1.\" $OpenBSD: sysctl.8,v 1.68 2001/08/18 03:32:16 art Exp $ 2.\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ 3.\" 4.\" Copyright (c) 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 36.\" 37.Dd May 9, 1995 38.Dt SYSCTL 8 39.Os 40.Sh NAME 41.Nm sysctl 42.Nd get or set kernel state 43.Sh SYNOPSIS 44.Nm sysctl 45.Op Fl n 46.Ar name ... 47.Nm sysctl 48.Op Fl n 49.Fl w 50.Ar name=value ... 51.Nm sysctl 52.Op Fl n 53.Fl aA 54.Sh DESCRIPTION 55The 56.Nm 57utility retrieves kernel state and allows processes with 58appropriate privilege to set kernel state. 59The state to be retrieved or set is described using a 60``Management Information Base'' (``MIB'') style name, 61described as a dotted set of components. 62 63The options are as follows: 64.Bl -tag -width xxx 65.It Fl a 66list all the currently available string or integer values. 67.It Fl A 68list all the known MIB names including tables. 69Those with string or integer values will be printed as with the 70.Fl a 71flag; for the table values, the name of the utility to retrieve them is given. 72.It Fl n 73suppress printing of the field name, only output the field value. 74Useful for setting shell variables. 75For example: 76.Bd -literal -offset indent -compact 77set psize=`sysctl -n hw.pagesize` 78.Ed 79.Pp 80If just a MIB style name is given, 81the corresponding value is retrieved. 82.It Fl w 83required to set a variable. The MIB name should be followed 84by an equal sign and the new value. 85.El 86.Pp 87The information available from 88.Nm 89consists of integers, strings, and tables. 90The tabular information can only be retrieved by special 91purpose programs such as 92.Nm ps , 93.Nm systat , 94and 95.Nm netstat . 96The string and integer information is summarized below. 97For a detailed description of these variable see 98.Xr sysctl 3 . 99The changeable column indicates whether a process with appropriate 100privilege can change the value. 101.Bl -column net.inet.ip.ipsec-expire-acquirexxxx integerxxx 102.It Sy Name Type Changeable 103.It kern.ostype string no 104.It kern.osrelease string no 105.It kern.osrevision integer no 106.It kern.osversion string no 107.It kern.version string no 108.It kern.maxvnodes integer yes 109.It kern.maxproc integer yes 110.It kern.maxfiles integer yes 111.It kern.maxpartitions integer no 112.It kern.rawpartition integer no 113.It kern.argmax integer no 114.It kern.securelevel integer raise only 115.It kern.hostname string yes 116.It kern.domainname string yes 117.It kern.hostid u_int yes 118.It kern.clockrate struct no 119.It kern.posix1version integer no 120.It kern.ngroups integer no 121.It kern.job_control integer no 122.It kern.saved_ids integer no 123.It kern.boottime struct no 124.It kern.ntptime struct no 125.It kern.cp_time struct no 126.It kern.nchstats struct no 127.It kern.forkstat struct no 128.It kern.somaxconn integer yes 129.It kern.sominconn integer yes 130.It kern.usermount integer yes 131.It kern.random struct no 132.It kern.nosuidcoredump integer yes 133.It kern.fsync integer no 134.It kern.sysvmsg integer no 135.It kern.sysvsem integer no 136.It kern.sysvshm integer no 137.It kern.arandom u_int no 138.It kern.msgbufsize integer no 139.It kern.nselcoll integer no 140.It kern.malloc.buckets string no 141.It kern.malloc.bucket.<sz> string no 142.It kern.malloc.kmemnames string no 143.It kern.malloc.kmemstat.