Sysctl

sysctl
Written in	C
Operating system	Unix-like (BSD)
Type	System configuration

Last updated April 21, 2024

sysctl is a software mechanism in some Unix-like operating systems that reads and modifies the attributes of the system kernel such as its version number, maximum limits, and security settings.^[1] It is available both as a system call for compiled programs, and an administrator command for interactive use and scripting. Linux additionally exposes sysctl as a virtual file system.

BSD

In BSD, these parameters are generally objects in a management information base (MIB) that describe tunable limits such as the size of a shared memory segment, the number of threads the operating system will use as an NFS client, or the maximum number of processes on the system; or describe, enable or disable behaviors such as IP forwarding, security restrictions on the superuser (the "securelevel"), or debugging output.^[1]

In OpenBSD and DragonFly BSD, sysctl is also used as the transport layer for the hw.sensors framework for hardware monitoring,^[2] whereas NetBSD uses the ioctl system call for its sysmon envsys counterpart. Both sysctl and ioctl are the two system calls which can be used to add extra functionality to the kernel without adding yet another system call;^[3] for example, in 2004 with OpenBSD 3.6, when the tcpdrop utility was introduced, sysctl was used as the underlying system call.^[3]^[4] In FreeBSD, although there is no sensors framework, the individual temperature and other sensors are still commonly exported through the sysctl tree through Newbus, for example, as is the case with the aibs(4) driver that's available in all the 4 BSD systems, including FreeBSD.^[5]^[6]^[7]

In BSD, a system call or system call wrapper is usually provided for use by programs, as well as an administrative program and a configuration file (for setting the tunable parameters when the system boots).

This feature first appeared in 4.4BSD. It has the advantage over hardcoded constants that changes to the parameters can be made dynamically without recompiling the kernel.

Historically, although kernel variables themselves could be modified through sysctl, the elements comprising the MIB of the sysctl tree were hardcoded at compile time, and as of 2019, it's mostly still the case in OpenBSD (with some exceptions like hw.sensors, which manages and provides its own dynamic subtree). FreeBSD has had "sysctl internal magic" for dynamic sysctl tree management since 1995; NetBSD has had its own implementation of a dynamic sysctl tree since December 2003.^[5]^[6]

Linux

In Linux, the sysctl interface mechanism is also exported as part of procfs under the /proc/sys directory (not to be confused with the /sys directory). This difference means checking the value of some parameter requires opening a file in a virtual file system, reading its contents, parsing them and closing the file. The sysctl system call does exist on Linux, but it has been deprecated and does not have a wrapper function in glibc; it is usually unavailable due to many distributions configuring the kernel without CONFIG_SYSCTL_SYSCALL; so it is not recommended for use.^[8]

Examples

When IP forwarding is enabled, the operating system kernel will act as a router. In FreeBSD, NetBSD, OpenBSD, DragonFly BSD, and Darwin/Mac OS X, the parameter net.inet.ip.forwarding can be set to 1 to enable this behavior. In Linux, the parameter is called net.ipv4.ip_forward.

In most systems, the command sysctl -w parameter=1 will enable a certain behavior. This will persist until the next reboot. If the behavior should be enabled whenever the system boots, the line parameter=1 can be added/rewritten to the file /etc/sysctl.conf. Additionally, some sysctl variables cannot be modified after the system is booted. These variables (depending on the variable, the version and flavor of BSD) need to either be set statically in the kernel at compile time or set in /boot/loader.conf.

Related Research Articles

The Open Sound System (OSS) is an interface for making and capturing sound in Unix and Unix-like operating systems. It is based on standard Unix devices system calls. The term also sometimes refers to the software in a Unix kernel that provides the OSS interface; it can be thought of as a device driver for sound controller hardware. The goal of OSS is to allow the writing of sound-based applications that are agnostic of the underlying sound hardware.

Explicit Congestion Notification (ECN) is an extension to the Internet Protocol and to the Transmission Control Protocol and is defined in RFC 3168 (2001). ECN allows end-to-end notification of network congestion without dropping packets. ECN is an optional feature that may be used between two ECN-enabled endpoints when the underlying network infrastructure also supports it.

