RE : [lwip-users] 1.2.0 etharp_ip

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE : [lwip-users] 1.2.0 etharp_ip_input change

From:	Frédéric BERNON
Subject:	RE : [lwip-users] 1.2.0 etharp_ip_input change
Date:	Wed, 3 Jan 2007 17:25:08 +0100

Hi Jonathan,

It seems there is a problem to download your patch from   
<http://savannah.nongnu.org/patch/?5657>

Can you please send me the diff file please? 
  
====================================
Frédéric BERNON 
HYMATOM SA 
Chef de projet informatique 
Microsoft Certified Professional 
Tél. : +33 (0)4-67-87-61-10 
Fax. : +33 (0)4-67-70-85-44 
Email : address@hidden 
Web Site : http://www.hymatom.fr 
====================================
P Avant d'imprimer, penser à l'environnement
 


-----Message d'origine-----
De : address@hidden [mailto:address@hidden De la part de Jonathan Larmour
Envoyé : mercredi 3 janvier 2007 16:49
À : Mailing list for lwIP users
Objet : Re: [lwip-users] 1.2.0 etharp_ip_input change


Kieran Mansley wrote:
> On Tue, 2007-01-02 at 17:50 +0000, Jonathan Larmour wrote:
>> I was wondering about the following change in 1.2.0. Isn't updating 
>> the ARP
>> table from incoming IP packets a good thing and normal practice? Otherwise 
>> for something which isn't already in the ARP cache (especially a new TCP 
>> connection, or UDP from a novel host) won't the lwip stack need to send an 
>> ARP request for any response?
> 
> There is a moderate spoofing problem with that approach, as you 
> essentially take it as given that the person who sent you the packet 
> isn't lying about their MAC address.  By always checking it (by 
> sending a broadcast ARP request) you give yourself at least a little 
> protection from such things.

Very little indeed, unfortunately, unless it was by accident, not 
intentionally.

> Whether the efficiency of avoiding the ARP outweighs
> the paranoia of always checking is perhaps up to the local network 
> manager, and we should perhaps consider it as a compile time option.

I'll submit a patch for this then.

Jifl
-- 
--["No sense being pessimistic, it wouldn't work anyway"]-- Opinions==mine


_______________________________________________
lwip-users mailing list
address@hidden http://lists.nongnu.org/mailman/listinfo/lwip-users

Frédéric BERNON.vcf
Description: Frédéric BERNON.vcf

[Prev in Thread]

Current Thread

[Next in Thread]

RE : [lwip-users] 1.2.0 etharp_ip_input change, Frédéric BERNON <=
- Re: RE : [lwip-users] 1.2.0 etharp_ip_input change, Jonathan Larmour, 2007/01/03

Prev by Date: Re: [lwip-users] 1.2.0 etharp_ip_input change
Next by Date: Re: RE : [lwip-users] 1.2.0 etharp_ip_input change
Previous by thread: [lwip-users] zeroconf - any success stories?
Next by thread: Re: RE : [lwip-users] 1.2.0 etharp_ip_input change
Index(es):
- Date
- Thread