1.\" $NetBSD: sysctl.3,v 1.164 2006/01/14 15:40:49 wiz Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd January 14, 2006 33.Dt SYSCTL 3 34.Os 35.Sh NAME 36.Nm sysctl , 37.Nm sysctlbyname , 38.Nm sysctlgetmibinfo , 39.Nm sysctlnametomib 40.Nd get or set system information 41.Sh LIBRARY 42.Lb libc 43.Sh SYNOPSIS 44.In sys/param.h 45.In sys/sysctl.h 46.Ft int 47.Fn sysctl "int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" \ 48"void *newp" "size_t newlen" 49.Ft int 50.Fn sysctlbyname "const char *sname" "void *oldp" "size_t *oldlenp" \ 51"void *newp" "size_t newlen" 52.Ft int 53.Fn sysctlgetmibinfo "const char *sname" "int *name" "u_int *namelenp" \ 54"char *cname" "size_t *csz" "struct sysctlnode **rnode" "int v" 55.Ft int 56.Fn sysctlnametomib "const char *sname" "int *name" "size_t *namelenp" 57.Sh DESCRIPTION 58The 59.Nm 60function retrieves system information and allows processes with 61appropriate privileges to set system information. 62The information available from 63.Nm 64consists of integers, strings, and tables. 65Information may be retrieved and set from the command interface 66using the 67.Xr sysctl 8 68utility. 69.Pp 70Unless explicitly noted below, 71.Nm 72returns a consistent snapshot of the data requested. 73Consistency is obtained by locking the destination 74buffer into memory so that the data may be copied out without blocking. 75Calls to 76.Nm 77are serialized to avoid deadlock. 78.Pp 79The state is described using a ``Management Information Base'' (MIB) 80style name, listed in 81.Fa name , 82which is a 83.Fa namelen 84length array of integers. 85.Pp 86The 87.Fn sysctlbyname 88function accepts a string representation of a MIB entry and internally 89maps it to the appropriate numeric MIB representation. 90Its semantics are otherwise no different from 91.Fn sysctl . 92.Pp 93The information is copied into the buffer specified by 94.Fa oldp . 95The size of the buffer is given by the location specified by 96.Fa oldlenp 97before the call, 98and that location gives the amount of data copied after a successful call. 99If the amount of data available is greater 100than the size of the buffer supplied, 101the call supplies as much data as fits in the buffer provided 102and returns with the error code ENOMEM. 103If the old value is not desired, 104.Fa oldp 105and 106.Fa oldlenp 107should be set to 108.Dv NULL . 109.Pp 110The size of the available data can be determined by calling 111.Nm 112with a 113.Dv NULL 114parameter for 115.Fa oldp . 116The size of the available data will be returned in the location pointed to by 117.Fa oldlenp . 118For some operations, the amount of space may change often. 119For these operations, 120the system attempts to round up so that the returned size is 121large enough for a call to return the data shortly thereafter. 122.Pp 123To set a new value, 124.Fa newp 125is set to point to a buffer of length 126.Fa newlen 127from which the requested value is to be taken. 128If a new value is not to be set, 129.Fa newp 130should be set to 131.Dv NULL 132and 133.Fa newlen 134set to 0. 135.Pp 136The 137.Fn sysctlnametomib 138function can be used to map the string representation of a MIB entry 139to the numeric version. 140The 141.Fa name 142argument should point to an array of integers large enough to hold the 143MIB, and 144.Fa namelenp 145should indicate the number of integer slots available. 146Following a successful translation, the size_t indicated by 147.Fa namelenp 148will be changed to show the number of slots consumed. 149.Pp 150The 151.Fn sysctlgetmibinfo 152function performs name translation similar to 153.Fn sysctlnametomib , 154but also canonicalizes the name (or returns the first erroneous token 155from the string being parsed) into the space indicated by 156.Fa cname 157and 158.Fa csz . 159.Fa csz 160should indicate the size of the buffer pointed to by 161.Fa cname 162and on return, will indicate the size of the returned string including 163the trailing 164.Sq nul 165character. 166.Pp 167The 168.Fa rnode 169and 170.Fa v 171arguments to 172.Fn sysctlgetmibinfo 173are used to provide a tree for it to parse into, and to get back 174either a pointer to, or a copy of, the terminal node. 175If 176.Fa rnode 177is 178.Dv NULL , 179.Fn sysctlgetmibinfo 180uses its own internal tree for parsing, and checks it against the 181kernel at each call, to make sure that the name-to-number mapping is 182kept up to date. 183The 184.Fa v 185argument is ignored in this case. 186If 187.Fa rnode 188is not 189.Dv NULL 190but the pointer it references is, on a successful return, 191.Fa rnode 192will be adjusted to point to a copy of the terminal node. 193The 194.Fa v 195argument indicates which version of the 196.Nm 197node structure the caller wants. 198The application must later 199.Fn free 200this copy. 201If neither 202.Fa rnode 203nor the pointer it references are 204.Dv NULL , 205the pointer is used as the address of a tree over which the parsing is 206done. 207In this last case, the tree is not checked against the kernel, no 208refreshing of the mappings is performed, and the value given by 209.Fa v 210must agree with the version indicated by the tree. 211It is recommended that applications always use 212.Dv SYSCTL_VERSION 213as the value for 214.Fa v , 215as defined in the include file 216.Pa sys/sysctl.h . 217.Pp 218The top level names are defined with a CTL_ prefix in 219.Aq Pa sys/sysctl.h , 220and are as follows. 221The next and subsequent levels down are found in the include files 222listed here, and described in separate sections below. 223.Pp 224.Bl -column CTLXMACHDEPXXX "Next level namesXXXXXX" -offset indent 225.It Sy Name Next level names Description 226.It CTL\_KERN sys/sysctl.h High kernel limits 227.It CTL\_VM uvm/uvm_param.h Virtual memory 228.It CTL\_VFS sys/mount.h Filesystem 229.It CTL\_NET sys/socket.h Networking 230.It CTL\_DEBUG sys/sysctl.h Debugging 231.It CTL\_HW sys/sysctl.h Generic CPU, I/O 232.It CTL\_MACHDEP sys/sysctl.h Machine dependent 233.It CTL\_USER sys/sysctl.h User-level 234.It CTL\_DDB sys/sysctl.h In-kernel debugger 235.It CTL\_PROC sys/sysctl.h Per-process 236.It CTL\_VENDOR ? Vendor specific 237.It CTL\_EMUL sys/sysctl.h Emulation settings 238.It CTL\_SECURITY sys/sysctl.h Security settings 239.El 240.Pp 241For example, the following retrieves the maximum number of processes allowed 242in the system: 243.Bd -literal -offset indent -compact 244int mib[2], maxproc; 245size_t len; 246.sp 247mib[0] = CTL_KERN; 248mib[1] = KERN_MAXPROC; 249len = sizeof(maxproc); 250sysctl(mib, 2, \*[Am]maxproc, \*[Am]len, NULL, 0); 251.Ed 252.sp 253To retrieve the standard search path for the system utilities: 254.Bd -literal -offset indent -compact 255int mib[2]; 256size_t len; 257char *p; 258.sp 259mib[0] = CTL_USER; 260mib[1] = USER_CS_PATH; 261sysctl(mib, 2, NULL, \*[Am]len, NULL, 0); 262p = malloc(len); 263sysctl(mib, 2, p, \*[Am]len, NULL, 0); 264.Ed 265.Sh CTL_DEBUG 266The debugging variables vary from system to system. 267A debugging variable may be added or deleted without need to recompile 268.Nm 269to know about it. 270Each time it runs, 271.Nm 272gets the list of debugging variables from the kernel and 273displays their current values. 274The system defines twenty 275.Va ( struct ctldebug ) 276variables named 277.Dv debug0 278through 279.Dv debug19 . 280They are declared as separate variables so that they can be 281individually initialized at the location of their associated variable. 282The loader prevents multiple use of the same variable by issuing errors 283if a variable is initialized in more than one place. 284For example, to export the variable 285.Dv dospecialcheck 286as a debugging variable, the following declaration would be used: 287.Bd -literal -offset indent -compact 288int dospecialcheck = 1; 289struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; 290.Ed 291.Pp 292Note that the dynamic implementation of 293.Nm 294currently in use largely makes this particular 295.Nm 296interface obsolete. 297See 298.Xr sysctl 8 299.\" and 300.\" .Xr sysctl 9 301for more information. 302.Sh CTL_VFS 303A distinguished second level name, VFS_GENERIC, 304is used to get general information about all filesystems. 305One of its third level identifiers is VFS_MAXTYPENUM 306that gives the highest valid filesystem type number. 307Its other third level identifier is VFS_CONF that 308returns configuration information about the filesystem 309type given as a fourth level identifier. 310The remaining second level identifiers are the 311filesystem type number returned by a 312.Xr statvfs 2 313call or from VFS_CONF. 314The third level identifiers available for each filesystem 315are given in the header file that defines the mount 316argument structure for that filesystem. 317.Sh CTL_HW 318The string and integer information available for the CTL_HW level 319is detailed below. 320The changeable column shows whether a process with appropriate 321privilege may change the value. 322.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent 323.It Sy Second level name Type Changeable 324.It HW\_ALIGNBYTES integer no 325.It HW\_BYTEORDER integer no 326.It HW\_CNMAGIC string yes 327.It HW\_DISKNAMES string no 328.It HW\_DISKSTATS struct no 329.It HW\_MACHINE string no 330.It HW\_MACHINE\_ARCH string no 331.It HW\_MODEL string no 332.It HW\_NCPU integer no 333.It HW\_PAGESIZE integer no 334.It HW\_PHYSMEM integer no 335.It HW\_PHYSMEM64 quad no 336.It HW\_USERMEM integer no 337.It HW\_USERMEM64 quad no 338.El 339.Pp 340.Bl -tag -width "123456" 341.It Li HW_ALIGNBYTES 342Alignment constraint for all possible data types. 343This shows the value 344.Dv ALIGNBYTES 345in 346.Pa /usr/include/machine/param.h , 347at the kernel compilation time. 348.It Li HW_BYTEORDER 349The byteorder (4,321, or 1,234). 350.It Li HW_CNMAGIC 351The console magic key sequence. 352.It Li HW_DISKNAMES 353The list of (space separated) disk device names on the system. 354.It Li HW_DISKSTATS 355Return statistical information on the disk devices on the system. 356An array of 357.Va struct disk_sysctl 358structures is returned, 359whose size depends on the current number of such objects in the system. 360The third level name is the size of the 361.Va struct disk_sysctl . 362.It Li HW_MACHINE 363The machine class. 364.It Li HW_MACHINE_ARCH 365The machine CPU class. 366.It Li HW_MODEL 367The machine model. 368.It Li HW_NCPU 369The number of CPUs. 370.ne 1i 371.It Li HW_PAGESIZE 372The software page size. 373.It Li HW_PHYSMEM 374The bytes of physical memory as a 32-bit integer. 375.It Li HW_PHYSMEM64 376The bytes of physical memory as a 64-bit integer. 377.It Li HW_USERMEM 378The bytes of non-kernel memory as a 32-bit integer. 379.It Li HW_USERMEM64 380The bytes of non-kernel memory as a 64-bit integer. 381.El 382.Sh CTL_KERN 383The string and integer information available for the CTL_KERN level 384is detailed below. 385The changeable column shows whether a process with appropriate 386privilege may change the value. 