1# $FreeBSD$ 2--- 3debug.disablecwd 4bool 5 6Determines whether or not the 7.Xr getwcd 3 8system call should be allowed. 9 10--- 11debug.disablefullpath 12bool 13 14Determines whether or not the 15.Fn vn_fullpath 16function may be used. 17 18--- 19debug.dobkgrdwrite 20bool 21 22Determines if background writes should be performed. 23 24--- 25debug.hashstat.nchash 26struct 27 28Displays nchash chain lengths. This is a read-only 29variable. 30 31--- 32debug.hashstat.rawnchash 33 34--- 35debug.ieee80211 36bool 37 38This 39.Nm 40allows you to enable or disable debugging for 802.11 devices. 41 42--- 43debug.kdb.available 44variable 45 46Used to retrieve a list of currently available debugger backends. 47 48--- 49debug.kdb.current 50variable 51 52Allows for the selection of the debugger backend 53which is used to handle debugger requests. 54 55--- 56debug.kdb.enter 57variable 58 59When written to, the system should break to the debugger. 60 61--- 62debug.malloc.failure_count 63bool 64 65Number of times a coerced malloc failure has occurred as a 66result of 67.Va debug.malloc.failure_rate . 68Useful for tracking what might have happened 69and whether failures are being generated. 70 71--- 72debug.malloc.failure_rate 73bool 74 75Debugging feature causing 76.Dv M_NOWAIT 77allocations to fail at a specified rate. 78How often to generate a failure: if set to 0 (default), this 79feature is disabled. 80In other words if set to 10 (one in ten 81.Xr malloc 3 82calls will fail). 83 84--- 85debug.rman_debug 86bool 87 88This 89.Nm 90allows you to enable or disable debugging for 91.Xr rman 9 , 92the 93.Fx 94resource manager. 95 96--- 97debug.sizeof.bio 98 99--- 100debug.sizeof.buf 101 102--- 103debug.sizeof.cdev 104 105--- 106debug.sizeof.devstat 107 108--- 109debug.sizeof.kinfo_proc 110 111--- 112debug.sizeof.proc 113 114--- 115debug.sizeof.vnode 116 117--- 118debug.vnlru_nowhere 119 120--- 121hw.acpi.cpu.current_speed 122bool 123 124Display the current CPU speed. 125This is adjustable, but doing so is not recommended. 126 127--- 128hw.acpi.cpu.max_speed 129int 130 131Allows you to change the stepping for processor speed 132on machines which support 133.Xr acpi 4 . 134 135--- 136hw.acpi.disable_on_poweroff 137bool 138 139Some systems using 140.Xr acpi 4 141have problems powering off when shutting down with 142.Xr acpi 4 143enabled. This 144.Nm 145disables 146.Xr acpi 4 147when rebooting and shutting down. 148 149--- 150hw.acpi.s4bios 151bool 152 153This 154.Nm 155determines whether or not the S4BIOS sleep implementation 156should be used. 157 158--- 159hw.acpi.sleep_delay 160int 161 162Set the sleep delay for 163.Xr acpi 4 . 164 165--- 166hw.acpi.supported_sleep_state 167bool 168 169List supported 170.Tn ACPI 171sleep states 172 173--- 174hw.acpi.thermal.min_runtime 175 176--- 177hw.acpi.thermal.polling_rate 178int 179 180The interval in seconds that should be used to check 181the current system temperature. 182 183--- 184hw.acpi.thermal.tz0.temperature 185str 186 187Displays the current temperature. 188This is a read-only variable. 189 190--- 191hw.acpi.thermal.tz0.thermal_flags 192 193--- 194hw.acpi.verbose 195bool 196 197Determines whether or not 198.Xr acpi 4 199should be verbose. 200 201--- 202hw.ata.ata_dma 203bool 204 205Allows the enabling and disabling of DMA for 206ATA devices. 207 208--- 209hw.ata.atapi_dma 210bool 211 212Allows the enabling and disabling of DMA for 213atapi devices, such as CD-ROM drives. 214 215--- 216hw.ata.tags 217bool 218 219An experimental feature for IDE hard drives which 220allows write caching to be turned on. 221Please read the 222.Xr tuning 7 223manual page carefully before using this. 224 225--- 226hw.ata.wc 227bool 228 229Determines whether or not IDE write caching should 230be turned on or off. 231See 232.Xr tuning 7 233for more information. 234 235--- 236hw.bus.devices 237 238--- 239hw.bus.info 240int 241 242This is an internally used function that returns 243the kernel bus interface version. 244 245--- 246hw.bus.rman 247 248--- 249hw.busdmafree_bpages 250 251--- 252hw.busdma.reserved_bpages 253 254--- 255hw.busdma.active_bpages 256 257--- 258hw.busdma.total_bpages 259 260--- 261hw.busdma.total_bounced 262 263--- 264hw.busdma.total_deferred 265 266--- 267hw.byteorder 268int 269 270Returns the system byte order. 271This is a read-only variable. 272 273--- 274hw.cardbus.cis_debug 275 276--- 277hw.cardbus.debug 278 279--- 280hw.cbb.debug 281 282--- 283hw.cbb.start_16_io 284 285--- 286hw.cbb.start_32_io 287 288--- 289hw.cbb.start_memory 290 291--- 292hw.floatingpoint 293bool 294 295Reports true if the machine has a floating point processor. 296This is a read-only variable. 297 298--- 299hw.fxp0.bundle_max 300int 301 302Controls the receive interrupt microcode bundle size limit 303for the 304.Xr fxp 4 305device. 306 307--- 308hw.fxp0.int_delay 309int 310 311Controls the receive interrupt microcode bundling delay 312for the 313.Xr fxp 4 314device. 315 316--- 317hw.fxp_noflow 318bool 319 320Disables flow control support on 321.Xr fxp 4 322cards. 