 9
411: for additional details.
1.1 pavel 412: .It Li kern.consdev ( KERN_CONSDEV )
413: Console device.
1.39 jruoho 414: .It Li kern.coredump
415: Settings related to set-id processes coredumps.
416: By default, set-id processes do not dump core in situations where
417: other processes would.
418: The settings in this node allows an administrator to change this
419: behavior.
420: .Pp
421: The third level name is
422: .Dv kern.coredump.setid
1.40 jruoho 423: and fourth level variables are described below.
424: .Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent
425: .It Sy Fourth level name Type Changeable
426: .It kern.coredump.setid.dump integer yes
427: .It kern.coredump.setid.group integer yes
428: .It kern.coredump.setid.mode integer yes
429: .It kern.coredump.setid.owner integer yes
430: .It kern.coredump.setid.path string yes
431: .El
1.39 jruoho 432: .Bl -tag -width "123456"
433: .It Li kern.coredump.setid.dump
434: If non-zero, set-id processes will dump core.
435: .It Li kern.coredump.setid.group
436: The group-id for the set-id processes' coredump.
437: .It Li kern.coredump.setid.mode
438: The mode for the set-id processes' coredump.
439: See
440: .Xr chmod 1 .
441: .It Li kern.coredump.setid.owner
442: The user-id that will be used as the owner of the set-id processes'
443: coredump.
444: .It Li kern.coredump.setid.path
445: The path to which set-id processes' coredumps will be saved to.
446: Same syntax as kern.defcorename.
447: .El
1.1 pavel 448: .It Li kern.cp_id ( KERN_CP_ID )
449: Mapping of CPU number to CPU id.
450: .It Li kern.cp_time ( KERN_CP_TIME )
1.56 uwe 451: Returns an array of
452: .Dv CPUSTATES
453: .Vt uint64_t Ns s.
1.1 pavel 454: This array contains the
455: number of clock ticks spent in different CPU states.
456: On multi-processor systems, the sum across all CPUs is returned unless
457: appropriate space is given for one data set for each CPU.
458: Data for a specific CPU can also be obtained by adding the number of the
459: CPU at the end of the MIB, enlarging it by one.
1.46 jruoho 460: .It Li kern.cryptodevallowsoft
461: This variable controls userland access to hardware versus software transforms
462: in the
463: .Xr crypto 4
464: system.
465: The available values are as follows:
1.47 wiz 466: .Bl -tag -width XX0 -offset indent
467: .It Dv \*[Lt] 0
1.46 jruoho 468: Always force userlevel requests to use software transforms.
469: .It Dv = 0
470: If present, use hardware and grant userlevel requests for
471: non-accelerated transforms (handling the latter in software).
1.47 wiz 472: .It Dv \*[Gt] 0
1.46 jruoho 473: Allow user requests only for transforms which are hardware-accelerated.
474: .El
1.1 pavel 475: .It Li kern.defcorename ( KERN_DEFCORENAME )
476: Default template for the name of core dump files (see also
477: .Li proc.pid.corename
478: in the per-process variables
479: .Li proc.* ,
480: and
481: .Xr core 5
482: for format of this template).
483: The default value is
1.56 uwe 484: .Pa %n.core
1.1 pavel 485: and can be changed with the kernel configuration option
486: .Cd options DEFCORENAME
487: (see
488: .Xr options 4
489: ).
1.38 jruoho 490: .It Li kern.detachall
491: Detach all devices at shutdown.
1.1 pavel 492: .It Li kern.domainname ( KERN_DOMAINNAME )
493: Get or set the YP domain name.
494: .It Li kern.drivers ( KERN_DRIVERS )
495: Return an array of
1.56 uwe 496: .Vt struct kinfo_drivers
1.1 pavel 497: that contains the name and major device numbers of all the device drivers
498: in the current kernel.
499: The
500: .Va d_name
501: field is always a NUL terminated string.
502: The
503: .Va d_bmajor
504: field will be set to \-1 if the driver doesn't have a block device.
1.39 jruoho 505: .It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC )
1.41 jruoho 506: Perform a crash dump on system
507: .Xr panic 9 .
1.1 pavel 508: .It Li kern.file ( KERN_FILE )
509: Return the entire file table.
510: The returned data consists of a single
1.56 uwe 511: .Vt struct filelist
1.1 pavel 512: followed by an array of
1.56 uwe 513: .Vt struct file ,
1.1 pavel 514: whose size depends on the current number of such objects in the system.
515: .It Li kern.forkfsleep ( KERN_FORKFSLEEP )
516: If
517: .Xr fork 2
518: system call fails due to limit on number of processes (either
519: the global maxproc limit or user's one), wait for this many
520: milliseconds before returning
521: .Er EAGAIN
522: error to process.
523: Useful to keep heavily forking runaway processes in bay.
524: Default zero (no sleep).
525: Maximum is 20 seconds.
526: .It Li kern.fscale ( KERN_FSCALE )
527: The kernel fixed-point scale factor.
528: .It Li kern.fsync ( KERN_FSYNC )
1.58 wiz 529: Return 1 if the
530: .St -p1003.1b-93
531: File Synchronization Option is available
1.1 pavel 532: on this system,
1.56 uwe 533: otherwise\ 0.
1.1 pavel 534: .It Li kern.hardclock_ticks ( KERN_HARDCLOCK_TICKS )
535: Returns the number of
536: .Xr hardclock 9
537: ticks.
538: .It Li kern.hostid ( KERN_HOSTID )
1.39 jruoho 539: Get or set the host identifier.
540: This is aimed to replace the legacy
541: .Xr gethostid 3
542: and
543: .Xr sethostid 3
544: system calls.
1.1 pavel 545: .It Li kern.hostname ( KERN_HOSTNAME )
1.39 jruoho 546: Get or set the
547: .Xr hostname 1 .
1.1 pavel 548: .It Li kern.iov_max ( KERN_IOV_MAX )
549: Return the maximum number of
1.56 uwe 550: .Vt iovec
1.1 pavel 551: structures that a process has available for use with
552: .Xr preadv 2 ,
553: .Xr pwritev 2 ,
554: .Xr readv 2 ,
555: .Xr recvmsg 2 ,
556: .Xr sendmsg 2
557: and
558: .Xr writev 2 .
1.39 jruoho 559: .It Li kern.ipc ( KERN_SYSVIPC )
560: Return information about the SysV IPC parameters.
561: The third level names for the ipc variables are detailed below.
562: .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent
563: .It Sy Third level name Type Changeable
564: .It kern.ipc.sysvmsg integer no
565: .It kern.ipc.sysvsem integer no
566: .It kern.ipc.sysvshm integer no
567: .It kern.ipc.sysvipc_info struct no
568: .It kern.ipc.shmmax integer yes
569: .It kern.ipc.shmmni integer yes
570: .It kern.ipc.shmseg integer yes
571: .It kern.ipc.shmmaxpgs integer yes
572: .It kern.ipc.shm_use_phys integer yes
573: .It kern.ipc.msgmni integer yes
574: .It kern.ipc.msgseg integer yes
575: .It kern.ipc.semmni integer yes
576: .It kern.ipc.semmns integer yes
577: .It kern.ipc.semmnu integer yes
578: .El
579: .Bl -tag -width "123456"
580: .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG )
581: Returns 1 if System V style message queue functionality is available
582: on this system,
1.56 uwe 583: otherwise\ 0.
1.39 jruoho 584: .It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM )
585: Returns 1 if System V style semaphore functionality is available
586: on this system,
1.56 uwe 587: otherwise\ 0.
1.39 jruoho 588: .It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM )
589: Returns 1 if System V style share memory functionality is available
590: on this system,
1.56 uwe 591: otherwise\ 0.
1.39 jruoho 592: .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO )
593: Return System V style IPC configuration and run-time information.
594: The fourth level name selects the System V style IPC facility.
595: .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent
596: .It Sy Fourth level name Type
597: .It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info
598: .It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info
599: .It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info
600: .El
601: .Pp
602: .Bl -tag -width "123456"
603: .It Li KERN_SYSVIPC_MSG_INFO
604: Return information on the System V style message facility.
605: The
606: .Sy msg_sysctl_info
607: structure is defined in
608: .In sys/msg.h .
609: .It Li KERN_SYSVIPC_SEM_INFO
610: Return information on the System V style semaphore facility.
611: The
612: .Sy sem_sysctl_info
613: structure is defined in
614: .In sys/sem.h .
615: .It Li KERN_SYSVIPC_SHM_INFO
616: Return information on the System V style shared memory facility.
617: The
618: .Sy shm_sysctl_info
619: structure is defined in
620: .In sys/shm.h .
621: .El
622: .It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX )
623: Max shared memory segment size in bytes.
624: .It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI )
625: Max number of shared memory identifiers.
626: .It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG )
627: Max shared memory segments per process.
628: .It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS )
629: Max amount of shared memory in pages.
630: .It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS )
631: Locking of shared memory in physical memory.
632: If 0, memory can be swapped
633: out, otherwise it will be locked in physical memory.
634: .It Li kern.ipc.msgmni
635: Max number of message queue identifiers.
636: .It Li kern.ipc.msgseg
637: Max number of number of message segments.
638: .It Li kern.ipc.semmni
639: Max number of number of semaphore identifiers.
640: .It Li kern.ipc.semmns
641: Max number of number of semaphores in system.
642: .It Li kern.ipc.semmnu
643: Max number of undo structures in system.
644: .El
1.1 pavel 645: .It Li kern.job_control ( KERN_JOB_CONTROL )
1.56 uwe 646: Return 1 if job control is available on this system, otherwise\ 0.
1.1 pavel 647: .It Li kern.labeloffset ( KERN_LABELOFFSET )
1.56 uwe 648: The offset within the sector specified by
649: .Dv KERN_LABELSECTOR
650: of the
1.1 pavel 651: .Xr disklabel 5 .
652: .It Li kern.labelsector ( KERN_LABELSECTOR )
653: The sector number containing the
654: .Xr disklabel 5 .
655: .It Li kern.login_name_max ( KERN_LOGIN_NAME_MAX )
656: The size of the storage required for a login name, in bytes,
657: including the terminating NUL.
658: .It Li kern.logsigexit ( KERN_LOGSIGEXIT )
659: If this flag is non-zero, the kernel will
660: .Xr log 9
661: all process exits due to signals which create a
662: .Xr core 5
663: file, and whether the coredump was created.
664: .It Li kern.mapped_files ( KERN_MAPPED_FILES )
1.58 wiz 665: Returns 1 if the
666: .St -p1003.1b-93
667: Memory Mapped Files Option is available on this system,
1.56 uwe 668: otherwise\ 0.
1.1 pavel 669: .It Li kern.maxfiles ( KERN_MAXFILES )
670: The maximum number of open files that may be open in the system.
671: .It Li kern.maxpartitions ( KERN_MAXPARTITIONS )
672: The maximum number of partitions allowed per disk.
1.71 wiz 673: .It Li kern.maxlwp
1.70 christos 674: The maximum number of Lightweight Processes (threads) the system allows
675: per uid.
1.1 pavel 676: .It Li kern.maxphys ( KERN_MAXPHYS )
677: Maximum raw I/O transfer size.
678: .It Li kern.maxproc ( KERN_MAXPROC )
679: The maximum number of simultaneous processes the system will allow.
680: .It Li kern.maxptys ( KERN_MAXPTYS )
681: The maximum number of pseudo terminals.
682: This value can be both raised and lowered, though it cannot
683: be set lower than number of currently used ptys.
684: See also
685: .Xr pty 4 .
686: .It Li kern.maxvnodes ( KERN_MAXVNODES )
687: The maximum number of vnodes available on the system.
688: This can only be raised.
689: .It Li kern.mbuf ( KERN_MBUF )
690: Return information about the mbuf control variables.
691: Mbufs are data structures which store network packets and other data
692: structures in the networking code, see
693: .Xr mbuf 9 .
694: The third level names for the mbuf variables are detailed below.
695: The changeable column shows whether a process with appropriate
696: privilege may change the value.
