1.\" $NetBSD: sysctl.3,v 1.135 2004/03/25 20:02:04 wiz Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd March 25, 2004 33.Dt SYSCTL 3 34.Os 35.Sh NAME 36.Nm sysctl , 37.Nm sysctlbyname , 38.Nm sysctlgetmibinfo , 39.Nm sysctlnametomib 40.Nd get or set system information 41.Sh LIBRARY 42.Lb libc 43.Sh SYNOPSIS 44.In sys/param.h 45.In sys/sysctl.h 46.Ft int 47.Fn sysctl "int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" \ 48"void *newp" "size_t newlen" 49.Ft int 50.Fn sysctlbyname "const char *sname" "void *oldp" "size_t *oldlenp" \ 51"void *newp" "size_t newlen" 52.Ft int 53.Fn sysctlgetmibinfo "const char *sname" "int *name" "u_int *namelenp" \ 54"char *cname" "size_t *csz" "struct sysctlnode **rnode" "int v" 55.Ft int 56.Fn sysctlnametomib "const char *sname" "int *name" "size_t *namelenp" 57.Sh DESCRIPTION 58The 59.Nm 60function retrieves system information and allows processes with 61appropriate privileges to set system information. 62The information available from 63.Nm 64consists of integers, strings, and tables. 65Information may be retrieved and set from the command interface 66using the 67.Xr sysctl 8 68utility. 69.Pp 70Unless explicitly noted below, 71.Nm 72returns a consistent snapshot of the data requested. 73Consistency is obtained by locking the destination 74buffer into memory so that the data may be copied out without blocking. 75Calls to 76.Nm 77are serialized to avoid deadlock. 78.Pp 79The state is described using a ``Management Information Base'' (MIB) 80style name, listed in 81.Fa name , 82which is a 83.Fa namelen 84length array of integers. 85.Pp 86The 87.Fn sysctlbyname 88function accepts a string representation of a MIB entry and internally 89maps it to the appropriate numeric MIB representation. 90Its semantics are otherwise no different from 91.Fn sysctl . 92.Pp 93The information is copied into the buffer specified by 94.Fa oldp . 95The size of the buffer is given by the location specified by 96.Fa oldlenp 97before the call, 98and that location gives the amount of data copied after a successful call. 99If the amount of data available is greater 100than the size of the buffer supplied, 101the call supplies as much data as fits in the buffer provided 102and returns with the error code ENOMEM. 103If the old value is not desired, 104.Fa oldp 105and 106.Fa oldlenp 107should be set to 108.Dv NULL . 109.Pp 110The size of the available data can be determined by calling 111.Nm 112with a 113.Dv NULL 114parameter for 115.Fa oldp . 116The size of the available data will be returned in the location pointed to by 117.Fa oldlenp . 118For some operations, the amount of space may change often. 119For these operations, 120the system attempts to round up so that the returned size is 121large enough for a call to return the data shortly thereafter. 122.Pp 123To set a new value, 124.Fa newp 125is set to point to a buffer of length 126.Fa newlen 127from which the requested value is to be taken. 128If a new value is not to be set, 129.Fa newp 130should be set to 131.Dv NULL 132and 133.Fa newlen 134set to 0. 135.Pp 136The 137.Fn sysctlnametomib 138function can be used to map the string representation of a MIB entry 139to the numeric version. 140The 141.Fa name 142argument should point to an array of integers large enough to hold the 143MIB, and 144.Fa namelenp 145should indicate the number of integer slots available. 146Following a successful translation, the size_t indicated by 147.Fa namelenp 148will be changed to show the number of slots consumed. 149.Pp 150The 151.Fn sysctlgetmibinfo 152function performs name translation similar to 153.Fn sysctlnametomib , 154but also canonicalizes the name (or returns the first erroneous token 155from the string being parsed) into the space indicated by 156.Fa cname 157and 158.Fa csz . 159.Fa csz 160should indicate the size of the buffer pointed to by 161.Fa cname 162and on return, will indicate the size of the returned string including 163the trailing 164.Sq nul 165character. 166.Pp 167The 168.Fa rnode 169and 170.Fa v 171arguments to 172.Fn sysctlgetmibinfo 173are used to provide a tree for it to parse into, and to get back 174either a pointer to, or a copy of, the terminal node. 175If 176.Fa rnode 177is 178.Dv NULL , 179.Fn sysctlgetmibinfo 180uses its own internal tree for parsing, and checks it against the 181kernel at each call, to make sure that the name-to-number mapping is 182kept up to date. 183The 184.Fa v 185argument is ignored in this case. 186If 187.Fa rnode 188is not 189.Dv NULL 190but the pointer it references is, on a successful return, 191.Fa rnode 192will be adjusted to point to a copy of the terminal node. 193The 194.Fa v 195argument indicates which version of the 196.Nm 197node structure the caller wants. 198The application must later 199.Fn free 200this copy. 201If neither 202.Fa rnode 203nor the pointer it references are 204.Dv NULL , 205the pointer is used as the address of a tree over which the parsing is 206done. 207In this last case, the tree is not checked against the kernel, no 208refreshing of the mappings is performed, and the value given by 209.Fa v 210must agree with the version indicated by the tree. 211It is recommended that applications always use 212.Dv SYSCTL_VERSION 213as the value for 214.Fa v , 215as defined in the include file 216.Pa sys/sysctl.h . 217.Pp 218The top level names are defined with a CTL_ prefix in 219.Aq Pa sys/sysctl.h , 220and are as follows. 221The next and subsequent levels down are found in the include files 222listed here, and described in separate sections below. 223.Pp 224.Bl -column CTLXMACHDEPXXX "Next level namesXXXXXX" -offset indent 225.It Sy Name Next level names Description 226.It CTL\_KERN sys/sysctl.h High kernel limits 227.It CTL\_VM uvm/uvm_param.h Virtual memory 228.It CTL\_VFS sys/mount.h Filesystem 229.It CTL\_NET sys/socket.h Networking 230.It CTL\_DEBUG sys/sysctl.h Debugging 231.It CTL\_HW sys/sysctl.h Generic CPU, I/O 232.It CTL\_MACHDEP sys/sysctl.h Machine dependent 233.It CTL\_USER sys/sysctl.h User-level 234.It CTL\_DDB sys/sysctl.h In-kernel debugger 235.It CTL\_PROC sys/sysctl.h Per-process 236.It CTL\_VENDOR ? Vendor specific 237.It CTL\_EMUL sys/sysctl.h Emulation settings 238.El 239.Pp 240For example, the following retrieves the maximum number of processes allowed 241in the system: 242.Bd -literal -offset indent -compact 243int mib[2], maxproc; 244size_t len; 245.sp 246mib[0] = CTL_KERN; 247mib[1] = KERN_MAXPROC; 248len = sizeof(maxproc); 249sysctl(mib, 2, \*[Am]maxproc, \*[Am]len, NULL, 0); 250.Ed 251.sp 252To retrieve the standard search path for the system utilities: 253.Bd -literal -offset indent -compact 254int mib[2]; 255size_t len; 256char *p; 257.sp 258mib[0] = CTL_USER; 259mib[1] = USER_CS_PATH; 260sysctl(mib, 2, NULL, \*[Am]len, NULL, 0); 261p = malloc(len); 262sysctl(mib, 2, p, \*[Am]len, NULL, 0); 263.Ed 264.Sh CTL_DEBUG 265The debugging variables vary from system to system. 266A debugging variable may be added or deleted without need to recompile 267.Nm 268to know about it. 269Each time it runs, 270.Nm 271gets the list of debugging variables from the kernel and 272displays their current values. 273The system defines twenty 274.Va ( struct ctldebug ) 275variables named 276.Dv debug0 277through 278.Dv debug19 . 279They are declared as separate variables so that they can be 280individually initialized at the location of their associated variable. 281The loader prevents multiple use of the same variable by issuing errors 282if a variable is initialized in more than one place. 283For example, to export the variable 284.Dv dospecialcheck 285as a debugging variable, the following declaration would be used: 286.Bd -literal -offset indent -compact 287int dospecialcheck = 1; 288struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; 289.Ed 290.Pp 291Note that the dynamic implementation of 292.Nm 293currently in use largely makes this particular 294.Nm 295interface obsolete. 296See 297.Xr sysctl 8 298.\" and 299.\" .Xr sysctl 9 300for more information. 301.Sh CTL_VFS 302A distinguished second level name, VFS_GENERIC, 303is used to get general information about all filesystems. 304One of its third level identifiers is VFS_MAXTYPENUM 305that gives the highest valid filesystem type number. 306Its other third level identifier is VFS_CONF that 307returns configuration information about the filesystem 308type given as a fourth level identifier. 309The remaining second level identifiers are the 310filesystem type number returned by a 311.Xr statfs 2 312call or from VFS_CONF. 313The third level identifiers available for each filesystem 314are given in the header file that defines the mount 315argument structure for that filesystem. 316.Sh CTL_HW 317The string and integer information available for the CTL_HW level 318is detailed below. 319The changeable column shows whether a process with appropriate 320privilege may change the value. 321.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent 322.It Sy Second level name Type Changeable 323.It HW\_MACHINE string no 324.It HW\_MODEL string no 325.It HW\_NCPU integer no 326.It HW\_BYTEORDER integer no 327.It HW\_PHYSMEM integer no 328.It HW\_PHYSMEM64 quad no 329.It HW\_USERMEM integer no 330.It HW\_USERMEM64 quad no 331.It HW\_PAGESIZE integer no 332.\".It HW\_DISKNAMES struct no 333.\".It HW\_DISKSTATS struct no 334.It HW\_MACHINE\_ARCH string no 335.It HW\_ALIGNBYTES integer no 336.It HW\_DISKNAMES string no 337.It HW\_DISKSTATS struct disk_sysctl no 338.It HW\_CNMAGIC string yes 339.El 340.Pp 341.Bl -tag -width "123456" 342.It Li HW_MACHINE 343The machine class. 344.It Li HW_MODEL 345The machine model. 346.It Li HW_NCPU 347The number of CPUs. 348.ne 1i 349.It Li HW_BYTEORDER 350The byteorder (4,321, or 1,234). 351.It Li HW_PHYSMEM 352The bytes of physical memory as a 32-bit integer. 353.It Li HW_PHYSMEM64 354The bytes of physical memory as a 64-bit integer. 355.It Li HW_USERMEM 356The bytes of non-kernel memory as a 32-bit integer. 357.It Li HW_USERMEM64 358The bytes of non-kernel memory as a 64-bit integer. 359.It Li HW_PAGESIZE 360The software page size. 361.It Li HW_MACHINE_ARCH 362The machine CPU class. 