1.\" $OpenBSD: sysctl.8,v 1.148 2008/11/08 01:17:52 ckuethe Exp $ 2.\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ 3.\" 4.\" Copyright (c) 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 32.\" 33.Dd $Mdocdate: November 8 2008 $ 34.Dt SYSCTL 8 35.Os 36.Sh NAME 37.Nm sysctl 38.Nd get or set kernel state 39.Sh SYNOPSIS 40.Nm sysctl 41.Op Fl Aan 42.Nm sysctl 43.Op Fl n 44.Ar name ... 45.Nm sysctl 46.Op Fl nq 47.Ar name Ns = Ns Ar value ... 48.Sh DESCRIPTION 49The 50.Nm 51utility retrieves kernel state and allows processes with 52appropriate privilege to set kernel state. 53The state to be retrieved or set is described using a 54.Dq Management Information Base 55.Pq MIB 56style name, described as a dotted set of components. 57.Pp 58When retrieving a variable, 59a subset of the MIB name may be specified to retrieve a list of 60variables in that subset. 61For example, to list all the machdep variables: 62.Pp 63.Dl $ sysctl machdep 64.Pp 65When setting a variable, 66the MIB name should be followed by an equal sign and the new value. 67.Pp 68The options are as follows: 69.Bl -tag -width xxx 70.It Fl A 71List all the known MIB names including tables. 72Those with string or integer values will be printed as with the 73.Fl a 74flag; for the table values, the name of the utility to retrieve them is given. 75.It Fl a 76List all the currently available string or integer values. 77This is the default, if no parameters are given to 78.Nm . 79.It Fl n 80Suppress printing of the field name, only output the field value. 81Useful for setting shell variables. 82For example, to set the psize shell variable to the pagesize of the hardware: 83.Pp 84.Dl # set psize=`sysctl -n hw.pagesize` 85.Pp 86.It Fl q 87Suppress all output when setting a variable. 88This option overrides the behaviour of 89.Fl n . 90.It Ar name Ns = Ns Ar value 91Attempt to set the specified variable 92.Ar name 93to 94.Ar value . 95.El 96.Pp 97The information available from 98.Nm 99consists of integers, strings, and tables. 100The tabular information can only be retrieved by special 101purpose programs such as 102.Xr ps 1 , 103.Xr systat 1 , 104and 105.Xr netstat 1 . 106The string and integer information is summarized below. 107For a detailed description of these variables, see 108.Xr sysctl 3 . 109The changeable column indicates whether a process with appropriate 110privilege can change the value. 111.Pp 112Note: 113not all of the variables are relevant to all architectures. 114.Bl -column net.inet.ip.ipsec-expire-acquirexxxx integerxxx 115.It Sy Name Type Changeable 116.It kern.ostype string no 117.It kern.osrelease string no 118.It kern.osrevision integer no 119.It kern.version string no 120.It kern.maxvnodes integer yes 121.It kern.maxproc integer yes 122.It kern.maxfiles integer yes 123.It kern.argmax integer no 124.It kern.securelevel integer raise only 125.It kern.hostname string yes 126.It kern.hostid u_int yes 127.It kern.clockrate struct no 128.It kern.posix1version integer no 129.It kern.ngroups integer no 130.It kern.job_control integer no 131.It kern.saved_ids integer no 132.It kern.boottime struct no 133.It kern.domainname string yes 134.It kern.maxpartitions integer no 135.It kern.rawpartition integer no 136.It kern.osversion string no 137.It kern.somaxconn integer yes 138.It kern.sominconn integer yes 139.It kern.usermount integer yes 140.It kern.random struct no 141.It kern.nosuidcoredump integer yes 142.It kern.fsync integer no 143.It kern.sysvmsg integer no 144.It kern.sysvsem integer no 145.It kern.sysvshm integer no 146.It kern.arandom u_int no 147.It kern.msgbufsize integer no 148.It kern.malloc.buckets string no 149.It kern.malloc.bucket.