1.\" $NetBSD: sysctl.3,v 1.108 2003/02/02 20:33:07 kleink Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the University of 17.\" California, Berkeley and its contributors. 18.\" 4. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 35.\" 36.Dd February 2, 2003 37.Dt SYSCTL 3 38.Os 39.Sh NAME 40.Nm sysctl 41.Nd get or set system information 42.Sh LIBRARY 43.Lb libc 44.Sh SYNOPSIS 45.Fd #include \*[Lt]sys/param.h\*[Gt] 46.Fd #include \*[Lt]sys/sysctl.h\*[Gt] 47.Ft int 48.Fn sysctl "int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" "void *newp" "size_t newlen" 49.Sh DESCRIPTION 50The 51.Nm 52function retrieves system information and allows processes with 53appropriate privileges to set system information. 54The information available from 55.Nm 56consists of integers, strings, and tables. 57Information may be retrieved and set from the command interface 58using the 59.Xr sysctl 8 60utility. 61.Pp 62Unless explicitly noted below, 63.Nm 64returns a consistent snapshot of the data requested. 65Consistency is obtained by locking the destination 66buffer into memory so that the data may be copied out without blocking. 67Calls to 68.Nm 69are serialized to avoid deadlock. 70.Pp 71The state is described using a ``Management Information Base'' (MIB) 72style name, listed in 73.Fa name , 74which is a 75.Fa namelen 76length array of integers. 77.Pp 78The information is copied into the buffer specified by 79.Fa oldp . 80The size of the buffer is given by the location specified by 81.Fa oldlenp 82before the call, 83and that location gives the amount of data copied after a successful call. 84If the amount of data available is greater 85than the size of the buffer supplied, 86the call supplies as much data as fits in the buffer provided 87and returns with the error code ENOMEM. 88If the old value is not desired, 89.Fa oldp 90and 91.Fa oldlenp 92should be set to 93.Dv NULL . 94.Pp 95The size of the available data can be determined by calling 96.Nm 97with a 98.Dv NULL 99parameter for 100.Fa oldp . 101The size of the available data will be returned in the location pointed to by 102.Fa oldlenp . 103For some operations, the amount of space may change often. 104For these operations, 105the system attempts to round up so that the returned size is 106large enough for a call to return the data shortly thereafter. 107.Pp 108To set a new value, 109.Fa newp 110is set to point to a buffer of length 111.Fa newlen 112from which the requested value is to be taken. 113If a new value is not to be set, 114.Fa newp 115should be set to 116.Dv NULL 117and 118.Fa newlen 119set to 0. 120.Pp 121The top level names are defined with a CTL_ prefix in 122.Pa Aq sys/sysctl.h , 123and are as follows. 124The next and subsequent levels down are found in the include files 125listed here, and described in separate sections below. 126.Pp 127.Bl -column CTLXMACHDEPXXX "Next level namesXXXXXX" -offset indent 128.It Sy Pa Name Next level names Description 129.It CTL\_KERN sys/sysctl.h High kernel limits 130.It CTL\_VM uvm/uvm_param.h Virtual memory 131.It CTL\_VFS sys/mount.h Filesystem 132.It CTL\_NET sys/socket.h Networking 133.It CTL\_DEBUG sys/sysctl.h Debugging 134.It CTL\_HW sys/sysctl.h Generic CPU, I/O 135.It CTL\_MACHDEP sys/sysctl.h Machine dependent 136.It CTL\_USER sys/sysctl.h User-level 137.It CTL\_DDB sys/sysctl.h In-kernel debugger 138.It CTL\_PROC sys/sysctl.h Per-process 139.It CTL\_VENDOR ? Vendor specific 140.El 141.Pp 142For example, the following retrieves the maximum number of processes allowed 143in the system: 144.Bd -literal -offset indent -compact 145int mib[2], maxproc; 146size_t len; 147.sp 148mib[0] = CTL_KERN; 149mib[1] = KERN_MAXPROC; 150len = sizeof(maxproc); 151sysctl(mib, 2, \*[Am]maxproc, \*[Am]len, NULL, 0); 152.Ed 153.sp 154To retrieve the standard search path for the system utilities: 155.Bd -literal -offset indent -compact 156int mib[2]; 157size_t len; 158char *p; 159.sp 160mib[0] = CTL_USER; 161mib[1] = USER_CS_PATH; 162sysctl(mib, 2, NULL, \*[Am]len, NULL, 0); 163p = malloc(len); 164sysctl(mib, 2, p, \*[Am]len, NULL, 0); 165.Ed 166.Sh CTL_DEBUG 167The debugging variables vary from system to system. 168A debugging variable may be added or deleted without need to recompile 169.Nm 170to know about it. 171Each time it runs, 172.Nm 173gets the list of debugging variables from the kernel and 174displays their current values. 175The system defines twenty 176.Va ( struct ctldebug ) 177variables named 178.Dv debug0 179through 180.Dv debug19 . 181They are declared as separate variables so that they can be 182individually initialized at the location of their associated variable. 183The loader prevents multiple use of the same variable by issuing errors 184if a variable is initialized in more than one place. 185For example, to export the variable 186.Dv dospecialcheck 187as a debugging variable, the following declaration would be used: 188.Bd -literal -offset indent -compact 189int dospecialcheck = 1; 190struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; 191.Ed 192.Sh CTL_VFS 193A distinguished second level name, VFS_GENERIC, 194is used to get general information about all filesystems. 195One of its third level identifiers is VFS_MAXTYPENUM 196that gives the highest valid filesystem type number. 197Its other third level identifier is VFS_CONF that 198returns configuration information about the filesystem 199type given as a fourth level identifier. 200The remaining second level identifiers are the 201filesystem type number returned by a 202.Xr statfs 2 203call or from VFS_CONF. 204The third level identifiers available for each filesystem 205are given in the header file that defines the mount 206argument structure for that filesystem. 207.Sh CTL_HW 208The string and integer information available for the CTL_HW level 209is detailed below. 210The changeable column shows whether a process with appropriate 211privilege may change the value. 212.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent 213.It Sy Pa Second level name Type Changeable 214.It HW\_MACHINE string no 215.It HW\_MODEL string no 216.It HW\_NCPU integer no 217.It HW\_BYTEORDER integer no 218.It HW\_PHYSMEM integer no 219.It HW\_USERMEM integer no 220.It HW\_PAGESIZE integer no 221.\".It HW\_DISKNAMES struct no 222.\".It HW\_DISKSTATS struct no 223.It HW\_MACHINE\_ARCH string no 224.It HW\_ALIGNBYTES integer no 225.It HW\_DISKNAMES string no 226.It HW\_DISKSTATS struct disk_sysctl no 227.El 228.Pp 229.Bl -tag -width "123456" 230.It Li HW_MACHINE 231The machine class. 232.It Li HW_MODEL 233The machine model 234.It Li HW_NCPU 235The number of cpus. 236.ne 1i 237.It Li HW_BYTEORDER 238The byteorder (4,321, or 1,234). 239.It Li HW_PHYSMEM 240The bytes of physical memory. 241.It Li HW_USERMEM 242The bytes of non-kernel memory. 243.It Li HW_PAGESIZE 244The software page size. 245.It Li HW_DISKNAMES 246The list of (space separated) disk device names on the system. 247.It Li HW_DISKSTATS 248Return statistical information on the disk devices on the system. 249An array of 250.Va struct disk_sysctl 251structures is returned, 252whose size depends on the current number of such objects in the system. 253The third level name is the size of the 254.Va struct disk_sysctl . 255.It Li HW_MACHINE_ARCH 256The machine cpu class. 257.It Li HW_ALIGNBYTES 258Alignment constraint for all possible data types. 259This shows the value 260.Dv ALIGNBYTES 261in 262.Pa /usr/include/machine/param.h , 263at the kernel compilation time. 264.El 265.Sh CTL_KERN 266The string and integer information available for the CTL_KERN level 267is detailed below. 268The changeable column shows whether a process with appropriate 269privilege may change the value. 