1.\" $NetBSD: sysctl.8,v 1.134 2005/12/21 12:21:06 yamt Exp $ 2.\" 3.\" Copyright (c) 2004 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the NetBSD 17.\" Foundation, Inc. and its contributors. 18.\" 4. Neither the name of The NetBSD Foundation nor the names of its 19.\" contributors may be used to endorse or promote products derived 20.\" from this software without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 23.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 26.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32.\" POSSIBILITY OF SUCH DAMAGE. 33.\" 34.\" 35.\" Copyright (c) 1993 36.\" The Regents of the University of California. All rights reserved. 37.\" 38.\" Redistribution and use in source and binary forms, with or without 39.\" modification, are permitted provided that the following conditions 40.\" are met: 41.\" 1. Redistributions of source code must retain the above copyright 42.\" notice, this list of conditions and the following disclaimer. 43.\" 2. Redistributions in binary form must reproduce the above copyright 44.\" notice, this list of conditions and the following disclaimer in the 45.\" documentation and/or other materials provided with the distribution. 46.\" 3. Neither the name of the University nor the names of its contributors 47.\" may be used to endorse or promote products derived from this software 48.\" without specific prior written permission. 49.\" 50.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 51.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 54.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60.\" SUCH DAMAGE. 61.\" 62.\" @(#)sysctl.8 8.1 (Berkeley) 6/6/93 63.\" 64.Dd December 21, 2005 65.Dt SYSCTL 8 66.Os 67.Sh NAME 68.Nm sysctl 69.Nd get or set kernel state 70.Sh SYNOPSIS 71.Nm sysctl 72.Op Fl AdeMn 73.Oo 74.Fl r | 75.Fl x 76.Oc 77.Op Ar name ... 78.Nm sysctl 79.Op Fl nq 80.Oo 81.Fl r | 82.Fl x 83.Oc 84.Fl w 85.Ar name Ns Li = Ns Ar value ... 86.Nm sysctl 87.Op Fl en 88.Oo 89.Fl r | 90.Fl x 91.Oc 92.Fl a 93.Nm sysctl 94.Op Fl nq 95.Oo 96.Fl r | 97.Fl x 98.Oc 99.Fl f 100.Ar file 101.Sh DESCRIPTION 102The 103.Nm sysctl 104utility retrieves kernel state and allows processes with 105appropriate privilege to set kernel state. 106The state to be retrieved or set is described using a 107``Management Information Base'' (``MIB'') style name, 108described as a dotted set of components. 109The 110.Sq / 111character may also be used as a separator and a leading separator 112character is accepted. 113If 114.Ar name 115specifies a non-leaf node in the MIB, all the nodes underneath 116.Ar name 117will be printed. 118.Pp 119The following options are available: 120.Bl -tag -width indent 121.It Fl A 122List all the known MIB names including tables, unless any MIB 123arguments or 124.Fl f Ar file 125are given. 126Those with string or integer values will be printed as with the 127.Fl a 128flag; for table or structure values that 129.Nm 130is not able to print, 131the name of the utility to retrieve them is given. 132Errors in retrieving or setting values will be directed to stdout 133instead of stderr. 134.It Fl a 135List all the currently available string or integer values. 136The use of a solitary separator character (either 137.Sq \&. 138or 139.Sq / ) 140by 141itself has the same effect. 142Any given 143.Ar name 144arguments are ignored if this option is specified. 145.It Fl d 146Descriptions of each of the nodes selected will be printed instead of 147their values. 148.It Fl e 149Separate the name and the value of the variable(s) with 150.Ql = . 151This is useful for producing output which can be fed back to the 152.Nm 153utility. 154This option is ignored if 155.Fl n 156is specified or a variable is being set. 157.It Fl f 158Specifies the name of a file to read and process. 159Blank lines and comments (beginning with 160.Ql # ) 161are ignored. 162Line continuations with 163.Ql \e 164are permitted. 165Remaining lines are processed similarly to 166command line arguments of the form 167.Ar name 168or 169.Ar name Ns Li = Ns Ar value . 