1.\" $NetBSD: sysctl.8,v 1.147 2006/05/29 19:35:31 liamjfoy Exp $ 2.\" 3.\" Copyright (c) 2004 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the NetBSD 17.\" Foundation, Inc. and its contributors. 18.\" 4. Neither the name of The NetBSD Foundation nor the names of its 19.\" contributors may be used to endorse or promote products derived 20.\" from this software without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 23.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 25.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 26.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32.\" POSSIBILITY OF SUCH DAMAGE. 33.\" 34.\" 35.\" Copyright (c) 1993 36.\" The Regents of the University of California. All rights reserved. 37.\" 38.\" Redistribution and use in source and binary forms, with or without 39.\" modification, are permitted provided that the following conditions 40.\" are met: 41.\" 1. Redistributions of source code must retain the above copyright 42.\" notice, this list of conditions and the following disclaimer. 43.\" 2. Redistributions in binary form must reproduce the above copyright 44.\" notice, this list of conditions and the following disclaimer in the 45.\" documentation and/or other materials provided with the distribution. 46.\" 3. Neither the name of the University nor the names of its contributors 47.\" may be used to endorse or promote products derived from this software 48.\" without specific prior written permission. 49.\" 50.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 51.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 54.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60.\" SUCH DAMAGE. 61.\" 62.\" @(#)sysctl.8 8.1 (Berkeley) 6/6/93 63.\" 64.Dd May 29, 2006 65.Dt SYSCTL 8 66.Os 67.Sh NAME 68.Nm sysctl 69.Nd get or set kernel state 70.Sh SYNOPSIS 71.Nm sysctl 72.Op Fl AdeMn 73.Oo 74.Fl r | 75.Fl x 76.Oc 77.Op Ar name ... 78.Nm sysctl 79.Op Fl nq 80.Oo 81.Fl r | 82.Fl x 83.Oc 84.Fl w 85.Ar name Ns Li = Ns Ar value ... 86.Nm sysctl 87.Op Fl en 88.Oo 89.Fl r | 90.Fl x 91.Oc 92.Fl a 93.Nm sysctl 94.Op Fl nq 95.Oo 96.Fl r | 97.Fl x 98.Oc 99.Fl f 100.Ar file 101.Sh DESCRIPTION 102The 103.Nm sysctl 104utility retrieves kernel state and allows processes with 105appropriate privilege to set kernel state. 106The state to be retrieved or set is described using a 107``Management Information Base'' (``MIB'') style name, 108described as a dotted set of components. 109The 110.Sq / 111character may also be used as a separator and a leading separator 112character is accepted. 113If 114.Ar name 115specifies a non-leaf node in the MIB, all the nodes underneath 116.Ar name 117will be printed. 118.Pp 119The following options are available: 120.Bl -tag -width indent 121.It Fl A 122List all the known MIB names including tables, unless any MIB 123arguments or 124.Fl f Ar file 125are given. 126Those with string or integer values will be printed as with the 127.Fl a 128flag; for table or structure values that 129.Nm 130is not able to print, 131the name of the utility to retrieve them is given. 132Errors in retrieving or setting values will be directed to stdout 133instead of stderr. 134.It Fl a 135List all the currently available string or integer values. 136The use of a solitary separator character (either 137.Sq \&. 138or 139.Sq / ) 140by 141itself has the same effect. 142Any given 143.Ar name 144arguments are ignored if this option is specified. 145.It Fl d 146Descriptions of each of the nodes selected will be printed instead of 147their values. 148.It Fl e 149Separate the name and the value of the variable(s) with 150.Ql = . 151This is useful for producing output which can be fed back to the 152.Nm 153utility. 