Date: Thu, 22 Jan 2004 02:47:29 -0500 From: Tom Rhodes <trhodes@FreeBSD.org> To: FreeBSD-doc@FreeBSD.org Subject: RFC: Automated process for documenting tunables/variables. Message-ID: <20040122024729.2944fada@localhost>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Greetings,
About three weeks ago Marc Silver kicked me in the butt to start
working on this project again. First off, I did not drop the front
page; only working on that and other projects at the same time.
But anyway, onward to the subject at hand. Enclosed in this email
is three files: run.sh, the main file which builds the manual page;
sysctl.sh, the file that sets up the structure of the tunables
section in our manual page; and tunables.mdoc, a list of all the
tunables that I threw together along with documentation that
is more user-friendly than the sysctl -d output.
This was designed to mainly work with a make universe, using nm(1)
to parse the LINT kernels and grab all the tunables from them. If
you don't wish to run make universe, don't worry. The -installed
option will parse the installed kernel in /boot/kernel.
As it stands now, a default manual page will be committed with
the work we have done. The tunables/sysctls without descriptions
and which I cannot find documentation for will be left blank in
hopes that someone can document it or submit documentation to
me. I will then update the manual page(s) once a month/bi-monthly
or before a release is cut.
We also support multi-architecture LINT kernels using the nm(1)
built for that architecture. David O'Brien informed me that
the nm(1) does not like working on different architectures than
it was built for, thanks David.
There are some Caveats to this method:
We are using hard coded paths in the script in place of detecting
them.
I'm not sure how it could be integrated with or why it should be
integrated with a buildworld.
On a slow machine the make universe target could take hours, an
overnight project for some machines.
Duplication of documentation may occur, i'm unsure of how to
handle this other than just adding either an Xref from the generated
manual page or the ones that tunables are documented in. Special
cases given to manual pages like security(7).
Some duplication cannot be avoided as we have tunables/sysctls which
can go in rc.conf, sysctl.conf, and passed on the command line. There
is already duplication there and it isn't my job to redesign that part
of FreeBSD. :)
Positives:
A central manual page for all architectures which hold many of the
tunable options FreeBSD has.
We avoid making substantial changes to sysctl(8) and the build in
general by not adding the extra C macros that the original idea
offered.
Users are more happy because we have (hopefully) good documentation
in place on hacks that are either undocumented or have difficult
to comprehend documentation provided by sysctl -d.
We aren't adding line upon line of documentation in source files.
Bruce Evans will be happy that no mdoc(7) exists in source files,
which is a style violation. (This is just a little inside joke between
him and I.)
Apologies in advance for the length of this email, mistakes i've
made in this implementation, and the lack of a README or Makefile. :)
Thank you in advance for comments/suggestions.
--
Tom Rhodes
[-- Attachment #2 --]
#!/bin/sh
#
# $Pittgoth: projects/scripts/doctune/run.sh,v 1.21 2004/01/22 07:30:06 darklogik Exp $
# $FreeBSD$
#
#################################################################
# Missing Features:
# It would be nice to have OIDs separated into composite groups
# using the subsection mdoc(7) feature (.Ss) without adding extra
# files.
#
# The ability to notice when new OIDs are added to FreeBSD, and
# and the automation of their sorting and addition into the
# tunables.mdoc file.
#
# Perhaps a re-implementation in C? This wouldn't be much of
# a challenge for the right individual but it may require a lot
# of changes to sysctl.h.
#################################################################
# Set our path up.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
# We need a usage statement correct?
USAGE="Usage: run.sh -[all|alpha|clean|i386|ia64|installed|pc98|sparc64]"
# The endman function closes the list and adds the bottom
# part of our manual page.
endman() {
cat <<EOF>> ./tunables.8
.El
.Sh IMPLEMENTATION NOTES
Much, if not all of this manual page has been generated by
a simple script written in
.Xr sh 1
which generates the
.Xr mdoc 7
markup.
For information on
.Xr sysctl 8
implementation notes, see the respecting manual pages.
.Sh SEE ALSO
.Xr loader.conf 5 ,
.Xr sysctl.conf 5 ,
.Xr boot 8 ,
.Xr loader 8 ,
.Xr sysctl 8 ,
.Xr sysctl_add_oid 9 ,
.Xr sysctl_ctx_init 9
.Sh AUTHORS
This manual page automatically generated once a month
by a script written by
.An -nosplit
.An Tom Rhodes Aq trhodes@FreeBSD.org ,
with significant contributions from
.An Giorgos Keramidas Aq keramida@FreeBSD.org ,
.An Ruslan Ermilov Aq ru@FreeBSD.org ,
and
.An Marc Silver Aq marcs@draenor.org .
.Sh BUGS
Sometimes
.Fx
.Nm
can be left undocumented by the individuals who originally
implemented them;
thus this script was forged as a way to automatically
produce a manual page to aid in the administration and
configuration of a
.Fx
system.
EOF
}
# The markup_create() function builds the actual
# markup file to be dropped into. In essence,
# compare our list of tunables with the documented
# tunables in our tunables.mdoc file and generate
# the final 'inner circle' of our manual page.
markup_create() {
sort < _names | \
xargs -n 1 /bin/sh ./sysctl.sh \
> markup.file \
2> tunables.TODO
rm _names
}
# Finally, the following lines will call our functions and
# and create our document using the following function:
page_create() {
startman
/bin/cat ./markup.file >> tunables.8
endman
}
# The startman function creates the initial mdoc(7) formatted
# manual page. This is required before we populate it with
# tunables both loader and sysctl(8) oids.
startman() {
cat <<EOF>> ./tunables.8
.\"
.\" Copyright (c) 2003 Tom Rhodes
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"
.Dd January 05, 2004
.Dt TUNABLES 8
.Os
.Sh NAME
.Nm tunables
.Nd list of system tunables
.Sh DESCRIPTION
.Fx
supports kernel alterations on the fly or at
system initialization by using a feature
known as the
.Dq Management Information Base
or
.Dq MIBs
for short.
