SO often here at work we need to run the Linux netstat command to get various network details. More often than not, we need to run the netstat command with the -r flag to get routing details. While I am very familiar with the output, I have yet to fully memorize all the route flags and what they mean. Comically enough, there is no article here in our knowledge base that provides this info... So I am putting it up on my website here and now, and will write up an article about it later.
So while I have had need to refer to the flags, I have found many conflicting details as to what some of the flags refer to. For example, a page from IBM developerWorks indicates: "D Debugging ON." Another from ExpertsExchange indicates: "M Redundant route established with the -multirt option." and "S Route was established using the -setsrc option." Not to be going and bashing whoever made the responses here... I know that some other software also makes use of netstat and it is entirely possible that some one-off products have some specialized, or different flags/meanings. It is also possible that I has mis read/understood the answers. This confusion has caused some issues for me in the past, so to prevent future confusions, I am putting together this list here for my future reference.
Now, on the the good stuff.
For the sake of visualization, here's a netstat output:
I have, as much as possible, verified most of these to be applicable to Checkpoint's OSes SecurePlatform and Gaia. But if it turns out I am wrong on some, don't send out a lynch mob.
The mapping between letters and flags is:
1 - RTF_PROTO1 - Protocol specific routing flag #1
2 - RTF_PROTO2 - Protocol specific routing flag #2
3 - RTF_PROTO3 - Protocol specific routing flag #3
b - RTF_BROADCAST - The route represents a broadcast address
c - Access to this route creates a cloned route.
B - RTF_BLACKHOLE - Just discard pkts (during updates)
D - RTF_DYNAMIC - Created dynamically (by dynamic routing)
e - Has a binding cache entry.
G - RTF_GATEWAY - The route is to a gateway.
H - RTF_HOST - The route is to a host rather than to a network (net otherwise)
i - RTF_IFSCOPE - route is manually bound to this interface
L - RTF_LLINFO - The link-level address is present in the route entry.
l - The route represents a local address.
M - RTF_MODIFIED - Modified dynamically (by dynamic routing)
m - The route represents a multicast address.
P - Pinned route.
R - RTF_REJECT - Host or net unreachable
S - RTF_STATIC - Manually added (static route)
U - RTF_UP - Route Up
W - The route is a cloned route.
X - RTF_XRESOLVE - External daemon translates proto to link address
u - Route usable.
As I further work with Checkpoint, I will update this article with better/more details as to exactly what IS and IS NOT applicable to Checkpoint.
If you have anything to suggest in on this article, feel free to do so in the comments section below.
