.\" $OpenBSD: sysctl.8,v 1.186 2014/12/12 08:42:48 tedu Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 .\" .Dd $Mdocdate: December 12 2014 $ .Dt SYSCTL 8 .Os .Sh NAME .Nm sysctl .Nd get or set kernel state .Sh SYNOPSIS .Nm sysctl .Op Fl Aan .Nm sysctl .Op Fl n .Ar name ... .Nm sysctl .Op Fl nq .Ar name Ns = Ns Ar value ... .Sh DESCRIPTION The .Nm utility retrieves kernel state and allows processes with appropriate privilege to set kernel state. The state to be retrieved or set is described using a .Dq Management Information Base .Pq MIB style name, described as a dotted set of components. .Pp When retrieving a variable, a subset of the MIB name may be specified to retrieve a list of variables in that subset. For example, to list all the machdep variables: .Pp .Dl $ sysctl machdep .Pp When setting a variable, the MIB name should be followed by an equal sign and the new value. .Pp The options are as follows: .Bl -tag -width xxx .It Fl A List all the known MIB names including tables. Those with string or integer values will be printed as with the .Fl a flag; for the table values, the name of the utility to retrieve them is given. .It Fl a List all the currently available string or integer values. This is the default, if no parameters are given to .Nm . .It Fl n Suppress printing of the field name, only output the field value. Useful for setting shell variables. For example, to set the psize shell variable to the pagesize of the hardware: .Pp .Dl # set psize=`sysctl -n hw.pagesize` .It Fl q Suppress all output when setting a variable. This option overrides the behaviour of .Fl n . .It Ar name Ns = Ns Ar value Attempt to set the specified variable .Ar name to .Ar value . .El .Pp The information available from .Nm consists of integers, strings, and tables. The tabular information can only be retrieved by special purpose programs such as .Xr ps 1 , .Xr systat 1 , and .Xr netstat 1 . The string and integer information is summarized below. For a detailed description of these variables, see .Xr sysctl 3 . The changeable column indicates whether a process with appropriate privilege can change the value. .Pp Note: not all of the variables are relevant to all architectures, and a few require a kernel compiled with non-standard .Xr options 4 . .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" .It Sy Name Ta Sy Type Ta Sy Changeable .It kern.ostype string no .It kern.osrelease Ta string Ta no .It kern.osrevision Ta integer Ta no .It kern.version Ta string Ta no .It kern.maxvnodes Ta integer Ta yes .It kern.maxproc Ta integer Ta yes .It kern.maxfiles Ta integer Ta yes .It kern.argmax Ta integer Ta no .It kern.securelevel Ta integer Ta raise only .It kern.hostname Ta string Ta yes .It kern.hostid Ta u_int Ta yes .It kern.clockrate Ta struct Ta no .It kern.posix1version Ta integer Ta no .It kern.ngroups Ta integer Ta no .It kern.job_control Ta integer Ta no .It kern.saved_ids Ta integer Ta no .It kern.boottime Ta struct Ta no .It kern.domainname Ta string Ta yes .It