MirOS Manual: sysctl(3)

SYSCTL(3)                  BSD Programmer's Manual                   SYSCTL(3)

NAME

     sysctl - get or set system information

SYNOPSIS

     #include <sys/param.h>
     #include <sys/sysctl.h>

     int
     sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
             size_t newlen);

DESCRIPTION

     The sysctl() function retrieves system information and allows processes
     with appropriate privileges to set system information. The information
     available from sysctl() consists of integers, strings, and tables. Infor-
     mation may be retrieved and set from the command interface using the
     sysctl(8) utility.

     Unless explicitly noted below, sysctl() returns a consistent snapshot of
     the data requested. Consistency is obtained by locking the destination
     buffer into memory so that the data may be copied out without blocking.
     Calls to sysctl() are serialized to avoid deadlock.

     The state is described using a "Management Information Base (MIB)" style
     name, listed in name, which is a namelen length array of integers.

     The information is copied into the buffer specified by oldp. The size of
     the buffer is given by the location specified by oldlenp before the call,
     and that location gives the amount of data copied after a successful
     call. If the amount of data available is greater than the size of the
     buffer supplied, the call supplies as much data as fits in the buffer
     provided and returns with the error code ENOMEM. If the old value is not
     desired, oldp and oldlenp should be set to NULL.

     The size of the available data can be determined by calling sysctl() with
     a NULL parameter for oldp. The size of the available data will be re-
     turned in the location pointed to by oldlenp. For some operations, the
     amount of space may change often. For these operations, the system at-
     tempts to round up so that the returned size is large enough for a call
     to return the data shortly thereafter.

     To set a new value, newp is set to point to a buffer of length newlen
     from which the requested value is to be taken. If a new value is not to
     be set, newp should be set to NULL and newlen set to 0.

     The top level names are defined with a CTL_ prefix in <sys/sysctl.h>, and
     are as follows. The next and subsequent levels down are found in the in-
     clude files listed here, and described in separate sections below.

           Name              Next level names          Description
           CTL_DDB           ddb/db_var.h              Kernel debugger
           CTL_DEBUG         sys/sysctl.h              Debugging
           CTL_FS            sys/sysctl.h              File system
           CTL_HW            sys/sysctl.h              Generic CPU, I/O
           CTL_KERN          sys/sysctl.h              High kernel limits
           CTL_MACHDEP       sys/sysctl.h              Machine dependent
           CTL_NET           sys/socket.h              Networking
           CTL_USER          sys/sysctl.h              User-level
           CTL_VFS           ufs/ffs/ffs_extern.h      Virtual file system
           CTL_VM            uvm/uvm_param.h           Virtual memory

     For example, the following retrieves the maximum number of processes al-
     lowed in the system:

           int mib[2], maxproc;
           size_t len;

           mib[0] = CTL_KERN;
           mib[1] = KERN_MAXPROC;
           len = sizeof(maxproc);
           if (sysctl(mib, 2, &maxproc, &len, NULL, 0) == -1)
                   err(1, "sysctl");

     To retrieve the standard search path for the system utilities:

           int mib[2];
           size_t len;
           char *p;

           mib[0] = CTL_USER;
           mib[1] = USER_CS_PATH;
           if (sysctl(mib, 2, NULL, &len, NULL, 0) == -1)
                   err(1, "sysctl");
           if ((p = malloc(len)) == NULL)
                   err(1, NULL);
           if (sysctl(mib, 2, p, &len, NULL, 0) == -1)
                   err(1, "sysctl");

CTL_DDB

     Integer information and settable variables are available for the CTL_DDB
     level, as described below. More information is also available in ddb(4).

           Second level name          Type                 Changeable
           DBCTL_CONSOLE              integer              yes
           DBCTL_LOG                  integer              yes
           DBCTL_MAXLINE              integer              yes
           DBCTL_MAXWIDTH             integer              yes
           DBCTL_PANIC                integer              yes
           DBCTL_RADIX                integer              yes
           DBCTL_TABSTOP              integer              yes
           DBCTL_CRASH                integer              yes

     DBCTL_CONSOLE
             When this variable is set, an architecture dependent magic key
             sequence on the console or a debugger button will permit entry
             into the kernel debugger. As described in securelevel(7), a secu-
             rity level greater than 1 blocks modification of this variable.

     DBCTL_LOG
             When set, ddb output is also logged in the kernel message buffer.

     DBCTL_MAXLINE
             Determines the number of lines to page in ddb(4). This variable
             is also available as the ddb $lines variable.

     DBCTL_MAXWIDTH
             Determines the maximum width of a line in ddb(4). This variable
             is also available as the ddb $maxwidth variable.

     DBCTL_PANIC
             When this variable is set, system panics may drop into the kernel
             debugger. As described in securelevel(7), a security level
             greater than 1 blocks modification of this variable.

     DBCTL_RADIX
             Determines the default radix or base for non-prefixed numbers en-
             tered into ddb(4). This variable is also available as the ddb
             $radix variable.

     DBCTL_TABSTOP
             Width of a tab stop in ddb(4). This variable is also available as
             the ddb $tabstops variable.

     DBCTL_CRASH
             Set this to a value larger than 1 to crash the kernel with a pan-
             ic. This is only allowed if the value was 1 before, and the sys-
             tem is continuable. This value can only be raised from 0 to 1 in
             securelevel 0 or insecure mode.

CTL_DEBUG

     The debugging variables vary from system to system. A debugging variable
     may be added or deleted without need to recompile sysctl() to know about
     it. Each time it runs, sysctl() gets the list of debugging variables from
     the kernel and displays their current values. The system defines twenty
     struct ctldebug variables named debug0 through debug19. They are declared
     as separate variables so that they can be individually initialized at the
     location of their associated variable. The loader prevents multiple use
     of the same variable by issuing errors if a variable is initialized in
     more than one place. For example, to export the variable dospecialcheck
     as a debugging variable, the following declaration would be used:

           int dospecialcheck = 1;
           struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck };

CTL_FS

     The string and integer information available for the CTL_FS level is de-
     tailed below. The changeable column shows whether a process with ap-
     propriate privileges may change the value.

           Second level name          Type          Changeable
           FS_POSIX_SETUID            integer       yes

     FS_POSIX_SETUID
             When this variable is set, ownership changes on a file will cause
             the S_ISUID and S_ISGID bits to be cleared. As detailed in
             securelevel(7), this variable may not be changed if the
             securelevel is > 0.

CTL_HW

     The string and integer information available for the CTL_HW level is de-
     tailed below. The changeable column shows whether a process with ap-
     propriate privileges may change the value.

           Second level name          Type          Changeable
           HW_BYTEORDER               integer       no
           HW_CPUSPEED                integer       no
           HW_DISKCOUNT               integer       no
           HW_DISKNAMES               string        no
           HW_DISKSTATS               struct        no
           HW_MACHINE                 string        no
           HW_MODEL                   string        no
           HW_NCPU                    integer       no
           HW_PAGESIZE                integer       no
           HW_PHYSMEM                 integer       no
           HW_SENSORS                 struct        no
           HW_SETPERF                 integer       yes
           HW_USERMEM                 integer       no

     HW_BYTEORDER
             The byteorder (4321 or 1234).

     HW_CPUSPEED
             The current CPU frequency (in MHz).

     HW_DISKCOUNT
             The number of disks currently attached to the system.

     HW_DISKNAMES
             A comma-separated list of disk names.

     HW_DISKSTATS
             An array of struct diskstats structures containing disk statis-
             tics.

     HW_MACHINE
             The machine class.

     HW_MODEL
             The machine model.

     HW_NCPU
             The number of CPUs.

     HW_PAGESIZE
             The software page size.

     HW_PHYSMEM
             The total physical memory, in bytes.

     HW_SENSORS
             An array of struct sensor structures containing information from
             the hardware monitoring sensors.

     HW_SETPERF
             Current CPU performance (percentage).

     HW_USERMEM
             The amount of available non-kernel memory in bytes.

CTL_KERN

     The string and integer information available for the CTL_KERN level is
     detailed below. The changeable column shows whether a process with ap-
     propriate privileges may change the value. The types of data currently
     available are process information, system vnodes, the open file entries,
     routing table entries, virtual memory statistics, load average history,
     and clock rate information.

