| 
      sysctl - get or set system information
      #include <sys/param.h>
     #include <sys/sysctl.h>
     int
     sysctl(int  *name,  u_int  namelen,   void   *oldp,   size_t
*oldlenp, void *newp,
             size_t newlen);
     The  sysctl()  function retrieves system information and allows processes
     with appropriate privileges to set system information.   The
information
     available  from  sysctl() consists of integers, strings, and
tables.  Information
 may be retrieved and set from the  command  interface using the
     sysctl(8) utility.
     Unless explicitly noted below, sysctl() returns a consistent
snapshot of
     the data requested.  Consistency is obtained by locking  the
destination
     buffer  into memory so that the data may be copied out without blocking.
     Calls to sysctl() are serialized to avoid deadlock.
     The state is described using a ``Management Information Base
(MIB)''
     style  name, listed in name, which is a namelen length array
of integers.
     The information is copied into the buffer specified by oldp.
The size of
     the buffer is given by the location specified by oldlenp before the call,
     and that location gives the amount of data  copied  after  a
successful
     call.   If  the amount of data available is greater than the
size of the
     buffer supplied, the call supplies as much data as  fits  in
the buffer
     provided and returns with the error code ENOMEM.  If the old
value is not
     desired, oldp and oldlenp should be set to NULL.
     The size of the available data can be determined by  calling
sysctl() with
     a  NULL  parameter for oldp.  The size of the available data
will be returned
 in the location pointed to by oldlenp.  For some  operations, the
     amount of space may change often.  For these operations, the
system attempts
 to round up so that the returned size is large enough
for a call
     to return the data shortly thereafter.
     To  set  a  new  value,  newp is set to point to a buffer of
length newlen
     from which the requested value is to be  taken.   If  a  new
value is not to
     be set, newp should be set to NULL and newlen set to 0.
     The  top  level  names  are  defined  with  a CTL_ prefix in
<sys/sysctl.h>, and
     are as follows.  The next and  subsequent  levels  down  are
found in the include
  files listed here, and described in separate sections
below.
           Name                    Next        level        names           CTL_DDB           ddb/db_var.h              Kernel debugger
           CTL_DEBUG         sys/sysctl.h              Debugging
           CTL_FS            sys/sysctl.h              File  system
           CTL_HW              sys/sysctl.h               Generic
CPU, I/O
           CTL_KERN          sys/sysctl.h              High  kernel limits
           CTL_MACHDEP         sys/sysctl.h               Machine
dependent
           CTL_NET           sys/socket.h              Networking
           CTL_USER          sys/sysctl.h              User-level
           CTL_VFS            ufs/ffs/ffs_extern.h        Virtual
file system
           CTL_VM              uvm/uvm_param.h            Virtual
memory
     For example, the following retrieves the maximum  number  of
processes allowed
 in the system:
           int mib[2], maxproc;
           size_t len;
           mib[0] = CTL_KERN;
           mib[1] = KERN_MAXPROC;
           len = sizeof(maxproc);
           sysctl(mib, 2, &maxproc, &len, NULL, 0);
     To  retrieve  the standard search path for the system utilities:
           int mib[2];
           size_t len;
           char *p;
           mib[0] = CTL_USER;
           mib[1] = USER_CS_PATH;
           sysctl(mib, 2, NULL, &len, NULL, 0);
           p = malloc(len);
           sysctl(mib, 2, p, &len, NULL, 0);
   CTL_DDB    [Toc]    [Back]
     Integer information and settable variables are available for
the CTL_DDB
     level,  as described below.  More information is also available in ddb(4).
           Second        level         name                  Type           DBCTL_CONSOLE              integer              yes
           DBCTL_LOG                  integer              yes
           DBCTL_MAXLINE              integer              yes
           DBCTL_MAXWIDTH             integer              yes
           DBCTL_PANIC                integer              yes
           DBCTL_RADIX                integer              yes
           DBCTL_TABSTOP              integer              yes
     DBCTL_CONSOLE
             When this variable is set, an architecture dependent
magic key
             sequence on the console or a  debugger  button  will
permit entry
             into  the  kernel  debugger.   As  described  in securelevel(7), a security
 level greater than 1 blocks  modification  of
this variable.
     DBCTL_LOG
             When  set,  ddb  output is also logged in the kernel
message buffer.
     DBCTL_MAXLINE
             Determines the number of lines to  page  in  ddb(4).
This variable
             is also available as the ddb $lines variable.
     DBCTL_MAXWIDTH
             Determines  the  maximum  width of a line in ddb(4).
This variable
             is also available as the ddb $maxwidth variable.
     DBCTL_PANIC
             When this variable is set, system  panics  may  drop
into the kernel
             debugger.  As described in securelevel(7), a security level
             greater than 1 blocks modification of this variable.
     DBCTL_RADIX
             Determines  the  default  radix or base for non-prefixed numbers entered
 into ddb(4).  This variable is also  available
as the ddb
             $radix variable.
     DBCTL_TABSTOP
             Width of a tab stop in ddb(4).  This variable is also available
             as the ddb $tabstops variable.
   CTL_DEBUG    [Toc]    [Back]
     The debugging variables vary from system to system.   A  debugging variable
     may  be  added or deleted without need to recompile sysctl()
to know about
     it.  Each time it runs, sysctl() gets the list of  debugging
variables
     from the kernel and displays their current values.  The system defines
     twenty  struct  ctldebug  variables  named  debug0   through
debug19.  They are
     declared as separate variables so that they can be individually initialized
 at the location  of  their  associated  variable.   The
loader prevents
     multiple  use  of  the  same variable by issuing errors if a
variable is initialized
 in more than one place.  For example, to export the
variable
     dospecialcheck as a debugging variable, the following declaration would
     be used:
           int dospecialcheck = 1;
           struct ctldebug debug5 = {  "dospecialcheck",  &dospecialcheck };
   CTL_FS    [Toc]    [Back]
     The  string and integer information available for the CTL_FS
level is detailed
 below.  The changeable column shows whether a process
with appropriate
 privileges may change the value.
