1# $FreeBSD$ 2--- 3debug.disablecwd 4bool 5 6Determines whether or not the 7.Xr getwcd 3 8system call should be allowed. 9 10--- 11debug.disablefullpath 12bool 13 14Determines whether or not the 15.Fn vn_fullpath 16function may be used. 17 18--- 19debug.dobkgrdwrite 20bool 21 22Determines if background writes should be performed. 23 24--- 25debug.hashstat.nchash 26struct 27 28Displays nchash chain lengths. This is a read-only 29variable. 30 31--- 32debug.hashstat.rawnchash 33 34--- 35debug.ieee80211 36bool 37 38This 39.Nm 40allows you to enable or disable debugging for 802.11 devices. 41 42--- 43debug.kdb.available 44variable 45 46Used to retrieve a list of currently available debugger backends. 47 48--- 49debug.kdb.current 50variable 51 52Allows for the selection of the debugger backend 53which is used to handle debugger requests. 54 55--- 56debug.kdb.enter 57variable 58 59When written to, the system should break to the debugger. 60 61--- 62debug.malloc.failure_count 63bool 64 65Number of times a coerced malloc failure has occurred as a 66result of 67.Va debug.malloc.failure_rate . 68Useful for tracking what might have happened 69and whether failures are being generated. 70 71--- 72debug.malloc.failure_rate 73bool 74 75Debugging feature causing 76.Dv M_NOWAIT 77allocations to fail at a specified rate. 78How often to generate a failure: if set to 0 (default), this 79feature is disabled. 80In other words if set to 10 (one in ten 81.Xr malloc 3 82calls will fail). 83 84--- 85debug.rman_debug 86bool 87 88This 89.Nm 90allows you to enable or disable debugging for 91.Xr rman 9 , 92the 93.Fx 94resource manager. 95 96--- 97debug.sizeof.bio 98 99--- 100debug.sizeof.buf 101 102--- 103debug.sizeof.cdev 104 105--- 106debug.sizeof.devstat 107 108--- 109debug.sizeof.kinfo_proc 110 111--- 112debug.sizeof.proc 113 114--- 115debug.sizeof.vnode 116 117--- 118debug.vnlru_nowhere 119 120--- 121hw.acpi.cpu.current_speed 122bool 123 124Display the current CPU speed. 125This is adjustable, but doing so is not recommended. 126 127--- 128hw.acpi.cpu.max_speed 129int 130 131Allows you to change the stepping for processor speed 132on machines which support 133.Xr acpi 4 . 134 135--- 136hw.acpi.disable_on_poweroff 137bool 138 139Some systems using 140.Xr acpi 4 141have problems powering off when shutting down with 142.Xr acpi 4 143enabled. This 144.Nm 145disables 146.Xr acpi 4 147when rebooting and shutting down. 148 149--- 150hw.acpi.s4bios 151bool 152 153This 154.Nm 155determines whether or not the S4BIOS sleep implementation 156should be used. 157 158--- 159hw.acpi.sleep_delay 160int 161 162Set the sleep delay for 163.Xr acpi 4 . 164 165--- 166hw.acpi.supported_sleep_state 167bool 168 169List supported 170.Tn ACPI 171sleep states 172 173--- 174hw.acpi.thermal.min_runtime 175 176--- 177hw.acpi.thermal.polling_rate 178int 179 180The interval in seconds that should be used to check 181the current system temperature. 182 183--- 184hw.acpi.thermal.tz0.temperature 185str 186 187Displays the current temperature. 188This is a read-only variable. 189 190--- 191hw.acpi.thermal.tz0.thermal_flags 192 193--- 194hw.acpi.verbose 195bool 196 197Determines whether or not 198.Xr acpi 4 199should be verbose. 200 201--- 202hw.ata.ata_dma 203bool 204 205Allows the enabling and disabling of DMA for 206ATA devices. 207 208--- 209hw.ata.atapi_dma 210bool 211 212Allows the enabling and disabling of DMA for 213atapi devices, such as CD-ROM drives. 214 215--- 216hw.ata.tags 217bool 218 219An experimental feature for IDE hard drives which 220allows write caching to be turned on. 221Please read the 222.Xr tuning 7 223manual page carefully before using this. 224 225--- 226hw.ata.wc 227bool 228 229Determines whether or not IDE write caching should 230be turned on or off. 231See 232.Xr tuning 7 233for more information. 234 235--- 236hw.bus.devices 237 238--- 239hw.bus.info 240int 241 242This is an internally used function that returns 243the kernel bus interface version. 244 245--- 246hw.bus.rman 247 248--- 249hw.busdmafree_bpages 250 251--- 252hw.busdma.reserved_bpages 253 254--- 255hw.busdma.active_bpages 256 257--- 258hw.busdma.total_bpages 259 260--- 261hw.busdma.total_bounced 262 263--- 264hw.busdma.total_deferred 265 266--- 267hw.byteorder 268int 269 270Returns the system byte order. 271This is a read-only variable. 272 273--- 274hw.cardbus.cis_debug 275 276--- 277hw.cardbus.debug 278 279--- 280hw.cbb.debug 281 282--- 283hw.cbb.start_16_io 284 285--- 286hw.cbb.start_32_io 287 288--- 289hw.cbb.start_memory 290 291--- 292hw.floatingpoint 293bool 294 295Reports true if the machine has a floating point processor. 296This is a read-only variable. 297 298--- 299hw.fxp0.bundle_max 300int 301 302Controls the receive interrupt microcode bundle size limit 303for the 304.Xr fxp 4 305device. 306 307--- 308hw.fxp0.int_delay 309int 310 311Controls the receive interrupt microcode bundling delay 312for the 313.Xr fxp 4 314device. 315 316--- 317hw.fxp_noflow 318bool 319 320Disables flow control support on 321.Xr fxp 4 322cards. 323When flow control is enabled, and if the operating system 324does not acknowledge the packet buffer filling, 325the card will begin to generate Ethernet quench 326packets, but appears to get into a feedback 327loop of some sort, hosing local switches. 