1.\" $OpenBSD: sysctl.8,v 1.72 2001/12/21 11:41:50 mpech Exp $ 2.\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ 3.\" 4.\" Copyright (c) 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 36.\" 37.Dd May 9, 1995 38.Dt SYSCTL 8 39.Os 40.Sh NAME 41.Nm sysctl 42.Nd get or set kernel state 43.Sh SYNOPSIS 44.Nm sysctl 45.Op Fl n 46.Ar name ... 47.Nm sysctl 48.Op Fl n 49.Fl w 50.Ar name=value ... 51.Nm sysctl 52.Op Fl n 53.Fl aA 54.Sh DESCRIPTION 55The 56.Nm 57utility retrieves kernel state and allows processes with 58appropriate privilege to set kernel state. 59The state to be retrieved or set is described using a 60``Management Information Base'' (``MIB'') style name, 61described as a dotted set of components. 62.Pp 63The options are as follows: 64.Bl -tag -width xxx 65.It Fl a 66list all the currently available string or integer values. 67.It Fl A 68list all the known MIB names including tables. 69Those with string or integer values will be printed as with the 70.Fl a 71flag; for the table values, the name of the utility to retrieve them is given. 72.It Fl n 73suppress printing of the field name, only output the field value. 74Useful for setting shell variables. 75For example: 76.Bd -literal -offset indent -compact 77set psize=`sysctl -n hw.pagesize` 78.Ed 79.Pp 80If just a MIB style name is given, 81the corresponding value is retrieved. 82.It Fl w 83required to set a variable. 84The MIB name should be followed by an equal sign and the new value. 85.El 86.Pp 87The information available from 88.Nm 89consists of integers, strings, and tables. 90The tabular information can only be retrieved by special 91purpose programs such as 92.Nm ps , 93.Nm systat , 94and 95.Nm netstat . 96The string and integer information is summarized below. 97For a detailed description of these variable see 98.Xr sysctl 3 . 99The changeable column indicates whether a process with appropriate 100privilege can change the value. 101.Bl -column net.inet.ip.ipsec-expire-acquirexxxx integerxxx 102.It Sy Name Type Changeable 103.It kern.ostype string no 104.It kern.osrelease string no 105.It kern.osrevision integer no 106.It kern.osversion string no 107.It kern.version string no 108.It kern.maxvnodes integer yes 109.It kern.maxproc integer yes 110.It kern.maxfiles integer yes 111.It kern.maxpartitions integer no 112.It kern.rawpartition integer no 113.It kern.argmax integer no 114.It kern.securelevel integer raise only 115.It kern.hostname string yes 116.It kern.domainname string yes 117.It kern.hostid u_int yes 118.It kern.clockrate struct no 119.It kern.posix1version integer no 120.It kern.ngroups integer no 121.It kern.job_control integer no 122.It kern.saved_ids integer no 123.It kern.boottime struct no 124.It kern.ntptime struct no 125.It kern.cp_time struct no 126.It kern.nchstats struct no 127.It kern.forkstat struct no 128.It kern.somaxconn integer yes 129.It kern.sominconn integer yes 130.It kern.usermount integer yes 131.It kern.random struct no 132.It kern.nosuidcoredump integer yes 133.It kern.fsync integer no 134.It kern.sysvmsg integer no 135.It kern.sysvsem integer no 136.It kern.sysvshm integer no 137.It kern.arandom u_int no 138.It kern.msgbufsize integer no 139.It kern.nselcoll integer no 140.It kern.malloc.buckets string no 141.It kern.malloc.bucket.<sz> string no 142.It kern.malloc.kmemnames string no 143.It kern.malloc.kmemstat.