1.\" $NetBSD: sysctl.7,v 1.138 2019/03/01 03:05:08 christos Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd February 28, 2019 33.Dt SYSCTL 7 34.Os 35.Sh NAME 36.Nm sysctl 37.Nd system information variables 38.Sh DESCRIPTION 39The 40.Xr sysctl 3 41library function and the 42.Xr sysctl 8 43utility are used to get and set values of system variables, maintained 44by the kernel. 45The variables are organized in a tree and identified by a sequence of 46numbers, conventionally separated by dots with the topmost identifier 47at the left side. 48The numbers have corresponding text names. 49The 50.Xr sysctlnametomib 3 51function or the 52.Fl M 53argument to the 54.Xr sysctl 8 55utility can be used to convert the text representation to the 56numeric one. 57.Pp 58The individual sysctl variables are described below, both the textual 59and numeric form where applicable. 60The textual names can be used as argument to the 61.Xr sysctl 8 62utility and in the file 63.Pa /etc/sysctl.conf . 64The numeric names are usually defined as preprocessor constants and 65are intended for use by programs. 66Every such constant expands to one integer, which identifies the 67sysctl variable relative to the upper level of the tree. 68See the 69.Xr sysctl 3 70manual page for programming examples. 71.Ss Top level names 72The top level names are defined with a 73.Va CTL_ 74prefix in 75.In sys/sysctl.h , 76and are as follows. 77The next and subsequent levels down are found in the include files 78listed here, and described in separate sections below. 79.Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits" 80.It Sy Name Ta Sy Constant Ta Sy Next level names Ta Sy Description 81.It kern Ta Dv CTL_KERN Ta In sys/sysctl.h Ta High kernel limits 82.It vm Ta Dv CTL_VM Ta In uvm/uvm_param.h Ta Virtual memory 83.It vfs Ta Dv CTL_VFS Ta In sys/mount.h Ta Filesystem 84.It net Ta Dv CTL_NET Ta In sys/socket.h Ta Networking 85.It debug Ta Dv CTL_DEBUG Ta In sys/sysctl.h Ta Debugging 86.It hw Ta Dv CTL_HW Ta In sys/sysctl.h Ta Generic CPU, I/O 87.It machdep Ta Dv CTL_MACHDEP Ta In sys/sysctl.h Ta Machine dependent 88.It user Ta Dv CTL_USER Ta In sys/sysctl.h Ta User-level 89.It ddb Ta Dv CTL_DDB Ta In sys/sysctl.h Ta In-kernel debugger 90.It proc Ta Dv CTL_PROC Ta In sys/sysctl.h Ta Per-process 91.It vendor Ta Dv CTL_VENDOR Ta ? Ta Vendor specific 92.It emul Ta Dv CTL_EMUL Ta In sys/sysctl.h Ta Emulation settings 93.It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h Ta Security settings 94.El 95.Ss The debug.* subtree 96The debugging variables vary from system to system. 97A debugging variable may be added or deleted without need to recompile 98.Nm 99to know about it. 100Each time it runs, 101.Nm 102gets the list of debugging variables from the kernel and 103displays their current values. 104The system defines twenty 105.Vt ( struct ctldebug ) 106variables named 107.Dv debug0 108through 109.Dv debug19 . 110They are declared as separate variables so that they can be 111individually initialized at the location of their associated variable. 112The loader prevents multiple use of the same variable by issuing errors 113if a variable is initialized in more than one place. 114For example, to export the variable 115.Va dospecialcheck 116as a debugging variable, the following declaration would be used: 117.Pp 118.Bd -literal -offset indent -compact 119int dospecialcheck = 1; 120struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; 121.Ed 122.Pp 123Note that the dynamic implementation of 124.Nm 125currently in use largely makes this particular 126.Nm 127interface obsolete. 128See 129.Xr sysctl 8 130.\" and 131.\" .Xr sysctl 9 132for more information. 133.Ss The vfs.* subtree 134A distinguished second level name, 135.Li vfs.generic ( Dv VFS_GENERIC ) , 136is used to get general information about all file systems. 137It has the following third level identifiers: 138.Bl -tag -width "123456" 139.It Li vfs.generic.maxtypenum ( Dv VFS_MAXTYPENUM ) 140The highest valid file system type number. 141.It Li vfs.generic.conf ( Dv VFS_CONF ) 142Returns configuration information about the file system type given as a fourth 143level identifier. 144.It Li vfs.generic.usermount ( Dv VFS_USERMOUNT ) 145Determines if non superuser mounts are allowed, defaults to 146.Dv 0 . 147.It Li vfs.generic.magiclinks ( Dv VFS_MAGICLINKS ) 148Controls if expansion of variables is going to be performed on pathnames 149or not. 150Defaults to no variable expansion, 151.Dv 0 . 152Variables are of the form 153.Li @name 154and the variables supported are described in 155.Xr symlink 7 156under 157.Dq "MAGIC SYMLINKS" . 158.El 159.Pp 160A second level name for controlling the 161.Xr wapbl 4 162(Write Ahead Physical Block Logging file system journalling) 163capabilities with the following third level identifiers: 164.Bl -tag -width "123456" 165.It Li vfs.wapbl.flush_disk_cache 166Controls whether to attempt to flush the disk cache on each commit. 167It defaults to 1 and it should always be on to ensure integrity 168of file system metadata in the event of a power loss. 169For slow disks, turning it off can improve performance. 170.It Li vfs.wapbl.verbose_commit 171For each transaction log commit, print the number of bytes written 172and the time it took to commit as seconds.nanoseconds. 173.El 174.Pp 175The remaining second level identifiers are the file system names, identified 176by the type number returned by a 177.Xr statvfs 2 178call or from 179.Li vfs.generic.conf . 180.Pp 181The third level identifiers available for each file system 182are given in the header file that defines the mount 183argument structure for that file system. 184.Ss The hw.* subtree 185The string and integer information available for the 186.Li hw 187level is detailed below. 188The changeable column shows whether a process with appropriate 189privilege may change the value. 190.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent 191.It Sy Second level name Ta Sy Type Ta Sy Changeable 192.It hw.alignbytes integer no 193.It hw.byteorder integer no 194.It hw.cnmagic string yes 195.It hw.disknames string no 196.It hw.diskstats struct no 197.It hw.machine string no 198.It hw.machine_arch string no 199.It hw.model string no 200.It hw.ncpu integer no 201.It hw.ncpuonline integer no 202.It hw.pagesize integer no 203.It hw.physmem integer no 204.It hw.physmem64 quad no 205.It hw.usermem integer no 206.It hw.usermem64 quad no 207.El 208.Bl -tag -width "123456" 209.It Li hw.alignbytes ( Dv HW_ALIGNBYTES ) 210Alignment constraint for all possible data types. 211This shows the value 212.Dv ALIGNBYTES 213in 214.In machine/param.h , 215at the kernel compilation time. 216.It Li hw.byteorder ( Dv HW_BYTEORDER ) 217The byteorder (4321, or 1234). 218.It Li hw.cnmagic ( Dv HW_CNMAGIC ) 219The console magic key sequence. 220.It Li hw.disknames ( Dv HW_DISKNAMES ) 221The list of (space separated) disk device names on the system. 222.It Li hw.iostatnames ( Dv HW_IOSTATNAMES ) 223A space separated list of devices that will have I/O statistics 224collected on them. 225.It Li hw.iostats ( Dv HW_IOSTATS ) 226Return statistical information on the NFS mounts, disk and tape 227devices on the system. 228An array of 229.Vt struct io_sysctl 230structures is returned, 231whose size depends on the current number of such objects in the system. 232The third level name is the size of the 233.Vt struct io_sysctl . 234The type of object can be determined by examining the 235.Va type 236element of 237.Vt struct io_sysctl . 238Which can be 239.Dv IOSTAT_DISK 240(disk drive), 241.Dv IOSTAT_TAPE 242(tape drive), or 243.Dv IOSTAT_NFS 244(NFS mount). 245.It Li hw.machine ( Dv HW_MACHINE ) 246The machine class. 247.It Li hw.machine_arch ( Dv HW_MACHINE_ARCH ) 248The machine CPU class. 249.It Li hw.model ( Dv HW_MODEL ) 250The machine model. 251.It Li hw.ncpu ( Dv HW_NCPU ) 252The number of CPUs configured. 253.It Li hw.ncpuonline ( Dv HW_NCPUONLINE ) 254The number of CPUs online. 255.It Li hw.pagesize ( Dv HW_PAGESIZE ) 256The software page size. 257.It Li hw.physmem ( Dv HW_PHYSMEM ) 258The bytes of physical memory as a 32-bit integer. 259.It Li hw.physmem64 ( Dv HW_PHYSMEM64 ) 260The bytes of physical memory as a 64-bit integer. 261.It Li hw.usermem ( Dv HW_USERMEM ) 262The bytes of non-kernel memory as a 32-bit integer. 263.It Li hw.usermem64 ( Dv HW_USERMEM64 ) 264The bytes of non-kernel memory as a 64-bit integer. 265.El 266.Ss The kern.* subtree 267This subtree includes data generally related to the kernel. 268The string and integer information available for the 269.Li kern 270level is detailed below. 271The changeable column shows whether a process with appropriate 272privilege may change the value. 273.Bl -column "kern.posix_reader_writer_locks" \ 274"struct kinfo_drivers" "not applicable" 275.It Sy Second level name Ta Sy Type Ta Sy Changeable 276.It kern.aio_listio_max integer yes 277.It kern.aio_max integer yes 278.It kern.arandom integer no 279.It kern.argmax integer no 280.It kern.boothowto integer no 281.It kern.boottime struct timespec no 282.It kern.buildinfo string no 283.\".It kern.bufq node not applicable 284.It kern.ccpu integer no 285.It kern.clockrate struct clockinfo no 286.It kern.consdev integer no 287.It kern.coredump node not applicable 288.It kern.cp_id struct no 289.It kern.cp_time uint64_t[\|] no 290.It kern.cryptodevallowsoft integer yes 291.It kern.defcorename string yes 292.It kern.detachall integer yes 293.It kern.domainname string yes 294.It kern.drivers struct kinfo_drivers no 295.It kern.dump_on_panic integer yes 296.It kern.expose_address integer yes 297.It kern.file struct file no 298.It kern.forkfsleep integer yes 299.It kern.fscale integer no 300.It kern.fsync integer no 301.It kern.hardclock_ticks integer no 302.It kern.hostid integer yes 303.It kern.hostname string yes 304.It kern.iov_max integer no 305.It kern.ipc node not applicable 306.It kern.job_control integer no 307.It kern.labeloffset integer no 308.It kern.labelsector integer no 309.It kern.login_name_max integer no 310.It kern.logsigexit integer yes 311.It kern.mapped_files integer no 312.It kern.maxfiles integer yes 313.It kern.maxlwp integer yes 314.It kern.maxpartitions integer no 315.It kern.maxphys integer no 316.It kern.maxproc integer yes 317.It kern.maxptys integer yes 318.It kern.maxvnodes integer yes 319.It kern.messages integer yes 320.It kern.mbuf node not applicable 321.It kern.memlock integer no 322.It kern.memlock_range integer no 323.It kern.memory_protection integer no 324.It kern.module node not applicable 325.It kern.monotonic_clock integer no 326.It kern.mqueue node not applicable 327.It kern.msgbuf integer no 328.It kern.msgbufsize integer no 329.It kern.ngroups integer no 330.\".It kern.no_sa_support integer yes 331.It kern.ntptime struct ntptimeval no 332.It kern.osrelease string no 333.It kern.osrevision integer no 334.It kern.ostype string no 335.\".It kern.panic_now integer yes 336.It kern.pipe node not applicable 337.It kern.pool struct pool_sysctl no 338.\" .It kern.posix node not applicable 339.It kern.posix1version integer no 340.It kern.posix_aio integer no 341.It kern.posix_barriers integer no 342.It kern.posix_reader_writer_locks integer no 343.\".It kern.posix_sched integer yes 344.It kern.posix_semaphores integer no 345.It kern.posix_spin_locks integer no 346.It kern.posix_threads integer no 347.It kern.posix_timers integer no 348.It kern.proc struct kinfo_proc no 349.It kern.proc2 struct kinfo_proc2 no 350.It kern.proc_args string no 351.It kern.profiling node not applicable 352.\".It kern.pset node not applicable 353.It kern.rawpartition integer no 354.It kern.root_device string no 355.It kern.root_partition integer no 356.It kern.rtc_offset integer yes 357.It kern.saved_ids integer no 358.It kern.sbmax integer yes 359.It kern.sched node not applicable 360.It kern.securelevel integer raise only 361.It kern.somaxkva integer yes 362.It kern.sooptions integer yes 363.It kern.synchronized_io integer no 364.It kern.timecounter node not applicable 365.It kern.timex struct no 366.It kern.tkstat node not applicable 367.It kern.tty node not applicable 368.It kern.urandom integer no 369.It kern.usercrypto integer yes 370.It kern.userasymcrypto integer yes 371.It kern.veriexec node not applicable 372.It kern.version string no 373.It kern.vnode struct vnode no 374.El 375.Bl -tag -width "123456" 376.It Li kern.aio_listio_max 377The maximum number of asynchronous I/O operations in a single list 378I/O call. 379Like with all variables related to 380.Xr aio 3 , 381the variable may be created and removed dynamically 382upon loading or unloading the corresponding kernel module. 383.It Li kern.aio_max 384The maximum number of asynchronous I/O operations. 385.It Li kern.arandom 386This variable picks a random number each time it is queried. 387The used random number generator 388.Pf ( RNG ) 389is based on 390.Xr arc4random 3 . 391.It Li kern.argmax ( Dv KERN_ARGMAX ) 392The maximum bytes of argument to 393.Xr execve 2 . 