Get or set the state of the socket manager
Syntax:
sysctl [-dne] [-x[x]|-r] variable ...
sysctl [-ne] [-q] -w variable=value ...
sysctl [-dne] -a
sysctl [-dne] -A
sysctl [-ne] -M
sysctl [-dne] [-q] -f file
Options:
- -A
- List all the known MIB names, including tables.
Those with string or integer values are displayed as they would be with the -a option; for the
table values, the name of the utility to retrieve them is given.
- -a
- List all the currently available string or integer values.
- -d
- Display descriptions of the selected nodes.
The default is to display their values.
- -e
- Separate the name and value of the variables with an equals sign (=).
This format is useful when you're producing output to be given as input to sysctl.
The default is to use an equals sign with a space on either side.
This option is ignored if you also specify the -n option, or if you're setting a variable.
- -f file
- Read and process the specified file.
The format of the file is as follows:
- Blank lines and comments (beginning with #) are ignored.
- You can use a backslash to escape the end of the line.
- Remaining lines are processed similarly to command-line arguments of the
form name or name=value.
This option implies the -w option.
Any name arguments on the command line are ignored.
- -M
- Display the MIB instead of any of the actual values contained in the MIB.
This causes the entire MIB to be displayed unless you also give specific MIB
arguments or the -f file option.
- -n
- Don't display the field name; display only its value.
You'll find this option useful when you're setting shell variables.
For example, to save the IP TTL value in the variable ipttl, type the following:
set ipttl=`sysctl -n net.inet.ip.ttl`
- -q
- Be quiet; display nothing when setting variables, unless an error occurs.
- -r
- Display values in their raw binary forms as retrieved directly.
You can use this option to retrieve some additional nodes that
sysctl can't display directly.
This option conflicts with the -x option.
- -w name=value
- Set the value for the given MIB name.
- -x
- Display the requested value in a hexadecimal representation instead of its regular form.
If you specify this option more than once, the output for each value
includes the hexadecimal offset, two sets of eight columns of hexadecimal
bytes, then a vertical bar (|), followed by the ASCII representation of the bytes.
This option conflicts with the -r option.
Description:
The sysctl utility retrieves the state of the socket manager and allows processes with
appropriate privilege to set the state.
The variable to be retrieved or set is described using a Management Information Base (MIB) style name,
described as a dotted set of components.
The information available from sysctl consists of integers, strings, and tables.
You can retrieve tabular information only by using special-purpose programs such as
arp
and
netstat.
The variables that are available to you depend on what you're running on
your machine; the table below shows the variables that are likely of most interest.
For information about determining the meaning of other variables, see
sysctl() and sysctlbyname()
in the QNX Neutrino C Library Reference.
A process with appropriate privilege can change the value of all these variables except those marked as read-only.
All values are integers unless otherwise indicated.
- kern.clockrate (read only)
- A struct clockinfo that contains
the clock, statistics clock and profiling clock frequencies,
the number of microseconds per Hz tick, and the clock skew rate.
- kern.mbuf.mblowat
- The mbuf low water mark.
- kern.mbuf.mclbytes
- The mbuf cluster size.
- kern.mbuf.mcllowat
- The mbuf cluster low water mark.
- kern.mbuf.msize (read only)
- The mbuf base size.
- kern.mbuf.nmbclusters
- The limit on the number of mbuf clusters.
You can only increase this limit, and only on machines with direct-mapped pool pages.
- kern.sbmax
- The maximum socket buffer size.
- net.inet.arp.down
- The failed ARP entry lifetime.
- net.inet.arp.keep
- The valid ARP entry lifetime.
- net.inet.arp.maxtries
- The maximum number of ARP resolution attempts to make before marking the route to the host as down
for a configurable amount of time. If you specify 0, unlimited resolution attempts are made.
This affects any new socket connection for which the host address isn't getting resolved in the ARP cache.
This is not meant for use on a mid point if IP forwarding is enabled.
- net.inet.arp.prune
- The ARP cache pruning interval.
