SYSCTL(7)           NetBSD Miscellaneous Information Manual          SYSCTL(7)

NAME
     sysctl -- system information variables

DESCRIPTION
     The sysctl(3) library function and the sysctl(8) utility are used to get
     and set values of system variables, maintained by the kernel.  The vari-
     ables are organized in a tree and identified by a sequence of numbers,
     conventionally separated by dots with the topmost identifier at the left
     side.  The numbers have corresponding text names.  The sysctlnametomib(3)
     function or the -M argument to the sysctl(8) utility can be used to con-
     vert the text representation to the numeric one.

     The individual sysctl variables are described below, both the textual and
     numeric form where applicable.  The textual names can be used as argument
     to the sysctl(8) utility and in the file /etc/sysctl.conf.  The numeric
     names are usually defined as preprocessor constants and are intended for
     use by programs.  Every such constant expands to one integer, which iden-
     tifies the sysctl variable relative to the upper level of the tree.  See
     the sysctl(3) manual page for programming examples.

Top level names
     The top level names are defined with a CTL_ prefix in <sys/sysctl.h>, and
     are as follows.  The next and subsequent levels down are found in the
     include files listed here, and described in separate sections below.

     Name          Constant          Next level names      Description
     kern          CTL_KERN          sys/sysctl.h          High kernel limits
     vm            CTL_VM            uvm/uvm_param.h       Virtual memory
     vfs           CTL_VFS           sys/mount.h           Filesystem
     net           CTL_NET           sys/socket.h          Networking
     debug         CTL_DEBUG         sys/sysctl.h          Debugging
     hw            CTL_HW            sys/sysctl.h          Generic CPU, I/O
     machdep       CTL_MACHDEP       sys/sysctl.h          Machine dependent
     user          CTL_USER          sys/sysctl.h          User-level
     ddb           CTL_DDB           sys/sysctl.h          In-kernel debugger
     proc          CTL_PROC          sys/sysctl.h          Per-process
     vendor        CTL_VENDOR        ?                     Vendor specific
     emul          CTL_EMUL          sys/sysctl.h          Emulation settings
     security      CTL_SECURITY      sys/sysctl.h          Security settings

The debug.* subtree
     The debugging variables vary from system to system.  A debugging variable
     may be added or deleted without need to recompile sysctl to know about
     it.  Each time it runs, sysctl gets the list of debugging variables from
     the kernel and displays their current values.  The system defines twenty
     (struct ctldebug) variables named debug0 through debug19.  They are
     declared as separate variables so that they can be individually initial-
     ized at the location of their associated variable.  The loader prevents
     multiple use of the same variable by issuing errors if a variable is ini-
     tialized in more than one place.  For example, to export the variable
     dospecialcheck as a debugging variable, the following declaration would
     be used:
           int dospecialcheck = 1;
           struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck };

     Note that the dynamic implementation of sysctl currently in use largely
     makes this particular sysctl interface obsolete.  See sysctl(8) for more
     information.

The vfs.* subtree
     A distinguished second level name, vfs.generic (VFS_GENERIC), is used to
     get general information about all filesystems.  One of its third level
     identifiers is vfs.generic.maxtypenum (VFS_MAXTYPENUM) that gives the
     highest valid filesystem type number.  Its other third level identifier
     is vfs.generic.conf (VFS_CONF) that returns configuration information
     about the filesystem type given as a fourth level identifier.  The
     remaining second level identifiers are the filesystem type number
     returned by a statvfs(2) call or from vfs.generic.conf.  The third level
     identifiers available for each filesystem are given in the header file
     that defines the mount argument structure for that filesystem.

The hw.* subtree
     The string and integer information available for the hw level is detailed
     below.  The changeable column shows whether a process with appropriate
     privilege may change the value.

           Second level name          Type                     Changeable
           hw.acpi.supported_states   string                   no
           hw.alignbytes              integer                  no
           hw.byteorder               integer                  no
           hw.cnmagic                 string                   yes
           hw.disknames               string                   no
           hw.diskstats               struct                   no
           hw.machine                 string                   no
           hw.machine_arch            string                   no
           hw.model                   string                   no
           hw.ncpu                    integer                  no
           hw.pagesize                integer                  no
           hw.physmem                 integer                  no
           hw.physmem64               quad                     no
           hw.usermem                 integer                  no
           hw.usermem64               quad                     no

     hw.acpi.support_states
             List of possible ACPI sleep states.  The list can contain the
             following values:

             S0    fully running

             S1    power on suspend (CPU and hard disks are off)

             S2    similar to S3, usually not implemented

             S3    suspend-to-RAM

             S4    suspend-to-disk (needs BIOS support)

             S5    power off

     hw.alignbytes (HW_ALIGNBYTES)
             Alignment constraint for all possible data types.  This shows the
             value ALIGNBYTES in /usr/include/machine/param.h, at the kernel
             compilation time.

     hw.byteorder (HW_BYTEORDER)
             The byteorder (4,321, or 1,234).

     hw.cnmagic (HW_CNMAGIC)
             The console magic key sequence.

     hw.disknames (HW_DISKNAMES)
             The list of (space separated) disk device names on the system.

     hw.iostatnames (HW_IOSTATNAMES)
             A space separated list of devices that will have I/O statistics
             collected on them.

     hw.iostats (HW_IOSTATS)
             Return statistical information on the NFS mounts, disk and tape
             devices on the system.  An array of struct io_sysctl structures
             is returned, whose size depends on the current number of such
             objects in the system.  The third level name is the size of the
             struct io_sysctl.  The type of object can be determined by exam-
             ining the type element of struct io_sysctl.  Which can be
             IOSTAT_DISK (disk drive), IOSTAT_TAPE (tape drive), or IOSTAT_NFS
             (NFS mount).

     hw.machine (HW_MACHINE)
             The machine class.

     hw.machine_arch (HW_MACHINE_ARCH)
             The machine CPU class.

     hw.model (HW_MODEL)
             The machine model.

     hw.ncpu (HW_NCPU)
             The number of CPUs.

     hw.pagesize (HW_PAGESIZE)
             The software page size.

     hw.physmem (HW_PHYSMEM)
             The bytes of physical memory as a 32-bit integer.

     hw.physmem64 (HW_PHYSMEM64)
             The bytes of physical memory as a 64-bit integer.

     hw.usermem (HW_USERMEM)
             The bytes of non-kernel memory as a 32-bit integer.

     hw.usermem64 (HW_USERMEM64)
             The bytes of non-kernel memory as a 64-bit integer.

The kern.* subtree
     The string and integer information available for the kern level is
     detailed below.  The changeable column shows whether a process with
     appropriate privilege may change the value.  The types of data currently
     available are process information, system vnodes, the open file entries,
     routing table entries, virtual memory statistics, load average history,
     and clock rate information.

           Second level name                 Type                   Changeable
           kern.argmax                       integer                no
           kern.autonicetime                 integer                yes
           kern.autoniceval                  integer                yes
           kern.boottime                     struct timeval         no
           kern.bufq                         node                   not
                                                                    applicable
           kern.ccpu                         integer                no
           kern.clockrate                    struct clockinfo       no
           kern.consdev                      integer                no
           kern.cp_id                        struct                 no
           kern.cp_time                      uint64_t[]             no
           kern.defcorename                  string                 yes
           kern.domainname                   string                 yes
           kern.drivers                      struct kinfo_drivers   no
           kern.file                         struct file            no
           kern.forkfsleep                   integer                yes
           kern.fscale                       integer                no
           kern.fsync                        integer                no
           kern.hardclock_ticks              integer                no
           kern.hostid                       integer                yes
           kern.hostname                     string                 yes
           kern.iov_max                      integer                no
           kern.job_control                  integer                no
           kern.labeloffset                  integer                no
           kern.labelsector                  integer                no
           kern.login_name_max               integer                no
           kern.logsigexit                   integer                yes
           kern.mapped_files                 integer                no
           kern.maxfiles                     integer                yes
           kern.maxpartitions                integer                no
           kern.maxphys                      integer                no
           kern.maxproc                      integer                yes
           kern.maxptys                      integer                yes
           kern.maxvnodes                    integer                yes
           kern.mbuf                         node                   not
                                                                    applicable
           kern.memlock                      integer                no
           kern.memlock_range                integer                no
           kern.memory_protection            integer                no
           kern.monotonic_clock              integer                no
           kern.msgbuf                       integer                no
           kern.msgbufsize                   integer                no
           kern.ngroups                      integer                no
           kern.ntptime                      struct ntptimeval      no
           kern.osrelease                    string                 no
           kern.osrev                        integer                no
           kern.ostype                       string                 no
           kern.pipe                         node                   not
                                                                    applicable
           kern.posix1                       integer                no
           kern.posix_barriers               integer                no
           kern.posix_reader_writer_locks    integer                no
           kern.posix_semaphores             integer                no
           kern.posix_spin_locks             integer                no
           kern.posix_threads                integer                no
           kern.posix_timers                 integer                no
           kern.proc                         struct kinfo_proc      no
           kern.proc2                        struct kinfo_proc2     no
           kern.proc_args                    string                 no
           kern.prof                         node                   not
                                                                    applicable
           kern.rawpartition                 integer                no
           kern.root_device                  string                 no
           kern.root_partition               integer                no
           kern.rtc_offset                   integer                yes
           kern.saved_ids                    integer                no
           kern.securelevel                  integer                raise only
           kern.synchronized_io              integer                no
           kern.ipc                          node                   not
                                                                    applicable
           kern.timex                        struct                 no
           kern.tkstat                       node                   not
                                                                    applicable
           kern.urandom                      integer                no
           kern.version                      string                 no
           kern.vnode                        struct vnode           no

     kern.argmax (KERN_ARGMAX)
             The maximum bytes of argument to execve(2).