           Second level name             Type                   Changeable
           KERN_ALLOWPSA                 integer                yes
           KERN_ALLOWPSE                 integer                yes
           KERN_ARGMAX                   integer                no
           KERN_ARND                     integer                yes
           KERN_BOOTTIME                 struct timeval         no
           KERN_CCPU                     integer                no
           KERN_CLOCKRATE                struct clockinfo       no
           KERN_CPTIME                   long[CPUSTATES]        no
           KERN_CPTIME2                  u_int64_t[CPUSTATES]   no
           KERN_CRYPTODEVALLOWSOFT       integer                yes
           KERN_DOMAINNAME               string                 yes
           KERN_EMUL                     node                   not applicable
           KERN_EMULUNAME                string                 yes
           KERN_FILE                     struct file            no
           KERN_FORKSTAT                 struct forkstat        no
           KERN_FSCALE                   integer                no
           KERN_FSYNC                    integer                no
           KERN_HOSTID                   integer                yes
           KERN_HOSTNAME                 string                 yes
           KERN_INTRCNT                  node                   not applicable
           KERN_JOB_CONTROL              integer                no
           KERN_MALLOCSTATS              node                   no
           KERN_MAXCLUSTERS              integer                yes
           KERN_MAXFILES                 integer                yes
           KERN_MAXPARTITIONS            integer                no
           KERN_MAXPROC                  integer                yes
           KERN_MAXVNODES                integer                yes
           KERN_MBSTAT                   struct mbstat          no
           KERN_MSGBUF                   char[]                 no
           KERN_MSGBUFSIZE               integer                no
           KERN_NCHSTATS                 struct nchstats        no
           KERN_NFILES                   integer                no
           KERN_NGROUPS                  integer                no
           KERN_NOSUIDCOREDUMP           integer                yes
           KERN_NPROCS                   integer                no
           KERN_NSELCOLL                 integer                no
           KERN_NUMVNODES                integer                no
           KERN_OSRELEASE                string                 no
           KERN_OSREV                    integer                no
           KERN_OSTYPE                   string                 no
           KERN_OSVERSION                string                 no
           KERN_POSIX1                   integer                no
           KERN_PROC                     struct kinfo_proc      no
           KERN_PROC2                    struct kinfo_proc2     no
           KERN_PROC_ARGS                node                   not applicable
           KERN_RAWPARTITION             integer                no
           KERN_RND                      struct rndstats        no
           KERN_SAVED_IDS                integer                no
           KERN_SECURELVL                integer                raise only
           KERN_SEMINFO                  node                   not applicable
           KERN_SHMINFO                  node                   not applicable
           KERN_SOMAXCONN                integer                yes
           KERN_SOMINCONN                integer                yes
           KERN_SPLASSERT                int                    yes
           KERN_STACKGAPRANDOM           integer                yes
           KERN_SYSVIPC_INFO             node                   not applicable
           KERN_SYSVMSG                  integer                no
           KERN_SYSVSEM                  integer                no
           KERN_SYSVSHM                  integer                no
           KERN_TTY                      node                   not applicable
           KERN_TTYCOUNT                 integer                no
           KERN_USERASYMCRYPTO           integer                yes
           KERN_USERCRYPTO               integer                yes
           KERN_USERMOUNT                integer                yes
           KERN_VERSION                  string                 no
           KERN_VNODE                    struct vnode           no
           KERN_WATCHDOG                 node                   not applicable

     KERN_ALLOWPSA
             If 0, users are not allowed to view processes of other users, for
             example with the -a option to ps(1). After changing this flag,
             any procfs mounts must be unmounted and remounted to enact the
             new permission bits.

     KERN_ALLOWPSE
             If 0, users are not allowed to view the environment of processes
             of other users, for example with the -e option to ps(1). After
             changing this flag, any procfs mounts must be unmounted and re-
             mounted to enact the new permission bits.

     KERN_ARGMAX
             The maximum number of bytes allowed among the arguments to
             exec(3).

     KERN_ARND
             Returns a random integer from the kernel arc4random(9) function.
             This can be useful if /dev/arandom is not available (see
             random(4)). This sysctl is writable since MirOS #8.

     KERN_BOOTTIME
             A struct timeval structure is returned. This structure contains
             the time that the system was booted.

     KERN_CCPU
             The scheduler exponential decay value.

     KERN_CLOCKRATE
             A struct clockinfo structure is returned. This structure contains
             the clock, statistics clock and profiling clock frequencies, the
             number of micro-seconds per hz tick, and the clock skew rate.

     KERN_CPTIME
             An array of longs of size CPUSTATES is returned, containing
             statistics about the number of ticks spent by the system among
             all processors in interrupt processing, user processes
             (nice(1) or normal), system processing, or idling.

     KERN_CPTIME2
             Similar to KERN_CPTIME, but obtains information from only the
             single CPU specified by the third level name given.

     KERN_CRYPTODEVALLOWSOFT
             Permits userland to use /dev/crypto even if there is no hardware
             crypto accelerator in the system.

     KERN_DOMAINNAME
             Get or set the domain name.

     KERN_EMUL
             Enable binary emulation.

                   Third level name     Type      Changeable
                   KERN_EMUL_ENABLED    integer   yes
                   KERN_EMUL_NAME       string    no
                   KERN_EMUL_NEMULS     integer   no

             Third level names in KERN_EMUL other than KERN_EMUL_NEMULS refer
             to a specific emulation available in the kernel. Valid values
             range from 1 to the return value of KERN_EMUL_NEMULS. The fourth
             level names available are KERN_EMUL_NAME, which returns a string
             with the emulation name, and KERN_EMUL_ENABLED, which is an adju-
             stable integer.

             Note that using this interface exposes duplicate entries which
             are consolidated by the userland frontend.

     KERN_EMULUNAME
             Sets the ostype value the uname(3) call returns for applications
             executed in the linuxulator.

     KERN_FILE
             Return the entire file table. The returned data consists of a
             single struct filehead followed by an array of struct file, whose
             size depends on the current number of such objects in the system.

     KERN_FORKSTAT
             A struct forkstat structure is returned. This structure contains
             information about the number of fork(2), vfork(2), and rfork(2)
             system calls as well as kernel thread creations since system
             startup, and the number of pages of virtual memory involved in
             each.

     KERN_FSCALE
             The kernel fixed-point scale factor.

     KERN_FSYNC
             Return 1 if the File Synchronisation Option is available on this
             system, otherwise 0.

     KERN_HOSTID
             Get or set the host ID.

     KERN_HOSTNAME
             Get or set the hostname.

     KERN_JOB_CONTROL
             Return 1 if job control is available on this system, otherwise 0.

     KERN_MALLOCSTATS
             Return kernel memory bucket statistics. The third level names are
             detailed below. There are no changeable values in this branch.

                   Third level name                   Type
                   KERN_MALLOC_BUCKET                 node
                   KERN_MALLOC_BUCKETS                string
                   KERN_MALLOC_KMEMNAMES              string
                   KERN_MALLOC_KMEMSTATS              node

             The variables are as follows:

             KERN_MALLOC_BUCKET.<size>
                     A node containing the statistics for the memory bucket of
                     the specified size (in decimal notation, the number of
                     bytes per bucket element, e.g., 16, 32, 128). Each node
                     returns a struct kmembuckets.

                     If a value is specified that does not correspond directly
                     to a bucket size, the statistics for the closest larger
                     bucket size will be returned instead.

                     Note that bucket sizes are typically powers of 2.

             KERN_MALLOC_BUCKETS
                     Return a comma-separated list of the bucket sizes used by
                     the kernel.

             KERN_MALLOC_KMEMNAMES
                     Return a comma-separated list of the names of the kernel
                     malloc(9) types.

             KERN_MALLOC_KMEMSTATS
                     A node containing the statistics for the memory types of
                     the specified name. Each node returns a struct kmemstats.

     KERN_MAXCLUSTERS
             The maximum number of mbuf(9) clusters that may be allocated.

     KERN_MAXFILES
             The maximum number of open files that may be open in the system.

     KERN_MAXPARTITIONS
             The maximum number of partitions allowed per disk.

     KERN_MAXPROC
             The maximum number of simultaneous processes the system will al-
             low.

     KERN_MAXVNODES
             The maximum number of vnodes available on the system.

