1.\" $NetBSD: sysctl.3,v 1.146 2005/04/09 02:03:36 atatat Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd March 22, 2005 33.Dt SYSCTL 3 34.Os 35.Sh NAME 36.Nm sysctl , 37.Nm sysctlbyname , 38.Nm sysctlgetmibinfo , 39.Nm sysctlnametomib 40.Nd get or set system information 41.Sh LIBRARY 42.Lb libc 43.Sh SYNOPSIS 44.In sys/param.h 45.In sys/sysctl.h 46.Ft int 47.Fn sysctl "int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" \ 48"void *newp" "size_t newlen" 49.Ft int 50.Fn sysctlbyname "const char *sname" "void *oldp" "size_t *oldlenp" \ 51"void *newp" "size_t newlen" 52.Ft int 53.Fn sysctlgetmibinfo "const char *sname" "int *name" "u_int *namelenp" \ 54"char *cname" "size_t *csz" "struct sysctlnode **rnode" "int v" 55.Ft int 56.Fn sysctlnametomib "const char *sname" "int *name" "size_t *namelenp" 57.Sh DESCRIPTION 58The 59.Nm 60function retrieves system information and allows processes with 61appropriate privileges to set system information. 62The information available from 63.Nm 64consists of integers, strings, and tables. 65Information may be retrieved and set from the command interface 66using the 67.Xr sysctl 8 68utility. 69.Pp 70Unless explicitly noted below, 71.Nm 72returns a consistent snapshot of the data requested. 73Consistency is obtained by locking the destination 74buffer into memory so that the data may be copied out without blocking. 75Calls to 76.Nm 77are serialized to avoid deadlock. 78.Pp 79The state is described using a ``Management Information Base'' (MIB) 80style name, listed in 81.Fa name , 82which is a 83.Fa namelen 84length array of integers. 85.Pp 86The 87.Fn sysctlbyname 88function accepts a string representation of a MIB entry and internally 89maps it to the appropriate numeric MIB representation. 90Its semantics are otherwise no different from 91.Fn sysctl . 92.Pp 93The information is copied into the buffer specified by 94.Fa oldp . 95The size of the buffer is given by the location specified by 96.Fa oldlenp 97before the call, 98and that location gives the amount of data copied after a successful call. 99If the amount of data available is greater 100than the size of the buffer supplied, 101the call supplies as much data as fits in the buffer provided 102and returns with the error code ENOMEM. 103If the old value is not desired, 104.Fa oldp 105and 106.Fa oldlenp 107should be set to 108.Dv NULL . 109.Pp 110The size of the available data can be determined by calling 111.Nm 112with a 113.Dv NULL 114parameter for 115.Fa oldp . 116The size of the available data will be returned in the location pointed to by 117.Fa oldlenp . 118For some operations, the amount of space may change often. 119For these operations, 120the system attempts to round up so that the returned size is 121large enough for a call to return the data shortly thereafter. 122.Pp 123To set a new value, 124.Fa newp 125is set to point to a buffer of length 126.Fa newlen 127from which the requested value is to be taken. 128If a new value is not to be set, 129.Fa newp 130should be set to 131.Dv NULL 132and 133.Fa newlen 134set to 0. 135.Pp 136The 137.Fn sysctlnametomib 138function can be used to map the string representation of a MIB entry 139to the numeric version. 140The 141.Fa name 142argument should point to an array of integers large enough to hold the 143MIB, and 144.Fa namelenp 145should indicate the number of integer slots available. 146Following a successful translation, the size_t indicated by 147.Fa namelenp 148will be changed to show the number of slots consumed. 149.Pp 150The 151.Fn sysctlgetmibinfo 152function performs name translation similar to 153.Fn sysctlnametomib , 154but also canonicalizes the name (or returns the first erroneous token 155from the string being parsed) into the space indicated by 156.Fa cname 157and 158.Fa csz . 159.Fa csz 160should indicate the size of the buffer pointed to by 161.Fa cname 162and on return, will indicate the size of the returned string including 163the trailing 164.Sq nul 165character. 166.Pp 167The 168.Fa rnode 169and 170.Fa v 171arguments to 172.Fn sysctlgetmibinfo 173are used to provide a tree for it to parse into, and to get back 174either a pointer to, or a copy of, the terminal node. 175If 176.Fa rnode 177is 178.Dv NULL , 179.Fn sysctlgetmibinfo 180uses its own internal tree for parsing, and checks it against the 181kernel at each call, to make sure that the name-to-number mapping is 182kept up to date. 183The 184.Fa v 185argument is ignored in this case. 186If 187.Fa rnode 188is not 189.Dv NULL 190but the pointer it references is, on a successful return, 191.Fa rnode 192will be adjusted to point to a copy of the terminal node. 193The 194.Fa v 195argument indicates which version of the 196.Nm 197node structure the caller wants. 198The application must later 199.Fn free 200this copy. 201If neither 202.Fa rnode 203nor the pointer it references are 204.Dv NULL , 205the pointer is used as the address of a tree over which the parsing is 206done. 207In this last case, the tree is not checked against the kernel, no 208refreshing of the mappings is performed, and the value given by 209.Fa v 210must agree with the version indicated by the tree. 211It is recommended that applications always use 212.Dv SYSCTL_VERSION 213as the value for 214.Fa v , 215as defined in the include file 216.Pa sys/sysctl.h . 217.Pp 218The top level names are defined with a CTL_ prefix in 219.Aq Pa sys/sysctl.h , 220and are as follows. 221The next and subsequent levels down are found in the include files 222listed here, and described in separate sections below. 223.Pp 224.Bl -column CTLXMACHDEPXXX "Next level namesXXXXXX" -offset indent 225.It Sy Name Next level names Description 226.It CTL\_KERN sys/sysctl.h High kernel limits 227.It CTL\_VM uvm/uvm_param.h Virtual memory 228.It CTL\_VFS sys/mount.h Filesystem 229.It CTL\_NET sys/socket.h Networking 230.It CTL\_DEBUG sys/sysctl.h Debugging 231.It CTL\_HW sys/sysctl.h Generic CPU, I/O 232.It CTL\_MACHDEP sys/sysctl.h Machine dependent 233.It CTL\_USER sys/sysctl.h User-level 234.It CTL\_DDB sys/sysctl.h In-kernel debugger 235.It CTL\_PROC sys/sysctl.h Per-process 236.It CTL\_VENDOR ? Vendor specific 237.It CTL\_EMUL sys/sysctl.h Emulation settings 238.El 239.Pp 240For example, the following retrieves the maximum number of processes allowed 241in the system: 242.Bd -literal -offset indent -compact 243int mib[2], maxproc; 244size_t len; 245.sp 246mib[0] = CTL_KERN; 247mib[1] = KERN_MAXPROC; 248len = sizeof(maxproc); 249sysctl(mib, 2, \*[Am]maxproc, \*[Am]len, NULL, 0); 250.Ed 251.sp 252To retrieve the standard search path for the system utilities: 253.Bd -literal -offset indent -compact 254int mib[2]; 255size_t len; 256char *p; 257.sp 258mib[0] = CTL_USER; 259mib[1] = USER_CS_PATH; 260sysctl(mib, 2, NULL, \*[Am]len, NULL, 0); 261p = malloc(len); 262sysctl(mib, 2, p, \*[Am]len, NULL, 0); 263.Ed 264.Sh CTL_DEBUG 265The debugging variables vary from system to system. 266A debugging variable may be added or deleted without need to recompile 267.Nm 268to know about it. 269Each time it runs, 270.Nm 271gets the list of debugging variables from the kernel and 272displays their current values. 273The system defines twenty 274.Va ( struct ctldebug ) 275variables named 276.Dv debug0 277through 278.Dv debug19 . 279They are declared as separate variables so that they can be 280individually initialized at the location of their associated variable. 281The loader prevents multiple use of the same variable by issuing errors 282if a variable is initialized in more than one place. 283For example, to export the variable 284.Dv dospecialcheck 285as a debugging variable, the following declaration would be used: 286.Bd -literal -offset indent -compact 287int dospecialcheck = 1; 288struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; 289.Ed 290.Pp 291Note that the dynamic implementation of 292.Nm 293currently in use largely makes this particular 294.Nm 295interface obsolete. 296See 297.Xr sysctl 8 298.\" and 299.\" .Xr sysctl 9 300for more information. 301.Sh CTL_VFS 302A distinguished second level name, VFS_GENERIC, 303is used to get general information about all filesystems. 304One of its third level identifiers is VFS_MAXTYPENUM 305that gives the highest valid filesystem type number. 306Its other third level identifier is VFS_CONF that 307returns configuration information about the filesystem 308type given as a fourth level identifier. 309The remaining second level identifiers are the 310filesystem type number returned by a 311.Xr statfs 2 312call or from VFS_CONF. 313The third level identifiers available for each filesystem 314are given in the header file that defines the mount 315argument structure for that filesystem. 316.Sh CTL_HW 317The string and integer information available for the CTL_HW level 318is detailed below. 319The changeable column shows whether a process with appropriate 320privilege may change the value. 321.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent 322.It Sy Second level name Type Changeable 323.It HW\_MACHINE string no 324.It HW\_MODEL string no 325.It HW\_NCPU integer no 326.It HW\_BYTEORDER integer no 327.It HW\_PHYSMEM integer no 328.It HW\_PHYSMEM64 quad no 329.It HW\_USERMEM integer no 330.It HW\_USERMEM64 quad no 331.It HW\_PAGESIZE integer no 332.\".It HW\_DISKNAMES struct no 333.\".It HW\_DISKSTATS struct no 334.It HW\_MACHINE\_ARCH string no 335.It HW\_ALIGNBYTES integer no 336.It HW\_DISKNAMES string no 337.It HW\_DISKSTATS struct disk_sysctl no 338.It HW\_CNMAGIC string yes 339.El 340.Pp 341.Bl -tag -width "123456" 342.It Li HW_MACHINE 343The machine class. 344.It Li HW_MODEL 345The machine model. 346.It Li HW_NCPU 347The number of CPUs. 348.ne 1i 349.It Li HW_BYTEORDER 350The byteorder (4,321, or 1,234). 351.It Li HW_PHYSMEM 352The bytes of physical memory as a 32-bit integer. 353.It Li HW_PHYSMEM64 354The bytes of physical memory as a 64-bit integer. 355.It Li HW_USERMEM 356The bytes of non-kernel memory as a 32-bit integer. 357.It Li HW_USERMEM64 358The bytes of non-kernel memory as a 64-bit integer. 359.It Li HW_PAGESIZE 360The software page size. 361.It Li HW_MACHINE_ARCH 362The machine CPU class. 