1.\" $NetBSD: sysctl.8,v 1.124 2005/09/06 03:22:58 rpaulo Exp $ 2.\" 3.\" Copyright (c) 2004 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the NetBSD 17.\" Foundation, Inc. and its contributors. 18.\" 4. Neither the name of The NetBSD Foundation nor the names of its 19.\" contributors may be used to endorse or promote products derived 20.\" from this software without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 23.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 26.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32.\" POSSIBILITY OF SUCH DAMAGE. 33.\" 34.\" 35.\" Copyright (c) 1993 36.\" The Regents of the University of California. All rights reserved. 37.\" 38.\" Redistribution and use in source and binary forms, with or without 39.\" modification, are permitted provided that the following conditions 40.\" are met: 41.\" 1. Redistributions of source code must retain the above copyright 42.\" notice, this list of conditions and the following disclaimer. 43.\" 2. Redistributions in binary form must reproduce the above copyright 44.\" notice, this list of conditions and the following disclaimer in the 45.\" documentation and/or other materials provided with the distribution. 46.\" 3. Neither the name of the University nor the names of its contributors 47.\" may be used to endorse or promote products derived from this software 48.\" without specific prior written permission. 49.\" 50.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 51.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 54.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60.\" SUCH DAMAGE. 61.\" 62.\" @(#)sysctl.8 8.1 (Berkeley) 6/6/93 63.\" 64.Dd September 6, 2005 65.Dt SYSCTL 8 66.Os 67.Sh NAME 68.Nm sysctl 69.Nd get or set kernel state 70.Sh SYNOPSIS 71.Nm sysctl 72.Op Fl AdeMn 73.Oo 74.Fl r | 75.Fl x 76.Oc 77.Op Ar name ... 78.Nm sysctl 79.Op Fl nq 80.Oo 81.Fl r | 82.Fl x 83.Oc 84.Fl w 85.Ar name Ns Li = Ns Ar value ... 86.Nm sysctl 87.Op Fl en 88.Oo 89.Fl r | 90.Fl x 91.Oc 92.Fl a 93.Nm sysctl 94.Op Fl nq 95.Oo 96.Fl r | 97.Fl x 98.Oc 99.Fl f 100.Ar file 101.Sh DESCRIPTION 102The 103.Nm sysctl 104utility retrieves kernel state and allows processes with 105appropriate privilege to set kernel state. 106The state to be retrieved or set is described using a 107``Management Information Base'' (``MIB'') style name, 108described as a dotted set of components. 109The 110.Sq / 111character may also be used as a separator and a leading separator 112character is accepted. 113If 114.Ar name 115specifies a non-leaf node in the MIB, all the nodes underneath 116.Ar name 117will be printed. 118.Pp 119The following options are available: 120.Bl -tag -width indent 121.It Fl A 122List all the known MIB names including tables, unless any MIB 123arguments or 124.Fl f Ar file 125are given. 126Those with string or integer values will be printed as with the 127.Fl a 128flag; for table or structure values that 129.Nm 130is not able to print, 131the name of the utility to retrieve them is given. 132Errors in retrieving or setting values will be directed to stdout 133instead of stderr. 134.It Fl a 135List all the currently available string or integer values. 136The use of a solitary separator character (either 137.Sq \&. 138or 139.Sq / ) 140by 141itself has the same effect. 142Any given 143.Ar name 144arguments are ignored if this option is specified. 145.It Fl d 146Descriptions of each of the nodes selected will be printed instead of 147their values. 148.It Fl e 149Separate the name and the value of the variable(s) with 150.Ql = . 151This is useful for producing output which can be fed back to the 152.Nm 153utility. 154This option is ignored if 155.Fl n 156is specified or a variable is being set. 157.It Fl f 158Specifies the name of a file to read and process. 159Blank lines and comments (beginning with 160.Ql # ) 161are ignored. 162Line continuations with 163.Ql \e 164are permitted. 165Remaining lines are processed similarly to 166command line arguments of the form 167.Ar name 168or 169.Ar name Ns Li = Ns Ar value . 