387The types of data currently available are process information, 388system vnodes, the open file entries, routing table entries, 389virtual memory statistics, load average history, and clock rate 390information. 391.Bl -column "KERNXPOSIXXREADERXWRITERXLOCKS" "struct clockrateXXX" -offset indent 392.It Sy Second level name Type Changeable 393.It KERN\_ARGMAX integer no 394.It KERN\_AUTONICETIME integer yes 395.It KERN\_AUTONICEVAL integer yes 396.It KERN\_BOOTTIME struct timeval no 397.It KERN\_BUFQ node not applicable 398.It KERN\_CCPU integer no 399.It KERN\_CLOCKRATE struct clockinfo no 400.It KERN\_CONSDEV integer no 401.It KERN\_CP\_ID struct no 402.It KERN\_CP\_TIME uint64_t[\|] no 403.It KERN\_DEFCORENAME string yes 404.It KERN\_DOMAINNAME string yes 405.It KERN\_DRIVERS struct kinfo_drivers no 406.It KERN\_FILE struct file no 407.It KERN\_FORKFSLEEP integer yes 408.It KERN\_FSCALE integer no 409.It KERN\_FSYNC integer no 410.It KERN\_HARDCLOCK\_TICKS integer no 411.It KERN\_HOSTID integer yes 412.It KERN\_HOSTNAME string yes 413.It KERN\_IOV\_MAX integer no 414.It KERN\_JOB\_CONTROL integer no 415.It KERN\_LABELOFFSET integer no 416.It KERN\_LABELSECTOR integer no 417.It KERN\_LOGIN\_NAME\_MAX integer no 418.It KERN\_LOGSIGEXIT integer yes 419.It KERN\_MAPPED\_FILES integer no 420.It KERN\_MAXFILES integer yes 421.It KERN\_MAXPARTITIONS integer no 422.It KERN\_MAXPHYS integer no 423.It KERN\_MAXPROC integer yes 424.It KERN\_MAXPTYS integer yes 425.It KERN\_MAXVNODES integer yes 426.It KERN\_MBUF node not applicable 427.It KERN\_MEMLOCK integer no 428.It KERN\_MEMLOCK\_RANGE integer no 429.It KERN\_MEMORY\_PROTECTION integer no 430.It KERN\_MONOTONIC\_CLOCK integer no 431.It KERN\_MSGBUF integer no 432.It KERN\_MSGBUFSIZE integer no 433.It KERN\_NGROUPS integer no 434.It KERN\_NTPTIME struct ntptimeval no 435.It KERN\_OSRELEASE string no 436.It KERN\_OSREV integer no 437.It KERN\_OSTYPE string no 438.It KERN\_PIPE node not applicable 439.It KERN\_POSIX1 integer no 440.It KERN\_POSIX\_BARRIERS integer no 441.It KERN\_POSIX\_READER\_WRITER\_LOCKS integer no 442.It KERN\_POSIX\_SEMAPHORES integer no 443.It KERN\_POSIX\_SPIN\_LOCKS integer no 444.It KERN\_POSIX\_THREADS integer no 445.It KERN\_POSIX\_TIMERS integer no 446.It KERN\_PROC struct kinfo_proc no 447.It KERN\_PROC2 struct kinfo_proc2 no 448.It KERN\_PROC\_ARGS string no 449.It KERN\_PROF node not applicable 450.It KERN\_RAWPARTITION integer no 451.It KERN\_ROOT\_DEVICE string no 452.It KERN\_ROOT\_PARTITION integer no 453.It KERN\_RTC\_OFFSET integer yes 454.It KERN\_SAVED\_IDS integer no 455.It KERN\_SECURELVL integer raise only 456.It KERN\_SYNCHRONIZED\_IO integer no 457.It KERN\_SYSVIPC\_INFO node not applicable 458.It KERN\_SYSVMSG integer no 459.It KERN\_SYSVSEM integer no 460.It KERN\_SYSVSHM integer no 461.It KERN\_TIMEX struct no 462.It KERN\_TKSTAT node not applicable 463.It KERN\_URANDOM integer no 464.It KERN\_VERIEXEC node not applicable 465.It KERN\_VERSION string no 466.It KERN\_VNODE struct vnode no 467.El 468.ne 1i 469.Pp 470.Bl -tag -width "123456" 471.It Li KERN_ARGMAX 472The maximum bytes of argument to 473.Xr execve 2 . 474.It Li KERN_AUTONICETIME 475The number of seconds of CPU-time a non-root process may accumulate before 476having its priority lowered from the default to the value of KERN_AUTONICEVAL. 477If set to 0, automatic lowering of priority is not performed, and if set to \-1 478all non-root processes are immediately lowered. 479.It Li KERN_AUTONICEVAL 480The priority assigned for automatically niced processes. 481.It Li KERN_BOOTTIME 482A 483.Va struct timeval 484structure is returned. 485This structure contains the time that the system was booted. 486.It Li KERN_CCPU 487The scheduler exponential decay value. 488.It Li KERN_CLOCKRATE 489A 490.Va struct clockinfo 491structure is returned. 492This structure contains the clock, statistics clock and profiling clock 493frequencies, the number of micro-seconds per hz tick, and the clock 494skew rate. 495.It Li KERN_CONSDEV 496Console device. 497.It Li KERN_CP_ID 498Mapping of CPU number to CPU id. 499.It Li KERN_CP_TIME 500Returns an array of CPUSTATES uint64_ts. 501This array contains the 502number of clock ticks spent in different CPU states. 503On multi-processor systems, the sum across all CPUs is returned unless 504appropriate space is given for one data set for each CPU. 505Data for a specific CPU can also be obtained by adding the number of the 506CPU at the end of the MIB, enlarging it by one. 507.It Li KERN_DEFCORENAME 508Default template for the name of core dump files (see also PROC_PID_CORENAME 509in the per-process variables CTL_PROC, and 510.Xr core 5 511for format of this template). 512The default value is 513.Nm %n.core 514and can be changed with the kernel configuration option 515.Cd options DEFCORENAME 516(see 517.Xr options 4 518). 519.It Li KERN_DOMAINNAME 520Get or set the YP domain name. 521.It Li KERN_DUMP_ON_PANIC 522Perform a crash dump on system panic. 523.It Li KERN_DRIVERS 524Return an array of 525.Va struct kinfo_drivers 526that contains the name and major device numbers of all the device drivers 527in the current kernel. 528The 529.Va d_name 530field is always a NUL terminated string. 531The 532.Va d_bmajor 533field will be set to \-1 if the driver doesn't have a block device. 534.It Li KERN_FILE 535Return the entire file table. 536The returned data consists of a single 537.Va struct filelist 538followed by an array of 539.Va struct file , 540whose size depends on the current number of such objects in the system. 541.It Li KERN_FORKFSLEEP 542If 543.Xr fork 2 544system call fails due to limit on number of processes (either 545the global maxproc limit or user's one), wait for this many 546milliseconds before returning 547.Er EAGAIN 548error to process. 549Useful to keep heavily forking runaway processes in bay. 550Default zero (no sleep). 551Maximum is 20 seconds. 552.It Li KERN_FSCALE 553The kernel fixed-point scale factor. 554.It Li KERN_FSYNC 555Return 1 if the POSIX 1003.1b File Synchronization Option is available 556on this system, 557otherwise 0. 558.It Li KERN_HARDCLOCK_TICKS 559Returns the number of 560.Xr hardclock 9 561ticks. 562.It Li KERN_HOSTID 563Get or set the host id. 564.It Li KERN_HOSTNAME 565Get or set the hostname. 566.It Li KERN_IOV_MAX 567Return the maximum number of 568.Va iovec 569structures that a process has available for use with 570.Xr preadv 2 , 571.Xr pwritev 2 , 572.Xr readv 2 , 573.Xr recvmsg 2 , 574.Xr sendmsg 2 575and 576.Xr writev 2 . 577.It Li KERN_JOB_CONTROL 578Return 1 if job control is available on this system, otherwise 0. 579.It Li KERN_LABELOFFSET 580The offset within the sector specified by KERN_LABELSECTOR of the 581.Xr disklabel 5 . 582.It Li KERN_LABELSECTOR 583The sector number containing the 584.Xr disklabel 5 . 585.It Li KERN_LOGIN_NAME_MAX 586The size of the storage required for a login name, in bytes, 587including the terminating NUL. 588.It Li KERN_LOGSIGEXIT 589If this flag is non-zero, the kernel will 590.Xr log 9 591all process exits due to signals which create a 592.Xr core 5 593file, and whether the coredump was created. 594.It Li KERN_MAPPED_FILES 595Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available 596on this system, 597otherwise 0. 598.It Li KERN_MAXFILES 599The maximum number of open files that may be open in the system. 600.It Li KERN_MAXPARTITIONS 601The maximum number of partitions allowed per disk. 602.It Li KERN_MAXPHYS 603Maximum raw I/O transfer size. 604.It Li KERN_MAXPROC 605The maximum number of simultaneous processes the system will allow. 606.It Li KERN_MAXPTYS 607The maximum number of pseudo terminals. 608This value can be both raised and lowered, though it cannot 609be set lower than number of currently used ptys. 610See also 611.Xr pty 4 . 612.It Li KERN_MAXVNODES 613The maximum number of vnodes available on the system. 614This can only be raised. 615.It Li KERN_MBUF 616Return information about the mbuf control variables. 617the third level names for the mbuf variables are detailed below. 618The changeable column shows whether a process with appropriate 619privilege may change the value. 620.Bl -column "MBUFXNMBCLUSTERSXXX" "struct integerXXX" -offset indent 621.It Sy Third level name Type Changeable 622.It MBUF\_MBLOWAT integer yes 623.It MBUF\_MCLBYTES integer yes 624.It MBUF\_MCLLOWAT integer yes 625.It MBUF\_MSIZE integer yes 626.It MBUF\_NMBCLUSTERS integer yes 627.El 628.Pp 629The variables are as follows: 630.Bl -tag -width "123456" 631.It Li MBUF_MBLOWAT 632The mbuf low water mark. 633.It Li MBUF_MCLBYTES 634The mbuf cluster size. 635.It Li MBUF_MCLLOWAT 636The mbuf cluster low water mark. 637.It Li MBUF_MSIZE 638The mbuf base size. 639.It Li MBUF_NMBCLUSTERS 640The limit on the number of mbuf clusters. 641The variable can only be increased, and only increased on machines with 642direct-mapped pool pages. 643.El 644.It Li KERN_MEMLOCK 645Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available 646on this system, 647otherwise 0. 648.It Li KERN_MEMLOCK_RANGE 649Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available 650on this system, 651otherwise 0. 652.It Li KERN_MEMORY_PROTECTION 653Returns 1 if the POSIX 1003.1b Memory Protection Option is available 654on this system, 655otherwise 0. 656.It Li KERN_MONOTONIC_CLOCK 657Returns the standard version the implementation of the POSIX 1003.1b 658Monotonic Clock Option conforms to, 659otherwise 0. 660.It Li KERN_MSGBUF 661The kernel message buffer, rotated so that the head of the circular kernel 662message buffer is returned at the start of the buffer specified by 663.Fa oldp . 664The returned data may contain NUL bytes. 665.It Li KERN_MSGBUFSIZE 666The maximum number of characters that the kernel message buffer can hold. 667.It Li KERN_NGROUPS 668The maximum number of supplemental groups. 669.It Li KERN_NTPTIME 670A 671.Va struct ntptimeval 672structure is returned. 673This structure contains data used by the 674.Xr ntpd 8 675program. 676.It Li KERN_OSRELEASE 677The system release string. 678.It Li KERN_OSREV 679The system revision string. 680.It Li KERN_OSTYPE 681The system type string. 682.It Li KERN_PIPE 683Pipe settings. 684The third level names for the integer pipe settings is detailed below. 685The changeable column shows whether a process with appropriate 686privilege may change the value. 687.Bl -column "KERNXPIPEXFOOXXX" "integerXXX" -offset indent 688.It Sy Third level name Type Changeable 689.It KERN\_PIPE\_KVASIZ integer yes 690.It KERN\_PIPE\_MAXBIGPIPES integer yes 691.It KERN\_PIPE\_MAXKVASZ integer yes 692.It KERN\_PIPE\_LIMITKVA integer yes 693.It KERN\_PIPE\_NBIGPIPES integer yes 694.El 695.Pp 696The variables are as follows: 697.Bl -tag -width "123456" 698.It Li KERN_PIPE_KVASIZ 699Amount of kernel memory consumed by pipe buffers. 700.It Li KERN_PIPE_MAXBIGPIPES 701Maximum number of "big" pipes. 