1.\" $NetBSD: sysctl.8,v 1.115 2004/08/27 14:35:12 wiz Exp $ 2.\" 3.\" Copyright (c) 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)sysctl.8 8.1 (Berkeley) 6/6/93 31.\" 32.Dd August 27, 2004 33.Dt SYSCTL 8 34.Os 35.Sh NAME 36.Nm sysctl 37.Nd get or set kernel state 38.Sh SYNOPSIS 39.Nm sysctl 40.Op Fl AdeMn 41.Oo 42.Fl r | 43.Fl x 44.Oc 45.Op Ar name ... 46.Nm sysctl 47.Op Fl nq 48.Oo 49.Fl r | 50.Fl x 51.Oc 52.Fl w 53.Ar name Ns Li = Ns Ar value ... 54.Nm sysctl 55.Op Fl en 56.Oo 57.Fl r | 58.Fl x 59.Oc 60.Fl a 61.Nm sysctl 62.Op Fl nq 63.Oo 64.Fl r | 65.Fl x 66.Oc 67.Fl f 68.Ar file 69.Sh DESCRIPTION 70The 71.Nm sysctl 72utility retrieves kernel state and allows processes with 73appropriate privilege to set kernel state. 74The state to be retrieved or set is described using a 75``Management Information Base'' (``MIB'') style name, 76described as a dotted set of components. 77The 78.Sq / 79character may also be used as a separator and a leading separator 80character is accepted. 81If 82.Ar name 83specifies a non-leaf node in the MIB, all the nodes underneath 84.Ar name 85will be printed. 86.Pp 87The following options are available: 88.Bl -tag -width indent 89.It Fl A 90List all the known MIB names including tables, unless any MIB 91arguments or 92.Fl f Ar file 93are given. 94Those with string or integer values will be printed as with the 95.Fl a 96flag; for table or structure values that 97.Nm 98is not able to print, 99the name of the utility to retrieve them is given. 100Errors in retrieving or setting values will be directed to stdout 101instead of stderr. 102.It Fl a 103List all the currently available string or integer values. 104The use of a solitary separator character (either 105.Sq \&. 106or 107.Sq / ) 108by 109itself has the same effect. 110Any given 111.Ar name 112arguments are ignored if this option is specified. 113.It Fl d 114Descriptions of each of the nodes selected will be printed instead of 115their values. 116.It Fl e 117Separate the name and the value of the variable(s) with 118.Ql = . 119This is useful for producing output which can be fed back to the 120.Nm 121utility. 122This option is ignored if 123.Fl n 124is specified or a variable is being set. 125.It Fl f 126Specifies the name of a file to read and process. 127Blank lines and comments (beginning with 128.Ql # ) 129are ignored. 130Line continuations with 131.Ql \e 132are permitted. 133Remaining lines are processed similarly to 134command line arguments of the form 135.Ar name 136or 137.Ar name Ns Li = Ns Ar value . 138The 139.Fl w 140flag is implied by 141.Fl f . 142Any 143.Ar name 144arguments are ignored. 145.It Fl M 146Makes 147.Nm 148print the MIB instead of any of the actual values contained in the 149MIB. 150This causes the entire MIB to be printed unless specific MIB arguments 151or 152.Fl f Ar file 153are also given. 154.It Fl n 155Specifies that the printing of the field name should be 156suppressed and that only its value should be output. 157This flag is useful for setting shell variables. 158For example, to save the pagesize in variable psize, use: 159.Bd -literal -offset indent -compact 160set psize=`sysctl -n hw.pagesize` 161.Ed 162.It Fl q 163Used to indicate that nothing should be printed for writes unless an 164error is detected. 165.It Fl r 166Raw output form. 167Values printed are in their raw binary forms as retrieved directly 168from the kernel. 169Some additional nodes that 170.Nm 171cannot print directly can be retrieved with this flag. 172This option conflicts with the 173.Fl x 174option. 175.It Fl w 176Sets the MIB style name given to the value given. 177The MIB style name and value must be separated by 178.Ql = 179with no whitespace. 