Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (NetBSD-2.0)
Apropos / Subsearch:
optional field

SYSCTL(8)                 BSD System Manager's Manual                SYSCTL(8)

     sysctl -- get or set kernel state

     sysctl [-AdeMn] [-r | -x] [name ...]
     sysctl [-nq] [-r | -x] -w name=value ...
     sysctl [-en] [-r | -x] -a
     sysctl [-nq] [-r | -x] -f file

     The sysctl utility retrieves kernel state and allows processes with
     appropriate privilege to set kernel state.  The state to be retrieved or
     set is described using a ``Management Information Base'' (``MIB'') style
     name, described as a dotted set of components.  The '/' character may
     also be used as a separator and a leading separator character is
     accepted.  If name specifies a non-leaf node in the MIB, all the nodes
     underneath name will be printed.

     The following options are available:

     -A      List all the known MIB names including tables, unless any MIB
             arguments or -f file are given.  Those with string or integer
             values will be printed as with the -a flag; for table or struc-
             ture values that sysctl is not able to print, the name of the
             utility to retrieve them is given.  Errors in retrieving or set-
             ting values will be directed to stdout instead of stderr.

     -a      List all the currently available string or integer values.  The
             use of a solitary separator character (either '.' or '/') by
             itself has the same effect.  Any given name arguments are ignored
             if this option is specified.

     -d      Descriptions of each of the nodes selected will be printed
             instead of their values.

     -e      Separate the name and the value of the variable(s) with '='.
             This is useful for producing output which can be fed back to the
             sysctl utility.  This option is ignored if -n is specified or a
             variable is being set.

     -f      Specifies the name of a file to read and process.  Blank lines
             and comments (beginning with '#') are ignored.  Line continua-
             tions with '\' are permitted.  Remaining lines are processed sim-
             ilarly to command line arguments of the form name or name=value.
             The -w flag is implied by -f.  Any name arguments are ignored.

     -M      Makes sysctl print the MIB instead of any of the actual values
             contained in the MIB.  This causes the entire MIB to be printed
             unless specific MIB arguments or -f file are also given.

     -n      Specifies that the printing of the field name should be sup-
             pressed and that only its value should be output.  This flag is
             useful for setting shell variables.  For example, to save the
             pagesize in variable psize, use:
                   set psize=`sysctl -n hw.pagesize`

     -q      Used to indicate that nothing should be printed for writes unless
             an error is detected.

     -r      Raw output form.  Values printed are in their raw binary forms as
             retrieved directly from the kernel.  Some additional nodes that
             sysctl cannot print directly can be retrieved with this flag.
             This option conflicts with the -x option.

     -w      Sets the MIB style name given to the value given.  The MIB style
             name and value must be separated by '=' with no whitespace.  Only
             integral and string values can be set via this method.

     -x      Makes sysctl print the requested value in a hexadecimal represen-
             tation instead of its regular form.  If specified more than once,
             the output for each value resembles that of hexdump(1) when given
             the -C flag.  This option conflicts with the -r option.

     The 'proc' top-level MIB has a special semantic: it represent per-process
     values and as such may differ from one process to another.  The second-
     level name is the pid of the process (in decimal form), or the special
     word 'curproc'.  For variables below 'proc.<pid>.rlimit', the integer
     value may be replaced with the string 'unlimited' if it matches the magic
     value used to disable a limit.

     The information available from sysctl consists of integers, strings, and
     tables.  The tabular information can only be retrieved by special purpose
     programs such as ps, systat, and netstat.  The string and integer infor-
     mation is summarized below.  For a detailed description of these variable
     see sysctl(3).  The changeable column indicates whether a process with
     appropriate privilege can change the value.