328This is a workaround for this issue. 329 330--- 331hw.fxp_rnr 332int 333 334Set the amount of times that a no-resource 335condition may occur before the 336.Xr fxp 4 337device may restart. 338 339--- 340hw.instruction_sse 341bool 342 343Returns true if SSE support is enabled in the kernel. 344This is a read-only variable. 345 346--- 347hw.intrcnt 348bool 349 350Displays a list of interrupt counters. 351This is a read-only variable. 352 353--- 354hw.intrnames 355str 356 357Displays a list of zero-terminated interrupt 358names. This is a read-only variable. 359 360--- 361hw.kbd.keymap_restrict_change 362bool 363 364This sysctl acts as a sort of secure-level, allowing 365control of the console keymap. 366Giving this a value of 1 means that only the 367root user can change restricted keys 368(like boot, panic...). 369A value of 2 means that only root 370can change restricted keys and regular keys. 371Regular users still can change accents and function keys. 372A value of 3 means only root can change restricted, 373regular and accent keys, while a value of 4 means that 374no changes to the keymap are 375allowed by anyone other than the root user. 376 377--- 378hw.machine 379str 380 381Displays the machine class. 382This is a read-only variable. 383 384--- 385hw.machine_arch 386str 387 388Displays the current architecture. 389This is a read-only variable. 390 391--- 392hw.model 393str 394 395Displays the model information of the current running hardware. 396This is a read-only variable. 397 398--- 399hw.ncpu 400bool 401 402Report the number of CPU's in the system. 403This is a read-only variable. 404 405--- 406hw.pagesize 407int 408 409Displays the current 410.Xr pagesize 1 . 411This is a read-only variable. 412 413--- 414hw.pccard.cis_debug 415int 416 417Allows debugging to be turned on or off for 418CIS. 419 420--- 421hw.pccard.debug 422bool 423 424Determines whether or not to use debugging for the 425PC Card bus driver. 426 427--- 428hw.pci.allow_unsupported_io_range 429bool 430 431Some machines do not detect their CardBus slots correctly 432because they use unsupported I/O ranges. 433This 434.Nm 435allows FreeBSD to use those ranges. 436 437--- 438hw.pci.enable_io_modes 439 440--- 441hw.snd.pcm0.ac97rate 442 443--- 444hw.snd.verbose 445int 446 447Control the level of verbosity for the 448.Pa /dev/sndstat 449device. See the 450.Xr pcm 4 451man page for more information on debug 452levels. 453 454--- 455hw.snd.report_soft_formats 456bool 457 458Controls the internal format conversion if it is available 459transparently to the application software. 460See 461.Xr pcm 4 462for more information. 463 464--- 465hw.syscons.bell 466bool 467 468Allows you to control whether or not to use the 'bell' 469while using the console. This is turned on by default. 470 471--- 472hw.syscons.saver.keybonly 473bool 474 475This variable tells the system that the screen saver 476may only wake up if the keyboard is used. This means 477that log messages that are pushed to the console will 478not cause the screen saver to stop, and display the log 479message will not display. This can be disabled to mimic 480the behavior of older syscons. 481 482--- 483hw.syscons.sc_no_suspend_vtswitch 484bool 485 486Disables switching between virtual terminals during suspend 487or resume. See 488.Xr syscons 4 489for more information. 490 491--- 492hw.wi.debug 493bool 494 495Controls the level of debugging for 496.Xr wi 4 497devices. 498 499--- 500hw.wi.txerate 501int 502 503This value allows controls the maximum amount of error 504messages per second. 505Giving this 506.Nm 507a value of 0 (zero) disables error messages completely. 508 509--- 510kern.acct_chkfreq 511int 512 513Specifies the frequency (in minutes) with which free disk 514space should be checked. 515This is used in conjunction with 516.Va kern.acct_resume 517and 518.Va kern.acct_suspend. 519 520--- 521kern.acct_resume 522int 523 524The percentage of free disk space above which process 525accounting will resume. 526 527--- 528kern.acct_suspend 529int 530 531The percentage of free disk space below which process 532accounting stops. 533 534--- 535kern.argmax 536bool 537 538The maximum number of bytes that can be 539used in an argument to 540.Xr execve 2 . 541This is basically the maximum number of 542characters which can be used in a single 543command line. 544On some rare occasions, this value needs 545altering. 546If so, please check out the 547.Xr xargs 1 548utility. 549 550--- 551kern.bootfile 552str 553 554The kernel which was used to boot the system. 555 556--- 557kern.boottime 558str 559 560The time at which the current kernel became 561active after the system booted. This is a 562read-only variable. 563 564--- 565kern.chroot_allow_open_directories 566bool 567 568Depending on the setting of this variable, open 569file descriptors which reference directories will 570fail. 571If set to 572.Em 0 , 573.Xr chroot 8 574will always fail with 575.Er EPERM 576if there are any directories open. 577If set to 578.Em 1 579(the default), 580.Xr chroot 8 581will fail with 582.Er EPERM 583if there are any directories open and the 584process is already subject to the 585.Xr chroot 8 586system call. 587Any other value will bypass the check for open directories. 