1.\" $NetBSD: sysctl.8,v 1.154 2006/09/26 14:48:40 elad Exp $ 2.\" 3.\" Copyright (c) 2004 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the NetBSD 17.\" Foundation, Inc. and its contributors. 18.\" 4. Neither the name of The NetBSD Foundation nor the names of its 19.\" contributors may be used to endorse or promote products derived 20.\" from this software without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 23.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 26.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32.\" POSSIBILITY OF SUCH DAMAGE. 33.\" 34.\" 35.\" Copyright (c) 1993 36.\" The Regents of the University of California. All rights reserved. 37.\" 38.\" Redistribution and use in source and binary forms, with or without 39.\" modification, are permitted provided that the following conditions 40.\" are met: 41.\" 1. Redistributions of source code must retain the above copyright 42.\" notice, this list of conditions and the following disclaimer. 43.\" 2. Redistributions in binary form must reproduce the above copyright 44.\" notice, this list of conditions and the following disclaimer in the 45.\" documentation and/or other materials provided with the distribution. 46.\" 3. Neither the name of the University nor the names of its contributors 47.\" may be used to endorse or promote products derived from this software 48.\" without specific prior written permission. 49.\" 50.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 51.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 54.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60.\" SUCH DAMAGE. 61.\" 62.\" @(#)sysctl.8 8.1 (Berkeley) 6/6/93 63.\" 64.Dd September 26, 2006 65.Dt SYSCTL 8 66.Os 67.Sh NAME 68.Nm sysctl 69.Nd get or set kernel state 70.Sh SYNOPSIS 71.Nm sysctl 72.Op Fl AdeMn 73.Oo 74.Fl r | 75.Fl x 76.Oc 77.Op Ar name ... 78.Nm sysctl 79.Op Fl nq 80.Oo 81.Fl r | 82.Fl x 83.Oc 84.Fl w 85.Ar name Ns Li = Ns Ar value ... 86.Nm sysctl 87.Op Fl en 88.Oo 89.Fl r | 90.Fl x 91.Oc 92.Fl a 93.Nm sysctl 94.Op Fl nq 95.Oo 96.Fl r | 97.Fl x 98.Oc 99.Fl f 100.Ar file 101.Sh DESCRIPTION 102The 103.Nm sysctl 104utility retrieves kernel state and allows processes with 105appropriate privilege to set kernel state. 106The state to be retrieved or set is described using a 107``Management Information Base'' (``MIB'') style name, 108described as a dotted set of components. 109The 110.Sq / 111character may also be used as a separator and a leading separator 112character is accepted. 113If 114.Ar name 115specifies a non-leaf node in the MIB, all the nodes underneath 116.Ar name 117will be printed. 118.Pp 119The following options are available: 120.Bl -tag -width indent 121.It Fl A 122List all the known MIB names including tables, unless any MIB 123arguments or 124.Fl f Ar file 125are given. 126Those with string or integer values will be printed as with the 127.Fl a 128flag; for table or structure values that 129.Nm 130is not able to print, 131the name of the utility to retrieve them is given. 132Errors in retrieving or setting values will be directed to stdout 133instead of stderr. 134.It Fl a 135List all the currently available string or integer values. 136The use of a solitary separator character (either 137.Sq \&. 138or 139.Sq / ) 140by 141itself has the same effect. 142Any given 143.Ar name 144arguments are ignored if this option is specified. 145.It Fl d 146Descriptions of each of the nodes selected will be printed instead of 147their values. 148.It Fl e 149Separate the name and the value of the variable(s) with 150.Ql = . 151This is useful for producing output which can be fed back to the 152.Nm 153utility. 154This option is ignored if 155.Fl n 156is specified or a variable is being set. 157.It Fl f 158Specifies the name of a file to read and process. 