From: Janne Johansson Subject: Re: veb(4): "lock" mac addresses on ports To: David Gwynne Cc: tech@openbsd.org Date: Thu, 16 Oct 2025 07:58:03 +0200 Den tors 16 okt. 2025 kl 05:34 skrev David Gwynne : > > this adds a "locked" flags to ports in veb(4), which is modelled on the > "locked" keyword and the associated behaviour in vm.conf. it requires > the source mac address in frames received by a port have an address > entry on the veb(4) that points to that same port. > > there's similar functionality in vmware vswitches (and probably other > hypervisors too) when you configure MAC address changes and forged > transmits to be rejected. This might warrant a note somewhere that it "breaks" carp, since those packets/interfaces will have a different mac. Or that you need to add the carp mac(s) to this list, whichever is more convenient. -- May the most significant bit of your life be positive.