tunables.mdoc revision 254147
1# $FreeBSD: head/tools/tools/sysdoc/tunables.mdoc 254147 2013-08-09 15:31:50Z obrien $ 2--- 3debug.disablecwd 4bool 5 6Determines whether or not the 7.Xr getwcd 3 8system call should be allowed. 9 10--- 11debug.disablefullpath 12bool 13 14Determines whether or not the 15.Fn vn_fullpath 16function may be used. 17 18--- 19debug.dobkgrdwrite 20bool 21 22Determines if background writes should be performed. 23 24--- 25debug.hashstat.nchash 26struct 27 28Displays nchash chain lengths. This is a read-only 29variable. 30 31--- 32debug.hashstat.rawnchash 33 34--- 35debug.ieee80211 36bool 37 38This 39.Nm 40allows you to enable or disable debugging for 802.11 devices. 41 42--- 43debug.kdb.available 44variable 45 46Used to retrieve a list of currently available debugger backends. 47 48--- 49debug.kdb.current 50variable 51 52Allows for the selection of the debugger backend 53which is used to handle debugger requests. 54 55--- 56debug.kdb.enter 57variable 58 59When written to, the system should break to the debugger. 60 61--- 62debug.malloc.failure_count 63bool 64 65Number of times a coerced malloc failure has occurred as a 66result of 67.Va debug.malloc.failure_rate . 68Useful for tracking what might have happened 69and whether failures are being generated. 70 71--- 72debug.malloc.failure_rate 73bool 74 75Debugging feature causing 76.Dv M_NOWAIT 77allocations to fail at a specified rate. 78How often to generate a failure: if set to 0 (default), this 79feature is disabled. 80In other words if set to 10 (one in ten 81.Xr malloc 3 82calls will fail). 83 84--- 85debug.rman_debug 86bool 87 88This 89.Nm 90allows you to enable or disable debugging for 91.Xr rman 9 , 92the 93.Fx 94resource manager. 95 96--- 97debug.sizeof.bio 98 99--- 100debug.sizeof.buf 101 102--- 103debug.sizeof.cdev 104 105--- 106debug.sizeof.devstat 107 108--- 109debug.sizeof.kinfo_proc 110 111--- 112debug.sizeof.proc 113 114--- 115debug.sizeof.vnode 116 117--- 118debug.vnlru_nowhere 119 120--- 121hw.acpi.cpu.current_speed 122bool 123 124Display the current CPU speed. 125This is adjustable, but doing so is not recommended. 126 127--- 128hw.acpi.cpu.max_speed 129int 130 131Allows you to change the stepping for processor speed 132on machines which support 133.Xr acpi 4 . 134 135--- 136hw.acpi.disable_on_poweroff 137bool 138 139Some systems using 140.Xr acpi 4 141have problems powering off when shutting down with 142.Xr acpi 4 143enabled. This 144.Nm 145disables 146.Xr acpi 4 147when rebooting and shutting down. 148 149--- 150hw.acpi.s4bios 151bool 152 153This 154.Nm 155determines whether or not the S4BIOS sleep implementation 156should be used. 157 158--- 159hw.acpi.sleep_delay 160int 161 162Set the sleep delay for 163.Xr acpi 4 . 164 165--- 166hw.acpi.supported_sleep_state 167bool 168 169List supported 170.Tn ACPI 171sleep states 172 173--- 174hw.acpi.thermal.min_runtime 175 176--- 177hw.acpi.thermal.polling_rate 178int 179 180The interval in seconds that should be used to check 181the current system temperature. 182 183--- 184hw.acpi.thermal.tz0.temperature 185str 186 187Displays the current temperature. 188This is a read-only variable. 189 190--- 191hw.acpi.thermal.tz0.thermal_flags 192 193--- 194hw.acpi.verbose 195bool 196 197Determines whether or not 198.Xr acpi 4 199should be verbose. 200 201--- 202hw.ata.ata_dma 203bool 204 205Allows the enabling and disabling of DMA for 206ATA devices. 207 208--- 209hw.ata.atapi_dma 210bool 211 212Allows the enabling and disabling of DMA for 213atapi devices, such as CD-ROM drives. 214 215--- 216hw.ata.tags 217bool 218 219An experimental feature for IDE hard drives which 220allows write caching to be turned on. 221Please read the 222.Xr tuning 7 223manual page carefully before using this. 224 225--- 226hw.ata.wc 227bool 228 229Determines whether or not IDE write caching should 230be turned on or off. 231See 232.Xr tuning 7 233for more information. 234 235--- 236hw.bus.devctl_disable 237bool 238 239This can be used to turn off 240.Xr devctl 4 241when no 242.Xr devd 8 243is running. 244 245--- 246hw.bus.devices 247 248--- 249hw.bus.info 250int 251 252This is an internally used function that returns 253the kernel bus interface version. 254 255--- 256hw.bus.rman 257 258--- 259hw.busdmafree_bpages 260 261--- 262hw.busdma.reserved_bpages 263 264--- 265hw.busdma.active_bpages 266 267--- 268hw.busdma.total_bpages 269 270--- 271hw.busdma.total_bounced 272 273--- 274hw.busdma.total_deferred 275 276--- 277hw.byteorder 278int 279 280Returns the system byte order. 281This is a read-only variable. 282 283--- 284hw.cardbus.cis_debug 285 286--- 287hw.cardbus.debug 288 289--- 290hw.cbb.debug 291 292--- 293hw.cbb.start_16_io 294 295--- 296hw.cbb.start_32_io 297 298--- 299hw.cbb.start_memory 300 301--- 302hw.floatingpoint 303bool 304 305Reports true if the machine has a floating point processor. 306This is a read-only variable. 307 308--- 309hw.fxp0.bundle_max 310int 311 312Controls the receive interrupt microcode bundle size limit 313for the 314.Xr fxp 4 315device. 316 317--- 318hw.fxp0.int_delay 319int 320 321Controls the receive interrupt microcode bundling delay 322for the 323.Xr fxp 4 324device. 325 326--- 327hw.fxp_noflow 328bool 329 330Disables flow control support on 331.Xr fxp 4 332cards. 