1.\" $OpenBSD: sysctl.8,v 1.206 2016/09/23 02:37:26 deraadt Exp $ 2.\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ 3.\" 4.\" Copyright (c) 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 32.\" 33.Dd $Mdocdate: September 23 2016 $ 34.Dt SYSCTL 8 35.Os 36.Sh NAME 37.Nm sysctl 38.Nd get or set kernel state 39.Sh SYNOPSIS 40.Nm sysctl 41.Op Fl Aan 42.Nm sysctl 43.Op Fl n 44.Ar name ... 45.Nm sysctl 46.Op Fl nq 47.Ar name Ns = Ns Ar value ... 48.Sh DESCRIPTION 49The 50.Nm 51utility retrieves kernel state and allows processes with 52appropriate privilege to set kernel state. 53The state to be retrieved or set is described using a 54.Dq Management Information Base 55.Pq MIB 56style name, described as a dotted set of components. 57.Pp 58When retrieving a variable, 59a subset of the MIB name may be specified to retrieve a list of 60variables in that subset. 61For example, to list all the machdep variables: 62.Pp 63.Dl $ sysctl machdep 64.Pp 65When setting a variable, 66the MIB name should be followed by an equal sign and the new value. 67.Pp 68The options are as follows: 69.Bl -tag -width xxx 70.It Fl A 71List all the known MIB names including tables. 72Those with string or integer values will be printed as with the 73.Fl a 74flag; for the table values, the name of the utility to retrieve them is given. 75.It Fl a 76List all the currently available string or integer values. 77This is the default, if no parameters are given to 78.Nm . 79.It Fl n 80Suppress printing of the field name, only output the field value. 81Useful for setting shell variables. 82For example, to set the psize shell variable to the pagesize of the hardware: 83.Pp 84.Dl # set psize=`sysctl -n hw.pagesize` 85.It Fl q 86Suppress all output when setting a variable. 87This option overrides the behaviour of 88.Fl n . 89.It Ar name Ns = Ns Ar value 90Attempt to set the specified variable 91.Ar name 92to 93.Ar value . 94.El 95.Pp 96The information available from 97.Nm 98consists of integers, strings, and tables. 99The tabular information can only be retrieved by special 100purpose programs such as 101.Xr ps 1 , 102.Xr systat 1 , 103and 104.Xr netstat 1 . 105The string and integer information is summarized below. 106For a detailed description of these variables, see 107.Xr sysctl 3 . 108The changeable column indicates whether a process with appropriate 109privilege can change the value. 110.Pp 111Note: 112not all of the variables are relevant to all architectures, 113and a few require a kernel compiled with non-standard 114.Xr options 4 . 115.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" 116.It Sy Name Ta Sy Type Ta Sy Changeable 117.It kern.ostype string no 118.It kern.osrelease Ta string Ta no 119.It kern.osrevision Ta integer Ta no 120.It kern.version Ta string Ta no 121.It kern.maxvnodes Ta integer Ta yes 122.It kern.maxproc Ta integer Ta yes 123.It kern.maxfiles Ta integer Ta yes 124.It kern.argmax Ta integer Ta no 125.It kern.securelevel Ta integer Ta raise only 126.It kern.hostname Ta string Ta yes 127.It kern.hostid Ta u_int Ta yes 128.It kern.clockrate Ta struct Ta no 129.It kern.posix1version Ta integer Ta no 130.It kern.ngroups Ta integer Ta no 131.It kern.job_control