     KERN_MBSTAT
             A struct mbstat structure is returned, containing statistics on
             mbuf(9) usage.

     KERN_MSGBUF
             Returns a buffer containing kernel log messages.

     KERN_MSGBUFSIZE
             The size of the kernel message buffer.

     KERN_NCHSTATS
             A struct nchstats structure is returned. This structure contains
             information about the filename to inode(5) mapping cache.

     KERN_NFILES
             Number of open files.

     KERN_NGROUPS
             The maximum number of supplemental groups.

     KERN_NOSUIDCOREDUMP
             Programs with their set-user-ID bit set will not dump core when
             this is set.

     KERN_NPROCS
             The number of entries in the kernel process table.

     KERN_NSELCOLL
             Number of select(2) collisions.

     KERN_NUMVNODES
             Number of vnodes in use.

     KERN_OSRELEASE
             The system release string.

     KERN_OSREV
             The system revision number.

     KERN_OSTYPE
             The system type string.

     KERN_OSVERSION
             The kernel build version.

     KERN_POSIX1
             The version of ISO/IEC 9945 (POSIX 1003.1) with which the system
             attempts to comply.

     KERN_PROC
             Return the entire process table, or a subset of it. An array of
             struct kinfo_proc structures is returned, whose size depends on
             the current number of such objects in the system. The third and
             fourth level names are as follows:

                   Third level name          Fourth level is:
                   KERN_PROC_ALL             None
                   KERN_PROC_KTHREAD         A kernel thread
                   KERN_PROC_PID             A process ID
                   KERN_PROC_PGRP            A process group
                   KERN_PROC_RUID            A real user ID
                   KERN_PROC_SESSION         A session PID
                   KERN_PROC_TTY             A tty device
                   KERN_PROC_UID             A user ID

     KERN_PROC2
             Like KERN_PROC but an array of struct kinfo_proc2 structures is
             returned. The fifth level name is the size of the struct
             kinfo_proc2 and the sixth level name is the number of structures
             to return.

     KERN_PROC_ARGS
             Returns the arguments or environment of a process. The third lev-
             el name is the PID of the process. The fourth level name is one
             of:

                   KERN_PROC_ARGV
                   KERN_PROC_ENV
                   KERN_PROC_NARGV
                   KERN_PROC_NENV

             KERN_PROC_NARGV and KERN_PROC_NENV return the number of elements
             as an int in the argv or env array. KERN_PROC_ARGV returns the
             argv array and KERN_PROC_ENV returns the environ array.

     KERN_RAWPARTITION
             The raw partition of a disk (a == 0).

     KERN_RND
             Returns statistics about the /dev/random device in a struct
             rndstats structure.

     KERN_SAVED_IDS
             Returns 1 if saved set-group-ID and saved set-user-ID are avail-
             able.

     KERN_SECURELVL
             The system security level. This level may be raised by processes
             with appropriate privileges. It may only be lowered by process 1.

     KERN_SEMINFO
             Return the elements of struct seminfo. If the kernel is not com-
             piled with System V style semaphore support, attempts to retrieve
             any of the KERN_SEMINFO values will fail with EOPNOTSUPP. The
             third level names for the elements of struct seminfo are detailed
             below. The changeable column shows whether a process with ap-
             propriate privileges may change the value.

                   Third level name       Type       Changeable
                   KERN_SEMINFO_SEMAEM    integer    no
                   KERN_SEMINFO_SEMMNI    integer    yes
                   KERN_SEMINFO_SEMMNS    integer    yes
                   KERN_SEMINFO_SEMMNU    integer    yes
                   KERN_SEMINFO_SEMMSL    integer    yes
                   KERN_SEMINFO_SEMOPM    integer    yes
                   KERN_SEMINFO_SEMUME    integer    no
                   KERN_SEMINFO_SEMUSZ    integer    no
                   KERN_SEMINFO_SEMVMX    integer    no

             The variables are as follows:

             KERN_SEMINFO_SEMAEM
                     The adjust on exit maximum value.

             KERN_SEMINFO_SEMMNI
                     The maximum number of semaphore identifiers allowed.

             KERN_SEMINFO_SEMMNS
                     The maximum number of semaphores allowed in the system.

             KERN_SEMINFO_SEMMNU
                     The maximum number of semaphore undo structures allowed
                     in the system.

             KERN_SEMINFO_SEMMSL
                     The maximum number of semaphores allowed per ID.

             KERN_SEMINFO_SEMOPM
                     The maximum number of operations per semop(2) call.

             KERN_SEMINFO_SEMUME
                     The maximum number of undo entries per process.

             KERN_SEMINFO_SEMUSZ
                     The size (in bytes) of the undo structure.

             KERN_SEMINFO_SEMVMX
                     The semaphore maximum value.

     KERN_SHMINFO
             Return the elements of struct shminfo. If the kernel is not com-
             piled with System V style shared memory support, attempts to re-
             trieve any of the KERN_SHMINFO values will fail with EOPNOTSUPP.
             The third level names for the elements of struct shminfo are de-
             tailed below. The changeable column shows whether a process with
             appropriate privileges may change the value.

                   Third level name       Type       Changeable
                   KERN_SHMINFO_SHMALL    integer    yes
                   KERN_SHMINFO_SHMMAX    integer    yes
                   KERN_SHMINFO_SHMMIN    integer    yes
                   KERN_SHMINFO_SHMMNI    integer    yes
                   KERN_SHMINFO_SHMSEG    integer    yes

             The variables are as follows:

             KERN_SHMINFO_SHMALL
                     The maximum amount of total shared memory allowed in the
                     system (in pages).

             KERN_SHMINFO_SHMMAX
                     The maximum shared memory segment size (in bytes).

             KERN_SHMINFO_SHMMIN
                     The minimum shared memory segment size (in bytes).

             KERN_SHMINFO_SHMMNI
                     The maximum number of shared memory identifiers in the
                     system.

             KERN_SHMINFO_SHMSEG
                     The maximum number of shared memory segments per process.

     KERN_SOMAXCONN
             Upper bound on the number of half-open connections a process can
             allow to be associated with a socket, using listen(2). The de-
             fault value is 128.

     KERN_SOMINCONN
             Lower bound on the number of half-open connections a process can
             allow to be associated with a socket, using listen(2). The de-
             fault value is 80.

     KERN_SPLASSERT
             Modify the system interrupt priority level. Valid values are:

                   0    Disable error checking.
                   1    Print a message if an error is detected.
                   2    Print a message if an error is detected, and a stack
                        trace if possible.
                   3    The same as 2, but also drop into the kernel debugger.

             Any other value causes a system panic on errors. See splassert(9)
             for more information.

     KERN_STACKGAPRANDOM
             Sets the range of the random value added to the stack pointer on
             each program execution. The random value is added to make buffer
             overflow exploitation slightly harder. The bigger the number, the
             harder it is to brute force this added protection, but it also
             means bigger waste of memory.

     KERN_SYSVIPC_INFO
             Return System V style IPC configuration and run-time information.
             The third level name selects the System V style IPC facility.

                   Third level name            Type
                   KERN_SYSVIPC_MSG_INFO       struct msg_sysctl_info
                   KERN_SYSVIPC_SEM_INFO       struct sem_sysctl_info
                   KERN_SYSVIPC_SHM_INFO       struct shm_sysctl_info

             KERN_SYSVIPC_MSG_INFO
                     Return information on the System V style message facili-
                     ty. The msg_sysctl_info structure is defined in
                     <sys/msg.h>.

             KERN_SYSVIPC_SEM_INFO
                     Return information on the System V style semaphore facil-
                     ity. The sem_sysctl_info structure is defined in
                     <sys/sem.h>.

             KERN_SYSVIPC_SHM_INFO
                     Return information on the System V style shared memory
                     facility. The shm_sysctl_info structure is defined in
                     <sys/shm.h>.

     KERN_SYSVMSG
             Returns 1 if System V style message queue functionality is avail-
             able on this system, otherwise 0.

     KERN_SYSVSEM
             Returns 1 if System V style semaphore functionality is available
             on this system, otherwise 0.

     KERN_SYSVSHM
             Returns 1 if System V style shared memory functionality is avail-
             able on this system, otherwise 0.