159Blank lines and comments (beginning with 160.Ql # ) 161are ignored. 162Line continuations with 163.Ql \e 164are permitted. 165Remaining lines are processed similarly to 166command line arguments of the form 167.Ar name 168or 169.Ar name Ns Li = Ns Ar value . 170The 171.Fl w 172flag is implied by 173.Fl f . 174Any 175.Ar name 176arguments are ignored. 177.It Fl M 178Makes 179.Nm 180print the MIB instead of any of the actual values contained in the 181MIB. 182This causes the entire MIB to be printed unless specific MIB arguments 183or 184.Fl f Ar file 185are also given. 186.It Fl n 187Specifies that the printing of the field name should be 188suppressed and that only its value should be output. 189This flag is useful for setting shell variables. 190For example, to save the pagesize in variable psize, use: 191.Bd -literal -offset indent -compact 192set psize=`sysctl -n hw.pagesize` 193.Ed 194.It Fl q 195Used to indicate that nothing should be printed for writes unless an 196error is detected. 197.It Fl r 198Raw output form. 199Values printed are in their raw binary forms as retrieved directly 200from the kernel. 201Some additional nodes that 202.Nm 203cannot print directly can be retrieved with this flag. 204This option conflicts with the 205.Fl x 206option. 207.It Fl w 208Sets the MIB style name given to the value given. 209The MIB style name and value must be separated by 210.Ql = 211with no whitespace. 212Only integral and string values can be set via this method. 213.It Fl x 214Makes 215.Nm 216print the requested value in a hexadecimal representation instead of 217its regular form. 218If specified more than once, the output for each value resembles that of 219.Xr hexdump 1 220when given the 221.Fl C 222flag. 223This option conflicts with the 224.Fl r 225option. 226.Pp 227.El 228The 229.Ql proc 230top-level MIB has a special semantic: it represent per-process values 231and as such may differ from one process to another. 232The second-level name is the pid of the process (in decimal form), 233or the special word 234.Ql curproc . 235For variables below 236.Ql proc. Ns Ao pid Ac Ns .rlimit , 237the integer value may be replaced 238with the string 239.Ql unlimited 240if it matches the magic value used to disable 241a limit. 242.Pp 243The information available from 244.Nm sysctl 245consists of integers, strings, and tables. 246The tabular information can only be retrieved by special 247purpose programs such as 248.Nm ps , 249.Nm systat , 250and 251.Nm netstat . 252The string and integer information is summarized below. 253For a detailed description of these variable see 254.Xr sysctl 3 . 255The changeable column indicates whether a process with appropriate 256privilege can change the value. 257.Bl -column proc.xpidx.rlimit.coredumpsize.hardxxxxxx integerxxx 258.It Sy Name Type Changeable 259.It ddb.commandonenter string yes 260.It ddb.fromconsole integer yes 261.It ddb.lines integer yes 262.It ddb.maxoff integer yes 263.It ddb.maxwidth integer yes 264.It ddb.onpanic integer yes 265.It ddb.radix integer yes 266.It ddb.tabstops integer yes 267.It ddb.tee_msgbuf integer yes 268.It hw.alignbytes integer no 269.It hw.byteorder integer no 270.It hw.cnmagic integer yes 271.It hw.disknames string no 272.It hw.diskstats struct no 273.It hw.machine string no 274.It hw.machine_arch string no 275.It hw.model string no 276.It hw.ncpu integer no 277.It hw.pagesize integer no 278.It hw.physmem integer no 279.It hw.physmem64 quad no 280.It hw.usermem integer no 281.It hw.usermem64 quad no 282.It kern.argmax integer no 283.It kern.autonicetime integer yes 284.It kern.autoniceval integer yes 285.It kern.boottime struct no 286.It kern.bufq.strategies string no 287.It kern.ccpu integer no 288.It kern.clockrate struct no 289.It kern.consdev integer no 290.It kern.coredump node not applicable 291.It