333When flow control is enabled, and if the operating system 334does not acknowledge the packet buffer filling, 335the card will begin to generate Ethernet quench 336packets, but appears to get into a feedback 337loop of some sort, hosing local switches. 338This is a workaround for this issue. 339 340--- 341hw.fxp_rnr 342int 343 344Set the amount of times that a no-resource 345condition may occur before the 346.Xr fxp 4 347device may restart. 348 349--- 350hw.instruction_sse 351bool 352 353Returns true if SSE support is enabled in the kernel. 354This is a read-only variable. 355 356--- 357hw.intrcnt 358bool 359 360Displays a list of interrupt counters. 361This is a read-only variable. 362 363--- 364hw.intrnames 365str 366 367Displays a list of zero-terminated interrupt 368names. This is a read-only variable. 369 370--- 371hw.kbd.keymap_restrict_change 372bool 373 374This sysctl acts as a sort of secure-level, allowing 375control of the console keymap. 376Giving this a value of 1 means that only the 377root user can change restricted keys 378(like boot, panic...). 379A value of 2 means that only root 380can change restricted keys and regular keys. 381Regular users still can change accents and function keys. 382A value of 3 means only root can change restricted, 383regular and accent keys, while a value of 4 means that 384no changes to the keymap are 385allowed by anyone other than the root user. 386 387--- 388hw.machine 389str 390 391Displays the machine class. 392This is a read-only variable. 393 394--- 395hw.machine_arch 396str 397 398Displays the current architecture. 399This is a read-only variable. 400 401--- 402hw.model 403str 404 405Displays the model information of the current running hardware. 406This is a read-only variable. 407 408--- 409hw.ncpu 410bool 411 412Report the number of CPU's in the system. 413This is a read-only variable. 414 415--- 416hw.pagesize 417int 418 419Displays the current 420.Xr pagesize 1 . 421This is a read-only variable. 422 423--- 424hw.pccard.cis_debug 425int 426 427Allows debugging to be turned on or off for 428CIS. 429 430--- 431hw.pccard.debug 432bool 433 434Determines whether or not to use debugging for the 435PC Card bus driver. 436 437--- 438hw.pci.allow_unsupported_io_range 439bool 440 441Some machines do not detect their CardBus slots correctly 442because they use unsupported I/O ranges. 443This 444.Nm 445allows FreeBSD to use those ranges. 446 447--- 448hw.pci.enable_io_modes 449 450--- 451hw.snd.pcm0.ac97rate 452 453--- 454hw.snd.verbose 455int 456 457Control the level of verbosity for the 458.Pa /dev/sndstat 459device. See the 460.Xr pcm 4 461man page for more information on debug 462levels. 463 464--- 465hw.snd.report_soft_formats 466bool 467 468Controls the internal format conversion if it is available 469transparently to the application software. 470See 471.Xr pcm 4 472for more information. 473 474--- 475hw.syscons.bell 476bool 477 478Allows you to control whether or not to use the 'bell' 479while using the console. This is turned on by default. 480 481--- 482hw.syscons.saver.keybonly 483bool 484 485This variable tells the system that the screen saver 486may only wake up if the keyboard is used. This means 487that log messages that are pushed to the console will 488not cause the screen saver to stop, and display the log 489message will not display. This can be disabled to mimic 490the behavior of older syscons. 491 492--- 493hw.syscons.sc_no_suspend_vtswitch 494bool 495 496Disables switching between virtual terminals during suspend 497or resume. See 498.Xr syscons 4 499for more information. 500 501--- 502hw.wi.debug 503bool 504 505Controls the level of debugging for 506.Xr wi 4 507devices. 508 509--- 510hw.wi.txerate 511int 512 513This value allows controls the maximum amount of error 514messages per second. 515Giving this 516.Nm 517a value of 0 (zero) disables error messages completely. 518 519--- 520kern.acct_chkfreq 521int 522 523Specifies the frequency (in minutes) with which free disk 524space should be checked. 525This is used in conjunction with 526.Va kern.acct_resume 527and 528.Va kern.acct_suspend. 529 530--- 531kern.acct_resume 532int 533 534The percentage of free disk space above which process 535accounting will resume. 536 537--- 538kern.acct_suspend 539int 540 541The percentage of free disk space below which process 542accounting stops. 543 544--- 545kern.argmax 546bool 547 548The maximum number of bytes that can be 549used in an argument to 550.Xr execve 2 . 551This is basically the maximum number of 552characters which can be used in a single 553command line. 554On some rare occasions, this value needs 555altering. 556If so, please check out the 557.Xr xargs 1 558utility. 559 560--- 561kern.bootfile 562str 563 564The kernel which was used to boot the system. 565 566--- 567kern.boottime 568str 569 570The time at which the current kernel became 571active after the system booted. This is a 572read-only variable. 573 574--- 575kern.chroot_allow_open_directories 576bool 577 578Depending on the setting of this variable, open 579file descriptors which reference directories will 580fail. 581If set to 582.Em 0 , 583.Xr chroot 8 584will always fail with 585.Er EPERM 586if there are any directories open. 587If set to 588.Em 1 589(the default), 590.Xr chroot 8 591will fail with 592.Er EPERM 593if there are any directories open and the 594process is already subject to the 595.Xr chroot 8 596system call. 597Any other value will bypass the check for open directories. 