     KERN_TTY
             Return statistics information about tty input/output. The third
             level names information is detailed below. The changeable column
             shows whether a process with appropriate privileges may change
             the value.

                   Third level name       Type         Changeable
                   KERN_TTY_INFO          struct itty  no
                   KERN_TTY_NPTYS         integer      no
                   KERN_TTY_MAXPTYS       integer      yes
                   KERN_TTY_TKCANCC       int64_t      no
                   KERN_TTY_TKNIN         int64_t      no
                   KERN_TTY_TKNOUT        int64_t      no
                   KERN_TTY_TKRAWCC       int64_t      no

             The variables are as follows:

             KERN_TTY_INFO
                     Returns an array of struct itty structures containing tty
                     statistics.

             KERN_TTY_MAXPTYS
                     The maximum number of pty(4) devices supported by the
                     kernel. This is the upper bound on KERN_TTY_NPTYS.

             KERN_TTY_NPTYS
                     The current number of pty(4) devices allocated by the
                     kernel.

             KERN_TTY_TKCANCC
                     Returns the number of input characters in canonical mode.

             KERN_TTY_TKNIN
                     Returns the number of input characters from a tty(4).

             KERN_TTY_TKNOUT
                     Returns the number of output characters on a tty(4).

             KERN_TTY_TKRAWCC
                     Returns the number of input characters in raw mode.

     KERN_TTYCOUNT
             Number of available tty(4) devices.

     KERN_USERASYMCRYPTO
             Permits userland to use /dev/crypto for cryptographic support for
             asymmetric (public) key operations via hardware cryptographic
             devices. KERN_USERCRYPTO (see below) must also be set.

     KERN_USERCRYPTO
             Permits userland to use /dev/crypto and /dev/tpm for cryptograph-
             ic support via hardware cryptographic devices.

     KERN_USERMOUNT
             Return non-zero if regular users can issue mount(2) requests. The
             default value is 0.

     KERN_VERSION
             The system version string.

     KERN_VNODE
             Return the entire vnode table. Note, the vnode table is not
             necessarily a consistent snapshot of the system. The returned
             data consists of an array whose size depends on the current
             number of such objects in the system. Each element of the array
             contains the kernel address of a vnode (struct vnode *) followed
             by the vnode itself (struct vnode).

     KERN_WATCHDOG
             Return information on hardware watchdog timers. If the kernel
             does not support a hardware watchdog timer, attempts to retrieve
             or set any of the KERN_WATCHDOG values will fail with EOPNOTSUPP.

                   Third level name        Type       Changeable
                   KERN_WATCHDOG_AUTO      integer    yes
                   KERN_WATCHDOG_PERIOD    integer    yes

             The variables are as follows:

             KERN_WATCHDOG_AUTO
                     If set to 1, the kernel refreshes the watchdog timer
                     periodically. If set to 0, a userland process must ensure
                     that the watchdog timer gets refreshed by setting the
                     KERN_WATCHDOG_PERIOD variable.

             KERN_WATCHDOG_PERIOD
                     The period of the watchdog timer in seconds. Set to 0 to
                     disable the watchdog timer.

CTL_MACHDEP

     The set of variables defined is architecture dependent. Most architec-
     tures define at least the following variables.

           Second level name    Type          Changeable
           CPU_CONSDEV          dev_t         no

CTL_NET

     The string and integer information available for the CTL_NET level is de-
     tailed below. The changeable column shows whether a process with ap-
     propriate privileges may change the value.

           Second level name          Type                   Changeable
           PF_ROUTE                   routing messages       no
           PF_INET                    IPv4 values            yes
           PF_INET6                   IPv6 values            yes
           PF_KEY                     key management         yes

     PF_ROUTE
             Return the entire routing table or a subset of it. The data is
             returned as a sequence of routing messages (see route(4) for the
             header file, format, and meaning). The length of each message is
             contained in the message header.

             The third level name is a protocol number, which is currently al-
             ways 0. The fourth level name is an address family, which may be
             set to 0 to select all address families. The fifth and sixth lev-
             el names are as follows:

                   Fifth level name          Sixth level is:
                   NET_RT_DUMP               None
                   NET_RT_FLAGS              rtflags
                   NET_RT_IFLIST             None

     PF_INET
             Get or set various global information about IPv4 (Internet
             Protocol version 4). The third level name is the protocol. The
             fourth level name is the variable name. The currently defined
             protocols and names are:

                   Protocol name    Variable name        Type       Changeable
                   ah               enable               integer    yes
                   bpf              bufsize              integer    yes
                   bpf              maxbufsize           integer    yes
                   carp             allow                integer    yes
                   carp             arpbalance           integer    yes
                   carp             log                  integer    yes
                   carp             preempt              integer    yes
                   esp              enable               integer    yes
                   esp              udpencap             integer    yes
                   esp              udpencap_port        integer    yes
                   etherip          allow                integer    yes
                   gre              allow                integer    yes
                   gre              wccp                 integer    yes
                   icmp             bmcastecho           integer    yes
                   icmp             errppslimit          integer    yes
                   icmp             maskrepl             integer    yes
                   icmp             rediraccept          integer    yes
                   icmp             redirtimeout         integer    yes
                   icmp             tstamprepl           integer    yes
                   ip               directed-broadcast   integer    yes
                   ip               encdebug             integer    yes
                   ip               forwarding           integer    yes
                   ip               ipsec-allocs         integer    yes
                   ip               ipsec-auth-alg       string     yes
                   ip               ipsec-bytes          integer    yes
                   ip               ipsec-comp-alg       string     yes
                   ip               ipsec-enc-alg        string     yes
                   ip               ipsec-expire-acquire integer    yes
                   ip               ipsec-firstuse       integer    yes
                   ip               ipsec-invalid-life   integer    yes
                   ip               ipsec-pfs            integer    yes
                   ip               ipsec-soft-allocs    integer    yes
                   ip               ipsec-soft-bytes     integer    yes
                   ip               ipsec-soft-firstuse  integer    yes
                   ip               ipsec-soft-timeout   integer    yes
                   ip               ipsec-timeout        integer    yes
                   ip               maxqueue             integer    yes
                   ip               mtudisc              integer    yes
                   ip               mtudisctimeout       integer    yes
                   ip               portfirst            integer    yes
                   ip               porthifirst          integer    yes
                   ip               porthilast           integer    yes
                   ip               portlast             integer    yes
                   ip               redirect             integer    yes
                   ip               sourceroute          integer    yes
                   ip               ttl                  integer    yes
                   ipcomp           enable               integer    yes
                   ipip             allow                integer    yes
                   mobileip         allow                integer    yes
                   tcp              ackonpush            integer    yes
                   tcp              baddynamic           array      yes
                   tcp              ecn                  integer    yes
                   tcp              ident                structure  no
                   tcp              keepidle             integer    yes
                   tcp              keepinittime         integer    yes
                   tcp              keepintvl            integer    yes
                   tcp              mssdflt              integer    yes
                   tcp              reasslimit           integer    yes
                   tcp              recvspace            integer    yes
                   tcp              rfc1323              integer    yes
                   tcp              rfc3390              integer    yes
                   tcp              rstppslimit          integer    yes
                   tcp              sack                 integer    yes
                   tcp              sendspace            integer    yes
                   tcp              slowhz               integer    no
                   tcp              synbucketlimit       integer    yes
                   tcp              syncachelimit        integer    yes
                   udp              baddynamic           array      yes
                   udp              checksum             integer    yes
                   udp              recvspace            integer    yes
                   udp              sendspace            integer    yes

             The variables are as follows:

             ah.enable
                     If set to 1, enable the Authentication Header (AH) IPsec
                     protocol. Enabled by default. See ipsec(4) for more in-
                     formation.

             bpf.bufsize
                     The initial size of bpf(4) buffers.

             bpf.maxbufsize
                     The maximum size a user may request a bpf(4) buffer to
                     be.

             carp.allow
                     If set to 0, incoming carp(4) packets will not be pro-
                     cessed. If set to any other value, processing will occur.
                     Enabled by default.

             carp.arpbalance
                     If set to any value other than 0, the ARP balancing func-
                     tionality of carp(4) is enabled. When ARP requests are
                     received for an IP address which is part of any virtual
                     host, carp will hash the source IP in the ARP request to
                     select one of the virtual hosts from the set of all the
                     virtual hosts which have that IP address. The master of
                     that host will respond with the correct virtual MAC ad-
                     dress. Disabled by default.