394.It Li kern.boothowto 395Flags passed from the boot loader; see 396.Xr reboot 2 397for the meanings of the flags. 398.It Li kern.boottime ( Dv KERN_BOOTTIME ) 399A 400.Vt struct timespec 401structure is returned. 402This structure contains the time that the system was booted. 403That time is defined (for this purpose) to be the time at 404which the kernel first started accumulating clock ticks. 405.It Li kern.bufq 406This variable contains information on the 407.Xr bufq 9 408subsystem. 409Currently, the only third level name implemented is 410.Dv kern.bufq.strategies 411which provides a list of buffer queue strategies currently available. 412.It Li kern.buildinfo 413When the kernel is built, the build environment may optionally provide 414arbitrary information to be stored in this variable. 415.It Li kern.ccpu ( Dv KERN_CCPU ) 416The scheduler exponential decay value. 417.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) 418A 419.Vt struct clockinfo 420structure is returned. 421This structure contains the clock, statistics clock and profiling clock 422frequencies, the number of micro-seconds per hz tick, and the clock 423skew rate. 424Refer to 425.Xr hz 9 426for additional details. 427.It Li kern.consdev ( Dv KERN_CONSDEV ) 428Console device. 429.It Li kern.coredump 430Settings related to set-id processes coredumps. 431By default, set-id processes do not dump core in situations where 432other processes would. 433The settings in this node allows an administrator to change this 434behavior. 435.Pp 436The third level name is 437.Dv kern.coredump.setid 438and fourth level variables are described below. 439.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent 440.It Sy Fourth level name Ta Sy Type Ta Sy Changeable 441.It kern.coredump.setid.dump integer yes 442.It kern.coredump.setid.group integer yes 443.It kern.coredump.setid.mode integer yes 444.It kern.coredump.setid.owner integer yes 445.It kern.coredump.setid.path string yes 446.El 447.Bl -tag -width "123456" 448.It Li kern.coredump.setid.dump 449If non-zero, set-id processes will dump core. 450.It Li kern.coredump.setid.group 451The group-id for the set-id processes' coredump. 452.It Li kern.coredump.setid.mode 453The mode for the set-id processes' coredump. 454See 455.Xr chmod 1 . 456.It Li kern.coredump.setid.owner 457The user-id that will be used as the owner of the set-id processes' 458coredump. 459.It Li kern.coredump.setid.path 460The path to which set-id processes' coredumps will be saved to. 461Same syntax as kern.defcorename. 462.El 463.It Li kern.cp_id ( Dv KERN_CP_ID ) 464Mapping of CPU number to CPU id. 465.It Li kern.cp_time ( Dv KERN_CP_TIME ) 466Returns an array of 467.Dv CPUSTATES 468.Vt uint64_t Ns s . 469This array contains the 470number of clock ticks spent in different CPU states. 471On multi-processor systems, the sum across all CPUs is returned unless 472appropriate space is given for one data set for each CPU. 473Data for a specific CPU can also be obtained by adding the number of the 474CPU at the end of the MIB, enlarging it by one. 475.It Li kern.cryptodevallowsoft 476This variable controls userland access to hardware versus software transforms 477in the 478.Xr crypto 4 479system. 480The available values are as follows: 481.Bl -tag -width XX0 -offset indent 482.It Dv < 0 483Always force userlevel requests to use software transforms. 484.It Dv = 0 485If present, use hardware and grant userlevel requests for 486non-accelerated transforms (handling the latter in software). 487.It Dv > 0 488Allow user requests only for transforms which are hardware-accelerated. 489.El 490.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) 491Default template for the name of core dump files (see also 492.Li proc.pid.corename 493in the per-process variables 494.Li proc.* , 495and 496.Xr core 5 497for format of this template). 498The default value is 499.Pa %n.core 500and can be changed with the kernel configuration option 501.Cd options DEFCORENAME 502(see 503.Xr options 4 504). 505.It Li kern.detachall 506Detach all devices at shutdown. 507.It Li kern.domainname ( Dv KERN_DOMAINNAME ) 508Get or set the YP domain name. 509.It Li kern.drivers ( Dv KERN_DRIVERS ) 510Return an array of 511.Vt struct kinfo_drivers 512that contains the name and major device numbers of all the device drivers 513in the current kernel. 514The 515.Va d_name 516field is always a NUL terminated string. 517The 518.Va d_bmajor 519field will be set to \-1 if the driver doesn't have a block device. 520.It Li kern.expose_address 521Expose kernel addresses in 522.Xr sysctl 3 523calls used by 524.Xr fstat 1 525and 526.Xr sockstat 1 . 527If it is set to 528.Dv 0 529access is not allowed. 530If it is set to 531.Dv 1 532then only processes that have opened 533.Pa /dev/kmem 534can have access. 535If it is set to 536.Dv 2 537every process is allowed. 538Defaults to 539.Dv 0 540for 541.Dv KASLR 542kernels 543and 544.Dv 1 545otherwise. 546Allowing general access renders KASLR ineffective; allowing only kmem 547accessing programs weakens KASLR if those programs can be subverted 548to leak the addresses. 549.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) 550Perform a crash dump on system 551.Xr panic 9 . 552.It Li kern.file ( Dv KERN_FILE ) 553Return the entire file table. 554The returned data consists of a single 555.Vt struct filelist 556followed by an array of 557.Vt struct file , 558whose size depends on the current number of such objects in the system. 559.It Li kern.forkfsleep ( Dv KERN_FORKFSLEEP ) 560If 561.Xr fork 2 562system call fails due to limit on number of processes (either 563the global maxproc limit or user's one), wait for this many 564milliseconds before returning 565.Er EAGAIN 566error to process. 567Useful to keep heavily forking runaway processes in bay. 568Default zero (no sleep). 569Maximum is 20 seconds. 570.It Li kern.fscale ( Dv KERN_FSCALE ) 571The kernel fixed-point scale factor. 572.It Li kern.fsync ( Dv KERN_FSYNC ) 573Return 1 if the 574.St -p1003.1b-93 575File Synchronization Option is available 576on this system, 577otherwise\ 0. 578.It Li kern.hardclock_ticks ( Dv KERN_HARDCLOCK_TICKS ) 579Returns the number of 580.Xr hardclock 9 581ticks. 582.It Li kern.hist 583This variable contains kernel history data if the kernel was 584configured for any of the options 585.Dv UVHMIST , 586.Dv USB_DEBUG , 587.Dv BIOHIST , 588or 589.Dv SCDEBUG . 590(See 591.Xr options 4 592for more details.) 593The third-level names correspond to each available history table. 594The values of the history tables are in an internal format, and can be 595decoded by the 596.Xr vmstat 1 597utility's 598.Fl U 599and 600.Fl u 601options; 602the 603.Fl l 604option can be used to see which tables are available. 605.It Li kern.hostid ( Dv KERN_HOSTID ) 606Get or set the host identifier. 607This is aimed to replace the legacy 608.Xr gethostid 3 609and 610.Xr sethostid 3 611system calls. 612.It Li kern.hostname ( Dv KERN_HOSTNAME ) 613Get or set the 614.Xr hostname 1 . 615.It Li kern.iov_max ( Dv KERN_IOV_MAX ) 616Return the maximum number of 617.Vt iovec 618structures that a process has available for use with 619.Xr preadv 2 , 620.Xr pwritev 2 , 621.Xr readv 2 , 622.Xr recvmsg 2 , 623.Xr sendmsg 2 624and 625.Xr writev 2 . 626.It Li kern.ipc ( Dv KERN_SYSVIPC ) 627Return information about the SysV IPC parameters. 628The third level names for the ipc variables are detailed below. 629.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent 630.It Sy Third level name Ta Sy Type Ta Sy Changeable 631.It kern.ipc.sysvmsg integer no 632.It kern.ipc.sysvsem integer no 633.It kern.ipc.sysvshm integer no 634.It kern.ipc.sysvipc_info struct no 635.It kern.ipc.shmmax integer yes 636.It kern.ipc.shmmni integer yes 637.It kern.ipc.shmseg integer yes 638.It kern.ipc.shmmaxpgs integer yes 639.It kern.ipc.shm_use_phys integer yes 640.It kern.ipc.msgmni integer yes 641.It kern.ipc.msgseg integer yes 642.It kern.ipc.semmni integer yes 643.It kern.ipc.semmns integer yes 644.It kern.ipc.semmnu integer yes 645.El 646.Bl -tag -width "123456" 647.It Li kern.ipc.sysvmsg ( Dv KERN_SYSVIPC_MSG ) 648Returns 1 if System V style message queue functionality is available 649on this system, 650otherwise\ 0. 651.It Li kern.ipc.sysvsem ( Dv KERN_SYSVIPC_SEM ) 652Returns 1 if System V style semaphore functionality is available 653on this system, 654otherwise\ 0. 655.It Li kern.ipc.sysvshm ( Dv KERN_SYSVIPC_SHM ) 656Returns 1 if System V style share memory functionality is available 657on this system, 658otherwise\ 0. 659.It Li kern.ipc.sysvipc_info ( Dv KERN_SYSVIPC_INFO ) 660Return System V style IPC configuration and run-time information. 661The fourth level name selects the System V style IPC facility. 662.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent 663.It Sy Fourth level name Ta Sy Type 664.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info 665.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info 666.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info 667.El 668.Bl -tag -width "123456" 669.It Li KERN_SYSVIPC_MSG_INFO 670Return information on the System V style message facility. 671The 672.Sy msg_sysctl_info 673structure is defined in 674.In sys/msg.h . 675.It Li KERN_SYSVIPC_SEM_INFO 676Return information on the System V style semaphore facility. 677The 678.Sy sem_sysctl_info 679structure is defined in 680.In sys/sem.h . 681.It Li KERN_SYSVIPC_SHM_INFO 682Return information on the System V style shared memory facility. 683The 684.Sy shm_sysctl_info 685structure is defined in 686.In sys/shm.h . 687.El 688.It Li kern.ipc.shmmax ( Dv KERN_SYSVIPC_SHMMAX ) 689Max shared memory segment size in bytes. 690.It Li kern.ipc.shmmni ( Dv KERN_SYSVIPC_SHMMNI ) 691Max number of shared memory identifiers. 692.It Li kern.ipc.shmseg ( Dv KERN_SYSVIPC_SHMSEG ) 693Max shared memory segments per process. 694.It Li kern.ipc.shmmaxpgs ( Dv KERN_SYSVIPC_SHMMAXPGS ) 695Max amount of shared memory in pages. 696.It Li kern.ipc.shm_use_phys ( Dv KERN_SYSVIPC_SHMUSEPHYS ) 697Locking of shared memory in physical memory. 698If 0, memory can be swapped 699out, otherwise it will be locked in physical memory. 700.It Li kern.ipc.msgmni 701Max number of message queue identifiers. 702.It Li kern.ipc.msgseg 703Max number of number of message segments. 704.It Li kern.ipc.semmni 705Max number of number of semaphore identifiers. 706.It Li kern.ipc.semmns 707Max number of number of semaphores in system. 708.It Li kern.ipc.semmnu 709Max number of undo structures in system. 710.El 711.It Li kern.job_control ( Dv KERN_JOB_CONTROL ) 712Return 1 if job control is available on this system, otherwise\ 0. 713.It Li kern.labeloffset ( Dv KERN_LABELOFFSET ) 714The offset within the sector specified by 715.Dv KERN_LABELSECTOR 716of the 717.Xr disklabel 5 . 718.It Li kern.labelsector ( Dv KERN_LABELSECTOR ) 719The sector number containing the 720.Xr disklabel 5 . 721.It Li kern.login_name_max ( Dv KERN_LOGIN_NAME_MAX ) 722The size of the storage required for a login name, in bytes, 723including the terminating NUL. 724.It Li kern.logsigexit ( Dv KERN_LOGSIGEXIT ) 725If this flag is non-zero, the kernel will 726.Xr log 9 727all process exits due to signals which create a 728.Xr core 5 729file, and whether the coredump was created. 730.It Li kern.mapped_files ( Dv KERN_MAPPED_FILES ) 731Returns 1 if the 732.St -p1003.1b-93 733Memory Mapped Files Option is available on this system, 734otherwise\ 0. 735.It Li kern.maxfiles ( Dv KERN_MAXFILES ) 736The maximum number of open files that may be open in the system. 737.It Li kern.maxpartitions ( Dv KERN_MAXPARTITIONS ) 738The maximum number of partitions allowed per disk. 739.It Li kern.maxlwp 740The maximum number of Lightweight Processes (threads) the system allows 741per uid. 742.It Li kern.maxphys ( Dv KERN_MAXPHYS ) 743Maximum raw I/O transfer size. 744.It Li kern.maxproc ( Dv KERN_MAXPROC ) 745The maximum number of simultaneous processes the system will allow. 746.It Li kern.maxptys ( Dv KERN_MAXPTYS ) 747The maximum number of pseudo terminals. 748This value can be both raised and lowered, though it cannot 749be set lower than number of currently used ptys. 750See also 751.Xr pty 4 . 752.It Li kern.maxvnodes ( Dv KERN_MAXVNODES ) 753The maximum number of vnodes available on the system. 754This can only be raised. 755.It Li kern.mbuf ( Dv KERN_MBUF ) 756Return information about the mbuf control variables. 757Mbufs are data structures which store network packets and other data 758structures in the networking code, see 759.Xr mbuf 9 . 760The third level names for the mbuf variables are detailed below. 761The changeable column shows whether a process with appropriate 762privilege may change the value. 763.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent 764.It Sy Third level name Ta Sy Type Ta Sy Changeable 765.\" XXX Changeable? really? 