OpenBSD manual page server

Manual Page Search Parameters

SYSCTL(8) System Manager's Manual SYSCTL(8)

sysctlget or set kernel state

sysctl [-Aan]

sysctl [-n] name ...

sysctl [-nq] name=value ...

The sysctl utility retrieves kernel state and allows processes with appropriate privilege to set kernel state. The state to be retrieved or set is described using a “Management Information Base” (MIB) style name, described as a dotted set of components.

When retrieving a variable, a subset of the MIB name may be specified to retrieve a list of variables in that subset. For example, to list all the machdep variables:

$ sysctl machdep

When setting a variable, the MIB name should be followed by an equal sign and the new value.

The options are as follows:

List all the known MIB names including tables. Those with string or integer values will be printed as with the -a flag; for the table values, the name of the utility to retrieve them is given.
List all the currently available string or integer values. This is the default, if no parameters are given to sysctl.
Suppress printing of the field name, only output the field value. Useful for setting shell variables. For example, to set the psize shell variable to the pagesize of the hardware:

# set psize=`sysctl -n hw.pagesize`
Suppress all output when setting a variable. This option overrides the behaviour of -n.
name=value
Attempt to set the specified variable name to value.

The information available from sysctl consists of integers, strings, and tables. The tabular information can only be retrieved by special purpose programs such as ps(1), systat(1), and netstat(1). The string and integer information is summarized below. For a detailed description of these variables, see sysctl(3). The changeable column indicates whether a process with appropriate privilege can change the value.

Note: not all of the variables are relevant to all architectures, and a few require a kernel compiled with non-standard options(4).