Ta integer Ta no 132.It kern.saved_ids Ta integer Ta no 133.It kern.boottime Ta struct Ta no 134.It kern.domainname Ta string Ta yes 135.It kern.maxpartitions Ta integer Ta no 136.It kern.rawpartition Ta integer Ta no 137.It kern.maxthread Ta integer Ta yes 138.It kern.nthreads Ta integer Ta no 139.It kern.osversion Ta string Ta no 140.It kern.somaxconn Ta integer Ta yes 141.It kern.sominconn Ta integer Ta yes 142.It kern.nosuidcoredump Ta integer Ta yes 143.It kern.fsync Ta integer Ta no 144.It kern.sysvmsg Ta integer Ta no 145.It kern.sysvsem Ta integer Ta no 146.It kern.sysvshm Ta integer Ta no 147.It kern.msgbufsize Ta integer Ta no 148.It kern.malloc.buckets Ta string Ta no 149.It kern.malloc.bucket.<sz> Ta string Ta no 150.It kern.malloc.kmemnames Ta string Ta no 151.It kern.malloc.kmemstat.<name> Ta string Ta no 152.It kern.cp_time Ta struct Ta no 153.It kern.nchstats Ta struct Ta no 154.It kern.forkstat Ta struct Ta no 155.It kern.nselcoll Ta integer Ta no 156.It kern.tty.tk_nin Ta int64_t Ta no 157.It kern.tty.tk_nout Ta int64_t Ta no 158.It kern.tty.tk_rawcc Ta int64_t Ta no 159.It kern.tty.tk_cancc Ta int64_t Ta no 160.It kern.tty.ttyinfo Ta struct Ta no 161.It kern.ccpu Ta u_int Ta no 162.It kern.fscale Ta integer Ta no 163.It kern.nprocs Ta integer Ta no 164.It kern.stackgap_random Ta integer Ta yes 165.It kern.splassert Ta integer Ta yes 166.It kern.nfiles Ta integer Ta no 167.It kern.ttycount Ta integer Ta no 168.It kern.numvnodes Ta integer Ta no 169.It kern.seminfo.semmni Ta integer Ta yes 170.It kern.seminfo.semmns Ta integer Ta yes 171.It kern.seminfo.semmnu Ta integer Ta yes 172.It kern.seminfo.semmsl Ta integer Ta yes 173.It kern.seminfo.semopm Ta integer Ta yes 174.It kern.seminfo.semume Ta integer Ta no 175.It kern.seminfo.semusz Ta integer Ta no 176.It kern.seminfo.semvmx Ta integer Ta no 177.It kern.seminfo.semaem Ta integer Ta no 178.It kern.shminfo.shmmax Ta integer Ta yes 179.It kern.shminfo.shmmin Ta integer Ta yes 180.It kern.shminfo.shmmni Ta integer Ta yes 181.It kern.shminfo.shmseg Ta integer Ta yes 182.It kern.shminfo.shmall Ta integer Ta yes 183.It kern.watchdog.period Ta integer Ta yes 184.It kern.watchdog.auto Ta integer Ta yes 185.It kern.maxclusters Ta integer Ta yes 186.It kern.timecounter.tick Ta integer Ta no 187.It kern.timecounter.timestepwarnings Ta integer Ta yes 188.It kern.timecounter.hardware Ta string Ta yes 189.It kern.timecounter.choice Ta string Ta no 190.It kern.maxlocksperuid Ta integer Ta yes 191.It kern.bufcachepercent Ta integer Ta yes 192.It kern.wxabort Ta integer Ta yes 193.It kern.consdev Ta string Ta no 194.It kern.global_ptrace Ta integer Ta yes 195.It vm.vmmeter Ta struct Ta no 196.It vm.loadavg Ta struct Ta no 197.It vm.psstrings Ta struct Ta no 198.It vm.uvmexp Ta struct Ta no 199.It vm.swapencrypt.enable Ta integer Ta yes 200.It vm.swapencrypt.keyscreated Ta integer Ta no 201.It vm.swapencrypt.keysdeleted Ta integer Ta no 202.It vm.nkmempages Ta integer Ta no 203.It vm.anonmin Ta integer Ta yes 204.It vm.vtextmin Ta integer Ta yes 205.It vm.vnodemin Ta integer Ta yes 206.It vm.maxslp Ta integer Ta no 207.It vm.uspace Ta integer Ta no 208.It fs.posix.setuid Ta integer Ta yes 209.It net.inet.divert.recvspace Ta integer Ta yes 210.It net.inet.divert.sendspace Ta integer Ta yes 211.It net.inet.ip.forwarding Ta integer Ta yes 212.It net.inet.ip.redirect Ta integer Ta yes 213.It net.inet.ip.ttl Ta integer Ta yes 214.