     kern.autonicetime (KERN_AUTONICETIME)
             The number of seconds of CPU-time a non-root process may accumu-
             late before having its priority lowered from the default to the
             value of KERN_AUTONICEVAL.  If set to 0, automatic lowering of
             priority is not performed, and if set to -1 all non-root pro-
             cesses are immediately lowered.

     kern.autoniceval (KERN_AUTONICEVAL)
             The priority assigned for automatically niced processes.

     kern.boottime (KERN_BOOTTIME)
             A struct timeval structure is returned.  This structure contains
             the time that the system was booted.

     kern.ccpu (KERN_CCPU)
             The scheduler exponential decay value.

     kern.clockrate (KERN_CLOCKRATE)
             A struct clockinfo structure is returned.  This structure con-
             tains the clock, statistics clock and profiling clock frequen-
             cies, the number of micro-seconds per hz tick, and the clock skew
             rate.

     kern.consdev (KERN_CONSDEV)
             Console device.

     kern.cp_id (KERN_CP_ID)
             Mapping of CPU number to CPU id.

     kern.cp_time (KERN_CP_TIME)
             Returns an array of CPUSTATES uint64_ts.  This array contains the
             number of clock ticks spent in different CPU states.  On multi-
             processor systems, the sum across all CPUs is returned unless
             appropriate space is given for one data set for each CPU.  Data
             for a specific CPU can also be obtained by adding the number of
             the CPU at the end of the MIB, enlarging it by one.

     kern.defcorename (KERN_DEFCORENAME)
             Default template for the name of core dump files (see also
             proc.pid.corename in the per-process variables proc.*, and
             core(5) for format of this template).  The default value is
             %n.core and can be changed with the kernel configuration option
             options DEFCORENAME (see options(4) ).

     kern.domainname (KERN_DOMAINNAME)
             Get or set the YP domain name.

     kern.dump_on_panic (KERN_DUMP_ON_PANIC)
             Perform a crash dump on system panic.

     kern.drivers (KERN_DRIVERS)
             Return an array of struct kinfo_drivers that contains the name
             and major device numbers of all the device drivers in the current
             kernel.  The d_name field is always a NUL terminated string.  The
             d_bmajor field will be set to -1 if the driver doesn't have a
             block device.

     kern.file (KERN_FILE)
             Return the entire file table.  The returned data consists of a
             single struct filelist followed by an array of struct file, whose
             size depends on the current number of such objects in the system.

     kern.forkfsleep (KERN_FORKFSLEEP)
             If fork(2) system call fails due to limit on number of processes
             (either the global maxproc limit or user's one), wait for this
             many milliseconds before returning EAGAIN error to process.  Use-
             ful to keep heavily forking runaway processes in bay.  Default
             zero (no sleep).  Maximum is 20 seconds.

     kern.fscale (KERN_FSCALE)
             The kernel fixed-point scale factor.

     kern.fsync (KERN_FSYNC)
             Return 1 if the POSIX 1003.1b File Synchronization Option is
             available on this system, otherwise 0.

     kern.hardclock_ticks (KERN_HARDCLOCK_TICKS)
             Returns the number of hardclock(9) ticks.

     kern.hostid (KERN_HOSTID)
             Get or set the host id.

     kern.hostname (KERN_HOSTNAME)
             Get or set the hostname.

     kern.iov_max (KERN_IOV_MAX)
             Return the maximum number of iovec structures that a process has
             available for use with preadv(2), pwritev(2), readv(2),
             recvmsg(2), sendmsg(2) and writev(2).

     kern.job_control (KERN_JOB_CONTROL)
             Return 1 if job control is available on this system, otherwise 0.

     kern.labeloffset (KERN_LABELOFFSET)
             The offset within the sector specified by KERN_LABELSECTOR of the
             disklabel(5).

     kern.labelsector (KERN_LABELSECTOR)
             The sector number containing the disklabel(5).

     kern.login_name_max (KERN_LOGIN_NAME_MAX)
             The size of the storage required for a login name, in bytes,
             including the terminating NUL.

     kern.logsigexit (KERN_LOGSIGEXIT)
             If this flag is non-zero, the kernel will log(9) all process
             exits due to signals which create a core(5) file, and whether the
             coredump was created.

     kern.mapped_files (KERN_MAPPED_FILES)
             Returns 1 if the POSIX 1003.1b Memory Mapped Files Option is
             available on this system, otherwise 0.

     kern.maxfiles (KERN_MAXFILES)
             The maximum number of open files that may be open in the system.

     kern.maxpartitions (KERN_MAXPARTITIONS)
             The maximum number of partitions allowed per disk.

     kern.maxphys (KERN_MAXPHYS)
             Maximum raw I/O transfer size.

     kern.maxproc (KERN_MAXPROC)
             The maximum number of simultaneous processes the system will
             allow.

     kern.maxptys (KERN_MAXPTYS)
             The maximum number of pseudo terminals.  This value can be both
             raised and lowered, though it cannot be set lower than number of
             currently used ptys.  See also pty(4).

     kern.maxvnodes (KERN_MAXVNODES)
             The maximum number of vnodes available on the system.  This can
             only be raised.

     kern.mbuf (KERN_MBUF)
             Return information about the mbuf control variables.  Mbufs are
             data structures which store network packets and other data struc-
             tures in the networking code, see mbuf(9).  The third level names
             for the mbuf variables are detailed below.  The changeable column
             shows whether a process with appropriate privilege may change the
             value.

                   Third level name         Type                 Changeable
                   kern.mbuf.mblowat        integer              yes
                   kern.mbuf.mclbytes       integer              yes
                   kern.mbuf.mcllowat       integer              yes
                   kern.mbuf.msize          integer              yes
                   kern.mbuf.nmbclusters    integer              yes

             The variables are as follows:

             kern.mbuf.mblowat (MBUF_MBLOWAT)
                     The mbuf low water mark.

             kern.mbuf.mclbytes (MBUF_MCLBYTES)
                     The mbuf cluster size.

             kern.mbuf.mcllowat (MBUF_MCLLOWAT)
                     The mbuf cluster low water mark.

             kern.mbuf.msize (MBUF_MSIZE)
                     The mbuf base size.

             kern.mbuf.nmbclusters (MBUF_NMBCLUSTERS)
                     The limit on the number of mbuf clusters.  The variable
                     can only be increased, and only increased on machines
                     with direct-mapped pool pages.

     kern.memlock (KERN_MEMLOCK)
             Returns 1 if the POSIX 1003.1b Process Memory Locking Option is
             available on this system, otherwise 0.

     kern.memlock_range (KERN_MEMLOCK_RANGE)
             Returns 1 if the POSIX 1003.1b Range Memory Locking Option is
             available on this system, otherwise 0.

     kern.memory_protection (KERN_MEMORY_PROTECTION)
             Returns 1 if the POSIX 1003.1b Memory Protection Option is avail-
             able on this system, otherwise 0.

     kern.monotonic_clock (KERN_MONOTONIC_CLOCK)
             Returns the standard version the implementation of the POSIX
             1003.1b Monotonic Clock Option conforms to, otherwise 0.

     kern.msgbuf (KERN_MSGBUF)
             The kernel message buffer, rotated so that the head of the circu-
             lar kernel message buffer is at the start of the returned data.
             The returned data may contain NUL bytes.

     kern.msgbufsize (KERN_MSGBUFSIZE)
             The maximum number of characters that the kernel message buffer
             can hold.

     kern.ngroups (KERN_NGROUPS)
             The maximum number of supplemental groups.

     kern.ntptime (KERN_NTPTIME)
             A struct ntptimeval structure is returned.  This structure con-
             tains data used by the ntpd(8) program.

     kern.osrelease (KERN_OSRELEASE)
             The system release string.

     kern.osrevision (KERN_OSREV)
             The system revision string.

     kern.ostype (KERN_OSTYPE)
             The system type string.

     kern.pipe (KERN_PIPE)
             Pipe settings.  The third level names for the  integer pipe set-
             tings is detailed below.  The changeable column shows whether a
             process with appropriate privilege may change the value.

