5 Determines whether or not the
7 system call should be allowed.
13 Determines whether or not the
21 Determines if background writes should be performed.
27 Displays nchash chain lengths. This is a read-only
31 debug.hashstat.rawnchash
39 allows you to enable or disable debugging for 802.11 devices.
45 Used to retrieve a list of currently available debugger backends.
51 Allows for the selection of the debugger backend
52 which is used to handle debugger requests.
58 When written to, the system should break to the debugger.
61 debug.malloc.failure_count
64 Number of times a coerced malloc failure has occurred as a
66 .Va debug.malloc.failure_rate .
67 Useful for tracking what might have happened
68 and whether failures are being generated.
71 debug.malloc.failure_rate
74 Debugging feature causing
76 allocations to fail at a specified rate.
77 How often to generate a failure: if set to 0 (default), this
79 In other words if set to 10 (one in ten
89 allows you to enable or disable debugging for
108 debug.sizeof.kinfo_proc
120 hw.acpi.cpu.current_speed
123 Display the current CPU speed.
124 This is adjustable, but doing so is not recommended.
127 hw.acpi.cpu.max_speed
130 Allows you to change the stepping for processor speed
131 on machines which support
135 hw.acpi.disable_on_poweroff
140 have problems powering off when shutting down with
146 when rebooting and shutting down.
154 determines whether or not the S4BIOS sleep implementation
161 Set the sleep delay for
165 hw.acpi.supported_sleep_state
173 hw.acpi.thermal.min_runtime
176 hw.acpi.thermal.polling_rate
179 The interval in seconds that should be used to check
180 the current system temperature.
183 hw.acpi.thermal.tz0.temperature
186 Displays the current temperature.
187 This is a read-only variable.
190 hw.acpi.thermal.tz0.thermal_flags
196 Determines whether or not
204 Allows the enabling and disabling of DMA for
211 Allows the enabling and disabling of DMA for
212 atapi devices, such as CD-ROM drives.
218 An experimental feature for IDE hard drives which
219 allows write caching to be turned on.
222 manual page carefully before using this.
228 Determines whether or not IDE write caching should
232 for more information.
241 This is an internally used function that returns
242 the kernel bus interface version.
251 hw.busdma.reserved_bpages
254 hw.busdma.active_bpages
257 hw.busdma.total_bpages
260 hw.busdma.total_bounced
263 hw.busdma.total_deferred
269 Returns the system byte order.
270 This is a read-only variable.
294 Reports true if the machine has a floating point processor.
295 This is a read-only variable.
301 Controls the receive interrupt microcode bundle size limit
310 Controls the receive interrupt microcode bundling delay
319 Disables flow control support on
322 When flow control is enabled, and if the operating system
323 does not acknowledge the packet buffer filling,
324 the card will begin to generate Ethernet quench
325 packets, but appears to get into a feedback
326 loop of some sort, hosing local switches.
327 This is a workaround for this issue.
333 Set the amount of times that a no-resource
334 condition may occur before the
342 Returns true if SSE support is enabled in the kernel.
343 This is a read-only variable.
349 Displays a list of interrupt counters.
350 This is a read-only variable.
356 Displays a list of zero-terminated interrupt
357 names. This is a read-only variable.
360 hw.kbd.keymap_restrict_change
363 This sysctl acts as a sort of secure-level, allowing
364 control of the console keymap.
365 Giving this a value of 1 means that only the
366 root user can change restricted keys
367 (like boot, panic...).
368 A value of 2 means that only root
369 can change restricted keys and regular keys.
370 Regular users still can change accents and function keys.
371 A value of 3 means only root can change restricted,
372 regular and accent keys, while a value of 4 means that
373 no changes to the keymap are
374 allowed by anyone other than the root user.
380 Displays the machine class.
381 This is a read-only variable.
387 Displays the current architecture.
388 This is a read-only variable.
394 Displays the model information of the current running hardware.
395 This is a read-only variable.
401 Report the number of CPU's in the system.
402 This is a read-only variable.
410 This is a read-only variable.
416 Allows debugging to be turned on or off for
423 Determines whether or not to use debugging for the
427 hw.pci.allow_unsupported_io_range
430 Some machines do not detect their CardBus slots correctly
431 because they use unsupported I/O ranges.
