1.\" $NetBSD: sysctl.3,v 1.152 2005/06/20 15:06:18 elad Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd June 20, 2005 33.Dt SYSCTL 3 34.Os 35.Sh NAME 36.Nm sysctl , 37.Nm sysctlbyname , 38.Nm sysctlgetmibinfo , 39.Nm sysctlnametomib 40.Nd get or set system information 41.Sh LIBRARY 42.Lb libc 43.Sh SYNOPSIS 44.In sys/param.h 45.In sys/sysctl.h 46.Ft int 47.Fn sysctl "int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" \ 48"void *newp" "size_t newlen" 49.Ft int 50.Fn sysctlbyname "const char *sname" "void *oldp" "size_t *oldlenp" \ 51"void *newp" "size_t newlen" 52.Ft int 53.Fn sysctlgetmibinfo "const char *sname" "int *name" "u_int *namelenp" \ 54"char *cname" "size_t *csz" "struct sysctlnode **rnode" "int v" 55.Ft int 56.Fn sysctlnametomib "const char *sname" "int *name" "size_t *namelenp" 57.Sh DESCRIPTION 58The 59.Nm 60function retrieves system information and allows processes with 61appropriate privileges to set system information. 62The information available from 63.Nm 64consists of integers, strings, and tables. 65Information may be retrieved and set from the command interface 66using the 67.Xr sysctl 8 68utility. 69.Pp 70Unless explicitly noted below, 71.Nm 72returns a consistent snapshot of the data requested. 73Consistency is obtained by locking the destination 74buffer into memory so that the data may be copied out without blocking. 75Calls to 76.Nm 77are serialized to avoid deadlock. 78.Pp 79The state is described using a ``Management Information Base'' (MIB) 80style name, listed in 81.Fa name , 82which is a 83.Fa namelen 84length array of integers. 85.Pp 86The 87.Fn sysctlbyname 88function accepts a string representation of a MIB entry and internally 89maps it to the appropriate numeric MIB representation. 90Its semantics are otherwise no different from 91.Fn sysctl . 92.Pp 93The information is copied into the buffer specified by 94.Fa oldp . 95The size of the buffer is given by the location specified by 96.Fa oldlenp 97before the call, 98and that location gives the amount of data copied after a successful call. 99If the amount of data available is greater 100than the size of the buffer supplied, 101the call supplies as much data as fits in the buffer provided 102and returns with the error code ENOMEM. 103If the old value is not desired, 104.Fa oldp 105and 106.Fa oldlenp 107should be set to 108.Dv NULL . 109.Pp 110The size of the available data can be determined by calling 111.Nm 112with a 113.Dv NULL 114parameter for 115.Fa oldp . 116The size of the available data will be returned in the location pointed to by 117.Fa oldlenp . 118For some operations, the amount of space may change often. 119For these operations, 120the system attempts to round up so that the returned size is 121large enough for a call to return the data shortly thereafter. 122.Pp 123To set a new value, 124.Fa newp 125is set to point to a buffer of length 126.Fa newlen 127from which the requested value is to be taken. 128If a new value is not to be set, 129.Fa newp 130should be set to 131.Dv NULL 132and 133.Fa newlen 134set to 0. 135.Pp 136The 137.Fn sysctlnametomib 138function can be used to map the string representation of a MIB entry 139to the numeric version. 140The 141.Fa name 142argument should point to an array of integers large enough to hold the 143MIB, and 144.Fa namelenp 145should indicate the number of integer slots available. 146Following a successful translation, the size_t indicated by 147.Fa namelenp 148will be changed to show the number of slots consumed. 149.Pp 150The 151.Fn sysctlgetmibinfo 152function performs name translation similar to 153.Fn sysctlnametomib , 154but also canonicalizes the name (or returns the first erroneous token 155from the string being parsed) into the space indicated by 156.Fa cname 157and 158.Fa csz . 159.Fa csz 160should indicate the size of the buffer pointed to by 161.Fa cname 162and on return, will indicate the size of the returned string including 163the trailing 164.Sq nul 165character. 166.Pp 167The 168.Fa rnode 169and 170.Fa v 171arguments to 172.Fn sysctlgetmibinfo 173are used to provide a tree for it to parse into, and to get back 174either a pointer to, or a copy of, the terminal node. 175If 176.Fa rnode 177is 178.Dv NULL , 179.Fn sysctlgetmibinfo 180uses its own internal tree for parsing, and checks it against the 181kernel at each call, to make sure that the name-to-number mapping is 182kept up to date. 183The 184.Fa v 185argument is ignored in this case. 186If 187.Fa rnode 188is not 189.Dv NULL 190but the pointer it references is, on a successful return, 191.Fa rnode 192will be adjusted to point to a copy of the terminal node. 193The 194.Fa v 195argument indicates which version of the 196.Nm 197node structure the caller wants. 198The application must later 199.Fn free 200this copy. 201If neither 202.Fa rnode 203nor the pointer it references are 204.Dv NULL , 205the pointer is used as the address of a tree over which the parsing is 206done. 207In this last case, the tree is not checked against the kernel, no 208refreshing of the mappings is performed, and the value given by 209.Fa v 210must agree with the version indicated by the tree. 211It is recommended that applications always use 212.Dv SYSCTL_VERSION 213as the value for 214.Fa v , 215as defined in the include file 216.Pa sys/sysctl.h . 217.Pp 218The top level names are defined with a CTL_ prefix in 219.Aq Pa sys/sysctl.h , 220and are as follows. 221The next and subsequent levels down are found in the include files 222listed here, and described in separate sections below. 223.Pp 224.Bl -column CTLXMACHDEPXXX "Next level namesXXXXXX" -offset indent 225.It Sy Name Next level names Description 226.It CTL\_KERN sys/sysctl.h High kernel limits 227.It CTL\_VM uvm/uvm_param.h Virtual memory 228.It CTL\_VFS sys/mount.h Filesystem 229.It CTL\_NET sys/socket.h Networking 230.It CTL\_DEBUG sys/sysctl.h Debugging 231.It CTL\_HW sys/sysctl.h Generic CPU, I/O 232.It CTL\_MACHDEP sys/sysctl.h Machine dependent 233.It CTL\_USER sys/sysctl.h User-level 234.It CTL\_DDB sys/sysctl.h In-kernel debugger 235.It CTL\_PROC sys/sysctl.h Per-process 236.It CTL\_VENDOR ? Vendor specific 237.It CTL\_EMUL sys/sysctl.h Emulation settings 238.El 239.Pp 240For example, the following retrieves the maximum number of processes allowed 241in the system: 242.Bd -literal -offset indent -compact 243int mib[2], maxproc; 244size_t len; 245.sp 246mib[0] = CTL_KERN; 247mib[1] = KERN_MAXPROC; 248len = sizeof(maxproc); 249sysctl(mib, 2, \*[Am]maxproc, \*[Am]len, NULL, 0); 250.Ed 251.sp 252To retrieve the standard search path for the system utilities: 253.Bd -literal -offset indent -compact 254int mib[2]; 255size_t len; 256char *p; 257.sp 258mib[0] = CTL_USER; 259mib[1] = USER_CS_PATH; 260sysctl(mib, 2, NULL, \*[Am]len, NULL, 0); 261p = malloc(len); 262sysctl(mib, 2, p, \*[Am]len, NULL, 0); 263.Ed 264.Sh CTL_DEBUG 265The debugging variables vary from system to system. 266A debugging variable may be added or deleted without need to recompile 267.Nm 268to know about it. 269Each time it runs, 270.Nm 271gets the list of debugging variables from the kernel and 272displays their current values. 273The system defines twenty 274.Va ( struct ctldebug ) 275variables named 276.Dv debug0 277through 278.Dv debug19 . 279They are declared as separate variables so that they can be 280individually initialized at the location of their associated variable. 281The loader prevents multiple use of the same variable by issuing errors 282if a variable is initialized in more than one place. 283For example, to export the variable 284.Dv dospecialcheck 285as a debugging variable, the following declaration would be used: 286.Bd -literal -offset indent -compact 287int dospecialcheck = 1; 288struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; 289.Ed 290.Pp 291Note that the dynamic implementation of 292.Nm 293currently in use largely makes this particular 294.Nm 295interface obsolete. 296See 297.Xr sysctl 8 298.\" and 299.\" .Xr sysctl 9 300for more information. 301.Sh CTL_VFS 302A distinguished second level name, VFS_GENERIC, 303is used to get general information about all filesystems. 304One of its third level identifiers is VFS_MAXTYPENUM 305that gives the highest valid filesystem type number. 306Its other third level identifier is VFS_CONF that 307returns configuration information about the filesystem 308type given as a fourth level identifier. 309The remaining second level identifiers are the 310filesystem type number returned by a 311.Xr statfs 2 312call or from VFS_CONF. 313The third level identifiers available for each filesystem 314are given in the header file that defines the mount 315argument structure for that filesystem. 316.Sh CTL_HW 317The string and integer information available for the CTL_HW level 318is detailed below. 319The changeable column shows whether a process with appropriate 320privilege may change the value. 321.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent 322.It Sy Second level name Type Changeable 323.It HW\_MACHINE string no 324.It HW\_MODEL string no 325.It HW\_NCPU integer no 326.It HW\_BYTEORDER integer no 327.It HW\_PHYSMEM integer no 328.It HW\_PHYSMEM64 quad no 329.It HW\_USERMEM integer no 330.It HW\_USERMEM64 quad no 331.It HW\_PAGESIZE integer no 332.\".It HW\_DISKNAMES struct no 333.\".It HW\_DISKSTATS struct no 334.It HW\_MACHINE\_ARCH string no 335.It HW\_ALIGNBYTES integer no 336.It HW\_DISKNAMES string no 337.It HW\_DISKSTATS struct disk_sysctl no 338.It HW\_CNMAGIC string yes 339.El 340.Pp 341.Bl -tag -width "123456" 342.It Li HW_MACHINE 343The machine class. 344.It Li HW_MODEL 345The machine model. 346.It Li HW_NCPU 347The number of CPUs. 348.ne 1i 349.It Li HW_BYTEORDER 350The byteorder (4,321, or 1,234). 351.It Li HW_PHYSMEM 352The bytes of physical memory as a 32-bit integer. 353.It Li HW_PHYSMEM64 354The bytes of physical memory as a 64-bit integer. 355.It Li HW_USERMEM 356The bytes of non-kernel memory as a 32-bit integer. 357.It Li HW_USERMEM64 358The bytes of non-kernel memory as a 64-bit integer. 359.It Li HW_PAGESIZE 360The software page size. 361.It Li HW_MACHINE_ARCH 362The machine CPU class. 363.It Li HW_ALIGNBYTES 364Alignment constraint for all possible data types. 365This shows the value 366.Dv ALIGNBYTES 367in 368.Pa /usr/include/machine/param.h , 369at the kernel compilation time. 370.It Li HW_DISKNAMES 371The list of (space separated) disk device names on the system. 372.It Li HW_DISKSTATS 373Return statistical information on the disk devices on the system. 