[libvirt] Set allmulticast automatically on macvtap interfaces

[Marc Haber]

Hi,

the easiest way to connect a domain to a network is a macvtap interface
with the following XML code:

    <interface type='direct'>
      <mac address='52:54:00:fb:de:4d'/>
      <source dev='int181' mode='bridge'/>
      <target dev='macvtap1'/>
      <model type='virtio'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>

This makes everything work but incoming IPv6, which relies on multicast,
which is filtered by the macvtap interface by default.

I need to do "ip link set dev macvtap1 allmulticast on" on the host
after starting the domain to make incoming IPv6 work.

>From reading the docs, I guess that setting the interface's
trustGuestRxFilters attribute to yes would help here. However,
https://libvirt.org/formatdomain.html#elementsNICS says

   If the model type is set to virtio and interface's trustGuestRxFilters
   attribute is set to yes, changes made to the interface mac address,
   unicast/multicast receive filters, and vlan settings in the guest will
   be monitored and propagated to the associated macvtap device on the
   host

Does that mean that the guest will be able to change its VLAN to any
other VLAN that is present on the host? Or am I misunderstanding things
here?

Assuming that trustGuestRxFilters is the right thing to do and that it
does not open myself to blatant security issues, how would I set that
from virt-manager?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421