154This option is ignored if 155.Fl n 156is specified or a variable is being set. 157.It Fl f 158Specifies the name of a file to read and process. 159Blank lines and comments (beginning with 160.Ql # ) 161are ignored. 162Line continuations with 163.Ql \e 164are permitted. 165Remaining lines are processed similarly to 166command line arguments of the form 167.Ar name 168or 169.Ar name Ns Li = Ns Ar value . 170The 171.Fl w 172flag is implied by 173.Fl f . 174Any 175.Ar name 176arguments are ignored. 177.It Fl M 178Makes 179.Nm 180print the MIB instead of any of the actual values contained in the 181MIB. 182This causes the entire MIB to be printed unless specific MIB arguments 183or 184.Fl f Ar file 185are also given. 186.It Fl n 187Specifies that the printing of the field name should be 188suppressed and that only its value should be output. 189This flag is useful for setting shell variables. 190For example, to save the pagesize in variable psize, use: 191.Bd -literal -offset indent -compact 192set psize=`sysctl -n hw.pagesize` 193.Ed 194.It Fl q 195Used to indicate that nothing should be printed for writes unless an 196error is detected. 197.It Fl r 198Raw output form. 199Values printed are in their raw binary forms as retrieved directly 200from the kernel. 201Some additional nodes that 202.Nm 203cannot print directly can be retrieved with this flag. 204This option conflicts with the 205.Fl x 206option. 207.It Fl w 208Sets the MIB style name given to the value given. 209The MIB style name and value must be separated by 210.Ql = 211with no whitespace. 212Only integral and string values can be set via this method. 213.It Fl x 214Makes 215.Nm 216print the requested value in a hexadecimal representation instead of 217its regular form. 218If specified more than once, the output for each value resembles that of 219.Xr hexdump 1 220when given the 221.Fl C 222flag. 223This option conflicts with the 224.Fl r 225option. 226.Pp 227.El 228The 229.Ql proc 230top-level MIB has a special semantic: it represent per-process values 231and as such may differ from one process to another. 232The second-level name is the pid of the process (in decimal form), 233or the special word 234.Ql curproc . 235For variables below 236.Ql proc. Ns Ao pid Ac Ns .rlimit , 237the integer value may be replaced 238with the string 239.Ql unlimited 240if it matches the magic value used to disable 241a limit. 242.Pp 243The information available from 244.Nm sysctl 245consists of integers, strings, and tables. 246The tabular information can only be retrieved by special 247purpose programs such as 248.Nm ps , 249.Nm systat , 250and 251.Nm netstat . 252The string and integer information is summarized below. 253For a detailed description of these variable see 254.Xr sysctl 3 . 255The changeable column indicates whether a process with appropriate 256privilege can change the value. 257.Bl -column proc.xpidx.rlimit.coredumpsize.hardxxxxxx integerxxx 258.It Sy Name Type Changeable 259.It ddb.commandonenter string yes 260.It ddb.fromconsole integer yes 261.It ddb.lines integer yes 262.It ddb.maxoff integer yes 263.It ddb.maxwidth integer yes 264.It ddb.onpanic integer yes 265.It ddb.radix integer yes 266.It ddb.tabstops integer yes 267.It ddb.tee_msgbuf integer yes 268.It hw.alignbytes integer no 269.It hw.byteorder integer no 270.It hw.cnmagic integer yes 271.It hw.disknames string no 272.It hw.diskstats struct no 273.It hw.machine string no 274.It hw.machine_arch string no 275.It hw.model string no 276.It hw.ncpu integer no 277.It hw.pagesize integer no 278.It hw.physmem integer no 279.It hw.physmem64 quad no 280.It hw.usermem integer no 281.It hw.usermem64 quad no 282.It kern.argmax integer no 283.It kern.autonicetime integer yes 284.It kern.autoniceval integer yes 285.It kern.boottime struct no 286.It kern.bufq.strategies