1.21 joerg 697: .Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent
1.1 pavel 698: .It Sy Third level name Type Changeable
699: .\" XXX Changeable? really?
700: .It kern.mbuf.mblowat integer yes
701: .It kern.mbuf.mclbytes integer yes
702: .It kern.mbuf.mcllowat integer yes
703: .It kern.mbuf.msize integer yes
704: .It kern.mbuf.nmbclusters integer yes
705: .El
706: .Pp
707: The variables are as follows:
708: .Bl -tag -width "123456"
709: .It Li kern.mbuf.mblowat ( MBUF_MBLOWAT )
710: The mbuf low water mark.
711: .It Li kern.mbuf.mclbytes ( MBUF_MCLBYTES )
712: The mbuf cluster size.
713: .It Li kern.mbuf.mcllowat ( MBUF_MCLLOWAT )
714: The mbuf cluster low water mark.
715: .It Li kern.mbuf.msize ( MBUF_MSIZE )
716: The mbuf base size.
717: .It Li kern.mbuf.nmbclusters ( MBUF_NMBCLUSTERS )
718: The limit on the number of mbuf clusters.
719: The variable can only be increased, and only increased on machines with
720: direct-mapped pool pages.
721: .El
722: .It Li kern.memlock ( KERN_MEMLOCK )
1.58 wiz 723: Returns 1 if the
724: .St -p1003.1b-93
725: Process Memory Locking Option is available on this system,
1.56 uwe 726: otherwise\ 0.
1.1 pavel 727: .It Li kern.memlock_range ( KERN_MEMLOCK_RANGE )
1.58 wiz 728: Returns 1 if the
729: .St -p1003.1b-93
730: Range Memory Locking Option is available on this system,
1.56 uwe 731: otherwise\ 0.
1.1 pavel 732: .It Li kern.memory_protection ( KERN_MEMORY_PROTECTION )
1.58 wiz 733: Returns 1 if the
734: .St -p1003.1b-93
735: Memory Protection Option is available on this system,
1.56 uwe 736: otherwise\ 0.
1.42 jruoho 737: .It Li kern.module
738: Settings related to kernel modules.
739: The third level names for the settings are described below.
740: .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent
741: .It Sy Third level name Type Changeable
742: .It kern.module.autoload integer yes
1.78 pgoyette 743: .It kern.module.autotime integer yes
1.42 jruoho 744: .It kern.module.verbose integer yes
745: .El
746: .Pp
747: The variables are as follows:
748: .Bl -tag -width "123456"
749: .It Li kern.module.autoload
750: A boolean that controls whether kernel modules are loaded automatically.
1.52 jruoho 751: See
1.53 jruoho 752: .Xr module 7
1.42 jruoho 753: for additional details.
1.78 pgoyette 754: .It Li kern.module.autotime
755: An integer that controls the delay before an attempt is made to
1.79 wiz 756: automatically unload a module that was auto-loaded.
757: Setting this value to zero disables the auto-unload function.
1.42 jruoho 758: .It Li kern.module.verbose
759: A boolean that enables or disables verbose
760: debug messages related to kernel modules.
761: .El
1.49 jruoho 762: .It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK )
1.58 wiz 763: Returns the standard version the implementation of the
764: .St -p1003.1b-93
1.49 jruoho 765: Monotonic Clock Option conforms to,
1.56 uwe 766: otherwise\ 0.
1.48 jruoho 767: .It Li kern.mqueue
768: Settings related to
769: .Tn POSIX
770: message queues; see
771: .Xr mqueue 3 .
772: This node is created dynamically when
773: the corresponding kernel module is loaded.
774: The third level names for the settings are described below.
775: .Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent
776: .It Sy Third level name Type Changeable
777: .It kern.mqueue.mq_open_max integer yes
778: .It kern.mqueue.mq_prio_max integer yes
779: .It kern.mqueue.mq_max_msgsize integer yes
780: .It kern.mqueue.mq_def_maxmsg integer yes
781: .It kern.mqueue.mq_max_maxmsg integer yes
782: .El
783: .Pp
784: The variables are:
785: .Bl -tag -width "123456"
786: .It Li kern.mqueue.mq_open_max
787: The maximum number of message queue descriptors any single process can open.
788: .It Li kern.mqueue.mq_prio_max
789: The maximum priority of a message.
790: .It Li kern.mqueue.mq_max_msgsize
791: The maximum size of a message in a message queue.
792: .It Li kern.mqueue.mq_def_maxmsg
793: The default maximum message count.
794: .It Li kern.mqueue.mq_max_maxmsg
795: The maximum number of messages in a message queue.
796: .El
1.1 pavel 797: .It Li kern.msgbuf ( KERN_MSGBUF )
798: The kernel message buffer, rotated so that the head of the circular kernel
799: message buffer is at the start of the returned data.
800: The returned data may contain NUL bytes.
801: .It Li kern.msgbufsize ( KERN_MSGBUFSIZE )
802: The maximum number of characters that the kernel message buffer can hold.
803: .It Li kern.ngroups ( KERN_NGROUPS )
804: The maximum number of supplemental groups.
1.41 jruoho 805: .\" .It Li kern.no_sa_support
806: .\" XXX: Undocumented.
1.1 pavel 807: .It Li kern.ntptime ( KERN_NTPTIME )
808: A
1.56 uwe 809: .Vt struct ntptimeval
1.1 pavel 810: structure is returned.
811: This structure contains data used by the
812: .Xr ntpd 8
813: program.
814: .It Li kern.osrelease ( KERN_OSRELEASE )
815: The system release string.
816: .It Li kern.osrevision ( KERN_OSREV )
817: The system revision string.
818: .It Li kern.ostype ( KERN_OSTYPE )
819: The system type string.
1.41 jruoho 820: .\".It Li kern.panic_now
821: .\" XXX: Undocumented.
1.1 pavel 822: .It Li kern.pipe ( KERN_PIPE )
823: Pipe settings.
824: The third level names for the integer pipe settings is detailed below.
825: The changeable column shows whether a process with appropriate
826: privilege may change the value.
1.21 joerg 827: .Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent
1.1 pavel 828: .It Sy Third level name Type Changeable
829: .It kern.pipe.kvasiz integer yes
830: .It kern.pipe.maxbigpipes integer yes
831: .It kern.pipe.maxkvasz integer yes
832: .It kern.pipe.limitkva integer yes
833: .It kern.pipe.nbigpipes integer yes
834: .El
835: .Pp
836: The variables are as follows:
837: .Bl -tag -width "123456"
838: .It Li kern.pipe.kvasiz ( KERN_PIPE_KVASIZ )
839: Amount of kernel memory consumed by pipe buffers.
840: .It Li kern.pipe.maxbigpipes ( KERN_PIPE_MAXBIGPIPES )
1.56 uwe 841: Maximum number of
842: .Dq big
843: pipes.
1.1 pavel 844: .It Li kern.pipe.maxkvasz ( KERN_PIPE_MAXKVASZ )
845: Maximum amount of kernel memory to be used for pipes.
846: .It Li kern.pipe.limitkva ( KERN_PIPE_LIMITKVA )
847: Limit for direct transfers via page loan.
848: .It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES )
1.56 uwe 849: Number of
850: .Dq big
851: pipes.
1.1 pavel 852: .El
1.82 joerg 853: .It Li kern.pool
854: Provides statistics about the
1.83 ! wiz 855: .Xr pool 9
1.82 joerg 856: and
857: .Xr pool_cache 9
858: subsystems.
1.39 jruoho 859: .\" XXX: Undocumented .It Li kern.posix ( ? )
860: .\" This is a node in which the only variable is semmax.
1.1 pavel 861: .It Li kern.posix1version ( KERN_POSIX1 )
1.58 wiz 862: The version of ISO/IEC 9945
863: .Pq St -p1003.1
864: with which the system attempts to comply.
1.51 jruoho 865: .It Li kern.posix_aio
866: The version of
867: .St -p1003.1
868: and its Asynchronous I/O option to which the system attempts to conform.
1.1 pavel 869: .It Li kern.posix_barriers ( KERN_POSIX_BARRIERS )
870: The version of
871: .St -p1003.1
872: and its
873: Barriers
874: option to which the system attempts to conform,
1.56 uwe 875: otherwise\ 0.
1.1 pavel 876: .It Li kern.posix_reader_writer_locks ( KERN_POSIX_READER_WRITER_LOCKS )
877: The version of
878: .St -p1003.1
879: and its
880: Read-Write Locks
881: option to which the system attempts to conform,
1.56 uwe 882: otherwise\ 0.
1.41 jruoho 883: .\".It Li kern.posix_sched
884: .\" XXX: Undocumented.
1.1 pavel 885: .It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES )
886: The version of
887: .St -p1003.1
888: and its
889: Semaphores
890: option to which the system attempts to conform,
1.56 uwe 891: otherwise\ 0.
1.1 pavel 892: .It Li kern.posix_spin_locks ( KERN_POSIX_SPIN_LOCKS )
893: The version of
894: .St -p1003.1
895: and its
896: Spin Locks
897: option to which the system attempts to conform,
1.56 uwe 898: otherwise\ 0.
1.1 pavel 899: .It Li kern.posix_threads ( KERN_POSIX_THREADS )
900: The version of
901: .St -p1003.1
902: and its
903: Threads
904: option to which the system attempts to conform,
1.56 uwe 905: otherwise\ 0.
1.1 pavel 906: .It Li kern.posix_timers ( KERN_POSIX_TIMERS )
907: The version of
908: .St -p1003.1
909: and its
910: Timers
911: option to which the system attempts to conform,
1.56 uwe 912: otherwise\ 0.
1.1 pavel 913: .It Li kern.proc ( KERN_PROC )
914: Return the entire process table, or a subset of it.
915: An array of
1.56 uwe 916: .Vt struct kinfo_proc
1.1 pavel 917: structures is returned,
918: whose size depends on the current number of such objects in the system.
919: The third and fourth level numeric names are as follows:
1.21 joerg 920: .Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent
1.1 pavel 921: .It Sy Third level name Fourth level is:
1.21 joerg 922: .It KERN_PROC_ALL None
923: .It KERN_PROC_GID A group ID
924: .It KERN_PROC_PID A process ID
925: .It KERN_PROC_PGRP A process group
926: .It KERN_PROC_RGID A real group ID
927: .It KERN_PROC_RUID A real user ID
928: .It KERN_PROC_SESSION A session ID
929: .It KERN_PROC_TTY A tty device
930: .It KERN_PROC_UID A user ID
1.1 pavel 931: .El
932: .It Li kern.proc2 ( KERN_PROC2 )
1.56 uwe 933: As for
934: .Dv KERN_PROC ,
935: but an array of
936: .Vt struct kinfo_proc2
1.1 pavel 937: structures are returned.
938: The fifth level name is the size of the
1.56 uwe 939: .Vt struct kinfo_proc2
1.1 pavel 940: and the sixth level name is the number of structures to return.
941: .It Li kern.proc_args ( KERN_PROC_ARGS )
942: Return the argv or environment strings (or the number thereof)
943: of a process.
944: Multiple strings are returned separated by NUL characters.
945: The third level name is the process ID.
946: The fourth level name is as follows:
1.21 joerg 947: .Bl -column "KERN_PROG_NARGV" "The number of environ strings" -offset indent
948: .It KERN_PROC_ARGV The argv strings
949: .It KERN_PROC_ENV The environ strings
950: .It KERN_PROC_NARGV The number of argv strings
951: .It KERN_PROC_NENV The number of environ strings
1.1 pavel 952: .El
953: .It Li kern.profiling ( KERN_PROF )
954: Return profiling information about the kernel.
955: If the kernel is not compiled for profiling,
1.56 uwe 956: attempts to retrieve any of the
957: .Dv KERN_PROF
958: values will fail with
1.1 pavel 959: .Er EOPNOTSUPP .
960: The third level names for the string and integer profiling information
961: is detailed below.
962: The changeable column shows whether a process with appropriate
963: privilege may change the value.
