1--- 2debug.disablecwd 3bool 4 5Determines whether or not the 6.Xr getwcd 3 7system call should be allowed. 8 9--- 10debug.disablefullpath 11bool 12 13Determines whether or not the 14.Fn vn_fullpath 15function may be used. 16 17--- 18debug.dobkgrdwrite 19bool 20 21Determines if background writes should be performed. 22 23--- 24debug.hashstat.nchash 25struct 26 27Displays nchash chain lengths. This is a read-only 28variable. 29 30--- 31debug.hashstat.rawnchash 32 33--- 34debug.ieee80211 35bool 36 37This 38.Nm 39allows you to enable or disable debugging for 802.11 devices. 40 41--- 42debug.kdb.available 43variable 44 45Used to retrieve a list of currently available debugger backends. 46 47--- 48debug.kdb.current 49variable 50 51Allows for the selection of the debugger backend 52which is used to handle debugger requests. 53 54--- 55debug.kdb.enter 56variable 57 58When written to, the system should break to the debugger. 59 60--- 61debug.malloc.failure_count 62bool 63 64Number of times a coerced malloc failure has occurred as a 65result of 66.Va debug.malloc.failure_rate . 67Useful for tracking what might have happened 68and whether failures are being generated. 69 70--- 71debug.malloc.failure_rate 72bool 73 74Debugging feature causing 75.Dv M_NOWAIT 76allocations to fail at a specified rate. 77How often to generate a failure: if set to 0 (default), this 78feature is disabled. 79In other words if set to 10 (one in ten 80.Xr malloc 3 81calls will fail). 82 83--- 84debug.rman_debug 85bool 86 87This 88.Nm 89allows you to enable or disable debugging for 90.Xr rman 9 , 91the 92.Fx 93resource manager. 94 95--- 96debug.sizeof.bio 97 98--- 99debug.sizeof.buf 100 101--- 102debug.sizeof.cdev 103 104--- 105debug.sizeof.devstat 106 107--- 108debug.sizeof.kinfo_proc 109 110--- 111debug.sizeof.proc 112 113--- 114debug.sizeof.vnode 115 116--- 117debug.vnlru_nowhere 118 119--- 120hw.acpi.cpu.current_speed 121bool 122 123Display the current CPU speed. 124This is adjustable, but doing so is not recommended. 125 126--- 127hw.acpi.cpu.max_speed 128int 129 130Allows you to change the stepping for processor speed 131on machines which support 132.Xr acpi 4 . 133 134--- 135hw.acpi.disable_on_poweroff 136bool 137 138Some systems using 139.Xr acpi 4 140have problems powering off when shutting down with 141.Xr acpi 4 142enabled. This 143.Nm 144disables 145.Xr acpi 4 146when rebooting and shutting down. 147 148--- 149hw.acpi.s4bios 150bool 151 152This 153.Nm 154determines whether or not the S4BIOS sleep implementation 155should be used. 156 157--- 158hw.acpi.sleep_delay 159int 160 161Set the sleep delay for 162.Xr acpi 4 . 163 164--- 165hw.acpi.supported_sleep_state 166bool 167 168List supported 169.Tn ACPI 170sleep states 171 172--- 173hw.acpi.thermal.min_runtime 174 175--- 176hw.acpi.thermal.polling_rate 177int 178 179The interval in seconds that should be used to check 180the current system temperature. 181 182--- 183hw.acpi.thermal.tz0.temperature 184str 185 186Displays the current temperature. 187This is a read-only variable. 188 189--- 190hw.acpi.thermal.tz0.thermal_flags 191 192--- 193hw.acpi.verbose 194bool 195 196Determines whether or not 197.Xr acpi 4 198should be verbose. 199 200--- 201hw.ata.ata_dma 202bool 203 204Allows the enabling and disabling of DMA for 205ATA devices. 206 207--- 208hw.ata.atapi_dma 209bool 210 211Allows the enabling and disabling of DMA for 212atapi devices, such as CD-ROM drives. 213 214--- 215hw.ata.tags 216bool 217 218An experimental feature for IDE hard drives which 219allows write caching to be turned on. 220Please read the 221.Xr tuning 7 222manual page carefully before using this. 223 224--- 225hw.ata.wc 226bool 227 228Determines whether or not IDE write caching should 229be turned on or off. 230See 231.Xr tuning 7 232for more information. 233 234--- 235hw.bus.devices 236 237--- 238hw.bus.info 239int 240 241This is an internally used function that returns 242the kernel bus interface version. 243 244--- 245hw.bus.rman 246 247--- 248hw.busdmafree_bpages 249 250--- 251hw.busdma.reserved_bpages 252 253--- 254hw.busdma.active_bpages 255 256--- 257hw.busdma.total_bpages 258 259--- 260hw.busdma.total_bounced 261 262--- 263hw.busdma.total_deferred 264 265--- 266hw.byteorder 267int 268 269Returns the system byte order. 270This is a read-only variable. 271 272--- 273hw.cardbus.cis_debug 274 275--- 276hw.cardbus.debug 277 278--- 279hw.cbb.debug 280 281--- 282hw.cbb.start_16_io 283 284--- 285hw.cbb.start_32_io 286 287--- 288hw.cbb.start_memory 289 290--- 291hw.floatingpoint 292bool 293 294Reports true if the machine has a floating point processor. 295This is a read-only variable. 296 297--- 298hw.fxp0.bundle_max 299int 300 301Controls the receive interrupt microcode bundle size limit 302for the 303.Xr fxp 4 304device. 305 306--- 307hw.fxp0.int_delay 308int 309 310Controls the receive interrupt microcode bundling delay 311for the 312.Xr fxp 4 313device. 314 315--- 316hw.fxp_noflow 317bool 318 319Disables flow control support on 320.Xr fxp 4 321cards. 