6 Determines whether or not the
8 system call should be allowed.
14 Determines whether or not the
22 Determines if background writes should be performed.
28 Displays nchash chain lengths. This is a read-only
32 debug.hashstat.rawnchash
40 allows you to enable or disable debugging for 802.11 devices.
46 Used to retrieve a list of currently available debugger backends.
52 Allows for the selection of the debugger backend
53 which is used to handle debugger requests.
59 When written to, the system should break to the debugger.
62 debug.malloc.failure_count
65 Number of times a coerced malloc failure has occurred as a
67 .Va debug.malloc.failure_rate .
68 Useful for tracking what might have happened
69 and whether failures are being generated.
72 debug.malloc.failure_rate
75 Debugging feature causing
77 allocations to fail at a specified rate.
78 How often to generate a failure: if set to 0 (default), this
80 In other words if set to 10 (one in ten
90 allows you to enable or disable debugging for
109 debug.sizeof.kinfo_proc
121 hw.acpi.cpu.current_speed
124 Display the current CPU speed.
125 This is adjustable, but doing so is not recommended.
128 hw.acpi.cpu.max_speed
131 Allows you to change the stepping for processor speed
132 on machines which support
136 hw.acpi.disable_on_poweroff
141 have problems powering off when shutting down with
147 when rebooting and shutting down.
155 determines whether or not the S4BIOS sleep implementation
162 Set the sleep delay for
166 hw.acpi.supported_sleep_state
174 hw.acpi.thermal.min_runtime
177 hw.acpi.thermal.polling_rate
180 The interval in seconds that should be used to check
181 the current system temperature.
184 hw.acpi.thermal.tz0.temperature
187 Displays the current temperature.
188 This is a read-only variable.
191 hw.acpi.thermal.tz0.thermal_flags
197 Determines whether or not
205 Allows the enabling and disabling of DMA for
212 Allows the enabling and disabling of DMA for
213 atapi devices, such as CD-ROM drives.
219 An experimental feature for IDE hard drives which
220 allows write caching to be turned on.
223 manual page carefully before using this.
229 Determines whether or not IDE write caching should
233 for more information.
242 This is an internally used function that returns
243 the kernel bus interface version.
252 hw.busdma.reserved_bpages
255 hw.busdma.active_bpages
258 hw.busdma.total_bpages
261 hw.busdma.total_bounced
264 hw.busdma.total_deferred
270 Returns the system byte order.
271 This is a read-only variable.
295 Reports true if the machine has a floating point processor.
296 This is a read-only variable.
302 Controls the receive interrupt microcode bundle size limit
311 Controls the receive interrupt microcode bundling delay
320 Disables flow control support on
323 When flow control is enabled, and if the operating system
324 does not acknowledge the packet buffer filling,
325 the card will begin to generate Ethernet quench
326 packets, but appears to get into a feedback
327 loop of some sort, hosing local switches.
328 This is a workaround for this issue.
334 Set the amount of times that a no-resource
335 condition may occur before the
343 Returns true if SSE support is enabled in the kernel.
344 This is a read-only variable.
350 Displays a list of interrupt counters.
351 This is a read-only variable.
357 Displays a list of zero-terminated interrupt
358 names. This is a read-only variable.
361 hw.kbd.keymap_restrict_change
364 This sysctl acts as a sort of secure-level, allowing
365 control of the console keymap.
366 Giving this a value of 1 means that only the
367 root user can change restricted keys
368 (like boot, panic...).
369 A value of 2 means that only root
370 can change restricted keys and regular keys.
371 Regular users still can change accents and function keys.
372 A value of 3 means only root can change restricted,
373 regular and accent keys, while a value of 4 means that
374 no changes to the keymap are
375 allowed by anyone other than the root user.
381 Displays the machine class.
382 This is a read-only variable.
388 Displays the current architecture.
389 This is a read-only variable.
395 Displays the model information of the current running hardware.
396 This is a read-only variable.
402 Report the number of CPU's in the system.
403 This is a read-only variable.
411 This is a read-only variable.
417 Allows debugging to be turned on or off for
424 Determines whether or not to use debugging for the
428 hw.pci.allow_unsupported_io_range
431 Some machines do not detect their CardBus slots correctly
432 because they use unsupported I/O ranges.