588Please see the 589.Xr chroot 2 590man page for more information. 591 592--- 593kern.clockrate 594struct 595 596Displays information about the system clock. 597This is a read-only variable. 598 599--- 600kern.console 601 602--- 603kern.coredump 604bool 605 606Determines where the kernel should dump a core file 607in the event of a kernel panic. 608 609--- 610kern.corefile 611str 612 613Describes the file name that a core image should be stored to. 614See the 615.Xr core 5 616man page for more information on this variable. 617 618--- 619kern.cp_time 620struct 621 622Contains CPU time statistics. 623This is a read-only variable. 624 625--- 626kern.devname 627struct 628 629An internally used 630.Nm 631that returns suitable device names for the 632.Fn devname 633function. 634See the 635.Xr devname 3 636manual page for more information. 637 638--- 639kern.devstat.all 640struct 641 642An internally used 643.Nm 644that returns current devstat statistics as well 645as the current devstat generation number. 646See the 647.Xr devstat 3 648man page for more information. 649 650--- 651kern.devstat.generation 652 653--- 654kern.devstat.numdevs 655 656--- 657kern.devstat.version 658int 659 660Displays the devstat list version number. 661This is a read-only variable. 662 663--- 664kern.disks 665str 666 667Display disk devices that the kernel is currently 668aware of. 669This is a read-only variable. 670 671--- 672kern.domainname 673str 674 675This shows the name of the current YP/NIS domain. 676 677--- 678kern.drainwait 679int 680 681The time to wait after dropping DTR to the given number. 682The units are measured in hundredths of a second. 683The default is 300 hundredths, 684i.e., 3 seconds. 685This option is needed mainly to set proper recover 686time after modem resets. 687 688--- 689kern.elf32.fallback_brand 690 691--- 692kern.fallback_elf_brand 693 694--- 695kern.file 696struct 697 698Returns the entire file structure. 699 700--- 701kern.function_list 702struct 703 704Returns all functions names in the kernel. 705 706--- 707kern.geom.confdot 708 709--- 710kern.geom.conftxt 711 712--- 713kern.geom.confxml 714 715--- 716kern.hostid 717int 718 719This 720.Nm 721may contain the IP address of the system. 722 723--- 724kern.hostname 725str 726 727Display the system hostname. 728This can be modified with the 729.Xr hostname 1 730utility. 731 732--- 733kern.init_path 734string 735 736The path to search for the 737.Xr init 8 738process. 739This is a read-only variable. 740 741--- 742kern.iov_max 743 744--- 745kern.ipc.clust_hiwm 746 747--- 748kern.ipc.clust_lowm 749 750--- 751kern.ipc.maxsockbuf 752int 753 754The maximum buffer size that may be allocated for sockets. 755See 756.Xr getsockopt 2 757for more information. 758 759--- 760kern.ipc.maxsockets 761int 762 763The maximum number of sockets available. 764 765--- 766kern.ipc.mb_statpcpu 767 768--- 769kern.ipc.mbstat 770 771--- 772kern.ipc.mbuf_hiwm 773 774--- 775kern.ipc.mbuf_lowm 776 777--- 778kern.ipc.mbuf_wait 779 780--- 781kern.ipc.msqids 782 783--- 784kern.ipc.nmbclusters 785bool 786 787Maximum number of mbuf clusters available. 788The kernel uses a preallocated pool of 789.Dq mbuf clusters 790for the 791.Xr mbuf 9 792allocator. 793The pool size is tuned by the kernel during boot. 794That size is set to a value which seems appropriate 795for the current system. 796 797--- 798kern.ipc.nmbcnt 799 800--- 801kern.ipc.nmbufs 802 803--- 804kern.ipc.nsfbufs 805 806--- 807kern.ipc.numopensockets 808 809--- 810kern.ipc.somaxconn 811int 812 813The maximum pending socket connection queue size. 814 815--- 816kern.ipc.zero_copy.receive 817bool 818 819When set to a non-zero value, zero copy is 820enabled for received packets. 821This reduces copying of data around for 822outgoing packets and can significantly 823improve throughput for network connections. 824 825--- 826kern.ipc.zero_copy.send 827bool 828 829When set to a non-zero value, zero copy is 830enabled for sent packets. 831This reduces copying of data around for outgoing 832packets and can significantly improve throughput 833for network connections. 834 835--- 836kern.job_control 837bool 838 839Reports whether or not job control is available. 840This is a read-only variable. 841 842--- 843kern.kq_calloutmax 844 845--- 846kern.lastpid 847int 848 849Displays the last PID used by a process. 850This is a read-only variable. 851 852--- 853kern.logsigexit 854bool 855 856Tells the kernel whether or not to log fatal signal exits. 857 858--- 859kern.malloc 860str 861 862Displays how memory is currently being allocated. 863This is a read-only variable. 864 865--- 866kern.maxfiles 867int 868 869The maximum number of files allowed for all the 870processes of the running kernel. 871You can override the default value which the 872kernel calculates by explicitly setting this to 873a non-zero value. 874Also see the 875.Xr tuning 7 876man page for more information. 877 878--- 879kern.maxfilesperproc 880int 881 882The maximum number of files any one process can open. 883See the 884.Xr ps 1 885utility for more information on monitoring processes. 