170The 171.Fl w 172flag is implied by 173.Fl f . 174Any 175.Ar name 176arguments are ignored. 177.It Fl M 178Makes 179.Nm 180print the MIB instead of any of the actual values contained in the 181MIB. 182This causes the entire MIB to be printed unless specific MIB arguments 183or 184.Fl f Ar file 185are also given. 186.It Fl n 187Specifies that the printing of the field name should be 188suppressed and that only its value should be output. 189This flag is useful for setting shell variables. 190For example, to save the pagesize in variable psize, use: 191.Bd -literal -offset indent -compact 192set psize=`sysctl -n hw.pagesize` 193.Ed 194.It Fl q 195Used to indicate that nothing should be printed for writes unless an 196error is detected. 197.It Fl r 198Raw output form. 199Values printed are in their raw binary forms as retrieved directly 200from the kernel. 201Some additional nodes that 202.Nm 203cannot print directly can be retrieved with this flag. 204This option conflicts with the 205.Fl x 206option. 207.It Fl w 208Sets the MIB style name given to the value given. 209The MIB style name and value must be separated by 210.Ql = 211with no whitespace. 212Only integral and string values can be set via this method. 213.It Fl x 214Makes 215.Nm 216print the requested value in a hexadecimal representation instead of 217its regular form. 218If specified more than once, the output for each value resembles that of 219.Xr hexdump 1 220when given the 221.Fl C 222flag. 223This option conflicts with the 224.Fl r 225option. 226.Pp 227.El 228The 229.Ql proc 230top-level MIB has a special semantic: it represent per-process values 231and as such may differ from one process to another. 232The second-level name is the pid of the process (in decimal form), 233or the special word 234.Ql curproc . 235For variables below 236.Ql proc. Ns Ao pid Ac Ns .rlimit , 237the integer value may be replaced 238with the string 239.Ql unlimited 240if it matches the magic value used to disable 241a limit. 242.Pp 243The information available from 244.Nm sysctl 245consists of integers, strings, and tables. 246The tabular information can only be retrieved by special 247purpose programs such as 248.Nm ps , 249.Nm systat , 250and 251.Nm netstat . 252The string and integer information is summarized below. 253For a detailed description of these variable see 254.Xr sysctl 3 . 255The changeable column indicates whether a process with appropriate 256privilege can change the value. 257.Bl -column proc.xpidx.rlimit.coredumpsize.hardxxxxxx integerxxx 258.It Sy Name Type Changeable 259.It ddb.commandonenter string yes 260.It ddb.fromconsole integer yes 261.It ddb.lines integer yes 262.It ddb.maxoff integer yes 263.It ddb.maxwidth integer yes 264.It ddb.onpanic integer yes 265.It ddb.radix integer yes 266.It ddb.tabstops integer yes 267.It hw.alignbytes integer no 268.It hw.byteorder integer no 269.It hw.disknames string no 270.It hw.diskstats struct no 271.It hw.machine string no 272.It hw.machine_arch string no 273.It hw.model string no 274.It hw.ncpu integer no 275.It hw.pagesize integer no 276.It hw.physmem integer no 277.It hw.physmem64 quad no 278.It hw.usermem integer no 279.It hw.usermem64 quad no 280.It hw.cnmagic string yes 281.It kern.argmax integer no 282.It kern.autonicetime integer yes 283.It kern.autoniceval integer yes 284.It kern.boottime struct no 285.It kern.bufq.strategies string no 286.It kern.ccpu integer no 287.It kern.chown_restricted integer no 288.It kern.clockrate struct no 289.It kern.consdev integer no 290.It kern.cp_time struct no 291.It kern.defcorename string yes 292.It kern.domainname string yes 293.It kern.drivers struct no 294.It kern.forkfsleep integer yes 295.It kern.fscale integer no 296.It kern.fsync integer no 297.It kern.hostid integer yes 298.It kern.hostname string yes 299.It kern.iov_max integer no 300.It kern.job_control integer no 301.It kern.labeloffset integer no 302.It kern.labelsector integer no 303.It kern.link_max integer no 304.It kern.login_name_max integer no 305.It kern.logsigexit integer yes 306.It kern.max_canon integer no 307.It