702.It Li KERN_PIPE_MAXKVASZ 703Maximum amount of kernel memory to be used for pipes. 704.It Li KERN_PIPE_LIMITKVA 705Limit for direct transfers via page loan. 706.It Li KERN_PIPE_NBIGPIPES 707Number of "big" pipes. 708.El 709.It Li KERN_POSIX1 710The version of ISO/IEC 9945 (POSIX 1003.1) with which the system 711attempts to comply. 712.It Li KERN_POSIX_BARRIERS 713The version of 714.St -p1003.1 715and its 716Barriers 717option to which the system attempts to conform, 718otherwise 0. 719.It Li KERN_POSIX_READER_WRITER_LOCKS 720The version of 721.St -p1003.1 722and its 723Read-Write Locks 724option to which the system attempts to conform, 725otherwise 0. 726.It Li KERN_POSIX_SEMAPHORES 727The version of 728.St -p1003.1 729and its 730Semaphores 731option to which the system attempts to conform, 732otherwise 0. 733.It Li KERN_POSIX_SPIN_LOCKS 734The version of 735.St -p1003.1 736and its 737Spin Locks 738option to which the system attempts to conform, 739otherwise 0. 740.It Li KERN_POSIX_THREADS 741The version of 742.St -p1003.1 743and its 744Threads 745option to which the system attempts to conform, 746otherwise 0. 747.It Li KERN_POSIX_TIMERS 748The version of 749.St -p1003.1 750and its 751Timers 752option to which the system attempts to conform, 753otherwise 0. 754.It Li KERN_PROC 755Return the entire process table, or a subset of it. 756An array of 757.Va struct kinfo_proc 758structures is returned, 759whose size depends on the current number of such objects in the system. 760The third and fourth level names are as follows: 761.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent 762.It Sy Third level name Fourth level is: 763.It KERN\_PROC\_ALL None 764.It KERN\_PROC\_GID A group ID 765.It KERN\_PROC\_PID A process ID 766.It KERN\_PROC\_PGRP A process group 767.It KERN\_PROC\_RGID A real group ID 768.It KERN\_PROC\_RUID A real user ID 769.It KERN\_PROC\_SESSION A session ID 770.It KERN\_PROC\_TTY A tty device 771.It KERN\_PROC\_UID A user ID 772.El 773.It Li KERN_PROC2 774As for KERN_PROC, but an array of 775.Va struct kinfo_proc2 776structures are returned. 777The fifth level name is the size of the 778.Va struct kinfo_proc2 779and the sixth level name is the number of structures to return. 780.It Li KERN_PROC_ARGS 781Return the argv or environment strings (or the number thereof) 782of a process. 783Multiple strings are returned separated by NUL characters. 784The third level name is the process ID. 785The fourth level name is as follows: 786.Bl -column "Third level nameXXXXXX" -offset indent 787.It KERN\_PROC\_ARGV The argv strings 788.It KERN\_PROC\_ENV The environ strings 789.It KERN\_PROC\_NARGV The number of argv strings 790.It KERN\_PROC\_NENV The number of environ strings 791.El 792.It Li KERN_PROF 793Return profiling information about the kernel. 794If the kernel is not compiled for profiling, 795attempts to retrieve any of the KERN_PROF values will 796fail with EOPNOTSUPP. 797The third level names for the string and integer profiling information 798is detailed below. 799The changeable column shows whether a process with appropriate 800privilege may change the value. 801.Bl -column "GPROFXGMONPARAMXXX" "struct gmonparamXXX" -offset indent 802.It Sy Third level name Type Changeable 803.It GPROF\_COUNT u_short[\|] yes 804.It GPROF\_FROMS u_short[\|] yes 805.It GPROF\_GMONPARAM struct gmonparam no 806.It GPROF\_STATE integer yes 807.It GPROF\_TOS struct tostruct yes 808.El 809.Pp 810The variables are as follows: 811.Bl -tag -width "123456" 812.It Li GPROF_COUNT 813Array of statistical program counter counts. 814.It Li GPROF_FROMS 815Array indexed by program counter of call-from points. 816.It Li GPROF_GMONPARAM 817Structure giving the sizes of the above arrays. 818.It Li GPROF_STATE 819Profiling state. 820If set to GMON_PROF_ON, starts profiling. 821If set to GMON_PROF_OFF, stops profiling. 822.It Li GPROF_TOS 823Array of 824.Va struct tostruct 825describing destination of calls and their counts. 826.El 827.It Li KERN_RAWPARTITION 828The raw partition of a disk (a == 0). 829.It Li KERN_ROOT_DEVICE 830The name of the root device (e.g., 831.Dq wd0 ) . 832.It Li KERN_ROOT_PARTITION 833The root partition on the root device (a == 0). 834.It Li KERN_RTC_OFFSET 835Return the offset of real time clock from UTC in minutes. 836.It Li KERN_SAVED_IDS 837Returns 1 if saved set-group and saved set-user ID is available. 838.It Li KERN_SBMAX 839Maximum socket buffer size. 840.It Li KERN_SECURELVL 841The system security level. 842This level may be raised by processes with appropriate privilege. 843It may only be lowered by process 1. 844.It Li KERN_SOMAXKVA 845Maximum amount of kernel memory to be used for socket buffers. 846.It Li KERN_SYNCHRONIZED_IO 847Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available 848on this system, 849otherwise 0. 850.It Li KERN_SYSVIPC_INFO 851Return System V style IPC configuration and run-time information. 852The third level name selects the System V style IPC facility. 853.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent 854.It Sy Third level name Type 855.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info 856.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info 857.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info 858.El 859.Pp 860.Bl -tag -width "123456" 861.It Li KERN_SYSVIPC_MSG_INFO 862Return information on the System V style message facility. 863The 864.Sy msg_sysctl_info 865structure is defined in 866.Aq Pa sys/msg.h . 867.It Li KERN_SYSVIPC_SEM_INFO 868Return information on the System V style semaphore facility. 869The 870.Sy sem_sysctl_info 871structure is defined in 872.Aq Pa sys/sem.h . 873.It Li KERN_SYSVIPC_SHM_INFO 874Return information on the System V style shared memory facility. 875The 876.Sy shm_sysctl_info 877structure is defined in 878.Aq Pa sys/shm.h . 879.El 880.It Li KERN_SYSVMSG 881Returns 1 if System V style message queue functionality is available 882on this system, 883otherwise 0. 884.It Li KERN_SYSVSEM 885Returns 1 if System V style semaphore functionality is available 886on this system, 887otherwise 0. 888.It Li KERN_SYSVSHM 889Returns 1 if System V style share memory functionality is available 890on this system, 891otherwise 0. 892.It Li KERN_TIMEX 893Not available. 894.It Li KERN_TKSTAT 895Return information about the number of characters sent and received 896on ttys. 897The third level names for the tty statistic variables are detailed below. 898The changeable column shows whether a process 899with appropriate privilege may change the value. 900.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent 901.It Sy Third level name Type Changeable 902.It KERN\_TKSTAT\_CANCC quad no 903.It KERN\_TKSTAT\_NIN quad no 904.It KERN\_TKSTAT\_NOUT quad no 905.It KERN\_TKSTAT\_RAWCC quad no 906.El 907.Pp 908The variables are as follows: 909.Bl -tag -width "123456" 910.It Li KERN_TKSTAT_CANCC 911The number of canonical input characters. 912.It Li KERN_TKSTAT_NIN 913The total number of input characters. 914.It Li KERN_TKSTAT_NOUT 915The total number of output characters. 916.It Li KERN_TKSTAT_RAWCC 917The number of raw input characters. 918.El 919.It Li KERN_URND 920Random integer value. 921.It Li KERN_VERIEXEC 922Tunings for Verified Exec. 923Third level names for the veriexec variables are detailed below. 924The changeable column shows whether a process with appropriate 925privilege may change the value or only raise it. 926Only the superuser can modify these variables. 927.Bl -column "VERIEXECXALGORITHMSXXX" "struct integerXXX" -offset indent 928.It Sy Third level name Type Changeable 929.It VERIEXEC\_ALGORITHMS string no 930.It VERIEXEC\_COUNT node not applicable 931.It VERIEXEC\_STRICT integer raise only 932.It VERIEXEC\_VERBOSE integer yes 933.El 934.Pp 935The variables are as follows: 936.Bl -tag -width "123456" 937.It Li VERIEXEC_ALGORITHMS 938Returns a string with the supported algorithms in Verified Exec. 939.It Li VERIEXEC_COUNT 940Variables are added to this node as new hash tables are created to 941contain Verified Exec data for a new device. 942Each variable in the node 943will have a name in the form of 944.No dev_ Ns Aq id 945where 946.Aq id 947is the device id. 948For example, the variable for the root device may be dev_0. 949The value of this 950variable will be the amount of fingerprinted files on the device. 951.It Li VERIEXEC_STRICT 952Controls the strict level of Verified Exec. 953The strict level defines how 954Verified Exec will treat various situations. 955In strict level 0, the system is in learning mode and will only warn about 956fingerprint mismatches, aswell as allow removal of fingerprinted files. 957It is the only level where fingerprints can be loaded. 958In strict level 1, the system is in IDS mode. 959It will deny access to files with mismatched fingerprints. 960In strict level 2, the system is in IPS mode. 961It has all effects of 962strict level 1, plus it will deny write access to monitored files, 963prevent their removal, and enforce access type (direct, indirect, file). 964Strict level 3 operates as lockdown mode. 965It will have all effects of 966strict level 2, but it will also prevent access to non-monitored files. 967Furthermore, it will prevent addition of new files to the system, and 968allow writing only to files opened before the strict level was raised. 969.It Li VERIEXEC_VERBOSE 970Controls the verbosity level of Verified Exec. 971If 0, only the minimal 972indication required will be given about what's happening - fingerprint 973mismatches, removal of entries from the tables, modification of a 974fingerprinted file. 975If 1, more messages will be printed (ie., when a file with a valid 976fingerprint is accessed). 977Verbose level 2 is debug mode. 978.El 979.It Li KERN_VERSION 980The system version string. 981.It Li KERN_VNODE 982Return the entire vnode table. 983Note, the vnode table is not necessarily a consistent snapshot of 984the system. 985The returned data consists of an array whose size depends on the 986current number of such objects in the system. 987Each element of the array contains the kernel address of a vnode 988.Va struct vnode * 989followed by the vnode itself 990.Va struct vnode . 991.El 992.Sh CTL_MACHDEP 993The set of variables defined is architecture dependent. 994Most architectures define at least the following variables. 995.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent 996.It Sy Second level name Type Changeable 997.It Li CPU_CONSDEV dev_t no 998.El 999.Sh CTL_NET 1000The string and integer information available for the CTL_NET level 1001is detailed below. 1002The changeable column shows whether a process with appropriate 1003privilege may change the value. 