1.21 joerg 964: .Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent
1.1 pavel 965: .It Sy Third level name Type Changeable
966: .It kern.profiling.count u_short[\|] yes
967: .It kern.profiling.froms u_short[\|] yes
968: .It kern.profiling.gmonparam struct gmonparam no
969: .It kern.profiling.state integer yes
970: .It kern.profiling.tos struct tostruct yes
971: .El
972: .Pp
973: The variables are as follows:
974: .Bl -tag -width "123456"
975: .It Li kern.profiling.count ( GPROF_COUNT )
976: Array of statistical program counter counts.
977: .It Li kern.profiling.froms ( GPROF_FROMS )
978: Array indexed by program counter of call-from points.
979: .It Li kern.profiling.gmonparams ( GPROF_GMONPARAM )
980: Structure giving the sizes of the above arrays.
981: .It Li kern.profiling.state ( GPROF_STATE )
982: Profiling state.
1.56 uwe 983: If set to
984: .Dv GMON_PROF_ON ,
985: starts profiling.
986: If set to
987: .Dv GMON_PROF_OFF ,
988: stops profiling.
1.1 pavel 989: .It Li kern.profiling.tos ( GPROF_TOS )
990: Array of
1.56 uwe 991: .Vt struct tostruct
1.1 pavel 992: describing destination of calls and their counts.
993: .El
1.41 jruoho 994: .\" .It Li kern.pset
995: .\" XXX: Undocumented.
1.1 pavel 996: .It Li kern.rawpartition ( KERN_RAWPARTITION )
997: The raw partition of a disk (a == 0).
998: .It Li kern.root_device ( KERN_ROOT_DEVICE )
999: The name of the root device (e.g.,
1000: .Dq wd0 ) .
1001: .It Li kern.root_partition ( KERN_ROOT_PARTITION )
1002: The root partition on the root device (a == 0).
1003: .It Li kern.rtc_offset ( KERN_RTC_OFFSET )
1004: Return the offset of real time clock from UTC in minutes.
1005: .It Li kern.saved_ids ( KERN_SAVED_IDS )
1006: Returns 1 if saved set-group and saved set-user ID is available.
1007: .It Li kern.sbmax ( KERN_SBMAX )
1008: Maximum socket buffer size.
1009: .\" XXX units?
1010: .It Li kern.securelevel ( KERN_SECURELVL )
1.25 elad 1011: See
1012: .Xr secmodel_securelevel 9 .
1.41 jruoho 1013: .\" .It Li kern.sched
1014: .\" XXX: Undocumented.
1.1 pavel 1015: .It Li kern.somaxkva ( KERN_SOMAXKVA )
1016: Maximum amount of kernel memory to be used for socket buffers.
1017: .\" XXX units?
1018: .It Li kern.synchronized_io ( KERN_SYNCHRONIZED_IO )
1.58 wiz 1019: Returns 1 if the
1020: .St -p1003.1b-93
1021: Synchronized I/O Option is available on this system,
1.56 uwe 1022: otherwise\ 0.
1.19 christos 1023: .It Li kern.timecounter ( dynamic )
1024: Display and control the timecounter source of the system.
1.21 joerg 1025: .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent
1.19 christos 1026: .It Sy Third level name Type Changeable
1027: .It kern.timecounter.choice string no
1028: .It kern.timecounter.hardware string yes
1029: .It kern.timecounter.timestepwarnings integer yes
1030: .El
1031: .Pp
1032: The variables are as follows:
1033: .Bl -tag -width "123456"
1034: .It Li kern.timecounter.choice ( dynamic )
1035: The list of available timecounters with their quality and frequency.
1036: .It Li kern.timecounter.hardware ( dynamic )
1037: The currently selected timecounter source.
1038: .It Li kern.timecounter.timestepwarnings ( dynamic )
1039: If non-zero display a message each time the time is stepped.
1040: .El
1.1 pavel 1041: .It Li kern.timex ( KERN_TIMEX )
1042: Not available.
1043: .It Li kern.tkstat ( KERN_TKSTAT )
1044: Return information about the number of characters sent and received
1045: on ttys.
1046: The third level names for the tty statistic variables are detailed below.
1047: The changeable column shows whether a process
1048: with appropriate privilege may change the value.
1.21 joerg 1049: .Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent
1.1 pavel 1050: .It Sy Third level name Type Changeable
1051: .It kern.tkstat.cancc quad no
1052: .It kern.tkstat.nin quad no
1053: .It kern.tkstat.nout quad no
1054: .It kern.tkstat.rawcc quad no
1055: .El
1056: .Pp
1057: The variables are as follows:
1058: .Bl -tag -width "123456"
1059: .It Li kern.tkstat.cancc ( KERN_TKSTAT_CANCC )
1060: The number of canonical input characters.
1061: .It Li kern.tkstat.nin ( KERN_TKSTAT_NIN )
1062: The total number of input characters.
1063: .It Li kern.tkstat.nout ( KERN_TKSTAT_NOUT )
1064: The total number of output characters.
1065: .It Li kern.tkstat.rawcc ( KERN_TKSTAT_RAWCC )
1066: The number of raw input characters.
1067: .El
1.66 christos 1068: .It Li kern.tty
1069: The third level names for the tty setup variables are detailed below.
1070: The changeable column shows whether a process
1071: with appropriate privilege may change the value.
1072: .Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent
1073: .It Sy Third level name Type Changeable
1074: .It kern.tty.qsize int yes
1075: .El
1076: .Pp
1077: The variables are as follows:
1078: .Bl -tag -width "123456"
1079: .It Li kern.tty.qsize
1080: Control/display the size of the default input and output queues selected
1081: during tty creation.
1082: Is converted to a power of two and its range is between
1083: .Dv 1024
1084: and
1085: .Dv 65536 .
1086: .El
1.70 christos 1087: .It Li kern.uidinfo
1088: Resource usage for the current user.
1089: .Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent
1090: .It Sy Third level name Type Changeable
1091: .It kern.uidinfo.proccnt integer no
1092: .It kern.uidinfo.lwpcnt integer no
1093: .It kern.uidinfo.lockcnt integer no
1094: .It kern.uidinfo.sbsize integer no
1095: .El
1096: .Bl -tag -width "123456"
1097: .It Li kern.uidinfo.proccnt
1098: Returns the number of active processes for the current user.
1099: .It Li kern.uidinfo.lwpcnt
1100: Returns the number of active threads for the current user; the first thread
1101: of each process is not counted.
1102: .It Li kern.uidinfo.lockcnt
1103: Number of locks held by the current user.
1104: .It Li kern.uidinfo.sbsize
1105: Number of bytes in socket buffers allocated to the current user.
1106: .El
1.1 pavel 1107: .It Li kern.urandom ( KERN_URND )
1108: Random integer value.
1.45 jruoho 1109: .It Li kern.usercrypto
1110: When enabled, allows userland to
1111: .Xr open 2
1112: the
1113: .Pa /dev/crypto
1114: special device, used by the
1115: .Xr crypto 4
1116: system.
1117: .It Li kern.userasymcrypto
1118: Enables or disables the use of software asymmetric crypto support in the
1119: .Xr crypto 4
1120: system.
1.1 pavel 1121: .It Li kern.veriexec
1.40 jruoho 1122: Runtime information for
1123: .Xr veriexec 8 .
1124: .Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent
1125: .It Sy Third level name Type Changeable
1126: .It kern.veriexec.algorithms string no
1127: .It kern.veriexec.count node not applicable
1128: .It kern.veriexec.strict integer yes
1129: .It kern.veriexec.verbose integer yes
1130: .El
1.1 pavel 1131: .Bl -tag -width "123456"
1132: .It Li kern.veriexec.algorithms
1133: Returns a string with the supported algorithms in Veriexec.
1134: .It Li kern.veriexec.count
1135: Sub-nodes are added to this node as new mounts are monitored by Veriexec.
1136: Each mount will be under its own
1137: .No tableN
1138: node.
1139: Under each node there will be three variables, indicating the mount
1.57 wiz 1140: point, the file system type, and the number of entries.
1.1 pavel 1141: .It Li kern.veriexec.strict
1142: Controls the strict level of Veriexec.
1143: See
1.62 jruoho 1144: .Xr security 7
1.1 pavel 1145: for more information on each level's implications.
1146: .It Li kern.veriexec.verbose
1147: Controls the verbosity level of Veriexec.
1148: If 0, only the minimal
1149: indication required will be given about what's happening - fingerprint
1150: mismatches, removal of entries from the tables, modification of a
1151: fingerprinted file.
1152: If 1, more messages will be printed (ie., when a file with a valid
1153: fingerprint is accessed).
1154: Verbose level 2 is debug mode.
1155: .El
1156: .It Li kern.version ( KERN_VERSION )
1157: The system version string.
1158: .It Li kern.vnode ( KERN_VNODE )
1159: Return the entire vnode table.
1160: Note, the vnode table is not necessarily a consistent snapshot of
1161: the system.
1162: The returned data consists of an array whose size depends on the
1163: current number of such objects in the system.
1164: Each element of the array contains the kernel address of a vnode
1.56 uwe 1165: .Vt struct vnode *
1.1 pavel 1166: followed by the vnode itself
1.56 uwe 1167: .Vt struct vnode .
1.43 jruoho 1168: .\" XXX: Undocumented: kern.lwp: no children?
1.1 pavel 1169: .El
1.50 jruoho 1170: .Ss The machdep.* subtree
1.1 pavel 1171: The set of variables defined is architecture dependent.
1172: Most architectures define at least the following variables.
1.43 jruoho 1173: .Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent
1.1 pavel 1174: .It Sy Second level name Type Changeable
1.43 jruoho 1175: .It Li machdep.booted_kernel string no
1.1 pavel 1176: .El
1.43 jruoho 1177: .\" XXX: Document the above.
1.50 jruoho 1178: .Ss The net.* subtree
1.1 pavel 1179: The string and integer information available for the
1180: .Li net
1181: level is detailed below.
1182: The changeable column shows whether a process with appropriate
1183: privilege may change the value.
1184: The second and third levels are typically the protocol family and
1185: protocol number, though this is not always the case.
1.21 joerg 1186: .Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent
1.1 pavel 1187: .It Sy Second level name Type Changeable
1188: .It net.route routing messages no
1189: .It net.inet IPv4 values yes
1190: .It net.inet6 IPv6 values yes
1191: .It net.key IPsec key management values yes
1192: .El
1193: .Pp
1194: .Bl -tag -width "123456"
1195: .It Li net.route ( PF_ROUTE )
1196: .\" XXX really?
1197: Return the entire routing table or a subset of it.
1198: The data is returned as a sequence of routing messages (see
1199: .Xr route 4
1200: for the header file, format and meaning).
1201: The length of each message is contained in the message header.
1202: .Pp
1.56 uwe 1203: The third level name is a protocol number, which is currently always\ 0.
1.1 pavel 1204: The fourth level name is an address family, which may be set to 0 to
1205: select all address families.
1206: The fifth and sixth level names are as follows:
1.21 joerg 1207: .Bl -column "Fifth level name" "Sixth level is:" -offset indent
1.1 pavel 1208: .It Sy Fifth level name Sixth level is:
1.21 joerg 1209: .It NET_RT_FLAGS rtflags
1210: .It NET_RT_DUMP None
1211: .It NET_RT_IFLIST None
1.1 pavel 1212: .El
1213: .It Li net.inet ( PF_INET )
1214: Get or set various global information about the IPv4
1215: .Pq Internet Protocol version 4 .
1216: The third level name is the protocol.
1217: The fourth level name is the variable name.
