1.\" $NetBSD: sysctl.7,v 1.139 2019/06/01 19:54:34 kamil Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 31.\" 32.Dd June 1, 2019 33.Dt SYSCTL 7 34.Os 35.Sh NAME 36.Nm sysctl 37.Nd system information variables 38.Sh DESCRIPTION 39The 40.Xr sysctl 3 41library function and the 42.Xr sysctl 8 43utility are used to get and set values of system variables, maintained 44by the kernel. 45The variables are organized in a tree and identified by a sequence of 46numbers, conventionally separated by dots with the topmost identifier 47at the left side. 48The numbers have corresponding text names. 49The 50.Xr sysctlnametomib 3 51function or the 52.Fl M 53argument to the 54.Xr sysctl 8 55utility can be used to convert the text representation to the 56numeric one. 57.Pp 58The individual sysctl variables are described below, both the textual 59and numeric form where applicable. 60The textual names can be used as argument to the 61.Xr sysctl 8 62utility and in the file 63.Pa /etc/sysctl.conf . 64The numeric names are usually defined as preprocessor constants and 65are intended for use by programs. 66Every such constant expands to one integer, which identifies the 67sysctl variable relative to the upper level of the tree. 68See the 69.Xr sysctl 3 70manual page for programming examples. 71.Ss Top level names 72The top level names are defined with a 73.Va CTL_ 74prefix in 75.In sys/sysctl.h , 76and are as follows. 77The next and subsequent levels down are found in the include files 78listed here, and described in separate sections below. 79.Bl -column "security" ".Dv CTL_SECURITY" ".In uvm/uvm_param.h" "High kernel limits" 80.It Sy Name Ta Sy Constant Ta Sy Next level names Ta Sy Description 81.It kern Ta Dv CTL_KERN Ta In sys/sysctl.h Ta High kernel limits 82.It vm Ta Dv CTL_VM Ta In uvm/uvm_param.h Ta Virtual memory 83.It vfs Ta Dv CTL_VFS Ta In sys/mount.h Ta Filesystem 84.It net Ta Dv CTL_NET Ta In sys/socket.h Ta Networking 85.It debug Ta Dv CTL_DEBUG Ta In sys/sysctl.h Ta Debugging 86.It hw Ta Dv CTL_HW Ta In sys/sysctl.h Ta Generic CPU, I/O 87.It machdep Ta Dv CTL_MACHDEP Ta In sys/sysctl.h Ta Machine dependent 88.It user Ta Dv CTL_USER Ta In sys/sysctl.h Ta User-level 89.It ddb Ta Dv CTL_DDB Ta In sys/sysctl.h Ta In-kernel debugger 90.It proc Ta Dv CTL_PROC Ta In sys/sysctl.h Ta Per-process 91.It vendor Ta Dv CTL_VENDOR Ta ? Ta Vendor specific 92.It emul Ta Dv CTL_EMUL Ta In sys/sysctl.h Ta Emulation settings 93.It security Ta Dv CTL_SECURITY Ta In sys/sysctl.h Ta Security settings 94.El 95.Ss The debug.* subtree 96The debugging variables vary from system to system. 97A debugging variable may be added or deleted without need to recompile 98.Nm 99to know about it. 100Each time it runs, 101.Nm 102gets the list of debugging variables from the kernel and 103displays their current values. 104The system defines twenty 105.Vt ( struct ctldebug ) 106variables named 107.Dv debug0 108through 109.Dv debug19 . 110They are declared as separate variables so that they can be 111individually initialized at the location of their associated variable. 112The loader prevents multiple use of the same variable by issuing errors 113if a variable is initialized in more than one place. 114For example, to export the variable 115.Va dospecialcheck 116as a debugging variable, the following declaration would be used: 117.Pp 118.Bd -literal -offset indent -compact 119int dospecialcheck = 1; 120struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; 121.Ed 122.Pp 123Note that the dynamic implementation of 124.Nm 125currently in use largely makes this particular 126.Nm 127interface obsolete. 128See 129.Xr sysctl 8 130.\" and 131.\" .Xr sysctl 9 132for more information. 133.Ss The vfs.* subtree 134A distinguished second level name, 135.Li vfs.generic ( Dv VFS_GENERIC ) , 136is used to get general information about all file systems. 137It has the following third level identifiers: 138.Bl -tag -width "123456" 139.It Li vfs.generic.maxtypenum ( Dv VFS_MAXTYPENUM ) 140The highest valid file system type number. 141.It Li vfs.generic.conf ( Dv VFS_CONF ) 142Returns configuration information about the file system type given as a fourth 143level identifier. 144.It Li vfs.generic.usermount ( Dv VFS_USERMOUNT ) 145Determines if non superuser mounts are allowed, defaults to 146.Dv 0 . 147.It Li vfs.generic.magiclinks ( Dv VFS_MAGICLINKS ) 148Controls if expansion of variables is going to be performed on pathnames 149or not. 150Defaults to no variable expansion, 151.Dv 0 . 152Variables are of the form 153.Li @name 154and the variables supported are described in 155.Xr symlink 7 156under 157.Dq "MAGIC SYMLINKS" . 158.El 159.Pp 160A second level name for controlling the 161.Xr wapbl 4 162(Write Ahead Physical Block Logging file system journalling) 163capabilities with the following third level identifiers: 164.Bl -tag -width "123456" 165.It Li vfs.wapbl.flush_disk_cache 166Controls whether to attempt to flush the disk cache on each commit. 167It defaults to 1 and it should always be on to ensure integrity 168of file system metadata in the event of a power loss. 169For slow disks, turning it off can improve performance. 170.It Li vfs.wapbl.verbose_commit 171For each transaction log commit, print the number of bytes written 172and the time it took to commit as seconds.nanoseconds. 173.El 174.Pp 175The remaining second level identifiers are the file system names, identified 176by the type number returned by a 177.Xr statvfs 2 178call or from 179.Li vfs.generic.conf . 180.Pp 181The third level identifiers available for each file system 182are given in the header file that defines the mount 183argument structure for that file system. 184.Ss The hw.* subtree 185The string and integer information available for the 186.Li hw 187level is detailed below. 188The changeable column shows whether a process with appropriate 189privilege may change the value. 190.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent 191.It Sy Second level name Ta Sy Type Ta Sy Changeable 192.It hw.alignbytes integer no 193.It hw.byteorder integer no 194.It hw.cnmagic string yes 195.It hw.disknames string no 196.It hw.diskstats struct no 197.It hw.machine string no 198.It hw.machine_arch string no 199.It hw.model string no 200.It hw.ncpu integer no 201.It hw.ncpuonline integer no 202.It hw.pagesize integer no 203.It hw.physmem integer no 204.It hw.physmem64 quad no 205.It hw.usermem integer no 206.It hw.usermem64 quad no 207.El 208.Bl -tag -width "123456" 209.It Li hw.alignbytes ( Dv HW_ALIGNBYTES ) 210Alignment constraint for all possible data types. 211This shows the value 212.Dv ALIGNBYTES 213in 214.In machine/param.h , 215at the kernel compilation time. 216.It Li hw.byteorder ( Dv HW_BYTEORDER ) 217The byteorder (4321, or 1234). 218.It Li hw.cnmagic ( Dv HW_CNMAGIC ) 219The console magic key sequence. 220.It Li hw.disknames ( Dv HW_DISKNAMES ) 221The list of (space separated) disk device names on the system. 222.It Li hw.iostatnames ( Dv HW_IOSTATNAMES ) 223A space separated list of devices that will have I/O statistics 224collected on them. 225.It Li hw.iostats ( Dv HW_IOSTATS ) 226Return statistical information on the NFS mounts, disk and tape 227devices on the system. 228An array of 229.Vt struct io_sysctl 230structures is returned, 231whose size depends on the current number of such objects in the system. 232The third level name is the size of the 233.Vt struct io_sysctl . 234The type of object can be determined by examining the 235.Va type 236element of 237.Vt struct io_sysctl . 238Which can be 239.Dv IOSTAT_DISK 240(disk drive), 241.Dv IOSTAT_TAPE 242(tape drive), or 243.Dv IOSTAT_NFS 244(NFS mount). 245.It Li hw.machine ( Dv HW_MACHINE ) 246The machine class. 247.It Li hw.machine_arch ( Dv HW_MACHINE_ARCH ) 248The machine CPU class. 249.It Li hw.model ( Dv HW_MODEL ) 250The machine model. 251.It Li hw.ncpu ( Dv HW_NCPU ) 252The number of CPUs configured. 253.It Li hw.ncpuonline ( Dv HW_NCPUONLINE ) 254The number of CPUs online. 255.It Li hw.pagesize ( Dv HW_PAGESIZE ) 256The software page size. 257.It Li hw.physmem ( Dv HW_PHYSMEM ) 258The bytes of physical memory as a 32-bit integer. 259.It Li hw.physmem64 ( Dv HW_PHYSMEM64 ) 260The bytes of physical memory as a 64-bit integer. 261.It Li hw.usermem ( Dv HW_USERMEM ) 262The bytes of non-kernel memory as a 32-bit integer. 263.It Li hw.usermem64 ( Dv HW_USERMEM64 ) 264The bytes of non-kernel memory as a 64-bit integer. 265.El 266.Ss The kern.* subtree 267This subtree includes data generally related to the kernel. 268The string and integer information available for the 269.Li kern 270level is detailed below. 271The changeable column shows whether a process with appropriate 272privilege may change the value. 273.Bl -column "kern.posix_reader_writer_locks" \ 274"struct kinfo_drivers" "not applicable" 275.It Sy Second level name Ta Sy Type Ta Sy Changeable 276.It kern.aio_listio_max integer yes 277.It kern.aio_max integer yes 278.It kern.arandom integer no 279.It kern.argmax integer no 280.It kern.boothowto integer no 281.It kern.boottime struct timespec no 282.It kern.buildinfo string no 283.\".It kern.bufq node not applicable 284.It kern.ccpu integer no 285.It kern.clockrate struct clockinfo no 286.It kern.consdev integer no 287.It kern.coredump node not applicable 288.It kern.cp_id struct no 289.It kern.cp_time uint64_t[\|] no 290.It kern.cryptodevallowsoft integer yes 291.It kern.defcorename string yes 292.It kern.detachall integer yes 293.It kern.domainname string yes 294.It kern.drivers struct kinfo_drivers no 295.It kern.dump_on_panic integer yes 296.It kern.expose_address integer yes 297.It kern.file struct file no 298.It kern.forkfsleep integer yes 299.It kern.fscale integer no 300.It kern.fsync integer no 301.It kern.hardclock_ticks integer no 302.It kern.hostid integer yes 303.It kern.hostname string yes 304.It kern.iov_max integer no 305.It kern.ipc node not applicable 306.It kern.job_control integer no 307.It kern.labeloffset integer no 308.It kern.labelsector integer no 309.It kern.login_name_max integer no 310.It kern.logsigexit integer yes 311.It kern.mapped_files integer no 312.It kern.maxfiles integer yes 313.It kern.maxlwp integer yes 314.It kern.maxpartitions integer no 315.It kern.maxphys integer no 316.It kern.maxproc integer yes 317.It kern.maxptys integer yes 318.It kern.maxvnodes integer yes 319.It kern.messages integer yes 320.It kern.mbuf node not applicable 321.It kern.memlock integer no 322.It kern.memlock_range integer no 323.It kern.memory_protection integer no 324.It kern.module node not applicable 325.It kern.monotonic_clock integer no 326.It kern.mqueue node not applicable 327.It kern.msgbuf integer no 328.It kern.msgbufsize integer no 329.It kern.ngroups integer no 330.\".It kern.no_sa_support integer yes 331.It kern.ntptime struct ntptimeval no 332.It kern.osrelease string no 333.It kern.osrevision integer no 334.It kern.ostype string no 335.\".It kern.panic_now integer yes 336.It kern.pipe node not applicable 337.It kern.pool struct pool_sysctl no 338.\" .It kern.posix node not applicable 339.It kern.posix1version integer no 340.It kern.posix_aio integer no 341.It kern.posix_barriers integer no 342.It kern.posix_reader_writer_locks integer no 343.\".It kern.posix_sched integer yes 344.It kern.posix_semaphores integer no 345.It kern.posix_spin_locks integer no 346.It kern.posix_threads integer no 347.It kern.posix_timers integer no 348.It kern.proc struct kinfo_proc no 349.It kern.proc2 struct kinfo_proc2 no 350.It kern.proc_args string no 351.It kern.profiling node not applicable 352.\".It kern.pset node not applicable 353.It kern.rawpartition integer no 354.It kern.root_device string no 355.It kern.root_partition integer no 356.It kern.rtc_offset integer yes 357.It kern.saved_ids integer no 358.It kern.sbmax integer yes 359.It kern.sched node not applicable 360.It kern.securelevel integer raise only 361.It kern.somaxkva integer yes 362.It kern.sooptions integer yes 363.It kern.synchronized_io integer no 364.It kern.timecounter node not applicable 365.It kern.timex struct no 366.It kern.tkstat node not applicable 367.It kern.tty node not applicable 368.It kern.urandom integer no 369.It kern.usercrypto integer yes 370.It kern.userasymcrypto integer yes 371.It kern.veriexec node not applicable 372.It kern.version string no 373.It kern.vnode struct vnode no 374.El 375.Bl -tag -width "123456" 376.It Li kern.aio_listio_max 377The maximum number of asynchronous I/O operations in a single list 378I/O call. 379Like with all variables related to 380.Xr aio 3 , 381the variable may be created and removed dynamically 382upon loading or unloading the corresponding kernel module. 383.It Li kern.aio_max 384The maximum number of asynchronous I/O operations. 385.It Li kern.arandom 386This variable picks a random number each time it is queried. 387The used random number generator 388.Pf ( RNG ) 389is based on 390.Xr arc4random 3 . 391.It Li kern.argmax ( Dv KERN_ARGMAX ) 392The maximum bytes of argument to 393.Xr execve 2 . 