435 allows FreeBSD to use those ranges.
438 hw.pci.enable_io_modes
447 Control the level of verbosity for the
451 man page for more information on debug
455 hw.snd.report_soft_formats
458 Controls the internal format conversion if it is available
459 transparently to the application software.
462 for more information.
468 Allows you to control whether or not to use the 'bell'
469 while using the console. This is turned on by default.
472 hw.syscons.saver.keybonly
475 This variable tells the system that the screen saver
476 may only wake up if the keyboard is used. This means
477 that log messages that are pushed to the console will
478 not cause the screen saver to stop, and display the log
479 message will not display. This can be disabled to mimic
480 the behavior of older syscons.
483 hw.syscons.sc_no_suspend_vtswitch
486 Disables switching between virtual terminals during suspend
489 for more information.
495 Controls the level of debugging for
503 This value allows controls the maximum amount of error
507 a value of 0 (zero) disables error messages completely.
513 Specifies the frequency (in minutes) with which free disk
514 space should be checked.
515 This is used in conjunction with
518 .Va kern.acct_suspend.
524 The percentage of free disk space above which process
525 accounting will resume.
531 The percentage of free disk space below which process
538 The maximum number of bytes that can be
539 used in an argument to
541 This is basically the maximum number of
542 characters which can be used in a single
544 On some rare occasions, this value needs
546 If so, please check out the
554 The kernel which was used to boot the system.
560 The time at which the current kernel became
561 active after the system booted. This is a
565 kern.chroot_allow_open_directories
568 Depending on the setting of this variable, open
569 file descriptors which reference directories will
574 will always fail with
576 if there are any directories open.
583 if there are any directories open and the
584 process is already subject to the
587 Any other value will bypass the check for open directories.
590 man page for more information.
596 Displays information about the system clock.
597 This is a read-only variable.
606 Determines where the kernel should dump a core file
607 in the event of a kernel panic.
613 Describes the file name that a core image should be stored to.
616 man page for more information on this variable.
622 Contains CPU time statistics.
623 This is a read-only variable.
631 that returns suitable device names for the
636 manual page for more information.
644 that returns current devstat statistics as well
645 as the current devstat generation number.
648 man page for more information.
651 kern.devstat.generation
660 Displays the devstat list version number.
661 This is a read-only variable.
667 Display disk devices that the kernel is currently
669 This is a read-only variable.
675 This shows the name of the current YP/NIS domain.
681 The time to wait after dropping DTR to the given number.
682 The units are measured in hundredths of a second.
683 The default is 300 hundredths,
685 This option is needed mainly to set proper recover
686 time after modem resets.
689 kern.elf32.fallback_brand
692 kern.fallback_elf_brand
698 Returns the entire file structure.
704 Returns all functions names in the kernel.
721 may contain the IP address of the system.
727 Display the system hostname.
728 This can be modified with the
736 The path to search for the
739 This is a read-only variable.
754 The maximum buffer size that may be allocated for sockets.
757 for more information.
763 The maximum number of sockets available.
787 Maximum number of mbuf clusters available.
788 The kernel uses a preallocated pool of
793 The pool size is tuned by the kernel during boot.
794 That size is set to a value which seems appropriate
795 for the current system.
807 kern.ipc.numopensockets
813 The maximum pending socket connection queue size.
816 kern.ipc.zero_copy.receive
819 When set to a non-zero value, zero copy is
820 enabled for received packets.
821 This reduces copying of data around for
822 outgoing packets and can significantly
823 improve throughput for network connections.
826 kern.ipc.zero_copy.send
829 When set to a non-zero value, zero copy is
830 enabled for sent packets.
831 This reduces copying of data around for outgoing
832 packets and can significantly improve throughput
833 for network connections.
839 Reports whether or not job control is available.
840 This is a read-only variable.
849 Displays the last PID used by a process.
850 This is a read-only variable.
856 Tells the kernel whether or not to log fatal signal exits.
862 Displays how memory is currently being allocated.
863 This is a read-only variable.
869 The maximum number of files allowed for all the
870 processes of the running kernel.
871 You can override the default value which the
872 kernel calculates by explicitly setting this to
876 man page for more information.
882 The maximum number of files any one process can open.
885 utility for more information on monitoring processes.