.Pp
The
.Fx
kernel environment is initialized from the
.Xr loader 8
variables, and can later be viewed and modified with the
.Xr kenv 1
utility.
Some of
these variables allow an administrator to
.Dq tune
some aspect of system's
behavior at startup, hence
.Dq tunables .
Most tunables
have corresponding sysctls.
While some sysctls may be used
to alter the system behavior on-the-fly,
some aspects of the
system, for example the size of some critical buffers,
may be changed
only at the system initialization time, hence the
need for tunables.
.Pp
When the need to alter a read-only variable
arises, they can be added to the
.Xr loader.conf 5
configuration file.
For more information on how this file is structured,
see the manual page.
.Pp
Furthermore, changes to certain
.Nm
can be made by using
.Pa /etc/rc.conf ,
as many
.Nm
are set during the boot stage while reading values from this file.
See
.Xr rc.conf 5
for more information.
.Pp
The
.Nm
supported by
.Xr sysctl 8
are:
.Pp
.Bl -ohang -offset indent
EOF
}
# Case the architecture and generate a _names file based
# on ${MACHINE_ARCH} in the Makefile. We get most of the
# tunables by running nm(1) through the built kernel and
# modules. Thus our downfall is that we expect the user
# to have ran a 'make universe' first. Users can still
# generate a tunables.8 manual page for a different CPU
# architecture by calling run.sh directly.
#
# The for statement will ensure that we only work with the
# kernel and its modules.
#
# All of the kernels/worlds from 'make universe' get a special
# ${ARCH} directory. The default one doesn't. Since I guess
# Maintainership belongs to me, ignore the ${ARCH} directory
# for i386 cases as it won't be there on my p4 machine.
#
# The nm(1) utility must only be used on the architecture which
# we build it for. Although i386 and pc98 are so similar we can
# use the i386 version for both.
case "$1" in
-all)
sh ./run.sh -alpha && sh ./run.sh -i386 && sh ./run.sh -ia64 && \
sh ./run.sh -installed && sh ./run.sh -pc98 && \
sh ./run.sh -sparc64 && echo "Manual pages built for all \
architectures." ;;
-alpha)
for x in `find /usr/obj/alpha/usr/src/sys/LINT -name '*.kld'` \
/usr/obj/alpha/usr/src/sys/LINT/kernel;
do /usr/obj/alpha/usr/src/i386/usr/bin/nm \
$x | grep ' sysctl___' | uniq | \
sed 's/sysctl___//g' | sed 's/_/./g' | \
awk {'print $3'} > _names;
done;
markup_create
page_create
mv ./tunables.8 alpha_tunables.8 ;;
-clean)
rm tunables.TODO markup.file tunables.8 _names \
alpha_tunables.8 i386_tunables.8 ia64_tunables.8 \
installed_tunables.8 pc98_tunables.8 sparc64_tunables.8 \
2> /dev/null;
exit 0 ;;
-i386)
for x in `find /usr/obj/usr/src/sys/LINT -name '*.kld'` \
/usr/obj/usr/src/sys/LINT/kernel;
do nm $x | grep ' sysctl___' | uniq | \
sed 's/sysctl___//g' | sed 's/_/./g' | \
awk {'print $3'} > _names;
done;
markup_create
page_create
mv ./tunables.8 i386_tunables.8 ;;
-ia64)
for x in `find /usr/obj/ia64/usr/src/sys/LINT -name '*.kld'` \
/usr/obj/ia64/usr/src/sys/LINT/kernel;
do /usr/obj/ia64/usr/src/i386/usr/bin/nm $x | \
grep ' sysctl___' | uniq | \
sed 's/sysctl___//g' | sed 's/_/./g' | \
awk {'print $3'} > _names;
done;
markup_create
page_create
mv ./tunables.8 ia64_tunables.8 ;;
-installed)
for x in /boot/kernel/*.ko /boot/kernel/kernel;
do nm $x | grep ' sysctl___' | uniq | \
sed 's/sysctl___//g' | sed 's/_/./g' | \
awk {'print $3'} > _names;
done;
markup_create
page_create
mv ./tunables.8 installed_tunables.8 ;;
-pc98)
for x in `find /usr/obj/pc98/usr/src/sys/LINT -name '*.kld'` \
/usr/obj/pc98/usr/src/sys/LINT/kernel;
do nm $x | grep ' sysctl___' | uniq | \
sed 's/sysctl___//g' | sed 's/_/./g' | \
awk {'print $3'} > _names;
done;
markup_create
page_create
mv ./tunables.8 pc98_tunables.8 ;;
-sparc64)
for x in `find /usr/obj/sparc64/usr/src/sys/LINT -name '*.kld'` \
/usr/obj/sparc64/usr/src/sys/LINT/kernel;
do /usr/obj/sparc64/usr/src/i386/usr/bin/nm $x | \
grep ' sysctl___' | uniq | \
sed 's/sysctl___//g' | sed 's/_/./g' | \
awk {'print $3'} > _names;
done;
markup_create
page_create
mv ./tunables.8 sparc64_tunables.8 ;;
*) echo "$USAGE"
exit 0 ;;
esac
[-- Attachment #3 --]
#!/bin/sh
#
# $Pittgoth: projects/scripts/doctune/sysctl.sh,v 1.7 2004/01/20 08:18:36 darklogik Exp $
# $FreeBSD$
#
# For each sysctl, repeat:
# if it has a short description
# sysctl.sh name "descr"
# else
# write its name to tunables.TODO with 'name missing description'
#
name="$1"
if [ X"${name}" = X"" ]; then
echo "usage: $(basename $0) sysctl-name" >&2
exit 1
fi
# Look up $name in tunables.mdoc
< tunables.mdoc \
sed -ne "/^${name}[[:space:]]*$/,/^---[[:space:]]*$/p" | \
sed -e '/^---[[:space:]]*$/d' | \
{ \
read tmpname _junk; \
if [ X"${tmpname}" = X"" ]; then \
exit 0; \
fi ; \
read type value _junk; \
unset _junk; \
if [ X"${type}" = X"" ]; then \
echo "" >&2 ; \
echo "ERROR: Missing type for ${name}" >&2 ; \
fi ; \
if [ X"${value}" = X"" ]; then \
echo "" >&2 ; \
echo "ERROR: Missing default for ${name}" >&2 ; \
fi ; \
\
echo ".It Va ${tmpname}" ; \
echo ".Pq Vt ${type}" ; \
grep -v '^[[:space:]]*$' | \
sed -e "s/@default@/${value}/g" | \
sed -e "s/@type@/${type}/g" ; \
}
[-- Attachment #4 --]
# $FreeBSD$
# $Pittgoth: projects/scripts/doctune/tunables.mdoc,v 1.11 2004/01/20 07:07:24 marcs Exp $
---
debug.disablecwd
bool
Determines whether or not the
.Xr getwcd 3
syscall should be allowed.
