sysctl

Runs on:

QNX Neutrino

Options:

-A

List all the known MIB names, including tables. Those with string or integer values are displayed as they would be with the -a option; for the table values, the name of the utility to retrieve them is given.

-a

List all the currently available string or integer values.

-d

Display descriptions of the selected nodes. The default is to display their values.

-e

Separate the name and value of the variables with an equals sign (=). This format is useful when you're producing output to be given as input to sysctl. The default is to use an equals sign with a space on either side. This option is ignored if you also specify the -n option, or if you're setting a variable.

-f file

Read and process the specified file. The format of the file is as follows:

• Blank lines and comments (beginning with #) are ignored.
• You can use a backslash to escape the end of the line.
• Remaining lines are processed similarly to command-line arguments of the form name or name=value.

This option implies the -w option. Any name arguments on the command line are ignored.

-M

Display the MIB instead of any of the actual values contained in the MIB. This causes the entire MIB to be displayed unless you also give specific MIB arguments or the -f file option.

-n

Don't display the field name; display only its value. You'll find this option useful when you're setting shell variables. For example, to save the IP TTL value in the variable ipttl, type the following:

set ipttl=`sysctl -n net.inet.ip.ttl`

-q

Be quiet; display nothing when setting variables, unless an error occurs.

-r

Display values in their raw binary forms as retrieved directly. You can use this option to retrieve some additional nodes that sysctl can't display directly. This option conflicts with the -x option.

-w name=value

Set the value for the given MIB name.

-x

Display the requested value in a hexadecimal representation instead of its regular form. If you specify this option more than once, the output for each value includes the hexadecimal offset, two sets of eight columns of hexadecimal bytes, then a vertical bar (|), followed by the ASCII representation of the bytes. This option conflicts with the -r option.

Description:

The sysctl utility retrieves the state of the socket manager and allows processes with appropriate privilege to set the state. The variable to be retrieved or set is described using a Management Information Base (MIB) style name, described as a dotted set of components.

The information available from sysctl consists of integers, strings, and tables. You can retrieve tabular information only by using special-purpose programs such as arp and netstat.

The variables that are available to you depend on what you're running on your machine; the table below shows the variables that are likely of most interest. For information about determining the meaning of other variables, see sysctl() and sysctlbyname() in the QNX Neutrino C Library Reference.

A process with appropriate privilege can change the value of all these variables except those marked as read-only. All values are integers unless otherwise indicated.

kern.clockrate (read only)

A struct clockinfo that contains the clock, statistics clock and profiling clock frequencies, the number of microseconds per Hz tick, and the clock skew rate.

kern.mbuf.mblowat

The mbuf low water mark.

kern.mbuf.mclbytes

The mbuf cluster size.

kern.mbuf.mcllowat

The mbuf cluster low water mark.

kern.mbuf.msize (read only)

The mbuf base size.

kern.mbuf.nmbclusters

The limit on the number of mbuf clusters. You can only increase this limit, and only on machines with direct-mapped pool pages.

kern.sbmax

The maximum socket buffer size.

net.inet.arp.down

The failed ARP entry lifetime.

net.inet.arp.keep

The valid ARP entry lifetime.

net.inet.arp.maxtries

The maximum number of ARP resolution attempts to make before marking the route to the host as down for a configurable amount of time. If you specify 0, unlimited resolution attempts are made.

This affects any new socket connection for which the host address isn't getting resolved in the ARP cache. This is not meant for use on a mid point if IP forwarding is enabled.

net.inet.arp.prune

The ARP cache pruning interval.

net.inet.arp.refresh

The ARP entry refresh interval.

net.inet.ip.allowsrcrt

Allow (1) or drop (0) all source-routed packets.

net.inet.ip.directed-broadcast

Enable (1) or disable (0) directed-broadcast.

net.inet.ip.do_loopback_cksum

Compute (1) or don't compute (0) checksums on loopback.

net.inet.ip.forwarding

Disable (0) or enable (1) IP forwarding. If this is enabled, the host acts as a router.

net.inet.ip.forwsrcrt

Forward source-routed packets.

net.inet.ip.maxflows

The maximum number of IP flows allowed.

net.inet.ip.mtudisc

Allow (1) or disallow (0) path MTU discovery.

net.inet.ip.redirect

Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.

net.inet.ip.subnetsarelocal

Treat (1) or don't treat (0) subnets as local addresses.

net.inet.ip.ttl

The maximum time-to-live (hop count) value for an IP packet sourced by the system. This value applies to normal transport protocols, not to ICMP.

net.inet.tcp.congctl.available

A string that lists the available TCP congestion-control algorithms.

net.inet.tcp.congctl.selected

A string that contains the name of the currently selected TCP congestion-control algorithm.

net.inet.tcp.do_loopback_cksum

Compute (1) or don't compute (0) checksums on loopback.

net.inet.tcp.fack_tso_adjust

Adjust (1) or don't adjust (0) the behavior of the Forward ACKnowledgement (FACK) recovery algorithm.

net.inet.tcp.keepcnt

The keepalive count.

