1.\" $NetBSD: sysctl.8,v 1.159 2008/11/11 00:09:36 reed Exp $ 2.\" 3.\" Copyright (c) 2004 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 16.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 17.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 18.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 19.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25.\" POSSIBILITY OF SUCH DAMAGE. 26.\" 27.\" 28.\" Copyright (c) 1993 29.\" The Regents of the University of California. All rights reserved. 30.\" 31.\" Redistribution and use in source and binary forms, with or without 32.\" modification, are permitted provided that the following conditions 33.\" are met: 34.\" 1. Redistributions of source code must retain the above copyright 35.\" notice, this list of conditions and the following disclaimer. 36.\" 2. Redistributions in binary form must reproduce the above copyright 37.\" notice, this list of conditions and the following disclaimer in the 38.\" documentation and/or other materials provided with the distribution. 39.\" 3. Neither the name of the University nor the names of its contributors 40.\" may be used to endorse or promote products derived from this software 41.\" without specific prior written permission. 42.\" 43.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 44.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 47.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53.\" SUCH DAMAGE. 54.\" 55.\" @(#)sysctl.8 8.1 (Berkeley) 6/6/93 56.\" 57.Dd December 4, 2006 58.Dt SYSCTL 8 59.Os 60.Sh NAME 61.Nm sysctl 62.Nd get or set kernel state 63.Sh SYNOPSIS 64.Nm sysctl 65.Op Fl AdeMn 66.Oo 67.Fl r | 68.Fl x 69.Oc 70.Op Ar name ... 71.Nm sysctl 72.Op Fl nq 73.Oo 74.Fl r | 75.Fl x 76.Oc 77.Fl w 78.Ar name Ns Li = Ns Ar value ... 79.Nm sysctl 80.Op Fl en 81.Oo 82.Fl r | 83.Fl x 84.Oc 85.Fl a 86.Nm sysctl 87.Op Fl nq 88.Oo 89.Fl r | 90.Fl x 91.Oc 92.Fl f 93.Ar file 94.Sh DESCRIPTION 95The 96.Nm sysctl 97utility retrieves kernel state and allows processes with 98appropriate privilege to set kernel state. 99The state to be retrieved or set is described using a 100``Management Information Base'' (``MIB'') style name, 101described as a dotted set of components. 102The 103.Sq / 104character may also be used as a separator and a leading separator 105character is accepted. 106If 107.Ar name 108specifies a non-leaf node in the MIB, all the nodes underneath 109.Ar name 110will be printed. 111.Pp 112The following options are available: 113.Bl -tag -width indent 114.It Fl A 115List all the known MIB names including tables, unless any MIB 116arguments or 117.Fl f Ar file 118are given. 119Those with string or integer values will be printed as with the 120.Fl a 121flag; for table or structure values that 122.Nm 123is not able to print, 124the name of the utility to retrieve them is given. 125Errors in retrieving or setting values will be directed to stdout 126instead of stderr. 127.It Fl a 128List all the currently available string or integer values. 129The use of a solitary separator character (either 130.Sq \&. 131or 132.Sq / ) 133by 134itself has the same effect. 135Any given 136.Ar name 137arguments are ignored if this option is specified. 138.It Fl d 139Descriptions of each of the nodes selected will be printed instead of 140their values. 141.It Fl e 142Separate the name and the value of the variable(s) with 143.Ql = . 144This is useful for producing output which can be fed back to the 145.Nm 146utility. 147This option is ignored if 148.Fl n 149is specified or a variable is being set. 150.It Fl f 151Specifies the name of a file to read and process. 152Blank lines and comments (beginning with 153.Ql # ) 154are ignored. 155Line continuations with 156.Ql \e 157are permitted. 158Remaining lines are processed similarly to 159command line arguments of the form 160.Ar name 161or 162.Ar name Ns Li = Ns Ar value . 163The 164.Fl w 165flag is implied by 166.Fl f . 167Any 168.Ar name 169arguments are ignored. 170.It Fl M 171Makes 172.Nm 173print the MIB instead of any of the actual values contained in the 174MIB. 175This causes the entire MIB to be printed unless specific MIB arguments 176or 177.Fl f Ar file 178are also given. 179.It Fl n 180Specifies that the printing of the field name should be 181suppressed and that only its value should be output. 182This flag is useful for setting shell variables. 183For example, to save the pagesize in variable psize, use: 184.Bd -literal -offset indent -compact 185set psize=`sysctl -n hw.pagesize` 186.Ed 187.It Fl q 188Used to indicate that nothing should be printed for writes unless an 189error is detected. 190.It Fl r 191Raw output form. 192Values printed are in their raw binary forms as retrieved directly 193from the kernel. 194Some additional nodes that 195.Nm 196cannot print directly can be retrieved with this flag. 197This option conflicts with the 198.Fl x 199option. 