           Second level name          Type          Changeable
           FS_POSIX_SETUID            integer       yes
     FS_POSIX_SETUID
             When  this  variable  is set, ownership changes on a
file will cause
             the S_ISUID and S_ISGID bits to be cleared.  As  detailed in
             securelevel(7),  this variable may not be changed if
the securelevel
 is > 0.
   CTL_HW    [Toc]    [Back]
     The string and integer information available for the  CTL_HW
level is detailed
 below.  The changeable column shows whether a process
with appropriate
 privileges may change the value.
           Second level name          Type          Changeable
           HW_BYTEORDER               integer       no
           HW_CPUSPEED                integer       no
           HW_DISKCOUNT               integer       no
           HW_DISKNAMES               string        no
           HW_DISKSTATS               struct        no
           HW_MACHINE                 string        no
           HW_MODEL                   string        no
           HW_NCPU                    integer       no
           HW_PAGESIZE                integer       no
           HW_PHYSMEM                 integer       no
           HW_SENSORS                 struct        no
           HW_SETPERF                 integer       yes
           HW_USERMEM                 integer       no
     HW_BYTEORDER
             The byteorder (4321 or 1234).
     HW_CPUSPEED
             The current CPU frequency (in MHz).
     HW_DISKCOUNT
             The number of disks currently attached to  the  system.
     HW_DISKNAMES
             A comma-separated list of disk names.
     HW_DISKSTATS
             An  array  of struct diskstats structures containing
disk statistics.
     HW_MACHINE
             The machine class.
     HW_MODEL
             The machine model.
     HW_NCPU
             The number of CPUs.
     HW_PAGESIZE
             The software page size.
     HW_PHYSMEM
             The bytes of physical memory.
     HW_SENSORS
             An array of struct sensor structures containing  information from
             the hardware monitoring sensors.
     HW_SETPERF
             Current CPU performance (percentage).
     HW_USERMEM
             The bytes of non-kernel memory.
   CTL_KERN    [Toc]    [Back]
     The   string  and  integer  information  available  for  the
CTL_KERN level is
     detailed below.  The changeable column shows whether a  process with appropriate
 privileges may change the value.  The types of data currently
     available are process information, system vnodes,  the  open
file entries,
     routing table entries, virtual memory statistics, load average history,
     and clock rate information.
           Second       level        name                    Type           KERN_ARGMAX                                    integer
no
           KERN_ARND                                      integer
no
           KERN_BOOTTIME                      struct      timeval
no
           KERN_CCPU                                      integer
no
           KERN_CLOCKRATE                    struct     clockinfo
no
           KERN_CPTIME                            long[CPUSTATES]
no
           KERN_CRYPTODEVALLOWSOFT                        integer
yes
           KERN_DOMAINNAME                                 string
yes
           KERN_EMUL                                         node
not applicable
           KERN_FILE                           struct        file
no
           KERN_FORKSTAT                      struct     forkstat
no
           KERN_FSCALE                                    integer
no
           KERN_FSYNC                                     integer
no
           KERN_HOSTID                                    integer
yes
           KERN_HOSTNAME                                   string
yes
           KERN_INTRCNT                                      node
not applicable
           KERN_JOB_CONTROL                               integer
no
           KERN_MALLOCSTATS                                  node
no
           KERN_MAXCLUSTERS                               integer
yes
           KERN_MAXFILES                                  integer
yes
           KERN_MAXPARTITIONS                             integer
no
           KERN_MAXPROC                                   integer
yes
           KERN_MAXVNODES                                 integer
yes
           KERN_MBSTAT                        struct       mbstat
no
           KERN_MSGBUF                                     char[]
no
           KERN_MSGBUFSIZE                                integer
no
           KERN_NCHSTATS                      struct     nchstats
no
           KERN_NFILES                                    integer
no
           KERN_NGROUPS                                   integer
no
           KERN_NOSUIDCOREDUMP                            integer
yes
           KERN_NPROCS                                    integer
no
           KERN_NSELCOLL                                  integer
no
           KERN_NUMVNODES                                 integer
no
           KERN_OSRELEASE                                  string
no
           KERN_OSREV                                     integer
no
           KERN_OSTYPE                                     string
no
           KERN_OSVERSION                                  string
no
           KERN_POSIX1                                    integer
no
           KERN_PROC                         struct    kinfo_proc
no
           KERN_PROC2                       struct    kinfo_proc2
no
           KERN_PROC_ARGS                                    node
not applicable
           KERN_PROF                                         node
not applicable
           KERN_RAWPARTITION                              integer
no
           KERN_RND                          struct      rndstats
no
           KERN_SAVED_IDS                                 integer
no
           KERN_SECURELVL                                 integer
raise only
           KERN_SEMINFO                                      node
not applicable
           KERN_SHMINFO                                      node
not applicable
           KERN_SOMAXCONN                                 integer
yes
           KERN_SOMINCONN                                 integer
yes
           KERN_SPLASSERT                                     int
yes
           KERN_STACKGAPRANDOM                            integer
yes
           KERN_SYSVIPC_INFO                                 node
not applicable
           KERN_SYSVMSG                                   integer
no
           KERN_SYSVSEM                                   integer
no
           KERN_SYSVSHM                                   integer
no
           KERN_TIMECOUNTER                                  node
not applicable
           KERN_TTY                                          node
not applicable
           KERN_TTYCOUNT                                  integer
no
           KERN_USERASYMCRYPTO                            integer
yes
           KERN_USERCRYPTO                                integer
yes
           KERN_USERMOUNT                                 integer
yes
           KERN_VERSION                                    string
no
           KERN_VNODE                          struct       vnode
no
           KERN_WATCHDOG                                     node
not applicable
     KERN_ARGMAX
             The maximum bytes of argument to exec(3).
