Prep for release 0.9.6.4

This patch resolves CVE-2013-0170:
https://bugzilla.redhat.com/show_bug.cgi?id=893450

When reading and dispatching of a message failed the message was freed
but wasn't removed from the message queue.

After that when the connection was about to be closed the pointer for
the message was still present in the queue and it was passed to
virNetMessageFree which tried to call the callback function from an
uninitialized pointer.

This patch removes the message from the queue before it's freed.

* rpc/virnetserverclient.c: virNetServerClientDispatchRead:
    - avoid use after free of RPC messages
(cherry picked from commit 46532e3e8e)

Conflicts:
	src/rpc/virnetserverclient.c

.gitignore

@@ -1,28 +1,19 @@
 *#*#
 *.#*#
 *.a
-*.cov
 *.exe
 *.gcda
 *.gcno
 *.gcov
-*.html
-*.i
 *.la
 *.lo
-*.loT
 *.o
 *.orig
-*.pyc
 *.rej
-*.s
 *~
-.deps
 .git
 .git-module-status
-.libs
 .lvimrc
-.memdump
 .sc-start-sc_*
 /ABOUT-NLS
 /COPYING
@@ -46,32 +37,12 @@
 /configure
 /configure.lineno
 /daemon/*_dispatch.h
-/daemon/libvirt_qemud
-/daemon/libvirtd
-/daemon/libvirtd*.logrotate
-/daemon/libvirtd.8
-/daemon/libvirtd.8.in
-/daemon/libvirtd.init
-/daemon/libvirtd.pod
-/daemon/libvirtd.service
-/daemon/test_libvirtd.aug
 /docs/apibuild.py.stamp
-/docs/devhelp/libvirt.devhelp
 /docs/hvsupport.html.in
-/docs/libvirt-api.xml
 /docs/libvirt-qemu-*.xml
-/docs/libvirt-refs.xml
-/docs/search.php
-/docs/todo.html.in
-/examples/domain-events/events-c/event-test
-/examples/dominfo/info1
-/examples/domsuspend/suspend
-/examples/hellolibvirt/hellolibvirt
-/examples/openauth/openauth
 /gnulib/lib/*
 /gnulib/m4/*
 /gnulib/tests/*
-/include/libvirt/libvirt.h
 /libtool
 /libvirt-*.tar.gz
 /libvirt-[0-9]*
@@ -81,99 +52,30 @@
 /ltmain.sh
 /m4/*
 /maint.mk
-/mingw-libvirt.spec
+/mingw32-libvirt.spec
 /mkinstalldirs
 /po/*
 /proxy/
-/python/generated.stamp
 /python/generator.py.stamp
-/python/libvirt-export.c
 /python/libvirt-qemu-export.c
 /python/libvirt-qemu.[ch]
-/python/libvirt.[ch]
-/python/libvirt.py
 /python/libvirt_qemu.py
 /sc_*
-/src/.*.stamp
-/src/esx/*.generated.*
 /src/hyperv/*.generated.*
-/src/libvirt*.def
-/src/libvirt.syms
-/src/libvirt_*.stp
-/src/libvirt_*helper
-/src/libvirt_*probes.h
-/src/libvirt_lxc
+/src/libvirt_iohelper
 /src/locking/qemu-sanlock.conf
-/src/locking/test_libvirt_sanlock.aug
-/src/lxc/lxc_controller_dispatch.h
-/src/lxc/lxc_monitor_dispatch.h
-/src/lxc/lxc_protocol.c
-/src/lxc/lxc_protocol.h
-/src/lxc/test_libvirtd_lxc.aug
-/src/qemu/test_libvirtd_qemu.aug
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
-/src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
-/src/test_libvirt*.aug
 /src/util/virkeymaps.h
-/src/virt-aa-helper
 /tests/*.log
-/tests/*.pid
-/tests/*xml2*test
-/tests/commandhelper
-/tests/commandtest
-/tests/conftest
 /tests/cputest
-/tests/domainsnapshotxml2xmltest
-/tests/esxutilstest
-/tests/eventtest
 /tests/hashtest
 /tests/jsontest
-/tests/libvirtdconftest
 /tests/networkxml2argvtest
-/tests/nodeinfotest
 /tests/nwfilterxml2xmltest
-/tests/object-locking
-/tests/object-locking-files.txt
-/tests/object-locking.cm[ix]
 /tests/openvzutilstest
-/tests/qemuargv2xmltest
-/tests/qemuhelptest
-/tests/qemumonitortest
-/tests/qemuxmlnstest
-/tests/qparamtest
-/tests/reconnect
-/tests/secaatest
-/tests/seclabeltest
-/tests/securityselinuxtest
-/tests/sexpr2xmltest
 /tests/shunloadtest
-/tests/sockettest
-/tests/ssh
-/tests/statstest
-/tests/storagebackendsheepdogtest
-/tests/utiltest
-/tests/viratomictest
-/tests/virauthconfigtest
-/tests/virbuftest
-/tests/virdrivermoduletest
-/tests/virhashtest
-/tests/virkeyfiletest
-/tests/virnet*test
-/tests/virshtest
-/tests/virtimetest
-/tests/viruritest
-/tests/vmx2xmltest
-/tests/xencapstest
-/tests/xmconfigtest
-/tools/*.[18]
-/tools/libvirt-guests.init
-/tools/libvirt-guests.service
-/tools/virsh
-/tools/virsh-*-edit.c
-/tools/virt-*-validate
-/tools/virt-sanlock-cleanup
 /update.log
 Makefile
 Makefile.in

.mailmap

@@ -26,18 +26,7 @@
 <fsimonce@redhat.com> <federico.simoncelli@gmail.com>
 <marcandre.lureau@redhat.com> <marcandre.lureau@gmail.com>
 <supriyak@linux.vnet.ibm.com> <supriyak@in.ibm.com>
-<neil@aldur.co.uk> <neil@brightbox.co.uk>
-<stefanb@us.ibm.com> <stefanb@linux.vnet.ibm.com>
-<stefanb@us.ibm.com> <stefannb@linux.vnet.ibm.com>
-<josh.durgin@inktank.com> <joshd@hq.newdream.net>
-<josh.durgin@inktank.com> <josh.durgin@dreamhost.com>
-<gerd@egidy.de> <lists@egidy.de>
-<gerd@egidy.de> <gerd.von.egidy@intra2net.com>
 
 # Name consolidation:
 # Preferred author spelling <preferred email>
 Alex Jia <ajia@redhat.com>
-Royce Lv <lvroyce@linux.vnet.ibm.com>
-Daniel J Walsh <dwalsh@redhat.com>
-Ján Tomko <jtomko@redhat.com>
-Gerd von Egidy <gerd@egidy.de>

