Manuál NetBSD
SYSCTL(8) NetBSD System Manager’s Manual SYSCTL(8)NAME
sysctl — get or set kernel state
SYNOPSIS
sysctl [−AdeMn] [
−r | −x ] [name ...]
sysctl [−nq] [
−r | −x ] −w name=value ...
sysctl [−en] [
−r | −x ] −a
sysctl [−nq] [
−r | −x ] −f file
DESCRIPTION
The sysctl utility retrieves kernel state and allows processes with appropriate privilege to set kernel state. The state to be retrieved or set is described using a ‘‘Management Information Base’’ (‘‘MIB’’) style name, described as a dotted set of components. The ‘/’ character may also be used as a separator and a leading separator character is accepted. If name specifies a non-leaf node in the MIB, all the nodes underneath name will be printed.
The following options are available:
−A
List all the known MIB names including tables, unless any MIB arguments or −f file are given. Those with string or integer values will be printed as with the −a flag; for table or structure values that sysctl is not able to print, the name of the utility to retrieve them is given. Errors in retrieving or setting values will be directed to stdout instead of stderr.
−a
List all the currently available string or integer values. The use of a solitary separator character (either ‘.’ or ‘/’) by itself has the same effect. Any given name arguments are ignored if this option is specified.
−d
Descriptions of each of the nodes selected will be printed instead of their values.
−e
Separate the name and the value of the variable(s) with ‘=’. This is useful for producing output which can be fed back to the sysctl utility. This option is ignored if −n is specified or a variable is being set.
−f
Specifies the name of a file to read and process. Blank lines and comments (beginning with ‘#’) are ignored. Line continuations with ‘\’ are permitted. Remaining lines are processed similarly to command line arguments of the form name or name=value. The −w flag is implied by −f. Any name arguments are ignored.
−M
Makes sysctl print the MIB instead of any of the actual values contained in the MIB. This causes the entire MIB to be printed unless specific MIB arguments or −f file are also given.
−n
Specifies that the printing of the field name should be suppressed and that only its value should be output. This flag is useful for setting shell variables. For example, to save the pagesize in variable psize, use:
set psize=‘sysctl -n hw.pagesize‘
−q
Used to indicate that nothing should be printed for writes unless an error is detected.
−r
Raw output form. Values printed are in their raw binary forms as retrieved directly from the kernel. Some additional nodes that sysctl cannot print directly can be retrieved with this flag. This option conflicts with the −x option.
−w
Sets the MIB style name given to the value given. The MIB style name and value must be separated by ‘=’ with no whitespace. Only integral and string values can be set via this method.
−x
Makes sysctl print the requested value in a hexadecimal representation instead of its regular form. If specified more than once, the output for each value resembles that of hexdump(1) when given the −C flag. This option conflicts with the −r option.
The ‘proc’ top-level MIB has a special semantic: it represent per-process values and as such may differ from one process to another. The second-level name is the pid of the process (in decimal form), or the special word ‘curproc’. For variables below ‘proc.〈
pid 〉.rlimit’, the integer value may be replaced with the string ‘unlimited’ if it matches the magic value used to disable a limit.
The information available from sysctl consists of integers, strings, and tables. The tabular information can only be retrieved by special purpose programs such as ps, systat, and netstat. The string and integer information is summarized below. For a detailed description of these variable see sysctl(3). The changeable column indicates whether a process with appropriate privilege can change the value.