434 allows FreeBSD to use those ranges.
437 hw.pci.enable_io_modes
446 Control the level of verbosity for the
450 man page for more information on debug
454 hw.snd.report_soft_formats
457 Controls the internal format conversion if it is available
458 transparently to the application software.
461 for more information.
467 Allows you to control whether or not to use the 'bell'
468 while using the console. This is turned on by default.
471 hw.syscons.saver.keybonly
474 This variable tells the system that the screen saver
475 may only wake up if the keyboard is used. This means
476 that log messages that are pushed to the console will
477 not cause the screen saver to stop, and display the log
478 message will not display. This can be disabled to mimic
479 the behavior of older syscons.
482 hw.syscons.sc_no_suspend_vtswitch
485 Disables switching between virtual terminals during suspend
488 for more information.
494 Controls the level of debugging for
502 This value allows controls the maximum amount of error
506 a value of 0 (zero) disables error messages completely.
512 Specifies the frequency (in minutes) with which free disk
513 space should be checked.
514 This is used in conjunction with
517 .Va kern.acct_suspend.
523 The percentage of free disk space above which process
524 accounting will resume.
530 The percentage of free disk space below which process
537 The maximum number of bytes that can be
538 used in an argument to
540 This is basically the maximum number of
541 characters which can be used in a single
543 On some rare occasions, this value needs
545 If so, please check out the
553 The kernel which was used to boot the system.
559 The time at which the current kernel became
560 active after the system booted. This is a
564 kern.chroot_allow_open_directories
567 Depending on the setting of this variable, open
568 file descriptors which reference directories will
573 will always fail with
575 if there are any directories open.
582 if there are any directories open and the
583 process is already subject to the
586 Any other value will bypass the check for open directories.
589 man page for more information.
595 Displays information about the system clock.
596 This is a read-only variable.
605 Determines where the kernel should dump a core file
606 in the event of a kernel panic.
612 Describes the file name that a core image should be stored to.
615 man page for more information on this variable.
621 Contains CPU time statistics.
622 This is a read-only variable.
630 that returns suitable device names for the
635 manual page for more information.
643 that returns current devstat statistics as well
644 as the current devstat generation number.
647 man page for more information.
650 kern.devstat.generation
659 Displays the devstat list version number.
660 This is a read-only variable.
666 Display disk devices that the kernel is currently
668 This is a read-only variable.
674 This shows the name of the current YP/NIS domain.
680 The time to wait after dropping DTR to the given number.
681 The units are measured in hundredths of a second.
682 The default is 300 hundredths,
684 This option is needed mainly to set proper recover
685 time after modem resets.
688 kern.elf32.fallback_brand
691 kern.fallback_elf_brand
697 Returns the entire file structure.
703 Returns all functions names in the kernel.
720 may contain the IP address of the system.
726 Display the system hostname.
727 This can be modified with the
735 The path to search for the
738 This is a read-only variable.
753 The maximum buffer size that may be allocated for sockets.
756 for more information.
762 The maximum number of sockets available.
786 Maximum number of mbuf clusters available.
787 The kernel uses a preallocated pool of
792 The pool size is tuned by the kernel during boot.
793 That size is set to a value which seems appropriate
794 for the current system.
806 kern.ipc.numopensockets
812 The maximum pending socket connection queue size.
815 kern.ipc.zero_copy.receive
818 When set to a non-zero value, zero copy is
819 enabled for received packets.
820 This reduces copying of data around for
821 outgoing packets and can significantly
822 improve throughput for network connections.
825 kern.ipc.zero_copy.send
828 When set to a non-zero value, zero copy is
829 enabled for sent packets.
830 This reduces copying of data around for outgoing
831 packets and can significantly improve throughput
832 for network connections.
838 Reports whether or not job control is available.
839 This is a read-only variable.
848 Displays the last PID used by a process.
849 This is a read-only variable.
855 Tells the kernel whether or not to log fatal signal exits.
861 Displays how memory is currently being allocated.
862 This is a read-only variable.
868 The maximum number of files allowed for all the
869 processes of the running kernel.
870 You can override the default value which the
871 kernel calculates by explicitly setting this to
875 man page for more information.
881 The maximum number of files any one process can open.
884 utility for more information on monitoring processes.