AUTHORS

@@ -28,10 +28,6 @@ The primary maintainers and people with commit access rights:
   Osier Yang           <jyang@redhat.com>
   Wen Congyang         <wency@cn.fujitsu.com>
   Michal Prívozník     <mprivozn@redhat.com>
-  Peter Krempa         <pkrempa@redhat.com>
-  Christophe Fergeau   <cfergeau@redhat.com>
-  Alex Jia             <ajia@redhat.com>
-  Martin Kletzander    <mkletzan@redhat.com>
 
 Previous maintainers:
   Karel Zak            <kzak@redhat.com>
@@ -71,15 +67,17 @@ Patches have also been contributed by:
   Chris Wright         <chrisw@redhat.com>
   Ben Guthro           <ben.guthro@gmail.com>
   Shigeki Sakamoto     <fj0588di@aa.jp.fujitsu.com>
-  Gerd von Egidy       <gerd@egidy.de>
+  Gerd von Egidy       <lists@egidy.de>
   Itamar Heim          <iheim@redhat.com>
   Markus Armbruster    <armbru@redhat.com>
   Ryota Ozaki          <ozaki.ryota@gmail.com>
+  James Morris         <jmorris@namei.org>
   Daniel J Walsh       <dwalsh@redhat.com>
   Maximilian Wilhelm   <max@rfc2324.org>
   Pritesh Kothari      <Pritesh.Kothari@Sun.COM>
   Amit Shah            <amit.shah@redhat.com>
   Florian Vichot       <florian.vichot@diateam.net>
+  Takahashi Tomohiro   <takatom@jp.fujitsu.com>
   Serge E. Hallyn      <serue@us.ibm.com>
   Soren Hansen         <soren@linux2go.dk>
   Abel Míguez Rodríguez<amiguezr@pdi.ucm.es>
@@ -144,7 +142,7 @@ Patches have also been contributed by:
   Hu Tao               <hutao@cn.fujitsu.com>
   Laurent Léonard      <laurent@open-minds.org>
   MORITA Kazutaka      <morita.kazutaka@lab.ntt.co.jp>
-  Josh Durgin          <josh.durgin@inktank.com>
+  Josh Durgin          <joshd@hq.newdream.net>
   Roopa Prabhu         <roprabhu@cisco.com>
   Paweł Krześniak      <pawel.krzesniak@gmail.com>
   Kay Schubert         <kayegypt@web.de>
@@ -158,6 +156,7 @@ Patches have also been contributed by:
   Zdenek Styblik       <stybla@turnovfree.net>
   Gui Jianfeng         <guijianfeng@cn.fujitsu.com>
   Michal Novotny       <minovotn@redhat.com>
+  Christophe Fergeau   <cfergeau@redhat.com>
   Markus Groß          <gross@univention.de>
   Phil Petty           <phpetty@cisco.com>
   Taku Izumi           <izumi.taku@jp.fujitsu.com>
@@ -184,7 +183,9 @@ Patches have also been contributed by:
   Guannan Ren          <gren@redhat.com>
   John Williams        <john.williams@petalogix.com>
   Michael Santos       <michael.santos@gmail.com>
+  Alex Jia             <ajia@redhat.com>
   Oskari Saarenmaa     <os@ohmu.fi>
+  Peter Krempa         <pkrempa@redhat.com>
   Nan Zhang            <nzhang@redhat.com>
   Wieland Hoffmann     <themineo@googlemail.com>
   Douglas Schilling Landgraf <dougsland@redhat.com>
@@ -194,73 +195,9 @@ Patches have also been contributed by:
   Xu He Jie            <xuhj@linux.vnet.ibm.com>
   Lei Li               <lilei@linux.vnet.ibm.com>
   Matthias Witte       <witte@netzquadrat.de>
-  Tang Chen            <tangchen@cn.fujitsu.com>
-  Dan Horák            <dan@danny.cz>
-  Sage Weil            <sage@newdream.net>
-  David L Stevens      <dlstevens@us.ibm.com>
-  Tyler Coumbes        <coumbes@gmail.com>
-  Royce Lv             <lvroyce@linux.vnet.ibm.com>
-  Patrice LACHANCE     <patlachance@gmail.com>
-  Eli Qiao             <taget@linux.vnet.ibm.com>
-  Michael Wood         <esiotrot@gmail.com>
-  Bharata B Rao        <bharata@linux.vnet.ibm.com>
-  Srivatsa S. Bhat     <srivatsa.bhat@linux.vnet.ibm.com>
-  Chang Liu            <lingjiao.lc@taobao.com>
-  Lorin Hochstein      <lorin@isi.edu>
-  Christian Franke     <nobody@nowhere.ws>
-  Prerna Saxena        <prerna@linux.vnet.ibm.com>
-  Michael Ellerman     <michael@ellerman.id.au>
-  Rommer               <rommer@active.by>
-  Yuri Chornoivan      <yurchor@ukr.net>
-  Deepak C Shetty      <deepakcs@linux.vnet.ibm.com>
-  Laszlo Ersek         <lersek@redhat.com>
-  Zeeshan Ali (Khattak) <zeeshanak@gnome.org>
-  Marcelo Cerri        <mhcerri@linux.vnet.ibm.com>
-  Hendrik Schwartke    <hendrik@os-t.de>
-  Ansis Atteka         <aatteka@nicira.com>
-  Dan Wendlandt        <dan@nicira.com>
-  Kyle Mestery         <kmestery@cisco.com>
-  Lincoln Myers        <lincoln_myers@yahoo.com>
-  Peter Robinson       <pbrobinson@gmail.com>
-  Benjamin Cama        <benoar@dolka.fr>
-  Duncan Rance         <libvirt@dunquino.com>
-  Peng Zhou            <ailvpeng25@gmail.com>
-  Li Zhang             <zhlcindy@linux.vnet.ibm.com>
-  Stef Walter          <stefw@gnome.org>
-  Christian Benvenuti  <benve@cisco.com>
-  Ilja Livenson        <ilja.livenson@gmail.com>
-  Stefan Bader         <stefan.bader@canonical.com>
-  MATSUDA Daiki        <matsudadik@intellilink.co.jp>
-  Jan Kiszka           <jan.kiszka@siemens.com>
-  Ryan Woodsmall       <rwoodsmall@gmail.com>
-  Wido den Hollander   <wido@widodh.nl>
-  Eugen Feller         <eugen.feller@inria.fr>
-  Dmitry Guryanov      <dguryanov@parallels.com>
-  William Jon McCann   <william.jon.mccann@gmail.com>
-  David Weber          <wb@munzinger.de>
-  Marti Raudsepp       <marti@juffo.org>
   Radu Caragea         <dmns_serp@yahoo.com>
-  Beat Jörg            <Beat.Joerg@ssatr.ch>
-  Gao feng             <gaofeng@cn.fujitsu.com>
-  Dipankar Sarma       <dipankar@in.ibm.com>
-  Gerd Hoffmann        <kraxel@redhat.com>
-  Viktor Mihajlovski   <mihajlov@linux.vnet.ibm.com>
-  Thang Pham           <thang.pham@us.ibm.com>
-  Eiichi Tsukata       <eiichi.tsukata.xh@hitachi.com>
-  Sascha Peilicke      <saschpe@suse.de>
-  Chuck Short          <chuck.short@canonical.com>
-  Sebastian Wiedenroth <wiedi@frubar.net>
-  Ata E Husain Bohra   <ata.husain@hotmail.com>
-  Ján Tomko            <jtomko@redhat.com>
-  Richa Marwaha        <rmarwah@linux.vnet.ibm.com>
-  Peter Feiner         <peter@gridcentric.ca>
-  Frido Roose          <frido.roose@gmail.com>
-  Asad Saeed           <asad.saeed@acidseed.com>
-  Sukadev Bhattiprolu  <sukadev@linux.vnet.ibm.com>
-  Thomas Woerner       <twoerner@redhat.com>
-  J.B. Joret           <jb@linux.vnet.ibm.com>
-  Stefan Hajnoczi      <stefanha@linux.vnet.ibm.com>
-  Gene Czarcinski      <gene@czarc.net>
+  Stefan Bader         <stefan.bader@canonical.com>
+  Martin Kletzander    <mkletzan@redhat.com>
 
