1.\" $NetBSD: sysctl.8,v 1.116 2004/10/15 08:47:16 daniel Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.8 8.1 (Berkeley) 6/6/93 31.\" 32.Dd October 15, 2004 33.Dt SYSCTL 8 34.Os 35.Sh NAME 36.Nm sysctl 37.Nd get or set kernel state 38.Sh SYNOPSIS 39.Nm sysctl 40.Op Fl AdeMn 41.Oo 42.Fl r | 43.Fl x 44.Oc 45.Op Ar name ... 46.Nm sysctl 47.Op Fl nq 48.Oo 49.Fl r | 50.Fl x 51.Oc 52.Fl w 53.Ar name Ns Li = Ns Ar value ... 54.Nm sysctl 55.Op Fl en 56.Oo 57.Fl r | 58.Fl x 59.Oc 60.Fl a 61.Nm sysctl 62.Op Fl nq 63.Oo 64.Fl r | 65.Fl x 66.Oc 67.Fl f 68.Ar file 69.Sh DESCRIPTION 70The 71.Nm sysctl 72utility retrieves kernel state and allows processes with 73appropriate privilege to set kernel state. 74The state to be retrieved or set is described using a 75``Management Information Base'' (``MIB'') style name, 76described as a dotted set of components. 77The 78.Sq / 79character may also be used as a separator and a leading separator 80character is accepted. 81If 82.Ar name 83specifies a non-leaf node in the MIB, all the nodes underneath 84.Ar name 85will be printed. 86.Pp 87The following options are available: 88.Bl -tag -width indent 89.It Fl A 90List all the known MIB names including tables, unless any MIB 91arguments or 92.Fl f Ar file 93are given. 94Those with string or integer values will be printed as with the 95.Fl a 96flag; for table or structure values that 97.Nm 98is not able to print, 99the name of the utility to retrieve them is given. 100Errors in retrieving or setting values will be directed to stdout 101instead of stderr. 102.It Fl a 103List all the currently available string or integer values. 104The use of a solitary separator character (either 105.Sq \&. 106or 107.Sq / ) 108by 109itself has the same effect. 110Any given 111.Ar name 112arguments are ignored if this option is specified. 113.It Fl d 114Descriptions of each of the nodes selected will be printed instead of 115their values. 116.It Fl e 117Separate the name and the value of the variable(s) with 118.Ql = . 119This is useful for producing output which can be fed back to the 120.Nm 121utility. 122This option is ignored if 123.Fl n 124is specified or a variable is being set. 125.It Fl f 126Specifies the name of a file to read and process. 127Blank lines and comments (beginning with 128.Ql # ) 129are ignored. 130Line continuations with 131.Ql \e 132are permitted. 133Remaining lines are processed similarly to 134command line arguments of the form 135.Ar name 136or 137.Ar name Ns Li = Ns Ar value . 138The 139.Fl w 140flag is implied by 141.Fl f . 142Any 143.Ar name 144arguments are ignored. 145.It Fl M 146Makes 147.Nm 148print the MIB instead of any of the actual values contained in the 149MIB. 150This causes the entire MIB to be printed unless specific MIB arguments 151or 152.Fl f Ar file 153are also given. 154.It Fl n 155Specifies that the printing of the field name should be 156suppressed and that only its value should be output. 157This flag is useful for setting shell variables. 158For example, to save the pagesize in variable psize, use: 159.Bd -literal -offset indent -compact 160set psize=`sysctl -n hw.pagesize` 161.Ed 162.It Fl q 163Used to indicate that nothing should be printed for writes unless an 164error is detected. 165.It Fl r 166Raw output form. 167Values printed are in their raw binary forms as retrieved directly 168from the kernel. 169Some additional nodes that 170.Nm 171cannot print directly can be retrieved with this flag. 172This option conflicts with the 173.Fl x 174option. 175.It Fl w 176Sets the MIB style name given to the value given. 177The MIB style name and value must be separated by 178.Ql = 179with no whitespace. 180Only integral and string values can be set via this method. 