Name Type
Changeable
ddb.commandonenter string yes
ddb.fromconsole integer yes
ddb.lines integer yes
ddb.maxoff integer yes
ddb.maxwidth integer yes
ddb.onpanic integer yes
ddb.radix integer yes
ddb.tabstops integer yes
ddb.tee_msgbuf integer yes
hw.alignbytes integer no
hw.byteorder integer no
hw.cnmagic integer yes
hw.disknames string no
hw.diskstats struct no
hw.machine string no
hw.machine_arch string no
hw.model string no
hw.ncpu integer no
hw.pagesize integer no
hw.physmem integer no
hw.physmem64 quad no
hw.usermem integer no
hw.usermem64 quad no
kern.argmax integer no
kern.autonicetime integer yes
kern.autoniceval integer yes
kern.boottime struct no
kern.bufq.strategies string no
kern.ccpu integer no
kern.clockrate struct no
kern.consdev integer no
kern.coredump node not applicable
kern.coredump.setid node not applicable
kern.coredump.setid.dump integer yes
kern.coredump.setid.group integer yes
kern.coredump.setid.mode integer yes
kern.coredump.setid.owner integer yes
kern.coredump.setid.path string yes
kern.cp_id struct no
kern.cp_time struct no
kern.cryptodevallowsoft int yes
kern.defcorename string yes
kern.domainname string yes
kern.dump_on_panic integer yes
kern.drivers struct no
kern.file struct no
kern.forkfsleep integer yes
kern.fscale integer no
kern.fsync integer no
kern.hardclock_ticks integer no
kern.hostid integer yes
kern.hostname string yes
kern.iov_max integer no
kern.job_control integer no
kern.labeloffset integer no
kern.labelsector integer no
kern.login_name_max integer no
kern.logsigexit integer yes
kern.mapped_files integer no
kern.maxfiles integer yes
kern.maxpartitions integer no
kern.maxphys integer no
kern.maxproc integer yes
kern.maxptys integer yes, special
kern.maxvnodes integer raise only
kern.mbuf.mblowat integer yes
kern.mbuf.mclbytes integer no
kern.mbuf.mcllowat integer yes
kern.mbuf.mclsize integer no
kern.mbuf.msize integer no
kern.mbuf.nmbclusters integer raise only
kern.memlock integer no
kern.memlock_range integer no
kern.memory_protection integer no
kern.monotonic_clock integer no
kern.msgbuf integer no
kern.msgbufsize integer no
kern.ngroups integer no
kern.ntptime struct no
kern.osrelease string no
kern.osrevision integer no
kern.ostype string no
kern.pipe.kvasize integer no
kern.pipe.maxbigpipes integer yes
kern.pipe.maxkvasz integer yes
kern.pipe.maxloankvasz integer yes
kern.pipe.nbigpipes integer no
kern.posix1version integer no
kern.posix_barriers integer no
kern.posix_reader_writer_locks integer no
kern.posix_semaphores integer no
kern.posix_spin_locks integer no
kern.posix_threads integer no
kern.posix_timers integer no
kern.proc struct no
kern.proc2 struct no
kern.proc_args string yes
kern.prof node not applicable
kern.rawpartition integer no
kern.root_device string no
kern.root_partition integer no
kern.rtc_offset integer yes
kern.saved_ids integer no
kern.sbmax integer yes
kern.securelevel integer raise only
kern.somaxkva integer yes
kern.synchronized_io integer no
kern.sysvipc_info struct no
kern.sysvmsg integer no
kern.sysvsem integer no
kern.sysvshm integer no
kern.timecounter.choice string no
kern.timecounter.hardware string yes
kern.timecounter.timestepwarnings integer yes
kern.timex struct no
kern.tkstat.cancc quad no
kern.tkstat.nin quad no
kern.tkstat.nout quad no
kern.tkstat.rawcc quad no
kern.urandom integer no
kern.userasymcrypto int yes
kern.usercrypto int yes
kern.veriexec.verbose integer yes
kern.veriexec.strict integer raise only
kern.veriexec.algorithms string no
kern.veriexec.count.table<N> quad no
kern.veriexec.count.table<N>.mntpt string no
kern.veriexec.count.table<N>.fstype string no
kern.veriexec.count.table<N>.nentries quad no
kern.version string no
kern.vnode struct no
machdep.console_device dev_t no
net.bpf.maxbufsize integer yes
net.bpf.stats struct no
net.bpf.peers struct no