322When flow control is enabled, and if the operating system 323does not acknowledge the packet buffer filling, 324the card will begin to generate Ethernet quench 325packets, but appears to get into a feedback 326loop of some sort, hosing local switches. 327This is a workaround for this issue. 328 329--- 330hw.fxp_rnr 331int 332 333Set the amount of times that a no-resource 334condition may occur before the 335.Xr fxp 4 336device may restart. 337 338--- 339hw.instruction_sse 340bool 341 342Returns true if SSE support is enabled in the kernel. 343This is a read-only variable. 344 345--- 346hw.intrcnt 347bool 348 349Displays a list of interrupt counters. 350This is a read-only variable. 351 352--- 353hw.intrnames 354str 355 356Displays a list of zero-terminated interrupt 357names. This is a read-only variable. 358 359--- 360hw.kbd.keymap_restrict_change 361bool 362 363This sysctl acts as a sort of secure-level, allowing 364control of the console keymap. 365Giving this a value of 1 means that only the 366root user can change restricted keys 367(like boot, panic...). 368A value of 2 means that only root 369can change restricted keys and regular keys. 370Regular users still can change accents and function keys. 371A value of 3 means only root can change restricted, 372regular and accent keys, while a value of 4 means that 373no changes to the keymap are 374allowed by anyone other than the root user. 375 376--- 377hw.machine 378str 379 380Displays the machine class. 381This is a read-only variable. 382 383--- 384hw.machine_arch 385str 386 387Displays the current architecture. 388This is a read-only variable. 389 390--- 391hw.model 392str 393 394Displays the model information of the current running hardware. 395This is a read-only variable. 396 397--- 398hw.ncpu 399bool 400 401Report the number of CPU's in the system. 402This is a read-only variable. 403 404--- 405hw.pagesize 406int 407 408Displays the current 409.Xr pagesize 1 . 410This is a read-only variable. 411 412--- 413hw.pccard.cis_debug 414int 415 416Allows debugging to be turned on or off for 417CIS. 418 419--- 420hw.pccard.debug 421bool 422 423Determines whether or not to use debugging for the 424PC Card bus driver. 425 426--- 427hw.pci.allow_unsupported_io_range 428bool 429 430Some machines do not detect their CardBus slots correctly 431because they use unsupported I/O ranges. 432This 433.Nm 434allows FreeBSD to use those ranges. 435 436--- 437hw.pci.enable_io_modes 438 439--- 440hw.snd.pcm0.ac97rate 441 442--- 443hw.snd.verbose 444int 445 446Control the level of verbosity for the 447.Pa /dev/sndstat 448device. See the 449.Xr pcm 4 450man page for more information on debug 451levels. 452 453--- 454hw.snd.report_soft_formats 455bool 456 457Controls the internal format conversion if it is available 458transparently to the application software. 459See 460.Xr pcm 4 461for more information. 462 463--- 464hw.syscons.bell 465bool 466 467Allows you to control whether or not to use the 'bell' 468while using the console. This is turned on by default. 469 470--- 471hw.syscons.saver.keybonly 472bool 473 474This variable tells the system that the screen saver 475may only wake up if the keyboard is used. This means 476that log messages that are pushed to the console will 477not cause the screen saver to stop, and display the log 478message will not display. This can be disabled to mimic 479the behavior of older syscons. 480 481--- 482hw.syscons.sc_no_suspend_vtswitch 483bool 484 485Disables switching between virtual terminals during suspend 486or resume. See 487.Xr syscons 4 488for more information. 489 490--- 491hw.wi.debug 492bool 493 494Controls the level of debugging for 495.Xr wi 4 496devices. 497 498--- 499hw.wi.txerate 500int 501 502This value allows controls the maximum amount of error 503messages per second. 504Giving this 505.Nm 506a value of 0 (zero) disables error messages completely. 507 508--- 509kern.acct_chkfreq 510int 511 512Specifies the frequency (in minutes) with which free disk 513space should be checked. 514This is used in conjunction with 515.Va kern.acct_resume 516and 517.Va kern.acct_suspend. 518 519--- 520kern.acct_resume 521int 522 523The percentage of free disk space above which process 524accounting will resume. 525 526--- 527kern.acct_suspend 528int 529 530The percentage of free disk space below which process 531accounting stops. 532 533--- 534kern.argmax 535bool 536 537The maximum number of bytes that can be 538used in an argument to 539.Xr execve 2 . 540This is basically the maximum number of 541characters which can be used in a single 542command line. 543On some rare occasions, this value needs 544altering. 545If so, please check out the 546.Xr xargs 1 547utility. 548 549--- 550kern.bootfile 551str 552 553The kernel which was used to boot the system. 554 555--- 556kern.boottime 557str 558 559The time at which the current kernel became 560active after the system booted. This is a 561read-only variable. 