1.\" $NetBSD: sysctl.3,v 1.56 2000/05/23 12:35:34 itojun Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the University of 17.\" California, Berkeley and its contributors. 18.\" 4. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 35.\" 36.Dd June 24, 1999 37.Dt SYSCTL 3 38.Os 39.Sh NAME 40.Nm sysctl 41.Nd get or set system information 42.Sh LIBRARY 43.Lb libc 44.Sh SYNOPSIS 45.Fd #include <sys/param.h> 46.Fd #include <sys/sysctl.h> 47.Ft int 48.Fn sysctl "int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" "void *newp" "size_t newlen" 49.Sh DESCRIPTION 50The 51.Nm 52function retrieves system information and allows processes with 53appropriate privileges to set system information. 54The information available from 55.Nm 56consists of integers, strings, and tables. 57Information may be retrieved and set from the command interface 58using the 59.Xr sysctl 8 60utility. 61.Pp 62Unless explicitly noted below, 63.Nm 64returns a consistent snapshot of the data requested. 65Consistency is obtained by locking the destination 66buffer into memory so that the data may be copied out without blocking. 67Calls to 68.Nm 69are serialized to avoid deadlock. 70.Pp 71The state is described using a ``Management Information Base'' (MIB) 72style name, listed in 73.Fa name , 74which is a 75.Fa namelen 76length array of integers. 77.Pp 78The information is copied into the buffer specified by 79.Fa oldp . 80The size of the buffer is given by the location specified by 81.Fa oldlenp 82before the call, 83and that location gives the amount of data copied after a successful call. 84If the amount of data available is greater 85than the size of the buffer supplied, 86the call supplies as much data as fits in the buffer provided 87and returns with the error code ENOMEM. 88If the old value is not desired, 89.Fa oldp 90and 91.Fa oldlenp 92should be set to NULL. 93.Pp 94The size of the available data can be determined by calling 95.Nm 96with a NULL parameter for 97.Fa oldp . 98The size of the available data will be returned in the location pointed to by 99.Fa oldlenp . 100For some operations, the amount of space may change often. 101For these operations, 102the system attempts to round up so that the returned size is 103large enough for a call to return the data shortly thereafter. 104.Pp 105To set a new value, 106.Fa newp 107is set to point to a buffer of length 108.Fa newlen 109from which the requested value is to be taken. 110If a new value is not to be set, 111.Fa newp 112should be set to NULL and 113.Fa newlen 114set to 0. 115.Pp 116The top level names are defined with a CTL_ prefix in 117.Pa <sys/sysctl.h> , 118and are as follows. 119The next and subsequent levels down are found in the include files 120listed here, and described in separate sections below. 121.Pp 122.Bl -column CTLXMACHDEPXXX "Next level namesXXXXXX" -offset indent 123.It Sy Pa Name Next level names Description 124.It CTL\_DEBUG sys/sysctl.h Debugging 125.It CTL\_VFS sys/mount.h Filesystem 126.It CTL\_HW sys/sysctl.h Generic CPU, I/O 127.It CTL\_KERN sys/sysctl.h High kernel limits 128.It CTL\_MACHDEP sys/sysctl.h Machine dependent 129.It CTL\_NET sys/socket.h Networking 130.It CTL\_PROC sys/sysctl.h Per-process 131.It CTL\_USER sys/sysctl.h User-level 132.It CTL\_VM vm/vm_param.h Virtual memory 133.El 134.Pp 135For example, the following retrieves the maximum number of processes allowed 136in the system: 137.Bd -literal -offset indent -compact 138int mib[2], maxproc; 139size_t len; 140.sp 141mib[0] = CTL_KERN; 142mib[1] = KERN_MAXPROC; 143len = sizeof(maxproc); 144sysctl(mib, 2, &maxproc, &len, NULL, 0); 145.Ed 146.sp 147To retrieve the standard search path for the system utilities: 148.Bd -literal -offset indent -compact 149int mib[2]; 150size_t len; 151char *p; 152.sp 153mib[0] = CTL_USER; 154mib[1] = USER_CS_PATH; 155sysctl(mib, 2, NULL, &len, NULL, 0); 156p = malloc(len); 157sysctl(mib, 2, p, &len, NULL, 0); 158.Ed 159.Sh CTL_DEBUG 160The debugging variables vary from system to system. 161A debugging variable may be added or deleted without need to recompile 162.Nm 163to know about it. 164Each time it runs, 165.Nm 166gets the list of debugging variables from the kernel and 167displays their current values. 168The system defines twenty 169.Ns ( Va struct ctldebug ) 170variables named 171.Dv debug0 172through 173.Dv debug19 . 174They are declared as separate variables so that they can be 175individually initialized at the location of their associated variable. 176The loader prevents multiple use of the same variable by issuing errors 177if a variable is initialized in more than one place. 178For example, to export the variable 179.Dv dospecialcheck 180as a debugging variable, the following declaration would be used: 181.Bd -literal -offset indent -compact 182int dospecialcheck = 1; 183struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; 184.Ed 185.Sh CTL_VFS 186A distinguished second level name, VFS_GENERIC, 187is used to get general information about all filesystems. 188One of its third level identifiers is VFS_MAXTYPENUM 189that gives the highest valid filesystem type number. 190Its other third level identifier is VFS_CONF that 191returns configuration information about the filesystem 192type given as a fourth level identifier. 193The remaining second level identifiers are the 194filesystem type number returned by a 195.Xr statfs 2 196call or from VFS_CONF. 197The third level identifiers available for each filesystem 198are given in the header file that defines the mount 199argument structure for that filesystem. 