NAME
sysctl
—
get or set kernel state
SYNOPSIS
sysctl |
[-Aan ] |
sysctl |
[-n ] name ... |
sysctl |
[-nq ]
name=value ... |
DESCRIPTION
The sysctl
utility retrieves kernel state
and allows processes with appropriate privilege to set kernel state. The
state to be retrieved or set is described using a “Management
Information Base” (MIB) style name, described as a dotted set of
components.
When retrieving a variable, a subset of the MIB name may be specified to retrieve a list of variables in that subset. For example, to list all the machdep variables:
$ sysctl machdep
When setting a variable, the MIB name should be followed by an equal sign and the new value.
The options are as follows:
-A
- List all the known MIB names including tables. Those with string or
integer values will be printed as with the
-a
flag; for the table values, the name of the utility to retrieve them is given. -a
- List all the currently available string or integer values. This is the
default, if no parameters are given to
sysctl
. -n
- Suppress printing of the field name, only output the field value. Useful
for setting shell variables. For example, to set the psize shell variable
to the pagesize of the hardware:
# set psize=`sysctl -n hw.pagesize`
-q
- Suppress all output when setting a variable. This option overrides the
behaviour of
-n
. - name=value
- Attempt to set the specified variable name to value.
The information available from sysctl
consists of integers, strings, and tables. The tabular information can only
be retrieved by special purpose programs such as
ps(1),
systat(1), and
netstat(1). The string and integer information is summarized below.
For a detailed description of these variables, see
sysctl(3). The changeable column indicates whether a process with
appropriate privilege can change the value.
Note: not all of the variables are relevant to all architectures, and a few require a kernel compiled with non-standard options(4).
Name | Type | Changeable |
kern.ostype | string | no |
kern.osrelease | string | no |
kern.osrevision | integer | no |
kern.version | string | no |
kern.maxvnodes | integer | yes |
kern.maxproc | integer | yes |
kern.maxfiles | integer | yes |
kern.argmax | integer | no |
kern.securelevel | integer | raise only |
kern.hostname | string | yes |
kern.hostid | u_int | yes |
kern.clockrate | struct | no |
kern.posix1version | integer | no |
kern.ngroups | integer | no |
kern.job_control | integer | no |
kern.saved_ids | integer | no |
kern.boottime | struct | no |
kern.domainname | string | yes |
kern.maxpartitions | integer | no |
kern.rawpartition | integer | no |
kern.maxthread | integer | yes |
kern.nthreads | integer | no |
kern.osversion | string | no |
kern.somaxconn | integer | yes |
kern.sominconn | integer | yes |
kern.usermount | integer | yes |
kern.nosuidcoredump | integer | yes |
kern.fsync | integer | no |
kern.sysvmsg | integer | no |
kern.sysvsem | integer | no |
kern.sysvshm | integer | no |
kern.arandom | u_int | no |
kern.msgbufsize | integer | no |
kern.malloc.buckets | string | no |
kern.malloc.bucket.<sz> | string | no |
kern.malloc.kmemnames | string | no |
kern.malloc.kmemstat.<name> | string | no |
kern.cp_time | struct | no |
kern.nchstats | struct | no |
kern.forkstat | struct | no |
kern.nselcoll | integer | no |
kern.tty.tk_nin | int64_t | no |
kern.tty.tk_nout | int64_t | no |
kern.tty.tk_rawcc | int64_t | no |
kern.tty.tk_cancc | int64_t | no |
kern.tty.ttyinfo | struct | no |
kern.ccpu | u_int | no |
kern.fscale | integer | no |
kern.nprocs | integer | no |
kern.stackgap_random | integer | yes |
kern.splassert | integer | yes |
kern.nfiles | integer | no |
kern.ttycount | integer | no |
kern.numvnodes | integer | no |
kern.seminfo.semmni | integer | yes |
kern.seminfo.semmns | integer | yes |
kern.seminfo.semmnu | integer | yes |
kern.seminfo.semmsl | integer | yes |
kern.seminfo.semopm | integer | yes |
kern.seminfo.semume | integer | no |
