     sysctl - get or set kernel state


     sysctl [-n] variable ...
     sysctl [-nqw] variable=value ...
     sysctl [-n] -Aa


     The sysctl utility retrieves kernel state and allows processes with ap-
     propriate privilege to set kernel state. The state to be retrieved or set
     is described using a "Management Information Base" (MIB) style name,
     described as a dotted set of components.

     When setting a variable, the MIB name should be followed by an equal sign
     and the new value. Variables are set implicitly using the variable=value
     syntax, or explicitly with the -w option. Both forms are identical.

     The options are as follows:

     -A   List all the known MIB names including tables. Those with string or
          integer values will be printed as with the -a flag; for the table
          values, the name of the utility to retrieve them is given.

     -a   List all the currently available string or integer values.

     -n   Suppress printing of the field name, only output the field value.
          Useful for setting shell variables. For example, to set the psize
          shell variable to the pagesize of the hardware:

                # set psize=`sysctl -n hw.pagesize`

     -q   Suppress all output when setting a variable. This option overrides
          the behaviour of -n.

     -w   Set a variable. It must be followed by a variable=value assignment.
          The -w flag is optional when setting a variable.

     The information available from sysctl consists of integers, strings, and
     tables. The tabular information can only be retrieved by special purpose
     programs such as ps(1), systat(1), and netstat(1). The string and integer
     information is summarized below. For a detailed description of these
     variables, see sysctl(3). The changeable column indicates whether a pro-
     cess with appropriate privilege can change the value.

     Note: not all of the variables are relevant to all architectures.

