1.\" $NetBSD: sysctl.7,v 1.137 2018/12/05 21:15:20 wiz Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd December 5, 2018 33.Dt SYSCTL 7 34.Os 35.Sh NAME 36.Nm sysctl 37.Nd system information variables 38.Sh DESCRIPTION 39The 40.Xr sysctl 3 41library function and the 42.Xr sysctl 8 43utility are used to get and set values of system variables, maintained 44by the kernel. 45The variables are organized in a tree and identified by a sequence of 46numbers, conventionally separated by dots with the topmost identifier 47at the left side. 48The numbers have corresponding text names. 49The 50.Xr sysctlnametomib 3 51function or the 52.Fl M 53argument to the 54.Xr sysctl 8 55utility can be used to convert the text representation to the 56numeric one. 57.Pp 58The individual sysctl variables are described below, both the textual 59and numeric form where applicable. 60The textual names can be used as argument to the 61.Xr sysctl 8 62utility and in the file 63.Pa /etc/sysctl.conf . 64The numeric names are usually defined as preprocessor constants and 65are intended for use by programs. 66Every such constant expands to one integer, which identifies the 67sysctl variable relative to the upper level of the tree. 68See the 69.Xr sysctl 3 70manual page for programming examples. 71.Ss Top level names 72The top level names are defined with a 73.Va CTL_ 74prefix in 75.In sys/sysctl.h , 76and are as follows. 77The next and subsequent levels down are found in the include files 78listed here, and described in separate sections below. 79.Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits" 80.It Sy Name Ta Sy Constant Ta Sy Next level names Ta Sy Description 81.It kern Ta Dv CTL_KERN Ta In sys/sysctl.h Ta High kernel limits 82.It vm Ta Dv CTL_VM Ta In uvm/uvm_param.h Ta Virtual memory 83.It vfs Ta Dv CTL_VFS Ta In sys/mount.h Ta Filesystem 84.It net Ta Dv CTL_NET Ta In sys/socket.h Ta Networking 85.It debug Ta Dv CTL_DEBUG Ta In sys/sysctl.h Ta Debugging 86.It hw Ta Dv CTL_HW Ta In sys/sysctl.h Ta Generic CPU, I/O 87.It machdep Ta Dv CTL_MACHDEP Ta In sys/sysctl.h Ta Machine dependent 88.It user Ta Dv CTL_USER Ta In sys/sysctl.h Ta User-level 89.It ddb Ta Dv CTL_DDB Ta In sys/sysctl.h Ta In-kernel debugger 90.It proc Ta Dv CTL_PROC Ta In sys/sysctl.h Ta Per-process 91.It vendor Ta Dv CTL_VENDOR Ta ? Ta Vendor specific 92.It emul Ta Dv CTL_EMUL Ta In sys/sysctl.h Ta Emulation settings 93.It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h Ta Security settings 94.El 95.Ss The debug.* subtree 96The debugging variables vary from system to system. 97A debugging variable may be added or deleted without need to recompile 98.Nm 99to know about it. 100Each time it runs, 101.Nm 102gets the list of debugging variables from the kernel and 103displays their current values. 104The system defines twenty 105.Vt ( struct ctldebug ) 106variables named 107.Dv debug0 108through 109.Dv debug19 . 110They are declared as separate variables so that they can be 111individually initialized at the location of their associated variable. 112The loader prevents multiple use of the same variable by issuing errors 113if a variable is initialized in more than one place. 114For example, to export the variable 115.Va dospecialcheck 116as a debugging variable, the following declaration would be used: 117.Pp 118.Bd -literal -offset indent -compact 119int dospecialcheck = 1; 120struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; 121.Ed 122.Pp 123Note that the dynamic implementation of 124.Nm 125currently in use largely makes this particular 126.Nm 127interface obsolete. 128See 129.Xr sysctl 8 130.\" and 131.\" .Xr sysctl 9 132for more information. 133.Ss The vfs.* subtree 134A distinguished second level name, 135.Li vfs.generic ( Dv VFS_GENERIC ) , 136is used to get general information about all file systems. 137It has the following third level identifiers: 138.Bl -tag -width "123456" 139.It Li vfs.generic.maxtypenum ( Dv VFS_MAXTYPENUM ) 140The highest valid file system type number. 141.It Li vfs.generic.conf ( Dv VFS_CONF ) 142Returns configuration information about the file system type given as a fourth 143level identifier. 144.It Li vfs.generic.usermount ( Dv VFS_USERMOUNT ) 145Determines if non superuser mounts are allowed, defaults to 146.Dv 0 . 147.It Li vfs.generic.magiclinks ( Dv VFS_MAGICLINKS ) 148Controls if expansion of variables is going to be performed on pathnames 149or not. 150Defaults to no variable expansion, 151.Dv 0 . 152Variables are of the form 153.Li @name 154and the variables supported are described in 155.Xr symlink 7 156under 157.Dq "MAGIC SYMLINKS" . 158.El 159.Pp 160A second level name for controlling the 161.Xr wapbl 4 162(Write Ahead Physical Block Logging file system journalling) 163capabilities with the following third level identifiers: 164.Bl -tag -width "123456" 165.It Li vfs.wapbl.flush_disk_cache 166Controls whether to attempt to flush the disk cache on each commit. 167It defaults to 1 and it should always be on to ensure integrity 168of file system metadata in the event of a power loss. 169For slow disks, turning it off can improve performance. 170.It Li vfs.wapbl.verbose_commit 171For each transaction log commit, print the number of bytes written 172and the time it took to commit as seconds.nanoseconds. 173.El 174.Pp 175The remaining second level identifiers are the file system names, identified 176by the type number returned by a 177.Xr statvfs 2 178call or from 179.Li vfs.generic.conf . 180.Pp 181The third level identifiers available for each file system 182are given in the header file that defines the mount 183argument structure for that file system. 184.Ss The hw.* subtree 185The string and integer information available for the 186.Li hw 187level is detailed below. 188The changeable column shows whether a process with appropriate 189privilege may change the value. 190.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent 191.It Sy Second level name Ta Sy Type Ta Sy Changeable 192.It hw.alignbytes integer no 193.It hw.byteorder integer no 194.It hw.cnmagic string yes 195.It hw.disknames string no 196.It hw.diskstats struct no 197.It hw.machine string no 198.It hw.machine_arch string no 199.It hw.model string no 200.It hw.ncpu integer no 201.It hw.ncpuonline integer no 202.It hw.pagesize integer no 203.It hw.physmem integer no 204.It hw.physmem64 quad no 205.It hw.usermem integer no 206.It hw.usermem64 quad no 207.El 208.Bl -tag -width "123456" 209.It Li hw.alignbytes ( Dv HW_ALIGNBYTES ) 210Alignment constraint for all possible data types. 211This shows the value 212.Dv ALIGNBYTES 213in 214.In machine/param.h , 215at the kernel compilation time. 216.It Li hw.byteorder ( Dv HW_BYTEORDER ) 217The byteorder (4321, or 1234). 218.It Li hw.cnmagic ( Dv HW_CNMAGIC ) 219The console magic key sequence. 220.It Li hw.disknames ( Dv HW_DISKNAMES ) 221The list of (space separated) disk device names on the system. 222.It Li hw.iostatnames ( Dv HW_IOSTATNAMES ) 223A space separated list of devices that will have I/O statistics 224collected on them. 225.It Li hw.iostats ( Dv HW_IOSTATS ) 226Return statistical information on the NFS mounts, disk and tape 227devices on the system. 228An array of 229.Vt struct io_sysctl 230structures is returned, 231whose size depends on the current number of such objects in the system. 232The third level name is the size of the 233.Vt struct io_sysctl . 234The type of object can be determined by examining the 235.Va type 236element of 237.Vt struct io_sysctl . 238Which can be 239.Dv IOSTAT_DISK 240(disk drive), 241.Dv IOSTAT_TAPE 242(tape drive), or 243.Dv IOSTAT_NFS 244(NFS mount). 245.It Li hw.machine ( Dv HW_MACHINE ) 246The machine class. 247.It Li hw.machine_arch ( Dv HW_MACHINE_ARCH ) 248The machine CPU class. 249.It Li hw.model ( Dv HW_MODEL ) 250The machine model. 251.It Li hw.ncpu ( Dv HW_NCPU ) 252The number of CPUs configured. 253.It Li hw.ncpuonline ( Dv HW_NCPUONLINE ) 254The number of CPUs online. 255.It Li hw.pagesize ( Dv HW_PAGESIZE ) 256The software page size. 257.It Li hw.physmem ( Dv HW_PHYSMEM ) 258The bytes of physical memory as a 32-bit integer. 259.It Li hw.physmem64 ( Dv HW_PHYSMEM64 ) 260The bytes of physical memory as a 64-bit integer. 261.It Li hw.usermem ( Dv HW_USERMEM ) 262The bytes of non-kernel memory as a 32-bit integer. 263.It Li hw.usermem64 ( Dv HW_USERMEM64 ) 264The bytes of non-kernel memory as a 64-bit integer. 265.El 266.Ss The kern.* subtree 267This subtree includes data generally related to the kernel. 268The string and integer information available for the 269.Li kern 270level is detailed below. 271The changeable column shows whether a process with appropriate 272privilege may change the value. 273.Bl -column "kern.posix_reader_writer_locks" \ 274"struct kinfo_drivers" "not applicable" 275.It Sy Second level name Ta Sy Type Ta Sy Changeable 276.It kern.aio_listio_max integer yes 277.It kern.aio_max integer yes 278.It kern.arandom integer no 279.It kern.argmax integer no 280.It kern.boothowto integer no 281.It kern.boottime struct timespec no 282.It kern.buildinfo string no 283.\".It kern.bufq node not applicable 284.It kern.ccpu integer no 285.It kern.clockrate struct clockinfo no 286.It kern.consdev integer no 287.It kern.coredump node not applicable 288.It kern.cp_id struct no 289.It kern.cp_time uint64_t[\|] no 290.It kern.cryptodevallowsoft integer yes 291.It kern.defcorename string yes 292.It kern.detachall integer yes 293.It kern.domainname string yes 294.It kern.drivers struct kinfo_drivers no 295.It kern.dump_on_panic integer yes 296.It kern.expose_address integer yes 297.It kern.file struct file no 298.It kern.forkfsleep integer yes 299.It kern.fscale integer no 300.It kern.fsync integer no 301.It kern.hardclock_ticks integer no 302.It kern.hostid integer yes 303.It kern.hostname string yes 304.It kern.iov_max integer no 305.It kern.ipc node not applicable 306.It kern.job_control integer no 307.It kern.labeloffset integer no 308.It kern.labelsector integer no 309.It kern.login_name_max integer no 310.It kern.logsigexit integer yes 311.It kern.mapped_files integer no 312.It kern.maxfiles integer yes 313.It kern.maxlwp integer yes 314.It kern.maxpartitions integer no 315.It kern.maxphys integer no 316.It kern.maxproc integer yes 317.It kern.maxptys integer yes 318.It kern.maxvnodes integer yes 319.It kern.messages integer yes 320.It kern.mbuf node not applicable 321.It kern.memlock integer no 322.It kern.memlock_range integer no 323.It kern.memory_protection integer no 324.It kern.module node not applicable 325.It kern.monotonic_clock integer no 326.It kern.mqueue node not applicable 327.It kern.msgbuf integer no 328.It kern.msgbufsize integer no 329.It kern.ngroups integer no 330.\".It kern.no_sa_support integer yes 331.It kern.ntptime struct ntptimeval no 332.It kern.osrelease string no 333.It kern.osrevision integer no 334.It kern.ostype string no 335.\".It kern.panic_now integer yes 336.It kern.pipe node not applicable 337.It kern.pool struct pool_sysctl no 338.\" .It kern.posix node not applicable 339.It kern.posix1version integer no 340.It kern.posix_aio integer no 341.It kern.posix_barriers integer no 342.It kern.posix_reader_writer_locks integer no 343.\".It kern.posix_sched integer yes 344.It kern.posix_semaphores integer no 345.It kern.posix_spin_locks integer no 346.It kern.posix_threads integer no 347.It kern.posix_timers integer no 348.It kern.proc struct kinfo_proc no 349.It kern.proc2 struct kinfo_proc2 no 350.It kern.proc_args string no 351.It kern.profiling node not applicable 352.\".It kern.pset node not applicable 353.It kern.rawpartition integer no 354.It kern.root_device string no 355.It kern.root_partition integer no 356.It kern.rtc_offset integer yes 357.It kern.saved_ids integer no 358.It kern.sbmax integer yes 359.It kern.sched node not applicable 360.It kern.securelevel integer raise only 361.It kern.somaxkva integer yes 362.It kern.sooptions integer yes 363.It kern.synchronized_io integer no 364.It kern.timecounter node not applicable 365.It kern.timex struct no 366.It kern.tkstat node not applicable 367.It kern.tty node not applicable 368.It kern.urandom integer no 369.It kern.usercrypto integer yes 370.It kern.userasymcrypto integer yes 371.It kern.veriexec node not applicable 372.It kern.version string no 373.It kern.vnode struct vnode no 374.El 375.Bl -tag -width "123456" 376.It Li kern.aio_listio_max 377The maximum number of asynchronous I/O operations in a single list 378I/O call. 379Like with all variables related to 380.Xr aio 3 , 381the variable may be created and removed dynamically 382upon loading or unloading the corresponding kernel module. 383.It Li kern.aio_max 384The maximum number of asynchronous I/O operations. 385.It Li kern.arandom 386This variable picks a random number each time it is queried. 387The used random number generator 388.Pf ( RNG ) 389is based on 390.Xr arc4random 3 . 391.It Li kern.argmax ( Dv KERN_ARGMAX ) 392The maximum bytes of argument to 393.Xr execve 2 . 