1.\" $NetBSD: sysctl.3,v 1.141 2004/10/15 15:19:02 enami Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd October 15, 2004 33.Dt SYSCTL 3 34.Os 35.Sh NAME 36.Nm sysctl , 37.Nm sysctlbyname , 38.Nm sysctlgetmibinfo , 39.Nm sysctlnametomib 40.Nd get or set system information 41.Sh LIBRARY 42.Lb libc 43.Sh SYNOPSIS 44.In sys/param.h 45.In sys/sysctl.h 46.Ft int 47.Fn sysctl "int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" \ 48"void *newp" "size_t newlen" 49.Ft int 50.Fn sysctlbyname "const char *sname" "void *oldp" "size_t *oldlenp" \ 51"void *newp" "size_t newlen" 52.Ft int 53.Fn sysctlgetmibinfo "const char *sname" "int *name" "u_int *namelenp" \ 54"char *cname" "size_t *csz" "struct sysctlnode **rnode" "int v" 55.Ft int 56.Fn sysctlnametomib "const char *sname" "int *name" "size_t *namelenp" 57.Sh DESCRIPTION 58The 59.Nm 60function retrieves system information and allows processes with 61appropriate privileges to set system information. 62The information available from 63.Nm 64consists of integers, strings, and tables. 65Information may be retrieved and set from the command interface 66using the 67.Xr sysctl 8 68utility. 69.Pp 70Unless explicitly noted below, 71.Nm 72returns a consistent snapshot of the data requested. 73Consistency is obtained by locking the destination 74buffer into memory so that the data may be copied out without blocking. 75Calls to 76.Nm 77are serialized to avoid deadlock. 78.Pp 79The state is described using a ``Management Information Base'' (MIB) 80style name, listed in 81.Fa name , 82which is a 83.Fa namelen 84length array of integers. 85.Pp 86The 87.Fn sysctlbyname 88function accepts a string representation of a MIB entry and internally 89maps it to the appropriate numeric MIB representation. 90Its semantics are otherwise no different from 91.Fn sysctl . 92.Pp 93The information is copied into the buffer specified by 94.Fa oldp . 95The size of the buffer is given by the location specified by 96.Fa oldlenp 97before the call, 98and that location gives the amount of data copied after a successful call. 99If the amount of data available is greater 100than the size of the buffer supplied, 101the call supplies as much data as fits in the buffer provided 102and returns with the error code ENOMEM. 103If the old value is not desired, 104.Fa oldp 105and 106.Fa oldlenp 107should be set to 108.Dv NULL . 109.Pp 110The size of the available data can be determined by calling 111.Nm 112with a 113.Dv NULL 114parameter for 115.Fa oldp . 116The size of the available data will be returned in the location pointed to by 117.Fa oldlenp . 118For some operations, the amount of space may change often. 119For these operations, 120the system attempts to round up so that the returned size is 121large enough for a call to return the data shortly thereafter. 122.Pp 123To set a new value, 124.Fa newp 125is set to point to a buffer of length 126.Fa newlen 127from which the requested value is to be taken. 128If a new value is not to be set, 129.Fa newp 130should be set to 131.Dv NULL 132and 133.Fa newlen 134set to 0. 135.Pp 136The 137.Fn sysctlnametomib 138function can be used to map the string representation of a MIB entry 139to the numeric version. 140The 141.Fa name 142argument should point to an array of integers large enough to hold the 143MIB, and 144.Fa namelenp 145should indicate the number of integer slots available. 146Following a successful translation, the size_t indicated by 147.Fa namelenp 148will be changed to show the number of slots consumed. 149.Pp 150The 151.Fn sysctlgetmibinfo 152function performs name translation similar to 153.Fn sysctlnametomib , 154but also canonicalizes the name (or returns the first erroneous token 155from the string being parsed) into the space indicated by 156.Fa cname 157and 158.Fa csz . 159.Fa csz 160should indicate the size of the buffer pointed to by 161.Fa cname 162and on return, will indicate the size of the returned string including 163the trailing 164.Sq nul 165character. 166.Pp 167The 168.Fa rnode 169and 170.Fa v 171arguments to 172.Fn sysctlgetmibinfo 173are used to provide a tree for it to parse into, and to get back 174either a pointer to, or a copy of, the terminal node. 175If 176.Fa rnode 177is 178.Dv NULL , 179.Fn sysctlgetmibinfo 180uses its own internal tree for parsing, and checks it against the 181kernel at each call, to make sure that the name-to-number mapping is 182kept up to date. 183The 184.Fa v 185argument is ignored in this case. 186If 187.Fa rnode 188is not 189.Dv NULL 190but the pointer it references is, on a successful return, 191.Fa rnode 192will be adjusted to point to a copy of the terminal node. 193The 194.Fa v 195argument indicates which version of the 196.Nm 197node structure the caller wants. 198The application must later 199.Fn free 200this copy. 201If neither 202.Fa rnode 203nor the pointer it references are 204.Dv NULL , 205the pointer is used as the address of a tree over which the parsing is 206done. 207In this last case, the tree is not checked against the kernel, no 208refreshing of the mappings is performed, and the value given by 209.Fa v 210must agree with the version indicated by the tree. 211It is recommended that applications always use 212.Dv SYSCTL_VERSION 213as the value for 214.Fa v , 215as defined in the include file 216.Pa sys/sysctl.h . 217.Pp 218The top level names are defined with a CTL_ prefix in 219.Aq Pa sys/sysctl.h , 220and are as follows. 221The next and subsequent levels down are found in the include files 222listed here, and described in separate sections below. 223.Pp 224.Bl -column CTLXMACHDEPXXX "Next level namesXXXXXX" -offset indent 225.It Sy Name Next level names Description 226.It CTL\_KERN sys/sysctl.h High kernel limits 227.It CTL\_VM uvm/uvm_param.h Virtual memory 228.It CTL\_VFS sys/mount.h Filesystem 229.It CTL\_NET sys/socket.h Networking 230.It CTL\_DEBUG sys/sysctl.h Debugging 231.It CTL\_HW sys/sysctl.h Generic CPU, I/O 232.It CTL\_MACHDEP sys/sysctl.h Machine dependent 233.It CTL\_USER sys/sysctl.h User-level 234.It CTL\_DDB sys/sysctl.h In-kernel debugger 235.It CTL\_PROC sys/sysctl.h Per-process 236.It CTL\_VENDOR ? Vendor specific 237.It CTL\_EMUL sys/sysctl.h Emulation settings 238.El 239.Pp 240For example, the following retrieves the maximum number of processes allowed 241in the system: 242.Bd -literal -offset indent -compact 243int mib[2], maxproc; 244size_t len; 245.sp 246mib[0] = CTL_KERN; 247mib[1] = KERN_MAXPROC; 248len = sizeof(maxproc); 249sysctl(mib, 2, \*[Am]maxproc, \*[Am]len, NULL, 0); 250.Ed 251.sp 252To retrieve the standard search path for the system utilities: 253.Bd -literal -offset indent -compact 254int mib[2]; 255size_t len; 256char *p; 257.sp 258mib[0] = CTL_USER; 259mib[1] = USER_CS_PATH; 260sysctl(mib, 2, NULL, \*[Am]len, NULL, 0); 261p = malloc(len); 262sysctl(mib, 2, p, \*[Am]len, NULL, 0); 263.Ed 264.Sh CTL_DEBUG 265The debugging variables vary from system to system. 266A debugging variable may be added or deleted without need to recompile 267.Nm 268to know about it. 269Each time it runs, 270.Nm 271gets the list of debugging variables from the kernel and 272displays their current values. 273The system defines twenty 274.Va ( struct ctldebug ) 275variables named 276.Dv debug0 277through 278.Dv debug19 . 279They are declared as separate variables so that they can be 280individually initialized at the location of their associated variable. 281The loader prevents multiple use of the same variable by issuing errors 282if a variable is initialized in more than one place. 283For example, to export the variable 284.Dv dospecialcheck 285as a debugging variable, the following declaration would be used: 286.Bd -literal -offset indent -compact 287int dospecialcheck = 1; 288struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; 289.Ed 290.Pp 291Note that the dynamic implementation of 292.Nm 293currently in use largely makes this particular 294.Nm 295interface obsolete. 296See 297.Xr sysctl 8 298.\" and 299.\" .Xr sysctl 9 300for more information. 301.Sh CTL_VFS 302A distinguished second level name, VFS_GENERIC, 303is used to get general information about all filesystems. 304One of its third level identifiers is VFS_MAXTYPENUM 305that gives the highest valid filesystem type number. 306Its other third level identifier is VFS_CONF that 307returns configuration information about the filesystem 308type given as a fourth level identifier. 309The remaining second level identifiers are the 310filesystem type number returned by a 311.Xr statfs 2 312call or from VFS_CONF. 313The third level identifiers available for each filesystem 314are given in the header file that defines the mount 315argument structure for that filesystem. 316.Sh CTL_HW 317The string and integer information available for the CTL_HW level 318is detailed below. 319The changeable column shows whether a process with appropriate 320privilege may change the value. 321.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent 322.It Sy Second level name Type Changeable 323.It HW\_MACHINE string no 324.It HW\_MODEL string no 325.It HW\_NCPU integer no 326.It HW\_BYTEORDER integer no 327.It HW\_PHYSMEM integer no 328.It HW\_PHYSMEM64 quad no 329.It HW\_USERMEM integer no 330.It HW\_USERMEM64 quad no 331.It HW\_PAGESIZE integer no 332.\".It HW\_DISKNAMES struct no 333.\".It HW\_DISKSTATS struct no 334.It HW\_MACHINE\_ARCH string no 335.It HW\_ALIGNBYTES integer no 336.It HW\_DISKNAMES string no 337.It HW\_DISKSTATS struct disk_sysctl no 338.It HW\_CNMAGIC string yes 339.El 340.Pp 341.Bl -tag -width "123456" 342.It Li HW_MACHINE 343The machine class. 344.It Li HW_MODEL 345The machine model. 346.It Li HW_NCPU 347The number of CPUs. 348.ne 1i 349.It Li HW_BYTEORDER 350The byteorder (4,321, or 1,234). 351.It Li HW_PHYSMEM 352The bytes of physical memory as a 32-bit integer. 353.It Li HW_PHYSMEM64 354The bytes of physical memory as a 64-bit integer. 355.It Li HW_USERMEM 356The bytes of non-kernel memory as a 32-bit integer. 357.It Li HW_USERMEM64 358The bytes of non-kernel memory as a 64-bit integer. 359.It Li HW_PAGESIZE 360The software page size. 361.It Li HW_MACHINE_ARCH 362The machine CPU class. 