1218: The currently defined protocols and names are:
1.21 joerg 1219: .Bl -column "Protocol name" "sack.globalmaxholes" "integer" "Changeable" -offset 4n
1.1 pavel 1220: .It Sy Protocol name Variable name Type Changeable
1221: .It arp down integer yes
1222: .It arp keep integer yes
1.65 christos 1223: .It arp log_movements integer yes
1224: .It arp log_permanent_modify integer yes
1225: .It arp log_wrong_iface integer yes
1.1 pavel 1226: .It arp prune integer yes
1227: .It arp refresh integer yes
1228: .It carp allow integer yes
1229: .It carp preempt integer yes
1230: .It carp log integer yes
1231: .It carp arpbalance integer yes
1232: .It icmp errppslimit integer yes
1233: .It icmp maskrepl integer yes
1234: .It icmp rediraccept integer yes
1235: .It icmp redirtimeout integer yes
1.28 christos 1236: .It icmp bmcastecho integer yes
1.1 pavel 1237: .It ip allowsrcrt integer yes
1.72 christos 1238: .It ip anonportalgo.selected string yes
1239: .It ip anonportalgo.available string yes
1.74 christos 1240: .It ip anonportalgo.reserve struct yes
1.1 pavel 1241: .It ip anonportmax integer yes
1242: .It ip anonportmin integer yes
1243: .It ip checkinterface integer yes
1244: .It ip directed-broadcast integer yes
1245: .It ip do_loopback_cksum integer yes
1246: .It ip forwarding integer yes
1247: .It ip forwsrcrt integer yes
1248: .It ip gifttl integer yes
1249: .It ip grettl integer yes
1.8 liamjfoy 1250: .It ip hashsize integer yes
1.1 pavel 1251: .It ip hostzerobroadcast integer yes
1252: .It ip lowportmin integer yes
1253: .It ip lowportmax integer yes
1254: .It ip maxflows integer yes
1255: .It ip maxfragpackets integer yes
1256: .It ip mtudisc integer yes
1257: .It ip mtudisctimeout integer yes
1258: .It ip random_id integer yes
1259: .It ip redirect integer yes
1260: .It ip subnetsarelocal integer yes
1261: .It ip ttl integer yes
1262: .It tcp rfc1323 integer yes
1263: .It tcp sendspace integer yes
1264: .It tcp recvspace integer yes
1265: .It tcp mssdflt integer yes
1266: .It tcp syn_cache_limit integer yes
1267: .It tcp syn_bucket_limit integer yes
1268: .It tcp syn_cache_interval integer yes
1269: .It tcp init_win integer yes
1270: .It tcp init_win_local integer yes
1271: .It tcp mss_ifmtu integer yes
1272: .It tcp win_scale integer yes
1273: .It tcp timestamps integer yes
1274: .It tcp compat_42 integer yes
1275: .It tcp cwm integer yes
1276: .It tcp cwm_burstsize integer yes
1277: .It tcp ack_on_push integer yes
1278: .It tcp keepidle integer yes
1279: .It tcp keepintvl integer yes
1280: .It tcp keepcnt integer yes
1281: .It tcp slowhz integer no
1.12 christos 1282: .It tcp keepinit integer yes
1.1 pavel 1283: .It tcp log_refused integer yes
1284: .It tcp rstppslimit integer yes
1285: .It tcp ident struct no
1.13 christos 1286: .It tcp drop struct no
1.1 pavel 1287: .It tcp sack.enable integer yes
1288: .It tcp sack.globalholes integer no
1289: .It tcp sack.globalmaxholes integer yes
1290: .It tcp sack.maxholes integer yes
1291: .It tcp ecn.enable integer yes
1292: .It tcp ecn.maxretries integer yes
1293: .It tcp congctl.selected string yes
1294: .It tcp congctl.available string yes
1295: .It tcp abc.enable integer yes
1296: .It tcp abc.aggressive integer yes
1297: .It udp checksum integer yes
1298: .It udp do_loopback_cksum integer yes
1299: .It udp recvspace integer yes
1300: .It udp sendspace integer yes
1301: .El
1302: .Pp
1303: The variables are as follows:
1304: .Bl -tag -width "123456"
1305: .It Li arp.down
1306: Failed ARP entry lifetime.
1307: .It Li arp.keep
1308: Valid ARP entry lifetime.
1309: .It Li arp.prune
1310: ARP cache pruning interval.
1311: .It Li arp.refresh
1312: ARP entry refresh interval.
1313: .It Li carp.allow
1314: If set to 0, incoming
1315: .Xr carp 4
1316: packets will not be processed.
1317: If set to any other value, processing will occur.
1318: Enabled by default.
1319: .It Li carp.arpbalance
1320: If set to any value other than 0, the ARP balancing functionality of
1321: .Xr carp 4
1322: is enabled.
1323: When ARP requests are received for an IP address which is part of any virtual
1324: host, carp will hash the source IP in the ARP request to select one of the
1325: virtual hosts from the set of all the virtual hosts which have that IP address.
1326: The master of that host will respond with the correct virtual MAC address.
1327: Disabled by default.
1328: .It Li carp.log
1329: If set to any value other than 0,
1330: .Xr carp 4
1331: will log errors.
1332: Disabled by default.
1333: .It Li carp.preempt
1334: If set to 0,
1335: .Xr carp 4
1336: will not attempt to become master if it is receiving advertisements from
1337: another active master.
1338: If set to any other value, carp will become master of the virtual host if it
1339: believes it can send advertisements more frequently than the current master.
1340: Disabled by default.
1341: .It Li ip.allowsrcrt
1342: If set to 1, the host accepts source routed packets.
1.72 christos 1343: .It Li ip.anonportalgo.available
1344: The available RFC 6056 port randomization algorithms.
1.74 christos 1345: .It Li ip.anonportalgo.reserve
1346: A bitmask of ports that will not be used during anonymous or privileged
1347: port selection.
1.72 christos 1348: .It Li ip.anonportalgo.selected
1349: The currently selected RFC 6056 port randomization algorithm.
1.1 pavel 1350: .It Li ip.anonportmax
1351: The highest port number to use for TCP and UDP ephemeral port allocation.
1352: This cannot be set to less than 1024 or greater than 65535, and must
1353: be greater than
1354: .Li ip.anonportmin .
1355: .It Li ip.anonportmin
1356: The lowest port number to use for TCP and UDP ephemeral port allocation.
1357: This cannot be set to less than 1024 or greater than 65535.
1358: .It Li ip.checkinterface
1359: If set to non-zero, the host will reject packets addressed to it
1360: that arrive on an interface not bound to that address.
1361: Currently, this must be disabled if ipnat is used to translate the
1362: destination address to another local interface, or if addresses
1363: are added to the loopback interface instead of the interface where
1364: the packets for those packets are received.
1365: .It Li ip.directed-broadcast
1366: If set to 1, enables directed broadcast behavior for the host.
1367: .It Li ip.do_loopback_cksum
1368: Perform IP checksum on loopback.
1369: .It Li ip.forwarding
1370: If set to 1, enables IP forwarding for the host,
1371: meaning that the host is acting as a router.
1372: .It Li ip.forwsrcrt
1373: If set to 1, enables forwarding of source-routed packets for the host.
1374: This value may only be changed if the kernel security level is less than 1.
1375: .It Li ip.gifttl
1376: The maximum time-to-live (hop count) value for an IPv4 packet generated by
1377: .Xr gif 4
1378: tunnel interface.
1379: .It Li ip.grettl
1380: The maximum time-to-live (hop count) value for an IPv4 packet generated by
1381: .Xr gre 4
1382: tunnel interface.
1.8 liamjfoy 1383: .It Li ip.hashsize
1384: The size of IPv4 Fast Forward hash table.
1385: This value must be a power of 2 (64, 256...).
1386: A larger hash table size results in fewer collisions.
1387: Also see
1388: .Li ip.maxflows .
1.1 pavel 1389: .It Li ip.hostzerobroadcast
1390: All zeroes address is broadcast address.
1391: .It Li ip.lowportmax
1392: The highest port number to use for TCP and UDP reserved port allocation.
1393: This cannot be set to less than 0 or greater than 1024, and must
1394: be greater than
1395: .Li ip.lowportmin .
1396: .It Li ip.lowportmin
1397: The lowest port number to use for TCP and UDP reserved port allocation.
1398: This cannot be set to less than 0 or greater than 1024, and must
1399: be smaller than
1400: .Li ip.lowportmax .
1401: .It Li ip.maxflows
1.5 liamjfoy 1402: IPv4 Fast Forwarding is enabled by default.
1403: If set to 0, IPv4 Fast Forwarding is disabled.
1.1 pavel 1404: .Li ip.maxflows
1405: controls the maximum amount of flows which can be created.
1406: The default value is 256.
1407: .It Li ip.maxfragpackets
1408: The maximum number of fragmented packets the node will accept.
1409: 0 means that the node will not accept any fragmented packets.
1410: \-1 means that the node will accept as many fragmented packets as it receives.
1411: The flag is provided basically for avoiding possible DoS attacks.
1412: .It Li ip.mtudisc
1413: If set to 1, enables Path MTU Discovery (RFC 1191).
1414: When Path MTU Discovery is enabled, the transmitted TCP segment
1415: size will be determined by the advertised maximum segment size
1416: (MSS) from the remote end, as constrained by the path MTU.
1417: If MTU Discovery is disabled, the transmitted segment size will
1418: never be greater than
1419: .Li tcp.mssdflt
1420: (the local maximum segment size).
1421: .It Li ip.mtudisctimeout
1422: The number of seconds in which a route added by the Path MTU
1423: Discovery engine will time out.
1424: When the route times out, the Path
1425: MTU Discovery engine will attempt to probe a larger path MTU.
1426: .It Li ip.random_id
1427: Assign random ip_id values.
1428: .It Li ip.redirect
1429: If set to 1, ICMP redirects may be sent by the host.
1430: This option is ignored unless the host is routing IP packets,
1431: and should normally be enabled on all systems.
1432: .It Li ip.subnetsarelocal
1433: If set to 1, subnets are to be considered local addresses.
1434: .It Li ip.ttl
1435: The maximum time-to-live (hop count) value for an IP packet sourced by
1436: the system.
1437: This value applies to normal transport protocols, not to ICMP.
1438: .It Li icmp.errppslimit
1439: The variable specifies the maximum number of outgoing ICMP error messages,
1440: per second.
1441: ICMP error messages that exceeded the value are subject to rate limitation
1442: and will not go out from the node.
1443: Negative value disables rate limitation.
1444: .It Li icmp.maskrepl
1445: If set to 1, ICMP network mask requests are to be answered.
1446: .It Li icmp.rediraccept
1447: If set to non-zero, the host will accept ICMP redirect packets.
1448: Note that routers will never accept ICMP redirect packets,
1449: and the variable is meaningful on IP hosts only.
1450: .It Li icmp.redirtimeout
1451: The variable specifies lifetime of routing entries generated by incoming
1452: ICMP redirect.
1453: This defaults to 600 seconds.
1454: .It Li icmp.returndatabytes
1455: Number of bytes to return in an ICMP error message.
1.28 christos 1456: .It Li icmp.bmcastecho
1457: If set to 1, enables responding to ICMP echo or timestamp request to the
1458: broadcast address.
1.1 pavel 1459: .It Li tcp.ack_on_push
1460: If set to 1, TCP is to immediately transmit an ACK upon reception of
1461: a packet with PUSH set.
1462: This can avoid losing a round trip time in some rare situations,
1463: but has the caveat of potentially defeating TCP's delayed ACK algorithm.
1464: Use of this option is generally not recommended, but
1465: the variable exists in case your configuration really needs it.
1466: .It Li tcp.compat_42
1467: If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation.
1468: Use of this option is not recommended, although it may be
1469: required in order to communicate with extremely old TCP implementations.
1470: .It Li tcp.cwm
1471: If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window
1472: Monitoring algorithm.
1473: This algorithm prevents line-rate bursts of packets that could
1474: otherwise occur when data begins flowing on an idle TCP connection.
1475: These line-rate bursts can contribute to network and router congestion.
1476: This can be particularly useful on World Wide Web servers
1477: which support HTTP/1.1, which has lingering connections.
1478: .It Li tcp.cwm_burstsize
1479: The Congestion Window Monitoring allowed burst size, in terms
1480: of packet count.
1481: .It Li tcp.delack_ticks
1482: Number of ticks to delay sending an ACK.
1483: .It Li tcp.do_loopback_cksum
1484: Perform TCP checksum on loopback.
1485: .It Li tcp.init_win
1.76 wiz 1486: A value indicating the TCP initial congestion window.