181.It Fl x 182Makes 183.Nm 184print the requested value in a hexadecimal representation instead of 185its regular form. 186If specified more than once, the output for each value resembles that of 187.Xr hexdump 1 188when given the 189.Fl C 190flag. 191This option conflicts with the 192.Fl r 193option. 194.Pp 195.El 196The 197.Ql proc 198top-level MIB has a special semantic: it represent per-process values 199and as such may differ from one process to another. 200The second-level name is the pid of the process (in decimal form), 201or the special word 202.Ql curproc . 203For variables below 204.Ql proc. Ns Ao pid Ac Ns .rlimit , 205the integer value may be replaced 206with the string 207.Ql unlimited 208if it matches the magic value used to disable 209a limit. 210.Pp 211The information available from 212.Nm sysctl 213consists of integers, strings, and tables. 214The tabular information can only be retrieved by special 215purpose programs such as 216.Nm ps , 217.Nm systat , 218and 219.Nm netstat . 220The string and integer information is summarized below. 221For a detailed description of these variable see 222.Xr sysctl 3 . 223The changeable column indicates whether a process with appropriate 224privilege can change the value. 225.Bl -column proc.xpidx.rlimit.coredumpsize.hardxxxxxx integerxxx 226.It Sy Name Type Changeable 227.It ddb.fromconsole integer yes 228.It ddb.lines integer yes 229.It ddb.maxoff integer yes 230.It ddb.maxwidth integer yes 231.It ddb.onpanic integer yes 232.It ddb.radix integer yes 233.It ddb.tabstops integer yes 234.It hw.alignbytes integer no 235.It hw.byteorder integer no 236.It hw.disknames string no 237.It hw.diskstats struct no 238.It hw.machine string no 239.It hw.machine_arch string no 240.It hw.model string no 241.It hw.ncpu integer no 242.It hw.pagesize integer no 243.It hw.physmem integer no 244.It hw.physmem64 quad no 245.It hw.usermem integer no 246.It hw.usermem64 quad no 247.It hw.cnmagic string yes 248.It kern.argmax integer no 249.It kern.autonicetime integer yes 250.It kern.autoniceval integer yes 251.It kern.boottime struct no 252.It kern.ccpu integer no 253.It kern.chown_restricted integer no 254.It kern.clockrate struct no 255.It kern.consdev integer no 256.It kern.cp_time struct no 257.It kern.defcorename string yes 258.It kern.domainname string yes 259.It kern.drivers struct no 260.It kern.forkfsleep integer yes 261.It kern.fscale integer no 262.It kern.fsync integer no 263.It kern.hostid integer yes 264.It kern.hostname string yes 265.It kern.iov_max integer no 266.It kern.job_control integer no 267.It kern.labeloffset integer no 268.It kern.labelsector integer no 269.It kern.link_max integer no 270.It kern.login_name_max integer no 271.It kern.logsigexit integer yes 272.It kern.max_canon integer no 273.It kern.max_input integer no 274.It kern.maxfiles integer yes 275.It kern.maxpartitions integer no 276.It kern.maxproc integer yes 277.It kern.maxptys integer yes, special 278.It kern.maxvnodes integer raise only 279.It kern.mapped_files integer no 280.It kern.maxphys integer no 281.It kern.memlock integer no 282.It kern.memlock_range integer no 283.It kern.memory_protection integer no 284.It kern.mbuf.mblowat integer yes 285.It kern.mbuf.mcllowat integer yes 286.It kern.mbuf.mclsize integer no 287.It kern.mbuf.msize integer no 288.It kern.mbuf.nmbclusters integer raise only 289.It kern.monotonic_clock integer no 290.It kern.msgbuf struct no 291.It kern.msgbufsize integer no 292.It kern.name_max integer no 293.It kern.ngroups integer no 294.It kern.no_trunc integer no 295.It kern.ntptime struct no 296.It kern.osrelease string no 297.It kern.osrevision integer no 298.It kern.ostype string no 