SYSCTL(3) | Library Functions Manual | SYSCTL(3) |
sysctl
— get or
set system information
#include
<sys/param.h>
#include <sys/sysctl.h>
int
sysctl
(const
int *name, u_int
namelen, void
*oldp, size_t
*oldlenp, void
*newp, size_t
newlen);
The
sysctl
()
function retrieves system information and allows processes with appropriate
privileges to set system information. The information available from
sysctl
() consists of integers, strings, and tables.
Information may be retrieved and set using the
sysctl(8) utility; the
variable names used by this utility are given here in parentheses.
Unless explicitly noted below,
sysctl
()
returns a consistent snapshot of the data requested. Consistency is obtained
by locking the destination buffer into memory so that the data may be copied
out without blocking. Calls to sysctl
() are
serialized to avoid deadlock.
The state is described using a “Management Information Base (MIB)” style name, listed in name, which is a namelen length array of integers.
The information is copied into the buffer specified by
oldp. The size of the buffer is given by the location
specified by oldlenp before the call, and that
location gives the amount of data copied after a successful call. If the
amount of data available is greater than the size of the buffer supplied,
the call supplies as much data as fits in the buffer provided and returns
with the error code ENOMEM
. If the old value is not
desired, oldp and oldlenp should
be set to NULL
.
The size of the available data can be determined by
calling
sysctl
()
with a NULL
parameter for
oldp. The size of the available data will be returned
in the location pointed to by oldlenp. For some
operations, the amount of space may change often. For these operations, the
system attempts to round up so that the returned size is large enough for a
call to return the data shortly thereafter.
To set a new value, newp is set to point to
a buffer of length newlen from which the requested
value is to be taken. If a new value is not to be set,
newp should be set to NULL
and
newlen set to 0.
The top level names are defined with a
CTL_
prefix in
<sys/sysctl.h>
, and are as
follows. The next and subsequent levels down are found in the include files
listed here, and described in separate sections below.
Name | Next level names | Description |
CTL_DDB |
ddb/db_var.h | Kernel debugger |
CTL_DEBUG |
sys/sysctl.h | Debugging |
CTL_FS |
sys/sysctl.h | File system |
CTL_HW |
sys/sysctl.h | Generic CPU, I/O |
CTL_KERN |
sys/sysctl.h | High kernel limits |
CTL_MACHDEP |
sys/sysctl.h | Machine dependent |
CTL_NET |
sys/socket.h | Networking |
CTL_VFS |
ufs/ffs/ffs_extern.h | Virtual file system |
CTL_VM |
uvm/uvm_param.h | Virtual memory |
For example, the following retrieves the maximum number of processes allowed in the system:
int mib[2], maxproc; size_t len; mib[0] = CTL_KERN; mib[1] = KERN_MAXPROC; len = sizeof(maxproc); if (sysctl(mib, 2, &maxproc, &len, NULL, 0) == -1) err(1, "sysctl");
Integer information and settable variables are available for the
CTL_DDB level
, as described below. More information
is also available in ddb(4).
Second level name | Type | Changeable |
DBCTL_CONSOLE |
integer | yes |
DBCTL_LOG |
integer | yes |
DBCTL_MAXLINE |
integer | yes |
DBCTL_MAXWIDTH |
integer | yes |
DBCTL_PANIC |
integer | yes |
DBCTL_RADIX |
integer | yes |
DBCTL_TABSTOP |
integer | yes |
DBCTL_TRIGGER |
integer | yes |
DBCTL_CONSOLE
(ddb.console)DBCTL_LOG
(ddb.log)DBCTL_MAXLINE
(ddb.max_line)$lines
variable.DBCTL_MAXWIDTH
(ddb.max_width)$maxwidth
variable.DBCTL_PANIC
(ddb.panic)DBCTL_RADIX
(ddb.radix)$radix
variable.DBCTL_TABSTOP
(ddb.tab_stop_width)$tabstops
variable.DBCTL_TRIGGER
(ddb.trigger)DBCTL_CONSOLE
is set, writing to
DBCTL_TRIGGER
causes the system to enter
ddb(4). When running with a
securelevel(7) greater
than 0, the process writing to this variable must be running on the
console in order to enter
ddb(4).The debugging variables vary from system to system. A debugging
variable may be added or deleted without need to recompile
sysctl
()
to know about it. Each time it runs, sysctl
() gets
the list of debugging variables from the kernel and displays their current
values. The system defines twenty struct ctldebug
variables named debug0 through
debug19. They are declared as separate variables so
that they can be individually initialized at the location of their
associated variable. The loader prevents multiple use of the same variable
by issuing errors if a variable is initialized in more than one place. For
example, to export the variable dospecialcheck as a
debugging variable, the following declaration would be used:
int dospecialcheck = 1; struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck };
The string and integer information available for the
CTL_FS
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Second level name | Type | Changeable |
FS_POSIX_SETUID |
integer | yes |
FS_POSIX_SETUID
(fx.posix.setuid)The string and integer information available for the
CTL_HW
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Second level name | Type | Changeable |
HW_ALLOWPOWERDOWN |
integer | yes |
HW_BYTEORDER |
integer | no |
HW_CPUSPEED |
integer | no |
HW_DISKCOUNT |
integer | no |
HW_DISKNAMES |
string | no |
HW_DISKSTATS |
struct | no |
HW_MACHINE |
string | no |
HW_MODEL |
string | no |
HW_NCPU |
integer | no |
HW_NCPUFOUND |
integer | no |
HW_PAGESIZE |
integer | no |
HW_PERFPOLICY |
string | yes |
HW_PHYSMEM |
integer | no |
HW_PHYSMEM64 |
int64_t | no |
HW_PRODUCT |
string | no |
HW_SENSORS |
node | not applicable |
HW_SETPERF |
integer | yes |
HW_USERMEM |
integer | no |
HW_USERMEM64 |
int64_t | no |
HW_UUID |
string | no |
HW_VENDOR |
string | no |
HW_VERSION |
string | no |
HW_ALLOWPOWERDOWN
(hw.allowpowerdown)HW_BYTEORDER
(hw.byteorder)HW_CPUSPEED
(hw.cpuspeed)HW_DISKCOUNT
(hw.diskcount)HW_DISKNAMES
(hw.disknames)HW_DISKSTATS
(hw.diskstats)struct diskstats
structures containing
disk statistics.HW_MACHINE
(hw.machine)HW_MODEL
(hw.model)HW_NCPU
(hw.ncpu)HW_NCPUFOUND
(hw.ncpufound)HW_PAGESIZE
(hw.pagesize)HW_PERFPOLICY
(hw.perfpolicy)HW_PHYSMEM
HW_PHYSMEM64
instead.HW_PHYSMEM64
(hw.physmem)HW_PRODUCT
(hw.product)HW_SENSORS
(hw.sensors)struct sensordev
structures containing information about devices that may attach hardware
monitoring sensors.
