search

stackhpc / ansible-role-libvirt-vm

This role configures and creates VMs on a KVM hypervisor.
128 stars 67 forks source link

Fix receiving multicast traffic #57

Closed markgoddard closed 4 years ago

markgoddard commented 4 years ago

By default libvirt does not allow traffic destined for other MAC addresses to reach VMs when using a macvtap interface. This prevents multicast from working.

This change fixes the issue by setting trustGuestRxFilters to yes for macvtap interfaces.

jovial commented 4 years ago

This has security implications as it allows mac spoofing. Should it be behind a feature flag?

markgoddard commented 4 years ago

This has security implications as it allows mac spoofing. Should it be behind a feature flag?

Done