1004The second and third levels are typically the protocol family and 1005protocol number, though this is not always the case. 1006.Bl -column "Second level nameXXXXXX" "routing messagesXXX" -offset indent 1007.It Sy Second level name Type Changeable 1008.It PF\_ROUTE routing messages no 1009.It PF\_INET IPv4 values yes 1010.It PF\_INET6 IPv6 values yes 1011.It PF\_KEY IPsec key management values yes 1012.El 1013.Pp 1014.Bl -tag -width "123456" 1015.It Li PF_ROUTE 1016Return the entire routing table or a subset of it. 1017The data is returned as a sequence of routing messages (see 1018.Xr route 4 1019for the header file, format and meaning). 1020The length of each message is contained in the message header. 1021.Pp 1022The third level name is a protocol number, which is currently always 0. 1023The fourth level name is an address family, which may be set to 0 to 1024select all address families. 1025The fifth and sixth level names are as follows: 1026.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent 1027.It Sy Fifth level name Sixth level is: 1028.It NET\_RT\_FLAGS rtflags 1029.It NET\_RT\_DUMP None 1030.It NET\_RT\_IFLIST None 1031.El 1032.It Li PF_INET 1033Get or set various global information about the IPv4 1034.Pq Internet Protocol version 4 . 1035The third level name is the protocol. 1036The fourth level name is the variable name. 1037The currently defined protocols and names are: 1038.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 1039.It Sy Protocol name Variable name Type Changeable 1040.It arp down integer yes 1041.It arp keep integer yes 1042.It arp prune integer yes 1043.It arp refresh integer yes 1044.It icmp errppslimit integer yes 1045.It icmp maskrepl integer yes 1046.It icmp rediraccept integer yes 1047.It icmp redirtimeout integer yes 1048.It ip allowsrcrt integer yes 1049.It ip anonportmax integer yes 1050.It ip anonportmin integer yes 1051.It ip checkinterface integer yes 1052.It ip directed-broadcast integer yes 1053.It ip do_loopback_cksum integer yes 1054.It ip forwarding integer yes 1055.It ip forwsrcrt integer yes 1056.It ip gifttl integer yes 1057.It ip grettl integer yes 1058.It ip hostzerobroadcast integer yes 1059.It ip lowportmin integer yes 1060.It ip lowportmax integer yes 1061.It ip maxfragpackets integer yes 1062.It ip mtudisc integer yes 1063.It ip mtudisctimeout integer yes 1064.It ip random_id integer yes 1065.It ip redirect integer yes 1066.It ip subnetsarelocal integer yes 1067.It ip ttl integer yes 1068.It tcp rfc1323 integer yes 1069.It tcp sendspace integer yes 1070.It tcp recvspace integer yes 1071.It tcp mssdflt integer yes 1072.It tcp syn_cache_limit integer yes 1073.It tcp syn_bucket_limit integer yes 1074.It tcp syn_cache_interval integer yes 1075.It tcp init_win integer yes 1076.It tcp init_win_local integer yes 1077.It tcp mss_ifmtu integer yes 1078.It tcp sack integer yes 1079.It tcp win_scale integer yes 1080.It tcp timestamps integer yes 1081.It tcp compat_42 integer yes 1082.It tcp cwm integer yes 1083.It tcp cwm_burstsize integer yes 1084.It tcp ack_on_push integer yes 1085.It tcp keepidle integer yes 1086.It tcp keepintvl integer yes 1087.It tcp keepcnt integer yes 1088.It tcp slowhz integer no 1089.It tcp newreno integer yes 1090.It tcp log_refused integer yes 1091.It tcp rstppslimit integer yes 1092.It tcp ident struct no 1093.It udp checksum integer yes 1094.It udp do_loopback_cksum integer yes 1095.It udp recvspace integer yes 1096.It udp sendspace integer yes 1097.El 1098.Pp 1099The variables are as follows: 1100.Bl -tag -width "123456" 1101.It Li arp.down 1102Failed ARP entry lifetime. 1103.It Li arp.keep 1104Valid ARP entry lifetime. 1105.It Li arp.prune 1106ARP cache pruning interval. 1107.It Li arp.refresh 1108ARP entry refresh interval. 1109.It Li ip.allowsrcrt 1110If set to 1, the host accepts source routed packets. 1111.It Li ip.anonportmax 1112The highest port number to use for TCP and UDP ephemeral port allocation. 1113This cannot be set to less than 1024 or greater than 65535, and must 1114be greater than 1115.Li ip.anonportmin . 1116.It Li ip.anonportmin 1117The lowest port number to use for TCP and UDP ephemeral port allocation. 1118This cannot be set to less than 1024 or greater than 65535. 1119.It Li ip.checkinterface 1120If set to non-zero, the host will reject packets addressed to it 1121that arrive on an interface not bound to that address. 1122Currently, this must be disabled if ipnat is used to translate the 1123destination address to another local interface, or if addresses 1124are added to the loopback interface instead of the interface where 1125the packets for those packets are received. 1126.It Li ip.directed-broadcast 1127If set to 1, enables directed broadcast behavior for the host. 1128.It Li ip.do_loopback_cksum 1129Perform IP checksum on loopback. 1130.It Li ip.forwarding 1131If set to 1, enables IP forwarding for the host, 1132meaning that the host is acting as a router. 1133.It Li ip.forwsrcrt 1134If set to 1, enables forwarding of source-routed packets for the host. 1135This value may only be changed if the kernel security level is less than 1. 1136.It Li ip.gifttl 1137The maximum time-to-live (hop count) value for an IPv4 packet generated by 1138.Xr gif 4 1139tunnel interface. 1140.It Li ip.grettl 1141The maximum time-to-live (hop count) value for an IPv4 packet generated by 1142.Xr gre 4 1143tunnel interface. 1144.It Li ip.hostzerobroadcast 1145All zeroes address is broadcast address. 1146.It Li ip.lowportmax 1147The highest port number to use for TCP and UDP reserved port allocation. 1148This cannot be set to less than 0 or greater than 1024, and must 1149be greater than 1150.Li ip.lowportmin . 1151.It Li ip.lowportmin 1152The lowest port number to use for TCP and UDP reserved port allocation. 1153This cannot be set to less than 0 or greater than 1024, and must 1154be smaller than 1155.Li ip.lowportmax . 1156.It Li ip.maxfragpackets 1157The maximum number of fragmented packets the node will accept. 11580 means that the node will not accept any fragmented packets. 1159\-1 means that the node will accept as many fragmented packets as it receives. 1160The flag is provided basically for avoiding possible DoS attacks. 1161.It Li ip.mtudisc 1162If set to 1, enables Path MTU Discovery (RFC 1191). 1163When Path MTU Discovery is enabled, the transmitted TCP segment 1164size will be determined by the advertised maximum segment size 1165(MSS) from the remote end, as constrained by the path MTU. 1166If MTU Discovery is disabled, the transmitted segment size will 1167never be greater than 1168.Li tcp.mssdflt 1169(the local maximum segment size). 1170.It Li ip.mtudisctimeout 1171The number of seconds in which a route added by the Path MTU 1172Discovery engine will time out. 1173When the route times out, the Path 1174MTU Discovery engine will attempt to probe a larger path MTU. 1175.It Li ip.random_id 1176Assign random ip_id values. 1177.It Li ip.redirect 1178If set to 1, ICMP redirects may be sent by the host. 1179This option is ignored unless the host is routing IP packets, 1180and should normally be enabled on all systems. 1181.It Li ip.subnetsarelocal 1182If set to 1, subnets are to be considered local addresses. 1183.It Li ip.ttl 1184The maximum time-to-live (hop count) value for an IP packet sourced by 1185the system. 1186This value applies to normal transport protocols, not to ICMP. 1187.It Li icmp.errppslimit 1188The variable specifies the maximum number of outgoing ICMP error messages, 1189per second. 1190ICMP error messages that exceeded the value are subject to rate limitation 1191and will not go out from the node. 1192Negative value disables rate limitation. 1193.It Li icmp.maskrepl 1194If set to 1, ICMP network mask requests are to be answered. 1195.It Li icmp.rediraccept 1196If set to non-zero, the host will accept ICMP redirect packets. 1197Note that routers will never accept ICMP redirect packets, 1198and the variable is meaningful on IP hosts only. 1199.It Li icmp.redirtimeout 1200The variable specifies lifetime of routing entries generated by incoming 1201ICMP redirect. 1202This defaults to 600 seconds. 1203.It Li icmp.returndatabytes 1204Number of bytes to return in an ICMP error message. 1205.It Li tcp.ack_on_push 1206If set to 1, TCP is to immediately transmit an ACK upon reception of 1207a packet with PUSH set. 1208This can avoid losing a round trip time in some rare situations, 1209but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1210Use of this option is generally not recommended, but 1211the variable exists in case your configuration really needs it. 1212.It Li tcp.compat_42 1213If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation. 1214Use of this option is not recommended, although it may be 1215required in order to communicate with extremely old TCP implementations. 1216.It Li tcp.cwm 1217If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window 1218Monitoring algorithm. 1219This algorithm prevents line-rate bursts of packets that could 1220otherwise occur when data begins flowing on an idle TCP connection. 1221These line-rate bursts can contribute to network and router congestion. 1222This can be particularly useful on World Wide Web servers 1223which support HTTP/1.1, which has lingering connections. 1224.It Li tcp.cwm_burstsize 1225The Congestion Window Monitoring allowed burst size, in terms 1226of packet count. 1227.It Li tcp.delack_ticks 1228Number of ticks to delay sending an ACK. 1229.It Li tcp.do_loopback_cksum 1230Perform TCP checksum on loopback. 1231.It Li tcp.init_win 1232A value indicating the TCP initial congestion window. 1233If this value is 0, an auto-tuning algorithm designed to use an initial 1234window of approximately 4K bytes is in use. 1235Otherwise, this value indicates a fixed number of packets. 1236.It Li tcp.init_win_local 1237Like 1238.Li tcp.init_win , 1239but used when communicating with hosts on a local network. 1240.It Li tcp.keepcnt 1241Number of keepalive probes sent before declaring a connection dead. 1242If set to zero, there is no limit; 1243keepalives will be sent until some kind of 1244response is received from the peer. 1245.It Li tcp.keepidle 1246Time a connection must be idle before keepalives are sent (if keepalives 1247are enabled for the connection). 1248See also tcp.slowhz. 1249.It Li tcp.keepintvl 1250Time after a keepalive probe is sent until, in the absence of any response, 1251another probe is sent. 1252See also tcp.slowhz. 1253.It Li tcp.log_refused 1254If set to 1, refused TCP connections to the host will be logged. 1255.It Li tcp.mss_ifmtu 1256If set to 1, TCP calculates the outgoing maximum segment size based on 1257the MTU of the appropriate interface. 1258If set to 0, it is calculated based on the greater of the MTU of the 1259interface, and the largest (non-loopback) interface MTU on the system. 1260.It Li tcp.mssdflt 1261The default maximum segment size both advertised to the peer 1262and to use when either the peer does not advertise a maximum segment size to 1263us during connection setup or Path MTU Discovery 1264.Li ( ip.mtudisc ) 1265is disabled. 1266Do not change this value unless you really know what you are doing. 1267.It Li tcp.newreno 1268If set to 1, enables the use of J. 1269Hoe's NewReno congestion control algorithm. 