1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
|
.\" $OpenBSD: sysctl.8,v 1.43 2000/01/21 02:53:06 angelos Exp $
.\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $
.\"
.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95
.\"
.Dd May 9, 1995
.Dt SYSCTL 8
.Os
.Sh NAME
.Nm sysctl
.Nd get or set kernel state
.Sh SYNOPSIS
.Nm sysctl
.Op Fl n
.Ar name ...
.Nm sysctl
.Op Fl n
.Fl w
.Ar name=value ...
.Nm sysctl
.Op Fl n
.Fl aA
.Sh DESCRIPTION
The
.Nm sysctl
utility retrieves kernel state and allows processes with
appropriate privilege to set kernel state.
The state to be retrieved or set is described using a
``Management Information Base'' (``MIB'') style name,
described as a dotted set of components.
The
.Fl a
flag can be used to list all the currently available string or integer values.
The
.Fl A
flag will list all the known MIB names including tables.
Those with string or integer values will be printed as with the
.Fl a
flag; for the table values,
the name of the utility to retrieve them is given.
.Pp
The
.Fl n
flag specifies that the printing of the field name should be
suppressed and that only its value should be output.
This flag is useful for setting shell variables.
For example, to save the pagesize in variable psize, use:
.Bd -literal -offset indent -compact
set psize=`sysctl -n hw.pagesize`
.Ed
.Pp
If just a MIB style name is given,
the corresponding value is retrieved.
If a value is to be set, the
.Fl w
flag must be specified and the MIB name followed
by an equal sign and the new value to be used.
.Pp
The information available from
.Nm sysctl
consists of integers, strings, and tables.
The tabular information can only be retrieved by special
purpose programs such as
.Nm ps ,
.Nm systat ,
and
.Nm netstat .
The string and integer information is summarized below.
For a detailed description of these variable see
.Xr sysctl 3 .
The changeable column indicates whether a process with appropriate
privilege can change the value.
.Bl -column net.inet.ip.forwardingxxxxxx integerxxx
.It Sy Name Type Changeable
.It kern.ostype string no
.It kern.osrelease string no
.It kern.osrevision integer no
.It kern.osversion string no
.It kern.version string no
.It kern.maxvnodes integer yes
.It kern.maxproc integer yes
.It kern.maxfiles integer yes
.It kern.maxpartitions integer no
.It kern.rawpartition integer no
.It kern.argmax integer no
.It kern.securelevel integer raise only
.It kern.hostname string yes
.It kern.domainname string yes
.It kern.hostid u_int yes
.It kern.clockrate struct no
.It kern.posix1version integer no
.It kern.ngroups integer no
.It kern.job_control integer no
.It kern.saved_ids integer no
.It kern.link_max integer no
.It kern.max_canon integer no
.It kern.max_input integer no
.It kern.name_max integer no
.It kern.path_max integer no
.It kern.pipe_buf integer no
.It kern.chown_restricted integer no
.It kern.no_trunc integer no
.It kern.boottime struct no
.It kern.somaxconn integer yes
.It kern.sominconn integer yes
.It kern.usermount integer yes
.It kern.random struct no
.It kern.nosuidcoredump integer yes
.It kern.fsync integer no
.It kern.sysvmsg integer no
.It kern.sysvsem integer no
.It kern.sysvshm integer no
.It kern.arandom u_int no
.It vm.loadavg struct no
.It vm.psstrings struct no
.It vm.swapencrypt integer yes
.It fs.posix.setuid integer yes
.It net.inet.ip.forwarding integer yes
.It net.inet.ip.redirect integer yes
.It net.inet.ip.ttl integer yes
.\" .It net.inet.ip.mtu integer yes
.It net.inet.ip.sourceroute integer yes
.It net.inet.ip.directed-broadcast integer yes
.It net.inet.ip.portfirst integer yes
.It net.inet.ip.portlast integer yes
.It net.inet.ip.porthifirst integer yes
.It net.inet.ip.porthilast integer yes
.It net.inet.ip.maxqueue integer yes
.It net.inet.ip.encdebug integer yes
.It net.inet.ip.ipsec-acl integer yes
.It net.inet.ip.ipsec-pfs integer yes
.It net.inet.ip.ipsec-soft-allocs integer yes
