1 .\" $NetBSD: sysctl.7,v 1.23 2009/09/11 18:14:58 apb Exp $
4 .\" The Regents of the University of California. All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the University nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95
32 .Dd September 11, 2009
37 .Nd system information variables
41 library function and the
43 utility are used to get and set values of system variables, maintained
45 The variables are organized in a tree and identified by a sequence of
46 numbers, conventionally separated by dots with the topmost identifier
48 The numbers have corresponding text names.
55 utility can be used to convert the text representation to the
58 The individual sysctl variables are described below, both the textual
59 and numeric form where applicable.
60 The textual names can be used as argument to the
62 utility and in the file
63 .Pa /etc/sysctl.conf .
64 The numeric names are usually defined as preprocessor constants and
65 are intended for use by programs.
66 Every such constant expands to one integer, which identifies the
67 sysctl variable relative to the upper level of the tree.
70 manual page for programming examples.
72 The top level names are defined with a CTL_ prefix in
75 The next and subsequent levels down are found in the include files
76 listed here, and described in separate sections below.
77 .Bl -column security CTL_SECURITY "Next level names" "High kernel limits"
78 .It Sy Name Constant Next level names Description
79 .It kern CTL_KERN sys/sysctl.h High kernel limits
80 .It vm CTL_VM uvm/uvm_param.h Virtual memory
81 .It vfs CTL_VFS sys/mount.h Filesystem
82 .It net CTL_NET sys/socket.h Networking
83 .It debug CTL_DEBUG sys/sysctl.h Debugging
84 .It hw CTL_HW sys/sysctl.h Generic CPU, I/O
85 .It machdep CTL_MACHDEP sys/sysctl.h Machine dependent
86 .It user CTL_USER sys/sysctl.h User-level
87 .It ddb CTL_DDB sys/sysctl.h In-kernel debugger
88 .It proc CTL_PROC sys/sysctl.h Per-process
89 .It vendor CTL_VENDOR ? Vendor specific
90 .It emul CTL_EMUL sys/sysctl.h Emulation settings
91 .It security CTL_SECURITY sys/sysctl.h Security settings
93 .Sh The debug.* subtree
94 The debugging variables vary from system to system.
95 A debugging variable may be added or deleted without need to recompile
100 gets the list of debugging variables from the kernel and
101 displays their current values.
102 The system defines twenty
103 .Va ( struct ctldebug )
108 They are declared as separate variables so that they can be
109 individually initialized at the location of their associated variable.
110 The loader prevents multiple use of the same variable by issuing errors
111 if a variable is initialized in more than one place.
112 For example, to export the variable
114 as a debugging variable, the following declaration would be used:
115 .Bd -literal -offset indent -compact
116 int dospecialcheck = 1;
117 struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck };
120 Note that the dynamic implementation of
122 currently in use largely makes this particular
129 for more information.
130 .Sh The vfs.* subtree
131 A distinguished second level name,
132 .Li vfs.generic ( VFS_GENERIC ) ,
133 is used to get general information about all filesystems.
134 One of its third level identifiers is
135 .Li vfs.generic.maxtypenum ( VFS_MAXTYPENUM )
136 that gives the highest valid filesystem type number.
137 Its other third level identifier is
138 .Li vfs.generic.conf ( VFS_CONF )
139 that returns configuration information about the filesystem
140 type given as a fourth level identifier.
141 The remaining second level identifiers are the
142 filesystem type number returned by a
145 .Li vfs.generic.conf .
146 The third level identifiers available for each filesystem
147 are given in the header file that defines the mount
148 argument structure for that filesystem.
150 The string and integer information available for the
152 level is detailed below.
153 The changeable column shows whether a process with appropriate
154 privilege may change the value.
155 .Bl -column "hw.acpi.supported_states" "integer" "Changeable" -offset indent
156 .It Sy Second level name Type Changeable
157 .It hw.acpi.supported_states string no
158 .It hw.alignbytes integer no
159 .It hw.byteorder integer no
160 .It hw.cnmagic string yes
161 .It hw.disknames string no
162 .It hw.diskstats struct no
163 .It hw.machine string no
164 .It hw.machine_arch string no
165 .It hw.model string no
166 .It hw.ncpu integer no
167 .It hw.pagesize integer no
168 .It hw.physmem integer no
169 .It hw.physmem64 quad no
170 .It hw.usermem integer no
171 .It hw.usermem64 quad no
174 .Bl -tag -width "123456"
175 .It Li hw.acpi.support_states
179 The list can contain the following values:
184 power on suspend (CPU and hard disks are off)
186 similar to S3, usually not implemented
190 suspend-to-disk (needs BIOS support)
194 .It Li hw.alignbytes ( HW_ALIGNBYTES )
195 Alignment constraint for all possible data types.
199 .Pa /usr/include/machine/param.h ,
200 at the kernel compilation time.
201 .It Li hw.byteorder ( HW_BYTEORDER )
202 The byteorder (4,321, or 1,234).
203 .It Li hw.cnmagic ( HW_CNMAGIC )
204 The console magic key sequence.
205 .It Li hw.disknames ( HW_DISKNAMES )
206 The list of (space separated) disk device names on the system.
207 .It Li hw.iostatnames ( HW_IOSTATNAMES )
208 A space separated list of devices that will have I/O statistics
210 .It Li hw.iostats ( HW_IOSTATS )
211 Return statistical information on the NFS mounts, disk and tape
212 devices on the system.
215 structures is returned,
216 whose size depends on the current number of such objects in the system.
217 The third level name is the size of the
218 .Va struct io_sysctl .
219 The type of object can be determined by examining the
222 .Va struct io_sysctl .
230 .It Li hw.machine ( HW_MACHINE )
232 .It Li hw.machine_arch ( HW_MACHINE_ARCH )
233 The machine CPU class.
234 .It Li hw.model ( HW_MODEL )
236 .It Li hw.ncpu ( HW_NCPU )
238 .It Li hw.pagesize ( HW_PAGESIZE )
239 The software page size.
240 .It Li hw.physmem ( HW_PHYSMEM )
241 The bytes of physical memory as a 32-bit integer.
242 .It Li hw.physmem64 ( HW_PHYSMEM64 )
243 The bytes of physical memory as a 64-bit integer.
244 .It Li hw.usermem ( HW_USERMEM )
245 The bytes of non-kernel memory as a 32-bit integer.
246 .It Li hw.usermem64 ( HW_USERMEM64 )
247 The bytes of non-kernel memory as a 64-bit integer.
249 .Sh The kern.* subtree
250 The string and integer information available for the
252 level is detailed below.
253 The changeable column shows whether a process with appropriate
254 privilege may change the value.
255 The types of data currently available are process information,
256 system vnodes, the open file entries, routing table entries,
257 virtual memory statistics, load average history, and clock rate
259 .Bl -column "kern.posix_reader_writer_locks" "struct kinfo_drivers" "not applicable"
260 .It Sy Second level name Type Changeable
261 .It kern.argmax integer no
262 .It kern.autonicetime integer yes
263 .It kern.autoniceval integer yes
264 .It kern.boottime struct timeval no
265 .It kern.bufq node not applicable
266 .It kern.ccpu integer no
267 .It kern.clockrate struct clockinfo no
268 .It kern.consdev integer no
269 .It kern.cp_id struct no
270 .It kern.cp_time uint64_t[\|] no
271 .It kern.defcorename string yes
272 .It kern.domainname string yes
273 .It kern.drivers struct kinfo_drivers no
274 .It kern.file struct file no
275 .It kern.forkfsleep integer yes
276 .It kern.fscale integer no
277 .It kern.fsync integer no
278 .It kern.hardclock_ticks integer no
279 .It kern.hostid integer yes
280 .It kern.hostname string yes
281 .It kern.iov_max integer no
282 .It kern.job_control integer no
283 .It kern.labeloffset integer no
284 .It kern.labelsector integer no
285 .It kern.login_name_max integer no
286 .It kern.logsigexit integer yes
287 .It kern.mapped_files integer no
288 .It kern.maxfiles integer yes
289 .It kern.maxpartitions integer no
290 .It kern.maxphys integer no
291 .It kern.maxproc integer yes
292 .It kern.maxptys integer yes
293 .It kern.maxvnodes integer yes
294 .It kern.mbuf node not applicable
295 .It kern.memlock integer no
296 .It kern.memlock_range integer no
297 .It kern.memory_protection integer no
298 .It kern.monotonic_clock integer no
299 .It kern.msgbuf integer no
300 .It kern.msgbufsize integer no
301 .It kern.ngroups integer no
302 .It kern.ntptime struct ntptimeval no
303 .It kern.osrelease string no
304 .It kern.osrev integer no
305 .It kern.ostype string no
306 .It kern.pipe node not applicable
307 .It kern.posix1 integer no
308 .It kern.posix_barriers integer no
309 .It kern.posix_reader_writer_locks integer no
310 .It kern.posix_semaphores integer no
311 .It kern.posix_spin_locks integer no
312 .It kern.posix_threads integer no
313 .It kern.posix_timers integer no
314 .It kern.proc struct kinfo_proc no
315 .It kern.proc2 struct kinfo_proc2 no
316 .It kern.proc_args string no
317 .It kern.prof node not applicable
318 .It kern.rawpartition integer no
319 .It kern.root_device string no
320 .It kern.root_partition integer no
321 .It kern.rtc_offset integer yes
322 .It kern.saved_ids integer no
323 .It kern.securelevel integer raise only
324 .It kern.synchronized_io integer no
325 .It kern.ipc node not applicable
326 .It kern.timecounter node not applicable
327 .It kern.timex struct no
328 .It kern.tkstat node not applicable
329 .It kern.urandom integer no
330 .It kern.version string no
331 .It kern.vnode struct vnode no
333 .Bl -tag -width "123456"
334 .It Li kern.argmax ( KERN_ARGMAX )
335 The maximum bytes of argument to
337 .It Li kern.autonicetime ( KERN_AUTONICETIME )
338 The number of seconds of CPU-time a non-root process may accumulate before
339 having its priority lowered from the default to the value of KERN_AUTONICEVAL.