200.It Fl w 201Sets the MIB style name given to the value given. 202The MIB style name and value must be separated by 203.Ql = 204with no whitespace. 205Only integral and string values can be set via this method. 206.It Fl x 207Makes 208.Nm 209print the requested value in a hexadecimal representation instead of 210its regular form. 211If specified more than once, the output for each value resembles that of 212.Xr hexdump 1 213when given the 214.Fl C 215flag. 216This option conflicts with the 217.Fl r 218option. 219.Pp 220.El 221The 222.Ql proc 223top-level MIB has a special semantic: it represent per-process values 224and as such may differ from one process to another. 225The second-level name is the pid of the process (in decimal form), 226or the special word 227.Ql curproc . 228For variables below 229.Ql proc. Ns Ao pid Ac Ns .rlimit , 230the integer value may be replaced 231with the string 232.Ql unlimited 233if it matches the magic value used to disable 234a limit. 235.Pp 236The information available from 237.Nm sysctl 238consists of integers, strings, and tables. 239The tabular information can only be retrieved by special 240purpose programs such as 241.Nm ps , 242.Nm systat , 243and 244.Nm netstat . 245See 246.Xr sysctl 7 247for description of available MIBs. 248.Sh CREATION AND DELETION 249New nodes are allowed to be created by the superuser when the kernel 250is running at security level 0. 251These new nodes may refer to existing kernel data or to new data that 252is only instrumented by 253.Xr sysctl 3 254itself. 255.Pp 256The syntax for creating new nodes is 257.Dq //create=new.node.path 258followed by one or more of the following attributes separated by 259commas. 260The use of a double separator (both 261.Sq / 262and 263.Sq \&. 264can be used as 265separators) as the prefix tells sysctl that the first series of tokens 266is not a MIB name, but a command. 267It is recommended that the double separator preceding the command not 268be the same as the separator used in naming the MIB entry so as to 269avoid possible parse conflicts. 270The 271.Dq value 272assigned, if one is given, must be last. 273.Pp 274.Bl -bullet -compact 275.It 276.Ar type= Ns Aq Ar T 277where 278.Ar T 279must be one of 280.Dq node , 281.Dq int , 282.Dq string , 283.Dq quad , 284or 285.Dq struct . 286If the type is omitted, the 287.Dq node 288type is assumed. 289.It 290.Ar size= Ns Aq Ar S 291here, 292.Ar S 293asserts the size of the new node. 294Nodes of type 295.Dq node 296should not have a size set. 297The size may be omitted for nodes of types 298.Dq int 299or 300.Dq quad . 301If the size is omitted for a node of type 302.Dq string , 303the size will be determined by the length of the given value, or by 304the kernel for kernel strings. 305Nodes of type 306.Dq struct 307must have their size explicitly set. 308.It 309.Ar addr= Ns Aq Ar A 310or 311.Ar symbol= Ns Aq Ar A 312The kernel address of the data being instrumented. 313If 314.Dq symbol 315is used, the symbol must be globally visible to the in-kernel 316.Xr ksyms 4 317driver. 318.It 319.Ar n= Ns Aq Ar N 320The MIB number to be assigned to the new node. 321If no number is specified, the kernel will assign a value. 322.It 323.Ar flags= Ns Aq Ar F 324A concatenated string of single letters that govern the behavior of 325the node. 326Flags currently available are: 327.Bl -tag -width www 328.It a 329Allow anyone to write to the node, if it is writable. 330.It h 331.Dq Hidden . 332.Nm 333must be invoked with 334.Fl A 335or the hidden node must be specifically requested in order to see it 336.It i 337.Dq Immediate . 338Makes the node store data in itself, rather than allocating new space 339for it. 340This is the default for nodes of type 341.Dq int 342and 343.Dq quad . 344This is the opposite of owning data. 345.It o 346.Dq Own . 347When the node is created, separate space will be allocated to store 348the data to be instrumented. 349This is the default for nodes of type 350.Dq string 351and 352.Dq struct 353where it is not possible to guarantee sufficient space to store the 354data in the node itself. 355.It p 356.Dq Private . 357Nodes that are marked private, and children of nodes so marked, are 358only viewable by the superuser. 359Be aware that the immediate data that some nodes may store is not 360necessarily protected by this. 361.It x 362.Dq Hexadecimal . 363Make 364.Nm 365default to hexadecimal display of the retrieved value 366.It r 367.Dq Read-only . 368The data instrumented by the given node is read-only. 369Note that other mechanisms may still exist for changing the data. 370This is the default for nodes that instrument data. 371.It w 372.Dq Writable . 373The data instrumented by the given node is writable at any time. 374This is the default for nodes that can have children. 375.It 1 376.Dq Read-only at securelevel 1 . 