598Please see the 599.Xr chroot 2 600man page for more information. 601 602--- 603kern.clockrate 604struct 605 606Displays information about the system clock. 607This is a read-only variable. 608 609--- 610kern.console 611 612--- 613kern.coredump 614bool 615 616Determines where the kernel should dump a core file 617in the event of a kernel panic. 618 619--- 620kern.corefile 621str 622 623Describes the file name that a core image should be stored to. 624See the 625.Xr core 5 626man page for more information on this variable. 627 628--- 629kern.cp_time 630struct 631 632Contains CPU time statistics. 633This is a read-only variable. 634 635--- 636kern.devname 637struct 638 639An internally used 640.Nm 641that returns suitable device names for the 642.Fn devname 643function. 644See the 645.Xr devname 3 646manual page for more information. 647 648--- 649kern.devstat.all 650struct 651 652An internally used 653.Nm 654that returns current devstat statistics as well 655as the current devstat generation number. 656See the 657.Xr devstat 3 658man page for more information. 659 660--- 661kern.devstat.generation 662 663--- 664kern.devstat.numdevs 665 666--- 667kern.devstat.version 668int 669 670Displays the devstat list version number. 671This is a read-only variable. 672 673--- 674kern.disks 675str 676 677Display disk devices that the kernel is currently 678aware of. 679This is a read-only variable. 680 681--- 682kern.domainname 683str 684 685This shows the name of the current YP/NIS domain. 686 687--- 688kern.drainwait 689int 690 691The time to wait after dropping DTR to the given number. 692The units are measured in hundredths of a second. 693The default is 300 hundredths, 694i.e., 3 seconds. 695This option is needed mainly to set proper recover 696time after modem resets. 697 698--- 699kern.elf32.fallback_brand 700 701--- 702kern.fallback_elf_brand 703 704--- 705kern.file 706struct 707 708Returns the entire file structure. 709 710--- 711kern.function_list 712struct 713 714Returns all functions names in the kernel. 715 716--- 717kern.geom.confdot 718 719--- 720kern.geom.conftxt 721 722--- 723kern.geom.confxml 724 725--- 726kern.hostid 727int 728 729This 730.Nm 731may contain the IP address of the system. 732 733--- 734kern.hostname 735str 736 737Display the system hostname. 738This can be modified with the 739.Xr hostname 1 740utility. 741 742--- 743kern.init_path 744string 745 746The path to search for the 747.Xr init 8 748process. 749This is a read-only variable. 750 751--- 752kern.iov_max 753 754--- 755kern.ipc.clust_hiwm 756 757--- 758kern.ipc.clust_lowm 759 760--- 761kern.ipc.maxsockbuf 762int 763 764The maximum buffer size that may be allocated for sockets. 765See 766.Xr getsockopt 2 767for more information. 768 769--- 770kern.ipc.maxsockets 771int 772 773The maximum number of sockets available. 774 775--- 776kern.ipc.mb_statpcpu 777 778--- 779kern.ipc.mbstat 780 781--- 782kern.ipc.mbuf_hiwm 783 784--- 785kern.ipc.mbuf_lowm 786 787--- 788kern.ipc.mbuf_wait 789 790--- 791kern.ipc.msqids 792 793--- 794kern.ipc.nmbclusters 795bool 796 797Maximum number of mbuf clusters available. 798The kernel uses a preallocated pool of 799.Dq mbuf clusters 800for the 801.Xr mbuf 9 802allocator. 803The pool size is tuned by the kernel during boot. 804That size is set to a value which seems appropriate 805for the current system. 806 807--- 808kern.ipc.nmbcnt 809 810--- 811kern.ipc.nmbufs 812 813--- 814kern.ipc.nsfbufs 815 816--- 817kern.ipc.numopensockets 818 819--- 820kern.ipc.somaxconn 821int 822 823The maximum pending socket connection queue size. 824 825--- 826kern.ipc.zero_copy.receive 827bool 828 829When set to a non-zero value, zero copy is 830enabled for received packets. 831This reduces copying of data around for 832outgoing packets and can significantly 833improve throughput for network connections. 834 835--- 836kern.ipc.zero_copy.send 837bool 838 839When set to a non-zero value, zero copy is 840enabled for sent packets. 841This reduces copying of data around for outgoing 842packets and can significantly improve throughput 843for network connections. 844 845--- 846kern.job_control 847bool 848 849Reports whether or not job control is available. 850This is a read-only variable. 851 852--- 853kern.kq_calloutmax 854 855--- 856kern.lastpid 857int 858 859Displays the last PID used by a process. 860This is a read-only variable. 861 862--- 863kern.logsigexit 864bool 865 866Tells the kernel whether or not to log fatal signal exits. 867 868--- 869kern.malloc 870str 871 872Displays how memory is currently being allocated. 873This is a read-only variable. 874 875--- 876kern.maxfiles 877int 878 879The maximum number of files allowed for all the 880processes of the running kernel. 881You can override the default value which the 882kernel calculates by explicitly setting this to 883a non-zero value. 884Also see the 885.Xr tuning 7 886man page for more information. 887 888--- 889kern.maxfilesperproc 890int 891 892The maximum number of files any one process can open. 893See the 894.Xr ps 1 895utility for more information on monitoring processes. 