     KERN_ARND
             Returns   a   random   integer   from   the   kernel
arc4random() function.
             This  can be useful if /dev/arandom is not available
(see
             random(4)).
     KERN_BOOTTIME
             A struct timeval structure is returned.  This structure contains
             the time that the system was booted.
     KERN_CCPU
             The scheduler exponential decay value.
     KERN_CLOCKRATE
             A  struct  clockinfo  structure  is  returned.  This
structure contains
 the  clock,  statistics  clock  and  profiling
clock frequencies,
  the  number of micro-seconds per hz tick, and
the clock skew
             rate.
     KERN_CPTIME
             An array of longs of  size  CPUSTATES  is  returned,
containing
             statistics  about  the  number of ticks spent by the
system in interrupt
 processing, user processes  (niced  or  normal), system processing,
 or idling.
     KERN_CRYPTODEVALLOWSOFT
             Permits userland to use /dev/crypto even if there is
no hardware
             crypto accelerator in the system.
     KERN_DOMAINNAME
             Get or set the YP domain name.
     KERN_EMUL
             Enable binary emulation.
                   Third level name     Type      Changeable
                   KERN_EMUL_ENABLED    integer   yes
                   KERN_EMUL_NAME       string    no
                   KERN_EMUL_NEMULS     integer   no
             Third  level   names   in   KERN_EMUL   other   than
KERN_EMUL_NEMULS refer
             to  a  specific  emulation  available in the kernel.
Valid values
             range   from   1   to   the    return    value    of
KERN_EMUL_NEMULS.  The fourth
             level  names available are KERN_EMUL_NAME, which returns a string
             with  the  emulation  name,  and  KERN_EMUL_ENABLED,
which is an adjustable
 integer.
             Note that using this interface exposes duplicate entries which
             are consolidated by the userland frontend.
     KERN_FILE
             Return the entire file  table.   The  returned  data
consists of a
             single  struct  filehead  followed  by  an  array of
struct file, whose
             size depends on the current number of  such  objects
in the system.
     KERN_FORKSTAT
             A  struct  forkstat  structure  is  returned.   This
structure contains
             information about the number of  fork(2),  vfork(2),
and rfork(2)
             system  calls  as  well  as  kernel thread creations
since system
             startup, and the number of pages of  virtual  memory
involved in
             each.
     KERN_FSCALE
             The kernel fixed-point scale factor.
     KERN_FSYNC
             Return  1  if  the  File  Synchronisation  Option is
available on this
             system, otherwise 0.
     KERN_HOSTID
             Get or set the host ID.
     KERN_HOSTNAME
             Get or set the hostname.
     KERN_JOB_CONTROL
             Return 1 if job control is available on this system,
otherwise 0.
     KERN_MALLOCSTATS
             Return  kernel  memory bucket statistics.  The third
level names
             are detailed below.  There are no changeable  values
in this
             branch.
                   Third level name                   Type
                   KERN_MALLOC_BUCKET                 node
                   KERN_MALLOC_BUCKETS                string
                   KERN_MALLOC_KMEMNAMES              string
                   KERN_MALLOC_KMEMSTATS              node
             The variables are as follows:
             KERN_MALLOC_BUCKET.<size>
                     A  node  containing  the  statistics for the
memory bucket of
                     the specified size (in decimal notation, the
number of
                     bytes  per  bucket  element,  e.g.,  16, 32,
128).  Each node
                     returns a struct kmembuckets.
                     If a value is specified that does not correspond directly
                     to  a  bucket  size,  the statistics for the
closest larger
                     bucket size will be returned instead.
                     Note that bucket sizes are typically  powers
of 2.
             KERN_MALLOC_BUCKETS
                     Return  a comma-separated list of the bucket
sizes used by
                     the kernel.
             KERN_MALLOC_KMEMNAMES
                     Return a comma-separated list of  the  names
of the kernel
                     malloc(9) types.
             KERN_MALLOC_KMEMSTATS
                     A  node  containing  the  statistics for the
memory types of
                     the specified name.   Each  node  returns  a
struct
                     kmemstats.
     KERN_MAXCLUSTERS
             The  maximum  number of mbuf(9) clusters that may be
allocated.
     KERN_MAXFILES
             The maximum number of open files that may be open in
the system.
     KERN_MAXPARTITIONS
             The maximum number of partitions allowed per disk.
     KERN_MAXPROC
             The  maximum  number  of  simultaneous processes the
system will allow.
     KERN_MAXVNODES
             The maximum number of vnodes available on  the  system.
     KERN_MBSTAT
             A  struct  mbstat  structure is returned, containing
statistics on
             mbuf(9) usage.
     KERN_MSGBUF
             Returns a buffer containing kernel log messages.
     KERN_MSGBUFSIZE
             The size of the kernel message buffer.
     KERN_NCHSTATS
             A  struct  nchstats  structure  is  returned.   This
structure contains
             information  about  the filename to inode(5) mapping
cache.
     KERN_NFILES
             Number of open files.
     KERN_NGROUPS
             The maximum number of supplemental groups.
     KERN_NOSUIDCOREDUMP
             Programs with their set-user-ID  bit  set  will  not
dump core when
             this is set.
     KERN_NPROCS
             The number of entries in the kernel process table.
     KERN_NSELCOLL
             Number of select(2) collisions.
     KERN_NUMVNODES
             Number of vnodes in use.
     KERN_OSRELEASE
             The system release string.
     KERN_OSREV
             The system revision number.
     KERN_OSTYPE
             The system type string.
     KERN_OSVERSION
             The kernel build version.
     KERN_POSIX1
             The  version  of  ISO/IEC  9945  (POSIX 1003.1) with
which the system
             attempts to comply.
     KERN_PROC
             Return the entire process table, or a subset of  it.
An array of
             struct kinfo_proc structures is returned, whose size
depends on
             the current number of such objects  in  the  system.
