sysctl

Get or set the state of the socket manager

Syntax:

sysctl [-dne] [-x[x]|-r] variable ...
sysctl [-ne] [-q] -w variable=value ...
sysctl [-dne] -a
sysctl [-dne] -A
sysctl [-ne] -M
sysctl [-dne] [-q] -f file

Runs on:

QNX Neutrino

Options:

-A

List all the known MIB names, including tables. Those with string or integer values are displayed as they would be with the -a option; for the table values, the name of the utility to retrieve them is given.

-a

List all the currently available string or integer values.

-d

Display descriptions of the selected nodes. The default is to display their values.

-e

Separate the name and value of the variables with an equals sign (=). This format is useful when you're producing output to be given as input to sysctl. The default is to use an equals sign with a space on either side. This option is ignored if you also specify the -n option, or if you're setting a variable.

-f file

Read and process the specified file. The format of the file is as follows:

Blank lines and comments (beginning with #) are ignored.
You can use a backslash to escape the end of the line.
Remaining lines are processed similarly to command-line arguments of the form name or name=value.

This option implies the -w option. Any name arguments on the command line are ignored.

-M

Display the MIB instead of any of the actual values contained in the MIB. This causes the entire MIB to be displayed unless you also give specific MIB arguments or the -f file option.

-n

Don't display the field name; display only its value. You'll find this option useful when you're setting shell variables. For example, to save the IP TTL value in the variable ipttl, type the following:

set ipttl=`sysctl -n net.inet.ip.ttl`

-q

Be quiet; display nothing when setting variables, unless an error occurs.

-r

Display values in their raw binary forms as retrieved directly. You can use this option to retrieve some additional nodes that sysctl can't display directly. This option conflicts with the -x option.

-w name=value

Set the value for the given MIB name.

-x

Display the requested value in a hexadecimal representation instead of its regular form. If you specify this option more than once, the output for each value includes the hexadecimal offset, two sets of eight columns of hexadecimal bytes, then a vertical bar (|), followed by the ASCII representation of the bytes. This option conflicts with the -r option.

Description:

The sysctl utility retrieves the state of the socket manager and allows processes with appropriate privilege to set the state. The variable to be retrieved or set is described using a Management Information Base (MIB) style name, described as a dotted set of components.

The information available from sysctl consists of integers, strings, and tables. You can retrieve tabular information only by using special-purpose programs such as arp and netstat.

The variables that are available to you depend on what you're running on your machine; the table below shows the variables that are likely of most interest. For information about determining the meaning of other variables, see sysctl() and sysctlbyname() in the QNX Neutrino C Library Reference.

A process with appropriate privilege can change the value of all these variables except those marked as read-only. All values are integers unless otherwise indicated.

kern.clockrate (read only)

A struct clockinfo that contains the clock, statistics clock and profiling clock frequencies, the number of microseconds per Hz tick, and the clock skew rate.

kern.mbuf.mblowat

The mbuf low water mark.

kern.mbuf.mclbytes

The mbuf cluster size.

kern.mbuf.mcllowat

The mbuf cluster low water mark.

kern.mbuf.msize (read only)

The mbuf base size.

kern.mbuf.nmbclusters

The limit on the number of mbuf clusters. You can only increase this limit, and only on machines with direct-mapped pool pages.

kern.sbmax

The maximum socket buffer size.

net.inet.arp.down

The failed ARP entry lifetime.

net.inet.arp.keep

The valid ARP entry lifetime.

net.inet.arp.maxtries

The maximum number of ARP resolution attempts to make before marking the route to the host as down for a configurable amount of time. If you specify 0, unlimited resolution attempts are made.

This affects any new socket connection for which the host address isn't getting resolved in the ARP cache. This is not meant for use on a mid point if IP forwarding is enabled.

net.inet.arp.prune

The ARP cache pruning interval.

net.inet.arp.refresh

The ARP entry refresh interval.

net.inet.ip.allowsrcrt

Allow (1) or drop (0) all source-routed packets.

net.inet.ip.directed-broadcast

Enable (1) or disable (0) directed-broadcast.

net.inet.ip.do_loopback_cksum

Compute (1) or don't compute (0) checksums on loopback.

net.inet.ip.forwarding

Disable (0) or enable (1) IP forwarding. If this is enabled, the host acts as a router.

net.inet.ip.forwsrcrt

Forward source-routed packets.