886 887--- 888kern.maxproc 889int 890 891The maximum number of processes that the system 892can be running at any time. 893See the 894.Xr ps 1 895utility for more information on monitoring processes. 896 897--- 898kern.maxprocperuid 899int 900 901The maximum number of processes one user ID can run. 902See the 903.Xr ps 1 904utility for more information on monitoring processes. 905 906--- 907kern.maxusers 908int 909 910Controls the scaling of a number of static system tables, including 911defaults for the maximum number of open files, sizing of network 912memory resources, etc. 913See the 914.Xr tuning 7 915man page for more information. 916This 917.Nm 918cannot be set using 919.Xr sysctl 8 . 920Use 921.Xr loader 8 922instead to set this at boot time. 923 924--- 925kern.maxvnodes 926bool 927 928The maximum number of 929.Em vnodes 930(virtual file system nodes) 931the system can have open simultaneously. 932 933--- 934kern.minvnodes 935bool 936 937The minimun number of 938.Em vnodes 939(virtual file system nodes) 940the system can have open simultaneously. 941 942--- 943kern.module_path 944str 945 946This 947.Nm 948holds a colon-separated list of directories in which the 949kernel will search for loadable kernel modules. 950This path is search when using commands such as 951.Xr kldload 8 952and 953.Xr kldunload 8 . 954 955--- 956kern.msgbuf 957string 958 959Contains the kernel message buffer. 960 961--- 962kern.msgbuf_clear 963bool 964 965Giving this 966.Nm 967a value of 1 (one) will cause the kernel message buffer to 968be cleared. It should be noted though, that the 969.Nm 970will then automatically revert back to it's original 971value of 0 (zero). 972 973--- 974kern.ngroups 975int 976 977Contains the maximum number of groups that a 978user may belong to. 979This is a read-only variable. 980 981--- 982kern.openfiles 983int 984 985Shows the current amount of system-wide 986open files. 987This is useful when used in conjunction 988with 989.Va kern.maxfiles 990for tuning your system. 991This is a read-only variable. 992 993--- 994kern.osreldate 995string 996 997Displays the kernel release date. 998This is a read-only variable. 999 1000--- 1001kern.osrelease 1002str 1003 1004Displays the current version of 1005.Fx 1006running. 1007This is a read-only variable. 1008 1009--- 1010kern.osrevision 1011string 1012 1013Displays the operating system revision. 1014This is a read-only variable. 1015 1016--- 1017kern.ostype 1018str 1019 1020Alter the name of the current operating system. 1021Changing this will change the output from 1022the 1023.Xr uname 1 1024utility. 1025Changing the default is not recommended. 1026 1027--- 1028kern.posix1version 1029string 1030 1031Returns the version of 1032.Tn POSIX 1033that the system 1034is attempting to comply with. 1035This is a read-only variable. 1036 1037--- 1038kern.powercycle_on_panic 1039bool 1040 1041In the event of a panic, this variable controls whether or not the 1042system should try to power cycle instead of rebooting. 1043 1044--- 1045kern.poweroff_on_panic 1046bool 1047 1048In the event of a panic, this variable controls whether or not the 1049system should try to power off instead of rebooting. 1050 1051--- 1052kern.proc.all 1053 1054--- 1055kern.proc.args 1056int 1057 1058Allows a process to retrieve the argument list 1059or process title for another process without 1060looking in the address space of another program. 1061This is a read-only variable. 1062 1063--- 1064kern.proc.pgrp 1065 1066--- 1067kern.proc.pid 1068struct 1069 1070This internally used 1071.Nm 1072may be used to extract process information. See 1073.Xr sysctl 3 1074for an example. 1075 1076--- 1077kern.proc.ruid 1078 1079--- 1080kern.proc.tty 1081 1082--- 1083kern.proc.uid 1084 1085--- 1086kern.ps_argsopen 1087bool 1088 1089By setting this to 0, command line arguments are hidden 1090for processes which you are not running. 1091This is useful on multi-user machines where things 1092like passwords might accidentally be added to command 1093line programs. 1094 1095--- 1096 1097kern.quantum 1098 1099--- 1100kern.random.adaptors 1101str 1102 1103Displays registered PRNG adaptors. 1104This is a read-only variable. 1105 1106--- 1107kern.random.sys.burst 1108 1109--- 1110kern.random.sys.harvest.ethernet 1111 1112--- 1113kern.random.sys.harvest.interrupt 1114 1115--- 1116kern.random.sys.harvest.point_to_point 1117 1118--- 1119kern.random.sys.harvest.swi 1120 1121--- 1122kern.random.sys.seeded 1123 1124--- 1125kern.random.yarrow.bins 1126 1127--- 1128kern.random.yarrow.fastthresh 1129 1130--- 1131kern.random.yarrow.gengateinterval 1132 1133--- 1134kern.random.yarrow.slowoverthresh 1135 1136--- 1137kern.random.yarrow.slowthresh 1138 1139--- 1140kern.randompid 1141 1142--- 1143kern.rootdev 1144string 1145 1146Displays the current root file system device. This 1147is a read-only variable. 1148 1149--- 1150kern.saved_ids 1151bool 1152 1153Displays whether or not saved set-group/user ID is 1154available. This is a read-only variable. 1155 1156--- 1157kern.securelevel 1158bool 1159 1160The current kernel security level. 