363.It Li HW_ALIGNBYTES 364Alignment constraint for all possible data types. 365This shows the value 366.Dv ALIGNBYTES 367in 368.Pa /usr/include/machine/param.h , 369at the kernel compilation time. 370.It Li HW_DISKNAMES 371The list of (space separated) disk device names on the system. 372.It Li HW_DISKSTATS 373Return statistical information on the disk devices on the system. 374An array of 375.Va struct disk_sysctl 376structures is returned, 377whose size depends on the current number of such objects in the system. 378The third level name is the size of the 379.Va struct disk_sysctl . 380.It Li HW_CNMAGIC 381The console magic key sequence. 382.El 383.Sh CTL_KERN 384The string and integer information available for the CTL_KERN level 385is detailed below. 386The changeable column shows whether a process with appropriate 387privilege may change the value. 388The types of data currently available are process information, 389system vnodes, the open file entries, routing table entries, 390virtual memory statistics, load average history, and clock rate 391information. 392.Bl -column "KERNXPOSIXXREADERXWRITERXLOCKS" "struct clockrateXXX" -offset indent 393.It Sy Second level name Type Changeable 394.It KERN\_ARGMAX integer no 395.It KERN\_AUTONICETIME integer yes 396.It KERN\_AUTONICEVAL integer yes 397.It KERN\_BOOTTIME struct timeval no 398.It KERN\_CCPU integer no 399.It KERN\_CLOCKRATE struct clockinfo no 400.It KERN\_CP\_TIME uint64_t[\|] no 401.It KERN\_DEFCORENAME string yes 402.It KERN\_DOMAINNAME string yes 403.It KERN\_DRIVERS struct kinfo_drivers no 404.It KERN\_FILE struct file no 405.It KERN\_FORKFSLEEP integer yes 406.It KERN\_FSCALE integer no 407.It KERN\_FSYNC integer no 408.It KERN\_HOSTID integer yes 409.It KERN\_HOSTNAME string yes 410.It KERN\_IOV\_MAX integer no 411.It KERN\_JOB\_CONTROL integer no 412.It KERN\_LABELOFFSET integer no 413.It KERN\_LABELSECTOR integer no 414.It KERN\_LOGIN\_NAME\_MAX integer no 415.It KERN\_LOGSIGEXIT integer yes 416.It KERN\_MAPPED\_FILES integer no 417.It KERN\_MAXFILES integer yes 418.It KERN\_MAXPARTITIONS integer no 419.It KERN\_MAXPROC integer yes 420.It KERN\_MAXPTYS integer yes 421.It KERN\_MAXVNODES integer yes 422.It KERN\_MBUF node not applicable 423.It KERN\_MEMLOCK integer no 424.It KERN\_MEMLOCK\_RANGE integer no 425.It KERN\_MEMORY\_PROTECTION integer no 426.It KERN\_MONOTONIC\_CLOCK integer no 427.It KERN\_MSGBUF char[\|] no 428.It KERN\_MSGBUFSIZE integer no 429.It KERN\_NGROUPS integer no 430.It KERN\_NTPTIME struct ntptimeval no 431.It KERN\_OSRELEASE string no 432.It KERN\_OSREV integer no 433.It KERN\_OSTYPE string no 434.It KERN\_POSIX1 integer no 435.It KERN\_POSIX\_BARRIERS integer no 436.It KERN\_POSIX\_READER\_WRITER\_LOCKS integer no 437.It KERN\_POSIX\_SEMAPHORES integer no 438.It KERN\_POSIX\_SPIN\_LOCKS integer no 439.It KERN\_POSIX\_THREADS integer no 440.It KERN\_POSIX\_TIMERS integer no 441.It KERN\_PROC struct kinfo_proc no 442.It KERN\_PROC2 struct kinfo_proc2 no 443.It KERN\_PROC\_ARGS string no 444.It KERN\_PROF node not applicable 445.It KERN\_RAWPARTITION integer no 446.It KERN\_ROOT\_DEVICE string no 447.It KERN\_ROOT\_PARTITION integer no 448.It KERN\_RTC\_OFFSET integer yes 449.It KERN\_SAVED\_IDS integer no 450.It KERN\_SECURELVL integer raise only 451.It KERN\_SYNCHRONIZED\_IO integer no 452.It KERN\_SYSVIPC\_INFO node not applicable 453.It KERN\_SYSVMSG integer no 454.It KERN\_SYSVSEM integer no 455.It KERN\_SYSVSHM integer no 456.It KERN\_TKSTAT node not applicable 457.It KERN\_VERSION string no 458.It KERN\_VNODE struct vnode no 459.El 460.ne 1i 461.Pp 462.Bl -tag -width "123456" 463.It Li KERN_ARGMAX 464The maximum bytes of argument to 465.Xr execve 2 . 466.It Li KERN_AUTONICETIME 467The number of seconds of CPU-time a non-root process may accumulate before 468having its priority lowered from the default to the value of KERN_AUTONICEVAL. 469If set to 0, automatic lowering of priority is not performed, and if set to \-1 470all non-root processes are immediately lowered. 471.It Li KERN_AUTONICEVAL 472The priority assigned for automatically niced processes. 473.It Li KERN_BOOTTIME 474A 475.Va struct timeval 476structure is returned. 477This structure contains the time that the system was booted. 478.It Li KERN_CCPU 479The scheduler exponential decay value. 480.It Li KERN_CLOCKRATE 481A 482.Va struct clockinfo 483structure is returned. 484This structure contains the clock, statistics clock and profiling clock 485frequencies, the number of micro-seconds per hz tick, and the clock 486skew rate. 487.It Li KERN_CP_TIME 488Returns an array of CPUSTATES uint64_ts. 489This array contains the 490number of clock ticks spent in different CPU states. 491On multi-processor systems, the sum across all CPUs is returned unless 492appropriate space is given for one data set for each CPU. 493Data for a specific CPU can also be obtained by adding the number of the 494CPU at the end of the MIB, enlarging it by one. 495.It Li KERN_DEFCORENAME 496Default template for the name of core dump files (see also PROC_PID_CORENAME 497in the per-process variables CTL_PROC, and 498.Xr core 5 499for format of this template). 500The default value is 501.Nm %n.core 502and can be changed with the kernel configuration option 503.Cd options DEFCORENAME 504(see 505.Xr options 4 506). 507.It Li KERN_DOMAINNAME 508Get or set the YP domain name. 509.It Li KERN_DRIVERS 510Return an array of 511.Va struct kinfo_drivers 512that contains the name and major device numbers of all the device drivers 513in the current kernel. 514The 515.Va d_name 516field is always a NUL terminated string. 517The 518.Va d_bmajor 519field will be set to \-1 if the driver doesn't have a block device. 520.It Li KERN_FILE 521Return the entire file table. 522The returned data consists of a single 523.Va struct filehead 524followed by an array of 525.Va struct file , 526whose size depends on the current number of such objects in the system. 527.It Li KERN_FSCALE 528The kernel fixed-point scale factor. 529.It Li KERN_FORKFSLEEP 530If 531.Xr fork 2 532system call fails due to limit on number of processes (either 533the global maxproc limit or user's one), wait for this many 534milliseconds before returning 535.Er EAGAIN 536error to process. 537Useful to keep heavily forking runaway processes in bay. 538Default zero (no sleep). 539Maximum is 20 seconds. 540.It Li KERN_FSYNC 541Return 1 if the POSIX 1003.1b File Synchronization Option is available 542on this system, 543otherwise 0. 544.It Li KERN_HOSTID 545Get or set the host id. 546.It Li KERN_HOSTNAME 547Get or set the hostname. 548.It Li KERN_IOV_MAX 549Return the maximum number of 550.Va iovec 551structures that a process has available for use with 552.Xr preadv 2 , 553.Xr pwritev 2 , 554.Xr readv 2 , 555.Xr recvmsg 2 , 556.Xr sendmsg 2 557and 558.Xr writev 2 . 559.It Li KERN_JOB_CONTROL 560Return 1 if job control is available on this system, otherwise 0. 561.It Li KERN_LABELOFFSET 562The offset within the sector specified by KERN_LABELSECTOR of the 563.Xr disklabel 5 . 564.It Li KERN_LABELSECTOR 565The sector number containing the 566.Xr disklabel 5 . 567.It Li KERN_LOGIN_NAME_MAX 568The size of the storage required for a login name, in bytes, 569including the terminating NUL. 570.It Li KERN_LOGSIGEXIT 571If this flag is non-zero, the kernel will 572.Xr log 9 573all process exits due to signals which create a 574.Xr core 5 575file, and whether the coredump was created. 576.It Li KERN_MAPPED_FILES 577Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available 578on this system, 579otherwise 0. 580.It Li KERN_MAXFILES 581The maximum number of open files that may be open in the system. 582.It Li KERN_MAXPARTITIONS 583The maximum number of partitions allowed per disk. 584.It Li KERN_MAXPROC 585The maximum number of simultaneous processes the system will allow. 586.It Li KERN_MAXPTYS 587The maximum number of pseudo terminals. 588This value can be both raised and lowered, though it cannot 589be set lower than number of currently used ptys. 590See also 591.Xr pty 4 . 592.It Li KERN_MAXVNODES 593The maximum number of vnodes available on the system. 594This can only be raised. 595.It Li KERN_MBUF 596Return information about the mbuf control variables. 597the third level names for the mbuf variables are detailed below. 598The changeable column shows whether a process with appropriate 599privilege may change the value. 600.Bl -column "MBUFXNMBCLUSTERSXXX" "struct integerXXX" -offset indent 601.It Sy Third level name Type Changeable 602.It MBUF\_MSIZE integer yes 603.It MBUF\_MCLBYTES integer yes 604.It MBUF\_NMBCLUSTERS integer yes 605.It MBUF\_MBLOWAT integer yes 606.It MBUF\_MCLLOWAT integer yes 607.El 608.Pp 609The variables are as follows: 610.Bl -tag -width "123456" 611.It Li MBUF_MSIZE 612The mbuf base size. 613.It Li MBUF_MCLBYTES 614The mbuf cluster size. 615.It Li MBUF_NMBCLUSTERS 616The limit on the number of mbuf clusters. 617The variable can only be increased, and only increased on machines with 618direct-mapped pool pages 619.It Li MBUF_MBLOWAT 620The mbuf low water mark. 621.It Li MBUF_MCLLOWAT 622The mbuf cluster low water mark. 623.El 624.It Li KERN_MEMLOCK 625Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available 626on this system, 627otherwise 0. 628.It Li KERN_MEMLOCK_RANGE 629Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available 630on this system, 631otherwise 0. 632.It Li KERN_MEMORY_PROTECTION 633Returns 1 if the POSIX 1003.1b Memory Protection Option is available 634on this system, 635otherwise 0. 636.It Li KERN_MONOTONIC_CLOCK 637Returns the standard version the implementation of the POSIX 1003.1b 638Monotonic Clock Option conforms to, 639otherwise 0. 640.It Li KERN_MSGBUF 641The kernel message buffer, rotated so that the head of the circular kernel 642message buffer is returned at the start of the buffer specified by 643.Fa oldp . 644The returned data may contain NUL bytes. 645.It Li KERN_MSGBUFSIZE 646The maximum number of characters that the kernel message buffer can hold. 647.It Li KERN_NGROUPS 648The maximum number of supplemental groups. 649.It Li KERN_NO_TRUNC 650Return 1 if file names longer than KERN_NAME_MAX are truncated. 