sysctl

Updated: April 19, 2023

Get or set the state of the socket manager

Syntax:

sysctl [-dne] [-x[x]|-r] variable ...
sysctl [-ne] [-q] -w variable=value ...
sysctl [-dne] -a
sysctl [-dne] -A
sysctl [-ne] -M
sysctl [-dne] [-q] -f file

Runs on:

QNX Neutrino

Options:

-A
List all the known MIB names, including tables. Those with string or integer values are displayed as they would be with the -a option; for the table values, the name of the utility to retrieve them is given.
-a
List all the currently available string or integer values.
-d
Display descriptions of the selected nodes. The default is to display their values.
-e
Separate the name and value of the variables with an equals sign (=). This format is useful when you're producing output to be given as input to sysctl. The default is to use an equals sign with a space on either side. This option is ignored if you also specify the -n option, or if you're setting a variable.
-f file
Read and process the specified file. The format of the file is as follows:
  • Blank lines and comments (beginning with #) are ignored.
  • You can use a backslash to escape the end of the line.
  • Remaining lines are processed similarly to command-line arguments of the form name or name=value.

This option implies the -w option. Any name arguments on the command line are ignored.

-M
Display the MIB instead of any of the actual values contained in the MIB. This causes the entire MIB to be displayed unless you also give specific MIB arguments or the -f file option.
-n
Don't display the field name; display only its value. You'll find this option useful when you're setting shell variables. For example, to save the IP TTL value in the variable ipttl, type the following:
set ipttl=`sysctl -n net.inet.ip.ttl`
-q
Be quiet; display nothing when setting variables, unless an error occurs.
-r
Display values in their raw binary forms as retrieved directly. You can use this option to retrieve some additional nodes that sysctl can't display directly. This option conflicts with the -x option.
-w name=value
Set the value for the given MIB name.
-x
Display the requested value in a hexadecimal representation instead of its regular form. If you specify this option more than once, the output for each value includes the hexadecimal offset, two sets of eight columns of hexadecimal bytes, then a vertical bar (|), followed by the ASCII representation of the bytes. This option conflicts with the -r option.

Description:

The sysctl utility retrieves the state of the socket manager and allows processes with appropriate privilege to set the state. The variable to be retrieved or set is described using a Management Information Base (MIB) style name, described as a dotted set of components.

The information available from sysctl consists of integers, strings, and tables. You can retrieve tabular information only by using special-purpose programs such as arp and netstat.

The variables that are available to you depend on what you're running on your machine; the table below shows the variables that are likely of most interest. For information about determining the meaning of other variables, see sysctl() and sysctlbyname() in the QNX Neutrino C Library Reference.

A process with appropriate privilege can change the value of all these variables except those marked as read-only. All values are integers unless otherwise indicated.

kern.clockrate (read only)
A struct clockinfo that contains the clock, statistics clock and profiling clock frequencies, the number of microseconds per Hz tick, and the clock skew rate.
kern.mbuf.mblowat
The mbuf low water mark.
kern.mbuf.mclbytes
The mbuf cluster size.
kern.mbuf.mcllowat
The mbuf cluster low water mark.
kern.mbuf.msize (read only)
The mbuf base size.
kern.mbuf.nmbclusters
The limit on the number of mbuf clusters. You can only increase this limit, and only on machines with direct-mapped pool pages.
kern.sbmax
The maximum socket buffer size.
net.inet.arp.down
The failed ARP entry lifetime.
net.inet.arp.keep
The valid ARP entry lifetime.
net.inet.arp.maxtries
The maximum number of ARP resolution attempts to make before marking the route to the host as down for a configurable amount of time. If you specify 0, unlimited resolution attempts are made.

This affects any new socket connection for which the host address isn't getting resolved in the ARP cache. This is not meant for use on a mid point if IP forwarding is enabled.

