1.\" $NetBSD: sysctl.3,v 1.131 2004/01/08 09:21:35 wiz Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd January 7, 2004 33.Dt SYSCTL 3 34.Os 35.Sh NAME 36.Nm sysctl 37.Nd get or set system information 38.Sh LIBRARY 39.Lb libc 40.Sh SYNOPSIS 41.In sys/param.h 42.In sys/sysctl.h 43.Ft int 44.Fn sysctl "int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" "void *newp" "size_t newlen" 45.Sh DESCRIPTION 46The 47.Nm 48function retrieves system information and allows processes with 49appropriate privileges to set system information. 50The information available from 51.Nm 52consists of integers, strings, and tables. 53Information may be retrieved and set from the command interface 54using the 55.Xr sysctl 8 56utility. 57.Pp 58Unless explicitly noted below, 59.Nm 60returns a consistent snapshot of the data requested. 61Consistency is obtained by locking the destination 62buffer into memory so that the data may be copied out without blocking. 63Calls to 64.Nm 65are serialized to avoid deadlock. 66.Pp 67The state is described using a ``Management Information Base'' (MIB) 68style name, listed in 69.Fa name , 70which is a 71.Fa namelen 72length array of integers. 73.Pp 74The information is copied into the buffer specified by 75.Fa oldp . 76The size of the buffer is given by the location specified by 77.Fa oldlenp 78before the call, 79and that location gives the amount of data copied after a successful call. 80If the amount of data available is greater 81than the size of the buffer supplied, 82the call supplies as much data as fits in the buffer provided 83and returns with the error code ENOMEM. 84If the old value is not desired, 85.Fa oldp 86and 87.Fa oldlenp 88should be set to 89.Dv NULL . 90.Pp 91The size of the available data can be determined by calling 92.Nm 93with a 94.Dv NULL 95parameter for 96.Fa oldp . 97The size of the available data will be returned in the location pointed to by 98.Fa oldlenp . 99For some operations, the amount of space may change often. 100For these operations, 101the system attempts to round up so that the returned size is 102large enough for a call to return the data shortly thereafter. 103.Pp 104To set a new value, 105.Fa newp 106is set to point to a buffer of length 107.Fa newlen 108from which the requested value is to be taken. 109If a new value is not to be set, 110.Fa newp 111should be set to 112.Dv NULL 113and 114.Fa newlen 115set to 0. 116.Pp 117The top level names are defined with a CTL_ prefix in 118.Aq Pa sys/sysctl.h , 119and are as follows. 120The next and subsequent levels down are found in the include files 121listed here, and described in separate sections below. 122.Pp 123.Bl -column CTLXMACHDEPXXX "Next level namesXXXXXX" -offset indent 124.It Sy Name Next level names Description 125.It CTL\_KERN sys/sysctl.h High kernel limits 126.It CTL\_VM uvm/uvm_param.h Virtual memory 127.It CTL\_VFS sys/mount.h Filesystem 128.It CTL\_NET sys/socket.h Networking 129.It CTL\_DEBUG sys/sysctl.h Debugging 130.It CTL\_HW sys/sysctl.h Generic CPU, I/O 131.It CTL\_MACHDEP sys/sysctl.h Machine dependent 132.It CTL\_USER sys/sysctl.h User-level 133.It CTL\_DDB sys/sysctl.h In-kernel debugger 134.It CTL\_PROC sys/sysctl.h Per-process 135.It CTL\_VENDOR ? Vendor specific 136.It CTL\_EMUL sys/sysctl.h Emulation settings 137.El 138.Pp 139For example, the following retrieves the maximum number of processes allowed 140in the system: 141.Bd -literal -offset indent -compact 142int mib[2], maxproc; 143size_t len; 144.sp 145mib[0] = CTL_KERN; 146mib[1] = KERN_MAXPROC; 147len = sizeof(maxproc); 148sysctl(mib, 2, \*[Am]maxproc, \*[Am]len, NULL, 0); 149.Ed 150.sp 151To retrieve the standard search path for the system utilities: 152.Bd -literal -offset indent -compact 153int mib[2]; 154size_t len; 155char *p; 156.sp 157mib[0] = CTL_USER; 158mib[1] = USER_CS_PATH; 159sysctl(mib, 2, NULL, \*[Am]len, NULL, 0); 160p = malloc(len); 161sysctl(mib, 2, p, \*[Am]len, NULL, 0); 162.Ed 163.Sh CTL_DEBUG 164The debugging variables vary from system to system. 165A debugging variable may be added or deleted without need to recompile 166.Nm 167to know about it. 168Each time it runs, 169.Nm 170gets the list of debugging variables from the kernel and 171displays their current values. 172The system defines twenty 173.Va ( struct ctldebug ) 174variables named 175.Dv debug0 176through 177.Dv debug19 . 178They are declared as separate variables so that they can be 179individually initialized at the location of their associated variable. 180The loader prevents multiple use of the same variable by issuing errors 181if a variable is initialized in more than one place. 182For example, to export the variable 183.Dv dospecialcheck 184as a debugging variable, the following declaration would be used: 185.Bd -literal -offset indent -compact 186int dospecialcheck = 1; 187struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; 188.Ed 189.Pp 190Note that the dynamic implementation of 191.Nm 192currently in use largely makes this particular 193.Nm 194interface obsolete. 195See 196.Xr sysctl 8 197.\" and 198.\" .Xr sysctl 9 199for more information. 200.Sh CTL_VFS 201A distinguished second level name, VFS_GENERIC, 202is used to get general information about all filesystems. 203One of its third level identifiers is VFS_MAXTYPENUM 204that gives the highest valid filesystem type number. 205Its other third level identifier is VFS_CONF that 206returns configuration information about the filesystem 207type given as a fourth level identifier. 208The remaining second level identifiers are the 209filesystem type number returned by a 210.Xr statfs 2 211call or from VFS_CONF. 212The third level identifiers available for each filesystem 213are given in the header file that defines the mount 214argument structure for that filesystem. 215.Sh CTL_HW 216The string and integer information available for the CTL_HW level 217is detailed below. 218The changeable column shows whether a process with appropriate 219privilege may change the value. 220.Bl -column "Second level nameXXXXXX" "struct disk_sysctlXXX" -offset indent 221.It Sy Second level name Type Changeable 222.It HW\_MACHINE string no 223.It HW\_MODEL string no 224.It HW\_NCPU integer no 225.It HW\_BYTEORDER integer no 226.It HW\_PHYSMEM integer no 227.It HW\_PHYSMEM64 quad no 228.It HW\_USERMEM integer no 229.It HW\_USERMEM64 quad no 230.It HW\_PAGESIZE integer no 231.\".It HW\_DISKNAMES struct no 232.\".It HW\_DISKSTATS struct no 233.It HW\_MACHINE\_ARCH string no 234.It HW\_ALIGNBYTES integer no 235.It HW\_DISKNAMES string no 236.It HW\_DISKSTATS struct disk_sysctl no 237.It HW\_CNMAGIC string yes 238.El 239.Pp 240.Bl -tag -width "123456" 241.It Li HW_MACHINE 242The machine class. 243.It Li HW_MODEL 244The machine model. 245.It Li HW_NCPU 246The number of CPUs. 247.ne 1i 248.It Li HW_BYTEORDER 249The byteorder (4,321, or 1,234). 250.It Li HW_PHYSMEM 251The bytes of physical memory as a 32-bit integer. 252.It Li HW_PHYSMEM64 253The bytes of physical memory as a 64-bit integer. 254.It Li HW_USERMEM 255The bytes of non-kernel memory as a 32-bit integer. 256.It Li HW_USERMEM64 257The bytes of non-kernel memory as a 64-bit integer. 258.It Li HW_PAGESIZE 259The software page size. 260.It Li HW_MACHINE_ARCH 261The machine CPU class. 262.It Li HW_ALIGNBYTES 263Alignment constraint for all possible data types. 264This shows the value 265.Dv ALIGNBYTES 266in 267.Pa /usr/include/machine/param.h , 268at the kernel compilation time. 269.It Li HW_DISKNAMES 270The list of (space separated) disk device names on the system. 271.It Li HW_DISKSTATS 272Return statistical information on the disk devices on the system. 273An array of 274.Va struct disk_sysctl 275structures is returned, 276whose size depends on the current number of such objects in the system. 277The third level name is the size of the 278.Va struct disk_sysctl . 279.It Li HW_CNMAGIC 280The console magic key sequence. 281.El 282.Sh CTL_KERN 283The string and integer information available for the CTL_KERN level 284is detailed below. 285The changeable column shows whether a process with appropriate 286privilege may change the value. 287The types of data currently available are process information, 288system vnodes, the open file entries, routing table entries, 289virtual memory statistics, load average history, and clock rate 290information. 