374An array of 375.Va struct disk_sysctl 376structures is returned, 377whose size depends on the current number of such objects in the system. 378The third level name is the size of the 379.Va struct disk_sysctl . 380.It Li HW_CNMAGIC 381The console magic key sequence. 382.El 383.Sh CTL_KERN 384The string and integer information available for the CTL_KERN level 385is detailed below. 386The changeable column shows whether a process with appropriate 387privilege may change the value. 388The types of data currently available are process information, 389system vnodes, the open file entries, routing table entries, 390virtual memory statistics, load average history, and clock rate 391information. 392.Bl -column "KERNXPOSIXXREADERXWRITERXLOCKS" "struct clockrateXXX" -offset indent 393.It Sy Second level name Type Changeable 394.It KERN\_ARGMAX integer no 395.It KERN\_AUTONICETIME integer yes 396.It KERN\_AUTONICEVAL integer yes 397.It KERN\_BOOTTIME struct timeval no 398.It KERN\_CCPU integer no 399.It KERN\_CLOCKRATE struct clockinfo no 400.It KERN\_CP\_TIME uint64_t[\|] no 401.It KERN\_DEFCORENAME string yes 402.It KERN\_DOMAINNAME string yes 403.It KERN\_DRIVERS struct kinfo_drivers no 404.It KERN\_FILE struct file no 405.It KERN\_FORKFSLEEP integer yes 406.It KERN\_FSCALE integer no 407.It KERN\_FSYNC integer no 408.It KERN\_HOSTID integer yes 409.It KERN\_HOSTNAME string yes 410.It KERN\_IOV\_MAX integer no 411.It KERN\_JOB\_CONTROL integer no 412.It KERN\_LABELOFFSET integer no 413.It KERN\_LABELSECTOR integer no 414.It KERN\_LOGIN\_NAME\_MAX integer no 415.It KERN\_LOGSIGEXIT integer yes 416.It KERN\_MAPPED\_FILES integer no 417.It KERN\_MAXFILES integer yes 418.It KERN\_MAXPARTITIONS integer no 419.It KERN\_MAXPROC integer yes 420.It KERN\_MAXPTYS integer yes 421.It KERN\_MAXVNODES integer yes 422.It KERN\_MBUF node not applicable 423.It KERN\_MEMLOCK integer no 424.It KERN\_MEMLOCK\_RANGE integer no 425.It KERN\_MEMORY\_PROTECTION integer no 426.It KERN\_MONOTONIC\_CLOCK integer no 427.It KERN\_MSGBUF char[\|] no 428.It KERN\_MSGBUFSIZE integer no 429.It KERN\_NGROUPS integer no 430.It KERN\_NTPTIME struct ntptimeval no 431.It KERN\_OSRELEASE string no 432.It KERN\_OSREV integer no 433.It KERN\_OSTYPE string no 434.It KERN\_POSIX1 integer no 435.It KERN\_POSIX\_BARRIERS integer no 436.It KERN\_POSIX\_READER\_WRITER\_LOCKS integer no 437.It KERN\_POSIX\_SEMAPHORES integer no 438.It KERN\_POSIX\_SPIN\_LOCKS integer no 439.It KERN\_POSIX\_THREADS integer no 440.It KERN\_POSIX\_TIMERS integer no 441.It KERN\_PROC struct kinfo_proc no 442.It KERN\_PROC2 struct kinfo_proc2 no 443.It KERN\_PROC\_ARGS string no 444.It KERN\_PROF node not applicable 445.It KERN\_RAWPARTITION integer no 446.It KERN\_ROOT\_DEVICE string no 447.It KERN\_ROOT\_PARTITION integer no 448.It KERN\_RTC\_OFFSET integer yes 449.It KERN\_SAVED\_IDS integer no 450.It KERN\_SECURELVL integer raise only 451.It KERN\_SYNCHRONIZED\_IO integer no 452.It KERN\_SYSVIPC\_INFO node not applicable 453.It KERN\_SYSVMSG integer no 454.It KERN\_SYSVSEM integer no 455.It KERN\_SYSVSHM integer no 456.It KERN\_TKSTAT node not applicable 457.It KERN\_VERIEXEC node not applicable 458.It KERN\_VERSION string no 459.It KERN\_VNODE struct vnode no 460.El 461.ne 1i 462.Pp 463.Bl -tag -width "123456" 464.It Li KERN_ARGMAX 465The maximum bytes of argument to 466.Xr execve 2 . 467.It Li KERN_AUTONICETIME 468The number of seconds of CPU-time a non-root process may accumulate before 469having its priority lowered from the default to the value of KERN_AUTONICEVAL. 470If set to 0, automatic lowering of priority is not performed, and if set to \-1 471all non-root processes are immediately lowered. 472.It Li KERN_AUTONICEVAL 473The priority assigned for automatically niced processes. 474.It Li KERN_BOOTTIME 475A 476.Va struct timeval 477structure is returned. 478This structure contains the time that the system was booted. 479.It Li KERN_CCPU 480The scheduler exponential decay value. 481.It Li KERN_CLOCKRATE 482A 483.Va struct clockinfo 484structure is returned. 485This structure contains the clock, statistics clock and profiling clock 486frequencies, the number of micro-seconds per hz tick, and the clock 487skew rate. 488.It Li KERN_CP_TIME 489Returns an array of CPUSTATES uint64_ts. 490This array contains the 491number of clock ticks spent in different CPU states. 492On multi-processor systems, the sum across all CPUs is returned unless 493appropriate space is given for one data set for each CPU. 494Data for a specific CPU can also be obtained by adding the number of the 495CPU at the end of the MIB, enlarging it by one. 496.It Li KERN_DEFCORENAME 497Default template for the name of core dump files (see also PROC_PID_CORENAME 498in the per-process variables CTL_PROC, and 499.Xr core 5 500for format of this template). 501The default value is 502.Nm %n.core 503and can be changed with the kernel configuration option 504.Cd options DEFCORENAME 505(see 506.Xr options 4 507). 508.It Li KERN_DOMAINNAME 509Get or set the YP domain name. 510.It Li KERN_DRIVERS 511Return an array of 512.Va struct kinfo_drivers 513that contains the name and major device numbers of all the device drivers 514in the current kernel. 515The 516.Va d_name 517field is always a NUL terminated string. 518The 519.Va d_bmajor 520field will be set to \-1 if the driver doesn't have a block device. 521.It Li KERN_FILE 522Return the entire file table. 523The returned data consists of a single 524.Va struct filehead 525followed by an array of 526.Va struct file , 527whose size depends on the current number of such objects in the system. 528.It Li KERN_FSCALE 529The kernel fixed-point scale factor. 530.It Li KERN_FORKFSLEEP 531If 532.Xr fork 2 533system call fails due to limit on number of processes (either 534the global maxproc limit or user's one), wait for this many 535milliseconds before returning 536.Er EAGAIN 537error to process. 538Useful to keep heavily forking runaway processes in bay. 539Default zero (no sleep). 540Maximum is 20 seconds. 541.It Li KERN_FSYNC 542Return 1 if the POSIX 1003.1b File Synchronization Option is available 543on this system, 544otherwise 0. 545.It Li KERN_HOSTID 546Get or set the host id. 547.It Li KERN_HOSTNAME 548Get or set the hostname. 549.It Li KERN_IOV_MAX 550Return the maximum number of 551.Va iovec 552structures that a process has available for use with 553.Xr preadv 2 , 554.Xr pwritev 2 , 555.Xr readv 2 , 556.Xr recvmsg 2 , 557.Xr sendmsg 2 558and 559.Xr writev 2 . 560.It Li KERN_JOB_CONTROL 561Return 1 if job control is available on this system, otherwise 0. 562.It Li KERN_LABELOFFSET 563The offset within the sector specified by KERN_LABELSECTOR of the 564.Xr disklabel 5 . 565.It Li KERN_LABELSECTOR 566The sector number containing the 567.Xr disklabel 5 . 568.It Li KERN_LOGIN_NAME_MAX 569The size of the storage required for a login name, in bytes, 570including the terminating NUL. 571.It Li KERN_LOGSIGEXIT 572If this flag is non-zero, the kernel will 573.Xr log 9 574all process exits due to signals which create a 575.Xr core 5 576file, and whether the coredump was created. 577.It Li KERN_MAPPED_FILES 578Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available 579on this system, 580otherwise 0. 581.It Li KERN_MAXFILES 582The maximum number of open files that may be open in the system. 583.It Li KERN_MAXPARTITIONS 584The maximum number of partitions allowed per disk. 585.It Li KERN_MAXPROC 586The maximum number of simultaneous processes the system will allow. 587.It Li KERN_MAXPTYS 588The maximum number of pseudo terminals. 589This value can be both raised and lowered, though it cannot 590be set lower than number of currently used ptys. 591See also 592.Xr pty 4 . 593.It Li KERN_MAXVNODES 594The maximum number of vnodes available on the system. 595This can only be raised. 596.It Li KERN_MBUF 597Return information about the mbuf control variables. 598the third level names for the mbuf variables are detailed below. 599The changeable column shows whether a process with appropriate 600privilege may change the value. 601.Bl -column "MBUFXNMBCLUSTERSXXX" "struct integerXXX" -offset indent 602.It Sy Third level name Type Changeable 603.It MBUF\_MSIZE integer yes 604.It MBUF\_MCLBYTES integer yes 605.It MBUF\_NMBCLUSTERS integer yes 606.It MBUF\_MBLOWAT integer yes 607.It MBUF\_MCLLOWAT integer yes 608.El 609.Pp 610The variables are as follows: 611.Bl -tag -width "123456" 612.It Li MBUF_MSIZE 613The mbuf base size. 614.It Li MBUF_MCLBYTES 615The mbuf cluster size. 616.It Li MBUF_NMBCLUSTERS 617The limit on the number of mbuf clusters. 618The variable can only be increased, and only increased on machines with 619direct-mapped pool pages 620.It Li MBUF_MBLOWAT 621The mbuf low water mark. 622.It Li MBUF_MCLLOWAT 623The mbuf cluster low water mark. 624.El 625.It Li KERN_MEMLOCK 626Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available 627on this system, 628otherwise 0. 629.It Li KERN_MEMLOCK_RANGE 630Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available 631on this system, 632otherwise 0. 633.It Li KERN_MEMORY_PROTECTION 634Returns 1 if the POSIX 1003.1b Memory Protection Option is available 635on this system, 636otherwise 0. 637.It Li KERN_MONOTONIC_CLOCK 638Returns the standard version the implementation of the POSIX 1003.1b 639Monotonic Clock Option conforms to, 640otherwise 0. 641.It Li KERN_MSGBUF 642The kernel message buffer, rotated so that the head of the circular kernel 643message buffer is returned at the start of the buffer specified by 644.Fa oldp . 645The returned data may contain NUL bytes. 646.It Li KERN_MSGBUFSIZE 647The maximum number of characters that the kernel message buffer can hold. 648.It Li KERN_NGROUPS 649The maximum number of supplemental groups. 650.It Li KERN_NO_TRUNC 651Return 1 if file names longer than KERN_NAME_MAX are truncated. 652.It Li KERN_NTPTIME 653A 654.Va struct ntptimeval 655structure is returned. 656This structure contains data used by the 657.Xr ntpd 8 658program. 659.It Li KERN_OSRELEASE 660The system release string. 661.It Li KERN_OSREV 662The system revision string. 663.It Li KERN_OSTYPE 664The system type string. 665.It Li KERN_PATH_MAX 666The maximum number of bytes in a pathname. 667.It Li KERN_POSIX1 668The version of ISO/IEC 9945 (POSIX 1003.1) with which the system 669attempts to comply. 670.It Li KERN_POSIX_BARRIERS 671The version of 672.St -p1003.1 673and its 674Barriers 675option to which the system attempts to conform, 676otherwise 0. 