1270This algorithm improves the start-up behavior of TCP connections. 1271.It Li tcp.recvspace 1272The default TCP receive buffer size. 1273.It Li tcp.rfc1323 1274If set to 1, enables RFC 1323 extensions to TCP. 1275.It Li tcp.rstppslimit 1276The variable specifies the maximum number of outgoing TCP RST packets, 1277per second. 1278TCP RST packet that exceeded the value are subject to rate limitation 1279and will not go out from the node. 1280Negative value disables rate limitation. 1281.It Li tcp.sack.enable 1282If set to 1, enables RFC 2018 Selective ACKnowledgement. 1283.It Li tcp.sack.globalholes 1284Global number of TCP SACK holes. 1285.It Li tcp.sack.globalmaxholes 1286Global maximum number of TCP SACK holes. 1287.It Li tcp.sack.maxholes 1288Maximum number of TCP SACK holes allowed per connection. 1289.It Li tcp.sendspace 1290The default TCP send buffer size. 1291.It Li tcp.slowhz 1292The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1293of a clock that ticks tcp.slowhz times per second. 1294(That is, their values 1295must be divided by the tcp.slowhz value to get times in seconds.) 1296.It Li tcp.syn_bucket_limit 1297The maximum number of entries allowed per hash bucket in the TCP 1298compressed state engine. 1299.It Li tcp.syn_cache_limit 1300The maximum number of entries allowed in the TCP compressed state 1301engine. 1302.It Li tcp.timestamps 1303If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1304used for measuring TCP round trip times, are enabled. 1305.It Li tcp.win_scale 1306If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1307for increasing the TCP window size, are enabled. 1308.It Li udp.checksum 1309If set to 1, UDP checksums are being computed. 1310Received non-zero UDP checksums are always checked. 1311Disabling UDP checksums is strongly discouraged. 1312.It Li udp.sendspace 1313The default UDP send buffer size. 1314.It Li udp.recvspace 1315The default UDP receive buffer size. 1316.El 1317.Pp 1318For variables net.*.ipsec, please refer to 1319.Xr ipsec 4 . 1320.It Li PF_INET6 1321Get or set various global information about the IPv6 1322.Pq Internet Protocol version 6 . 1323The third level name is the protocol. 1324The fourth level name is the variable name. 1325The currently defined protocols and names are: 1326.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 1327.It Sy Protocol name Variable name Type Changeable 1328.It icmp6 errppslimit integer yes 1329.It icmp6 mtudisc_hiwat integer yes 1330.It icmp6 mtudisc_lowat integer yes 1331.It icmp6 nd6_debug integer yes 1332.It icmp6 nd6_delay integer yes 1333.It icmp6 nd6_maxnudhint integer yes 1334.It icmp6 nd6_mmaxtries integer yes 1335.It icmp6 nd6_prune integer yes 1336.It icmp6 nd6_umaxtries integer yes 1337.It icmp6 nd6_useloopback integer yes 1338.It icmp6 nodeinfo integer yes 1339.It icmp6 rediraccept integer yes 1340.It icmp6 redirtimeout integer yes 1341.It ip6 accept_rtadv integer yes 1342.It ip6 anonportmax integer yes 1343.It ip6 anonportmin integer yes 1344.It ip6 auto_flowlabel integer yes 1345.It ip6 dad_count integer yes 1346.It ip6 defmcasthlim integer yes 1347.It ip6 forwarding integer yes 1348.It ip6 gifhlim integer yes 1349.It ip6 hlim integer yes 1350.It ip6 hdrnestlimit integer yes 1351.It ip6 kame_version string no 1352.It ip6 keepfaith integer yes 1353.It ip6 log_interval integer yes 1354.It ip6 lowportmax integer yes 1355.It ip6 lowportmin integer yes 1356.It ip6 maxfragpackets integer yes 1357.It ip6 maxfrags integer yes 1358.It ip6 redirect integer yes 1359.It ip6 rr_prune integer yes 1360.It ip6 use_deprecated integer yes 1361.It ip6 v6only integer yes 1362.It udp6 do_loopback_cksum integer yes 1363.It udp6 recvspace integer yes 1364.It udp6 sendspace integer yes 1365.El 1366.Pp 1367The variables are as follows: 1368.Bl -tag -width "123456" 1369.It Li ip6.accept_rtadv 1370If set to non-zero, the node will accept ICMPv6 router advertisement packets 1371and autoconfigures address prefixes and default routers. 1372The node must be a host 1373.Pq not a router 1374for the option to be meaningful. 1375.It Li ip6.anonportmax 1376The highest port number to use for TCP and UDP ephemeral port allocation. 1377This cannot be set to less than 1024 or greater than 65535, and must 1378be greater than 1379.Li ip6.anonportmin . 1380.It Li ip6.anonportmin 1381The lowest port number to use for TCP and UDP ephemeral port allocation. 1382This cannot be set to less than 1024 or greater than 65535. 1383.It Li ip6.auto_flowlabel 1384On connected transport protocol packets, 1385fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1386.It Li ip6.dad_count 1387The variable configures number of IPv6 DAD 1388.Pq duplicated address detection 1389probe packets. 1390The packets will be generated when IPv6 interface addresses are configured. 1391.It Li ip6.defmcasthlim 1392The default hop limit value for an IPv6 multicast packet sourced by the node. 1393This value applies to all the transport protocols on top of IPv6. 1394There are APIs to override the value, as documented in 1395.Xr ip6 4 . 1396.It Li ip6.forwarding 1397If set to 1, enables IPv6 forwarding for the node, 1398meaning that the node is acting as a router. 1399If set to 0, disables IPv6 forwarding for the node, 1400meaning that the node is acting as a host. 1401IPv6 specification defines node behavior for 1402.Dq router 1403case and 1404.Dq host 1405case quite differently, and changing this variable during operation 1406may cause serious trouble. 1407It is recommended to configure the variable at bootstrap time, 1408and bootstrap time only. 1409.It Li ip6.gifhlim 1410The maximum hop limit value for an IPv6 packet generated by 1411.Xr gif 4 1412tunnel interface. 1413.It Li ip6.hdrnestlimit 1414The number of IPv6 extension headers permitted on incoming IPv6 packets. 1415If set to 0, the node will accept as many extension headers as possible. 1416.It Li ip6.hlim 1417The default hop limit value for an IPv6 unicast packet sourced by the node. 1418This value applies to all the transport protocols on top of IPv6. 1419There are APIs to override the value, as documented in 1420.Xr ip6 4 . 1421.It Li ip6.kame_version 1422The string identifies the version of KAME IPv6 stack implemented in the kernel. 1423.It Li ip6.keepfaith 1424If set to non-zero, it enables 1425.Dq FAITH 1426TCP relay IPv6-to-IPv4 translator code in the kernel. 1427Refer 1428.Xr faith 4 1429and 1430.Xr faithd 8 1431for detail. 1432.It Li ip6.log_interval 1433The variable controls amount of logs generated by IPv6 packet 1434forwarding engine, by setting interval between log output 1435.Pq in seconds . 1436.It Li ip6.lowportmax 1437The highest port number to use for TCP and UDP reserved port allocation. 1438This cannot be set to less than 0 or greater than 1024, and must 1439be greater than 1440.Li ip6.lowportmin . 1441.It Li ip6.lowportmin 1442The lowest port number to use for TCP and UDP reserved port allocation. 1443This cannot be set to less than 0 or greater than 1024, and must 1444be smaller than 1445.Li ip6.lowportmax . 1446.It Li ip6.maxfragpackets 1447The maximum number of fragmented packets the node will accept. 14480 means that the node will not accept any fragmented packets. 1449\-1 means that the node will accept as many fragmented packets as it receives. 1450The flag is provided basically for avoiding possible DoS attacks. 1451.It Li ip6.maxfrags 1452The maximum number of fragments the node will accept. 14530 means that the node will not accept any fragments. 1454\-1 means that the node will accept as many fragments as it receives. 1455The flag is provided basically for avoiding possible DoS attacks. 1456.It Li ip6.redirect 1457If set to 1, ICMPv6 redirects may be sent by the node. 1458This option is ignored unless the node is routing IP packets, 1459and should normally be enabled on all systems. 1460.It Li ip6.rr_prune 1461The variable specifies interval between IPv6 router renumbering prefix 1462babysitting, in seconds. 1463.It Li ip6.use_deprecated 1464The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1465.It Li ip6.v6only 1466The variable specifies initial value for 1467.Dv IPV6_V6ONLY 1468socket option for 1469.Dv AF_INET6 1470socket. 1471Please refer to 1472.Xr ip6 4 1473for detail. 1474.It Li icmp6.errppslimit 1475The variable specifies the maximum number of outgoing ICMPv6 error messages, 1476per second. 1477ICMPv6 error messages that exceeded the value are subject to rate limitation 1478and will not go out from the node. 1479Negative value disables rate limitation. 1480.It Li icmp6.mtudisc_hiwat 1481.It Li icmp6.mtudisc_lowat 1482The variables define the maximum number of routing table entries, 1483created due to path MTU discovery 1484.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1485When IPv6 path MTU discovery happens, we keep path MTU information into 1486the routing table. 1487If the number of routing table entries exceed the value, 1488the kernel will not attempt to keep the path MTU information. 1489.Li icmp6.mtudisc_hiwat 1490is used when we have verified ICMPv6 too big messages. 1491.Li icmp6.mtudisc_lowat 1492is used when we have unverified ICMPv6 too big messages. 1493Verification is performed by using address/port pairs kept in connected pcbs. 1494Negative value disables the upper limit. 1495.It Li icmp6.nd6_debug 1496If set to non-zero, kernel IPv6 neighbor discovery code will generate 1497debugging messages. 1498The debug outputs are useful to diagnose IPv6 interoperability issues. 1499The flag must be set to 0 for normal operation. 1500.It Li icmp6.nd6_delay 1501The variable specifies 1502.Dv DELAY_FIRST_PROBE_TIME 1503timing constant in IPv6 neighbor discovery specification 1504.Pq RFC 2461 , 1505in seconds. 1506.It Li icmp6.nd6_maxnudhint 1507IPv6 neighbor discovery permits upper layer protocols to supply reachability 1508hints, to avoid unnecessary neighbor discovery exchanges. 1509The variable defines the number of consecutive hints the neighbor discovery 1510layer will take. 1511For example, by setting the variable to 3, neighbor discovery layer 1512will take 3 consecutive hints in maximum. 1513After receiving 3 hints, neighbor discovery layer will perform 1514normal neighbor discovery process. 1515.It Li icmp6.nd6_mmaxtries 1516The variable specifies 1517.Dv MAX_MULTICAST_SOLICIT 1518constant in IPv6 neighbor discovery specification 1519.Pq RFC 2461 . 1520.It Li icmp6.nd6_prune 1521The variable specifies interval between IPv6 neighbor cache babysitting, 1522in seconds. 1523.It Li icmp6.nd6_umaxtries 1524The variable specifies 1525.Dv MAX_UNICAST_SOLICIT 1526constant in IPv6 neighbor discovery specification 1527.Pq RFC 2461 . 1528.It Li icmp6.nd6_useloopback 1529If set to non-zero, kernel IPv6 stack will use loopback interface for 1530local traffic. 1531.It Li icmp6.nodeinfo 1532The variable enables responses to ICMPv6 node information queries. 1533If you set the variable to 0, responses will not be generated for 1534ICMPv6 node information queries. 