291.Bl -column "KERNXPOSIXXREADERXWRITERXLOCKS" "struct clockrateXXX" -offset indent 292.It Sy Second level name Type Changeable 293.It KERN\_ARGMAX integer no 294.It KERN\_AUTONICETIME integer yes 295.It KERN\_AUTONICEVAL integer yes 296.It KERN\_BOOTTIME struct timeval no 297.It KERN\_CCPU integer no 298.It KERN\_CLOCKRATE struct clockinfo no 299.It KERN\_CP\_TIME long[\|] no 300.It KERN\_DEFCORENAME string yes 301.It KERN\_DOMAINNAME string yes 302.It KERN\_DRIVERS struct kinfo_drivers no 303.It KERN\_FILE struct file no 304.It KERN\_FORKFSLEEP integer yes 305.It KERN\_FSCALE integer no 306.It KERN\_FSYNC integer no 307.It KERN\_HOSTID integer yes 308.It KERN\_HOSTNAME string yes 309.It KERN\_IOV\_MAX integer no 310.It KERN\_JOB\_CONTROL integer no 311.It KERN\_LABELOFFSET integer no 312.It KERN\_LABELSECTOR integer no 313.It KERN\_LOGIN\_NAME\_MAX integer no 314.It KERN\_LOGSIGEXIT integer yes 315.It KERN\_MAPPED\_FILES integer no 316.It KERN\_MAXFILES integer yes 317.It KERN\_MAXPARTITIONS integer no 318.It KERN\_MAXPROC integer yes 319.It KERN\_MAXPTYS integer yes 320.It KERN\_MAXVNODES integer yes 321.It KERN\_MBUF node not applicable 322.It KERN\_MEMLOCK integer no 323.It KERN\_MEMLOCK\_RANGE integer no 324.It KERN\_MEMORY\_PROTECTION integer no 325.It KERN\_MONOTONIC\_CLOCK integer no 326.It KERN\_MSGBUF char[\|] no 327.It KERN\_MSGBUFSIZE integer no 328.It KERN\_NGROUPS integer no 329.It KERN\_NTPTIME struct ntptimeval no 330.It KERN\_OSRELEASE string no 331.It KERN\_OSREV integer no 332.It KERN\_OSTYPE string no 333.It KERN\_POSIX1 integer no 334.It KERN\_POSIX\_BARRIERS integer no 335.It KERN\_POSIX\_READER\_WRITER\_LOCKS integer no 336.It KERN\_POSIX\_SEMAPHORES integer no 337.It KERN\_POSIX\_SPIN\_LOCKS integer no 338.It KERN\_POSIX\_THREADS integer no 339.It KERN\_POSIX\_TIMERS integer no 340.It KERN\_PROC struct kinfo_proc no 341.It KERN\_PROC2 struct kinfo_proc2 no 342.It KERN\_PROC\_ARGS string no 343.It KERN\_PROF node not applicable 344.It KERN\_RAWPARTITION integer no 345.It KERN\_ROOT\_DEVICE string no 346.It KERN\_ROOT\_PARTITION integer no 347.It KERN\_RTC\_OFFSET integer no 348.It KERN\_SAVED\_IDS integer no 349.It KERN\_SECURELVL integer raise only 350.It KERN\_SYNCHRONIZED\_IO integer no 351.It KERN\_SYSVIPC\_INFO node not applicable 352.It KERN\_SYSVMSG integer no 353.It KERN\_SYSVSEM integer no 354.It KERN\_SYSVSHM integer no 355.It KERN\_TKSTAT node not applicable 356.It KERN\_VERSION string no 357.It KERN\_VNODE struct vnode no 358.El 359.ne 1i 360.Pp 361.Bl -tag -width "123456" 362.It Li KERN_ARGMAX 363The maximum bytes of argument to 364.Xr execve 2 . 365.It Li KERN_AUTONICETIME 366The number of seconds of CPU-time a non-root process may accumulate before 367having its priority lowered from the default to the value of KERN_AUTONICEVAL. 368If set to 0, automatic lowering of priority is not performed, and if set to \-1 369all non-root processes are immediately lowered. 370.It Li KERN_AUTONICEVAL 371The priority assigned for automatically niced processes. 372.It Li KERN_BOOTTIME 373A 374.Va struct timeval 375structure is returned. 376This structure contains the time that the system was booted. 377.It Li KERN_CCPU 378The scheduler exponential decay value. 379.It Li KERN_CLOCKRATE 380A 381.Va struct clockinfo 382structure is returned. 383This structure contains the clock, statistics clock and profiling clock 384frequencies, the number of micro-seconds per hz tick, and the clock 385skew rate. 386.It Li KERN_CP_TIME 387Returns an array of CPUSTATES longs. 388This array contains the 389number of clock ticks spent in different CPU states. 390On multi-processor system, the sum across all CPUs is returned unless 391appropriate space is given for one data set for each CPU. 392.It Li KERN_DEFCORENAME 393Default template for the name of core dump files (see also PROC_PID_CORENAME 394in the per-process variables CTL_PROC, and 395.Xr core 5 396for format of this template). 397The default value is 398.Nm %n.core 399and can be changed with the kernel configuration option 400.Cd options DEFCORENAME 401(see 402.Xr options 4 403). 404.It Li KERN_DOMAINNAME 405Get or set the YP domain name. 406.It Li KERN_DRIVERS 407Return an array of 408.Va struct kinfo_drivers 409that contains the name and major device numbers of all the device drivers 410in the current kernel. 411The 412.Va d_name 413field is always a NUL terminated string. 414The 415.Va d_bmajor 416field will be set to \-1 if the driver doesn't have a block device. 417.It Li KERN_FILE 418Return the entire file table. 419The returned data consists of a single 420.Va struct filehead 421followed by an array of 422.Va struct file , 423whose size depends on the current number of such objects in the system. 424.It Li KERN_FSCALE 425The kernel fixed-point scale factor. 426.It Li KERN_FORKFSLEEP 427If 428.Xr fork 2 429system call fails due to limit on number of processes (either 430the global maxproc limit or user's one), wait for this many 431miliseconds before returning 432.Er EAGAIN 433error to process. 434Useful to keep heavily forking runaway processes in bay. 435Default zero (no sleep). 436Maximum is 20 seconds. 437.It Li KERN_FSYNC 438Return 1 if the POSIX 1003.1b File Synchronization Option is available 439on this system, 440otherwise 0. 441.It Li KERN_HOSTID 442Get or set the host id. 443.It Li KERN_HOSTNAME 444Get or set the hostname. 445.It Li KERN_IOV_MAX 446Return the maximum number of 447.Va iovec 448structures that a process has available for use with 449.Xr preadv 2 , 450.Xr pwritev 2 , 451.Xr readv 2 , 452.Xr recvmsg 2 , 453.Xr sendmsg 2 454and 455.Xr writev 2 . 456.It Li KERN_JOB_CONTROL 457Return 1 if job control is available on this system, otherwise 0. 458.It Li KERN_LABELOFFSET 459The offset within the sector specified by KERN_LABELSECTOR of the 460.Xr disklabel 5 . 461.It Li KERN_LABELSECTOR 462The sector number containing the 463.Xr disklabel 5 . 464.It Li KERN_LOGIN_NAME_MAX 465The size of the storage required for a login name, in bytes, 466including the terminating NUL. 467.It Li KERN_LOGSIGEXIT 468If this flag is non-zero, the kernel will 469.Xr log 9 470all process exits due to signals which create a 471.Xr core 5 472file, and whether the coredump was created. 473.It Li KERN_MAPPED_FILES 474Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is available 475on this system, 476otherwise 0. 477.It Li KERN_MAXFILES 478The maximum number of open files that may be open in the system. 479.It Li KERN_MAXPARTITIONS 480The maximum number of partitions allowed per disk. 481.It Li KERN_MAXPROC 482The maximum number of simultaneous processes the system will allow. 483.It Li KERN_MAXPTYS 484The maximum number of pseudo terminals. 485This value can be both raised and lowered, though it cannot 486be set lower than number of currently used ptys. 487See also 488.Xr pty 4 . 489.It Li KERN_MAXVNODES 490The maximum number of vnodes available on the system. 491This can only be raised. 492.It Li KERN_MBUF 493Return information about the mbuf control variables. 494the third level names for the mbuf variables are detailed below. 495The changeable column shows whether a process with appropriate 496privilege may change the value. 497.Bl -column "MBUFXNMBCLUSTERSXXX" "struct integerXXX" -offset indent 498.It Sy Third level name Type Changeable 499.It MBUF\_MSIZE integer yes 500.It MBUF\_MCLBYTES integer yes 501.It MBUF\_NMBCLUSTERS integer yes 502.It MBUF\_MBLOWAT integer yes 503.It MBUF\_MCLLOWAT integer yes 504.El 505.Pp 506The variables are as follows: 507.Bl -tag -width "123456" 508.It Li MBUF_MSIZE 509The mbuf base size. 510.It Li MBUF_MCLBYTES 511The mbuf cluster size. 512.It Li MBUF_NMBCLUSTERS 513The limit on the number of mbuf clusters. 514The variable can only be increased, and only increased on machines with 515direct-mapped pool pages 516.It Li MBUF_MBLOWAT 517The mbuf low water mark. 518.It Li MBUF_MCLLOWAT 519The mbuf cluster low water mark. 520.El 521.It Li KERN_MEMLOCK 522Returns 1 if the POSIX 1003.1b Process Memory Locking Option is available 523on this system, 524otherwise 0. 525.It Li KERN_MEMLOCK_RANGE 526Returns 1 if the POSIX 1003.1b Range Memory Locking Option is available 527on this system, 528otherwise 0. 529.It Li KERN_MEMORY_PROTECTION 530Returns 1 if the POSIX 1003.1b Memory Protection Option is available 531on this system, 532otherwise 0. 533.It Li KERN_MONOTONIC_CLOCK 534Returns the standard version the implementation of the POSIX 1003.1b 535Monotonic Clock Option conforms to, 536otherwise 0. 537.It Li KERN_MSGBUF 538The kernel message buffer, rotated so that the head of the circular kernel 539message buffer is returned at the start of the buffer specified by 540.Fa oldp . 541The returned data may contain NUL bytes. 542.It Li KERN_MSGBUFSIZE 543The maximum number of characters that the kernel message buffer can hold. 544.It Li KERN_NGROUPS 545The maximum number of supplemental groups. 546.It Li KERN_NO_TRUNC 547Return 1 if file names longer than KERN_NAME_MAX are truncated. 548.It Li KERN_NTPTIME 549A 550.Va struct ntptimeval 551structure is returned. 552This structure contains data used by the 553.Xr ntpd 8 554program. 555.It Li KERN_OSRELEASE 556The system release string. 557.It Li KERN_OSREV 558The system revision string. 559.It Li KERN_OSTYPE 560The system type string. 561.It Li KERN_PATH_MAX 562The maximum number of bytes in a pathname. 563.It Li KERN_POSIX1 564The version of ISO/IEC 9945 (POSIX 1003.1) with which the system 565attempts to comply. 566.It Li KERN_POSIX_BARRIERS 567The version of 568.St -p1003.1 569and its 570Barriers 571option to which the system attempts to conform, 572otherwise 0. 573.It Li KERN_POSIX_READER_WRITER_LOCKS 574The version of 575.St -p1003.1 576and its 577Read-Write Locks 578option to which the system attempts to conform, 579otherwise 0. 580.It Li KERN_POSIX_SEMAPHORES 581The version of 582.St -p1003.1 583and its 584Semaphores 585option to which the system attempts to conform, 586otherwise 0. 587.It Li KERN_POSIX_SPIN_LOCKS 588The version of 589.St -p1003.1 590and its 591Spin Locks 592option to which the system attempts to conform, 593otherwise 0. 594.It Li KERN_POSIX_THREADS 595The version of 596.St -p1003.1 597and its 598Threads 599option to which the system attempts to conform, 600otherwise 0. 