1487: The valid range
1.75 christos 1488: is 0 to 10 (maximum specified by draft-ietf-tcpm-initcwnd-08.txt),
1489: with a default of 4 (approximately 4K per RFC3390).
1.1 pavel 1490: .It Li tcp.init_win_local
1491: Like
1492: .Li tcp.init_win ,
1493: but used when communicating with hosts on a local network.
1494: .It Li tcp.keepcnt
1495: Number of keepalive probes sent before declaring a connection dead.
1496: If set to zero, there is no limit;
1497: keepalives will be sent until some kind of
1498: response is received from the peer.
1499: .It Li tcp.keepidle
1500: Time a connection must be idle before keepalives are sent (if keepalives
1501: are enabled for the connection).
1502: See also tcp.slowhz.
1503: .It Li tcp.keepintvl
1504: Time after a keepalive probe is sent until, in the absence of any response,
1505: another probe is sent.
1506: See also tcp.slowhz.
1507: .It Li tcp.log_refused
1508: If set to 1, refused TCP connections to the host will be logged.
1.12 christos 1509: .It Li tcp.keepinit
1510: Timeout in seconds during connection establishment.
1.1 pavel 1511: .It Li tcp.mss_ifmtu
1512: If set to 1, TCP calculates the outgoing maximum segment size based on
1513: the MTU of the appropriate interface.
1514: If set to 0, it is calculated based on the greater of the MTU of the
1515: interface, and the largest (non-loopback) interface MTU on the system.
1516: .It Li tcp.mssdflt
1517: The default maximum segment size both advertised to the peer
1518: and to use when either the peer does not advertise a maximum segment size to
1519: us during connection setup or Path MTU Discovery
1520: .Li ( ip.mtudisc )
1521: is disabled.
1522: Do not change this value unless you really know what you are doing.
1523: .It Li tcp.recvspace
1524: The default TCP receive buffer size.
1525: .It Li tcp.rfc1323
1526: If set to 1, enables RFC 1323 extensions to TCP.
1527: .It Li tcp.rstppslimit
1528: The variable specifies the maximum number of outgoing TCP RST packets,
1529: per second.
1530: TCP RST packet that exceeded the value are subject to rate limitation
1531: and will not go out from the node.
1532: Negative value disables rate limitation.
1.13 christos 1533: .It Li tcp.ident
1534: Return the user ID of a connected socket pair.
1535: (RFC1413 Identification Protocol lookups.)
1536: .It Li tcp.drop
1537: Drop a TCP socket pair connection.
1.1 pavel 1538: .It Li tcp.sack.enable
1539: If set to 1, enables RFC 2018 Selective ACKnowledgement.
1540: .It Li tcp.sack.globalholes
1541: Global number of TCP SACK holes.
1542: .It Li tcp.sack.globalmaxholes
1543: Global maximum number of TCP SACK holes.
1544: .It Li tcp.sack.maxholes
1545: Maximum number of TCP SACK holes allowed per connection.
1546: .It Li tcp.ecn.enable
1547: If set to 1, enables RFC 3168 Explicit Congestion Notification.
1548: .It Li tcp.ecn.maxretries
1549: Number of times to retry sending the ECN-setup packet.
1550: .It Li tcp.sendspace
1551: The default TCP send buffer size.
1552: .It Li tcp.slowhz
1553: The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks
1554: of a clock that ticks tcp.slowhz times per second.
1555: (That is, their values
1556: must be divided by the tcp.slowhz value to get times in seconds.)
1557: .It Li tcp.syn_bucket_limit
1558: The maximum number of entries allowed per hash bucket in the TCP
1559: compressed state engine.
1560: .It Li tcp.syn_cache_limit
1561: The maximum number of entries allowed in the TCP compressed state
1562: engine.
1563: .It Li tcp.timestamps
1564: If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options,
1565: used for measuring TCP round trip times, are enabled.
1566: .It Li tcp.win_scale
1567: If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options,
1568: for increasing the TCP window size, are enabled.
1569: .It Li tcp.congctl.available
1570: The available TCP congestion control algorithms.
1571: .It Li tcp.congctl.selected
1572: The currently selected TCP congestion control algorithm.
1573: .It Li tcp.abc.enable
1574: If set to 1, use RFC 3465 Appropriate Byte Counting (ABC).
1575: If set to 0, use traditional Packet Counting.
1576: .It Li tcp.abc.aggressive
1577: Choose the L parameter found in RFC 3465.
1578: L is the maximum cwnd increase for an ack during slow start.
1579: If set to 1, use L=2*SMSS.
1580: If set to 0, use L=1*SMSS.
1581: It has no effect unless tcp.abc.enable is set to 1.
1582: .It Li udp.checksum
1583: If set to 1, UDP checksums are being computed.
1584: Received non-zero UDP checksums are always checked.
1585: Disabling UDP checksums is strongly discouraged.
1.67 christos 1586: .It Li udp.recvspace
1587: The default UDP receive buffer size.
1.1 pavel 1588: .It Li udp.sendspace
1589: The default UDP send buffer size.
1590: .El
1591: .Pp
1592: For variables net.*.ipsec, please refer to
1593: .Xr ipsec 4 .
1594: .It Li net.inet6 ( PF_INET6 )
1595: Get or set various global information about the IPv6
1596: .Pq Internet Protocol version 6 .
1597: The third level name is the protocol.
1598: The fourth level name is the variable name.
1599: The currently defined protocols and names are:
1.21 joerg 1600: .Bl -column "Protocol name" "do_loopback_cksum" "integer" "Changeable" -offset indent
1.1 pavel 1601: .It Sy Protocol name Variable name Type Changeable
1602: .It icmp6 errppslimit integer yes
1603: .It icmp6 mtudisc_hiwat integer yes
1604: .It icmp6 mtudisc_lowat integer yes
1605: .It icmp6 nd6_debug integer yes
1606: .It icmp6 nd6_delay integer yes
1607: .It icmp6 nd6_maxnudhint integer yes
1608: .It icmp6 nd6_mmaxtries integer yes
1609: .It icmp6 nd6_prune integer yes
1610: .It icmp6 nd6_umaxtries integer yes
1611: .It icmp6 nd6_useloopback integer yes
1612: .It icmp6 nodeinfo integer yes
1613: .It icmp6 rediraccept integer yes
1614: .It icmp6 redirtimeout integer yes
1615: .It ip6 accept_rtadv integer yes
1.72 christos 1616: .It ip6 anonportalgo.selected string yes
1617: .It ip6 anonportalgo.available string yes
1.74 christos 1618: .It ip6 anonportalgo.reserve struct yes
1.1 pavel 1619: .It ip6 anonportmax integer yes
1620: .It ip6 anonportmin integer yes
1621: .It ip6 auto_flowlabel integer yes
1622: .It ip6 dad_count integer yes
1623: .It ip6 defmcasthlim integer yes
1624: .It ip6 forwarding integer yes
1625: .It ip6 gifhlim integer yes
1.7 liamjfoy 1626: .It ip6 hashsize integer yes
1.1 pavel 1627: .It ip6 hlim integer yes
1628: .It ip6 hdrnestlimit integer yes
1629: .It ip6 kame_version string no
1630: .It ip6 keepfaith integer yes
1631: .It ip6 log_interval integer yes
1632: .It ip6 lowportmax integer yes
1633: .It ip6 lowportmin integer yes
1.73 christos 1634: .It ip6 maxdynroutes integer yes
1635: .It ip6 maxifprefixes integer yes
1636: .It ip6 maxifdefrouters integer yes
1.5 liamjfoy 1637: .It ip6 maxflows integer yes
1.1 pavel 1638: .It ip6 maxfragpackets integer yes
1639: .It ip6 maxfrags integer yes
1.73 christos 1640: .It ip6 neighborgcthresh integer yes
1.1 pavel 1641: .It ip6 redirect integer yes
1642: .It ip6 rr_prune integer yes
1643: .It ip6 use_deprecated integer yes
1644: .It ip6 v6only integer yes
1645: .It udp6 do_loopback_cksum integer yes
1646: .It udp6 recvspace integer yes
1647: .It udp6 sendspace integer yes
1648: .El
1649: .Pp
1650: The variables are as follows:
1651: .Bl -tag -width "123456"
1652: .It Li ip6.accept_rtadv
1653: If set to non-zero, the node will accept ICMPv6 router advertisement packets
1654: and autoconfigures address prefixes and default routers.
1655: The node must be a host
1656: .Pq not a router
1657: for the option to be meaningful.
1.72 christos 1658: .It Li ip6.anonportalgo.available
1659: The available RFC 6056 port randomization algorithms.
1.74 christos 1660: .It Li ip6.anonportalgo.reserve
1661: A bitmask of ports that will not be used during anonymous or privileged
1662: port selection.
1.72 christos 1663: .It Li ip6.anonportalgo.selected
1664: The currently selected RFC 6056 port randomization algorithm.
1.1 pavel 1665: .It Li ip6.anonportmax
1666: The highest port number to use for TCP and UDP ephemeral port allocation.
1667: This cannot be set to less than 1024 or greater than 65535, and must
1668: be greater than
1669: .Li ip6.anonportmin .
1670: .It Li ip6.anonportmin
1671: The lowest port number to use for TCP and UDP ephemeral port allocation.
1672: This cannot be set to less than 1024 or greater than 65535.
1673: .It Li ip6.auto_flowlabel
1674: On connected transport protocol packets,
1675: fill IPv6 flowlabel field to help intermediate routers to identify packet flows.
1676: .It Li ip6.dad_count
1677: The variable configures number of IPv6 DAD
1678: .Pq duplicated address detection
1679: probe packets.
1680: The packets will be generated when IPv6 interface addresses are configured.
1681: .It Li ip6.defmcasthlim
1682: The default hop limit value for an IPv6 multicast packet sourced by the node.
1683: This value applies to all the transport protocols on top of IPv6.
1684: There are APIs to override the value, as documented in
1685: .Xr ip6 4 .
1686: .It Li ip6.forwarding
1687: If set to 1, enables IPv6 forwarding for the node,
1688: meaning that the node is acting as a router.
1689: If set to 0, disables IPv6 forwarding for the node,
1690: meaning that the node is acting as a host.
1691: IPv6 specification defines node behavior for
1692: .Dq router
1693: case and
1694: .Dq host
1695: case quite differently, and changing this variable during operation
1696: may cause serious trouble.
1697: It is recommended to configure the variable at bootstrap time,
1698: and bootstrap time only.
1699: .It Li ip6.gifhlim
1700: The maximum hop limit value for an IPv6 packet generated by
1701: .Xr gif 4
1702: tunnel interface.
1703: .It Li ip6.hdrnestlimit
1704: The number of IPv6 extension headers permitted on incoming IPv6 packets.
1705: If set to 0, the node will accept as many extension headers as possible.
1.7 liamjfoy 1706: .It Li ip6.hashsize
1707: The size of IPv6 Fast Forward hash table.
1.56 uwe 1708: This value must be a power of 2 (64, 256, ...).
1.7 liamjfoy 1709: A larger hash table size results in fewer collisions.
1710: Also see
1711: .Li ip6.maxflows .
1.1 pavel 1712: .It Li ip6.hlim
1713: The default hop limit value for an IPv6 unicast packet sourced by the node.
1714: This value applies to all the transport protocols on top of IPv6.
1715: There are APIs to override the value, as documented in
1716: .Xr ip6 4 .
1717: .It Li ip6.kame_version
1718: The string identifies the version of KAME IPv6 stack implemented in the kernel.
1719: .It Li ip6.keepfaith
1720: If set to non-zero, it enables
1721: .Dq FAITH
1722: TCP relay IPv6-to-IPv4 translator code in the kernel.
1723: Refer
1724: .Xr faith 4
1725: and
1726: .Xr faithd 8
1727: for detail.
1728: .It Li ip6.log_interval
1729: The variable controls amount of logs generated by IPv6 packet
1730: forwarding engine, by setting interval between log output
1731: .Pq in seconds .
1732: .It Li ip6.lowportmax
1733: The highest port number to use for TCP and UDP reserved port allocation.
1734: This cannot be set to less than 0 or greater than 1024, and must
1735: be greater than
1736: .Li ip6.lowportmin .