.Pp
---
debug.disablefullpath
---
debug.dobkgrdwrite
bool
Determines if background writes should be performed.
.Pp
---
debug.hashstat.nchash
---
debug.hashstat.rawnchash
---
debug.ieee80211
bool
This
.Nm
allows you to enable or disable debugging for 802.11 devices.
.Pp
---
debug.malloc.failure_count
bool
Number of times a coerced malloc failure has occurred as a
result of debug.malloc.failure_rate.
Useful for tracking what might have happened
and whether failures are being generated.
.Pp
---
debug.malloc.failure_rate
bool
Debugging feature causing M_NOWAIT allocations to fail at
a specified rate.
How often to generate a failure: if set to 0 (default), this
feature is disabled.
In other words if set to 10 (one in ten mallocs fails).
.Pp
---
debug.rman_debug
bool
This
.Nm
allows you to enable or disable debugging for
.Xr rman 9 ,
the FreeBSD resource manager.
.Pp
---
debug.sizeof.bio
---
debug.sizeof.buf
---
debug.sizeof.cdev
---
debug.sizeof.devstat
---
debug.sizeof.kinfo_proc
---
debug.sizeof.proc
---
debug.sizeof.vnode
---
debug.vnlru_nowhere
---
hw.acpi.cpu.current_speed
bool
Display the current CPU speed.
This is adjustable, but doing so is highly unrecommended.
.Pp
---
hw.acpi.cpu.max_speed
int
Allows you to change the stepping for processor speed
on machines which support
.Xr acpi 4 .
.Pp
---
hw.acpi.disable_on_poweroff
bool
Some systems using
.Xr acpi 4
have problems powering off when shutting down with
.Xr acpi 4
enabled. This
.Nm
disables
.Xr acpi 4
when rebooting and shutting down.
.Pp
---
hw.acpi.s4bios
bool
This
.Nm
determines whether or not the S4BIOS sleep implementation
should be used.
.Pp
---
hw.acpi.sleep_delay
int
Set the sleep delay for
.Xr acpi 4 .
.Pp
---
hw.acpi.supported_sleep_state
bool
List supported
.Tn ACPI
sleep states
.Pp
---
hw.acpi.thermal.min_runtime
---
hw.acpi.thermal.polling_rate
int
The interval (in seconds) that should be used to check
the current system temperature.
.Pp
---
hw.acpi.thermal.tz0.temperature
str
Displays the current temperature. This is a read-only
variable.
.Pp
---
hw.acpi.thermal.tz0.thermal_flags
---
hw.acpi.verbose
bool
Determines whether or not
.Xr acpi 4
should be verbose.
.Pp
---
hw.ata.ata_dma
bool
Allows the enabling and disabling of DMA for
ATA devices.
.Pp
---
hw.ata.atapi_dma
bool
Allows the enabling and disabling of DMA for
atapi devices, such as CD-ROM drives.
.Pp
---
hw.ata.tags
---
hw.ata.wc
---
hw.bus.devctl_disable
---
hw.bus.devices
---
hw.bus.info
---
hw.bus.rman
---
hw.byteorder
---
hw.cardbus.cis_debug
---
hw.cardbus.debug
---
hw.cbb.debug
---
hw.cbb.start_16_io
---
hw.cbb.start_32_io
---
hw.cbb.start_memory
---
hw.floatingpoint
bool
Reports true if the machine has a floating point processor.
This is a read-only variable.
.Pp
---
hw.fxp0.bundle_max
int
Controls the receive interrupt microcode bundle size limit
for the
.Xr fxp 4
device.
.Pp
---
hw.fxp0.int_delay
int
Controls the receive interrupt microcode bundling delay
for the
.Xr fxp 4
device.
.Pp
---
hw.fxp_noflow
bool
Disables flow control support on
.Xr fxp 4
cards.
When flow control is enabled, and if the operating system
does not acknowledge the packet buffer filling,
the card will begin to generate ethernet quench
packets, but appears to get into a feedback
loop of some sort, hosing local switches.
This is a workaround for this issue.
.Pp
---
hw.fxp_rnr
int
Set the amount of times that a no-resource
condition may occur before the
.Xr fxp 4
device may restart.
.Pp
---
hw.instruction_sse
bool
Returns true if SSE support is enabled in the kernel.
This is a read-only variable.
.Pp
---
hw.intrcnt
bool
Displays a list of interrupt counters.
This is a read-only variable.
.Pp
---
hw.intrnames
str
Displays a list of zero-terminated interrupt
names. This is a read-only variable.
.Pp
---
hw.kbd.keymap_restrict_change
bool
This sysctl acts as a sort of secure-level, allowing
control of the console keymap.
Giving this a value of 1 means that only the
root user can change restricted keys
(like boot, panic...).
A value of 2 means that only root
can change restricted keys and regular keys.