<name> string no 144.It kern.tty.tk_nin int64_t no 145.It kern.tty.tk_nout int64_t no 146.It kern.tty.tk_rawcc int64_t no 147.It kern.tty.tk_cancc int64_t no 148.It kern.fscale int no 149.It kern.ccpu u_int no 150.It kern.nprocs int no 151.It kern.stackgap_random int yes 152.It vm.loadavg struct no 153.It vm.psstrings struct no 154.It vm.swapencrypt.enable integer yes 155.It vm.swapencrypt.keyscreated integer no 156.It vm.swapencrypt.keysdeleted integer no 157.It vm.uvmexp struct no 158.It vm.vmmeter struct no 159.It fs.posix.setuid integer yes 160.It net.inet.ip.forwarding integer yes 161.It net.inet.ip.redirect integer yes 162.It net.inet.ip.ttl integer yes 163.\" .It net.inet.ip.mtu integer yes 164.It net.inet.ip.sourceroute integer yes 165.It net.inet.ip.directed-broadcast integer yes 166.It net.inet.ip.portfirst integer yes 167.It net.inet.ip.portlast integer yes 168.It net.inet.ip.porthifirst integer yes 169.It net.inet.ip.porthilast integer yes 170.It net.inet.ip.maxqueue integer yes 171.It net.inet.ip.encdebug integer yes 172.It net.inet.ip.ipsec-pfs integer yes 173.It net.inet.ip.ipsec-soft-allocs integer yes 174.It net.inet.ip.ipsec-allocs integer yes 175.It net.inet.ip.ipsec-soft-bytes integer yes 176.It net.inet.ip.ipsec-bytes integer yes 177.It net.inet.ip.ipsec-timeout integer yes 178.It net.inet.ip.ipsec-soft-timeout integer yes 179.It net.inet.ip.ipsec-soft-firstuse integer yes 180.It net.inet.ip.ipsec-firstuse integer yes 181.It net.inet.ip.ipsec-enc-alg string yes 182.It net.inet.ip.ipsec-auth-alg string yes 183.It net.inet.ip.ipsec-comp-alg string yes 184.It net.inet.ip.ipsec-expire-acquire integer yes 185.It net.inet.ip.ipsec-invalid-life integer yes 186.It net.inet.ip.mtudisc integer yes 187.It net.inet.ip.mtudisctimeout integer yes 188.It net.inet.icmp.maskrepl integer yes 189.It net.inet.icmp.bmcastecho integer yes 190.It net.inet.icmp.errppslimit integer yes 191.It net.inet.ipip.allow integer yes 192.It net.inet.etherip.allow integer yes 193.It net.inet.tcp.rfc1323 integer yes 194.It net.inet.tcp.keepinittime integer yes 195.It net.inet.tcp.keepidle integer yes 196.It net.inet.tcp.keepintvl integer yes 197.It net.inet.tcp.slowhz integer no 198.It net.inet.tcp.baddynamic array yes 199.It net.inet.tcp.recvspace integer yes 200.It net.inet.tcp.sendspace integer yes 201.It net.inet.tcp.sack integer yes 202.It net.inet.tcp.mssdflt integer yes 203.It net.inet.tcp.rstppslimit integer yes 204.It net.inet.udp.checksum integer yes 205.It net.inet.udp.baddynamic array yes 206.It net.inet.udp.recvspace integer yes 207.It net.inet.udp.sendspace integer yes 208.It net.inet.esp.enable integer yes 209.It net.inet.ah.enable integer yes 210.It net.inet.ipcomp.enable integer yes 211.It net.inet.gre.allow integer yes 212.It net.inet.mobileip.allow integer yes 213.It net.inet6.ip6.forwarding integer yes 214.It net.inet6.ip6.redirect integer yes 215.It net.inet6.ip6.hlim integer yes 216.It net.inet6.ip6.maxfragpackets integer yes 217.It net.inet6.ip6.accept_rtadv integer yes 218.It net.inet6.ip6.keepfaith integer yes 219.It net.inet6.ip6.log_interval integer yes 220.It net.inet6.ip6.hdrnestlimit integer yes 221.It net.inet6.ip6.dad_count integer yes 222.It net.inet6.ip6.auto_flowlabel integer yes 223.It net.inet6.ip6.defmcasthlim integer yes 224.It net.inet6.ip6.kame_version string no 225.It net.inet6.ip6.use_deprecated integer yes 226.It net.inet6.ip6.rr_prune integer yes 227.It net.inet6.icmp6.rediraccept integer yes 228.It net.inet6.icmp6.redirtimeout