299.It kern.path_max integer no 300.It kern.pipe.maxkvasz integer yes 301.It kern.pipe.maxloankvasz integer yes 302.It kern.pipe.maxbigpipes integer yes 303.It kern.pipe.nbigpipes integer no 304.It kern.pipe.kvasize integer no 305.It kern.posix1version integer no 306.It kern.posix_barriers integer no 307.It kern.posix_reader_writer_locks integer no 308.It kern.posix_semaphores integer no 309.It kern.posix_spin_locks integer no 310.It kern.posix_timers integer no 311.It kern.posix_threads integer no 312.It kern.proc2 struct no 313.It kern.proc_args string yes 314.It kern.rawpartition integer no 315.It kern.root_device string no 316.It kern.root_partition integer no 317.It kern.rtc_offset integer no 318.It kern.saved_ids integer no 319.It kern.sbmax integer yes 320.It kern.securelevel integer raise only 321.It kern.somaxkva integer yes 322.It kern.synchronized_io integer no 323.It kern.sysvipc_info struct no 324.It kern.sysvmsg integer no 325.It kern.sysvsem integer no 326.It kern.sysvshm integer no 327.It kern.timex struct no 328.It kern.tkstat.nin quad no 329.It kern.tkstat.nout quad no 330.It kern.tkstat.cancc quad no 331.It kern.tkstat.rawcc quad no 332.It kern.urnd integer no 333.It kern.vdisable integer no 334.It kern.version string no 335.It machdep.console_device dev_t no 336.It net.bpf.maxbufsize integer yes 337.It net.inet.arp.prune integer yes 338.It net.inet.arp.keep integer yes 339.It net.inet.arp.down integer yes 340.It net.inet.arp.refresh integer yes 341.It net.inet.icmp.maskrepl integer yes 342.It net.inet.icmp.errppslimit integer yes 343.It net.inet.icmp.rediraccept integer yes 344.It net.inet.icmp.redirtimeout integer yes 345.It net.inet.ip.allowsrcrt integer yes 346.It net.inet.ip.anonportmax integer yes 347.It net.inet.ip.anonportmin integer yes 348.It net.inet.ip.checkinterface integer yes 349.It net.inet.ip.directed-broadcast integer yes 350.It net.inet.ip.forwarding integer yes 351.It net.inet.ip.forwsrcrt integer yes 352.It net.inet.ip.maxfragpacket integer yes 353.It net.inet.ip.lowportmax integer yes 354.It net.inet.ip.lowportmin integer yes 355.It net.inet.ip.mtudisc integer yes 356.It net.inet.ip.mtudisctimeout integer yes 357.It net.inet.ip.redirect integer yes 358.It net.inet.ip.subnetsarelocal integer yes 359.It net.inet.ip.ttl integer yes 360.It net.inet.ipsec.ah_cleartos integer yes 361.It net.inet.ipsec.ah_net_deflev integer yes 362.It net.inet.ipsec.ah_offsetmask integer yes 363.It net.inet.ipsec.ah_trans_deflev integer yes 364.It net.inet.ipsec.def_policy integer yes 365.It net.inet.ipsec.dfbit integer yes 366.It net.inet.ipsec.ecn integer yes 367.It net.inet.ipsec.esp_net_deflev integer yes 368.It net.inet.ipsec.esp_trans_deflev integer yes 369.It net.inet.ipsec.inbound_call_ike integer yes 370.It net.inet.tcp.ack_on_push integer yes 371.It net.inet.tcp.compat_42 integer yes 372.It net.inet.tcp.cwm integer yes 373.It net.inet.tcp.cwm_burstsize integer yes 374.It net.inet.tcp.init_win integer yes 375.It net.inet.tcp.init_win_local integer yes 376.It net.inet.tcp.keepcnt integer yes 377.It net.inet.tcp.keepidle integer yes 378.It net.inet.tcp.keepintvl integer yes 379.It net.inet.tcp.log_refused integer yes 380.It net.inet.tcp.mss_ifmtu integer yes 381.It net.inet.tcp.mssdflt integer yes 382.It net.inet.tcp.recvspace integer yes 383.It net.inet.tcp.rfc1323 integer yes 384.It net.inet.tcp.rstppslimit integer yes 385.It net.inet.tcp.sack integer yes 386.It net.inet.tcp.sendspace integer yes 387.It net.inet.tcp.slowhz integer no 388.It net.inet.tcp.syn_bucket_limit integer yes 389.It net.inet.tcp.syn_cache_interval integer yes 390.It net.inet.tcp.syn_cache_limit integer yes 391.It net.inet.tcp.timestamps integer yes 392.It