562 563--- 564kern.chroot_allow_open_directories 565bool 566 567Depending on the setting of this variable, open 568file descriptors which reference directories will 569fail. 570If set to 571.Em 0 , 572.Xr chroot 8 573will always fail with 574.Er EPERM 575if there are any directories open. 576If set to 577.Em 1 578(the default), 579.Xr chroot 8 580will fail with 581.Er EPERM 582if there are any directories open and the 583process is already subject to the 584.Xr chroot 8 585system call. 586Any other value will bypass the check for open directories. 587Please see the 588.Xr chroot 2 589man page for more information. 590 591--- 592kern.clockrate 593struct 594 595Displays information about the system clock. 596This is a read-only variable. 597 598--- 599kern.console 600 601--- 602kern.coredump 603bool 604 605Determines where the kernel should dump a core file 606in the event of a kernel panic. 607 608--- 609kern.corefile 610str 611 612Describes the file name that a core image should be stored to. 613See the 614.Xr core 5 615man page for more information on this variable. 616 617--- 618kern.cp_time 619struct 620 621Contains CPU time statistics. 622This is a read-only variable. 623 624--- 625kern.devname 626struct 627 628An internally used 629.Nm 630that returns suitable device names for the 631.Fn devname 632function. 633See the 634.Xr devname 3 635manual page for more information. 636 637--- 638kern.devstat.all 639struct 640 641An internally used 642.Nm 643that returns current devstat statistics as well 644as the current devstat generation number. 645See the 646.Xr devstat 3 647man page for more information. 648 649--- 650kern.devstat.generation 651 652--- 653kern.devstat.numdevs 654 655--- 656kern.devstat.version 657int 658 659Displays the devstat list version number. 660This is a read-only variable. 661 662--- 663kern.disks 664str 665 666Display disk devices that the kernel is currently 667aware of. 668This is a read-only variable. 669 670--- 671kern.domainname 672str 673 674This shows the name of the current YP/NIS domain. 675 676--- 677kern.drainwait 678int 679 680The time to wait after dropping DTR to the given number. 681The units are measured in hundredths of a second. 682The default is 300 hundredths, 683i.e., 3 seconds. 684This option is needed mainly to set proper recover 685time after modem resets. 686 687--- 688kern.elf32.fallback_brand 689 690--- 691kern.fallback_elf_brand 692 693--- 694kern.file 695struct 696 697Returns the entire file structure. 698 699--- 700kern.function_list 701struct 702 703Returns all functions names in the kernel. 704 705--- 706kern.geom.confdot 707 708--- 709kern.geom.conftxt 710 711--- 712kern.geom.confxml 713 714--- 715kern.hostid 716int 717 718This 719.Nm 720may contain the IP address of the system. 721 722--- 723kern.hostname 724str 725 726Display the system hostname. 727This can be modified with the 728.Xr hostname 1 729utility. 730 731--- 732kern.init_path 733string 734 735The path to search for the 736.Xr init 8 737process. 738This is a read-only variable. 739 740--- 741kern.iov_max 742 743--- 744kern.ipc.clust_hiwm 745 746--- 747kern.ipc.clust_lowm 748 749--- 750kern.ipc.maxsockbuf 751int 752 753The maximum buffer size that may be allocated for sockets. 754See 755.Xr getsockopt 2 756for more information. 757 758--- 759kern.ipc.maxsockets 760int 761 762The maximum number of sockets available. 763 764--- 765kern.ipc.mb_statpcpu 766 767--- 768kern.ipc.mbstat 769 770--- 771kern.ipc.mbuf_hiwm 772 773--- 774kern.ipc.mbuf_lowm 775 776--- 777kern.ipc.mbuf_wait 778 779--- 780kern.ipc.msqids 781 782--- 783kern.ipc.nmbclusters 784bool 785 786Maximum number of mbuf clusters available. 787The kernel uses a preallocated pool of 788.Dq mbuf clusters 789for the 790.Xr mbuf 9 791allocator. 792The pool size is tuned by the kernel during boot. 793That size is set to a value which seems appropriate 794for the current system. 795 796--- 797kern.ipc.nmbcnt 798 799--- 800kern.ipc.nmbufs 801 802--- 803kern.ipc.nsfbufs 804 805--- 806kern.ipc.numopensockets 807 808--- 809kern.ipc.somaxconn 810int 811 812The maximum pending socket connection queue size. 813 814--- 815kern.ipc.zero_copy.receive 816bool 817 818When set to a non-zero value, zero copy is 819enabled for received packets. 820This reduces copying of data around for 821outgoing packets and can significantly 822improve throughput for network connections. 823 824--- 825kern.ipc.zero_copy.send 826bool 827 828When set to a non-zero value, zero copy is 829enabled for sent packets. 830This reduces copying of data around for outgoing 831packets and can significantly improve throughput 832for network connections. 833 834--- 835kern.job_control 836bool 837 838Reports whether or not job control is available. 839This is a read-only variable. 840 841--- 842kern.kq_calloutmax 843 844--- 845kern.lastpid 846int 847 848Displays the last PID used by a process. 849This is a read-only variable. 850 851--- 852kern.logsigexit 853bool 854 855Tells the kernel whether or not to log fatal signal exits. 856 857--- 858kern.malloc 859str 860 861Displays how memory is currently being allocated. 862This is a read-only variable. 