                   Third level name            Type          Changeable
                   kern.pipe.kvasiz            integer       yes
                   kern.pipe.maxbigpipes       integer       yes
                   kern.pipe.maxkvasz          integer       yes
                   kern.pipe.limitkva          integer       yes
                   kern.pipe.nbigpipes         integer       yes

             The variables are as follows:

             kern.pipe.kvasiz (KERN_PIPE_KVASIZ)
                     Amount of kernel memory consumed by pipe buffers.

             kern.pipe.maxbigpipes (KERN_PIPE_MAXBIGPIPES)
                     Maximum number of "big" pipes.

             kern.pipe.maxkvasz (KERN_PIPE_MAXKVASZ)
                     Maximum amount of kernel memory to be used for pipes.

             kern.pipe.limitkva (KERN_PIPE_LIMITKVA)
                     Limit for direct transfers via page loan.

             kern.pipe.nbigpipes (KERN_PIPE_NBIGPIPES)
                     Number of "big" pipes.

     kern.posix1version (KERN_POSIX1)
             The version of ISO/IEC 9945 (POSIX 1003.1) with which the system
             attempts to comply.

     kern.posix_barriers (KERN_POSIX_BARRIERS)
             The version of IEEE Std 1003.1 (``POSIX.1'') and its Barriers
             option to which the system attempts to conform, otherwise 0.

     kern.posix_reader_writer_locks (KERN_POSIX_READER_WRITER_LOCKS)
             The version of IEEE Std 1003.1 (``POSIX.1'') and its Read-Write
             Locks option to which the system attempts to conform, otherwise
             0.

     kern.posix_semaphores (KERN_POSIX_SEMAPHORES)
             The version of IEEE Std 1003.1 (``POSIX.1'') and its Semaphores
             option to which the system attempts to conform, otherwise 0.

     kern.posix_spin_locks (KERN_POSIX_SPIN_LOCKS)
             The version of IEEE Std 1003.1 (``POSIX.1'') and its Spin Locks
             option to which the system attempts to conform, otherwise 0.

     kern.posix_threads (KERN_POSIX_THREADS)
             The version of IEEE Std 1003.1 (``POSIX.1'') and its Threads
             option to which the system attempts to conform, otherwise 0.

     kern.posix_timers (KERN_POSIX_TIMERS)
             The version of IEEE Std 1003.1 (``POSIX.1'') and its Timers
             option to which the system attempts to conform, otherwise 0.

     kern.proc (KERN_PROC)
             Return the entire process table, or a subset of it.  An array of
             struct kinfo_proc structures is returned, whose size depends on
             the current number of such objects in the system.  The third and
             fourth level numeric names are as follows:

                   Third level name          Fourth level is:
                   KERN_PROC_ALL             None
                   KERN_PROC_GID             A group ID
                   KERN_PROC_PID             A process ID
                   KERN_PROC_PGRP            A process group
                   KERN_PROC_RGID            A real group ID
                   KERN_PROC_RUID            A real user ID
                   KERN_PROC_SESSION         A session ID
                   KERN_PROC_TTY             A tty device
                   KERN_PROC_UID             A user ID

     kern.proc2 (KERN_PROC2)
             As for KERN_PROC, but an array of struct kinfo_proc2 structures
             are returned.  The fifth level name is the size of the struct
             kinfo_proc2 and the sixth level name is the number of structures
             to return.

     kern.proc_args (KERN_PROC_ARGS)
             Return the argv or environment strings (or the number thereof) of
             a process.  Multiple strings are returned separated by NUL char-
             acters.  The third level name is the process ID.  The fourth
             level name is as follows:

                   KERN_PROC_ARGV            The argv strings
                   KERN_PROC_ENV             The environ strings
                   KERN_PROC_NARGV           The number of argv strings
                   KERN_PROC_NENV            The number of environ strings

     kern.profiling (KERN_PROF)
             Return profiling information about the kernel.  If the kernel is
             not compiled for profiling, attempts to retrieve any of the
             KERN_PROF values will fail with EOPNOTSUPP.  The third level
             names for the string and integer profiling information is
             detailed below.  The changeable column shows whether a process
             with appropriate privilege may change the value.

                   Third level name            Type                Changeable
                   kern.profiling.count        u_short[]           yes
                   kern.profiling.froms        u_short[]           yes
                   kern.profiling.gmonparam    struct gmonparam    no
                   kern.profiling.state        integer             yes
                   kern.profiling.tos          struct tostruct     yes

             The variables are as follows:

             kern.profiling.count (GPROF_COUNT)
                     Array of statistical program counter counts.

             kern.profiling.froms (GPROF_FROMS)
                     Array indexed by program counter of call-from points.

             kern.profiling.gmonparams (GPROF_GMONPARAM)
                     Structure giving the sizes of the above arrays.

             kern.profiling.state (GPROF_STATE)
                     Profiling state.  If set to GMON_PROF_ON, starts profil-
                     ing.  If set to GMON_PROF_OFF, stops profiling.

             kern.profiling.tos (GPROF_TOS)
                     Array of struct tostruct describing destination of calls
                     and their counts.

     kern.rawpartition (KERN_RAWPARTITION)
             The raw partition of a disk (a == 0).

     kern.root_device (KERN_ROOT_DEVICE)
             The name of the root device (e.g., ``wd0'').

     kern.root_partition (KERN_ROOT_PARTITION)
             The root partition on the root device (a == 0).

     kern.rtc_offset (KERN_RTC_OFFSET)
             Return the offset of real time clock from UTC in minutes.

     kern.saved_ids (KERN_SAVED_IDS)
             Returns 1 if saved set-group and saved set-user ID is available.

     kern.sbmax (KERN_SBMAX)
             Maximum socket buffer size.

     kern.securelevel (KERN_SECURELVL)
             The system security level.  This level may be raised by processes
             with appropriate privilege.  It may only be lowered by process 1.

     kern.somaxkva (KERN_SOMAXKVA)
             Maximum amount of kernel memory to be used for socket buffers.

     kern.synchronized_io (KERN_SYNCHRONIZED_IO)
             Returns 1 if the POSIX 1003.1b Synchronized I/O Option is avail-
             able on this system, otherwise 0.

     kern.ipc (KERN_SYSVIPC)
             Return information about the SysV IPC parameters.  The third
             level names for the ipc variables are detailed below.

                   Third level name       Type                   Changeable
                   kern.ipc.sysvmsg       integer                no
                   kern.ipc.sysvsem       integer                no
                   kern.ipc.sysvshm       integer                no
                   kern.ipc.sysvipc_info  struct                 no
                   kern.ipc.shmmax        integer                yes
                   kern.ipc.shmmni        integer                yes
                   kern.ipc.shmseg        integer                yes
                   kern.ipc.shmmaxpgs     integer                yes
                   kern.ipc.shm_use_phys  integer                yes
                   kern.ipc.msgmni        integer                yes
                   kern.ipc.msgseg        integer                yes
                   kern.ipc.semmni        integer                yes
                   kern.ipc.semmns        integer                yes
                   kern.ipc.semmnu        integer                yes

             kern.ipc.sysvmsg (KERN_SYSVIPC_MSG)
                     Returns 1 if System V style message queue functionality
                     is available on this system, otherwise 0.

             kern.ipc.sysvsem (KERN_SYSVIPC_SEM)
                     Returns 1 if System V style semaphore functionality is
                     available on this system, otherwise 0.

             kern.ipc.sysvshm (KERN_SYSVIPC_SHM)
                     Returns 1 if System V style share memory functionality is
                     available on this system, otherwise 0.

             kern.ipc.sysvipc_info (KERN_SYSVIPC_INFO)
                     Return System V style IPC configuration and run-time
                     information.  The fourth level name selects the System V
                     style IPC facility.

                           Fourth level name           Type
                           KERN_SYSVIPC_MSG_INFO       struct msg_sysctl_info
                           KERN_SYSVIPC_SEM_INFO       struct sem_sysctl_info
                           KERN_SYSVIPC_SHM_INFO       struct shm_sysctl_info

                     KERN_SYSVIPC_MSG_INFO
                             Return information on the System V style message
                             facility.  The msg_sysctl_info structure is
                             defined in <sys/msg.h>.

                     KERN_SYSVIPC_SEM_INFO
                             Return information on the System V style sema-
                             phore facility.  The sem_sysctl_info structure is
                             defined in <sys/sem.h>.

                     KERN_SYSVIPC_SHM_INFO
                             Return information on the System V style shared
                             memory facility.  The shm_sysctl_info structure
                             is defined in <sys/shm.h>.

             kern.ipc.shmmax (KERN_SYSVIPC_SHMMAX)
                     Max shared memory segment size in bytes.

             kern.ipc.shmmni (KERN_SYSVIPC_SHMMNI)
                     Max number of shared memory identifiers.

             kern.ipc.shmseg (KERN_SYSVIPC_SHMSEG)
                     Max shared memory segments per process.

             kern.ipc.shmmaxpgs (KERN_SYSVIPC_SHMMAXPGS)
                     Max amount of shared memory in pages.

             kern.ipc.shm_use_phys (KERN_SYSVIPC_SHMUSEPHYS)
                     Locking of shared memory in physical memory.  If 0, mem-
                     ory can be swapped out, otherwise it will be locked in
                     physical memory.

             kern.ipc.msgmni
                     Max number of message queue identifiers.

             kern.ipc.msgseg
                     Max number of number of message segments.

             kern.ipc.semmni
                     Max number of number of semaphore identifiers.

             kern.ipc.semmns
                     Max number of number of semaphores in system.

             kern.ipc.semmnu
                     Max number of undo structures in system.

     kern.timex (KERN_TIMEX)
             Not available.

     kern.tkstat (KERN_TKSTAT)
             Return information about the number of characters sent and
             received on ttys.  The third level names for the tty statistic
             variables are detailed below.  The changeable column shows
             whether a process with appropriate privilege may change the
             value.