net.inet.arp.prune
The ARP cache pruning interval.
net.inet.arp.refresh
The ARP entry refresh interval.
net.inet.ip.allowsrcrt
Allow (1) or drop (0) all source-routed packets.
net.inet.ip.directed-broadcast
Enable (1) or disable (0) directed-broadcast.
net.inet.ip.do_loopback_cksum
Compute (1) or don't compute (0) checksums on loopback.
net.inet.ip.forwarding
Disable (0) or enable (1) IP forwarding. If this is enabled, the host acts as a router.
net.inet.ip.forwsrcrt
Forward source-routed packets.
net.inet.ip.ipv4idrsvd
Maximum reserved IPv4 identifier value. The io-pkt manager does not use IPv4 IDs from 0 to this number.
net.inet.ip.maxflows
The maximum number of IP flows allowed.
net.inet.ip.mtudisc
Allow (1) or disallow (0) path MTU discovery.
net.inet.ip.redirect
Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.
net.inet.ip.subnetsarelocal
Treat (1) or don't treat (0) subnets as local addresses.
net.inet.ip.ttl
The maximum time-to-live (hop count) value for an IP packet sourced by the system. This value applies to normal transport protocols, not to ICMP.
net.inet.tcp.congctl.available
A string that lists the available TCP congestion-control algorithms.
net.inet.tcp.congctl.selected
A string that contains the name of the currently selected TCP congestion-control algorithm.
net.inet.tcp.do_loopback_cksum
Compute (1) or don't compute (0) checksums on loopback.
net.inet.tcp.fack_tso_adjust
Adjust (1) or don't adjust (0) the behavior of the Forward ACKnowledgement (FACK) recovery algorithm.
net.inet.tcp.keepcnt
The keepalive count.
net.inet.tcp.keepidle
The keepalive idle time, in clock ticks (see net.inet.tcp.slowhz).
net.inet.tcp.keepintvl
The keepalive probe interval, in clock ticks (see net.inet.tcp.slowhz).
net.inet.tcp.mssdflt
The default maximum segment size.
net.inet.tcp.recvspace
The default size of the receive buffer.
net.inet.tcp.sack.enable
Enable (1) or disable (0) RFC 2018 Selective ACKnowledgements.
net.inet.tcp.sack.globalholes (read only)
The global number of TCP SACK holes.
net.inet.tcp.sack.globalmaxholes
The global maximum number of TCP SACK holes.
net.inet.tcp.sack.maxholes
The maximum number of TCP SACK holes allowed per connection.
net.inet.tcp.sendspace
The default size of the send buffer.
net.inet.tcp.slowhz (read only)
The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks of a clock that ticks tcp.slowhz times per second. (That is, you must divide their values by the value of tcp.slowhz to get times in seconds.)
net.inet.tcp.tcp_syn_initial_rto
The initial retransmission timeout value. The units are in ticks of the io-pkt PR_SLOWHZ timer (each tick is 500ms). The valid values are in the range [2,128]. Negative values are ignored, and values outside of this range are rounded to the minimum or maximum.
net.inet.tcp.win_scale
RFC 1323 window scaling.
net.inet.udp.do_loopback_cksum
Compute (1) or don't compute (0) checksums on loopback.
net.inet.udp.recvspace
The default size of the receive buffer.
net.inet.udp.sendspace
The default size of the send buffer.
net.inet6.ip6.forwarding
Disable (0) or enable (1) IP forwarding. If this is enabled, the host acts as a router.
net.inet6.ip6.redirect
Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.
net.inet6.tcp6.do_loopback_cksum
Compute (1) or don't compute (0) checksums on loopback.
net.inet6.tcp6.keepcnt
The keepalive count.
net.inet6.tcp6.keepidle
The keepalive idle time, in clock ticks (see net.inet.tcp6.slowhz).
net.inet6.tcp6.keepintvl
The keepalive probe interval, in clock ticks (see net.inet.tcp6.slowhz).
net.inet6.tcp6.recvspace
The default size of the receive buffer.
net.inet6.tcp6.sack.enable
Enable (1) or disable (0) RFC 2018 Selective ACKnowledgements.
net.inet6.tcp6.sack.globalholes (read only)
The global number of TCP SACK holes.
net.inet6.tcp6.sack.globalmaxholes
The global maximum number of TCP SACK holes.
net.inet6.tcp6.sack.maxholes
The maximum number of TCP SACK holes allowed per connection.
net.inet6.tcp6.sendspace
The default size of the send buffer.
net.inet6.tcp6.slowhz (read only)
The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks of a clock that ticks tcp6.slowhz times per second. (That is, you must divide their values by the value of tcp6.slowhz to get times in seconds.)
net.inet6.udp6.do_loopback_cksum
Compute (1) or don't compute (0) checksums on loopback.
net.inet6.udp6.recvspace
The default size of the receive buffer.
net.inet6.udp6.sendspace
The default size of the send buffer.
qnx.kern.droproot
When you set this variable, io-pkt stops running as root and drops to the user specified with its -U option:
sysctl -w qnx.kern.droproot=value

The value is a hexadecimal number whose bits indicate which abilities io-pkt should keep, or 0 if you want io-pkt to continue to run as root. The QNX_DROPROOT_* flags are defined in <sys/iopkt_ability.h>:

Constant Value Ability
QNX_DROPROOT_STD 0x0001 Drop root without keeping any additional abilities (keep io-pkt's “standard” ones)
QNX_DROPROOT_INTERRUPT 0x0002 PROCMGR_AID_INTERRUPT
QNX_DROPROOT_CONNECTION 0x0004 PROCMGR_AID_CONNECTION
QNX_DROPROOT_TIMER 0x0008 PROCMGR_AID_TIMER
QNX_DROPROOT_PROT_EXEC 0x0010 PROCMGR_AID_PROT_EXEC
QNX_DROPROOT_PATHSPACE 0x0020 Not used; io-pkt keeps PROCMGR_AID_PATHSPACE by default
QNX_DROPROOT_QNET 0x0040 PROCMGR_AID_QNET
QNX_DROPROOT_PUBLIC_CHANNEL 0x0080 PROCMGR_AID_PUBLIC_CHANNEL

For more information about abilities, see the entry for procmgr_ability() in the QNX Neutrino C Library Reference.

qnx.kern.secpol
When you set this variable, io-pkt continues running with the same uid it was started with, but switches to a different security type, most likely with fewer abilities:
sysctl -w qnx.kern.secpol=1

The sysctl design means it's necessary to pass in some non-zero value; passing in 1 is recommended because future releases could assign specific meanings to other parameter values.

Because the new security type depends on the security policies you've defined for the system, this variable is useful only if the system uses security policies. For more information, see “Security Policies” in the System Security Guide.

You can set variables permanently by setting them in a file such as /etc/sysctl.conf, and then starting sysctl using that file. For example:

sysctl -f /etc/sysctl.conf

Examples:

Check to see if the UDP checksum is enabled:

sysctl net.inet.udp.checksum
Note: Disabling UDP checksums is strongly discouraged.

Enable IP forwarding so that the host acts as a router:

sysctl -w net.inet.ip.forwarding=1