363.It Li HW_ALIGNBYTES 364Alignment constraint for all possible data types. 365This shows the value 366.Dv ALIGNBYTES 367in 368.Pa /usr/include/machine/param.h , 369at the kernel compilation time. 370.It Li HW_DISKNAMES 371The list of (space separated) disk device names on the system. 372.It Li HW_DISKSTATS 373Return statistical information on the disk devices on the system. 374An array of 375.Va struct disk_sysctl 376structures is returned, 377whose size depends on the current number of such objects in the system. 378The third level name is the size of the 379.Va struct disk_sysctl . 380.It Li HW_CNMAGIC 381The console magic key sequence. 382.El 383.Sh CTL_KERN 384The string and integer information available for the CTL_KERN level 385is detailed below. 386The changeable column shows whether a process with appropriate 387privilege may change the value. 388The types of data currently available are process information, 389system vnodes, the open file entries, routing table entries, 390virtual memory statistics, load average history, and clock rate 391information. 392.Bl -column "KERNXPOSIXXREADERXWRITERXLOCKS" "struct clockrateXXX" -offset indent 393.It Sy Second level name Type Changeable 394.It KERN\_ARGMAX integer no 395.It KERN\_AUTONICETIME integer yes 396.It KERN\_AUTONICEVAL integer yes 397.It KERN\_BOOTTIME struct timeval no 398.It KERN\_CCPU integer no 399.It KERN\_CLOCKRATE struct clockinfo no 400.It KERN\_CP\_TIME uint64_t[\|] no 401.It KERN\_DEFCORENAME string yes 402.It KERN\_DOMAINNAME string yes 403.It KERN\_DRIVERS struct kinfo_drivers no 404.It KERN\_FILE struct file no 405.It KERN\_FORKFSLEEP integer yes 406.It KERN\_FSCALE integer no 407.It KERN\_FSYNC integer no 408.It KERN\_HOSTID integer yes 409.It KERN\_HOSTNAME string yes 410.It KERN\_IOV\_MAX integer no 411.It KERN\_JOB\_CONTROL integer no 412.It KERN\_LABELOFFSET integer no 413.It KERN\_LABELSECTOR integer no 414.It KERN\_LOGIN\_NAME\_MAX integer no 415.It KERN\_LOGSIGEXIT integer yes 416.It KERN\_MAPPED\_FILES integer no 417.It KERN\_MAXFILES integer yes 418.It KERN\_MAXPARTITIONS integer no 419.It KERN\_MAXPROC integer yes 420.It KERN\_MAXPTYS integer yes 421.It KERN\_MAXVNODES integer yes 422.It KERN\_MBUF node not applicable 423.It KERN\_MEMLOCK integer no 424.It KERN\_MEMLOCK\_RANGE integer no 425.It KERN\_MEMORY\_PROTECTION integer no 426.It KERN\_MONOTONIC\_CLOCK integer no 427.It KERN\_MSGBUF char[\|] no 428.It KERN\_MSGBUFSIZE integer no 429.It KERN\_NGROUPS integer no 430.It KERN\_NTPTIME struct ntptimeval no 431.It KERN\_OSRELEASE string no 432.It KERN\_OSREV integer no 433.It KERN\_OSTYPE string no 434.It KERN\_POSIX1 integer no 435.It KERN\_POSIX\_BARRIERS integer no 436.It KERN\_POSIX\_READER\_WRITER\_LOCKS integer no 437.It KERN\_POSIX\_SEMAPHORES integer no 438.It KERN\_POSIX\_SPIN\_LOCKS integer no 439.It KERN\_POSIX\_THREADS integer no 440.It KERN\_POSIX\_TIMERS integer no 441.It KERN\_PROC struct kinfo_proc no 442.It KERN\_PROC2 struct kinfo_proc2 no 443.It KERN\_PROC\_ARGS string no 444.It KERN\_PROF node not applicable 445.It KERN\_RAWPARTITION integer no 446.It KERN\_ROOT\_DEVICE string no 447.It KERN\_ROOT\_PARTITION integer no 448.It KERN\_RTC\_OFFSET integer no 449.It KERN\_SAVED\_IDS integer no 450.It KERN\_SECURELVL integer raise only 451.It KERN\_SYNCHRONIZED\_IO integer no 452.It KERN\_SYSVIPC\_INFO node not applicable 453.It KERN\_SYSVMSG integer no 454.It KERN\_SYSVSEM integer no 455.It KERN\_SYSVSHM integer no 456.It KERN\_TKSTAT node not applicable 457.It KERN\_VERSION string no 458.It KERN\_VNODE struct vnode no 459.El 460.ne 1i 461.Pp 462.Bl -tag -width "123456" 463.It Li KERN_ARGMAX 464The maximum bytes of argument to 465.Xr execve 2 . 466.It Li KERN_AUTONICETIME 467The number of seconds of CPU-time a non-root process may accumulate before 468having its priority lowered from the default to the value of KERN_AUTONICEVAL. 469If set to 0, automatic lowering of priority is not performed, and if set to \-1 470all non-root processes are immediately lowered. 471.It Li KERN_AUTONICEVAL 472The priority assigned for automatically niced processes. 473.It Li KERN_BOOTTIME 474A 475.Va struct timeval 476structure is returned. 477This structure contains the time that the system was booted. 478.It Li KERN_CCPU 479The scheduler exponential decay value. 480.It Li KERN_CLOCKRATE 481A 482.Va struct clockinfo 483structure is returned. 484This structure contains the clock, statistics clock and profiling clock 485frequencies, the number of micro-seconds per hz tick, and the clock 486skew rate. 487.It Li KERN_CP_TIME 488Returns an array of CPUSTATES uint64_ts. 489This array contains the 490number of clock ticks spent in different CPU states. 491On multi-processor systems, the sum across all CPUs is returned unless 492appropriate space is given for one data set for each CPU. 493Data for a specific CPU can also be obtained by adding the number of the 494CPU at the end of the MIB, enlarging it by one. 495.It Li KERN_DEFCORENAME 496Default template for the name of core dump files (see also PROC_PID_CORENAME 497in the per-process variables CTL_PROC, and 498.Xr core 5 499for format of this template). 500The default value is 501.Nm %n.core 502and can be changed with the kernel configuration option 503.Cd options DEFCORENAME 504(see 505.Xr options 4 506). 507.It Li KERN_DOMAINNAME 508Get or set the YP domain name. 509.It Li KERN_DRIVERS 510Return an array of 511.Va struct kinfo_drivers 512that contains the name and major device numbers of all the device drivers 513in the current kernel. 514The 515.Va d_name 516field is always a NUL terminated string. 517The 518.Va d_bmajor 519field will be set to \-1 if the driver doesn't have a block device. 520.It Li KERN_FILE 521Return the entire file table. 522The returned data consists of a single 523.Va struct filehead 524followed by an array of 525.Va struct file , 526whose size depends on the current number of such objects in the system. 527.It Li KERN_FSCALE 528The kernel fixed-point scale factor. 529.It Li KERN_FORKFSLEEP 530If 531.Xr fork 2 532system call fails due to limit on number of processes (either 533the global maxproc limit or user's one), wait for this many 534milliseconds before returning 535.Er EAGAIN 536error to process. 537Useful to keep heavily forking runaway processes in bay. 538Default zero (no sleep). 539Maximum is 20 seconds. 540.It Li KERN_FSYNC 541Return 1 if the POSIX 1003.1b File Synchronization Option is available 542on this system, 543otherwise 0. 544.It Li KERN_HOSTID 545Get or set the host id. 546.It Li KERN_HOSTNAME 547Get or set the hostname. 548.It Li KERN_IOV_MAX 549Return the maximum number of 550.Va iovec 551structures that a process has available for use with 552.Xr preadv 2 , 553.Xr pwritev 2 , 554.Xr readv 2 , 555.Xr recvmsg 2 , 556.Xr sendmsg 2 557and 558.Xr writev 2 . 559.It Li KERN_JOB_CONTROL 560Return 1 if job control is available on this system, otherwise 0. 561.It Li KERN_LABELOFFSET 562The offset within the sector specified by KERN_LABELSECTOR of the 563.Xr disklabel 5 . 564.It Li KERN_LABELSECTOR 565The sector number containing the 566.Xr disklabel 5 . 567.It Li KERN_LOGIN_NAME_MAX 568The size of the storage required for a login name, in bytes, 569including the terminating NUL. 570.It Li KERN_LOGSIGEXIT 571If this flag is non-zero, the kernel will 572.Xr log 9 573all process exits due to signals which create a 574.Xr core 5 575file, and whether the coredump was created. 576.It Li KERN_MAPPED_FILES 577Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available 578on this system, 579otherwise 0. 580.It Li KERN_MAXFILES 581The maximum number of open files that may be open in the system. 582.It Li KERN_MAXPARTITIONS 583The maximum number of partitions allowed per disk. 584.It Li KERN_MAXPROC 585The maximum number of simultaneous processes the system will allow. 586.It Li KERN_MAXPTYS 587The maximum number of pseudo terminals. 588This value can be both raised and lowered, though it cannot 589be set lower than number of currently used ptys. 590See also 591.Xr pty 4 . 592.It Li KERN_MAXVNODES 593The maximum number of vnodes available on the system. 594This can only be raised. 595.It Li KERN_MBUF 596Return information about the mbuf control variables. 597the third level names for the mbuf variables are detailed below. 598The changeable column shows whether a process with appropriate 599privilege may change the value. 600.Bl -column "MBUFXNMBCLUSTERSXXX" "struct integerXXX" -offset indent 601.It Sy Third level name Type Changeable 602.It MBUF\_MSIZE integer yes 603.It MBUF\_MCLBYTES integer yes 604.It MBUF\_NMBCLUSTERS integer yes 605.It MBUF\_MBLOWAT integer yes 606.It MBUF\_MCLLOWAT integer yes 607.El 608.Pp 609The variables are as follows: 610.Bl -tag -width "123456" 611.It Li MBUF_MSIZE 612The mbuf base size. 613.It Li MBUF_MCLBYTES 614The mbuf cluster size. 615.It Li MBUF_NMBCLUSTERS 616The limit on the number of mbuf clusters. 617The variable can only be increased, and only increased on machines with 618direct-mapped pool pages 619.It Li MBUF_MBLOWAT 620The mbuf low water mark. 621.It Li MBUF_MCLLOWAT 622The mbuf cluster low water mark. 623.El 624.It Li KERN_MEMLOCK 625Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available 626on this system, 627otherwise 0. 628.It Li KERN_MEMLOCK_RANGE 629Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available 630on this system, 631otherwise 0. 632.It Li KERN_MEMORY_PROTECTION 633Returns 1 if the POSIX 1003.1b Memory Protection Option is available 634on this system, 635otherwise 0. 636.It Li KERN_MONOTONIC_CLOCK 637Returns the standard version the implementation of the POSIX 1003.1b 638Monotonic Clock Option conforms to, 639otherwise 0. 640.It Li KERN_MSGBUF 641The kernel message buffer, rotated so that the head of the circular kernel 642message buffer is returned at the start of the buffer specified by 643.Fa oldp . 644The returned data may contain NUL bytes. 645.It Li KERN_MSGBUFSIZE 646The maximum number of characters that the kernel message buffer can hold. 647.It Li KERN_NGROUPS 648The maximum number of supplemental groups. 649.It Li KERN_NO_TRUNC 650Return 1 if file names longer than KERN_NAME_MAX are truncated. 