             carp.log
                     If set to any value other than 0, carp(4) will log er-
                     rors. Disabled by default.

             carp.preempt
                     If set to 0, carp(4) will not attempt to become master if
                     it is receiving advertisements from another active mas-
                     ter. If set to any other value, carp will become master
                     of the virtual host if it believes it can send advertise-
                     ments more frequently than the current master. Disabled
                     by default.

             esp.enable
                     If set to 1, enable the Encapsulating Security Payload
                     (ESP) IPsec protocol. Enabled by default. See ipsec(4)
                     for more information.

             esp.udpencap
                     If set to 1, enable processing of UDP encapsulated ESP
                     packets. Disabled by default.

             esp.udpencap_port
                     Contains the value of the UDP port that triggers decapsu-
                     lation for incoming UDP encapsulated ESP packets. The de-
                     fault port is 4500.

             etherip.allow
                     If set to 0, incoming Ethernet-in-IPv4 packets will not
                     be processed. If set to any other value, processing will
                     occur.

             gre.allow
                     If set to 0, incoming GRE packets will not be processed.
                     If set to any other value, processing will occur.

             gre.wccp
                     If set to 0, incoming WCCPv1-style GRE packets will not
                     be processed. If set to any other value, and gre.allow
                     allows GRE packet processing, WCCPv1-style GRE packets
                     will be processed.

             icmp.bmcastecho
                     If set to 1, respond to ICMP echo requests destined for
                     broadcast and multicast addresses. Note, enabling this
                     could open a system to a type of denial of service attack
                     called "smurfing", and is thus not advised.

             icmp.errppslimit
                     This variable specifies the maximum number of outgoing
                     ICMP error messages per second. ICMP error messages
                     exceeding this value are subject to rate limitation and
                     will not go out from the node. A negative value disables
                     rate limitation.

             icmp.maskrepl
                     Returns 1 if ICMP network mask requests are to be
                     answered.

             icmp.rediraccept
                     If set to non-zero, the host will accept ICMP redirect
                     packets. Note that routers will never accept ICMP
                     redirect packets, and the variable is meaningful on IP
                     hosts only.

             icmp.redirtimeout
                     This variable specifies the lifetime of routing entries
                     generated by incoming ICMP redirects. The default timeout
                     is 10 minutes.

             icmp.tstamprepl
                     If set to 1, reply to ICMP timestamp requests. If set to
                     0, ignore timestamp requests.

             ip.directed-broadcast
                     Returns 1 if directed broadcast behavior is enabled for
                     the host.

             ip.encdebug
                     Returns 1 when error message reporting is enabled for the
                     host. If the kernel has been compiled with the ENCDEBUG
                     option, then debugging information will also be reported
                     when this variable is set.

             ip.forwarding
                     If set to 1, then IP forwarding is enabled for the host,
                     indicating the host is acting as a router. If set to 2,
                     then IP forwarding is restricted to traffic that has been
                     IPsec encapsulated or decapsulated by the host. The de-
                     fault value is 0.

             ip.ipsec-allocs
                     The number of IPsec flows that can use a security associ-
                     ation before it expires. If set to less than or equal to
                     zero, the security association will not expire because of
                     this counter. The default value is 0.

             ip.ipsec-auth-alg
                     This is the default authentication algorithm the kernel
                     will instruct key management daemons to negotiate when
                     establishing security associations on behalf of the ker-
                     nel. Such security associations can occur as a result of
                     a process having requested some security level through
                     setsockopt(2), or as a result of dynamic vpn(8) entries.
                     Supported values are hmac-md5, hmac-sha1, and hmac-
                     ripemd160. If set to any other value, it is left to the
                     key management daemons to select an authentication algo-
                     rithm for the security association. The default value is
                     hmac-sha1.

             ip.ipsec-bytes
                     The number of bytes that will be processed by a security
                     association before it expires. If set to less than or
                     equal to zero, the security association will not expire
                     because of this counter. The default value is 0.

             ip.ipsec-comp-alg
                     The compression algorithm to use with an IP Compression
                     Association (IPCA). Possible values are "deflate" and
                     "lzs". Note that lzs is only available with hifn(4). See
                     ipsecadm(8) for more information.

             ip.ipsec-enc-alg
                     This is the default encryption algorithm the kernel will
                     instruct key management daemons to negotiate when estab-
                     lishing security associations on behalf of the kernel.
                     Such security associations can occur as a result of a
                     process having requested some security level through
                     setsockopt(2), or as a result of dynamic vpn(8) entries.
                     Supported values are aes, des, 3des, blowfish, cast128,
                     and skipjack. If set to any other value, it is left to
                     the key management daemons to select an encryption algo-
                     rithm for the security association. The default value is
                     aes.

             ip.ipsec-expire-acquire
                     How long the kernel should allow key management to dynam-
                     ically acquire security associations before re-sending a
                     request. The default value is 30 seconds.

             ip.ipsec-firstuse
                     The number of seconds after a security association is
                     first used before it expires. If set to less than or
                     equal to zero, the security association will not expire
                     because of this timer. The default value is 7200 seconds.

             ip.ipsec-invalid-life
                     The lifetime of embryonic Security Associations (SAs that
                     key management daemons have reserved but not fully esta-
                     blished yet) in seconds. If set to less than or equal to
                     zero, embryonic SAs will not expire. The default value is
                     60.

             ip.ipsec-pfs
                     If set to any non-zero value, the kernel will ask the key
                     management daemons to use Perfect Forward Secrecy when
                     establishing IPsec Security Associations. Perfect Forward
                     Secrecy makes IPsec Security Associations cryptographi-
                     cally distinct from each other, such that breaking the
                     key for one such SA does not compromise any others. Re-
                     quiring PFS for every security association significantly
                     increases the computational load of isakmpd(8) exchanges.
                     The default value is 1.

             ip.ipsec-soft-allocs
                     The number of IPsec flows that can use a security associ-
                     ation before a message is sent by the kernel to key
                     management for renegotiation of the security association.
                     If set to less than or equal to zero, no message is sent
                     to key management. The default value is 0.

             ip.ipsec-soft-bytes
                     The number of bytes that will be processed by a security
                     association before a message is sent by the kernel to key
                     management for renegotiation of the security association.
                     If set to less than or equal to zero, no message is sent
                     to key management. The default value is 0.

             ip.ipsec-soft-firstuse
                     The number of seconds after a security association is
                     first used before a message is sent by the kernel to key
                     management for renegotiation of the security association.
                     If set to less than or equal to zero, no message is sent
                     to key management. The default value is 3600 seconds.

             ip.ipsec-soft-timeout
                     The number of seconds after a security association is es-
                     tablished before a message is sent by the kernel to key
                     management for renegotiation of the security association.
                     If set to less than or equal to zero, no message is sent
                     to key management. The default value is 80000 seconds.

             ip.ipsec-timeout
                     The number of seconds after a security association is es-
                     tablished before it will expire. If set to less than or
                     equal to zero, the security association will not expire
                     because of this timer. The default value is 86400
                     seconds.

             ip.maxqueue
                     Fragment flood protection. Sets the maximum number of
                     unassembled IP fragments in the fragment queue.

             ip.mtudisc
                     Returns 1 if Path MTU Discovery is enabled.

             ip.mtudisctimeout
                     Returns the number of seconds in which a route added by
                     the Path MTU Discovery engine will time out. When the
                     route times out, the Path MTU Discovery engine will at-
                     tempt to probe a larger path MTU.

             ip.portfirst
                     Minimum registered port number for TCP/UDP port alloca-
                     tion. Registered ports can be used by ordinary user
                     processes or programs executed by ordinary users. Cannot
                     be less than 1024 or greater than 49151. Must be less
                     than ip.portlast.

             ip.porthifirst
                     Minimum dynamic/private port number for TCP/UDP port al-
                     location. Dynamic/private ports can be used by ordinary
                     user processes or programs executed by ordinary users.
                     Cannot be less than 49152 or greater than 65535. Must be
                     less than ip.porthilast.

