1.\" $OpenBSD: sysctl.8,v 1.67 2001/07/05 08:42:14 jjbg Exp $ 2.\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ 3.\" 4.\" Copyright (c) 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 36.\" 37.Dd May 9, 1995 38.Dt SYSCTL 8 39.Os 40.Sh NAME 41.Nm sysctl 42.Nd get or set kernel state 43.Sh SYNOPSIS 44.Nm sysctl 45.Op Fl n 46.Ar name ... 47.Nm sysctl 48.Op Fl n 49.Fl w 50.Ar name=value ... 51.Nm sysctl 52.Op Fl n 53.Fl aA 54.Sh DESCRIPTION 55The 56.Nm 57utility retrieves kernel state and allows processes with 58appropriate privilege to set kernel state. 59The state to be retrieved or set is described using a 60``Management Information Base'' (``MIB'') style name, 61described as a dotted set of components. 62 63The options are as follows: 64.Bl -tag -width xxx 65.It Fl a 66list all the currently available string or integer values. 67.It Fl A 68list all the known MIB names including tables. 69Those with string or integer values will be printed as with the 70.Fl a 71flag; for the table values, the name of the utility to retrieve them is given. 72.It Fl n 73suppress printing of the field name, only output the field value. 74Useful for setting shell variables. 75For example: 76.Bd -literal -offset indent -compact 77set psize=`sysctl -n hw.pagesize` 78.Ed 79.Pp 80If just a MIB style name is given, 81the corresponding value is retrieved. 82.It Fl w 83required to set a variable. The MIB name should be followed 84by an equal sign and the new value. 85.El 86.Pp 87The information available from 88.Nm 89consists of integers, strings, and tables. 90The tabular information can only be retrieved by special 91purpose programs such as 92.Nm ps , 93.Nm systat , 94and 95.Nm netstat . 96The string and integer information is summarized below. 97For a detailed description of these variable see 98.Xr sysctl 3 . 99The changeable column indicates whether a process with appropriate 100privilege can change the value. 101.Bl -column net.inet.ip.ipsec-expire-acquirexxxx integerxxx 102.It Sy Name Type Changeable 103.It kern.ostype string no 104.It kern.osrelease string no 105.It kern.osrevision integer no 106.It kern.osversion string no 107.It kern.version string no 108.It kern.maxvnodes integer yes 109.It kern.maxproc integer yes 110.It kern.maxfiles integer yes 111.It kern.maxpartitions integer no 112.It kern.rawpartition integer no 113.It kern.argmax integer no 114.It kern.securelevel integer raise only 115.It kern.hostname string yes 116.It kern.domainname string yes 117.It kern.hostid u_int yes 118.It kern.clockrate struct no 119.It kern.posix1version integer no 120.It kern.ngroups integer no 121.It kern.job_control integer no 122.It kern.saved_ids integer no 123.It kern.boottime struct no 124.It kern.ntptime struct no 125.It kern.cp_time struct no 126.It kern.nchstats struct no 127.It kern.forkstat struct no 128.It kern.somaxconn integer yes 129.It kern.sominconn integer yes 130.It kern.usermount integer yes 131.It kern.random struct no 132.It kern.nosuidcoredump integer yes 133.It kern.fsync integer no 134.It kern.sysvmsg integer no 135.It kern.sysvsem integer no 136.It kern.sysvshm integer no 137.It kern.arandom u_int no 138.It kern.msgbufsize integer no 139.It kern.nselcoll integer no 140.It kern.malloc.buckets string no 141.It kern.malloc.bucket.<sz> string no 142.It kern.malloc.kmemnames string no 143.It kern.malloc.kmemstat.