896 897--- 898kern.maxproc 899int 900 901The maximum number of processes that the system 902can be running at any time. 903See the 904.Xr ps 1 905utility for more information on monitoring processes. 906 907--- 908kern.maxprocperuid 909int 910 911The maximum number of processes one user ID can run. 912See the 913.Xr ps 1 914utility for more information on monitoring processes. 915 916--- 917kern.maxusers 918int 919 920Controls the scaling of a number of static system tables, including 921defaults for the maximum number of open files, sizing of network 922memory resources, etc. 923See the 924.Xr tuning 7 925man page for more information. 926This 927.Nm 928cannot be set using 929.Xr sysctl 8 . 930Use 931.Xr loader 8 932instead to set this at boot time. 933 934--- 935kern.maxvnodes 936bool 937 938The maximum number of 939.Em vnodes 940(virtual file system nodes) 941the system can have open simultaneously. 942 943--- 944kern.minvnodes 945bool 946 947The minimun number of 948.Em vnodes 949(virtual file system nodes) 950the system can have open simultaneously. 951 952--- 953kern.module_path 954str 955 956This 957.Nm 958holds a colon-separated list of directories in which the 959kernel will search for loadable kernel modules. 960This path is search when using commands such as 961.Xr kldload 8 962and 963.Xr kldunload 8 . 964 965--- 966kern.msgbuf 967string 968 969Contains the kernel message buffer. 970 971--- 972kern.msgbuf_clear 973bool 974 975Giving this 976.Nm 977a value of 1 (one) will cause the kernel message buffer to 978be cleared. It should be noted though, that the 979.Nm 980will then automatically revert back to it's original 981value of 0 (zero). 982 983--- 984kern.ngroups 985int 986 987Contains the maximum number of groups that a 988user may belong to. 989This is a read-only variable. 990 991--- 992kern.openfiles 993int 994 995Shows the current amount of system-wide 996open files. 997This is useful when used in conjunction 998with 999.Va kern.maxfiles 1000for tuning your system. 1001This is a read-only variable. 1002 1003--- 1004kern.osreldate 1005string 1006 1007Displays the kernel release date. 1008This is a read-only variable. 1009 1010--- 1011kern.osrelease 1012str 1013 1014Displays the current version of 1015.Fx 1016running. 1017This is a read-only variable. 1018 1019--- 1020kern.osrevision 1021string 1022 1023Displays the operating system revision. 1024This is a read-only variable. 1025 1026--- 1027kern.ostype 1028str 1029 1030Alter the name of the current operating system. 1031Changing this will change the output from 1032the 1033.Xr uname 1 1034utility. 1035Changing the default is not recommended. 1036 1037--- 1038kern.posix1version 1039string 1040 1041Returns the version of 1042.Tn POSIX 1043that the system 1044is attempting to comply with. 1045This is a read-only variable. 1046 1047--- 1048kern.proc.all 1049 1050--- 1051kern.proc.args 1052int 1053 1054Allows a process to retrieve the argument list 1055or process title for another process without 1056looking in the address space of another program. 1057This is a read-only variable. 1058 1059--- 1060kern.proc.pgrp 1061 1062--- 1063kern.proc.pid 1064struct 1065 1066This internally used 1067.Nm 1068may be used to extract process information. See 1069.Xr sysctl 3 1070for an example. 1071 1072--- 1073kern.proc.ruid 1074 1075--- 1076kern.proc.tty 1077 1078--- 1079kern.proc.uid 1080 1081--- 1082kern.ps_argsopen 1083bool 1084 1085By setting this to 0, command line arguments are hidden 1086for processes which you are not running. 1087This is useful on multi-user machines where things 1088like passwords might accidentally be added to command 1089line programs. 1090 1091--- 1092 1093kern.quantum 1094 1095--- 1096kern.random.adaptors 1097str 1098 1099Displays registered PRNG adaptors. 1100This is a read-only variable. 1101 1102--- 1103kern.random.sys.burst 1104 1105--- 1106kern.random.sys.harvest.ethernet 1107 1108--- 1109kern.random.sys.harvest.interrupt 1110 1111--- 1112kern.random.sys.harvest.point_to_point 1113 1114--- 1115kern.random.sys.harvest.swi 1116 1117--- 1118kern.random.sys.seeded 1119 1120--- 1121kern.random.yarrow.bins 1122 1123--- 1124kern.random.yarrow.fastthresh 1125 1126--- 1127kern.random.yarrow.gengateinterval 1128 1129--- 1130kern.random.yarrow.slowoverthresh 1131 1132--- 1133kern.random.yarrow.slowthresh 1134 1135--- 1136kern.randompid 1137 1138--- 1139kern.rootdev 1140string 1141 1142Displays the current root file system device. This 1143is a read-only variable. 1144 1145--- 1146kern.saved_ids 1147bool 1148 1149Displays whether or not saved set-group/user ID is 1150available. This is a read-only variable. 1151 1152--- 1153kern.securelevel 1154bool 1155 1156The current kernel security level. 1157See the 1158.Xr init 8 1159manual page for a good description 1160about what a security level is. 1161 1162--- 1163kern.sugid_coredump 1164bool 1165 1166By default, a process that changes user or group credentials whether 1167real or effective will not create a corefile. 1168This behavior can be changed to generate a core dump by 1169setting this variable to 1. 1170 1171--- 1172kern.sync_on_panic 1173bool 1174 1175In the event of a panic, this variable controls whether or not the 1176system should try and 1177.Xr sync 8 . 