meaning of python socket address info output

Question

I'm tring to understand the meaning of the python socket address info output.

import socket
rawSocket = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.htons(0x0800))
pkt = rawSocket.recvfrom(2048)

print pkt[1]
('ens33', 2048, 1, 1, 'HE \xfd\x12h')

1. ens33 is the interface sending the data.

2. I guess that 2048 is the buffer size.

3. I have no idea what the first "1" is. Sometimes it's "0".

4. I noticed the second "1" relates to the interface (i.e. "772" for "lo")

5. 'HE \xfd\x12h' : Reverting the converted hex values, we get '\x48\x45\x20\xfd\x12\x68', it gives the mac address of host machine in a VM bridged connection.

So, the main question is for #3. What 1 or 0 means here ?

Answer 1

In short, the third 1 means it's a broadcast packet. 0 would mean it was a packet addressed to the machine running the Python code. Details follow.

This is based on Python 3.6, but the answer should be similar for other Py2 or Py3 versions. The answer is split between the source for the socket module, the packet(7) man page, and the Linux source.

The Python library includes function makesockaddr(). For PF_PACKET sockets (same as AF_PACKET), the relevant portion gives you the following order of fields. Explanations from the man page are italicized.

1. ifname (e.g., ens33) (the interface name, as you noted)
2. sll_protocol (e.g., 2048) Physical-layer protocol
3. sll_pkttype (e.g., 1) Packet type
4. sll_hatype (e.g., 1) ARP hardware type
5. sll_addr (e.g., the MAC address, as you noted above) Physical-layer address

The Linux source gives the various values for packet type. In that list, 1 is PACKET_BROADCAST. 0 is PACKET_HOST, explained as "To us".