kern.maxpartitions Ta integer Ta no .It kern.rawpartition Ta integer Ta no .It kern.maxthread Ta integer Ta yes .It kern.nthreads Ta integer Ta no .It kern.osversion Ta string Ta no .It kern.somaxconn Ta integer Ta yes .It kern.sominconn Ta integer Ta yes .It kern.usermount Ta integer Ta yes .It kern.random Ta struct Ta no .It kern.nosuidcoredump Ta integer Ta yes .It kern.fsync Ta integer Ta no .It kern.sysvmsg Ta integer Ta no .It kern.sysvsem Ta integer Ta no .It kern.sysvshm Ta integer Ta no .It kern.arandom Ta u_int Ta no .It kern.msgbufsize Ta integer Ta no .It kern.malloc.buckets Ta string Ta no .It kern.malloc.bucket. Ta string Ta no .It kern.malloc.kmemnames Ta string Ta no .It kern.malloc.kmemstat. Ta string Ta no .It kern.cp_time Ta struct Ta no .It kern.nchstats Ta struct Ta no .It kern.forkstat Ta struct Ta no .It kern.nselcoll Ta integer Ta no .It kern.tty.tk_nin Ta int64_t Ta no .It kern.tty.tk_nout Ta int64_t Ta no .It kern.tty.tk_rawcc Ta int64_t Ta no .It kern.tty.tk_cancc Ta int64_t Ta no .It kern.tty.ttyinfo Ta struct Ta no .It kern.tty.maxptys Ta integer Ta yes .It kern.tty.nptys Ta integer Ta no .It kern.ccpu Ta u_int Ta no .It kern.fscale Ta integer Ta no .It kern.nprocs Ta integer Ta no .It kern.stackgap_random Ta integer Ta yes .It kern.splassert Ta integer Ta yes .It kern.nfiles Ta integer Ta no .It kern.ttycount Ta integer Ta no .It kern.numvnodes Ta integer Ta no .It kern.seminfo.semmni Ta integer Ta yes .It kern.seminfo.semmns Ta integer Ta yes .It kern.seminfo.semmnu Ta integer Ta yes .It kern.seminfo.semmsl Ta integer Ta yes .It kern.seminfo.semopm Ta integer Ta yes .It kern.seminfo.semume Ta integer Ta no .It kern.seminfo.semusz Ta integer Ta no .It kern.seminfo.semvmx Ta integer Ta no .It kern.seminfo.semaem Ta integer Ta no .It kern.shminfo.shmmax Ta integer Ta yes .It kern.shminfo.shmmin Ta integer Ta yes .It kern.shminfo.shmmni Ta integer Ta yes .It kern.shminfo.shmseg Ta integer Ta yes .It kern.shminfo.shmall Ta integer Ta yes .It kern.watchdog.period Ta integer Ta yes .It kern.watchdog.auto Ta integer Ta yes .It kern.emul.nemuls Ta integer Ta no .It kern.emul.other Ta integer Ta yes .It kern.maxclusters Ta integer Ta yes .It kern.timecounter.tick Ta integer Ta no .It kern.timecounter.timestepwarnings Ta integer Ta yes .It kern.timecounter.hardware Ta string Ta yes .It kern.timecounter.choice Ta string Ta no .It kern.maxlocksperuid Ta integer Ta yes .It kern.bufcachepercent Ta integer Ta yes .It kern.consdev Ta string Ta no .It kern.global_ptrace Ta integer Ta yes .It vm.vmmeter Ta struct Ta no .It vm.loadavg Ta struct Ta no .It vm.psstrings Ta struct Ta no .It vm.uvmexp Ta struct Ta no .It vm.swapencrypt.enable Ta integer Ta yes .It vm.swapencrypt.keyscreated Ta integer Ta no .It vm.swapencrypt.keysdeleted Ta integer Ta no .It vm.nkmempages Ta integer Ta no .It vm.anonmin Ta integer Ta yes .It vm.vtextmin Ta integer Ta yes .It vm.vnodemin Ta integer Ta yes .It vm.maxslp Ta integer Ta no .It vm.uspace Ta integer Ta no .It fs.posix.setuid Ta integer Ta yes .It net.inet.divert.recvspace Ta integer Ta yes .It net.inet.divert.sendspace Ta integer Ta yes .It net.inet.ip.forwarding Ta integer Ta yes .It net.inet.ip.redirect Ta integer Ta yes .It net.inet.ip.ttl Ta integer Ta yes .