From: deraadt Date: Fri, 12 Jan 2018 04:36:12 +0000 (+0000) Subject: sysctl(3) can now be renamed to sysctl(2) X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=467fd31b49fc97421c023a70023dd6b23133319a;p=openbsd sysctl(3) can now be renamed to sysctl(2) --- diff --git a/lib/libc/gen/Makefile.inc b/lib/libc/gen/Makefile.inc index 0d3f3c2b0af..cda5fccfcb3 100644 --- a/lib/libc/gen/Makefile.inc +++ b/lib/libc/gen/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.77 2017/09/05 06:35:19 mpi Exp $ +# $OpenBSD: Makefile.inc,v 1.78 2018/01/12 04:36:12 deraadt Exp $ # gen sources .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/gen ${LIBCSRCDIR}/gen @@ -52,6 +52,6 @@ MAN+= __tfork_thread.3 alarm.3 auth_subr.3 authenticate.3 basename.3 clock.3 \ psignal.3 pw_dup.3 pwcache.3 raise.3 readpassphrase.3 \ scandir.3 setjmp.3 setmode.3 setproctitle.3 shm_open.3 \ siginterrupt.3 signal.3 \ - sigaddset.3 sleep.3 statvfs.3 sysconf.3 sysctl.3 strtofflags.3 \ + sigaddset.3 sleep.3 statvfs.3 sysconf.3 strtofflags.3 \ syslog.3 time.3 times.3 toascii.3 tolower.3 toupper.3 \ ttyname.3 ualarm.3 uname.3 unvis.3 usleep.3 utime.3 valloc.3 vis.3 diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3 deleted file mode 100644 index a3803f2543e..00000000000 --- a/lib/libc/gen/sysctl.3 +++ /dev/null @@ -1,2257 +0,0 @@ -.\" $OpenBSD: sysctl.3,v 1.286 2017/11/07 19:15:09 tb Exp $ -.\" -.\" Copyright (c) 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.Dd $Mdocdate: November 7 2017 $ -.Dt SYSCTL 3 -.Os -.Sh NAME -.Nm sysctl -.Nd get or set system information -.Sh SYNOPSIS -.In sys/types.h -.In sys/sysctl.h -.Ft int -.Fn sysctl "const int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" "void *newp" "size_t newlen" -.Sh DESCRIPTION -The -.Fn sysctl -function retrieves system information and allows processes with -appropriate privileges to set system information. -The information available from -.Fn sysctl -consists of integers, strings, and tables. -Information may be retrieved and set using the -.Xr sysctl 8 -utility; -the variable names used by this utility are given here in parentheses. -.Pp -Unless explicitly noted below, -.Fn sysctl -returns a consistent snapshot of the data requested. -Consistency is obtained by locking the destination -buffer into memory so that the data may be copied out without blocking. -Calls to -.Fn sysctl -are serialized to avoid deadlock. -.Pp -The state is described using a -.Dq Management Information Base (MIB) -style name, listed in -.Fa name , -which is a -.Fa namelen -length array of integers. -.Pp -The information is copied into the buffer specified by -.Fa oldp . -The size of the buffer is given by the location specified by -.Fa oldlenp -before the call, -and that location gives the amount of data copied after a successful call. -If the amount of data available is greater -than the size of the buffer supplied, -the call supplies as much data as fits in the buffer provided -and returns with the error code -.Er ENOMEM . -If the old value is not desired, -.Fa oldp -and -.Fa oldlenp -should be set to -.Dv NULL . -.Pp -The size of the available data can be determined by calling -.Fn sysctl -with a -.Dv NULL -parameter for -.Fa oldp . -The size of the available data will be returned in the location pointed to by -.Fa oldlenp . -For some operations, the amount of space may change often. -For these operations, -the system attempts to round up so that the returned size is -large enough for a call to return the data shortly thereafter. -.Pp -The terminating NUL character is included in the lengths of string values. -.Pp -To set a new value, -.Fa newp -is set to point to a buffer of length -.Fa newlen -from which the requested value is to be taken. -If a new value is not to be set, -.Fa newp -should be set to -.Dv NULL -and -.Fa newlen -set to 0. -.Pp -The top level names are defined with a -.Dv CTL_ -prefix in -.In sys/sysctl.h , -and are as follows. -The next and subsequent levels down are found in the include files -listed here, and described in separate sections below. -.Bl -column "CTL_MACHDEP" "ufs/ffs/ffs_extern.h" "Description" -offset indent -.It Sy "Name" Ta Sy "Next level names" Ta Sy "Description" -.It Dv CTL_DDB Ta "ddb/db_var.h" Ta "Kernel debugger" -.It Dv CTL_DEBUG Ta "sys/sysctl.h" Ta "Debugging" -.It Dv CTL_FS Ta "sys/sysctl.h" Ta "File system" -.It Dv CTL_HW Ta "sys/sysctl.h" Ta "Generic CPU, I/O" -.It Dv CTL_KERN Ta "sys/sysctl.h" Ta "High kernel limits" -.It Dv CTL_MACHDEP Ta "sys/sysctl.h" Ta "Machine dependent" -.It Dv CTL_NET Ta "sys/socket.h" Ta "Networking" -.It Dv CTL_VFS Ta "ufs/ffs/ffs_extern.h" Ta "Virtual file system" -.It Dv CTL_VM Ta "uvm/uvm_param.h" Ta "Virtual memory" -.El -.Pp -For example, the following retrieves the maximum number of processes allowed -in the system: -.Bd -literal -offset indent -int mib[2], maxproc; -size_t len; - -mib[0] = CTL_KERN; -mib[1] = KERN_MAXPROC; -len = sizeof(maxproc); -if (sysctl(mib, 2, &maxproc, &len, NULL, 0) == -1) - err(1, "sysctl"); -.Ed -.Ss CTL_DDB -Integer information and settable variables are available for the -.Dv CTL_DDB level , -as described below. -More information is also available in -.Xr ddb 4 . -.Bl -column "Second level name" "integer" "Changeable" -offset indent -.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv DBCTL_CONSOLE Ta "integer" Ta "yes" -.It Dv DBCTL_LOG Ta "integer" Ta "yes" -.It Dv DBCTL_MAXLINE Ta "integer" Ta "yes" -.It Dv DBCTL_MAXWIDTH Ta "integer" Ta "yes" -.It Dv DBCTL_PANIC Ta "integer" Ta "yes" -.It Dv DBCTL_RADIX Ta "integer" Ta "yes" -.It Dv DBCTL_TABSTOP Ta "integer" Ta "yes" -.It Dv DBCTL_TRIGGER Ta "integer" Ta "yes" -.El -.Bl -tag -width "123456" -.It Dv DBCTL_CONSOLE Pq Va ddb.console -When this variable is set, an architecture dependent magic key sequence -on the console or a debugger button will permit entry into the kernel debugger. -When running with a -.Xr securelevel 7 -greater than 0, -this variable may not be raised. -.It Dv DBCTL_LOG Pq Va ddb.log -When set, ddb output is also logged in the kernel message buffer. -.It Dv DBCTL_MAXLINE Pq Va ddb.max_line -Determines the number of lines to page in -.Xr ddb 4 . -This variable is also available as the ddb -.Dv $lines -variable. -.It Dv DBCTL_MAXWIDTH Pq Va ddb.max_width -Determines the maximum width of a line in -.Xr ddb 4 . -This variable is also available as the ddb -.Dv $maxwidth -variable. -.It Dv DBCTL_PANIC Pq Va ddb.panic -When this variable is set, system panics may drop into the kernel debugger. -When running with a -.Xr securelevel 7 -greater than 0, -this variable may not be raised. -.It Dv DBCTL_RADIX Pq Va ddb.radix -Determines the default radix or base for non-prefixed numbers -entered into -.Xr ddb 4 . -This variable is also available as the ddb -.Dv $radix -variable. -.It Dv DBCTL_TABSTOP Pq Va ddb.tab_stop_width -Width of a tab stop in -.Xr ddb 4 . -This variable is also available as the ddb -.Dv $tabstops -variable. -.It Dv DBCTL_TRIGGER Pq Va ddb.trigger -When -.Dv DBCTL_CONSOLE -is set, -writing to -.Dv DBCTL_TRIGGER -causes the system to enter -.Xr ddb 4 . -When running with a -.Xr securelevel 7 -greater than 0, -the process writing to this variable must be running -on the console in order to enter -.Xr ddb 4 . -.El -.Ss CTL_DEBUG -The debugging variables vary from system to system. -A debugging variable may be added or deleted without need to recompile -.Fn sysctl -to know about it. -Each time it runs, -.Fn sysctl -gets the list of debugging variables from the kernel and -displays their current values. -The system defines twenty -.Li struct ctldebug -variables named -.Va debug0 -through -.Va debug19 . -They are declared as separate variables so that they can be -individually initialized at the location of their associated variable. -The loader prevents multiple use of the same variable by issuing errors -if a variable is initialized in more than one place. -For example, to export the variable -.Va dospecialcheck -as a debugging variable, the following declaration would be used: -.Bd -literal -offset indent -int dospecialcheck = 1; -struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; -.Ed -.Ss CTL_FS -The string and integer information available for the -.Dv CTL_FS -level is detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -.Bl -column "Second level name" "integer" "Changeable" -offset indent -.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv FS_POSIX_SETUID Ta "integer" Ta "yes" -.El -.Bl -tag -width "123456" -.It Dv FS_POSIX_SETUID Pq Va fx.posix.setuid -When this variable is set, ownership changes on a file will cause -the -.Va S_ISUID -and -.Va S_ISGID -bits to be cleared. -When running with a -.Xr securelevel 7 -greater than 0, -this variable may not be changed. -.El -.Ss CTL_HW -The string and integer information available for the -.Dv CTL_HW -level is detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -.Bl -column "Second level name" "integer" "Changeable" -offset indent -.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv HW_ALLOWPOWERDOWN Ta "integer" Ta "yes" -.It Dv HW_BYTEORDER Ta "integer" Ta "no" -.It Dv HW_CPUSPEED Ta "integer" Ta "no" -.It Dv HW_DISKCOUNT Ta "integer" Ta "no" -.It Dv HW_DISKNAMES Ta "string" Ta "no" -.It Dv HW_DISKSTATS Ta "struct" Ta "no" -.It Dv HW_MACHINE Ta "string" Ta "no" -.It Dv HW_MODEL Ta "string" Ta "no" -.It Dv HW_NCPU Ta "integer" Ta "no" -.It Dv HW_NCPUFOUND Ta "integer" Ta "no" -.It Dv HW_PAGESIZE Ta "integer" Ta "no" -.It Dv HW_PERFPOLICY Ta "string" Ta "yes" -.It Dv HW_PHYSMEM Ta "integer" Ta "no" -.It Dv HW_PHYSMEM64 Ta "int64_t" Ta "no" -.It Dv HW_PRODUCT Ta "string" Ta "no" -.It Dv HW_SENSORS Ta "node" Ta "not applicable" -.It Dv HW_SETPERF Ta "integer" Ta "yes" -.It Dv HW_USERMEM Ta "integer" Ta "no" -.It Dv HW_USERMEM64 Ta "int64_t" Ta "no" -.It Dv HW_UUID Ta "string" Ta "no" -.It Dv HW_VENDOR Ta "string" Ta "no" -.It Dv HW_VERSION Ta "string" Ta "no" -.El -.Bl -tag -width "123456" -.It Dv HW_ALLOWPOWERDOWN Pq Va hw.allowpowerdown -Some machines generate an interrupt when the power button is pressed -and a driver can catch that interrupt. -When this variable is set, such an event will cause the system to -perform a regular shutdown and power off the machine. -When running with a -.Xr securelevel 7 -greater than 0, -this variable may not be changed. -.It Dv HW_BYTEORDER Pq Va hw.byteorder -The byteorder (4321 or 1234). -.It Dv HW_CPUSPEED Pq Va hw.cpuspeed -The current CPU frequency -.Pq in MHz . -.It Dv HW_DISKCOUNT Pq Va hw.diskcount -The number of disks currently attached to the system. -.It Dv HW_DISKNAMES Pq Va hw.disknames -A comma-separated list of disk names. -.It Dv HW_DISKSTATS Pq Va hw.diskstats -An array of -.Li struct diskstats -structures containing disk statistics. -.It Dv HW_MACHINE Pq Va hw.machine -The machine class. -.It Dv HW_MODEL Pq Va hw.model -The machine model. -.It Dv HW_NCPU Pq Va hw.ncpu -The number of CPUs being used. -.It Dv HW_NCPUFOUND Pq Va hw.ncpufound -The number of CPUs found. -.It Dv HW_PAGESIZE Pq Va hw.pagesize -The software page size. -.It Dv HW_PERFPOLICY Pq Va hw.perfpolicy -The performance policy for power management. -Can be one of -.Dq manual , -.Dq auto , -or -.Dq high . -.It Dv HW_PHYSMEM -The total physical memory, in bytes. -This variable is deprecated; use -.Dv HW_PHYSMEM64 -instead. -.It Dv HW_PHYSMEM64 Pq Va hw.physmem -The total physical memory, in bytes. -.It Dv HW_PRODUCT Pq Va hw.product -The product name of the machine. -.It Dv HW_SENSORS Pq Va hw.sensors -Third level comprises an array of -.Li struct sensordev -structures containing information about devices -that may attach hardware monitoring sensors. -.Pp -Third, fourth and fifth levels together comprise an array of -.Li struct sensor -structures containing snapshot readings of hardware monitoring sensors. -In such usage, third level indicates the numerical representation -of the sensor device name to which the sensor is attached -(a device's xname and number are matched with the help of -.Li struct sensordev -structure above), -fourth level indicates sensor type and -fifth level is an ordinal sensor number (unique to -the specified sensor type on the specified sensor device). -.Pp -The -.Sy sensordev -and -.Sy sensor -structures -and -.Sy sensor_type -enumeration -are defined in -.In sys/sensors.h . -.It Dv HW_SERIALNO Pq Va hw.serialno -The serial number of the machine. -.It Dv HW_SETPERF Pq Va hw.setperf -Current CPU performance -.Pq percentage . -It is only modifiable if -.Dv HW_PERFPOLICY -is set to -.Dq manual . -.It Dv HW_USERMEM -The amount of available non-kernel memory in bytes. -This variable is deprecated; use -.Dv HW_USERMEM64 -instead. -.It Dv HW_USERMEM64 Pq Va hw.usermem -The amount of available non-kernel memory in bytes. -.It Dv HW_UUID Pq Va hw.uuid -The universal unique identification number assigned to the machine. -.It Dv HW_VENDOR Pq Va hw.vendor -The vendor name for this machine. -.It Dv HW_VERSION Pq Va hw.version -The version or revision of this machine. -.El -.Ss CTL_KERN -The string and integer information available for the -.Dv CTL_KERN -level is detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -The types of data currently available are process information, -system vnodes, the open file entries, routing table entries, -virtual memory statistics, load average history, and clock rate -information. -.Bl -column "KERN_PROC_NOBROADCASTKILL" "u_int64_t[CPUSTATES]" "no" -offset indent -.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv KERN_ALLOWKMEM Ta "integer" Ta "yes" -.It Dv KERN_ARGMAX Ta "integer" Ta "no" -.It Dv KERN_BOOTTIME Ta "struct timeval" Ta "no" -.It Dv KERN_CACHEPCT Ta "integer" Ta "yes" -.It Dv KERN_CCPU Ta "integer" Ta "no" -.It Dv KERN_CLOCKRATE Ta "struct clockinfo" Ta "no" -.It Dv KERN_CONSDEV Ta "dev_t" Ta "no" -.It Dv KERN_CPTIME Ta "long[CPUSTATES]" Ta "no" -.It Dv KERN_CPTIME2 Ta "u_int64_t[CPUSTATES]" Ta "no" -.It Dv KERN_DNSJACKPORT Ta "integer" Ta "yes" -.It Dv KERN_DOMAINNAME Ta "string" Ta "yes" -.It Dv KERN_FILE Ta "struct kinfo_file" Ta "no" -.It Dv KERN_FORKSTAT Ta "struct forkstat" Ta "no" -.It Dv KERN_FSCALE Ta "integer" Ta "no" -.It Dv KERN_FSYNC Ta "integer" Ta "no" -.It Dv KERN_GLOBAL_PTRACE Ta "integer" Ta "yes" -.It Dv KERN_HOSTID Ta "integer" Ta "yes" -.It Dv KERN_HOSTNAME Ta "string" Ta "yes" -.It Dv KERN_INTRCNT Ta "node" Ta "not applicable" -.It Dv KERN_JOB_CONTROL Ta "integer" Ta "no" -.It Dv KERN_MALLOCSTATS Ta "node" Ta "no" -.It Dv KERN_MAXCLUSTERS Ta "integer" Ta "yes" -.It Dv KERN_MAXFILES Ta "integer" Ta "yes" -.It Dv KERN_MAXLOCKSPERUID Ta "integer" Ta "yes" -.It Dv KERN_MAXPARTITIONS Ta "integer" Ta "no" -.It Dv KERN_MAXPROC Ta "integer" Ta "yes" -.It Dv KERN_MAXTHREAD Ta "integer" Ta "yes" -.It Dv KERN_MAXVNODES Ta "integer" Ta "yes" -.It Dv KERN_MBSTAT Ta "struct mbstat" Ta "no" -.It Dv KERN_MSGBUF Ta "char[]" Ta "no" -.It Dv KERN_MSGBUFSIZE Ta "integer" Ta "no" -.It Dv KERN_NCHSTATS Ta "struct nchstats" Ta "no" -.It Dv KERN_NFILES Ta "integer" Ta "no" -.It Dv KERN_NGROUPS Ta "integer" Ta "no" -.It Dv KERN_NOSUIDCOREDUMP Ta "integer" Ta "yes" -.It Dv KERN_NPROCS Ta "integer" Ta "no" -.It Dv KERN_NSELCOLL Ta "integer" Ta "no" -.It Dv KERN_NTHREADS Ta "integer" Ta "no" -.It Dv KERN_NUMVNODES Ta "integer" Ta "no" -.It Dv KERN_OSRELEASE Ta "string" Ta "no" -.It Dv KERN_OSREV Ta "integer" Ta "no" -.It Dv KERN_OSTYPE Ta "string" Ta "no" -.It Dv KERN_OSVERSION Ta "string" Ta "no" -.It Dv KERN_POSIX1 Ta "integer" Ta "no" -.It Dv KERN_PROC Ta "struct kinfo_proc" Ta "no" -.It Dv KERN_PROC_ARGS Ta "node" Ta "not applicable" -.It Dv KERN_PROC_CWD Ta "string" Ta "not applicable" -.It Dv KERN_PROC_NOBROADCASTKILL Ta "node" Ta "not applicable" -.It Dv KERN_PROC_VMMAP Ta "struct kinfo_vmentry" Ta "no" -.It Dv KERN_PROF Ta "node" Ta "not applicable" -.It Dv KERN_RAWPARTITION Ta "integer" Ta "no" -.It Dv KERN_SAVED_IDS Ta "integer" Ta "no" -.It Dv KERN_SECURELVL Ta "integer" Ta "raise only" -.It Dv KERN_SEMINFO Ta "node" Ta "not applicable" -.It Dv KERN_SHMINFO Ta "node" Ta "not applicable" -.It Dv KERN_SOMAXCONN Ta "integer" Ta "yes" -.It Dv KERN_SOMINCONN Ta "integer" Ta "yes" -.It Dv KERN_SPLASSERT Ta "int" Ta "yes" -.It Dv KERN_STACKGAPRANDOM Ta "integer" Ta "yes" -.It Dv KERN_SYSVIPC_INFO Ta "node" Ta "not applicable" -.It Dv KERN_SYSVMSG Ta "integer" Ta "no" -.It Dv KERN_SYSVSEM Ta "integer" Ta "no" -.It Dv KERN_SYSVSHM Ta "integer" Ta "no" -.It Dv KERN_TIMECOUNTER Ta "node" Ta "not applicable" -.It Dv KERN_TTY Ta "node" Ta "not applicable" -.It Dv KERN_TTYCOUNT Ta "integer" Ta "no" -.It Dv KERN_VERSION Ta "string" Ta "no" -.It Dv KERN_WATCHDOG Ta "node" Ta "not applicable" -.It Dv KERN_WXABORT Ta "integer" Ta "yes" -.El -.Bl -tag -width "123456" -.It Dv KERN_ALLOWKMEM Pq Va kern.allowkmem -Allow userland processes access to -.Pa /dev/mem -and -.Pa /dev/kmem . -When running with a -.Xr securelevel 7 -greater than 0, -this variable may not be changed. -.It Dv KERN_ARGMAX Pq Va kern.argmax -The maximum number of bytes allowed among the arguments to -.Xr exec 3 . -.It Dv KERN_BOOTTIME Pq Va kern.boottime -A -.Li struct timeval -structure is returned. -This structure contains the time that the system was booted. -.It Dv KERN_CACHEPCT Pq Va kern.bufcachepercent -The maximum percentage of physical memory the buffer cache may use; -the default is 20%. -.It Dv KERN_CCPU Pq Va kern.ccpu -The scheduler exponential decay value. -.It Dv KERN_CLOCKRATE Pq Va kern.clockrate -A -.Li struct clockinfo -structure is returned. -This structure contains the clock, statistics clock and profiling clock -frequencies, the number of micro-seconds per hz tick, and the clock -skew rate. -.It Dv KERN_CONSDEV Pq Va kern.consdev -The console device. -.It Dv KERN_CPTIME Pq Va kern.cp_time -An array of longs of size -.Li CPUSTATES -is returned, containing statistics about the number of ticks spent by -the system in interrupt processing, user processes -.Po -.Xr nice 1 -or normal -.Pc , -system processing, or idling. -.It Dv KERN_CPTIME2 Pq Va kern.cp_time2 -Similar to -.Dv KERN_CPTIME , -but obtains information from only the single CPU specified by the -third level name given. -.It Dv KERN_DNSJACKPORT Pq Va kern.dnsjackport -When non-zero, the localhost port to which all DNS sockets should be -redirected. -.It Dv KERN_DOMAINNAME Pq Va kern.domainname -Get or set the YP domain name. -.It Dv KERN_FILE Pq Va kern.file -Return the entire file table, or a subset of it. -An array of -.Li struct kinfo_file -structures is returned, -whose size depends on the current number of selected files in the system. -The third and fourth level names are as follows: -.Bl -column "Third level name" "Fourth level is:" -offset indent -.It Sy "Third level name" Ta Sy "Fourth level is:" -.It Dv KERN_FILE_BYFILE Ta "A file type" -.It Dv KERN_FILE_BYPID Ta "A process ID" -.It Dv KERN_FILE_BYUID Ta "A user ID" -.El -.Pp -The fifth level name is the size of the -.Li struct kinfo_file -and the sixth level name is the number of structures to return. -.It Dv KERN_FORKSTAT Pq Va kern.forkstat -A -.Li struct forkstat -structure is returned. -This structure contains information about the number of -.Xr fork 2 , -.Xr vfork 2 , -and -.Xr __tfork 3 -system calls as well as kernel thread creations since system startup, -and the number of pages of virtual memory involved in each. -.It Dv KERN_FSCALE Pq Va kern.fscale -The kernel fixed-point scale factor. -.It Dv KERN_FSYNC Pq Va kern.fsync -Return 1 if the File Synchronisation Option is available on this system, -otherwise 0. -.It Dv KERN_GLOBAL_PTRACE Pq Va kern.global_ptrace -When set to 1, permit -.Xr ptrace 2 -to attach to any process with the appropriate privileges. -When set to 0, processes may only attach to their own descendants. -.It Dv KERN_HOSTID Pq Va kern.hostid -Get or set the host ID. -.It Dv KERN_HOSTNAME Pq Va kern.hostname -Get or set the hostname. -.It Dv KERN_JOB_CONTROL Pq Va kern.job_control -Return 1 if job control is available on this system, otherwise 0. -.It Dv KERN_MALLOCSTATS Pq Va kern.malloc -Return kernel memory bucket statistics. -The third level names are detailed below. -There are no changeable values in this branch. -.Bl -column "KERN_MALLOC_KMEMNAMES" "string" -offset indent -.It Sy "Third level name" Ta Sy "Type" -.It Dv KERN_MALLOC_BUCKET Ta "node" -.It Dv KERN_MALLOC_BUCKETS Ta "string" -.It Dv KERN_MALLOC_KMEMNAMES Ta "string" -.It Dv KERN_MALLOC_KMEMSTATS Ta "node" -.El -.Pp -The variables are as follows: -.Bl -tag -width "123456" -.It Dv KERN_MALLOC_BUCKET. Pq Va kern.malloc.bucket -A node containing the statistics for the memory bucket of the -specified size (in decimal notation, the number of bytes per bucket -element, e.g., 16, 32, 128). -Each node returns a -.Li struct kmembuckets . -.Pp -If a value is specified that does not correspond directly to a -bucket size, the statistics for the closest larger bucket size will be -returned instead. -.Pp -Note that bucket sizes are typically powers of 2. -.It Dv KERN_MALLOC_BUCKETS Pq Va kern.malloc.buckets -Return a comma-separated list of the bucket sizes used by the kernel. -.It Dv KERN_MALLOC_KMEMNAMES Pq Va kern.malloc.kmemnames -Return a comma-separated list of the names of the kernel -.Xr malloc 9 -types. -.It Dv KERN_MALLOC_KMEMSTATS Pq Va kern.malloc.kmemstat -A node containing the statistics for the memory types of the specified -name. -Each node returns a -.Li struct kmemstats . -.El -.It Dv KERN_MAXCLUSTERS Pq Va kern.maxclusters -The maximum number of -.Xr mbuf 9 -clusters that may be allocated. -.It Dv KERN_MAXFILES Pq Va kern.maxfiles -The maximum number of open files that may be open in the system. -.It Dv KERN_MAXLOCKSPERUID Pq Va kerb.maxlocksperuid -The maximum number of file locks per user; -the default is 1024. -.It Dv KERN_MAXPARTITIONS Pq Va kern.maxpartitions -The maximum number of partitions allowed per disk. -.It Dv KERN_MAXPROC Pq Va kern.maxproc -The maximum number of simultaneous processes the system will allow. -.It Dv KERN_MAXTHREAD Pq Va kern.maxthread -The maximum number of simultaneous threads the system will allow. -.It Dv KERN_MAXVNODES Pq Va kern.maxvnodes -The maximum number of vnodes available on the system. -.It Dv KERN_MBSTAT Pq Va kern.mbstat -A -.Li struct mbstat -structure is returned, containing statistics on -.Xr mbuf 9 -usage. -.It Dv KERN_MSGBUF Pq Va kern.msgbuf -Returns a buffer containing kernel log messages; -see -.Xr dmesg 8 . -.It Dv KERN_MSGBUFSIZE Pq Va kern.msgbufsize -The size of the kernel message buffer. -.It Dv KERN_NCHSTATS Pq Va kern.nchstats -A -.Li struct nchstats -structure is returned. -This structure contains information about the -filename to -.Xr inode 5 -mapping cache. -.It Dv KERN_NFILES Pq Va kern.nfiles -Number of open files. -.It Dv KERN_NGROUPS Pq Va kern.ngroups -The maximum number of supplemental groups. -.It Dv KERN_NOSUIDCOREDUMP Pq Va kern.nosuidcoredump -Whether a process may dump core after changing user or group ID: -.Bl -column "value" "condition" "current directory" -.It Sy "value" Ta Sy "condition" Ta Sy "dump core to" -.It 0 Ta "euid == 0" Ta "current directory" -.It 1 Ta "never" Ta "" -.It 2 Ta "always" Ta Pa "/var/crash" -.It 3 Ta "depends" Ta Pa "/var/crash/$programname/" -.El -.It Dv KERN_NPROCS Pq Va kern.nprocs -The number of entries in the kernel process table. -.It Dv KERN_NSELCOLL Pq Va kern.nselcoll -Number of -.Xr select 2 -collisions. -.It Dv KERN_NTHREADS Pq Va kern.nthreads -The number of entries in the kernel thread table. -.It Dv KERN_NUMVNODES Pq Va kern.numvnodes -Number of vnodes in use. -.It Dv KERN_OSRELEASE Pq Va kern.osrelease -The system release string. -.It Dv KERN_OSREV Pq Va kern.osrevision -The system revision number. -.It Dv KERN_OSTYPE Pq Va kern.ostype -The system type string. -.It Dv KERN_OSVERSION Pq Va kern.osversion -The kernel build version. -.It Dv KERN_POSIX1 Pq Va kern.posix1version -The version of ISO/IEC 9945 (POSIX 1003.1) with which the system -attempts to comply. -.It Dv KERN_PROC Pq Va kern.proc -Return the entire process table, or a subset of it. -An array of -.Li struct kinfo_proc -structures is returned, -whose size depends on the current number of selected processes in the system. -The third and fourth level names are as follows: -.