180Only integral and string values can be set via this method. 181.It Fl x 182Makes 183.Nm 184print the requested value in a hexadecimal representation instead of 185its regular form. 186If specified more than once, the output for each value resembles that of 187.Xr hexdump 1 188when given the 189.Fl C 190flag. 191This option conflicts with the 192.Fl r 193option. 194.Pp 195.El 196The 197.Ql proc 198top-level MIB has a special semantic: it represent per-process values 199and as such may differ from one process to another. 200The second-level name is the pid of the process (in decimal form), 201or the special word 202.Ql curproc . 203For variables below 204.Ql proc. Ns Ao pid Ac Ns .rlimit , 205the integer value may be replaced 206with the string 207.Ql unlimited 208if it matches the magic value used to disable 209a limit. 210.Pp 211The information available from 212.Nm sysctl 213consists of integers, strings, and tables. 214The tabular information can only be retrieved by special 215purpose programs such as 216.Nm ps , 217.Nm systat , 218and 219.Nm netstat . 220The string and integer information is summarized below. 221For a detailed description of these variable see 222.Xr sysctl 3 . 223The changeable column indicates whether a process with appropriate 224privilege can change the value. 225.Bl -column proc.xpidx.rlimit.coredumpsize.hardxxxxxx integerxxx 226.It Sy Name Type Changeable 227.It ddb.fromconsole integer yes 228.It ddb.lines integer yes 229.It ddb.maxoff integer yes 230.It ddb.maxwidth integer yes 231.It ddb.onpanic integer yes 232.It ddb.radix integer yes 233.It ddb.tabstops integer yes 234.It hw.alignbytes integer no 235.It hw.byteorder integer no 236.It hw.disknames string no 237.It hw.diskstats struct no 238.It hw.machine string no 239.It hw.machine_arch string no 240.It hw.model string no 241.It hw.ncpu integer no 242.It hw.pagesize integer no 243.It hw.physmem integer no 244.It hw.physmem64 quad no 245.It hw.usermem integer no 246.It hw.usermem64 quad no 247.It hw.cnmagic string yes 248.It kern.argmax integer no 249.It kern.autonicetime integer yes 250.It kern.autoniceval integer yes 251.It kern.boottime struct no 252.It kern.ccpu integer no 253.It kern.chown_restricted integer no 254.It kern.clockrate struct no 255.It kern.consdev integer no 256.It kern.cp_time struct no 257.It kern.defcorename string yes 258.It kern.domainname string yes 259.It kern.drivers struct no 260.It kern.forkfsleep integer yes 261.It kern.fscale integer no 262.It kern.fsync integer no 263.It kern.hostid integer yes 264.It kern.hostname string yes 265.It kern.iov_max integer no 266.It kern.job_control integer no 267.It kern.labeloffset integer no 268.It kern.labelsector integer no 269.It kern.link_max integer no 270.It kern.login_name_max integer no 271.It kern.logsigexit integer yes 272.It kern.max_canon integer no 273.It kern.max_input integer no 274.It kern.maxfiles integer yes 275.It kern.maxpartitions integer no 276.It kern.maxproc integer yes 277.It kern.maxptys integer yes, special 278.It kern.maxvnodes integer raise only 279.It kern.mapped_files integer no 280.It kern.maxphys integer no 281.It kern.memlock integer no 282.It kern.memlock_range integer no 283.It kern.memory_protection integer no 284.It kern.mbuf.mblowat integer yes 285.It kern.mbuf.mcllowat integer yes 286.It kern.mbuf.mclsize integer no 287.It kern.mbuf.msize integer no 288.It kern.mbuf.nmbclusters integer raise only 289.It kern.monotonic_clock integer no 290.It kern.msgbuf struct no 291.It kern.msgbufsize integer no 292.It kern.name_max integer no 293.It kern.ngroups integer no 294.It kern.no_trunc integer no 295.It kern.ntptime struct no 296.It