Den tors 16 okt. 2025 kl 05:34 skrev David Gwynne <david@gwynne.id.au>:
>
> this adds a "locked" flags to ports in veb(4), which is modelled on the
> "locked" keyword and the associated behaviour in vm.conf. it requires
> the source mac address in frames received by a port have an address
> entry on the veb(4) that points to that same port.
>
> there's similar functionality in vmware vswitches (and probably other
> hypervisors too) when you configure MAC address changes and forged
> transmits to be rejected.

This might warrant a note somewhere that it "breaks" carp, since those
packets/interfaces will have a different mac. Or that you need to add
the carp mac(s) to this list, whichever is more convenient.

-- 
May the most significant bit of your life be positive.