200.Sh CTL_HW 201The string and integer information available for the CTL_HW level 202is detailed below. 203The changeable column shows whether a process with appropriate 204privilege may change the value. 205.Bl -column "Second level nameXXXXXX" integerXXX -offset indent 206.It Sy Pa Second level name Type Changeable 207.It HW\_MACHINE string no 208.It HW\_MODEL string no 209.It HW\_NCPU integer no 210.It HW\_BYTEORDER integer no 211.It HW\_PHYSMEM integer no 212.It HW\_USERMEM integer no 213.It HW\_PAGESIZE integer no 214.\".It HW\_DISKNAMES struct no 215.\".It HW\_DISKSTATS struct no 216.It HW\_MACHINE\_ARCH string no 217.It HW\_ALIGNBYTES integer no 218.El 219.Pp 220.Bl -tag -width "123456" 221.It Li HW_MACHINE 222The machine class. 223.It Li HW_MODEL 224The machine model 225.It Li HW_NCPU 226The number of cpus. 227.ne 1i 228.It Li HW_BYTEORDER 229The byteorder (4,321, or 1,234). 230.It Li HW_PHYSMEM 231The bytes of physical memory. 232.It Li HW_USERMEM 233The bytes of non-kernel memory. 234.It Li HW_PAGESIZE 235The software page size. 236.\".It Fa HW_DISKNAMES 237.\".It Fa HW_DISKSTATS 238.It Li HW_MACHINE_ARCH 239The machine cpu class. 240.It Li HW_ALIGNBYTES 241Alignment constraint for all possible data types. 242This shows the value 243.Dv ALIGNBYTES 244in 245.Pa /usr/include/machine/param.h , 246at the kernel compilation time. 247.El 248.Sh CTL_KERN 249The string and integer information available for the CTL_KERN level 250is detailed below. 251The changeable column shows whether a process with appropriate 252privilege may change the value. 253The types of data currently available are process information, 254system vnodes, the open file entries, routing table entries, 255virtual memory statistics, load average history, and clock rate 256information. 257.Bl -column "KERNXCHOWNXRESTRICTEDXXX" "struct clockrateXXX" -offset indent 258.It Sy Pa Second level name Type Changeable 259.It KERN\_ARGMAX integer no 260.It KERN\_AUTONICETIME integer yes 261.It KERN\_AUTONICEVAL integer yes 262.It KERN\_BOOTTIME struct timeval no 263.It KERN\_CHOWN\_RESTRICTED integer no 264.It KERN\_CLOCKRATE struct clockinfo no 265.It KERN\_DEFCORENAME string yes 266.It KERN\_DOMAINNAME string yes 267.It KERN\_FILE struct file no 268.It KERN\_FSYNC integer no 269.It KERN\_HOSTID integer yes 270.It KERN\_HOSTNAME string yes 271.It KERN\_IOV\_MAX integer no 272.It KERN\_JOB\_CONTROL integer no 273.It KERN\_LINK\_MAX integer no 274.It KERN\_LOGIN\_NAME\_MAX integer no 275.It KERN\_LOGSIGEXIT integer yes 276.It KERN\_MAPPED\_FILES integer no 277.It KERN\_MAXFILES integer yes 278.It KERN\_MAXPARTITIONS integer no 279.It KERN\_MAXPROC integer yes 280.It KERN\_MAXVNODES integer yes 281.It KERN\_MAX\_CANON integer no 282.It KERN\_MAX\_INPUT integer no 283.It KERN\_MEMLOCK integer no 284.It KERN\_MEMLOCK\_RANGE integer no 285.It KERN\_MEMORY\_PROTECTION integer no 286.It KERN\_MSGBUFSIZE integer no 287.It KERN\_NAME\_MAX integer no 288.It KERN\_NGROUPS integer no 289.It KERN\_NO\_TRUNC integer no 290.It KERN\_OSRELEASE string no 291.It KERN\_OSREV integer no 292.It KERN\_OSTYPE string no 293.It KERN\_PATH\_MAX integer no 294.It KERN\_PIPE\_BUF integer no 295.It KERN\_POSIX1 integer no 296.It KERN\_PROC struct proc no 297.It KERN\_PROF node not applicable 298.It KERN\_RAWPARTITION integer no 299.It KERN\_SAVED\_IDS integer no 300.It KERN\_SECURELVL integer raise only 301.It KERN\_SYNCHRONIZED\_IO integer no 302.It KERN\_SYSVMSG integer no 303.It KERN\_SYSVSEM integer no 304.It KERN\_SYSVSHM integer no 305.It KERN\_VDISABLE integer no 306.It KERN\_VERSION string no 307.It KERN\_VNODE struct vnode no 308.El 309.ne 1i 310.Pp 311.Bl -tag -width "123456" 312.It Li KERN_ARGMAX 313The maximum bytes of argument to 314.Xr execve 2 . 315.It Li KERN_AUTONICETIME 316The number of seconds of cpu-time a non-root process may accumulate before 317having its priority lowered from the default to the value of KERN_AUTONICEVAL. 318If set to 0, automatic lowering of priority is not performed, and if set to -1 319all non-root processes are immediately lowered. 320.It Li KERN_AUTONICEVAL 321The priority assigned for automatically niced processes. 322.It Li KERN_BOOTTIME 323A 324.Va struct timeval 325structure is returned. 326This structure contains the time that the system was booted. 327.It Li KERN_CHOWN_RESTRICTED 328Return 1 if appropriate privileges are required for the 329.Xr chown 2 330system call, otherwise 0. 331.It Li KERN_CLOCKRATE 332A 333.Va struct clockinfo 334structure is returned. 335This structure contains the clock, statistics clock and profiling clock 336frequencies, the number of micro-seconds per hz tick, and the clock 337skew rate. 338.It Li KERN_DEFCORENAME 339Default template for the name of core dump files (see also PROC_PID_CORENAME 340in the per-process variables CTL_PROC, and 341.Xr core 5 342for format of this template). The default value is 343.Nm %n.core 344and can be changed with the kernel configuration option 345.Cd options DEFCORENAME 346(see 347.Xr options 4 348). 349.It Li KERN_DOMAINNAME 350Get or set the YP domain name. 351.It Li KERN_FILE 352Return the entire file table. 353The returned data consists of a single 354.Va struct filehead 355followed by an array of 356.Va struct file , 357whose size depends on the current number of such objects in the system. 358.It Li KERN_FSYNC 359Return 1 if the POSIX 1003.1b File Synchronization Option is available 360on this system, 361otherwise 0. 