kern.ostype string no
kern.osrelease string no
kern.osrevision integer no
kern.version string no
kern.maxvnodes integer yes
kern.maxproc integer yes
kern.maxfiles integer yes
kern.argmax integer no
kern.securelevel integer raise only
kern.hostname string yes
kern.hostid u_int yes
kern.clockrate struct no
kern.posix1version integer no
kern.ngroups integer no
kern.job_control integer no
kern.saved_ids integer no
kern.boottime struct no
kern.domainname string yes
kern.maxpartitions integer no
kern.rawpartition integer no
kern.maxthread integer yes
kern.nthreads integer no
kern.osversion string no
kern.somaxconn integer yes
kern.sominconn integer yes
kern.usermount integer yes
kern.nosuidcoredump integer yes
kern.fsync integer no
kern.sysvmsg integer no
kern.sysvsem integer no
kern.sysvshm integer no
kern.arandom u_int no
kern.msgbufsize integer no
kern.malloc.buckets string no
kern.malloc.bucket.<sz> string no
kern.malloc.kmemnames string no
kern.malloc.kmemstat.<name> string no
kern.cp_time struct no
kern.nchstats struct no
kern.forkstat struct no
kern.nselcoll integer no
kern.tty.tk_nin int64_t no
kern.tty.tk_nout int64_t no
kern.tty.tk_rawcc int64_t no
kern.tty.tk_cancc int64_t no
kern.tty.ttyinfo struct no
kern.ccpu u_int no
kern.fscale integer no
kern.nprocs integer no
kern.stackgap_random integer yes
kern.splassert integer yes
kern.nfiles integer no
kern.ttycount integer no
kern.numvnodes integer no
kern.seminfo.semmni integer yes
kern.seminfo.semmns integer yes
kern.seminfo.semmnu integer yes
kern.seminfo.semmsl integer yes
kern.seminfo.semopm integer yes
kern.seminfo.semume integer no
kern.seminfo.semusz integer no
kern.seminfo.semvmx integer no
kern.seminfo.semaem integer no
kern.shminfo.shmmax integer yes
kern.shminfo.shmmin integer yes
kern.shminfo.shmmni integer yes
kern.shminfo.shmseg integer yes
kern.shminfo.shmall integer yes
kern.watchdog.period integer yes
kern.watchdog.auto integer yes
kern.maxclusters integer yes
kern.timecounter.tick integer no
kern.timecounter.timestepwarnings integer yes
kern.timecounter.hardware string yes
kern.timecounter.choice string no
kern.maxlocksperuid integer yes
kern.bufcachepercent integer yes
kern.wxabort integer yes
kern.consdev string no
kern.global_ptrace integer yes
vm.vmmeter struct no
vm.loadavg struct no
vm.psstrings struct no
vm.uvmexp struct no
vm.swapencrypt.enable integer yes
vm.swapencrypt.keyscreated integer no
vm.swapencrypt.keysdeleted integer no
vm.nkmempages integer no
vm.anonmin integer yes
vm.vtextmin integer yes
vm.vnodemin integer yes
vm.maxslp integer no
vm.uspace integer no
fs.posix.setuid integer yes
net.inet.divert.recvspace integer yes
net.inet.divert.sendspace integer yes
net.inet.ip.forwarding integer yes
net.inet.ip.redirect integer yes
net.inet.ip.ttl integer yes
net.inet.ip.sourceroute integer yes
net.inet.ip.directed-broadcast integer yes
net.inet.ip.portfirst integer yes
net.inet.ip.portlast integer yes
net.inet.ip.porthifirst integer yes
net.inet.ip.porthilast integer yes
net.inet.ip.maxqueue integer yes
net.inet.ip.encdebug integer yes
net.inet.ip.ipsec-expire-acquire integer yes
net.inet.ip.ipsec-invalid-life integer yes
net.inet.ip.ipsec-pfs integer yes
net.inet.ip.ipsec-soft-allocs integer yes
net.inet.ip.ipsec-allocs integer yes
net.inet.ip.ipsec-soft-bytes integer yes
net.inet.ip.ipsec-bytes integer yes
net.inet.ip.ipsec-timeout integer yes
net.inet.ip.ipsec-soft-timeout integer yes
net.inet.ip.ipsec-soft-firstuse integer yes
net.inet.ip.ipsec-firstuse integer yes
net.inet.ip.ipsec-enc-alg string yes
net.inet.ip.ipsec-auth-alg string yes
net.inet.ip.mtudisc integer yes
net.inet.ip.mtudisctimeout integer yes
net.inet.ip.ipsec-comp-alg string yes
net.inet.ip.ifq.len integer no
net.inet.ip.ifq.maxlen integer yes
net.inet.ip.ifq.drops integer no
net.inet.ip.mforwarding integer yes
net.inet.ip.multipath integer yes
net.inet.ip.arptimeout integer yes
net.inet.ip.arpdown integer yes
net.inet.icmp.maskrepl integer yes
net.inet.icmp.bmcastecho integer yes
net.inet.icmp.errppslimit integer yes
net.inet.icmp.rediraccept integer yes
net.inet.icmp.redirtimeout integer yes
net.inet.icmp.tstamprepl integer yes
net.inet.ipip.allow integer yes
net.inet.tcp.rfc1323 integer yes
net.inet.tcp.keepinittime integer yes
net.inet.tcp.keepidle integer yes
net.inet.tcp.keepintvl integer yes
net.inet.tcp.slowhz integer no
net.inet.tcp.baddynamic array yes
net.inet.tcp.sack integer yes
net.inet.tcp.mssdflt integer yes
net.inet.tcp.rstppslimit integer yes
net.inet.tcp.ackonpush integer yes
net.inet.tcp.ecn integer yes
