1# $FreeBSD$ 2--- 3debug.disablecwd 4bool 5 6Determines whether or not the 7.Xr getwcd 3 8system call should be allowed. 9 10--- 11debug.disablefullpath 12bool 13 14Determines whether or not the 15.Fn vn_fullpath 16function may be used. 17 18--- 19debug.dobkgrdwrite 20bool 21 22Determines if background writes should be performed. 23 24--- 25debug.hashstat.nchash 26struct 27 28Displays nchash chain lengths. This is a read-only 29variable. 30 31--- 32debug.hashstat.rawnchash 33 34--- 35debug.ieee80211 36bool 37 38This 39.Nm 40allows you to enable or disable debugging for 802.11 devices. 41 42--- 43debug.kdb.available 44variable 45 46Used to retrieve a list of currently available debugger backends. 47 48--- 49debug.kdb.current 50variable 51 52Allows for the selection of the debugger backend 53which is used to handle debugger requests. 54 55--- 56debug.kdb.enter 57variable 58 59When written to, the system should break to the debugger. 60 61--- 62debug.malloc.failure_count 63bool 64 65Number of times a coerced malloc failure has occurred as a 66result of 67.Va debug.malloc.failure_rate . 68Useful for tracking what might have happened 69and whether failures are being generated. 70 71--- 72debug.malloc.failure_rate 73bool 74 75Debugging feature causing 76.Dv M_NOWAIT 77allocations to fail at a specified rate. 78How often to generate a failure: if set to 0 (default), this 79feature is disabled. 80In other words if set to 10 (one in ten 81.Xr malloc 3 82calls will fail). 83 84--- 85debug.rman_debug 86bool 87 88This 89.Nm 90allows you to enable or disable debugging for 91.Xr rman 9 , 92the 93.Fx 94resource manager. 95 96--- 97debug.sizeof.bio 98 99--- 100debug.sizeof.buf 101 102--- 103debug.sizeof.cdev 104 105--- 106debug.sizeof.devstat 107 108--- 109debug.sizeof.kinfo_proc 110 111--- 112debug.sizeof.proc 113 114--- 115debug.sizeof.vnode 116 117--- 118debug.vnlru_nowhere 119 120--- 121hw.acpi.cpu.current_speed 122bool 123 124Display the current CPU speed. 125This is adjustable, but doing so is not recommended. 126 127--- 128hw.acpi.cpu.max_speed 129int 130 131Allows you to change the stepping for processor speed 132on machines which support 133.Xr acpi 4 . 134 135--- 136hw.acpi.disable_on_poweroff 137bool 138 139Some systems using 140.Xr acpi 4 141have problems powering off when shutting down with 142.Xr acpi 4 143enabled. This 144.Nm 145disables 146.Xr acpi 4 147when rebooting and shutting down. 148 149--- 150hw.acpi.s4bios 151bool 152 153This 154.Nm 155determines whether or not the S4BIOS sleep implementation 156should be used. 157 158--- 159hw.acpi.sleep_delay 160int 161 162Set the sleep delay for 163.Xr acpi 4 . 164 165--- 166hw.acpi.supported_sleep_state 167bool 168 169List supported 170.Tn ACPI 171sleep states 172 173--- 174hw.acpi.thermal.min_runtime 175 176--- 177hw.acpi.thermal.polling_rate 178int 179 180The interval in seconds that should be used to check 181the current system temperature. 182 183--- 184hw.acpi.thermal.tz0.temperature 185str 186 187Displays the current temperature. 188This is a read-only variable. 189 190--- 191hw.acpi.thermal.tz0.thermal_flags 192 193--- 194hw.acpi.verbose 195bool 196 197Determines whether or not 198.Xr acpi 4 199should be verbose. 200 201--- 202hw.ata.ata_dma 203bool 204 205Allows the enabling and disabling of DMA for 206ATA devices. 207 208--- 209hw.ata.atapi_dma 210bool 211 212Allows the enabling and disabling of DMA for 213atapi devices, such as CD-ROM drives. 214 215--- 216hw.ata.tags 217bool 218 219An experimental feature for IDE hard drives which 220allows write caching to be turned on. 221Please read the 222.Xr tuning 7 223manual page carefully before using this. 224 225--- 226hw.ata.wc 227bool 228 229Determines whether or not IDE write caching should 230be turned on or off. 231See 232.Xr tuning 7 233for more information. 234 235--- 236hw.bus.devices 237 238--- 239hw.bus.info 240int 241 242This is an internally used function that returns 243the kernel bus interface version. 244 245--- 246hw.bus.rman 247 248--- 249hw.busdmafree_bpages 250 251--- 252hw.busdma.reserved_bpages 253 254--- 255hw.busdma.active_bpages 256 257--- 258hw.busdma.total_bpages 259 260--- 261hw.busdma.total_bounced 262 263--- 264hw.busdma.total_deferred 265 266--- 267hw.byteorder 268int 269 270Returns the system byte order. 271This is a read-only variable. 272 273--- 274hw.cardbus.cis_debug 275 276--- 277hw.cardbus.debug 278 279--- 280hw.cbb.debug 281 282--- 283hw.cbb.start_16_io 284 285--- 286hw.cbb.start_32_io 287 288--- 289hw.cbb.start_memory 290 291--- 292hw.floatingpoint 293bool 294 295Reports true if the machine has a floating point processor. 296This is a read-only variable. 297 298--- 299hw.fxp0.bundle_max 300int 301 302Controls the receive interrupt microcode bundle size limit 303for the 304.Xr fxp 4 305device. 306 307--- 308hw.fxp0.int_delay 309int 310 311Controls the receive interrupt microcode bundling delay 312for the 313.Xr fxp 4 314device. 315 316--- 317hw.fxp_noflow 318bool 319 320Disables flow control support on 321.Xr fxp 4 322cards. 323When flow control is enabled, and if the operating system 324does not acknowledge the packet buffer filling, 325the card will begin to generate Ethernet quench 326packets, but appears to get into a feedback 327loop of some sort, hosing local switches. 