362.It Li KERN_HOSTID 363Get or set the host id. 364.It Li KERN_HOSTNAME 365Get or set the hostname. 366.It Li KERN_IOV_MAX 367Return the maximum number of 368.Va iovec 369structures that a process has available for use with 370.Xr preadv 2 , 371.Xr pwritev 2 , 372.Xr readv 2 , 373.Xr recvmsg 2 , 374.Xr sendmsg 2 375and 376.Xr writev 2 . 377.It Li KERN_JOB_CONTROL 378Return 1 if job control is available on this system, otherwise 0. 379.It Li KERN_LINK_MAX 380The maximum file link count. 381.It Li KERN_LOGIN_NAME_MAX 382The size of the storage required for a login name, in bytes, 383including the terminating NUL. 384.It Li KERN_LOGSIGEXIT 385If this flag is non-zero, the kernel will 386.Xr log 9 387all process exits due to signals which create a 388.Xr core 5 389file, and whether the coredump was created. 390.It Li KERN_MAPPED_FILES 391Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available 392on this system, 393otherwise 0. 394.It Li KERN_MAXFILES 395The maximum number of open files that may be open in the system. 396.It Li KERN_MAXPARTITIONS 397The maximum number of partitions allowed per disk. 398.It Li KERN_MAXPROC 399The maximum number of simultaneous processes the system will allow. 400.It Li KERN_MAXVNODES 401The maximum number of vnodes available on the system. 402.It Li KERN_MAX_CANON 403The maximum number of bytes in terminal canonical input line. 404.It Li KERN_MAX_INPUT 405The minimum maximum number of bytes for which space is available in 406a terminal input queue. 407.It Li KERN_MEMLOCK 408Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available 409on this system, 410otherwise 0. 411.It Li KERN_MEMLOCK_RANGE 412Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available 413on this system, 414otherwise 0. 415.It Li KERN_MEMORY_PROTECTION 416Returns 1 if the POSIX 1003.1b Memory Protection Option is available 417on this system, 418otherwise 0. 419.It Li KERN_MSGBUFSIZE 420The maximum number of characters that the kernel message buffer can hold. 421.It Li KERN_NAME_MAX 422The maximum number of bytes in a file name. 423.It Li KERN_NGROUPS 424The maximum number of supplemental groups. 425.It Li KERN_NO_TRUNC 426Return 1 if file names longer than KERN_NAME_MAX are truncated. 427.It Li KERN_OSRELEASE 428The system release string. 429.It Li KERN_OSREV 430The system revision string. 431.It Li KERN_OSTYPE 432The system type string. 433.It Li KERN_PATH_MAX 434The maximum number of bytes in a pathname. 435.It Li KERN_PIPE_BUF 436The maximum number of bytes which will be written atomically to a pipe. 437.It Li KERN_POSIX1 438The version of ISO/IEC 9945 (POSIX 1003.1) with which the system 439attempts to comply. 440.It Li KERN_PROC 441Return the entire process table, or a subset of it. 442An array of 443.Va struct kinfo_proc 444structures is returned, 445whose size depends on the current number of such objects in the system. 446The third and fourth level names are as follows: 447.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent 448.It Pa Third level name Fourth level is: 449.It KERN\_PROC\_ALL None 450.It KERN\_PROC\_PID A process ID 451.It KERN\_PROC\_PGRP A process group 452.It KERN\_PROC\_TTY A tty device 453.It KERN\_PROC\_UID A user ID 454.It KERN\_PROC\_RUID A real user ID 455.El 456.It Li KERN_PROF 457Return profiling information about the kernel. 458If the kernel is not compiled for profiling, 459attempts to retrieve any of the KERN_PROF values will 460fail with EOPNOTSUPP. 461The third level names for the string and integer profiling information 462is detailed below. 463The changeable column shows whether a process with appropriate 464privilege may change the value. 465.Bl -column "GPROFXGMONPARAMXXX" "struct gmonparamXXX" -offset indent 466.It Sy Pa Third level name Type Changeable 467.It GPROF\_STATE integer yes 468.It GPROF\_COUNT u_short[\|] yes 469.It GPROF\_FROMS u_short[\|] yes 470.It GPROF\_TOS struct tostruct yes 471.It GPROF\_GMONPARAM struct gmonparam no 472.El 473.Pp 474The variables are as follows: 475.Bl -tag -width "123456" 476.It Li GPROF_STATE 477Returns GMON_PROF_ON or GMON_PROF_OFF to show that profiling 478is running or stopped. 479.It Li GPROF_COUNT 480Array of statistical program counter counts. 481.It Li GPROF_FROMS 482Array indexed by program counter of call-from points. 483.It Li GPROF_TOS 484Array of 485.Va struct tostruct 486describing destination of calls and their counts. 487.It Li GPROF_GMONPARAM 488Structure giving the sizes of the above arrays. 489.El 490.It Li KERN_RAWPARTITION 491The raw partition of a disk (a == 0). 492.It Li KERN_SAVED_IDS 493Returns 1 if saved set-group and saved set-user ID is available. 494.It Li KERN_SECURELVL 495The system security level. 496This level may be raised by processes with appropriate privilege. 497It may only be lowered by process 1. 498.It Li KERN_SYNCHRONIZED_IO 499Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available 500on this system, 501otherwise 0. 502.It Li KERN_SYSVMSG 503Returns 1 if System V style message queue functionality is available 504on this system, 505otherwise 0. 506.It Li KERN_SYSVSEM 507Returns 1 if System V style semaphore functionality is available 508on this system, 509otherwise 0. 510.It Li KERN_SYSVSHM 511Returns 1 if System V style share memory functionality is available 512on this system, 513otherwise 0. 514.It Li KERN_VDISABLE 515Returns the terminal character disabling value. 516.It Li KERN_VERSION 517The system version string. 