270The types of data currently available are process information, 271system vnodes, the open file entries, routing table entries, 272virtual memory statistics, load average history, and clock rate 273information. 274.Bl -column "KERNXCHOWNXRESTRICTEDXXXXXX" "struct clockrateXXX" -offset indent 275.It Sy Pa Second level name Type Changeable 276.It KERN\_ARGMAX integer no 277.It KERN\_AUTONICETIME integer yes 278.It KERN\_AUTONICEVAL integer yes 279.It KERN\_BOOTTIME struct timeval no 280.It KERN\_CCPU integer no 281.It KERN\_CLOCKRATE struct clockinfo no 282.It KERN\_CP\_TIME long[\|] no 283.It KERN\_DEFCORENAME string yes 284.It KERN\_DOMAINNAME string yes 285.It KERN\_FILE struct file no 286.It KERN\_FORKFSLEEP integer yes 287.It KERN\_FSCALE integer no 288.It KERN\_FSYNC integer no 289.It KERN\_HOSTID integer yes 290.It KERN\_HOSTNAME string yes 291.It KERN\_IOV\_MAX integer no 292.It KERN\_JOB\_CONTROL integer no 293.It KERN\_LABELOFFSET integer no 294.It KERN\_LABELSECTOR integer no 295.It KERN\_LOGIN\_NAME\_MAX integer no 296.It KERN\_LOGSIGEXIT integer yes 297.It KERN\_MAPPED\_FILES integer no 298.It KERN\_MAXFILES integer yes 299.It KERN\_MAXPARTITIONS integer no 300.It KERN\_MAXPROC integer yes 301.It KERN\_MAXPTYS integer yes 302.It KERN\_MAXVNODES integer yes 303.It KERN\_MBUF node not applicable 304.It KERN\_MEMLOCK integer no 305.It KERN\_MEMLOCK\_RANGE integer no 306.It KERN\_MEMORY\_PROTECTION integer no 307.It KERN\_MONOTONIC\_CLOCK integer no 308.It KERN\_MSGBUF char[\|] no 309.It KERN\_MSGBUFSIZE integer no 310.It KERN\_NGROUPS integer no 311.It KERN\_NTPTIME struct ntptimeval no 312.It KERN\_OSRELEASE string no 313.It KERN\_OSREV integer no 314.It KERN\_OSTYPE string no 315.It KERN\_POSIX1 integer no 316.It KERN\_POSIX\_BARRIERS integer no 317.It KERN\_POSIX\_READER\_WRITER\_LOCKS integer no 318.It KERN\_POSIX\_SEMAPHORES integer no 319.It KERN\_POSIX\_SPIN\_LOCKS integer no 320.It KERN\_POSIX\_THREADS integer no 321.It KERN\_POSIX\_TIMERS integer no 322.It KERN\_PROC struct kinfo_proc no 323.It KERN\_PROC2 struct kinfo_proc2 no 324.It KERN\_PROC\_ARGS string no 325.It KERN\_PROF node not applicable 326.It KERN\_RAWPARTITION integer no 327.It KERN\_ROOT\_DEVICE string no 328.It KERN\_RTC\_OFFSET integer no 329.It KERN\_SAVED\_IDS integer no 330.It KERN\_SECURELVL integer raise only 331.It KERN\_SYNCHRONIZED\_IO integer no 332.It KERN\_SYSVIPC\_INFO node not applicable 333.It KERN\_SYSVMSG integer no 334.It KERN\_SYSVSEM integer no 335.It KERN\_SYSVSHM integer no 336.It KERN\_TKSTAT node not applicable 337.It KERN\_VERSION string no 338.It KERN\_VNODE struct vnode no 339.El 340.ne 1i 341.Pp 342.Bl -tag -width "123456" 343.It Li KERN_ARGMAX 344The maximum bytes of argument to 345.Xr execve 2 . 346.It Li KERN_AUTONICETIME 347The number of seconds of cpu-time a non-root process may accumulate before 348having its priority lowered from the default to the value of KERN_AUTONICEVAL. 349If set to 0, automatic lowering of priority is not performed, and if set to \-1 350all non-root processes are immediately lowered. 351.It Li KERN_AUTONICEVAL 352The priority assigned for automatically niced processes. 353.It Li KERN_BOOTTIME 354A 355.Va struct timeval 356structure is returned. 357This structure contains the time that the system was booted. 358.It Li KERN_CCPU 359The scheduler exponential decay value. 360.It Li KERN_CLOCKRATE 361A 362.Va struct clockinfo 363structure is returned. 364This structure contains the clock, statistics clock and profiling clock 365frequencies, the number of micro-seconds per hz tick, and the clock 366skew rate. 367.It Li KERN_CP_TIME 368Return an array if CPUSTATES longs is returned. 369This array contains the 370number of clock ticks spent in different CPU states. 371.It Li KERN_DEFCORENAME 372Default template for the name of core dump files (see also PROC_PID_CORENAME 373in the per-process variables CTL_PROC, and 374.Xr core 5 375for format of this template). 376The default value is 377.Nm %n.core 378and can be changed with the kernel configuration option 379.Cd options DEFCORENAME 380(see 381.Xr options 4 382). 383.It Li KERN_DOMAINNAME 384Get or set the YP domain name. 385.It Li KERN_FILE 386Return the entire file table. 387The returned data consists of a single 388.Va struct filehead 389followed by an array of 390.Va struct file , 391whose size depends on the current number of such objects in the system. 392.It Li KERN_FSCALE 393The kernel fixed-point scale factor. 394.It Li KERN_FORKFSLEEP 395If 396.Xr fork 2 397system call fails due to limit on number of processes (either 398the global maxproc limit or user's one), wait for this many 399miliseconds before returning 400.Er EAGAIN 401error to process. 402Useful to keep heavily forking runaway processes in bay. 403Default zero (no sleep). 404Maximum is 20 seconds. 405.It Li KERN_FSYNC 406Return 1 if the POSIX 1003.1b File Synchronization Option is available 407on this system, 408otherwise 0. 409.It Li KERN_HOSTID 410Get or set the host id. 411.It Li KERN_HOSTNAME 412Get or set the hostname. 413.It Li KERN_IOV_MAX 414Return the maximum number of 415.Va iovec 416structures that a process has available for use with 417.Xr preadv 2 , 418.Xr pwritev 2 , 419.Xr readv 2 , 420.Xr recvmsg 2 , 421.Xr sendmsg 2 422and 423.Xr writev 2 . 424.It Li KERN_JOB_CONTROL 425Return 1 if job control is available on this system, otherwise 0. 426.It Li KERN_LABELOFFSET 427The offset within the sector specified by KERN_LABELSECTOR of the 428.Xr disklabel 5 . 429.It Li KERN_LABELSECTOR 430The sector number containing the 431.Xr disklabel 5 . 432.It Li KERN_LOGIN_NAME_MAX 433The size of the storage required for a login name, in bytes, 434including the terminating NUL. 435.It Li KERN_LOGSIGEXIT 436If this flag is non-zero, the kernel will 437.Xr log 9 438all process exits due to signals which create a 439.Xr core 5 440file, and whether the coredump was created. 441.It Li KERN_MAPPED_FILES 442Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available 443on this system, 444otherwise 0. 445.It Li KERN_MAXFILES 446The maximum number of open files that may be open in the system. 447.It Li KERN_MAXPARTITIONS 448The maximum number of partitions allowed per disk. 449.It Li KERN_MAXPROC 450The maximum number of simultaneous processes the system will allow. 451.It Li KERN_MAXPTYS 452The maximum number of pseudo terminals. 453This value can be both raised and lowered, though it cannot 454be set lower than number of currently used ptys. 455See also 456.Xr pty 4 . 457.It Li KERN_MAXVNODES 458The maximum number of vnodes available on the system. 459This can only be raised. 460.It Li KERN_MBUF 461Return information about the mbuf control variables. 462the third level names for the mbuf variables are detailed below. 463The changeable column shows whether a process with appropriate 464privilege may change the value. 465.Bl -column "MBUFXNMBCLUSTERSXXX" "struct integerXXX" -offset indent 466.It Sy Pa Third level name Type Changeable 467.It MBUF\_MSIZE integer yes 468.It MBUF\_MCLBYTES integer yes 469.It MBUF\_NMBCLUSTERS integer yes 470.It MBUF\_MBLOWAT integer yes 471.It MBUF\_MCLLOWAT integer yes 472.El 473.Pp 474The variables are as follows: 475.Bl -tag -width "123456" 476.It Li MBUF_MSIZE 477The mbuf base size. 478.It Li MBUF_MCLBYTES 479The mbuf cluster size. 480.It Li MBUF_NMBCLUSTERS 481The limit on the number of mbuf clusters. 482The variable can only be increased, and only increased on machines with 483direct-mapped pool pages 484.It Li MBUF_MBLOWAT 485The mbuf low water mark. 486.It Li MBUF_MCLLOWAT 487The mbuf cluster low water mark. 488.El 489.It Li KERN_MEMLOCK 490Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available 491on this system, 492otherwise 0. 