kern.coredump.setid node not applicable 292.It kern.coredump.setid.dump integer yes 293.It kern.coredump.setid.group integer yes 294.It kern.coredump.setid.mode integer yes 295.It kern.coredump.setid.owner integer yes 296.It kern.coredump.setid.path string yes 297.It kern.cp_id struct no 298.It kern.cp_time struct no 299.It kern.cryptodevallowsoft int yes 300.It kern.defcorename string yes 301.It kern.domainname string yes 302.It kern.dump_on_panic integer yes 303.It kern.drivers struct no 304.It kern.file struct no 305.It kern.forkfsleep integer yes 306.It kern.fscale integer no 307.It kern.fsync integer no 308.It kern.hardclock_ticks integer no 309.It kern.hostid integer yes 310.It kern.hostname string yes 311.It kern.iov_max integer no 312.It kern.job_control integer no 313.It kern.labeloffset integer no 314.It kern.labelsector integer no 315.It kern.login_name_max integer no 316.It kern.logsigexit integer yes 317.It kern.mapped_files integer no 318.It kern.maxfiles integer yes 319.It kern.maxpartitions integer no 320.It kern.maxphys integer no 321.It kern.maxproc integer yes 322.It kern.maxptys integer yes, special 323.It kern.maxvnodes integer raise only 324.It kern.mbuf.mblowat integer yes 325.It kern.mbuf.mclbytes integer no 326.It kern.mbuf.mcllowat integer yes 327.It kern.mbuf.mclsize integer no 328.It kern.mbuf.msize integer no 329.It kern.mbuf.nmbclusters integer raise only 330.It kern.memlock integer no 331.It kern.memlock_range integer no 332.It kern.memory_protection integer no 333.It kern.monotonic_clock integer no 334.It kern.msgbuf integer no 335.It kern.msgbufsize integer no 336.It kern.ngroups integer no 337.It kern.ntptime struct no 338.It kern.osrelease string no 339.It kern.osrevision integer no 340.It kern.ostype string no 341.It kern.pipe.kvasize integer no 342.It kern.pipe.maxbigpipes integer yes 343.It kern.pipe.maxkvasz integer yes 344.It kern.pipe.maxloankvasz integer yes 345.It kern.pipe.nbigpipes integer no 346.It kern.posix1version integer no 347.It kern.posix_barriers integer no 348.It kern.posix_reader_writer_locks integer no 349.It kern.posix_semaphores integer no 350.It kern.posix_spin_locks integer no 351.It kern.posix_threads integer no 352.It kern.posix_timers integer no 353.It kern.proc struct no 354.It kern.proc2 struct no 355.It kern.proc_args string yes 356.It kern.prof node not applicable 357.It kern.rawpartition integer no 358.It kern.root_device string no 359.It kern.root_partition integer no 360.It kern.rtc_offset integer yes 361.It kern.saved_ids integer no 362.It kern.sbmax integer yes 363.It kern.securelevel integer raise only 364.It kern.somaxkva integer yes 365.It kern.synchronized_io integer no 366.It kern.sysvipc_info struct no 367.It kern.sysvmsg integer no 368.It kern.sysvsem integer no 369.It kern.sysvshm integer no 370.It kern.timecounter.choice string no 371.It kern.timecounter.hardware string yes 372.It kern.timecounter.timestepwarnings integer yes 373.It kern.timex struct no 374.It kern.tkstat.cancc quad no 375.It kern.tkstat.nin quad no 376.It kern.tkstat.nout quad no 377.It kern.tkstat.rawcc quad no 378.It kern.urandom integer no 379.It kern.userasymcrypto int yes 380.It kern.usercrypto int yes 381.It kern.veriexec.verbose integer yes 382.It kern.veriexec.strict integer raise only 383.It kern.veriexec.algorithms string no 384.It kern.veriexec.count.table\*[Lt]N\*[Gt] quad no 385.It kern.veriexec.count.table\*[Lt]N\*[Gt].mntpt string no 386.It kern.veriexec.count.table\*[Lt]N\*[Gt].fstype string no 387.It kern.veriexec.count.table\*[Lt]N\*[Gt].nentries quad no 388.It kern.version string no 389.It kern.vnode struct no 390.It machdep.console_device dev_t no 391.It net.bpf.maxbufsize integer yes 392.It net.bpf.stats struct no 393.It net.bpf.peers struct no 394.It net.inet.arp.prune integer yes 395.It