kern.osrelease string no 297.It kern.osrevision integer no 298.It kern.ostype string no 299.It kern.path_max integer no 300.It kern.pipe.maxkvasz integer yes 301.It kern.pipe.maxloankvasz integer yes 302.It kern.pipe.maxbigpipes integer yes 303.It kern.pipe.nbigpipes integer no 304.It kern.pipe.kvasize integer no 305.It kern.posix1version integer no 306.It kern.posix_barriers integer no 307.It kern.posix_reader_writer_locks integer no 308.It kern.posix_semaphores integer no 309.It kern.posix_spin_locks integer no 310.It kern.posix_timers integer no 311.It kern.posix_threads integer no 312.It kern.proc2 struct no 313.It kern.proc_args string yes 314.It kern.rawpartition integer no 315.It kern.root_device string no 316.It kern.root_partition integer no 317.It kern.rtc_offset integer no 318.It kern.saved_ids integer no 319.It kern.sbmax integer yes 320.It kern.securelevel integer raise only 321.It kern.somaxkva integer yes 322.It kern.synchronized_io integer no 323.It kern.sysvipc_info struct no 324.It kern.sysvmsg integer no 325.It kern.sysvsem integer no 326.It kern.sysvshm integer no 327.It kern.timex struct no 328.It kern.tkstat.nin quad no 329.It kern.tkstat.nout quad no 330.It kern.tkstat.cancc quad no 331.It kern.tkstat.rawcc quad no 332.It kern.urnd integer no 333.It kern.vdisable integer no 334.It kern.version string no 335.It machdep.console_device dev_t no 336.It net.bpf.maxbufsize integer yes 337.It net.inet.arp.prune integer yes 338.It net.inet.arp.keep integer yes 339.It net.inet.arp.down integer yes 340.It net.inet.arp.refresh integer yes 341.It net.inet.icmp.maskrepl integer yes 342.It net.inet.icmp.errppslimit integer yes 343.It net.inet.icmp.rediraccept integer yes 344.It net.inet.icmp.redirtimeout integer yes 345.It net.inet.ip.allowsrcrt integer yes 346.It net.inet.ip.anonportmax integer yes 347.It net.inet.ip.anonportmin integer yes 348.It net.inet.ip.checkinterface integer yes 349.It net.inet.ip.directed-broadcast integer yes 350.It net.inet.ip.forwarding integer yes 351.It net.inet.ip.forwsrcrt integer yes 352.It net.inet.ip.maxfragpacket integer yes 353.It net.inet.ip.lowportmax integer yes 354.It net.inet.ip.lowportmin integer yes 355.It net.inet.ip.mtudisc integer yes 356.It net.inet.ip.mtudisctimeout integer yes 357.It net.inet.ip.redirect integer yes 358.It net.inet.ip.subnetsarelocal integer yes 359.It net.inet.ip.ttl integer yes 360.It net.inet.ipsec.ah_cleartos integer yes 361.It net.inet.ipsec.ah_net_deflev integer yes 362.It net.inet.ipsec.ah_offsetmask integer yes 363.It net.inet.ipsec.ah_trans_deflev integer yes 364.It net.inet.ipsec.def_policy integer yes 365.It net.inet.ipsec.dfbit integer yes 366.It net.inet.ipsec.ecn integer yes 367.It net.inet.ipsec.esp_net_deflev integer yes 368.It net.inet.ipsec.esp_trans_deflev integer yes 369.It net.inet.ipsec.inbound_call_ike integer yes 370.It net.inet.tcp.ack_on_push integer yes 371.It net.inet.tcp.compat_42 integer yes 372.It net.inet.tcp.cwm integer yes 373.It net.inet.tcp.cwm_burstsize integer yes 374.It net.inet.tcp.init_win integer yes 375.It net.inet.tcp.init_win_local integer yes 376.It net.inet.tcp.keepcnt integer yes 377.It net.inet.tcp.keepidle integer yes 378.It net.inet.tcp.keepintvl integer yes 379.It net.inet.tcp.log_refused integer yes 380.It net.inet.tcp.mss_ifmtu integer yes 381.It net.inet.tcp.mssdflt integer yes 382.It net.inet.tcp.recvspace integer yes 383.It net.inet.tcp.rfc1323 integer yes 384.It net.inet.tcp.rstppslimit integer yes 385.It net.inet.tcp.sack integer yes 386.It net.inet.tcp.sendspace integer yes 387.It net.inet.tcp.slowhz integer no 388.It net.inet.tcp.syn_bucket_limit integer yes 389.It net.inet.tcp.syn_cache_interval