1161See the 1162.Xr init 8 1163manual page for a good description 1164about what a security level is. 1165 1166--- 1167kern.sugid_coredump 1168bool 1169 1170By default, a process that changes user or group credentials whether 1171real or effective will not create a corefile. 1172This behavior can be changed to generate a core dump by 1173setting this variable to 1. 1174 1175--- 1176kern.sync_on_panic 1177bool 1178 1179In the event of a panic, this variable controls whether or not the 1180system should try and 1181.Xr sync 8 . 1182In some circumstances, this could cause a double panic, and as a result, 1183this may be turned off if needed. 1184 1185--- 1186kern.threads.debug 1187bool 1188 1189Determines whether to use debugging for kernel threads. 1190This is useful for testing. 1191 1192--- 1193kern.threads.max_groups_per_proc 1194 1195--- 1196kern.threads.max_threads_hits 1197 1198--- 1199kern.threads.max_threads_per_proc 1200 1201--- 1202kern.threads.virtual_cpu 1203int 1204 1205The maximum amount of virtual CPU's that be used for 1206threading. 1207 1208--- 1209kern.tty_nin 1210 1211--- 1212kern.tty_nout 1213 1214--- 1215kern.ttys 1216bool 1217 1218Used internally by the 1219.Xr pstat 8 1220command. 1221This is a read-only variable. 1222 1223--- 1224kern.version 1225str 1226 1227Displays the current kernel version information. 1228This is a read-only variable. 1229 1230--- 1231machdep.acpi_root 1232 1233--- 1234machdep.cpu_idle_hlt 1235bool 1236 1237Halt idle CPUs. 1238This is good for an SMP system. 1239 1240--- 1241machdep.disable_mtrrs 1242 1243--- 1244machdep.guessed_bootdev 1245 1246--- 1247machdep.hyperthreading_allowed 1248bool 1249 1250Setting this tunable to zero disables 1251the use of additional logical processors 1252provided by Intel HTT technology. 1253 1254--- 1255machdep.panic_on_nmi 1256 1257--- 1258machdep.siots 1259 1260--- 1261net.inet.accf.unloadable 1262 1263--- 1264net.inet.icmp.bmcastecho 1265 1266--- 1267net.inet.icmp.drop_redirect 1268 1269--- 1270net.inet.icmp.icmplim 1271 1272--- 1273net.inet.icmp.icmplim_output 1274 1275--- 1276net.inet.icmp.log_redirect 1277 1278--- 1279net.inet.icmp.maskfake 1280 1281--- 1282net.inet.icmp.maskrepl 1283 1284--- 1285net.inet.ip.accept_sourceroute 1286bool 1287 1288Controls forwarding of source-routed IP packets. 1289 1290--- 1291net.inet.ip.check_interface 1292bool 1293 1294This 1295.Nm 1296verifies that packets arrive on the correct interfaces. 1297 1298--- 1299net.inet.ip.fastforwarding 1300bool 1301 1302When fast forwarding is enabled, IP packets are forwarded directly to 1303the appropriate network interface with a minimal validity checking, 1304which greatly improves throughput. 1305Please see the 1306.Xr inet 4 1307man page for more information. 1308 1309--- 1310net.inet.ip.forwarding 1311bool 1312 1313Act as a gateway machine and forward packets. 1314This can also be configured using the 1315gateway_enable value in 1316.Pa /etc/rc.conf 1317 1318--- 1319net.inet.ip.fw.one_pass 1320int 1321 1322--- 1323net.inet.ip.intr_queue_drops 1324 1325--- 1326net.inet.ip.intr_queue_maxlen 1327 1328--- 1329net.inet.ip.maxfragpackets 1330 1331--- 1332net.inet.ip.maxfragsperpacket 1333 1334--- 1335net.inet.ip.redirect 1336bool 1337 1338Controls the sending of ICMP redirects in response to unforwardable IP 1339packets. 1340 1341--- 1342net.inet.ip.sourceroute 1343bool 1344 1345Determines whether or not source routed IP packets 1346should be forwarded. 1347 1348--- 1349net.inet.ip.stats 1350 1351--- 1352net.inet.ip.ttl 1353int 1354 1355The TTL (time-to-live) to use for outgoing packets. 1356 1357--- 1358net.inet.raw.maxdgram 1359 1360--- 1361net.inet.raw.olddiverterror 1362 1363--- 1364net.inet.raw.pcblist 1365 1366--- 1367net.inet.raw.recvspace 1368 1369--- 1370net.inet.tcp.always_keepalive 1371bool 1372 1373Determines whether or not to attempt to detect dead TCP 1374connections by sending 'keepalives' intermittently. This 1375is enabled by default and can also be configured using the 1376tcp_keepalive value in 1377.Pa /etc/rc.conf 1378 1379--- 1380net.inet.tcp.blackhole 1381bool 1382 1383Manipulates system behavior when 1384connection requests are received on a 1385TCP port without a socket listening. 1386See the 1387.Xr blackhole 4 1388man page for more information. 1389 1390--- 1391net.inet.tcp.delacktime 1392 1393--- 1394net.inet.tcp.delayed_ack 1395bool 1396 1397Historically speaking, this feature was designed to allow the 1398acknowledgment to transmitted data to be returned along with the 1399response. See the 1400.Xr tuning 7 1401man page for more information. 1402 1403--- 1404net.inet.tcp.do_tcpdrain 1405 1406--- 1407net.inet.tcp.getcred 1408 1409--- 1410net.inet.tcp.icmp_may_rst 1411 1412--- 1413net.inet.tcp.inflight_debug 1414bool 1415 1416Control debugging for the 1417.Va net.inet.tcp.inflight_enable 1418.Nm . 1419Please see the 1420.Xr tuning 7 1421man page for more information. 1422 1423--- 1424net.inet.tcp.inflight_enable 1425bool 1426 1427Turns on bandwidth delay product limiting for all 1428TCP connections. Please see the 1429.Xr tuning 7 1430man page for more information. 1431 1432--- 1433net.inet.tcp.inflight_max 1434bool 1435 1436.Em double check 1437The maximum amount of data that may be queued for 1438bandwidth delay product limiting. 