394.It Li kern.boothowto 395Flags passed from the boot loader; see 396.Xr reboot 2 397for the meanings of the flags. 398.It Li kern.boottime ( Dv KERN_BOOTTIME ) 399A 400.Vt struct timespec 401structure is returned. 402This structure contains the time that the system was booted. 403That time is defined (for this purpose) to be the time at 404which the kernel first started accumulating clock ticks. 405.It Li kern.bufq 406This variable contains information on the 407.Xr bufq 9 408subsystem. 409Currently, the only third level name implemented is 410.Dv kern.bufq.strategies 411which provides a list of buffer queue strategies currently available. 412.It Li kern.buildinfo 413When the kernel is built, the build environment may optionally provide 414arbitrary information to be stored in this variable. 415.It Li kern.ccpu ( Dv KERN_CCPU ) 416The scheduler exponential decay value. 417.It Li kern.clockrate ( Dv KERN_CLOCKRATE ) 418A 419.Vt struct clockinfo 420structure is returned. 421This structure contains the clock, statistics clock and profiling clock 422frequencies, the number of micro-seconds per hz tick, and the clock 423skew rate. 424Refer to 425.Xr hz 9 426for additional details. 427.It Li kern.consdev ( Dv KERN_CONSDEV ) 428Console device. 429.It Li kern.coredump 430Settings related to set-id processes coredumps. 431By default, set-id processes do not dump core in situations where 432other processes would. 433The settings in this node allows an administrator to change this 434behavior. 435.Pp 436The third level name is 437.Dv kern.coredump.setid 438and fourth level variables are described below. 439.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent 440.It Sy Fourth level name Ta Sy Type Ta Sy Changeable 441.It kern.coredump.setid.dump integer yes 442.It kern.coredump.setid.group integer yes 443.It kern.coredump.setid.mode integer yes 444.It kern.coredump.setid.owner integer yes 445.It kern.coredump.setid.path string yes 446.El 447.Bl -tag -width "123456" 448.It Li kern.coredump.setid.dump 449If non-zero, set-id processes will dump core. 450.It Li kern.coredump.setid.group 451The group-id for the set-id processes' coredump. 452.It Li kern.coredump.setid.mode 453The mode for the set-id processes' coredump. 454See 455.Xr chmod 1 . 456.It Li kern.coredump.setid.owner 457The user-id that will be used as the owner of the set-id processes' 458coredump. 459.It Li kern.coredump.setid.path 460The path to which set-id processes' coredumps will be saved to. 461Same syntax as kern.defcorename. 462.El 463.It Li kern.cp_id ( Dv KERN_CP_ID ) 464Mapping of CPU number to CPU id. 465.It Li kern.cp_time ( Dv KERN_CP_TIME ) 466Returns an array of 467.Dv CPUSTATES 468.Vt uint64_t Ns s . 469This array contains the 470number of clock ticks spent in different CPU states. 471On multi-processor systems, the sum across all CPUs is returned unless 472appropriate space is given for one data set for each CPU. 473Data for a specific CPU can also be obtained by adding the number of the 474CPU at the end of the MIB, enlarging it by one. 475.It Li kern.cryptodevallowsoft 476This variable controls userland access to hardware versus software transforms 477in the 478.Xr crypto 4 479system. 480The available values are as follows: 481.Bl -tag -width XX0 -offset indent 482.It Dv < 0 483Always force userlevel requests to use software transforms. 484.It Dv = 0 485If present, use hardware and grant userlevel requests for 486non-accelerated transforms (handling the latter in software). 487.It Dv > 0 488Allow user requests only for transforms which are hardware-accelerated. 489.El 490.It Li kern.defcorename ( Dv KERN_DEFCORENAME ) 491Default template for the name of core dump files (see also 492.Li proc.pid.corename 493in the per-process variables 494.Li proc.* , 495and 496.Xr core 5 497for format of this template). 498The default value is 499.Pa %n.core 500and can be changed with the kernel configuration option 501.Cd options DEFCORENAME 502(see 503.Xr options 4 504). 505.It Li kern.detachall 506Detach all devices at shutdown. 507.It Li kern.domainname ( Dv KERN_DOMAINNAME ) 508Get or set the YP domain name. 509.It Li kern.drivers ( Dv KERN_DRIVERS ) 510Return an array of 511.Vt struct kinfo_drivers 512that contains the name and major device numbers of all the device drivers 513in the current kernel. 514The 515.Va d_name 516field is always a NUL terminated string. 517The 518.Va d_bmajor 519field will be set to \-1 if the driver doesn't have a block device. 520.It Li kern.expose_address 521Expose kernel addresses in 522.Xr sysctl 3 523calls used by 524.Xr fstat 1 525and 526.Xr sockstat 1 . 527If it is set to 528.Dv 0 529access is not allowed. 530If it is set to 531.Dv 1 532then only processes that have opened 533.Pa /dev/kmem 534can have access. 535If it is set to 536.Dv 2 537every process is allowed. 538Defaults to 539.Dv 0 540for 541.Dv KASLR 542kernels 543and 544.Dv 1 545otherwise. 546Allowing general access renders KASLR ineffective; allowing only kmem 547accessing programs weakens KASLR if those programs can be subverted 548to leak the addresses. 549.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) 550Perform a crash dump on system 551.Xr panic 9 . 552.It Li kern.file ( Dv KERN_FILE ) 553Return the entire file table. 554The returned data consists of a single 555.Vt struct filelist 556followed by an array of 557.Vt struct file , 558whose size depends on the current number of such objects in the system. 559.It Li kern.forkfsleep ( Dv KERN_FORKFSLEEP ) 560If 561.Xr fork 2 562system call fails due to limit on number of processes (either 563the global maxproc limit or user's one), wait for this many 564milliseconds before returning 565.Er EAGAIN 566error to process. 567Useful to keep heavily forking runaway processes in bay. 568Default zero (no sleep). 569Maximum is 20 seconds. 570.It Li kern.fscale ( Dv KERN_FSCALE ) 571The kernel fixed-point scale factor. 572.It Li kern.fsync ( Dv KERN_FSYNC ) 573Return 1 if the 574.St -p1003.1b-93 575File Synchronization Option is available 576on this system, 577otherwise\ 0. 578.It Li kern.hardclock_ticks ( Dv KERN_HARDCLOCK_TICKS ) 579Returns the number of 580.Xr hardclock 9 581ticks. 582.It Li kern.hist 583This variable contains kernel history data if the kernel was 584configured for any of the options 585.Dv UVHMIST , 586.Dv USB_DEBUG , 587.Dv BIOHIST , 588or 589.Dv SCDEBUG . 590(See 591.Xr options 4 592for more details.) 593The third-level names correspond to each available history table. 594The values of the history tables are in an internal format, and can be 595decoded by the 596.Xr vmstat 1 597utility's 598.Fl U 599and 600.Fl u 601options; 602the 603.Fl l 604option can be used to see which tables are available. 605.It Li kern.hostid ( Dv KERN_HOSTID ) 606Get or set the host identifier. 607This is aimed to replace the legacy 608.Xr gethostid 3 609and 610.Xr sethostid 3 611system calls. 612.It Li kern.hostname ( Dv KERN_HOSTNAME ) 613Get or set the 614.Xr hostname 1 . 615.It Li kern.iov_max ( Dv KERN_IOV_MAX ) 616Return the maximum number of 617.Vt iovec 618structures that a process has available for use with 619.Xr preadv 2 , 620.Xr pwritev 2 , 621.Xr readv 2 , 622.Xr recvmsg 2 , 623.Xr sendmsg 2 624and 625.Xr writev 2 . 626.It Li kern.ipc ( Dv KERN_SYSVIPC ) 627Return information about the SysV IPC parameters. 628The third level names for the ipc variables are detailed below. 629.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent 630.It Sy Third level name Ta Sy Type Ta Sy Changeable 631.It kern.ipc.sysvmsg integer no 632.It kern.ipc.sysvsem integer no 633.It kern.ipc.sysvshm integer no 634.It kern.ipc.sysvipc_info struct no 635.It kern.ipc.shmmax integer yes 636.It kern.ipc.shmmni integer yes 637.It kern.ipc.shmseg integer yes 638.It kern.ipc.shmmaxpgs integer yes 639.It kern.ipc.shm_use_phys integer yes 640.It kern.ipc.msgmni integer yes 641.It kern.ipc.msgseg integer yes 642.It kern.ipc.semmni integer yes 643.It kern.ipc.semmns integer yes 644.It kern.ipc.semmnu integer yes 645.El 646.Bl -tag -width "123456" 647.It Li kern.ipc.sysvmsg ( Dv KERN_SYSVIPC_MSG ) 648Returns 1 if System V style message queue functionality is available 649on this system, 650otherwise\ 0. 651.It Li kern.ipc.sysvsem ( Dv KERN_SYSVIPC_SEM ) 652Returns 1 if System V style semaphore functionality is available 653on this system, 654otherwise\ 0. 655.It Li kern.ipc.sysvshm ( Dv KERN_SYSVIPC_SHM ) 656Returns 1 if System V style share memory functionality is available 657on this system, 658otherwise\ 0. 659.It Li kern.ipc.sysvipc_info ( Dv KERN_SYSVIPC_INFO ) 660Return System V style IPC configuration and run-time information. 661The fourth level name selects the System V style IPC facility. 662.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent 663.It Sy Fourth level name Ta Sy Type 664.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info 665.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info 666.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info 667.El 668.Bl -tag -width "123456" 669.It Li KERN_SYSVIPC_MSG_INFO 670Return information on the System V style message facility. 671The 672.Sy msg_sysctl_info 673structure is defined in 674.In sys/msg.h . 675.It Li KERN_SYSVIPC_SEM_INFO 676Return information on the System V style semaphore facility. 677The 678.Sy sem_sysctl_info 679structure is defined in 680.In sys/sem.h . 681.It Li KERN_SYSVIPC_SHM_INFO 682Return information on the System V style shared memory facility. 683The 684.Sy shm_sysctl_info 685structure is defined in 686.In sys/shm.h . 687.El 688.It Li kern.ipc.shmmax ( Dv KERN_SYSVIPC_SHMMAX ) 689Max shared memory segment size in bytes. 690.It Li kern.ipc.shmmni ( Dv KERN_SYSVIPC_SHMMNI ) 691Max number of shared memory identifiers. 692.It Li kern.ipc.shmseg ( Dv KERN_SYSVIPC_SHMSEG ) 693Max shared memory segments per process. 694.It Li kern.ipc.shmmaxpgs ( Dv KERN_SYSVIPC_SHMMAXPGS ) 695Max amount of shared memory in pages. 696.It Li kern.ipc.shm_use_phys ( Dv KERN_SYSVIPC_SHMUSEPHYS ) 697Locking of shared memory in physical memory. 698If 0, memory can be swapped 699out, otherwise it will be locked in physical memory. 700.It Li kern.ipc.msgmni 701Max number of message queue identifiers. 702.It Li kern.ipc.msgseg 703Max number of number of message segments. 704.It Li kern.ipc.semmni 705Max number of number of semaphore identifiers. 706.It Li kern.ipc.semmns 707Max number of number of semaphores in system. 708.It Li kern.ipc.semmnu 709Max number of undo structures in system. 710.El 711.It Li kern.job_control ( Dv KERN_JOB_CONTROL ) 712Return 1 if job control is available on this system, otherwise\ 0. 713.It Li kern.labeloffset ( Dv KERN_LABELOFFSET ) 714The offset within the sector specified by 715.Dv KERN_LABELSECTOR 716of the 717.Xr disklabel 5 . 718.It Li kern.labelsector ( Dv KERN_LABELSECTOR ) 719The sector number containing the 720.Xr disklabel 5 . 721.It Li kern.login_name_max ( Dv KERN_LOGIN_NAME_MAX ) 722The size of the storage required for a login name, in bytes, 723including the terminating NUL. 724.It Li kern.logsigexit ( Dv KERN_LOGSIGEXIT ) 725If this flag is non-zero, the kernel will 726.Xr log 9 727all process exits due to signals which create a 728.Xr core 5 729file, and whether the coredump was created. 730.It Li kern.mapped_files ( Dv KERN_MAPPED_FILES ) 731Returns 1 if the 732.St -p1003.1b-93 733Memory Mapped Files Option is available on this system, 734otherwise\ 0. 735.It Li kern.maxfiles ( Dv KERN_MAXFILES ) 736The maximum number of open files that may be open in the system. 737.It Li kern.maxpartitions ( Dv KERN_MAXPARTITIONS ) 738The maximum number of partitions allowed per disk. 739.It Li kern.maxlwp 740The maximum number of Lightweight Processes (threads) the system allows 741per uid. 742.It Li kern.maxphys ( Dv KERN_MAXPHYS ) 743Maximum raw I/O transfer size. 744.It Li kern.maxproc ( Dv KERN_MAXPROC ) 745The maximum number of simultaneous processes the system will allow. 746.It Li kern.maxptys ( Dv KERN_MAXPTYS ) 747The maximum number of pseudo terminals. 748This value can be both raised and lowered, though it cannot 749be set lower than number of currently used ptys. 750See also 751.Xr pty 4 . 752.It Li kern.maxvnodes ( Dv KERN_MAXVNODES ) 753The maximum number of vnodes available on the system. 754This can only be raised. 755.It Li kern.mbuf ( Dv KERN_MBUF ) 756Return information about the mbuf control variables. 757Mbufs are data structures which store network packets and other data 758structures in the networking code, see 759.Xr mbuf 9 . 760The third level names for the mbuf variables are detailed below. 761The changeable column shows whether a process with appropriate 762privilege may change the value. 763.Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent 764.It Sy Third level name Ta Sy Type Ta Sy Changeable 765.\" XXX Changeable? really? 