340 If set to 0, automatic lowering of priority is not performed, and if set to \-1
341 all non-root processes are immediately lowered.
342 .It Li kern.autoniceval ( KERN_AUTONICEVAL )
343 The priority assigned for automatically niced processes.
344 .It Li kern.boothowto
345 Flags passed from the boot loader; see
347 for the meanings of the flags.
348 .It Li kern.boottime ( KERN_BOOTTIME )
351 structure is returned.
352 This structure contains the time that the system was booted.
353 .It Li kern.ccpu ( KERN_CCPU )
354 The scheduler exponential decay value.
355 .It Li kern.clockrate ( KERN_CLOCKRATE )
358 structure is returned.
359 This structure contains the clock, statistics clock and profiling clock
360 frequencies, the number of micro-seconds per hz tick, and the clock
362 .It Li kern.consdev ( KERN_CONSDEV )
364 .It Li kern.cp_id ( KERN_CP_ID )
365 Mapping of CPU number to CPU id.
366 .It Li kern.cp_time ( KERN_CP_TIME )
367 Returns an array of CPUSTATES uint64_ts.
368 This array contains the
369 number of clock ticks spent in different CPU states.
370 On multi-processor systems, the sum across all CPUs is returned unless
371 appropriate space is given for one data set for each CPU.
372 Data for a specific CPU can also be obtained by adding the number of the
373 CPU at the end of the MIB, enlarging it by one.
374 .It Li kern.defcorename ( KERN_DEFCORENAME )
375 Default template for the name of core dump files (see also
376 .Li proc.pid.corename
377 in the per-process variables
381 for format of this template).
384 and can be changed with the kernel configuration option
385 .Cd options DEFCORENAME
389 .It Li kern.domainname ( KERN_DOMAINNAME )
390 Get or set the YP domain name.
391 .It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC )
392 Perform a crash dump on system panic.
393 .It Li kern.drivers ( KERN_DRIVERS )
395 .Va struct kinfo_drivers
396 that contains the name and major device numbers of all the device drivers
397 in the current kernel.
400 field is always a NUL terminated string.
403 field will be set to \-1 if the driver doesn't have a block device.
404 .It Li kern.file ( KERN_FILE )
405 Return the entire file table.
406 The returned data consists of a single
408 followed by an array of
410 whose size depends on the current number of such objects in the system.
411 .It Li kern.forkfsleep ( KERN_FORKFSLEEP )
414 system call fails due to limit on number of processes (either
415 the global maxproc limit or user's one), wait for this many
416 milliseconds before returning
419 Useful to keep heavily forking runaway processes in bay.
420 Default zero (no sleep).
421 Maximum is 20 seconds.
422 .It Li kern.fscale ( KERN_FSCALE )
423 The kernel fixed-point scale factor.
424 .It Li kern.fsync ( KERN_FSYNC )
425 Return 1 if the POSIX 1003.1b File Synchronization Option is available
428 .It Li kern.hardclock_ticks ( KERN_HARDCLOCK_TICKS )
429 Returns the number of
432 .It Li kern.hostid ( KERN_HOSTID )
433 Get or set the host id.
434 .It Li kern.hostname ( KERN_HOSTNAME )
435 Get or set the hostname.
436 .It Li kern.iov_max ( KERN_IOV_MAX )
437 Return the maximum number of
439 structures that a process has available for use with
447 .It Li kern.job_control ( KERN_JOB_CONTROL )
448 Return 1 if job control is available on this system, otherwise 0.
449 .It Li kern.labeloffset ( KERN_LABELOFFSET )
450 The offset within the sector specified by KERN_LABELSECTOR of the
452 .It Li kern.labelsector ( KERN_LABELSECTOR )
453 The sector number containing the
455 .It Li kern.login_name_max ( KERN_LOGIN_NAME_MAX )
456 The size of the storage required for a login name, in bytes,
457 including the terminating NUL.
458 .It Li kern.logsigexit ( KERN_LOGSIGEXIT )
459 If this flag is non-zero, the kernel will
461 all process exits due to signals which create a
463 file, and whether the coredump was created.
464 .It Li kern.mapped_files ( KERN_MAPPED_FILES )
465 Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available
468 .It Li kern.maxfiles ( KERN_MAXFILES )
469 The maximum number of open files that may be open in the system.
470 .It Li kern.maxpartitions ( KERN_MAXPARTITIONS )
471 The maximum number of partitions allowed per disk.
472 .It Li kern.maxphys ( KERN_MAXPHYS )
473 Maximum raw I/O transfer size.
474 .It Li kern.maxproc ( KERN_MAXPROC )
475 The maximum number of simultaneous processes the system will allow.
476 .It Li kern.maxptys ( KERN_MAXPTYS )
477 The maximum number of pseudo terminals.
478 This value can be both raised and lowered, though it cannot
479 be set lower than number of currently used ptys.
482 .It Li kern.maxvnodes ( KERN_MAXVNODES )
483 The maximum number of vnodes available on the system.
484 This can only be raised.
485 .It Li kern.mbuf ( KERN_MBUF )
486 Return information about the mbuf control variables.
487 Mbufs are data structures which store network packets and other data
488 structures in the networking code, see
490 The third level names for the mbuf variables are detailed below.
491 The changeable column shows whether a process with appropriate
492 privilege may change the value.
493 .Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent
494 .It Sy Third level name Type Changeable
495 .\" XXX Changeable? really?
496 .It kern.mbuf.mblowat integer yes
497 .It kern.mbuf.mclbytes integer yes
498 .It kern.mbuf.mcllowat integer yes
499 .It kern.mbuf.msize integer yes
500 .It kern.mbuf.nmbclusters integer yes
503 The variables are as follows:
504 .Bl -tag -width "123456"
505 .It Li kern.mbuf.mblowat ( MBUF_MBLOWAT )
506 The mbuf low water mark.
507 .It Li kern.mbuf.mclbytes ( MBUF_MCLBYTES )
508 The mbuf cluster size.
509 .It Li kern.mbuf.mcllowat ( MBUF_MCLLOWAT )
510 The mbuf cluster low water mark.
511 .It Li kern.mbuf.msize ( MBUF_MSIZE )
513 .It Li kern.mbuf.nmbclusters ( MBUF_NMBCLUSTERS )
514 The limit on the number of mbuf clusters.
515 The variable can only be increased, and only increased on machines with
516 direct-mapped pool pages.
518 .It Li kern.memlock ( KERN_MEMLOCK )
519 Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available
522 .It Li kern.memlock_range ( KERN_MEMLOCK_RANGE )
523 Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available
526 .It Li kern.memory_protection ( KERN_MEMORY_PROTECTION )
527 Returns 1 if the POSIX 1003.1b Memory Protection Option is available
530 .It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK )
531 Returns the standard version the implementation of the POSIX 1003.1b
532 Monotonic Clock Option conforms to,
534 .It Li kern.msgbuf ( KERN_MSGBUF )
535 The kernel message buffer, rotated so that the head of the circular kernel
536 message buffer is at the start of the returned data.
537 The returned data may contain NUL bytes.
538 .It Li kern.msgbufsize ( KERN_MSGBUFSIZE )
539 The maximum number of characters that the kernel message buffer can hold.
540 .It Li kern.ngroups ( KERN_NGROUPS )
541 The maximum number of supplemental groups.
542 .It Li kern.ntptime ( KERN_NTPTIME )
544 .Va struct ntptimeval
545 structure is returned.
546 This structure contains data used by the
549 .It Li kern.osrelease ( KERN_OSRELEASE )
550 The system release string.
551 .It Li kern.osrevision ( KERN_OSREV )
552 The system revision string.
553 .It Li kern.ostype ( KERN_OSTYPE )
554 The system type string.
555 .It Li kern.pipe ( KERN_PIPE )
557 The third level names for the integer pipe settings is detailed below.
558 The changeable column shows whether a process with appropriate
559 privilege may change the value.
560 .Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent
561 .It Sy Third level name Type Changeable
562 .It kern.pipe.kvasiz integer yes
563 .It kern.pipe.maxbigpipes integer yes
564 .It kern.pipe.maxkvasz integer yes
565 .It kern.pipe.limitkva integer yes
566 .It kern.pipe.nbigpipes integer yes
569 The variables are as follows:
570 .Bl -tag -width "123456"
571 .It Li kern.pipe.kvasiz ( KERN_PIPE_KVASIZ )
572 Amount of kernel memory consumed by pipe buffers.
573 .It Li kern.pipe.maxbigpipes ( KERN_PIPE_MAXBIGPIPES )
574 Maximum number of "big" pipes.
575 .It Li kern.pipe.maxkvasz ( KERN_PIPE_MAXKVASZ )
576 Maximum amount of kernel memory to be used for pipes.
577 .It Li kern.pipe.limitkva ( KERN_PIPE_LIMITKVA )
578 Limit for direct transfers via page loan.
579 .It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES )
580 Number of "big" pipes.
582 .It Li kern.posix1version ( KERN_POSIX1 )
583 The version of ISO/IEC 9945 (POSIX 1003.1) with which the system
585 .It Li kern.posix_barriers ( KERN_POSIX_BARRIERS )
590 option to which the system attempts to conform,
592 .It Li kern.posix_reader_writer_locks ( KERN_POSIX_READER_WRITER_LOCKS )
597 option to which the system attempts to conform,
599 .It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES )
604 option to which the system attempts to conform,
606 .It Li kern.posix_spin_locks ( KERN_POSIX_SPIN_LOCKS )
611 option to which the system attempts to conform,
613 .It Li kern.posix_threads ( KERN_POSIX_THREADS )
618 option to which the system attempts to conform,
620 .It Li kern.posix_timers ( KERN_POSIX_TIMERS )
625 option to which the system attempts to conform,
627 .It Li kern.proc ( KERN_PROC )
628 Return the entire process table, or a subset of it.
630 .Va struct kinfo_proc
631 structures is returned,
632 whose size depends on the current number of such objects in the system.