kern.max_input integer no 308.It kern.maxfiles integer yes 309.It kern.maxpartitions integer no 310.It kern.maxproc integer yes 311.It kern.maxptys integer yes, special 312.It kern.maxvnodes integer raise only 313.It kern.mapped_files integer no 314.It kern.maxphys integer no 315.It kern.memlock integer no 316.It kern.memlock_range integer no 317.It kern.memory_protection integer no 318.It kern.mbuf.mblowat integer yes 319.It kern.mbuf.mcllowat integer yes 320.It kern.mbuf.mclsize integer no 321.It kern.mbuf.msize integer no 322.It kern.mbuf.nmbclusters integer raise only 323.It kern.monotonic_clock integer no 324.It kern.msgbuf struct no 325.It kern.msgbufsize integer no 326.It kern.name_max integer no 327.It kern.ngroups integer no 328.It kern.no_trunc integer no 329.It kern.ntptime struct no 330.It kern.hardclock_ticks integer no 331.It kern.osrelease string no 332.It kern.osrevision integer no 333.It kern.ostype string no 334.It kern.path_max integer no 335.It kern.pipe.maxkvasz integer yes 336.It kern.pipe.maxloankvasz integer yes 337.It kern.pipe.maxbigpipes integer yes 338.It kern.pipe.nbigpipes integer no 339.It kern.pipe.kvasize integer no 340.It kern.posix1version integer no 341.It kern.posix_barriers integer no 342.It kern.posix_reader_writer_locks integer no 343.It kern.posix_semaphores integer no 344.It kern.posix_spin_locks integer no 345.It kern.posix_timers integer no 346.It kern.posix_threads integer no 347.It kern.proc2 struct no 348.It kern.proc_args string yes 349.It kern.rawpartition integer no 350.It kern.root_device string no 351.It kern.root_partition integer no 352.It kern.rtc_offset integer yes 353.It kern.saved_ids integer no 354.It kern.sbmax integer yes 355.It kern.securelevel integer raise only 356.It kern.somaxkva integer yes 357.It kern.synchronized_io integer no 358.It kern.sysvipc_info struct no 359.It kern.sysvmsg integer no 360.It kern.sysvsem integer no 361.It kern.sysvshm integer no 362.It kern.timex struct no 363.It kern.tkstat.nin quad no 364.It kern.tkstat.nout quad no 365.It kern.tkstat.cancc quad no 366.It kern.tkstat.rawcc quad no 367.It kern.urnd integer no 368.It kern.vdisable integer no 369.It kern.veriexec.verbose integer yes 370.It kern.veriexec.strict integer raise only 371.It kern.veriexec.algorithms string no 372.It kern.veriexec.count.dev_\*[Lt]id\*[Gt] quad no 373.It kern.version string no 374.It machdep.console_device dev_t no 375.It net.bpf.maxbufsize integer yes 376.It net.bpf.stats struct no 377.It net.bpf.peers struct no 378.It net.inet.arp.prune integer yes 379.It net.inet.arp.keep integer yes 380.It net.inet.arp.down integer yes 381.It net.inet.arp.refresh integer yes 382.It net.inet.icmp.maskrepl integer yes 383.It net.inet.icmp.errppslimit integer yes 384.It net.inet.icmp.rediraccept integer yes 385.It net.inet.icmp.redirtimeout integer yes 386.It net.inet.ip.allowsrcrt integer yes 387.It net.inet.ip.anonportmax integer yes 388.It net.inet.ip.anonportmin integer yes 389.It net.inet.ip.checkinterface integer yes 390.It net.inet.ip.directed-broadcast integer yes 391.It net.inet.ip.forwarding integer yes 392.It net.inet.ip.forwsrcrt integer yes 393.It net.inet.ip.maxfragpacket integer yes 394.It net.inet.ip.lowportmax integer yes 395.It net.inet.ip.lowportmin integer yes 396.It net.inet.ip.mtudisc integer yes 397.It net.inet.ip.mtudisctimeout integer yes 398.It net.inet.ip.redirect integer yes 399.It net.inet.ip.subnetsarelocal integer yes 400.It net.inet.ip.ttl integer yes 401.It net.inet.ipsec.ah_cleartos integer yes 402.It net.inet.ipsec.ah_net_deflev integer yes 403.It net.inet.ipsec.ah_offsetmask integer yes 404.It net.inet.ipsec.ah_trans_deflev integer yes 405.It net.inet.ipsec.def_policy integer yes 406.It net.inet.ipsec.dfbit integer yes 407.It net.inet.ipsec.ecn integer yes 408.It net.inet.ipsec.esp_net_deflev integer yes 409.It net.inet.ipsec.esp_trans_deflev integer yes 410.It net.inet.ipsec.inbound_call_ike integer yes 411.It net.inet.tcp.ack_on_push integer yes 412.It net.inet.tcp.compat_42 integer yes 413.It net.inet.tcp.cwm integer yes 414.It