493.It Li KERN_MEMLOCK_RANGE 494Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available 495on this system, 496otherwise 0. 497.It Li KERN_MEMORY_PROTECTION 498Returns 1 if the POSIX 1003.1b Memory Protection Option is available 499on this system, 500otherwise 0. 501.It Li KERN_MONOTONIC_CLOCK 502Returns the standard version the implementation of the POSIX 1003.1b 503Monotonic Clock Option conforms to, 504otherwise 0. 505.It Li KERN_MSGBUF 506The kernel message buffer, rotated so that the head of the circular kernel 507message buffer is returned at the start of the buffer specified by 508.Fa oldp . 509The returned data may contain NUL bytes. 510.It Li KERN_MSGBUFSIZE 511The maximum number of characters that the kernel message buffer can hold. 512.It Li KERN_NGROUPS 513The maximum number of supplemental groups. 514.It Li KERN_NO_TRUNC 515Return 1 if file names longer than KERN_NAME_MAX are truncated. 516.It Li KERN_NTPTIME 517A 518.Va struct ntptimeval 519structure is returned. 520This structure contains data used by the 521.Xr ntpd 8 522program. 523.It Li KERN_OSRELEASE 524The system release string. 525.It Li KERN_OSREV 526The system revision string. 527.It Li KERN_OSTYPE 528The system type string. 529.It Li KERN_PATH_MAX 530The maximum number of bytes in a pathname. 531.It Li KERN_POSIX1 532The version of ISO/IEC 9945 (POSIX 1003.1) with which the system 533attempts to comply. 534.It Li KERN_POSIX_BARRIERS 535The version of 536.St -p1003.1 537and its 538Barriers 539option to which the system attempts to conform, 540otherwise 0. 541.It Li KERN_POSIX_READER_WRITER_LOCKS 542The version of 543.St -p1003.1 544and its 545Read-Write Locks 546option to which the system attempts to conform, 547otherwise 0. 548.It Li KERN_POSIX_SEMAPHORES 549The version of 550.St -p1003.1 551and its 552Semaphores 553option to which the system attempts to conform, 554otherwise 0. 555.It Li KERN_POSIX_SPIN_LOCKS 556The version of 557.St -p1003.1 558and its 559Spin Locks 560option to which the system attempts to conform, 561otherwise 0. 562.It Li KERN_POSIX_THREADS 563The version of 564.St -p1003.1 565and its 566Threads 567option to which the system attempts to conform, 568otherwise 0. 569.It Li KERN_POSIX_TIMERS 570The version of 571.St -p1003.1 572and its 573Timers 574option to which the system attempts to conform, 575otherwise 0. 576.It Li KERN_PROC 577Return the entire process table, or a subset of it. 578An array of 579.Va struct kinfo_proc 580structures is returned, 581whose size depends on the current number of such objects in the system. 582The third and fourth level names are as follows: 583.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent 584.It Pa Third level name Fourth level is: 585.It KERN\_PROC\_ALL None 586.It KERN\_PROC\_PID A process ID 587.It KERN\_PROC\_PGRP A process group 588.It KERN\_PROC\_SESSION A session ID 589.It KERN\_PROC\_TTY A tty device 590.It KERN\_PROC\_UID A user ID 591.It KERN\_PROC\_RUID A real user ID 592.It KERN\_PROC\_GID A group ID 593.It KERN\_PROC\_RGID A real group ID 594.El 595.It Li KERN_PROC2 596As for KERN_PROC, but an array of 597.Va struct kinfo_proc2 598structures are returned. 599The fifth level name is the size of the 600.Va struct kinfo_proc2 601and the sixth level name is the number of structures to return. 602.It Li KERN_PROC_ARGS 603Return the argv or environment strings (or the number thereof) 604of a process. 605Multiple strings are returned separated by NUL characters. 606The third level name is the process ID. 607The fourth level name is as follows: 608.Bl -column "Third level nameXXXXXX" -offset indent 609.It KERN\_PROC\_ARGV The argv strings 610.It KERN\_PROC\_NARGV The number of argv strings 611.It KERN\_PROC\_ENV The environ strings 612.It KERN\_PROC\_NENV The number of environ strings 613.El 614.It Li KERN_PROF 615Return profiling information about the kernel. 616If the kernel is not compiled for profiling, 617attempts to retrieve any of the KERN_PROF values will 618fail with EOPNOTSUPP. 619The third level names for the string and integer profiling information 620is detailed below. 621The changeable column shows whether a process with appropriate 622privilege may change the value. 623.Bl -column "GPROFXGMONPARAMXXX" "struct gmonparamXXX" -offset indent 624.It Sy Pa Third level name Type Changeable 625.It GPROF\_STATE integer yes 626.It GPROF\_COUNT u_short[\|] yes 627.It GPROF\_FROMS u_short[\|] yes 628.It GPROF\_TOS struct tostruct yes 629.It GPROF\_GMONPARAM struct gmonparam no 630.El 631.Pp 632The variables are as follows: 633.Bl -tag -width "123456" 634.It Li GPROF_STATE 635Returns GMON_PROF_ON or GMON_PROF_OFF to show that profiling 636is running or stopped. 637.It Li GPROF_COUNT 638Array of statistical program counter counts. 639.It Li GPROF_FROMS 640Array indexed by program counter of call-from points. 641.It Li GPROF_TOS 642Array of 643.Va struct tostruct 644describing destination of calls and their counts. 645.It Li GPROF_GMONPARAM 646Structure giving the sizes of the above arrays. 647.El 648.It Li KERN_RAWPARTITION 649The raw partition of a disk (a == 0). 650.It Li KERN_ROOT_DEVICE 651The name of the root device. 652.It Li KERN_RTC_OFFSET 653Return the offset of real time clock from UTC in minutes. 654.It Li KERN_SAVED_IDS 655Returns 1 if saved set-group and saved set-user ID is available. 656.It Li KERN_SECURELVL 657The system security level. 658This level may be raised by processes with appropriate privilege. 659It may only be lowered by process 1. 660.It Li KERN_SYNCHRONIZED_IO 661Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available 662on this system, 663otherwise 0. 664.It Li KERN_SYSVIPC_INFO 665Return System V style IPC configuration and run-time information. 666The third level name selects the System V style IPC facility. 667.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent 668.It Sy Pa Third level name Type 669.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info 670.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info 671.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info 672.El 673.Pp 674.Bl -tag -width "123456" 675.It Li KERN_SYSVIPC_MSG_INFO 676Return information on the System V style message facility. 677The 678.Sy msg_sysctl_info 679structure is defined in 680.Aq Pa sys/msg.h . 681.It Li KERN_SYSVIPC_SEM_INFO 682Return information on the System V style semaphore facility. 683The 684.Sy sem_sysctl_info 685structure is defined in 686.Aq Pa sys/sem.h . 687.It Li KERN_SYSVIPC_SHM_INFO 688Return information on the System V style shared memory facility. 689The 690.Sy shm_sysctl_info 691structure is defined in 692.Aq Pa sys/shm.h . 693.El 694.It Li KERN_SYSVMSG 695Returns 1 if System V style message queue functionality is available 696on this system, 697otherwise 0. 698.It Li KERN_SYSVSEM 699Returns 1 if System V style semaphore functionality is available 700on this system, 701otherwise 0. 702.It Li KERN_SYSVSHM 703Returns 1 if System V style share memory functionality is available 704on this system, 705otherwise 0. 706.It Li KERN_TKSTAT 707Return information about the number of characters sent and received 708on ttys. 709The third level names for the tty statistic variables are detailed below. 710The changeable column shows whether a process 711with appropriate privilege may change the value. 712.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent 713.It Sy Pa Third level name Type Changeable 714.It KERN\_TKSTAT\_NIN quad no 715.It KERN\_TKSTAT\_NOUT quad no 716.It KERN\_TKSTAT\_CANCC quad no 717.It KERN\_TKSTAT\_RAWCC quad no 718.El 719.Pp 720The variables are as follows: 721.Bl -tag -width "123456" 722.It Li KERN_TKSTAT_NIN 723The total number of input characters. 