1439 1440--- 1441net.inet.tcp.inflight_min 1442bool 1443 1444.Em double check 1445The minimum amount of data that may be queued for 1446bandwidth delay product limiting. 1447 1448--- 1449net.inet.tcp.inflight_stab 1450bool 1451 1452This parameter represents the maximal packets 1453added to the bandwidth delay product window 1454calculation. Changing this is not recommended. 1455 1456--- 1457net.inet.tcp.isn_reseed_interval 1458 1459--- 1460net.inet.tcp.local_slowstart_flightsize 1461 1462--- 1463net.inet.tcp.log_in_vain 1464bool 1465 1466Allows the system to log connections to TCP 1467ports that do not have sockets listening. 1468This variable can also be tuned by changing 1469the value for log_in_vain 1470in 1471.Pa /etc/rc.conf 1472 1473--- 1474net.inet.tcp.minmss 1475bool 1476 1477Enable for network link optimization TCP can adjust its MSS and thus 1478packet size according to the observed path MTU. This is done 1479dynamically based on feedback from the remote host and network 1480components along the packet path. This information can be 1481abused to pretend an extremely low path MTU. 1482 1483--- 1484net.inet.tcp.minmssoverload 1485bool 1486 1487The PSS rate for the 1488.Va net.inet.tcp.minmss 1489sysctl. 1490Setting this will force packets to be reset 1491and dropped, this should hinder the availability 1492of DoS attacks on WWW servers using POST attacks. 1493 1494--- 1495net.inet.tcp.msl 1496 1497--- 1498net.inet.tcp.mssdflt 1499bool 1500 1501This is the default TCP Maximum Segment Size 1502for TCP packets. The default setting is recommended 1503in most cases. 1504 1505--- 1506net.inet.tcp.v6mssdflt 1507bool 1508 1509This is the default TCP Maximum Segment Size 1510for TCP IPv6 packets. The default setting is recommend 1511in most cases. 1512 1513--- 1514net.inet.tcp.newreno 1515 1516--- 1517net.inet.tcp.path_mtu_discovery 1518 1519--- 1520net.inet.tcp.pcbcount 1521 1522--- 1523net.inet.tcp.pcblist 1524 1525--- 1526net.inet.tcp.recvspace 1527bool 1528 1529This variables controls the amount of receive 1530buffer space for any given TCP connection. This 1531can be particularly useful when tuning network 1532applications. See the 1533.Xr tuning 7 1534man page for more information. 1535 1536--- 1537net.inet.tcp.rexmit_min 1538 1539--- 1540net.inet.tcp.rexmit_slop 1541 1542--- 1543net.inet.tcp.rfc1323 1544bool 1545 1546Determines whether support for RFC1323 (TCP Extensions 1547for High Performance) should be enabled. 1548This variable can also be tuned by changing the value 1549for tcp_extensions in 1550.Pa /etc/rc.conf 1551 1552--- 1553net.inet.tcp.rfc1644 1554 1555--- 1556net.inet.tcp.rfc3042 1557 1558--- 1559net.inet.tcp.rfc3390 1560 1561--- 1562net.inet.tcp.sendspace 1563bool 1564 1565This variables controls the amount of send 1566buffer space for any given TCP connection. This 1567can be particularly useful when tuning network 1568applications. See the 1569.Xr tuning 7 1570manual page for more information. 1571 1572--- 1573net.inet.tcp.slowstart_flightsize 1574 1575--- 1576net.inet.tcp.stats 1577 1578--- 1579net.inet.tcp.syncache.bucketlimit 1580 1581--- 1582net.inet.tcp.syncache.cachelimit 1583 1584--- 1585net.inet.tcp.syncache.count 1586 1587--- 1588net.inet.tcp.syncache.hashsize 1589 1590--- 1591net.inet.tcp.syncache.rexmtlimit 1592 1593--- 1594net.inet.tcp.syncookies 1595 1596--- 1597net.inet.tcp.tcbhashsize 1598 1599--- 1600net.inet.tcp.v6mssdflt 1601 1602--- 1603net.inet.udp.blackhole 1604bool 1605 1606Manipulates system behavior when 1607connection requests are received on a 1608UDP port. 1609See the 1610.Xr blackhole 4 1611man page for more information. 1612 1613--- 1614net.inet.udp.getcred 1615 1616--- 1617net.inet.udp.log_in_vain 1618bool 1619 1620Allows the system to log connections to UDP 1621ports that do not have sockets listening. 1622This variable can also be tuned by changing 1623the value for log_in_vain 1624in 1625.Pa /etc/rc.conf 1626 1627--- 1628net.inet.udp.maxdgram 1629 1630--- 1631net.inet.udp.pcblist 1632 1633--- 1634net.inet.udp.recvspace 1635 1636--- 1637net.inet.udp.stats 1638 1639--- 1640net.inet6.icmp6.errppslimit 1641 1642--- 1643net.inet6.icmp6.nd6_debug 1644 1645--- 1646net.inet6.icmp6.nd6_delay 1647 1648--- 1649net.inet6.icmp6.nd6_maxnudhint 1650 1651--- 1652net.inet6.icmp6.nd6_mmaxtries 1653 1654--- 1655net.inet6.icmp6.nd6_prune 1656 1657--- 1658net.inet6.icmp6.nd6_umaxtries 1659 1660--- 1661net.inet6.icmp6.nd6_useloopback 1662 1663--- 1664net.inet6.icmp6.nodeinfo 1665 1666--- 1667net.inet6.icmp6.rediraccept 1668 1669--- 1670net.inet6.icmp6.redirtimeout 1671 1672--- 1673net.inet6.tcp6.getcred 1674 1675--- 1676net.inet6.udp6.getcred 1677 1678--- 1679net.isr.enable 1680 1681--- 1682net.link.ether.inet.log_arp_movements 1683 1684--- 1685net.link.ether.inet.log_arp_wrong_iface 1686 1687--- 1688net.link.ether.ipfw 1689 1690--- 1691net.link.generic.ifdata 1692 1693--- 1694net.link.generic.system.ifcount 1695 1696--- 1697net.link.gif.max_nesting 1698bool 1699 1700Determines whether to allow recursive tunnels or not. 1701 1702--- 1703net.link.gif.parallel_tunnels 1704bool 1705 1706Determines whether to allow parallel tunnels or not. 1707 1708--- 1709net.local.dgram.pcblist 1710 1711--- 1712net.local.stream.pcblist 1713 1714--- 1715security.bsd.see_other_uids 1716bool 1717 1718Turning this option on will prevent users from viewing information 1719about processes running under other user id numbers (UIDs). 