net.inet.tcp.cwm_burstsize integer yes 415.It net.inet.tcp.init_win integer yes 416.It net.inet.tcp.init_win_local integer yes 417.It net.inet.tcp.keepcnt integer yes 418.It net.inet.tcp.keepidle integer yes 419.It net.inet.tcp.keepintvl integer yes 420.It net.inet.tcp.log_refused integer yes 421.It net.inet.tcp.mss_ifmtu integer yes 422.It net.inet.tcp.mssdflt integer yes 423.It net.inet.tcp.recvspace integer yes 424.It net.inet.tcp.rfc1323 integer yes 425.It net.inet.tcp.rstppslimit integer yes 426.It net.inet.tcp.sack integer yes 427.It net.inet.tcp.sendspace integer yes 428.It net.inet.tcp.slowhz integer no 429.It net.inet.tcp.syn_bucket_limit integer yes 430.It net.inet.tcp.syn_cache_interval integer yes 431.It net.inet.tcp.syn_cache_limit integer yes 432.It net.inet.tcp.timestamps integer yes 433.It net.inet.tcp.win_scale integer yes 434.It net.inet.tcp.ident struct no 435.It net.inet.tcp.debug struct no 436.It net.inet.tcp.debx integer no 437.It net.inet.udp.checksum integer yes 438.It net.inet.udp.recvspace integer yes 439.It net.inet.udp.sendspace integer yes 440.It net.ns.spp.debug struct yes 441.It net.ns.spp.debx integer yes 442.It net.inet6.icmp6.errppslimit integer yes 443.It net.inet6.icmp6.mtudisc_hiwat integer yes 444.It net.inet6.icmp6.mtudisc_lowat integer yes 445.It net.inet6.icmp6.nd6_debug integer yes 446.It net.inet6.icmp6.nd6_delay integer yes 447.It net.inet6.icmp6.nd6_maxnudhint integer yes 448.It net.inet6.icmp6.nd6_mmaxtries integer yes 449.It net.inet6.icmp6.nd6_prune integer yes 450.It net.inet6.icmp6.nd6_umaxtries integer yes 451.It net.inet6.icmp6.nd6_useloopback integer yes 452.It net.inet6.icmp6.nodeinfo integer yes 453.It net.inet6.icmp6.rediraccept integer yes 454.It net.inet6.icmp6.redirtimeout integer yes 455.It net.inet6.ip6.accept_rtadv integer yes 456.It net.inet6.ip6.anonportmax integer yes 457.It net.inet6.ip6.anonportmin integer yes 458.It net.inet6.ip6.auto_flowlabel integer yes 459.It net.inet6.ip6.v6only integer yes 460.It net.inet6.ip6.dad_count integer yes 461.It net.inet6.ip6.defmcasthlim integer yes 462.It net.inet6.ip6.forwarding integer yes 463.It net.inet6.ip6.gif_hlim integer yes 464.It net.inet6.ip6.hdrnestlimit integer yes 465.It net.inet6.ip6.hlim integer yes 466.It net.inet6.ip6.kame_version string no 467.It net.inet6.ip6.keepfaith integer yes 468.It net.inet6.ip6.log_interval integer yes 469.It net.inet6.ip6.lowportmax integer yes 470.It net.inet6.ip6.lowportmin integer yes 471.It net.inet6.ip6.maxfragpackets integer yes 472.It net.inet6.ip6.maxfrags integer yes 473.It net.inet6.ip6.redirect integer yes 474.It net.inet6.ip6.rr_prune integer yes 475.It net.inet6.ip6.use_deprecated integer yes 476.It net.inet6.ipsec6.ah_net_deflev integer yes 477.It net.inet6.ipsec6.ah_trans_deflev integer yes 478.It net.inet6.ipsec6.def_policy integer yes 479.It net.inet6.ipsec6.ecn integer yes 480.It net.inet6.ipsec6.esp_net_deflev integer yes 481.It net.inet6.ipsec6.esp_trans_deflev integer yes 482.It net.inet6.ipsec6.inbound_call_ike integer yes 483.It net.inet6.udp6.recvspace integer yes 484.It net.inet6.udp6.sendspace integer yes 485.It net.key.acq_exp_int integer yes 486.It net.key.acq_maxtime integer yes 487.It net.key.ah_keymin integer yes 488.It net.key.debug integer yes 489.It net.key.esp_auth integer yes 490.It net.key.esp_keymin integer yes 491.It net.key.kill_int integer yes 492.It net.key.spi_max_value integer yes 493.It net.key.spi_min_value integer yes 494.It net.key.spi_try integer yes 495.It proc.\*[Lt]pid\*[Gt].corename string yes 496.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.hard integer yes 497.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.soft integer yes 498.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.hard integer yes 499.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.soft integer yes 500.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.hard integer yes 501.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.soft integer yes 502.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.hard integer yes 503.