1535Since node information queries can have a security impact, it is 1536possible to fine tune which responses should be answered. 1537Two separate bits can be set. 1538.Bl -tag -width "12345" 1539.It 1 1540Respond to ICMPv6 FQDN queries, e.g. 1541.Li ping6 -w . 1542.It 2 1543Respond to ICMPv6 node addresses queries, e.g. 1544.Li ping6 -a . 1545.El 1546.It Li icmp6.rediraccept 1547If set to non-zero, the host will accept ICMPv6 redirect packets. 1548Note that IPv6 routers will never accept ICMPv6 redirect packets, 1549and the variable is meaningful on IPv6 hosts 1550.Pq non-router 1551only. 1552.It Li icmp6.redirtimeout 1553The variable specifies lifetime of routing entries generated by incoming 1554ICMPv6 redirect. 1555.It Li udp6.do_loopback_cksum 1556Perform UDP checksum on loopback. 1557.It Li udp6.recvspace 1558Default UDP receive buffer size. 1559.It Li udp6.sendspace 1560Default UDP send buffer size. 1561.El 1562.Pp 1563We reuse net.*.tcp for 1564.Tn TCP 1565over 1566.Tn IPv6 , 1567and therefore we do not have variables net.*.tcp6. 1568Variables net.inet6.udp6 have identical meaning to net.inet.udp. 1569Please refer to 1570.Li PF_INET 1571section above. 1572For variables net.*.ipsec6, please refer to 1573.Xr ipsec 4 . 1574.It Li PF_KEY 1575Get or set various global information about the IPsec key management. 1576The third level name is the variable name. 1577The currently defined variable and names are: 1578.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent 1579.It Sy Variable name Type Changeable 1580.It debug integer yes 1581.It spi_try integer yes 1582.It spi_min_value integer yes 1583.It spi_max_value integer yes 1584.It larval_lifetime integer yes 1585.It blockacq_count integer yes 1586.It blockacq_lifetime integer yes 1587.It esp_keymin integer yes 1588.It esp_auth integer yes 1589.It ah_keymin integer yes 1590.El 1591The variables are as follows: 1592.Bl -tag -width "123456" 1593.It Li debug 1594Turn on debugging message from within the kernel. 1595The value is a bitmap, as defined in 1596.Pa /usr/include/netkey/key_debug.h . 1597.It Li spi_try 1598The number of times the kernel will try to obtain an unique SPI 1599when it generates it from random number generator. 1600.It Li spi_min_value 1601Minimum SPI value when generating it within the kernel. 1602.It Li spi_max_value 1603Maximum SPI value when generating it within the kernel. 1604.It Li larval_lifetime 1605Lifetime for LARVAL SAD entries, in seconds. 1606.It Li blockacq_count 1607Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 1608It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 1609key management daemon. 1610.It Li blockacq_lifetime 1611Lifetime of ACQUIRE PF_KEY message. 1612.It Li esp_keymin 1613Minimum ESP key length, in bits. 1614The value is used when the kernel creates proposal payload 1615on ACQUIRE PF_KEY message. 1616.It Li esp_auth 1617Whether ESP authentication should be used or not. 1618Non-zero value indicates that ESP authentication should be used. 1619The value is used when the kernel creates proposal payload 1620on ACQUIRE PF_KEY message. 1621.It Li ah_keymin 1622Minimum AH key length, in bits, 1623The value is used when the kernel creates proposal payload 1624on ACQUIRE PF_KEY message. 1625.El 1626.El 1627.Sh CTL_PROC 1628The string and integer information available for the CTL_PROC 1629is detailed below. 1630The changeable column shows whether a process with appropriate 1631privilege may change the value. 1632These values are per-process, 1633and as such may change from one process to another. 1634When a process is created, 1635the default values are inherited from its parent. 1636When a set-user-ID or set-group-ID binary is executed, the 1637value of PROC_PID_CORENAME is reset to the system default value. 1638The second level name is either the magic value PROC_CURPROC, which 1639points to the current process, or the PID of the target process. 1640.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent 1641.It Sy Third level name Type Changeable 1642.It PROC\_PID\_CORENAME string yes 1643.It PROC\_PID\_LIMIT node not applicable 1644.It PROC\_PID\_STOPFORK int yes 1645.It PROC\_PID\_STOPEXEC int yes 1646.It PROC\_PID\_STOPEXIT int yes 1647.El 1648.Bl -tag -width "123456" 1649.Pp 1650.It Li PROC_PID_CORENAME 1651The template used for the core dump file name (see 1652.Xr core 5 1653for details). 1654The base name must either be 1655.Nm core 1656or end with the suffix ``.core'' (the super-user may set arbitrary names). 1657By default it points to KERN_DEFCORENAME. 1658.It Li PROC_PID_LIMIT 1659Return resources limits, as defined for the 1660.Xr getrlimit 2 1661and 1662.Xr setrlimit 2 1663system calls. 1664The fourth level name is one of: 1665.Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA 1666.It Li PROC_PID_LIMIT_CPU 1667The maximum amount of CPU time (in seconds) to be used by each process. 1668.It Li PROC_PID_LIMIT_FSIZE 1669The largest size (in bytes) file that may be created. 1670.It Li PROC_PID_LIMIT_DATA 1671The maximum size (in bytes) of the data segment for a process; 1672this defines how far a program may extend its break with the 1673.Xr sbrk 2 1674system call. 1675.It Li PROC_PID_LIMIT_STACK 1676The maximum size (in bytes) of the stack segment for a process; 1677this defines how far a program's stack segment may be extended. 1678Stack extension is performed automatically by the system. 1679.It Li PROC_PID_LIMIT_CORE 1680The largest size (in bytes) 1681.Pa core 1682file that may be created. 1683.It Li PROC_PID_LIMIT_RSS 1684The maximum size (in bytes) to which a process's resident set size may 1685grow. 1686This imposes a limit on the amount of physical memory to be given to 1687a process; if memory is tight, the system will prefer to take memory 1688from processes that are exceeding their declared resident set size. 1689.It Li PROC_PID_LIMIT_MEMLOCK 1690The maximum size (in bytes) which a process may lock into memory 1691using the 1692.Xr mlock 2 1693function. 1694.It Li PROC_PID_LIMIT_NPROC 1695The maximum number of simultaneous processes for this user id. 1696.It Li PROC_PID_LIMIT_NOFILE 1697The maximum number of open files for this process. 1698.El 1699.Pp 1700The fifth level name is one of PROC_PID_LIMIT_TYPE_SOFT or 1701PROC_PID_LIMIT_TYPE_HARD, to select respectively the soft or hard limit. 1702Both are of type integer. 1703.It Li PROC_PID_STOPFORK 1704If non zero, the process' children will be stopped after 1705.Xr fork 2 1706calls. 1707The children is created in the SSTOP state and is never scheduled 1708for running before being stopped. 1709This feature helps attaching a process with a debugger such as 1710.Xr gdb 1 1711before it had the opportunity to actually do anything. 1712.Pp 1713This value is inherited by the process's children, and it also 1714apply to emulation specific system calls that fork a new process, such as 1715.Fn sproc 1716or 1717.Fn clone . 1718.It Li PROC_PID_STOPEXEC 1719If non zero, the process will be stopped on next 1720.Xr exec 3 1721call. 1722The process created by 1723.Xr exec 3 1724is created in the SSTOP state and is never scheduled for running 1725before being stopped. 1726This feature helps attaching a process with a debugger such as 1727.Xr gdb 1 1728before it had the opportunity to actually do anything. 1729.Pp 1730This value is inherited by the process's children. 1731.It Li PROC_PID_STOPEXIT 1732If non zero, the process will be stopped on when it has cause to exit, 1733either by way of calling 1734.Xr exit 3 , 1735.Xr _exit 2 , 1736or by the receipt of a specific signal. 1737The process is stopped before any of its resources or vm space is 1738released allowing examination of the termination state of a process 1739before it disappears. 1740This feature can be used to examine the final conditions of the 1741process's vmspace via 1742.Xr pmap 1 1743or its resource settings with 1744.Xr sysctl 8 1745before it disappears. 1746.Pp 1747This value is also inherited by the process's children. 1748.El 1749.Sh CTL_USER 1750The string and integer information available for the CTL_USER level 1751is detailed below. 1752The changeable column shows whether a process with appropriate 1753privilege may change the value. 1754.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent 1755.It Sy Second level name Type Changeable 1756.It USER\_BC\_BASE\_MAX integer no 1757.It USER\_BC\_DIM\_MAX integer no 1758.It USER\_BC\_SCALE\_MAX integer no 1759.It USER\_BC\_STRING\_MAX integer no 1760.It USER\_COLL\_WEIGHTS\_MAX integer no 1761.It USER\_CS\_PATH string no 1762.It USER\_EXPR\_NEST\_MAX integer no 1763.It USER\_LINE\_MAX integer no 1764.It USER\_POSIX2\_CHAR\_TERM integer no 1765.It USER\_POSIX2\_C\_BIND integer no 1766.It USER\_POSIX2\_C\_DEV integer no 1767.It USER\_POSIX2\_FORT\_DEV integer no 1768.It USER\_POSIX2\_FORT\_RUN integer no 1769.It USER\_POSIX2\_LOCALEDEF integer no 1770.It USER\_POSIX2\_SW\_DEV integer no 1771.It USER\_POSIX2\_UPE integer no 1772.It USER\_POSIX2\_VERSION integer no 1773.It USER\_RE\_DUP\_MAX integer no 1774.It USER\_STREAM\_MAX integer no 1775.It USER\_TZNAME\_MAX integer no 1776.It USER\_ATEXIT\_MAX integer no 1777.El 1778.Bl -tag -width "123456" 1779.Pp 1780.It Li USER_BC_BASE_MAX 1781The maximum ibase/obase values in the 1782.Xr bc 1 1783utility. 1784.It Li USER_BC_DIM_MAX 1785The maximum array size in the 1786.Xr bc 1 1787utility. 1788.It Li USER_BC_SCALE_MAX 1789The maximum scale value in the 1790.Xr bc 1 1791utility. 1792.It Li USER_BC_STRING_MAX 1793The maximum string length in the 1794.Xr bc 1 1795utility. 1796.It Li USER_COLL_WEIGHTS_MAX 1797The maximum number of weights that can be assigned to any entry of 1798the LC_COLLATE order keyword in the locale definition file. 1799.It Li USER_CS_PATH 1800Return a value for the 1801.Ev PATH 1802environment variable that finds all the standard utilities. 1803.It Li USER_EXPR_NEST_MAX 1804The maximum number of expressions that can be nested within 1805parenthesis by the 1806.Xr expr 1 1807utility. 1808.It Li USER_LINE_MAX 1809The maximum length in bytes of a text-processing utility's input 1810line. 1811.It Li USER_POSIX2_CHAR_TERM 1812Return 1 if the system supports at least one terminal type capable of 1813all operations described in POSIX 1003.2, otherwise 0. 1814.It Li USER_POSIX2_C_BIND 1815Return 1 if the system's C-language development facilities support the 1816C-Language Bindings Option, otherwise 0. 1817.It Li USER_POSIX2_C_DEV 1818Return 1 if the system supports the C-Language Development Utilities Option, 1819otherwise 0. 1820.It Li USER_POSIX2_FORT_DEV 1821Return 1 if the system supports the FORTRAN Development Utilities Option, 1822otherwise 0. 1823.It Li USER_POSIX2_FORT_RUN 1824Return 1 if the system supports the FORTRAN Runtime Utilities Option, 1825otherwise 0. 1826.It Li USER_POSIX2_LOCALEDEF 1827Return 1 if the system supports the creation of locales, otherwise 0. 