<name> string no 144.It kern.tty.tk_nin int64_t no 145.It kern.tty.tk_nout int64_t no 146.It kern.tty.tk_rawcc int64_t no 147.It kern.tty.tk_cancc int64_t no 148.It kern.fscale int no 149.It kern.ccpu u_int no 150.It kern.nprocs int no 151.It vm.loadavg struct no 152.It vm.psstrings struct no 153.It vm.swapencrypt.enable integer yes 154.It vm.swapencrypt.keyscreated integer no 155.It vm.swapencrypt.keysdeleted integer no 156.It vm.uvmexp struct no 157.It vm.vmmeter struct no 158.It fs.posix.setuid integer yes 159.It net.inet.ip.forwarding integer yes 160.It net.inet.ip.redirect integer yes 161.It net.inet.ip.ttl integer yes 162.\" .It net.inet.ip.mtu integer yes 163.It net.inet.ip.sourceroute integer yes 164.It net.inet.ip.directed-broadcast integer yes 165.It net.inet.ip.portfirst integer yes 166.It net.inet.ip.portlast integer yes 167.It net.inet.ip.porthifirst integer yes 168.It net.inet.ip.porthilast integer yes 169.It net.inet.ip.maxqueue integer yes 170.It net.inet.ip.encdebug integer yes 171.It net.inet.ip.ipsec-pfs integer yes 172.It net.inet.ip.ipsec-soft-allocs integer yes 173.It net.inet.ip.ipsec-allocs integer yes 174.It net.inet.ip.ipsec-soft-bytes integer yes 175.It net.inet.ip.ipsec-bytes integer yes 176.It net.inet.ip.ipsec-timeout integer yes 177.It net.inet.ip.ipsec-soft-timeout integer yes 178.It net.inet.ip.ipsec-soft-firstuse integer yes 179.It net.inet.ip.ipsec-firstuse integer yes 180.It net.inet.ip.ipsec-enc-alg string yes 181.It net.inet.ip.ipsec-auth-alg string yes 182.It net.inet.ip.ipsec-comp-alg string yes 183.It net.inet.ip.ipsec-expire-acquire integer yes 184.It net.inet.ip.ipsec-invalid-life integer yes 185.It net.inet.ip.mtudisc integer yes 186.It net.inet.ip.mtudisctimeout integer yes 187.It net.inet.icmp.maskrepl integer yes 188.It net.inet.icmp.bmcastecho integer yes 189.It net.inet.icmp.errppslimit integer yes 190.It net.inet.ipip.allow integer yes 191.It net.inet.etherip.allow integer yes 192.It net.inet.tcp.rfc1323 integer yes 193.It net.inet.tcp.keepinittime integer yes 194.It net.inet.tcp.keepidle integer yes 195.It net.inet.tcp.keepintvl integer yes 196.It net.inet.tcp.slowhz integer no 197.It net.inet.tcp.baddynamic array yes 198.It net.inet.tcp.recvspace integer yes 199.It net.inet.tcp.sendspace integer yes 200.It net.inet.tcp.sack integer yes 201.It net.inet.tcp.mssdflt integer yes 202.It net.inet.tcp.rstppslimit integer yes 203.It net.inet.udp.checksum integer yes 204.It net.inet.udp.baddynamic array yes 205.It net.inet.udp.recvspace integer yes 206.It net.inet.udp.sendspace integer yes 207.It net.inet.esp.enable integer yes 208.It net.inet.ah.enable integer yes 209.It net.inet.ipcomp.enable integer yes 210.It net.inet.gre.allow integer yes 211.It net.inet.mobileip.allow integer yes 212.It net.inet6.ip6.forwarding integer yes 213.It net.inet6.ip6.redirect integer yes 214.It net.inet6.ip6.hlim integer yes 215.It net.inet6.ip6.maxfragpackets integer yes 216.It net.inet6.ip6.accept_rtadv integer yes 217.It net.inet6.ip6.keepfaith integer yes 218.It net.inet6.ip6.log_interval integer yes 219.It net.inet6.ip6.hdrnestlimit integer yes 220.It net.inet6.ip6.dad_count integer yes 221.It net.inet6.ip6.auto_flowlabel integer yes 222.It net.inet6.ip6.defmcasthlim integer yes 223.It net.inet6.ip6.kame_version string no 224.It net.inet6.ip6.use_deprecated integer yes 225.It net.inet6.ip6.rr_prune integer yes 226.It net.inet6.icmp6.rediraccept integer yes 227.It net.inet6.icmp6.redirtimeout