What's the meanings of the Routing tables' data in the Mac OS?
I use netstat to check the routing tables:
$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.10.10.1 UGSc 20 16 en0
10.10.10/24 link#4 UCS 1 0 en0
10.10.10.1/32 link#4 UCS 1 0 en0
10.10.10.1 bc:67:1c:40:3:f6 UHLWIir 21 14 en0 1193
10.10.10.104/32 link#4 UCS 0 0 en0
10.10.10.107 a8:6b:ad:6b:c4:a5 UHLWI 0 0 en0 820
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 54 2734893 lo0
169.254 link#4 UCS 0 0 en0
172.16.111/24 link#11 UC 1 0 vmnet1
192.168.220 link#12 UC 1 0 vmnet8
224.0.0/4 link#4 UmCS 2 0 en0
224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI 0 784 en0
255.255.255.255/32 link#4 UCS 0 0 en0
But I have several questions about this:
- I do not understand the Flags, Refs, Use and Expire's meaning.
- You see the
10.10.10.1 bc:67:1c:40:3:f6, so does this mean the IPv4 can divert to IPv6 address directly? - Whats the
link#4andlink#12meaning in the Gateway field? - What's the
Expirefield meaning?
This answer is a quick summary of what the fields mean in the routing table display of netstat. You can find all this information directly from the netstat man page (man netstat) or for an excellent primer, see FreeBSD's Handbook Chapter 31.2 - Gateways and Routes. (Apple's netstat is derived from the BSD version).
Flags
The flags field shows a collection of information about the route stored as binary choices. Following is extracted directly from the man page.
1 RTF_PROTO1 Protocol specific routing flag #1
2 RTF_PROTO2 Protocol specific routing flag #2
3 RTF_PROTO3 Protocol specific routing flag #3
B RTF_BLACKHOLE Just discard packets (during updates)
b RTF_BROADCAST The route represents a broadcast address
C RTF_CLONING Generate new routes on use
c RTF_PRCLONING Protocol-specified generate new routes on use
D RTF_DYNAMIC Created dynamically (by redirect)
G RTF_GATEWAY Destination requires forwarding by intermediary
H RTF_HOST Host entry (net otherwise)
I RTF_IFSCOPE Route is associated with an interface scope
i RTF_IFREF Route is holding a reference to the interface
L RTF_LLINFO Valid protocol to link address translation
M RTF_MODIFIED Modified dynamically (by redirect)
m RTF_MULTICAST The route represents a multicast address
R RTF_REJECT Host or net unreachable
r RTF_ROUTER Host is a default router
S RTF_STATIC Manually added
U RTF_UP Route usable
W RTF_WASCLONED Route was generated as a result of cloning
X RTF_XRESOLVE External daemon translates proto to link address
Y RTF_PROXY Proxying; cloned routes will not be scoped
So, looking at the first entry, the flags are UGSc meaning
-
U: RTF_UP- Route usable -
G: RTF_GATEWAY- Destination requires forwarding by intermediary -
S: RTF_STATIC- Route added manually -
c: RTF_PRCLONING- Protocol-specified generate new routes on use
Refs, Use, & Expire
The refcnt field gives the current number of active uses of the route. Connection oriented protocols normally hold on to a single route for the duration of a connection while connectionless protocols obtain a route while sending to the same destination. The use field provides a count of the number of packets sent using that route.
Expire is a timeout - a period in which the host doesn't respond to that route.
MAC Address and Hardware Devices
The HEX address that you're seeing for the 10.1.0.10.1/32 network (bc:67:1c:40:3:f6) is a MAC address, not a IPV6 address.
-
A MAC address is a 48-bit identifier specific to the hardware written in
MM:MM:MM:SS:SS:SSThe first three bytes (MM:MM:MM) identifies (assigned to) the hardware manufacturer and the second three bytes (SS:SS:SS) is assigned to the device by the manufacturer. -
An IPV6 address is a 106-bit hexadecimal identifier written as 8 hexidecimal numbers separated by colons: Example:
2001:0000:3238:DFE1:0063:0000:0000:FEFB
The link#4 and link#12 refer to the network device (i.e. Ethernet Adapter, WiFi Adapter, VPN adapter, etc.).