<sz> string no 150.It kern.malloc.kmemnames string no 151.It kern.malloc.kmemstat.<name> string no 152.It kern.cp_time struct no 153.It kern.nchstats struct no 154.It kern.forkstat struct no 155.It kern.nselcoll integer no 156.It kern.tty.tk_nin int64_t no 157.It kern.tty.tk_nout int64_t no 158.It kern.tty.tk_rawcc int64_t no 159.It kern.tty.tk_cancc int64_t no 160.It kern.tty.ttyinfo struct no 161.It kern.tty.maxptys integer yes 162.It kern.tty.nptys integer no 163.It kern.ccpu u_int no 164.It kern.fscale integer no 165.It kern.nprocs integer no 166.It kern.stackgap_random integer yes 167.It kern.usercrypto integer yes 168.It kern.cryptodevallowsoft integer yes 169.It kern.splassert integer yes 170.It kern.nfiles integer no 171.It kern.ttycount integer no 172.It kern.numvnodes integer no 173.It kern.userasymcrypto integer yes 174.It kern.seminfo.semmni integer yes 175.It kern.seminfo.semmns integer yes 176.It kern.seminfo.semmnu integer yes 177.It kern.seminfo.semmsl integer yes 178.It kern.seminfo.semopm integer yes 179.It kern.seminfo.semume integer no 180.It kern.seminfo.semusz integer no 181.It kern.seminfo.semvmx integer no 182.It kern.seminfo.semaem integer no 183.It kern.shminfo.shmmax integer yes 184.It kern.shminfo.shmmin integer yes 185.It kern.shminfo.shmmni integer yes 186.It kern.shminfo.shmseg integer yes 187.It kern.shminfo.shmall integer yes 188.It kern.watchdog.period integer yes 189.It kern.watchdog.auto integer yes 190.It kern.emul.nemuls integer no 191.It kern.emul.other integer yes 192.It kern.maxclusters integer yes 193.It kern.timecounter.tick integer no 194.It kern.timecounter.timestepwarnings integer yes 195.It kern.timecounter.hardware string yes 196.It kern.timecounter.choice string no 197.It vm.vmmeter struct no 198.It vm.loadavg struct no 199.It vm.psstrings struct no 200.It vm.uvmexp struct no 201.It vm.swapencrypt.enable integer yes 202.It vm.swapencrypt.keyscreated integer no 203.It vm.swapencrypt.keysdeleted integer no 204.It vm.nkmempages integer no 205.It vm.anonmin integer yes 206.It vm.vtextmin integer yes 207.It vm.vnodemin integer yes 208.It vm.maxslp integer no 209.It vm.uspace integer no 210.It fs.posix.setuid integer yes 211.It net.inet.ip.forwarding integer yes 212.It net.inet.ip.redirect integer yes 213.It net.inet.ip.ttl integer yes 214.\" .It net.inet.ip.mtu integer yes 215.It net.inet.ip.sourceroute integer yes 216.It net.inet.ip.directed-broadcast integer yes 217.It net.inet.ip.portfirst integer yes 218.It net.inet.ip.portlast integer yes 219.It net.inet.ip.porthifirst integer yes 220.It net.inet.ip.porthilast integer yes 221.It net.inet.ip.maxqueue integer yes 222.It net.inet.ip.encdebug integer yes 223.It net.inet.ip.ipsec-expire-acquire integer yes 224.It net.inet.ip.ipsec-invalid-life integer yes 225.It net.inet.ip.ipsec-pfs integer yes 226.It net.inet.ip.ipsec-soft-allocs integer yes 227.It net.inet.ip.ipsec-allocs integer yes 228.It net.inet.ip.ipsec-soft-bytes integer yes 229.It net.inet.ip.ipsec-bytes integer yes 230.It net.inet.ip.ipsec-timeout integer yes 231.It net.inet.ip.ipsec-soft-timeout integer yes 232.It net.inet.ip.ipsec-soft-firstuse integer yes 233.It net.inet.ip.ipsec-firstuse integer yes 234.It net.inet.ip.ipsec-enc-alg string yes 235.It