601.It Li KERN_POSIX_TIMERS 602The version of 603.St -p1003.1 604and its 605Timers 606option to which the system attempts to conform, 607otherwise 0. 608.It Li KERN_PROC 609Return the entire process table, or a subset of it. 610An array of 611.Va struct kinfo_proc 612structures is returned, 613whose size depends on the current number of such objects in the system. 614The third and fourth level names are as follows: 615.Bl -column "Third level nameXXXXXX" "Fourth level is:XXXXXX" -offset indent 616.It Sy Third level name Fourth level is: 617.It KERN\_PROC\_ALL None 618.It KERN\_PROC\_PID A process ID 619.It KERN\_PROC\_PGRP A process group 620.It KERN\_PROC\_SESSION A session ID 621.It KERN\_PROC\_TTY A tty device 622.It KERN\_PROC\_UID A user ID 623.It KERN\_PROC\_RUID A real user ID 624.It KERN\_PROC\_GID A group ID 625.It KERN\_PROC\_RGID A real group ID 626.El 627.It Li KERN_PROC2 628As for KERN_PROC, but an array of 629.Va struct kinfo_proc2 630structures are returned. 631The fifth level name is the size of the 632.Va struct kinfo_proc2 633and the sixth level name is the number of structures to return. 634.It Li KERN_PROC_ARGS 635Return the argv or environment strings (or the number thereof) 636of a process. 637Multiple strings are returned separated by NUL characters. 638The third level name is the process ID. 639The fourth level name is as follows: 640.Bl -column "Third level nameXXXXXX" -offset indent 641.It KERN\_PROC\_ARGV The argv strings 642.It KERN\_PROC\_NARGV The number of argv strings 643.It KERN\_PROC\_ENV The environ strings 644.It KERN\_PROC\_NENV The number of environ strings 645.El 646.It Li KERN_PROF 647Return profiling information about the kernel. 648If the kernel is not compiled for profiling, 649attempts to retrieve any of the KERN_PROF values will 650fail with EOPNOTSUPP. 651The third level names for the string and integer profiling information 652is detailed below. 653The changeable column shows whether a process with appropriate 654privilege may change the value. 655.Bl -column "GPROFXGMONPARAMXXX" "struct gmonparamXXX" -offset indent 656.It Sy Third level name Type Changeable 657.It GPROF\_STATE integer yes 658.It GPROF\_COUNT u_short[\|] yes 659.It GPROF\_FROMS u_short[\|] yes 660.It GPROF\_TOS struct tostruct yes 661.It GPROF\_GMONPARAM struct gmonparam no 662.El 663.Pp 664The variables are as follows: 665.Bl -tag -width "123456" 666.It Li GPROF_STATE 667Returns GMON_PROF_ON or GMON_PROF_OFF to show that profiling 668is running or stopped. 669.It Li GPROF_COUNT 670Array of statistical program counter counts. 671.It Li GPROF_FROMS 672Array indexed by program counter of call-from points. 673.It Li GPROF_TOS 674Array of 675.Va struct tostruct 676describing destination of calls and their counts. 677.It Li GPROF_GMONPARAM 678Structure giving the sizes of the above arrays. 679.El 680.It Li KERN_RAWPARTITION 681The raw partition of a disk (a == 0). 682.It Li KERN_ROOT_DEVICE 683The name of the root device (e.g., 684.Dq wd0 ) . 685.It Li KERN_ROOT_PARTITION 686The root partition on the root device (a == 0). 687.It Li KERN_RTC_OFFSET 688Return the offset of real time clock from UTC in minutes. 689.It Li KERN_SAVED_IDS 690Returns 1 if saved set-group and saved set-user ID is available. 691.It Li KERN_SECURELVL 692The system security level. 693This level may be raised by processes with appropriate privilege. 694It may only be lowered by process 1. 695.It Li KERN_SYNCHRONIZED_IO 696Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available 697on this system, 698otherwise 0. 699.It Li KERN_SYSVIPC_INFO 700Return System V style IPC configuration and run-time information. 701The third level name selects the System V style IPC facility. 702.Bl -column "KERN_SYSVIPC_MSG_INFOXXX" "struct shm_sysctl_infoXXX" -offset indent 703.It Sy Third level name Type 704.It KERN\_SYSVIPC\_MSG\_INFO struct msg_sysctl_info 705.It KERN\_SYSVIPC\_SEM\_INFO struct sem_sysctl_info 706.It KERN\_SYSVIPC\_SHM\_INFO struct shm_sysctl_info 707.El 708.Pp 709.Bl -tag -width "123456" 710.It Li KERN_SYSVIPC_MSG_INFO 711Return information on the System V style message facility. 712The 713.Sy msg_sysctl_info 714structure is defined in 715.Aq Pa sys/msg.h . 716.It Li KERN_SYSVIPC_SEM_INFO 717Return information on the System V style semaphore facility. 718The 719.Sy sem_sysctl_info 720structure is defined in 721.Aq Pa sys/sem.h . 722.It Li KERN_SYSVIPC_SHM_INFO 723Return information on the System V style shared memory facility. 724The 725.Sy shm_sysctl_info 726structure is defined in 727.Aq Pa sys/shm.h . 728.El 729.It Li KERN_SYSVMSG 730Returns 1 if System V style message queue functionality is available 731on this system, 732otherwise 0. 733.It Li KERN_SYSVSEM 734Returns 1 if System V style semaphore functionality is available 735on this system, 736otherwise 0. 737.It Li KERN_SYSVSHM 738Returns 1 if System V style share memory functionality is available 739on this system, 740otherwise 0. 741.It Li KERN_TKSTAT 742Return information about the number of characters sent and received 743on ttys. 744The third level names for the tty statistic variables are detailed below. 745The changeable column shows whether a process 746with appropriate privilege may change the value. 747.Bl -column "KERNXTKSTATXRAWCCXXX" "struct integerXXX" -offset indent 748.It Sy Third level name Type Changeable 749.It KERN\_TKSTAT\_NIN quad no 750.It KERN\_TKSTAT\_NOUT quad no 751.It KERN\_TKSTAT\_CANCC quad no 752.It KERN\_TKSTAT\_RAWCC quad no 753.El 754.Pp 755The variables are as follows: 756.Bl -tag -width "123456" 757.It Li KERN_TKSTAT_NIN 758The total number of input characters. 759.It Li KERN_TKSTAT_NOUT 760The total number of output characters. 761.It Li KERN_TKSTAT_CANCC 762The number of canonical input characters. 763.It Li KERN_TKSTAT_RAWCC 764The number of raw input characters. 765.El 766.It Li KERN_VERSION 767The system version string. 768.It Li KERN_VNODE 769Return the entire vnode table. 770Note, the vnode table is not necessarily a consistent snapshot of 771the system. 772The returned data consists of an array whose size depends on the 773current number of such objects in the system. 774Each element of the array contains the kernel address of a vnode 775.Va struct vnode * 776followed by the vnode itself 777.Va struct vnode . 778.El 779.Sh CTL_MACHDEP 780The set of variables defined is architecture dependent. 781Most architectures define at least the following variables. 782.Bl -column "CONSOLE_DEVICEXXX" "integerXXX" -offset indent 783.It Sy Second level name Type Changeable 784.It Li CPU_CONSDEV dev_t no 785.El 786.Sh CTL_NET 787The string and integer information available for the CTL_NET level 788is detailed below. 789The changeable column shows whether a process with appropriate 790privilege may change the value. 791.Bl -column "Second level nameXXXXXX" "routing messagesXXX" -offset indent 792.It Sy Second level name Type Changeable 793.It PF\_ROUTE routing messages no 794.It PF\_INET IPv4 values yes 795.It PF\_INET6 IPv6 values yes 796.It PF\_KEY IPsec key management values yes 797.El 798.Pp 799.Bl -tag -width "123456" 800.It Li PF_ROUTE 801Return the entire routing table or a subset of it. 802The data is returned as a sequence of routing messages (see 803.Xr route 4 804for the header file, format and meaning). 805The length of each message is contained in the message header. 806.Pp 807The third level name is a protocol number, which is currently always 0. 808The fourth level name is an address family, which may be set to 0 to 809select all address families. 810The fifth and sixth level names are as follows: 811.Bl -column "Fifth level nameXXXXXX" "Sixth level is:XXX" -offset indent 812.It Sy Fifth level name Sixth level is: 813.It NET\_RT\_FLAGS rtflags 814.It NET\_RT\_DUMP None 815.It NET\_RT\_IFLIST None 816.El 817.It Li PF_INET 818Get or set various global information about the IPv4 819.Pq Internet Protocol version 4 . 820The third level name is the protocol. 821The fourth level name is the variable name. 822The currently defined protocols and names are: 823.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 824.It Sy Protocol name Variable name Type Changeable 825.It ip forwarding integer yes 826.It ip redirect integer yes 827.It ip ttl integer yes 828.It ip forwsrcrt integer yes 829.It ip directed-broadcast integer yes 830.It ip allowsrcrt integer yes 831.It ip subnetsarelocal integer yes 832.It ip mtudisc integer yes 833.It ip anonportmin integer yes 834.It ip anonportmax integer yes 835.It ip mtudisctimeout integer yes 836.It ip gifttl integer yes 837.It ip grettl integer yes 838.It ip lowportmin integer yes 839.It ip lowportmax integer yes 840.It ip maxfragpacket integer yes 841.It ip checkinterface integer yes 842.It icmp maskrepl integer yes 843.It icmp errppslimit integer yes 844.It icmp rediraccept integer yes 845.It icmp redirtimeout integer yes 846.It tcp rfc1323 integer yes 847.It tcp sendspace integer yes 848.It tcp recvspace integer yes 849.It tcp mssdflt integer yes 850.It tcp syn_cache_limit integer yes 851.It tcp syn_bucket_limit integer yes 852.It tcp syn_cache_interval integer yes 853.It tcp init_win integer yes 854.It tcp init_win_local integer yes 855.It tcp mss_ifmtu integer yes 856.It tcp sack integer yes 857.It tcp win_scale integer yes 858.It tcp timestamps integer yes 859.It tcp compat_42 integer yes 860.It tcp cwm integer yes 861.It tcp cwm_burstsize integer yes 862.It tcp ack_on_push integer yes 863.It tcp keepidle integer yes 864.It tcp keepintvl integer yes 865.It tcp keepcnt integer yes 866.It tcp slowhz integer no 867.It tcp newreno integer yes 868.It tcp log_refused integer yes 869.It tcp rstppslimit integer yes 870.It tcp ident struct no 871.It udp checksum integer yes 872.It udp sendspace integer yes 873.It udp recvspace integer yes 874.El 875.Pp 876The variables are as follows: 877.Bl -tag -width "123456" 878.It Li ip.forwarding 879Returns 1 when IP forwarding is enabled for the host, 880meaning that the host is acting as a router. 