651.It Li KERN_NTPTIME 652A 653.Va struct ntptimeval 654structure is returned. 655This structure contains data used by the 656.Xr ntpd 8 657program. 658.It Li KERN_OSRELEASE 659The system release string. 660.It Li KERN_OSREV 661The system revision string. 662.It Li KERN_OSTYPE 663The system type string. 664.It Li KERN_PATH_MAX 665The maximum number of bytes in a pathname. 666.It Li KERN_POSIX1 667The version of ISO/IEC 9945 (POSIX 1003.1) with which the system 668attempts to comply. 669.It Li KERN_POSIX_BARRIERS 670The version of 671.St -p1003.1 672and its 673Barriers 674option to which the system attempts to conform, 675otherwise 0. 676.It Li KERN_POSIX_READER_WRITER_LOCKS 677The version of 678.St -p1003.1 679and its 680Read-Write Locks 681option to which the system attempts to conform, 682otherwise 0. 683.It Li KERN_POSIX_SEMAPHORES 684The version of 685.St -p1003.1 686and its 687Semaphores 688option to which the system attempts to conform, 689otherwise 0. 690.It Li KERN_POSIX_SPIN_LOCKS 691The version of 692.St -p1003.1 693and its 694Spin Locks 695option to which the system attempts to conform, 696otherwise 0. 697.It Li KERN_POSIX_THREADS 698The version of 699.St -p1003.1 700and its 701Threads 702option to which the system attempts to conform, 703otherwise 0. 704.It Li KERN_POSIX_TIMERS 705The version of 706.St -p1003.1 707and its 708Timers 709option to which the system attempts to conform, 710otherwise 0. 711.It Li KERN_PROC 712Return the entire process table, or a subset of it. 713An array of 714.Va struct kinfo_proc 715structures is returned, 716whose size depends on the current number of such objects in the system. 717The third and fourth level names are as follows: 718.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent 719.It Sy Third level name Fourth level is: 720.It KERN\_PROC\_ALL None 721.It KERN\_PROC\_PID A process ID 722.It KERN\_PROC\_PGRP A process group 723.It KERN\_PROC\_SESSION A session ID 724.It KERN\_PROC\_TTY A tty device 725.It KERN\_PROC\_UID A user ID 726.It KERN\_PROC\_RUID A real user ID 727.It KERN\_PROC\_GID A group ID 728.It KERN\_PROC\_RGID A real group ID 729.El 730.It Li KERN_PROC2 731As for KERN_PROC, but an array of 732.Va struct kinfo_proc2 733structures are returned. 734The fifth level name is the size of the 735.Va struct kinfo_proc2 736and the sixth level name is the number of structures to return. 737.It Li KERN_PROC_ARGS 738Return the argv or environment strings (or the number thereof) 739of a process. 740Multiple strings are returned separated by NUL characters. 741The third level name is the process ID. 742The fourth level name is as follows: 743.Bl -column "Third level nameXXXXXX" -offset indent 744.It KERN\_PROC\_ARGV The argv strings 745.It KERN\_PROC\_NARGV The number of argv strings 746.It KERN\_PROC\_ENV The environ strings 747.It KERN\_PROC\_NENV The number of environ strings 748.El 749.It Li KERN_PROF 750Return profiling information about the kernel. 751If the kernel is not compiled for profiling, 752attempts to retrieve any of the KERN_PROF values will 753fail with EOPNOTSUPP. 754The third level names for the string and integer profiling information 755is detailed below. 756The changeable column shows whether a process with appropriate 757privilege may change the value. 758.Bl -column "GPROFXGMONPARAMXXX" "struct gmonparamXXX" -offset indent 759.It Sy Third level name Type Changeable 760.It GPROF\_STATE integer yes 761.It GPROF\_COUNT u_short[\|] yes 762.It GPROF\_FROMS u_short[\|] yes 763.It GPROF\_TOS struct tostruct yes 764.It GPROF\_GMONPARAM struct gmonparam no 765.El 766.Pp 767The variables are as follows: 768.Bl -tag -width "123456" 769.It Li GPROF_STATE 770Returns GMON_PROF_ON or GMON_PROF_OFF to show that profiling 771is running or stopped. 772.It Li GPROF_COUNT 773Array of statistical program counter counts. 774.It Li GPROF_FROMS 775Array indexed by program counter of call-from points. 776.It Li GPROF_TOS 777Array of 778.Va struct tostruct 779describing destination of calls and their counts. 780.It Li GPROF_GMONPARAM 781Structure giving the sizes of the above arrays. 782.El 783.It Li KERN_RAWPARTITION 784The raw partition of a disk (a == 0). 785.It Li KERN_ROOT_DEVICE 786The name of the root device (e.g., 787.Dq wd0 ) . 788.It Li KERN_ROOT_PARTITION 789The root partition on the root device (a == 0). 790.It Li KERN_RTC_OFFSET 791Return the offset of real time clock from UTC in minutes. 792.It Li KERN_SAVED_IDS 793Returns 1 if saved set-group and saved set-user ID is available. 794.It Li KERN_SECURELVL 795The system security level. 796This level may be raised by processes with appropriate privilege. 797It may only be lowered by process 1. 798.It Li KERN_SYNCHRONIZED_IO 799Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available 800on this system, 801otherwise 0. 802.It Li KERN_SYSVIPC_INFO 803Return System V style IPC configuration and run-time information. 804The third level name selects the System V style IPC facility. 805.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent 806.It Sy Third level name Type 807.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info 808.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info 809.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info 810.El 811.Pp 812.Bl -tag -width "123456" 813.It Li KERN_SYSVIPC_MSG_INFO 814Return information on the System V style message facility. 815The 816.Sy msg_sysctl_info 817structure is defined in 818.Aq Pa sys/msg.h . 819.It Li KERN_SYSVIPC_SEM_INFO 820Return information on the System V style semaphore facility. 821The 822.Sy sem_sysctl_info 823structure is defined in 824.Aq Pa sys/sem.h . 825.It Li KERN_SYSVIPC_SHM_INFO 826Return information on the System V style shared memory facility. 827The 828.Sy shm_sysctl_info 829structure is defined in 830.Aq Pa sys/shm.h . 831.El 832.It Li KERN_SYSVMSG 833Returns 1 if System V style message queue functionality is available 834on this system, 835otherwise 0. 836.It Li KERN_SYSVSEM 837Returns 1 if System V style semaphore functionality is available 838on this system, 839otherwise 0. 840.It Li KERN_SYSVSHM 841Returns 1 if System V style share memory functionality is available 842on this system, 843otherwise 0. 844.It Li KERN_TKSTAT 845Return information about the number of characters sent and received 846on ttys. 847The third level names for the tty statistic variables are detailed below. 848The changeable column shows whether a process 849with appropriate privilege may change the value. 850.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent 851.It Sy Third level name Type Changeable 852.It KERN\_TKSTAT\_NIN quad no 853.It KERN\_TKSTAT\_NOUT quad no 854.It KERN\_TKSTAT\_CANCC quad no 855.It KERN\_TKSTAT\_RAWCC quad no 856.El 857.Pp 858The variables are as follows: 859.Bl -tag -width "123456" 860.It Li KERN_TKSTAT_NIN 861The total number of input characters. 862.It Li KERN_TKSTAT_NOUT 863The total number of output characters. 864.It Li KERN_TKSTAT_CANCC 865The number of canonical input characters. 866.It Li KERN_TKSTAT_RAWCC 867The number of raw input characters. 868.El 869.It Li KERN_VERSION 870The system version string. 871.It Li KERN_VNODE 872Return the entire vnode table. 873Note, the vnode table is not necessarily a consistent snapshot of 874the system. 875The returned data consists of an array whose size depends on the 876current number of such objects in the system. 877Each element of the array contains the kernel address of a vnode 878.Va struct vnode * 879followed by the vnode itself 880.Va struct vnode . 881.El 882.Sh CTL_MACHDEP 883The set of variables defined is architecture dependent. 884Most architectures define at least the following variables. 885.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent 886.It Sy Second level name Type Changeable 887.It Li CPU_CONSDEV dev_t no 888.El 889.Sh CTL_NET 890The string and integer information available for the CTL_NET level 891is detailed below. 892The changeable column shows whether a process with appropriate 893privilege may change the value. 894.Bl -column "Second level nameXXXXXX" "routing messagesXXX" -offset indent 895.It Sy Second level name Type Changeable 896.It PF\_ROUTE routing messages no 897.It PF\_INET IPv4 values yes 898.It PF\_INET6 IPv6 values yes 899.It PF\_KEY IPsec key management values yes 900.El 901.Pp 902.Bl -tag -width "123456" 903.It Li PF_ROUTE 904Return the entire routing table or a subset of it. 905The data is returned as a sequence of routing messages (see 906.Xr route 4 907for the header file, format and meaning). 908The length of each message is contained in the message header. 909.Pp 910The third level name is a protocol number, which is currently always 0. 911The fourth level name is an address family, which may be set to 0 to 912select all address families. 913The fifth and sixth level names are as follows: 914.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent 915.It Sy Fifth level name Sixth level is: 916.It NET\_RT\_FLAGS rtflags 917.It NET\_RT\_DUMP None 918.It NET\_RT\_IFLIST None 919.El 920.It Li PF_INET 921Get or set various global information about the IPv4 922.Pq Internet Protocol version 4 . 923The third level name is the protocol. 924The fourth level name is the variable name. 925The currently defined protocols and names are: 926.