363.It Li HW_ALIGNBYTES 364Alignment constraint for all possible data types. 365This shows the value 366.Dv ALIGNBYTES 367in 368.Pa /usr/include/machine/param.h , 369at the kernel compilation time. 370.It Li HW_DISKNAMES 371The list of (space separated) disk device names on the system. 372.It Li HW_DISKSTATS 373Return statistical information on the disk devices on the system. 374An array of 375.Va struct disk_sysctl 376structures is returned, 377whose size depends on the current number of such objects in the system. 378The third level name is the size of the 379.Va struct disk_sysctl . 380.It Li HW_CNMAGIC 381The console magic key sequence. 382.El 383.Sh CTL_KERN 384The string and integer information available for the CTL_KERN level 385is detailed below. 386The changeable column shows whether a process with appropriate 387privilege may change the value. 388The types of data currently available are process information, 389system vnodes, the open file entries, routing table entries, 390virtual memory statistics, load average history, and clock rate 391information. 392.Bl -column "KERNXPOSIXXREADERXWRITERXLOCKS" "struct clockrateXXX" -offset indent 393.It Sy Second level name Type Changeable 394.It KERN\_ARGMAX integer no 395.It KERN\_AUTONICETIME integer yes 396.It KERN\_AUTONICEVAL integer yes 397.It KERN\_BOOTTIME struct timeval no 398.It KERN\_CCPU integer no 399.It KERN\_CLOCKRATE struct clockinfo no 400.It KERN\_CP\_TIME long[\|] no 401.It KERN\_DEFCORENAME string yes 402.It KERN\_DOMAINNAME string yes 403.It KERN\_DRIVERS struct kinfo_drivers no 404.It KERN\_FILE struct file no 405.It KERN\_FORKFSLEEP integer yes 406.It KERN\_FSCALE integer no 407.It KERN\_FSYNC integer no 408.It KERN\_HOSTID integer yes 409.It KERN\_HOSTNAME string yes 410.It KERN\_IOV\_MAX integer no 411.It KERN\_JOB\_CONTROL integer no 412.It KERN\_LABELOFFSET integer no 413.It KERN\_LABELSECTOR integer no 414.It KERN\_LOGIN\_NAME\_MAX integer no 415.It KERN\_LOGSIGEXIT integer yes 416.It KERN\_MAPPED\_FILES integer no 417.It KERN\_MAXFILES integer yes 418.It KERN\_MAXPARTITIONS integer no 419.It KERN\_MAXPROC integer yes 420.It KERN\_MAXPTYS integer yes 421.It KERN\_MAXVNODES integer yes 422.It KERN\_MBUF node not applicable 423.It KERN\_MEMLOCK integer no 424.It KERN\_MEMLOCK\_RANGE integer no 425.It KERN\_MEMORY\_PROTECTION integer no 426.It KERN\_MONOTONIC\_CLOCK integer no 427.It KERN\_MSGBUF char[\|] no 428.It KERN\_MSGBUFSIZE integer no 429.It KERN\_NGROUPS integer no 430.It KERN\_NTPTIME struct ntptimeval no 431.It KERN\_OSRELEASE string no 432.It KERN\_OSREV integer no 433.It KERN\_OSTYPE string no 434.It KERN\_POSIX1 integer no 435.It KERN\_POSIX\_BARRIERS integer no 436.It KERN\_POSIX\_READER\_WRITER\_LOCKS integer no 437.It KERN\_POSIX\_SEMAPHORES integer no 438.It KERN\_POSIX\_SPIN\_LOCKS integer no 439.It KERN\_POSIX\_THREADS integer no 440.It KERN\_POSIX\_TIMERS integer no 441.It KERN\_PROC struct kinfo_proc no 442.It KERN\_PROC2 struct kinfo_proc2 no 443.It KERN\_PROC\_ARGS string no 444.It KERN\_PROF node not applicable 445.It KERN\_RAWPARTITION integer no 446.It KERN\_ROOT\_DEVICE string no 447.It KERN\_ROOT\_PARTITION integer no 448.It KERN\_RTC\_OFFSET integer no 449.It KERN\_SAVED\_IDS integer no 450.It KERN\_SECURELVL integer raise only 451.It KERN\_SYNCHRONIZED\_IO integer no 452.It KERN\_SYSVIPC\_INFO node not applicable 453.It KERN\_SYSVMSG integer no 454.It KERN\_SYSVSEM integer no 455.It KERN\_SYSVSHM integer no 456.It KERN\_TKSTAT node not applicable 457.It KERN\_VERSION string no 458.It KERN\_VNODE struct vnode no 459.El 460.ne 1i 461.Pp 462.Bl -tag -width "123456" 463.It Li KERN_ARGMAX 464The maximum bytes of argument to 465.Xr execve 2 . 466.It Li KERN_AUTONICETIME 467The number of seconds of CPU-time a non-root process may accumulate before 468having its priority lowered from the default to the value of KERN_AUTONICEVAL. 469If set to 0, automatic lowering of priority is not performed, and if set to \-1 470all non-root processes are immediately lowered. 471.It Li KERN_AUTONICEVAL 472The priority assigned for automatically niced processes. 473.It Li KERN_BOOTTIME 474A 475.Va struct timeval 476structure is returned. 477This structure contains the time that the system was booted. 478.It Li KERN_CCPU 479The scheduler exponential decay value. 480.It Li KERN_CLOCKRATE 481A 482.Va struct clockinfo 483structure is returned. 484This structure contains the clock, statistics clock and profiling clock 485frequencies, the number of micro-seconds per hz tick, and the clock 486skew rate. 487.It Li KERN_CP_TIME 488Returns an array of CPUSTATES longs. 489This array contains the 490number of clock ticks spent in different CPU states. 491On multi-processor system, the sum across all CPUs is returned unless 492appropriate space is given for one data set for each CPU. 493.It Li KERN_DEFCORENAME 494Default template for the name of core dump files (see also PROC_PID_CORENAME 495in the per-process variables CTL_PROC, and 496.Xr core 5 497for format of this template). 498The default value is 499.Nm %n.core 500and can be changed with the kernel configuration option 501.Cd options DEFCORENAME 502(see 503.Xr options 4 504). 505.It Li KERN_DOMAINNAME 506Get or set the YP domain name. 507.It Li KERN_DRIVERS 508Return an array of 509.Va struct kinfo_drivers 510that contains the name and major device numbers of all the device drivers 511in the current kernel. 512The 513.Va d_name 514field is always a NUL terminated string. 515The 516.Va d_bmajor 517field will be set to \-1 if the driver doesn't have a block device. 518.It Li KERN_FILE 519Return the entire file table. 520The returned data consists of a single 521.Va struct filehead 522followed by an array of 523.Va struct file , 524whose size depends on the current number of such objects in the system. 525.It Li KERN_FSCALE 526The kernel fixed-point scale factor. 527.It Li KERN_FORKFSLEEP 528If 529.Xr fork 2 530system call fails due to limit on number of processes (either 531the global maxproc limit or user's one), wait for this many 532miliseconds before returning 533.Er EAGAIN 534error to process. 535Useful to keep heavily forking runaway processes in bay. 536Default zero (no sleep). 537Maximum is 20 seconds. 538.It Li KERN_FSYNC 539Return 1 if the POSIX 1003.1b File Synchronization Option is available 540on this system, 541otherwise 0. 542.It Li KERN_HOSTID 543Get or set the host id. 544.It Li KERN_HOSTNAME 545Get or set the hostname. 546.It Li KERN_IOV_MAX 547Return the maximum number of 548.Va iovec 549structures that a process has available for use with 550.Xr preadv 2 , 551.Xr pwritev 2 , 552.Xr readv 2 , 553.Xr recvmsg 2 , 554.Xr sendmsg 2 555and 556.Xr writev 2 . 557.It Li KERN_JOB_CONTROL 558Return 1 if job control is available on this system, otherwise 0. 559.It Li KERN_LABELOFFSET 560The offset within the sector specified by KERN_LABELSECTOR of the 561.Xr disklabel 5 . 562.It Li KERN_LABELSECTOR 563The sector number containing the 564.Xr disklabel 5 . 565.It Li KERN_LOGIN_NAME_MAX 566The size of the storage required for a login name, in bytes, 567including the terminating NUL. 568.It Li KERN_LOGSIGEXIT 569If this flag is non-zero, the kernel will 570.Xr log 9 571all process exits due to signals which create a 572.Xr core 5 573file, and whether the coredump was created. 574.It Li KERN_MAPPED_FILES 575Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available 576on this system, 577otherwise 0. 578.It Li KERN_MAXFILES 579The maximum number of open files that may be open in the system. 580.It Li KERN_MAXPARTITIONS 581The maximum number of partitions allowed per disk. 582.It Li KERN_MAXPROC 583The maximum number of simultaneous processes the system will allow. 584.It Li KERN_MAXPTYS 585The maximum number of pseudo terminals. 586This value can be both raised and lowered, though it cannot 587be set lower than number of currently used ptys. 588See also 589.Xr pty 4 . 590.It Li KERN_MAXVNODES 591The maximum number of vnodes available on the system. 592This can only be raised. 593.It Li KERN_MBUF 594Return information about the mbuf control variables. 595the third level names for the mbuf variables are detailed below. 596The changeable column shows whether a process with appropriate 597privilege may change the value. 598.Bl -column "MBUFXNMBCLUSTERSXXX" "struct integerXXX" -offset indent 599.It Sy Third level name Type Changeable 600.It MBUF\_MSIZE integer yes 601.It MBUF\_MCLBYTES integer yes 602.It MBUF\_NMBCLUSTERS integer yes 603.It MBUF\_MBLOWAT integer yes 604.It MBUF\_MCLLOWAT integer yes 605.El 606.Pp 607The variables are as follows: 608.Bl -tag -width "123456" 609.It Li MBUF_MSIZE 610The mbuf base size. 611.It Li MBUF_MCLBYTES 612The mbuf cluster size. 613.It Li MBUF_NMBCLUSTERS 614The limit on the number of mbuf clusters. 615The variable can only be increased, and only increased on machines with 616direct-mapped pool pages 617.It Li MBUF_MBLOWAT 618The mbuf low water mark. 619.It Li MBUF_MCLLOWAT 620The mbuf cluster low water mark. 621.El 622.It Li KERN_MEMLOCK 623Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available 624on this system, 625otherwise 0. 626.It Li KERN_MEMLOCK_RANGE 627Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available 628on this system, 629otherwise 0. 630.It Li KERN_MEMORY_PROTECTION 631Returns 1 if the POSIX 1003.1b Memory Protection Option is available 632on this system, 633otherwise 0. 634.It Li KERN_MONOTONIC_CLOCK 635Returns the standard version the implementation of the POSIX 1003.1b 636Monotonic Clock Option conforms to, 637otherwise 0. 638.It Li KERN_MSGBUF 639The kernel message buffer, rotated so that the head of the circular kernel 640message buffer is returned at the start of the buffer specified by 641.Fa oldp . 642The returned data may contain NUL bytes. 643.It Li KERN_MSGBUFSIZE 644The maximum number of characters that the kernel message buffer can hold. 645.It Li KERN_NGROUPS 646The maximum number of supplemental groups. 647.It Li KERN_NO_TRUNC 648Return 1 if file names longer than KERN_NAME_MAX are truncated. 649.It Li KERN_NTPTIME 650A 651.Va struct ntptimeval 652structure is returned. 