724.It Li KERN_TKSTAT_NOUT 725The total number of output characters. 726.It Li KERN_TKSTAT_CANCC 727The number of canonical input characters. 728.It Li KERN_TKSTAT_RAWCC 729The number of raw input characters. 730.El 731.It Li KERN_VERSION 732The system version string. 733.It Li KERN_VNODE 734Return the entire vnode table. 735Note, the vnode table is not necessarily a consistent snapshot of 736the system. 737The returned data consists of an array whose size depends on the 738current number of such objects in the system. 739Each element of the array contains the kernel address of a vnode 740.Va struct vnode * 741followed by the vnode itself 742.Va struct vnode . 743.El 744.Sh CTL_MACHDEP 745The set of variables defined is architecture dependent. 746Most architectures define at least the following variables. 747.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent 748.It Sy Pa Second level name Type Changeable 749.It Li CPU_CONSDEV dev_t no 750.El 751.Sh CTL_NET 752The string and integer information available for the CTL_NET level 753is detailed below. 754The changeable column shows whether a process with appropriate 755privilege may change the value. 756.Bl -column "Second level nameXXXXXX" "routing messagesXXX" -offset indent 757.It Sy Pa Second level name Type Changeable 758.It PF\_ROUTE routing messages no 759.It PF\_INET IPv4 values yes 760.It PF\_INET6 IPv6 values yes 761.It PF\_KEY IPsec key management values yes 762.El 763.Pp 764.Bl -tag -width "123456" 765.It Li PF_ROUTE 766Return the entire routing table or a subset of it. 767The data is returned as a sequence of routing messages (see 768.Xr route 4 769for the header file, format and meaning). 770The length of each message is contained in the message header. 771.Pp 772The third level name is a protocol number, which is currently always 0. 773The fourth level name is an address family, which may be set to 0 to 774select all address families. 775The fifth and sixth level names are as follows: 776.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent 777.It Pa Fifth level name Sixth level is: 778.It NET\_RT\_FLAGS rtflags 779.It NET\_RT\_DUMP None 780.It NET\_RT\_IFLIST None 781.El 782.It Li PF_INET 783Get or set various global information about the IPv4 784.Pq Internet Protocol version 4 . 785The third level name is the protocol. 786The fourth level name is the variable name. 787The currently defined protocols and names are: 788.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 789.It Pa Protocol name Variable name Type Changeable 790.It ip forwarding integer yes 791.It ip redirect integer yes 792.It ip ttl integer yes 793.It ip forwsrcrt integer yes 794.It ip directed-broadcast integer yes 795.It ip allowsrcrt integer yes 796.It ip subnetsarelocal integer yes 797.It ip mtudisc integer yes 798.It ip anonportmin integer yes 799.It ip anonportmax integer yes 800.It ip mtudisctimeout integer yes 801.It ip gifttl integer yes 802.It ip grettl integer yes 803.It ip lowportmin integer yes 804.It ip lowportmax integer yes 805.It ip maxfragpacket integer yes 806.It icmp maskrepl integer yes 807.It icmp errppslimit integer yes 808.It icmp rediraccept integer yes 809.It icmp redirtimeout integer yes 810.It tcp rfc1323 integer yes 811.It tcp sendspace integer yes 812.It tcp recvspace integer yes 813.It tcp mssdflt integer yes 814.It tcp syn_cache_limit integer yes 815.It tcp syn_bucket_limit integer yes 816.It tcp syn_cache_interval integer yes 817.It tcp init_win integer yes 818.It tcp mss_ifmtu integer yes 819.It tcp sack integer yes 820.It tcp win_scale integer yes 821.It tcp timestamps integer yes 822.It tcp compat_42 integer yes 823.It tcp cwm integer yes 824.It tcp cwm_burstsize integer yes 825.It tcp ack_on_push integer yes 826.It tcp keepidle integer yes 827.It tcp keepintvl integer yes 828.It tcp keepcnt integer yes 829.It tcp slowhz integer no 830.It tcp newreno integer yes 831.It tcp log_refused integer yes 832.It tcp rstppslimit integer yes 833.It udp checksum integer yes 834.It udp sendspace integer yes 835.It udp recvspace integer yes 836.El 837.Pp 838The variables are as follows: 839.Bl -tag -width "123456" 840.It Li ip.forwarding 841Returns 1 when IP forwarding is enabled for the host, 842meaning that the host is acting as a router. 843.It Li ip.redirect 844Returns 1 when ICMP redirects may be sent by the host. 845This option is ignored unless the host is routing IP packets, 846and should normally be enabled on all systems. 847.It Li ip.ttl 848The maximum time-to-live (hop count) value for an IP packet sourced by 849the system. 850This value applies to normal transport protocols, not to ICMP. 851.It Li ip.forwsrcrt 852Returns 1 when forwarding of source-routed packets is enabled for 853the host. 854This value may only be changed if the kernel security level is less than 1. 855.It Li ip.directed-broadcast 856Returns 1 if directed broadcast behavior is enabled for the host. 857.It Li ip.allowsrcrt 858Returns 1 if the host accepts source routed packets. 859.It Li ip.subnetsarelocal 860Returns 1 if subnets are to be considered local addresses. 861.It Li ip.mtudisc 862Returns 1 if Path MTU Discovery is enabled. 863.It Li ip.anonportmin 864The lowest port number to use for TCP and UDP ephemeral port allocation. 865This cannot be set to less than 1024 or greater than 65535. 866.It Li ip.anonportmax 867The highest port number to use for TCP and UDP ephemeral port allocation. 868This cannot be set to less than 1024 or greater than 65535, and must 869be greater than 870.Li ip.anonportmin . 871.It Li ip.mtudisctimeout 872Returns the number of seconds in which a route added by the Path MTU 873Discovery engine will time out. 874When the route times out, the Path 875MTU Discovery engine will attempt to probe a larger path MTU. 876.It Li ip.gifttl 877The maximum time-to-live (hop count) value for an IPv4 packet generated by 878.Xr gif 4 879tunnel interface. 880.It Li ip.grettl 881The maximum time-to-live (hop count) value for an IPv4 packet generated by 882.Xr gre 4 883tunnel interface. 884.It Li ip.lowportmin 885The lowest port number to use for TCP and UDP reserved port allocation. 886This cannot be set to less than 0 or greater than 1024, and must 887be smaller than 888.Li ip.lowportmax . 889.It Li ip.lowportmax 890The highest port number to use for TCP and UDP reserved port allocation. 891This cannot be set to less than 0 or greater than 1024, and must 892be greater than 893.Li ip.lowportmin . 894.It Li ip.maxfragpackets 895The maximum number of fragmented packets the node will accept. 8960 means that the node will not accept any fragmented packets. 897\-1 means that the node will accept as many fragmented packets as it receives. 898The flag is provided basically for avoiding possible DoS attacks. 899.It Li icmp.maskrepl 900Returns 1 if ICMP network mask requests are to be answered. 901.It Li icmp.errppslimit 902The variable specifies the maximum number of outgoing ICMP error messages, 903per second. 904ICMP error messages that exceeded the value are subject to rate limitation 905and will not go out from the node. 906Negative value disables rate limitation. 907.It Li icmp.rediraccept 908If set to non-zero, the host will accept ICMP redirect packets. 909Note that routers will never accept ICMP redirect packets, 910and the variable is meaningful on IP hosts only. 911.It Li icmp.redirtimeout 912The variable specifies lifetime of routing entries generated by incoming 913ICMP redirect. 914This defaults to 600 seconds. 915.It Li tcp.rfc1323 916Returns 1 if RFC1323 extensions to TCP are enabled. 