651.It Li KERN_NTPTIME 652A 653.Va struct ntptimeval 654structure is returned. 655This structure contains data used by the 656.Xr ntpd 8 657program. 658.It Li KERN_OSRELEASE 659The system release string. 660.It Li KERN_OSREV 661The system revision string. 662.It Li KERN_OSTYPE 663The system type string. 664.It Li KERN_PATH_MAX 665The maximum number of bytes in a pathname. 666.It Li KERN_POSIX1 667The version of ISO/IEC 9945 (POSIX 1003.1) with which the system 668attempts to comply. 669.It Li KERN_POSIX_BARRIERS 670The version of 671.St -p1003.1 672and its 673Barriers 674option to which the system attempts to conform, 675otherwise 0. 676.It Li KERN_POSIX_READER_WRITER_LOCKS 677The version of 678.St -p1003.1 679and its 680Read-Write Locks 681option to which the system attempts to conform, 682otherwise 0. 683.It Li KERN_POSIX_SEMAPHORES 684The version of 685.St -p1003.1 686and its 687Semaphores 688option to which the system attempts to conform, 689otherwise 0. 690.It Li KERN_POSIX_SPIN_LOCKS 691The version of 692.St -p1003.1 693and its 694Spin Locks 695option to which the system attempts to conform, 696otherwise 0. 697.It Li KERN_POSIX_THREADS 698The version of 699.St -p1003.1 700and its 701Threads 702option to which the system attempts to conform, 703otherwise 0. 704.It Li KERN_POSIX_TIMERS 705The version of 706.St -p1003.1 707and its 708Timers 709option to which the system attempts to conform, 710otherwise 0. 711.It Li KERN_PROC 712Return the entire process table, or a subset of it. 713An array of 714.Va struct kinfo_proc 715structures is returned, 716whose size depends on the current number of such objects in the system. 717The third and fourth level names are as follows: 718.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent 719.It Sy Third level name Fourth level is: 720.It KERN\_PROC\_ALL None 721.It KERN\_PROC\_PID A process ID 722.It KERN\_PROC\_PGRP A process group 723.It KERN\_PROC\_SESSION A session ID 724.It KERN\_PROC\_TTY A tty device 725.It KERN\_PROC\_UID A user ID 726.It KERN\_PROC\_RUID A real user ID 727.It KERN\_PROC\_GID A group ID 728.It KERN\_PROC\_RGID A real group ID 729.El 730.It Li KERN_PROC2 731As for KERN_PROC, but an array of 732.Va struct kinfo_proc2 733structures are returned. 734The fifth level name is the size of the 735.Va struct kinfo_proc2 736and the sixth level name is the number of structures to return. 737.It Li KERN_PROC_ARGS 738Return the argv or environment strings (or the number thereof) 739of a process. 740Multiple strings are returned separated by NUL characters. 741The third level name is the process ID. 742The fourth level name is as follows: 743.Bl -column "Third level nameXXXXXX" -offset indent 744.It KERN\_PROC\_ARGV The argv strings 745.It KERN\_PROC\_NARGV The number of argv strings 746.It KERN\_PROC\_ENV The environ strings 747.It KERN\_PROC\_NENV The number of environ strings 748.El 749.It Li KERN_PROF 750Return profiling information about the kernel. 751If the kernel is not compiled for profiling, 752attempts to retrieve any of the KERN_PROF values will 753fail with EOPNOTSUPP. 754The third level names for the string and integer profiling information 755is detailed below. 756The changeable column shows whether a process with appropriate 757privilege may change the value. 758.Bl -column "GPROFXGMONPARAMXXX" "struct gmonparamXXX" -offset indent 759.It Sy Third level name Type Changeable 760.It GPROF\_STATE integer yes 761.It GPROF\_COUNT u_short[\|] yes 762.It GPROF\_FROMS u_short[\|] yes 763.It GPROF\_TOS struct tostruct yes 764.It GPROF\_GMONPARAM struct gmonparam no 765.El 766.Pp 767The variables are as follows: 768.Bl -tag -width "123456" 769.It Li GPROF_STATE 770Profiling state. 771If set to GMON_PROF_ON, starts profiling. 772If set to GMON_PROF_OFF, stops profiling. 773.It Li GPROF_COUNT 774Array of statistical program counter counts. 775.It Li GPROF_FROMS 776Array indexed by program counter of call-from points. 777.It Li GPROF_TOS 778Array of 779.Va struct tostruct 780describing destination of calls and their counts. 781.It Li GPROF_GMONPARAM 782Structure giving the sizes of the above arrays. 783.El 784.It Li KERN_RAWPARTITION 785The raw partition of a disk (a == 0). 786.It Li KERN_ROOT_DEVICE 787The name of the root device (e.g., 788.Dq wd0 ) . 789.It Li KERN_ROOT_PARTITION 790The root partition on the root device (a == 0). 791.It Li KERN_RTC_OFFSET 792Return the offset of real time clock from UTC in minutes. 793.It Li KERN_SAVED_IDS 794Returns 1 if saved set-group and saved set-user ID is available. 795.It Li KERN_SECURELVL 796The system security level. 797This level may be raised by processes with appropriate privilege. 798It may only be lowered by process 1. 799.It Li KERN_SYNCHRONIZED_IO 800Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available 801on this system, 802otherwise 0. 803.It Li KERN_SYSVIPC_INFO 804Return System V style IPC configuration and run-time information. 805The third level name selects the System V style IPC facility. 806.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent 807.It Sy Third level name Type 808.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info 809.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info 810.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info 811.El 812.Pp 813.Bl -tag -width "123456" 814.It Li KERN_SYSVIPC_MSG_INFO 815Return information on the System V style message facility. 816The 817.Sy msg_sysctl_info 818structure is defined in 819.Aq Pa sys/msg.h . 820.It Li KERN_SYSVIPC_SEM_INFO 821Return information on the System V style semaphore facility. 822The 823.Sy sem_sysctl_info 824structure is defined in 825.Aq Pa sys/sem.h . 826.It Li KERN_SYSVIPC_SHM_INFO 827Return information on the System V style shared memory facility. 828The 829.Sy shm_sysctl_info 830structure is defined in 831.Aq Pa sys/shm.h . 832.El 833.It Li KERN_SYSVMSG 834Returns 1 if System V style message queue functionality is available 835on this system, 836otherwise 0. 837.It Li KERN_SYSVSEM 838Returns 1 if System V style semaphore functionality is available 839on this system, 840otherwise 0. 841.It Li KERN_SYSVSHM 842Returns 1 if System V style share memory functionality is available 843on this system, 844otherwise 0. 845.It Li KERN_TKSTAT 846Return information about the number of characters sent and received 847on ttys. 848The third level names for the tty statistic variables are detailed below. 849The changeable column shows whether a process 850with appropriate privilege may change the value. 851.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent 852.It Sy Third level name Type Changeable 853.It KERN\_TKSTAT\_NIN quad no 854.It KERN\_TKSTAT\_NOUT quad no 855.It KERN\_TKSTAT\_CANCC quad no 856.It KERN\_TKSTAT\_RAWCC quad no 857.El 858.Pp 859The variables are as follows: 860.Bl -tag -width "123456" 861.It Li KERN_TKSTAT_NIN 862The total number of input characters. 863.It Li KERN_TKSTAT_NOUT 864The total number of output characters. 865.It Li KERN_TKSTAT_CANCC 866The number of canonical input characters. 867.It Li KERN_TKSTAT_RAWCC 868The number of raw input characters. 869.El 870.It Li KERN_VERSION 871The system version string. 872.It Li KERN_VNODE 873Return the entire vnode table. 874Note, the vnode table is not necessarily a consistent snapshot of 875the system. 876The returned data consists of an array whose size depends on the 877current number of such objects in the system. 878Each element of the array contains the kernel address of a vnode 879.Va struct vnode * 880followed by the vnode itself 881.Va struct vnode . 882.El 883.Sh CTL_MACHDEP 884The set of variables defined is architecture dependent. 885Most architectures define at least the following variables. 886.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent 887.It Sy Second level name Type Changeable 888.It Li CPU_CONSDEV dev_t no 889.El 890.Sh CTL_NET 891The string and integer information available for the CTL_NET level 892is detailed below. 893The changeable column shows whether a process with appropriate 894privilege may change the value. 895The second and third levels are typically the protocol family and 896protocol number, though this is not always the case. 897.Bl -column "Second level nameXXXXXX" "routing messagesXXX" -offset indent 898.It Sy Second level name Type Changeable 899.It PF\_ROUTE routing messages no 900.It PF\_INET IPv4 values yes 901.It PF\_INET6 IPv6 values yes 902.It PF\_KEY IPsec key management values yes 903.El 904.Pp 905.Bl -tag -width "123456" 906.It Li PF_ROUTE 907Return the entire routing table or a subset of it. 908The data is returned as a sequence of routing messages (see 909.Xr route 4 910for the header file, format and meaning). 911The length of each message is contained in the message header. 912.Pp 913The third level name is a protocol number, which is currently always 0. 914The fourth level name is an address family, which may be set to 0 to 915select all address families. 916The fifth and sixth level names are as follows: 917.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent 918.It Sy Fifth level name Sixth level is: 919.It NET\_RT\_FLAGS rtflags 920.It NET\_RT\_DUMP None 921.It NET\_RT\_IFLIST None 922.El 923.It Li PF_INET 924Get or set various global information about the IPv4 925.Pq Internet Protocol version 4 . 926The third level name is the protocol. 927The fourth level name is the variable name. 928The currently defined protocols and names are: 929.