1.\" $NetBSD: sysctl.7,v 1.140 2019/08/05 22:03:10 maya Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd August 6, 2019 33.Dt SYSCTL 7 34.Os 35.Sh NAME 36.Nm sysctl 37.Nd system information variables 38.Sh DESCRIPTION 39The 40.Xr sysctl 3 41library function and the 42.Xr sysctl 8 43utility are used to get and set values of system variables, maintained 44by the kernel. 45The variables are organized in a tree and identified by a sequence of 46numbers, conventionally separated by dots with the topmost identifier 47at the left side. 48The numbers have corresponding text names. 49The 50.Xr sysctlnametomib 3 51function or the 52.Fl M 53argument to the 54.Xr sysctl 8 55utility can be used to convert the text representation to the 56numeric one. 57.Pp 58The individual sysctl variables are described below, both the textual 59and numeric form where applicable. 60The textual names can be used as argument to the 61.Xr sysctl 8 62utility and in the file 63.Pa /etc/sysctl.conf . 64The numeric names are usually defined as preprocessor constants and 65are intended for use by programs. 66Every such constant expands to one integer, which identifies the 67sysctl variable relative to the upper level of the tree. 68See the 69.Xr sysctl 3 70manual page for programming examples. 71.Ss Top level names 72The top level names are defined with a 73.Va CTL_ 74prefix in 75.In sys/sysctl.h , 76and are as follows. 77The next and subsequent levels down are found in the include files 78listed here, and described in separate sections below. 79.Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits" 80.It Sy Name Ta Sy Constant Ta Sy Next level names Ta Sy Description 81.It kern Ta Dv CTL_KERN Ta In sys/sysctl.h Ta High kernel limits 82.It vm Ta Dv CTL_VM Ta In uvm/uvm_param.h Ta Virtual memory 83.It vfs Ta Dv CTL_VFS Ta In sys/mount.h Ta Filesystem 84.It net Ta Dv CTL_NET Ta In sys/socket.h Ta Networking 85.It debug Ta Dv CTL_DEBUG Ta In sys/sysctl.h Ta Debugging 86.It hw Ta Dv CTL_HW Ta In sys/sysctl.h Ta Generic CPU, I/O 87.It machdep Ta Dv CTL_MACHDEP Ta In sys/sysctl.h Ta Machine dependent 88.It user Ta Dv CTL_USER Ta In sys/sysctl.h Ta User-level 89.It ddb Ta Dv CTL_DDB Ta In sys/sysctl.h Ta In-kernel debugger 90.It proc Ta Dv CTL_PROC Ta In sys/sysctl.h Ta Per-process 91.It vendor Ta Dv CTL_VENDOR Ta ? Ta Vendor specific 92.It emul Ta Dv CTL_EMUL Ta In sys/sysctl.h Ta Emulation settings 93.It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h Ta Security settings 94.El 95.Ss The debug.* subtree 96The debugging variables vary from system to system. 97A debugging variable may be added or deleted without need to recompile 98.Nm 99to know about it. 100Each time it runs, 101.Nm 102gets the list of debugging variables from the kernel and 103displays their current values. 104The system defines twenty 105.Vt ( struct ctldebug ) 106variables named 107.Dv debug0 108through 109.Dv debug19 . 110They are declared as separate variables so that they can be 111individually initialized at the location of their associated variable. 112The loader prevents multiple use of the same variable by issuing errors 113if a variable is initialized in more than one place. 114For example, to export the variable 115.Va dospecialcheck 116as a debugging variable, the following declaration would be used: 117.Pp 118.Bd -literal -offset indent -compact 119int dospecialcheck = 1; 120struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; 121.Ed 122.Pp 123Note that the dynamic implementation of 124.Nm 125currently in use largely makes this particular 126.Nm 127interface obsolete. 128See 129.Xr sysctl 8 130.\" and 131.\" .Xr sysctl 9 132for more information. 133.Ss The vfs.* subtree 134A distinguished second level name, 135.Li vfs.generic ( Dv VFS_GENERIC ) , 136is used to get general information about all file systems. 137It has the following third level identifiers: 138.Bl -tag -width "123456" 139.It Li vfs.generic.maxtypenum ( Dv VFS_MAXTYPENUM ) 140The highest valid file system type number. 141.It Li vfs.generic.conf ( Dv VFS_CONF ) 142Returns configuration information about the file system type given as a fourth 143level identifier. 144.It Li vfs.generic.usermount ( Dv VFS_USERMOUNT ) 145Determines if non superuser mounts are allowed, defaults to 146.Dv 0 . 147.It Li vfs.generic.magiclinks ( Dv VFS_MAGICLINKS ) 148Controls if expansion of variables is going to be performed on pathnames 149or not. 150Defaults to no variable expansion, 151.Dv 0 . 152Variables are of the form 153.Li @name 154and the variables supported are described in 155.Xr symlink 7 156under 157.Dq "MAGIC SYMLINKS" . 158.El 159.Pp 160A second level name for controlling the 161.Xr wapbl 4 162(Write Ahead Physical Block Logging file system journalling) 163capabilities with the following third level identifiers: 164.Bl -tag -width "123456" 165.It Li vfs.wapbl.flush_disk_cache 166Controls whether to attempt to flush the disk cache on each commit. 167It defaults to 1 and it should always be on to ensure integrity 168of file system metadata in the event of a power loss. 169For slow disks, turning it off can improve performance. 170.It Li vfs.wapbl.verbose_commit 171For each transaction log commit, print the number of bytes written 172and the time it took to commit as seconds.nanoseconds. 173.El 174.Pp 175The remaining second level identifiers are the file system names, identified 176by the type number returned by a 177.Xr statvfs 2 178call or from 179.Li vfs.generic.conf . 180.Pp 181The third level identifiers available for each file system 182are given in the header file that defines the mount 183argument structure for that file system. 184.Ss The hw.* subtree 185The string and integer information available for the 186.Li hw 187level is detailed below. 188The changeable column shows whether a process with appropriate 189privilege may change the value. 190.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent 191.It Sy Second level name Ta Sy Type Ta Sy Changeable 192.It hw.alignbytes integer no 193.It hw.byteorder integer no 194.It hw.cnmagic string yes 195.It hw.disknames string no 196.It hw.diskstats struct no 197.It hw.machine string no 198.It hw.machine_arch string no 199.It hw.model string no 200.It hw.ncpu integer no 201.It hw.ncpuonline integer no 202.It hw.pagesize integer no 203.It hw.physmem integer no 204.It hw.physmem64 quad no 205.It hw.usermem integer no 206.It hw.usermem64 quad no 207.El 208.Bl -tag -width "123456" 209.It Li hw.alignbytes ( Dv HW_ALIGNBYTES ) 210Alignment constraint for all possible data types. 211This shows the value 212.Dv ALIGNBYTES 213in 214.In machine/param.h , 215at the kernel compilation time. 216.It Li hw.byteorder ( Dv HW_BYTEORDER ) 217The byteorder (4321, or 1234). 218.It Li hw.cnmagic ( Dv HW_CNMAGIC ) 219The console magic key sequence. 220.It Li hw.disknames ( Dv HW_DISKNAMES ) 221The list of (space separated) disk device names on the system. 222.It Li hw.iostatnames ( Dv HW_IOSTATNAMES ) 223A space separated list of devices that will have I/O statistics 224collected on them. 225.It Li hw.iostats ( Dv HW_IOSTATS ) 226Return statistical information on the NFS mounts, disk and tape 227devices on the system. 228An array of 229.Vt struct io_sysctl 230structures is returned, 231whose size depends on the current number of such objects in the system. 232The third level name is the size of the 233.Vt struct io_sysctl . 234The type of object can be determined by examining the 235.Va type 236element of 237.Vt struct io_sysctl . 238Which can be 239.Dv IOSTAT_DISK 240(disk drive), 241.Dv IOSTAT_TAPE 242(tape drive), or 243.Dv IOSTAT_NFS 244(NFS mount). 245.It Li hw.machine ( Dv HW_MACHINE ) 246The machine class. 247.It Li hw.machine_arch ( Dv HW_MACHINE_ARCH ) 248The machine CPU class. 249.It Li hw.model ( Dv HW_MODEL ) 250The machine model. 251.It Li hw.ncpu ( Dv HW_NCPU ) 252The number of CPUs configured. 253.It Li hw.ncpuonline ( Dv HW_NCPUONLINE ) 254The number of CPUs online. 255.It Li hw.pagesize ( Dv HW_PAGESIZE ) 256The software page size. 257.It Li hw.physmem ( Dv HW_PHYSMEM ) 258The bytes of physical memory as a 32-bit integer. 259.It Li hw.physmem64 ( Dv HW_PHYSMEM64 ) 260The bytes of physical memory as a 64-bit integer. 261.It Li hw.usermem ( Dv HW_USERMEM ) 262The bytes of non-kernel memory as a 32-bit integer. 263.It Li hw.usermem64 ( Dv HW_USERMEM64 ) 264The bytes of non-kernel memory as a 64-bit integer. 265.El 266.Ss The kern.* subtree 267This subtree includes data generally related to the kernel. 268The string and integer information available for the 269.Li kern 270level is detailed below. 271The changeable column shows whether a process with appropriate 272privilege may change the value. 273.Bl -column "kern.posix_reader_writer_locks" \ 274"struct kinfo_drivers" "not applicable" 275.It Sy Second level name Ta Sy Type Ta Sy Changeable 276.It kern.aio_listio_max integer yes 277.It kern.aio_max integer yes 278.It kern.arandom integer no 279.It kern.argmax integer no 280.It kern.boothowto integer no 281.It kern.boottime struct timespec no 282.It kern.buildinfo string no 283.\".It kern.bufq node not applicable 284.It kern.ccpu integer no 285.It kern.clockrate struct clockinfo no 286.It kern.consdev integer no 287.It kern.coredump node not applicable 288.It kern.cp_id struct no 289.It kern.cp_time uint64_t[\|] no 290.It kern.cryptodevallowsoft integer yes 291.It kern.defcorename string yes 292.It kern.detachall integer yes 293.It kern.domainname string yes 294.It kern.drivers struct kinfo_drivers no 295.It kern.dump_on_panic integer yes 296.It kern.expose_address integer yes 297.It kern.file struct file no 298.It kern.forkfsleep integer yes 299.It kern.fscale integer no 300.It kern.fsync integer no 301.It kern.hardclock_ticks integer no 302.It kern.hostid integer yes 303.It kern.hostname string yes 304.It kern.iov_max integer no 305.It kern.ipc node not applicable 306.It kern.job_control integer no 307.It kern.labeloffset integer no 308.It kern.labelsector integer no 309.It kern.login_name_max integer no 310.It kern.logsigexit integer yes 311.It kern.lwp struct kinfo_lwp yes 312.It kern.mapped_files integer no 313.It kern.maxfiles integer yes 314.It kern.maxlwp integer yes 315.It kern.maxpartitions integer no 316.It kern.maxphys integer no 317.It kern.maxproc integer yes 318.It kern.maxptys integer yes 319.It kern.maxvnodes integer yes 320.It kern.messages integer yes 321.It kern.mbuf node not applicable 322.It kern.memlock integer no 323.It kern.memlock_range integer no 324.It kern.memory_protection integer no 325.It kern.module node not applicable 326.It kern.monotonic_clock integer no 327.It kern.mqueue node not applicable 328.It kern.msgbuf integer no 329.It kern.msgbufsize integer no 330.It kern.ngroups integer no 331.\".It kern.no_sa_support integer yes 332.It kern.ntptime struct ntptimeval no 333.It kern.osrelease string no 334.It kern.osrevision integer no 335.It kern.ostype string no 336.\".It kern.panic_now integer yes 337.It kern.pipe node not applicable 338.It kern.pool struct pool_sysctl no 339.\" .It kern.posix node not applicable 340.It kern.posix1version integer no 341.It kern.posix_aio integer no 342.It kern.posix_barriers integer no 343.It kern.posix_reader_writer_locks integer no 344.\".It kern.posix_sched integer yes 345.It kern.posix_semaphores integer no 346.It kern.posix_spin_locks integer no 347.It kern.posix_threads integer no 348.It kern.posix_timers integer no 349.It kern.proc struct kinfo_proc no 350.It kern.proc2 struct kinfo_proc2 no 351.It kern.proc_args string no 352.It kern.profiling node not applicable 353.\".It kern.pset node not applicable 354.It kern.rawpartition integer no 355.It kern.root_device string no 356.It kern.root_partition integer no 357.It kern.rtc_offset integer yes 358.It kern.saved_ids integer no 359.It kern.sbmax integer yes 360.It kern.sched node not applicable 361.It kern.securelevel integer raise only 362.It kern.somaxkva integer yes 363.It kern.sooptions integer yes 364.It kern.synchronized_io integer no 365.It kern.timecounter node not applicable 366.It kern.timex struct no 367.It kern.tkstat node not applicable 368.It kern.tty node not applicable 369.It kern.urandom integer no 370.It kern.usercrypto integer yes 371.It kern.userasymcrypto integer yes 372.It kern.veriexec node not applicable 373.It kern.version string no 374.It kern.vnode struct vnode no 375.El 376.Bl -tag -width "123456" 377.It Li kern.aio_listio_max 378The maximum number of asynchronous I/O operations in a single list 379I/O call. 380Like with all variables related to 381.Xr aio 3 , 382the variable may be created and removed dynamically 383upon loading or unloading the corresponding kernel module. 384.It Li kern.aio_max 385The maximum number of asynchronous I/O operations. 386.It Li kern.arandom 387This variable picks a random number each time it is queried. 388The used random number generator 389.Pf ( RNG ) 390is based on 391.Xr arc4random 3 . 392.It Li kern.argmax ( Dv KERN_ARGMAX ) 393The maximum bytes of argument to 394.Xr execve 2 . 