917.It Li tcp.sendspace 918Returns the default TCP send buffer size. 919.It Li tcp.recvspace 920Returns the default TCP receive buffer size. 921.It Li tcp.mssdflt 922Returns the default maximum segment size both advertized to the peer 923and to use when the peer does not advertize a maximum segment size to 924us during connection setup. 925Do not change this value unless you really know what you are doing. 926.It Li tcp.syn_cache_limit 927Returns the maximum number of entries allowed in the TCP compressed state 928engine. 929.It Li tcp.syn_bucket_limit 930Returns the maximum number of entries allowed per hash bucket in the TCP 931compressed state engine. 932.It Li tcp.syn_cache_interval 933Returns the TCP compressed state engine's timer interval. 934.It Li tcp.init_win 935Returns a value indicating the TCP initial congestion window. 936If this value is 0, an auto-tuning algorithm designed to use an initial 937window of approximately 4K bytes is in use. 938Otherwise, this value indicates a fixed number of packets. 939.It Li tcp.mss_ifmtu 940Returns 1 if TCP calculates the outgoing maximum segment size based on 941the MTU of the appropriate interface. 942Otherwise, it is calculated based on the greater of the MTU of the 943interface, and the largest (non-loopback) interface MTU on the system. 944.It Li tcp.sack 945TCP Selective ACKnowledgement (RFC 2018) is not implemented in 946.Nx 947at this time. 948Changing this value will have no effect. 949.It Li tcp.win_scale 950If rfc1323 is enabled, a value of 1 indicates RFC1323 window scale options, 951for increasing the TCP window size, are enabled. 952.It Li tcp.timestamps 953If rfc1323 is enabled, a value of 1 indicates RFC1323 time stamp options, 954used for measuring TCP round trip times, are enabled. 955.It Li tcp.compat_42 956Returns 1 if work-arounds for bugs in the 4.2BSD TCP implementation are 957enabled. 958Use of this option is not recommended, although it may be 959required in order to communicate with extremely old TCP implementations. 960.It Li tcp.cwm 961Returns 1 if use of the Hughes/Touch/Heidemann Congestion Window Monitoring 962algorithm is enabled. 963This algorithm prevents line-rate bursts of packets that could 964otherwise occur when data begins flowing on an idle TCP connection. 965These line-rate bursts can contribute to network and router congestion. 966This can be particularly useful on World Wide Web servers 967which support HTTP/1.1, which has lingering connections. 968.It Li tcp.cwm_burstsize 969Returns the Congestion Window Monitoring allowed burst size, in terms 970of packet count. 971.It Li tcp.ack_on_push 972Returns 1 if TCP is to immediately transmit an ACK upon reception of 973a packet with PUSH set. 974This can avoid losing a round trip time in some rare situations, 975but has the caveat of potentially defeating TCP's delayed ACK algorithm. 976Use of this option is generally not recommended, but 977the variable exists in case your configuration really needs it. 978.It Li tcp.keepidle 979Time a connection must be idle before keepalives are sent (if keepalives 980are enabled for the connection). 981See also tcp.slowhz. 982.It Li tcp.keepintvl 983Time after a keepalive probe is sent until, in the absence of any response, 984another probe is sent. 985See also tcp.slowhz. 986.It Li tcp.keepcnt 987Number of keepalive probes sent before declaring a connection dead. 988If set to zero, there is no limit; 989keepalives will be sent until some kind of 990response is received from the peer. 991.It Li tcp.slowhz 992The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 993of a clock that ticks tcp.slowhz times per second. 994(That is, their values 995must be divided by the tcp.slowhz value to get times in seconds.) 996.It Li tcp.newreno 997Returns 1 if the use of J. 998Hoe's NewReno congestion control algorithm is enabled. 999This algorithm improves the start-up behavior of TCP connections. 1000.It Li tcp.log_refused 1001Returns 1 if refused TCP connections to the host will be logged. 1002.It Li tcp.rstppslimit 1003The variable specifies the maximum number of outgoing TCP RST packets, 1004per second. 1005TCP RST packet that exceeded the value are subject to rate limitation 1006and will not go out from the node. 1007Negative value disables rate limitation. 1008.It Li udp.checksum 1009Returns 1 when UDP checksums are being computed and checked. 1010Disabling UDP checksums is strongly discouraged. 1011.It Li udp.sendspace 1012Returns the default UDP send buffer size. 1013.It Li udp.recvspace 1014Returns the default UDP receive buffer size. 1015.El 1016.Pp 1017For variables net.*.ipsec, please refer to 1018.Xr ipsec 4 . 1019.It Li PF_INET6 1020Get or set various global information about the IPv6 1021.Pq Internet Protocol version 6 . 1022The third level name is the protocol. 1023The fourth level name is the variable name. 1024The currently defined protocols and names are: 1025.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 1026.It Pa Protocol name Variable name Type Changeable 1027.It ip6 forwarding integer yes 1028.It ip6 redirect integer yes 1029.It ip6 hlim integer yes 1030.It ip6 maxfragpackets integer yes 1031.It ip6 accept_rtadv integer yes 1032.It ip6 keepfaith integer yes 1033.It ip6 log_interval integer yes 1034.It ip6 hdrnestlimit integer yes 1035.It ip6 dad_count integer yes 1036.It ip6 auto_flowlabel integer yes 1037.It ip6 defmcasthlim integer yes 1038.It ip6 gif_hlim integer yes 1039.It ip6 kame_version string no 1040.It ip6 use_deprecated integer yes 1041.It ip6 rr_prune integer yes 1042.It ip6 v6only integer yes 1043.It ip6 anonportmin integer yes 1044.It ip6 anonportmax integer yes 1045.It ip6 lowportmin integer yes 1046.It ip6 lowportmax integer yes 1047.It ip6 maxfrags integer yes 1048.It icmp6 rediraccept integer yes 1049.It icmp6 redirtimeout integer yes 1050.It icmp6 nd6_prune integer yes 1051.It icmp6 nd6_delay integer yes 1052.It icmp6 nd6_umaxtries integer yes 1053.It icmp6 nd6_mmaxtries integer yes 1054.It icmp6 nd6_useloopback integer yes 1055.It icmp6 nodeinfo integer yes 1056.It icmp6 errppslimit integer yes 1057.It icmp6 nd6_maxnudhint integer yes 1058.It icmp6 mtudisc_hiwat integer yes 1059.It icmp6 mtudisc_lowat integer yes 1060.It icmp6 nd6_debug integer yes 1061.It udp6 sendspace integer yes 1062.It udp6 recvspace integer yes 1063.El 1064.Pp 1065The variables are as follows: 1066.Bl -tag -width "123456" 1067.It Li ip6.forwarding 1068Returns 1 when IPv6 forwarding is enabled for the node, 1069meaning that the node is acting as a router. 1070Returns 0 when IPv6 forwarding is disabled for the node, 1071meaning that the node is acting as a host. 1072IPv6 specification defines node behavior for 1073.Dq router 1074case and 1075.Dq host 1076case quite differently, and changing this variable during operation 1077may cause serious trouble. 1078It is recommended to configure the variable at bootstrap time, 1079and bootstrap time only. 1080.It Li ip6.redirect 1081Returns 1 when ICMPv6 redirects may be sent by the node. 1082This option is ignored unless the node is routing IP packets, 1083and should normally be enabled on all systems. 1084.It Li ip6.hlim 1085The default hop limit value for an IPv6 unicast packet sourced by the node. 1086This value applies to all the transport protocols on top of IPv6. 1087There are APIs to override the value, as documented in 1088.Xr ip6 4 . 1089.It Li ip6.maxfragpackets 1090The maximum number of fragmented packets the node will accept. 10910 means that the node will not accept any fragmented packets. 1092\-1 means that the node will accept as many fragmented packets as it receives. 1093The flag is provided basically for avoiding possible DoS attacks. 1094.It Li ip6.accept_rtadv 1095If set to non-zero, the node will accept ICMPv6 router advertisement packets 1096and autoconfigures address prefixes and default routers. 