653This structure contains data used by the 654.Xr ntpd 8 655program. 656.It Li KERN_OSRELEASE 657The system release string. 658.It Li KERN_OSREV 659The system revision string. 660.It Li KERN_OSTYPE 661The system type string. 662.It Li KERN_PATH_MAX 663The maximum number of bytes in a pathname. 664.It Li KERN_POSIX1 665The version of ISO/IEC 9945 (POSIX 1003.1) with which the system 666attempts to comply. 667.It Li KERN_POSIX_BARRIERS 668The version of 669.St -p1003.1 670and its 671Barriers 672option to which the system attempts to conform, 673otherwise 0. 674.It Li KERN_POSIX_READER_WRITER_LOCKS 675The version of 676.St -p1003.1 677and its 678Read-Write Locks 679option to which the system attempts to conform, 680otherwise 0. 681.It Li KERN_POSIX_SEMAPHORES 682The version of 683.St -p1003.1 684and its 685Semaphores 686option to which the system attempts to conform, 687otherwise 0. 688.It Li KERN_POSIX_SPIN_LOCKS 689The version of 690.St -p1003.1 691and its 692Spin Locks 693option to which the system attempts to conform, 694otherwise 0. 695.It Li KERN_POSIX_THREADS 696The version of 697.St -p1003.1 698and its 699Threads 700option to which the system attempts to conform, 701otherwise 0. 702.It Li KERN_POSIX_TIMERS 703The version of 704.St -p1003.1 705and its 706Timers 707option to which the system attempts to conform, 708otherwise 0. 709.It Li KERN_PROC 710Return the entire process table, or a subset of it. 711An array of 712.Va struct kinfo_proc 713structures is returned, 714whose size depends on the current number of such objects in the system. 715The third and fourth level names are as follows: 716.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent 717.It Sy Third level name Fourth level is: 718.It KERN\_PROC\_ALL None 719.It KERN\_PROC\_PID A process ID 720.It KERN\_PROC\_PGRP A process group 721.It KERN\_PROC\_SESSION A session ID 722.It KERN\_PROC\_TTY A tty device 723.It KERN\_PROC\_UID A user ID 724.It KERN\_PROC\_RUID A real user ID 725.It KERN\_PROC\_GID A group ID 726.It KERN\_PROC\_RGID A real group ID 727.El 728.It Li KERN_PROC2 729As for KERN_PROC, but an array of 730.Va struct kinfo_proc2 731structures are returned. 732The fifth level name is the size of the 733.Va struct kinfo_proc2 734and the sixth level name is the number of structures to return. 735.It Li KERN_PROC_ARGS 736Return the argv or environment strings (or the number thereof) 737of a process. 738Multiple strings are returned separated by NUL characters. 739The third level name is the process ID. 740The fourth level name is as follows: 741.Bl -column "Third level nameXXXXXX" -offset indent 742.It KERN\_PROC\_ARGV The argv strings 743.It KERN\_PROC\_NARGV The number of argv strings 744.It KERN\_PROC\_ENV The environ strings 745.It KERN\_PROC\_NENV The number of environ strings 746.El 747.It Li KERN_PROF 748Return profiling information about the kernel. 749If the kernel is not compiled for profiling, 750attempts to retrieve any of the KERN_PROF values will 751fail with EOPNOTSUPP. 752The third level names for the string and integer profiling information 753is detailed below. 754The changeable column shows whether a process with appropriate 755privilege may change the value. 756.Bl -column "GPROFXGMONPARAMXXX" "struct gmonparamXXX" -offset indent 757.It Sy Third level name Type Changeable 758.It GPROF\_STATE integer yes 759.It GPROF\_COUNT u_short[\|] yes 760.It GPROF\_FROMS u_short[\|] yes 761.It GPROF\_TOS struct tostruct yes 762.It GPROF\_GMONPARAM struct gmonparam no 763.El 764.Pp 765The variables are as follows: 766.Bl -tag -width "123456" 767.It Li GPROF_STATE 768Returns GMON_PROF_ON or GMON_PROF_OFF to show that profiling 769is running or stopped. 770.It Li GPROF_COUNT 771Array of statistical program counter counts. 772.It Li GPROF_FROMS 773Array indexed by program counter of call-from points. 774.It Li GPROF_TOS 775Array of 776.Va struct tostruct 777describing destination of calls and their counts. 778.It Li GPROF_GMONPARAM 779Structure giving the sizes of the above arrays. 780.El 781.It Li KERN_RAWPARTITION 782The raw partition of a disk (a == 0). 783.It Li KERN_ROOT_DEVICE 784The name of the root device (e.g., 785.Dq wd0 ) . 786.It Li KERN_ROOT_PARTITION 787The root partition on the root device (a == 0). 788.It Li KERN_RTC_OFFSET 789Return the offset of real time clock from UTC in minutes. 790.It Li KERN_SAVED_IDS 791Returns 1 if saved set-group and saved set-user ID is available. 792.It Li KERN_SECURELVL 793The system security level. 794This level may be raised by processes with appropriate privilege. 795It may only be lowered by process 1. 796.It Li KERN_SYNCHRONIZED_IO 797Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available 798on this system, 799otherwise 0. 800.It Li KERN_SYSVIPC_INFO 801Return System V style IPC configuration and run-time information. 802The third level name selects the System V style IPC facility. 803.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent 804.It Sy Third level name Type 805.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info 806.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info 807.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info 808.El 809.Pp 810.Bl -tag -width "123456" 811.It Li KERN_SYSVIPC_MSG_INFO 812Return information on the System V style message facility. 813The 814.Sy msg_sysctl_info 815structure is defined in 816.Aq Pa sys/msg.h . 817.It Li KERN_SYSVIPC_SEM_INFO 818Return information on the System V style semaphore facility. 819The 820.Sy sem_sysctl_info 821structure is defined in 822.Aq Pa sys/sem.h . 823.It Li KERN_SYSVIPC_SHM_INFO 824Return information on the System V style shared memory facility. 825The 826.Sy shm_sysctl_info 827structure is defined in 828.Aq Pa sys/shm.h . 829.El 830.It Li KERN_SYSVMSG 831Returns 1 if System V style message queue functionality is available 832on this system, 833otherwise 0. 834.It Li KERN_SYSVSEM 835Returns 1 if System V style semaphore functionality is available 836on this system, 837otherwise 0. 838.It Li KERN_SYSVSHM 839Returns 1 if System V style share memory functionality is available 840on this system, 841otherwise 0. 842.It Li KERN_TKSTAT 843Return information about the number of characters sent and received 844on ttys. 845The third level names for the tty statistic variables are detailed below. 846The changeable column shows whether a process 847with appropriate privilege may change the value. 848.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent 849.It Sy Third level name Type Changeable 850.It KERN\_TKSTAT\_NIN quad no 851.It KERN\_TKSTAT\_NOUT quad no 852.It KERN\_TKSTAT\_CANCC quad no 853.It KERN\_TKSTAT\_RAWCC quad no 854.El 855.Pp 856The variables are as follows: 857.Bl -tag -width "123456" 858.It Li KERN_TKSTAT_NIN 859The total number of input characters. 860.It Li KERN_TKSTAT_NOUT 861The total number of output characters. 862.It Li KERN_TKSTAT_CANCC 863The number of canonical input characters. 864.It Li KERN_TKSTAT_RAWCC 865The number of raw input characters. 866.El 867.It Li KERN_VERSION 868The system version string. 869.It Li KERN_VNODE 870Return the entire vnode table. 871Note, the vnode table is not necessarily a consistent snapshot of 872the system. 873The returned data consists of an array whose size depends on the 874current number of such objects in the system. 875Each element of the array contains the kernel address of a vnode 876.Va struct vnode * 877followed by the vnode itself 878.Va struct vnode . 879.El 880.Sh CTL_MACHDEP 881The set of variables defined is architecture dependent. 882Most architectures define at least the following variables. 883.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent 884.It Sy Second level name Type Changeable 885.It Li CPU_CONSDEV dev_t no 886.El 887.Sh CTL_NET 888The string and integer information available for the CTL_NET level 889is detailed below. 890The changeable column shows whether a process with appropriate 891privilege may change the value. 892.Bl -column "Second level nameXXXXXX" "routing messagesXXX" -offset indent 893.It Sy Second level name Type Changeable 894.It PF\_ROUTE routing messages no 895.It PF\_INET IPv4 values yes 896.It PF\_INET6 IPv6 values yes 897.It PF\_KEY IPsec key management values yes 898.El 899.Pp 900.Bl -tag -width "123456" 901.It Li PF_ROUTE 902Return the entire routing table or a subset of it. 903The data is returned as a sequence of routing messages (see 904.Xr route 4 905for the header file, format and meaning). 906The length of each message is contained in the message header. 907.Pp 908The third level name is a protocol number, which is currently always 0. 909The fourth level name is an address family, which may be set to 0 to 910select all address families. 911The fifth and sixth level names are as follows: 912.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent 913.It Sy Fifth level name Sixth level is: 914.It NET\_RT\_FLAGS rtflags 915.It NET\_RT\_DUMP None 916.It NET\_RT\_IFLIST None 917.El 918.It Li PF_INET 919Get or set various global information about the IPv4 920.Pq Internet Protocol version 4 . 921The third level name is the protocol. 922The fourth level name is the variable name. 923The currently defined protocols and names are: 924.