518.It Li KERN_VNODE 519Return the entire vnode table. 520Note, the vnode table is not necessarily a consistent snapshot of 521the system. 522The returned data consists of an array whose size depends on the 523current number of such objects in the system. 524Each element of the array contains the kernel address of a vnode 525.Va struct vnode * 526followed by the vnode itself 527.Va struct vnode . 528.El 529.Sh CTL_MACHDEP 530The set of variables defined is architecture dependent. 531Most architectures define at least the following variables. 532.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent 533.It Sy Pa Second level name Type Changeable 534.It Li CPU_CONSDEV dev_t no 535.El 536.Sh CTL_NET 537The string and integer information available for the CTL_NET level 538is detailed below. 539The changeable column shows whether a process with appropriate 540privilege may change the value. 541.Bl -column "Second level nameXXXXXX" "routing messagesXXX" -offset indent 542.It Sy Pa Second level name Type Changeable 543.It PF\_ROUTE routing messages no 544.It PF\_INET IPv4 values yes 545.It PF\_INET6 IPv6 values yes 546.El 547.Pp 548.Bl -tag -width "123456" 549.It Li PF_ROUTE 550Return the entire routing table or a subset of it. 551The data is returned as a sequence of routing messages (see 552.Xr route 4 553for the header file, format and meaning). 554The length of each message is contained in the message header. 555.Pp 556The third level name is a protocol number, which is currently always 0. 557The fourth level name is an address family, which may be set to 0 to 558select all address families. 559The fifth and sixth level names are as follows: 560.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent 561.It Pa Fifth level name Sixth level is: 562.It NET\_RT\_FLAGS rtflags 563.It NET\_RT\_DUMP None 564.It NET\_RT\_IFLIST None 565.El 566.It Li PF_INET 567Get or set various global information about the IPv4 568.Pq Internet Protocol version 4 . 569The third level name is the protocol. 570The fourth level name is the variable name. 571The currently defined protocols and names are: 572.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 573.It Pa Protocol name Variable name Type Changeable 574.It ip forwarding integer yes 575.It ip redirect integer yes 576.It ip ttl integer yes 577.It ip forwsrcrt integer yes 578.It ip directed-broadcast integer yes 579.It ip allowsrcrt integer yes 580.It ip subnetsarelocal integer yes 581.It ip mtudisc integer yes 582.It ip anonportmin integer yes 583.It ip anonportmax integer yes 584.It ip mtudisctimeout integer yes 585.It ip gifttl integer yes 586.It icmp errratelimit integer yes 587.It icmp maskrepl integer yes 588.It tcp rfc1323 integer yes 589.It tcp sendspace integer yes 590.It tcp recvspace integer yes 591.It tcp mssdflt integer yes 592.It tcp syn_cache_limit integer yes 593.It tcp syn_bucket_limit integer yes 594.It tcp syn_cache_interval integer yes 595.It tcp init_win integer yes 596.It tcp mss_ifmtu integer yes 597.It tcp sack integer yes 598.It tcp win_scale integer yes 599.It tcp timestamps integer yes 600.It tcp compat_42 integer yes 601.It tcp cwm integer yes 602.It tcp cwm_burstsize integer yes 603.It tcp ack_on_push integer yes 604.It tcp keepidle integer yes 605.It tcp keepintvl integer yes 606.It tcp keepcnt integer yes 607.It tcp slowhz integer no 608.It tcp newreno integer yes 609.It tcp log_refused integer yes 610.It tcp rstratelimit integer yes 611.It udp checksum integer yes 612.It udp sendspace integer yes 613.It udp recvspace integer yes 614.El 615.Pp 616The variables are as follows: 617.Bl -tag -width "123456" 618.It Li ip.forwarding 619Returns 1 when IP forwarding is enabled for the host, 620meaning that the host is acting as a router. 621.It Li ip.redirect 622Returns 1 when ICMP redirects may be sent by the host. 623This option is ignored unless the host is routing IP packets, 624and should normally be enabled on all systems. 625.It Li ip.ttl 626The maximum time-to-live (hop count) value for an IP packet sourced by 627the system. 628This value applies to normal transport protocols, not to ICMP. 629.It Li ip.forwsrcrt 630Returns 1 when forwarding of source-routed packets is enabled for 631the host. This value may only be changed if the kernel security 632level is less than 1. 633.It Li ip.directed-broadcast 634Returns 1 if directed broadcast behavior is enabled for the host. 635.It Li ip.allowsrcrt 636Returns 1 if the host accepts source routed packets. 637.It Li ip.subnetsarelocal 638Returns 1 if subnets are to be considered local addresses. 639.It Li ip.mtudisc 640Returns 1 if Path MTU Discovery is enabled. 641.It Li ip.anonportmin 642The lowest port number to use for TCP and UDP ephemeral port allocation. 643This cannot be set to less that 1024 or greater than 65535. 644.It Li ip.anonportmax 645The highest port number to use for TCP and UDP ephemeral port allocation. 646This cannot be set to less that 1024 or greater than 65535, and must 647be greater than 648.Li ip.anonportmin . 649.It Li ip.mtudisctimeout 650Returns the number of seconds in which a route added by the Path MTU 651Discovery engine will time out. When the route times out, the Path 652MTU Discovery engine will attempt to probe a larger path MTU. 653.It Li ip.gifttl 654The maximum time-to-live (hop count) value for an IPv4 packet generated by 655.Xr gif 4 656tunnel interface. 657.It Li icmp.errratelimit 658This variable specifies the minimum interval between ICMP error messages, 659in microseconds. 