<name> string no 144.It kern.tty.tk_nin int64_t no 145.It kern.tty.tk_nout int64_t no 146.It kern.tty.tk_rawcc int64_t no 147.It kern.tty.tk_cancc int64_t no 148.It kern.fscale int no 149.It kern.ccpu u_int no 150.It kern.nprocs int no 151.It kern.stackgap_random int yes 152.It vm.loadavg struct no 153.It vm.psstrings struct no 154.It vm.swapencrypt.enable integer yes 155.It vm.swapencrypt.keyscreated integer no 156.It vm.swapencrypt.keysdeleted integer no 157.It vm.uvmexp struct no 158.It vm.vmmeter struct no 159.It fs.posix.setuid integer yes 160.It net.inet.ip.forwarding integer yes 161.It net.inet.ip.redirect integer yes 162.It net.inet.ip.ttl integer yes 163.\" .It net.inet.ip.mtu integer yes 164.It net.inet.ip.sourceroute integer yes 165.It net.inet.ip.directed-broadcast integer yes 166.It net.inet.ip.portfirst integer yes 167.It net.inet.ip.portlast integer yes 168.It net.inet.ip.porthifirst integer yes 169.It net.inet.ip.porthilast integer yes 170.It net.inet.ip.maxqueue integer yes 171.It net.inet.ip.encdebug integer yes 172.It net.inet.ip.ipsec-pfs integer yes 173.It net.inet.ip.ipsec-soft-allocs integer yes 174.It net.inet.ip.ipsec-allocs integer yes 175.It net.inet.ip.ipsec-soft-bytes integer yes 176.It net.inet.ip.ipsec-bytes integer yes 177.It net.inet.ip.ipsec-timeout integer yes 178.It net.inet.ip.ipsec-soft-timeout integer yes 179.It net.inet.ip.ipsec-soft-firstuse integer yes 180.It net.inet.ip.ipsec-firstuse integer yes 181.It net.inet.ip.ipsec-enc-alg string yes 182.It net.inet.ip.ipsec-auth-alg string yes 183.It net.inet.ip.ipsec-comp-alg string yes 184.It net.inet.ip.ipsec-expire-acquire integer yes 185.It net.inet.ip.ipsec-invalid-life integer yes 186.It net.inet.ip.mtudisc integer yes 187.It net.inet.ip.mtudisctimeout integer yes 188.It net.inet.icmp.maskrepl integer yes 189.It net.inet.icmp.bmcastecho integer yes 190.It net.inet.icmp.errppslimit integer yes 191.It net.inet.ipip.allow integer yes 192.It net.inet.etherip.allow integer yes 193.It net.inet.tcp.rfc1323 integer yes 194.It net.inet.tcp.keepinittime integer yes 195.It net.inet.tcp.keepidle integer yes 196.It net.inet.tcp.keepintvl integer yes 197.It net.inet.tcp.slowhz integer no 198.It net.inet.tcp.baddynamic array yes 199.It net.inet.tcp.recvspace integer yes 200.It net.inet.tcp.sendspace integer yes 201.It net.inet.tcp.sack integer yes 202.It net.inet.tcp.mssdflt integer yes 203.It net.inet.tcp.rstppslimit integer yes 204.It net.inet.udp.checksum integer yes 205.It net.inet.udp.baddynamic array yes 206.It net.inet.udp.recvspace integer yes 207.It net.inet.udp.sendspace integer yes 208.It net.inet.esp.enable integer yes 209.It net.inet.ah.enable integer yes 210.It net.inet.ipcomp.enable integer yes 211.It net.inet.gre.allow integer yes 212.It net.inet.mobileip.allow integer yes 213.It net.inet6.ip6.forwarding integer yes 214.It net.inet6.ip6.redirect integer yes 215.It net.inet6.ip6.hlim integer yes 216.It net.inet6.ip6.maxfragpackets integer yes 217.It net.inet6.ip6.accept_rtadv integer yes 218.It net.inet6.ip6.keepfaith integer yes 219.It net.inet6.ip6.log_interval integer yes 220.It net.inet6.ip6.hdrnestlimit integer yes 221.It net.inet6.ip6.dad_count integer yes 222.It net.inet6.ip6.auto_flowlabel integer yes 223.It net.inet6.ip6.defmcasthlim integer yes 224.It net.inet6.ip6.kame_version string no 225.It net.inet6.ip6.use_deprecated integer yes 226.It net.inet6.ip6.rr_prune integer yes 227.It net.inet6.icmp6.rediraccept integer yes 228.It net.inet6.icmp6.redirtimeout integer yes 229.It net.inet6.icmp6.nd6_prune integer yes 230.It