Skip to content

Fix receiving multicast traffic #57

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 17, 2020
Merged

Fix receiving multicast traffic #57

merged 1 commit into from
Jun 17, 2020

Conversation

markgoddard
Copy link

By default libvirt does not allow traffic destined for other MAC
addresses to reach VMs when using a macvtap interface. This prevents
multicast from working.

This change fixes the issue by setting trustGuestRxFilters to yes for
macvtap interfaces.

@markgoddard markgoddard requested review from priteau and jovial June 12, 2020 16:15
@markgoddard markgoddard self-assigned this Jun 12, 2020
@jovial
Copy link
Contributor

jovial commented Jun 12, 2020

This has security implications as it allows mac spoofing. Should it be behind a feature flag?

@markgoddard
Allow trusting guest receive filters
e7b005c 
By default libvirt does not allow traffic destined for other MAC
addresses to reach VMs when using a macvtap interface. This prevents
multicast from working.

This change allows guest receive filters to be trusted by setting
libvirt_vm_trust_guest_rx_filters, or the trust_guest_rx_filters
attribute of a specific interface to yes.

This maps to the trustGuestRxFilters Libvirt interface option.
@markgoddard
Copy link
Author

This has security implications as it allows mac spoofing. Should it be behind a feature flag?

Done

jovial
jovial approved these changes Jun 17, 2020
View reviewed changes
Copy link
Contributor

@jovial jovial left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good

@markgoddard markgoddard merged commit 3cc1b51 into master Jun 17, 2020
@markgoddard markgoddard deleted the fix-multicast branch June 17, 2020 13:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jovial jovial jovial approved these changes

@priteau priteau Awaiting requested review from priteau

Assignees

@markgoddard markgoddard

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markgoddard @jovial