   [....send patches to get your name here....]
 

ChangeLog-old

@@ -882,7 +882,7 @@ Wed May 13 18:06:17 CEST 2009 Daniel Veillard <veillard@redhat.com>
 Wed May 13 12:34:06 BST 2009 Daniel P. Berrange <berrange@redhat.com>
 
 	* src/lxc_container.c: Replace sys/capability.h with
-	linux/capability.h, to avoid unnecessary dependency
+	linux/capability.h, to avoid unneccessary dependancy
 	on the libcap package.
 
 Tue May 12 16:39:06 EDT 2009 Cole Robinson <crobinso@redhat.com>
@@ -3351,7 +3351,7 @@ Tue Jan 20 20:22:53 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
 Tue Jan 20 19:49:53 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
 
 	* .x-sc_prohibit_nonreentrant: Blacklist some places where
-	use of non-threadsafe APIs are not necessary to check
+	use of non-threadsafe APIs are not neccessary to check
 	* Makefile.am, Makefile.maint, Makefile.nonreentrant: Add
 	check for non-reentrant safe API calls
 	* Makefile.cfg: Temporarily disable non-reentrant check
@@ -3591,7 +3591,7 @@ Thu Jan 15 19:54:19 GMT 2009  Daniel P. Berrange <berrange@redhat.com>
 	* src/Makefile.am, src/threads.c, src/threads.h: Generic internal API for threads
 	* src/threads-pthread.c, src/threads-pthread.h: UNIX pthreads impl
 	* src/threads-win32.c, src/threads-win32.h: Win32 threads impl
-	* src/internal.h: Remove unnecessary pthreads macros
+	* src/internal.h: Remove unnneccessary pthreads macros
 	* src/libvirt_private.syms: Add symbols for internal threads API
 	* po/POTFILES.in: Add node_device_conf.c
 	* proxy/Makefile.am: Add threads.c to build
@@ -4262,7 +4262,7 @@ Thu Dec 18 11:50:58 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
 	Misc daemon bug fixes (John Levon)
 	* qemud/qemud.c: Fix conditional for node devices
-	* qemud/remote.c: Remove unnecessary path.h include
+	* qemud/remote.c: Remove unneccessary path.h include
 
 Thu Dec 18 07:47:58 +0100 2008 Jim Meyering <meyering@redhat.com>
 
@@ -5032,7 +5032,7 @@ Tue Nov 25 11:17:40 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
 Tue Nov 25 10:49:40 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* src/Makefile.am: Remove unnecessary $(builddir) usage which
+	* src/Makefile.am: Remove unneccessary $(builddir) usage which
 	breaks on older automake. Remove duplicate CFLAGS from merge
 	error
 	* src/xen_unified.c: Wire up XM driver for autostart
@@ -5093,7 +5093,7 @@ Mon Nov 24 19:22:40 GMT 2008 Daniel P. Berrange <berrange@redhat.com>
 	* tests/Makefile.am, tests/sexpr2xmltest.c,
 	tests/testutilsxen.c, tests/xencapstest.c,
 	tests/xmconfigtest.c, tests/xml2sexprtest.c: Disable all
-	Xen tests when Xen driver build is disabled. Remove unnecessary
+	Xen tests when Xen driver build is disabled. Remove unneccessary
 	WITH_XEN conditionals from source, since the entire build
 	is disabled in Makefile.am
 
@@ -6822,7 +6822,7 @@ Wed Aug 20 21:05:09 BST 2008 Daniel P. Berrange <berrange@redhat.com>
 	src/xen_unified.h, src/xend_internal.c, src/xend_internal.h,
 	src/xm_internal.c, src/xs_internal.c, src/xs_internal.h
 	tests/testutils.h: Remove preprocessor conditions for driver
-	compilation. Remove unnecessary "extern C" declarations.
+	compilation. Remove unneccessary "extern C" declarations.
 
 Wed Aug 20 20:42:09 BST 2008 Daniel P. Berrange <berrange@redhat.com>
 
@@ -7008,7 +7008,7 @@ Fri Aug  8 16:41:24 BST 2008 Daniel Berrange <berrange@redhat.com>
 	src/storage_backend_fs.c, src/storage_backend_iscsi.c,
 	src/storage_backend_logical.c, src/util.c, src/util.h,
 	src/veth.c, tests/qemuxml2argvtest.c: Fix const-correctness
-	of virRun and virExec, and remove unnecessary casts in callers
+	of virRun and virExec, and remove unneccessary casts in callers
 
 Fri Aug  8 16:53:24 CEST 2008 Daniel Veillard <veillard@redhat.com>
 
@@ -7530,7 +7530,7 @@ Wed Jul 16 16:44:27 CEST 2008 Daniel Veillard <veillard@redhat.com>
 
 Sat Jul 12 14:52:59 BST 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* src/qemu_conf.c: Remove unnecessary c-ctype.h include
+	* src/qemu_conf.c: Remove unneccessary c-ctype.h include
 
 Fri Jul 11 20:32:59 BST 2008 Daniel P. Berrange <berrange@redhat.com>
 
@@ -8612,7 +8612,7 @@ Thu May  1 14:10:28 EST 2008 Daniel P. Berrange <berrange@redhat.com>
 
 Tue Apr 29 12:32:28 EST 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* configure.in: Remove compatibility macros AC_CHECK_*_ONCE for
+	* configure.in: Remove compatability macros AC_CHECK_*_ONCE for
 	now part of onceonly.m4 in gnulib/m4/
 
 Wed Apr 29 18:10:00 CEST 2008 Jim Meyering <meyering@redhat.com>
@@ -8628,7 +8628,7 @@ Wed Apr 29 18:10:00 CEST 2008 Jim Meyering <meyering@redhat.com>
 