394.It Li kern.boothowto 395Flags passed from the boot loader; see 396.Xr reboot 2 397for the meanings of the flags. 398.It Li kern.boottime ( Dv KERN_BOOTTIME ) 399A 400.Vt struct timespec 401structure is returned. 402This structure contains the time that the system was booted. 403That time is defined (for this purpose) to be the time at 404which the kernel first started accumulating clock ticks. 405.It Li kern.bufq 406This variable contains information on the 407.Xr bufq 9 408subsystem. 409Currently, the only third level name implemented is 410.Dv kern.bufq.strategies 411which provides a list of buffer queue strategies currently available. 412.It Li kern.buildinfo 413When the kernel is built, the build environment may optionally provide 414arbitrary information to be stored in this variable. 415.It Li kern.ccpu ( Dv KERN_CCPU ) 416The scheduler exponential decay value. 417.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) 418A 419.Vt struct clockinfo 420structure is returned. 421This structure contains the clock, statistics clock and profiling clock 422frequencies, the number of micro-seconds per hz tick, and the clock 423skew rate. 424Refer to 425.Xr hz 9 426for additional details. 427.It Li kern.consdev ( Dv KERN_CONSDEV ) 428Console device. 429.It Li kern.coredump 430Settings related to set-id processes coredumps. 431By default, set-id processes do not dump core in situations where 432other processes would. 433The settings in this node allows an administrator to change this 434behavior. 435.Pp 436The third level name is 437.Dv kern.coredump.setid 438and fourth level variables are described below. 439.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent 440.It Sy Fourth level name Ta Sy Type Ta Sy Changeable 441.It kern.coredump.setid.dump integer yes 442.It kern.coredump.setid.group integer yes 443.It kern.coredump.setid.mode integer yes 444.It kern.coredump.setid.owner integer yes 445.It kern.coredump.setid.path string yes 446.El 447.Bl -tag -width "123456" 448.It Li kern.coredump.setid.dump 449If non-zero, set-id processes will dump core. 450.It Li kern.coredump.setid.group 451The group-id for the set-id processes' coredump. 452.It Li kern.coredump.setid.mode 453The mode for the set-id processes' coredump. 454See 455.Xr chmod 1 . 456.It Li kern.coredump.setid.owner 457The user-id that will be used as the owner of the set-id processes' 458coredump. 459.It Li kern.coredump.setid.path 460The path to which set-id processes' coredumps will be saved to. 461Same syntax as kern.defcorename. 462.El 463.It Li kern.cp_id ( Dv KERN_CP_ID ) 464Mapping of CPU number to CPU id. 465.It Li kern.cp_time ( Dv KERN_CP_TIME ) 466Returns an array of 467.Dv CPUSTATES 468.Vt uint64_t Ns s . 469This array contains the 470number of clock ticks spent in different CPU states. 471On multi-processor systems, the sum across all CPUs is returned unless 472appropriate space is given for one data set for each CPU. 473Data for a specific CPU can also be obtained by adding the number of the 474CPU at the end of the MIB, enlarging it by one. 475.It Li kern.cryptodevallowsoft 476This variable controls userland access to hardware versus software transforms 477in the 478.Xr crypto 4 479system. 480The available values are as follows: 481.Bl -tag -width XX0 -offset indent 482.It Dv < 0 483Always force userlevel requests to use software transforms. 484.It Dv = 0 485If present, use hardware and grant userlevel requests for 486non-accelerated transforms (handling the latter in software). 487.It Dv > 0 488Allow user requests only for transforms which are hardware-accelerated. 489.El 490.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) 491Default template for the name of core dump files (see also 492.Li proc.pid.corename 493in the per-process variables 494.Li proc.* , 495and 496.Xr core 5 497for format of this template). 498The default value is 499.Pa %n.core 500and can be changed with the kernel configuration option 501.Cd options DEFCORENAME 502(see 503.Xr options 4 504). 505.It Li kern.detachall 506Detach all devices at shutdown. 507.It Li kern.domainname ( Dv KERN_DOMAINNAME ) 508Get or set the YP domain name. 509.It Li kern.drivers ( Dv KERN_DRIVERS ) 510Return an array of 511.Vt struct kinfo_drivers 512that contains the name and major device numbers of all the device drivers 513in the current kernel. 514The 515.Va d_name 516field is always a NUL terminated string. 517The 518.Va d_bmajor 519field will be set to \-1 if the driver doesn't have a block device. 520.It Li kern.expose_address 521Expose kernel addresses in 522.Xr sysctl 3 523calls used by 524.Xr fstat 1 525and 526.Xr sockstat 1 . 527If it is set to 528.Dv 0 529access is not allowed. 530If it is set to 531.Dv 1 532then only processes that have opened 533.Pa /dev/kmem 534can have access. 535If it is set to 536.Dv 2 537every process is allowed. 538Defaults to 539.Dv 0 540for 541.Dv KASLR 542kernels 543and 544.Dv 1 545otherwise. 546Allowing general access renders KASLR ineffective; allowing only kmem 547accessing programs weakens KASLR if those programs can be subverted 548to leak the addresses. 549.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) 550Perform a crash dump on system 551.Xr panic 9 . 552.It Li kern.file ( Dv KERN_FILE ) 553Return the entire file table. 554The returned data consists of a single 555.Vt struct filelist 556followed by an array of 557.Vt struct file , 558whose size depends on the current number of such objects in the system. 559.It Li kern.forkfsleep ( Dv KERN_FORKFSLEEP ) 560If 561.Xr fork 2 562system call fails due to limit on number of processes (either 563the global maxproc limit or user's one), wait for this many 564milliseconds before returning 565.Er EAGAIN 566error to process. 567Useful to keep heavily forking runaway processes in bay. 568Default zero (no sleep). 569Maximum is 20 seconds. 570.It Li kern.fscale ( Dv KERN_FSCALE ) 571The kernel fixed-point scale factor. 572.It Li kern.fsync ( Dv KERN_FSYNC ) 573Return 1 if the 574.St -p1003.1b-93 575File Synchronization Option is available 576on this system, 577otherwise\ 0. 578.It Li kern.hardclock_ticks ( Dv KERN_HARDCLOCK_TICKS ) 579Returns the number of 580.Xr hardclock 9 581ticks. 582.It Li kern.hist 583This variable contains kernel history data if the kernel was 584configured for any of the options 585.Dv UVHMIST , 586.Dv USB_DEBUG , 587.Dv BIOHIST , 588or 589.Dv SCDEBUG . 590(See 591.Xr options 4 592for more details.) 593The third-level names correspond to each available history table. 594The values of the history tables are in an internal format, and can be 595decoded by the 596.Xr vmstat 1 597utility's 598.Fl U 599and 600.Fl u 601options; 602the 603.Fl l 604option can be used to see which tables are available. 605.It Li kern.hostid ( Dv KERN_HOSTID ) 606Get or set the host identifier. 607This is aimed to replace the legacy 608.Xr gethostid 3 609and 610.Xr sethostid 3 611system calls. 612.It Li kern.hostname ( Dv KERN_HOSTNAME ) 613Get or set the 614.Xr hostname 1 . 615.It Li kern.iov_max ( Dv KERN_IOV_MAX ) 616Return the maximum number of 617.Vt iovec 618structures that a process has available for use with 619.Xr preadv 2 , 620.Xr pwritev 2 , 621.Xr readv 2 , 622.Xr recvmsg 2 , 623.Xr sendmsg 2 624and 625.Xr writev 2 . 626.It Li kern.ipc ( Dv KERN_SYSVIPC ) 627Return information about the SysV IPC parameters. 628The third level names for the ipc variables are detailed below. 629.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent 630.It Sy Third level name Ta Sy Type Ta Sy Changeable 631.It kern.ipc.sysvmsg integer no 632.It kern.ipc.sysvsem integer no 633.It kern.ipc.sysvshm integer no 634.It kern.ipc.sysvipc_info struct no 635.It kern.ipc.shmmax integer yes 636.It kern.ipc.shmmni integer yes 637.It kern.ipc.shmseg integer yes 638.It kern.ipc.shmmaxpgs integer yes 639.It kern.ipc.shm_use_phys integer yes 640.It kern.ipc.msgmni integer yes 641.It kern.ipc.msgseg integer yes 642.It kern.ipc.semmni integer yes 643.It kern.ipc.semmns integer yes 644.It kern.ipc.semmnu integer yes 645.El 646.Bl -tag -width "123456" 647.It Li kern.ipc.sysvmsg ( Dv KERN_SYSVIPC_MSG ) 648Returns 1 if System V style message queue functionality is available 649on this system, 650otherwise\ 0. 651.It Li kern.ipc.sysvsem ( Dv KERN_SYSVIPC_SEM ) 652Returns 1 if System V style semaphore functionality is available 653on this system, 654otherwise\ 0. 655.It Li kern.ipc.sysvshm ( Dv KERN_SYSVIPC_SHM ) 656Returns 1 if System V style share memory functionality is available 657on this system, 658otherwise\ 0. 659.It Li kern.ipc.sysvipc_info ( Dv KERN_SYSVIPC_INFO ) 660Return System V style IPC configuration and run-time information. 661The fourth level name selects the System V style IPC facility. 662.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent 663.It Sy Fourth level name Ta Sy Type 664.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info 665.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info 666.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info 667.El 668.Bl -tag -width "123456" 669.It Li KERN_SYSVIPC_MSG_INFO 670Return information on the System V style message facility. 671The 672.Sy msg_sysctl_info 673structure is defined in 674.In sys/msg.h . 675.It Li KERN_SYSVIPC_SEM_INFO 676Return information on the System V style semaphore facility. 677The 678.Sy sem_sysctl_info 679structure is defined in 680.In sys/sem.h . 681.It Li KERN_SYSVIPC_SHM_INFO 682Return information on the System V style shared memory facility. 683The 684.Sy shm_sysctl_info 685structure is defined in 686.In sys/shm.h . 687.El 688.It Li kern.ipc.shmmax ( Dv KERN_SYSVIPC_SHMMAX ) 689Max shared memory segment size in bytes. 690.It Li kern.ipc.shmmni ( Dv KERN_SYSVIPC_SHMMNI ) 691Max number of shared memory identifiers. 692.It Li kern.ipc.shmseg ( Dv KERN_SYSVIPC_SHMSEG ) 693Max shared memory segments per process. 694.It Li kern.ipc.shmmaxpgs ( Dv KERN_SYSVIPC_SHMMAXPGS ) 695Max amount of shared memory in pages. 696.It Li kern.ipc.shm_use_phys ( Dv KERN_SYSVIPC_SHMUSEPHYS ) 697Locking of shared memory in physical memory. 698If 0, memory can be swapped 699out, otherwise it will be locked in physical memory. 700.It Li kern.ipc.msgmni 701Max number of message queue identifiers. 702.It Li kern.ipc.msgseg 703Max number of number of message segments. 704.It Li kern.ipc.semmni 705Max number of number of semaphore identifiers. 706.It Li kern.ipc.semmns 707Max number of number of semaphores in system. 708.It Li kern.ipc.semmnu 709Max number of undo structures in system. 710.El 711.It Li kern.job_control ( Dv KERN_JOB_CONTROL ) 712Return 1 if job control is available on this system, otherwise\ 0. 713.It Li kern.labeloffset ( Dv KERN_LABELOFFSET ) 714The offset within the sector specified by 715.Dv KERN_LABELSECTOR 716of the 717.Xr disklabel 5 . 718.It Li kern.labelsector ( Dv KERN_LABELSECTOR ) 719The sector number containing the 720.Xr disklabel 5 . 721.It Li kern.login_name_max ( Dv KERN_LOGIN_NAME_MAX ) 722The size of the storage required for a login name, in bytes, 723including the terminating NUL. 724.It Li kern.logsigexit ( Dv KERN_LOGSIGEXIT ) 725If this flag is non-zero, the kernel will 726.Xr log 9 727all process exits due to signals which create a 728.Xr core 5 729file, and whether the coredump was created. 730.It Li kern.mapped_files ( Dv KERN_MAPPED_FILES ) 731Returns 1 if the 732.St -p1003.1b-93 733Memory Mapped Files Option is available on this system, 734otherwise\ 0. 735.It Li kern.maxfiles ( Dv KERN_MAXFILES ) 736The maximum number of open files that may be open in the system. 737.It Li kern.maxpartitions ( Dv KERN_MAXPARTITIONS ) 738The maximum number of partitions allowed per disk. 739.It Li kern.maxlwp 740The maximum number of Lightweight Processes (threads) the system allows 741per uid. 742.It Li kern.maxphys ( Dv KERN_MAXPHYS ) 743Maximum raw I/O transfer size. 744.It Li kern.maxproc ( Dv KERN_MAXPROC ) 745The maximum number of simultaneous processes the system will allow. 746.It Li kern.maxptys ( Dv KERN_MAXPTYS ) 747The maximum number of pseudo terminals. 748This value can be both raised and lowered, though it cannot 749be set lower than number of currently used ptys. 750See also 751.Xr pty 4 . 752.It Li kern.maxvnodes ( Dv KERN_MAXVNODES ) 753The maximum number of vnodes available on the system. 754This can only be raised. 755.It Li kern.mbuf ( Dv KERN_MBUF ) 756Return information about the mbuf control variables. 757Mbufs are data structures which store network packets and other data 758structures in the networking code, see 759.Xr mbuf 9 . 760The third level names for the mbuf variables are detailed below. 761The changeable column shows whether a process with appropriate 762privilege may change the value. 763.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent 764.It Sy Third level name Ta Sy Type Ta Sy Changeable 765.\" XXX Changeable? really? 