170The 171.Fl w 172flag is implied by 173.Fl f . 174Any 175.Ar name 176arguments are ignored. 177.It Fl M 178Makes 179.Nm 180print the MIB instead of any of the actual values contained in the 181MIB. 182This causes the entire MIB to be printed unless specific MIB arguments 183or 184.Fl f Ar file 185are also given. 186.It Fl n 187Specifies that the printing of the field name should be 188suppressed and that only its value should be output. 189This flag is useful for setting shell variables. 190For example, to save the pagesize in variable psize, use: 191.Bd -literal -offset indent -compact 192set psize=`sysctl -n hw.pagesize` 193.Ed 194.It Fl q 195Used to indicate that nothing should be printed for writes unless an 196error is detected. 197.It Fl r 198Raw output form. 199Values printed are in their raw binary forms as retrieved directly 200from the kernel. 201Some additional nodes that 202.Nm 203cannot print directly can be retrieved with this flag. 204This option conflicts with the 205.Fl x 206option. 207.It Fl w 208Sets the MIB style name given to the value given. 209The MIB style name and value must be separated by 210.Ql = 211with no whitespace. 212Only integral and string values can be set via this method. 213.It Fl x 214Makes 215.Nm 216print the requested value in a hexadecimal representation instead of 217its regular form. 218If specified more than once, the output for each value resembles that of 219.Xr hexdump 1 220when given the 221.Fl C 222flag. 223This option conflicts with the 224.Fl r 225option. 226.Pp 227.El 228The 229.Ql proc 230top-level MIB has a special semantic: it represent per-process values 231and as such may differ from one process to another. 232The second-level name is the pid of the process (in decimal form), 233or the special word 234.Ql curproc . 235For variables below 236.Ql proc. Ns Ao pid Ac Ns .rlimit , 237the integer value may be replaced 238with the string 239.Ql unlimited 240if it matches the magic value used to disable 241a limit. 242.Pp 243The information available from 244.Nm sysctl 245consists of integers, strings, and tables. 246The tabular information can only be retrieved by special 247purpose programs such as 248.Nm ps , 249.Nm systat , 250and 251.Nm netstat . 252The string and integer information is summarized below. 253For a detailed description of these variable see 254.Xr sysctl 3 . 255The changeable column indicates whether a process with appropriate 256privilege can change the value. 257.Bl -column proc.xpidx.rlimit.coredumpsize.hardxxxxxx integerxxx 258.It Sy Name Type Changeable 259.It ddb.fromconsole integer yes 260.It ddb.lines integer yes 261.It ddb.maxoff integer yes 262.It ddb.maxwidth integer yes 263.It ddb.onpanic integer yes 264.It ddb.radix integer yes 265.It ddb.tabstops integer yes 266.It hw.alignbytes integer no 267.It hw.byteorder integer no 268.It hw.disknames string no 269.It hw.diskstats struct no 270.It hw.machine string no 271.It hw.machine_arch string no 272.It hw.model string no 273.It hw.ncpu integer no 274.It hw.pagesize integer no 275.It hw.physmem integer no 276.It hw.physmem64 quad no 277.It hw.usermem integer no 278.It hw.usermem64 quad no 279.It hw.cnmagic string yes 280.It kern.argmax integer no 281.It kern.autonicetime integer yes 282.It kern.autoniceval integer yes 283.It kern.boottime struct no 284.It kern.ccpu integer no 285.It kern.chown_restricted integer no 286.It kern.clockrate struct no 287.It kern.consdev integer no 288.It kern.cp_time struct no 289.It kern.defcorename string yes 290.It kern.domainname string yes 291.It kern.drivers struct no 292.It kern.forkfsleep integer yes 293.It kern.fscale integer no 294.It kern.fsync integer no 295.It kern.hostid integer yes 296.It kern.hostname string yes 297.It kern.iov_max integer no 298.It kern.job_control integer no 299.It kern.labeloffset integer no 300.It kern.labelsector integer no 301.It kern.link_max integer no 302.It kern.login_name_max integer no 303.It kern.logsigexit integer yes 304.It