1737: .It Li ip6.lowportmin
1738: The lowest port number to use for TCP and UDP reserved port allocation.
1739: This cannot be set to less than 0 or greater than 1024, and must
1740: be smaller than
1741: .Li ip6.lowportmax .
1.73 christos 1742: .It Li ip6.maxdynroutes
1743: Maximum number of routes created by redirect.
1744: Set it to negative to disable.
1745: The default value is 4096.
1746: .It Li ip6.maxifprefixes
1747: Maximum number of prefixes created by route advertisements per interface.
1748: Set it to negative to disable.
1749: The default value is 16.
1750: .It Li ip6.maxifdefrouters 16
1751: Maximum number of default routers created by route advertisements per interface.
1752: Set it to negative to disable.
1753: The default value is 16.
1.5 liamjfoy 1754: .It Li ip6.maxflows
1755: IPv6 Fast Forwarding is enabled by default.
1756: If set to 0, IPv6 Fast Forwarding is disabled.
1757: .Li ip6.maxflows
1758: controls the maximum amount of flows which can be created.
1.6 liamjfoy 1759: The default value is 256.
1.1 pavel 1760: .It Li ip6.maxfragpackets
1761: The maximum number of fragmented packets the node will accept.
1762: 0 means that the node will not accept any fragmented packets.
1763: \-1 means that the node will accept as many fragmented packets as it receives.
1764: The flag is provided basically for avoiding possible DoS attacks.
1765: .It Li ip6.maxfrags
1766: The maximum number of fragments the node will accept.
1767: 0 means that the node will not accept any fragments.
1768: \-1 means that the node will accept as many fragments as it receives.
1769: The flag is provided basically for avoiding possible DoS attacks.
1.73 christos 1770: .It Li ip6.neighborgcthresh
1771: Maximum number of entries in neighbor cache.
1772: Set to negative to disable.
1773: The default value is 2048.
1.1 pavel 1774: .It Li ip6.redirect
1775: If set to 1, ICMPv6 redirects may be sent by the node.
1776: This option is ignored unless the node is routing IP packets,
1777: and should normally be enabled on all systems.
1778: .It Li ip6.rr_prune
1779: The variable specifies interval between IPv6 router renumbering prefix
1780: babysitting, in seconds.
1781: .It Li ip6.use_deprecated
1782: The variable controls use of deprecated address, specified in RFC 2462 5.5.4.
1783: .It Li ip6.v6only
1784: The variable specifies initial value for
1785: .Dv IPV6_V6ONLY
1786: socket option for
1787: .Dv AF_INET6
1788: socket.
1789: Please refer to
1790: .Xr ip6 4
1791: for detail.
1792: .It Li icmp6.errppslimit
1793: The variable specifies the maximum number of outgoing ICMPv6 error messages,
1794: per second.
1795: ICMPv6 error messages that exceeded the value are subject to rate limitation
1796: and will not go out from the node.
1797: Negative value disables rate limitation.
1798: .It Li icmp6.mtudisc_hiwat
1799: .It Li icmp6.mtudisc_lowat
1800: The variables define the maximum number of routing table entries,
1801: created due to path MTU discovery
1802: .Pq prevents denial-of-service attacks with ICMPv6 too big messages .
1803: When IPv6 path MTU discovery happens, we keep path MTU information into
1804: the routing table.
1805: If the number of routing table entries exceed the value,
1806: the kernel will not attempt to keep the path MTU information.
1807: .Li icmp6.mtudisc_hiwat
1808: is used when we have verified ICMPv6 too big messages.
1809: .Li icmp6.mtudisc_lowat
1810: is used when we have unverified ICMPv6 too big messages.
1811: Verification is performed by using address/port pairs kept in connected pcbs.
1812: Negative value disables the upper limit.
1813: .It Li icmp6.nd6_debug
1814: If set to non-zero, kernel IPv6 neighbor discovery code will generate
1815: debugging messages.
1816: The debug outputs are useful to diagnose IPv6 interoperability issues.
1817: The flag must be set to 0 for normal operation.
1818: .It Li icmp6.nd6_delay
1819: The variable specifies
1820: .Dv DELAY_FIRST_PROBE_TIME
1821: timing constant in IPv6 neighbor discovery specification
1822: .Pq RFC 2461 ,
1823: in seconds.
1824: .It Li icmp6.nd6_maxnudhint
1825: IPv6 neighbor discovery permits upper layer protocols to supply reachability
1826: hints, to avoid unnecessary neighbor discovery exchanges.
1827: The variable defines the number of consecutive hints the neighbor discovery
1828: layer will take.
1829: For example, by setting the variable to 3, neighbor discovery layer
1830: will take 3 consecutive hints in maximum.
1831: After receiving 3 hints, neighbor discovery layer will perform
1832: normal neighbor discovery process.
1833: .It Li icmp6.nd6_mmaxtries
1834: The variable specifies
1835: .Dv MAX_MULTICAST_SOLICIT
1836: constant in IPv6 neighbor discovery specification
1837: .Pq RFC 2461 .
1838: .It Li icmp6.nd6_prune
1839: The variable specifies interval between IPv6 neighbor cache babysitting,
1840: in seconds.
1841: .It Li icmp6.nd6_umaxtries
1842: The variable specifies
1843: .Dv MAX_UNICAST_SOLICIT
1844: constant in IPv6 neighbor discovery specification
1845: .Pq RFC 2461 .
1846: .It Li icmp6.nd6_useloopback
1847: If set to non-zero, kernel IPv6 stack will use loopback interface for
1848: local traffic.
1849: .It Li icmp6.nodeinfo
1850: The variable enables responses to ICMPv6 node information queries.
1851: If you set the variable to 0, responses will not be generated for
1852: ICMPv6 node information queries.
1853: Since node information queries can have a security impact, it is
1854: possible to fine tune which responses should be answered.
1855: Two separate bits can be set.
1856: .Bl -tag -width "12345"
1857: .It 1
1858: Respond to ICMPv6 FQDN queries, e.g.
1859: .Li ping6 -w .
1860: .It 2
1861: Respond to ICMPv6 node addresses queries, e.g.
1862: .Li ping6 -a .
1863: .El
1864: .It Li icmp6.rediraccept
1865: If set to non-zero, the host will accept ICMPv6 redirect packets.
1866: Note that IPv6 routers will never accept ICMPv6 redirect packets,
1867: and the variable is meaningful on IPv6 hosts
1868: .Pq non-router
1869: only.
1870: .It Li icmp6.redirtimeout
1871: The variable specifies lifetime of routing entries generated by incoming
1872: ICMPv6 redirect.
1873: .It Li udp6.do_loopback_cksum
1874: Perform UDP checksum on loopback.
1875: .It Li udp6.recvspace
1876: Default UDP receive buffer size.
1877: .It Li udp6.sendspace
1878: Default UDP send buffer size.
1879: .El
1880: .Pp
1881: We reuse net.*.tcp for
1882: .Tn TCP
1883: over
1884: .Tn IPv6 ,
1885: and therefore we do not have variables net.*.tcp6.
1886: Variables net.inet6.udp6 have identical meaning to net.inet.udp.
1887: Please refer to
1888: .Li PF_INET
1889: section above.
1890: For variables net.*.ipsec6, please refer to
1891: .Xr ipsec 4 .
1892: .It Li net.key ( PF_KEY )
1893: Get or set various global information about the IPsec key management.
1894: The third level name is the variable name.
1895: The currently defined variable and names are:
1.21 joerg 1896: .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent
1.1 pavel 1897: .It Sy Variable name Type Changeable
1898: .It debug integer yes
1.80 christos 1899: .It enabled integer yes
1900: .It used integer no
1.1 pavel 1901: .It spi_try integer yes
1902: .It spi_min_value integer yes
1903: .It spi_max_value integer yes
1904: .It larval_lifetime integer yes
1905: .It blockacq_count integer yes
1906: .It blockacq_lifetime integer yes
1907: .It esp_keymin integer yes
1908: .It esp_auth integer yes
1909: .It ah_keymin integer yes
1910: .El
1.21 joerg 1911: .Pp
1.1 pavel 1912: The variables are as follows:
1913: .Bl -tag -width "123456"
1914: .It Li debug
1915: Turn on debugging message from within the kernel.
1916: The value is a bitmap, as defined in
1.56 uwe 1917: .In netkey/key_debug.h .
1.80 christos 1918: .It Li enabled
1.81 christos 1919: Control processing of IPsec control messages.
1920: .Bl -tag -width indent
1921: .It 0
1922: Never allow IPsec processing
1923: .It 1
1924: Allow IPsec processing when SPD policies are present.
1925: .It 2
1926: Force IPsec processing even when SPD policies are not present.
1927: .El
1.80 christos 1928: .It Li used
1929: Based on if IPsec is enabled, and SPD rule existance, show if
1930: IPsec is being used.
1931: Note that currenly once IPsec is being used, it cannot be disabled.
1.1 pavel 1932: .It Li spi_try
1933: The number of times the kernel will try to obtain an unique SPI
1934: when it generates it from random number generator.
1935: .It Li spi_min_value
1936: Minimum SPI value when generating it within the kernel.
1937: .It Li spi_max_value
1938: Maximum SPI value when generating it within the kernel.
1939: .It Li larval_lifetime
1940: Lifetime for LARVAL SAD entries, in seconds.
1941: .It Li blockacq_count
1942: Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message.
1943: It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the
1944: key management daemon.
1945: .It Li blockacq_lifetime
1946: Lifetime of ACQUIRE PF_KEY message.
1947: .It Li esp_keymin
1948: Minimum ESP key length, in bits.
1949: The value is used when the kernel creates proposal payload
1950: on ACQUIRE PF_KEY message.
1951: .It Li esp_auth
1952: Whether ESP authentication should be used or not.
1953: Non-zero value indicates that ESP authentication should be used.
1954: The value is used when the kernel creates proposal payload
1955: on ACQUIRE PF_KEY message.
1956: .It Li ah_keymin
1957: Minimum AH key length, in bits,
1958: The value is used when the kernel creates proposal payload
1959: on ACQUIRE PF_KEY message.
1960: .El
1961: .El
1.50 jruoho 1962: .Ss The proc.* subtree
1.1 pavel 1963: The string and integer information available for the
1964: .Li proc
1965: level is detailed below.
1966: The changeable column shows whether a process with appropriate
1967: privilege may change the value.
1968: These values are per-process,
1969: and as such may change from one process to another.
1970: When a process is created,
1971: the default values are inherited from its parent.
1972: When a set-user-ID or set-group-ID binary is executed, the
1973: value of PROC_PID_CORENAME is reset to the system default value.
1974: The second level name is either the magic value PROC_CURPROC, which
1975: points to the current process, or the PID of the target process.
1.21 joerg 1976: .Bl -column "proc.pid.corename" "string" "not applicable" -offset indent
1.1 pavel 1977: .It Sy Third level name Type Changeable
1978: .It proc.pid.corename string yes
1979: .It proc.pid.rlimit node not applicable
1980: .It proc.pid.stopfork int yes
1981: .It proc.pid.stopexec int yes
1982: .It proc.pid.stopexit int yes
1983: .El
1984: .Bl -tag -width "123456"
1985: .It Li proc.pid.corename ( PROC_PID_CORENAME )
1986: The template used for the core dump file name (see
1987: .Xr core 5
1988: for details).
1989: The base name must either be
1.56 uwe 1990: .Pa core
1991: or end with the suffix
1992: .Pa .core
1993: (the super-user may set arbitrary names).
1994: By default it points to
1995: .Dv KERN_DEFCORENAME .
1.1 pavel 1996: .It Li proc.pid.rlimit ( PROC_PID_LIMIT )
1997: Return resources limits, as defined for the
1998: .Xr getrlimit 2
1999: and
2000: .Xr setrlimit 2
2001: system calls.
2002: The fourth level name is one of:
1.56 uwe 2003: .Bl -tag -width "123456"
1.1 pavel 2004: .It Li proc.pid.rlimit.cputime ( PROC_PID_LIMIT_CPU )
2005: The maximum amount of CPU time (in seconds) to be used by each process.