string no 287.It kern.ccpu integer no 288.It kern.clockrate struct no 289.It kern.consdev integer no 290.It kern.cp_id struct no 291.It kern.cp_time struct no 292.It kern.cryptodevallowsoft int yes 293.It kern.defcorename string yes 294.It kern.domainname string yes 295.It kern.dump_on_panic integer yes 296.It kern.drivers struct no 297.It kern.file struct no 298.It kern.forkfsleep integer yes 299.It kern.fscale integer no 300.It kern.fsync integer no 301.It kern.hardclock_ticks integer no 302.It kern.hostid integer yes 303.It kern.hostname string yes 304.It kern.iov_max integer no 305.It kern.job_control integer no 306.It kern.labeloffset integer no 307.It kern.labelsector integer no 308.It kern.login_name_max integer no 309.It kern.logsigexit integer yes 310.It kern.mapped_files integer no 311.It kern.maxfiles integer yes 312.It kern.maxpartitions integer no 313.It kern.maxphys integer no 314.It kern.maxproc integer yes 315.It kern.maxptys integer yes, special 316.It kern.maxvnodes integer raise only 317.It kern.mbuf.mblowat integer yes 318.It kern.mbuf.mclbytes integer no 319.It kern.mbuf.mcllowat integer yes 320.It kern.mbuf.mclsize integer no 321.It kern.mbuf.msize integer no 322.It kern.mbuf.nmbclusters integer raise only 323.It kern.memlock integer no 324.It kern.memlock_range integer no 325.It kern.memory_protection integer no 326.It kern.monotonic_clock integer no 327.It kern.msgbuf integer no 328.It kern.msgbufsize integer no 329.It kern.ngroups integer no 330.It kern.ntptime struct no 331.It kern.osrelease string no 332.It kern.osrevision integer no 333.It kern.ostype string no 334.It kern.pipe.kvasize integer no 335.It kern.pipe.maxbigpipes integer yes 336.It kern.pipe.maxkvasz integer yes 337.It kern.pipe.maxloankvasz integer yes 338.It kern.pipe.nbigpipes integer no 339.It kern.posix1version integer no 340.It kern.posix_barriers integer no 341.It kern.posix_reader_writer_locks integer no 342.It kern.posix_semaphores integer no 343.It kern.posix_spin_locks integer no 344.It kern.posix_threads integer no 345.It kern.posix_timers integer no 346.It kern.proc struct no 347.It kern.proc2 struct no 348.It kern.proc_args string yes 349.It kern.prof node not applicable 350.It kern.rawpartition integer no 351.It kern.root_device string no 352.It kern.root_partition integer no 353.It kern.rtc_offset integer yes 354.It kern.saved_ids integer no 355.It kern.sbmax integer yes 356.It kern.securelevel integer raise only 357.It kern.somaxkva integer yes 358.It kern.synchronized_io integer no 359.It kern.sysvipc_info struct no 360.It kern.sysvmsg integer no 361.It kern.sysvsem integer no 362.It kern.sysvshm integer no 363.It kern.timex struct no 364.It kern.tkstat.cancc quad no 365.It kern.tkstat.nin quad no 366.It kern.tkstat.nout quad no 367.It kern.tkstat.rawcc quad no 368.It kern.urandom integer no 369.It kern.userasymcrypto int yes 370.It kern.usercrypto int yes 371.It kern.veriexec.verbose integer yes 372.It kern.veriexec.strict integer raise only 373.It kern.veriexec.algorithms string no 374.It kern.veriexec.count.dev_\*[Lt]id\*[Gt] quad no 375.It kern.version string no 376.It kern.vnode struct no 377.It machdep.console_device dev_t no 378.It net.bpf.maxbufsize integer yes 379.It net.bpf.stats struct no 380.It net.bpf.peers struct no 381.It net.inet.arp.prune integer yes 382.It net.inet.arp.keep integer yes 383.It net.inet.arp.down integer yes 384.It net.inet.arp.refresh integer yes 385.It net.inet.carp.allow integer yes 386.It net.inet.carp.arpbalance integer yes 387.It net.inet.carp.log integer yes 388.It net.inet.carp.preempt integer yes 389.It net.inet.icmp.maskrepl integer yes 390.It net.inet.icmp.errppslimit integer yes 391.It net.inet.icmp.rediraccept integer yes 392.It net.inet.icmp.redirtimeout