kern.max_canon integer no 305.It kern.max_input integer no 306.It kern.maxfiles integer yes 307.It kern.maxpartitions integer no 308.It kern.maxproc integer yes 309.It kern.maxptys integer yes, special 310.It kern.maxvnodes integer raise only 311.It kern.mapped_files integer no 312.It kern.maxphys integer no 313.It kern.memlock integer no 314.It kern.memlock_range integer no 315.It kern.memory_protection integer no 316.It kern.mbuf.mblowat integer yes 317.It kern.mbuf.mcllowat integer yes 318.It kern.mbuf.mclsize integer no 319.It kern.mbuf.msize integer no 320.It kern.mbuf.nmbclusters integer raise only 321.It kern.monotonic_clock integer no 322.It kern.msgbuf struct no 323.It kern.msgbufsize integer no 324.It kern.name_max integer no 325.It kern.ngroups integer no 326.It kern.no_trunc integer no 327.It kern.ntptime struct no 328.It kern.osrelease string no 329.It kern.osrevision integer no 330.It kern.ostype string no 331.It kern.path_max integer no 332.It kern.pipe.maxkvasz integer yes 333.It kern.pipe.maxloankvasz integer yes 334.It kern.pipe.maxbigpipes integer yes 335.It kern.pipe.nbigpipes integer no 336.It kern.pipe.kvasize integer no 337.It kern.posix1version integer no 338.It kern.posix_barriers integer no 339.It kern.posix_reader_writer_locks integer no 340.It kern.posix_semaphores integer no 341.It kern.posix_spin_locks integer no 342.It kern.posix_timers integer no 343.It kern.posix_threads integer no 344.It kern.proc2 struct no 345.It kern.proc_args string yes 346.It kern.rawpartition integer no 347.It kern.root_device string no 348.It kern.root_partition integer no 349.It kern.rtc_offset integer yes 350.It kern.saved_ids integer no 351.It kern.sbmax integer yes 352.It kern.securelevel integer raise only 353.It kern.somaxkva integer yes 354.It kern.synchronized_io integer no 355.It kern.sysvipc_info struct no 356.It kern.sysvmsg integer no 357.It kern.sysvsem integer no 358.It kern.sysvshm integer no 359.It kern.timex struct no 360.It kern.tkstat.nin quad no 361.It kern.tkstat.nout quad no 362.It kern.tkstat.cancc quad no 363.It kern.tkstat.rawcc quad no 364.It kern.urnd integer no 365.It kern.vdisable integer no 366.It kern.veriexec.verbose integer yes 367.It kern.veriexec.strict integer raise only 368.It kern.veriexec.algorithms string no 369.It kern.veriexec.count.dev_\*[Lt]id\*[Gt] quad no 370.It kern.version string no 371.It machdep.console_device dev_t no 372.It net.bpf.maxbufsize integer yes 373.It net.bpf.stats struct no 374.It net.bpf.peers struct no 375.It net.inet.arp.prune integer yes 376.It net.inet.arp.keep integer yes 377.It net.inet.arp.down integer yes 378.It net.inet.arp.refresh integer yes 379.It net.inet.icmp.maskrepl integer yes 380.It net.inet.icmp.errppslimit integer yes 381.It net.inet.icmp.rediraccept integer yes 382.It net.inet.icmp.redirtimeout integer yes 383.It net.inet.ip.allowsrcrt integer yes 384.It net.inet.ip.anonportmax integer yes 385.It net.inet.ip.anonportmin integer yes 386.It net.inet.ip.checkinterface integer yes 387.It net.inet.ip.directed-broadcast integer yes 388.It net.inet.ip.forwarding integer yes 389.It net.inet.ip.forwsrcrt integer yes 390.It net.inet.ip.maxfragpacket integer yes 391.It net.inet.ip.lowportmax integer yes 392.It net.inet.ip.lowportmin integer yes 393.It net.inet.ip.mtudisc integer yes 394.It net.inet.ip.mtudisctimeout integer yes 395.It net.inet.ip.redirect integer yes 396.It net.inet.ip.subnetsarelocal integer yes 397.It net.inet.ip.ttl integer yes 398.It net.inet.ipsec.ah_cleartos integer yes 399.It net.inet.ipsec.ah_net_deflev integer yes 400.It net.inet.ipsec.ah_offsetmask integer yes 401.It net.inet.ipsec.ah_trans_deflev integer yes 402.It net.inet.ipsec.def_policy integer yes 403.It net.inet.ipsec.dfbit integer yes 404.It net.inet.ipsec.ecn integer yes 405.It net.inet.ipsec.esp_net_deflev integer yes 406.It net.inet.ipsec.esp_trans_deflev integer yes 407.It net.inet.ipsec.inbound_call_ike integer yes 408.It net.inet.tcp.ack_on_push integer yes 409.It net.inet.tcp.compat_42 integer