             ip.porthilast
                     Maximum dynamic/private port number for TCP/UDP port al-
                     location. Dynamic/private ports can be used by ordinary
                     user processes or programs executed by ordinary users.
                     Cannot be less than 49152 or greater than 65535. Must be
                     greater than ip.porthifirst.

             ip.portlast
                     Maximum registered port number for TCP/UDP port alloca-
                     tion. Registered ports can be used by ordinary user
                     processes or programs executed by ordinary users. Cannot
                     be less than 1024 or greater than 49151. Must be greater
                     than ip.portfirst.

             ip.redirect
                     Returns 1 when ICMP redirects may be sent by the host.
                     This option is ignored unless the host is routing IP
                     packets, and should normally be enabled on all systems.

             ip.sourceroute
                     Returns 1 when forwarding of source-routed packets is en-
                     abled for the host. As detailed in securelevel(7), this
                     variable may not be changed if the securelevel is > 0.

             ip.ttl  The maximum time-to-live (hop count) value for an IP
                     packet sourced by the system. This value applies to nor-
                     mal transport protocols, not to ICMP.

             ipcomp.enable
                     Enable the IPComp protocol. See ipsecadm(8) for more in-
                     formation.

             ipip.allow
                     If set to 0, incoming IP-in-IP packets will not be pro-
                     cessed. If set to any other value, processing will occur;
                     furthermore, if set to 2, no checks for spoofing of loop-
                     back addresses will be done. This is useful only for de-
                     bugging purposes, and should never be used in production
                     systems.

             mobileip.allow
                     If set to 0, incoming MobileIP encapsulated packets (RFC
                     2004) will not be processed. If set to any other value,
                     processing will occur.

             tcp.ackonpush
                     Returns 1 if TCP segments with the TH_PUSH flag set are
                     being acknowledged immediately, otherwise 0.

             tcp.baddynamic
                     An array of in_port_t is returned specifying the bitmask
                     of TCP ports between 512 and 1023 inclusive that should
                     not be allocated dynamically by the kernel (i.e., they
                     must be bound specifically by port number).

             tcp.ecn
                     Returns 1 if Explicit Congestion Notifications for TCP
                     are enabled.

             tcp.ident
                     A struct tcp_ident_mapping specifying a local and foreign
                     endpoint of a TCP socket is filled in with the effective
                     and real UIDs of the process that owns the socket. If no
                     such socket exists, then the effective and real UID
                     values are both set to -1.

             tcp.keepidle
                     If the socket option SO_KEEPALIVE has been set on a sock-
                     et, then this value specifies how much time a connection
                     needs to be idle before keepalives are sent. See also
                     tcp.slowhz.

             tcp.keepinittime
                     Unused.

             tcp.keepintvl
                     Time after a keepalive probe is sent until, in the ab-
                     sence of any response, another probe is sent. See also
                     tcp.slowhz.

             tcp.mssdflt
                     The maximum segment size that is used as default for
                     non-local connections. The default value is 512.

             tcp.reasslimit
                     The maximum number of out-of-order TCP segments the sys-
                     tem will store for reassembly.

             tcp.recvspace
                     Returns the default TCP receive buffer size.

             tcp.rfc1323
                     Returns 1 if RFC 1323 extensions to TCP are enabled.

             tcp.rfc3390
                     Returns 1 if the TCP Initial Window is increased, as
                     specified in RFC 3390.

             tcp.rstppslimit
                     This variable specifies the maximum number of outgoing
                     TCP RST packets per second. TCP RST packets exceeding
                     this value are subject to rate limitation and will not go
                     out from the node. A negative value disables rate limita-
                     tion.

             tcp.sack
                     Returns 1 if RFC 2018 Selective Acknowledgements are en-
                     abled.

             tcp.sendspace
                     Returns the default TCP send buffer size.

             tcp.slowhz
                     The units for tcp.keepidle and tcp.keepintvl; those vari-
                     ables are in ticks of a clock that ticks tcp.slowhz times
                     per second. (That is, their values must be divided by the
                     tcp.slowhz value to get times in seconds.)

             tcp.synbucketlimit
                     The maximum number of entries allowed per hash bucket in
                     the TCP SYN cache.

             tcp.syncachelimit
                     The maximum number of entries allowed in the TCP SYN
                     cache.

             udp.baddynamic
                     Analogous to tcp.baddynamic but for UDP sockets.

             udp.checksum
                     Returns 1 when UDP checksums are being computed and
                     checked. Disabling UDP checksums is strongly discouraged.

             udp.recvspace
                     Returns the default UDP receive buffer size.

             udp.sendspace
                     Returns the default UDP send buffer size.

     PF_INET6
             Get or set various global information about IPv6 (Internet
             Protocol version 6). The third level name is the protocol. The
             fourth level name is the variable name. The currently defined
             protocols and names are:

                   Protocol name    Variable name      Type       Changeable
                   icmp6            errppslimit        integer    yes
                   icmp6            mtudisc_hiwat      integer    yes
                   icmp6            mtudisc_lowat      integer    yes
                   icmp6            nd6_debug          integer    yes
                   icmp6            nd6_delay          integer    yes
                   icmp6            nd6_maxnudhint     integer    yes
                   icmp6            nd6_mmaxtries      integer    yes
                   icmp6            nd6_prune          integer    yes
                   icmp6            nd6_umaxtries      integer    yes
                   icmp6            nd6_useloopback    integer    yes
                   icmp6            nodeinfo           integer    yes
                   icmp6            rediraccept        integer    yes
                   icmp6            redirtimeout       integer    yes
                   ip6              accept_rtadv       integer    yes
                   ip6              auto_flowlabel     integer    yes
                   ip6              dad_count          integer    yes
                   ip6              defmcasthlim       integer    yes
                   ip6              forwarding         integer    yes
                   ip6              hdrnestlimit       integer    yes
                   ip6              hlim               integer    yes
                   ip6              kame_version       string     no
                   ip6              keepfaith          integer    yes
                   ip6              log_interval       integer    yes
                   ip6              maxfragpackets     integer    yes
                   ip6              maxfrags           integer    yes
                   ip6              redirect           integer    yes
                   ip6              rr_prune           integer    yes
                   ip6              use_deprecated     integer    yes
                   ip6              v6only             integer    no

             The variables are as follows:

             icmp6.errppslimit
                     This variable specifies the maximum number of outgoing
                     ICMPv6 error messages per second. ICMPv6 error messages
                     exceeding this value are subject to rate limitation and
                     will not go out from the node. A negative value will dis-
                     able the rate limitation.

             icmp6.mtudisc_hiwat
             icmp6.mtudisc_lowat
                     These variables define the maximum number of routing
                     table entries created due to path MTU discovery
                     (preventing denial-of-service attacks with ICMPv6 too big
                     messages). After IPv6 path MTU discovery happens, path
                     MTU information is kept in the routing table. If the
                     number of routing table entries exceeds this value, the
                     kernel will not attempt to keep the path MTU information.
                     icmp6.mtudisc_hiwat is used when we have verified ICMPv6
                     too big messages. icmp6.mtudisc_lowat is used when we
                     have unverified ICMPv6 too big messages. Verification is
                     performed by using address/port pairs kept in connected
                     PCBs. A negative value disables the upper limit.

             icmp6.nd6_debug
                     If set to non-zero, IPv6 neighbor discovery will generate
                     debugging messages. The debug output is useful for diag-
                     nosing IPv6 interoperability issues. The flag must be set
                     to 0 for normal operation.

             icmp6.nd6_delay
                     This variable specifies the DELAY_FIRST_PROBE_TIME timing
                     constant in IPv6 neighbor discovery specification (RFC
                     2461), in seconds.

             icmp6.nd6_maxnudhint
                     IPv6 neighbor discovery permits upper layer protocols to
                     supply reachability hints, to avoid unnecessary neighbor
                     discovery exchanges. This variable defines the number of
                     consecutive hints the neighbor discovery layer will take.
                     For example, by setting the variable to 3, neighbor
                     discovery will take a maximum of 3 consecutive hints.
                     After receiving 3 hints, the neighbor discovery layer
                     will instead perform the normal neighbor discovery pro-
                     cess.

             icmp6.nd6_mmaxtries
                     This variable specifies the MAX_MULTICAST_SOLICIT con-
                     stant in IPv6 neighbor discovery specification (RFC
                     2461).