863 864--- 865kern.maxfiles 866int 867 868The maximum number of files allowed for all the 869processes of the running kernel. 870You can override the default value which the 871kernel calculates by explicitly setting this to 872a non-zero value. 873Also see the 874.Xr tuning 7 875man page for more information. 876 877--- 878kern.maxfilesperproc 879int 880 881The maximum number of files any one process can open. 882See the 883.Xr ps 1 884utility for more information on monitoring processes. 885 886--- 887kern.maxproc 888int 889 890The maximum number of processes that the system 891can be running at any time. 892See the 893.Xr ps 1 894utility for more information on monitoring processes. 895 896--- 897kern.maxprocperuid 898int 899 900The maximum number of processes one user ID can run. 901See the 902.Xr ps 1 903utility for more information on monitoring processes. 904 905--- 906kern.maxusers 907int 908 909Controls the scaling of a number of static system tables, including 910defaults for the maximum number of open files, sizing of network 911memory resources, etc. 912See the 913.Xr tuning 7 914man page for more information. 915This 916.Nm 917cannot be set using 918.Xr sysctl 8 . 919Use 920.Xr loader 8 921instead to set this at boot time. 922 923--- 924kern.maxvnodes 925bool 926 927The maximum number of 928.Em vnodes 929(virtual file system nodes) 930the system can have open simultaneously. 931 932--- 933kern.minvnodes 934bool 935 936The minimun number of 937.Em vnodes 938(virtual file system nodes) 939the system can have open simultaneously. 940 941--- 942kern.module_path 943str 944 945This 946.Nm 947holds a colon-separated list of directories in which the 948kernel will search for loadable kernel modules. 949This path is search when using commands such as 950.Xr kldload 8 951and 952.Xr kldunload 8 . 953 954--- 955kern.msgbuf 956string 957 958Contains the kernel message buffer. 959 960--- 961kern.msgbuf_clear 962bool 963 964Giving this 965.Nm 966a value of 1 (one) will cause the kernel message buffer to 967be cleared. It should be noted though, that the 968.Nm 969will then automatically revert back to it's original 970value of 0 (zero). 971 972--- 973kern.ngroups 974int 975 976Contains the maximum number of groups that a 977user may belong to. 978This is a read-only variable. 979 980--- 981kern.openfiles 982int 983 984Shows the current amount of system-wide 985open files. 986This is useful when used in conjunction 987with 988.Va kern.maxfiles 989for tuning your system. 990This is a read-only variable. 991 992--- 993kern.osreldate 994string 995 996Displays the kernel release date. 997This is a read-only variable. 998 999--- 1000kern.osrelease 1001str 1002 1003Displays the current version of 1004.Fx 1005running. 1006This is a read-only variable. 1007 1008--- 1009kern.osrevision 1010string 1011 1012Displays the operating system revision. 1013This is a read-only variable. 1014 1015--- 1016kern.ostype 1017str 1018 1019Alter the name of the current operating system. 1020Changing this will change the output from 1021the 1022.Xr uname 1 1023utility. 1024Changing the default is not recommended. 1025 1026--- 1027kern.posix1version 1028string 1029 1030Returns the version of 1031.Tn POSIX 1032that the system 1033is attempting to comply with. 1034This is a read-only variable. 1035 1036--- 1037kern.powercycle_on_panic 1038bool 1039 1040In the event of a panic, this variable controls whether or not the 1041system should try to power cycle instead of rebooting. 1042 1043--- 1044kern.poweroff_on_panic 1045bool 1046 1047In the event of a panic, this variable controls whether or not the 1048system should try to power off instead of rebooting. 1049 1050--- 1051kern.proc.all 1052 1053--- 1054kern.proc.args 1055int 1056 1057Allows a process to retrieve the argument list 1058or process title for another process without 1059looking in the address space of another program. 1060This is a read-only variable. 1061 1062--- 1063kern.proc.pgrp 1064 1065--- 1066kern.proc.pid 1067struct 1068 1069This internally used 1070.Nm 1071may be used to extract process information. See 1072.Xr sysctl 3 1073for an example. 1074 1075--- 1076kern.proc.ruid 1077 1078--- 1079kern.proc.tty 1080 1081--- 1082kern.proc.uid 1083 1084--- 1085kern.ps_argsopen 1086bool 1087 1088By setting this to 0, command line arguments are hidden 1089for processes which you are not running. 1090This is useful on multi-user machines where things 1091like passwords might accidentally be added to command 1092line programs. 1093 1094--- 1095 1096kern.quantum 1097 1098--- 1099kern.random.adaptors 1100str 1101 1102Displays registered PRNG adaptors. 1103This is a read-only variable. 1104 1105--- 1106kern.random.sys.burst 1107 1108--- 1109kern.random.sys.harvest.ethernet 1110 1111--- 1112kern.random.sys.harvest.interrupt 1113 1114--- 1115kern.random.sys.harvest.point_to_point 1116 1117--- 1118kern.random.sys.harvest.swi 1119 1120--- 1121kern.random.sys.seeded 1122 1123--- 1124kern.randompid 1125 1126--- 1127kern.rootdev 1128string 1129 1130Displays the current root file system device. This 1131is a read-only variable. 