The third and
             fourth level names are as follows:
                   Third level name          Fourth level is:
                   KERN_PROC_ALL             None
                   KERN_PROC_KTHREAD         A kernel thread
                   KERN_PROC_PID             A process ID
                   KERN_PROC_PGRP            A process group
                   KERN_PROC_RUID            A real user ID
                   KERN_PROC_SESSION         A session PID
                   KERN_PROC_TTY             A tty device
                   KERN_PROC_UID             A user ID
     KERN_PROC2
             Like  KERN_PROC  but  an array of struct kinfo_proc2
structures is
             returned.  The fifth level name is the size  of  the
struct
             kinfo_proc2  and  the sixth level name is the number
of structures
             to return.
     KERN_PROC_ARGS
             Returns the arguments or environment of  a  process.
The third
             level  name  is  the PID of the process.  The fourth
level name is
             one of:
                   KERN_PROC_ARGV
                   KERN_PROC_ENV
                   KERN_PROC_NARGV
                   KERN_PROC_NENV
             KERN_PROC_NARGV and KERN_PROC_NENV return the number
of elements
             in  the  argv  or env array.  KERN_PROC_ARGV returns
the argv array
             and KERN_PROC_ENV returns the environ array.
     KERN_PROF
             Return profiling information about the  kernel.   If
the kernel is
             not compiled for profiling, attempts to retrieve any
of the
             KERN_PROF values will  fail  with  EOPNOTSUPP.   The
third level
             names  for the string and integer profiling information is detailed
 below.  The changeable column shows whether a
process with
             appropriate privileges may change the value.
                   Third        level        name            Type                   GPROF_COUNT                          u_short[]
yes
                   GPROF_FROMS                          u_short[]
yes
                   GPROF_GMONPARAM           struct     gmonparam
no
                   GPROF_STATE                            integer
yes
                   GPROF_TOS                 struct      tostruct
yes
             The variables are as follows:
             GPROF_COUNT
                     Array of statistical program counter counts.
             GPROF_FROMS
                     Array indexed by program  counter  of  callfrom points.
             GPROF_GMONPARAM
                     Structure  giving the sizes of the above arrays.
             GPROF_STATE
                     Returns  GMON_PROF_ON  or  GMON_PROF_OFF  to
show that profiling
 is running or stopped.
             GPROF_TOS
                     Array of struct tostruct describing destination of calls
                     and their counts.
     KERN_RAWPARTITION
             The raw partition of a disk (a == 0).
     KERN_RND
             Returns statistics about the /dev/random device in a
struct
             rndstats structure.
     KERN_SAVED_IDS
             Returns  1 if saved set-group-ID and saved set-userID are available.
     KERN_SECURELVL
             The system security level.  This level may be raised
by processes
             with appropriate privileges.  It may only be lowered
by process
             1.
     KERN_SEMINFO
             Return the elements of struct seminfo.  If the  kernel is not compiled
  with  System  V  style semaphore support, attempts to retrieve
             any of the KERN_SEMINFO values will fail  with  EOPNOTSUPP.  The
             third level names for the elements of struct seminfo
are detailed
             below.  The changeable column shows whether  a  process with appropriate
 privileges may change the value.
                   Third level name       Type       Changeable
                   KERN_SEMINFO_SEMAEM    integer    no
                   KERN_SEMINFO_SEMMNI    integer    yes
                   KERN_SEMINFO_SEMMNS    integer    yes
                   KERN_SEMINFO_SEMMNU    integer    yes
                   KERN_SEMINFO_SEMMSL    integer    yes
                   KERN_SEMINFO_SEMOPM    integer    yes
                   KERN_SEMINFO_SEMUME    integer    no
                   KERN_SEMINFO_SEMUSZ    integer    no
                   KERN_SEMINFO_SEMVMX    integer    no
             The variables are as follows:
             KERN_SEMINFO_SEMAEM
                     The adjust on exit maximum value.
             KERN_SEMINFO_SEMMNI
                     The  maximum number of semaphore identifiers
allowed.
             KERN_SEMINFO_SEMMNS
                     The maximum number of semaphores allowed  in
the system.
             KERN_SEMINFO_SEMMNU
                     The  maximum number of semaphore undo structures allowed
                     in the system.
             KERN_SEMINFO_SEMMSL
                     The maximum number of semaphores allowed per
ID.
             KERN_SEMINFO_SEMOPM
                     The  maximum  number  of  operations per semop(2) call.
             KERN_SEMINFO_SEMUME
                     The maximum number of undo entries per  process.
             KERN_SEMINFO_SEMUSZ
                     The size (in bytes) of the undo structure.
             KERN_SEMINFO_SEMVMX
                     The semaphore maximum value.
     KERN_SHMINFO
             Return  the elements of struct shminfo.  If the kernel is not compiled
 with System V style shared memory support, attempts to retrieve
 any of the KERN_SHMINFO values will fail with
EOPNOTSUPP.
             The third level names for  the  elements  of  struct
shminfo are detailed
 below.  The changeable column shows whether a
process with
             appropriate privileges may change the value.
                   Third level name       Type       Changeable
                   KERN_SHMINFO_SHMALL    integer    yes
                   KERN_SHMINFO_SHMMAX    integer    yes
                   KERN_SHMINFO_SHMMIN    integer    yes
                   KERN_SHMINFO_SHMMNI    integer    yes
                   KERN_SHMINFO_SHMSEG    integer    yes
             The variables are as follows:
             KERN_SHMINFO_SHMALL
                     The maximum amount of  total  shared  memory
allowed in the
                     system (in pages).
             KERN_SHMINFO_SHMMAX
                     The  maximum  shared memory segment size (in
bytes).
             KERN_SHMINFO_SHMMIN
                     The minimum shared memory segment  size  (in
bytes).
             KERN_SHMINFO_SHMMNI
                     The  maximum number of shared memory identifiers in the
                     system.
             KERN_SHMINFO_SHMSEG
                     The maximum number of shared memory segments
per process.