In computing, a loadable kernel module (LKM) is an object file that contains code to extend the running kernel, or so-called base kernel, of an operating system. LKMs are typically used to add support for new hardware and/or filesystems, or for adding system calls. When the functionality provided by an LKM is no longer required, it can be unloaded in order to free memory and other resources.

ifconfig is a system administration utility in Unix-like operating systems for network interface configuration.

The proc filesystem (procfs) is a special filesystem in Unix-like operating systems that presents information about processes and other system information in a hierarchical file-like structure, providing a more convenient and standardized method for dynamically accessing process data held in the kernel than traditional tracing methods or direct access to kernel memory. Typically, it is mapped to a mount point named /proc at boot time. The proc file system acts as an interface to internal data structures about running processes in the kernel. In Linux, it can also be used to obtain information about the kernel and to change certain kernel parameters at runtime (sysctl).

sysfs is a pseudo file system provided by the Linux kernel that exports information about various kernel subsystems, hardware devices, and associated device drivers from the kernel's device model to user space through virtual files. In addition to providing information about various devices and kernel subsystems, exported virtual files are also used for their configuration.

OS-level virtualization is an operating system (OS) virtualization paradigm in which the kernel allows the existence of multiple isolated user space instances, called containers, zones, virtual private servers (OpenVZ), partitions, virtual environments (VEs), virtual kernels, or jails. Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources of that computer. However, programs running inside of a container can only see the container's contents and devices assigned to the container.

In computing, ioctl is a system call for device-specific input/output operations and other operations which cannot be expressed by regular file semantics. It takes a parameter specifying a request code; the effect of a call depends completely on the request code. Request codes are often device-specific. For instance, a CD-ROM device driver which can instruct a physical device to eject a disc would provide an ioctl request code to do so. Device-independent request codes are sometimes used to give userspace access to kernel functions which are only used by core system software or still under development.

securelevel is a security mechanism in *BSD kernels, which can optionally restrict certain capabilities. Securelevel is controlled by the sysctl variable kern.securelevel. This value is an integer, which when set to a value > 0 enables certain classes of restrictions. Any superuser process can raise securelevel, but only the init process can lower it.

A system monitor is a hardware or software component used to monitor system resources and performance in a computer system.

lm_sensors is a free open-source software-tool for Linux that provides tools and drivers for monitoring temperatures, voltage, humidity, and fans. It can also detect chassis intrusions.

In Unix-like operating systems, a device file, device node, or special file is an interface to a device driver that appears in a file system as if it were an ordinary file. There are also special files in DOS, OS/2, and Windows. These special files allow an application program to interact with a device by using its device driver via standard input/output system calls. Using standard system calls simplifies many programming tasks, and leads to consistent user-space I/O mechanisms regardless of device features and functions.

Proprietary firmware is any firmware that has had its use, private modification, copying, or republishing restricted by the producer. Proprietors may enforce restrictions by technical means, such as by restricting source code access, firmware replacement restrictions, or by legal means, such as through copyright and patents. Alternatives to proprietary firmware may be free (libre) or open-source.

OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.

<span class="mw-page-title-main">NetBSD</span> Free and open-source Unix-like operating system

NetBSD is a free and open-source Unix operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is available for many platforms, including servers, desktops, handheld devices, and embedded systems.

The hw.sensors framework is a kernel-level hardware sensors framework originating from OpenBSD, which uses the sysctl kernel interface as the transport layer between the kernel and the userland. As of 2019, the framework is used by over a hundred device drivers in OpenBSD to export various environmental sensors, with temperature sensors being the most common type. Consumption and monitoring of sensors is done in the userland with the help of sysctl, systat, sensorsd, ntpd, snmpd, ports/sysutils/symon and GKrellM.