Regular users still can change accents and function keys.
A value of 3 means only root can change restricted,
regular and accent keys, while a value of 4 means that
no changes to the keymap are
allowed by anyone other than the root user.
.Pp
---
hw.machine
str
Displays the machine class. This is a read-only variable.
.Pp
---
hw.machine_arch
str
Displays the current architecture. This is a read-only
variable.
.Pp
---
hw.model
str
Displays the model information of the current running hardware.
This is a read-only variable.
.Pp
---
hw.ncpu
bool
Report the number of CPU's in the system. This is
a read-only variable.
.Pp
---
hw.pagesize
int
Displays the current
.Xr pagesize 1 .
This is a read-only variable.
.Pp
---
hw.pccard.cis_debug
int
Allows debugging to be turned on or off for
CIS.
.Pp
---
hw.pccard.debug
bool
Determines whether or not to use debugging for the
PC Card bus driver.
.Pp
---
hw.pci.allow_unsupported_io_range
bool
Some machines do not detect their CardBus slots correctly
because they use unsupported I/O ranges. This
.Nm
allows FreeBSD to use those ranges.
.Pp
---
hw.pci.enable_io_modes
---
hw.snd.pcm0.ac97rate
---
hw.snd.report_soft_formats
---
hw.syscons.bell
bool
Allows you to control whether or not to use the 'bell'
while using the console. This is turned on by default.
.Pp
---
hw.syscons.saver.keybonly
bool
This variable tells the system that the screen saver
may only wake up if the keyboard is used. This means
that log messages that are pushed to the console will
not cause the screen saver to stop, and display the log
message will not display. This can be disabled to mimic
the behavior of older syscons.
.Pp
---
hw.syscons.sc_no_suspend_vtswitch
bool
Disables switching between virtual terminals during suspend
or resume. See
.Xr syscons 4
for more information.
.Pp
---
hw.wi.debug
---
hw.wi.txerate
---
kern.acct_chkfreq
---
kern.acct_resume
---
kern.acct_suspend
---
kern.argmax
bool
The maximum number of bytes that can be
used in an argument to
.Xr execve 2 .
This is basically the maximum number of
characters which can be used in a single
command line.
On some rare occasions, this value needs
altering.
If so, please check out the
.Xr xargs 1
utility.
.Pp
---
kern.bootfile
str
The kernel which was used to boot the system.
.Pp
---
kern.boottime
str
The time at which the current kernel became
active after the system booted. This is a
read-only variable.
.Pp
---
kern.chroot_allow_open_directories
bool
Depending on the setting of this variable, open
file descriptors which reference directories will
fail.
If set to
.Em 0 ,
.Xr chroot 8
will always fail with
.Er EPERM
if there are any directories open.
If set to
.Em 1
(the default),
.Xr chroot 8
will fail with
.Er EPERM
if there are any directories open and the
process is already subject to the
.Xr chroot 8
system call.
Any other value will bypass the check for open directories.
Please see the
.Xr chroot 2
man page for more information.
.Pp
---
kern.clockrate
struct
Displays information about the system clock. This is a
read-only variable.
.Pp
---
kern.console
---
kern.coredump
bool
Determines where the kernel should dump a core file
in the event of a kernel panic.
.Pp
---
kern.corefile
str
Describes the filename that a core image should be stored to.
See the
.Xr core 5
man page for more information on this variable.
.Pp
---
kern.cp_time
---
kern.devname
---
kern.devstat.all
---
kern.devstat.generation
---
kern.devstat.numdevs
---
kern.devstat.version
---
kern.disks
str
Display disk devices that the kernel is currently
aware of.
This is a read-only variable.
.Pp
---
kern.domainname
str
This shows the name of the current YP/NIS domain.
.Pp
---
kern.drainwait
---
kern.elf32.fallback_brand
---
kern.fallback_elf_brand
---
kern.file
struct
Returns the entire file structure.
.Pp
---
kern.function_list
struct
Returns all functions names in the kernel.
.Pp
---
kern.geom.confdot
---
kern.geom.conftxt
---
kern.geom.confxml
---
kern.hostid
---
kern.hostname
str
Display the system hostname.
This can be modified with the
.Xr hostname 1
utility.
.Pp
---
kern.init_path
---
kern.iov_max
---
kern.ipc.clust_hiwm
---
kern.ipc.clust_lowm
---
kern.ipc.maxsockbuf
---
kern.ipc.maxsockets
---
kern.ipc.mb_statpcpu
---
kern.ipc.mbstat
---
kern.ipc.mbuf_hiwm
---
kern.ipc.mbuf_lowm
---
kern.ipc.mbuf_wait
---
kern.ipc.msqids
---
kern.ipc.nmbclusters
bool
Maximum number of mbuf clusters available.
The kernel uses a preallocated pool of
.Dq mbuf clusters
for the
.Xr mbuf 9
allocator.
The pool size is tuned by the kernel during boot.
That size is set to a value which seems appropriate
for the current system.
.Pp
---
kern.ipc.nmbcnt
---
kern.ipc.nmbufs
---
kern.ipc.nsfbufs
---
kern.ipc.numopensockets
---
kern.ipc.somaxconn
int
The maximum pending socket connection queue size.
.Pp
---
kern.ipc.zero_copy.receive
bool
When set to a non-zero value, zero copy is
enabled for received packets.
This reduces copying of data around for
outgoing packets and can significantly
improve throughput for network connections.
.Pp
---
kern.ipc.zero_copy.send
bool
When set to a non-zero value, zero copy is
enabled for sent packets.
This reduces copying of data around for outgoing
packets and can significantly improve throughput
for network connections.
.Pp
---
kern.job_control
---
kern.kq_calloutmax
---
kern.lastpid
bool
Displays the last PID used by a process.
This is a read-only variable.
.Pp
---
kern.logsigexit
bool
Tells the kernel whether or not to log fatal signal exits.
.Pp
---
kern.malloc
str
Displays how memory is currently being allocated.