323When flow control is enabled, and if the operating system 324does not acknowledge the packet buffer filling, 325the card will begin to generate Ethernet quench 326packets, but appears to get into a feedback 327loop of some sort, hosing local switches. 328This is a workaround for this issue. 329 330--- 331hw.fxp_rnr 332int 333 334Set the amount of times that a no-resource 335condition may occur before the 336.Xr fxp 4 337device may restart. 338 339--- 340hw.instruction_sse 341bool 342 343Returns true if SSE support is enabled in the kernel. 344This is a read-only variable. 345 346--- 347hw.intrcnt 348bool 349 350Displays a list of interrupt counters. 351This is a read-only variable. 352 353--- 354hw.intrnames 355str 356 357Displays a list of zero-terminated interrupt 358names. This is a read-only variable. 359 360--- 361hw.kbd.keymap_restrict_change 362bool 363 364This sysctl acts as a sort of secure-level, allowing 365control of the console keymap. 366Giving this a value of 1 means that only the 367root user can change restricted keys 368(like boot, panic...). 369A value of 2 means that only root 370can change restricted keys and regular keys. 371Regular users still can change accents and function keys. 372A value of 3 means only root can change restricted, 373regular and accent keys, while a value of 4 means that 374no changes to the keymap are 375allowed by anyone other than the root user. 376 377--- 378hw.machine 379str 380 381Displays the machine class. 382This is a read-only variable. 383 384--- 385hw.machine_arch 386str 387 388Displays the current architecture. 389This is a read-only variable. 390 391--- 392hw.model 393str 394 395Displays the model information of the current running hardware. 396This is a read-only variable. 397 398--- 399hw.ncpu 400bool 401 402Report the number of CPU's in the system. 403This is a read-only variable. 404 405--- 406hw.pagesize 407int 408 409Displays the current 410.Xr pagesize 1 . 411This is a read-only variable. 412 413--- 414hw.pccard.cis_debug 415int 416 417Allows debugging to be turned on or off for 418CIS. 419 420--- 421hw.pccard.debug 422bool 423 424Determines whether or not to use debugging for the 425PC Card bus driver. 426 427--- 428hw.pci.allow_unsupported_io_range 429bool 430 431Some machines do not detect their CardBus slots correctly 432because they use unsupported I/O ranges. 433This 434.Nm 435allows FreeBSD to use those ranges. 436 437--- 438hw.pci.enable_io_modes 439 440--- 441hw.snd.pcm0.ac97rate 442 443--- 444hw.snd.verbose 445int 446 447Control the level of verbosity for the 448.Pa /dev/sndstat 449device. See the 450.Xr pcm 4 451man page for more information on debug 452levels. 453 454--- 455hw.snd.report_soft_formats 456bool 457 458Controls the internal format conversion if it is available 459transparently to the application software. 460See 461.Xr pcm 4 462for more information. 463 464--- 465hw.syscons.bell 466bool 467 468Allows you to control whether or not to use the 'bell' 469while using the console. This is turned on by default. 470 471--- 472hw.syscons.saver.keybonly 473bool 474 475This variable tells the system that the screen saver 476may only wake up if the keyboard is used. This means 477that log messages that are pushed to the console will 478not cause the screen saver to stop, and display the log 479message will not display. This can be disabled to mimic 480the behavior of older syscons. 481 482--- 483hw.syscons.sc_no_suspend_vtswitch 484bool 485 486Disables switching between virtual terminals during suspend 487or resume. See 488.Xr syscons 4 489for more information. 490 491--- 492hw.wi.debug 493bool 494 495Controls the level of debugging for 496.Xr wi 4 497devices. 498 499--- 500hw.wi.txerate 501int 502 503This value allows controls the maximum amount of error 504messages per second. 505Giving this 506.Nm 507a value of 0 (zero) disables error messages completely. 508 509--- 510kern.acct_chkfreq 511int 512 513Specifies the frequency (in minutes) with which free disk 514space should be checked. 515This is used in conjunction with 516.Va kern.acct_resume 517and 518.Va kern.acct_suspend. 519 520--- 521kern.acct_resume 522int 523 524The percentage of free disk space above which process 525accounting will resume. 526 527--- 528kern.acct_suspend 529int 530 531The percentage of free disk space below which process 532accounting stops. 533 534--- 535kern.argmax 536bool 537 538The maximum number of bytes that can be 539used in an argument to 540.Xr execve 2 . 541This is basically the maximum number of 542characters which can be used in a single 543command line. 544On some rare occasions, this value needs 545altering. 546If so, please check out the 547.Xr xargs 1 548utility. 549 550--- 551kern.bootfile 552str 553 554The kernel which was used to boot the system. 555 556--- 557kern.boottime 558str 559 560The time at which the current kernel became 561active after the system booted. This is a 562read-only variable. 