                   Third level name        Type                 Changeable
                   kern.tkstat.cancc       quad                 no
                   kern.tkstat.nin         quad                 no
                   kern.tkstat.nout        quad                 no
                   kern.tkstat.rawcc       quad                 no

             The variables are as follows:

             kern.tkstat.cancc (KERN_TKSTAT_CANCC)
                     The number of canonical input characters.

             kern.tkstat.nin (KERN_TKSTAT_NIN)
                     The total number of input characters.

             kern.tkstat.nout (KERN_TKSTAT_NOUT)
                     The total number of output characters.

             kern.tkstat.rawcc (KERN_TKSTAT_RAWCC)
                     The number of raw input characters.

     kern.urandom (KERN_URND)
             Random integer value.

     kern.veriexec
             Tunings for Verixec.

             kern.veriexec.algorithms
                     Returns a string with the supported algorithms in Ver-
                     iexec.

             kern.veriexec.count
                     Sub-nodes are added to this node as new mounts are moni-
                     tored by Veriexec.  Each mount will be under its own
                     tableN node.  Under each node there will be three vari-
                     ables, indicating the mount point, the file-system type,
                     and the number of entries.

             kern.veriexec.strict
                     Controls the strict level of Veriexec.  See security(8)
                     for more information on each level's implications.

             kern.veriexec.verbose
                     Controls the verbosity level of Veriexec.  If 0, only the
                     minimal indication required will be given about what's
                     happening - fingerprint mismatches, removal of entries
                     from the tables, modification of a fingerprinted file.
                     If 1, more messages will be printed (ie., when a file
                     with a valid fingerprint is accessed).  Verbose level 2
                     is debug mode.

     kern.version (KERN_VERSION)
             The system version string.

     kern.vnode (KERN_VNODE)
             Return the entire vnode table.  Note, the vnode table is not nec-
             essarily a consistent snapshot of the system.  The returned data
             consists of an array whose size depends on the current number of
             such objects in the system.  Each element of the array contains
             the kernel address of a vnode struct vnode * followed by the
             vnode itself struct vnode.

     kern.coredump.setid
             Settings related to set-id processes coredumps.  By default, set-
             id processes do not dump core in situations where other processes
             would.  The settings in this node allows an administrator to
             change this behavior.

             kern.coredump.setid.dump
                     If non-zero, set-id processes will dump core.

             kern.coredump.setid.group
                     The group-id for the set-id processes' coredump.

             kern.coredump.setid.mode
                     The mode for the set-id processes' coredump.  See
                     chmod(1).

             kern.coredump.setid.owner
                     The user-id that will be used as the owner of the set-id
                     processes' coredump.

             kern.coredump.setid.path
                     The path to which set-id processes' coredumps will be
                     saved to.  Same syntax as kern.defcorename.

The machdep.* subtree
     The set of variables defined is architecture dependent.  Most architec-
     tures define at least the following variables.

           Second level name    Type          Changeable
           CPU_CONSDEV          dev_t         no

The net.* subtree
     The string and integer information available for the net level is
     detailed below.  The changeable column shows whether a process with
     appropriate privilege may change the value.  The second and third levels
     are typically the protocol family and protocol number, though this is not
     always the case.

           Second level name     Type                            Changeable
           net.route             routing messages                no
           net.inet              IPv4 values                     yes
           net.inet6             IPv6 values                     yes
           net.key               IPsec key management values     yes

     net.route (PF_ROUTE)
             Return the entire routing table or a subset of it.  The data is
             returned as a sequence of routing messages (see route(4) for the
             header file, format and meaning).  The length of each message is
             contained in the message header.

             The third level name is a protocol number, which is currently
             always 0.  The fourth level name is an address family, which may
             be set to 0 to select all address families.  The fifth and sixth
             level names are as follows:

                   Fifth level name          Sixth level is:
                   NET_RT_FLAGS              rtflags
                   NET_RT_DUMP               None
                   NET_RT_IFLIST             None

     net.inet (PF_INET)
             Get or set various global information about the IPv4 (Internet
             Protocol version 4).  The third level name is the protocol.  The
             fourth level name is the variable name.  The currently defined
             protocols and names are:

                 Protocol name    Variable name          Type       Changeable
                 arp              down                   integer    yes
                 arp              keep                   integer    yes
                 arp              prune                  integer    yes
                 arp              refresh                integer    yes
                 carp             allow                  integer    yes
                 carp             preempt                integer    yes
                 carp             log                    integer    yes
                 carp             arpbalance             integer    yes
                 icmp             errppslimit            integer    yes
                 icmp             maskrepl               integer    yes
                 icmp             rediraccept            integer    yes
                 icmp             redirtimeout           integer    yes
                 ip               allowsrcrt             integer    yes
                 ip               anonportmax            integer    yes
                 ip               anonportmin            integer    yes
                 ip               checkinterface         integer    yes
                 ip               directed-broadcast     integer    yes
                 ip               do_loopback_cksum      integer    yes
                 ip               forwarding             integer    yes
                 ip               forwsrcrt              integer    yes
                 ip               gifttl                 integer    yes
                 ip               grettl                 integer    yes
                 ip               hashsize               integer    yes
                 ip               hostzerobroadcast      integer    yes
                 ip               lowportmin             integer    yes
                 ip               lowportmax             integer    yes
                 ip               maxflows               integer    yes
                 ip               maxfragpackets         integer    yes
                 ip               mtudisc                integer    yes
                 ip               mtudisctimeout         integer    yes
                 ip               random_id              integer    yes
                 ip               redirect               integer    yes
                 ip               subnetsarelocal        integer    yes
                 ip               ttl                    integer    yes
                 tcp              rfc1323                integer    yes
                 tcp              sendspace              integer    yes
                 tcp              recvspace              integer    yes
                 tcp              mssdflt                integer    yes
                 tcp              syn_cache_limit        integer    yes
                 tcp              syn_bucket_limit       integer    yes
                 tcp              syn_cache_interval     integer    yes
                 tcp              init_win               integer    yes
                 tcp              init_win_local         integer    yes
                 tcp              mss_ifmtu              integer    yes
                 tcp              win_scale              integer    yes
                 tcp              timestamps             integer    yes
                 tcp              compat_42              integer    yes
                 tcp              cwm                    integer    yes
                 tcp              cwm_burstsize          integer    yes
                 tcp              ack_on_push            integer    yes
                 tcp              keepidle               integer    yes
                 tcp              keepintvl              integer    yes
                 tcp              keepcnt                integer    yes
                 tcp              slowhz                 integer    no
                 tcp              keepinit               integer    yes
                 tcp              log_refused            integer    yes
                 tcp              rstppslimit            integer    yes
                 tcp              ident                  struct     no
                 tcp              drop                   struct     no
                 tcp              sack.enable            integer    yes
                 tcp              sack.globalholes       integer    no
                 tcp              sack.globalmaxholes    integer    yes
                 tcp              sack.maxholes          integer    yes
                 tcp              ecn.enable             integer    yes
                 tcp              ecn.maxretries         integer    yes
                 tcp              congctl.selected       string     yes
                 tcp              congctl.available      string     yes
                 tcp              abc.enable             integer    yes
                 tcp              abc.aggressive         integer    yes
                 udp              checksum               integer    yes
                 udp              do_loopback_cksum      integer    yes
                 udp              recvspace              integer    yes
                 udp              sendspace              integer    yes

             The variables are as follows:

             arp.down
                     Failed ARP entry lifetime.

             arp.keep
                     Valid ARP entry lifetime.

             arp.prune
                     ARP cache pruning interval.

             arp.refresh
                     ARP entry refresh interval.

             carp.allow
                     If set to 0, incoming carp(4) packets will not be pro-
                     cessed.  If set to any other value, processing will
                     occur.  Enabled by default.

             carp.arpbalance
                     If set to any value other than 0, the ARP balancing func-
                     tionality of carp(4) is enabled.  When ARP requests are
                     received for an IP address which is part of any virtual
                     host, carp will hash the source IP in the ARP request to
                     select one of the virtual hosts from the set of all the
                     virtual hosts which have that IP address.  The master of
                     that host will respond with the correct virtual MAC
                     address.  Disabled by default.

             carp.log
                     If set to any value other than 0, carp(4) will log
                     errors.  Disabled by default.

             carp.preempt
                     If set to 0, carp(4) will not attempt to become master if
                     it is receiving advertisements from another active mas-
                     ter.  If set to any other value, carp will become master
                     of the virtual host if it believes it can send advertise-
                     ments more frequently than the current master.  Disabled
                     by default.

             ip.allowsrcrt
                     If set to 1, the host accepts source routed packets.

             ip.anonportmax
                     The highest port number to use for TCP and UDP ephemeral
                     port allocation.  This cannot be set to less than 1024 or
                     greater than 65535, and must be greater than
                     ip.anonportmin.

             ip.anonportmin
                     The lowest port number to use for TCP and UDP ephemeral
                     port allocation.  This cannot be set to less than 1024 or
                     greater than 65535.

             ip.checkinterface
                     If set to non-zero, the host will reject packets
                     addressed to it that arrive on an interface not bound to
                     that address.  Currently, this must be disabled if ipnat
                     is used to translate the destination address to another
                     local interface, or if addresses are added to the loop-
                     back interface instead of the interface where the packets
                     for those packets are received.

             ip.directed-broadcast
                     If set to 1, enables directed broadcast behavior for the
                     host.

             ip.do_loopback_cksum
                     Perform IP checksum on loopback.

             ip.forwarding
                     If set to 1, enables IP forwarding for the host, meaning
                     that the host is acting as a router.

             ip.forwsrcrt
                     If set to 1, enables forwarding of source-routed packets
                     for the host.  This value may only be changed if the ker-
                     nel security level is less than 1.

             ip.gifttl
                     The maximum time-to-live (hop count) value for an IPv4
                     packet generated by gif(4) tunnel interface.

             ip.grettl
                     The maximum time-to-live (hop count) value for an IPv4
                     packet generated by gre(4) tunnel interface.

             ip.hashsize
                     The size of IPv4 Fast Forward hash table.  This value
                     must be a power of 2 (64, 256...).  A larger hash table
                     size results in fewer collisions.  Also see ip.maxflows.

             ip.hostzerobroadcast
                     All zeroes address is broadcast address.