kern.seminfo.semusz | integer | no |
kern.seminfo.semvmx | integer | no |
kern.seminfo.semaem | integer | no |
kern.shminfo.shmmax | integer | yes |
kern.shminfo.shmmin | integer | yes |
kern.shminfo.shmmni | integer | yes |
kern.shminfo.shmseg | integer | yes |
kern.shminfo.shmall | integer | yes |
kern.watchdog.period | integer | yes |
kern.watchdog.auto | integer | yes |
kern.maxclusters | integer | yes |
kern.timecounter.tick | integer | no |
kern.timecounter.timestepwarnings | integer | yes |
kern.timecounter.hardware | string | yes |
kern.timecounter.choice | string | no |
kern.maxlocksperuid | integer | yes |
kern.bufcachepercent | integer | yes |
kern.wxabort | integer | yes |
kern.consdev | string | no |
kern.global_ptrace | integer | yes |
vm.vmmeter | struct | no |
vm.loadavg | struct | no |
vm.psstrings | struct | no |
vm.uvmexp | struct | no |
vm.swapencrypt.enable | integer | yes |
vm.swapencrypt.keyscreated | integer | no |
vm.swapencrypt.keysdeleted | integer | no |
vm.nkmempages | integer | no |
vm.anonmin | integer | yes |
vm.vtextmin | integer | yes |
vm.vnodemin | integer | yes |
vm.maxslp | integer | no |
vm.uspace | integer | no |
fs.posix.setuid | integer | yes |
net.inet.divert.recvspace | integer | yes |
net.inet.divert.sendspace | integer | yes |
net.inet.ip.forwarding | integer | yes |
net.inet.ip.redirect | integer | yes |
net.inet.ip.ttl | integer | yes |
net.inet.ip.sourceroute | integer | yes |
net.inet.ip.directed-broadcast | integer | yes |
net.inet.ip.portfirst | integer | yes |
net.inet.ip.portlast | integer | yes |
net.inet.ip.porthifirst | integer | yes |
net.inet.ip.porthilast | integer | yes |
net.inet.ip.maxqueue | integer | yes |
net.inet.ip.encdebug | integer | yes |
net.inet.ip.ipsec-expire-acquire | integer | yes |
net.inet.ip.ipsec-invalid-life | integer | yes |
net.inet.ip.ipsec-pfs | integer | yes |
net.inet.ip.ipsec-soft-allocs | integer | yes |
net.inet.ip.ipsec-allocs | integer | yes |
net.inet.ip.ipsec-soft-bytes | integer | yes |
net.inet.ip.ipsec-bytes | integer | yes |
net.inet.ip.ipsec-timeout | integer | yes |
net.inet.ip.ipsec-soft-timeout | integer | yes |
net.inet.ip.ipsec-soft-firstuse | integer | yes |
net.inet.ip.ipsec-firstuse | integer | yes |
net.inet.ip.ipsec-enc-alg | string | yes |
net.inet.ip.ipsec-auth-alg | string | yes |
net.inet.ip.mtudisc | integer | yes |
net.inet.ip.mtudisctimeout | integer | yes |
net.inet.ip.ipsec-comp-alg | string | yes |
net.inet.ip.ifq.len | integer | no |
net.inet.ip.ifq.maxlen | integer | yes |
net.inet.ip.ifq.drops | integer | no |
net.inet.ip.mforwarding | integer | yes |
net.inet.ip.multipath | integer | yes |
net.inet.ip.arptimeout | integer | yes |
net.inet.ip.arpdown | integer | yes |
net.inet.icmp.maskrepl | integer | yes |
net.inet.icmp.bmcastecho | integer | yes |
net.inet.icmp.errppslimit | integer | yes |
net.inet.icmp.rediraccept | integer | yes |
net.inet.icmp.redirtimeout | integer | yes |
net.inet.icmp.tstamprepl | integer | yes |
net.inet.ipip.allow | integer | yes |
net.inet.tcp.rfc1323 | integer | yes |
net.inet.tcp.keepinittime | integer | yes |
net.inet.tcp.keepidle | integer | yes |
net.inet.tcp.keepintvl | integer | yes |
net.inet.tcp.slowhz | integer | no |
net.inet.tcp.baddynamic | array | yes |
net.inet.tcp.sack | integer | yes |
net.inet.tcp.mssdflt | integer | yes |
net.inet.tcp.rstppslimit | integer | yes |
net.inet.tcp.ackonpush | integer | yes |
net.inet.tcp.ecn | integer | yes |
net.inet.tcp.syncachelimit | integer | yes |
net.inet.tcp.synbucketlimit | integer | yes |
net.inet.tcp.rfc3390 | integer | yes |
net.inet.tcp.reasslimit | integer | yes |
net.inet.tcp.sackholelimit | integer | yes |
net.inet.tcp.always_keepalive | integer | yes |
net.inet.tcp.synuselimit | integer | yes |
net.inet.tcp.rootonly | array | yes |
net.inet.tcp.synhashsize | integer | yes |
net.inet.udp.checksum | integer | yes |
net.inet.udp.baddynamic | array | yes |
net.inet.udp.recvspace | integer | yes |