integer yes 228.It net.inet6.icmp6.nd6_prune integer yes 229.It net.inet6.icmp6.nd6_delay integer yes 230.It net.inet6.icmp6.nd6_umaxtries integer yes 231.It net.inet6.icmp6.nd6_mmaxtries integer yes 232.It net.inet6.icmp6.nd6_useloopback integer yes 233.It net.inet6.icmp6.nodeinfo integer yes 234.It net.inet6.icmp6.errppslimit integer yes 235.It net.inet6.icmp6.nd6_maxnudhint integer yes 236.It net.inet6.icmp6.mtudisc_hiwat integer yes 237.It net.inet6.icmp6.mtudisc_lowat integer yes 238.It net.inet6.icmp6.nd6_debug integer yes 239.It net.ipx.ipx.checksum integer yes 240.It net.ipx.ipx.forwarding integer yes 241.It net.ipx.ipx.netbios integer yes 242.It net.ipx.ipx.recvspace integer yes 243.It net.ipx.ipx.sendspace integer yes 244.It debug.syncprt integer yes 245.It debug.busyprt integer yes 246.It debug.doclusterread integer yes 247.It debug.doclusterwrite integer yes 248.It debug.doreallocblks integer yes 249.It debug.doasyncfree integer yes 250.It debug.prtrealloc integer yes 251.It hw.machine string no 252.It hw.model string no 253.It hw.ncpu integer no 254.It hw.byteorder integer no 255.It hw.physmem integer no 256.It hw.usermem integer no 257.It hw.pagesize integer no 258.It hw.diskstats struct no 259.It hw.disknames string no 260.It hw.diskcount integer no 261.It machdep.console_device dev_t no 262.It machdep.apmwarn integer yes (i386 only) 263.It machdep.apmhalt integer yes (i386 only) 264.It machdep.kbdreset integer yes (i386 only) 265.It machdep.allowaperture integer yes (i386 only, XFree86) 266.It machdep.led_blink integer yes (sparc only) 267.It machdep.vsyncblank integer yes (sparc only) 268.It user.cs_path string no 269.It user.bc_base_max integer no 270.It user.bc_dim_max integer no 271.It user.bc_scale_max integer no 272.It user.bc_string_max integer no 273.It user.coll_weights_max integer no 274.It user.expr_nest_max integer no 275.It user.line_max integer no 276.It user.re_dup_max integer no 277.It user.posix2_version integer no 278.It user.posix2_c_bind integer no 279.It user.posix2_c_dev integer no 280.It user.posix2_char_term integer no 281.It user.posix2_fort_dev integer no 282.It user.posix2_fort_run integer no 283.It user.posix2_localedef integer no 284.It user.posix2_sw_dev integer no 285.It user.posix2_upe integer no 286.It user.stream_max integer no 287.It user.tzname_max integer no 288.It ddb.radix integer yes 289.It ddb.max_width integer yes 290.It ddb.max_line integer yes 291.It ddb.tab_stop_width integer yes 292.It ddb.panic integer yes 293.It ddb.console integer yes 294.It vfs.mounts.* struct no 295.It vfs.ffs.doasyncfree integer yes 296.It vfs.ffs.doclusterread integer yes 297.It vfs.ffs.doclusterwrite integer yes 298.It vfs.ffs.doreallocblks integer yes 299.It vfs.nfs.iothreads integer yes 300.El 301.Pp 302The 303.Nm 304program can get or set debugging variables 305that have been identified for its display. 306This information can be obtained by using the command: 307.Bd -literal -offset indent 308sysctl debug 309.Ed 310In addition, 311.Nm 312can extract information about the filesystems that have been compiled 313into the running system. 314This information can be obtained by using the command: 315.Bd -literal -offset indent 316sysctl vfs.mounts 317.Ed 318By default, only filesystems that are actively being used are listed. 319Use of the 320.Fl A 321flag lists all the filesystems compiled into the running kernel. 