SYSCTL(8) OpenBSD System Manager's Manual SYSCTL(8) NAME sysctl - get or set kernel state SYNOPSIS sysctl [-n] variable ... sysctl [-nq] -w variable=value ... sysctl -aA [-n] DESCRIPTION The sysctl utility retrieves kernel state and allows processes with ap- propriate privilege to set kernel state. The state to be retrieved or set is described using a ``Management Information Base'' (MIB) style name, described as a dotted set of components. The options are as follows: -a List all the currently available string or integer values. -A List all the known MIB names including tables. Those with string or integer values will be printed as with the -a flag; for the table values, the name of the utility to retrieve them is given. -n Suppress printing of the field name, only output the field value. Useful for setting shell variables. For example, to set the psize shell variable to the pagesize of the hardware: # set psize=`sysctl -n hw.pagesize` -q Suppress all output when setting a variable. This option overrides the behaviour of -n. -w Required to set a variable. The MIB name should be followed by an equal sign and the new value. The information available from sysctl consists of integers, strings, and tables. The tabular information can only be retrieved by special purpose programs such as ps, systat, and netstat. The string and integer infor- mation is summarized below. For a detailed description of these variable see sysctl(3). The changeable column indicates whether a process with appropriate privilege can change the value. Name Type Changeable kern.ostype string no kern.osrelease string no kern.osrevision integer no kern.version string no kern.maxvnodes integer yes kern.maxproc integer yes kern.maxfiles integer yes kern.argmax integer no kern.securelevel integer raise only kern.hostname string yes kern.hostid u_int yes kern.clockrate struct no kern.posix1version integer no kern.ngroups integer no kern.job_control integer no kern.saved_ids integer no kern.boottime struct no kern.domainname string yes kern.maxpartitions integer no kern.rawpartition integer no kern.osversion string no kern.somaxconn integer yes kern.sominconn integer yes kern.usermount integer yes kern.random struct no kern.nosuidcoredump integer yes kern.fsync integer no kern.sysvmsg integer no kern.sysvsem integer no kern.sysvshm integer no kern.arandom u_int no kern.msgbufsize integer no kern.malloc.buckets string no kern.malloc.bucket.<sz> string no kern.malloc.kmemnames string no kern.malloc.kmemstat.<name> string no kern.cp_time struct no kern.nchstats struct no kern.forkstat struct no kern.nselcoll integer no kern.tty.tk_nin int64_t no kern.tty.tk_nout int64_t no kern.tty.tk_rawcc int64_t no kern.tty.tk_cancc int64_t no kern.ccpu u_int no kern.fscale integer no kern.nprocs integer no kern.stackgap_random integer yes kern.usercrypto integer yes kern.cryptodevallowsoft integer yes kern.splassert integer yes kern.nfiles integer no kern.ttycount integer no kern.numvnodes integer no kern.userasymcrypto integer yes kern.seminfo.semmni integer yes kern.seminfo.semmns integer yes kern.seminfo.semmnu integer yes kern.seminfo.semmsl integer yes kern.seminfo.semopm integer yes kern.seminfo.semume integer no kern.seminfo.semusz integer no kern.seminfo.semvmx integer no kern.seminfo.semaem integer no kern.shminfo.shmmax integer yes kern.shminfo.shmmin integer yes kern.shminfo.shmmni integer yes kern.shminfo.shmseg integer yes kern.shminfo.shmall integer yes kern.watchdog.period integer yes kern.watchdog.auto integer yes kern.emul.nemuls integer no kern.emul.other integer yes vm.vmmeter struct no vm.loadavg struct no vm.psstrings struct no vm.uvmexp struct no vm.swapencrypt.enable integer yes vm.swapencrypt.keyscreated integer no vm.swapencrypt.keysdeleted integer no vm.nkmempages integer no vm.anonmin integer yes vm.vtextmin integer yes vm.vnodemin integer yes vm.maxslp integer no vm.uspace integer no fs.posix.setuid integer yes net.inet.ip.forwarding integer yes net.inet.ip.redirect integer yes net.inet.ip.ttl integer yes net.inet.ip.sourceroute integer yes net.inet.ip.directed-broadcast integer yes net.inet.ip.portfirst integer yes net.inet.ip.portlast integer yes net.inet.ip.porthifirst integer yes net.inet.ip.porthilast integer yes