633 The third and fourth level numeric names are as follows:
634 .Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent
635 .It Sy Third level name Fourth level is:
636 .It KERN_PROC_ALL None
637 .It KERN_PROC_GID A group ID
638 .It KERN_PROC_PID A process ID
639 .It KERN_PROC_PGRP A process group
640 .It KERN_PROC_RGID A real group ID
641 .It KERN_PROC_RUID A real user ID
642 .It KERN_PROC_SESSION A session ID
643 .It KERN_PROC_TTY A tty device
644 .It KERN_PROC_UID A user ID
646 .It Li kern.proc2 ( KERN_PROC2 )
647 As for KERN_PROC, but an array of
648 .Va struct kinfo_proc2
649 structures are returned.
650 The fifth level name is the size of the
651 .Va struct kinfo_proc2
652 and the sixth level name is the number of structures to return.
653 .It Li kern.proc_args ( KERN_PROC_ARGS )
654 Return the argv or environment strings (or the number thereof)
656 Multiple strings are returned separated by NUL characters.
657 The third level name is the process ID.
658 The fourth level name is as follows:
659 .Bl -column "KERN_PROG_NARGV" "The number of environ strings" -offset indent
660 .It KERN_PROC_ARGV The argv strings
661 .It KERN_PROC_ENV The environ strings
662 .It KERN_PROC_NARGV The number of argv strings
663 .It KERN_PROC_NENV The number of environ strings
665 .It Li kern.profiling ( KERN_PROF )
666 Return profiling information about the kernel.
667 If the kernel is not compiled for profiling,
668 attempts to retrieve any of the KERN_PROF values will
671 The third level names for the string and integer profiling information
673 The changeable column shows whether a process with appropriate
674 privilege may change the value.
675 .Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent
676 .It Sy Third level name Type Changeable
677 .It kern.profiling.count u_short[\|] yes
678 .It kern.profiling.froms u_short[\|] yes
679 .It kern.profiling.gmonparam struct gmonparam no
680 .It kern.profiling.state integer yes
681 .It kern.profiling.tos struct tostruct yes
684 The variables are as follows:
685 .Bl -tag -width "123456"
686 .It Li kern.profiling.count ( GPROF_COUNT )
687 Array of statistical program counter counts.
688 .It Li kern.profiling.froms ( GPROF_FROMS )
689 Array indexed by program counter of call-from points.
690 .It Li kern.profiling.gmonparams ( GPROF_GMONPARAM )
691 Structure giving the sizes of the above arrays.
692 .It Li kern.profiling.state ( GPROF_STATE )
694 If set to GMON_PROF_ON, starts profiling.
695 If set to GMON_PROF_OFF, stops profiling.
696 .It Li kern.profiling.tos ( GPROF_TOS )
699 describing destination of calls and their counts.
701 .It Li kern.rawpartition ( KERN_RAWPARTITION )
702 The raw partition of a disk (a == 0).
703 .It Li kern.root_device ( KERN_ROOT_DEVICE )
704 The name of the root device (e.g.,
706 .It Li kern.root_partition ( KERN_ROOT_PARTITION )
707 The root partition on the root device (a == 0).
708 .It Li kern.rtc_offset ( KERN_RTC_OFFSET )
709 Return the offset of real time clock from UTC in minutes.
710 .It Li kern.saved_ids ( KERN_SAVED_IDS )
711 Returns 1 if saved set-group and saved set-user ID is available.
712 .It Li kern.sbmax ( KERN_SBMAX )
713 Maximum socket buffer size.
715 .It Li kern.securelevel ( KERN_SECURELVL )
716 The system security level.
717 This level may be raised by processes with appropriate privilege.
718 It may only be lowered by process 1.
719 .It Li kern.somaxkva ( KERN_SOMAXKVA )
720 Maximum amount of kernel memory to be used for socket buffers.
722 .It Li kern.synchronized_io ( KERN_SYNCHRONIZED_IO )
723 Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available
726 .It Li kern.ipc ( KERN_SYSVIPC )
727 Return information about the SysV IPC parameters.
728 The third level names for the ipc variables are detailed below.
729 .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent
730 .It Sy Third level name Type Changeable
731 .It kern.ipc.sysvmsg integer no
732 .It kern.ipc.sysvsem integer no
733 .It kern.ipc.sysvshm integer no
734 .It kern.ipc.sysvipc_info struct no
735 .It kern.ipc.shmmax integer yes
736 .It kern.ipc.shmmni integer yes
737 .It kern.ipc.shmseg integer yes
738 .It kern.ipc.shmmaxpgs integer yes
739 .It kern.ipc.shm_use_phys integer yes
740 .It kern.ipc.msgmni integer yes
741 .It kern.ipc.msgseg integer yes
742 .It kern.ipc.semmni integer yes
743 .It kern.ipc.semmns integer yes
744 .It kern.ipc.semmnu integer yes
746 .Bl -tag -width "123456"
747 .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG )
748 Returns 1 if System V style message queue functionality is available
751 .It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM )
752 Returns 1 if System V style semaphore functionality is available
755 .It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM )
756 Returns 1 if System V style share memory functionality is available
759 .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO )
760 Return System V style IPC configuration and run-time information.
761 The fourth level name selects the System V style IPC facility.
762 .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent
763 .It Sy Fourth level name Type
764 .It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info
765 .It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info
766 .It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info
769 .Bl -tag -width "123456"
770 .It Li KERN_SYSVIPC_MSG_INFO
771 Return information on the System V style message facility.
774 structure is defined in
776 .It Li KERN_SYSVIPC_SEM_INFO
777 Return information on the System V style semaphore facility.
780 structure is defined in
782 .It Li KERN_SYSVIPC_SHM_INFO
783 Return information on the System V style shared memory facility.
786 structure is defined in
789 .It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX )
790 Max shared memory segment size in bytes.
791 .It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI )
792 Max number of shared memory identifiers.
793 .It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG )
794 Max shared memory segments per process.
795 .It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS )
796 Max amount of shared memory in pages.
797 .It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS )
798 Locking of shared memory in physical memory.
799 If 0, memory can be swapped
800 out, otherwise it will be locked in physical memory.
801 .It Li kern.ipc.msgmni
802 Max number of message queue identifiers.
803 .It Li kern.ipc.msgseg
804 Max number of number of message segments.
805 .It Li kern.ipc.semmni
806 Max number of number of semaphore identifiers.
807 .It Li kern.ipc.semmns
808 Max number of number of semaphores in system.
809 .It Li kern.ipc.semmnu
810 Max number of undo structures in system.
812 .It Li kern.timecounter ( dynamic )
813 Display and control the timecounter source of the system.
814 .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent
815 .It Sy Third level name Type Changeable
816 .It kern.timecounter.choice string no
817 .It kern.timecounter.hardware string yes
818 .It kern.timecounter.timestepwarnings integer yes
821 The variables are as follows:
822 .Bl -tag -width "123456"
823 .It Li kern.timecounter.choice ( dynamic )
824 The list of available timecounters with their quality and frequency.
825 .It Li kern.timecounter.hardware ( dynamic )
826 The currently selected timecounter source.
827 .It Li kern.timecounter.timestepwarnings ( dynamic )
828 If non-zero display a message each time the time is stepped.
830 .It Li kern.timex ( KERN_TIMEX )
832 .It Li kern.tkstat ( KERN_TKSTAT )
833 Return information about the number of characters sent and received
835 The third level names for the tty statistic variables are detailed below.
836 The changeable column shows whether a process
837 with appropriate privilege may change the value.
838 .Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent
839 .It Sy Third level name Type Changeable
840 .It kern.tkstat.cancc quad no
841 .It kern.tkstat.nin quad no
842 .It kern.tkstat.nout quad no
843 .It kern.tkstat.rawcc quad no
846 The variables are as follows:
847 .Bl -tag -width "123456"
848 .It Li kern.tkstat.cancc ( KERN_TKSTAT_CANCC )
849 The number of canonical input characters.
850 .It Li kern.tkstat.nin ( KERN_TKSTAT_NIN )
851 The total number of input characters.
852 .It Li kern.tkstat.nout ( KERN_TKSTAT_NOUT )
853 The total number of output characters.
854 .It Li kern.tkstat.rawcc ( KERN_TKSTAT_RAWCC )
855 The number of raw input characters.
857 .It Li kern.urandom ( KERN_URND )
858 Random integer value.
861 .Bl -tag -width "123456"
862 .It Li kern.veriexec.algorithms
863 Returns a string with the supported algorithms in Veriexec.
864 .It Li kern.veriexec.count
865 Sub-nodes are added to this node as new mounts are monitored by Veriexec.
866 Each mount will be under its own
869 Under each node there will be three variables, indicating the mount
870 point, the file-system type, and the number of entries.
