@evacide That is just kind of embarrassing.

I mean I can absolutely see how it could happen -- the decision of what MAC to stuff in the source address could easily come from a slightly different path than the information stuffed in the discovery packet, etc.

But you'd also think for a Serious Security/Privacy Feature, one might do a bit more extensive testing, and just observing beacon/discovery/arp/etc traffic to see if all is well would be a pretty reasonable thing.