net.inet.ip.maxqueue integer yes net.inet.ip.encdebug integer yes net.inet.ip.ipsec-expire-acquire integer yes net.inet.ip.ipsec-invalid-life integer yes net.inet.ip.ipsec-pfs integer yes net.inet.ip.ipsec-soft-allocs integer yes net.inet.ip.ipsec-allocs integer yes net.inet.ip.ipsec-soft-bytes integer yes net.inet.ip.ipsec-bytes integer yes net.inet.ip.ipsec-timeout integer yes net.inet.ip.ipsec-soft-timeout integer yes net.inet.ip.ipsec-soft-firstuse integer yes net.inet.ip.ipsec-firstuse integer yes net.inet.ip.ipsec-enc-alg string yes net.inet.ip.ipsec-auth-alg string yes net.inet.ip.mtudisc integer yes net.inet.ip.mtudisctimeout integer yes net.inet.ip.ipsec-comp-alg string yes net.inet.icmp.maskrepl integer yes net.inet.icmp.bmcastecho integer yes net.inet.icmp.errppslimit integer yes net.inet.icmp.rediraccept integer yes net.inet.icmp.redirtimeout integer yes net.inet.icmp.tstamprepl integer yes net.inet.ipip.allow integer yes net.inet.tcp.rfc1323 integer yes net.inet.tcp.keepinittime integer yes net.inet.tcp.keepidle integer yes net.inet.tcp.keepintvl integer yes net.inet.tcp.slowhz integer no net.inet.tcp.baddynamic array yes net.inet.tcp.recvspace integer yes net.inet.tcp.sendspace integer yes net.inet.tcp.sack integer yes net.inet.tcp.mssdflt integer yes net.inet.tcp.rstppslimit integer yes net.inet.tcp.ackonpush integer yes net.inet.tcp.ecn integer yes net.inet.udp.checksum integer yes net.inet.udp.baddynamic array yes net.inet.udp.recvspace integer yes net.inet.udp.sendspace integer yes net.inet.gre.allow integer yes net.inet.gre.wccp integer yes net.inet.esp.enable integer yes net.inet.ah.enable integer yes net.inet.mobileip.allow integer yes net.inet.etherip.allow integer yes net.inet.ipcomp.enable integer yes net.inet6.ip6.forwarding integer yes net.inet6.ip6.redirect integer yes net.inet6.ip6.hlim integer yes net.inet6.ip6.maxfragpackets integer yes net.inet6.ip6.accept_rtadv integer yes net.inet6.ip6.keepfaith integer yes net.inet6.ip6.log_interval integer yes net.inet6.ip6.hdrnestlimit integer yes net.inet6.ip6.dad_count integer yes net.inet6.ip6.auto_flowlabel integer yes net.inet6.ip6.defmcasthlim integer yes net.inet6.ip6.kame_version string no net.inet6.ip6.use_deprecated integer yes net.inet6.ip6.rr_prune integer yes net.inet6.ip6.v6only integer no net.inet6.ip6.maxfrags integer yes net.inet6.icmp6.rediraccept integer yes net.inet6.icmp6.redirtimeout integer yes net.inet6.icmp6.nd6_prune integer yes net.inet6.icmp6.nd6_delay integer yes net.inet6.icmp6.nd6_umaxtries integer yes net.inet6.icmp6.nd6_mmaxtries integer yes net.inet6.icmp6.nd6_useloopback integer yes net.inet6.icmp6.nodeinfo integer yes net.inet6.icmp6.errppslimit integer yes net.inet6.icmp6.nd6_maxnudhint integer yes net.inet6.icmp6.mtudisc_hiwat integer yes net.inet6.icmp6.mtudisc_lowat integer yes net.inet6.icmp6.nd6_debug integer yes net.ipx.ipx.checksum integer yes net.ipx.ipx.forwarding integer yes net.ipx.ipx.netbios integer yes net.ipx.ipx.recvspace integer yes net.ipx.ipx.sendspace integer yes debug.syncprt integer yes debug.busyprt integer yes debug.doclusterread integer yes debug.doclusterwrite integer yes debug.doreallocblks integer yes debug.doasyncfree integer yes debug.prtrealloc integer yes hw.machine string no hw.model string no hw.ncpu integer no hw.byteorder integer no hw.physmem integer no hw.usermem integer no hw.pagesize integer no hw.diskstats struct no hw.disknames string no hw.diskcount integer no hw.sensors struct no machdep.console_device dev_t no machdep.unaligned_print integer yes (alpha only) machdep.unaligned_fix integer yes (alpha only) machdep.unaligned_sigbus integer yes (alpha only) machdep.apmwarn integer yes (i386 only) machdep.apmhalt integer yes (i386 only) machdep.kbdreset integer yes (i386 only) machdep.userldt integer yes (i386 only) machdep.allowaperture integer yes (XFree86) machdep.led_blink integer yes (sparc/sparc64) machdep.ceccerrs integer no (sparc64) machdep.cecclast quad no (sparc64) user.cs_path string no user.bc_base_max integer no user.bc_dim_max integer no user.bc_scale_max integer no user.bc_string_max integer no user.coll_weights_max integer no user.expr_nest_max integer no user.line_max integer no user.re_dup_max integer no user.posix2_version integer no user.posix2_c_bind integer no user.posix2_c_dev integer no user.posix2_char_term integer no user.posix2_fort_dev integer no user.posix2_fort_run integer no user.posix2_localedef integer no user.posix2_sw_dev integer no user.posix2_upe integer no user.stream_max integer no user.tzname_max integer no ddb.radix integer yes ddb.max_width integer yes ddb.max_line integer yes ddb.tab_stop_width integer yes ddb.panic integer yes ddb.console integer yes ddb.log integer yes vfs.mounts.