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 927.It Sy Protocol name Variable name Type Changeable 928.It ip forwarding integer yes 929.It ip redirect integer yes 930.It ip ttl integer yes 931.It ip forwsrcrt integer yes 932.It ip directed-broadcast integer yes 933.It ip allowsrcrt integer yes 934.It ip subnetsarelocal integer yes 935.It ip mtudisc integer yes 936.It ip anonportmin integer yes 937.It ip anonportmax integer yes 938.It ip mtudisctimeout integer yes 939.It ip gifttl integer yes 940.It ip grettl integer yes 941.It ip lowportmin integer yes 942.It ip lowportmax integer yes 943.It ip maxfragpacket integer yes 944.It ip checkinterface integer yes 945.It icmp maskrepl integer yes 946.It icmp errppslimit integer yes 947.It icmp rediraccept integer yes 948.It icmp redirtimeout integer yes 949.It tcp rfc1323 integer yes 950.It tcp sendspace integer yes 951.It tcp recvspace integer yes 952.It tcp mssdflt integer yes 953.It tcp syn_cache_limit integer yes 954.It tcp syn_bucket_limit integer yes 955.It tcp syn_cache_interval integer yes 956.It tcp init_win integer yes 957.It tcp init_win_local integer yes 958.It tcp mss_ifmtu integer yes 959.It tcp sack integer yes 960.It tcp win_scale integer yes 961.It tcp timestamps integer yes 962.It tcp compat_42 integer yes 963.It tcp cwm integer yes 964.It tcp cwm_burstsize integer yes 965.It tcp ack_on_push integer yes 966.It tcp keepidle integer yes 967.It tcp keepintvl integer yes 968.It tcp keepcnt integer yes 969.It tcp slowhz integer no 970.It tcp newreno integer yes 971.It tcp log_refused integer yes 972.It tcp rstppslimit integer yes 973.It tcp ident struct no 974.It udp checksum integer yes 975.It udp sendspace integer yes 976.It udp recvspace integer yes 977.El 978.Pp 979The variables are as follows: 980.Bl -tag -width "123456" 981.It Li ip.forwarding 982Returns 1 when IP forwarding is enabled for the host, 983meaning that the host is acting as a router. 984.It Li ip.redirect 985Returns 1 when ICMP redirects may be sent by the host. 986This option is ignored unless the host is routing IP packets, 987and should normally be enabled on all systems. 988.It Li ip.ttl 989The maximum time-to-live (hop count) value for an IP packet sourced by 990the system. 991This value applies to normal transport protocols, not to ICMP. 992.It Li ip.forwsrcrt 993Returns 1 when forwarding of source-routed packets is enabled for 994the host. 995This value may only be changed if the kernel security level is less than 1. 996.It Li ip.directed-broadcast 997Returns 1 if directed broadcast behavior is enabled for the host. 998.It Li ip.allowsrcrt 999Returns 1 if the host accepts source routed packets. 1000.It Li ip.subnetsarelocal 1001Returns 1 if subnets are to be considered local addresses. 1002.It Li ip.mtudisc 1003If set to 1, Path MTU Discovery (RFC 1191) is enabled. 1004When Path MTU Discovery is enabled, the transmitted TCP segment 1005size will be determined by the advertised maximum segment size 1006(MSS) from the remote end, as constrained by the path MTU. 1007If MTU Discovery is disabled, the transmitted segment size will 1008never be greater than 1009.Li tcp.mssdflt 1010(the local maximum segment size). 1011.It Li ip.anonportmin 1012The lowest port number to use for TCP and UDP ephemeral port allocation. 1013This cannot be set to less than 1024 or greater than 65535. 1014.It Li ip.anonportmax 1015The highest port number to use for TCP and UDP ephemeral port allocation. 1016This cannot be set to less than 1024 or greater than 65535, and must 1017be greater than 1018.Li ip.anonportmin . 1019.It Li ip.mtudisctimeout 1020Returns the number of seconds in which a route added by the Path MTU 1021Discovery engine will time out. 1022When the route times out, the Path 1023MTU Discovery engine will attempt to probe a larger path MTU. 1024.It Li ip.gifttl 1025The maximum time-to-live (hop count) value for an IPv4 packet generated by 1026.Xr gif 4 1027tunnel interface. 1028.It Li ip.grettl 1029The maximum time-to-live (hop count) value for an IPv4 packet generated by 1030.Xr gre 4 1031tunnel interface. 1032.It Li ip.lowportmin 1033The lowest port number to use for TCP and UDP reserved port allocation. 1034This cannot be set to less than 0 or greater than 1024, and must 1035be smaller than 1036.Li ip.lowportmax . 1037.It Li ip.lowportmax 1038The highest port number to use for TCP and UDP reserved port allocation. 1039This cannot be set to less than 0 or greater than 1024, and must 1040be greater than 1041.Li ip.lowportmin . 1042.It Li ip.maxfragpackets 1043The maximum number of fragmented packets the node will accept. 10440 means that the node will not accept any fragmented packets. 1045\-1 means that the node will accept as many fragmented packets as it receives. 1046The flag is provided basically for avoiding possible DoS attacks. 1047.It Li ip.checkinterface 1048If set to non-zero, the host will reject packets addressed to it 1049that arrive on an interface not bound to that address. 1050Currently, this must be disabled if ipnat is used to translate the 1051destination address to another local interface, or if addresses 1052are added to the loopback interface instead of the interface where 1053the packets for those packets are received. 1054.It Li icmp.maskrepl 1055Returns 1 if ICMP network mask requests are to be answered. 1056.It Li icmp.errppslimit 1057The variable specifies the maximum number of outgoing ICMP error messages, 1058per second. 1059ICMP error messages that exceeded the value are subject to rate limitation 1060and will not go out from the node. 1061Negative value disables rate limitation. 1062.It Li icmp.rediraccept 1063If set to non-zero, the host will accept ICMP redirect packets. 1064Note that routers will never accept ICMP redirect packets, 1065and the variable is meaningful on IP hosts only. 1066.It Li icmp.redirtimeout 1067The variable specifies lifetime of routing entries generated by incoming 1068ICMP redirect. 1069This defaults to 600 seconds. 1070.It Li tcp.rfc1323 1071Returns 1 if RFC 1323 extensions to TCP are enabled. 1072.It Li tcp.sendspace 1073Returns the default TCP send buffer size. 1074.It Li tcp.recvspace 1075Returns the default TCP receive buffer size. 1076.It Li tcp.mssdflt 1077Returns the default maximum segment size both advertised to the peer 1078and to use when either the peer does not advertise a maximum segment size to 1079us during connection setup or Path MTU Discovery 1080.Li ( ip.mtudisc ) 1081is disabled. 1082Do not change this value unless you really know what you are doing. 1083.It Li tcp.syn_cache_limit 1084Returns the maximum number of entries allowed in the TCP compressed state 1085engine. 1086.It Li tcp.syn_bucket_limit 1087Returns the maximum number of entries allowed per hash bucket in the TCP 1088compressed state engine. 1089.It Li tcp.syn_cache_interval 1090Returns the TCP compressed state engine's timer interval. 1091.It Li tcp.init_win 1092Returns a value indicating the TCP initial congestion window. 1093If this value is 0, an auto-tuning algorithm designed to use an initial 1094window of approximately 4K bytes is in use. 1095Otherwise, this value indicates a fixed number of packets. 1096.It Li tcp.init_win_local 1097Like 1098.Li tcp.init_win , 1099but used when communicating with hosts on a local network. 1100.It Li tcp.mss_ifmtu 1101Returns 1 if TCP calculates the outgoing maximum segment size based on 1102the MTU of the appropriate interface. 1103Otherwise, it is calculated based on the greater of the MTU of the 1104interface, and the largest (non-loopback) interface MTU on the system. 1105.It Li tcp.sack 1106TCP Selective ACKnowledgement (RFC 2018) is not implemented in 1107.Nx 1108at this time. 1109Changing this value will have no effect. 1110.It Li tcp.win_scale 1111If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1112for increasing the TCP window size, are enabled. 1113.It Li tcp.timestamps 1114If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1115used for measuring TCP round trip times, are enabled. 1116.It Li tcp.compat_42 1117Returns 1 if work-arounds for bugs in the 4.2BSD TCP implementation are 1118enabled. 1119Use of this option is not recommended, although it may be 1120required in order to communicate with extremely old TCP implementations. 1121.It Li tcp.cwm 1122Returns 1 if use of the Hughes/Touch/Heidemann Congestion Window Monitoring 1123algorithm is enabled. 1124This algorithm prevents line-rate bursts of packets that could 1125otherwise occur when data begins flowing on an idle TCP connection. 1126These line-rate bursts can contribute to network and router congestion. 1127This can be particularly useful on World Wide Web servers 1128which support HTTP/1.1, which has lingering connections. 1129.It Li tcp.cwm_burstsize 1130Returns the Congestion Window Monitoring allowed burst size, in terms 1131of packet count. 1132.It Li tcp.ack_on_push 1133Returns 1 if TCP is to immediately transmit an ACK upon reception of 1134a packet with PUSH set. 1135This can avoid losing a round trip time in some rare situations, 1136but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1137Use of this option is generally not recommended, but 1138the variable exists in case your configuration really needs it. 1139.It Li tcp.keepidle 1140Time a connection must be idle before keepalives are sent (if keepalives 1141are enabled for the connection). 1142See also tcp.slowhz. 1143.It Li tcp.keepintvl 1144Time after a keepalive probe is sent until, in the absence of any response, 1145another probe is sent. 1146See also tcp.slowhz. 1147.It Li tcp.keepcnt 1148Number of keepalive probes sent before declaring a connection dead. 1149If set to zero, there is no limit; 1150keepalives will be sent until some kind of 1151response is received from the peer. 1152.It Li tcp.slowhz 1153The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1154of a clock that ticks tcp.slowhz times per second. 1155(That is, their values 1156must be divided by the tcp.slowhz value to get times in seconds.) 1157.It Li tcp.newreno 1158Returns 1 if the use of J. 1159Hoe's NewReno congestion control algorithm is enabled. 1160This algorithm improves the start-up behavior of TCP connections. 1161.It Li tcp.log_refused 1162Returns 1 if refused TCP connections to the host will be logged. 1163.It Li tcp.rstppslimit 1164The variable specifies the maximum number of outgoing TCP RST packets, 1165per second. 1166TCP RST packet that exceeded the value are subject to rate limitation 1167and will not go out from the node. 1168Negative value disables rate limitation. 1169.It Li udp.checksum 1170Returns 1 when UDP checksums are being computed. 1171Received non-zero UDP checksums are always checked. 1172Disabling UDP checksums is strongly discouraged. 1173.It Li udp.sendspace 1174Returns the default UDP send buffer size. 1175.It Li udp.recvspace 1176Returns the default UDP receive buffer size. 1177.El 1178.Pp 1179For variables net.*.ipsec, please refer to 1180.Xr ipsec 4 . 1181.It Li PF_INET6 1182Get or set various global information about the IPv6 1183.Pq Internet Protocol version 6 . 