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 930.It Sy Protocol name Variable name Type Changeable 931.It ip forwarding integer yes 932.It ip redirect integer yes 933.It ip ttl integer yes 934.It ip forwsrcrt integer yes 935.It ip directed-broadcast integer yes 936.It ip allowsrcrt integer yes 937.It ip subnetsarelocal integer yes 938.It ip mtudisc integer yes 939.It ip anonportmin integer yes 940.It ip anonportmax integer yes 941.It ip mtudisctimeout integer yes 942.It ip gifttl integer yes 943.It ip grettl integer yes 944.It ip lowportmin integer yes 945.It ip lowportmax integer yes 946.It ip maxfragpacket integer yes 947.It ip checkinterface integer yes 948.It icmp maskrepl integer yes 949.It icmp errppslimit integer yes 950.It icmp rediraccept integer yes 951.It icmp redirtimeout integer yes 952.It tcp rfc1323 integer yes 953.It tcp sendspace integer yes 954.It tcp recvspace integer yes 955.It tcp mssdflt integer yes 956.It tcp syn_cache_limit integer yes 957.It tcp syn_bucket_limit integer yes 958.It tcp syn_cache_interval integer yes 959.It tcp init_win integer yes 960.It tcp init_win_local integer yes 961.It tcp mss_ifmtu integer yes 962.It tcp sack integer yes 963.It tcp win_scale integer yes 964.It tcp timestamps integer yes 965.It tcp compat_42 integer yes 966.It tcp cwm integer yes 967.It tcp cwm_burstsize integer yes 968.It tcp ack_on_push integer yes 969.It tcp keepidle integer yes 970.It tcp keepintvl integer yes 971.It tcp keepcnt integer yes 972.It tcp slowhz integer no 973.It tcp newreno integer yes 974.It tcp log_refused integer yes 975.It tcp rstppslimit integer yes 976.It tcp ident struct no 977.It udp checksum integer yes 978.It udp sendspace integer yes 979.It udp recvspace integer yes 980.El 981.Pp 982The variables are as follows: 983.Bl -tag -width "123456" 984.It Li ip.forwarding 985If set to 1, enables IP forwarding for the host, 986meaning that the host is acting as a router. 987.It Li ip.redirect 988If set to 1, ICMP redirects may be sent by the host. 989This option is ignored unless the host is routing IP packets, 990and should normally be enabled on all systems. 991.It Li ip.ttl 992The maximum time-to-live (hop count) value for an IP packet sourced by 993the system. 994This value applies to normal transport protocols, not to ICMP. 995.It Li ip.forwsrcrt 996If set to 1, enables forwarding of source-routed packets for the host. 997This value may only be changed if the kernel security level is less than 1. 998.It Li ip.directed-broadcast 999If set to 1, enables directed broadcast behavior for the host. 1000.It Li ip.allowsrcrt 1001If set to 1, the host accepts source routed packets. 1002.It Li ip.subnetsarelocal 1003If set to 1, subnets are to be considered local addresses. 1004.It Li ip.mtudisc 1005If set to 1, enables Path MTU Discovery (RFC 1191). 1006When Path MTU Discovery is enabled, the transmitted TCP segment 1007size will be determined by the advertised maximum segment size 1008(MSS) from the remote end, as constrained by the path MTU. 1009If MTU Discovery is disabled, the transmitted segment size will 1010never be greater than 1011.Li tcp.mssdflt 1012(the local maximum segment size). 1013.It Li ip.anonportmin 1014The lowest port number to use for TCP and UDP ephemeral port allocation. 1015This cannot be set to less than 1024 or greater than 65535. 1016.It Li ip.anonportmax 1017The highest port number to use for TCP and UDP ephemeral port allocation. 1018This cannot be set to less than 1024 or greater than 65535, and must 1019be greater than 1020.Li ip.anonportmin . 1021.It Li ip.mtudisctimeout 1022The number of seconds in which a route added by the Path MTU 1023Discovery engine will time out. 1024When the route times out, the Path 1025MTU Discovery engine will attempt to probe a larger path MTU. 1026.It Li ip.gifttl 1027The maximum time-to-live (hop count) value for an IPv4 packet generated by 1028.Xr gif 4 1029tunnel interface. 1030.It Li ip.grettl 1031The maximum time-to-live (hop count) value for an IPv4 packet generated by 1032.Xr gre 4 1033tunnel interface. 1034.It Li ip.lowportmin 1035The lowest port number to use for TCP and UDP reserved port allocation. 1036This cannot be set to less than 0 or greater than 1024, and must 1037be smaller than 1038.Li ip.lowportmax . 1039.It Li ip.lowportmax 1040The highest port number to use for TCP and UDP reserved port allocation. 1041This cannot be set to less than 0 or greater than 1024, and must 1042be greater than 1043.Li ip.lowportmin . 1044.It Li ip.maxfragpackets 1045The maximum number of fragmented packets the node will accept. 10460 means that the node will not accept any fragmented packets. 1047\-1 means that the node will accept as many fragmented packets as it receives. 1048The flag is provided basically for avoiding possible DoS attacks. 1049.It Li ip.checkinterface 1050If set to non-zero, the host will reject packets addressed to it 1051that arrive on an interface not bound to that address. 1052Currently, this must be disabled if ipnat is used to translate the 1053destination address to another local interface, or if addresses 1054are added to the loopback interface instead of the interface where 1055the packets for those packets are received. 1056.It Li icmp.maskrepl 1057If set to 1, ICMP network mask requests are to be answered. 1058.It Li icmp.errppslimit 1059The variable specifies the maximum number of outgoing ICMP error messages, 1060per second. 1061ICMP error messages that exceeded the value are subject to rate limitation 1062and will not go out from the node. 1063Negative value disables rate limitation. 1064.It Li icmp.rediraccept 1065If set to non-zero, the host will accept ICMP redirect packets. 1066Note that routers will never accept ICMP redirect packets, 1067and the variable is meaningful on IP hosts only. 1068.It Li icmp.redirtimeout 1069The variable specifies lifetime of routing entries generated by incoming 1070ICMP redirect. 1071This defaults to 600 seconds. 1072.It Li tcp.rfc1323 1073If set to 1, enables RFC 1323 extensions to TCP. 1074.It Li tcp.sendspace 1075The default TCP send buffer size. 1076.It Li tcp.recvspace 1077The default TCP receive buffer size. 1078.It Li tcp.mssdflt 1079The default maximum segment size both advertised to the peer 1080and to use when either the peer does not advertise a maximum segment size to 1081us during connection setup or Path MTU Discovery 1082.Li ( ip.mtudisc ) 1083is disabled. 1084Do not change this value unless you really know what you are doing. 1085.It Li tcp.syn_cache_limit 1086The maximum number of entries allowed in the TCP compressed state 1087engine. 1088.It Li tcp.syn_bucket_limit 1089The maximum number of entries allowed per hash bucket in the TCP 1090compressed state engine. 1091.It Li tcp.syn_cache_interval 1092The TCP compressed state engine's timer interval. 1093.It Li tcp.init_win 1094A value indicating the TCP initial congestion window. 1095If this value is 0, an auto-tuning algorithm designed to use an initial 1096window of approximately 4K bytes is in use. 1097Otherwise, this value indicates a fixed number of packets. 1098.It Li tcp.init_win_local 1099Like 1100.Li tcp.init_win , 1101but used when communicating with hosts on a local network. 1102.It Li tcp.mss_ifmtu 1103If set to 1, TCP calculates the outgoing maximum segment size based on 1104the MTU of the appropriate interface. 1105If set to 0, it is calculated based on the greater of the MTU of the 1106interface, and the largest (non-loopback) interface MTU on the system. 1107.It Li tcp.sack 1108If set to 1, enables RFC 2018 Selective ACKnowledgement. 1109.It Li tcp.win_scale 1110If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1111for increasing the TCP window size, are enabled. 1112.It Li tcp.timestamps 1113If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1114used for measuring TCP round trip times, are enabled. 1115.It Li tcp.compat_42 1116If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation. 1117Use of this option is not recommended, although it may be 1118required in order to communicate with extremely old TCP implementations. 1119.It Li tcp.cwm 1120If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window 1121Monitoring algorithm. 1122This algorithm prevents line-rate bursts of packets that could 1123otherwise occur when data begins flowing on an idle TCP connection. 1124These line-rate bursts can contribute to network and router congestion. 1125This can be particularly useful on World Wide Web servers 1126which support HTTP/1.1, which has lingering connections. 1127.It Li tcp.cwm_burstsize 1128The Congestion Window Monitoring allowed burst size, in terms 1129of packet count. 1130.It Li tcp.ack_on_push 1131If set to 1, TCP is to immediately transmit an ACK upon reception of 1132a packet with PUSH set. 1133This can avoid losing a round trip time in some rare situations, 1134but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1135Use of this option is generally not recommended, but 1136the variable exists in case your configuration really needs it. 1137.It Li tcp.keepidle 1138Time a connection must be idle before keepalives are sent (if keepalives 1139are enabled for the connection). 1140See also tcp.slowhz. 1141.It Li tcp.keepintvl 1142Time after a keepalive probe is sent until, in the absence of any response, 1143another probe is sent. 1144See also tcp.slowhz. 1145.It Li tcp.keepcnt 1146Number of keepalive probes sent before declaring a connection dead. 1147If set to zero, there is no limit; 1148keepalives will be sent until some kind of 1149response is received from the peer. 1150.It Li tcp.slowhz 1151The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1152of a clock that ticks tcp.slowhz times per second. 1153(That is, their values 1154must be divided by the tcp.slowhz value to get times in seconds.) 1155.It Li tcp.newreno 1156If set to 1, enables the use of J. 1157Hoe's NewReno congestion control algorithm. 1158This algorithm improves the start-up behavior of TCP connections. 1159.It Li tcp.log_refused 1160If set to 1, refused TCP connections to the host will be logged. 1161.It Li tcp.rstppslimit 1162The variable specifies the maximum number of outgoing TCP RST packets, 1163per second. 1164TCP RST packet that exceeded the value are subject to rate limitation 1165and will not go out from the node. 1166Negative value disables rate limitation. 1167.It Li udp.checksum 1168If set to 1, UDP checksums are being computed. 1169Received non-zero UDP checksums are always checked. 1170Disabling UDP checksums is strongly discouraged. 1171.It Li udp.sendspace 1172The default UDP send buffer size. 1173.It Li udp.recvspace 1174The default UDP receive buffer size. 1175.El 1176.Pp 1177For variables net.*.ipsec, please refer to 1178.Xr ipsec 4 . 1179.It Li PF_INET6 1180Get or set various global information about the IPv6 1181.Pq Internet Protocol version 6 . 1182The third level name is the protocol. 