 Tue Apr 29 11:54:28 EST 2008 Daniel P. Berrange <berrange@redhat.com>
 
-	* configure.in: Add compatibility macros AC_CHECK_*_ONCE for
+	* configure.in: Add compatability macros AC_CHECK_*_ONCE for
 	older autoconf (RHEL-5 vintage)
 
 Tue Apr 29 08:13:28 EST 2008 Daniel P. Berrange <berrange@redhat.com>
@@ -10247,7 +10247,7 @@ Fri Jan 25 12:00:00 BST 2008 Richard W.M. Jones <rjones@redhat.com>
 
 Fri Jan 25 10:46:32 CET 2008 Daniel Veillard <veillard@redhat.com>
 
-	* src/xen_internal.c: fix an erroneous use of VIR_DOMAIN_NONE instead
+	* src/xen_internal.c: fix an erronous use of VIR_DOMAIN_NONE instead
 	  of VIR_DOMAIN_NOSTATE (both defined as 0, no regression)
 
 Thu Jan 24 18:08:28 CET 2008 Daniel Veillard <veillard@redhat.com>
@@ -10283,8 +10283,8 @@ Tue Jan 22 16:27:47 EST 2008 Daniel P. Berrange <berrange@redhat.com>
 
 	* configure.ac: Remove use of PKG_CHECK_EXISTS macro. Avoid
 	lines going over 80 chars wide. Make sasl check automatic
-	enable/disable as necessary.
-	* acinclude.m4: Added compatibility macro for old pkg-config
+	enable/disable as neccessary.
+	* acinclude.m4: Added compatability macro for old pkg-config
 	* src/gnutls_1_0_compat.h: Add compat for gnutls_cipher_algorithm_t
 
 Mon Jan 21 18:03:47 CET 2008  Jim Meyering  <meyering@redhat.com>
@@ -11617,7 +11617,7 @@ Tue Oct 23 17:30:52 CEST 2007 Daniel Veillard <veillard@redhat.com>
 Mon Oct 22 22:33:59 CEST 2007 Daniel Veillard <veillard@redhat.com>
 
 	* src/xen_internal.c src/xen_unified.c src/xen_unified.h
-	  src/xend_internal.c src/xml.c src/xml.h: committed erroneously
+	  src/xend_internal.c src/xml.c src/xml.h: commited erronously
 	  the NUMA patches sent for review on the list in last commit.
 	  But that should not affect non NUMA users so early push should
 	  not be a problem.
@@ -12117,7 +12117,7 @@ Mon Aug 13 21:18:48 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 	* src/util.h, src/util.c: Allow a file descriptor to be supplied
 	for STDIN when calling virExec(), or if -1, redirect from /dev/null
 	* src/qemu_driver.c, src/openvz_driver.c: Pass in -1 for new stdin
-	parameter above where necessary. Patch from Jim Paris
+	parameter above where neccessary. Patch from Jim Paris
 
 Mon Aug 13 20:13:48 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
@@ -15485,7 +15485,7 @@ Fri Aug  4 20:19:23 EDT 2006 Daniel Berrange <berrange@redhat.com>
 	* src/libvirt.c: Fix off-by-one in validated VCPU number (it is
 	zero based, not one based).
 	* include/libvirt/libvirt.h: Add some convenience macros for
-	calculating necessary CPU map lengths & total host CPUs
+	calculating neccessary CPU map lengths & total host CPUs
 	* src/virsh.c: Add 'vcpuinfo' and 'vcpumap' commands
 
 Fri Aug  4 14:45:25 CEST 2006 Daniel Veillard <veillard@redhat.com>
@@ -15708,7 +15708,7 @@ Wed Jun 14 13:10:03 EDT 2006 Daniel Veillard <veillard@redhat.com>
 Tue Jun 13 14:06:01 EDT 2006 Daniel P. Berrange <berrange@redhat.com>
 
 	* src/virsh.c: use 'double' instead of 'float' when calculating
-	'CPU time' field for dominfo command, to ensure no unnecessary
+	'CPU time' field for dominfo command, to ensure no unneccessary
 	loss of precision converting from nanoseconds to seconds.
 
 Tue Jun 13 18:35:22 EDT 2006 Daniel Veillard <veillard@redhat.com>

HACKING

@@ -21,46 +21,9 @@ or:
 
   git diff > libvirt-myfeature.patch
 
-However, the usual workflow of libvirt developer is:
-
-  git checkout master
-  git pull
-  git checkout -t origin -b workbranch
-  Hack, committing any changes along the way
-
-Then, when you want to post your patches:
-
-  git pull --rebase
-  (fix any conflicts)
-  git send-email --cover-letter --no-chain-reply-to --annotate --to=libvir-list@redhat.com master
-
-For a single patch you can omit "--cover-letter", but series of a two or more
-patches needs a cover letter. If you get tired of typing
-"--to=libvir-list@redhat.com" designation you can set it in git config:
-
-  git config sendemail.to libvir-list@redhat.com
-
-Please follow this as close as you can, especially the rebase and git
-send-email part, as it makes life easier for other developers to review your
-patch set. One should avoid sending patches as attachments, but rather send
-them in email body along with commit message. If a developer is sending
-another version of the patch (e.g. to address review comments), he is advised
-to note differences to previous versions after the "---" line in the patch so
-that it helps reviewers but doesn't become part of git history. Moreover, such
-patch needs to be prefixed correctly with "--subject-prefix=PATCHv2" appended
-to "git send-email" (substitute "v2" with the correct version if needed
-though).
-
-
-
 (3) Split large changes into a series of smaller patches, self-contained if
 possible, with an explanation of each patch and an explanation of how the
-sequence of patches fits together. Moreover, please keep in mind that it's
-required to be able to compile cleanly after each patch. A feature does not
-have to work until the end of a series, as long as intermediate patches don't
-cause test-suite failures.
-
-
+sequence of patches fits together.
 
