summaryrefslogtreecommitdiff
path: root/sbin/sysctl/sysctl.8
blob: 83345ad65d0891ae56750e7096107bb8c8d03edb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
.\"	$OpenBSD: sysctl.8,v 1.43 2000/01/21 02:53:06 angelos Exp $
.\"	$NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $
.\"
.\" Copyright (c) 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"	@(#)sysctl.8	8.2 (Berkeley) 5/9/95
.\"
.Dd May 9, 1995
.Dt SYSCTL 8
.Os
.Sh NAME
.Nm sysctl
.Nd get or set kernel state
.Sh SYNOPSIS
.Nm sysctl
.Op Fl n
.Ar name ...
.Nm sysctl
.Op Fl n
.Fl w
.Ar name=value ...
.Nm sysctl
.Op Fl n
.Fl aA
.Sh DESCRIPTION
The
.Nm sysctl
utility retrieves kernel state and allows processes with
appropriate privilege to set kernel state.
The state to be retrieved or set is described using a
``Management Information Base'' (``MIB'') style name,
described as a dotted set of components.
The
.Fl a
flag can be used to list all the currently available string or integer values.
The
.Fl A
flag will list all the known MIB names including tables.
Those with string or integer values will be printed as with the
.Fl a
flag; for the table values,
the name of the utility to retrieve them is given.
.Pp
The
.Fl n
flag specifies that the printing of the field name should be
suppressed and that only its value should be output.
This flag is useful for setting shell variables.
For example, to save the pagesize in variable psize, use:
.Bd -literal -offset indent -compact
set psize=`sysctl -n hw.pagesize`
.Ed
.Pp
If just a MIB style name is given,
the corresponding value is retrieved.
If a value is to be set, the
.Fl w
flag must be specified and the MIB name followed
by an equal sign and the new value to be used.
.Pp
The information available from
.Nm sysctl
consists of integers, strings, and tables.
The tabular information can only be retrieved by special
purpose programs such as
.Nm ps ,
.Nm systat ,
and
.Nm netstat .
The string and integer information is summarized below.
For a detailed description of these variable see
.Xr sysctl 3 .
The changeable column indicates whether a process with appropriate
privilege can change the value.
.Bl -column net.inet.ip.forwardingxxxxxx integerxxx
.It Sy Name	Type	Changeable
.It kern.ostype	string	no
.It kern.osrelease	string	no
.It kern.osrevision	integer	no
.It kern.osversion	string	no
.It kern.version	string	no
.It kern.maxvnodes	integer	yes
.It kern.maxproc	integer	yes
.It kern.maxfiles	integer	yes
.It kern.maxpartitions	integer	no
.It kern.rawpartition	integer	no
.It kern.argmax	integer	no
.It kern.securelevel	integer	raise only
.It kern.hostname	string	yes
.It kern.domainname	string	yes
.It kern.hostid	u_int	yes
.It kern.clockrate	struct	no
.It kern.posix1version	integer	no
.It kern.ngroups	integer	no
.It kern.job_control	integer	no
.It kern.saved_ids	integer	no
.It kern.link_max	integer	no
.It kern.max_canon	integer	no
.It kern.max_input	integer	no
.It kern.name_max	integer	no
.It kern.path_max	integer	no
.It kern.pipe_buf	integer	no
.It kern.chown_restricted	integer	no
.It kern.no_trunc	integer	no
.It kern.boottime	struct	no
.It kern.somaxconn	integer	yes
.It kern.sominconn	integer	yes
.It kern.usermount	integer	yes
.It kern.random	struct	no
.It kern.nosuidcoredump	integer	yes
.It kern.fsync	integer	no
.It kern.sysvmsg	integer	no
.It kern.sysvsem	integer	no
.It kern.sysvshm	integer	no
.It kern.arandom	u_int	no
.It vm.loadavg	struct	no
.It vm.psstrings	struct	no
.It vm.swapencrypt	integer	yes
.It fs.posix.setuid	integer	yes
.It net.inet.ip.forwarding	integer	yes
.It net.inet.ip.redirect	integer	yes
.It net.inet.ip.ttl	integer	yes