1183The fourth level name is the variable name. 1184The currently defined protocols and names are: 1185.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 1186.It Sy Protocol name Variable name Type Changeable 1187.It ip6 forwarding integer yes 1188.It ip6 redirect integer yes 1189.It ip6 hlim integer yes 1190.It ip6 maxfragpackets integer yes 1191.It ip6 accept_rtadv integer yes 1192.It ip6 keepfaith integer yes 1193.It ip6 log_interval integer yes 1194.It ip6 hdrnestlimit integer yes 1195.It ip6 dad_count integer yes 1196.It ip6 auto_flowlabel integer yes 1197.It ip6 defmcasthlim integer yes 1198.It ip6 gif_hlim integer yes 1199.It ip6 kame_version string no 1200.It ip6 use_deprecated integer yes 1201.It ip6 rr_prune integer yes 1202.It ip6 v6only integer yes 1203.It ip6 anonportmin integer yes 1204.It ip6 anonportmax integer yes 1205.It ip6 lowportmin integer yes 1206.It ip6 lowportmax integer yes 1207.It ip6 maxfrags integer yes 1208.It icmp6 rediraccept integer yes 1209.It icmp6 redirtimeout integer yes 1210.It icmp6 nd6_prune integer yes 1211.It icmp6 nd6_delay integer yes 1212.It icmp6 nd6_umaxtries integer yes 1213.It icmp6 nd6_mmaxtries integer yes 1214.It icmp6 nd6_useloopback integer yes 1215.It icmp6 nodeinfo integer yes 1216.It icmp6 errppslimit integer yes 1217.It icmp6 nd6_maxnudhint integer yes 1218.It icmp6 mtudisc_hiwat integer yes 1219.It icmp6 mtudisc_lowat integer yes 1220.It icmp6 nd6_debug integer yes 1221.It udp6 sendspace integer yes 1222.It udp6 recvspace integer yes 1223.El 1224.Pp 1225The variables are as follows: 1226.Bl -tag -width "123456" 1227.It Li ip6.forwarding 1228If set to 1, enables IPv6 forwarding for the node, 1229meaning that the node is acting as a router. 1230If set to 0, disables IPv6 forwarding for the node, 1231meaning that the node is acting as a host. 1232IPv6 specification defines node behavior for 1233.Dq router 1234case and 1235.Dq host 1236case quite differently, and changing this variable during operation 1237may cause serious trouble. 1238It is recommended to configure the variable at bootstrap time, 1239and bootstrap time only. 1240.It Li ip6.redirect 1241If set to 1, ICMPv6 redirects may be sent by the node. 1242This option is ignored unless the node is routing IP packets, 1243and should normally be enabled on all systems. 1244.It Li ip6.hlim 1245The default hop limit value for an IPv6 unicast packet sourced by the node. 1246This value applies to all the transport protocols on top of IPv6. 1247There are APIs to override the value, as documented in 1248.Xr ip6 4 . 1249.It Li ip6.maxfragpackets 1250The maximum number of fragmented packets the node will accept. 12510 means that the node will not accept any fragmented packets. 1252\-1 means that the node will accept as many fragmented packets as it receives. 1253The flag is provided basically for avoiding possible DoS attacks. 1254.It Li ip6.accept_rtadv 1255If set to non-zero, the node will accept ICMPv6 router advertisement packets 1256and autoconfigures address prefixes and default routers. 1257The node must be a host 1258.Pq not a router 1259for the option to be meaningful. 1260.It Li ip6.keepfaith 1261If set to non-zero, it enables 1262.Dq FAITH 1263TCP relay IPv6-to-IPv4 translator code in the kernel. 1264Refer 1265.Xr faith 4 1266and 1267.Xr faithd 8 1268for detail. 1269.It Li ip6.log_interval 1270The variable controls amount of logs generated by IPv6 packet 1271forwarding engine, by setting interval between log output 1272.Pq in seconds . 1273.It Li ip6.hdrnestlimit 1274The number of IPv6 extension headers permitted on incoming IPv6 packets. 1275If set to 0, the node will accept as many extension headers as possible. 1276.It Li ip6.dad_count 1277The variable configures number of IPv6 DAD 1278.Pq duplicated address detection 1279probe packets. 1280The packets will be generated when IPv6 interface addresses are configured. 1281.It Li ip6.auto_flowlabel 1282On connected transport protocol packets, 1283fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1284.It Li ip6.defmcasthlim 1285The default hop limit value for an IPv6 multicast packet sourced by the node. 1286This value applies to all the transport protocols on top of IPv6. 1287There are APIs to override the value, as documented in 1288.Xr ip6 4 . 1289.It Li ip6.gif_hlim 1290The maximum hop limit value for an IPv6 packet generated by 1291.Xr gif 4 1292tunnel interface. 1293.It Li ip6.kame_version 1294The string identifies the version of KAME IPv6 stack implemented in the kernel. 1295.It Li ip6.use_deprecated 1296The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1297.It Li ip6.rr_prune 1298The variable specifies interval between IPv6 router renumbering prefix 1299babysitting, in seconds. 1300.It Li ip6.v6only 1301The variable specifies initial value for 1302.Dv IPV6_V6ONLY 1303socket option for 1304.Dv AF_INET6 1305socket. 1306Please refer to 1307.Xr ip6 4 1308for detail. 1309.It Li ip6.anonportmin 1310The lowest port number to use for TCP and UDP ephemeral port allocation. 1311This cannot be set to less than 1024 or greater than 65535. 1312.It Li ip6.anonportmax 1313The highest port number to use for TCP and UDP ephemeral port allocation. 1314This cannot be set to less than 1024 or greater than 65535, and must 1315be greater than 1316.Li ip6.anonportmin . 1317.It Li ip6.lowportmin 1318The lowest port number to use for TCP and UDP reserved port allocation. 1319This cannot be set to less than 0 or greater than 1024, and must 1320be smaller than 1321.Li ip6.lowportmax . 1322.It Li ip6.lowportmax 1323The highest port number to use for TCP and UDP reserved port allocation. 1324This cannot be set to less than 0 or greater than 1024, and must 1325be greater than 1326.Li ip6.lowportmin . 1327.It Li ip6.maxfrags 1328The maximum number of fragments the node will accept. 13290 means that the node will not accept any fragments. 1330\-1 means that the node will accept as many fragments as it receives. 1331The flag is provided basically for avoiding possible DoS attacks. 1332.It Li icmp6.rediraccept 1333If set to non-zero, the host will accept ICMPv6 redirect packets. 1334Note that IPv6 routers will never accept ICMPv6 redirect packets, 1335and the variable is meaningful on IPv6 hosts 1336.Pq non-router 1337only. 1338.It Li icmp6.redirtimeout 1339The variable specifies lifetime of routing entries generated by incoming 1340ICMPv6 redirect. 1341.It Li icmp6.nd6_prune 1342The variable specifies interval between IPv6 neighbor cache babysitting, 1343in seconds. 1344.It Li icmp6.nd6_delay 1345The variable specifies 1346.Dv DELAY_FIRST_PROBE_TIME 1347timing constant in IPv6 neighbor discovery specification 1348.Pq RFC 2461 , 1349in seconds. 1350.It Li icmp6.nd6_umaxtries 1351The variable specifies 1352.Dv MAX_UNICAST_SOLICIT 1353constant in IPv6 neighbor discovery specification 1354.Pq RFC 2461 . 1355.It Li icmp6.nd6_mmaxtries 1356The variable specifies 1357.Dv MAX_MULTICAST_SOLICIT 1358constant in IPv6 neighbor discovery specification 1359.Pq RFC 2461 . 1360.It Li icmp6.nd6_useloopback 1361If set to non-zero, kernel IPv6 stack will use loopback interface for 1362local traffic. 1363.It Li icmp6.nodeinfo 1364The variable enables responses to ICMPv6 node information queries. 1365If you set the variable to 0, responses will not be generated for 1366ICMPv6 node information queries. 1367Since node information queries can have a security impact, it is 1368possible to fine tune which responses should be answered. 1369Two separate bits can be set. 1370.Bl -tag -width "12345" 1371.It 1 1372Respond to ICMPv6 FQDN queries, e.g. 1373.Li ping6 -w . 1374.It 2 1375Respond to ICMPv6 node addresses queries, e.g. 1376.Li ping6 -a . 1377.El 1378.It Li icmp6.errppslimit 1379The variable specifies the maximum number of outgoing ICMPv6 error messages, 1380per second. 1381ICMPv6 error messages that exceeded the value are subject to rate limitation 1382and will not go out from the node. 1383Negative value disables rate limitation. 1384.It Li icmp6.nd6_maxnudhint 1385IPv6 neighbor discovery permits upper layer protocols to supply reachability 1386hints, to avoid unnecessary neighbor discovery exchanges. 1387The variable defines the number of consecutive hints the neighbor discovery 1388layer will take. 1389For example, by setting the variable to 3, neighbor discovery layer 1390will take 3 consecutive hints in maximum. 1391After receiving 3 hints, neighbor discovery layer will perform 1392normal neighbor discovery process. 1393.It Li icmp6.mtudisc_hiwat 1394.It Li icmp6.mtudisc_lowat 1395The variables define the maximum number of routing table entries, 1396created due to path MTU discovery 1397.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1398When IPv6 path MTU discovery happens, we keep path MTU information into 1399the routing table. 1400If the number of routing table entries exceed the value, 1401the kernel will not attempt to keep the path MTU information. 1402.Li icmp6.mtudisc_hiwat 1403is used when we have verified ICMPv6 too big messages. 1404.Li icmp6.mtudisc_lowat 1405is used when we have unverified ICMPv6 too big messages. 1406Verification is performed by using address/port pairs kept in connected pcbs. 1407Negative value disables the upper limit. 1408.It Li icmp6.nd6_debug 1409If set to non-zero, kernel IPv6 neighbor discovery code will generate 1410debugging messages. 1411The debug outputs are useful to diagnose IPv6 interoperability issues. 1412The flag must be set to 0 for normal operation. 1413.El 1414.Pp 1415We reuse net.*.tcp for 1416.Tn TCP 1417over 1418.Tn IPv6 , 1419and therefore we do not have variables net.*.tcp6. 1420Variables net.inet6.udp6 have identical meaning to net.inet.udp. 1421Please refer to 1422.Li PF_INET 1423section above. 1424For variables net.*.ipsec6, please refer to 1425.Xr ipsec 4 . 1426.It Li PF_KEY 1427Get or set various global information about the IPsec key management. 1428The third level name is the variable name. 1429The currently defined variable and names are: 1430.