- net.inet.arp.refresh
- The ARP entry refresh interval.
- net.inet.ip.allowsrcrt
- Allow (1) or drop (0) all source-routed packets.
- net.inet.ip.directed-broadcast
- Enable (1) or disable (0) directed-broadcast.
- net.inet.ip.do_loopback_cksum
- Compute (1) or don't compute (0) checksums on loopback.
- net.inet.ip.forwarding
- Disable (0) or enable (1) IP forwarding. If this is enabled, the host acts as a router.
- net.inet.ip.forwsrcrt
- Forward source-routed packets.
- net.inet.ip.ipv4idrsvd
- Maximum reserved IPv4 identifier value. The io-pkt manager does not use IPv4 IDs from 0 to this number.
- net.inet.ip.maxflows
- The maximum number of IP flows allowed.
- net.inet.ip.mtudisc
- Allow (1) or disallow (0) path MTU discovery.
- net.inet.ip.redirect
- Allow (1) or disallow (0) send ICMP redirections when forwarding.
This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.
- net.inet.ip.subnetsarelocal
- Treat (1) or don't treat (0) subnets as local addresses.
- net.inet.ip.ttl
- The maximum time-to-live (hop count) value for an IP packet sourced by the system.
This value applies to normal transport protocols, not to ICMP.
- net.inet.tcp.congctl.available
- A string that lists the available TCP congestion-control algorithms.
- net.inet.tcp.congctl.selected
- A string that contains the name of the currently selected TCP congestion-control algorithm.
- net.inet.tcp.do_loopback_cksum
- Compute (1) or don't compute (0) checksums on loopback.
- net.inet.tcp.fack_tso_adjust
- Adjust (1) or don't adjust (0) the behavior of the Forward ACKnowledgement (FACK) recovery algorithm.
- net.inet.tcp.keepcnt
- The keepalive count.
- net.inet.tcp.keepidle
- The keepalive idle time, in clock ticks (see net.inet.tcp.slowhz).
- net.inet.tcp.keepintvl
- The keepalive probe interval, in clock ticks (see net.inet.tcp.slowhz).
- net.inet.tcp.mssdflt
- The default maximum segment size.
- net.inet.tcp.recvspace
- The default size of the receive buffer.
- net.inet.tcp.sack.enable
- Enable (1) or disable (0) RFC 2018 Selective ACKnowledgements.
- net.inet.tcp.sack.globalholes (read only)
- The global number of TCP SACK holes.
- net.inet.tcp.sack.globalmaxholes
- The global maximum number of TCP SACK holes.
- net.inet.tcp.sack.maxholes
- The maximum number of TCP SACK holes allowed per connection.
- net.inet.tcp.sendspace
- The default size of the send buffer.
- net.inet.tcp.slowhz (read only)
- The units for tcp.keepidle and tcp.keepintvl;
those variables are in ticks of a clock that ticks tcp.slowhz times per second.
(That is, you must divide their values by the value of tcp.slowhz to get times in seconds.)
- net.inet.tcp.tcp_syn_initial_rto
- The initial retransmission timeout value. The units are in ticks of the io-pkt PR_SLOWHZ timer (each tick is 500ms).
The valid values are in the range [2,128]. Negative values are ignored, and values outside of this range are rounded to the minimum or maximum.
- net.inet.tcp.win_scale
- RFC 1323 window scaling.
- net.inet.udp.do_loopback_cksum
- Compute (1) or don't compute (0) checksums on loopback.
- net.inet.udp.recvspace
- The default size of the receive buffer.
- net.inet.udp.sendspace
- The default size of the send buffer.
- net.inet6.ip6.forwarding
- Disable (0) or enable (1) IP forwarding. If this is enabled, the host acts as a router.
- net.inet6.ip6.redirect
- Allow (1) or disallow (0) send ICMP redirections when forwarding.
This option is ignored unless the host is routing IP packets.
Normally, this option should be enabled on all systems.