395.It Li kern.boothowto 396Flags passed from the boot loader; see 397.Xr reboot 2 398for the meanings of the flags. 399.It Li kern.boottime ( Dv KERN_BOOTTIME ) 400A 401.Vt struct timespec 402structure is returned. 403This structure contains the time that the system was booted. 404That time is defined (for this purpose) to be the time at 405which the kernel first started accumulating clock ticks. 406.It Li kern.bufq 407This variable contains information on the 408.Xr bufq 9 409subsystem. 410Currently, the only third level name implemented is 411.Dv kern.bufq.strategies 412which provides a list of buffer queue strategies currently available. 413.It Li kern.buildinfo 414When the kernel is built, the build environment may optionally provide 415arbitrary information to be stored in this variable. 416.It Li kern.ccpu ( Dv KERN_CCPU ) 417The scheduler exponential decay value. 418.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) 419A 420.Vt struct clockinfo 421structure is returned. 422This structure contains the clock, statistics clock and profiling clock 423frequencies, the number of micro-seconds per hz tick, and the clock 424skew rate. 425Refer to 426.Xr hz 9 427for additional details. 428.It Li kern.consdev ( Dv KERN_CONSDEV ) 429Console device. 430.It Li kern.coredump 431Settings related to set-id processes coredumps. 432By default, set-id processes do not dump core in situations where 433other processes would. 434The settings in this node allows an administrator to change this 435behavior. 436.Pp 437The third level name is 438.Dv kern.coredump.setid 439and fourth level variables are described below. 440.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent 441.It Sy Fourth level name Ta Sy Type Ta Sy Changeable 442.It kern.coredump.setid.dump integer yes 443.It kern.coredump.setid.group integer yes 444.It kern.coredump.setid.mode integer yes 445.It kern.coredump.setid.owner integer yes 446.It kern.coredump.setid.path string yes 447.El 448.Bl -tag -width "123456" 449.It Li kern.coredump.setid.dump 450If non-zero, set-id processes will dump core. 451.It Li kern.coredump.setid.group 452The group-id for the set-id processes' coredump. 453.It Li kern.coredump.setid.mode 454The mode for the set-id processes' coredump. 455See 456.Xr chmod 1 . 457.It Li kern.coredump.setid.owner 458The user-id that will be used as the owner of the set-id processes' 459coredump. 460.It Li kern.coredump.setid.path 461The path to which set-id processes' coredumps will be saved to. 462Same syntax as kern.defcorename. 463.El 464.It Li kern.cp_id ( Dv KERN_CP_ID ) 465Mapping of CPU number to CPU id. 466.It Li kern.cp_time ( Dv KERN_CP_TIME ) 467Returns an array of 468.Dv CPUSTATES 469.Vt uint64_t Ns s . 470This array contains the 471number of clock ticks spent in different CPU states. 472On multi-processor systems, the sum across all CPUs is returned unless 473appropriate space is given for one data set for each CPU. 474Data for a specific CPU can also be obtained by adding the number of the 475CPU at the end of the MIB, enlarging it by one. 476.It Li kern.cryptodevallowsoft 477This variable controls userland access to hardware versus software transforms 478in the 479.Xr crypto 4 480system. 481The available values are as follows: 482.Bl -tag -width XX0 -offset indent 483.It Dv < 0 484Always force userlevel requests to use software transforms. 485.It Dv = 0 486If present, use hardware and grant userlevel requests for 487non-accelerated transforms (handling the latter in software). 488.It Dv > 0 489Allow user requests only for transforms which are hardware-accelerated. 490.El 491.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) 492Default template for the name of core dump files (see also 493.Li proc.pid.corename 494in the per-process variables 495.Li proc.* , 496and 497.Xr core 5 498for format of this template). 499The default value is 500.Pa %n.core 501and can be changed with the kernel configuration option 502.Cd options DEFCORENAME 503(see 504.Xr options 4 505). 506.It Li kern.detachall 507Detach all devices at shutdown. 508.It Li kern.domainname ( Dv KERN_DOMAINNAME ) 509Get or set the YP domain name. 510.It Li kern.drivers ( Dv KERN_DRIVERS ) 511Return an array of 512.Vt struct kinfo_drivers 513that contains the name and major device numbers of all the device drivers 514in the current kernel. 515The 516.Va d_name 517field is always a NUL terminated string. 518The 519.Va d_bmajor 520field will be set to \-1 if the driver doesn't have a block device. 521.It Li kern.expose_address 522Expose kernel addresses in 523.Xr sysctl 3 524calls used by 525.Xr fstat 1 526and 527.Xr sockstat 1 . 528If it is set to 529.Dv 0 530access is not allowed. 531If it is set to 532.Dv 1 533then only processes that have opened 534.Pa /dev/kmem 535can have access. 536If it is set to 537.Dv 2 538every process is allowed. 539Defaults to 540.Dv 0 541for 542.Dv KASLR 543kernels 544and 545.Dv 1 546otherwise. 547Allowing general access renders KASLR ineffective; allowing only kmem 548accessing programs weakens KASLR if those programs can be subverted 549to leak the addresses. 550.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) 551Perform a crash dump on system 552.Xr panic 9 . 553.It Li kern.file ( Dv KERN_FILE ) 554Return the entire file table. 555The returned data consists of a single 556.Vt struct filelist 557followed by an array of 558.Vt struct file , 559whose size depends on the current number of such objects in the system. 560.It Li kern.forkfsleep ( Dv KERN_FORKFSLEEP ) 561If 562.Xr fork 2 563system call fails due to limit on number of processes (either 564the global maxproc limit or user's one), wait for this many 565milliseconds before returning 566.Er EAGAIN 567error to process. 568Useful to keep heavily forking runaway processes in bay. 569Default zero (no sleep). 570Maximum is 20 seconds. 571.It Li kern.fscale ( Dv KERN_FSCALE ) 572The kernel fixed-point scale factor. 573.It Li kern.fsync ( Dv KERN_FSYNC ) 574Return 1 if the 575.St -p1003.1b-93 576File Synchronization Option is available 577on this system, 578otherwise\ 0. 579.It Li kern.hardclock_ticks ( Dv KERN_HARDCLOCK_TICKS ) 580Returns the number of 581.Xr hardclock 9 582ticks. 583.It Li kern.hist 584This variable contains kernel history data if the kernel was 585configured for any of the options 586.Dv UVHMIST , 587.Dv USB_DEBUG , 588.Dv BIOHIST , 589or 590.Dv SCDEBUG . 591(See 592.Xr options 4 593for more details.) 594The third-level names correspond to each available history table. 595The values of the history tables are in an internal format, and can be 596decoded by the 597.Xr vmstat 1 598utility's 599.Fl U 600and 601.Fl u 602options; 603the 604.Fl l 605option can be used to see which tables are available. 606.It Li kern.hostid ( Dv KERN_HOSTID ) 607Get or set the host identifier. 608This is aimed to replace the legacy 609.Xr gethostid 3 610and 611.Xr sethostid 3 612system calls. 613.It Li kern.hostname ( Dv KERN_HOSTNAME ) 614Get or set the 615.Xr hostname 1 . 616.It Li kern.iov_max ( Dv KERN_IOV_MAX ) 617Return the maximum number of 618.Vt iovec 619structures that a process has available for use with 620.Xr preadv 2 , 621.Xr pwritev 2 , 622.Xr readv 2 , 623.Xr recvmsg 2 , 624.Xr sendmsg 2 625and 626.Xr writev 2 . 627.It Li kern.ipc ( Dv KERN_SYSVIPC ) 628Return information about the SysV IPC parameters. 629The third level names for the ipc variables are detailed below. 630.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent 631.It Sy Third level name Ta Sy Type Ta Sy Changeable 632.It kern.ipc.sysvmsg integer no 633.It kern.ipc.sysvsem integer no 634.It kern.ipc.sysvshm integer no 635.It kern.ipc.sysvipc_info struct no 636.It kern.ipc.shmmax integer yes 637.It kern.ipc.shmmni integer yes 638.It kern.ipc.shmseg integer yes 639.It kern.ipc.shmmaxpgs integer yes 640.It kern.ipc.shm_use_phys integer yes 641.It kern.ipc.msgmni integer yes 642.It kern.ipc.msgseg integer yes 643.It kern.ipc.semmni integer yes 644.It kern.ipc.semmns integer yes 645.It kern.ipc.semmnu integer yes 646.El 647.Bl -tag -width "123456" 648.It Li kern.ipc.sysvmsg ( Dv KERN_SYSVIPC_MSG ) 649Returns 1 if System V style message queue functionality is available 650on this system, 651otherwise\ 0. 652.It Li kern.ipc.sysvsem ( Dv KERN_SYSVIPC_SEM ) 653Returns 1 if System V style semaphore functionality is available 654on this system, 655otherwise\ 0. 656.It Li kern.ipc.sysvshm ( Dv KERN_SYSVIPC_SHM ) 657Returns 1 if System V style share memory functionality is available 658on this system, 659otherwise\ 0. 660.It Li kern.ipc.sysvipc_info ( Dv KERN_SYSVIPC_INFO ) 661Return System V style IPC configuration and run-time information. 662The fourth level name selects the System V style IPC facility. 663.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent 664.It Sy Fourth level name Ta Sy Type 665.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info 666.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info 667.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info 668.El 669.Bl -tag -width "123456" 670.It Li KERN_SYSVIPC_MSG_INFO 671Return information on the System V style message facility. 672The 673.Sy msg_sysctl_info 674structure is defined in 675.In sys/msg.h . 676.It Li KERN_SYSVIPC_SEM_INFO 677Return information on the System V style semaphore facility. 678The 679.Sy sem_sysctl_info 680structure is defined in 681.In sys/sem.h . 682.It Li KERN_SYSVIPC_SHM_INFO 683Return information on the System V style shared memory facility. 684The 685.Sy shm_sysctl_info 686structure is defined in 687.In sys/shm.h . 688.El 689.It Li kern.ipc.shmmax ( Dv KERN_SYSVIPC_SHMMAX ) 690Max shared memory segment size in bytes. 691.It Li kern.ipc.shmmni ( Dv KERN_SYSVIPC_SHMMNI ) 692Max number of shared memory identifiers. 693.It Li kern.ipc.shmseg ( Dv KERN_SYSVIPC_SHMSEG ) 694Max shared memory segments per process. 695.It Li kern.ipc.shmmaxpgs ( Dv KERN_SYSVIPC_SHMMAXPGS ) 696Max amount of shared memory in pages. 697.It Li kern.ipc.shm_use_phys ( Dv KERN_SYSVIPC_SHMUSEPHYS ) 698Locking of shared memory in physical memory. 699If 0, memory can be swapped 700out, otherwise it will be locked in physical memory. 701.It Li kern.ipc.msgmni 702Max number of message queue identifiers. 703.It Li kern.ipc.msgseg 704Max number of number of message segments. 705.It Li kern.ipc.semmni 706Max number of number of semaphore identifiers. 707.It Li kern.ipc.semmns 708Max number of number of semaphores in system. 709.It Li kern.ipc.semmnu 710Max number of undo structures in system. 711.El 712.It Li kern.job_control ( Dv KERN_JOB_CONTROL ) 713Return 1 if job control is available on this system, otherwise\ 0. 714.It Li kern.labeloffset ( Dv KERN_LABELOFFSET ) 715The offset within the sector specified by 716.Dv KERN_LABELSECTOR 717of the 718.Xr disklabel 5 . 719.It Li kern.labelsector ( Dv KERN_LABELSECTOR ) 720The sector number containing the 721.Xr disklabel 5 . 722.It Li kern.login_name_max ( Dv KERN_LOGIN_NAME_MAX ) 723The size of the storage required for a login name, in bytes, 724including the terminating NUL. 725.It Li kern.logsigexit ( Dv KERN_LOGSIGEXIT ) 726If this flag is non-zero, the kernel will 727.Xr log 9 728all process exits due to signals which create a 729.Xr core 5 730file, and whether the coredump was created. 731.It Li kern.lwp ( Dv KERN_LWP ) 732Returns information about the current light-weight process. 733The 734.Sy kinfo_lwp 735structure is defined in 736.In sys/sysctl.h . 737.It Li kern.mapped_files ( Dv KERN_MAPPED_FILES ) 738Returns 1 if the 739.St -p1003.1b-93 740Memory Mapped Files Option is available on this system, 741otherwise\ 0. 742.It Li kern.maxfiles ( Dv KERN_MAXFILES ) 743The maximum number of open files that may be open in the system. 744.It Li kern.maxpartitions ( Dv KERN_MAXPARTITIONS ) 745The maximum number of partitions allowed per disk. 746.It Li kern.maxlwp 747The maximum number of Lightweight Processes (threads) the system allows 748per uid. 749.It Li kern.maxphys ( Dv KERN_MAXPHYS ) 750Maximum raw I/O transfer size. 751.It Li kern.maxproc ( Dv KERN_MAXPROC ) 752The maximum number of simultaneous processes the system will allow. 753.It Li kern.maxptys ( Dv KERN_MAXPTYS ) 754The maximum number of pseudo terminals. 755This value can be both raised and lowered, though it cannot 756be set lower than number of currently used ptys. 757See also 758.Xr pty 4 . 759.It Li kern.maxvnodes ( Dv KERN_MAXVNODES ) 760The maximum number of vnodes available on the system. 761This can only be raised. 762.It Li kern.mbuf ( Dv KERN_MBUF ) 763Return information about the mbuf control variables. 764Mbufs are data structures which store network packets and other data 765structures in the networking code, see 766.Xr mbuf 9 . 767The third level names for the mbuf variables are detailed below. 768The changeable column shows whether a process with appropriate 769privilege may change the value. 770.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent 771.It Sy Third level name Ta Sy Type Ta Sy Changeable 772.