881.It Li ip.redirect 882Returns 1 when ICMP redirects may be sent by the host. 883This option is ignored unless the host is routing IP packets, 884and should normally be enabled on all systems. 885.It Li ip.ttl 886The maximum time-to-live (hop count) value for an IP packet sourced by 887the system. 888This value applies to normal transport protocols, not to ICMP. 889.It Li ip.forwsrcrt 890Returns 1 when forwarding of source-routed packets is enabled for 891the host. 892This value may only be changed if the kernel security level is less than 1. 893.It Li ip.directed-broadcast 894Returns 1 if directed broadcast behavior is enabled for the host. 895.It Li ip.allowsrcrt 896Returns 1 if the host accepts source routed packets. 897.It Li ip.subnetsarelocal 898Returns 1 if subnets are to be considered local addresses. 899.It Li ip.mtudisc 900If set to 1, Path MTU Discovery (RFC 1191) is enabled. 901When Path MTU Discovery is enabled, the transmitted TCP segment 902size will be determined by the advertised maximum segment size 903(MSS) from the remote end, as constrained by the path MTU. 904If MTU Discovery is disabled, the transmitted segment size will 905never be greater than 906.Li tcp.mssdflt 907(the local maximum segment size). 908.It Li ip.anonportmin 909The lowest port number to use for TCP and UDP ephemeral port allocation. 910This cannot be set to less than 1024 or greater than 65535. 911.It Li ip.anonportmax 912The highest port number to use for TCP and UDP ephemeral port allocation. 913This cannot be set to less than 1024 or greater than 65535, and must 914be greater than 915.Li ip.anonportmin . 916.It Li ip.mtudisctimeout 917Returns the number of seconds in which a route added by the Path MTU 918Discovery engine will time out. 919When the route times out, the Path 920MTU Discovery engine will attempt to probe a larger path MTU. 921.It Li ip.gifttl 922The maximum time-to-live (hop count) value for an IPv4 packet generated by 923.Xr gif 4 924tunnel interface. 925.It Li ip.grettl 926The maximum time-to-live (hop count) value for an IPv4 packet generated by 927.Xr gre 4 928tunnel interface. 929.It Li ip.lowportmin 930The lowest port number to use for TCP and UDP reserved port allocation. 931This cannot be set to less than 0 or greater than 1024, and must 932be smaller than 933.Li ip.lowportmax . 934.It Li ip.lowportmax 935The highest port number to use for TCP and UDP reserved port allocation. 936This cannot be set to less than 0 or greater than 1024, and must 937be greater than 938.Li ip.lowportmin . 939.It Li ip.maxfragpackets 940The maximum number of fragmented packets the node will accept. 9410 means that the node will not accept any fragmented packets. 942\-1 means that the node will accept as many fragmented packets as it receives. 943The flag is provided basically for avoiding possible DoS attacks. 944.It Li ip.checkinterface 945If set to non-zero, the host will reject packets addressed to it 946that arrive on an interface not bound to that address. 947Currently, this must be disabled if ipnat is used to translate the 948destination address to another local interface, or if addresses 949are added to the loopback interface instead of the interface where 950the packets for those packets are received. 951.It Li icmp.maskrepl 952Returns 1 if ICMP network mask requests are to be answered. 953.It Li icmp.errppslimit 954The variable specifies the maximum number of outgoing ICMP error messages, 955per second. 956ICMP error messages that exceeded the value are subject to rate limitation 957and will not go out from the node. 958Negative value disables rate limitation. 959.It Li icmp.rediraccept 960If set to non-zero, the host will accept ICMP redirect packets. 961Note that routers will never accept ICMP redirect packets, 962and the variable is meaningful on IP hosts only. 963.It Li icmp.redirtimeout 964The variable specifies lifetime of routing entries generated by incoming 965ICMP redirect. 966This defaults to 600 seconds. 967.It Li tcp.rfc1323 968Returns 1 if RFC 1323 extensions to TCP are enabled. 969.It Li tcp.sendspace 970Returns the default TCP send buffer size. 971.It Li tcp.recvspace 972Returns the default TCP receive buffer size. 973.It Li tcp.mssdflt 974Returns the default maximum segment size both advertized to the peer 975and to use when either the peer does not advertize a maximum segment size to 976us during connection setup or Path MTU Discovery 977.Li ( ip.mtudisc ) 978is disabled. 979Do not change this value unless you really know what you are doing. 980.It Li tcp.syn_cache_limit 981Returns the maximum number of entries allowed in the TCP compressed state 982engine. 983.It Li tcp.syn_bucket_limit 984Returns the maximum number of entries allowed per hash bucket in the TCP 985compressed state engine. 986.It Li tcp.syn_cache_interval 987Returns the TCP compressed state engine's timer interval. 988.It Li tcp.init_win 989Returns a value indicating the TCP initial congestion window. 990If this value is 0, an auto-tuning algorithm designed to use an initial 991window of approximately 4K bytes is in use. 992Otherwise, this value indicates a fixed number of packets. 993.It Li tcp.init_win_local 994Like 995.Li tcp.init_win , 996but used when communicating with hosts on a local network. 997.It Li tcp.mss_ifmtu 998Returns 1 if TCP calculates the outgoing maximum segment size based on 999the MTU of the appropriate interface. 1000Otherwise, it is calculated based on the greater of the MTU of the 1001interface, and the largest (non-loopback) interface MTU on the system. 1002.It Li tcp.sack 1003TCP Selective ACKnowledgement (RFC 2018) is not implemented in 1004.Nx 1005at this time. 1006Changing this value will have no effect. 1007.It Li tcp.win_scale 1008If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1009for increasing the TCP window size, are enabled. 1010.It Li tcp.timestamps 1011If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1012used for measuring TCP round trip times, are enabled. 1013.It Li tcp.compat_42 1014Returns 1 if work-arounds for bugs in the 4.2BSD TCP implementation are 1015enabled. 1016Use of this option is not recommended, although it may be 1017required in order to communicate with extremely old TCP implementations. 1018.It Li tcp.cwm 1019Returns 1 if use of the Hughes/Touch/Heidemann Congestion Window Monitoring 1020algorithm is enabled. 1021This algorithm prevents line-rate bursts of packets that could 1022otherwise occur when data begins flowing on an idle TCP connection. 1023These line-rate bursts can contribute to network and router congestion. 1024This can be particularly useful on World Wide Web servers 1025which support HTTP/1.1, which has lingering connections. 1026.It Li tcp.cwm_burstsize 1027Returns the Congestion Window Monitoring allowed burst size, in terms 1028of packet count. 1029.It Li tcp.ack_on_push 1030Returns 1 if TCP is to immediately transmit an ACK upon reception of 1031a packet with PUSH set. 1032This can avoid losing a round trip time in some rare situations, 1033but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1034Use of this option is generally not recommended, but 1035the variable exists in case your configuration really needs it. 1036.It Li tcp.keepidle 1037Time a connection must be idle before keepalives are sent (if keepalives 1038are enabled for the connection). 1039See also tcp.slowhz. 1040.It Li tcp.keepintvl 1041Time after a keepalive probe is sent until, in the absence of any response, 1042another probe is sent. 1043See also tcp.slowhz. 1044.It Li tcp.keepcnt 1045Number of keepalive probes sent before declaring a connection dead. 1046If set to zero, there is no limit; 1047keepalives will be sent until some kind of 1048response is received from the peer. 1049.It Li tcp.slowhz 1050The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1051of a clock that ticks tcp.slowhz times per second. 1052(That is, their values 1053must be divided by the tcp.slowhz value to get times in seconds.) 1054.It Li tcp.newreno 1055Returns 1 if the use of J. 1056Hoe's NewReno congestion control algorithm is enabled. 1057This algorithm improves the start-up behavior of TCP connections. 1058.It Li tcp.log_refused 1059Returns 1 if refused TCP connections to the host will be logged. 1060.It Li tcp.rstppslimit 1061The variable specifies the maximum number of outgoing TCP RST packets, 1062per second. 1063TCP RST packet that exceeded the value are subject to rate limitation 1064and will not go out from the node. 1065Negative value disables rate limitation. 