integer yes 393.It net.inet.icmp.returndatabytes integer yes 394.It net.inet.ip.allowsrcrt integer yes 395.It net.inet.ip.anonportmax integer yes 396.It net.inet.ip.anonportmin integer yes 397.It net.inet.ip.checkinterface integer yes 398.It net.inet.ip.directed-broadcast integer yes 399.It net.inet.ip.do_loopback_cksum integer yes 400.It net.inet.ip.forwarding integer yes 401.It net.inet.ip.forwsrcrt integer yes 402.It net.inet.ip.gifttl integer yes 403.It net.inet.ip.grettl integer yes 404.It net.inet.ip.hostzerobroadcast integer yes 405.It net.inet.ip.maxfragpackets integer yes 406.It net.inet.ip.lowportmax integer yes 407.It net.inet.ip.lowportmin integer yes 408.It net.inet.ip.mtudisc integer yes 409.It net.inet.ip.mtudisctimeout integer yes 410.It net.inet.ip.random_id integer yes 411.It net.inet.ip.redirect integer yes 412.It net.inet.ip.subnetsarelocal integer yes 413.It net.inet.ip.ttl integer yes 414.It net.inet.ip.ifq.drops integer no 415.It net.inet.ip.ifq.len integer no 416.It net.inet.ip.ifq.maxlen integer yes 417.It net.inet.ipsec.ah_cleartos integer yes 418.It net.inet.ipsec.ah_net_deflev integer yes 419.It net.inet.ipsec.ah_offsetmask integer yes 420.It net.inet.ipsec.ah_trans_deflev integer yes 421.It net.inet.ipsec.def_policy integer yes 422.It net.inet.ipsec.dfbit integer yes 423.It net.inet.ipsec.ecn integer yes 424.It net.inet.ipsec.esp_net_deflev integer yes 425.It net.inet.ipsec.esp_trans_deflev integer yes 426.It net.inet.ipsec.inbound_call_ike integer yes 427.It net.inet.tcp.ack_on_push integer yes 428.It net.inet.tcp.compat_42 integer yes 429.It net.inet.tcp.cwm integer yes 430.It net.inet.tcp.cwm_burstsize integer yes 431.It net.inet.tcp.delack_ticks integer yes 432.It net.inet.tcp.do_lookback_cksum integer yes 433.It net.inet.tcp.init_win integer yes 434.It net.inet.tcp.init_win_local integer yes 435.It net.inet.tcp.keepcnt integer yes 436.It net.inet.tcp.keepidle integer yes 437.It net.inet.tcp.keepintvl integer yes 438.It net.inet.tcp.log_refused integer yes 439.It net.inet.tcp.mss_ifmtu integer yes 440.It net.inet.tcp.mssdflt integer yes 441.It net.inet.tcp.newreno integer yes 442.It net.inet.tcp.recvspace integer yes 443.It net.inet.tcp.rfc1323 integer yes 444.It net.inet.tcp.rstppslimit integer yes 445.It net.inet.tcp.sack.enable integer yes 446.It net.inet.tcp.sack.globalholes integer no 447.It net.inet.tcp.sack.globalmaxholes integer yes 448.It net.inet.tcp.sack.maxholes integer yes 449.It net.inet.tcp.sendspace integer yes 450.It net.inet.tcp.slowhz integer no 451.It net.inet.tcp.syn_bucket_limit integer yes 452.It net.inet.tcp.syn_cache_interval integer yes 453.It net.inet.tcp.syn_cache_limit integer yes 454.It net.inet.tcp.timestamps integer yes 455.It net.inet.tcp.win_scale integer yes 456.It net.inet.tcp.ident struct no 457.It net.inet.tcp.debug struct no 458.It net.inet.tcp.debx integer no 459.It net.inet.udp.checksum integer yes 460.It net.inet.udp.do_loopback_cksum integer yes 461.It net.inet.udp.recvspace integer yes 462.It net.inet.udp.sendspace integer yes 463.It net.ns.spp.debug struct yes 464.It net.ns.spp.debx integer yes 465.It net.inet6.icmp6.errppslimit integer yes 466.It net.inet6.icmp6.mtudisc_hiwat integer yes 467.It net.inet6.icmp6.mtudisc_lowat integer yes 468.It net.inet6.icmp6.nd6_debug integer yes 469.It net.inet6.icmp6.nd6_delay integer yes 470.It net.inet6.icmp6.nd6_maxnudhint integer yes 471.It net.inet6.icmp6.nd6_mmaxtries integer yes 472.It net.inet6.icmp6.nd6_prune integer yes 473.It net.inet6.icmp6.nd6_umaxtries integer yes 474.It net.inet6.icmp6.nd6_useloopback integer yes 475.It net.inet6.icmp6.nodeinfo integer yes 476.It net.inet6.icmp6.rediraccept integer yes 477.It net.inet6.icmp6.redirtimeout integer yes 478.It