integer yes 390.It net.inet.tcp.syn_cache_limit integer yes 391.It net.inet.tcp.timestamps integer yes 392.It net.inet.tcp.win_scale integer yes 393.It net.inet.tcp.ident struct no 394.It net.inet.udp.checksum integer yes 395.It net.inet.udp.recvspace integer yes 396.It net.inet.udp.sendspace integer yes 397.It net.inet6.icmp6.errppslimit integer yes 398.It net.inet6.icmp6.mtudisc_hiwat integer yes 399.It net.inet6.icmp6.mtudisc_lowat integer yes 400.It net.inet6.icmp6.nd6_debug integer yes 401.It net.inet6.icmp6.nd6_delay integer yes 402.It net.inet6.icmp6.nd6_maxnudhint integer yes 403.It net.inet6.icmp6.nd6_mmaxtries integer yes 404.It net.inet6.icmp6.nd6_prune integer yes 405.It net.inet6.icmp6.nd6_umaxtries integer yes 406.It net.inet6.icmp6.nd6_useloopback integer yes 407.It net.inet6.icmp6.nodeinfo integer yes 408.It net.inet6.icmp6.rediraccept integer yes 409.It net.inet6.icmp6.redirtimeout integer yes 410.It net.inet6.ip6.accept_rtadv integer yes 411.It net.inet6.ip6.anonportmax integer yes 412.It net.inet6.ip6.anonportmin integer yes 413.It net.inet6.ip6.auto_flowlabel integer yes 414.It net.inet6.ip6.v6only integer yes 415.It net.inet6.ip6.dad_count integer yes 416.It net.inet6.ip6.defmcasthlim integer yes 417.It net.inet6.ip6.forwarding integer yes 418.It net.inet6.ip6.gif_hlim integer yes 419.It net.inet6.ip6.hdrnestlimit integer yes 420.It net.inet6.ip6.hlim integer yes 421.It net.inet6.ip6.kame_version string no 422.It net.inet6.ip6.keepfaith integer yes 423.It net.inet6.ip6.log_interval integer yes 424.It net.inet6.ip6.lowportmax integer yes 425.It net.inet6.ip6.lowportmin integer yes 426.It net.inet6.ip6.maxfragpackets integer yes 427.It net.inet6.ip6.maxfrags integer yes 428.It net.inet6.ip6.redirect integer yes 429.It net.inet6.ip6.rr_prune integer yes 430.It net.inet6.ip6.use_deprecated integer yes 431.It net.inet6.ipsec6.ah_net_deflev integer yes 432.It net.inet6.ipsec6.ah_trans_deflev integer yes 433.It net.inet6.ipsec6.def_policy integer yes 434.It net.inet6.ipsec6.ecn integer yes 435.It net.inet6.ipsec6.esp_net_deflev integer yes 436.It net.inet6.ipsec6.esp_trans_deflev integer yes 437.It net.inet6.ipsec6.inbound_call_ike integer yes 438.It net.inet6.udp6.recvspace integer yes 439.It net.inet6.udp6.sendspace integer yes 440.It net.key.acq_exp_int integer yes 441.It net.key.acq_maxtime integer yes 442.It net.key.ah_keymin integer yes 443.It net.key.debug integer yes 444.It net.key.esp_auth integer yes 445.It net.key.esp_keymin integer yes 446.It net.key.kill_int integer yes 447.It net.key.spi_max_value integer yes 448.It net.key.spi_min_value integer yes 449.It net.key.spi_try integer yes 450.It proc.\*[Lt]pid\*[Gt].corename string yes 451.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.hard integer yes 452.It proc.\*[Lt]pid\*[Gt].rlimit.coredumpsize.soft integer yes 453.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.hard integer yes 454.It proc.\*[Lt]pid\*[Gt].rlimit.cputime.soft integer yes 455.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.hard integer yes 456.It proc.\*[Lt]pid\*[Gt].rlimit.datasize.soft integer yes 457.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.hard integer yes 458.It proc.\*[Lt]pid\*[Gt].rlimit.filesize.soft integer yes 459.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.hard integer yes 460.It proc.\*[Lt]pid\*[Gt].rlimit.maxproc.soft integer yes 461.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.hard integer yes 462.It proc.\*[Lt]pid\*[Gt].rlimit.memorylocked.soft integer yes 463.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.hard integer yes 464.It proc.\*[Lt]pid\*[Gt].rlimit.memoryuse.soft integer yes 465.