328This is a workaround for this issue. 329 330--- 331hw.fxp_rnr 332int 333 334Set the amount of times that a no-resource 335condition may occur before the 336.Xr fxp 4 337device may restart. 338 339--- 340hw.instruction_sse 341bool 342 343Returns true if SSE support is enabled in the kernel. 344This is a read-only variable. 345 346--- 347hw.intrcnt 348bool 349 350Displays a list of interrupt counters. 351This is a read-only variable. 352 353--- 354hw.intrnames 355str 356 357Displays a list of zero-terminated interrupt 358names. This is a read-only variable. 359 360--- 361hw.kbd.keymap_restrict_change 362bool 363 364This sysctl acts as a sort of secure-level, allowing 365control of the console keymap. 366Giving this a value of 1 means that only the 367root user can change restricted keys 368(like boot, panic...). 369A value of 2 means that only root 370can change restricted keys and regular keys. 371Regular users still can change accents and function keys. 372A value of 3 means only root can change restricted, 373regular and accent keys, while a value of 4 means that 374no changes to the keymap are 375allowed by anyone other than the root user. 376 377--- 378hw.machine 379str 380 381Displays the machine class. 382This is a read-only variable. 383 384--- 385hw.machine_arch 386str 387 388Displays the current architecture. 389This is a read-only variable. 390 391--- 392hw.model 393str 394 395Displays the model information of the current running hardware. 396This is a read-only variable. 397 398--- 399hw.ncpu 400bool 401 402Report the number of CPU's in the system. 403This is a read-only variable. 404 405--- 406hw.pagesize 407int 408 409Displays the current 410.Xr pagesize 1 . 411This is a read-only variable. 412 413--- 414hw.pccard.cis_debug 415int 416 417Allows debugging to be turned on or off for 418CIS. 419 420--- 421hw.pccard.debug 422bool 423 424Determines whether or not to use debugging for the 425PC Card bus driver. 426 427--- 428hw.pci.allow_unsupported_io_range 429bool 430 431Some machines do not detect their CardBus slots correctly 432because they use unsupported I/O ranges. 433This 434.Nm 435allows FreeBSD to use those ranges. 436 437--- 438hw.pci.enable_io_modes 439 440--- 441hw.snd.pcm0.ac97rate 442 443--- 444hw.snd.verbose 445int 446 447Control the level of verbosity for the 448.Pa /dev/sndstat 449device. See the 450.Xr pcm 4 451man page for more information on debug 452levels. 453 454--- 455hw.snd.report_soft_formats 456bool 457 458Controls the internal format conversion if it is available 459transparently to the application software. 460See 461.Xr pcm 4 462for more information. 463 464--- 465hw.syscons.bell 466bool 467 468Allows you to control whether or not to use the 'bell' 469while using the console. This is turned on by default. 470 471--- 472hw.syscons.saver.keybonly 473bool 474 475This variable tells the system that the screen saver 476may only wake up if the keyboard is used. This means 477that log messages that are pushed to the console will 478not cause the screen saver to stop, and display the log 479message will not display. This can be disabled to mimic 480the behavior of older syscons. 481 482--- 483hw.syscons.sc_no_suspend_vtswitch 484bool 485 486Disables switching between virtual terminals during suspend 487or resume. See 488.Xr syscons 4 489for more information. 490 491--- 492hw.wi.debug 493bool 494 495Controls the level of debugging for 496.Xr wi 4 497devices. 498 499--- 500hw.wi.txerate 501int 502 503This value allows controls the maximum amount of error 504messages per second. 505Giving this 506.Nm 507a value of 0 (zero) disables error messages completely. 508 509--- 510kern.acct_chkfreq 511int 512 513Specifies the frequency (in minutes) with which free disk 514space should be checked. 515This is used in conjunction with 516.Va kern.acct_resume 517and 518.Va kern.acct_suspend. 519 520--- 521kern.acct_resume 522int 523 524The percentage of free disk space above which process 525accounting will resume. 526 527--- 528kern.acct_suspend 529int 530 531The percentage of free disk space below which process 532accounting stops. 533 534--- 535kern.argmax 536bool 537 538The maximum number of bytes that can be 539used in an argument to 540.Xr execve 2 . 541This is basically the maximum number of 542characters which can be used in a single 543command line. 544On some rare occasions, this value needs 545altering. 546If so, please check out the 547.Xr xargs 1 548utility. 549 550--- 551kern.bootfile 552str 553 554The kernel which was used to boot the system. 555 556--- 557kern.boottime 558str 559 560The time at which the current kernel became 561active after the system booted. This is a 562read-only variable. 563 564--- 565kern.chroot_allow_open_directories 566bool 567 568Depending on the setting of this variable, open 569file descriptors which reference directories will 570fail. 571If set to 572.Em 0 , 573.Xr chroot 8 574will always fail with 575.Er EPERM 576if there are any directories open. 577If set to 578.Em 1 579(the default), 580.Xr chroot 8 581will fail with 582.Er EPERM 583if there are any directories open and the 584process is already subject to the 585.Xr chroot 8 586system call. 587Any other value will bypass the check for open directories. 