sysctl: Add flags to filter jail prison and vnet variables

So users do not have to contact the source code to tell whether a
variable is a jail prison / vnet one or not.

Reviewed by:	cy (previous version), markj, jamie (for #jails)
MFC after:	2 weeks
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D47107

(cherry picked from commit 5ec83c660acaf30c1d6b9417dbd8c80dfa9d56ac)

2 files changed, 23 insertions, 3 deletions

diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
index ee3f8579882f..ff0a8cea266d 100644
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -27,7 +27,7 @@
 .\"
 .\"	From: @(#)sysctl.8	8.1 (Berkeley) 6/6/93
 .\"
-.Dd August 18, 2023
+.Dd October 29, 2024
 .Dt SYSCTL 8
 .Os
 .Sh NAME
@@ -107,6 +107,8 @@ The purpose is to make use of
 .Nm
 for collecting data from a variety of machines (not all of which
 are necessarily running exactly the same software) easier.
+.It Fl J
+Display only jail prision sysctl variables (CTLFLAG_PRISON).
 .It Fl N
 Show only variable names, not their values.
 This is particularly useful with shells that offer programmable
@@ -144,6 +146,8 @@ to standard error.
 Display only variables that are settable via loader (CTLFLAG_TUN).
 .It Fl t
 Print the type of the variable.
+.It Fl V
+Display only VNET sysctl variables (CTLFLAG_VNET).
 .It Fl W
 Display only writable variables that are not statistical.
 Useful for determining the set of runtime tunable sysctls.
@@ -316,7 +320,8 @@ option has been deprecated and is silently ignored.
 .Xr loader.conf 5 ,
 .Xr sysctl.conf 5 ,
 .Xr security 7 ,
-.Xr loader 8
+.Xr loader 8 ,
+.Xr jail 8
 .Sh HISTORY
 A
 .Nm
diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c
index 6f5c886bbf05..0fe6c92dc386 100644
--- a/sbin/sysctl/sysctl.c
+++ b/sbin/sysctl/sysctl.c
@@ -64,6 +64,7 @@ static const char *conffile;
 
 static int	aflag, bflag, Bflag, dflag, eflag, hflag, iflag;
 static int	Nflag, nflag, oflag, qflag, tflag, Tflag, Wflag, xflag;
+static bool	Jflag, Vflag;
 
 static int	oidfmt(int *, int, char *, u_int *);
 static int	parsefile(const char *);
@@ -136,7 +137,7 @@ main(int argc, char **argv)
 	setbuf(stdout,0);
 	setbuf(stderr,0);
 
-	while ((ch = getopt(argc, argv, "AabB:def:hiNnoqtTwWxX")) != -1) {
+	while ((ch = getopt(argc, argv, "AabB:def:hiJNnoqtTVwWxX")) != -1) {
 		switch (ch) {
 		case 'A':
 			/* compatibility */
@@ -166,6 +167,9 @@ main(int argc, char **argv)
 		case 'i':
 			iflag = 1;
 			break;
+		case 'J':
+			Jflag = true;
+			break;
 		case 'N':
 			Nflag = 1;
 			break;
@@ -184,6 +188,9 @@ main(int argc, char **argv)
 		case 'T':
 			Tflag = 1;
 			break;
+		case 'V':
+			Vflag = true;
+			break;
 		case 'w':
 			/* compatibility */
 			/* ignored */
@@ -992,10 +999,18 @@ show_var(int *oid, int nlen, bool honor_skip)
 	if (Wflag && ((kind & CTLFLAG_WR) == 0 || (kind & CTLFLAG_STATS) != 0))
 		return (1);
 
+	/* if Jflag then only list sysctls that are prison variables. */
+	if (Jflag && (kind & CTLFLAG_PRISON) == 0)
+		return (1);
+
 	/* if Tflag then only list sysctls that are tuneables. */
 	if (Tflag && (kind & CTLFLAG_TUN) == 0)
 		return (1);
 
+	/* if Vflag then only list sysctls that are vnet variables. */
+	if (Vflag && (kind & CTLFLAG_VNET) == 0)
+		return (1);
+
 	if (Nflag) {
 		printf("%s", name);
 		return (0);