660.It Li icmp.maskrepl 661Returns 1 if ICMP network mask requests are to be answered. 662.It Li tcp.rfc1323 663Returns 1 if RFC1323 extensions to TCP are enabled. 664.It Li tcp.sendspace 665Returns the default TCP send buffer size. 666.It Li tcp.recvspace 667Returns the default TCP receive buffer size. 668.It Li tcp.mssdflt 669Returns the default maximum segment size both advertsized to the peer 670and to use when the peer does not advertize a maximum segment size to 671us during connection setup. Do not change this value unless you really 672know what you are doing. 673.It Li tcp.syn_cache_limit 674Returns the maximum number of entries allowed in the TCP compressed state 675engine. 676.It Li tcp.syn_bucket_limit 677Returns the maximum number of entries allowed per hash bucket in the TCP 678compressed state engine. 679.It Li tcp.syn_cache_interval 680Returns the TCP compressed state engine's timer interval. 681.It Li tcp.init_win 682Returns a value indicating the TCP initial congestion window. If this 683value is 0, an auto-tuning algorithm designed to use an initial window 684of approximately 4K bytes is in use. Otherwise, this value indicates 685a fixed number of packets. 686.It Li tcp.mss_ifmtu 687Returns 1 if TCP calculates the outgoing maximum segment size based on 688the MTU of the appropriate interface. Otherwise, it is calculated based on 689the greater of the MTU of the interface, and the largest (non-loopback) 690interface MTU on the system. 691.It Li tcp.sack 692Returns a value which determines the level of Selective Acknowledgement 693supported by TCP. If 2, we will transmit and receive SACK options. 694If 1, we will transmit SACK options, but ignore any SACK options received. 695If 0, SACK is disabled. 696.It Li tcp.win_scale 697If rfc1323 is enabled, a value of 1 indicates RFC1323 window scale options, 698for increasing the TCP window size, are enabled. 699.It Li tcp.timestamps 700If rfc1323 is enabled, a value of 1 indicates RFC1323 time stamp options, 701used for measuring TCP round trip times, are enabled. 702.It Li tcp.compat_42 703Returns 1 if work-arounds for bugs in the 4.2BSD TCP implementation are 704enabled. Use of this option is not recommended, although it may be 705required in order to communicate with extremely old TCP implementations. 706.It Li tcp.cwm 707Returns 1 if use of the Hughes/Touch/Heidemann Congestion Window Monitoring 708algorithm is enabled. This algorithm prevents line-rate bursts of packets 709that could otherwise occur when data begins flowing on an idle TCP 710connection. These line-rate bursts can contribute to network and router 711congestion. This can be particularly useful on World Wide Web servers 712which support HTTP/1.1, which has lingering connections. 713.It Li tcp.cwm_burstsize 714Returns the Congestion Window Monitoring allowed burst size, in terms 715of packet count. 716.It Li tcp.ack_on_push 717Returns 1 if TCP is to immediately transmit an ACK upon reception of 718a packet with PUSH set. This can avoid losing a round trip time in some 719rare situations, but has the caveat of potentially defeating TCP's delayed 720ACK algorithm. Use of this option is generally not recommended, but 721the variable exists in case your configuration really needs it. 722.It Li tcp.keepidle 723Time a connection must be idle before keepalives are sent (if keepalives 724are enabled for the connection). See also tcp.slowhz. 725.It Li tcp.keepintvl 726Time after a keepalive probe is sent until, in the absence of any response, 727another probe is sent. See also tcp.slowhz. 728.It Li tcp.keepcnt 729Number of keepalive probes sent before declaring a connection dead. If 730set to zero, there is no limit; keepalives will be sent until some kind of 731response is received from the peer. 732.It Li tcp.slowhz 733The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 734of a clock that ticks tcp.slowhz times per second. (That is, their values 735must be divided by the tcp.slowhz value to get times in seconds.) 736.It Li tcp.newreno 737Returns 1 if the use of J. Hoe's NewReno congestion control algorithm is 738enabled. This algorithm improves the start-up behavior of TCP connections. 739.It Li tcp.log_refused 740Returns 1 if refused TCP connections to the host will be logged. 741.It Li tcp.rstratelimit 742This variable specifies minimum interval, in microseconds, between RSTs 743sent in response to an incoming TCP packet with no corresponding listen 744or connected socket. 745.It Li udp.checksum 746Returns 1 when UDP checksums are being computed and checked. 747Disabling UDP checksums is strongly discouraged. 748.It Li udp.sendspace 749Returns the default UDP send buffer size. 750.It Li udp.recvspace 751Returns the default UDP receive buffer size. 752.El 753.Pp 754For variables net.*.ipsec, please refer to 755.Xr ipsec 4 . 756.It Li PF_INET6 757Get or set various global information about the IPv6 758.Pq Internet Protocol version 6 . 759The third level name is the protocol. 760The fourth level name is the variable name. 761The currently defined protocols and names are: 762.