588Please see the 589.Xr chroot 2 590man page for more information. 591 592--- 593kern.clockrate 594struct 595 596Displays information about the system clock. 597This is a read-only variable. 598 599--- 600kern.console 601 602--- 603kern.coredump 604bool 605 606Determines where the kernel should dump a core file 607in the event of a kernel panic. 608 609--- 610kern.corefile 611str 612 613Describes the file name that a core image should be stored to. 614See the 615.Xr core 5 616man page for more information on this variable. 617 618--- 619kern.cp_time 620struct 621 622Contains CPU time statistics. 623This is a read-only variable. 624 625--- 626kern.devname 627struct 628 629An internally used 630.Nm 631that returns suitable device names for the 632.Fn devname 633function. 634See the 635.Xr devname 3 636manual page for more information. 637 638--- 639kern.devstat.all 640struct 641 642An internally used 643.Nm 644that returns current devstat statistics as well 645as the current devstat generation number. 646See the 647.Xr devstat 3 648man page for more information. 649 650--- 651kern.devstat.generation 652 653--- 654kern.devstat.numdevs 655 656--- 657kern.devstat.version 658int 659 660Displays the devstat list version number. 661This is a read-only variable. 662 663--- 664kern.disks 665str 666 667Display disk devices that the kernel is currently 668aware of. 669This is a read-only variable. 670 671--- 672kern.domainname 673str 674 675This shows the name of the current YP/NIS domain. 676 677--- 678kern.drainwait 679int 680 681The time to wait after dropping DTR to the given number. 682The units are measured in hundredths of a second. 683The default is 300 hundredths, 684i.e., 3 seconds. 685This option is needed mainly to set proper recover 686time after modem resets. 687 688--- 689kern.elf32.fallback_brand 690 691--- 692kern.fallback_elf_brand 693 694--- 695kern.file 696struct 697 698Returns the entire file structure. 699 700--- 701kern.function_list 702struct 703 704Returns all functions names in the kernel. 705 706--- 707kern.geom.confdot 708 709--- 710kern.geom.conftxt 711 712--- 713kern.geom.confxml 714 715--- 716kern.hostid 717int 718 719This 720.Nm 721may contain the IP address of the system. 722 723--- 724kern.hostname 725str 726 727Display the system hostname. 728This can be modified with the 729.Xr hostname 1 730utility. 731 732--- 733kern.init_path 734string 735 736The path to search for the 737.Xr init 8 738process. 739This is a read-only variable. 740 741--- 742kern.iov_max 743 744--- 745kern.ipc.clust_hiwm 746 747--- 748kern.ipc.clust_lowm 749 750--- 751kern.ipc.maxsockbuf 752int 753 754The maximum buffer size that may be allocated for sockets. 755See 756.Xr getsockopt 2 757for more information. 758 759--- 760kern.ipc.maxsockets 761int 762 763The maximum number of sockets available. 764 765--- 766kern.ipc.mb_statpcpu 767 768--- 769kern.ipc.mbstat 770 771--- 772kern.ipc.mbuf_hiwm 773 774--- 775kern.ipc.mbuf_lowm 776 777--- 778kern.ipc.mbuf_wait 779 780--- 781kern.ipc.msqids 782 783--- 784kern.ipc.nmbclusters 785bool 786 787Maximum number of mbuf clusters available. 788The kernel uses a preallocated pool of 789.Dq mbuf clusters 790for the 791.Xr mbuf 9 792allocator. 793The pool size is tuned by the kernel during boot. 794That size is set to a value which seems appropriate 795for the current system. 796 797--- 798kern.ipc.nmbcnt 799 800--- 801kern.ipc.nmbufs 802 803--- 804kern.ipc.nsfbufs 805 806--- 807kern.ipc.numopensockets 808 809--- 810kern.ipc.somaxconn 811int 812 813The maximum pending socket connection queue size. 814 815--- 816kern.ipc.zero_copy.receive 817bool 818 819When set to a non-zero value, zero copy is 820enabled for received packets. 821This reduces copying of data around for 822outgoing packets and can significantly 823improve throughput for network connections. 824 825--- 826kern.ipc.zero_copy.send 827bool 828 829When set to a non-zero value, zero copy is 830enabled for sent packets. 831This reduces copying of data around for outgoing 832packets and can significantly improve throughput 833for network connections. 834 835--- 836kern.job_control 837bool 838 839Reports whether or not job control is available. 840This is a read-only variable. 841 842--- 843kern.kq_calloutmax 844 845--- 846kern.lastpid 847int 848 849Displays the last PID used by a process. 850This is a read-only variable. 851 852--- 853kern.logsigexit 854bool 855 856Tells the kernel whether or not to log fatal signal exits. 857 858--- 859kern.malloc 860str 861 862Displays how memory is currently being allocated. 863This is a read-only variable. 864 865--- 866kern.maxfiles 867int 868 869The maximum number of files allowed for all the 870processes of the running kernel. 871You can override the default value which the 872kernel calculates by explicitly setting this to 873a non-zero value. 874Also see the 875.Xr tuning 7 876man page for more information. 877 878--- 879kern.maxfilesperproc 880int 881 882The maximum number of files any one process can open. 883See the 884.Xr ps 1 885utility for more information on monitoring processes. 