\" .It net.inet.ip.mtu Ta integer Ta yes .It net.inet.ip.sourceroute Ta integer Ta yes .It net.inet.ip.directed-broadcast Ta integer Ta yes .It net.inet.ip.portfirst Ta integer Ta yes .It net.inet.ip.portlast Ta integer Ta yes .It net.inet.ip.porthifirst Ta integer Ta yes .It net.inet.ip.porthilast Ta integer Ta yes .It net.inet.ip.maxqueue Ta integer Ta yes .It net.inet.ip.encdebug Ta integer Ta yes .It net.inet.ip.ipsec-expire-acquire Ta integer Ta yes .It net.inet.ip.ipsec-invalid-life Ta integer Ta yes .It net.inet.ip.ipsec-pfs Ta integer Ta yes .It net.inet.ip.ipsec-soft-allocs Ta integer Ta yes .It net.inet.ip.ipsec-allocs Ta integer Ta yes .It net.inet.ip.ipsec-soft-bytes Ta integer Ta yes .It net.inet.ip.ipsec-bytes Ta integer Ta yes .It net.inet.ip.ipsec-timeout Ta integer Ta yes .It net.inet.ip.ipsec-soft-timeout Ta integer Ta yes .It net.inet.ip.ipsec-soft-firstuse Ta integer Ta yes .It net.inet.ip.ipsec-firstuse Ta integer Ta yes .It net.inet.ip.ipsec-enc-alg Ta string Ta yes .It net.inet.ip.ipsec-auth-alg Ta string Ta yes .It net.inet.ip.mtudisc Ta integer Ta yes .It net.inet.ip.mtudisctimeout Ta integer Ta yes .It net.inet.ip.ipsec-comp-alg Ta string Ta yes .It net.inet.ip.ifq.len Ta integer Ta no .It net.inet.ip.ifq.maxlen Ta integer Ta yes .It net.inet.ip.ifq.drops Ta integer Ta no .It net.inet.ip.mforwarding Ta integer Ta yes .It net.inet.ip.multipath Ta integer Ta yes .It net.inet.icmp.maskrepl Ta integer Ta yes .It net.inet.icmp.bmcastecho Ta integer Ta yes .It net.inet.icmp.errppslimit Ta integer Ta yes .It net.inet.icmp.rediraccept Ta integer Ta yes .It net.inet.icmp.redirtimeout Ta integer Ta yes .It net.inet.icmp.tstamprepl Ta integer Ta yes .It net.inet.ipip.allow Ta integer Ta yes .It net.inet.tcp.rfc1323 Ta integer Ta yes .It net.inet.tcp.keepinittime Ta integer Ta yes .It net.inet.tcp.keepidle Ta integer Ta yes .It net.inet.tcp.keepintvl Ta integer Ta yes .It net.inet.tcp.always_keepalive Ta integer Ta yes .It net.inet.tcp.slowhz Ta integer Ta no .It net.inet.tcp.baddynamic Ta array Ta yes .It net.inet.tcp.sack Ta integer Ta yes .It net.inet.tcp.mssdflt Ta integer Ta yes .It net.inet.tcp.rstppslimit Ta integer Ta yes .It net.inet.tcp.ackonpush Ta integer Ta yes .It net.inet.tcp.ecn Ta integer Ta yes .It net.inet.tcp.syncachelimit Ta integer Ta yes .It net.inet.tcp.synbucketlimit Ta integer Ta yes .It net.inet.tcp.rfc3390 Ta integer Ta yes .It net.inet.tcp.reasslimit Ta integer Ta yes .It net.inet.udp.checksum Ta integer Ta yes .It net.inet.udp.baddynamic Ta array Ta yes .It net.inet.udp.recvspace Ta integer Ta yes .It net.inet.udp.sendspace Ta integer Ta yes .It net.inet.gre.allow Ta integer Ta yes .It net.inet.gre.wccp Ta integer Ta yes .It net.inet.esp.enable Ta integer Ta yes .It