SYSCTL(2) | System Calls Manual | SYSCTL(2) |
sysctl
— get or
set system information
#include
<sys/types.h>
#include <sys/sysctl.h>
int
sysctl
(const
int *name, u_int
namelen, void
*oldp, size_t
*oldlenp, void
*newp, size_t
newlen);
The
sysctl
()
function retrieves system information and allows processes with appropriate
privileges to set system information. The information available from
sysctl
() consists of integers, strings, and tables.
Information may be retrieved and set using the
sysctl(8) utility; the
variable names used by this utility are given here in parentheses.
Unless explicitly noted below,
sysctl
()
returns a consistent snapshot of the data requested. Consistency is obtained
by locking the destination buffer into memory so that the data may be copied
out without blocking. Calls to sysctl
() are
serialized to avoid deadlock.
The state is described using a “Management Information Base (MIB)” style name, listed in name, which is a namelen length array of integers.
The information is copied into the buffer specified by
oldp. The size of the buffer is given by the location
specified by oldlenp before the call, and that
location gives the amount of data copied after a successful call. If the
amount of data available is greater than the size of the buffer supplied,
the call supplies as much data as fits in the buffer provided and returns
with the error code ENOMEM
. If the old value is not
desired, oldp and oldlenp should
be set to NULL
.
The size of the available data can be determined by
calling
sysctl
()
with a NULL
parameter for
oldp. The size of the available data will be returned
in the location pointed to by oldlenp. For some
operations, the amount of space may change often. For these operations, the
system attempts to round up so that the returned size is large enough for a
call to return the data shortly thereafter.
The terminating NUL character is included in the lengths of string values.
To set a new value, newp is set to point to
a buffer of length newlen from which the requested
value is to be taken. If a new value is not to be set,
newp should be set to NULL
and
newlen set to 0.
The top level names are defined with a
CTL_
prefix in
<sys/sysctl.h>
, and are as
follows. The next and subsequent levels down are found in the include files
listed here, and described in separate sections below.
Name | Next level names | Description |
CTL_DDB |
ddb/db_var.h | Kernel debugger |
CTL_DEBUG |
sys/sysctl.h | Debugging |
CTL_FS |
sys/sysctl.h | File system |
CTL_HW |
sys/sysctl.h | Generic CPU, I/O |
CTL_KERN |
sys/sysctl.h | High kernel limits |
CTL_MACHDEP |
sys/sysctl.h | Machine dependent |
CTL_NET |
sys/socket.h | Networking |
CTL_VFS |
ufs/ffs/ffs_extern.h | Virtual file system |
CTL_VM |
uvm/uvm_param.h | Virtual memory |
For example, the following retrieves the maximum number of processes allowed in the system:
int mib[2], maxproc; size_t len; mib[0] = CTL_KERN; mib[1] = KERN_MAXPROC; len = sizeof(maxproc); if (sysctl(mib, 2, &maxproc, &len, NULL, 0) == -1) err(1, "sysctl");
Integer information and settable variables are available for the
CTL_DDB level
, as described below. More information
is also available in ddb(4).
Second level name | Type | Changeable |
DBCTL_CONSOLE |
integer | yes |
DBCTL_LOG |
integer | yes |
DBCTL_MAXLINE |
integer | yes |
DBCTL_MAXWIDTH |
integer | yes |
DBCTL_PANIC |
integer | yes |
DBCTL_RADIX |
integer | yes |
DBCTL_TABSTOP |
integer | yes |
DBCTL_TRIGGER |
integer | yes |
DBCTL_CONSOLE
(ddb.console)DBCTL_LOG
(ddb.log)DBCTL_MAXLINE
(ddb.max_line)$lines
variable.DBCTL_MAXWIDTH
(ddb.max_width)$maxwidth
variable.DBCTL_PANIC
(ddb.panic)DBCTL_RADIX
(ddb.radix)$radix
variable.DBCTL_TABSTOP
(ddb.tab_stop_width)$tabstops
variable.DBCTL_TRIGGER
(ddb.trigger)DBCTL_CONSOLE
is set, writing to
DBCTL_TRIGGER
causes the system to enter
ddb(4). When running with a
securelevel(7) greater
than 0, the process writing to this variable must be running on the
console in order to enter
ddb(4).The debugging variables vary from system to system. A debugging
variable may be added or deleted without need to recompile
sysctl
()
to know about it. Each time it runs, sysctl
() gets
the list of debugging variables from the kernel and displays their current
values. The system defines twenty struct ctldebug
variables named debug0 through
debug19. They are declared as separate variables so
that they can be individually initialized at the location of their
associated variable. The loader prevents multiple use of the same variable
by issuing errors if a variable is initialized in more than one place. For
example, to export the variable dospecialcheck as a
debugging variable, the following declaration would be used:
int dospecialcheck = 1; struct ctldebug debug5 = { "dospecialcheck", &dospecialcheck };
The string and integer information available for the
CTL_FS
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Second level name | Type | Changeable |
FS_POSIX_SETUID |
integer | yes |
FS_POSIX_SETUID
(fs.posix.setuid)The string and integer information available for the
CTL_HW
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Second level name | Type | Changeable |
HW_ALLOWPOWERDOWN |
integer | yes |
HW_BYTEORDER |
integer | no |
HW_CPUSPEED |
integer | no |
HW_DISKCOUNT |
integer | no |
HW_DISKNAMES |
string | no |
HW_DISKSTATS |
struct | no |
HW_MACHINE |
string | no |
HW_MODEL |
string | no |
HW_NCPU |
integer | no |
HW_NCPUFOUND |
integer | no |
HW_NCPUONLINE |
integer | no |
HW_PAGESIZE |
integer | no |
HW_PERFPOLICY |
string | yes |
HW_PHYSMEM |
integer | no |
HW_PHYSMEM64 |
int64_t | no |
HW_PRODUCT |
string | no |
HW_SENSORS |
node | not applicable |
HW_SETPERF |
integer | yes |
HW_SMT |
integer | yes |
HW_USERMEM |
integer | no |
HW_USERMEM64 |
int64_t | no |
HW_UUID |
string | no |
HW_VENDOR |
string | no |
HW_VERSION |
string | no |
HW_ALLOWPOWERDOWN
(hw.allowpowerdown)HW_BYTEORDER
(hw.byteorder)HW_CPUSPEED
(hw.cpuspeed)HW_DISKCOUNT
(hw.diskcount)HW_DISKNAMES
(hw.disknames)HW_DISKSTATS
(hw.diskstats)HW_MACHINE
(hw.machine)HW_MODEL
(hw.model)HW_NCPU
(hw.ncpu)HW_NCPUFOUND
(hw.ncpufound)HW_NCPUONLINE
(hw.ncpuonline)HW_PAGESIZE
(hw.pagesize)HW_PERFPOLICY
(hw.perfpolicy)HW_PHYSMEM
HW_PHYSMEM64
instead.HW_PHYSMEM64
(hw.physmem)HW_PRODUCT
(hw.product)HW_SENSORS
(hw.sensors)Third, fourth and fifth levels together comprise an array of struct sensor structures containing snapshot readings of hardware monitoring sensors. In such usage, third level indicates the numerical representation of the sensor device name to which the sensor is attached (a device's xname and number are matched with the help of struct sensordev structure above), fourth level indicates sensor type and fifth level is an ordinal sensor number (unique to the specified sensor type on the specified sensor device).