563 564--- 565kern.chroot_allow_open_directories 566bool 567 568Depending on the setting of this variable, open 569file descriptors which reference directories will 570fail. 571If set to 572.Em 0 , 573.Xr chroot 8 574will always fail with 575.Er EPERM 576if there are any directories open. 577If set to 578.Em 1 579(the default), 580.Xr chroot 8 581will fail with 582.Er EPERM 583if there are any directories open and the 584process is already subject to the 585.Xr chroot 8 586system call. 587Any other value will bypass the check for open directories. 588Please see the 589.Xr chroot 2 590man page for more information. 591 592--- 593kern.clockrate 594struct 595 596Displays information about the system clock. 597This is a read-only variable. 598 599--- 600kern.console 601 602--- 603kern.coredump 604bool 605 606Determines where the kernel should dump a core file 607in the event of a kernel panic. 608 609--- 610kern.corefile 611str 612 613Describes the file name that a core image should be stored to. 614See the 615.Xr core 5 616man page for more information on this variable. 617 618--- 619kern.cp_time 620struct 621 622Contains CPU time statistics. 623This is a read-only variable. 624 625--- 626kern.devname 627struct 628 629An internally used 630.Nm 631that returns suitable device names for the 632.Fn devname 633function. 634See the 635.Xr devname 3 636manual page for more information. 637 638--- 639kern.devstat.all 640struct 641 642An internally used 643.Nm 644that returns current devstat statistics as well 645as the current devstat generation number. 646See the 647.Xr devstat 3 648man page for more information. 649 650--- 651kern.devstat.generation 652 653--- 654kern.devstat.numdevs 655 656--- 657kern.devstat.version 658int 659 660Displays the devstat list version number. 661This is a read-only variable. 662 663--- 664kern.disks 665str 666 667Display disk devices that the kernel is currently 668aware of. 669This is a read-only variable. 670 671--- 672kern.domainname 673str 674 675This shows the name of the current YP/NIS domain. 676 677--- 678kern.drainwait 679int 680 681The time to wait after dropping DTR to the given number. 682The units are measured in hundredths of a second. 683The default is 300 hundredths, 684i.e., 3 seconds. 685This option is needed mainly to set proper recover 686time after modem resets. 687 688--- 689kern.elf32.fallback_brand 690 691--- 692kern.fallback_elf_brand 693 694--- 695kern.file 696struct 697 698Returns the entire file structure. 699 700--- 701kern.function_list 702struct 703 704Returns all functions names in the kernel. 705 706--- 707kern.geom.confdot 708 709--- 710kern.geom.conftxt 711 712--- 713kern.geom.confxml 714 715--- 716kern.hostid 717int 718 719This 720.Nm 721may contain the IP address of the system. 722 723--- 724kern.hostname 725str 726 727Display the system hostname. 728This can be modified with the 729.Xr hostname 1 730utility. 731 732--- 733kern.init_path 734string 735 736The path to search for the 737.Xr init 8 738process. 739This is a read-only variable. 740 741--- 742kern.iov_max 743 744--- 745kern.ipc.clust_hiwm 746 747--- 748kern.ipc.clust_lowm 749 750--- 751kern.ipc.maxsockbuf 752int 753 754The maximum buffer size that may be allocated for sockets. 755See 756.Xr getsockopt 2 757for more information. 758 759--- 760kern.ipc.maxsockets 761int 762 763The maximum number of sockets available. 764 765--- 766kern.ipc.mb_statpcpu 767 768--- 769kern.ipc.mbstat 770 771--- 772kern.ipc.mbuf_hiwm 773 774--- 775kern.ipc.mbuf_lowm 776 777--- 778kern.ipc.mbuf_wait 779 780--- 781kern.ipc.msqids 782 783--- 784kern.ipc.nmbclusters 785bool 786 787Maximum number of mbuf clusters available. 788The kernel uses a preallocated pool of 789.Dq mbuf clusters 790for the 791.Xr mbuf 9 792allocator. 793The pool size is tuned by the kernel during boot. 794That size is set to a value which seems appropriate 795for the current system. 796 797--- 798kern.ipc.nmbcnt 799 800--- 801kern.ipc.nmbufs 802 803--- 804kern.ipc.nsfbufs 805 806--- 807kern.ipc.numopensockets 808 809--- 810kern.ipc.somaxconn 811int 812 813The maximum pending socket connection queue size. 814 815--- 816kern.ipc.zero_copy.receive 817bool 818 819When set to a non-zero value, zero copy is 820enabled for received packets. 821This reduces copying of data around for 822outgoing packets and can significantly 823improve throughput for network connections. 824 825--- 826kern.ipc.zero_copy.send 827bool 828 829When set to a non-zero value, zero copy is 830enabled for sent packets. 831This reduces copying of data around for outgoing 832packets and can significantly improve throughput 833for network connections. 834 835--- 836kern.job_control 837bool 838 839Reports whether or not job control is available. 840This is a read-only variable. 841 842--- 843kern.kq_calloutmax 844 845--- 846kern.lastpid 847int 848 849Displays the last PID used by a process. 850This is a read-only variable. 851 852--- 853kern.logsigexit 854bool 855 856Tells the kernel whether or not to log fatal signal exits. 857 858--- 859kern.malloc 860str 861 862Displays how memory is currently being allocated. 863This is a read-only variable. 