1.\" $NetBSD: sysctl.7,v 1.121 2018/01/11 09:53:55 pgoyette Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd December 28, 2017 33.Dt SYSCTL 7 34.Os 35.Sh NAME 36.Nm sysctl 37.Nd system information variables 38.Sh DESCRIPTION 39The 40.Xr sysctl 3 41library function and the 42.Xr sysctl 8 43utility are used to get and set values of system variables, maintained 44by the kernel. 45The variables are organized in a tree and identified by a sequence of 46numbers, conventionally separated by dots with the topmost identifier 47at the left side. 48The numbers have corresponding text names. 49The 50.Xr sysctlnametomib 3 51function or the 52.Fl M 53argument to the 54.Xr sysctl 8 55utility can be used to convert the text representation to the 56numeric one. 57.Pp 58The individual sysctl variables are described below, both the textual 59and numeric form where applicable. 60The textual names can be used as argument to the 61.Xr sysctl 8 62utility and in the file 63.Pa /etc/sysctl.conf . 64The numeric names are usually defined as preprocessor constants and 65are intended for use by programs. 66Every such constant expands to one integer, which identifies the 67sysctl variable relative to the upper level of the tree. 68See the 69.Xr sysctl 3 70manual page for programming examples. 71.Ss Top level names 72The top level names are defined with a 73.Va CTL_ 74prefix in 75.In sys/sysctl.h , 76and are as follows. 77The next and subsequent levels down are found in the include files 78listed here, and described in separate sections below. 79.Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits" 80.It Sy Name Ta Sy Constant Ta Sy Next level names Ta Sy Description 81.It kern Ta Dv CTL_KERN Ta In sys/sysctl.h Ta High kernel limits 82.It vm Ta Dv CTL_VM Ta In uvm/uvm_param.h Ta Virtual memory 83.It vfs Ta Dv CTL_VFS Ta In sys/mount.h Ta Filesystem 84.It net Ta Dv CTL_NET Ta In sys/socket.h Ta Networking 85.It debug Ta Dv CTL_DEBUG Ta In sys/sysctl.h Ta Debugging 86.It hw Ta Dv CTL_HW Ta In sys/sysctl.h Ta Generic CPU, I/O 87.It machdep Ta Dv CTL_MACHDEP Ta In sys/sysctl.h Ta Machine dependent 88.It user Ta Dv CTL_USER Ta In sys/sysctl.h Ta User-level 89.It ddb Ta Dv CTL_DDB Ta In sys/sysctl.h Ta In-kernel debugger 90.It proc Ta Dv CTL_PROC Ta In sys/sysctl.h Ta Per-process 91.It vendor Ta Dv CTL_VENDOR Ta ? Ta Vendor specific 92.It emul Ta Dv CTL_EMUL Ta In sys/sysctl.h Ta Emulation settings 93.It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h Ta Security settings 94.El 95.Ss The debug.* subtree 96The debugging variables vary from system to system. 97A debugging variable may be added or deleted without need to recompile 98.Nm 99to know about it. 100Each time it runs, 101.Nm 102gets the list of debugging variables from the kernel and 103displays their current values. 104The system defines twenty 105.Vt ( struct ctldebug ) 106variables named 107.Dv debug0 108through 109.Dv debug19 . 110They are declared as separate variables so that they can be 111individually initialized at the location of their associated variable. 112The loader prevents multiple use of the same variable by issuing errors 113if a variable is initialized in more than one place. 114For example, to export the variable 115.Va dospecialcheck 116as a debugging variable, the following declaration would be used: 117.Pp 118.Bd -literal -offset indent -compact 119int dospecialcheck = 1; 120struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; 121.Ed 122.Pp 123Note that the dynamic implementation of 124.Nm 125currently in use largely makes this particular 126.Nm 127interface obsolete. 128See 129.Xr sysctl 8 130.\" and 131.\" .Xr sysctl 9 132for more information. 133.Ss The vfs.* subtree 134A distinguished second level name, 135.Li vfs.generic ( Dv VFS_GENERIC ) , 136is used to get general information about all file systems. 137It has the following third level identifiers: 138.Bl -tag -width "123456" 139.It Li vfs.generic.maxtypenum ( Dv VFS_MAXTYPENUM ) 140The highest valid file system type number. 141.It Li vfs.generic.conf ( Dv VFS_CONF ) 142Returns configuration information about the file system type given as a fourth 143level identifier. 144.It Li vfs.generic.usermount ( Dv VFS_USERMOUNT ) 145Determines if non superuser mounts are allowed, defaults to 146.Dv 0 . 147.It Li vfs.generic.magiclinks ( Dv VFS_MAGICLINKS ) 148Controls if expansion of variables is going to be performed on pathnames 149or not. 150Defaults to no variable expansion, 151.Dv 0 . 152Variables are of the form 153.Li @name 154and the variables supported are described in 155.Xr symlink 7 156under 157.Dq "MAGIC SYMLINKS" . 158.El 159.Pp 160A second level name for controlling the 161.Xr wapbl 4 162(Write Ahead Physical Block Logging file system journalling) 163capabilities with the following third level identifiers: 164.Bl -tag -width "123456" 165.It Li vfs.wapbl.flush_disk_cache 166Controls whether to attempt to flush the disk cache on each commit. 167It defaults to 1 and it should always be on to ensure integrity 168of file system metadata in the event of a power loss. 169For slow disks, turning it off can improve performance. 170.It Li vfs.wapbl.verbose_commit 171For each transaction log commit, print the number of bytes written 172and the time it took to commit as seconds.nanoseconds. 173.El 174.Pp 175The remaining second level identifiers are the file system names, identified 176by the type number returned by a 177.Xr statvfs 2 178call or from 179.Li vfs.generic.conf . 180.Pp 181The third level identifiers available for each file system 182are given in the header file that defines the mount 183argument structure for that file system. 184.Ss The hw.* subtree 185The string and integer information available for the 186.Li hw 187level is detailed below. 188The changeable column shows whether a process with appropriate 189privilege may change the value. 190.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent 191.It Sy Second level name Ta Sy Type Ta Sy Changeable 192.It hw.alignbytes integer no 193.It hw.byteorder integer no 194.It hw.cnmagic string yes 195.It hw.disknames string no 196.It hw.diskstats struct no 197.It hw.machine string no 198.It hw.machine_arch string no 199.It hw.model string no 200.It hw.ncpu integer no 201.It hw.ncpuonline integer no 202.It hw.pagesize integer no 203.It hw.physmem integer no 204.It hw.physmem64 quad no 205.It hw.usermem integer no 206.It hw.usermem64 quad no 207.El 208.Bl -tag -width "123456" 209.It Li hw.alignbytes ( Dv HW_ALIGNBYTES ) 210Alignment constraint for all possible data types. 211This shows the value 212.Dv ALIGNBYTES 213in 214.In machine/param.h , 215at the kernel compilation time. 216.It Li hw.byteorder ( Dv HW_BYTEORDER ) 217The byteorder (4321, or 1234). 218.It Li hw.cnmagic ( Dv HW_CNMAGIC ) 219The console magic key sequence. 220.It Li hw.disknames ( Dv HW_DISKNAMES ) 221The list of (space separated) disk device names on the system. 222.It Li hw.iostatnames ( Dv HW_IOSTATNAMES ) 223A space separated list of devices that will have I/O statistics 224collected on them. 225.It Li hw.iostats ( Dv HW_IOSTATS ) 226Return statistical information on the NFS mounts, disk and tape 227devices on the system. 228An array of 229.Vt struct io_sysctl 230structures is returned, 231whose size depends on the current number of such objects in the system. 232The third level name is the size of the 233.Vt struct io_sysctl . 234The type of object can be determined by examining the 235.Va type 236element of 237.Vt struct io_sysctl . 238Which can be 239.Dv IOSTAT_DISK 240(disk drive), 241.Dv IOSTAT_TAPE 242(tape drive), or 243.Dv IOSTAT_NFS 244(NFS mount). 245.It Li hw.machine ( Dv HW_MACHINE ) 246The machine class. 247.It Li hw.machine_arch ( Dv HW_MACHINE_ARCH ) 248The machine CPU class. 249.It Li hw.model ( Dv HW_MODEL ) 250The machine model. 251.It Li hw.ncpu ( Dv HW_NCPU ) 252The number of CPUs configured. 253.It Li hw.ncpuonline ( Dv HW_NCPUONLINE ) 254The number of CPUs online. 255.It Li hw.pagesize ( Dv HW_PAGESIZE ) 256The software page size. 257.It Li hw.physmem ( Dv HW_PHYSMEM ) 258The bytes of physical memory as a 32-bit integer. 259.It Li hw.physmem64 ( Dv HW_PHYSMEM64 ) 260The bytes of physical memory as a 64-bit integer. 261.It Li hw.usermem ( Dv HW_USERMEM ) 262The bytes of non-kernel memory as a 32-bit integer. 263.It Li hw.usermem64 ( Dv HW_USERMEM64 ) 264The bytes of non-kernel memory as a 64-bit integer. 265.El 266.Ss The kern.* subtree 267This subtree includes data generally related to the kernel. 268The string and integer information available for the 269.Li kern 270level is detailed below. 271The changeable column shows whether a process with appropriate 272privilege may change the value. 273.Bl -column "kern.posix_reader_writer_locks" \ 274"struct kinfo_drivers" "not applicable" 275.It Sy Second level name Ta Sy Type Ta Sy Changeable 276.It kern.aio_listio_max integer yes 277.It kern.aio_max integer yes 278.It kern.arandom integer no 279.It kern.argmax integer no 280.It kern.boothowto integer no 281.It kern.boottime struct timeval no 282.It kern.buildinfo string no 283.\".It kern.bufq node not applicable 284.It kern.ccpu integer no 285.It kern.clockrate struct clockinfo no 286.It kern.consdev integer no 287.It kern.coredump node not applicable 288.It kern.cp_id struct no 289.It kern.cp_time uint64_t[\|] no 290.It kern.cryptodevallowsoft integer yes 291.It kern.defcorename string yes 292.It kern.detachall integer yes 293.It kern.domainname string yes 294.It kern.drivers struct kinfo_drivers no 295.It kern.dump_on_panic integer yes 296.It kern.file struct file no 297.It kern.forkfsleep integer yes 298.It kern.fscale integer no 299.It kern.fsync integer no 300.It kern.hardclock_ticks integer no 301.It kern.hostid integer yes 302.It kern.hostname string yes 303.It kern.iov_max integer no 304.It kern.ipc node not applicable 305.It kern.job_control integer no 306.It kern.labeloffset integer no 307.It kern.labelsector integer no 308.It kern.login_name_max integer no 309.It kern.logsigexit integer yes 310.It kern.mapped_files integer no 311.It kern.maxfiles integer yes 312.It kern.maxlwp integer yes 313.It kern.maxpartitions integer no 314.It kern.maxphys integer no 315.It kern.maxproc integer yes 316.It kern.maxptys integer yes 317.It kern.maxvnodes integer yes 318.It kern.messages integer yes 319.It kern.mbuf node not applicable 320.It kern.memlock integer no 321.It kern.memlock_range integer no 322.It kern.memory_protection integer no 323.It kern.module node not applicable 324.It kern.monotonic_clock integer no 325.It kern.mqueue node not applicable 326.It kern.msgbuf integer no 327.It kern.msgbufsize integer no 328.It kern.ngroups integer no 329.\".It kern.no_sa_support integer yes 330.It kern.ntptime struct ntptimeval no 331.It kern.osrelease string no 332.It kern.osrevision integer no 333.It kern.ostype string no 334.\".It kern.panic_now integer yes 335.It kern.pipe node not applicable 336.It kern.pool struct pool_sysctl no 337.\" .It kern.posix node not applicable 338.It kern.posix1version integer no 339.It kern.posix_aio integer no 340.It kern.posix_barriers integer no 341.It kern.posix_reader_writer_locks integer no 342.\".It kern.posix_sched integer yes 343.It kern.posix_semaphores integer no 344.It kern.posix_spin_locks integer no 345.It kern.posix_threads integer no 346.It kern.posix_timers integer no 347.It kern.proc struct kinfo_proc no 348.It kern.proc2 struct kinfo_proc2 no 349.It kern.proc_args string no 350.It kern.profiling node not applicable 351.\".It kern.pset node not applicable 352.It kern.rawpartition integer no 353.It kern.root_device string no 354.It kern.root_partition integer no 355.It kern.rtc_offset integer yes 356.It kern.saved_ids integer no 357.It kern.sbmax integer yes 358.It kern.sched node not applicable 359.It kern.securelevel integer raise only 360.It kern.somaxkva integer yes 361.It kern.synchronized_io integer no 362.It kern.timecounter node not applicable 363.It kern.timex struct no 364.It kern.tkstat node not applicable 365.It kern.tty node not applicable 366.It kern.urandom integer no 367.It kern.usercrypto integer yes 368.It kern.userasymcrypto integer yes 369.It kern.veriexec node not applicable 370.It kern.version string no 371.It kern.vnode struct vnode no 372.El 373.Bl -tag -width "123456" 374.It Li kern.aio_listio_max 375The maximum number of asynchronous I/O operations in a single list 376I/O call. 377Like with all variables related to 378.Xr aio 3 , 379the variable may be created and removed dynamically 380upon loading or unloading the corresponding kernel module. 