 (4) Make sure your patches apply against libvirt GIT. Developers only follow GIT
 and don't care much about released versions.
@@ -533,13 +496,6 @@ following semantically named macros
 
 
 
-- To avoid having to check if a or b are NULL:
-
-  STREQ_NULLABLE(a, b)
-  STRNEQ_NULLABLE(a, b)
-
-
-
 
 
 

Makefile.am

@@ -20,7 +20,7 @@ XML_EXAMPLES = \
 EXTRA_DIST = \
   ChangeLog-old \
   libvirt.spec libvirt.spec.in \
-  mingw-libvirt.spec.in \
+  mingw32-libvirt.spec.in \
   libvirt.pc.in \
   autobuild.sh \
   Makefile.nonreentrant \

autobuild.sh

@@ -15,12 +15,9 @@ rm -rf build
 mkdir build
 cd build
 
-# Run with options not normally exercised by the rpm build, for
-# more complete code coverage.
 ../autogen.sh --prefix="$AUTOBUILD_INSTALL_ROOT" \
   --enable-test-coverage \
-  --disable-nls \
-  --enable-werror
+  --enable-compile-warnings=error
 
 # If the MAKEFLAGS envvar does not yet include a -j option,
 # add -jN where N depends on the number of processors.
@@ -50,64 +47,56 @@ test -x /usr/bin/lcov && make cov
 rm -f *.tar.gz
 make dist
 
-if test -n "$AUTOBUILD_COUNTER" ; then
+if [ -n "$AUTOBUILD_COUNTER" ]; then
   EXTRA_RELEASE=".auto$AUTOBUILD_COUNTER"
 else
   NOW=`date +"%s"`
   EXTRA_RELEASE=".$USER$NOW"
 fi
 
-if test -f /usr/bin/rpmbuild ; then
+if [ -f /usr/bin/rpmbuild ]; then
   rpmbuild --nodeps \
      --define "extra_release $EXTRA_RELEASE" \
      --define "_sourcedir `pwd`" \
      -ba --clean libvirt.spec
 fi
 
-# Test mingw32 cross-compile
-if test -x /usr/bin/i686-w64-mingw32-gcc ; then
+if [ -x /usr/bin/i686-pc-mingw32-gcc ]; then
   make distclean
 
-  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/i686-w64-mingw32/sys-root/mingw/lib/pkgconfig" \
-  CC="i686-w64-mingw32-gcc" \
+  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/i686-pc-mingw32/sys-root/mingw/lib/pkgconfig" \
+  CC="i686-pc-mingw32-gcc" \
   ../configure \
-    --build=$(uname -m)-w64-linux \
-    --host=i686-w64-mingw32 \
-    --prefix="$AUTOBUILD_INSTALL_ROOT/i686-w64-mingw32/sys-root/mingw" \
-    --enable-werror \
-    --without-libvirtd \
-    --without-python
+    --build=$(uname -m)-pc-linux \
+    --host=i686-pc-mingw32 \
+    --prefix="$AUTOBUILD_INSTALL_ROOT/i686-pc-mingw32/sys-root/mingw" \
+    --enable-compile-warnings=error \
+    --without-sasl \
+    --without-avahi \
+    --without-polkit \
+    --without-python \
+    --without-xen \
+    --without-qemu \
+    --without-lxc \
+    --without-uml \
+    --without-vbox \
+    --without-openvz \
+    --without-phyp \
+    --without-netcf \
+    --without-audit \
+    --without-dtrace \
+    --without-libvirtd
 
   make
   make install
 
-fi
+  #set -o pipefail
+  #make check 2>&1 | tee "$RESULTS"
 
-# Test mingw64 cross-compile
-if test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
-  make distclean
-
-  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig" \
-  CC="x86_64-w64-mingw32-gcc" \
-  ../configure \
-    --build=$(uname -m)-w64-linux \
-    --host=x86_64-w64-mingw32 \
-    --prefix="$AUTOBUILD_INSTALL_ROOT/x86_64-w64-mingw32/sys-root/mingw" \
-    --enable-werror \
-    --without-libvirtd \
-    --without-python
-
-  make
-  make install
-
-fi
-
-
-if test -x /usr/bin/i686-w64-mingw32-gcc && test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
-  if test -f /usr/bin/rpmbuild ; then
+  if [ -f /usr/bin/rpmbuild ]; then
     rpmbuild --nodeps \
        --define "extra_release $EXTRA_RELEASE" \
        --define "_sourcedir `pwd`" \
-       -ba --clean mingw-libvirt.spec
+       -ba --clean mingw32-libvirt.spec
   fi
 fi

autogen.sh

@@ -19,8 +19,7 @@ if test "x$1" = "x--no-git"; then
   no_git=" $1"
   shift
 fi
-if test -z "$NOCONFIGURE" ; then
-  if test "x$1" = "x--system"; then
+if test "x$1" = "x--system"; then
     shift
     prefix=/usr
     libdir=$prefix/lib
@@ -31,25 +30,21 @@ if test -z "$NOCONFIGURE" ; then
     fi
     EXTRA_ARGS="--prefix=$prefix --sysconfdir=$sysconfdir --localstatedir=$localstatedir --libdir=$libdir"
     echo "Running ./configure with $EXTRA_ARGS $@"
-  else
+else
     if test -z "$*" && test ! -f "$THEDIR/config.status"; then
         echo "I am going to run ./configure with no arguments - if you wish "
         echo "to pass any to it, please specify them on the $0 command line."
     fi
-  fi
 fi
 
 # Compute the hash we'll use to determine whether rerunning bootstrap
 # is required.  The first is just the SHA1 that selects a gnulib snapshot.
 # The second ensures that whenever we change the set of gnulib modules used
 # by this package, we rerun bootstrap to pull in the matching set of files.
-# The third ensures that whenever we change the set of local gnulib diffs,
-# we rerun bootstrap to pull in those diffs.
 bootstrap_hash()
 {
     git submodule status | sed 's/^[ +-]//;s/ .*//'
     git hash-object bootstrap.conf
-    git ls-tree -d HEAD gnulib/local | awk '{print $3}'
 }
 
 # Ensure that whenever we pull in a gnulib update or otherwise change to a
@@ -72,8 +67,6 @@ if test -d .git; then
     fi
 fi
 
-test -n "$NOCONFIGURE" && exit 0
-
 cd "$THEDIR"
 
 if test "x$OBJ_DIR" != x; then
@@ -81,7 +74,7 @@ if test "x$OBJ_DIR" != x; then
     cd "$OBJ_DIR"
 fi
 
-if test -z "$*" && test -z "$EXTRA_ARGS" && test -f config.status; then
+if test -z "$*" && test -f config.status; then
     ./config.status --recheck
 else
     $srcdir/configure $EXTRA_ARGS "$@"

bootstrap.conf

@@ -13,8 +13,9 @@
 # GNU General Public License for more details.
 