377The data instrumented by this node is writable until the securelevel 378reaches or passes securelevel 1. 379Examples of this include some network tunables. 380.It 2 381.Dq Read-only at securelevel 2 . 382The data instrumented by this node is writable until the securelevel 383reaches or passes securelevel 2. 384An example of this is the per-process core filename setting. 385.El 386.Pp 387.It 388.Ar value= Ns Aq Ar V 389An initial starting value for a new node that does not reference 390existing kernel data. 391Initial values can only be assigned for nodes of the 392.Dq int , 393.Dq quad , 394and 395.Dq string 396types. 397.El 398.Pp 399New nodes must fit the following set of criteria: 400.Pp 401.Bl -bullet -compact 402.It 403If the new node is to address an existing kernel object, only one of the 404.Dq symbol 405or 406.Dq addr 407arguments may be given. 408.It 409The size for a 410.Dq struct 411type node must be specified; no initial value is expected or permitted. 412.It 413Either the size or the initial value for a 414.Dq string 415node must be given. 416.It 417The node which will be the parent of the new node must be writable. 418.El 419.Pp 420If any of the given parameters describes an invalid configuration, 421.Nm 422will emit a diagnostic message to the standard error and exit. 423.Pp 424Descriptions can be added by the super-user to any node that does not 425have one, provided that the node is not marked with the 426.Dq PERMANENT 427flag. 428The syntax is similar to the syntax for creating new nodes with the 429exception of the keyword that follows the double separator at the 430start of the command: 431.Dq //describe=new.node.path=new node description . 432Once a description has been added, it cannot be changed or removed. 433.Pp 434When destroying nodes, only the path to the node is necessary, i.e., 435.Dq //destroy=old.node.path . 436No other parameters are expected or permitted. 437Nodes being destroyed must have no children, and their parent must be 438writable. 439Nodes that are marked with the 440.Dq Dv PERMANENT 441flag (as assigned by the kernel) may not be deleted. 442.Pp 443In all cases, the initial 444.Sq = 445that follows the command (eg, 446.Dq create , 447.Dq destroy , 448or 449.Dq describe ) 450may be replaced with another instance of the separator character, 451provided that the same separator character is used for the length of 452the name specification. 453.Sh FILES 454.Bl -tag -width /etc/sysctl.conf -compact 455.It Pa /etc/sysctl.conf 456.Nm 457variables set at boot time 458.El 459.Sh EXAMPLES 460For example, to retrieve the maximum number of processes allowed 461in the system, one would use the following request: 462.Bd -literal -offset indent -compact 463sysctl kern.maxproc 464.Ed 465.Pp 466To set the maximum number of processes allowed 467in the system to 1000, one would use the following request: 468.Bd -literal -offset indent -compact 469sysctl -w kern.maxproc=1000 470.Ed 471.Pp 472Information about the system clock rate may be obtained with: 473.Bd -literal -offset indent -compact 474sysctl kern.clockrate 475.Ed 476.Pp 477Information about the load average history may be obtained with: 478.Bd -literal -offset indent -compact 479sysctl vm.loadavg 480.Ed 481.Pp 482To view the values of the per-process variables of the current shell, 483the request: 484.Bd -literal -offset indent -compact 485sysctl proc.$$ 486.Ed 487can be used if the shell interpreter replaces $$ with its pid (this is true 488for most shells). 489.Pp 490To redirect core dumps to the 491.Pa /var/tmp/ Ns Aq username 492directory, 493.Bd -literal -offset indent -compact 494sysctl -w proc.$$.corename=/var/tmp/%u/%n.core 495.Ed 496should be used. 497.Bd -literal -offset indent -compact 498sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core 499.Ed 500changes the value for the sysctl process itself, and will not have the desired 501effect. 502.Pp 503To create the root of a new sub-tree called 504.Dq local 505add some children to the new node, and some descriptions: 506.Bd -literal -offset indent -compact 507sysctl -w //create=local 508sysctl -w //describe=local=my local sysctl tree 509sysctl -w //create=local.esm_debug,type=int,symbol=esm_debug,flags=w 510sysctl -w //describe=local.esm_debug=esm driver debug knob 511sysctl -w //create=local.audiodebug,type=int,symbol=audiodebug,flags=w 512sysctl -w //describe=local.audiodebug=generic audio debug knob 513.Ed 514Note that the children are made writable so that the two debug 515settings in question can be tuned arbitrarily. 516.Pp 517To destroy that same subtree: 518.Bd -literal -offset indent -compact 519sysctl -w //destroy=local.esm_debug 520sysctl -w //destroy=local.audiodebug 521sysctl -w //destroy=local 522.Ed 523.Sh SEE ALSO 524.Xr sysctl 3 , 525.Xr ksyms 4 , 526.Xr sysctl 7 , 527.Xr secmodel_securelevel 9 528.Sh HISTORY 529.Nm sysctl 530first appeared in 531.Bx 4.4 . 532