net.inet.tcp.syncachelimit integer yes
net.inet.tcp.synbucketlimit integer yes
net.inet.tcp.rfc3390 integer yes
net.inet.tcp.reasslimit integer yes
net.inet.tcp.sackholelimit integer yes
net.inet.tcp.always_keepalive integer yes
net.inet.tcp.synuselimit integer yes
net.inet.tcp.rootonly array yes
net.inet.tcp.synhashsize integer yes
net.inet.udp.checksum integer yes
net.inet.udp.baddynamic array yes
net.inet.udp.recvspace integer yes
net.inet.udp.sendspace integer yes
net.inet.udp.rootonly array yes
net.inet.gre.allow integer yes
net.inet.gre.wccp integer yes
net.inet.esp.enable integer yes
net.inet.esp.udpencap integer yes
net.inet.esp.udpencap_port integer yes
net.inet.ah.enable integer yes
net.inet.mobileip.allow integer yes
net.inet.etherip.allow integer yes
net.inet.ipcomp.enable integer yes
net.inet.carp.allow integer yes
net.inet.carp.preempt integer yes
net.inet.carp.log integer yes
net.inet6.ip6.forwarding integer yes
net.inet6.ip6.redirect integer yes
net.inet6.ip6.hlim integer yes
net.inet6.ip6.maxfragpackets integer yes
net.inet6.ip6.log_interval integer yes
net.inet6.ip6.hdrnestlimit integer yes
net.inet6.ip6.dad_count integer yes
net.inet6.ip6.auto_flowlabel integer yes
net.inet6.ip6.defmcasthlim integer yes
net.inet6.ip6.use_deprecated integer yes
net.inet6.ip6.maxfrags integer yes
net.inet6.ip6.mforwarding integer yes
net.inet6.ip6.multipath integer yes
net.inet6.ip6.multicast_mtudisc integer yes
net.inet6.ip6.neighborgcthresh integer yes
net.inet6.ip6.maxifprefixes integer yes
net.inet6.ip6.maxifdefrouters integer yes
net.inet6.ip6.maxdynroutes integer yes
net.inet6.ip6.dad_pending integer yes
net.inet6.ip6.mtudisctimeout integer yes
net.inet6.ip6.ifq.len integer no
net.inet6.ip6.ifq.maxlen integer yes
net.inet6.ip6.ifq.drops integer no
net.inet6.icmp6.redirtimeout integer yes
net.inet6.icmp6.nd6_prune integer yes
net.inet6.icmp6.nd6_delay integer yes
net.inet6.icmp6.nd6_umaxtries integer yes
net.inet6.icmp6.nd6_mmaxtries integer yes
net.inet6.icmp6.errppslimit integer yes
net.inet6.icmp6.nd6_maxnudhint integer yes
net.inet6.icmp6.mtudisc_hiwat integer yes
net.inet6.icmp6.mtudisc_lowat integer yes
net.inet6.icmp6.nd6_debug integer yes
net.mpls.ttl integer yes
net.mpls.ifq.len integer no
net.mpls.ifq.maxlen integer yes
net.mpls.ifq.drops integer no
net.mpls.maxloop_inkernel integer yes
net.mpls.mapttl_ip integer yes
net.mpls.mapttl_ip6 integer yes
net.pipex.enable integer yes
net.pipex.inq.len integer no
net.pipex.inq.maxlen integer yes
net.pipex.inq.drops integer no
net.pipex.outq.len integer no
net.pipex.outq.maxlen integer yes
net.pipex.outq.drops=0 integer no
debug.syncprt integer yes
debug.busyprt integer yes
hw.machine string no
hw.model string no
hw.ncpu integer no
hw.byteorder integer no
hw.physmem int64_t no
hw.usermem int64_t no
hw.pagesize integer no
hw.diskstats struct no
hw.disknames string no
hw.diskcount integer no
hw.sensors.<xname>.<type><numt> struct no
hw.cpuspeed integer no
hw.setperf integer yes
hw.vendor string no
hw.product string no
hw.version string no
hw.serialno string no
hw.uuid string no
hw.ncpufound integer no
hw.allowpowerdown integer yes
hw.perfpolicy string yes
machdep.console_device dev_t no
machdep.unaligned_print integer yes
machdep.unaligned_fix integer yes
machdep.unaligned_sigbus integer yes
machdep.apmwarn integer yes
machdep.apmhalt integer yes
machdep.kbdreset integer yes
machdep.osfxsr integer no
machdep.sse integer no
machdep.sse2 integer no
machdep.xcrypt integer no
machdep.allowaperture integer yes
machdep.led_blink integer yes
machdep.ceccerrs integer no
machdep.cecclast quad no
ddb.radix integer yes
ddb.max_width integer yes
ddb.max_line integer yes
ddb.tab_stop_width integer yes
ddb.panic integer yes
ddb.console integer yes
ddb.log integer yes
ddb.trigger integer yes
vfs.mounts.* struct no
vfs.ffs.max_softdeps integer yes
vfs.ffs.sd_tickdelay integer yes
vfs.ffs.sd_worklist_push integer no
vfs.ffs.sd_blk_limit_push integer no
vfs.ffs.sd_ino_limit_push integer no
vfs.ffs.sd_blk_limit_hit integer no
vfs.ffs.sd_ino_limit_hit integer no
vfs.ffs.sd_sync_limit_hit integer no
vfs.ffs.sd_indir_blk_ptrs integer no
vfs.ffs.sd_inode_bitmap integer no
vfs.ffs.sd_direct_blk_ptrs integer no
vfs.ffs.sd_dir_entry integer no
vfs.ffs.dirhash_dirsize integer yes
vfs.ffs.dirhash_maxmem integer yes
vfs.ffs.dirhash_mem integer no
vfs.nfs.iothreads integer yes
vfs.fuse.fusefs_open_devices integer no
vfs.fuse.fusefs_fbufs_in integer no
vfs.fuse.fusefs_fbufs_wait integer no
vfs.fuse.fusefs_pool_pages integer no