766.It kern.mbuf.mblowat integer yes 767.It kern.mbuf.mclbytes integer yes 768.It kern.mbuf.mcllowat integer yes 769.It kern.mbuf.msize integer yes 770.It kern.mbuf.nmbclusters integer yes 771.El 772.Pp 773The variables are as follows: 774.Bl -tag -width "123456" 775.It Li kern.mbuf.mblowat ( Dv MBUF_MBLOWAT ) 776The mbuf low water mark. 777.It Li kern.mbuf.mclbytes ( Dv MBUF_MCLBYTES ) 778The mbuf cluster size. 779.It Li kern.mbuf.mcllowat ( Dv MBUF_MCLLOWAT ) 780The mbuf cluster low water mark. 781.It Li kern.mbuf.msize ( Dv MBUF_MSIZE ) 782The mbuf base size. 783.It Li kern.mbuf.nmbclusters ( Dv MBUF_NMBCLUSTERS ) 784The limit on the number of mbuf clusters. 785The variable can only be increased, and only increased on machines with 786direct-mapped pool pages. 787.El 788.It Li kern.memlock ( Dv KERN_MEMLOCK ) 789Returns 1 if the 790.St -p1003.1b-93 791Process Memory Locking Option is available on this system, 792otherwise\ 0. 793.It Li kern.memlock_range ( Dv KERN_MEMLOCK_RANGE ) 794Returns 1 if the 795.St -p1003.1b-93 796Range Memory Locking Option is available on this system, 797otherwise\ 0. 798.It Li kern.memory_protection ( Dv KERN_MEMORY_PROTECTION ) 799Returns 1 if the 800.St -p1003.1b-93 801Memory Protection Option is available on this system, 802otherwise\ 0. 803.It Li kern.messages 804Kernel console message verbosity. 805See 806.Aq Pa sys/reboot.h 807.Bl -column "verbosity" "setting" -offset indent 808.It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent 809.It 0 Ta Silent Ta Sy AB_SILENT 810.It 1 Ta Quiet Ta Sy AB_QUIET 811.It 2 Ta Normal Ta Sy AB_NORMAL 812.It 3 Ta Verbose Ta Sy AB_VERBOSE 813.It 4 Ta Debug Ta Sy AB_DEBUG 814.El 815.It Li kern.module 816Settings related to kernel modules. 817The third level names for the settings are described below. 818.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent 819.It Sy Third level name Ta Sy Type Ta Sy Changeable 820.It kern.module.autoload integer yes 821.It kern.module.autotime integer yes 822.It kern.module.verbose boolean yes 823.El 824.Pp 825The variables are as follows: 826.Bl -tag -width "123456" 827.It Li kern.module.autoload 828A boolean that controls whether kernel modules are loaded automatically. 829See 830.Xr module 7 831for additional details. 832.It Li kern.module.autotime 833An integer that controls the delay before an attempt is made to 834automatically unload a module that was auto-loaded. 835Setting this value to zero disables the auto-unload function. 836.It Li kern.module.verbose 837A boolean that enables or disables verbose 838debug messages related to kernel modules. 839.El 840.It Li kern.monotonic_clock ( Dv KERN_MONOTONIC_CLOCK ) 841Returns the standard version the implementation of the 842.St -p1003.1b-93 843Monotonic Clock Option conforms to, 844otherwise\ 0. 845.It Li kern.mqueue 846Settings related to POSIX message queues; see 847.Xr mqueue 3 . 848This node is created dynamically when 849the corresponding kernel module is loaded. 850The third level names for the settings are described below. 851.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent 852.It Sy Third level name Ta Sy Type Ta Sy Changeable 853.It kern.mqueue.mq_open_max integer yes 854.It kern.mqueue.mq_prio_max integer yes 855.It kern.mqueue.mq_max_msgsize integer yes 856.It kern.mqueue.mq_def_maxmsg integer yes 857.It kern.mqueue.mq_max_maxmsg integer yes 858.El 859.Pp 860The variables are: 861.Bl -tag -width "123456" 862.It Li kern.mqueue.mq_open_max 863The maximum number of message queue descriptors any single process can open. 864.It Li kern.mqueue.mq_prio_max 865The maximum priority of a message. 866.It Li kern.mqueue.mq_max_msgsize 867The maximum size of a message in a message queue. 868.It Li kern.mqueue.mq_def_maxmsg 869The default maximum message count. 870.It Li kern.mqueue.mq_max_maxmsg 871The maximum number of messages in a message queue. 872.El 873.It Li kern.msgbuf ( Dv KERN_MSGBUF ) 874The kernel message buffer, rotated so that the head of the circular kernel 875message buffer is at the start of the returned data. 876The returned data may contain NUL bytes. 877.It Li kern.msgbufsize ( Dv KERN_MSGBUFSIZE ) 878The maximum number of characters that the kernel message buffer can hold. 879.It Li kern.ngroups ( Dv KERN_NGROUPS ) 880The maximum number of supplemental groups. 881.\" .It Li kern.no_sa_support 882.\" XXX: Undocumented. 883.It Li kern.ntptime ( Dv KERN_NTPTIME ) 884A 885.Vt struct ntptimeval 886structure is returned. 887This structure contains data used by the 888.Xr ntpd 8 889program. 890.It Li kern.osrelease ( Dv KERN_OSRELEASE ) 891The system release string. 892.It Li kern.osrevision ( Dv KERN_OSREV ) 893The system revision string. 894.It Li kern.ostype ( Dv KERN_OSTYPE ) 895The system type string. 896.\".It Li kern.panic_now 897.\" XXX: Undocumented. 898.It Li kern.pipe ( Dv KERN_PIPE ) 899Pipe settings. 900The third level names for the integer pipe settings is detailed below. 901The changeable column shows whether a process with appropriate 902privilege may change the value. 903.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent 904.It Sy Third level name Ta Sy Type Ta Sy Changeable 905.It kern.pipe.kvasiz integer yes 906.It kern.pipe.maxbigpipes integer yes 907.It kern.pipe.maxkvasz integer yes 908.It kern.pipe.limitkva integer yes 909.It kern.pipe.nbigpipes integer yes 910.El 911.Pp 912The variables are as follows: 913.Bl -tag -width "123456" 914.It Li kern.pipe.kvasiz ( Dv KERN_PIPE_KVASIZ ) 915Amount of kernel memory consumed by pipe buffers. 916.It Li kern.pipe.maxbigpipes ( Dv KERN_PIPE_MAXBIGPIPES ) 917Maximum number of 918.Dq big 919pipes. 920.It Li kern.pipe.maxkvasz ( Dv KERN_PIPE_MAXKVASZ ) 921Maximum amount of kernel memory to be used for pipes. 922.It Li kern.pipe.limitkva ( Dv KERN_PIPE_LIMITKVA ) 923Limit for direct transfers via page loan. 924.It Li kern.pipe.nbigpipes ( Dv KERN_PIPE_NBIGPIPES ) 925Number of 926.Dq big 927pipes. 928.El 929.It Li kern.pool 930Provides statistics about the 931.Xr pool 9 932and 933.Xr pool_cache 9 934subsystems. 935.\" XXX: Undocumented .It Li kern.posix ( ? ) 936.\" This is a node in which the only variable is semmax. 937.It Li kern.posix1version ( Dv KERN_POSIX1 ) 938The version of ISO/IEC 9945 939.Pq St -p1003.1 940with which the system attempts to comply. 941.It Li kern.posix_aio 942The version of 943.St -p1003.1 944and its Asynchronous I/O option to which the system attempts to conform. 945.It Li kern.posix_barriers ( Dv KERN_POSIX_BARRIERS ) 946The version of 947.St -p1003.1 948and its 949Barriers 950option to which the system attempts to conform, 951otherwise\ 0. 952.It Li kern.posix_reader_writer_locks ( Dv KERN_POSIX_READER_WRITER_LOCKS ) 953The version of 954.St -p1003.1 955and its 956Read-Write Locks 957option to which the system attempts to conform, 958otherwise\ 0. 959.\".It Li kern.posix_sched 960.\" XXX: Undocumented. 961.It Li kern.posix_semaphores ( Dv KERN_POSIX_SEMAPHORES ) 962The version of 963.St -p1003.1 964and its 965Semaphores 966option to which the system attempts to conform, 967otherwise\ 0. 968.It Li kern.posix_spin_locks ( Dv KERN_POSIX_SPIN_LOCKS ) 969The version of 970.St -p1003.1 971and its 972Spin Locks 973option to which the system attempts to conform, 974otherwise\ 0. 975.It Li kern.posix_threads ( Dv KERN_POSIX_THREADS ) 976The version of 977.St -p1003.1 978and its 979Threads 980option to which the system attempts to conform, 981otherwise\ 0. 982.It Li kern.posix_timers ( Dv KERN_POSIX_TIMERS ) 983The version of 984.St -p1003.1 985and its 986Timers 987option to which the system attempts to conform, 988otherwise\ 0. 989.It Li kern.proc ( Dv KERN_PROC ) 990Return the entire process table, or a subset of it. 991An array of 992.Vt struct kinfo_proc 993structures is returned, 994whose size depends on the current number of such objects in the system. 995The third and fourth level numeric names are as follows: 996.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent 997.It Sy Third level name Ta Sy Fourth level is : 998.It KERN_PROC_ALL None 999.It KERN_PROC_GID A group ID 1000.It KERN_PROC_PID A process ID 1001.It KERN_PROC_PGRP A process group 1002.It KERN_PROC_RGID A real group ID 1003.It KERN_PROC_RUID A real user ID 1004.It KERN_PROC_SESSION A session ID 1005.It KERN_PROC_TTY A tty device 1006.It KERN_PROC_UID A user ID 1007.El 1008.It Li kern.proc2 ( Dv KERN_PROC2 ) 1009As for 1010.Dv KERN_PROC , 1011but an array of 1012.Vt struct kinfo_proc2 1013structures are returned. 1014The fifth level name is the size of the 1015.Vt struct kinfo_proc2 1016and the sixth level name is the number of structures to return. 1017.It Li kern.proc_args ( Dv KERN_PROC_ARGS ) 1018Return the argv or environment strings (or the number thereof) 1019of a process. 1020Multiple strings are returned separated by NUL characters. 1021The third level name is the process ID. 1022The fourth level name is as follows: 1023.Bl -column "KERN_PROG_PATHNAME" "The full pathname of the executable" -offset indent 1024.It Dv KERN_PROC_ARGV The argv strings 1025.It Dv KERN_PROC_ENV The environ strings 1026.It Dv KERN_PROC_NARGV The number of argv strings 1027.It Dv KERN_PROC_NENV The number of environ strings 1028.It Dv KERN_PROC_PATHNAME The full pathname of the executable 1029.El 1030.It Li kern.profiling ( Dv KERN_PROF ) 1031Return profiling information about the kernel. 1032If the kernel is not compiled for profiling, 1033attempts to retrieve any of the 1034.Dv KERN_PROF 1035values will fail with 1036.Er EOPNOTSUPP . 1037The third level names for the string and integer profiling information 1038is detailed below. 1039The changeable column shows whether a process with appropriate 1040privilege may change the value. 1041.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent 1042.It Sy Third level name Ta Sy Type Ta Sy Changeable 1043.It kern.profiling.count u_short[\|] yes 1044.It kern.profiling.froms u_short[\|] yes 1045.It kern.profiling.gmonparam struct gmonparam no 1046.It kern.profiling.state integer yes 1047.It kern.profiling.tos struct tostruct yes 1048.El 1049.Pp 1050The variables are as follows: 1051.Bl -tag -width "123456" 1052.It Li kern.profiling.count ( Dv GPROF_COUNT ) 1053Array of statistical program counter counts. 1054.It Li kern.profiling.froms ( Dv GPROF_FROMS ) 1055Array indexed by program counter of call-from points. 1056.It Li kern.profiling.gmonparams ( Dv GPROF_GMONPARAM ) 1057Structure giving the sizes of the above arrays. 1058.It Li kern.profiling.state ( Dv GPROF_STATE ) 1059Profiling state. 1060If set to 1061.Dv GMON_PROF_ON , 1062starts profiling. 1063If set to 1064.Dv GMON_PROF_OFF , 1065stops profiling. 1066.It Li kern.profiling.tos ( Dv GPROF_TOS ) 1067Array of 1068.Vt struct tostruct 1069describing destination of calls and their counts. 1070.El 1071.\" .It Li kern.pset 1072.\" XXX: Undocumented. 1073.It Li kern.rawpartition ( Dv KERN_RAWPARTITION ) 1074The raw partition of a disk (a == 0). 1075.It Li kern.root_device ( Dv KERN_ROOT_DEVICE ) 1076The name of the root device (e.g., 1077.Dq wd0 ) . 1078.It Li kern.root_partition ( Dv KERN_ROOT_PARTITION ) 1079The root partition on the root device (a == 0). 1080.It Li kern.rtc_offset ( Dv KERN_RTC_OFFSET ) 1081Return the offset of real time clock from UTC in minutes. 1082.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) 1083Returns 1 if saved set-group and saved set-user ID is available. 1084.It Li kern.sbmax ( Dv KERN_SBMAX ) 1085Maximum socket buffer size in bytes. 1086.It Li kern.securelevel ( Dv KERN_SECURELVL ) 1087See 1088.Xr secmodel_securelevel 9 . 1089.It Li kern.sched ( dynamic ) 1090Influence the scheduling of LWPs, their priorisation and how they are 1091distributed on and moved between CPUs. 1092.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent 1093.It Sy Third level name Sy Type Sy Changeable 1094.It kern.sched.cacheht_time integer yes 1095.It kern.sched.balance_period integer yes 1096.It kern.sched.average_weight integer yes 1097.It kern.sched.min_catch integer yes 1098.It kern.sched.timesoftints integer yes 1099.It kern.sched.kpreempt_pri integer yes 1100.It kern.sched.upreempt_pri integer yes 1101.It kern.sched.maxts integer yes 1102.It kern.sched.mints integer yes 1103.It kern.sched.name string no 1104.It kern.sched.rtts integer no 1105.It kern.sched.pri_min integer no 1106.It kern.sched.pri_max integer no 1107.El 1108.Pp 1109The variables are as follows: 1110.Bl -tag -width "123456" 1111.It Li kern.sched.cacheht_time ( dynamic ) 1112Cache hotness time in which a LWP is kept on one particular CPU 1113and not moved to another CPU. 1114This reduces the overhead of flushing and reloading caches. 1115Defaults to 3ms. 1116Needs to be given in 1117.Dq hz 1118units, see 1119.Xr mstohz 9 . 1120.It Li kern.sched.balance_period ( dynamic ) 1121Interval at which the CPU queues are checked for re-balancing. 1122Defaults to 300ms. 1123Needs to be given in 1124.Dq hz 1125units, see 1126.Xr mstohz 9 . 1127.It Li kern.sched.average_weight ( dynamic ) 1128Can be used to influence how likely LWPs are to be migrated from 1129one CPU's queue of LWPs that are ready to run to a different, idle CPU. 1130The value gives the percentage for weighting the average count of 1131migratable threads from the past against the current number of 1132migratable threads. 