net.inet.udp.sendspace | integer | yes |
net.inet.udp.rootonly | array | yes |
net.inet.gre.allow | integer | yes |
net.inet.gre.wccp | integer | yes |
net.inet.esp.enable | integer | yes |
net.inet.esp.udpencap | integer | yes |
net.inet.esp.udpencap_port | integer | yes |
net.inet.ah.enable | integer | yes |
net.inet.mobileip.allow | integer | yes |
net.inet.etherip.allow | integer | yes |
net.inet.ipcomp.enable | integer | yes |
net.inet.carp.allow | integer | yes |
net.inet.carp.preempt | integer | yes |
net.inet.carp.log | integer | yes |
net.inet6.ip6.forwarding | integer | yes |
net.inet6.ip6.redirect | integer | yes |
net.inet6.ip6.hlim | integer | yes |
net.inet6.ip6.maxfragpackets | integer | yes |
net.inet6.ip6.log_interval | integer | yes |
net.inet6.ip6.hdrnestlimit | integer | yes |
net.inet6.ip6.dad_count | integer | yes |
net.inet6.ip6.auto_flowlabel | integer | yes |
net.inet6.ip6.defmcasthlim | integer | yes |
net.inet6.ip6.use_deprecated | integer | yes |
net.inet6.ip6.maxfrags | integer | yes |
net.inet6.ip6.mforwarding | integer | yes |
net.inet6.ip6.multipath | integer | yes |
net.inet6.ip6.multicast_mtudisc | integer | yes |
net.inet6.ip6.neighborgcthresh | integer | yes |
net.inet6.ip6.maxifprefixes | integer | yes |
net.inet6.ip6.maxifdefrouters | integer | yes |
net.inet6.ip6.maxdynroutes | integer | yes |
net.inet6.ip6.dad_pending | integer | yes |
net.inet6.ip6.mtudisctimeout | integer | yes |
net.inet6.ip6.ifq.len | integer | no |
net.inet6.ip6.ifq.maxlen | integer | yes |
net.inet6.ip6.ifq.drops | integer | no |
net.inet6.icmp6.redirtimeout | integer | yes |
net.inet6.icmp6.nd6_prune | integer | yes |
net.inet6.icmp6.nd6_delay | integer | yes |
net.inet6.icmp6.nd6_umaxtries | integer | yes |
net.inet6.icmp6.nd6_mmaxtries | integer | yes |
net.inet6.icmp6.errppslimit | integer | yes |
net.inet6.icmp6.nd6_maxnudhint | integer | yes |
net.inet6.icmp6.mtudisc_hiwat | integer | yes |
net.inet6.icmp6.mtudisc_lowat | integer | yes |
net.inet6.icmp6.nd6_debug | integer | yes |
net.mpls.ttl | integer | yes |
net.mpls.ifq.len | integer | no |
net.mpls.ifq.maxlen | integer | yes |
net.mpls.ifq.drops | integer | no |
net.mpls.maxloop_inkernel | integer | yes |
net.mpls.mapttl_ip | integer | yes |
net.mpls.mapttl_ip6 | integer | yes |
net.pipex.enable | integer | yes |
net.pipex.inq.len | integer | no |
net.pipex.inq.maxlen | integer | yes |
net.pipex.inq.drops | integer | no |
net.pipex.outq.len | integer | no |
net.pipex.outq.maxlen | integer | yes |
net.pipex.outq.drops=0 | integer | no |
debug.syncprt | integer | yes |
debug.busyprt | integer | yes |
hw.machine | string | no |
hw.model | string | no |
hw.ncpu | integer | no |
hw.byteorder | integer | no |
hw.physmem | int64_t | no |
hw.usermem | int64_t | no |
hw.pagesize | integer | no |
hw.diskstats | struct | no |
hw.disknames | string | no |
hw.diskcount | integer | no |
hw.sensors.<xname>.<type><numt> | struct | no |
hw.cpuspeed | integer | no |
hw.setperf | integer | yes |
hw.vendor | string | no |
hw.product | string | no |
hw.version | string | no |
hw.serialno | string | no |
hw.uuid | string | no |
hw.ncpufound | integer | no |
hw.allowpowerdown | integer | yes |
hw.perfpolicy | string | yes |
machdep.console_device | dev_t | no |
machdep.unaligned_print | integer | yes |
machdep.unaligned_fix | integer | yes |
machdep.unaligned_sigbus | integer | yes |
machdep.apmwarn | integer | yes |
machdep.apmhalt | integer | yes |
machdep.kbdreset | integer | yes |
machdep.osfxsr | integer | no |
machdep.sse | integer | no |
machdep.sse2 | integer | no |
machdep.xcrypt | integer | no |
machdep.allowaperture | integer | yes |
machdep.led_blink | integer | yes |
machdep.ceccerrs | integer | no |
machdep.cecclast | quad | no |
ddb.radix | integer | yes |
ddb.max_width | integer | yes |
ddb.max_line | integer | yes |
ddb.tab_stop_width | integer | yes |
ddb.panic | integer | yes |
ddb.console | integer | yes |