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 925.It Sy Protocol name Variable name Type Changeable 926.It ip forwarding integer yes 927.It ip redirect integer yes 928.It ip ttl integer yes 929.It ip forwsrcrt integer yes 930.It ip directed-broadcast integer yes 931.It ip allowsrcrt integer yes 932.It ip subnetsarelocal integer yes 933.It ip mtudisc integer yes 934.It ip anonportmin integer yes 935.It ip anonportmax integer yes 936.It ip mtudisctimeout integer yes 937.It ip gifttl integer yes 938.It ip grettl integer yes 939.It ip lowportmin integer yes 940.It ip lowportmax integer yes 941.It ip maxfragpacket integer yes 942.It ip checkinterface integer yes 943.It icmp maskrepl integer yes 944.It icmp errppslimit integer yes 945.It icmp rediraccept integer yes 946.It icmp redirtimeout integer yes 947.It tcp rfc1323 integer yes 948.It tcp sendspace integer yes 949.It tcp recvspace integer yes 950.It tcp mssdflt integer yes 951.It tcp syn_cache_limit integer yes 952.It tcp syn_bucket_limit integer yes 953.It tcp syn_cache_interval integer yes 954.It tcp init_win integer yes 955.It tcp init_win_local integer yes 956.It tcp mss_ifmtu integer yes 957.It tcp sack integer yes 958.It tcp win_scale integer yes 959.It tcp timestamps integer yes 960.It tcp compat_42 integer yes 961.It tcp cwm integer yes 962.It tcp cwm_burstsize integer yes 963.It tcp ack_on_push integer yes 964.It tcp keepidle integer yes 965.It tcp keepintvl integer yes 966.It tcp keepcnt integer yes 967.It tcp slowhz integer no 968.It tcp newreno integer yes 969.It tcp log_refused integer yes 970.It tcp rstppslimit integer yes 971.It tcp ident struct no 972.It udp checksum integer yes 973.It udp sendspace integer yes 974.It udp recvspace integer yes 975.El 976.Pp 977The variables are as follows: 978.Bl -tag -width "123456" 979.It Li ip.forwarding 980Returns 1 when IP forwarding is enabled for the host, 981meaning that the host is acting as a router. 982.It Li ip.redirect 983Returns 1 when ICMP redirects may be sent by the host. 984This option is ignored unless the host is routing IP packets, 985and should normally be enabled on all systems. 986.It Li ip.ttl 987The maximum time-to-live (hop count) value for an IP packet sourced by 988the system. 989This value applies to normal transport protocols, not to ICMP. 990.It Li ip.forwsrcrt 991Returns 1 when forwarding of source-routed packets is enabled for 992the host. 993This value may only be changed if the kernel security level is less than 1. 994.It Li ip.directed-broadcast 995Returns 1 if directed broadcast behavior is enabled for the host. 996.It Li ip.allowsrcrt 997Returns 1 if the host accepts source routed packets. 998.It Li ip.subnetsarelocal 999Returns 1 if subnets are to be considered local addresses. 1000.It Li ip.mtudisc 1001If set to 1, Path MTU Discovery (RFC 1191) is enabled. 1002When Path MTU Discovery is enabled, the transmitted TCP segment 1003size will be determined by the advertised maximum segment size 1004(MSS) from the remote end, as constrained by the path MTU. 1005If MTU Discovery is disabled, the transmitted segment size will 1006never be greater than 1007.Li tcp.mssdflt 1008(the local maximum segment size). 1009.It Li ip.anonportmin 1010The lowest port number to use for TCP and UDP ephemeral port allocation. 1011This cannot be set to less than 1024 or greater than 65535. 1012.It Li ip.anonportmax 1013The highest port number to use for TCP and UDP ephemeral port allocation. 1014This cannot be set to less than 1024 or greater than 65535, and must 1015be greater than 1016.Li ip.anonportmin . 1017.It Li ip.mtudisctimeout 1018Returns the number of seconds in which a route added by the Path MTU 1019Discovery engine will time out. 1020When the route times out, the Path 1021MTU Discovery engine will attempt to probe a larger path MTU. 1022.It Li ip.gifttl 1023The maximum time-to-live (hop count) value for an IPv4 packet generated by 1024.Xr gif 4 1025tunnel interface. 1026.It Li ip.grettl 1027The maximum time-to-live (hop count) value for an IPv4 packet generated by 1028.Xr gre 4 1029tunnel interface. 1030.It Li ip.lowportmin 1031The lowest port number to use for TCP and UDP reserved port allocation. 1032This cannot be set to less than 0 or greater than 1024, and must 1033be smaller than 1034.Li ip.lowportmax . 1035.It Li ip.lowportmax 1036The highest port number to use for TCP and UDP reserved port allocation. 1037This cannot be set to less than 0 or greater than 1024, and must 1038be greater than 1039.Li ip.lowportmin . 1040.It Li ip.maxfragpackets 1041The maximum number of fragmented packets the node will accept. 10420 means that the node will not accept any fragmented packets. 1043\-1 means that the node will accept as many fragmented packets as it receives. 1044The flag is provided basically for avoiding possible DoS attacks. 1045.It Li ip.checkinterface 1046If set to non-zero, the host will reject packets addressed to it 1047that arrive on an interface not bound to that address. 1048Currently, this must be disabled if ipnat is used to translate the 1049destination address to another local interface, or if addresses 1050are added to the loopback interface instead of the interface where 1051the packets for those packets are received. 1052.It Li icmp.maskrepl 1053Returns 1 if ICMP network mask requests are to be answered. 1054.It Li icmp.errppslimit 1055The variable specifies the maximum number of outgoing ICMP error messages, 1056per second. 1057ICMP error messages that exceeded the value are subject to rate limitation 1058and will not go out from the node. 1059Negative value disables rate limitation. 1060.It Li icmp.rediraccept 1061If set to non-zero, the host will accept ICMP redirect packets. 1062Note that routers will never accept ICMP redirect packets, 1063and the variable is meaningful on IP hosts only. 1064.It Li icmp.redirtimeout 1065The variable specifies lifetime of routing entries generated by incoming 1066ICMP redirect. 1067This defaults to 600 seconds. 1068.It Li tcp.rfc1323 1069Returns 1 if RFC 1323 extensions to TCP are enabled. 1070.It Li tcp.sendspace 1071Returns the default TCP send buffer size. 1072.It Li tcp.recvspace 1073Returns the default TCP receive buffer size. 1074.It Li tcp.mssdflt 1075Returns the default maximum segment size both advertized to the peer 1076and to use when either the peer does not advertize a maximum segment size to 1077us during connection setup or Path MTU Discovery 1078.Li ( ip.mtudisc ) 1079is disabled. 1080Do not change this value unless you really know what you are doing. 1081.It Li tcp.syn_cache_limit 1082Returns the maximum number of entries allowed in the TCP compressed state 1083engine. 1084.It Li tcp.syn_bucket_limit 1085Returns the maximum number of entries allowed per hash bucket in the TCP 1086compressed state engine. 1087.It Li tcp.syn_cache_interval 1088Returns the TCP compressed state engine's timer interval. 1089.It Li tcp.init_win 1090Returns a value indicating the TCP initial congestion window. 1091If this value is 0, an auto-tuning algorithm designed to use an initial 1092window of approximately 4K bytes is in use. 1093Otherwise, this value indicates a fixed number of packets. 1094.It Li tcp.init_win_local 1095Like 1096.Li tcp.init_win , 1097but used when communicating with hosts on a local network. 1098.It Li tcp.mss_ifmtu 1099Returns 1 if TCP calculates the outgoing maximum segment size based on 1100the MTU of the appropriate interface. 1101Otherwise, it is calculated based on the greater of the MTU of the 1102interface, and the largest (non-loopback) interface MTU on the system. 1103.It Li tcp.sack 1104TCP Selective ACKnowledgement (RFC 2018) is not implemented in 1105.Nx 1106at this time. 1107Changing this value will have no effect. 1108.It Li tcp.win_scale 1109If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1110for increasing the TCP window size, are enabled. 1111.It Li tcp.timestamps 1112If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1113used for measuring TCP round trip times, are enabled. 1114.It Li tcp.compat_42 1115Returns 1 if work-arounds for bugs in the 4.2BSD TCP implementation are 1116enabled. 1117Use of this option is not recommended, although it may be 1118required in order to communicate with extremely old TCP implementations. 1119.It Li tcp.cwm 1120Returns 1 if use of the Hughes/Touch/Heidemann Congestion Window Monitoring 1121algorithm is enabled. 1122This algorithm prevents line-rate bursts of packets that could 1123otherwise occur when data begins flowing on an idle TCP connection. 1124These line-rate bursts can contribute to network and router congestion. 1125This can be particularly useful on World Wide Web servers 1126which support HTTP/1.1, which has lingering connections. 1127.It Li tcp.cwm_burstsize 1128Returns the Congestion Window Monitoring allowed burst size, in terms 1129of packet count. 1130.It Li tcp.ack_on_push 1131Returns 1 if TCP is to immediately transmit an ACK upon reception of 1132a packet with PUSH set. 1133This can avoid losing a round trip time in some rare situations, 1134but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1135Use of this option is generally not recommended, but 1136the variable exists in case your configuration really needs it. 1137.It Li tcp.keepidle 1138Time a connection must be idle before keepalives are sent (if keepalives 1139are enabled for the connection). 1140See also tcp.slowhz. 1141.It Li tcp.keepintvl 1142Time after a keepalive probe is sent until, in the absence of any response, 1143another probe is sent. 1144See also tcp.slowhz. 1145.It Li tcp.keepcnt 1146Number of keepalive probes sent before declaring a connection dead. 1147If set to zero, there is no limit; 1148keepalives will be sent until some kind of 1149response is received from the peer. 1150.It Li tcp.slowhz 1151The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1152of a clock that ticks tcp.slowhz times per second. 1153(That is, their values 1154must be divided by the tcp.slowhz value to get times in seconds.) 1155.It Li tcp.newreno 1156Returns 1 if the use of J. 1157Hoe's NewReno congestion control algorithm is enabled. 1158This algorithm improves the start-up behavior of TCP connections. 1159.It Li tcp.log_refused 1160Returns 1 if refused TCP connections to the host will be logged. 1161.It Li tcp.rstppslimit 1162The variable specifies the maximum number of outgoing TCP RST packets, 1163per second. 1164TCP RST packet that exceeded the value are subject to rate limitation 1165and will not go out from the node. 1166Negative value disables rate limitation. 1167.It Li udp.checksum 1168Returns 1 when UDP checksums are being computed and checked. 1169Disabling UDP checksums is strongly discouraged. 1170.It Li udp.sendspace 1171Returns the default UDP send buffer size. 1172.It Li udp.recvspace 1173Returns the default UDP receive buffer size. 1174.El 1175.Pp 1176For variables net.*.ipsec, please refer to 1177.Xr ipsec 4 . 1178.It Li PF_INET6 1179Get or set various global information about the IPv6 1180.Pq Internet Protocol version 6 . 