1.\" $NetBSD: sysctl.8,v 1.113 2004/04/28 20:28:39 snj Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.8 8.1 (Berkeley) 6/6/93 31.\" 32.Dd April 28, 2004 33.Dt SYSCTL 8 34.Os 35.Sh NAME 36.Nm sysctl 37.Nd get or set kernel state 38.Sh SYNOPSIS 39.Nm sysctl 40.Op Fl AdeMn 41.Oo 42.Fl r | 43.Fl x 44.Oc 45.Op Ar name ... 46.Nm sysctl 47.Op Fl nq 48.Oo 49.Fl r | 50.Fl x 51.Oc 52.Fl w 53.Ar name Ns Li = Ns Ar value ... 54.Nm sysctl 55.Op Fl en 56.Oo 57.Fl r | 58.Fl x 59.Oc 60.Fl a 61.Nm sysctl 62.Op Fl nq 63.Oo 64.Fl r | 65.Fl x 66.Oc 67.Fl f 68.Ar file 69.Sh DESCRIPTION 70The 71.Nm sysctl 72utility retrieves kernel state and allows processes with 73appropriate privilege to set kernel state. 74The state to be retrieved or set is described using a 75``Management Information Base'' (``MIB'') style name, 76described as a dotted set of components. 77The 78.Sq / 79character may also be used as a separator and a leading separator 80character is accepted. 81If 82.Ar name 83specifies a non-leaf node in the MIB, all the nodes underneath 84.Ar name 85will be printed. 86.Pp 87The following options are available: 88.Bl -tag -width indent 89.It Fl A 90List all the known MIB names including tables, unless any MIB 91arguments or 92.Fl f Ar file 93are given. 94Those with string or integer values will be printed as with the 95.Fl a 96flag; for table or structure values that 97.Nm 98is not able to print, 99the name of the utility to retrieve them is given. 100Errors in retrieving or setting values will be directed to stdout 101instead of stderr. 102.It Fl a 103List all the currently available string or integer values. 104The use of a solitary separator character (either 105.Sq \&. 106or 107.Sq / ) 108by 109itself has the same effect. 110Any given 111.Ar name 112arguments are ignored if this option is specified. 113.It Fl d 114Descriptions of each of the nodes selected will be printed instead of 115their values. 116.It Fl e 117Separate the name and the value of the variable(s) with 118.Ql = . 119This is useful for producing output which can be fed back to the 120.Nm 121utility. 122This option is ignored if 123.Fl n 124is specified or a variable is being set. 125.It Fl f 126Specifies the name of a file to read and process. 127Blank lines and comments (beginning with 128.Ql # ) 129are ignored. 130Line continuations with 131.Ql \e 132are permitted. 133Remaining lines are processed similarly to 134command line arguments of the form 135.Ar name 136or 137.Ar name Ns Li = Ns Ar value . 138The 139.Fl w 140flag is implied by 141.Fl f . 142Any 143.Ar name 144arguments are ignored. 145.It Fl M 146Makes 147.Nm 148print the MIB instead of any of the actual values contained in the 149MIB. 150This causes the entire MIB to be printed unless specific MIB arguments 151or 152.Fl f Ar file 153are also given. 154.It Fl n 155Specifies that the printing of the field name should be 156suppressed and that only its value should be output. 157This flag is useful for setting shell variables. 158For example, to save the pagesize in variable psize, use: 159.Bd -literal -offset indent -compact 160set psize=`sysctl -n hw.pagesize` 161.Ed 162.It Fl q 163Used to indicate that nothing should be printed for writes unless an 164error is detected. 165.It Fl r 166Raw output form. 167Values printed are in their raw binary forms as retrieved directly 168from the kernel. 169Some additional nodes that 170.Nm 171cannot print directly can be retrieved with this flag. 172This option conflicts with the 173.Fl x 174option. 175.It Fl w 176Sets the MIB style name given to the value given. 177The MIB style name and value must be separated by 178.Ql = 179with no whitespace. 180Only integral and string values can be set via this method. 