net.inet.tcp.win_scale integer yes 393.It net.inet.tcp.ident struct no 394.It net.inet.udp.checksum integer yes 395.It net.inet.udp.recvspace integer yes 396.It net.inet.udp.sendspace integer yes 397.It net.inet6.icmp6.errppslimit integer yes 398.It net.inet6.icmp6.mtudisc_hiwat integer yes 399.It net.inet6.icmp6.mtudisc_lowat integer yes 400.It net.inet6.icmp6.nd6_debug integer yes 401.It net.inet6.icmp6.nd6_delay integer yes 402.It net.inet6.icmp6.nd6_maxnudhint integer yes 403.It net.inet6.icmp6.nd6_mmaxtries integer yes 404.It net.inet6.icmp6.nd6_prune integer yes 405.It net.inet6.icmp6.nd6_umaxtries integer yes 406.It net.inet6.icmp6.nd6_useloopback integer yes 407.It net.inet6.icmp6.nodeinfo integer yes 408.It net.inet6.icmp6.rediraccept integer yes 409.It net.inet6.icmp6.redirtimeout integer yes 410.It net.inet6.ip6.accept_rtadv integer yes 411.It net.inet6.ip6.anonportmax integer yes 412.It net.inet6.ip6.anonportmin integer yes 413.It net.inet6.ip6.auto_flowlabel integer yes 414.It net.inet6.ip6.v6only integer yes 415.It net.inet6.ip6.dad_count integer yes 416.It net.inet6.ip6.defmcasthlim integer yes 417.It net.inet6.ip6.forwarding integer yes 418.It net.inet6.ip6.gif_hlim integer yes 419.It net.inet6.ip6.hdrnestlimit integer yes 420.It net.inet6.ip6.hlim integer yes 421.It net.inet6.ip6.kame_version string no 422.It net.inet6.ip6.keepfaith integer yes 423.It net.inet6.ip6.log_interval integer yes 424.It net.inet6.ip6.lowportmax integer yes 425.It net.inet6.ip6.lowportmin integer yes 426.It net.inet6.ip6.maxfragpackets integer yes 427.It net.inet6.ip6.maxfrags integer yes 428.It net.inet6.ip6.redirect integer yes 429.It net.inet6.ip6.rr_prune integer yes 430.It net.inet6.ip6.use_deprecated integer yes 431.It net.inet6.ipsec6.ah_net_deflev integer yes 432.It net.inet6.ipsec6.ah_trans_deflev integer yes 433.It net.inet6.ipsec6.def_policy integer yes 434.It net.inet6.ipsec6.ecn integer yes 435.It net.inet6.ipsec6.esp_net_deflev integer yes 436.It net.inet6.ipsec6.esp_trans_deflev integer yes 437.It net.inet6.ipsec6.inbound_call_ike integer yes 438.It net.inet6.udp6.recvspace integer yes 439.It net.inet6.udp6.sendspace integer yes 440.It net.key.acq_exp_int integer yes 441.It net.key.acq_maxtime integer yes 442.It net.key.ah_keymin integer yes 443.It net.key.debug integer yes 444.It net.key.esp_auth integer yes 445.It net.key.esp_keymin integer yes 446.It net.key.kill_int integer yes 447.It net.key.spi_max_value integer yes 448.It net.key.spi_min_value integer yes 449.It net.key.spi_try integer yes 450.It proc.\*[Lt]pid\*[Gt].corename string yes 451.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.hard integer yes 452.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.soft integer yes 453.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.hard integer yes 454.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.soft integer yes 455.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.hard integer yes 456.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.soft integer yes 457.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.hard integer yes 458.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.soft integer yes 459.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.hard integer yes 460.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.soft integer yes 461.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.hard integer yes 462.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.soft integer yes 463.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.hard integer yes 464.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.soft integer yes 465.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.hard integer yes 466.