1132 1133--- 1134kern.saved_ids 1135bool 1136 1137Displays whether or not saved set-group/user ID is 1138available. This is a read-only variable. 1139 1140--- 1141kern.securelevel 1142bool 1143 1144The current kernel security level. 1145See the 1146.Xr init 8 1147manual page for a good description 1148about what a security level is. 1149 1150--- 1151kern.sugid_coredump 1152bool 1153 1154By default, a process that changes user or group credentials whether 1155real or effective will not create a corefile. 1156This behavior can be changed to generate a core dump by 1157setting this variable to 1. 1158 1159--- 1160kern.sync_on_panic 1161bool 1162 1163In the event of a panic, this variable controls whether or not the 1164system should try and 1165.Xr sync 8 . 1166In some circumstances, this could cause a double panic, and as a result, 1167this may be turned off if needed. 1168 1169--- 1170kern.threads.debug 1171bool 1172 1173Determines whether to use debugging for kernel threads. 1174This is useful for testing. 1175 1176--- 1177kern.threads.max_groups_per_proc 1178 1179--- 1180kern.threads.max_threads_hits 1181 1182--- 1183kern.threads.max_threads_per_proc 1184 1185--- 1186kern.threads.virtual_cpu 1187int 1188 1189The maximum amount of virtual CPU's that be used for 1190threading. 1191 1192--- 1193kern.tty_nin 1194 1195--- 1196kern.tty_nout 1197 1198--- 1199kern.ttys 1200bool 1201 1202Used internally by the 1203.Xr pstat 8 1204command. 1205This is a read-only variable. 1206 1207--- 1208kern.version 1209str 1210 1211Displays the current kernel version information. 1212This is a read-only variable. 1213 1214--- 1215machdep.acpi_root 1216 1217--- 1218machdep.cpu_idle_hlt 1219bool 1220 1221Halt idle CPUs. 1222This is good for an SMP system. 1223 1224--- 1225machdep.disable_mtrrs 1226 1227--- 1228machdep.guessed_bootdev 1229 1230--- 1231machdep.hyperthreading_allowed 1232bool 1233 1234Setting this tunable to zero disables 1235the use of additional logical processors 1236provided by Intel HTT technology. 1237 1238--- 1239machdep.panic_on_nmi 1240 1241--- 1242machdep.siots 1243 1244--- 1245net.inet.accf.unloadable 1246 1247--- 1248net.inet.icmp.bmcastecho 1249 1250--- 1251net.inet.icmp.drop_redirect 1252 1253--- 1254net.inet.icmp.icmplim 1255 1256--- 1257net.inet.icmp.icmplim_output 1258 1259--- 1260net.inet.icmp.log_redirect 1261 1262--- 1263net.inet.icmp.maskfake 1264 1265--- 1266net.inet.icmp.maskrepl 1267 1268--- 1269net.inet.ip.accept_sourceroute 1270bool 1271 1272Controls forwarding of source-routed IP packets. 1273 1274--- 1275net.inet.ip.check_interface 1276bool 1277 1278This 1279.Nm 1280verifies that packets arrive on the correct interfaces. 1281 1282--- 1283net.inet.ip.fastforwarding 1284bool 1285 1286When fast forwarding is enabled, IP packets are forwarded directly to 1287the appropriate network interface with a minimal validity checking, 1288which greatly improves throughput. 1289Please see the 1290.Xr inet 4 1291man page for more information. 1292 1293--- 1294net.inet.ip.forwarding 1295bool 1296 1297Act as a gateway machine and forward packets. 1298This can also be configured using the 1299gateway_enable value in 1300.Pa /etc/rc.conf 1301 1302--- 1303net.inet.ip.fw.one_pass 1304int 1305 1306--- 1307net.inet.ip.intr_queue_drops 1308 1309--- 1310net.inet.ip.intr_queue_maxlen 1311 1312--- 1313net.inet.ip.maxfragpackets 1314 1315--- 1316net.inet.ip.maxfragsperpacket 1317 1318--- 1319net.inet.ip.redirect 1320bool 1321 1322Controls the sending of ICMP redirects in response to unforwardable IP 1323packets. 1324 1325--- 1326net.inet.ip.sourceroute 1327bool 1328 1329Determines whether or not source routed IP packets 1330should be forwarded. 1331 1332--- 1333net.inet.ip.stats 1334 1335--- 1336net.inet.ip.ttl 1337int 1338 1339The TTL (time-to-live) to use for outgoing packets. 1340 1341--- 1342net.inet.raw.maxdgram 1343 1344--- 1345net.inet.raw.olddiverterror 1346 1347--- 1348net.inet.raw.pcblist 1349 1350--- 1351net.inet.raw.recvspace 1352 1353--- 1354net.inet.tcp.always_keepalive 1355bool 1356 1357Determines whether or not to attempt to detect dead TCP 1358connections by sending 'keepalives' intermittently. This 1359is enabled by default and can also be configured using the 1360tcp_keepalive value in 1361.Pa /etc/rc.conf 1362 1363--- 1364net.inet.tcp.blackhole 1365bool 1366 1367Manipulates system behavior when 1368connection requests are received on a 1369TCP port without a socket listening. 1370See the 1371.Xr blackhole 4 1372man page for more information. 1373 1374--- 1375net.inet.tcp.delacktime 1376 1377--- 1378net.inet.tcp.delayed_ack 1379bool 1380 1381Historically speaking, this feature was designed to allow the 1382acknowledgment to transmitted data to be returned along with the 1383response. See the 1384.Xr tuning 7 1385man page for more information. 1386 1387--- 1388net.inet.tcp.do_tcpdrain 1389 1390--- 1391net.inet.tcp.getcred 1392 1393--- 1394net.inet.tcp.icmp_may_rst 1395 1396--- 1397net.inet.tcp.isn_reseed_interval 1398 1399--- 1400net.inet.tcp.log_in_vain 1401bool 1402 1403Allows the system to log connections to TCP 1404ports that do not have sockets listening. 