\" XXX Changeable? really? 773.It kern.mbuf.mblowat integer yes 774.It kern.mbuf.mclbytes integer yes 775.It kern.mbuf.mcllowat integer yes 776.It kern.mbuf.msize integer yes 777.It kern.mbuf.nmbclusters integer yes 778.El 779.Pp 780The variables are as follows: 781.Bl -tag -width "123456" 782.It Li kern.mbuf.mblowat ( Dv MBUF_MBLOWAT ) 783The mbuf low water mark. 784.It Li kern.mbuf.mclbytes ( Dv MBUF_MCLBYTES ) 785The mbuf cluster size. 786.It Li kern.mbuf.mcllowat ( Dv MBUF_MCLLOWAT ) 787The mbuf cluster low water mark. 788.It Li kern.mbuf.msize ( Dv MBUF_MSIZE ) 789The mbuf base size. 790.It Li kern.mbuf.nmbclusters ( Dv MBUF_NMBCLUSTERS ) 791The limit on the number of mbuf clusters. 792The variable can only be increased, and only increased on machines with 793direct-mapped pool pages. 794.El 795.It Li kern.memlock ( Dv KERN_MEMLOCK ) 796Returns 1 if the 797.St -p1003.1b-93 798Process Memory Locking Option is available on this system, 799otherwise\ 0. 800.It Li kern.memlock_range ( Dv KERN_MEMLOCK_RANGE ) 801Returns 1 if the 802.St -p1003.1b-93 803Range Memory Locking Option is available on this system, 804otherwise\ 0. 805.It Li kern.memory_protection ( Dv KERN_MEMORY_PROTECTION ) 806Returns 1 if the 807.St -p1003.1b-93 808Memory Protection Option is available on this system, 809otherwise\ 0. 810.It Li kern.messages 811Kernel console message verbosity. 812See 813.Aq Pa sys/reboot.h 814.Bl -column "verbosity" "setting" -offset indent 815.It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent 816.It 0 Ta Silent Ta Sy AB_SILENT 817.It 1 Ta Quiet Ta Sy AB_QUIET 818.It 2 Ta Normal Ta Sy AB_NORMAL 819.It 3 Ta Verbose Ta Sy AB_VERBOSE 820.It 4 Ta Debug Ta Sy AB_DEBUG 821.El 822.It Li kern.module 823Settings related to kernel modules. 824The third level names for the settings are described below. 825.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent 826.It Sy Third level name Ta Sy Type Ta Sy Changeable 827.It kern.module.autoload integer yes 828.It kern.module.autotime integer yes 829.It kern.module.verbose boolean yes 830.El 831.Pp 832The variables are as follows: 833.Bl -tag -width "123456" 834.It Li kern.module.autoload 835A boolean that controls whether kernel modules are loaded automatically. 836See 837.Xr module 7 838for additional details. 839.It Li kern.module.autotime 840An integer that controls the delay before an attempt is made to 841automatically unload a module that was auto-loaded. 842Setting this value to zero disables the auto-unload function. 843.It Li kern.module.verbose 844A boolean that enables or disables verbose 845debug messages related to kernel modules. 846.El 847.It Li kern.monotonic_clock ( Dv KERN_MONOTONIC_CLOCK ) 848Returns the standard version the implementation of the 849.St -p1003.1b-93 850Monotonic Clock Option conforms to, 851otherwise\ 0. 852.It Li kern.mqueue 853Settings related to POSIX message queues; see 854.Xr mqueue 3 . 855This node is created dynamically when 856the corresponding kernel module is loaded. 857The third level names for the settings are described below. 858.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent 859.It Sy Third level name Ta Sy Type Ta Sy Changeable 860.It kern.mqueue.mq_open_max integer yes 861.It kern.mqueue.mq_prio_max integer yes 862.It kern.mqueue.mq_max_msgsize integer yes 863.It kern.mqueue.mq_def_maxmsg integer yes 864.It kern.mqueue.mq_max_maxmsg integer yes 865.El 866.Pp 867The variables are: 868.Bl -tag -width "123456" 869.It Li kern.mqueue.mq_open_max 870The maximum number of message queue descriptors any single process can open. 871.It Li kern.mqueue.mq_prio_max 872The maximum priority of a message. 873.It Li kern.mqueue.mq_max_msgsize 874The maximum size of a message in a message queue. 875.It Li kern.mqueue.mq_def_maxmsg 876The default maximum message count. 877.It Li kern.mqueue.mq_max_maxmsg 878The maximum number of messages in a message queue. 879.El 880.It Li kern.msgbuf ( Dv KERN_MSGBUF ) 881The kernel message buffer, rotated so that the head of the circular kernel 882message buffer is at the start of the returned data. 883The returned data may contain NUL bytes. 884.It Li kern.msgbufsize ( Dv KERN_MSGBUFSIZE ) 885The maximum number of characters that the kernel message buffer can hold. 886.It Li kern.ngroups ( Dv KERN_NGROUPS ) 887The maximum number of supplemental groups. 888.\" .It Li kern.no_sa_support 889.\" XXX: Undocumented. 890.It Li kern.ntptime ( Dv KERN_NTPTIME ) 891A 892.Vt struct ntptimeval 893structure is returned. 894This structure contains data used by the 895.Xr ntpd 8 896program. 897.It Li kern.osrelease ( Dv KERN_OSRELEASE ) 898The system release string. 899.It Li kern.osrevision ( Dv KERN_OSREV ) 900The system revision string. 901.It Li kern.ostype ( Dv KERN_OSTYPE ) 902The system type string. 903.\".It Li kern.panic_now 904.\" XXX: Undocumented. 905.It Li kern.pipe ( Dv KERN_PIPE ) 906Pipe settings. 907The third level names for the integer pipe settings is detailed below. 908The changeable column shows whether a process with appropriate 909privilege may change the value. 910.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent 911.It Sy Third level name Ta Sy Type Ta Sy Changeable 912.It kern.pipe.kvasiz integer yes 913.It kern.pipe.maxbigpipes integer yes 914.It kern.pipe.maxkvasz integer yes 915.It kern.pipe.limitkva integer yes 916.It kern.pipe.nbigpipes integer yes 917.El 918.Pp 919The variables are as follows: 920.Bl -tag -width "123456" 921.It Li kern.pipe.kvasiz ( Dv KERN_PIPE_KVASIZ ) 922Amount of kernel memory consumed by pipe buffers. 923.It Li kern.pipe.maxbigpipes ( Dv KERN_PIPE_MAXBIGPIPES ) 924Maximum number of 925.Dq big 926pipes. 927.It Li kern.pipe.maxkvasz ( Dv KERN_PIPE_MAXKVASZ ) 928Maximum amount of kernel memory to be used for pipes. 929.It Li kern.pipe.limitkva ( Dv KERN_PIPE_LIMITKVA ) 930Limit for direct transfers via page loan. 931.It Li kern.pipe.nbigpipes ( Dv KERN_PIPE_NBIGPIPES ) 932Number of 933.Dq big 934pipes. 935.El 936.It Li kern.pool 937Provides statistics about the 938.Xr pool 9 939and 940.Xr pool_cache 9 941subsystems. 942.\" XXX: Undocumented .It Li kern.posix ( ? ) 943.\" This is a node in which the only variable is semmax. 944.It Li kern.posix1version ( Dv KERN_POSIX1 ) 945The version of ISO/IEC 9945 946.Pq St -p1003.1 947with which the system attempts to comply. 948.It Li kern.posix_aio 949The version of 950.St -p1003.1 951and its Asynchronous I/O option to which the system attempts to conform. 952.It Li kern.posix_barriers ( Dv KERN_POSIX_BARRIERS ) 953The version of 954.St -p1003.1 955and its 956Barriers 957option to which the system attempts to conform, 958otherwise\ 0. 959.It Li kern.posix_reader_writer_locks ( Dv KERN_POSIX_READER_WRITER_LOCKS ) 960The version of 961.St -p1003.1 962and its 963Read-Write Locks 964option to which the system attempts to conform, 965otherwise\ 0. 966.\".It Li kern.posix_sched 967.\" XXX: Undocumented. 968.It Li kern.posix_semaphores ( Dv KERN_POSIX_SEMAPHORES ) 969The version of 970.St -p1003.1 971and its 972Semaphores 973option to which the system attempts to conform, 974otherwise\ 0. 975.It Li kern.posix_spin_locks ( Dv KERN_POSIX_SPIN_LOCKS ) 976The version of 977.St -p1003.1 978and its 979Spin Locks 980option to which the system attempts to conform, 981otherwise\ 0. 982.It Li kern.posix_threads ( Dv KERN_POSIX_THREADS ) 983The version of 984.St -p1003.1 985and its 986Threads 987option to which the system attempts to conform, 988otherwise\ 0. 989.It Li kern.posix_timers ( Dv KERN_POSIX_TIMERS ) 990The version of 991.St -p1003.1 992and its 993Timers 994option to which the system attempts to conform, 995otherwise\ 0. 996.It Li kern.proc ( Dv KERN_PROC ) 997Return the entire process table, or a subset of it. 998An array of 999.Vt struct kinfo_proc 1000structures is returned, 1001whose size depends on the current number of such objects in the system. 1002The third and fourth level numeric names are as follows: 1003.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent 1004.It Sy Third level name Ta Sy Fourth level is : 1005.It KERN_PROC_ALL None 1006.It KERN_PROC_GID A group ID 1007.It KERN_PROC_PID A process ID 1008.It KERN_PROC_PGRP A process group 1009.It KERN_PROC_RGID A real group ID 1010.It KERN_PROC_RUID A real user ID 1011.It KERN_PROC_SESSION A session ID 1012.It KERN_PROC_TTY A tty device 1013.It KERN_PROC_UID A user ID 1014.El 1015.It Li kern.proc2 ( Dv KERN_PROC2 ) 1016As for 1017.Dv KERN_PROC , 1018but an array of 1019.Vt struct kinfo_proc2 1020structures are returned. 1021The fifth level name is the size of the 1022.Vt struct kinfo_proc2 1023and the sixth level name is the number of structures to return. 1024.It Li kern.proc_args ( Dv KERN_PROC_ARGS ) 1025Return the argv or environment strings (or the number thereof) 1026of a process. 1027Multiple strings are returned separated by NUL characters. 1028The third level name is the process ID. 1029The fourth level name is as follows: 1030.Bl -column "KERN_PROG_PATHNAME" "The full pathname of the executable" -offset indent 1031.It Dv KERN_PROC_ARGV The argv strings 1032.It Dv KERN_PROC_ENV The environ strings 1033.It Dv KERN_PROC_NARGV The number of argv strings 1034.It Dv KERN_PROC_NENV The number of environ strings 1035.It Dv KERN_PROC_PATHNAME The full pathname of the executable 1036.It Dv KERN_PROC_CWD The current working directory 1037.El 1038.It Li kern.profiling ( Dv KERN_PROF ) 1039Return profiling information about the kernel. 1040If the kernel is not compiled for profiling, 1041attempts to retrieve any of the 1042.Dv KERN_PROF 1043values will fail with 1044.Er EOPNOTSUPP . 1045The third level names for the string and integer profiling information 1046is detailed below. 1047The changeable column shows whether a process with appropriate 1048privilege may change the value. 1049.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent 1050.It Sy Third level name Ta Sy Type Ta Sy Changeable 1051.It kern.profiling.count u_short[\|] yes 1052.It kern.profiling.froms u_short[\|] yes 1053.It kern.profiling.gmonparam struct gmonparam no 1054.It kern.profiling.state integer yes 1055.It kern.profiling.tos struct tostruct yes 1056.El 1057.Pp 1058The variables are as follows: 1059.Bl -tag -width "123456" 1060.It Li kern.profiling.count ( Dv GPROF_COUNT ) 1061Array of statistical program counter counts. 1062.It Li kern.profiling.froms ( Dv GPROF_FROMS ) 1063Array indexed by program counter of call-from points. 1064.It Li kern.profiling.gmonparams ( Dv GPROF_GMONPARAM ) 1065Structure giving the sizes of the above arrays. 1066.It Li kern.profiling.state ( Dv GPROF_STATE ) 1067Profiling state. 1068If set to 1069.Dv GMON_PROF_ON , 1070starts profiling. 1071If set to 1072.Dv GMON_PROF_OFF , 1073stops profiling. 1074.It Li kern.profiling.tos ( Dv GPROF_TOS ) 1075Array of 1076.Vt struct tostruct 1077describing destination of calls and their counts. 1078.El 1079.\" .It Li kern.pset 1080.\" XXX: Undocumented. 1081.It Li kern.rawpartition ( Dv KERN_RAWPARTITION ) 1082The raw partition of a disk (a == 0). 1083.It Li kern.root_device ( Dv KERN_ROOT_DEVICE ) 1084The name of the root device (e.g., 1085.Dq wd0 ) . 1086.It Li kern.root_partition ( Dv KERN_ROOT_PARTITION ) 1087The root partition on the root device (a == 0). 1088.It Li kern.rtc_offset ( Dv KERN_RTC_OFFSET ) 1089Return the offset of real time clock from UTC in minutes. 1090.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) 1091Returns 1 if saved set-group and saved set-user ID is available. 1092.It Li kern.sbmax ( Dv KERN_SBMAX ) 1093Maximum socket buffer size in bytes. 1094.It Li kern.securelevel ( Dv KERN_SECURELVL ) 1095See 1096.Xr secmodel_securelevel 9 . 1097.It Li kern.sched ( dynamic ) 1098Influence the scheduling of LWPs, their priorisation and how they are 1099distributed on and moved between CPUs. 1100.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent 1101.It Sy Third level name Sy Type Sy Changeable 1102.It kern.sched.cacheht_time integer yes 1103.It kern.sched.balance_period integer yes 1104.It kern.sched.average_weight integer yes 1105.It kern.sched.min_catch integer yes 1106.It kern.sched.timesoftints integer yes 1107.It kern.sched.kpreempt_pri integer yes 1108.It kern.sched.upreempt_pri integer yes 1109.It kern.sched.maxts integer yes 1110.It kern.sched.mints integer yes 1111.It kern.sched.name string no 1112.It kern.sched.rtts integer no 1113.It kern.sched.pri_min integer no 1114.It kern.sched.pri_max integer no 1115.El 1116.Pp 1117The variables are as follows: 1118.Bl -tag -width "123456" 1119.It Li kern.sched.cacheht_time ( dynamic ) 1120Cache hotness time in which a LWP is kept on one particular CPU 1121and not moved to another CPU. 1122This reduces the overhead of flushing and reloading caches. 1123Defaults to 3ms. 1124Needs to be given in 1125.Dq hz 1126units, see 1127.Xr mstohz 9 . 1128.It Li kern.sched.balance_period ( dynamic ) 1129Interval at which the CPU queues are checked for re-balancing. 1130Defaults to 300ms. 1131Needs to be given in 1132.Dq hz 1133units, see 1134.Xr mstohz 9 . 