net.inet6.ip6.accept_rtadv integer yes 479.It net.inet6.ip6.anonportmax integer yes 480.It net.inet6.ip6.anonportmin integer yes 481.It net.inet6.ip6.auto_flowlabel integer yes 482.It net.inet6.ip6.dad_count integer yes 483.It net.inet6.ip6.defmcasthlim integer yes 484.It net.inet6.ip6.forwarding integer yes 485.It net.inet6.ip6.gifhlim integer yes 486.It net.inet6.ip6.hdrnestlimit integer yes 487.It net.inet6.ip6.hlim integer yes 488.It net.inet6.ip6.kame_version string no 489.It net.inet6.ip6.keepfaith integer yes 490.It net.inet6.ip6.log_interval integer yes 491.It net.inet6.ip6.lowportmax integer yes 492.It net.inet6.ip6.lowportmin integer yes 493.It net.inet6.ip6.maxfragpackets integer yes 494.It net.inet6.ip6.maxfrags integer yes 495.It net.inet6.ip6.redirect integer yes 496.It net.inet6.ip6.rr_prune integer yes 497.It net.inet6.ip6.use_deprecated integer yes 498.It net.inet6.ip6.v6only integer yes 499.It net.inet6.ip6.ifq.drops integer no 500.It net.inet6.ip6.ifq.len integer no 501.It net.inet6.ip6.ifq.maxlen integer yes 502.It net.inet6.ipsec6.ah_net_deflev integer yes 503.It net.inet6.ipsec6.ah_trans_deflev integer yes 504.It net.inet6.ipsec6.def_policy integer yes 505.It net.inet6.ipsec6.ecn integer yes 506.It net.inet6.ipsec6.esp_net_deflev integer yes 507.It net.inet6.ipsec6.esp_trans_deflev integer yes 508.It net.inet6.ipsec6.inbound_call_ike integer yes 509.It net.inet6.udp6.do_loopback_cksum integer yes 510.It net.inet6.udp6.recvspace integer yes 511.It net.inet6.udp6.sendspace integer yes 512.It net.key.ah_keymin integer yes 513.It net.key.debug integer yes 514.It net.key.esp_auth integer yes 515.It net.key.esp_keymin integer yes 516.It net.key.kill_int integer yes 517.It net.key.spi_max_value integer yes 518.It net.key.spi_min_value integer yes 519.It net.key.spi_try integer yes 520.It proc.\*[Lt]pid\*[Gt].corename string yes 521.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.hard integer yes 522.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.soft integer yes 523.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.hard integer yes 524.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.soft integer yes 525.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.hard integer yes 526.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.soft integer yes 527.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.hard integer yes 528.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.soft integer yes 529.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.hard integer yes 530.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.soft integer yes 531.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.hard integer yes 532.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.soft integer yes 533.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.hard integer yes 534.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.soft integer yes 535.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.hard integer yes 536.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.soft integer yes 537.It proc.\*[Lt]pid\*[Gt].stopexec int yes 538.It proc.\*[Lt]pid\*[Gt].stopfork int yes 539.It security.curtain integer yes 540.It security.pax.mprotect.enabled integer yes 541.It security.pax.mprotect.global_protection integer yes 542.It security.setid_core node not applicable 543.It security.setid_core.dump integer yes 544.It security.setid_core.group integer yes 545.It security.setid_core.mode integer yes 546.It security.setid_core.owner integer yes 547.It security.setid_core.path string yes 548.It user.bc_base_max integer no 549.It user.bc_dim_max integer no 550.It user.bc_scale_max integer no 551.It user.bc_string_max integer no 552.It user.coll_weights_max integer no 553.It user.cs_path string no 554.It user.expr_nest_max integer no 555.It user.line_max integer no 556.It user.posix2_c_bind integer no 557.It user.posix2_c_dev integer no 558.It user.posix2_char_term integer no 559.It user.posix2_fort_dev integer no 560.It user.posix2_fort_run integer no 561.It user.posix2_localedef integer no 562.It user.posix2_sw_dev integer no 563.It user.posix2_upe integer no 564.It user.posix2_version integer no 565.It user.re_dup_max integer no 566.It vendor.