890 The maximum number of processes that the system
891 can be running at any time.
894 utility for more information on monitoring processes.
900 The maximum number of processes one user ID can run.
903 utility for more information on monitoring processes.
909 Controls the scaling of a number of static system tables, including
910 defaults for the maximum number of open files, sizing of network
911 memory resources, etc.
914 man page for more information.
921 instead to set this at boot time.
927 The maximum number of
929 (virtual file system nodes)
930 the system can have open simultaneously.
936 The minimun number of
938 (virtual file system nodes)
939 the system can have open simultaneously.
947 holds a colon-separated list of directories in which the
948 kernel will search for loadable kernel modules.
949 This path is search when using commands such as
958 Contains the kernel message buffer.
966 a value of 1 (one) will cause the kernel message buffer to
967 be cleared. It should be noted though, that the
969 will then automatically revert back to it's original
976 Contains the maximum number of groups that a
978 This is a read-only variable.
984 Shows the current amount of system-wide
986 This is useful when used in conjunction
989 for tuning your system.
990 This is a read-only variable.
996 Displays the kernel release date.
997 This is a read-only variable.
1003 Displays the current version of
1006 This is a read-only variable.
1012 Displays the operating system revision.
1013 This is a read-only variable.
1019 Alter the name of the current operating system.
1020 Changing this will change the output from
1024 Changing the default is not recommended.
1030 Returns the version of
1033 is attempting to comply with.
1034 This is a read-only variable.
1037 kern.powercycle_on_panic
1040 In the event of a panic, this variable controls whether or not the
1041 system should try to power cycle instead of rebooting.
1044 kern.poweroff_on_panic
1047 In the event of a panic, this variable controls whether or not the
1048 system should try to power off instead of rebooting.
1057 Allows a process to retrieve the argument list
1058 or process title for another process without
1059 looking in the address space of another program.
1060 This is a read-only variable.
1069 This internally used
1071 may be used to extract process information. See
1088 By setting this to 0, command line arguments are hidden
1089 for processes which you are not running.
1090 This is useful on multi-user machines where things
1091 like passwords might accidentally be added to command
1099 kern.random.adaptors
1102 Displays registered PRNG adaptors.
1103 This is a read-only variable.
1106 kern.random.sys.burst
1109 kern.random.sys.harvest.ethernet
1112 kern.random.sys.harvest.interrupt
1115 kern.random.sys.harvest.point_to_point
1118 kern.random.sys.harvest.swi
1121 kern.random.sys.seeded
1130 Displays the current root file system device. This
1131 is a read-only variable.
1137 Displays whether or not saved set-group/user ID is
1138 available. This is a read-only variable.
1144 The current kernel security level.
1147 manual page for a good description
1148 about what a security level is.
1154 By default, a process that changes user or group credentials whether
1155 real or effective will not create a corefile.
1156 This behavior can be changed to generate a core dump by
1157 setting this variable to 1.
1163 In the event of a panic, this variable controls whether or not the
1164 system should try and
1166 In some circumstances, this could cause a double panic, and as a result,
1167 this may be turned off if needed.
1173 Determines whether to use debugging for kernel threads.
1174 This is useful for testing.
1177 kern.threads.max_groups_per_proc
1180 kern.threads.max_threads_hits
1183 kern.threads.max_threads_per_proc
1186 kern.threads.virtual_cpu
1189 The maximum amount of virtual CPU's that be used for
1202 Used internally by the
1205 This is a read-only variable.
1211 Displays the current kernel version information.
1212 This is a read-only variable.
1218 machdep.cpu_idle_hlt
1222 This is good for an SMP system.
1225 machdep.disable_mtrrs
1228 machdep.guessed_bootdev
1231 machdep.hyperthreading_allowed
1234 Setting this tunable to zero disables
1235 the use of additional logical processors
1236 provided by Intel HTT technology.
1239 machdep.panic_on_nmi
1245 net.inet.accf.unloadable
1248 net.inet.icmp.bmcastecho
1251 net.inet.icmp.drop_redirect
1254 net.inet.icmp.icmplim
1257 net.inet.icmp.icmplim_output
1260 net.inet.icmp.log_redirect
1263 net.inet.icmp.maskfake
1266 net.inet.icmp.maskrepl
1269 net.inet.ip.accept_sourceroute
1272 Controls forwarding of source-routed IP packets.
1275 net.inet.ip.check_interface
1280 verifies that packets arrive on the correct interfaces.