1181The third level name is the protocol. 1182The fourth level name is the variable name. 1183The currently defined protocols and names are: 1184.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 1185.It Sy Protocol name Variable name Type Changeable 1186.It ip6 forwarding integer yes 1187.It ip6 redirect integer yes 1188.It ip6 hlim integer yes 1189.It ip6 maxfragpackets integer yes 1190.It ip6 accept_rtadv integer yes 1191.It ip6 keepfaith integer yes 1192.It ip6 log_interval integer yes 1193.It ip6 hdrnestlimit integer yes 1194.It ip6 dad_count integer yes 1195.It ip6 auto_flowlabel integer yes 1196.It ip6 defmcasthlim integer yes 1197.It ip6 gif_hlim integer yes 1198.It ip6 kame_version string no 1199.It ip6 use_deprecated integer yes 1200.It ip6 rr_prune integer yes 1201.It ip6 v6only integer yes 1202.It ip6 anonportmin integer yes 1203.It ip6 anonportmax integer yes 1204.It ip6 lowportmin integer yes 1205.It ip6 lowportmax integer yes 1206.It ip6 maxfrags integer yes 1207.It icmp6 rediraccept integer yes 1208.It icmp6 redirtimeout integer yes 1209.It icmp6 nd6_prune integer yes 1210.It icmp6 nd6_delay integer yes 1211.It icmp6 nd6_umaxtries integer yes 1212.It icmp6 nd6_mmaxtries integer yes 1213.It icmp6 nd6_useloopback integer yes 1214.It icmp6 nodeinfo integer yes 1215.It icmp6 errppslimit integer yes 1216.It icmp6 nd6_maxnudhint integer yes 1217.It icmp6 mtudisc_hiwat integer yes 1218.It icmp6 mtudisc_lowat integer yes 1219.It icmp6 nd6_debug integer yes 1220.It udp6 sendspace integer yes 1221.It udp6 recvspace integer yes 1222.El 1223.Pp 1224The variables are as follows: 1225.Bl -tag -width "123456" 1226.It Li ip6.forwarding 1227Returns 1 when IPv6 forwarding is enabled for the node, 1228meaning that the node is acting as a router. 1229Returns 0 when IPv6 forwarding is disabled for the node, 1230meaning that the node is acting as a host. 1231IPv6 specification defines node behavior for 1232.Dq router 1233case and 1234.Dq host 1235case quite differently, and changing this variable during operation 1236may cause serious trouble. 1237It is recommended to configure the variable at bootstrap time, 1238and bootstrap time only. 1239.It Li ip6.redirect 1240Returns 1 when ICMPv6 redirects may be sent by the node. 1241This option is ignored unless the node is routing IP packets, 1242and should normally be enabled on all systems. 1243.It Li ip6.hlim 1244The default hop limit value for an IPv6 unicast packet sourced by the node. 1245This value applies to all the transport protocols on top of IPv6. 1246There are APIs to override the value, as documented in 1247.Xr ip6 4 . 1248.It Li ip6.maxfragpackets 1249The maximum number of fragmented packets the node will accept. 12500 means that the node will not accept any fragmented packets. 1251\-1 means that the node will accept as many fragmented packets as it receives. 1252The flag is provided basically for avoiding possible DoS attacks. 1253.It Li ip6.accept_rtadv 1254If set to non-zero, the node will accept ICMPv6 router advertisement packets 1255and autoconfigures address prefixes and default routers. 1256The node must be a host 1257.Pq not a router 1258for the option to be meaningful. 1259.It Li ip6.keepfaith 1260If set to non-zero, it enables 1261.Dq FAITH 1262TCP relay IPv6-to-IPv4 translator code in the kernel. 1263Refer 1264.Xr faith 4 1265and 1266.Xr faithd 8 1267for detail. 1268.It Li ip6.log_interval 1269The variable controls amount of logs generated by IPv6 packet 1270forwarding engine, by setting interval between log output 1271.Pq in seconds . 1272.It Li ip6.hdrnestlimit 1273The number of IPv6 extension headers permitted on incoming IPv6 packets. 1274If set to 0, the node will accept as many extension headers as possible. 1275.It Li ip6.dad_count 1276The variable configures number of IPv6 DAD 1277.Pq duplicated address detection 1278probe packets. 1279The packets will be generated when IPv6 interface addresses are configured. 1280.It Li ip6.auto_flowlabel 1281On connected transport protocol packets, 1282fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1283.It Li ip6.defmcasthlim 1284The default hop limit value for an IPv6 multicast packet sourced by the node. 1285This value applies to all the transport protocols on top of IPv6. 1286There are APIs to override the value, as documented in 1287.Xr ip6 4 . 1288.It Li ip6.gif_hlim 1289The maximum hop limit value for an IPv6 packet generated by 1290.Xr gif 4 1291tunnel interface. 1292.It Li ip6.kame_version 1293The string identifies the version of KAME IPv6 stack implemented in the kernel. 1294.It Li ip6.use_deprecated 1295The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1296.It Li ip6.rr_prune 1297The variable specifies interval between IPv6 router renumbering prefix 1298babysitting, in seconds. 1299.It Li ip6.v6only 1300The variable specifies initial value for 1301.Dv IPV6_V6ONLY 1302socket option for 1303.Dv AF_INET6 1304socket. 1305Please refer to 1306.Xr ip6 4 1307for detail. 1308.It Li ip6.anonportmin 1309The lowest port number to use for TCP and UDP ephemeral port allocation. 1310This cannot be set to less than 1024 or greater than 65535. 1311.It Li ip6.anonportmax 1312The highest port number to use for TCP and UDP ephemeral port allocation. 1313This cannot be set to less than 1024 or greater than 65535, and must 1314be greater than 1315.Li ip6.anonportmin . 1316.It Li ip6.lowportmin 1317The lowest port number to use for TCP and UDP reserved port allocation. 1318This cannot be set to less than 0 or greater than 1024, and must 1319be smaller than 1320.Li ip6.lowportmax . 1321.It Li ip6.lowportmax 1322The highest port number to use for TCP and UDP reserved port allocation. 1323This cannot be set to less than 0 or greater than 1024, and must 1324be greater than 1325.Li ip6.lowportmin . 1326.It Li ip6.maxfrags 1327The maximum number of fragments the node will accept. 13280 means that the node will not accept any fragments. 1329\-1 means that the node will accept as many fragments as it receives. 1330The flag is provided basically for avoiding possible DoS attacks. 1331.It Li icmp6.rediraccept 1332If set to non-zero, the host will accept ICMPv6 redirect packets. 1333Note that IPv6 routers will never accept ICMPv6 redirect packets, 1334and the variable is meaningful on IPv6 hosts 1335.Pq non-router 1336only. 1337.It Li icmp6.redirtimeout 1338The variable specifies lifetime of routing entries generated by incoming 1339ICMPv6 redirect. 1340.It Li icmp6.nd6_prune 1341The variable specifies interval between IPv6 neighbor cache babysitting, 1342in seconds. 1343.It Li icmp6.nd6_delay 1344The variable specifies 1345.Dv DELAY_FIRST_PROBE_TIME 1346timing constant in IPv6 neighbor discovery specification 1347.Pq RFC 2461 , 1348in seconds. 1349.It Li icmp6.nd6_umaxtries 1350The variable specifies 1351.Dv MAX_UNICAST_SOLICIT 1352constant in IPv6 neighbor discovery specification 1353.Pq RFC 2461 . 1354.It Li icmp6.nd6_mmaxtries 1355The variable specifies 1356.Dv MAX_MULTICAST_SOLICIT 1357constant in IPv6 neighbor discovery specification 1358.Pq RFC 2461 . 1359.It Li icmp6.nd6_useloopback 1360If set to non-zero, kernel IPv6 stack will use loopback interface for 1361local traffic. 1362.It Li icmp6.nodeinfo 1363The variable enables responses to ICMPv6 node information queries. 1364If you set the variable to 0, responses will not be generated for 1365ICMPv6 node information queries. 1366Since node information queries can have a security impact, it is 1367possible to fine tune which responses should be answered. 1368Two separate bits can be set. 1369.Bl -tag -width "12345" 1370.It 1 1371Respond to ICMPv6 FQDN queries, e.g. 1372.Li ping6 -w . 1373.It 2 1374Respond to ICMPv6 node addresses queries, e.g. 1375.Li ping6 -a . 1376.El 1377.It Li icmp6.errppslimit 1378The variable specifies the maximum number of outgoing ICMPv6 error messages, 1379per second. 1380ICMPv6 error messages that exceeded the value are subject to rate limitation 1381and will not go out from the node. 1382Negative value disables rate limitation. 1383.It Li icmp6.nd6_maxnudhint 1384IPv6 neighbor discovery permits upper layer protocols to supply reachability 1385hints, to avoid unnecessary neighbor discovery exchanges. 1386The variable defines the number of consecutive hints the neighbor discovery 1387layer will take. 1388For example, by setting the variable to 3, neighbor discovery layer 1389will take 3 consecutive hints in maximum. 1390After receiving 3 hints, neighbor discovery layer will perform 1391normal neighbor discovery process. 1392.It Li icmp6.mtudisc_hiwat 1393.It Li icmp6.mtudisc_lowat 1394The variables define the maximum number of routing table entries, 1395created due to path MTU discovery 1396.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1397When IPv6 path MTU discovery happens, we keep path MTU information into 1398the routing table. 1399If the number of routing table entries exceed the value, 1400the kernel will not attempt to keep the path MTU information. 1401.Li icmp6.mtudisc_hiwat 1402is used when we have verified ICMPv6 too big messages. 1403.Li icmp6.mtudisc_lowat 1404is used when we have unverified ICMPv6 too big messages. 1405Verification is performed by using address/port pairs kept in connected pcbs. 1406Negative value disables the upper limit. 1407.It Li icmp6.nd6_debug 1408If set to non-zero, kernel IPv6 neighbor discovery code will generate 1409debugging messages. 1410The debug outputs are useful to diagnose IPv6 interoperability issues. 1411The flag must be set to 0 for normal operation. 1412.El 1413.Pp 1414We reuse net.*.tcp for 1415.Tn TCP 1416over 1417.Tn IPv6 , 1418and therefore we do not have variables net.*.tcp6. 1419Variables net.inet6.udp6 have identical meaning to net.inet.udp. 1420Please refer to 1421.Li PF_INET 1422section above. 1423For variables net.*.ipsec6, please refer to 1424.Xr ipsec 4 . 1425.It Li PF_KEY 1426Get or set various global information about the IPsec key management. 1427The third level name is the variable name. 1428The currently defined variable and names are: 1429.