864 865--- 866kern.maxfiles 867int 868 869The maximum number of files allowed for all the 870processes of the running kernel. 871You can override the default value which the 872kernel calculates by explicitly setting this to 873a non-zero value. 874Also see the 875.Xr tuning 7 876man page for more information. 877 878--- 879kern.maxfilesperproc 880int 881 882The maximum number of files any one process can open. 883See the 884.Xr ps 1 885utility for more information on monitoring processes. 886 887--- 888kern.maxproc 889int 890 891The maximum number of processes that the system 892can be running at any time. 893See the 894.Xr ps 1 895utility for more information on monitoring processes. 896 897--- 898kern.maxprocperuid 899int 900 901The maximum number of processes one user ID can run. 902See the 903.Xr ps 1 904utility for more information on monitoring processes. 905 906--- 907kern.maxusers 908int 909 910Controls the scaling of a number of static system tables, including 911defaults for the maximum number of open files, sizing of network 912memory resources, etc. 913See the 914.Xr tuning 7 915man page for more information. 916This 917.Nm 918cannot be set using 919.Xr sysctl 8 . 920Use 921.Xr loader 8 922instead to set this at boot time. 923 924--- 925kern.maxvnodes 926bool 927 928The maximum number of 929.Em vnodes 930(virtual file system nodes) 931the system can have open simultaneously. 932 933--- 934kern.minvnodes 935bool 936 937The minimun number of 938.Em vnodes 939(virtual file system nodes) 940the system can have open simultaneously. 941 942--- 943kern.module_path 944str 945 946This 947.Nm 948holds a colon-separated list of directories in which the 949kernel will search for loadable kernel modules. 950This path is search when using commands such as 951.Xr kldload 8 952and 953.Xr kldunload 8 . 954 955--- 956kern.msgbuf 957string 958 959Contains the kernel message buffer. 960 961--- 962kern.msgbuf_clear 963bool 964 965Giving this 966.Nm 967a value of 1 (one) will cause the kernel message buffer to 968be cleared. It should be noted though, that the 969.Nm 970will then automatically revert back to it's original 971value of 0 (zero). 972 973--- 974kern.ngroups 975int 976 977Contains the maximum number of groups that a 978user may belong to. 979This is a read-only variable. 980 981--- 982kern.openfiles 983int 984 985Shows the current amount of system-wide 986open files. 987This is useful when used in conjunction 988with 989.Va kern.maxfiles 990for tuning your system. 991This is a read-only variable. 992 993--- 994kern.osreldate 995string 996 997Displays the kernel release date. 998This is a read-only variable. 999 1000--- 1001kern.osrelease 1002str 1003 1004Displays the current version of 1005.Fx 1006running. 1007This is a read-only variable. 1008 1009--- 1010kern.osrevision 1011string 1012 1013Displays the operating system revision. 1014This is a read-only variable. 1015 1016--- 1017kern.ostype 1018str 1019 1020Alter the name of the current operating system. 1021Changing this will change the output from 1022the 1023.Xr uname 1 1024utility. 1025Changing the default is not recommended. 1026 1027--- 1028kern.posix1version 1029string 1030 1031Returns the version of 1032.Tn POSIX 1033that the system 1034is attempting to comply with. 1035This is a read-only variable. 1036 1037--- 1038kern.powercycle_on_panic 1039bool 1040 1041In the event of a panic, this variable controls whether or not the 1042system should try to power cycle instead of rebooting. 1043 1044--- 1045kern.poweroff_on_panic 1046bool 1047 1048In the event of a panic, this variable controls whether or not the 1049system should try to power off instead of rebooting. 1050 1051--- 1052kern.proc.all 1053 1054--- 1055kern.proc.args 1056int 1057 1058Allows a process to retrieve the argument list 1059or process title for another process without 1060looking in the address space of another program. 1061This is a read-only variable. 1062 1063--- 1064kern.proc.pgrp 1065 1066--- 1067kern.proc.pid 1068struct 1069 1070This internally used 1071.Nm 1072may be used to extract process information. See 1073.Xr sysctl 3 1074for an example. 1075 1076--- 1077kern.proc.ruid 1078 1079--- 1080kern.proc.tty 1081 1082--- 1083kern.proc.uid 1084 1085--- 1086kern.ps_argsopen 1087bool 1088 1089By setting this to 0, command line arguments are hidden 1090for processes which you are not running. 1091This is useful on multi-user machines where things 1092like passwords might accidentally be added to command 1093line programs. 1094 1095--- 1096 1097kern.quantum 1098 1099--- 1100kern.random.adaptors 1101str 1102 1103Displays registered PRNG adaptors. 1104This is a read-only variable. 1105 1106--- 1107kern.random.sys.burst 1108 1109--- 1110kern.random.sys.harvest.ethernet 1111 1112--- 1113kern.random.sys.harvest.interrupt 1114 1115--- 1116kern.random.sys.harvest.point_to_point 1117 1118--- 1119kern.random.sys.harvest.swi 1120 1121--- 1122kern.random.sys.seeded 1123 1124--- 1125kern.randompid 1126 1127--- 1128kern.rootdev 1129string 1130 1131Displays the current root file system device. This 1132is a read-only variable. 