     Name                                         Type          Changeable
     ddb.fromconsole                              integer       yes
     ddb.lines                                    integer       yes
     ddb.maxoff                                   integer       yes
     ddb.maxwidth                                 integer       yes
     ddb.onpanic                                  integer       yes
     ddb.radix                                    integer       yes
     ddb.tabstops                                 integer       yes
     hw.alignbytes                                integer       no
     hw.byteorder                                 integer       no
     hw.disknames                                 string        no
     hw.diskstats                                 struct        no
     hw.machine                                   string        no
     hw.machine_arch                              string        no
     hw.model                                     string        no
     hw.ncpu                                      integer       no
     hw.pagesize                                  integer       no
     hw.physmem                                   integer       no
     hw.physmem64                                 quad          no
     hw.usermem                                   integer       no
     hw.usermem64                                 quad          no
     hw.cnmagic                                   string        yes
     kern.argmax                                  integer       no
     kern.autonicetime                            integer       yes
     kern.autoniceval                             integer       yes
     kern.boottime                                struct        no
     kern.ccpu                                    integer       no
     kern.chown_restricted                        integer       no
     kern.clockrate                               struct        no
     kern.consdev                                 integer       no
     kern.cp_time                                 struct        no
     kern.defcorename                             string        yes
     kern.domainname                              string        yes
     kern.drivers                                 struct        no
     kern.forkfsleep                              integer       yes
     kern.fscale                                  integer       no
     kern.fsync                                   integer       no
     kern.hostid                                  integer       yes
     kern.hostname                                string        yes
     kern.iov_max                                 integer       no
     kern.job_control                             integer       no
     kern.labeloffset                             integer       no
     kern.labelsector                             integer       no
     kern.link_max                                integer       no
     kern.login_name_max                          integer       no
     kern.logsigexit                              integer       yes
     kern.max_canon                               integer       no
     kern.max_input                               integer       no
     kern.maxfiles                                integer       yes
     kern.maxpartitions                           integer       no
     kern.maxproc                                 integer       yes
     kern.maxptys                                 integer       yes, special
     kern.maxvnodes                               integer       raise only
     kern.mapped_files                            integer       no
     kern.maxphys                                 integer       no
     kern.memlock                                 integer       no
     kern.memlock_range                           integer       no
     kern.memory_protection                       integer       no
     kern.mbuf.mblowat                            integer       yes
     kern.mbuf.mcllowat                           integer       yes
     kern.mbuf.mclsize                            integer       no
     kern.mbuf.msize                              integer       no
     kern.mbuf.nmbclusters                        integer       raise only
     kern.monotonic_clock                         integer       no
     kern.msgbuf                                  struct        no
     kern.msgbufsize                              integer       no
     kern.name_max                                integer       no
     kern.ngroups                                 integer       no
     kern.no_trunc                                integer       no
     kern.ntptime                                 struct        no
     kern.osrelease                               string        no
     kern.osrevision                              integer       no
     kern.ostype                                  string        no
     kern.path_max                                integer       no
     kern.pipe.maxkvasz                           integer       yes
     kern.pipe.maxloankvasz                       integer       yes
     kern.pipe.maxbigpipes                        integer       yes
     kern.pipe.nbigpipes                          integer       no
     kern.pipe.kvasize                            integer       no
     kern.posix1version                           integer       no
     kern.posix_barriers                          integer       no
     kern.posix_reader_writer_locks               integer       no
     kern.posix_semaphores                        integer       no
     kern.posix_spin_locks                        integer       no
     kern.posix_timers                            integer       no
     kern.posix_threads                           integer       no
     kern.proc2                                   struct        no
     kern.proc_args                               string        yes
     kern.rawpartition                            integer       no
     kern.root_device                             string        no
     kern.root_partition                          integer       no
     kern.rtc_offset                              integer       no