net.inet.arp.keep integer yes 396.It net.inet.arp.down integer yes 397.It net.inet.arp.refresh integer yes 398.It net.inet.carp.allow integer yes 399.It net.inet.carp.arpbalance integer yes 400.It net.inet.carp.log integer yes 401.It net.inet.carp.preempt integer yes 402.It net.inet.icmp.maskrepl integer yes 403.It net.inet.icmp.errppslimit integer yes 404.It net.inet.icmp.rediraccept integer yes 405.It net.inet.icmp.redirtimeout integer yes 406.It net.inet.icmp.returndatabytes integer yes 407.It net.inet.ip.allowsrcrt integer yes 408.It net.inet.ip.anonportmax integer yes 409.It net.inet.ip.anonportmin integer yes 410.It net.inet.ip.checkinterface integer yes 411.It net.inet.ip.directed-broadcast integer yes 412.It net.inet.ip.do_loopback_cksum integer yes 413.It net.inet.ip.forwarding integer yes 414.It net.inet.ip.forwsrcrt integer yes 415.It net.inet.ip.gifttl integer yes 416.It net.inet.ip.grettl integer yes 417.It net.inet.ip.hostzerobroadcast integer yes 418.It net.inet.ip.maxfragpackets integer yes 419.It net.inet.ip.lowportmax integer yes 420.It net.inet.ip.lowportmin integer yes 421.It net.inet.ip.maxflows integer yes 422.It net.inet.ip.mtudisc integer yes 423.It net.inet.ip.mtudisctimeout integer yes 424.It net.inet.ip.random_id integer yes 425.It net.inet.ip.redirect integer yes 426.It net.inet.ip.subnetsarelocal integer yes 427.It net.inet.ip.ttl integer yes 428.It net.inet.ip.ifq.drops integer no 429.It net.inet.ip.ifq.len integer no 430.It net.inet.ip.ifq.maxlen integer yes 431.It net.inet.ipsec.ah_cleartos integer yes 432.It net.inet.ipsec.ah_net_deflev integer yes 433.It net.inet.ipsec.ah_offsetmask integer yes 434.It net.inet.ipsec.ah_trans_deflev integer yes 435.It net.inet.ipsec.def_policy integer yes 436.It net.inet.ipsec.dfbit integer yes 437.It net.inet.ipsec.ecn integer yes 438.It net.inet.ipsec.esp_net_deflev integer yes 439.It net.inet.ipsec.esp_trans_deflev integer yes 440.It net.inet.ipsec.inbound_call_ike integer yes 441.It net.inet.tcp.ack_on_push integer yes 442.It net.inet.tcp.compat_42 integer yes 443.It net.inet.tcp.cwm integer yes 444.It net.inet.tcp.cwm_burstsize integer yes 445.It net.inet.tcp.delack_ticks integer yes 446.It net.inet.tcp.do_lookback_cksum integer yes 447.It net.inet.tcp.init_win integer yes 448.It net.inet.tcp.init_win_local integer yes 449.It net.inet.tcp.keepcnt integer yes 450.It net.inet.tcp.keepidle integer yes 451.It net.inet.tcp.keepintvl integer yes 452.It net.inet.tcp.log_refused integer yes 453.It net.inet.tcp.mss_ifmtu integer yes 454.It net.inet.tcp.mssdflt integer yes 455.It net.inet.tcp.newreno integer yes 456.It net.inet.tcp.recvspace integer yes 457.It net.inet.tcp.rfc1323 integer yes 458.It net.inet.tcp.rstppslimit integer yes 459.It net.inet.tcp.sack.enable integer yes 460.It net.inet.tcp.sack.globalholes integer no 461.It net.inet.tcp.sack.globalmaxholes integer yes 462.It net.inet.tcp.sack.maxholes integer yes 463.It net.inet.tcp.ecn.enable integer yes 464.It net.inet.tcp.ecn.maxretries integer yes 465.It net.inet.tcp.sendspace integer yes 466.It net.inet.tcp.slowhz integer no 467.It net.inet.tcp.syn_bucket_limit integer yes 468.It net.inet.tcp.syn_cache_interval integer yes 469.It net.inet.tcp.syn_cache_limit integer yes 470.It net.inet.tcp.timestamps integer yes 471.It net.inet.tcp.win_scale integer yes 472.It net.inet.tcp.ident struct no 473.It net.inet.tcp.debug struct no 474.It net.inet.tcp.debx integer no 475.It net.inet.udp.checksum integer yes 476.It net.inet.udp.do_loopback_cksum integer yes 477.It net.inet.udp.recvspace integer yes 478.It net.inet.udp.sendspace integer yes 479.It net.ns.spp.debug struct yes 480.It net.ns.spp.debx integer yes 481.It net.inet6.icmp6.errppslimit integer yes 482.It net.inet6.icmp6.mtudisc_hiwat integer yes 483.It net.inet6.icmp6.mtudisc_lowat integer