Third, fourth and fifth levels together comprise an array of
struct sensor
structures containing snapshot
readings of hardware monitoring sensors. In such usage, third level
indicates the numerical representation of the sensor device name to
which the sensor is attached (a device's xname and number are matched
with the help of struct sensordev
structure
above), fourth level indicates sensor type and fifth level is an ordinal
sensor number (unique to the specified sensor type on the specified
sensor device).
The
sensordev
and
sensor
structures and
sensor_type
enumeration are defined in
<sys/sensors.h>
.
HW_SERIALNO
(hw.serialno)HW_SETPERF
(hw.setperf)HW_PERFPOLICY
is set to
“manual”.HW_USERMEM
HW_USERMEM64
instead.HW_USERMEM64
(hw.usermem)HW_UUID
(hw.uuid)HW_VENDOR
(hw.vendor)HW_VERSION
(hw.version)The string and integer information available for the
CTL_KERN
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value. The types of data currently available are process information, system
vnodes, the open file entries, routing table entries, virtual memory
statistics, load average history, and clock rate information.
Second level name | Type | Changeable |
KERN_ALLOWKMEM |
integer | yes |
KERN_ARGMAX |
integer | no |
KERN_BOOTTIME |
struct timeval | no |
KERN_CACHEPCT |
integer | yes |
KERN_CCPU |
integer | no |
KERN_CLOCKRATE |
struct clockinfo | no |
KERN_CONSDEV |
dev_t | no |
KERN_CPTIME |
long[CPUSTATES] | no |
KERN_CPTIME2 |
u_int64_t[CPUSTATES] | no |
KERN_DNSJACKPORT |
integer | yes |
KERN_DOMAINNAME |
string | yes |
KERN_FILE |
struct kinfo_file | no |
KERN_FORKSTAT |
struct forkstat | no |
KERN_FSCALE |
integer | no |
KERN_FSYNC |
integer | no |
KERN_GLOBAL_PTRACE |
integer | yes |
KERN_HOSTID |
integer | yes |
KERN_HOSTNAME |
string | yes |
KERN_INTRCNT |
node | not applicable |
KERN_JOB_CONTROL |
integer | no |
KERN_MALLOCSTATS |
node | no |
KERN_MAXCLUSTERS |
integer | yes |
KERN_MAXFILES |
integer | yes |
KERN_MAXLOCKSPERUID |
integer | yes |
KERN_MAXPARTITIONS |
integer | no |
KERN_MAXPROC |
integer | yes |
KERN_MAXTHREAD |
integer | yes |
KERN_MAXVNODES |
integer | yes |
KERN_MBSTAT |
struct mbstat | no |
KERN_MSGBUF |
char[] | no |
KERN_MSGBUFSIZE |
integer | no |
KERN_NCHSTATS |
struct nchstats | no |
KERN_NFILES |
integer | no |
KERN_NGROUPS |
integer | no |
KERN_NOSUIDCOREDUMP |
integer | yes |
KERN_NPROCS |
integer | no |
KERN_NSELCOLL |
integer | no |
KERN_NTHREADS |
integer | no |
KERN_NUMVNODES |
integer | no |
KERN_OSRELEASE |
string | no |
KERN_OSREV |
integer | no |
KERN_OSTYPE |
string | no |
KERN_OSVERSION |
string | no |
KERN_POSIX1 |
integer | no |
KERN_PROC |
struct kinfo_proc | no |
KERN_PROC_ARGS |
node | not applicable |
KERN_PROC_CWD |
string | not applicable |
KERN_PROC_NOBROADCASTKILL |
node | not applicable |
KERN_PROC_VMMAP |
struct kinfo_vmentry | no |
KERN_PROF |
node | not applicable |
KERN_RAWPARTITION |
integer | no |
KERN_SAVED_IDS |
integer | no |
KERN_SECURELVL |
integer | raise only |
KERN_SEMINFO |
node | not applicable |
KERN_SHMINFO |
node | not applicable |
KERN_SOMAXCONN |
integer | yes |
KERN_SOMINCONN |
integer | yes |
KERN_SPLASSERT |
int | yes |
KERN_STACKGAPRANDOM |
integer | yes |
KERN_SYSVIPC_INFO |
node | not applicable |
KERN_SYSVMSG |
integer | no |
KERN_SYSVSEM |
integer | no |
KERN_SYSVSHM |
integer | no |
KERN_TIMECOUNTER |
node | not applicable |
KERN_TTY |
node | not applicable |
KERN_TTYCOUNT |
integer | no |
KERN_VERSION |
string | no |
KERN_WATCHDOG |
node | not applicable |
KERN_WXABORT |
integer | yes |
KERN_ALLOWKMEM
(kern.allowkmem)KERN_ARGMAX
(kern.argmax)KERN_BOOTTIME
(kern.boottime)struct timeval
structure is returned. This
structure contains the time that the system was booted.KERN_CACHEPCT
(kern.bufcachepercent)KERN_CCPU
(kern.ccpu)KERN_CLOCKRATE
(kern.clockrate)struct clockinfo
structure is returned. This
structure contains the clock, statistics clock and profiling clock
frequencies, the number of micro-seconds per hz tick, and the clock skew
rate.KERN_CONSDEV
(kern.consdev)KERN_CPTIME
(kern.cp_time)CPUSTATES
is returned,
containing statistics about the number of ticks spent by the system in
interrupt processing, user processes
(nice(1) or normal), system
processing, or idling.KERN_CPTIME2
(kern.cp_time2)KERN_CPTIME
, but obtains information
from only the single CPU specified by the third level name given.KERN_DNSJACKPORT
(kern.dnsjackport)KERN_DOMAINNAME
(kern.domainname)KERN_FILE
(kern.file)struct kinfo_file
structures is returned, whose
size depends on the current number of selected files in the system. The
third and fourth level names are as follows:
Third level name | Fourth level is: |
KERN_FILE_BYFILE |
A file type |
KERN_FILE_BYPID |
A process ID |
KERN_FILE_BYUID |
A user ID |
The fifth level name is the size of the
struct kinfo_file
and the sixth level name is
the number of structures to return.