net.inet6.icmp6.nd6_delay integer yes 231.It net.inet6.icmp6.nd6_umaxtries integer yes 232.It net.inet6.icmp6.nd6_mmaxtries integer yes 233.It net.inet6.icmp6.nd6_useloopback integer yes 234.It net.inet6.icmp6.nodeinfo integer yes 235.It net.inet6.icmp6.errppslimit integer yes 236.It net.inet6.icmp6.nd6_maxnudhint integer yes 237.It net.inet6.icmp6.mtudisc_hiwat integer yes 238.It net.inet6.icmp6.mtudisc_lowat integer yes 239.It net.inet6.icmp6.nd6_debug integer yes 240.It net.ipx.ipx.checksum integer yes 241.It net.ipx.ipx.forwarding integer yes 242.It net.ipx.ipx.netbios integer yes 243.It net.ipx.ipx.recvspace integer yes 244.It net.ipx.ipx.sendspace integer yes 245.It debug.syncprt integer yes 246.It debug.busyprt integer yes 247.It debug.doclusterread integer yes 248.It debug.doclusterwrite integer yes 249.It debug.doreallocblks integer yes 250.It debug.doasyncfree integer yes 251.It debug.prtrealloc integer yes 252.It hw.machine string no 253.It hw.model string no 254.It hw.ncpu integer no 255.It hw.byteorder integer no 256.It hw.physmem integer no 257.It hw.usermem integer no 258.It hw.pagesize integer no 259.It hw.diskstats struct no 260.It hw.disknames string no 261.It hw.diskcount integer no 262.It machdep.console_device dev_t no 263.It machdep.unaligned_print integer yes (alpha only) 264.It machdep.unaligned_fix integer yes (alpha only) 265.It machdep.unaligned_sigbus integer yes (alpha only) 266.It machdep.apmwarn integer yes (i386 only) 267.It machdep.apmhalt integer yes (i386 only) 268.It machdep.kbdreset integer yes (i386 only) 269.It machdep.allowaperture integer yes (i386 only, XFree86) 270.It machdep.led_blink integer yes (sparc only) 271.It machdep.vsyncblank integer yes (sparc only) 272.It user.cs_path string no 273.It user.bc_base_max integer no 274.It user.bc_dim_max integer no 275.It user.bc_scale_max integer no 276.It user.bc_string_max integer no 277.It user.coll_weights_max integer no 278.It user.expr_nest_max integer no 279.It user.line_max integer no 280.It user.re_dup_max integer no 281.It user.posix2_version integer no 282.It user.posix2_c_bind integer no 283.It user.posix2_c_dev integer no 284.It user.posix2_char_term integer no 285.It user.posix2_fort_dev integer no 286.It user.posix2_fort_run integer no 287.It user.posix2_localedef integer no 288.It user.posix2_sw_dev integer no 289.It user.posix2_upe integer no 290.It user.stream_max integer no 291.It user.tzname_max integer no 292.It ddb.radix integer yes 293.It ddb.max_width integer yes 294.It ddb.max_line integer yes 295.It ddb.tab_stop_width integer yes 296.It ddb.panic integer yes 297.It ddb.console integer yes 298.It vfs.mounts.* struct no 299.It vfs.ffs.doasyncfree integer yes 300.It vfs.ffs.doclusterread integer yes 301.It vfs.ffs.doclusterwrite integer yes 302.It vfs.ffs.doreallocblks integer yes 303.It vfs.nfs.iothreads integer yes 304.El 305.Pp 306The 307.Nm 308program can get or set debugging variables 309that have been identified for its display. 310This information can be obtained by using the command: 311.Bd -literal -offset indent 312sysctl debug 313.Ed 314In addition, 315.Nm 316can extract information about the filesystems that have been compiled 317into the running system. 318This information can be obtained by using the command: 319.Bd -literal -offset indent 320sysctl vfs.mounts 321.Ed 322By default, only filesystems that are actively being used are listed. 323Use of the 324.Fl A 325flag lists all the filesystems compiled into the running kernel. 