integer yes 229.It net.inet6.icmp6.nd6_prune integer yes 230.It net.inet6.icmp6.nd6_delay integer yes 231.It net.inet6.icmp6.nd6_umaxtries integer yes 232.It net.inet6.icmp6.nd6_mmaxtries integer yes 233.It net.inet6.icmp6.nd6_useloopback integer yes 234.It net.inet6.icmp6.nodeinfo integer yes 235.It net.inet6.icmp6.errppslimit integer yes 236.It net.inet6.icmp6.nd6_maxnudhint integer yes 237.It net.inet6.icmp6.mtudisc_hiwat integer yes 238.It net.inet6.icmp6.mtudisc_lowat integer yes 239.It net.inet6.icmp6.nd6_debug integer yes 240.It net.ipx.ipx.checksum integer yes 241.It net.ipx.ipx.forwarding integer yes 242.It net.ipx.ipx.netbios integer yes 243.It net.ipx.ipx.recvspace integer yes 244.It net.ipx.ipx.sendspace integer yes 245.It debug.syncprt integer yes 246.It debug.busyprt integer yes 247.It debug.doclusterread integer yes 248.It debug.doclusterwrite integer yes 249.It debug.doreallocblks integer yes 250.It debug.doasyncfree integer yes 251.It debug.prtrealloc integer yes 252.It hw.machine string no 253.It hw.model string no 254.It hw.ncpu integer no 255.It hw.byteorder integer no 256.It hw.physmem integer no 257.It hw.usermem integer no 258.It hw.pagesize integer no 259.It hw.diskstats struct no 260.It hw.disknames string no 261.It hw.diskcount integer no 262.It machdep.console_device dev_t no 263.It machdep.apmwarn integer yes (i386 only) 264.It machdep.apmhalt integer yes (i386 only) 265.It machdep.kbdreset integer yes (i386 only) 266.It machdep.allowaperture integer yes (i386 only, XFree86) 267.It machdep.led_blink integer yes (sparc only) 268.It machdep.vsyncblank integer yes (sparc only) 269.It user.cs_path string no 270.It user.bc_base_max integer no 271.It user.bc_dim_max integer no 272.It user.bc_scale_max integer no 273.It user.bc_string_max integer no 274.It user.coll_weights_max integer no 275.It user.expr_nest_max integer no 276.It user.line_max integer no 277.It user.re_dup_max integer no 278.It user.posix2_version integer no 279.It user.posix2_c_bind integer no 280.It user.posix2_c_dev integer no 281.It user.posix2_char_term integer no 282.It user.posix2_fort_dev integer no 283.It user.posix2_fort_run integer no 284.It user.posix2_localedef integer no 285.It user.posix2_sw_dev integer no 286.It user.posix2_upe integer no 287.It user.stream_max integer no 288.It user.tzname_max integer no 289.It ddb.radix integer yes 290.It ddb.max_width integer yes 291.It ddb.max_line integer yes 292.It ddb.tab_stop_width integer yes 293.It ddb.panic integer yes 294.It ddb.console integer yes 295.It vfs.mounts.* struct no 296.It vfs.ffs.doasyncfree integer yes 297.It vfs.ffs.doclusterread integer yes 298.It vfs.ffs.doclusterwrite integer yes 299.It vfs.ffs.doreallocblks integer yes 300.It vfs.nfs.iothreads integer yes 301.El 302.Pp 303The 304.Nm 305program can get or set debugging variables 306that have been identified for its display. 307This information can be obtained by using the command: 308.Bd -literal -offset indent 309sysctl debug 310.Ed 311In addition, 312.Nm 313can extract information about the filesystems that have been compiled 314into the running system. 315This information can be obtained by using the command: 316.Bd -literal -offset indent 317sysctl vfs.mounts 318.Ed 319By default, only filesystems that are actively being used are listed. 320Use of the 321.Fl A 322flag lists all the filesystems compiled into the running kernel. 