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent 1431.It Sy Variable name Type Changeable 1432.It debug integer yes 1433.It spi_try integer yes 1434.It spi_min_value integer yes 1435.It spi_max_value integer yes 1436.It larval_lifetime integer yes 1437.It blockacq_count integer yes 1438.It blockacq_lifetime integer yes 1439.It esp_keymin integer yes 1440.It esp_auth integer yes 1441.It ah_keymin integer yes 1442.El 1443The variables are as follows: 1444.Bl -tag -width "123456" 1445.It Li debug 1446Turn on debugging message from within the kernel. 1447The value is a bitmap, as defined in 1448.Pa /usr/include/netkey/key_debug.h . 1449.It Li spi_try 1450The number of times the kernel will try to obtain an unique SPI 1451when it generates it from random number generator. 1452.It Li spi_min_value 1453Minimum SPI value when generating it within the kernel. 1454.It Li spi_max_value 1455Maximum SPI value when generating it within the kernel. 1456.It Li larval_lifetime 1457Lifetime for LARVAL SAD entries, in seconds. 1458.It Li blockacq_count 1459Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 1460It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 1461key management daemon. 1462.It Li blockacq_lifetime 1463Lifetime of ACQUIRE PF_KEY message. 1464.It Li esp_keymin 1465Minimum ESP key length, in bits. 1466The value is used when the kernel creates proposal payload 1467on ACQUIRE PF_KEY message. 1468.It Li esp_auth 1469Whether ESP authentication should be used or not. 1470Non-zero value indicates that ESP authentication should be used. 1471The value is used when the kernel creates proposal payload 1472on ACQUIRE PF_KEY message. 1473.It Li ah_keymin 1474Minimum AH key length, in bits, 1475The value is used when the kernel creates proposal payload 1476on ACQUIRE PF_KEY message. 1477.El 1478.El 1479.Sh CTL_PROC 1480The string and integer information available for the CTL_PROC 1481is detailed below. 1482The changeable column shows whether a process with appropriate 1483privilege may change the value. 1484These values are per-process, 1485and as such may change from one process to another. 1486When a process is created, 1487the default values are inherited from its parent. 1488When a set-user-ID or set-group-ID binary is executed, the 1489value of PROC_PID_CORENAME is reset to the system default value. 1490The second level name is either the magic value PROC_CURPROC, which 1491points to the current process, or the PID of the target process. 1492.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent 1493.It Sy Third level name Type Changeable 1494.It PROC\_PID\_CORENAME string yes 1495.It PROC\_PID\_LIMIT node not applicable 1496.It PROC\_PID\_STOPFORK int yes 1497.It PROC\_PID\_STOPEXEC int yes 1498.It PROC\_PID\_STOPEXIT int yes 1499.El 1500.Bl -tag -width "123456" 1501.Pp 1502.It Li PROC_PID_CORENAME 1503The template used for the core dump file name (see 1504.Xr core 5 1505for details). 1506The base name must either be 1507.Nm core 1508or end with the suffix ``.core'' (the super-user may set arbitrary names). 1509By default it points to KERN_DEFCORENAME. 1510.It Li PROC_PID_LIMIT 1511Return resources limits, as defined for the 1512.Xr getrlimit 2 1513and 1514.Xr setrlimit 2 1515system calls. 1516The fourth level name is one of: 1517.Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA 1518.It Li PROC_PID_LIMIT_CPU 1519The maximum amount of CPU time (in seconds) to be used by each process. 1520.It Li PROC_PID_LIMIT_FSIZE 1521The largest size (in bytes) file that may be created. 1522.It Li PROC_PID_LIMIT_DATA 1523The maximum size (in bytes) of the data segment for a process; 1524this defines how far a program may extend its break with the 1525.Xr sbrk 2 1526system call. 1527.It Li PROC_PID_LIMIT_STACK 1528The maximum size (in bytes) of the stack segment for a process; 1529this defines how far a program's stack segment may be extended. 1530Stack extension is performed automatically by the system. 1531.It Li PROC_PID_LIMIT_CORE 1532The largest size (in bytes) 1533.Pa core 1534file that may be created. 1535.It Li PROC_PID_LIMIT_RSS 1536The maximum size (in bytes) to which a process's resident set size may 1537grow. 1538This imposes a limit on the amount of physical memory to be given to 1539a process; if memory is tight, the system will prefer to take memory 1540from processes that are exceeding their declared resident set size. 1541.It Li PROC_PID_LIMIT_MEMLOCK 1542The maximum size (in bytes) which a process may lock into memory 1543using the 1544.Xr mlock 2 1545function. 1546.It Li PROC_PID_LIMIT_NPROC 1547The maximum number of simultaneous processes for this user id. 1548.It Li PROC_PID_LIMIT_NOFILE 1549The maximum number of open files for this process. 1550.El 1551.Pp 1552The fifth level name is one of PROC_PID_LIMIT_TYPE_SOFT or 1553PROC_PID_LIMIT_TYPE_HARD, to select respectively the soft or hard limit. 1554Both are of type integer. 1555.It Li PROC_PID_STOPFORK 1556If non zero, the process' children will be stopped after 1557.Xr fork 2 1558calls. 1559The children is created in the SSTOP state and is never scheduled 1560for running before being stopped. 1561This feature helps attaching a process with a debugger such as 1562.Xr gdb 1 1563before it had the opportunity to actually do anything. 1564.Pp 1565This value is inherited by the process's children, and it also 1566apply to emulation specific system calls that fork a new process, such as 1567.Fn sproc 1568or 1569.Fn clone . 1570.It Li PROC_PID_STOPEXEC 1571If non zero, the process will be stopped on next 1572.Xr exec 3 1573call. 1574The process created by 1575.Xr exec 3 1576is created in the SSTOP state and is never scheduled for running 1577before being stopped. 1578This feature helps attaching a process with a debugger such as 1579.Xr gdb 1 1580before it had the opportunity to actually do anything. 1581.Pp 1582This value is inherited by the process's children. 1583.It Li PROC_PID_STOPEXIT 1584If non zero, the process will be stopped on when it has cause to exit, 1585either by way of calling 1586.Xr exit 3 , 1587.Xr _exit 2 , 1588or by the receipt of a specific signal. 1589The process is stopped before any of its resources or vm space is 1590released allowing examination of the termination state of a process 1591before it disappears. 1592This feature can be used to examine the final conditions of the 1593process's vmspace via 1594.Xr pmap 1 1595or its resource settings with 1596.Xr sysctl 8 1597before it disappears. 1598.Pp 1599This value is also inherited by the process's children. 1600.El 1601.Sh CTL_USER 1602The string and integer information available for the CTL_USER level 1603is detailed below. 1604The changeable column shows whether a process with appropriate 1605privilege may change the value. 1606.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent 1607.It Sy Second level name Type Changeable 1608.It USER\_BC\_BASE\_MAX integer no 1609.It USER\_BC\_DIM\_MAX integer no 1610.It USER\_BC\_SCALE\_MAX integer no 1611.It USER\_BC\_STRING\_MAX integer no 1612.It USER\_COLL\_WEIGHTS\_MAX integer no 1613.It USER\_CS\_PATH string no 1614.It USER\_EXPR\_NEST\_MAX integer no 1615.It USER\_LINE\_MAX integer no 1616.It USER\_POSIX2\_CHAR\_TERM integer no 1617.It USER\_POSIX2\_C\_BIND integer no 1618.It USER\_POSIX2\_C\_DEV integer no 1619.It USER\_POSIX2\_FORT\_DEV integer no 1620.It USER\_POSIX2\_FORT\_RUN integer no 1621.It USER\_POSIX2\_LOCALEDEF integer no 1622.It USER\_POSIX2\_SW\_DEV integer no 1623.It USER\_POSIX2\_UPE integer no 1624.It USER\_POSIX2\_VERSION integer no 1625.It USER\_RE\_DUP\_MAX integer no 1626.It USER\_STREAM\_MAX integer no 1627.It USER\_TZNAME\_MAX integer no 1628.It USER\_ATEXIT\_MAX integer no 1629.El 1630.Bl -tag -width "123456" 1631.Pp 1632.It Li USER_BC_BASE_MAX 1633The maximum ibase/obase values in the 1634.Xr bc 1 1635utility. 1636.It Li USER_BC_DIM_MAX 1637The maximum array size in the 1638.Xr bc 1 1639utility. 1640.It Li USER_BC_SCALE_MAX 1641The maximum scale value in the 1642.Xr bc 1 1643utility. 1644.It Li USER_BC_STRING_MAX 1645The maximum string length in the 1646.Xr bc 1 1647utility. 1648.It Li USER_COLL_WEIGHTS_MAX 1649The maximum number of weights that can be assigned to any entry of 1650the LC_COLLATE order keyword in the locale definition file. 1651.It Li USER_CS_PATH 1652Return a value for the 1653.Ev PATH 1654environment variable that finds all the standard utilities. 1655.It Li USER_EXPR_NEST_MAX 1656The maximum number of expressions that can be nested within 1657parenthesis by the 1658.Xr expr 1 1659utility. 1660.It Li USER_LINE_MAX 1661The maximum length in bytes of a text-processing utility's input 1662line. 1663.It Li USER_POSIX2_CHAR_TERM 1664Return 1 if the system supports at least one terminal type capable of 1665all operations described in POSIX 1003.2, otherwise 0. 1666.It Li USER_POSIX2_C_BIND 1667Return 1 if the system's C-language development facilities support the 1668C-Language Bindings Option, otherwise 0. 1669.It Li USER_POSIX2_C_DEV 1670Return 1 if the system supports the C-Language Development Utilities Option, 1671otherwise 0. 1672.It Li USER_POSIX2_FORT_DEV 1673Return 1 if the system supports the FORTRAN Development Utilities Option, 1674otherwise 0. 1675.It Li USER_POSIX2_FORT_RUN 1676Return 1 if the system supports the FORTRAN Runtime Utilities Option, 1677otherwise 0. 1678.It Li USER_POSIX2_LOCALEDEF 1679Return 1 if the system supports the creation of locales, otherwise 0. 1680.It Li USER_POSIX2_SW_DEV 1681Return 1 if the system supports the Software Development Utilities Option, 1682otherwise 0. 1683.It Li USER_POSIX2_UPE 1684Return 1 if the system supports the User Portability Utilities Option, 1685otherwise 0. 1686.It Li USER_POSIX2_VERSION 1687The version of POSIX 1003.2 with which the system attempts to comply. 1688.It Li USER_RE_DUP_MAX 1689The maximum number of repeated occurrences of a regular expression 1690permitted when using interval notation. 1691.ne 1i 1692.It Li USER_STREAM_MAX 1693The minimum maximum number of streams that a process may have open 1694at any one time. 1695.It Li USER_TZNAME_MAX 1696The minimum maximum number of types supported for the name of a 1697timezone. 1698.It Li USER_ATEXIT_MAX 1699The maximum number of functions that may be registered with 1700.Xr atexit 3 . 