yes 484.It net.inet6.icmp6.nd6_debug integer yes 485.It net.inet6.icmp6.nd6_delay integer yes 486.It net.inet6.icmp6.nd6_maxnudhint integer yes 487.It net.inet6.icmp6.nd6_mmaxtries integer yes 488.It net.inet6.icmp6.nd6_prune integer yes 489.It net.inet6.icmp6.nd6_umaxtries integer yes 490.It net.inet6.icmp6.nd6_useloopback integer yes 491.It net.inet6.icmp6.nodeinfo integer yes 492.It net.inet6.icmp6.rediraccept integer yes 493.It net.inet6.icmp6.redirtimeout integer yes 494.It net.inet6.ip6.accept_rtadv integer yes 495.It net.inet6.ip6.anonportmax integer yes 496.It net.inet6.ip6.anonportmin integer yes 497.It net.inet6.ip6.auto_flowlabel integer yes 498.It net.inet6.ip6.dad_count integer yes 499.It net.inet6.ip6.defmcasthlim integer yes 500.It net.inet6.ip6.forwarding integer yes 501.It net.inet6.ip6.gifhlim integer yes 502.It net.inet6.ip6.hdrnestlimit integer yes 503.It net.inet6.ip6.hlim integer yes 504.It net.inet6.ip6.kame_version string no 505.It net.inet6.ip6.keepfaith integer yes 506.It net.inet6.ip6.log_interval integer yes 507.It net.inet6.ip6.lowportmax integer yes 508.It net.inet6.ip6.lowportmin integer yes 509.It net.inet6.ip6.maxfragpackets integer yes 510.It net.inet6.ip6.maxfrags integer yes 511.It net.inet6.ip6.redirect integer yes 512.It net.inet6.ip6.rr_prune integer yes 513.It net.inet6.ip6.use_deprecated integer yes 514.It net.inet6.ip6.v6only integer yes 515.It net.inet6.ip6.ifq.drops integer no 516.It net.inet6.ip6.ifq.len integer no 517.It net.inet6.ip6.ifq.maxlen integer yes 518.It net.inet6.ipsec6.ah_net_deflev integer yes 519.It net.inet6.ipsec6.ah_trans_deflev integer yes 520.It net.inet6.ipsec6.def_policy integer yes 521.It net.inet6.ipsec6.ecn integer yes 522.It net.inet6.ipsec6.esp_net_deflev integer yes 523.It net.inet6.ipsec6.esp_trans_deflev integer yes 524.It net.inet6.ipsec6.inbound_call_ike integer yes 525.It net.inet6.udp6.do_loopback_cksum integer yes 526.It net.inet6.udp6.recvspace integer yes 527.It net.inet6.udp6.sendspace integer yes 528.It net.key.ah_keymin integer yes 529.It net.key.debug integer yes 530.It net.key.esp_auth integer yes 531.It net.key.esp_keymin integer yes 532.It net.key.kill_int integer yes 533.It net.key.spi_max_value integer yes 534.It net.key.spi_min_value integer yes 535.It net.key.spi_try integer yes 536.It proc.\*[Lt]pid\*[Gt].corename string yes 537.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.hard integer yes 538.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.soft integer yes 539.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.hard integer yes 540.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.soft integer yes 541.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.hard integer yes 542.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.soft integer yes 543.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.hard integer yes 544.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.soft integer yes 545.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.hard integer yes 546.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.soft integer yes 547.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.hard integer yes 548.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.soft integer yes 549.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.hard integer yes 550.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.soft integer yes 551.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.hard integer yes 552.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.soft integer yes 553.It proc.\*[Lt]pid\*[Gt].stopexec int yes 554.It proc.