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.soft integer yes 467.It proc.\*[Lt]pid\*[Gt].stopexec int yes 468.It proc.\*[Lt]pid\*[Gt].stopfork int yes 469.It user.bc_base_max integer no 470.It user.bc_dim_max integer no 471.It user.bc_scale_max integer no 472.It user.bc_string_max integer no 473.It user.coll_weights_max integer no 474.It user.cs_path string no 475.It user.expr_nest_max integer no 476.It user.line_max integer no 477.It user.posix2_c_bind integer no 478.It user.posix2_c_dev integer no 479.It user.posix2_char_term integer no 480.It user.posix2_fort_dev integer no 481.It user.posix2_fort_run integer no 482.It user.posix2_localedef integer no 483.It user.posix2_sw_dev integer no 484.It user.posix2_upe integer no 485.It user.posix2_version integer no 486.It user.re_dup_max integer no 487.It vendor.\*[Lt]vendor\*[Gt].* ? vendor specific 488.It vfs.generic.usermount integer yes 489.It vfs.nfs.iothreads integer yes 490.It vm.anonmax integer yes 491.It vm.anonmin integer yes 492.It vm.bufcache integer yes 493.It vm.bufmem integer no 494.It vm.bufmem_lowater integer yes 495.It vm.bufmem_hiwater integer yes 496.It vm.execmax integer yes 497.It vm.execmin integer yes 498.It vm.filemax integer yes 499.It vm.filemin integer yes 500.It vm.loadavg struct no 501.It vm.nkmempages integer no 502.It vm.uvmexp struct no 503.It vm.uvmexp2 struct no 504.It vm.vmmeter struct no 505.El 506.Pp 507Entries found under 508.Dq vendor. Ns Aq vendor 509are left to be specified (and used) by vendors 510using the 511.Nx 512operating system in their products. 513Values and structure are vendor-defined, and no registry 514exists right now. 515.Sh CREATION AND DELETION 516New nodes are allowed to be created by the superuser when the kernel 517is running at security level 0. 518These new nodes may refer to existing kernel data or to new data that 519is only instrumented by 520.Xr sysctl 3 521itself. 522.Pp 523The syntax for creating new nodes is 524.Dq //create=new.node.path 525followed by one or more of the following attributes separated by 526commas. 527The use of a double separator (both 528.Sq / 529and 530.Sq \&. 531can be used as 532separators) as the prefix tells sysctl that the first series of tokens 533is not a MIB name, but a command. 534It is recommended that the double separator preceding the command not 535be the same as the separator used in naming the MIB entry so as to 536avoid possible parse conflicts. 537The 538.Dq value 539assigned, if one is given, must be last. 540.Pp 541.Bl -bullet -compact 542.It 543.Ar type= Ns Aq Ar T 544where 545.Ar T 546must be one of 547.Dq node , 548.Dq int , 549.Dq string , 550.Dq quad , 551or 552.Dq struct . 553If the type is omitted, the 554.Dq node 555type is assumed. 556.It 557.Ar size= Ns Aq Ar S 558here, 559.Ar S 560asserts the size of the new node. 561Nodes of type 562.Dq node 563should not have a size set. 564The size may be omitted for nodes of types 565.Dq int 566or 567.Dq quad . 568If the size is omitted for a node of type 569.Dq string , 570the size will be determined by the length of the given value, or by 571the kernel for kernel strings. 572Nodes of type 573.Dq struct 574must have their size explicitly set. 575.It 576.Ar addr= Ns Aq Ar A 577or 578.Ar symbol= Ns Aq Ar A 579The kernel address of the data being instrumented. 580If 581.Dq symbol 582is used, the symbol must be globally visible to the in-kernel 583.Xr ksyms 4 584driver. 585.It 586.Ar n= Ns Aq Ar N 587The MIB number to be assigned to the new node. 588If no number is specified, the kernel will assign a value. 589.It 590.Ar flags= Ns Aq Ar F 591A concatenated string of single letters that govern the behavior of 592the node. 593Flags currently available are: 594.Bl -tag -width www 595.It a 596Allow anyone to write to the node, if it is writable. 