net.inet.esp.udpencap Ta integer Ta yes .It net.inet.esp.udpencap_port Ta integer Ta yes .It net.inet.ah.enable Ta integer Ta yes .It net.inet.mobileip.allow Ta integer Ta yes .It net.inet.etherip.allow Ta integer Ta yes .It net.inet.ipcomp.enable Ta integer Ta yes .It net.inet.carp.allow Ta integer Ta yes .It net.inet.carp.preempt Ta integer Ta yes .It net.inet.carp.log Ta integer Ta yes .It net.inet6.ip6.forwarding Ta integer Ta yes .It net.inet6.ip6.redirect Ta integer Ta yes .It net.inet6.ip6.hlim Ta integer Ta yes .It net.inet6.ip6.maxfragpackets Ta integer Ta yes .It net.inet6.ip6.log_interval Ta integer Ta yes .It net.inet6.ip6.hdrnestlimit Ta integer Ta yes .It net.inet6.ip6.dad_count Ta integer Ta yes .It net.inet6.ip6.auto_flowlabel Ta integer Ta yes .It net.inet6.ip6.defmcasthlim Ta integer Ta yes .It net.inet6.ip6.use_deprecated Ta integer Ta yes .It net.inet6.ip6.rr_prune Ta integer Ta yes .It net.inet6.ip6.v6only Ta integer Ta no .It net.inet6.ip6.maxfrags Ta integer Ta yes .It net.inet6.ip6.mforwarding Ta integer Ta yes .It net.inet6.ip6.multipath Ta integer Ta yes .It net.inet6.ip6.multicast_mtudisc Ta integer Ta yes .It net.inet6.ip6.neighborgcthresh Ta integer Ta yes .It net.inet6.ip6.maxifprefixes Ta integer Ta yes .It net.inet6.ip6.maxifdefrouters Ta integer Ta yes .It net.inet6.ip6.maxdynroutes Ta integer Ta yes .It net.inet6.ip6.dad_pending Ta integer Ta yes .It net.inet6.ip6.mtudisctimeout Ta integer Ta yes .It net.inet6.icmp6.redirtimeout Ta integer Ta yes .It net.inet6.icmp6.nd6_prune Ta integer Ta yes .It net.inet6.icmp6.nd6_delay Ta integer Ta yes .It net.inet6.icmp6.nd6_umaxtries Ta integer Ta yes .It net.inet6.icmp6.nd6_mmaxtries Ta integer Ta yes .It net.inet6.icmp6.errppslimit Ta integer Ta yes .It net.inet6.icmp6.nd6_maxnudhint Ta integer Ta yes .It net.inet6.icmp6.mtudisc_hiwat Ta integer Ta yes .It net.inet6.icmp6.mtudisc_lowat Ta integer Ta yes .It net.inet6.icmp6.nd6_debug Ta integer Ta yes .It net.mpls.ttl Ta integer Ta yes .It net.mpls.ifq.len Ta integer Ta no .It net.mpls.ifq.maxlen Ta integer Ta yes .It net.mpls.ifq.drops Ta integer Ta no .It net.mpls.maxloop_inkernel Ta integer Ta yes .It net.mpls.mapttl_ip Ta integer Ta yes .It net.mpls.mapttl_ip6 Ta integer Ta yes .It net.pipex.enable Ta integer Ta yes .It net.pipex.inq.len Ta integer Ta no .It net.pipex.inq.maxlen Ta integer Ta yes .It net.pipex.inq.drops Ta integer Ta no .It net.pipex.outq.len Ta integer Ta no .It net.pipex.outq.maxlen Ta integer Ta yes .It net.pipex.outq.drops=0 Ta integer Ta no .It debug.syncprt Ta integer Ta yes .It debug.busyprt Ta integer Ta yes .It debug.doclusterread Ta integer Ta yes .It debug.doclusterwrite Ta integer Ta yes .It debug.doreallocblks Ta integer Ta yes .It debug.doasyncfree Ta integer Ta yes .It debug.prtrealloc Ta integer Ta yes .It hw.machine Ta string Ta no .It hw.model Ta string Ta no .It hw.ncpu Ta integer Ta no .It hw.byteorder Ta integer Ta no .It hw.physmem Ta int64_t Ta no .It hw.usermem Ta int64_t Ta no .It hw.pagesize Ta