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.hard integer yes 466.It proc.\*[Lt]pid\*[Gt].rlimit.stacksize.soft integer yes 467.It proc.\*[Lt]pid\*[Gt].stopexec int yes 468.It proc.\*[Lt]pid\*[Gt].stopfork int yes 469.It user.bc_base_max integer no 470.It user.bc_dim_max integer no 471.It user.bc_scale_max integer no 472.It user.bc_string_max integer no 473.It user.coll_weights_max integer no 474.It user.cs_path string no 475.It user.expr_nest_max integer no 476.It user.line_max integer no 477.It user.posix2_c_bind integer no 478.It user.posix2_c_dev integer no 479.It user.posix2_char_term integer no 480.It user.posix2_fort_dev integer no 481.It user.posix2_fort_run integer no 482.It user.posix2_localedef integer no 483.It user.posix2_sw_dev integer no 484.It user.posix2_upe integer no 485.It user.posix2_version integer no 486.It user.re_dup_max integer no 487.It vendor.\*[Lt]vendor\*[Gt].* ? vendor specific 488.It vfs.generic.usermount integer yes 489.It vfs.nfs.iothreads integer yes 490.It vm.anonmax integer yes 491.It vm.anonmin integer yes 492.It vm.execmax integer yes 493.It vm.execmin integer yes 494.It vm.filemax integer yes 495.It vm.filemin integer yes 496.It vm.loadavg struct no 497.It vm.nkmempages integer no 498.It vm.uvmexp struct no 499.It vm.uvmexp2 struct no 500.It vm.vmmeter struct no 501.El 502.Pp 503Entries found under 504.Dq vendor. Ns Aq vendor 505are left to be specified (and used) by vendors 506using the 507.Nx 508operating system in their products. 509Values and structure are vendor-defined, and no registry 510exists right now. 511.Sh CREATION AND DELETION 512New nodes are allowed to be created by the superuser when the kernel 513is running at security level 0. 514These new nodes may refer to existing kernel data or to new data that 515is only instrumented by 516.Xr sysctl 3 517itself. 518.Pp 519The syntax for creating new nodes is 520.Dq //create=new.node.path 521followed by one or more of the following attributes separated by 522commas. 523The use of a double separator (both 524.Sq / 525and 526.Sq \&. 527can be used as 528separators) as the prefix tells sysctl that the first series of tokens 529is not a MIB name, but a command. 530It is recommended that the double separator preceding the command not 531be the same as the separator used in naming the MIB entry so as to 532avoid possible parse conflicts. 533The 534.Dq value 535assigned, if one is given, must be last. 536.Pp 537.Bl -bullet -compact 538.It 539.Ar type= Ns Aq Ar T 540where 541.Ar T 542must be one of 543.Dq node , 544.Dq int , 545.Dq string , 546.Dq quad , 547or 548.Dq struct . 549If the type is omitted, the 550.Dq node 551type is assumed. 552.It 553.Ar size= Ns Aq Ar S 554here, 555.Ar S 556asserts the size of the new node. 557Nodes of type 558.Dq node 559should not have a size set. 560The size may be omitted for nodes of types 561.Dq int 562or 563.Dq quad . 564If the size is omitted for a node of type 565.Dq string , 566the size will be determined by the length of the given value, or by 567the kernel for kernel strings. 568Nodes of type 569.Dq struct 570must have their size explicitly set. 571.It 572.Ar addr= Ns Aq Ar A 573or 574.Ar symbol= Ns Aq Ar A 575The kernel address of the data being instrumented. 576If 577.Dq symbol 578is used, the symbol must be globally visible to the in-kernel 579.Xr ksyms 4 580driver. 581.It 582.Ar n= Ns Aq Ar N 583The MIB number to be assigned to the new node. 584If no number is specified, the kernel will assign a value. 585.It 586.Ar flags= Ns Aq Ar F 587A concatenated string of single letters that govern the behavior of 588the node. 589Flags currently available are: 590.Bl -tag -width www 591.It a 592Allow anyone to write to the node, if it is writable. 