KERN_FORKSTAT
(kern.forkstat)struct forkstat
structure is returned. This
structure contains information about the number of
fork(2),
vfork(2), and
__tfork(3) system calls as
well as kernel thread creations since system startup, and the number of
pages of virtual memory involved in each.KERN_FSCALE
(kern.fscale)KERN_FSYNC
(kern.fsync)KERN_GLOBAL_PTRACE
(kern.global_ptrace)KERN_HOSTID
(kern.hostid)KERN_HOSTNAME
(kern.hostname)KERN_JOB_CONTROL
(kern.job_control)KERN_MALLOCSTATS
(kern.malloc)Third level name | Type |
KERN_MALLOC_BUCKET |
node |
KERN_MALLOC_BUCKETS |
string |
KERN_MALLOC_KMEMNAMES |
string |
KERN_MALLOC_KMEMSTATS |
node |
The variables are as follows:
KERN_MALLOC_BUCKET.<size>
(kern.malloc.bucket)struct kmembuckets
.
If a value is specified that does not correspond directly to a bucket size, the statistics for the closest larger bucket size will be returned instead.
Note that bucket sizes are typically powers of 2.
KERN_MALLOC_BUCKETS
(kern.malloc.buckets)KERN_MALLOC_KMEMNAMES
(kern.malloc.kmemnames)KERN_MALLOC_KMEMSTATS
(kern.malloc.kmemstat)struct
kmemstats
.KERN_MAXCLUSTERS
(kern.maxclusters)KERN_MAXFILES
(kern.maxfiles)KERN_MAXLOCKSPERUID
(kerb.maxlocksperuid)KERN_MAXPARTITIONS
(kern.maxpartitions)KERN_MAXPROC
(kern.maxproc)KERN_MAXTHREAD
(kern.maxthread)KERN_MAXVNODES
(kern.maxvnodes)KERN_MBSTAT
(kern.mbstat)struct mbstat
structure is returned, containing
statistics on mbuf(9)
usage.KERN_MSGBUF
(kern.msgbuf)KERN_MSGBUFSIZE
(kern.msgbufsize)KERN_NCHSTATS
(kern.nchstats)struct nchstats
structure is returned. This
structure contains information about the filename to
inode(5) mapping cache.KERN_NFILES
(kern.nfiles)KERN_NGROUPS
(kern.ngroups)KERN_NOSUIDCOREDUMP
(kern.nosuidcoredump)value | condition | dump core to |
0 | euid == 0 | current directory |
1 | never | |
2 | always | /var/crash |
3 | depends | /var/crash/$programname/ |
KERN_NPROCS
(kern.nprocs)KERN_NSELCOLL
(kern.nselcoll)KERN_NTHREADS
(kern.nthreads)KERN_NUMVNODES
(kern.numvnodes)KERN_OSRELEASE
(kern.osrelease)KERN_OSREV
(kern.osrevision)KERN_OSTYPE
(kern.ostype)KERN_OSVERSION
(kern.osversion)KERN_POSIX1
(kern.posix1version)KERN_PROC
(kern.proc)struct kinfo_proc
structures is returned, whose
size depends on the current number of selected processes in the system.
The third and fourth level names are as follows:
Third level name | Fourth level is: |
KERN_PROC_ALL |
None |
KERN_PROC_KTHREAD |
A kernel thread |
KERN_PROC_PID |
A process ID |
KERN_PROC_PGRP |
A process group |
KERN_PROC_RUID |
A real user ID |
KERN_PROC_SESSION |
A session PID |
KERN_PROC_TTY |
A tty device |
KERN_PROC_UID |
A user ID |
The fifth level name is the size of the
struct kinfo_proc
and the sixth level name is
the number of structures to return.
KERN_PROC_ARGS
(kern.procargs)KERN_PROC_ARGV |
KERN_PROC_ENV |
KERN_PROC_NARGV |
KERN_PROC_NENV |
KERN_PROC_NARGV
and
KERN_PROC_NENV
return the number of elements as
an int in the argv or env array.
KERN_PROC_ARGV
returns the argv array and
KERN_PROC_ENV
returns the environ array. The
buffer pointed to by oldp is filled with an array
of char pointers followed by the strings themselves. The last char
pointer is a NULL
pointer.
KERN_PROC_CWD
(kern.proc_cwd)KERN_PROC_NOBROADCASTKILL
(kern.proc_nobroadcastkill)KERN_PROC_VMMAP
(kern.proc_vmmap)struct kinfo_vmentry
structures is returned, whose
size depends on the current number of VM map entries of the selected
process. Iteration is possible by setting the base address in the first
element of struct kinfo_vmentry
.KERN_PROF
(kern.profiling)KERN_PROF
values will fail with
EOPNOTSUPP
. The third level names for the string
and integer profiling information are detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Third level name | Type | Changeable |
GPROF_COUNT |
u_short[] | yes |
GPROF_FROMS |
u_short[] | yes |
GPROF_GMONPARAM |
struct gmonparam | no |
GPROF_STATE |
integer | yes |
GPROF_TOS |
struct tostruct | yes |
The variables are as follows:
GPROF_COUNT
GPROF_FROMS
GPROF_GMONPARAM
GPROF_STATE
GMON_PROF_ON
or
GMON_PROF_OFF
to show that profiling is
running or stopped.GPROF_TOS
struct tostruct
describing
destination of calls and their counts.KERN_RAWPARTITION
(kern.rawpartition)KERN_SAVED_IDS
(kern.saved_ids)KERN_SECURELVL
(kern.securelevel)KERN_SEMINFO
(kern.seminfo)struct seminfo
. If the
kernel is not compiled with System V style semaphore support, attempts to
retrieve any of the KERN_SEMINFO
values will fail
with EOPNOTSUPP
. The third level names for the
elements of struct seminfo
are detailed below. The
changeable column shows whether a process with appropriate privileges may
change the value.