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent 1430.It Sy Variable name Type Changeable 1431.It debug integer yes 1432.It spi_try integer yes 1433.It spi_min_value integer yes 1434.It spi_max_value integer yes 1435.It random_int integer yes 1436.It larval_lifetime integer yes 1437.It blockacq_count integer yes 1438.It blockacq_lifetime integer yes 1439.It esp_keymin integer yes 1440.It esp_auth integer yes 1441.It ah_keymin integer yes 1442.El 1443The variables are as follows: 1444.Bl -tag -width "123456" 1445.It Li debug 1446Turn on debugging message from within the kernel. 1447The value is a bitmap, as defined in 1448.Pa /usr/include/netkey/key_debug.h . 1449.It Li spi_try 1450The number of times the kernel will try to obtain an unique SPI 1451when it generates it from random number generator. 1452.It Li spi_min_value 1453Minimum SPI value when generating it within the kernel. 1454.It Li spi_max_value 1455Maximum SPI value when generating it within the kernel. 1456.It Li random_int 1457Interval to stir pseudo-random number generator, in seconds. 1458Pseudo-random number generator is used only as a last resort when 1459random number source 1460.Pq Pa /dev/urandom 1461is not available. 1462It should not really be used, and if it were used, 1463kernel will warn about it. 1464.It Li larval_lifetime 1465Lifetime for LARVAL SAD entries, in seconds. 1466.It Li blockacq_count 1467Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 1468It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 1469key management daemon. 1470.It Li blockacq_lifetime 1471Lifetime of ACQUIRE PF_KEY message. 1472.It Li esp_keymin 1473Minimum ESP key length, in bits. 1474The value is used when the kernel creates proposal payload 1475on ACQUIRE PF_KEY message. 1476.It Li esp_auth 1477Whether ESP authentication should be used or not. 1478Non-zero value indicates that ESP authentication should be used. 1479The value is used when the kernel creates proposal payload 1480on ACQUIRE PF_KEY message. 1481.It Li ah_keymin 1482Minimum AH key length, in bits, 1483The value is used when the kernel creates proposal payload 1484on ACQUIRE PF_KEY message. 1485.El 1486.El 1487.Sh CTL_PROC 1488The string and integer information available for the CTL_PROC 1489is detailed below. 1490The changeable column shows whether a process with appropriate 1491privilege may change the value. 1492These values are per-process, 1493and as such may change from one process to another. 1494When a process is created, 1495the default values are inherited from its parent. 1496When a set-user-ID or set-group-ID binary is executed, the 1497value of PROC_PID_CORENAME is reset to the system default value. 1498The second level name is either the magic value PROC_CURPROC, which 1499points to the current process, or the PID of the target process. 1500.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent 1501.It Sy Third level name Type Changeable 1502.It PROC\_PID\_CORENAME string yes 1503.It PROC\_PID\_LIMIT node not applicable 1504.It PROC\_PID\_STOPFORK int yes 1505.It PROC\_PID\_STOPEXEC int yes 1506.It PROC\_PID\_STOPEXIT int yes 1507.El 1508.Bl -tag -width "123456" 1509.Pp 1510.It Li PROC_PID_CORENAME 1511The template used for the core dump file name (see 1512.Xr core 5 1513for details). 1514The base name must either be 1515.Nm core 1516or end with the suffix ``.core'' (the super-user may set arbitrary names). 1517By default it points to KERN_DEFCORENAME. 1518.It Li PROC_PID_LIMIT 1519Return resources limits, as defined for the 1520.Xr getrlimit 2 1521and 1522.Xr setrlimit 2 1523system calls. 1524The fourth level name is one of: 1525.Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA 1526.It Li PROC_PID_LIMIT_CPU 1527The maximum amount of CPU time (in seconds) to be used by each process. 1528.It Li PROC_PID_LIMIT_FSIZE 1529The largest size (in bytes) file that may be created. 1530.It Li PROC_PID_LIMIT_DATA 1531The maximum size (in bytes) of the data segment for a process; 1532this defines how far a program may extend its break with the 1533.Xr sbrk 2 1534system call. 1535.It Li PROC_PID_LIMIT_STACK 1536The maximum size (in bytes) of the stack segment for a process; 1537this defines how far a program's stack segment may be extended. 1538Stack extension is performed automatically by the system. 1539.It Li PROC_PID_LIMIT_CORE 1540The largest size (in bytes) 1541.Pa core 1542file that may be created. 1543.It Li PROC_PID_LIMIT_RSS 1544The maximum size (in bytes) to which a process's resident set size may 1545grow. 1546This imposes a limit on the amount of physical memory to be given to 1547a process; if memory is tight, the system will prefer to take memory 1548from processes that are exceeding their declared resident set size. 1549.It Li PROC_PID_LIMIT_MEMLOCK 1550The maximum size (in bytes) which a process may lock into memory 1551using the 1552.Xr mlock 2 1553function. 1554.It Li PROC_PID_LIMIT_NPROC 1555The maximum number of simultaneous processes for this user id. 1556.It Li PROC_PID_LIMIT_NOFILE 1557The maximum number of open files for this process. 1558.El 1559.Pp 1560The fifth level name is one of PROC_PID_LIMIT_TYPE_SOFT or 1561PROC_PID_LIMIT_TYPE_HARD, to select respectively the soft or hard limit. 1562Both are of type integer. 1563.It Li PROC_PID_STOPFORK 1564If non zero, the process' children will be stopped after 1565.Xr fork 2 1566calls. 1567The children is created in the SSTOP state and is never scheduled 1568for running before being stopped. 1569This feature helps attaching a process with a debugger such as 1570.Xr gdb 1 1571before it had the opportunity to actually do anything. 1572.Pp 1573This value is inherited by the process's children, and it also 1574apply to emulation specific system calls that fork a new process, such as 1575.Fn sproc 1576or 1577.Fn clone . 1578.It Li PROC_PID_STOPEXEC 1579If non zero, the process will be stopped on next 1580.Xr exec 3 1581call. 1582The process created by 1583.Xr exec 3 1584is created in the SSTOP state and is never scheduled for running 1585before being stopped. 1586This feature helps attaching a process with a debugger such as 1587.Xr gdb 1 1588before it had the opportunity to actually do anything. 1589.Pp 1590This value is inherited by the process's children. 1591.It Li PROC_PID_STOPEXIT 1592If non zero, the process will be stopped on when it has cause to exit, 1593either by way of calling 1594.Xr exit 3 , 1595.Xr _exit 2 , 1596or by the receipt of a specific signal. 1597The process is stopped before any of its resources or vm space is 1598released allowing examination of the termination state of a process 1599before it disappears. 1600This feature can be used to examine the final conditions of the 1601process's vmspace via 1602.Xr pmap 1 1603or its resource settings with 1604.Xr sysctl 8 1605before it disappears. 1606.Pp 1607This value is also inherited by the process's children. 1608.El 1609.Sh CTL_USER 1610The string and integer information available for the CTL_USER level 1611is detailed below. 1612The changeable column shows whether a process with appropriate 1613privilege may change the value. 1614.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent 1615.It Sy Second level name Type Changeable 1616.It USER\_BC\_BASE\_MAX integer no 1617.It USER\_BC\_DIM\_MAX integer no 1618.It USER\_BC\_SCALE\_MAX integer no 1619.It USER\_BC\_STRING\_MAX integer no 1620.It USER\_COLL\_WEIGHTS\_MAX integer no 1621.It USER\_CS\_PATH string no 1622.It USER\_EXPR\_NEST\_MAX integer no 1623.It USER\_LINE\_MAX integer no 1624.It USER\_POSIX2\_CHAR\_TERM integer no 1625.It USER\_POSIX2\_C\_BIND integer no 1626.It USER\_POSIX2\_C\_DEV integer no 1627.It USER\_POSIX2\_FORT\_DEV integer no 1628.It USER\_POSIX2\_FORT\_RUN integer no 1629.It USER\_POSIX2\_LOCALEDEF integer no 1630.It USER\_POSIX2\_SW\_DEV integer no 1631.It USER\_POSIX2\_UPE integer no 1632.It USER\_POSIX2\_VERSION integer no 1633.It USER\_RE\_DUP\_MAX integer no 1634.It USER\_STREAM\_MAX integer no 1635.It USER\_TZNAME\_MAX integer no 1636.It USER\_ATEXIT\_MAX integer no 1637.El 1638.Bl -tag -width "123456" 1639.Pp 1640.It Li USER_BC_BASE_MAX 1641The maximum ibase/obase values in the 1642.Xr bc 1 1643utility. 1644.It Li USER_BC_DIM_MAX 1645The maximum array size in the 1646.Xr bc 1 1647utility. 1648.It Li USER_BC_SCALE_MAX 1649The maximum scale value in the 1650.Xr bc 1 1651utility. 1652.It Li USER_BC_STRING_MAX 1653The maximum string length in the 1654.Xr bc 1 1655utility. 1656.It Li USER_COLL_WEIGHTS_MAX 1657The maximum number of weights that can be assigned to any entry of 1658the LC_COLLATE order keyword in the locale definition file. 1659.It Li USER_CS_PATH 1660Return a value for the 1661.Ev PATH 1662environment variable that finds all the standard utilities. 1663.It Li USER_EXPR_NEST_MAX 1664The maximum number of expressions that can be nested within 1665parenthesis by the 1666.Xr expr 1 1667utility. 1668.It Li USER_LINE_MAX 1669The maximum length in bytes of a text-processing utility's input 1670line. 1671.It Li USER_POSIX2_CHAR_TERM 1672Return 1 if the system supports at least one terminal type capable of 1673all operations described in POSIX 1003.2, otherwise 0. 1674.It Li USER_POSIX2_C_BIND 1675Return 1 if the system's C-language development facilities support the 1676C-Language Bindings Option, otherwise 0. 1677.It Li USER_POSIX2_C_DEV 1678Return 1 if the system supports the C-Language Development Utilities Option, 1679otherwise 0. 1680.It Li USER_POSIX2_FORT_DEV 1681Return 1 if the system supports the FORTRAN Development Utilities Option, 1682otherwise 0. 1683.It Li USER_POSIX2_FORT_RUN 1684Return 1 if the system supports the FORTRAN Runtime Utilities Option, 1685otherwise 0. 1686.It Li USER_POSIX2_LOCALEDEF 1687Return 1 if the system supports the creation of locales, otherwise 0. 1688.It Li USER_POSIX2_SW_DEV 1689Return 1 if the system supports the Software Development Utilities Option, 1690otherwise 0. 1691.It Li USER_POSIX2_UPE 1692Return 1 if the system supports the User Portability Utilities Option, 1693otherwise 0. 1694.It Li USER_POSIX2_VERSION 1695The version of POSIX 1003.2 with which the system attempts to comply. 1696.It Li USER_RE_DUP_MAX 1697The maximum number of repeated occurrences of a regular expression 1698permitted when using interval notation. 