1405This variable can also be tuned by changing 1406the value for log_in_vain 1407in 1408.Pa /etc/rc.conf 1409 1410--- 1411net.inet.tcp.minmss 1412bool 1413 1414Enable for network link optimization TCP can adjust its MSS and thus 1415packet size according to the observed path MTU. This is done 1416dynamically based on feedback from the remote host and network 1417components along the packet path. This information can be 1418abused to pretend an extremely low path MTU. 1419 1420--- 1421net.inet.tcp.minmssoverload 1422bool 1423 1424The PSS rate for the 1425.Va net.inet.tcp.minmss 1426sysctl. 1427Setting this will force packets to be reset 1428and dropped, this should hinder the availability 1429of DoS attacks on WWW servers using POST attacks. 1430 1431--- 1432net.inet.tcp.msl 1433 1434--- 1435net.inet.tcp.mssdflt 1436bool 1437 1438This is the default TCP Maximum Segment Size 1439for TCP packets. The default setting is recommended 1440in most cases. 1441 1442--- 1443net.inet.tcp.v6mssdflt 1444bool 1445 1446This is the default TCP Maximum Segment Size 1447for TCP IPv6 packets. The default setting is recommend 1448in most cases. 1449 1450--- 1451net.inet.tcp.newreno 1452 1453--- 1454net.inet.tcp.path_mtu_discovery 1455 1456--- 1457net.inet.tcp.pcbcount 1458 1459--- 1460net.inet.tcp.pcblist 1461 1462--- 1463net.inet.tcp.recvspace 1464bool 1465 1466This variables controls the amount of receive 1467buffer space for any given TCP connection. This 1468can be particularly useful when tuning network 1469applications. See the 1470.Xr tuning 7 1471man page for more information. 1472 1473--- 1474net.inet.tcp.rexmit_min 1475 1476--- 1477net.inet.tcp.rexmit_slop 1478 1479--- 1480net.inet.tcp.rfc1323 1481bool 1482 1483Determines whether support for RFC1323 (TCP Extensions 1484for High Performance) should be enabled. 1485This variable can also be tuned by changing the value 1486for tcp_extensions in 1487.Pa /etc/rc.conf 1488 1489--- 1490net.inet.tcp.rfc1644 1491 1492--- 1493net.inet.tcp.rfc3042 1494 1495--- 1496net.inet.tcp.rfc3390 1497 1498--- 1499net.inet.tcp.sendspace 1500bool 1501 1502This variables controls the amount of send 1503buffer space for any given TCP connection. This 1504can be particularly useful when tuning network 1505applications. See the 1506.Xr tuning 7 1507manual page for more information. 1508 1509--- 1510net.inet.tcp.slowstart_flightsize 1511 1512--- 1513net.inet.tcp.stats 1514 1515--- 1516net.inet.tcp.syncache.bucketlimit 1517 1518--- 1519net.inet.tcp.syncache.cachelimit 1520 1521--- 1522net.inet.tcp.syncache.count 1523 1524--- 1525net.inet.tcp.syncache.hashsize 1526 1527--- 1528net.inet.tcp.syncache.rexmtlimit 1529 1530--- 1531net.inet.tcp.syncookies 1532 1533--- 1534net.inet.tcp.tcbhashsize 1535 1536--- 1537net.inet.tcp.v6mssdflt 1538 1539--- 1540net.inet.udp.blackhole 1541bool 1542 1543Manipulates system behavior when 1544connection requests are received on a 1545UDP port. 1546See the 1547.Xr blackhole 4 1548man page for more information. 1549 1550--- 1551net.inet.udp.getcred 1552 1553--- 1554net.inet.udp.log_in_vain 1555bool 1556 1557Allows the system to log connections to UDP 1558ports that do not have sockets listening. 1559This variable can also be tuned by changing 1560the value for log_in_vain 1561in 1562.Pa /etc/rc.conf 1563 1564--- 1565net.inet.udp.maxdgram 1566 1567--- 1568net.inet.udp.pcblist 1569 1570--- 1571net.inet.udp.recvspace 1572 1573--- 1574net.inet.udp.stats 1575 1576--- 1577net.inet6.icmp6.errppslimit 1578 1579--- 1580net.inet6.icmp6.nd6_debug 1581 1582--- 1583net.inet6.icmp6.nd6_delay 1584 1585--- 1586net.inet6.icmp6.nd6_maxnudhint 1587 1588--- 1589net.inet6.icmp6.nd6_mmaxtries 1590 1591--- 1592net.inet6.icmp6.nd6_prune 1593 1594--- 1595net.inet6.icmp6.nd6_umaxtries 1596 1597--- 1598net.inet6.icmp6.nd6_useloopback 1599 1600--- 1601net.inet6.icmp6.nodeinfo 1602 1603--- 1604net.inet6.icmp6.rediraccept 1605 1606--- 1607net.inet6.icmp6.redirtimeout 1608 1609--- 1610net.inet6.tcp6.getcred 1611 1612--- 1613net.inet6.udp6.getcred 1614 1615--- 1616net.isr.enable 1617 1618--- 1619net.link.ether.inet.log_arp_movements 1620 1621--- 1622net.link.ether.inet.log_arp_wrong_iface 1623 1624--- 1625net.link.ether.ipfw 1626 1627--- 1628net.link.generic.ifdata 1629 1630--- 1631net.link.generic.system.ifcount 1632 1633--- 1634net.link.gif.max_nesting 1635bool 1636 1637Determines whether to allow recursive tunnels or not. 1638 1639--- 1640net.link.gif.parallel_tunnels 1641bool 1642 1643Determines whether to allow parallel tunnels or not. 1644 1645--- 1646net.local.dgram.pcblist 1647 1648--- 1649net.local.stream.pcblist 1650 1651--- 1652security.bsd.see_other_uids 1653bool 1654 1655Turning this option on will prevent users from viewing information 1656about processes running under other user id numbers (UIDs). 1657 1658--- 1659security.bsd.suser_enabled 1660 1661--- 1662security.bsd.unprivileged_proc_debug 1663 1664--- 1665security.bsd.unprivileged_read_msgbuf 1666 1667--- 1668security.jail.set_hostname_allowed 1669bool 1670 1671Determines whether or not the root user 1672within the jail can set the hostname. 