677.It Li KERN_POSIX_READER_WRITER_LOCKS 678The version of 679.St -p1003.1 680and its 681Read-Write Locks 682option to which the system attempts to conform, 683otherwise 0. 684.It Li KERN_POSIX_SEMAPHORES 685The version of 686.St -p1003.1 687and its 688Semaphores 689option to which the system attempts to conform, 690otherwise 0. 691.It Li KERN_POSIX_SPIN_LOCKS 692The version of 693.St -p1003.1 694and its 695Spin Locks 696option to which the system attempts to conform, 697otherwise 0. 698.It Li KERN_POSIX_THREADS 699The version of 700.St -p1003.1 701and its 702Threads 703option to which the system attempts to conform, 704otherwise 0. 705.It Li KERN_POSIX_TIMERS 706The version of 707.St -p1003.1 708and its 709Timers 710option to which the system attempts to conform, 711otherwise 0. 712.It Li KERN_PROC 713Return the entire process table, or a subset of it. 714An array of 715.Va struct kinfo_proc 716structures is returned, 717whose size depends on the current number of such objects in the system. 718The third and fourth level names are as follows: 719.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent 720.It Sy Third level name Fourth level is: 721.It KERN\_PROC\_ALL None 722.It KERN\_PROC\_PID A process ID 723.It KERN\_PROC\_PGRP A process group 724.It KERN\_PROC\_SESSION A session ID 725.It KERN\_PROC\_TTY A tty device 726.It KERN\_PROC\_UID A user ID 727.It KERN\_PROC\_RUID A real user ID 728.It KERN\_PROC\_GID A group ID 729.It KERN\_PROC\_RGID A real group ID 730.El 731.It Li KERN_PROC2 732As for KERN_PROC, but an array of 733.Va struct kinfo_proc2 734structures are returned. 735The fifth level name is the size of the 736.Va struct kinfo_proc2 737and the sixth level name is the number of structures to return. 738.It Li KERN_PROC_ARGS 739Return the argv or environment strings (or the number thereof) 740of a process. 741Multiple strings are returned separated by NUL characters. 742The third level name is the process ID. 743The fourth level name is as follows: 744.Bl -column "Third level nameXXXXXX" -offset indent 745.It KERN\_PROC\_ARGV The argv strings 746.It KERN\_PROC\_NARGV The number of argv strings 747.It KERN\_PROC\_ENV The environ strings 748.It KERN\_PROC\_NENV The number of environ strings 749.El 750.It Li KERN_PROF 751Return profiling information about the kernel. 752If the kernel is not compiled for profiling, 753attempts to retrieve any of the KERN_PROF values will 754fail with EOPNOTSUPP. 755The third level names for the string and integer profiling information 756is detailed below. 757The changeable column shows whether a process with appropriate 758privilege may change the value. 759.Bl -column "GPROFXGMONPARAMXXX" "struct gmonparamXXX" -offset indent 760.It Sy Third level name Type Changeable 761.It GPROF\_STATE integer yes 762.It GPROF\_COUNT u_short[\|] yes 763.It GPROF\_FROMS u_short[\|] yes 764.It GPROF\_TOS struct tostruct yes 765.It GPROF\_GMONPARAM struct gmonparam no 766.El 767.Pp 768The variables are as follows: 769.Bl -tag -width "123456" 770.It Li GPROF_STATE 771Profiling state. 772If set to GMON_PROF_ON, starts profiling. 773If set to GMON_PROF_OFF, stops profiling. 774.It Li GPROF_COUNT 775Array of statistical program counter counts. 776.It Li GPROF_FROMS 777Array indexed by program counter of call-from points. 778.It Li GPROF_TOS 779Array of 780.Va struct tostruct 781describing destination of calls and their counts. 782.It Li GPROF_GMONPARAM 783Structure giving the sizes of the above arrays. 784.El 785.It Li KERN_RAWPARTITION 786The raw partition of a disk (a == 0). 787.It Li KERN_ROOT_DEVICE 788The name of the root device (e.g., 789.Dq wd0 ) . 790.It Li KERN_ROOT_PARTITION 791The root partition on the root device (a == 0). 792.It Li KERN_RTC_OFFSET 793Return the offset of real time clock from UTC in minutes. 794.It Li KERN_SAVED_IDS 795Returns 1 if saved set-group and saved set-user ID is available. 796.It Li KERN_SECURELVL 797The system security level. 798This level may be raised by processes with appropriate privilege. 799It may only be lowered by process 1. 800.It Li KERN_SYNCHRONIZED_IO 801Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available 802on this system, 803otherwise 0. 804.It Li KERN_SYSVIPC_INFO 805Return System V style IPC configuration and run-time information. 806The third level name selects the System V style IPC facility. 807.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent 808.It Sy Third level name Type 809.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info 810.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info 811.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info 812.El 813.Pp 814.Bl -tag -width "123456" 815.It Li KERN_SYSVIPC_MSG_INFO 816Return information on the System V style message facility. 817The 818.Sy msg_sysctl_info 819structure is defined in 820.Aq Pa sys/msg.h . 821.It Li KERN_SYSVIPC_SEM_INFO 822Return information on the System V style semaphore facility. 823The 824.Sy sem_sysctl_info 825structure is defined in 826.Aq Pa sys/sem.h . 827.It Li KERN_SYSVIPC_SHM_INFO 828Return information on the System V style shared memory facility. 829The 830.Sy shm_sysctl_info 831structure is defined in 832.Aq Pa sys/shm.h . 833.El 834.It Li KERN_SYSVMSG 835Returns 1 if System V style message queue functionality is available 836on this system, 837otherwise 0. 838.It Li KERN_SYSVSEM 839Returns 1 if System V style semaphore functionality is available 840on this system, 841otherwise 0. 842.It Li KERN_SYSVSHM 843Returns 1 if System V style share memory functionality is available 844on this system, 845otherwise 0. 846.It Li KERN_TKSTAT 847Return information about the number of characters sent and received 848on ttys. 849The third level names for the tty statistic variables are detailed below. 850The changeable column shows whether a process 851with appropriate privilege may change the value. 852.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent 853.It Sy Third level name Type Changeable 854.It KERN\_TKSTAT\_NIN quad no 855.It KERN\_TKSTAT\_NOUT quad no 856.It KERN\_TKSTAT\_CANCC quad no 857.It KERN\_TKSTAT\_RAWCC quad no 858.El 859.Pp 860The variables are as follows: 861.Bl -tag -width "123456" 862.It Li KERN_TKSTAT_NIN 863The total number of input characters. 864.It Li KERN_TKSTAT_NOUT 865The total number of output characters. 866.It Li KERN_TKSTAT_CANCC 867The number of canonical input characters. 868.It Li KERN_TKSTAT_RAWCC 869The number of raw input characters. 870.El 871.It Li KERN_VERIEXEC 872Tunings for Verified Exec. 873Third level names for the veriexec variables are detailed below. 874The changeable column shows whether a process with appropriate 875privilege may change the value or only raise it. 876Only the superuser can modify these variables. 877.Bl -column "VERIEXECXALGORITHMSXXX" "struct integerXXX" -offset indent 878.It Sy Third level name Type Changeable 879.It VERIEXEC\_VERBOSE integer yes 880.It VERIEXEC\_STRICT integer raise only 881.It VERIEXEC\_ALGORITHMS string no 882.It VERIEXEC\_COUNT node foobar 883.El 884.Pp 885The variables are as follows: 886.Bl -tag -width "123456" 887.It Li VERIEXEC_VERBOSE 888Controls the verbosity level of Verified Exec. 889If 0, only the minimal 890indication required will be given about what's happening - fingerprint 891mismatches, removal of entries from the tables, modification of a 892fingerprinted file. 893If 1, more messages will be printed (ie., when a file with a valid 894fingerprint is accessed). 895Verbose level 2 is debug mode. 896.It Li VERIEXEC_STRICT 897Controls the strict level of Verified Exec. 898The strict level defines how 899Verified Exec will treat various situations. 900In strict level 0, the system is in learning mode and will only warn about 901fingerprint mismatches, aswell as allow removal of fingerprinted files. 902It is the only level where fingerprints can be loaded. 903In strict level 1, the system is in IDS mode. 904It will deny access to files with mismatched fingerprints. 905In strict level 2, the system is in IPS mode. 906It has all effects of 907strict level 1, plus it will deny write access to monitored files, 908prevent their removal, and enforce access type (direct, indirect, file). 909Strict level 3 operates as lockdown mode. 910It will have all effects of 911strict level 2, but it will also prevent access to non-monitored files. 912Furthermore, it will prevent addition of new files to the system, and 913allow writing only to files opened before the strict level was raised. 914.It Li VERIEXEC_ALGORITHMS 915Returns a string with the supported algorithms in Verified Exec. 916.It Li VERIEXEC_COUNT 917Variables are added to this node as new hash tables are created to 918contain Verified Exec data for a new device. 919Each variable in the node 920will have a name in the form of 921.No dev_ Ns Aq id 922where 923.Aq id 924is the device id. 925For example, the variable for the root device may be dev_0. 926The value of this 927variable will be the amount of fingerprinted files on the device. 928.El 929.It Li KERN_VERSION 930The system version string. 931.It Li KERN_VNODE 932Return the entire vnode table. 933Note, the vnode table is not necessarily a consistent snapshot of 934the system. 935The returned data consists of an array whose size depends on the 936current number of such objects in the system. 937Each element of the array contains the kernel address of a vnode 938.Va struct vnode * 939followed by the vnode itself 940.Va struct vnode . 941.El 942.Sh CTL_MACHDEP 943The set of variables defined is architecture dependent. 944Most architectures define at least the following variables. 945.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent 946.It Sy Second level name Type Changeable 947.It Li CPU_CONSDEV dev_t no 948.El 949.Sh CTL_NET 950The string and integer information available for the CTL_NET level 951is detailed below. 952The changeable column shows whether a process with appropriate 953privilege may change the value. 954The second and third levels are typically the protocol family and 955protocol number, though this is not always the case. 956.Bl -column "Second level nameXXXXXX" "routing messagesXXX" -offset indent 957.It Sy Second level name Type Changeable 958.It PF\_ROUTE routing messages no 959.It PF\_INET IPv4 values yes 960.It PF\_INET6 IPv6 values yes 961.It PF\_KEY IPsec key management values yes 962.El 963.Pp 964.Bl -tag -width "123456" 965.It Li PF_ROUTE 966Return the entire routing table or a subset of it. 967The data is returned as a sequence of routing messages (see 968.Xr route 4 969for the header file, format and meaning). 