1699.ne 1i 1700.It Li USER_STREAM_MAX 1701The minimum maximum number of streams that a process may have open 1702at any one time. 1703.It Li USER_TZNAME_MAX 1704The minimum maximum number of types supported for the name of a 1705timezone. 1706.It Li USER_ATEXIT_MAX 1707The maximum namber of functions that may be registered with 1708.Xr atexit 3 . 1709.El 1710.Sh CTL_VM 1711The string and integer information available for the CTL_VM level 1712is detailed below. 1713The changeable column shows whether a process with appropriate 1714privilege may change the value. 1715.Bl -column "Second level nameXXXXXX" "struct loadavgXXX" -offset indent 1716.It Sy Second level name Type Changeable 1717.It VM\_ANONMAX int yes 1718.It VM\_ANONMIN int yes 1719.It VM\_EXECMAX int yes 1720.It VM\_EXECMIN int yes 1721.It VM\_FILEMAX int yes 1722.It VM\_FILEMIN int yes 1723.It VM\_LOADAVG struct loadavg no 1724.It VM\_MAXSLP int no 1725.It VM\_METER struct vmtotal no 1726.It VM\_NKMEMPAGES int no 1727.It VM\_USPACE int no 1728.It VM\_UVMEXP struct uvmexp no 1729.It VM\_UVMEXP2 struct uvmexp_sysctl no 1730.El 1731.Pp 1732.Bl -tag -width "123456" 1733.It Li VM_ANONMAX 1734The percentage of physical memory which will be reclaimed 1735from other types of memory usage to store anonymous application data. 1736.It Li VM_ANONMIN 1737The percentage of physical memory which will be always be available for 1738anonymous application data. 1739.It Li VM_EXECMAX 1740The percentage of physical memory which will be reclaimed 1741from other types of memory usage to store cached executable data. 1742.It Li VM_EXECMIN 1743The percentage of physical memory which will be always be available for 1744cached executable data. 1745.It Li VM_FILEMAX 1746The percentage of physical memory which will be reclaimed 1747from other types of memory usage to store cached file data. 1748.It Li VM_FILEMIN 1749The percentage of physical memory which will be always be available for 1750cached file data. 1751.It Li VM_LOADAVG 1752Return the load average history. 1753The returned data consists of a 1754.Va struct loadavg . 1755.It Li VM_MAXSLP 1756The value of the maxslp kernel global variable. 1757.It Li VM_METER 1758Return system wide virtual memory statistics. 1759The returned data consists of a 1760.Va struct vmtotal . 1761.It Li VM_USPACE 1762The number of bytes allocated for each kernel stack. 1763.It Li VM_UVMEXP 1764Return system wide virtual memory statistics. 1765The returned data consists of a 1766.Va struct uvmexp . 1767.It Li VM_UVMEXP2 1768Return system wide virtual memory statistics. 1769The returned data consists of a 1770.Va struct uvmexp_sysctl . 1771.El 1772.Sh CTL_DDB 1773The integer information available for the CTL_DDB level is detailed below. 1774The changeable column shows whether a process with appropriate 1775privilege may change the value. 1776.Bl -column "DBCTL_TABSTOPSXXX" "integerXXX" -offset indent 1777.It Sy Second level name Type Changeable 1778.It DBCTL\_RADIX integer yes 1779.It DBCTL\_MAXOFF integer yes 1780.It DBCTL\_LINES integer yes 1781.It DBCTL\_TABSTOPS integer yes 1782.It DBCTL\_ONPANIC integer yes 1783.It DBCTL\_FROMCONSOLE integer yes 1784.El 1785.Pp 1786.Bl -tag -width "123456" 1787.It Li DBCTL_RADIX 1788The input and output radix. 1789.It Li DBCTL_MAXOFF 1790The maximum symbol offset. 1791.It Li DBCTL_LINES 1792Number of display lines. 1793.It Li DBCTL_TABSTOPS 1794Tab width. 1795.It Li DBCTL_ONPANIC 1796If non-zero, DDB will be entered when the kernel panics. 1797.It Li DBCTL_FROMCONSOLE 1798If not zero, DDB may be entered by sending a break on a serial 1799console or by a special key sequence on a graphics console. 1800.El 1801.Pp 1802These MIB nodes are also available as variables from within the DDB. 1803See 1804.Xr ddb 4 1805for more details. 1806.Sh CTL_VENDOR 1807The "vendor" toplevel name is reserved to be used by vendors who wish to 1808have their own private MIB tree. 1809Intended use is to store values under 1810.Dq vendor.\*[Lt]yourname\*[Gt].* . 1811.Sh DYNAMIC OPERATIONS 1812Several meta-identifiers are provided to perform operations on the 1813.Nm 1814tree itself, or support alternate means of accessing the data 1815instrumented by the 1816.Nm 1817tree. 1818.Bl -column CTLXCREATESYMXXX 1819.It Sy Name Description 1820.It CTL\_QUERY Retrieve a mapping of names to numbers below a given node 1821.It CTL\_CREATE Create a new node 1822.It CTL\_CREATESYM Create a new node by its kernel symbol 1823.It CTL\_DESTROY Destroy a node 1824.It CTL\_DESCRIBE Retrieve node descriptions 1825.El 1826.Pp 1827The core interface to all of these meta-functions is the structure 1828that the kernel uses to describe the tree internally, as defined in 1829.Aq Pa sys/sysctl.h 1830as: 1831.Pp 1832.Bd -literal 1833struct sysctlnode { 1834 uint32_t sysctl_flags; /* flags and type */ 1835 int32_t sysctl_num; /* mib number */ 1836 char sysctl_name[SYSCTL_NAMELEN]; /* node name */ 1837 uint32_t sysctl_ver; /* node's version vs. rest of tree */ 1838 uint32_t __rsvd; 1839 union { 1840 struct { 1841 uint32_t suc_csize; /* size of child node array */ 1842 uint32_t suc_clen; /* number of valid children */ 1843 struct sysctlnode* suc_child; /* array of child nodes */ 1844 } scu_child; 1845 struct { 1846 void *sud_data; /* pointer to external data */ 1847 size_t sud_offset; /* offset to data */ 1848 } scu_data; 1849 int32_t scu_alias; /* node this node refers to */ 1850 int32_t scu_idata; /* immediate "int" data */ 1851 u_quad_t scu_qdata; /* immediate "u_quad_t" data */ 1852 } sysctl_un; 1853 size_t _sysctl_size; /* size of instrumented data */ 1854 sysctlfn _sysctl_func; /* access helper function */ 1855 struct sysctlnode *sysctl_parent; /* parent of this node */ 1856 const char *sysctl_desc; /* description of node */ 1857}; 1858 1859#define sysctl_csize sysctl_un.scu_child.suc_csize 1860#define sysctl_clen sysctl_un.scu_child.suc_clen 1861#define sysctl_child sysctl_un.scu_child.suc_child 1862#define sysctl_data sysctl_un.scu_data.sud_data 1863#define sysctl_offset sysctl_un.scu_data.sud_offset 1864#define sysctl_alias sysctl_un.scu_alias 1865#define sysctl_idata sysctl_un.scu_idata 1866#define sysctl_qdata sysctl_un.scu_qdata 1867.Ed 1868.Pp 1869Querying the tree to discover the name to number mapping permits 1870dynamic discovery of all the data that the tree currently has 1871instrumented. 1872For example, to discover all the nodes below the 1873CTL_VFS node: 1874.Pp 1875.Bd -literal -offset indent -compact 1876struct sysctlnode query, vfs[128]; 1877int mib[2]; 1878size_t len; 1879.sp 1880mib[0] = CTL_VFS; 1881mib[1] = CTL_QUERY; 1882memset(\*[Am]query, 0, sizeof(query)); 1883query.sysctl_flags = SYSCTL_VERSION; 1884len = sizeof(vfs); 1885sysctl(mib, 2, \*[Am]vfs[0], \*[Am]len, \*[Am]query, sizeof(query)); 1886.Ed 1887.Pp 1888Note that a reference to an empty node with 1889.Fa sysctl_flags 1890set to 1891.Dv SYSCTL_VERSION 1892is passed to sysctl in order to indicate the version that the program 1893is using. 1894All dynamic operations passing nodes into sysctl require that the 1895version be explicitly specified. 1896.Pp 1897Creation and destruction of nodes works by constructing part of a new 1898node description (or a description of the existing node) and invoking 1899CTL_CREATE (or CTL_CREATESYM) or CTL_DESTROY at the parent of the new 1900node, with a pointer to the new node passed via the 1901.Fa new 1902and 1903.Fa newlen 1904arguments. 1905If valid values for 1906.Fa old 1907and 1908.Fa oldlenp 1909are passed, a copy of the new node once in the tree will be returned. 1910If the create operation fails because a node with the same name or MIB 1911number exists, a copy of the conflicting node will be returned. 1912.Pp 1913The minimum requirements for creating a node are setting the 1914.Fa sysctl_flags 1915to indicate the new node's type, 1916.Fa sysctl_num 1917to either the new node's number (or CTL_CREATE or CTL_CREATESYM if a 1918dynamically allocated MIB number is acceptable), 1919.Fa sysctl_size 1920to the size of the data to be instrumented (which must agree with the 1921given type), and 1922.Fa sysctl_name 1923must be set to the new node's name. 1924Nodes that are not of type 1925.Dq node 1926must also have some description of the data to be instrumented, which 1927will vary depending on what is to be instrumented. 1928.Pp 1929If existing kernel data is to be covered by this new node, its address 1930should be given in 1931.Fa sysctl_data 1932or, if CTL_CREATESYM is used, 1933.Fa sysctl_data 1934should be set to a string containing its name from the kernel's symbol 1935table. 1936If new data is to be instrumented and an initial value is available, 1937the new integer or quad type data should be placed into either 1938.Fa sysctl_idata 1939or 1940.Fa sysctl_qdata , 1941respectively, along with the SYSCTL_IMMEDIATE flag being set, or 1942.Fa sysctl_data 1943should be set to point to a copy of the new data, and the 1944SYSCTL_OWNDATA flag must be set. 1945This latter method is the only way that new string and struct type 1946nodes can be initialized. 1947Invalid kernel addresses are accepted, but any attempt to access those 1948nodes will return an error. 1949.Pp 1950The 1951.Fa sysctl_csize , 1952.Fa sysctl_clen , 1953.Fa sysctl_child , 1954.Fa sysctl_parent , 1955and 1956.Fa sysctl_alias 1957members are used by the kernel to link the tree together and must be 1958.Dv NULL 1959or 0. 1960Nodes created in this manner cannot have helper functions, so 1961.Fa sysctl_func 1962must also be 1963.Dv NULL . 1964If the 1965.Fa sysctl_ver 1966member is non-zero, it must match either the version of the parent or 1967the version at the root of the MIB or an error is returned. 1968This can be used to ensure that nodes are only added or removed from a 1969known state of the tree. 1970Note: It may not be possible to determine the version at the root 1971of the tree. 1972.Pp 1973This example creates a new subtree and adds a node to it that controls the 1974.Fa audiodebug 1975kernel variable, thereby making it tunable at at any time, without 1976needing to use 1977.Xr ddb 4 1978or 1979.Xr kvm 3 1980to alter the kernel's memory directly. 