             ip.lowportmax
                     The highest port number to use for TCP and UDP reserved
                     port allocation.  This cannot be set to less than 0 or
                     greater than 1024, and must be greater than
                     ip.lowportmin.

             ip.lowportmin
                     The lowest port number to use for TCP and UDP reserved
                     port allocation.  This cannot be set to less than 0 or
                     greater than 1024, and must be smaller than
                     ip.lowportmax.

             ip.maxflows
                     IPv4 Fast Forwarding is enabled by default.  If set to 0,
                     IPv4 Fast Forwarding is disabled.  ip.maxflows controls
                     the maximum amount of flows which can be created.  The
                     default value is 256.

             ip.maxfragpackets
                     The maximum number of fragmented packets the node will
                     accept.  0 means that the node will not accept any frag-
                     mented packets.  -1 means that the node will accept as
                     many fragmented packets as it receives.  The flag is pro-
                     vided basically for avoiding possible DoS attacks.

             ip.mtudisc
                     If set to 1, enables Path MTU Discovery (RFC 1191).  When
                     Path MTU Discovery is enabled, the transmitted TCP seg-
                     ment size will be determined by the advertised maximum
                     segment size (MSS) from the remote end, as constrained by
                     the path MTU.  If MTU Discovery is disabled, the trans-
                     mitted segment size will never be greater than
                     tcp.mssdflt (the local maximum segment size).

             ip.mtudisctimeout
                     The number of seconds in which a route added by the Path
                     MTU Discovery engine will time out.  When the route times
                     out, the Path MTU Discovery engine will attempt to probe
                     a larger path MTU.

             ip.random_id
                     Assign random ip_id values.

             ip.redirect
                     If set to 1, ICMP redirects may be sent by the host.
                     This option is ignored unless the host is routing IP
                     packets, and should normally be enabled on all systems.

             ip.subnetsarelocal
                     If set to 1, subnets are to be considered local
                     addresses.

             ip.ttl  The maximum time-to-live (hop count) value for an IP
                     packet sourced by the system.  This value applies to nor-
                     mal transport protocols, not to ICMP.

             icmp.errppslimit
                     The variable specifies the maximum number of outgoing
                     ICMP error messages, per second.  ICMP error messages
                     that exceeded the value are subject to rate limitation
                     and will not go out from the node.  Negative value dis-
                     ables rate limitation.

             icmp.maskrepl
                     If set to 1, ICMP network mask requests are to be
                     answered.

             icmp.rediraccept
                     If set to non-zero, the host will accept ICMP redirect
                     packets.  Note that routers will never accept ICMP redi-
                     rect packets, and the variable is meaningful on IP hosts
                     only.

             icmp.redirtimeout
                     The variable specifies lifetime of routing entries gener-
                     ated by incoming ICMP redirect.  This defaults to 600
                     seconds.

             icmp.returndatabytes
                     Number of bytes to return in an ICMP error message.

             tcp.ack_on_push
                     If set to 1, TCP is to immediately transmit an ACK upon
                     reception of a packet with PUSH set.  This can avoid los-
                     ing a round trip time in some rare situations, but has
                     the caveat of potentially defeating TCP's delayed ACK
                     algorithm.  Use of this option is generally not recom-
                     mended, but the variable exists in case your configura-
                     tion really needs it.

             tcp.compat_42
                     If set to 1, enables work-arounds for bugs in the 4.2BSD
                     TCP implementation.  Use of this option is not recom-
                     mended, although it may be required in order to communi-
                     cate with extremely old TCP implementations.

             tcp.cwm
                     If set to 1, enables use of the Hughes/Touch/Heidemann
                     Congestion Window Monitoring algorithm.  This algorithm
                     prevents line-rate bursts of packets that could otherwise
                     occur when data begins flowing on an idle TCP connection.
                     These line-rate bursts can contribute to network and
                     router congestion.  This can be particularly useful on
                     World Wide Web servers which support HTTP/1.1, which has
                     lingering connections.

             tcp.cwm_burstsize
                     The Congestion Window Monitoring allowed burst size, in
                     terms of packet count.

             tcp.delack_ticks
                     Number of ticks to delay sending an ACK.

             tcp.do_loopback_cksum
                     Perform TCP checksum on loopback.

             tcp.init_win
                     A value indicating the TCP initial congestion window.  If
                     this value is 0, an auto-tuning algorithm designed to use
                     an initial window of approximately 4K bytes is in use.
                     Otherwise, this value indicates a fixed number of pack-
                     ets.

             tcp.init_win_local
                     Like tcp.init_win, but used when communicating with hosts
                     on a local network.

             tcp.keepcnt
                     Number of keepalive probes sent before declaring a con-
                     nection dead.  If set to zero, there is no limit;
                     keepalives will be sent until some kind of response is
                     received from the peer.

             tcp.keepidle
                     Time a connection must be idle before keepalives are sent
                     (if keepalives are enabled for the connection).  See also
                     tcp.slowhz.

             tcp.keepintvl
                     Time after a keepalive probe is sent until, in the
                     absence of any response, another probe is sent.  See also
                     tcp.slowhz.

             tcp.log_refused
                     If set to 1, refused TCP connections to the host will be
                     logged.

             tcp.keepinit
                     Timeout in seconds during connection establishment.

             tcp.mss_ifmtu
                     If set to 1, TCP calculates the outgoing maximum segment
                     size based on the MTU of the appropriate interface.  If
                     set to 0, it is calculated based on the greater of the
                     MTU of the interface, and the largest (non-loopback)
                     interface MTU on the system.

             tcp.mssdflt
                     The default maximum segment size both advertised to the
                     peer and to use when either the peer does not advertise a
                     maximum segment size to us during connection setup or
                     Path MTU Discovery (ip.mtudisc) is disabled.  Do not
                     change this value unless you really know what you are
                     doing.

             tcp.recvspace
                     The default TCP receive buffer size.

             tcp.rfc1323
                     If set to 1, enables RFC 1323 extensions to TCP.

             tcp.rstppslimit
                     The variable specifies the maximum number of outgoing TCP
                     RST packets, per second.  TCP RST packet that exceeded
                     the value are subject to rate limitation and will not go
                     out from the node.  Negative value disables rate limita-
                     tion.

             tcp.ident
                     Return the user ID of a connected socket pair.  (RFC1413
                     Identification Protocol lookups.)

             tcp.drop
                     Drop a TCP socket pair connection.

             tcp.sack.enable
                     If set to 1, enables RFC 2018 Selective ACKnowledgement.

             tcp.sack.globalholes
                     Global number of TCP SACK holes.

             tcp.sack.globalmaxholes
                     Global maximum number of TCP SACK holes.

             tcp.sack.maxholes
                     Maximum number of TCP SACK holes allowed per connection.

             tcp.ecn.enable
                     If set to 1, enables RFC 3168 Explicit Congestion Notifi-
                     cation.

             tcp.ecn.maxretries
                     Number of times to retry sending the ECN-setup packet.

             tcp.sendspace
                     The default TCP send buffer size.

             tcp.slowhz
                     The units for tcp.keepidle and tcp.keepintvl; those vari-
                     ables are in ticks of a clock that ticks tcp.slowhz times
                     per second.  (That is, their values must be divided by
                     the tcp.slowhz value to get times in seconds.)

             tcp.syn_bucket_limit
                     The maximum number of entries allowed per hash bucket in
                     the TCP compressed state engine.

             tcp.syn_cache_limit
                     The maximum number of entries allowed in the TCP com-
                     pressed state engine.

             tcp.timestamps
                     If rfc1323 is enabled, a value of 1 indicates RFC 1323
                     time stamp options, used for measuring TCP round trip
                     times, are enabled.

             tcp.win_scale
                     If rfc1323 is enabled, a value of 1 indicates RFC 1323
                     window scale options, for increasing the TCP window size,
                     are enabled.

             tcp.congctl.available
                     The available TCP congestion control algorithms.

             tcp.congctl.selected
                     The currently selected TCP congestion control algorithm.

             tcp.abc.enable
                     If set to 1, use RFC 3465 Appropriate Byte Counting
                     (ABC).  If set to 0, use traditional Packet Counting.

             tcp.abc.aggressive
                     Choose the L parameter found in RFC 3465.  L is the maxi-
                     mum cwnd increase for an ack during slow start.  If set
                     to 1, use L=2*SMSS.  If set to 0, use L=1*SMSS.  It has
                     no effect unless tcp.abc.enable is set to 1.

             udp.checksum
                     If set to 1, UDP checksums are being computed.  Received
                     non-zero UDP checksums are always checked.  Disabling UDP
                     checksums is strongly discouraged.

             udp.sendspace
                     The default UDP send buffer size.

             udp.recvspace
                     The default UDP receive buffer size.