1184The third level name is the protocol. 1185The fourth level name is the variable name. 1186The currently defined protocols and names are: 1187.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 1188.It Sy Protocol name Variable name Type Changeable 1189.It ip6 forwarding integer yes 1190.It ip6 redirect integer yes 1191.It ip6 hlim integer yes 1192.It ip6 maxfragpackets integer yes 1193.It ip6 accept_rtadv integer yes 1194.It ip6 keepfaith integer yes 1195.It ip6 log_interval integer yes 1196.It ip6 hdrnestlimit integer yes 1197.It ip6 dad_count integer yes 1198.It ip6 auto_flowlabel integer yes 1199.It ip6 defmcasthlim integer yes 1200.It ip6 gif_hlim integer yes 1201.It ip6 kame_version string no 1202.It ip6 use_deprecated integer yes 1203.It ip6 rr_prune integer yes 1204.It ip6 v6only integer yes 1205.It ip6 anonportmin integer yes 1206.It ip6 anonportmax integer yes 1207.It ip6 lowportmin integer yes 1208.It ip6 lowportmax integer yes 1209.It ip6 maxfrags integer yes 1210.It icmp6 rediraccept integer yes 1211.It icmp6 redirtimeout integer yes 1212.It icmp6 nd6_prune integer yes 1213.It icmp6 nd6_delay integer yes 1214.It icmp6 nd6_umaxtries integer yes 1215.It icmp6 nd6_mmaxtries integer yes 1216.It icmp6 nd6_useloopback integer yes 1217.It icmp6 nodeinfo integer yes 1218.It icmp6 errppslimit integer yes 1219.It icmp6 nd6_maxnudhint integer yes 1220.It icmp6 mtudisc_hiwat integer yes 1221.It icmp6 mtudisc_lowat integer yes 1222.It icmp6 nd6_debug integer yes 1223.It udp6 sendspace integer yes 1224.It udp6 recvspace integer yes 1225.El 1226.Pp 1227The variables are as follows: 1228.Bl -tag -width "123456" 1229.It Li ip6.forwarding 1230Returns 1 when IPv6 forwarding is enabled for the node, 1231meaning that the node is acting as a router. 1232Returns 0 when IPv6 forwarding is disabled for the node, 1233meaning that the node is acting as a host. 1234IPv6 specification defines node behavior for 1235.Dq router 1236case and 1237.Dq host 1238case quite differently, and changing this variable during operation 1239may cause serious trouble. 1240It is recommended to configure the variable at bootstrap time, 1241and bootstrap time only. 1242.It Li ip6.redirect 1243Returns 1 when ICMPv6 redirects may be sent by the node. 1244This option is ignored unless the node is routing IP packets, 1245and should normally be enabled on all systems. 1246.It Li ip6.hlim 1247The default hop limit value for an IPv6 unicast packet sourced by the node. 1248This value applies to all the transport protocols on top of IPv6. 1249There are APIs to override the value, as documented in 1250.Xr ip6 4 . 1251.It Li ip6.maxfragpackets 1252The maximum number of fragmented packets the node will accept. 12530 means that the node will not accept any fragmented packets. 1254\-1 means that the node will accept as many fragmented packets as it receives. 1255The flag is provided basically for avoiding possible DoS attacks. 1256.It Li ip6.accept_rtadv 1257If set to non-zero, the node will accept ICMPv6 router advertisement packets 1258and autoconfigures address prefixes and default routers. 1259The node must be a host 1260.Pq not a router 1261for the option to be meaningful. 1262.It Li ip6.keepfaith 1263If set to non-zero, it enables 1264.Dq FAITH 1265TCP relay IPv6-to-IPv4 translator code in the kernel. 1266Refer 1267.Xr faith 4 1268and 1269.Xr faithd 8 1270for detail. 1271.It Li ip6.log_interval 1272The variable controls amount of logs generated by IPv6 packet 1273forwarding engine, by setting interval between log output 1274.Pq in seconds . 1275.It Li ip6.hdrnestlimit 1276The number of IPv6 extension headers permitted on incoming IPv6 packets. 1277If set to 0, the node will accept as many extension headers as possible. 1278.It Li ip6.dad_count 1279The variable configures number of IPv6 DAD 1280.Pq duplicated address detection 1281probe packets. 1282The packets will be generated when IPv6 interface addresses are configured. 1283.It Li ip6.auto_flowlabel 1284On connected transport protocol packets, 1285fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1286.It Li ip6.defmcasthlim 1287The default hop limit value for an IPv6 multicast packet sourced by the node. 1288This value applies to all the transport protocols on top of IPv6. 1289There are APIs to override the value, as documented in 1290.Xr ip6 4 . 1291.It Li ip6.gif_hlim 1292The maximum hop limit value for an IPv6 packet generated by 1293.Xr gif 4 1294tunnel interface. 1295.It Li ip6.kame_version 1296The string identifies the version of KAME IPv6 stack implemented in the kernel. 1297.It Li ip6.use_deprecated 1298The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1299.It Li ip6.rr_prune 1300The variable specifies interval between IPv6 router renumbering prefix 1301babysitting, in seconds. 1302.It Li ip6.v6only 1303The variable specifies initial value for 1304.Dv IPV6_V6ONLY 1305socket option for 1306.Dv AF_INET6 1307socket. 1308Please refer to 1309.Xr ip6 4 1310for detail. 1311.It Li ip6.anonportmin 1312The lowest port number to use for TCP and UDP ephemeral port allocation. 1313This cannot be set to less than 1024 or greater than 65535. 1314.It Li ip6.anonportmax 1315The highest port number to use for TCP and UDP ephemeral port allocation. 1316This cannot be set to less than 1024 or greater than 65535, and must 1317be greater than 1318.Li ip6.anonportmin . 1319.It Li ip6.lowportmin 1320The lowest port number to use for TCP and UDP reserved port allocation. 1321This cannot be set to less than 0 or greater than 1024, and must 1322be smaller than 1323.Li ip6.lowportmax . 1324.It Li ip6.lowportmax 1325The highest port number to use for TCP and UDP reserved port allocation. 1326This cannot be set to less than 0 or greater than 1024, and must 1327be greater than 1328.Li ip6.lowportmin . 1329.It Li ip6.maxfrags 1330The maximum number of fragments the node will accept. 13310 means that the node will not accept any fragments. 1332\-1 means that the node will accept as many fragments as it receives. 1333The flag is provided basically for avoiding possible DoS attacks. 1334.It Li icmp6.rediraccept 1335If set to non-zero, the host will accept ICMPv6 redirect packets. 1336Note that IPv6 routers will never accept ICMPv6 redirect packets, 1337and the variable is meaningful on IPv6 hosts 1338.Pq non-router 1339only. 1340.It Li icmp6.redirtimeout 1341The variable specifies lifetime of routing entries generated by incoming 1342ICMPv6 redirect. 1343.It Li icmp6.nd6_prune 1344The variable specifies interval between IPv6 neighbor cache babysitting, 1345in seconds. 1346.It Li icmp6.nd6_delay 1347The variable specifies 1348.Dv DELAY_FIRST_PROBE_TIME 1349timing constant in IPv6 neighbor discovery specification 1350.Pq RFC 2461 , 1351in seconds. 1352.It Li icmp6.nd6_umaxtries 1353The variable specifies 1354.Dv MAX_UNICAST_SOLICIT 1355constant in IPv6 neighbor discovery specification 1356.Pq RFC 2461 . 1357.It Li icmp6.nd6_mmaxtries 1358The variable specifies 1359.Dv MAX_MULTICAST_SOLICIT 1360constant in IPv6 neighbor discovery specification 1361.Pq RFC 2461 . 1362.It Li icmp6.nd6_useloopback 1363If set to non-zero, kernel IPv6 stack will use loopback interface for 1364local traffic. 1365.It Li icmp6.nodeinfo 1366The variable enables responses to ICMPv6 node information queries. 1367If you set the variable to 0, responses will not be generated for 1368ICMPv6 node information queries. 1369Since node information queries can have a security impact, it is 1370possible to fine tune which responses should be answered. 1371Two separate bits can be set. 1372.Bl -tag -width "12345" 1373.It 1 1374Respond to ICMPv6 FQDN queries, e.g. 1375.Li ping6 -w . 1376.It 2 1377Respond to ICMPv6 node addresses queries, e.g. 1378.Li ping6 -a . 1379.El 1380.It Li icmp6.errppslimit 1381The variable specifies the maximum number of outgoing ICMPv6 error messages, 1382per second. 1383ICMPv6 error messages that exceeded the value are subject to rate limitation 1384and will not go out from the node. 1385Negative value disables rate limitation. 1386.It Li icmp6.nd6_maxnudhint 1387IPv6 neighbor discovery permits upper layer protocols to supply reachability 1388hints, to avoid unnecessary neighbor discovery exchanges. 1389The variable defines the number of consecutive hints the neighbor discovery 1390layer will take. 1391For example, by setting the variable to 3, neighbor discovery layer 1392will take 3 consecutive hints in maximum. 1393After receiving 3 hints, neighbor discovery layer will perform 1394normal neighbor discovery process. 1395.It Li icmp6.mtudisc_hiwat 1396.It Li icmp6.mtudisc_lowat 1397The variables define the maximum number of routing table entries, 1398created due to path MTU discovery 1399.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1400When IPv6 path MTU discovery happens, we keep path MTU information into 1401the routing table. 1402If the number of routing table entries exceed the value, 1403the kernel will not attempt to keep the path MTU information. 1404.Li icmp6.mtudisc_hiwat 1405is used when we have verified ICMPv6 too big messages. 1406.Li icmp6.mtudisc_lowat 1407is used when we have unverified ICMPv6 too big messages. 1408Verification is performed by using address/port pairs kept in connected pcbs. 1409Negative value disables the upper limit. 1410.It Li icmp6.nd6_debug 1411If set to non-zero, kernel IPv6 neighbor discovery code will generate 1412debugging messages. 1413The debug outputs are useful to diagnose IPv6 interoperability issues. 1414The flag must be set to 0 for normal operation. 1415.El 1416.Pp 1417We reuse net.*.tcp for 1418.Tn TCP 1419over 1420.Tn IPv6 , 1421and therefore we do not have variables net.*.tcp6. 1422Variables net.inet6.udp6 have identical meaning to net.inet.udp. 1423Please refer to 1424.Li PF_INET 1425section above. 1426For variables net.*.ipsec6, please refer to 1427.Xr ipsec 4 . 1428.It Li PF_KEY 1429Get or set various global information about the IPsec key management. 1430The third level name is the variable name. 1431The currently defined variable and names are: 1432.