\" .It net.inet.ip.mtu Ta integer Ta yes 215.It net.inet.ip.sourceroute Ta integer Ta yes 216.It net.inet.ip.directed-broadcast Ta integer Ta yes 217.It net.inet.ip.portfirst Ta integer Ta yes 218.It net.inet.ip.portlast Ta integer Ta yes 219.It net.inet.ip.porthifirst Ta integer Ta yes 220.It net.inet.ip.porthilast Ta integer Ta yes 221.It net.inet.ip.maxqueue Ta integer Ta yes 222.It net.inet.ip.encdebug Ta integer Ta yes 223.It net.inet.ip.ipsec-expire-acquire Ta integer Ta yes 224.It net.inet.ip.ipsec-invalid-life Ta integer Ta yes 225.It net.inet.ip.ipsec-pfs Ta integer Ta yes 226.It net.inet.ip.ipsec-soft-allocs Ta integer Ta yes 227.It net.inet.ip.ipsec-allocs Ta integer Ta yes 228.It net.inet.ip.ipsec-soft-bytes Ta integer Ta yes 229.It net.inet.ip.ipsec-bytes Ta integer Ta yes 230.It net.inet.ip.ipsec-timeout Ta integer Ta yes 231.It net.inet.ip.ipsec-soft-timeout Ta integer Ta yes 232.It net.inet.ip.ipsec-soft-firstuse Ta integer Ta yes 233.It net.inet.ip.ipsec-firstuse Ta integer Ta yes 234.It net.inet.ip.ipsec-enc-alg Ta string Ta yes 235.It net.inet.ip.ipsec-auth-alg Ta string Ta yes 236.It net.inet.ip.mtudisc Ta integer Ta yes 237.It net.inet.ip.mtudisctimeout Ta integer Ta yes 238.It net.inet.ip.ipsec-comp-alg Ta string Ta yes 239.It net.inet.ip.ifq.len Ta integer Ta no 240.It net.inet.ip.ifq.maxlen Ta integer Ta yes 241.It net.inet.ip.ifq.drops Ta integer Ta no 242.It net.inet.ip.mforwarding Ta integer Ta yes 243.It net.inet.ip.multipath Ta integer Ta yes 244.It net.inet.ip.arptimeout Ta integer Ta yes 245.It net.inet.ip.arpdown Ta integer Ta yes 246.It net.inet.icmp.maskrepl Ta integer Ta yes 247.It net.inet.icmp.bmcastecho Ta integer Ta yes 248.It net.inet.icmp.errppslimit Ta integer Ta yes 249.It net.inet.icmp.rediraccept Ta integer Ta yes 250.It net.inet.icmp.redirtimeout Ta integer Ta yes 251.It net.inet.icmp.tstamprepl Ta integer Ta yes 252.It net.inet.ipip.allow Ta integer Ta yes 253.It net.inet.tcp.rfc1323 Ta integer Ta yes 254.It net.inet.tcp.keepinittime Ta integer Ta yes 255.It net.inet.tcp.keepidle Ta integer Ta yes 256.It net.inet.tcp.keepintvl Ta integer Ta yes 257.It net.inet.tcp.slowhz Ta integer Ta no 258.It net.inet.tcp.baddynamic Ta array Ta yes 259.It net.inet.tcp.sack Ta integer Ta yes 260.It net.inet.tcp.mssdflt Ta integer Ta yes 261.It net.inet.tcp.rstppslimit Ta integer Ta yes 262.It net.inet.tcp.ackonpush Ta integer Ta yes 263.It net.inet.tcp.ecn Ta integer Ta yes 264.It net.inet.tcp.syncachelimit Ta integer Ta yes 265.It net.inet.tcp.synbucketlimit Ta integer Ta yes 266.It net.inet.tcp.rfc3390 Ta integer Ta yes 267.It net.inet.tcp.reasslimit Ta integer Ta yes 268.It net.inet.tcp.sackholelimit Ta integer Ta yes 269.It net.inet.tcp.always_keepalive Ta integer Ta yes 270.It net.inet.tcp.synuselimit Ta integer Ta yes 271.It net.inet.tcp.rootonly Ta array Ta yes 272.It net.inet.tcp.synhashsize Ta integer Ta yes 273.It net.inet.udp.checksum Ta integer Ta yes 274.It