891 The maximum number of processes that the system
892 can be running at any time.
895 utility for more information on monitoring processes.
901 The maximum number of processes one user ID can run.
904 utility for more information on monitoring processes.
910 Controls the scaling of a number of static system tables, including
911 defaults for the maximum number of open files, sizing of network
912 memory resources, etc.
915 man page for more information.
922 instead to set this at boot time.
928 The maximum number of
930 (virtual file system nodes)
931 the system can have open simultaneously.
937 The minimun number of
939 (virtual file system nodes)
940 the system can have open simultaneously.
948 holds a colon-separated list of directories in which the
949 kernel will search for loadable kernel modules.
950 This path is search when using commands such as
959 Contains the kernel message buffer.
967 a value of 1 (one) will cause the kernel message buffer to
968 be cleared. It should be noted though, that the
970 will then automatically revert back to it's original
977 Contains the maximum number of groups that a
979 This is a read-only variable.
985 Shows the current amount of system-wide
987 This is useful when used in conjunction
990 for tuning your system.
991 This is a read-only variable.
997 Displays the kernel release date.
998 This is a read-only variable.
1004 Displays the current version of
1007 This is a read-only variable.
1013 Displays the operating system revision.
1014 This is a read-only variable.
1020 Alter the name of the current operating system.
1021 Changing this will change the output from
1025 Changing the default is not recommended.
1031 Returns the version of
1034 is attempting to comply with.
1035 This is a read-only variable.
1038 kern.powercycle_on_panic
1041 In the event of a panic, this variable controls whether or not the
1042 system should try to power cycle instead of rebooting.
1045 kern.poweroff_on_panic
1048 In the event of a panic, this variable controls whether or not the
1049 system should try to power off instead of rebooting.
1058 Allows a process to retrieve the argument list
1059 or process title for another process without
1060 looking in the address space of another program.
1061 This is a read-only variable.
1070 This internally used
1072 may be used to extract process information. See
1089 By setting this to 0, command line arguments are hidden
1090 for processes which you are not running.
1091 This is useful on multi-user machines where things
1092 like passwords might accidentally be added to command
1100 kern.random.adaptors
1103 Displays registered PRNG adaptors.
1104 This is a read-only variable.
1107 kern.random.sys.burst
1110 kern.random.sys.harvest.ethernet
1113 kern.random.sys.harvest.interrupt
1116 kern.random.sys.harvest.point_to_point
1119 kern.random.sys.harvest.swi
1122 kern.random.sys.seeded
1131 Displays the current root file system device. This
1132 is a read-only variable.
1138 Displays whether or not saved set-group/user ID is
1139 available. This is a read-only variable.
1145 The current kernel security level.
1148 manual page for a good description
1149 about what a security level is.
1155 By default, a process that changes user or group credentials whether
1156 real or effective will not create a corefile.
1157 This behavior can be changed to generate a core dump by
1158 setting this variable to 1.
1164 In the event of a panic, this variable controls whether or not the
1165 system should try and
1167 In some circumstances, this could cause a double panic, and as a result,
1168 this may be turned off if needed.
1174 Determines whether to use debugging for kernel threads.
1175 This is useful for testing.
1178 kern.threads.max_groups_per_proc
1181 kern.threads.max_threads_hits
1184 kern.threads.max_threads_per_proc
1187 kern.threads.virtual_cpu
1190 The maximum amount of virtual CPU's that be used for
1203 Used internally by the
1206 This is a read-only variable.
1212 Displays the current kernel version information.
1213 This is a read-only variable.
1219 machdep.cpu_idle_hlt
1223 This is good for an SMP system.
1226 machdep.disable_mtrrs
1229 machdep.guessed_bootdev
1232 machdep.hyperthreading_allowed
1235 Setting this tunable to zero disables
1236 the use of additional logical processors
1237 provided by Intel HTT technology.
1240 machdep.panic_on_nmi
1246 net.inet.accf.unloadable
1249 net.inet.icmp.bmcastecho
1252 net.inet.icmp.drop_redirect
1255 net.inet.icmp.icmplim
1258 net.inet.icmp.icmplim_output
1261 net.inet.icmp.log_redirect
1264 net.inet.icmp.maskfake
1267 net.inet.icmp.maskrepl
1270 net.inet.ip.accept_sourceroute
1273 Controls forwarding of source-routed IP packets.
1276 net.inet.ip.check_interface
1281 verifies that packets arrive on the correct interfaces.