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent 1433.It Sy Variable name Type Changeable 1434.It debug integer yes 1435.It spi_try integer yes 1436.It spi_min_value integer yes 1437.It spi_max_value integer yes 1438.It larval_lifetime integer yes 1439.It blockacq_count integer yes 1440.It blockacq_lifetime integer yes 1441.It esp_keymin integer yes 1442.It esp_auth integer yes 1443.It ah_keymin integer yes 1444.El 1445The variables are as follows: 1446.Bl -tag -width "123456" 1447.It Li debug 1448Turn on debugging message from within the kernel. 1449The value is a bitmap, as defined in 1450.Pa /usr/include/netkey/key_debug.h . 1451.It Li spi_try 1452The number of times the kernel will try to obtain an unique SPI 1453when it generates it from random number generator. 1454.It Li spi_min_value 1455Minimum SPI value when generating it within the kernel. 1456.It Li spi_max_value 1457Maximum SPI value when generating it within the kernel. 1458.It Li larval_lifetime 1459Lifetime for LARVAL SAD entries, in seconds. 1460.It Li blockacq_count 1461Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 1462It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 1463key management daemon. 1464.It Li blockacq_lifetime 1465Lifetime of ACQUIRE PF_KEY message. 1466.It Li esp_keymin 1467Minimum ESP key length, in bits. 1468The value is used when the kernel creates proposal payload 1469on ACQUIRE PF_KEY message. 1470.It Li esp_auth 1471Whether ESP authentication should be used or not. 1472Non-zero value indicates that ESP authentication should be used. 1473The value is used when the kernel creates proposal payload 1474on ACQUIRE PF_KEY message. 1475.It Li ah_keymin 1476Minimum AH key length, in bits, 1477The value is used when the kernel creates proposal payload 1478on ACQUIRE PF_KEY message. 1479.El 1480.El 1481.Sh CTL_PROC 1482The string and integer information available for the CTL_PROC 1483is detailed below. 1484The changeable column shows whether a process with appropriate 1485privilege may change the value. 1486These values are per-process, 1487and as such may change from one process to another. 1488When a process is created, 1489the default values are inherited from its parent. 1490When a set-user-ID or set-group-ID binary is executed, the 1491value of PROC_PID_CORENAME is reset to the system default value. 1492The second level name is either the magic value PROC_CURPROC, which 1493points to the current process, or the PID of the target process. 1494.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent 1495.It Sy Third level name Type Changeable 1496.It PROC\_PID\_CORENAME string yes 1497.It PROC\_PID\_LIMIT node not applicable 1498.It PROC\_PID\_STOPFORK int yes 1499.It PROC\_PID\_STOPEXEC int yes 1500.It PROC\_PID\_STOPEXIT int yes 1501.El 1502.Bl -tag -width "123456" 1503.Pp 1504.It Li PROC_PID_CORENAME 1505The template used for the core dump file name (see 1506.Xr core 5 1507for details). 1508The base name must either be 1509.Nm core 1510or end with the suffix ``.core'' (the super-user may set arbitrary names). 1511By default it points to KERN_DEFCORENAME. 1512.It Li PROC_PID_LIMIT 1513Return resources limits, as defined for the 1514.Xr getrlimit 2 1515and 1516.Xr setrlimit 2 1517system calls. 1518The fourth level name is one of: 1519.Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA 1520.It Li PROC_PID_LIMIT_CPU 1521The maximum amount of CPU time (in seconds) to be used by each process. 1522.It Li PROC_PID_LIMIT_FSIZE 1523The largest size (in bytes) file that may be created. 1524.It Li PROC_PID_LIMIT_DATA 1525The maximum size (in bytes) of the data segment for a process; 1526this defines how far a program may extend its break with the 1527.Xr sbrk 2 1528system call. 1529.It Li PROC_PID_LIMIT_STACK 1530The maximum size (in bytes) of the stack segment for a process; 1531this defines how far a program's stack segment may be extended. 1532Stack extension is performed automatically by the system. 1533.It Li PROC_PID_LIMIT_CORE 1534The largest size (in bytes) 1535.Pa core 1536file that may be created. 1537.It Li PROC_PID_LIMIT_RSS 1538The maximum size (in bytes) to which a process's resident set size may 1539grow. 1540This imposes a limit on the amount of physical memory to be given to 1541a process; if memory is tight, the system will prefer to take memory 1542from processes that are exceeding their declared resident set size. 1543.It Li PROC_PID_LIMIT_MEMLOCK 1544The maximum size (in bytes) which a process may lock into memory 1545using the 1546.Xr mlock 2 1547function. 1548.It Li PROC_PID_LIMIT_NPROC 1549The maximum number of simultaneous processes for this user id. 1550.It Li PROC_PID_LIMIT_NOFILE 1551The maximum number of open files for this process. 1552.El 1553.Pp 1554The fifth level name is one of PROC_PID_LIMIT_TYPE_SOFT or 1555PROC_PID_LIMIT_TYPE_HARD, to select respectively the soft or hard limit. 1556Both are of type integer. 1557.It Li PROC_PID_STOPFORK 1558If non zero, the process' children will be stopped after 1559.Xr fork 2 1560calls. 1561The children is created in the SSTOP state and is never scheduled 1562for running before being stopped. 1563This feature helps attaching a process with a debugger such as 1564.Xr gdb 1 1565before it had the opportunity to actually do anything. 1566.Pp 1567This value is inherited by the process's children, and it also 1568apply to emulation specific system calls that fork a new process, such as 1569.Fn sproc 1570or 1571.Fn clone . 1572.It Li PROC_PID_STOPEXEC 1573If non zero, the process will be stopped on next 1574.Xr exec 3 1575call. 1576The process created by 1577.Xr exec 3 1578is created in the SSTOP state and is never scheduled for running 1579before being stopped. 1580This feature helps attaching a process with a debugger such as 1581.Xr gdb 1 1582before it had the opportunity to actually do anything. 1583.Pp 1584This value is inherited by the process's children. 1585.It Li PROC_PID_STOPEXIT 1586If non zero, the process will be stopped on when it has cause to exit, 1587either by way of calling 1588.Xr exit 3 , 1589.Xr _exit 2 , 1590or by the receipt of a specific signal. 1591The process is stopped before any of its resources or vm space is 1592released allowing examination of the termination state of a process 1593before it disappears. 1594This feature can be used to examine the final conditions of the 1595process's vmspace via 1596.Xr pmap 1 1597or its resource settings with 1598.Xr sysctl 8 1599before it disappears. 1600.Pp 1601This value is also inherited by the process's children. 1602.El 1603.Sh CTL_USER 1604The string and integer information available for the CTL_USER level 1605is detailed below. 1606The changeable column shows whether a process with appropriate 1607privilege may change the value. 1608.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent 1609.It Sy Second level name Type Changeable 1610.It USER\_BC\_BASE\_MAX integer no 1611.It USER\_BC\_DIM\_MAX integer no 1612.It USER\_BC\_SCALE\_MAX integer no 1613.It USER\_BC\_STRING\_MAX integer no 1614.It USER\_COLL\_WEIGHTS\_MAX integer no 1615.It USER\_CS\_PATH string no 1616.It USER\_EXPR\_NEST\_MAX integer no 1617.It USER\_LINE\_MAX integer no 1618.It USER\_POSIX2\_CHAR\_TERM integer no 1619.It USER\_POSIX2\_C\_BIND integer no 1620.It USER\_POSIX2\_C\_DEV integer no 1621.It USER\_POSIX2\_FORT\_DEV integer no 1622.It USER\_POSIX2\_FORT\_RUN integer no 1623.It USER\_POSIX2\_LOCALEDEF integer no 1624.It USER\_POSIX2\_SW\_DEV integer no 1625.It USER\_POSIX2\_UPE integer no 1626.It USER\_POSIX2\_VERSION integer no 1627.It USER\_RE\_DUP\_MAX integer no 1628.It USER\_STREAM\_MAX integer no 1629.It USER\_TZNAME\_MAX integer no 1630.It USER\_ATEXIT\_MAX integer no 1631.El 1632.Bl -tag -width "123456" 1633.Pp 1634.It Li USER_BC_BASE_MAX 1635The maximum ibase/obase values in the 1636.Xr bc 1 1637utility. 1638.It Li USER_BC_DIM_MAX 1639The maximum array size in the 1640.Xr bc 1 1641utility. 1642.It Li USER_BC_SCALE_MAX 1643The maximum scale value in the 1644.Xr bc 1 1645utility. 1646.It Li USER_BC_STRING_MAX 1647The maximum string length in the 1648.Xr bc 1 1649utility. 1650.It Li USER_COLL_WEIGHTS_MAX 1651The maximum number of weights that can be assigned to any entry of 1652the LC_COLLATE order keyword in the locale definition file. 1653.It Li USER_CS_PATH 1654Return a value for the 1655.Ev PATH 1656environment variable that finds all the standard utilities. 1657.It Li USER_EXPR_NEST_MAX 1658The maximum number of expressions that can be nested within 1659parenthesis by the 1660.Xr expr 1 1661utility. 1662.It Li USER_LINE_MAX 1663The maximum length in bytes of a text-processing utility's input 1664line. 1665.It Li USER_POSIX2_CHAR_TERM 1666Return 1 if the system supports at least one terminal type capable of 1667all operations described in POSIX 1003.2, otherwise 0. 1668.It Li USER_POSIX2_C_BIND 1669Return 1 if the system's C-language development facilities support the 1670C-Language Bindings Option, otherwise 0. 1671.It Li USER_POSIX2_C_DEV 1672Return 1 if the system supports the C-Language Development Utilities Option, 1673otherwise 0. 1674.It Li USER_POSIX2_FORT_DEV 1675Return 1 if the system supports the FORTRAN Development Utilities Option, 1676otherwise 0. 1677.It Li USER_POSIX2_FORT_RUN 1678Return 1 if the system supports the FORTRAN Runtime Utilities Option, 1679otherwise 0. 1680.It Li USER_POSIX2_LOCALEDEF 1681Return 1 if the system supports the creation of locales, otherwise 0. 1682.It Li USER_POSIX2_SW_DEV 1683Return 1 if the system supports the Software Development Utilities Option, 1684otherwise 0. 1685.It Li USER_POSIX2_UPE 1686Return 1 if the system supports the User Portability Utilities Option, 1687otherwise 0. 1688.It Li USER_POSIX2_VERSION 1689The version of POSIX 1003.2 with which the system attempts to comply. 1690.It Li USER_RE_DUP_MAX 1691The maximum number of repeated occurrences of a regular expression 1692permitted when using interval notation. 1693.ne 1i 1694.It Li USER_STREAM_MAX 1695The minimum maximum number of streams that a process may have open 1696at any one time. 1697.It Li USER_TZNAME_MAX 1698The minimum maximum number of types supported for the name of a 1699timezone. 1700.It Li USER_ATEXIT_MAX 1701The maximum number of functions that may be registered with 1702.Xr atexit 3 . 