1720 1721--- 1722security.bsd.suser_enabled 1723 1724--- 1725security.bsd.unprivileged_proc_debug 1726 1727--- 1728security.bsd.unprivileged_read_msgbuf 1729 1730--- 1731security.jail.set_hostname_allowed 1732bool 1733 1734Determines whether or not the root user 1735within the jail can set the hostname. 1736 1737--- 1738security.jail.socket_unixiproute_only 1739 1740--- 1741security.jail.sysvipc_allowed 1742 1743--- 1744security.mac.biba.enabled 1745bool 1746 1747Enables enforcement of the Biba integrity policy. 1748 1749--- 1750security.mac.biba.ptys_equal 1751bool 1752 1753Label 1754.Sm off 1755.Xr pty 4 1756s 1757.Sm on 1758as 1759.Dq biba/equal 1760upon creation. 1761 1762--- 1763security.mac.biba.revocation_enabled 1764bool 1765 1766Revoke access to objects if the label is changed to dominate the subject. 1767 1768--- 1769security.mac.enforce_fs 1770bool 1771 1772Enforce MAC policies for file system accesses. 1773 1774--- 1775security.mac.enforce_kld 1776bool 1777 1778Enforce MAC policies on 1779.Xr kld 4 . 1780 1781--- 1782security.mac.enforce_network 1783bool 1784 1785Enforce MAC policies on network interfaces. 1786 1787--- 1788security.mac.enforce_pipe 1789bool 1790 1791Enforce MAC policies on pipes. 1792 1793--- 1794security.mac.enforce_process 1795bool 1796 1797Enforce MAC policies between system processes 1798(e.g. 1799.Xr ps 1 , 1800.Xr ktrace 2 ). 1801 1802--- 1803security.mac.enforce_socket 1804bool 1805 1806Enforce MAC policies on sockets. 1807 1808--- 1809security.mac.enforce_system 1810bool 1811 1812Enforce MAC policies on system-related items 1813(e.g. 1814.Xr kenv 1 , 1815.Xr acct 2 , 1816.Xr reboot 2 ). 1817 1818--- 1819security.mac.enforce_vm 1820bool 1821 1822Enforce MAC policies on 1823.Xr mmap 2 1824and 1825.Xr mprotect 2 . 1826 1827--- 1828security.mac.ifoff.lo_enabled 1829bool 1830 1831Use this too disable network traffic over the loopback 1832.Xr lo 4 1833interface. 1834See 1835.Xr mac_ifoff 4 1836for more information. 1837 1838--- 1839security.mac.ifoff.other_enabled 1840bool 1841 1842Use this to enable network traffic over other interfaces. 1843See 1844.Xr mac_ifoff 4 1845for more information. 1846 1847--- 1848security.mac.ifoff.bpfrecv_enabled 1849bool 1850 1851Use this too allow 1852.Xr bpf 4 1853traffic to be received, 1854even while other traffic is disabled. 1855 1856--- 1857security.mac.mls.enabled 1858bool 1859 1860Enables the enforcement of the MLS confidentiality policy, 1861see 1862.Xr mac_mls 4 1863for more information. 1864 1865--- 1866security.mac.mls.ptys_equal 1867bool 1868 1869Label 1870.Sm off 1871.Xr pty 4 1872s 1873.Sm on 1874as 1875.Dq mls/equal 1876upon creation. 1877 1878--- 1879security.mac.mls.revocation_enabled 1880bool 1881 1882Revoke access to objects if the label is changed to a more sensitive 1883level than the subject. 1884 1885--- 1886security.mac.portacl.rules 1887str 1888 1889The port access control list is specified in the following format: 1890 1891.Sy idtype 1892.Li : 1893.Sy id 1894.Li : 1895.Sy protocol 1896.Li : 1897.Sy port 1898.Li [, 1899.Sy idtype 1900.Li : 1901.Sy id 1902.Li : 1903.Sy protocol 1904.Li : 1905.Sy port 1906.Li ,...] 1907 1908.Sy idtype 1909Describes the type of subject match to be performed. 1910Either 1911.Li uid 1912for userid matching, or 1913.Li gid 1914for group ID matching. 1915.Sy id 1916The user or group ID (depending on 1917.Sy idtype ) 1918allowed to bind to the specified port. 1919.Bf -emphasis 1920NOTE: User and group names are not valid; only the actual ID numbers 1921may be used. 1922.Ef 1923.Sy protocol 1924Describes which protocol this entry applies to. 1925Either 1926.Li tcp 1927or 1928.Li udp 1929are supported. 1930.Sy port 1931Describes which port this entry applies to. 1932.Bf -emphasis 1933NOTE: MAC security policies may not override other security system policies 1934by allowing accesses that they may deny, such as 1935.Va net.inet.ip.portrange.reservedlow / 1936.Va net.inet.ip.portrange.reservedhigh . 1937.Ef 1938 1939--- 1940security.mac.seeotheruids.enabled 1941bool 1942 1943Enable/disable 1944.Va security.mac.seeotheruids 1945See 1946.Xr mac_seeotheruids 4 1947for more information. 1948 1949--- 1950security.mac.seeotheruids.primarygroup_enabled 1951bool 1952 1953Allow users to see processes and sockets owned by the same primary 1954group. 1955 1956--- 1957security.mac.seeotheruids.specificgid_enabled 1958bool 1959 1960Allow processes with a specific group ID to be exempt from the policy, 1961set this to 1962.Li 1 1963and set 1964.Va security.mac.seeotheruids.specificgid 1965to the gid to be exempted. 1966 1967--- 1968security.mac_test 1969str 1970 1971Used for debugging. 1972See 1973.Xr mac_test 4 1974for more information. 