The
sensordev
and
sensor
structures and
sensor_type
enumeration are defined in
<sys/sensors.h>
.
HW_SERIALNO
(hw.serialno)HW_SETPERF
(hw.setperf)HW_PERFPOLICY
is set to
“manual”.HW_SMT
(hw.smt)HW_USERMEM
HW_USERMEM64
instead.HW_USERMEM64
(hw.usermem)HW_UUID
(hw.uuid)HW_VENDOR
(hw.vendor)HW_VERSION
(hw.version)The string and integer information available for the
CTL_KERN
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value. The types of data currently available are process information, system
vnodes, the open file entries, routing table entries, virtual memory
statistics, load average history, and clock rate information.
Second level name | Type | Changeable |
KERN_ALLOWDT |
integer | yes |
KERN_ALLOWKMEM |
integer | yes |
KERN_ARGMAX |
integer | no |
KERN_AUDIO |
node | yes |
KERN_BOOTTIME |
struct timeval | no |
KERN_CACHEPCT |
integer | yes |
KERN_CCPU |
integer | no |
KERN_CLOCKRATE |
struct clockinfo | no |
KERN_CONSDEV |
dev_t | no |
KERN_CPTIME |
long[CPUSTATES] | no |
KERN_CPTIME2 |
u_int64_t[CPUSTATES] | no |
KERN_CPUSTATS |
struct cpustats | no |
KERN_DOMAINNAME |
string | yes |
KERN_FILE |
struct kinfo_file | no |
KERN_FORKSTAT |
struct forkstat | no |
KERN_FSCALE |
integer | no |
KERN_FSYNC |
integer | no |
KERN_GLOBAL_PTRACE |
integer | yes |
KERN_HOSTID |
integer | yes |
KERN_HOSTNAME |
string | yes |
KERN_INTRCNT |
node | not applicable |
KERN_JOB_CONTROL |
integer | no |
KERN_MALLOCSTATS |
node | no |
KERN_MAXCLUSTERS |
integer | yes |
KERN_MAXFILES |
integer | yes |
KERN_MAXLOCKSPERUID |
integer | yes |
KERN_MAXPARTITIONS |
integer | no |
KERN_MAXPROC |
integer | yes |
KERN_MAXTHREAD |
integer | yes |
KERN_MAXVNODES |
integer | yes |
KERN_MBSTAT |
struct mbstat | no |
KERN_MSGBUF |
char[] | no |
KERN_MSGBUFSIZE |
integer | no |
KERN_NCHSTATS |
struct nchstats | no |
KERN_NFILES |
integer | no |
KERN_NGROUPS |
integer | no |
KERN_NOSUIDCOREDUMP |
integer | yes |
KERN_NPROCS |
integer | no |
KERN_NSELCOLL |
integer | no |
KERN_NTHREADS |
integer | no |
KERN_NUMVNODES |
integer | no |
KERN_OSRELEASE |
string | no |
KERN_OSREV |
integer | no |
KERN_OSTYPE |
string | no |
KERN_OSVERSION |
string | no |
KERN_PFSTATUS |
struct pf_status | no |
KERN_POOL_DEBUG |
integer | yes |
KERN_POSIX1 |
integer | no |
KERN_PROC |
struct kinfo_proc | no |
KERN_PROC_ARGS |
node | not applicable |
KERN_PROC_CWD |
string | not applicable |
KERN_PROC_NOBROADCASTKILL |
node | not applicable |
KERN_PROC_VMMAP |
struct kinfo_vmentry | no |
KERN_PROF |
node | not applicable |
KERN_RAWPARTITION |
integer | no |
KERN_SAVED_IDS |
integer | no |
KERN_SECURELVL |
integer | raise only |
KERN_SEMINFO |
node | not applicable |
KERN_SHMINFO |
node | not applicable |
KERN_SOMAXCONN |
integer | yes |
KERN_SOMINCONN |
integer | yes |
KERN_SPLASSERT |
int | yes |
KERN_STACKGAPRANDOM |
integer | yes |
KERN_SYSVIPC_INFO |
node | not applicable |
KERN_SYSVMSG |
integer | no |
KERN_SYSVSEM |
integer | no |
KERN_SYSVSHM |
integer | no |
KERN_TIMECOUNTER |
node | not applicable |
KERN_TTY |
node | not applicable |
KERN_TTYCOUNT |
integer | no |
KERN_UTC_OFFSET |
integer | yes |
KERN_VERSION |
string | no |
KERN_VIDEO |
node | yes |
KERN_WATCHDOG |
node | not applicable |
KERN_WITNESS |
node | not applicable |
KERN_WXABORT |
integer | yes |
KERN_ALLOWDT
(kern.allowdt)KERN_ALLOWKMEM
(kern.allowkmem)KERN_ARGMAX
(kern.argmax)KERN_AUDIO
(kern.audio)Third level name | Type | Changeable |
KERN_AUDIO_RECORD |
integer | yes |
Its meaning is as follows:
KERN_AUDIO_RECORD
(kern.audio.record)KERN_BOOTTIME
(kern.boottime)KERN_CACHEPCT
(kern.bufcachepercent)KERN_CCPU
(kern.ccpu)KERN_CLOCKRATE
(kern.clockrate)KERN_CONSDEV
(kern.consdev)KERN_CPTIME
(kern.cp_time)CPUSTATES
is returned,
containing statistics about the number of ticks spent by the system in
interrupt processing, user processes
(nice(1) or normal), system
processing, lock spinning, or idling.KERN_CPTIME2
(kern.cp_time2)KERN_CPTIME
, but obtains information
from only the single CPU specified by the third level name given.KERN_CPUSTATS
KERN_CPTIME2
and a bit mask indicating the status
of the CPU specified by the third level name.KERN_DOMAINNAME
(kern.domainname)KERN_FILE
(kern.file)Third level name | Fourth level is: |
KERN_FILE_BYFILE |
A file type |
KERN_FILE_BYPID |
A process ID |
KERN_FILE_BYUID |
A user ID |
The fifth level name is the size of the struct kinfo_file and the sixth level name is the number of structures to return.