 # You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, see
-# <http://www.gnu.org/licenses/>.
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+
 
 # gnulib modules used by this package.
 gnulib_modules='
@@ -22,7 +23,6 @@ accept
 areadlink
 base64
 bind
-bitrotate
 byteswap
 c-ctype
 c-strcase
@@ -40,7 +40,6 @@ environ
 fclose
 fcntl
 fcntl-h
-fdatasync
 ffs
 fnmatch
 fsync
@@ -61,9 +60,7 @@ intprops
 ioctl
 isatty
 largefile
-ldexp
 listen
-localeconv
 maintainer-makefile
 manywarnings
 mkstemp
@@ -71,7 +68,6 @@ mkstemps
 mktempd
 netdb
 nonblocking
-openpty
 passfd
 perror
 physmem
@@ -91,7 +87,6 @@ sigaction
 sigpipe
 snprintf
 socket
-stat-time
 stdarg
 stpcpy
 strchrnul
@@ -107,7 +102,6 @@ sys_wait
 termios
 time_r
 timegm
-ttyname_r
 uname
 useless-if-before-free
 usleep
@@ -165,10 +159,9 @@ fi
 
 # Tell gnulib to:
 #   require LGPLv2+
-#   apply any local diffs in gnulib/local/ dir
 #   put *.m4 files in new gnulib/m4/ dir
-#   put *.[ch] files in new gnulib/lib/ dir
-#   import gnulib tests in new gnulib/tests/ dir
+#   put *.[ch] files in new gnulib/lib/ dir.
+#   import gnulib tests in new gnulib/tests/ dir.
 gnulib_name=libgnu
 m4_base=gnulib/m4
 source_base=gnulib/lib
@@ -177,10 +170,7 @@ gnulib_tool_option_extras="\
  --lgpl=2\
  --with-tests\
  --makefile-name=gnulib.mk\
- --avoid=pt_chown\
- --avoid=lock-tests\
 "
-local_gl_dir=gnulib/local
 
 # Convince bootstrap to use multiple m4 directories.
 : ${ACLOCAL=aclocal}
@@ -188,12 +178,6 @@ ACLOCAL="$ACLOCAL -I m4"
 export ACLOCAL
 
 # Build prerequisites
-# Note that some of these programs are only required for 'make dist' to
-# succeed from a fresh git checkout; not all of these programs are
-# required to run 'make dist' on a tarball.  As a special case, we want
-# to require the equivalent of the Fedora python-devel package, but
-# RHEL 5 lacks the witness python-config package; we hack around that
-# old environment below.
 buildreq="\
 autoconf   2.59
 automake   1.9.6
@@ -202,22 +186,11 @@ gettext    0.17
 git        1.5.5
 gzip       -
 libtool    -
-patch      -
 perl       5.5
 pkg-config -
-python-config -
 rpcgen     -
 tar        -
-xmllint	   -
-xsltproc   -
 "
-# Use rpm as a fallback to bypass the bootstrap probe for python-config,
-# for the sake of RHEL 5; without requiring it on newer systems that
-# have python-config to begin with.
-if `(${PYTHON_CONFIG-python-config} --version;
-     test $? -lt 126 || rpm -q python-devel) >/dev/null 2>&1`; then
-  PYTHON_CONFIG=true
-fi
 
 # Automake requires that ChangeLog exist.
 touch ChangeLog || exit 1

build-aux/augeas-gentest.pl

@@ -1,71 +0,0 @@
-#!/usr/bin/perl
-#
-# augeas-gentest.pl: Generate an augeas test file, from an
-#                    example config file + test file template
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, see
-# <http://www.gnu.org/licenses/>.
-#
-# Authors:
-#     Daniel P. Berrange <berrange@redhat.com>
-
-use strict;
-use warnings;
-
-die "syntax: $0 CONFIG TEMPLATE AUGTEST\n" unless @ARGV == 3;
-
-my $config = shift @ARGV;
-my $template = shift @ARGV;
-my $augtest = shift @ARGV;
-
-open AUGTEST, ">", $augtest or die "cannot create $augtest: $!";
-
-$SIG{__DIE__} = sub {
-    unlink $augtest;
-};
-
-open CONFIG, "<", $config or die "cannot read $config: $!";
-open TEMPLATE, "<", $template or die "cannot read $template: $!";
-
-my $group = 0;
-while (<TEMPLATE>) {
-    if (/::CONFIG::/) {
-        my $group = 0;
-        print AUGTEST "  let conf = \"";
-        while (<CONFIG>) {
-            if (/^#\w/) {
-                s/^#//;
-                s/\"/\\\"/g;
-                print AUGTEST $_;
-                $group = /\[\s$/;
-            } elsif ($group) {
-                s/\"/\\\"/g;
-                if (/#\s*\]/) {
-                    $group = 0;
-                }
-                if (/^#/) {
-                    s/^#//;
-                    print AUGTEST $_;
-                }
-            }
-        }
-        print AUGTEST "\"\n";
-    } else {
-        print AUGTEST $_;
-    }
-}
-
-close TEMPLATE;
-close CONFIG;
-close AUGTEST or die "cannot save $augtest: $!";

cfg.mk

@@ -1,5 +1,5 @@
 # Customize Makefile.maint.                           -*- makefile -*-
-# Copyright (C) 2008-2012 Red Hat, Inc.
+# Copyright (C) 2008-2011 Red Hat, Inc.
 # Copyright (C) 2003-2008 Free Software Foundation, Inc.
 
 # This program is free software: you can redistribute it and/or modify
@@ -13,8 +13,7 @@
 # GNU General Public License for more details.
 
 # You should have received a copy of the GNU General Public License
-# along with this program.  If not, see
-# <http://www.gnu.org/licenses/>.
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 # Use alpha.gnu.org for alpha and beta releases.
 # Use ftp.gnu.org for major releases.
@@ -37,9 +36,6 @@ generated_files = \
   $(srcdir)/src/remote/*_protocol.[ch] \
   $(srcdir)/gnulib/lib/*.[ch]
 
-# We haven't converted all scripts to using gnulib's init.sh yet.
-_test_script_regex = \<\(init\|test-lib\)\.sh\>
-
 # Tests not to run as part of "make distcheck".
 local-checks-to-skip =			\
   changelog-check			\
@@ -85,7 +81,7 @@ local-checks-to-skip =			\
 ifeq ($(filter dist%, $(MAKECMDGOALS)), )
 local-checks-to-skip +=	sc_vulnerable_makefile_CVE-2012-3386
 else
-distdir: sc_vulnerable_makefile_CVE-2012-3386.z
+distdir: sc_vulnerable_makefile_CVE-2012-3386
 endif
 
 # Files that should never cause syntax check failures.
@@ -145,9 +141,20 @@ useless_free_options =				\
   --name=virJSONValueFree			\
   --name=virLastErrFreeData			\
   --name=virNetMessageFree                      \
+  --name=virNetClientFree                       \
+  --name=virNetClientProgramFree                \
+  --name=virNetClientStreamFree                 \
+  --name=virNetServerFree                       \
+  --name=virNetServerClientFree                 \
   --name=virNetServerMDNSFree                   \
   --name=virNetServerMDNSEntryFree              \
   --name=virNetServerMDNSGroupFree              \
+  --name=virNetServerProgramFree                \
+  --name=virNetServerServiceFree                \
+  --name=virNetSocketFree                       \
+  --name=virNetSASLContextFree                  \
+  --name=virNetSASLSessionFree                  \
+  --name=virNetTLSSessionFree                   \
   --name=virNWFilterDefFree			\
   --name=virNWFilterEntryFree			\
   --name=virNWFilterHashTableFree		\
@@ -160,8 +167,6 @@ useless_free_options =				\
   --name=virNetworkObjFree			\
   --name=virNodeDeviceDefFree			\
   --name=virNodeDeviceObjFree			\
-  --name=virObjectUnref                         \
-  --name=virObjectFreeCallback                  \
   --name=virSecretDefFree			\
   --name=virStorageEncryptionFree		\
   --name=virStorageEncryptionSecretFree		\
@@ -174,7 +179,6 @@ useless_free_options =				\
   --name=xmlBufferFree				\
   --name=xmlFree				\
   --name=xmlFreeDoc				\
-  --name=xmlFreeNode				\
   --name=xmlXPathFreeContext			\
   --name=xmlXPathFreeObject
 