766.It kern.mbuf.mblowat integer yes 767.It kern.mbuf.mclbytes integer yes 768.It kern.mbuf.mcllowat integer yes 769.It kern.mbuf.msize integer yes 770.It kern.mbuf.nmbclusters integer yes 771.El 772.Pp 773The variables are as follows: 774.Bl -tag -width "123456" 775.It Li kern.mbuf.mblowat ( Dv MBUF_MBLOWAT ) 776The mbuf low water mark. 777.It Li kern.mbuf.mclbytes ( Dv MBUF_MCLBYTES ) 778The mbuf cluster size. 779.It Li kern.mbuf.mcllowat ( Dv MBUF_MCLLOWAT ) 780The mbuf cluster low water mark. 781.It Li kern.mbuf.msize ( Dv MBUF_MSIZE ) 782The mbuf base size. 783.It Li kern.mbuf.nmbclusters ( Dv MBUF_NMBCLUSTERS ) 784The limit on the number of mbuf clusters. 785The variable can only be increased, and only increased on machines with 786direct-mapped pool pages. 787.El 788.It Li kern.memlock ( Dv KERN_MEMLOCK ) 789Returns 1 if the 790.St -p1003.1b-93 791Process Memory Locking Option is available on this system, 792otherwise\ 0. 793.It Li kern.memlock_range ( Dv KERN_MEMLOCK_RANGE ) 794Returns 1 if the 795.St -p1003.1b-93 796Range Memory Locking Option is available on this system, 797otherwise\ 0. 798.It Li kern.memory_protection ( Dv KERN_MEMORY_PROTECTION ) 799Returns 1 if the 800.St -p1003.1b-93 801Memory Protection Option is available on this system, 802otherwise\ 0. 803.It Li kern.messages 804Kernel console message verbosity. 805See 806.Aq Pa sys/reboot.h 807.Bl -column "verbosity" "setting" -offset indent 808.It Sy Value Ta Sy Verbosity Ta Sy sys/reboot.h equivalent 809.It 0 Ta Silent Ta Sy AB_SILENT 810.It 1 Ta Quiet Ta Sy AB_QUIET 811.It 2 Ta Normal Ta Sy AB_NORMAL 812.It 3 Ta Verbose Ta Sy AB_VERBOSE 813.It 4 Ta Debug Ta Sy AB_DEBUG 814.El 815.It Li kern.module 816Settings related to kernel modules. 817The third level names for the settings are described below. 818.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent 819.It Sy Third level name Ta Sy Type Ta Sy Changeable 820.It kern.module.autoload integer yes 821.It kern.module.autotime integer yes 822.It kern.module.verbose boolean yes 823.El 824.Pp 825The variables are as follows: 826.Bl -tag -width "123456" 827.It Li kern.module.autoload 828A boolean that controls whether kernel modules are loaded automatically. 829See 830.Xr module 7 831for additional details. 832.It Li kern.module.autotime 833An integer that controls the delay before an attempt is made to 834automatically unload a module that was auto-loaded. 835Setting this value to zero disables the auto-unload function. 836.It Li kern.module.verbose 837A boolean that enables or disables verbose 838debug messages related to kernel modules. 839.El 840.It Li kern.monotonic_clock ( Dv KERN_MONOTONIC_CLOCK ) 841Returns the standard version the implementation of the 842.St -p1003.1b-93 843Monotonic Clock Option conforms to, 844otherwise\ 0. 845.It Li kern.mqueue 846Settings related to POSIX message queues; see 847.Xr mqueue 3 . 848This node is created dynamically when 849the corresponding kernel module is loaded. 850The third level names for the settings are described below. 851.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent 852.It Sy Third level name Ta Sy Type Ta Sy Changeable 853.It kern.mqueue.mq_open_max integer yes 854.It kern.mqueue.mq_prio_max integer yes 855.It kern.mqueue.mq_max_msgsize integer yes 856.It kern.mqueue.mq_def_maxmsg integer yes 857.It kern.mqueue.mq_max_maxmsg integer yes 858.El 859.Pp 860The variables are: 861.Bl -tag -width "123456" 862.It Li kern.mqueue.mq_open_max 863The maximum number of message queue descriptors any single process can open. 864.It Li kern.mqueue.mq_prio_max 865The maximum priority of a message. 866.It Li kern.mqueue.mq_max_msgsize 867The maximum size of a message in a message queue. 868.It Li kern.mqueue.mq_def_maxmsg 869The default maximum message count. 870.It Li kern.mqueue.mq_max_maxmsg 871The maximum number of messages in a message queue. 872.El 873.It Li kern.msgbuf ( Dv KERN_MSGBUF ) 874The kernel message buffer, rotated so that the head of the circular kernel 875message buffer is at the start of the returned data. 876The returned data may contain NUL bytes. 877.It Li kern.msgbufsize ( Dv KERN_MSGBUFSIZE ) 878The maximum number of characters that the kernel message buffer can hold. 879.It Li kern.ngroups ( Dv KERN_NGROUPS ) 880The maximum number of supplemental groups. 881.\" .It Li kern.no_sa_support 882.\" XXX: Undocumented. 883.It Li kern.ntptime ( Dv KERN_NTPTIME ) 884A 885.Vt struct ntptimeval 886structure is returned. 887This structure contains data used by the 888.Xr ntpd 8 889program. 890.It Li kern.osrelease ( Dv KERN_OSRELEASE ) 891The system release string. 892.It Li kern.osrevision ( Dv KERN_OSREV ) 893The system revision string. 894.It Li kern.ostype ( Dv KERN_OSTYPE ) 895The system type string. 896.\".It Li kern.panic_now 897.\" XXX: Undocumented. 898.It Li kern.pipe ( Dv KERN_PIPE ) 899Pipe settings. 900The third level names for the integer pipe settings is detailed below. 901The changeable column shows whether a process with appropriate 902privilege may change the value. 903.Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent 904.It Sy Third level name Ta Sy Type Ta Sy Changeable 905.It kern.pipe.kvasiz integer yes 906.It kern.pipe.maxbigpipes integer yes 907.It kern.pipe.maxkvasz integer yes 908.It kern.pipe.limitkva integer yes 909.It kern.pipe.nbigpipes integer yes 910.El 911.Pp 912The variables are as follows: 913.Bl -tag -width "123456" 914.It Li kern.pipe.kvasiz ( Dv KERN_PIPE_KVASIZ ) 915Amount of kernel memory consumed by pipe buffers. 916.It Li kern.pipe.maxbigpipes ( Dv KERN_PIPE_MAXBIGPIPES ) 917Maximum number of 918.Dq big 919pipes. 920.It Li kern.pipe.maxkvasz ( Dv KERN_PIPE_MAXKVASZ ) 921Maximum amount of kernel memory to be used for pipes. 922.It Li kern.pipe.limitkva ( Dv KERN_PIPE_LIMITKVA ) 923Limit for direct transfers via page loan. 924.It Li kern.pipe.nbigpipes ( Dv KERN_PIPE_NBIGPIPES ) 925Number of 926.Dq big 927pipes. 928.El 929.It Li kern.pool 930Provides statistics about the 931.Xr pool 9 932and 933.Xr pool_cache 9 934subsystems. 935.\" XXX: Undocumented .It Li kern.posix ( ? ) 936.\" This is a node in which the only variable is semmax. 937.It Li kern.posix1version ( Dv KERN_POSIX1 ) 938The version of ISO/IEC 9945 939.Pq St -p1003.1 940with which the system attempts to comply. 941.It Li kern.posix_aio 942The version of 943.St -p1003.1 944and its Asynchronous I/O option to which the system attempts to conform. 945.It Li kern.posix_barriers ( Dv KERN_POSIX_BARRIERS ) 946The version of 947.St -p1003.1 948and its 949Barriers 950option to which the system attempts to conform, 951otherwise\ 0. 952.It Li kern.posix_reader_writer_locks ( Dv KERN_POSIX_READER_WRITER_LOCKS ) 953The version of 954.St -p1003.1 955and its 956Read-Write Locks 957option to which the system attempts to conform, 958otherwise\ 0. 959.\".It Li kern.posix_sched 960.\" XXX: Undocumented. 961.It Li kern.posix_semaphores ( Dv KERN_POSIX_SEMAPHORES ) 962The version of 963.St -p1003.1 964and its 965Semaphores 966option to which the system attempts to conform, 967otherwise\ 0. 968.It Li kern.posix_spin_locks ( Dv KERN_POSIX_SPIN_LOCKS ) 969The version of 970.St -p1003.1 971and its 972Spin Locks 973option to which the system attempts to conform, 974otherwise\ 0. 975.It Li kern.posix_threads ( Dv KERN_POSIX_THREADS ) 976The version of 977.St -p1003.1 978and its 979Threads 980option to which the system attempts to conform, 981otherwise\ 0. 982.It Li kern.posix_timers ( Dv KERN_POSIX_TIMERS ) 983The version of 984.St -p1003.1 985and its 986Timers 987option to which the system attempts to conform, 988otherwise\ 0. 989.It Li kern.proc ( Dv KERN_PROC ) 990Return the entire process table, or a subset of it. 991An array of 992.Vt struct kinfo_proc 993structures is returned, 994whose size depends on the current number of such objects in the system. 995The third and fourth level numeric names are as follows: 996.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent 997.It Sy Third level name Ta Sy Fourth level is : 998.It KERN_PROC_ALL None 999.It KERN_PROC_GID A group ID 1000.It KERN_PROC_PID A process ID 1001.It KERN_PROC_PGRP A process group 1002.It KERN_PROC_RGID A real group ID 1003.It KERN_PROC_RUID A real user ID 1004.It KERN_PROC_SESSION A session ID 1005.It KERN_PROC_TTY A tty device 1006.It KERN_PROC_UID A user ID 1007.El 1008.It Li kern.proc2 ( Dv KERN_PROC2 ) 1009As for 1010.Dv KERN_PROC , 1011but an array of 1012.Vt struct kinfo_proc2 1013structures are returned. 1014The fifth level name is the size of the 1015.Vt struct kinfo_proc2 1016and the sixth level name is the number of structures to return. 1017.It Li kern.proc_args ( Dv KERN_PROC_ARGS ) 1018Return the argv or environment strings (or the number thereof) 1019of a process. 1020Multiple strings are returned separated by NUL characters. 1021The third level name is the process ID. 1022The fourth level name is as follows: 1023.Bl -column "KERN_PROG_PATHNAME" "The full pathname of the executable" -offset indent 1024.It Dv KERN_PROC_ARGV The argv strings 1025.It Dv KERN_PROC_ENV The environ strings 1026.It Dv KERN_PROC_NARGV The number of argv strings 1027.It Dv KERN_PROC_NENV The number of environ strings 1028.It Dv KERN_PROC_PATHNAME The full pathname of the executable 1029.It Dv KERN_PROC_CWD The current working directory 1030.El 1031.It Li kern.profiling ( Dv KERN_PROF ) 1032Return profiling information about the kernel. 1033If the kernel is not compiled for profiling, 1034attempts to retrieve any of the 1035.Dv KERN_PROF 1036values will fail with 1037.Er EOPNOTSUPP . 1038The third level names for the string and integer profiling information 1039is detailed below. 1040The changeable column shows whether a process with appropriate 1041privilege may change the value. 1042.Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent 1043.It Sy Third level name Ta Sy Type Ta Sy Changeable 1044.It kern.profiling.count u_short[\|] yes 1045.It kern.profiling.froms u_short[\|] yes 1046.It kern.profiling.gmonparam struct gmonparam no 1047.It kern.profiling.state integer yes 1048.It kern.profiling.tos struct tostruct yes 1049.El 1050.Pp 1051The variables are as follows: 1052.Bl -tag -width "123456" 1053.It Li kern.profiling.count ( Dv GPROF_COUNT ) 1054Array of statistical program counter counts. 1055.It Li kern.profiling.froms ( Dv GPROF_FROMS ) 1056Array indexed by program counter of call-from points. 1057.It Li kern.profiling.gmonparams ( Dv GPROF_GMONPARAM ) 1058Structure giving the sizes of the above arrays. 1059.It Li kern.profiling.state ( Dv GPROF_STATE ) 1060Profiling state. 1061If set to 1062.Dv GMON_PROF_ON , 1063starts profiling. 1064If set to 1065.Dv GMON_PROF_OFF , 1066stops profiling. 1067.It Li kern.profiling.tos ( Dv GPROF_TOS ) 1068Array of 1069.Vt struct tostruct 1070describing destination of calls and their counts. 1071.El 1072.\" .It Li kern.pset 1073.\" XXX: Undocumented. 1074.It Li kern.rawpartition ( Dv KERN_RAWPARTITION ) 1075The raw partition of a disk (a == 0). 1076.It Li kern.root_device ( Dv KERN_ROOT_DEVICE ) 1077The name of the root device (e.g., 1078.Dq wd0 ) . 1079.It Li kern.root_partition ( Dv KERN_ROOT_PARTITION ) 1080The root partition on the root device (a == 0). 1081.It Li kern.rtc_offset ( Dv KERN_RTC_OFFSET ) 1082Return the offset of real time clock from UTC in minutes. 1083.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) 1084Returns 1 if saved set-group and saved set-user ID is available. 1085.It Li kern.sbmax ( Dv KERN_SBMAX ) 1086Maximum socket buffer size in bytes. 1087.It Li kern.securelevel ( Dv KERN_SECURELVL ) 1088See 1089.Xr secmodel_securelevel 9 . 1090.It Li kern.sched ( dynamic ) 1091Influence the scheduling of LWPs, their priorisation and how they are 1092distributed on and moved between CPUs. 1093.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent 1094.It Sy Third level name Sy Type Sy Changeable 1095.It kern.sched.cacheht_time integer yes 1096.It kern.sched.balance_period integer yes 1097.It kern.sched.average_weight integer yes 1098.It kern.sched.min_catch integer yes 1099.It kern.sched.timesoftints integer yes 1100.It kern.sched.kpreempt_pri integer yes 1101.It kern.sched.upreempt_pri integer yes 1102.It kern.sched.maxts integer yes 1103.It kern.sched.mints integer yes 1104.It kern.sched.name string no 1105.It kern.sched.rtts integer no 1106.It kern.sched.pri_min integer no 1107.It kern.sched.pri_max integer no 1108.El 1109.Pp 1110The variables are as follows: 1111.Bl -tag -width "123456" 1112.It Li kern.sched.cacheht_time ( dynamic ) 1113Cache hotness time in which a LWP is kept on one particular CPU 1114and not moved to another CPU. 1115This reduces the overhead of flushing and reloading caches. 1116Defaults to 3ms. 1117Needs to be given in 1118.Dq hz 1119units, see 1120.Xr mstohz 9 . 1121.It Li kern.sched.balance_period ( dynamic ) 1122Interval at which the CPU queues are checked for re-balancing. 1123Defaults to 300ms. 1124Needs to be given in 1125.Dq hz 1126units, see 1127.Xr mstohz 9 . 1128.It Li kern.sched.average_weight ( dynamic ) 1129Can be used to influence how likely LWPs are to be migrated from 1130one CPU's queue of LWPs that are ready to run to a different, idle CPU. 1131The value gives the percentage for weighting the average count of 1132migratable threads from the past against the current number of 1133migratable threads. 