970The length of each message is contained in the message header. 971.Pp 972The third level name is a protocol number, which is currently always 0. 973The fourth level name is an address family, which may be set to 0 to 974select all address families. 975The fifth and sixth level names are as follows: 976.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent 977.It Sy Fifth level name Sixth level is: 978.It NET\_RT\_FLAGS rtflags 979.It NET\_RT\_DUMP None 980.It NET\_RT\_IFLIST None 981.El 982.It Li PF_INET 983Get or set various global information about the IPv4 984.Pq Internet Protocol version 4 . 985The third level name is the protocol. 986The fourth level name is the variable name. 987The currently defined protocols and names are: 988.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 989.It Sy Protocol name Variable name Type Changeable 990.It ip forwarding integer yes 991.It ip redirect integer yes 992.It ip ttl integer yes 993.It ip forwsrcrt integer yes 994.It ip directed-broadcast integer yes 995.It ip allowsrcrt integer yes 996.It ip subnetsarelocal integer yes 997.It ip mtudisc integer yes 998.It ip anonportmin integer yes 999.It ip anonportmax integer yes 1000.It ip mtudisctimeout integer yes 1001.It ip gifttl integer yes 1002.It ip grettl integer yes 1003.It ip lowportmin integer yes 1004.It ip lowportmax integer yes 1005.It ip maxfragpacket integer yes 1006.It ip checkinterface integer yes 1007.It icmp maskrepl integer yes 1008.It icmp errppslimit integer yes 1009.It icmp rediraccept integer yes 1010.It icmp redirtimeout integer yes 1011.It tcp rfc1323 integer yes 1012.It tcp sendspace integer yes 1013.It tcp recvspace integer yes 1014.It tcp mssdflt integer yes 1015.It tcp syn_cache_limit integer yes 1016.It tcp syn_bucket_limit integer yes 1017.It tcp syn_cache_interval integer yes 1018.It tcp init_win integer yes 1019.It tcp init_win_local integer yes 1020.It tcp mss_ifmtu integer yes 1021.It tcp sack integer yes 1022.It tcp win_scale integer yes 1023.It tcp timestamps integer yes 1024.It tcp compat_42 integer yes 1025.It tcp cwm integer yes 1026.It tcp cwm_burstsize integer yes 1027.It tcp ack_on_push integer yes 1028.It tcp keepidle integer yes 1029.It tcp keepintvl integer yes 1030.It tcp keepcnt integer yes 1031.It tcp slowhz integer no 1032.It tcp newreno integer yes 1033.It tcp log_refused integer yes 1034.It tcp rstppslimit integer yes 1035.It tcp ident struct no 1036.It udp checksum integer yes 1037.It udp sendspace integer yes 1038.It udp recvspace integer yes 1039.El 1040.Pp 1041The variables are as follows: 1042.Bl -tag -width "123456" 1043.It Li ip.forwarding 1044If set to 1, enables IP forwarding for the host, 1045meaning that the host is acting as a router. 1046.It Li ip.redirect 1047If set to 1, ICMP redirects may be sent by the host. 1048This option is ignored unless the host is routing IP packets, 1049and should normally be enabled on all systems. 1050.It Li ip.ttl 1051The maximum time-to-live (hop count) value for an IP packet sourced by 1052the system. 1053This value applies to normal transport protocols, not to ICMP. 1054.It Li ip.forwsrcrt 1055If set to 1, enables forwarding of source-routed packets for the host. 1056This value may only be changed if the kernel security level is less than 1. 1057.It Li ip.directed-broadcast 1058If set to 1, enables directed broadcast behavior for the host. 1059.It Li ip.allowsrcrt 1060If set to 1, the host accepts source routed packets. 1061.It Li ip.subnetsarelocal 1062If set to 1, subnets are to be considered local addresses. 1063.It Li ip.mtudisc 1064If set to 1, enables Path MTU Discovery (RFC 1191). 1065When Path MTU Discovery is enabled, the transmitted TCP segment 1066size will be determined by the advertised maximum segment size 1067(MSS) from the remote end, as constrained by the path MTU. 1068If MTU Discovery is disabled, the transmitted segment size will 1069never be greater than 1070.Li tcp.mssdflt 1071(the local maximum segment size). 1072.It Li ip.anonportmin 1073The lowest port number to use for TCP and UDP ephemeral port allocation. 1074This cannot be set to less than 1024 or greater than 65535. 1075.It Li ip.anonportmax 1076The highest port number to use for TCP and UDP ephemeral port allocation. 1077This cannot be set to less than 1024 or greater than 65535, and must 1078be greater than 1079.Li ip.anonportmin . 1080.It Li ip.mtudisctimeout 1081The number of seconds in which a route added by the Path MTU 1082Discovery engine will time out. 1083When the route times out, the Path 1084MTU Discovery engine will attempt to probe a larger path MTU. 1085.It Li ip.gifttl 1086The maximum time-to-live (hop count) value for an IPv4 packet generated by 1087.Xr gif 4 1088tunnel interface. 1089.It Li ip.grettl 1090The maximum time-to-live (hop count) value for an IPv4 packet generated by 1091.Xr gre 4 1092tunnel interface. 1093.It Li ip.lowportmin 1094The lowest port number to use for TCP and UDP reserved port allocation. 1095This cannot be set to less than 0 or greater than 1024, and must 1096be smaller than 1097.Li ip.lowportmax . 1098.It Li ip.lowportmax 1099The highest port number to use for TCP and UDP reserved port allocation. 1100This cannot be set to less than 0 or greater than 1024, and must 1101be greater than 1102.Li ip.lowportmin . 1103.It Li ip.maxfragpackets 1104The maximum number of fragmented packets the node will accept. 11050 means that the node will not accept any fragmented packets. 1106\-1 means that the node will accept as many fragmented packets as it receives. 1107The flag is provided basically for avoiding possible DoS attacks. 1108.It Li ip.checkinterface 1109If set to non-zero, the host will reject packets addressed to it 1110that arrive on an interface not bound to that address. 1111Currently, this must be disabled if ipnat is used to translate the 1112destination address to another local interface, or if addresses 1113are added to the loopback interface instead of the interface where 1114the packets for those packets are received. 1115.It Li icmp.maskrepl 1116If set to 1, ICMP network mask requests are to be answered. 1117.It Li icmp.errppslimit 1118The variable specifies the maximum number of outgoing ICMP error messages, 1119per second. 1120ICMP error messages that exceeded the value are subject to rate limitation 1121and will not go out from the node. 1122Negative value disables rate limitation. 1123.It Li icmp.rediraccept 1124If set to non-zero, the host will accept ICMP redirect packets. 1125Note that routers will never accept ICMP redirect packets, 1126and the variable is meaningful on IP hosts only. 1127.It Li icmp.redirtimeout 1128The variable specifies lifetime of routing entries generated by incoming 1129ICMP redirect. 1130This defaults to 600 seconds. 1131.It Li tcp.rfc1323 1132If set to 1, enables RFC 1323 extensions to TCP. 1133.It Li tcp.sendspace 1134The default TCP send buffer size. 1135.It Li tcp.recvspace 1136The default TCP receive buffer size. 1137.It Li tcp.mssdflt 1138The default maximum segment size both advertised to the peer 1139and to use when either the peer does not advertise a maximum segment size to 1140us during connection setup or Path MTU Discovery 1141.Li ( ip.mtudisc ) 1142is disabled. 1143Do not change this value unless you really know what you are doing. 1144.It Li tcp.syn_cache_limit 1145The maximum number of entries allowed in the TCP compressed state 1146engine. 1147.It Li tcp.syn_bucket_limit 1148The maximum number of entries allowed per hash bucket in the TCP 1149compressed state engine. 1150.It Li tcp.syn_cache_interval 1151The TCP compressed state engine's timer interval. 1152.It Li tcp.init_win 1153A value indicating the TCP initial congestion window. 1154If this value is 0, an auto-tuning algorithm designed to use an initial 1155window of approximately 4K bytes is in use. 1156Otherwise, this value indicates a fixed number of packets. 1157.It Li tcp.init_win_local 1158Like 1159.Li tcp.init_win , 1160but used when communicating with hosts on a local network. 1161.It Li tcp.mss_ifmtu 1162If set to 1, TCP calculates the outgoing maximum segment size based on 1163the MTU of the appropriate interface. 1164If set to 0, it is calculated based on the greater of the MTU of the 1165interface, and the largest (non-loopback) interface MTU on the system. 1166.It Li tcp.sack 1167If set to 1, enables RFC 2018 Selective ACKnowledgement. 1168.It Li tcp.win_scale 1169If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1170for increasing the TCP window size, are enabled. 1171.It Li tcp.timestamps 1172If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1173used for measuring TCP round trip times, are enabled. 1174.It Li tcp.compat_42 1175If set to 1, enables work-arounds for bugs in the 4.2BSD TCP implementation. 1176Use of this option is not recommended, although it may be 1177required in order to communicate with extremely old TCP implementations. 1178.It Li tcp.cwm 1179If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window 1180Monitoring algorithm. 1181This algorithm prevents line-rate bursts of packets that could 1182otherwise occur when data begins flowing on an idle TCP connection. 1183These line-rate bursts can contribute to network and router congestion. 1184This can be particularly useful on World Wide Web servers 1185which support HTTP/1.1, which has lingering connections. 1186.It Li tcp.cwm_burstsize 1187The Congestion Window Monitoring allowed burst size, in terms 1188of packet count. 1189.It Li tcp.ack_on_push 1190If set to 1, TCP is to immediately transmit an ACK upon reception of 1191a packet with PUSH set. 1192This can avoid losing a round trip time in some rare situations, 1193but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1194Use of this option is generally not recommended, but 1195the variable exists in case your configuration really needs it. 1196.It Li tcp.keepidle 1197Time a connection must be idle before keepalives are sent (if keepalives 1198are enabled for the connection). 1199See also tcp.slowhz. 1200.It Li tcp.keepintvl 1201Time after a keepalive probe is sent until, in the absence of any response, 1202another probe is sent. 1203See also tcp.slowhz. 1204.It Li tcp.keepcnt 1205Number of keepalive probes sent before declaring a connection dead. 1206If set to zero, there is no limit; 1207keepalives will be sent until some kind of 1208response is received from the peer. 1209.It Li tcp.slowhz 1210The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1211of a clock that ticks tcp.slowhz times per second. 