     KERN_SOMAXCONN
             Upper bound on the number of half-open connections a
process can
             allow to be associated with  a  socket,  using  listen(2).  The default
 value is 128.
     KERN_SOMINCONN
             Lower bound on the number of half-open connections a
process can
             allow to be associated with  a  socket,  using  listen(2).  The default
 value is 80.
     KERN_SPLASSERT
             Modify  the  system interrupt priority level.  Valid
values are:
                   0    Disable error checking.
                   1    Print a message if an error is  detected.
                   2     Print a message if an error is detected,
and a stack
                        trace if possible.
                   3    The same as 2, but  also  drop  into  the
kernel debugger.
             Any  other  value  causes  a system panic on errors.
See
             splassert(9) for more information.
     KERN_STACKGAPRANDOM
             Sets the range of the  random  value  added  to  the
stack pointer on
             each  program  execution.  The random value is added
to make buffer
             overflow exploitation slightly harder.   The  bigger
the number,
             the  harder  it is to brute force this added protection, but it also
 means bigger waste of memory.
     KERN_SYSVIPC_INFO
             Return System V style IPC configuration and run-time
information.
             The  third level name selects the System V style IPC
facility.
                   Third level name            Type
                   KERN_SYSVIPC_MSG_INFO                   struct
msg_sysctl_info
                   KERN_SYSVIPC_SEM_INFO                   struct
sem_sysctl_info
                   KERN_SYSVIPC_SHM_INFO                   struct
shm_sysctl_info
             KERN_SYSVIPC_MSG_INFO
                     Return  information  on  the  System V style
message facility.
  The msg_sysctl_info  structure  is  defined in
                     <sys/msg.h>.
             KERN_SYSVIPC_SEM_INFO
                     Return  information  on  the  System V style
semaphore facility.
  The sem_sysctl_info structure  is  defined in
                     <sys/sem.h>.
             KERN_SYSVIPC_SHM_INFO
                     Return  information  on  the  System V style
shared memory
                     facility.  The shm_sysctl_info structure  is
defined in
                     <sys/shm.h>.
     KERN_SYSVMSG
             Returns  1 if System V style message queue functionality is available
 on this system, otherwise 0.
     KERN_SYSVSEM
             Returns 1 if System V style semaphore  functionality
is available
             on this system, otherwise 0.
     KERN_SYSVSHM
             Returns 1 if System V style share memory functionality is available
 on this system, otherwise 0.
     KERN_TIMECOUNTER
             Return statistics information about the kernel  time
counter.  The
             third  level  names  information  is detailed below.
The changeable
             column shows  whether  a  process  with  appropriate
privileges may
             change the value.
                   Third   level   name                      Type                   KERN_TIMECOUNTER_CHOICE                 string
no
                   KERN_TIMECOUNTER_HARDWARE               string
yes
                   KERN_TIMECOUNTER_TICK                  integer
no
                   KERN_TIMECOUNTER_TIMESTEPWARNINGS      integer
no
             The variables are as follows:
             KERN_TIMECOUNTER_CHOICE
                     Get the list of kernel time counter  sources
and their
                     claimed quality (higher is better).
             KERN_TIMECOUNTER_HARDWARE
                     Get or set the kernel time counter source by
name.
             KERN_TIMECOUNTER_TICK
                     Get the number of times we  have  reset  the
kernel time
                     counter information.
             KERN_TIMECOUNTER_TIMESTEPWARNINGS
                     Get  or set a flag to log a message when the
kernel time
                     is stepped.
     KERN_TTY
             Return statistics information about  tty  input/output.  The third
             level  names  information  is  detailed  below.  The
changeable column
             shows whether a process with appropriate  privileges
may change
             the value.
                   Third level name       Type         Changeable
                   KERN_TTY_INFO          struct itty  no
                   KERN_TTY_NPTYS         integer      no
                   KERN_TTY_MAXPTYS       integer      yes
                   KERN_TTY_TKCANCC       int64_t      no
                   KERN_TTY_TKNIN         int64_t      no
                   KERN_TTY_TKNOUT        int64_t      no
                   KERN_TTY_TKRAWCC       int64_t      no
             The variables are as follows:
             KERN_TTY_INFO
                     Returns an array of struct  itty  structures
containing tty
                     statistics.
             KERN_TTY_MAXPTYS
                     The  maximum  number  of pty(4) devices supported by the
                     kernel.   This  is  the   upper   bound   on
KERN_TTY_NPTYS.
             KERN_TTY_NPTYS
                     The  current  number of pty(4) devices allocated by the
                     kernel.
             KERN_TTY_TKCANCC
                     Returns the number of  input  characters  in
canonical mode.
             KERN_TTY_TKNIN
                     Returns  the number of input characters from
a tty(4).
             KERN_TTY_TKNOUT
                     Returns the number of output characters on a
tty(4).
             KERN_TTY_TKRAWCC
                     Returns  the  number  of input characters in
raw mode.
     KERN_TTYCOUNT
             Number of available tty(4) devices.
     KERN_USERASYMCRYPTO
             Permits userland to use /dev/crypto for cryptographic support for
             asymmetric  (public)  key  operations  via  hardware
cryptographic devices.
  kern.usercrypto must also be set.
     KERN_USERCRYPTO
             Permits userland to use /dev/crypto for cryptographic support via
             hardware cryptographic devices.
     KERN_USERMOUNT
             Return  non-zero if regular users can issue mount(2)
requests.
             The default value is 0.
     KERN_VERSION
             The system version string.
     KERN_VNODE
             Return the entire  vnode  table.   Note,  the  vnode
table is not necessarily
  a  consistent snapshot of the system.  The
returned data
             consists of an array whose size depends on the  current number of
             such objects in the system.  Each element of the array contains
             the kernel address of a vnode struct  vnode  *  followed by the vnode
 itself struct vnode.