net.inet.tcp.keepidle

The keepalive idle time, in clock ticks (see net.inet.tcp.slowhz).

net.inet.tcp.keepintvl

The keepalive probe interval, in clock ticks (see net.inet.tcp.slowhz).

net.inet.tcp.mssdflt

The default maximum segment size.

net.inet.tcp.recvspace

The default size of the receive buffer.

net.inet.tcp.sack.enable

Enable (1) or disable (0) RFC 2018 Selective ACKnowledgements.

net.inet.tcp.sack.globalholes (read only)

The global number of TCP SACK holes.

net.inet.tcp.sack.globalmaxholes

The global maximum number of TCP SACK holes.

net.inet.tcp.sack.maxholes

The maximum number of TCP SACK holes allowed per connection.

net.inet.tcp.sendspace

The default size of the send buffer.

net.inet.tcp.slowhz (read only)

The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks of a clock that ticks tcp.slowhz times per second. (That is, you must divide their values by the value of tcp.slowhz to get times in seconds.)

net.inet.tcp.win_scale

RFC 1323 window scaling.

net.inet.udp.do_loopback_cksum

Compute (1) or don't compute (0) checksums on loopback.

net.inet.udp.recvspace

The default size of the receive buffer.

net.inet.udp.sendspace

The default size of the send buffer.

net.inet6.ip6.forwarding

Disable (0) or enable (1) IP forwarding. If this is enabled, the host acts as a router.

net.inet6.ip6.redirect

Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.

net.inet6.tcp6.do_loopback_cksum

Compute (1) or don't compute (0) checksums on loopback.

net.inet6.tcp6.keepcnt

The keepalive count.

net.inet6.tcp6.keepidle

The keepalive idle time, in clock ticks (see net.inet.tcp6.slowhz).

net.inet6.tcp6.keepintvl

The keepalive probe interval, in clock ticks (see net.inet.tcp6.slowhz).

net.inet6.tcp6.recvspace

The default size of the receive buffer.

net.inet6.tcp6.sack.enable

Enable (1) or disable (0) RFC 2018 Selective ACKnowledgements.

net.inet6.tcp6.sack.globalholes (read only)

The global number of TCP SACK holes.

net.inet6.tcp6.sack.globalmaxholes

The global maximum number of TCP SACK holes.

net.inet6.tcp6.sack.maxholes

The maximum number of TCP SACK holes allowed per connection.

net.inet6.tcp6.sendspace

The default size of the send buffer.

net.inet6.tcp6.slowhz (read only)

The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks of a clock that ticks tcp6.slowhz times per second. (That is, you must divide their values by the value of tcp6.slowhz to get times in seconds.)

net.inet6.udp6.do_loopback_cksum

Compute (1) or don't compute (0) checksums on loopback.

net.inet6.udp6.recvspace

The default size of the receive buffer.

net.inet6.udp6.sendspace

The default size of the send buffer.

qnx.kern.droproot

When you set this variable, io-pkt stops running as root and drops to the user specified with its -U option:

sysctl -w qnx.kern.droproot=value

The value is a hexadecimal number whose bits indicate which abilities io-pkt should keep, or 0 if you want io-pkt to continue to run as root. The QNX_DROPROOT_* flags are defined in <sys/iopkt_ability.h>:

Constant	Value	Ability
QNX_DROPROOT_STD	0x0001	Drop root without keeping any additional abilities (keep io-pkt's “standard” ones)
QNX_DROPROOT_INTERRUPT	0x0002	PROCMGR_AID_INTERRUPT
QNX_DROPROOT_CONNECTION	0x0004	PROCMGR_AID_CONNECTION
QNX_DROPROOT_TIMER	0x0008	PROCMGR_AID_TIMER
QNX_DROPROOT_PROT_EXEC	0x0010	PROCMGR_AID_PROT_EXEC
QNX_DROPROOT_PATHSPACE	0x0020	Not used; io-pkt keeps PROCMGR_AID_PATHSPACE by default
QNX_DROPROOT_QNET	0x0040	PROCMGR_AID_QNET
QNX_DROPROOT_PUBLIC_CHANNEL	0x0080	PROCMGR_AID_PUBLIC_CHANNEL

For more information about abilities, see the entry for procmgr_ability() in the QNX Neutrino C Library Reference.

qnx.kern.secpol

When you set this variable, io-pkt continues running with the same uid it was started with, but switches to a different security type, most likely with fewer abilities:

sysctl -w qnx.kern.secpol=1

The sysctl design means it's necessary to pass in some non-zero value; passing in 1 is recommended because future releases could assign specific meanings to other parameter values.

The new security type depends on the security policies you've defined for the system. Thus, this variable is useful only if security policies are being used. For information about managing security policies, see the Security Developer's Guide.

You can set variables permanently by setting them in a file such as /etc/sysctl.conf, and then starting sysctl using that file. For example:

sysctl -f /etc/sysctl.conf

Examples:

Check to see if the UDP checksum is enabled:

sysctl net.inet.udp.checksum

Enable IP forwarding so that the host acts as a router:

sysctl -w net.inet.ip.forwarding=1