\*[Lt]pid\*[Gt].stopfork int yes 555.It security.curtain integer yes 556.It security.pax.mprotect.enabled integer yes 557.It security.pax.mprotect.global integer yes 558.It user.bc_base_max integer no 559.It user.bc_dim_max integer no 560.It user.bc_scale_max integer no 561.It user.bc_string_max integer no 562.It user.coll_weights_max integer no 563.It user.cs_path string no 564.It user.expr_nest_max integer no 565.It user.line_max integer no 566.It user.posix2_c_bind integer no 567.It user.posix2_c_dev integer no 568.It user.posix2_char_term integer no 569.It user.posix2_fort_dev integer no 570.It user.posix2_fort_run integer no 571.It user.posix2_localedef integer no 572.It user.posix2_sw_dev integer no 573.It user.posix2_upe integer no 574.It user.posix2_version integer no 575.It user.re_dup_max integer no 576.It vendor.\*[Lt]vendor\*[Gt].* ? vendor specific 577.It vfs.generic.usermount integer yes 578.It vfs.generic.fstypes string yes 579.It vfs.ffs.doasyncfree integer yes 580.It vfs.ffs.log_changeopt integer yes 581.It vfs.nfs.iothreads integer yes 582.It vfs.cd9660.utf8_joliet integer yes 583.It vfs.sync.delay integer yes 584.It vfs.sync.filedelay integer yes 585.It vfs.sync.dirdelay integer yes 586.It vfs.sync.metadelay integer yes 587.It vm.anonmax integer yes 588.It vm.anonmin integer yes 589.It vm.bufcache integer yes 590.It vm.bufmem integer no 591.It vm.bufmem_hiwater integer yes 592.It vm.bufmem_lowater integer yes 593.It vm.execmax integer yes 594.It vm.execmin integer yes 595.It vm.filemax integer yes 596.It vm.filemin integer yes 597.It vm.idlezero integer yes 598.It vm.inactivepct integer yes 599.It vm.loadavg struct no 600.It vm.maxslp integer no 601.It vm.nkmempages integer no 602.It vm.uspace integer no 603.It vm.uvmexp struct no 604.It vm.uvmexp2 struct no 605.It vm.vmmeter struct no 606.El 607.Pp 608Entries found under 609.Dq vendor. Ns Aq vendor 610are left to be specified (and used) by vendors 611using the 612.Nx 613operating system in their products. 614Values and structure are vendor-defined, and no registry 615exists right now. 616.Sh CREATION AND DELETION 617New nodes are allowed to be created by the superuser when the kernel 618is running at security level 0. 619These new nodes may refer to existing kernel data or to new data that 620is only instrumented by 621.Xr sysctl 3 622itself. 623.Pp 624The syntax for creating new nodes is 625.Dq //create=new.node.path 626followed by one or more of the following attributes separated by 627commas. 628The use of a double separator (both 629.Sq / 630and 631.Sq \&. 632can be used as 633separators) as the prefix tells sysctl that the first series of tokens 634is not a MIB name, but a command. 635It is recommended that the double separator preceding the command not 636be the same as the separator used in naming the MIB entry so as to 637avoid possible parse conflicts. 638The 639.Dq value 640assigned, if one is given, must be last. 641.Pp 642.Bl -bullet -compact 643.It 644.Ar type= Ns Aq Ar T 645where 646.Ar T 647must be one of 648.Dq node , 649.Dq int , 650.Dq string , 651.Dq quad , 652or 653.Dq struct . 654If the type is omitted, the 655.Dq node 656type is assumed. 657.It 658.Ar size= Ns Aq Ar S 659here, 660.Ar S 661asserts the size of the new node. 662Nodes of type 663.Dq node 664should not have a size set. 665The size may be omitted for nodes of types 666.Dq int 667or 668.Dq quad . 669If the size is omitted for a node of type 670.Dq string , 671the size will be determined by the length of the given value, or by 672the kernel for kernel strings. 673Nodes of type 674.Dq struct 675must have their size explicitly set. 676.It 677.Ar addr= Ns Aq Ar A 678or 679.Ar symbol= Ns Aq Ar A 680The kernel address of the data being instrumented. 681If 682.Dq symbol 683is used, the symbol must be globally visible to the in-kernel 684.Xr ksyms 4 685driver. 686.It 687.Ar n= Ns Aq Ar N 688The MIB number to be assigned to the new node. 689If no number is specified, the kernel will assign a value. 