1.\" $NetBSD: sysctl.8,v 1.157 2006/12/04 08:59:13 pavel Exp $ 2.\" 3.\" Copyright (c) 2004 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the NetBSD 17.\" Foundation, Inc. and its contributors. 18.\" 4. Neither the name of The NetBSD Foundation nor the names of its 19.\" contributors may be used to endorse or promote products derived 20.\" from this software without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 23.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 26.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32.\" POSSIBILITY OF SUCH DAMAGE. 33.\" 34.\" 35.\" Copyright (c) 1993 36.\" The Regents of the University of California. All rights reserved. 37.\" 38.\" Redistribution and use in source and binary forms, with or without 39.\" modification, are permitted provided that the following conditions 40.\" are met: 41.\" 1. Redistributions of source code must retain the above copyright 42.\" notice, this list of conditions and the following disclaimer. 43.\" 2. Redistributions in binary form must reproduce the above copyright 44.\" notice, this list of conditions and the following disclaimer in the 45.\" documentation and/or other materials provided with the distribution. 46.\" 3. Neither the name of the University nor the names of its contributors 47.\" may be used to endorse or promote products derived from this software 48.\" without specific prior written permission. 49.\" 50.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 51.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 54.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60.\" SUCH DAMAGE. 61.\" 62.\" @(#)sysctl.8 8.1 (Berkeley) 6/6/93 63.\" 64.Dd December 4, 2006 65.Dt SYSCTL 8 66.Os 67.Sh NAME 68.Nm sysctl 69.Nd get or set kernel state 70.Sh SYNOPSIS 71.Nm sysctl 72.Op Fl AdeMn 73.Oo 74.Fl r | 75.Fl x 76.Oc 77.Op Ar name ... 78.Nm sysctl 79.Op Fl nq 80.Oo 81.Fl r | 82.Fl x 83.Oc 84.Fl w 85.Ar name Ns Li = Ns Ar value ... 86.Nm sysctl 87.Op Fl en 88.Oo 89.Fl r | 90.Fl x 91.Oc 92.Fl a 93.Nm sysctl 94.Op Fl nq 95.Oo 96.Fl r | 97.Fl x 98.Oc 99.Fl f 100.Ar file 101.Sh DESCRIPTION 102The 103.Nm sysctl 104utility retrieves kernel state and allows processes with 105appropriate privilege to set kernel state. 106The state to be retrieved or set is described using a 107``Management Information Base'' (``MIB'') style name, 108described as a dotted set of components. 109The 110.Sq / 111character may also be used as a separator and a leading separator 112character is accepted. 113If 114.Ar name 115specifies a non-leaf node in the MIB, all the nodes underneath 116.Ar name 117will be printed. 118.Pp 119The following options are available: 120.Bl -tag -width indent 121.It Fl A 122List all the known MIB names including tables, unless any MIB 123arguments or 124.Fl f Ar file 125are given. 126Those with string or integer values will be printed as with the 127.Fl a 128flag; for table or structure values that 129.Nm 130is not able to print, 131the name of the utility to retrieve them is given. 132Errors in retrieving or setting values will be directed to stdout 133instead of stderr. 134.It Fl a 135List all the currently available string or integer values. 136The use of a solitary separator character (either 137.Sq \&. 138or 139.Sq / ) 140by 141itself has the same effect. 142Any given 143.Ar name 144arguments are ignored if this option is specified. 145.It Fl d 146Descriptions of each of the nodes selected will be printed instead of 147their values. 148.It Fl e 149Separate the name and the value of the variable(s) with 150.Ql = . 151This is useful for producing output which can be fed back to the 152.Nm 153utility. 154This option is ignored if 155.Fl n 156is specified or a variable is being set. 157.It Fl f 158Specifies the name of a file to read and process. 159Blank lines and comments (beginning with 160.Ql # ) 161are ignored. 162Line continuations with 163.Ql \e 164are permitted. 165Remaining lines are processed similarly to 166command line arguments of the form 167.Ar name 168or 169.Ar name Ns Li = Ns Ar value . 170The 171.Fl w 172flag is implied by 173.Fl f . 174Any 175.Ar name 176arguments are ignored. 177.It Fl M 178Makes 179.Nm 180print the MIB instead of any of the actual values contained in the 181MIB. 182This causes the entire MIB to be printed unless specific MIB arguments 183or 184.Fl f Ar file 185are also given. 186.It Fl n 187Specifies that the printing of the field name should be 188suppressed and that only its value should be output. 189This flag is useful for setting shell variables. 190For example, to save the pagesize in variable psize, use: 191.Bd -literal -offset indent -compact 192set psize=`sysctl -n hw.pagesize` 193.Ed 194.It Fl q 195Used to indicate that nothing should be printed for writes unless an 196error is detected. 197.It Fl r 198Raw output form. 199Values printed are in their raw binary forms as retrieved directly 200from the kernel. 