1284 net.inet.ip.fastforwarding
1287 When fast forwarding is enabled, IP packets are forwarded directly to
1288 the appropriate network interface with a minimal validity checking,
1289 which greatly improves throughput.
1292 man page for more information.
1295 net.inet.ip.forwarding
1298 Act as a gateway machine and forward packets.
1299 This can also be configured using the
1300 gateway_enable value in
1304 net.inet.ip.fw.one_pass
1308 net.inet.ip.intr_queue_drops
1311 net.inet.ip.intr_queue_maxlen
1314 net.inet.ip.maxfragpackets
1317 net.inet.ip.maxfragsperpacket
1320 net.inet.ip.redirect
1323 Controls the sending of ICMP redirects in response to unforwardable IP
1327 net.inet.ip.sourceroute
1330 Determines whether or not source routed IP packets
1331 should be forwarded.
1340 The TTL (time-to-live) to use for outgoing packets.
1343 net.inet.raw.maxdgram
1346 net.inet.raw.olddiverterror
1349 net.inet.raw.pcblist
1352 net.inet.raw.recvspace
1355 net.inet.tcp.always_keepalive
1358 Determines whether or not to attempt to detect dead TCP
1359 connections by sending 'keepalives' intermittently. This
1360 is enabled by default and can also be configured using the
1361 tcp_keepalive value in
1365 net.inet.tcp.blackhole
1368 Manipulates system behavior when
1369 connection requests are received on a
1370 TCP port without a socket listening.
1373 man page for more information.
1376 net.inet.tcp.delacktime
1379 net.inet.tcp.delayed_ack
1382 Historically speaking, this feature was designed to allow the
1383 acknowledgment to transmitted data to be returned along with the
1386 man page for more information.
1389 net.inet.tcp.do_tcpdrain
1392 net.inet.tcp.getcred
1395 net.inet.tcp.icmp_may_rst
1398 net.inet.tcp.isn_reseed_interval
1401 net.inet.tcp.log_in_vain
1404 Allows the system to log connections to TCP
1405 ports that do not have sockets listening.
1406 This variable can also be tuned by changing
1407 the value for log_in_vain
1415 Enable for network link optimization TCP can adjust its MSS and thus
1416 packet size according to the observed path MTU. This is done
1417 dynamically based on feedback from the remote host and network
1418 components along the packet path. This information can be
1419 abused to pretend an extremely low path MTU.
1422 net.inet.tcp.minmssoverload
1425 The PSS rate for the
1426 .Va net.inet.tcp.minmss
1428 Setting this will force packets to be reset
1429 and dropped, this should hinder the availability
1430 of DoS attacks on WWW servers using POST attacks.
1436 net.inet.tcp.mssdflt
1439 This is the default TCP Maximum Segment Size
1440 for TCP packets. The default setting is recommended
1444 net.inet.tcp.v6mssdflt
1447 This is the default TCP Maximum Segment Size
1448 for TCP IPv6 packets. The default setting is recommend
1452 net.inet.tcp.newreno
1455 net.inet.tcp.path_mtu_discovery
1458 net.inet.tcp.pcbcount
1461 net.inet.tcp.pcblist
1464 net.inet.tcp.recvspace
1467 This variables controls the amount of receive
1468 buffer space for any given TCP connection. This
1469 can be particularly useful when tuning network
1470 applications. See the
1472 man page for more information.
1475 net.inet.tcp.rexmit_min
1478 net.inet.tcp.rexmit_slop
1481 net.inet.tcp.rfc1323
1484 Determines whether support for RFC1323 (TCP Extensions
1485 for High Performance) should be enabled.
1486 This variable can also be tuned by changing the value
1487 for tcp_extensions in
1491 net.inet.tcp.rfc1644
1494 net.inet.tcp.rfc3042
1497 net.inet.tcp.rfc3390
1500 net.inet.tcp.sendspace
1503 This variables controls the amount of send
1504 buffer space for any given TCP connection. This
1505 can be particularly useful when tuning network
1506 applications. See the
1508 manual page for more information.