597.It h 598.Dq Hidden . 599.Nm 600must be invoked with 601.Fl A 602or the hidden node must be specifically requested in order to see it 603.It i 604.Dq Immediate . 605Makes the node store data in itself, rather than allocating new space 606for it. 607This is the default for nodes of type 608.Dq int 609and 610.Dq quad . 611This is the opposite of owning data. 612.It o 613.Dq Own . 614When the node is created, separate space will be allocated to store 615the data to be instrumented. 616This is the default for nodes of type 617.Dq string 618and 619.Dq struct 620where it is not possible to guarantee sufficient space to store the 621data in the node itself. 622.It p 623.Dq Private . 624Nodes that are marked private, and children of nodes so marked, are 625only viewable by the superuser. 626Be aware that the immediate data that some nodes may store is not 627necessarily protected by this. 628.It x 629.Dq Hexadecimal . 630Make 631.Nm 632default to hexadecimal display of the retrieved value 633.It r 634.Dq Read-only . 635The data instrumented by the given node is read-only. 636Note that other mechanisms may still exist for changing the data. 637This is the default for nodes that instrument data. 638.It w 639.Dq Writable . 640The data instrumented by the given node is writable at any time. 641This is the default for nodes that can have children. 642.It 1 643.Dq Read-only at securelevel 1 . 644The data instrumented by this node is writable until the securelevel 645reaches or passes securelevel 1. 646Examples of this include some network tunables. 647.It 2 648.Dq Read-only at securelevel 2 . 649The data instrumented by this node is writable until the securelevel 650reaches or passes securelevel 2. 651An example of this is the per-process core filename setting. 652.El 653.Pp 654.It 655.Ar value= Ns Aq Ar V 656An initial starting value for a new node that does not reference 657existing kernel data. 658Initial values can only be assigned for nodes of the 659.Dq int , 660.Dq quad , 661and 662.Dq string 663types. 664.El 665.Pp 666New nodes must fit the following set of criteria: 667.Pp 668.Bl -bullet -compact 669.It 670If the new node is to address an existing kernel object, only one of the 671.Dq symbol 672or 673.Dq addr 674arguments may be given. 675.It 676The size for a 677.Dq struct 678type node must be specified; no initial value is expected or permitted. 679.It 680Either the size or the initial value for a 681.Dq string 682node must be given. 683.It 684The node which will be the parent of the new node must be writable. 685.El 686.Pp 687If any of the given parameters describes an invalid configuration, 688.Nm 689will emit a diagnostic message to the standard error and exit. 690.Pp 691Descriptions can be added by the super-user to any node that does not 692have one, provided that the node is not marked with the 693.Dq PERMANENT 694flag. 695The syntax is similar to the syntax for creating new nodes with the 696exception of the keyword that follows the double separator at the 697start of the command: 698.Dq //describe=new.node.path=new node description . 699Once a description has been added, it cannot be changed or removed. 700.Pp 701When destroying nodes, only the path to the node is necessary, i.e., 702.Dq //destroy=old.node.path . 703No other parameters are expected or permitted. 704Nodes being destroyed must have no children, and their parent must be 705writable. 706Nodes that are marked with the 707.Dq Dv PERMANENT 708flag (as assigned by the kernel) may not be deleted. 