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent -.It Sy "Third level name" Ta Sy "Fourth level is:" -.It Dv KERN_PROC_ALL Ta "None" -.It Dv KERN_PROC_KTHREAD Ta "A kernel thread" -.It Dv KERN_PROC_PID Ta "A process ID" -.It Dv KERN_PROC_PGRP Ta "A process group" -.It Dv KERN_PROC_RUID Ta "A real user ID" -.It Dv KERN_PROC_SESSION Ta "A session PID" -.It Dv KERN_PROC_TTY Ta "A tty device" -.It Dv KERN_PROC_UID Ta "A user ID" -.El -.Pp -The fifth level name is the size of the -.Li struct kinfo_proc -and the sixth level name is the number of structures to return. -.It Dv KERN_PROC_ARGS Pq Va kern.procargs -Returns the arguments or environment of a process. -The third level name is the PID of the process. -The fourth level name is one of: -.Bl -column KERN_PROC_NARGV -offset indent -.It Dv KERN_PROC_ARGV -.It Dv KERN_PROC_ENV -.It Dv KERN_PROC_NARGV -.It Dv KERN_PROC_NENV -.El -.Pp -.Dv KERN_PROC_NARGV -and -.Dv KERN_PROC_NENV -return the number of elements as an -.Vt int -in the argv or env array. -.Dv KERN_PROC_ARGV -returns the argv array and -.Dv KERN_PROC_ENV -returns the environ array. -The buffer pointed to by -.Fa oldp -is filled with an array of char pointers -followed by the strings themselves. -The last char pointer is a -.Dv NULL -pointer. -.It Dv KERN_PROC_CWD Pq Va kern.proc_cwd -Return the current working directory of a process. -The third level name is the target process ID. -A NUL-terminated string is returned. -.It Dv KERN_PROC_NOBROADCASTKILL Pq Va kern.proc_nobroadcastkill -When set, a process will no longer be signaled when sending broadcast signals. -The third level name is the target process ID. -.It Dv KERN_PROC_VMMAP Pq Va kern.proc_vmmap -Return the entire process VM map entries. -An array of -.Li struct kinfo_vmentry -structures is returned, -whose size depends on the current number of VM map entries of the selected process. -Iteration is possible by setting the base address in the first element of -.Li struct kinfo_vmentry . -.It Dv KERN_PROF Pq Va kern.profiling -Return profiling information about the kernel. -If the kernel is not compiled for profiling, -attempts to retrieve any of the -.Dv KERN_PROF -values will fail with -.Er EOPNOTSUPP . -The third level names for the string and integer profiling information -are detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -.Bl -column "Third level name" "struct gmonparam" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv GPROF_COUNT Ta "u_short[]" Ta "yes" -.It Dv GPROF_FROMS Ta "u_short[]" Ta "yes" -.It Dv GPROF_GMONPARAM Ta "struct gmonparam" Ta "no" -.It Dv GPROF_STATE Ta "integer" Ta "yes" -.It Dv GPROF_TOS Ta "struct tostruct" Ta "yes" -.El -.Pp -The variables are as follows: -.Bl -tag -width "123456" -.It Dv GPROF_COUNT -Array of statistical program counter counts. -.It Dv GPROF_FROMS -Array indexed by program counter of call-from points. -.It Dv GPROF_GMONPARAM -Structure giving the sizes of the above arrays. -.It Dv GPROF_STATE -Returns -.Dv GMON_PROF_ON -or -.Dv GMON_PROF_OFF -to show that profiling is running or stopped. -.It Dv GPROF_TOS -Array of -.Li struct tostruct -describing destination of calls and their counts. -.El -.It Dv KERN_RAWPARTITION Pq Va kern.rawpartition -The raw partition of a disk (a == 0). -.It Dv KERN_SAVED_IDS Pq Va kern.saved_ids -Returns 1 if saved set-group-ID and saved set-user-ID are available. -.It Dv KERN_SECURELVL Pq Va kern.securelevel -The system security level. -This level may be raised by processes with appropriate privileges. -It may only be lowered by process 1. -.It Dv KERN_SEMINFO Pq Va kern.seminfo -Return the elements of -.Li struct seminfo . -If the kernel is not compiled with System V style semaphore support, -attempts to retrieve any of the -.Dv KERN_SEMINFO -values will fail with -.Er EOPNOTSUPP . -The third level names for the elements of -.Li struct seminfo -are detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -.Bl -column "KERN_SEMINFO_SEMMNI" "integer" "Changeable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv KERN_SEMINFO_SEMAEM Ta "integer" Ta "no" -.It Dv KERN_SEMINFO_SEMMNI Ta "integer" Ta "yes" -.It Dv KERN_SEMINFO_SEMMNS Ta "integer" Ta "yes" -.It Dv KERN_SEMINFO_SEMMNU Ta "integer" Ta "yes" -.It Dv KERN_SEMINFO_SEMMSL Ta "integer" Ta "yes" -.It Dv KERN_SEMINFO_SEMOPM Ta "integer" Ta "yes" -.It Dv KERN_SEMINFO_SEMUME Ta "integer" Ta "no" -.It Dv KERN_SEMINFO_SEMUSZ Ta "integer" Ta "no" -.It Dv KERN_SEMINFO_SEMVMX Ta "integer" Ta "no" -.El -.Pp -The variables are as follows: -.Bl -tag -width "123456" -.It Dv KERN_SEMINFO_SEMAEM Pq Va kern.seminfo.semaem -The adjust on exit maximum value. -.It Dv KERN_SEMINFO_SEMMNI Pq Va kern.seminfo.semni -The maximum number of semaphore identifiers allowed. -.It Dv KERN_SEMINFO_SEMMNS Pq Va kern.seminfo.semmns -The maximum number of semaphores allowed in the system. -.It Dv KERN_SEMINFO_SEMMNU Pq Va kern.seminfo.semnu -The maximum number of semaphore undo structures allowed in the system. -.It Dv KERN_SEMINFO_SEMMSL Pq Va kern.seminfo.semmsl -The maximum number of semaphores allowed per ID. -.It Dv KERN_SEMINFO_SEMOPM Pq Va kern.seminfo.semopm -The maximum number of operations per -.Xr semop 2 -call. -.It Dv KERN_SEMINFO_SEMUME Pq Va kern.seminfo.semume -The maximum number of undo entries per process. -.It Dv KERN_SEMINFO_SEMUSZ Pq Va kern.seminfo.semusz -The size (in bytes) of the undo structure. -.It Dv KERN_SEMINFO_SEMVMX Pq Va kern.seminfo.semvmx -The semaphore maximum value. -.El -.It Dv KERN_SHMINFO Pq Va kern.shminfo -Return the elements of -.Li struct shminfo . -If the kernel is not compiled with System V style shared memory support, -attempts to retrieve any of the -.Dv KERN_SHMINFO -values will fail with -.Er EOPNOTSUPP . -The third level names for the elements of -.Li struct shminfo -are detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -.Bl -column "KERN_SHMINFO_SHMMAX" "integer" "Changeable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv KERN_SHMINFO_SHMALL Ta "integer" Ta "yes" -.It Dv KERN_SHMINFO_SHMMAX Ta "integer" Ta "yes" -.It Dv KERN_SHMINFO_SHMMIN Ta "integer" Ta "yes" -.It Dv KERN_SHMINFO_SHMMNI Ta "integer" Ta "yes" -.It Dv KERN_SHMINFO_SHMSEG Ta "integer" Ta "yes" -.El -.Pp -The variables are as follows: -.Bl -tag -width "123456" -.It Dv KERN_SHMINFO_SHMALL Pq Va kern.shminfo.shmall -The maximum amount of total shared memory allowed in the system (in pages). -.It Dv KERN_SHMINFO_SHMMAX Pq Va kern.shminfo.shmmax -The maximum shared memory segment size (in bytes). -.It Dv KERN_SHMINFO_SHMMIN Pq Va kern.shminfo.shmmin -The minimum shared memory segment size (in bytes). -.It Dv KERN_SHMINFO_SHMMNI Pq Va kern.shminfo.shmmni -The maximum number of shared memory identifiers in the system. -.It Dv KERN_SHMINFO_SHMSEG Pq Va kern.shminfo.shmseg -The maximum number of shared memory segments per process. -.El -.It Dv KERN_SOMAXCONN Pq Va kern.somaxconn -Upper bound on the number of half-open connections a process can allow -to be associated with a socket, using -.Xr listen 2 . -The default value is 128. -.It Dv KERN_SOMINCONN Pq Va kern.sominconn -Lower bound on the number of half-open connections a process can allow -to be associated with a socket, using -.Xr listen 2 . -The default value is 80. -.It Dv KERN_SPLASSERT Pq Va kern.splassert -Modify the system interrupt priority level. -Valid values are: -.Pp -.Bl -tag -width 3n -offset indent -compact -.It 0 -Disable error checking. -.It 1 -Print a message if an error is detected. -.It 2 -Print a message if an error is detected, -and a stack trace if possible. -.It 3 -The same as 2, but also drop into the kernel debugger. -.El -.Pp -Any other value causes a system panic on errors. -See -.Xr splassert 9 -for more information. -.It Dv KERN_STACKGAPRANDOM Pq Va kern.stackgap_random -Sets the range of the random value added to the stack pointer on each -program execution. -The random value is added to make buffer overflow exploitation slightly -harder. -The bigger the number, the harder it is to brute force this added protection, -but it also means bigger waste of memory. -.It Li KERN_SYSVIPC_INFO Pq Va kern.sysvipc_info -Return System V style IPC configuration and run-time information. -The third level name selects the System V style IPC facility. -.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent -.It Sy "Third level name" Ta Sy "Type" -.It Dv KERN_SYSVIPC_MSG_INFO Ta "struct msg_sysctl_info" -.It Dv KERN_SYSVIPC_SEM_INFO Ta "struct sem_sysctl_info" -.It Dv KERN_SYSVIPC_SHM_INFO Ta "struct shm_sysctl_info" -.El -.Bl -tag -width "123456" -.It Dv KERN_SYSVIPC_MSG_INFO -Return information on the System V style message facility. -The -.Sy msg_sysctl_info -structure is defined in -.In sys/msg.h . -.It Dv KERN_SYSVIPC_SEM_INFO -Return information on the System V style semaphore facility. -The -.Sy sem_sysctl_info -structure is defined in -.In sys/sem.h . -.It Dv KERN_SYSVIPC_SHM_INFO -Return information on the System V style shared memory facility. -The -.Sy shm_sysctl_info -structure is defined in -.In sys/shm.h . -.El -.It Dv KERN_SYSVMSG Pq Va kern.sysvmsg -Returns 1 if System V style message queue functionality is available on this -system, otherwise 0. -.It Dv KERN_SYSVSEM Pq Va kern.sysvem -Returns 1 if System V style semaphore functionality is available on this -system, otherwise 0. -.It Dv KERN_SYSVSHM Pq Va kern.sysvshm -Returns 1 if System V style shared memory functionality is available on this -system, otherwise 0. -.It Dv KERN_TIMECOUNTER Pq Va kern.timecounter -Return statistics information about the kernel time counter. -The third level names information is detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -.Bl -column "KERN_TIMECOUNTER_TIMESTEPWARNINGS" "integer" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv KERN_TIMECOUNTER_CHOICE Ta "string" Ta "no" -.It Dv KERN_TIMECOUNTER_HARDWARE Ta "string" Ta "yes" -.It Dv KERN_TIMECOUNTER_TICK Ta "integer" Ta "no" -.It Dv KERN_TIMECOUNTER_TIMESTEPWARNINGS Ta "integer" Ta "yes" -.El -.Pp -The variables are as follows: -.Bl -tag -width "123456" -.It Dv KERN_TIMECOUNTER_CHOICE Pq Va kern.timecounter.choice -Get the list of kernel time counter sources and their claimed -quality (higher is better). -.It Dv KERN_TIMECOUNTER_HARDWARE Pq Va kern.timecounter.hardware -Get or set the kernel time counter source by name. -.It Dv KERN_TIMECOUNTER_TICK Pq Va kern.timecounter.tick -Get the number of times we have reset the kernel time counter -information. -.It Dv KERN_TIMECOUNTER_TIMESTEPWARNINGS Pq Va kern.timecounter.timestepwarnings -Get or set a flag to log a message when the kernel time is -stepped. -.El -.It Dv KERN_TTY Pq Va kern.tty -Return statistics information about tty input/output. -The third level names information is detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -.Bl -column "KERN_TTY_TKRAWCC" "struct itty" "Changeable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv KERN_TTY_INFO Ta "struct itty" Ta "no" -.It Dv KERN_TTY_TKCANCC Ta "int64_t" Ta "no" -.It Dv KERN_TTY_TKNIN Ta "int64_t" Ta "no" -.It Dv KERN_TTY_TKNOUT Ta "int64_t" Ta "no" -.It Dv KERN_TTY_TKRAWCC Ta "int64_t" Ta "no" -.El -.Pp -The variables are as follows: -.Bl -tag -width "123456" -.It Dv KERN_TTY_INFO Pq Va kern.tty.ttyinfo -Returns an array of -.Li struct itty -structures containing tty statistics. -.It Dv KERN_TTY_TKCANCC Pq Va kern.tty.tk_cancc -Returns the number of input characters in canonical mode. -.It Dv KERN_TTY_TKNIN Pq Va kern.tty.tk_nin -Returns the number of input characters from a -.Xr tty 4 . -.It Dv KERN_TTY_TKNOUT Pq Va kern.tty.tk_nout -Returns the number of output characters on a -.Xr tty 4 . -.It Dv KERN_TTY_TKRAWCC Pq Va kern.tty.tk_rawcc -Returns the number of input characters in raw mode. -.El -.It Dv KERN_TTYCOUNT Pq Va kern.ttycount -Number of available -.Xr tty 4 -devices. -.It Dv KERN_VERSION Pq Va kern.version -The system version string. -.It Dv KERN_WATCHDOG Pq Va kern.watchdog -Return information on hardware watchdog timers. -If the kernel does not support a hardware watchdog timer, -attempts to retrieve or set any of the -.Dv KERN_WATCHDOG -values will fail with -.Er EOPNOTSUPP . -.Bl -column "KERN_WATCHDOG_PERIOD" "integer" "Changeable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv KERN_WATCHDOG_AUTO Ta "integer" Ta "yes" -.It Dv KERN_WATCHDOG_PERIOD Ta "integer" Ta "yes" -.El -.Pp -The variables are as follows: -.Bl -tag -width "123456" -.It Dv KERN_WATCHDOG_AUTO Pq Va kern.watchdog.auto -If set to 1, the kernel refreshes the watchdog timer periodically. -If set to 0, a userland process must ensure that the watchdog timer -gets refreshed by setting the -.Dv KERN_WATCHDOG_PERIOD -variable. -.It Dv KERN_WATCHDOG_PERIOD Pq Va kern.watchdog.period -The period of the watchdog timer in seconds. -Set to 0 to disable the watchdog timer. -.El -.It Dv KERN_WXABORT Pq Va kern.wxabort -Generate an abort, -rather than returning an error, -on W^X violation. -.El -.Ss CTL_MACHDEP -The set of variables defined is architecture dependent. -Most architectures define at least the following variables. -.Bl -column "Second level name" "dev_t" "Changeable" -offset indent -.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv CPU_CONSDEV Ta "dev_t" Ta "no" -.El -.Pp -Consult the example file -.Pa /etc/examples/sysctl.conf -for a non-exhaustive list of -.Li machdep -variables. -.Ss CTL_NET -The string and integer information available for the -.Dv CTL_NET -level is detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -.Bl -column "Second level name" "routing messages" "Changeable" -offset indent -.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv PF_ROUTE Ta "routing messages" Ta "no" -.It Dv PF_INET Ta "IPv4 values" Ta "yes" -.It Dv PF_INET6 Ta "IPv6 values" Ta "yes" -.It Dv PF_KEY Ta "key management" Ta "no" -.It Dv PF_MPLS Ta "MPLS values" Ta "yes" -.It Dv PF_PIPEX Ta "PIPEX values" Ta "yes" -.El -.Bl -tag -width "123456" -.It Dv PF_ROUTE -Return the entire routing table or a subset of it. -The data is returned as a sequence of routing messages (see -.Xr route 4 -for the header file, format, and meaning). -The length of each message is contained in the message header. -.Pp -The third level name is a protocol number, which is currently always 0. -The fourth level name is an address family, which may be set to 0 to -select all address families. -The fifth and sixth level names are as follows: -.Bl -column "Fifth level name" "Sixth level is:" -offset indent -.It Sy "Fifth level name" Ta Sy "Sixth level is:" -.It Dv NET_RT_DUMP Ta "priority" -.It Dv NET_RT_FLAGS Ta "rtflags" -.It Dv NET_RT_IFLIST Ta "None" -.It Dv NET_RT_IFNAMES Ta "None" -.It Dv NET_RT_STATS Ta "None" -.El -.Bl -tag -width "123456" -.It Li NET_RT_DUMP -If set to 0, show all routes. -If set to any number, show all routes with that number priority. -If set to a negative number, show routes that do not have the positive -priority value. -.El -.Pp -An optional seventh level name can be provided to select the routing table -on which to run the operation. -If not provided, the table with ID 0 is used. -.It Dv PF_INET -Get or set various global information about IPv4 -.Pq Internet Protocol version 4 . -The third level name is the protocol. -The fourth level name is the variable name. -The currently defined protocols and names are: -.Bl -column "Protocol name" "ipsec-expire-acquire" "structure" "Changeable" -offset 2n -.It Sy "Protocol name" Ta Sy "Variable name" Ta Sy "Type" Ta Sy "Changeable" -.It ah Ta enable Ta integer Ta yes -.It bpf Ta bufsize Ta integer Ta yes -.It bpf Ta maxbufsize Ta integer Ta yes -.It carp Ta allow Ta integer Ta yes -.It carp Ta log Ta integer Ta yes -.It carp Ta preempt Ta integer Ta yes -.It divert Ta recvspace Ta integer Ta yes -.It divert Ta sendspace Ta integer Ta yes -.It esp Ta enable Ta integer Ta yes -.It esp Ta udpencap Ta integer Ta yes -.It esp Ta udpencap_port Ta integer Ta yes -.It etherip Ta allow Ta integer Ta yes -.It gre Ta allow Ta integer Ta yes -.It gre Ta wccp Ta integer Ta yes -.It icmp Ta bmcastecho Ta integer Ta yes -.It icmp Ta errppslimit Ta integer Ta yes -.It icmp Ta maskrepl Ta integer Ta yes -.It icmp Ta rediraccept Ta integer Ta yes -.It icmp Ta redirtimeout Ta integer Ta yes -.It icmp Ta stats Ta structure Ta no -.It icmp Ta tstamprepl Ta integer Ta yes -.It ip Ta arpdown Ta integer Ta yes -.It ip Ta arptimeout Ta integer Ta yes -.It ip Ta directed-broadcast Ta integer Ta yes -.It ip Ta encdebug Ta integer Ta yes -.It ip Ta forwarding Ta integer Ta yes -.It ip Ta ifq Ta node Ta "N/A" -.It ip Ta ipsec-allocs Ta integer Ta yes -.It ip Ta ipsec-auth-alg Ta string Ta yes -.It ip Ta ipsec-bytes Ta integer Ta yes -.It ip Ta ipsec-comp-alg Ta string Ta yes -.It ip Ta ipsec-enc-alg Ta string Ta yes -.It ip Ta ipsec-expire-acquire Ta integer Ta yes -.It ip Ta ipsec-firstuse Ta integer Ta yes -.It ip Ta ipsec-invalid-life Ta integer Ta yes -.It ip Ta ipsec-pfs Ta integer Ta yes -.It ip Ta ipsec-soft-allocs Ta integer Ta yes -.It ip Ta ipsec-soft-bytes Ta integer Ta yes -.It ip Ta ipsec-soft-firstuse Ta integer Ta yes -.It ip Ta ipsec-soft-timeout Ta integer Ta yes -.It ip Ta ipsec-timeout Ta integer Ta yes -.It ip Ta maxqueue Ta integer Ta yes -.It ip Ta mforwarding Ta integer Ta yes -.It ip Ta mtudisc Ta integer Ta yes -.It ip Ta mtudisctimeout Ta integer Ta yes -.It ip Ta multipath Ta integer Ta yes -.It ip Ta portfirst Ta integer Ta yes -.It ip Ta porthifirst Ta integer Ta yes -.It ip Ta porthilast Ta integer Ta yes -.It ip Ta portlast Ta integer Ta yes -.It ip Ta redirect Ta integer Ta yes -.It ip Ta sourceroute Ta integer Ta yes -.It ip Ta stats Ta structure Ta no -.It ip Ta ttl Ta integer Ta yes -.It ipcomp Ta enable Ta integer Ta yes -.It ipip Ta allow Ta integer Ta yes -.It mobileip Ta allow Ta integer Ta yes -.It tcp Ta ackonpush Ta integer Ta yes -.It tcp Ta always_keepalive Ta integer Ta yes -.It tcp Ta baddynamic Ta array Ta yes -.It tcp Ta ecn Ta integer Ta yes -.It