1133 1134--- 1135kern.saved_ids 1136bool 1137 1138Displays whether or not saved set-group/user ID is 1139available. This is a read-only variable. 1140 1141--- 1142kern.securelevel 1143bool 1144 1145The current kernel security level. 1146See the 1147.Xr init 8 1148manual page for a good description 1149about what a security level is. 1150 1151--- 1152kern.sugid_coredump 1153bool 1154 1155By default, a process that changes user or group credentials whether 1156real or effective will not create a corefile. 1157This behavior can be changed to generate a core dump by 1158setting this variable to 1. 1159 1160--- 1161kern.sync_on_panic 1162bool 1163 1164In the event of a panic, this variable controls whether or not the 1165system should try and 1166.Xr sync 8 . 1167In some circumstances, this could cause a double panic, and as a result, 1168this may be turned off if needed. 1169 1170--- 1171kern.threads.debug 1172bool 1173 1174Determines whether to use debugging for kernel threads. 1175This is useful for testing. 1176 1177--- 1178kern.threads.max_groups_per_proc 1179 1180--- 1181kern.threads.max_threads_hits 1182 1183--- 1184kern.threads.max_threads_per_proc 1185 1186--- 1187kern.threads.virtual_cpu 1188int 1189 1190The maximum amount of virtual CPU's that be used for 1191threading. 1192 1193--- 1194kern.tty_nin 1195 1196--- 1197kern.tty_nout 1198 1199--- 1200kern.ttys 1201bool 1202 1203Used internally by the 1204.Xr pstat 8 1205command. 1206This is a read-only variable. 1207 1208--- 1209kern.version 1210str 1211 1212Displays the current kernel version information. 1213This is a read-only variable. 1214 1215--- 1216machdep.acpi_root 1217 1218--- 1219machdep.cpu_idle_hlt 1220bool 1221 1222Halt idle CPUs. 1223This is good for an SMP system. 1224 1225--- 1226machdep.disable_mtrrs 1227 1228--- 1229machdep.guessed_bootdev 1230 1231--- 1232machdep.hyperthreading_allowed 1233bool 1234 1235Setting this tunable to zero disables 1236the use of additional logical processors 1237provided by Intel HTT technology. 1238 1239--- 1240machdep.panic_on_nmi 1241 1242--- 1243machdep.siots 1244 1245--- 1246net.inet.accf.unloadable 1247 1248--- 1249net.inet.icmp.bmcastecho 1250 1251--- 1252net.inet.icmp.drop_redirect 1253 1254--- 1255net.inet.icmp.icmplim 1256 1257--- 1258net.inet.icmp.icmplim_output 1259 1260--- 1261net.inet.icmp.log_redirect 1262 1263--- 1264net.inet.icmp.maskfake 1265 1266--- 1267net.inet.icmp.maskrepl 1268 1269--- 1270net.inet.ip.accept_sourceroute 1271bool 1272 1273Controls forwarding of source-routed IP packets. 1274 1275--- 1276net.inet.ip.check_interface 1277bool 1278 1279This 1280.Nm 1281verifies that packets arrive on the correct interfaces. 1282 1283--- 1284net.inet.ip.fastforwarding 1285bool 1286 1287When fast forwarding is enabled, IP packets are forwarded directly to 1288the appropriate network interface with a minimal validity checking, 1289which greatly improves throughput. 1290Please see the 1291.Xr inet 4 1292man page for more information. 1293 1294--- 1295net.inet.ip.forwarding 1296bool 1297 1298Act as a gateway machine and forward packets. 1299This can also be configured using the 1300gateway_enable value in 1301.Pa /etc/rc.conf 1302 1303--- 1304net.inet.ip.fw.one_pass 1305int 1306 1307--- 1308net.inet.ip.intr_queue_drops 1309 1310--- 1311net.inet.ip.intr_queue_maxlen 1312 1313--- 1314net.inet.ip.maxfragpackets 1315 1316--- 1317net.inet.ip.maxfragsperpacket 1318 1319--- 1320net.inet.ip.redirect 1321bool 1322 1323Controls the sending of ICMP redirects in response to unforwardable IP 1324packets. 1325 1326--- 1327net.inet.ip.sourceroute 1328bool 1329 1330Determines whether or not source routed IP packets 1331should be forwarded. 1332 1333--- 1334net.inet.ip.stats 1335 1336--- 1337net.inet.ip.ttl 1338int 1339 1340The TTL (time-to-live) to use for outgoing packets. 1341 1342--- 1343net.inet.raw.maxdgram 1344 1345--- 1346net.inet.raw.olddiverterror 1347 1348--- 1349net.inet.raw.pcblist 1350 1351--- 1352net.inet.raw.recvspace 1353 1354--- 1355net.inet.tcp.always_keepalive 1356bool 1357 1358Determines whether or not to attempt to detect dead TCP 1359connections by sending 'keepalives' intermittently. This 1360is enabled by default and can also be configured using the 1361tcp_keepalive value in 1362.Pa /etc/rc.conf 1363 1364--- 1365net.inet.tcp.blackhole 1366bool 1367 1368Manipulates system behavior when 1369connection requests are received on a 1370TCP port without a socket listening. 1371See the 1372.Xr blackhole 4 1373man page for more information. 1374 1375--- 1376net.inet.tcp.delacktime 1377 1378--- 1379net.inet.tcp.delayed_ack 1380bool 1381 1382Historically speaking, this feature was designed to allow the 1383acknowledgment to transmitted data to be returned along with the 1384response. See the 1385.Xr tuning 7 1386man page for more information. 1387 1388--- 1389net.inet.tcp.do_tcpdrain 1390 1391--- 1392net.inet.tcp.getcred 1393 1394--- 1395net.inet.tcp.icmp_may_rst 1396 1397--- 1398net.inet.tcp.isn_reseed_interval 1399 1400--- 1401net.inet.tcp.log_in_vain 1402bool 1403 1404Allows the system to log connections to TCP 1405ports that do not have sockets listening. 