326.Sh EXAMPLES 327For example, to retrieve the maximum number of processes allowed 328in the system, one would use the follow request: 329.Bd -literal -offset indent -compact 330sysctl kern.maxproc 331.Ed 332.Pp 333To set the maximum number of processes allowed 334in the system to 1000, one would use the follow request: 335.Bd -literal -offset indent -compact 336sysctl -w kern.maxproc=1000 337.Ed 338.Pp 339Information about the system clock rate may be obtained with: 340.Bd -literal -offset indent -compact 341sysctl kern.clockrate 342.Ed 343.Pp 344Information about the load average history may be obtained with 345.Bd -literal -offset indent -compact 346sysctl vm.loadavg 347.Ed 348.Pp 349To make the 350.Xr chown 2 351system call use traditional BSD semantics (don't clear setuid/setgid bits), 352one would do the following: 353.Bd -literal -offset indent -compact 354sysctl -w fs.posix.setuid=0 355.Ed 356.Pp 357Set the list of reserved TCP ports that should not be allocated 358by the kernel dynamically. 359This can be used to keep daemons 360from stealing a specific port that another program needs to function. 361List elements may be separated by commas and/or whitespace. 362.Bd -literal -offset indent -compact 363sysctl -w net.inet.tcp.baddynamic=749,750,751,760,761,871 364.Ed 365.Pp 366It is also possible to add or remove ports from the current list. 367.Bd -literal -offset indent -compact 368sysctl -w net.inet.tcp.baddynamic=+748 369sysctl -w net.inet.tcp.baddynamic=-871 370.Ed 371.Pp 372To adjust the number of kernel 373.Nm nfsio 374threads used to service asynchronous 375I/O requests on an NFS client machine use 376.Bd -literal -offset indent -compact 377sysctl -w vfs.nfs.iothreads=4 378.Ed 379.Pp 380The number of 4 is the default, where the 20 is the maximum. 381See 382.Xr nfssvc 2 383and 384.Xr nfsd 8 385for futher discussion. 386.Sh FILES 387.Bl -tag -width <ufs/ffs/ffs_extern.h> -compact 388.It Pa <sys/sysctl.h> 389definitions for top level identifiers, second level kernel and hardware 390identifiers, and user level identifiers 391.It Pa <dev/rndvar.h> 392definitions for 393.Xr random 4 394device's statistics structure 395.It Pa <sys/socket.h> 396definitions for second level network identifiers 397.It Pa <sys/gmon.h> 398definitions for third level profiling identifiers 399.It Pa <uvm/uvm_param.h> 400definitions for second level virtual memory identifiers 401.It Pa <uvm/uvm_swap_encrypt.h> 402definitions for third level virtual memory identifiers 403.It Pa <netinet/in.h> 404definitions for third level IPv4/v6 identifiers and 405fourth level IPv4/v6 identifiers 406.It Pa <netinet/icmp_var.h> 407definitions for fourth level ICMP identifiers 408.It Pa <netinet6/icmp6.h> 409definitions for fourth level ICMPv6 identifiers 410.It Pa <netinet/tcp_var.h> 411definitions for fourth level TCP identifiers 412.It Pa <netinet/udp_var.h> 413definitions for fourth level UDP identifiers 414.It Pa <netipx/ipx_var.h> 415definitions for third level IPX identifiers and 416fourth level IPX identifiers 417.It Pa <ddb/db_var.h> 418definitions for second level ddb identifiers 419.It Pa <sys/mount.h> 420definitions for second level vfs identifiers 421.It Pa <nfs/nfs.h> 422definitions for third level NFS identifiers 423.It Pa <ufs/ffs/ffs_extern.h> 424definitions for third level FFS identifiers 425.El 426.Sh SEE ALSO 427.Xr sysctl 3 , 428.Xr sysctl.conf 5 429.Sh HISTORY 430.Nm sysctl 431first appeared in 432.Bx 4.4 . 433