871 .It Li kern.veriexec.strict
872 Controls the strict level of Veriexec.
875 for more information on each level's implications.
876 .It Li kern.veriexec.verbose
877 Controls the verbosity level of Veriexec.
878 If 0, only the minimal
879 indication required will be given about what's happening - fingerprint
880 mismatches, removal of entries from the tables, modification of a
882 If 1, more messages will be printed (ie., when a file with a valid
883 fingerprint is accessed).
884 Verbose level 2 is debug mode.
886 .It Li kern.version ( KERN_VERSION )
887 The system version string.
888 .It Li kern.vnode ( KERN_VNODE )
889 Return the entire vnode table.
890 Note, the vnode table is not necessarily a consistent snapshot of
892 The returned data consists of an array whose size depends on the
893 current number of such objects in the system.
894 Each element of the array contains the kernel address of a vnode
896 followed by the vnode itself
898 .It Li kern.coredump.setid
899 Settings related to set-id processes coredumps.
900 By default, set-id processes do not dump core in situations where
901 other processes would.
902 The settings in this node allows an administrator to change this
905 .Bl -tag -width "123456"
906 .It Li kern.coredump.setid.dump
907 If non-zero, set-id processes will dump core.
908 .It Li kern.coredump.setid.group
909 The group-id for the set-id processes' coredump.
910 .It Li kern.coredump.setid.mode
911 The mode for the set-id processes' coredump.
914 .It Li kern.coredump.setid.owner
915 The user-id that will be used as the owner of the set-id processes'
917 .It Li kern.coredump.setid.path
918 The path to which set-id processes' coredumps will be saved to.
919 Same syntax as kern.defcorename.
923 .Sh The machdep.* subtree
924 The set of variables defined is architecture dependent.
925 Most architectures define at least the following variables.
926 .Bl -column "Second level name" "Type" "Changeable" -offset indent
927 .It Sy Second level name Type Changeable
928 .It Li CPU_CONSDEV dev_t no
930 .Sh The net.* subtree
931 The string and integer information available for the
933 level is detailed below.
934 The changeable column shows whether a process with appropriate
935 privilege may change the value.
936 The second and third levels are typically the protocol family and
937 protocol number, though this is not always the case.
938 .Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent
939 .It Sy Second level name Type Changeable
940 .It net.route routing messages no
941 .It net.inet IPv4 values yes
942 .It net.inet6 IPv6 values yes
943 .It net.key IPsec key management values yes
946 .Bl -tag -width "123456"
947 .It Li net.route ( PF_ROUTE )
949 Return the entire routing table or a subset of it.
950 The data is returned as a sequence of routing messages (see
952 for the header file, format and meaning).
953 The length of each message is contained in the message header.
955 The third level name is a protocol number, which is currently always 0.
956 The fourth level name is an address family, which may be set to 0 to
957 select all address families.
958 The fifth and sixth level names are as follows:
959 .Bl -column "Fifth level name" "Sixth level is:" -offset indent
960 .It Sy Fifth level name Sixth level is:
961 .It NET_RT_FLAGS rtflags
963 .It NET_RT_IFLIST None
965 .It Li net.inet ( PF_INET )
966 Get or set various global information about the IPv4
967 .Pq Internet Protocol version 4 .
968 The third level name is the protocol.
969 The fourth level name is the variable name.
970 The currently defined protocols and names are:
971 .Bl -column "Protocol name" "sack.globalmaxholes" "integer" "Changeable" -offset 4n
972 .It Sy Protocol name Variable name Type Changeable
973 .It arp down integer yes
974 .It arp keep integer yes
975 .It arp prune integer yes
976 .It arp refresh integer yes
977 .It carp allow integer yes
978 .It carp preempt integer yes
979 .It carp log integer yes
980 .It carp arpbalance integer yes
981 .It icmp errppslimit integer yes
982 .It icmp maskrepl integer yes
983 .It icmp rediraccept integer yes
984 .It icmp redirtimeout integer yes
985 .It ip allowsrcrt integer yes
986 .It ip anonportmax integer yes
987 .It ip anonportmin integer yes
988 .It ip checkinterface integer yes
989 .It ip directed-broadcast integer yes
990 .It ip do_loopback_cksum integer yes
991 .It ip forwarding integer yes
992 .It ip forwsrcrt integer yes
993 .It ip gifttl integer yes
994 .It ip grettl integer yes
995 .It ip hashsize integer yes
996 .It ip hostzerobroadcast integer yes
997 .It ip lowportmin integer yes
998 .It ip lowportmax integer yes
999 .It ip maxflows integer yes
1000 .It ip maxfragpackets integer yes
1001 .It ip mtudisc integer yes
1002 .It ip mtudisctimeout integer yes
1003 .It ip random_id integer yes
1004 .It ip redirect integer yes
1005 .It ip subnetsarelocal integer yes
1006 .It ip ttl integer yes
1007 .It tcp rfc1323 integer yes
1008 .It tcp sendspace integer yes
1009 .It tcp recvspace integer yes
1010 .It tcp mssdflt integer yes
1011 .It tcp syn_cache_limit integer yes
1012 .It tcp syn_bucket_limit integer yes
1013 .It tcp syn_cache_interval integer yes
1014 .It tcp init_win integer yes
1015 .It tcp init_win_local integer yes
1016 .It tcp mss_ifmtu integer yes
1017 .It tcp win_scale integer yes
1018 .It tcp timestamps integer yes
1019 .It tcp compat_42 integer yes
1020 .It tcp cwm integer yes
1021 .It tcp cwm_burstsize integer yes
1022 .It tcp ack_on_push integer yes
1023 .It tcp keepidle integer yes
1024 .It tcp keepintvl integer yes
1025 .It tcp keepcnt integer yes
1026 .It tcp slowhz integer no
1027 .It tcp keepinit integer yes
1028 .It tcp log_refused integer yes
1029 .It tcp rstppslimit integer yes
1030 .It tcp ident struct no
1031 .It tcp drop struct no
1032 .It tcp sack.enable integer yes
1033 .It tcp sack.globalholes integer no
1034 .It tcp sack.globalmaxholes integer yes
1035 .It tcp sack.maxholes integer yes
1036 .It tcp ecn.enable integer yes
1037 .It tcp ecn.maxretries integer yes
1038 .It tcp congctl.selected string yes
1039 .It tcp congctl.available string yes
1040 .It tcp abc.enable integer yes
1041 .It tcp abc.aggressive integer yes
1042 .It udp checksum integer yes
1043 .It udp do_loopback_cksum integer yes
1044 .It udp recvspace integer yes
1045 .It udp sendspace integer yes
1048 The variables are as follows:
1049 .Bl -tag -width "123456"
1051 Failed ARP entry lifetime.
1053 Valid ARP entry lifetime.
1055 ARP cache pruning interval.
1057 ARP entry refresh interval.
1059 If set to 0, incoming
1061 packets will not be processed.
1062 If set to any other value, processing will occur.
1064 .It Li carp.arpbalance
1065 If set to any value other than 0, the ARP balancing functionality of
1068 When ARP requests are received for an IP address which is part of any virtual
1069 host, carp will hash the source IP in the ARP request to select one of the
1070 virtual hosts from the set of all the virtual hosts which have that IP address.
1071 The master of that host will respond with the correct virtual MAC address.
1072 Disabled by default.
1074 If set to any value other than 0,
1077 Disabled by default.
1081 will not attempt to become master if it is receiving advertisements from
1082 another active master.
1083 If set to any other value, carp will become master of the virtual host if it
1084 believes it can send advertisements more frequently than the current master.
1085 Disabled by default.
1086 .It Li ip.allowsrcrt
1087 If set to 1, the host accepts source routed packets.
1088 .It Li ip.anonportmax
1089 The highest port number to use for TCP and UDP ephemeral port allocation.
1090 This cannot be set to less than 1024 or greater than 65535, and must
1092 .Li ip.anonportmin .
1093 .It Li ip.anonportmin
1094 The lowest port number to use for TCP and UDP ephemeral port allocation.
1095 This cannot be set to less than 1024 or greater than 65535.
1096 .It Li ip.checkinterface
1097 If set to non-zero, the host will reject packets addressed to it
1098 that arrive on an interface not bound to that address.
1099 Currently, this must be disabled if ipnat is used to translate the
1100 destination address to another local interface, or if addresses
1101 are added to the loopback interface instead of the interface where
1102 the packets for those packets are received.
1103 .It Li ip.directed-broadcast
1104 If set to 1, enables directed broadcast behavior for the host.
1105 .It Li ip.do_loopback_cksum
1106 Perform IP checksum on loopback.
1107 .It Li ip.forwarding
1108 If set to 1, enables IP forwarding for the host,
1109 meaning that the host is acting as a router.
1111 If set to 1, enables forwarding of source-routed packets for the host.
1112 This value may only be changed if the kernel security level is less than 1.
1114 The maximum time-to-live (hop count) value for an IPv4 packet generated by
1118 The maximum time-to-live (hop count) value for an IPv4 packet generated by
1122 The size of IPv4 Fast Forward hash table.
1123 This value must be a power of 2 (64, 256...).
1124 A larger hash table size results in fewer collisions.
1127 .It Li ip.hostzerobroadcast
1128 All zeroes address is broadcast address.
1129 .It Li ip.lowportmax
1130 The highest port number to use for TCP and UDP reserved port allocation.
1131 This cannot be set to less than 0 or greater than 1024, and must
1134 .It Li ip.lowportmin
1135 The lowest port number to use for TCP and UDP reserved port allocation.
1136 This cannot be set to less than 0 or greater than 1024, and must
1140 IPv4 Fast Forwarding is enabled by default.
1141 If set to 0, IPv4 Fast Forwarding is disabled.
1143 controls the maximum amount of flows which can be created.