yes 410.It net.inet.tcp.cwm integer yes 411.It net.inet.tcp.cwm_burstsize integer yes 412.It net.inet.tcp.init_win integer yes 413.It net.inet.tcp.init_win_local integer yes 414.It net.inet.tcp.keepcnt integer yes 415.It net.inet.tcp.keepidle integer yes 416.It net.inet.tcp.keepintvl integer yes 417.It net.inet.tcp.log_refused integer yes 418.It net.inet.tcp.mss_ifmtu integer yes 419.It net.inet.tcp.mssdflt integer yes 420.It net.inet.tcp.recvspace integer yes 421.It net.inet.tcp.rfc1323 integer yes 422.It net.inet.tcp.rstppslimit integer yes 423.It net.inet.tcp.sack integer yes 424.It net.inet.tcp.sendspace integer yes 425.It net.inet.tcp.slowhz integer no 426.It net.inet.tcp.syn_bucket_limit integer yes 427.It net.inet.tcp.syn_cache_interval integer yes 428.It net.inet.tcp.syn_cache_limit integer yes 429.It net.inet.tcp.timestamps integer yes 430.It net.inet.tcp.win_scale integer yes 431.It net.inet.tcp.ident struct no 432.It net.inet.tcp.debug struct no 433.It net.inet.tcp.debx integer no 434.It net.inet.udp.checksum integer yes 435.It net.inet.udp.recvspace integer yes 436.It net.inet.udp.sendspace integer yes 437.It net.ns.spp.debug struct yes 438.It net.ns.spp.debx integer yes 439.It net.inet6.icmp6.errppslimit integer yes 440.It net.inet6.icmp6.mtudisc_hiwat integer yes 441.It net.inet6.icmp6.mtudisc_lowat integer yes 442.It net.inet6.icmp6.nd6_debug integer yes 443.It net.inet6.icmp6.nd6_delay integer yes 444.It net.inet6.icmp6.nd6_maxnudhint integer yes 445.It net.inet6.icmp6.nd6_mmaxtries integer yes 446.It net.inet6.icmp6.nd6_prune integer yes 447.It net.inet6.icmp6.nd6_umaxtries integer yes 448.It net.inet6.icmp6.nd6_useloopback integer yes 449.It net.inet6.icmp6.nodeinfo integer yes 450.It net.inet6.icmp6.rediraccept integer yes 451.It net.inet6.icmp6.redirtimeout integer yes 452.It net.inet6.ip6.accept_rtadv integer yes 453.It net.inet6.ip6.anonportmax integer yes 454.It net.inet6.ip6.anonportmin integer yes 455.It net.inet6.ip6.auto_flowlabel integer yes 456.It net.inet6.ip6.v6only integer yes 457.It net.inet6.ip6.dad_count integer yes 458.It net.inet6.ip6.defmcasthlim integer yes 459.It net.inet6.ip6.forwarding integer yes 460.It net.inet6.ip6.gif_hlim integer yes 461.It net.inet6.ip6.hdrnestlimit integer yes 462.It net.inet6.ip6.hlim integer yes 463.It net.inet6.ip6.kame_version string no 464.It net.inet6.ip6.keepfaith integer yes 465.It net.inet6.ip6.log_interval integer yes 466.It net.inet6.ip6.lowportmax integer yes 467.It net.inet6.ip6.lowportmin integer yes 468.It net.inet6.ip6.maxfragpackets integer yes 469.It net.inet6.ip6.maxfrags integer yes 470.It net.inet6.ip6.redirect integer yes 471.It net.inet6.ip6.rr_prune integer yes 472.It net.inet6.ip6.use_deprecated integer yes 473.It net.inet6.ipsec6.ah_net_deflev integer yes 474.It net.inet6.ipsec6.ah_trans_deflev integer yes 475.It net.inet6.ipsec6.def_policy integer yes 476.It net.inet6.ipsec6.ecn integer yes 477.It net.inet6.ipsec6.esp_net_deflev integer yes 478.It net.inet6.ipsec6.esp_trans_deflev integer yes 479.It net.inet6.ipsec6.inbound_call_ike integer yes 480.It net.inet6.udp6.recvspace integer yes 481.It net.inet6.udp6.sendspace integer yes 482.It net.key.acq_exp_int integer yes 483.It net.key.acq_maxtime integer yes 484.It net.key.ah_keymin integer yes 485.It net.key.debug integer yes 486.It net.key.esp_auth integer yes 487.It net.key.esp_keymin integer yes 488.It net.key.kill_int integer yes 489.It net.key.spi_max_value integer yes 490.It net.key.spi_min_value integer yes 491.It net.key.spi_try integer yes 492.It proc.\*[Lt]pid\*[Gt].corename string yes 493.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.hard integer yes 494.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.soft integer yes 495.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.hard integer yes 496.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.soft integer yes 497.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.hard integer yes 498.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.soft integer yes 499.