1097The node must be a host 1098.Pq not a router 1099for the option to be meaningful. 1100.It Li ip6.keepfaith 1101If set to non-zero, it enables 1102.Dq FAITH 1103TCP relay IPv6-to-IPv4 translator code in the kernel. 1104Refer 1105.Xr faith 4 1106and 1107.Xr faithd 8 1108for detail. 1109.It Li ip6.log_interval 1110The variable controls amount of logs generated by IPv6 packet 1111forwarding engine, by setting interval between log output 1112.Pq in seconds . 1113.It Li ip6.hdrnestlimit 1114The number of IPv6 extension headers permitted on incoming IPv6 packets. 1115If set to 0, the node will accept as many extension headers as possible. 1116.It Li ip6.dad_count 1117The variable configures number of IPv6 DAD 1118.Pq duplicated address detection 1119probe packets. 1120The packets will be generated when IPv6 interface addresses are configured. 1121.It Li ip6.auto_flowlabel 1122On connected transport protocol packets, 1123fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1124.It Li ip6.defmcasthlim 1125The default hop limit value for an IPv6 multicast packet sourced by the node. 1126This value applies to all the transport protocols on top of IPv6. 1127There are APIs to override the value, as documented in 1128.Xr ip6 4 . 1129.It Li ip6.gif_hlim 1130The maximum hop limit value for an IPv6 packet generated by 1131.Xr gif 4 1132tunnel interface. 1133.It Li ip6.kame_version 1134The string identifies the version of KAME IPv6 stack implemented in the kernel. 1135.It Li ip6.use_deprecated 1136The variable controls use of deprecated address, specified in RFC2462 5.5.4. 1137.It Li ip6.rr_prune 1138The variable specifies interval between IPv6 router renumbering prefix 1139babysitting, in seconds. 1140.It Li ip6.v6only 1141The variable specifies initial value for 1142.Dv IPV6_V6ONLY 1143socket option for 1144.Dv AF_INET6 1145socket. 1146Please refer to 1147.Xr ip6 4 1148for detail. 1149.It Li ip6.anonportmin 1150The lowest port number to use for TCP and UDP ephemeral port allocation. 1151This cannot be set to less than 1024 or greater than 65535. 1152.It Li ip6.anonportmax 1153The highest port number to use for TCP and UDP ephemeral port allocation. 1154This cannot be set to less than 1024 or greater than 65535, and must 1155be greater than 1156.Li ip6.anonportmin . 1157.It Li ip6.lowportmin 1158The lowest port number to use for TCP and UDP reserved port allocation. 1159This cannot be set to less than 0 or greater than 1024, and must 1160be smaller than 1161.Li ip6.lowportmax . 1162.It Li ip6.lowportmax 1163The highest port number to use for TCP and UDP reserved port allocation. 1164This cannot be set to less than 0 or greater than 1024, and must 1165be greater than 1166.Li ip6.lowportmin . 1167.It Li ip6.maxfrags 1168The maximum number of fragments the node will accept. 11690 means that the node will not accept any fragments. 1170\-1 means that the node will accept as many fragments as it receives. 1171The flag is provided basically for avoiding possible DoS attacks. 1172.It Li icmp6.rediraccept 1173If set to non-zero, the host will accept ICMPv6 redirect packets. 1174Note that IPv6 routers will never accept ICMPv6 redirect packets, 1175and the variable is meaningful on IPv6 hosts 1176.Pq non-router 1177only. 1178.It Li icmp6.redirtimeout 1179The variable specifies lifetime of routing entries generated by incoming 1180ICMPv6 redirect. 1181.It Li icmp6.nd6_prune 1182The variable specifies interval between IPv6 neighbor cache babysitting, 1183in seconds. 1184.It Li icmp6.nd6_delay 1185The variable specifies 1186.Dv DELAY_FIRST_PROBE_TIME 1187timing constant in IPv6 neighbor discovery specification 1188.Pq RFC2461 , 1189in seconds. 1190.It Li icmp6.nd6_umaxtries 1191The variable specifies 1192.Dv MAX_UNICAST_SOLICIT 1193constant in IPv6 neighbor discovery specification 1194.Pq RFC2461 . 1195.It Li icmp6.nd6_mmaxtries 1196The variable specifies 1197.Dv MAX_MULTICAST_SOLICIT 1198constant in IPv6 neighbor discovery specification 1199.Pq RFC2461 . 1200.It Li icmp6.nd6_useloopback 1201If set to non-zero, kernel IPv6 stack will use loopback interface for 1202local traffic. 1203.It Li icmp6.nodeinfo 1204The variable enables responses to ICMPv6 node information queries. 1205If you set the variable to 0, responses will not be generated for 1206ICMPv6 node information queries. 1207Since node information queries can have a security impact, it is 1208possible to fine tune which responses should be answered. 1209Two separate bits can be set. 1210.Bl -tag -width "12345" 1211.It 1 1212Respond to ICMPv6 FQDN queries, e.g. 1213.Li ping6 -w . 1214.It 2 1215Respond to ICMPv6 node addresses queries, e.g. 1216.Li ping6 -a . 1217.El 1218.It Li icmp6.errppslimit 1219The variable specifies the maximum number of outgoing ICMPv6 error messages, 1220per second. 1221ICMPv6 error messages that exceeded the value are subject to rate limitation 1222and will not go out from the node. 1223Negative value disables rate limitation. 1224.It Li icmp6.nd6_maxnudhint 1225IPv6 neighbor discovery permits upper layer protocols to supply reachability 1226hints, to avoid unnecessary neighbor discovery exchanges. 1227The variable defines the number of consecutive hints the neighbor discovery 1228layer will take. 1229For example, by setting the variable to 3, neighbor discovery layer 1230will take 3 consecutive hints in maximum. 1231After receiving 3 hints, neighbor discovery layer will perform 1232normal neighbor discovery process. 1233.It Li icmp6.mtudisc_hiwat 1234.It Li icmp6.mtudisc_lowat 1235The variables define the maximum number of routing table entries, 1236created due to path MTU discovery 1237.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1238When IPv6 path MTU discovery happens, we keep path MTU information into 1239the routing table. 1240If the number of routing table entries exceed the value, 1241the kernel will not attempt to keep the path MTU information. 1242.Li icmp6.mtudisc_hiwat 1243is used when we have verified ICMPv6 too big messages. 1244.Li icmp6.mtudisc_lowat 1245is used when we have unverified ICMPv6 too big messages. 1246Verification is performed by using address/port pairs kept in connected pcbs. 1247Negative value disables the upper limit. 1248.It Li icmp6.nd6_debug 1249If set to non-zero, kernel IPv6 neighbor discovery code will generate 1250debugging messages. 1251The debug outputs are useful to diagnose IPv6 interoperability issues. 1252The flag must be set to 0 for normal operation. 1253.El 1254.Pp 1255We reuse net.*.tcp for 1256.Tn TCP 1257over 1258.Tn IPv6 , 1259and therefore we do not have variables net.*.tcp6. 1260Variables net.inet6.udp6 have identical meaning to net.inet.udp. 1261Please refer to 1262.Li PF_INET 1263section above. 1264For variables net.*.ipsec6, please refer to 1265.Xr ipsec 4 . 1266.It Li PF_KEY 1267Get or set various global information about the IPsec key management. 1268The third level name is the variable name. 1269The currently defined variable and names are: 1270.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent 1271.It Pa Variable name Type Changeable 1272.It debug integer yes 1273.It spi_try integer yes 1274.It spi_min_value integer yes 1275.It spi_max_value integer yes 1276.It random_int integer yes 1277.It larval_lifetime integer yes 1278.It blockacq_count integer yes 1279.It blockacq_lifetime integer yes 1280.It esp_keymin integer yes 1281.It esp_auth integer yes 1282.It ah_keymin integer yes 1283.El 1284The variables are as follows: 1285.Bl -tag -width "123456" 1286.It Li debug 1287Turn on debugging message from within the kernel. 1288The value is a bitmap, as defined in 1289.Pa /usr/include/netkey/key_debug.h . 