766.It kern.mbuf.mblowat integer yes 767.It kern.mbuf.mclbytes integer yes 768.It kern.mbuf.mcllowat integer yes 769.It kern.mbuf.msize integer yes 770.It kern.mbuf.nmbclusters integer yes 771.El 772.Pp 773The variables are as follows: 774.Bl -tag -width "123456" 775.It Li kern.mbuf.mblowat ( Dv MBUF_MBLOWAT ) 776The mbuf low water mark. 777.It Li kern.mbuf.mclbytes ( Dv MBUF_MCLBYTES ) 778The mbuf cluster size. 779.It Li kern.mbuf.mcllowat ( Dv MBUF_MCLLOWAT ) 780The mbuf cluster low water mark. 781.It Li kern.mbuf.msize ( Dv MBUF_MSIZE ) 782The mbuf base size. 783.It Li kern.mbuf.nmbclusters ( Dv MBUF_NMBCLUSTERS ) 784The limit on the number of mbuf clusters. 785The variable can only be increased, and only increased on machines with 786direct-mapped pool pages. 787.El 788.It Li kern.memlock ( Dv KERN_MEMLOCK ) 789Returns 1 if the 790.St -p1003.1b-93 791Process Memory Locking Option is available on this system, 792otherwise\ 0. 793.It Li kern.memlock_range ( Dv KERN_MEMLOCK_RANGE ) 794Returns 1 if the 795.St -p1003.1b-93 796Range Memory Locking Option is available on this system, 797otherwise\ 0. 798.It Li kern.memory_protection ( Dv KERN_MEMORY_PROTECTION ) 799Returns 1 if the 800.St -p1003.1b-93 801Memory Protection Option is available on this system, 802otherwise\ 0. 803.It Li kern.messages 804Kernel console message verbosity. 805See 806.Aq Pa sys/reboot.h 807.Bl -column "verbosity" "setting" -offset indent 808.It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent 809.It 0 Ta Silent Ta Sy AB_SILENT 810.It 1 Ta Quiet Ta Sy AB_QUIET 811.It 2 Ta Normal Ta Sy AB_NORMAL 812.It 3 Ta Verbose Ta Sy AB_VERBOSE 813.It 4 Ta Debug Ta Sy AB_DEBUG 814.El 815.It Li kern.module 816Settings related to kernel modules. 817The third level names for the settings are described below. 818.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent 819.It Sy Third level name Ta Sy Type Ta Sy Changeable 820.It kern.module.autoload integer yes 821.It kern.module.autotime integer yes 822.It kern.module.verbose boolean yes 823.El 824.Pp 825The variables are as follows: 826.Bl -tag -width "123456" 827.It Li kern.module.autoload 828A boolean that controls whether kernel modules are loaded automatically. 829See 830.Xr module 7 831for additional details. 832.It Li kern.module.autotime 833An integer that controls the delay before an attempt is made to 834automatically unload a module that was auto-loaded. 835Setting this value to zero disables the auto-unload function. 836.It Li kern.module.verbose 837A boolean that enables or disables verbose 838debug messages related to kernel modules. 839.El 840.It Li kern.monotonic_clock ( Dv KERN_MONOTONIC_CLOCK ) 841Returns the standard version the implementation of the 842.St -p1003.1b-93 843Monotonic Clock Option conforms to, 844otherwise\ 0. 845.It Li kern.mqueue 846Settings related to POSIX message queues; see 847.Xr mqueue 3 . 848This node is created dynamically when 849the corresponding kernel module is loaded. 850The third level names for the settings are described below. 851.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent 852.It Sy Third level name Ta Sy Type Ta Sy Changeable 853.It kern.mqueue.mq_open_max integer yes 854.It kern.mqueue.mq_prio_max integer yes 855.It kern.mqueue.mq_max_msgsize integer yes 856.It kern.mqueue.mq_def_maxmsg integer yes 857.It kern.mqueue.mq_max_maxmsg integer yes 858.El 859.Pp 860The variables are: 861.Bl -tag -width "123456" 862.It Li kern.mqueue.mq_open_max 863The maximum number of message queue descriptors any single process can open. 864.It Li kern.mqueue.mq_prio_max 865The maximum priority of a message. 866.It Li kern.mqueue.mq_max_msgsize 867The maximum size of a message in a message queue. 868.It Li kern.mqueue.mq_def_maxmsg 869The default maximum message count. 870.It Li kern.mqueue.mq_max_maxmsg 871The maximum number of messages in a message queue. 872.El 873.It Li kern.msgbuf ( Dv KERN_MSGBUF ) 874The kernel message buffer, rotated so that the head of the circular kernel 875message buffer is at the start of the returned data. 876The returned data may contain NUL bytes. 877.It Li kern.msgbufsize ( Dv KERN_MSGBUFSIZE ) 878The maximum number of characters that the kernel message buffer can hold. 879.It Li kern.ngroups ( Dv KERN_NGROUPS ) 880The maximum number of supplemental groups. 881.\" .It Li kern.no_sa_support 882.\" XXX: Undocumented. 883.It Li kern.ntptime ( Dv KERN_NTPTIME ) 884A 885.Vt struct ntptimeval 886structure is returned. 887This structure contains data used by the 888.Xr ntpd 8 889program. 890.It Li kern.osrelease ( Dv KERN_OSRELEASE ) 891The system release string. 892.It Li kern.osrevision ( Dv KERN_OSREV ) 893The system revision string. 894.It Li kern.ostype ( Dv KERN_OSTYPE ) 895The system type string. 896.\".It Li kern.panic_now 897.\" XXX: Undocumented. 898.It Li kern.pipe ( Dv KERN_PIPE ) 899Pipe settings. 900The third level names for the integer pipe settings is detailed below. 901The changeable column shows whether a process with appropriate 902privilege may change the value. 903.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent 904.It Sy Third level name Ta Sy Type Ta Sy Changeable 905.It kern.pipe.kvasiz integer yes 906.It kern.pipe.maxbigpipes integer yes 907.It kern.pipe.maxkvasz integer yes 908.It kern.pipe.limitkva integer yes 909.It kern.pipe.nbigpipes integer yes 910.El 911.Pp 912The variables are as follows: 913.Bl -tag -width "123456" 914.It Li kern.pipe.kvasiz ( Dv KERN_PIPE_KVASIZ ) 915Amount of kernel memory consumed by pipe buffers. 916.It Li kern.pipe.maxbigpipes ( Dv KERN_PIPE_MAXBIGPIPES ) 917Maximum number of 918.Dq big 919pipes. 920.It Li kern.pipe.maxkvasz ( Dv KERN_PIPE_MAXKVASZ ) 921Maximum amount of kernel memory to be used for pipes. 922.It Li kern.pipe.limitkva ( Dv KERN_PIPE_LIMITKVA ) 923Limit for direct transfers via page loan. 924.It Li kern.pipe.nbigpipes ( Dv KERN_PIPE_NBIGPIPES ) 925Number of 926.Dq big 927pipes. 928.El 929.It Li kern.pool 930Provides statistics about the 931.Xr pool 9 932and 933.Xr pool_cache 9 934subsystems. 935.\" XXX: Undocumented .It Li kern.posix ( ? ) 936.\" This is a node in which the only variable is semmax. 937.It Li kern.posix1version ( Dv KERN_POSIX1 ) 938The version of ISO/IEC 9945 939.Pq St -p1003.1 940with which the system attempts to comply. 941.It Li kern.posix_aio 942The version of 943.St -p1003.1 944and its Asynchronous I/O option to which the system attempts to conform. 945.It Li kern.posix_barriers ( Dv KERN_POSIX_BARRIERS ) 946The version of 947.St -p1003.1 948and its 949Barriers 950option to which the system attempts to conform, 951otherwise\ 0. 952.It Li kern.posix_reader_writer_locks ( Dv KERN_POSIX_READER_WRITER_LOCKS ) 953The version of 954.St -p1003.1 955and its 956Read-Write Locks 957option to which the system attempts to conform, 958otherwise\ 0. 959.\".It Li kern.posix_sched 960.\" XXX: Undocumented. 961.It Li kern.posix_semaphores ( Dv KERN_POSIX_SEMAPHORES ) 962The version of 963.St -p1003.1 964and its 965Semaphores 966option to which the system attempts to conform, 967otherwise\ 0. 968.It Li kern.posix_spin_locks ( Dv KERN_POSIX_SPIN_LOCKS ) 969The version of 970.St -p1003.1 971and its 972Spin Locks 973option to which the system attempts to conform, 974otherwise\ 0. 975.It Li kern.posix_threads ( Dv KERN_POSIX_THREADS ) 976The version of 977.St -p1003.1 978and its 979Threads 980option to which the system attempts to conform, 981otherwise\ 0. 982.It Li kern.posix_timers ( Dv KERN_POSIX_TIMERS ) 983The version of 984.St -p1003.1 985and its 986Timers 987option to which the system attempts to conform, 988otherwise\ 0. 989.It Li kern.proc ( Dv KERN_PROC ) 990Return the entire process table, or a subset of it. 991An array of 992.Vt struct kinfo_proc 993structures is returned, 994whose size depends on the current number of such objects in the system. 995The third and fourth level numeric names are as follows: 996.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent 997.It Sy Third level name Ta Sy Fourth level is : 998.It KERN_PROC_ALL None 999.It KERN_PROC_GID A group ID 1000.It KERN_PROC_PID A process ID 1001.It KERN_PROC_PGRP A process group 1002.It KERN_PROC_RGID A real group ID 1003.It KERN_PROC_RUID A real user ID 1004.It KERN_PROC_SESSION A session ID 1005.It KERN_PROC_TTY A tty device 1006.It KERN_PROC_UID A user ID 1007.El 1008.It Li kern.proc2 ( Dv KERN_PROC2 ) 1009As for 1010.Dv KERN_PROC , 1011but an array of 1012.Vt struct kinfo_proc2 1013structures are returned. 1014The fifth level name is the size of the 1015.Vt struct kinfo_proc2 1016and the sixth level name is the number of structures to return. 1017.It Li kern.proc_args ( Dv KERN_PROC_ARGS ) 1018Return the argv or environment strings (or the number thereof) 1019of a process. 1020Multiple strings are returned separated by NUL characters. 1021The third level name is the process ID. 1022The fourth level name is as follows: 1023.Bl -column "KERN_PROG_PATHNAME" "The full pathname of the executable" -offset indent 1024.It Dv KERN_PROC_ARGV The argv strings 1025.It Dv KERN_PROC_ENV The environ strings 1026.It Dv KERN_PROC_NARGV The number of argv strings 1027.It Dv KERN_PROC_NENV The number of environ strings 1028.It Dv KERN_PROC_PATHNAME The full pathname of the executable 1029.El 1030.It Li kern.profiling ( Dv KERN_PROF ) 1031Return profiling information about the kernel. 1032If the kernel is not compiled for profiling, 1033attempts to retrieve any of the 1034.Dv KERN_PROF 1035values will fail with 1036.Er EOPNOTSUPP . 1037The third level names for the string and integer profiling information 1038is detailed below. 1039The changeable column shows whether a process with appropriate 1040privilege may change the value. 1041.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent 1042.It Sy Third level name Ta Sy Type Ta Sy Changeable 1043.It kern.profiling.count u_short[\|] yes 1044.It kern.profiling.froms u_short[\|] yes 1045.It kern.profiling.gmonparam struct gmonparam no 1046.It kern.profiling.state integer yes 1047.It kern.profiling.tos struct tostruct yes 1048.El 1049.Pp 1050The variables are as follows: 1051.Bl -tag -width "123456" 1052.It Li kern.profiling.count ( Dv GPROF_COUNT ) 1053Array of statistical program counter counts. 1054.It Li kern.profiling.froms ( Dv GPROF_FROMS ) 1055Array indexed by program counter of call-from points. 1056.It Li kern.profiling.gmonparams ( Dv GPROF_GMONPARAM ) 1057Structure giving the sizes of the above arrays. 1058.It Li kern.profiling.state ( Dv GPROF_STATE ) 1059Profiling state. 1060If set to 1061.Dv GMON_PROF_ON , 1062starts profiling. 1063If set to 1064.Dv GMON_PROF_OFF , 1065stops profiling. 1066.It Li kern.profiling.tos ( Dv GPROF_TOS ) 1067Array of 1068.Vt struct tostruct 1069describing destination of calls and their counts. 1070.El 1071.\" .It Li kern.pset 1072.\" XXX: Undocumented. 1073.It Li kern.rawpartition ( Dv KERN_RAWPARTITION ) 1074The raw partition of a disk (a == 0). 1075.It Li kern.root_device ( Dv KERN_ROOT_DEVICE ) 1076The name of the root device (e.g., 1077.Dq wd0 ) . 1078.It Li kern.root_partition ( Dv KERN_ROOT_PARTITION ) 1079The root partition on the root device (a == 0). 1080.It Li kern.rtc_offset ( Dv KERN_RTC_OFFSET ) 1081Return the offset of real time clock from UTC in minutes. 1082.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) 1083Returns 1 if saved set-group and saved set-user ID is available. 1084.It Li kern.sbmax ( Dv KERN_SBMAX ) 1085Maximum socket buffer size in bytes. 1086.It Li kern.securelevel ( Dv KERN_SECURELVL ) 1087See 1088.Xr secmodel_securelevel 9 . 1089.It Li kern.sched ( dynamic ) 1090Influence the scheduling of LWPs, their priorisation and how they are 1091distributed on and moved between CPUs. 1092.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent 1093.It Sy Third level name Sy Type Sy Changeable 1094.It kern.sched.cacheht_time integer yes 1095.It kern.sched.balance_period integer yes 1096.It kern.sched.average_weight integer yes 1097.It kern.sched.min_catch integer yes 1098.It kern.sched.timesoftints integer yes 1099.It kern.sched.kpreempt_pri integer yes 1100.It kern.sched.upreempt_pri integer yes 1101.It kern.sched.maxts integer yes 1102.It kern.sched.mints integer yes 1103.It kern.sched.name string no 1104.It kern.sched.rtts integer no 1105.It kern.sched.pri_min integer no 1106.It kern.sched.pri_max integer no 1107.El 1108.Pp 1109The variables are as follows: 1110.Bl -tag -width "123456" 1111.It Li kern.sched.cacheht_time ( dynamic ) 1112Cache hotness time in which a LWP is kept on one particular CPU 1113and not moved to another CPU. 1114This reduces the overhead of flushing and reloading caches. 1115Defaults to 3ms. 1116Needs to be given in 1117.Dq hz 1118units, see 1119.Xr mstohz 9 . 1120.It Li kern.sched.balance_period ( dynamic ) 1121Interval at which the CPU queues are checked for re-balancing. 1122Defaults to 300ms. 1123Needs to be given in 1124.Dq hz 1125units, see 1126.Xr mstohz 9 . 