This is a read-only variable.
.Pp
---
kern.maxfiles
bool
The maximum number of files allowed for all the
processes of the running kernel.
You can override the default value which the
kernel calculates by explicitly setting this to
a non-zero value.
Also see the
.Xr tuning 7
man page for more information.
.Pp
---
kern.maxfilesperproc
bool
The maximum number of files any one process can open.
See the
.Xr ps 1
utility for more information on monitoring processes.
.Pp
---
kern.maxproc
int
The maximum number of processes that the system
can be running at any time.
See the
.Xr ps 1
utility for more information on monitoring processes.
.Pp
---
kern.maxprocperuid
int
The maximum number of processes one user ID can run.
See the
.Xr ps 1
utility for more information on monitoring processes.
.Pp
---
kern.maxusers
int
Controls the scaling of a number of static system tables, including
defaults for the maximum number of open files, sizing of network
memory resources, etc.
See the
.Xr tuning 7
man page for more information.
This
.Nm
cannot be set using
.Xr sysctl 8 .
Use
.Xr loader 8
instead to set this at boot time.
.Pp
---
kern.maxvnodes
bool
The maximum number of
.Em vnodes
(virtual file system nodes)
the system can have open simultaneously.
.Pp
---
kern.minvnodes
bool
The minimun number of
.Em vnodes
(virtual file system nodes)
the system can have open simultaneously.
.Pp
---
kern.module_path
str
This
.Nm
holds a colon-separated list of directories in which the
kernel will search for loadable kernel modules.
This path is search when using commands such as
.Xr kldload 8
and
.Xr kldunload 8 .
.Pp
---
kern.msgbuf
---
kern.msgbuf_clear
---
kern.ngroups
int
Contains the maximum number of groups that a
user may belong to.
This is a read-only variable.
.Pp
---
kern.openfiles
bool
Shows the current amount of system-wide
open files.
This is useful when used in conjunction
with
.Va kern.maxfiles
for tuning your system.
This is a read-only variable.
.Pp
---
kern.osreldate
---
kern.osrelease
str
Displays the current version of
.Fx
running.
This is a read-only variable.
---
kern.osrevision
---
kern.ostype
str
Alter the name of the current operating system.
Changing this will change the output from
the
.Xr uname 1
utility.
Changing the default is not recommended.
.Pp
---
kern.posix1version
---
kern.proc.all
---
kern.proc.args
int
Allows a process to retrieve the argument list
or process title for another process without
looking in the address space of another program.
This is a read-only variable.
.Pp
---
kern.proc.pgrp
---
kern.proc.pid
---
kern.proc.ruid
---
kern.proc.tty
---
kern.proc.uid
---
kern.ps_argsopen
bool
By setting this to 0, command line arguments are hidden
for processes which you are not running.
This is useful on multi-user machines where things
like passwords might accidentally be added to command
line programs.
.Pp
---
kern.quantum
---
kern.random.sys.burst
---
kern.random.sys.harvest.ethernet
---
kern.random.sys.harvest.interrupt
---
kern.random.sys.harvest.point_to_point
---
kern.random.sys.harvest.swi
---
kern.random.sys.seeded
---
kern.random.yarrow.bins
---
kern.random.yarrow.fastthresh
---
kern.random.yarrow.gengateinterval
---
kern.random.yarrow.slowoverthresh
---
kern.random.yarrow.slowthresh
---
kern.randompid
---
kern.rootdev
---
kern.saved_ids
---
kern.securelevel
bool
The current kernel security level.
See the
.Xr init 8
manual page for a good description
about what a security level is.
.Pp
---
kern.sugid_coredump
bool
By default, a process that changes user or group credentials whether
real or effective will not create a corefile.
This behavior can be changed to generate a core dump by
setting this variable to 1.
.Pp
---
kern.sync_on_panic
bool
In the event of a panic, this variable controls whether or not the
system should try and
.Xr sync 8 .
In some circumstances, this could cause a double panic, and as a result,
this may be turned off if needed.
.Pp
---
kern.threads.debug
bool
Determines whether to use debugging for kernel threads.
This is useful for testing.
.Pp
---
kern.threads.max_groups_per_proc
---
kern.threads.max_threads_hits
---
kern.threads.max_threads_per_proc
---
kern.threads.virtual_cpu
---
kern.tty_nin
---
kern.tty_nout
---
kern.ttys
bool
Used internally by the
.Xr pstat 8
command.
This is a read-only variable.
.Pp
---
kern.version
str
Displays the current kernel version information.
This is a read-only variable.
.Pp
---
machdep.acpi_root
---
machdep.cpu_idle_hlt
bool
Halt idle CPUs.
This is good for an SMP system.
.Pp
---
machdep.disable_mtrrs
---
machdep.guessed_bootdev
---
machdep.hlt_cpus
bool
This option will permit the halting
of CPUs.
For instance, to halt CPU 0,
machdep.htl_cpus=1 can be used.
It is possible to halt two CPUs by providing
a comma separated list (i.e: cpu1,cpu2).
.Pp
---
machdep.hlt_logical_cpus
bool
This keeps the logical CPUs halted in the idle loop.
By default the logical CPUs are halted at startup.
It is also possible to halt any cpu in the idle loop now
using machdep.hlt_cpus.
.Pp
---
machdep.panic_on_nmi
---
machdep.siots
---
net.inet.accf.unloadable
---
net.inet.icmp.bmcastecho
---
net.inet.icmp.drop_redirect
---
net.inet.icmp.icmplim
---
net.inet.icmp.icmplim_output
---
net.inet.icmp.log_redirect
---
net.inet.icmp.maskfake
---
net.inet.icmp.maskrepl
---
net.inet.ip.accept_sourceroute
bool
Controls forwarding of source-routed IP packets.
.Pp
---
net.inet.ip.check_interface
bool
This
.Nm
verifies that packets arrive on the correct interfaces.