     KERN_WATCHDOG
             If  the  kernel does not support a hardware watchdog
timer, attempts
 to retrieve or set any of  the  KERN_WATCHDOG
values will
             fail with EOPNOTSUPP.
                   Third level name        Type       Changeable
                   KERN_WATCHDOG_AUTO      integer    yes
                   KERN_WATCHDOG_PERIOD    integer    yes
             The variables are as follows:
             KERN_WATCHDOG_AUTO
                     If set to 1, the kernel refreshes the watchdog timer periodically.
  If set to 0, a userland process
must ensure
                     that  the  watchdog  timer gets refreshed by
setting the
                     KERN_WATCHDOG_PERIOD variable.
             KERN_WATCHDOG_PERIOD
                     The period of the watchdog timer in seconds.
Set to 0 to
                     disable the watchdog timer.
   CTL_MACHDEP    [Toc]    [Back]
     The  set  of  variables  defined  is architecture dependent.
Most architectures
 define at least the following variables.
           Second level name    Type          Changeable
           CPU_CONSDEV          dev_t         no
   CTL_NET    [Toc]    [Back]
     The string and integer information available for the CTL_NET
level is detailed
 below.  The changeable column shows whether a process
with appropriate
 privileges may change the value.
           Second        level         name                  Type           PF_ROUTE                   routing messages       no
           PF_INET                    IPv4 values            yes
           PF_INET6                   IPv6 values            yes
     PF_ROUTE
             Return  the  entire routing table or a subset of it.
The data is
             returned as a  sequence  of  routing  messages  (see
route(4) for the
             header  file,  format,  and meaning).  The length of
each message is
             contained in the message header.
             The third level name is a protocol number, which  is
currently always
 0.  The fourth level name is an address family,
which may be
             set to 0 to select all address families.  The  fifth
and sixth
             level names are as follows:
                   Fifth level name          Sixth level is:
                   NET_RT_DUMP               None
                   NET_RT_FLAGS              rtflags
                   NET_RT_IFLIST             None
     PF_INET
             Get  or  set  various  global information about IPv4
(Internet
             Protocol version 4).  The third level  name  is  the
protocol.  The
             fourth  level  name  is the variable name.  The currently defined
             protocols and names are:
                   Protocol  name     Variable  name         Type                   ah                enable               integer
yes
                   bpf              bufsize               integer
yes
                   bpf               maxbufsize           integer
yes
                   carp             allow                 integer
yes
                   carp              arpbalance           integer
yes
                   carp             log                   integer
yes
                   carp              preempt              integer
yes
                   esp              enable                integer
yes
                   esp               udpencap             integer
yes
                   esp              udpencap_port         integer
yes
                   etherip           allow                integer
yes
                   gre              allow                 integer
yes
                   gre               wccp                 integer
yes
                   icmp             bmcastecho            integer
yes
                   icmp              errppslimit          integer
yes
                   icmp             maskrepl              integer
yes
                   icmp              rediraccept          integer
yes
                   icmp             redirtimeout          integer
yes
                   icmp              tstamprepl           integer
yes
                   ip               directed-broadcast    integer
yes
                   ip                encdebug             integer
yes
                   ip               forwarding            integer
yes
                   ip                ipsec-allocs         integer
yes
                   ip                ipsec-auth-alg        string
yes
                   ip                ipsec-bytes          integer
yes
                   ip                ipsec-comp-alg        string
yes
                   ip                ipsec-enc-alg         string
yes
                   ip               ipsec-expire-acquire  integer
yes
                   ip                ipsec-firstuse       integer
yes
                   ip               ipsec-invalid-life    integer
yes
                   ip                ipsec-pfs            integer
yes
                   ip               ipsec-soft-allocs     integer
yes
                   ip                ipsec-soft-bytes     integer
yes
                   ip               ipsec-soft-firstuse   integer
yes
                   ip                ipsec-soft-timeout   integer
yes
                   ip               ipsec-timeout         integer
yes
                   ip                maxqueue             integer
yes
                   ip               mtudisc               integer
yes
                   ip                mtudisctimeout       integer
yes
                   ip               portfirst             integer
yes
                   ip                porthifirst          integer
yes
                   ip               porthilast            integer
yes
                   ip                portlast             integer
yes
                   ip               redirect              integer
yes
                   ip                sourceroute          integer
yes
                   ip               ttl                   integer
yes
                   ipcomp            enable               integer
yes
                   ipip             allow                 integer
yes
                   mobileip          allow                integer
yes
                   tcp              ackonpush             integer
yes
                   tcp                baddynamic            array
yes
                   tcp              ecn                   integer
yes
                   tcp               ident                 structure  no
                   tcp              keepidle              integer
yes
                   tcp               keepinittime         integer
yes
                   tcp              keepintvl             integer
yes
                   tcp               mssdflt              integer
yes
                   tcp              reasslimit            integer
yes
                   tcp               recvspace            integer
yes
                   tcp              rfc1323               integer
yes
                   tcp               rfc3390              integer
yes
                   tcp              rstppslimit           integer
yes
                   tcp               sack                 integer
yes
                   tcp              sendspace             integer
yes
                   tcp               slowhz               integer
no
                   tcp              synbucketlimit        integer
yes
                   tcp               syncachelimit        integer
yes
                   udp               baddynamic             array
yes
                   udp               checksum             integer
yes
                   udp              recvspace             integer
yes
                   udp               sendspace            integer
yes
             The variables are as follows:
             ah.enable
                     If set to 1,  enable  Authentication  Header
(AH) IPsec protocol.
   Enabled  by  default.  See ipsec(4)
for more information.
             bpf.bufsize
                     The initial size of BPF buffers.
             bpf.maxbufsize
                     The maximum size a user may  request  a  BPF
buffer to be.
             carp.allow
                     If  set to 0, incoming CARP packets will not
be processed.