1406This variable can also be tuned by changing 1407the value for log_in_vain 1408in 1409.Pa /etc/rc.conf 1410 1411--- 1412net.inet.tcp.minmss 1413bool 1414 1415Enable for network link optimization TCP can adjust its MSS and thus 1416packet size according to the observed path MTU. This is done 1417dynamically based on feedback from the remote host and network 1418components along the packet path. This information can be 1419abused to pretend an extremely low path MTU. 1420 1421--- 1422net.inet.tcp.minmssoverload 1423bool 1424 1425The PSS rate for the 1426.Va net.inet.tcp.minmss 1427sysctl. 1428Setting this will force packets to be reset 1429and dropped, this should hinder the availability 1430of DoS attacks on WWW servers using POST attacks. 1431 1432--- 1433net.inet.tcp.msl 1434 1435--- 1436net.inet.tcp.mssdflt 1437bool 1438 1439This is the default TCP Maximum Segment Size 1440for TCP packets. The default setting is recommended 1441in most cases. 1442 1443--- 1444net.inet.tcp.v6mssdflt 1445bool 1446 1447This is the default TCP Maximum Segment Size 1448for TCP IPv6 packets. The default setting is recommend 1449in most cases. 1450 1451--- 1452net.inet.tcp.newreno 1453 1454--- 1455net.inet.tcp.path_mtu_discovery 1456 1457--- 1458net.inet.tcp.pcbcount 1459 1460--- 1461net.inet.tcp.pcblist 1462 1463--- 1464net.inet.tcp.recvspace 1465bool 1466 1467This variables controls the amount of receive 1468buffer space for any given TCP connection. This 1469can be particularly useful when tuning network 1470applications. See the 1471.Xr tuning 7 1472man page for more information. 1473 1474--- 1475net.inet.tcp.rexmit_min 1476 1477--- 1478net.inet.tcp.rexmit_slop 1479 1480--- 1481net.inet.tcp.rfc1323 1482bool 1483 1484Determines whether support for RFC1323 (TCP Extensions 1485for High Performance) should be enabled. 1486This variable can also be tuned by changing the value 1487for tcp_extensions in 1488.Pa /etc/rc.conf 1489 1490--- 1491net.inet.tcp.rfc1644 1492 1493--- 1494net.inet.tcp.rfc3042 1495 1496--- 1497net.inet.tcp.rfc3390 1498 1499--- 1500net.inet.tcp.sendspace 1501bool 1502 1503This variables controls the amount of send 1504buffer space for any given TCP connection. This 1505can be particularly useful when tuning network 1506applications. See the 1507.Xr tuning 7 1508manual page for more information. 1509 1510--- 1511net.inet.tcp.slowstart_flightsize 1512 1513--- 1514net.inet.tcp.stats 1515 1516--- 1517net.inet.tcp.syncache.bucketlimit 1518 1519--- 1520net.inet.tcp.syncache.cachelimit 1521 1522--- 1523net.inet.tcp.syncache.count 1524 1525--- 1526net.inet.tcp.syncache.hashsize 1527 1528--- 1529net.inet.tcp.syncache.rexmtlimit 1530 1531--- 1532net.inet.tcp.syncookies 1533 1534--- 1535net.inet.tcp.tcbhashsize 1536 1537--- 1538net.inet.tcp.v6mssdflt 1539 1540--- 1541net.inet.udp.blackhole 1542bool 1543 1544Manipulates system behavior when 1545connection requests are received on a 1546UDP port. 1547See the 1548.Xr blackhole 4 1549man page for more information. 1550 1551--- 1552net.inet.udp.getcred 1553 1554--- 1555net.inet.udp.log_in_vain 1556bool 1557 1558Allows the system to log connections to UDP 1559ports that do not have sockets listening. 1560This variable can also be tuned by changing 1561the value for log_in_vain 1562in 1563.Pa /etc/rc.conf 1564 1565--- 1566net.inet.udp.maxdgram 1567 1568--- 1569net.inet.udp.pcblist 1570 1571--- 1572net.inet.udp.recvspace 1573 1574--- 1575net.inet.udp.stats 1576 1577--- 1578net.inet6.icmp6.errppslimit 1579 1580--- 1581net.inet6.icmp6.nd6_debug 1582 1583--- 1584net.inet6.icmp6.nd6_delay 1585 1586--- 1587net.inet6.icmp6.nd6_maxnudhint 1588 1589--- 1590net.inet6.icmp6.nd6_mmaxtries 1591 1592--- 1593net.inet6.icmp6.nd6_prune 1594 1595--- 1596net.inet6.icmp6.nd6_umaxtries 1597 1598--- 1599net.inet6.icmp6.nd6_useloopback 1600 1601--- 1602net.inet6.icmp6.nodeinfo 1603 1604--- 1605net.inet6.icmp6.rediraccept 1606 1607--- 1608net.inet6.icmp6.redirtimeout 1609 1610--- 1611net.inet6.tcp6.getcred 1612 1613--- 1614net.inet6.udp6.getcred 1615 1616--- 1617net.isr.enable 1618 1619--- 1620net.link.ether.inet.log_arp_movements 1621 1622--- 1623net.link.ether.inet.log_arp_wrong_iface 1624 1625--- 1626net.link.ether.ipfw 1627 1628--- 1629net.link.generic.ifdata 1630 1631--- 1632net.link.generic.system.ifcount 1633 1634--- 1635net.link.gif.max_nesting 1636bool 1637 1638Determines whether to allow recursive tunnels or not. 1639 1640--- 1641net.link.gif.parallel_tunnels 1642bool 1643 1644Determines whether to allow parallel tunnels or not. 1645 1646--- 1647net.local.dgram.pcblist 1648 1649--- 1650net.local.stream.pcblist 1651 1652--- 1653security.bsd.see_other_uids 1654bool 1655 1656Turning this option on will prevent users from viewing information 1657about processes running under other user id numbers (UIDs). 1658 1659--- 1660security.bsd.suser_enabled 1661 1662--- 1663security.bsd.unprivileged_proc_debug 1664 1665--- 1666security.bsd.unprivileged_read_msgbuf 1667 1668--- 1669security.jail.set_hostname_allowed 1670bool 1671 1672Determines whether or not the root user 1673within the jail can set the hostname. 