Janne Johansson <icepic.dz@gmail.com> wrote:

> Den tors 16 okt. 2025 kl 05:34 skrev David Gwynne <david@gwynne.id.au>:
> >
> > this adds a "locked" flags to ports in veb(4), which is modelled on the
> > "locked" keyword and the associated behaviour in vm.conf. it requires
> > the source mac address in frames received by a port have an address
> > entry on the veb(4) that points to that same port.
> >
> > there's similar functionality in vmware vswitches (and probably other
> > hypervisors too) when you configure MAC address changes and forged
> > transmits to be rejected.
> 
> This might warrant a note somewhere that it "breaks" carp, since those
> packets/interfaces will have a different mac. Or that you need to add
> the carp mac(s) to this list, whichever is more convenient.

I think people using carp can figure that out themselves, because it is
first principles.