1975 1976--- 1977user.bc_base_max 1978 1979--- 1980user.bc_dim_max 1981 1982--- 1983user.bc_scale_max 1984 1985--- 1986user.bc_string_max 1987 1988--- 1989user.coll_weights_max 1990 1991--- 1992user.cs_path 1993 1994--- 1995user.line_max 1996 1997--- 1998user.posix2_c_bind 1999 2000--- 2001user.posix2_c_dev 2002 2003--- 2004user.posix2_fort_dev 2005 2006--- 2007user.posix2_fort_run 2008 2009--- 2010user.posix2_localedef 2011 2012--- 2013user.posix2_sw_dev 2014 2015--- 2016user.posix2_upe 2017 2018--- 2019user.posix2_version 2020 2021--- 2022user.re_dup_max 2023 2024--- 2025user.stream_max 2026 2027--- 2028user.tzname_max 2029 2030--- 2031vfs.altbufferflushes 2032 2033--- 2034vfs.bufdefragcnt 2035 2036--- 2037vfs.buffreekvacnt 2038 2039--- 2040vfs.bufmallocspace 2041 2042--- 2043vfs.bufreusecnt 2044 2045--- 2046vfs.bufspace 2047 2048--- 2049vfs.cache.nchstats 2050 2051--- 2052vfs.conflist 2053 2054--- 2055vfs.devfs.generation 2056 2057--- 2058vfs.devfs.inodes 2059 2060--- 2061vfs.devfs.noverflow 2062 2063--- 2064vfs.devfs.topinode 2065 2066--- 2067vfs.dirtybufferflushes 2068 2069--- 2070vfs.dirtybufthresh 2071 2072--- 2073vfs.ffs.adjblkcnt 2074 2075--- 2076vfs.ffs.adjrefcnt 2077 2078--- 2079vfs.ffs.freeblks 2080 2081--- 2082vfs.ffs.freedirs 2083 2084--- 2085vfs.ffs.freefiles 2086 2087--- 2088vfs.ffs.setflags 2089 2090--- 2091vfs.flushwithdeps 2092 2093--- 2094vfs.getnewbufcalls 2095 2096--- 2097vfs.getnewbufrestarts 2098 2099--- 2100vfs.hibufspace 2101 2102--- 2103vfs.hidirtybuffers 2104 2105--- 2106vfs.hifreebuffers 2107 2108--- 2109vfs.hirunningspace 2110 2111--- 2112vfs.lobufspace 2113 2114--- 2115vfs.lodirtybuffers 2116 2117--- 2118vfs.lofreebuffers 2119 2120--- 2121vfs.lorunningspace 2122 2123--- 2124vfs.maxbufspace 2125 2126--- 2127vfs.maxmallocbufspace 2128 2129--- 2130vfs.numdirtybuffers 2131 2132--- 2133vfs.numfreebuffers 2134 2135--- 2136vfs.opv_numops 2137 2138--- 2139vfs.pfs.vncache.entries 2140 2141--- 2142vfs.pfs.vncache.hits 2143 2144--- 2145vfs.pfs.vncache.maxentries 2146 2147--- 2148vfs.pfs.vncache.misses 2149 2150--- 2151vfs.read_max 2152 2153--- 2154vfs.recursiveflushes 2155 2156--- 2157vfs.runningbufspace 2158 2159--- 2160vfs.ufs.dirhash_docheck 2161 2162--- 2163vfs.ufs.dirhash_maxmem 2164 2165--- 2166vfs.ufs.dirhash_mem 2167 2168--- 2169vfs.ufs.dirhash_minsize 2170 2171--- 2172vfs.usermount 2173bool 2174 2175This 2176.Nm 2177allows the root user to grant access to non-root users 2178so that they may mount floppy and CD-ROM drives. 2179 2180--- 2181vfs.vmiodirenable 2182bool 2183 2184Controls how directories are cached by the system. 2185This is turned on by default. See the 2186.Xr tuning 7 2187man page for a more detailed explanation on this 2188variable. 2189 2190--- 2191vfs.write_behind 2192bool 2193 2194Tells the file system to issue media writes as 2195full clusters are collected, which typically 2196occurs when writing large sequential files. 2197This is turned on by default, but under certain 2198circumstances may stall processes and can therefore 2199be turned off. 2200 2201--- 2202vm.disable_swapspace_pageouts 2203 2204--- 2205vm.dmmax 2206 2207--- 2208vm.kvm_free 2209 2210--- 2211vm.kvm_size 2212 2213--- 2214vm.loadavg 2215struct 2216 2217Displays the load average history. This is a 2218read-only variable. 2219 2220--- 2221vm.max_launder 2222 2223--- 2224vm.nswapdev 2225int 2226 2227Displays the number of swap devices available 2228to the system. This is a read-only variable. 2229 2230--- 2231vm.pageout_full_stats_interval 2232 2233--- 2234vm.pageout_lock_miss 2235 2236--- 2237vm.pageout_stats_free_max 2238 2239--- 2240vm.pageout_stats_interval 2241 2242--- 2243vm.pageout_stats_max 2244 2245--- 2246vm.stats.sys.v_intr 2247 2248--- 2249vm.stats.sys.v_soft 2250 2251--- 2252vm.stats.sys.v_swtch 2253 2254--- 2255vm.stats.sys.v_syscall 2256 2257--- 2258vm.stats.sys.v_trap 2259 2260--- 2261vm.stats.vm.v_cow_faults 2262 2263--- 2264vm.stats.vm.v_cow_optim 2265 2266--- 2267vm.stats.vm.v_forkpages 2268 2269--- 2270vm.stats.vm.v_forks 2271 2272--- 2273vm.stats.vm.v_intrans 2274 2275--- 2276vm.stats.vm.v_kthreadpages 2277 2278--- 2279vm.stats.vm.v_kthreads 2280 2281--- 2282vm.stats.vm.v_ozfod 2283 2284--- 2285vm.stats.vm.v_pdpages 2286 2287--- 2288vm.stats.vm.v_pdwakeups 2289 2290--- 2291vm.stats.vm.v_reactivated 2292 2293--- 2294vm.stats.vm.v_rforkpages 2295 2296--- 2297vm.stats.vm.v_rforks 2298 2299--- 2300vm.stats.vm.v_swapin 2301 2302--- 2303vm.stats.vm.v_swapout 2304 2305--- 2306vm.stats.vm.v_swappgsin 2307 2308--- 2309vm.stats.vm.v_swappgsout 2310 2311--- 2312vm.stats.vm.v_vforkpages 2313 2314--- 2315vm.stats.vm.v_vforks 2316 2317--- 2318vm.stats.vm.v_vm_faults 2319 2320--- 2321vm.stats.vm.v_vnodein 2322 2323--- 2324vm.stats.vm.v_vnodeout 2325 2326--- 2327vm.stats.vm.v_vnodepgsin 2328 2329--- 2330vm.stats.vm.v_vnodepgsout 2331 2332--- 2333vm.stats.vm.v_zfod 2334 2335--- 2336vm.swap_async_max 2337int 2338 2339The maximum number of in-progress async operations 2340that may be performed. 2341 2342--- 2343vm.swap_enabled 2344bool 2345 2346Determines whether or not processes may swap. 2347 2348--- 2349vm.swap_idle_enabled 2350 2351See 2352.Xr tuning 7 2353for a detailed explanation of this 2354.Nm . 2355 2356--- 2357vm.swap_info 2358 2359--- 2360vm.vmtotal 2361string 2362 2363Displays virtual memory statistics which are collected 2364at five second intervals. 2365 2366--- 2367vm.zone 2368string 2369 2370Shows memory used by the kernel zone allocator, by zone. 2371This information can also be found by using the 2372.Xr vmstat 8 2373command. 2374 2375--- 2376 2377