1212(That is, their values 1213must be divided by the tcp.slowhz value to get times in seconds.) 1214.It Li tcp.newreno 1215If set to 1, enables the use of J. 1216Hoe's NewReno congestion control algorithm. 1217This algorithm improves the start-up behavior of TCP connections. 1218.It Li tcp.log_refused 1219If set to 1, refused TCP connections to the host will be logged. 1220.It Li tcp.rstppslimit 1221The variable specifies the maximum number of outgoing TCP RST packets, 1222per second. 1223TCP RST packet that exceeded the value are subject to rate limitation 1224and will not go out from the node. 1225Negative value disables rate limitation. 1226.It Li udp.checksum 1227If set to 1, UDP checksums are being computed. 1228Received non-zero UDP checksums are always checked. 1229Disabling UDP checksums is strongly discouraged. 1230.It Li udp.sendspace 1231The default UDP send buffer size. 1232.It Li udp.recvspace 1233The default UDP receive buffer size. 1234.El 1235.Pp 1236For variables net.*.ipsec, please refer to 1237.Xr ipsec 4 . 1238.It Li PF_INET6 1239Get or set various global information about the IPv6 1240.Pq Internet Protocol version 6 . 1241The third level name is the protocol. 1242The fourth level name is the variable name. 1243The currently defined protocols and names are: 1244.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 1245.It Sy Protocol name Variable name Type Changeable 1246.It ip6 forwarding integer yes 1247.It ip6 redirect integer yes 1248.It ip6 hlim integer yes 1249.It ip6 maxfragpackets integer yes 1250.It ip6 accept_rtadv integer yes 1251.It ip6 keepfaith integer yes 1252.It ip6 log_interval integer yes 1253.It ip6 hdrnestlimit integer yes 1254.It ip6 dad_count integer yes 1255.It ip6 auto_flowlabel integer yes 1256.It ip6 defmcasthlim integer yes 1257.It ip6 gif_hlim integer yes 1258.It ip6 kame_version string no 1259.It ip6 use_deprecated integer yes 1260.It ip6 rr_prune integer yes 1261.It ip6 v6only integer yes 1262.It ip6 anonportmin integer yes 1263.It ip6 anonportmax integer yes 1264.It ip6 lowportmin integer yes 1265.It ip6 lowportmax integer yes 1266.It ip6 maxfrags integer yes 1267.It icmp6 rediraccept integer yes 1268.It icmp6 redirtimeout integer yes 1269.It icmp6 nd6_prune integer yes 1270.It icmp6 nd6_delay integer yes 1271.It icmp6 nd6_umaxtries integer yes 1272.It icmp6 nd6_mmaxtries integer yes 1273.It icmp6 nd6_useloopback integer yes 1274.It icmp6 nodeinfo integer yes 1275.It icmp6 errppslimit integer yes 1276.It icmp6 nd6_maxnudhint integer yes 1277.It icmp6 mtudisc_hiwat integer yes 1278.It icmp6 mtudisc_lowat integer yes 1279.It icmp6 nd6_debug integer yes 1280.It udp6 sendspace integer yes 1281.It udp6 recvspace integer yes 1282.El 1283.Pp 1284The variables are as follows: 1285.Bl -tag -width "123456" 1286.It Li ip6.forwarding 1287If set to 1, enables IPv6 forwarding for the node, 1288meaning that the node is acting as a router. 1289If set to 0, disables IPv6 forwarding for the node, 1290meaning that the node is acting as a host. 1291IPv6 specification defines node behavior for 1292.Dq router 1293case and 1294.Dq host 1295case quite differently, and changing this variable during operation 1296may cause serious trouble. 1297It is recommended to configure the variable at bootstrap time, 1298and bootstrap time only. 1299.It Li ip6.redirect 1300If set to 1, ICMPv6 redirects may be sent by the node. 1301This option is ignored unless the node is routing IP packets, 1302and should normally be enabled on all systems. 1303.It Li ip6.hlim 1304The default hop limit value for an IPv6 unicast packet sourced by the node. 1305This value applies to all the transport protocols on top of IPv6. 1306There are APIs to override the value, as documented in 1307.Xr ip6 4 . 1308.It Li ip6.maxfragpackets 1309The maximum number of fragmented packets the node will accept. 13100 means that the node will not accept any fragmented packets. 1311\-1 means that the node will accept as many fragmented packets as it receives. 1312The flag is provided basically for avoiding possible DoS attacks. 1313.It Li ip6.accept_rtadv 1314If set to non-zero, the node will accept ICMPv6 router advertisement packets 1315and autoconfigures address prefixes and default routers. 1316The node must be a host 1317.Pq not a router 1318for the option to be meaningful. 1319.It Li ip6.keepfaith 1320If set to non-zero, it enables 1321.Dq FAITH 1322TCP relay IPv6-to-IPv4 translator code in the kernel. 1323Refer 1324.Xr faith 4 1325and 1326.Xr faithd 8 1327for detail. 1328.It Li ip6.log_interval 1329The variable controls amount of logs generated by IPv6 packet 1330forwarding engine, by setting interval between log output 1331.Pq in seconds . 1332.It Li ip6.hdrnestlimit 1333The number of IPv6 extension headers permitted on incoming IPv6 packets. 1334If set to 0, the node will accept as many extension headers as possible. 1335.It Li ip6.dad_count 1336The variable configures number of IPv6 DAD 1337.Pq duplicated address detection 1338probe packets. 1339The packets will be generated when IPv6 interface addresses are configured. 1340.It Li ip6.auto_flowlabel 1341On connected transport protocol packets, 1342fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1343.It Li ip6.defmcasthlim 1344The default hop limit value for an IPv6 multicast packet sourced by the node. 1345This value applies to all the transport protocols on top of IPv6. 1346There are APIs to override the value, as documented in 1347.Xr ip6 4 . 1348.It Li ip6.gif_hlim 1349The maximum hop limit value for an IPv6 packet generated by 1350.Xr gif 4 1351tunnel interface. 1352.It Li ip6.kame_version 1353The string identifies the version of KAME IPv6 stack implemented in the kernel. 1354.It Li ip6.use_deprecated 1355The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1356.It Li ip6.rr_prune 1357The variable specifies interval between IPv6 router renumbering prefix 1358babysitting, in seconds. 1359.It Li ip6.v6only 1360The variable specifies initial value for 1361.Dv IPV6_V6ONLY 1362socket option for 1363.Dv AF_INET6 1364socket. 1365Please refer to 1366.Xr ip6 4 1367for detail. 1368.It Li ip6.anonportmin 1369The lowest port number to use for TCP and UDP ephemeral port allocation. 1370This cannot be set to less than 1024 or greater than 65535. 1371.It Li ip6.anonportmax 1372The highest port number to use for TCP and UDP ephemeral port allocation. 1373This cannot be set to less than 1024 or greater than 65535, and must 1374be greater than 1375.Li ip6.anonportmin . 1376.It Li ip6.lowportmin 1377The lowest port number to use for TCP and UDP reserved port allocation. 1378This cannot be set to less than 0 or greater than 1024, and must 1379be smaller than 1380.Li ip6.lowportmax . 1381.It Li ip6.lowportmax 1382The highest port number to use for TCP and UDP reserved port allocation. 1383This cannot be set to less than 0 or greater than 1024, and must 1384be greater than 1385.Li ip6.lowportmin . 1386.It Li ip6.maxfrags 1387The maximum number of fragments the node will accept. 13880 means that the node will not accept any fragments. 1389\-1 means that the node will accept as many fragments as it receives. 1390The flag is provided basically for avoiding possible DoS attacks. 1391.It Li icmp6.rediraccept 1392If set to non-zero, the host will accept ICMPv6 redirect packets. 1393Note that IPv6 routers will never accept ICMPv6 redirect packets, 1394and the variable is meaningful on IPv6 hosts 1395.Pq non-router 1396only. 1397.It Li icmp6.redirtimeout 1398The variable specifies lifetime of routing entries generated by incoming 1399ICMPv6 redirect. 1400.It Li icmp6.nd6_prune 1401The variable specifies interval between IPv6 neighbor cache babysitting, 1402in seconds. 1403.It Li icmp6.nd6_delay 1404The variable specifies 1405.Dv DELAY_FIRST_PROBE_TIME 1406timing constant in IPv6 neighbor discovery specification 1407.Pq RFC 2461 , 1408in seconds. 1409.It Li icmp6.nd6_umaxtries 1410The variable specifies 1411.Dv MAX_UNICAST_SOLICIT 1412constant in IPv6 neighbor discovery specification 1413.Pq RFC 2461 . 1414.It Li icmp6.nd6_mmaxtries 1415The variable specifies 1416.Dv MAX_MULTICAST_SOLICIT 1417constant in IPv6 neighbor discovery specification 1418.Pq RFC 2461 . 1419.It Li icmp6.nd6_useloopback 1420If set to non-zero, kernel IPv6 stack will use loopback interface for 1421local traffic. 1422.It Li icmp6.nodeinfo 1423The variable enables responses to ICMPv6 node information queries. 1424If you set the variable to 0, responses will not be generated for 1425ICMPv6 node information queries. 1426Since node information queries can have a security impact, it is 1427possible to fine tune which responses should be answered. 1428Two separate bits can be set. 1429.Bl -tag -width "12345" 1430.It 1 1431Respond to ICMPv6 FQDN queries, e.g. 1432.Li ping6 -w . 1433.It 2 1434Respond to ICMPv6 node addresses queries, e.g. 1435.Li ping6 -a . 1436.El 1437.It Li icmp6.errppslimit 1438The variable specifies the maximum number of outgoing ICMPv6 error messages, 1439per second. 1440ICMPv6 error messages that exceeded the value are subject to rate limitation 1441and will not go out from the node. 1442Negative value disables rate limitation. 1443.It Li icmp6.nd6_maxnudhint 1444IPv6 neighbor discovery permits upper layer protocols to supply reachability 1445hints, to avoid unnecessary neighbor discovery exchanges. 1446The variable defines the number of consecutive hints the neighbor discovery 1447layer will take. 1448For example, by setting the variable to 3, neighbor discovery layer 1449will take 3 consecutive hints in maximum. 1450After receiving 3 hints, neighbor discovery layer will perform 1451normal neighbor discovery process. 1452.It Li icmp6.mtudisc_hiwat 1453.It Li icmp6.mtudisc_lowat 1454The variables define the maximum number of routing table entries, 1455created due to path MTU discovery 1456.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1457When IPv6 path MTU discovery happens, we keep path MTU information into 1458the routing table. 1459If the number of routing table entries exceed the value, 1460the kernel will not attempt to keep the path MTU information. 1461.Li icmp6.mtudisc_hiwat 1462is used when we have verified ICMPv6 too big messages. 1463.Li icmp6.mtudisc_lowat 1464is used when we have unverified ICMPv6 too big messages. 1465Verification is performed by using address/port pairs kept in connected pcbs. 1466Negative value disables the upper limit. 