The sysctl program can extract information about the filesystems that have been compiled into the running system. This information can be obtained by using the command:

$ sysctl vfs.mounts

By default, only filesystems that are actively being used are listed. Use of the -A flag lists all the filesystems compiled into the running kernel.

<sys/sysctl.h>
definitions for top level identifiers and second level kernel and hardware identifiers
<sys/socket.h>
definitions for second level network identifiers
<sys/gmon.h>
definitions for third level profiling identifiers
<uvm/uvm_param.h>
definitions for second level virtual memory identifiers
<uvm/uvm_swap_encrypt.h>
definitions for third level virtual memory identifiers
<netinet/in.h>
definitions for third level IPv4/v6 identifiers and fourth level IPv4/v6 identifiers
<netinet/ip_divert.h>
definitions for fourth level divert identifiers
<netinet/icmp_var.h>
definitions for fourth level ICMP identifiers
<netinet6/icmp6.h>
definitions for fourth level ICMPv6 identifiers
<netinet/tcp_var.h>
definitions for fourth level TCP identifiers
<netinet/udp_var.h>
definitions for fourth level UDP identifiers
<ddb/db_var.h>
definitions for second level ddb identifiers
<sys/mount.h>
definitions for second level vfs identifiers
<nfs/nfs.h>
definitions for third level NFS identifiers
<miscfs/fuse/fusefs.h>
definitions for third level fusefs identifiers
<ufs/ffs/ffs_extern.h>
definitions for third level FFS identifiers
<machine/cpu.h>
definitions for second level CPU identifiers

To retrieve the maximum number of processes allowed in the system:

$ sysctl kern.maxproc

To set the maximum number of processes allowed in the system to 1000:

# sysctl kern.maxproc=1000

To retrieve information about the system clock rate:

$ sysctl kern.clockrate

To retrieve information about the load average history:

$ sysctl vm.loadavg

To make the chown(2) system call use traditional BSD semantics (don't clear setuid/setgid bits):

# sysctl fs.posix.setuid=0

To set the list of reserved TCP ports that should not be allocated by the kernel dynamically:

# sysctl net.inet.tcp.baddynamic=749,750,751,760,761,871
# sysctl net.inet.udp.baddynamic=749,750,751,760,761,871,1024-2048

This can be used to keep daemons from stealing a specific port that another program needs to function. List elements may be separated by commas and/or whitespace; a hyphen may be used to specify a range of ports.

It is also possible to add or remove ports from the current list:

# sysctl net.inet.tcp.baddynamic=+748,6000-6999
# sysctl net.inet.tcp.baddynamic=-871

To set the amount of shared memory available in the system and the maximum number of shared memory segments:

# sysctl kern.shminfo.shmmax=33554432
# sysctl kern.shminfo.shmseg=32

To place core dumps from issetugid(2) programs (in this example bgpd(8)) into a safe place for debugging purposes:

# mkdir -m 700 /var/crash/bgpd
# sysctl kern.nosuidcoredump=3

sysctl(3), options(4), sysctl.conf(5)

sysctl first appeared in 4.4BSD.

July 20, 2016 OpenBSD-6.0