New nodes are allowed to be created by the superuser when the kernel is running at security level 0. These new nodes may refer to existing kernel data or to new data that is only instrumented by
sysctl(3) itself.
The syntax for creating new nodes is “//create=new.node.path” followed by one or more of the following attributes separated by commas. The use of a double separator (both ‘/' and ‘.' can be used as separators) as the prefix tells sysctl that the first series of tokens is not a MIB name, but a command. It is recommended that the double separator preceding the command not be the same as the separator used in naming the MIB entry so as to avoid possible parse conflicts. The “value” assigned, if one is given, must be last.
•
type=<T> where T must be one of “node”, “int”, “string”, “quad”, or “struct”. If the type is omitted, the “node” type is assumed.
•
size=<S> here, S asserts the size of the new node. Nodes of type “node” should not have a size set. The size may be omitted for nodes of types “int” or “quad”. If the size is omitted for a node of type “string”, the size will be determined by the length of the given value, or by the kernel for kernel strings. Nodes of type “struct” must have their size explicitly set.
•
addr=<
A> or
symbol=<
A> The kernel address of the data being instrumented. If “symbol” is used, the symbol must be globally visible to the in-kernel
ksyms(4) driver.
•
n=<N> The MIB number to be assigned to the new node. If no number is specified, the kernel will assign a value.
•
flags=<
F> A concatenated string of single letters that govern the behavior of the node. Flags currently available are:
a
Allow anyone to write to the node, if it is writable.
h
“Hidden”. sysctl must be invoked with -A or the hidden node must be specifically requested in order to see it
i
“Immediate”. Makes the node store data in itself, rather than allocating new space for it. This is the default for nodes of type “int” and “quad”. This is the opposite of owning data.
o
“Own”. When the node is created, separate space will be allocated to store the data to be instrumented. This is the default for nodes of type “string” and “struct” where it is not possible to guarantee sufficient space to store the data in the node itself.
p
“Private”. Nodes that are marked private, and children of nodes so marked, are only viewable by the superuser. Be aware that the immediate data that some nodes may store is not necessarily protected by this.
x
“Hexadecimal”. Make sysctl default to hexadecimal display of the retrieved value
r
“Read-only”. The data instrumented by the given node is read-only. Note that other mechanisms may still exist for changing the data. This is the default for nodes that instrument data.
w
“Writable”. The data instrumented by the given node is writable at any time. This is the default for nodes that can have children.
•
value=<V> An initial starting value for a new node that does not reference existing kernel data. Initial values can only be assigned for nodes of the “int”, “quad”, and “string” types.
New nodes must fit the following set of criteria:
•
If the new node is to address an existing kernel object, only one of the “symbol” or “addr” arguments may be given.
•
The size for a “struct” type node must be specified; no initial value is expected or permitted.
•
Either the size or the initial value for a “string” node must be given.
•
The node which will be the parent of the new node must be writable.
If any of the given parameters describes an invalid configuration,
sysctl will emit a diagnostic message to the standard error and exit.
Descriptions can be added by the super-user to any node that does not have one, provided that the node is not marked with the “PERMANENT” flag. The syntax is similar to the syntax for creating new nodes with the exception of the keyword that follows the double separator at the start of the command: “//describe=new.node.path=new node description”. Once a description has been added, it cannot be changed or removed.
When destroying nodes, only the path to the node is necessary, i.e., “//destroy=old.node.path”. No other parameters are expected or permitted. Nodes being destroyed must have no children, and their parent must be writable. Nodes that are marked with the “
PERMANENT” flag (as assigned by the kernel) may not be deleted.
In all cases, the initial ‘=' that follows the command (eg, “create”, “destroy”, or “describe”) may be replaced with another instance of the separator character, provided that the same separator character is used for the length of the name specification.