1135.It Li kern.sched.average_weight ( dynamic ) 1136Can be used to influence how likely LWPs are to be migrated from 1137one CPU's queue of LWPs that are ready to run to a different, idle CPU. 1138The value gives the percentage for weighting the average count of 1139migratable threads from the past against the current number of 1140migratable threads. 1141A small value gives more weight to the past, a larger values more weight 1142on the current situation. 1143Defaults to 50 and must be between 0 and 100. 1144.It Li kern.sched.min_catch ( dynamic ) 1145Minimum count of migratable (runable) threads for catching (stealing) 1146from another CPU. 1147Defaults to 1 but can be increased to decrease chance of thread 1148migration between CPUs. 1149.It Li kern.sched.timesoftints ( dynamic ) 1150Enable tracking of CPU time for soft interrupts 1151as part of a LWP's real execution time. 1152Set to a non-zero value to enable, 1153and see 1154.Xr ps 1 1155for printing CPU times. 1156.It Li kern.sched.kpreempt_pri ( dynamic ) 1157Minimum priority to trigger kernel preemption. 1158.It Li kern.sched.upreempt_pri ( dynamic ) 1159Minimum priority to trigger user preemption. 1160.It Li kern.sched.maxts ( dynamic ) 1161Scheduler specific maximal time quantum (in milliseconds). 1162Must be set to a value larger than 1163.Dq mints 1164and between 10 and 1165.Dq hz 1166as given by the 1167.Dv kern.clockrate 1168sysctl. 1169Provided by the M2 scheduler. 1170.It Li kern.sched.mints ( dynamic ) 1171Scheduler specific minimal time quantum (in milliseconds). 1172Must be set to a value smaller than 1173.Dq maxts 1174and between 1 and 1175.Dq hz 1176as given by the 1177.Dq kern.clockrate 1178sysctl. 1179Provided by the M2 scheduler. 1180.It Li kern.sched.name ( dynamic ) 1181Scheduler name. 1182Provided both by the M2 and the 4BSD scheduler. 1183.It Li kern.sched.rtts ( dynamic ) 1184Fixed scheduler specific round-robin time quantum in milliseconds. 1185Provided both by the M2 and the 4BSD scheduler. 1186.It Li kern.sched.pri_min ( dynamic ) 1187Minimal POSIX real-time priority. 1188See 1189.Xr sched 3 . 1190.It Li kern.sched.pri_max ( dynamic ) 1191Maximal POSIX real-time priority. 1192See 1193.Xr sched 3 . 1194.El 1195.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) 1196Maximum amount of kernel memory to be used for socket buffers in bytes. 1197.It Li kern.sooptions 1198Set the default socket option flags for 1199.Xr socket 2 1200creation. 1201See 1202.Xr setsockopt 2 1203for a list of supported flags. 1204.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) 1205Returns 1 if the 1206.St -p1003.1b-93 1207Synchronized I/O Option is available on this system, 1208otherwise\ 0. 1209.It Li kern.timecounter ( dynamic ) 1210Display and control the timecounter source of the system. 1211.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent 1212.It Sy Third level name Ta Sy Type Ta Sy Changeable 1213.It kern.timecounter.choice string no 1214.It kern.timecounter.hardware string yes 1215.It kern.timecounter.timestepwarnings integer yes 1216.El 1217.Pp 1218The variables are as follows: 1219.Bl -tag -width "123456" 1220.It Li kern.timecounter.choice ( dynamic ) 1221The list of available timecounters with their quality and frequency. 1222.It Li kern.timecounter.hardware ( dynamic ) 1223The currently selected timecounter source. 1224.It Li kern.timecounter.timestepwarnings ( dynamic ) 1225If non-zero display a message each time the time is stepped. 1226.El 1227.It Li kern.timex ( Dv KERN_TIMEX ) 1228Not available. 1229.It Li kern.tkstat ( Dv KERN_TKSTAT ) 1230Return information about the number of characters sent and received 1231on ttys. 1232The third level names for the tty statistic variables are detailed below. 1233The changeable column shows whether a process 1234with appropriate privilege may change the value. 1235.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent 1236.It Sy Third level name Ta Sy Type Ta Sy Changeable 1237.It kern.tkstat.cancc quad no 1238.It kern.tkstat.nin quad no 1239.It kern.tkstat.nout quad no 1240.It kern.tkstat.rawcc quad no 1241.El 1242.Pp 1243The variables are as follows: 1244.Bl -tag -width "123456" 1245.It Li kern.tkstat.cancc ( Dv KERN_TKSTAT_CANCC ) 1246The number of canonical input characters. 1247.It Li kern.tkstat.nin ( Dv KERN_TKSTAT_NIN ) 1248The total number of input characters. 1249.It Li kern.tkstat.nout ( Dv KERN_TKSTAT_NOUT ) 1250The total number of output characters. 1251.It Li kern.tkstat.rawcc ( Dv KERN_TKSTAT_RAWCC ) 1252The number of raw input characters. 1253.El 1254.It Li kern.tty 1255The third level names for the tty setup variables are detailed below. 1256The changeable column shows whether a process 1257with appropriate privilege may change the value. 1258.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent 1259.It Sy Third level name Ta Sy Type Ta Sy Changeable 1260.It kern.tty.qsize int yes 1261.El 1262.Pp 1263The variables are as follows: 1264.Bl -tag -width "123456" 1265.It Li kern.tty.qsize 1266Control/display the size of the default input and output queues selected 1267during tty creation. 1268Is converted to a power of two and its range is between 1269.Dv 1024 1270and 1271.Dv 65536 . 1272.El 1273.It Li kern.uidinfo 1274Resource usage for the current user. 1275.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent 1276.It Sy Third level name Ta Sy Type Ta Sy Changeable 1277.It kern.uidinfo.proccnt integer no 1278.It kern.uidinfo.lwpcnt integer no 1279.It kern.uidinfo.lockcnt integer no 1280.It kern.uidinfo.semcnt integer no 1281.It kern.uidinfo.sbsize integer no 1282.El 1283.Bl -tag -width "123456" 1284.It Li kern.uidinfo.proccnt 1285Returns the number of active processes for the current user. 1286.It Li kern.uidinfo.lwpcnt 1287Returns the number of active threads for the current user; the first thread 1288of each process is not counted. 1289.It Li kern.uidinfo.lockcnt 1290Number of locks held by the current user. 1291.It Li kern.uidinfo.semcnt 1292Number of semaphores held by the current user. 1293.It Li kern.uidinfo.sbsize 1294Number of bytes in socket buffers allocated to the current user. 1295.El 1296.It Li kern.urandom ( Dv KERN_URND ) 1297Random integer value. 1298.It Li kern.usercrypto 1299When enabled, allows userland to 1300.Xr open 2 1301the 1302.Pa /dev/crypto 1303special device, used by the 1304.Xr crypto 4 1305system. 1306.It Li kern.userasymcrypto 1307Enables or disables the use of software asymmetric crypto support in the 1308.Xr crypto 4 1309system. 1310.It Li kern.veriexec 1311Runtime information for 1312.Xr veriexec 8 . 1313.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent 1314.It Sy Third level name Ta Sy Type Ta Sy Changeable 1315.It kern.veriexec.algorithms string no 1316.It kern.veriexec.count node not applicable 1317.It kern.veriexec.strict integer yes 1318.It kern.veriexec.verbose integer yes 1319.El 1320.Bl -tag -width "123456" 1321.It Li kern.veriexec.algorithms 1322Returns a string with the supported algorithms in Veriexec. 1323.It Li kern.veriexec.count 1324Sub-nodes are added to this node as new mounts are monitored by Veriexec. 1325Each mount will be under its own 1326.No tableN 1327node. 1328Under each node there will be three variables, indicating the mount 1329point, the file system type, and the number of entries. 1330.It Li kern.veriexec.strict 1331Controls the strict level of Veriexec. 1332See 1333.Xr security 7 1334for more information on each level's implications. 1335.It Li kern.veriexec.verbose 1336Controls the verbosity level of Veriexec. 1337If 0, only the minimal 1338indication required will be given about what's happening - fingerprint 1339mismatches, removal of entries from the tables, modification of a 1340fingerprinted file. 1341If 1, more messages will be printed (ie., when a file with a valid 1342fingerprint is accessed). 1343Verbose level 2 is debug mode. 1344.El 1345.It Li kern.version ( Dv KERN_VERSION ) 1346The system version string. 1347.It Li kern.vnode ( Dv KERN_VNODE ) 1348Return the entire vnode table. 1349Note, the vnode table is not necessarily a consistent snapshot of 1350the system. 1351The returned data consists of an array whose size depends on the 1352current number of such objects in the system. 1353Each element of the array contains the kernel address of a vnode 1354.Vt struct vnode * 1355followed by the vnode itself 1356.Vt struct vnode . 1357.El 1358.Ss The machdep.* subtree 1359The set of variables defined is architecture dependent. 1360Most architectures define at least the following variables. 1361.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent 1362.It Sy Second level name Ta Sy Type Ta Sy Changeable 1363.It Li machdep.booted_kernel string no 1364.El 1365.\" XXX: Document the above. 1366.Ss The net.* subtree 1367The string and integer information available for the 1368.Li net 1369level is detailed below. 1370The changeable column shows whether a process with appropriate 1371privilege may change the value. 1372The second and third levels are typically the protocol family and 1373protocol number, though this is not always the case. 1374.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent 1375.It Sy Second level name Ta Sy Type Ta Sy Changeable 1376.It net.route routing messages no 1377.It net.inet IPv4 values yes 1378.It net.inet6 IPv6 values yes 1379.It net.key IPsec key management values yes 1380.El 1381.Bl -tag -width "123456" 1382.It Li net.route ( Dv PF_ROUTE ) 1383.\" XXX really? 1384Return the entire routing table or a subset of it. 1385The data is returned as a sequence of routing messages (see 1386.Xr route 4 1387for the header file, format and meaning). 1388The length of each message is contained in the message header. 1389.Pp 1390The third level name is a protocol number, which is currently always\ 0. 1391The fourth level name is an address family, which may be set to 0 to 1392select all address families. 1393The fifth and sixth level names are as follows: 1394.Bl -column "Fifth level name" "Sixth level is:" -offset indent 1395.It Sy Fifth level name Ta Sy Sixth level is : 1396.It NET_RT_FLAGS rtflags 1397.It NET_RT_DUMP None 1398.It NET_RT_IFLIST None 1399.El 1400.It Li net.inet ( Dv PF_INET ) 1401Get or set various global information about the IPv4 1402.Pq Internet Protocol version 4 . 1403The third level name is the protocol. 1404The fourth level name is the variable name. 1405The currently defined protocols and names are: 1406.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent 1407.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable 1408.It arp down integer yes 1409.It arp keep integer yes 1410.It arp log_movements integer yes 1411.It arp log_permanent_modify integer yes 1412.It arp log_unknown_network integer yes 1413.It arp log_wrong_iface integer yes 1414.It carp allow integer yes 1415.It carp preempt integer yes 1416.It carp log integer yes 1417.It carp arpbalance integer yes 1418.It icmp errppslimit integer yes 1419.It icmp maskrepl integer yes 1420.It icmp rediraccept integer yes 1421.It icmp redirtimeout integer yes 1422.It icmp bmcastecho integer yes 1423.It ip allowsrcrt integer yes 1424.It ip anonportalgo.selected string yes 1425.It ip anonportalgo.available string yes 1426.It ip anonportalgo.reserve struct yes 1427.It ip anonportmax integer yes 1428.It ip anonportmin integer yes 1429.It ip checkinterface integer yes 1430.It ip dad_count integer yes 1431.It ip directed-broadcast integer yes 1432.It ip do_loopback_cksum integer yes 1433.It ip forwarding integer yes 1434.It ip forwsrcrt integer yes 1435.It ip gifttl integer yes 1436.It ip grettl integer yes 1437.It ip hashsize integer yes 1438.It ip hostzerobroadcast integer yes 1439.It ip lowportmin integer yes 1440.It ip lowportmax integer yes 1441.It ip maxflows integer yes 1442.It ip maxfragpackets integer yes 1443.It ip mtudisc integer yes 1444.It ip mtudisctimeout integer yes 1445.It ip random_id integer yes 1446.It ip redirect integer yes 1447.It ip subnetsarelocal integer yes 1448.It ip ttl integer yes 1449.It tcp rfc1323 integer yes 1450.It tcp sendspace integer yes 1451.It tcp recvspace integer yes 1452.It tcp mssdflt integer yes 1453.It tcp syn_cache_limit integer yes 1454.It tcp syn_bucket_limit integer yes 1455.It tcp syn_cache_interval integer yes 1456.It tcp init_win integer yes 1457.It tcp init_win_local integer yes 1458.It tcp mss_ifmtu integer yes 1459.It tcp win_scale integer yes 1460.It tcp timestamps integer yes 1461.It tcp cwm integer yes 1462.It tcp cwm_burstsize integer yes 1463.It tcp ack_on_push integer yes 1464.It tcp keepidle integer yes 1465.It tcp keepintvl integer yes 1466.It tcp keepcnt integer yes 1467.It tcp slowhz integer no 1468.It tcp keepinit integer yes 1469.It tcp log_refused integer yes 1470.It tcp rstppslimit integer yes 1471.It tcp ident struct no 1472.It tcp drop struct no 1473.It tcp sack.enable integer yes 1474.It tcp sack.globalholes integer no 1475.It tcp sack.globalmaxholes integer yes 1476.It tcp sack.maxholes integer yes 1477.It tcp ecn.enable integer yes 1478.It tcp ecn.maxretries integer yes 1479.It tcp congctl.selected string yes 1480.It tcp congctl.available string yes 1481.It tcp abc.enable integer yes 1482.It tcp abc.aggressive integer yes 1483.It udp checksum integer yes 1484.It udp do_loopback_cksum integer yes 1485.It udp recvspace integer yes 1486.It udp sendspace integer yes 1487.El 1488.Pp 1489The variables are as follows: 1490.Bl -tag -width "123456" 1491.It Li arp.down 1492Failed ARP entry lifetime. 