1.\" $OpenBSD: sysctl.8,v 1.110 2003/12/02 23:16:29 markus Exp $ 2.\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ 3.\" 4.\" Copyright (c) 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 32.\" 33.Dd December 18, 2002 34.Dt SYSCTL 8 35.Os 36.Sh NAME 37.Nm sysctl 38.Nd get or set kernel state 39.Sh SYNOPSIS 40.Nm sysctl 41.Op Fl n 42.Ar variable ... 43.Nm sysctl 44.Op Fl nq 45.Fl w 46.Ar variable Ns = Ns Ar value ... 47.Nm sysctl 48.Op Fl n 49.Fl Aa 50.Sh DESCRIPTION 51The 52.Nm 53utility retrieves kernel state and allows processes with 54appropriate privilege to set kernel state. 55The state to be retrieved or set is described using a 56.Dq Management Information Base 57.Pq MIB 58style name, described as a dotted set of components. 59.Pp 60The options are as follows: 61.Bl -tag -width xxx 62.It Fl A 63List all the known MIB names including tables. 64Those with string or integer values will be printed as with the 65.Fl a 66flag; for the table values, the name of the utility to retrieve them is given. 67.It Fl a 68List all the currently available string or integer values. 69.It Fl n 70Suppress printing of the field name, only output the field value. 71Useful for setting shell variables. 72For example, to set the psize shell variable to the pagesize of the hardware: 73.Pp 74.Dl # set psize=`sysctl -n hw.pagesize` 75.Pp 76.It Fl q 77Suppress all output when setting a variable. 78This option overrides the behaviour of 79.Fl n . 80.It Fl w 81Required to set a variable. 82The MIB name should be followed by an equal sign and the new value. 83.El 84.Pp 85The information available from 86.Nm 87consists of integers, strings, and tables. 88The tabular information can only be retrieved by special 89purpose programs such as 90.Nm ps , 91.Nm systat , 92and 93.Nm netstat . 94The string and integer information is summarized below. 95For a detailed description of these variable see 96.Xr sysctl 3 . 97The changeable column indicates whether a process with appropriate 98privilege can change the value. 99.Bl -column net.inet.ip.ipsec-expire-acquirexxxx integerxxx 100.It Sy Name Type Changeable 101.It kern.ostype string no 102.It kern.osrelease string no 103.It kern.osrevision integer no 104.It kern.version string no 105.It kern.maxvnodes integer yes 106.It kern.maxproc integer yes 107.It kern.maxfiles integer yes 108.It kern.argmax integer no 109.It kern.securelevel integer raise only 110.It kern.hostname string yes 111.It kern.hostid u_int yes 112.It kern.clockrate struct no 113.It kern.posix1version integer no 114.It kern.ngroups integer no 115.It kern.job_control integer no 116.It kern.saved_ids integer no 117.It kern.boottime struct no 118.It kern.domainname string yes 119.It kern.maxpartitions integer no 120.It kern.rawpartition integer no 121.It kern.osversion string no 122.It kern.somaxconn integer yes 123.It kern.sominconn integer yes 124.It kern.usermount integer yes 125.It kern.random struct no 126.It kern.nosuidcoredump integer yes 127.It kern.fsync integer no 128.It kern.sysvmsg integer no 129.It kern.sysvsem integer no 130.It kern.sysvshm integer no 131.It kern.arandom u_int no 132.It kern.msgbufsize integer no 133.It kern.malloc.buckets string no 134.It kern.malloc.bucket.