Third level name | Type | Changeable |
KERN_SEMINFO_SEMAEM |
integer | no |
KERN_SEMINFO_SEMMNI |
integer | yes |
KERN_SEMINFO_SEMMNS |
integer | yes |
KERN_SEMINFO_SEMMNU |
integer | yes |
KERN_SEMINFO_SEMMSL |
integer | yes |
KERN_SEMINFO_SEMOPM |
integer | yes |
KERN_SEMINFO_SEMUME |
integer | no |
KERN_SEMINFO_SEMUSZ |
integer | no |
KERN_SEMINFO_SEMVMX |
integer | no |
The variables are as follows:
KERN_SEMINFO_SEMAEM
(kern.seminfo.semaem)KERN_SEMINFO_SEMMNI
(kern.seminfo.semni)KERN_SEMINFO_SEMMNS
(kern.seminfo.semmns)KERN_SEMINFO_SEMMNU
(kern.seminfo.semnu)KERN_SEMINFO_SEMMSL
(kern.seminfo.semmsl)KERN_SEMINFO_SEMOPM
(kern.seminfo.semopm)KERN_SEMINFO_SEMUME
(kern.seminfo.semume)KERN_SEMINFO_SEMUSZ
(kern.seminfo.semusz)KERN_SEMINFO_SEMVMX
(kern.seminfo.semvmx)KERN_SHMINFO
(kern.shminfo)struct shminfo
. If the
kernel is not compiled with System V style shared memory support, attempts
to retrieve any of the KERN_SHMINFO
values will
fail with EOPNOTSUPP
. The third level names for
the elements of struct shminfo
are detailed below.
The changeable column shows whether a process with appropriate privileges
may change the value.
Third level name | Type | Changeable |
KERN_SHMINFO_SHMALL |
integer | yes |
KERN_SHMINFO_SHMMAX |
integer | yes |
KERN_SHMINFO_SHMMIN |
integer | yes |
KERN_SHMINFO_SHMMNI |
integer | yes |
KERN_SHMINFO_SHMSEG |
integer | yes |
The variables are as follows:
KERN_SHMINFO_SHMALL
(kern.shminfo.shmall)KERN_SHMINFO_SHMMAX
(kern.shminfo.shmmax)KERN_SHMINFO_SHMMIN
(kern.shminfo.shmmin)KERN_SHMINFO_SHMMNI
(kern.shminfo.shmmni)KERN_SHMINFO_SHMSEG
(kern.shminfo.shmseg)KERN_SOMAXCONN
(kern.somaxconn)KERN_SOMINCONN
(kern.sominconn)KERN_SPLASSERT
(kern.splassert)Any other value causes a system panic on errors. See splassert(9) for more information.
KERN_STACKGAPRANDOM
(kern.stackgap_random)KERN_SYSVIPC_INFO
(kern.sysvipc_info)Third level name | Type |
KERN_SYSVIPC_MSG_INFO |
struct msg_sysctl_info |
KERN_SYSVIPC_SEM_INFO |
struct sem_sysctl_info |
KERN_SYSVIPC_SHM_INFO |
struct shm_sysctl_info |
KERN_SYSVIPC_MSG_INFO
<sys/msg.h>
.KERN_SYSVIPC_SEM_INFO
<sys/sem.h>
.KERN_SYSVIPC_SHM_INFO
<sys/shm.h>
.KERN_SYSVMSG
(kern.sysvmsg)KERN_SYSVSEM
(kern.sysvem)KERN_SYSVSHM
(kern.sysvshm)KERN_TIMECOUNTER
(kern.timecounter)Third level name | Type | Changeable |
KERN_TIMECOUNTER_CHOICE |
string | no |
KERN_TIMECOUNTER_HARDWARE |
string | yes |
KERN_TIMECOUNTER_TICK |
integer | no |
KERN_TIMECOUNTER_TIMESTEPWARNINGS |
integer | yes |
The variables are as follows:
KERN_TIMECOUNTER_CHOICE
(kern.timecounter.choice)KERN_TIMECOUNTER_HARDWARE
(kern.timecounter.hardware)KERN_TIMECOUNTER_TICK
(kern.timecounter.tick)KERN_TIMECOUNTER_TIMESTEPWARNINGS
(kern.timecounter.timestepwarnings)KERN_TTY
(kern.tty)Third level name | Type | Changeable |
KERN_TTY_INFO |
struct itty | no |
KERN_TTY_TKCANCC |
int64_t | no |
KERN_TTY_TKNIN |
int64_t | no |
KERN_TTY_TKNOUT |
int64_t | no |
KERN_TTY_TKRAWCC |
int64_t | no |
The variables are as follows:
KERN_TTY_INFO
(kern.tty.ttyinfo)struct itty
structures
containing tty statistics.KERN_TTY_TKCANCC
(kern.tty.tk_cancc)KERN_TTY_TKNIN
(kern.tty.tk_nin)KERN_TTY_TKNOUT
(kern.tty.tk_nout)KERN_TTY_TKRAWCC
(kern.tty.tk_rawcc)KERN_TTYCOUNT
(kern.ttycount)KERN_VERSION
(kern.version)KERN_WATCHDOG
(kern.watchdog)KERN_WATCHDOG
values will fail with
EOPNOTSUPP
.
Third level name | Type | Changeable |
KERN_WATCHDOG_AUTO |
integer | yes |
KERN_WATCHDOG_PERIOD |
integer | yes |
The variables are as follows:
KERN_WATCHDOG_AUTO
(kern.watchdog.auto)KERN_WATCHDOG_PERIOD
variable.KERN_WATCHDOG_PERIOD
(kern.watchdog.period)KERN_WXABORT
(kern.wxabort)The set of variables defined is architecture dependent. Most architectures define at least the following variables.