1133A small value gives more weight to the past, a larger values more weight 1134on the current situation. 1135Defaults to 50 and must be between 0 and 100. 1136.It Li kern.sched.min_catch ( dynamic ) 1137Minimum count of migratable (runable) threads for catching (stealing) 1138from another CPU. 1139Defaults to 1 but can be increased to decrease chance of thread 1140migration between CPUs. 1141.It Li kern.sched.timesoftints ( dynamic ) 1142Enable tracking of CPU time for soft interrupts 1143as part of a LWP's real execution time. 1144Set to a non-zero value to enable, 1145and see 1146.Xr ps 1 1147for printing CPU times. 1148.It Li kern.sched.kpreempt_pri ( dynamic ) 1149Minimum priority to trigger kernel preemption. 1150.It Li kern.sched.upreempt_pri ( dynamic ) 1151Minimum priority to trigger user preemption. 1152.It Li kern.sched.maxts ( dynamic ) 1153Scheduler specific maximal time quantum (in milliseconds). 1154Must be set to a value larger than 1155.Dq mints 1156and between 10 and 1157.Dq hz 1158as given by the 1159.Dv kern.clockrate 1160sysctl. 1161Provided by the M2 scheduler. 1162.It Li kern.sched.mints ( dynamic ) 1163Scheduler specific minimal time quantum (in milliseconds). 1164Must be set to a value smaller than 1165.Dq maxts 1166and between 1 and 1167.Dq hz 1168as given by the 1169.Dq kern.clockrate 1170sysctl. 1171Provided by the M2 scheduler. 1172.It Li kern.sched.name ( dynamic ) 1173Scheduler name. 1174Provided both by the M2 and the 4BSD scheduler. 1175.It Li kern.sched.rtts ( dynamic ) 1176Fixed scheduler specific round-robin time quantum in milliseconds. 1177Provided both by the M2 and the 4BSD scheduler. 1178.It Li kern.sched.pri_min ( dynamic ) 1179Minimal POSIX real-time priority. 1180See 1181.Xr sched 3 . 1182.It Li kern.sched.pri_max ( dynamic ) 1183Maximal POSIX real-time priority. 1184See 1185.Xr sched 3 . 1186.El 1187.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) 1188Maximum amount of kernel memory to be used for socket buffers in bytes. 1189.It Li kern.sooptions 1190Set the default socket option flags for 1191.Xr socket 2 1192creation. 1193See 1194.Xr setsockopt 2 1195for a list of supported flags. 1196.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) 1197Returns 1 if the 1198.St -p1003.1b-93 1199Synchronized I/O Option is available on this system, 1200otherwise\ 0. 1201.It Li kern.timecounter ( dynamic ) 1202Display and control the timecounter source of the system. 1203.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent 1204.It Sy Third level name Ta Sy Type Ta Sy Changeable 1205.It kern.timecounter.choice string no 1206.It kern.timecounter.hardware string yes 1207.It kern.timecounter.timestepwarnings integer yes 1208.El 1209.Pp 1210The variables are as follows: 1211.Bl -tag -width "123456" 1212.It Li kern.timecounter.choice ( dynamic ) 1213The list of available timecounters with their quality and frequency. 1214.It Li kern.timecounter.hardware ( dynamic ) 1215The currently selected timecounter source. 1216.It Li kern.timecounter.timestepwarnings ( dynamic ) 1217If non-zero display a message each time the time is stepped. 1218.El 1219.It Li kern.timex ( Dv KERN_TIMEX ) 1220Not available. 1221.It Li kern.tkstat ( Dv KERN_TKSTAT ) 1222Return information about the number of characters sent and received 1223on ttys. 1224The third level names for the tty statistic variables are detailed below. 1225The changeable column shows whether a process 1226with appropriate privilege may change the value. 1227.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent 1228.It Sy Third level name Ta Sy Type Ta Sy Changeable 1229.It kern.tkstat.cancc quad no 1230.It kern.tkstat.nin quad no 1231.It kern.tkstat.nout quad no 1232.It kern.tkstat.rawcc quad no 1233.El 1234.Pp 1235The variables are as follows: 1236.Bl -tag -width "123456" 1237.It Li kern.tkstat.cancc ( Dv KERN_TKSTAT_CANCC ) 1238The number of canonical input characters. 1239.It Li kern.tkstat.nin ( Dv KERN_TKSTAT_NIN ) 1240The total number of input characters. 1241.It Li kern.tkstat.nout ( Dv KERN_TKSTAT_NOUT ) 1242The total number of output characters. 1243.It Li kern.tkstat.rawcc ( Dv KERN_TKSTAT_RAWCC ) 1244The number of raw input characters. 1245.El 1246.It Li kern.tty 1247The third level names for the tty setup variables are detailed below. 1248The changeable column shows whether a process 1249with appropriate privilege may change the value. 1250.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent 1251.It Sy Third level name Ta Sy Type Ta Sy Changeable 1252.It kern.tty.qsize int yes 1253.El 1254.Pp 1255The variables are as follows: 1256.Bl -tag -width "123456" 1257.It Li kern.tty.qsize 1258Control/display the size of the default input and output queues selected 1259during tty creation. 1260Is converted to a power of two and its range is between 1261.Dv 1024 1262and 1263.Dv 65536 . 1264.El 1265.It Li kern.uidinfo 1266Resource usage for the current user. 1267.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent 1268.It Sy Third level name Ta Sy Type Ta Sy Changeable 1269.It kern.uidinfo.proccnt integer no 1270.It kern.uidinfo.lwpcnt integer no 1271.It kern.uidinfo.lockcnt integer no 1272.It kern.uidinfo.semcnt integer no 1273.It kern.uidinfo.sbsize integer no 1274.El 1275.Bl -tag -width "123456" 1276.It Li kern.uidinfo.proccnt 1277Returns the number of active processes for the current user. 1278.It Li kern.uidinfo.lwpcnt 1279Returns the number of active threads for the current user; the first thread 1280of each process is not counted. 1281.It Li kern.uidinfo.lockcnt 1282Number of locks held by the current user. 1283.It Li kern.uidinfo.semcnt 1284Number of semaphores held by the current user. 1285.It Li kern.uidinfo.sbsize 1286Number of bytes in socket buffers allocated to the current user. 1287.El 1288.It Li kern.urandom ( Dv KERN_URND ) 1289Random integer value. 1290.It Li kern.usercrypto 1291When enabled, allows userland to 1292.Xr open 2 1293the 1294.Pa /dev/crypto 1295special device, used by the 1296.Xr crypto 4 1297system. 1298.It Li kern.userasymcrypto 1299Enables or disables the use of software asymmetric crypto support in the 1300.Xr crypto 4 1301system. 1302.It Li kern.veriexec 1303Runtime information for 1304.Xr veriexec 8 . 1305.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent 1306.It Sy Third level name Ta Sy Type Ta Sy Changeable 1307.It kern.veriexec.algorithms string no 1308.It kern.veriexec.count node not applicable 1309.It kern.veriexec.strict integer yes 1310.It kern.veriexec.verbose integer yes 1311.El 1312.Bl -tag -width "123456" 1313.It Li kern.veriexec.algorithms 1314Returns a string with the supported algorithms in Veriexec. 1315.It Li kern.veriexec.count 1316Sub-nodes are added to this node as new mounts are monitored by Veriexec. 1317Each mount will be under its own 1318.No tableN 1319node. 1320Under each node there will be three variables, indicating the mount 1321point, the file system type, and the number of entries. 1322.It Li kern.veriexec.strict 1323Controls the strict level of Veriexec. 1324See 1325.Xr security 7 1326for more information on each level's implications. 1327.It Li kern.veriexec.verbose 1328Controls the verbosity level of Veriexec. 1329If 0, only the minimal 1330indication required will be given about what's happening - fingerprint 1331mismatches, removal of entries from the tables, modification of a 1332fingerprinted file. 1333If 1, more messages will be printed (ie., when a file with a valid 1334fingerprint is accessed). 1335Verbose level 2 is debug mode. 1336.El 1337.It Li kern.version ( Dv KERN_VERSION ) 1338The system version string. 1339.It Li kern.vnode ( Dv KERN_VNODE ) 1340Return the entire vnode table. 1341Note, the vnode table is not necessarily a consistent snapshot of 1342the system. 1343The returned data consists of an array whose size depends on the 1344current number of such objects in the system. 1345Each element of the array contains the kernel address of a vnode 1346.Vt struct vnode * 1347followed by the vnode itself 1348.Vt struct vnode . 1349.\" XXX: Undocumented: kern.lwp: no children? 1350.El 1351.Ss The machdep.* subtree 1352The set of variables defined is architecture dependent. 1353Most architectures define at least the following variables. 1354.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent 1355.It Sy Second level name Ta Sy Type Ta Sy Changeable 1356.It Li machdep.booted_kernel string no 1357.El 1358.\" XXX: Document the above. 1359.Ss The net.* subtree 1360The string and integer information available for the 1361.Li net 1362level is detailed below. 1363The changeable column shows whether a process with appropriate 1364privilege may change the value. 1365The second and third levels are typically the protocol family and 1366protocol number, though this is not always the case. 1367.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent 1368.It Sy Second level name Ta Sy Type Ta Sy Changeable 1369.It net.route routing messages no 1370.It net.inet IPv4 values yes 1371.It net.inet6 IPv6 values yes 1372.It net.key IPsec key management values yes 1373.El 1374.Bl -tag -width "123456" 1375.It Li net.route ( Dv PF_ROUTE ) 1376.\" XXX really? 1377Return the entire routing table or a subset of it. 1378The data is returned as a sequence of routing messages (see 1379.Xr route 4 1380for the header file, format and meaning). 1381The length of each message is contained in the message header. 1382.Pp 1383The third level name is a protocol number, which is currently always\ 0. 1384The fourth level name is an address family, which may be set to 0 to 1385select all address families. 1386The fifth and sixth level names are as follows: 1387.Bl -column "Fifth level name" "Sixth level is:" -offset indent 1388.It Sy Fifth level name Ta Sy Sixth level is : 1389.It NET_RT_FLAGS rtflags 1390.It NET_RT_DUMP None 1391.It NET_RT_IFLIST None 1392.El 1393.It Li net.inet ( Dv PF_INET ) 1394Get or set various global information about the IPv4 1395.Pq Internet Protocol version 4 . 1396The third level name is the protocol. 1397The fourth level name is the variable name. 1398The currently defined protocols and names are: 1399.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent 1400.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable 1401.It arp down integer yes 1402.It arp keep integer yes 1403.It arp log_movements integer yes 1404.It arp log_permanent_modify integer yes 1405.It arp log_unknown_network integer yes 1406.It arp log_wrong_iface integer yes 1407.It carp allow integer yes 1408.It carp preempt integer yes 1409.It carp log integer yes 1410.It carp arpbalance integer yes 1411.It icmp errppslimit integer yes 1412.It icmp maskrepl integer yes 1413.It icmp rediraccept integer yes 1414.It icmp redirtimeout integer yes 1415.It icmp bmcastecho integer yes 1416.It ip allowsrcrt integer yes 1417.It ip anonportalgo.selected string yes 1418.It ip anonportalgo.available string yes 1419.It ip anonportalgo.reserve struct yes 1420.It ip anonportmax integer yes 1421.It ip anonportmin integer yes 1422.It ip checkinterface integer yes 1423.It ip dad_count integer yes 1424.It ip directed-broadcast integer yes 1425.It ip do_loopback_cksum integer yes 1426.It ip forwarding integer yes 1427.It ip forwsrcrt integer yes 1428.It ip gifttl integer yes 1429.It ip grettl integer yes 1430.It ip hashsize integer yes 1431.It ip hostzerobroadcast integer yes 1432.It ip lowportmin integer yes 1433.It ip lowportmax integer yes 1434.It ip maxflows integer yes 1435.It ip maxfragpackets integer yes 1436.It ip mtudisc integer yes 1437.It ip mtudisctimeout integer yes 1438.It ip random_id integer yes 1439.It ip redirect integer yes 1440.It ip subnetsarelocal integer yes 1441.It ip ttl integer yes 1442.It tcp rfc1323 integer yes 1443.It tcp sendspace integer yes 1444.It tcp recvspace integer yes 1445.It tcp mssdflt integer yes 1446.It tcp syn_cache_limit integer yes 1447.It tcp syn_bucket_limit integer yes 1448.It tcp syn_cache_interval integer yes 1449.It tcp init_win integer yes 1450.It tcp init_win_local integer yes 1451.It tcp mss_ifmtu integer yes 1452.It tcp win_scale integer yes 1453.It tcp timestamps integer yes 1454.It tcp cwm integer yes 1455.It tcp cwm_burstsize integer yes 1456.It tcp ack_on_push integer yes 1457.It tcp keepidle integer yes 1458.It tcp keepintvl integer yes 1459.It tcp keepcnt integer yes 1460.It tcp slowhz integer no 1461.It tcp keepinit integer yes 1462.It tcp log_refused integer yes 1463.It tcp rstppslimit integer yes 1464.It tcp ident struct no 1465.It tcp drop struct no 1466.It tcp sack.enable integer yes 1467.It tcp sack.globalholes integer no 1468.It tcp sack.globalmaxholes integer yes 1469.It tcp sack.maxholes integer yes 1470.It tcp ecn.enable integer yes 1471.It tcp ecn.maxretries integer yes 1472.It tcp congctl.selected string yes 1473.It tcp congctl.available string yes 1474.It tcp abc.enable integer yes 1475.It tcp abc.aggressive integer yes 1476.It udp checksum integer yes 1477.It udp do_loopback_cksum integer yes 1478.It udp recvspace integer yes 1479.It udp sendspace integer yes 1480.El 1481.Pp 1482The variables are as follows: 1483.Bl -tag -width "123456" 1484.It Li arp.down 1485Failed ARP entry lifetime. 