The envsys framework is a kernel-level hardware monitoring sensors framework in NetBSD. As of 4 March 2019, the framework is used by close to 85 device drivers to export various environmental monitoring sensors, as evidenced by references of the sysmon_envsys_register symbol within the sys path of NetBSD; with temperature sensors, ENVSYS_STEMP, being the most likely type to be exported by any given driver. Sensors are registered with the kernel through sysmon_envsys(9) API. Consumption and monitoring of sensors from the userland is performed with the help of envstat utility through proplib(3) through ioctl(2) against the /dev/sysmon pseudo-device file, the powerd power management daemon that responds to kernel events by running scripts from /etc/powerd/scripts/, as well as third-party tools like symon and GKrellM from pkgsrc.

The bio(4) pseudo-device driver and the bioctl(8) utility implement a generic RAID volume management interface in OpenBSD and NetBSD. The idea behind this software is similar to ifconfig, where a single utility from the operating system can be used to control any RAID controller using a generic interface, instead of having to rely on many proprietary and custom RAID management utilities specific for each given hardware RAID manufacturer. Features include monitoring of the health status of the arrays, controlling identification through blinking the LEDs and managing of sound alarms, and specifying hot spare disks. Additionally, the softraid configuration in OpenBSD is delegated to bioctl as well; whereas the initial creation of volumes and configuration of hardware RAID is left to card BIOS as non-essential after the operating system has already been booted. Interfacing between the kernel and userland is performed through the ioctl system call through the /dev/bio pseudo-device.

systat is a BSD UNIX console application for displaying system statistics in fullscreen mode using ncurses/curses. It is available on, and by default ships in the base systems of, FreeBSD, NetBSD, OpenBSD and DragonFly BSD. It was first released as part of 4.3BSD in 1986.

References

1 2 "sysctl(7) — system information variables". BSD Cross Reference. NetBSD.
↑ Constantine A. Murenin (2007-04-17). Generalised Interfacing with Microprocessor System Hardware Monitors. Proceedings of 2007 IEEE International Conference on Networking, Sensing and Control, 15–17 April 2007. London, United Kingdom: IEEE. pp. 901–906. doi:10.1109/ICNSC.2007.372901. ISBN 978-1-4244-1076-7. IEEE ICNSC 2007, pp. 901—906.
1 2 Federico Biancuzzi (2004-10-28). "OpenBSD 3.6 Live". ONLamp . O'Reilly Media. Archived from the original on 2004-10-29. Retrieved 2019-03-20.
↑
Markus Friedl (2004). "tcpdrop.c". BSD Cross Reference. OpenBSD.
- "tcpdrop — drop a TCP connection". OpenBSD manual page server.
1 2 Constantine A. Murenin; Raouf Boutaba (2009-03-17). "8.3. Sensors framework in FreeBSD CVS". OpenBSD Hardware Sensors Framework (PDF). AsiaBSDCon 2009 Proceedings, 12–15 March 2009. Tokyo University of Science, Tokyo, Japan (published 2009-03-14). Archived from the original on 2010-06-20. Retrieved 2019-03-04.{{cite conference}}: CS1 maint: bot: original URL status unknown (link)
1 2 Constantine A. Murenin (2010-05-21). "8.3. Sensors framework in FreeBSD CVS". OpenBSD Hardware Sensors — Environmental Monitoring and Fan Control (MMath thesis). University of Waterloo: UWSpace. hdl:10012/5234. Document ID: ab71498b6b1a60ff817b29d56997a418.
↑
"aibs(4) — ASUSTeK AI Booster ACPI ATK0110 voltage, temperature and fan sensor". BSD Cross Reference. FreeBSD. 2010.
- "aibs -- ASUSTeK AI Booster ACPI ATK0110 voltage, temperature and fan sensor". FreeBSD Manual Pages.
↑ "sysctl(2): read/write system parameters". man7.org. 2017-09-15. Retrieved 2018-01-04.

External links

sysctl(2) in OpenBSD
sysctl(3) in FreeBSD, NetBSD, DragonFly BSD
sysctl(7) in NetBSD
sysctl(8) in *BSD
sysctl(9) in FreeBSD, DragonFly and NetBSD
sysctl(8) – Linux Programmer's Manual – Administration and Privileged Commands
sysctl(2) – Linux Programmer's Manual – System Calls
sysctl-explorer.net – An initiative to facilitate the access of Linux' sysctl reference documentation

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[n-sysctl-7-1] 1 2 "sysctl(7) — system information variables". BSD Cross Reference. NetBSD.