Second level name | Type | Changeable |
CPU_CONSDEV |
dev_t | no |
Consult the example file
/etc/example/sysctl.conf for a non-exhaustive list
of machdep
variables.
The string and integer information available for the
CTL_NET
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Second level name | Type | Changeable |
PF_ROUTE |
routing messages | no |
PF_INET |
IPv4 values | yes |
PF_INET6 |
IPv6 values | yes |
PF_KEY |
key management | no |
PF_MPLS |
MPLS values | yes |
PF_PIPEX |
PIPEX values | yes |
PF_ROUTE
The third level name is a protocol number, which is currently always 0. The fourth level name is an address family, which may be set to 0 to select all address families. The fifth and sixth level names are as follows:
Fifth level name | Sixth level is: |
NET_RT_DUMP |
priority |
NET_RT_FLAGS |
rtflags |
NET_RT_IFLIST |
None |
NET_RT_IFNAMES |
None |
NET_RT_STATS |
None |
NET_RT_DUMP
An optional seventh level name can be provided to select the routing table on which to run the operation. If not provided, the table with ID 0 is used.
PF_INET
Protocol name | Variable name | Type | Changeable |
ah | enable | integer | yes |
bpf | bufsize | integer | yes |
bpf | maxbufsize | integer | yes |
carp | allow | integer | yes |
carp | log | integer | yes |
carp | preempt | integer | yes |
divert | recvspace | integer | yes |
divert | sendspace | integer | yes |
esp | enable | integer | yes |
esp | udpencap | integer | yes |
esp | udpencap_port | integer | yes |
etherip | allow | integer | yes |
gre | allow | integer | yes |
gre | wccp | integer | yes |
icmp | bmcastecho | integer | yes |
icmp | errppslimit | integer | yes |
icmp | maskrepl | integer | yes |
icmp | rediraccept | integer | yes |
icmp | redirtimeout | integer | yes |
icmp | stats | structure | no |
icmp | tstamprepl | integer | yes |
ip | arpdown | integer | yes |
ip | arptimeout | integer | yes |
ip | directed-broadcast | integer | yes |
ip | encdebug | integer | yes |
ip | forwarding | integer | yes |
ip | ifq | node | N/A |
ip | ipsec-allocs | integer | yes |
ip | ipsec-auth-alg | string | yes |
ip | ipsec-bytes | integer | yes |
ip | ipsec-comp-alg | string | yes |
ip | ipsec-enc-alg | string | yes |
ip | ipsec-expire-acquire | integer | yes |
ip | ipsec-firstuse | integer | yes |
ip | ipsec-invalid-life | integer | yes |
ip | ipsec-pfs | integer | yes |
ip | ipsec-soft-allocs | integer | yes |
ip | ipsec-soft-bytes | integer | yes |
ip | ipsec-soft-firstuse | integer | yes |
ip | ipsec-soft-timeout | integer | yes |
ip | ipsec-timeout | integer | yes |
ip | maxqueue | integer | yes |
ip | mforwarding | integer | yes |
ip | mtudisc | integer | yes |
ip | mtudisctimeout | integer | yes |
ip | multipath | integer | yes |
ip | portfirst | integer | yes |
ip | porthifirst | integer | yes |
ip | porthilast | integer | yes |
ip | portlast | integer | yes |
ip | redirect | integer | yes |
ip | sourceroute | integer | yes |
ip | stats | structure | no |
ip | ttl | integer | yes |
ipcomp | enable | integer | yes |
ipip | allow | integer | yes |
mobileip | allow | integer | yes |
tcp | ackonpush | integer | yes |
tcp | always_keepalive | integer | yes |
tcp | baddynamic | array | yes |
tcp | ecn | integer | yes |
tcp | ident | structure | no |
tcp | keepidle | integer | yes |
tcp | keepinittime | integer | yes |
tcp | keepintvl | integer | yes |
tcp | mssdflt | integer | yes |
tcp | reasslimit | integer | yes |
tcp | rfc1323 | integer | yes |
tcp | rfc3390 | integer | yes |
tcp | rootonly | array | yes |
tcp | rstppslimit | integer | yes |
tcp | sack | integer | yes |
tcp | slowhz | integer | no |
tcp | stats | structure | no |
tcp | synbucketlimit | integer | yes |
tcp | syncachelimit | integer | yes |
tcp | synhashsize | integer | yes |
tcp | synuselimit | integer | yes |
udp | baddynamic | array | yes |
udp | checksum | integer | yes |
udp | recvspace | integer | yes |
udp | rootonly | array | yes |
udp | sendspace | integer | yes |
udp | stats | structure | no |
The variables are as follows:
ah.enable
(net.inet.ah.enable)bpf.bufsize
(net.bpf.bufsize)bpf.maxbufsize
(net.bpf.maxbufsize)carp.allow
(net.inet.carp.allow)carp.log
(net.inet.carp.log)carp.preempt
(net.inet.carp.preempt)divert.recvspace
(net.inet.divert.recvspace)divert.sendspace
(net.inet.divert.sendspace)esp.enable
(net.inet.esp.enable)esp.udpencap
(net.inet.esp.udpencap)esp.udpencap_port
(net.inet.udpencap_port)etherip.allow
(net.inet.etherip.allow)gre.allow
(net.inet.gre.allow)gre.wccp
(net.inet.gre.wccp)icmp.bmcastecho
(net.inet.icmp.bmcastecho)icmp.errppslimit
(net.inet.icmp.errppslimit)icmp.maskrepl
(kern.inet.icmp.maskrepl)icmp.rediraccept
(kern.inet.icmp.rediraccept)icmp.redirtimeout
(net.inet.icmp.redrttimeout)icmp.stats
(kern.inet.icmp.stats)icmp.tstamprepl
(net.inet.icmp.tstamprepl)ip.arpdown
(net.inet.ip.arpdown)ip.arptimeout
(net.inet.ip.arptimeout)ip.directed-broadcast
(net.inet.ip.directed-broadcast)ip.encdebug
(net.inet.ip.encdebug)ENCDEBUG
option, then debugging information will also be reported when this
variable is set.ip.forwarding
(net.inet.ip.forwarding)ip.ifq
struct
ifqueue
structures containing information about IP packet input
queue. The fifth level names for the elements of
struct ifqueue
are detailed below.