1144 The default value is 256.
1145 .It Li ip.maxfragpackets
1146 The maximum number of fragmented packets the node will accept.
1147 0 means that the node will not accept any fragmented packets.
1148 \-1 means that the node will accept as many fragmented packets as it receives.
1149 The flag is provided basically for avoiding possible DoS attacks.
1151 If set to 1, enables Path MTU Discovery (RFC 1191).
1152 When Path MTU Discovery is enabled, the transmitted TCP segment
1153 size will be determined by the advertised maximum segment size
1154 (MSS) from the remote end, as constrained by the path MTU.
1155 If MTU Discovery is disabled, the transmitted segment size will
1156 never be greater than
1158 (the local maximum segment size).
1159 .It Li ip.mtudisctimeout
1160 The number of seconds in which a route added by the Path MTU
1161 Discovery engine will time out.
1162 When the route times out, the Path
1163 MTU Discovery engine will attempt to probe a larger path MTU.
1165 Assign random ip_id values.
1167 If set to 1, ICMP redirects may be sent by the host.
1168 This option is ignored unless the host is routing IP packets,
1169 and should normally be enabled on all systems.
1170 .It Li ip.subnetsarelocal
1171 If set to 1, subnets are to be considered local addresses.
1173 The maximum time-to-live (hop count) value for an IP packet sourced by
1175 This value applies to normal transport protocols, not to ICMP.
1176 .It Li icmp.errppslimit
1177 The variable specifies the maximum number of outgoing ICMP error messages,
1179 ICMP error messages that exceeded the value are subject to rate limitation
1180 and will not go out from the node.
1181 Negative value disables rate limitation.
1182 .It Li icmp.maskrepl
1183 If set to 1, ICMP network mask requests are to be answered.
1184 .It Li icmp.rediraccept
1185 If set to non-zero, the host will accept ICMP redirect packets.
1186 Note that routers will never accept ICMP redirect packets,
1187 and the variable is meaningful on IP hosts only.
1188 .It Li icmp.redirtimeout
1189 The variable specifies lifetime of routing entries generated by incoming
1191 This defaults to 600 seconds.
1192 .It Li icmp.returndatabytes
1193 Number of bytes to return in an ICMP error message.
1194 .It Li tcp.ack_on_push
1195 If set to 1, TCP is to immediately transmit an ACK upon reception of
1196 a packet with PUSH set.
1197 This can avoid losing a round trip time in some rare situations,
1198 but has the caveat of potentially defeating TCP's delayed ACK algorithm.
1199 Use of this option is generally not recommended, but
1200 the variable exists in case your configuration really needs it.
1201 .It Li tcp.compat_42
1202 If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation.
1203 Use of this option is not recommended, although it may be
1204 required in order to communicate with extremely old TCP implementations.
1206 If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window
1207 Monitoring algorithm.
1208 This algorithm prevents line-rate bursts of packets that could
1209 otherwise occur when data begins flowing on an idle TCP connection.
1210 These line-rate bursts can contribute to network and router congestion.
1211 This can be particularly useful on World Wide Web servers
1212 which support HTTP/1.1, which has lingering connections.
1213 .It Li tcp.cwm_burstsize
1214 The Congestion Window Monitoring allowed burst size, in terms
1216 .It Li tcp.delack_ticks
1217 Number of ticks to delay sending an ACK.
1218 .It Li tcp.do_loopback_cksum
1219 Perform TCP checksum on loopback.
1221 A value indicating the TCP initial congestion window.
1222 If this value is 0, an auto-tuning algorithm designed to use an initial
1223 window of approximately 4K bytes is in use.
1224 Otherwise, this value indicates a fixed number of packets.
1225 .It Li tcp.init_win_local
1228 but used when communicating with hosts on a local network.
1230 Number of keepalive probes sent before declaring a connection dead.
1231 If set to zero, there is no limit;
1232 keepalives will be sent until some kind of
1233 response is received from the peer.
1235 Time a connection must be idle before keepalives are sent (if keepalives
1236 are enabled for the connection).
1237 See also tcp.slowhz.
1238 .It Li tcp.keepintvl
1239 Time after a keepalive probe is sent until, in the absence of any response,
1240 another probe is sent.
1241 See also tcp.slowhz.
1242 .It Li tcp.log_refused
1243 If set to 1, refused TCP connections to the host will be logged.
1245 Timeout in seconds during connection establishment.
1246 .It Li tcp.mss_ifmtu
1247 If set to 1, TCP calculates the outgoing maximum segment size based on
1248 the MTU of the appropriate interface.
1249 If set to 0, it is calculated based on the greater of the MTU of the
1250 interface, and the largest (non-loopback) interface MTU on the system.
1252 The default maximum segment size both advertised to the peer
1253 and to use when either the peer does not advertise a maximum segment size to
1254 us during connection setup or Path MTU Discovery
1257 Do not change this value unless you really know what you are doing.
1258 .It Li tcp.recvspace
1259 The default TCP receive buffer size.
1261 If set to 1, enables RFC 1323 extensions to TCP.
1262 .It Li tcp.rstppslimit
1263 The variable specifies the maximum number of outgoing TCP RST packets,
1265 TCP RST packet that exceeded the value are subject to rate limitation
1266 and will not go out from the node.
1267 Negative value disables rate limitation.
1269 Return the user ID of a connected socket pair.
1270 (RFC1413 Identification Protocol lookups.)
1272 Drop a TCP socket pair connection.
1273 .It Li tcp.sack.enable
1274 If set to 1, enables RFC 2018 Selective ACKnowledgement.
1275 .It Li tcp.sack.globalholes
1276 Global number of TCP SACK holes.
1277 .It Li tcp.sack.globalmaxholes
1278 Global maximum number of TCP SACK holes.
1279 .It Li tcp.sack.maxholes
1280 Maximum number of TCP SACK holes allowed per connection.
1281 .It Li tcp.ecn.enable
1282 If set to 1, enables RFC 3168 Explicit Congestion Notification.
1283 .It Li tcp.ecn.maxretries
1284 Number of times to retry sending the ECN-setup packet.
1285 .It Li tcp.sendspace
1286 The default TCP send buffer size.
1288 The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks
1289 of a clock that ticks tcp.slowhz times per second.
1290 (That is, their values
1291 must be divided by the tcp.slowhz value to get times in seconds.)
1292 .It Li tcp.syn_bucket_limit
1293 The maximum number of entries allowed per hash bucket in the TCP
1294 compressed state engine.
1295 .It Li tcp.syn_cache_limit
1296 The maximum number of entries allowed in the TCP compressed state
1298 .It Li tcp.timestamps
1299 If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options,
1300 used for measuring TCP round trip times, are enabled.
1301 .It Li tcp.win_scale
1302 If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options,
1303 for increasing the TCP window size, are enabled.
1304 .It Li tcp.congctl.available
1305 The available TCP congestion control algorithms.
1306 .It Li tcp.congctl.selected
1307 The currently selected TCP congestion control algorithm.
1308 .It Li tcp.abc.enable
1309 If set to 1, use RFC 3465 Appropriate Byte Counting (ABC).
1310 If set to 0, use traditional Packet Counting.
1311 .It Li tcp.abc.aggressive
1312 Choose the L parameter found in RFC 3465.
1313 L is the maximum cwnd increase for an ack during slow start.
1314 If set to 1, use L=2*SMSS.
1315 If set to 0, use L=1*SMSS.
1316 It has no effect unless tcp.abc.enable is set to 1.
1318 If set to 1, UDP checksums are being computed.
1319 Received non-zero UDP checksums are always checked.
1320 Disabling UDP checksums is strongly discouraged.
1321 .It Li udp.sendspace
1322 The default UDP send buffer size.
1323 .It Li udp.recvspace
1324 The default UDP receive buffer size.
1327 For variables net.*.ipsec, please refer to
1329 .It Li net.inet6 ( PF_INET6 )
1330 Get or set various global information about the IPv6
1331 .Pq Internet Protocol version 6 .