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.soft integer yes 504.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.hard integer yes 505.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.soft integer yes 506.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.hard integer yes 507.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.soft integer yes 508.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.hard integer yes 509.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.soft integer yes 510.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.hard integer yes 511.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.soft integer yes 512.It proc.\*[Lt]pid\*[Gt].stopexec int yes 513.It proc.\*[Lt]pid\*[Gt].stopfork int yes 514.It security.curtain integer yes 515.It user.bc_base_max integer no 516.It user.bc_dim_max integer no 517.It user.bc_scale_max integer no 518.It user.bc_string_max integer no 519.It user.coll_weights_max integer no 520.It user.cs_path string no 521.It user.expr_nest_max integer no 522.It user.line_max integer no 523.It user.posix2_c_bind integer no 524.It user.posix2_c_dev integer no 525.It user.posix2_char_term integer no 526.It user.posix2_fort_dev integer no 527.It user.posix2_fort_run integer no 528.It user.posix2_localedef integer no 529.It user.posix2_sw_dev integer no 530.It user.posix2_upe integer no 531.It user.posix2_version integer no 532.It user.re_dup_max integer no 533.It vendor.\*[Lt]vendor\*[Gt].* ? vendor specific 534.It vfs.generic.usermount integer yes 535.It vfs.generic.fstypes string yes 536.It vfs.ffs.doasyncfree integer yes 537.It vfs.ffs.log_changeopt integer yes 538.It vfs.nfs.iothreads integer yes 539.It vfs.cd9660.utf8_joliet integer yes 540.It vfs.sync.delay integer yes 541.It vfs.sync.filedelay integer yes 542.It vfs.sync.dirdelay integer yes 543.It vfs.sync.metadelay integer yes 544.It vm.anonmax integer yes 545.It vm.anonmin integer yes 546.It vm.bufcache integer yes 547.It vm.bufmem integer no 548.It vm.bufmem_lowater integer yes 549.It vm.bufmem_hiwater integer yes 550.It vm.execmax integer yes 551.It vm.execmin integer yes 552.It vm.filemax integer yes 553.It vm.filemin integer yes 554.It vm.inactivepct integer yes 555.It vm.idlezero integer yes 556.It vm.loadavg struct no 557.It vm.nkmempages integer no 558.It vm.uvmexp struct no 559.It vm.uvmexp2 struct no 560.It vm.vmmeter struct no 561.El 562.Pp 563Entries found under 564.Dq vendor. Ns Aq vendor 565are left to be specified (and used) by vendors 566using the 567.Nx 568operating system in their products. 569Values and structure are vendor-defined, and no registry 570exists right now. 571.Sh CREATION AND DELETION 572New nodes are allowed to be created by the superuser when the kernel 573is running at security level 0. 574These new nodes may refer to existing kernel data or to new data that 575is only instrumented by 576.Xr sysctl 3 577itself. 578.Pp 579The syntax for creating new nodes is 580.Dq //create=new.node.path 581followed by one or more of the following attributes separated by 582commas. 583The use of a double separator (both 584.Sq / 585and 586.Sq \&. 587can be used as 588separators) as the prefix tells sysctl that the first series of tokens 589is not a MIB name, but a command. 590It is recommended that the double separator preceding the command not 591be the same as the separator used in naming the MIB entry so as to 592avoid possible parse conflicts. 593The 594.Dq value 595assigned, if one is given, must be last. 596.Pp 597.Bl -bullet -compact 598.It 599.Ar type= Ns Aq Ar T 600where 601.Ar T 602must be one of 603.Dq node , 604.Dq int , 605.Dq string , 606.Dq quad , 607or 608.Dq struct . 609If the type is omitted, the 610.Dq node 611type is assumed. 612.It 613.Ar size= Ns Aq Ar S 614here, 615.Ar S 616asserts the size of the new node. 617Nodes of type 618.Dq node 619should not have a size set. 620The size may be omitted for nodes of types 621.Dq int 622or 623.Dq quad . 624If the size is omitted for a node of type 625.Dq string , 626the size will be determined by the length of the given value, or by 627the kernel for kernel strings. 