593.It h 594.Dq Hidden . 595.Nm 596must be invoked with 597.Fl A 598or the hidden node must be specifically requested in order to see it 599.It i 600.Dq Immediate . 601Makes the node store data in itself, rather than allocating new space 602for it. 603This is the default for nodes of type 604.Dq int 605and 606.Dq quad . 607This is the opposite of owning data. 608.It o 609.Dq Own . 610When the node is created, separate space will be allocated to store 611the data to be instrumented. 612This is the default for nodes of type 613.Dq string 614and 615.Dq struct 616where it is not possible to guarantee sufficient space to store the 617data in the node itself. 618.It p 619.Dq Private . 620Nodes that are marked private, and children of nodes so marked, are 621only viewable by the superuser. 622Be aware that the immediate data that some nodes may store is not 623necessarily protected by this. 624.It x 625.Dq Hexadecimal . 626Make 627.Nm 628default to hexadecimal display of the retrieved value 629.It r 630.Dq Read-only . 631The data instrumented by the given node is read-only. 632Note that other mechanisms may still exist for changing the data. 633This is the default for nodes that instrument data. 634.It w 635.Dq Writable . 636The data instrumented by the given node is writable at any time. 637This is the default for nodes that can have children. 638.It 1 639.Dq Read-only at securelevel 1 . 640The data instrumented by this node is writable until the securelevel 641reaches or passes securelevel 1. 642Examples of this include some network tunables. 643.It 2 644.Dq Read-only at securelevel 2 . 645The data instrumented by this node is writable until the securelevel 646reaches or passes securelevel 2. 647An example of this is the per-process core filename setting. 648.El 649.Pp 650.It 651.Ar value= Ns Aq Ar V 652An initial starting value for a new node that does not reference 653existing kernel data. 654Initial values can only be assigned for nodes of the 655.Dq int , 656.Dq quad , 657and 658.Dq string 659types. 660.El 661.Pp 662New nodes must fit the following set of criteria: 663.Pp 664.Bl -bullet -compact 665.It 666If the new node is to address an existing kernel object, only one of the 667.Dq symbol 668or 669.Dq addr 670arguments may be given. 671.It 672The size for a 673.Dq struct 674type node must be specified; no initial value is expected or permitted. 675.It 676Either the size or the initial value for a 677.Dq string 678node must be given. 679.It 680The node which will be the parent of the new node must be writable. 681.El 682.Pp 683If any of the given parameters describes an invalid configuration, 684.Nm 685will emit a diagnostic message to the standard error and exit. 686.Pp 687Descriptions can be added by the super-user to any node that does not 688have one, provided that the node is not marked with the 689.Dq PERMANENT 690flag. 691The syntax is similar to the syntax for creating new nodes with the 692exception of the keyword that follows the double separator at the 693start of the command: 694.Dq //describe=new.node.path=new node description . 695Once a description has been added, it cannot be changed or removed. 696.Pp 697When destroying nodes, only the path to the node is necessary, i.e., 698.Dq //destroy=old.node.path . 699No other parameters are expected or permitted. 700Nodes being destroyed must have no children, and their parent must be 701writable. 702Nodes that are marked with the 703.Dq Dv PERMANENT 704flag (as assigned by the kernel) may not be deleted. 