tcp Ta ident Ta structure Ta no -.It tcp Ta keepidle Ta integer Ta yes -.It tcp Ta keepinittime Ta integer Ta yes -.It tcp Ta keepintvl Ta integer Ta yes -.It tcp Ta mssdflt Ta integer Ta yes -.It tcp Ta reasslimit Ta integer Ta yes -.It tcp Ta rfc1323 Ta integer Ta yes -.It tcp Ta rfc3390 Ta integer Ta yes -.It tcp Ta rootonly Ta array Ta yes -.It tcp Ta rstppslimit Ta integer Ta yes -.It tcp Ta sack Ta integer Ta yes -.It tcp Ta slowhz Ta integer Ta no -.It tcp Ta stats Ta structure Ta no -.It tcp Ta synbucketlimit Ta integer Ta yes -.It tcp Ta syncachelimit Ta integer Ta yes -.It tcp Ta synhashsize Ta integer Ta yes -.It tcp Ta synuselimit Ta integer Ta yes -.It udp Ta baddynamic Ta array Ta yes -.It udp Ta checksum Ta integer Ta yes -.It udp Ta recvspace Ta integer Ta yes -.It udp Ta rootonly Ta array Ta yes -.It udp Ta sendspace Ta integer Ta yes -.It udp Ta stats Ta structure Ta no -.El -.Pp -The variables are as follows: -.Bl -tag -width "123456" -.It Li ah.enable Pq Va net.inet.ah.enable -If set to 1, enable the Authentication Header -.Pq AH -IPsec protocol. -Enabled by default. -See -.Xr ipsec 4 -for more information. -.It Li bpf.bufsize Pq Va net.bpf.bufsize -The initial size of -.Xr bpf 4 -buffers. -.It Li bpf.maxbufsize Pq Va net.bpf.maxbufsize -The maximum size a user may request a -.Xr bpf 4 -buffer to be. -.It Li carp.allow Pq Va net.inet.carp.allow -If set to 0, incoming -.Xr carp 4 -packets will not be processed. -If set to any other value, processing will occur. -Enabled by default. -.It Li carp.log Pq Va net.inet.carp.log -Controls the verbosity of -.Xr carp 4 -logging. -May be a value between 0 and 7 corresponding with -.Xr syslog 3 -priorities. -The default value is 2. -.It Li carp.preempt Pq Va net.inet.carp.preempt -If set to 0, -.Xr carp 4 -will not attempt to become master if it is receiving advertisements from -another active master. -If set to any other value, carp will become master of the virtual host if it -believes it can send advertisements more frequently than the current master. -Disabled by default. -.It Li divert.recvspace Pq Va net.inet.divert.recvspace -Returns the default divert receive buffer size. -.It Li divert.sendspace Pq Va net.inet.divert.sendspace -Returns the default divert send buffer size. -.It Li esp.enable Pq Va net.inet.esp.enable -If set to 1, enable the Encapsulating Security Payload -.Pq ESP -IPsec protocol. -Enabled by default. -See -.Xr ipsec 4 -for more information. -.It Li esp.udpencap Pq Va net.inet.esp.udpencap -If set to 1, enable processing of UDP encapsulated ESP packets. -Enabled by default. -.It Li esp.udpencap_port Pq Va net.inet.udpencap_port -Contains the value of the UDP port that triggers -decapsulation for incoming UDP encapsulated ESP packets. -The default port is 4500. -.It Li etherip.allow Pq Va net.inet.etherip.allow -If set to 0, incoming Ethernet-in-IPv4 packets will not be processed. -If set to any other value, processing will occur. -.It Li gre.allow Pq Va net.inet.gre.allow -If set to 0, incoming GRE packets will not be processed. -If set to any other value, processing will occur. -.It Li gre.wccp Pq Va net.inet.gre.wccp -If set to 0, incoming WCCPv1-style GRE packets will not be processed. -If set to any other value, and gre.allow allows GRE packet processing, -WCCPv1-style GRE packets will be processed. -.It Li icmp.bmcastecho Pq Va net.inet.icmp.bmcastecho -If set to 1, respond to ICMP echo requests destined for -broadcast and multicast addresses. -Note, enabling this could open a system to a type of denial of service attack -called -.Qq smurfing , -and is thus not advised. -.It Li icmp.errppslimit Pq Va net.inet.icmp.errppslimit -This variable specifies the maximum number of outgoing ICMP error messages -per second. -ICMP error messages exceeding this value are subject to rate limitation -and will not go out from the node. -A negative value disables rate limitation. -.It Li icmp.maskrepl Pq Va kern.inet.icmp.maskrepl -Returns 1 if ICMP network mask requests are to be answered. -.It Li icmp.rediraccept Pq Va kern.inet.icmp.rediraccept -If set to non-zero, the host will accept ICMP redirect packets. -Note that routers will never accept ICMP redirect packets, -and the variable is meaningful on IP hosts only. -.It Li icmp.redirtimeout Pq Va net.inet.icmp.redrttimeout -This variable specifies the lifetime of routing entries generated by incoming -ICMP redirects. -The default timeout is 10 minutes. -.It Li icmp.stats Pq Va kern.inet.icmp.stats -Returns the ICMP statistics in a struct icmpstat. -.It Li icmp.tstamprepl Pq Va net.inet.icmp.tstamprepl -If set to 1, reply to ICMP timestamp requests. -If set to 0, ignore timestamp requests. -.It Li ip.arpdown Pq Va net.inet.ip.arpdown -Lifetime of unresolved ARP entries, in seconds. -.It Li ip.arptimeout Pq Va net.inet.ip.arptimeout -Lifetime of resolved ARP entries, in seconds. -.It Li ip.directed-broadcast Pq Va net.inet.ip.directed-broadcast -Returns 1 if directed broadcast behavior is enabled for the host. -.It Li ip.encdebug Pq Va net.inet.ip.encdebug -Returns 1 when error message reporting is enabled for the host. -If the kernel has been compiled with the -.Dv ENCDEBUG -option, -then debugging information will also be reported when this variable is set. -.It Li ip.forwarding Pq Va net.inet.ip.forwarding -If set to 1, then IP forwarding is enabled for the host, -indicating the host is acting as a router. -If set to 2, then IP forwarding is restricted to traffic that has been -IPsec encapsulated or decapsulated by the host. -The default value is 0. -.It Li ip.ifq -Fifth level comprises an array of -.Li struct ifqueue -structures containing information about IP packet input queue. -The fifth level names for the elements of -.Li struct ifqueue -are detailed below. -.Bl -column "Fifth level name" "integer" "Changeable" -offset indent -.It Sy "Fifth level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv IFQCTL_DROPS Ta "integer" Ta "no" -.It Dv IFQCTL_LEN Ta "integer" Ta "no" -.It Dv IFQCTL_MAXLEN Ta "integer" Ta "yes" -.El -.Pp -The variables are as follows: -.Pp -.Bl -tag -width Ds -compact -.It Dv IFQCTL_DROPS Pq Va net.inet.ip.ifq.drops -Returns number of packet dropped. -.It Dv IFQCTL_LEN Pq Va net.inet.ip.ifq.len -Returns the current queue length. -.It Dv IFQCTL_MAXLEN Pq Va net.inet.ip.ifq.maxlen -Get or set the maximum number of queue length. -.El -.It Li ip.ipsec-allocs Pq Va net.inet.ip.ipsec-allocs -The number of IPsec flows that can use a security association before -it expires. -If set to less than or equal to zero, the security association will not -expire because of this counter. -The default value is 0. -.It Li ip.ipsec-auth-alg Pq Va net.inet.ip.ipsec-auth-alg -This is the default authentication algorithm the kernel will instruct -key management daemons to negotiate when establishing security -associations on behalf of the kernel. -Such security associations can occur as a result of a process having -requested some security level through -.Xr setsockopt 2 , -or as a result of dynamic VPN entries. -Supported values are hmac-md5, hmac-sha1, and hmac-ripemd160. -If set to any other value, it is left to the key management daemons to -select an authentication algorithm for the security association. -The default value is hmac-sha1. -.It Li ip.ipsec-bytes Pq Va net.inet.ip.ipsec-bytes -The number of bytes that will be processed by a security association -before it expires. -If set to less than or equal to zero, the security association will not -expire because of this counter. -The default value is 0. -.It Li ip.ipsec-comp-alg Pq Va net.inet.ip.ipsec-comp-alg -The compression algorithm to use with an IP Compression Association -.Pq IPCA . -Possible values are -.Dq deflate -and -.Dq lzs . -Note that lzs is only available with -.Xr hifn 4 . -See -.Xr ipsecctl 8 -for more information. -.It Li ip.ipsec-enc-alg Pq Va net.inet.ip.ipsec-enc-alg -This is the default encryption algorithm the kernel will instruct key -management daemons to negotiate when establishing security -associations on behalf of the kernel. -Such security associations can occur as a result of a process having -requested some security level through -.Xr setsockopt 2 , -or as a result of dynamic VPN entries. -Supported values are aes, des, 3des, blowfish and cast128. -If set to any other value, it is left to the key management daemons to -select an encryption algorithm for the security association. -The default value is aes. -.It Li ip.ipsec-expire-acquire Pq Va net.inet.ip.ipsec-expire-acquire -How long the kernel should allow key management to dynamically acquire -security associations before re-sending a request. -The default value is 30 seconds. -.It Li ip.ipsec-firstuse Pq Va net.inet.ip.ipsec-firstuse -The number of seconds after a security association is first used before -it expires. -If set to less than or equal to zero, the security association will -not expire because of this timer. -The default value is 7200 seconds. -.It Li ip.ipsec-invalid-life Pq Va net.inet.ip.ipsec-invalid-life -The lifetime of embryonic Security Associations (SAs that key management -daemons have reserved but not fully established yet) in seconds. -If set to less than or equal to zero, embryonic SAs will not expire. -The default value is 60. -.It Li ip.ipsec-pfs Pq Va net.inet.ip.ipsec-pfs -If set to any non-zero value, the kernel will ask the key management -daemons to use Perfect Forward Secrecy when establishing IPsec -Security Associations. -Perfect Forward Secrecy makes IPsec Security Associations -cryptographically distinct from each other, such that breaking the key -for one such SA does not compromise any others. -Requiring PFS for every security association significantly increases the -computational load of -.Xr isakmpd 8 -exchanges. -The default value is 1. -.It Li ip.ipsec-soft-allocs Pq Va net.inet.ip.ipsec-soft-allocs -The number of IPsec flows that can use a security association before a -message is sent by the kernel to key management for renegotiation -of the security association. -If set to less than or equal to zero, no message is sent to key -management. -The default value is 0. -.It Li ip.ipsec-soft-bytes Pq Va net.inet.ip.ipsec-soft-bytes -The number of bytes that will be processed by a security association -before a message is sent by the kernel to key management for -renegotiation of the security association. -If set to less than or equal to zero, no message is sent to key -management. -The default value is 0. -.It Li ip.ipsec-soft-firstuse Pq Va net.inet.ip.ipsec-soft-firstuse -The number of seconds after a security association is first used -before a message is sent by the kernel to key management for -renegotiation of the security association. -If set to less than or equal to zero, no message is sent to key -management. -The default value is 3600 seconds. -.It Li ip.ipsec-soft-timeout Pq Va net.inet.ip.ipsec-soft-timeout -The number of seconds after a security association is established -before a message is sent by the kernel to key management for -renegotiation of the security association. -If set to less than or equal to zero, no message is sent to key -management. -The default value is 80000 seconds. -.It Li ip.ipsec-timeout Pq Va net.inet.ip.ipsec-timeout -The number of seconds after a security association is established -before it will expire. -If set to less than or equal to zero, the security association will -not expire because of this timer. -The default value is 86400 seconds. -.It Li ip.maxqueue Pq Va net.inet.ip.maxqueue -Fragment flood protection. -Sets the maximum number of unassembled IP fragments in the fragment queue. -.It Li ip.mforwarding Pq Va net.inet.ip.mforwarding -If set to 1, then multicast forwarding is enabled for the host. -The default is 0. -.It Li ip.mtudisc Pq Va net.inet.ip.mtudisc -Returns 1 if Path MTU Discovery is enabled. -.It Li ip.mtudisctimeout Pq Va net.inet.ip.mtudisctimeout -Number of seconds in which a route added by the Path MTU -Discovery engine will time out. -When the route times out, the Path MTU Discovery engine will attempt -to probe a larger path MTU. -.It Li ip.multipath Pq Va net.inet.ip.multipath -This variable enables multipath routing for IPv4 addresses. -If set to 0, only the first route selected will be used for a given -destination regardless of how many routes exist in the routing table. -.It Li ip.portfirst Pq Va net.inet.ip.portfirst -Minimum registered port number for TCP/UDP port allocation. -Registered ports can be used by ordinary user processes -or programs executed by ordinary users. -Cannot be less than 1024 or greater than 49151. -Must be less than ip.portlast. -.It Li ip.porthifirst Pq Va net.inet.ip.porthifirst -Minimum dynamic/private port number for TCP/UDP port allocation. -Dynamic/private ports can be used by ordinary user processes -or programs executed by ordinary users. -Cannot be less than 49152 or greater than 65535. -Must be less than ip.porthilast. -.It Li ip.porthilast Pq Va net.inet.ip.porthilast -Maximum dynamic/private port number for TCP/UDP port allocation. -Dynamic/private ports can be used by ordinary user processes -or programs executed by ordinary users. -Cannot be less than 49152 or greater than 65535. -Must be greater than ip.porthifirst. -.It Li ip.portlast Pq Va net.inet.ip.portlast -Maximum registered port number for TCP/UDP port allocation. -Registered ports can be used by ordinary user processes -or programs executed by ordinary users. -Cannot be less than 1024 or greater than 49151. -Must be greater than ip.portfirst. -.It Li ip.redirect Pq Va net.inet.ip.redirect -Returns 1 when ICMP redirects may be sent by the host. -This option is ignored unless the host is routing IP packets, -and should normally be enabled on all systems. -.It Li ip.sourceroute Pq Va net.inet.ip.sourceroute -Returns 1 when forwarding of source-routed packets is enabled for -the host. -When running with a -.Xr securelevel 7 -greater than 0, -this variable may not be changed. -.It Li ip.stats Pq Va net.inet.ip.stats -Returns the IP statistics in a struct ipstat. -.It Li ip.ttl Pq Va net.inet.ip.ttl -The maximum time-to-live (hop count) value for an IP packet -sourced by the system. -This value applies to normal transport protocols, not to ICMP. -.It Li ipcomp.enable Pq Va net.inet.ipcomp.enable -Enable the IPComp protocol. -See -.Xr ipsecctl 8 -for more information. -.It Li ipip.allow Pq Va net.inet.ipip.allow -If set to 0, incoming IP-in-IP packets will not be processed. -If set to any other value, processing will occur; furthermore, if set -to 2, no checks for spoofing of loopback addresses will be done. -This is useful only for debugging purposes, and should never be used -in production systems. -.It Li mobileip.allow Pq Va net.inet.mobileip.allow -If set to 0, incoming Mobile IP encapsulated packets (RFC 2004) will not be -processed. -If set to any other value, processing will occur. -.It Li tcp.ackonpush Pq Va net.inet.tcp.ackonpush -Returns 1 if TCP segments with the -.Dv TH_PUSH -flag set are being acknowledged immediately, otherwise 0. -.It Li tcp.baddynamic Pq Va net.inet.tcp.baddynamic -An array of -.Li in_port_t -is returned specifying the bitmask of TCP ports between 512 -and 1023 inclusive that should not be allocated dynamically -by the kernel (i.e., they must be bound specifically by port number). -.It Li tcp.ecn Pq Va net.inet.tcp.ecn -Returns 1 if Explicit Congestion Notifications for TCP are enabled. -.It Li tcp.ident Pq Va net.inet.tcp.ident -A -.Li struct tcp_ident_mapping -specifying a local and foreign endpoint of a TCP -socket is filled in with the effective and real UIDs of the process that -owns the socket. -If no such socket exists, then the effective and real UID values are -both set to \-1. -.It Li tcp.keepidle Pq Va net.inet.tcp.keepidle -If the socket option -.Dv SO_KEEPALIVE -has been set on a socket, then this value specifies how much time a -connection needs to be idle before keepalives are sent. -See also tcp.slowhz. -.It Li tcp.keepinittime Pq Va net.inet.tcp.keepinittime -Time to keep alive the initial SYN packet of a TCP handshake. -.It Li tcp.keepintvl Pq Va net.inet.tcp.keepintvl -Time after a keepalive probe is sent until, in the absence of any response, -another probe is sent. -See also tcp.slowhz. -.It Li tcp.always_keepalive Pq Va net.inet.tcp.always_keepalive -Act as if the option -.Dv SO_KEEPALIVE -was set on all TCP sockets. -.It Li tcp.mssdflt Pq Va net.inet.tcp.mssdflt -The maximum segment size that is used as default for non-local connections. -The default value is 512. -.It Li tcp.reasslimit Pq Va net.inet.tcp.reasslimit -The maximum number of out-of-order TCP -segments the system will store for reassembly. -.It Li tcp.rfc1323 Pq Va net.inet.tcp.rfc1323 -Returns 1 if RFC 1323 extensions to TCP are enabled. -.It Li tcp.rfc3390 Pq Va net.inet.tcp.rfc3390 -Returns 1 if the TCP Initial Window -is increased to 4 * MSS or 4380 bytes, as specified in RFC 3390. -Returns 2 if the TCP Initial Window -is increased to 10 * MSS or 14600 bytes, as specified in -RFC 6928. -.It Li tcp.rootonly Pq Va net.inet.tcp.rootonly -An array of -.Li in_port_t -is returned specifying the bitmask of TCP ports -that can only be bound by processes with root euid. -When running with a -.Xr securelevel 7 -greater than 0, -this variable may not be changed. -.It Li tcp.rstppslimit Pq Va net.inet.tcp.rstppslimit -This variable specifies the maximum number of outgoing TCP RST packets -per second. -TCP RST packets exceeding this value are subject to rate limitation -and will not go out from the node. -A negative value disables rate limitation. -.It Li tcp.sack Pq Va net.inet.tcp.sack -Returns 1 if RFC 2018 Selective Acknowledgements are enabled. -.It Li tcp.slowhz Pq Va net.inet.tcp.slowhz -The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks -of a clock that ticks tcp.slowhz times per second. -(That is, their values must be divided by the tcp.slowhz value to get times -in seconds.) -.It Li tcp.stats Pq Va net.inet.tcp.stats -Returns the TCP statistics in a struct tcpstat. -.It Li tcp.synbucketlimit Pq Va net.inet.tcp.synbucketlimit -The maximum number of entries allowed per hash bucket in the TCP SYN cache. -.It Li tcp.syncachelimit Pq Va net.inet.tcp.syncachelimit -The maximum number of entries allowed in the TCP SYN cache. -.It Li tcp.synhashsize Pq Va net.inet.tcp.synhashsize -The number of buckets in the TCP SYN cache hash array. -After the value is set, the actual size changes when the alternative -SYN cache becomes empty and both SYN caches are swapped. -.It Li tcp.synuselimit Pq Va net.inet.tcp.synuselimit -The minimum number of times the hash function for the TCP SYN cache is used -before it is reseeded. -.It Li udp.baddynamic Pq Va net.inet.udp.baddynamic -Analogous to -.Li tcp.baddynamic -but for UDP sockets. -.It Li udp.checksum Pq Va net.inet.udp.checksum -Returns 1 when UDP checksums are being computed and checked. -Disabling UDP checksums is strongly discouraged. -.It Li udp.recvspace Pq Va net.inet.udp.recvspace -Returns the default UDP receive buffer size. -.It Li udp.rootonly Pq Va net.inet.udp.rootonly -Analogous to -.Li tcp.rootonly -but for UDP sockets. -.It Li udp.sendspace Pq Va net.inet.udp.sendspace -Returns the default UDP send buffer size. -.It Li udp.stats Pq Va net.inet.udp.stats -Returns the UDP statistics in a struct udpstat. -.El -.It Dv PF_INET6 -Get or set various global information about IPv6 -.Pq Internet Protocol version 6 . -The third level name is the protocol. -The fourth level name is the variable name. -The currently defined protocols and names are: -.Bl -column "Protocol name" "multicast_mtudisc" "integer" "yes" -offset indent -.It Sy "Protocol name" Ta Sy "Variable name" Ta Sy "Type" Ta Sy "Changeable" -.It icmp6 Ta errppslimit Ta integer Ta yes -.It icmp6 Ta mtudisc_hiwat Ta integer Ta yes -.It icmp6 Ta mtudisc_lowat Ta integer Ta yes -.It icmp6 Ta nd6_debug Ta integer Ta yes -.It icmp6 Ta nd6_delay Ta integer Ta yes -.It icmp6 Ta nd6_maxnudhint Ta integer Ta yes -.It icmp6 Ta nd6_mmaxtries Ta integer Ta yes -.It icmp6 Ta nd6_umaxtries Ta integer Ta yes -.It icmp6 Ta redirtimeout Ta integer Ta yes -.It ip6 Ta auto_flowlabel Ta integer Ta yes -.It ip6 Ta dad_count Ta integer Ta yes -.It ip6 Ta dad_pending Ta integer Ta yes -.It ip6 Ta defmcasthlim Ta integer Ta yes -.It ip6 Ta forwarding Ta integer Ta yes -.It ip6 Ta hdrnestlimit Ta integer Ta yes -.It ip6 Ta hlim Ta integer Ta yes -.It ip6 Ta ifq Ta node Ta "N/A" -.It ip6 Ta log_interval Ta integer Ta yes -.It ip6 Ta maxdynroutes Ta integer Ta yes -.It ip6 Ta maxfragpackets Ta integer Ta yes -.It ip6 Ta maxfrags Ta integer Ta yes -.It ip6 Ta mforwarding Ta integer Ta yes -.It ip6 Ta mtudisctimeout Ta integer Ta yes -.It ip6 Ta multicast_mtudisc Ta integer Ta yes -.It ip6 Ta multipath Ta integer Ta yes -.It ip6 Ta neighborgcthresh Ta integer Ta yes -.It ip6 Ta redirect Ta integer Ta yes -.It ip6 Ta use_deprecated Ta integer Ta yes -.El -.Pp -The variables are as follows: -.Pp -.Bl -tag -width "123456" -compact -.It Li icmp6.errppslimit