net.inet.ip.ipv4idrsvd

Maximum reserved IPv4 identifier value. The io-pkt manager does not use IPv4 IDs from 0 to this number.

net.inet.ip.maxflows

The maximum number of IP flows allowed.

net.inet.ip.mtudisc

Allow (1) or disallow (0) path MTU discovery.

net.inet.ip.redirect

Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.

net.inet.ip.subnetsarelocal

Treat (1) or don't treat (0) subnets as local addresses.

net.inet.ip.ttl

The maximum time-to-live (hop count) value for an IP packet sourced by the system. This value applies to normal transport protocols, not to ICMP.

net.inet.tcp.congctl.available

A string that lists the available TCP congestion-control algorithms.

net.inet.tcp.congctl.selected

A string that contains the name of the currently selected TCP congestion-control algorithm.

net.inet.tcp.do_loopback_cksum

Compute (1) or don't compute (0) checksums on loopback.

net.inet.tcp.fack_tso_adjust

Adjust (1) or don't adjust (0) the behavior of the Forward ACKnowledgement (FACK) recovery algorithm.

net.inet.tcp.keepcnt

The keepalive count.

net.inet.tcp.keepidle

The keepalive idle time, in clock ticks (see net.inet.tcp.slowhz).

net.inet.tcp.keepintvl

The keepalive probe interval, in clock ticks (see net.inet.tcp.slowhz).

net.inet.tcp.mssdflt

The default maximum segment size.

net.inet.tcp.recvspace

The default size of the receive buffer.

net.inet.tcp.sack.enable

Enable (1) or disable (0) RFC 2018 Selective ACKnowledgements.

net.inet.tcp.sack.globalholes (read only)

The global number of TCP SACK holes.

net.inet.tcp.sack.globalmaxholes

The global maximum number of TCP SACK holes.

net.inet.tcp.sack.maxholes

The maximum number of TCP SACK holes allowed per connection.

net.inet.tcp.sendspace

The default size of the send buffer.

net.inet.tcp.slowhz (read only)

The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks of a clock that ticks tcp.slowhz times per second. (That is, you must divide their values by the value of tcp.slowhz to get times in seconds.)

net.inet.tcp.win_scale

RFC 1323 window scaling.

net.inet.udp.do_loopback_cksum

Compute (1) or don't compute (0) checksums on loopback.

net.inet.udp.recvspace

The default size of the receive buffer.

net.inet.udp.sendspace

The default size of the send buffer.

net.inet6.ip6.forwarding

Disable (0) or enable (1) IP forwarding. If this is enabled, the host acts as a router.

net.inet6.ip6.redirect

Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.

net.inet6.tcp6.do_loopback_cksum

Compute (1) or don't compute (0) checksums on loopback.

net.inet6.tcp6.keepcnt

The keepalive count.

net.inet6.tcp6.keepidle

The keepalive idle time, in clock ticks (see net.inet.tcp6.slowhz).

net.inet6.tcp6.keepintvl

The keepalive probe interval, in clock ticks (see net.inet.tcp6.slowhz).

net.inet6.tcp6.recvspace

The default size of the receive buffer.

net.inet6.tcp6.sack.enable

Enable (1) or disable (0) RFC 2018 Selective ACKnowledgements.

net.inet6.tcp6.sack.globalholes (read only)

The global number of TCP SACK holes.

net.inet6.tcp6.sack.globalmaxholes

The global maximum number of TCP SACK holes.

net.inet6.tcp6.sack.maxholes

The maximum number of TCP SACK holes allowed per connection.

net.inet6.tcp6.sendspace

The default size of the send buffer.

net.inet6.tcp6.slowhz (read only)

The units for tcp.keepidle and tcp.keepintvl; those variables are in ticks of a clock that ticks tcp6.slowhz times per second. (That is, you must divide their values by the value of tcp6.slowhz to get times in seconds.)

net.inet6.udp6.do_loopback_cksum

Compute (1) or don't compute (0) checksums on loopback.

net.inet6.udp6.recvspace

The default size of the receive buffer.

net.inet6.udp6.sendspace

The default size of the send buffer.

net.local.dgram.recvspace

The default size of the buffer for receiving data through a datagram-oriented Unix Domain Socket (UDS).

net.local.dgram.sendspace

The default size of the buffer for sending data through a datagram-oriented UDS.