1828.It Li USER_POSIX2_SW_DEV 1829Return 1 if the system supports the Software Development Utilities Option, 1830otherwise 0. 1831.It Li USER_POSIX2_UPE 1832Return 1 if the system supports the User Portability Utilities Option, 1833otherwise 0. 1834.It Li USER_POSIX2_VERSION 1835The version of POSIX 1003.2 with which the system attempts to comply. 1836.It Li USER_RE_DUP_MAX 1837The maximum number of repeated occurrences of a regular expression 1838permitted when using interval notation. 1839.ne 1i 1840.It Li USER_STREAM_MAX 1841The minimum maximum number of streams that a process may have open 1842at any one time. 1843.It Li USER_TZNAME_MAX 1844The minimum maximum number of types supported for the name of a 1845timezone. 1846.It Li USER_ATEXIT_MAX 1847The maximum number of functions that may be registered with 1848.Xr atexit 3 . 1849.El 1850.Sh CTL_VM 1851The string and integer information available for the CTL_VM level 1852is detailed below. 1853The changeable column shows whether a process with appropriate 1854privilege may change the value. 1855.Bl -column "Second level nameXXXXXX" "struct loadavgXXX" -offset indent 1856.It Sy Second level name Type Changeable 1857.It VM\_ANONMAX int yes 1858.It VM\_ANONMIN int yes 1859.It VM\_BUFCACHE int yes 1860.It VM\_BUFMEM int no 1861.It VM\_BUFMEM_HIWATER int yes 1862.It VM\_BUFMEM_LOWATER int yes 1863.It VM\_EXECMAX int yes 1864.It VM\_EXECMIN int yes 1865.It VM\_FILEMAX int yes 1866.It VM\_FILEMIN int yes 1867.It VM\_LOADAVG struct loadavg no 1868.It VM\_MAXSLP int no 1869.It VM\_METER struct vmtotal no 1870.It VM\_NKMEMPAGES int no 1871.It VM\_USPACE int no 1872.It VM\_UVMEXP struct uvmexp no 1873.It VM\_UVMEXP2 struct uvmexp_sysctl no 1874.El 1875.Pp 1876.Bl -tag -width "123456" 1877.It Li VM_ANONMAX 1878The percentage of physical memory which will be reclaimed 1879from other types of memory usage to store anonymous application data. 1880.It Li VM_ANONMIN 1881The percentage of physical memory which will be always be available for 1882anonymous application data. 1883.It Li VM_BUFCACHE 1884The percentage of kernel memory which will be available 1885for the buffer cache. 1886.It Li VM_BUFMEM 1887The amount of kernel memory that is being used by the buffer cache. 1888.It Li VM_BUFMEM_LOWATER 1889The minimum amount of kernel memory to reserve for the 1890buffer cache. 1891.It Li VM_BUFMEM_HIWATER 1892The maximum amount of kernel memory to be used for the 1893buffer cache. 1894.It Li VM_EXECMAX 1895The percentage of physical memory which will be reclaimed 1896from other types of memory usage to store cached executable data. 1897.It Li VM_EXECMIN 1898The percentage of physical memory which will be always be available for 1899cached executable data. 1900.It Li VM_FILEMAX 1901The percentage of physical memory which will be reclaimed 1902from other types of memory usage to store cached file data. 1903.It Li VM_FILEMIN 1904The percentage of physical memory which will be always be available for 1905cached file data. 1906.It Li VM_LOADAVG 1907Return the load average history. 1908The returned data consists of a 1909.Va struct loadavg . 1910.It Li VM_MAXSLP 1911The value of the maxslp kernel global variable. 1912.It Li VM_METER 1913Return system wide virtual memory statistics. 1914The returned data consists of a 1915.Va struct vmtotal . 1916.It Li VM_USPACE 1917The number of bytes allocated for each kernel stack. 1918.It Li VM_UVMEXP 1919Return system wide virtual memory statistics. 1920The returned data consists of a 1921.Va struct uvmexp . 1922.It Li VM_UVMEXP2 1923Return system wide virtual memory statistics. 1924The returned data consists of a 1925.Va struct uvmexp_sysctl . 1926.El 1927.Sh CTL_DDB 1928The integer information available for the CTL_DDB level is detailed below. 1929The changeable column shows whether a process with appropriate 1930privilege may change the value. 1931.Bl -column "DBCTL_TABSTOPSXXX" "integerXXX" -offset indent 1932.It Sy Second level name Type Changeable 1933.It DBCTL\_RADIX integer yes 1934.It DBCTL\_MAXOFF integer yes 1935.It DBCTL\_LINES integer yes 1936.It DBCTL\_TABSTOPS integer yes 1937.It DBCTL\_ONPANIC integer yes 1938.It DBCTL\_FROMCONSOLE integer yes 1939.El 1940.Pp 1941.Bl -tag -width "123456" 1942.It Li DBCTL_RADIX 1943The input and output radix. 1944.It Li DBCTL_MAXOFF 1945The maximum symbol offset. 1946.It Li DBCTL_LINES 1947Number of display lines. 1948.It Li DBCTL_TABSTOPS 1949Tab width. 1950.It Li DBCTL_ONPANIC 1951If non-zero, DDB will be entered when the kernel panics. 1952.It Li DBCTL_FROMCONSOLE 1953If not zero, DDB may be entered by sending a break on a serial 1954console or by a special key sequence on a graphics console. 1955.El 1956.Pp 1957These MIB nodes are also available as variables from within the DDB. 1958See 1959.Xr ddb 4 1960for more details. 1961.Sh CTL_SECURITY 1962The security level contains various security-related settings for 1963the system. Available settings are detailed below. 1964.Bl -column "SECURITY_CURTAIN" "integerXXX" -offset indent 1965.It Sy Second level name Type Changeable 1966.It SECURITY_CURTAIN integer yes 1967.El 1968.Pp 1969.Bl -tag -width "123456" 1970.It Li SECURITY_CURTAIN 1971If non-zero, will filter return objects according to the user-id 1972requesting information about them, preventing from users any 1973access to objects they don't own. 1974.Pp 1975At the moment, it affects 1976.Xr ps 1 , 1977.Xr netstat 1 1978(for 1979.Dv PF_INET , 1980.Dv PF_INET6 , 1981and 1982.Dv PF_UNIX 1983PCBs), and 1984.Xr w 1 . 1985.El 1986.Sh CTL_VENDOR 1987The "vendor" toplevel name is reserved to be used by vendors who wish to 1988have their own private MIB tree. 1989Intended use is to store values under 1990.Dq vendor.\*[Lt]yourname\*[Gt].* . 1991.Sh DYNAMIC OPERATIONS 1992Several meta-identifiers are provided to perform operations on the 1993.Nm 1994tree itself, or support alternate means of accessing the data 1995instrumented by the 1996.Nm 1997tree. 1998.Bl -column CTLXCREATESYMXXX 1999.It Sy Name Description 2000.It CTL\_QUERY Retrieve a mapping of names to numbers below a given node 2001.It CTL\_CREATE Create a new node 2002.It CTL\_CREATESYM Create a new node by its kernel symbol 2003.It CTL\_DESTROY Destroy a node 2004.It CTL\_DESCRIBE Retrieve node descriptions 2005.El 2006.Pp 2007The core interface to all of these meta-functions is the structure 2008that the kernel uses to describe the tree internally, as defined in 2009.Aq Pa sys/sysctl.h 2010as: 2011.Pp 2012.Bd -literal 2013struct sysctlnode { 2014 uint32_t sysctl_flags; /* flags and type */ 2015 int32_t sysctl_num; /* mib number */ 2016 char sysctl_name[SYSCTL_NAMELEN]; /* node name */ 2017 uint32_t sysctl_ver; /* node's version vs. rest of tree */ 2018 uint32_t __rsvd; 2019 union { 2020 struct { 2021 uint32_t suc_csize; /* size of child node array */ 2022 uint32_t suc_clen; /* number of valid children */ 2023 struct sysctlnode* suc_child; /* array of child nodes */ 2024 } scu_child; 2025 struct { 2026 void *sud_data; /* pointer to external data */ 2027 size_t sud_offset; /* offset to data */ 2028 } scu_data; 2029 int32_t scu_alias; /* node this node refers to */ 2030 int32_t scu_idata; /* immediate "int" data */ 2031 u_quad_t scu_qdata; /* immediate "u_quad_t" data */ 2032 } sysctl_un; 2033 size_t _sysctl_size; /* size of instrumented data */ 2034 sysctlfn _sysctl_func; /* access helper function */ 2035 struct sysctlnode *sysctl_parent; /* parent of this node */ 2036 const char *sysctl_desc; /* description of node */ 2037}; 2038 2039#define sysctl_csize sysctl_un.scu_child.suc_csize 2040#define sysctl_clen sysctl_un.scu_child.suc_clen 2041#define sysctl_child sysctl_un.scu_child.suc_child 2042#define sysctl_data sysctl_un.scu_data.sud_data 2043#define sysctl_offset sysctl_un.scu_data.sud_offset 2044#define sysctl_alias sysctl_un.scu_alias 2045#define sysctl_idata sysctl_un.scu_idata 2046#define sysctl_qdata sysctl_un.scu_qdata 2047.Ed 2048.Pp 2049Querying the tree to discover the name to number mapping permits 2050dynamic discovery of all the data that the tree currently has 2051instrumented. 2052For example, to discover all the nodes below the 2053CTL_VFS node: 2054.Pp 2055.Bd -literal -offset indent -compact 2056struct sysctlnode query, vfs[128]; 2057int mib[2]; 2058size_t len; 2059.sp 2060mib[0] = CTL_VFS; 2061mib[1] = CTL_QUERY; 2062memset(\*[Am]query, 0, sizeof(query)); 2063query.sysctl_flags = SYSCTL_VERSION; 2064len = sizeof(vfs); 2065sysctl(mib, 2, \*[Am]vfs[0], \*[Am]len, \*[Am]query, sizeof(query)); 2066.Ed 2067.Pp 2068Note that a reference to an empty node with 2069.Fa sysctl_flags 2070set to 2071.Dv SYSCTL_VERSION 2072is passed to sysctl in order to indicate the version that the program 2073is using. 2074All dynamic operations passing nodes into sysctl require that the 2075version be explicitly specified. 2076.Pp 2077Creation and destruction of nodes works by constructing part of a new 2078node description (or a description of the existing node) and invoking 2079CTL_CREATE (or CTL_CREATESYM) or CTL_DESTROY at the parent of the new 2080node, with a pointer to the new node passed via the 2081.Fa new 2082and 2083.Fa newlen 2084arguments. 2085If valid values for 2086.Fa old 2087and 2088.Fa oldlenp 2089are passed, a copy of the new node once in the tree will be returned. 2090If the create operation fails because a node with the same name or MIB 2091number exists, a copy of the conflicting node will be returned. 2092.Pp 2093The minimum requirements for creating a node are setting the 2094.Fa sysctl_flags 2095to indicate the new node's type, 2096.Fa sysctl_num 2097to either the new node's number (or CTL_CREATE or CTL_CREATESYM if a 2098dynamically allocated MIB number is acceptable), 2099.Fa sysctl_size 2100to the size of the data to be instrumented (which must agree with the 2101given type), and 2102.Fa sysctl_name 2103must be set to the new node's name. 2104Nodes that are not of type 2105.Dq node 2106must also have some description of the data to be instrumented, which 2107will vary depending on what is to be instrumented. 2108.Pp 2109If existing kernel data is to be covered by this new node, its address 2110should be given in 2111.Fa sysctl_data 2112or, if CTL_CREATESYM is used, 2113.Fa sysctl_data 2114should be set to a string containing its name from the kernel's symbol 2115table. 2116If new data is to be instrumented and an initial value is available, 2117the new integer or quad type data should be placed into either 2118.Fa sysctl_idata 2119or 2120.Fa sysctl_qdata , 2121respectively, along with the SYSCTL_IMMEDIATE flag being set, or 2122.Fa sysctl_data 2123should be set to point to a copy of the new data, and the 2124SYSCTL_OWNDATA flag must be set. 2125This latter method is the only way that new string and struct type 2126nodes can be initialized. 2127Invalid kernel addresses are accepted, but any attempt to access those 2128nodes will return an error. 