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 763.It Pa Protocol name Variable name Type Changeable 764.It ip6 forwarding integer yes 765.It ip6 redirect integer yes 766.It ip6 hlim integer yes 767.It ip6 maxfragpackets integer yes 768.It ip6 accept_rtadv integer yes 769.It ip6 keepfaith integer yes 770.It ip6 log_interval integer yes 771.It ip6 hdrnestlimit integer yes 772.It ip6 dad_count integer yes 773.It ip6 auto_flowlabel integer yes 774.It ip6 defmcasthlim integer yes 775.It ip6 gif_hlim integer yes 776.It ip6 kame_version string no 777.It ip6 use_deprecated integer yes 778.It ip6 rr_prune integer yes 779.It ip6 bindv6only integer yes 780.It icmp6 rediraccept integer yes 781.It icmp6 redirtimeout integer yes 782.It icmp6 errratelimit integer yes 783.It icmp6 nd6_prune integer yes 784.It icmp6 nd6_delay integer yes 785.It icmp6 nd6_umaxtries integer yes 786.It icmp6 nd6_mmaxtries integer yes 787.It icmp6 nd6_useloopback integer yes 788.It icmp6 nodeinfo integer yes 789.It udp6 sendspace integer yes 790.It udp6 recvspace integer yes 791.El 792.Pp 793The variables are as follows: 794.Bl -tag -width "123456" 795.It Li ip6.forwarding 796Returns 1 when IPv6 forwarding is enabled for the node, 797meaning that the node is acting as a router. 798Returns 0 when IPv6 forwarding is disabled for the node, 799meaning that the node is acting as a host. 800IPv6 specification defines node behavior for 801.Dq router 802case and 803.Dq host 804case quite differently, and changing this variable during operation 805may cause serious trouble. 806It is recommended to configure the variable at bootstrap time, 807and bootstrap time only. 808.It Li ip6.redirect 809Returns 1 when ICMPv6 redirects may be sent by the node. 810This option is ignored unless the node is routing IP packets, 811and should normally be enabled on all systems. 812.It Li ip6.hlim 813The default hop limit value for an IPv6 unicast packet sourced by the node. 814This value applies to all the transport protocols on top of IPv6. 815There are APIs to override the value, as documented in 816.Xr ip6 4 . 817.It Li ip6.maxfragpackets 818The maximum number of fragmented packets the node will accept. 8190 means that the node will not accept any fragmented packets. 820-1 means that the node will accept as many fragmented packets as it receives. 821The flag is provided basically for avoiding possible DoS attacks. 822.It Li ip6.accept_rtadv 823If set to non-zero, the node will accept ICMPv6 router advertisement packets 824and autoconfigures address prefixes and default routers. 825The node must be a host 826.Pq not a router 827for the option to be meaningful. 828.It Li ip6.keepfaith 829If set to non-zero, it enables 830.Dq FAITH 831TCP relay IPv6-to-IPv4 translator code in the kernel. 832Refer 833.Xr faith 4 834and 835.Xr faithd 8 836for detail. 837.It Li ip6.log_interval 838The variable controls amount of logs generated by IPv6 packet 839forwarding engine, by seting interval between log output 840.Pq in seconds . 841.It Li ip6.hdrnestlimit 842The number of IPv6 extension headers permitted on incoming IPv6 packets. 843If set to 0, the node will accept as many extension headers as possible. 844.It Li ip6.dad_count 845The variable cofigures number of IPv6 DAD 846.Pq duplicated address detection 847probe packets. 848The packets will be generated when IPv6 interface addresses are configured. 849.It Li ip6.auto_flowlabel 850On connected transport protocol packets, 851fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 852.It Li ip6.defmcasthlim 853The default hop limit value for an IPv6 multicast packet sourced by the node. 854This value applies to all the transport protocols on top of IPv6. 855There are APIs to override the value, as documented in 856.Xr ip6 4 . 857.It Li ip6.gif_hlim 858The maximum hop limit value for an IPv6 packet generated by 859.Xr gif 4 860tunnel interface. 861.It Li ip6.kame_version 862The string identifies the version of KAME IPv6 stack implemented in the kernel. 863.It Li ip6.use_deprecated 864The variable controls use of deprecated address, specified in RFC2462 5.5.4. 865.It Li ip6.rr_prune 866The variable specifies interval between IPv6 router renumbering prefix 867babysitting, in seconds. 868.It Li ip6.bindv6only 869The variable specifies initial value for 870.Dv IPV6_BINDV6ONLY 871socket option for 872.Dv AF_INET6 873socket. 874Please refer to 875.Xr ip6 4 876for detail. 877.It Li icmp6.rediraccept 878If set to non-zero, the host will accept ICMPv6 redirect packets. 879Note that IPv6 routers will never accept ICMPv6 redirect packets, 880and the variable is meaningful on IPv6 hosts 881.Pq non-router 882only. 883.It Li icmp6.redirtimeout 884The variable specifies lifetime of routing entries generated by incoming 885ICMPv6 redirect. 886.It Li icmp6.errratelimit 887The variable specifies minimum interval between ICMPv6 error messages, 888in microseconds. 889.It Li icmp6.nd6_prune 890The variable specifies interval between IPv6 neighbor cache babysitting, 891in seconds. 892.It Li icmp6.nd6_delay 893The variable specifies 894.Dv DELAY_FIRST_PROBE_TIME 895timing constant in IPv6 neighbor discovery specification 896.Pq RFC2461 , 897in seconds. 898.It Li icmp6.nd6_umaxtries 899The variable specifies 900.Dv MAX_UNICAST_SOLICIT 901constant in IPv6 neighbor discovery specification 902.Pq RFC2461 . 903.It Li icmp6.nd6_mmaxtries 904The variable specifies 905.Dv MAX_MULTICAST_SOLICIT 906constant in IPv6 neighbor discovery specification 907.Pq RFC2461 . 908.It Li icmp6.nd6_useloopback 909If set to non-zero, kernel IPv6 stack will use loopback interface for 910local traffic. 911.It Li icmp6.nodeinfo 912The variable enables, or disables, kernel support for 913ICMPv6 node information query/reply. 914.El 915.Pp 916We reuse net.*.tcp for 917.Tn TCP 918over 919.Tn IPv6 , 920and therefore we do not have variables net.*.tcp6. 