1283 net.inet.ip.fastforwarding
1286 When fast forwarding is enabled, IP packets are forwarded directly to
1287 the appropriate network interface with a minimal validity checking,
1288 which greatly improves throughput.
1291 man page for more information.
1294 net.inet.ip.forwarding
1297 Act as a gateway machine and forward packets.
1298 This can also be configured using the
1299 gateway_enable value in
1303 net.inet.ip.fw.one_pass
1307 net.inet.ip.intr_queue_drops
1310 net.inet.ip.intr_queue_maxlen
1313 net.inet.ip.maxfragpackets
1316 net.inet.ip.maxfragsperpacket
1319 net.inet.ip.redirect
1322 Controls the sending of ICMP redirects in response to unforwardable IP
1326 net.inet.ip.sourceroute
1329 Determines whether or not source routed IP packets
1330 should be forwarded.
1339 The TTL (time-to-live) to use for outgoing packets.
1342 net.inet.raw.maxdgram
1345 net.inet.raw.olddiverterror
1348 net.inet.raw.pcblist
1351 net.inet.raw.recvspace
1354 net.inet.tcp.always_keepalive
1357 Determines whether or not to attempt to detect dead TCP
1358 connections by sending 'keepalives' intermittently. This
1359 is enabled by default and can also be configured using the
1360 tcp_keepalive value in
1364 net.inet.tcp.blackhole
1367 Manipulates system behavior when
1368 connection requests are received on a
1369 TCP port without a socket listening.
1372 man page for more information.
1375 net.inet.tcp.delacktime
1378 net.inet.tcp.delayed_ack
1381 Historically speaking, this feature was designed to allow the
1382 acknowledgment to transmitted data to be returned along with the
1385 man page for more information.
1388 net.inet.tcp.do_tcpdrain
1391 net.inet.tcp.getcred
1394 net.inet.tcp.icmp_may_rst
1397 net.inet.tcp.isn_reseed_interval
1400 net.inet.tcp.log_in_vain
1403 Allows the system to log connections to TCP
1404 ports that do not have sockets listening.
1405 This variable can also be tuned by changing
1406 the value for log_in_vain
1414 Enable for network link optimization TCP can adjust its MSS and thus
1415 packet size according to the observed path MTU. This is done
1416 dynamically based on feedback from the remote host and network
1417 components along the packet path. This information can be
1418 abused to pretend an extremely low path MTU.
1421 net.inet.tcp.minmssoverload
1424 The PSS rate for the
1425 .Va net.inet.tcp.minmss
1427 Setting this will force packets to be reset
1428 and dropped, this should hinder the availability
1429 of DoS attacks on WWW servers using POST attacks.
1435 net.inet.tcp.mssdflt
1438 This is the default TCP Maximum Segment Size
1439 for TCP packets. The default setting is recommended
1443 net.inet.tcp.v6mssdflt
1446 This is the default TCP Maximum Segment Size
1447 for TCP IPv6 packets. The default setting is recommend
1451 net.inet.tcp.newreno
1454 net.inet.tcp.path_mtu_discovery
1457 net.inet.tcp.pcbcount
1460 net.inet.tcp.pcblist
1463 net.inet.tcp.recvspace
1466 This variables controls the amount of receive
1467 buffer space for any given TCP connection. This
1468 can be particularly useful when tuning network
1469 applications. See the
1471 man page for more information.
1474 net.inet.tcp.rexmit_min
1477 net.inet.tcp.rexmit_slop
1480 net.inet.tcp.rfc1323
1483 Determines whether support for RFC1323 (TCP Extensions
1484 for High Performance) should be enabled.
1485 This variable can also be tuned by changing the value
1486 for tcp_extensions in
1490 net.inet.tcp.rfc1644
1493 net.inet.tcp.rfc3042
1496 net.inet.tcp.rfc3390
1499 net.inet.tcp.sendspace
1502 This variables controls the amount of send
1503 buffer space for any given TCP connection. This
1504 can be particularly useful when tuning network
1505 applications. See the
1507 manual page for more information.