     kern.saved_ids                               integer       no
     kern.sbmax                                   integer       yes
     kern.securelevel                             integer       raise only
     kern.somaxkva                                integer       yes
     kern.synchronized_io                         integer       no
     kern.sysvipc_info                            struct        no
     kern.sysvmsg                                 integer       no
     kern.sysvsem                                 integer       no
     kern.sysvshm                                 integer       no
     kern.timex                                   struct        no
     kern.tkstat.nin                              quad          no
     kern.tkstat.nout                             quad          no
     kern.tkstat.cancc                            quad          no
     kern.tkstat.rawcc                            quad          no
     kern.urnd                                    integer       no
     kern.vdisable                                integer       no
     kern.version                                 string        no
     machdep.console_device                       dev_t         no
     net.bpf.maxbufsize                           integer       yes
     net.inet.icmp.maskrepl                       integer       yes
     net.inet.icmp.errppslimit                    integer       yes
     net.inet.icmp.rediraccept                    integer       yes
     net.inet.icmp.redirtimeout                   integer       yes
     net.inet.ip.allowsrcrt                       integer       yes
     net.inet.ip.anonportmax                      integer       yes
     net.inet.ip.anonportmin                      integer       yes
     net.inet.ip.checkinterface                   integer       yes
     net.inet.ip.directed-broadcast               integer       yes
     net.inet.ip.forwarding                       integer       yes
     net.inet.ip.forwsrcrt                        integer       yes
     net.inet.ip.maxfragpacket                    integer       yes
     net.inet.ip.lowportmax                       integer       yes
     net.inet.ip.lowportmin                       integer       yes
     net.inet.ip.mtudisc                          integer       yes
     net.inet.ip.mtudisctimeout                   integer       yes
     net.inet.ip.redirect                         integer       yes
     net.inet.ip.subnetsarelocal                  integer       yes
     net.inet.ip.ttl                              integer       yes
     net.inet.ipsec.ah_cleartos                   integer       yes
     net.inet.ipsec.ah_net_deflev                 integer       yes
     net.inet.ipsec.ah_offsetmask                 integer       yes
     net.inet.ipsec.ah_trans_deflev               integer       yes
     net.inet.ipsec.def_policy                    integer       yes
     net.inet.ipsec.dfbit                         integer       yes
     net.inet.ipsec.ecn                           integer       yes
     net.inet.ipsec.esp_net_deflev                integer       yes
     net.inet.ipsec.esp_trans_deflev              integer       yes
     net.inet.ipsec.inbound_call_ike              integer       yes
     net.inet.tcp.ack_on_push                     integer       yes
     net.inet.tcp.compat_42                       integer       yes
     net.inet.tcp.cwm                             integer       yes
     net.inet.tcp.cwm_burstsize                   integer       yes
     net.inet.tcp.init_win                        integer       yes
     net.inet.tcp.init_win_local                  integer       yes
     net.inet.tcp.keepcnt                         integer       yes
     net.inet.tcp.keepidle                        integer       yes
     net.inet.tcp.keepintvl                       integer       yes
     net.inet.tcp.log_refused                     integer       yes
     net.inet.tcp.mss_ifmtu                       integer       yes
     net.inet.tcp.mssdflt                         integer       yes
     net.inet.tcp.recvspace                       integer       yes
     net.inet.tcp.rfc1323                         integer       yes
     net.inet.tcp.rstppslimit                     integer       yes
     net.inet.tcp.sack                            integer       yes
     net.inet.tcp.sendspace                       integer       yes
     net.inet.tcp.slowhz                          integer       no
     net.inet.tcp.syn_bucket_limit                integer       yes
     net.inet.tcp.syn_cache_interval              integer       yes
     net.inet.tcp.syn_cache_limit                 integer       yes
     net.inet.tcp.timestamps                      integer       yes
     net.inet.tcp.win_scale                       integer       yes
     net.inet.tcp.ident                           struct        no
     net.inet.udp.checksum                        integer       yes
     net.inet.udp.recvspace                       integer       yes
     net.inet.udp.sendspace                       integer       yes
     net.inet6.icmp6.errppslimit                  integer       yes
     net.inet6.icmp6.mtudisc_hiwat                integer       yes
     net.inet6.icmp6.mtudisc_lowat                integer       yes
     net.inet6.icmp6.nd6_debug                    integer       yes
     net.inet6.icmp6.nd6_delay                    integer       yes
     net.inet6.icmp6.nd6_maxnudhint               integer       yes
     net.inet6.icmp6.nd6_mmaxtries                integer       yes
     net.inet6.icmp6.nd6_prune                    integer       yes
     net.inet6.icmp6.nd6_umaxtries                integer       yes
     net.inet6.icmp6.nd6_useloopback              integer       yes
     net.inet6.icmp6.nodeinfo                     integer       yes
     net.inet6.icmp6.rediraccept                  integer       yes
     net.inet6.icmp6.redirtimeout                 integer       yes
     net.inet6.ip6.accept_rtadv                   integer       yes
     net.inet6.ip6.anonportmax                    integer       yes
     net.inet6.ip6.anonportmin                    integer       yes
     net.inet6.ip6.auto_flowlabel                 integer       yes