\*[Lt]vendor\*[Gt].* ? vendor specific 567.It vfs.generic.usermount integer yes 568.It vfs.generic.fstypes string yes 569.It vfs.ffs.doasyncfree integer yes 570.It vfs.ffs.log_changeopt integer yes 571.It vfs.nfs.iothreads integer yes 572.It vfs.cd9660.utf8_joliet integer yes 573.It vfs.sync.delay integer yes 574.It vfs.sync.filedelay integer yes 575.It vfs.sync.dirdelay integer yes 576.It vfs.sync.metadelay integer yes 577.It vm.anonmax integer yes 578.It vm.anonmin integer yes 579.It vm.bufcache integer yes 580.It vm.bufmem integer no 581.It vm.bufmem_hiwater integer yes 582.It vm.bufmem_lowater integer yes 583.It vm.execmax integer yes 584.It vm.execmin integer yes 585.It vm.filemax integer yes 586.It vm.filemin integer yes 587.It vm.idlezero integer yes 588.It vm.inactivepct integer yes 589.It vm.loadavg struct no 590.It vm.maxslp integer no 591.It vm.nkmempages integer no 592.It vm.uspace integer no 593.It vm.uvmexp struct no 594.It vm.uvmexp2 struct no 595.It vm.vmmeter struct no 596.El 597.Pp 598Entries found under 599.Dq vendor. Ns Aq vendor 600are left to be specified (and used) by vendors 601using the 602.Nx 603operating system in their products. 604Values and structure are vendor-defined, and no registry 605exists right now. 606.Sh CREATION AND DELETION 607New nodes are allowed to be created by the superuser when the kernel 608is running at security level 0. 609These new nodes may refer to existing kernel data or to new data that 610is only instrumented by 611.Xr sysctl 3 612itself. 613.Pp 614The syntax for creating new nodes is 615.Dq //create=new.node.path 616followed by one or more of the following attributes separated by 617commas. 618The use of a double separator (both 619.Sq / 620and 621.Sq \&. 622can be used as 623separators) as the prefix tells sysctl that the first series of tokens 624is not a MIB name, but a command. 625It is recommended that the double separator preceding the command not 626be the same as the separator used in naming the MIB entry so as to 627avoid possible parse conflicts. 628The 629.Dq value 630assigned, if one is given, must be last. 631.Pp 632.Bl -bullet -compact 633.It 634.Ar type= Ns Aq Ar T 635where 636.Ar T 637must be one of 638.Dq node , 639.Dq int , 640.Dq string , 641.Dq quad , 642or 643.Dq struct . 644If the type is omitted, the 645.Dq node 646type is assumed. 647.It 648.Ar size= Ns Aq Ar S 649here, 650.Ar S 651asserts the size of the new node. 652Nodes of type 653.Dq node 654should not have a size set. 655The size may be omitted for nodes of types 656.Dq int 657or 658.Dq quad . 659If the size is omitted for a node of type 660.Dq string , 661the size will be determined by the length of the given value, or by 662the kernel for kernel strings. 663Nodes of type 664.Dq struct 665must have their size explicitly set. 666.It 667.Ar addr= Ns Aq Ar A 668or 669.Ar symbol= Ns Aq Ar A 670The kernel address of the data being instrumented. 671If 672.Dq symbol 673is used, the symbol must be globally visible to the in-kernel 674.Xr ksyms 4 675driver. 676.It 677.Ar n= Ns Aq Ar N 678The MIB number to be assigned to the new node. 679If no number is specified, the kernel will assign a value. 680.It 681.Ar flags= Ns Aq Ar F 682A concatenated string of single letters that govern the behavior of 683the node. 684Flags currently available are: 685.Bl -tag -width www 686.It a 687Allow anyone to write to the node, if it is writable. 