1486.It Li arp.keep 1487Valid ARP entry lifetime. 1488.It Li carp.allow 1489If set to 0, incoming 1490.Xr carp 4 1491packets will not be processed. 1492If set to any other value, processing will occur. 1493Enabled by default. 1494.It Li carp.arpbalance 1495If set to any value other than 0, the ARP balancing functionality of 1496.Xr carp 4 1497is enabled. 1498When ARP requests are received for an IP address which is part of any virtual 1499host, carp will hash the source IP in the ARP request to select one of the 1500virtual hosts from the set of all the virtual hosts which have that IP address. 1501The master of that host will respond with the correct virtual MAC address. 1502Disabled by default. 1503.It Li carp.log 1504If set to any value other than 0, 1505.Xr carp 4 1506will log errors. 1507Disabled by default. 1508.It Li carp.preempt 1509If set to 0, 1510.Xr carp 4 1511will not attempt to become master if it is receiving advertisements from 1512another active master. 1513If set to any other value, carp will become master of the virtual host if it 1514believes it can send advertisements more frequently than the current master. 1515Disabled by default. 1516.It Li ip.allowsrcrt 1517If set to 1, the host accepts source routed packets. 1518.It Li ip.anonportalgo.available 1519The available RFC 6056 port randomization algorithms. 1520.It Li ip.anonportalgo.reserve 1521A bitmask of ports that will not be used during anonymous or privileged 1522port selection. 1523.It Li ip.anonportalgo.selected 1524The currently selected RFC 6056 port randomization algorithm. 1525.It Li ip.anonportmax 1526The highest port number to use for TCP and UDP ephemeral port allocation. 1527This cannot be set to less than 1024 or greater than 65535, and must 1528be greater than 1529.Li ip.anonportmin . 1530.It Li ip.anonportmin 1531The lowest port number to use for TCP and UDP ephemeral port allocation. 1532This cannot be set to less than 1024 or greater than 65535. 1533.It Li ip.checkinterface 1534If set to non-zero, the host will reject packets addressed to it 1535that arrive on an interface not bound to that address. 1536Currently, this must be disabled if NAT is used to translate the 1537destination address to another local interface, or if addresses 1538are added to the loopback interface instead of the interface where 1539the packets for those packets are received. 1540.It Li ip.dad_count 1541The number of 1542.Xr arp 4 1543probes sent for Address Conflict Detection. 1544Set to 0 to disable this. 1545.It Li ip.directed-broadcast 1546If set to 1, enables directed broadcast behavior for the host. 1547.It Li ip.do_loopback_cksum 1548Perform IP checksum on loopback. 1549.It Li ip.forwarding 1550If set to 1, enables IP forwarding for the host, 1551meaning that the host is acting as a router. 1552.It Li ip.forwsrcrt 1553If set to 1, enables forwarding of source-routed packets for the host. 1554This value may only be changed if the kernel security level is less than 1. 1555.It Li ip.gifttl 1556The maximum time-to-live (hop count) value for an IPv4 packet generated by 1557.Xr gif 4 1558tunnel interface. 1559.It Li ip.grettl 1560The maximum time-to-live (hop count) value for an IPv4 packet generated by 1561.Xr gre 4 1562tunnel interface. 1563.It Li ip.hashsize 1564The size of IPv4 Fast Forward hash table. 1565This value must be a power of 2 (64, 256...). 1566A larger hash table size results in fewer collisions. 1567Also see 1568.Li ip.maxflows . 1569.It Li ip.hostzerobroadcast 1570All zeroes address is broadcast address. 1571.It Li ip.lowportmax 1572The highest port number to use for TCP and UDP reserved port allocation. 1573This cannot be set to less than 0 or greater than 1024, and must 1574be greater than 1575.Li ip.lowportmin . 1576.It Li ip.lowportmin 1577The lowest port number to use for TCP and UDP reserved port allocation. 1578This cannot be set to less than 0 or greater than 1024, and must 1579be smaller than 1580.Li ip.lowportmax . 1581.It Li ip.maxflows 1582IPv4 Fast Forwarding is enabled by default. 1583If set to 0, IPv4 Fast Forwarding is disabled. 1584.Li ip.maxflows 1585controls the maximum amount of flows which can be created. 1586The default value is 256. 1587.It Li ip.maxfragpackets 1588The maximum number of fragmented packets the node will accept. 15890 means that the node will not accept any fragmented packets. 1590\-1 means that the node will accept as many fragmented packets as it receives. 1591The flag is provided basically for avoiding possible DoS attacks. 1592.It Li ip.mtudisc 1593If set to 1, enables Path MTU Discovery (RFC 1191). 1594When Path MTU Discovery is enabled, the transmitted TCP segment 1595size will be determined by the advertised maximum segment size 1596(MSS) from the remote end, as constrained by the path MTU. 1597If MTU Discovery is disabled, the transmitted segment size will 1598never be greater than 1599.Li tcp.mssdflt 1600(the local maximum segment size). 1601.It Li ip.mtudisctimeout 1602The number of seconds in which a route added by the Path MTU 1603Discovery engine will time out. 1604When the route times out, the Path 1605MTU Discovery engine will attempt to probe a larger path MTU. 1606.It Li ip.random_id 1607Assign random ip_id values. 1608.It Li ip.redirect 1609If set to 1, ICMP redirects may be sent by the host. 1610This option is ignored unless the host is routing IP packets, 1611and should normally be enabled on all systems. 1612.It Li ip.subnetsarelocal 1613If set to 1, subnets are to be considered local addresses. 1614.It Li ip.ttl 1615The maximum time-to-live (hop count) value for an IP packet sourced by 1616the system. 1617This value applies to normal transport protocols, not to ICMP. 1618.It Li icmp.errppslimit 1619The variable specifies the maximum number of outgoing ICMP error messages, 1620per second. 1621ICMP error messages that exceeded the value are subject to rate limitation 1622and will not go out from the node. 1623Negative value disables rate limitation. 1624.It Li icmp.maskrepl 1625If set to 1, ICMP network mask requests are to be answered. 1626.It Li icmp.rediraccept 1627If set to non-zero, the host will accept ICMP redirect packets. 1628Note that routers will never accept ICMP redirect packets, 1629and the variable is meaningful on IP hosts only. 1630.It Li icmp.redirtimeout 1631The variable specifies lifetime of routing entries generated by incoming 1632ICMP redirect. 1633This defaults to 600 seconds. 1634.It Li icmp.returndatabytes 1635Number of bytes to return in an ICMP error message. 1636.It Li icmp.bmcastecho 1637If set to 1, enables responding to ICMP echo or timestamp request to the 1638broadcast address. 1639.It Li tcp.ack_on_push 1640If set to 1, TCP is to immediately transmit an ACK upon reception of 1641a packet with PUSH set. 1642This can avoid losing a round trip time in some rare situations, 1643but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1644Use of this option is generally not recommended, but 1645the variable exists in case your configuration really needs it. 1646.It Li tcp.cwm 1647If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window 1648Monitoring algorithm. 1649This algorithm prevents line-rate bursts of packets that could 1650otherwise occur when data begins flowing on an idle TCP connection. 1651These line-rate bursts can contribute to network and router congestion. 1652This can be particularly useful on World Wide Web servers 1653which support HTTP/1.1, which has lingering connections. 1654.It Li tcp.cwm_burstsize 1655The Congestion Window Monitoring allowed burst size, in terms 1656of packet count. 1657.It Li tcp.delack_ticks 1658Number of ticks to delay sending an ACK. 1659.It Li tcp.do_loopback_cksum 1660Perform TCP checksum on loopback. 1661.It Li tcp.init_win 1662A value indicating the TCP initial congestion window. 1663The valid range 1664is 0 to 10 (maximum specified by RFC6928), 1665with a default of 4 (approximately 4K per RFC3390). 1666.It Li tcp.init_win_local 1667Like 1668.Li tcp.init_win , 1669but used when communicating with hosts on a local network. 1670.It Li tcp.keepcnt 1671Number of keepalive probes sent before declaring a connection dead. 1672If set to zero, there is no limit; 1673keepalives will be sent until some kind of 1674response is received from the peer. 1675.It Li tcp.keepidle 1676Time a connection must be idle before keepalives are sent (if keepalives 1677are enabled for the connection). 1678See also tcp.slowhz. 1679.It Li tcp.keepintvl 1680Time after a keepalive probe is sent until, in the absence of any response, 1681another probe is sent. 1682See also tcp.slowhz. 1683.It Li tcp.log_refused 1684If set to 1, refused TCP connections to the host will be logged. 1685.It Li tcp.keepinit 1686Timeout in seconds during connection establishment. 1687.It Li tcp.mss_ifmtu 1688If set to 1, TCP calculates the outgoing maximum segment size based on 1689the MTU of the appropriate interface. 1690If set to 0, it is calculated based on the greater of the MTU of the 1691interface, and the largest (non-loopback) interface MTU on the system. 1692.It Li tcp.mssdflt 1693The default maximum segment size both advertised to the peer 1694and to use when either the peer does not advertise a maximum segment size to 1695us during connection setup or Path MTU Discovery 1696.Li ( ip.mtudisc ) 1697is disabled. 1698Do not change this value unless you really know what you are doing. 1699.It Li tcp.recvspace 1700The default TCP receive buffer size. 1701.It Li tcp.rfc1323 1702If set to 1, enables RFC 1323 extensions to TCP. 1703.It Li tcp.rstppslimit 1704The variable specifies the maximum number of outgoing TCP RST packets, 1705per second. 1706TCP RST packet that exceeded the value are subject to rate limitation 1707and will not go out from the node. 1708Negative value disables rate limitation. 1709.It Li tcp.ident 1710Return the user ID of a connected socket pair. 1711(RFC1413 Identification Protocol lookups.) 1712.It Li tcp.drop 1713Drop a TCP socket pair connection. 1714.It Li tcp.sack.enable 1715If set to 1, enables RFC 2018 Selective ACKnowledgement. 1716.It Li tcp.sack.globalholes 1717Global number of TCP SACK holes. 1718.It Li tcp.sack.globalmaxholes 1719Global maximum number of TCP SACK holes. 1720.It Li tcp.sack.maxholes 1721Maximum number of TCP SACK holes allowed per connection. 1722.It Li tcp.ecn.enable 1723If set to 1, enables RFC 3168 Explicit Congestion Notification. 1724.It Li tcp.ecn.maxretries 1725Number of times to retry sending the ECN-setup packet. 1726.It Li tcp.sendspace 1727The default TCP send buffer size. 1728.It Li tcp.slowhz 1729The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1730of a clock that ticks tcp.slowhz times per second. 1731(That is, their values 1732must be divided by the tcp.slowhz value to get times in seconds.) 1733.It Li tcp.syn_bucket_limit 1734The maximum number of entries allowed per hash bucket in the TCP 1735compressed state engine. 1736.It Li tcp.syn_cache_limit 1737The maximum number of entries allowed in the TCP compressed state 1738engine. 1739.It Li tcp.timestamps 1740If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1741used for measuring TCP round trip times, are enabled. 1742.It Li tcp.win_scale 1743If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1744for increasing the TCP window size, are enabled. 1745.It Li tcp.congctl.available 1746The available TCP congestion control algorithms. 1747.It Li tcp.congctl.selected 1748The currently selected TCP congestion control algorithm. 1749.It Li tcp.abc.enable 1750If set to 1, use RFC 3465 Appropriate Byte Counting (ABC). 1751If set to 0, use traditional Packet Counting. 1752.It Li tcp.abc.aggressive 1753Choose the L parameter found in RFC 3465. 1754L is the maximum cwnd increase for an ack during slow start. 1755If set to 1, use L=2*SMSS. 1756If set to 0, use L=1*SMSS. 1757It has no effect unless tcp.abc.enable is set to 1. 1758.It Li udp.checksum 1759If set to 1, UDP checksums are being computed. 1760Received non-zero UDP checksums are always checked. 1761Disabling UDP checksums is strongly discouraged. 1762.It Li udp.recvspace 1763The default UDP receive buffer size. 1764.It Li udp.sendspace 1765The default UDP send buffer size. 1766.El 1767.Pp 1768For variables net.*.ipsec, please refer to 1769.Xr ipsec 4 . 1770.It Li net.inet6 ( Dv PF_INET6 ) 1771Get or set various global information about the IPv6 1772.Pq Internet Protocol version 6 . 1773The third level name is the protocol. 1774The fourth level name is the variable name. 1775The currently defined protocols and names are: 1776.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent 1777.