     net.inet6.ip6.v6only                         integer       yes
     net.inet6.ip6.dad_count                      integer       yes
     net.inet6.ip6.defmcasthlim                   integer       yes
     net.inet6.ip6.forwarding                     integer       yes
     net.inet6.ip6.gif_hlim                       integer       yes
     net.inet6.ip6.hdrnestlimit                   integer       yes
     net.inet6.ip6.hlim                           integer       yes
     net.inet6.ip6.kame_version                   string        no
     net.inet6.ip6.keepfaith                      integer       yes
     net.inet6.ip6.log_interval                   integer       yes
     net.inet6.ip6.lowportmax                     integer       yes
     net.inet6.ip6.lowportmin                     integer       yes
     net.inet6.ip6.maxfragpackets                 integer       yes
     net.inet6.ip6.maxfrags                       integer       yes
     net.inet6.ip6.redirect                       integer       yes
     net.inet6.ip6.rr_prune                       integer       yes
     net.inet6.ip6.use_deprecated                 integer       yes
     net.inet6.ipsec6.ah_net_deflev               integer       yes
     net.inet6.ipsec6.ah_trans_deflev             integer       yes
     net.inet6.ipsec6.def_policy                  integer       yes
     net.inet6.ipsec6.ecn                         integer       yes
     net.inet6.ipsec6.esp_net_deflev              integer       yes
     net.inet6.ipsec6.esp_trans_deflev            integer       yes
     net.inet6.ipsec6.inbound_call_ike            integer       yes
     net.inet6.udp6.recvspace                     integer       yes
     net.inet6.udp6.sendspace                     integer       yes
     net.key.acq_exp_int                          integer       yes
     net.key.acq_maxtime                          integer       yes
     net.key.ah_keymin                            integer       yes
     net.key.debug                                integer       yes
     net.key.esp_auth                             integer       yes
     net.key.esp_keymin                           integer       yes
     net.key.kill_int                             integer       yes
     net.key.random_int                           integer       yes
     net.key.spi_max_value                        integer       yes
     net.key.spi_min_value                        integer       yes
     net.key.spi_try                              integer       yes
     proc.<pid>.corename                          string        yes
     proc.<pid>.rlimit.coredumpsize.hard          integer       yes
     proc.<pid>.rlimit.coredumpsize.soft          integer       yes
     proc.<pid>.rlimit.cputime.hard               integer       yes
     proc.<pid>.rlimit.cputime.soft               integer       yes
     proc.<pid>.rlimit.datasize.hard              integer       yes
     proc.<pid>.rlimit.datasize.soft              integer       yes
     proc.<pid>.rlimit.filesize.hard              integer       yes
     proc.<pid>.rlimit.filesize.soft              integer       yes
     proc.<pid>.rlimit.maxproc.hard               integer       yes
     proc.<pid>.rlimit.maxproc.soft               integer       yes
     proc.<pid>.rlimit.memorylocked.hard          integer       yes
     proc.<pid>.rlimit.memorylocked.soft          integer       yes
     proc.<pid>.rlimit.memoryuse.hard             integer       yes
     proc.<pid>.rlimit.memoryuse.soft             integer       yes
     proc.<pid>.rlimit.stacksize.hard             integer       yes
     proc.<pid>.rlimit.stacksize.soft             integer       yes
     proc.<pid>.stopexec                          int           yes
     proc.<pid>.stopfork                          int           yes
     user.bc_base_max                             integer       no
     user.bc_dim_max                              integer       no
     user.bc_scale_max                            integer       no
     user.bc_string_max                           integer       no
     user.coll_weights_max                        integer       no
     user.cs_path                                 string        no
     user.expr_nest_max                           integer       no
     user.line_max                                integer       no
     user.posix2_c_bind                           integer       no
     user.posix2_c_dev                            integer       no
     user.posix2_char_term                        integer       no
     user.posix2_fort_dev                         integer       no
     user.posix2_fort_run                         integer       no
     user.posix2_localedef                        integer       no
     user.posix2_sw_dev                           integer       no
     user.posix2_upe                              integer       no
     user.posix2_version                          integer       no
     user.re_dup_max                              integer       no
     vendor.<vendor>.*                            ?             vendor
     vfs.generic.usermount                        integer       yes
     vfs.nfs.iothreads                            integer       yes
     vm.anonmax                                   integer       yes
     vm.anonmin                                   integer       yes
     vm.bufcache                                  integer       yes
     vm.bufmem                                    integer       no
     vm.bufmem_lowater                            integer       yes
     vm.bufmem_hiwater                            integer       yes
     vm.execmax                                   integer       yes
     vm.execmin                                   integer       yes
     vm.filemax                                   integer       yes
     vm.filemin                                   integer       yes
     vm.loadavg                                   struct        no
     vm.nkmempages                                integer       no
     vm.uvmexp                                    struct        no
     vm.uvmexp2                                   struct        no
     vm.vmmeter                                   struct        no