690.It 691.Ar flags= Ns Aq Ar F 692A concatenated string of single letters that govern the behavior of 693the node. 694Flags currently available are: 695.Bl -tag -width www 696.It a 697Allow anyone to write to the node, if it is writable. 698.It h 699.Dq Hidden . 700.Nm 701must be invoked with 702.Fl A 703or the hidden node must be specifically requested in order to see it 704.It i 705.Dq Immediate . 706Makes the node store data in itself, rather than allocating new space 707for it. 708This is the default for nodes of type 709.Dq int 710and 711.Dq quad . 712This is the opposite of owning data. 713.It o 714.Dq Own . 715When the node is created, separate space will be allocated to store 716the data to be instrumented. 717This is the default for nodes of type 718.Dq string 719and 720.Dq struct 721where it is not possible to guarantee sufficient space to store the 722data in the node itself. 723.It p 724.Dq Private . 725Nodes that are marked private, and children of nodes so marked, are 726only viewable by the superuser. 727Be aware that the immediate data that some nodes may store is not 728necessarily protected by this. 729.It x 730.Dq Hexadecimal . 731Make 732.Nm 733default to hexadecimal display of the retrieved value 734.It r 735.Dq Read-only . 736The data instrumented by the given node is read-only. 737Note that other mechanisms may still exist for changing the data. 738This is the default for nodes that instrument data. 739.It w 740.Dq Writable . 741The data instrumented by the given node is writable at any time. 742This is the default for nodes that can have children. 743.It 1 744.Dq Read-only at securelevel 1 . 745The data instrumented by this node is writable until the securelevel 746reaches or passes securelevel 1. 747Examples of this include some network tunables. 748.It 2 749.Dq Read-only at securelevel 2 . 750The data instrumented by this node is writable until the securelevel 751reaches or passes securelevel 2. 752An example of this is the per-process core filename setting. 753.El 754.Pp 755.It 756.Ar value= Ns Aq Ar V 757An initial starting value for a new node that does not reference 758existing kernel data. 759Initial values can only be assigned for nodes of the 760.Dq int , 761.Dq quad , 762and 763.Dq string 764types. 765.El 766.Pp 767New nodes must fit the following set of criteria: 768.Pp 769.Bl -bullet -compact 770.It 771If the new node is to address an existing kernel object, only one of the 772.Dq symbol 773or 774.Dq addr 775arguments may be given. 776.It 777The size for a 778.Dq struct 779type node must be specified; no initial value is expected or permitted. 780.It 781Either the size or the initial value for a 782.Dq string 783node must be given. 784.It 785The node which will be the parent of the new node must be writable. 786.El 787.Pp 788If any of the given parameters describes an invalid configuration, 789.Nm 790will emit a diagnostic message to the standard error and exit. 791.Pp 792Descriptions can be added by the super-user to any node that does not 793have one, provided that the node is not marked with the 794.Dq PERMANENT 795flag. 796The syntax is similar to the syntax for creating new nodes with the 797exception of the keyword that follows the double separator at the 798start of the command: 799.Dq //describe=new.node.path=new node description . 800Once a description has been added, it cannot be changed or removed. 801.Pp 802When destroying nodes, only the path to the node is necessary, i.e., 803.Dq //destroy=old.node.path . 804No other parameters are expected or permitted. 805Nodes being destroyed must have no children, and their parent must be 806writable. 807Nodes that are marked with the 808.Dq Dv PERMANENT 809flag (as assigned by the kernel) may not be deleted. 