1066.It Li udp.checksum 1067Returns 1 when UDP checksums are being computed and checked. 1068Disabling UDP checksums is strongly discouraged. 1069.It Li udp.sendspace 1070Returns the default UDP send buffer size. 1071.It Li udp.recvspace 1072Returns the default UDP receive buffer size. 1073.El 1074.Pp 1075For variables net.*.ipsec, please refer to 1076.Xr ipsec 4 . 1077.It Li PF_INET6 1078Get or set various global information about the IPv6 1079.Pq Internet Protocol version 6 . 1080The third level name is the protocol. 1081The fourth level name is the variable name. 1082The currently defined protocols and names are: 1083.Bl -column "Protocol name" "Variable nameXX" "integer" "yes" -offset indent 1084.It Sy Protocol name Variable name Type Changeable 1085.It ip6 forwarding integer yes 1086.It ip6 redirect integer yes 1087.It ip6 hlim integer yes 1088.It ip6 maxfragpackets integer yes 1089.It ip6 accept_rtadv integer yes 1090.It ip6 keepfaith integer yes 1091.It ip6 log_interval integer yes 1092.It ip6 hdrnestlimit integer yes 1093.It ip6 dad_count integer yes 1094.It ip6 auto_flowlabel integer yes 1095.It ip6 defmcasthlim integer yes 1096.It ip6 gif_hlim integer yes 1097.It ip6 kame_version string no 1098.It ip6 use_deprecated integer yes 1099.It ip6 rr_prune integer yes 1100.It ip6 v6only integer yes 1101.It ip6 anonportmin integer yes 1102.It ip6 anonportmax integer yes 1103.It ip6 lowportmin integer yes 1104.It ip6 lowportmax integer yes 1105.It ip6 maxfrags integer yes 1106.It icmp6 rediraccept integer yes 1107.It icmp6 redirtimeout integer yes 1108.It icmp6 nd6_prune integer yes 1109.It icmp6 nd6_delay integer yes 1110.It icmp6 nd6_umaxtries integer yes 1111.It icmp6 nd6_mmaxtries integer yes 1112.It icmp6 nd6_useloopback integer yes 1113.It icmp6 nodeinfo integer yes 1114.It icmp6 errppslimit integer yes 1115.It icmp6 nd6_maxnudhint integer yes 1116.It icmp6 mtudisc_hiwat integer yes 1117.It icmp6 mtudisc_lowat integer yes 1118.It icmp6 nd6_debug integer yes 1119.It udp6 sendspace integer yes 1120.It udp6 recvspace integer yes 1121.El 1122.Pp 1123The variables are as follows: 1124.Bl -tag -width "123456" 1125.It Li ip6.forwarding 1126Returns 1 when IPv6 forwarding is enabled for the node, 1127meaning that the node is acting as a router. 1128Returns 0 when IPv6 forwarding is disabled for the node, 1129meaning that the node is acting as a host. 1130IPv6 specification defines node behavior for 1131.Dq router 1132case and 1133.Dq host 1134case quite differently, and changing this variable during operation 1135may cause serious trouble. 1136It is recommended to configure the variable at bootstrap time, 1137and bootstrap time only. 1138.It Li ip6.redirect 1139Returns 1 when ICMPv6 redirects may be sent by the node. 1140This option is ignored unless the node is routing IP packets, 1141and should normally be enabled on all systems. 1142.It Li ip6.hlim 1143The default hop limit value for an IPv6 unicast packet sourced by the node. 1144This value applies to all the transport protocols on top of IPv6. 1145There are APIs to override the value, as documented in 1146.Xr ip6 4 . 1147.It Li ip6.maxfragpackets 1148The maximum number of fragmented packets the node will accept. 11490 means that the node will not accept any fragmented packets. 1150\-1 means that the node will accept as many fragmented packets as it receives. 1151The flag is provided basically for avoiding possible DoS attacks. 1152.It Li ip6.accept_rtadv 1153If set to non-zero, the node will accept ICMPv6 router advertisement packets 1154and autoconfigures address prefixes and default routers. 1155The node must be a host 1156.Pq not a router 1157for the option to be meaningful. 1158.It Li ip6.keepfaith 1159If set to non-zero, it enables 1160.Dq FAITH 1161TCP relay IPv6-to-IPv4 translator code in the kernel. 1162Refer 1163.Xr faith 4 1164and 1165.Xr faithd 8 1166for detail. 1167.It Li ip6.log_interval 1168The variable controls amount of logs generated by IPv6 packet 1169forwarding engine, by setting interval between log output 1170.Pq in seconds . 1171.It Li ip6.hdrnestlimit 1172The number of IPv6 extension headers permitted on incoming IPv6 packets. 1173If set to 0, the node will accept as many extension headers as possible. 1174.It Li ip6.dad_count 1175The variable configures number of IPv6 DAD 1176.Pq duplicated address detection 1177probe packets. 1178The packets will be generated when IPv6 interface addresses are configured. 1179.It Li ip6.auto_flowlabel 1180On connected transport protocol packets, 1181fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1182.It Li ip6.defmcasthlim 1183The default hop limit value for an IPv6 multicast packet sourced by the node. 1184This value applies to all the transport protocols on top of IPv6. 1185There are APIs to override the value, as documented in 1186.Xr ip6 4 . 1187.It Li ip6.gif_hlim 1188The maximum hop limit value for an IPv6 packet generated by 1189.Xr gif 4 1190tunnel interface. 1191.It Li ip6.kame_version 1192The string identifies the version of KAME IPv6 stack implemented in the kernel. 1193.It Li ip6.use_deprecated 1194The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1195.It Li ip6.rr_prune 1196The variable specifies interval between IPv6 router renumbering prefix 1197babysitting, in seconds. 1198.It Li ip6.v6only 1199The variable specifies initial value for 1200.Dv IPV6_V6ONLY 1201socket option for 1202.Dv AF_INET6 1203socket. 1204Please refer to 1205.Xr ip6 4 1206for detail. 1207.It Li ip6.anonportmin 1208The lowest port number to use for TCP and UDP ephemeral port allocation. 1209This cannot be set to less than 1024 or greater than 65535. 1210.It Li ip6.anonportmax 1211The highest port number to use for TCP and UDP ephemeral port allocation. 1212This cannot be set to less than 1024 or greater than 65535, and must 1213be greater than 1214.Li ip6.anonportmin . 1215.It Li ip6.lowportmin 1216The lowest port number to use for TCP and UDP reserved port allocation. 1217This cannot be set to less than 0 or greater than 1024, and must 1218be smaller than 1219.Li ip6.lowportmax . 1220.It Li ip6.lowportmax 1221The highest port number to use for TCP and UDP reserved port allocation. 1222This cannot be set to less than 0 or greater than 1024, and must 1223be greater than 1224.Li ip6.lowportmin . 1225.It Li ip6.maxfrags 1226The maximum number of fragments the node will accept. 12270 means that the node will not accept any fragments. 1228\-1 means that the node will accept as many fragments as it receives. 1229The flag is provided basically for avoiding possible DoS attacks. 1230.It Li icmp6.rediraccept 1231If set to non-zero, the host will accept ICMPv6 redirect packets. 1232Note that IPv6 routers will never accept ICMPv6 redirect packets, 1233and the variable is meaningful on IPv6 hosts 1234.Pq non-router 1235only. 1236.It Li icmp6.redirtimeout 1237The variable specifies lifetime of routing entries generated by incoming 1238ICMPv6 redirect. 1239.It Li icmp6.nd6_prune 1240The variable specifies interval between IPv6 neighbor cache babysitting, 1241in seconds. 1242.It Li icmp6.nd6_delay 1243The variable specifies 1244.Dv DELAY_FIRST_PROBE_TIME 1245timing constant in IPv6 neighbor discovery specification 1246.Pq RFC 2461 , 1247in seconds. 1248.It Li icmp6.nd6_umaxtries 1249The variable specifies 1250.Dv MAX_UNICAST_SOLICIT 1251constant in IPv6 neighbor discovery specification 1252.Pq RFC 2461 . 1253.It Li icmp6.nd6_mmaxtries 1254The variable specifies 1255.Dv MAX_MULTICAST_SOLICIT 1256constant in IPv6 neighbor discovery specification 1257.Pq RFC 2461 . 1258.It Li icmp6.nd6_useloopback 1259If set to non-zero, kernel IPv6 stack will use loopback interface for 1260local traffic. 1261.It Li icmp6.nodeinfo 1262The variable enables responses to ICMPv6 node information queries. 1263If you set the variable to 0, responses will not be generated for 1264ICMPv6 node information queries. 1265Since node information queries can have a security impact, it is 1266possible to fine tune which responses should be answered. 1267Two separate bits can be set. 1268.Bl -tag -width "12345" 1269.It 1 1270Respond to ICMPv6 FQDN queries, e.g. 1271.Li ping6 -w . 1272.It 2 1273Respond to ICMPv6 node addresses queries, e.g. 1274.Li ping6 -a . 1275.El 1276.It Li icmp6.errppslimit 1277The variable specifies the maximum number of outgoing ICMPv6 error messages, 1278per second. 1279ICMPv6 error messages that exceeded the value are subject to rate limitation 1280and will not go out from the node. 1281Negative value disables rate limitation. 1282.It Li icmp6.nd6_maxnudhint 1283IPv6 neighbor discovery permits upper layer protocols to supply reachability 1284hints, to avoid unnecessary neighbor discovery exchanges. 1285The variable defines the number of consecutive hints the neighbor discovery 1286layer will take. 1287For example, by setting the variable to 3, neighbor discovery layer 1288will take 3 consecutive hints in maximum. 1289After receiving 3 hints, neighbor discovery layer will perform 1290normal neighbor discovery process. 1291.It Li icmp6.mtudisc_hiwat 1292.It Li icmp6.mtudisc_lowat 1293The variables define the maximum number of routing table entries, 1294created due to path MTU discovery 1295.