323.Sh EXAMPLES 324For example, to retrieve the maximum number of processes allowed 325in the system, one would use the follow request: 326.Bd -literal -offset indent -compact 327sysctl kern.maxproc 328.Ed 329.Pp 330To set the maximum number of processes allowed 331in the system to 1000, one would use the follow request: 332.Bd -literal -offset indent -compact 333sysctl -w kern.maxproc=1000 334.Ed 335.Pp 336Information about the system clock rate may be obtained with: 337.Bd -literal -offset indent -compact 338sysctl kern.clockrate 339.Ed 340.Pp 341Information about the load average history may be obtained with 342.Bd -literal -offset indent -compact 343sysctl vm.loadavg 344.Ed 345.Pp 346To make the 347.Xr chown 2 348system call use traditional BSD semantics (don't clear setuid/setgid bits), 349one would do the following: 350.Bd -literal -offset indent -compact 351sysctl -w fs.posix.setuid=0 352.Ed 353.Pp 354Set the list of reserved TCP ports that should not be allocated 355by the kernel dynamically. 356This can be used to keep daemons 357from stealing a specific port that another program needs to function. 358List elements may be separated by commas and/or whitespace. 359.Bd -literal -offset indent -compact 360sysctl -w net.inet.tcp.baddynamic=749,750,751,760,761,871 361.Ed 362.Pp 363It is also possible to add or remove ports from the current list. 364.Bd -literal -offset indent -compact 365sysctl -w net.inet.tcp.baddynamic=+748 366sysctl -w net.inet.tcp.baddynamic=-871 367.Ed 368.Pp 369To adjust the number of kernel 370.Nm nfsio 371threads used to service asynchronous 372I/O requests on an NFS client machine use 373.Bd -literal -offset indent -compact 374sysctl -w vfs.nfs.iothreads=4 375.Ed 376.Pp 377The number of 4 is the default, where the 20 is the maximum. 378See 379.Xr nfssvc 2 380and 381.Xr nfsd 8 382for futher discussion. 383.Sh FILES 384.Bl -tag -width <ufs/ffs/ffs_extern.h> -compact 385.It Pa <sys/sysctl.h> 386definitions for top level identifiers, second level kernel and hardware 387identifiers, and user level identifiers 388.It Pa <dev/rndvar.h> 389definitions for 390.Xr random 4 391device's statistics structure 392.It Pa <sys/socket.h> 393definitions for second level network identifiers 394.It Pa <sys/gmon.h> 395definitions for third level profiling identifiers 396.It Pa <vm/vm_param.h> 397definitions for second level virtual memory identifiers 398.It Pa <uvm/uvm_swap_encrypt.h> 399definitions for third level virtual memory identifiers 400.It Pa <netinet/in.h> 401definitions for third level IPv4/v6 identifiers and 402fourth level IPv4/v6 identifiers 403.It Pa <netinet/icmp_var.h> 404definitions for fourth level ICMP identifiers 405.It Pa <netinet6/icmp6.h> 406definitions for fourth level ICMPv6 identifiers 407.It Pa <netinet/tcp_var.h> 408definitions for fourth level TCP identifiers 409.It Pa <netinet/udp_var.h> 410definitions for fourth level UDP identifiers 411.It Pa <netipx/ipx_var.h> 412definitions for third level IPX identifiers and 413fourth level IPX identifiers 414.It Pa <ddb/db_var.h> 415definitions for second level ddb identifiers 416.It Pa <sys/mount.h> 417definitions for second level vfs identifiers 418.It Pa <nfs/nfs.h> 419definitions for third level NFS identifiers 420.It Pa <ufs/ffs/ffs_extern.h> 421definitions for third level FFS identifiers 422.El 423.Sh SEE ALSO 424.Xr sysctl 3 , 425.Xr sysctl.conf 5 426.Sh HISTORY 427.Nm sysctl 428first appeared in 429.Bx 4.4 . 430