181.It Fl x 182Makes 183.Nm 184print the requested value in a hexadecimal representation instead of 185its regular form. 186If specified more than once, the output for each value resembles that of 187.Xr hexdump 1 188when given the 189.Fl C 190flag. 191This option conflicts with the 192.Fl r 193option. 194.Pp 195.El 196The 197.Ql proc 198top-level MIB has a special semantic: it represent per-process values 199and as such may differ from one process to another. 200The second-level name is the pid of the process (in decimal form), 201or the special word 202.Ql curproc . 203For variables below 204.Ql proc. Ns Ao pid Ac Ns .rlimit , 205the integer value may be replaced 206with the string 207.Ql unlimited 208if it matches the magic value used to disable 209a limit. 210.Pp 211The information available from 212.Nm sysctl 213consists of integers, strings, and tables. 214The tabular information can only be retrieved by special 215purpose programs such as 216.Nm ps , 217.Nm systat , 218and 219.Nm netstat . 220The string and integer information is summarized below. 221For a detailed description of these variable see 222.Xr sysctl 3 . 223The changeable column indicates whether a process with appropriate 224privilege can change the value. 225.Bl -column proc.xpidx.rlimit.coredumpsize.hardxxxxxx integerxxx 226.It Sy Name Type Changeable 227.It ddb.fromconsole integer yes 228.It ddb.lines integer yes 229.It ddb.maxoff integer yes 230.It ddb.maxwidth integer yes 231.It ddb.onpanic integer yes 232.It ddb.radix integer yes 233.It ddb.tabstops integer yes 234.It hw.alignbytes integer no 235.It hw.byteorder integer no 236.It hw.disknames string no 237.It hw.diskstats struct no 238.It hw.machine string no 239.It hw.machine_arch string no 240.It hw.model string no 241.It hw.ncpu integer no 242.It hw.pagesize integer no 243.It hw.physmem integer no 244.It hw.physmem64 quad no 245.It hw.usermem integer no 246.It hw.usermem64 quad no 247.It hw.cnmagic string yes 248.It kern.argmax integer no 249.It kern.autonicetime integer yes 250.It kern.autoniceval integer yes 251.It kern.boottime struct no 252.It kern.ccpu integer no 253.It kern.chown_restricted integer no 254.It kern.clockrate struct no 255.It kern.consdev integer no 256.It kern.cp_time struct no 257.It kern.defcorename string yes 258.It kern.domainname string yes 259.It kern.drivers struct no 260.It kern.forkfsleep integer yes 261.It kern.fscale integer no 262.It kern.fsync integer no 263.It kern.hostid integer yes 264.It kern.hostname string yes 265.It kern.iov_max integer no 266.It kern.job_control integer no 267.It kern.labeloffset integer no 268.It kern.labelsector integer no 269.It kern.link_max integer no 270.It kern.login_name_max integer no 271.It kern.logsigexit integer yes 272.It kern.max_canon integer no 273.It kern.max_input integer no 274.It kern.maxfiles integer yes 275.It kern.maxpartitions integer no 276.It kern.maxproc integer yes 277.It kern.maxptys integer yes, special 278.It kern.maxvnodes integer raise only 279.It kern.mapped_files integer no 280.It kern.maxphys integer no 281.It kern.memlock integer no 282.It kern.memlock_range integer no 283.It kern.memory_protection integer no 284.It kern.mbuf.mblowat integer yes 285.It kern.mbuf.mcllowat integer yes 286.It kern.mbuf.mclsize integer no 287.It kern.mbuf.msize integer no 288.It kern.mbuf.nmbclusters integer raise only 289.It kern.monotonic_clock integer no 290.It kern.msgbuf struct no 291.It kern.msgbufsize integer no 292.It kern.name_max integer no 293.It kern.ngroups integer no 294.It kern.no_trunc integer no 295.It kern.ntptime struct no 296.It kern.osrelease string no 297.It kern.osrevision integer no 298.It