don't check local carp addresses as part of the antispoof checks.

bridge(4) drops packets coming from somewhere else that have a
source MAC address that's owned by one of the interfaces that's a
member of the bridge. because this check was done with bridge_ourether,
it included the addresses of active carp interfaces hanging off
these member interfaces. this meant if the local machine is the
carp master while another machine is trying to preempt it by sending
hellos, the packets from the other machine were dropped because the
local one is already the master.

carp roles are supposed to move around a l2 network, so another
host sending a packet with a carp mac address is actually normal
and necessary.

found by and fix tested by stsp@
ok stsp@ claudio@

0 files changed, 0 insertions, 0 deletions