[sensors-ieee07-2] Constantine A. Murenin (2007-04-17). Generalised Interfacing with Microprocessor System Hardware Monitors. Proceedings of 2007 IEEE International Conference on Networking, Sensing and Control, 15–17 April 2007. London, United Kingdom: IEEE. pp. 901–906. doi:10.1109/ICNSC.2007.372901. ISBN 978-1-4244-1076-7. IEEE ICNSC 2007, pp. 901—906.

[onlamp-36-3] 1 2 Federico Biancuzzi (2004-10-28). "OpenBSD 3.6 Live". ONLamp . O'Reilly Media. Archived from the original on 2004-10-29. Retrieved 2019-03-20.

[tcpdrop-4] Markus Friedl (2004). "tcpdrop.c". BSD Cross Reference. OpenBSD.
"tcpdrop — drop a TCP connection". OpenBSD manual page server.

[mwqA] "tcpdrop — drop a TCP connection". OpenBSD manual page server.

[sensors-abc2009-5] 1 2 Constantine A. Murenin; Raouf Boutaba (2009-03-17). "8.3. Sensors framework in FreeBSD CVS". OpenBSD Hardware Sensors Framework (PDF). AsiaBSDCon 2009 Proceedings, 12–15 March 2009. Tokyo University of Science, Tokyo, Japan (published 2009-03-14). Archived from the original on 2010-06-20. Retrieved 2019-03-04.{{cite conference}}: CS1 maint: bot: original URL status unknown (link)

[sensors-mmath-6] 1 2 Constantine A. Murenin (2010-05-21). "8.3. Sensors framework in FreeBSD CVS". OpenBSD Hardware Sensors — Environmental Monitoring and Fan Control (MMath thesis). University of Waterloo: UWSpace. hdl:10012/5234. Document ID: ab71498b6b1a60ff817b29d56997a418.

[aibs.4-7] "aibs(4) — ASUSTeK AI Booster ACPI ATK0110 voltage, temperature and fan sensor". BSD Cross Reference. FreeBSD. 2010.
"aibs -- ASUSTeK AI Booster ACPI ATK0110 voltage, temperature and fan sensor". FreeBSD Manual Pages.

[mw1g] "aibs -- ASUSTeK AI Booster ACPI ATK0110 voltage, temperature and fan sensor". FreeBSD Manual Pages.

[8] "sysctl(2): read/write system parameters". man7.org. 2017-09-15. Retrieved 2018-01-04.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

v t e DragonFly BSD Project
Operating system	DragonFly BSD Light Weight Kernel Threads LWKT serializing tokens Kernel Normal Form
OS-level virtualisation	chroot jail vkernel
File systems, storage	AHCI NCQ autofs devfs disklabel fdisk HAMMER HAMMER2 LVM2 NFS NTFS NVMe procfs PUFFS tmpfs UFS soft updates Vinum VFS
Firewalls, networking	802.11 drivers ALTQ Bluetooth BPF CARP ipfw NDIS netgraph PF
Subsystems	busdma DPorts ioctl kqueue moused OpenPAM sysctl hw.sensors systat SMBus
People	Matthew Dillon

v t e The NetBSD Project
Operating system	NetBSD
Related projects	pkgsrc ATF netpgp pcc tnftp tcsh
Notable subsystems	Veriexec busdma DTrace envsys LKM Rump kernel
File systems and storage	bioctl CHFS disklabel fdisk LVM2 PUFFS tmpfs UFS WAPBL OpenZFS
Firewalls and networking	802.11 drivers ALTQ Bluetooth CARP BPF IPFilter NPF PF pfsync

v t e The OpenBSD Project
Operating system	OpenBSD version history security features
Related projects	bio CARP doas httpd fdm LibreSSL mandoc mg OpenBGPD OpenIKED OpenNTPD OpenOSPFD OpenSMTPD OpenSSH PF pfsync sensors sndio spamd sudo tmux Xenocara cwm
People	Theo de Raadt Niels Provos
Organizations	OpenBSD Foundation
Publications	OpenBSD Journal