381.It Li kern.aio_max 382The maximum number of asynchronous I/O operations. 383.It Li kern.arandom 384This variable picks a random number each time it is queried. 385The used random number generator 386.Pf ( RNG ) 387is based on 388.Xr arc4random 3 . 389.It Li kern.argmax ( Dv KERN_ARGMAX ) 390The maximum bytes of argument to 391.Xr execve 2 . 392.It Li kern.boothowto 393Flags passed from the boot loader; see 394.Xr reboot 2 395for the meanings of the flags. 396.It Li kern.boottime ( Dv KERN_BOOTTIME ) 397A 398.Vt struct timeval 399structure is returned. 400This structure contains the time that the system was booted. 401.It Li kern.bufq 402This variable contains information on the 403.Xr bufq 9 404subsystem. 405Currently, the only third level name implemented is 406.Dv kern.bufq.strategies 407which provides a list of buffer queue strategies currently available. 408.It Li kern.buildinfo 409When the kernel is built, the build environment may optionally provide 410arbitrary information to be stored in this variable. 411.It Li kern.ccpu ( Dv KERN_CCPU ) 412The scheduler exponential decay value. 413.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) 414A 415.Vt struct clockinfo 416structure is returned. 417This structure contains the clock, statistics clock and profiling clock 418frequencies, the number of micro-seconds per hz tick, and the clock 419skew rate. 420Refer to 421.Xr hz 9 422for additional details. 423.It Li kern.consdev ( Dv KERN_CONSDEV ) 424Console device. 425.It Li kern.coredump 426Settings related to set-id processes coredumps. 427By default, set-id processes do not dump core in situations where 428other processes would. 429The settings in this node allows an administrator to change this 430behavior. 431.Pp 432The third level name is 433.Dv kern.coredump.setid 434and fourth level variables are described below. 435.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent 436.It Sy Fourth level name Ta Sy Type Ta Sy Changeable 437.It kern.coredump.setid.dump integer yes 438.It kern.coredump.setid.group integer yes 439.It kern.coredump.setid.mode integer yes 440.It kern.coredump.setid.owner integer yes 441.It kern.coredump.setid.path string yes 442.El 443.Bl -tag -width "123456" 444.It Li kern.coredump.setid.dump 445If non-zero, set-id processes will dump core. 446.It Li kern.coredump.setid.group 447The group-id for the set-id processes' coredump. 448.It Li kern.coredump.setid.mode 449The mode for the set-id processes' coredump. 450See 451.Xr chmod 1 . 452.It Li kern.coredump.setid.owner 453The user-id that will be used as the owner of the set-id processes' 454coredump. 455.It Li kern.coredump.setid.path 456The path to which set-id processes' coredumps will be saved to. 457Same syntax as kern.defcorename. 458.El 459.It Li kern.cp_id ( Dv KERN_CP_ID ) 460Mapping of CPU number to CPU id. 461.It Li kern.cp_time ( Dv KERN_CP_TIME ) 462Returns an array of 463.Dv CPUSTATES 464.Vt uint64_t Ns s . 465This array contains the 466number of clock ticks spent in different CPU states. 467On multi-processor systems, the sum across all CPUs is returned unless 468appropriate space is given for one data set for each CPU. 469Data for a specific CPU can also be obtained by adding the number of the 470CPU at the end of the MIB, enlarging it by one. 471.It Li kern.cryptodevallowsoft 472This variable controls userland access to hardware versus software transforms 473in the 474.Xr crypto 4 475system. 476The available values are as follows: 477.Bl -tag -width XX0 -offset indent 478.It Dv < 0 479Always force userlevel requests to use software transforms. 480.It Dv = 0 481If present, use hardware and grant userlevel requests for 482non-accelerated transforms (handling the latter in software). 483.It Dv > 0 484Allow user requests only for transforms which are hardware-accelerated. 485.El 486.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) 487Default template for the name of core dump files (see also 488.Li proc.pid.corename 489in the per-process variables 490.Li proc.* , 491and 492.Xr core 5 493for format of this template). 494The default value is 495.Pa %n.core 496and can be changed with the kernel configuration option 497.Cd options DEFCORENAME 498(see 499.Xr options 4 500). 501.It Li kern.detachall 502Detach all devices at shutdown. 503.It Li kern.domainname ( Dv KERN_DOMAINNAME ) 504Get or set the YP domain name. 505.It Li kern.drivers ( Dv KERN_DRIVERS ) 506Return an array of 507.Vt struct kinfo_drivers 508that contains the name and major device numbers of all the device drivers 509in the current kernel. 510The 511.Va d_name 512field is always a NUL terminated string. 513The 514.Va d_bmajor 515field will be set to \-1 if the driver doesn't have a block device. 516.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) 517Perform a crash dump on system 518.Xr panic 9 . 519.It Li kern.file ( Dv KERN_FILE ) 520Return the entire file table. 521The returned data consists of a single 522.Vt struct filelist 523followed by an array of 524.Vt struct file , 525whose size depends on the current number of such objects in the system. 526.It Li kern.forkfsleep ( Dv KERN_FORKFSLEEP ) 527If 528.Xr fork 2 529system call fails due to limit on number of processes (either 530the global maxproc limit or user's one), wait for this many 531milliseconds before returning 532.Er EAGAIN 533error to process. 534Useful to keep heavily forking runaway processes in bay. 535Default zero (no sleep). 536Maximum is 20 seconds. 537.It Li kern.fscale ( Dv KERN_FSCALE ) 538The kernel fixed-point scale factor. 539.It Li kern.fsync ( Dv KERN_FSYNC ) 540Return 1 if the 541.St -p1003.1b-93 542File Synchronization Option is available 543on this system, 544otherwise\ 0. 545.It Li kern.hardclock_ticks ( Dv KERN_HARDCLOCK_TICKS ) 546Returns the number of 547.Xr hardclock 9 548ticks. 549.It Li kern.hist 550This variable contains kernel history data if the kernel was 551configured for any of the options 552.Dv UVHMIST , 553.Dv USB_DEBUG , 554.Dv BIOHIST , 555or 556.Dv SCDEBUG . 557(See 558.Xr options 4 559for more details.) 560The third-level names correspond to each available history table. 561The values of the history tables are in an internal format, and can be 562decoded by the 563.Xr vmstat 1 564utility's 565.Fl U 566and 567.Fl u 568options; 569the 570.Fl l 571option can be used to see which tables are available. 572.It Li kern.hostid ( Dv KERN_HOSTID ) 573Get or set the host identifier. 574This is aimed to replace the legacy 575.Xr gethostid 3 576and 577.Xr sethostid 3 578system calls. 579.It Li kern.hostname ( Dv KERN_HOSTNAME ) 580Get or set the 581.Xr hostname 1 . 582.It Li kern.iov_max ( Dv KERN_IOV_MAX ) 583Return the maximum number of 584.Vt iovec 585structures that a process has available for use with 586.Xr preadv 2 , 587.Xr pwritev 2 , 588.Xr readv 2 , 589.Xr recvmsg 2 , 590.Xr sendmsg 2 591and 592.Xr writev 2 . 593.It Li kern.ipc ( Dv KERN_SYSVIPC ) 594Return information about the SysV IPC parameters. 595The third level names for the ipc variables are detailed below. 596.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent 597.It Sy Third level name Ta Sy Type Ta Sy Changeable 598.It kern.ipc.sysvmsg integer no 599.It kern.ipc.sysvsem integer no 600.It kern.ipc.sysvshm integer no 601.It kern.ipc.sysvipc_info struct no 602.It kern.ipc.shmmax integer yes 603.It kern.ipc.shmmni integer yes 604.It kern.ipc.shmseg integer yes 605.It kern.ipc.shmmaxpgs integer yes 606.It kern.ipc.shm_use_phys integer yes 607.It kern.ipc.msgmni integer yes 608.It kern.ipc.msgseg integer yes 609.It kern.ipc.semmni integer yes 610.It kern.ipc.semmns integer yes 611.It kern.ipc.semmnu integer yes 612.El 613.Bl -tag -width "123456" 614.It Li kern.ipc.sysvmsg ( Dv KERN_SYSVIPC_MSG ) 615Returns 1 if System V style message queue functionality is available 616on this system, 617otherwise\ 0. 618.It Li kern.ipc.sysvsem ( Dv KERN_SYSVIPC_SEM ) 619Returns 1 if System V style semaphore functionality is available 620on this system, 621otherwise\ 0. 622.It Li kern.ipc.sysvshm ( Dv KERN_SYSVIPC_SHM ) 623Returns 1 if System V style share memory functionality is available 624on this system, 625otherwise\ 0. 626.It Li kern.ipc.sysvipc_info ( Dv KERN_SYSVIPC_INFO ) 627Return System V style IPC configuration and run-time information. 628The fourth level name selects the System V style IPC facility. 629.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent 630.It Sy Fourth level name Ta Sy Type 631.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info 632.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info 633.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info 634.El 635.Bl -tag -width "123456" 636.It Li KERN_SYSVIPC_MSG_INFO 637Return information on the System V style message facility. 638The 639.Sy msg_sysctl_info 640structure is defined in 641.In sys/msg.h . 642.It Li KERN_SYSVIPC_SEM_INFO 643Return information on the System V style semaphore facility. 644The 645.Sy sem_sysctl_info 646structure is defined in 647.In sys/sem.h . 648.It Li KERN_SYSVIPC_SHM_INFO 649Return information on the System V style shared memory facility. 650The 651.Sy shm_sysctl_info 652structure is defined in 653.In sys/shm.h . 654.El 655.It Li kern.ipc.shmmax ( Dv KERN_SYSVIPC_SHMMAX ) 656Max shared memory segment size in bytes. 657.It Li kern.ipc.shmmni ( Dv KERN_SYSVIPC_SHMMNI ) 658Max number of shared memory identifiers. 659.It Li kern.ipc.shmseg ( Dv KERN_SYSVIPC_SHMSEG ) 660Max shared memory segments per process. 661.It Li kern.ipc.shmmaxpgs ( Dv KERN_SYSVIPC_SHMMAXPGS ) 662Max amount of shared memory in pages. 663.It Li kern.ipc.shm_use_phys ( Dv KERN_SYSVIPC_SHMUSEPHYS ) 664Locking of shared memory in physical memory. 665If 0, memory can be swapped 666out, otherwise it will be locked in physical memory. 667.It Li kern.ipc.msgmni 668Max number of message queue identifiers. 669.It Li kern.ipc.msgseg 670Max number of number of message segments. 671.It Li kern.ipc.semmni 672Max number of number of semaphore identifiers. 673.It Li kern.ipc.semmns 674Max number of number of semaphores in system. 675.It Li kern.ipc.semmnu 676Max number of undo structures in system. 677.El 678.It Li kern.job_control ( Dv KERN_JOB_CONTROL ) 679Return 1 if job control is available on this system, otherwise\ 0. 680.It Li kern.labeloffset ( Dv KERN_LABELOFFSET ) 681The offset within the sector specified by 682.Dv KERN_LABELSECTOR 683of the 684.Xr disklabel 5 . 685.It Li kern.labelsector ( Dv KERN_LABELSECTOR ) 686The sector number containing the 687.Xr disklabel 5 . 688.It Li kern.login_name_max ( Dv KERN_LOGIN_NAME_MAX ) 689The size of the storage required for a login name, in bytes, 690including the terminating NUL. 691.It Li kern.logsigexit ( Dv KERN_LOGSIGEXIT ) 692If this flag is non-zero, the kernel will 693.Xr log 9 694all process exits due to signals which create a 695.Xr core 5 696file, and whether the coredump was created. 697.It Li kern.mapped_files ( Dv KERN_MAPPED_FILES ) 698Returns 1 if the 699.St -p1003.1b-93 700Memory Mapped Files Option is available on this system, 701otherwise\ 0. 702.It Li kern.maxfiles ( Dv KERN_MAXFILES ) 703The maximum number of open files that may be open in the system. 704.It Li kern.maxpartitions ( Dv KERN_MAXPARTITIONS ) 705The maximum number of partitions allowed per disk. 706.It Li kern.maxlwp 707The maximum number of Lightweight Processes (threads) the system allows 708per uid. 709.It Li kern.maxphys ( Dv KERN_MAXPHYS ) 710Maximum raw I/O transfer size. 711.It Li kern.maxproc ( Dv KERN_MAXPROC ) 712The maximum number of simultaneous processes the system will allow. 713.It Li kern.maxptys ( Dv KERN_MAXPTYS ) 714The maximum number of pseudo terminals. 715This value can be both raised and lowered, though it cannot 716be set lower than number of currently used ptys. 717See also 718.Xr pty 4 . 719.It Li kern.maxvnodes ( Dv KERN_MAXVNODES ) 720The maximum number of vnodes available on the system. 721This can only be raised. 722.It Li kern.mbuf ( Dv KERN_MBUF ) 723Return information about the mbuf control variables. 724Mbufs are data structures which store network packets and other data 725structures in the networking code, see 726.Xr mbuf 9 . 727The third level names for the mbuf variables are detailed below. 728The changeable column shows whether a process with appropriate 729privilege may change the value. 730.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent 731.It Sy Third level name Ta Sy Type Ta Sy Changeable 732.\" XXX Changeable? really? 