921Variables net.inet6.udp6 have identical meaning to net.inet.udp. 922Please refer to 923.Li PF_INET 924section above. 925For variables net.*.ipsec6, please refer to 926.Xr ipsec 4 . 927.El 928.Sh CTL_PROC 929The string and integer information available for the CTL_PROC 930is detailed below. 931The changeable column shows whether a process with appropriate 932privilege may change the value. 933These values are per-process, and as such may change from one process 934to another. When a process is created, the default values are inherited from 935its parent. When a set-user-ID or set-group-ID binary is executed, the 936value of PROC_PID_CORENAME is reset to the system default value. 937The second level name is either the magic value PROC_CURPROC, which 938points to the current process, or the PID of the target process. 939.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent 940.It Sy Pa Third level name Type Changeable 941.It PROC\_PID\_CORENAME string yes 942.It PROC\_PID\_LIMIT node not applicable 943.El 944.Bl -tag -width "123456" 945.Pp 946.It Li PROC_PID_CORENAME 947The template used for the core dump file name (see 948.Xr core 5 949for details). The base name must either be 950.Nm core 951or end with the suffix ``.core'' (the super-user may set arbitrary names). By 952default it points to KERN_DEFCORENAME. 953.It Li PROC_PID_LIMIT 954Return resources limits, as defined for the 955.Xr getrlimit 2 956and 957.Xr setrlimit 2 958system calls. 959The fourth level name is one of: 960.Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA 961.It Li PROC_PID_LIMIT_CPU 962The maximum amount of cpu time (in seconds) to be used by each process. 963.It Li PROC_PID_LIMIT_FSIZE 964The largest size (in bytes) file that may be created. 965.It Li PROC_PID_LIMIT_DATA 966The maximum size (in bytes) of the data segment for a process; 967this defines how far a program may extend its break with the 968.Xr sbrk 2 969system call. 970.It Li PROC_PID_LIMIT_STACK 971The maximum size (in bytes) of the stack segment for a process; 972this defines how far a program's stack segment may be extended. 973Stack extension is performed automatically by the system. 974.It Li PROC_PID_LIMIT_CORE 975The largest size (in bytes) 976.Pa core 977file that may be created. 978.It Li PROC_PID_LIMIT_RSS 979The maximum size (in bytes) to which a process's resident set size may 980grow. 981This imposes a limit on the amount of physical memory to be given to 982a process; if memory is tight, the system will prefer to take memory 983from processes that are exceeding their declared resident set size. 984.It Li PROC_PID_LIMIT_MEMLOCK 985The maximum size (in bytes) which a process may lock into memory 986using the 987.Xr mlock 2 988function. 989.It Li PROC_PID_LIMIT_NPROC 990The maximum number of simultaneous processes for this user id. 991.It Li PROC_PID_LIMIT_NOFILE 992The maximum number of open files for this process. 993.El 994.Pp 995The fifth level name is one of PROC_PID_LIMIT_TYPE_SOFT or 996PROC_PID_LIMIT_TYPE_HARD, to select respectively the soft or hard limit. 997Both are of type integer. 998.El 999.Pp 1000 1001.Sh CTL_USER 1002The string and integer information available for the CTL_USER level 1003is detailed below. 1004The changeable column shows whether a process with appropriate 1005privilege may change the value. 1006.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent 1007.It Sy Pa Second level name Type Changeable 1008.It USER\_BC\_BASE\_MAX integer no 1009.It USER\_BC\_DIM\_MAX integer no 1010.It USER\_BC\_SCALE\_MAX integer no 1011.It USER\_BC\_STRING\_MAX integer no 1012.It USER\_COLL\_WEIGHTS\_MAX integer no 1013.It USER\_CS\_PATH string no 1014.It USER\_EXPR\_NEST\_MAX integer no 1015.It USER\_LINE\_MAX integer no 1016.It USER\_POSIX2\_CHAR\_TERM integer no 1017.It USER\_POSIX2\_C\_BIND integer no 1018.It USER\_POSIX2\_C\_DEV integer no 1019.It USER\_POSIX2\_FORT\_DEV integer no 1020.It USER\_POSIX2\_FORT\_RUN integer no 1021.It USER\_POSIX2\_LOCALEDEF integer no 1022.It USER\_POSIX2\_SW\_DEV integer no 1023.It USER\_POSIX2\_UPE integer no 1024.It USER\_POSIX2\_VERSION integer no 1025.It USER\_RE\_DUP\_MAX integer no 1026.It USER\_STREAM\_MAX integer no 1027.It USER\_TZNAME\_MAX integer no 1028.El 1029.Bl -tag -width "123456" 1030.Pp 1031.It Li USER_BC_BASE_MAX 1032The maximum ibase/obase values in the 1033.Xr bc 1 1034utility. 1035.It Li USER_BC_DIM_MAX 1036The maximum array size in the 1037.Xr bc 1 1038utility. 1039.It Li USER_BC_SCALE_MAX 1040The maximum scale value in the 1041.Xr bc 1 1042utility. 1043.It Li USER_BC_STRING_MAX 1044The maximum string length in the 1045.Xr bc 1 1046utility. 1047.It Li USER_COLL_WEIGHTS_MAX 1048The maximum number of weights that can be assigned to any entry of 1049the LC_COLLATE order keyword in the locale definition file. 1050.It Li USER_CS_PATH 1051Return a value for the 1052.Ev PATH 1053environment variable that finds all the standard utilities. 1054.It Li USER_EXPR_NEST_MAX 1055The maximum number of expressions that can be nested within 1056parenthesis by the 1057.Xr expr 1 1058utility. 1059.It Li USER_LINE_MAX 1060The maximum length in bytes of a text-processing utility's input 1061line. 1062.It Li USER_POSIX2_CHAR_TERM 1063Return 1 if the system supports at least one terminal type capable of 1064all operations described in POSIX 1003.2, otherwise 0. 1065.It Li USER_POSIX2_C_BIND 1066Return 1 if the system's C-language development facilities support the 1067C-Language Bindings Option, otherwise 0. 