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.hard integer yes 500.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.soft integer yes 501.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.hard integer yes 502.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.soft integer yes 503.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.hard integer yes 504.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.soft integer yes 505.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.hard integer yes 506.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.soft integer yes 507.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.hard integer yes 508.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.soft integer yes 509.It proc.\*[Lt]pid\*[Gt].stopexec int yes 510.It proc.\*[Lt]pid\*[Gt].stopfork int yes 511.It user.bc_base_max integer no 512.It user.bc_dim_max integer no 513.It user.bc_scale_max integer no 514.It user.bc_string_max integer no 515.It user.coll_weights_max integer no 516.It user.cs_path string no 517.It user.expr_nest_max integer no 518.It user.line_max integer no 519.It user.posix2_c_bind integer no 520.It user.posix2_c_dev integer no 521.It user.posix2_char_term integer no 522.It user.posix2_fort_dev integer no 523.It user.posix2_fort_run integer no 524.It user.posix2_localedef integer no 525.It user.posix2_sw_dev integer no 526.It user.posix2_upe integer no 527.It user.posix2_version integer no 528.It user.re_dup_max integer no 529.It vendor.\*[Lt]vendor\*[Gt].* ? vendor specific 530.It vfs.generic.usermount integer yes 531.It vfs.generic.fstypes string yes 532.It vfs.ffs.doasyncfree integer yes 533.It vfs.ffs.log_changeopt integer yes 534.It vfs.nfs.iothreads integer yes 535.It vfs.cd9660.utf8_joliet integer yes 536.It vm.anonmax integer yes 537.It vm.anonmin integer yes 538.It vm.bufcache integer yes 539.It vm.bufmem integer no 540.It vm.bufmem_lowater integer yes 541.It vm.bufmem_hiwater integer yes 542.It vm.execmax integer yes 543.It vm.execmin integer yes 544.It vm.filemax integer yes 545.It vm.filemin integer yes 546.It vm.loadavg struct no 547.It vm.nkmempages integer no 548.It vm.uvmexp struct no 549.It vm.uvmexp2 struct no 550.It vm.vmmeter struct no 551.El 552.Pp 553Entries found under 554.Dq vendor. Ns Aq vendor 555are left to be specified (and used) by vendors 556using the 557.Nx 558operating system in their products. 559Values and structure are vendor-defined, and no registry 560exists right now. 561.Sh CREATION AND DELETION 562New nodes are allowed to be created by the superuser when the kernel 563is running at security level 0. 564These new nodes may refer to existing kernel data or to new data that 565is only instrumented by 566.Xr sysctl 3 567itself. 568.Pp 569The syntax for creating new nodes is 570.Dq //create=new.node.path 571followed by one or more of the following attributes separated by 572commas. 573The use of a double separator (both 574.Sq / 575and 576.Sq \&. 577can be used as 578separators) as the prefix tells sysctl that the first series of tokens 579is not a MIB name, but a command. 580It is recommended that the double separator preceding the command not 581be the same as the separator used in naming the MIB entry so as to 582avoid possible parse conflicts. 583The 584.Dq value 585assigned, if one is given, must be last. 586.Pp 587.Bl -bullet -compact 588.It 589.Ar type= Ns Aq Ar T 590where 591.Ar T 592must be one of 593.Dq node , 594.Dq int , 595.Dq string , 596.Dq quad , 597or 598.Dq struct . 599If the type is omitted, the 600.Dq node 601type is assumed. 602.It 603.Ar size= Ns Aq Ar S 604here, 605.Ar S 606asserts the size of the new node. 607Nodes of type 608.Dq node 609should not have a size set. 610The size may be omitted for nodes of types 611.Dq int 612or 613.Dq quad . 614If the size is omitted for a node of type 615.Dq string , 616the size will be determined by the length of the given value, or by 617the kernel for kernel strings. 