1674 1675--- 1676security.jail.socket_unixiproute_only 1677 1678--- 1679security.jail.sysvipc_allowed 1680 1681--- 1682security.mac.biba.enabled 1683bool 1684 1685Enables enforcement of the Biba integrity policy. 1686 1687--- 1688security.mac.biba.ptys_equal 1689bool 1690 1691Label 1692.Sm off 1693.Xr pty 4 1694s 1695.Sm on 1696as 1697.Dq biba/equal 1698upon creation. 1699 1700--- 1701security.mac.biba.revocation_enabled 1702bool 1703 1704Revoke access to objects if the label is changed to dominate the subject. 1705 1706--- 1707security.mac.enforce_fs 1708bool 1709 1710Enforce MAC policies for file system accesses. 1711 1712--- 1713security.mac.enforce_kld 1714bool 1715 1716Enforce MAC policies on 1717.Xr kld 4 . 1718 1719--- 1720security.mac.enforce_network 1721bool 1722 1723Enforce MAC policies on network interfaces. 1724 1725--- 1726security.mac.enforce_pipe 1727bool 1728 1729Enforce MAC policies on pipes. 1730 1731--- 1732security.mac.enforce_process 1733bool 1734 1735Enforce MAC policies between system processes 1736(e.g. 1737.Xr ps 1 , 1738.Xr ktrace 2 ). 1739 1740--- 1741security.mac.enforce_socket 1742bool 1743 1744Enforce MAC policies on sockets. 1745 1746--- 1747security.mac.enforce_system 1748bool 1749 1750Enforce MAC policies on system-related items 1751(e.g. 1752.Xr kenv 1 , 1753.Xr acct 2 , 1754.Xr reboot 2 ). 1755 1756--- 1757security.mac.enforce_vm 1758bool 1759 1760Enforce MAC policies on 1761.Xr mmap 2 1762and 1763.Xr mprotect 2 . 1764 1765--- 1766security.mac.ifoff.lo_enabled 1767bool 1768 1769Use this too disable network traffic over the loopback 1770.Xr lo 4 1771interface. 1772See 1773.Xr mac_ifoff 4 1774for more information. 1775 1776--- 1777security.mac.ifoff.other_enabled 1778bool 1779 1780Use this to enable network traffic over other interfaces. 1781See 1782.Xr mac_ifoff 4 1783for more information. 1784 1785--- 1786security.mac.ifoff.bpfrecv_enabled 1787bool 1788 1789Use this too allow 1790.Xr bpf 4 1791traffic to be received, 1792even while other traffic is disabled. 1793 1794--- 1795security.mac.mls.enabled 1796bool 1797 1798Enables the enforcement of the MLS confidentiality policy, 1799see 1800.Xr mac_mls 4 1801for more information. 1802 1803--- 1804security.mac.mls.ptys_equal 1805bool 1806 1807Label 1808.Sm off 1809.Xr pty 4 1810s 1811.Sm on 1812as 1813.Dq mls/equal 1814upon creation. 1815 1816--- 1817security.mac.mls.revocation_enabled 1818bool 1819 1820Revoke access to objects if the label is changed to a more sensitive 1821level than the subject. 1822 1823--- 1824security.mac.portacl.rules 1825str 1826 1827The port access control list is specified in the following format: 1828 1829.Sy idtype 1830.Li : 1831.Sy id 1832.Li : 1833.Sy protocol 1834.Li : 1835.Sy port 1836.Li [, 1837.Sy idtype 1838.Li : 1839.Sy id 1840.Li : 1841.Sy protocol 1842.Li : 1843.Sy port 1844.Li ,...] 1845 1846.Sy idtype 1847Describes the type of subject match to be performed. 1848Either 1849.Li uid 1850for userid matching, or 1851.Li gid 1852for group ID matching. 1853.Sy id 1854The user or group ID (depending on 1855.Sy idtype ) 1856allowed to bind to the specified port. 1857.Bf -emphasis 1858NOTE: User and group names are not valid; only the actual ID numbers 1859may be used. 1860.Ef 1861.Sy protocol 1862Describes which protocol this entry applies to. 1863Either 1864.Li tcp 1865or 1866.Li udp 1867are supported. 1868.Sy port 1869Describes which port this entry applies to. 1870.Bf -emphasis 1871NOTE: MAC security policies may not override other security system policies 1872by allowing accesses that they may deny, such as 1873.Va net.inet.ip.portrange.reservedlow / 1874.Va net.inet.ip.portrange.reservedhigh . 1875.Ef 1876 1877--- 1878security.mac.seeotheruids.enabled 1879bool 1880 1881Enable/disable 1882.Va security.mac.seeotheruids 1883See 1884.Xr mac_seeotheruids 4 1885for more information. 1886 1887--- 1888security.mac.seeotheruids.primarygroup_enabled 1889bool 1890 1891Allow users to see processes and sockets owned by the same primary 1892group. 1893 1894--- 1895security.mac.seeotheruids.specificgid_enabled 1896bool 1897 1898Allow processes with a specific group ID to be exempt from the policy, 1899set this to 1900.Li 1 1901and set 1902.Va security.mac.seeotheruids.specificgid 1903to the gid to be exempted. 1904 1905--- 1906security.mac_test 1907str 1908 1909Used for debugging. 1910See 1911.Xr mac_test 4 1912for more information. 