Hello all,
On Sun, Feb 15, 2009 at 11:24 AM, address@hidden <address@hidden> wrote:
basically a implementation choice, like windows xp doesn't update ARP
table if the request is not for it. In this way, we can avoid the
I think most of my ARP implementation is still in lwIP nowadays, from my memory:
Update can have a few meanings:
- insert a new entry in the ARP table
- update an existing entry in the ARP table (reset its timeout)
- update an existing entry in the ARP table only if the response or
broadcast matches (reset its timeout)
lwIP should insert new entries when it has sent out an ARP request.
There is no way to detect spoof AFAIK, because the spoofer can
response earlier than the targetted host.
lwIP should update it's ARP cache to prevent entries getting removed
and to prevent too much traffic.
Regards,