KERN_FORKSTAT
(kern.forkstat)KERN_FSCALE
(kern.fscale)KERN_FSYNC
(kern.fsync)KERN_GLOBAL_PTRACE
(kern.global_ptrace)KERN_HOSTID
(kern.hostid)KERN_HOSTNAME
(kern.hostname)KERN_JOB_CONTROL
(kern.job_control)KERN_MALLOCSTATS
(kern.malloc)Third level name | Type |
KERN_MALLOC_BUCKET |
node |
KERN_MALLOC_BUCKETS |
string |
KERN_MALLOC_KMEMNAMES |
string |
KERN_MALLOC_KMEMSTATS |
node |
The variables are as follows:
KERN_MALLOC_BUCKET.<size>
(kern.malloc.bucket)If a value is specified that does not correspond directly to a bucket size, the statistics for the closest larger bucket size will be returned instead.
Note that bucket sizes are typically powers of 2.
KERN_MALLOC_BUCKETS
(kern.malloc.buckets)KERN_MALLOC_KMEMNAMES
(kern.malloc.kmemnames)KERN_MALLOC_KMEMSTATS
(kern.malloc.kmemstat)KERN_MAXCLUSTERS
(kern.maxclusters)KERN_MAXFILES
(kern.maxfiles)KERN_MAXLOCKSPERUID
(kern.maxlocksperuid)KERN_MAXPARTITIONS
(kern.maxpartitions)KERN_MAXPROC
(kern.maxproc)KERN_MAXTHREAD
(kern.maxthread)KERN_MAXVNODES
(kern.maxvnodes)KERN_MBSTAT
(kern.mbstat)KERN_MSGBUF
(kern.msgbuf)KERN_MSGBUFSIZE
(kern.msgbufsize)KERN_NCHSTATS
(kern.nchstats)KERN_NFILES
(kern.nfiles)KERN_NGROUPS
(kern.ngroups)KERN_NOSUIDCOREDUMP
(kern.nosuidcoredump)value | condition | dump core to |
0 | euid == 0 | current directory |
1 | never | |
2 | always | /var/crash |
3 | depends | /var/crash/$programname/ |
KERN_NPROCS
(kern.nprocs)KERN_NSELCOLL
(kern.nselcoll)KERN_NTHREADS
(kern.nthreads)KERN_NUMVNODES
(kern.numvnodes)KERN_OSRELEASE
(kern.osrelease)KERN_OSREV
(kern.osrevision)KERN_OSTYPE
(kern.ostype)KERN_OSVERSION
(kern.osversion)KERN_PFSTATUS
KERN_POOL_DEBUG
(kern.pool_debug)KERN_POSIX1
(kern.posix1version)KERN_PROC
(kern.proc)Third level name | Fourth level is: |
KERN_PROC_ALL |
None |
KERN_PROC_KTHREAD |
A kernel thread |
KERN_PROC_PID |
A process ID |
KERN_PROC_PGRP |
A process group |
KERN_PROC_RUID |
A real user ID |
KERN_PROC_SESSION |
A session PID |
KERN_PROC_TTY |
A tty device |
KERN_PROC_UID |
A user ID |
The fifth level name is the size of the struct kinfo_proc and the sixth level name is the number of structures to return.
KERN_PROC_ARGS
(kern.procargs)KERN_PROC_ARGV |
KERN_PROC_ENV |
KERN_PROC_NARGV |
KERN_PROC_NENV |
KERN_PROC_NARGV
and
KERN_PROC_NENV
return the number of elements as
an int in the argv or env array.
KERN_PROC_ARGV
returns the argv array and
KERN_PROC_ENV
returns the environ array. The
buffer pointed to by oldp is filled with an array
of char pointers followed by the strings themselves. The last char
pointer is a NULL
pointer.