1127.It Li kern.sched.average_weight ( dynamic ) 1128Can be used to influence how likely LWPs are to be migrated from 1129one CPU's queue of LWPs that are ready to run to a different, idle CPU. 1130The value gives the percentage for weighting the average count of 1131migratable threads from the past against the current number of 1132migratable threads. 1133A small value gives more weight to the past, a larger values more weight 1134on the current situation. 1135Defaults to 50 and must be between 0 and 100. 1136.It Li kern.sched.min_catch ( dynamic ) 1137Minimum count of migratable (runable) threads for catching (stealing) 1138from another CPU. 1139Defaults to 1 but can be increased to decrease chance of thread 1140migration between CPUs. 1141.It Li kern.sched.timesoftints ( dynamic ) 1142Enable tracking of CPU time for soft interrupts 1143as part of a LWP's real execution time. 1144Set to a non-zero value to enable, 1145and see 1146.Xr ps 1 1147for printing CPU times. 1148.It Li kern.sched.kpreempt_pri ( dynamic ) 1149Minimum priority to trigger kernel preemption. 1150.It Li kern.sched.upreempt_pri ( dynamic ) 1151Minimum priority to trigger user preemption. 1152.It Li kern.sched.maxts ( dynamic ) 1153Scheduler specific maximal time quantum (in milliseconds). 1154Must be set to a value larger than 1155.Dq mints 1156and between 10 and 1157.Dq hz 1158as given by the 1159.Dv kern.clockrate 1160sysctl. 1161Provided by the M2 scheduler. 1162.It Li kern.sched.mints ( dynamic ) 1163Scheduler specific minimal time quantum (in milliseconds). 1164Must be set to a value smaller than 1165.Dq maxts 1166and between 1 and 1167.Dq hz 1168as given by the 1169.Dq kern.clockrate 1170sysctl. 1171Provided by the M2 scheduler. 1172.It Li kern.sched.name ( dynamic ) 1173Scheduler name. 1174Provided both by the M2 and the 4BSD scheduler. 1175.It Li kern.sched.rtts ( dynamic ) 1176Fixed scheduler specific round-robin time quantum in milliseconds. 1177Provided both by the M2 and the 4BSD scheduler. 1178.It Li kern.sched.pri_min ( dynamic ) 1179Minimal POSIX real-time priority. 1180See 1181.Xr sched 3 . 1182.It Li kern.sched.pri_max ( dynamic ) 1183Maximal POSIX real-time priority. 1184See 1185.Xr sched 3 . 1186.El 1187.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) 1188Maximum amount of kernel memory to be used for socket buffers in bytes. 1189.It Li kern.sooptions 1190Set the default socket option flags for 1191.Xr socket 2 1192creation. 1193See 1194.Xr setsockopt 2 1195for a list of supported flags. 1196.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) 1197Returns 1 if the 1198.St -p1003.1b-93 1199Synchronized I/O Option is available on this system, 1200otherwise\ 0. 1201.It Li kern.timecounter ( dynamic ) 1202Display and control the timecounter source of the system. 1203.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent 1204.It Sy Third level name Ta Sy Type Ta Sy Changeable 1205.It kern.timecounter.choice string no 1206.It kern.timecounter.hardware string yes 1207.It kern.timecounter.timestepwarnings integer yes 1208.El 1209.Pp 1210The variables are as follows: 1211.Bl -tag -width "123456" 1212.It Li kern.timecounter.choice ( dynamic ) 1213The list of available timecounters with their quality and frequency. 1214.It Li kern.timecounter.hardware ( dynamic ) 1215The currently selected timecounter source. 1216.It Li kern.timecounter.timestepwarnings ( dynamic ) 1217If non-zero display a message each time the time is stepped. 1218.El 1219.It Li kern.timex ( Dv KERN_TIMEX ) 1220Not available. 1221.It Li kern.tkstat ( Dv KERN_TKSTAT ) 1222Return information about the number of characters sent and received 1223on ttys. 1224The third level names for the tty statistic variables are detailed below. 1225The changeable column shows whether a process 1226with appropriate privilege may change the value. 1227.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent 1228.It Sy Third level name Ta Sy Type Ta Sy Changeable 1229.It kern.tkstat.cancc quad no 1230.It kern.tkstat.nin quad no 1231.It kern.tkstat.nout quad no 1232.It kern.tkstat.rawcc quad no 1233.El 1234.Pp 1235The variables are as follows: 1236.Bl -tag -width "123456" 1237.It Li kern.tkstat.cancc ( Dv KERN_TKSTAT_CANCC ) 1238The number of canonical input characters. 1239.It Li kern.tkstat.nin ( Dv KERN_TKSTAT_NIN ) 1240The total number of input characters. 1241.It Li kern.tkstat.nout ( Dv KERN_TKSTAT_NOUT ) 1242The total number of output characters. 1243.It Li kern.tkstat.rawcc ( Dv KERN_TKSTAT_RAWCC ) 1244The number of raw input characters. 1245.El 1246.It Li kern.tty 1247The third level names for the tty setup variables are detailed below. 1248The changeable column shows whether a process 1249with appropriate privilege may change the value. 1250.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent 1251.It Sy Third level name Ta Sy Type Ta Sy Changeable 1252.It kern.tty.qsize int yes 1253.El 1254.Pp 1255The variables are as follows: 1256.Bl -tag -width "123456" 1257.It Li kern.tty.qsize 1258Control/display the size of the default input and output queues selected 1259during tty creation. 1260Is converted to a power of two and its range is between 1261.Dv 1024 1262and 1263.Dv 65536 . 1264.El 1265.It Li kern.uidinfo 1266Resource usage for the current user. 1267.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent 1268.It Sy Third level name Ta Sy Type Ta Sy Changeable 1269.It kern.uidinfo.proccnt integer no 1270.It kern.uidinfo.lwpcnt integer no 1271.It kern.uidinfo.lockcnt integer no 1272.It kern.uidinfo.sbsize integer no 1273.El 1274.Bl -tag -width "123456" 1275.It Li kern.uidinfo.proccnt 1276Returns the number of active processes for the current user. 1277.It Li kern.uidinfo.lwpcnt 1278Returns the number of active threads for the current user; the first thread 1279of each process is not counted. 1280.It Li kern.uidinfo.lockcnt 1281Number of locks held by the current user. 1282.It Li kern.uidinfo.sbsize 1283Number of bytes in socket buffers allocated to the current user. 1284.El 1285.It Li kern.urandom ( Dv KERN_URND ) 1286Random integer value. 1287.It Li kern.usercrypto 1288When enabled, allows userland to 1289.Xr open 2 1290the 1291.Pa /dev/crypto 1292special device, used by the 1293.Xr crypto 4 1294system. 1295.It Li kern.userasymcrypto 1296Enables or disables the use of software asymmetric crypto support in the 1297.Xr crypto 4 1298system. 1299.It Li kern.veriexec 1300Runtime information for 1301.Xr veriexec 8 . 1302.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent 1303.It Sy Third level name Ta Sy Type Ta Sy Changeable 1304.It kern.veriexec.algorithms string no 1305.It kern.veriexec.count node not applicable 1306.It kern.veriexec.strict integer yes 1307.It kern.veriexec.verbose integer yes 1308.El 1309.Bl -tag -width "123456" 1310.It Li kern.veriexec.algorithms 1311Returns a string with the supported algorithms in Veriexec. 1312.It Li kern.veriexec.count 1313Sub-nodes are added to this node as new mounts are monitored by Veriexec. 1314Each mount will be under its own 1315.No tableN 1316node. 1317Under each node there will be three variables, indicating the mount 1318point, the file system type, and the number of entries. 1319.It Li kern.veriexec.strict 1320Controls the strict level of Veriexec. 1321See 1322.Xr security 7 1323for more information on each level's implications. 1324.It Li kern.veriexec.verbose 1325Controls the verbosity level of Veriexec. 1326If 0, only the minimal 1327indication required will be given about what's happening - fingerprint 1328mismatches, removal of entries from the tables, modification of a 1329fingerprinted file. 1330If 1, more messages will be printed (ie., when a file with a valid 1331fingerprint is accessed). 1332Verbose level 2 is debug mode. 1333.El 1334.It Li kern.version ( Dv KERN_VERSION ) 1335The system version string. 1336.It Li kern.vnode ( Dv KERN_VNODE ) 1337Return the entire vnode table. 1338Note, the vnode table is not necessarily a consistent snapshot of 1339the system. 1340The returned data consists of an array whose size depends on the 1341current number of such objects in the system. 1342Each element of the array contains the kernel address of a vnode 1343.Vt struct vnode * 1344followed by the vnode itself 1345.Vt struct vnode . 1346.\" XXX: Undocumented: kern.lwp: no children? 1347.El 1348.Ss The machdep.* subtree 1349The set of variables defined is architecture dependent. 1350Most architectures define at least the following variables. 1351.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent 1352.It Sy Second level name Ta Sy Type Ta Sy Changeable 1353.It Li machdep.booted_kernel string no 1354.El 1355.\" XXX: Document the above. 1356.Ss The net.* subtree 1357The string and integer information available for the 1358.Li net 1359level is detailed below. 1360The changeable column shows whether a process with appropriate 1361privilege may change the value. 1362The second and third levels are typically the protocol family and 1363protocol number, though this is not always the case. 1364.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent 1365.It Sy Second level name Ta Sy Type Ta Sy Changeable 1366.It net.route routing messages no 1367.It net.inet IPv4 values yes 1368.It net.inet6 IPv6 values yes 1369.It net.key IPsec key management values yes 1370.El 1371.Bl -tag -width "123456" 1372.It Li net.route ( Dv PF_ROUTE ) 1373.\" XXX really? 1374Return the entire routing table or a subset of it. 1375The data is returned as a sequence of routing messages (see 1376.Xr route 4 1377for the header file, format and meaning). 1378The length of each message is contained in the message header. 1379.Pp 1380The third level name is a protocol number, which is currently always\ 0. 1381The fourth level name is an address family, which may be set to 0 to 1382select all address families. 1383The fifth and sixth level names are as follows: 1384.Bl -column "Fifth level name" "Sixth level is:" -offset indent 1385.It Sy Fifth level name Ta Sy Sixth level is : 1386.It NET_RT_FLAGS rtflags 1387.It NET_RT_DUMP None 1388.It NET_RT_IFLIST None 1389.El 1390.It Li net.inet ( Dv PF_INET ) 1391Get or set various global information about the IPv4 1392.Pq Internet Protocol version 4 . 1393The third level name is the protocol. 1394The fourth level name is the variable name. 1395The currently defined protocols and names are: 1396.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent 1397.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable 1398.It arp down integer yes 1399.It arp keep integer yes 1400.It arp log_movements integer yes 1401.It arp log_permanent_modify integer yes 1402.It arp log_unknown_network integer yes 1403.It arp log_wrong_iface integer yes 1404.It carp allow integer yes 1405.It carp preempt integer yes 1406.It carp log integer yes 1407.It carp arpbalance integer yes 1408.It icmp errppslimit integer yes 1409.It icmp maskrepl integer yes 1410.It icmp rediraccept integer yes 1411.It icmp redirtimeout integer yes 1412.It icmp bmcastecho integer yes 1413.It ip allowsrcrt integer yes 1414.It ip anonportalgo.selected string yes 1415.It ip anonportalgo.available string yes 1416.It ip anonportalgo.reserve struct yes 1417.It ip anonportmax integer yes 1418.It ip anonportmin integer yes 1419.It ip checkinterface integer yes 1420.It ip dad_count integer yes 1421.It ip directed-broadcast integer yes 1422.It ip do_loopback_cksum integer yes 1423.It ip forwarding integer yes 1424.It ip forwsrcrt integer yes 1425.It ip gifttl integer yes 1426.It ip grettl integer yes 1427.It ip hashsize integer yes 1428.It ip hostzerobroadcast integer yes 1429.It ip lowportmin integer yes 1430.It ip lowportmax integer yes 1431.It ip maxflows integer yes 1432.It ip maxfragpackets integer yes 1433.It ip mtudisc integer yes 1434.It ip mtudisctimeout integer yes 1435.It ip random_id integer yes 1436.It ip redirect integer yes 1437.It ip subnetsarelocal integer yes 1438.It ip ttl integer yes 1439.It tcp rfc1323 integer yes 1440.It tcp sendspace integer yes 1441.It tcp recvspace integer yes 1442.It tcp mssdflt integer yes 1443.It tcp syn_cache_limit integer yes 1444.It tcp syn_bucket_limit integer yes 1445.It tcp syn_cache_interval integer yes 1446.It tcp init_win integer yes 1447.It tcp init_win_local integer yes 1448.It tcp mss_ifmtu integer yes 1449.It tcp win_scale integer yes 1450.It tcp timestamps integer yes 1451.It tcp cwm integer yes 1452.It tcp cwm_burstsize integer yes 1453.It tcp ack_on_push integer yes 1454.It tcp keepidle integer yes 1455.It tcp keepintvl integer yes 1456.It tcp keepcnt integer yes 1457.It tcp slowhz integer no 1458.It tcp keepinit integer yes 1459.It tcp log_refused integer yes 1460.It tcp rstppslimit integer yes 1461.It tcp ident struct no 1462.It tcp drop struct no 1463.It tcp sack.enable integer yes 1464.It tcp sack.globalholes integer no 1465.It tcp sack.globalmaxholes integer yes 1466.It tcp sack.maxholes integer yes 1467.It tcp ecn.enable integer yes 1468.It tcp ecn.maxretries integer yes 1469.It tcp congctl.selected string yes 1470.It tcp congctl.available string yes 1471.It tcp abc.enable integer yes 1472.It tcp abc.aggressive integer yes 1473.It udp checksum integer yes 1474.It udp do_loopback_cksum integer yes 1475.It udp recvspace integer yes 1476.It udp sendspace integer yes 1477.El 1478.Pp 1479The variables are as follows: 1480.Bl -tag -width "123456" 1481.It Li arp.down 1482Failed ARP entry lifetime. 