1134A small value gives more weight to the past, a larger values more weight 1135on the current situation. 1136Defaults to 50 and must be between 0 and 100. 1137.It Li kern.sched.min_catch ( dynamic ) 1138Minimum count of migratable (runable) threads for catching (stealing) 1139from another CPU. 1140Defaults to 1 but can be increased to decrease chance of thread 1141migration between CPUs. 1142.It Li kern.sched.timesoftints ( dynamic ) 1143Enable tracking of CPU time for soft interrupts 1144as part of a LWP's real execution time. 1145Set to a non-zero value to enable, 1146and see 1147.Xr ps 1 1148for printing CPU times. 1149.It Li kern.sched.kpreempt_pri ( dynamic ) 1150Minimum priority to trigger kernel preemption. 1151.It Li kern.sched.upreempt_pri ( dynamic ) 1152Minimum priority to trigger user preemption. 1153.It Li kern.sched.maxts ( dynamic ) 1154Scheduler specific maximal time quantum (in milliseconds). 1155Must be set to a value larger than 1156.Dq mints 1157and between 10 and 1158.Dq hz 1159as given by the 1160.Dv kern.clockrate 1161sysctl. 1162Provided by the M2 scheduler. 1163.It Li kern.sched.mints ( dynamic ) 1164Scheduler specific minimal time quantum (in milliseconds). 1165Must be set to a value smaller than 1166.Dq maxts 1167and between 1 and 1168.Dq hz 1169as given by the 1170.Dq kern.clockrate 1171sysctl. 1172Provided by the M2 scheduler. 1173.It Li kern.sched.name ( dynamic ) 1174Scheduler name. 1175Provided both by the M2 and the 4BSD scheduler. 1176.It Li kern.sched.rtts ( dynamic ) 1177Fixed scheduler specific round-robin time quantum in milliseconds. 1178Provided both by the M2 and the 4BSD scheduler. 1179.It Li kern.sched.pri_min ( dynamic ) 1180Minimal POSIX real-time priority. 1181See 1182.Xr sched 3 . 1183.It Li kern.sched.pri_max ( dynamic ) 1184Maximal POSIX real-time priority. 1185See 1186.Xr sched 3 . 1187.El 1188.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) 1189Maximum amount of kernel memory to be used for socket buffers in bytes. 1190.It Li kern.sooptions 1191Set the default socket option flags for 1192.Xr socket 2 1193creation. 1194See 1195.Xr setsockopt 2 1196for a list of supported flags. 1197.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) 1198Returns 1 if the 1199.St -p1003.1b-93 1200Synchronized I/O Option is available on this system, 1201otherwise\ 0. 1202.It Li kern.timecounter ( dynamic ) 1203Display and control the timecounter source of the system. 1204.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent 1205.It Sy Third level name Ta Sy Type Ta Sy Changeable 1206.It kern.timecounter.choice string no 1207.It kern.timecounter.hardware string yes 1208.It kern.timecounter.timestepwarnings integer yes 1209.El 1210.Pp 1211The variables are as follows: 1212.Bl -tag -width "123456" 1213.It Li kern.timecounter.choice ( dynamic ) 1214The list of available timecounters with their quality and frequency. 1215.It Li kern.timecounter.hardware ( dynamic ) 1216The currently selected timecounter source. 1217.It Li kern.timecounter.timestepwarnings ( dynamic ) 1218If non-zero display a message each time the time is stepped. 1219.El 1220.It Li kern.timex ( Dv KERN_TIMEX ) 1221Not available. 1222.It Li kern.tkstat ( Dv KERN_TKSTAT ) 1223Return information about the number of characters sent and received 1224on ttys. 1225The third level names for the tty statistic variables are detailed below. 1226The changeable column shows whether a process 1227with appropriate privilege may change the value. 1228.Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent 1229.It Sy Third level name Ta Sy Type Ta Sy Changeable 1230.It kern.tkstat.cancc quad no 1231.It kern.tkstat.nin quad no 1232.It kern.tkstat.nout quad no 1233.It kern.tkstat.rawcc quad no 1234.El 1235.Pp 1236The variables are as follows: 1237.Bl -tag -width "123456" 1238.It Li kern.tkstat.cancc ( Dv KERN_TKSTAT_CANCC ) 1239The number of canonical input characters. 1240.It Li kern.tkstat.nin ( Dv KERN_TKSTAT_NIN ) 1241The total number of input characters. 1242.It Li kern.tkstat.nout ( Dv KERN_TKSTAT_NOUT ) 1243The total number of output characters. 1244.It Li kern.tkstat.rawcc ( Dv KERN_TKSTAT_RAWCC ) 1245The number of raw input characters. 1246.El 1247.It Li kern.tty 1248The third level names for the tty setup variables are detailed below. 1249The changeable column shows whether a process 1250with appropriate privilege may change the value. 1251.Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent 1252.It Sy Third level name Ta Sy Type Ta Sy Changeable 1253.It kern.tty.qsize int yes 1254.El 1255.Pp 1256The variables are as follows: 1257.Bl -tag -width "123456" 1258.It Li kern.tty.qsize 1259Control/display the size of the default input and output queues selected 1260during tty creation. 1261Is converted to a power of two and its range is between 1262.Dv 1024 1263and 1264.Dv 65536 . 1265.El 1266.It Li kern.uidinfo 1267Resource usage for the current user. 1268.Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent 1269.It Sy Third level name Ta Sy Type Ta Sy Changeable 1270.It kern.uidinfo.proccnt integer no 1271.It kern.uidinfo.lwpcnt integer no 1272.It kern.uidinfo.lockcnt integer no 1273.It kern.uidinfo.semcnt integer no 1274.It kern.uidinfo.sbsize integer no 1275.El 1276.Bl -tag -width "123456" 1277.It Li kern.uidinfo.proccnt 1278Returns the number of active processes for the current user. 1279.It Li kern.uidinfo.lwpcnt 1280Returns the number of active threads for the current user; the first thread 1281of each process is not counted. 1282.It Li kern.uidinfo.lockcnt 1283Number of locks held by the current user. 1284.It Li kern.uidinfo.semcnt 1285Number of semaphores held by the current user. 1286.It Li kern.uidinfo.sbsize 1287Number of bytes in socket buffers allocated to the current user. 1288.El 1289.It Li kern.urandom ( Dv KERN_URND ) 1290Random integer value. 1291.It Li kern.usercrypto 1292When enabled, allows userland to 1293.Xr open 2 1294the 1295.Pa /dev/crypto 1296special device, used by the 1297.Xr crypto 4 1298system. 1299.It Li kern.userasymcrypto 1300Enables or disables the use of software asymmetric crypto support in the 1301.Xr crypto 4 1302system. 1303.It Li kern.veriexec 1304Runtime information for 1305.Xr veriexec 8 . 1306.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent 1307.It Sy Third level name Ta Sy Type Ta Sy Changeable 1308.It kern.veriexec.algorithms string no 1309.It kern.veriexec.count node not applicable 1310.It kern.veriexec.strict integer yes 1311.It kern.veriexec.verbose integer yes 1312.El 1313.Bl -tag -width "123456" 1314.It Li kern.veriexec.algorithms 1315Returns a string with the supported algorithms in Veriexec. 1316.It Li kern.veriexec.count 1317Sub-nodes are added to this node as new mounts are monitored by Veriexec. 1318Each mount will be under its own 1319.No tableN 1320node. 1321Under each node there will be three variables, indicating the mount 1322point, the file system type, and the number of entries. 1323.It Li kern.veriexec.strict 1324Controls the strict level of Veriexec. 1325See 1326.Xr security 7 1327for more information on each level's implications. 1328.It Li kern.veriexec.verbose 1329Controls the verbosity level of Veriexec. 1330If 0, only the minimal 1331indication required will be given about what's happening - fingerprint 1332mismatches, removal of entries from the tables, modification of a 1333fingerprinted file. 1334If 1, more messages will be printed (ie., when a file with a valid 1335fingerprint is accessed). 1336Verbose level 2 is debug mode. 1337.El 1338.It Li kern.version ( Dv KERN_VERSION ) 1339The system version string. 1340.It Li kern.vnode ( Dv KERN_VNODE ) 1341Return the entire vnode table. 1342Note, the vnode table is not necessarily a consistent snapshot of 1343the system. 1344The returned data consists of an array whose size depends on the 1345current number of such objects in the system. 1346Each element of the array contains the kernel address of a vnode 1347.Vt struct vnode * 1348followed by the vnode itself 1349.Vt struct vnode . 1350.\" XXX: Undocumented: kern.lwp: no children? 1351.El 1352.Ss The machdep.* subtree 1353The set of variables defined is architecture dependent. 1354Most architectures define at least the following variables. 1355.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent 1356.It Sy Second level name Ta Sy Type Ta Sy Changeable 1357.It Li machdep.booted_kernel string no 1358.El 1359.\" XXX: Document the above. 1360.Ss The net.* subtree 1361The string and integer information available for the 1362.Li net 1363level is detailed below. 1364The changeable column shows whether a process with appropriate 1365privilege may change the value. 1366The second and third levels are typically the protocol family and 1367protocol number, though this is not always the case. 1368.Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent 1369.It Sy Second level name Ta Sy Type Ta Sy Changeable 1370.It net.route routing messages no 1371.It net.inet IPv4 values yes 1372.It net.inet6 IPv6 values yes 1373.It net.key IPsec key management values yes 1374.El 1375.Bl -tag -width "123456" 1376.It Li net.route ( Dv PF_ROUTE ) 1377.\" XXX really? 1378Return the entire routing table or a subset of it. 1379The data is returned as a sequence of routing messages (see 1380.Xr route 4 1381for the header file, format and meaning). 1382The length of each message is contained in the message header. 1383.Pp 1384The third level name is a protocol number, which is currently always\ 0. 1385The fourth level name is an address family, which may be set to 0 to 1386select all address families. 1387The fifth and sixth level names are as follows: 1388.Bl -column "Fifth level name" "Sixth level is:" -offset indent 1389.It Sy Fifth level name Ta Sy Sixth level is : 1390.It NET_RT_FLAGS rtflags 1391.It NET_RT_DUMP None 1392.It NET_RT_IFLIST None 1393.El 1394.It Li net.inet ( Dv PF_INET ) 1395Get or set various global information about the IPv4 1396.Pq Internet Protocol version 4 . 1397The third level name is the protocol. 1398The fourth level name is the variable name. 1399The currently defined protocols and names are: 1400.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent 1401.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable 1402.It arp down integer yes 1403.It arp keep integer yes 1404.It arp log_movements integer yes 1405.It arp log_permanent_modify integer yes 1406.It arp log_unknown_network integer yes 1407.It arp log_wrong_iface integer yes 1408.It carp allow integer yes 1409.It carp preempt integer yes 1410.It carp log integer yes 1411.It carp arpbalance integer yes 1412.It icmp errppslimit integer yes 1413.It icmp maskrepl integer yes 1414.It icmp rediraccept integer yes 1415.It icmp redirtimeout integer yes 1416.It icmp bmcastecho integer yes 1417.It ip allowsrcrt integer yes 1418.It ip anonportalgo.selected string yes 1419.It ip anonportalgo.available string yes 1420.It ip anonportalgo.reserve struct yes 1421.It ip anonportmax integer yes 1422.It ip anonportmin integer yes 1423.It ip checkinterface integer yes 1424.It ip dad_count integer yes 1425.It ip directed-broadcast integer yes 1426.It ip do_loopback_cksum integer yes 1427.It ip forwarding integer yes 1428.It ip forwsrcrt integer yes 1429.It ip gifttl integer yes 1430.It ip grettl integer yes 1431.It ip hashsize integer yes 1432.It ip hostzerobroadcast integer yes 1433.It ip lowportmin integer yes 1434.It ip lowportmax integer yes 1435.It ip maxflows integer yes 1436.It ip maxfragpackets integer yes 1437.It ip mtudisc integer yes 1438.It ip mtudisctimeout integer yes 1439.It ip random_id integer yes 1440.It ip redirect integer yes 1441.It ip subnetsarelocal integer yes 1442.It ip ttl integer yes 1443.It tcp rfc1323 integer yes 1444.It tcp sendspace integer yes 1445.It tcp recvspace integer yes 1446.It tcp mssdflt integer yes 1447.It tcp syn_cache_limit integer yes 1448.It tcp syn_bucket_limit integer yes 1449.It tcp syn_cache_interval integer yes 1450.It tcp init_win integer yes 1451.It tcp init_win_local integer yes 1452.It tcp mss_ifmtu integer yes 1453.It tcp win_scale integer yes 1454.It tcp timestamps integer yes 1455.It tcp cwm integer yes 1456.It tcp cwm_burstsize integer yes 1457.It tcp ack_on_push integer yes 1458.It tcp keepidle integer yes 1459.It tcp keepintvl integer yes 1460.It tcp keepcnt integer yes 1461.It tcp slowhz integer no 1462.It tcp keepinit integer yes 1463.It tcp log_refused integer yes 1464.It tcp rstppslimit integer yes 1465.It tcp ident struct no 1466.It tcp drop struct no 1467.It tcp sack.enable integer yes 1468.It tcp sack.globalholes integer no 1469.It tcp sack.globalmaxholes integer yes 1470.It tcp sack.maxholes integer yes 1471.It tcp ecn.enable integer yes 1472.It tcp ecn.maxretries integer yes 1473.It tcp congctl.selected string yes 1474.It tcp congctl.available string yes 1475.It tcp abc.enable integer yes 1476.It tcp abc.aggressive integer yes 1477.It udp checksum integer yes 1478.It udp do_loopback_cksum integer yes 1479.It udp recvspace integer yes 1480.It udp sendspace integer yes 1481.El 1482.Pp 1483The variables are as follows: 1484.Bl -tag -width "123456" 1485.It Li arp.down 1486Failed ARP entry lifetime. 