1332 The third level name is the protocol.
1333 The fourth level name is the variable name.
1334 The currently defined protocols and names are:
1335 .Bl -column "Protocol name" "do_loopback_cksum" "integer" "Changeable" -offset indent
1336 .It Sy Protocol name Variable name Type Changeable
1337 .It icmp6 errppslimit integer yes
1338 .It icmp6 mtudisc_hiwat integer yes
1339 .It icmp6 mtudisc_lowat integer yes
1340 .It icmp6 nd6_debug integer yes
1341 .It icmp6 nd6_delay integer yes
1342 .It icmp6 nd6_maxnudhint integer yes
1343 .It icmp6 nd6_mmaxtries integer yes
1344 .It icmp6 nd6_prune integer yes
1345 .It icmp6 nd6_umaxtries integer yes
1346 .It icmp6 nd6_useloopback integer yes
1347 .It icmp6 nodeinfo integer yes
1348 .It icmp6 rediraccept integer yes
1349 .It icmp6 redirtimeout integer yes
1350 .It ip6 accept_rtadv integer yes
1351 .It ip6 anonportmax integer yes
1352 .It ip6 anonportmin integer yes
1353 .It ip6 auto_flowlabel integer yes
1354 .It ip6 dad_count integer yes
1355 .It ip6 defmcasthlim integer yes
1356 .It ip6 forwarding integer yes
1357 .It ip6 gifhlim integer yes
1358 .It ip6 hashsize integer yes
1359 .It ip6 hlim integer yes
1360 .It ip6 hdrnestlimit integer yes
1361 .It ip6 kame_version string no
1362 .It ip6 keepfaith integer yes
1363 .It ip6 log_interval integer yes
1364 .It ip6 lowportmax integer yes
1365 .It ip6 lowportmin integer yes
1366 .It ip6 maxflows integer yes
1367 .It ip6 maxfragpackets integer yes
1368 .It ip6 maxfrags integer yes
1369 .It ip6 redirect integer yes
1370 .It ip6 rr_prune integer yes
1371 .It ip6 use_deprecated integer yes
1372 .It ip6 v6only integer yes
1373 .It udp6 do_loopback_cksum integer yes
1374 .It udp6 recvspace integer yes
1375 .It udp6 sendspace integer yes
1378 The variables are as follows:
1379 .Bl -tag -width "123456"
1380 .It Li ip6.accept_rtadv
1381 If set to non-zero, the node will accept ICMPv6 router advertisement packets
1382 and autoconfigures address prefixes and default routers.
1383 The node must be a host
1385 for the option to be meaningful.
1386 .It Li ip6.anonportmax
1387 The highest port number to use for TCP and UDP ephemeral port allocation.
1388 This cannot be set to less than 1024 or greater than 65535, and must
1390 .Li ip6.anonportmin .
1391 .It Li ip6.anonportmin
1392 The lowest port number to use for TCP and UDP ephemeral port allocation.
1393 This cannot be set to less than 1024 or greater than 65535.
1394 .It Li ip6.auto_flowlabel
1395 On connected transport protocol packets,
1396 fill IPv6 flowlabel field to help intermediate routers to identify packet flows.
1397 .It Li ip6.dad_count
1398 The variable configures number of IPv6 DAD
1399 .Pq duplicated address detection
1401 The packets will be generated when IPv6 interface addresses are configured.
1402 .It Li ip6.defmcasthlim
1403 The default hop limit value for an IPv6 multicast packet sourced by the node.
1404 This value applies to all the transport protocols on top of IPv6.
1405 There are APIs to override the value, as documented in
1407 .It Li ip6.forwarding
1408 If set to 1, enables IPv6 forwarding for the node,
1409 meaning that the node is acting as a router.
1410 If set to 0, disables IPv6 forwarding for the node,
1411 meaning that the node is acting as a host.
1412 IPv6 specification defines node behavior for
1416 case quite differently, and changing this variable during operation
1417 may cause serious trouble.
1418 It is recommended to configure the variable at bootstrap time,
1419 and bootstrap time only.
1421 The maximum hop limit value for an IPv6 packet generated by
1424 .It Li ip6.hdrnestlimit
1425 The number of IPv6 extension headers permitted on incoming IPv6 packets.
1426 If set to 0, the node will accept as many extension headers as possible.
1428 The size of IPv6 Fast Forward hash table.
1429 This value must be a power of 2 (64, 256...).
1430 A larger hash table size results in fewer collisions.
1434 The default hop limit value for an IPv6 unicast packet sourced by the node.
1435 This value applies to all the transport protocols on top of IPv6.
1436 There are APIs to override the value, as documented in
1438 .It Li ip6.kame_version
1439 The string identifies the version of KAME IPv6 stack implemented in the kernel.
1440 .It Li ip6.keepfaith
1441 If set to non-zero, it enables
1443 TCP relay IPv6-to-IPv4 translator code in the kernel.
1449 .It Li ip6.log_interval
1450 The variable controls amount of logs generated by IPv6 packet
1451 forwarding engine, by setting interval between log output
1453 .It Li ip6.lowportmax
1454 The highest port number to use for TCP and UDP reserved port allocation.
1455 This cannot be set to less than 0 or greater than 1024, and must
1457 .Li ip6.lowportmin .
1458 .It Li ip6.lowportmin
1459 The lowest port number to use for TCP and UDP reserved port allocation.
1460 This cannot be set to less than 0 or greater than 1024, and must
1462 .Li ip6.lowportmax .
1464 IPv6 Fast Forwarding is enabled by default.
1465 If set to 0, IPv6 Fast Forwarding is disabled.
1467 controls the maximum amount of flows which can be created.
1468 The default value is 256.
1469 .It Li ip6.maxfragpackets
1470 The maximum number of fragmented packets the node will accept.
1471 0 means that the node will not accept any fragmented packets.
1472 \-1 means that the node will accept as many fragmented packets as it receives.
1473 The flag is provided basically for avoiding possible DoS attacks.
1475 The maximum number of fragments the node will accept.
1476 0 means that the node will not accept any fragments.
1477 \-1 means that the node will accept as many fragments as it receives.
1478 The flag is provided basically for avoiding possible DoS attacks.
1480 If set to 1, ICMPv6 redirects may be sent by the node.
1481 This option is ignored unless the node is routing IP packets,
1482 and should normally be enabled on all systems.
1484 The variable specifies interval between IPv6 router renumbering prefix
1485 babysitting, in seconds.
1486 .It Li ip6.use_deprecated
1487 The variable controls use of deprecated address, specified in RFC 2462 5.5.4.
1489 The variable specifies initial value for
1497 .It Li icmp6.errppslimit
1498 The variable specifies the maximum number of outgoing ICMPv6 error messages,
1500 ICMPv6 error messages that exceeded the value are subject to rate limitation
1501 and will not go out from the node.
1502 Negative value disables rate limitation.
1503 .It Li icmp6.mtudisc_hiwat
1504 .It Li icmp6.mtudisc_lowat
1505 The variables define the maximum number of routing table entries,
1506 created due to path MTU discovery
1507 .Pq prevents denial-of-service attacks with ICMPv6 too big messages .
1508 When IPv6 path MTU discovery happens, we keep path MTU information into
1510 If the number of routing table entries exceed the value,
1511 the kernel will not attempt to keep the path MTU information.
1512 .Li icmp6.mtudisc_hiwat
1513 is used when we have verified ICMPv6 too big messages.
1514 .Li icmp6.mtudisc_lowat
1515 is used when we have unverified ICMPv6 too big messages.
1516 Verification is performed by using address/port pairs kept in connected pcbs.
1517 Negative value disables the upper limit.
1518 .It Li icmp6.nd6_debug
1519 If set to non-zero, kernel IPv6 neighbor discovery code will generate
1521 The debug outputs are useful to diagnose IPv6 interoperability issues.
1522 The flag must be set to 0 for normal operation.
1523 .It Li icmp6.nd6_delay
1524 The variable specifies
1525 .Dv DELAY_FIRST_PROBE_TIME
1526 timing constant in IPv6 neighbor discovery specification
1529 .It Li icmp6.nd6_maxnudhint
1530 IPv6 neighbor discovery permits upper layer protocols to supply reachability
1531 hints, to avoid unnecessary neighbor discovery exchanges.
1532 The variable defines the number of consecutive hints the neighbor discovery
1534 For example, by setting the variable to 3, neighbor discovery layer
1535 will take 3 consecutive hints in maximum.
1536 After receiving 3 hints, neighbor discovery layer will perform
1537 normal neighbor discovery process.
1538 .It Li icmp6.nd6_mmaxtries
1539 The variable specifies
1540 .Dv MAX_MULTICAST_SOLICIT
1541 constant in IPv6 neighbor discovery specification
1543 .It Li icmp6.nd6_prune
1544 The variable specifies interval between IPv6 neighbor cache babysitting,
1546 .It Li icmp6.nd6_umaxtries
1547 The variable specifies
1548 .Dv MAX_UNICAST_SOLICIT
1549 constant in IPv6 neighbor discovery specification
1551 .It Li icmp6.nd6_useloopback
1552 If set to non-zero, kernel IPv6 stack will use loopback interface for
1554 .It Li icmp6.nodeinfo
1555 The variable enables responses to ICMPv6 node information queries.
1556 If you set the variable to 0, responses will not be generated for
1557 ICMPv6 node information queries.
1558 Since node information queries can have a security impact, it is
1559 possible to fine tune which responses should be answered.
1560 Two separate bits can be set.
1561 .Bl -tag -width "12345"
1563 Respond to ICMPv6 FQDN queries, e.g.
1566 Respond to ICMPv6 node addresses queries, e.g.
1569 .It Li icmp6.rediraccept
1570 If set to non-zero, the host will accept ICMPv6 redirect packets.
1571 Note that IPv6 routers will never accept ICMPv6 redirect packets,
1572 and the variable is meaningful on IPv6 hosts
1575 .It Li icmp6.redirtimeout
1576 The variable specifies lifetime of routing entries generated by incoming
1578 .It Li udp6.do_loopback_cksum
1579 Perform UDP checksum on loopback.
1580 .It Li udp6.recvspace
1581 Default UDP receive buffer size.
1582 .It Li udp6.sendspace
1583 Default UDP send buffer size.
1586 We reuse net.*.tcp for
1590 and therefore we do not have variables net.*.tcp6.
