IPv6 with macvtap and libvirt

From the "I wish I'd have known that earlier" files:

I'm posting this here in the hopes of saving some folk the trouble of running this down.

If you are trying to use macvtap onto an existing adapter for a libvirt guest and you're having odd problems with dropped IPv6 traffic, you'll need to add trustGuestRxFilters='yes' to the <interface> stanza in your XML.

An example:

    <interface type='direct' trustGuestRxFilters='yes'>
      <mac address='52:54:00:0d:42:ce'/>
      <source dev='eth0' mode='bridge'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x01' function='0x0'/>
    </interface> 

The problem is caused by the macvtap not updating its multicast tables correctly. This is considered correct by design for security reasons. I hope with increased deployment of IPv6 this decision will be revisited.

Some of the reading that led me here:

• linux - How to configure macvtap to let it pass multicast packet correctly?
• Bug 1035253 - IPv4/IPv6 multicasts are not forwarded via macvtap/macvlan bridge to VM (between VMs)
• [SOLVED]Re: ip link macvtap interface not processing specific ipv6 multicast traffic without promiscuous mode on