1493.It Li arp.keep 1494Valid ARP entry lifetime. 1495.It Li carp.allow 1496If set to 0, incoming 1497.Xr carp 4 1498packets will not be processed. 1499If set to any other value, processing will occur. 1500Enabled by default. 1501.It Li carp.arpbalance 1502If set to any value other than 0, the ARP balancing functionality of 1503.Xr carp 4 1504is enabled. 1505When ARP requests are received for an IP address which is part of any virtual 1506host, carp will hash the source IP in the ARP request to select one of the 1507virtual hosts from the set of all the virtual hosts which have that IP address. 1508The master of that host will respond with the correct virtual MAC address. 1509Disabled by default. 1510.It Li carp.log 1511If set to any value other than 0, 1512.Xr carp 4 1513will log errors. 1514Disabled by default. 1515.It Li carp.preempt 1516If set to 0, 1517.Xr carp 4 1518will not attempt to become master if it is receiving advertisements from 1519another active master. 1520If set to any other value, carp will become master of the virtual host if it 1521believes it can send advertisements more frequently than the current master. 1522Disabled by default. 1523.It Li ip.allowsrcrt 1524If set to 1, the host accepts source routed packets. 1525.It Li ip.anonportalgo.available 1526The available RFC 6056 port randomization algorithms. 1527.It Li ip.anonportalgo.reserve 1528A bitmask of ports that will not be used during anonymous or privileged 1529port selection. 1530.It Li ip.anonportalgo.selected 1531The currently selected RFC 6056 port randomization algorithm. 1532.It Li ip.anonportmax 1533The highest port number to use for TCP and UDP ephemeral port allocation. 1534This cannot be set to less than 1024 or greater than 65535, and must 1535be greater than 1536.Li ip.anonportmin . 1537.It Li ip.anonportmin 1538The lowest port number to use for TCP and UDP ephemeral port allocation. 1539This cannot be set to less than 1024 or greater than 65535. 1540.It Li ip.checkinterface 1541If set to non-zero, the host will reject packets addressed to it 1542that arrive on an interface not bound to that address. 1543Currently, this must be disabled if NAT is used to translate the 1544destination address to another local interface, or if addresses 1545are added to the loopback interface instead of the interface where 1546the packets for those packets are received. 1547.It Li ip.dad_count 1548The number of 1549.Xr arp 4 1550probes sent for Address Conflict Detection. 1551Set to 0 to disable this. 1552.It Li ip.directed-broadcast 1553If set to 1, enables directed broadcast behavior for the host. 1554.It Li ip.do_loopback_cksum 1555Perform IP checksum on loopback. 1556.It Li ip.forwarding 1557If set to 1, enables IP forwarding for the host, 1558meaning that the host is acting as a router. 1559.It Li ip.forwsrcrt 1560If set to 1, enables forwarding of source-routed packets for the host. 1561This value may only be changed if the kernel security level is less than 1. 1562.It Li ip.gifttl 1563The maximum time-to-live (hop count) value for an IPv4 packet generated by 1564.Xr gif 4 1565tunnel interface. 1566.It Li ip.grettl 1567The maximum time-to-live (hop count) value for an IPv4 packet generated by 1568.Xr gre 4 1569tunnel interface. 1570.It Li ip.hashsize 1571The size of IPv4 Fast Forward hash table. 1572This value must be a power of 2 (64, 256...). 1573A larger hash table size results in fewer collisions. 1574Also see 1575.Li ip.maxflows . 1576.It Li ip.hostzerobroadcast 1577All zeroes address is broadcast address. 1578.It Li ip.lowportmax 1579The highest port number to use for TCP and UDP reserved port allocation. 1580This cannot be set to less than 0 or greater than 1024, and must 1581be greater than 1582.Li ip.lowportmin . 1583.It Li ip.lowportmin 1584The lowest port number to use for TCP and UDP reserved port allocation. 1585This cannot be set to less than 0 or greater than 1024, and must 1586be smaller than 1587.Li ip.lowportmax . 1588.It Li ip.maxflows 1589IPv4 Fast Forwarding is enabled by default. 1590If set to 0, IPv4 Fast Forwarding is disabled. 1591.Li ip.maxflows 1592controls the maximum amount of flows which can be created. 1593The default value is 256. 1594.It Li ip.maxfragpackets 1595The maximum number of fragmented packets the node will accept. 15960 means that the node will not accept any fragmented packets. 1597\-1 means that the node will accept as many fragmented packets as it receives. 1598The flag is provided basically for avoiding possible DoS attacks. 1599.It Li ip.mtudisc 1600If set to 1, enables Path MTU Discovery (RFC 1191). 1601When Path MTU Discovery is enabled, the transmitted TCP segment 1602size will be determined by the advertised maximum segment size 1603(MSS) from the remote end, as constrained by the path MTU. 1604If MTU Discovery is disabled, the transmitted segment size will 1605never be greater than 1606.Li tcp.mssdflt 1607(the local maximum segment size). 1608.It Li ip.mtudisctimeout 1609The number of seconds in which a route added by the Path MTU 1610Discovery engine will time out. 1611When the route times out, the Path 1612MTU Discovery engine will attempt to probe a larger path MTU. 1613.It Li ip.random_id 1614Assign random ip_id values. 1615.It Li ip.redirect 1616If set to 1, ICMP redirects may be sent by the host. 1617This option is ignored unless the host is routing IP packets, 1618and should normally be enabled on all systems. 1619.It Li ip.subnetsarelocal 1620If set to 1, subnets are to be considered local addresses. 1621.It Li ip.ttl 1622The maximum time-to-live (hop count) value for an IP packet sourced by 1623the system. 1624This value applies to normal transport protocols, not to ICMP. 1625.It Li icmp.errppslimit 1626The variable specifies the maximum number of outgoing ICMP error messages, 1627per second. 1628ICMP error messages that exceeded the value are subject to rate limitation 1629and will not go out from the node. 1630Negative value disables rate limitation. 1631.It Li icmp.maskrepl 1632If set to 1, ICMP network mask requests are to be answered. 1633.It Li icmp.rediraccept 1634If set to non-zero, the host will accept ICMP redirect packets. 1635Note that routers will never accept ICMP redirect packets, 1636and the variable is meaningful on IP hosts only. 1637.It Li icmp.redirtimeout 1638The variable specifies lifetime of routing entries generated by incoming 1639ICMP redirect. 1640This defaults to 600 seconds. 1641.It Li icmp.returndatabytes 1642Number of bytes to return in an ICMP error message. 1643.It Li icmp.bmcastecho 1644If set to 1, enables responding to ICMP echo or timestamp request to the 1645broadcast address. 1646.It Li tcp.ack_on_push 1647If set to 1, TCP is to immediately transmit an ACK upon reception of 1648a packet with PUSH set. 1649This can avoid losing a round trip time in some rare situations, 1650but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1651Use of this option is generally not recommended, but 1652the variable exists in case your configuration really needs it. 1653.It Li tcp.cwm 1654If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window 1655Monitoring algorithm. 1656This algorithm prevents line-rate bursts of packets that could 1657otherwise occur when data begins flowing on an idle TCP connection. 1658These line-rate bursts can contribute to network and router congestion. 1659This can be particularly useful on World Wide Web servers 1660which support HTTP/1.1, which has lingering connections. 1661.It Li tcp.cwm_burstsize 1662The Congestion Window Monitoring allowed burst size, in terms 1663of packet count. 1664.It Li tcp.delack_ticks 1665Number of ticks to delay sending an ACK. 1666.It Li tcp.do_loopback_cksum 1667Perform TCP checksum on loopback. 1668.It Li tcp.init_win 1669A value indicating the TCP initial congestion window. 1670The valid range 1671is 0 to 10 (maximum specified by RFC6928), 1672with a default of 4 (approximately 4K per RFC3390). 1673.It Li tcp.init_win_local 1674Like 1675.Li tcp.init_win , 1676but used when communicating with hosts on a local network. 1677.It Li tcp.keepcnt 1678Number of keepalive probes sent before declaring a connection dead. 1679If set to zero, there is no limit; 1680keepalives will be sent until some kind of 1681response is received from the peer. 1682.It Li tcp.keepidle 1683Time a connection must be idle before keepalives are sent (if keepalives 1684are enabled for the connection). 1685See also tcp.slowhz. 1686.It Li tcp.keepintvl 1687Time after a keepalive probe is sent until, in the absence of any response, 1688another probe is sent. 1689See also tcp.slowhz. 1690.It Li tcp.log_refused 1691If set to 1, refused TCP connections to the host will be logged. 1692.It Li tcp.keepinit 1693Timeout in seconds during connection establishment. 1694.It Li tcp.mss_ifmtu 1695If set to 1, TCP calculates the outgoing maximum segment size based on 1696the MTU of the appropriate interface. 1697If set to 0, it is calculated based on the greater of the MTU of the 1698interface, and the largest (non-loopback) interface MTU on the system. 1699.It Li tcp.mssdflt 1700The default maximum segment size both advertised to the peer 1701and to use when either the peer does not advertise a maximum segment size to 1702us during connection setup or Path MTU Discovery 1703.Li ( ip.mtudisc ) 1704is disabled. 1705Do not change this value unless you really know what you are doing. 1706.It Li tcp.recvspace 1707The default TCP receive buffer size. 1708.It Li tcp.rfc1323 1709If set to 1, enables RFC 1323 extensions to TCP. 1710.It Li tcp.rstppslimit 1711The variable specifies the maximum number of outgoing TCP RST packets, 1712per second. 1713TCP RST packet that exceeded the value are subject to rate limitation 1714and will not go out from the node. 1715Negative value disables rate limitation. 1716.It Li tcp.ident 1717Return the user ID of a connected socket pair. 1718(RFC1413 Identification Protocol lookups.) 1719.It Li tcp.drop 1720Drop a TCP socket pair connection. 1721.It Li tcp.sack.enable 1722If set to 1, enables RFC 2018 Selective ACKnowledgement. 1723.It Li tcp.sack.globalholes 1724Global number of TCP SACK holes. 1725.It Li tcp.sack.globalmaxholes 1726Global maximum number of TCP SACK holes. 1727.It Li tcp.sack.maxholes 1728Maximum number of TCP SACK holes allowed per connection. 1729.It Li tcp.ecn.enable 1730If set to 1, enables RFC 3168 Explicit Congestion Notification. 1731.It Li tcp.ecn.maxretries 1732Number of times to retry sending the ECN-setup packet. 1733.It Li tcp.sendspace 1734The default TCP send buffer size. 1735.It Li tcp.slowhz 1736The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1737of a clock that ticks tcp.slowhz times per second. 1738(That is, their values 1739must be divided by the tcp.slowhz value to get times in seconds.) 1740.It Li tcp.syn_bucket_limit 1741The maximum number of entries allowed per hash bucket in the TCP 1742compressed state engine. 1743.It Li tcp.syn_cache_limit 1744The maximum number of entries allowed in the TCP compressed state 1745engine. 1746.It Li tcp.timestamps 1747If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1748used for measuring TCP round trip times, are enabled. 1749.It Li tcp.win_scale 1750If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1751for increasing the TCP window size, are enabled. 1752.It Li tcp.congctl.available 1753The available TCP congestion control algorithms. 1754.It Li tcp.congctl.selected 1755The currently selected TCP congestion control algorithm. 1756.It Li tcp.abc.enable 1757If set to 1, use RFC 3465 Appropriate Byte Counting (ABC). 1758If set to 0, use traditional Packet Counting. 1759.It Li tcp.abc.aggressive 1760Choose the L parameter found in RFC 3465. 1761L is the maximum cwnd increase for an ack during slow start. 1762If set to 1, use L=2*SMSS. 1763If set to 0, use L=1*SMSS. 1764It has no effect unless tcp.abc.enable is set to 1. 1765.It Li udp.checksum 1766If set to 1, UDP checksums are being computed. 1767Received non-zero UDP checksums are always checked. 1768Disabling UDP checksums is strongly discouraged. 1769.It Li udp.recvspace 1770The default UDP receive buffer size. 1771.It Li udp.sendspace 1772The default UDP send buffer size. 1773.El 1774.Pp 1775For variables net.*.ipsec, please refer to 1776.Xr ipsec 4 . 1777.It Li net.inet6 ( Dv PF_INET6 ) 1778Get or set various global information about the IPv6 1779.Pq Internet Protocol version 6 . 1780The third level name is the protocol. 1781The fourth level name is the variable name. 1782The currently defined protocols and names are: 1783.