1591 Variables net.inet6.udp6 have identical meaning to net.inet.udp.
1595 For variables net.*.ipsec6, please refer to
1597 .It Li net.key ( PF_KEY )
1598 Get or set various global information about the IPsec key management.
1599 The third level name is the variable name.
1600 The currently defined variable and names are:
1601 .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent
1602 .It Sy Variable name Type Changeable
1603 .It debug integer yes
1604 .It spi_try integer yes
1605 .It spi_min_value integer yes
1606 .It spi_max_value integer yes
1607 .It larval_lifetime integer yes
1608 .It blockacq_count integer yes
1609 .It blockacq_lifetime integer yes
1610 .It esp_keymin integer yes
1611 .It esp_auth integer yes
1612 .It ah_keymin integer yes
1615 The variables are as follows:
1616 .Bl -tag -width "123456"
1618 Turn on debugging message from within the kernel.
1619 The value is a bitmap, as defined in
1620 .Pa /usr/include/netkey/key_debug.h .
1622 The number of times the kernel will try to obtain an unique SPI
1623 when it generates it from random number generator.
1624 .It Li spi_min_value
1625 Minimum SPI value when generating it within the kernel.
1626 .It Li spi_max_value
1627 Maximum SPI value when generating it within the kernel.
1628 .It Li larval_lifetime
1629 Lifetime for LARVAL SAD entries, in seconds.
1630 .It Li blockacq_count
1631 Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message.
1632 It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the
1633 key management daemon.
1634 .It Li blockacq_lifetime
1635 Lifetime of ACQUIRE PF_KEY message.
1637 Minimum ESP key length, in bits.
1638 The value is used when the kernel creates proposal payload
1639 on ACQUIRE PF_KEY message.
1641 Whether ESP authentication should be used or not.
1642 Non-zero value indicates that ESP authentication should be used.
1643 The value is used when the kernel creates proposal payload
1644 on ACQUIRE PF_KEY message.
1646 Minimum AH key length, in bits,
1647 The value is used when the kernel creates proposal payload
1648 on ACQUIRE PF_KEY message.
1651 .Sh The proc.* subtree
1652 The string and integer information available for the
1654 level is detailed below.
1655 The changeable column shows whether a process with appropriate
1656 privilege may change the value.
1657 These values are per-process,
1658 and as such may change from one process to another.
1659 When a process is created,
1660 the default values are inherited from its parent.
1661 When a set-user-ID or set-group-ID binary is executed, the
1662 value of PROC_PID_CORENAME is reset to the system default value.
1663 The second level name is either the magic value PROC_CURPROC, which
1664 points to the current process, or the PID of the target process.
1665 .Bl -column "proc.pid.corename" "string" "not applicable" -offset indent
1666 .It Sy Third level name Type Changeable
1667 .It proc.pid.corename string yes
1668 .It proc.pid.rlimit node not applicable
1669 .It proc.pid.stopfork int yes
1670 .It proc.pid.stopexec int yes
1671 .It proc.pid.stopexit int yes
1673 .Bl -tag -width "123456"
1674 .It Li proc.pid.corename ( PROC_PID_CORENAME )
1675 The template used for the core dump file name (see
1678 The base name must either be
1680 or end with the suffix ``.core'' (the super-user may set arbitrary names).
1681 By default it points to KERN_DEFCORENAME.
1682 .It Li proc.pid.rlimit ( PROC_PID_LIMIT )
1683 Return resources limits, as defined for the
1688 The fourth level name is one of:
1689 .Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA
1690 .It Li proc.pid.rlimit.cputime ( PROC_PID_LIMIT_CPU )
1691 The maximum amount of CPU time (in seconds) to be used by each process.
1692 .It Li proc.pid.rlimit.filesize ( PROC_PID_LIMIT_FSIZE )
1693 The largest size (in bytes) file that may be created.
1694 .It Li proc.pid.rlimit.datasize ( PROC_PID_LIMIT_DATA )
1695 The maximum size (in bytes) of the data segment for a process;
1696 this defines how far a program may extend its break with the
1699 .It Li proc.pid.rlimit.stacksize ( PROC_PID_LIMIT_STACK )
1700 The maximum size (in bytes) of the stack segment for a process;
1701 this defines how far a program's stack segment may be extended.
1702 Stack extension is performed automatically by the system.
1703 .It Li proc.pid.rlimit.coredumpsize ( PROC_PID_LIMIT_CORE )
1704 The largest size (in bytes)
1706 file that may be created.
1707 .It Li proc.pid.rlimit.memoryuse ( PROC_PID_LIMIT_RSS )
1708 The maximum size (in bytes) to which a process's resident set size may
1710 This imposes a limit on the amount of physical memory to be given to
1711 a process; if memory is tight, the system will prefer to take memory
1712 from processes that are exceeding their declared resident set size.
1713 .It Li proc.pid.rlimit.memorylocked ( PROC_PID_LIMIT_MEMLOCK )
1714 The maximum size (in bytes) which a process may lock into memory
1718 .It Li proc.pid.rlimit.maxproc ( PROC_PID_LIMIT_NPROC )
1719 The maximum number of simultaneous processes for this user id.
1720 .It Li proc.pid.rlimit.descriptors ( PROC_PID_LIMIT_NOFILE )
1721 The maximum number of open files for this process.
1722 .It Li proc.pid.rlimit.sbsize ( PROC_PID_LIMIT_SBSIZE )
1723 The maximum size (in bytes) of the socket buffers
1732 The fifth level name is one of
1733 .Li soft ( PROC_PID_LIMIT_TYPE_SOFT ) or
1734 .Li hard ( PROC_PID_LIMIT_TYPE_HARD ) ,
1735 to select respectively the soft or hard limit.
1736 Both are of type integer.
1737 .It Li proc.pid.stopfork ( PROC_PID_STOPFORK )
1738 If non zero, the process' children will be stopped after
1741 The children is created in the SSTOP state and is never scheduled
1742 for running before being stopped.
1743 This feature helps attaching a process with a debugger such as
1745 before it had the opportunity to actually do anything.
1747 This value is inherited by the process's children, and it also
1748 apply to emulation specific system calls that fork a new process, such as
1752 .It Li proc.pid.stopexec ( PROC_PID_STOPEXEC )
1753 If non zero, the process will be stopped on next
1756 The process created by
1758 is created in the SSTOP state and is never scheduled for running
1759 before being stopped.
1760 This feature helps attaching a process with a debugger such as
1762 before it had the opportunity to actually do anything.
1764 This value is inherited by the process's children.
1765 .It Li proc.pid.stopexit ( PROC_PID_STOPEXIT )
1766 If non zero, the process will be stopped on when it has cause to exit,
1767 either by way of calling
1770 or by the receipt of a specific signal.
1771 The process is stopped before any of its resources or vm space is
1772 released allowing examination of the termination state of a process
1773 before it disappears.
1774 This feature can be used to examine the final conditions of the
1775 process's vmspace via
1777 or its resource settings with
1779 before it disappears.
1781 This value is also inherited by the process's children.
1783 .Sh The user.* subtree ( CTL_USER )
1784 The string and integer information available for the
1786 level is detailed below.
1787 The changeable column shows whether a process with appropriate
1788 privilege may change the value.
1789 .Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent
1790 .It Sy Second level name Type Changeable
1791 .It user.atexit_max integer no
1792 .It user.bc_base_max integer no
1793 .It user.bc_dim_max integer no
1794 .It user.bc_scale_max integer no
1795 .It user.bc_string_max integer no
1796 .It user.coll_weights_max integer no
1797 .It user.cs_path string no
1798 .It user.expr_nest_max integer no
1799 .It user.line_max integer no
1800 .It user.posix2_c_bind integer no
1801 .It user.posix2_c_dev integer no
1802 .It user.posix2_char_term integer no
1803 .It user.posix2_fort_dev integer no
1804 .It user.posix2_fort_run integer no
1805 .It user.posix2_localedef integer no
1806 .It user.posix2_sw_dev integer no
1807 .It user.posix2_upe integer no
1808 .It user.posix2_version integer no
1809 .It user.re_dup_max integer no
1810 .It user.stream_max integer no
1811 .It user.stream_max integer no
1812 .It user.tzname_max integer no
1814 .Bl -tag -width "123456"
1815 .It Li user.atexit_max ( USER_ATEXIT_MAX )
1816 The maximum number of functions that may be registered with
1818 .It Li user.bc_base_max ( USER_BC_BASE_MAX )
1819 The maximum ibase/obase values in the
1822 .It Li user.bc_dim_max ( USER_BC_DIM_MAX )
1823 The maximum array size in the
1826 .It Li user.bc_scale_max ( USER_BC_SCALE_MAX )
1827 The maximum scale value in the
1830 .It Li user.bc_string_max ( USER_BC_STRING_MAX )
1831 The maximum string length in the
1834 .It Li user.coll_weights_max ( USER_COLL_WEIGHTS_MAX )
1835 The maximum number of weights that can be assigned to any entry of
1836 the LC_COLLATE order keyword in the locale definition file.
1837 .It Li user.cs_path ( USER_CS_PATH )
1838 Return a value for the
1840 environment variable that finds all the standard utilities.
1841 .It Li user.expr_nest_max ( USER_EXPR_NEST_MAX )
1842 The maximum number of expressions that can be nested within
1846 .It Li user.line_max ( USER_LINE_MAX )
1847 The maximum length in bytes of a text-processing utility's input
1849 .It Li user.posix2_char_term ( USER_POSIX2_CHAR_TERM )
1850 Return 1 if the system supports at least one terminal type capable of
1851 all operations described in POSIX 1003.2, otherwise 0.