Fifth level name | Type | Changeable |
IFQCTL_DROPS |
integer | no |
IFQCTL_LEN |
integer | no |
IFQCTL_MAXLEN |
integer | yes |
The variables are as follows:
IFQCTL_DROPS
(net.inet.ip.ifq.drops)IFQCTL_LEN
(net.inet.ip.ifq.len)IFQCTL_MAXLEN
(bet.inet.ip.ifq.maxlen)ip.ipsec-allocs
(net.inet.ip.ipsec-allocs)ip.ipsec-auth-alg
(net.inet.ip.ipsec-auth-alg)ip.ipsec-bytes
(net.inet.ip.ipsec-bytes)ip.ipsec-comp-alg
(net.inet.ip.ipsec-comp-alg)ip.ipsec-enc-alg
(net.inet.ip.ipsec-enc-alg)ip.ipsec-expire-acquire
(net.inet.ip.ipsec-expire-acquire)ip.ipsec-firstuse
(net.inet.ip.ipsec-firstuse)ip.ipsec-invalid-life
(net.inet.ip.ipsec-invalid-life)ip.ipsec-pfs
(net.inet.ip.ipsec-pfs)ip.ipsec-soft-allocs
(net.inet.ip.ipsec-soft-allocs)ip.ipsec-soft-bytes
(net.inet.ip.ipsec-soft-bytes)ip.ipsec-soft-firstuse
(net.inet.ip.ipsec-soft-firstuse)ip.ipsec-soft-timeout
(net.inet.ip.ipsec-soft-timeout)ip.ipsec-timeout
(net.inet.ip.ipsec-timeout)ip.maxqueue
(net.inet.ip.maxqueue)ip.mforwarding
(net.inet.ip.mforwarding)ip.mtudisc
(net.inet.ip.mtudisc)ip.mtudisctimeout
(net.inet.ip.mtudisctimeout)ip.multipath
(net.inet.ip.multipath)ip.portfirst
(net.inet.ip.portfirst)ip.porthifirst
(net.inet.ip.porthifirst)ip.porthilast
(net.inet.ip.porthilast)ip.portlast
(net.inet.ip.portlast)ip.redirect
(net.inet.ip.redirect)ip.sourceroute
(net.inet.ip.sourceroute)ip.stats
(net.inet.ip.stats)ip.ttl
(net.inet.ip.ttl)ipcomp.enable
(net.inet.ipcomp.enable)ipip.allow
(net.inet.ipip.allow)mobileip.allow
(net.inet.mobileip.allow)tcp.ackonpush
(net.inet.tcp.ackonpush)TH_PUSH
flag set are being acknowledged immediately, otherwise 0.tcp.baddynamic
(net.inet.tcp.baddynamic)in_port_t
is returned specifying
the bitmask of TCP ports between 512 and 1023 inclusive that should
not be allocated dynamically by the kernel (i.e., they must be bound
specifically by port number).tcp.ecn
(net.inet.tcp.ecn)tcp.ident
(net.inet.tcp.ident)struct tcp_ident_mapping
specifying a local
and foreign endpoint of a TCP socket is filled in with the effective
and real UIDs of the process that owns the socket. If no such socket
exists, then the effective and real UID values are both set to
-1.tcp.keepidle
(net.inet.tcp.keepidle)SO_KEEPALIVE
has been set
on a socket, then this value specifies how much time a connection
needs to be idle before keepalives are sent. See also tcp.slowhz.tcp.keepinittime
(net.inet.tcp.keepinittime)tcp.keepintvl
(net.inet.tcp.keepintvl)tcp.always_keepalive
(net.inet.tcp.always_keepalive)SO_KEEPALIVE
was set on
all TCP sockets.tcp.mssdflt
(net.inet.tcp.mssdflt)tcp.reasslimit
(net.inet.tcp.reasslimit)tcp.rfc1323
(net.inet.tcp.rfc1323)tcp.rfc3390
(net.inet.tcp.rfc3390)tcp.rootonly
(net.inet.tcp.rootonly)in_port_t
is returned specifying
the bitmask of TCP ports that can only be bound by processes with root
euid. When running with a
securelevel(7)
greater than 0, this variable may not be changed.tcp.rstppslimit
(net.inet.tcp.rstppslimit)tcp.sack
(net.inet.tcp.sack)tcp.slowhz
(net.inet.tcp.slowhz)tcp.stats
(net.inet.tcp.stats)tcp.synbucketlimit
(net.inet.tcp.synbucketlimit)tcp.syncachelimit
(net.inet.tcp.syncachelimit)tcp.synhashsize
(net.inet.tcp.synhashsize)tcp.synuselimit
(net.inet.tcp.synuselimit)udp.baddynamic
(net.inet.udp.baddynamic)tcp.baddynamic
but for UDP
sockets.udp.checksum
(net.inet.udp.checksum)udp.recvspace
(net.inet.udp.recvspace)udp.rootonly
(net.inet.udp.rootonly)tcp.rootonly
but for UDP
sockets.udp.sendspace
(net.inet.udp.sendspace)udp.stats
(net.inet.udp.stats)PF_INET6
Protocol name | Variable name | Type | Changeable |
icmp6 | errppslimit | integer | yes |
icmp6 | mtudisc_hiwat | integer | yes |
icmp6 | mtudisc_lowat | integer | yes |
icmp6 | nd6_debug | integer | yes |
icmp6 | nd6_delay | integer | yes |
icmp6 | nd6_maxnudhint | integer | yes |
icmp6 | nd6_mmaxtries | integer | yes |
icmp6 | nd6_prune | integer | yes |
icmp6 | nd6_umaxtries | integer | yes |
icmp6 | redirtimeout | integer | yes |
ip6 | auto_flowlabel | integer | yes |
ip6 | dad_count | integer | yes |
ip6 | dad_pending | integer | yes |
ip6 | defmcasthlim | integer | yes |
ip6 | forwarding | integer | yes |
ip6 | hdrnestlimit | integer | yes |
ip6 | hlim | integer | yes |
ip6 | ifq | node | N/A |
ip6 | log_interval | integer | yes |
ip6 | maxdynroutes | integer | yes |
ip6 | maxfragpackets | integer | yes |
ip6 | maxfrags | integer | yes |
ip6 | maxifprefixes | integer | yes |
ip6 | maxifdefrouters | integer | yes |
ip6 | mforwarding | integer | yes |
ip6 | mtudisctimeout | integer | yes |
ip6 | multicast_mtudisc | integer | yes |
ip6 | multipath | integer | yes |
ip6 | neighborgcthresh | integer | yes |
ip6 | redirect | integer | yes |
ip6 | use_deprecated | integer | yes |
The variables are as follows:
icmp6.errppslimit
(net.inet6.icmp6.errppslimit)icmp6.mtudisc_hiwat
(net.inet6.icmp6.mtudisc_hiwat)icmp6.mtudisc_lowat
(net.inet6.icmp6.mtudisc_lowat)icmp6.mtudisc_hiwat
is used when we have
verified ICMPv6 too big messages.