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent 1784.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable 1785.It icmp6 errppslimit integer yes 1786.It icmp6 mtudisc_hiwat integer yes 1787.It icmp6 mtudisc_lowat integer yes 1788.It icmp6 nd6_debug integer yes 1789.It icmp6 nd6_delay integer yes 1790.It icmp6 nd6_maxnudhint integer yes 1791.It icmp6 nd6_mmaxtries integer yes 1792.It icmp6 nd6_prune integer yes 1793.It icmp6 nd6_umaxtries integer yes 1794.It icmp6 nd6_useloopback integer yes 1795.It icmp6 nodeinfo integer yes 1796.It icmp6 rediraccept integer yes 1797.It icmp6 redirtimeout integer yes 1798.It ip6 accept_rtadv integer yes 1799.It ip6 addctlpolicy struct in6_addrpolicy no 1800.It ip6 anonportalgo.selected string yes 1801.It ip6 anonportalgo.available string yes 1802.It ip6 anonportalgo.reserve struct yes 1803.It ip6 anonportmax integer yes 1804.It ip6 anonportmin integer yes 1805.It ip6 auto_flowlabel integer yes 1806.It ip6 dad_count integer yes 1807.It ip6 defmcasthlim integer yes 1808.It ip6 forwarding integer yes 1809.It ip6 gifhlim integer yes 1810.It ip6 hashsize integer yes 1811.It ip6 hlim integer yes 1812.It ip6 hdrnestlimit integer yes 1813.It ip6 kame_version string no 1814.It ip6 keepfaith integer yes 1815.It ip6 log_interval integer yes 1816.It ip6 lowportmax integer yes 1817.It ip6 lowportmin integer yes 1818.It ip6 maxdynroutes integer yes 1819.It ip6 maxifprefixes integer yes 1820.It ip6 maxifdefrouters integer yes 1821.It ip6 maxflows integer yes 1822.It ip6 maxfragpackets integer yes 1823.It ip6 maxfrags integer yes 1824.It ip6 neighborgcthresh integer yes 1825.It ip6 redirect integer yes 1826.It ip6 rr_prune integer yes 1827.It ip6 use_deprecated integer yes 1828.It ip6 v6only integer yes 1829.It udp6 do_loopback_cksum integer yes 1830.It udp6 recvspace integer yes 1831.It udp6 sendspace integer yes 1832.El 1833.Pp 1834The variables are as follows: 1835.Bl -tag -width "123456" 1836.It Li ip6.accept_rtadv 1837If set to non-zero, the node will accept ICMPv6 router advertisement packets 1838and autoconfigures address prefixes and default routers. 1839The node must be a host 1840.Pq not a router 1841for the option to be meaningful. 1842.It Li ip6.anonportalgo.available 1843The available RFC 6056 port randomization algorithms. 1844.It Li ip6.anonportalgo.reserve 1845A bitmask of ports that will not be used during anonymous or privileged 1846port selection. 1847.It Li ip6.anonportalgo.selected 1848The currently selected RFC 6056 port randomization algorithm. 1849.It Li ip6.anonportmax 1850The highest port number to use for TCP and UDP ephemeral port allocation. 1851This cannot be set to less than 1024 or greater than 65535, and must 1852be greater than 1853.Li ip6.anonportmin . 1854.It Li ip6.anonportmin 1855The lowest port number to use for TCP and UDP ephemeral port allocation. 1856This cannot be set to less than 1024 or greater than 65535. 1857.It Li ip6.auto_flowlabel 1858On connected transport protocol packets, 1859fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1860.It Li ip6.dad_count 1861The variable configures number of IPv6 DAD 1862.Pq duplicated address detection 1863probe packets. 1864The packets will be generated when IPv6 interface addresses are configured. 1865.It Li ip6.defmcasthlim 1866The default hop limit value for an IPv6 multicast packet sourced by the node. 1867This value applies to all the transport protocols on top of IPv6. 1868There are APIs to override the value, as documented in 1869.Xr ip6 4 . 1870.It Li ip6.forwarding 1871If set to 1, enables IPv6 forwarding for the node, 1872meaning that the node is acting as a router. 1873If set to 0, disables IPv6 forwarding for the node, 1874meaning that the node is acting as a host. 1875IPv6 specification defines node behavior for 1876.Dq router 1877case and 1878.Dq host 1879case quite differently, and changing this variable during operation 1880may cause serious trouble. 1881It is recommended to configure the variable at bootstrap time, 1882and bootstrap time only. 1883.It Li ip6.gifhlim 1884The maximum hop limit value for an IPv6 packet generated by 1885.Xr gif 4 1886tunnel interface. 1887.It Li ip6.hdrnestlimit 1888The number of IPv6 extension headers permitted on incoming IPv6 packets. 1889If set to 0, the node will accept as many extension headers as possible. 1890.It Li ip6.hashsize 1891The size of IPv6 Fast Forward hash table. 1892This value must be a power of 2 (64, 256, ...). 1893A larger hash table size results in fewer collisions. 1894Also see 1895.Li ip6.maxflows . 1896.It Li ip6.hlim 1897The default hop limit value for an IPv6 unicast packet sourced by the node. 1898This value applies to all the transport protocols on top of IPv6. 1899There are APIs to override the value, as documented in 1900.Xr ip6 4 . 1901.It Li ip6.kame_version 1902The string identifies the version of KAME IPv6 stack implemented in the kernel. 1903.It Li ip6.keepfaith 1904If set to non-zero, it enables 1905.Dq FAITH 1906TCP relay IPv6-to-IPv4 translator code in the kernel. 1907Refer 1908.Xr faith 4 1909and 1910.Xr faithd 8 1911for detail. 1912.It Li ip6.log_interval 1913The variable controls amount of logs generated by IPv6 packet 1914forwarding engine, by setting interval between log output 1915.Pq in seconds . 1916.It Li ip6.lowportmax 1917The highest port number to use for TCP and UDP reserved port allocation. 1918This cannot be set to less than 0 or greater than 1024, and must 1919be greater than 1920.Li ip6.lowportmin . 1921.It Li ip6.lowportmin 1922The lowest port number to use for TCP and UDP reserved port allocation. 1923This cannot be set to less than 0 or greater than 1024, and must 1924be smaller than 1925.Li ip6.lowportmax . 1926.It Li ip6.maxdynroutes 1927Maximum number of routes created by redirect. 1928Set it to negative to disable. 1929The default value is 4096. 1930.It Li ip6.maxifprefixes 1931Maximum number of prefixes created by route advertisements per interface. 1932Set it to negative to disable. 1933The default value is 16. 1934.It Li ip6.maxifdefrouters 16 1935Maximum number of default routers created by route advertisements per interface. 1936Set it to negative to disable. 1937The default value is 16. 1938.It Li ip6.maxflows 1939IPv6 Fast Forwarding is enabled by default. 1940If set to 0, IPv6 Fast Forwarding is disabled. 1941.Li ip6.maxflows 1942controls the maximum amount of flows which can be created. 1943The default value is 256. 1944.It Li ip6.maxfragpackets 1945The maximum number of fragmented packets the node will accept. 19460 means that the node will not accept any fragmented packets. 1947\-1 means that the node will accept as many fragmented packets as it receives. 1948The flag is provided basically for avoiding possible DoS attacks. 1949.It Li ip6.maxfrags 1950The maximum number of fragments the node will accept. 19510 means that the node will not accept any fragments. 1952\-1 means that the node will accept as many fragments as it receives. 1953The flag is provided basically for avoiding possible DoS attacks. 1954.It Li ip6.neighborgcthresh 1955Maximum number of entries in neighbor cache per interface. 1956Set to negative to disable. 1957The default value is 2048. 1958.It Li ip6.redirect 1959If set to 1, ICMPv6 redirects may be sent by the node. 1960This option is ignored unless the node is routing IP packets, 1961and should normally be enabled on all systems. 1962.It Li ip6.rr_prune 1963The variable specifies interval between IPv6 router renumbering prefix 1964babysitting, in seconds. 1965.It Li ip6.use_deprecated 1966The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1967.It Li ip6.v6only 1968The variable specifies initial value for 1969.Dv IPV6_V6ONLY 1970socket option for 1971.Dv AF_INET6 1972socket. 1973Please refer to 1974.Xr ip6 4 1975for detail. 1976.It Li icmp6.errppslimit 1977The variable specifies the maximum number of outgoing ICMPv6 error messages, 1978per second. 1979ICMPv6 error messages that exceeded the value are subject to rate limitation 1980and will not go out from the node. 1981Negative value disables rate limitation. 1982.It Li icmp6.mtudisc_hiwat 1983.It Li icmp6.mtudisc_lowat 1984The variables define the maximum number of routing table entries, 1985created due to path MTU discovery 1986.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1987When IPv6 path MTU discovery happens, we keep path MTU information into 1988the routing table. 1989If the number of routing table entries exceed the value, 1990the kernel will not attempt to keep the path MTU information. 1991.Li icmp6.mtudisc_hiwat 1992is used when we have verified ICMPv6 too big messages. 1993.Li icmp6.mtudisc_lowat 1994is used when we have unverified ICMPv6 too big messages. 1995Verification is performed by using address/port pairs kept in connected pcbs. 1996Negative value disables the upper limit. 1997.It Li icmp6.nd6_debug 1998If set to non-zero, kernel IPv6 neighbor discovery code will generate 1999debugging messages. 2000The debug outputs are useful to diagnose IPv6 interoperability issues. 2001The flag must be set to 0 for normal operation. 2002.It Li icmp6.nd6_delay 2003The variable specifies 2004.Dv DELAY_FIRST_PROBE_TIME 2005timing constant in IPv6 neighbor discovery specification 2006.Pq RFC 2461 , 2007in seconds. 2008.It Li icmp6.nd6_maxnudhint 2009IPv6 neighbor discovery permits upper layer protocols to supply reachability 2010hints, to avoid unnecessary neighbor discovery exchanges. 2011The variable defines the number of consecutive hints the neighbor discovery 2012layer will take. 2013For example, by setting the variable to 3, neighbor discovery layer 2014will take 3 consecutive hints in maximum. 2015After receiving 3 hints, neighbor discovery layer will perform 2016normal neighbor discovery process. 2017.It Li icmp6.nd6_mmaxtries 2018The variable specifies 2019.Dv MAX_MULTICAST_SOLICIT 2020constant in IPv6 neighbor discovery specification 2021.Pq RFC 2461 . 2022.It Li icmp6.nd6_prune 2023The variable specifies interval between IPv6 neighbor cache babysitting, 2024in seconds. 2025.It Li icmp6.nd6_umaxtries 2026The variable specifies 2027.Dv MAX_UNICAST_SOLICIT 2028constant in IPv6 neighbor discovery specification 2029.Pq RFC 2461 . 2030.It Li icmp6.nd6_useloopback 2031If set to non-zero, kernel IPv6 stack will use loopback interface for 2032local traffic. 2033.It Li icmp6.nodeinfo 2034The variable enables responses to ICMPv6 node information queries. 2035If you set the variable to 0, responses will not be generated for 2036ICMPv6 node information queries. 2037Since node information queries can have a security impact, it is 2038possible to fine tune which responses should be answered. 2039Two separate bits can be set. 2040.Bl -tag -width "12345" 2041.It 1 2042Respond to ICMPv6 FQDN queries, e.g. 2043.Li ping6 -w . 2044.It 2 2045Respond to ICMPv6 node addresses queries, e.g. 2046.Li ping6 -a . 2047.El 2048.It Li icmp6.rediraccept 2049If set to non-zero, the host will accept ICMPv6 redirect packets. 2050Note that IPv6 routers will never accept ICMPv6 redirect packets, 2051and the variable is meaningful on IPv6 hosts 2052.Pq non-router 2053only. 2054.It Li icmp6.redirtimeout 2055The variable specifies lifetime of routing entries generated by incoming 2056ICMPv6 redirect. 2057.It Li udp6.do_loopback_cksum 2058Perform UDP checksum on loopback. 2059.It Li udp6.recvspace 2060Default UDP receive buffer size. 2061.It Li udp6.sendspace 2062Default UDP send buffer size. 2063.El 2064.Pp 2065We reuse net.*.tcp for TCP over IPv6, 2066and therefore we do not have variables net.*.tcp6. 2067Variables net.inet6.udp6 have identical meaning to net.inet.udp. 2068Please refer to 2069.Li PF_INET 2070section above. 2071For variables net.*.ipsec6, please refer to 2072.Xr ipsec 4 . 2073.It Li net.key ( Dv PF_KEY ) 2074Get or set various global information about the IPsec key management. 2075The third level name is the variable name. 2076The currently defined variable and names are: 2077.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent 2078.It Sy Variable Type Ta Sy Changeable 2079.It debug integer yes 2080.It enabled integer yes 2081.It used integer no 2082.It spi_try integer yes 2083.It spi_min_value integer yes 2084.It spi_max_value integer yes 2085.It larval_lifetime integer yes 2086.It blockacq_count integer yes 2087.It blockacq_lifetime integer yes 2088.It esp_keymin integer yes 2089.It esp_auth integer yes 2090.It ah_keymin integer yes 2091.El 2092The variables are as follows: 2093.Bl -tag -width "123456" 2094.It Li debug 2095Turn on debugging message from within the kernel. 2096The value is a bitmap, as defined in 2097.In netipsec/key_debug.h . 2098.It Li enabled 2099Control processing of IPsec control messages. 2100.Bl -tag -width indent 2101.It 0 2102Never allow IPsec processing 2103.It 1 2104Allow IPsec processing when SPD policies are present. 2105.It 2 2106Force IPsec processing even when SPD policies are not present. 