1701.El 1702.Sh CTL_VM 1703The string and integer information available for the CTL_VM level 1704is detailed below. 1705The changeable column shows whether a process with appropriate 1706privilege may change the value. 1707.Bl -column "Second level nameXXXXXX" "struct loadavgXXX" -offset indent 1708.It Sy Second level name Type Changeable 1709.It VM\_ANONMAX int yes 1710.It VM\_ANONMIN int yes 1711.It VM\_BUFCACHE int yes 1712.It VM\_BUFMEM int no 1713.It VM\_BUFMEM_LOWATER int yes 1714.It VM\_BUFMEM_HIWATER int yes 1715.It VM\_EXECMAX int yes 1716.It VM\_EXECMIN int yes 1717.It VM\_FILEMAX int yes 1718.It VM\_FILEMIN int yes 1719.It VM\_LOADAVG struct loadavg no 1720.It VM\_MAXSLP int no 1721.It VM\_METER struct vmtotal no 1722.It VM\_NKMEMPAGES int no 1723.It VM\_USPACE int no 1724.It VM\_UVMEXP struct uvmexp no 1725.It VM\_UVMEXP2 struct uvmexp_sysctl no 1726.El 1727.Pp 1728.Bl -tag -width "123456" 1729.It Li VM_ANONMAX 1730The percentage of physical memory which will be reclaimed 1731from other types of memory usage to store anonymous application data. 1732.It Li VM_ANONMIN 1733The percentage of physical memory which will be always be available for 1734anonymous application data. 1735.It Li VM_BUFCACHE 1736The percentage of kernel memory which will be available 1737for the buffer cache. 1738.It Li VM_BUFMEM 1739The amount of kernel memory that is being used by the buffer cache. 1740.It Li VM_BUFMEM_LOWATER 1741The minimum amount of kernel memory to reserve for the 1742buffer cache. 1743.It Li VM_BUFMEM_HIWATER 1744The maximum amount of kernel memory to be used for the 1745buffer cache. 1746.It Li VM_EXECMAX 1747The percentage of physical memory which will be reclaimed 1748from other types of memory usage to store cached executable data. 1749.It Li VM_EXECMIN 1750The percentage of physical memory which will be always be available for 1751cached executable data. 1752.It Li VM_FILEMAX 1753The percentage of physical memory which will be reclaimed 1754from other types of memory usage to store cached file data. 1755.It Li VM_FILEMIN 1756The percentage of physical memory which will be always be available for 1757cached file data. 1758.It Li VM_LOADAVG 1759Return the load average history. 1760The returned data consists of a 1761.Va struct loadavg . 1762.It Li VM_MAXSLP 1763The value of the maxslp kernel global variable. 1764.It Li VM_METER 1765Return system wide virtual memory statistics. 1766The returned data consists of a 1767.Va struct vmtotal . 1768.It Li VM_USPACE 1769The number of bytes allocated for each kernel stack. 1770.It Li VM_UVMEXP 1771Return system wide virtual memory statistics. 1772The returned data consists of a 1773.Va struct uvmexp . 1774.It Li VM_UVMEXP2 1775Return system wide virtual memory statistics. 1776The returned data consists of a 1777.Va struct uvmexp_sysctl . 1778.El 1779.Sh CTL_DDB 1780The integer information available for the CTL_DDB level is detailed below. 1781The changeable column shows whether a process with appropriate 1782privilege may change the value. 1783.Bl -column "DBCTL_TABSTOPSXXX" "integerXXX" -offset indent 1784.It Sy Second level name Type Changeable 1785.It DBCTL\_RADIX integer yes 1786.It DBCTL\_MAXOFF integer yes 1787.It DBCTL\_LINES integer yes 1788.It DBCTL\_TABSTOPS integer yes 1789.It DBCTL\_ONPANIC integer yes 1790.It DBCTL\_FROMCONSOLE integer yes 1791.El 1792.Pp 1793.Bl -tag -width "123456" 1794.It Li DBCTL_RADIX 1795The input and output radix. 1796.It Li DBCTL_MAXOFF 1797The maximum symbol offset. 1798.It Li DBCTL_LINES 1799Number of display lines. 1800.It Li DBCTL_TABSTOPS 1801Tab width. 1802.It Li DBCTL_ONPANIC 1803If non-zero, DDB will be entered when the kernel panics. 1804.It Li DBCTL_FROMCONSOLE 1805If not zero, DDB may be entered by sending a break on a serial 1806console or by a special key sequence on a graphics console. 1807.El 1808.Pp 1809These MIB nodes are also available as variables from within the DDB. 1810See 1811.Xr ddb 4 1812for more details. 1813.Sh CTL_VENDOR 1814The "vendor" toplevel name is reserved to be used by vendors who wish to 1815have their own private MIB tree. 1816Intended use is to store values under 1817.Dq vendor.\*[Lt]yourname\*[Gt].* . 1818.Sh DYNAMIC OPERATIONS 1819Several meta-identifiers are provided to perform operations on the 1820.Nm 1821tree itself, or support alternate means of accessing the data 1822instrumented by the 1823.Nm 1824tree. 1825.Bl -column CTLXCREATESYMXXX 1826.It Sy Name Description 1827.It CTL\_QUERY Retrieve a mapping of names to numbers below a given node 1828.It CTL\_CREATE Create a new node 1829.It CTL\_CREATESYM Create a new node by its kernel symbol 1830.It CTL\_DESTROY Destroy a node 1831.It CTL\_DESCRIBE Retrieve node descriptions 1832.El 1833.Pp 1834The core interface to all of these meta-functions is the structure 1835that the kernel uses to describe the tree internally, as defined in 1836.Aq Pa sys/sysctl.h 1837as: 1838.Pp 1839.Bd -literal 1840struct sysctlnode { 1841 uint32_t sysctl_flags; /* flags and type */ 1842 int32_t sysctl_num; /* mib number */ 1843 char sysctl_name[SYSCTL_NAMELEN]; /* node name */ 1844 uint32_t sysctl_ver; /* node's version vs. rest of tree */ 1845 uint32_t __rsvd; 1846 union { 1847 struct { 1848 uint32_t suc_csize; /* size of child node array */ 1849 uint32_t suc_clen; /* number of valid children */ 1850 struct sysctlnode* suc_child; /* array of child nodes */ 1851 } scu_child; 1852 struct { 1853 void *sud_data; /* pointer to external data */ 1854 size_t sud_offset; /* offset to data */ 1855 } scu_data; 1856 int32_t scu_alias; /* node this node refers to */ 1857 int32_t scu_idata; /* immediate "int" data */ 1858 u_quad_t scu_qdata; /* immediate "u_quad_t" data */ 1859 } sysctl_un; 1860 size_t _sysctl_size; /* size of instrumented data */ 1861 sysctlfn _sysctl_func; /* access helper function */ 1862 struct sysctlnode *sysctl_parent; /* parent of this node */ 1863 const char *sysctl_desc; /* description of node */ 1864}; 1865 1866#define sysctl_csize sysctl_un.scu_child.suc_csize 1867#define sysctl_clen sysctl_un.scu_child.suc_clen 1868#define sysctl_child sysctl_un.scu_child.suc_child 1869#define sysctl_data sysctl_un.scu_data.sud_data 1870#define sysctl_offset sysctl_un.scu_data.sud_offset 1871#define sysctl_alias sysctl_un.scu_alias 1872#define sysctl_idata sysctl_un.scu_idata 1873#define sysctl_qdata sysctl_un.scu_qdata 1874.Ed 1875.Pp 1876Querying the tree to discover the name to number mapping permits 1877dynamic discovery of all the data that the tree currently has 1878instrumented. 1879For example, to discover all the nodes below the 1880CTL_VFS node: 1881.Pp 1882.Bd -literal -offset indent -compact 1883struct sysctlnode query, vfs[128]; 1884int mib[2]; 1885size_t len; 1886.sp 1887mib[0] = CTL_VFS; 1888mib[1] = CTL_QUERY; 1889memset(\*[Am]query, 0, sizeof(query)); 1890query.sysctl_flags = SYSCTL_VERSION; 1891len = sizeof(vfs); 1892sysctl(mib, 2, \*[Am]vfs[0], \*[Am]len, \*[Am]query, sizeof(query)); 1893.Ed 1894.Pp 1895Note that a reference to an empty node with 1896.Fa sysctl_flags 1897set to 1898.Dv SYSCTL_VERSION 1899is passed to sysctl in order to indicate the version that the program 1900is using. 1901All dynamic operations passing nodes into sysctl require that the 1902version be explicitly specified. 1903.Pp 1904Creation and destruction of nodes works by constructing part of a new 1905node description (or a description of the existing node) and invoking 1906CTL_CREATE (or CTL_CREATESYM) or CTL_DESTROY at the parent of the new 1907node, with a pointer to the new node passed via the 1908.Fa new 1909and 1910.Fa newlen 1911arguments. 1912If valid values for 1913.Fa old 1914and 1915.Fa oldlenp 1916are passed, a copy of the new node once in the tree will be returned. 1917If the create operation fails because a node with the same name or MIB 1918number exists, a copy of the conflicting node will be returned. 1919.Pp 1920The minimum requirements for creating a node are setting the 1921.Fa sysctl_flags 1922to indicate the new node's type, 1923.Fa sysctl_num 1924to either the new node's number (or CTL_CREATE or CTL_CREATESYM if a 1925dynamically allocated MIB number is acceptable), 1926.Fa sysctl_size 1927to the size of the data to be instrumented (which must agree with the 1928given type), and 1929.Fa sysctl_name 1930must be set to the new node's name. 1931Nodes that are not of type 1932.Dq node 1933must also have some description of the data to be instrumented, which 1934will vary depending on what is to be instrumented. 1935.Pp 1936If existing kernel data is to be covered by this new node, its address 1937should be given in 1938.Fa sysctl_data 1939or, if CTL_CREATESYM is used, 1940.Fa sysctl_data 1941should be set to a string containing its name from the kernel's symbol 1942table. 1943If new data is to be instrumented and an initial value is available, 1944the new integer or quad type data should be placed into either 1945.Fa sysctl_idata 1946or 1947.Fa sysctl_qdata , 1948respectively, along with the SYSCTL_IMMEDIATE flag being set, or 1949.Fa sysctl_data 1950should be set to point to a copy of the new data, and the 1951SYSCTL_OWNDATA flag must be set. 1952This latter method is the only way that new string and struct type 1953nodes can be initialized. 1954Invalid kernel addresses are accepted, but any attempt to access those 1955nodes will return an error. 1956.Pp 1957The 1958.Fa sysctl_csize , 1959.Fa sysctl_clen , 1960.Fa sysctl_child , 1961.Fa sysctl_parent , 1962and 1963.Fa sysctl_alias 1964members are used by the kernel to link the tree together and must be 1965.Dv NULL 1966or 0. 1967Nodes created in this manner cannot have helper functions, so 1968.Fa sysctl_func 1969must also be 1970.Dv NULL . 1971If the 1972.Fa sysctl_ver 1973member is non-zero, it must match either the version of the parent or 1974the version at the root of the MIB or an error is returned. 1975This can be used to ensure that nodes are only added or removed from a 1976known state of the tree. 1977Note: It may not be possible to determine the version at the root 1978of the tree. 1979.Pp 1980This example creates a new subtree and adds a node to it that controls the 1981.Fa audiodebug 1982kernel variable, thereby making it tunable at at any time, without 1983needing to use 1984.Xr ddb 4 1985or 1986.Xr kvm 3 1987to alter the kernel's memory directly. 