.Pp
---
net.inet.ip.fastforwarding
bool
When fast forwarding is enabled, IP packets are forwarded directly to
the appropriate network interface with a minimal validity checking,
which greatly improves throughput.
Please see the
.Xr inet 4
man page for more information.
.Pp
---
net.inet.ip.forwarding
bool
Act as a gateway machine and forward packets.
This can also be configured using the
gateway_enable value in
.Pa /etc/rc.conf
.Pp
---
net.inet.ip.intr_queue_drops
---
net.inet.ip.intr_queue_maxlen
---
net.inet.ip.keepfaith
bool
This is used in conjunction with
.Xr faithd 8
to control the FAITH IPv6/v4 translator daemon.
.Pp
---
net.inet.ip.maxfragpackets
---
net.inet.ip.maxfragsperpacket
---
net.inet.ip.redirect
bool
Controls the sending of ICMP redirects in response to unforwardable IP
packets.
.Pp
---
net.inet.ip.rtexpire
int
Lifetime in seconds of protocol-cloned IP routes after the last
reference drops (default one hour).
.Pp
---
net.inet.ip.rtmaxcache
int
Trigger level of cached, unreferenced, protocol-cloned
routes which initiates dynamic adaptation.
.Pp
---
net.inet.ip.rtminexpire
int
See
.Xr inet 4
for more information.
.Pp
---
net.inet.ip.sendsourcequench
bool
This
.Nm
enables or disables the transmission of
source quench packets.
.Pp
---
net.inet.ip.sourceroute
bool
Determines whether or not source routed IP packets
should be forwarded.
.Pp
---
net.inet.ip.stats
---
net.inet.ip.ttl
int
The TTL (time-to-live) to use for outgoing packets.
.Pp
---
net.inet.raw.maxdgram
---
net.inet.raw.olddiverterror
---
net.inet.raw.pcblist
---
net.inet.raw.recvspace
---
net.inet.tcp.always_keepalive
bool
Determines whether or not to attempt to detect dead TCP
connections by sending 'keepalives' intermittently. This
is enabled by default and can also be configured using the
tcp_keepalive value in
.Pa /etc/rc.conf
.Pp
---
net.inet.tcp.blackhole
bool
Manipulates system behavior when
connection requests are received on a
TCP port without a socket listening.
See the
.Xr blackhole 4
man page for more information.
.Pp
---
net.inet.tcp.delacktime
---
net.inet.tcp.delayed_ack
bool
Historically speaking, this feature was designed to allow the
acknowledgment to transmitted data to be returned along with the
response. See the
.Xr tuning 7
man page for more information.
.Pp
---
net.inet.tcp.do_tcpdrain
---
net.inet.tcp.getcred
---
net.inet.tcp.icmp_may_rst
---
net.inet.tcp.inflight_debug
bool
Control debugging for the
.Va net.inet.tcp.inflight_enable
.Nm .
Please see the
.Xr tuning 7
man page for more information.
.Pp
---
net.inet.tcp.inflight_enable
bool
Turns on bandwidth delay product limiting for all
TCP connections. Please see the
.Xr tuning 7
man page for more information.
.Pp
---
net.inet.tcp.inflight_max
bool
.Em double check
The maximum amount of data that may be queued for
bandwidth delay product limiting.
.Pp
---
net.inet.tcp.inflight_min
bool
.Em double check
The minimum amount of data that may be queued for
bandwidth delay product limiting.
.Pp
---
net.inet.tcp.inflight_stab
bool
This parameter represents the maximal packets
added to the bandwidth delay product window
calculation. Changing this is not recommended.
.Pp
---
net.inet.tcp.isn_reseed_interval
---
net.inet.tcp.local_slowstart_flightsize
---
net.inet.tcp.log_in_vain
bool
Allows the system to log connections to TCP
ports that do not have sockets listening.
This variable can also be tuned by changing
the value for log_in_vain
in
.Pa /etc/rc.conf
.Pp
---
net.inet.tcp.minmss
bool
Enable for network link optimization TCP can adjust its MSS and thus
packet size according to the observed path MTU. This is done
dynamically based on feedback from the remote host and network
components along the packet path. This information can be
abused to pretend an extremely low path MTU.
.Pp
---
net.inet.tcp.minmssoverload
bool
The PSS rate for the
.Va net.inet.tcp.minmss
sysctl.
Setting this will force packets to be reset
and dropped, this should hinder the availability
of DoS attacks on WWW servers using POST attacks.
.Pp
---
net.inet.tcp.msl
---
net.inet.tcp.mssdflt
bool
This is the default TCP Maximum Segment Size
for TCP packets. The default setting is recommended
in most cases.
.Pp
---
net.inet.tcp.v6mssdflt
bool
This is the default TCP Maximum Segment Size
for TCP IPv6 packets. The default setting is recommend
in most cases.
.Pp
---
net.inet.tcp.newreno
---
net.inet.tcp.path_mtu_discovery
---
net.inet.tcp.pcbcount
---
net.inet.tcp.pcblist
---
net.inet.tcp.recvspace
bool
This variables controls the amount of receive
buffer space for any given TCP connection. This
can be particularly useful when tuning network
applications. See the
.Xr tuning 7
man page for more information.
.Pp
---
net.inet.tcp.rexmit_min
---
net.inet.tcp.rexmit_slop
---
net.inet.tcp.rfc1323
bool
Determines whether support for RFC1323 (TCP Extensions
for High Performance) should be enabled.
This variable can also be tuned by changing the value
for tcp_extensions in
.Pa /etc/rc.conf
.Pp
---
net.inet.tcp.rfc1644
---
net.inet.tcp.rfc3042
---
net.inet.tcp.rfc3390
---
net.inet.tcp.sendspace
bool
This variables controls the amount of send
buffer space for any given TCP connection. This
can be particularly useful when tuning network
applications. See the
.Xr tuning 7
manual page for more information.