1703.El 1704.Sh CTL_VM 1705The string and integer information available for the CTL_VM level 1706is detailed below. 1707The changeable column shows whether a process with appropriate 1708privilege may change the value. 1709.Bl -column "Second level nameXXXXXX" "struct loadavgXXX" -offset indent 1710.It Sy Second level name Type Changeable 1711.It VM\_ANONMAX int yes 1712.It VM\_ANONMIN int yes 1713.It VM\_BUFCACHE int yes 1714.It VM\_BUFMEM int no 1715.It VM\_BUFMEM_LOWATER int yes 1716.It VM\_BUFMEM_HIWATER int yes 1717.It VM\_EXECMAX int yes 1718.It VM\_EXECMIN int yes 1719.It VM\_FILEMAX int yes 1720.It VM\_FILEMIN int yes 1721.It VM\_LOADAVG struct loadavg no 1722.It VM\_MAXSLP int no 1723.It VM\_METER struct vmtotal no 1724.It VM\_NKMEMPAGES int no 1725.It VM\_USPACE int no 1726.It VM\_UVMEXP struct uvmexp no 1727.It VM\_UVMEXP2 struct uvmexp_sysctl no 1728.El 1729.Pp 1730.Bl -tag -width "123456" 1731.It Li VM_ANONMAX 1732The percentage of physical memory which will be reclaimed 1733from other types of memory usage to store anonymous application data. 1734.It Li VM_ANONMIN 1735The percentage of physical memory which will be always be available for 1736anonymous application data. 1737.It Li VM_BUFCACHE 1738The percentage of kernel memory which will be available 1739for the buffer cache. 1740.It Li VM_BUFMEM 1741The amount of kernel memory that is being used by the buffer cache. 1742.It Li VM_BUFMEM_LOWATER 1743The minimum amount of kernel memory to reserve for the 1744buffer cache. 1745.It Li VM_BUFMEM_HIWATER 1746The maximum amount of kernel memory to be used for the 1747buffer cache. 1748.It Li VM_EXECMAX 1749The percentage of physical memory which will be reclaimed 1750from other types of memory usage to store cached executable data. 1751.It Li VM_EXECMIN 1752The percentage of physical memory which will be always be available for 1753cached executable data. 1754.It Li VM_FILEMAX 1755The percentage of physical memory which will be reclaimed 1756from other types of memory usage to store cached file data. 1757.It Li VM_FILEMIN 1758The percentage of physical memory which will be always be available for 1759cached file data. 1760.It Li VM_LOADAVG 1761Return the load average history. 1762The returned data consists of a 1763.Va struct loadavg . 1764.It Li VM_MAXSLP 1765The value of the maxslp kernel global variable. 1766.It Li VM_METER 1767Return system wide virtual memory statistics. 1768The returned data consists of a 1769.Va struct vmtotal . 1770.It Li VM_USPACE 1771The number of bytes allocated for each kernel stack. 1772.It Li VM_UVMEXP 1773Return system wide virtual memory statistics. 1774The returned data consists of a 1775.Va struct uvmexp . 1776.It Li VM_UVMEXP2 1777Return system wide virtual memory statistics. 1778The returned data consists of a 1779.Va struct uvmexp_sysctl . 1780.El 1781.Sh CTL_DDB 1782The integer information available for the CTL_DDB level is detailed below. 1783The changeable column shows whether a process with appropriate 1784privilege may change the value. 1785.Bl -column "DBCTL_TABSTOPSXXX" "integerXXX" -offset indent 1786.It Sy Second level name Type Changeable 1787.It DBCTL\_RADIX integer yes 1788.It DBCTL\_MAXOFF integer yes 1789.It DBCTL\_LINES integer yes 1790.It DBCTL\_TABSTOPS integer yes 1791.It DBCTL\_ONPANIC integer yes 1792.It DBCTL\_FROMCONSOLE integer yes 1793.El 1794.Pp 1795.Bl -tag -width "123456" 1796.It Li DBCTL_RADIX 1797The input and output radix. 1798.It Li DBCTL_MAXOFF 1799The maximum symbol offset. 1800.It Li DBCTL_LINES 1801Number of display lines. 1802.It Li DBCTL_TABSTOPS 1803Tab width. 1804.It Li DBCTL_ONPANIC 1805If non-zero, DDB will be entered when the kernel panics. 1806.It Li DBCTL_FROMCONSOLE 1807If not zero, DDB may be entered by sending a break on a serial 1808console or by a special key sequence on a graphics console. 1809.El 1810.Pp 1811These MIB nodes are also available as variables from within the DDB. 1812See 1813.Xr ddb 4 1814for more details. 1815.Sh CTL_VENDOR 1816The "vendor" toplevel name is reserved to be used by vendors who wish to 1817have their own private MIB tree. 1818Intended use is to store values under 1819.Dq vendor.\*[Lt]yourname\*[Gt].* . 1820.Sh DYNAMIC OPERATIONS 1821Several meta-identifiers are provided to perform operations on the 1822.Nm 1823tree itself, or support alternate means of accessing the data 1824instrumented by the 1825.Nm 1826tree. 1827.Bl -column CTLXCREATESYMXXX 1828.It Sy Name Description 1829.It CTL\_QUERY Retrieve a mapping of names to numbers below a given node 1830.It CTL\_CREATE Create a new node 1831.It CTL\_CREATESYM Create a new node by its kernel symbol 1832.It CTL\_DESTROY Destroy a node 1833.It CTL\_DESCRIBE Retrieve node descriptions 1834.El 1835.Pp 1836The core interface to all of these meta-functions is the structure 1837that the kernel uses to describe the tree internally, as defined in 1838.Aq Pa sys/sysctl.h 1839as: 1840.Pp 1841.Bd -literal 1842struct sysctlnode { 1843 uint32_t sysctl_flags; /* flags and type */ 1844 int32_t sysctl_num; /* mib number */ 1845 char sysctl_name[SYSCTL_NAMELEN]; /* node name */ 1846 uint32_t sysctl_ver; /* node's version vs. rest of tree */ 1847 uint32_t __rsvd; 1848 union { 1849 struct { 1850 uint32_t suc_csize; /* size of child node array */ 1851 uint32_t suc_clen; /* number of valid children */ 1852 struct sysctlnode* suc_child; /* array of child nodes */ 1853 } scu_child; 1854 struct { 1855 void *sud_data; /* pointer to external data */ 1856 size_t sud_offset; /* offset to data */ 1857 } scu_data; 1858 int32_t scu_alias; /* node this node refers to */ 1859 int32_t scu_idata; /* immediate "int" data */ 1860 u_quad_t scu_qdata; /* immediate "u_quad_t" data */ 1861 } sysctl_un; 1862 size_t _sysctl_size; /* size of instrumented data */ 1863 sysctlfn _sysctl_func; /* access helper function */ 1864 struct sysctlnode *sysctl_parent; /* parent of this node */ 1865 const char *sysctl_desc; /* description of node */ 1866}; 1867 1868#define sysctl_csize sysctl_un.scu_child.suc_csize 1869#define sysctl_clen sysctl_un.scu_child.suc_clen 1870#define sysctl_child sysctl_un.scu_child.suc_child 1871#define sysctl_data sysctl_un.scu_data.sud_data 1872#define sysctl_offset sysctl_un.scu_data.sud_offset 1873#define sysctl_alias sysctl_un.scu_alias 1874#define sysctl_idata sysctl_un.scu_idata 1875#define sysctl_qdata sysctl_un.scu_qdata 1876.Ed 1877.Pp 1878Querying the tree to discover the name to number mapping permits 1879dynamic discovery of all the data that the tree currently has 1880instrumented. 1881For example, to discover all the nodes below the 1882CTL_VFS node: 1883.Pp 1884.Bd -literal -offset indent -compact 1885struct sysctlnode query, vfs[128]; 1886int mib[2]; 1887size_t len; 1888.sp 1889mib[0] = CTL_VFS; 1890mib[1] = CTL_QUERY; 1891memset(\*[Am]query, 0, sizeof(query)); 1892query.sysctl_flags = SYSCTL_VERSION; 1893len = sizeof(vfs); 1894sysctl(mib, 2, \*[Am]vfs[0], \*[Am]len, \*[Am]query, sizeof(query)); 1895.Ed 1896.Pp 1897Note that a reference to an empty node with 1898.Fa sysctl_flags 1899set to 1900.Dv SYSCTL_VERSION 1901is passed to sysctl in order to indicate the version that the program 1902is using. 1903All dynamic operations passing nodes into sysctl require that the 1904version be explicitly specified. 1905.Pp 1906Creation and destruction of nodes works by constructing part of a new 1907node description (or a description of the existing node) and invoking 1908CTL_CREATE (or CTL_CREATESYM) or CTL_DESTROY at the parent of the new 1909node, with a pointer to the new node passed via the 1910.Fa new 1911and 1912.Fa newlen 1913arguments. 1914If valid values for 1915.Fa old 1916and 1917.Fa oldlenp 1918are passed, a copy of the new node once in the tree will be returned. 1919If the create operation fails because a node with the same name or MIB 1920number exists, a copy of the conflicting node will be returned. 1921.Pp 1922The minimum requirements for creating a node are setting the 1923.Fa sysctl_flags 1924to indicate the new node's type, 1925.Fa sysctl_num 1926to either the new node's number (or CTL_CREATE or CTL_CREATESYM if a 1927dynamically allocated MIB number is acceptable), 1928.Fa sysctl_size 1929to the size of the data to be instrumented (which must agree with the 1930given type), and 1931.Fa sysctl_name 1932must be set to the new node's name. 1933Nodes that are not of type 1934.Dq node 1935must also have some description of the data to be instrumented, which 1936will vary depending on what is to be instrumented. 1937.Pp 1938If existing kernel data is to be covered by this new node, its address 1939should be given in 1940.Fa sysctl_data 1941or, if CTL_CREATESYM is used, 1942.Fa sysctl_data 1943should be set to a string containing its name from the kernel's symbol 1944table. 1945If new data is to be instrumented and an initial value is available, 1946the new integer or quad type data should be placed into either 1947.Fa sysctl_idata 1948or 1949.Fa sysctl_qdata , 1950respectively, along with the SYSCTL_IMMEDIATE flag being set, or 1951.Fa sysctl_data 1952should be set to point to a copy of the new data, and the 1953SYSCTL_OWNDATA flag must be set. 1954This latter method is the only way that new string and struct type 1955nodes can be initialized. 1956Invalid kernel addresses are accepted, but any attempt to access those 1957nodes will return an error. 1958.Pp 1959The 1960.Fa sysctl_csize , 1961.Fa sysctl_clen , 1962.Fa sysctl_child , 1963.Fa sysctl_parent , 1964and 1965.Fa sysctl_alias 1966members are used by the kernel to link the tree together and must be 1967.Dv NULL 1968or 0. 1969Nodes created in this manner cannot have helper functions, so 1970.Fa sysctl_func 1971must also be 1972.Dv NULL . 1973If the 1974.Fa sysctl_ver 1975member is non-zero, it must match either the version of the parent or 1976the version at the root of the MIB or an error is returned. 1977This can be used to ensure that nodes are only added or removed from a 1978known state of the tree. 1979Note: It may not be possible to determine the version at the root 1980of the tree. 1981.Pp 1982This example creates a new subtree and adds a node to it that controls the 1983.Fa audiodebug 1984kernel variable, thereby making it tunable at at any time, without 1985needing to use 1986.Xr ddb 4 1987or 1988.Xr kvm 3 1989to alter the kernel's memory directly. 