733.It kern.mbuf.mblowat integer yes 734.It kern.mbuf.mclbytes integer yes 735.It kern.mbuf.mcllowat integer yes 736.It kern.mbuf.msize integer yes 737.It kern.mbuf.nmbclusters integer yes 738.El 739.Pp 740The variables are as follows: 741.Bl -tag -width "123456" 742.It Li kern.mbuf.mblowat ( Dv MBUF_MBLOWAT ) 743The mbuf low water mark. 744.It Li kern.mbuf.mclbytes ( Dv MBUF_MCLBYTES ) 745The mbuf cluster size. 746.It Li kern.mbuf.mcllowat ( Dv MBUF_MCLLOWAT ) 747The mbuf cluster low water mark. 748.It Li kern.mbuf.msize ( Dv MBUF_MSIZE ) 749The mbuf base size. 750.It Li kern.mbuf.nmbclusters ( Dv MBUF_NMBCLUSTERS ) 751The limit on the number of mbuf clusters. 752The variable can only be increased, and only increased on machines with 753direct-mapped pool pages. 754.El 755.It Li kern.memlock ( Dv KERN_MEMLOCK ) 756Returns 1 if the 757.St -p1003.1b-93 758Process Memory Locking Option is available on this system, 759otherwise\ 0. 760.It Li kern.memlock_range ( Dv KERN_MEMLOCK_RANGE ) 761Returns 1 if the 762.St -p1003.1b-93 763Range Memory Locking Option is available on this system, 764otherwise\ 0. 765.It Li kern.memory_protection ( Dv KERN_MEMORY_PROTECTION ) 766Returns 1 if the 767.St -p1003.1b-93 768Memory Protection Option is available on this system, 769otherwise\ 0. 770.It Li kern.messages 771Kernel console message verbosity. 772See 773.Aq Pa sys/reboot.h 774.Bl -column "verbosity" "setting" -offset indent 775.It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent 776.It 0 Ta Silent Ta Sy AB_SILENT 777.It 1 Ta Quiet Ta Sy AB_QUIET 778.It 2 Ta Normal Ta Sy AB_NORMAL 779.It 3 Ta Verbose Ta Sy AB_VERBOSE 780.It 4 Ta Debug Ta Sy AB_DEBUG 781.El 782.It Li kern.module 783Settings related to kernel modules. 784The third level names for the settings are described below. 785.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent 786.It Sy Third level name Ta Sy Type Ta Sy Changeable 787.It kern.module.autoload integer yes 788.It kern.module.autotime integer yes 789.It kern.module.verbose boolean yes 790.El 791.Pp 792The variables are as follows: 793.Bl -tag -width "123456" 794.It Li kern.module.autoload 795A boolean that controls whether kernel modules are loaded automatically. 796See 797.Xr module 7 798for additional details. 799.It Li kern.module.autotime 800An integer that controls the delay before an attempt is made to 801automatically unload a module that was auto-loaded. 802Setting this value to zero disables the auto-unload function. 803.It Li kern.module.verbose 804A boolean that enables or disables verbose 805debug messages related to kernel modules. 806.El 807.It Li kern.monotonic_clock ( Dv KERN_MONOTONIC_CLOCK ) 808Returns the standard version the implementation of the 809.St -p1003.1b-93 810Monotonic Clock Option conforms to, 811otherwise\ 0. 812.It Li kern.mqueue 813Settings related to POSIX message queues; see 814.Xr mqueue 3 . 815This node is created dynamically when 816the corresponding kernel module is loaded. 817The third level names for the settings are described below. 818.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent 819.It Sy Third level name Ta Sy Type Ta Sy Changeable 820.It kern.mqueue.mq_open_max integer yes 821.It kern.mqueue.mq_prio_max integer yes 822.It kern.mqueue.mq_max_msgsize integer yes 823.It kern.mqueue.mq_def_maxmsg integer yes 824.It kern.mqueue.mq_max_maxmsg integer yes 825.El 826.Pp 827The variables are: 828.Bl -tag -width "123456" 829.It Li kern.mqueue.mq_open_max 830The maximum number of message queue descriptors any single process can open. 831.It Li kern.mqueue.mq_prio_max 832The maximum priority of a message. 833.It Li kern.mqueue.mq_max_msgsize 834The maximum size of a message in a message queue. 835.It Li kern.mqueue.mq_def_maxmsg 836The default maximum message count. 837.It Li kern.mqueue.mq_max_maxmsg 838The maximum number of messages in a message queue. 839.El 840.It Li kern.msgbuf ( Dv KERN_MSGBUF ) 841The kernel message buffer, rotated so that the head of the circular kernel 842message buffer is at the start of the returned data. 843The returned data may contain NUL bytes. 844.It Li kern.msgbufsize ( Dv KERN_MSGBUFSIZE ) 845The maximum number of characters that the kernel message buffer can hold. 846.It Li kern.ngroups ( Dv KERN_NGROUPS ) 847The maximum number of supplemental groups. 848.\" .It Li kern.no_sa_support 849.\" XXX: Undocumented. 850.It Li kern.ntptime ( Dv KERN_NTPTIME ) 851A 852.Vt struct ntptimeval 853structure is returned. 854This structure contains data used by the 855.Xr ntpd 8 856program. 857.It Li kern.osrelease ( Dv KERN_OSRELEASE ) 858The system release string. 859.It Li kern.osrevision ( Dv KERN_OSREV ) 860The system revision string. 861.It Li kern.ostype ( Dv KERN_OSTYPE ) 862The system type string. 863.\".It Li kern.panic_now 864.\" XXX: Undocumented. 865.It Li kern.pipe ( Dv KERN_PIPE ) 866Pipe settings. 867The third level names for the integer pipe settings is detailed below. 868The changeable column shows whether a process with appropriate 869privilege may change the value. 870.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent 871.It Sy Third level name Ta Sy Type Ta Sy Changeable 872.It kern.pipe.kvasiz integer yes 873.It kern.pipe.maxbigpipes integer yes 874.It kern.pipe.maxkvasz integer yes 875.It kern.pipe.limitkva integer yes 876.It kern.pipe.nbigpipes integer yes 877.El 878.Pp 879The variables are as follows: 880.Bl -tag -width "123456" 881.It Li kern.pipe.kvasiz ( Dv KERN_PIPE_KVASIZ ) 882Amount of kernel memory consumed by pipe buffers. 883.It Li kern.pipe.maxbigpipes ( Dv KERN_PIPE_MAXBIGPIPES ) 884Maximum number of 885.Dq big 886pipes. 887.It Li kern.pipe.maxkvasz ( Dv KERN_PIPE_MAXKVASZ ) 888Maximum amount of kernel memory to be used for pipes. 889.It Li kern.pipe.limitkva ( Dv KERN_PIPE_LIMITKVA ) 890Limit for direct transfers via page loan. 891.It Li kern.pipe.nbigpipes ( Dv KERN_PIPE_NBIGPIPES ) 892Number of 893.Dq big 894pipes. 895.El 896.It Li kern.pool 897Provides statistics about the 898.Xr pool 9 899and 900.Xr pool_cache 9 901subsystems. 902.\" XXX: Undocumented .It Li kern.posix ( ? ) 903.\" This is a node in which the only variable is semmax. 904.It Li kern.posix1version ( Dv KERN_POSIX1 ) 905The version of ISO/IEC 9945 906.Pq St -p1003.1 907with which the system attempts to comply. 908.It Li kern.posix_aio 909The version of 910.St -p1003.1 911and its Asynchronous I/O option to which the system attempts to conform. 912.It Li kern.posix_barriers ( Dv KERN_POSIX_BARRIERS ) 913The version of 914.St -p1003.1 915and its 916Barriers 917option to which the system attempts to conform, 918otherwise\ 0. 919.It Li kern.posix_reader_writer_locks ( Dv KERN_POSIX_READER_WRITER_LOCKS ) 920The version of 921.St -p1003.1 922and its 923Read-Write Locks 924option to which the system attempts to conform, 925otherwise\ 0. 926.\".It Li kern.posix_sched 927.\" XXX: Undocumented. 928.It Li kern.posix_semaphores ( Dv KERN_POSIX_SEMAPHORES ) 929The version of 930.St -p1003.1 931and its 932Semaphores 933option to which the system attempts to conform, 934otherwise\ 0. 935.It Li kern.posix_spin_locks ( Dv KERN_POSIX_SPIN_LOCKS ) 936The version of 937.St -p1003.1 938and its 939Spin Locks 940option to which the system attempts to conform, 941otherwise\ 0. 942.It Li kern.posix_threads ( Dv KERN_POSIX_THREADS ) 943The version of 944.St -p1003.1 945and its 946Threads 947option to which the system attempts to conform, 948otherwise\ 0. 949.It Li kern.posix_timers ( Dv KERN_POSIX_TIMERS ) 950The version of 951.St -p1003.1 952and its 953Timers 954option to which the system attempts to conform, 955otherwise\ 0. 956.It Li kern.proc ( Dv KERN_PROC ) 957Return the entire process table, or a subset of it. 958An array of 959.Vt struct kinfo_proc 960structures is returned, 961whose size depends on the current number of such objects in the system. 962The third and fourth level numeric names are as follows: 963.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent 964.It Sy Third level name Ta Sy Fourth level is : 965.It KERN_PROC_ALL None 966.It KERN_PROC_GID A group ID 967.It KERN_PROC_PID A process ID 968.It KERN_PROC_PGRP A process group 969.It KERN_PROC_RGID A real group ID 970.It KERN_PROC_RUID A real user ID 971.It KERN_PROC_SESSION A session ID 972.It KERN_PROC_TTY A tty device 973.It KERN_PROC_UID A user ID 974.El 975.It Li kern.proc2 ( Dv KERN_PROC2 ) 976As for 977.Dv KERN_PROC , 978but an array of 979.Vt struct kinfo_proc2 980structures are returned. 981The fifth level name is the size of the 982.Vt struct kinfo_proc2 983and the sixth level name is the number of structures to return. 984.It Li kern.proc_args ( Dv KERN_PROC_ARGS ) 985Return the argv or environment strings (or the number thereof) 986of a process. 987Multiple strings are returned separated by NUL characters. 988The third level name is the process ID. 989The fourth level name is as follows: 990.Bl -column "KERN_PROG_PATHNAME" "The full pathname of the executable" -offset indent 991.It Dv KERN_PROC_ARGV The argv strings 992.It Dv KERN_PROC_ENV The environ strings 993.It Dv KERN_PROC_NARGV The number of argv strings 994.It Dv KERN_PROC_NENV The number of environ strings 995.It Dv KERN_PROC_PATHNAME The full pathname of the executable 996.El 997.It Li kern.profiling ( Dv KERN_PROF ) 998Return profiling information about the kernel. 999If the kernel is not compiled for profiling, 1000attempts to retrieve any of the 1001.Dv KERN_PROF 1002values will fail with 1003.Er EOPNOTSUPP . 1004The third level names for the string and integer profiling information 1005is detailed below. 1006The changeable column shows whether a process with appropriate 1007privilege may change the value. 1008.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent 1009.It Sy Third level name Ta Sy Type Ta Sy Changeable 1010.It kern.profiling.count u_short[\|] yes 1011.It kern.profiling.froms u_short[\|] yes 1012.It kern.profiling.gmonparam struct gmonparam no 1013.It kern.profiling.state integer yes 1014.It kern.profiling.tos struct tostruct yes 1015.El 1016.Pp 1017The variables are as follows: 1018.Bl -tag -width "123456" 1019.It Li kern.profiling.count ( Dv GPROF_COUNT ) 1020Array of statistical program counter counts. 1021.It Li kern.profiling.froms ( Dv GPROF_FROMS ) 1022Array indexed by program counter of call-from points. 1023.It Li kern.profiling.gmonparams ( Dv GPROF_GMONPARAM ) 1024Structure giving the sizes of the above arrays. 1025.It Li kern.profiling.state ( Dv GPROF_STATE ) 1026Profiling state. 1027If set to 1028.Dv GMON_PROF_ON , 1029starts profiling. 1030If set to 1031.Dv GMON_PROF_OFF , 1032stops profiling. 1033.It Li kern.profiling.tos ( Dv GPROF_TOS ) 1034Array of 1035.Vt struct tostruct 1036describing destination of calls and their counts. 1037.El 1038.\" .It Li kern.pset 1039.\" XXX: Undocumented. 1040.It Li kern.rawpartition ( Dv KERN_RAWPARTITION ) 1041The raw partition of a disk (a == 0). 1042.It Li kern.root_device ( Dv KERN_ROOT_DEVICE ) 1043The name of the root device (e.g., 1044.Dq wd0 ) . 1045.It Li kern.root_partition ( Dv KERN_ROOT_PARTITION ) 1046The root partition on the root device (a == 0). 1047.It Li kern.rtc_offset ( Dv KERN_RTC_OFFSET ) 1048Return the offset of real time clock from UTC in minutes. 1049.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) 1050Returns 1 if saved set-group and saved set-user ID is available. 1051.It Li kern.sbmax ( Dv KERN_SBMAX ) 1052Maximum socket buffer size. 1053.\" XXX units? 1054.It Li kern.securelevel ( Dv KERN_SECURELVL ) 1055See 1056.Xr secmodel_securelevel 9 . 1057.It Li kern.sched ( dynamic ) 1058Influence the scheduling of LWPs, their priorisation and how they are 1059distributed on and moved between CPUs. 1060.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent 1061.It Sy Third level name Sy Type Sy Changeable 1062.It kern.sched.cacheht_time integer yes 1063.It kern.sched.balance_period integer yes 1064.It kern.sched.average_weight integer yes 1065.It kern.sched.min_catch integer yes 1066.It kern.sched.timesoftints integer yes 1067.It kern.sched.kpreempt_pri integer yes 1068.It kern.sched.upreempt_pri integer yes 1069.It kern.sched.maxts integer yes 1070.It kern.sched.mints integer yes 1071.It kern.sched.name string no 1072.It kern.sched.rtts integer no 1073.It kern.sched.pri_min integer no 1074.It kern.sched.pri_max integer no 1075.El 1076.Pp 1077The variables are as follows: 1078.Bl -tag -width "123456" 1079.It Li kern.sched.cacheht_time ( dynamic ) 1080Cache hotness time in which a LWP is kept on one particular CPU 1081and not moved to another CPU. 1082This reduces the overhead of flushing and reloading caches. 1083Defaults to 3ms. 1084Needs to be given in 1085.Dq hz 1086units, see 1087.Xr mstohz 9 . 