                     If set to any other value,  processing  will
occur.  Enabled
 by default.
             carp.arpbalance
                     If  set  to  any value other than 0, the ARP
balancing functionality
 in carp is enabled.  When ARP  requests are received
  for  an  IP address which is part of
any virtual
                     host, carp will hash the source  IP  in  the
ARP request to
                     select one of the virtual hosts from the set
of all the
                     virtual hosts which have  that  IP  address.
The master of
                     that host will respond with the correct virtual MAC address.
  Disabled by default.
             carp.log
                     If set to any value other  than  0,  carp(4)
will log errors.
  Disabled by default.
             carp.preempt
                     If set to 0, carp(4) will not attempt to become master if
                     it is receiving advertisements from  another
active master.
   If  set to any other value, carp will
become master
                     of the virtual host if it  believes  it  can
send advertisements
  more frequently than the current master.  Disabled
                     by default.
             esp.enable
                     If set to 1, enable  Encapsulating  Security
Payload (ESP)
                     IPsec  protocol.   Enabled  by default.  See
ipsec(4) for
                     more information.
             esp.udpencap
                     If set to 1, enable processing of UDP encapsulated ESP
                     packets.  Disabled by default.
             esp.udpencap_port
                     Contains  the  value  of  the  UDP port that
triggers decapsulation
 for  incoming  UDP  encapsulated  ESP
packets.  The
                     default port is 4500.
             etherip.allow
                     If set to 0, incoming Ethernet-in-IPv4 packets will not
                     be processed.  If set to  any  other  value,
processing will
                     occur.
             gre.allow
                     If  set  to 0, incoming GRE packets will not
be processed.
                     If set to any other value,  processing  will
occur.
             gre.wccp
                     If set to 0, incoming WCCPv1-style GRE packets will not
                     be processed.  If set to  any  other  value,
and gre.allow
                     allows  GRE  packet processing, WCCPv1-style
GRE packets
                     will be processed.
             icmp.bmcastecho
                     If set to 1, respond to ICMP  echo  requests
destined for
                     broadcast  and  multicast  addresses.  Note,
enabling this
                     could open a system to a type of  denial  of
service attack
                     called  "smurfing", and is thus not advised.
             icmp.errppslimit
                     This variable specifies the  maximum  number
of outgoing
                     ICMP  error messages per second.  ICMP error
messages that
                     exceeded the value are subject to rate limitation and
                     will  not  go out from the node.  A negative
value disables
                     rate limitation.
             icmp.maskrepl
                     Returns 1 if ICMP network mask requests  are
to be answered.
             icmp.rediraccept
                     If  set  to  non-zero,  the host will accept
ICMP redirect
                     packets.  Note that routers will  never  accept ICMP redirect
 packets, and the variable is meaningful
on IP hosts
                     only.
             icmp.redirtimeout
                     This  variable  specifies  the  lifetime  of
routing entries
                     generated  by  incoming  ICMP redirect.  The
default timeout
                     is 10 minutes.
             icmp.tstamprepl
                     If set to 1, reply  to  ICMP  timestamp  requests.  If set to
                     0, ignore timestamp requests.
             ip.directed-broadcast
                     Returns  1 if directed broadcast behavior is
enabled for
                     the host.
             ip.encdebug
                     Returns 1 when error  message  reporting  is
enabled for the
                     host.   If the kernel has been compiled with
the ENCDEBUG
                     option, then debugging information will also
be reported
                     when this variable is set.
             ip.forwarding
                     Returns  1 when IP forwarding is enabled for
the host, indicating
 the host is acting as a router.
             ip.ipsec-allocs
                     The number of IPsec flows that can use a security association
  before  it  expires.   If set to less
than or equal to
                     zero, the security association will not  expire because of
                     this counter.  The default value is 0.
             ip.ipsec-auth-alg
                     This is the default authentication algorithm
the kernel
                     will instruct key management daemons to  negotiate when
                     establishing security associations on behalf
of the kernel.
  Such security associations  can  occur
as a result of
                     a  process  having  requested  some security
level through
                     setsockopt(2), or as  a  result  of  dynamic
vpn(8) entries.
                     Supported  values  are  hmac-md5, hmac-sha1,
and hmacripemd160.
  If set to any other value, it is
left to the
                     key  management daemons to select an authentication algorithm
 for the security association.  The default value is
                     hmac-sha1.
             ip.ipsec-bytes
                     The  number  of bytes that will be processed
by a security
                     association before it expires.   If  set  to
less than or
                     equal to zero, the security association will
not expire
                     because of this counter.  The default  value
is 0.
             ip.ipsec-comp-alg
                     The  compression algorithm to use with an IP
Compression
                     Association  (IPCA).   Possible  values  are
``deflate'' and
                     ``lzs''.   Note  that  lzs is only available
with hifn(4).
                     See ipsecadm(8) for more information.
             ip.ipsec-enc-alg
                     This is the default encryption algorithm the
kernel will
                     instruct key management daemons to negotiate
when establishing
 security associations on  behalf  of
the kernel.
                     Such  security  associations  can occur as a
result of a
                     process having requested some security level
through
                     setsockopt(2),  or  as  a  result of dynamic
vpn(8) entries.
                     Supported values are aes, des,  3des,  blowfish, cast128,
                     and skipjack.  If set to any other value, it
is left to
                     the key management daemons to select an  encryption algorithm
 for the security association.  The default value is
                     aes.
             ip.ipsec-expire-acquire
                     How long should the kernel allow key management to dynamically
 acquire security associations, before
re-sending a
                     request.  The default value is 30 seconds.
             ip.ipsec-firstuse
                     The number of seconds after a security association is
                     first  used  before  it  expires.  If set to
less than or
                     equal to zero, the security association will
not expire
                     because of this timer.  The default value is
7200 seconds.
             ip.ipsec-invalid-life
                     The lifetime of embryonic Security  Associations (SAs that
                     key management daemons have reserved but not
fully established
 yet) in seconds.  If set to less than
or equal to
                     zero,  embryonic  SAs  will not expire.  The
default value
                     is 60.
             ip.ipsec-pfs
                     If set to any  non-zero  value,  the  kernel
will ask the key
                     management  daemons  to  use Perfect Forward
Secrecy when
                     establishing  IPsec  Security  Associations.