2006: .It Li proc.pid.rlimit.filesize ( PROC_PID_LIMIT_FSIZE )
2007: The largest size (in bytes) file that may be created.
2008: .It Li proc.pid.rlimit.datasize ( PROC_PID_LIMIT_DATA )
2009: The maximum size (in bytes) of the data segment for a process;
2010: this defines how far a program may extend its break with the
2011: .Xr sbrk 2
2012: system call.
2013: .It Li proc.pid.rlimit.stacksize ( PROC_PID_LIMIT_STACK )
2014: The maximum size (in bytes) of the stack segment for a process;
2015: this defines how far a program's stack segment may be extended.
2016: Stack extension is performed automatically by the system.
2017: .It Li proc.pid.rlimit.coredumpsize ( PROC_PID_LIMIT_CORE )
2018: The largest size (in bytes)
2019: .Pa core
2020: file that may be created.
2021: .It Li proc.pid.rlimit.memoryuse ( PROC_PID_LIMIT_RSS )
2022: The maximum size (in bytes) to which a process's resident set size may
2023: grow.
2024: This imposes a limit on the amount of physical memory to be given to
2025: a process; if memory is tight, the system will prefer to take memory
2026: from processes that are exceeding their declared resident set size.
2027: .It Li proc.pid.rlimit.memorylocked ( PROC_PID_LIMIT_MEMLOCK )
2028: The maximum size (in bytes) which a process may lock into memory
2029: using the
2030: .Xr mlock 2
2031: function.
2032: .It Li proc.pid.rlimit.maxproc ( PROC_PID_LIMIT_NPROC )
2033: The maximum number of simultaneous processes for this user id.
2034: .It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE )
2035: The maximum number of open files for this process.
1.22 snj 2036: .It Li proc.pid.rlimit.sbsize ( PROC_PID_LIMIT_SBSIZE )
2037: The maximum size (in bytes) of the socket buffers
2038: set by the
2039: .Xr setsockopt 2
2040: .Dv SO_RCVBUF
2041: and
2042: .Dv SO_SNDBUF
2043: options.
1.1 pavel 2044: .El
2045: .Pp
2046: The fifth level name is one of
1.56 uwe 2047: .Li soft ( PROC_PID_LIMIT_TYPE_SOFT )
2048: or
1.1 pavel 2049: .Li hard ( PROC_PID_LIMIT_TYPE_HARD ) ,
2050: to select respectively the soft or hard limit.
2051: Both are of type integer.
2052: .It Li proc.pid.stopfork ( PROC_PID_STOPFORK )
2053: If non zero, the process' children will be stopped after
2054: .Xr fork 2
2055: calls.
2056: The children is created in the SSTOP state and is never scheduled
2057: for running before being stopped.
2058: This feature helps attaching a process with a debugger such as
2059: .Xr gdb 1
2060: before it had the opportunity to actually do anything.
2061: .Pp
2062: This value is inherited by the process's children, and it also
2063: apply to emulation specific system calls that fork a new process, such as
2064: .Fn sproc
2065: or
2066: .Fn clone .
2067: .It Li proc.pid.stopexec ( PROC_PID_STOPEXEC )
2068: If non zero, the process will be stopped on next
2069: .Xr exec 3
2070: call.
2071: The process created by
2072: .Xr exec 3
2073: is created in the SSTOP state and is never scheduled for running
2074: before being stopped.
2075: This feature helps attaching a process with a debugger such as
2076: .Xr gdb 1
2077: before it had the opportunity to actually do anything.
2078: .Pp
2079: This value is inherited by the process's children.
2080: .It Li proc.pid.stopexit ( PROC_PID_STOPEXIT )
2081: If non zero, the process will be stopped on when it has cause to exit,
2082: either by way of calling
2083: .Xr exit 3 ,
2084: .Xr _exit 2 ,
2085: or by the receipt of a specific signal.
2086: The process is stopped before any of its resources or vm space is
2087: released allowing examination of the termination state of a process
2088: before it disappears.
2089: This feature can be used to examine the final conditions of the
2090: process's vmspace via
2091: .Xr pmap 1
2092: or its resource settings with
2093: .Xr sysctl 8
2094: before it disappears.
2095: .Pp
2096: This value is also inherited by the process's children.
2097: .El
1.50 jruoho 2098: .Ss The user.* subtree ( CTL_USER )
1.1 pavel 2099: The string and integer information available for the
2100: .Li user
2101: level is detailed below.
2102: The changeable column shows whether a process with appropriate
2103: privilege may change the value.
1.21 joerg 2104: .Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent
1.1 pavel 2105: .It Sy Second level name Type Changeable
2106: .It user.atexit_max integer no
2107: .It user.bc_base_max integer no
2108: .It user.bc_dim_max integer no
2109: .It user.bc_scale_max integer no
2110: .It user.bc_string_max integer no
2111: .It user.coll_weights_max integer no
2112: .It user.cs_path string no
2113: .It user.expr_nest_max integer no
2114: .It user.line_max integer no
2115: .It user.posix2_c_bind integer no
2116: .It user.posix2_c_dev integer no
2117: .It user.posix2_char_term integer no
2118: .It user.posix2_fort_dev integer no
2119: .It user.posix2_fort_run integer no
2120: .It user.posix2_localedef integer no
2121: .It user.posix2_sw_dev integer no
2122: .It user.posix2_upe integer no
2123: .It user.posix2_version integer no
2124: .It user.re_dup_max integer no
2125: .It user.stream_max integer no
2126: .It user.stream_max integer no
2127: .It user.tzname_max integer no
2128: .El
2129: .Bl -tag -width "123456"
2130: .It Li user.atexit_max ( USER_ATEXIT_MAX )
2131: The maximum number of functions that may be registered with
2132: .Xr atexit 3 .
2133: .It Li user.bc_base_max ( USER_BC_BASE_MAX )
2134: The maximum ibase/obase values in the
2135: .Xr bc 1
2136: utility.
2137: .It Li user.bc_dim_max ( USER_BC_DIM_MAX )
2138: The maximum array size in the
2139: .Xr bc 1
2140: utility.
2141: .It Li user.bc_scale_max ( USER_BC_SCALE_MAX )
2142: The maximum scale value in the
2143: .Xr bc 1
2144: utility.
2145: .It Li user.bc_string_max ( USER_BC_STRING_MAX )
2146: The maximum string length in the
2147: .Xr bc 1
2148: utility.
2149: .It Li user.coll_weights_max ( USER_COLL_WEIGHTS_MAX )
2150: The maximum number of weights that can be assigned to any entry of
2151: the LC_COLLATE order keyword in the locale definition file.
2152: .It Li user.cs_path ( USER_CS_PATH )
2153: Return a value for the
2154: .Ev PATH
2155: environment variable that finds all the standard utilities.
2156: .It Li user.expr_nest_max ( USER_EXPR_NEST_MAX )
2157: The maximum number of expressions that can be nested within
2158: parenthesis by the
2159: .Xr expr 1
2160: utility.
2161: .It Li user.line_max ( USER_LINE_MAX )
2162: The maximum length in bytes of a text-processing utility's input
2163: line.
2164: .It Li user.posix2_char_term ( USER_POSIX2_CHAR_TERM )
2165: Return 1 if the system supports at least one terminal type capable of
1.58 wiz 2166: all operations described in
2167: .St -p1003.2 ,
2168: otherwise\ 0.
1.1 pavel 2169: .It Li user.posix2_c_bind ( USER_POSIX2_C_BIND )
2170: Return 1 if the system's C-language development facilities support the
1.56 uwe 2171: C-Language Bindings Option, otherwise\ 0.
1.1 pavel 2172: .It Li user.posix2_c_dev ( USER_POSIX2_C_DEV )
2173: Return 1 if the system supports the C-Language Development Utilities Option,
1.56 uwe 2174: otherwise\ 0.
1.1 pavel 2175: .It Li user.posix2_fort_dev ( USER_POSIX2_FORT_DEV )
2176: Return 1 if the system supports the FORTRAN Development Utilities Option,
1.56 uwe 2177: otherwise\ 0.
1.1 pavel 2178: .It Li user.posix2_fort_run ( USER_POSIX2_FORT_RUN )
2179: Return 1 if the system supports the FORTRAN Runtime Utilities Option,
1.56 uwe 2180: otherwise\ 0.
1.1 pavel 2181: .It Li user.posix2_localedef ( USER_POSIX2_LOCALEDEF )
1.56 uwe 2182: Return 1 if the system supports the creation of locales, otherwise\ 0.
1.1 pavel 2183: .It Li user.posix2_sw_dev ( USER_POSIX2_SW_DEV )
2184: Return 1 if the system supports the Software Development Utilities Option,
1.56 uwe 2185: otherwise\ 0.
1.1 pavel 2186: .It Li user.posix2_upe ( USER_POSIX2_UPE )
2187: Return 1 if the system supports the User Portability Utilities Option,
1.56 uwe 2188: otherwise\ 0.
1.1 pavel 2189: .It Li user.posix2_version ( USER_POSIX2_VERSION )
1.58 wiz 2190: The version of
2191: .St -p1003.2
2192: with which the system attempts to comply.
1.1 pavel 2193: .It Li user.re_dup_max ( USER_RE_DUP_MAX )
2194: The maximum number of repeated occurrences of a regular expression
2195: permitted when using interval notation.
2196: .It Li user.stream_max ( USER_STREAM_MAX )
2197: The minimum maximum number of streams that a process may have open
2198: at any one time.
2199: .It Li user.tzname_max ( USER_TZNAME_MAX )
2200: The minimum maximum number of types supported for the name of a
2201: timezone.
2202: .El
1.50 jruoho 2203: .Ss The vm.* subtree ( CTL_VM )
1.1 pavel 2204: The string and integer information available for the
2205: .Li vm
2206: level is detailed below.
2207: The changeable column shows whether a process with appropriate
2208: privilege may change the value.
1.21 joerg 2209: .Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent
1.1 pavel 2210: .It Sy Second level name Type Changeable
2211: .It vm.anonmax int yes
2212: .It vm.anonmin int yes
2213: .It vm.bufcache int yes
2214: .It vm.bufmem int no
2215: .It vm.bufmem_hiwater int yes
2216: .It vm.bufmem_lowater int yes
2217: .It vm.execmax int yes
2218: .It vm.execmin int yes
2219: .It vm.filemax int yes
2220: .It vm.filemin int yes
2221: .It vm.loadavg struct loadavg no
2222: .It vm.maxslp int no
2223: .It vm.nkmempages int no
2224: .It vm.uspace int no
2225: .It vm.uvmexp struct uvmexp no
2226: .It vm.uvmexp2 struct uvmexp_sysctl no
2227: .It vm.vmmeter struct vmtotal no
2228: .El
2229: .Pp
2230: .Bl -tag -width "123456"
2231: .It Li vm.anonmax ( VM_ANONMAX )
2232: The percentage of physical memory which will be reclaimed
2233: from other types of memory usage to store anonymous application data.
2234: .It Li vm.anonmin ( VM_ANONMIN )
2235: The percentage of physical memory which will be always be available for
2236: anonymous application data.
2237: .It Li vm.bufcache ( VM_BUFCACHE )
2238: The percentage of physical memory which will be available
2239: for the buffer cache.
2240: .It Li vm.bufmem ( VM_BUFMEM )
2241: The amount of kernel memory that is being used by the buffer cache.
2242: .It Li vm.bufmem_lowater ( VM_BUFMEM_LOWATER )
2243: The minimum amount of kernel memory to reserve for the
2244: buffer cache.
2245: .It Li vm.bufmem_hiwater ( VM_BUFMEM_HIWATER )
2246: The maximum amount of kernel memory to be used for the
2247: buffer cache.
2248: .It Li vm.execmax ( VM_EXECMAX )
2249: The percentage of physical memory which will be reclaimed
2250: from other types of memory usage to store cached executable data.
2251: .It Li vm.execmin ( VM_EXECMIN )
2252: The percentage of physical memory which will be always be available for
2253: cached executable data.