1483.It Li arp.keep 1484Valid ARP entry lifetime. 1485.It Li carp.allow 1486If set to 0, incoming 1487.Xr carp 4 1488packets will not be processed. 1489If set to any other value, processing will occur. 1490Enabled by default. 1491.It Li carp.arpbalance 1492If set to any value other than 0, the ARP balancing functionality of 1493.Xr carp 4 1494is enabled. 1495When ARP requests are received for an IP address which is part of any virtual 1496host, carp will hash the source IP in the ARP request to select one of the 1497virtual hosts from the set of all the virtual hosts which have that IP address. 1498The master of that host will respond with the correct virtual MAC address. 1499Disabled by default. 1500.It Li carp.log 1501If set to any value other than 0, 1502.Xr carp 4 1503will log errors. 1504Disabled by default. 1505.It Li carp.preempt 1506If set to 0, 1507.Xr carp 4 1508will not attempt to become master if it is receiving advertisements from 1509another active master. 1510If set to any other value, carp will become master of the virtual host if it 1511believes it can send advertisements more frequently than the current master. 1512Disabled by default. 1513.It Li ip.allowsrcrt 1514If set to 1, the host accepts source routed packets. 1515.It Li ip.anonportalgo.available 1516The available RFC 6056 port randomization algorithms. 1517.It Li ip.anonportalgo.reserve 1518A bitmask of ports that will not be used during anonymous or privileged 1519port selection. 1520.It Li ip.anonportalgo.selected 1521The currently selected RFC 6056 port randomization algorithm. 1522.It Li ip.anonportmax 1523The highest port number to use for TCP and UDP ephemeral port allocation. 1524This cannot be set to less than 1024 or greater than 65535, and must 1525be greater than 1526.Li ip.anonportmin . 1527.It Li ip.anonportmin 1528The lowest port number to use for TCP and UDP ephemeral port allocation. 1529This cannot be set to less than 1024 or greater than 65535. 1530.It Li ip.checkinterface 1531If set to non-zero, the host will reject packets addressed to it 1532that arrive on an interface not bound to that address. 1533Currently, this must be disabled if NAT is used to translate the 1534destination address to another local interface, or if addresses 1535are added to the loopback interface instead of the interface where 1536the packets for those packets are received. 1537.It Li ip.dad_count 1538The number of 1539.Xr arp 4 1540probes sent for Address Conflict Detection. 1541Set to 0 to disable this. 1542.It Li ip.directed-broadcast 1543If set to 1, enables directed broadcast behavior for the host. 1544.It Li ip.do_loopback_cksum 1545Perform IP checksum on loopback. 1546.It Li ip.forwarding 1547If set to 1, enables IP forwarding for the host, 1548meaning that the host is acting as a router. 1549.It Li ip.forwsrcrt 1550If set to 1, enables forwarding of source-routed packets for the host. 1551This value may only be changed if the kernel security level is less than 1. 1552.It Li ip.gifttl 1553The maximum time-to-live (hop count) value for an IPv4 packet generated by 1554.Xr gif 4 1555tunnel interface. 1556.It Li ip.grettl 1557The maximum time-to-live (hop count) value for an IPv4 packet generated by 1558.Xr gre 4 1559tunnel interface. 1560.It Li ip.hashsize 1561The size of IPv4 Fast Forward hash table. 1562This value must be a power of 2 (64, 256...). 1563A larger hash table size results in fewer collisions. 1564Also see 1565.Li ip.maxflows . 1566.It Li ip.hostzerobroadcast 1567All zeroes address is broadcast address. 1568.It Li ip.lowportmax 1569The highest port number to use for TCP and UDP reserved port allocation. 1570This cannot be set to less than 0 or greater than 1024, and must 1571be greater than 1572.Li ip.lowportmin . 1573.It Li ip.lowportmin 1574The lowest port number to use for TCP and UDP reserved port allocation. 1575This cannot be set to less than 0 or greater than 1024, and must 1576be smaller than 1577.Li ip.lowportmax . 1578.It Li ip.maxflows 1579IPv4 Fast Forwarding is enabled by default. 1580If set to 0, IPv4 Fast Forwarding is disabled. 1581.Li ip.maxflows 1582controls the maximum amount of flows which can be created. 1583The default value is 256. 1584.It Li ip.maxfragpackets 1585The maximum number of fragmented packets the node will accept. 15860 means that the node will not accept any fragmented packets. 1587\-1 means that the node will accept as many fragmented packets as it receives. 1588The flag is provided basically for avoiding possible DoS attacks. 1589.It Li ip.mtudisc 1590If set to 1, enables Path MTU Discovery (RFC 1191). 1591When Path MTU Discovery is enabled, the transmitted TCP segment 1592size will be determined by the advertised maximum segment size 1593(MSS) from the remote end, as constrained by the path MTU. 1594If MTU Discovery is disabled, the transmitted segment size will 1595never be greater than 1596.Li tcp.mssdflt 1597(the local maximum segment size). 1598.It Li ip.mtudisctimeout 1599The number of seconds in which a route added by the Path MTU 1600Discovery engine will time out. 1601When the route times out, the Path 1602MTU Discovery engine will attempt to probe a larger path MTU. 1603.It Li ip.random_id 1604Assign random ip_id values. 1605.It Li ip.redirect 1606If set to 1, ICMP redirects may be sent by the host. 1607This option is ignored unless the host is routing IP packets, 1608and should normally be enabled on all systems. 1609.It Li ip.subnetsarelocal 1610If set to 1, subnets are to be considered local addresses. 1611.It Li ip.ttl 1612The maximum time-to-live (hop count) value for an IP packet sourced by 1613the system. 1614This value applies to normal transport protocols, not to ICMP. 1615.It Li icmp.errppslimit 1616The variable specifies the maximum number of outgoing ICMP error messages, 1617per second. 1618ICMP error messages that exceeded the value are subject to rate limitation 1619and will not go out from the node. 1620Negative value disables rate limitation. 1621.It Li icmp.maskrepl 1622If set to 1, ICMP network mask requests are to be answered. 1623.It Li icmp.rediraccept 1624If set to non-zero, the host will accept ICMP redirect packets. 1625Note that routers will never accept ICMP redirect packets, 1626and the variable is meaningful on IP hosts only. 1627.It Li icmp.redirtimeout 1628The variable specifies lifetime of routing entries generated by incoming 1629ICMP redirect. 1630This defaults to 600 seconds. 1631.It Li icmp.returndatabytes 1632Number of bytes to return in an ICMP error message. 1633.It Li icmp.bmcastecho 1634If set to 1, enables responding to ICMP echo or timestamp request to the 1635broadcast address. 1636.It Li tcp.ack_on_push 1637If set to 1, TCP is to immediately transmit an ACK upon reception of 1638a packet with PUSH set. 1639This can avoid losing a round trip time in some rare situations, 1640but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1641Use of this option is generally not recommended, but 1642the variable exists in case your configuration really needs it. 1643.It Li tcp.cwm 1644If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window 1645Monitoring algorithm. 1646This algorithm prevents line-rate bursts of packets that could 1647otherwise occur when data begins flowing on an idle TCP connection. 1648These line-rate bursts can contribute to network and router congestion. 1649This can be particularly useful on World Wide Web servers 1650which support HTTP/1.1, which has lingering connections. 1651.It Li tcp.cwm_burstsize 1652The Congestion Window Monitoring allowed burst size, in terms 1653of packet count. 1654.It Li tcp.delack_ticks 1655Number of ticks to delay sending an ACK. 1656.It Li tcp.do_loopback_cksum 1657Perform TCP checksum on loopback. 1658.It Li tcp.init_win 1659A value indicating the TCP initial congestion window. 1660The valid range 1661is 0 to 10 (maximum specified by RFC6928), 1662with a default of 4 (approximately 4K per RFC3390). 1663.It Li tcp.init_win_local 1664Like 1665.Li tcp.init_win , 1666but used when communicating with hosts on a local network. 1667.It Li tcp.keepcnt 1668Number of keepalive probes sent before declaring a connection dead. 1669If set to zero, there is no limit; 1670keepalives will be sent until some kind of 1671response is received from the peer. 1672.It Li tcp.keepidle 1673Time a connection must be idle before keepalives are sent (if keepalives 1674are enabled for the connection). 1675See also tcp.slowhz. 1676.It Li tcp.keepintvl 1677Time after a keepalive probe is sent until, in the absence of any response, 1678another probe is sent. 1679See also tcp.slowhz. 1680.It Li tcp.log_refused 1681If set to 1, refused TCP connections to the host will be logged. 1682.It Li tcp.keepinit 1683Timeout in seconds during connection establishment. 1684.It Li tcp.mss_ifmtu 1685If set to 1, TCP calculates the outgoing maximum segment size based on 1686the MTU of the appropriate interface. 1687If set to 0, it is calculated based on the greater of the MTU of the 1688interface, and the largest (non-loopback) interface MTU on the system. 1689.It Li tcp.mssdflt 1690The default maximum segment size both advertised to the peer 1691and to use when either the peer does not advertise a maximum segment size to 1692us during connection setup or Path MTU Discovery 1693.Li ( ip.mtudisc ) 1694is disabled. 1695Do not change this value unless you really know what you are doing. 1696.It Li tcp.recvspace 1697The default TCP receive buffer size. 1698.It Li tcp.rfc1323 1699If set to 1, enables RFC 1323 extensions to TCP. 1700.It Li tcp.rstppslimit 1701The variable specifies the maximum number of outgoing TCP RST packets, 1702per second. 1703TCP RST packet that exceeded the value are subject to rate limitation 1704and will not go out from the node. 1705Negative value disables rate limitation. 1706.It Li tcp.ident 1707Return the user ID of a connected socket pair. 1708(RFC1413 Identification Protocol lookups.) 1709.It Li tcp.drop 1710Drop a TCP socket pair connection. 1711.It Li tcp.sack.enable 1712If set to 1, enables RFC 2018 Selective ACKnowledgement. 1713.It Li tcp.sack.globalholes 1714Global number of TCP SACK holes. 1715.It Li tcp.sack.globalmaxholes 1716Global maximum number of TCP SACK holes. 1717.It Li tcp.sack.maxholes 1718Maximum number of TCP SACK holes allowed per connection. 1719.It Li tcp.ecn.enable 1720If set to 1, enables RFC 3168 Explicit Congestion Notification. 1721.It Li tcp.ecn.maxretries 1722Number of times to retry sending the ECN-setup packet. 1723.It Li tcp.sendspace 1724The default TCP send buffer size. 1725.It Li tcp.slowhz 1726The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1727of a clock that ticks tcp.slowhz times per second. 1728(That is, their values 1729must be divided by the tcp.slowhz value to get times in seconds.) 1730.It Li tcp.syn_bucket_limit 1731The maximum number of entries allowed per hash bucket in the TCP 1732compressed state engine. 1733.It Li tcp.syn_cache_limit 1734The maximum number of entries allowed in the TCP compressed state 1735engine. 1736.It Li tcp.timestamps 1737If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1738used for measuring TCP round trip times, are enabled. 1739.It Li tcp.win_scale 1740If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1741for increasing the TCP window size, are enabled. 1742.It Li tcp.congctl.available 1743The available TCP congestion control algorithms. 1744.It Li tcp.congctl.selected 1745The currently selected TCP congestion control algorithm. 1746.It Li tcp.abc.enable 1747If set to 1, use RFC 3465 Appropriate Byte Counting (ABC). 1748If set to 0, use traditional Packet Counting. 1749.It Li tcp.abc.aggressive 1750Choose the L parameter found in RFC 3465. 1751L is the maximum cwnd increase for an ack during slow start. 1752If set to 1, use L=2*SMSS. 1753If set to 0, use L=1*SMSS. 1754It has no effect unless tcp.abc.enable is set to 1. 1755.It Li udp.checksum 1756If set to 1, UDP checksums are being computed. 1757Received non-zero UDP checksums are always checked. 1758Disabling UDP checksums is strongly discouraged. 1759.It Li udp.recvspace 1760The default UDP receive buffer size. 1761.It Li udp.sendspace 1762The default UDP send buffer size. 1763.El 1764.Pp 1765For variables net.*.ipsec, please refer to 1766.Xr ipsec 4 . 1767.It Li net.inet6 ( Dv PF_INET6 ) 1768Get or set various global information about the IPv6 1769.Pq Internet Protocol version 6 . 1770The third level name is the protocol. 1771The fourth level name is the variable name. 1772The currently defined protocols and names are: 1773.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent 1774.