1852 .It Li user.posix2_c_bind ( USER_POSIX2_C_BIND )
1853 Return 1 if the system's C-language development facilities support the
1854 C-Language Bindings Option, otherwise 0.
1855 .It Li user.posix2_c_dev ( USER_POSIX2_C_DEV )
1856 Return 1 if the system supports the C-Language Development Utilities Option,
1858 .It Li user.posix2_fort_dev ( USER_POSIX2_FORT_DEV )
1859 Return 1 if the system supports the FORTRAN Development Utilities Option,
1861 .It Li user.posix2_fort_run ( USER_POSIX2_FORT_RUN )
1862 Return 1 if the system supports the FORTRAN Runtime Utilities Option,
1864 .It Li user.posix2_localedef ( USER_POSIX2_LOCALEDEF )
1865 Return 1 if the system supports the creation of locales, otherwise 0.
1866 .It Li user.posix2_sw_dev ( USER_POSIX2_SW_DEV )
1867 Return 1 if the system supports the Software Development Utilities Option,
1869 .It Li user.posix2_upe ( USER_POSIX2_UPE )
1870 Return 1 if the system supports the User Portability Utilities Option,
1872 .It Li user.posix2_version ( USER_POSIX2_VERSION )
1873 The version of POSIX 1003.2 with which the system attempts to comply.
1874 .It Li user.re_dup_max ( USER_RE_DUP_MAX )
1875 The maximum number of repeated occurrences of a regular expression
1876 permitted when using interval notation.
1877 .It Li user.stream_max ( USER_STREAM_MAX )
1878 The minimum maximum number of streams that a process may have open
1880 .It Li user.tzname_max ( USER_TZNAME_MAX )
1881 The minimum maximum number of types supported for the name of a
1884 .Sh The vm.* subtree ( CTL_VM )
1885 The string and integer information available for the
1887 level is detailed below.
1888 The changeable column shows whether a process with appropriate
1889 privilege may change the value.
1890 .Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent
1891 .It Sy Second level name Type Changeable
1892 .It vm.anonmax int yes
1893 .It vm.anonmin int yes
1894 .It vm.bufcache int yes
1895 .It vm.bufmem int no
1896 .It vm.bufmem_hiwater int yes
1897 .It vm.bufmem_lowater int yes
1898 .It vm.execmax int yes
1899 .It vm.execmin int yes
1900 .It vm.filemax int yes
1901 .It vm.filemin int yes
1902 .It vm.loadavg struct loadavg no
1903 .It vm.maxslp int no
1904 .It vm.nkmempages int no
1905 .It vm.uspace int no
1906 .It vm.uvmexp struct uvmexp no
1907 .It vm.uvmexp2 struct uvmexp_sysctl no
1908 .It vm.vmmeter struct vmtotal no
1911 .Bl -tag -width "123456"
1912 .It Li vm.anonmax ( VM_ANONMAX )
1913 The percentage of physical memory which will be reclaimed
1914 from other types of memory usage to store anonymous application data.
1915 .It Li vm.anonmin ( VM_ANONMIN )
1916 The percentage of physical memory which will be always be available for
1917 anonymous application data.
1918 .It Li vm.bufcache ( VM_BUFCACHE )
1919 The percentage of physical memory which will be available
1920 for the buffer cache.
1921 .It Li vm.bufmem ( VM_BUFMEM )
1922 The amount of kernel memory that is being used by the buffer cache.
1923 .It Li vm.bufmem_lowater ( VM_BUFMEM_LOWATER )
1924 The minimum amount of kernel memory to reserve for the
1926 .It Li vm.bufmem_hiwater ( VM_BUFMEM_HIWATER )
1927 The maximum amount of kernel memory to be used for the
1929 .It Li vm.execmax ( VM_EXECMAX )
1930 The percentage of physical memory which will be reclaimed
1931 from other types of memory usage to store cached executable data.
1932 .It Li vm.execmin ( VM_EXECMIN )
1933 The percentage of physical memory which will be always be available for
1934 cached executable data.
1935 .It Li vm.filemax ( VM_FILEMAX )
1936 The percentage of physical memory which will be reclaimed
1937 from other types of memory usage to store cached file data.
1938 .It Li vm.filemin ( VM_FILEMIN )
1939 The percentage of physical memory which will be always be available for
1941 .It Li vm.loadavg ( VM_LOADAVG )
1942 Return the load average history.
1943 The returned data consists of a
1944 .Va struct loadavg .
1945 .It Li vm.maxslp ( VM_MAXSLP )
1946 The value of the maxslp kernel global variable.
1947 .It Li vm.vmmeter ( VM_METER )
1948 Return system wide virtual memory statistics.
1949 The returned data consists of a
1950 .Va struct vmtotal .
1951 .It Li vm.uspace ( VM_USPACE )
1952 The number of bytes allocated for each kernel stack.
1953 .It Li vm.uvmexp ( VM_UVMEXP )
1954 Return system wide virtual memory statistics.
1955 The returned data consists of a
1957 .It Li vm.uvmexp2 ( VM_UVMEXP2 )
1958 Return system wide virtual memory statistics.
1959 The returned data consists of a
1960 .Va struct uvmexp_sysctl .
1963 .Sh The ddb.* subtree ( CTL_DDB )
1964 The integer information available for the
1966 level is detailed below.
1967 The changeable column shows whether a process with appropriate
1968 privilege may change the value.
1970 .Bl -column "Second level name" "integer" "Changeable" -offset indent
1971 .It Sy Second level name Type Changeable
1972 .It ddb.radix integer yes
1973 .It ddb.maxoff integer yes
1974 .It ddb.lines integer yes
1975 .It ddb.tabstops integer yes
1976 .It ddb.onpanic integer yes
1977 .It ddb.fromconsole integer yes
1980 .Bl -tag -width "123456"
1981 .It Li ddb.radix ( DBCTL_RADIX )
1982 The input and output radix.
1983 .It Li ddb.maxoff ( DBCTL_MAXOFF )
1984 The maximum symbol offset.
1985 .It Li ddb.lines ( DBCTL_LINES )
1986 Number of display lines.
1987 .It Li ddb.tabstops ( DBCTL_TABSTOPS )
1989 .It Li ddb.onpanic ( DBCTL_ONPANIC )
1990 If non-zero, DDB will be entered if the kernel panics.
1991 .It Li ddb.fromconsole ( DBCTL_FROMCONSOLE )
1992 If not zero, DDB may be entered by sending a break on a serial
1993 console or by a special key sequence on a graphics console.
1994 .\" XXX tee_msgbuf maxwidth commandonenter
1997 These MIB nodes are also available as variables from within the DDB.
2001 .Sh The security.* subtree ( CTL_SECURITY )
2004 level contains various security-related settings for
2006 Available settings are detailed below.
2008 .Bl -tag -width "123456"
2009 .It Li security.curtain
2010 If non-zero, will filter return objects according to the user-id
2011 requesting information about them, preventing from users any
2012 access to objects they don't own.
2014 At the moment, it affects
2024 .It Li security.models
2026 supports pluggable security models.
2027 Every security model used, whether if loaded as a module or built with the system,
2028 is required to add an entry to this node with at least one element,
2030 indicating the name of the security model.
2032 In addition to the name, any settings and other information private to the
2033 security model will be available under this node.
2036 for more information.
2038 Settings for PaX -- exploit mitigation features.
2039 For more information on any of the PaX features, please see
2044 .Bl -tag -width "123456"
2045 .It Li security.pax.aslr.enable
2046 Enable PaX ASLR (Address Space Layout Randomization).
2049 knob must be non-zero for PaX ASLR to be enabled, even if a program is set to
2051 .It Li security.pax.aslr.global
2052 Specifies the default global policy for programs without an
2053 explicit enable/disable flag.
2055 When non-zero, all programs will get PaX ASLR, except those exempted with
2057 Otherwise, all programs will not get PaX ASLR, except those specifically
2060 .It Li security.pax.mprotect.enable
2061 Enable PaX MPROTECT restrictions.
2065 restrictions to better enforce a W^X policy.
2067 knob must be non-zero for PaX MPROTECT to be enabled, even if a
2068 program is set to explicit enable.
2069 .It Li security.pax.mprotect.global
2070 Specifies the default global policy for programs without an
2071 explicit enable/disable flag.
2073 When non-zero, all programs will get the PaX MPROTECT restrictions,
2074 except those exempted with
2076 Otherwise, all programs will not get the PaX MPROTECT restrictions,
2077 except those specifically marked as such with
2079 .It Li security.pax.segvguard.enable
2080 Enable PaX Segvguard.
2082 PaX Segvguard can detect and prevent certain exploitation attempts, where
2083 an attacker may try for example to brute-force function return addresses
2084 of respawning daemons.
2089 interface and implementation of the Segvguard is still experimental, and may
2090 change in future releases.
2091 .It Li security.pax.segvguard.global
2092 Specifies the default global policy for programs without an
2093 explicit enable/disable flag.
2095 When non-zero, all programs will get the PaX Segvguard,
2096 except those exempted with
2098 Otherwise, no program will get the PaX Segvguard restrictions,
2099 except those specifically marked as such with
2101 .It Li security.pax.segvguard.expiry_timeout
2102 If the max number was not reached within this timeout (in seconds), the entry
2104 .It Li security.pax.segvguard.suspend_timeout
2105 Number of seconds to suspend a user from running a faulting program when the
2107 .It Li security.pax.segvguard.max_crashes
2108 Max number of segfaults a program can receive before suspension.
2111 .Sh The vendor.* subtree ( CTL_VENDOR )
2114 toplevel name is reserved to be used by vendors who wish to
2115 have their own private MIB tree.
2116 Intended use is to store values under
2117 .Dq vendor.\*[Lt]yourname\*[Gt].* .
2127 variables first appeared in