1510 net.inet.tcp.slowstart_flightsize
1516 net.inet.tcp.syncache.bucketlimit
1519 net.inet.tcp.syncache.cachelimit
1522 net.inet.tcp.syncache.count
1525 net.inet.tcp.syncache.hashsize
1528 net.inet.tcp.syncache.rexmtlimit
1531 net.inet.tcp.syncookies
1534 net.inet.tcp.tcbhashsize
1537 net.inet.tcp.v6mssdflt
1540 net.inet.udp.blackhole
1543 Manipulates system behavior when
1544 connection requests are received on a
1548 man page for more information.
1551 net.inet.udp.getcred
1554 net.inet.udp.log_in_vain
1557 Allows the system to log connections to UDP
1558 ports that do not have sockets listening.
1559 This variable can also be tuned by changing
1560 the value for log_in_vain
1565 net.inet.udp.maxdgram
1568 net.inet.udp.pcblist
1571 net.inet.udp.recvspace
1577 net.inet6.icmp6.errppslimit
1580 net.inet6.icmp6.nd6_debug
1583 net.inet6.icmp6.nd6_delay
1586 net.inet6.icmp6.nd6_maxnudhint
1589 net.inet6.icmp6.nd6_mmaxtries
1592 net.inet6.icmp6.nd6_prune
1595 net.inet6.icmp6.nd6_umaxtries
1598 net.inet6.icmp6.nd6_useloopback
1601 net.inet6.icmp6.nodeinfo
1604 net.inet6.icmp6.rediraccept
1607 net.inet6.icmp6.redirtimeout
1610 net.inet6.tcp6.getcred
1613 net.inet6.udp6.getcred
1619 net.link.ether.inet.log_arp_movements
1622 net.link.ether.inet.log_arp_wrong_iface
1628 net.link.generic.ifdata
1631 net.link.generic.system.ifcount
1634 net.link.gif.max_nesting
1637 Determines whether to allow recursive tunnels or not.
1640 net.link.gif.parallel_tunnels
1643 Determines whether to allow parallel tunnels or not.
1646 net.local.dgram.pcblist
1649 net.local.stream.pcblist
1652 security.bsd.see_other_uids
1655 Turning this option on will prevent users from viewing information
1656 about processes running under other user id numbers (UIDs).
1659 security.bsd.suser_enabled
1662 security.bsd.unprivileged_proc_debug
1665 security.bsd.unprivileged_read_msgbuf
1668 security.jail.set_hostname_allowed
1671 Determines whether or not the root user
1672 within the jail can set the hostname.
1675 security.jail.socket_unixiproute_only
1678 security.jail.sysvipc_allowed
1681 security.mac.biba.enabled
1684 Enables enforcement of the Biba integrity policy.
1687 security.mac.biba.ptys_equal
1700 security.mac.biba.revocation_enabled
1703 Revoke access to objects if the label is changed to dominate the subject.
1706 security.mac.enforce_fs
1709 Enforce MAC policies for file system accesses.
1712 security.mac.enforce_kld
1715 Enforce MAC policies on
1719 security.mac.enforce_network
1722 Enforce MAC policies on network interfaces.
1725 security.mac.enforce_pipe
1728 Enforce MAC policies on pipes.
1731 security.mac.enforce_process
1734 Enforce MAC policies between system processes
1740 security.mac.enforce_socket
1743 Enforce MAC policies on sockets.
1746 security.mac.enforce_system
1749 Enforce MAC policies on system-related items
1756 security.mac.enforce_vm
1759 Enforce MAC policies on
1765 security.mac.ifoff.lo_enabled
1768 Use this too disable network traffic over the loopback
1773 for more information.
1776 security.mac.ifoff.other_enabled
1779 Use this to enable network traffic over other interfaces.
1782 for more information.
1785 security.mac.ifoff.bpfrecv_enabled
1790 traffic to be received,
1791 even while other traffic is disabled.
1794 security.mac.mls.enabled
1797 Enables the enforcement of the MLS confidentiality policy,
1800 for more information.
1803 security.mac.mls.ptys_equal
1816 security.mac.mls.revocation_enabled
1819 Revoke access to objects if the label is changed to a more sensitive
1820 level than the subject.