1467.It Li icmp6.nd6_debug 1468If set to non-zero, kernel IPv6 neighbor discovery code will generate 1469debugging messages. 1470The debug outputs are useful to diagnose IPv6 interoperability issues. 1471The flag must be set to 0 for normal operation. 1472.El 1473.Pp 1474We reuse net.*.tcp for 1475.Tn TCP 1476over 1477.Tn IPv6 , 1478and therefore we do not have variables net.*.tcp6. 1479Variables net.inet6.udp6 have identical meaning to net.inet.udp. 1480Please refer to 1481.Li PF_INET 1482section above. 1483For variables net.*.ipsec6, please refer to 1484.Xr ipsec 4 . 1485.It Li PF_KEY 1486Get or set various global information about the IPsec key management. 1487The third level name is the variable name. 1488The currently defined variable and names are: 1489.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent 1490.It Sy Variable name Type Changeable 1491.It debug integer yes 1492.It spi_try integer yes 1493.It spi_min_value integer yes 1494.It spi_max_value integer yes 1495.It larval_lifetime integer yes 1496.It blockacq_count integer yes 1497.It blockacq_lifetime integer yes 1498.It esp_keymin integer yes 1499.It esp_auth integer yes 1500.It ah_keymin integer yes 1501.El 1502The variables are as follows: 1503.Bl -tag -width "123456" 1504.It Li debug 1505Turn on debugging message from within the kernel. 1506The value is a bitmap, as defined in 1507.Pa /usr/include/netkey/key_debug.h . 1508.It Li spi_try 1509The number of times the kernel will try to obtain an unique SPI 1510when it generates it from random number generator. 1511.It Li spi_min_value 1512Minimum SPI value when generating it within the kernel. 1513.It Li spi_max_value 1514Maximum SPI value when generating it within the kernel. 1515.It Li larval_lifetime 1516Lifetime for LARVAL SAD entries, in seconds. 1517.It Li blockacq_count 1518Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 1519It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 1520key management daemon. 1521.It Li blockacq_lifetime 1522Lifetime of ACQUIRE PF_KEY message. 1523.It Li esp_keymin 1524Minimum ESP key length, in bits. 1525The value is used when the kernel creates proposal payload 1526on ACQUIRE PF_KEY message. 1527.It Li esp_auth 1528Whether ESP authentication should be used or not. 1529Non-zero value indicates that ESP authentication should be used. 1530The value is used when the kernel creates proposal payload 1531on ACQUIRE PF_KEY message. 1532.It Li ah_keymin 1533Minimum AH key length, in bits, 1534The value is used when the kernel creates proposal payload 1535on ACQUIRE PF_KEY message. 1536.El 1537.El 1538.Sh CTL_PROC 1539The string and integer information available for the CTL_PROC 1540is detailed below. 1541The changeable column shows whether a process with appropriate 1542privilege may change the value. 1543These values are per-process, 1544and as such may change from one process to another. 1545When a process is created, 1546the default values are inherited from its parent. 1547When a set-user-ID or set-group-ID binary is executed, the 1548value of PROC_PID_CORENAME is reset to the system default value. 1549The second level name is either the magic value PROC_CURPROC, which 1550points to the current process, or the PID of the target process. 1551.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent 1552.It Sy Third level name Type Changeable 1553.It PROC\_PID\_CORENAME string yes 1554.It PROC\_PID\_LIMIT node not applicable 1555.It PROC\_PID\_STOPFORK int yes 1556.It PROC\_PID\_STOPEXEC int yes 1557.It PROC\_PID\_STOPEXIT int yes 1558.El 1559.Bl -tag -width "123456" 1560.Pp 1561.It Li PROC_PID_CORENAME 1562The template used for the core dump file name (see 1563.Xr core 5 1564for details). 1565The base name must either be 1566.Nm core 1567or end with the suffix ``.core'' (the super-user may set arbitrary names). 1568By default it points to KERN_DEFCORENAME. 1569.It Li PROC_PID_LIMIT 1570Return resources limits, as defined for the 1571.Xr getrlimit 2 1572and 1573.Xr setrlimit 2 1574system calls. 1575The fourth level name is one of: 1576.Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA 1577.It Li PROC_PID_LIMIT_CPU 1578The maximum amount of CPU time (in seconds) to be used by each process. 1579.It Li PROC_PID_LIMIT_FSIZE 1580The largest size (in bytes) file that may be created. 1581.It Li PROC_PID_LIMIT_DATA 1582The maximum size (in bytes) of the data segment for a process; 1583this defines how far a program may extend its break with the 1584.Xr sbrk 2 1585system call. 1586.It Li PROC_PID_LIMIT_STACK 1587The maximum size (in bytes) of the stack segment for a process; 1588this defines how far a program's stack segment may be extended. 1589Stack extension is performed automatically by the system. 1590.It Li PROC_PID_LIMIT_CORE 1591The largest size (in bytes) 1592.Pa core 1593file that may be created. 1594.It Li PROC_PID_LIMIT_RSS 1595The maximum size (in bytes) to which a process's resident set size may 1596grow. 1597This imposes a limit on the amount of physical memory to be given to 1598a process; if memory is tight, the system will prefer to take memory 1599from processes that are exceeding their declared resident set size. 1600.It Li PROC_PID_LIMIT_MEMLOCK 1601The maximum size (in bytes) which a process may lock into memory 1602using the 1603.Xr mlock 2 1604function. 1605.It Li PROC_PID_LIMIT_NPROC 1606The maximum number of simultaneous processes for this user id. 1607.It Li PROC_PID_LIMIT_NOFILE 1608The maximum number of open files for this process. 1609.El 1610.Pp 1611The fifth level name is one of PROC_PID_LIMIT_TYPE_SOFT or 1612PROC_PID_LIMIT_TYPE_HARD, to select respectively the soft or hard limit. 1613Both are of type integer. 1614.It Li PROC_PID_STOPFORK 1615If non zero, the process' children will be stopped after 1616.Xr fork 2 1617calls. 1618The children is created in the SSTOP state and is never scheduled 1619for running before being stopped. 1620This feature helps attaching a process with a debugger such as 1621.Xr gdb 1 1622before it had the opportunity to actually do anything. 1623.Pp 1624This value is inherited by the process's children, and it also 1625apply to emulation specific system calls that fork a new process, such as 1626.Fn sproc 1627or 1628.Fn clone . 1629.It Li PROC_PID_STOPEXEC 1630If non zero, the process will be stopped on next 1631.Xr exec 3 1632call. 1633The process created by 1634.Xr exec 3 1635is created in the SSTOP state and is never scheduled for running 1636before being stopped. 1637This feature helps attaching a process with a debugger such as 1638.Xr gdb 1 1639before it had the opportunity to actually do anything. 1640.Pp 1641This value is inherited by the process's children. 1642.It Li PROC_PID_STOPEXIT 1643If non zero, the process will be stopped on when it has cause to exit, 1644either by way of calling 1645.Xr exit 3 , 1646.Xr _exit 2 , 1647or by the receipt of a specific signal. 1648The process is stopped before any of its resources or vm space is 1649released allowing examination of the termination state of a process 1650before it disappears. 1651This feature can be used to examine the final conditions of the 1652process's vmspace via 1653.Xr pmap 1 1654or its resource settings with 1655.Xr sysctl 8 1656before it disappears. 1657.Pp 1658This value is also inherited by the process's children. 1659.El 1660.Sh CTL_USER 1661The string and integer information available for the CTL_USER level 1662is detailed below. 1663The changeable column shows whether a process with appropriate 1664privilege may change the value. 1665.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent 1666.It Sy Second level name Type Changeable 1667.It USER\_BC\_BASE\_MAX integer no 1668.It USER\_BC\_DIM\_MAX integer no 1669.It USER\_BC\_SCALE\_MAX integer no 1670.It USER\_BC\_STRING\_MAX integer no 1671.It USER\_COLL\_WEIGHTS\_MAX integer no 1672.It USER\_CS\_PATH string no 1673.It USER\_EXPR\_NEST\_MAX integer no 1674.It USER\_LINE\_MAX integer no 1675.It USER\_POSIX2\_CHAR\_TERM integer no 1676.It USER\_POSIX2\_C\_BIND integer no 1677.It USER\_POSIX2\_C\_DEV integer no 1678.It USER\_POSIX2\_FORT\_DEV integer no 1679.It USER\_POSIX2\_FORT\_RUN integer no 1680.It USER\_POSIX2\_LOCALEDEF integer no 1681.It USER\_POSIX2\_SW\_DEV integer no 1682.It USER\_POSIX2\_UPE integer no 1683.It USER\_POSIX2\_VERSION integer no 1684.It USER\_RE\_DUP\_MAX integer no 1685.It USER\_STREAM\_MAX integer no 1686.It USER\_TZNAME\_MAX integer no 1687.It USER\_ATEXIT\_MAX integer no 1688.El 1689.Bl -tag -width "123456" 1690.Pp 1691.It Li USER_BC_BASE_MAX 1692The maximum ibase/obase values in the 1693.Xr bc 1 1694utility. 1695.It Li USER_BC_DIM_MAX 1696The maximum array size in the 1697.Xr bc 1 1698utility. 1699.It Li USER_BC_SCALE_MAX 1700The maximum scale value in the 1701.Xr bc 1 1702utility. 1703.It Li USER_BC_STRING_MAX 1704The maximum string length in the 1705.Xr bc 1 1706utility. 1707.It Li USER_COLL_WEIGHTS_MAX 1708The maximum number of weights that can be assigned to any entry of 1709the LC_COLLATE order keyword in the locale definition file. 1710.It Li USER_CS_PATH 1711Return a value for the 1712.Ev PATH 1713environment variable that finds all the standard utilities. 1714.It Li USER_EXPR_NEST_MAX 1715The maximum number of expressions that can be nested within 1716parenthesis by the 1717.Xr expr 1 1718utility. 1719.It Li USER_LINE_MAX 1720The maximum length in bytes of a text-processing utility's input 1721line. 1722.It Li USER_POSIX2_CHAR_TERM 1723Return 1 if the system supports at least one terminal type capable of 1724all operations described in POSIX 1003.2, otherwise 0. 1725.It Li USER_POSIX2_C_BIND 1726Return 1 if the system's C-language development facilities support the 1727C-Language Bindings Option, otherwise 0. 1728.It Li USER_POSIX2_C_DEV 1729Return 1 if the system supports the C-Language Development Utilities Option, 1730otherwise 0. 1731.It Li USER_POSIX2_FORT_DEV 1732Return 1 if the system supports the FORTRAN Development Utilities Option, 1733otherwise 0. 1734.It Li USER_POSIX2_FORT_RUN 1735Return 1 if the system supports the FORTRAN Runtime Utilities Option, 1736otherwise 0. 1737.It Li USER_POSIX2_LOCALEDEF 1738Return 1 if the system supports the creation of locales, otherwise 0. 1739.It Li USER_POSIX2_SW_DEV 1740Return 1 if the system supports the Software Development Utilities Option, 1741otherwise 0. 1742.It Li USER_POSIX2_UPE 1743Return 1 if the system supports the User Portability Utilities Option, 1744otherwise 0. 