summaryrefslogtreecommitdiff
path: root/sbin/sysctl
AgeCommit message (Collapse)Author
2016-09-01Export machdep.cpufeature in hex, to avoid - values which madeTheo de Raadt
yuo@ grumpy. ok tom guenther yuo
2016-08-27Pull in <sys/time.h> for struct timespecPhilip Guenther
ok deraadt@
2016-08-14Use int64_t and %ll for CTLTYPE_QUAD nodes.Philip Guenther
Use memcpy() instead of up-casting from char* to long long* ok krw@
2016-07-27correct syntax for baddynamic example. from Holger MikolonTed Unangst
2016-07-27increase the size of forkstat fields to accomodate large valuesTed Unangst
2016-07-20Make the size for the syn cache hash array tunable. As we areAlexander Bluhm
swapping between two syn caches for random reseeding anyway, this feature can be added easily. When the cache is empty, there is an opportunity to change the hash size. This allows an admin under SYN flood attack to defend his machine. Suggested by claudio@; OK jung@ claudio@ jmc@
2016-07-05Remove kern.random remnants; OK deraadt@Tim van der Molen
2016-06-30ntpys sysctl was removedTed Unangst
2016-06-29Document arptimeout, arpdown. Prodded by and ok jmc@Chris Cappuccio
2016-06-18Add net.inet.{tcp,udp}.rootonly sysctl, to mark which portsVincent Gross
cannot be bound to by non-root users. Ok millert@ bluhm@
2016-06-07Document the net.inet.tcp.synuselimit sysctl; OK bluhm@ jmc@Tim van der Molen
2016-06-01Kill sysctl net.inet6.ip6.rr_pruneJeremie Courreges-Anglas
We don't support Router Renumbering and there are no plans to change that. ok mpi@
2016-05-29wxabort bits; ok deraadtJason McIntyre
2016-05-23remove the sysctl kern.random counters, since none of the remainingTheo de Raadt
ones are capable of giving valuable works vs does-not-work evidence. ok tedu
2016-05-23VOP_REALLOCBLKS() and related code is unused since the removal ofMartin Natano
cluster_write(). ok beck zhuk
2016-05-19Remove sysctl net.inet6.ip6.v6onlyJeremie Courreges-Anglas
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless. Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
2016-05-04Kill #ifdef INET6 occurrences in userland.Jeremie Courreges-Anglas
Prompted by and ok millert@ (tcpdump and libpcap left untouched, the #ifdef force is too strong with those)
2016-03-31Don't use .Aq for syntax elements that require ASCII "<>".Ingo Schwarze
Patch from Christian Heckendorf <mbie at ulmus dot me>. OK jmc@ bentley@
2016-03-03Remove option USER_LDT and everything depending on it.Christian Weisgerber
Remove machdep.userldt sysctl. Remove i386_[gs]et_ldt syscall stub from libi386. Remove i386_[gs]et_ldt regression test. ok mlarkin@ millert@ guenther@
2016-02-29delete the kern.emul/KERN_EMUL sysctl bits since there are noChristian Weisgerber
emulations left; ok millert@ deraadt@, jmc@ (man pages)
2015-11-05document the other two net.inet6.ip6.ifq variables, ok logan mikebStuart Henderson
2015-11-05Correct my mistake in the previous patch:Loganaden Velvindron
net.inet6.ip6.ifq -> net.inet6.ip6.ifq.len Pointed out by Mike Belopuhov
2015-11-05Add an entry for net.inet6.ip6.ifq that dlg@ committed a while ago.Loganaden Velvindron
OK dlg@
2015-10-03If we care about placing core files from SUID programs in a safe place,Vadim Zhukov
lets do not suggest to provoke races and use -m option of mkdir(1). ok guenther@, "don't care" deraadt@ :)
2015-04-18Convert many atoi() calls to strtonum(), adding range checks and failureTheo de Raadt
handling along the way. Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
2015-02-13Direct people to netstat for the new multicast routing sysctls.Philip Guenther
problem noted by dcoppa@ ok claudio@