1487.It Li arp.keep 1488Valid ARP entry lifetime. 1489.It Li carp.allow 1490If set to 0, incoming 1491.Xr carp 4 1492packets will not be processed. 1493If set to any other value, processing will occur. 1494Enabled by default. 1495.It Li carp.arpbalance 1496If set to any value other than 0, the ARP balancing functionality of 1497.Xr carp 4 1498is enabled. 1499When ARP requests are received for an IP address which is part of any virtual 1500host, carp will hash the source IP in the ARP request to select one of the 1501virtual hosts from the set of all the virtual hosts which have that IP address. 1502The master of that host will respond with the correct virtual MAC address. 1503Disabled by default. 1504.It Li carp.log 1505If set to any value other than 0, 1506.Xr carp 4 1507will log errors. 1508Disabled by default. 1509.It Li carp.preempt 1510If set to 0, 1511.Xr carp 4 1512will not attempt to become master if it is receiving advertisements from 1513another active master. 1514If set to any other value, carp will become master of the virtual host if it 1515believes it can send advertisements more frequently than the current master. 1516Disabled by default. 1517.It Li ip.allowsrcrt 1518If set to 1, the host accepts source routed packets. 1519.It Li ip.anonportalgo.available 1520The available RFC 6056 port randomization algorithms. 1521.It Li ip.anonportalgo.reserve 1522A bitmask of ports that will not be used during anonymous or privileged 1523port selection. 1524.It Li ip.anonportalgo.selected 1525The currently selected RFC 6056 port randomization algorithm. 1526.It Li ip.anonportmax 1527The highest port number to use for TCP and UDP ephemeral port allocation. 1528This cannot be set to less than 1024 or greater than 65535, and must 1529be greater than 1530.Li ip.anonportmin . 1531.It Li ip.anonportmin 1532The lowest port number to use for TCP and UDP ephemeral port allocation. 1533This cannot be set to less than 1024 or greater than 65535. 1534.It Li ip.checkinterface 1535If set to non-zero, the host will reject packets addressed to it 1536that arrive on an interface not bound to that address. 1537Currently, this must be disabled if NAT is used to translate the 1538destination address to another local interface, or if addresses 1539are added to the loopback interface instead of the interface where 1540the packets for those packets are received. 1541.It Li ip.dad_count 1542The number of 1543.Xr arp 4 1544probes sent for Address Conflict Detection. 1545Set to 0 to disable this. 1546.It Li ip.directed-broadcast 1547If set to 1, enables directed broadcast behavior for the host. 1548.It Li ip.do_loopback_cksum 1549Perform IP checksum on loopback. 1550.It Li ip.forwarding 1551If set to 1, enables IP forwarding for the host, 1552meaning that the host is acting as a router. 1553.It Li ip.forwsrcrt 1554If set to 1, enables forwarding of source-routed packets for the host. 1555This value may only be changed if the kernel security level is less than 1. 1556.It Li ip.gifttl 1557The maximum time-to-live (hop count) value for an IPv4 packet generated by 1558.Xr gif 4 1559tunnel interface. 1560.It Li ip.grettl 1561The maximum time-to-live (hop count) value for an IPv4 packet generated by 1562.Xr gre 4 1563tunnel interface. 1564.It Li ip.hashsize 1565The size of IPv4 Fast Forward hash table. 1566This value must be a power of 2 (64, 256...). 1567A larger hash table size results in fewer collisions. 1568Also see 1569.Li ip.maxflows . 1570.It Li ip.hostzerobroadcast 1571All zeroes address is broadcast address. 1572.It Li ip.lowportmax 1573The highest port number to use for TCP and UDP reserved port allocation. 1574This cannot be set to less than 0 or greater than 1024, and must 1575be greater than 1576.Li ip.lowportmin . 1577.It Li ip.lowportmin 1578The lowest port number to use for TCP and UDP reserved port allocation. 1579This cannot be set to less than 0 or greater than 1024, and must 1580be smaller than 1581.Li ip.lowportmax . 1582.It Li ip.maxflows 1583IPv4 Fast Forwarding is enabled by default. 1584If set to 0, IPv4 Fast Forwarding is disabled. 1585.Li ip.maxflows 1586controls the maximum amount of flows which can be created. 1587The default value is 256. 1588.It Li ip.maxfragpackets 1589The maximum number of fragmented packets the node will accept. 15900 means that the node will not accept any fragmented packets. 1591\-1 means that the node will accept as many fragmented packets as it receives. 1592The flag is provided basically for avoiding possible DoS attacks. 1593.It Li ip.mtudisc 1594If set to 1, enables Path MTU Discovery (RFC 1191). 1595When Path MTU Discovery is enabled, the transmitted TCP segment 1596size will be determined by the advertised maximum segment size 1597(MSS) from the remote end, as constrained by the path MTU. 1598If MTU Discovery is disabled, the transmitted segment size will 1599never be greater than 1600.Li tcp.mssdflt 1601(the local maximum segment size). 1602.It Li ip.mtudisctimeout 1603The number of seconds in which a route added by the Path MTU 1604Discovery engine will time out. 1605When the route times out, the Path 1606MTU Discovery engine will attempt to probe a larger path MTU. 1607.It Li ip.random_id 1608Assign random ip_id values. 1609.It Li ip.redirect 1610If set to 1, ICMP redirects may be sent by the host. 1611This option is ignored unless the host is routing IP packets, 1612and should normally be enabled on all systems. 1613.It Li ip.subnetsarelocal 1614If set to 1, subnets are to be considered local addresses. 1615.It Li ip.ttl 1616The maximum time-to-live (hop count) value for an IP packet sourced by 1617the system. 1618This value applies to normal transport protocols, not to ICMP. 1619.It Li icmp.errppslimit 1620The variable specifies the maximum number of outgoing ICMP error messages, 1621per second. 1622ICMP error messages that exceeded the value are subject to rate limitation 1623and will not go out from the node. 1624Negative value disables rate limitation. 1625.It Li icmp.maskrepl 1626If set to 1, ICMP network mask requests are to be answered. 1627.It Li icmp.rediraccept 1628If set to non-zero, the host will accept ICMP redirect packets. 1629Note that routers will never accept ICMP redirect packets, 1630and the variable is meaningful on IP hosts only. 1631.It Li icmp.redirtimeout 1632The variable specifies lifetime of routing entries generated by incoming 1633ICMP redirect. 1634This defaults to 600 seconds. 1635.It Li icmp.returndatabytes 1636Number of bytes to return in an ICMP error message. 1637.It Li icmp.bmcastecho 1638If set to 1, enables responding to ICMP echo or timestamp request to the 1639broadcast address. 1640.It Li tcp.ack_on_push 1641If set to 1, TCP is to immediately transmit an ACK upon reception of 1642a packet with PUSH set. 1643This can avoid losing a round trip time in some rare situations, 1644but has the caveat of potentially defeating TCP's delayed ACK algorithm. 1645Use of this option is generally not recommended, but 1646the variable exists in case your configuration really needs it. 1647.It Li tcp.cwm 1648If set to 1, enables use of the Hughes/Touch/Heidemann Congestion Window 1649Monitoring algorithm. 1650This algorithm prevents line-rate bursts of packets that could 1651otherwise occur when data begins flowing on an idle TCP connection. 1652These line-rate bursts can contribute to network and router congestion. 1653This can be particularly useful on World Wide Web servers 1654which support HTTP/1.1, which has lingering connections. 1655.It Li tcp.cwm_burstsize 1656The Congestion Window Monitoring allowed burst size, in terms 1657of packet count. 1658.It Li tcp.delack_ticks 1659Number of ticks to delay sending an ACK. 1660.It Li tcp.do_loopback_cksum 1661Perform TCP checksum on loopback. 1662.It Li tcp.init_win 1663A value indicating the TCP initial congestion window. 1664The valid range 1665is 0 to 10 (maximum specified by RFC6928), 1666with a default of 4 (approximately 4K per RFC3390). 1667.It Li tcp.init_win_local 1668Like 1669.Li tcp.init_win , 1670but used when communicating with hosts on a local network. 1671.It Li tcp.keepcnt 1672Number of keepalive probes sent before declaring a connection dead. 1673If set to zero, there is no limit; 1674keepalives will be sent until some kind of 1675response is received from the peer. 1676.It Li tcp.keepidle 1677Time a connection must be idle before keepalives are sent (if keepalives 1678are enabled for the connection). 1679See also tcp.slowhz. 1680.It Li tcp.keepintvl 1681Time after a keepalive probe is sent until, in the absence of any response, 1682another probe is sent. 1683See also tcp.slowhz. 1684.It Li tcp.log_refused 1685If set to 1, refused TCP connections to the host will be logged. 1686.It Li tcp.keepinit 1687Timeout in seconds during connection establishment. 1688.It Li tcp.mss_ifmtu 1689If set to 1, TCP calculates the outgoing maximum segment size based on 1690the MTU of the appropriate interface. 1691If set to 0, it is calculated based on the greater of the MTU of the 1692interface, and the largest (non-loopback) interface MTU on the system. 1693.It Li tcp.mssdflt 1694The default maximum segment size both advertised to the peer 1695and to use when either the peer does not advertise a maximum segment size to 1696us during connection setup or Path MTU Discovery 1697.Li ( ip.mtudisc ) 1698is disabled. 1699Do not change this value unless you really know what you are doing. 1700.It Li tcp.recvspace 1701The default TCP receive buffer size. 1702.It Li tcp.rfc1323 1703If set to 1, enables RFC 1323 extensions to TCP. 1704.It Li tcp.rstppslimit 1705The variable specifies the maximum number of outgoing TCP RST packets, 1706per second. 1707TCP RST packet that exceeded the value are subject to rate limitation 1708and will not go out from the node. 1709Negative value disables rate limitation. 1710.It Li tcp.ident 1711Return the user ID of a connected socket pair. 1712(RFC1413 Identification Protocol lookups.) 1713.It Li tcp.drop 1714Drop a TCP socket pair connection. 1715.It Li tcp.sack.enable 1716If set to 1, enables RFC 2018 Selective ACKnowledgement. 1717.It Li tcp.sack.globalholes 1718Global number of TCP SACK holes. 1719.It Li tcp.sack.globalmaxholes 1720Global maximum number of TCP SACK holes. 1721.It Li tcp.sack.maxholes 1722Maximum number of TCP SACK holes allowed per connection. 1723.It Li tcp.ecn.enable 1724If set to 1, enables RFC 3168 Explicit Congestion Notification. 1725.It Li tcp.ecn.maxretries 1726Number of times to retry sending the ECN-setup packet. 1727.It Li tcp.sendspace 1728The default TCP send buffer size. 1729.It Li tcp.slowhz 1730The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks 1731of a clock that ticks tcp.slowhz times per second. 1732(That is, their values 1733must be divided by the tcp.slowhz value to get times in seconds.) 1734.It Li tcp.syn_bucket_limit 1735The maximum number of entries allowed per hash bucket in the TCP 1736compressed state engine. 1737.It Li tcp.syn_cache_limit 1738The maximum number of entries allowed in the TCP compressed state 1739engine. 1740.It Li tcp.timestamps 1741If rfc1323 is enabled, a value of 1 indicates RFC 1323 time stamp options, 1742used for measuring TCP round trip times, are enabled. 1743.It Li tcp.win_scale 1744If rfc1323 is enabled, a value of 1 indicates RFC 1323 window scale options, 1745for increasing the TCP window size, are enabled. 1746.It Li tcp.congctl.available 1747The available TCP congestion control algorithms. 1748.It Li tcp.congctl.selected 1749The currently selected TCP congestion control algorithm. 1750.It Li tcp.abc.enable 1751If set to 1, use RFC 3465 Appropriate Byte Counting (ABC). 1752If set to 0, use traditional Packet Counting. 1753.It Li tcp.abc.aggressive 1754Choose the L parameter found in RFC 3465. 1755L is the maximum cwnd increase for an ack during slow start. 1756If set to 1, use L=2*SMSS. 1757If set to 0, use L=1*SMSS. 1758It has no effect unless tcp.abc.enable is set to 1. 1759.It Li udp.checksum 1760If set to 1, UDP checksums are being computed. 1761Received non-zero UDP checksums are always checked. 1762Disabling UDP checksums is strongly discouraged. 1763.It Li udp.recvspace 1764The default UDP receive buffer size. 1765.It Li udp.sendspace 1766The default UDP send buffer size. 1767.El 1768.Pp 1769For variables net.*.ipsec, please refer to 1770.Xr ipsec 4 . 1771.It Li net.inet6 ( Dv PF_INET6 ) 1772Get or set various global information about the IPv6 1773.Pq Internet Protocol version 6 . 1774The third level name is the protocol. 1775The fourth level name is the variable name. 1776The currently defined protocols and names are: 1777.Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent 1778.