1823 security.mac.portacl.rules
1826 The port access control list is specified in the following format:
1846 Describes the type of subject match to be performed.
1849 for userid matching, or
1851 for group ID matching.
1853 The user or group ID (depending on
1855 allowed to bind to the specified port.
1857 NOTE: User and group names are not valid; only the actual ID numbers
1861 Describes which protocol this entry applies to.
1868 Describes which port this entry applies to.
1870 NOTE: MAC security policies may not override other security system policies
1871 by allowing accesses that they may deny, such as
1872 .Va net.inet.ip.portrange.reservedlow /
1873 .Va net.inet.ip.portrange.reservedhigh .
1877 security.mac.seeotheruids.enabled
1881 .Va security.mac.seeotheruids
1883 .Xr mac_seeotheruids 4
1884 for more information.
1887 security.mac.seeotheruids.primarygroup_enabled
1890 Allow users to see processes and sockets owned by the same primary
1894 security.mac.seeotheruids.specificgid_enabled
1897 Allow processes with a specific group ID to be exempt from the policy,
1901 .Va security.mac.seeotheruids.specificgid
1902 to the gid to be exempted.
1911 for more information.
1926 user.coll_weights_max
1941 user.posix2_fort_dev
1944 user.posix2_fort_run
1947 user.posix2_localedef
1968 vfs.altbufferflushes
1992 vfs.devfs.generation
2004 vfs.dirtybufferflushes
2034 vfs.getnewbufrestarts
2064 vfs.maxmallocbufspace
2076 vfs.pfs.vncache.entries
2079 vfs.pfs.vncache.hits
2082 vfs.pfs.vncache.maxentries
2085 vfs.pfs.vncache.misses
2091 vfs.recursiveflushes
2097 vfs.ufs.dirhash_docheck
2100 vfs.ufs.dirhash_maxmem
2106 vfs.ufs.dirhash_minsize
2114 allows the root user to grant access to non-root users
2115 so that they may mount floppy and CD-ROM drives.
2121 Controls how directories are cached by the system.
2122 This is turned on by default. See the
2124 man page for a more detailed explanation on this
2131 Tells the file system to issue media writes as
2132 full clusters are collected, which typically
2133 occurs when writing large sequential files.
2134 This is turned on by default, but under certain
2135 circumstances may stall processes and can therefore
2139 vm.disable_swapspace_pageouts
2154 Displays the load average history. This is a
2164 Displays the number of swap devices available
2165 to the system. This is a read-only variable.
2168 vm.pageout_full_stats_interval
2171 vm.pageout_lock_miss
2174 vm.pageout_stats_free_max
2177 vm.pageout_stats_interval
2180 vm.pageout_stats_max
2189 vm.stats.sys.v_swtch
2192 vm.stats.sys.v_syscall
2198 vm.stats.vm.v_cow_faults
2201 vm.stats.vm.v_cow_optim
2204 vm.stats.vm.v_forkpages
2210 vm.stats.vm.v_intrans
2213 vm.stats.vm.v_kthreadpages
2216 vm.stats.vm.v_kthreads
2222 vm.stats.vm.v_pdpages
2225 vm.stats.vm.v_pdwakeups
2228 vm.stats.vm.v_reactivated
2231 vm.stats.vm.v_rforkpages
2234 vm.stats.vm.v_rforks
2237 vm.stats.vm.v_swapin
2240 vm.stats.vm.v_swapout
2243 vm.stats.vm.v_swappgsin
2246 vm.stats.vm.v_swappgsout
2249 vm.stats.vm.v_vforkpages
2252 vm.stats.vm.v_vforks
2255 vm.stats.vm.v_vm_faults
2258 vm.stats.vm.v_vnodein
2261 vm.stats.vm.v_vnodeout
2264 vm.stats.vm.v_vnodepgsin
2267 vm.stats.vm.v_vnodepgsout
2276 The maximum number of in-progress async operations
2277 that may be performed.
2283 Determines whether or not processes may swap.
2286 vm.swap_idle_enabled
2290 for a detailed explanation of this
2300 Displays virtual memory statistics which are collected
2301 at five second intervals.
2307 Shows memory used by the kernel zone allocator, by zone.
2308 This information can also be found by using the