709.Pp 710In all cases, the initial 711.Sq = 712that follows the command (eg, 713.Dq create , 714.Dq destroy , 715or 716.Dq describe ) 717may be replaced with another instance of the separator character, 718provided that the same separator character is used for the length of 719the name specification. 720.Sh FILES 721.Bl -tag -width xnetinet6/udp6Xvar.hx -compact 722.It Pa /etc/sysctl.conf 723.Nm 724variables set at boot time 725.It Aq Pa sys/sysctl.h 726definitions for top level identifiers, second level kernel and hardware 727identifiers, and user level identifiers 728.It Aq Pa sys/socket.h 729definitions for second level network identifiers 730.It Aq Pa sys/gmon.h 731definitions for third level profiling identifiers 732.It Aq Pa uvm/uvm_param.h 733definitions for second level virtual memory identifiers 734.It Aq Pa netinet/in.h 735definitions for third level IPv4/v6 identifiers and 736fourth level IPv4/v6 identifiers 737.It Aq Pa netinet/icmp_var.h 738definitions for fourth level ICMP identifiers 739.It Aq Pa netinet/icmp6.h 740definitions for fourth level ICMPv6 identifiers 741.It Aq Pa netinet/tcp_var.h 742definitions for fourth level TCP identifiers 743.It Aq Pa netinet/udp_var.h 744definitions for fourth level UDP identifiers 745.It Aq Pa netinet6/udp6_var.h 746definitions for fourth level IPv6 UDP identifiers 747.It Aq Pa netinet6/ipsec.h 748definitions for fourth level IPsec identifiers 749.It Aq Pa netkey/key_var.h 750definitions for third level PF_KEY identifiers 751.El 752.Sh EXAMPLES 753For example, to retrieve the maximum number of processes allowed 754in the system, one would use the following request: 755.Bd -literal -offset indent -compact 756sysctl kern.maxproc 757.Ed 758.Pp 759To set the maximum number of processes allowed 760in the system to 1000, one would use the following request: 761.Bd -literal -offset indent -compact 762sysctl -w kern.maxproc=1000 763.Ed 764.Pp 765Information about the system clock rate may be obtained with: 766.Bd -literal -offset indent -compact 767sysctl kern.clockrate 768.Ed 769.Pp 770Information about the load average history may be obtained with: 771.Bd -literal -offset indent -compact 772sysctl vm.loadavg 773.Ed 774.Pp 775To view the values of the per-process variables of the current shell, 776the request: 777.Bd -literal -offset indent -compact 778sysctl proc.$$ 779.Ed 780can be used if the shell interpreter replaces $$ with its pid (this is true 781for most shells). 782.Pp 783To redirect core dumps to the 784.Pa /var/tmp/ Ns Aq username 785directory, 786.Bd -literal -offset indent -compact 787sysctl -w proc.$$.corename=/var/tmp/%u/%n.core 788.Ed 789should be used. 790.Bd -literal -offset indent -compact 791sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core 792.Ed 793changes the value for the sysctl process itself, and will not have the desired 794effect. 795.Pp 796To create the root of a new sub-tree called 797.Dq local 798add some children to the new node, and some descriptions: 799.Bd -literal -offset indent -compact 800sysctl -w //create=local 801sysctl -w //describe=local=my local sysctl tree 802sysctl -w //create=local.esm_debug,type=int,symbol=esm_debug,flags=w 803sysctl -w //describe=local.esm_debug=esm driver debug knob 804sysctl -w //create=local.audiodebug,type=int,symbol=audiodebug,flags=w 805sysctl -w //describe=local.audiodebug=generic audio debug knob 806.Ed 807Note that the children are made writable so that the two debug 808settings in question can be tuned arbitrarily. 809.Pp 810To destroy that same subtree: 811.Bd -literal -offset indent -compact 812sysctl -w //destroy=local.esm_debug 813sysctl -w //destroy=local.audiodebug 814sysctl -w //destroy=local 815.Ed 816.Sh SEE ALSO 817.Xr sysctl 3 , 818.Xr ksyms 4 819.Sh HISTORY 820.Nm sysctl 821first appeared in 822.Bx 4.4 . 823