On Thu, Jun 26, 2014 at 01:38:16PM +0000, Sven Kieske wrote:
In short: I believe this hook is out of date,
Correct. It happens to have been broken quite long time ago (ovirt-3.1) with the introduction of no-mac-spoof filtering. I remember reviewing a gerrit post that aimed to change things there, but I fail to find it now (could the author has retracted a draft?) Basically, the hook should replace (and not add) a filterref. Anybody cares to send a quick fix or file a BZ?
you can define logical networks in ovirt and assign them v-lans, so you can go with one logical network per vm and assign a unique vlan to that, ovirt takes care of the complete deploy process, you need no hook.
the only thing you need of course is some network hardware which is capable of vlan tagging.
Alternatively, we can consume libvirt's "clean-traffic" filter. Given the onslaght of requests regarding this, I've file http://www.ovirt.org/Features/Avoid_IP_Spoofing; a user filing an RFE could help, too. Integrating this with Engine may take a while, so I'd be pleased if you try out this suggestion for a noipspoof hook http://gerrit.ovirt.org/29093 Regards, Dan.