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable 1775.It icmp6 errppslimit integer yes 1776.It icmp6 mtudisc_hiwat integer yes 1777.It icmp6 mtudisc_lowat integer yes 1778.It icmp6 nd6_debug integer yes 1779.It icmp6 nd6_delay integer yes 1780.It icmp6 nd6_maxnudhint integer yes 1781.It icmp6 nd6_mmaxtries integer yes 1782.It icmp6 nd6_prune integer yes 1783.It icmp6 nd6_umaxtries integer yes 1784.It icmp6 nd6_useloopback integer yes 1785.It icmp6 nodeinfo integer yes 1786.It icmp6 rediraccept integer yes 1787.It icmp6 redirtimeout integer yes 1788.It ip6 accept_rtadv integer yes 1789.It ip6 addctlpolicy struct in6_addrpolicy no 1790.It ip6 anonportalgo.selected string yes 1791.It ip6 anonportalgo.available string yes 1792.It ip6 anonportalgo.reserve struct yes 1793.It ip6 anonportmax integer yes 1794.It ip6 anonportmin integer yes 1795.It ip6 auto_flowlabel integer yes 1796.It ip6 dad_count integer yes 1797.It ip6 defmcasthlim integer yes 1798.It ip6 forwarding integer yes 1799.It ip6 gifhlim integer yes 1800.It ip6 hashsize integer yes 1801.It ip6 hlim integer yes 1802.It ip6 hdrnestlimit integer yes 1803.It ip6 kame_version string no 1804.It ip6 keepfaith integer yes 1805.It ip6 log_interval integer yes 1806.It ip6 lowportmax integer yes 1807.It ip6 lowportmin integer yes 1808.It ip6 maxdynroutes integer yes 1809.It ip6 maxifprefixes integer yes 1810.It ip6 maxifdefrouters integer yes 1811.It ip6 maxflows integer yes 1812.It ip6 maxfragpackets integer yes 1813.It ip6 maxfrags integer yes 1814.It ip6 neighborgcthresh integer yes 1815.It ip6 redirect integer yes 1816.It ip6 rr_prune integer yes 1817.It ip6 use_deprecated integer yes 1818.It ip6 v6only integer yes 1819.It udp6 do_loopback_cksum integer yes 1820.It udp6 recvspace integer yes 1821.It udp6 sendspace integer yes 1822.El 1823.Pp 1824The variables are as follows: 1825.Bl -tag -width "123456" 1826.It Li ip6.accept_rtadv 1827If set to non-zero, the node will accept ICMPv6 router advertisement packets 1828and autoconfigures address prefixes and default routers. 1829The node must be a host 1830.Pq not a router 1831for the option to be meaningful. 1832.It Li ip6.anonportalgo.available 1833The available RFC 6056 port randomization algorithms. 1834.It Li ip6.anonportalgo.reserve 1835A bitmask of ports that will not be used during anonymous or privileged 1836port selection. 1837.It Li ip6.anonportalgo.selected 1838The currently selected RFC 6056 port randomization algorithm. 1839.It Li ip6.anonportmax 1840The highest port number to use for TCP and UDP ephemeral port allocation. 1841This cannot be set to less than 1024 or greater than 65535, and must 1842be greater than 1843.Li ip6.anonportmin . 1844.It Li ip6.anonportmin 1845The lowest port number to use for TCP and UDP ephemeral port allocation. 1846This cannot be set to less than 1024 or greater than 65535. 1847.It Li ip6.auto_flowlabel 1848On connected transport protocol packets, 1849fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1850.It Li ip6.dad_count 1851The variable configures number of IPv6 DAD 1852.Pq duplicated address detection 1853probe packets. 1854The packets will be generated when IPv6 interface addresses are configured. 1855.It Li ip6.defmcasthlim 1856The default hop limit value for an IPv6 multicast packet sourced by the node. 1857This value applies to all the transport protocols on top of IPv6. 1858There are APIs to override the value, as documented in 1859.Xr ip6 4 . 1860.It Li ip6.forwarding 1861If set to 1, enables IPv6 forwarding for the node, 1862meaning that the node is acting as a router. 1863If set to 0, disables IPv6 forwarding for the node, 1864meaning that the node is acting as a host. 1865IPv6 specification defines node behavior for 1866.Dq router 1867case and 1868.Dq host 1869case quite differently, and changing this variable during operation 1870may cause serious trouble. 1871It is recommended to configure the variable at bootstrap time, 1872and bootstrap time only. 1873.It Li ip6.gifhlim 1874The maximum hop limit value for an IPv6 packet generated by 1875.Xr gif 4 1876tunnel interface. 1877.It Li ip6.hdrnestlimit 1878The number of IPv6 extension headers permitted on incoming IPv6 packets. 1879If set to 0, the node will accept as many extension headers as possible. 1880.It Li ip6.hashsize 1881The size of IPv6 Fast Forward hash table. 1882This value must be a power of 2 (64, 256, ...). 1883A larger hash table size results in fewer collisions. 1884Also see 1885.Li ip6.maxflows . 1886.It Li ip6.hlim 1887The default hop limit value for an IPv6 unicast packet sourced by the node. 1888This value applies to all the transport protocols on top of IPv6. 1889There are APIs to override the value, as documented in 1890.Xr ip6 4 . 1891.It Li ip6.kame_version 1892The string identifies the version of KAME IPv6 stack implemented in the kernel. 1893.It Li ip6.keepfaith 1894If set to non-zero, it enables 1895.Dq FAITH 1896TCP relay IPv6-to-IPv4 translator code in the kernel. 1897Refer 1898.Xr faith 4 1899and 1900.Xr faithd 8 1901for detail. 1902.It Li ip6.log_interval 1903The variable controls amount of logs generated by IPv6 packet 1904forwarding engine, by setting interval between log output 1905.Pq in seconds . 1906.It Li ip6.lowportmax 1907The highest port number to use for TCP and UDP reserved port allocation. 1908This cannot be set to less than 0 or greater than 1024, and must 1909be greater than 1910.Li ip6.lowportmin . 1911.It Li ip6.lowportmin 1912The lowest port number to use for TCP and UDP reserved port allocation. 1913This cannot be set to less than 0 or greater than 1024, and must 1914be smaller than 1915.Li ip6.lowportmax . 1916.It Li ip6.maxdynroutes 1917Maximum number of routes created by redirect. 1918Set it to negative to disable. 1919The default value is 4096. 1920.It Li ip6.maxifprefixes 1921Maximum number of prefixes created by route advertisements per interface. 1922Set it to negative to disable. 1923The default value is 16. 1924.It Li ip6.maxifdefrouters 16 1925Maximum number of default routers created by route advertisements per interface. 1926Set it to negative to disable. 1927The default value is 16. 1928.It Li ip6.maxflows 1929IPv6 Fast Forwarding is enabled by default. 1930If set to 0, IPv6 Fast Forwarding is disabled. 1931.Li ip6.maxflows 1932controls the maximum amount of flows which can be created. 1933The default value is 256. 1934.It Li ip6.maxfragpackets 1935The maximum number of fragmented packets the node will accept. 19360 means that the node will not accept any fragmented packets. 1937\-1 means that the node will accept as many fragmented packets as it receives. 1938The flag is provided basically for avoiding possible DoS attacks. 1939.It Li ip6.maxfrags 1940The maximum number of fragments the node will accept. 19410 means that the node will not accept any fragments. 1942\-1 means that the node will accept as many fragments as it receives. 1943The flag is provided basically for avoiding possible DoS attacks. 1944.It Li ip6.neighborgcthresh 1945Maximum number of entries in neighbor cache per interface. 1946Set to negative to disable. 1947The default value is 2048. 1948.It Li ip6.redirect 1949If set to 1, ICMPv6 redirects may be sent by the node. 1950This option is ignored unless the node is routing IP packets, 1951and should normally be enabled on all systems. 1952.It Li ip6.rr_prune 1953The variable specifies interval between IPv6 router renumbering prefix 1954babysitting, in seconds. 1955.It Li ip6.use_deprecated 1956The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1957.It Li ip6.v6only 1958The variable specifies initial value for 1959.Dv IPV6_V6ONLY 1960socket option for 1961.Dv AF_INET6 1962socket. 1963Please refer to 1964.Xr ip6 4 1965for detail. 1966.It Li icmp6.errppslimit 1967The variable specifies the maximum number of outgoing ICMPv6 error messages, 1968per second. 1969ICMPv6 error messages that exceeded the value are subject to rate limitation 1970and will not go out from the node. 1971Negative value disables rate limitation. 1972.It Li icmp6.mtudisc_hiwat 1973.It Li icmp6.mtudisc_lowat 1974The variables define the maximum number of routing table entries, 1975created due to path MTU discovery 1976.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1977When IPv6 path MTU discovery happens, we keep path MTU information into 1978the routing table. 1979If the number of routing table entries exceed the value, 1980the kernel will not attempt to keep the path MTU information. 1981.Li icmp6.mtudisc_hiwat 1982is used when we have verified ICMPv6 too big messages. 1983.Li icmp6.mtudisc_lowat 1984is used when we have unverified ICMPv6 too big messages. 1985Verification is performed by using address/port pairs kept in connected pcbs. 1986Negative value disables the upper limit. 1987.It Li icmp6.nd6_debug 1988If set to non-zero, kernel IPv6 neighbor discovery code will generate 1989debugging messages. 1990The debug outputs are useful to diagnose IPv6 interoperability issues. 1991The flag must be set to 0 for normal operation. 1992.It Li icmp6.nd6_delay 1993The variable specifies 1994.Dv DELAY_FIRST_PROBE_TIME 1995timing constant in IPv6 neighbor discovery specification 1996.Pq RFC 2461 , 1997in seconds. 1998.It Li icmp6.nd6_maxnudhint 1999IPv6 neighbor discovery permits upper layer protocols to supply reachability 2000hints, to avoid unnecessary neighbor discovery exchanges. 2001The variable defines the number of consecutive hints the neighbor discovery 2002layer will take. 2003For example, by setting the variable to 3, neighbor discovery layer 2004will take 3 consecutive hints in maximum. 2005After receiving 3 hints, neighbor discovery layer will perform 2006normal neighbor discovery process. 2007.It Li icmp6.nd6_mmaxtries 2008The variable specifies 2009.Dv MAX_MULTICAST_SOLICIT 2010constant in IPv6 neighbor discovery specification 2011.Pq RFC 2461 . 2012.It Li icmp6.nd6_prune 2013The variable specifies interval between IPv6 neighbor cache babysitting, 2014in seconds. 2015.It Li icmp6.nd6_umaxtries 2016The variable specifies 2017.Dv MAX_UNICAST_SOLICIT 2018constant in IPv6 neighbor discovery specification 2019.Pq RFC 2461 . 2020.It Li icmp6.nd6_useloopback 2021If set to non-zero, kernel IPv6 stack will use loopback interface for 2022local traffic. 2023.It Li icmp6.nodeinfo 2024The variable enables responses to ICMPv6 node information queries. 2025If you set the variable to 0, responses will not be generated for 2026ICMPv6 node information queries. 2027Since node information queries can have a security impact, it is 2028possible to fine tune which responses should be answered. 2029Two separate bits can be set. 2030.Bl -tag -width "12345" 2031.It 1 2032Respond to ICMPv6 FQDN queries, e.g. 2033.Li ping6 -w . 2034.It 2 2035Respond to ICMPv6 node addresses queries, e.g. 2036.Li ping6 -a . 2037.El 2038.It Li icmp6.rediraccept 2039If set to non-zero, the host will accept ICMPv6 redirect packets. 2040Note that IPv6 routers will never accept ICMPv6 redirect packets, 2041and the variable is meaningful on IPv6 hosts 2042.Pq non-router 2043only. 2044.It Li icmp6.redirtimeout 2045The variable specifies lifetime of routing entries generated by incoming 2046ICMPv6 redirect. 2047.It Li udp6.do_loopback_cksum 2048Perform UDP checksum on loopback. 2049.It Li udp6.recvspace 2050Default UDP receive buffer size. 2051.It Li udp6.sendspace 2052Default UDP send buffer size. 2053.El 2054.Pp 2055We reuse net.*.tcp for TCP over IPv6, 2056and therefore we do not have variables net.*.tcp6. 2057Variables net.inet6.udp6 have identical meaning to net.inet.udp. 2058Please refer to 2059.Li PF_INET 2060section above. 2061For variables net.*.ipsec6, please refer to 2062.Xr ipsec 4 . 2063.It Li net.key ( Dv PF_KEY ) 2064Get or set various global information about the IPsec key management. 2065The third level name is the variable name. 2066The currently defined variable and names are: 2067.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent 2068.It Sy Variable Type Ta Sy Changeable 2069.It debug integer yes 2070.It enabled integer yes 2071.It used integer no 2072.It spi_try integer yes 2073.It spi_min_value integer yes 2074.It spi_max_value integer yes 2075.It larval_lifetime integer yes 2076.It blockacq_count integer yes 2077.It blockacq_lifetime integer yes 2078.It esp_keymin integer yes 2079.It esp_auth integer yes 2080.It ah_keymin integer yes 2081.El 2082The variables are as follows: 2083.Bl -tag -width "123456" 2084.It Li debug 2085Turn on debugging message from within the kernel. 2086The value is a bitmap, as defined in 2087.In netipsec/key_debug.h . 2088.It Li enabled 2089Control processing of IPsec control messages. 2090.Bl -tag -width indent 2091.It 0 2092Never allow IPsec processing 2093.It 1 2094Allow IPsec processing when SPD policies are present. 2095.It 2 2096Force IPsec processing even when SPD policies are not present. 2097.El 2098.It Li used 2099Based on if IPsec is enabled, and SPD rule existence, show if 2100IPsec is being used. 2101Note that currently once IPsec is being used, it cannot be disabled. 