1088.It Li kern.sched.balance_period ( dynamic ) 1089Interval at which the CPU queues are checked for re-balancing. 1090Defaults to 300ms. 1091Needs to be given in 1092.Dq hz 1093units, see 1094.Xr mstohz 9 . 1095.It Li kern.sched.average_weight ( dynamic ) 1096Can be used to influence how likely LWPs are to be migrated from 1097one CPU's queue of LWPs that are ready to run to a different, idle CPU. 1098The value gives the percentage for weighting the average count of 1099migratable threads from the past against the current number of 1100migratable threads. 1101A small value gives more weight to the past, a larger values more weight 1102on the current situation. 1103Defaults to 50 and must be between 0 and 100. 1104.It Li kern.sched.min_catch ( dynamic ) 1105Minimum count of migratable (runable) threads for catching (stealing) 1106from another CPU. 1107Defaults to 1 but can be increased to decrease chance of thread 1108migration between CPUs. 1109.It Li kern.sched.timesoftints ( dynamic ) 1110Enable tracking of CPU time for soft interrupts 1111as part of a LWP's real execution time. 1112Set to a non-zero value to enable, 1113and see 1114.Xr ps 1 1115for printing CPU times. 1116.It Li kern.sched.kpreempt_pri ( dynamic ) 1117Minimum priority to trigger kernel preemption. 1118.It Li kern.sched.upreempt_pri ( dynamic ) 1119Minimum priority to trigger user preemption. 1120.It Li kern.sched.maxts ( dynamic ) 1121Scheduler specific maximal time quantum (in milliseconds). 1122Must be set to a value larger than 1123.Dq mints 1124and between 10 and 1125.Dq hz 1126as given by the 1127.Dv kern.clockrate 1128sysctl. 1129Provided by the M2 scheduler. 1130.It Li kern.sched.mints ( dynamic ) 1131Scheduler specific minimal time quantum (in milliseconds). 1132Must be set to a value smaller than 1133.Dq maxts 1134and between 1 and 1135.Dq hz 1136as given by the 1137.Dq kern.clockrate 1138sysctl. 1139Provided by the M2 scheduler. 1140.It Li kern.sched.name ( dynamic ) 1141Scheduler name. 1142Provided both by the M2 and the 4BSD scheduler. 1143.It Li kern.sched.rtts ( dynamic ) 1144Fixed scheduler specific round-robin time quantum in milliseconds. 1145Provided both by the M2 and the 4BSD scheduler. 1146.It Li kern.sched.pri_min ( dynamic ) 1147Minimal POSIX real-time priority. 1148See 1149.Xr sched 3 . 1150.It Li kern.sched.pri_max ( dynamic ) 1151Maximal POSIX real-time priority. 1152See 1153.Xr sched 3 . 1154.El 1155.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) 1156Maximum amount of kernel memory to be used for socket buffers. 1157.\" XXX units? 1158.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) 1159Returns 1 if the 1160.St -p1003.1b-93 1161Synchronized I/O Option is available on this system, 1162otherwise\ 0. 1163.It Li kern.timecounter ( dynamic ) 1164Display and control the timecounter source of the system. 1165.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent 1166.It Sy Third level name Ta Sy Type Ta Sy Changeable 1167.It kern.timecounter.choice string no 1168.It kern.timecounter.hardware string yes 1169.It kern.timecounter.timestepwarnings integer yes 1170.El 1171.Pp 1172The variables are as follows: 1173.Bl -tag -width "123456" 1174.It Li kern.timecounter.choice ( dynamic ) 1175The list of available timecounters with their quality and frequency. 1176.It Li kern.timecounter.hardware ( dynamic ) 1177The currently selected timecounter source. 1178.It Li kern.timecounter.timestepwarnings ( dynamic ) 1179If non-zero display a message each time the time is stepped. 1180.El 1181.It Li kern.timex ( Dv KERN_TIMEX ) 1182Not available. 1183.It Li kern.tkstat ( Dv KERN_TKSTAT ) 1184Return information about the number of characters sent and received 1185on ttys. 1186The third level names for the tty statistic variables are detailed below. 1187The changeable column shows whether a process 1188with appropriate privilege may change the value. 1189.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent 1190.It Sy Third level name Ta Sy Type Ta Sy Changeable 1191.It kern.tkstat.cancc quad no 1192.It kern.tkstat.nin quad no 1193.It kern.tkstat.nout quad no 1194.It kern.tkstat.rawcc quad no 1195.El 1196.Pp 1197The variables are as follows: 1198.Bl -tag -width "123456" 1199.It Li kern.tkstat.cancc ( Dv KERN_TKSTAT_CANCC ) 1200The number of canonical input characters. 1201.It Li kern.tkstat.nin ( Dv KERN_TKSTAT_NIN ) 1202The total number of input characters. 1203.It Li kern.tkstat.nout ( Dv KERN_TKSTAT_NOUT ) 1204The total number of output characters. 1205.It Li kern.tkstat.rawcc ( Dv KERN_TKSTAT_RAWCC ) 1206The number of raw input characters. 1207.El 1208.It Li kern.tty 1209The third level names for the tty setup variables are detailed below. 1210The changeable column shows whether a process 1211with appropriate privilege may change the value. 1212.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent 1213.It Sy Third level name Ta Sy Type Ta Sy Changeable 1214.It kern.tty.qsize int yes 1215.El 1216.Pp 1217The variables are as follows: 1218.Bl -tag -width "123456" 1219.It Li kern.tty.qsize 1220Control/display the size of the default input and output queues selected 1221during tty creation. 1222Is converted to a power of two and its range is between 1223.Dv 1024 1224and 1225.Dv 65536 . 1226.El 1227.It Li kern.uidinfo 1228Resource usage for the current user. 1229.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent 1230.It Sy Third level name Ta Sy Type Ta Sy Changeable 1231.It kern.uidinfo.proccnt integer no 1232.It kern.uidinfo.lwpcnt integer no 1233.It kern.uidinfo.lockcnt integer no 1234.It kern.uidinfo.sbsize integer no 1235.El 1236.Bl -tag -width "123456" 1237.It Li kern.uidinfo.proccnt 1238Returns the number of active processes for the current user. 1239.It Li kern.uidinfo.lwpcnt 1240Returns the number of active threads for the current user; the first thread 1241of each process is not counted. 1242.It Li kern.uidinfo.lockcnt 1243Number of locks held by the current user. 1244.It Li kern.uidinfo.sbsize 1245Number of bytes in socket buffers allocated to the current user. 1246.El 1247.It Li kern.urandom ( Dv KERN_URND ) 1248Random integer value. 1249.It Li kern.usercrypto 1250When enabled, allows userland to 1251.Xr open 2 1252the 1253.Pa /dev/crypto 1254special device, used by the 1255.Xr crypto 4 1256system. 1257.It Li kern.userasymcrypto 1258Enables or disables the use of software asymmetric crypto support in the 1259.Xr crypto 4 1260system. 1261.It Li kern.veriexec 1262Runtime information for 1263.Xr veriexec 8 . 1264.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent 1265.It Sy Third level name Ta Sy Type Ta Sy Changeable 1266.It kern.veriexec.algorithms string no 1267.It kern.veriexec.count node not applicable 1268.It kern.veriexec.strict integer yes 1269.It kern.veriexec.verbose integer yes 1270.El 1271.Bl -tag -width "123456" 1272.It Li kern.veriexec.algorithms 1273Returns a string with the supported algorithms in Veriexec. 1274.It Li kern.veriexec.count 1275Sub-nodes are added to this node as new mounts are monitored by Veriexec. 1276Each mount will be under its own 1277.No tableN 1278node. 1279Under each node there will be three variables, indicating the mount 1280point, the file system type, and the number of entries. 1281.It Li kern.veriexec.strict 1282Controls the strict level of Veriexec. 1283See 1284.Xr security 7 1285for more information on each level's implications. 1286.It Li kern.veriexec.verbose 1287Controls the verbosity level of Veriexec. 1288If 0, only the minimal 1289indication required will be given about what's happening - fingerprint 1290mismatches, removal of entries from the tables, modification of a 1291fingerprinted file. 1292If 1, more messages will be printed (ie., when a file with a valid 1293fingerprint is accessed). 1294Verbose level 2 is debug mode. 1295.El 1296.It Li kern.version ( Dv KERN_VERSION ) 1297The system version string. 1298.It Li kern.vnode ( Dv KERN_VNODE ) 1299Return the entire vnode table. 1300Note, the vnode table is not necessarily a consistent snapshot of 1301the system. 1302The returned data consists of an array whose size depends on the 1303current number of such objects in the system. 1304Each element of the array contains the kernel address of a vnode 1305.Vt struct vnode * 1306followed by the vnode itself 1307.Vt struct vnode . 1308.\" XXX: Undocumented: kern.lwp: no children? 1309.El 1310.Ss The machdep.* subtree 1311The set of variables defined is architecture dependent. 1312Most architectures define at least the following variables. 1313.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent 1314.It Sy Second level name Ta Sy Type Ta Sy Changeable 1315.It Li machdep.booted_kernel string no 1316.El 1317.\" XXX: Document the above. 1318.Ss The net.* subtree 1319The string and integer information available for the 1320.Li net 1321level is detailed below. 1322The changeable column shows whether a process with appropriate 1323privilege may change the value. 1324The second and third levels are typically the protocol family and 1325protocol number, though this is not always the case. 1326.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent 1327.It Sy Second level name Ta Sy Type Ta Sy Changeable 1328.It net.route routing messages no 1329.It net.inet IPv4 values yes 1330.It net.inet6 IPv6 values yes 1331.It net.key IPsec key management values yes 1332.El 1333.Bl -tag -width "123456" 1334.It Li net.route ( Dv PF_ROUTE ) 1335.\" XXX really? 1336Return the entire routing table or a subset of it. 1337The data is returned as a sequence of routing messages (see 1338.Xr route 4 1339for the header file, format and meaning). 1340The length of each message is contained in the message header. 1341.Pp 1342The third level name is a protocol number, which is currently always\ 0. 1343The fourth level name is an address family, which may be set to 0 to 1344select all address families. 1345The fifth and sixth level names are as follows: 1346.Bl -column "Fifth level name" "Sixth level is:" -offset indent 1347.It Sy Fifth level name Ta Sy Sixth level is : 1348.It NET_RT_FLAGS rtflags 1349.It NET_RT_DUMP None 1350.It NET_RT_IFLIST None 1351.El 1352.It Li net.inet ( Dv PF_INET ) 1353Get or set various global information about the IPv4 1354.Pq Internet Protocol version 4 . 1355The third level name is the protocol. 1356The fourth level name is the variable name. 1357The currently defined protocols and names are: 1358.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent 1359.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable 1360.It arp down integer yes 1361.It arp keep integer yes 1362.It arp log_movements integer yes 1363.It arp log_permanent_modify integer yes 1364.It arp log_unknown_network integer yes 1365.It arp log_wrong_iface integer yes 1366.It carp allow integer yes 1367.It carp preempt integer yes 1368.It carp log integer yes 1369.It carp arpbalance integer yes 1370.It icmp errppslimit integer yes 1371.It icmp maskrepl integer yes 1372.It icmp rediraccept integer yes 1373.It icmp redirtimeout integer yes 1374.It icmp bmcastecho integer yes 1375.It ip allowsrcrt integer yes 1376.It ip anonportalgo.selected string yes 1377.It ip anonportalgo.available string yes 1378.It ip anonportalgo.reserve struct yes 1379.It ip anonportmax integer yes 1380.It ip anonportmin integer yes 1381.It ip checkinterface integer yes 1382.It ip dad_count integer yes 1383.It ip directed-broadcast integer yes 1384.It ip do_loopback_cksum integer yes 1385.It ip forwarding integer yes 1386.It ip forwsrcrt integer yes 1387.It ip gifttl integer yes 1388.It ip grettl integer yes 1389.It ip hashsize integer yes 1390.It ip hostzerobroadcast integer yes 1391.It ip lowportmin integer yes 1392.It ip lowportmax integer yes 1393.It ip maxflows integer yes 1394.It ip maxfragpackets integer yes 1395.It ip mtudisc integer yes 1396.It ip mtudisctimeout integer yes 1397.It ip random_id integer yes 1398.It ip redirect integer yes 1399.It ip subnetsarelocal integer yes 1400.It ip ttl integer yes 1401.It tcp rfc1323 integer yes 1402.It tcp sendspace integer yes 1403.It tcp recvspace integer yes 1404.It tcp mssdflt integer yes 1405.It tcp syn_cache_limit integer yes 1406.It tcp syn_bucket_limit integer yes 1407.It tcp syn_cache_interval integer yes 1408.It tcp init_win integer yes 1409.It tcp init_win_local integer yes 1410.It tcp mss_ifmtu integer yes 1411.It tcp win_scale integer yes 1412.It tcp timestamps integer yes 1413.It tcp cwm integer yes 1414.It tcp cwm_burstsize integer yes 1415.It tcp ack_on_push integer yes 1416.It tcp keepidle integer yes 1417.It tcp keepintvl integer yes 1418.It tcp keepcnt integer yes 1419.It tcp slowhz integer no 1420.It tcp keepinit integer yes 1421.It tcp log_refused integer yes 1422.It tcp rstppslimit integer yes 1423.It tcp ident struct no 1424.It tcp drop struct no 1425.It tcp sack.enable integer yes 1426.It tcp sack.globalholes integer no 1427.It tcp sack.globalmaxholes integer yes 1428.It tcp sack.maxholes integer yes 1429.It tcp ecn.enable integer yes 1430.It tcp ecn.maxretries integer yes 1431.It tcp congctl.selected string yes 1432.It tcp congctl.available string yes 1433.It tcp abc.enable integer yes 1434.It tcp abc.aggressive integer yes 1435.It udp checksum integer yes 1436.It udp do_loopback_cksum integer yes 1437.It udp recvspace integer yes 1438.It udp sendspace integer yes 1439.El 1440.Pp 1441The variables are as follows: 1442.Bl -tag -width "123456" 1443.It Li arp.down 1444Failed ARP entry lifetime. 