1178In some circumstances, this could cause a double panic, and as a result, 1179this may be turned off if needed. 1180 1181--- 1182kern.threads.debug 1183bool 1184 1185Determines whether to use debugging for kernel threads. 1186This is useful for testing. 1187 1188--- 1189kern.threads.max_groups_per_proc 1190 1191--- 1192kern.threads.max_threads_hits 1193 1194--- 1195kern.threads.max_threads_per_proc 1196 1197--- 1198kern.threads.virtual_cpu 1199int 1200 1201The maximum amount of virtual CPU's that be used for 1202threading. 1203 1204--- 1205kern.tty_nin 1206 1207--- 1208kern.tty_nout 1209 1210--- 1211kern.ttys 1212bool 1213 1214Used internally by the 1215.Xr pstat 8 1216command. 1217This is a read-only variable. 1218 1219--- 1220kern.version 1221str 1222 1223Displays the current kernel version information. 1224This is a read-only variable. 1225 1226--- 1227machdep.acpi_root 1228 1229--- 1230machdep.cpu_idle_hlt 1231bool 1232 1233Halt idle CPUs. 1234This is good for an SMP system. 1235 1236--- 1237machdep.disable_mtrrs 1238 1239--- 1240machdep.guessed_bootdev 1241 1242--- 1243machdep.hyperthreading_allowed 1244bool 1245 1246Setting this tunable to zero disables 1247the use of additional logical processors 1248provided by Intel HTT technology. 1249 1250--- 1251machdep.panic_on_nmi 1252 1253--- 1254machdep.siots 1255 1256--- 1257net.inet.accf.unloadable 1258 1259--- 1260net.inet.icmp.bmcastecho 1261 1262--- 1263net.inet.icmp.drop_redirect 1264 1265--- 1266net.inet.icmp.icmplim 1267 1268--- 1269net.inet.icmp.icmplim_output 1270 1271--- 1272net.inet.icmp.log_redirect 1273 1274--- 1275net.inet.icmp.maskfake 1276 1277--- 1278net.inet.icmp.maskrepl 1279 1280--- 1281net.inet.ip.accept_sourceroute 1282bool 1283 1284Controls forwarding of source-routed IP packets. 1285 1286--- 1287net.inet.ip.check_interface 1288bool 1289 1290This 1291.Nm 1292verifies that packets arrive on the correct interfaces. 1293 1294--- 1295net.inet.ip.fastforwarding 1296bool 1297 1298When fast forwarding is enabled, IP packets are forwarded directly to 1299the appropriate network interface with a minimal validity checking, 1300which greatly improves throughput. 1301Please see the 1302.Xr inet 4 1303man page for more information. 1304 1305--- 1306net.inet.ip.forwarding 1307bool 1308 1309Act as a gateway machine and forward packets. 1310This can also be configured using the 1311gateway_enable value in 1312.Pa /etc/rc.conf 1313 1314--- 1315net.inet.ip.fw.one_pass 1316int 1317 1318--- 1319net.inet.ip.intr_queue_drops 1320 1321--- 1322net.inet.ip.intr_queue_maxlen 1323 1324--- 1325net.inet.ip.keepfaith 1326bool 1327 1328This is used in conjunction with 1329.Xr faithd 8 1330to control the FAITH IPv6/v4 translator daemon. 1331 1332--- 1333net.inet.ip.maxfragpackets 1334 1335--- 1336net.inet.ip.maxfragsperpacket 1337 1338--- 1339net.inet.ip.redirect 1340bool 1341 1342Controls the sending of ICMP redirects in response to unforwardable IP 1343packets. 1344 1345--- 1346net.inet.ip.rtexpire 1347int 1348 1349Lifetime in seconds of protocol-cloned IP routes after the last 1350reference drops (default one hour). 1351 1352--- 1353net.inet.ip.rtmaxcache 1354int 1355 1356Trigger level of cached, unreferenced, protocol-cloned 1357routes which initiates dynamic adaptation. 1358 1359--- 1360net.inet.ip.rtminexpire 1361int 1362 1363See 1364.Xr inet 4 1365for more information. 1366 1367--- 1368net.inet.ip.sendsourcequench 1369bool 1370 1371This 1372.Nm 1373enables or disables the transmission of 1374source quench packets. 1375 1376--- 1377net.inet.ip.sourceroute 1378bool 1379 1380Determines whether or not source routed IP packets 1381should be forwarded. 1382 1383--- 1384net.inet.ip.stats 1385 1386--- 1387net.inet.ip.ttl 1388int 1389 1390The TTL (time-to-live) to use for outgoing packets. 1391 1392--- 1393net.inet.raw.maxdgram 1394 1395--- 1396net.inet.raw.olddiverterror 1397 1398--- 1399net.inet.raw.pcblist 1400 1401--- 1402net.inet.raw.recvspace 1403 1404--- 1405net.inet.tcp.always_keepalive 1406bool 1407 1408Determines whether or not to attempt to detect dead TCP 1409connections by sending 'keepalives' intermittently. This 1410is enabled by default and can also be configured using the 1411tcp_keepalive value in 1412.Pa /etc/rc.conf 1413 1414--- 1415net.inet.tcp.blackhole 1416bool 1417 1418Manipulates system behavior when 1419connection requests are received on a 1420TCP port without a socket listening. 1421See the 1422.Xr blackhole 4 1423man page for more information. 1424 1425--- 1426net.inet.tcp.delacktime 1427 1428--- 1429net.inet.tcp.delayed_ack 1430bool 1431 1432Historically speaking, this feature was designed to allow the 1433acknowledgment to transmitted data to be returned along with the 1434response. See the 1435.Xr tuning 7 1436man page for more information. 1437 1438--- 1439net.inet.tcp.do_tcpdrain 1440 1441--- 1442net.inet.tcp.getcred 1443 1444--- 1445net.inet.tcp.icmp_may_rst 1446 1447--- 1448net.inet.tcp.inflight_debug 1449bool 1450 1451Control debugging for the 1452.Va net.inet.tcp.inflight_enable 1453.Nm . 1454Please see the 1455.Xr tuning 7 1456man page for more information. 1457 1458--- 1459net.inet.tcp.inflight_enable 1460bool 1461 1462Turns on bandwidth delay product limiting for all 1463TCP connections. Please see the 1464.Xr tuning 7 1465man page for more information. 