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable 1778.It icmp6 errppslimit integer yes 1779.It icmp6 mtudisc_hiwat integer yes 1780.It icmp6 mtudisc_lowat integer yes 1781.It icmp6 nd6_debug integer yes 1782.It icmp6 nd6_delay integer yes 1783.It icmp6 nd6_maxnudhint integer yes 1784.It icmp6 nd6_mmaxtries integer yes 1785.It icmp6 nd6_prune integer yes 1786.It icmp6 nd6_umaxtries integer yes 1787.It icmp6 nd6_useloopback integer yes 1788.It icmp6 nodeinfo integer yes 1789.It icmp6 rediraccept integer yes 1790.It icmp6 redirtimeout integer yes 1791.It ip6 accept_rtadv integer yes 1792.It ip6 addctlpolicy struct in6_addrpolicy no 1793.It ip6 anonportalgo.selected string yes 1794.It ip6 anonportalgo.available string yes 1795.It ip6 anonportalgo.reserve struct yes 1796.It ip6 anonportmax integer yes 1797.It ip6 anonportmin integer yes 1798.It ip6 auto_flowlabel integer yes 1799.It ip6 dad_count integer yes 1800.It ip6 defmcasthlim integer yes 1801.It ip6 forwarding integer yes 1802.It ip6 gifhlim integer yes 1803.It ip6 hashsize integer yes 1804.It ip6 hlim integer yes 1805.It ip6 hdrnestlimit integer yes 1806.It ip6 kame_version string no 1807.It ip6 keepfaith integer yes 1808.It ip6 log_interval integer yes 1809.It ip6 lowportmax integer yes 1810.It ip6 lowportmin integer yes 1811.It ip6 maxdynroutes integer yes 1812.It ip6 maxifprefixes integer yes 1813.It ip6 maxifdefrouters integer yes 1814.It ip6 maxflows integer yes 1815.It ip6 maxfragpackets integer yes 1816.It ip6 maxfrags integer yes 1817.It ip6 neighborgcthresh integer yes 1818.It ip6 redirect integer yes 1819.It ip6 rr_prune integer yes 1820.It ip6 use_deprecated integer yes 1821.It ip6 v6only integer yes 1822.It udp6 do_loopback_cksum integer yes 1823.It udp6 recvspace integer yes 1824.It udp6 sendspace integer yes 1825.El 1826.Pp 1827The variables are as follows: 1828.Bl -tag -width "123456" 1829.It Li ip6.accept_rtadv 1830If set to non-zero, the node will accept ICMPv6 router advertisement packets 1831and autoconfigures address prefixes and default routers. 1832The node must be a host 1833.Pq not a router 1834for the option to be meaningful. 1835.It Li ip6.anonportalgo.available 1836The available RFC 6056 port randomization algorithms. 1837.It Li ip6.anonportalgo.reserve 1838A bitmask of ports that will not be used during anonymous or privileged 1839port selection. 1840.It Li ip6.anonportalgo.selected 1841The currently selected RFC 6056 port randomization algorithm. 1842.It Li ip6.anonportmax 1843The highest port number to use for TCP and UDP ephemeral port allocation. 1844This cannot be set to less than 1024 or greater than 65535, and must 1845be greater than 1846.Li ip6.anonportmin . 1847.It Li ip6.anonportmin 1848The lowest port number to use for TCP and UDP ephemeral port allocation. 1849This cannot be set to less than 1024 or greater than 65535. 1850.It Li ip6.auto_flowlabel 1851On connected transport protocol packets, 1852fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1853.It Li ip6.dad_count 1854The variable configures number of IPv6 DAD 1855.Pq duplicated address detection 1856probe packets. 1857The packets will be generated when IPv6 interface addresses are configured. 1858.It Li ip6.defmcasthlim 1859The default hop limit value for an IPv6 multicast packet sourced by the node. 1860This value applies to all the transport protocols on top of IPv6. 1861There are APIs to override the value, as documented in 1862.Xr ip6 4 . 1863.It Li ip6.forwarding 1864If set to 1, enables IPv6 forwarding for the node, 1865meaning that the node is acting as a router. 1866If set to 0, disables IPv6 forwarding for the node, 1867meaning that the node is acting as a host. 1868IPv6 specification defines node behavior for 1869.Dq router 1870case and 1871.Dq host 1872case quite differently, and changing this variable during operation 1873may cause serious trouble. 1874It is recommended to configure the variable at bootstrap time, 1875and bootstrap time only. 1876.It Li ip6.gifhlim 1877The maximum hop limit value for an IPv6 packet generated by 1878.Xr gif 4 1879tunnel interface. 1880.It Li ip6.hdrnestlimit 1881The number of IPv6 extension headers permitted on incoming IPv6 packets. 1882If set to 0, the node will accept as many extension headers as possible. 1883.It Li ip6.hashsize 1884The size of IPv6 Fast Forward hash table. 1885This value must be a power of 2 (64, 256, ...). 1886A larger hash table size results in fewer collisions. 1887Also see 1888.Li ip6.maxflows . 1889.It Li ip6.hlim 1890The default hop limit value for an IPv6 unicast packet sourced by the node. 1891This value applies to all the transport protocols on top of IPv6. 1892There are APIs to override the value, as documented in 1893.Xr ip6 4 . 1894.It Li ip6.kame_version 1895The string identifies the version of KAME IPv6 stack implemented in the kernel. 1896.It Li ip6.keepfaith 1897If set to non-zero, it enables 1898.Dq FAITH 1899TCP relay IPv6-to-IPv4 translator code in the kernel. 1900Refer 1901.Xr faith 4 1902and 1903.Xr faithd 8 1904for detail. 1905.It Li ip6.log_interval 1906The variable controls amount of logs generated by IPv6 packet 1907forwarding engine, by setting interval between log output 1908.Pq in seconds . 1909.It Li ip6.lowportmax 1910The highest port number to use for TCP and UDP reserved port allocation. 1911This cannot be set to less than 0 or greater than 1024, and must 1912be greater than 1913.Li ip6.lowportmin . 1914.It Li ip6.lowportmin 1915The lowest port number to use for TCP and UDP reserved port allocation. 1916This cannot be set to less than 0 or greater than 1024, and must 1917be smaller than 1918.Li ip6.lowportmax . 1919.It Li ip6.maxdynroutes 1920Maximum number of routes created by redirect. 1921Set it to negative to disable. 1922The default value is 4096. 1923.It Li ip6.maxifprefixes 1924Maximum number of prefixes created by route advertisements per interface. 1925Set it to negative to disable. 1926The default value is 16. 1927.It Li ip6.maxifdefrouters 16 1928Maximum number of default routers created by route advertisements per interface. 1929Set it to negative to disable. 1930The default value is 16. 1931.It Li ip6.maxflows 1932IPv6 Fast Forwarding is enabled by default. 1933If set to 0, IPv6 Fast Forwarding is disabled. 1934.Li ip6.maxflows 1935controls the maximum amount of flows which can be created. 1936The default value is 256. 1937.It Li ip6.maxfragpackets 1938The maximum number of fragmented packets the node will accept. 19390 means that the node will not accept any fragmented packets. 1940\-1 means that the node will accept as many fragmented packets as it receives. 1941The flag is provided basically for avoiding possible DoS attacks. 1942.It Li ip6.maxfrags 1943The maximum number of fragments the node will accept. 19440 means that the node will not accept any fragments. 1945\-1 means that the node will accept as many fragments as it receives. 1946The flag is provided basically for avoiding possible DoS attacks. 1947.It Li ip6.neighborgcthresh 1948Maximum number of entries in neighbor cache per interface. 1949Set to negative to disable. 1950The default value is 2048. 1951.It Li ip6.redirect 1952If set to 1, ICMPv6 redirects may be sent by the node. 1953This option is ignored unless the node is routing IP packets, 1954and should normally be enabled on all systems. 1955.It Li ip6.rr_prune 1956The variable specifies interval between IPv6 router renumbering prefix 1957babysitting, in seconds. 1958.It Li ip6.use_deprecated 1959The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1960.It Li ip6.v6only 1961The variable specifies initial value for 1962.Dv IPV6_V6ONLY 1963socket option for 1964.Dv AF_INET6 1965socket. 1966Please refer to 1967.Xr ip6 4 1968for detail. 1969.It Li icmp6.errppslimit 1970The variable specifies the maximum number of outgoing ICMPv6 error messages, 1971per second. 1972ICMPv6 error messages that exceeded the value are subject to rate limitation 1973and will not go out from the node. 1974Negative value disables rate limitation. 1975.It Li icmp6.mtudisc_hiwat 1976.It Li icmp6.mtudisc_lowat 1977The variables define the maximum number of routing table entries, 1978created due to path MTU discovery 1979.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1980When IPv6 path MTU discovery happens, we keep path MTU information into 1981the routing table. 1982If the number of routing table entries exceed the value, 1983the kernel will not attempt to keep the path MTU information. 1984.Li icmp6.mtudisc_hiwat 1985is used when we have verified ICMPv6 too big messages. 1986.Li icmp6.mtudisc_lowat 1987is used when we have unverified ICMPv6 too big messages. 1988Verification is performed by using address/port pairs kept in connected pcbs. 1989Negative value disables the upper limit. 1990.It Li icmp6.nd6_debug 1991If set to non-zero, kernel IPv6 neighbor discovery code will generate 1992debugging messages. 1993The debug outputs are useful to diagnose IPv6 interoperability issues. 1994The flag must be set to 0 for normal operation. 1995.It Li icmp6.nd6_delay 1996The variable specifies 1997.Dv DELAY_FIRST_PROBE_TIME 1998timing constant in IPv6 neighbor discovery specification 1999.Pq RFC 2461 , 2000in seconds. 2001.It Li icmp6.nd6_maxnudhint 2002IPv6 neighbor discovery permits upper layer protocols to supply reachability 2003hints, to avoid unnecessary neighbor discovery exchanges. 2004The variable defines the number of consecutive hints the neighbor discovery 2005layer will take. 2006For example, by setting the variable to 3, neighbor discovery layer 2007will take 3 consecutive hints in maximum. 2008After receiving 3 hints, neighbor discovery layer will perform 2009normal neighbor discovery process. 2010.It Li icmp6.nd6_mmaxtries 2011The variable specifies 2012.Dv MAX_MULTICAST_SOLICIT 2013constant in IPv6 neighbor discovery specification 2014.Pq RFC 2461 . 2015.It Li icmp6.nd6_prune 2016The variable specifies interval between IPv6 neighbor cache babysitting, 2017in seconds. 2018.It Li icmp6.nd6_umaxtries 2019The variable specifies 2020.Dv MAX_UNICAST_SOLICIT 2021constant in IPv6 neighbor discovery specification 2022.Pq RFC 2461 . 2023.It Li icmp6.nd6_useloopback 2024If set to non-zero, kernel IPv6 stack will use loopback interface for 2025local traffic. 2026.It Li icmp6.nodeinfo 2027The variable enables responses to ICMPv6 node information queries. 2028If you set the variable to 0, responses will not be generated for 2029ICMPv6 node information queries. 2030Since node information queries can have a security impact, it is 2031possible to fine tune which responses should be answered. 2032Two separate bits can be set. 2033.Bl -tag -width "12345" 2034.It 1 2035Respond to ICMPv6 FQDN queries, e.g. 2036.Li ping6 -w . 2037.It 2 2038Respond to ICMPv6 node addresses queries, e.g. 2039.Li ping6 -a . 2040.El 2041.It Li icmp6.rediraccept 2042If set to non-zero, the host will accept ICMPv6 redirect packets. 2043Note that IPv6 routers will never accept ICMPv6 redirect packets, 2044and the variable is meaningful on IPv6 hosts 2045.Pq non-router 2046only. 2047.It Li icmp6.redirtimeout 2048The variable specifies lifetime of routing entries generated by incoming 2049ICMPv6 redirect. 2050.It Li udp6.do_loopback_cksum 2051Perform UDP checksum on loopback. 2052.It Li udp6.recvspace 2053Default UDP receive buffer size. 2054.It Li udp6.sendspace 2055Default UDP send buffer size. 2056.El 2057.Pp 2058We reuse net.*.tcp for TCP over IPv6, 2059and therefore we do not have variables net.*.tcp6. 2060Variables net.inet6.udp6 have identical meaning to net.inet.udp. 2061Please refer to 2062.Li PF_INET 2063section above. 2064For variables net.*.ipsec6, please refer to 2065.Xr ipsec 4 . 2066.It Li net.key ( Dv PF_KEY ) 2067Get or set various global information about the IPsec key management. 2068The third level name is the variable name. 2069The currently defined variable and names are: 2070.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent 2071.It Sy Variable Type Ta Sy Changeable 2072.It debug integer yes 2073.It enabled integer yes 2074.It used integer no 2075.It spi_try integer yes 2076.It spi_min_value integer yes 2077.It spi_max_value integer yes 2078.It larval_lifetime integer yes 2079.It blockacq_count integer yes 2080.It blockacq_lifetime integer yes 2081.It esp_keymin integer yes 2082.It esp_auth integer yes 2083.It ah_keymin integer yes 2084.El 2085The variables are as follows: 2086.Bl -tag -width "123456" 2087.It Li debug 2088Turn on debugging message from within the kernel. 2089The value is a bitmap, as defined in 2090.In netipsec/key_debug.h . 2091.It Li enabled 2092Control processing of IPsec control messages. 2093.Bl -tag -width indent 2094.It 0 2095Never allow IPsec processing 2096.It 1 2097Allow IPsec processing when SPD policies are present. 2098.It 2 2099Force IPsec processing even when SPD policies are not present. 2100.El 2101.It Li used 2102Based on if IPsec is enabled, and SPD rule existence, show if 2103IPsec is being used. 2104Note that currently once IPsec is being used, it cannot be disabled. 