integer Ta no .It hw.diskstats Ta struct Ta no .It hw.disknames Ta string Ta no .It hw.diskcount Ta integer Ta no .It hw.sensors.. Ta struct Ta no .It hw.cpuspeed Ta integer Ta no .It hw.setperf Ta integer Ta yes .It hw.vendor Ta string Ta no .It hw.product Ta string Ta no .It hw.version Ta string Ta no .It hw.serialno Ta string Ta no .It hw.uuid Ta string Ta no .It hw.ncpufound Ta integer Ta no .It hw.allowpowerdown Ta integer Ta yes .It hw.perfpolicy Ta string Ta yes .It machdep.console_device Ta dev_t Ta no .It machdep.unaligned_print Ta integer Ta yes .It machdep.unaligned_fix Ta integer Ta yes .It machdep.unaligned_sigbus Ta integer Ta yes .It machdep.apmwarn Ta integer Ta yes .It machdep.apmhalt Ta integer Ta yes .It machdep.kbdreset Ta integer Ta yes .It machdep.userldt Ta integer Ta yes .It machdep.osfxsr Ta integer Ta no .It machdep.sse Ta integer Ta no .It machdep.sse2 Ta integer Ta no .It machdep.xcrypt Ta integer Ta no .It machdep.allowaperture Ta integer Ta yes .It machdep.led_blink Ta integer Ta yes .It machdep.ceccerrs Ta integer Ta no .It machdep.cecclast Ta quad Ta no .It ddb.radix Ta integer Ta yes .It ddb.max_width Ta integer Ta yes .It ddb.max_line Ta integer Ta yes .It ddb.tab_stop_width Ta integer Ta yes .It ddb.panic Ta integer Ta yes .It ddb.console Ta integer Ta yes .It ddb.log Ta integer Ta yes .It ddb.trigger Ta integer Ta yes .It vfs.mounts.* Ta struct Ta no .It vfs.ffs.doclusterread Ta integer Ta yes .It vfs.ffs.doclusterwrite Ta integer Ta yes .It vfs.ffs.doreallocblks Ta integer Ta yes .It vfs.ffs.doasyncfree Ta integer Ta yes .It vfs.ffs.max_softdeps Ta integer Ta yes .It vfs.ffs.sd_tickdelay Ta integer Ta yes .It vfs.ffs.sd_worklist_push Ta integer Ta no .It vfs.ffs.sd_blk_limit_push Ta integer Ta no .It vfs.ffs.sd_ino_limit_push Ta integer Ta no .It vfs.ffs.sd_blk_limit_hit Ta integer Ta no .It vfs.ffs.sd_ino_limit_hit Ta integer Ta no .It vfs.ffs.sd_sync_limit_hit Ta integer Ta no .It vfs.ffs.sd_indir_blk_ptrs Ta integer Ta no .It vfs.ffs.sd_inode_bitmap Ta integer Ta no .It vfs.ffs.sd_direct_blk_ptrs Ta integer Ta no .It vfs.ffs.sd_dir_entry Ta integer Ta no .It vfs.ffs.dirhash_dirsize Ta integer Ta yes .It vfs.ffs.dirhash_maxmem Ta integer Ta yes .It vfs.ffs.dirhash_mem Ta integer Ta no .It vfs.nfs.iothreads Ta integer Ta yes .It vfs.fuse.fusefs_open_devices Ta integer Ta no .It vfs.fuse.fusefs_fbufs_in Ta integer Ta no .It vfs.fuse.fusefs_fbufs_wait Ta integer Ta no .It vfs.fuse.fusefs_pool_pages Ta integer Ta no .El .Pp The .Nm program can extract information about the filesystems that have been compiled into the running system. This information can be obtained by using the command: .Pp .Dl $ sysctl vfs.mounts .Pp By default, only filesystems that are actively being used are listed. Use of the .Fl A flag lists all the filesystems compiled into the running kernel. .Sh FILES .Bl -tag -width -compact .It Aq Pa sys/sysctl.h definitions for top level identifiers and second level kernel and hardware identifiers .It Aq Pa dev/rndvar.h