886 887--- 888kern.maxproc 889int 890 891The maximum number of processes that the system 892can be running at any time. 893See the 894.Xr ps 1 895utility for more information on monitoring processes. 896 897--- 898kern.maxprocperuid 899int 900 901The maximum number of processes one user ID can run. 902See the 903.Xr ps 1 904utility for more information on monitoring processes. 905 906--- 907kern.maxusers 908int 909 910Controls the scaling of a number of static system tables, including 911defaults for the maximum number of open files, sizing of network 912memory resources, etc. 913See the 914.Xr tuning 7 915man page for more information. 916This 917.Nm 918cannot be set using 919.Xr sysctl 8 . 920Use 921.Xr loader 8 922instead to set this at boot time. 923 924--- 925kern.maxvnodes 926bool 927 928The maximum number of 929.Em vnodes 930(virtual file system nodes) 931the system can have open simultaneously. 932 933--- 934kern.minvnodes 935bool 936 937The minimun number of 938.Em vnodes 939(virtual file system nodes) 940the system can have open simultaneously. 941 942--- 943kern.module_path 944str 945 946This 947.Nm 948holds a colon-separated list of directories in which the 949kernel will search for loadable kernel modules. 950This path is search when using commands such as 951.Xr kldload 8 952and 953.Xr kldunload 8 . 954 955--- 956kern.msgbuf 957string 958 959Contains the kernel message buffer. 960 961--- 962kern.msgbuf_clear 963bool 964 965Giving this 966.Nm 967a value of 1 (one) will cause the kernel message buffer to 968be cleared. It should be noted though, that the 969.Nm 970will then automatically revert back to it's original 971value of 0 (zero). 972 973--- 974kern.ngroups 975int 976 977Contains the maximum number of groups that a 978user may belong to. 979This is a read-only variable. 980 981--- 982kern.openfiles 983int 984 985Shows the current amount of system-wide 986open files. 987This is useful when used in conjunction 988with 989.Va kern.maxfiles 990for tuning your system. 991This is a read-only variable. 992 993--- 994kern.osreldate 995string 996 997Displays the kernel release date. 998This is a read-only variable. 999 1000--- 1001kern.osrelease 1002str 1003 1004Displays the current version of 1005.Fx 1006running. 1007This is a read-only variable. 1008 1009--- 1010kern.osrevision 1011string 1012 1013Displays the operating system revision. 1014This is a read-only variable. 1015 1016--- 1017kern.ostype 1018str 1019 1020Alter the name of the current operating system. 1021Changing this will change the output from 1022the 1023.Xr uname 1 1024utility. 1025Changing the default is not recommended. 1026 1027--- 1028kern.posix1version 1029string 1030 1031Returns the version of 1032.Tn POSIX 1033that the system 1034is attempting to comply with. 1035This is a read-only variable. 1036 1037--- 1038kern.powercycle_on_panic 1039bool 1040 1041In the event of a panic, this variable controls whether or not the 1042system should try to power cycle instead of rebooting. 1043 1044--- 1045kern.poweroff_on_panic 1046bool 1047 1048In the event of a panic, this variable controls whether or not the 1049system should try to power off instead of rebooting. 1050 1051--- 1052kern.proc.all 1053 1054--- 1055kern.proc.args 1056int 1057 1058Allows a process to retrieve the argument list 1059or process title for another process without 1060looking in the address space of another program. 1061This is a read-only variable. 1062 1063--- 1064kern.proc.pgrp 1065 1066--- 1067kern.proc.pid 1068struct 1069 1070This internally used 1071.Nm 1072may be used to extract process information. See 1073.Xr sysctl 3 1074for an example. 1075 1076--- 1077kern.proc.ruid 1078 1079--- 1080kern.proc.tty 1081 1082--- 1083kern.proc.uid 1084 1085--- 1086kern.ps_argsopen 1087bool 1088 1089By setting this to 0, command line arguments are hidden 1090for processes which you are not running. 1091This is useful on multi-user machines where things 1092like passwords might accidentally be added to command 1093line programs. 1094 1095--- 1096 1097kern.quantum 1098 1099--- 1100kern.random.adaptors 1101str 1102 1103Displays registered PRNG adaptors. 1104This is a read-only variable. 1105 1106--- 1107kern.random.sys.burst 1108 1109--- 1110kern.random.sys.harvest.ethernet 1111 1112--- 1113kern.random.sys.harvest.interrupt 1114 1115--- 1116kern.random.sys.harvest.point_to_point 1117 1118--- 1119kern.random.sys.harvest.swi 1120 1121--- 1122kern.random.sys.seeded 1123 1124--- 1125kern.randompid 1126 1127--- 1128kern.rootdev 1129string 1130 1131Displays the current root file system device. This 1132is a read-only variable. 1133 1134--- 1135kern.saved_ids 1136bool 1137 1138Displays whether or not saved set-group/user ID is 1139available. This is a read-only variable. 1140 1141--- 1142kern.securelevel 1143bool 1144 1145The current kernel security level. 1146See the 1147.Xr init 8 1148manual page for a good description 1149about what a security level is. 1150 1151--- 1152kern.sugid_coredump 1153bool 1154 1155By default, a process that changes user or group credentials whether 1156real or effective will not create a corefile. 