net.inet.udp.baddynamic Ta array Ta yes 275.It net.inet.udp.recvspace Ta integer Ta yes 276.It net.inet.udp.sendspace Ta integer Ta yes 277.It net.inet.udp.rootonly Ta array Ta yes 278.It net.inet.gre.allow Ta integer Ta yes 279.It net.inet.gre.wccp Ta integer Ta yes 280.It net.inet.esp.enable Ta integer Ta yes 281.It net.inet.esp.udpencap Ta integer Ta yes 282.It net.inet.esp.udpencap_port Ta integer Ta yes 283.It net.inet.ah.enable Ta integer Ta yes 284.It net.inet.mobileip.allow Ta integer Ta yes 285.It net.inet.etherip.allow Ta integer Ta yes 286.It net.inet.ipcomp.enable Ta integer Ta yes 287.It net.inet.carp.allow Ta integer Ta yes 288.It net.inet.carp.preempt Ta integer Ta yes 289.It net.inet.carp.log Ta integer Ta yes 290.It net.inet6.ip6.forwarding Ta integer Ta yes 291.It net.inet6.ip6.redirect Ta integer Ta yes 292.It net.inet6.ip6.hlim Ta integer Ta yes 293.It net.inet6.ip6.maxfragpackets Ta integer Ta yes 294.It net.inet6.ip6.log_interval Ta integer Ta yes 295.It net.inet6.ip6.hdrnestlimit Ta integer Ta yes 296.It net.inet6.ip6.dad_count Ta integer Ta yes 297.It net.inet6.ip6.auto_flowlabel Ta integer Ta yes 298.It net.inet6.ip6.defmcasthlim Ta integer Ta yes 299.It net.inet6.ip6.use_deprecated Ta integer Ta yes 300.It net.inet6.ip6.maxfrags Ta integer Ta yes 301.It net.inet6.ip6.mforwarding Ta integer Ta yes 302.It net.inet6.ip6.multipath Ta integer Ta yes 303.It net.inet6.ip6.multicast_mtudisc Ta integer Ta yes 304.It net.inet6.ip6.neighborgcthresh Ta integer Ta yes 305.It net.inet6.ip6.maxifprefixes Ta integer Ta yes 306.It net.inet6.ip6.maxifdefrouters Ta integer Ta yes 307.It net.inet6.ip6.maxdynroutes Ta integer Ta yes 308.It net.inet6.ip6.dad_pending Ta integer Ta yes 309.It net.inet6.ip6.mtudisctimeout Ta integer Ta yes 310.It net.inet6.ip6.ifq.len Ta integer Ta no 311.It net.inet6.ip6.ifq.maxlen Ta integer Ta yes 312.It net.inet6.ip6.ifq.drops Ta integer Ta no 313.It net.inet6.icmp6.redirtimeout Ta integer Ta yes 314.It net.inet6.icmp6.nd6_prune Ta integer Ta yes 315.It net.inet6.icmp6.nd6_delay Ta integer Ta yes 316.It net.inet6.icmp6.nd6_umaxtries Ta integer Ta yes 317.It net.inet6.icmp6.nd6_mmaxtries Ta integer Ta yes 318.It net.inet6.icmp6.errppslimit Ta integer Ta yes 319.It net.inet6.icmp6.nd6_maxnudhint Ta integer Ta yes 320.It net.inet6.icmp6.mtudisc_hiwat Ta integer Ta yes 321.It net.inet6.icmp6.mtudisc_lowat Ta integer Ta yes 322.It net.inet6.icmp6.nd6_debug Ta integer Ta yes 323.It net.mpls.ttl Ta integer Ta yes 324.It net.mpls.ifq.len Ta integer Ta no 325.It net.mpls.ifq.maxlen Ta integer Ta yes 326.It net.mpls.ifq.drops Ta integer Ta no 327.It net.mpls.maxloop_inkernel Ta integer Ta yes 328.It net.mpls.mapttl_ip Ta integer Ta yes 329.It net.mpls.mapttl_ip6 Ta integer Ta yes 330.It net.pipex.enable Ta integer Ta yes 331.It net.pipex.inq.len Ta integer Ta no 332.It net.pipex.inq.maxlen Ta integer Ta yes 333.It net.pipex.inq.drops Ta integer Ta no 334.It net.pipex.outq.len Ta integer Ta no 335.It net.pipex.outq.maxlen Ta integer Ta yes 336.It net.pipex.outq.drops=0 Ta integer Ta no 337.It debug.syncprt Ta integer Ta yes 338.It debug.busyprt Ta integer Ta yes 339.It hw.machine Ta string Ta no 340.It hw.model Ta string Ta no 341.It hw.ncpu Ta integer Ta no 342.It hw.byteorder Ta integer Ta no 343.It hw.physmem Ta int64_t Ta no 344.It hw.usermem Ta int64_t Ta no 345.It hw.pagesize Ta integer Ta no 346.It hw.diskstats Ta struct Ta no 347.It hw.disknames Ta string Ta no 348.It hw.diskcount Ta integer Ta no 349.It hw.sensors.