Pq Va net.inet6.icmp6.errppslimit -This variable specifies the maximum number of outgoing ICMPv6 error messages -per second. -ICMPv6 error messages exceeding this value are subject to rate limitation -and will not go out from the node. -A negative value will disable the rate limitation. -.Pp -.It Li icmp6.mtudisc_hiwat Pq Va net.inet6.icmp6.mtudisc_hiwat -.It Li icmp6.mtudisc_lowat Pq Va net.inet6.icmp6.mtudisc_lowat -These variables define the maximum number of routing table entries -created due to path MTU discovery -.Pq preventing denial-of-service attacks with ICMPv6 too big messages . -After IPv6 path MTU discovery happens, path MTU information is kept in -the routing table. -If the number of routing table entries exceeds this value, -the kernel will not attempt to keep the path MTU information. -.Li icmp6.mtudisc_hiwat -is used when we have verified ICMPv6 too big messages. -.Li icmp6.mtudisc_lowat -is used when we have unverified ICMPv6 too big messages. -Verification is performed by using address/port pairs kept in connected PCBs. -A negative value disables the upper limit. -.Pp -.It Li icmp6.nd6_debug Pq Va net.inet6.icmp6.nd6_debug -If set to non-zero, IPv6 neighbor discovery will generate debugging -messages. -The debug output is useful for diagnosing IPv6 interoperability issues. -The flag must be set to 0 for normal operation. -.Pp -.It Li icmp6.nd6_delay Pq Va net.inet6.icmp6.nd6_delay -This variable specifies the -.Dv DELAY_FIRST_PROBE_TIME -timing constant in IPv6 neighbor discovery specification -.Pq RFC 4861 , -in seconds. -.Pp -.It Li icmp6.nd6_maxnudhint Pq Va net.inet6.icmp6.nd6_maxnudhint -IPv6 neighbor discovery permits upper layer protocols to supply reachability -hints, to avoid unnecessary neighbor discovery exchanges. -This variable defines the number of consecutive hints the neighbor discovery -layer will take. -For example, by setting the variable to 3, neighbor discovery will take -a maximum of 3 consecutive hints. -After receiving 3 hints, the neighbor discovery layer will instead perform -the normal neighbor discovery process. -.Pp -.It Li icmp6.nd6_mmaxtries Pq Va net.inet6.icmp6.nd6_mmaxtries -This variable specifies the -.Dv MAX_MULTICAST_SOLICIT -constant in IPv6 neighbor discovery specification -.Pq RFC 4861 . -.Pp -.It Li icmp6.nd6_umaxtries Pq Va net.inet6.icmp6.nd6_umaxtries -This variable specifies the -.Dv MAX_UNICAST_SOLICIT -constant in IPv6 neighbor discovery specification -.Pq RFC 4861 . -.Pp -.It Li icmp6.redirtimeout Pq Va net.inet6.icmp6.redirtimeout -The variable specifies the lifetime of routing entries generated by -incoming ICMPv6 redirects. -.Pp -.It Li ip6.auto_flowlabel Pq Va net.inet6.ip6.auto_flowlabel -On connected transport protocol packets, -fill the IPv6 flowlabel field to help intermediate routers identify -packet flows. -.Pp -.It Li ip6.dad_count Pq Va net.inet6.ip6.dad_count -This variable configures the number of IPv6 DAD -.Pq duplicated address detection -probe packets. -These packets are generated when IPv6 interfaces are first brought up. -.Pp -.It Li ip6.dad_pending Pq Va net.inet6.ip6.dad_pending -This variable displays the number of pending IPv6 DAD -.Pq duplicated address detection -before completion. -It is used to make sure that DAD is completed before -.Xr netstart 8 -is executed. -.Pp -.It Li ip6.defmcasthlim Pq Va net.inet6.ip6.defmcasthlim -The default hop limit value for an IPv6 multicast packet sourced by the node. -This value applies to all the transport protocols on top of IPv6. -Methods for overriding this value are documented in -.Xr ip6 4 . -.Pp -.It Li ip6.forwarding Pq Va net.inet6.ip6.forwarding -Returns 1 when IPv6 forwarding is enabled for the node, -meaning that the node is acting as a router. -Returns 0 when IPv6 forwarding is disabled for the node, -meaning that the node is acting as a host. -Note that IPv6 defines node behavior for the -.Dq router -and -.Dq host -cases quite differently, and changing this variable during operation -may cause serious trouble. -Hence, this variable should only be set at bootstrap time. -.Pp -.It Li ip6.hdrnestlimit Pq Va net.inet6.ip6.hdrnestlimit -The number of IPv6 extension headers permitted on incoming IPv6 packets. -If set to 0, the node will accept as many extension headers as possible. -.Pp -.It Li ip6.hlim Pq Va net.inet6.ip6.hlim -The default hop limit value for an IPv6 unicast packet sourced by the node. -This value applies to all the transport protocols on top of IPv6. -Methods for overriding this value are documented in -.Xr ip6 4 . -.Pp -.It Li ip6.ifq Pq Va net.inet6.ip6.ifq -Fifth level comprises an array of -.Li struct ifqueue -structures containing information about IPv6 packet input queue. -The fifth level names for the elements of -.Li struct ifqueue -are detailed above in -.Li ip.ifq . -.Pp -.It Li ip6.log_interval Pq Va net.inet6.ip6.log_interval -This variable permits adjusting the amount of logs generated by the -IPv6 packet forwarding engine. -The value indicates the number of -seconds of interval which must elapse between log output. -.Pp -.It Li ip6.maxdynroutes Pq Va net.inet6.ip6.maxdynroutes -Maximum number of routes created by redirect. -Set to negative to disable. -The default value is 4096. -.Pp -.It Li ip6.maxfragpackets Pq Va net.inet6.ip6.maxfragpackets -The maximum number of fragmented packets the node will accept. -0 means that the node will not accept any fragmented packets. -\-1 means that the node will accept as many fragmented packets as it receives. -The flag is provided basically for avoiding possible DoS attacks. -.Pp -.It Li ip6.maxfrags Pq Va net.inet6.ip6.maxfrags -The maximum number of fragments the node will accept. -0 means that the node will not accept any fragments. -\-1 means that the node will accept as many fragments as it receives. -The flag is provided basically for avoiding possible DoS attacks. -.Pp -.It Li ip6.mforwarding Pq Va net.inet6.ip6.mforwarding -If set to 1, then multicast forwarding is enabled for the host. -The default is 0. -.Pp -.It Li ip6.multicast_mtudisc Pq Va net.inet6.ip6.multicast_mtudisc -This variable controls generation of ICMPv6 Too Big messages -when the machine is performing as an IPv6 multicast router. -If set to 1, an ICMPv6 Too Big message will be generated for multicast packets -which were too big to be forwarded. -If set to 0, the ICMPv6 Too Big message will be suppressed. -.Pp -.It Li ip6.multipath Pq Va net.inet6.ip6.multipath -This variable enables multipath routing for IPv6 addresses. -If set to 0, only the first route selected will be used for a given -destination regardless of how many routes exist in the routing table. -.Pp -.It Li ip6.mtudisctimeout Pq Va net.inet6.ip6.mtudisctimeout -Number of seconds in which a route added by the Path MTU -Discovery engine will time out. -When the route times out, the Path MTU Discovery engine will attempt -to probe a larger path MTU. -.Pp -.It Li ip6.neighborgcthresh Pq Va net.inet6.ip6.neighborgcthresh -Maximum number of entries in neighbor cache. -Set to negative to disable. -The default value is 2048. -.Pp -.It Li ip6.redirect Pq Va net.inet6.ip6.redirect -Returns 1 when ICMPv6 redirects may be sent by the node. -This option is ignored unless the node is routing IP packets, -and should normally be enabled on all systems. -.Pp -.It Li ip6.use_deprecated Pq Va net.inet6.ip6.use_deprecated -This variable controls the use of deprecated addresses, specified in -RFC 4862 5.5.4. -.El -.Pp -We reuse -.Li net.inet.tcp -and -.Li net.inet.udp -for TCP/UDP over IPv6. -.It Dv PF_KEY -Return -.Xr ipsec 4 -database dumps. -The second level name is -.Dv PF_KEY_V2 . -The third level name selects the database as follows: -.Pp -.Bl -tag -width "NET_KEY_SADB_DUMP" -offset indent -compact -.It Dv NET_KEY_SADB_DUMP -Security Association database (SADB). -.It Dv NET_KEY_SPD_DUMP -IPsec flow database (SPD). -.El -.It Dv PF_MPLS -Get or set global information about MPLS (Multiprotocol Label Switching). -.Bl -column "MPLSCTL_MAXINKLOOP " "integer" "not applicable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv MPLSCTL_DEFTTL Ta integer Ta yes -.It Dv MPLSCTL_IFQUEUE Ta node Ta "not applicable" -.It Dv MPLSCTL_MAPTTL_IP Ta integer Ta yes -.It Dv MPLSCTL_MAPTTL_IP6 Ta integer Ta yes -.It Dv MPLSCTL_MAXINKLOOP Ta integer Ta yes -.El -.Bl -tag -width "123456" -.It Dv MPLSCTL_DEFTTL Pq Va net.mpls.ttl -Set or get the default TTL value which is used for MPLS (Shim) Header. -The default is 255. -.It Dv MPLSCTL_IFQUEUE Pq Va net.mpls.ifq -Fourth level comprises an array of -.Li struct ifqueue -structures containing information about MPLS packet input queue. -The forth level names for the elements of -.Li struct ifqueue are same as described in -.Li ip.ifq -in the -.Dv PF_INET -section. -.It Dv MPLSCTL_MAPTTL_IP Pq Va net.mpls.mapttl_ip -If set to 1 the TTL field is synchronized between the IP header and the -MPLS label stack. -If set to 0 the IP header TTL is not modified while passing through MPLS -and the MPLS label stack is initialized with the -.Dv MPLSCTL_DEFTTL . -The default is 1. -.It Dv MPLSCTL_MAPTTL_IP6 Pq Va net.mpls.mapttl_ip6 -If set to 1 the TTL field is synchronized between the IPv6 header and the -MPLS label stack. -If set to 0 the IPv6 header TTL is not modified while passing through MPLS -and the MPLS label stack is initialized with the -.Dv MPLSCTL_DEFTTL . -The default is 0. -.It Dv MPLSCTL_MAXINKLOOP Pq Va net.mpls.maxloop_inkernel -Set or get the maxinum number of label stack operations (push, swap, pop) -that can be made on a packet. -The default is 16. -.El -.It Dv PF_PIPEX Pq Va net.pipex -Get or set global information about PIPEX. -.Pp -The currently defined variable names are: -.Bl -column "Third level name" "integer" "Changeable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv PIPEXCTL_ENABLE Ta integer Ta yes -.It Dv PIPEXCTL_INQ Ta node Ta not applicable -.It Dv PIPEXCTL_OUTQ Ta node Ta not applicable -.El -.Bl -tag -width "123456" -.It Dv PIPEXCTL_ENABLE -If set to 1, enable PIPEX processing. -The default is 0. -.It Dv PIPEXCTL_INQ Pq Va net.pipex.inq -Fourth level comprises an array of -.Li struct ifqueue -structures containing information about the PIPEX packet input queue. -The forth level names for the elements of -.Li struct ifqueue -are the same as described in -.Li ip.ifq -in the -.Dv PF_INET -section. -.It Dv PIPEXCTL_OUTQ Pq Va net.pipex.outq -Fourth level comprises an array of -.Li struct ifqueue -structures containing information about PIPEX packet output queue. -The forth level names for the elements of -.Li struct ifqueue are same as described in -.Li ip.ifq -in the -.Dv PF_INET -section. -.El -.El -.Ss CTL_VFS -The string and integer information available for the -.Dv CTL_VFS -level is detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -.Bl -column "Second level name" "VFS generic info" "Changeable" -offset indent -.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv VFS_GENERIC Ta "VFS generic info" Ta "no" -.It Dv "filesystem #" Ta "filesystem info" Ta "no" -.El -.Bl -tag -width "123456" -.It Dv VFS_GENERIC -This second level identifier requests generic information about the -VFS layer. -Within it, the following third level identifiers exist: -.Bl -column "Third level name" "struct vfsconf" "Changeable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv VFS_CONF Ta "struct vfsconf" Ta "no" -.It Dv VFS_MAXTYPENUM Ta "int" Ta "no" -.El -.It filesystem # -After finding the filesystem dependent -.Va vfc_typenum -using -.Dv VFS_GENERIC -with -.Dv VFS_CONF , -it is possible to access filesystem dependent information. -.Pp -Some filesystems may contain settings. -.Bl -tag -width "123" -.It FFS -.Bl -column "FFS_SD_DIRECT_BLK_PTRS" "integer" "Changeable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv FFS_DIRHASH_DIRSIZE Ta "integer" Ta "yes" -.It Dv FFS_DIRHASH_MAXMEM Ta "integer" Ta "yes" -.It Dv FFS_DIRHASH_MEM Ta "integer" Ta "no" -.It Dv FFS_MAX_SOFTDEPS Ta "integer" Ta "yes" -.It Dv FFS_SD_BLK_LIMIT_HIT Ta "integer" Ta "yes" -.It Dv FFS_SD_BLK_LIMIT_PUSH Ta "integer" Ta "yes" -.It Dv FFS_SD_DIR_ENTRY Ta "integer" Ta "yes" -.It Dv FFS_SD_DIRECT_BLK_PTRS Ta "integer" Ta "yes" -.It Dv FFS_SD_INDIR_BLK_PTRS Ta "integer" Ta "yes" -.It Dv FFS_SD_INO_LIMIT_HIT Ta "integer" Ta "yes" -.It Dv FFS_SD_INO_LIMIT_PUSH Ta "integer" Ta "yes" -.It Dv FFS_SD_INODE_BITMAP Ta "integer" Ta "yes" -.It Dv FFS_SD_SYNC_LIMIT_HIT Ta "integer" Ta "yes" -.It Dv FFS_SD_TICKDELAY Ta "integer" Ta "yes" -.It Dv FFS_SD_WORKLIST_PUSH Ta "integer" Ta "yes" -.El -.Bl -tag -width "123456" -.It Dv FFS_DIRHASH_DIRSIZE Pq Va vfs.ffs.dirhash_dirsize -The minimum size of a directory, in bytes, before it is considered for hashing. -.It Dv FFS_DIRHASH_MAXMEM Pq Va vfs.ffs.dirhash_maxmem -The maximum amount of memory, in bytes, to be used for storing directory -hashes. -.It Dv FFS_DIRHASH_MEM Pq Va vfs.ffs.dirhash_mem -The amount of memory currently used by all directory hashes. -.It Dv FFS_MAX_SOFTDEPS Pq Va vfs.ffs.max_softdeps -Maximum strcuctures before slowdowns. -.It Dv FFS_SD_BLK_LIMIT_HIT Pq Va vfs.ffs.sd_blk_limit_hit -Number of times block slowdown imposed. -.It Dv FFS_SD_BLK_LIMIT_PUSH Pq Va vfs.ffs.sd_blk_limit_push -Number of times block limit neared. -.It Dv FFS_SD_DIR_ENTRY Pq Va vfs.ffs.sd_dir_entry -Bufs redirtied as dir entry cannot write. -.It Dv FFS_SD_DIRECT_BLK_PTRS Pq Va vfs.ffs.sd_direct_blk_ptrs -Bufs redirtied as direct ptrs not written. -.It Dv FFS_SD_INDIR_BLK_PTRS Pq Va vfs.ffs.sd_indir_blk_ptrs -Bufs redirtied as indirect ptrs not written. -.It Dv FFS_SD_INO_LIMIT_HIT Pq Va vfs.ffs.sd_ino_limit_hit -Number of times inode limit imposed. -.It Dv FFS_SD_INO_LIMIT_PUSH Pq Va vfs.ffs.sd_ino_limit_push -Number of times inode limit neared. -.It Dv FFS_SD_INODE_BITMAP Pq Va vfs.ffs.sd_inode_bitmap -Bufs redirtied as inode bitmap not written. -.It Dv FFS_SD_SYNC_LIMIT_HIT Pq Va vfs.ffs.sd_sync_limit_hit -Number of synchronous slowdowns imposed. -.It Dv FFS_SD_TICKDELAY Pq Va vfs.ffs.sd_tickdelay -Ticks to pause during slowdown. -.It Dv FFS_SD_WORKLIST_PUSH Pq Va vfs.ffs.sd_worklist_push -Number of worklist cleanups. -.El -.It NFS -.Bl -column "Third level name" "struct nfsstats" "Changeable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv NFS_NFSSTATS Ta "struct nfsstats" Ta "yes" -.It Dv NFS_NIOTHREADS Ta "int" Ta "yes" -.El -.Bl -tag -width Ds -.It Dv NFS_NIOTHREADS Pq Va vfs.nfs.iothreads -The number of I/O kernel threads for NFS clients. -The default is 4; -the maximum is 20. -.El -.It FUSE -.Bl -column "FUSEFS_POOL_NBPAGES" "Type" "Changeable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv FUSEFS_INFBUFS Ta "int" Ta "no" -.It Dv FUSEFS_OPENDEVS Ta "int" Ta "no" -.It Dv FUSEFS_POOL_NBPAGES Ta "int" Ta "no" -.It Dv FUSEFS_WAITFBUFS Ta "int" Ta "no" -.El -.Bl -tag -width Ds -.It Dv FUSEFS_INFBUFS Pq Va vfs.fuse.fusefs_fbufs_in -The number of inbound fusebufs. -.It Dv FUSEFS_OPENDEVS Pq Va vfs.fuse.fusefs_open_devices -The number of FUSE devices opened. -.It Dv FUSEFS_POOL_NBPAGES Pq Va vfs.fuse.fusefs_pool_pages -The number of pages used for fusebuf memory. -.It Dv FUSEFS_WAITFBUFS Pq Va vfs.fuse.fusefs_fbufs_wait -The number of fusebufs waiting for a response. -.El -.El -.El -.Ss CTL_VM -The string and integer information available for the -.Dv CTL_VM -level is detailed below. -The changeable column shows whether a process with appropriate -privileges may change the value. -.Bl -column "Second level name" "swap encrypt values" "yes" -offset indent -.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv VM_ANONMIN Ta "integer" Ta "yes" -.It Dv VM_LOADAVG Ta "struct loadavg" Ta "no" -.It Dv VM_MAXSLP Ta "integer" Ta "no" -.It Dv VM_METER Ta "struct vmtotal" Ta "no" -.It Dv VM_NKMEMPAGES Ta "integer" Ta "no" -.It Dv VM_PSSTRINGS Ta "struct psstrings" Ta "no" -.It Dv VM_SWAPENCRYPT Ta "swap encrypt values" Ta "yes" -.It Dv VM_USPACE Ta "integer" Ta "no" -.It Dv VM_UVMEXP Ta "struct uvmexp" Ta "no" -.It Dv VM_VNODEMIN Ta "integer" Ta "yes" -.It Dv VM_VTEXTMIN Ta "integer" Ta "yes" -.El -.Bl -tag -width "123456" -.It Dv VM_ANONMIN Pq Va vm.anonmin -Percentage of physical memory available for -pages which contain anonymous mapping. -.It Dv VM_LOADAVG Pq Va vm.loadavg -Return the load average history. -The returned data consists of a -.Li struct loadavg . -.It Dv VM_MAXSLP Pq Va vm.maxslp -The time for a process to be blocked before being swappable, -in seconds. -.It Dv VM_METER Pq Va vm.vmmeter -Return the system wide virtual memory statistics. -The returned data consists of a -.Li struct vmtotal . -.It Dv VM_NKMEMPAGES Pq Va vm.nkmempages -Number of pages in kmem_map. -.It Dv VM_PSSTRINGS Pq Va vm.psstrings -Returns the address of the process -.Li struct ps_strings . -The -.Xr ps 1 -program uses it to locate the argument and environment strings. -.It Dv VM_SWAPENCRYPT -Contains statistics about swap encryption. -The string and integer information available for the third level is -detailed below. -.Bl -column "Third level name" "integer" "Changeable" -offset indent -.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" -.It Dv SWPENC_CREATED Ta "integer" Ta "no" -.It Dv SWPENC_DELETED Ta "integer" Ta "no" -.It Dv SWPENC_ENABLE Ta "integer" Ta "yes" -.El -.Bl -tag -width "123456" -.It Dv SWPENC_CREATED Pq Va vm.swapencrypt.keyscreated -The number of encryption keys that have been randomly created. -The swap partition is divided into sections of normally 512KB. -Each section has its own encryption key. -.It Dv SWPENC_DELETED Pq Va vm.swapencrypt.keysdeleted -The number of encryption keys that have been deleted, thus effectively -erasing the data that has been encrypted with them. -Encryption keys are deleted when their reference counter reaches zero. -.It Dv SWPENC_ENABLE Pq Va vm.swapencrypt.enable -Set to 1 to enable swap encryption for all processes. -A 0 disables swap encryption. -Pages still on swap receive a grandfather clause. -Turning this option on does not affect legacy swap data already on the disk, -but all newly written data will be encrypted. -When swap encryption is turned on, automatic -.Xr crash 8 -dumps are disabled. -.El -.It Dv VM_USPACE Pq Va vm.uspace -The number of bytes allocated for each kernel stack. -.It Dv VM_UVMEXP Pq Va vm.uvmexp -Contains statistics about the UVM memory management system. -.It Dv VM_VNODEMIN Pq Va vm.vnodemin -Percentage of physical memory available for -pages which contain cached file data. -.It Dv VM_VTEXTMIN Pq Va vm.vtextmin -Percentage of physical memory available for -pages which contain cached executable data. -.El -.Sh RETURN VALUES -If the call to -.Fn sysctl -is unsuccessful, \-1 is returned and -.Va errno -is set appropriately. -.Sh FILES -.Bl -tag -width "uvm/uvmXswapXencrypt.h " -compact -.It In sys/sysctl.h -top level identifiers and second level kernel and hardware -identifiers -.It In sys/socket.h -second level network identifiers -.It In sys/gmon.h -third level profiling identifiers -.It In uvm/uvm_param.h -second level virtual memory identifiers -.It In uvm/uvm_swap_encrypt.h -third level virtual memory identifiers -.It In net/if.h -packet input/output queue identifiers -.It In net/pipex.h -third level PIPEX identifiers -.It In netinet/in.h -third and fourth level IPv4/v6 identifiers -.It In netinet/ip_divert.h -fourth level divert identifiers -.It In netinet/icmp_var.h -fourth level ICMP identifiers -.It In netinet/icmp6.h -fourth level ICMPv6 identifiers -.It In netinet/tcp_var.h -fourth level TCP identifiers -.It In netinet/udp_var.h -fourth level UDP identifiers -.It In ddb/db_var.h -second level ddb identifiers -.It In sys/mount.h -second level vfs identifiers -.It In miscfs/fuse/fusefs.h -third level fusefs identifiers -.It In nfs/nfs.h -third level NFS identifiers -.It In ufs/ffs/ffs_extern.h -third level FFS identifiers -.It In machine/cpu.h -second level CPU identifiers -.El -.Sh ERRORS -The following errors may be reported: -.Bl -tag -width Er -.It Bq Er EFAULT -The buffer -.Fa name , -.Fa oldp , -.Fa newp , -or length pointer -.Fa oldlenp -contains an invalid address. -.It Bq Er EINVAL -The -.Fa name -array is less than two or greater than -.Dv CTL_MAXNAME . -.It Bq Er EINVAL -A non-null -.Fa newp -pointer is given and its specified length in -.Fa newlen -is too large or too small. -.It Bq Er ENOMEM -The length pointed to by -.Fa oldlenp -is too short to hold the requested value. -.It Bq Er ENOENT -The mib specified does not exist, or exceeds the range that is possible. -.It Bq Er ENXIO -If the mib is a sparsely populated array, this error may be returned -instead. -.It Bq Er ENOTDIR -The -.Fa name -array specifies an intermediate rather than terminal name. -.It Bq Er EOPNOTSUPP -The -.Fa name -array specifies a value that is unknown. -.It Bq Er EPERM -An attempt is made to set a read-only value. -.It Bq Er EPERM -A process without appropriate privileges attempts to set a value. -.It Bq Er EPERM -An attempt to change a value protected by the current kernel security -level is made. -.It Bq Er ESRCH -No process could be found which corresponds to the given process ID. -.El -.Sh SEE ALSO -.Xr pathconf 2 , -.Xr sysconf 3 , -.Xr ddb 4 , -.Xr sysctl.conf 5 , -.Xr securelevel 7 , -.Xr sysctl 8 -.Sh HISTORY -The -.Fn sysctl -function first appeared in -.Bx 4.4 . diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc index 40cbd9640fc..6823d7472a8 100644 --- a/lib/libc/sys/Makefile.inc +++ b/lib/libc/sys/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.153 2017/11/28 06:03:41 guenther Exp $ +# $OpenBSD: Makefile.inc,v 1.154 2018/01/12 04:36:12 deraadt Exp $ # $NetBSD: Makefile.inc,v 1.35 1995/10/16 23:49:07 jtc Exp $ # @(#)Makefile.inc 8.1 (Berkeley) 6/17/93 @@ -194,5 +194,5 @@ MAN+= __get_tcb.2 __thrsigdivert.2 __thrsleep.2 _exit.2 accept.2 \ shmctl.2 shmget.2 shutdown.2 sigaction.2 sigaltstack.2 sigpending.2 \ sigprocmask.2 sigreturn.2 sigsuspend.2 socket.2 \ socketpair.2 stat.2 statfs.2 swapctl.2 symlink.2 \ - sync.2 sysarch.2 syscall.2 thrkill.2 truncate.2 umask.2 unlink.2 \ - utimes.2 utrace.2 vfork.2 wait.2 write.2 + sync.2 sysarch.2 syscall.2 sysctl.2 thrkill.2 truncate.2 \ + umask.2 unlink.2 utimes.2 utrace.2 vfork.2 wait.2 write.2 diff --git a/lib/libc/sys/sysctl.2 b/lib/libc/sys/sysctl.2 new file mode 100644 index 00000000000..6aa84ea4599 --- /dev/null +++ b/lib/libc/sys/sysctl.2 @@ -0,0 +1,2257 @@ +.