1157This behavior can be changed to generate a core dump by 1158setting this variable to 1. 1159 1160--- 1161kern.sync_on_panic 1162bool 1163 1164In the event of a panic, this variable controls whether or not the 1165system should try and 1166.Xr sync 8 . 1167In some circumstances, this could cause a double panic, and as a result, 1168this may be turned off if needed. 1169 1170--- 1171kern.threads.debug 1172bool 1173 1174Determines whether to use debugging for kernel threads. 1175This is useful for testing. 1176 1177--- 1178kern.threads.max_groups_per_proc 1179 1180--- 1181kern.threads.max_threads_hits 1182 1183--- 1184kern.threads.max_threads_per_proc 1185 1186--- 1187kern.threads.virtual_cpu 1188int 1189 1190The maximum amount of virtual CPU's that be used for 1191threading. 1192 1193--- 1194kern.tty_nin 1195 1196--- 1197kern.tty_nout 1198 1199--- 1200kern.ttys 1201bool 1202 1203Used internally by the 1204.Xr pstat 8 1205command. 1206This is a read-only variable. 1207 1208--- 1209kern.version 1210str 1211 1212Displays the current kernel version information. 1213This is a read-only variable. 1214 1215--- 1216machdep.acpi_root 1217 1218--- 1219machdep.cpu_idle_hlt 1220bool 1221 1222Halt idle CPUs. 1223This is good for an SMP system. 1224 1225--- 1226machdep.disable_mtrrs 1227 1228--- 1229machdep.guessed_bootdev 1230 1231--- 1232machdep.hyperthreading_allowed 1233bool 1234 1235Setting this tunable to zero disables 1236the use of additional logical processors 1237provided by Intel HTT technology. 1238 1239--- 1240machdep.panic_on_nmi 1241 1242--- 1243machdep.siots 1244 1245--- 1246net.inet.accf.unloadable 1247 1248--- 1249net.inet.icmp.bmcastecho 1250 1251--- 1252net.inet.icmp.drop_redirect 1253 1254--- 1255net.inet.icmp.icmplim 1256 1257--- 1258net.inet.icmp.icmplim_output 1259 1260--- 1261net.inet.icmp.log_redirect 1262 1263--- 1264net.inet.icmp.maskfake 1265 1266--- 1267net.inet.icmp.maskrepl 1268 1269--- 1270net.inet.ip.accept_sourceroute 1271bool 1272 1273Controls forwarding of source-routed IP packets. 1274 1275--- 1276net.inet.ip.check_interface 1277bool 1278 1279This 1280.Nm 1281verifies that packets arrive on the correct interfaces. 1282 1283--- 1284net.inet.ip.fastforwarding 1285bool 1286 1287When fast forwarding is enabled, IP packets are forwarded directly to 1288the appropriate network interface with a minimal validity checking, 1289which greatly improves throughput. 1290Please see the 1291.Xr inet 4 1292man page for more information. 1293 1294--- 1295net.inet.ip.forwarding 1296bool 1297 1298Act as a gateway machine and forward packets. 1299This can also be configured using the 1300gateway_enable value in 1301.Pa /etc/rc.conf 1302 1303--- 1304net.inet.ip.fw.one_pass 1305int 1306 1307--- 1308net.inet.ip.intr_queue_drops 1309 1310--- 1311net.inet.ip.intr_queue_maxlen 1312 1313--- 1314net.inet.ip.maxfragpackets 1315 1316--- 1317net.inet.ip.maxfragsperpacket 1318 1319--- 1320net.inet.ip.redirect 1321bool 1322 1323Controls the sending of ICMP redirects in response to unforwardable IP 1324packets. 1325 1326--- 1327net.inet.ip.sourceroute 1328bool 1329 1330Determines whether or not source routed IP packets 1331should be forwarded. 1332 1333--- 1334net.inet.ip.stats 1335 1336--- 1337net.inet.ip.ttl 1338int 1339 1340The TTL (time-to-live) to use for outgoing packets. 1341 1342--- 1343net.inet.raw.maxdgram 1344 1345--- 1346net.inet.raw.olddiverterror 1347 1348--- 1349net.inet.raw.pcblist 1350 1351--- 1352net.inet.raw.recvspace 1353 1354--- 1355net.inet.tcp.always_keepalive 1356bool 1357 1358Determines whether or not to attempt to detect dead TCP 1359connections by sending 'keepalives' intermittently. This 1360is enabled by default and can also be configured using the 1361tcp_keepalive value in 1362.Pa /etc/rc.conf 1363 1364--- 1365net.inet.tcp.blackhole 1366bool 1367 1368Manipulates system behavior when 1369connection requests are received on a 1370TCP port without a socket listening. 1371See the 1372.Xr blackhole 4 1373man page for more information. 1374 1375--- 1376net.inet.tcp.delacktime 1377 1378--- 1379net.inet.tcp.delayed_ack 1380bool 1381 1382Historically speaking, this feature was designed to allow the 1383acknowledgment to transmitted data to be returned along with the 1384response. See the 1385.Xr tuning 7 1386man page for more information. 1387 1388--- 1389net.inet.tcp.do_tcpdrain 1390 1391--- 1392net.inet.tcp.getcred 1393 1394--- 1395net.inet.tcp.icmp_may_rst 1396 1397--- 1398net.inet.tcp.inflight_debug 1399bool 1400 1401Control debugging for the 1402.Va net.inet.tcp.inflight_enable 1403.Nm . 1404Please see the 1405.Xr tuning 7 1406man page for more information. 1407 1408--- 1409net.inet.tcp.inflight_enable 1410bool 1411 1412Turns on bandwidth delay product limiting for all 1413TCP connections. Please see the 1414.Xr tuning 7 1415man page for more information. 1416 1417--- 1418net.inet.tcp.inflight_max 1419bool 1420 1421.Em double check 1422The maximum amount of data that may be queued for 1423bandwidth delay product limiting. 1424 1425--- 1426net.inet.tcp.inflight_min 1427bool 1428 1429.Em double check 1430The minimum amount of data that may be queued for 1431bandwidth delay product limiting. 