1445.It Li arp.keep 1446Valid ARP entry lifetime. 1447.It Li carp.allow 1448If set to 0, incoming 1449.Xr carp 4 1450packets will not be processed. 1451If set to any other value, processing will occur. 1452Enabled by default. 1453.It Li carp.arpbalance 1454If set to any value other than 0, the ARP balancing functionality of 1455.Xr carp 4 1456is enabled. 1457When ARP requests are received for an IP address which is part of any virtual 1458host, carp will hash the source IP in the ARP request to select one of the 1459virtual hosts from the set of all the virtual hosts which have that IP address. 1460The master of that host will respond with the correct virtual MAC address. 1461Disabled by default. 1462.It Li carp.log 1463If set to any value other than 0, 1464.Xr carp 4 1465will log errors. 1466Disabled by default. 1467.It Li carp.preempt 1468If set to 0, 1469.Xr carp 4 1470will not attempt to become master if it is receiving advertisements from 1471another active master. 1472If set to any other value, carp will become master of the virtual host if it 1473believes it can send advertisements more frequently than the current master. 1474Disabled by default. 1475.It Li ip.allowsrcrt 1476If set to 1, the host accepts source routed packets. 1477.It Li ip.anonportalgo.available 1478The available RFC 6056 port randomization algorithms. 1479.It Li ip.anonportalgo.reserve 1480A bitmask of ports that will not be used during anonymous or privileged 1481port selection. 1482.It Li ip.anonportalgo.selected 1483The currently selected RFC 6056 port randomization algorithm. 1484.It Li ip.anonportmax 1485The highest port number to use for TCP and UDP ephemeral port allocation. 1486This cannot be set to less than 1024 or greater than 65535, and must 1487be greater than 1488.Li ip.anonportmin . 1489.It Li ip.anonportmin 1490The lowest port number to use for TCP and UDP ephemeral port allocation. 1491This cannot be set to less than 1024 or greater than 65535. 1492.It Li ip.checkinterface 1493If set to non-zero, the host will reject packets addressed to it 1494that arrive on an interface not bound to that address. 1495Currently, this must be disabled if ipnat is used to translate the 1496destination address to another local interface, or if addresses 1497are added to the loopback interface instead of the interface where 1498the packets for those packets are received. 1499.It Li ip.dad_count 1500The number of 1501.Xr arp 4 1502probes sent for Address Conflict Detection. 1503Set to 0 to disable this. 1504.It Li ip.directed-broadcast 1505If set to 1, enables directed broadcast behavior for the host. 1506.It Li ip.do_loopback_cksum 1507Perform IP checksum on loopback. 1508.It Li ip.forwarding 1509If set to 1, enables IP forwarding for the host, 1510meaning that the host is acting as a router. 1511.It Li ip.forwsrcrt 1512If set to 1, enables forwarding of source-routed packets for the host. 1513This value may only be changed if the kernel security level is less than 1. 1514.It Li ip.gifttl 1515The maximum time-to-live (hop count) value for an IPv4 packet generated by 1516.Xr gif 4 1517tunnel interface. 1518.It Li ip.grettl 1519The maximum time-to-live (hop count) value for an IPv4 packet generated by 1520.Xr gre 4 1521tunnel interface. 1522.It Li ip.hashsize 1523The size of IPv4 Fast Forward hash table. 1524This value must be a power of 2 (64, 256...). 1525A larger hash table size results in fewer collisions. 1526Also see 1527.Li ip.maxflows . 1528.It Li ip.hostzerobroadcast 1529All zeroes address is broadcast address. 1530.It Li ip.lowportmax 1531The highest port number to use for TCP and UDP reserved port allocation. 1532This cannot be set to less than 0 or greater than 1024, and must 1533be greater than 1534.Li ip.lowportmin . 1535.It Li ip.lowportmin 1536The lowest port number to use for TCP and UDP reserved port allocation. 1537This cannot be set to less than 0 or greater than 1024, and must 1538be smaller than 1539.Li ip.lowportmax . 1540.It Li ip.maxflows 1541IPv4 Fast Forwarding is enabled by default. 1542If set to 0, IPv4 Fast Forwarding is disabled. 1543.Li ip.maxflows 1544controls the maximum amount of flows which can be created. 1545The default value is 256. 1546.It Li ip.maxfragpackets 1547The maximum number of fragmented packets the node will accept. 15480 means that the node will not accept any fragmented packets. 1549\-1 means that the node will accept as many fragmented packets as it receives. 1550The flag is provided basically for avoiding possible DoS attacks. 1551.It Li ip.mtudisc 1552If set to 1, enables Path MTU Discovery (RFC 1191). 1553When Path MTU Discovery is enabled, the transmitted TCP segment 1554size will be determined by the advertised maximum segment size 1555(MSS) from the remote end, as constrained by the path MTU. 1556If MTU Discovery is disabled, the transmitted segment size will 1557never be greater than 1558.Li tcp.mssdflt 1559(the local maximum segment size). 1560.It Li ip.mtudisctimeout 1561The number of seconds in which a route added by the Path MTU 1562Discovery engine will time out. 1563When the route times out, the Path 1564MTU Discovery engine will attempt to probe a larger path MTU. 1565.It Li ip.random_id 1566Assign random ip_id values. 1567.It Li ip.redirect 1568If set to 1, ICMP redirects may be sent by the host. 1569This option is ignored unless the host is routing IP packets, 1570and should normally be enabled on all systems. 1571.It Li ip.subnetsarelocal 1572If set to 1, subnets are to be considered local addresses. 1573.It Li ip.ttl 1574The maximum time-to-live (hop count) value for an IP packet sourced by 1575the system. 1576This value applies to normal transport protocols, not to ICMP. 1577.It Li icmp.errppslimit 1578The variable specifies the maximum number of outgoing ICMP error messages, 1579per second. 1580ICMP error messages that exceeded the value are subject to rate limitation 1581and will not go out from the node. 1582Negative value disables rate limitation. 1583.It Li icmp.maskrepl 1584If set to 1, ICMP network mask requests are to be answered. 1585.It Li icmp.rediraccept 1586If set to non-zero, the host will accept ICMP redirect packets. 1587Note that routers will never accept ICMP redirect packets, 1588and the variable is meaningful on IP hosts only. 1589.It Li icmp.redirtimeout 1590The variable specifies lifetime of routing entries generated by incoming 1591ICMP redirect. 1592This defaults to 600 seconds. 1593.It Li icmp.returndatabytes 1594Number of bytes to return in an ICMP error message. 1595.It Li icmp.bmcastecho 1596If set to 1, enables responding to ICMP echo or timestamp request to the 1597broadcast address. 1598.It Li tcp.ack_on_push 1599If set to 1, TCP is to immediately transmit an ACK upon reception of 1600a packet with PUSH set. 1601This can avoid losing a round trip time in some rare situations, 1602but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1603Use of this option is generally not recommended, but 1604the variable exists in case your configuration really needs it. 1605.It Li tcp.cwm 1606If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window 1607Monitoring algorithm. 1608This algorithm prevents line-rate bursts of packets that could 1609otherwise occur when data begins flowing on an idle TCP connection. 1610These line-rate bursts can contribute to network and router congestion. 1611This can be particularly useful on World Wide Web servers 1612which support HTTP/1.1, which has lingering connections. 1613.It Li tcp.cwm_burstsize 1614The Congestion Window Monitoring allowed burst size, in terms 1615of packet count. 1616.It Li tcp.delack_ticks 1617Number of ticks to delay sending an ACK. 1618.It Li tcp.do_loopback_cksum 1619Perform TCP checksum on loopback. 1620.It Li tcp.init_win 1621A value indicating the TCP initial congestion window. 1622The valid range 1623is 0 to 10 (maximum specified by RFC6928), 1624with a default of 4 (approximately 4K per RFC3390). 1625.It Li tcp.init_win_local 1626Like 1627.Li tcp.init_win , 1628but used when communicating with hosts on a local network. 1629.It Li tcp.keepcnt 1630Number of keepalive probes sent before declaring a connection dead. 1631If set to zero, there is no limit; 1632keepalives will be sent until some kind of 1633response is received from the peer. 1634.It Li tcp.keepidle 1635Time a connection must be idle before keepalives are sent (if keepalives 1636are enabled for the connection). 1637See also tcp.slowhz. 1638.It Li tcp.keepintvl 1639Time after a keepalive probe is sent until, in the absence of any response, 1640another probe is sent. 1641See also tcp.slowhz. 1642.It Li tcp.log_refused 1643If set to 1, refused TCP connections to the host will be logged. 1644.It Li tcp.keepinit 1645Timeout in seconds during connection establishment. 1646.It Li tcp.mss_ifmtu 1647If set to 1, TCP calculates the outgoing maximum segment size based on 1648the MTU of the appropriate interface. 1649If set to 0, it is calculated based on the greater of the MTU of the 1650interface, and the largest (non-loopback) interface MTU on the system. 1651.It Li tcp.mssdflt 1652The default maximum segment size both advertised to the peer 1653and to use when either the peer does not advertise a maximum segment size to 1654us during connection setup or Path MTU Discovery 1655.Li ( ip.mtudisc ) 1656is disabled. 1657Do not change this value unless you really know what you are doing. 1658.It Li tcp.recvspace 1659The default TCP receive buffer size. 1660.It Li tcp.rfc1323 1661If set to 1, enables RFC 1323 extensions to TCP. 1662.It Li tcp.rstppslimit 1663The variable specifies the maximum number of outgoing TCP RST packets, 1664per second. 1665TCP RST packet that exceeded the value are subject to rate limitation 1666and will not go out from the node. 1667Negative value disables rate limitation. 1668.It Li tcp.ident 1669Return the user ID of a connected socket pair. 1670(RFC1413 Identification Protocol lookups.) 1671.It Li tcp.drop 1672Drop a TCP socket pair connection. 1673.It Li tcp.sack.enable 1674If set to 1, enables RFC 2018 Selective ACKnowledgement. 1675.It Li tcp.sack.globalholes 1676Global number of TCP SACK holes. 1677.It Li tcp.sack.globalmaxholes 1678Global maximum number of TCP SACK holes. 1679.It Li tcp.sack.maxholes 1680Maximum number of TCP SACK holes allowed per connection. 1681.It Li tcp.ecn.enable 1682If set to 1, enables RFC 3168 Explicit Congestion Notification. 1683.It Li tcp.ecn.maxretries 1684Number of times to retry sending the ECN-setup packet. 1685.It Li tcp.sendspace 1686The default TCP send buffer size. 1687.It Li tcp.slowhz 1688The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1689of a clock that ticks tcp.slowhz times per second. 1690(That is, their values 1691must be divided by the tcp.slowhz value to get times in seconds.) 1692.It Li tcp.syn_bucket_limit 1693The maximum number of entries allowed per hash bucket in the TCP 1694compressed state engine. 1695.It Li tcp.syn_cache_limit 1696The maximum number of entries allowed in the TCP compressed state 1697engine. 1698.It Li tcp.timestamps 1699If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1700used for measuring TCP round trip times, are enabled. 1701.It Li tcp.win_scale 1702If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1703for increasing the TCP window size, are enabled. 1704.It Li tcp.congctl.available 1705The available TCP congestion control algorithms. 1706.It Li tcp.congctl.selected 1707The currently selected TCP congestion control algorithm. 1708.It Li tcp.abc.enable 1709If set to 1, use RFC 3465 Appropriate Byte Counting (ABC). 1710If set to 0, use traditional Packet Counting. 1711.It Li tcp.abc.aggressive 1712Choose the L parameter found in RFC 3465. 1713L is the maximum cwnd increase for an ack during slow start. 