Bug 107 - ARP Cache is not updated by the reception of ARP Requests packets
ARP Cache is not updated by the reception of ARP Requests packets
Status: RESOLVED WONTFIX
Product: ns-3
Classification: Unclassified
Component: internet
pre-release
All All
: P3 normal
Assigned To: ns-bugs
: bug
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-16 13:22 UTC by Pedro Fortuna
Modified: 2016-11-05 12:11 UTC (History)
2 users (show)

See Also:


Attachments
possible patch (2.06 KB, text/x-patch)
2007-11-20 00:44 UTC, Tom Henderson
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Pedro Fortuna 2007-11-16 13:22:01 UTC
Two InternetNodes (node1,node2) are connected to a CSMA channel. node1 wishes to send an UDP-echo-request packet to node2. Since they are configured in the same IP network, node1 first sends an ARP Request to discover node2's MAC. Based on RFC826, when Node2 receives this ARP Request it should add an node1 MAC/IP entry to its ARP cache. Apparently, it does not because later in the simulation when node2 needs to send an and UDP-echo-reply packet to node1, it also sends an ARP Request.
Comment 1 Tom Henderson 2007-11-20 00:44:06 UTC
Created attachment 91 [details]
possible patch

Does this (untested) patch address the problem adequately?
Comment 2 Mathieu Lacage 2007-11-21 07:56:44 UTC
(In reply to comment #1)
> Created an attachment (id=91) [edit]
> possible patch
> 
> Does this (untested) patch address the problem adequately?
> 

I think that I did not implement this before because it is a classic ARP poisoning attack (sending fake arp requests).
Comment 3 Gustavo J. A. M. Carneiro 2007-11-21 08:30:12 UTC
(In reply to comment #2)
> (In reply to comment #1)
> > Created an attachment (id=91) [edit]
> > possible patch
> > 
> > Does this (untested) patch address the problem adequately?
> > 
> 
> I think that I did not implement this before because it is a classic ARP
> poisoning attack (sending fake arp requests).
> 

RFC 826 algorithm does not say to omit that step due to ARP poisoning.  IMHO we should stick to RFCs by default, or change the behaviour to match real world implementations when most used implementation do something different.  Do you know for a fact how e.g. Windows (most deployed OS) handles this scenario?
Comment 4 Mathieu Lacage 2007-11-21 09:02:16 UTC
> > I think that I did not implement this before because it is a classic ARP
> > poisoning attack (sending fake arp requests).
> > 
> 
> RFC 826 algorithm does not say to omit that step due to ARP poisoning.  IMHO we
> should stick to RFCs by default, or change the behaviour to match real world

yes, but RFC 826 was written in a time when arp poisoning attacks were not a concern so, that argument is not relevant.

> implementations when most used implementation do something different.  Do you
> know for a fact how e.g. Windows (most deployed OS) handles this scenario?

I thought that windows did not update its cache in this case but I don't have a machine handy to verify that it is really the case. 

Anyhow, I did not want to say that I was against this patch. I just meant to explain why I think it was not done that way yet.
Comment 5 Joe Kopena 2007-11-30 18:12:48 UTC
Hi all,

We had a discussion about this at the NS3 meeting today.  For those not there, I went through the Linux 2.6.23 source and it does *not* update the local ARP table upon receiving a request from an unknown node.  Logic in this regard is roughly:

If received msg is a reply to a request I have not made, toss it
If received msg is a request to me or a node for which I am a proxy
  Reply
  If requester is already in local ARP table, update timestamp

So, the second node would indeed generate an ARP request despite having just gotten one from that node.  After that first request it would keep updating the cache such that it did not request again as long as the dialog kept up.

Thx
Comment 6 Joe Kopena 2007-11-30 18:23:34 UTC
Small note that I think part of the reasoning for this is the ARP poisoning that Mathieu mentioned.  A perhaps more pressing issue from the receiving node's viewpoint is that otherwise it'd be easy to fill its ARP table and severely cripple its ability to talk to anyone, not just spoofed nodes.
Comment 7 Mathieu Lacage 2008-04-15 11:46:00 UTC
shall I close this bug as WONTFIX then ?
Comment 8 Rajib Bhattacharjea 2008-04-16 08:42:03 UTC
(In reply to comment #7)
> shall I close this bug as WONTFIX then ?
> 

+1
Comment 9 Joe Kopena 2008-04-16 12:21:47 UTC
+1 on the WONTFIX.
Comment 10 Gustavo J. A. M. Carneiro 2008-04-16 12:31:40 UTC
Pedro is very quiet about this but I think he won't be upset if this is closed. :-)

What matters here is that NS-3 simulates reality closely.  If real life systems do this way, let NS-3 do it the same way...

(although if NS-2 did differently we might have a consistency problem...)
Comment 11 Mathieu Lacage 2008-04-16 12:47:33 UTC
added a comment to the code to point to this bug report.
changeset d2d179640630