KERN_PROC_CWD
(kern.proc_cwd)KERN_PROC_NOBROADCASTKILL
(kern.proc_nobroadcastkill)KERN_PROC_VMMAP
(kern.proc_vmmap)KERN_PROF
(kern.profiling)KERN_PROF
values will fail with
EOPNOTSUPP
. The third level names for the string
and integer profiling information are detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Third level name | Type | Changeable |
GPROF_COUNT |
u_short[] | yes |
GPROF_FROMS |
u_short[] | yes |
GPROF_GMONPARAM |
struct gmonparam | no |
GPROF_STATE |
integer | yes |
GPROF_TOS |
struct tostruct | yes |
The variables are as follows:
GPROF_COUNT
GPROF_FROMS
GPROF_GMONPARAM
GPROF_STATE
GMON_PROF_ON
or
GMON_PROF_OFF
to show that profiling is
running or stopped.GPROF_TOS
KERN_RAWPARTITION
(kern.rawpartition)KERN_SAVED_IDS
(kern.saved_ids)KERN_SECURELVL
(kern.securelevel)KERN_SEMINFO
(kern.seminfo)KERN_SEMINFO
values will fail
with EOPNOTSUPP
. The third level names for the
elements of struct seminfo are detailed below. The
changeable column shows whether a process with appropriate privileges may
change the value.
Third level name | Type | Changeable |
KERN_SEMINFO_SEMAEM |
integer | no |
KERN_SEMINFO_SEMMNI |
integer | yes |
KERN_SEMINFO_SEMMNS |
integer | yes |
KERN_SEMINFO_SEMMNU |
integer | yes |
KERN_SEMINFO_SEMMSL |
integer | yes |
KERN_SEMINFO_SEMOPM |
integer | yes |
KERN_SEMINFO_SEMUME |
integer | no |
KERN_SEMINFO_SEMUSZ |
integer | no |
KERN_SEMINFO_SEMVMX |
integer | no |
The variables are as follows:
KERN_SEMINFO_SEMAEM
(kern.seminfo.semaem)KERN_SEMINFO_SEMMNI
(kern.seminfo.semmni)KERN_SEMINFO_SEMMNS
(kern.seminfo.semmns)KERN_SEMINFO_SEMMNU
(kern.seminfo.semmnu)KERN_SEMINFO_SEMMSL
(kern.seminfo.semmsl)KERN_SEMINFO_SEMOPM
(kern.seminfo.semopm)KERN_SEMINFO_SEMUME
(kern.seminfo.semume)KERN_SEMINFO_SEMUSZ
(kern.seminfo.semusz)KERN_SEMINFO_SEMVMX
(kern.seminfo.semvmx)KERN_SHMINFO
(kern.shminfo)KERN_SHMINFO
values will fail
with EOPNOTSUPP
. The third level names for the
elements of struct shminfo are detailed below. The
changeable column shows whether a process with appropriate privileges may
change the value.
Third level name | Type | Changeable |
KERN_SHMINFO_SHMALL |
integer | yes |
KERN_SHMINFO_SHMMAX |
integer | yes |
KERN_SHMINFO_SHMMIN |
integer | yes |
KERN_SHMINFO_SHMMNI |
integer | yes |
KERN_SHMINFO_SHMSEG |
integer | yes |
The variables are as follows:
KERN_SHMINFO_SHMALL
(kern.shminfo.shmall)KERN_SHMINFO_SHMMAX
(kern.shminfo.shmmax)KERN_SHMINFO_SHMMIN
(kern.shminfo.shmmin)KERN_SHMINFO_SHMMNI
(kern.shminfo.shmmni)KERN_SHMINFO_SHMSEG
(kern.shminfo.shmseg)KERN_SOMAXCONN
(kern.somaxconn)KERN_SOMINCONN
(kern.sominconn)KERN_SPLASSERT
(kern.splassert)Any other value causes a system panic on errors. See splassert(9) for more information.
KERN_STACKGAPRANDOM
(kern.stackgap_random)KERN_SYSVIPC_INFO
(kern.sysvipc_info)Third level name | Type |
KERN_SYSVIPC_MSG_INFO |
struct msg_sysctl_info |
KERN_SYSVIPC_SEM_INFO |
struct sem_sysctl_info |
KERN_SYSVIPC_SHM_INFO |
struct shm_sysctl_info |
KERN_SYSVIPC_MSG_INFO
<sys/msg.h>
.KERN_SYSVIPC_SEM_INFO
<sys/sem.h>
.KERN_SYSVIPC_SHM_INFO
<sys/shm.h>
.KERN_SYSVMSG
(kern.sysvmsg)KERN_SYSVSEM
(kern.sysvem)KERN_SYSVSHM
(kern.sysvshm)KERN_TIMECOUNTER
(kern.timecounter)Third level name | Type | Changeable |
KERN_TIMECOUNTER_CHOICE |
string | no |
KERN_TIMECOUNTER_HARDWARE |
string | yes |
KERN_TIMECOUNTER_TICK |
integer | no |
KERN_TIMECOUNTER_TIMESTEPWARNINGS |
integer | yes |
The variables are as follows:
KERN_TIMECOUNTER_CHOICE
(kern.timecounter.choice)KERN_TIMECOUNTER_HARDWARE
(kern.timecounter.hardware)KERN_TIMECOUNTER_TICK
(kern.timecounter.tick)KERN_TIMECOUNTER_TIMESTEPWARNINGS
(kern.timecounter.timestepwarnings)KERN_TTY
(kern.tty)Third level name | Type | Changeable |
KERN_TTY_INFO |
struct itty | no |
KERN_TTY_TKCANCC |
int64_t | no |
KERN_TTY_TKNIN |
int64_t | no |
KERN_TTY_TKNOUT |
int64_t | no |
KERN_TTY_TKRAWCC |
int64_t | no |
The variables are as follows:
KERN_TTY_INFO
(kern.tty.ttyinfo)KERN_TTY_TKCANCC
(kern.tty.tk_cancc)KERN_TTY_TKNIN
(kern.tty.tk_nin)KERN_TTY_TKNOUT
(kern.tty.tk_nout)KERN_TTY_TKRAWCC
(kern.tty.tk_rawcc)KERN_TTYCOUNT
(kern.ttycount)KERN_UTC_OFFSET
(kern.utc_offset)KERN_VERSION
(kern.version)KERN_VIDEO
(kern.video)Third level name | Type | Changeable |
KERN_VIDEO_RECORD |
integer | yes |
Its meaning is as follows:
KERN_VIDEO_RECORD
(kern.video.record)KERN_WATCHDOG
(kern.watchdog)KERN_WATCHDOG
values will fail with
EOPNOTSUPP
.