     Name                                    Type          Changeable
     kern.ostype                             string        no
     kern.osrelease                          string        no
     kern.osrevision                         integer       no
     kern.version                            string        no
     kern.maxvnodes                          integer       yes
     kern.maxproc                            integer       yes
     kern.maxfiles                           integer       yes
     kern.argmax                             integer       no
     kern.securelevel                        integer       raise only
     kern.hostname                           string        yes
     kern.hostid                             u_int         yes
     kern.clockrate                          struct        no
     kern.posix1version                      integer       no
     kern.ngroups                            integer       no
     kern.job_control                        integer       no
     kern.saved_ids                          integer       no
     kern.boottime                           struct        no
     kern.domainname                         string        yes
     kern.maxpartitions                      integer       no
     kern.rawpartition                       integer       no
     kern.osversion                          string        no
     kern.somaxconn                          integer       yes
     kern.sominconn                          integer       yes
     kern.usermount                          integer       yes
     kern.random                             struct        no
     kern.nosuidcoredump                     integer       yes
     kern.fsync                              integer       no
     kern.sysvmsg                            integer       no
     kern.sysvsem                            integer       no
     kern.sysvshm                            integer       no
     kern.arandom                            u_int         no
     kern.msgbufsize                         integer       no
     kern.malloc.buckets                     string        no
     kern.malloc.bucket.<sz>                 string        no
     kern.malloc.kmemnames                   string        no
     kern.malloc.kmemstat.<name>             string        no
     kern.cp_time                            struct        no
     kern.nchstats                           struct        no
     kern.forkstat                           struct        no
     kern.nselcoll                           integer       no
     kern.tty.tk_nin                         int64_t       no
     kern.tty.tk_nout                        int64_t       no
     kern.tty.tk_rawcc                       int64_t       no
     kern.tty.tk_cancc                       int64_t       no
     kern.tty.ttyinfo                        struct        no
     kern.tty.maxptys                        integer       yes
     kern.tty.nptys                          integer       no
     kern.ccpu                               u_int         no
     kern.fscale                             integer       no
     kern.nprocs                             integer       no
     kern.stackgap_random                    integer       yes
     kern.usercrypto                         integer       yes
     kern.cryptodevallowsoft                 integer       yes
     kern.splassert                          integer       yes
     kern.nfiles                             integer       no
     kern.ttycount                           integer       no
     kern.numvnodes                          integer       no
     kern.userasymcrypto                     integer       yes
     kern.seminfo.semmni                     integer       yes
     kern.seminfo.semmns                     integer       yes
     kern.seminfo.semmnu                     integer       yes
     kern.seminfo.semmsl                     integer       yes
     kern.seminfo.semopm                     integer       yes
     kern.seminfo.semume                     integer       no
     kern.seminfo.semusz                     integer       no
     kern.seminfo.semvmx                     integer       no
     kern.seminfo.semaem                     integer       no
     kern.shminfo.shmmax                     integer       yes
     kern.shminfo.shmmin                     integer       yes
     kern.shminfo.shmmni                     integer       yes
     kern.shminfo.shmseg                     integer       yes
     kern.shminfo.shmall                     integer       yes
     kern.watchdog.period                    integer       yes
     kern.watchdog.auto                      integer       yes
     kern.emul.nemuls                        integer       no
     kern.emul.other                         integer       yes
     kern.emul_uname                         string        yes
     kern.maxclusters                        integer       yes
     kern.timecounter.tick                   integer       no
     kern.timecounter.timestepwarnings       integer       no
     kern.timecounter.hardware               string        yes
     kern.timecounter.choice                 string        no
     vm.vmmeter                              struct        no
     vm.loadavg                              struct        no
     vm.psstrings                            struct        no
     vm.uvmexp                               struct        no
     vm.swapencrypt.enable                   integer       yes
     vm.swapencrypt.keyscreated              integer       no
     vm.swapencrypt.keysdeleted              integer       no
     vm.nkmempages                           integer       no
     vm.anonmin                              integer       yes
     vm.vtextmin                             integer       yes
     vm.vnodemin                             integer       yes
     vm.maxslp                               integer       no
     vm.uspace                               integer       no
     fs.posix.setuid                         integer       yes
     net.inet.ip.forwarding                  integer       yes
     net.inet.ip.redirect                    integer       yes
     net.inet.ip.ttl                         integer       yes
     net.inet.ip.sourceroute                 integer       yes
     net.inet.ip.directed-broadcast          integer       yes
     net.inet.ip.portfirst                   integer       yes
     net.inet.ip.portlast                    integer       yes
     net.inet.ip.porthifirst                 integer       yes
     net.inet.ip.porthilast                  integer       yes
     net.inet.ip.maxqueue                    integer       yes
     net.inet.ip.encdebug                    integer       yes
     net.inet.ip.ipsec-expire-acquire        integer       yes
     net.inet.ip.ipsec-invalid-life          integer       yes
     net.inet.ip.ipsec-pfs                   integer       yes
     net.inet.ip.ipsec-soft-allocs           integer       yes
     net.inet.ip.ipsec-allocs                integer       yes
     net.inet.ip.ipsec-soft-bytes            integer       yes
     net.inet.ip.ipsec-bytes                 integer       yes
     net.inet.ip.ipsec-timeout               integer       yes
     net.inet.ip.ipsec-soft-timeout          integer       yes
     net.inet.ip.ipsec-soft-firstuse         integer       yes
     net.inet.ip.ipsec-firstuse              integer       yes
     net.inet.ip.ipsec-enc-alg               string        yes
     net.inet.ip.ipsec-auth-alg              string        yes
     net.inet.ip.mtudisc                     integer       yes
     net.inet.ip.mtudisctimeout              integer       yes
     net.inet.ip.ipsec-comp-alg              string        yes
     net.inet.icmp.maskrepl                  integer       yes
     net.inet.icmp.bmcastecho                integer       yes
     net.inet.icmp.errppslimit               integer       yes
     net.inet.icmp.rediraccept               integer       yes
     net.inet.icmp.redirtimeout              integer       yes
     net.inet.icmp.tstamprepl                integer       yes
     net.inet.ipip.allow                     integer       yes
     net.inet.tcp.rfc1323                    integer       yes
     net.inet.tcp.keepinittime               integer       yes
     net.inet.tcp.keepidle                   integer       yes
     net.inet.tcp.keepintvl                  integer       yes
     net.inet.tcp.slowhz                     integer       no
     net.inet.tcp.baddynamic                 array         yes
     net.inet.tcp.recvspace                  integer       yes
     net.inet.tcp.sendspace                  integer       yes
     net.inet.tcp.sack                       integer       yes
     net.inet.tcp.mssdflt                    integer       yes
     net.inet.tcp.rstppslimit                integer       yes