1990.Pp 1991.Bd -literal -offset indent -compact 1992struct sysctlnode node; 1993int mib[2]; 1994size_t len; 1995.sp 1996mib[0] = CTL_CREATE; /* create at top-level */ 1997len = sizeof(node); 1998memset(\*[Am]node, 0, len); 1999node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_NODE; 2000snprintf(node.sysctl_name, sizeof(node.sysctl_name), "local"); 2001node.sysctl_num = CTL_CREATE; /* request dynamic MIB number */ 2002sysctl(\*[Am]mib[0], 1, \*[Am]node, \*[Am]len, \*[Am]node, len); 2003.sp 2004mib[0] = node.sysctl_num; /* use new MIB number */ 2005mib[1] = CTL_CREATESYM; /* create at second level */ 2006len = sizeof(node); 2007memset(\*[Am]node, 0, len); 2008node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_INT; 2009snprintf(node.sysctl_name, sizeof(node.sysctl_name), "audiodebug"); 2010node.sysctl_num = CTL_CREATE; 2011node.sysctl_data = "audiodebug"; /* kernel symbol to be used */ 2012sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 2013.Ed 2014.Pp 2015The process for deleting nodes is similar, but less data needs to 2016be supplied. 2017Only the 2018.Fa sysctl_num 2019field 2020needs to be filled in; almost all other fields must be left blank. 2021The 2022.Fa sysctl_name 2023and/or 2024.Fa sysctl_ver 2025fields can be filled in with the name and version of the existing node 2026as additional checks on what will be deleted. 2027If all the given data fail to match any node, nothing will be deleted. 2028If valid values for 2029.Fa old 2030and 2031.Fa oldlenp 2032are supplied and a node is deleted, a copy of what was in the MIB tree 2033will be returned. 2034.Pp 2035This sample code shows the deletion of the two nodes created in the 2036above example: 2037.Pp 2038.Bd -literal -offset indent -compact 2039int mib[2]; 2040.sp 2041len = sizeof(node); 2042memset(\*[Am]node, 0, len); 2043node.sysctl_flags = SYSCTL_VERSION; 2044.sp 2045mib[0] = 3214; /* assumed number for "local" */ 2046mib[1] = CTL_DESTROY; 2047node.sysctl_num = 3215; /* assumed number for "audiodebug" */ 2048sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 2049.sp 2050mib[0] = CTL_DESTROY; 2051node.sysctl_num = 3214; /* now deleting "local" */ 2052sysctl(\*[Am]mib[0], 1, NULL, NULL, \*[Am]node, len); 2053.Ed 2054.Pp 2055Descriptions of each of the nodes can also be retrieved, if they are 2056available. 2057Descriptions can be retrieved in bulk at each level or on a per-node 2058basis. 2059The layout of the buffer into which the descriptions are returned is a 2060series of variable length structures, each of which describes its own 2061size. 2062The length indicated includes the terminating 2063.Sq nul 2064character. 2065Nodes that have no description or where the description is not 2066available are indicated by an empty string. 2067The 2068.Fa descr_ver 2069will match the 2070.Fa sysctl_ver 2071value for a given node, so that descriptions for nodes whose number 2072have been recycled can be detected and ignored or discarded. 2073.Pp 2074.Bd -literal 2075struct sysctldesc { 2076 int32_t descr_num; /* mib number of node */ 2077 uint32_t descr_ver; /* version of node */ 2078 uint32_t descr_len; /* length of description string */ 2079 char descr_str[1]; /* not really 1...see above */ 2080}; 2081.Ed 2082.Pp 2083The 2084.Fn NEXT_DESCR 2085macro can be used to skip to the next description in the retrieved 2086list. 2087.Pp 2088.Bd -literal -offset indent -compact 2089struct sysctlnode desc; 2090struct sysctldesc *d; 2091char buf[1024]; 2092int mib[2]; 2093size_t len; 2094.sp 2095/* retrieve kern-level descriptions */ 2096mib[0] = CTL_KERN; 2097mib[1] = CTL_DESCRIBE; 2098d = (struct sysctldesc *)\*[Am]buf[0]; 2099len = sizeof(buf); 2100sysctl(mib, 2, d, \*[Am]len, NULL, 0); 2101while ((caddr_t)d \*[Lt] (caddr_t)\*[Am]buf[len]) { 2102 printf("node %d: %.*s\\n", d-\*[Gt]descr_num, d-\*[Gt]descr_len, 2103 d-\*[Gt]descr_str); 2104 d = NEXT_DESCR(d); 2105} 2106.sp 2107/* retrieve description for kern.securelevel */ 2108memset(\*[Am]desc, 0, sizeof(desc)); 2109desc.sysctl_flags = SYSCTL_VERSION; 2110desc.sysctl_num = KERN_SECURELEVEL; 2111d = (struct sysctldesc *)\*[Am]buf[0]; 2112len = sizeof(buf); 2113sysctl(mib, 2, d, \*[Am]len, \*[Am]desc, sizeof(desc)); 2114printf("kern.securelevel: %.*s\\n", d-\*[Gt]descr_len, d-\*[Gt]descr_str); 2115.Ed 2116.Pp 2117Descriptions can also be set as follows, subject to the following rules: 2118.Pp 2119.Bl -bullet -compact 2120.It 2121The kernel securelevel is at zero or lower 2122.It 2123The caller has super-user privileges 2124.It 2125The node does not currently have a description 2126.It 2127The node is not marked as 2128.Dq permanent 2129.El 2130.Pp 2131.Bd -literal -offset indent -compact 2132struct sysctlnode desc; 2133int mib[2]; 2134.sp 2135/* presuming the given top-level node was just added... */ 2136mib[0] = 3214; /* mib numbers taken from previous examples */ 2137mib[1] = CTL_DESCRIBE; 2138memset(\*[Am]desc, 0, sizeof(desc)); 2139desc.sysctl_flags = SYSCTL_VERSION; 2140desc.sysctl_num = 3215; 2141desc.sysctl_desc = "audio debug control knob"; 2142sysctl(mib, 2, NULL, NULL, \*[Am]desc, sizeof(desc)); 2143.Ed 2144.Pp 2145Upon successfully setting a description, the new description will be 2146returned in the space indicated by the 2147.Fa oldp 2148and 2149.Fa oldlenp 2150arguments. 2151.Pp 2152The 2153.Fa sysctl_flags 2154field in the struct sysctlnode contains the sysctl version, node type 2155information, and a number of flags. 2156The macros 2157.Fn SYSCTL_VERS , 2158.Fn SYSCTL_TYPE , 2159and 2160.Fn SYSCTL_FLAGS 2161can be used to access the different fields. 2162Valid flags are: 2163.Bl -column CTLFLAGXPERMANENTXXX 2164.It Sy Name Description 2165.It CTLFLAG\_READONLY Node is read-only 2166.It CTLFLAG\_READONLY1 Node becomes read-only at securelevel 1 2167.It CTLFLAG\_READONLY2 Node becomes read-only at securelevel 2 2168.It CTLFLAG\_READWRITE Node is writable by the superuser 2169.It CTLFLAG\_ANYWRITE Node is writable by anyone 2170.It CTLFLAG\_PRIVATE Node is readable only by the superuser 2171.It CTLFLAG\_PERMANENT Node cannot be removed (cannot be set by 2172processes) 2173.It CTLFLAG\_OWNDATA Node owns data and does not instrument 2174existing data 2175.It CTLFLAG\_IMMEDIATE Node contains instrumented data and does not 2176instrument existing data 2177.It CTLFLAG\_HEX Node's contents should be displayed in a hexadecimal 2178form 2179.It CTLFLAG\_ROOT Node is the root of a tree (cannot be set at 2180any time) 2181.It CTLFLAG\_ANYNUMBER Node matches any MIB number (cannot be set by 2182processes) 2183.It CTLFLAG\_HIDDEN Node not displayed by default 2184.It CTLFLAG\_ALIAS Node refers to a sibling node (cannot be set 2185by processes) 2186.It CTLFLAG\_OWNDESC Node owns its own description string space 2187.El 2188.Sh RETURN VALUES 2189If the call to 2190.Nm 2191is successful, the number of bytes copied out is returned. 2192Otherwise \-1 is returned and 2193.Va errno 2194is set appropriately. 2195.Sh FILES 2196.Bl -tag -width \*[Lt]netinet6/udp6Xvar.h\*[Gt] -compact 2197.It Aq Pa sys/sysctl.h 2198definitions for top level identifiers, second level kernel and hardware 2199identifiers, and user level identifiers 2200.It Aq Pa sys/socket.h 2201definitions for second level network identifiers 2202.It Aq Pa sys/gmon.h 2203definitions for third level profiling identifiers 2204.It Aq Pa uvm/uvm_param.h 2205definitions for second level virtual memory identifiers 2206.It Aq Pa netinet/in.h 2207definitions for third level IPv4/v6 identifiers and 2208fourth level IPv4/v6 identifiers 2209.It Aq Pa netinet/icmp_var.h 2210definitions for fourth level ICMP identifiers 2211.It Aq Pa netinet/icmp6.h 2212definitions for fourth level ICMPv6 identifiers 2213.It Aq Pa netinet/tcp_var.h 2214definitions for fourth level TCP identifiers 2215.It Aq Pa netinet/udp_var.h 2216definitions for fourth level UDP identifiers 2217.It Aq Pa netinet6/udp6_var.h 2218definitions for fourth level IPv6 UDP identifiers 2219.It Aq Pa netinet6/ipsec.h 2220definitions for fourth level IPsec identifiers 2221.It Aq Pa netkey/key_var.h 2222definitions for third level PF_KEY identifiers 2223.It Aq Pa machine/cpu.h 2224definitions for second level machdep identifiers 2225.El 2226.Sh ERRORS 2227The following errors may be reported: 2228.Bl -tag -width Er 2229.It Bq Er EFAULT 2230The buffer 2231.Fa name , 2232.Fa oldp , 2233.Fa newp , 2234or length pointer 2235.Fa oldlenp 2236contains an invalid address, or the requested value is temporarily 2237unavailable. 2238.It Bq Er EINVAL 2239The 2240.Fa name 2241array is zero or greater than CTL_MAXNAME. 2242.It Bq Er EINVAL 2243A non-null 2244.Fa newp 2245is given and its specified length in 2246.Fa newlen 2247is too large or too small, or the given value is not acceptable for 2248the given node. 2249.It Bq Er ENOMEM 2250The length pointed to by 2251.Fa oldlenp 2252is too short to hold the requested value. 2253.It Bq Er EISDIR 2254The 2255.Fa name 2256array specifies an intermediate rather than terminal name. 2257.It Bq Er ENOTDIR 2258The 2259.Fa name 2260array specifies a node below a node that addresses data. 2261.It Bq Er ENOENT 2262The 2263.Fa name 2264array specifies a node that does not exist in the tree. 2265.It Bq Er ENOENT 2266An attempt was made to destroy a node that does not exist, or to 2267create or destroy a node below a node that does not exist. 2268.It Bq Er ENOTEMPTY 2269An attempt was made to destroy a node that still has children. 2270.It Bq Er EOPNOTSUPP 2271The 2272.Fa name 2273array specifies a value that is unknown or a meta-operation was 2274attempted that the requested node does not support. 2275.It Bq Er EPERM 2276An attempt is made to set a read-only value. 2277.It Bq Er EPERM 2278A process without appropriate privilege attempts to set a value or to 2279create or destroy a node. 2280.It Bq Er EPERM 2281An attempt to change a value protected by the current kernel security 2282level is made. 2283.El 2284.Sh SEE ALSO 2285.Xr ipsec 4 , 2286.Xr tcp 4 , 2287.Xr sysctl 8 2288.\" .Xr sysctl 9 2289.Sh HISTORY 2290The 2291.Nm 2292function first appeared in 2293.Bx 4.4 . 2294