1673 1674--- 1675security.jail.socket_unixiproute_only 1676 1677--- 1678security.jail.sysvipc_allowed 1679 1680--- 1681security.mac.biba.enabled 1682bool 1683 1684Enables enforcement of the Biba integrity policy. 1685 1686--- 1687security.mac.biba.ptys_equal 1688bool 1689 1690Label 1691.Sm off 1692.Xr pty 4 1693s 1694.Sm on 1695as 1696.Dq biba/equal 1697upon creation. 1698 1699--- 1700security.mac.biba.revocation_enabled 1701bool 1702 1703Revoke access to objects if the label is changed to dominate the subject. 1704 1705--- 1706security.mac.enforce_fs 1707bool 1708 1709Enforce MAC policies for file system accesses. 1710 1711--- 1712security.mac.enforce_kld 1713bool 1714 1715Enforce MAC policies on 1716.Xr kld 4 . 1717 1718--- 1719security.mac.enforce_network 1720bool 1721 1722Enforce MAC policies on network interfaces. 1723 1724--- 1725security.mac.enforce_pipe 1726bool 1727 1728Enforce MAC policies on pipes. 1729 1730--- 1731security.mac.enforce_process 1732bool 1733 1734Enforce MAC policies between system processes 1735(e.g. 1736.Xr ps 1 , 1737.Xr ktrace 2 ). 1738 1739--- 1740security.mac.enforce_socket 1741bool 1742 1743Enforce MAC policies on sockets. 1744 1745--- 1746security.mac.enforce_system 1747bool 1748 1749Enforce MAC policies on system-related items 1750(e.g. 1751.Xr kenv 1 , 1752.Xr acct 2 , 1753.Xr reboot 2 ). 1754 1755--- 1756security.mac.enforce_vm 1757bool 1758 1759Enforce MAC policies on 1760.Xr mmap 2 1761and 1762.Xr mprotect 2 . 1763 1764--- 1765security.mac.ifoff.lo_enabled 1766bool 1767 1768Use this too disable network traffic over the loopback 1769.Xr lo 4 1770interface. 1771See 1772.Xr mac_ifoff 4 1773for more information. 1774 1775--- 1776security.mac.ifoff.other_enabled 1777bool 1778 1779Use this to enable network traffic over other interfaces. 1780See 1781.Xr mac_ifoff 4 1782for more information. 1783 1784--- 1785security.mac.ifoff.bpfrecv_enabled 1786bool 1787 1788Use this too allow 1789.Xr bpf 4 1790traffic to be received, 1791even while other traffic is disabled. 1792 1793--- 1794security.mac.mls.enabled 1795bool 1796 1797Enables the enforcement of the MLS confidentiality policy, 1798see 1799.Xr mac_mls 4 1800for more information. 1801 1802--- 1803security.mac.mls.ptys_equal 1804bool 1805 1806Label 1807.Sm off 1808.Xr pty 4 1809s 1810.Sm on 1811as 1812.Dq mls/equal 1813upon creation. 1814 1815--- 1816security.mac.mls.revocation_enabled 1817bool 1818 1819Revoke access to objects if the label is changed to a more sensitive 1820level than the subject. 1821 1822--- 1823security.mac.portacl.rules 1824str 1825 1826The port access control list is specified in the following format: 1827 1828.Sy idtype 1829.Li : 1830.Sy id 1831.Li : 1832.Sy protocol 1833.Li : 1834.Sy port 1835.Li [, 1836.Sy idtype 1837.Li : 1838.Sy id 1839.Li : 1840.Sy protocol 1841.Li : 1842.Sy port 1843.Li ,...] 1844 1845.Sy idtype 1846Describes the type of subject match to be performed. 1847Either 1848.Li uid 1849for userid matching, or 1850.Li gid 1851for group ID matching. 1852.Sy id 1853The user or group ID (depending on 1854.Sy idtype ) 1855allowed to bind to the specified port. 1856.Bf -emphasis 1857NOTE: User and group names are not valid; only the actual ID numbers 1858may be used. 1859.Ef 1860.Sy protocol 1861Describes which protocol this entry applies to. 1862Either 1863.Li tcp 1864or 1865.Li udp 1866are supported. 1867.Sy port 1868Describes which port this entry applies to. 1869.Bf -emphasis 1870NOTE: MAC security policies may not override other security system policies 1871by allowing accesses that they may deny, such as 1872.Va net.inet.ip.portrange.reservedlow / 1873.Va net.inet.ip.portrange.reservedhigh . 1874.Ef 1875 1876--- 1877security.mac.seeotheruids.enabled 1878bool 1879 1880Enable/disable 1881.Va security.mac.seeotheruids 1882See 1883.Xr mac_seeotheruids 4 1884for more information. 1885 1886--- 1887security.mac.seeotheruids.primarygroup_enabled 1888bool 1889 1890Allow users to see processes and sockets owned by the same primary 1891group. 1892 1893--- 1894security.mac.seeotheruids.specificgid_enabled 1895bool 1896 1897Allow processes with a specific group ID to be exempt from the policy, 1898set this to 1899.Li 1 1900and set 1901.Va security.mac.seeotheruids.specificgid 1902to the gid to be exempted. 1903 1904--- 1905security.mac_test 1906str 1907 1908Used for debugging. 1909See 1910.Xr mac_test 4 1911for more information. 