Third level name | Type | Changeable |
KERN_WATCHDOG_AUTO |
integer | yes |
KERN_WATCHDOG_PERIOD |
integer | yes |
The variables are as follows:
KERN_WATCHDOG_AUTO
(kern.watchdog.auto)KERN_WATCHDOG_PERIOD
variable.KERN_WATCHDOG_PERIOD
(kern.watchdog.period)KERN_WITNESS
(kern.witness)Third level name | Type | Changeable |
KERN_WITNESS_LOCKTRACE |
integer | yes |
KERN_WITNESS_WATCH |
integer | yes |
The variables are as follows:
KERN_WITNESS_LOCKTRACE
(kern.witness.locktrace)KERN_WITNESS_WATCH
(kern.witness.watch)KERN_WXABORT
(kern.wxabort)The set of variables defined is architecture dependent. Most architectures define at least the following variables.
Second level name | Type | Changeable |
CPU_CONSDEV |
dev_t | no |
Consult the example file /etc/examples/sysctl.conf for a non-exhaustive list of machdep variables.
The string and integer information available for the
CTL_NET
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Second level name | Type | Changeable |
PF_ROUTE |
routing messages | no |
PF_INET |
IPv4 values | yes |
PF_INET6 |
IPv6 values | yes |
PF_KEY |
key management | no |
PF_MPLS |
MPLS values | yes |
PF_PIPEX |
PIPEX values | yes |
PF_ROUTE
The third level name is a protocol number, which is currently always 0. The fourth level name is an address family, which may be set to 0 to select all address families. The fifth and sixth level names are as follows:
Fifth level name | Sixth level is: |
NET_RT_DUMP |
priority |
NET_RT_FLAGS |
rtflags |
NET_RT_IFLIST |
None |
NET_RT_IFNAMES |
None |
NET_RT_STATS |
None |
NET_RT_TABLE |
rtableid |
NET_RT_DUMP
An optional seventh level name can be provided to select the routing table on which to run the operation. If not provided, the table with ID 0 is used.
PF_INET
Protocol name | Variable name | Type | Changeable |
ah | enable | integer | yes |
bpf | bufsize | integer | yes |
bpf | maxbufsize | integer | yes |
carp | allow | integer | yes |
carp | log | integer | yes |
carp | preempt | integer | yes |
divert | recvspace | integer | yes |
divert | sendspace | integer | yes |
esp | enable | integer | yes |
esp | udpencap | integer | yes |
esp | udpencap_port | integer | yes |
etherip | allow | integer | yes |
gre | allow | integer | yes |
gre | wccp | integer | yes |
icmp | bmcastecho | integer | yes |
icmp | errppslimit | integer | yes |
icmp | maskrepl | integer | yes |
icmp | rediraccept | integer | yes |
icmp | redirtimeout | integer | yes |
icmp | stats | structure | no |
icmp | tstamprepl | integer | yes |
ip | arpqueued | integer | no |
ip | arpdown | integer | yes |
ip | arptimeout | integer | yes |
ip | arpq | node | N/A |
ip | directed-broadcast | integer | yes |
ip | encdebug | integer | yes |
ip | forwarding | integer | yes |
ip | ipsec-allocs | integer | yes |
ip | ipsec-auth-alg | string | yes |
ip | ipsec-bytes | integer | yes |
ip | ipsec-comp-alg | string | yes |
ip | ipsec-enc-alg | string | yes |
ip | ipsec-expire-acquire | integer | yes |
ip | ipsec-firstuse | integer | yes |
ip | ipsec-invalid-life | integer | yes |
ip | ipsec-pfs | integer | yes |
ip | ipsec-soft-allocs | integer | yes |
ip | ipsec-soft-bytes | integer | yes |
ip | ipsec-soft-firstuse | integer | yes |
ip | ipsec-soft-timeout | integer | yes |
ip | ipsec-timeout | integer | yes |
ip | maxqueue | integer | yes |
ip | mforwarding | integer | yes |
ip | mtudisc | integer | yes |
ip | mtudisctimeout | integer | yes |
ip | multipath | integer | yes |
ip | portfirst | integer | yes |
ip | porthifirst | integer | yes |
ip | porthilast | integer | yes |
ip | portlast | integer | yes |
ip | redirect | integer | yes |
ip | sourceroute | integer | yes |
ip | stats | structure | no |
ip | ttl | integer | yes |
ipcomp | enable | integer | yes |
ipip | allow | integer | yes |
tcp | ackonpush | integer | yes |
tcp | always_keepalive | integer | yes |
tcp | baddynamic | array | yes |
tcp | ecn | integer | yes |
tcp | ident | structure | no |
tcp | keepidle | integer | yes |
tcp | keepinittime | integer | yes |
tcp | keepintvl | integer | yes |
tcp | mssdflt | integer | yes |
tcp | reasslimit | integer | yes |
tcp | rfc1323 | integer | yes |
tcp | rfc3390 | integer | yes |
tcp | rootonly | array | yes |
tcp | rstppslimit | integer | yes |
tcp | sack | integer | yes |
tcp | slowhz | integer | no |
tcp | stats | structure | no |
tcp | synbucketlimit | integer | yes |
tcp | syncachelimit | integer | yes |
tcp | synhashsize | integer | yes |
tcp | synuselimit | integer | yes |
udp | baddynamic | array | yes |
udp | checksum | integer | yes |
udp | recvspace | integer | yes |
udp | rootonly | array | yes |
udp | sendspace | integer | yes |
udp | stats | structure | no |
The variables are as follows:
ah.enable
(net.inet.ah.enable)bpf.bufsize
(net.bpf.bufsize)bpf.maxbufsize
(net.bpf.maxbufsize)carp.allow
(net.inet.carp.allow)carp.log
(net.inet.carp.log)carp.preempt
(net.inet.carp.preempt)divert.recvspace
(net.inet.divert.recvspace)divert.sendspace
(net.inet.divert.sendspace)esp.enable