     net.inet.tcp.ackonpush                  integer       yes
     net.inet.tcp.ecn                        integer       yes
     net.inet.tcp.syncachelimit              integer       yes
     net.inet.tcp.synbucketlimit             integer       yes
     net.inet.tcp.rfc3390                    integer       yes
     net.inet.tcp.reasslimit                 integer       yes
     net.inet.udp.checksum                   integer       yes
     net.inet.udp.baddynamic                 array         yes
     net.inet.udp.recvspace                  integer       yes
     net.inet.udp.sendspace                  integer       yes
     net.inet.gre.allow                      integer       yes
     net.inet.gre.wccp                       integer       yes
     net.inet.esp.enable                     integer       yes
     net.inet.esp.udpencap                   integer       yes
     net.inet.esp.udpencap_port              integer       yes
     net.inet.ah.enable                      integer       yes
     net.inet.mobileip.allow                 integer       yes
     net.inet.etherip.allow                  integer       yes
     net.inet.ipcomp.enable                  integer       yes
     net.inet.carp.allow                     integer       yes
     net.inet.carp.preempt                   integer       yes
     net.inet.carp.log                       integer       yes
     net.inet.carp.arpbalance                integer       yes
     net.inet6.ip6.forwarding                integer       yes
     net.inet6.ip6.redirect                  integer       yes
     net.inet6.ip6.hlim                      integer       yes
     net.inet6.ip6.maxfragpackets            integer       yes
     net.inet6.ip6.accept_rtadv              integer       yes
     net.inet6.ip6.keepfaith                 integer       yes
     net.inet6.ip6.log_interval              integer       yes
     net.inet6.ip6.hdrnestlimit              integer       yes
     net.inet6.ip6.dad_count                 integer       yes
     net.inet6.ip6.auto_flowlabel            integer       yes
     net.inet6.ip6.defmcasthlim              integer       yes
     net.inet6.ip6.kame_version              string        no
     net.inet6.ip6.use_deprecated            integer       yes
     net.inet6.ip6.rr_prune                  integer       yes
     net.inet6.ip6.v6only                    integer       no
     net.inet6.ip6.maxfrags                  integer       yes
     net.inet6.icmp6.rediraccept             integer       yes
     net.inet6.icmp6.redirtimeout            integer       yes
     net.inet6.icmp6.nd6_prune               integer       yes
     net.inet6.icmp6.nd6_delay               integer       yes
     net.inet6.icmp6.nd6_umaxtries           integer       yes
     net.inet6.icmp6.nd6_mmaxtries           integer       yes
     net.inet6.icmp6.nd6_useloopback         integer       yes
     net.inet6.icmp6.nodeinfo                integer       yes
     net.inet6.icmp6.errppslimit             integer       yes
     net.inet6.icmp6.nd6_maxnudhint          integer       yes
     net.inet6.icmp6.mtudisc_hiwat           integer       yes
     net.inet6.icmp6.mtudisc_lowat           integer       yes
     net.inet6.icmp6.nd6_debug               integer       yes
     net.ipx.ipx.checksum                    integer       yes
     net.ipx.ipx.forwarding                  integer       yes
     net.ipx.ipx.netbios                     integer       yes
     net.ipx.ipx.recvspace                   integer       yes
     net.ipx.ipx.sendspace                   integer       yes
     debug.syncprt                           integer       yes
     debug.busyprt                           integer       yes
     debug.doclusterread                     integer       yes
     debug.doclusterwrite                    integer       yes
     debug.doreallocblks                     integer       yes
     debug.doasyncfree                       integer       yes
     debug.prtrealloc                        integer       yes
     hw.machine                              string        no
     hw.model                                string        no
     hw.ncpu                                 integer       no
     hw.byteorder                            integer       no
     hw.physmem                              integer       no
     hw.usermem                              integer       no
     hw.pagesize                             integer       no
     hw.diskstats                            struct        no
     hw.disknames                            string        no
     hw.diskcount                            integer       no
     hw.sensors                              struct        no
     hw.cpuspeed                             integer       no
     hw.setperf                              integer       yes
     machdep.console_device                  dev_t         no
     machdep.unaligned_print                 integer       yes
     machdep.unaligned_fix                   integer       yes
     machdep.unaligned_sigbus                integer       yes
     machdep.apmwarn                         integer       yes
     machdep.apmhalt                         integer       yes
     machdep.kbdreset                        integer       yes
     machdep.userldt                         integer       yes
     machdep.osxsfr                          integer       no
     machdep.sse                             integer       no
     machdep.sse2                            integer       no
     machdep.xcrypt                          integer       no
     machdep.allowaperture                   integer       yes
     machdep.led_blink                       integer       yes
     machdep.ceccerrs                        integer       no
     machdep.cecclast                        quad          no
     machdep.apvreset                        integer       yes
     user.cs_path                            string        no
     user.bc_base_max                        integer       no
     user.bc_dim_max                         integer       no
     user.bc_scale_max                       integer       no
     user.bc_string_max                      integer       no
     user.coll_weights_max                   integer       no
     user.expr_nest_max                      integer       no
     user.line_max                           integer       no
     user.re_dup_max                         integer       no
     user.posix2_version                     integer       no
     user.posix2_c_bind                      integer       no
     user.posix2_c_dev                       integer       no
     user.posix2_char_term                   integer       no
     user.posix2_fort_dev                    integer       no
     user.posix2_fort_run                    integer       no
     user.posix2_localedef                   integer       no
     user.posix2_sw_dev                      integer       no
     user.posix2_upe                         integer       no
     user.stream_max                         integer       no
     user.tzname_max                         integer       no
     ddb.radix                               integer       yes
     ddb.max_width                           integer       yes
     ddb.max_line                            integer       yes
     ddb.tab_stop_width                      integer       yes
     ddb.panic                               integer       yes
     ddb.console                             integer       yes
     ddb.log                                 integer       yes
     ddb.crash                               integer       yes
     vfs.mounts.*                            struct        no
     vfs.ffs.doclusterread                   integer       yes
     vfs.ffs.doclusterwrite                  integer       yes
     vfs.ffs.doreallocblks                   integer       yes
     vfs.ffs.doasyncfree                     integer       yes
     vfs.ffs.max_softdeps                    integer       yes
     vfs.ffs.sd_tickdelay                    integer       yes
     vfs.ffs.sd_worklist_push                integer       no
     vfs.ffs.sd_blk_limit_push               integer       no
     vfs.ffs.sd_ino_limit_push               integer       no
     vfs.ffs.sd_blk_limit_hit                integer       no
     vfs.ffs.sd_ino_limit_hit                integer       no
     vfs.ffs.sd_sync_limit_hit               integer       no
     vfs.ffs.sd_indir_blk_ptrs               integer       no
     vfs.ffs.sd_inode_bitmap                 integer       no
     vfs.ffs.sd_direct_blk_ptrs              integer       no
     vfs.ffs.sd_dir_entry                    integer       no
     vfs.ffs.dirhash_dirsize                 integer       yes
     vfs.ffs.dirhash_maxmem                  integer       yes
     vfs.ffs.dirhash_mem                     integer       no
     vfs.nfs.iothreads                       integer       yes