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1296When IPv6 path MTU discovery happens, we keep path MTU information into 1297the routing table. 1298If the number of routing table entries exceed the value, 1299the kernel will not attempt to keep the path MTU information. 1300.Li icmp6.mtudisc_hiwat 1301is used when we have verified ICMPv6 too big messages. 1302.Li icmp6.mtudisc_lowat 1303is used when we have unverified ICMPv6 too big messages. 1304Verification is performed by using address/port pairs kept in connected pcbs. 1305Negative value disables the upper limit. 1306.It Li icmp6.nd6_debug 1307If set to non-zero, kernel IPv6 neighbor discovery code will generate 1308debugging messages. 1309The debug outputs are useful to diagnose IPv6 interoperability issues. 1310The flag must be set to 0 for normal operation. 1311.El 1312.Pp 1313We reuse net.*.tcp for 1314.Tn TCP 1315over 1316.Tn IPv6 , 1317and therefore we do not have variables net.*.tcp6. 1318Variables net.inet6.udp6 have identical meaning to net.inet.udp. 1319Please refer to 1320.Li PF_INET 1321section above. 1322For variables net.*.ipsec6, please refer to 1323.Xr ipsec 4 . 1324.It Li PF_KEY 1325Get or set various global information about the IPsec key management. 1326The third level name is the variable name. 1327The currently defined variable and names are: 1328.Bl -column "blockacq_lifetime" "integer" "yes" -offset indent 1329.It Sy Variable name Type Changeable 1330.It debug integer yes 1331.It spi_try integer yes 1332.It spi_min_value integer yes 1333.It spi_max_value integer yes 1334.It random_int integer yes 1335.It larval_lifetime integer yes 1336.It blockacq_count integer yes 1337.It blockacq_lifetime integer yes 1338.It esp_keymin integer yes 1339.It esp_auth integer yes 1340.It ah_keymin integer yes 1341.El 1342The variables are as follows: 1343.Bl -tag -width "123456" 1344.It Li debug 1345Turn on debugging message from within the kernel. 1346The value is a bitmap, as defined in 1347.Pa /usr/include/netkey/key_debug.h . 1348.It Li spi_try 1349The number of times the kernel will try to obtain an unique SPI 1350when it generates it from random number generator. 1351.It Li spi_min_value 1352Minimum SPI value when generating it within the kernel. 1353.It Li spi_max_value 1354Maximum SPI value when generating it within the kernel. 1355.It Li random_int 1356Interval to stir pseudo-random number generator, in seconds. 1357Pseudo-random number generator is used only as a last resort when 1358random number source 1359.Pq Pa /dev/urandom 1360is not available. 1361It should not really be used, and if it were used, 1362kernel will warn about it. 1363.It Li larval_lifetime 1364Lifetime for LARVAL SAD entries, in seconds. 1365.It Li blockacq_count 1366Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 1367It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 1368key management daemon. 1369.It Li blockacq_lifetime 1370Lifetime of ACQUIRE PF_KEY message. 1371.It Li esp_keymin 1372Minimum ESP key length, in bits. 1373The value is used when the kernel creates proposal payload 1374on ACQUIRE PF_KEY message. 1375.It Li esp_auth 1376Whether ESP authentication should be used or not. 1377Non-zero value indicates that ESP authentication should be used. 1378The value is used when the kernel creates proposal payload 1379on ACQUIRE PF_KEY message. 1380.It Li ah_keymin 1381Minimum AH key length, in bits, 1382The value is used when the kernel creates proposal payload 1383on ACQUIRE PF_KEY message. 1384.El 1385.El 1386.Sh CTL_PROC 1387The string and integer information available for the CTL_PROC 1388is detailed below. 1389The changeable column shows whether a process with appropriate 1390privilege may change the value. 1391These values are per-process, 1392and as such may change from one process to another. 1393When a process is created, 1394the default values are inherited from its parent. 1395When a set-user-ID or set-group-ID binary is executed, the 1396value of PROC_PID_CORENAME is reset to the system default value. 1397The second level name is either the magic value PROC_CURPROC, which 1398points to the current process, or the PID of the target process. 1399.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" "yes" -offset indent 1400.It Sy Third level name Type Changeable 1401.It PROC\_PID\_CORENAME string yes 1402.It PROC\_PID\_LIMIT node not applicable 1403.It PROC\_PID\_STOPFORK int yes 1404.It PROC\_PID\_STOPEXEC int yes 1405.It PROC\_PID\_STOPEXIT int yes 1406.El 1407.Bl -tag -width "123456" 1408.Pp 1409.It Li PROC_PID_CORENAME 1410The template used for the core dump file name (see 1411.Xr core 5 1412for details). 1413The base name must either be 1414.Nm core 1415or end with the suffix ``.core'' (the super-user may set arbitrary names). 1416By default it points to KERN_DEFCORENAME. 1417.It Li PROC_PID_LIMIT 1418Return resources limits, as defined for the 1419.Xr getrlimit 2 1420and 1421.Xr setrlimit 2 1422system calls. 1423The fourth level name is one of: 1424.Bl -tag -width PROC_PID_LIMIT_MEMLOCKAA 1425.It Li PROC_PID_LIMIT_CPU 1426The maximum amount of CPU time (in seconds) to be used by each process. 1427.It Li PROC_PID_LIMIT_FSIZE 1428The largest size (in bytes) file that may be created. 1429.It Li PROC_PID_LIMIT_DATA 1430The maximum size (in bytes) of the data segment for a process; 1431this defines how far a program may extend its break with the 1432.Xr sbrk 2 1433system call. 1434.It Li PROC_PID_LIMIT_STACK 1435The maximum size (in bytes) of the stack segment for a process; 1436this defines how far a program's stack segment may be extended. 1437Stack extension is performed automatically by the system. 1438.It Li PROC_PID_LIMIT_CORE 1439The largest size (in bytes) 1440.Pa core 1441file that may be created. 1442.It Li PROC_PID_LIMIT_RSS 1443The maximum size (in bytes) to which a process's resident set size may 1444grow. 1445This imposes a limit on the amount of physical memory to be given to 1446a process; if memory is tight, the system will prefer to take memory 1447from processes that are exceeding their declared resident set size. 1448.It Li PROC_PID_LIMIT_MEMLOCK 1449The maximum size (in bytes) which a process may lock into memory 1450using the 1451.Xr mlock 2 1452function. 1453.It Li PROC_PID_LIMIT_NPROC 1454The maximum number of simultaneous processes for this user id. 1455.It Li PROC_PID_LIMIT_NOFILE 1456The maximum number of open files for this process. 1457.El 1458.Pp 1459The fifth level name is one of PROC_PID_LIMIT_TYPE_SOFT or 1460PROC_PID_LIMIT_TYPE_HARD, to select respectively the soft or hard limit. 1461Both are of type integer. 1462.It Li PROC_PID_STOPFORK 1463If non zero, the process' children will be stopped after 1464.Xr fork 2 1465calls. 1466The children is created in the SSTOP state and is never scheduled 1467for running before being stopped. 1468This feature helps attaching a process with a debugger such as 1469.Xr gdb 1 1470before it had the opportunity to actually do anything. 1471.Pp 1472This value is inherited by the process's children, and it also 1473apply to emulation specific system calls that fork a new process, such as 1474.Fn sproc 1475or 1476.Fn clone . 1477.It Li PROC_PID_STOPEXEC 1478If non zero, the process will be stopped on next 1479.Xr exec 3 1480call. 1481The process created by 1482.Xr exec 3 1483is created in the SSTOP state and is never scheduled for running 1484before being stopped. 1485This feature helps attaching a process with a debugger such as 1486.Xr gdb 1 1487before it had the opportunity to actually do anything. 1488.Pp 1489This value is inherited by the process's children. 1490.It Li PROC_PID_STOPEXIT 1491If non zero, the process will be stopped on when it has cause to exit, 1492either by way of calling 1493.Xr exit 3 , 1494.Xr _exit 2 , 1495or by the receipt of a specific signal. 1496The process is stopped before any of its resources or vm space is 1497released allowing examination of the termination state of a process 1498before it disappears. 1499This feature can be used to examine the final conditions of the 1500process's vmspace via 1501.Xr pmap 1 1502or its resource settings with 1503.Xr sysctl 8 1504before it disappears. 1505.Pp 1506This value is also inherited by the process's children. 1507.El 1508.Sh CTL_USER 1509The string and integer information available for the CTL_USER level 1510is detailed below. 1511The changeable column shows whether a process with appropriate 1512privilege may change the value. 1513.Bl -column "USER_COLL_WEIGHTS_MAXXXX" "integerXXX" -offset indent 1514.It Sy Second level name Type Changeable 1515.It USER\_BC\_BASE\_MAX integer no 1516.It USER\_BC\_DIM\_MAX integer no 1517.It USER\_BC\_SCALE\_MAX integer no 1518.It USER\_BC\_STRING\_MAX integer no 1519.It USER\_COLL\_WEIGHTS\_MAX integer no 1520.It USER\_CS\_PATH string no 1521.It USER\_EXPR\_NEST\_MAX integer no 1522.It USER\_LINE\_MAX integer no 1523.It USER\_POSIX2\_CHAR\_TERM integer no 1524.It USER\_POSIX2\_C\_BIND integer no 1525.It USER\_POSIX2\_C\_DEV integer no 1526.It USER\_POSIX2\_FORT\_DEV integer no 1527.It USER\_POSIX2\_FORT\_RUN integer no 1528.It USER\_POSIX2\_LOCALEDEF integer no 1529.It USER\_POSIX2\_SW\_DEV integer no 1530.It USER\_POSIX2\_UPE integer no 1531.It USER\_POSIX2\_VERSION integer no 1532.It USER\_RE\_DUP\_MAX integer no 1533.It USER\_STREAM\_MAX integer no 1534.It USER\_TZNAME\_MAX integer no 1535.It USER\_ATEXIT\_MAX integer no 1536.El 1537.Bl -tag -width "123456" 1538.Pp 1539.It Li USER_BC_BASE_MAX 1540The maximum ibase/obase values in the 1541.Xr bc 1 1542utility. 