<sz> string no 135.It kern.malloc.kmemnames string no 136.It kern.malloc.kmemstat.<name> string no 137.It kern.cp_time struct no 138.It kern.nchstats struct no 139.It kern.forkstat struct no 140.It kern.nselcoll integer no 141.It kern.tty.tk_nin int64_t no 142.It kern.tty.tk_nout int64_t no 143.It kern.tty.tk_rawcc int64_t no 144.It kern.tty.tk_cancc int64_t no 145.It kern.ccpu u_int no 146.It kern.fscale integer no 147.It kern.nprocs integer no 148.It kern.stackgap_random integer yes 149.It kern.usercrypto integer yes 150.It kern.cryptodevallowsoft integer yes 151.It kern.splassert integer yes 152.It kern.nfiles integer no 153.It kern.ttycount integer no 154.It kern.numvnodes integer no 155.It kern.userasymcrypto integer yes 156.It kern.seminfo.semmni integer yes 157.It kern.seminfo.semmns integer yes 158.It kern.seminfo.semmnu integer yes 159.It kern.seminfo.semmsl integer yes 160.It kern.seminfo.semopm integer yes 161.It kern.seminfo.semume integer no 162.It kern.seminfo.semusz integer no 163.It kern.seminfo.semvmx integer no 164.It kern.seminfo.semaem integer no 165.It kern.shminfo.shmmax integer yes 166.It kern.shminfo.shmmin integer yes 167.It kern.shminfo.shmmni integer yes 168.It kern.shminfo.shmseg integer yes 169.It kern.shminfo.shmall integer yes 170.It kern.watchdog.period integer yes 171.It kern.watchdog.auto integer yes 172.It kern.emul.nemuls integer no 173.It kern.emul.other integer yes 174.It vm.vmmeter struct no 175.It vm.loadavg struct no 176.It vm.psstrings struct no 177.It vm.uvmexp struct no 178.It vm.swapencrypt.enable integer yes 179.It vm.swapencrypt.keyscreated integer no 180.It vm.swapencrypt.keysdeleted integer no 181.It vm.nkmempages integer no 182.It vm.anonmin integer yes 183.It vm.vtextmin integer yes 184.It vm.vnodemin integer yes 185.It vm.maxslp integer no 186.It vm.uspace integer no 187.It fs.posix.setuid integer yes 188.It net.inet.ip.forwarding integer yes 189.It net.inet.ip.redirect integer yes 190.It net.inet.ip.ttl integer yes 191.\" .It net.inet.ip.mtu integer yes 192.It net.inet.ip.sourceroute integer yes 193.It net.inet.ip.directed-broadcast integer yes 194.It net.inet.ip.portfirst integer yes 195.It net.inet.ip.portlast integer yes 196.It net.inet.ip.porthifirst integer yes 197.It net.inet.ip.porthilast integer yes 198.It net.inet.ip.maxqueue integer yes 199.It net.inet.ip.encdebug integer yes 200.It net.inet.ip.ipsec-expire-acquire integer yes 201.It net.inet.ip.ipsec-invalid-life integer yes 202.It net.inet.ip.ipsec-pfs integer yes 203.It net.inet.ip.ipsec-soft-allocs integer yes 204.It net.inet.ip.ipsec-allocs integer yes 205.It net.inet.ip.ipsec-soft-bytes integer yes 206.It net.inet.ip.ipsec-bytes integer yes 207.It net.inet.ip.ipsec-timeout integer yes 208.It net.inet.ip.ipsec-soft-timeout integer yes 209.It net.inet.ip.ipsec-soft-firstuse integer yes 210.It net.inet.ip.ipsec-firstuse integer yes 211.It net.inet.ip.ipsec-enc-alg string yes 212.It net.inet.ip.ipsec-auth-alg string yes 213.It net.inet.ip.mtudisc integer yes 214.It net.inet.ip.mtudisctimeout integer yes 215.It net.inet.ip.ipsec-comp-alg string yes 216.It net.inet.icmp.maskrepl integer yes 217.It net.inet.icmp.bmcastecho integer yes 218.It net.inet.icmp.errppslimit integer