     Entries found under ``vendor.<vendor>'' are left to be specified (and
     used) by vendors using the NetBSD operating system in their products.
     Values and structure are vendor-defined, and no registry exists right

     New nodes are allowed to be created by the superuser when the kernel is
     running at security level 0.  These new nodes may refer to existing ker-
     nel data or to new data that is only instrumented by sysctl(3) itself.

     The syntax for creating new nodes is ``//create=new.node.path'' followed
     by one or more of the following attributes separated by commas.  The use
     of a double separator (both '/' and '.' can be used as separators) as the
     prefix tells sysctl that the first series of tokens is not a MIB name,
     but a command.  It is recommended that the double separator preceding the
     command not be the same as the separator used in naming the MIB entry so
     as to avoid possible parse conflicts.  The ``value'' assigned, if one is
     given, must be last.

     o   type=<T> where T must be one of ``node'', ``int'', ``string'',
         ``quad'', or ``struct''.  If the type is omitted, the ``node'' type
         is assumed.
     o   size=<S> here, S asserts the size of the new node.  Nodes of type
         ``node'' should not have a size set.  The size may be omitted for
         nodes of types ``int'' or ``quad''.  If the size is omitted for a
         node of type ``string'', the size will be determined by the length of
         the given value, or by the kernel for kernel strings.  Nodes of type
         ``struct'' must have their size explicitly set.
     o   addr=<A> or symbol=<A> The kernel address of the data being instru-
         mented.  If ``symbol'' is used, the symbol must be globally visible
         to the in-kernel ksyms(4) driver.
     o   n=<N> The MIB number to be assigned to the new node.  If no number is
         specified, the kernel will assign a value.
     o   flags=<F> A concatenated string of single letters that govern the
         behavior of the node.  Flags currently available are:

         a    Allow anyone to write to the node, if it is writable.

         h    ``Hidden''.  sysctl must be invoked with -A or the hidden node
              must be specifically requested in order to see it

         i    ``Immediate''.  Makes the node store data in itself, rather than
              allocating new space for it.  This is the default for nodes of
              type ``int'' and ``quad''.  This is the opposite of owning data.

         o    ``Own''.  When the node is created, separate space will be allo-
              cated to store the data to be instrumented.  This is the default
              for nodes of type ``string'' and ``struct'' where it is not pos-
              sible to guarantee sufficient space to store the data in the
              node itself.

         p    ``Private''.  Nodes that are marked private, and children of
              nodes so marked, are only viewable by the superuser.  Be aware
              that the immediate data that some nodes may store is not neces-
              sarily protected by this.

         x    ``Hexadecimal''.  Make sysctl default to hexadecimal display of
              the retrieved value

         r    ``Read-only''.  The data instrumented by the given node is read-
              only.  Note that other mechanisms may still exist for changing
              the data.  This is the default for nodes that instrument data.

         w    ``Writable''.  The data instrumented by the given node is
              writable at any time.  This is the default for nodes that can
              have children.

         1    ``Read-only at securelevel 1''.  The data instrumented by this
              node is writable until the securelevel reaches or passes
              securelevel 1.  Examples of this include some network tunables.

         2    ``Read-only at securelevel 2''.  The data instrumented by this
              node is writable until the securelevel reaches or passes
              securelevel 2.  An example of this is the per-process core file-
              name setting.

     o   value=<V> An initial starting value for a new node that does not ref-
         erence existing kernel data.  Initial values can only be assigned for
         nodes of the ``int'', ``quad'', and ``string'' types.

