> > Multicast MAC addresses use a special 24-bit prefix of 0x0100.5Enn.nnnn. > > which has the lowest bit of the first byte set to '1'. > > afaict: CARP traffic itself goes to the group hence 1, whereas traffic to > the shared address is just for an individual member, hence the 0. But I am > no multicast guru.
...ah, but of course the virtual address is what you're concerned about (assuming you are preventing 01:00:5e CARP protocol packets from reaching the peering lan some other way e.g. by a switch that doesn't forward multicast out of the public port). So, it looks like your original question stands then. Looking at carp_set_enaddr in /usr/src/sys/netinet/ip_carp.c the MAC address generation is hardcoded (the last octet being the vhid). Maybe it's simply the case that because lladdr is new, and no developer found a need to do this for CARP yet, that it hasn't been coded. Or maybe there's another reason why this shouldn't be done (greater care than usual would have to be taken to configure all CARP members identically, of course).