net.inet.arp.prune integer yes
net.inet.arp.keep integer yes
net.inet.arp.down integer yes
net.inet.arp.refresh integer yes
net.inet.carp.allow integer yes
net.inet.carp.arpbalance integer yes
net.inet.carp.log integer yes
net.inet.carp.preempt integer yes
net.inet.icmp.maskrepl integer yes
net.inet.icmp.errppslimit integer yes
net.inet.icmp.rediraccept integer yes
net.inet.icmp.redirtimeout integer yes
net.inet.icmp.returndatabytes integer yes
net.inet.ip.allowsrcrt integer yes
net.inet.ip.anonportmax integer yes
net.inet.ip.anonportmin integer yes
net.inet.ip.checkinterface integer yes
net.inet.ip.directed-broadcast integer yes
net.inet.ip.do_loopback_cksum integer yes
net.inet.ip.forwarding integer yes
net.inet.ip.forwsrcrt integer yes
net.inet.ip.gifttl integer yes
net.inet.ip.grettl integer yes
net.inet.ip.hostzerobroadcast integer yes
net.inet.ip.maxfragpackets integer yes
net.inet.ip.lowportmax integer yes
net.inet.ip.lowportmin integer yes
net.inet.ip.maxflows integer yes
net.inet.ip.mtudisc integer yes
net.inet.ip.mtudisctimeout integer yes
net.inet.ip.random_id integer yes
net.inet.ip.redirect integer yes
net.inet.ip.subnetsarelocal integer yes
net.inet.ip.ttl integer yes
net.inet.ip.ifq.drops integer no
net.inet.ip.ifq.len integer no
net.inet.ip.ifq.maxlen integer yes
net.inet.ipsec.ah_cleartos integer yes
net.inet.ipsec.ah_net_deflev integer yes
net.inet.ipsec.ah_offsetmask integer yes
net.inet.ipsec.ah_trans_deflev integer yes
net.inet.ipsec.def_policy integer yes
net.inet.ipsec.dfbit integer yes
net.inet.ipsec.ecn integer yes
net.inet.ipsec.esp_net_deflev integer yes
net.inet.ipsec.esp_trans_deflev integer yes
net.inet.ipsec.inbound_call_ike integer yes
net.inet.tcp.ack_on_push integer yes
net.inet.tcp.compat_42 integer yes
net.inet.tcp.cwm integer yes
net.inet.tcp.cwm_burstsize integer yes
net.inet.tcp.delack_ticks integer yes
net.inet.tcp.do_lookback_cksum integer yes
net.inet.tcp.init_win integer yes
net.inet.tcp.init_win_local integer yes
net.inet.tcp.keepcnt integer yes
net.inet.tcp.keepidle integer yes
net.inet.tcp.keepintvl integer yes
net.inet.tcp.log_refused integer yes
net.inet.tcp.mss_ifmtu integer yes
net.inet.tcp.mssdflt integer yes
net.inet.tcp.newreno integer yes
net.inet.tcp.recvspace integer yes
net.inet.tcp.rfc1323 integer yes
net.inet.tcp.rstppslimit integer yes
net.inet.tcp.sack.enable integer yes
net.inet.tcp.sack.globalholes integer no
net.inet.tcp.sack.globalmaxholes integer yes
net.inet.tcp.sack.maxholes integer yes
net.inet.tcp.ecn.enable integer yes
net.inet.tcp.ecn.maxretries integer yes
net.inet.tcp.sendspace integer yes
net.inet.tcp.slowhz integer no
net.inet.tcp.syn_bucket_limit integer yes
net.inet.tcp.syn_cache_interval integer yes
net.inet.tcp.syn_cache_limit integer yes
net.inet.tcp.timestamps integer yes
net.inet.tcp.win_scale integer yes
net.inet.tcp.ident struct no
net.inet.tcp.debug struct no
net.inet.tcp.debx integer no
net.inet.udp.checksum integer yes
net.inet.udp.do_loopback_cksum integer yes
net.inet.udp.recvspace integer yes
net.inet.udp.sendspace integer yes
net.ns.spp.debug struct yes
net.ns.spp.debx integer yes
net.inet6.icmp6.errppslimit integer yes
net.inet6.icmp6.mtudisc_hiwat integer yes
net.inet6.icmp6.mtudisc_lowat integer yes
net.inet6.icmp6.nd6_debug integer yes
net.inet6.icmp6.nd6_delay integer yes
net.inet6.icmp6.nd6_maxnudhint integer yes
net.inet6.icmp6.nd6_mmaxtries integer yes
net.inet6.icmp6.nd6_prune integer yes
net.inet6.icmp6.nd6_umaxtries integer yes
net.inet6.icmp6.nd6_useloopback integer yes
net.inet6.icmp6.nodeinfo integer yes
net.inet6.icmp6.rediraccept integer yes
net.inet6.icmp6.redirtimeout integer yes
net.inet6.ip6.accept_rtadv integer yes
net.inet6.ip6.anonportmax integer yes
net.inet6.ip6.anonportmin integer yes
net.inet6.ip6.auto_flowlabel integer yes