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable 1779.It icmp6 errppslimit integer yes 1780.It icmp6 mtudisc_hiwat integer yes 1781.It icmp6 mtudisc_lowat integer yes 1782.It icmp6 nd6_debug integer yes 1783.It icmp6 nd6_delay integer yes 1784.It icmp6 nd6_maxnudhint integer yes 1785.It icmp6 nd6_mmaxtries integer yes 1786.It icmp6 nd6_prune integer yes 1787.It icmp6 nd6_umaxtries integer yes 1788.It icmp6 nd6_useloopback integer yes 1789.It icmp6 nodeinfo integer yes 1790.It icmp6 rediraccept integer yes 1791.It icmp6 redirtimeout integer yes 1792.It ip6 accept_rtadv integer yes 1793.It ip6 addctlpolicy struct in6_addrpolicy no 1794.It ip6 anonportalgo.selected string yes 1795.It ip6 anonportalgo.available string yes 1796.It ip6 anonportalgo.reserve struct yes 1797.It ip6 anonportmax integer yes 1798.It ip6 anonportmin integer yes 1799.It ip6 auto_flowlabel integer yes 1800.It ip6 dad_count integer yes 1801.It ip6 defmcasthlim integer yes 1802.It ip6 forwarding integer yes 1803.It ip6 gifhlim integer yes 1804.It ip6 hashsize integer yes 1805.It ip6 hlim integer yes 1806.It ip6 hdrnestlimit integer yes 1807.It ip6 kame_version string no 1808.It ip6 keepfaith integer yes 1809.It ip6 log_interval integer yes 1810.It ip6 lowportmax integer yes 1811.It ip6 lowportmin integer yes 1812.It ip6 maxdynroutes integer yes 1813.It ip6 maxifprefixes integer yes 1814.It ip6 maxifdefrouters integer yes 1815.It ip6 maxflows integer yes 1816.It ip6 maxfragpackets integer yes 1817.It ip6 maxfrags integer yes 1818.It ip6 neighborgcthresh integer yes 1819.It ip6 redirect integer yes 1820.It ip6 rr_prune integer yes 1821.It ip6 use_deprecated integer yes 1822.It ip6 v6only integer yes 1823.It udp6 do_loopback_cksum integer yes 1824.It udp6 recvspace integer yes 1825.It udp6 sendspace integer yes 1826.El 1827.Pp 1828The variables are as follows: 1829.Bl -tag -width "123456" 1830.It Li ip6.accept_rtadv 1831If set to non-zero, the node will accept ICMPv6 router advertisement packets 1832and autoconfigures address prefixes and default routers. 1833The node must be a host 1834.Pq not a router 1835for the option to be meaningful. 1836.It Li ip6.anonportalgo.available 1837The available RFC 6056 port randomization algorithms. 1838.It Li ip6.anonportalgo.reserve 1839A bitmask of ports that will not be used during anonymous or privileged 1840port selection. 1841.It Li ip6.anonportalgo.selected 1842The currently selected RFC 6056 port randomization algorithm. 1843.It Li ip6.anonportmax 1844The highest port number to use for TCP and UDP ephemeral port allocation. 1845This cannot be set to less than 1024 or greater than 65535, and must 1846be greater than 1847.Li ip6.anonportmin . 1848.It Li ip6.anonportmin 1849The lowest port number to use for TCP and UDP ephemeral port allocation. 1850This cannot be set to less than 1024 or greater than 65535. 1851.It Li ip6.auto_flowlabel 1852On connected transport protocol packets, 1853fill IPv6 flowlabel field to help intermediate routers to identify packet flows. 1854.It Li ip6.dad_count 1855The variable configures number of IPv6 DAD 1856.Pq duplicated address detection 1857probe packets. 1858The packets will be generated when IPv6 interface addresses are configured. 1859.It Li ip6.defmcasthlim 1860The default hop limit value for an IPv6 multicast packet sourced by the node. 1861This value applies to all the transport protocols on top of IPv6. 1862There are APIs to override the value, as documented in 1863.Xr ip6 4 . 1864.It Li ip6.forwarding 1865If set to 1, enables IPv6 forwarding for the node, 1866meaning that the node is acting as a router. 1867If set to 0, disables IPv6 forwarding for the node, 1868meaning that the node is acting as a host. 1869IPv6 specification defines node behavior for 1870.Dq router 1871case and 1872.Dq host 1873case quite differently, and changing this variable during operation 1874may cause serious trouble. 1875It is recommended to configure the variable at bootstrap time, 1876and bootstrap time only. 1877.It Li ip6.gifhlim 1878The maximum hop limit value for an IPv6 packet generated by 1879.Xr gif 4 1880tunnel interface. 1881.It Li ip6.hdrnestlimit 1882The number of IPv6 extension headers permitted on incoming IPv6 packets. 1883If set to 0, the node will accept as many extension headers as possible. 1884.It Li ip6.hashsize 1885The size of IPv6 Fast Forward hash table. 1886This value must be a power of 2 (64, 256, ...). 1887A larger hash table size results in fewer collisions. 1888Also see 1889.Li ip6.maxflows . 1890.It Li ip6.hlim 1891The default hop limit value for an IPv6 unicast packet sourced by the node. 1892This value applies to all the transport protocols on top of IPv6. 1893There are APIs to override the value, as documented in 1894.Xr ip6 4 . 1895.It Li ip6.kame_version 1896The string identifies the version of KAME IPv6 stack implemented in the kernel. 1897.It Li ip6.keepfaith 1898If set to non-zero, it enables 1899.Dq FAITH 1900TCP relay IPv6-to-IPv4 translator code in the kernel. 1901Refer 1902.Xr faith 4 1903and 1904.Xr faithd 8 1905for detail. 1906.It Li ip6.log_interval 1907The variable controls amount of logs generated by IPv6 packet 1908forwarding engine, by setting interval between log output 1909.Pq in seconds . 1910.It Li ip6.lowportmax 1911The highest port number to use for TCP and UDP reserved port allocation. 1912This cannot be set to less than 0 or greater than 1024, and must 1913be greater than 1914.Li ip6.lowportmin . 1915.It Li ip6.lowportmin 1916The lowest port number to use for TCP and UDP reserved port allocation. 1917This cannot be set to less than 0 or greater than 1024, and must 1918be smaller than 1919.Li ip6.lowportmax . 1920.It Li ip6.maxdynroutes 1921Maximum number of routes created by redirect. 1922Set it to negative to disable. 1923The default value is 4096. 1924.It Li ip6.maxifprefixes 1925Maximum number of prefixes created by route advertisements per interface. 1926Set it to negative to disable. 1927The default value is 16. 1928.It Li ip6.maxifdefrouters 16 1929Maximum number of default routers created by route advertisements per interface. 1930Set it to negative to disable. 1931The default value is 16. 1932.It Li ip6.maxflows 1933IPv6 Fast Forwarding is enabled by default. 1934If set to 0, IPv6 Fast Forwarding is disabled. 1935.Li ip6.maxflows 1936controls the maximum amount of flows which can be created. 1937The default value is 256. 1938.It Li ip6.maxfragpackets 1939The maximum number of fragmented packets the node will accept. 19400 means that the node will not accept any fragmented packets. 1941\-1 means that the node will accept as many fragmented packets as it receives. 1942The flag is provided basically for avoiding possible DoS attacks. 1943.It Li ip6.maxfrags 1944The maximum number of fragments the node will accept. 19450 means that the node will not accept any fragments. 1946\-1 means that the node will accept as many fragments as it receives. 1947The flag is provided basically for avoiding possible DoS attacks. 1948.It Li ip6.neighborgcthresh 1949Maximum number of entries in neighbor cache per interface. 1950Set to negative to disable. 1951The default value is 2048. 1952.It Li ip6.redirect 1953If set to 1, ICMPv6 redirects may be sent by the node. 1954This option is ignored unless the node is routing IP packets, 1955and should normally be enabled on all systems. 1956.It Li ip6.rr_prune 1957The variable specifies interval between IPv6 router renumbering prefix 1958babysitting, in seconds. 1959.It Li ip6.use_deprecated 1960The variable controls use of deprecated address, specified in RFC 2462 5.5.4. 1961.It Li ip6.v6only 1962The variable specifies initial value for 1963.Dv IPV6_V6ONLY 1964socket option for 1965.Dv AF_INET6 1966socket. 1967Please refer to 1968.Xr ip6 4 1969for detail. 1970.It Li icmp6.errppslimit 1971The variable specifies the maximum number of outgoing ICMPv6 error messages, 1972per second. 1973ICMPv6 error messages that exceeded the value are subject to rate limitation 1974and will not go out from the node. 1975Negative value disables rate limitation. 1976.It Li icmp6.mtudisc_hiwat 1977.It Li icmp6.mtudisc_lowat 1978The variables define the maximum number of routing table entries, 1979created due to path MTU discovery 1980.Pq prevents denial-of-service attacks with ICMPv6 too big messages . 1981When IPv6 path MTU discovery happens, we keep path MTU information into 1982the routing table. 1983If the number of routing table entries exceed the value, 1984the kernel will not attempt to keep the path MTU information. 1985.Li icmp6.mtudisc_hiwat 1986is used when we have verified ICMPv6 too big messages. 1987.Li icmp6.mtudisc_lowat 1988is used when we have unverified ICMPv6 too big messages. 1989Verification is performed by using address/port pairs kept in connected pcbs. 1990Negative value disables the upper limit. 1991.It Li icmp6.nd6_debug 1992If set to non-zero, kernel IPv6 neighbor discovery code will generate 1993debugging messages. 1994The debug outputs are useful to diagnose IPv6 interoperability issues. 1995The flag must be set to 0 for normal operation. 1996.It Li icmp6.nd6_delay 1997The variable specifies 1998.Dv DELAY_FIRST_PROBE_TIME 1999timing constant in IPv6 neighbor discovery specification 2000.Pq RFC 2461 , 2001in seconds. 2002.It Li icmp6.nd6_maxnudhint 2003IPv6 neighbor discovery permits upper layer protocols to supply reachability 2004hints, to avoid unnecessary neighbor discovery exchanges. 2005The variable defines the number of consecutive hints the neighbor discovery 2006layer will take. 2007For example, by setting the variable to 3, neighbor discovery layer 2008will take 3 consecutive hints in maximum. 2009After receiving 3 hints, neighbor discovery layer will perform 2010normal neighbor discovery process. 2011.It Li icmp6.nd6_mmaxtries 2012The variable specifies 2013.Dv MAX_MULTICAST_SOLICIT 2014constant in IPv6 neighbor discovery specification 2015.Pq RFC 2461 . 2016.It Li icmp6.nd6_prune 2017The variable specifies interval between IPv6 neighbor cache babysitting, 2018in seconds. 2019.It Li icmp6.nd6_umaxtries 2020The variable specifies 2021.Dv MAX_UNICAST_SOLICIT 2022constant in IPv6 neighbor discovery specification 2023.Pq RFC 2461 . 2024.It Li icmp6.nd6_useloopback 2025If set to non-zero, kernel IPv6 stack will use loopback interface for 2026local traffic. 2027.It Li icmp6.nodeinfo 2028The variable enables responses to ICMPv6 node information queries. 2029If you set the variable to 0, responses will not be generated for 2030ICMPv6 node information queries. 2031Since node information queries can have a security impact, it is 2032possible to fine tune which responses should be answered. 2033Two separate bits can be set. 2034.Bl -tag -width "12345" 2035.It 1 2036Respond to ICMPv6 FQDN queries, e.g. 2037.Li ping6 -w . 2038.It 2 2039Respond to ICMPv6 node addresses queries, e.g. 2040.Li ping6 -a . 2041.El 2042.It Li icmp6.rediraccept 2043If set to non-zero, the host will accept ICMPv6 redirect packets. 2044Note that IPv6 routers will never accept ICMPv6 redirect packets, 2045and the variable is meaningful on IPv6 hosts 2046.Pq non-router 2047only. 2048.It Li icmp6.redirtimeout 2049The variable specifies lifetime of routing entries generated by incoming 2050ICMPv6 redirect. 2051.It Li udp6.do_loopback_cksum 2052Perform UDP checksum on loopback. 2053.It Li udp6.recvspace 2054Default UDP receive buffer size. 2055.It Li udp6.sendspace 2056Default UDP send buffer size. 2057.El 2058.Pp 2059We reuse net.*.tcp for TCP over IPv6, 2060and therefore we do not have variables net.*.tcp6. 2061Variables net.inet6.udp6 have identical meaning to net.inet.udp. 2062Please refer to 2063.Li PF_INET 2064section above. 2065For variables net.*.ipsec6, please refer to 2066.Xr ipsec 4 . 2067.It Li net.key ( Dv PF_KEY ) 2068Get or set various global information about the IPsec key management. 2069The third level name is the variable name. 2070The currently defined variable and names are: 2071.Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent 2072.It Sy Variable Type Ta Sy Changeable 2073.It debug integer yes 2074.It enabled integer yes 2075.It used integer no 2076.It spi_try integer yes 2077.It spi_min_value integer yes 2078.It spi_max_value integer yes 2079.It larval_lifetime integer yes 2080.It blockacq_count integer yes 2081.It blockacq_lifetime integer yes 2082.It esp_keymin integer yes 2083.It esp_auth integer yes 2084.It ah_keymin integer yes 2085.El 2086The variables are as follows: 2087.Bl -tag -width "123456" 2088.It Li debug 2089Turn on debugging message from within the kernel. 2090The value is a bitmap, as defined in 2091.In netipsec/key_debug.h . 2092.It Li enabled 2093Control processing of IPsec control messages. 2094.Bl -tag -width indent 2095.It 0 2096Never allow IPsec processing 2097.It 1 2098Allow IPsec processing when SPD policies are present. 2099.It 2 2100Force IPsec processing even when SPD policies are not present. 