1745.It Li USER_POSIX2_VERSION 1746The version of POSIX 1003.2 with which the system attempts to comply. 1747.It Li USER_RE_DUP_MAX 1748The maximum number of repeated occurrences of a regular expression 1749permitted when using interval notation. 1750.ne 1i 1751.It Li USER_STREAM_MAX 1752The minimum maximum number of streams that a process may have open 1753at any one time. 1754.It Li USER_TZNAME_MAX 1755The minimum maximum number of types supported for the name of a 1756timezone. 1757.It Li USER_ATEXIT_MAX 1758The maximum number of functions that may be registered with 1759.Xr atexit 3 . 1760.El 1761.Sh CTL_VM 1762The string and integer information available for the CTL_VM level 1763is detailed below. 1764The changeable column shows whether a process with appropriate 1765privilege may change the value. 1766.Bl -column "Second level nameXXXXXX" "struct loadavgXXX" -offset indent 1767.It Sy Second level name Type Changeable 1768.It VM\_ANONMAX int yes 1769.It VM\_ANONMIN int yes 1770.It VM\_BUFCACHE int yes 1771.It VM\_BUFMEM int no 1772.It VM\_BUFMEM_LOWATER int yes 1773.It VM\_BUFMEM_HIWATER int yes 1774.It VM\_EXECMAX int yes 1775.It VM\_EXECMIN int yes 1776.It VM\_FILEMAX int yes 1777.It VM\_FILEMIN int yes 1778.It VM\_LOADAVG struct loadavg no 1779.It VM\_MAXSLP int no 1780.It VM\_METER struct vmtotal no 1781.It VM\_NKMEMPAGES int no 1782.It VM\_USPACE int no 1783.It VM\_UVMEXP struct uvmexp no 1784.It VM\_UVMEXP2 struct uvmexp_sysctl no 1785.El 1786.Pp 1787.Bl -tag -width "123456" 1788.It Li VM_ANONMAX 1789The percentage of physical memory which will be reclaimed 1790from other types of memory usage to store anonymous application data. 1791.It Li VM_ANONMIN 1792The percentage of physical memory which will be always be available for 1793anonymous application data. 1794.It Li VM_BUFCACHE 1795The percentage of kernel memory which will be available 1796for the buffer cache. 1797.It Li VM_BUFMEM 1798The amount of kernel memory that is being used by the buffer cache. 1799.It Li VM_BUFMEM_LOWATER 1800The minimum amount of kernel memory to reserve for the 1801buffer cache. 1802.It Li VM_BUFMEM_HIWATER 1803The maximum amount of kernel memory to be used for the 1804buffer cache. 1805.It Li VM_EXECMAX 1806The percentage of physical memory which will be reclaimed 1807from other types of memory usage to store cached executable data. 1808.It Li VM_EXECMIN 1809The percentage of physical memory which will be always be available for 1810cached executable data. 1811.It Li VM_FILEMAX 1812The percentage of physical memory which will be reclaimed 1813from other types of memory usage to store cached file data. 1814.It Li VM_FILEMIN 1815The percentage of physical memory which will be always be available for 1816cached file data. 1817.It Li VM_LOADAVG 1818Return the load average history. 1819The returned data consists of a 1820.Va struct loadavg . 1821.It Li VM_MAXSLP 1822The value of the maxslp kernel global variable. 1823.It Li VM_METER 1824Return system wide virtual memory statistics. 1825The returned data consists of a 1826.Va struct vmtotal . 1827.It Li VM_USPACE 1828The number of bytes allocated for each kernel stack. 1829.It Li VM_UVMEXP 1830Return system wide virtual memory statistics. 1831The returned data consists of a 1832.Va struct uvmexp . 1833.It Li VM_UVMEXP2 1834Return system wide virtual memory statistics. 1835The returned data consists of a 1836.Va struct uvmexp_sysctl . 1837.El 1838.Sh CTL_DDB 1839The integer information available for the CTL_DDB level is detailed below. 1840The changeable column shows whether a process with appropriate 1841privilege may change the value. 1842.Bl -column "DBCTL_TABSTOPSXXX" "integerXXX" -offset indent 1843.It Sy Second level name Type Changeable 1844.It DBCTL\_RADIX integer yes 1845.It DBCTL\_MAXOFF integer yes 1846.It DBCTL\_LINES integer yes 1847.It DBCTL\_TABSTOPS integer yes 1848.It DBCTL\_ONPANIC integer yes 1849.It DBCTL\_FROMCONSOLE integer yes 1850.El 1851.Pp 1852.Bl -tag -width "123456" 1853.It Li DBCTL_RADIX 1854The input and output radix. 1855.It Li DBCTL_MAXOFF 1856The maximum symbol offset. 1857.It Li DBCTL_LINES 1858Number of display lines. 1859.It Li DBCTL_TABSTOPS 1860Tab width. 1861.It Li DBCTL_ONPANIC 1862If non-zero, DDB will be entered when the kernel panics. 1863.It Li DBCTL_FROMCONSOLE 1864If not zero, DDB may be entered by sending a break on a serial 1865console or by a special key sequence on a graphics console. 1866.El 1867.Pp 1868These MIB nodes are also available as variables from within the DDB. 1869See 1870.Xr ddb 4 1871for more details. 1872.Sh CTL_VENDOR 1873The "vendor" toplevel name is reserved to be used by vendors who wish to 1874have their own private MIB tree. 1875Intended use is to store values under 1876.Dq vendor.\*[Lt]yourname\*[Gt].* . 1877.Sh DYNAMIC OPERATIONS 1878Several meta-identifiers are provided to perform operations on the 1879.Nm 1880tree itself, or support alternate means of accessing the data 1881instrumented by the 1882.Nm 1883tree. 1884.Bl -column CTLXCREATESYMXXX 1885.It Sy Name Description 1886.It CTL\_QUERY Retrieve a mapping of names to numbers below a given node 1887.It CTL\_CREATE Create a new node 1888.It CTL\_CREATESYM Create a new node by its kernel symbol 1889.It CTL\_DESTROY Destroy a node 1890.It CTL\_DESCRIBE Retrieve node descriptions 1891.El 1892.Pp 1893The core interface to all of these meta-functions is the structure 1894that the kernel uses to describe the tree internally, as defined in 1895.Aq Pa sys/sysctl.h 1896as: 1897.Pp 1898.Bd -literal 1899struct sysctlnode { 1900 uint32_t sysctl_flags; /* flags and type */ 1901 int32_t sysctl_num; /* mib number */ 1902 char sysctl_name[SYSCTL_NAMELEN]; /* node name */ 1903 uint32_t sysctl_ver; /* node's version vs. rest of tree */ 1904 uint32_t __rsvd; 1905 union { 1906 struct { 1907 uint32_t suc_csize; /* size of child node array */ 1908 uint32_t suc_clen; /* number of valid children */ 1909 struct sysctlnode* suc_child; /* array of child nodes */ 1910 } scu_child; 1911 struct { 1912 void *sud_data; /* pointer to external data */ 1913 size_t sud_offset; /* offset to data */ 1914 } scu_data; 1915 int32_t scu_alias; /* node this node refers to */ 1916 int32_t scu_idata; /* immediate "int" data */ 1917 u_quad_t scu_qdata; /* immediate "u_quad_t" data */ 1918 } sysctl_un; 1919 size_t _sysctl_size; /* size of instrumented data */ 1920 sysctlfn _sysctl_func; /* access helper function */ 1921 struct sysctlnode *sysctl_parent; /* parent of this node */ 1922 const char *sysctl_desc; /* description of node */ 1923}; 1924 1925#define sysctl_csize sysctl_un.scu_child.suc_csize 1926#define sysctl_clen sysctl_un.scu_child.suc_clen 1927#define sysctl_child sysctl_un.scu_child.suc_child 1928#define sysctl_data sysctl_un.scu_data.sud_data 1929#define sysctl_offset sysctl_un.scu_data.sud_offset 1930#define sysctl_alias sysctl_un.scu_alias 1931#define sysctl_idata sysctl_un.scu_idata 1932#define sysctl_qdata sysctl_un.scu_qdata 1933.Ed 1934.Pp 1935Querying the tree to discover the name to number mapping permits 1936dynamic discovery of all the data that the tree currently has 1937instrumented. 1938For example, to discover all the nodes below the 1939CTL_VFS node: 1940.Pp 1941.Bd -literal -offset indent -compact 1942struct sysctlnode query, vfs[128]; 1943int mib[2]; 1944size_t len; 1945.sp 1946mib[0] = CTL_VFS; 1947mib[1] = CTL_QUERY; 1948memset(\*[Am]query, 0, sizeof(query)); 1949query.sysctl_flags = SYSCTL_VERSION; 1950len = sizeof(vfs); 1951sysctl(mib, 2, \*[Am]vfs[0], \*[Am]len, \*[Am]query, sizeof(query)); 1952.Ed 1953.Pp 1954Note that a reference to an empty node with 1955.Fa sysctl_flags 1956set to 1957.Dv SYSCTL_VERSION 1958is passed to sysctl in order to indicate the version that the program 1959is using. 1960All dynamic operations passing nodes into sysctl require that the 1961version be explicitly specified. 1962.Pp 1963Creation and destruction of nodes works by constructing part of a new 1964node description (or a description of the existing node) and invoking 1965CTL_CREATE (or CTL_CREATESYM) or CTL_DESTROY at the parent of the new 1966node, with a pointer to the new node passed via the 1967.Fa new 1968and 1969.Fa newlen 1970arguments. 1971If valid values for 1972.Fa old 1973and 1974.Fa oldlenp 1975are passed, a copy of the new node once in the tree will be returned. 1976If the create operation fails because a node with the same name or MIB 1977number exists, a copy of the conflicting node will be returned. 1978.Pp 1979The minimum requirements for creating a node are setting the 1980.Fa sysctl_flags 1981to indicate the new node's type, 1982.Fa sysctl_num 1983to either the new node's number (or CTL_CREATE or CTL_CREATESYM if a 1984dynamically allocated MIB number is acceptable), 1985.Fa sysctl_size 1986to the size of the data to be instrumented (which must agree with the 1987given type), and 1988.Fa sysctl_name 1989must be set to the new node's name. 1990Nodes that are not of type 1991.Dq node 1992must also have some description of the data to be instrumented, which 1993will vary depending on what is to be instrumented. 1994.Pp 1995If existing kernel data is to be covered by this new node, its address 1996should be given in 1997.Fa sysctl_data 1998or, if CTL_CREATESYM is used, 1999.Fa sysctl_data 2000should be set to a string containing its name from the kernel's symbol 2001table. 2002If new data is to be instrumented and an initial value is available, 2003the new integer or quad type data should be placed into either 2004.Fa sysctl_idata 2005or 2006.Fa sysctl_qdata , 2007respectively, along with the SYSCTL_IMMEDIATE flag being set, or 2008.Fa sysctl_data 2009should be set to point to a copy of the new data, and the 2010SYSCTL_OWNDATA flag must be set. 2011This latter method is the only way that new string and struct type 2012nodes can be initialized. 2013Invalid kernel addresses are accepted, but any attempt to access those 2014nodes will return an error. 2015.Pp 2016The 2017.Fa sysctl_csize , 2018.Fa sysctl_clen , 2019.Fa sysctl_child , 2020.Fa sysctl_parent , 2021and 2022.Fa sysctl_alias 2023members are used by the kernel to link the tree together and must be 2024.Dv NULL 2025or 0. 2026Nodes created in this manner cannot have helper functions, so 2027.Fa sysctl_func 2028must also be 2029.Dv NULL . 2030If the 2031.Fa sysctl_ver 2032member is non-zero, it must match either the version of the parent or 2033the version at the root of the MIB or an error is returned. 