\" $OpenBSD: sysctl.2,v 1.1 2018/01/12 04:36:12 deraadt Exp $ +.\" +.\" Copyright (c) 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 12 2018 $ +.Dt SYSCTL 2 +.Os +.Sh NAME +.Nm sysctl +.Nd get or set system information +.Sh SYNOPSIS +.In sys/types.h +.In sys/sysctl.h +.Ft int +.Fn sysctl "const int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" "void *newp" "size_t newlen" +.Sh DESCRIPTION +The +.Fn sysctl +function retrieves system information and allows processes with +appropriate privileges to set system information. +The information available from +.Fn sysctl +consists of integers, strings, and tables. +Information may be retrieved and set using the +.Xr sysctl 8 +utility; +the variable names used by this utility are given here in parentheses. +.Pp +Unless explicitly noted below, +.Fn sysctl +returns a consistent snapshot of the data requested. +Consistency is obtained by locking the destination +buffer into memory so that the data may be copied out without blocking. +Calls to +.Fn sysctl +are serialized to avoid deadlock. +.Pp +The state is described using a +.Dq Management Information Base (MIB) +style name, listed in +.Fa name , +which is a +.Fa namelen +length array of integers. +.Pp +The information is copied into the buffer specified by +.Fa oldp . +The size of the buffer is given by the location specified by +.Fa oldlenp +before the call, +and that location gives the amount of data copied after a successful call. +If the amount of data available is greater +than the size of the buffer supplied, +the call supplies as much data as fits in the buffer provided +and returns with the error code +.Er ENOMEM . +If the old value is not desired, +.Fa oldp +and +.Fa oldlenp +should be set to +.Dv NULL . +.Pp +The size of the available data can be determined by calling +.Fn sysctl +with a +.Dv NULL +parameter for +.Fa oldp . +The size of the available data will be returned in the location pointed to by +.Fa oldlenp . +For some operations, the amount of space may change often. +For these operations, +the system attempts to round up so that the returned size is +large enough for a call to return the data shortly thereafter. +.Pp +The terminating NUL character is included in the lengths of string values. +.Pp +To set a new value, +.Fa newp +is set to point to a buffer of length +.Fa newlen +from which the requested value is to be taken. +If a new value is not to be set, +.Fa newp +should be set to +.Dv NULL +and +.Fa newlen +set to 0. +.Pp +The top level names are defined with a +.Dv CTL_ +prefix in +.In sys/sysctl.h , +and are as follows. +The next and subsequent levels down are found in the include files +listed here, and described in separate sections below. +.Bl -column "CTL_MACHDEP" "ufs/ffs/ffs_extern.h" "Description" -offset indent +.It Sy "Name" Ta Sy "Next level names" Ta Sy "Description" +.It Dv CTL_DDB Ta "ddb/db_var.h" Ta "Kernel debugger" +.It Dv CTL_DEBUG Ta "sys/sysctl.h" Ta "Debugging" +.It Dv CTL_FS Ta "sys/sysctl.h" Ta "File system" +.It Dv CTL_HW Ta "sys/sysctl.h" Ta "Generic CPU, I/O" +.It Dv CTL_KERN Ta "sys/sysctl.h" Ta "High kernel limits" +.It Dv CTL_MACHDEP Ta "sys/sysctl.h" Ta "Machine dependent" +.It Dv CTL_NET Ta "sys/socket.h" Ta "Networking" +.It Dv CTL_VFS Ta "ufs/ffs/ffs_extern.h" Ta "Virtual file system" +.It Dv CTL_VM Ta "uvm/uvm_param.h" Ta "Virtual memory" +.El +.Pp +For example, the following retrieves the maximum number of processes allowed +in the system: +.Bd -literal -offset indent +int mib[2], maxproc; +size_t len; + +mib[0] = CTL_KERN; +mib[1] = KERN_MAXPROC; +len = sizeof(maxproc); +if (sysctl(mib, 2, &maxproc, &len, NULL, 0) == -1) + err(1, "sysctl"); +.Ed +.Ss CTL_DDB +Integer information and settable variables are available for the +.Dv CTL_DDB level , +as described below. +More information is also available in +.Xr ddb 4 . +.Bl -column "Second level name" "integer" "Changeable" -offset indent +.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv DBCTL_CONSOLE Ta "integer" Ta "yes" +.It Dv DBCTL_LOG Ta "integer" Ta "yes" +.It Dv DBCTL_MAXLINE Ta "integer" Ta "yes" +.It Dv DBCTL_MAXWIDTH Ta "integer" Ta "yes" +.It Dv DBCTL_PANIC Ta "integer" Ta "yes" +.It Dv DBCTL_RADIX Ta "integer" Ta "yes" +.It Dv DBCTL_TABSTOP Ta "integer" Ta "yes" +.It Dv DBCTL_TRIGGER Ta "integer" Ta "yes" +.El +.Bl -tag -width "123456" +.It Dv DBCTL_CONSOLE Pq Va ddb.console +When this variable is set, an architecture dependent magic key sequence +on the console or a debugger button will permit entry into the kernel debugger. +When running with a +.Xr securelevel 7 +greater than 0, +this variable may not be raised. +.It Dv DBCTL_LOG Pq Va ddb.log +When set, ddb output is also logged in the kernel message buffer. +.It Dv DBCTL_MAXLINE Pq Va ddb.max_line +Determines the number of lines to page in +.Xr ddb 4 . +This variable is also available as the ddb +.Dv $lines +variable. +.It Dv DBCTL_MAXWIDTH Pq Va ddb.max_width +Determines the maximum width of a line in +.Xr ddb 4 . +This variable is also available as the ddb +.Dv $maxwidth +variable. +.It Dv DBCTL_PANIC Pq Va ddb.panic +When this variable is set, system panics may drop into the kernel debugger. +When running with a +.Xr securelevel 7 +greater than 0, +this variable may not be raised. +.It Dv DBCTL_RADIX Pq Va ddb.radix +Determines the default radix or base for non-prefixed numbers +entered into +.Xr ddb 4 . +This variable is also available as the ddb +.Dv $radix +variable. +.It Dv DBCTL_TABSTOP Pq Va ddb.tab_stop_width +Width of a tab stop in +.Xr ddb 4 . +This variable is also available as the ddb +.Dv $tabstops +variable. +.It Dv DBCTL_TRIGGER Pq Va ddb.trigger +When +.Dv DBCTL_CONSOLE +is set, +writing to +.Dv DBCTL_TRIGGER +causes the system to enter +.Xr ddb 4 . +When running with a +.Xr securelevel 7 +greater than 0, +the process writing to this variable must be running +on the console in order to enter +.Xr ddb 4 . +.El +.Ss CTL_DEBUG +The debugging variables vary from system to system. +A debugging variable may be added or deleted without need to recompile +.Fn sysctl +to know about it. +Each time it runs, +.Fn sysctl +gets the list of debugging variables from the kernel and +displays their current values. +The system defines twenty +.Li struct ctldebug +variables named +.Va debug0 +through +.Va debug19 . +They are declared as separate variables so that they can be +individually initialized at the location of their associated variable. +The loader prevents multiple use of the same variable by issuing errors +if a variable is initialized in more than one place. +For example, to export the variable +.Va dospecialcheck +as a debugging variable, the following declaration would be used: +.Bd -literal -offset indent +int dospecialcheck = 1; +struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck }; +.Ed +.Ss CTL_FS +The string and integer information available for the +.Dv CTL_FS +level is detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +.Bl -column "Second level name" "integer" "Changeable" -offset indent +.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv FS_POSIX_SETUID Ta "integer" Ta "yes" +.El +.Bl -tag -width "123456" +.It Dv FS_POSIX_SETUID Pq Va fx.posix.setuid +When this variable is set, ownership changes on a file will cause +the +.Va S_ISUID +and +.Va S_ISGID +bits to be cleared. +When running with a +.Xr securelevel 7 +greater than 0, +this variable may not be changed. +.El +.Ss CTL_HW +The string and integer information available for the +.Dv CTL_HW +level is detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +.Bl -column "Second level name" "integer" "Changeable" -offset indent +.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv HW_ALLOWPOWERDOWN Ta "integer" Ta "yes" +.It Dv HW_BYTEORDER Ta "integer" Ta "no" +.It Dv HW_CPUSPEED Ta "integer" Ta "no" +.It Dv HW_DISKCOUNT Ta "integer" Ta "no" +.It Dv HW_DISKNAMES Ta "string" Ta "no" +.It Dv HW_DISKSTATS Ta "struct" Ta "no" +.It Dv HW_MACHINE Ta "string" Ta "no" +.It Dv HW_MODEL Ta "string" Ta "no" +.It Dv HW_NCPU Ta "integer" Ta "no" +.It Dv HW_NCPUFOUND Ta "integer" Ta "no" +.It Dv HW_PAGESIZE Ta "integer" Ta "no" +.It Dv HW_PERFPOLICY Ta "string" Ta "yes" +.It Dv HW_PHYSMEM Ta "integer" Ta "no" +.It Dv HW_PHYSMEM64 Ta "int64_t" Ta "no" +.It Dv HW_PRODUCT Ta "string" Ta "no" +.It Dv HW_SENSORS Ta "node" Ta "not applicable" +.It Dv HW_SETPERF Ta "integer" Ta "yes" +.It Dv HW_USERMEM Ta "integer" Ta "no" +.It Dv HW_USERMEM64 Ta "int64_t" Ta "no" +.It Dv HW_UUID Ta "string" Ta "no" +.It Dv HW_VENDOR Ta "string" Ta "no" +.It Dv HW_VERSION Ta "string" Ta "no" +.El +.Bl -tag -width "123456" +.It Dv HW_ALLOWPOWERDOWN Pq Va hw.allowpowerdown +Some machines generate an interrupt when the power button is pressed +and a driver can catch that interrupt. +When this variable is set, such an event will cause the system to +perform a regular shutdown and power off the machine. +When running with a +.Xr securelevel 7 +greater than 0, +this variable may not be changed. +.It Dv HW_BYTEORDER Pq Va hw.byteorder +The byteorder (4321 or 1234). +.It Dv HW_CPUSPEED Pq Va hw.cpuspeed +The current CPU frequency +.Pq in MHz . +.It Dv HW_DISKCOUNT Pq Va hw.diskcount +The number of disks currently attached to the system. +.It Dv HW_DISKNAMES Pq Va hw.disknames +A comma-separated list of disk names. +.It Dv HW_DISKSTATS Pq Va hw.diskstats +An array of +.Li struct diskstats +structures containing disk statistics. +.It Dv HW_MACHINE Pq Va hw.machine +The machine class. +.It Dv HW_MODEL Pq Va hw.model +The machine model. +.It Dv HW_NCPU Pq Va hw.ncpu +The number of CPUs being used. +.It Dv HW_NCPUFOUND Pq Va hw.ncpufound +The number of CPUs found. +.It Dv HW_PAGESIZE Pq Va hw.pagesize +The software page size. +.It Dv HW_PERFPOLICY Pq Va hw.perfpolicy +The performance policy for power management. +Can be one of +.Dq manual , +.Dq auto , +or +.Dq high . +.It Dv HW_PHYSMEM +The total physical memory, in bytes. +This variable is deprecated; use +.Dv HW_PHYSMEM64 +instead. +.It Dv HW_PHYSMEM64 Pq Va hw.physmem +The total physical memory, in bytes. +.It Dv HW_PRODUCT Pq Va hw.product +The product name of the machine. +.It Dv HW_SENSORS Pq Va hw.sensors +Third level comprises an array of +.Li struct sensordev +structures containing information about devices +that may attach hardware monitoring sensors. +.Pp +Third, fourth and fifth levels together comprise an array of +.Li struct sensor +structures containing snapshot readings of hardware monitoring sensors. +In such usage, third level indicates the numerical representation +of the sensor device name to which the sensor is attached +(a device's xname and number are matched with the help of +.Li struct sensordev +structure above), +fourth level indicates sensor type and +fifth level is an ordinal sensor number (unique to +the specified sensor type on the specified sensor device). +.Pp +The +.Sy sensordev +and +.Sy sensor +structures +and +.Sy sensor_type +enumeration +are defined in +.In sys/sensors.h . +.It Dv HW_SERIALNO Pq Va hw.serialno +The serial number of the machine. +.It Dv HW_SETPERF Pq Va hw.setperf +Current CPU performance +.Pq percentage . +It is only modifiable if +.Dv HW_PERFPOLICY +is set to +.Dq manual . +.It Dv HW_USERMEM +The amount of available non-kernel memory in bytes. +This variable is deprecated; use +.Dv HW_USERMEM64 +instead. +.It Dv HW_USERMEM64 Pq Va hw.usermem +The amount of available non-kernel memory in bytes. +.It Dv HW_UUID Pq Va hw.uuid +The universal unique identification number assigned to the machine. +.It Dv HW_VENDOR Pq Va hw.vendor +The vendor name for this machine. +.It Dv HW_VERSION Pq Va hw.version +The version or revision of this machine. +.El +.Ss CTL_KERN +The string and integer information available for the +.Dv CTL_KERN +level is detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +The types of data currently available are process information, +system vnodes, the open file entries, routing table entries, +virtual memory statistics, load average history, and clock rate +information. +.Bl -column "KERN_PROC_NOBROADCASTKILL" "u_int64_t[CPUSTATES]" "no" -offset indent +.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv KERN_ALLOWKMEM Ta "integer" Ta "yes" +.It Dv KERN_ARGMAX Ta "integer" Ta "no" +.It Dv KERN_BOOTTIME Ta "struct timeval" Ta "no" +.It Dv KERN_CACHEPCT Ta "integer" Ta "yes" +.It Dv KERN_CCPU Ta "integer" Ta "no" +.It Dv KERN_CLOCKRATE Ta "struct clockinfo" Ta "no" +.It Dv KERN_CONSDEV Ta "dev_t" Ta "no" +.It Dv KERN_CPTIME Ta "long[CPUSTATES]" Ta "no" +.It Dv KERN_CPTIME2 Ta "u_int64_t[CPUSTATES]" Ta "no" +.It Dv KERN_DNSJACKPORT Ta "integer" Ta "yes" +.It Dv KERN_DOMAINNAME Ta "string" Ta "yes" +.It Dv KERN_FILE Ta "struct kinfo_file" Ta "no" +.It Dv KERN_FORKSTAT Ta "struct forkstat" Ta "no" +.It Dv KERN_FSCALE Ta "integer" Ta "no" +.It Dv KERN_FSYNC Ta "integer" Ta "no" +.It Dv KERN_GLOBAL_PTRACE Ta "integer" Ta "yes" +.It Dv KERN_HOSTID Ta "integer" Ta "yes" +.It Dv KERN_HOSTNAME Ta "string" Ta "yes" +.It Dv KERN_INTRCNT Ta "node" Ta "not applicable" +.It Dv KERN_JOB_CONTROL Ta "integer" Ta "no" +.It Dv KERN_MALLOCSTATS Ta "node" Ta "no" +.It Dv KERN_MAXCLUSTERS Ta "integer" Ta "yes" +.It Dv KERN_MAXFILES Ta "integer" Ta "yes" +.It Dv KERN_MAXLOCKSPERUID Ta "integer" Ta "yes" +.It Dv KERN_MAXPARTITIONS Ta "integer" Ta "no" +.It Dv KERN_MAXPROC Ta "integer" Ta "yes" +.It Dv KERN_MAXTHREAD Ta "integer" Ta "yes" +.It Dv KERN_MAXVNODES Ta "integer" Ta "yes" +.It Dv KERN_MBSTAT Ta "struct mbstat" Ta "no" +.It Dv KERN_MSGBUF Ta "char[]" Ta "no" +.It Dv KERN_MSGBUFSIZE Ta "integer" Ta "no" +.It Dv KERN_NCHSTATS Ta "struct nchstats" Ta "no" +.It Dv KERN_NFILES Ta "integer" Ta "no" +.It Dv KERN_NGROUPS Ta "integer" Ta "no" +.It Dv KERN_NOSUIDCOREDUMP Ta "integer" Ta "yes" +.It Dv KERN_NPROCS Ta "integer" Ta "no" +.It Dv KERN_NSELCOLL Ta "integer" Ta "no" +.It Dv KERN_NTHREADS Ta "integer" Ta "no" +.It Dv KERN_NUMVNODES Ta "integer" Ta "no" +.It Dv KERN_OSRELEASE Ta "string" Ta "no" +.It Dv KERN_OSREV Ta "integer" Ta "no" +.It Dv KERN_OSTYPE Ta "string" Ta "no" +.It Dv KERN_OSVERSION Ta "string" Ta "no" +.It Dv KERN_POSIX1 Ta "integer" Ta "no" +.It Dv KERN_PROC Ta "struct kinfo_proc" Ta "no" +.It Dv KERN_PROC_ARGS Ta "node" Ta "not applicable" +.It Dv KERN_PROC_CWD Ta "string" Ta "not applicable" +.It Dv KERN_PROC_NOBROADCASTKILL Ta "node" Ta "not applicable" +.It Dv KERN_PROC_VMMAP Ta "struct kinfo_vmentry" Ta "no" +.It Dv KERN_PROF Ta "node" Ta "not applicable" +.It Dv KERN_RAWPARTITION Ta "integer" Ta "no" +.It Dv KERN_SAVED_IDS Ta "integer" Ta "no" +.It Dv KERN_SECURELVL Ta "integer" Ta "raise only" +.It Dv KERN_SEMINFO Ta "node" Ta "not applicable" +.It Dv KERN_SHMINFO Ta "node" Ta "not applicable" +.It Dv KERN_SOMAXCONN Ta "integer" Ta "yes" +.It Dv KERN_SOMINCONN Ta "integer" Ta "yes" +.It Dv KERN_SPLASSERT Ta "int" Ta "yes" +.It Dv KERN_STACKGAPRANDOM Ta "integer" Ta "yes" +.It Dv KERN_SYSVIPC_INFO Ta "node" Ta "not applicable" +.It Dv KERN_SYSVMSG Ta "integer" Ta "no" +.It Dv KERN_SYSVSEM Ta "integer" Ta "no" +.It Dv KERN_SYSVSHM Ta "integer" Ta "no" +.It Dv KERN_TIMECOUNTER Ta "node" Ta "not applicable" +.It Dv KERN_TTY Ta "node" Ta "not applicable" +.It Dv KERN_TTYCOUNT Ta "integer" Ta "no" +.It Dv KERN_VERSION Ta "string" Ta "no" +.It Dv KERN_WATCHDOG Ta "node" Ta "not applicable" +.It Dv KERN_WXABORT Ta "integer" Ta "yes" +.El +.Bl -tag -width "123456" +.It Dv KERN_ALLOWKMEM Pq Va kern.allowkmem +Allow userland processes access to +.Pa /dev/mem +and +.Pa /dev/kmem . +When running with a +.Xr securelevel 7 +greater than 0, +this variable may not be changed. +.It Dv KERN_ARGMAX Pq Va kern.argmax +The maximum number of bytes allowed among the arguments to +.Xr exec 3 . +.It Dv KERN_BOOTTIME Pq Va kern.boottime +A +.Li struct timeval +structure is returned. +This structure contains the time that the system was booted. +.It Dv KERN_CACHEPCT Pq Va kern.bufcachepercent +The maximum percentage of physical memory the buffer cache may use; +the default is 20%. +.It Dv KERN_CCPU Pq Va kern.ccpu +The scheduler exponential decay value. +.It Dv KERN_CLOCKRATE Pq Va kern.clockrate +A +.Li struct clockinfo +structure is returned. +This structure contains the clock, statistics clock and profiling clock +frequencies, the number of micro-seconds per hz tick, and the clock +skew rate. +.It Dv KERN_CONSDEV Pq Va kern.consdev +The console device. +.It Dv KERN_CPTIME Pq Va kern.cp_time +An array of longs of size +.Li CPUSTATES +is returned, containing statistics about the number of ticks spent by +the system in interrupt processing, user processes +.Po +.Xr nice 1 +or normal +.Pc , +system processing, or idling. +.It Dv KERN_CPTIME2 Pq Va kern.cp_time2 +Similar to +.Dv KERN_CPTIME , +but obtains information from only the single CPU specified by the +third level name given. +.It Dv KERN_DNSJACKPORT Pq Va kern.dnsjackport +When non-zero, the localhost port to which all DNS sockets should be +redirected. +.It Dv KERN_DOMAINNAME Pq Va kern.domainname +Get or set the YP domain name. +.It Dv KERN_FILE Pq Va kern.file +Return the entire file table, or a subset of it. +An array of +.Li struct kinfo_file +structures is returned, +whose size depends on the current number of selected files in the system. +The third and fourth level names are as follows: +.Bl -column "Third level name" "Fourth level is:" -offset indent +.It Sy "Third level name" Ta Sy "Fourth level is:" +.It Dv KERN_FILE_BYFILE Ta "A file type" +.It Dv KERN_FILE_BYPID Ta "A process ID" +.It Dv KERN_FILE_BYUID Ta "A user ID" +.El +.Pp +The fifth level name is the size of the +.Li struct kinfo_file +and the sixth level name is the number of structures to return. +.It Dv KERN_FORKSTAT Pq Va kern.forkstat +A +.Li struct forkstat +structure is returned. +This structure contains information about the number of +.Xr fork 2 , +.Xr vfork 2 , +and +.Xr __tfork 3 +system calls as well as kernel thread creations since system startup, +and the number of pages of virtual memory involved in each. +.It Dv KERN_FSCALE Pq Va kern.fscale +The kernel fixed-point scale factor. +.It Dv KERN_FSYNC Pq Va kern.fsync +Return 1 if the File Synchronisation Option is available on this system, +otherwise 0. +.It Dv KERN_GLOBAL_PTRACE Pq Va kern.global_ptrace +When set to 1, permit +.Xr ptrace 2 +to attach to any process with the appropriate privileges. +When set to 0, processes may only attach to their own descendants. +.It Dv KERN_HOSTID Pq Va kern.hostid +Get or set the host ID. +.It Dv KERN_HOSTNAME Pq Va kern.hostname +Get or set the hostname. +.It Dv KERN_JOB_CONTROL Pq Va kern.job_control +Return 1 if job control is available on this system, otherwise 0. +.It Dv KERN_MALLOCSTATS Pq Va kern.malloc +Return kernel memory bucket statistics. +The third level names are detailed below. +There are no changeable values in this branch. +.Bl -column "KERN_MALLOC_KMEMNAMES" "string" -offset indent +.It Sy "Third level name" Ta Sy "Type" +.It Dv KERN_MALLOC_BUCKET Ta "node" +.It Dv KERN_MALLOC_BUCKETS Ta "string" +.It Dv KERN_MALLOC_KMEMNAMES Ta "string" +.It Dv KERN_MALLOC_KMEMSTATS Ta "node" +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Dv KERN_MALLOC_BUCKET. Pq Va kern.malloc.bucket +A node containing the statistics for the memory bucket of the +specified size (in decimal notation, the number of bytes per bucket +element, e.g., 16, 32, 128). +Each node returns a +.Li struct kmembuckets . +.Pp +If a value is specified that does not correspond directly to a +bucket size, the statistics for the closest larger bucket size will be +returned instead. +.Pp +Note that bucket sizes are typically powers of 2. +.It Dv KERN_MALLOC_BUCKETS Pq Va kern.malloc.buckets +Return a comma-separated list of the bucket sizes used by the kernel. +.It Dv KERN_MALLOC_KMEMNAMES Pq Va kern.malloc.kmemnames +Return a comma-separated list of the names of the kernel +.Xr malloc 9 +types. +.It Dv KERN_MALLOC_KMEMSTATS Pq Va kern.malloc.kmemstat +A node containing the statistics for the memory types of the specified +name. +Each node returns a +.Li struct kmemstats . +.El +.It Dv KERN_MAXCLUSTERS Pq Va kern.maxclusters +The maximum number of +.Xr mbuf 9 +clusters that may be allocated. +.It Dv KERN_MAXFILES Pq Va kern.maxfiles +The maximum number of open files that may be open in the system. +.It Dv KERN_MAXLOCKSPERUID Pq Va kerb.maxlocksperuid +The maximum number of file locks per user; +the default is 1024. +.It Dv KERN_MAXPARTITIONS Pq Va kern.maxpartitions +The maximum number of partitions allowed per disk. +.It Dv KERN_MAXPROC Pq Va kern.maxproc +The maximum number of simultaneous processes the system will allow. +.It Dv KERN_MAXTHREAD Pq Va kern.maxthread +The maximum number of simultaneous threads the system will allow. +.It Dv KERN_MAXVNODES Pq Va kern.maxvnodes +The maximum number of vnodes available on the system. +.It Dv KERN_MBSTAT Pq Va kern.mbstat +A +.Li struct mbstat +structure is returned, containing statistics on +.Xr mbuf 9 +usage. +.It Dv KERN_MSGBUF Pq Va kern.msgbuf +Returns a buffer containing kernel log messages; +see +.Xr dmesg 8 . +.It Dv KERN_MSGBUFSIZE Pq Va kern.msgbufsize +The size of the kernel message buffer. +.It Dv KERN_NCHSTATS Pq Va kern.nchstats +A +.Li struct nchstats +structure is returned. +This structure contains information about the +filename to +.Xr inode 5 +mapping cache. +.It Dv KERN_NFILES Pq Va kern.nfiles +Number of open files. +.It Dv KERN_NGROUPS Pq Va kern.ngroups +The maximum number of supplemental groups. +.It Dv KERN_NOSUIDCOREDUMP Pq Va kern.nosuidcoredump +Whether a process may dump core after changing user or group ID: +.Bl -column "value" "condition" "current directory" +.It Sy "value" Ta Sy "condition" Ta Sy "dump core to" +.It 0 Ta "euid == 0" Ta "current directory" +.It 1 Ta "never" Ta "" +.It 2 Ta "always" Ta Pa "/var/crash" +.It 3 Ta "depends" Ta Pa "/var/crash/$programname/" +.El +.It Dv KERN_NPROCS Pq Va kern.nprocs +The number of entries in the kernel process table. +.It Dv KERN_NSELCOLL Pq Va kern.nselcoll +Number of +.Xr select 2 +collisions. +.It Dv KERN_NTHREADS Pq Va kern.nthreads +The number of entries in the kernel thread table. +.It Dv KERN_NUMVNODES Pq Va kern.numvnodes +Number of vnodes in use. +.It Dv KERN_OSRELEASE Pq Va kern.osrelease +The system release string. +.It Dv KERN_OSREV Pq Va kern.osrevision +The system revision number. +.It Dv KERN_OSTYPE Pq Va kern.ostype +The system type string. +.It Dv KERN_OSVERSION Pq Va kern.osversion +The kernel build version. +.It Dv KERN_POSIX1 Pq Va kern.posix1version +The version of ISO/IEC 9945 (POSIX 1003.1) with which the system +attempts to comply. +.It Dv KERN_PROC Pq Va kern.proc +Return the entire process table, or a subset of it. +An array of +.Li struct kinfo_proc +structures is returned, +whose size depends on the current number of selected processes in the system. +The third and fourth level names are as follows: +.Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent +.It Sy "Third level name" Ta Sy "Fourth level is:" +.It Dv KERN_PROC_ALL Ta "None" +.It Dv KERN_PROC_KTHREAD Ta "A kernel thread" +.It Dv KERN_PROC_PID Ta "A process ID" +.It Dv KERN_PROC_PGRP Ta "A process group" +.It Dv KERN_PROC_RUID Ta "A real user ID" +.It Dv KERN_PROC_SESSION Ta "A session PID" +.It Dv KERN_PROC_TTY Ta "A tty device" +.It Dv KERN_PROC_UID Ta "A user ID" +.El +.Pp +The fifth level name is the size of the +.Li struct kinfo_proc +and the sixth level name is the number of structures to return. +.It Dv KERN_PROC_ARGS Pq Va kern.procargs +Returns the arguments or environment of a process. +The third level name is the PID of the process. +The fourth level name is one of: +.Bl -column KERN_PROC_NARGV -offset indent +.It Dv KERN_PROC_ARGV +.It Dv KERN_PROC_ENV +.It Dv KERN_PROC_NARGV +.It Dv KERN_PROC_NENV +.El +.Pp +.Dv KERN_PROC_NARGV +and +.Dv KERN_PROC_NENV +return the number of elements as an +.Vt int +in the argv or env array. +.Dv KERN_PROC_ARGV +returns the argv array and +.Dv KERN_PROC_ENV +returns the environ array. +The buffer pointed to by +.Fa oldp +is filled with an array of char pointers +followed by the strings themselves. +The last char pointer is a +.Dv NULL +pointer. +.It Dv KERN_PROC_CWD Pq Va kern.proc_cwd +Return the current working directory of a process. +The third level name is the target process ID. +A NUL-terminated string is returned. +.It Dv KERN_PROC_NOBROADCASTKILL Pq Va kern.proc_nobroadcastkill +When set, a process will no longer be signaled when sending broadcast signals. +The third level name is the target process ID. +.It Dv KERN_PROC_VMMAP Pq Va kern.proc_vmmap +Return the entire process VM map entries. +An array of +.Li struct kinfo_vmentry +structures is returned, +whose size depends on the current number of VM map entries of the selected process. +Iteration is possible by setting the base address in the first element of +.Li struct kinfo_vmentry . +.It Dv KERN_PROF Pq Va kern.profiling +Return profiling information about the kernel. +If the kernel is not compiled for profiling, +attempts to retrieve any of the +.Dv KERN_PROF +values will fail with +.Er EOPNOTSUPP . +The third level names for the string and integer profiling information +are detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +.Bl -column "Third level name" "struct gmonparam" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv GPROF_COUNT Ta "u_short[]" Ta "yes" +.It Dv GPROF_FROMS Ta "u_short[]" Ta "yes" +.It Dv GPROF_GMONPARAM Ta "struct gmonparam" Ta "no" +.It Dv GPROF_STATE Ta "integer" Ta "yes" +.It Dv GPROF_TOS Ta "struct tostruct" Ta "yes" +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Dv GPROF_COUNT +Array of statistical program counter counts. +.It Dv GPROF_FROMS +Array indexed by program counter of call-from points. +.It Dv GPROF_GMONPARAM +Structure giving the sizes of the above arrays. +.It Dv GPROF_STATE +Returns +.Dv GMON_PROF_ON +or +.Dv GMON_PROF_OFF +to show that profiling is running or stopped. +.It Dv GPROF_TOS +Array of +.Li struct tostruct +describing destination of calls and their counts. +.El +.It Dv KERN_RAWPARTITION Pq Va kern.rawpartition +The raw partition of a disk (a == 0). +.It Dv KERN_SAVED_IDS Pq Va kern.saved_ids +Returns 1 if saved set-group-ID and saved set-user-ID are available. +.It Dv KERN_SECURELVL Pq Va kern.securelevel +The system security level. +This level may be raised by processes with appropriate privileges. +It may only be lowered by process 1. +.It Dv KERN_SEMINFO Pq Va kern.seminfo +Return the elements of +.Li struct seminfo . +If the kernel is not compiled with System V style semaphore support, +attempts to retrieve any of the +.Dv KERN_SEMINFO +values will fail with +.Er EOPNOTSUPP . +The third level names for the elements of +.Li struct seminfo +are detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +.Bl -column "KERN_SEMINFO_SEMMNI" "integer" "Changeable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv KERN_SEMINFO_SEMAEM Ta "integer" Ta "no" +.It Dv KERN_SEMINFO_SEMMNI Ta "integer" Ta "yes" +.It Dv KERN_SEMINFO_SEMMNS Ta "integer" Ta "yes" +.It Dv KERN_SEMINFO_SEMMNU Ta "integer" Ta "yes" +.It Dv KERN_SEMINFO_SEMMSL Ta "integer" Ta "yes" +.It Dv KERN_SEMINFO_SEMOPM Ta "integer" Ta "yes" +.It Dv KERN_SEMINFO_SEMUME Ta "integer" Ta "no" +.It Dv KERN_SEMINFO_SEMUSZ Ta "integer" Ta "no" +.It Dv KERN_SEMINFO_SEMVMX Ta "integer" Ta "no" +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Dv KERN_SEMINFO_SEMAEM Pq Va kern.seminfo.semaem +The adjust on exit maximum value. +.It Dv KERN_SEMINFO_SEMMNI Pq Va kern.seminfo.semni +The maximum number of semaphore identifiers allowed. +.It Dv KERN_SEMINFO_SEMMNS Pq Va kern.seminfo.semmns +The maximum number of semaphores allowed in the system. +.It Dv KERN_SEMINFO_SEMMNU Pq Va kern.seminfo.semnu +The maximum number of semaphore undo structures allowed in the system. +.It Dv KERN_SEMINFO_SEMMSL Pq Va kern.seminfo.semmsl +The maximum number of semaphores allowed per ID. +.It Dv KERN_SEMINFO_SEMOPM Pq Va kern.seminfo.semopm +The maximum number of operations per +.Xr semop 2 +call. +.It Dv KERN_SEMINFO_SEMUME Pq Va kern.seminfo.semume +The maximum number of undo entries per process. +.It Dv KERN_SEMINFO_SEMUSZ Pq Va kern.seminfo.semusz +The size (in bytes) of the undo structure. +.It Dv KERN_SEMINFO_SEMVMX Pq Va kern.seminfo.semvmx +The semaphore maximum value. +.El +.It Dv KERN_SHMINFO Pq Va kern.shminfo +Return the elements of +.Li struct shminfo . +If the kernel is not compiled with System V style shared memory support, +attempts to retrieve any of the +.Dv KERN_SHMINFO +values will fail with +.Er EOPNOTSUPP . +The third level names for the elements of +.Li struct shminfo +are detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +.Bl -column "KERN_SHMINFO_SHMMAX" "integer" "Changeable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv KERN_SHMINFO_SHMALL Ta "integer" Ta "yes" +.It Dv KERN_SHMINFO_SHMMAX Ta "integer" Ta "yes" +.It Dv KERN_SHMINFO_SHMMIN Ta "integer" Ta "yes" +.It Dv KERN_SHMINFO_SHMMNI Ta "integer" Ta "yes" +.It Dv KERN_SHMINFO_SHMSEG Ta "integer" Ta "yes" +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Dv KERN_SHMINFO_SHMALL Pq Va kern.shminfo.shmall +The maximum amount of total shared memory allowed in the system (in pages). +.It Dv KERN_SHMINFO_SHMMAX Pq Va kern.shminfo.shmmax +The maximum shared memory segment size (in bytes). +.It Dv KERN_SHMINFO_SHMMIN Pq Va kern.shminfo.shmmin +The minimum shared memory segment size (in bytes). +.It Dv KERN_SHMINFO_SHMMNI Pq Va kern.shminfo.shmmni +The maximum number of shared memory identifiers in the system. +.It Dv KERN_SHMINFO_SHMSEG Pq Va kern.shminfo.shmseg +The maximum number of shared memory segments per process. +.El +.It Dv KERN_SOMAXCONN Pq Va kern.somaxconn +Upper bound on the number of half-open connections a process can allow +to be associated with a socket, using +.Xr listen 2 . +The default value is 128. +.It Dv KERN_SOMINCONN Pq Va kern.sominconn +Lower bound on the number of half-open connections a process can allow +to be associated with a socket, using +.Xr listen 2 . +The default value is 80. +.It Dv KERN_SPLASSERT Pq Va kern.splassert +Modify the system interrupt priority level. +Valid values are: +.Pp +.Bl -tag -width 3n -offset indent -compact +.It 0 +Disable error checking. +.It 1 +Print a message if an error is detected. +.It 2 +Print a message if an error is detected, +and a stack trace if possible. +.It 3 +The same as 2, but also drop into the kernel debugger. +.El +.Pp +Any other value causes a system panic on errors. +See +.Xr splassert 9 +for more information. +.It Dv KERN_STACKGAPRANDOM Pq Va kern.stackgap_random +Sets the range of the random value added to the stack pointer on each +program execution. +The random value is added to make buffer overflow exploitation slightly +harder. +The bigger the number, the harder it is to brute force this added protection, +but it also means bigger waste of memory. +.It Li KERN_SYSVIPC_INFO Pq Va kern.sysvipc_info +Return System V style IPC configuration and run-time information. +The third level name selects the System V style IPC facility. +.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent +.It Sy "Third level name" Ta Sy "Type" +.It Dv KERN_SYSVIPC_MSG_INFO Ta "struct msg_sysctl_info" +.It Dv KERN_SYSVIPC_SEM_INFO Ta "struct sem_sysctl_info" +.It Dv KERN_SYSVIPC_SHM_INFO Ta "struct shm_sysctl_info" +.El +.Bl -tag -width "123456" +.It Dv KERN_SYSVIPC_MSG_INFO +Return information on the System V style message facility. +The +.Sy msg_sysctl_info +structure is defined in +.In sys/msg.h . +.It Dv KERN_SYSVIPC_SEM_INFO +Return information on the System V style semaphore facility. +The +.Sy sem_sysctl_info +structure is defined in +.In sys/sem.h . +.It Dv KERN_SYSVIPC_SHM_INFO +Return information on the System V style shared memory facility. +The +.Sy shm_sysctl_info +structure is defined in +.In sys/shm.h . +.El +.It Dv KERN_SYSVMSG Pq Va kern.sysvmsg +Returns 1 if System V style message queue functionality is available on this +system, otherwise 0. +.It Dv KERN_SYSVSEM Pq Va kern.sysvem +Returns 1 if System V style semaphore functionality is available on this +system, otherwise 0. +.It Dv KERN_SYSVSHM Pq Va kern.sysvshm +Returns 1 if System V style shared memory functionality is available on this +system, otherwise 0. +.It Dv KERN_TIMECOUNTER Pq Va kern.timecounter +Return statistics information about the kernel time counter. +The third level names information is detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +.Bl -column "KERN_TIMECOUNTER_TIMESTEPWARNINGS" "integer" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv KERN_TIMECOUNTER_CHOICE Ta "string" Ta "no" +.It Dv KERN_TIMECOUNTER_HARDWARE Ta "string" Ta "yes" +.It Dv KERN_TIMECOUNTER_TICK Ta "integer" Ta "no" +.It Dv KERN_TIMECOUNTER_TIMESTEPWARNINGS Ta "integer" Ta "yes" +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Dv KERN_TIMECOUNTER_CHOICE Pq Va kern.timecounter.choice +Get the list of kernel time counter sources and their claimed +quality (higher is better). +.It Dv KERN_TIMECOUNTER_HARDWARE Pq Va kern.timecounter.hardware +Get or set the kernel time counter source by name. +.It Dv KERN_TIMECOUNTER_TICK Pq Va kern.timecounter.tick +Get the number of times we have reset the kernel time counter +information. +.It Dv KERN_TIMECOUNTER_TIMESTEPWARNINGS Pq Va kern.timecounter.timestepwarnings +Get or set a flag to log a message when the kernel time is +stepped. +.El +.It Dv KERN_TTY Pq Va kern.tty +Return statistics information about tty input/output. +The third level names information is detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +.Bl -column "KERN_TTY_TKRAWCC" "struct itty" "Changeable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv KERN_TTY_INFO Ta "struct itty" Ta "no" +.It Dv KERN_TTY_TKCANCC Ta "int64_t" Ta "no" +.It Dv KERN_TTY_TKNIN Ta "int64_t" Ta "no" +.It Dv KERN_TTY_TKNOUT Ta "int64_t" Ta "no" +.It Dv KERN_TTY_TKRAWCC Ta "int64_t" Ta "no" +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Dv KERN_TTY_INFO Pq Va kern.tty.ttyinfo +Returns an array of +.Li struct itty +structures containing tty statistics. +.It Dv KERN_TTY_TKCANCC Pq Va kern.tty.tk_cancc +Returns the number of input characters in canonical mode. +.It Dv KERN_TTY_TKNIN Pq Va kern.tty.tk_nin +Returns the number of input characters from a +.Xr tty 4 . +.It Dv KERN_TTY_TKNOUT Pq Va kern.tty.tk_nout +Returns the number of output characters on a +.Xr tty 4 . +.It Dv KERN_TTY_TKRAWCC Pq Va kern.tty.tk_rawcc +Returns the number of input characters in raw mode. +.El +.It Dv KERN_TTYCOUNT Pq Va kern.ttycount +Number of available +.Xr tty 4 +devices. +.It Dv KERN_VERSION Pq Va kern.version +The system version string. +.It Dv KERN_WATCHDOG Pq Va kern.watchdog +Return information on hardware watchdog timers. +If the kernel does not support a hardware watchdog timer, +attempts to retrieve or set any of the +.Dv KERN_WATCHDOG +values will fail with +.Er EOPNOTSUPP . +.Bl -column "KERN_WATCHDOG_PERIOD" "integer" "Changeable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv KERN_WATCHDOG_AUTO Ta "integer" Ta "yes" +.It Dv KERN_WATCHDOG_PERIOD Ta "integer" Ta "yes" +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Dv KERN_WATCHDOG_AUTO Pq Va kern.watchdog.auto +If set to 1, the kernel refreshes the watchdog timer periodically. +If set to 0, a userland process must ensure that the watchdog timer +gets refreshed by setting the +.Dv KERN_WATCHDOG_PERIOD +variable. +.It Dv KERN_WATCHDOG_PERIOD Pq Va kern.watchdog.period +The period of the watchdog timer in seconds. +Set to 0 to disable the watchdog timer. +.El +.It Dv KERN_WXABORT Pq Va kern.wxabort +Generate an abort, +rather than returning an error, +on W^X violation. +.El +.Ss CTL_MACHDEP +The set of variables defined is architecture dependent. +Most architectures define at least the following variables. +.Bl -column "Second level name" "dev_t" "Changeable" -offset indent +.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv CPU_CONSDEV Ta "dev_t" Ta "no" +.El +.Pp +Consult the example file +.Pa /etc/examples/sysctl.conf +for a non-exhaustive list of +.Li machdep +variables. +.Ss CTL_NET +The string and integer information available for the +.Dv CTL_NET +level is detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +.Bl -column "Second level name" "routing messages" "Changeable" -offset indent +.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv PF_ROUTE Ta "routing messages" Ta "no" +.It Dv PF_INET Ta "IPv4 values" Ta "yes" +.It Dv PF_INET6 Ta "IPv6 values" Ta "yes" +.It Dv PF_KEY Ta "key management" Ta "no" +.It Dv PF_MPLS Ta "MPLS values" Ta "yes" +.It Dv PF_PIPEX Ta "PIPEX values" Ta "yes" +.El +.Bl -tag -width "123456" +.It Dv PF_ROUTE +Return the entire routing table or a subset of it. +The data is returned as a sequence of routing messages (see +.Xr route 4 +for the header file, format, and meaning). +The length of each message is contained in the message header. +.Pp +The third level name is a protocol number, which is currently always 0. +The fourth level name is an address family, which may be set to 0 to +select all address families. +The fifth and sixth level names are as follows: +.Bl -column "Fifth level name" "Sixth level is:" -offset indent +.It Sy "Fifth level name" Ta Sy "Sixth level is:" +.It Dv NET_RT_DUMP Ta "priority" +.It Dv NET_RT_FLAGS Ta "rtflags" +.It Dv NET_RT_IFLIST Ta "None" +.It Dv NET_RT_IFNAMES Ta "None" +.It Dv NET_RT_STATS Ta "None" +.El +.Bl -tag -width "123456" +.It Li NET_RT_DUMP +If set to 0, show all routes. +If set to any number, show all routes with that number priority. +If set to a negative number, show routes that do not have the positive +priority value. +.El +.Pp +An optional seventh level name can be provided to select the routing table +on which to run the operation. +If not provided, the table with ID 0 is used. +.It Dv PF_INET +Get or set various global information about IPv4 +.Pq Internet Protocol version 4 . +The third level name is the protocol. +The fourth level name is the variable name. +The currently defined protocols and names are: +.Bl -column "Protocol name" "ipsec-expire-acquire" "structure" "Changeable" -offset 2n +.It Sy "Protocol name" Ta Sy "Variable name" Ta Sy "Type" Ta Sy "Changeable" +.It ah Ta enable Ta integer Ta yes +.It bpf Ta bufsize Ta integer Ta yes +.It bpf Ta maxbufsize Ta integer Ta yes +.It carp Ta allow Ta integer Ta yes +.It carp Ta log Ta integer Ta yes +.It carp Ta preempt Ta integer Ta yes +.It divert Ta recvspace Ta integer Ta yes +.It divert Ta sendspace Ta integer Ta yes +.It esp Ta enable Ta integer Ta yes +.It esp Ta udpencap Ta integer Ta yes +.It esp Ta udpencap_port Ta integer Ta yes +.It etherip Ta allow Ta integer Ta yes +.It gre Ta allow Ta integer Ta yes +.It gre Ta wccp Ta integer Ta yes +.It icmp Ta bmcastecho Ta integer Ta yes +.It icmp Ta errppslimit Ta integer Ta yes +.It icmp Ta maskrepl Ta integer Ta yes +.It icmp Ta rediraccept Ta integer Ta yes +.It icmp Ta redirtimeout Ta integer Ta yes +.It icmp Ta stats Ta structure Ta no +.It icmp Ta tstamprepl Ta integer Ta yes +.It ip Ta arpdown Ta integer Ta yes +.It ip Ta arptimeout Ta integer Ta yes +.It ip Ta directed-broadcast Ta integer Ta yes +.It ip Ta encdebug Ta integer Ta yes +.It ip Ta forwarding Ta integer Ta yes +.It ip Ta ifq Ta node Ta "N/A" +.It ip Ta ipsec-allocs Ta integer Ta yes +.It ip Ta ipsec-auth-alg Ta string Ta yes +.It ip Ta ipsec-bytes Ta integer Ta yes +.It ip Ta ipsec-comp-alg Ta string Ta yes +.It ip Ta ipsec-enc-alg Ta string Ta yes +.It ip Ta ipsec-expire-acquire Ta integer Ta yes +.It ip Ta ipsec-firstuse Ta integer Ta yes +.It ip Ta ipsec-invalid-life Ta integer Ta yes +.It ip Ta ipsec-pfs Ta integer Ta yes +.It ip Ta ipsec-soft-allocs Ta integer Ta yes +.It ip Ta ipsec-soft-bytes Ta integer Ta yes +.It ip Ta ipsec-soft-firstuse Ta integer Ta yes +.It ip Ta ipsec-soft-timeout Ta integer Ta yes +.It ip Ta ipsec-timeout Ta integer Ta yes +.It ip Ta maxqueue Ta integer Ta yes +.It ip Ta mforwarding Ta integer Ta yes +.It ip Ta mtudisc Ta integer Ta yes +.It ip Ta mtudisctimeout Ta integer Ta yes +.It ip Ta multipath Ta integer Ta yes +.It ip Ta portfirst Ta integer Ta yes +.It ip Ta porthifirst Ta integer Ta yes +.It ip Ta porthilast Ta integer Ta yes +.It ip Ta portlast Ta integer Ta yes +.It ip Ta redirect Ta integer Ta yes +.It ip Ta sourceroute Ta integer Ta yes +.It ip Ta stats Ta structure Ta no +.It ip Ta ttl Ta integer Ta yes +.It ipcomp Ta enable Ta integer Ta yes +.It ipip Ta allow Ta integer Ta yes +.It mobileip Ta allow Ta integer Ta yes +.It tcp Ta ackonpush Ta integer Ta yes +.It tcp Ta always_keepalive Ta integer Ta yes +.It tcp Ta baddynamic Ta array Ta yes +.It tcp Ta ecn Ta integer Ta yes +.It tcp Ta ident Ta structure Ta no +.It tcp Ta keepidle Ta integer Ta yes +.It tcp Ta keepinittime Ta integer Ta yes +.It tcp Ta keepintvl Ta integer Ta yes +.It tcp Ta mssdflt Ta integer Ta yes +.It tcp Ta reasslimit Ta integer Ta yes +.It tcp Ta rfc1323 Ta integer Ta yes +.It tcp Ta rfc3390 Ta integer Ta yes +.It tcp Ta rootonly Ta array Ta yes +.It tcp Ta rstppslimit Ta integer Ta yes +.It tcp Ta sack Ta integer Ta yes +.It tcp Ta slowhz Ta integer Ta no +.It tcp Ta stats Ta structure Ta no +.It tcp Ta synbucketlimit Ta integer Ta yes +.It tcp Ta syncachelimit Ta integer Ta yes +.It tcp Ta synhashsize Ta integer Ta yes +.It tcp Ta synuselimit Ta integer Ta yes +.It udp Ta baddynamic Ta array Ta yes +.It udp Ta checksum Ta integer Ta yes +.It udp Ta recvspace Ta integer Ta yes +.It udp Ta rootonly Ta array Ta yes +.It udp Ta sendspace Ta integer Ta yes +.It udp Ta stats Ta structure Ta no +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li ah.enable Pq Va net.inet.ah.enable +If set to 1, enable the Authentication Header +.Pq AH +IPsec protocol. +Enabled by default. +See +.Xr ipsec 4 +for more information. +.It Li bpf.bufsize Pq Va net.bpf.bufsize +The initial size of +.Xr bpf 4 +buffers. +.It Li bpf.maxbufsize Pq Va net.bpf.maxbufsize +The maximum size a user may request a +.Xr bpf 4 +buffer to be. +.It Li carp.allow Pq Va net.inet.carp.allow +If set to 0, incoming +.Xr carp 4 +packets will not be processed. +If set to any other value, processing will occur. +Enabled by default. +.It Li carp.log Pq Va net.inet.carp.log +Controls the verbosity of +.Xr carp 4 +logging. +May be a value between 0 and 7 corresponding with +.Xr syslog 3 +priorities. +The default value is 2. +.It Li carp.preempt Pq Va net.inet.carp.preempt +If set to 0, +.Xr carp 4 +will not attempt to become master if it is receiving advertisements from +another active master. +If set to any other value, carp will become master of the virtual host if it +believes it can send advertisements more frequently than the current master. +Disabled by default. +.It Li divert.recvspace Pq Va net.inet.divert.recvspace +Returns the default divert receive buffer size. +.It Li divert.sendspace Pq Va net.inet.divert.sendspace +Returns the default divert send buffer size. +.It Li esp.enable Pq Va net.inet.esp.enable +If set to 1, enable the Encapsulating Security Payload +.Pq ESP +IPsec protocol. +Enabled by default. +See +.Xr ipsec 4 +for more information. +.It Li esp.udpencap Pq Va net.inet.esp.udpencap +If set to 1, enable processing of UDP encapsulated ESP packets. +Enabled by default. +.It Li esp.udpencap_port Pq Va net.inet.udpencap_port +Contains the value of the UDP port that triggers +decapsulation for incoming UDP encapsulated ESP packets. +The default port is 4500. +.It Li etherip.allow Pq Va net.inet.etherip.allow +If set to 0, incoming Ethernet-in-IPv4 packets will not be processed. +If set to any other value, processing will occur. +.It Li gre.allow Pq Va net.inet.gre.allow +If set to 0, incoming GRE packets will not be processed. +If set to any other value, processing will occur. +.It Li gre.wccp Pq Va net.inet.gre.wccp +If set to 0, incoming WCCPv1-style GRE packets will not be processed. +If set to any other value, and gre.allow allows GRE packet processing, +WCCPv1-style GRE packets will be processed. +.It Li icmp.bmcastecho Pq Va net.inet.icmp.bmcastecho +If set to 1, respond to ICMP echo requests destined for +broadcast and multicast addresses. +Note, enabling this could open a system to a type of denial of service attack +called +.Qq smurfing , +and is thus not advised. +.It Li icmp.errppslimit Pq Va net.inet.icmp.errppslimit +This variable specifies the maximum number of outgoing ICMP error messages +per second. +ICMP error messages exceeding this value are subject to rate limitation +and will not go out from the node. +A negative value disables rate limitation. +.It Li icmp.maskrepl Pq Va kern.inet.icmp.maskrepl +Returns 1 if ICMP network mask requests are to be answered. +.It Li icmp.rediraccept Pq Va kern.inet.icmp.rediraccept +If set to non-zero, the host will accept ICMP redirect packets. +Note that routers will never accept ICMP redirect packets, +and the variable is meaningful on IP hosts only. +.It Li icmp.redirtimeout Pq Va net.inet.icmp.redrttimeout +This variable specifies the lifetime of routing entries generated by incoming +ICMP redirects. +The default timeout is 10 minutes. +.It Li icmp.stats Pq Va kern.inet.icmp.stats +Returns the ICMP statistics in a struct icmpstat. +.It Li icmp.tstamprepl Pq Va net.inet.icmp.tstamprepl +If set to 1, reply to ICMP timestamp requests. +If set to 0, ignore timestamp requests. +.It Li ip.arpdown Pq Va net.inet.ip.arpdown +Lifetime of unresolved ARP entries, in seconds. +.It Li ip.arptimeout Pq Va net.inet.ip.arptimeout +Lifetime of resolved ARP entries, in seconds. +.It Li ip.directed-broadcast Pq Va net.inet.ip.directed-broadcast +Returns 1 if directed broadcast behavior is enabled for the host. +.It Li ip.encdebug Pq Va net.inet.ip.encdebug +Returns 1 when error message reporting is enabled for the host. +If the kernel has been compiled with the +.Dv ENCDEBUG +option, +then debugging information will also be reported when this variable is set. +.It Li ip.forwarding Pq Va net.inet.ip.forwarding +If set to 1, then IP forwarding is enabled for the host, +indicating the host is acting as a router. +If set to 2, then IP forwarding is restricted to traffic that has been +IPsec encapsulated or decapsulated by the host. +The default value is 0. +.It Li ip.ifq +Fifth level comprises an array of +.Li struct ifqueue +structures containing information about IP packet input queue. +The fifth level names for the elements of +.Li struct ifqueue +are detailed below. +.Bl -column "Fifth level name" "integer" "Changeable" -offset indent +.It Sy "Fifth level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv IFQCTL_DROPS Ta "integer" Ta "no" +.It Dv IFQCTL_LEN Ta "integer" Ta "no" +.It Dv IFQCTL_MAXLEN Ta "integer" Ta "yes" +.El +.Pp +The variables are as follows: +.Pp +.Bl -tag -width Ds -compact +.It Dv IFQCTL_DROPS Pq Va net.inet.ip.ifq.drops +Returns number of packet dropped. +.It Dv IFQCTL_LEN Pq Va net.inet.ip.ifq.len +Returns the current queue length. +.It Dv IFQCTL_MAXLEN Pq Va net.inet.ip.ifq.maxlen +Get or set the maximum number of queue length. +.El +.It Li ip.ipsec-allocs Pq Va net.inet.ip.ipsec-allocs +The number of IPsec flows that can use a security association before +it expires. +If set to less than or equal to zero, the security association will not +expire because of this counter. +The default value is 0. +.It Li ip.ipsec-auth-alg Pq Va net.inet.ip.ipsec-auth-alg +This is the default authentication algorithm the kernel will instruct +key management daemons to negotiate when establishing security +associations on behalf of the kernel. +Such security associations can occur as a result of a process having +requested some security level through +.Xr setsockopt 2 , +or as a result of dynamic VPN entries. +Supported values are hmac-md5, hmac-sha1, and hmac-ripemd160. +If set to any other value, it is left to the key management daemons to +select an authentication algorithm for the security association. +The default value is hmac-sha1. +.It Li ip.ipsec-bytes Pq Va net.inet.ip.ipsec-bytes +The number of bytes that will be processed by a security association +before it expires. +If set to less than or equal to zero, the security association will not +expire because of this counter. +The default value is 0. +.It Li ip.ipsec-comp-alg Pq Va net.inet.ip.ipsec-comp-alg +The compression algorithm to use with an IP Compression Association +.Pq IPCA . +Possible values are +.Dq deflate +and +.Dq lzs . +Note that lzs is only available with +.Xr hifn 4 . +See +.Xr ipsecctl 8 +for more information. +.It Li ip.ipsec-enc-alg Pq Va net.inet.ip.ipsec-enc-alg +This is the default encryption algorithm the kernel will instruct key +management daemons to negotiate when establishing security +associations on behalf of the kernel. +Such security associations can occur as a result of a process having +requested some security level through +.Xr setsockopt 2 , +or as a result of dynamic VPN entries. +Supported values are aes, des, 3des, blowfish and cast128. +If set to any other value, it is left to the key management daemons to +select an encryption algorithm for the security association. +The default value is aes. +.It Li ip.ipsec-expire-acquire Pq Va net.inet.ip.ipsec-expire-acquire +How long the kernel should allow key management to dynamically acquire +security associations before re-sending a request. +The default value is 30 seconds. +.It Li ip.ipsec-firstuse Pq Va net.inet.ip.ipsec-firstuse +The number of seconds after a security association is first used before +it expires. +If set to less than or equal to zero, the security association will +not expire because of this timer. +The default value is 7200 seconds. +.It Li ip.ipsec-invalid-life Pq Va net.inet.ip.ipsec-invalid-life +The lifetime of embryonic Security Associations (SAs that key management +daemons have reserved but not fully established yet) in seconds. +If set to less than or equal to zero, embryonic SAs will not expire. +The default value is 60. +.It Li ip.ipsec-pfs Pq Va net.inet.ip.ipsec-pfs +If set to any non-zero value, the kernel will ask the key management +daemons to use Perfect Forward Secrecy when establishing IPsec +Security Associations. +Perfect Forward Secrecy makes IPsec Security Associations +cryptographically distinct from each other, such that breaking the key +for one such SA does not compromise any others. +Requiring PFS for every security association significantly increases the +computational load of +.Xr isakmpd 8 +exchanges. +The default value is 1. +.It Li ip.ipsec-soft-allocs Pq Va net.inet.ip.ipsec-soft-allocs +The number of IPsec flows that can use a security association before a +message is sent by the kernel to key management for renegotiation +of the security association. +If set to less than or equal to zero, no message is sent to key +management. +The default value is 0. +.It Li ip.ipsec-soft-bytes Pq Va net.inet.ip.ipsec-soft-bytes +The number of bytes that will be processed by a security association +before a message is sent by the kernel to key management for +renegotiation of the security association. +If set to less than or equal to zero, no message is sent to key +management. +The default value is 0. +.It Li ip.ipsec-soft-firstuse Pq Va net.inet.ip.ipsec-soft-firstuse +The number of seconds after a security association is first used +before a message is sent by the kernel to key management for +renegotiation of the security association. +If set to less than or equal to zero, no message is sent to key +management. +The default value is 3600 seconds. +.It Li ip.ipsec-soft-timeout Pq Va net.inet.ip.ipsec-soft-timeout +The number of seconds after a security association is established +before a message is sent by the kernel to key management for +renegotiation of the security association. +If set to less than or equal to zero, no message is sent to key +management. +The default value is 80000 seconds. +.It Li ip.ipsec-timeout Pq Va net.inet.ip.ipsec-timeout +The number of seconds after a security association is established +before it will expire. +If set to less than or equal to zero, the security association will +not expire because of this timer. +The default value is 86400 seconds. +.It Li ip.maxqueue Pq Va net.inet.ip.maxqueue +Fragment flood protection. +Sets the maximum number of unassembled IP fragments in the fragment queue. +.It Li ip.mforwarding Pq Va net.inet.ip.mforwarding +If set to 1, then multicast forwarding is enabled for the host. +The default is 0. +.It Li ip.mtudisc Pq Va net.inet.ip.mtudisc +Returns 1 if Path MTU Discovery is enabled. +.It Li ip.mtudisctimeout Pq Va net.inet.ip.mtudisctimeout +Number of seconds in which a route added by the Path MTU +Discovery engine will time out. +When the route times out, the Path MTU Discovery engine will attempt +to probe a larger path MTU. +.It Li ip.multipath Pq Va net.inet.ip.multipath +This variable enables multipath routing for IPv4 addresses. +If set to 0, only the first route selected will be used for a given +destination regardless of how many routes exist in the routing table. +.It Li ip.portfirst Pq Va net.inet.ip.portfirst +Minimum registered port number for TCP/UDP port allocation. +Registered ports can be used by ordinary user processes +or programs executed by ordinary users. +Cannot be less than 1024 or greater than 49151. +Must be less than ip.portlast. +.It Li ip.porthifirst Pq Va net.inet.ip.porthifirst +Minimum dynamic/private port number for TCP/UDP port allocation. +Dynamic/private ports can be used by ordinary user processes +or programs executed by ordinary users. +Cannot be less than 49152 or greater than 65535. +Must be less than ip.porthilast. +.It Li ip.porthilast Pq Va net.inet.ip.porthilast +Maximum dynamic/private port number for TCP/UDP port allocation. +Dynamic/private ports can be used by ordinary user processes +or programs executed by ordinary users. +Cannot be less than 49152 or greater than 65535. +Must be greater than ip.porthifirst. +.It Li ip.portlast Pq Va net.inet.ip.portlast +Maximum registered port number for TCP/UDP port allocation. +Registered ports can be used by ordinary user processes +or programs executed by ordinary users. +Cannot be less than 1024 or greater than 49151. +Must be greater than ip.portfirst. +.It Li ip.redirect Pq Va net.inet.ip.redirect +Returns 1 when ICMP redirects may be sent by the host. +This option is ignored unless the host is routing IP packets, +and should normally be enabled on all systems. +.It Li ip.sourceroute Pq Va net.inet.ip.sourceroute +Returns 1 when forwarding of source-routed packets is enabled for +the host. +When running with a +.Xr securelevel 7 +greater than 0, +this variable may not be changed. +.It Li ip.stats Pq Va net.inet.ip.stats +Returns the IP statistics in a struct ipstat. +.It Li ip.ttl Pq Va net.inet.ip.ttl +The maximum time-to-live (hop count) value for an IP packet +sourced by the system. +This value applies to normal transport protocols, not to ICMP. +.It Li ipcomp.enable Pq Va net.inet.ipcomp.enable +Enable the IPComp protocol. +See +.Xr ipsecctl 8 +for more information. +.It Li ipip.allow Pq Va net.inet.ipip.allow +If set to 0, incoming IP-in-IP packets will not be processed. +If set to any other value, processing will occur; furthermore, if set +to 2, no checks for spoofing of loopback addresses will be done. +This is useful only for debugging purposes, and should never be used +in production systems. +.It Li mobileip.allow Pq Va net.inet.mobileip.allow +If set to 0, incoming Mobile IP encapsulated packets (RFC 2004) will not be +processed. +If set to any other value, processing will occur. +.It Li tcp.ackonpush Pq Va net.inet.tcp.ackonpush +Returns 1 if TCP segments with the +.Dv TH_PUSH +flag set are being acknowledged immediately, otherwise 0. +.It Li tcp.baddynamic Pq Va net.inet.tcp.baddynamic +An array of +.Li in_port_t +is returned specifying the bitmask of TCP ports between 512 +and 1023 inclusive that should not be allocated dynamically +by the kernel (i.e., they must be bound specifically by port number). +.It Li tcp.ecn Pq Va net.inet.tcp.ecn +Returns 1 if Explicit Congestion Notifications for TCP are enabled. +.It Li tcp.ident Pq Va net.inet.tcp.ident +A +.Li struct tcp_ident_mapping +specifying a local and foreign endpoint of a TCP +socket is filled in with the effective and real UIDs of the process that +owns the socket. +If no such socket exists, then the effective and real UID values are +both set to \-1. +.It Li tcp.keepidle Pq Va net.inet.tcp.keepidle +If the socket option +.Dv SO_KEEPALIVE +has been set on a socket, then this value specifies how much time a +connection needs to be idle before keepalives are sent. +See also tcp.slowhz. +.It Li tcp.keepinittime Pq Va net.inet.tcp.keepinittime +Time to keep alive the initial SYN packet of a TCP handshake. +.It Li tcp.keepintvl Pq Va net.inet.tcp.keepintvl +Time after a keepalive probe is sent until, in the absence of any response, +another probe is sent. +See also tcp.slowhz. +.It Li tcp.always_keepalive Pq Va net.inet.tcp.always_keepalive +Act as if the option +.Dv SO_KEEPALIVE +was set on all TCP sockets. +.It Li tcp.mssdflt Pq Va net.inet.tcp.mssdflt +The maximum segment size that is used as default for non-local connections. +The default value is 512. +.It Li tcp.reasslimit Pq Va net.inet.tcp.reasslimit +The maximum number of out-of-order TCP +segments the system will store for reassembly. +.It Li tcp.rfc1323 Pq Va net.inet.tcp.rfc1323 +Returns 1 if RFC 1323 extensions to TCP are enabled. +.It Li tcp.rfc3390 Pq Va net.inet.tcp.rfc3390 +Returns 1 if the TCP Initial Window +is increased to 4 * MSS or 4380 bytes, as specified in RFC 3390. +Returns 2 if the TCP Initial Window +is increased to 10 * MSS or 14600 bytes, as specified in +RFC 6928. +.It Li tcp.rootonly Pq Va net.inet.tcp.rootonly +An array of +.Li in_port_t +is returned specifying the bitmask of TCP ports +that can only be bound by processes with root euid. +When running with a +.Xr securelevel 7 +greater than 0, +this variable may not be changed. +.It Li tcp.rstppslimit Pq Va net.inet.tcp.rstppslimit +This variable specifies the maximum number of outgoing TCP RST packets +per second. +TCP RST packets exceeding this value are subject to rate limitation +and will not go out from the node. +A negative value disables rate limitation. +.It Li tcp.sack Pq Va net.inet.tcp.sack +Returns 1 if RFC 2018 Selective Acknowledgements are enabled. +.It Li tcp.slowhz Pq Va net.inet.tcp.slowhz +The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks +of a clock that ticks tcp.slowhz times per second. +(That is, their values must be divided by the tcp.slowhz value to get times +in seconds.) +.It Li tcp.stats Pq Va net.inet.tcp.stats +Returns the TCP statistics in a struct tcpstat. +.It Li tcp.synbucketlimit Pq Va net.inet.tcp.synbucketlimit +The maximum number of entries allowed per hash bucket in the TCP SYN cache. +.It Li tcp.syncachelimit Pq Va net.inet.tcp.syncachelimit +The maximum number of entries allowed in the TCP SYN cache. +.It Li tcp.synhashsize Pq Va net.inet.tcp.synhashsize +The number of buckets in the TCP SYN cache hash array. +After the value is set, the actual size changes when the alternative +SYN cache becomes empty and both SYN caches are swapped. +.It Li tcp.synuselimit Pq Va net.inet.tcp.synuselimit +The minimum number of times the hash function for the TCP SYN cache is used +before it is reseeded. +.It Li udp.baddynamic Pq Va net.inet.udp.baddynamic +Analogous to +.Li tcp.baddynamic +but for UDP sockets. +.It Li udp.checksum Pq Va net.inet.udp.checksum +Returns 1 when UDP checksums are being computed and checked. +Disabling UDP checksums is strongly discouraged. +.It Li udp.recvspace Pq Va net.inet.udp.recvspace +Returns the default UDP receive buffer size. +.It Li udp.rootonly Pq Va net.inet.udp.rootonly +Analogous to +.Li tcp.rootonly +but for UDP sockets. +.It Li udp.sendspace Pq Va net.inet.udp.sendspace +Returns the default UDP send buffer size. +.It Li udp.stats Pq Va net.inet.udp.stats +Returns the UDP statistics in a struct udpstat. +.El +.It Dv PF_INET6 +Get or set various global information about IPv6 +.Pq Internet Protocol version 6 . +The third level name is the protocol. +The fourth level name is the variable name. +The currently defined protocols and names are: +.Bl -column "Protocol name" "multicast_mtudisc" "integer" "yes" -offset indent +.It Sy "Protocol name" Ta Sy "Variable name" Ta Sy "Type" Ta Sy "Changeable" +.It icmp6 Ta errppslimit Ta integer Ta yes +.It icmp6 Ta mtudisc_hiwat Ta integer Ta yes +.It icmp6 Ta mtudisc_lowat Ta integer Ta yes +.It icmp6 Ta nd6_debug Ta integer Ta yes +.It icmp6 Ta nd6_delay Ta integer Ta yes +.It icmp6 Ta nd6_maxnudhint Ta integer Ta yes +.It icmp6 Ta nd6_mmaxtries Ta integer Ta yes +.It icmp6 Ta nd6_umaxtries Ta integer Ta yes +.It icmp6 Ta redirtimeout Ta integer Ta yes +.It ip6 Ta auto_flowlabel Ta integer Ta yes +.It ip6 Ta dad_count Ta integer Ta yes +.It ip6 Ta dad_pending Ta integer Ta yes +.It ip6 Ta defmcasthlim Ta integer Ta yes +.It ip6 Ta forwarding Ta integer Ta yes +.It ip6 Ta hdrnestlimit Ta integer Ta yes +.It ip6 Ta hlim Ta integer Ta yes +.It ip6 Ta ifq Ta node Ta "N/A" +.It ip6 Ta log_interval Ta integer Ta yes +.It ip6 Ta maxdynroutes Ta integer Ta yes +.It ip6 Ta maxfragpackets Ta integer Ta yes +.It ip6 Ta maxfrags Ta integer Ta yes +.It ip6 Ta mforwarding Ta integer Ta yes +.It ip6 Ta mtudisctimeout Ta integer Ta yes +.It ip6 Ta multicast_mtudisc Ta integer Ta yes +.It ip6 Ta multipath Ta integer Ta yes +.It ip6 Ta neighborgcthresh Ta integer Ta yes +.It ip6 Ta redirect Ta integer Ta yes +.It ip6 Ta use_deprecated Ta integer Ta yes +.El +.Pp +The variables are as follows: +.Pp +.Bl -tag -width "123456" -compact +.It Li icmp6.errppslimit Pq Va net.inet6.icmp6.errppslimit +This variable specifies the maximum number of outgoing ICMPv6 error messages +per second. +ICMPv6 error messages exceeding this value are subject to rate limitation +and will