628Nodes of type 629.Dq struct 630must have their size explicitly set. 631.It 632.Ar addr= Ns Aq Ar A 633or 634.Ar symbol= Ns Aq Ar A 635The kernel address of the data being instrumented. 636If 637.Dq symbol 638is used, the symbol must be globally visible to the in-kernel 639.Xr ksyms 4 640driver. 641.It 642.Ar n= Ns Aq Ar N 643The MIB number to be assigned to the new node. 644If no number is specified, the kernel will assign a value. 645.It 646.Ar flags= Ns Aq Ar F 647A concatenated string of single letters that govern the behavior of 648the node. 649Flags currently available are: 650.Bl -tag -width www 651.It a 652Allow anyone to write to the node, if it is writable. 653.It h 654.Dq Hidden . 655.Nm 656must be invoked with 657.Fl A 658or the hidden node must be specifically requested in order to see it 659.It i 660.Dq Immediate . 661Makes the node store data in itself, rather than allocating new space 662for it. 663This is the default for nodes of type 664.Dq int 665and 666.Dq quad . 667This is the opposite of owning data. 668.It o 669.Dq Own . 670When the node is created, separate space will be allocated to store 671the data to be instrumented. 672This is the default for nodes of type 673.Dq string 674and 675.Dq struct 676where it is not possible to guarantee sufficient space to store the 677data in the node itself. 678.It p 679.Dq Private . 680Nodes that are marked private, and children of nodes so marked, are 681only viewable by the superuser. 682Be aware that the immediate data that some nodes may store is not 683necessarily protected by this. 684.It x 685.Dq Hexadecimal . 686Make 687.Nm 688default to hexadecimal display of the retrieved value 689.It r 690.Dq Read-only . 691The data instrumented by the given node is read-only. 692Note that other mechanisms may still exist for changing the data. 693This is the default for nodes that instrument data. 694.It w 695.Dq Writable . 696The data instrumented by the given node is writable at any time. 697This is the default for nodes that can have children. 698.It 1 699.Dq Read-only at securelevel 1 . 700The data instrumented by this node is writable until the securelevel 701reaches or passes securelevel 1. 702Examples of this include some network tunables. 703.It 2 704.Dq Read-only at securelevel 2 . 705The data instrumented by this node is writable until the securelevel 706reaches or passes securelevel 2. 707An example of this is the per-process core filename setting. 708.El 709.Pp 710.It 711.Ar value= Ns Aq Ar V 712An initial starting value for a new node that does not reference 713existing kernel data. 714Initial values can only be assigned for nodes of the 715.Dq int , 716.Dq quad , 717and 718.Dq string 719types. 720.El 721.Pp 722New nodes must fit the following set of criteria: 723.Pp 724.Bl -bullet -compact 725.It 726If the new node is to address an existing kernel object, only one of the 727.Dq symbol 728or 729.Dq addr 730arguments may be given. 731.It 732The size for a 733.Dq struct 734type node must be specified; no initial value is expected or permitted. 735.It 736Either the size or the initial value for a 737.Dq string 738node must be given. 739.It 740The node which will be the parent of the new node must be writable. 741.El 742.Pp 743If any of the given parameters describes an invalid configuration, 744.Nm 745will emit a diagnostic message to the standard error and exit. 746.Pp 747Descriptions can be added by the super-user to any node that does not 748have one, provided that the node is not marked with the 749.Dq PERMANENT 750flag. 751The syntax is similar to the syntax for creating new nodes with the 752exception of the keyword that follows the double separator at the 753start of the command: 754.Dq //describe=new.node.path=new node description . 755Once a description has been added, it cannot be changed or removed. 756.Pp 757When destroying nodes, only the path to the node is necessary, i.e., 758.Dq //destroy=old.node.path . 759No other parameters are expected or permitted. 