810.Pp 811In all cases, the initial 812.Sq = 813that follows the command (eg, 814.Dq create , 815.Dq destroy , 816or 817.Dq describe ) 818may be replaced with another instance of the separator character, 819provided that the same separator character is used for the length of 820the name specification. 821.Sh FILES 822.Bl -tag -width xnetinet6/udp6Xvar.hx -compact 823.It Pa /etc/sysctl.conf 824.Nm 825variables set at boot time 826.It Aq Pa sys/sysctl.h 827definitions for top level identifiers, second level kernel, hardware, 828and security identifiers, and user level identifiers 829.It Aq Pa sys/socket.h 830definitions for second level network identifiers 831.It Aq Pa sys/gmon.h 832definitions for third level profiling identifiers 833.It Aq Pa uvm/uvm_param.h 834definitions for second level virtual memory identifiers 835.It Aq Pa netinet/in.h 836definitions for third level IPv4/v6 identifiers and 837fourth level IPv4/v6 identifiers 838.It Aq Pa netinet/icmp_var.h 839definitions for fourth level ICMP identifiers 840.It Aq Pa netinet/icmp6.h 841definitions for fourth level ICMPv6 identifiers 842.It Aq Pa netinet/tcp_var.h 843definitions for fourth level TCP identifiers 844.It Aq Pa netinet/udp_var.h 845definitions for fourth level UDP identifiers 846.It Aq Pa netinet6/udp6_var.h 847definitions for fourth level IPv6 UDP identifiers 848.It Aq Pa netinet6/ipsec.h 849definitions for fourth level IPsec identifiers 850.It Aq Pa netkey/key_var.h 851definitions for third level PF_KEY identifiers 852.It Aq Pa sys/verified_exec.h 853definitions for third level verified exec identifiers 854.El 855.Sh EXAMPLES 856For example, to retrieve the maximum number of processes allowed 857in the system, one would use the following request: 858.Bd -literal -offset indent -compact 859sysctl kern.maxproc 860.Ed 861.Pp 862To set the maximum number of processes allowed 863in the system to 1000, one would use the following request: 864.Bd -literal -offset indent -compact 865sysctl -w kern.maxproc=1000 866.Ed 867.Pp 868Information about the system clock rate may be obtained with: 869.Bd -literal -offset indent -compact 870sysctl kern.clockrate 871.Ed 872.Pp 873Information about the load average history may be obtained with: 874.Bd -literal -offset indent -compact 875sysctl vm.loadavg 876.Ed 877.Pp 878To view the values of the per-process variables of the current shell, 879the request: 880.Bd -literal -offset indent -compact 881sysctl proc.$$ 882.Ed 883can be used if the shell interpreter replaces $$ with its pid (this is true 884for most shells). 885.Pp 886To redirect core dumps to the 887.Pa /var/tmp/ Ns Aq username 888directory, 889.Bd -literal -offset indent -compact 890sysctl -w proc.$$.corename=/var/tmp/%u/%n.core 891.Ed 892should be used. 893.Bd -literal -offset indent -compact 894sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core 895.Ed 896changes the value for the sysctl process itself, and will not have the desired 897effect. 898.Pp 899To create the root of a new sub-tree called 900.Dq local 901add some children to the new node, and some descriptions: 902.Bd -literal -offset indent -compact 903sysctl -w //create=local 904sysctl -w //describe=local=my local sysctl tree 905sysctl -w //create=local.esm_debug,type=int,symbol=esm_debug,flags=w 906sysctl -w //describe=local.esm_debug=esm driver debug knob 907sysctl -w //create=local.audiodebug,type=int,symbol=audiodebug,flags=w 908sysctl -w //describe=local.audiodebug=generic audio debug knob 909.Ed 910Note that the children are made writable so that the two debug 911settings in question can be tuned arbitrarily. 912.Pp 913To destroy that same subtree: 914.Bd -literal -offset indent -compact 915sysctl -w //destroy=local.esm_debug 916sysctl -w //destroy=local.audiodebug 917sysctl -w //destroy=local 918.Ed 919.Sh SEE ALSO 920.Xr sysctl 3 , 921.Xr ksyms 4 922.Sh HISTORY 923.Nm sysctl 924first appeared in 925.Bx 4.4 . 926