1466 1467--- 1468net.inet.tcp.inflight_max 1469bool 1470 1471.Em double check 1472The maximum amount of data that may be queued for 1473bandwidth delay product limiting. 1474 1475--- 1476net.inet.tcp.inflight_min 1477bool 1478 1479.Em double check 1480The minimum amount of data that may be queued for 1481bandwidth delay product limiting. 1482 1483--- 1484net.inet.tcp.inflight_stab 1485bool 1486 1487This parameter represents the maximal packets 1488added to the bandwidth delay product window 1489calculation. Changing this is not recommended. 1490 1491--- 1492net.inet.tcp.isn_reseed_interval 1493 1494--- 1495net.inet.tcp.local_slowstart_flightsize 1496 1497--- 1498net.inet.tcp.log_in_vain 1499bool 1500 1501Allows the system to log connections to TCP 1502ports that do not have sockets listening. 1503This variable can also be tuned by changing 1504the value for log_in_vain 1505in 1506.Pa /etc/rc.conf 1507 1508--- 1509net.inet.tcp.minmss 1510bool 1511 1512Enable for network link optimization TCP can adjust its MSS and thus 1513packet size according to the observed path MTU. This is done 1514dynamically based on feedback from the remote host and network 1515components along the packet path. This information can be 1516abused to pretend an extremely low path MTU. 1517 1518--- 1519net.inet.tcp.minmssoverload 1520bool 1521 1522The PSS rate for the 1523.Va net.inet.tcp.minmss 1524sysctl. 1525Setting this will force packets to be reset 1526and dropped, this should hinder the availability 1527of DoS attacks on WWW servers using POST attacks. 1528 1529--- 1530net.inet.tcp.msl 1531 1532--- 1533net.inet.tcp.mssdflt 1534bool 1535 1536This is the default TCP Maximum Segment Size 1537for TCP packets. The default setting is recommended 1538in most cases. 1539 1540--- 1541net.inet.tcp.v6mssdflt 1542bool 1543 1544This is the default TCP Maximum Segment Size 1545for TCP IPv6 packets. The default setting is recommend 1546in most cases. 1547 1548--- 1549net.inet.tcp.newreno 1550 1551--- 1552net.inet.tcp.path_mtu_discovery 1553 1554--- 1555net.inet.tcp.pcbcount 1556 1557--- 1558net.inet.tcp.pcblist 1559 1560--- 1561net.inet.tcp.recvspace 1562bool 1563 1564This variables controls the amount of receive 1565buffer space for any given TCP connection. This 1566can be particularly useful when tuning network 1567applications. See the 1568.Xr tuning 7 1569man page for more information. 1570 1571--- 1572net.inet.tcp.rexmit_min 1573 1574--- 1575net.inet.tcp.rexmit_slop 1576 1577--- 1578net.inet.tcp.rfc1323 1579bool 1580 1581Determines whether support for RFC1323 (TCP Extensions 1582for High Performance) should be enabled. 1583This variable can also be tuned by changing the value 1584for tcp_extensions in 1585.Pa /etc/rc.conf 1586 1587--- 1588net.inet.tcp.rfc1644 1589 1590--- 1591net.inet.tcp.rfc3042 1592 1593--- 1594net.inet.tcp.rfc3390 1595 1596--- 1597net.inet.tcp.sendspace 1598bool 1599 1600This variables controls the amount of send 1601buffer space for any given TCP connection. This 1602can be particularly useful when tuning network 1603applications. See the 1604.Xr tuning 7 1605manual page for more information. 1606 1607--- 1608net.inet.tcp.slowstart_flightsize 1609 1610--- 1611net.inet.tcp.stats 1612 1613--- 1614net.inet.tcp.syncache.bucketlimit 1615 1616--- 1617net.inet.tcp.syncache.cachelimit 1618 1619--- 1620net.inet.tcp.syncache.count 1621 1622--- 1623net.inet.tcp.syncache.hashsize 1624 1625--- 1626net.inet.tcp.syncache.rexmtlimit 1627 1628--- 1629net.inet.tcp.syncookies 1630 1631--- 1632net.inet.tcp.tcbhashsize 1633 1634--- 1635net.inet.tcp.v6mssdflt 1636 1637--- 1638net.inet.udp.blackhole 1639bool 1640 1641Manipulates system behavior when 1642connection requests are received on a 1643UDP port. 1644See the 1645.Xr blackhole 4 1646man page for more information. 1647 1648--- 1649net.inet.udp.getcred 1650 1651--- 1652net.inet.udp.log_in_vain 1653bool 1654 1655Allows the system to log connections to UDP 1656ports that do not have sockets listening. 1657This variable can also be tuned by changing 1658the value for log_in_vain 1659in 1660.Pa /etc/rc.conf 1661 1662--- 1663net.inet.udp.maxdgram 1664 1665--- 1666net.inet.udp.pcblist 1667 1668--- 1669net.inet.udp.recvspace 1670 1671--- 1672net.inet.udp.stats 1673 1674--- 1675net.inet6.icmp6.errppslimit 1676 1677--- 1678net.inet6.icmp6.nd6_debug 1679 1680--- 1681net.inet6.icmp6.nd6_delay 1682 1683--- 1684net.inet6.icmp6.nd6_maxnudhint 1685 1686--- 1687net.inet6.icmp6.nd6_mmaxtries 1688 1689--- 1690net.inet6.icmp6.nd6_prune 1691 1692--- 1693net.inet6.icmp6.nd6_umaxtries 1694 1695--- 1696net.inet6.icmp6.nd6_useloopback 1697 1698--- 1699net.inet6.icmp6.nodeinfo 1700 1701--- 1702net.inet6.icmp6.rediraccept 1703 1704--- 1705net.inet6.icmp6.redirtimeout 1706 1707--- 1708net.inet6.tcp6.getcred 1709 1710--- 1711net.inet6.udp6.getcred 1712 1713--- 1714net.isr.enable 1715 1716--- 1717net.link.ether.inet.log_arp_movements 1718 1719--- 1720net.link.ether.inet.log_arp_wrong_iface 1721 1722--- 1723net.link.ether.ipfw 1724 1725--- 1726net.link.generic.ifdata 1727 1728--- 1729net.link.generic.system.ifcount 1730 1731--- 1732net.link.gif.max_nesting 1733bool 1734 1735Determines whether to allow recursive tunnels or not. 1736 1737--- 1738net.link.gif.parallel_tunnels 1739bool 1740 1741Determines whether to allow parallel tunnels or not. 1742 1743--- 1744net.local.dgram.pcblist 1745 1746--- 1747net.local.stream.pcblist 1748 1749--- 1750security.bsd.see_other_uids 1751bool 1752 1753Turning this option on will prevent users from viewing information 1754about processes running under other user id numbers (UIDs). 