1290.It Li spi_try 1291The number of times the kernel will try to obtain an unique SPI 1292when it generates it from random number generator. 1293.It Li spi_min_value 1294Minimum SPI value when generating it within the kernel. 1295.It Li spi_max_value 1296Maximum SPI value when generating it within the kernel. 1297.It Li random_int 1298Interval to stir pseudo-random number generator, in seconds. 1299Pseudo-random number generator is used only as a last resort when 1300random number source 1301.Pq Pa /dev/urandom 1302is not available. 1303It should not really be used, and if it were used, 1304kernel will warn about it. 1305.It Li larval_lifetime 1306Lifetime for LARVAL SAD entries, in seconds. 1307.It Li blockacq_count 1308Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 1309It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 1310key management daemon. 1311.It Li blockacq_lifetime 1312Lifetime of ACQUIRE PF_KEY message. 1313.It Li esp_keymin 1314Minimum ESP key length, in bits. 1315The value is used when the kernel creates proposal payload 1316on ACQUIRE PF_KEY message. 1317.It Li esp_auth 1318Whether ESP authentication should be used or not. 1319Non-zero value indicates that ESP authentication should be used. 1320The value is used when the kernel creates proposal payload 1321on ACQUIRE PF_KEY message. 1322.It Li ah_keymin 1323Minimum AH key length, in bits, 1324The value is used when the kernel creates proposal payload 1325on ACQUIRE PF_KEY message. 1326.El 1327.El 1328.Sh CTL_PROC 1329The string and integer information available for the CTL_PROC 1330is detailed below. 1331The changeable column shows whether a process with appropriate 1332privilege may change the value. 1333These values are per-process, 1334and as such may change from one process to another. 1335When a process is created, 1336the default values are inherited from its parent. 1337When a set-user-ID or set-group-ID binary is executed, the 1338value of PROC_PID_CORENAME is reset to the system default value. 1339The second level name is either the magic value PROC_CURPROC, which 1340points to the current process, or the PID of the target process. 1341.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent 1342.It Sy Pa Third level name Type Changeable 1343.It PROC\_PID\_CORENAME string yes 1344.It PROC\_STOPEXEC int yes 1345.It PROC\_STOPFORK int yes 1346.It PROC\_PID\_LIMIT node not applicable 1347.El 1348.Bl -tag -width "123456" 1349.Pp 1350.It Li PROC_PID_CORENAME 1351The template used for the core dump file name (see 1352.Xr core 5 1353for details). 1354The base name must either be 1355.Nm core 1356or end with the suffix ``.core'' (the super-user may set arbitrary names). 1357By default it points to KERN_DEFCORENAME. 1358.It Li PROC_PID_LIMIT 1359Return resources limits, as defined for the 1360.Xr getrlimit 2 1361and 1362.Xr setrlimit 2 1363system calls. 1364The fourth level name is one of: 1365.Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA 1366.It Li PROC_PID_LIMIT_CPU 1367The maximum amount of cpu time (in seconds) to be used by each process. 1368.It Li PROC_PID_LIMIT_FSIZE 1369The largest size (in bytes) file that may be created. 1370.It Li PROC_PID_LIMIT_DATA 1371The maximum size (in bytes) of the data segment for a process; 1372this defines how far a program may extend its break with the 1373.Xr sbrk 2 1374system call. 1375.It Li PROC_PID_LIMIT_STACK 1376The maximum size (in bytes) of the stack segment for a process; 1377this defines how far a program's stack segment may be extended. 1378Stack extension is performed automatically by the system. 1379.It Li PROC_PID_LIMIT_CORE 1380The largest size (in bytes) 1381.Pa core 1382file that may be created. 1383.It Li PROC_PID_LIMIT_RSS 1384The maximum size (in bytes) to which a process's resident set size may 1385grow. 1386This imposes a limit on the amount of physical memory to be given to 1387a process; if memory is tight, the system will prefer to take memory 1388from processes that are exceeding their declared resident set size. 1389.It Li PROC_PID_LIMIT_MEMLOCK 1390The maximum size (in bytes) which a process may lock into memory 1391using the 1392.Xr mlock 2 1393function. 1394.It Li PROC_PID_LIMIT_NPROC 1395The maximum number of simultaneous processes for this user id. 1396.It Li PROC_PID_LIMIT_NOFILE 1397The maximum number of open files for this process. 1398.El 1399.Pp 1400The fifth level name is one of PROC_PID_LIMIT_TYPE_SOFT or 1401PROC_PID_LIMIT_TYPE_HARD, to select respectively the soft or hard limit. 1402Both are of type integer. 1403.It Li PROC_STOPEXEC 1404If non zero, the process will be stopped on next 1405.Xr exec 3 1406call. 1407The process created by 1408.Xr exec 3 1409is created in the SSTOP state and is never scheduled for running 1410before being stopped. 1411This feature helps attaching a process with a debugger such as 1412.Xr gdb 1 1413before it had the opportunity to actually do anything. 1414.Pp 1415This value is inherited by the process's children. 1416.It Li PROC_STOPFORK 1417If non zero, the process' children will be stopped after 1418.Xr fork 2 1419calls. 1420The children is created in the SSTOP state and is never scheduled 1421for running before being stopped. 1422This feature helps attaching a process with a debugger such as 1423.Xr gdb 1 1424before it had the opportunity to actually do anything. 1425.Pp 1426This value is inherited by the process's children, and it also 1427apply to emulation specific system calls that fork a new process, such as 1428.Fn sproc 1429or 1430.Fn clone . 1431.El 1432.Sh CTL_USER 1433The string and integer information available for the CTL_USER level 1434is detailed below. 1435The changeable column shows whether a process with appropriate 1436privilege may change the value. 1437.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent 1438.It Sy Pa Second level name Type Changeable 1439.It USER\_BC\_BASE\_MAX integer no 1440.It USER\_BC\_DIM\_MAX integer no 1441.It USER\_BC\_SCALE\_MAX integer no 1442.It USER\_BC\_STRING\_MAX integer no 1443.It USER\_COLL\_WEIGHTS\_MAX integer no 1444.It USER\_CS\_PATH string no 1445.It USER\_EXPR\_NEST\_MAX integer no 1446.It USER\_LINE\_MAX integer no 1447.It USER\_POSIX2\_CHAR\_TERM integer no 1448.It USER\_POSIX2\_C\_BIND integer no 1449.It USER\_POSIX2\_C\_DEV integer no 1450.It USER\_POSIX2\_FORT\_DEV integer no 1451.It USER\_POSIX2\_FORT\_RUN integer no 1452.It USER\_POSIX2\_LOCALEDEF integer no 1453.It USER\_POSIX2\_SW\_DEV integer no 1454.It USER\_POSIX2\_UPE integer no 1455.It USER\_POSIX2\_VERSION integer no 1456.It USER\_RE\_DUP\_MAX integer no 1457.It USER\_STREAM\_MAX integer no 1458.It USER\_TZNAME\_MAX integer no 1459.It USER\_ATEXIT\_MAX integer no 1460.El 1461.Bl -tag -width "123456" 1462.Pp 1463.It Li USER_BC_BASE_MAX 1464The maximum ibase/obase values in the 1465.Xr bc 1 1466utility. 1467.It Li USER_BC_DIM_MAX 1468The maximum array size in the 1469.Xr bc 1 1470utility. 1471.It Li USER_BC_SCALE_MAX 1472The maximum scale value in the 1473.Xr bc 1 1474utility. 1475.It Li USER_BC_STRING_MAX 1476The maximum string length in the 1477.Xr bc 1 1478utility. 1479.It Li USER_COLL_WEIGHTS_MAX 1480The maximum number of weights that can be assigned to any entry of 1481the LC_COLLATE order keyword in the locale definition file. 1482.It Li USER_CS_PATH 1483Return a value for the 1484.Ev PATH 1485environment variable that finds all the standard utilities. 1486.It Li USER_EXPR_NEST_MAX 1487The maximum number of expressions that can be nested within 1488parenthesis by the 1489.Xr expr 1 1490utility. 1491.It Li USER_LINE_MAX 1492The maximum length in bytes of a text-processing utility's input 1493line. 1494.It Li USER_POSIX2_CHAR_TERM 1495Return 1 if the system supports at least one terminal type capable of 1496all operations described in POSIX 1003.2, otherwise 0. 