618Nodes of type 619.Dq struct 620must have their size explicitly set. 621.It 622.Ar addr= Ns Aq Ar A 623or 624.Ar symbol= Ns Aq Ar A 625The kernel address of the data being instrumented. 626If 627.Dq symbol 628is used, the symbol must be globally visible to the in-kernel 629.Xr ksyms 4 630driver. 631.It 632.Ar n= Ns Aq Ar N 633The MIB number to be assigned to the new node. 634If no number is specified, the kernel will assign a value. 635.It 636.Ar flags= Ns Aq Ar F 637A concatenated string of single letters that govern the behavior of 638the node. 639Flags currently available are: 640.Bl -tag -width www 641.It a 642Allow anyone to write to the node, if it is writable. 643.It h 644.Dq Hidden . 645.Nm 646must be invoked with 647.Fl A 648or the hidden node must be specifically requested in order to see it 649.It i 650.Dq Immediate . 651Makes the node store data in itself, rather than allocating new space 652for it. 653This is the default for nodes of type 654.Dq int 655and 656.Dq quad . 657This is the opposite of owning data. 658.It o 659.Dq Own . 660When the node is created, separate space will be allocated to store 661the data to be instrumented. 662This is the default for nodes of type 663.Dq string 664and 665.Dq struct 666where it is not possible to guarantee sufficient space to store the 667data in the node itself. 668.It p 669.Dq Private . 670Nodes that are marked private, and children of nodes so marked, are 671only viewable by the superuser. 672Be aware that the immediate data that some nodes may store is not 673necessarily protected by this. 674.It x 675.Dq Hexadecimal . 676Make 677.Nm 678default to hexadecimal display of the retrieved value 679.It r 680.Dq Read-only . 681The data instrumented by the given node is read-only. 682Note that other mechanisms may still exist for changing the data. 683This is the default for nodes that instrument data. 684.It w 685.Dq Writable . 686The data instrumented by the given node is writable at any time. 687This is the default for nodes that can have children. 688.It 1 689.Dq Read-only at securelevel 1 . 690The data instrumented by this node is writable until the securelevel 691reaches or passes securelevel 1. 692Examples of this include some network tunables. 693.It 2 694.Dq Read-only at securelevel 2 . 695The data instrumented by this node is writable until the securelevel 696reaches or passes securelevel 2. 697An example of this is the per-process core filename setting. 698.El 699.Pp 700.It 701.Ar value= Ns Aq Ar V 702An initial starting value for a new node that does not reference 703existing kernel data. 704Initial values can only be assigned for nodes of the 705.Dq int , 706.Dq quad , 707and 708.Dq string 709types. 710.El 711.Pp 712New nodes must fit the following set of criteria: 713.Pp 714.Bl -bullet -compact 715.It 716If the new node is to address an existing kernel object, only one of the 717.Dq symbol 718or 719.Dq addr 720arguments may be given. 721.It 722The size for a 723.Dq struct 724type node must be specified; no initial value is expected or permitted. 725.It 726Either the size or the initial value for a 727.Dq string 728node must be given. 729.It 730The node which will be the parent of the new node must be writable. 731.El 732.Pp 733If any of the given parameters describes an invalid configuration, 734.Nm 735will emit a diagnostic message to the standard error and exit. 736.Pp 737Descriptions can be added by the super-user to any node that does not 738have one, provided that the node is not marked with the 739.Dq PERMANENT 740flag. 741The syntax is similar to the syntax for creating new nodes with the 742exception of the keyword that follows the double separator at the 743start of the command: 744.Dq //describe=new.node.path=new node description . 745Once a description has been added, it cannot be changed or removed. 746.Pp 747When destroying nodes, only the path to the node is necessary, i.e., 748.Dq //destroy=old.node.path . 749No other parameters are expected or permitted. 750Nodes being destroyed must have no children, and their parent must be 751writable. 