icmp6.mtudisc_lowat
is used when we have
unverified ICMPv6 too big messages. Verification is performed by using
address/port pairs kept in connected PCBs. A negative value disables
the upper limit.
icmp6.nd6_debug
(net.inet6.icmp6.nd6_debug)icmp6.nd6_delay
(net.inet6.icmp6.nd6_delay)DELAY_FIRST_PROBE_TIME
timing constant in IPv6
neighbor discovery specification (RFC 4861), in seconds.
icmp6.nd6_maxnudhint
(net.inet6.icmp6.nd6_maxnudhint)icmp6.nd6_mmaxtries
(net.inet6.icmp6.nd6_mmaxtries)MAX_MULTICAST_SOLICIT
constant in IPv6
neighbor discovery specification (RFC 4861).
icmp6.nd6_prune
(net.inet6.icmp6.nd6_prune)icmp6.nd6_umaxtries
(net.inet6.icmp6.nd6_umaxtries)MAX_UNICAST_SOLICIT
constant in IPv6 neighbor
discovery specification (RFC 4861).
icmp6.redirtimeout
(net.inet6.icmp6.redirtimeout)ip6.auto_flowlabel
(net.inet6.ip6.auto_flowlabel)ip6.dad_count
(net.inet6.ip6.dad_count)ip6.dad_pending
(net.inet6.ip6.dad_pending)ip6.defmcasthlim
(net.inet6.ip6.defmcasthlim)ip6.forwarding
(net.inet6.ip6.forwarding)ip6.hdrnestlimit
(net.inet6.ip6.hdrnestlimit)ip6.hlim
(net.inet6.ip6.hlim)ip6.ifq
(net.inet6.ip6.ifq)struct
ifqueue
structures containing information about IPv6 packet
input queue. The fifth level names for the elements of
struct ifqueue
are detailed above in
ip.ifq
.
ip6.log_interval
(net.inet6.ip6.log_interval)ip6.maxdynroutes
(net.inet6.ip6.maxdynroutes)ip6.maxfragpackets
(net.inet6.ip6.maxfragpackets)ip6.maxfrags
(net.inet6.ip6.maxfrags)ip6.maxifprefixes
(net.inet6.ip6.maxifprefixes)ip6.maxifdefrouters
(net.inet6.ip6.maxifdefrouters)ip6.mforwarding
(net.inet6.ip6.mforwarding)ip6.multicast_mtudisc
(net.inet6.ip6.multicast_mtudisc)ip6.multipath
(net.inet6.ip6.multipath)ip6.mtudisctimeout
(net.inet6.ip6.mtudisctimeout)ip6.neighborgcthresh
(net.inet6.ip6.neighborgcthresh)ip6.redirect
(net.inet6.ip6.redirect)ip6.use_deprecated
(net.inet6.ip6.use_deprecated)We reuse net.inet.tcp
and
net.inet.udp
for TCP/UDP over IPv6.
PF_KEY
PF_KEY_V2
. The
third level name selects the database as follows:
NET_KEY_SADB_DUMP
NET_KEY_SPD_DUMP
PF_MPLS
Third level name | Type | Changeable |
MPLSCTL_DEFTTL |
integer | yes |
MPLSCTL_IFQUEUE |
node | not applicable |
MPLSCTL_MAPTTL_IP |
integer | yes |
MPLSCTL_MAPTTL_IP6 |
integer | yes |
MPLSCTL_MAXINKLOOP |
integer | yes |
MPLSCTL_DEFTTL
(net.mpls.ttl)MPLSCTL_IFQUEUE
(net.mpls.ifq)struct
ifqueue
structures containing information about MPLS packet
input queue. The forth level names for the elements of
struct ifqueue are same as described in
ip.ifq
in the PF_INET
section.MPLSCTL_MAPTTL_IP
(net.mpls.mapttl_ip)MPLSCTL_DEFTTL
. The default is
1.MPLSCTL_MAPTTL_IP6
(net.mpls.mapttl_ip6)MPLSCTL_DEFTTL
. The default is
0.MPLSCTL_MAXINKLOOP
(net.mpls.maxloop_inkernel)PF_PIPEX
(net.pipex)The currently defined variable names are:
Third level name | Type | Changeable |
PIPEXCTL_ENABLE |
integer | yes |
PIPEXCTL_INQ |
node | not applicable |
PIPEXCTL_OUTQ |
node | not applicable |
PIPEXCTL_ENABLE
PIPEXCTL_INQ
(net.pipex.inq)struct
ifqueue
structures containing information about the PIPEX
packet input queue. The forth level names for the elements of
struct ifqueue
are the same as described in
ip.ifq
in the PF_INET
section.PIPEXCTL_OUTQ
(net.pipex.outq)struct
ifqueue
structures containing information about PIPEX packet
output queue. The forth level names for the elements of
struct ifqueue are same as described in
ip.ifq
in the PF_INET
section.The string and integer information available for the
CTL_VFS
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Second level name | Type | Changeable |
VFS_GENERIC |
VFS generic info | no |
filesystem
# |
filesystem info | no |
VFS_GENERIC
Third level name | Type | Changeable |
VFS_CONF |
struct vfsconf | no |
VFS_MAXTYPENUM |
int | no |
VFS_GENERIC
with
VFS_CONF
, it is possible to access filesystem
dependent information.