2101.El 2102.It Li used 2103Based on if IPsec is enabled, and SPD rule existence, show if 2104IPsec is being used. 2105Note that currently once IPsec is being used, it cannot be disabled. 2106.It Li spi_try 2107The number of times the kernel will try to obtain an unique SPI 2108when it generates it from random number generator. 2109.It Li spi_min_value 2110Minimum SPI value when generating it within the kernel. 2111.It Li spi_max_value 2112Maximum SPI value when generating it within the kernel. 2113.It Li larval_lifetime 2114Lifetime for LARVAL SAD entries, in seconds. 2115.It Li blockacq_count 2116Number of ACQUIRE PF_KEY messages to be blocked after an ACQUIRE message. 2117It avoids flood of ACQUIRE PF_KEY from being sent from the kernel to the 2118key management daemon. 2119.It Li blockacq_lifetime 2120Lifetime of ACQUIRE PF_KEY message. 2121.It Li esp_keymin 2122Minimum ESP key length, in bits. 2123The value is used when the kernel creates proposal payload 2124on ACQUIRE PF_KEY message. 2125.It Li esp_auth 2126Whether ESP authentication should be used or not. 2127Non-zero value indicates that ESP authentication should be used. 2128The value is used when the kernel creates proposal payload 2129on ACQUIRE PF_KEY message. 2130.It Li ah_keymin 2131Minimum AH key length, in bits, 2132The value is used when the kernel creates proposal payload 2133on ACQUIRE PF_KEY message. 2134.El 2135.It Li net.local ( Dv PF_LOCAL ) 2136Get or set various global information about 2137.Dv AF_LOCAL 2138type sockets. 2139For some variables, the third level name is the variable name: 2140.Bl -column "Variable" "integer" "Changeable" -offset indent 2141.It Sy Variable Type Ta Sy Changeable 2142.It inflight integer no 2143.It deferred integer no 2144.El 2145The variables are as follows: 2146.Bl -tag -width "123456" 2147.It Li inflight 2148The number of file descriptors currently passed between processes, 2149.Qq in flight . 2150.It Li deferred 2151The number of file descriptors passed between processes that have been 2152deferred for cleanup by a kernel task. 2153.El 2154.Pp 2155Other variables are specific to a socket type: 2156.Bl -column "seqpacket" "sendspace" "integer" "Changeable" -offset indent 2157.It Sy "Socket Type" Sy Variable Type Ta Sy Changeable 2158.It dgram pcblist struct no 2159.It dgram recvspace integer yes 2160.It dgram sendspace integer yes 2161.It seqpacket pcblist struct no 2162.It stream pcblist struct no 2163.It stream recvspace integer yes 2164.It stream sendspace integer yes 2165.El 2166The variables are as follows: 2167.Bl -tag -width "123456" 2168.It Li dgram.pcblist 2169The Protocol Control Block list structure for datagram sockets. 2170Parsed by 2171.Xr netstat 1 2172or 2173.Xr sockstat 1 . 2174.It Li dgram.recvspace 2175The default datagram receive buffer size. 2176.It Li dgram.sendspace 2177The default datagram send buffer size. 2178.It Li seqpacket.pcblist 2179The Protocol Control Block list structure for Sequential Packet sockets. 2180Parsed by 2181.Xr netstat 1 2182or 2183.Xr sockstat 1 . 2184.It Li stream.pcblist 2185The Protocol Control Block list structure for stream sockets. 2186Parsed by 2187.Xr netstat 1 2188or 2189.Xr sockstat 1 . 2190.It Li stream.recvspace 2191The default stream receive buffer size. 2192.It Li stream.sendspace 2193The default stream send buffer size. 2194.El 2195.El 2196.Ss The proc.* subtree 2197The string and integer information available for the 2198.Li proc 2199level is detailed below. 2200The changeable column shows whether a process with appropriate 2201privilege may change the value. 2202These values are per-process, 2203and as such may change from one process to another. 2204When a process is created, 2205the default values are inherited from its parent. 2206When a set-user-ID or set-group-ID binary is executed, the 2207value of PROC_PID_CORENAME is reset to the system default value. 2208The second level name is either the magic value PROC_CURPROC, which 2209points to the current process, or the PID of the target process. 2210.Bl -column "proc.pid.corename" "string" "not applicable" -offset indent 2211.It Sy Third level name Ta Sy Type Ta Sy Changeable 2212.It proc.pid.corename string yes 2213.It proc.pid.rlimit node not applicable 2214.It proc.pid.stopfork int yes 2215.It proc.pid.stopexec int yes 2216.It proc.pid.stopexit int yes 2217.It proc.pid.paxflags int no 2218.El 2219.Bl -tag -width "123456" 2220.It Li proc.pid.corename ( Dv PROC_PID_CORENAME ) 2221The template used for the core dump file name (see 2222.Xr core 5 2223for details). 2224The base name must either be 2225.Pa core 2226or end with the suffix 2227.Pa .core 2228(the super-user may set arbitrary names). 2229By default it points to 2230.Dv KERN_DEFCORENAME . 2231.It Li proc.pid.rlimit ( Dv PROC_PID_LIMIT ) 2232Return resources limits, as defined for the 2233.Xr getrlimit 2 2234and 2235.Xr setrlimit 2 2236system calls. 2237The fourth level name is one of: 2238.Bl -tag -width "123456" 2239.It Li proc.pid.rlimit.cputime ( Dv PROC_PID_LIMIT_CPU ) 2240The maximum amount of CPU time (in seconds) to be used by each process. 2241.It Li proc.pid.rlimit.filesize ( Dv PROC_PID_LIMIT_FSIZE ) 2242The largest size (in bytes) file that may be created. 2243.It Li proc.pid.rlimit.datasize ( Dv PROC_PID_LIMIT_DATA ) 2244The maximum size (in bytes) of the data segment for a process; 2245this defines how far a program may extend its break with the 2246.Xr sbrk 2 2247system call. 2248.It Li proc.pid.rlimit.stacksize ( Dv PROC_PID_LIMIT_STACK ) 2249The maximum size (in bytes) of the stack segment for a process; 2250this defines how far a program's stack segment may be extended. 2251Stack extension is performed automatically by the system. 2252.It Li proc.pid.rlimit.coredumpsize ( Dv PROC_PID_LIMIT_CORE ) 2253The largest size (in bytes) 2254.Pa core 2255file that may be created. 2256.It Li proc.pid.rlimit.memoryuse ( Dv PROC_PID_LIMIT_RSS ) 2257The maximum size (in bytes) to which a process's resident set size may 2258grow. 2259This imposes a limit on the amount of physical memory to be given to 2260a process; if memory is tight, the system will prefer to take memory 2261from processes that are exceeding their declared resident set size. 2262.It Li proc.pid.rlimit.memorylocked ( Dv PROC_PID_LIMIT_MEMLOCK ) 2263The maximum size (in bytes) which a process may lock into memory 2264using the 2265.Xr mlock 2 2266function. 2267.It Li proc.pid.rlimit.maxproc ( Dv PROC_PID_LIMIT_NPROC ) 2268The maximum number of simultaneous processes for this user id. 2269.It Li proc.pid.rlimit.descriptors ( Dv PROC_PID_LIMIT_NOFILE ) 2270The maximum number of open files for this process. 2271.It Li proc.pid.rlimit.sbsize ( Dv PROC_PID_LIMIT_SBSIZE ) 2272The maximum size (in bytes) of the socket buffers 2273set by the 2274.Xr setsockopt 2 2275.Dv SO_RCVBUF 2276and 2277.Dv SO_SNDBUF 2278options. 2279.It Li proc.pid.rlimit.vmemoryuse ( Dv PROC_PID_LIMIT_AS ) 2280The maximum size (in bytes) which a process can obtain. 2281.It Li proc.pid.rlimit.maxlwp ( Dv PROC_PID_LIMIT_NTHR ) 2282The maximum number of threads that cen be created and running at one time in 2283the process. 2284The first thread of each process is not counted against this. 2285.El 2286.Pp 2287The fifth level name is one of 2288.Li soft ( Dv PROC_PID_LIMIT_TYPE_SOFT ) 2289or 2290.Li hard ( Dv PROC_PID_LIMIT_TYPE_HARD ) , 2291to select respectively the soft or hard limit. 2292Both are of type integer. 2293.It Li proc.pid.stopfork ( Dv PROC_PID_STOPFORK ) 2294If non zero, the process' children will be stopped after 2295.Xr fork 2 2296calls. 2297The children are created in the SSTOP state and are never scheduled 2298for running before being stopped. 2299This feature enables attaching to a process with a debugger such as 2300.Xr gdb 1 2301before the process has the opportunity to actually do anything. 2302.Pp 2303This value is inherited by the process's children, and it also 2304applies to emulation specific system calls that fork a new process, such as 2305.Fn sproc 2306or 2307.Fn clone . 2308.It Li proc.pid.stopexec ( Dv PROC_PID_STOPEXEC ) 2309If non zero, the process will be stopped on the next 2310.Xr exec 3 2311call. 2312The process created by 2313.Xr exec 3 2314is created in the SSTOP state and is never scheduled for running 2315before being stopped. 2316This feature enables attaching to a process with a debugger such as 2317.Xr gdb 1 2318before the process has the opportunity to actually do anything. 2319.Pp 2320This value is inherited by the process's children. 2321.It Li proc.pid.stopexit ( Dv PROC_PID_STOPEXIT ) 2322If non zero, the process will be stopped when it has cause to exit, 2323either by way of calling 2324.Xr exit 3 , 2325.Xr _exit 2 , 2326or by the receipt of a specific signal. 2327The process is stopped before any of its resources or vm space is 2328released allowing examination of the termination state of the process 2329before it disappears. 2330This feature can be used to examine the final conditions of the 2331process's vmspace via 2332.Xr pmap 1 2333or its resource settings with 2334.Xr sysctl 8 2335before it disappears. 2336.Pp 2337This value is also inherited by the process's children. 2338.It Li proc.pid.paxflags ( Dv PROC_PID_PAXFLAGS ) 2339This read-only variable returns the current value of the process's pax 2340flags (see 2341.Xr paxctl 8 ) . 2342.El 2343.Ss The user.* subtree ( Dv CTL_USER ) 2344The string and integer information available for the 2345.Li user 2346level is detailed below. 2347The changeable column shows whether a process with appropriate 2348privilege may change the value. 2349.Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent 2350.It Sy Second level name Ta Sy Type Ta Sy Changeable 2351.It user.atexit_max integer no 2352.It user.bc_base_max integer no 2353.It user.bc_dim_max integer no 2354.It user.bc_scale_max integer no 2355.It user.bc_string_max integer no 2356.It user.coll_weights_max integer no 2357.It user.cs_path string no 2358.It user.expr_nest_max integer no 2359.It user.line_max integer no 2360.It user.posix2_c_bind integer no 2361.It user.posix2_c_dev integer no 2362.It user.posix2_char_term integer no 2363.It user.posix2_fort_dev integer no 2364.It user.posix2_fort_run integer no 2365.It user.posix2_localedef integer no 2366.It user.posix2_sw_dev integer no 2367.It user.posix2_upe integer no 2368.It user.posix2_version integer no 2369.It user.re_dup_max integer no 2370.It user.stream_max integer no 2371.It user.stream_max integer no 2372.It user.tzname_max integer no 2373.El 2374.Bl -tag -width "123456" 2375.It Li user.atexit_max ( Dv USER_ATEXIT_MAX ) 2376The maximum number of functions that may be registered with 2377.Xr atexit 3 . 2378.It Li user.bc_base_max ( Dv USER_BC_BASE_MAX ) 2379The maximum ibase/obase values in the 2380.Xr bc 1 2381utility. 2382.It Li user.bc_dim_max ( Dv USER_BC_DIM_MAX ) 2383The maximum array size in the 2384.Xr bc 1 2385utility. 2386.It Li user.bc_scale_max ( Dv USER_BC_SCALE_MAX ) 2387The maximum scale value in the 2388.Xr bc 1 2389utility. 2390.It Li user.bc_string_max ( Dv USER_BC_STRING_MAX ) 2391The maximum string length in the 2392.Xr bc 1 2393utility. 2394.It Li user.coll_weights_max ( Dv USER_COLL_WEIGHTS_MAX ) 2395The maximum number of weights that can be assigned to any entry of 2396the LC_COLLATE order keyword in the locale definition file. 2397.It Li user.cs_path ( USER_CS_PATH ) 2398Return a value for the 2399.Ev PATH 2400environment variable that finds all the standard utilities. 2401.It Li user.expr_nest_max ( Dv USER_EXPR_NEST_MAX ) 2402The maximum number of expressions that can be nested within 2403parenthesis by the 2404.Xr expr 1 2405utility. 2406.It Li user.line_max ( Dv USER_LINE_MAX ) 2407The maximum length in bytes of a text-processing utility's input 2408line. 2409.It Li user.posix2_char_term ( Dv USER_POSIX2_CHAR_TERM ) 2410Return 1 if the system supports at least one terminal type capable of 2411all operations described in 2412.St -p1003.2 , 2413otherwise\ 0. 2414.It Li user.posix2_c_bind ( Dv USER_POSIX2_C_BIND ) 2415Return 1 if the system's C-language development facilities support the 2416C-Language Bindings Option, otherwise\ 0. 2417.It Li user.posix2_c_dev ( Dv USER_POSIX2_C_DEV ) 2418Return 1 if the system supports the C-Language Development Utilities Option, 2419otherwise\ 0. 2420.It Li user.posix2_fort_dev ( Dv USER_POSIX2_FORT_DEV ) 2421Return 1 if the system supports the FORTRAN Development Utilities Option, 2422otherwise\ 0. 2423.It Li user.posix2_fort_run ( Dv USER_POSIX2_FORT_RUN ) 2424Return 1 if the system supports the FORTRAN Runtime Utilities Option, 2425otherwise\ 0. 2426.It Li user.posix2_localedef ( Dv USER_POSIX2_LOCALEDEF ) 2427Return 1 if the system supports the creation of locales, otherwise\ 0. 2428.It Li user.posix2_sw_dev ( Dv USER_POSIX2_SW_DEV ) 2429Return 1 if the system supports the Software Development Utilities Option, 2430otherwise\ 0. 2431.It Li user.posix2_upe ( Dv USER_POSIX2_UPE ) 2432Return 1 if the system supports the User Portability Utilities Option, 2433otherwise\ 0. 