             icmp6.nd6_prune
                     This variable specifies the interval between IPv6 neigh-
                     bor cache babysitting in seconds.

             icmp6.nd6_umaxtries
                     This variable specifies the MAX_UNICAST_SOLICIT constant
                     in IPv6 neighbor discovery specification (RFC 2461).

             icmp6.nd6_useloopback
                     If set to non-zero, IPv6 will use the loopback interface
                     for local traffic.

             icmp6.nodeinfo
                     This variable enables responses to ICMPv6 node informa-
                     tion queries. If set to 0, responses will not be generat-
                     ed for ICMPv6 node information queries. Since node infor-
                     mation queries can have a security impact, it is possible
                     to fine tune which responses should be answered. Two
                     separate bits can be set:

                           1    Respond to ICMPv6 FQDN queries, e.g. ping6 -w.

                           2    Respond to ICMPv6 node addresses queries, e.g.
                                ping6 -a.

             icmp6.rediraccept
                     If set to non-zero, the host will accept ICMPv6 redirect
                     packets. Note that IPv6 routers will never accept ICMPv6
                     redirect packets, so the variable is only meaningful on
                     IPv6 hosts, not on routers.

             icmp6.redirtimeout
                     The variable specifies the lifetime of routing entries
                     generated by incoming ICMPv6 redirects.

             ip6.accept_rtadv
                     If set to non-zero, the node will accept ICMPv6 router
                     advertisement packets and autoconfigures address prefixes
                     and default routers. The node must be a host (not a
                     router) for the option to be meaningful (see
                     ip6.forwarding).

             ip6.auto_flowlabel
                     On connected transport protocol packets, fill the IPv6
                     flowlabel field to help intermediate routers identify
                     packet flows.

             ip6.dad_count
                     This variable configures the number of IPv6 DAD
                     (duplicated address detection) probe packets. These pack-
                     ets are generated when IPv6 interfaces are first brought
                     up.

             ip6.defmcasthlim
                     The default hop limit value for an IPv6 multicast packet
                     sourced by the node. This value applies to all the tran-
                     sport protocols on top of IPv6. Methods for overriding
                     this value are documented in ip6(4).

             ip6.forwarding
                     Returns 1 when IPv6 forwarding is enabled for the node,
                     meaning that the node is acting as a router. Returns 0
                     when IPv6 forwarding is disabled for the node, meaning
                     that the node is acting as a host. Note that IPv6 defines
                     node behavior for the "router" and "host" cases quite
                     differently, and changing this variable during operation
                     may cause serious trouble. Hence, this variable should
                     only be set at bootstrap time.

             ip6.hdrnestlimit
                     The number of IPv6 extension headers permitted on incom-
                     ing IPv6 packets. If set to 0, the node will accept as
                     many extension headers as possible.

             ip6.hlim
                     The default hop limit value for an IPv6 unicast packet
                     sourced by the node. This value applies to all the tran-
                     sport protocols on top of IPv6. Methods for overriding
                     this value are documented in ip6(4).

             ip6.kame_version
                     This string identifies the version of the KAME IPv6 stack
                     implemented in the kernel.

             ip6.keepfaith
                     If set to non-zero, enables the "FAITH" TCP relay IPv6-
                     to-IPv4 translator code in the kernel. Refer to faith(4)
                     and faithd(8) for more details.

             ip6.log_interval
                     This variable permits adjusting the amount of logs gen-
                     erated by the IPv6 packet forwarding engine. The value
                     indicates the number of seconds of interval which must
                     elapse between log output.

             ip6.maxfragpackets
                     The maximum number of fragmented packets the node will
                     accept. 0 means that the node will not accept any frag-
                     mented packets. -1 means that the node will accept as
                     many fragmented packets as it receives. The flag is pro-
                     vided basically for avoiding possible DoS attacks.

             ip6.maxfrags
                     The maximum number of fragments the node will accept. 0
                     means that the node will not accept any fragments. -1
                     means that the node will accept as many fragments as it
                     receives. The flag is provided basically for avoiding
                     possible DoS attacks.

             ip6.redirect
                     Returns 1 when ICMPv6 redirects may be sent by the node.
                     This option is ignored unless the node is routing IP
                     packets, and should normally be enabled on all systems.

             ip6.rr_prune
                     This variable specifies the interval between IPv6 router
                     renumbering prefix babysitting in seconds.

             ip6.use_deprecated
                     This variable controls the use of deprecated addresses,
                     specified in RFC 2462 5.5.4.

             ip6.v6only
                     The variable specifies the initial value for the
                     IPV6_V6ONLY socket option for an AF_INET6 socket. It is
                     always 1 for OpenBSD.

             We reuse net.inet.tcp and net.inet.udp for TCP/UDP over IPv6.

CTL_USER

     The string and integer information available for the CTL_USER level is
     detailed below. The changeable column shows whether a process with ap-
     propriate privileges may change the value.

           Second level name           Type          Changeable
           USER_BC_BASE_MAX            integer       no
           USER_BC_DIM_MAX             integer       no
           USER_BC_SCALE_MAX           integer       no
           USER_BC_STRING_MAX          integer       no
           USER_COLL_WEIGHTS_MAX       integer       no
           USER_CS_PATH                string        no
           USER_EXPR_NEST_MAX          integer       no
           USER_LINE_MAX               integer       no
           USER_POSIX2_C_BIND          integer       no
           USER_POSIX2_C_DEV           integer       no
           USER_POSIX2_CHAR_TERM       integer       no
           USER_POSIX2_FORT_DEV        integer       no
           USER_POSIX2_FORT_RUN        integer       no
           USER_POSIX2_LOCALEDEF       integer       no
           USER_POSIX2_SW_DEV          integer       no
           USER_POSIX2_UPE             integer       no
           USER_POSIX2_VERSION         integer       no
           USER_RE_DUP_MAX             integer       no
           USER_STREAM_MAX             integer       no
           USER_TZNAME_MAX             integer       no

     USER_BC_BASE_MAX
             The maximum ibase/obase values in the bc(1) utility.

     USER_BC_DIM_MAX
             The maximum array size in the bc(1) utility.

     USER_BC_SCALE_MAX
             The maximum scale value in the bc(1) utility.

     USER_BC_STRING_MAX
             The maximum string length in the bc(1) utility.

     USER_COLL_WEIGHTS_MAX
             The maximum number of weights that can be assigned to any entry
             of the LC_COLLATE order keyword in the locale definition file.

     USER_CS_PATH
             Return a value for the PATH environment variable that finds all
             the standard utilities.

     USER_EXPR_NEST_MAX
             The maximum number of expressions that can be nested within
             parentheses by the expr(1) utility.

     USER_LINE_MAX
             The maximum length in bytes of a text-processing utility's input
             line.

     USER_POSIX2_C_BIND
             Return 1 if the system's C-language development facilities sup-
             port the C-Language Bindings Option, otherwise 0.

     USER_POSIX2_C_DEV
             Return 1 if the system supports the C-Language Development Utili-
             ties Option, otherwise 0.

     USER_POSIX2_CHAR_TERM
             Return 1 if the system supports at least one terminal type capa-
             ble of all operations described in POSIX 1003.2, otherwise 0.

     USER_POSIX2_FORT_DEV
             Return 1 if the system supports the FORTRAN Development Utilities
             Option, otherwise 0.

     USER_POSIX2_FORT_RUN
             Return 1 if the system supports the FORTRAN Runtime Utilities Op-
             tion, otherwise 0.

     USER_POSIX2_LOCALEDEF
             Return 1 if the system supports the creation of locales, other-
             wise 0.

     USER_POSIX2_SW_DEV
             Return 1 if the system supports the Software Development Utili-
             ties Option, otherwise 0.

     USER_POSIX2_UPE
             Return 1 if the system supports the User Portability Utilities
             Option, otherwise 0.

     USER_POSIX2_VERSION
             The version of POSIX 1003.2 with which the system attempts to
             comply.

     USER_RE_DUP_MAX
             The maximum number of repeated occurrences of a regular expres-
             sion permitted when using interval notation.

     USER_STREAM_MAX
             The maximum number of streams that a process may have open at any
             one time.

     USER_TZNAME_MAX
             The minimum maximum number of types supported for the name of a
             timezone.

