On Tue, 2007-01-02 at 17:50 +0000, Jonathan Larmour wrote:
I was wondering about the following change in 1.2.0. Isn't updating the ARP
table from incoming IP packets a good thing and normal practice? Otherwise
for something which isn't already in the ARP cache (especially a new TCP
connection, or UDP from a novel host) won't the lwip stack need to send an
ARP request for any response?
There is a moderate spoofing problem with that approach, as you
essentially take it as given that the person who sent you the packet
isn't lying about their MAC address. By always checking it (by sending
a broadcast ARP request) you give yourself at least a little protection
from such things.