(net.inet.esp.enable)esp.udpencap
(net.inet.esp.udpencap)esp.udpencap_port
(net.inet.udpencap_port)etherip.allow
(net.inet.etherip.allow)gre.allow
(net.inet.gre.allow)gre.wccp
(net.inet.gre.wccp)icmp.bmcastecho
(net.inet.icmp.bmcastecho)icmp.errppslimit
(net.inet.icmp.errppslimit)icmp.maskrepl
(kern.inet.icmp.maskrepl)icmp.rediraccept
(kern.inet.icmp.rediraccept)icmp.redirtimeout
(net.inet.icmp.redrttimeout)icmp.stats
(kern.inet.icmp.stats)icmp.tstamprepl
(net.inet.icmp.tstamprepl)ip.arpqueued
(net.inet.ip.arpqueued)ip.arpdown
(net.inet.ip.arpdown)ip.arptimeout
(net.inet.ip.arptimeout)ip.arpq
Fifth level name | Type | Changeable |
IFQCTL_DROPS |
integer | no |
IFQCTL_LEN |
integer | no |
IFQCTL_MAXLEN |
integer | yes |
The variables are as follows:
IFQCTL_DROPS
(net.inet.ip.arpq.drops)IFQCTL_LEN
(net.inet.ip.arpq.len)IFQCTL_MAXLEN
(net.inet.ip.arpq.maxlen)ip.directed-broadcast
(net.inet.ip.directed-broadcast)ip.encdebug
(net.inet.ip.encdebug)ENCDEBUG
option, then debugging information will also be reported when this
variable is set.ip.forwarding
(net.inet.ip.forwarding)ip.ipsec-allocs
(net.inet.ip.ipsec-allocs)ip.ipsec-auth-alg
(net.inet.ip.ipsec-auth-alg)ip.ipsec-bytes
(net.inet.ip.ipsec-bytes)ip.ipsec-comp-alg
(net.inet.ip.ipsec-comp-alg)ip.ipsec-enc-alg
(net.inet.ip.ipsec-enc-alg)ip.ipsec-expire-acquire
(net.inet.ip.ipsec-expire-acquire)ip.ipsec-firstuse
(net.inet.ip.ipsec-firstuse)ip.ipsec-invalid-life
(net.inet.ip.ipsec-invalid-life)ip.ipsec-pfs
(net.inet.ip.ipsec-pfs)ip.ipsec-soft-allocs
(net.inet.ip.ipsec-soft-allocs)ip.ipsec-soft-bytes
(net.inet.ip.ipsec-soft-bytes)ip.ipsec-soft-firstuse
(net.inet.ip.ipsec-soft-firstuse)ip.ipsec-soft-timeout
(net.inet.ip.ipsec-soft-timeout)ip.ipsec-timeout
(net.inet.ip.ipsec-timeout)ip.maxqueue
(net.inet.ip.maxqueue)ip.mforwarding
(net.inet.ip.mforwarding)ip.mtudisc
(net.inet.ip.mtudisc)ip.mtudisctimeout
(net.inet.ip.mtudisctimeout)ip.multipath
(net.inet.ip.multipath)ip.portfirst
(net.inet.ip.portfirst)ip.porthifirst
(net.inet.ip.porthifirst)ip.porthilast
(net.inet.ip.porthilast)ip.portlast
(net.inet.ip.portlast)ip.redirect
(net.inet.ip.redirect)ip.sourceroute
(net.inet.ip.sourceroute)ip.stats
(net.inet.ip.stats)ip.ttl
(net.inet.ip.ttl)ipcomp.enable
(net.inet.ipcomp.enable)ipip.allow
(net.inet.ipip.allow)tcp.ackonpush
(net.inet.tcp.ackonpush)TH_PUSH
flag set are being acknowledged immediately, otherwise 0.tcp.baddynamic
(net.inet.tcp.baddynamic)tcp.ecn
(net.inet.tcp.ecn)tcp.ident
(net.inet.tcp.ident)tcp.keepidle
(net.inet.tcp.keepidle)SO_KEEPALIVE
has been set
on a socket, then this value specifies how much time a connection
needs to be idle before keepalives are sent. See also tcp.slowhz.tcp.keepinittime
(net.inet.tcp.keepinittime)tcp.keepintvl
(net.inet.tcp.keepintvl)tcp.always_keepalive
(net.inet.tcp.always_keepalive)SO_KEEPALIVE
was set on
all TCP sockets.tcp.mssdflt
(net.inet.tcp.mssdflt)tcp.reasslimit
(net.inet.tcp.reasslimit)tcp.rfc1323
(net.inet.tcp.rfc1323)tcp.rfc3390
(net.inet.tcp.rfc3390)tcp.rootonly
(net.inet.tcp.rootonly)tcp.rstppslimit
(net.inet.tcp.rstppslimit)tcp.sack
(net.inet.tcp.sack)tcp.slowhz
(net.inet.tcp.slowhz)tcp.stats
(net.inet.tcp.stats)tcp.synbucketlimit
(net.inet.tcp.synbucketlimit)tcp.syncachelimit
(net.inet.tcp.syncachelimit)tcp.synhashsize
(net.inet.tcp.synhashsize)tcp.synuselimit
(net.inet.tcp.synuselimit)udp.baddynamic
(net.inet.udp.baddynamic)tcp.baddynamic
but for UDP
sockets.udp.checksum
(net.inet.udp.checksum)udp.recvspace
(net.inet.udp.recvspace)udp.rootonly
(net.inet.udp.rootonly)tcp.rootonly
but for UDP
sockets.udp.sendspace
(net.inet.udp.sendspace)udp.stats
(net.inet.udp.stats)PF_INET6
Protocol name | Variable name | Type | Changeable |
icmp6 | errppslimit | integer | yes |
icmp6 | mtudisc_hiwat | integer | yes |
icmp6 | mtudisc_lowat | integer | yes |
icmp6 | nd6_debug | integer | yes |
icmp6 | nd6_delay | integer | yes |
icmp6 | nd6_maxnudhint | integer | yes |
icmp6 | nd6_mmaxtries | integer | yes |
icmp6 | nd6_umaxtries | integer | yes |
icmp6 | redirtimeout | integer | yes |
ip6 | auto_flowlabel | integer | yes |
ip6 | dad_count | integer | yes |
ip6 | dad_pending | integer | yes |
ip6 | defmcasthlim | integer | yes |
ip6 | forwarding | integer | yes |
ip6 | hdrnestlimit | integer | yes |
ip6 | hlim | integer | yes |
ip6 | log_interval | integer | yes |
ip6 | maxdynroutes | integer | yes |
ip6 | maxfragpackets | integer | yes |
ip6 | maxfrags | integer | yes |
ip6 | mforwarding | integer | yes |
ip6 | mtudisctimeout | integer | yes |
ip6 | multicast_mtudisc | integer | yes |
ip6 | multipath | integer | yes |
ip6 | neighborgcthresh | integer | yes |
ip6 | redirect | integer | yes |
ip6 | soiikey | uint8_t[IP6_SOIIKEY_LEN] | yes |
ip6 | use_deprecated | integer | yes |
The variables are as follows:
icmp6.errppslimit
(net.inet6.icmp6.errppslimit)icmp6.mtudisc_hiwat
(net.inet6.icmp6.mtudisc_hiwat)icmp6.mtudisc_lowat
(net.inet6.icmp6.mtudisc_lowat)icmp6.mtudisc_hiwat
is used when we have
verified ICMPv6 too big messages.