net.inet6.ip6.dad_count integer yes
net.inet6.ip6.defmcasthlim integer yes
net.inet6.ip6.forwarding integer yes
net.inet6.ip6.gifhlim integer yes
net.inet6.ip6.hdrnestlimit integer yes
net.inet6.ip6.hlim integer yes
net.inet6.ip6.kame_version string no
net.inet6.ip6.keepfaith integer yes
net.inet6.ip6.log_interval integer yes
net.inet6.ip6.lowportmax integer yes
net.inet6.ip6.lowportmin integer yes
net.inet6.ip6.maxfragpackets integer yes
net.inet6.ip6.maxfrags integer yes
net.inet6.ip6.redirect integer yes
net.inet6.ip6.rr_prune integer yes
net.inet6.ip6.use_deprecated integer yes
net.inet6.ip6.v6only integer yes
net.inet6.ip6.ifq.drops integer no
net.inet6.ip6.ifq.len integer no
net.inet6.ip6.ifq.maxlen integer yes
net.inet6.ipsec6.ah_net_deflev integer yes
net.inet6.ipsec6.ah_trans_deflev integer yes
net.inet6.ipsec6.def_policy integer yes
net.inet6.ipsec6.ecn integer yes
net.inet6.ipsec6.esp_net_deflev integer yes
net.inet6.ipsec6.esp_trans_deflev integer yes
net.inet6.ipsec6.inbound_call_ike integer yes
net.inet6.udp6.do_loopback_cksum integer yes
net.inet6.udp6.recvspace integer yes
net.inet6.udp6.sendspace integer yes
net.key.ah_keymin integer yes
net.key.debug integer yes
net.key.esp_auth integer yes
net.key.esp_keymin integer yes
net.key.kill_int integer yes
net.key.spi_max_value integer yes
net.key.spi_min_value integer yes
net.key.spi_try integer yes
proc.<pid>.corename string yes
proc.<pid>.rlimit.coredumpsize.hard integer yes
proc.<pid>.rlimit.coredumpsize.soft integer yes
proc.<pid>.rlimit.cputime.hard integer yes
proc.<pid>.rlimit.cputime.soft integer yes
proc.<pid>.rlimit.datasize.hard integer yes
proc.<pid>.rlimit.datasize.soft integer yes
proc.<pid>.rlimit.filesize.hard integer yes
proc.<pid>.rlimit.filesize.soft integer yes
proc.<pid>.rlimit.maxproc.hard integer yes
proc.<pid>.rlimit.maxproc.soft integer yes
proc.<pid>.rlimit.memorylocked.hard integer yes
proc.<pid>.rlimit.memorylocked.soft integer yes
proc.<pid>.rlimit.memoryuse.hard integer yes
proc.<pid>.rlimit.memoryuse.soft integer yes
proc.<pid>.rlimit.stacksize.hard integer yes
proc.<pid>.rlimit.stacksize.soft integer yes
proc.<pid>.stopexec int yes
proc.<pid>.stopfork int yes
security.curtain integer yes
security.pax.mprotect.enabled integer yes
security.pax.mprotect.global integer yes
user.bc_base_max integer no
user.bc_dim_max integer no
user.bc_scale_max integer no
user.bc_string_max integer no
user.coll_weights_max integer no
user.cs_path string no
user.expr_nest_max integer no
user.line_max integer no
user.posix2_c_bind integer no
user.posix2_c_dev integer no
user.posix2_char_term integer no
user.posix2_fort_dev integer no
user.posix2_fort_run integer no
user.posix2_localedef integer no
user.posix2_sw_dev integer no
user.posix2_upe integer no
user.posix2_version integer no
user.re_dup_max integer no
vendor.<vendor>.* ? vendor specific
vfs.generic.usermount integer yes
vfs.generic.fstypes string yes
vfs.ffs.doasyncfree integer yes
vfs.ffs.log_changeopt integer yes
vfs.nfs.iothreads integer yes
vfs.cd9660.utf8_joliet integer yes
vfs.sync.delay integer yes
vfs.sync.filedelay integer yes
vfs.sync.dirdelay integer yes
vfs.sync.metadelay integer yes
vm.anonmax integer yes
vm.anonmin integer yes
vm.bufcache integer yes
vm.bufmem integer no
vm.bufmem_hiwater integer yes
vm.bufmem_lowater integer yes
vm.execmax integer yes
vm.execmin integer yes
vm.filemax integer yes
vm.filemin integer yes
vm.idlezero integer yes
vm.inactivepct integer yes
vm.loadavg struct no
vm.maxslp integer no
vm.nkmempages integer no
vm.uspace integer no
vm.uvmexp struct no
vm.uvmexp2 struct no
vm.vmmeter struct no
Entries found under ‘‘vendor.〈vendor〉’’ are left to be specified (and used) by vendors using the NetBSD operating system in their products. Values and structure are vendor-defined, and no registry exists right now.