322.Sh EXAMPLES 323For example, to retrieve the maximum number of processes allowed 324in the system, one would use the follow request: 325.Bd -literal -offset indent -compact 326sysctl kern.maxproc 327.Ed 328.Pp 329To set the maximum number of processes allowed 330in the system to 1000, one would use the follow request: 331.Bd -literal -offset indent -compact 332sysctl -w kern.maxproc=1000 333.Ed 334.Pp 335Information about the system clock rate may be obtained with: 336.Bd -literal -offset indent -compact 337sysctl kern.clockrate 338.Ed 339.Pp 340Information about the load average history may be obtained with 341.Bd -literal -offset indent -compact 342sysctl vm.loadavg 343.Ed 344.Pp 345To make the 346.Xr chown 2 347system call use traditional BSD semantics (don't clear setuid/setgid bits), 348one would do the following: 349.Bd -literal -offset indent -compact 350sysctl -w fs.posix.setuid=0 351.Ed 352.Pp 353Set the list of reserved TCP ports that should not be allocated 354by the kernel dynamically. 355This can be used to keep daemons 356from stealing a specific port that another program needs to function. 357List elements may be separated by commas and/or whitespace. 358.Bd -literal -offset indent -compact 359sysctl -w net.inet.tcp.baddynamic=749,750,751,760,761,871 360.Ed 361.Pp 362It is also possible to add or remove ports from the current list. 363.Bd -literal -offset indent -compact 364sysctl -w net.inet.tcp.baddynamic=+748 365sysctl -w net.inet.tcp.baddynamic=-871 366.Ed 367.Pp 368To adjust the number of kernel 369.Nm nfsio 370threads used to service asynchronous 371I/O requests on an NFS client machine use 372.Bd -literal -offset indent -compact 373sysctl -w vfs.nfs.iothreads=4 374.Ed 375.Pp 376The number of 4 is the default, where the 20 is the maximum. 377See 378.Xr nfssvc 2 379and 380.Xr nfsd 8 381for futher discussion. 382.Sh FILES 383.Bl -tag -width <ufs/ffs/ffs_extern.h> -compact 384.It Pa <sys/sysctl.h> 385definitions for top level identifiers, second level kernel and hardware 386identifiers, and user level identifiers 387.It Pa <dev/rndvar.h> 388definitions for 389.Xr random 4 390device's statistics structure 391.It Pa <sys/socket.h> 392definitions for second level network identifiers 393.It Pa <sys/gmon.h> 394definitions for third level profiling identifiers 395.It Pa <vm/vm_param.h> 396definitions for second level virtual memory identifiers 397.It Pa <uvm/uvm_swap_encrypt.h> 398definitions for third level virtual memory identifiers 399.It Pa <netinet/in.h> 400definitions for third level IPv4/v6 identifiers and 401fourth level IPv4/v6 identifiers 402.It Pa <netinet/icmp_var.h> 403definitions for fourth level ICMP identifiers 404.It Pa <netinet6/icmp6.h> 405definitions for fourth level ICMPv6 identifiers 406.It Pa <netinet/tcp_var.h> 407definitions for fourth level TCP identifiers 408.It Pa <netinet/udp_var.h> 409definitions for fourth level UDP identifiers 410.It Pa <netipx/ipx_var.h> 411definitions for third level IPX identifiers and 412fourth level IPX identifiers 413.It Pa <ddb/db_var.h> 414definitions for second level ddb identifiers 415.It Pa <sys/mount.h> 416definitions for second level vfs identifiers 417.It Pa <nfs/nfs.h> 418definitions for third level NFS identifiers 419.It Pa <ufs/ffs/ffs_extern.h> 420definitions for third level FFS identifiers 421.El 422.Sh SEE ALSO 423.Xr sysctl 3 , 424.Xr sysctl.conf 5 425.Sh HISTORY 426.Nm sysctl 427first appeared in 428.Bx 4.4 . 429