1981.Pp 1982.Bd -literal -offset indent -compact 1983struct sysctlnode node; 1984int mib[2]; 1985size_t len; 1986.sp 1987mib[0] = CTL_CREATE; /* create at top-level */ 1988len = sizeof(node); 1989memset(\*[Am]node, 0, len); 1990node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_NODE; 1991snprintf(node.sysctl_name, sizeof(node.sysctl_name), "local"); 1992node.sysctl_num = CTL_CREATE; /* request dynamic MIB number */ 1993sysctl(\*[Am]mib[0], 1, \*[Am]node, \*[Am]len, \*[Am]node, len); 1994.sp 1995mib[0] = node.sysctl_num; /* use new MIB number */ 1996mib[1] = CTL_CREATESYM; /* create at second level */ 1997len = sizeof(node); 1998memset(\*[Am]node, 0, len); 1999node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_INT; 2000snprintf(node.sysctl_name, sizeof(node.sysctl_name), "audiodebug"); 2001node.sysctl_num = CTL_CREATE; 2002node.sysctl_data = "audiodebug"; /* kernel symbol to be used */ 2003sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 2004.Ed 2005.Pp 2006The process for deleting nodes is similar, but less data needs to 2007be supplied. 2008Only the 2009.Fa sysctl_num 2010field 2011needs to be filled in; almost all other fields must be left blank. 2012The 2013.Fa sysctl_name 2014and/or 2015.Fa sysctl_ver 2016fields can be filled in with the name and version of the existing node 2017as additional checks on what will be deleted. 2018If all the given data fail to match any node, nothing will be deleted. 2019If valid values for 2020.Fa old 2021and 2022.Fa oldlenp 2023are supplied and a node is deleted, a copy of what was in the MIB tree 2024will be returned. 2025.Pp 2026This sample code shows the deletion of the two nodes created in the 2027above example: 2028.Pp 2029.Bd -literal -offset indent -compact 2030int mib[2]; 2031.sp 2032len = sizeof(node); 2033memset(\*[Am]node, 0, len); 2034node.sysctl_flags = SYSCTL_VERSION; 2035.sp 2036mib[0] = 3214; /* assumed number for "local" */ 2037mib[1] = CTL_DESTROY; 2038node.sysctl_num = 3215; /* assumed number for "audiodebug" */ 2039sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 2040.sp 2041mib[0] = CTL_DESTROY; 2042node.sysctl_num = 3214; /* now deleting "local" */ 2043sysctl(\*[Am]mib[0], 1, NULL, NULL, \*[Am]node, len); 2044.Ed 2045.Pp 2046Descriptions of each of the nodes can also be retrieved, if they are 2047available. 2048Descriptions can be retrieved in bulk at each level or on a per-node 2049basis. 2050The layout of the buffer into which the descriptions are returned is a 2051series of variable length structures, each of which describes its own 2052size. 2053The length indicated includes the terminating 2054.Sq nul 2055character. 2056Nodes that have no description or where the description is not 2057available are indicated by an empty string. 2058The 2059.Fa descr_ver 2060will match the 2061.Fa sysctl_ver 2062value for a given node, so that descriptions for nodes whose number 2063have been recycled can be detected and ignored or discarded. 2064.Pp 2065.Bd -literal 2066struct sysctldesc { 2067 int32_t descr_num; /* mib number of node */ 2068 uint32_t descr_ver; /* version of node */ 2069 uint32_t descr_len; /* length of description string */ 2070 char descr_str[1]; /* not really 1...see above */ 2071}; 2072.Ed 2073.Pp 2074The 2075.Fn NEXT_DESCR 2076macro can be used to skip to the next description in the retrieved 2077list. 2078.Pp 2079.Bd -literal -offset indent -compact 2080struct sysctlnode desc; 2081struct sysctldesc *d; 2082char buf[1024]; 2083int mib[2]; 2084size_t len; 2085.sp 2086/* retrieve kern-level descriptions */ 2087mib[0] = CTL_KERN; 2088mib[1] = CTL_DESCRIBE; 2089d = (struct sysctldesc *)\*[Am]buf[0]; 2090len = sizeof(buf); 2091sysctl(mib, 2, d, \*[Am]len, NULL, 0); 2092while ((caddr_t)d \*[Lt] (caddr_t)\*[Am]buf[len]) { 2093 printf("node %d: %.*s\\n", d-\*[Gt]descr_num, d-\*[Gt]descr_len, 2094 d-\*[Gt]descr_str); 2095 d = NEXT_DESCR(d); 2096} 2097.sp 2098/* retrieve description for kern.securelevel */ 2099memset(\*[Am]desc, 0, sizeof(desc)); 2100desc.sysctl_flags = SYSCTL_VERSION; 2101desc.sysctl_num = KERN_SECURELEVEL; 2102d = (struct sysctldesc *)\*[Am]buf[0]; 2103len = sizeof(buf); 2104sysctl(mib, 2, d, \*[Am]len, \*[Am]desc, sizeof(desc)); 2105printf("kern.securelevel: %.*s\\n", d-\*[Gt]descr_len, d-\*[Gt]descr_str); 2106.Ed 2107.Pp 2108Descriptions can also be set as follows, subject to the following rules: 2109.Pp 2110.Bl -bullet -compact 2111.It 2112The kernel securelevel is at zero or lower 2113.It 2114The caller has super-user privileges 2115.It 2116The node does not currently have a description 2117.It 2118The node is not marked as 2119.Dq permanent 2120.El 2121.Pp 2122.Bd -literal -offset indent -compact 2123struct sysctlnode desc; 2124int mib[2]; 2125.sp 2126/* presuming the given top-level node was just added... */ 2127mib[0] = 3214; /* mib numbers taken from previous examples */ 2128mib[1] = CTL_DESCRIBE; 2129memset(\*[Am]desc, 0, sizeof(desc)); 2130desc.sysctl_flags = SYSCTL_VERSION; 2131desc.sysctl_num = 3215; 2132desc.sysctl_desc = "audio debug control knob"; 2133sysctl(mib, 2, NULL, NULL, \*[Am]desc, sizeof(desc)); 2134.Ed 2135.Pp 2136Upon successully setting a description, the new description will be 2137returned in the space indicated by the 2138.Fa oldp 2139and 2140.Fa oldlenp 2141arguments. 2142.Pp 2143The 2144.Fa sysctl_flags 2145field in the struct sysctlnode contains the sysctl version, node type 2146information, and a number of flags. 2147The macros 2148.Fn SYSCTL_VERS , 2149.Fn SYSCTL_TYPE , 2150and 2151.Fn SYSCTL_FLAGS 2152can be used to access the different fields. 2153Valid flags are: 2154.Bl -column CTLFLAGXPERMANENTXXX 2155.It Sy Name Description 2156.It CTLFLAG\_READONLY Node is read-only 2157.It CTLFLAG\_READONLY1 Node becomes read-only at securelevel 1 2158.It CTLFLAG\_READONLY2 Node becomes read-only at securelevel 2 2159.It CTLFLAG\_READWRITE Node is writable by the superuser 2160.It CTLFLAG\_ANYWRITE Node is writable by anyone 2161.It CTLFLAG\_PRIVATE Node is readable only by the superuser 2162.It CTLFLAG\_PERMANENT Node cannot be removed (cannot be set by 2163processes) 2164.It CTLFLAG\_OWNDATA Node owns data and does not instrument 2165existing data 2166.It CTLFLAG\_IMMEDIATE Node contains instrumented data and does not 2167instrument existing data 2168.It CTLFLAG\_HEX Node's contents should be displayed in a hexadecimal 2169form 2170.It CTLFLAG\_ROOT Node is the root of a tree (cannot be set at 2171any time) 2172.It CTLFLAG\_ANYNUMBER Node matches any MIB number (cannot be set by 2173processes) 2174.It CTLFLAG\_HIDDEN Node not displayed by default 2175.It CTLFLAG\_ALIAS Node refers to a sibling node (cannot be set 2176by processes) 2177.It CTLFLAG\_OWNDESC Node owns its own description string space 2178.El 2179.Sh RETURN VALUES 2180If the call to 2181.Nm 2182is successful, the number of bytes copied out is returned. 2183Otherwise \-1 is returned and 2184.Va errno 2185is set appropriately. 2186.Sh FILES 2187.Bl -tag -width \*[Lt]netinet6/udp6Xvar.h\*[Gt] -compact 2188.It Aq Pa sys/sysctl.h 2189definitions for top level identifiers, second level kernel and hardware 2190identifiers, and user level identifiers 2191.It Aq Pa sys/socket.h 2192definitions for second level network identifiers 2193.It Aq Pa sys/gmon.h 2194definitions for third level profiling identifiers 2195.It Aq Pa uvm/uvm_param.h 2196definitions for second level virtual memory identifiers 2197.It Aq Pa netinet/in.h 2198definitions for third level IPv4/v6 identifiers and 2199fourth level IPv4/v6 identifiers 2200.It Aq Pa netinet/icmp_var.h 2201definitions for fourth level ICMP identifiers 2202.It Aq Pa netinet/icmp6.h 2203definitions for fourth level ICMPv6 identifiers 2204.It Aq Pa netinet/tcp_var.h 2205definitions for fourth level TCP identifiers 2206.It Aq Pa netinet/udp_var.h 2207definitions for fourth level UDP identifiers 2208.It Aq Pa netinet6/udp6_var.h 2209definitions for fourth level IPv6 UDP identifiers 2210.It Aq Pa netinet6/ipsec.h 2211definitions for fourth level IPsec identifiers 2212.It Aq Pa netkey/key_var.h 2213definitions for third level PF_KEY identifiers 2214.It Aq Pa machine/cpu.h 2215definitions for second level machdep identifiers 2216.El 2217.Sh ERRORS 2218The following errors may be reported: 2219.Bl -tag -width Er 2220.It Bq Er EFAULT 2221The buffer 2222.Fa name , 2223.Fa oldp , 2224.Fa newp , 2225or length pointer 2226.Fa oldlenp 2227contains an invalid address, or the requested value is temporarily 2228unavailable. 2229.It Bq Er EINVAL 2230The 2231.Fa name 2232array is zero or greater than CTL_MAXNAME. 2233.It Bq Er EINVAL 2234A non-null 2235.Fa newp 2236is given and its specified length in 2237.Fa newlen 2238is too large or too small, or the given value is not acceptable for 2239the given node. 2240.It Bq Er ENOMEM 2241The length pointed to by 2242.Fa oldlenp 2243is too short to hold the requested value. 2244.It Bq Er EISDIR 2245The 2246.Fa name 2247array specifies an intermediate rather than terminal name. 2248.It Bq Er ENOTDIR 2249The 2250.Fa name 2251array specifies a node below a node that addresses data. 2252.It Bq Er ENOENT 2253The 2254.Fa name 2255array specifies a node that does not exist in the tree. 2256.It Bq Er ENOENT 2257An attempt was made to destroy a node that does not exist, or to 2258create or destroy a node below a node that does not exist. 2259.It Bq Er ENOTEMPTY 2260An attempt was made to destroy a node that still has children. 2261.It Bq Er EOPNOTSUPP 2262The 2263.Fa name 2264array specifies a value that is unknown or a meta-operation was 2265attempted that the requested node does not support. 2266.It Bq Er EPERM 2267An attempt is made to set a read-only value. 2268.It Bq Er EPERM 2269A process without appropriate privilege attempts to set a value or to 2270create or destroy a node. 2271.It Bq Er EPERM 2272An attempt to change a value protected by the current kernel security 2273level is made. 2274.El 2275.Sh SEE ALSO 2276.Xr ipsec 4 , 2277.Xr tcp 4 , 2278.Xr sysctl 8 2279.\" .Xr sysctl 9 2280.Sh HISTORY 2281The 2282.Nm 2283function first appeared in 2284.Bx 4.4 . 2285