net.local.stream.recvspace

The default size of the buffer for receiving data through a stream-oriented UDS.

net.local.stream.sendspace

The default size of the buffer for sending data through a stream-oriented UDS.

net.kern.drop_extra

Configure io-pkt to drop all abilities.

qnx.kern.droproot

When you set this variable, io-pkt stops running as root and drops to the user specified with its -U option:

sysctl -w qnx.kern.droproot=value

The value is a hexadecimal number whose bits indicate which abilities io-pkt should keep, or 0 if you want io-pkt to continue to run as root. The QNX_DROPROOT_* flags are defined in <sys/iopkt_ability.h>:


Constant	Value	Ability
QNX_DROPROOT_STD	0x0001	Drop root without keeping any additional abilities (keep io-pkt's standard ones)
QNX_DROPROOT_INTERRUPT	0x0002	PROCMGR_AID_INTERRUPT
QNX_DROPROOT_CONNECTION	0x0004	PROCMGR_AID_CONNECTION
QNX_DROPROOT_TIMER	0x0008	PROCMGR_AID_TIMER
QNX_DROPROOT_PROT_EXEC	0x0010	PROCMGR_AID_PROT_EXEC
QNX_DROPROOT_PATHSPACE	0x0020	Not used; io-pkt keeps PROCMGR_AID_PATHSPACE by default
QNX_DROPROOT_QNET	0x0040	PROCMGR_AID_QNET
QNX_DROPROOT_PUBLIC_CHANNEL	0x0080	PROCMGR_AID_PUBLIC_CHANNEL

For more information about abilities, see the entry for procmgr_ability() in the QNX Neutrino C Library Reference.

qnx.kern.secpol

When you set this variable, io-pkt continues running with the same uid it was started with, but switches to a different security type, most likely with fewer abilities:

sysctl -w qnx.kern.secpol=1

The sysctl design means it's necessary to pass in some non-zero value; passing in 1 is recommended because future releases could assign specific meanings to other parameter values.

Because the new security type depends on the security policies you've defined for the system, this variable is useful only if the system uses security policies. For more information, see Security Policies in the System Security Guide.

qnx.net.inet.arp.maxhold

Set the maximum number of packets that can be held by the IPv4 ARP protocol if the outgoing packet is too large and needs to be split into multiple ones (fragmentation; default is 1).

qnx.net.igmp.sendra

Enable the IP router alert option in the IGMPv2 header. Default is 0 (off).

qnx.net.inet.arp.accuratetime

Configure io-pkt to manage ARP timeouts using a more accurate clock. Default is to use a best-effort clock, which may result in events that are approximately timed.

qnx.net.inet.ip.fragttl

qnx.net.inet6.ip6.fragttl

Configure how long unresolved IP fragments are kept in the IP fragmentation queue (specified in 500 ms ticks).

qnx.net.inet.ip.numfragpackets

qnx.net.inet6.ip6.numfragpackets

Provide statistics for the number of packets in the fragmentation queue.

qnx.netinet.ip.numfrags

Provide statistics for the number of fragments in the IP fragmentation cache.

Variables that control the number and timing of TCP retransmissions

All time values are expressed as ticks of the io-pkt PR_SLOWHZ timer. Each tick is 500 ms.

qnx.net.inet.tcp.maxrxtshift: Maximum number of retransmissions.
qnx.net.inet.tcp.tcp_syn_initial_rto: The initial retransmission timeout value. The valid values are in the range [2,128]. Negative values are ignored, and values outside of this range are rounded to the minimum or maximum.
qnx.net.inet.tcp.rexmtmax: Maximum retransmission time.
qnx.net.inet.tcp.persmin: Minimum retransmission time of persist probe.
qnx.net.inet.tcp.persmax: Maximum retransmission time of persist probe.
qnx.net.inet.tcp.maxpersistidle: Total duration for persist probes to be sent when a zero-window condition is met and the peer stops responding to probes.

You can set variables permanently by setting them in a file such as /etc/sysctl.conf, and then starting sysctl using that file. For example:

sysctl -f /etc/sysctl.conf

Examples:

Check to see if the UDP checksum is enabled:

sysctl net.inet.udp.checksum

Note:

Disabling UDP checksums is strongly discouraged.

Enable IP forwarding so that the host acts as a router:

sysctl -w net.inet.ip.forwarding=1

Page updated: March 12, 2026