2107.El 2108.It Li used 2109Based on if IPsec is enabled, and SPD rule existence, show if 2110IPsec is being used. 2111Note that currently once IPsec is being used, it cannot be disabled. 2112.It Li spi_try 2113The number of times the kernel will try to obtain an unique SPI 2114when it generates it from random number generator. 2115.It Li spi_min_value 2116Minimum SPI value when generating it within the kernel. 2117.It Li spi_max_value 2118Maximum SPI value when generating it within the kernel. 2119.It Li larval_lifetime 2120Lifetime for LARVAL SAD entries, in seconds. 2121.It Li blockacq_count 2122Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 2123It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 2124key management daemon. 2125.It Li blockacq_lifetime 2126Lifetime of ACQUIRE PF_KEY message. 2127.It Li esp_keymin 2128Minimum ESP key length, in bits. 2129The value is used when the kernel creates proposal payload 2130on ACQUIRE PF_KEY message. 2131.It Li esp_auth 2132Whether ESP authentication should be used or not. 2133Non-zero value indicates that ESP authentication should be used. 2134The value is used when the kernel creates proposal payload 2135on ACQUIRE PF_KEY message. 2136.It Li ah_keymin 2137Minimum AH key length, in bits, 2138The value is used when the kernel creates proposal payload 2139on ACQUIRE PF_KEY message. 2140.El 2141.It Li net.local ( Dv PF_LOCAL ) 2142Get or set various global information about 2143.Dv AF_LOCAL 2144type sockets. 2145For some variables, the third level name is the variable name: 2146.Bl -column "Variable" "integer" "Changeable" -offset indent 2147.It Sy Variable Type Ta Sy Changeable 2148.It inflight integer no 2149.It deferred integer no 2150.El 2151The variables are as follows: 2152.Bl -tag -width "123456" 2153.It Li inflight 2154The number of file descriptors currently passed between processes, 2155.Qq in flight . 2156.It Li deferred 2157The number of file descriptors passed between processes that have been 2158deferred for cleanup by a kernel task. 2159.El 2160.Pp 2161Other variables are specific to a socket type: 2162.Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent 2163.It Sy "Socket Type" Sy Variable Type Ta Sy Changeable 2164.It dgram pcblist struct no 2165.It dgram recvspace integer yes 2166.It dgram sendspace integer yes 2167.It seqpacket pcblist struct no 2168.It stream pcblist struct no 2169.It stream recvspace integer yes 2170.It stream sendspace integer yes 2171.El 2172The variables are as follows: 2173.Bl -tag -width "123456" 2174.It Li dgram.pcblist 2175The Protocol Control Block list structure for datagram sockets. 2176Parsed by 2177.Xr netstat 1 2178or 2179.Xr sockstat 1 . 2180.It Li dgram.recvspace 2181The default datagram receive buffer size. 2182.It Li dgram.sendspace 2183The default datagram send buffer size. 2184.It Li seqpacket.pcblist 2185The Protocol Control Block list structure for Sequential Packet sockets. 2186Parsed by 2187.Xr netstat 1 2188or 2189.Xr sockstat 1 . 2190.It Li stream.pcblist 2191The Protocol Control Block list structure for stream sockets. 2192Parsed by 2193.Xr netstat 1 2194or 2195.Xr sockstat 1 . 2196.It Li stream.recvspace 2197The default stream receive buffer size. 2198.It Li stream.sendspace 2199The default stream send buffer size. 2200.El 2201.El 2202.Ss The proc.* subtree 2203The string and integer information available for the 2204.Li proc 2205level is detailed below. 2206The changeable column shows whether a process with appropriate 2207privilege may change the value. 2208These values are per-process, 2209and as such may change from one process to another. 2210When a process is created, 2211the default values are inherited from its parent. 2212When a set-user-ID or set-group-ID binary is executed, the 2213value of PROC_PID_CORENAME is reset to the system default value. 2214The second level name is either the magic value PROC_CURPROC, which 2215points to the current process, or the PID of the target process. 2216.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent 2217.It Sy Third level name Ta Sy Type Ta Sy Changeable 2218.It proc.pid.corename string yes 2219.It proc.pid.rlimit node not applicable 2220.It proc.pid.stopfork int yes 2221.It proc.pid.stopexec int yes 2222.It proc.pid.stopexit int yes 2223.It proc.pid.paxflags int no 2224.El 2225.Bl -tag -width "123456" 2226.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) 2227The template used for the core dump file name (see 2228.Xr core 5 2229for details). 2230The base name must either be 2231.Pa core 2232or end with the suffix 2233.Pa .core 2234(the super-user may set arbitrary names). 2235By default it points to 2236.Dv KERN_DEFCORENAME . 2237.It Li proc.pid.rlimit ( Dv PROC_PID_LIMIT ) 2238Return resources limits, as defined for the 2239.Xr getrlimit 2 2240and 2241.Xr setrlimit 2 2242system calls. 2243The fourth level name is one of: 2244.Bl -tag -width "123456" 2245.It Li proc.pid.rlimit.cputime ( Dv PROC_PID_LIMIT_CPU ) 2246The maximum amount of CPU time (in seconds) to be used by each process. 2247.It Li proc.pid.rlimit.filesize ( Dv PROC_PID_LIMIT_FSIZE ) 2248The largest size (in bytes) file that may be created. 2249.It Li proc.pid.rlimit.datasize ( Dv PROC_PID_LIMIT_DATA ) 2250The maximum size (in bytes) of the data segment for a process; 2251this defines how far a program may extend its break with the 2252.Xr sbrk 2 2253system call. 2254.It Li proc.pid.rlimit.stacksize ( Dv PROC_PID_LIMIT_STACK ) 2255The maximum size (in bytes) of the stack segment for a process; 2256this defines how far a program's stack segment may be extended. 2257Stack extension is performed automatically by the system. 2258.It Li proc.pid.rlimit.coredumpsize ( Dv PROC_PID_LIMIT_CORE ) 2259The largest size (in bytes) 2260.Pa core 2261file that may be created. 2262.It Li proc.pid.rlimit.memoryuse ( Dv PROC_PID_LIMIT_RSS ) 2263The maximum size (in bytes) to which a process's resident set size may 2264grow. 2265This imposes a limit on the amount of physical memory to be given to 2266a process; if memory is tight, the system will prefer to take memory 2267from processes that are exceeding their declared resident set size. 2268.It Li proc.pid.rlimit.memorylocked ( Dv PROC_PID_LIMIT_MEMLOCK ) 2269The maximum size (in bytes) which a process may lock into memory 2270using the 2271.Xr mlock 2 2272function. 2273.It Li proc.pid.rlimit.maxproc ( Dv PROC_PID_LIMIT_NPROC ) 2274The maximum number of simultaneous processes for this user id. 2275.It Li proc.pid.rlimit.descriptors ( Dv PROC_PID_LIMIT_NOFILE ) 2276The maximum number of open files for this process. 2277.It Li proc.pid.rlimit.sbsize ( Dv PROC_PID_LIMIT_SBSIZE ) 2278The maximum size (in bytes) of the socket buffers 2279set by the 2280.Xr setsockopt 2 2281.Dv SO_RCVBUF 2282and 2283.Dv SO_SNDBUF 2284options. 2285.It Li proc.pid.rlimit.vmemoryuse ( Dv PROC_PID_LIMIT_AS ) 2286The maximum size (in bytes) which a process can obtain. 2287.It Li proc.pid.rlimit.maxlwp ( Dv PROC_PID_LIMIT_NTHR ) 2288The maximum number of threads that cen be created and running at one time in 2289the process. 2290The first thread of each process is not counted against this. 2291.El 2292.Pp 2293The fifth level name is one of 2294.Li soft ( Dv PROC_PID_LIMIT_TYPE_SOFT ) 2295or 2296.Li hard ( Dv PROC_PID_LIMIT_TYPE_HARD ) , 2297to select respectively the soft or hard limit. 2298Both are of type integer. 2299.It Li proc.pid.stopfork ( Dv PROC_PID_STOPFORK ) 2300If non zero, the process' children will be stopped after 2301.Xr fork 2 2302calls. 2303The children are created in the SSTOP state and are never scheduled 2304for running before being stopped. 2305This feature enables attaching to a process with a debugger such as 2306.Xr gdb 1 2307before the process has the opportunity to actually do anything. 2308.Pp 2309This value is inherited by the process's children, and it also 2310applies to emulation specific system calls that fork a new process, such as 2311.Fn sproc 2312or 2313.Fn clone . 2314.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) 2315If non zero, the process will be stopped on the next 2316.Xr exec 3 2317call. 2318The process created by 2319.Xr exec 3 2320is created in the SSTOP state and is never scheduled for running 2321before being stopped. 2322This feature enables attaching to a process with a debugger such as 2323.Xr gdb 1 2324before the process has the opportunity to actually do anything. 2325.Pp 2326This value is inherited by the process's children. 2327.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) 2328If non zero, the process will be stopped when it has cause to exit, 2329either by way of calling 2330.Xr exit 3 , 2331.Xr _exit 2 , 2332or by the receipt of a specific signal. 2333The process is stopped before any of its resources or vm space is 2334released allowing examination of the termination state of the process 2335before it disappears. 2336This feature can be used to examine the final conditions of the 2337process's vmspace via 2338.Xr pmap 1 2339or its resource settings with 2340.Xr sysctl 8 2341before it disappears. 2342.Pp 2343This value is also inherited by the process's children. 2344.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) 2345This read-only variable returns the current value of the process's pax 2346flags (see 2347.Xr paxctl 8 ) . 2348.El 2349.Ss The user.* subtree ( Dv CTL_USER ) 2350The string and integer information available for the 2351.Li user 2352level is detailed below. 2353The changeable column shows whether a process with appropriate 2354privilege may change the value. 2355.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent 2356.It Sy Second level name Ta Sy Type Ta Sy Changeable 2357.It user.atexit_max integer no 2358.It user.bc_base_max integer no 2359.It user.bc_dim_max integer no 2360.It user.bc_scale_max integer no 2361.It user.bc_string_max integer no 2362.It user.coll_weights_max integer no 2363.It user.cs_path string no 2364.It user.expr_nest_max integer no 2365.It user.line_max integer no 2366.It user.posix2_c_bind integer no 2367.It user.posix2_c_dev integer no 2368.It user.posix2_char_term integer no 2369.It user.posix2_fort_dev integer no 2370.It user.posix2_fort_run integer no 2371.It user.posix2_localedef integer no 2372.It user.posix2_sw_dev integer no 2373.It user.posix2_upe integer no 2374.It user.posix2_version integer no 2375.It user.re_dup_max integer no 2376.It user.stream_max integer no 2377.It user.stream_max integer no 2378.It user.tzname_max integer no 2379.El 2380.Bl -tag -width "123456" 2381.It Li user.atexit_max ( Dv USER_ATEXIT_MAX ) 2382The maximum number of functions that may be registered with 2383.Xr atexit 3 . 2384.It Li user.bc_base_max ( Dv USER_BC_BASE_MAX ) 2385The maximum ibase/obase values in the 2386.Xr bc 1 2387utility. 2388.It Li user.bc_dim_max ( Dv USER_BC_DIM_MAX ) 2389The maximum array size in the 2390.Xr bc 1 2391utility. 2392.It Li user.bc_scale_max ( Dv USER_BC_SCALE_MAX ) 2393The maximum scale value in the 2394.Xr bc 1 2395utility. 2396.It Li user.bc_string_max ( Dv USER_BC_STRING_MAX ) 2397The maximum string length in the 2398.Xr bc 1 2399utility. 2400.It Li user.coll_weights_max ( Dv USER_COLL_WEIGHTS_MAX ) 2401The maximum number of weights that can be assigned to any entry of 2402the LC_COLLATE order keyword in the locale definition file. 2403.It Li user.cs_path ( USER_CS_PATH ) 2404Return a value for the 2405.Ev PATH 2406environment variable that finds all the standard utilities. 2407.It Li user.expr_nest_max ( Dv USER_EXPR_NEST_MAX ) 2408The maximum number of expressions that can be nested within 2409parenthesis by the 2410.Xr expr 1 2411utility. 2412.It Li user.line_max ( Dv USER_LINE_MAX ) 2413The maximum length in bytes of a text-processing utility's input 2414line. 2415.It Li user.posix2_char_term ( Dv USER_POSIX2_CHAR_TERM ) 2416Return 1 if the system supports at least one terminal type capable of 2417all operations described in 2418.St -p1003.2 , 2419otherwise\ 0. 2420.It Li user.posix2_c_bind ( Dv USER_POSIX2_C_BIND ) 2421Return 1 if the system's C-language development facilities support the 2422C-Language Bindings Option, otherwise\ 0. 2423.It Li user.posix2_c_dev ( Dv USER_POSIX2_C_DEV ) 2424Return 1 if the system supports the C-Language Development Utilities Option, 2425otherwise\ 0. 2426.It Li user.posix2_fort_dev ( Dv USER_POSIX2_FORT_DEV ) 2427Return 1 if the system supports the FORTRAN Development Utilities Option, 2428otherwise\ 0. 2429.It Li user.posix2_fort_run ( Dv USER_POSIX2_FORT_RUN ) 2430Return 1 if the system supports the FORTRAN Runtime Utilities Option, 2431otherwise\ 0. 2432.It Li user.posix2_localedef ( Dv USER_POSIX2_LOCALEDEF ) 2433Return 1 if the system supports the creation of locales, otherwise\ 0. 2434.It Li user.posix2_sw_dev ( Dv USER_POSIX2_SW_DEV ) 2435Return 1 if the system supports the Software Development Utilities Option, 2436otherwise\ 0. 2437.It Li user.posix2_upe ( Dv USER_POSIX2_UPE ) 2438Return 1 if the system supports the User Portability Utilities Option, 2439otherwise\ 0. 