.\" .It net.inet.ip.mtu	integer	yes
.It net.inet.ip.sourceroute	integer	yes
.It net.inet.ip.directed-broadcast	integer	yes
.It net.inet.ip.portfirst	integer	yes
.It net.inet.ip.portlast	integer	yes
.It net.inet.ip.porthifirst	integer	yes
.It net.inet.ip.porthilast	integer	yes
.It net.inet.ip.maxqueue	integer	yes
.It net.inet.ip.encdebug	integer	yes
.It net.inet.ip.ipsec-acl	integer	yes
.It net.inet.ip.ipsec-pfs	integer	yes
.It net.inet.ip.ipsec-soft-allocs	integer	yes
.It net.inet.ip.ipsec-allocs	integer	yes
.It net.inet.ip.ipsec-soft-bytes	integer	yes
.It net.inet.ip.ipsec-bytes	integer	yes
.It net.inet.ip.ipsec-timeout	integer	yes
.It net.inet.ip.ipsec-soft-timeout	integer	yes
.It net.inet.ip.ipsec-soft-firstuse	integer	yes
.It net.inet.ip.ipsec-firstuse	integer	yes
.It net.inet.ip.ipsec-enc-alg	string	yes
.It net.inet.ip.ipsec-auth-alg	string	yes
.It net.inet.ip.ipsec-invalid-life	integer	yes
.It net.inet.icmp.maskrepl	integer	yes
.It net.inet.icmp.bmcastecho	integer	yes
.It net.inet.ipip.allow	integer	yes
.It net.inet.etherip.allow	integer	yes
.It net.inet.tcp.rfc1323	integer	yes
.It net.inet.tcp.keepinittime	integer	yes
.It net.inet.tcp.keepidle	integer	yes
.It net.inet.tcp.keepintvl	integer	yes
.It net.inet.tcp.slowhz	integer	no
.It net.inet.tcp.baddynamic	array	yes
.It net.inet.tcp.sack	integer	yes
.It net.inet.tcp.mssdflt	integer	yes
.It net.inet.udp.checksum	integer	yes
.It net.inet.udp.baddynamic	array	yes
.It net.inet.esp.enable	integer	yes
.It net.inet.ah.enable	integer	yes
.It net.inet.gre.allow	integer	yes
.It net.inet.mobileip.allow	integer	yes
.It net.inet6.ipip.allow	integer	yes
.It net.inet6.ip6.forwarding	integer	yes
.It net.inet6.ip6.redirect	integer	yes
.It net.inet6.ip6.hlim	integer	yes
.It net.inet6.ip6.maxfragpackets	integer	yes
.It net.inet6.ip6.accept_rtadv	integer	yes
.It net.inet6.ip6.keepfaith	integer	yes
.It net.inet6.ip6.log_interval	integer	yes
.It net.inet6.ip6.hdrnestlimit	integer	yes
.It net.inet6.ip6.dad_count	integer	yes
.It net.inet6.ip6.auto_flowlabel	integer	yes
.It net.inet6.ip6.defmcasthlim	integer	yes
.It net.inet6.ip6.gifhlim	integer	yes
.It net.inet6.ip6.kame_version	string	no
.It net.inet6.ip6.use_deprecated	integer	yes
.It net.inet6.ip6.rr_prune	integer	yes
.It net.inet6.icmp6.rediraccept	integer	yes
.It net.inet6.icmp6.redirtimeout	integer	yes
.It net.inet6.icmp6.errratelimit	integer	yes
.It net.inet6.icmp6.nd6_prune	integer	yes
.It net.inet6.icmp6.nd6_delay	integer	yes
.It net.inet6.icmp6.nd6_umaxtries	integer	yes
.It net.inet6.icmp6.nd6_mmaxtries	integer	yes
.It net.inet6.icmp6.nd6_useloopback	integer	yes
.It net.inet6.icmp6.nd6_proxyall	integer	yes
.It net.inet6.icmp6.nodeinfo	integer	yes
.It net.ipx.ipx.checksum	integer	yes
.It net.ipx.ipx.forwarding	integer	yes
.It net.ipx.ipx.netbios	integer	yes
.It net.ipx.ipx.recvspace	integer	yes
.It net.ipx.ipx.sendspace	integer	yes
.It debug.syncprt	integer	yes
.It debug.busyprt	integer	yes
.It debug.doclusterread	integer	yes
.It debug.doclusterwrite	integer	yes
.It debug.doreallocblks	integer	yes
.It debug.doasyncfree	integer	yes
.It debug.prtrealloc	integer	yes
.It hw.machine	string	no
.It hw.model	string	no
.It hw.ncpu	integer	no
.It hw.byteorder	integer	no
.It hw.physmem	integer	no
.It hw.usermem	integer	no
.It hw.pagesize	integer	no
.It machdep.console_device	dev_t	no
.It machdep.apmwarn	integer	yes (i386 only)
.It machdep.kbdreset	integer	yes (i386 only)
.It machdep.allowaperture	integer	yes (i386 only, XFree86)
.It user.cs_path	string	no
.It user.bc_base_max	integer	no
.It user.bc_dim_max	integer	no
.It user.bc_scale_max	integer	no
.It user.bc_string_max	integer	no