1497.It Li USER_POSIX2_C_BIND 1498Return 1 if the system's C-language development facilities support the 1499C-Language Bindings Option, otherwise 0. 1500.It Li USER_POSIX2_C_DEV 1501Return 1 if the system supports the C-Language Development Utilities Option, 1502otherwise 0. 1503.It Li USER_POSIX2_FORT_DEV 1504Return 1 if the system supports the FORTRAN Development Utilities Option, 1505otherwise 0. 1506.It Li USER_POSIX2_FORT_RUN 1507Return 1 if the system supports the FORTRAN Runtime Utilities Option, 1508otherwise 0. 1509.It Li USER_POSIX2_LOCALEDEF 1510Return 1 if the system supports the creation of locales, otherwise 0. 1511.It Li USER_POSIX2_SW_DEV 1512Return 1 if the system supports the Software Development Utilities Option, 1513otherwise 0. 1514.It Li USER_POSIX2_UPE 1515Return 1 if the system supports the User Portability Utilities Option, 1516otherwise 0. 1517.It Li USER_POSIX2_VERSION 1518The version of POSIX 1003.2 with which the system attempts to comply. 1519.It Li USER_RE_DUP_MAX 1520The maximum number of repeated occurrences of a regular expression 1521permitted when using interval notation. 1522.ne 1i 1523.It Li USER_STREAM_MAX 1524The minimum maximum number of streams that a process may have open 1525at any one time. 1526.It Li USER_TZNAME_MAX 1527The minimum maximum number of types supported for the name of a 1528timezone. 1529.It Li USER_ATEXIT_MAX 1530The maximum namber of functions that may be registered with 1531.Xr atexit 3 . 1532.El 1533.Sh CTL_VM 1534The string and integer information available for the CTL_VM level 1535is detailed below. 1536The changeable column shows whether a process with appropriate 1537privilege may change the value. 1538.Bl -column "Second level nameXXXXXX" "struct loadavgXXX" -offset indent 1539.It Sy Pa Second level name Type Changeable 1540.It VM\_ANONMAX int yes 1541.It VM\_ANONMIN int yes 1542.It VM\_EXECMAX int yes 1543.It VM\_EXECMIN int yes 1544.It VM\_FILEMAX int yes 1545.It VM\_FILEMIN int yes 1546.It VM\_LOADAVG struct loadavg no 1547.It VM\_MAXSLP int no 1548.It VM\_METER struct vmtotal no 1549.It VM\_NKMEMPAGES int no 1550.It VM\_USPACE int no 1551.It VM\_UVMEXP struct uvmexp no 1552.It VM\_UVMEXP2 struct uvmexp_sysctl no 1553.El 1554.Pp 1555.Bl -tag -width "123456" 1556.It Li VM_ANONMAX 1557The percentage of physical memory which will be reclaimed 1558from other types of memory usage to store anonymous application data. 1559.It Li VM_ANONMIN 1560The percentage of physical memory which will be always be available for 1561anonymous application data. 1562.It Li VM_EXECMAX 1563The percentage of physical memory which will be reclaimed 1564from other types of memory usage to store cached executable data. 1565.It Li VM_EXECMIN 1566The percentage of physical memory which will be always be available for 1567cached executable data. 1568.It Li VM_FILEMAX 1569The percentage of physical memory which will be reclaimed 1570from other types of memory usage to store cached file data. 1571.It Li VM_FILEMIN 1572The percentage of physical memory which will be always be available for 1573cached file data. 1574.It Li VM_LOADAVG 1575Return the load average history. 1576The returned data consists of a 1577.Va struct loadavg . 1578.It Li VM_MAXSLP 1579The value of the maxslp kernel global variable. 1580.It Li VM_METER 1581Return system wide virtual memory statistics. 1582The returned data consists of a 1583.Va struct vmtotal . 1584.It Li VM_USPACE 1585The number of bytes allocated for each kernel stack. 1586.It Li VM_UVMEXP 1587Return system wide virtual memory statistics. 1588The returned data consists of a 1589.Va struct uvmexp . 1590.It Li VM_UVMEXP2 1591Return system wide virtual memory statistics. 1592The returned data consists of a 1593.Va struct uvmexp_sysctl . 1594.El 1595.Sh CTL_DDB 1596The integer information available for the CTL_DDB level is detailed below. 1597The changeable column shows whether a process with appropriate 1598privilege may change the value. 1599.Bl -column "DBCTL_TABSTOPSXXX" "integerXXX" -offset indent 1600.It Sy Pa Second level name Type Changeable 1601.It DBCTL\_RADIX integer yes 1602.It DBCTL\_MAXOFF integer yes 1603.It DBCTL\_LINES integer yes 1604.It DBCTL\_TABSTOPS integer yes 1605.It DBCTL\_ONPANIC integer yes 1606.It DBCTL\_FROMCONSOLE integer yes 1607.El 1608.Pp 1609.Bl -tag -width "123456" 1610.It Li DBCTL_RADIX 1611The input and output radix. 1612.It Li DBCTL_MAXOFF 1613The maximum symbol offset. 1614.It Li DBCTL_LINES 1615Number of display lines. 1616.It Li DBCTL_TABSTOPS 1617Tab width. 1618.It Li DBCTL_ONPANIC 1619If non-zero, DDB will be entered when the kernel panics. 1620.It Li DBCTL_FROMCONSOLE 1621If not zero, DDB may be entered by sending a break on a serial 1622console or by a special key sequence on a graphics console. 1623.El 1624.Pp 1625These MIB nodes are also available as variables from within the DDB. 1626See 1627.Xr ddb 4 1628for more details. 1629.Sh CTL_VENDOR 1630The "vendor" toplevel name is reserved to be used by vendors who wish to 1631have their own private MIB tree. 1632Intended use is to store values under 1633.Dq vendor.\*[Lt]yourname\*[Gt].* . 1634.Sh RETURN VALUES 1635If the call to 1636.Nm 1637is successful, the number of bytes copied out is returned. 1638Otherwise \-1 is returned and 1639.Va errno 1640is set appropriately. 1641.Sh FILES 1642.Bl -tag -width \*[Lt]netinet6/udp6Xvar.h\*[Gt] -compact 1643.It Pa Aq sys/sysctl.h 1644definitions for top level identifiers, second level kernel and hardware 1645identifiers, and user level identifiers 1646.It Pa Aq sys/socket.h 1647definitions for second level network identifiers 1648.It Pa Aq sys/gmon.h 1649definitions for third level profiling identifiers 1650.It Pa Aq uvm/uvm_param.h 1651definitions for second level virtual memory identifiers 1652.It Pa Aq netinet/in.h 1653definitions for third level IPv4/v6 identifiers and 1654fourth level IPv4/v6 identifiers 1655.It Pa Aq netinet/icmp_var.h 1656definitions for fourth level ICMP identifiers 1657.It Pa Aq netinet/icmp6.h 1658definitions for fourth level ICMPv6 identifiers 1659.It Pa Aq netinet/tcp_var.h 1660definitions for fourth level TCP identifiers 1661.It Pa Aq netinet/udp_var.h 1662definitions for fourth level UDP identifiers 1663.It Pa Aq netinet6/udp6_var.h 1664definitions for fourth level IPv6 UDP identifiers 1665.It Pa Aq netinet6/ipsec.h 1666definitions for fourth level IPsec identifiers 1667.It Pa Aq netkey/key_var.h 1668definitions for third level PF_KEY identifiers 1669.El 1670.Sh ERRORS 1671The following errors may be reported: 1672.Bl -tag -width Er 1673.It Bq Er EFAULT 1674The buffer 1675.Fa name , 1676.Fa oldp , 1677.Fa newp , 1678or length pointer 1679.Fa oldlenp 1680contains an invalid address. 1681.It Bq Er EINVAL 1682The 1683.Fa name 1684array is less than two or greater than CTL_MAXNAME. 1685.It Bq Er EINVAL 1686A non-null 1687.Fa newp 1688is given and its specified length in 1689.Fa newlen 1690is too large or too small. 1691.It Bq Er ENOMEM 1692The length pointed to by 1693.Fa oldlenp 1694is too short to hold the requested value. 1695.It Bq Er ENOTDIR 1696The 1697.Fa name 1698array specifies an intermediate rather than terminal name. 1699.It Bq Er EOPNOTSUPP 1700The 1701.Fa name 1702array specifies a value that is unknown. 1703.It Bq Er EPERM 1704An attempt is made to set a read-only value. 1705.It Bq Er EPERM 1706A process without appropriate privilege attempts to set a value. 1707.It Bq Er EPERM 1708An attempt to change a value protected by the current kernel security 1709level is made. 1710.El 1711.Sh SEE ALSO 1712.Xr ipsec 4 , 1713.Xr sysctl 8 1714.Sh HISTORY 1715The 1716.Nm 1717function first appeared in 1718.Bx 4.4 . 1719