760Nodes being destroyed must have no children, and their parent must be 761writable. 762Nodes that are marked with the 763.Dq Dv PERMANENT 764flag (as assigned by the kernel) may not be deleted. 765.Pp 766In all cases, the initial 767.Sq = 768that follows the command (eg, 769.Dq create , 770.Dq destroy , 771or 772.Dq describe ) 773may be replaced with another instance of the separator character, 774provided that the same separator character is used for the length of 775the name specification. 776.Sh FILES 777.Bl -tag -width xnetinet6/udp6Xvar.hx -compact 778.It Pa /etc/sysctl.conf 779.Nm 780variables set at boot time 781.It Aq Pa sys/sysctl.h 782definitions for top level identifiers, second level kernel, hardware, 783and security identifiers, and user level identifiers 784.It Aq Pa sys/socket.h 785definitions for second level network identifiers 786.It Aq Pa sys/gmon.h 787definitions for third level profiling identifiers 788.It Aq Pa uvm/uvm_param.h 789definitions for second level virtual memory identifiers 790.It Aq Pa netinet/in.h 791definitions for third level IPv4/v6 identifiers and 792fourth level IPv4/v6 identifiers 793.It Aq Pa netinet/icmp_var.h 794definitions for fourth level ICMP identifiers 795.It Aq Pa netinet/icmp6.h 796definitions for fourth level ICMPv6 identifiers 797.It Aq Pa netinet/tcp_var.h 798definitions for fourth level TCP identifiers 799.It Aq Pa netinet/udp_var.h 800definitions for fourth level UDP identifiers 801.It Aq Pa netinet6/udp6_var.h 802definitions for fourth level IPv6 UDP identifiers 803.It Aq Pa netinet6/ipsec.h 804definitions for fourth level IPsec identifiers 805.It Aq Pa netkey/key_var.h 806definitions for third level PF_KEY identifiers 807.It Aq Pa sys/verified_exec.h 808definitions for third level verified exec identifiers 809.El 810.Sh EXAMPLES 811For example, to retrieve the maximum number of processes allowed 812in the system, one would use the following request: 813.Bd -literal -offset indent -compact 814sysctl kern.maxproc 815.Ed 816.Pp 817To set the maximum number of processes allowed 818in the system to 1000, one would use the following request: 819.Bd -literal -offset indent -compact 820sysctl -w kern.maxproc=1000 821.Ed 822.Pp 823Information about the system clock rate may be obtained with: 824.Bd -literal -offset indent -compact 825sysctl kern.clockrate 826.Ed 827.Pp 828Information about the load average history may be obtained with: 829.Bd -literal -offset indent -compact 830sysctl vm.loadavg 831.Ed 832.Pp 833To view the values of the per-process variables of the current shell, 834the request: 835.Bd -literal -offset indent -compact 836sysctl proc.$$ 837.Ed 838can be used if the shell interpreter replaces $$ with its pid (this is true 839for most shells). 840.Pp 841To redirect core dumps to the 842.Pa /var/tmp/ Ns Aq username 843directory, 844.Bd -literal -offset indent -compact 845sysctl -w proc.$$.corename=/var/tmp/%u/%n.core 846.Ed 847should be used. 848.Bd -literal -offset indent -compact 849sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core 850.Ed 851changes the value for the sysctl process itself, and will not have the desired 852effect. 853.Pp 854To create the root of a new sub-tree called 855.Dq local 856add some children to the new node, and some descriptions: 857.Bd -literal -offset indent -compact 858sysctl -w //create=local 859sysctl -w //describe=local=my local sysctl tree 860sysctl -w //create=local.esm_debug,type=int,symbol=esm_debug,flags=w 861sysctl -w //describe=local.esm_debug=esm driver debug knob 862sysctl -w //create=local.audiodebug,type=int,symbol=audiodebug,flags=w 863sysctl -w //describe=local.audiodebug=generic audio debug knob 864.Ed 865Note that the children are made writable so that the two debug 866settings in question can be tuned arbitrarily. 867.Pp 868To destroy that same subtree: 869.Bd -literal -offset indent -compact 870sysctl -w //destroy=local.esm_debug 871sysctl -w //destroy=local.audiodebug 872sysctl -w //destroy=local 873.Ed 874.Sh SEE ALSO 875.Xr sysctl 3 , 876.Xr ksyms 4 877.Sh HISTORY 878.Nm sysctl 879first appeared in 880.Bx 4.4 . 881