2102.It Li spi_try 2103The number of times the kernel will try to obtain an unique SPI 2104when it generates it from random number generator. 2105.It Li spi_min_value 2106Minimum SPI value when generating it within the kernel. 2107.It Li spi_max_value 2108Maximum SPI value when generating it within the kernel. 2109.It Li larval_lifetime 2110Lifetime for LARVAL SAD entries, in seconds. 2111.It Li blockacq_count 2112Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 2113It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 2114key management daemon. 2115.It Li blockacq_lifetime 2116Lifetime of ACQUIRE PF_KEY message. 2117.It Li esp_keymin 2118Minimum ESP key length, in bits. 2119The value is used when the kernel creates proposal payload 2120on ACQUIRE PF_KEY message. 2121.It Li esp_auth 2122Whether ESP authentication should be used or not. 2123Non-zero value indicates that ESP authentication should be used. 2124The value is used when the kernel creates proposal payload 2125on ACQUIRE PF_KEY message. 2126.It Li ah_keymin 2127Minimum AH key length, in bits, 2128The value is used when the kernel creates proposal payload 2129on ACQUIRE PF_KEY message. 2130.El 2131.It Li net.local ( Dv PF_LOCAL ) 2132Get or set various global information about 2133.Dv AF_LOCAL 2134type sockets. 2135For some variables, the third level name is the variable name: 2136.Bl -column "Variable" "integer" "Changeable" -offset indent 2137.It Sy Variable Type Ta Sy Changeable 2138.It inflight integer no 2139.It deferred integer no 2140.El 2141The variables are as follows: 2142.Bl -tag -width "123456" 2143.It Li inflight 2144The number of file descriptors currently passed between processes, 2145.Qq in flight . 2146.It Li deferred 2147The number of file descriptors passed between processes that have been 2148deferred for cleanup by a kernel task. 2149.El 2150.Pp 2151Other variables are specific to a socket type: 2152.Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent 2153.It Sy "Socket Type" Sy Variable Type Ta Sy Changeable 2154.It dgram pcblist struct no 2155.It dgram recvspace integer yes 2156.It dgram sendspace integer yes 2157.It seqpacket pcblist struct no 2158.It stream pcblist struct no 2159.It stream recvspace integer yes 2160.It stream sendspace integer yes 2161.El 2162The variables are as follows: 2163.Bl -tag -width "123456" 2164.It Li dgram.pcblist 2165The Protocol Control Block list structure for datagram sockets. 2166Parsed by 2167.Xr netstat 1 2168or 2169.Xr sockstat 1 . 2170.It Li dgram.recvspace 2171The default datagram receive buffer size. 2172.It Li dgram.sendspace 2173The default datagram send buffer size. 2174.It Li seqpacket.pcblist 2175The Protocol Control Block list structure for Sequential Packet sockets. 2176Parsed by 2177.Xr netstat 1 2178or 2179.Xr sockstat 1 . 2180.It Li stream.pcblist 2181The Protocol Control Block list structure for stream sockets. 2182Parsed by 2183.Xr netstat 1 2184or 2185.Xr sockstat 1 . 2186.It Li stream.recvspace 2187The default stream receive buffer size. 2188.It Li stream.sendspace 2189The default stream send buffer size. 2190.El 2191.El 2192.Ss The proc.* subtree 2193The string and integer information available for the 2194.Li proc 2195level is detailed below. 2196The changeable column shows whether a process with appropriate 2197privilege may change the value. 2198These values are per-process, 2199and as such may change from one process to another. 2200When a process is created, 2201the default values are inherited from its parent. 2202When a set-user-ID or set-group-ID binary is executed, the 2203value of PROC_PID_CORENAME is reset to the system default value. 2204The second level name is either the magic value PROC_CURPROC, which 2205points to the current process, or the PID of the target process. 2206.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent 2207.It Sy Third level name Ta Sy Type Ta Sy Changeable 2208.It proc.pid.corename string yes 2209.It proc.pid.rlimit node not applicable 2210.It proc.pid.stopfork int yes 2211.It proc.pid.stopexec int yes 2212.It proc.pid.stopexit int yes 2213.It proc.pid.paxflags int no 2214.El 2215.Bl -tag -width "123456" 2216.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) 2217The template used for the core dump file name (see 2218.Xr core 5 2219for details). 2220The base name must either be 2221.Pa core 2222or end with the suffix 2223.Pa .core 2224(the super-user may set arbitrary names). 2225By default it points to 2226.Dv KERN_DEFCORENAME . 2227.It Li proc.pid.rlimit ( Dv PROC_PID_LIMIT ) 2228Return resources limits, as defined for the 2229.Xr getrlimit 2 2230and 2231.Xr setrlimit 2 2232system calls. 2233The fourth level name is one of: 2234.Bl -tag -width "123456" 2235.It Li proc.pid.rlimit.cputime ( Dv PROC_PID_LIMIT_CPU ) 2236The maximum amount of CPU time (in seconds) to be used by each process. 2237.It Li proc.pid.rlimit.filesize ( Dv PROC_PID_LIMIT_FSIZE ) 2238The largest size (in bytes) file that may be created. 2239.It Li proc.pid.rlimit.datasize ( Dv PROC_PID_LIMIT_DATA ) 2240The maximum size (in bytes) of the data segment for a process; 2241this defines how far a program may extend its break with the 2242.Xr sbrk 2 2243system call. 2244.It Li proc.pid.rlimit.stacksize ( Dv PROC_PID_LIMIT_STACK ) 2245The maximum size (in bytes) of the stack segment for a process; 2246this defines how far a program's stack segment may be extended. 2247Stack extension is performed automatically by the system. 2248.It Li proc.pid.rlimit.coredumpsize ( Dv PROC_PID_LIMIT_CORE ) 2249The largest size (in bytes) 2250.Pa core 2251file that may be created. 2252.It Li proc.pid.rlimit.memoryuse ( Dv PROC_PID_LIMIT_RSS ) 2253The maximum size (in bytes) to which a process's resident set size may 2254grow. 2255This imposes a limit on the amount of physical memory to be given to 2256a process; if memory is tight, the system will prefer to take memory 2257from processes that are exceeding their declared resident set size. 2258.It Li proc.pid.rlimit.memorylocked ( Dv PROC_PID_LIMIT_MEMLOCK ) 2259The maximum size (in bytes) which a process may lock into memory 2260using the 2261.Xr mlock 2 2262function. 2263.It Li proc.pid.rlimit.maxproc ( Dv PROC_PID_LIMIT_NPROC ) 2264The maximum number of simultaneous processes for this user id. 2265.It Li proc.pid.rlimit.descriptors ( Dv PROC_PID_LIMIT_NOFILE ) 2266The maximum number of open files for this process. 2267.It Li proc.pid.rlimit.sbsize ( Dv PROC_PID_LIMIT_SBSIZE ) 2268The maximum size (in bytes) of the socket buffers 2269set by the 2270.Xr setsockopt 2 2271.Dv SO_RCVBUF 2272and 2273.Dv SO_SNDBUF 2274options. 2275.It Li proc.pid.rlimit.vmemoryuse ( Dv PROC_PID_LIMIT_AS ) 2276The maximum size (in bytes) which a process can obtain. 2277.It Li proc.pid.rlimit.maxlwp ( Dv PROC_PID_LIMIT_NTHR ) 2278The maximum number of threads that cen be created and running at one time in 2279the process. 2280The first thread of each process is not counted against this. 2281.El 2282.Pp 2283The fifth level name is one of 2284.Li soft ( Dv PROC_PID_LIMIT_TYPE_SOFT ) 2285or 2286.Li hard ( Dv PROC_PID_LIMIT_TYPE_HARD ) , 2287to select respectively the soft or hard limit. 2288Both are of type integer. 2289.It Li proc.pid.stopfork ( Dv PROC_PID_STOPFORK ) 2290If non zero, the process' children will be stopped after 2291.Xr fork 2 2292calls. 2293The children are created in the SSTOP state and are never scheduled 2294for running before being stopped. 2295This feature enables attaching to a process with a debugger such as 2296.Xr gdb 1 2297before the process has the opportunity to actually do anything. 2298.Pp 2299This value is inherited by the process's children, and it also 2300applies to emulation specific system calls that fork a new process, such as 2301.Fn sproc 2302or 2303.Fn clone . 2304.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) 2305If non zero, the process will be stopped on the next 2306.Xr exec 3 2307call. 2308The process created by 2309.Xr exec 3 2310is created in the SSTOP state and is never scheduled for running 2311before being stopped. 2312This feature enables attaching to a process with a debugger such as 2313.Xr gdb 1 2314before the process has the opportunity to actually do anything. 2315.Pp 2316This value is inherited by the process's children. 2317.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) 2318If non zero, the process will be stopped when it has cause to exit, 2319either by way of calling 2320.Xr exit 3 , 2321.Xr _exit 2 , 2322or by the receipt of a specific signal. 2323The process is stopped before any of its resources or vm space is 2324released allowing examination of the termination state of the process 2325before it disappears. 2326This feature can be used to examine the final conditions of the 2327process's vmspace via 2328.Xr pmap 1 2329or its resource settings with 2330.Xr sysctl 8 2331before it disappears. 2332.Pp 2333This value is also inherited by the process's children. 2334.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) 2335This read-only variable returns the current value of the process's pax 2336flags (see 2337.Xr paxctl 8 ) . 2338.El 2339.Ss The user.* subtree ( Dv CTL_USER ) 2340The string and integer information available for the 2341.Li user 2342level is detailed below. 2343The changeable column shows whether a process with appropriate 2344privilege may change the value. 2345.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent 2346.It Sy Second level name Ta Sy Type Ta Sy Changeable 2347.It user.atexit_max integer no 2348.It user.bc_base_max integer no 2349.It user.bc_dim_max integer no 2350.It user.bc_scale_max integer no 2351.It user.bc_string_max integer no 2352.It user.coll_weights_max integer no 2353.It user.cs_path string no 2354.It user.expr_nest_max integer no 2355.It user.line_max integer no 2356.It user.posix2_c_bind integer no 2357.It user.posix2_c_dev integer no 2358.It user.posix2_char_term integer no 2359.It user.posix2_fort_dev integer no 2360.It user.posix2_fort_run integer no 2361.It user.posix2_localedef integer no 2362.It user.posix2_sw_dev integer no 2363.It user.posix2_upe integer no 2364.It user.posix2_version integer no 2365.It user.re_dup_max integer no 2366.It user.stream_max integer no 2367.It user.stream_max integer no 2368.It user.tzname_max integer no 2369.El 2370.Bl -tag -width "123456" 2371.It Li user.atexit_max ( Dv USER_ATEXIT_MAX ) 2372The maximum number of functions that may be registered with 2373.Xr atexit 3 . 2374.It Li user.bc_base_max ( Dv USER_BC_BASE_MAX ) 2375The maximum ibase/obase values in the 2376.Xr bc 1 2377utility. 2378.It Li user.bc_dim_max ( Dv USER_BC_DIM_MAX ) 2379The maximum array size in the 2380.Xr bc 1 2381utility. 2382.It Li user.bc_scale_max ( Dv USER_BC_SCALE_MAX ) 2383The maximum scale value in the 2384.Xr bc 1 2385utility. 2386.It Li user.bc_string_max ( Dv USER_BC_STRING_MAX ) 2387The maximum string length in the 2388.Xr bc 1 2389utility. 2390.It Li user.coll_weights_max ( Dv USER_COLL_WEIGHTS_MAX ) 2391The maximum number of weights that can be assigned to any entry of 2392the LC_COLLATE order keyword in the locale definition file. 2393.It Li user.cs_path ( USER_CS_PATH ) 2394Return a value for the 2395.Ev PATH 2396environment variable that finds all the standard utilities. 2397.It Li user.expr_nest_max ( Dv USER_EXPR_NEST_MAX ) 2398The maximum number of expressions that can be nested within 2399parenthesis by the 2400.Xr expr 1 2401utility. 2402.It Li user.line_max ( Dv USER_LINE_MAX ) 2403The maximum length in bytes of a text-processing utility's input 2404line. 2405.It Li user.posix2_char_term ( Dv USER_POSIX2_CHAR_TERM ) 2406Return 1 if the system supports at least one terminal type capable of 2407all operations described in 2408.St -p1003.2 , 2409otherwise\ 0. 2410.It Li user.posix2_c_bind ( Dv USER_POSIX2_C_BIND ) 2411Return 1 if the system's C-language development facilities support the 2412C-Language Bindings Option, otherwise\ 0. 2413.It Li user.posix2_c_dev ( Dv USER_POSIX2_C_DEV ) 2414Return 1 if the system supports the C-Language Development Utilities Option, 2415otherwise\ 0. 2416.It Li user.posix2_fort_dev ( Dv USER_POSIX2_FORT_DEV ) 2417Return 1 if the system supports the FORTRAN Development Utilities Option, 2418otherwise\ 0. 2419.It Li user.posix2_fort_run ( Dv USER_POSIX2_FORT_RUN ) 2420Return 1 if the system supports the FORTRAN Runtime Utilities Option, 2421otherwise\ 0. 2422.It Li user.posix2_localedef ( Dv USER_POSIX2_LOCALEDEF ) 2423Return 1 if the system supports the creation of locales, otherwise\ 0. 2424.It Li user.posix2_sw_dev ( Dv USER_POSIX2_SW_DEV ) 2425Return 1 if the system supports the Software Development Utilities Option, 2426otherwise\ 0. 2427.It Li user.posix2_upe ( Dv USER_POSIX2_UPE ) 2428Return 1 if the system supports the User Portability Utilities Option, 2429otherwise\ 0. 2430.It Li user.posix2_version ( Dv USER_POSIX2_VERSION ) 2431The version of 2432.St -p1003.2 2433with which the system attempts to comply. 