@@ -319,12 +323,6 @@ sc_prohibit_internal_functions:
 	halt='use VIR_ macros instead of internal functions'		\
 	  $(_sc_search_regexp)
 
-# Avoid raw malloc and free, except in documentation comments.
-sc_prohibit_raw_allocation:
-	@prohibit='^.[^*].*\<((m|c|re)alloc|free) *\([^)]'		\
-	halt='use VIR_ macros from memory.h instead of malloc/free'	\
-	  $(_sc_search_regexp)
-
 # Avoid functions that can lead to double-close bugs.
 sc_prohibit_close:
 	@prohibit='([^>.]|^)\<[fp]?close *\('				\
@@ -349,23 +347,12 @@ sc_prohibit_access_xok:
 
 # Similar to the gnulib maint.mk rule for sc_prohibit_strcmp
 # Use STREQLEN or STRPREFIX rather than comparing strncmp == 0, or != 0.
-snp_ = strncmp *\(.+\)
 sc_prohibit_strncmp:
-	@prohibit='! *strncmp *\(|\<$(snp_) *[!=]=|[!=]= *$(snp_)'	\
-	exclude=':# *define STR(N?EQLEN|PREFIX)\('			\
-	halt='$(ME): use STREQLEN or STRPREFIX instead of str''ncmp'	\
-	  $(_sc_search_regexp)
-
-# strtol and friends are too easy to misuse
-sc_prohibit_strtol:
-	@prohibit='\bstrto(u?ll?|[ui]max) *\('				\
-	exclude='exempt from syntax-check'				\
-	halt='$(ME): use virStrToLong_*, not strtol variants'		\
-	  $(_sc_search_regexp)
-	@prohibit='\bstrto[df] *\('					\
-	exclude='exempt from syntax-check'				\
-	halt='$(ME): use virStrToDouble, not strtod variants'		\
-	  $(_sc_search_regexp)
+	@grep -nE '! *str''ncmp *\(|\<str''ncmp *\(.+\) *[!=]='		\
+	    $$($(VC_LIST_EXCEPT))					\
+	  | grep -vE ':# *define STR(N?EQLEN|PREFIX)\(' &&		\
+	  { echo '$(ME): use STREQLEN or STRPREFIX instead of str''ncmp' \
+		1>&2; exit 1; } || :
 
 # Use virAsprintf rather than as'printf since *strp is undefined on error.
 sc_prohibit_asprintf:
@@ -406,11 +393,6 @@ sc_prohibit_VIR_ERR_NO_MEMORY:
 	halt='use virReportOOMError, not V'IR_ERR_NO_MEMORY		\
 	  $(_sc_search_regexp)
 
-sc_prohibit_PATH_MAX:
-	@prohibit='\<P''ATH_MAX\>'				\
-	halt='dynamically allocate paths, do not use P'ATH_MAX	\
-	  $(_sc_search_regexp)
-
 # Use a subshell for each function, to give the optimal warning message.
 include $(srcdir)/Makefile.nonreentrant
 sc_prohibit_nonreentrant:
@@ -430,26 +412,14 @@ sc_prohibit_ctype_h:
 	halt="don't use ctype.h; instead, use c-ctype.h"		\
 	  $(_sc_search_regexp)
 
-# Insist on correct types for [pug]id.
-sc_correct_id_types:
-	@prohibit='\<(int|long) *[pug]id\>'				\
-	halt="use pid_t for pid, uid_t for uid, gid_t for gid"		\
-	  $(_sc_search_regexp)
-
-# Forbid sizeof foo or sizeof (foo), require sizeof(foo)
-sc_size_of_brackets:
-	@prohibit='sizeof\s'						\
-	halt='use sizeof(foo), not sizeof (foo) or sizeof foo'		\
-	  $(_sc_search_regexp)
-
 # Ensure that no C source file, docs, or rng schema uses TABs for
 # indentation.  Also match *.h.in files, to get libvirt.h.in.  Exclude
 # files in gnulib, since they're imported.
-space_indent_files=(\.(rng|s?[ch](\.in)?|html.in|py|pl|syms)|(daemon|tools)/.*\.in)
+space_indent_files=(\.(rng|s?[ch](\.in)?|html.in|py)|(daemon|tools)/.*\.in)
 sc_TAB_in_indentation:
 	@prohibit='^ *	'						\
 	in_vc_files='$(space_indent_files)$$'				\
-	halt='indent with space, not TAB, in C, sh, html, py, syms and RNG schemas' \
+	halt='indent with space, not TAB, in C, sh, html, py, and RNG schemas' \
 	  $(_sc_search_regexp)
 
 ctype_re = isalnum|isalpha|isascii|isblank|iscntrl|isdigit|isgraph|islower\
@@ -483,18 +453,6 @@ sc_prohibit_xmlGetProp:
 	halt='use virXMLPropString, not xmlGetProp'			\
 	  $(_sc_search_regexp)
 
-# xml(ParseURI|SaveUri) doesn't handle IPv6 URIs well
-sc_prohibit_xmlURI:
-	@prohibit='\<xml(ParseURI|SaveUri) *\('				\
-	halt='use virURI(Parse|Format), not xml(ParseURI|SaveUri)'	\
-	  $(_sc_search_regexp)
-
-# we don't want old old-style return with parentheses around argument
-sc_prohibit_return_as_function:
-	@prohibit='\<return *\(([^()]*(\([^()]*\)[^()]*)*)\) *;'    \
-	halt='avoid extra () with return statements'                \
-	  $(_sc_search_regexp)
-
 # ATTRIBUTE_UNUSED should only be applied in implementations, not
 # header declarations
 sc_avoid_attribute_unused_in_header:
@@ -509,12 +467,46 @@ sc_avoid_attribute_unused_in_header:
 # |grep -vE '^(qsort|if|close|assert|fputc|free|N_|vir.*GetName|.*Unlock|virNodeListDevices|virHashRemoveEntry|freeaddrinfo|.*[fF]ree|xdrmem_create|xmlXPathFreeObject|virUUIDFormat|openvzSetProgramSentinal|polkit_action_unref)$'
 