1543.It Li USER_BC_DIM_MAX 1544The maximum array size in the 1545.Xr bc 1 1546utility. 1547.It Li USER_BC_SCALE_MAX 1548The maximum scale value in the 1549.Xr bc 1 1550utility. 1551.It Li USER_BC_STRING_MAX 1552The maximum string length in the 1553.Xr bc 1 1554utility. 1555.It Li USER_COLL_WEIGHTS_MAX 1556The maximum number of weights that can be assigned to any entry of 1557the LC_COLLATE order keyword in the locale definition file. 1558.It Li USER_CS_PATH 1559Return a value for the 1560.Ev PATH 1561environment variable that finds all the standard utilities. 1562.It Li USER_EXPR_NEST_MAX 1563The maximum number of expressions that can be nested within 1564parenthesis by the 1565.Xr expr 1 1566utility. 1567.It Li USER_LINE_MAX 1568The maximum length in bytes of a text-processing utility's input 1569line. 1570.It Li USER_POSIX2_CHAR_TERM 1571Return 1 if the system supports at least one terminal type capable of 1572all operations described in POSIX 1003.2, otherwise 0. 1573.It Li USER_POSIX2_C_BIND 1574Return 1 if the system's C-language development facilities support the 1575C-Language Bindings Option, otherwise 0. 1576.It Li USER_POSIX2_C_DEV 1577Return 1 if the system supports the C-Language Development Utilities Option, 1578otherwise 0. 1579.It Li USER_POSIX2_FORT_DEV 1580Return 1 if the system supports the FORTRAN Development Utilities Option, 1581otherwise 0. 1582.It Li USER_POSIX2_FORT_RUN 1583Return 1 if the system supports the FORTRAN Runtime Utilities Option, 1584otherwise 0. 1585.It Li USER_POSIX2_LOCALEDEF 1586Return 1 if the system supports the creation of locales, otherwise 0. 1587.It Li USER_POSIX2_SW_DEV 1588Return 1 if the system supports the Software Development Utilities Option, 1589otherwise 0. 1590.It Li USER_POSIX2_UPE 1591Return 1 if the system supports the User Portability Utilities Option, 1592otherwise 0. 1593.It Li USER_POSIX2_VERSION 1594The version of POSIX 1003.2 with which the system attempts to comply. 1595.It Li USER_RE_DUP_MAX 1596The maximum number of repeated occurrences of a regular expression 1597permitted when using interval notation. 1598.ne 1i 1599.It Li USER_STREAM_MAX 1600The minimum maximum number of streams that a process may have open 1601at any one time. 1602.It Li USER_TZNAME_MAX 1603The minimum maximum number of types supported for the name of a 1604timezone. 1605.It Li USER_ATEXIT_MAX 1606The maximum namber of functions that may be registered with 1607.Xr atexit 3 . 1608.El 1609.Sh CTL_VM 1610The string and integer information available for the CTL_VM level 1611is detailed below. 1612The changeable column shows whether a process with appropriate 1613privilege may change the value. 1614.Bl -column "Second level nameXXXXXX" "struct loadavgXXX" -offset indent 1615.It Sy Second level name Type Changeable 1616.It VM\_ANONMAX int yes 1617.It VM\_ANONMIN int yes 1618.It VM\_EXECMAX int yes 1619.It VM\_EXECMIN int yes 1620.It VM\_FILEMAX int yes 1621.It VM\_FILEMIN int yes 1622.It VM\_LOADAVG struct loadavg no 1623.It VM\_MAXSLP int no 1624.It VM\_METER struct vmtotal no 1625.It VM\_NKMEMPAGES int no 1626.It VM\_USPACE int no 1627.It VM\_UVMEXP struct uvmexp no 1628.It VM\_UVMEXP2 struct uvmexp_sysctl no 1629.El 1630.Pp 1631.Bl -tag -width "123456" 1632.It Li VM_ANONMAX 1633The percentage of physical memory which will be reclaimed 1634from other types of memory usage to store anonymous application data. 1635.It Li VM_ANONMIN 1636The percentage of physical memory which will be always be available for 1637anonymous application data. 1638.It Li VM_EXECMAX 1639The percentage of physical memory which will be reclaimed 1640from other types of memory usage to store cached executable data. 1641.It Li VM_EXECMIN 1642The percentage of physical memory which will be always be available for 1643cached executable data. 1644.It Li VM_FILEMAX 1645The percentage of physical memory which will be reclaimed 1646from other types of memory usage to store cached file data. 1647.It Li VM_FILEMIN 1648The percentage of physical memory which will be always be available for 1649cached file data. 1650.It Li VM_LOADAVG 1651Return the load average history. 1652The returned data consists of a 1653.Va struct loadavg . 1654.It Li VM_MAXSLP 1655The value of the maxslp kernel global variable. 1656.It Li VM_METER 1657Return system wide virtual memory statistics. 1658The returned data consists of a 1659.Va struct vmtotal . 1660.It Li VM_USPACE 1661The number of bytes allocated for each kernel stack. 1662.It Li VM_UVMEXP 1663Return system wide virtual memory statistics. 1664The returned data consists of a 1665.Va struct uvmexp . 1666.It Li VM_UVMEXP2 1667Return system wide virtual memory statistics. 1668The returned data consists of a 1669.Va struct uvmexp_sysctl . 1670.El 1671.Sh CTL_DDB 1672The integer information available for the CTL_DDB level is detailed below. 1673The changeable column shows whether a process with appropriate 1674privilege may change the value. 1675.Bl -column "DBCTL_TABSTOPSXXX" "integerXXX" -offset indent 1676.It Sy Second level name Type Changeable 1677.It DBCTL\_RADIX integer yes 1678.It DBCTL\_MAXOFF integer yes 1679.It DBCTL\_LINES integer yes 1680.It DBCTL\_TABSTOPS integer yes 1681.It DBCTL\_ONPANIC integer yes 1682.It DBCTL\_FROMCONSOLE integer yes 1683.El 1684.Pp 1685.Bl -tag -width "123456" 1686.It Li DBCTL_RADIX 1687The input and output radix. 1688.It Li DBCTL_MAXOFF 1689The maximum symbol offset. 1690.It Li DBCTL_LINES 1691Number of display lines. 1692.It Li DBCTL_TABSTOPS 1693Tab width. 1694.It Li DBCTL_ONPANIC 1695If non-zero, DDB will be entered when the kernel panics. 1696.It Li DBCTL_FROMCONSOLE 1697If not zero, DDB may be entered by sending a break on a serial 1698console or by a special key sequence on a graphics console. 1699.El 1700.Pp 1701These MIB nodes are also available as variables from within the DDB. 1702See 1703.Xr ddb 4 1704for more details. 1705.Sh CTL_VENDOR 1706The "vendor" toplevel name is reserved to be used by vendors who wish to 1707have their own private MIB tree. 1708Intended use is to store values under 1709.Dq vendor.\*[Lt]yourname\*[Gt].* . 1710.Sh DYNAMIC OPERATIONS 1711Several meta-identifiers are provided to perform operations on the 1712.Nm 1713tree itself, or support alternate means of accessing the data 1714instrumented by the 1715.Nm 1716tree. 1717.Bl -column CTLXCREATESYMXXX 1718.It Sy Name Description 1719.It CTL\_QUERY Retrieve a mapping of names to numbers below a given node 1720.It CTL\_CREATE Create a new node 1721.It CTL\_CREATESYM Create a new node by its kernel symbol 1722.It CTL\_DESTROY Destroy a node 1723.El 1724.Pp 1725The core interface to all of these meta-functions is the structure 1726that the kernel uses to describe the tree internally, as defined in 1727.Aq Pa sys/sysctl.h 1728as: 1729.Pp 1730.Bd -literal 1731struct sysctlnode { 1732 uint sysctl_flags; /* flags and type */ 1733 int sysctl_num; /* mib number */ 1734 size_t sysctl_size; /* size of instrumented data */ 1735 char sysctl_name[SYSCTL_NAMELEN]; /* node name */ 1736 union { 1737 struct { 1738 uint scn_csize; /* size of child node array */ 1739 uint scn_clen; /* number of valid children */ 1740 struct sysctlnode *scn_child; /* children */ 1741 } scu_node; 1742 int scu_alias; /* node this node refers to */ 1743 int scu_idata; /* immediate "int" data */ 1744 u_quad_t scu_qdata; /* immediate "u_quad_t" data */ 1745 void *scu_data; /* pointer to external data */ 1746 } sysctl_un; 1747 sysctlfn sysctl_func; /* access helper function */ 1748 struct sysctlnode *sysctl_parent; /* parent of this node */ 1749 uint sysctl_ver; /* individual node version */ 1750}; 1751 1752#define sysctl_csize sysctl_un.scu_node.scn_csize 1753#define sysctl_clen sysctl_un.scu_node.scn_clen 1754#define sysctl_child sysctl_un.scu_node.scn_child 1755#define sysctl_alias sysctl_un.scu_alias 1756#define sysctl_data sysctl_un.scu_data 1757#define sysctl_idata sysctl_un.scu_idata 1758#define sysctl_qdata sysctl_un.scu_qdata 1759.Ed 1760.Pp 1761Querying the tree to discover the name to number mapping permits 1762dynamic discovery of all the data that the tree currently has 1763instrumented. 1764For example, to discover all the nodes below the 1765CTL_VFS node: 1766.Pp 1767.Bd -literal -offset indent -compact 1768struct sysctlnode vfs[128]; 1769int mib[2]; 1770size_t len; 1771.sp 1772mib[0] = CTL_VFS; 1773mib[1] = CTL_QUERY; 1774len = sizeof(vfs); 1775sysctl(mib, 2, \*[Am]vfs[0], \*[Am]len, NULL, 0); 1776.Ed 1777.Pp 1778Creation and destruction of nodes works by constructing part of a new 1779node description (or a description of the existing node) and invoking 1780CTL_CREATE (or CTL_CREATESYM) or CTL_DESTROY at the parent of the new 1781node, with a pointer to the new node passed via the 1782.Fa new 1783and 1784.Fa newlen 1785arguments. 1786If valid values for 1787.Fa old 1788and 1789.Fa oldlenp 1790are passed, a copy of the new node once in the tree will be returned. 1791If the create operation fails because a node with the same name or MIB 1792number exists, a copy of the conflicting node will be returned. 