     New nodes must fit the following set of criteria:

     o   If the new node is to address an existing kernel object, only one of
         the ``symbol'' or ``addr'' arguments may be given.
     o   The size for a ``struct'' type node must be specified; no initial
         value is expected or permitted.
     o   Either the size or the initial value for a ``string'' node must be
     o   The node which will be the parent of the new node must be writable.

     If any of the given parameters describes an invalid configuration, sysctl
     will emit a diagnostic message to the standard error and exit.

     Descriptions can be added by the super-user to any node that does not
     have one, provided that the node is not marked with the ``PERMANENT''
     flag.  The syntax is similar to the syntax for creating new nodes with
     the exception of the keyword that follows the double separator at the
     start of the command: ``//describe=new.node.path=new node description''.
     Once a description has been added, it cannot be changed or removed.

     When destroying nodes, only the path to the node is necessary, i.e.,
     ``//destroy=old.node.path''.  No other parameters are expected or permit-
     ted.  Nodes being destroyed must have no children, and their parent must
     be writable.  Nodes that are marked with the ``PERMANENT'' flag (as
     assigned by the kernel) may not be deleted.

     In all cases, the initial '=' that follows the command (eg, ``create'',
     ``destroy'', or ``describe'') may be replaced with another instance of
     the separator character, provided that the same separator character is
     used for the length of the name specification.

     /etc/sysctl.conf       sysctl variables set at boot time
     <sys/sysctl.h>         definitions for top level identifiers, second
                            level kernel and hardware identifiers, and user
                            level identifiers
     <sys/socket.h>         definitions for second level network identifiers
     <sys/gmon.h>           definitions for third level profiling identifiers
     <uvm/uvm_param.h>      definitions for second level virtual memory iden-
     <netinet/in.h>         definitions for third level IPv4/v6 identifiers
                            and fourth level IPv4/v6 identifiers
     <netinet/icmp_var.h>   definitions for fourth level ICMP identifiers
     <netinet/icmp6.h>      definitions for fourth level ICMPv6 identifiers
     <netinet/tcp_var.h>    definitions for fourth level TCP identifiers
     <netinet/udp_var.h>    definitions for fourth level UDP identifiers
     <netinet6/udp6_var.h>  definitions for fourth level IPv6 UDP identifiers
     <netinet6/ipsec.h>     definitions for fourth level IPsec identifiers
     <netkey/key_var.h>     definitions for third level PF_KEY identifiers

     For example, to retrieve the maximum number of processes allowed in the
     system, one would use the following request:
           sysctl kern.maxproc

     To set the maximum number of processes allowed in the system to 1000, one
     would use the following request:
           sysctl -w kern.maxproc=1000

     Information about the system clock rate may be obtained with:
           sysctl kern.clockrate

     Information about the load average history may be obtained with:
           sysctl vm.loadavg

     To view the values of the per-process variables of the current shell, the
           sysctl proc.$$
     can be used if the shell interpreter replaces $$ with its pid (this is
     true for most shells).

     To redirect core dumps to the /var/tmp/<username> directory,
           sysctl -w proc.$$.corename=/var/tmp/%u/%n.core
     should be used.
           sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core
     changes the value for the sysctl process itself, and will not have the
     desired effect.

     To create the root of a new sub-tree called ``local'' add some children
     to the new node, and some descriptions:
           sysctl -w //create=local
           sysctl -w //describe=local=my local sysctl tree
           sysctl -w //create=local.esm_debug,type=int,symbol=esm_debug,flags=w
           sysctl -w //describe=local.esm_debug=esm driver debug knob
           sysctl -w //create=local.audiodebug,type=int,symbol=audiodebug,flags=w
           sysctl -w //describe=local.audiodebug=generic audio debug knob
     Note that the children are made writable so that the two debug settings
     in question can be tuned arbitrarily.

     To destroy that same subtree:
           sysctl -w //destroy=local.esm_debug
           sysctl -w //destroy=local.audiodebug
           sysctl -w //destroy=local

     sysctl(3), ksyms(4)

     sysctl first appeared in 4.4BSD.

BSD                            October 15, 2004                            BSD