1068.It Li USER_POSIX2_C_DEV 1069Return 1 if the system supports the C-Language Development Utilities Option, 1070otherwise 0. 1071.It Li USER_POSIX2_FORT_DEV 1072Return 1 if the system supports the FORTRAN Development Utilities Option, 1073otherwise 0. 1074.It Li USER_POSIX2_FORT_RUN 1075Return 1 if the system supports the FORTRAN Runtime Utilities Option, 1076otherwise 0. 1077.It Li USER_POSIX2_LOCALEDEF 1078Return 1 if the system supports the creation of locales, otherwise 0. 1079.It Li USER_POSIX2_SW_DEV 1080Return 1 if the system supports the Software Development Utilities Option, 1081otherwise 0. 1082.It Li USER_POSIX2_UPE 1083Return 1 if the system supports the User Portability Utilities Option, 1084otherwise 0. 1085.It Li USER_POSIX2_VERSION 1086The version of POSIX 1003.2 with which the system attempts to comply. 1087.It Li USER_RE_DUP_MAX 1088The maximum number of repeated occurrences of a regular expression 1089permitted when using interval notation. 1090.ne 1i 1091.It Li USER_STREAM_MAX 1092The minimum maximum number of streams that a process may have open 1093at any one time. 1094.It Li USER_TZNAME_MAX 1095The minimum maximum number of types supported for the name of a 1096timezone. 1097.El 1098.Sh CTL_VM 1099The string and integer information available for the CTL_VM level 1100is detailed below. 1101The changeable column shows whether a process with appropriate 1102privilege may change the value. 1103.Bl -column "Second level nameXXXXXX" "struct loadavgXXX" -offset indent 1104.It Sy Pa Second level name Type Changeable 1105.It VM\_LOADAVG struct loadavg no 1106.It VM\_METER struct vmtotal no 1107.El 1108.Pp 1109.Bl -tag -width "123456" 1110.It Li VM_LOADAVG 1111Return the load average history. 1112The returned data consists of a 1113.Va struct loadavg . 1114.It Li VM_METER 1115Return the system wide virtual memory statistics. 1116The returned data consists of a 1117.Va struct vmtotal . 1118.El 1119.Sh CTL_DDB 1120The integer information available for the CTL_DDB level is detailed below. 1121The changeable column shows whether a process with appropriate 1122privilege may change the value. 1123.Bl -column "DBCTL_TABSTOPSXXX" "integerXXX" -offset indent 1124.It Sy Pa Second level name Type Changeable 1125.It DBCTL\_RADIX integer yes 1126.It DBCTL\_MAXOFF integer yes 1127.It DBCTL\_LINES integer yes 1128.It DBCTL\_TABSTOPS integer yes 1129.It DBCTL\_ONPANIC integer yes 1130.It DBCTL\_FROMCONSOLE integer yes 1131.El 1132.Pp 1133.Bl -tag -width "123456" 1134.It Li DBCTL_RADIX 1135The input and output radix. 1136.It Li DBCTL_MAXOFF 1137The maximum symbol offset. 1138.It Li DBCTL_LINES 1139Number of display lines. 1140.It Li DBCTL_TABSTOPS 1141Tab width. 1142.It Li DBCTL_ONPANIC 1143If non-zero, DDB will be entered when the kernel panics. 1144.It Li DBCTL_FROMCONSOLE 1145If not zero, DDB may be entered by sending a break on a serial 1146console or by a special key sequence on a graphics console. 1147.El 1148.Pp 1149These MIB nodes are also available as variables from within the 1150DDB. See 1151.Xr ddb 4 1152for more details. 1153.Sh RETURN VALUES 1154If the call to 1155.Nm 1156is successful, the number of bytes copied out is returned. 1157Otherwise \-1 is returned and 1158.Va errno 1159is set appropriately. 1160.Sh ERRORS 1161The following errors may be reported: 1162.Bl -tag -width Er 1163.It Bq Er EFAULT 1164The buffer 1165.Fa name , 1166.Fa oldp , 1167.Fa newp , 1168or length pointer 1169.Fa oldlenp 1170contains an invalid address. 1171.It Bq Er EINVAL 1172The 1173.Fa name 1174array is less than two or greater than CTL_MAXNAME. 1175.It Bq Er EINVAL 1176A non-null 1177.Fa newp 1178is given and its specified length in 1179.Fa newlen 1180is too large or too small. 1181.It Bq Er ENOMEM 1182The length pointed to by 1183.Fa oldlenp 1184is too short to hold the requested value. 1185.It Bq Er ENOTDIR 1186The 1187.Fa name 1188array specifies an intermediate rather than terminal name. 1189.It Bq Er EOPNOTSUPP 1190The 1191.Fa name 1192array specifies a value that is unknown. 1193.It Bq Er EPERM 1194An attempt is made to set a read-only value. 1195.It Bq Er EPERM 1196A process without appropriate privilege attempts to set a value. 1197.It Bq Er EPERM 1198An attempt to change a value protected by the current kernel security 1199level is made. 1200.El 1201.Sh FILES 1202.Bl -tag -width <netinet6/udp6Xvar.h> -compact 1203.It Pa <sys/sysctl.h> 1204definitions for top level identifiers, second level kernel and hardware 1205identifiers, and user level identifiers 1206.It Pa <sys/socket.h> 1207definitions for second level network identifiers 1208.It Pa <sys/gmon.h> 1209definitions for third level profiling identifiers 1210.It Pa <vm/vm_param.h> 1211definitions for second level virtual memory identifiers 1212.It Pa <netinet/in.h> 1213definitions for third level IPv4/v6 identifiers and 1214fourth level IPv4/v6 identifiers 1215.It Pa <netinet/icmp_var.h> 1216definitions for fourth level ICMP identifiers 1217.It Pa <netinet/icmp6.h> 1218definitions for fourth level ICMPv6 identifiers 1219.It Pa <netinet/tcp_var.h> 1220definitions for fourth level TCP identifiers 1221.It Pa <netinet/udp_var.h> 1222definitions for fourth level UDP identifiers 1223.It Pa <netinet6/udp6_var.h> 1224definitions for fourth level IPv6 UDP identifiers 1225.It Pa <netinet6/ipsec.h> 1226definitions for fourth level IPsec identifiers 1227.El 1228.Sh SEE ALSO 1229.Xr sysctl 8 , 1230.Xr ipsec 4 1231.Sh HISTORY 1232The 1233.Nm 1234function first appeared in 1235.Bx 4.4 . 1236