net.inet.ip.ipsec-auth-alg string yes 236.It net.inet.ip.mtudisc integer yes 237.It net.inet.ip.mtudisctimeout integer yes 238.It net.inet.ip.ipsec-comp-alg string yes 239.It net.inet.ip.mforwarding integer yes 240.It net.inet.ip.multipath integer yes 241.It net.inet.icmp.maskrepl integer yes 242.It net.inet.icmp.bmcastecho integer yes 243.It net.inet.icmp.errppslimit integer yes 244.It net.inet.icmp.rediraccept integer yes 245.It net.inet.icmp.redirtimeout integer yes 246.It net.inet.icmp.tstamprepl integer yes 247.It net.inet.ipip.allow integer yes 248.It net.inet.tcp.rfc1323 integer yes 249.It net.inet.tcp.keepinittime integer yes 250.It net.inet.tcp.keepidle integer yes 251.It net.inet.tcp.keepintvl integer yes 252.It net.inet.tcp.slowhz integer no 253.It net.inet.tcp.baddynamic array yes 254.It net.inet.tcp.recvspace integer yes 255.It net.inet.tcp.sendspace integer yes 256.It net.inet.tcp.sack integer yes 257.It net.inet.tcp.mssdflt integer yes 258.It net.inet.tcp.rstppslimit integer yes 259.It net.inet.tcp.ackonpush integer yes 260.It net.inet.tcp.ecn integer yes 261.It net.inet.tcp.syncachelimit integer yes 262.It net.inet.tcp.synbucketlimit integer yes 263.It net.inet.tcp.rfc3390 integer yes 264.It net.inet.tcp.reasslimit integer yes 265.It net.inet.udp.checksum integer yes 266.It net.inet.udp.baddynamic array yes 267.It net.inet.udp.recvspace integer yes 268.It net.inet.udp.sendspace integer yes 269.It net.inet.gre.allow integer yes 270.It net.inet.gre.wccp integer yes 271.It net.inet.esp.enable integer yes 272.It net.inet.esp.udpencap integer yes 273.It net.inet.esp.udpencap_port integer yes 274.It net.inet.ah.enable integer yes 275.It net.inet.mobileip.allow integer yes 276.It net.inet.etherip.allow integer yes 277.It net.inet.ipcomp.enable integer yes 278.It net.inet.carp.allow integer yes 279.It net.inet.carp.preempt integer yes 280.It net.inet.carp.log integer yes 281.It net.inet6.ip6.forwarding integer yes 282.It net.inet6.ip6.redirect integer yes 283.It net.inet6.ip6.hlim integer yes 284.It net.inet6.ip6.maxfragpackets integer yes 285.It net.inet6.ip6.accept_rtadv integer yes 286.It net.inet6.ip6.keepfaith integer yes 287.It net.inet6.ip6.log_interval integer yes 288.It net.inet6.ip6.hdrnestlimit integer yes 289.It net.inet6.ip6.dad_count integer yes 290.It net.inet6.ip6.auto_flowlabel integer yes 291.It net.inet6.ip6.defmcasthlim integer yes 292.It net.inet6.ip6.kame_version string no 293.It net.inet6.ip6.use_deprecated integer yes 294.It net.inet6.ip6.rr_prune integer yes 295.It net.inet6.ip6.v6only integer no 296.It net.inet6.ip6.maxfrags integer yes 297.It net.inet6.ip6.mforwarding integer yes 298.It net.inet6.ip6.multipath integer yes 299.It net.inet6.ip6.multicast_mtudisc integer yes 300.It net.inet6.icmp6.rediraccept integer yes 301.It net.inet6.icmp6.redirtimeout integer yes 302.It net.inet6.icmp6.nd6_prune integer yes 303.It net.inet6.icmp6.nd6_delay integer yes 304.It net.inet6.icmp6.nd6_umaxtries integer yes 305.It net.inet6.icmp6.nd6_mmaxtries integer yes 306.It net.inet6.icmp6.nd6_useloopback integer yes 307.It net.inet6.icmp6.nodeinfo integer yes 308.It net.inet6.icmp6.errppslimit integer yes 309.It net.inet6.icmp6.nd6_maxnudhint integer yes 310.It net.inet6.icmp6.mtudisc_hiwat integer yes 311.It net.inet6.icmp6.mtudisc_lowat integer yes 312.It net.inet6.icmp6.nd6_debug integer yes 313.It debug.syncprt integer yes 314.It debug.busyprt integer yes 315.It debug.doclusterread integer yes 316.It debug.doclusterwrite integer yes 317.It debug.doreallocblks integer yes 318.It debug.doasyncfree integer yes 319.It debug.prtrealloc integer yes 320.It hw.machine string no 321.It hw.model string no 322.It hw.ncpu integer no 323.It hw.byteorder integer no 324.It hw.physmem int64_t no 325.It hw.usermem int64_t no 326.It hw.pagesize integer no 327.It hw.diskstats struct no 328.It hw.disknames string no 329.It hw.diskcount integer no 330.It hw.sensors.