CREATION AND DELETION
New nodes are allowed to be created by the superuser when the kernel is running at security level 0. These new nodes may refer to existing kernel data or to new data that is only instrumented by sysctl(3) itself.
The syntax for creating new nodes is ‘‘//create=new.node.path’’ followed by one or more of the following attributes separated by commas. The use of a double separator (both ‘/’ and ‘.’ can be used as separators) as the prefix tells sysctl that the first series of tokens is not a MIB name, but a command. It is recommended that the double separator preceding the command not be the same as the separator used in naming the MIB entry so as to avoid possible parse conflicts. The ‘‘value’’ assigned, if one is given, must be last.
•
type=〈T〉 where T must be one of ‘‘node’’, ‘‘int’’, ‘‘string’’, ‘‘quad’’, or ‘‘struct’’. If the type is omitted, the ‘‘node’’ type is assumed.
•
size=〈S〉 here, S asserts the size of the new node. Nodes of type ‘‘node’’ should not have a size set. The size may be omitted for nodes of types ‘‘int’’ or ‘‘quad’’. If the size is omitted for a node of type ‘‘string’’, the size will be determined by the length of the given value, or by the kernel for kernel strings. Nodes of type ‘‘struct’’ must have their size explicitly set.
•
addr=〈A〉 or symbol=〈A〉 The kernel address of the data being instrumented. If ‘‘symbol’’ is used, the symbol must be globally visible to the in-kernel ksyms(4) driver.
•
n=〈N〉 The MIB number to be assigned to the new node. If no number is specified, the kernel will assign a value.
•
flags=〈F〉 A concatenated string of single letters that govern the behavior of the node. Flags currently available are:
a
Allow anyone to write to the node, if it is writable.
h
‘‘Hidden’’. sysctl must be invoked with −A or the hidden node must be specifically requested in order to see it
i
‘‘Immediate’’. Makes the node store data in itself, rather than allocating new space for it. This is the default for nodes of type ‘‘int’’ and ‘‘quad’’. This is the opposite of owning data.
o
‘‘Own’’. When the node is created, separate space will be allocated to store the data to be instrumented. This is the default for nodes of type ‘‘string’’ and ‘‘struct’’ where it is not possible to guarantee sufficient space to store the data in the node itself.
p
‘‘Private’’. Nodes that are marked private, and children of nodes so marked, are only viewable by the superuser. Be aware that the immediate data that some nodes may store is not necessarily protected by this.
x
‘‘Hexadecimal’’. Make sysctl default to hexadecimal display of the retrieved value
r
‘‘Read-only’’. The data instrumented by the given node is read-only. Note that other mechanisms may still exist for changing the data. This is the default for nodes that instrument data.
w
‘‘Writable’’. The data instrumented by the given node is writable at any time. This is the default for nodes that can have children.
1
‘‘Read-only at securelevel 1’’. The data instrumented by this node is writable until the securelevel reaches or passes securelevel 1. Examples of this include some network tunables.
2
‘‘Read-only at securelevel 2’’. The data instrumented by this node is writable until the securelevel reaches or passes securelevel 2. An example of this is the per-process core filename setting.
•
value=〈V〉 An initial starting value for a new node that does not reference existing kernel data. Initial values can only be assigned for nodes of the ‘‘int’’, ‘‘quad’’, and ‘‘string’’ types.