Some filesystems may contain settings.
Third level name | Type | Changeable |
FFS_DIRHASH_DIRSIZE |
integer | yes |
FFS_DIRHASH_MAXMEM |
integer | yes |
FFS_DIRHASH_MEM |
integer | no |
FFS_MAX_SOFTDEPS |
integer | yes |
FFS_SD_BLK_LIMIT_HIT |
integer | yes |
FFS_SD_BLK_LIMIT_PUSH |
integer | yes |
FFS_SD_DIR_ENTRY |
integer | yes |
FFS_SD_DIRECT_BLK_PTRS |
integer | yes |
FFS_SD_INDIR_BLK_PTRS |
integer | yes |
FFS_SD_INO_LIMIT_HIT |
integer | yes |
FFS_SD_INO_LIMIT_PUSH |
integer | yes |
FFS_SD_INODE_BITMAP |
integer | yes |
FFS_SD_SYNC_LIMIT_HIT |
integer | yes |
FFS_SD_TICKDELAY |
integer | yes |
FFS_SD_WORKLIST_PUSH |
integer | yes |
FFS_DIRHASH_DIRSIZE
(vfs.ffs.dirhash_dirsize)FFS_DIRHASH_MAXMEM
(vfs.ffs.dirhash_maxmem)FFS_DIRHASH_MEM
(vfs.ffs.dirhash_mem)FFS_MAX_SOFTDEPS
(vfs.ffs.max_softdeps)FFS_SD_BLK_LIMIT_HIT
(vfs.ffs.sd_blk_limit_hit)FFS_SD_BLK_LIMIT_PUSH
(vfs.ffs.sd_blk_limit_push)FFS_SD_DIR_ENTRY
(vfs.ffs.sd_dir_entry)FFS_SD_DIRECT_BLK_PTRS
(vfs.ffs.sd_direct_blk_ptrs)FFS_SD_INDIR_BLK_PTRS
(vfs.ffs.sd_indir_blk_ptrs)FFS_SD_INO_LIMIT_HIT
(vfs.ffs.sd_ino_limit_hit)FFS_SD_INO_LIMIT_PUSH
(vfs.ffs.sd_ino_limit_push)FFS_SD_INODE_BITMAP
(vfs.ffs.sd_inode_bitmap)FFS_SD_SYNC_LIMIT_HIT
(vfs.ffs.sd_sync_limit_hit)FFS_SD_TICKDELAY
(vfs.ffs.sd_tickdelay)FFS_SD_WORKLIST_PUSH
(vfs.ffs.sd_worklist_push)Third level name | Type | Changeable |
NFS_NFSSTATS |
struct nfsstats | yes |
NFS_NIOTHREADS |
int | yes |
NFS_NIOTHREADS
(vfs.nfs.iothreads)Third level name | Type | Changeable |
FUSEFS_INFBUFS |
int | no |
FUSEFS_OPENDEVS |
int | no |
FUSEFS_POOL_NBPAGES |
int | no |
FUSEFS_WAITFBUFS |
int | no |
FUSEFS_INFBUFS
(vfs.fuse.fusefs_fbufs_in)FUSEFS_OPENDEVS
(vfs.fuse.fusefs_open_devices)FUSEFS_POOL_NBPAGES
(vfs.fuse.fusefs_pool_pages)FUSEFS_WAITFBUFS
(vfs.fuse.fusefs_fbufs_wait)The string and integer information available for the
CTL_VM
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Second level name | Type | Changeable |
VM_ANONMIN |
integer | yes |
VM_LOADAVG |
struct loadavg | no |
VM_MAXSLP |
integer | no |
VM_METER |
struct vmtotal | no |
VM_NKMEMPAGES |
integer | no |
VM_PSSTRINGS |
struct psstrings | no |
VM_SWAPENCRYPT |
swap encrypt values | yes |
VM_USPACE |
integer | no |
VM_UVMEXP |
struct uvmexp | no |
VM_VNODEMIN |
integer | yes |
VM_VTEXTMIN |
integer | yes |
VM_ANONMIN
(vm.anonmin)VM_LOADAVG
(vm.loadavg)struct loadavg
.VM_MAXSLP
(vm.maxslp)VM_METER
(vm.vmmeter)struct vmtotal
.VM_NKMEMPAGES
(vm.nkmempages)VM_PSSTRINGS
(vm.psstrings)struct
ps_strings
. The ps(1)
program uses it to locate the argument and environment strings.VM_SWAPENCRYPT
Third level name | Type | Changeable |
SWPENC_CREATED |
integer | no |
SWPENC_DELETED |
integer | no |
SWPENC_ENABLE |
integer | yes |
SWPENC_CREATED
(vm.swapencrypt.keyscreated)SWPENC_DELETED
(vm.swapencrypt.keysdeleted)SWPENC_ENABLE
(vm.swapencrypt.enable)VM_USPACE
(vm.uspace)VM_UVMEXP
(vm.uvmexp)VM_VNODEMIN
(vm.vnodemin)VM_VTEXTMIN
(vm.vtextmin)If the call to sysctl
() is unsuccessful,
-1 is returned and errno is set appropriately.
<sys/sysctl.h>
<sys/socket.h>
<sys/gmon.h>
<ufs/ffs/ffs_extern.h>
<nfs/nfs.h>
<uvm/uvm_param.h>
<uvm/uvm_swap_encrypt.h>
<net/if.h>
<net/pipex.h>
<netinet/in.h>
<netinet/icmp_var.h>
<netinet/icmp6.h>
<netinet/tcp_var.h>
<netinet/udp_var.h>
<machine/cpu.h>
The following errors may be reported:
EFAULT
]EINVAL
]CTL_MAXNAME
.EINVAL
]ENOMEM
]ENOENT
]ENXIO
]ENOTDIR
]EOPNOTSUPP
]EPERM
]EPERM
]EPERM
]ESRCH
]pathconf(2), sysconf(3), ddb(4), sysctl.conf(5), securelevel(7), sysctl(8)
The sysctl
() function first appeared in
4.4BSD.
March 16, 2017 | OpenBSD-6.1 |