201Some additional nodes that 202.Nm 203cannot print directly can be retrieved with this flag. 204This option conflicts with the 205.Fl x 206option. 207.It Fl w 208Sets the MIB style name given to the value given. 209The MIB style name and value must be separated by 210.Ql = 211with no whitespace. 212Only integral and string values can be set via this method. 213.It Fl x 214Makes 215.Nm 216print the requested value in a hexadecimal representation instead of 217its regular form. 218If specified more than once, the output for each value resembles that of 219.Xr hexdump 1 220when given the 221.Fl C 222flag. 223This option conflicts with the 224.Fl r 225option. 226.Pp 227.El 228The 229.Ql proc 230top-level MIB has a special semantic: it represent per-process values 231and as such may differ from one process to another. 232The second-level name is the pid of the process (in decimal form), 233or the special word 234.Ql curproc . 235For variables below 236.Ql proc. Ns Ao pid Ac Ns .rlimit , 237the integer value may be replaced 238with the string 239.Ql unlimited 240if it matches the magic value used to disable 241a limit. 242.Pp 243The information available from 244.Nm sysctl 245consists of integers, strings, and tables. 246The tabular information can only be retrieved by special 247purpose programs such as 248.Nm ps , 249.Nm systat , 250and 251.Nm netstat . 252See 253.Xr sysctl 7 254for description of available MIBs. 255.Sh CREATION AND DELETION 256New nodes are allowed to be created by the superuser when the kernel 257is running at security level 0. 258These new nodes may refer to existing kernel data or to new data that 259is only instrumented by 260.Xr sysctl 3 261itself. 262.Pp 263The syntax for creating new nodes is 264.Dq //create=new.node.path 265followed by one or more of the following attributes separated by 266commas. 267The use of a double separator (both 268.Sq / 269and 270.Sq \&. 271can be used as 272separators) as the prefix tells sysctl that the first series of tokens 273is not a MIB name, but a command. 274It is recommended that the double separator preceding the command not 275be the same as the separator used in naming the MIB entry so as to 276avoid possible parse conflicts. 277The 278.Dq value 279assigned, if one is given, must be last. 280.Pp 281.Bl -bullet -compact 282.It 283.Ar type= Ns Aq Ar T 284where 285.Ar T 286must be one of 287.Dq node , 288.Dq int , 289.Dq string , 290.Dq quad , 291or 292.Dq struct . 293If the type is omitted, the 294.Dq node 295type is assumed. 296.It 297.Ar size= Ns Aq Ar S 298here, 299.Ar S 300asserts the size of the new node. 301Nodes of type 302.Dq node 303should not have a size set. 304The size may be omitted for nodes of types 305.Dq int 306or 307.Dq quad . 308If the size is omitted for a node of type 309.Dq string , 310the size will be determined by the length of the given value, or by 311the kernel for kernel strings. 312Nodes of type 313.Dq struct 314must have their size explicitly set. 315.It 316.Ar addr= Ns Aq Ar A 317or 318.Ar symbol= Ns Aq Ar A 319The kernel address of the data being instrumented. 320If 321.Dq symbol 322is used, the symbol must be globally visible to the in-kernel 323.Xr ksyms 4 324driver. 325.It 326.Ar n= Ns Aq Ar N 327The MIB number to be assigned to the new node. 328If no number is specified, the kernel will assign a value. 329.It 330.Ar flags= Ns Aq Ar F 331A concatenated string of single letters that govern the behavior of 332the node. 333Flags currently available are: 334.Bl -tag -width www 335.It a 336Allow anyone to write to the node, if it is writable. 337.It h 338.Dq Hidden . 339.Nm 340must be invoked with 341.Fl A 342or the hidden node must be specifically requested in order to see it 343.It i 344.Dq Immediate . 345Makes the node store data in itself, rather than allocating new space 346for it. 347This is the default for nodes of type 348.Dq int 349and 350.Dq quad . 351This is the opposite of owning data. 352.It o 353.Dq Own . 354When the node is created, separate space will be allocated to store 355the data to be instrumented. 356This is the default for nodes of type 357.Dq string 358and 359.Dq struct 360where it is not possible to guarantee sufficient space to store the 361data in the node itself. 362.It p 363.Dq Private . 364Nodes that are marked private, and children of nodes so marked, are 365only viewable by the superuser. 366Be aware that the immediate data that some nodes may store is not 367necessarily protected by this. 368.It x 369.Dq Hexadecimal . 370Make 371.Nm 372default to hexadecimal display of the retrieved value 373.It r 374.Dq Read-only . 375The data instrumented by the given node is read-only. 376Note that other mechanisms may still exist for changing the data. 377This is the default for nodes that instrument data. 378.It w 379.Dq Writable . 380The data instrumented by the given node is writable at any time. 381This is the default for nodes that can have children. 