2105.It Li spi_try 2106The number of times the kernel will try to obtain an unique SPI 2107when it generates it from random number generator. 2108.It Li spi_min_value 2109Minimum SPI value when generating it within the kernel. 2110.It Li spi_max_value 2111Maximum SPI value when generating it within the kernel. 2112.It Li larval_lifetime 2113Lifetime for LARVAL SAD entries, in seconds. 2114.It Li blockacq_count 2115Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 2116It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 2117key management daemon. 2118.It Li blockacq_lifetime 2119Lifetime of ACQUIRE PF_KEY message. 2120.It Li esp_keymin 2121Minimum ESP key length, in bits. 2122The value is used when the kernel creates proposal payload 2123on ACQUIRE PF_KEY message. 2124.It Li esp_auth 2125Whether ESP authentication should be used or not. 2126Non-zero value indicates that ESP authentication should be used. 2127The value is used when the kernel creates proposal payload 2128on ACQUIRE PF_KEY message. 2129.It Li ah_keymin 2130Minimum AH key length, in bits, 2131The value is used when the kernel creates proposal payload 2132on ACQUIRE PF_KEY message. 2133.El 2134.It Li net.local ( Dv PF_LOCAL ) 2135Get or set various global information about 2136.Dv AF_LOCAL 2137type sockets. 2138For some variables, the third level name is the variable name: 2139.Bl -column "Variable" "integer" "Changeable" -offset indent 2140.It Sy Variable Type Ta Sy Changeable 2141.It inflight integer no 2142.It deferred integer no 2143.El 2144The variables are as follows: 2145.Bl -tag -width "123456" 2146.It Li inflight 2147The number of file descriptors currently passed between processes, 2148.Qq in flight . 2149.It Li deferred 2150The number of file descriptors passed between processes that have been 2151deferred for cleanup by a kernel task. 2152.El 2153.Pp 2154Other variables are specific to a socket type: 2155.Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent 2156.It Sy "Socket Type" Sy Variable Type Ta Sy Changeable 2157.It dgram pcblist struct no 2158.It dgram recvspace integer yes 2159.It dgram sendspace integer yes 2160.It seqpacket pcblist struct no 2161.It stream pcblist struct no 2162.It stream recvspace integer yes 2163.It stream sendspace integer yes 2164.El 2165The variables are as follows: 2166.Bl -tag -width "123456" 2167.It Li dgram.pcblist 2168The Protocol Control Block list structure for datagram sockets. 2169Parsed by 2170.Xr netstat 1 2171or 2172.Xr sockstat 1 . 2173.It Li dgram.recvspace 2174The default datagram receive buffer size. 2175.It Li dgram.sendspace 2176The default datagram send buffer size. 2177.It Li seqpacket.pcblist 2178The Protocol Control Block list structure for Sequential Packet sockets. 2179Parsed by 2180.Xr netstat 1 2181or 2182.Xr sockstat 1 . 2183.It Li stream.pcblist 2184The Protocol Control Block list structure for stream sockets. 2185Parsed by 2186.Xr netstat 1 2187or 2188.Xr sockstat 1 . 2189.It Li stream.recvspace 2190The default stream receive buffer size. 2191.It Li stream.sendspace 2192The default stream send buffer size. 2193.El 2194.El 2195.Ss The proc.* subtree 2196The string and integer information available for the 2197.Li proc 2198level is detailed below. 2199The changeable column shows whether a process with appropriate 2200privilege may change the value. 2201These values are per-process, 2202and as such may change from one process to another. 2203When a process is created, 2204the default values are inherited from its parent. 2205When a set-user-ID or set-group-ID binary is executed, the 2206value of PROC_PID_CORENAME is reset to the system default value. 2207The second level name is either the magic value PROC_CURPROC, which 2208points to the current process, or the PID of the target process. 2209.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent 2210.It Sy Third level name Ta Sy Type Ta Sy Changeable 2211.It proc.pid.corename string yes 2212.It proc.pid.rlimit node not applicable 2213.It proc.pid.stopfork int yes 2214.It proc.pid.stopexec int yes 2215.It proc.pid.stopexit int yes 2216.It proc.pid.paxflags int no 2217.El 2218.Bl -tag -width "123456" 2219.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) 2220The template used for the core dump file name (see 2221.Xr core 5 2222for details). 2223The base name must either be 2224.Pa core 2225or end with the suffix 2226.Pa .core 2227(the super-user may set arbitrary names). 2228By default it points to 2229.Dv KERN_DEFCORENAME . 2230.It Li proc.pid.rlimit ( Dv PROC_PID_LIMIT ) 2231Return resources limits, as defined for the 2232.Xr getrlimit 2 2233and 2234.Xr setrlimit 2 2235system calls. 2236The fourth level name is one of: 2237.Bl -tag -width "123456" 2238.It Li proc.pid.rlimit.cputime ( Dv PROC_PID_LIMIT_CPU ) 2239The maximum amount of CPU time (in seconds) to be used by each process. 2240.It Li proc.pid.rlimit.filesize ( Dv PROC_PID_LIMIT_FSIZE ) 2241The largest size (in bytes) file that may be created. 2242.It Li proc.pid.rlimit.datasize ( Dv PROC_PID_LIMIT_DATA ) 2243The maximum size (in bytes) of the data segment for a process; 2244this defines how far a program may extend its break with the 2245.Xr sbrk 2 2246system call. 2247.It Li proc.pid.rlimit.stacksize ( Dv PROC_PID_LIMIT_STACK ) 2248The maximum size (in bytes) of the stack segment for a process; 2249this defines how far a program's stack segment may be extended. 2250Stack extension is performed automatically by the system. 2251.It Li proc.pid.rlimit.coredumpsize ( Dv PROC_PID_LIMIT_CORE ) 2252The largest size (in bytes) 2253.Pa core 2254file that may be created. 2255.It Li proc.pid.rlimit.memoryuse ( Dv PROC_PID_LIMIT_RSS ) 2256The maximum size (in bytes) to which a process's resident set size may 2257grow. 2258This imposes a limit on the amount of physical memory to be given to 2259a process; if memory is tight, the system will prefer to take memory 2260from processes that are exceeding their declared resident set size. 2261.It Li proc.pid.rlimit.memorylocked ( Dv PROC_PID_LIMIT_MEMLOCK ) 2262The maximum size (in bytes) which a process may lock into memory 2263using the 2264.Xr mlock 2 2265function. 2266.It Li proc.pid.rlimit.maxproc ( Dv PROC_PID_LIMIT_NPROC ) 2267The maximum number of simultaneous processes for this user id. 2268.It Li proc.pid.rlimit.descriptors ( Dv PROC_PID_LIMIT_NOFILE ) 2269The maximum number of open files for this process. 2270.It Li proc.pid.rlimit.sbsize ( Dv PROC_PID_LIMIT_SBSIZE ) 2271The maximum size (in bytes) of the socket buffers 2272set by the 2273.Xr setsockopt 2 2274.Dv SO_RCVBUF 2275and 2276.Dv SO_SNDBUF 2277options. 2278.It Li proc.pid.rlimit.vmemoryuse ( Dv PROC_PID_LIMIT_AS ) 2279The maximum size (in bytes) which a process can obtain. 2280.It Li proc.pid.rlimit.maxlwp ( Dv PROC_PID_LIMIT_NTHR ) 2281The maximum number of threads that cen be created and running at one time in 2282the process. 2283The first thread of each process is not counted against this. 2284.El 2285.Pp 2286The fifth level name is one of 2287.Li soft ( Dv PROC_PID_LIMIT_TYPE_SOFT ) 2288or 2289.Li hard ( Dv PROC_PID_LIMIT_TYPE_HARD ) , 2290to select respectively the soft or hard limit. 2291Both are of type integer. 2292.It Li proc.pid.stopfork ( Dv PROC_PID_STOPFORK ) 2293If non zero, the process' children will be stopped after 2294.Xr fork 2 2295calls. 2296The children are created in the SSTOP state and are never scheduled 2297for running before being stopped. 2298This feature enables attaching to a process with a debugger such as 2299.Xr gdb 1 2300before the process has the opportunity to actually do anything. 2301.Pp 2302This value is inherited by the process's children, and it also 2303applies to emulation specific system calls that fork a new process, such as 2304.Fn sproc 2305or 2306.Fn clone . 2307.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) 2308If non zero, the process will be stopped on the next 2309.Xr exec 3 2310call. 2311The process created by 2312.Xr exec 3 2313is created in the SSTOP state and is never scheduled for running 2314before being stopped. 2315This feature enables attaching to a process with a debugger such as 2316.Xr gdb 1 2317before the process has the opportunity to actually do anything. 2318.Pp 2319This value is inherited by the process's children. 2320.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) 2321If non zero, the process will be stopped when it has cause to exit, 2322either by way of calling 2323.Xr exit 3 , 2324.Xr _exit 2 , 2325or by the receipt of a specific signal. 2326The process is stopped before any of its resources or vm space is 2327released allowing examination of the termination state of the process 2328before it disappears. 2329This feature can be used to examine the final conditions of the 2330process's vmspace via 2331.Xr pmap 1 2332or its resource settings with 2333.Xr sysctl 8 2334before it disappears. 2335.Pp 2336This value is also inherited by the process's children. 2337.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) 2338This read-only variable returns the current value of the process's pax 2339flags (see 2340.Xr paxctl 8 ) . 2341.El 2342.Ss The user.* subtree ( Dv CTL_USER ) 2343The string and integer information available for the 2344.Li user 2345level is detailed below. 2346The changeable column shows whether a process with appropriate 2347privilege may change the value. 2348.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent 2349.It Sy Second level name Ta Sy Type Ta Sy Changeable 2350.It user.atexit_max integer no 2351.It user.bc_base_max integer no 2352.It user.bc_dim_max integer no 2353.It user.bc_scale_max integer no 2354.It user.bc_string_max integer no 2355.It user.coll_weights_max integer no 2356.It user.cs_path string no 2357.It user.expr_nest_max integer no 2358.It user.line_max integer no 2359.It user.posix2_c_bind integer no 2360.It user.posix2_c_dev integer no 2361.It user.posix2_char_term integer no 2362.It user.posix2_fort_dev integer no 2363.It user.posix2_fort_run integer no 2364.It user.posix2_localedef integer no 2365.It user.posix2_sw_dev integer no 2366.It user.posix2_upe integer no 2367.It user.posix2_version integer no 2368.It user.re_dup_max integer no 2369.It user.stream_max integer no 2370.It user.stream_max integer no 2371.It user.tzname_max integer no 2372.El 2373.Bl -tag -width "123456" 2374.It Li user.atexit_max ( Dv USER_ATEXIT_MAX ) 2375The maximum number of functions that may be registered with 2376.Xr atexit 3 . 2377.It Li user.bc_base_max ( Dv USER_BC_BASE_MAX ) 2378The maximum ibase/obase values in the 2379.Xr bc 1 2380utility. 2381.It Li user.bc_dim_max ( Dv USER_BC_DIM_MAX ) 2382The maximum array size in the 2383.Xr bc 1 2384utility. 2385.It Li user.bc_scale_max ( Dv USER_BC_SCALE_MAX ) 2386The maximum scale value in the 2387.Xr bc 1 2388utility. 2389.It Li user.bc_string_max ( Dv USER_BC_STRING_MAX ) 2390The maximum string length in the 2391.Xr bc 1 2392utility. 2393.It Li user.coll_weights_max ( Dv USER_COLL_WEIGHTS_MAX ) 2394The maximum number of weights that can be assigned to any entry of 2395the LC_COLLATE order keyword in the locale definition file. 2396.It Li user.cs_path ( USER_CS_PATH ) 2397Return a value for the 2398.Ev PATH 2399environment variable that finds all the standard utilities. 2400.It Li user.expr_nest_max ( Dv USER_EXPR_NEST_MAX ) 2401The maximum number of expressions that can be nested within 2402parenthesis by the 2403.Xr expr 1 2404utility. 2405.It Li user.line_max ( Dv USER_LINE_MAX ) 2406The maximum length in bytes of a text-processing utility's input 2407line. 2408.It Li user.posix2_char_term ( Dv USER_POSIX2_CHAR_TERM ) 2409Return 1 if the system supports at least one terminal type capable of 2410all operations described in 2411.St -p1003.2 , 2412otherwise\ 0. 2413.It Li user.posix2_c_bind ( Dv USER_POSIX2_C_BIND ) 2414Return 1 if the system's C-language development facilities support the 2415C-Language Bindings Option, otherwise\ 0. 2416.It Li user.posix2_c_dev ( Dv USER_POSIX2_C_DEV ) 2417Return 1 if the system supports the C-Language Development Utilities Option, 2418otherwise\ 0. 2419.It Li user.posix2_fort_dev ( Dv USER_POSIX2_FORT_DEV ) 2420Return 1 if the system supports the FORTRAN Development Utilities Option, 2421otherwise\ 0. 2422.It Li user.posix2_fort_run ( Dv USER_POSIX2_FORT_RUN ) 2423Return 1 if the system supports the FORTRAN Runtime Utilities Option, 2424otherwise\ 0. 2425.It Li user.posix2_localedef ( Dv USER_POSIX2_LOCALEDEF ) 2426Return 1 if the system supports the creation of locales, otherwise\ 0. 2427.It Li user.posix2_sw_dev ( Dv USER_POSIX2_SW_DEV ) 2428Return 1 if the system supports the Software Development Utilities Option, 2429otherwise\ 0. 2430.It Li user.posix2_upe ( Dv USER_POSIX2_UPE ) 2431Return 1 if the system supports the User Portability Utilities Option, 2432otherwise\ 0. 2433.It Li user.posix2_version ( Dv USER_POSIX2_VERSION ) 2434The version of 2435.St -p1003.2 2436with which the system attempts to comply. 