1432 1433--- 1434net.inet.tcp.inflight_stab 1435bool 1436 1437This parameter represents the maximal packets 1438added to the bandwidth delay product window 1439calculation. Changing this is not recommended. 1440 1441--- 1442net.inet.tcp.isn_reseed_interval 1443 1444--- 1445net.inet.tcp.local_slowstart_flightsize 1446 1447--- 1448net.inet.tcp.log_in_vain 1449bool 1450 1451Allows the system to log connections to TCP 1452ports that do not have sockets listening. 1453This variable can also be tuned by changing 1454the value for log_in_vain 1455in 1456.Pa /etc/rc.conf 1457 1458--- 1459net.inet.tcp.minmss 1460bool 1461 1462Enable for network link optimization TCP can adjust its MSS and thus 1463packet size according to the observed path MTU. This is done 1464dynamically based on feedback from the remote host and network 1465components along the packet path. This information can be 1466abused to pretend an extremely low path MTU. 1467 1468--- 1469net.inet.tcp.minmssoverload 1470bool 1471 1472The PSS rate for the 1473.Va net.inet.tcp.minmss 1474sysctl. 1475Setting this will force packets to be reset 1476and dropped, this should hinder the availability 1477of DoS attacks on WWW servers using POST attacks. 1478 1479--- 1480net.inet.tcp.msl 1481 1482--- 1483net.inet.tcp.mssdflt 1484bool 1485 1486This is the default TCP Maximum Segment Size 1487for TCP packets. The default setting is recommended 1488in most cases. 1489 1490--- 1491net.inet.tcp.v6mssdflt 1492bool 1493 1494This is the default TCP Maximum Segment Size 1495for TCP IPv6 packets. The default setting is recommend 1496in most cases. 1497 1498--- 1499net.inet.tcp.newreno 1500 1501--- 1502net.inet.tcp.path_mtu_discovery 1503 1504--- 1505net.inet.tcp.pcbcount 1506 1507--- 1508net.inet.tcp.pcblist 1509 1510--- 1511net.inet.tcp.recvspace 1512bool 1513 1514This variables controls the amount of receive 1515buffer space for any given TCP connection. This 1516can be particularly useful when tuning network 1517applications. See the 1518.Xr tuning 7 1519man page for more information. 1520 1521--- 1522net.inet.tcp.rexmit_min 1523 1524--- 1525net.inet.tcp.rexmit_slop 1526 1527--- 1528net.inet.tcp.rfc1323 1529bool 1530 1531Determines whether support for RFC1323 (TCP Extensions 1532for High Performance) should be enabled. 1533This variable can also be tuned by changing the value 1534for tcp_extensions in 1535.Pa /etc/rc.conf 1536 1537--- 1538net.inet.tcp.rfc1644 1539 1540--- 1541net.inet.tcp.rfc3042 1542 1543--- 1544net.inet.tcp.rfc3390 1545 1546--- 1547net.inet.tcp.sendspace 1548bool 1549 1550This variables controls the amount of send 1551buffer space for any given TCP connection. This 1552can be particularly useful when tuning network 1553applications. See the 1554.Xr tuning 7 1555manual page for more information. 1556 1557--- 1558net.inet.tcp.slowstart_flightsize 1559 1560--- 1561net.inet.tcp.stats 1562 1563--- 1564net.inet.tcp.syncache.bucketlimit 1565 1566--- 1567net.inet.tcp.syncache.cachelimit 1568 1569--- 1570net.inet.tcp.syncache.count 1571 1572--- 1573net.inet.tcp.syncache.hashsize 1574 1575--- 1576net.inet.tcp.syncache.rexmtlimit 1577 1578--- 1579net.inet.tcp.syncookies 1580 1581--- 1582net.inet.tcp.tcbhashsize 1583 1584--- 1585net.inet.tcp.v6mssdflt 1586 1587--- 1588net.inet.udp.blackhole 1589bool 1590 1591Manipulates system behavior when 1592connection requests are received on a 1593UDP port. 1594See the 1595.Xr blackhole 4 1596man page for more information. 1597 1598--- 1599net.inet.udp.getcred 1600 1601--- 1602net.inet.udp.log_in_vain 1603bool 1604 1605Allows the system to log connections to UDP 1606ports that do not have sockets listening. 1607This variable can also be tuned by changing 1608the value for log_in_vain 1609in 1610.Pa /etc/rc.conf 1611 1612--- 1613net.inet.udp.maxdgram 1614 1615--- 1616net.inet.udp.pcblist 1617 1618--- 1619net.inet.udp.recvspace 1620 1621--- 1622net.inet.udp.stats 1623 1624--- 1625net.inet6.icmp6.errppslimit 1626 1627--- 1628net.inet6.icmp6.nd6_debug 1629 1630--- 1631net.inet6.icmp6.nd6_delay 1632 1633--- 1634net.inet6.icmp6.nd6_maxnudhint 1635 1636--- 1637net.inet6.icmp6.nd6_mmaxtries 1638 1639--- 1640net.inet6.icmp6.nd6_prune 1641 1642--- 1643net.inet6.icmp6.nd6_umaxtries 1644 1645--- 1646net.inet6.icmp6.nd6_useloopback 1647 1648--- 1649net.inet6.icmp6.nodeinfo 1650 1651--- 1652net.inet6.icmp6.rediraccept 1653 1654--- 1655net.inet6.icmp6.redirtimeout 1656 1657--- 1658net.inet6.tcp6.getcred 1659 1660--- 1661net.inet6.udp6.getcred 1662 1663--- 1664net.isr.enable 1665 1666--- 1667net.link.ether.inet.log_arp_movements 1668 1669--- 1670net.link.ether.inet.log_arp_wrong_iface 1671 1672--- 1673net.link.ether.ipfw 1674 1675--- 1676net.link.generic.ifdata 1677 1678--- 1679net.link.generic.system.ifcount 1680 1681--- 1682net.link.gif.max_nesting 1683bool 1684 1685Determines whether to allow recursive tunnels or not. 1686 1687--- 1688net.link.gif.parallel_tunnels 1689bool 1690 1691Determines whether to allow parallel tunnels or not. 1692 1693--- 1694net.local.dgram.pcblist 1695 1696--- 1697net.local.stream.pcblist 1698 1699--- 1700security.bsd.see_other_uids 1701bool 1702 1703Turning this option on will prevent users from viewing information 1704about processes running under other user id numbers (UIDs). 