<xname>.<type><numt> Ta struct Ta no 350.It hw.cpuspeed Ta integer Ta no 351.It hw.setperf Ta integer Ta yes 352.It hw.vendor Ta string Ta no 353.It hw.product Ta string Ta no 354.It hw.version Ta string Ta no 355.It hw.serialno Ta string Ta no 356.It hw.uuid Ta string Ta no 357.It hw.ncpufound Ta integer Ta no 358.It hw.allowpowerdown Ta integer Ta yes 359.It hw.perfpolicy Ta string Ta yes 360.It machdep.console_device Ta dev_t Ta no 361.It machdep.unaligned_print Ta integer Ta yes 362.It machdep.unaligned_fix Ta integer Ta yes 363.It machdep.unaligned_sigbus Ta integer Ta yes 364.It machdep.apmwarn Ta integer Ta yes 365.It machdep.apmhalt Ta integer Ta yes 366.It machdep.kbdreset Ta integer Ta yes 367.It machdep.osfxsr Ta integer Ta no 368.It machdep.sse Ta integer Ta no 369.It machdep.sse2 Ta integer Ta no 370.It machdep.xcrypt Ta integer Ta no 371.It machdep.allowaperture Ta integer Ta yes 372.It machdep.led_blink Ta integer Ta yes 373.It machdep.ceccerrs Ta integer Ta no 374.It machdep.cecclast Ta quad Ta no 375.It ddb.radix Ta integer Ta yes 376.It ddb.max_width Ta integer Ta yes 377.It ddb.max_line Ta integer Ta yes 378.It ddb.tab_stop_width Ta integer Ta yes 379.It ddb.panic Ta integer Ta yes 380.It ddb.console Ta integer Ta yes 381.It ddb.log Ta integer Ta yes 382.It ddb.trigger Ta integer Ta yes 383.It vfs.mounts.* Ta struct Ta no 384.It vfs.ffs.max_softdeps Ta integer Ta yes 385.It vfs.ffs.sd_tickdelay Ta integer Ta yes 386.It vfs.ffs.sd_worklist_push Ta integer Ta no 387.It vfs.ffs.sd_blk_limit_push Ta integer Ta no 388.It vfs.ffs.sd_ino_limit_push Ta integer Ta no 389.It vfs.ffs.sd_blk_limit_hit Ta integer Ta no 390.It vfs.ffs.sd_ino_limit_hit Ta integer Ta no 391.It vfs.ffs.sd_sync_limit_hit Ta integer Ta no 392.It vfs.ffs.sd_indir_blk_ptrs Ta integer Ta no 393.It vfs.ffs.sd_inode_bitmap Ta integer Ta no 394.It vfs.ffs.sd_direct_blk_ptrs Ta integer Ta no 395.It vfs.ffs.sd_dir_entry Ta integer Ta no 396.It vfs.ffs.dirhash_dirsize Ta integer Ta yes 397.It vfs.ffs.dirhash_maxmem Ta integer Ta yes 398.It vfs.ffs.dirhash_mem Ta integer Ta no 399.It vfs.nfs.iothreads Ta integer Ta yes 400.It vfs.fuse.fusefs_open_devices Ta integer Ta no 401.It vfs.fuse.fusefs_fbufs_in Ta integer Ta no 402.It vfs.fuse.fusefs_fbufs_wait Ta integer Ta no 403.It vfs.fuse.fusefs_pool_pages Ta integer Ta no 404.El 405.Pp 406The 407.Nm 408program can extract information about the filesystems that have been compiled 409into the running system. 410This information can be obtained by using the command: 411.Pp 412.Dl $ sysctl vfs.mounts 413.Pp 414By default, only filesystems that are actively being used are listed. 415Use of the 416.Fl A 417flag lists all the filesystems compiled into the running kernel. 