New nodes must fit the following set of criteria:
•
If the new node is to address an existing kernel object, only one of the ‘‘symbol’’ or ‘‘addr’’ arguments may be given.
•
The size for a ‘‘struct’’ type node must be specified; no initial value is expected or permitted.
•
Either the size or the initial value for a ‘‘string’’ node must be given.
•
The node which will be the parent of the new node must be writable.
If any of the given parameters describes an invalid configuration, sysctl will emit a diagnostic message to the standard error and exit.
Descriptions can be added by the super-user to any node that does not have one, provided that the node is not marked with the ‘‘PERMANENT’’ flag. The syntax is similar to the syntax for creating new nodes with the exception of the keyword that follows the double separator at the start of the command: ‘‘//describe=new.node.path=new node description’’. Once a description has been added, it cannot be changed or removed.
When destroying nodes, only the path to the node is necessary, i.e., ‘‘//destroy=old.node.path’’. No other parameters are expected or permitted. Nodes being destroyed must have no children, and their parent must be writable. Nodes that are marked with the ‘‘PERMANENT’’ flag (as assigned by the kernel) may not be deleted.
In all cases, the initial ‘=’ that follows the command (eg, ‘‘create’’, ‘‘destroy’’, or ‘‘describe’’) may be replaced with another instance of the separator character, provided that the same separator character is used for the length of the name specification.
FILES
/etc/sysctl.conf
sysctl variables set at boot time
〈sys/sysctl.h〉
definitions for top level identifiers, second level kernel, hardware, and security identifiers, and user level identifiers
〈sys/socket.h〉
definitions for second level network identifiers
〈sys/gmon.h〉
definitions for third level profiling identifiers
〈uvm/uvm_param.h〉
definitions for second level virtual memory identifiers
〈netinet/in.h〉
definitions for third level IPv4/v6 identifiers and fourth level IPv4/v6 identifiers
〈netinet/icmp_var.h〉
definitions for fourth level ICMP identifiers
〈netinet/icmp6.h〉
definitions for fourth level ICMPv6 identifiers
〈netinet/tcp_var.h〉
definitions for fourth level TCP identifiers
〈netinet/udp_var.h〉
definitions for fourth level UDP identifiers
〈netinet6/udp6_var.h〉
definitions for fourth level IPv6 UDP identifiers
〈netinet6/ipsec.h〉
definitions for fourth level IPsec identifiers
〈netkey/key_var.h〉
definitions for third level PF_KEY identifiers
〈sys/verified_exec.h〉
definitions for third level verified exec identifiers
EXAMPLES
For example, to retrieve the maximum number of processes allowed in the system, one would use the following request:
sysctl kern.maxproc
To set the maximum number of processes allowed in the system to 1000, one would use the following request:
sysctl -w kern.maxproc=1000
Information about the system clock rate may be obtained with:
sysctl kern.clockrate
Information about the load average history may be obtained with:
sysctl vm.loadavg
To view the values of the per-process variables of the current shell, the request:
sysctl proc.$$
can be used if the shell interpreter replaces $$ with its pid (this is true for most shells).
To redirect core dumps to the /var/tmp/〈username〉 directory,
sysctl -w proc.$$.corename=/var/tmp/%u/%n.core
should be used.
sysctl -w proc.curproc.corename=/var/tmp/%u/%n.core
changes the value for the sysctl process itself, and will not have the desired effect.
To create the root of a new sub-tree called ‘‘local’’ add some children to the new node, and some descriptions:
sysctl -w //create=local
sysctl -w //describe=local=my local sysctl tree
sysctl -w
//create=local.esm_debug,type=int,symbol=esm_debug,flags=w
sysctl -w //describe=local.esm_debug=esm driver debug knob
sysctl -w
//create=local.audiodebug,type=int,symbol=audiodebug,flags=w
sysctl -w //describe=local.audiodebug=generic audio debug knob
Note that the children are made writable so that the two debug settings in question can be tuned arbitrarily.
To destroy that same subtree:
sysctl -w //destroy=local.esm_debug
sysctl -w //destroy=local.audiodebug
sysctl -w //destroy=local
SEE ALSO
HISTORY
sysctl first appeared in 4.4BSD.
NetBSD 4.0 September 26, 2006 NetBSD 4.0