1755 1756--- 1757security.bsd.suser_enabled 1758 1759--- 1760security.bsd.unprivileged_proc_debug 1761 1762--- 1763security.bsd.unprivileged_read_msgbuf 1764 1765--- 1766security.jail.set_hostname_allowed 1767bool 1768 1769Determines whether or not the root user 1770within the jail can set the hostname. 1771 1772--- 1773security.jail.socket_unixiproute_only 1774 1775--- 1776security.jail.sysvipc_allowed 1777 1778--- 1779security.mac.biba.enabled 1780bool 1781 1782Enables enforcement of the Biba integrity policy. 1783 1784--- 1785security.mac.biba.ptys_equal 1786bool 1787 1788Label 1789.Sm off 1790.Xr pty 4 1791s 1792.Sm on 1793as 1794.Dq biba/equal 1795upon creation. 1796 1797--- 1798security.mac.biba.revocation_enabled 1799bool 1800 1801Revoke access to objects if the label is changed to dominate the subject. 1802 1803--- 1804security.mac.enforce_fs 1805bool 1806 1807Enforce MAC policies for file system accesses. 1808 1809--- 1810security.mac.enforce_kld 1811bool 1812 1813Enforce MAC policies on 1814.Xr kld 4 . 1815 1816--- 1817security.mac.enforce_network 1818bool 1819 1820Enforce MAC policies on network interfaces. 1821 1822--- 1823security.mac.enforce_pipe 1824bool 1825 1826Enforce MAC policies on pipes. 1827 1828--- 1829security.mac.enforce_process 1830bool 1831 1832Enforce MAC policies between system processes 1833(e.g. 1834.Xr ps 1 , 1835.Xr ktrace 2 ). 1836 1837--- 1838security.mac.enforce_socket 1839bool 1840 1841Enforce MAC policies on sockets. 1842 1843--- 1844security.mac.enforce_system 1845bool 1846 1847Enforce MAC policies on system-related items 1848(e.g. 1849.Xr kenv 1 , 1850.Xr acct 2 , 1851.Xr reboot 2 ). 1852 1853--- 1854security.mac.enforce_vm 1855bool 1856 1857Enforce MAC policies on 1858.Xr mmap 2 1859and 1860.Xr mprotect 2 . 1861 1862--- 1863security.mac.ifoff.lo_enabled 1864bool 1865 1866Use this too disable network traffic over the loopback 1867.Xr lo 4 1868interface. 1869See 1870.Xr mac_ifoff 4 1871for more information. 1872 1873--- 1874security.mac.ifoff.other_enabled 1875bool 1876 1877Use this to enable network traffic over other interfaces. 1878See 1879.Xr mac_ifoff 4 1880for more information. 1881 1882--- 1883security.mac.ifoff.bpfrecv_enabled 1884bool 1885 1886Use this too allow 1887.Xr bpf 4 1888traffic to be received, 1889even while other traffic is disabled. 1890 1891--- 1892security.mac.mls.enabled 1893bool 1894 1895Enables the enforcement of the MLS confidentiality policy, 1896see 1897.Xr mac_mls 4 1898for more information. 1899 1900--- 1901security.mac.mls.ptys_equal 1902bool 1903 1904Label 1905.Sm off 1906.Xr pty 4 1907s 1908.Sm on 1909as 1910.Dq mls/equal 1911upon creation. 1912 1913--- 1914security.mac.mls.revocation_enabled 1915bool 1916 1917Revoke access to objects if the label is changed to a more sensitive 1918level than the subject. 1919 1920--- 1921security.mac.portacl.rules 1922str 1923 1924The port access control list is specified in the following format: 1925 1926.Sy idtype 1927.Li : 1928.Sy id 1929.Li : 1930.Sy protocol 1931.Li : 1932.Sy port 1933.Li [, 1934.Sy idtype 1935.Li : 1936.Sy id 1937.Li : 1938.Sy protocol 1939.Li : 1940.Sy port 1941.Li ,...] 1942 1943.Sy idtype 1944Describes the type of subject match to be performed. 1945Either 1946.Li uid 1947for userid matching, or 1948.Li gid 1949for group ID matching. 1950.Sy id 1951The user or group ID (depending on 1952.Sy idtype ) 1953allowed to bind to the specified port. 1954.Bf -emphasis 1955NOTE: User and group names are not valid; only the actual ID numbers 1956may be used. 1957.Ef 1958.Sy protocol 1959Describes which protocol this entry applies to. 1960Either 1961.Li tcp 1962or 1963.Li udp 1964are supported. 1965.Sy port 1966Describes which port this entry applies to. 1967.Bf -emphasis 1968NOTE: MAC security policies may not override other security system policies 1969by allowing accesses that they may deny, such as 1970.Va net.inet.ip.portrange.reservedlow / 1971.Va net.inet.ip.portrange.reservedhigh . 1972.Ef 1973 1974--- 1975security.mac.seeotheruids.enabled 1976bool 1977 1978Enable/disable 1979.Va security.mac.seeotheruids 1980See 1981.Xr mac_seeotheruids 4 1982for more information. 1983 1984--- 1985security.mac.seeotheruids.primarygroup_enabled 1986bool 1987 1988Allow users to see processes and sockets owned by the same primary 1989group. 1990 1991--- 1992security.mac.seeotheruids.specificgid_enabled 1993bool 1994 1995Allow processes with a specific group ID to be exempt from the policy, 1996set this to 1997.Li 1 1998and set 1999.Va security.mac.seeotheruids.specificgid 2000to the gid to be exempted. 2001 2002--- 2003security.mac_test 2004str 2005 2006Used for debugging. 2007See 2008.Xr mac_test 4 2009for more information. 