2034This can be used to ensure that nodes are only added or removed from a 2035known state of the tree. 2036Note: It may not be possible to determine the version at the root 2037of the tree. 2038.Pp 2039This example creates a new subtree and adds a node to it that controls the 2040.Fa audiodebug 2041kernel variable, thereby making it tunable at at any time, without 2042needing to use 2043.Xr ddb 4 2044or 2045.Xr kvm 3 2046to alter the kernel's memory directly. 2047.Pp 2048.Bd -literal -offset indent -compact 2049struct sysctlnode node; 2050int mib[2]; 2051size_t len; 2052.sp 2053mib[0] = CTL_CREATE; /* create at top-level */ 2054len = sizeof(node); 2055memset(\*[Am]node, 0, len); 2056node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_NODE; 2057snprintf(node.sysctl_name, sizeof(node.sysctl_name), "local"); 2058node.sysctl_num = CTL_CREATE; /* request dynamic MIB number */ 2059sysctl(\*[Am]mib[0], 1, \*[Am]node, \*[Am]len, \*[Am]node, len); 2060.sp 2061mib[0] = node.sysctl_num; /* use new MIB number */ 2062mib[1] = CTL_CREATESYM; /* create at second level */ 2063len = sizeof(node); 2064memset(\*[Am]node, 0, len); 2065node.sysctl_flags = SYSCTL_VERSION|CTLFLAG_READWRITE|CTLTYPE_INT; 2066snprintf(node.sysctl_name, sizeof(node.sysctl_name), "audiodebug"); 2067node.sysctl_num = CTL_CREATE; 2068node.sysctl_data = "audiodebug"; /* kernel symbol to be used */ 2069sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 2070.Ed 2071.Pp 2072The process for deleting nodes is similar, but less data needs to 2073be supplied. 2074Only the 2075.Fa sysctl_num 2076field 2077needs to be filled in; almost all other fields must be left blank. 2078The 2079.Fa sysctl_name 2080and/or 2081.Fa sysctl_ver 2082fields can be filled in with the name and version of the existing node 2083as additional checks on what will be deleted. 2084If all the given data fail to match any node, nothing will be deleted. 2085If valid values for 2086.Fa old 2087and 2088.Fa oldlenp 2089are supplied and a node is deleted, a copy of what was in the MIB tree 2090will be returned. 2091.Pp 2092This sample code shows the deletion of the two nodes created in the 2093above example: 2094.Pp 2095.Bd -literal -offset indent -compact 2096int mib[2]; 2097.sp 2098len = sizeof(node); 2099memset(\*[Am]node, 0, len); 2100node.sysctl_flags = SYSCTL_VERSION; 2101.sp 2102mib[0] = 3214; /* assumed number for "local" */ 2103mib[1] = CTL_DESTROY; 2104node.sysctl_num = 3215; /* assumed number for "audiodebug" */ 2105sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 2106.sp 2107mib[0] = CTL_DESTROY; 2108node.sysctl_num = 3214; /* now deleting "local" */ 2109sysctl(\*[Am]mib[0], 1, NULL, NULL, \*[Am]node, len); 2110.Ed 2111.Pp 2112Descriptions of each of the nodes can also be retrieved, if they are 2113available. 2114Descriptions can be retrieved in bulk at each level or on a per-node 2115basis. 2116The layout of the buffer into which the descriptions are returned is a 2117series of variable length structures, each of which describes its own 2118size. 2119The length indicated includes the terminating 2120.Sq nul 2121character. 2122Nodes that have no description or where the description is not 2123available are indicated by an empty string. 2124The 2125.Fa descr_ver 2126will match the 2127.Fa sysctl_ver 2128value for a given node, so that descriptions for nodes whose number 2129have been recycled can be detected and ignored or discarded. 2130.Pp 2131.Bd -literal 2132struct sysctldesc { 2133 int32_t descr_num; /* mib number of node */ 2134 uint32_t descr_ver; /* version of node */ 2135 uint32_t descr_len; /* length of description string */ 2136 char descr_str[1]; /* not really 1...see above */ 2137}; 2138.Ed 2139.Pp 2140The 2141.Fn NEXT_DESCR 2142macro can be used to skip to the next description in the retrieved 2143list. 2144.Pp 2145.Bd -literal -offset indent -compact 2146struct sysctlnode desc; 2147struct sysctldesc *d; 2148char buf[1024]; 2149int mib[2]; 2150size_t len; 2151.sp 2152/* retrieve kern-level descriptions */ 2153mib[0] = CTL_KERN; 2154mib[1] = CTL_DESCRIBE; 2155d = (struct sysctldesc *)\*[Am]buf[0]; 2156len = sizeof(buf); 2157sysctl(mib, 2, d, \*[Am]len, NULL, 0); 2158while ((caddr_t)d \*[Lt] (caddr_t)\*[Am]buf[len]) { 2159 printf("node %d: %.*s\\n", d-\*[Gt]descr_num, d-\*[Gt]descr_len, 2160 d-\*[Gt]descr_str); 2161 d = NEXT_DESCR(d); 2162} 2163.sp 2164/* retrieve description for kern.securelevel */ 2165memset(\*[Am]desc, 0, sizeof(desc)); 2166desc.sysctl_flags = SYSCTL_VERSION; 2167desc.sysctl_num = KERN_SECURELEVEL; 2168d = (struct sysctldesc *)\*[Am]buf[0]; 2169len = sizeof(buf); 2170sysctl(mib, 2, d, \*[Am]len, \*[Am]desc, sizeof(desc)); 2171printf("kern.securelevel: %.*s\\n", d-\*[Gt]descr_len, d-\*[Gt]descr_str); 2172.Ed 2173.Pp 2174Descriptions can also be set as follows, subject to the following rules: 2175.Pp 2176.Bl -bullet -compact 2177.It 2178The kernel securelevel is at zero or lower 2179.It 2180The caller has super-user privileges 2181.It 2182The node does not currently have a description 2183.It 2184The node is not marked as 2185.Dq permanent 2186.El 2187.Pp 2188.Bd -literal -offset indent -compact 2189struct sysctlnode desc; 2190int mib[2]; 2191.sp 2192/* presuming the given top-level node was just added... */ 2193mib[0] = 3214; /* mib numbers taken from previous examples */ 2194mib[1] = CTL_DESCRIBE; 2195memset(\*[Am]desc, 0, sizeof(desc)); 2196desc.sysctl_flags = SYSCTL_VERSION; 2197desc.sysctl_num = 3215; 2198desc.sysctl_desc = "audio debug control knob"; 2199sysctl(mib, 2, NULL, NULL, \*[Am]desc, sizeof(desc)); 2200.Ed 2201.Pp 2202Upon successfully setting a description, the new description will be 2203returned in the space indicated by the 2204.Fa oldp 2205and 2206.Fa oldlenp 2207arguments. 2208.Pp 2209The 2210.Fa sysctl_flags 2211field in the struct sysctlnode contains the sysctl version, node type 2212information, and a number of flags. 2213The macros 2214.Fn SYSCTL_VERS , 2215.Fn SYSCTL_TYPE , 2216and 2217.Fn SYSCTL_FLAGS 2218can be used to access the different fields. 2219Valid flags are: 2220.Bl -column CTLFLAGXPERMANENTXXX 2221.It Sy Name Description 2222.It CTLFLAG\_READONLY Node is read-only 2223.It CTLFLAG\_READONLY1 Node becomes read-only at securelevel 1 2224.It CTLFLAG\_READONLY2 Node becomes read-only at securelevel 2 2225.It CTLFLAG\_READWRITE Node is writable by the superuser 2226.It CTLFLAG\_ANYWRITE Node is writable by anyone 2227.It CTLFLAG\_PRIVATE Node is readable only by the superuser 2228.It CTLFLAG\_PERMANENT Node cannot be removed (cannot be set by 2229processes) 2230.It CTLFLAG\_OWNDATA Node owns data and does not instrument 2231existing data 2232.It CTLFLAG\_IMMEDIATE Node contains instrumented data and does not 2233instrument existing data 2234.It CTLFLAG\_HEX Node's contents should be displayed in a hexadecimal 2235form 2236.It CTLFLAG\_ROOT Node is the root of a tree (cannot be set at 2237any time) 2238.It CTLFLAG\_ANYNUMBER Node matches any MIB number (cannot be set by 2239processes) 2240.It CTLFLAG\_HIDDEN Node not displayed by default 2241.It CTLFLAG\_ALIAS Node refers to a sibling node (cannot be set 2242by processes) 2243.It CTLFLAG\_OWNDESC Node owns its own description string space 2244.El 2245.Sh RETURN VALUES 2246If the call to 2247.Nm 2248is successful, the number of bytes copied out is returned. 2249Otherwise \-1 is returned and 2250.Va errno 2251is set appropriately. 2252.Sh FILES 2253.Bl -tag -width \*[Lt]netinet6/udp6Xvar.h\*[Gt] -compact 2254.It Aq Pa sys/sysctl.h 2255definitions for top level identifiers, second level kernel and hardware 2256identifiers, and user level identifiers 2257.It Aq Pa sys/socket.h 2258definitions for second level network identifiers 2259.It Aq Pa sys/gmon.h 2260definitions for third level profiling identifiers 2261.It Aq Pa uvm/uvm_param.h 2262definitions for second level virtual memory identifiers 2263.It Aq Pa netinet/in.h 2264definitions for third level IPv4/v6 identifiers and 2265fourth level IPv4/v6 identifiers 2266.It Aq Pa netinet/icmp_var.h 2267definitions for fourth level ICMP identifiers 2268.It Aq Pa netinet/icmp6.h 2269definitions for fourth level ICMPv6 identifiers 2270.It Aq Pa netinet/tcp_var.h 2271definitions for fourth level TCP identifiers 2272.It Aq Pa netinet/udp_var.h 2273definitions for fourth level UDP identifiers 2274.It Aq Pa netinet6/udp6_var.h 2275definitions for fourth level IPv6 UDP identifiers 2276.It Aq Pa netinet6/ipsec.h 2277definitions for fourth level IPsec identifiers 2278.It Aq Pa netkey/key_var.h 2279definitions for third level PF_KEY identifiers 2280.It Aq Pa machine/cpu.h 2281definitions for second level machdep identifiers 2282.El 2283.Sh ERRORS 2284The following errors may be reported: 2285.Bl -tag -width Er 2286.It Bq Er EFAULT 2287The buffer 2288.Fa name , 2289.Fa oldp , 2290.Fa newp , 2291or length pointer 2292.Fa oldlenp 2293contains an invalid address, or the requested value is temporarily 2294unavailable. 2295.It Bq Er EINVAL 2296The 2297.Fa name 2298array is zero or greater than CTL_MAXNAME. 2299.It Bq Er EINVAL 2300A non-null 2301.Fa newp 2302is given and its specified length in 2303.Fa newlen 2304is too large or too small, or the given value is not acceptable for 2305the given node. 2306.It Bq Er ENOMEM 2307The length pointed to by 2308.Fa oldlenp 2309is too short to hold the requested value. 2310.It Bq Er EISDIR 2311The 2312.Fa name 2313array specifies an intermediate rather than terminal name. 2314.It Bq Er ENOTDIR 2315The 2316.Fa name 2317array specifies a node below a node that addresses data. 2318.It Bq Er ENOENT 2319The 2320.Fa name 2321array specifies a node that does not exist in the tree. 2322.It Bq Er ENOENT 2323An attempt was made to destroy a node that does not exist, or to 2324create or destroy a node below a node that does not exist. 2325.It Bq Er ENOTEMPTY 2326An attempt was made to destroy a node that still has children. 2327.It Bq Er EOPNOTSUPP 2328The 2329.Fa name 2330array specifies a value that is unknown or a meta-operation was 2331attempted that the requested node does not support. 2332.It Bq Er EPERM 2333An attempt is made to set a read-only value. 2334.It Bq Er EPERM 2335A process without appropriate privilege attempts to set a value or to 2336create or destroy a node. 2337.It Bq Er EPERM 2338An attempt to change a value protected by the current kernel security 2339level is made. 2340.El 2341.Sh SEE ALSO 2342.Xr ipsec 4 , 2343.Xr tcp 4 , 2344.Xr sysctl 8 2345.\" .Xr sysctl 9 2346.Sh HISTORY 2347The 2348.Nm 2349function first appeared in 2350.Bx 4.4 . 2351