* struct no vfs.ffs.doclusterread integer yes vfs.ffs.doclusterwrite integer yes vfs.ffs.doreallocblks integer yes vfs.ffs.doasyncfree integer yes vfs.ffs.max_softdeps integer yes vfs.ffs.sd_tickdelay integer yes vfs.ffs.sd_worklist_push integer no vfs.ffs.sd_blk_limit_push integer no vfs.ffs.sd_ino_limit_push integer no vfs.ffs.sd_blk_limit_hit integer no vfs.ffs.sd_ino_limit_hit integer no vfs.ffs.sd_sync_limit_hit integer no vfs.ffs.sd_indir_blk_ptrs integer no vfs.ffs.sd_inode_bitmap integer no vfs.ffs.sd_direct_blk_ptrs integer no vfs.ffs.sd_dir_entry integer no vfs.nfs.iothreads integer yes The sysctl program can get or set debugging variables that have been identified for its display. This information can be obtained by using the command: $ sysctl debug In addition, sysctl can extract information about the filesystems that have been compiled into the running system. This information can be ob- tained by using the command: $ sysctl vfs.mounts By default, only filesystems that are actively being used are listed. Use of the -A flag lists all the filesystems compiled into the running kernel. FILES <sys/sysctl.h> definitions for top level identifiers, second level kernel and hardware identifiers, and user level identifiers <dev/rndvar.h> definitions for random(4) device's statistics structure <sys/socket.h> definitions for second level network identi- fiers <sys/gmon.h> definitions for third level profiling identi- fiers <uvm/uvm_param.h> definitions for second level virtual memory identifiers <uvm/uvm_swap_encrypt.h> definitions for third level virtual memory identifiers <netinet/in.h> definitions for third level IPv4/v6 identifiers and fourth level IPv4/v6 identifiers <netinet/icmp_var.h> definitions for fourth level ICMP identifiers <netinet6/icmp6.h> definitions for fourth level ICMPv6 identifiers <netinet/tcp_var.h> definitions for fourth level TCP identifiers <netinet/udp_var.h> definitions for fourth level UDP identifiers <netipx/ipx_var.h> definitions for third level IPX identifiers and fourth level IPX identifiers <ddb/db_var.h> definitions for second level ddb identifiers <sys/mount.h> definitions for second level vfs identifiers <nfs/nfs.h> definitions for third level NFS identifiers <ufs/ffs/ffs_extern.h> definitions for third level FFS identifiers EXAMPLES To retrieve the maximum number of processes allowed in the system: $ sysctl kern.maxproc To set the maximum number of processes allowed in the system to 1000: # sysctl -w kern.maxproc=1000 To retrieve information about the system clock rate: $ sysctl kern.clockrate To retrieve information about the load average history: $ sysctl vm.loadavg To make the chown(2) system call use traditional BSD semantics (don't clear setuid/setgid bits): # sysctl -w fs.posix.setuid=0 To set the list of reserved TCP ports that should not be allocated by the kernel dynamically: # sysctl -w net.inet.tcp.baddynamic=749,750,751,760,761,871 This can be used to keep daemons from stealing a specific port that an- other program needs to function. List elements may be separated by com- mas and/or whitespace. It is also possible to add or remove ports from the current list: # sysctl -w net.inet.tcp.baddynamic=+748 # sysctl -w net.inet.tcp.baddynamic=-871 To adjust the number of kernel nfsio threads used to service asynchronous I/O requests on an NFS client machine: # sysctl -w vfs.nfs.iothreads=4 The number of 4 is the default, 20 is the maximum. See nfssvc(2) and nfsd(8) for further discussion. To set the amount of shared memory available in the system and the maxi- mum number of shared memory segments: # sysctl -w kern.shminfo.shmmax=33554432 # sysctl -w kern.shminfo.shmseg=32 SEE ALSO sysctl(3), sysctl.conf(5) HISTORY sysctl first appeared in 4.4BSD. OpenBSD 3.4 December 18, 2002 7