<xname>.<type><numt> struct no 331.It hw.cpuspeed integer no 332.It hw.setperf integer yes 333.It hw.vendor string no 334.It hw.product string no 335.It hw.version string no 336.It hw.serialno string no 337.It hw.uuid string no 338.It machdep.console_device dev_t no 339.It machdep.unaligned_print integer yes 340.It machdep.unaligned_fix integer yes 341.It machdep.unaligned_sigbus integer yes 342.It machdep.apmwarn integer yes 343.It machdep.apmhalt integer yes 344.It machdep.kbdreset integer yes 345.It machdep.userldt integer yes 346.It machdep.osxsfr integer no 347.It machdep.sse integer no 348.It machdep.sse2 integer no 349.It machdep.xcrypt integer no 350.It machdep.allowaperture integer yes 351.It machdep.led_blink integer yes 352.It machdep.ceccerrs integer no 353.It machdep.cecclast quad no 354.It user.cs_path string no 355.It user.bc_base_max integer no 356.It user.bc_dim_max integer no 357.It user.bc_scale_max integer no 358.It user.bc_string_max integer no 359.It user.coll_weights_max integer no 360.It user.expr_nest_max integer no 361.It user.line_max integer no 362.It user.re_dup_max integer no 363.It user.posix2_version integer no 364.It user.posix2_c_bind integer no 365.It user.posix2_c_dev integer no 366.It user.posix2_char_term integer no 367.It user.posix2_fort_dev integer no 368.It user.posix2_fort_run integer no 369.It user.posix2_localedef integer no 370.It user.posix2_sw_dev integer no 371.It user.posix2_upe integer no 372.It user.stream_max integer no 373.It user.tzname_max integer no 374.It ddb.radix integer yes 375.It ddb.max_width integer yes 376.It ddb.max_line integer yes 377.It ddb.tab_stop_width integer yes 378.It ddb.panic integer yes 379.It ddb.console integer yes 380.It ddb.log integer yes 381.It ddb.trigger integer yes 382.It vfs.mounts.* struct no 383.It vfs.ffs.doclusterread integer yes 384.It vfs.ffs.doclusterwrite integer yes 385.It vfs.ffs.doreallocblks integer yes 386.It vfs.ffs.doasyncfree integer yes 387.It vfs.ffs.max_softdeps integer yes 388.It vfs.ffs.sd_tickdelay integer yes 389.It vfs.ffs.sd_worklist_push integer no 390.It vfs.ffs.sd_blk_limit_push integer no 391.It vfs.ffs.sd_ino_limit_push integer no 392.It vfs.ffs.sd_blk_limit_hit integer no 393.It vfs.ffs.sd_ino_limit_hit integer no 394.It vfs.ffs.sd_sync_limit_hit integer no 395.It vfs.ffs.sd_indir_blk_ptrs integer no 396.It vfs.ffs.sd_inode_bitmap integer no 397.It vfs.ffs.sd_direct_blk_ptrs integer no 398.It vfs.ffs.sd_dir_entry integer no 399.It vfs.ffs.dirhash_dirsize integer yes 400.It vfs.ffs.dirhash_maxmem integer yes 401.It vfs.ffs.dirhash_mem integer no 402.It vfs.nfs.iothreads integer yes 403.El 404.Pp 405The 406.Nm 407program can get or set debugging variables 408that have been identified for its display. 409This information can be obtained by using the command: 410.Pp 411.Dl $ sysctl debug 412.Pp 413In addition, 414.Nm 415can extract information about the filesystems that have been compiled 416into the running system. 