688.It h 689.Dq Hidden . 690.Nm 691must be invoked with 692.Fl A 693or the hidden node must be specifically requested in order to see it 694.It i 695.Dq Immediate . 696Makes the node store data in itself, rather than allocating new space 697for it. 698This is the default for nodes of type 699.Dq int 700and 701.Dq quad . 702This is the opposite of owning data. 703.It o 704.Dq Own . 705When the node is created, separate space will be allocated to store 706the data to be instrumented. 707This is the default for nodes of type 708.Dq string 709and 710.Dq struct 711where it is not possible to guarantee sufficient space to store the 712data in the node itself. 713.It p 714.Dq Private . 715Nodes that are marked private, and children of nodes so marked, are 716only viewable by the superuser. 717Be aware that the immediate data that some nodes may store is not 718necessarily protected by this. 719.It x 720.Dq Hexadecimal . 721Make 722.Nm 723default to hexadecimal display of the retrieved value 724.It r 725.Dq Read-only . 726The data instrumented by the given node is read-only. 727Note that other mechanisms may still exist for changing the data. 728This is the default for nodes that instrument data. 729.It w 730.Dq Writable . 731The data instrumented by the given node is writable at any time. 732This is the default for nodes that can have children. 733.It 1 734.Dq Read-only at securelevel 1 . 735The data instrumented by this node is writable until the securelevel 736reaches or passes securelevel 1. 737Examples of this include some network tunables. 738.It 2 739.Dq Read-only at securelevel 2 . 740The data instrumented by this node is writable until the securelevel 741reaches or passes securelevel 2. 742An example of this is the per-process core filename setting. 743.El 744.Pp 745.It 746.Ar value= Ns Aq Ar V 747An initial starting value for a new node that does not reference 748existing kernel data. 749Initial values can only be assigned for nodes of the 750.Dq int , 751.Dq quad , 752and 753.Dq string 754types. 755.El 756.Pp 757New nodes must fit the following set of criteria: 758.Pp 759.Bl -bullet -compact 760.It 761If the new node is to address an existing kernel object, only one of the 762.Dq symbol 763or 764.Dq addr 765arguments may be given. 766.It 767The size for a 768.Dq struct 769type node must be specified; no initial value is expected or permitted. 770.It 771Either the size or the initial value for a 772.Dq string 773node must be given. 774.It 775The node which will be the parent of the new node must be writable. 776.El 777.Pp 778If any of the given parameters describes an invalid configuration, 779.Nm 780will emit a diagnostic message to the standard error and exit. 781.Pp 782Descriptions can be added by the super-user to any node that does not 783have one, provided that the node is not marked with the 784.Dq PERMANENT 785flag. 786The syntax is similar to the syntax for creating new nodes with the 787exception of the keyword that follows the double separator at the 788start of the command: 789.Dq //describe=new.node.path=new node description . 790Once a description has been added, it cannot be changed or removed. 791.Pp 792When destroying nodes, only the path to the node is necessary, i.e., 793.Dq //destroy=old.node.path . 794No other parameters are expected or permitted. 795Nodes being destroyed must have no children, and their parent must be 796writable. 797Nodes that are marked with the 798.Dq Dv PERMANENT 799flag (as assigned by the kernel) may not be deleted. 