yes 219.It net.inet.icmp.rediraccept integer yes 220.It net.inet.icmp.redirtimeout integer yes 221.It net.inet.icmp.tstamprepl integer yes 222.It net.inet.ipip.allow integer yes 223.It net.inet.tcp.rfc1323 integer yes 224.It net.inet.tcp.keepinittime integer yes 225.It net.inet.tcp.keepidle integer yes 226.It net.inet.tcp.keepintvl integer yes 227.It net.inet.tcp.slowhz integer no 228.It net.inet.tcp.baddynamic array yes 229.It net.inet.tcp.recvspace integer yes 230.It net.inet.tcp.sendspace integer yes 231.It net.inet.tcp.sack integer yes 232.It net.inet.tcp.mssdflt integer yes 233.It net.inet.tcp.rstppslimit integer yes 234.It net.inet.tcp.ackonpush integer yes 235.It net.inet.tcp.ecn integer yes 236.It net.inet.udp.checksum integer yes 237.It net.inet.udp.baddynamic array yes 238.It net.inet.udp.recvspace integer yes 239.It net.inet.udp.sendspace integer yes 240.It net.inet.gre.allow integer yes 241.It net.inet.gre.wccp integer yes 242.It net.inet.esp.enable integer yes 243.It net.inet.esp.udpencap integer yes 244.It net.inet.esp.udpencap_port integer yes 245.It net.inet.ah.enable integer yes 246.It net.inet.mobileip.allow integer yes 247.It net.inet.etherip.allow integer yes 248.It net.inet.ipcomp.enable integer yes 249.It net.inet.carp.allow integer yes 250.It net.inet.carp.preempt integer yes 251.It net.inet.carp.log integer yes 252.It net.inet.carp.arpbalance integer yes 253.It net.inet6.ip6.forwarding integer yes 254.It net.inet6.ip6.redirect integer yes 255.It net.inet6.ip6.hlim integer yes 256.It net.inet6.ip6.maxfragpackets integer yes 257.It net.inet6.ip6.accept_rtadv integer yes 258.It net.inet6.ip6.keepfaith integer yes 259.It net.inet6.ip6.log_interval integer yes 260.It net.inet6.ip6.hdrnestlimit integer yes 261.It net.inet6.ip6.dad_count integer yes 262.It net.inet6.ip6.auto_flowlabel integer yes 263.It net.inet6.ip6.defmcasthlim integer yes 264.It net.inet6.ip6.kame_version string no 265.It net.inet6.ip6.use_deprecated integer yes 266.It net.inet6.ip6.rr_prune integer yes 267.It net.inet6.ip6.v6only integer no 268.It net.inet6.ip6.maxfrags integer yes 269.It net.inet6.icmp6.rediraccept integer yes 270.It net.inet6.icmp6.redirtimeout integer yes 271.It net.inet6.icmp6.nd6_prune integer yes 272.It net.inet6.icmp6.nd6_delay integer yes 273.It net.inet6.icmp6.nd6_umaxtries integer yes 274.It net.inet6.icmp6.nd6_mmaxtries integer yes 275.It net.inet6.icmp6.nd6_useloopback integer yes 276.It net.inet6.icmp6.nodeinfo integer yes 277.It net.inet6.icmp6.errppslimit integer yes 278.It net.inet6.icmp6.nd6_maxnudhint integer yes 279.It net.inet6.icmp6.mtudisc_hiwat integer yes 280.It net.inet6.icmp6.mtudisc_lowat integer yes 281.It net.inet6.icmp6.nd6_debug integer yes 282.It net.ipx.ipx.checksum integer yes 283.It net.ipx.ipx.forwarding integer yes 284.It net.ipx.ipx.netbios integer yes 285.It net.ipx.ipx.recvspace integer yes 286.It net.ipx.ipx.sendspace integer yes 287.It debug.syncprt integer yes 288.It debug.busyprt integer yes 289.It debug.doclusterread integer yes 290.It debug.doclusterwrite integer yes 291.It debug.doreallocblks integer yes 292.It debug.doasyncfree integer yes 293.It debug.prtrealloc integer yes 294.It hw.machine string no 295.It hw.model string no 