2440.It Li user.posix2_version ( Dv USER_POSIX2_VERSION ) 2441The version of 2442.St -p1003.2 2443with which the system attempts to comply. 2444.It Li user.re_dup_max ( Dv USER_RE_DUP_MAX ) 2445The maximum number of repeated occurrences of a regular expression 2446permitted when using interval notation. 2447.It Li user.stream_max ( Dv USER_STREAM_MAX ) 2448The minimum maximum number of streams that a process may have open 2449at any one time. 2450.It Li user.tzname_max ( Dv USER_TZNAME_MAX ) 2451The minimum maximum number of types supported for the name of a 2452timezone. 2453.El 2454.Ss The vm.* subtree ( Dv CTL_VM ) 2455The string and integer information available for the 2456.Li vm 2457level is detailed below. 2458The changeable column shows whether a process with appropriate 2459privilege may change the value. 2460.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent 2461.It Sy Second level name Ta Sy Type Ta Sy Changeable 2462.It vm.anonmax int yes 2463.It vm.anonmin int yes 2464.It vm.bufcache int yes 2465.It vm.bufmem int no 2466.It vm.bufmem_hiwater int yes 2467.It vm.bufmem_lowater int yes 2468.It vm.execmax int yes 2469.It vm.execmin int yes 2470.It vm.filemax int yes 2471.It vm.filemin int yes 2472.It vm.loadavg struct loadavg no 2473.It vm.maxslp int no 2474.It vm.nkmempages int no 2475.It vm.uspace int no 2476.It vm.uvmexp struct uvmexp no 2477.It vm.uvmexp2 struct uvmexp_sysctl no 2478.It vm.vmmeter struct vmtotal no 2479.It vm.proc.map struct kinfo_vmentry no 2480.It vm.guard_size unsigned int no 2481.It vm.thread_guard_size unsigned int yes 2482.El 2483.Bl -tag -width "123456" 2484.It Li vm.anonmax ( Dv VM_ANONMAX ) 2485The percentage of physical memory which will be reclaimed 2486from other types of memory usage to store anonymous application data. 2487.It Li vm.anonmin ( Dv VM_ANONMIN ) 2488The percentage of physical memory which will be always be available for 2489anonymous application data. 2490.It Li vm.bufcache ( Dv VM_BUFCACHE ) 2491The percentage of physical memory which will be available 2492for the buffer cache. 2493.It Li vm.bufmem ( Dv VM_BUFMEM ) 2494The amount of kernel memory that is being used by the buffer cache. 2495.It Li vm.bufmem_lowater ( Dv VM_BUFMEM_LOWATER ) 2496The minimum amount of kernel memory to reserve for the 2497buffer cache. 2498.It Li vm.bufmem_hiwater ( Dv VM_BUFMEM_HIWATER ) 2499The maximum amount of kernel memory to be used for the 2500buffer cache. 2501.It Li vm.execmax ( Dv VM_EXECMAX ) 2502The percentage of physical memory which will be reclaimed 2503from other types of memory usage to store cached executable data. 2504.It Li vm.execmin ( Dv VM_EXECMIN ) 2505The percentage of physical memory which will be always be available for 2506cached executable data. 2507.It Li vm.filemax ( Dv VM_FILEMAX ) 2508The percentage of physical memory which will be reclaimed 2509from other types of memory usage to store cached file data. 2510.It Li vm.filemin ( Dv VM_FILEMIN ) 2511The percentage of physical memory which will be always be available for 2512cached file data. 2513.It Li vm.loadavg ( Dv VM_LOADAVG ) 2514Return the load average history. 2515The returned data consists of a 2516.Vt struct loadavg . 2517.It Li vm.maxslp ( Dv VM_MAXSLP ) 2518The value of the maxslp kernel global variable. 2519.It Li vm.vmmeter ( Dv VM_METER ) 2520Return system wide virtual memory statistics. 2521The returned data consists of a 2522.Vt struct vmtotal . 2523.It vm.user_va0_disable 2524A flag which controls whether user processes can map virtual address\ 0. 2525.It Li vm.proc.map ( Dv VM_PROC ) 2526The third level is 2527.Dv VM_PROC_MAP , 2528the fourth is the pid of the process to display the vm object entries for, and 2529the fifth is the size of 2530.Vt struct kinfo_vmentry . 2531Returns an array of 2532.Vt struct kinfo_vmentry 2533objects. 2534.It Li vm.uspace ( Dv VM_USPACE ) 2535The number of bytes allocated for each kernel stack. 2536.It Li vm.uvmexp ( Dv VM_UVMEXP ) 2537Return system wide virtual memory statistics. 2538The returned data consists of a 2539.Vt struct uvmexp . 2540.It Li vm.uvmexp2 ( Dv VM_UVMEXP2 ) 2541Return system wide virtual memory statistics. 2542The returned data consists of a 2543.Vt struct uvmexp_sysctl . 2544.It Li vm.guard_size 2545Return system wide guard size for the main thread of a program. 2546.It Li vm.thread_guard_size 2547Return system wide default size for the guard area of all other threads 2548of a program. 2549.\" XXX vm.idlezero 2550.El 2551.Ss The ddb.* subtree ( Dv CTL_DDB ) 2552The information available for the 2553.Li ddb 2554level is detailed below. 2555The changeable column shows whether a process with appropriate 2556privilege may change the value. 2557.Bl -column "Second level name" "integer" "Changeable" -offset indent 2558.It Sy Second level name Ta Sy Type Ta Sy Changeable 2559.It ddb.commandonenter string yes 2560.It ddb.dumpstack integer yes 2561.It ddb.fromconsole integer yes 2562.It ddb.lines integer yes 2563.It ddb.maxoff integer yes 2564.It ddb.maxwidth integer yes 2565.It ddb.onpanic integer yes 2566.It ddb.panicstackframes integer yes 2567.It ddb.radix integer yes 2568.It ddb.tabstops integer yes 2569.It ddb.tee_msgbuf integer yes 2570.El 2571.Bl -tag -width "123456" 2572.It Li ddb.commandonenter 2573If not empty, the string is used as the DDB command to be executed each time 2574DDB is entered. 2575.It Li ddb.dumpstack 2576A value of 1 causes a stack trace to be printed on entering ddb from a panic. 2577A value of 0 disables this behaviour. 2578The default value is 1. 2579.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) 2580If not zero, DDB may be entered by sending a break on a serial 2581console or by a special key sequence on a graphics console. 2582.It Li ddb.lines ( Dv DDBCTL_LINES ) 2583Number of display lines. 2584.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) 2585The maximum symbol offset. 2586.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) 2587The maximum output line width. 2588.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) 2589If greater than zero, DDB will be entered if the kernel panics. 2590A value of 1 causes the system to enter DDB on panic. 2591A value of 0 causes the kernel to attempt to print a stack trace, then 2592reboot, while a value of \-1 means neither a stack trace will be printed 2593nor DDB entered. 2594.It Li ddb.panicstackframes 2595Number of stack frames to display on panic. 2596Useful to avoid scrolling away the interesting frames on a glass tty. 2597Default value is 2598.Dv 65535 2599(all frames), useful value around 2600.Dv 10 . 2601.It Li ddb.radix ( Dv DDBCTL_RADIX ) 2602The input and output radix. 2603.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) 2604Tab width. 2605.It Li ddb.tee_msgbuf 2606If not zero, DDB will output also to the kernel message buffer. 2607.El 2608.Pp 2609Some of these MIB 2610nodes are also available as variables from within the debugger. 2611See 2612.Xr ddb 4 2613for more details. 2614.Ss The security.* subtree ( Dv CTL_SECURITY ) 2615The 2616.Li security 2617level contains various security-related settings for 2618the system. 2619The available second level names are: 2620.Bl -column "Second level name" "integer" "Changeable" -offset indent 2621.It Sy Second level name Ta Sy Type Ta Sy Changeable 2622.It Li security.curtain integer yes 2623.It Li security.models node not applicable 2624.It Li security.pax node not applicable 2625.El 2626.Pp 2627Available settings are detailed below. 2628.Bl -tag -width "123456" 2629.It Li security.curtain 2630If non-zero, will filter return objects according to the user ID 2631requesting information about them, preventing users from 2632accessing any objects they do not own. 2633.Pp 2634At the moment, it affects 2635.Xr ps 1 , 2636.Xr netstat 1 2637(for 2638.Dv PF_INET , 2639.Dv PF_INET6 , 2640and 2641.Dv PF_UNIX 2642PCBs), and 2643.Xr w 1 . 2644.It Li security.models 2645.Nx 2646supports pluggable security models. 2647Every security model used, whether if loaded as a module or built with the system, 2648is required to add an entry to this node with at least one element, 2649.Dq name , 2650indicating the name of the security model. 2651.Pp 2652In addition to the name, any settings and other information private to the 2653security model will be available under this node. 2654See 2655.Xr secmodel 9 2656for more information. 2657.It Li security.pax 2658Settings for PaX \(em exploit mitigation features. 2659For more information on any of the PaX features, please see 2660.Xr paxctl 8 2661and 2662.Xr security 7 . 2663The available third and fourth level names are: 2664.Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \ 2665-offset 2n 2666.It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable 2667.It Li security.pax.aslr.enabled integer yes 2668.\".It Li security.pax.aslr.exec_len integer yes 2669.It Li security.pax.aslr.global integer yes 2670.\".It Li security.pax.aslr.mmap_len integer yes 2671.\".It Li security.pax.aslr.stack_len integer yes 2672.It Li security.pax.mprotect.enabled integer yes 2673.It Li security.pax.mprotect.global integer yes 2674.It Li security.pax.mprotect.ptrace integer yes 2675.It Li security.pax.segvguard.enabled integer yes 2676.It Li security.pax.segvguard.expiry_timeout integer yes 2677.It Li security.pax.segvguard.global integer yes 2678.It Li security.pax.segvguard.max_crashes integer yes 2679.It Li security.pax.segvguard.suspend_timeout integer yes 2680.El 2681.Bl -tag -width "123456" 2682.It Li security.pax.aslr.enabled 2683Enable PaX ASLR (Address Space Layout Randomization). 2684.Pp 2685The value of this 2686knob must be non-zero for PaX ASLR to be enabled, even if a program is set to 2687explicit enable. 2688.\".It Li security.pax.aslr.exec_len 2689.\" XXX: Undocumented. 2690.It Li security.pax.aslr.global 2691Specifies the default global policy for programs without an 2692explicit enable/disable flag. 2693.Pp 2694When non-zero, all programs will get PaX ASLR, except those exempted with 2695.Xr paxctl 8 . 2696Otherwise, all programs will not get PaX ASLR, except those specifically 2697marked as such with 2698.Xr paxctl 8 . 2699.\".It Li security.pax.aslr.mmap_len 2700.\" XXX: Undocumented. 2701.\" .It Li security.pax.aslr.stack_len 2702.\" XXX: Undocumented. 2703.It Li security.pax.mprotect.enabled 2704Enable PaX MPROTECT restrictions. 2705.Pp 2706These are 2707.Xr mprotect 2 2708restrictions to better enforce a W^X policy. 2709The value of this 2710knob must be non-zero for PaX MPROTECT to be enabled, even if a 2711program is set to explicit enable. 2712.It Li security.pax.mprotect.global 2713Specifies the default global policy for programs without an 2714explicit enable/disable flag. 2715.Pp 2716When non-zero, all programs will get the PaX MPROTECT restrictions, 2717except those exempted with 2718.Xr paxctl 8 . 2719Otherwise, all programs will not get the PaX MPROTECT restrictions, 2720except those specifically marked as such with 2721.Xr paxctl 8 . 2722.It Li security.pax.mprotect.ptrace 2723This variable allows 2724.Xr ptrace 2 2725to override PaX MPROTECT permissions. 2726It can have the following values: 2727.Bl -tag -width XX -compact 2728.It 0 2729Does not let override any permissions. 2730.It 1 2731Disables PaX MPROTECT from processes that start executing while traced (default). 2732.It 2 2733Bypasses PaX MPROTECT for all processes being traced. 2734.El 2735.It Li security.pax.segvguard.enabled 2736Enable PaX Segvguard. 2737.Pp 2738PaX Segvguard can detect and prevent certain exploitation attempts, where 2739an attacker may try for example to brute-force function return addresses 2740of respawning daemons. 2741.Pp 2742.Em Note : 2743The 2744.Nx 2745interface and implementation of the Segvguard is still experimental, and may 2746change in future releases. 2747.It Li security.pax.segvguard.expiry_timeout 2748If the max number was not reached within this timeout (in seconds), the entry 2749will expire. 2750.It Li security.pax.segvguard.global 2751Specifies the default global policy for programs without an 2752explicit enable/disable flag. 2753.Pp 2754When non-zero, all programs will get the PaX Segvguard, 2755except those exempted with 2756.Xr paxctl 8 . 2757Otherwise, no program will get the PaX Segvguard restrictions, 2758except those specifically marked as such with 2759.Xr paxctl 8 . 2760.It Li security.pax.segvguard.max_crashes 2761The maximum number of segfaults a program can receive before suspension. 2762.It Li security.pax.segvguard.suspend_timeout 2763Number of seconds to suspend a user from running a faulting program when the 2764limit was exceeded. 2765.El 2766.El 2767.Ss The vendor.* subtree ( Dv CTL_VENDOR ) 2768The 2769.Li vendor 2770toplevel name is reserved to be used by vendors who wish to 2771have their own private MIB tree. 2772Intended use is to store values under 2773.Dq vendor.<yourname>.* . 2774.Sh SEE ALSO 2775.Xr sysctl 3 , 2776.Xr ipsec 4 , 2777.Xr tcp 4 , 2778.Xr security 7 , 2779.Xr sysctl 8 2780.Sh HISTORY 2781The 2782.Nm 2783variables first appeared in 2784.Bx 4.4 . 2785