1714If set to 1, use L=2*SMSS. 1715If set to 0, use L=1*SMSS. 1716It has no effect unless tcp.abc.enable is set to 1. 1717.It Li udp.checksum 1718If set to 1, UDP checksums are being computed. 1719Received non-zero UDP checksums are always checked. 1720Disabling UDP checksums is strongly discouraged. 1721.It Li udp.recvspace 1722The default UDP receive buffer size. 1723.It Li udp.sendspace 1724The default UDP send buffer size. 1725.El 1726.Pp 1727For variables net.*.ipsec, please refer to 1728.Xr ipsec 4 . 1729.It Li net.inet6 ( Dv PF_INET6 ) 1730Get or set various global information about the IPv6 1731.Pq Internet Protocol version 6 . 1732The third level name is the protocol. 1733The fourth level name is the variable name. 1734The currently defined protocols and names are: 1735.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent 1736.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable 1737.It icmp6 errppslimit integer yes 1738.It icmp6 mtudisc_hiwat integer yes 1739.It icmp6 mtudisc_lowat integer yes 1740.It icmp6 nd6_debug integer yes 1741.It icmp6 nd6_delay integer yes 1742.It icmp6 nd6_maxnudhint integer yes 1743.It icmp6 nd6_mmaxtries integer yes 1744.It icmp6 nd6_prune integer yes 1745.It icmp6 nd6_umaxtries integer yes 1746.It icmp6 nd6_useloopback integer yes 1747.It icmp6 nodeinfo integer yes 1748.It icmp6 rediraccept integer yes 1749.It icmp6 redirtimeout integer yes 1750.It ip6 accept_rtadv integer yes 1751.It ip6 addctlpolicy struct in6_addrpolicy no 1752.It ip6 anonportalgo.selected string yes 1753.It ip6 anonportalgo.available string yes 1754.It ip6 anonportalgo.reserve struct yes 1755.It ip6 anonportmax integer yes 1756.It ip6 anonportmin integer yes 1757.It ip6 auto_flowlabel integer yes 1758.It ip6 dad_count integer yes 1759.It ip6 defmcasthlim integer yes 1760.It ip6 forwarding integer yes 1761.It ip6 gifhlim integer yes 1762.It ip6 hashsize integer yes 1763.It ip6 hlim integer yes 1764.It ip6 hdrnestlimit integer yes 1765.It ip6 kame_version string no 1766.It ip6 keepfaith integer yes 1767.It ip6 log_interval integer yes 1768.It ip6 lowportmax integer yes 1769.It ip6 lowportmin integer yes 1770.It ip6 maxdynroutes integer yes 1771.It ip6 maxifprefixes integer yes 1772.It ip6 maxifdefrouters integer yes 1773.It ip6 maxflows integer yes 1774.It ip6 maxfragpackets integer yes 1775.It ip6 maxfrags integer yes 1776.It ip6 neighborgcthresh integer yes 1777.It ip6 redirect integer yes 1778.It ip6 rr_prune integer yes 1779.It ip6 use_deprecated integer yes 1780.It ip6 v6only integer yes 1781.It udp6 do_loopback_cksum integer yes 1782.It udp6 recvspace integer yes 1783.It udp6 sendspace integer yes 1784.El 1785.Pp 1786The variables are as follows: 1787.Bl -tag -width "123456" 1788.It Li ip6.accept_rtadv 1789If set to non-zero, the node will accept ICMPv6 router advertisement packets 1790and autoconfigures address prefixes and default routers. 1791The node must be a host 1792.Pq not a router 1793for the option to be meaningful. 1794.It Li ip6.anonportalgo.available 1795The available RFC 6056 port randomization algorithms. 1796.It Li ip6.anonportalgo.reserve 1797A bitmask of ports that will not be used during anonymous or privileged 1798port selection. 1799.It Li ip6.anonportalgo.selected 1800The currently selected RFC 6056 port randomization algorithm. 1801.It Li ip6.anonportmax 1802The highest port number to use for TCP and UDP ephemeral port allocation. 1803This cannot be set to less than 1024 or greater than 65535, and must 1804be greater than 1805.Li ip6.anonportmin . 1806.It Li ip6.anonportmin 1807The lowest port number to use for TCP and UDP ephemeral port allocation. 1808This cannot be set to less than 1024 or greater than 65535. 1809.It Li ip6.auto_flowlabel 1810On connected transport protocol packets, 1811fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1812.It Li ip6.dad_count 1813The variable configures number of IPv6 DAD 1814.Pq duplicated address detection 1815probe packets. 1816The packets will be generated when IPv6 interface addresses are configured. 1817.It Li ip6.defmcasthlim 1818The default hop limit value for an IPv6 multicast packet sourced by the node. 1819This value applies to all the transport protocols on top of IPv6. 1820There are APIs to override the value, as documented in 1821.Xr ip6 4 . 1822.It Li ip6.forwarding 1823If set to 1, enables IPv6 forwarding for the node, 1824meaning that the node is acting as a router. 1825If set to 0, disables IPv6 forwarding for the node, 1826meaning that the node is acting as a host. 1827IPv6 specification defines node behavior for 1828.Dq router 1829case and 1830.Dq host 1831case quite differently, and changing this variable during operation 1832may cause serious trouble. 1833It is recommended to configure the variable at bootstrap time, 1834and bootstrap time only. 1835.It Li ip6.gifhlim 1836The maximum hop limit value for an IPv6 packet generated by 1837.Xr gif 4 1838tunnel interface. 1839.It Li ip6.hdrnestlimit 1840The number of IPv6 extension headers permitted on incoming IPv6 packets. 1841If set to 0, the node will accept as many extension headers as possible. 1842.It Li ip6.hashsize 1843The size of IPv6 Fast Forward hash table. 1844This value must be a power of 2 (64, 256, ...). 1845A larger hash table size results in fewer collisions. 1846Also see 1847.Li ip6.maxflows . 1848.It Li ip6.hlim 1849The default hop limit value for an IPv6 unicast packet sourced by the node. 1850This value applies to all the transport protocols on top of IPv6. 1851There are APIs to override the value, as documented in 1852.Xr ip6 4 . 1853.It Li ip6.kame_version 1854The string identifies the version of KAME IPv6 stack implemented in the kernel. 1855.It Li ip6.keepfaith 1856If set to non-zero, it enables 1857.Dq FAITH 1858TCP relay IPv6-to-IPv4 translator code in the kernel. 1859Refer 1860.Xr faith 4 1861and 1862.Xr faithd 8 1863for detail. 1864.It Li ip6.log_interval 1865The variable controls amount of logs generated by IPv6 packet 1866forwarding engine, by setting interval between log output 1867.Pq in seconds . 1868.It Li ip6.lowportmax 1869The highest port number to use for TCP and UDP reserved port allocation. 1870This cannot be set to less than 0 or greater than 1024, and must 1871be greater than 1872.Li ip6.lowportmin . 1873.It Li ip6.lowportmin 1874The lowest port number to use for TCP and UDP reserved port allocation. 1875This cannot be set to less than 0 or greater than 1024, and must 1876be smaller than 1877.Li ip6.lowportmax . 1878.It Li ip6.maxdynroutes 1879Maximum number of routes created by redirect. 1880Set it to negative to disable. 1881The default value is 4096. 1882.It Li ip6.maxifprefixes 1883Maximum number of prefixes created by route advertisements per interface. 1884Set it to negative to disable. 1885The default value is 16. 1886.It Li ip6.maxifdefrouters 16 1887Maximum number of default routers created by route advertisements per interface. 1888Set it to negative to disable. 1889The default value is 16. 1890.It Li ip6.maxflows 1891IPv6 Fast Forwarding is enabled by default. 1892If set to 0, IPv6 Fast Forwarding is disabled. 1893.Li ip6.maxflows 1894controls the maximum amount of flows which can be created. 1895The default value is 256. 1896.It Li ip6.maxfragpackets 1897The maximum number of fragmented packets the node will accept. 18980 means that the node will not accept any fragmented packets. 1899\-1 means that the node will accept as many fragmented packets as it receives. 1900The flag is provided basically for avoiding possible DoS attacks. 1901.It Li ip6.maxfrags 1902The maximum number of fragments the node will accept. 19030 means that the node will not accept any fragments. 1904\-1 means that the node will accept as many fragments as it receives. 1905The flag is provided basically for avoiding possible DoS attacks. 1906.It Li ip6.neighborgcthresh 1907Maximum number of entries in neighbor cache per interface. 1908Set to negative to disable. 1909The default value is 2048. 1910.It Li ip6.redirect 1911If set to 1, ICMPv6 redirects may be sent by the node. 1912This option is ignored unless the node is routing IP packets, 1913and should normally be enabled on all systems. 1914.It Li ip6.rr_prune 1915The variable specifies interval between IPv6 router renumbering prefix 1916babysitting, in seconds. 1917.It Li ip6.use_deprecated 1918The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1919.It Li ip6.v6only 1920The variable specifies initial value for 1921.Dv IPV6_V6ONLY 1922socket option for 1923.Dv AF_INET6 1924socket. 1925Please refer to 1926.Xr ip6 4 1927for detail. 1928.It Li icmp6.errppslimit 1929The variable specifies the maximum number of outgoing ICMPv6 error messages, 1930per second. 1931ICMPv6 error messages that exceeded the value are subject to rate limitation 1932and will not go out from the node. 1933Negative value disables rate limitation. 1934.It Li icmp6.mtudisc_hiwat 1935.It Li icmp6.mtudisc_lowat 1936The variables define the maximum number of routing table entries, 1937created due to path MTU discovery 1938.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1939When IPv6 path MTU discovery happens, we keep path MTU information into 1940the routing table. 1941If the number of routing table entries exceed the value, 1942the kernel will not attempt to keep the path MTU information. 1943.Li icmp6.mtudisc_hiwat 1944is used when we have verified ICMPv6 too big messages. 1945.Li icmp6.mtudisc_lowat 1946is used when we have unverified ICMPv6 too big messages. 1947Verification is performed by using address/port pairs kept in connected pcbs. 1948Negative value disables the upper limit. 1949.It Li icmp6.nd6_debug 1950If set to non-zero, kernel IPv6 neighbor discovery code will generate 1951debugging messages. 1952The debug outputs are useful to diagnose IPv6 interoperability issues. 1953The flag must be set to 0 for normal operation. 1954.It Li icmp6.nd6_delay 1955The variable specifies 1956.Dv DELAY_FIRST_PROBE_TIME 1957timing constant in IPv6 neighbor discovery specification 1958.Pq RFC 2461 , 1959in seconds. 1960.It Li icmp6.nd6_maxnudhint 1961IPv6 neighbor discovery permits upper layer protocols to supply reachability 1962hints, to avoid unnecessary neighbor discovery exchanges. 1963The variable defines the number of consecutive hints the neighbor discovery 1964layer will take. 1965For example, by setting the variable to 3, neighbor discovery layer 1966will take 3 consecutive hints in maximum. 1967After receiving 3 hints, neighbor discovery layer will perform 1968normal neighbor discovery process. 1969.It Li icmp6.nd6_mmaxtries 1970The variable specifies 1971.Dv MAX_MULTICAST_SOLICIT 1972constant in IPv6 neighbor discovery specification 1973.Pq RFC 2461 . 1974.It Li icmp6.nd6_prune 1975The variable specifies interval between IPv6 neighbor cache babysitting, 1976in seconds. 1977.It Li icmp6.nd6_umaxtries 1978The variable specifies 1979.Dv MAX_UNICAST_SOLICIT 1980constant in IPv6 neighbor discovery specification 1981.Pq RFC 2461 . 1982.It Li icmp6.nd6_useloopback 1983If set to non-zero, kernel IPv6 stack will use loopback interface for 1984local traffic. 1985.It Li icmp6.nodeinfo 1986The variable enables responses to ICMPv6 node information queries. 1987If you set the variable to 0, responses will not be generated for 1988ICMPv6 node information queries. 1989Since node information queries can have a security impact, it is 1990possible to fine tune which responses should be answered. 1991Two separate bits can be set. 1992.Bl -tag -width "12345" 1993.It 1 1994Respond to ICMPv6 FQDN queries, e.g. 1995.Li ping6 -w . 1996.It 2 1997Respond to ICMPv6 node addresses queries, e.g. 1998.Li ping6 -a . 1999.El 2000.It Li icmp6.rediraccept 2001If set to non-zero, the host will accept ICMPv6 redirect packets. 2002Note that IPv6 routers will never accept ICMPv6 redirect packets, 2003and the variable is meaningful on IPv6 hosts 2004.Pq non-router 2005only. 2006.It Li icmp6.redirtimeout 2007The variable specifies lifetime of routing entries generated by incoming 2008ICMPv6 redirect. 2009.It Li udp6.do_loopback_cksum 2010Perform UDP checksum on loopback. 2011.It Li udp6.recvspace 2012Default UDP receive buffer size. 2013.It Li udp6.sendspace 2014Default UDP send buffer size. 2015.El 2016.Pp 2017We reuse net.*.tcp for TCP over IPv6, 2018and therefore we do not have variables net.*.tcp6. 2019Variables net.inet6.udp6 have identical meaning to net.inet.udp. 2020Please refer to 2021.Li PF_INET 2022section above. 2023For variables net.*.ipsec6, please refer to 2024.Xr ipsec 4 . 