296.It hw.ncpu integer no 297.It hw.byteorder integer no 298.It hw.physmem integer no 299.It hw.usermem integer no 300.It hw.pagesize integer no 301.It hw.diskstats struct no 302.It hw.disknames string no 303.It hw.diskcount integer no 304.It hw.sensors struct no 305.It machdep.console_device dev_t no 306.It machdep.unaligned_print integer yes (alpha only) 307.It machdep.unaligned_fix integer yes (alpha only) 308.It machdep.unaligned_sigbus integer yes (alpha only) 309.It machdep.apmwarn integer yes (i386 only) 310.It machdep.apmhalt integer yes (i386 only) 311.It machdep.kbdreset integer yes (i386 only) 312.It machdep.userldt integer yes (i386 only) 313.It machdep.allowaperture integer yes (XFree86) 314.It machdep.led_blink integer yes (sparc/sparc64) 315.It machdep.ceccerrs integer no (sparc64) 316.It machdep.cecclast quad no (sparc64) 317.It user.cs_path string no 318.It user.bc_base_max integer no 319.It user.bc_dim_max integer no 320.It user.bc_scale_max integer no 321.It user.bc_string_max integer no 322.It user.coll_weights_max integer no 323.It user.expr_nest_max integer no 324.It user.line_max integer no 325.It user.re_dup_max integer no 326.It user.posix2_version integer no 327.It user.posix2_c_bind integer no 328.It user.posix2_c_dev integer no 329.It user.posix2_char_term integer no 330.It user.posix2_fort_dev integer no 331.It user.posix2_fort_run integer no 332.It user.posix2_localedef integer no 333.It user.posix2_sw_dev integer no 334.It user.posix2_upe integer no 335.It user.stream_max integer no 336.It user.tzname_max integer no 337.It ddb.radix integer yes 338.It ddb.max_width integer yes 339.It ddb.max_line integer yes 340.It ddb.tab_stop_width integer yes 341.It ddb.panic integer yes 342.It ddb.console integer yes 343.It ddb.log integer yes 344.It vfs.mounts.* struct no 345.It vfs.ffs.doclusterread integer yes 346.It vfs.ffs.doclusterwrite integer yes 347.It vfs.ffs.doreallocblks integer yes 348.It vfs.ffs.doasyncfree integer yes 349.It vfs.ffs.max_softdeps integer yes 350.It vfs.ffs.sd_tickdelay integer yes 351.It vfs.ffs.sd_worklist_push integer no 352.It vfs.ffs.sd_blk_limit_push integer no 353.It vfs.ffs.sd_ino_limit_push integer no 354.It vfs.ffs.sd_blk_limit_hit integer no 355.It vfs.ffs.sd_ino_limit_hit integer no 356.It vfs.ffs.sd_sync_limit_hit integer no 357.It vfs.ffs.sd_indir_blk_ptrs integer no 358.It vfs.ffs.sd_inode_bitmap integer no 359.It vfs.ffs.sd_direct_blk_ptrs integer no 360.It vfs.ffs.sd_dir_entry integer no 361.It vfs.nfs.iothreads integer yes 362.El 363.Pp 364The 365.Nm 366program can get or set debugging variables 367that have been identified for its display. 368This information can be obtained by using the command: 369.Pp 370.Dl $ sysctl debug 371.Pp 372In addition, 373.Nm 374can extract information about the filesystems that have been compiled 375into the running system. 376This information can be obtained by using the command: 377.Pp 378.Dl $ sysctl vfs.mounts 379.Pp 380By default, only filesystems that are actively being used are listed. 381Use of the 382.Fl A 383flag lists all the filesystems compiled into the running kernel. 