kern.ostype string no 299.It kern.path_max integer no 300.It kern.pipe.maxkvasz integer yes 301.It kern.pipe.maxloankvasz integer yes 302.It kern.pipe.maxbigpipes integer yes 303.It kern.pipe.nbigpipes integer no 304.It kern.pipe.kvasize integer no 305.It kern.posix1version integer no 306.It kern.posix_barriers integer no 307.It kern.posix_reader_writer_locks integer no 308.It kern.posix_semaphores integer no 309.It kern.posix_spin_locks integer no 310.It kern.posix_timers integer no 311.It kern.posix_threads integer no 312.It kern.proc2 struct no 313.It kern.proc_args string yes 314.It kern.rawpartition integer no 315.It kern.root_device string no 316.It kern.root_partition integer no 317.It kern.rtc_offset integer no 318.It kern.saved_ids integer no 319.It kern.sbmax integer yes 320.It kern.securelevel integer raise only 321.It kern.somaxkva integer yes 322.It kern.synchronized_io integer no 323.It kern.sysvipc_info struct no 324.It kern.sysvmsg integer no 325.It kern.sysvsem integer no 326.It kern.sysvshm integer no 327.It kern.timex struct no 328.It kern.tkstat.nin quad no 329.It kern.tkstat.nout quad no 330.It kern.tkstat.cancc quad no 331.It kern.tkstat.rawcc quad no 332.It kern.urnd integer no 333.It kern.vdisable integer no 334.It kern.version string no 335.It machdep.console_device dev_t no 336.It net.bpf.maxbufsize integer yes 337.It net.inet.arp.prune integer yes 338.It net.inet.arp.keep integer yes 339.It net.inet.arp.down integer yes 340.It net.inet.arp.refresh integer yes 341.It net.inet.icmp.maskrepl integer yes 342.It net.inet.icmp.errppslimit integer yes 343.It net.inet.icmp.rediraccept integer yes 344.It net.inet.icmp.redirtimeout integer yes 345.It net.inet.ip.allowsrcrt integer yes 346.It net.inet.ip.anonportmax integer yes 347.It net.inet.ip.anonportmin integer yes 348.It net.inet.ip.checkinterface integer yes 349.It net.inet.ip.directed-broadcast integer yes 350.It net.inet.ip.forwarding integer yes 351.It net.inet.ip.forwsrcrt integer yes 352.It net.inet.ip.maxfragpacket integer yes 353.It net.inet.ip.lowportmax integer yes 354.It net.inet.ip.lowportmin integer yes 355.It net.inet.ip.mtudisc integer yes 356.It net.inet.ip.mtudisctimeout integer yes 357.It net.inet.ip.redirect integer yes 358.It net.inet.ip.subnetsarelocal integer yes 359.It net.inet.ip.ttl integer yes 360.It net.inet.ipsec.ah_cleartos integer yes 361.It net.inet.ipsec.ah_net_deflev integer yes 362.It net.inet.ipsec.ah_offsetmask integer yes 363.It net.inet.ipsec.ah_trans_deflev integer yes 364.It net.inet.ipsec.def_policy integer yes 365.It net.inet.ipsec.dfbit integer yes 366.It net.inet.ipsec.ecn integer yes 367.It net.inet.ipsec.esp_net_deflev integer yes 368.It net.inet.ipsec.esp_trans_deflev integer yes 369.It net.inet.ipsec.inbound_call_ike integer yes 370.It net.inet.tcp.ack_on_push integer yes 371.It net.inet.tcp.compat_42 integer yes 372.It net.inet.tcp.cwm integer yes 373.It net.inet.tcp.cwm_burstsize integer yes 374.It net.inet.tcp.init_win integer yes 375.It net.inet.tcp.init_win_local integer yes 376.It net.inet.tcp.keepcnt integer yes 377.It net.inet.tcp.keepidle integer yes 378.It net.inet.tcp.keepintvl integer yes 379.It net.inet.tcp.log_refused integer yes 380.It net.inet.tcp.mss_ifmtu integer yes 381.It net.inet.tcp.mssdflt integer yes 382.It net.inet.tcp.recvspace integer yes 383.It net.inet.tcp.rfc1323 integer yes 384.It net.inet.tcp.rstppslimit integer yes 385.It net.inet.tcp.sack integer yes 386.It net.inet.tcp.sendspace integer yes 387.It net.inet.tcp.slowhz integer no 388.It net.inet.tcp.syn_bucket_limit integer yes 389.It net.inet.tcp.syn_cache_interval integer yes 390.It net.inet.tcp.syn_cache_limit integer yes 391.It