382.It 1 383.Dq Read-only at securelevel 1 . 384The data instrumented by this node is writable until the securelevel 385reaches or passes securelevel 1. 386Examples of this include some network tunables. 387.It 2 388.Dq Read-only at securelevel 2 . 389The data instrumented by this node is writable until the securelevel 390reaches or passes securelevel 2. 391An example of this is the per-process core filename setting. 392.El 393.Pp 394.It 395.Ar value= Ns Aq Ar V 396An initial starting value for a new node that does not reference 397existing kernel data. 398Initial values can only be assigned for nodes of the 399.Dq int , 400.Dq quad , 401and 402.Dq string 403types. 404.El 405.Pp 406New nodes must fit the following set of criteria: 407.Pp 408.Bl -bullet -compact 409.It 410If the new node is to address an existing kernel object, only one of the 411.Dq symbol 412or 413.Dq addr 414arguments may be given. 415.It 416The size for a 417.Dq struct 418type node must be specified; no initial value is expected or permitted. 419.It 420Either the size or the initial value for a 421.Dq string 422node must be given. 423.It 424The node which will be the parent of the new node must be writable. 425.El 426.Pp 427If any of the given parameters describes an invalid configuration, 428.Nm 429will emit a diagnostic message to the standard error and exit. 430.Pp 431Descriptions can be added by the super-user to any node that does not 432have one, provided that the node is not marked with the 433.Dq PERMANENT 434flag. 435The syntax is similar to the syntax for creating new nodes with the 436exception of the keyword that follows the double separator at the 437start of the command: 438.Dq //describe=new.node.path=new node description . 439Once a description has been added, it cannot be changed or removed. 440.Pp 441When destroying nodes, only the path to the node is necessary, i.e., 442.Dq //destroy=old.node.path . 443No other parameters are expected or permitted. 444Nodes being destroyed must have no children, and their parent must be 445writable. 446Nodes that are marked with the 447.Dq Dv PERMANENT 448flag (as assigned by the kernel) may not be deleted. 449.Pp 450In all cases, the initial 451.Sq = 452that follows the command (eg, 453.Dq create , 454.Dq destroy , 455or 456.Dq describe ) 457may be replaced with another instance of the separator character, 458provided that the same separator character is used for the length of 459the name specification. 460.Sh FILES 461.Bl -tag -width /etc/sysctl.conf -compact 462.It Pa /etc/sysctl.conf 463.Nm 464variables set at boot time 465.El 466.Sh EXAMPLES 467For example, to retrieve the maximum number of processes allowed 468in the system, one would use the following request: 469.Bd -literal -offset indent -compact 470sysctl kern.maxproc 471.Ed 472.Pp 473To set the maximum number of processes allowed 474in the system to 1000, one would use the following request: 475.Bd -literal -offset indent -compact 476sysctl -w kern.maxproc=1000 477.Ed 478.Pp 479Information about the system clock rate may be obtained with: 480.Bd -literal -offset indent -compact 481sysctl kern.clockrate 482.Ed 483.Pp 484Information about the load average history may be obtained with: 485.Bd -literal -offset indent -compact 486sysctl vm.loadavg 487.Ed 488.Pp 489To view the values of the per-process variables of the current shell, 490the request: 491.Bd -literal -offset indent -compact 492sysctl proc.$$ 493.Ed 494can be used if the shell interpreter replaces $$ with its pid (this is true 495for most shells). 496.Pp 497To redirect core dumps to the 498.Pa /var/tmp/ Ns Aq username 499directory, 500.Bd -literal -offset indent -compact 501sysctl -w proc.$$.corename=/var/tmp/%u/%n.core 502.Ed 503should be used. 504.Bd -literal -offset indent -compact 505sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core 506.Ed 507changes the value for the sysctl process itself, and will not have the desired 508effect. 509.Pp 510To create the root of a new sub-tree called 511.Dq local 512add some children to the new node, and some descriptions: 513.Bd -literal -offset indent -compact 514sysctl -w //create=local 515sysctl -w //describe=local=my local sysctl tree 516sysctl -w //create=local.esm_debug,type=int,symbol=esm_debug,flags=w 517sysctl -w //describe=local.esm_debug=esm driver debug knob 518sysctl -w //create=local.audiodebug,type=int,symbol=audiodebug,flags=w 519sysctl -w //describe=local.audiodebug=generic audio debug knob 520.Ed 521Note that the children are made writable so that the two debug 522settings in question can be tuned arbitrarily. 523.Pp 524To destroy that same subtree: 525.Bd -literal -offset indent -compact 526sysctl -w //destroy=local.esm_debug 527sysctl -w //destroy=local.audiodebug 528sysctl -w //destroy=local 529.Ed 530.Sh SEE ALSO 531.Xr sysctl 3 , 532.Xr ksyms 4 , 533.Xr sysctl 7 534.Sh HISTORY 535.Nm sysctl 536first appeared in 537.Bx 4.4 . 538