2254: .It Li vm.filemax ( VM_FILEMAX )
2255: The percentage of physical memory which will be reclaimed
2256: from other types of memory usage to store cached file data.
2257: .It Li vm.filemin ( VM_FILEMIN )
2258: The percentage of physical memory which will be always be available for
2259: cached file data.
2260: .It Li vm.loadavg ( VM_LOADAVG )
2261: Return the load average history.
2262: The returned data consists of a
1.56 uwe 2263: .Vt struct loadavg .
1.1 pavel 2264: .It Li vm.maxslp ( VM_MAXSLP )
2265: The value of the maxslp kernel global variable.
2266: .It Li vm.vmmeter ( VM_METER )
2267: Return system wide virtual memory statistics.
2268: The returned data consists of a
1.56 uwe 2269: .Vt struct vmtotal .
1.31 drochner 2270: .It vm.user_va0_disable
1.56 uwe 2271: A flag which controls whether user processes can map virtual address\ 0.
1.1 pavel 2272: .It Li vm.uspace ( VM_USPACE )
2273: The number of bytes allocated for each kernel stack.
2274: .It Li vm.uvmexp ( VM_UVMEXP )
2275: Return system wide virtual memory statistics.
2276: The returned data consists of a
1.56 uwe 2277: .Vt struct uvmexp .
1.1 pavel 2278: .It Li vm.uvmexp2 ( VM_UVMEXP2 )
2279: Return system wide virtual memory statistics.
2280: The returned data consists of a
1.56 uwe 2281: .Vt struct uvmexp_sysctl .
1.1 pavel 2282: .\" XXX vm.idlezero
2283: .El
1.50 jruoho 2284: .Ss The ddb.* subtree ( CTL_DDB )
1.34 jruoho 2285: The information available for the
1.1 pavel 2286: .Li ddb
2287: level is detailed below.
2288: The changeable column shows whether a process with appropriate
2289: privilege may change the value.
2290: .\" XXX sort
1.21 joerg 2291: .Bl -column "Second level name" "integer" "Changeable" -offset indent
1.1 pavel 2292: .It Sy Second level name Type Changeable
2293: .It ddb.radix integer yes
2294: .It ddb.maxoff integer yes
1.34 jruoho 2295: .It ddb.maxwidth integer yes
1.1 pavel 2296: .It ddb.lines integer yes
2297: .It ddb.tabstops integer yes
2298: .It ddb.onpanic integer yes
2299: .It ddb.fromconsole integer yes
1.34 jruoho 2300: .It ddb.tee_msgbuf integer yes
2301: .It ddb.commandonenter string yes
1.1 pavel 2302: .El
2303: .Pp
2304: .Bl -tag -width "123456"
1.35 jruoho 2305: .It Li ddb.radix ( DDBCTL_RADIX )
1.1 pavel 2306: The input and output radix.
1.35 jruoho 2307: .It Li ddb.maxoff ( DDBCTL_MAXOFF )
1.1 pavel 2308: The maximum symbol offset.
1.34 jruoho 2309: .It Li ddb.maxwidth ( DDBCTL_MAXWIDTH )
2310: The maximum output line width.
1.35 jruoho 2311: .It Li ddb.lines ( DDBCTL_LINES )
1.1 pavel 2312: Number of display lines.
1.35 jruoho 2313: .It Li ddb.tabstops ( DDBCTL_TABSTOPS )
1.1 pavel 2314: Tab width.
1.35 jruoho 2315: .It Li ddb.onpanic ( DDBCTL_ONPANIC )
1.63 riz 2316: If greater than zero, DDB will be entered if the kernel panics.
2317: A value of 1 causes the system to enter DDB on panic, while a value of 2
2318: causes the kernel to attempt to print out a stack trace before entering DDB.
2319: A value of 0 causes the kernel to attempt to print a stack trace, then
1.64 wiz 2320: reboot, while a value of \-1 means neither a stack trace will be printed
1.63 riz 2321: nor DDB entered.
1.35 jruoho 2322: .It Li ddb.fromconsole ( DDBCTL_FROMCONSOLE )
1.1 pavel 2323: If not zero, DDB may be entered by sending a break on a serial
2324: console or by a special key sequence on a graphics console.
1.34 jruoho 2325: .It Li ddb.tee_msgbuf
2326: If not zero, DDB will output also to the kernel message buffer.
2327: .It Li ddb.commandonenter
2328: If not empty, a command to be executed on each enter to the
2329: .Tn DDB .
2330: .\"
2331: .\" XXX: (a) ddb.commandonenter is missing in ddb(4);
2332: .\" (b) No DDBCTL definitions for tee_msgbuf and commandonenter.
1.1 pavel 2333: .El
2334: .Pp
1.34 jruoho 2335: Some of these
2336: .Tn MIB
2337: nodes are also available as variables from within the debugger.
1.1 pavel 2338: See
2339: .Xr ddb 4
2340: for more details.
1.50 jruoho 2341: .Ss The security.* subtree ( CTL_SECURITY )
1.1 pavel 2342: The
2343: .Li security
2344: level contains various security-related settings for
1.2 wiz 2345: the system.
1.43 jruoho 2346: The available second level names are:
2347: .Bl -column "Second level name" "integer" "Changeable" -offset indent
2348: .It Sy Second level name Type Changeable
2349: .It Li security.curtain integer yes
2350: .It Li security.models node not applicable
2351: .It Li security.pax node not applicable
2352: .El
2353: .Pp
1.2 wiz 2354: Available settings are detailed below.
1.1 pavel 2355: .Pp
2356: .Bl -tag -width "123456"
2357: .It Li security.curtain
1.43 jruoho 2358: If non-zero, will filter return objects according to the user
2359: .Tn ID
1.1 pavel 2360: requesting information about them, preventing from users any
1.43 jruoho 2361: access to objects they do not own.
1.1 pavel 2362: .Pp
2363: At the moment, it affects
2364: .Xr ps 1 ,
2365: .Xr netstat 1
2366: (for
2367: .Dv PF_INET ,
2368: .Dv PF_INET6 ,
2369: and
2370: .Dv PF_UNIX
2371: PCBs), and
2372: .Xr w 1 .
1.4 elad 2373: .It Li security.models
2374: .Nx
2375: supports pluggable security models.
1.17 ad 2376: Every security model used, whether if loaded as a module or built with the system,
1.4 elad 2377: is required to add an entry to this node with at least one element,
2378: .Dq name ,
2379: indicating the name of the security model.
2380: .Pp
2381: In addition to the name, any settings and other information private to the
2382: security model will be available under this node.
2383: See
2384: .Xr secmodel 9
2385: for more information.
1.1 pavel 2386: .It Li security.pax
2387: Settings for PaX -- exploit mitigation features.
1.4 elad 2388: For more information on any of the PaX features, please see
2389: .Xr paxctl 8
2390: and
1.62 jruoho 2391: .Xr security 7 .
1.43 jruoho 2392: The available third and fourth level names are:
2393: .Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \
2394: -offset 2n
2395: .It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable
2396: .It Li security.pax.aslr.enabled integer yes
2397: .\".It Li security.pax.aslr.exec_len integer yes
2398: .It Li security.pax.aslr.global integer yes
2399: .\".It Li security.pax.aslr.mmap_len integer yes
2400: .\".It Li security.pax.aslr.stack_len integer yes
2401: .It Li security.pax.mprotect.enabled integer yes
2402: .It Li security.pax.mprotect.global integer yes
2403: .It Li security.pax.segvguard.enabled integer yes
2404: .It Li security.pax.segvguard.expiry_timeout integer yes
2405: .It Li security.pax.segvguard.global integer yes
2406: .It Li security.pax.segvguard.max_crashes integer yes
2407: .It Li security.pax.segvguard.suspend_timeout integer yes
2408: .El
1.1 pavel 2409: .Pp
2410: .Bl -tag -width "123456"
1.43 jruoho 2411: .It Li security.pax.aslr.enabled
1.14 elad 2412: Enable PaX ASLR (Address Space Layout Randomization).
2413: .Pp
2414: The value of this
2415: knob must be non-zero for PaX ASLR to be enabled, even if a program is set to
2416: explicit enable.
1.43 jruoho 2417: .\".It Li security.pax.aslr.exec_len
2418: .\" XXX: Undocumented.
1.14 elad 2419: .It Li security.pax.aslr.global
2420: Specifies the default global policy for programs without an
2421: explicit enable/disable flag.
2422: .Pp
2423: When non-zero, all programs will get PaX ASLR, except those exempted with
1.69 wiz 2424: .Xr paxctl 8 .
1.14 elad 2425: Otherwise, all programs will not get PaX ASLR, except those specifically
2426: marked as such with
2427: .Xr paxctl 8 .
1.43 jruoho 2428: .\".It Li security.pax.aslr.mmap_len
2429: .\" XXX: Undocumented.
2430: .\" .It Li security.pax.aslr.stack_len
2431: .\" XXX: Undocumented.
2432: .It Li security.pax.mprotect.enabled
1.1 pavel 2433: Enable PaX MPROTECT restrictions.
2434: .Pp
2435: These are
2436: .Xr mprotect 2
1.2 wiz 2437: restrictions to better enforce a W^X policy.
2438: The value of this
1.1 pavel 2439: knob must be non-zero for PaX MPROTECT to be enabled, even if a
2440: program is set to explicit enable.
2441: .It Li security.pax.mprotect.global
2442: Specifies the default global policy for programs without an
2443: explicit enable/disable flag.
2444: .Pp
2445: When non-zero, all programs will get the PaX MPROTECT restrictions,
2446: except those exempted with
1.69 wiz 2447: .Xr paxctl 8 .
1.1 pavel 2448: Otherwise, all programs will not get the PaX MPROTECT restrictions,
2449: except those specifically marked as such with
1.4 elad 2450: .Xr paxctl 8 .
1.43 jruoho 2451: .It Li security.pax.segvguard.enabled
1.1 pavel 2452: Enable PaX Segvguard.
2453: .Pp
2454: PaX Segvguard can detect and prevent certain exploitation attempts, where
2455: an attacker may try for example to brute-force function return addresses
2456: of respawning daemons.
2457: .Pp
2458: .Em Note :
2459: The
2460: .Nx
2461: interface and implementation of the Segvguard is still experimental, and may
2462: change in future releases.
1.43 jruoho 2463: .It Li security.pax.segvguard.expiry_timeout
2464: If the max number was not reached within this timeout (in seconds), the entry
2465: will expire.
1.1 pavel 2466: .It Li security.pax.segvguard.global
2467: Specifies the default global policy for programs without an
2468: explicit enable/disable flag.
2469: .Pp
2470: When non-zero, all programs will get the PaX Segvguard,
2471: except those exempted with
1.69 wiz 2472: .Xr paxctl 8 .
1.2 wiz 2473: Otherwise, no program will get the PaX Segvguard restrictions,
1.1 pavel 2474: except those specifically marked as such with
1.4 elad 2475: .Xr paxctl 8 .
1.43 jruoho 2476: .It Li security.pax.segvguard.max_crashes
2477: The maximum number of segfaults a program can receive before suspension.
1.1 pavel 2478: .It Li security.pax.segvguard.suspend_timeout
2479: Number of seconds to suspend a user from running a faulting program when the
2480: limit was exceeded.
2481: .El
2482: .El
1.50 jruoho 2483: .Ss The vendor.* subtree ( CTL_VENDOR )
1.1 pavel 2484: The
2485: .Li vendor
2486: toplevel name is reserved to be used by vendors who wish to
2487: have their own private MIB tree.
2488: Intended use is to store values under
2489: .Dq vendor.\*[Lt]yourname\*[Gt].* .
2490: .Sh SEE ALSO
2491: .Xr sysctl 3 ,
2492: .Xr ipsec 4 ,
2493: .Xr tcp 4 ,
1.62 jruoho 2494: .Xr security 7 ,
1.1 pavel 2495: .Xr sysctl 8
2496: .Sh HISTORY
2497: The
2498: .Nm
2499: variables first appeared in
2500: .Bx 4.4 .
CVSweb <webmaster@jp.NetBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to sysctl.7 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / share / man / man7