definitions for .Xr random 4 device's statistics structure .It Aq Pa sys/socket.h definitions for second level network identifiers .It Aq Pa sys/gmon.h definitions for third level profiling identifiers .It Aq Pa uvm/uvm_param.h definitions for second level virtual memory identifiers .It Aq Pa uvm/uvm_swap_encrypt.h definitions for third level virtual memory identifiers .It Aq Pa netinet/in.h definitions for third level IPv4/v6 identifiers and fourth level IPv4/v6 identifiers .It Aq Pa netinet/ip_divert.h definitions for fourth level divert identifiers .It Aq Pa netinet/icmp_var.h definitions for fourth level ICMP identifiers .It Aq Pa netinet6/icmp6.h definitions for fourth level ICMPv6 identifiers .It Aq Pa netinet/tcp_var.h definitions for fourth level TCP identifiers .It Aq Pa netinet/udp_var.h definitions for fourth level UDP identifiers .It Aq Pa ddb/db_var.h definitions for second level ddb identifiers .It Aq Pa sys/mount.h definitions for second level vfs identifiers .It Aq Pa nfs/nfs.h definitions for third level NFS identifiers .It Aq Pa miscfs/fuse/fusefs.h definitions for third level fusefs identifiers .It Aq Pa ufs/ffs/ffs_extern.h definitions for third level FFS identifiers .It Aq Pa machine/cpu.h definitions for second level CPU identifiers .El .Sh EXAMPLES To retrieve the maximum number of processes allowed in the system: .Pp .Dl $ sysctl kern.maxproc .Pp To set the maximum number of processes allowed in the system to 1000: .Pp .Dl # sysctl kern.maxproc=1000 .Pp To retrieve information about the system clock rate: .Pp .Dl $ sysctl kern.clockrate .Pp To retrieve information about the load average history: .Pp .Dl $ sysctl vm.loadavg .Pp To make the .Xr chown 2 system call use traditional .Bx semantics (don't clear setuid/setgid bits): .Pp .Dl # sysctl fs.posix.setuid=0 .Pp To set the list of reserved TCP ports that should not be allocated by the kernel dynamically: .Pp .Dl # sysctl net.inet.tcp.baddynamic=749,750,751,760,761,871 .Dl # sysctl net.inet.udp.baddynamic=749,750,751,760,761,871,1024-2048 .Pp This can be used to keep daemons from stealing a specific port that another program needs to function. List elements may be separated by commas and/or whitespace; a hyphen may be used to specify a range of ports. .Pp It is also possible to add or remove ports from the current list: .Bd -literal -offset indent # sysctl net.inet.tcp.baddynamic=+748,6000-6999 # sysctl net.inet.tcp.baddynamic=-871 .Ed .Pp To set the amount of shared memory available in the system and the maximum number of shared memory segments: .Bd -literal -offset indent # sysctl kern.shminfo.shmmax=33554432 # sysctl kern.shminfo.shmseg=32 .Ed .Pp To place core dumps from .Xr issetugid 2 programs (in this example .Xr bgpd 8 ) into a safe place for debugging purposes: .Bd -literal -offset indent # mkdir /var/crash/bgpd # chmod 700 /var/crash/bgpd # sysctl kern.nosuidcoredump=3 .Ed .Sh SEE ALSO .Xr sysctl 3 , .Xr options 4 , .Xr sysctl.conf 5 .Sh HISTORY .Nm first appeared in .Bx 4.4 .