.Pp
---
net.inet.tcp.slowstart_flightsize
---
net.inet.tcp.stats
---
net.inet.tcp.syncache.bucketlimit
---
net.inet.tcp.syncache.cachelimit
---
net.inet.tcp.syncache.count
---
net.inet.tcp.syncache.hashsize
---
net.inet.tcp.syncache.rexmtlimit
---
net.inet.tcp.syncookies
---
net.inet.tcp.tcbhashsize
---
net.inet.tcp.v6mssdflt
---
net.inet.udp.blackhole
bool
Manipulates system behavior when
connection requests are received on a
UDP port.
See the
.Xr blackhole 4
man page for more information.
.Pp
---
net.inet.udp.getcred
---
net.inet.udp.log_in_vain
bool
Allows the system to log connections to UDP
ports that do not have sockets listening.
This variable can also be tuned by changing
the value for log_in_vain
in
.Pa /etc/rc.conf
.Pp
---
net.inet.udp.maxdgram
---
net.inet.udp.pcblist
---
net.inet.udp.recvspace
---
net.inet.udp.stats
---
net.inet6.icmp6.errppslimit
---
net.inet6.icmp6.nd6_debug
---
net.inet6.icmp6.nd6_delay
---
net.inet6.icmp6.nd6_maxnudhint
---
net.inet6.icmp6.nd6_mmaxtries
---
net.inet6.icmp6.nd6_prune
---
net.inet6.icmp6.nd6_umaxtries
---
net.inet6.icmp6.nd6_useloopback
---
net.inet6.icmp6.nodeinfo
---
net.inet6.icmp6.rediraccept
---
net.inet6.icmp6.redirtimeout
---
net.inet6.tcp6.getcred
---
net.inet6.udp6.getcred
---
net.isr.enable
---
net.link.ether.inet.log_arp_movements
---
net.link.ether.inet.log_arp_wrong_iface
---
net.link.ether.ipfw
---
net.link.generic.ifdata
---
net.link.generic.system.ifcount
---
net.link.gif.max_nesting
bool
Determines whether to allow recursive tunnels or not.
.Pp
---
net.link.gif.parallel_tunnels
bool
Determines whether to allow parallel tunnels or not.
.Pp
---
net.local.dgram.pcblist
---
net.local.stream.pcblist
---
security.bsd.see_other_uids
bool
Turning this option on will prevent users from viewing information
about processes running under other user id numbers (UIDs).
.Pp
---
security.bsd.suser_enabled
---
security.bsd.unprivileged_proc_debug
---
security.bsd.unprivileged_read_msgbuf
---
security.jail.set_hostname_allowed
bool
Determines whether or not the root user
within the jail can set the hostname.
.Pp
---
security.jail.socket_unixiproute_only
---
security.jail.sysvipc_allowed
---
security.mac.biba.enabled
bool
Enables enforcement of the Biba integrity policy.
.Pp
---
security.mac.biba.ptys_equal
bool
Label
.Sm off
.Xr pty 4
s
.Sm on
as
.Dq biba/equal
upon creation.
.Pp
---
security.mac.biba.revocation_enabled
bool
Revoke access to objects if the label is changed to dominate the subject.
.Pp
---
security.mac.enforce_fs
bool
Enforce MAC policies for file system accesses.
.Pp
---
security.mac.enforce_kld
bool
Enforce MAC policies on
.Xr kld 4 .
.Pp
---
security.mac.enforce_network
bool
Enforce MAC policies on network interfaces.
.Pp
---
security.mac.enforce_pipe
bool
Enforce MAC policies on pipes.
.Pp
---
security.mac.enforce_process
bool
Enforce MAC policies between system processes
(e.g.
.Xr ps 1 ,
.Xr ktrace 2 ).
.Pp
---
security.mac.enforce_socket
bool
Enforce MAC policies on sockets.
.Pp
---
security.mac.enforce_system
bool
Enforce MAC policies on system-related items
(e.g.
.Xr kenv 1 ,
.Xr acct 2 ,
.Xr reboot 2 ).
.Pp
---
security.mac.enforce_vm
bool
Enforce MAC policies on
.Xr mmap 2
and
.Xr mprotect 2 .
.Pp
---
security.mac.ifoff.lo_enabled
bool
Use this too disable network traffic over the loopback
.Xr lo 4
interface.
See
.Xr mac_ifoff 4
for more information.
.Pp
---
security.mac.ifoff.other_enabled
bool
Use this to enable network traffic over other interfaces.
See
.Xr mac_ifoff 4
for more information.
.Pp
---
security.mac.ifoff.bpfrecv_enabled
bool
Use this too allow
.Xr bpf 4
traffic to be received,
even while other traffic is disabled.
.Pp
---
security.mac.mls.enabled
bool
Enables the enforcement of the MLS confidentiality policy,
see
.Xr mac_mls 4
for more information.
.Pp
---
security.mac.mls.ptys_equal
bool
Label
.Sm off
.Xr pty 4
s
.Sm on
as
.Dq mls/equal
upon creation.
.Pp
---
security.mac.mls.revocation_enabled
bool
Revoke access to objects if the label is changed to a more sensitive
level than the subject.
.Pp
---
security.mac.portacl.rules
str
The port access control list is specified in the following format:
.Pp
.Sy idtype
.Li :
.Sy id
.Li :
.Sy protocol
.Li :
.Sy port
.Li [,
.Sy idtype
.Li :
.Sy id
.Li :
.Sy protocol
.Li :
.Sy port
.Li ,...]
.Pp
.Sy idtype
Describes the type of subject match to be performed.
Either
.Li uid
for userid matching, or
.Li gid
for group ID matching.
.Sy id
The user or group ID (depending on
.Sy idtype )
allowed to bind to the specified port.
.Bf -emphasis
NOTE: User and group names are not valid; only the actual ID numbers
may be used.
.Ef
.Sy protocol
Describes which protocol this entry applies to.
Either
.Li tcp
or
.Li udp
are supported.