     The sysctl program can get or set debugging variables that have been
     identified for its display. This information can be obtained by using the

           $ sysctl debug

     In addition, sysctl can extract information about the filesystems that
     have been compiled into the running system. This information can be ob-
     tained by using the command:

           $ sysctl vfs.mounts

     By default, only filesystems that are actively being used are listed. Use
     of the -A flag lists all the filesystems compiled into the running ker-


     <sys/sysctl.h>            definitions for top level identifiers, second
                               level kernel and hardware identifiers, and user
                               level identifiers
     <dev/rndvar.h>            definitions for random(4) device's statistics
     <sys/socket.h>            definitions for second level network identif-
     <uvm/uvm_param.h>         definitions for second level virtual memory
     <uvm/uvm_swap_encrypt.h>  definitions for third level virtual memory
     <netinet/in.h>            definitions for third level IPv4/v6 identifiers
                               and fourth level IPv4/v6 identifiers
     <netinet/icmp_var.h>      definitions for fourth level ICMP identifiers
     <netinet6/icmp6.h>        definitions for fourth level ICMPv6 identifiers
     <netinet/tcp_var.h>       definitions for fourth level TCP identifiers
     <netinet/udp_var.h>       definitions for fourth level UDP identifiers
     <netipx/ipx_var.h>        definitions for third level IPX identifiers and
                               fourth level IPX identifiers
     <ddb/db_var.h>            definitions for second level ddb identifiers
     <sys/mount.h>             definitions for second level vfs identifiers
     <nfs/nfs.h>               definitions for third level NFS identifiers
     <ufs/ffs/ffs_extern.h>    definitions for third level FFS identifiers


     To retrieve the maximum number of processes allowed in the system:

           $ sysctl kern.maxproc

     To set the maximum number of processes allowed in the system to 1000:

           # sysctl kern.maxproc=1000

     To retrieve information about the system clock rate:

           $ sysctl kern.clockrate

     To retrieve information about the load average history:

           $ sysctl vm.loadavg

     To make the chown(2) system call use traditional BSD semantics (don't
     clear setuid/setgid bits):

           # sysctl fs.posix.setuid=0

     To set the list of reserved TCP ports that should not be allocated by the
     kernel dynamically:

           # sysctl net.inet.tcp.baddynamic=749,750,751,760,761,871

     This can be used to keep daemons from stealing a specific port that
     another program needs to function. List elements may be separated by com-
     mas and/or whitespace.

     It is also possible to add or remove ports from the current list:

           # sysctl net.inet.tcp.baddynamic=+748
           # sysctl net.inet.tcp.baddynamic=-871

     To adjust the number of kernel nfsio threads used to service asynchronous
     I/O requests on an NFS client machine:

           # sysctl vfs.nfs.iothreads=4

     The default is 4; 20 is the maximum. See nfssvc(2) and nfsd(8) for furth-
     er discussion.

     To set the amount of shared memory available in the system and the max-
     imum number of shared memory segments:

           # sysctl kern.shminfo.shmmax=33554432
           # sysctl kern.shminfo.shmseg=32


     sysctl(3), sysctl.conf(5)


     sysctl first appeared in 4.4BSD.