1511 net.inet.tcp.slowstart_flightsize
1517 net.inet.tcp.syncache.bucketlimit
1520 net.inet.tcp.syncache.cachelimit
1523 net.inet.tcp.syncache.count
1526 net.inet.tcp.syncache.hashsize
1529 net.inet.tcp.syncache.rexmtlimit
1532 net.inet.tcp.syncookies
1535 net.inet.tcp.tcbhashsize
1538 net.inet.tcp.v6mssdflt
1541 net.inet.udp.blackhole
1544 Manipulates system behavior when
1545 connection requests are received on a
1549 man page for more information.
1552 net.inet.udp.getcred
1555 net.inet.udp.log_in_vain
1558 Allows the system to log connections to UDP
1559 ports that do not have sockets listening.
1560 This variable can also be tuned by changing
1561 the value for log_in_vain
1566 net.inet.udp.maxdgram
1569 net.inet.udp.pcblist
1572 net.inet.udp.recvspace
1578 net.inet6.icmp6.errppslimit
1581 net.inet6.icmp6.nd6_debug
1584 net.inet6.icmp6.nd6_delay
1587 net.inet6.icmp6.nd6_maxnudhint
1590 net.inet6.icmp6.nd6_mmaxtries
1593 net.inet6.icmp6.nd6_prune
1596 net.inet6.icmp6.nd6_umaxtries
1599 net.inet6.icmp6.nd6_useloopback
1602 net.inet6.icmp6.nodeinfo
1605 net.inet6.icmp6.rediraccept
1608 net.inet6.icmp6.redirtimeout
1611 net.inet6.tcp6.getcred
1614 net.inet6.udp6.getcred
1620 net.link.ether.inet.log_arp_movements
1623 net.link.ether.inet.log_arp_wrong_iface
1629 net.link.generic.ifdata
1632 net.link.generic.system.ifcount
1635 net.link.gif.max_nesting
1638 Determines whether to allow recursive tunnels or not.
1641 net.link.gif.parallel_tunnels
1644 Determines whether to allow parallel tunnels or not.
1647 net.local.dgram.pcblist
1650 net.local.stream.pcblist
1653 security.bsd.see_other_uids
1656 Turning this option on will prevent users from viewing information
1657 about processes running under other user id numbers (UIDs).
1660 security.bsd.suser_enabled
1663 security.bsd.unprivileged_proc_debug
1666 security.bsd.unprivileged_read_msgbuf
1669 security.jail.set_hostname_allowed
1672 Determines whether or not the root user
1673 within the jail can set the hostname.
1676 security.jail.socket_unixiproute_only
1679 security.jail.sysvipc_allowed
1682 security.mac.biba.enabled
1685 Enables enforcement of the Biba integrity policy.
1688 security.mac.biba.ptys_equal
1701 security.mac.biba.revocation_enabled
1704 Revoke access to objects if the label is changed to dominate the subject.
1707 security.mac.enforce_fs
1710 Enforce MAC policies for file system accesses.
1713 security.mac.enforce_kld
1716 Enforce MAC policies on
1720 security.mac.enforce_network
1723 Enforce MAC policies on network interfaces.
1726 security.mac.enforce_pipe
1729 Enforce MAC policies on pipes.
1732 security.mac.enforce_process
1735 Enforce MAC policies between system processes
1741 security.mac.enforce_socket
1744 Enforce MAC policies on sockets.
1747 security.mac.enforce_system
1750 Enforce MAC policies on system-related items
1757 security.mac.enforce_vm
1760 Enforce MAC policies on
1766 security.mac.ifoff.lo_enabled
1769 Use this too disable network traffic over the loopback
1774 for more information.
1777 security.mac.ifoff.other_enabled
1780 Use this to enable network traffic over other interfaces.
1783 for more information.
1786 security.mac.ifoff.bpfrecv_enabled
1791 traffic to be received,
1792 even while other traffic is disabled.
1795 security.mac.mls.enabled
1798 Enables the enforcement of the MLS confidentiality policy,
1801 for more information.
1804 security.mac.mls.ptys_equal
1817 security.mac.mls.revocation_enabled
1820 Revoke access to objects if the label is changed to a more sensitive
1821 level than the subject.