net.inet.tcp.timestamps integer yes 392.It net.inet.tcp.win_scale integer yes 393.It net.inet.tcp.ident struct no 394.It net.inet.udp.checksum integer yes 395.It net.inet.udp.recvspace integer yes 396.It net.inet.udp.sendspace integer yes 397.It net.inet6.icmp6.errppslimit integer yes 398.It net.inet6.icmp6.mtudisc_hiwat integer yes 399.It net.inet6.icmp6.mtudisc_lowat integer yes 400.It net.inet6.icmp6.nd6_debug integer yes 401.It net.inet6.icmp6.nd6_delay integer yes 402.It net.inet6.icmp6.nd6_maxnudhint integer yes 403.It net.inet6.icmp6.nd6_mmaxtries integer yes 404.It net.inet6.icmp6.nd6_prune integer yes 405.It net.inet6.icmp6.nd6_umaxtries integer yes 406.It net.inet6.icmp6.nd6_useloopback integer yes 407.It net.inet6.icmp6.nodeinfo integer yes 408.It net.inet6.icmp6.rediraccept integer yes 409.It net.inet6.icmp6.redirtimeout integer yes 410.It net.inet6.ip6.accept_rtadv integer yes 411.It net.inet6.ip6.anonportmax integer yes 412.It net.inet6.ip6.anonportmin integer yes 413.It net.inet6.ip6.auto_flowlabel integer yes 414.It net.inet6.ip6.v6only integer yes 415.It net.inet6.ip6.dad_count integer yes 416.It net.inet6.ip6.defmcasthlim integer yes 417.It net.inet6.ip6.forwarding integer yes 418.It net.inet6.ip6.gif_hlim integer yes 419.It net.inet6.ip6.hdrnestlimit integer yes 420.It net.inet6.ip6.hlim integer yes 421.It net.inet6.ip6.kame_version string no 422.It net.inet6.ip6.keepfaith integer yes 423.It net.inet6.ip6.log_interval integer yes 424.It net.inet6.ip6.lowportmax integer yes 425.It net.inet6.ip6.lowportmin integer yes 426.It net.inet6.ip6.maxfragpackets integer yes 427.It net.inet6.ip6.maxfrags integer yes 428.It net.inet6.ip6.redirect integer yes 429.It net.inet6.ip6.rr_prune integer yes 430.It net.inet6.ip6.use_deprecated integer yes 431.It net.inet6.ipsec6.ah_net_deflev integer yes 432.It net.inet6.ipsec6.ah_trans_deflev integer yes 433.It net.inet6.ipsec6.def_policy integer yes 434.It net.inet6.ipsec6.ecn integer yes 435.It net.inet6.ipsec6.esp_net_deflev integer yes 436.It net.inet6.ipsec6.esp_trans_deflev integer yes 437.It net.inet6.ipsec6.inbound_call_ike integer yes 438.It net.inet6.udp6.recvspace integer yes 439.It net.inet6.udp6.sendspace integer yes 440.It net.key.acq_exp_int integer yes 441.It net.key.acq_maxtime integer yes 442.It net.key.ah_keymin integer yes 443.It net.key.debug integer yes 444.It net.key.esp_auth integer yes 445.It net.key.esp_keymin integer yes 446.It net.key.kill_int integer yes 447.It net.key.random_int integer yes 448.It net.key.spi_max_value integer yes 449.It net.key.spi_min_value integer yes 450.It net.key.spi_try integer yes 451.It proc.\*[Lt]pid\*[Gt].corename string yes 452.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.hard integer yes 453.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.soft integer yes 454.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.hard integer yes 455.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.soft integer yes 456.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.hard integer yes 457.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.soft integer yes 458.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.hard integer yes 459.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.soft integer yes 460.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.hard integer yes 461.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.soft integer yes 462.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.hard integer yes 463.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.soft integer yes 464.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.hard integer yes 465.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.soft integer yes 466.