1705 1706--- 1707security.bsd.suser_enabled 1708 1709--- 1710security.bsd.unprivileged_proc_debug 1711 1712--- 1713security.bsd.unprivileged_read_msgbuf 1714 1715--- 1716security.jail.set_hostname_allowed 1717bool 1718 1719Determines whether or not the root user 1720within the jail can set the hostname. 1721 1722--- 1723security.jail.socket_unixiproute_only 1724 1725--- 1726security.jail.sysvipc_allowed 1727 1728--- 1729security.mac.biba.enabled 1730bool 1731 1732Enables enforcement of the Biba integrity policy. 1733 1734--- 1735security.mac.biba.ptys_equal 1736bool 1737 1738Label 1739.Sm off 1740.Xr pty 4 1741s 1742.Sm on 1743as 1744.Dq biba/equal 1745upon creation. 1746 1747--- 1748security.mac.biba.revocation_enabled 1749bool 1750 1751Revoke access to objects if the label is changed to dominate the subject. 1752 1753--- 1754security.mac.enforce_fs 1755bool 1756 1757Enforce MAC policies for file system accesses. 1758 1759--- 1760security.mac.enforce_kld 1761bool 1762 1763Enforce MAC policies on 1764.Xr kld 4 . 1765 1766--- 1767security.mac.enforce_network 1768bool 1769 1770Enforce MAC policies on network interfaces. 1771 1772--- 1773security.mac.enforce_pipe 1774bool 1775 1776Enforce MAC policies on pipes. 1777 1778--- 1779security.mac.enforce_process 1780bool 1781 1782Enforce MAC policies between system processes 1783(e.g. 1784.Xr ps 1 , 1785.Xr ktrace 2 ). 1786 1787--- 1788security.mac.enforce_socket 1789bool 1790 1791Enforce MAC policies on sockets. 1792 1793--- 1794security.mac.enforce_system 1795bool 1796 1797Enforce MAC policies on system-related items 1798(e.g. 1799.Xr kenv 1 , 1800.Xr acct 2 , 1801.Xr reboot 2 ). 1802 1803--- 1804security.mac.enforce_vm 1805bool 1806 1807Enforce MAC policies on 1808.Xr mmap 2 1809and 1810.Xr mprotect 2 . 1811 1812--- 1813security.mac.ifoff.lo_enabled 1814bool 1815 1816Use this too disable network traffic over the loopback 1817.Xr lo 4 1818interface. 1819See 1820.Xr mac_ifoff 4 1821for more information. 1822 1823--- 1824security.mac.ifoff.other_enabled 1825bool 1826 1827Use this to enable network traffic over other interfaces. 1828See 1829.Xr mac_ifoff 4 1830for more information. 1831 1832--- 1833security.mac.ifoff.bpfrecv_enabled 1834bool 1835 1836Use this too allow 1837.Xr bpf 4 1838traffic to be received, 1839even while other traffic is disabled. 1840 1841--- 1842security.mac.mls.enabled 1843bool 1844 1845Enables the enforcement of the MLS confidentiality policy, 1846see 1847.Xr mac_mls 4 1848for more information. 1849 1850--- 1851security.mac.mls.ptys_equal 1852bool 1853 1854Label 1855.Sm off 1856.Xr pty 4 1857s 1858.Sm on 1859as 1860.Dq mls/equal 1861upon creation. 1862 1863--- 1864security.mac.mls.revocation_enabled 1865bool 1866 1867Revoke access to objects if the label is changed to a more sensitive 1868level than the subject. 1869 1870--- 1871security.mac.portacl.rules 1872str 1873 1874The port access control list is specified in the following format: 1875 1876.Sy idtype 1877.Li : 1878.Sy id 1879.Li : 1880.Sy protocol 1881.Li : 1882.Sy port 1883.Li [, 1884.Sy idtype 1885.Li : 1886.Sy id 1887.Li : 1888.Sy protocol 1889.Li : 1890.Sy port 1891.Li ,...] 1892 1893.Sy idtype 1894Describes the type of subject match to be performed. 1895Either 1896.Li uid 1897for userid matching, or 1898.Li gid 1899for group ID matching. 1900.Sy id 1901The user or group ID (depending on 1902.Sy idtype ) 1903allowed to bind to the specified port. 1904.Bf -emphasis 1905NOTE: User and group names are not valid; only the actual ID numbers 1906may be used. 1907.Ef 1908.Sy protocol 1909Describes which protocol this entry applies to. 1910Either 1911.Li tcp 1912or 1913.Li udp 1914are supported. 1915.Sy port 1916Describes which port this entry applies to. 1917.Bf -emphasis 1918NOTE: MAC security policies may not override other security system policies 1919by allowing accesses that they may deny, such as 1920.Va net.inet.ip.portrange.reservedlow / 1921.Va net.inet.ip.portrange.reservedhigh . 1922.Ef 1923 1924--- 1925security.mac.seeotheruids.enabled 1926bool 1927 1928Enable/disable 1929.Va security.mac.seeotheruids 1930See 1931.Xr mac_seeotheruids 4 1932for more information. 1933 1934--- 1935security.mac.seeotheruids.primarygroup_enabled 1936bool 1937 1938Allow users to see processes and sockets owned by the same primary 1939group. 1940 1941--- 1942security.mac.seeotheruids.specificgid_enabled 1943bool 1944 1945Allow processes with a specific group ID to be exempt from the policy, 1946set this to 1947.Li 1 1948and set 1949.Va security.mac.seeotheruids.specificgid 1950to the gid to be exempted. 1951 1952--- 1953security.mac_test 1954str 1955 1956Used for debugging. 1957See 1958.Xr mac_test 4 1959for more information. 