             For variables net.*.ipsec, please refer to ipsec(4).

     net.inet6 (PF_INET6)
             Get or set various global information about the IPv6 (Internet
             Protocol version 6).  The third level name is the protocol.  The
             fourth level name is the variable name.  The currently defined
             protocols and names are:

                   Protocol name    Variable name      Type       Changeable
                   icmp6            errppslimit        integer    yes
                   icmp6            mtudisc_hiwat      integer    yes
                   icmp6            mtudisc_lowat      integer    yes
                   icmp6            nd6_debug          integer    yes
                   icmp6            nd6_delay          integer    yes
                   icmp6            nd6_maxnudhint     integer    yes
                   icmp6            nd6_mmaxtries      integer    yes
                   icmp6            nd6_prune          integer    yes
                   icmp6            nd6_umaxtries      integer    yes
                   icmp6            nd6_useloopback    integer    yes
                   icmp6            nodeinfo           integer    yes
                   icmp6            rediraccept        integer    yes
                   icmp6            redirtimeout       integer    yes
                   ip6              accept_rtadv       integer    yes
                   ip6              anonportmax        integer    yes
                   ip6              anonportmin        integer    yes
                   ip6              auto_flowlabel     integer    yes
                   ip6              dad_count          integer    yes
                   ip6              defmcasthlim       integer    yes
                   ip6              forwarding         integer    yes
                   ip6              gifhlim            integer    yes
                   ip6              hashsize           integer    yes
                   ip6              hlim               integer    yes
                   ip6              hdrnestlimit       integer    yes
                   ip6              kame_version       string     no
                   ip6              keepfaith          integer    yes
                   ip6              log_interval       integer    yes
                   ip6              lowportmax         integer    yes
                   ip6              lowportmin         integer    yes
                   ip6              maxflows           integer    yes
                   ip6              maxfragpackets     integer    yes
                   ip6              maxfrags           integer    yes
                   ip6              redirect           integer    yes
                   ip6              rr_prune           integer    yes
                   ip6              use_deprecated     integer    yes
                   ip6              v6only             integer    yes
                   udp6             do_loopback_cksum  integer    yes
                   udp6             recvspace          integer    yes
                   udp6             sendspace          integer    yes

             The variables are as follows:

             ip6.accept_rtadv
                     If set to non-zero, the node will accept ICMPv6 router
                     advertisement packets and autoconfigures address prefixes
                     and default routers.  The node must be a host (not a
                     router) for the option to be meaningful.

             ip6.anonportmax
                     The highest port number to use for TCP and UDP ephemeral
                     port allocation.  This cannot be set to less than 1024 or
                     greater than 65535, and must be greater than
                     ip6.anonportmin.

             ip6.anonportmin
                     The lowest port number to use for TCP and UDP ephemeral
                     port allocation.  This cannot be set to less than 1024 or
                     greater than 65535.

             ip6.auto_flowlabel
                     On connected transport protocol packets, fill IPv6
                     flowlabel field to help intermediate routers to identify
                     packet flows.

             ip6.dad_count
                     The variable configures number of IPv6 DAD (duplicated
                     address detection) probe packets.  The packets will be
                     generated when IPv6 interface addresses are configured.

             ip6.defmcasthlim
                     The default hop limit value for an IPv6 multicast packet
                     sourced by the node.  This value applies to all the
                     transport protocols on top of IPv6.  There are APIs to
                     override the value, as documented in ip6(4).

             ip6.forwarding
                     If set to 1, enables IPv6 forwarding for the node, mean-
                     ing that the node is acting as a router.  If set to 0,
                     disables IPv6 forwarding for the node, meaning that the
                     node is acting as a host.  IPv6 specification defines
                     node behavior for ``router'' case and ``host'' case quite
                     differently, and changing this variable during operation
                     may cause serious trouble.  It is recommended to config-
                     ure the variable at bootstrap time, and bootstrap time
                     only.

             ip6.gifhlim
                     The maximum hop limit value for an IPv6 packet generated
                     by gif(4) tunnel interface.

             ip6.hdrnestlimit
                     The number of IPv6 extension headers permitted on incom-
                     ing IPv6 packets.  If set to 0, the node will accept as
                     many extension headers as possible.

             ip6.hashsize
                     The size of IPv6 Fast Forward hash table.  This value
                     must be a power of 2 (64, 256...).  A larger hash table
                     size results in fewer collisions.  Also see ip6.maxflows.

             ip6.hlim
                     The default hop limit value for an IPv6 unicast packet
                     sourced by the node.  This value applies to all the
                     transport protocols on top of IPv6.  There are APIs to
                     override the value, as documented in ip6(4).

             ip6.kame_version
                     The string identifies the version of KAME IPv6 stack
                     implemented in the kernel.

             ip6.keepfaith
                     If set to non-zero, it enables ``FAITH'' TCP relay
                     IPv6-to-IPv4 translator code in the kernel.  Refer
                     faith(4) and faithd(8) for detail.

             ip6.log_interval
                     The variable controls amount of logs generated by IPv6
                     packet forwarding engine, by setting interval between log
                     output (in seconds).

             ip6.lowportmax
                     The highest port number to use for TCP and UDP reserved
                     port allocation.  This cannot be set to less than 0 or
                     greater than 1024, and must be greater than
                     ip6.lowportmin.

             ip6.lowportmin
                     The lowest port number to use for TCP and UDP reserved
                     port allocation.  This cannot be set to less than 0 or
                     greater than 1024, and must be smaller than
                     ip6.lowportmax.

             ip6.maxflows
                     IPv6 Fast Forwarding is enabled by default.  If set to 0,
                     IPv6 Fast Forwarding is disabled.  ip6.maxflows controls
                     the maximum amount of flows which can be created.  The
                     default value is 256.

             ip6.maxfragpackets
                     The maximum number of fragmented packets the node will
                     accept.  0 means that the node will not accept any frag-
                     mented packets.  -1 means that the node will accept as
                     many fragmented packets as it receives.  The flag is pro-
                     vided basically for avoiding possible DoS attacks.

             ip6.maxfrags
                     The maximum number of fragments the node will accept.  0
                     means that the node will not accept any fragments.  -1
                     means that the node will accept as many fragments as it
                     receives.  The flag is provided basically for avoiding
                     possible DoS attacks.

             ip6.redirect
                     If set to 1, ICMPv6 redirects may be sent by the node.
                     This option is ignored unless the node is routing IP
                     packets, and should normally be enabled on all systems.

             ip6.rr_prune
                     The variable specifies interval between IPv6 router
                     renumbering prefix babysitting, in seconds.

             ip6.use_deprecated
                     The variable controls use of deprecated address, speci-
                     fied in RFC 2462 5.5.4.

             ip6.v6only
                     The variable specifies initial value for IPV6_V6ONLY
                     socket option for AF_INET6 socket.  Please refer to
                     ip6(4) for detail.

             icmp6.errppslimit
                     The variable specifies the maximum number of outgoing
                     ICMPv6 error messages, per second.  ICMPv6 error messages
                     that exceeded the value are subject to rate limitation
                     and will not go out from the node.  Negative value dis-
                     ables rate limitation.

             icmp6.mtudisc_hiwat

             icmp6.mtudisc_lowat
                     The variables define the maximum number of routing table
                     entries, created due to path MTU discovery (prevents
                     denial-of-service attacks with ICMPv6 too big messages).
                     When IPv6 path MTU discovery happens, we keep path MTU
                     information into the routing table.  If the number of
                     routing table entries exceed the value, the kernel will
                     not attempt to keep the path MTU information.
                     icmp6.mtudisc_hiwat is used when we have verified ICMPv6
                     too big messages.  icmp6.mtudisc_lowat is used when we
                     have unverified ICMPv6 too big messages.  Verification is
                     performed by using address/port pairs kept in connected
                     pcbs.  Negative value disables the upper limit.

             icmp6.nd6_debug
                     If set to non-zero, kernel IPv6 neighbor discovery code
                     will generate debugging messages.  The debug outputs are
                     useful to diagnose IPv6 interoperability issues.  The
                     flag must be set to 0 for normal operation.

             icmp6.nd6_delay
                     The variable specifies DELAY_FIRST_PROBE_TIME timing con-
                     stant in IPv6 neighbor discovery specification (RFC
                     2461), in seconds.

             icmp6.nd6_maxnudhint
                     IPv6 neighbor discovery permits upper layer protocols to
                     supply reachability hints, to avoid unnecessary neighbor
                     discovery exchanges.  The variable defines the number of
                     consecutive hints the neighbor discovery layer will take.
                     For example, by setting the variable to 3, neighbor dis-
                     covery layer will take 3 consecutive hints in maximum.
                     After receiving 3 hints, neighbor discovery layer will
                     perform normal neighbor discovery process.

             icmp6.nd6_mmaxtries
                     The variable specifies MAX_MULTICAST_SOLICIT constant in
                     IPv6 neighbor discovery specification (RFC 2461).

             icmp6.nd6_prune
                     The variable specifies interval between IPv6 neighbor
                     cache babysitting, in seconds.

             icmp6.nd6_umaxtries
                     The variable specifies MAX_UNICAST_SOLICIT constant in
                     IPv6 neighbor discovery specification (RFC 2461).

             icmp6.nd6_useloopback
                     If set to non-zero, kernel IPv6 stack will use loopback
                     interface for local traffic.

             icmp6.nodeinfo
                     The variable enables responses to ICMPv6 node information
                     queries.  If you set the variable to 0, responses will
                     not be generated for ICMPv6 node information queries.
                     Since node information queries can have a security
                     impact, it is possible to fine tune which responses
                     should be answered.  Two separate bits can be set.

                     1      Respond to ICMPv6 FQDN queries, e.g.  ping6 -w.

                     2      Respond to ICMPv6 node addresses queries, e.g.
                            ping6 -a.

             icmp6.rediraccept
                     If set to non-zero, the host will accept ICMPv6 redirect
                     packets.  Note that IPv6 routers will never accept ICMPv6
                     redirect packets, and the variable is meaningful on IPv6
                     hosts (non-router) only.

             icmp6.redirtimeout
                     The variable specifies lifetime of routing entries gener-
                     ated by incoming ICMPv6 redirect.

             udp6.do_loopback_cksum
                     Perform UDP checksum on loopback.

             udp6.recvspace
                     Default UDP receive buffer size.

             udp6.sendspace
                     Default UDP send buffer size.