.Sy port
Describes which port this entry applies to.
.Bf -emphasis
NOTE: MAC security policies may not override other security system policies
by allowing accesses that they may deny, such as
.Va net.inet.ip.portrange.reservedlow /
.Va net.inet.ip.portrange.reservedhigh .
.Ef
.Pp
---
security.mac.seeotheruids.enabled
bool
Enable/disable
.Va security.mac.seeotheruids
See
.Xr mac_seeotheruids 4
for more information.
.Pp
---
security.mac.seeotheruids.primarygroup_enabled
bool
Allow users to see processes and sockets owned by the same primary
group.
.Pp
---
security.mac.seeotheruids.specificgid_enabled
bool
Allow processes with a specific group ID to be exempt from the policy,
set this to
.Li 1
and set
.Va security.mac.seeotheruids.specificgid
to the gid to be exempted.
.Pp
---
security.mac_test
str
Used for debugging.
See
.Xr mac_test 4
for more information.
.Pp
---
user.bc_base_max
---
user.bc_dim_max
---
user.bc_scale_max
---
user.bc_string_max
---
user.coll_weights_max
---
user.cs_path
---
user.line_max
---
user.posix2_c_bind
---
user.posix2_c_dev
---
user.posix2_fort_dev
---
user.posix2_fort_run
---
user.posix2_localedef
---
user.posix2_sw_dev
---
user.posix2_upe
---
user.posix2_version
---
user.re_dup_max
---
user.stream_max
---
user.tzname_max
---
vfs.altbufferflushes
---
vfs.bufdefragcnt
---
vfs.buffreekvacnt
---
vfs.bufmallocspace
---
vfs.bufreusecnt
---
vfs.bufspace
---
vfs.cache.nchstats
---
vfs.conflist
---
vfs.devfs.generation
---
vfs.devfs.inodes
---
vfs.devfs.noverflow
---
vfs.devfs.topinode
---
vfs.dirtybufferflushes
---
vfs.dirtybufthresh
---
vfs.ffs.adjblkcnt
---
vfs.ffs.adjrefcnt
---
vfs.ffs.freeblks
---
vfs.ffs.freedirs
---
vfs.ffs.freefiles
---
vfs.ffs.setflags
---
vfs.flushwithdeps
---
vfs.getnewbufcalls
---
vfs.getnewbufrestarts
---
vfs.hibufspace
---
vfs.hidirtybuffers
---
vfs.hifreebuffers
---
vfs.hirunningspace
---
vfs.lobufspace
---
vfs.lodirtybuffers
---
vfs.lofreebuffers
---
vfs.lorunningspace
---
vfs.maxbufspace
---
vfs.maxmallocbufspace
---
vfs.numdirtybuffers
---
vfs.numfreebuffers
---
vfs.opv_numops
---
vfs.pfs.vncache.entries
---
vfs.pfs.vncache.hits
---
vfs.pfs.vncache.maxentries
---
vfs.pfs.vncache.misses
---
vfs.read_max
---
vfs.recursiveflushes
---
vfs.runningbufspace
---
vfs.ufs.dirhash_docheck
---
vfs.ufs.dirhash_maxmem
---
vfs.ufs.dirhash_mem
---
vfs.ufs.dirhash_minsize
---
vfs.usermount
bool
This
.Nm
allows the root user to grant access to non-root users
so that they may mount floppy and CD-ROM drives.
.Pp
---
vfs.vmiodirenable
bool
Controls how directories are cached by the system.
This is turned on by default. See the
.Xr tuning 7
man page for a more detailed explanation on this
variable.
.Pp
---
vfs.write_behind
bool
Tells the file system to issue media writes as
full clusters are collected, which typically
occurs when writing large sequential files.
This is turned on by default, but under certain
circumstances may stall processes and can therefore
be turned off.
.Pp
---
vm.defer_swapspace_pageouts
---
vm.disable_swapspace_pageouts
---
vm.dmmax
---
vm.kvm_free
---
vm.kvm_size
---
vm.loadavg
struct
Displays the load average history. This is a
read-only variable.
.Pp
---
vm.max_launder
---
vm.nswapdev
---
vm.pageout_algorithm
---
vm.pageout_full_stats_interval
---
vm.pageout_lock_miss
---
vm.pageout_stats_free_max
---
vm.pageout_stats_interval
---
vm.pageout_stats_max
---
vm.stats.sys.v_intr
---
vm.stats.sys.v_soft
---
vm.stats.sys.v_swtch
---
vm.stats.sys.v_syscall
---
vm.stats.sys.v_trap
---
vm.stats.vm.v_cow_faults
---
vm.stats.vm.v_cow_optim
---
vm.stats.vm.v_forkpages
---
vm.stats.vm.v_forks
---
vm.stats.vm.v_intrans
---
vm.stats.vm.v_kthreadpages
---
vm.stats.vm.v_kthreads
---
vm.stats.vm.v_ozfod
---
vm.stats.vm.v_pdpages
---
vm.stats.vm.v_pdwakeups
---
vm.stats.vm.v_reactivated
---
vm.stats.vm.v_rforkpages
---
vm.stats.vm.v_rforks
---
vm.stats.vm.v_swapin
---
vm.stats.vm.v_swapout
---
vm.stats.vm.v_swappgsin
---
vm.stats.vm.v_swappgsout
---
vm.stats.vm.v_vforkpages
---
vm.stats.vm.v_vforks
---
vm.stats.vm.v_vm_faults
---
vm.stats.vm.v_vnodein
---
vm.stats.vm.v_vnodeout
---
vm.stats.vm.v_vnodepgsin
---
vm.stats.vm.v_vnodepgsout
---
vm.stats.vm.v_zfod
---
vm.swap_async_max
---
vm.swap_enabled
---
vm.swap_idle_enabled
---
vm.swap_info
---
vm.vmtotal
---
vm.zone
---
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040122024729.2944fada>