2129.Pp 2130The 2131.Fa sysctl_csize , 2132.Fa sysctl_clen , 2133.Fa sysctl_child , 2134.Fa sysctl_parent , 2135and 2136.Fa sysctl_alias 2137members are used by the kernel to link the tree together and must be 2138.Dv NULL 2139or 0. 2140Nodes created in this manner cannot have helper functions, so 2141.Fa sysctl_func 2142must also be 2143.Dv NULL . 2144If the 2145.Fa sysctl_ver 2146member is non-zero, it must match either the version of the parent or 2147the version at the root of the MIB or an error is returned. 2148This can be used to ensure that nodes are only added or removed from a 2149known state of the tree. 2150Note: It may not be possible to determine the version at the root 2151of the tree. 2152.Pp 2153This example creates a new subtree and adds a node to it that controls the 2154.Fa audiodebug 2155kernel variable, thereby making it tunable at at any time, without 2156needing to use 2157.Xr ddb 4 2158or 2159.Xr kvm 3 2160to alter the kernel's memory directly. 2161.Pp 2162.Bd -literal -offset indent -compact 2163struct sysctlnode node; 2164int mib[2]; 2165size_t len; 2166.sp 2167mib[0] = CTL_CREATE; /* create at top-level */ 2168len = sizeof(node); 2169memset(\*[Am]node, 0, len); 2170node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_NODE; 2171snprintf(node.sysctl_name, sizeof(node.sysctl_name), "local"); 2172node.sysctl_num = CTL_CREATE; /* request dynamic MIB number */ 2173sysctl(\*[Am]mib[0], 1, \*[Am]node, \*[Am]len, \*[Am]node, len); 2174.sp 2175mib[0] = node.sysctl_num; /* use new MIB number */ 2176mib[1] = CTL_CREATESYM; /* create at second level */ 2177len = sizeof(node); 2178memset(\*[Am]node, 0, len); 2179node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_INT; 2180snprintf(node.sysctl_name, sizeof(node.sysctl_name), "audiodebug"); 2181node.sysctl_num = CTL_CREATE; 2182node.sysctl_data = "audiodebug"; /* kernel symbol to be used */ 2183sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 2184.Ed 2185.Pp 2186The process for deleting nodes is similar, but less data needs to 2187be supplied. 2188Only the 2189.Fa sysctl_num 2190field 2191needs to be filled in; almost all other fields must be left blank. 2192The 2193.Fa sysctl_name 2194and/or 2195.Fa sysctl_ver 2196fields can be filled in with the name and version of the existing node 2197as additional checks on what will be deleted. 2198If all the given data fail to match any node, nothing will be deleted. 2199If valid values for 2200.Fa old 2201and 2202.Fa oldlenp 2203are supplied and a node is deleted, a copy of what was in the MIB tree 2204will be returned. 2205.Pp 2206This sample code shows the deletion of the two nodes created in the 2207above example: 2208.Pp 2209.Bd -literal -offset indent -compact 2210int mib[2]; 2211.sp 2212len = sizeof(node); 2213memset(\*[Am]node, 0, len); 2214node.sysctl_flags = SYSCTL_VERSION; 2215.sp 2216mib[0] = 3214; /* assumed number for "local" */ 2217mib[1] = CTL_DESTROY; 2218node.sysctl_num = 3215; /* assumed number for "audiodebug" */ 2219sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 2220.sp 2221mib[0] = CTL_DESTROY; 2222node.sysctl_num = 3214; /* now deleting "local" */ 2223sysctl(\*[Am]mib[0], 1, NULL, NULL, \*[Am]node, len); 2224.Ed 2225.Pp 2226Descriptions of each of the nodes can also be retrieved, if they are 2227available. 2228Descriptions can be retrieved in bulk at each level or on a per-node 2229basis. 2230The layout of the buffer into which the descriptions are returned is a 2231series of variable length structures, each of which describes its own 2232size. 2233The length indicated includes the terminating 2234.Sq nul 2235character. 2236Nodes that have no description or where the description is not 2237available are indicated by an empty string. 2238The 2239.Fa descr_ver 2240will match the 2241.Fa sysctl_ver 2242value for a given node, so that descriptions for nodes whose number 2243have been recycled can be detected and ignored or discarded. 2244.Pp 2245.Bd -literal 2246struct sysctldesc { 2247 int32_t descr_num; /* mib number of node */ 2248 uint32_t descr_ver; /* version of node */ 2249 uint32_t descr_len; /* length of description string */ 2250 char descr_str[1]; /* not really 1...see above */ 2251}; 2252.Ed 2253.Pp 2254The 2255.Fn NEXT_DESCR 2256macro can be used to skip to the next description in the retrieved 2257list. 2258.Pp 2259.Bd -literal -offset indent -compact 2260struct sysctlnode desc; 2261struct sysctldesc *d; 2262char buf[1024]; 2263int mib[2]; 2264size_t len; 2265.sp 2266/* retrieve kern-level descriptions */ 2267mib[0] = CTL_KERN; 2268mib[1] = CTL_DESCRIBE; 2269d = (struct sysctldesc *)\*[Am]buf[0]; 2270len = sizeof(buf); 2271sysctl(mib, 2, d, \*[Am]len, NULL, 0); 2272while ((caddr_t)d \*[Lt] (caddr_t)\*[Am]buf[len]) { 2273 printf("node %d: %.*s\\n", d-\*[Gt]descr_num, d-\*[Gt]descr_len, 2274 d-\*[Gt]descr_str); 2275 d = NEXT_DESCR(d); 2276} 2277.sp 2278/* retrieve description for kern.securelevel */ 2279memset(\*[Am]desc, 0, sizeof(desc)); 2280desc.sysctl_flags = SYSCTL_VERSION; 2281desc.sysctl_num = KERN_SECURELEVEL; 2282d = (struct sysctldesc *)\*[Am]buf[0]; 2283len = sizeof(buf); 2284sysctl(mib, 2, d, \*[Am]len, \*[Am]desc, sizeof(desc)); 2285printf("kern.securelevel: %.*s\\n", d-\*[Gt]descr_len, d-\*[Gt]descr_str); 2286.Ed 2287.Pp 2288Descriptions can also be set as follows, subject to the following rules: 2289.Pp 2290.Bl -bullet -compact 2291.It 2292The kernel securelevel is at zero or lower 2293.It 2294The caller has super-user privileges 2295.It 2296The node does not currently have a description 2297.It 2298The node is not marked as 2299.Dq permanent 2300.El 2301.Pp 2302.Bd -literal -offset indent -compact 2303struct sysctlnode desc; 2304int mib[2]; 2305.sp 2306/* presuming the given top-level node was just added... */ 2307mib[0] = 3214; /* mib numbers taken from previous examples */ 2308mib[1] = CTL_DESCRIBE; 2309memset(\*[Am]desc, 0, sizeof(desc)); 2310desc.sysctl_flags = SYSCTL_VERSION; 2311desc.sysctl_num = 3215; 2312desc.sysctl_desc = "audio debug control knob"; 2313sysctl(mib, 2, NULL, NULL, \*[Am]desc, sizeof(desc)); 2314.Ed 2315.Pp 2316Upon successfully setting a description, the new description will be 2317returned in the space indicated by the 2318.Fa oldp 2319and 2320.Fa oldlenp 2321arguments. 2322.Pp 2323The 2324.Fa sysctl_flags 2325field in the struct sysctlnode contains the sysctl version, node type 2326information, and a number of flags. 2327The macros 2328.Fn SYSCTL_VERS , 2329.Fn SYSCTL_TYPE , 2330and 2331.Fn SYSCTL_FLAGS 2332can be used to access the different fields. 2333Valid flags are: 2334.Bl -column CTLFLAGXPERMANENTXXX 2335.It Sy Name Description 2336.It CTLFLAG\_READONLY Node is read-only 2337.It CTLFLAG\_READONLY1 Node becomes read-only at securelevel 1 2338.It CTLFLAG\_READONLY2 Node becomes read-only at securelevel 2 2339.It CTLFLAG\_READWRITE Node is writable by the superuser 2340.It CTLFLAG\_ANYWRITE Node is writable by anyone 2341.It CTLFLAG\_PRIVATE Node is readable only by the superuser 2342.It CTLFLAG\_PERMANENT Node cannot be removed (cannot be set by 2343processes) 2344.It CTLFLAG\_OWNDATA Node owns data and does not instrument 2345existing data 2346.It CTLFLAG\_IMMEDIATE Node contains instrumented data and does not 2347instrument existing data 2348.It CTLFLAG\_HEX Node's contents should be displayed in a hexadecimal 2349form 2350.It CTLFLAG\_ROOT Node is the root of a tree (cannot be set at 2351any time) 2352.It CTLFLAG\_ANYNUMBER Node matches any MIB number (cannot be set by 2353processes) 2354.It CTLFLAG\_HIDDEN Node not displayed by default 2355.It CTLFLAG\_ALIAS Node refers to a sibling node (cannot be set 2356by processes) 2357.It CTLFLAG\_OWNDESC Node owns its own description string space 2358.El 2359.Sh RETURN VALUES 2360If the call to 2361.Nm 2362is successful, the number of bytes copied out is returned. 2363Otherwise \-1 is returned and 2364.Va errno 2365is set appropriately. 2366.Sh FILES 2367.Bl -tag -width \*[Lt]netinet6/udp6Xvar.h\*[Gt] -compact 2368.It Aq Pa sys/sysctl.h 2369definitions for top level identifiers, second level kernel and hardware 2370identifiers, and user level identifiers 2371.It Aq Pa sys/socket.h 2372definitions for second level network identifiers 2373.It Aq Pa sys/gmon.h 2374definitions for third level profiling identifiers 2375.It Aq Pa uvm/uvm_param.h 2376definitions for second level virtual memory identifiers 2377.It Aq Pa netinet/in.h 2378definitions for third level IPv4/v6 identifiers and 2379fourth level IPv4/v6 identifiers 2380.It Aq Pa netinet/icmp_var.h 2381definitions for fourth level ICMP identifiers 2382.It Aq Pa netinet/icmp6.h 2383definitions for fourth level ICMPv6 identifiers 2384.It Aq Pa netinet/tcp_var.h 2385definitions for fourth level TCP identifiers 2386.It Aq Pa netinet/udp_var.h 2387definitions for fourth level UDP identifiers 2388.It Aq Pa netinet6/udp6_var.h 2389definitions for fourth level IPv6 UDP identifiers 2390.It Aq Pa netinet6/ipsec.h 2391definitions for fourth level IPsec identifiers 2392.It Aq Pa netkey/key_var.h 2393definitions for third level PF_KEY identifiers 2394.It Aq Pa machine/cpu.h 2395definitions for second level machdep identifiers 2396.El 2397.Sh ERRORS 2398The following errors may be reported: 2399.Bl -tag -width Er 2400.It Bq Er EFAULT 2401The buffer 2402.Fa name , 2403.Fa oldp , 2404.Fa newp , 2405or length pointer 2406.Fa oldlenp 2407contains an invalid address, or the requested value is temporarily 2408unavailable. 2409.It Bq Er EINVAL 2410The 2411.Fa name 2412array is zero or greater than CTL_MAXNAME. 2413.It Bq Er EINVAL 2414A non-null 2415.Fa newp 2416is given and its specified length in 2417.Fa newlen 2418is too large or too small, or the given value is not acceptable for 2419the given node. 2420.It Bq Er ENOMEM 2421The length pointed to by 2422.Fa oldlenp 2423is too short to hold the requested value. 2424.It Bq Er EISDIR 2425The 2426.Fa name 2427array specifies an intermediate rather than terminal name. 2428.It Bq Er ENOTDIR 2429The 2430.Fa name 2431array specifies a node below a node that addresses data. 2432.It Bq Er ENOENT 2433The 2434.Fa name 2435array specifies a node that does not exist in the tree. 2436.It Bq Er ENOENT 2437An attempt was made to destroy a node that does not exist, or to 2438create or destroy a node below a node that does not exist. 2439.It Bq Er ENOTEMPTY 2440An attempt was made to destroy a node that still has children. 2441.It Bq Er EOPNOTSUPP 2442The 2443.Fa name 2444array specifies a value that is unknown or a meta-operation was 2445attempted that the requested node does not support. 2446.It Bq Er EPERM 2447An attempt is made to set a read-only value. 2448.It Bq Er EPERM 2449A process without appropriate privilege attempts to set a value or to 2450create or destroy a node. 2451.It Bq Er EPERM 2452An attempt to change a value protected by the current kernel security 2453level is made. 2454.El 2455.Sh SEE ALSO 2456.Xr ipsec 4 , 2457.Xr tcp 4 , 2458.Xr sysctl 8 2459.\" .Xr sysctl 9 2460.Sh HISTORY 2461The 2462.Nm 2463function first appeared in 2464.Bx 4.4 . 2465