1913 1914--- 1915user.bc_base_max 1916 1917--- 1918user.bc_dim_max 1919 1920--- 1921user.bc_scale_max 1922 1923--- 1924user.bc_string_max 1925 1926--- 1927user.coll_weights_max 1928 1929--- 1930user.cs_path 1931 1932--- 1933user.line_max 1934 1935--- 1936user.posix2_c_bind 1937 1938--- 1939user.posix2_c_dev 1940 1941--- 1942user.posix2_fort_dev 1943 1944--- 1945user.posix2_fort_run 1946 1947--- 1948user.posix2_localedef 1949 1950--- 1951user.posix2_sw_dev 1952 1953--- 1954user.posix2_upe 1955 1956--- 1957user.posix2_version 1958 1959--- 1960user.re_dup_max 1961 1962--- 1963user.stream_max 1964 1965--- 1966user.tzname_max 1967 1968--- 1969vfs.altbufferflushes 1970 1971--- 1972vfs.bufdefragcnt 1973 1974--- 1975vfs.buffreekvacnt 1976 1977--- 1978vfs.bufmallocspace 1979 1980--- 1981vfs.bufreusecnt 1982 1983--- 1984vfs.bufspace 1985 1986--- 1987vfs.cache.nchstats 1988 1989--- 1990vfs.conflist 1991 1992--- 1993vfs.devfs.generation 1994 1995--- 1996vfs.devfs.inodes 1997 1998--- 1999vfs.devfs.noverflow 2000 2001--- 2002vfs.devfs.topinode 2003 2004--- 2005vfs.dirtybufferflushes 2006 2007--- 2008vfs.dirtybufthresh 2009 2010--- 2011vfs.ffs.adjblkcnt 2012 2013--- 2014vfs.ffs.adjrefcnt 2015 2016--- 2017vfs.ffs.freeblks 2018 2019--- 2020vfs.ffs.freedirs 2021 2022--- 2023vfs.ffs.freefiles 2024 2025--- 2026vfs.ffs.setflags 2027 2028--- 2029vfs.flushwithdeps 2030 2031--- 2032vfs.getnewbufcalls 2033 2034--- 2035vfs.getnewbufrestarts 2036 2037--- 2038vfs.hibufspace 2039 2040--- 2041vfs.hidirtybuffers 2042 2043--- 2044vfs.hifreebuffers 2045 2046--- 2047vfs.hirunningspace 2048 2049--- 2050vfs.lobufspace 2051 2052--- 2053vfs.lodirtybuffers 2054 2055--- 2056vfs.lofreebuffers 2057 2058--- 2059vfs.lorunningspace 2060 2061--- 2062vfs.maxbufspace 2063 2064--- 2065vfs.maxmallocbufspace 2066 2067--- 2068vfs.numdirtybuffers 2069 2070--- 2071vfs.numfreebuffers 2072 2073--- 2074vfs.opv_numops 2075 2076--- 2077vfs.pfs.vncache.entries 2078 2079--- 2080vfs.pfs.vncache.hits 2081 2082--- 2083vfs.pfs.vncache.maxentries 2084 2085--- 2086vfs.pfs.vncache.misses 2087 2088--- 2089vfs.read_max 2090 2091--- 2092vfs.recursiveflushes 2093 2094--- 2095vfs.runningbufspace 2096 2097--- 2098vfs.ufs.dirhash_docheck 2099 2100--- 2101vfs.ufs.dirhash_maxmem 2102 2103--- 2104vfs.ufs.dirhash_mem 2105 2106--- 2107vfs.ufs.dirhash_minsize 2108 2109--- 2110vfs.usermount 2111bool 2112 2113This 2114.Nm 2115allows the root user to grant access to non-root users 2116so that they may mount floppy and CD-ROM drives. 2117 2118--- 2119vfs.vmiodirenable 2120bool 2121 2122Controls how directories are cached by the system. 2123This is turned on by default. See the 2124.Xr tuning 7 2125man page for a more detailed explanation on this 2126variable. 2127 2128--- 2129vfs.write_behind 2130bool 2131 2132Tells the file system to issue media writes as 2133full clusters are collected, which typically 2134occurs when writing large sequential files. 2135This is turned on by default, but under certain 2136circumstances may stall processes and can therefore 2137be turned off. 2138 2139--- 2140vm.disable_swapspace_pageouts 2141 2142--- 2143vm.dmmax 2144 2145--- 2146vm.kvm_free 2147 2148--- 2149vm.kvm_size 2150 2151--- 2152vm.loadavg 2153struct 2154 2155Displays the load average history. This is a 2156read-only variable. 2157 2158--- 2159vm.max_launder 2160 2161--- 2162vm.nswapdev 2163int 2164 2165Displays the number of swap devices available 2166to the system. This is a read-only variable. 2167 2168--- 2169vm.pageout_full_stats_interval 2170 2171--- 2172vm.pageout_lock_miss 2173 2174--- 2175vm.pageout_stats_free_max 2176 2177--- 2178vm.pageout_stats_interval 2179 2180--- 2181vm.pageout_stats_max 2182 2183--- 2184vm.stats.sys.v_intr 2185 2186--- 2187vm.stats.sys.v_soft 2188 2189--- 2190vm.stats.sys.v_swtch 2191 2192--- 2193vm.stats.sys.v_syscall 2194 2195--- 2196vm.stats.sys.v_trap 2197 2198--- 2199vm.stats.vm.v_cow_faults 2200 2201--- 2202vm.stats.vm.v_cow_optim 2203 2204--- 2205vm.stats.vm.v_forkpages 2206 2207--- 2208vm.stats.vm.v_forks 2209 2210--- 2211vm.stats.vm.v_intrans 2212 2213--- 2214vm.stats.vm.v_kthreadpages 2215 2216--- 2217vm.stats.vm.v_kthreads 2218 2219--- 2220vm.stats.vm.v_ozfod 2221 2222--- 2223vm.stats.vm.v_pdpages 2224 2225--- 2226vm.stats.vm.v_pdwakeups 2227 2228--- 2229vm.stats.vm.v_reactivated 2230 2231--- 2232vm.stats.vm.v_rforkpages 2233 2234--- 2235vm.stats.vm.v_rforks 2236 2237--- 2238vm.stats.vm.v_swapin 2239 2240--- 2241vm.stats.vm.v_swapout 2242 2243--- 2244vm.stats.vm.v_swappgsin 2245 2246--- 2247vm.stats.vm.v_swappgsout 2248 2249--- 2250vm.stats.vm.v_vforkpages 2251 2252--- 2253vm.stats.vm.v_vforks 2254 2255--- 2256vm.stats.vm.v_vm_faults 2257 2258--- 2259vm.stats.vm.v_vnodein 2260 2261--- 2262vm.stats.vm.v_vnodeout 2263 2264--- 2265vm.stats.vm.v_vnodepgsin 2266 2267--- 2268vm.stats.vm.v_vnodepgsout 2269 2270--- 2271vm.stats.vm.v_zfod 2272 2273--- 2274vm.swap_async_max 2275int 2276 2277The maximum number of in-progress async operations 2278that may be performed. 2279 2280--- 2281vm.swap_enabled 2282bool 2283 2284Determines whether or not processes may swap. 2285 2286--- 2287vm.swap_idle_enabled 2288 2289See 2290.Xr tuning 7 2291for a detailed explanation of this 2292.Nm . 2293 2294--- 2295vm.swap_info 2296 2297--- 2298vm.vmtotal 2299string 2300 2301Displays virtual memory statistics which are collected 2302at five second intervals. 2303 2304--- 2305vm.zone 2306string 2307 2308Shows memory used by the kernel zone allocator, by zone. 2309This information can also be found by using the 2310.Xr vmstat 8 2311command. 2312 2313--- 2314 2315