417This information can be obtained by using the command: 418.Pp 419.Dl $ sysctl vfs.mounts 420.Pp 421By default, only filesystems that are actively being used are listed. 422Use of the 423.Fl A 424flag lists all the filesystems compiled into the running kernel. 425.Sh FILES 426.Bl -tag -width <uvm/uvm_swap_encrypt.h> -compact 427.It Aq Pa sys/sysctl.h 428definitions for top level identifiers, second level kernel and hardware 429identifiers, and user level identifiers 430.It Aq Pa dev/rndvar.h 431definitions for 432.Xr random 4 433device's statistics structure 434.It Aq Pa sys/socket.h 435definitions for second level network identifiers 436.It Aq Pa sys/gmon.h 437definitions for third level profiling identifiers 438.It Aq Pa uvm/uvm_param.h 439definitions for second level virtual memory identifiers 440.It Aq Pa uvm/uvm_swap_encrypt.h 441definitions for third level virtual memory identifiers 442.It Aq Pa netinet/in.h 443definitions for third level IPv4/v6 identifiers and 444fourth level IPv4/v6 identifiers 445.It Aq Pa netinet/icmp_var.h 446definitions for fourth level ICMP identifiers 447.It Aq Pa netinet6/icmp6.h 448definitions for fourth level ICMPv6 identifiers 449.It Aq Pa netinet/tcp_var.h 450definitions for fourth level TCP identifiers 451.It Aq Pa netinet/udp_var.h 452definitions for fourth level UDP identifiers 453.It Aq Pa ddb/db_var.h 454definitions for second level ddb identifiers 455.It Aq Pa sys/mount.h 456definitions for second level vfs identifiers 457.It Aq Pa nfs/nfs.h 458definitions for third level NFS identifiers 459.It Aq Pa ufs/ffs/ffs_extern.h 460definitions for third level FFS identifiers 461.It Aq Pa machine/cpu.h 462definitions for second level CPU identifiers 463.El 464.Sh EXAMPLES 465To retrieve the maximum number of processes allowed 466in the system: 467.Pp 468.Dl $ sysctl kern.maxproc 469.Pp 470To set the maximum number of processes allowed 471in the system to 1000: 472.Pp 473.Dl # sysctl kern.maxproc=1000 474.Pp 475To retrieve information about the system clock rate: 476.Pp 477.Dl $ sysctl kern.clockrate 478.Pp 479To retrieve information about the load average history: 480.Pp 481.Dl $ sysctl vm.loadavg 482.Pp 483To make the 484.Xr chown 2 485system call use traditional BSD semantics (don't clear setuid/setgid bits): 486.Pp 487.Dl # sysctl fs.posix.setuid=0 488.Pp 489To set the list of reserved TCP ports that should not be allocated 490by the kernel dynamically: 491.Pp 492.Dl # sysctl net.inet.tcp.baddynamic=749,750,751,760,761,871 493.Pp 494This can be used to keep daemons 495from stealing a specific port that another program needs to function. 496List elements may be separated by commas and/or whitespace. 497.Pp 498It is also possible to add or remove ports from the current list: 499.Bd -literal -offset indent 500# sysctl net.inet.tcp.baddynamic=+748 501# sysctl net.inet.tcp.baddynamic=-871 502.Ed 503.Pp 504To adjust the number of kernel nfsio 505threads used to service asynchronous 506I/O requests on an NFS client machine: 507.Pp 508.Dl # sysctl vfs.nfs.iothreads=4 509.Pp 510The default is 4; 20 is the maximum. 511See 512.Xr nfssvc 2 513and 514.Xr nfsd 8 515for further discussion. 516.Pp 517To set the amount of shared memory available in the system and 518the maximum number of shared memory segments: 519.Bd -literal -offset indent 520# sysctl kern.shminfo.shmmax=33554432 521# sysctl kern.shminfo.shmseg=32 522.Ed 523.Sh SEE ALSO 524.Xr sysctl 3 , 525.Xr sysctl.conf 5 526.Sh HISTORY 527.Nm 528first appeared in 529.Bx 4.4 . 530