2434.It Li user.re_dup_max ( Dv USER_RE_DUP_MAX ) 2435The maximum number of repeated occurrences of a regular expression 2436permitted when using interval notation. 2437.It Li user.stream_max ( Dv USER_STREAM_MAX ) 2438The minimum maximum number of streams that a process may have open 2439at any one time. 2440.It Li user.tzname_max ( Dv USER_TZNAME_MAX ) 2441The minimum maximum number of types supported for the name of a 2442timezone. 2443.El 2444.Ss The vm.* subtree ( Dv CTL_VM ) 2445The string and integer information available for the 2446.Li vm 2447level is detailed below. 2448The changeable column shows whether a process with appropriate 2449privilege may change the value. 2450.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent 2451.It Sy Second level name Ta Sy Type Ta Sy Changeable 2452.It vm.anonmax int yes 2453.It vm.anonmin int yes 2454.It vm.bufcache int yes 2455.It vm.bufmem int no 2456.It vm.bufmem_hiwater int yes 2457.It vm.bufmem_lowater int yes 2458.It vm.execmax int yes 2459.It vm.execmin int yes 2460.It vm.filemax int yes 2461.It vm.filemin int yes 2462.It vm.loadavg struct loadavg no 2463.It vm.maxslp int no 2464.It vm.nkmempages int no 2465.It vm.uspace int no 2466.It vm.uvmexp struct uvmexp no 2467.It vm.uvmexp2 struct uvmexp_sysctl no 2468.It vm.vmmeter struct vmtotal no 2469.It vm.proc.map struct kinfo_vmentry no 2470.It vm.guard_size unsigned int no 2471.It vm.thread_guard_size unsigned int yes 2472.El 2473.Bl -tag -width "123456" 2474.It Li vm.anonmax ( Dv VM_ANONMAX ) 2475The percentage of physical memory which will be reclaimed 2476from other types of memory usage to store anonymous application data. 2477.It Li vm.anonmin ( Dv VM_ANONMIN ) 2478The percentage of physical memory which will be always be available for 2479anonymous application data. 2480.It Li vm.bufcache ( Dv VM_BUFCACHE ) 2481The percentage of physical memory which will be available 2482for the buffer cache. 2483.It Li vm.bufmem ( Dv VM_BUFMEM ) 2484The amount of kernel memory that is being used by the buffer cache. 2485.It Li vm.bufmem_lowater ( Dv VM_BUFMEM_LOWATER ) 2486The minimum amount of kernel memory to reserve for the 2487buffer cache. 2488.It Li vm.bufmem_hiwater ( Dv VM_BUFMEM_HIWATER ) 2489The maximum amount of kernel memory to be used for the 2490buffer cache. 2491.It Li vm.execmax ( Dv VM_EXECMAX ) 2492The percentage of physical memory which will be reclaimed 2493from other types of memory usage to store cached executable data. 2494.It Li vm.execmin ( Dv VM_EXECMIN ) 2495The percentage of physical memory which will be always be available for 2496cached executable data. 2497.It Li vm.filemax ( Dv VM_FILEMAX ) 2498The percentage of physical memory which will be reclaimed 2499from other types of memory usage to store cached file data. 2500.It Li vm.filemin ( Dv VM_FILEMIN ) 2501The percentage of physical memory which will be always be available for 2502cached file data. 2503.It Li vm.loadavg ( Dv VM_LOADAVG ) 2504Return the load average history. 2505The returned data consists of a 2506.Vt struct loadavg . 2507.It Li vm.maxslp ( Dv VM_MAXSLP ) 2508The value of the maxslp kernel global variable. 2509.It Li vm.vmmeter ( Dv VM_METER ) 2510Return system wide virtual memory statistics. 2511The returned data consists of a 2512.Vt struct vmtotal . 2513.It vm.user_va0_disable 2514A flag which controls whether user processes can map virtual address\ 0. 2515.It Li vm.proc.map ( Dv VM_PROC ) 2516The third level is 2517.Dv VM_PROC_MAP , 2518the fourth is the pid of the process to display the vm object entries for, and 2519the fifth is the size of 2520.Vt struct kinfo_vmentry . 2521Returns an array of 2522.Vt struct kinfo_vmentry 2523objects. 2524.It Li vm.uspace ( Dv VM_USPACE ) 2525The number of bytes allocated for each kernel stack. 2526.It Li vm.uvmexp ( Dv VM_UVMEXP ) 2527Return system wide virtual memory statistics. 2528The returned data consists of a 2529.Vt struct uvmexp . 2530.It Li vm.uvmexp2 ( Dv VM_UVMEXP2 ) 2531Return system wide virtual memory statistics. 2532The returned data consists of a 2533.Vt struct uvmexp_sysctl . 2534.It Li vm.guard_size 2535Return system wide guard size for the main thread of a program. 2536.It Li vm.thread_guard_size 2537Return system wide default size for the guard area of all other threads 2538of a program. 2539.\" XXX vm.idlezero 2540.El 2541.Ss The ddb.* subtree ( Dv CTL_DDB ) 2542The information available for the 2543.Li ddb 2544level is detailed below. 2545The changeable column shows whether a process with appropriate 2546privilege may change the value. 2547.Bl -column "Second level name" "integer" "Changeable" -offset indent 2548.It Sy Second level name Ta Sy Type Ta Sy Changeable 2549.It ddb.commandonenter string yes 2550.It ddb.dumpstack integer yes 2551.It ddb.fromconsole integer yes 2552.It ddb.lines integer yes 2553.It ddb.maxoff integer yes 2554.It ddb.maxwidth integer yes 2555.It ddb.onpanic integer yes 2556.It ddb.panicstackframes integer yes 2557.It ddb.radix integer yes 2558.It ddb.tabstops integer yes 2559.It ddb.tee_msgbuf integer yes 2560.El 2561.Bl -tag -width "123456" 2562.It Li ddb.commandonenter 2563If not empty, the string is used as the DDB command to be executed each time 2564DDB is entered. 2565.It Li ddb.dumpstack 2566A value of 1 causes a stack trace to be printed on entering ddb from a panic. 2567A value of 0 disables this behaviour. 2568The default value is 1. 2569.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) 2570If not zero, DDB may be entered by sending a break on a serial 2571console or by a special key sequence on a graphics console. 2572.It Li ddb.lines ( Dv DDBCTL_LINES ) 2573Number of display lines. 2574.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) 2575The maximum symbol offset. 2576.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) 2577The maximum output line width. 2578.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) 2579If greater than zero, DDB will be entered if the kernel panics. 2580A value of 1 causes the system to enter DDB on panic. 2581A value of 0 causes the kernel to attempt to print a stack trace, then 2582reboot, while a value of \-1 means neither a stack trace will be printed 2583nor DDB entered. 2584.It Li ddb.panicstackframes 2585Number of stack frames to display on panic. 2586Useful to avoid scrolling away the interesting frames on a glass tty. 2587Default value is 2588.Dv 65535 2589(all frames), useful value around 2590.Dv 10 . 2591.It Li ddb.radix ( Dv DDBCTL_RADIX ) 2592The input and output radix. 2593.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) 2594Tab width. 2595.It Li ddb.tee_msgbuf 2596If not zero, DDB will output also to the kernel message buffer. 2597.El 2598.Pp 2599Some of these MIB 2600nodes are also available as variables from within the debugger. 2601See 2602.Xr ddb 4 2603for more details. 2604.Ss The security.* subtree ( Dv CTL_SECURITY ) 2605The 2606.Li security 2607level contains various security-related settings for 2608the system. 2609The available second level names are: 2610.Bl -column "Second level name" "integer" "Changeable" -offset indent 2611.It Sy Second level name Ta Sy Type Ta Sy Changeable 2612.It Li security.curtain integer yes 2613.It Li security.models node not applicable 2614.It Li security.pax node not applicable 2615.El 2616.Pp 2617Available settings are detailed below. 2618.Bl -tag -width "123456" 2619.It Li security.curtain 2620If non-zero, will filter return objects according to the user ID 2621requesting information about them, preventing users from 2622accessing any objects they do not own. 2623.Pp 2624At the moment, it affects 2625.Xr ps 1 , 2626.Xr netstat 1 2627(for 2628.Dv PF_INET , 2629.Dv PF_INET6 , 2630and 2631.Dv PF_UNIX 2632PCBs), and 2633.Xr w 1 . 2634.It Li security.models 2635.Nx 2636supports pluggable security models. 2637Every security model used, whether if loaded as a module or built with the system, 2638is required to add an entry to this node with at least one element, 2639.Dq name , 2640indicating the name of the security model. 2641.Pp 2642In addition to the name, any settings and other information private to the 2643security model will be available under this node. 2644See 2645.Xr secmodel 9 2646for more information. 2647.It Li security.pax 2648Settings for PaX \(em exploit mitigation features. 2649For more information on any of the PaX features, please see 2650.Xr paxctl 8 2651and 2652.Xr security 7 . 2653The available third and fourth level names are: 2654.Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \ 2655-offset 2n 2656.It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable 2657.It Li security.pax.aslr.enabled integer yes 2658.\".It Li security.pax.aslr.exec_len integer yes 2659.It Li security.pax.aslr.global integer yes 2660.\".It Li security.pax.aslr.mmap_len integer yes 2661.\".It Li security.pax.aslr.stack_len integer yes 2662.It Li security.pax.mprotect.enabled integer yes 2663.It Li security.pax.mprotect.global integer yes 2664.It Li security.pax.mprotect.ptrace integer yes 2665.It Li security.pax.segvguard.enabled integer yes 2666.It Li security.pax.segvguard.expiry_timeout integer yes 2667.It Li security.pax.segvguard.global integer yes 2668.It Li security.pax.segvguard.max_crashes integer yes 2669.It Li security.pax.segvguard.suspend_timeout integer yes 2670.El 2671.Bl -tag -width "123456" 2672.It Li security.pax.aslr.enabled 2673Enable PaX ASLR (Address Space Layout Randomization). 2674.Pp 2675The value of this 2676knob must be non-zero for PaX ASLR to be enabled, even if a program is set to 2677explicit enable. 2678.\".It Li security.pax.aslr.exec_len 2679.\" XXX: Undocumented. 2680.It Li security.pax.aslr.global 2681Specifies the default global policy for programs without an 2682explicit enable/disable flag. 2683.Pp 2684When non-zero, all programs will get PaX ASLR, except those exempted with 2685.Xr paxctl 8 . 2686Otherwise, all programs will not get PaX ASLR, except those specifically 2687marked as such with 2688.Xr paxctl 8 . 2689.\".It Li security.pax.aslr.mmap_len 2690.\" XXX: Undocumented. 2691.\" .It Li security.pax.aslr.stack_len 2692.\" XXX: Undocumented. 2693.It Li security.pax.mprotect.enabled 2694Enable PaX MPROTECT restrictions. 2695.Pp 2696These are 2697.Xr mprotect 2 2698restrictions to better enforce a W^X policy. 2699The value of this 2700knob must be non-zero for PaX MPROTECT to be enabled, even if a 2701program is set to explicit enable. 2702.It Li security.pax.mprotect.global 2703Specifies the default global policy for programs without an 2704explicit enable/disable flag. 2705.Pp 2706When non-zero, all programs will get the PaX MPROTECT restrictions, 2707except those exempted with 2708.Xr paxctl 8 . 2709Otherwise, all programs will not get the PaX MPROTECT restrictions, 2710except those specifically marked as such with 2711.Xr paxctl 8 . 2712.It Li security.pax.mprotect.ptrace 2713This variable allows 2714.Xr ptrace 2 2715to override PaX MPROTECT permissions. 2716It can have the following values: 2717.Bl -tag -width XX -compact 2718.It 0 2719Does not let override any permissions. 2720.It 1 2721Disables PaX MPROTECT from processes that start executing while traced (default). 2722.It 2 2723Bypasses PaX MPROTECT for all processes being traced. 2724.El 2725.It Li security.pax.segvguard.enabled 2726Enable PaX Segvguard. 2727.Pp 2728PaX Segvguard can detect and prevent certain exploitation attempts, where 2729an attacker may try for example to brute-force function return addresses 2730of respawning daemons. 2731.Pp 2732.Em Note : 2733The 2734.Nx 2735interface and implementation of the Segvguard is still experimental, and may 2736change in future releases. 2737.It Li security.pax.segvguard.expiry_timeout 2738If the max number was not reached within this timeout (in seconds), the entry 2739will expire. 2740.It Li security.pax.segvguard.global 2741Specifies the default global policy for programs without an 2742explicit enable/disable flag. 2743.Pp 2744When non-zero, all programs will get the PaX Segvguard, 2745except those exempted with 2746.Xr paxctl 8 . 2747Otherwise, no program will get the PaX Segvguard restrictions, 2748except those specifically marked as such with 2749.Xr paxctl 8 . 2750.It Li security.pax.segvguard.max_crashes 2751The maximum number of segfaults a program can receive before suspension. 2752.It Li security.pax.segvguard.suspend_timeout 2753Number of seconds to suspend a user from running a faulting program when the 2754limit was exceeded. 2755.El 2756.El 2757.Ss The vendor.* subtree ( Dv CTL_VENDOR ) 2758The 2759.Li vendor 2760toplevel name is reserved to be used by vendors who wish to 2761have their own private MIB tree. 2762Intended use is to store values under 2763.Dq vendor.<yourname>.* . 2764.Sh SEE ALSO 2765.Xr sysctl 3 , 2766.Xr ipsec 4 , 2767.Xr tcp 4 , 2768.Xr security 7 , 2769.Xr sysctl 8 2770.Sh HISTORY 2771The 2772.Nm 2773variables first appeared in 2774.Bx 4.4 . 2775