1.\"- 2.\" SPDX-License-Identifier: BSD-3-Clause 3.\" 4.\" Copyright (c) 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.Dd January 31, 2025 32.Dt SYSCTL 8 33.Os 34.Sh NAME 35.Nm sysctl 36.Nd get or set kernel state 37.Sh SYNOPSIS 38.Nm 39.Op Fl j Ar jail 40.Op Fl bdeFhiJlNnoqTtVWx 41.Op Fl B Ar bufsize 42.Op Fl f Ar filename 43.Ar name Ns Op = Ns Ar value Ns Op , Ns Ar value 44.Ar ... 45.Nm 46.Op Fl j Ar jail 47.Op Fl bdeFhJlNnoqTtVWx 48.Op Fl B Ar bufsize 49.Fl a 50.Sh DESCRIPTION 51The 52.Nm 53utility retrieves kernel state and allows processes with appropriate 54privilege to set kernel state. 55The state to be retrieved or set is described using a 56.Dq Management Information Base 57.Pq Dq MIB 58style name, described as a dotted set of components. 59.Pp 60The following options are available: 61.Bl -tag -width "-f filename" 62.It Fl A 63Equivalent to 64.Fl o a 65(for compatibility). 66.It Fl a 67List all the currently available values except for those which are 68opaque or excluded from listing via the 69.Dv CTLFLAG_SKIP 70flag. 71This option is ignored if one or more variable names are specified on 72the command line. 73.It Fl B Ar bufsize 74Set the buffer size to read from the 75.Nm 76to 77.Ar bufsize . 78This is necessary for a 79.Nm 80that has variable length, and the probe value of 0 is a valid length, such as 81.Va kern.arandom . 82.It Fl b 83Force the value of the variable(s) to be output in raw, binary format. 84No names are printed and no terminating newlines are output. 85This is mostly useful with a single variable. 86.It Fl d 87Print the description of the variable instead of its value. 88.It Fl e 89Separate the name and the value of the variable(s) with 90.Ql = . 91This is useful for producing output which can be fed back to the 92.Nm 93utility. 94This option is ignored if either 95.Fl N 96or 97.Fl n 98is specified, or a variable is being set. 99.It Fl F 100Print the format of the variable. 101This is additional information to describe the type of the variable and 102most useful with struct types such as clockinfo, timeval, and loadavg. 103.It Fl f Ar filename 104Specify a file which contains a pair of name and value in each line. 105.Nm 106reads and processes the specified file first and then processes the name 107and value pairs in the command line argument. 108Note that when the 109.Fl j Ar jail 110option is specified, the file will be opened before attaching to the jail and 111then be processed inside the jail. 112.It Fl h 113Format output for human, rather than machine, readability. 114.It Fl i 115Ignore unknown OIDs. 116The purpose is to make use of 117.Nm 118for collecting data from a variety of machines (not all of which 119are necessarily running exactly the same software) easier. 120.It Fl J 121Display only jail prision sysctl variables (CTLFLAG_PRISON). 122.It Fl j Ar jail 123Perform the actions inside the 124.Ar jail 125(by jail id or jail name). 126.It Fl l 127Show the length of variables along with their values. 128This option cannot be combined with the 129.Fl N 130option. 131.It Fl N 132Show only variable names, not their values. 133This is particularly useful with shells that offer programmable 134completion. 135To enable completion of variable names in 136.Xr zsh 1 Pq Pa ports/shells/zsh , 137use the following code: 138.Bd -literal -offset indent 139listsysctls () { set -A reply $(sysctl -AN ${1%.*}) } 140compctl -K listsysctls sysctl 141.Ed 142.Pp 143To enable completion of variable names in 144.Xr tcsh 1 , 145use: 146.Pp 147.Dl "complete sysctl 'n/*/`sysctl -Na`/'" 148.It Fl n 149Do not show variable names. 150This option is useful for setting shell variables. 151For instance, to save the pagesize in variable 152.Va psize , 153use: 154.Pp 155.Dl "set psize=`sysctl -n hw.pagesize`" 156.It Fl o 157Show opaque variables (which are normally suppressed). 158The format and length are printed, as well as a hex dump of the first 159sixteen bytes of the value. 160.It Fl q 161Suppress some warnings generated by 162.Nm 163to standard error. 164.It Fl T 165Display only variables that are settable via loader (CTLFLAG_TUN). 166.It Fl t 167Print the type of the variable. 168.It Fl V 169Display only VNET sysctl variables (CTLFLAG_VNET). 170.It Fl W 171Display only writable variables that are not statistical. 172Useful for determining the set of runtime tunable sysctls. 173.It Fl X 174Equivalent to 175.Fl x a 176(for compatibility). 177.It Fl x 178As 179.Fl o , 180but prints a hex dump of the entire value instead of just the first 181few bytes. 182.El 183.Pp 184The information available from 185.Nm 186consists of integers, strings, and opaque types. 187The 188.Nm 189utility 190only knows about a couple of opaque types, and will resort to hexdumps 191for the rest. 192The opaque information is much more useful if retrieved by special 193purpose programs such as 194.Xr ps 1 , 195.Xr systat 1 , 196and 197.Xr netstat 1 . 198.Pp 199Some of the variables which cannot be modified during normal system 200operation can be initialized via 201.Xr loader 8 202tunables. 203This can for example be done by setting them in 204.Xr loader.conf 5 . 205Please refer to 206.Xr loader.conf 5 207for more information on which tunables are available and how to set them. 208.Pp 209The string and integer information is summarized below. 