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.hard integer yes 467.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.soft integer yes 468.It proc.\*[Lt]pid\*[Gt].stopexec int yes 469.It proc.\*[Lt]pid\*[Gt].stopfork int yes 470.It user.bc_base_max integer no 471.It user.bc_dim_max integer no 472.It user.bc_scale_max integer no 473.It user.bc_string_max integer no 474.It user.coll_weights_max integer no 475.It user.cs_path string no 476.It user.expr_nest_max integer no 477.It user.line_max integer no 478.It user.posix2_c_bind integer no 479.It user.posix2_c_dev integer no 480.It user.posix2_char_term integer no 481.It user.posix2_fort_dev integer no 482.It user.posix2_fort_run integer no 483.It user.posix2_localedef integer no 484.It user.posix2_sw_dev integer no 485.It user.posix2_upe integer no 486.It user.posix2_version integer no 487.It user.re_dup_max integer no 488.It vendor.\*[Lt]vendor\*[Gt].* ? vendor specific 489.It vfs.generic.usermount integer yes 490.It vfs.nfs.iothreads integer yes 491.It vm.anonmax integer yes 492.It vm.anonmin integer yes 493.It vm.execmax integer yes 494.It vm.execmin integer yes 495.It vm.filemax integer yes 496.It vm.filemin integer yes 497.It vm.loadavg struct no 498.It vm.nkmempages integer no 499.It vm.uvmexp struct no 500.It vm.uvmexp2 struct no 501.It vm.vmmeter struct no 502.El 503.Pp 504Entries found under 505.Dq vendor. Ns Aq vendor 506are left to be specified (and used) by vendors 507using the 508.Nx 509operating system in their products. 510Values and structure are vendor-defined, and no registry 511exists right now. 512.Sh CREATION AND DELETION 513New nodes are allowed to be created by the superuser when the kernel 514is running at security level 0. 515These new nodes may refer to existing kernel data or to new data that 516is only instrumented by 517.Xr sysctl 3 518itself. 519.Pp 520The syntax for creating new nodes is 521.Dq //create=new.node.path 522followed by one or more of the following attributes separated by 523commas. 524The use of a double separator (both 525.Sq / 526and 527.Sq \&. 528can be used as 529separators) as the prefix tells sysctl that the first series of tokens 530is not a MIB name, but a command. 531It is recommended that the double separator preceding the command not 532be the same as the separator used in naming the MIB entry so as to 533avoid possible parse conflicts. 534The 535.Dq value 536assigned, if one is given, must be last. 537.Pp 538.Bl -bullet -compact 539.It 540.Ar type= Ns Aq Ar T 541where 542.Ar T 543must be one of 544.Dq node , 545.Dq int , 546.Dq string , 547.Dq quad , 548or 549.Dq struct . 550If the type is omitted, the 551.Dq node 552type is assumed. 553.It 554.Ar size= Ns Aq Ar S 555here, 556.Ar S 557asserts the size of the new node. 558Nodes of type 559.Dq node 560should not have a size set. 561The size may be omitted for nodes of types 562.Dq int 563or 564.Dq quad . 565If the size is omitted for a node of type 566.Dq string , 567the size will be determined by the length of the given value, or by 568the kernel for kernel strings. 569Nodes of type 570.Dq struct 571must have their size explicitly set. 572.It 573.Ar addr= Ns Aq Ar A 574or 575.Ar symbol= Ns Aq Ar A 576The kernel address of the data being instrumented. 577If 578.Dq symbol 579is used, the symbol must be globally visible to the in-kernel 580.Xr ksyms 4 581driver. 582.It 583.Ar n= Ns Aq Ar N 584The MIB number to be assigned to the new node. 585If no number is specified, the kernel will assign a value. 586.It 587.Ar flags= Ns Aq Ar F 588A concatenated string of single letters that govern the behavior of 589the node. 590Flags currently available are: 591.Bl -tag -width www 592.It a 593Allow anyone to write to the node, if it is writable. 