752Nodes that are marked with the 753.Dq Dv PERMANENT 754flag (as assigned by the kernel) may not be deleted. 755.Pp 756In all cases, the initial 757.Sq = 758that follows the command (eg, 759.Dq create , 760.Dq destroy , 761or 762.Dq describe ) 763may be replaced with another instance of the separator character, 764provided that the same separator character is used for the length of 765the name specification. 766.Sh FILES 767.Bl -tag -width xnetinet6/udp6Xvar.hx -compact 768.It Pa /etc/sysctl.conf 769.Nm 770variables set at boot time 771.It Aq Pa sys/sysctl.h 772definitions for top level identifiers, second level kernel and hardware 773identifiers, and user level identifiers 774.It Aq Pa sys/socket.h 775definitions for second level network identifiers 776.It Aq Pa sys/gmon.h 777definitions for third level profiling identifiers 778.It Aq Pa uvm/uvm_param.h 779definitions for second level virtual memory identifiers 780.It Aq Pa netinet/in.h 781definitions for third level IPv4/v6 identifiers and 782fourth level IPv4/v6 identifiers 783.It Aq Pa netinet/icmp_var.h 784definitions for fourth level ICMP identifiers 785.It Aq Pa netinet/icmp6.h 786definitions for fourth level ICMPv6 identifiers 787.It Aq Pa netinet/tcp_var.h 788definitions for fourth level TCP identifiers 789.It Aq Pa netinet/udp_var.h 790definitions for fourth level UDP identifiers 791.It Aq Pa netinet6/udp6_var.h 792definitions for fourth level IPv6 UDP identifiers 793.It Aq Pa netinet6/ipsec.h 794definitions for fourth level IPsec identifiers 795.It Aq Pa netkey/key_var.h 796definitions for third level PF_KEY identifiers 797.It Aq Pa sys/verified_exec.h 798definitions for third level verified exec identifiers 799.El 800.Sh EXAMPLES 801For example, to retrieve the maximum number of processes allowed 802in the system, one would use the following request: 803.Bd -literal -offset indent -compact 804sysctl kern.maxproc 805.Ed 806.Pp 807To set the maximum number of processes allowed 808in the system to 1000, one would use the following request: 809.Bd -literal -offset indent -compact 810sysctl -w kern.maxproc=1000 811.Ed 812.Pp 813Information about the system clock rate may be obtained with: 814.Bd -literal -offset indent -compact 815sysctl kern.clockrate 816.Ed 817.Pp 818Information about the load average history may be obtained with: 819.Bd -literal -offset indent -compact 820sysctl vm.loadavg 821.Ed 822.Pp 823To view the values of the per-process variables of the current shell, 824the request: 825.Bd -literal -offset indent -compact 826sysctl proc.$$ 827.Ed 828can be used if the shell interpreter replaces $$ with its pid (this is true 829for most shells). 830.Pp 831To redirect core dumps to the 832.Pa /var/tmp/ Ns Aq username 833directory, 834.Bd -literal -offset indent -compact 835sysctl -w proc.$$.corename=/var/tmp/%u/%n.core 836.Ed 837should be used. 838.Bd -literal -offset indent -compact 839sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core 840.Ed 841changes the value for the sysctl process itself, and will not have the desired 842effect. 843.Pp 844To create the root of a new sub-tree called 845.Dq local 846add some children to the new node, and some descriptions: 847.Bd -literal -offset indent -compact 848sysctl -w //create=local 849sysctl -w //describe=local=my local sysctl tree 850sysctl -w //create=local.esm_debug,type=int,symbol=esm_debug,flags=w 851sysctl -w //describe=local.esm_debug=esm driver debug knob 852sysctl -w //create=local.audiodebug,type=int,symbol=audiodebug,flags=w 853sysctl -w //describe=local.audiodebug=generic audio debug knob 854.Ed 855Note that the children are made writable so that the two debug 856settings in question can be tuned arbitrarily. 857.Pp 858To destroy that same subtree: 859.Bd -literal -offset indent -compact 860sysctl -w //destroy=local.esm_debug 861sysctl -w //destroy=local.audiodebug 862sysctl -w //destroy=local 863.Ed 864.Sh SEE ALSO 865.Xr sysctl 3 , 866.Xr ksyms 4 867.Sh HISTORY 868.Nm sysctl 869first appeared in 870.Bx 4.4 . 871