2025.It Li net.key ( Dv PF_KEY ) 2026Get or set various global information about the IPsec key management. 2027The third level name is the variable name. 2028The currently defined variable and names are: 2029.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent 2030.It Sy Variable Type Ta Sy Changeable 2031.It debug integer yes 2032.It enabled integer yes 2033.It used integer no 2034.It spi_try integer yes 2035.It spi_min_value integer yes 2036.It spi_max_value integer yes 2037.It larval_lifetime integer yes 2038.It blockacq_count integer yes 2039.It blockacq_lifetime integer yes 2040.It esp_keymin integer yes 2041.It esp_auth integer yes 2042.It ah_keymin integer yes 2043.El 2044.Pp 2045The variables are as follows: 2046.Bl -tag -width "123456" 2047.It Li debug 2048Turn on debugging message from within the kernel. 2049The value is a bitmap, as defined in 2050.In netkey/key_debug.h . 2051.It Li enabled 2052Control processing of IPsec control messages. 2053.Bl -tag -width indent 2054.It 0 2055Never allow IPsec processing 2056.It 1 2057Allow IPsec processing when SPD policies are present. 2058.It 2 2059Force IPsec processing even when SPD policies are not present. 2060.El 2061.It Li used 2062Based on if IPsec is enabled, and SPD rule existance, show if 2063IPsec is being used. 2064Note that currently once IPsec is being used, it cannot be disabled. 2065.It Li spi_try 2066The number of times the kernel will try to obtain an unique SPI 2067when it generates it from random number generator. 2068.It Li spi_min_value 2069Minimum SPI value when generating it within the kernel. 2070.It Li spi_max_value 2071Maximum SPI value when generating it within the kernel. 2072.It Li larval_lifetime 2073Lifetime for LARVAL SAD entries, in seconds. 2074.It Li blockacq_count 2075Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 2076It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 2077key management daemon. 2078.It Li blockacq_lifetime 2079Lifetime of ACQUIRE PF_KEY message. 2080.It Li esp_keymin 2081Minimum ESP key length, in bits. 2082The value is used when the kernel creates proposal payload 2083on ACQUIRE PF_KEY message. 2084.It Li esp_auth 2085Whether ESP authentication should be used or not. 2086Non-zero value indicates that ESP authentication should be used. 2087The value is used when the kernel creates proposal payload 2088on ACQUIRE PF_KEY message. 2089.It Li ah_keymin 2090Minimum AH key length, in bits, 2091The value is used when the kernel creates proposal payload 2092on ACQUIRE PF_KEY message. 2093.El 2094.El 2095.Ss The proc.* subtree 2096The string and integer information available for the 2097.Li proc 2098level is detailed below. 2099The changeable column shows whether a process with appropriate 2100privilege may change the value. 2101These values are per-process, 2102and as such may change from one process to another. 2103When a process is created, 2104the default values are inherited from its parent. 2105When a set-user-ID or set-group-ID binary is executed, the 2106value of PROC_PID_CORENAME is reset to the system default value. 2107The second level name is either the magic value PROC_CURPROC, which 2108points to the current process, or the PID of the target process. 2109.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent 2110.It Sy Third level name Ta Sy Type Ta Sy Changeable 2111.It proc.pid.corename string yes 2112.It proc.pid.rlimit node not applicable 2113.It proc.pid.stopfork int yes 2114.It proc.pid.stopexec int yes 2115.It proc.pid.stopexit int yes 2116.It proc.pid.paxflags int no 2117.El 2118.Bl -tag -width "123456" 2119.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) 2120The template used for the core dump file name (see 2121.Xr core 5 2122for details). 2123The base name must either be 2124.Pa core 2125or end with the suffix 2126.Pa .core 2127(the super-user may set arbitrary names). 2128By default it points to 2129.Dv KERN_DEFCORENAME . 2130.It Li proc.pid.rlimit ( Dv PROC_PID_LIMIT ) 2131Return resources limits, as defined for the 2132.Xr getrlimit 2 2133and 2134.Xr setrlimit 2 2135system calls. 2136The fourth level name is one of: 2137.Bl -tag -width "123456" 2138.It Li proc.pid.rlimit.cputime ( Dv PROC_PID_LIMIT_CPU ) 2139The maximum amount of CPU time (in seconds) to be used by each process. 2140.It Li proc.pid.rlimit.filesize ( Dv PROC_PID_LIMIT_FSIZE ) 2141The largest size (in bytes) file that may be created. 2142.It Li proc.pid.rlimit.datasize ( Dv PROC_PID_LIMIT_DATA ) 2143The maximum size (in bytes) of the data segment for a process; 2144this defines how far a program may extend its break with the 2145.Xr sbrk 2 2146system call. 2147.It Li proc.pid.rlimit.stacksize ( Dv PROC_PID_LIMIT_STACK ) 2148The maximum size (in bytes) of the stack segment for a process; 2149this defines how far a program's stack segment may be extended. 2150Stack extension is performed automatically by the system. 2151.It Li proc.pid.rlimit.coredumpsize ( Dv PROC_PID_LIMIT_CORE ) 2152The largest size (in bytes) 2153.Pa core 2154file that may be created. 2155.It Li proc.pid.rlimit.memoryuse ( Dv PROC_PID_LIMIT_RSS ) 2156The maximum size (in bytes) to which a process's resident set size may 2157grow. 2158This imposes a limit on the amount of physical memory to be given to 2159a process; if memory is tight, the system will prefer to take memory 2160from processes that are exceeding their declared resident set size. 2161.It Li proc.pid.rlimit.memorylocked ( Dv PROC_PID_LIMIT_MEMLOCK ) 2162The maximum size (in bytes) which a process may lock into memory 2163using the 2164.Xr mlock 2 2165function. 2166.It Li proc.pid.rlimit.maxproc ( Dv PROC_PID_LIMIT_NPROC ) 2167The maximum number of simultaneous processes for this user id. 2168.It Li proc.pid.rlimit.descriptors ( Dv PROC_PID_LIMIT_NOFILE ) 2169The maximum number of open files for this process. 2170.It Li proc.pid.rlimit.sbsize ( Dv PROC_PID_LIMIT_SBSIZE ) 2171The maximum size (in bytes) of the socket buffers 2172set by the 2173.Xr setsockopt 2 2174.Dv SO_RCVBUF 2175and 2176.Dv SO_SNDBUF 2177options. 2178.It Li proc.pid.rlimit.vmemoryuse ( Dv PROC_PID_LIMIT_AS ) 2179The maximum size (in bytes) which a process can obtain. 2180.It Li proc.pid.rlimit.maxlwp ( Dv PROC_PID_LIMIT_NTHR ) 2181The maximum number of threads that cen be created and running at one time in 2182the process. 2183The first thread of each process is not counted against this. 2184.El 2185.Pp 2186The fifth level name is one of 2187.Li soft ( Dv PROC_PID_LIMIT_TYPE_SOFT ) 2188or 2189.Li hard ( Dv PROC_PID_LIMIT_TYPE_HARD ) , 2190to select respectively the soft or hard limit. 2191Both are of type integer. 2192.It Li proc.pid.stopfork ( Dv PROC_PID_STOPFORK ) 2193If non zero, the process' children will be stopped after 2194.Xr fork 2 2195calls. 2196The children are created in the SSTOP state and are never scheduled 2197for running before being stopped. 2198This feature enables attaching to a process with a debugger such as 2199.Xr gdb 1 2200before the process has the opportunity to actually do anything. 2201.Pp 2202This value is inherited by the process's children, and it also 2203applies to emulation specific system calls that fork a new process, such as 2204.Fn sproc 2205or 2206.Fn clone . 2207.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) 2208If non zero, the process will be stopped on the next 2209.Xr exec 3 2210call. 2211The process created by 2212.Xr exec 3 2213is created in the SSTOP state and is never scheduled for running 2214before being stopped. 2215This feature enables attaching to a process with a debugger such as 2216.Xr gdb 1 2217before the process has the opportunity to actually do anything. 2218.Pp 2219This value is inherited by the process's children. 2220.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) 2221If non zero, the process will be stopped when it has cause to exit, 2222either by way of calling 2223.Xr exit 3 , 2224.Xr _exit 2 , 2225or by the receipt of a specific signal. 2226The process is stopped before any of its resources or vm space is 2227released allowing examination of the termination state of the process 2228before it disappears. 2229This feature can be used to examine the final conditions of the 2230process's vmspace via 2231.Xr pmap 1 2232or its resource settings with 2233.Xr sysctl 8 2234before it disappears. 2235.Pp 2236This value is also inherited by the process's children. 2237.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) 2238This read-only variable returns the current value of the process's pax 2239flags (see 2240.Xr paxctl 8 ) . 2241.El 2242.Ss The user.* subtree ( Dv CTL_USER ) 2243The string and integer information available for the 2244.Li user 2245level is detailed below. 2246The changeable column shows whether a process with appropriate 2247privilege may change the value. 2248.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent 2249.It Sy Second level name Ta Sy Type Ta Sy Changeable 2250.It user.atexit_max integer no 2251.It user.bc_base_max integer no 2252.It user.bc_dim_max integer no 2253.It user.bc_scale_max integer no 2254.It user.bc_string_max integer no 2255.It user.coll_weights_max integer no 2256.It user.cs_path string no 2257.It user.expr_nest_max integer no 2258.It user.line_max integer no 2259.It user.posix2_c_bind integer no 2260.It user.posix2_c_dev integer no 2261.It user.posix2_char_term integer no 2262.It user.posix2_fort_dev integer no 2263.It user.posix2_fort_run integer no 2264.It user.posix2_localedef integer no 2265.It user.posix2_sw_dev integer no 2266.It user.posix2_upe integer no 2267.It user.posix2_version integer no 2268.It user.re_dup_max integer no 2269.It user.stream_max integer no 2270.It user.stream_max integer no 2271.It user.tzname_max integer no 2272.El 2273.Bl -tag -width "123456" 2274.It Li user.atexit_max ( Dv USER_ATEXIT_MAX ) 2275The maximum number of functions that may be registered with 2276.Xr atexit 3 . 2277.It Li user.bc_base_max ( Dv USER_BC_BASE_MAX ) 2278The maximum ibase/obase values in the 2279.Xr bc 1 2280utility. 2281.It Li user.bc_dim_max ( Dv USER_BC_DIM_MAX ) 2282The maximum array size in the 2283.Xr bc 1 2284utility. 2285.It Li user.bc_scale_max ( Dv USER_BC_SCALE_MAX ) 2286The maximum scale value in the 2287.Xr bc 1 2288utility. 2289.It Li user.bc_string_max ( Dv USER_BC_STRING_MAX ) 2290The maximum string length in the 2291.Xr bc 1 2292utility. 2293.It Li user.coll_weights_max ( Dv USER_COLL_WEIGHTS_MAX ) 2294The maximum number of weights that can be assigned to any entry of 2295the LC_COLLATE order keyword in the locale definition file. 2296.It Li user.cs_path ( USER_CS_PATH ) 2297Return a value for the 2298.Ev PATH 2299environment variable that finds all the standard utilities. 2300.It Li user.expr_nest_max ( Dv USER_EXPR_NEST_MAX ) 2301The maximum number of expressions that can be nested within 2302parenthesis by the 2303.Xr expr 1 2304utility. 2305.It Li user.line_max ( Dv USER_LINE_MAX ) 2306The maximum length in bytes of a text-processing utility's input 2307line. 2308.It Li user.posix2_char_term ( Dv USER_POSIX2_CHAR_TERM ) 2309Return 1 if the system supports at least one terminal type capable of 2310all operations described in 2311.St -p1003.2 , 2312otherwise\ 0. 2313.It Li user.posix2_c_bind ( Dv USER_POSIX2_C_BIND ) 2314Return 1 if the system's C-language development facilities support the 2315C-Language Bindings Option, otherwise\ 0. 2316.It Li user.posix2_c_dev ( Dv USER_POSIX2_C_DEV ) 2317Return 1 if the system supports the C-Language Development Utilities Option, 2318otherwise\ 0. 2319.It Li user.posix2_fort_dev ( Dv USER_POSIX2_FORT_DEV ) 2320Return 1 if the system supports the FORTRAN Development Utilities Option, 2321otherwise\ 0. 2322.It Li user.posix2_fort_run ( Dv USER_POSIX2_FORT_RUN ) 2323Return 1 if the system supports the FORTRAN Runtime Utilities Option, 2324otherwise\ 0. 2325.It Li user.posix2_localedef ( Dv USER_POSIX2_LOCALEDEF ) 2326Return 1 if the system supports the creation of locales, otherwise\ 0. 2327.It Li user.posix2_sw_dev ( Dv USER_POSIX2_SW_DEV ) 2328Return 1 if the system supports the Software Development Utilities Option, 2329otherwise\ 0. 2330.It Li user.posix2_upe ( Dv USER_POSIX2_UPE ) 2331Return 1 if the system supports the User Portability Utilities Option, 2332otherwise\ 0. 2333.It Li user.posix2_version ( Dv USER_POSIX2_VERSION ) 2334The version of 2335.St -p1003.2 2336with which the system attempts to comply. 2337.It Li user.re_dup_max ( Dv USER_RE_DUP_MAX ) 2338The maximum number of repeated occurrences of a regular expression 2339permitted when using interval notation. 