ddb.log | integer | yes |
ddb.trigger | integer | yes |
vfs.mounts.* | struct | no |
vfs.ffs.max_softdeps | integer | yes |
vfs.ffs.sd_tickdelay | integer | yes |
vfs.ffs.sd_worklist_push | integer | no |
vfs.ffs.sd_blk_limit_push | integer | no |
vfs.ffs.sd_ino_limit_push | integer | no |
vfs.ffs.sd_blk_limit_hit | integer | no |
vfs.ffs.sd_ino_limit_hit | integer | no |
vfs.ffs.sd_sync_limit_hit | integer | no |
vfs.ffs.sd_indir_blk_ptrs | integer | no |
vfs.ffs.sd_inode_bitmap | integer | no |
vfs.ffs.sd_direct_blk_ptrs | integer | no |
vfs.ffs.sd_dir_entry | integer | no |
vfs.ffs.dirhash_dirsize | integer | yes |
vfs.ffs.dirhash_maxmem | integer | yes |
vfs.ffs.dirhash_mem | integer | no |
vfs.nfs.iothreads | integer | yes |
vfs.fuse.fusefs_open_devices | integer | no |
vfs.fuse.fusefs_fbufs_in | integer | no |
vfs.fuse.fusefs_fbufs_wait | integer | no |
vfs.fuse.fusefs_pool_pages | integer | no |
The sysctl
program can extract information
about the filesystems that have been compiled into the running system. This
information can be obtained by using the command:
$ sysctl vfs.mounts
By default, only filesystems that are actively being used are
listed. Use of the -A
flag lists all the filesystems
compiled into the running kernel.
FILES
<sys/sysctl.h>
- definitions for top level identifiers and second level kernel and hardware identifiers
<sys/socket.h>
- definitions for second level network identifiers
<sys/gmon.h>
- definitions for third level profiling identifiers
<uvm/uvm_param.h>
- definitions for second level virtual memory identifiers
<uvm/uvm_swap_encrypt.h>
- definitions for third level virtual memory identifiers
<netinet/in.h>
- definitions for third level IPv4/v6 identifiers and fourth level IPv4/v6 identifiers
<netinet/ip_divert.h>
- definitions for fourth level divert identifiers
<netinet/icmp_var.h>
- definitions for fourth level ICMP identifiers
<netinet6/icmp6.h>
- definitions for fourth level ICMPv6 identifiers
<netinet/tcp_var.h>
- definitions for fourth level TCP identifiers
<netinet/udp_var.h>
- definitions for fourth level UDP identifiers
<ddb/db_var.h>
- definitions for second level ddb identifiers
<sys/mount.h>
- definitions for second level vfs identifiers
<nfs/nfs.h>
- definitions for third level NFS identifiers
<miscfs/fuse/fusefs.h>
- definitions for third level fusefs identifiers
<ufs/ffs/ffs_extern.h>
- definitions for third level FFS identifiers
<machine/cpu.h>
- definitions for second level CPU identifiers
EXAMPLES
To retrieve the maximum number of processes allowed in the system:
$ sysctl kern.maxproc
To set the maximum number of processes allowed in the system to 1000:
# sysctl
kern.maxproc=1000
To retrieve information about the system clock rate:
$ sysctl kern.clockrate
To retrieve information about the load average history:
$ sysctl vm.loadavg
To make the chown(2) system call use traditional BSD semantics (don't clear setuid/setgid bits):
# sysctl
fs.posix.setuid=0
To set the list of reserved TCP ports that should not be allocated by the kernel dynamically:
# sysctl
net.inet.tcp.baddynamic=749,750,751,760,761,871
# sysctl
net.inet.udp.baddynamic=749,750,751,760,761,871,1024-2048
This can be used to keep daemons from stealing a specific port that another program needs to function. List elements may be separated by commas and/or whitespace; a hyphen may be used to specify a range of ports.
It is also possible to add or remove ports from the current list:
# sysctl net.inet.tcp.baddynamic=+748,6000-6999 # sysctl net.inet.tcp.baddynamic=-871
To set the amount of shared memory available in the system and the maximum number of shared memory segments:
# sysctl kern.shminfo.shmmax=33554432 # sysctl kern.shminfo.shmseg=32
To place core dumps from issetugid(2) programs (in this example bgpd(8)) into a safe place for debugging purposes:
# mkdir -m 700 /var/crash/bgpd # sysctl kern.nosuidcoredump=3
SEE ALSO
HISTORY
sysctl
first appeared in
4.4BSD.