I have a network system extension that sends flow records to my GUI app, and I saw an unusual string (%awdl0) appended to the local and remote IPv6 addresses in flow records from the UniversalControl program on my Intel iMac Pro.
fe80::f42d:14ff:fe38:7db7%awdl0
fe80::18d7:9bff:feae:2e32%awdl0
Any idea why the suffix is appended to the IPv6 address and what it means?
Here are more details about the event:
{
"localPort" : "56604",
"socketProtocol" : 6,
"version" : 0,
"programLastComponent" : "UniversalControl",
"localName" : "fe80::f42d:14ff:fe38:7db7%awdl0",
"time" : 716847716.50096297,
"socketType" : 1,
"remotePort" : "57968",
"socketFamily" : 30,
"procInfo" : {
"path" : "\/System\/Library\/CoreServices\/UniversalControl.app\/Contents\/MacOS\/UniversalControl",
"lastComponent" : "UniversalControl",
"teamId" : "",
"signingId" : ""
},
"timeStr" : "2023-09-19T20:21:56Z",
"remoteName" : "fe80::18d7:9bff:feae:2e32%awdl0",
"pid" : 667,
"webHost" : "",
"webUrl" : ""
}
And here is the flurry of flows reported including their ports:
The percent (%) syntax identifies an address’s scope. In this example:
% ping6 fluffy.local.
PING6(56=40+8+8 bytes) fe80::1c0f:4cec:f8fd:a89f%en0 --> fe80::aa20:66ff:fe2e:49ca%en0
…
the scope is en0, which happens to be my built-in Wi-Fi interface. Scopes really matter with IPv6, so you generally only see them there.
IMPORTANT BSD interfaces names are not considered API on Apple platforms. I go into this issue in some detail in Extra-ordinary Networking.
The awdl0 is associated with Apple’s peer-to-peer Wi-Fi implementation. Again, this name isn’t API, but it’s useful to know when looking at logs.
An address family of 30 is simply AF_INET6.
So, these are IPv6 flows running over peer-to-peer Wi-Fi.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