418.Sh FILES 419.Bl -tag -width <uvm/uvm_swap_encrypt.h> -compact 420.It In sys/sysctl.h 421definitions for top level identifiers and second level kernel and hardware 422identifiers 423.It In sys/socket.h 424definitions for second level network identifiers 425.It In sys/gmon.h 426definitions for third level profiling identifiers 427.It In uvm/uvm_param.h 428definitions for second level virtual memory identifiers 429.It In uvm/uvm_swap_encrypt.h 430definitions for third level virtual memory identifiers 431.It In netinet/in.h 432definitions for third level IPv4/v6 identifiers and 433fourth level IPv4/v6 identifiers 434.It In netinet/ip_divert.h 435definitions for fourth level divert identifiers 436.It In netinet/icmp_var.h 437definitions for fourth level ICMP identifiers 438.It In netinet6/icmp6.h 439definitions for fourth level ICMPv6 identifiers 440.It In netinet/tcp_var.h 441definitions for fourth level TCP identifiers 442.It In netinet/udp_var.h 443definitions for fourth level UDP identifiers 444.It In ddb/db_var.h 445definitions for second level ddb identifiers 446.It In sys/mount.h 447definitions for second level vfs identifiers 448.It In nfs/nfs.h 449definitions for third level NFS identifiers 450.It In miscfs/fuse/fusefs.h 451definitions for third level fusefs identifiers 452.It In ufs/ffs/ffs_extern.h 453definitions for third level FFS identifiers 454.It In machine/cpu.h 455definitions for second level CPU identifiers 456.El 457.Sh EXAMPLES 458To retrieve the maximum number of processes allowed 459in the system: 460.Pp 461.Dl $ sysctl kern.maxproc 462.Pp 463To set the maximum number of processes allowed 464in the system to 1000: 465.Pp 466.Dl # sysctl kern.maxproc=1000 467.Pp 468To retrieve information about the system clock rate: 469.Pp 470.Dl $ sysctl kern.clockrate 471.Pp 472To retrieve information about the load average history: 473.Pp 474.Dl $ sysctl vm.loadavg 475.Pp 476To make the 477.Xr chown 2 478system call use traditional 479.Bx 480semantics (don't clear setuid/setgid bits): 481.Pp 482.Dl # sysctl fs.posix.setuid=0 483.Pp 484To set the list of reserved TCP ports that should not be allocated 485by the kernel dynamically: 486.Pp 487.Dl # sysctl net.inet.tcp.baddynamic=749,750,751,760,761,871 488.Dl # sysctl net.inet.udp.baddynamic=749,750,751,760,761,871,1024-2048 489.Pp 490This can be used to keep daemons 491from stealing a specific port that another program needs to function. 492List elements may be separated by commas and/or whitespace; 493a hyphen may be used to specify a range of ports. 494.Pp 495It is also possible to add or remove ports from the current list: 496.Bd -literal -offset indent 497# sysctl net.inet.tcp.baddynamic=+748,+6000-6999 498# sysctl net.inet.tcp.baddynamic=-871 499.Ed 500.Pp 501To set the amount of shared memory available in the system and 502the maximum number of shared memory segments: 503.Bd -literal -offset indent 504# sysctl kern.shminfo.shmmax=33554432 505# sysctl kern.shminfo.shmseg=32 506.Ed 507.Pp 508To place core dumps from 509.Xr issetugid 2 510programs (in this example 511.Xr bgpd 8 ) 512into a safe place for debugging purposes: 513.Bd -literal -offset indent 514# mkdir -m 700 /var/crash/bgpd 515# sysctl kern.nosuidcoredump=3 516.Ed 517.Sh SEE ALSO 518.Xr sysctl 3 , 519.Xr options 4 , 520.Xr sysctl.conf 5 521.Sh HISTORY 522.Nm 523first appeared in 524.Bx 4.4 . 525