             We reuse net.*.tcp for TCP over IPv6, and therefore we do not
             have variables net.*.tcp6.  Variables net.inet6.udp6 have identi-
             cal meaning to net.inet.udp.  Please refer to PF_INET section
             above.  For variables net.*.ipsec6, please refer to ipsec(4).

     net.key (PF_KEY)
             Get or set various global information about the IPsec key manage-
             ment.  The third level name is the variable name.  The currently
             defined variable and names are:

                   Variable name        Type       Changeable
                   debug                integer    yes
                   spi_try              integer    yes
                   spi_min_value        integer    yes
                   spi_max_value        integer    yes
                   larval_lifetime      integer    yes
                   blockacq_count       integer    yes
                   blockacq_lifetime    integer    yes
                   esp_keymin           integer    yes
                   esp_auth             integer    yes
                   ah_keymin            integer    yes
             The variables are as follows:

             debug   Turn on debugging message from within the kernel.  The
                     value is a bitmap, as defined in
                     /usr/include/netkey/key_debug.h.

             spi_try
                     The number of times the kernel will try to obtain an
                     unique SPI when it generates it from random number gener-
                     ator.

             spi_min_value
                     Minimum SPI value when generating it within the kernel.

             spi_max_value
                     Maximum SPI value when generating it within the kernel.

             larval_lifetime
                     Lifetime for LARVAL SAD entries, in seconds.

             blockacq_count
                     Number of ACQUIRE PF_KEY messages to be blocked after an
                     ACQUIRE message.  It avoids flood of ACQUIRE PF_KEY from
                     being sent from the kernel to the key management daemon.

             blockacq_lifetime
                     Lifetime of ACQUIRE PF_KEY message.

             esp_keymin
                     Minimum ESP key length, in bits.  The value is used when
                     the kernel creates proposal payload on ACQUIRE PF_KEY
                     message.

             esp_auth
                     Whether ESP authentication should be used or not.  Non-
                     zero value indicates that ESP authentication should be
                     used.  The value is used when the kernel creates proposal
                     payload on ACQUIRE PF_KEY message.

             ah_keymin
                     Minimum AH key length, in bits, The value is used when
                     the kernel creates proposal payload on ACQUIRE PF_KEY
                     message.

The proc.* subtree
     The string and integer information available for the proc level is
     detailed below.  The changeable column shows whether a process with
     appropriate privilege may change the value.  These values are per-
     process, and as such may change from one process to another.  When a
     process is created, the default values are inherited from its parent.
     When a set-user-ID or set-group-ID binary is executed, the value of
     PROC_PID_CORENAME is reset to the system default value.  The second level
     name is either the magic value PROC_CURPROC, which points to the current
     process, or the PID of the target process.

           Third level name            Type          Changeable
           proc.pid.corename           string        yes
           proc.pid.rlimit             node          not applicable
           proc.pid.stopfork           int           yes
           proc.pid.stopexec           int           yes
           proc.pid.stopexit           int           yes

     proc.pid.corename (PROC_PID_CORENAME)
             The template used for the core dump file name (see core(5) for
             details).  The base name must either be core or end with the suf-
             fix ``.core'' (the super-user may set arbitrary names).  By
             default it points to KERN_DEFCORENAME.

     proc.pid.rlimit (PROC_PID_LIMIT)
             Return resources limits, as defined for the getrlimit(2) and
             setrlimit(2) system calls.  The fourth level name is one of:

             proc.pid.rlimit.cputime (PROC_PID_LIMIT_CPU)
                                       The maximum amount of CPU time (in sec-
                                       onds) to be used by each process.

             proc.pid.rlimit.filesize (PROC_PID_LIMIT_FSIZE)
                                       The largest size (in bytes) file that
                                       may be created.

             proc.pid.rlimit.datasize (PROC_PID_LIMIT_DATA)
                                       The maximum size (in bytes) of the data
                                       segment for a process; this defines how
                                       far a program may extend its break with
                                       the sbrk(2) system call.

             proc.pid.rlimit.stacksize (PROC_PID_LIMIT_STACK)
                                       The maximum size (in bytes) of the
                                       stack segment for a process; this
                                       defines how far a program's stack seg-
                                       ment may be extended.  Stack extension
                                       is performed automatically by the sys-
                                       tem.

             proc.pid.rlimit.coredumpsize (PROC_PID_LIMIT_CORE)
                                       The largest size (in bytes) core file
                                       that may be created.

             proc.pid.rlimit.memoryuse (PROC_PID_LIMIT_RSS)
                                       The maximum size (in bytes) to which a
                                       process's resident set size may grow.
                                       This imposes a limit on the amount of
                                       physical memory to be given to a
                                       process; if memory is tight, the system
                                       will prefer to take memory from pro-
                                       cesses that are exceeding their
                                       declared resident set size.

             proc.pid.rlimit.memorylocked (PROC_PID_LIMIT_MEMLOCK)
                                       The maximum size (in bytes) which a
                                       process may lock into memory using the
                                       mlock(2) function.

             proc.pid.rlimit.maxproc (PROC_PID_LIMIT_NPROC)
                                       The maximum number of simultaneous pro-
                                       cesses for this user id.

             proc.pid.rlimit.descriptors (PROC_PID_LIMIT_NOFILE)
                                       The maximum number of open files for
                                       this process.

             proc.pid.rlimit.sbsize (PROC_PID_LIMIT_SBSIZE)
                                       The maximum size (in bytes) of the
                                       socket buffers set by the setsockopt(2)
                                       SO_RCVBUF and SO_SNDBUF options.

             The fifth level name is one of soft (PROC_PID_LIMIT_TYPE_SOFT) or
             hard (PROC_PID_LIMIT_TYPE_HARD), to select respectively the soft
             or hard limit.  Both are of type integer.

     proc.pid.stopfork (PROC_PID_STOPFORK)
             If non zero, the process' children will be stopped after fork(2)
             calls.  The children is created in the SSTOP state and is never
             scheduled for running before being stopped.  This feature helps
             attaching a process with a debugger such as gdb(1) before it had
             the opportunity to actually do anything.

             This value is inherited by the process's children, and it also
             apply to emulation specific system calls that fork a new process,
             such as sproc() or clone().

     proc.pid.stopexec (PROC_PID_STOPEXEC)
             If non zero, the process will be stopped on next exec(3) call.
             The process created by exec(3) is created in the SSTOP state and
             is never scheduled for running before being stopped.  This fea-
             ture helps attaching a process with a debugger such as gdb(1)
             before it had the opportunity to actually do anything.

             This value is inherited by the process's children.

     proc.pid.stopexit (PROC_PID_STOPEXIT)
             If non zero, the process will be stopped on when it has cause to
             exit, either by way of calling exit(3), _exit(2), or by the
             receipt of a specific signal.  The process is stopped before any
             of its resources or vm space is released allowing examination of
             the termination state of a process before it disappears.  This
             feature can be used to examine the final conditions of the
             process's vmspace via pmap(1) or its resource settings with
             sysctl(8) before it disappears.

             This value is also inherited by the process's children.

The user.* subtree (CTL_USER)
     The string and integer information available for the user level is
     detailed below.  The changeable column shows whether a process with
     appropriate privilege may change the value.

           Second level name           Type          Changeable
           user.atexit_max             integer       no
           user.bc_base_max            integer       no
           user.bc_dim_max             integer       no
           user.bc_scale_max           integer       no
           user.bc_string_max          integer       no
           user.coll_weights_max       integer       no
           user.cs_path                string        no
           user.expr_nest_max          integer       no
           user.line_max               integer       no
           user.posix2_c_bind          integer       no
           user.posix2_c_dev           integer       no
           user.posix2_char_term       integer       no
           user.posix2_fort_dev        integer       no
           user.posix2_fort_run        integer       no
           user.posix2_localedef       integer       no
           user.posix2_sw_dev          integer       no
           user.posix2_upe             integer       no
           user.posix2_version         integer       no
           user.re_dup_max             integer       no
           user.stream_max             integer       no
           user.stream_max             integer       no
           user.tzname_max             integer       no

     user.atexit_max (USER_ATEXIT_MAX)
             The maximum number of functions that may be registered with
             atexit(3).

     user.bc_base_max (USER_BC_BASE_MAX)
             The maximum ibase/obase values in the bc(1) utility.

     user.bc_dim_max (USER_BC_DIM_MAX)
             The maximum array size in the bc(1) utility.

     user.bc_scale_max (USER_BC_SCALE_MAX)
             The maximum scale value in the bc(1) utility.

     user.bc_string_max (USER_BC_STRING_MAX)
             The maximum string length in the bc(1) utility.

     user.coll_weights_max (USER_COLL_WEIGHTS_MAX)
             The maximum number of weights that can be assigned to any entry
             of the LC_COLLATE order keyword in the locale definition file.

     user.cs_path (USER_CS_PATH)
             Return a value for the PATH environment variable that finds all
             the standard utilities.

     user.expr_nest_max (USER_EXPR_NEST_MAX)
             The maximum number of expressions that can be nested within
             parenthesis by the expr(1) utility.

     user.line_max (USER_LINE_MAX)
             The maximum length in bytes of a text-processing utility's input
             line.

     user.posix2_char_term (USER_POSIX2_CHAR_TERM)
             Return 1 if the system supports at least one terminal type capa-
             ble of all operations described in POSIX 1003.2, otherwise 0.