594.It h 595.Dq Hidden . 596.Nm 597must be invoked with 598.Fl A 599or the hidden node must be specifically requested in order to see it 600.It i 601.Dq Immediate . 602Makes the node store data in itself, rather than allocating new space 603for it. 604This is the default for nodes of type 605.Dq int 606and 607.Dq quad . 608This is the opposite of owning data. 609.It o 610.Dq Own . 611When the node is created, separate space will be allocated to store 612the data to be instrumented. 613This is the default for nodes of type 614.Dq string 615and 616.Dq struct 617where it is not possible to guarantee sufficient space to store the 618data in the node itself. 619.It p 620.Dq Private . 621Nodes that are marked private, and children of nodes so marked, are 622only viewable by the superuser. 623Be aware that the immediate data that some nodes may store is not 624necessarily protected by this. 625.It x 626.Dq Hexadecimal . 627Make 628.Nm 629default to hexadecimal display of the retrieved value 630.It r 631.Dq Read-only . 632The data instrumented by the given node is read-only. 633Note that other mechanisms may still exist for changing the data. 634This is the default for nodes that instrument data. 635.It w 636.Dq Writable . 637The data instrumented by the given node is writable at any time. 638This is the default for nodes that can have children. 639.It 1 640.Dq Read-only at securelevel 1 . 641The data instrumented by this node is writable until the securelevel 642reaches or passes securelevel 1. 643Examples of this include some network tunables. 644.It 2 645.Dq Read-only at securelevel 2 . 646The data instrumented by this node is writable until the securelevel 647reaches or passes securelevel 2. 648An example of this is the per-process core filename setting. 649.El 650.Pp 651.It 652.Ar value= Ns Aq Ar V 653An initial starting value for a new node that does not reference 654existing kernel data. 655Initial values can only be assigned for nodes of the 656.Dq int , 657.Dq quad , 658and 659.Dq string 660types. 661.El 662.Pp 663New nodes must fit the following set of criteria: 664.Pp 665.Bl -bullet -compact 666.It 667If the new node is to address an existing kernel object, only one of the 668.Dq symbol 669or 670.Dq addr 671arguments may be given. 672.It 673The size for a 674.Dq struct 675type node must be specified; no initial value is expected or permitted. 676.It 677Either the size or the initial value for a 678.Dq string 679node must be given. 680.It 681The node which will be the parent of the new node must be writable. 682.El 683.Pp 684If any of the given parameters describes an invalid configuration, 685.Nm 686will emit a diagnostic message to the standard error and exit. 687.Pp 688Descriptions can be added by the super-user to any node that does not 689have one, provided that the node is not marked with the 690.Dq PERMANENT 691flag. 692The syntax is similar to the syntax for creating new nodes with the 693exception of the keyword that follows the double separator at the 694start of the command: 695.Dq //describe=new.node.path=new node description . 696Once a description has been added, it cannot be changed or removed. 697.Pp 698When destroying nodes, only the path to the node is necessary, i.e., 699.Dq //destroy=old.node.path . 700No other parameters are expected or permitted. 701Nodes being destroyed must have no children, and their parent must be 702writable. 703Nodes that are marked with the 704.Dq Dv PERMANENT 705flag (as assigned by the kernel) may not be deleted. 