.It net.inet.ip.ipsec-allocs integer yes
.It net.inet.ip.ipsec-soft-bytes integer yes
.It net.inet.ip.ipsec-bytes integer yes
.It net.inet.ip.ipsec-timeout integer yes
.It net.inet.ip.ipsec-soft-timeout integer yes
.It net.inet.ip.ipsec-soft-firstuse integer yes
.It net.inet.ip.ipsec-firstuse integer yes
.It net.inet.ip.ipsec-enc-alg string yes
.It net.inet.ip.ipsec-auth-alg string yes
.It net.inet.ip.ipsec-invalid-life integer yes
.It net.inet.icmp.maskrepl integer yes
.It net.inet.icmp.bmcastecho integer yes
.It net.inet.ipip.allow integer yes
.It net.inet.etherip.allow integer yes
.It net.inet.tcp.rfc1323 integer yes
.It net.inet.tcp.keepinittime integer yes
.It net.inet.tcp.keepidle integer yes
.It net.inet.tcp.keepintvl integer yes
.It net.inet.tcp.slowhz integer no
.It net.inet.tcp.baddynamic array yes
.It net.inet.tcp.sack integer yes
.It net.inet.tcp.mssdflt integer yes
.It net.inet.udp.checksum integer yes
.It net.inet.udp.baddynamic array yes
.It net.inet.esp.enable integer yes
.It net.inet.ah.enable integer yes
.It net.inet.gre.allow integer yes
.It net.inet.mobileip.allow integer yes
.It net.inet6.ipip.allow integer yes
.It net.inet6.ip6.forwarding integer yes
.It net.inet6.ip6.redirect integer yes
.It net.inet6.ip6.hlim integer yes
.It net.inet6.ip6.maxfragpackets integer yes
.It net.inet6.ip6.accept_rtadv integer yes
.It net.inet6.ip6.keepfaith integer yes
.It net.inet6.ip6.log_interval integer yes
.It net.inet6.ip6.hdrnestlimit integer yes
.It net.inet6.ip6.dad_count integer yes
.It net.inet6.ip6.auto_flowlabel integer yes
.It net.inet6.ip6.defmcasthlim integer yes
.It net.inet6.ip6.gifhlim integer yes
.It net.inet6.ip6.kame_version string no
.It net.inet6.ip6.use_deprecated integer yes
.It net.inet6.ip6.rr_prune integer yes
.It net.inet6.icmp6.rediraccept integer yes
.It net.inet6.icmp6.redirtimeout integer yes
.It net.inet6.icmp6.errratelimit integer yes
.It net.inet6.icmp6.nd6_prune integer yes
.It net.inet6.icmp6.nd6_delay integer yes
.It net.inet6.icmp6.nd6_umaxtries integer yes
.It net.inet6.icmp6.nd6_mmaxtries integer yes
.It net.inet6.icmp6.nd6_useloopback integer yes
.It net.inet6.icmp6.nd6_proxyall integer yes
.It net.inet6.icmp6.nodeinfo integer yes
.It net.ipx.ipx.checksum integer yes
.It net.ipx.ipx.forwarding integer yes
.It net.ipx.ipx.netbios integer yes
.It net.ipx.ipx.recvspace integer yes
.It net.ipx.ipx.sendspace integer yes
.It debug.syncprt integer yes
.It debug.busyprt integer yes
.It debug.doclusterread integer yes
.It debug.doclusterwrite integer yes
.It debug.doreallocblks integer yes
.It debug.doasyncfree integer yes
.It debug.prtrealloc integer yes
.It hw.machine string no
.It hw.model string no
.It hw.ncpu integer no
.It hw.byteorder integer no
.It hw.physmem integer no
.It hw.usermem integer no
.It hw.pagesize integer no
.It machdep.console_device dev_t no
.It machdep.apmwarn integer yes (i386 only)
.It machdep.kbdreset integer yes (i386 only)
.It machdep.allowaperture integer yes (i386 only, XFree86)
.It user.cs_path string no
.It user.bc_base_max integer no
.It user.bc_dim_max integer no
.It user.bc_scale_max integer no
.It user.bc_string_max integer no
.It user.coll_weights_max integer no
.It user.expr_nest_max integer no
.It user.line_max integer no
.It user.re_dup_max integer no
.It user.posix2_version integer no
.It user.posix2_c_bind integer no
.It user.posix2_c_dev integer no
.It user.posix2_char_term integer no
.It user.posix2_fort_dev integer no
.It user.posix2_fort_run integer no
.It user.posix2_localedef integer no
.It user.posix2_sw_dev integer no
.It user.posix2_upe integer no
.It user.stream_max integer no
.It user.tzname_max integer no
.It ddb.radix integer yes
.It ddb.max_width integer yes
.It ddb.max_line integer yes
.It ddb.tab_stop_width integer yes
.It ddb.panic integer yes
.It ddb.console integer yes
.El
.Pp
The
.Nm sysctl
program can get or set debugging variables
that have been identified for its display.