1824 security.mac.portacl.rules
1827 The port access control list is specified in the following format:
1847 Describes the type of subject match to be performed.
1850 for userid matching, or
1852 for group ID matching.
1854 The user or group ID (depending on
1856 allowed to bind to the specified port.
1858 NOTE: User and group names are not valid; only the actual ID numbers
1862 Describes which protocol this entry applies to.
1869 Describes which port this entry applies to.
1871 NOTE: MAC security policies may not override other security system policies
1872 by allowing accesses that they may deny, such as
1873 .Va net.inet.ip.portrange.reservedlow /
1874 .Va net.inet.ip.portrange.reservedhigh .
1878 security.mac.seeotheruids.enabled
1882 .Va security.mac.seeotheruids
1884 .Xr mac_seeotheruids 4
1885 for more information.
1888 security.mac.seeotheruids.primarygroup_enabled
1891 Allow users to see processes and sockets owned by the same primary
1895 security.mac.seeotheruids.specificgid_enabled
1898 Allow processes with a specific group ID to be exempt from the policy,
1902 .Va security.mac.seeotheruids.specificgid
1903 to the gid to be exempted.
1912 for more information.
1927 user.coll_weights_max
1942 user.posix2_fort_dev
1945 user.posix2_fort_run
1948 user.posix2_localedef
1969 vfs.altbufferflushes
1993 vfs.devfs.generation
2005 vfs.dirtybufferflushes
2035 vfs.getnewbufrestarts
2065 vfs.maxmallocbufspace
2077 vfs.pfs.vncache.entries
2080 vfs.pfs.vncache.hits
2083 vfs.pfs.vncache.maxentries
2086 vfs.pfs.vncache.misses
2092 vfs.recursiveflushes
2098 vfs.ufs.dirhash_docheck
2101 vfs.ufs.dirhash_maxmem
2107 vfs.ufs.dirhash_minsize
2115 allows the root user to grant access to non-root users
2116 so that they may mount floppy and CD-ROM drives.
2122 Controls how directories are cached by the system.
2123 This is turned on by default. See the
2125 man page for a more detailed explanation on this
2132 Tells the file system to issue media writes as
2133 full clusters are collected, which typically
2134 occurs when writing large sequential files.
2135 This is turned on by default, but under certain
2136 circumstances may stall processes and can therefore
2140 vm.disable_swapspace_pageouts
2155 Displays the load average history. This is a
2165 Displays the number of swap devices available
2166 to the system. This is a read-only variable.
2169 vm.pageout_full_stats_interval
2172 vm.pageout_lock_miss
2175 vm.pageout_stats_free_max
2178 vm.pageout_stats_interval
2181 vm.pageout_stats_max
2190 vm.stats.sys.v_swtch
2193 vm.stats.sys.v_syscall
2199 vm.stats.vm.v_cow_faults
2202 vm.stats.vm.v_cow_optim
2205 vm.stats.vm.v_forkpages
2211 vm.stats.vm.v_intrans
2214 vm.stats.vm.v_kthreadpages
2217 vm.stats.vm.v_kthreads
2223 vm.stats.vm.v_pdpages
2226 vm.stats.vm.v_pdwakeups
2229 vm.stats.vm.v_reactivated
2232 vm.stats.vm.v_rforkpages
2235 vm.stats.vm.v_rforks
2238 vm.stats.vm.v_swapin
2241 vm.stats.vm.v_swapout
2244 vm.stats.vm.v_swappgsin
2247 vm.stats.vm.v_swappgsout
2250 vm.stats.vm.v_vforkpages
2253 vm.stats.vm.v_vforks
2256 vm.stats.vm.v_vm_faults
2259 vm.stats.vm.v_vnodein
2262 vm.stats.vm.v_vnodeout
2265 vm.stats.vm.v_vnodepgsin
2268 vm.stats.vm.v_vnodepgsout
2277 The maximum number of in-progress async operations
2278 that may be performed.
2284 Determines whether or not processes may swap.
2287 vm.swap_idle_enabled
2291 for a detailed explanation of this
2301 Displays virtual memory statistics which are collected
2302 at five second intervals.
2308 Shows memory used by the kernel zone allocator, by zone.
2309 This information can also be found by using the