1793.Pp 1794The minimum requirements for creating a node are setting the 1795.Fa sysctl_flags 1796to indicate the new node's type, 1797.Fa sysctl_num 1798to either the new node's number (or CTL_CREATE or CTL_CREATESYM if a 1799dynamically allocated MIB number is acceptable), 1800.Fa sysctl_size 1801to the size of the data to be instrumented (which must agree with the 1802given type), and 1803.Fa sysctl_name 1804must be set to the new node's name. 1805Nodes that are not of type 1806.Dq node 1807must also have some description of the data to be instrumented, which 1808will vary depending on what is to be instrumented. 1809.Pp 1810If existing kernel data is to be covered by this new node, its address 1811should be given in 1812.Fa sysctl_data 1813or, if CTL_CREATESYM is used, 1814.Fa sysctl_data 1815should be set to a string containing its name from the kernel's symbol 1816table. 1817If new data is to be instrumented and an initial value is available, 1818the new integer or quad type data should be placed into either 1819.Fa sysctl_idata 1820or 1821.Fa sysctl_qdata , 1822respectively, along with the SYSCTL_IMMEDIATE flag being set, or 1823.Fa sysctl_data 1824should be set to point to a copy of the new data, and the 1825SYSCTL_OWNDATA flag must be set. 1826This latter method is the only way that new string and struct type 1827nodes can be initialized. 1828Invalid kernel addresses are accepted, but any attempt to access those 1829nodes will return an error. 1830.Pp 1831The 1832.Fa sysctl_csize , 1833.Fa sysctl_clen , 1834.Fa sysctl_child , 1835.Fa sysctl_parent , 1836and 1837.Fa sysctl_alias 1838members are used by the kernel to link the tree together and must be 1839.Dv NULL 1840or 0. 1841Nodes created in this manner cannot have helper functions, so 1842.Fa sysctl_func 1843must also be 1844.Dv NULL . 1845If the 1846.Fa sysctl_ver 1847member is non-zero, it must match either the version of the parent or 1848the version at the root of the MIB or an error is returned. 1849This can be used to ensure that nodes are only added or removed from a 1850known state of the tree. 1851Note: It may not be possible to determine the version at the root 1852of the tree. 1853.Pp 1854This example creates a new subtree and adds a node to it that controls the 1855.Fa audiodebug 1856kernel variable, thereby making it tunable at at any time, without 1857needing to use 1858.Xr ddb 4 1859or 1860.Xr kvm 3 1861to alter the kernel's memory directly. 1862.Pp 1863.Bd -literal -offset indent -compact 1864struct sysctlnode node; 1865int mib[2]; 1866size_t len; 1867.sp 1868mib[0] = CTL_CREATE; /* create at top-level */ 1869len = sizeof(node); 1870memset(\*[Am]node, 0, len); 1871node.sysctl_flags = SYSCTL_READWRITE|CTLTYPE_NODE; 1872snprintf(node.sysctl_name, sizeof(node.sysctl_name), "local"); 1873node.sysctl_num = CTL_CREATE; /* request dynamic MIB number */ 1874sysctl(\*[Am]mib[0], 1, \*[Am]node, \*[Am]len, \*[Am]node, len); 1875.sp 1876mib[0] = node.sysctl_num; /* use new MIB number */ 1877mib[1] = CTL_CREATESYM; /* create at second level */ 1878len = sizeof(node); 1879memset(\*[Am]node, 0, len); 1880node.sysctl_flags = SYSCTL_READWRITE|CTLTYPE_INT; 1881snprintf(node.sysctl_name, sizeof(node.sysctl_name), "audiodebug"); 1882node.sysctl_num = CTL_CREATE; 1883node.sysctl_data = "audiodebug"; /* kernel symbol to be used */ 1884sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 1885.Ed 1886.Pp 1887The process for deleting nodes is similar, but less data needs to 1888be supplied. 1889Only the 1890.Fa sysctl_num 1891field 1892needs to be filled in; almost all other fields must be left blank. 1893The 1894.Fa sysctl_name 1895and/or 1896.Fa sysctl_ver 1897fields can be filled in with the name and version of the existing node 1898as additional checks on what will be deleted. 1899If all the given data fail to match any node, nothing will be deleted. 1900If valid values for 1901.Fa old 1902and 1903.Fa oldlenp 1904are supplied and a node is deleted, a copy of what was in the MIB tree 1905will be returned. 1906.Pp 1907This sample code shows the deletion of the two nodes created in the 1908above example: 1909.Pp 1910.Bd -literal -offset indent -compact 1911int mib[2]; 1912.sp 1913len = sizeof(node); 1914memset(\*[Am]node, 0, len); 1915.sp 1916mib[0] = 3214; /* assumed number for "local" */ 1917mib[1] = CTL_DESTROY; 1918node.sysctl_num = 3215; /* assumed number for "audiodebug" */ 1919sysctl(\*[Am]mib[0], 2, NULL, NULL, \*[Am]node, len); 1920.sp 1921mib[0] = CTL_DESTROY; 1922node.sysctl_num = 3214; /* now deleting "local" */ 1923sysctl(\*[Am]mib[0], 1, NULL, NULL, \*[Am]node, len); 1924.Ed 1925.Pp 1926The 1927.Fa sysctl_flags 1928field in the struct sysctlnode contains the node type information as 1929well as a number of flags. 1930The macros 1931.Fn SYSCTL_TYPE 1932and 1933.Fn SYSCTL_FLAGS 1934can be used to access the different fields. 1935Valid flags are: 1936.Bl -column SYSCTLXPERMANENTXXX 1937.It Sy Name Description 1938.It SYSCTL\_READONLY Node is read-only 1939.It SYSCTL\_READONLY1 Node becomes read-only at securelevel 1 1940.It SYSCTL\_READONLY2 Node becomes read-only at securelevel 2 1941.It SYSCTL\_READWRITE Node is writable by the superuser 1942.It SYSCTL\_ANYWRITE Node is writable by anyone 1943.It SYSCTL\_PRIVATE Node is readable only by the superuser 1944.It SYSCTL\_PERMANENT Node cannot be removed (cannot be set by 1945processes) 1946.It SYSCTL\_OWNDATA Node owns data and does not instrument 1947existing data 1948.It SYSCTL\_IMMEDIATE Node contains instrumented data and does not 1949instrument existing data 1950.It SYSCTL\_HEX Node's contents should be displayed in a hexadecimal 1951form 1952.It SYSCTL\_ROOT Node is the root of a tree (cannot be set at 1953any time) 1954.It SYSCTL\_ANYNUMBER Node matches any MIB number (cannot be set by 1955processes) 1956.It SYSCTL\_HIDDEN Node not displayed by default 1957.It SYSCTL\_ALIAS Node refers to a sibling node (cannot be set 1958by processes) 1959.El 1960.Sh RETURN VALUES 1961If the call to 1962.Nm 1963is successful, the number of bytes copied out is returned. 1964Otherwise \-1 is returned and 1965.Va errno 1966is set appropriately. 1967.Sh FILES 1968.Bl -tag -width \*[Lt]netinet6/udp6Xvar.h\*[Gt] -compact 1969.It Aq Pa sys/sysctl.h 1970definitions for top level identifiers, second level kernel and hardware 1971identifiers, and user level identifiers 1972.It Aq Pa sys/socket.h 1973definitions for second level network identifiers 1974.It Aq Pa sys/gmon.h 1975definitions for third level profiling identifiers 1976.It Aq Pa uvm/uvm_param.h 1977definitions for second level virtual memory identifiers 1978.It Aq Pa netinet/in.h 1979definitions for third level IPv4/v6 identifiers and 1980fourth level IPv4/v6 identifiers 1981.It Aq Pa netinet/icmp_var.h 1982definitions for fourth level ICMP identifiers 1983.It Aq Pa netinet/icmp6.h 1984definitions for fourth level ICMPv6 identifiers 1985.It Aq Pa netinet/tcp_var.h 1986definitions for fourth level TCP identifiers 1987.It Aq Pa netinet/udp_var.h 1988definitions for fourth level UDP identifiers 1989.It Aq Pa netinet6/udp6_var.h 1990definitions for fourth level IPv6 UDP identifiers 1991.It Aq Pa netinet6/ipsec.h 1992definitions for fourth level IPsec identifiers 1993.It Aq Pa netkey/key_var.h 1994definitions for third level PF_KEY identifiers 1995.It Aq Pa machine/cpu.h 1996definitions for second level machdep identifiers 1997.El 1998.Sh ERRORS 1999The following errors may be reported: 2000.Bl -tag -width Er 2001.It Bq Er EFAULT 2002The buffer 2003.Fa name , 2004.Fa oldp , 2005.Fa newp , 2006or length pointer 2007.Fa oldlenp 2008contains an invalid address, or the requested value is temporarily 2009unavailable. 2010.It Bq Er EINVAL 2011The 2012.Fa name 2013array is zero or greater than CTL_MAXNAME. 2014.It Bq Er EINVAL 2015A non-null 2016.Fa newp 2017is given and its specified length in 2018.Fa newlen 2019is too large or too small, or the given value is not acceptable for 2020the given node. 2021.It Bq Er ENOMEM 2022The length pointed to by 2023.Fa oldlenp 2024is too short to hold the requested value. 2025.It Bq Er EISDIR 2026The 2027.Fa name 2028array specifies an intermediate rather than terminal name. 2029.It Bq Er ENOTDIR 2030The 2031.Fa name 2032array specifies a node below a node that addresses data. 2033.It Bq Er ENOENT 2034The 2035.Fa name 2036array specifies a node that does not exist in the tree. 2037.It Bq Er ENOENT 2038An attempt was made to destroy a node that does not exist, or to 2039create or destroy a node below a node that does not exist. 2040.It Bq Er ENOTEMPTY 2041An attempt was made to destroy a node that still has children. 2042.It Bq Er EOPNOTSUPP 2043The 2044.Fa name 2045array specifies a value that is unknown or a meta-operation was 2046attempted that the requested node does not support. 2047.It Bq Er EPERM 2048An attempt is made to set a read-only value. 2049.It Bq Er EPERM 2050A process without appropriate privilege attempts to set a value or to 2051create or destroy a node. 2052.It Bq Er EPERM 2053An attempt to change a value protected by the current kernel security 2054level is made. 2055.El 2056.Sh SEE ALSO 2057.Xr ipsec 4 , 2058.Xr tcp 4 , 2059.Xr sysctl 8 2060.\" .Xr sysctl 9 2061.Sh HISTORY 2062The 2063.Nm 2064function first appeared in 2065.Bx 4.4 . 2066