CTL_VFS

     The string and integer information available for the CTL_VFS level is de-
     tailed below. The changeable column shows whether a process with ap-
     propriate privileges may change the value.

           Second level name          Type                 Changeable
           VFS_GENERIC                VM generic info      no
           filesystem #               filesystem info      no

     VFS_GENERIC
             This second level identifier requests generic information about
             the VFS layer. Within it, the following third level identifiers
             exist:

                   Third level name          Type                 Changeable
                   VFS_CONF                  struct vfsconf       no
                   VFS_MAXTYPENUM            int                  no

     filesystem #
             After finding the filesystem dependent vfc_typenum using
             VFS_GENERIC with VFS_CONF, it is possible to access filesystem
             dependent information.

             Some filesystems may contain settings.

                     ffs

                     Third level name        Type                  Changeable
                     FFS_ASYNCFREE           integer               yes
                     FFS_CLUSTERREAD         integer               yes
                     FFS_CLUSTERWRITE        integer               yes
                     FFS_DIRHASH_DIRSIZE     integer               yes
                     FFS_DIRHASH_MAXMEM      integer               yes
                     FFS_DIRHASH_MEM         integer               no
                     FFS_MAXSOFTDEPS         integer               yes
                     FFS_REALLOCBLOCKS       integer               yes
                     FFS_SD_BLK_LIMIT_HIT    integer               yes
                     FFS_SD_BLK_LIMIT_PUSH   integer               yes
                     FFS_SD_DIR_ENTRY        integer               yes
                     FFS_SD_DIRECT_BLK_PTRS  integer               yes
                     FFS_SD_INDR_BLK_PTRS    integer               yes
                     FFS_SD_INO_LIMIT_HIT    integer               yes
                     FFS_SD_INO_LIMIT_PUSH   integer               yes
                     FFS_SD_INODE_BITMAP     integer               yes
                     FFS_SD_SYNC_LIMIT_HIT   integer               yes
                     FFS_SD_TICKDELAY        integer               yes
                     FFS_SD_WORKLIST_PUSH    integer               yes

                  FFS_CLUSTERREAD
                          Enable combining multiple reads into one request to
                          improve performance.

                  FFS_CLUSTERWRITE
                          Enable combining multiple writes into one request.

                  FFS_DIRHASH_DIRSIZE
                          The minimum size of a directory, in bytes, before it
                          is considered for hashing.

                  FFS_DIRHASH_MAXMEM
                          The maximum amount of memory, in bytes, to be used
                          for storing directory hashes.

                  FFS_DIRHASH_MEM
                          The amount of memory currently used by all directory
                          hashes.

                  FFS_REALLOCBLOCKS
                          When enabled, the kernel will attempt to relocate
                          growing files so that they are contiguous on disk,
                          reducing fragmentation.

                     nfs

                     Third level name       Type                 Changeable
                     NFS_NFSSTATS           struct nfsstats      yes
                     NFS_NIOTHREADS         int                  yes

CTL_VM

     The string and integer information available for the CTL_VM level is de-
     tailed below. The changeable column shows whether a process with ap-
     propriate privileges may change the value.

           Second level name          Type                 Changeable
           VM_ANONMIN                 integer              yes
           VM_LOADAVG                 struct loadavg       no
           VM_MAXSLP                  integer              no
           VM_METER                   struct vmtotal       no
           VM_NKMEMPAGES              integer              no
           VM_PSSTRINGS               struct psstrings     no
           VM_SWAPENCRYPT             swap encrypt values  yes
           VM_USPACE                  integer              no
           VM_UVMEXP                  struct uvmexp        no
           VM_VNODEMIN                integer              yes
           VM_VTEXTMIN                integer              yes

     VM_ANONMIN
             Percentage of physical memory available for pages which contain
             anonymous mapping.

     VM_LOADAVG
             Return the load average history. The returned data consists of a
             struct loadavg.

     VM_MAXSLP
             The time for a process to be blocked before being swappable, in
             seconds.

     VM_METER
             Return the system wide virtual memory statistics. The returned
             data consists of a struct vmtotal.

     VM_NKMEMPAGES
             Number of pages in kmem_map.

     VM_PSSTRINGS
             Returns the address of the process struct ps_strings. The ps(1)
             program uses it to locate the argument and environment strings.

     VM_SWAPENCRYPT
             Contains statistics about swap encryption. The string and integer
             information available for the third level is detailed below.

                   Third level name          Type                 Changeable
                   SWPENC_CREATED            integer              no
                   SWPENC_DELETED            integer              no
                   SWPENC_ENABLE             integer              yes

             SWPENC_CREATED
                     The number of encryption keys that have been randomly
                     created. The swap partition is divided into sections of
                     normally 512KB. Each section has its own encryption key.

             SWPENC_DELETED
                     The number of encryption keys that have been deleted,
                     thus effectively erasing the data that has been encrypted
                     with them. Encryption keys are deleted when their refer-
                     ence counter reaches zero.

             SWPENC_ENABLE
                     Set to 1 to enable swap encryption for all processes. A 0
                     disables swap encryption. Pages still on swap receive a
                     grandfather clause. Turning this option on does not af-
                     fect legacy swap data already on the disk, but all newly
                     written data will be encrypted. When swap encryption is
                     turned on, automatic crash(8) dumps are disabled.

     VM_USPACE
             The number of bytes allocated for each kernel stack.

     VM_UVMEXP
             Contains statistics about the UVM memory management system.

     VM_VNODEMIN
             Percentage of physical memory available for pages which contain
             cached file data.

     VM_VTEXTMIN
             Percentage of physical memory available for pages which contain
             cached executable data.

RETURN VALUES

     If the call to sysctl() is unsuccessful, -1 is returned and errno is set
     appropriately.

FILES

     <sys/sysctl.h>            definitions for top level identifiers, second
                               level kernel and hardware identifiers, and user
                               level identifiers
     <sys/socket.h>            definitions for second level network identif-
                               iers
     <ufs/ffs/ffs_extern.h>    definitions for third level virtual file system
                               identifiers (ffs)
     <nfs/nfs.h>               definitions for third level virtual file system
                               identifiers (nfs)
     <uvm/uvm_param.h>         definitions for second level virtual memory
                               identifiers
     <uvm/uvm_swap_encrypt.h>  definitions for third level virtual memory
                               identifiers
     <netinet/in.h>            definitions for third level IPv4/v6 identifiers
                               and fourth level IP and IPv6 identifiers
     <netinet/icmp_var.h>      definitions for fourth level ICMP identifiers
     <netinet/icmp6.h>         definitions for fourth level ICMPv6 identifiers
     <netinet/tcp_var.h>       definitions for fourth level TCP identifiers
     <netinet/udp_var.h>       definitions for fourth level UDP identifiers

ERRORS

     The following errors may be reported:

     [EFAULT]      The buffer name, oldp, newp, or length pointer oldlenp con-
                   tains an invalid address.

     [EINVAL]      The name array is less than two or greater than
                   CTL_MAXNAME.

     [EINVAL]      A non-null newp pointer is given and its specified length
                   in newlen is too large or too small.

     [ENOMEM]      The length pointed to by oldlenp is too short to hold the
                   requested value.

     [ENOTDIR]     The name array specifies an intermediate rather than termi-
                   nal name.

     [EOPNOTSUPP]  The name array specifies a value that is unknown.

     [EPERM]       An attempt is made to set a read-only value.

     [EPERM]       A process without appropriate privileges attempts to set a
                   value.

     [EPERM]       An attempt to change a value protected by the current ker-
                   nel security level is made.

SEE ALSO

     pathconf(2), sysconf(3), ddb(4), sysctl.conf(5), securelevel(7),
     compat_linux(8), compat_openbsd(8), sysctl(8)

HISTORY

     The sysctl() function first appeared in 4.4BSD.

MirOS BSD #10-current            May 20, 2012                               27

Generated on 2014-04-02 20:57:59 by $MirOS: src/scripts/roff2htm,v 1.79 2014/02/10 00:36:11 tg Exp $

These manual pages and other documentation are copyrighted by their respective writers; their source is available at our CVSweb, AnonCVS, and other mirrors. The rest is Copyright © 2002‒2014 The MirOS Project, Germany.
This product includes material provided by Thorsten Glaser.

This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report – diffs preferred.