800.Pp 801In all cases, the initial 802.Sq = 803that follows the command (eg, 804.Dq create , 805.Dq destroy , 806or 807.Dq describe ) 808may be replaced with another instance of the separator character, 809provided that the same separator character is used for the length of 810the name specification. 811.Sh FILES 812.Bl -tag -width xnetinet6/udp6Xvar.hx -compact 813.It Pa /etc/sysctl.conf 814.Nm 815variables set at boot time 816.It Aq Pa sys/sysctl.h 817definitions for top level identifiers, second level kernel, hardware, 818and security identifiers, and user level identifiers 819.It Aq Pa sys/socket.h 820definitions for second level network identifiers 821.It Aq Pa sys/gmon.h 822definitions for third level profiling identifiers 823.It Aq Pa uvm/uvm_param.h 824definitions for second level virtual memory identifiers 825.It Aq Pa netinet/in.h 826definitions for third level IPv4/v6 identifiers and 827fourth level IPv4/v6 identifiers 828.It Aq Pa netinet/icmp_var.h 829definitions for fourth level ICMP identifiers 830.It Aq Pa netinet/icmp6.h 831definitions for fourth level ICMPv6 identifiers 832.It Aq Pa netinet/tcp_var.h 833definitions for fourth level TCP identifiers 834.It Aq Pa netinet/udp_var.h 835definitions for fourth level UDP identifiers 836.It Aq Pa netinet6/udp6_var.h 837definitions for fourth level IPv6 UDP identifiers 838.It Aq Pa netinet6/ipsec.h 839definitions for fourth level IPsec identifiers 840.It Aq Pa netkey/key_var.h 841definitions for third level PF_KEY identifiers 842.It Aq Pa sys/verified_exec.h 843definitions for third level verified exec identifiers 844.El 845.Sh EXAMPLES 846For example, to retrieve the maximum number of processes allowed 847in the system, one would use the following request: 848.Bd -literal -offset indent -compact 849sysctl kern.maxproc 850.Ed 851.Pp 852To set the maximum number of processes allowed 853in the system to 1000, one would use the following request: 854.Bd -literal -offset indent -compact 855sysctl -w kern.maxproc=1000 856.Ed 857.Pp 858Information about the system clock rate may be obtained with: 859.Bd -literal -offset indent -compact 860sysctl kern.clockrate 861.Ed 862.Pp 863Information about the load average history may be obtained with: 864.Bd -literal -offset indent -compact 865sysctl vm.loadavg 866.Ed 867.Pp 868To view the values of the per-process variables of the current shell, 869the request: 870.Bd -literal -offset indent -compact 871sysctl proc.$$ 872.Ed 873can be used if the shell interpreter replaces $$ with its pid (this is true 874for most shells). 875.Pp 876To redirect core dumps to the 877.Pa /var/tmp/ Ns Aq username 878directory, 879.Bd -literal -offset indent -compact 880sysctl -w proc.$$.corename=/var/tmp/%u/%n.core 881.Ed 882should be used. 883.Bd -literal -offset indent -compact 884sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core 885.Ed 886changes the value for the sysctl process itself, and will not have the desired 887effect. 888.Pp 889To create the root of a new sub-tree called 890.Dq local 891add some children to the new node, and some descriptions: 892.Bd -literal -offset indent -compact 893sysctl -w //create=local 894sysctl -w //describe=local=my local sysctl tree 895sysctl -w //create=local.esm_debug,type=int,symbol=esm_debug,flags=w 896sysctl -w //describe=local.esm_debug=esm driver debug knob 897sysctl -w //create=local.audiodebug,type=int,symbol=audiodebug,flags=w 898sysctl -w //describe=local.audiodebug=generic audio debug knob 899.Ed 900Note that the children are made writable so that the two debug 901settings in question can be tuned arbitrarily. 902.Pp 903To destroy that same subtree: 904.Bd -literal -offset indent -compact 905sysctl -w //destroy=local.esm_debug 906sysctl -w //destroy=local.audiodebug 907sysctl -w //destroy=local 908.Ed 909.Sh SEE ALSO 910.Xr sysctl 3 , 911.Xr ksyms 4 912.Sh HISTORY 913.Nm sysctl 914first appeared in 915.Bx 4.4 . 916