2437.It Li user.re_dup_max ( Dv USER_RE_DUP_MAX ) 2438The maximum number of repeated occurrences of a regular expression 2439permitted when using interval notation. 2440.It Li user.stream_max ( Dv USER_STREAM_MAX ) 2441The minimum maximum number of streams that a process may have open 2442at any one time. 2443.It Li user.tzname_max ( Dv USER_TZNAME_MAX ) 2444The minimum maximum number of types supported for the name of a 2445timezone. 2446.El 2447.Ss The vm.* subtree ( Dv CTL_VM ) 2448The string and integer information available for the 2449.Li vm 2450level is detailed below. 2451The changeable column shows whether a process with appropriate 2452privilege may change the value. 2453.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent 2454.It Sy Second level name Ta Sy Type Ta Sy Changeable 2455.It vm.anonmax int yes 2456.It vm.anonmin int yes 2457.It vm.bufcache int yes 2458.It vm.bufmem int no 2459.It vm.bufmem_hiwater int yes 2460.It vm.bufmem_lowater int yes 2461.It vm.execmax int yes 2462.It vm.execmin int yes 2463.It vm.filemax int yes 2464.It vm.filemin int yes 2465.It vm.loadavg struct loadavg no 2466.It vm.maxslp int no 2467.It vm.nkmempages int no 2468.It vm.uspace int no 2469.It vm.uvmexp struct uvmexp no 2470.It vm.uvmexp2 struct uvmexp_sysctl no 2471.It vm.vmmeter struct vmtotal no 2472.It vm.proc.map struct kinfo_vmentry no 2473.It vm.guard_size unsigned int no 2474.It vm.thread_guard_size unsigned int yes 2475.El 2476.Bl -tag -width "123456" 2477.It Li vm.anonmax ( Dv VM_ANONMAX ) 2478The percentage of physical memory which will be reclaimed 2479from other types of memory usage to store anonymous application data. 2480.It Li vm.anonmin ( Dv VM_ANONMIN ) 2481The percentage of physical memory which will be always be available for 2482anonymous application data. 2483.It Li vm.bufcache ( Dv VM_BUFCACHE ) 2484The percentage of physical memory which will be available 2485for the buffer cache. 2486.It Li vm.bufmem ( Dv VM_BUFMEM ) 2487The amount of kernel memory that is being used by the buffer cache. 2488.It Li vm.bufmem_lowater ( Dv VM_BUFMEM_LOWATER ) 2489The minimum amount of kernel memory to reserve for the 2490buffer cache. 2491.It Li vm.bufmem_hiwater ( Dv VM_BUFMEM_HIWATER ) 2492The maximum amount of kernel memory to be used for the 2493buffer cache. 2494.It Li vm.execmax ( Dv VM_EXECMAX ) 2495The percentage of physical memory which will be reclaimed 2496from other types of memory usage to store cached executable data. 2497.It Li vm.execmin ( Dv VM_EXECMIN ) 2498The percentage of physical memory which will be always be available for 2499cached executable data. 2500.It Li vm.filemax ( Dv VM_FILEMAX ) 2501The percentage of physical memory which will be reclaimed 2502from other types of memory usage to store cached file data. 2503.It Li vm.filemin ( Dv VM_FILEMIN ) 2504The percentage of physical memory which will be always be available for 2505cached file data. 2506.It Li vm.loadavg ( Dv VM_LOADAVG ) 2507Return the load average history. 2508The returned data consists of a 2509.Vt struct loadavg . 2510.It Li vm.maxslp ( Dv VM_MAXSLP ) 2511The value of the maxslp kernel global variable. 2512.It Li vm.vmmeter ( Dv VM_METER ) 2513Return system wide virtual memory statistics. 2514The returned data consists of a 2515.Vt struct vmtotal . 2516.It vm.user_va0_disable 2517A flag which controls whether user processes can map virtual address\ 0. 2518.It Li vm.proc.map ( Dv VM_PROC ) 2519The third level is 2520.Dv VM_PROC_MAP , 2521the fourth is the pid of the process to display the vm object entries for, and 2522the fifth is the size of 2523.Vt struct kinfo_vmentry . 2524Returns an array of 2525.Vt struct kinfo_vmentry 2526objects. 2527.It Li vm.uspace ( Dv VM_USPACE ) 2528The number of bytes allocated for each kernel stack. 2529.It Li vm.uvmexp ( Dv VM_UVMEXP ) 2530Return system wide virtual memory statistics. 2531The returned data consists of a 2532.Vt struct uvmexp . 2533.It Li vm.uvmexp2 ( Dv VM_UVMEXP2 ) 2534Return system wide virtual memory statistics. 2535The returned data consists of a 2536.Vt struct uvmexp_sysctl . 2537.It Li vm.guard_size 2538Return system wide guard size for the main thread of a program. 2539.It Li vm.thread_guard_size 2540Return system wide default size for the guard area of all other threads 2541of a program. 2542.\" XXX vm.idlezero 2543.El 2544.Ss The ddb.* subtree ( Dv CTL_DDB ) 2545The information available for the 2546.Li ddb 2547level is detailed below. 2548The changeable column shows whether a process with appropriate 2549privilege may change the value. 2550.Bl -column "Second level name" "integer" "Changeable" -offset indent 2551.It Sy Second level name Ta Sy Type Ta Sy Changeable 2552.It ddb.commandonenter string yes 2553.It ddb.dumpstack integer yes 2554.It ddb.fromconsole integer yes 2555.It ddb.lines integer yes 2556.It ddb.maxoff integer yes 2557.It ddb.maxwidth integer yes 2558.It ddb.onpanic integer yes 2559.It ddb.panicstackframes integer yes 2560.It ddb.radix integer yes 2561.It ddb.tabstops integer yes 2562.It ddb.tee_msgbuf integer yes 2563.El 2564.Bl -tag -width "123456" 2565.It Li ddb.commandonenter 2566If not empty, the string is used as the DDB command to be executed each time 2567DDB is entered. 2568.It Li ddb.dumpstack 2569A value of 1 causes a stack trace to be printed on entering ddb from a panic. 2570A value of 0 disables this behaviour. 2571The default value is 1. 2572.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) 2573If not zero, DDB may be entered by sending a break on a serial 2574console or by a special key sequence on a graphics console. 2575.It Li ddb.lines ( Dv DDBCTL_LINES ) 2576Number of display lines. 2577.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) 2578The maximum symbol offset. 2579.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) 2580The maximum output line width. 2581.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) 2582If greater than zero, DDB will be entered if the kernel panics. 2583A value of 1 causes the system to enter DDB on panic. 2584A value of 0 causes the kernel to attempt to print a stack trace, then 2585reboot, while a value of \-1 means neither a stack trace will be printed 2586nor DDB entered. 2587.It Li ddb.panicstackframes 2588Number of stack frames to display on panic. 2589Useful to avoid scrolling away the interesting frames on a glass tty. 2590Default value is 2591.Dv 65535 2592(all frames), useful value around 2593.Dv 10 . 2594.It Li ddb.radix ( Dv DDBCTL_RADIX ) 2595The input and output radix. 2596.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) 2597Tab width. 2598.It Li ddb.tee_msgbuf 2599If not zero, DDB will output also to the kernel message buffer. 2600.El 2601.Pp 2602Some of these MIB 2603nodes are also available as variables from within the debugger. 2604See 2605.Xr ddb 4 2606for more details. 2607.Ss The security.* subtree ( Dv CTL_SECURITY ) 2608The 2609.Li security 2610level contains various security-related settings for 2611the system. 2612The available second level names are: 2613.Bl -column "Second level name" "integer" "Changeable" -offset indent 2614.It Sy Second level name Ta Sy Type Ta Sy Changeable 2615.It Li security.curtain integer yes 2616.It Li security.models node not applicable 2617.It Li security.pax node not applicable 2618.El 2619.Pp 2620Available settings are detailed below. 2621.Bl -tag -width "123456" 2622.It Li security.curtain 2623If non-zero, will filter return objects according to the user ID 2624requesting information about them, preventing users from 2625accessing any objects they do not own. 2626.Pp 2627At the moment, it affects 2628.Xr ps 1 , 2629.Xr netstat 1 2630(for 2631.Dv PF_INET , 2632.Dv PF_INET6 , 2633and 2634.Dv PF_UNIX 2635PCBs), and 2636.Xr w 1 . 2637.It Li security.models 2638.Nx 2639supports pluggable security models. 2640Every security model used, whether if loaded as a module or built with the system, 2641is required to add an entry to this node with at least one element, 2642.Dq name , 2643indicating the name of the security model. 2644.Pp 2645In addition to the name, any settings and other information private to the 2646security model will be available under this node. 2647See 2648.Xr secmodel 9 2649for more information. 2650.It Li security.pax 2651Settings for PaX \(em exploit mitigation features. 2652For more information on any of the PaX features, please see 2653.Xr paxctl 8 2654and 2655.Xr security 7 . 2656The available third and fourth level names are: 2657.Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \ 2658-offset 2n 2659.It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable 2660.It Li security.pax.aslr.enabled integer yes 2661.\".It Li security.pax.aslr.exec_len integer yes 2662.It Li security.pax.aslr.global integer yes 2663.\".It Li security.pax.aslr.mmap_len integer yes 2664.\".It Li security.pax.aslr.stack_len integer yes 2665.It Li security.pax.mprotect.enabled integer yes 2666.It Li security.pax.mprotect.global integer yes 2667.It Li security.pax.mprotect.ptrace integer yes 2668.It Li security.pax.segvguard.enabled integer yes 2669.It Li security.pax.segvguard.expiry_timeout integer yes 2670.It Li security.pax.segvguard.global integer yes 2671.It Li security.pax.segvguard.max_crashes integer yes 2672.It Li security.pax.segvguard.suspend_timeout integer yes 2673.El 2674.Bl -tag -width "123456" 2675.It Li security.pax.aslr.enabled 2676Enable PaX ASLR (Address Space Layout Randomization). 2677.Pp 2678The value of this 2679knob must be non-zero for PaX ASLR to be enabled, even if a program is set to 2680explicit enable. 2681.\".It Li security.pax.aslr.exec_len 2682.\" XXX: Undocumented. 2683.It Li security.pax.aslr.global 2684Specifies the default global policy for programs without an 2685explicit enable/disable flag. 2686.Pp 2687When non-zero, all programs will get PaX ASLR, except those exempted with 2688.Xr paxctl 8 . 2689Otherwise, all programs will not get PaX ASLR, except those specifically 2690marked as such with 2691.Xr paxctl 8 . 2692.\".It Li security.pax.aslr.mmap_len 2693.\" XXX: Undocumented. 2694.\" .It Li security.pax.aslr.stack_len 2695.\" XXX: Undocumented. 2696.It Li security.pax.mprotect.enabled 2697Enable PaX MPROTECT restrictions. 2698.Pp 2699These are 2700.Xr mprotect 2 2701restrictions to better enforce a W^X policy. 2702The value of this 2703knob must be non-zero for PaX MPROTECT to be enabled, even if a 2704program is set to explicit enable. 2705.It Li security.pax.mprotect.global 2706Specifies the default global policy for programs without an 2707explicit enable/disable flag. 2708.Pp 2709When non-zero, all programs will get the PaX MPROTECT restrictions, 2710except those exempted with 2711.Xr paxctl 8 . 2712Otherwise, all programs will not get the PaX MPROTECT restrictions, 2713except those specifically marked as such with 2714.Xr paxctl 8 . 2715.It Li security.pax.mprotect.ptrace 2716This variable allows 2717.Xr ptrace 2 2718to override PaX MPROTECT permissions. 2719It can have the following values: 2720.Bl -tag -width XX -compact 2721.It 0 2722Does not let override any permissions. 2723.It 1 2724Disables PaX MPROTECT from processes that start executing while traced (default). 2725.It 2 2726Bypasses PaX MPROTECT for all processes being traced. 2727.El 2728.It Li security.pax.segvguard.enabled 2729Enable PaX Segvguard. 2730.Pp 2731PaX Segvguard can detect and prevent certain exploitation attempts, where 2732an attacker may try for example to brute-force function return addresses 2733of respawning daemons. 2734.Pp 2735.Em Note : 2736The 2737.Nx 2738interface and implementation of the Segvguard is still experimental, and may 2739change in future releases. 2740.It Li security.pax.segvguard.expiry_timeout 2741If the max number was not reached within this timeout (in seconds), the entry 2742will expire. 2743.It Li security.pax.segvguard.global 2744Specifies the default global policy for programs without an 2745explicit enable/disable flag. 2746.Pp 2747When non-zero, all programs will get the PaX Segvguard, 2748except those exempted with 2749.Xr paxctl 8 . 2750Otherwise, no program will get the PaX Segvguard restrictions, 2751except those specifically marked as such with 2752.Xr paxctl 8 . 2753.It Li security.pax.segvguard.max_crashes 2754The maximum number of segfaults a program can receive before suspension. 2755.It Li security.pax.segvguard.suspend_timeout 2756Number of seconds to suspend a user from running a faulting program when the 2757limit was exceeded. 2758.El 2759.El 2760.Ss The vendor.* subtree ( Dv CTL_VENDOR ) 2761The 2762.Li vendor 2763toplevel name is reserved to be used by vendors who wish to 2764have their own private MIB tree. 2765Intended use is to store values under 2766.Dq vendor.<yourname>.* . 2767.Sh SEE ALSO 2768.Xr sysctl 3 , 2769.Xr ipsec 4 , 2770.Xr tcp 4 , 2771.Xr security 7 , 2772.Xr sysctl 8 2773.Sh HISTORY 2774The 2775.Nm 2776variables first appeared in 2777.Bx 4.4 . 2778