2434.It Li user.posix2_version ( Dv USER_POSIX2_VERSION ) 2435The version of 2436.St -p1003.2 2437with which the system attempts to comply. 2438.It Li user.re_dup_max ( Dv USER_RE_DUP_MAX ) 2439The maximum number of repeated occurrences of a regular expression 2440permitted when using interval notation. 2441.It Li user.stream_max ( Dv USER_STREAM_MAX ) 2442The minimum maximum number of streams that a process may have open 2443at any one time. 2444.It Li user.tzname_max ( Dv USER_TZNAME_MAX ) 2445The minimum maximum number of types supported for the name of a 2446timezone. 2447.El 2448.Ss The vm.* subtree ( Dv CTL_VM ) 2449The string and integer information available for the 2450.Li vm 2451level is detailed below. 2452The changeable column shows whether a process with appropriate 2453privilege may change the value. 2454.Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent 2455.It Sy Second level name Ta Sy Type Ta Sy Changeable 2456.It vm.anonmax int yes 2457.It vm.anonmin int yes 2458.It vm.bufcache int yes 2459.It vm.bufmem int no 2460.It vm.bufmem_hiwater int yes 2461.It vm.bufmem_lowater int yes 2462.It vm.execmax int yes 2463.It vm.execmin int yes 2464.It vm.filemax int yes 2465.It vm.filemin int yes 2466.It vm.loadavg struct loadavg no 2467.It vm.maxslp int no 2468.It vm.nkmempages int no 2469.It vm.uspace int no 2470.It vm.uvmexp struct uvmexp no 2471.It vm.uvmexp2 struct uvmexp_sysctl no 2472.It vm.vmmeter struct vmtotal no 2473.It vm.proc.map struct kinfo_vmentry no 2474.It vm.guard_size unsigned int no 2475.It vm.thread_guard_size unsigned int yes 2476.El 2477.Bl -tag -width "123456" 2478.It Li vm.anonmax ( Dv VM_ANONMAX ) 2479The percentage of physical memory which will be reclaimed 2480from other types of memory usage to store anonymous application data. 2481.It Li vm.anonmin ( Dv VM_ANONMIN ) 2482The percentage of physical memory which will be always be available for 2483anonymous application data. 2484.It Li vm.bufcache ( Dv VM_BUFCACHE ) 2485The percentage of physical memory which will be available 2486for the buffer cache. 2487.It Li vm.bufmem ( Dv VM_BUFMEM ) 2488The amount of kernel memory that is being used by the buffer cache. 2489.It Li vm.bufmem_lowater ( Dv VM_BUFMEM_LOWATER ) 2490The minimum amount of kernel memory to reserve for the 2491buffer cache. 2492.It Li vm.bufmem_hiwater ( Dv VM_BUFMEM_HIWATER ) 2493The maximum amount of kernel memory to be used for the 2494buffer cache. 2495.It Li vm.execmax ( Dv VM_EXECMAX ) 2496The percentage of physical memory which will be reclaimed 2497from other types of memory usage to store cached executable data. 2498.It Li vm.execmin ( Dv VM_EXECMIN ) 2499The percentage of physical memory which will be always be available for 2500cached executable data. 2501.It Li vm.filemax ( Dv VM_FILEMAX ) 2502The percentage of physical memory which will be reclaimed 2503from other types of memory usage to store cached file data. 2504.It Li vm.filemin ( Dv VM_FILEMIN ) 2505The percentage of physical memory which will be always be available for 2506cached file data. 2507.It Li vm.loadavg ( Dv VM_LOADAVG ) 2508Return the load average history. 2509The returned data consists of a 2510.Vt struct loadavg . 2511.It Li vm.maxslp ( Dv VM_MAXSLP ) 2512The value of the maxslp kernel global variable. 2513.It Li vm.vmmeter ( Dv VM_METER ) 2514Return system wide virtual memory statistics. 2515The returned data consists of a 2516.Vt struct vmtotal . 2517.It vm.user_va0_disable 2518A flag which controls whether user processes can map virtual address\ 0. 2519.It Li vm.proc.map ( Dv VM_PROC ) 2520The third level is 2521.Dv VM_PROC_MAP , 2522the fourth is the pid of the process to display the vm object entries for, and 2523the fifth is the size of 2524.Vt struct kinfo_vmentry . 2525Returns an array of 2526.Vt struct kinfo_vmentry 2527objects. 2528.It Li vm.uspace ( Dv VM_USPACE ) 2529The number of bytes allocated for each kernel stack. 2530.It Li vm.uvmexp ( Dv VM_UVMEXP ) 2531Return system wide virtual memory statistics. 2532The returned data consists of a 2533.Vt struct uvmexp . 2534.It Li vm.uvmexp2 ( Dv VM_UVMEXP2 ) 2535Return system wide virtual memory statistics. 2536The returned data consists of a 2537.Vt struct uvmexp_sysctl . 2538.It Li vm.guard_size 2539Return system wide guard size for the main thread of a program. 2540.It Li vm.thread_guard_size 2541Return system wide default size for the guard area of all other threads 2542of a program. 2543.\" XXX vm.idlezero 2544.El 2545.Ss The ddb.* subtree ( Dv CTL_DDB ) 2546The information available for the 2547.Li ddb 2548level is detailed below. 2549The changeable column shows whether a process with appropriate 2550privilege may change the value. 2551.Bl -column "Second level name" "integer" "Changeable" -offset indent 2552.It Sy Second level name Ta Sy Type Ta Sy Changeable 2553.It ddb.commandonenter string yes 2554.It ddb.dumpstack integer yes 2555.It ddb.fromconsole integer yes 2556.It ddb.lines integer yes 2557.It ddb.maxoff integer yes 2558.It ddb.maxwidth integer yes 2559.It ddb.onpanic integer yes 2560.It ddb.panicstackframes integer yes 2561.It ddb.radix integer yes 2562.It ddb.tabstops integer yes 2563.It ddb.tee_msgbuf integer yes 2564.El 2565.Bl -tag -width "123456" 2566.It Li ddb.commandonenter 2567If not empty, the string is used as the DDB command to be executed each time 2568DDB is entered. 2569.It Li ddb.dumpstack 2570A value of 1 causes a stack trace to be printed on entering ddb from a panic. 2571A value of 0 disables this behaviour. 2572The default value is 1. 2573.It Li ddb.fromconsole ( Dv DDBCTL_FROMCONSOLE ) 2574If not zero, DDB may be entered by sending a break on a serial 2575console or by a special key sequence on a graphics console. 2576.It Li ddb.lines ( Dv DDBCTL_LINES ) 2577Number of display lines. 2578.It Li ddb.maxoff ( Dv DDBCTL_MAXOFF ) 2579The maximum symbol offset. 2580.It Li ddb.maxwidth ( Dv DDBCTL_MAXWIDTH ) 2581The maximum output line width. 2582.It Li ddb.onpanic ( Dv DDBCTL_ONPANIC ) 2583If greater than zero, DDB will be entered if the kernel panics. 2584A value of 1 causes the system to enter DDB on panic. 2585A value of 0 causes the kernel to attempt to print a stack trace, then 2586reboot, while a value of \-1 means neither a stack trace will be printed 2587nor DDB entered. 2588.It Li ddb.panicstackframes 2589Number of stack frames to display on panic. 2590Useful to avoid scrolling away the interesting frames on a glass tty. 2591Default value is 2592.Dv 65535 2593(all frames), useful value around 2594.Dv 10 . 2595.It Li ddb.radix ( Dv DDBCTL_RADIX ) 2596The input and output radix. 2597.It Li ddb.tabstops ( Dv DDBCTL_TABSTOPS ) 2598Tab width. 2599.It Li ddb.tee_msgbuf 2600If not zero, DDB will output also to the kernel message buffer. 2601.El 2602.Pp 2603Some of these MIB 2604nodes are also available as variables from within the debugger. 2605See 2606.Xr ddb 4 2607for more details. 2608.Ss The security.* subtree ( Dv CTL_SECURITY ) 2609The 2610.Li security 2611level contains various security-related settings for 2612the system. 2613The available second level names are: 2614.Bl -column "Second level name" "integer" "Changeable" -offset indent 2615.It Sy Second level name Ta Sy Type Ta Sy Changeable 2616.It Li security.curtain integer yes 2617.It Li security.models node not applicable 2618.It Li security.pax node not applicable 2619.El 2620.Pp 2621Available settings are detailed below. 2622.Bl -tag -width "123456" 2623.It Li security.curtain 2624If non-zero, will filter return objects according to the user ID 2625requesting information about them, preventing users from 2626accessing any objects they do not own. 2627.Pp 2628At the moment, it affects 2629.Xr ps 1 , 2630.Xr netstat 1 2631(for 2632.Dv PF_INET , 2633.Dv PF_INET6 , 2634and 2635.Dv PF_UNIX 2636PCBs), and 2637.Xr w 1 . 2638.It Li security.models 2639.Nx 2640supports pluggable security models. 2641Every security model used, whether if loaded as a module or built with the system, 2642is required to add an entry to this node with at least one element, 2643.Dq name , 2644indicating the name of the security model. 2645.Pp 2646In addition to the name, any settings and other information private to the 2647security model will be available under this node. 2648See 2649.Xr secmodel 9 2650for more information. 2651.It Li security.pax 2652Settings for PaX \(em exploit mitigation features. 2653For more information on any of the PaX features, please see 2654.Xr paxctl 8 2655and 2656.Xr security 7 . 2657The available third and fourth level names are: 2658.Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \ 2659-offset 2n 2660.It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable 2661.It Li security.pax.aslr.enabled integer yes 2662.\".It Li security.pax.aslr.exec_len integer yes 2663.It Li security.pax.aslr.global integer yes 2664.\".It Li security.pax.aslr.mmap_len integer yes 2665.\".It Li security.pax.aslr.stack_len integer yes 2666.It Li security.pax.mprotect.enabled integer yes 2667.It Li security.pax.mprotect.global integer yes 2668.It Li security.pax.mprotect.ptrace integer yes 2669.It Li security.pax.segvguard.enabled integer yes 2670.It Li security.pax.segvguard.expiry_timeout integer yes 2671.It Li security.pax.segvguard.global integer yes 2672.It Li security.pax.segvguard.max_crashes integer yes 2673.It Li security.pax.segvguard.suspend_timeout integer yes 2674.El 2675.Bl -tag -width "123456" 2676.It Li security.pax.aslr.enabled 2677Enable PaX ASLR (Address Space Layout Randomization). 2678.Pp 2679The value of this 2680knob must be non-zero for PaX ASLR to be enabled, even if a program is set to 2681explicit enable. 2682.\".It Li security.pax.aslr.exec_len 2683.\" XXX: Undocumented. 2684.It Li security.pax.aslr.global 2685Specifies the default global policy for programs without an 2686explicit enable/disable flag. 2687.Pp 2688When non-zero, all programs will get PaX ASLR, except those exempted with 2689.Xr paxctl 8 . 2690Otherwise, all programs will not get PaX ASLR, except those specifically 2691marked as such with 2692.Xr paxctl 8 . 2693.\".It Li security.pax.aslr.mmap_len 2694.\" XXX: Undocumented. 2695.\" .It Li security.pax.aslr.stack_len 2696.\" XXX: Undocumented. 2697.It Li security.pax.mprotect.enabled 2698Enable PaX MPROTECT restrictions. 2699.Pp 2700These are 2701.Xr mprotect 2 2702restrictions to better enforce a W^X policy. 2703The value of this 2704knob must be non-zero for PaX MPROTECT to be enabled, even if a 2705program is set to explicit enable. 2706.It Li security.pax.mprotect.global 2707Specifies the default global policy for programs without an 2708explicit enable/disable flag. 2709.Pp 2710When non-zero, all programs will get the PaX MPROTECT restrictions, 2711except those exempted with 2712.Xr paxctl 8 . 2713Otherwise, all programs will not get the PaX MPROTECT restrictions, 2714except those specifically marked as such with 2715.Xr paxctl 8 . 2716.It Li security.pax.mprotect.ptrace 2717This variable allows 2718.Xr ptrace 2 2719to override PaX MPROTECT permissions. 2720It can have the following values: 2721.Bl -tag -width XX -compact 2722.It 0 2723Does not let override any permissions. 2724.It 1 2725Disables PaX MPROTECT from processes that start executing while traced (default). 2726.It 2 2727Bypasses PaX MPROTECT for all processes being traced. 2728.El 2729.It Li security.pax.segvguard.enabled 2730Enable PaX Segvguard. 2731.Pp 2732PaX Segvguard can detect and prevent certain exploitation attempts, where 2733an attacker may try for example to brute-force function return addresses 2734of respawning daemons. 2735.Pp 2736.Em Note : 2737The 2738.Nx 2739interface and implementation of the Segvguard is still experimental, and may 2740change in future releases. 2741.It Li security.pax.segvguard.expiry_timeout 2742If the max number was not reached within this timeout (in seconds), the entry 2743will expire. 2744.It Li security.pax.segvguard.global 2745Specifies the default global policy for programs without an 2746explicit enable/disable flag. 2747.Pp 2748When non-zero, all programs will get the PaX Segvguard, 2749except those exempted with 2750.Xr paxctl 8 . 2751Otherwise, no program will get the PaX Segvguard restrictions, 2752except those specifically marked as such with 2753.Xr paxctl 8 . 2754.It Li security.pax.segvguard.max_crashes 2755The maximum number of segfaults a program can receive before suspension. 2756.It Li security.pax.segvguard.suspend_timeout 2757Number of seconds to suspend a user from running a faulting program when the 2758limit was exceeded. 2759.El 2760.El 2761.Ss The vendor.* subtree ( Dv CTL_VENDOR ) 2762The 2763.Li vendor 2764toplevel name is reserved to be used by vendors who wish to 2765have their own private MIB tree. 2766Intended use is to store values under 2767.Dq vendor.<yourname>.* . 2768.Sh SEE ALSO 2769.Xr sysctl 3 , 2770.Xr ipsec 4 , 2771.Xr tcp 4 , 2772.Xr security 7 , 2773.Xr sysctl 8 2774.Sh HISTORY 2775The 2776.Nm 2777variables first appeared in 2778.Bx 4.4 . 2779