384.Sh FILES 385.Bl -tag -width <uvm/uvm_swap_encrypt.h> -compact 386.It Aq Pa sys/sysctl.h 387definitions for top level identifiers, second level kernel and hardware 388identifiers, and user level identifiers 389.It Aq Pa dev/rndvar.h 390definitions for 391.Xr random 4 392device's statistics structure 393.It Aq Pa sys/socket.h 394definitions for second level network identifiers 395.It Aq Pa sys/gmon.h 396definitions for third level profiling identifiers 397.It Aq Pa uvm/uvm_param.h 398definitions for second level virtual memory identifiers 399.It Aq Pa uvm/uvm_swap_encrypt.h 400definitions for third level virtual memory identifiers 401.It Aq Pa netinet/in.h 402definitions for third level IPv4/v6 identifiers and 403fourth level IPv4/v6 identifiers 404.It Aq Pa netinet/icmp_var.h 405definitions for fourth level ICMP identifiers 406.It Aq Pa netinet6/icmp6.h 407definitions for fourth level ICMPv6 identifiers 408.It Aq Pa netinet/tcp_var.h 409definitions for fourth level TCP identifiers 410.It Aq Pa netinet/udp_var.h 411definitions for fourth level UDP identifiers 412.It Aq Pa netipx/ipx_var.h 413definitions for third level IPX identifiers and 414fourth level IPX identifiers 415.It Aq Pa ddb/db_var.h 416definitions for second level ddb identifiers 417.It Aq Pa sys/mount.h 418definitions for second level vfs identifiers 419.It Aq Pa nfs/nfs.h 420definitions for third level NFS identifiers 421.It Aq Pa ufs/ffs/ffs_extern.h 422definitions for third level FFS identifiers 423.El 424.Sh EXAMPLES 425To retrieve the maximum number of processes allowed 426in the system: 427.Pp 428.Dl $ sysctl kern.maxproc 429.Pp 430To set the maximum number of processes allowed 431in the system to 1000: 432.Pp 433.Dl # sysctl -w kern.maxproc=1000 434.Pp 435To retrieve information about the system clock rate: 436.Pp 437.Dl $ sysctl kern.clockrate 438.Pp 439To retrieve information about the load average history: 440.Pp 441.Dl $ sysctl vm.loadavg 442.Pp 443To make the 444.Xr chown 2 445system call use traditional BSD semantics (don't clear setuid/setgid bits): 446.Pp 447.Dl # sysctl -w fs.posix.setuid=0 448.Pp 449To set the list of reserved TCP ports that should not be allocated 450by the kernel dynamically: 451.Pp 452.Dl # sysctl -w net.inet.tcp.baddynamic=749,750,751,760,761,871 453.Pp 454This can be used to keep daemons 455from stealing a specific port that another program needs to function. 456List elements may be separated by commas and/or whitespace. 457.Pp 458It is also possible to add or remove ports from the current list: 459.Bd -literal -offset indent 460# sysctl -w net.inet.tcp.baddynamic=+748 461# sysctl -w net.inet.tcp.baddynamic=-871 462.Ed 463.Pp 464To adjust the number of kernel 465.Nm nfsio 466threads used to service asynchronous 467I/O requests on an NFS client machine: 468.Pp 469.Dl # sysctl -w vfs.nfs.iothreads=4 470.Pp 471The number of 4 is the default, 20 is the maximum. 472See 473.Xr nfssvc 2 474and 475.Xr nfsd 8 476for further discussion. 477.Pp 478To set the amount of shared memory available in the system and 479the maximum number of shared memory segments: 480.Bd -literal -offset indent 481# sysctl -w kern.shminfo.shmmax=33554432 482# sysctl -w kern.shminfo.shmseg=32 483.Ed 484.Sh SEE ALSO 485.Xr sysctl 3 , 486.Xr sysctl.conf 5 487.Sh HISTORY 488.Nm sysctl 489first appeared in 490.Bx 4.4 . 491