icmp6.mtudisc_lowat
is used when we have
unverified ICMPv6 too big messages. Verification is performed by using
address/port pairs kept in connected PCBs. A negative value disables
the upper limit.
icmp6.nd6_debug
(net.inet6.icmp6.nd6_debug)icmp6.nd6_delay
(net.inet6.icmp6.nd6_delay)DELAY_FIRST_PROBE_TIME
timing constant in IPv6
neighbor discovery specification (RFC 4861), in seconds.
icmp6.nd6_maxnudhint
(net.inet6.icmp6.nd6_maxnudhint)icmp6.nd6_mmaxtries
(net.inet6.icmp6.nd6_mmaxtries)MAX_MULTICAST_SOLICIT
constant in IPv6
neighbor discovery specification (RFC 4861).
icmp6.nd6_umaxtries
(net.inet6.icmp6.nd6_umaxtries)MAX_UNICAST_SOLICIT
constant in IPv6 neighbor
discovery specification (RFC 4861).
icmp6.redirtimeout
(net.inet6.icmp6.redirtimeout)ip6.auto_flowlabel
(net.inet6.ip6.auto_flowlabel)ip6.dad_count
(net.inet6.ip6.dad_count)ip6.dad_pending
(net.inet6.ip6.dad_pending)ip6.defmcasthlim
(net.inet6.ip6.defmcasthlim)ip6.forwarding
(net.inet6.ip6.forwarding)ip6.hdrnestlimit
(net.inet6.ip6.hdrnestlimit)ip6.hlim
(net.inet6.ip6.hlim)ip6.log_interval
(net.inet6.ip6.log_interval)ip6.maxdynroutes
(net.inet6.ip6.maxdynroutes)ip6.maxfragpackets
(net.inet6.ip6.maxfragpackets)ip6.maxfrags
(net.inet6.ip6.maxfrags)ip6.mforwarding
(net.inet6.ip6.mforwarding)ip6.multicast_mtudisc
(net.inet6.ip6.multicast_mtudisc)ip6.multipath
(net.inet6.ip6.multipath)ip6.mtudisctimeout
(net.inet6.ip6.mtudisctimeout)ip6.neighborgcthresh
(net.inet6.ip6.neighborgcthresh)ip6.redirect
(net.inet6.ip6.redirect)ip6.soii
(net.inet6.ip6.soiikey)IP6_SOIIKEY_LEN
bytes long.
ip6.use_deprecated
(net.inet6.ip6.use_deprecated)We reuse net.inet.tcp
and
net.inet.udp
for TCP/UDP over IPv6.
PF_KEY
PF_KEY_V2
. The
third level name selects the database as follows:
NET_KEY_SADB_DUMP
NET_KEY_SPD_DUMP
PF_MPLS
Third level name | Type | Changeable |
MPLSCTL_DEFTTL |
integer | yes |
MPLSCTL_MAPTTL_IP |
integer | yes |
MPLSCTL_MAPTTL_IP6 |
integer | yes |
MPLSCTL_DEFTTL
(net.mpls.ttl)MPLSCTL_MAPTTL_IP
(net.mpls.mapttl_ip)MPLSCTL_DEFTTL
. The default is
1.MPLSCTL_MAPTTL_IP6
(net.mpls.mapttl_ip6)MPLSCTL_DEFTTL
. The default is
0.PF_PIPEX
(net.pipex)The currently defined variable names are:
Third level name | Type | Changeable |
PIPEXCTL_ENABLE |
integer | yes |
PIPEXCTL_ENABLE
The string and integer information available for the
CTL_VFS
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Second level name | Type | Changeable |
VFS_GENERIC |
VFS generic info | no |
filesystem
# |
filesystem info | no |
VFS_GENERIC
Third level name | Type | Changeable |
VFS_CONF |
struct vfsconf | no |
VFS_MAXTYPENUM |
int | no |
VFS_GENERIC
with
VFS_CONF
, it is possible to access filesystem
dependent information.
Some filesystems may contain settings.