2010 2011--- 2012user.bc_base_max 2013 2014--- 2015user.bc_dim_max 2016 2017--- 2018user.bc_scale_max 2019 2020--- 2021user.bc_string_max 2022 2023--- 2024user.coll_weights_max 2025 2026--- 2027user.cs_path 2028 2029--- 2030user.line_max 2031 2032--- 2033user.posix2_c_bind 2034 2035--- 2036user.posix2_c_dev 2037 2038--- 2039user.posix2_fort_dev 2040 2041--- 2042user.posix2_fort_run 2043 2044--- 2045user.posix2_localedef 2046 2047--- 2048user.posix2_sw_dev 2049 2050--- 2051user.posix2_upe 2052 2053--- 2054user.posix2_version 2055 2056--- 2057user.re_dup_max 2058 2059--- 2060user.stream_max 2061 2062--- 2063user.tzname_max 2064 2065--- 2066vfs.altbufferflushes 2067 2068--- 2069vfs.bufdefragcnt 2070 2071--- 2072vfs.buffreekvacnt 2073 2074--- 2075vfs.bufmallocspace 2076 2077--- 2078vfs.bufreusecnt 2079 2080--- 2081vfs.bufspace 2082 2083--- 2084vfs.cache.nchstats 2085 2086--- 2087vfs.conflist 2088 2089--- 2090vfs.devfs.generation 2091 2092--- 2093vfs.devfs.inodes 2094 2095--- 2096vfs.devfs.noverflow 2097 2098--- 2099vfs.devfs.topinode 2100 2101--- 2102vfs.dirtybufferflushes 2103 2104--- 2105vfs.dirtybufthresh 2106 2107--- 2108vfs.ffs.adjblkcnt 2109 2110--- 2111vfs.ffs.adjrefcnt 2112 2113--- 2114vfs.ffs.freeblks 2115 2116--- 2117vfs.ffs.freedirs 2118 2119--- 2120vfs.ffs.freefiles 2121 2122--- 2123vfs.ffs.setflags 2124 2125--- 2126vfs.flushwithdeps 2127 2128--- 2129vfs.getnewbufcalls 2130 2131--- 2132vfs.getnewbufrestarts 2133 2134--- 2135vfs.hibufspace 2136 2137--- 2138vfs.hidirtybuffers 2139 2140--- 2141vfs.hifreebuffers 2142 2143--- 2144vfs.hirunningspace 2145 2146--- 2147vfs.lobufspace 2148 2149--- 2150vfs.lodirtybuffers 2151 2152--- 2153vfs.lofreebuffers 2154 2155--- 2156vfs.lorunningspace 2157 2158--- 2159vfs.maxbufspace 2160 2161--- 2162vfs.maxmallocbufspace 2163 2164--- 2165vfs.numdirtybuffers 2166 2167--- 2168vfs.numfreebuffers 2169 2170--- 2171vfs.opv_numops 2172 2173--- 2174vfs.pfs.vncache.entries 2175 2176--- 2177vfs.pfs.vncache.hits 2178 2179--- 2180vfs.pfs.vncache.maxentries 2181 2182--- 2183vfs.pfs.vncache.misses 2184 2185--- 2186vfs.read_max 2187 2188--- 2189vfs.recursiveflushes 2190 2191--- 2192vfs.runningbufspace 2193 2194--- 2195vfs.ufs.dirhash_docheck 2196 2197--- 2198vfs.ufs.dirhash_maxmem 2199 2200--- 2201vfs.ufs.dirhash_mem 2202 2203--- 2204vfs.ufs.dirhash_minsize 2205 2206--- 2207vfs.usermount 2208bool 2209 2210This 2211.Nm 2212allows the root user to grant access to non-root users 2213so that they may mount floppy and CD-ROM drives. 2214 2215--- 2216vfs.vmiodirenable 2217bool 2218 2219Controls how directories are cached by the system. 2220This is turned on by default. See the 2221.Xr tuning 7 2222man page for a more detailed explanation on this 2223variable. 2224 2225--- 2226vfs.write_behind 2227bool 2228 2229Tells the file system to issue media writes as 2230full clusters are collected, which typically 2231occurs when writing large sequential files. 2232This is turned on by default, but under certain 2233circumstances may stall processes and can therefore 2234be turned off. 2235 2236--- 2237vm.defer_swapspace_pageouts 2238 2239--- 2240vm.disable_swapspace_pageouts 2241 2242--- 2243vm.dmmax 2244 2245--- 2246vm.kvm_free 2247 2248--- 2249vm.kvm_size 2250 2251--- 2252vm.loadavg 2253struct 2254 2255Displays the load average history. This is a 2256read-only variable. 2257 2258--- 2259vm.max_launder 2260 2261--- 2262vm.nswapdev 2263int 2264 2265Displays the number of swap devices available 2266to the system. This is a read-only variable. 2267 2268--- 2269vm.pageout_full_stats_interval 2270 2271--- 2272vm.pageout_lock_miss 2273 2274--- 2275vm.pageout_stats_free_max 2276 2277--- 2278vm.pageout_stats_interval 2279 2280--- 2281vm.pageout_stats_max 2282 2283--- 2284vm.stats.sys.v_intr 2285 2286--- 2287vm.stats.sys.v_soft 2288 2289--- 2290vm.stats.sys.v_swtch 2291 2292--- 2293vm.stats.sys.v_syscall 2294 2295--- 2296vm.stats.sys.v_trap 2297 2298--- 2299vm.stats.vm.v_cow_faults 2300 2301--- 2302vm.stats.vm.v_cow_optim 2303 2304--- 2305vm.stats.vm.v_forkpages 2306 2307--- 2308vm.stats.vm.v_forks 2309 2310--- 2311vm.stats.vm.v_intrans 2312 2313--- 2314vm.stats.vm.v_kthreadpages 2315 2316--- 2317vm.stats.vm.v_kthreads 2318 2319--- 2320vm.stats.vm.v_ozfod 2321 2322--- 2323vm.stats.vm.v_pdpages 2324 2325--- 2326vm.stats.vm.v_pdwakeups 2327 2328--- 2329vm.stats.vm.v_reactivated 2330 2331--- 2332vm.stats.vm.v_rforkpages 2333 2334--- 2335vm.stats.vm.v_rforks 2336 2337--- 2338vm.stats.vm.v_swapin 2339 2340--- 2341vm.stats.vm.v_swapout 2342 2343--- 2344vm.stats.vm.v_swappgsin 2345 2346--- 2347vm.stats.vm.v_swappgsout 2348 2349--- 2350vm.stats.vm.v_vforkpages 2351 2352--- 2353vm.stats.vm.v_vforks 2354 2355--- 2356vm.stats.vm.v_vm_faults 2357 2358--- 2359vm.stats.vm.v_vnodein 2360 2361--- 2362vm.stats.vm.v_vnodeout 2363 2364--- 2365vm.stats.vm.v_vnodepgsin 2366 2367--- 2368vm.stats.vm.v_vnodepgsout 2369 2370--- 2371vm.stats.vm.v_zfod 2372 2373--- 2374vm.swap_async_max 2375int 2376 2377The maximum number of in-progress async operations 2378that may be performed. 2379 2380--- 2381vm.swap_enabled 2382bool 2383 2384Determines whether or not processes may swap. 2385 2386--- 2387vm.swap_idle_enabled 2388 2389See 2390.Xr tuning 7 2391for a detailed explanation of this 2392.Nm . 2393 2394--- 2395vm.swap_info 2396 2397--- 2398vm.vmtotal 2399string 2400 2401Displays virtual memory statistics which are collected 2402at five second intervals. 2403 2404--- 2405vm.zone 2406string 2407 2408Shows memory used by the kernel zone allocator, by zone. 2409This information can also be found by using the 2410.Xr vmstat 8 2411command. 2412 2413--- 2414 2415