2340.It Li user.stream_max ( Dv USER_STREAM_MAX ) 2341The minimum maximum number of streams that a process may have open 2342at any one time. 2343.It Li user.tzname_max ( Dv USER_TZNAME_MAX ) 2344The minimum maximum number of types supported for the name of a 2345timezone. 2346.El 2347.Ss The vm.* subtree ( Dv CTL_VM ) 2348The string and integer information available for the 2349.Li vm 2350level is detailed below. 2351The changeable column shows whether a process with appropriate 2352privilege may change the value. 2353.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent 2354.It Sy Second level name Ta Sy Type Ta Sy Changeable 2355.It vm.anonmax int yes 2356.It vm.anonmin int yes 2357.It vm.bufcache int yes 2358.It vm.bufmem int no 2359.It vm.bufmem_hiwater int yes 2360.It vm.bufmem_lowater int yes 2361.It vm.execmax int yes 2362.It vm.execmin int yes 2363.It vm.filemax int yes 2364.It vm.filemin int yes 2365.It vm.loadavg struct loadavg no 2366.It vm.maxslp int no 2367.It vm.nkmempages int no 2368.It vm.uspace int no 2369.It vm.uvmexp struct uvmexp no 2370.It vm.uvmexp2 struct uvmexp_sysctl no 2371.It vm.vmmeter struct vmtotal no 2372.It vm.proc.map struct kinfo_vmentry no 2373.It vm.guard_size unsigned int no 2374.It vm.thread_guard_size unsigned int yes 2375.El 2376.Bl -tag -width "123456" 2377.It Li vm.anonmax ( Dv VM_ANONMAX ) 2378The percentage of physical memory which will be reclaimed 2379from other types of memory usage to store anonymous application data. 2380.It Li vm.anonmin ( Dv VM_ANONMIN ) 2381The percentage of physical memory which will be always be available for 2382anonymous application data. 2383.It Li vm.bufcache ( Dv VM_BUFCACHE ) 2384The percentage of physical memory which will be available 2385for the buffer cache. 2386.It Li vm.bufmem ( Dv VM_BUFMEM ) 2387The amount of kernel memory that is being used by the buffer cache. 2388.It Li vm.bufmem_lowater ( Dv VM_BUFMEM_LOWATER ) 2389The minimum amount of kernel memory to reserve for the 2390buffer cache. 2391.It Li vm.bufmem_hiwater ( Dv VM_BUFMEM_HIWATER ) 2392The maximum amount of kernel memory to be used for the 2393buffer cache. 2394.It Li vm.execmax ( Dv VM_EXECMAX ) 2395The percentage of physical memory which will be reclaimed 2396from other types of memory usage to store cached executable data. 2397.It Li vm.execmin ( Dv VM_EXECMIN ) 2398The percentage of physical memory which will be always be available for 2399cached executable data. 2400.It Li vm.filemax ( Dv VM_FILEMAX ) 2401The percentage of physical memory which will be reclaimed 2402from other types of memory usage to store cached file data. 2403.It Li vm.filemin ( Dv VM_FILEMIN ) 2404The percentage of physical memory which will be always be available for 2405cached file data. 2406.It Li vm.loadavg ( Dv VM_LOADAVG ) 2407Return the load average history. 2408The returned data consists of a 2409.Vt struct loadavg . 2410.It Li vm.maxslp ( Dv VM_MAXSLP ) 2411The value of the maxslp kernel global variable. 2412.It Li vm.vmmeter ( Dv VM_METER ) 2413Return system wide virtual memory statistics. 2414The returned data consists of a 2415.Vt struct vmtotal . 2416.It vm.user_va0_disable 2417A flag which controls whether user processes can map virtual address\ 0. 2418.It Li vm.proc.map ( Dv VM_PROC ) 2419The third level is 2420.Dv VM_PROC_MAP , 2421the fourth is the pid of the process to display the vm object entries for, and 2422the fifth is the size of 2423.Vt struct kinfo_vmentry . 2424Returns an array of 2425.Vt struct kinfo_vmentry 2426objects. 2427.It Li vm.uspace ( Dv VM_USPACE ) 2428The number of bytes allocated for each kernel stack. 2429.It Li vm.uvmexp ( Dv VM_UVMEXP ) 2430Return system wide virtual memory statistics. 2431The returned data consists of a 2432.Vt struct uvmexp . 2433.It Li vm.uvmexp2 ( Dv VM_UVMEXP2 ) 2434Return system wide virtual memory statistics. 2435The returned data consists of a 2436.Vt struct uvmexp_sysctl . 2437.It Li vm.guard_size 2438Return system wide guard size for the main thread of a program. 2439.It Li vm.thread_guard_size 2440Return system wide default size for the guard area of all other threads 2441of a program. 2442.\" XXX vm.idlezero 2443.El 2444.Ss The ddb.* subtree ( Dv CTL_DDB ) 2445The information available for the 2446.Li ddb 2447level is detailed below. 2448The changeable column shows whether a process with appropriate 2449privilege may change the value. 2450.\" XXX sort 2451.Bl -column "Second level name" "integer" "Changeable" -offset indent 2452.It Sy Second level name Ta Sy Type Ta Sy Changeable 2453.It ddb.radix integer yes 2454.It ddb.maxoff integer yes 2455.It ddb.maxwidth integer yes 2456.It ddb.lines integer yes 2457.It ddb.tabstops integer yes 2458.It ddb.onpanic integer yes 2459.It ddb.fromconsole integer yes 2460.It ddb.tee_msgbuf integer yes 2461.It ddb.commandonenter string yes 2462.It ddb.panicstackframes integer yes 2463.El 2464.Bl -tag -width "123456" 2465.It Li ddb.radix ( Dv DDBCTL_RADIX ) 2466The input and output radix. 2467.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) 2468The maximum symbol offset. 2469.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) 2470The maximum output line width. 2471.It Li ddb.lines ( Dv DDBCTL_LINES ) 2472Number of display lines. 2473.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) 2474Tab width. 2475.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) 2476If greater than zero, DDB will be entered if the kernel panics. 2477A value of 1 causes the system to enter DDB on panic, while a value of 2 2478causes the kernel to attempt to print out a stack trace before entering DDB. 2479A value of 0 causes the kernel to attempt to print a stack trace, then 2480reboot, while a value of \-1 means neither a stack trace will be printed 2481nor DDB entered. 2482.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) 2483If not zero, DDB may be entered by sending a break on a serial 2484console or by a special key sequence on a graphics console. 2485.It Li ddb.tee_msgbuf 2486If not zero, DDB will output also to the kernel message buffer. 2487.It Li ddb.commandonenter 2488If not empty, a command to be executed on each enter to the DDB. 2489.It Li ddb.panicstackframes 2490Number of stack frames to display on panic. 2491Useful to avoid scrolling away the interesting frames on a glass tty. 2492Default value is 2493.Dv 65535 2494(all frames), useful value around 2495.Dv 10 . 2496.El 2497.Pp 2498Some of these MIB 2499nodes are also available as variables from within the debugger. 2500See 2501.Xr ddb 4 2502for more details. 2503.Ss The security.* subtree ( Dv CTL_SECURITY ) 2504The 2505.Li security 2506level contains various security-related settings for 2507the system. 2508The available second level names are: 2509.Bl -column "Second level name" "integer" "Changeable" -offset indent 2510.It Sy Second level name Ta Sy Type Ta Sy Changeable 2511.It Li security.curtain integer yes 2512.It Li security.models node not applicable 2513.It Li security.pax node not applicable 2514.El 2515.Pp 2516Available settings are detailed below. 2517.Bl -tag -width "123456" 2518.It Li security.curtain 2519If non-zero, will filter return objects according to the user ID 2520requesting information about them, preventing users from 2521accessing any objects they do not own. 2522.Pp 2523At the moment, it affects 2524.Xr ps 1 , 2525.Xr netstat 1 2526(for 2527.Dv PF_INET , 2528.Dv PF_INET6 , 2529and 2530.Dv PF_UNIX 2531PCBs), and 2532.Xr w 1 . 2533.It Li security.models 2534.Nx 2535supports pluggable security models. 2536Every security model used, whether if loaded as a module or built with the system, 2537is required to add an entry to this node with at least one element, 2538.Dq name , 2539indicating the name of the security model. 2540.Pp 2541In addition to the name, any settings and other information private to the 2542security model will be available under this node. 2543See 2544.Xr secmodel 9 2545for more information. 2546.It Li security.pax 2547Settings for PaX -- exploit mitigation features. 2548For more information on any of the PaX features, please see 2549.Xr paxctl 8 2550and 2551.Xr security 7 . 2552The available third and fourth level names are: 2553.Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \ 2554-offset 2n 2555.It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable 2556.It Li security.pax.aslr.enabled integer yes 2557.\".It Li security.pax.aslr.exec_len integer yes 2558.It Li security.pax.aslr.global integer yes 2559.\".It Li security.pax.aslr.mmap_len integer yes 2560.\".It Li security.pax.aslr.stack_len integer yes 2561.It Li security.pax.mprotect.enabled integer yes 2562.It Li security.pax.mprotect.global integer yes 2563.It Li security.pax.mprotect.ptrace integer yes 2564.It Li security.pax.segvguard.enabled integer yes 2565.It Li security.pax.segvguard.expiry_timeout integer yes 2566.It Li security.pax.segvguard.global integer yes 2567.It Li security.pax.segvguard.max_crashes integer yes 2568.It Li security.pax.segvguard.suspend_timeout integer yes 2569.El 2570.Bl -tag -width "123456" 2571.It Li security.pax.aslr.enabled 2572Enable PaX ASLR (Address Space Layout Randomization). 2573.Pp 2574The value of this 2575knob must be non-zero for PaX ASLR to be enabled, even if a program is set to 2576explicit enable. 2577.\".It Li security.pax.aslr.exec_len 2578.\" XXX: Undocumented. 2579.It Li security.pax.aslr.global 2580Specifies the default global policy for programs without an 2581explicit enable/disable flag. 2582.Pp 2583When non-zero, all programs will get PaX ASLR, except those exempted with 2584.Xr paxctl 8 . 2585Otherwise, all programs will not get PaX ASLR, except those specifically 2586marked as such with 2587.Xr paxctl 8 . 2588.\".It Li security.pax.aslr.mmap_len 2589.\" XXX: Undocumented. 2590.\" .It Li security.pax.aslr.stack_len 2591.\" XXX: Undocumented. 2592.It Li security.pax.mprotect.enabled 2593Enable PaX MPROTECT restrictions. 2594.Pp 2595These are 2596.Xr mprotect 2 2597restrictions to better enforce a W^X policy. 2598The value of this 2599knob must be non-zero for PaX MPROTECT to be enabled, even if a 2600program is set to explicit enable. 2601.It Li security.pax.mprotect.global 2602Specifies the default global policy for programs without an 2603explicit enable/disable flag. 2604.Pp 2605When non-zero, all programs will get the PaX MPROTECT restrictions, 2606except those exempted with 2607.Xr paxctl 8 . 2608Otherwise, all programs will not get the PaX MPROTECT restrictions, 2609except those specifically marked as such with 2610.Xr paxctl 8 . 2611.It Li security.pax.mprotect.ptrace 2612This variable allows 2613.Xr ptrace 2 2614to override PaX MPROTECT permissions. 2615It can have the following values: 2616.Bl -tag -width XX -compact 2617.It 0 2618Does not let override any permissions. 2619.It 1 2620Disables PaX MPROTECT from processes that start executing while traced (default). 2621.It 2 2622Bypasses PaX MPROTECT for all processes being traced. 2623.El 2624.It Li security.pax.segvguard.enabled 2625Enable PaX Segvguard. 2626.Pp 2627PaX Segvguard can detect and prevent certain exploitation attempts, where 2628an attacker may try for example to brute-force function return addresses 2629of respawning daemons. 2630.Pp 2631.Em Note : 2632The 2633.Nx 2634interface and implementation of the Segvguard is still experimental, and may 2635change in future releases. 2636.It Li security.pax.segvguard.expiry_timeout 2637If the max number was not reached within this timeout (in seconds), the entry 2638will expire. 2639.It Li security.pax.segvguard.global 2640Specifies the default global policy for programs without an 2641explicit enable/disable flag. 2642.Pp 2643When non-zero, all programs will get the PaX Segvguard, 2644except those exempted with 2645.Xr paxctl 8 . 2646Otherwise, no program will get the PaX Segvguard restrictions, 2647except those specifically marked as such with 2648.Xr paxctl 8 . 2649.It Li security.pax.segvguard.max_crashes 2650The maximum number of segfaults a program can receive before suspension. 2651.It Li security.pax.segvguard.suspend_timeout 2652Number of seconds to suspend a user from running a faulting program when the 2653limit was exceeded. 2654.El 2655.El 2656.Ss The vendor.* subtree ( Dv CTL_VENDOR ) 2657The 2658.Li vendor 2659toplevel name is reserved to be used by vendors who wish to 2660have their own private MIB tree. 2661Intended use is to store values under 2662.Dq vendor.<yourname>.* . 2663.Sh SEE ALSO 2664.Xr sysctl 3 , 2665.Xr ipsec 4 , 2666.Xr tcp 4 , 2667.Xr security 7 , 2668.Xr sysctl 8 2669.Sh HISTORY 2670The 2671.Nm 2672variables first appeared in 2673.Bx 4.4 . 2674