706.Pp 707In all cases, the initial 708.Sq = 709that follows the command (eg, 710.Dq create , 711.Dq destroy , 712or 713.Dq describe ) 714may be replaced with another instance of the separator character, 715provided that the same separator character is used for the length of 716the name specification. 717.Sh FILES 718.Bl -tag -width xnetinet6/udp6Xvar.hx -compact 719.It Pa /etc/sysctl.conf 720.Nm 721variables set at boot time 722.It Aq Pa sys/sysctl.h 723definitions for top level identifiers, second level kernel and hardware 724identifiers, and user level identifiers 725.It Aq Pa sys/socket.h 726definitions for second level network identifiers 727.It Aq Pa sys/gmon.h 728definitions for third level profiling identifiers 729.It Aq Pa uvm/uvm_param.h 730definitions for second level virtual memory identifiers 731.It Aq Pa netinet/in.h 732definitions for third level IPv4/v6 identifiers and 733fourth level IPv4/v6 identifiers 734.It Aq Pa netinet/icmp_var.h 735definitions for fourth level ICMP identifiers 736.It Aq Pa netinet/icmp6.h 737definitions for fourth level ICMPv6 identifiers 738.It Aq Pa netinet/tcp_var.h 739definitions for fourth level TCP identifiers 740.It Aq Pa netinet/udp_var.h 741definitions for fourth level UDP identifiers 742.It Aq Pa netinet6/udp6_var.h 743definitions for fourth level IPv6 UDP identifiers 744.It Aq Pa netinet6/ipsec.h 745definitions for fourth level IPsec identifiers 746.It Aq Pa netkey/key_var.h 747definitions for third level PF_KEY identifiers 748.El 749.Sh EXAMPLES 750For example, to retrieve the maximum number of processes allowed 751in the system, one would use the following request: 752.Bd -literal -offset indent -compact 753sysctl kern.maxproc 754.Ed 755.Pp 756To set the maximum number of processes allowed 757in the system to 1000, one would use the following request: 758.Bd -literal -offset indent -compact 759sysctl -w kern.maxproc=1000 760.Ed 761.Pp 762Information about the system clock rate may be obtained with: 763.Bd -literal -offset indent -compact 764sysctl kern.clockrate 765.Ed 766.Pp 767Information about the load average history may be obtained with: 768.Bd -literal -offset indent -compact 769sysctl vm.loadavg 770.Ed 771.Pp 772To view the values of the per-process variables of the current shell, 773the request: 774.Bd -literal -offset indent -compact 775sysctl proc.$$ 776.Ed 777can be used if the shell interpreter replaces $$ with its pid (this is true 778for most shells). 779.Pp 780To redirect core dumps to the 781.Pa /var/tmp/ Ns Aq username 782directory, 783.Bd -literal -offset indent -compact 784sysctl -w proc.$$.corename=/var/tmp/%u/%n.core 785.Ed 786should be used. 787.Bd -literal -offset indent -compact 788sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core 789.Ed 790changes the value for the sysctl process itself, and will not have the desired 791effect. 792.Pp 793To create the root of a new sub-tree called 794.Dq local 795add some children to the new node, and some descriptions: 796.Bd -literal -offset indent -compact 797sysctl -w //create=local 798sysctl -w //describe=local=my local sysctl tree 799sysctl -w //create=local.esm_debug,type=int,symbol=esm_debug,flags=w 800sysctl -w //describe=local.esm_debug=esm driver debug knob 801sysctl -w //create=local.audiodebug,type=int,symbol=audiodebug,flags=w 802sysctl -w //describe=local.audiodebug=generic audio debug knob 803.Ed 804Note that the children are made writable so that the two debug 805settings in question can be tuned arbitrarily. 806.Pp 807To destroy that same subtree: 808.Bd -literal -offset indent -compact 809sysctl -w //destroy=local.esm_debug 810sysctl -w //destroy=local.audiodebug 811sysctl -w //destroy=local 812.Ed 813.Sh SEE ALSO 814.Xr sysctl 3 , 815.Xr ksyms 4 816.Sh HISTORY 817.Nm sysctl 818first appeared in 819.Bx 4.4 . 820