not go out from the node. +A negative value will disable the rate limitation. +.Pp +.It Li icmp6.mtudisc_hiwat Pq Va net.inet6.icmp6.mtudisc_hiwat +.It Li icmp6.mtudisc_lowat Pq Va net.inet6.icmp6.mtudisc_lowat +These variables define the maximum number of routing table entries +created due to path MTU discovery +.Pq preventing denial-of-service attacks with ICMPv6 too big messages . +After IPv6 path MTU discovery happens, path MTU information is kept in +the routing table. +If the number of routing table entries exceeds this value, +the kernel will not attempt to keep the path MTU information. +.Li icmp6.mtudisc_hiwat +is used when we have verified ICMPv6 too big messages. +.Li icmp6.mtudisc_lowat +is used when we have unverified ICMPv6 too big messages. +Verification is performed by using address/port pairs kept in connected PCBs. +A negative value disables the upper limit. +.Pp +.It Li icmp6.nd6_debug Pq Va net.inet6.icmp6.nd6_debug +If set to non-zero, IPv6 neighbor discovery will generate debugging +messages. +The debug output is useful for diagnosing IPv6 interoperability issues. +The flag must be set to 0 for normal operation. +.Pp +.It Li icmp6.nd6_delay Pq Va net.inet6.icmp6.nd6_delay +This variable specifies the +.Dv DELAY_FIRST_PROBE_TIME +timing constant in IPv6 neighbor discovery specification +.Pq RFC 4861 , +in seconds. +.Pp +.It Li icmp6.nd6_maxnudhint Pq Va net.inet6.icmp6.nd6_maxnudhint +IPv6 neighbor discovery permits upper layer protocols to supply reachability +hints, to avoid unnecessary neighbor discovery exchanges. +This variable defines the number of consecutive hints the neighbor discovery +layer will take. +For example, by setting the variable to 3, neighbor discovery will take +a maximum of 3 consecutive hints. +After receiving 3 hints, the neighbor discovery layer will instead perform +the normal neighbor discovery process. +.Pp +.It Li icmp6.nd6_mmaxtries Pq Va net.inet6.icmp6.nd6_mmaxtries +This variable specifies the +.Dv MAX_MULTICAST_SOLICIT +constant in IPv6 neighbor discovery specification +.Pq RFC 4861 . +.Pp +.It Li icmp6.nd6_umaxtries Pq Va net.inet6.icmp6.nd6_umaxtries +This variable specifies the +.Dv MAX_UNICAST_SOLICIT +constant in IPv6 neighbor discovery specification +.Pq RFC 4861 . +.Pp +.It Li icmp6.redirtimeout Pq Va net.inet6.icmp6.redirtimeout +The variable specifies the lifetime of routing entries generated by +incoming ICMPv6 redirects. +.Pp +.It Li ip6.auto_flowlabel Pq Va net.inet6.ip6.auto_flowlabel +On connected transport protocol packets, +fill the IPv6 flowlabel field to help intermediate routers identify +packet flows. +.Pp +.It Li ip6.dad_count Pq Va net.inet6.ip6.dad_count +This variable configures the number of IPv6 DAD +.Pq duplicated address detection +probe packets. +These packets are generated when IPv6 interfaces are first brought up. +.Pp +.It Li ip6.dad_pending Pq Va net.inet6.ip6.dad_pending +This variable displays the number of pending IPv6 DAD +.Pq duplicated address detection +before completion. +It is used to make sure that DAD is completed before +.Xr netstart 8 +is executed. +.Pp +.It Li ip6.defmcasthlim Pq Va net.inet6.ip6.defmcasthlim +The default hop limit value for an IPv6 multicast packet sourced by the node. +This value applies to all the transport protocols on top of IPv6. +Methods for overriding this value are documented in +.Xr ip6 4 . +.Pp +.It Li ip6.forwarding Pq Va net.inet6.ip6.forwarding +Returns 1 when IPv6 forwarding is enabled for the node, +meaning that the node is acting as a router. +Returns 0 when IPv6 forwarding is disabled for the node, +meaning that the node is acting as a host. +Note that IPv6 defines node behavior for the +.Dq router +and +.Dq host +cases quite differently, and changing this variable during operation +may cause serious trouble. +Hence, this variable should only be set at bootstrap time. +.Pp +.It Li ip6.hdrnestlimit Pq Va net.inet6.ip6.hdrnestlimit +The number of IPv6 extension headers permitted on incoming IPv6 packets. +If set to 0, the node will accept as many extension headers as possible. +.Pp +.It Li ip6.hlim Pq Va net.inet6.ip6.hlim +The default hop limit value for an IPv6 unicast packet sourced by the node. +This value applies to all the transport protocols on top of IPv6. +Methods for overriding this value are documented in +.Xr ip6 4 . +.Pp +.It Li ip6.ifq Pq Va net.inet6.ip6.ifq +Fifth level comprises an array of +.Li struct ifqueue +structures containing information about IPv6 packet input queue. +The fifth level names for the elements of +.Li struct ifqueue +are detailed above in +.Li ip.ifq . +.Pp +.It Li ip6.log_interval Pq Va net.inet6.ip6.log_interval +This variable permits adjusting the amount of logs generated by the +IPv6 packet forwarding engine. +The value indicates the number of +seconds of interval which must elapse between log output. +.Pp +.It Li ip6.maxdynroutes Pq Va net.inet6.ip6.maxdynroutes +Maximum number of routes created by redirect. +Set to negative to disable. +The default value is 4096. +.Pp +.It Li ip6.maxfragpackets Pq Va net.inet6.ip6.maxfragpackets +The maximum number of fragmented packets the node will accept. +0 means that the node will not accept any fragmented packets. +\-1 means that the node will accept as many fragmented packets as it receives. +The flag is provided basically for avoiding possible DoS attacks. +.Pp +.It Li ip6.maxfrags Pq Va net.inet6.ip6.maxfrags +The maximum number of fragments the node will accept. +0 means that the node will not accept any fragments. +\-1 means that the node will accept as many fragments as it receives. +The flag is provided basically for avoiding possible DoS attacks. +.Pp +.It Li ip6.mforwarding Pq Va net.inet6.ip6.mforwarding +If set to 1, then multicast forwarding is enabled for the host. +The default is 0. +.Pp +.It Li ip6.multicast_mtudisc Pq Va net.inet6.ip6.multicast_mtudisc +This variable controls generation of ICMPv6 Too Big messages +when the machine is performing as an IPv6 multicast router. +If set to 1, an ICMPv6 Too Big message will be generated for multicast packets +which were too big to be forwarded. +If set to 0, the ICMPv6 Too Big message will be suppressed. +.Pp +.It Li ip6.multipath Pq Va net.inet6.ip6.multipath +This variable enables multipath routing for IPv6 addresses. +If set to 0, only the first route selected will be used for a given +destination regardless of how many routes exist in the routing table. +.Pp +.It Li ip6.mtudisctimeout Pq Va net.inet6.ip6.mtudisctimeout +Number of seconds in which a route added by the Path MTU +Discovery engine will time out. +When the route times out, the Path MTU Discovery engine will attempt +to probe a larger path MTU. +.Pp +.It Li ip6.neighborgcthresh Pq Va net.inet6.ip6.neighborgcthresh +Maximum number of entries in neighbor cache. +Set to negative to disable. +The default value is 2048. +.Pp +.It Li ip6.redirect Pq Va net.inet6.ip6.redirect +Returns 1 when ICMPv6 redirects may be sent by the node. +This option is ignored unless the node is routing IP packets, +and should normally be enabled on all systems. +.Pp +.It Li ip6.use_deprecated Pq Va net.inet6.ip6.use_deprecated +This variable controls the use of deprecated addresses, specified in +RFC 4862 5.5.4. +.El +.Pp +We reuse +.Li net.inet.tcp +and +.Li net.inet.udp +for TCP/UDP over IPv6. +.It Dv PF_KEY +Return +.Xr ipsec 4 +database dumps. +The second level name is +.Dv PF_KEY_V2 . +The third level name selects the database as follows: +.Pp +.Bl -tag -width "NET_KEY_SADB_DUMP" -offset indent -compact +.It Dv NET_KEY_SADB_DUMP +Security Association database (SADB). +.It Dv NET_KEY_SPD_DUMP +IPsec flow database (SPD). +.El +.It Dv PF_MPLS +Get or set global information about MPLS (Multiprotocol Label Switching). +.Bl -column "MPLSCTL_MAXINKLOOP " "integer" "not applicable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv MPLSCTL_DEFTTL Ta integer Ta yes +.It Dv MPLSCTL_IFQUEUE Ta node Ta "not applicable" +.It Dv MPLSCTL_MAPTTL_IP Ta integer Ta yes +.It Dv MPLSCTL_MAPTTL_IP6 Ta integer Ta yes +.It Dv MPLSCTL_MAXINKLOOP Ta integer Ta yes +.El +.Bl -tag -width "123456" +.It Dv MPLSCTL_DEFTTL Pq Va net.mpls.ttl +Set or get the default TTL value which is used for MPLS (Shim) Header. +The default is 255. +.It Dv MPLSCTL_IFQUEUE Pq Va net.mpls.ifq +Fourth level comprises an array of +.Li struct ifqueue +structures containing information about MPLS packet input queue. +The forth level names for the elements of +.Li struct ifqueue are same as described in +.Li ip.ifq +in the +.Dv PF_INET +section. +.It Dv MPLSCTL_MAPTTL_IP Pq Va net.mpls.mapttl_ip +If set to 1 the TTL field is synchronized between the IP header and the +MPLS label stack. +If set to 0 the IP header TTL is not modified while passing through MPLS +and the MPLS label stack is initialized with the +.Dv MPLSCTL_DEFTTL . +The default is 1. +.It Dv MPLSCTL_MAPTTL_IP6 Pq Va net.mpls.mapttl_ip6 +If set to 1 the TTL field is synchronized between the IPv6 header and the +MPLS label stack. +If set to 0 the IPv6 header TTL is not modified while passing through MPLS +and the MPLS label stack is initialized with the +.Dv MPLSCTL_DEFTTL . +The default is 0. +.It Dv MPLSCTL_MAXINKLOOP Pq Va net.mpls.maxloop_inkernel +Set or get the maxinum number of label stack operations (push, swap, pop) +that can be made on a packet. +The default is 16. +.El +.It Dv PF_PIPEX Pq Va net.pipex +Get or set global information about PIPEX. +.Pp +The currently defined variable names are: +.Bl -column "Third level name" "integer" "Changeable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv PIPEXCTL_ENABLE Ta integer Ta yes +.It Dv PIPEXCTL_INQ Ta node Ta not applicable +.It Dv PIPEXCTL_OUTQ Ta node Ta not applicable +.El +.Bl -tag -width "123456" +.It Dv PIPEXCTL_ENABLE +If set to 1, enable PIPEX processing. +The default is 0. +.It Dv PIPEXCTL_INQ Pq Va net.pipex.inq +Fourth level comprises an array of +.Li struct ifqueue +structures containing information about the PIPEX packet input queue. +The forth level names for the elements of +.Li struct ifqueue +are the same as described in +.Li ip.ifq +in the +.Dv PF_INET +section. +.It Dv PIPEXCTL_OUTQ Pq Va net.pipex.outq +Fourth level comprises an array of +.Li struct ifqueue +structures containing information about PIPEX packet output queue. +The forth level names for the elements of +.Li struct ifqueue are same as described in +.Li ip.ifq +in the +.Dv PF_INET +section. +.El +.El +.Ss CTL_VFS +The string and integer information available for the +.Dv CTL_VFS +level is detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +.Bl -column "Second level name" "VFS generic info" "Changeable" -offset indent +.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv VFS_GENERIC Ta "VFS generic info" Ta "no" +.It Dv "filesystem #" Ta "filesystem info" Ta "no" +.El +.Bl -tag -width "123456" +.It Dv VFS_GENERIC +This second level identifier requests generic information about the +VFS layer. +Within it, the following third level identifiers exist: +.Bl -column "Third level name" "struct vfsconf" "Changeable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv VFS_CONF Ta "struct vfsconf" Ta "no" +.It Dv VFS_MAXTYPENUM Ta "int" Ta "no" +.El +.It filesystem # +After finding the filesystem dependent +.Va vfc_typenum +using +.Dv VFS_GENERIC +with +.Dv VFS_CONF , +it is possible to access filesystem dependent information. +.Pp +Some filesystems may contain settings. +.Bl -tag -width "123" +.It FFS +.Bl -column "FFS_SD_DIRECT_BLK_PTRS" "integer" "Changeable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv FFS_DIRHASH_DIRSIZE Ta "integer" Ta "yes" +.It Dv FFS_DIRHASH_MAXMEM Ta "integer" Ta "yes" +.It Dv FFS_DIRHASH_MEM Ta "integer" Ta "no" +.It Dv FFS_MAX_SOFTDEPS Ta "integer" Ta "yes" +.It Dv FFS_SD_BLK_LIMIT_HIT Ta "integer" Ta "yes" +.It Dv FFS_SD_BLK_LIMIT_PUSH Ta "integer" Ta "yes" +.It Dv FFS_SD_DIR_ENTRY Ta "integer" Ta "yes" +.It Dv FFS_SD_DIRECT_BLK_PTRS Ta "integer" Ta "yes" +.It Dv FFS_SD_INDIR_BLK_PTRS Ta "integer" Ta "yes" +.It Dv FFS_SD_INO_LIMIT_HIT Ta "integer" Ta "yes" +.It Dv FFS_SD_INO_LIMIT_PUSH Ta "integer" Ta "yes" +.It Dv FFS_SD_INODE_BITMAP Ta "integer" Ta "yes" +.It Dv FFS_SD_SYNC_LIMIT_HIT Ta "integer" Ta "yes" +.It Dv FFS_SD_TICKDELAY Ta "integer" Ta "yes" +.It Dv FFS_SD_WORKLIST_PUSH Ta "integer" Ta "yes" +.El +.Bl -tag -width "123456" +.It Dv FFS_DIRHASH_DIRSIZE Pq Va vfs.ffs.dirhash_dirsize +The minimum size of a directory, in bytes, before it is considered for hashing. +.It Dv FFS_DIRHASH_MAXMEM Pq Va vfs.ffs.dirhash_maxmem +The maximum amount of memory, in bytes, to be used for storing directory +hashes. +.It Dv FFS_DIRHASH_MEM Pq Va vfs.ffs.dirhash_mem +The amount of memory currently used by all directory hashes. +.It Dv FFS_MAX_SOFTDEPS Pq Va vfs.ffs.max_softdeps +Maximum strcuctures before slowdowns. +.It Dv FFS_SD_BLK_LIMIT_HIT Pq Va vfs.ffs.sd_blk_limit_hit +Number of times block slowdown imposed. +.It Dv FFS_SD_BLK_LIMIT_PUSH Pq Va vfs.ffs.sd_blk_limit_push +Number of times block limit neared. +.It Dv FFS_SD_DIR_ENTRY Pq Va vfs.ffs.sd_dir_entry +Bufs redirtied as dir entry cannot write. +.It Dv FFS_SD_DIRECT_BLK_PTRS Pq Va vfs.ffs.sd_direct_blk_ptrs +Bufs redirtied as direct ptrs not written. +.It Dv FFS_SD_INDIR_BLK_PTRS Pq Va vfs.ffs.sd_indir_blk_ptrs +Bufs redirtied as indirect ptrs not written. +.It Dv FFS_SD_INO_LIMIT_HIT Pq Va vfs.ffs.sd_ino_limit_hit +Number of times inode limit imposed. +.It Dv FFS_SD_INO_LIMIT_PUSH Pq Va vfs.ffs.sd_ino_limit_push +Number of times inode limit neared. +.It Dv FFS_SD_INODE_BITMAP Pq Va vfs.ffs.sd_inode_bitmap +Bufs redirtied as inode bitmap not written. +.It Dv FFS_SD_SYNC_LIMIT_HIT Pq Va vfs.ffs.sd_sync_limit_hit +Number of synchronous slowdowns imposed. +.It Dv FFS_SD_TICKDELAY Pq Va vfs.ffs.sd_tickdelay +Ticks to pause during slowdown. +.It Dv FFS_SD_WORKLIST_PUSH Pq Va vfs.ffs.sd_worklist_push +Number of worklist cleanups. +.El +.It NFS +.Bl -column "Third level name" "struct nfsstats" "Changeable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv NFS_NFSSTATS Ta "struct nfsstats" Ta "yes" +.It Dv NFS_NIOTHREADS Ta "int" Ta "yes" +.El +.Bl -tag -width Ds +.It Dv NFS_NIOTHREADS Pq Va vfs.nfs.iothreads +The number of I/O kernel threads for NFS clients. +The default is 4; +the maximum is 20. +.El +.It FUSE +.Bl -column "FUSEFS_POOL_NBPAGES" "Type" "Changeable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv FUSEFS_INFBUFS Ta "int" Ta "no" +.It Dv FUSEFS_OPENDEVS Ta "int" Ta "no" +.It Dv FUSEFS_POOL_NBPAGES Ta "int" Ta "no" +.It Dv FUSEFS_WAITFBUFS Ta "int" Ta "no" +.El +.Bl -tag -width Ds +.It Dv FUSEFS_INFBUFS Pq Va vfs.fuse.fusefs_fbufs_in +The number of inbound fusebufs. +.It Dv FUSEFS_OPENDEVS Pq Va vfs.fuse.fusefs_open_devices +The number of FUSE devices opened. +.It Dv FUSEFS_POOL_NBPAGES Pq Va vfs.fuse.fusefs_pool_pages +The number of pages used for fusebuf memory. +.It Dv FUSEFS_WAITFBUFS Pq Va vfs.fuse.fusefs_fbufs_wait +The number of fusebufs waiting for a response. +.El +.El +.El +.Ss CTL_VM +The string and integer information available for the +.Dv CTL_VM +level is detailed below. +The changeable column shows whether a process with appropriate +privileges may change the value. +.Bl -column "Second level name" "swap encrypt values" "yes" -offset indent +.It Sy "Second level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv VM_ANONMIN Ta "integer" Ta "yes" +.It Dv VM_LOADAVG Ta "struct loadavg" Ta "no" +.It Dv VM_MAXSLP Ta "integer" Ta "no" +.It Dv VM_METER Ta "struct vmtotal" Ta "no" +.It Dv VM_NKMEMPAGES Ta "integer" Ta "no" +.It Dv VM_PSSTRINGS Ta "struct psstrings" Ta "no" +.It Dv VM_SWAPENCRYPT Ta "swap encrypt values" Ta "yes" +.It Dv VM_USPACE Ta "integer" Ta "no" +.It Dv VM_UVMEXP Ta "struct uvmexp" Ta "no" +.It Dv VM_VNODEMIN Ta "integer" Ta "yes" +.It Dv VM_VTEXTMIN Ta "integer" Ta "yes" +.El +.Bl -tag -width "123456" +.It Dv VM_ANONMIN Pq Va vm.anonmin +Percentage of physical memory available for +pages which contain anonymous mapping. +.It Dv VM_LOADAVG Pq Va vm.loadavg +Return the load average history. +The returned data consists of a +.Li struct loadavg . +.It Dv VM_MAXSLP Pq Va vm.maxslp +The time for a process to be blocked before being swappable, +in seconds. +.It Dv VM_METER Pq Va vm.vmmeter +Return the system wide virtual memory statistics. +The returned data consists of a +.Li struct vmtotal . +.It Dv VM_NKMEMPAGES Pq Va vm.nkmempages +Number of pages in kmem_map. +.It Dv VM_PSSTRINGS Pq Va vm.psstrings +Returns the address of the process +.Li struct ps_strings . +The +.Xr ps 1 +program uses it to locate the argument and environment strings. +.It Dv VM_SWAPENCRYPT +Contains statistics about swap encryption. +The string and integer information available for the third level is +detailed below. +.Bl -column "Third level name" "integer" "Changeable" -offset indent +.It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" +.It Dv SWPENC_CREATED Ta "integer" Ta "no" +.It Dv SWPENC_DELETED Ta "integer" Ta "no" +.It Dv SWPENC_ENABLE Ta "integer" Ta "yes" +.El +.Bl -tag -width "123456" +.It Dv SWPENC_CREATED Pq Va vm.swapencrypt.keyscreated +The number of encryption keys that have been randomly created. +The swap partition is divided into sections of normally 512KB. +Each section has its own encryption key. +.It Dv SWPENC_DELETED Pq Va vm.swapencrypt.keysdeleted +The number of encryption keys that have been deleted, thus effectively +erasing the data that has been encrypted with them. +Encryption keys are deleted when their reference counter reaches zero. +.It Dv SWPENC_ENABLE Pq Va vm.swapencrypt.enable +Set to 1 to enable swap encryption for all processes. +A 0 disables swap encryption. +Pages still on swap receive a grandfather clause. +Turning this option on does not affect legacy swap data already on the disk, +but all newly written data will be encrypted. +When swap encryption is turned on, automatic +.Xr crash 8 +dumps are disabled. +.El +.It Dv VM_USPACE Pq Va vm.uspace +The number of bytes allocated for each kernel stack. +.It Dv VM_UVMEXP Pq Va vm.uvmexp +Contains statistics about the UVM memory management system. +.It Dv VM_VNODEMIN Pq Va vm.vnodemin +Percentage of physical memory available for +pages which contain cached file data. +.It Dv VM_VTEXTMIN Pq Va vm.vtextmin +Percentage of physical memory available for +pages which contain cached executable data. +.El +.Sh RETURN VALUES +If the call to +.Fn sysctl +is unsuccessful, \-1 is returned and +.Va errno +is set appropriately. +.Sh FILES +.Bl -tag -width "uvm/uvmXswapXencrypt.h " -compact +.It In sys/sysctl.h +top level identifiers and second level kernel and hardware +identifiers +.It In sys/socket.h +second level network identifiers +.It In sys/gmon.h +third level profiling identifiers +.It In uvm/uvm_param.h +second level virtual memory identifiers +.It In uvm/uvm_swap_encrypt.h +third level virtual memory identifiers +.It In net/if.h +packet input/output queue identifiers +.It In net/pipex.h +third level PIPEX identifiers +.It In netinet/in.h +third and fourth level IPv4/v6 identifiers +.It In netinet/ip_divert.h +fourth level divert identifiers +.It In netinet/icmp_var.h +fourth level ICMP identifiers +.It In netinet/icmp6.h +fourth level ICMPv6 identifiers +.It In netinet/tcp_var.h +fourth level TCP identifiers +.It In netinet/udp_var.h +fourth level UDP identifiers +.It In ddb/db_var.h +second level ddb identifiers +.It In sys/mount.h +second level vfs identifiers +.It In miscfs/fuse/fusefs.h +third level fusefs identifiers +.It In nfs/nfs.h +third level NFS identifiers +.It In ufs/ffs/ffs_extern.h +third level FFS identifiers +.It In machine/cpu.h +second level CPU identifiers +.El +.Sh ERRORS +The following errors may be reported: +.Bl -tag -width Er +.It Bq Er EFAULT +The buffer +.Fa name , +.Fa oldp , +.Fa newp , +or length pointer +.Fa oldlenp +contains an invalid address. +.It Bq Er EINVAL +The +.Fa name +array is less than two or greater than +.Dv CTL_MAXNAME . +.It Bq Er EINVAL +A non-null +.Fa newp +pointer is given and its specified length in +.Fa newlen +is too large or too small. +.It Bq Er ENOMEM +The length pointed to by +.Fa oldlenp +is too short to hold the requested value. +.It Bq Er ENOENT +The mib specified does not exist, or exceeds the range that is possible. +.It Bq Er ENXIO +If the mib is a sparsely populated array, this error may be returned +instead. +.It Bq Er ENOTDIR +The +.Fa name +array specifies an intermediate rather than terminal name. +.It Bq Er EOPNOTSUPP +The +.Fa name +array specifies a value that is unknown. +.It Bq Er EPERM +An attempt is made to set a read-only value. +.It Bq Er EPERM +A process without appropriate privileges attempts to set a value. +.It Bq Er EPERM +An attempt to change a value protected by the current kernel security +level is made. +.It Bq Er ESRCH +No process could be found which corresponds to the given process ID. +.El +.Sh SEE ALSO +.Xr pathconf 2 , +.Xr sysconf 3 , +.Xr ddb 4 , +.Xr sysctl.conf 5 , +.Xr securelevel 7 , +.Xr sysctl 8 +.Sh HISTORY +The +.Fn sysctl +function first appeared in +.Bx 4.4 .