705.Pp 706In all cases, the initial 707.Sq = 708that follows the command (eg, 709.Dq create , 710.Dq destroy , 711or 712.Dq describe ) 713may be replaced with another instance of the separator character, 714provided that the same separator character is used for the length of 715the name specification. 716.Sh FILES 717.Bl -tag -width xnetinet6/udp6Xvar.hx -compact 718.It Pa /etc/sysctl.conf 719.Nm 720variables set at boot time 721.It Aq Pa sys/sysctl.h 722definitions for top level identifiers, second level kernel and hardware 723identifiers, and user level identifiers 724.It Aq Pa sys/socket.h 725definitions for second level network identifiers 726.It Aq Pa sys/gmon.h 727definitions for third level profiling identifiers 728.It Aq Pa uvm/uvm_param.h 729definitions for second level virtual memory identifiers 730.It Aq Pa netinet/in.h 731definitions for third level IPv4/v6 identifiers and 732fourth level IPv4/v6 identifiers 733.It Aq Pa netinet/icmp_var.h 734definitions for fourth level ICMP identifiers 735.It Aq Pa netinet/icmp6.h 736definitions for fourth level ICMPv6 identifiers 737.It Aq Pa netinet/tcp_var.h 738definitions for fourth level TCP identifiers 739.It Aq Pa netinet/udp_var.h 740definitions for fourth level UDP identifiers 741.It Aq Pa netinet6/udp6_var.h 742definitions for fourth level IPv6 UDP identifiers 743.It Aq Pa netinet6/ipsec.h 744definitions for fourth level IPsec identifiers 745.It Aq Pa netkey/key_var.h 746definitions for third level PF_KEY identifiers 747.El 748.Sh EXAMPLES 749For example, to retrieve the maximum number of processes allowed 750in the system, one would use the following request: 751.Bd -literal -offset indent -compact 752sysctl kern.maxproc 753.Ed 754.Pp 755To set the maximum number of processes allowed 756in the system to 1000, one would use the following request: 757.Bd -literal -offset indent -compact 758sysctl -w kern.maxproc=1000 759.Ed 760.Pp 761Information about the system clock rate may be obtained with: 762.Bd -literal -offset indent -compact 763sysctl kern.clockrate 764.Ed 765.Pp 766Information about the load average history may be obtained with: 767.Bd -literal -offset indent -compact 768sysctl vm.loadavg 769.Ed 770.Pp 771To view the values of the per-process variables of the current shell, 772the request: 773.Bd -literal -offset indent -compact 774sysctl proc.$$ 775.Ed 776can be used if the shell interpreter replaces $$ with its pid (this is true 777for most shells). 778.Pp 779To redirect core dumps to the 780.Pa /var/tmp/ Ns Aq username 781directory, 782.Bd -literal -offset indent -compact 783sysctl -w proc.$$.corename=/var/tmp/%u/%n.core 784.Ed 785should be used. 786.Bd -literal -offset indent -compact 787sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core 788.Ed 789changes the value for the sysctl process itself, and will not have the desired 790effect. 791.Pp 792To create the root of a new sub-tree called 793.Dq local 794add some children to the new node, and some descriptions: 795.Bd -literal -offset indent -compact 796sysctl -w //create=local 797sysctl -w //describe=local=my local sysctl tree 798sysctl -w //create=local.esm_debug,type=int,symbol=esm_debug,flags=w 799sysctl -w //describe=local.esm_debug=esm driver debug knob 800sysctl -w //create=local.audiodebug,type=int,symbol=audiodebug,flags=w 801sysctl -w //describe=local.audiodebug=generic audio debug knob 802.Ed 803Note that the children are made writable so that the two debug 804settings in question can be tuned arbitrarily. 805.Pp 806To destroy that same subtree: 807.Bd -literal -offset indent -compact 808sysctl -w //destroy=local.esm_debug 809sysctl -w //destroy=local.audiodebug 810sysctl -w //destroy=local 811.Ed 812.Sh SEE ALSO 813.Xr sysctl 3 , 814.Xr ksyms 4 815.Sh HISTORY 816.Nm sysctl 817first appeared in 818.Bx 4.4 . 819