Perfect Forward
  Secrecy  makes IPsec Security Associations cryptographically
 distinct from each  other,  such
that breaking
                     the  key for one such SA does not compromise
any others.
                     Requiring PFS for every security association
significantly
   increases  the  computational  load  of
isakmpd(8) exchanges.
  The default value is 1.
             ip.ipsec-soft-allocs
                     The number of IPsec flows that can use a security association
 before a message is sent by the kernel
to key management
 for renegotiation  of  the  security
association.
                     If  set  to  less  than or equal to zero, no
message is sent
                     to key management.  The default value is  0.
             ip.ipsec-soft-bytes
                     The  number  of bytes that will be processed
by a security
                     association before a message is sent by  the
kernel to key
                     management for renegotiation of the security
association.
                     If set to less than or  equal  to  zero,  no
message is sent
                     to  key management.  The default value is 0.
             ip.ipsec-soft-firstuse
                     The number of seconds after a security association is
                     first  used  before a message is sent by the
kernel to key
                     management for renegotiation of the security
association.
                     If  set  to  less  than or equal to zero, no
message is sent
                     to key management.   The  default  value  is
3600 seconds.
             ip.ipsec-soft-timeout
                     The number of seconds after a security association is established
 before a message is  sent  by  the
kernel to key
                     management for renegotiation of the security
association.
                     If set to less than or  equal  to  zero,  no
message is sent
                     to  key  management.   The  default value is
80000 seconds.
             ip.ipsec-timeout
                     The number of seconds after a security association is established
  before it will expire.  If set to
less than or
                     equal to zero, the security association will
not expire
                     because of this timer.  The default value is
86400 seconds.
             ip.maxqueue
                     Fragment flood protection.  Sets the maximum
number of
                     unassembled  IP  fragments  in  the fragment
queue.
             ip.mtudisc
                     Returns 1 if Path MTU Discovery is  enabled.
             ip.mtudisctimeout
                     Returns  the  number  of  seconds in which a
route added by
                     the Path MTU Discovery engine will time out.
When the
                     route  times out, the Path MTU Discovery engine will attempt
 to probe a larger path MTU.
             ip.portfirst
                     Minimum registered port number  for  TCP/UDP
port allocation.
  Registered ports can be used by ordinary user processes
  or  programs  executed  by  ordinary
users.  Cannot be
                     less  than 1024 or greater than 49151.  Must
be less than
                     ip.portlast.
             ip.porthifirst
                     Minimum  dynamic/private  port  number   for
TCP/UDP port allocation.
  Dynamic/private ports can be used
by ordinary
                     user processes or programs executed by ordinary users.
                     Cannot  be  less  than 49152 or greater than
65535.  Must be
                     less than ip.porthilast.
             ip.porthilast
                     Maximum  dynamic/private  port  number   for
TCP/UDP port allocation.
  Dynamic/private ports can be used
by ordinary
                     user processes or programs executed by ordinary users.
                     Cannot  be  less  than 49152 or greater than
65535.  Must be
                     greater than ip.porthifirst.
             ip.portlast
                     Maximum registered port number  for  TCP/UDP
port allocation.
  Registered ports can be used by ordinary user processes
  or  programs  executed  by  ordinary
users.  Cannot be
                     less  than 1024 or greater than 49151.  Must
be greater
                     than ip.portfirst.
             ip.redirect
                     Returns 1 when ICMP redirects may be sent by
the host.
                     This  option  is  ignored unless the host is
routing IP
                     packets, and should normally be  enabled  on
all systems.
             ip.sourceroute
                     Returns  1  when forwarding of source-routed
packets is enabled
 for the  host.   As  detailed  in  securelevel(7), this
                     variable  may  not  be  changed  if  the securelevel is > 0.
             ip.ttl  The maximum time-to-live (hop  count)  value
for an IP
                     packet  sourced  by  the system.  This value
applies to normal
 transport protocols, not to ICMP.
             ipcomp.enable
                     Enable the IPComp protocol.  See ipsecadm(8)
for more information.
             ipip.allow
                     If  set to 0, incoming IP-in-IP packets will
not be processed.
  If set to any other value, processing will occur;
 furthermore, if set to 2, no checks for
spoofing of
                     loopback addresses will be  done.   This  is
useful only for
                     debugging purposes, and should never be used
in production
 systems.
             mobileip.allow
                     If set to 0, incoming MobileIP  encapsulated
packets (RFC
                     2004)  will not be processed.  If set to any
other value,
                     processing will occur.
             tcp.ackonpush
                     Returns 1 if tcp segments with  the  TH_PUSH
set are being
                     acknowledged immediately, otherwise 0.
             tcp.baddynamic
                     An array of in_port_t is returned specifying
the bitmask
                     of TCP ports between 512 and 1023  inclusive
that should
                     not  be  allocated dynamically by the kernel
(i.e., they
                     must be bound specifically by port  number).
             tcp.ecn
                     Returns  1  if Explicit Congestion Notifications for TCP
                     are enabled.
             tcp.ident
                     A structure struct tcp_ident_mapping  specifying a local
                     and  foreign  endpoint  of  a  TCP socket is
filled in with
                     the euid and ruid of the process  that  owns
the socket.
                     If  no such socket exists, then the euid and
ruid values
                     are both set to -1.
             tcp.keepidle
                     If the socket option SO_KEEPALIVE  has  been
set, time a
                     connection   needs   to   be   idle   before
keepalives are sent.
                     See also tcp.slowhz.
             tcp.keepinittime
                     Unused.
             tcp.keepintvl
                     Time after a keepalive probe is sent  until,
in the absence
  of  a
 |