     user.posix2_c_bind (USER_POSIX2_C_BIND)
             Return 1 if the system's C-language development facilities sup-
             port the C-Language Bindings Option, otherwise 0.

     user.posix2_c_dev (USER_POSIX2_C_DEV)
             Return 1 if the system supports the C-Language Development Utili-
             ties Option, otherwise 0.

     user.posix2_fort_dev (USER_POSIX2_FORT_DEV)
             Return 1 if the system supports the FORTRAN Development Utilities
             Option, otherwise 0.

     user.posix2_fort_run (USER_POSIX2_FORT_RUN)
             Return 1 if the system supports the FORTRAN Runtime Utilities
             Option, otherwise 0.

     user.posix2_localedef (USER_POSIX2_LOCALEDEF)
             Return 1 if the system supports the creation of locales, other-
             wise 0.

     user.posix2_sw_dev (USER_POSIX2_SW_DEV)
             Return 1 if the system supports the Software Development Utili-
             ties Option, otherwise 0.

     user.posix2_upe (USER_POSIX2_UPE)
             Return 1 if the system supports the User Portability Utilities
             Option, otherwise 0.

     user.posix2_version (USER_POSIX2_VERSION)
             The version of POSIX 1003.2 with which the system attempts to
             comply.

     user.re_dup_max (USER_RE_DUP_MAX)
             The maximum number of repeated occurrences of a regular expres-
             sion permitted when using interval notation.

     user.stream_max (USER_STREAM_MAX)
             The minimum maximum number of streams that a process may have
             open at any one time.

     user.tzname_max (USER_TZNAME_MAX)
             The minimum maximum number of types supported for the name of a
             timezone.

The vm.* subtree (CTL_VM)
     The string and integer information available for the vm level is detailed
     below.  The changeable column shows whether a process with appropriate
     privilege may change the value.

           Second level name          Type                       Changeable
           vm.anonmax                 int                        yes
           vm.anonmin                 int                        yes
           vm.bufcache                int                        yes
           vm.bufmem                  int                        no
           vm.bufmem_hiwater          int                        yes
           vm.bufmem_lowater          int                        yes
           vm.execmax                 int                        yes
           vm.execmin                 int                        yes
           vm.filemax                 int                        yes
           vm.filemin                 int                        yes
           vm.loadavg                 struct loadavg             no
           vm.maxslp                  int                        no
           vm.nkmempages              int                        no
           vm.uspace                  int                        no
           vm.uvmexp                  struct uvmexp              no
           vm.uvmexp2                 struct uvmexp_sysctl       no
           vm.vmmeter                 struct vmtotal             no

     vm.anonmax (VM_ANONMAX)
             The percentage of physical memory which will be reclaimed from
             other types of memory usage to store anonymous application data.

     vm.anonmin (VM_ANONMIN)
             The percentage of physical memory which will be always be avail-
             able for anonymous application data.

     vm.bufcache (VM_BUFCACHE)
             The percentage of physical memory which will be available for the
             buffer cache.

     vm.bufmem (VM_BUFMEM)
             The amount of kernel memory that is being used by the buffer
             cache.

     vm.bufmem_lowater (VM_BUFMEM_LOWATER)
             The minimum amount of kernel memory to reserve for the buffer
             cache.

     vm.bufmem_hiwater (VM_BUFMEM_HIWATER)
             The maximum amount of kernel memory to be used for the buffer
             cache.

     vm.execmax (VM_EXECMAX)
             The percentage of physical memory which will be reclaimed from
             other types of memory usage to store cached executable data.

     vm.execmin (VM_EXECMIN)
             The percentage of physical memory which will be always be avail-
             able for cached executable data.

     vm.filemax (VM_FILEMAX)
             The percentage of physical memory which will be reclaimed from
             other types of memory usage to store cached file data.

     vm.filemin (VM_FILEMIN)
             The percentage of physical memory which will be always be avail-
             able for cached file data.

     vm.loadavg (VM_LOADAVG)
             Return the load average history.  The returned data consists of a
             struct loadavg.

     vm.maxslp (VM_MAXSLP)
             The value of the maxslp kernel global variable.

     vm.vmmeter (VM_METER)
             Return system wide virtual memory statistics.  The returned data
             consists of a struct vmtotal.

     vm.uspace (VM_USPACE)
             The number of bytes allocated for each kernel stack.

     vm.uvmexp (VM_UVMEXP)
             Return system wide virtual memory statistics.  The returned data
             consists of a struct uvmexp.

     vm.uvmexp2 (VM_UVMEXP2)
             Return system wide virtual memory statistics.  The returned data
             consists of a struct uvmexp_sysctl.

The ddb.* subtree (CTL_DDB)
     The integer information available for the ddb level is detailed below.
     The changeable column shows whether a process with appropriate privilege
     may change the value.

           Second level name     Type          Changeable
           ddb.radix             integer       yes
           ddb.maxoff            integer       yes
           ddb.lines             integer       yes
           ddb.tabstops          integer       yes
           ddb.onpanic           integer       yes
           ddb.fromconsole       integer       yes

     ddb.radix (DBCTL_RADIX)
             The input and output radix.

     ddb.maxoff (DBCTL_MAXOFF)
             The maximum symbol offset.

     ddb.lines (DBCTL_LINES)
             Number of display lines.

     ddb.tabstops (DBCTL_TABSTOPS)
             Tab width.

     ddb.onpanic (DBCTL_ONPANIC)
             If non-zero, DDB will be entered if the kernel panics.

     ddb.fromconsole (DBCTL_FROMCONSOLE)
             If not zero, DDB may be entered by sending a break on a serial
             console or by a special key sequence on a graphics console.

     These MIB nodes are also available as variables from within the DDB.  See
     ddb(4) for more details.

The security.* subtree (CTL_SECURITY)
     The security level contains various security-related settings for the
     system.  Available settings are detailed below.

     security.curtain
             If non-zero, will filter return objects according to the user-id
             requesting information about them, preventing from users any
             access to objects they don't own.

             At the moment, it affects ps(1), netstat(1) (for PF_INET,
             PF_INET6, and PF_UNIX PCBs), and w(1).

     security.models
             NetBSD supports pluggable security models.  Every security model
             used, whether if loaded as an LKM or built with the system, is
             required to add an entry to this node with at least one element,
             ``name'', indicating the name of the security model.

             In addition to the name, any settings and other information pri-
             vate to the security model will be available under this node.
             See secmodel(9) for more information.

     security.pax
             Settings for PaX -- exploit mitigation features.  For more infor-
             mation on any of the PaX features, please see paxctl(8) and
             security(8).

             security.pax.aslr.enable
                     Enable PaX ASLR (Address Space Layout Randomization).

                     The value of this knob must be non-zero for PaX ASLR to
                     be enabled, even if a program is set to explicit enable.

             security.pax.aslr.global
                     Specifies the default global policy for programs without
                     an explicit enable/disable flag.

                     When non-zero, all programs will get PaX ASLR, except
                     those exempted with paxctl(8).  Otherwise, all programs
                     will not get PaX ASLR, except those specifically marked
                     as such with paxctl(8).

             security.pax.mprotect.enable
                     Enable PaX MPROTECT restrictions.

                     These are mprotect(2) restrictions to better enforce a
                     W^X policy.  The value of this knob must be non-zero for
                     PaX MPROTECT to be enabled, even if a program is set to
                     explicit enable.

             security.pax.mprotect.global
                     Specifies the default global policy for programs without
                     an explicit enable/disable flag.

                     When non-zero, all programs will get the PaX MPROTECT
                     restrictions, except those exempted with paxctl(8).  Oth-
                     erwise, all programs will not get the PaX MPROTECT
                     restrictions, except those specifically marked as such
                     with paxctl(8).

             security.pax.segvguard.enable
                     Enable PaX Segvguard.

                     PaX Segvguard can detect and prevent certain exploitation
                     attempts, where an attacker may try for example to brute-
                     force function return addresses of respawning daemons.

                     Note: The NetBSD interface and implementation of the
                     Segvguard is still experimental, and may change in future
                     releases.

             security.pax.segvguard.global
                     Specifies the default global policy for programs without
                     an explicit enable/disable flag.

                     When non-zero, all programs will get the PaX Segvguard,
                     except those exempted with paxctl(8).  Otherwise, no pro-
                     gram will get the PaX Segvguard restrictions, except
                     those specifically marked as such with paxctl(8).

             security.pax.segvguard.expiry_timeout
                     If the max number was not reached within this timeout (in
                     seconds), the entry will expire.

             security.pax.segvguard.suspend_timeout
                     Number of seconds to suspend a user from running a fault-
                     ing program when the limit was exceeded.

             security.pax.segvguard.max_crashes
                     Max number of segfaults a program can receive before sus-
                     pension.

The vendor.* subtree (CTL_VENDOR)
     The vendor toplevel name is reserved to be used by vendors who wish to
     have their own private MIB tree.  Intended use is to store values under
     ``vendor.<yourname>.*''.

SEE ALSO
     sysctl(3), ipsec(4), tcp(4), security(8), sysctl(8)

HISTORY
     The sysctl variables first appeared in 4.4BSD.

NetBSD 5.0.1                     May 18, 2009                     NetBSD 5.0.1

You can also request any man page by name and (optionally) by section:

Command: 
Section: 
Architecture: 
Collection: 
 

Use the DEFAULT collection to view manual pages for third-party software.


©1994 Man-cgi 1.15, Panagiotis Christias <christia@softlab.ntua.gr>
©1996-2014 Modified for NetBSD by Kimmo Suominen