.It user.coll_weights_max	integer	no
.It user.expr_nest_max	integer	no
.It user.line_max	integer	no
.It user.re_dup_max	integer	no
.It user.posix2_version	integer	no
.It user.posix2_c_bind	integer	no
.It user.posix2_c_dev	integer	no
.It user.posix2_char_term	integer	no
.It user.posix2_fort_dev	integer	no
.It user.posix2_fort_run	integer	no
.It user.posix2_localedef	integer	no
.It user.posix2_sw_dev	integer	no
.It user.posix2_upe	integer	no
.It user.stream_max	integer	no
.It user.tzname_max	integer	no
.It ddb.radix	integer	yes
.It ddb.max_width	integer	yes
.It ddb.max_line	integer	yes
.It ddb.tab_stop_width	integer	yes
.It ddb.panic	integer	yes
.It ddb.console	integer	yes
.El
.Pp
The
.Nm sysctl
program can get or set debugging variables
that have been identified for its display.
This information can be obtained by using the command:
.Bd -literal -offset indent
sysctl debug
.Ed
In addition,
.Nm sysctl
can extract information about the filesystems that have been compiled
into the running system.
This information can be obtained by using the command:
.Bd -literal -offset indent
sysctl vfs
.Ed
By default, only filesystems that are actively being used are listed.
Use of the
.Fl A
flag lists all the filesystems compiled into the running kernel.
.Sh EXAMPLES
For example, to retrieve the maximum number of processes allowed
in the system, one would use the follow request:
.Bd -literal -offset indent -compact
sysctl kern.maxproc
.Ed
.Pp
To set the maximum number of processes allowed
in the system to 1000, one would use the follow request:
.Bd -literal -offset indent -compact
sysctl -w kern.maxproc=1000
.Ed
.Pp
Information about the system clock rate may be obtained with:
.Bd -literal -offset indent -compact
sysctl kern.clockrate
.Ed
.Pp
Information about the load average history may be obtained with
.Bd -literal -offset indent -compact
sysctl vm.loadavg
.Ed
.Pp
To make the
.Xr chown 2
system call use traditional BSD semantics (don't clear setuid/setgid bits),
one would do the following:
.Bd -literal -offset indent -compact
sysctl -w fs.posix.setuid=0
.Ed
.Pp
Set the list of reserved TCP ports that should not be allocated
by the kernel dynamically.  This can be used to keep daemons
from stealing a specific port that another program needs to function.
List elements may be separated by commas and/or whitespace.
.Bd -literal -offset indent -compact
sysctl -w net.inet.tcp.baddynamic=749,750,751,760,761,871
.Ed
.Pp
It is also possible to add or remove ports from the current list.
.Bd -literal -offset indent -compact
sysctl -w net.inet.tcp.baddynamic=+748
sysctl -w net.inet.tcp.baddynamic=-871
.Ed
.Sh FILES
.Bl -tag -width <netinet/icmpXvar.h> -compact
.It Pa <sys/sysctl.h>
definitions for top level identifiers, second level kernel and hardware
identifiers, and user level identifiers
.It Pa <dev/rndvar.h>
definitions for
.Xr random 4
device's statistics structure
.It Pa <sys/socket.h>
definitions for second level network identifiers
.It Pa <sys/gmon.h>
definitions for third level profiling identifiers
.It Pa <vm/vm_param.h>
definitions for second level virtual memory identifiers
.It Pa <netinet/in.h>
definitions for third level Internet identifiers and
fourth level IP identifiers
.It Pa <netinet/icmp_var.h>
definitions for fourth level ICMP identifiers
.It Pa <netinet/udp_var.h>
definitions for fourth level UDP identifiers
.It Pa <netipx/ipx_var.h>
definitions for third level IPX identifiers and
fourth level IPX identifiers
.It Pa <ddb/db_var.h>
definitions for second level ddb identifiers
.El
.Sh SEE ALSO
.Xr sysctl 3
.Sh HISTORY
.Nm sysctl
first appeared in
.Bx 4.4 .