Third level name | Type | Changeable |
FFS_DIRHASH_DIRSIZE |
integer | yes |
FFS_DIRHASH_MAXMEM |
integer | yes |
FFS_DIRHASH_MEM |
integer | no |
FFS_MAX_SOFTDEPS |
integer | yes |
FFS_SD_BLK_LIMIT_HIT |
integer | yes |
FFS_SD_BLK_LIMIT_PUSH |
integer | yes |
FFS_SD_DIR_ENTRY |
integer | yes |
FFS_SD_DIRECT_BLK_PTRS |
integer | yes |
FFS_SD_INDIR_BLK_PTRS |
integer | yes |
FFS_SD_INO_LIMIT_HIT |
integer | yes |
FFS_SD_INO_LIMIT_PUSH |
integer | yes |
FFS_SD_INODE_BITMAP |
integer | yes |
FFS_SD_SYNC_LIMIT_HIT |
integer | yes |
FFS_SD_TICKDELAY |
integer | yes |
FFS_SD_WORKLIST_PUSH |
integer | yes |
FFS_DIRHASH_DIRSIZE
(vfs.ffs.dirhash_dirsize)FFS_DIRHASH_MAXMEM
(vfs.ffs.dirhash_maxmem)FFS_DIRHASH_MEM
(vfs.ffs.dirhash_mem)FFS_MAX_SOFTDEPS
(vfs.ffs.max_softdeps)FFS_SD_BLK_LIMIT_HIT
(vfs.ffs.sd_blk_limit_hit)FFS_SD_BLK_LIMIT_PUSH
(vfs.ffs.sd_blk_limit_push)FFS_SD_DIR_ENTRY
(vfs.ffs.sd_dir_entry)FFS_SD_DIRECT_BLK_PTRS
(vfs.ffs.sd_direct_blk_ptrs)FFS_SD_INDIR_BLK_PTRS
(vfs.ffs.sd_indir_blk_ptrs)FFS_SD_INO_LIMIT_HIT
(vfs.ffs.sd_ino_limit_hit)FFS_SD_INO_LIMIT_PUSH
(vfs.ffs.sd_ino_limit_push)FFS_SD_INODE_BITMAP
(vfs.ffs.sd_inode_bitmap)FFS_SD_SYNC_LIMIT_HIT
(vfs.ffs.sd_sync_limit_hit)FFS_SD_TICKDELAY
(vfs.ffs.sd_tickdelay)FFS_SD_WORKLIST_PUSH
(vfs.ffs.sd_worklist_push)Third level name | Type | Changeable |
NFS_NFSSTATS |
struct nfsstats | yes |
NFS_NIOTHREADS |
int | yes |
NFS_NIOTHREADS
(vfs.nfs.iothreads)Third level name | Type | Changeable |
FUSEFS_INFBUFS |
int | no |
FUSEFS_OPENDEVS |
int | no |
FUSEFS_POOL_NBPAGES |
int | no |
FUSEFS_WAITFBUFS |
int | no |
FUSEFS_INFBUFS
(vfs.fuse.fusefs_fbufs_in)FUSEFS_OPENDEVS
(vfs.fuse.fusefs_open_devices)FUSEFS_POOL_NBPAGES
(vfs.fuse.fusefs_pool_pages)FUSEFS_WAITFBUFS
(vfs.fuse.fusefs_fbufs_wait)The string and integer information available for the
CTL_VM
level is detailed below. The changeable
column shows whether a process with appropriate privileges may change the
value.
Second level name | Type | Changeable |
VM_ANONMIN |
integer | yes |
VM_LOADAVG |
struct loadavg | no |
VM_MALLOC_CONF |
string | yes |
VM_MAXSLP |
integer | no |
VM_METER |
struct vmtotal | no |
VM_NKMEMPAGES |
integer | no |
VM_PSSTRINGS |
struct psstrings | no |
VM_SWAPENCRYPT |
swap encrypt values | yes |
VM_USPACE |
integer | no |
VM_UVMEXP |
struct uvmexp | no |
VM_VNODEMIN |
integer | yes |
VM_VTEXTMIN |
integer | yes |
VM_ANONMIN
(vm.anonmin)VM_LOADAVG
(vm.loadavg)VM_MALLOC_CONF
(vm.malloc_conf)VM_MAXSLP
(vm.maxslp)VM_METER
(vm.vmmeter)VM_NKMEMPAGES
(vm.nkmempages)VM_PSSTRINGS
(vm.psstrings)VM_SWAPENCRYPT
Third level name | Type | Changeable |
SWPENC_CREATED |
integer | no |
SWPENC_DELETED |
integer | no |
SWPENC_ENABLE |
integer | yes |
SWPENC_CREATED
(vm.swapencrypt.keyscreated)SWPENC_DELETED
(vm.swapencrypt.keysdeleted)SWPENC_ENABLE
(vm.swapencrypt.enable)VM_USPACE
(vm.uspace)VM_UVMEXP
(vm.uvmexp)VM_VNODEMIN
(vm.vnodemin)VM_VTEXTMIN
(vm.vtextmin)If the call to sysctl
() is unsuccessful,
-1 is returned and errno is set appropriately.
<sys/sysctl.h>
<sys/socket.h>
<sys/gmon.h>
<uvm/uvm_param.h>
<uvm/uvm_swap_encrypt.h>
<net/if.h>
<net/pipex.h>
<netinet/in.h>
<netinet/ip_divert.h>
<netinet/icmp_var.h>
<netinet/icmp6.h>
<netinet/tcp_var.h>
<netinet/udp_var.h>
<ddb/db_var.h>
<sys/mount.h>
<miscfs/fuse/fusefs.h>
<nfs/nfs.h>
<ufs/ffs/ffs_extern.h>
<machine/cpu.h>
The following errors may be reported:
EFAULT
]EINVAL
]CTL_MAXNAME
.EINVAL
]ENOMEM
]ENOENT
]ENXIO
]ENOTDIR
]EOPNOTSUPP
]EPERM
]EPERM
]EPERM
]ESRCH
]pathconf(2), sysconf(3), ddb(4), sysctl.conf(5), securelevel(7), sysctl(8)
The sysctl
() function first appeared in
4.4BSD.
January 13, 2021 | OpenBSD-6.9 |