210For a detailed description of these variables see 211.Xr sysctl 3 212and 213.Xr security 7 . 214.Pp 215The changeable column indicates whether a process with appropriate 216privilege can change the value. 217String and integer values can be set using 218.Nm . 219.Bl -column security.bsd.unprivileged_read_msgbuf integerxxx 220.It Sy "Name Type Changeable" 221.It Va "kern.ostype string no" 222.It Va "kern.osrelease string no" 223.It Va "kern.osrevision integer no" 224.It Va "kern.version string no" 225.It Va "kern.maxvnodes integer yes" 226.It Va "kern.maxproc integer no" 227.It Va "kern.maxprocperuid integer yes" 228.It Va "kern.maxfiles integer yes" 229.It Va "kern.maxfilesperproc integer yes" 230.It Va "kern.argmax integer no" 231.It Va "kern.securelevel integer raise only" 232.It Va "kern.hostname string yes" 233.It Va "kern.hostid integer yes" 234.It Va "kern.clockrate struct no" 235.It Va "kern.posix1version integer no" 236.It Va "kern.ngroups integer no" 237.It Va "kern.job_control integer no" 238.It Va "kern.saved_ids integer no" 239.It Va "kern.boottime struct no" 240.It Va "kern.domainname string yes" 241.It Va "kern.filedelay integer yes" 242.It Va "kern.dirdelay integer yes" 243.It Va "kern.metadelay integer yes" 244.It Va "kern.osreldate integer no" 245.It Va "kern.bootfile string yes" 246.It Va "kern.corefile string yes" 247.It Va "kern.logsigexit integer yes" 248.It Va "security.bsd.suser_enabled integer yes" 249.It Va "security.bsd.see_other_uids integer yes" 250.It Va "security.bsd.see_other_gids integer yes" 251.It Va "security.bsd.see_jail_proc integer yes" 252.It Va "security.bsd.unprivileged_proc_debug integer yes" 253.It Va "security.bsd.unprivileged_read_msgbuf integer yes" 254.It Va "vm.loadavg struct no" 255.It Va "hw.machine string no" 256.It Va "hw.model string no" 257.It Va "hw.ncpu integer no" 258.It Va "hw.byteorder integer no" 259.It Va "hw.physmem integer no" 260.It Va "hw.usermem integer no" 261.It Va "hw.pagesize integer no" 262.It Va "hw.floatingpoint integer no" 263.It Va "hw.machine_arch string no" 264.It Va "hw.realmem integer no" 265.It Va "machdep.adjkerntz integer yes" 266.It Va "machdep.disable_rtc_set integer yes" 267.It Va "machdep.guessed_bootdev string no" 268.It Va "user.cs_path string no" 269.It Va "user.bc_base_max integer no" 270.It Va "user.bc_dim_max integer no" 271.It Va "user.bc_scale_max integer no" 272.It Va "user.bc_string_max integer no" 273.It Va "user.coll_weights_max integer no" 274.It Va "user.expr_nest_max integer no" 275.It Va "user.line_max integer no" 276.It Va "user.re_dup_max integer no" 277.It Va "user.posix2_version integer no" 278.It Va "user.posix2_c_bind integer no" 279.It Va "user.posix2_c_dev integer no" 280.It Va "user.posix2_char_term integer no" 281.It Va "user.posix2_fort_dev integer no" 282.It Va "user.posix2_fort_run integer no" 283.It Va "user.posix2_localedef integer no" 284.It Va "user.posix2_sw_dev integer no" 285.It Va "user.posix2_upe integer no" 286.It Va "user.stream_max integer no" 287.It Va "user.tzname_max integer no" 288.It Va "user.localbase string no" 289.El 290.Sh FILES 291.Bl -tag -width "<netinet/icmp_var.h>" -compact 292.It In sys/sysctl.h 293definitions for top level identifiers, second level kernel and hardware 294identifiers, and user level identifiers 295.It In sys/socket.h 296definitions for second level network identifiers 297.It In sys/gmon.h 298definitions for third level profiling identifiers 299.It In vm/vm_param.h 300definitions for second level virtual memory identifiers 301.It In netinet/in.h 302definitions for third level Internet identifiers and 303fourth level IP identifiers 304.It In netinet/icmp_var.h 305definitions for fourth level ICMP identifiers 306.It In netinet/udp_var.h 307definitions for fourth level UDP identifiers 308.El 309.Sh EXIT STATUS 310.Ex -std 311.Sh EXAMPLES 312For example, to retrieve the maximum number of processes allowed 313in the system, one would use the following request: 314.Pp 315.Dl Va "sysctl kern.maxproc" 316.Pp 317To set the maximum number of processes allowed 318per uid to 1000, one would use the following request: 319.Pp 320.Dl Va "sysctl kern.maxprocperuid=1000" 321.Pp 322Information about the system clock rate may be obtained with: 323.Pp 324.Dl Va "sysctl kern.clockrate" 325.Pp 326Information about the load average history may be obtained with: 327.Pp 328.Dl Va "sysctl vm.loadavg" 329.Pp 330More variables than these exist, and the best and likely only place 331to search for their deeper meaning is undoubtedly the source where 332they are defined. 333.Sh COMPATIBILITY 334The 335.Fl w 336option has been deprecated and is silently ignored. 337.Sh SEE ALSO 338.Xr sysctl 3 , 339.Xr loader.conf 5 , 340.Xr sysctl.conf 5 , 341.Xr security 7 , 342.Xr loader 8 , 343.Xr jail 8 344.Sh HISTORY 345A 346.Nm 347utility first appeared in 348.Bx 4.4 . 349.Pp 350In 351.Fx 2.2 , 352.Nm 353was significantly remodeled. 354.Sh BUGS 355The 356.Nm 357utility presently exploits an undocumented interface to the kernel 358.Xr sysctl 9 359facility to traverse the sysctl tree and to retrieve format 360and name information. 361This correct interface is being thought about for the time being. 362