1988.Pp 1989.Bd -literal -offset indent -compact 1990struct sysctlnode node; 1991int mib[2]; 1992size_t len; 1993.sp 1994mib[0] = CTL_CREATE; /* create at top-level */ 1995len = sizeof(node); 1996memset(\*[Am]node, 0, len); 1997node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_NODE; 1998snprintf(node.sysctl_name, sizeof(node.sysctl_name), "local"); 1999node.sysctl_num = CTL_CREATE; /* request dynamic MIB number */ 2000sysctl(\*[Am]mib[0], 1, \*[Am]node, \*[Am]len, \*[Am]node, len); 2001.sp 2002mib[0] = node.sysctl_num; /* use new MIB number */ 2003mib[1] = CTL_CREATESYM; /* create at second level */ 2004len = sizeof(node); 2005memset(\*[Am]node, 0, len); 2006node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_INT; 2007snprintf(node.sysctl_name, sizeof(node.sysctl_name), "audiodebug"); 2008node.sysctl_num = CTL_CREATE; 2009node.sysctl_data = "audiodebug"; /* kernel symbol to be used */ 2010sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 2011.Ed 2012.Pp 2013The process for deleting nodes is similar, but less data needs to 2014be supplied. 2015Only the 2016.Fa sysctl_num 2017field 2018needs to be filled in; almost all other fields must be left blank. 2019The 2020.Fa sysctl_name 2021and/or 2022.Fa sysctl_ver 2023fields can be filled in with the name and version of the existing node 2024as additional checks on what will be deleted. 2025If all the given data fail to match any node, nothing will be deleted. 2026If valid values for 2027.Fa old 2028and 2029.Fa oldlenp 2030are supplied and a node is deleted, a copy of what was in the MIB tree 2031will be returned. 2032.Pp 2033This sample code shows the deletion of the two nodes created in the 2034above example: 2035.Pp 2036.Bd -literal -offset indent -compact 2037int mib[2]; 2038.sp 2039len = sizeof(node); 2040memset(\*[Am]node, 0, len); 2041node.sysctl_flags = SYSCTL_VERSION; 2042.sp 2043mib[0] = 3214; /* assumed number for "local" */ 2044mib[1] = CTL_DESTROY; 2045node.sysctl_num = 3215; /* assumed number for "audiodebug" */ 2046sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 2047.sp 2048mib[0] = CTL_DESTROY; 2049node.sysctl_num = 3214; /* now deleting "local" */ 2050sysctl(\*[Am]mib[0], 1, NULL, NULL, \*[Am]node, len); 2051.Ed 2052.Pp 2053Descriptions of each of the nodes can also be retrieved, if they are 2054available. 2055Descriptions can be retrieved in bulk at each level or on a per-node 2056basis. 2057The layout of the buffer into which the descriptions are returned is a 2058series of variable length structures, each of which describes its own 2059size. 2060The length indicated includes the terminating 2061.Sq nul 2062character. 2063Nodes that have no description or where the description is not 2064available are indicated by an empty string. 2065The 2066.Fa descr_ver 2067will match the 2068.Fa sysctl_ver 2069value for a given node, so that descriptions for nodes whose number 2070have been recycled can be detected and ignored or discarded. 2071.Pp 2072.Bd -literal 2073struct sysctldesc { 2074 int32_t descr_num; /* mib number of node */ 2075 uint32_t descr_ver; /* version of node */ 2076 uint32_t descr_len; /* length of description string */ 2077 char descr_str[1]; /* not really 1...see above */ 2078}; 2079.Ed 2080.Pp 2081The 2082.Fn NEXT_DESCR 2083macro can be used to skip to the next description in the retrieved 2084list. 2085.Pp 2086.Bd -literal -offset indent -compact 2087struct sysctlnode desc; 2088struct sysctldesc *d; 2089char buf[1024]; 2090int mib[2]; 2091size_t len; 2092.sp 2093/* retrieve kern-level descriptions */ 2094mib[0] = CTL_KERN; 2095mib[1] = CTL_DESCRIBE; 2096d = (struct sysctldesc *)\*[Am]buf[0]; 2097len = sizeof(buf); 2098sysctl(mib, 2, d, \*[Am]len, NULL, 0); 2099while ((caddr_t)d \*[Lt] (caddr_t)\*[Am]buf[len]) { 2100 printf("node %d: %.*s\\n", d-\*[Gt]descr_num, d-\*[Gt]descr_len, 2101 d-\*[Gt]descr_str); 2102 d = NEXT_DESCR(d); 2103} 2104.sp 2105/* retrieve description for kern.securelevel */ 2106memset(\*[Am]desc, 0, sizeof(desc)); 2107desc.sysctl_flags = SYSCTL_VERSION; 2108desc.sysctl_num = KERN_SECURELEVEL; 2109d = (struct sysctldesc *)\*[Am]buf[0]; 2110len = sizeof(buf); 2111sysctl(mib, 2, d, \*[Am]len, \*[Am]desc, sizeof(desc)); 2112printf("kern.securelevel: %.*s\\n", d-\*[Gt]descr_len, d-\*[Gt]descr_str); 2113.Ed 2114.Pp 2115Descriptions can also be set as follows, subject to the following rules: 2116.Pp 2117.Bl -bullet -compact 2118.It 2119The kernel securelevel is at zero or lower 2120.It 2121The caller has super-user privileges 2122.It 2123The node does not currently have a description 2124.It 2125The node is not marked as 2126.Dq permanent 2127.El 2128.Pp 2129.Bd -literal -offset indent -compact 2130struct sysctlnode desc; 2131int mib[2]; 2132.sp 2133/* presuming the given top-level node was just added... */ 2134mib[0] = 3214; /* mib numbers taken from previous examples */ 2135mib[1] = CTL_DESCRIBE; 2136memset(\*[Am]desc, 0, sizeof(desc)); 2137desc.sysctl_flags = SYSCTL_VERSION; 2138desc.sysctl_num = 3215; 2139desc.sysctl_desc = "audio debug control knob"; 2140sysctl(mib, 2, NULL, NULL, \*[Am]desc, sizeof(desc)); 2141.Ed 2142.Pp 2143Upon successfully setting a description, the new description will be 2144returned in the space indicated by the 2145.Fa oldp 2146and 2147.Fa oldlenp 2148arguments. 2149.Pp 2150The 2151.Fa sysctl_flags 2152field in the struct sysctlnode contains the sysctl version, node type 2153information, and a number of flags. 2154The macros 2155.Fn SYSCTL_VERS , 2156.Fn SYSCTL_TYPE , 2157and 2158.Fn SYSCTL_FLAGS 2159can be used to access the different fields. 2160Valid flags are: 2161.Bl -column CTLFLAGXPERMANENTXXX 2162.It Sy Name Description 2163.It CTLFLAG\_READONLY Node is read-only 2164.It CTLFLAG\_READONLY1 Node becomes read-only at securelevel 1 2165.It CTLFLAG\_READONLY2 Node becomes read-only at securelevel 2 2166.It CTLFLAG\_READWRITE Node is writable by the superuser 2167.It CTLFLAG\_ANYWRITE Node is writable by anyone 2168.It CTLFLAG\_PRIVATE Node is readable only by the superuser 2169.It CTLFLAG\_PERMANENT Node cannot be removed (cannot be set by 2170processes) 2171.It CTLFLAG\_OWNDATA Node owns data and does not instrument 2172existing data 2173.It CTLFLAG\_IMMEDIATE Node contains instrumented data and does not 2174instrument existing data 2175.It CTLFLAG\_HEX Node's contents should be displayed in a hexadecimal 2176form 2177.It CTLFLAG\_ROOT Node is the root of a tree (cannot be set at 2178any time) 2179.It CTLFLAG\_ANYNUMBER Node matches any MIB number (cannot be set by 2180processes) 2181.It CTLFLAG\_HIDDEN Node not displayed by default 2182.It CTLFLAG\_ALIAS Node refers to a sibling node (cannot be set 2183by processes) 2184.It CTLFLAG\_OWNDESC Node owns its own description string space 2185.El 2186.Sh RETURN VALUES 2187If the call to 2188.Nm 2189is successful, the number of bytes copied out is returned. 2190Otherwise \-1 is returned and 2191.Va errno 2192is set appropriately. 2193.Sh FILES 2194.Bl -tag -width \*[Lt]netinet6/udp6Xvar.h\*[Gt] -compact 2195.It Aq Pa sys/sysctl.h 2196definitions for top level identifiers, second level kernel and hardware 2197identifiers, and user level identifiers 2198.It Aq Pa sys/socket.h 2199definitions for second level network identifiers 2200.It Aq Pa sys/gmon.h 2201definitions for third level profiling identifiers 2202.It Aq Pa uvm/uvm_param.h 2203definitions for second level virtual memory identifiers 2204.It Aq Pa netinet/in.h 2205definitions for third level IPv4/v6 identifiers and 2206fourth level IPv4/v6 identifiers 2207.It Aq Pa netinet/icmp_var.h 2208definitions for fourth level ICMP identifiers 2209.It Aq Pa netinet/icmp6.h 2210definitions for fourth level ICMPv6 identifiers 2211.It Aq Pa netinet/tcp_var.h 2212definitions for fourth level TCP identifiers 2213.It Aq Pa netinet/udp_var.h 2214definitions for fourth level UDP identifiers 2215.It Aq Pa netinet6/udp6_var.h 2216definitions for fourth level IPv6 UDP identifiers 2217.It Aq Pa netinet6/ipsec.h 2218definitions for fourth level IPsec identifiers 2219.It Aq Pa netkey/key_var.h 2220definitions for third level PF_KEY identifiers 2221.It Aq Pa machine/cpu.h 2222definitions for second level machdep identifiers 2223.El 2224.Sh ERRORS 2225The following errors may be reported: 2226.Bl -tag -width Er 2227.It Bq Er EFAULT 2228The buffer 2229.Fa name , 2230.Fa oldp , 2231.Fa newp , 2232or length pointer 2233.Fa oldlenp 2234contains an invalid address, or the requested value is temporarily 2235unavailable. 2236.It Bq Er EINVAL 2237The 2238.Fa name 2239array is zero or greater than CTL_MAXNAME. 2240.It Bq Er EINVAL 2241A non-null 2242.Fa newp 2243is given and its specified length in 2244.Fa newlen 2245is too large or too small, or the given value is not acceptable for 2246the given node. 2247.It Bq Er ENOMEM 2248The length pointed to by 2249.Fa oldlenp 2250is too short to hold the requested value. 2251.It Bq Er EISDIR 2252The 2253.Fa name 2254array specifies an intermediate rather than terminal name. 2255.It Bq Er ENOTDIR 2256The 2257.Fa name 2258array specifies a node below a node that addresses data. 2259.It Bq Er ENOENT 2260The 2261.Fa name 2262array specifies a node that does not exist in the tree. 2263.It Bq Er ENOENT 2264An attempt was made to destroy a node that does not exist, or to 2265create or destroy a node below a node that does not exist. 2266.It Bq Er ENOTEMPTY 2267An attempt was made to destroy a node that still has children. 2268.It Bq Er EOPNOTSUPP 2269The 2270.Fa name 2271array specifies a value that is unknown or a meta-operation was 2272attempted that the requested node does not support. 2273.It Bq Er EPERM 2274An attempt is made to set a read-only value. 2275.It Bq Er EPERM 2276A process without appropriate privilege attempts to set a value or to 2277create or destroy a node. 2278.It Bq Er EPERM 2279An attempt to change a value protected by the current kernel security 2280level is made. 2281.El 2282.Sh SEE ALSO 2283.Xr ipsec 4 , 2284.Xr tcp 4 , 2285.Xr sysctl 8 2286.\" .Xr sysctl 9 2287.Sh HISTORY 2288The 2289.Nm 2290function first appeared in 2291.Bx 4.4 . 2292