1960 1961--- 1962user.bc_base_max 1963 1964--- 1965user.bc_dim_max 1966 1967--- 1968user.bc_scale_max 1969 1970--- 1971user.bc_string_max 1972 1973--- 1974user.coll_weights_max 1975 1976--- 1977user.cs_path 1978 1979--- 1980user.line_max 1981 1982--- 1983user.posix2_c_bind 1984 1985--- 1986user.posix2_c_dev 1987 1988--- 1989user.posix2_fort_dev 1990 1991--- 1992user.posix2_fort_run 1993 1994--- 1995user.posix2_localedef 1996 1997--- 1998user.posix2_sw_dev 1999 2000--- 2001user.posix2_upe 2002 2003--- 2004user.posix2_version 2005 2006--- 2007user.re_dup_max 2008 2009--- 2010user.stream_max 2011 2012--- 2013user.tzname_max 2014 2015--- 2016vfs.altbufferflushes 2017 2018--- 2019vfs.bufdefragcnt 2020 2021--- 2022vfs.buffreekvacnt 2023 2024--- 2025vfs.bufmallocspace 2026 2027--- 2028vfs.bufreusecnt 2029 2030--- 2031vfs.bufspace 2032 2033--- 2034vfs.cache.nchstats 2035 2036--- 2037vfs.conflist 2038 2039--- 2040vfs.devfs.generation 2041 2042--- 2043vfs.devfs.inodes 2044 2045--- 2046vfs.devfs.noverflow 2047 2048--- 2049vfs.devfs.topinode 2050 2051--- 2052vfs.dirtybufferflushes 2053 2054--- 2055vfs.dirtybufthresh 2056 2057--- 2058vfs.ffs.adjblkcnt 2059 2060--- 2061vfs.ffs.adjrefcnt 2062 2063--- 2064vfs.ffs.freeblks 2065 2066--- 2067vfs.ffs.freedirs 2068 2069--- 2070vfs.ffs.freefiles 2071 2072--- 2073vfs.ffs.setflags 2074 2075--- 2076vfs.flushwithdeps 2077 2078--- 2079vfs.getnewbufcalls 2080 2081--- 2082vfs.getnewbufrestarts 2083 2084--- 2085vfs.hibufspace 2086 2087--- 2088vfs.hidirtybuffers 2089 2090--- 2091vfs.hifreebuffers 2092 2093--- 2094vfs.hirunningspace 2095 2096--- 2097vfs.lobufspace 2098 2099--- 2100vfs.lodirtybuffers 2101 2102--- 2103vfs.lofreebuffers 2104 2105--- 2106vfs.lorunningspace 2107 2108--- 2109vfs.maxbufspace 2110 2111--- 2112vfs.maxmallocbufspace 2113 2114--- 2115vfs.numdirtybuffers 2116 2117--- 2118vfs.numfreebuffers 2119 2120--- 2121vfs.opv_numops 2122 2123--- 2124vfs.pfs.vncache.entries 2125 2126--- 2127vfs.pfs.vncache.hits 2128 2129--- 2130vfs.pfs.vncache.maxentries 2131 2132--- 2133vfs.pfs.vncache.misses 2134 2135--- 2136vfs.read_max 2137 2138--- 2139vfs.recursiveflushes 2140 2141--- 2142vfs.runningbufspace 2143 2144--- 2145vfs.ufs.dirhash_docheck 2146 2147--- 2148vfs.ufs.dirhash_maxmem 2149 2150--- 2151vfs.ufs.dirhash_mem 2152 2153--- 2154vfs.ufs.dirhash_minsize 2155 2156--- 2157vfs.usermount 2158bool 2159 2160This 2161.Nm 2162allows the root user to grant access to non-root users 2163so that they may mount floppy and CD-ROM drives. 2164 2165--- 2166vfs.vmiodirenable 2167bool 2168 2169Controls how directories are cached by the system. 2170This is turned on by default. See the 2171.Xr tuning 7 2172man page for a more detailed explanation on this 2173variable. 2174 2175--- 2176vfs.write_behind 2177bool 2178 2179Tells the file system to issue media writes as 2180full clusters are collected, which typically 2181occurs when writing large sequential files. 2182This is turned on by default, but under certain 2183circumstances may stall processes and can therefore 2184be turned off. 2185 2186--- 2187vm.disable_swapspace_pageouts 2188 2189--- 2190vm.dmmax 2191 2192--- 2193vm.kvm_free 2194 2195--- 2196vm.kvm_size 2197 2198--- 2199vm.loadavg 2200struct 2201 2202Displays the load average history. This is a 2203read-only variable. 2204 2205--- 2206vm.max_launder 2207 2208--- 2209vm.nswapdev 2210int 2211 2212Displays the number of swap devices available 2213to the system. This is a read-only variable. 2214 2215--- 2216vm.pageout_full_stats_interval 2217 2218--- 2219vm.pageout_lock_miss 2220 2221--- 2222vm.pageout_stats_free_max 2223 2224--- 2225vm.pageout_stats_interval 2226 2227--- 2228vm.pageout_stats_max 2229 2230--- 2231vm.stats.sys.v_intr 2232 2233--- 2234vm.stats.sys.v_soft 2235 2236--- 2237vm.stats.sys.v_swtch 2238 2239--- 2240vm.stats.sys.v_syscall 2241 2242--- 2243vm.stats.sys.v_trap 2244 2245--- 2246vm.stats.vm.v_cow_faults 2247 2248--- 2249vm.stats.vm.v_cow_optim 2250 2251--- 2252vm.stats.vm.v_forkpages 2253 2254--- 2255vm.stats.vm.v_forks 2256 2257--- 2258vm.stats.vm.v_intrans 2259 2260--- 2261vm.stats.vm.v_kthreadpages 2262 2263--- 2264vm.stats.vm.v_kthreads 2265 2266--- 2267vm.stats.vm.v_ozfod 2268 2269--- 2270vm.stats.vm.v_pdpages 2271 2272--- 2273vm.stats.vm.v_pdwakeups 2274 2275--- 2276vm.stats.vm.v_reactivated 2277 2278--- 2279vm.stats.vm.v_rforkpages 2280 2281--- 2282vm.stats.vm.v_rforks 2283 2284--- 2285vm.stats.vm.v_swapin 2286 2287--- 2288vm.stats.vm.v_swapout 2289 2290--- 2291vm.stats.vm.v_swappgsin 2292 2293--- 2294vm.stats.vm.v_swappgsout 2295 2296--- 2297vm.stats.vm.v_vforkpages 2298 2299--- 2300vm.stats.vm.v_vforks 2301 2302--- 2303vm.stats.vm.v_vm_faults 2304 2305--- 2306vm.stats.vm.v_vnodein 2307 2308--- 2309vm.stats.vm.v_vnodeout 2310 2311--- 2312vm.stats.vm.v_vnodepgsin 2313 2314--- 2315vm.stats.vm.v_vnodepgsout 2316 2317--- 2318vm.stats.vm.v_zfod 2319 2320--- 2321vm.swap_async_max 2322int 2323 2324The maximum number of in-progress async operations 2325that may be performed. 2326 2327--- 2328vm.swap_enabled 2329bool 2330 2331Determines whether or not processes may swap. 2332 2333--- 2334vm.swap_idle_enabled 2335 2336See 2337.Xr tuning 7 2338for a detailed explanation of this 2339.Nm . 2340 2341--- 2342vm.swap_info 2343 2344--- 2345vm.vmtotal 2346string 2347 2348Displays virtual memory statistics which are collected 2349at five second intervals. 2350 2351--- 2352vm.zone 2353string 2354 2355Shows memory used by the kernel zone allocator, by zone. 2356This information can also be found by using the 2357.Xr vmstat 8 2358command. 2359 2360--- 2361 2362