2015-02-09provide a net.inet6.ip6.ifq sysctl so people can see and fiddleDavid Gwynne
with the ip6intrq. ok claudio@
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2015-01-14pathconf(1) never happened.Theo de Raadt
ok guenther
2014-12-12put global_ptrace here too so users know how to spell it. poke by jmcTed Unangst
2014-11-19delete the KERN_VNODE sysctl. it fails to provide any isolation from theTed Unangst
kernel struct vnode defintion, and the only consumer (pstat) still needs kvm to read much of the required information. no great loss to always use kvm until there's a better replacement interface. ok deraadt millert uebayasi
2014-10-26Add a format specifier for the printf.Brad Smith
ok guenther@
2014-10-25Remove unnecessary netinet/in_systm.h include.Lawrence Teo
ok millert@
2014-10-23mention hw.perfpolicy; Daniel JakotsTheo de Raadt
2014-09-15Remove non-standard <sys/dkstat.h> header. It has not contained anythingMiod Vallat
related to disk stastics for almost 17 years, and the remaining userland-visible defines duplicate those found in <sys/sched.h>. Move the remaining _KERNEL defines to <sys/tty.h> where they belong, and update all users to cope with this. ok kettenis@
2014-08-27Nuke net.inet6.icmp6.rediraccept and allow redirects on interfacesFlorian Obser
with autoconf enabled. If one is doing SLAAC one does already trust link local icmp6 so the policy for icmp6 redirects should be the same. pointed out by & OK bluhm@; OK henning@
2014-08-20Remove userland bits related to the crypto(4) interface; ok deraadtMike Belopuhov
2014-08-16repair operation of kern.arandom, which will only allow a buffer ofTheo de Raadt
512 bytes. As a result, it stopped working... ok miod
2014-07-11net.inet6.ip6.accept_rtadv bit the bucketHenning Brauer
ok florian bluhm benno stsp
2014-07-11Remove rfc 4620 Node Information Query support (from the kernel).Sebastian Benoit
ok henning@ stu@, Yay! weerd@
2014-05-07Kill the {nd6_,}useloopback buttons, using the loopback interface forMartin Pieuchot
local traffic is not optional. ok mikeb@, stsp@, jca@
2014-05-07missing word in error message. ok millertTed Unangst
2014-05-07delete some crusty castsTed Unangst
2014-05-04tweak previous;Jason McIntyre
2014-05-04When kern.nosuidcoredump=3, act like =2 but try to dump cores intoTheo de Raadt
the /var/crash/programname/ directory, as root. For instance, # mkdir /var/crash/bgpd/ # chmod 700 /var/crash/bgpd/ # If you skip this step, you are a moron # sysctl kern.nosuidcoredump=3 # bgpd # pkill -ABRT bgpd # ls /var/crash/bgpd/ 14764.core 23207.core 6423.core Of course, in real life the idea is that you don't kill the daemon but it crashes and you collect parallel cores. Careful you don't fill your /var. Further tuneables are being considered. Sorry to be picking on bgpd for this example. I've watched the "too difficult to debug privsep code" angst for far too long. ok guenther
2014-04-27sort the ip6 sysctls;Jason McIntyre
2014-04-27Document net.inet6.ip6.dad_pending.Loganaden Velvindron
OK from jmc@, and thanks to sthen@ for pointing out my mistake in the first version of the diff.
2014-04-19Add missing description for IPv6 mtudisctimeout sysctl andlogan
rework the wording for both IPv4 and IPv6. OK from sthen@, henning@ and claudio@
2014-04-19Add missing man page descriptions for the following IPv6 sysctls:logan
-maxdynroutes -maxifprefixes -maxifdefrouters -neighborgcthresh OK from sthen@, claudio@ and henning@
2014-04-08Use VM_UVMEXP instead of VM_METER for memory usages and directlyMartin Pieuchot
include <sys/vmmeter.h> where it is needed instead of relying on it being included by <uvm/uvm_extern.h>. miod@ likes it, ok guenther@