1912 1913--- 1914user.bc_base_max 1915 1916--- 1917user.bc_dim_max 1918 1919--- 1920user.bc_scale_max 1921 1922--- 1923user.bc_string_max 1924 1925--- 1926user.coll_weights_max 1927 1928--- 1929user.cs_path 1930 1931--- 1932user.line_max 1933 1934--- 1935user.posix2_c_bind 1936 1937--- 1938user.posix2_c_dev 1939 1940--- 1941user.posix2_fort_dev 1942 1943--- 1944user.posix2_fort_run 1945 1946--- 1947user.posix2_localedef 1948 1949--- 1950user.posix2_sw_dev 1951 1952--- 1953user.posix2_upe 1954 1955--- 1956user.posix2_version 1957 1958--- 1959user.re_dup_max 1960 1961--- 1962user.stream_max 1963 1964--- 1965user.tzname_max 1966 1967--- 1968vfs.altbufferflushes 1969 1970--- 1971vfs.bufdefragcnt 1972 1973--- 1974vfs.buffreekvacnt 1975 1976--- 1977vfs.bufmallocspace 1978 1979--- 1980vfs.bufreusecnt 1981 1982--- 1983vfs.bufspace 1984 1985--- 1986vfs.cache.nchstats 1987 1988--- 1989vfs.conflist 1990 1991--- 1992vfs.devfs.generation 1993 1994--- 1995vfs.devfs.inodes 1996 1997--- 1998vfs.devfs.noverflow 1999 2000--- 2001vfs.devfs.topinode 2002 2003--- 2004vfs.dirtybufferflushes 2005 2006--- 2007vfs.dirtybufthresh 2008 2009--- 2010vfs.ffs.adjblkcnt 2011 2012--- 2013vfs.ffs.adjrefcnt 2014 2015--- 2016vfs.ffs.freeblks 2017 2018--- 2019vfs.ffs.freedirs 2020 2021--- 2022vfs.ffs.freefiles 2023 2024--- 2025vfs.ffs.setflags 2026 2027--- 2028vfs.flushwithdeps 2029 2030--- 2031vfs.getnewbufcalls 2032 2033--- 2034vfs.getnewbufrestarts 2035 2036--- 2037vfs.hibufspace 2038 2039--- 2040vfs.hidirtybuffers 2041 2042--- 2043vfs.hifreebuffers 2044 2045--- 2046vfs.hirunningspace 2047 2048--- 2049vfs.lobufspace 2050 2051--- 2052vfs.lodirtybuffers 2053 2054--- 2055vfs.lofreebuffers 2056 2057--- 2058vfs.lorunningspace 2059 2060--- 2061vfs.maxbufspace 2062 2063--- 2064vfs.maxmallocbufspace 2065 2066--- 2067vfs.numdirtybuffers 2068 2069--- 2070vfs.numfreebuffers 2071 2072--- 2073vfs.opv_numops 2074 2075--- 2076vfs.pfs.vncache.entries 2077 2078--- 2079vfs.pfs.vncache.hits 2080 2081--- 2082vfs.pfs.vncache.maxentries 2083 2084--- 2085vfs.pfs.vncache.misses 2086 2087--- 2088vfs.read_max 2089 2090--- 2091vfs.recursiveflushes 2092 2093--- 2094vfs.runningbufspace 2095 2096--- 2097vfs.ufs.dirhash_docheck 2098 2099--- 2100vfs.ufs.dirhash_maxmem 2101 2102--- 2103vfs.ufs.dirhash_mem 2104 2105--- 2106vfs.ufs.dirhash_minsize 2107 2108--- 2109vfs.usermount 2110bool 2111 2112This 2113.Nm 2114allows the root user to grant access to non-root users 2115so that they may mount floppy and CD-ROM drives. 2116 2117--- 2118vfs.vmiodirenable 2119bool 2120 2121Controls how directories are cached by the system. 2122This is turned on by default. See the 2123.Xr tuning 7 2124man page for a more detailed explanation on this 2125variable. 2126 2127--- 2128vfs.write_behind 2129bool 2130 2131Tells the file system to issue media writes as 2132full clusters are collected, which typically 2133occurs when writing large sequential files. 2134This is turned on by default, but under certain 2135circumstances may stall processes and can therefore 2136be turned off. 2137 2138--- 2139vm.disable_swapspace_pageouts 2140 2141--- 2142vm.dmmax 2143 2144--- 2145vm.kvm_free 2146 2147--- 2148vm.kvm_size 2149 2150--- 2151vm.loadavg 2152struct 2153 2154Displays the load average history. This is a 2155read-only variable. 2156 2157--- 2158vm.max_launder 2159 2160--- 2161vm.nswapdev 2162int 2163 2164Displays the number of swap devices available 2165to the system. This is a read-only variable. 2166 2167--- 2168vm.pageout_full_stats_interval 2169 2170--- 2171vm.pageout_lock_miss 2172 2173--- 2174vm.pageout_stats_free_max 2175 2176--- 2177vm.pageout_stats_interval 2178 2179--- 2180vm.pageout_stats_max 2181 2182--- 2183vm.stats.sys.v_intr 2184 2185--- 2186vm.stats.sys.v_soft 2187 2188--- 2189vm.stats.sys.v_swtch 2190 2191--- 2192vm.stats.sys.v_syscall 2193 2194--- 2195vm.stats.sys.v_trap 2196 2197--- 2198vm.stats.vm.v_cow_faults 2199 2200--- 2201vm.stats.vm.v_cow_optim 2202 2203--- 2204vm.stats.vm.v_forkpages 2205 2206--- 2207vm.stats.vm.v_forks 2208 2209--- 2210vm.stats.vm.v_intrans 2211 2212--- 2213vm.stats.vm.v_kthreadpages 2214 2215--- 2216vm.stats.vm.v_kthreads 2217 2218--- 2219vm.stats.vm.v_ozfod 2220 2221--- 2222vm.stats.vm.v_pdpages 2223 2224--- 2225vm.stats.vm.v_pdwakeups 2226 2227--- 2228vm.stats.vm.v_reactivated 2229 2230--- 2231vm.stats.vm.v_rforkpages 2232 2233--- 2234vm.stats.vm.v_rforks 2235 2236--- 2237vm.stats.vm.v_swapin 2238 2239--- 2240vm.stats.vm.v_swapout 2241 2242--- 2243vm.stats.vm.v_swappgsin 2244 2245--- 2246vm.stats.vm.v_swappgsout 2247 2248--- 2249vm.stats.vm.v_vforkpages 2250 2251--- 2252vm.stats.vm.v_vforks 2253 2254--- 2255vm.stats.vm.v_vm_faults 2256 2257--- 2258vm.stats.vm.v_vnodein 2259 2260--- 2261vm.stats.vm.v_vnodeout 2262 2263--- 2264vm.stats.vm.v_vnodepgsin 2265 2266--- 2267vm.stats.vm.v_vnodepgsout 2268 2269--- 2270vm.stats.vm.v_zfod 2271 2272--- 2273vm.swap_async_max 2274int 2275 2276The maximum number of in-progress async operations 2277that may be performed. 2278 2279--- 2280vm.swap_enabled 2281bool 2282 2283Determines whether or not processes may swap. 2284 2285--- 2286vm.swap_idle_enabled 2287 2288See 2289.Xr tuning 7 2290for a detailed explanation of this 2291.Nm . 2292 2293--- 2294vm.swap_info 2295 2296--- 2297vm.vmtotal 2298string 2299 2300Displays virtual memory statistics which are collected 2301at five second intervals. 2302 2303--- 2304vm.zone 2305string 2306 2307Shows memory used by the kernel zone allocator, by zone. 2308This information can also be found by using the 2309.Xr vmstat 8 2310command. 2311 2312--- 2313 2314