This information can be obtained by using the command:
.Bd -literal -offset indent
sysctl debug
.Ed
In addition,
.Nm sysctl
can extract information about the filesystems that have been compiled
into the running system.
This information can be obtained by using the command:
.Bd -literal -offset indent
sysctl vfs
.Ed
By default, only filesystems that are actively being used are listed.
Use of the
.Fl A
flag lists all the filesystems compiled into the running kernel.
.Sh EXAMPLES
For example, to retrieve the maximum number of processes allowed
in the system, one would use the follow request:
.Bd -literal -offset indent -compact
sysctl kern.maxproc
.Ed
.Pp
To set the maximum number of processes allowed
in the system to 1000, one would use the follow request:
.Bd -literal -offset indent -compact
sysctl -w kern.maxproc=1000
.Ed
.Pp
Information about the system clock rate may be obtained with:
.Bd -literal -offset indent -compact
sysctl kern.clockrate
.Ed
.Pp
Information about the load average history may be obtained with
.Bd -literal -offset indent -compact
sysctl vm.loadavg
.Ed
.Pp
To make the
.Xr chown 2
system call use traditional BSD semantics (don't clear setuid/setgid bits),
one would do the following:
.Bd -literal -offset indent -compact
sysctl -w fs.posix.setuid=0
.Ed
.Pp
Set the list of reserved TCP ports that should not be allocated
by the kernel dynamically. This can be used to keep daemons
from stealing a specific port that another program needs to function.
List elements may be separated by commas and/or whitespace.
.Bd -literal -offset indent -compact
sysctl -w net.inet.tcp.baddynamic=749,750,751,760,761,871
.Ed
.Pp
It is also possible to add or remove ports from the current list.
.Bd -literal -offset indent -compact
sysctl -w net.inet.tcp.baddynamic=+748
sysctl -w net.inet.tcp.baddynamic=-871
.Ed
.Sh FILES
.Bl -tag -width <netinet/icmpXvar.h> -compact
.It Pa <sys/sysctl.h>
definitions for top level identifiers, second level kernel and hardware
identifiers, and user level identifiers
.It Pa <dev/rndvar.h>
definitions for
.Xr random 4
device's statistics structure
.It Pa <sys/socket.h>
definitions for second level network identifiers
.It Pa <sys/gmon.h>
definitions for third level profiling identifiers
.It Pa <vm/vm_param.h>
definitions for second level virtual memory identifiers
.It Pa <netinet/in.h>
definitions for third level Internet identifiers and
fourth level IP identifiers
.It Pa <netinet/icmp_var.h>
definitions for fourth level ICMP identifiers
.It Pa <netinet/udp_var.h>
definitions for fourth level UDP identifiers
.It Pa <netipx/ipx_var.h>
definitions for third level IPX identifiers and
fourth level IPX identifiers
.It Pa <ddb/db_var.h>
definitions for second level ddb identifiers
.El
.Sh SEE ALSO
.Xr sysctl 3
.Sh HISTORY
.Nm sysctl
first appeared in
.Bx 4.4 .
|