Where does the OS X routing table come from?

Trying to find out where the initial routing configuration for OS X is stored (plist, or wherever), and what happens at startup to read that configuration and configure the network interface(s).

In OS X, the routing table is mostly managed by configd, based on the network settings in /Library/Preferences/SystemConfiguration/* and the live status of the network interfaces (e.g. is there something plugged into the ethernet jack at the moment?).

The network settings can be examined by looking in /Library/Preferences/SystemConfiguration/preferences.plist, but the format is very hard to understand; I recommend using the Network Preference pane, or the networksetup command to view & change settings.

The routing setup itself is pretty simple: each configured interface gets a route to its local subnet, and for destinations not on any of the local subnets, a default route is set based on the "Router" setting for the highest-priority "live" interface (see the order of the interfaces in Network prefs, or use networksetup -listnetworkserviceorder and then look for the first "live" interface on that list).

Starting in 10.6, things got a little more complicated, because Apple added source-based default routes for the defined routers of all interfaces. Essentially, this means that if traffic from a particular IP address comes in on an unexpected interface, it'll be replied to through the router defined on that interface.