Sysctl


sysctl is a software utility of some Unix-like operating systems that reads and modifies the attributes of the system kernel such as its version number, maximum limits, and security settings. It is available both as a system call for compiled programs, and an administrator command for interactive use and scripting. Linux additionally exposes sysctl as a virtual file system.

BSD

In BSD, these parameters are generally objects in a management information base that describe tunable limits such as the size of a shared memory segment, the number of threads the operating system will use as an NFS client, or the maximum number of processes on the system; or describe, enable or disable behaviors such as IP forwarding, security restrictions on the superuser, or debugging output.
In OpenBSD and DragonFly BSD, sysctl is also used as the transport layer for the hw.sensors framework for hardware monitoring, whereas NetBSD uses the ioctl system call for its sysmon envsys counterpart. Both sysctl and ioctl are the two system calls which can be used to add extra functionality to the kernel without adding yet another system call; for example, in 2004 with OpenBSD 3.6, when the tcpdrop utility was introduced, sysctl was used as the underlying system call. In FreeBSD, although there is no sensors framework, the individual temperature and other sensors are still commonly exported through the sysctl tree through Newbus, for example, as is the case with the aibs driver that's available in all the 4 BSD systems, including FreeBSD.
In BSD, a system call or system call wrapper is usually provided for use by programs, as well as an administrative program and a configuration file.
This feature first appeared in 4.4BSD. It has the advantage over hardcoded constants that changes to the parameters can be made dynamically without recompiling the kernel.
Historically, although kernel variables themselves could be modified through sysctl, the elements comprising the MIB of the sysctl tree were hardcoded at compile time, and as of 2019, it's mostly still the case in OpenBSD. FreeBSD has had "sysctl internal magic" for dynamic sysctl tree management since 1995; NetBSD has had its own implementation of a dynamic sysctl tree since December 2003.

Linux

In Linux, the sysctl interface mechanism is also exported as part of procfs under the /proc/sys directory. This difference means checking the value of some parameter requires opening a file in a virtual file system, reading its contents, parsing them and closing the file. The sysctl system call does exist on Linux, but it has been deprecated and does not have a wrapper function in glibc; it is usually unavailable due to many distributions configuring the kernel without CONFIG_SYSCTL_SYSCALL; so it is not recommended for use.

Examples

When IP forwarding is enabled, the operating system kernel will act as a router. In FreeBSD, NetBSD, OpenBSD, DragonFly BSD, and Darwin/Mac OS X, the parameter net.inet.ip.forwarding can be set to 1 to enable this behavior. In Linux, the parameter is called net.ipv4.ip_forward.
In most systems, the command sysctl -w parameter=1 will enable a certain behavior. This will persist until the next reboot. If the behavior should be enabled whenever the system boots, the line parameter=1 can be added/rewritten to the file /etc/sysctl.conf. Additionally, some sysctl variables cannot be modified after the system is booted. These variables need to either be set statically in the kernel at compile time or set in /boot/loader.conf.