- net.inet6.tcp6.do_loopback_cksum
- Compute (1) or don't compute (0) checksums on loopback.
- net.inet6.tcp6.keepcnt
- The keepalive count.
- net.inet6.tcp6.keepidle
- The keepalive idle time, in clock ticks (see net.inet.tcp6.slowhz).
- net.inet6.tcp6.keepintvl
- The keepalive probe interval, in clock ticks (see net.inet.tcp6.slowhz).
- net.inet6.tcp6.recvspace
- The default size of the receive buffer.
- net.inet6.tcp6.sack.enable
- Enable (1) or disable (0) RFC 2018 Selective ACKnowledgements.
- net.inet6.tcp6.sack.globalholes (read only)
- The global number of TCP SACK holes.
- net.inet6.tcp6.sack.globalmaxholes
- The global maximum number of TCP SACK holes.
- net.inet6.tcp6.sack.maxholes
- The maximum number of TCP SACK holes allowed per connection.
- net.inet6.tcp6.sendspace
- The default size of the send buffer.
- net.inet6.tcp6.slowhz (read only)
- The units for tcp.keepidle and tcp.keepintvl;
those variables are in ticks of a clock that ticks tcp6.slowhz times per second.
(That is, you must divide their values by the value of tcp6.slowhz to get times in seconds.)
- net.inet6.udp6.do_loopback_cksum
- Compute (1) or don't compute (0) checksums on loopback.
- net.inet6.udp6.recvspace
- The default size of the receive buffer.
- net.inet6.udp6.sendspace
- The default size of the send buffer.
- qnx.kern.droproot
- When you set this variable,
io-pkt stops running as root
and drops to the user specified with its -U option:
sysctl -w qnx.kern.droproot=value
The value is a hexadecimal number
whose bits indicate which abilities io-pkt should keep,
or 0 if you want io-pkt to continue to run as root.
The QNX_DROPROOT_* flags are defined in <sys/iopkt_ability.h>:
Constant |
Value |
Ability |
QNX_DROPROOT_STD |
0x0001 |
Drop root without keeping any additional abilities
(keep io-pkt's standard ones)
|
QNX_DROPROOT_INTERRUPT |
0x0002 |
PROCMGR_AID_INTERRUPT
|
QNX_DROPROOT_CONNECTION |
0x0004 |
PROCMGR_AID_CONNECTION
|
QNX_DROPROOT_TIMER |
0x0008 |
PROCMGR_AID_TIMER
|
QNX_DROPROOT_PROT_EXEC |
0x0010 |
PROCMGR_AID_PROT_EXEC
|
QNX_DROPROOT_PATHSPACE |
0x0020 |
Not used; io-pkt keeps PROCMGR_AID_PATHSPACE by default |
QNX_DROPROOT_QNET |
0x0040 |
PROCMGR_AID_QNET
|
QNX_DROPROOT_PUBLIC_CHANNEL |
0x0080 |
PROCMGR_AID_PUBLIC_CHANNEL
|
For more information about abilities, see the entry for
procmgr_ability()
in the QNX Neutrino C Library Reference.
- qnx.kern.secpol
- When you set this variable, io-pkt
continues running with the same uid it was started with, but switches to a
different security type, most likely with fewer abilities:
sysctl -w qnx.kern.secpol=1
The sysctl design means it's necessary to pass in some non-zero
value; passing in 1 is recommended because future releases could assign specific
meanings to other parameter values.
Because the new security type depends on the security policies you've defined for the
system, this variable is useful only if the system uses security policies. For more
information, see Security Policies in the System Security Guide.
You can set variables permanently by setting them in a file such as
/etc/sysctl.conf, and then starting sysctl
using that file.
For example:
sysctl -f /etc/sysctl.conf
Examples:
Check to see if the UDP checksum is enabled:
sysctl net.inet.udp.checksum
Note:
Disabling UDP checksums is strongly discouraged.
Enable IP forwarding so that the host acts as a router:
sysctl -w net.inet.ip.forwarding=1