 msg_gen_function =
+msg_gen_function += ESX_ERROR
+msg_gen_function += ESX_VI_ERROR
+msg_gen_function += HYPERV_ERROR
+msg_gen_function += PHYP_ERROR
 msg_gen_function += VIR_ERROR
+msg_gen_function += VMX_ERROR
+msg_gen_function += XENXS_ERROR
+msg_gen_function += eventReportError
+msg_gen_function += ifaceError
+msg_gen_function += interfaceReportError
+msg_gen_function += iptablesError
 msg_gen_function += lxcError
+msg_gen_function += libxlError
+msg_gen_function += macvtapError
+msg_gen_function += networkReportError
+msg_gen_function += nodeReportError
+msg_gen_function += openvzError
+msg_gen_function += pciReportError
+msg_gen_function += qemuReportError
+msg_gen_function += qemudDispatchClientFailure
 msg_gen_function += regerror
+msg_gen_function += remoteError
+msg_gen_function += remoteDispatchFormatError
+msg_gen_function += statsError
+msg_gen_function += streamsReportError
+msg_gen_function += usbReportError
+msg_gen_function += umlReportError
 msg_gen_function += vah_error
 msg_gen_function += vah_warning
+msg_gen_function += vboxError
+msg_gen_function += virCommandError
+msg_gen_function += virConfError
+msg_gen_function += virCPUReportError
+msg_gen_function += virEventError
+msg_gen_function += virDomainReportError
 msg_gen_function += virGenericReportError
+msg_gen_function += virHashError
+msg_gen_function += virHookReportError
+msg_gen_function += virInterfaceReportError
+msg_gen_function += virJSONError
 msg_gen_function += virLibConnError
 msg_gen_function += virLibDomainError
 msg_gen_function += virLibDomainSnapshotError
@@ -525,21 +517,39 @@ msg_gen_function += virLibNWFilterError
 msg_gen_function += virLibSecretError
 msg_gen_function += virLibStoragePoolError
 msg_gen_function += virLibStorageVolError
+msg_gen_function += virNetworkReportError
+msg_gen_function += virNodeDeviceReportError
+msg_gen_function += virNWFilterReportError
 msg_gen_function += virRaiseError
-msg_gen_function += virReportError
 msg_gen_function += virReportErrorHelper
 msg_gen_function += virReportSystemError
+msg_gen_function += virSecretReportError
+msg_gen_function += virSecurityReportError
+msg_gen_function += virSexprError
+msg_gen_function += virSmbiosReportError
+msg_gen_function += virSocketError
+msg_gen_function += virStatsError
+msg_gen_function += virStorageReportError
+msg_gen_function += virUtilError
+msg_gen_function += virXMLError
+msg_gen_function += virXenInotifyError
+msg_gen_function += virXenStoreError
+msg_gen_function += virXendError
+msg_gen_function += vmwareError
 msg_gen_function += xenapiSessionErrorHandler
+msg_gen_function += xenUnifiedError
+msg_gen_function += xenXMError
 
 # Uncomment the following and run "make syntax-check" to see diagnostics
 # that are not yet marked for translation, but that need to be rewritten
 # so that they are translatable.
 # msg_gen_function += fprintf
 # msg_gen_function += testError
+# msg_gen_function += virXenError
 # msg_gen_function += vshPrint
 # msg_gen_function += vshError
 
-func_or := $(shell echo $(msg_gen_function)|tr -s ' ' '|')
+func_or := $(shell printf '$(msg_gen_function)'|tr -s '[[:space:]]' '|')
 func_re := ($(func_or))
 
 # Look for diagnostics that aren't marked for translation.
@@ -548,13 +558,14 @@ func_re := ($(func_or))
 #    _("...: "
 #    "%s", _("no storage vol w..."
 sc_libvirt_unmarked_diagnostics:
-	@prohibit='\<$(func_re) *\([^"]*"[^"]*[a-z]{3}'			\
-	exclude='_\('							\
-	halt='$(ME): found unmarked diagnostic(s)'			\
-	  $(_sc_search_regexp)
+	@grep -nE							\
+	    '\<$(func_re) *\([^"]*"[^"]*[a-z]{3}' $$($(VC_LIST_EXCEPT))	\
+	  | grep -v '_''(' &&						\
+	  { echo '$(ME): found unmarked diagnostic(s)' 1>&2;		\
+	    exit 1; } || :
 	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
 	   grep -A1 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | sed 's/_("\([^\"]\|\\.\)\+"//;s/[	 ]"%s"//'		\
+	   | sed 's/_("[^"][^"]*"//;s/[	 ]"%s"//'			\
 	   | grep '[	 ]"' &&						\
 	  { echo '$(ME): found unmarked diagnostic(s)' 1>&2;		\
 	    exit 1; } || :
@@ -573,30 +584,6 @@ sc_prohibit_newline_at_end_of_diagnostic:
 	  && { echo '$(ME): newline at end of message(s)' 1>&2;		\
 	    exit 1; } || :
 
-# Look for diagnostics that lack a % in the format string, except that we
-# allow VIR_ERROR to do this, and ignore functions that take a single
-# string rather than a format argument.
-sc_prohibit_diagnostic_without_format:
-	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
-	   grep -A2 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | sed -rn -e ':l; /[,"]$$/ {N;b l;}'				 \
-		-e '/(xenapiSessionErrorHandler|vah_(error|warning))/d'	 \
-		-e '/\<$(func_re) *\([^"]*"([^%"]|"\n[^"]*")*"[,)]/p'	 \
-           | grep -vE 'VIR_ERROR' &&					 \
-	  { echo '$(ME): found diagnostic without %' 1>&2;		 \
-	    exit 1; } || :
-
-# The strings "" and "%s" should never be marked for translation.
-# Files under tests/ and examples/ should not be translated.
-sc_prohibit_useless_translation:
-	@prohibit='_\("(%s)?"\)'					\
-	halt='found useless translation'				\
-	  $(_sc_search_regexp)
-	@prohibit='\<N?_ *\('						\
-	in_vc_files='^(tests|examples)/'				\
-	halt='no translations in tests or examples'			\
-	  $(_sc_search_regexp)
-
 # Enforce recommended preprocessor indentation style.
 sc_preprocessor_indentation:
 	@if cppi --version >/dev/null 2>&1; then			\
@@ -619,13 +606,6 @@ sc_copyright_format:
 	halt='spell Red Hat as two words'				\
 	  $(_sc_search_regexp)
 
-# Prefer the new URL listing over the old street address listing when
-# calling out where to get a copy of the [L]GPL.
-sc_copyright_address:
-	@prohibit=Boston,' MA'						\
-	halt='Point to <http://www.gnu.org/licenses/>, not an address'	\
-	  $(_sc_search_regexp)
-
 # Some functions/macros produce messages intended solely for developers
 # and maintainers.  Do not mark them for translation.
 sc_prohibit_gettext_markup:
@@ -633,37 +613,6 @@ sc_prohibit_gettext_markup:
 	halt='do not mark these strings for translation'		\
 	  $(_sc_search_regexp)
 
-# Our code is divided into modular subdirectories for a reason, and
-# lower-level code must not include higher-level headers.
-cross_dirs=$(patsubst $(srcdir)/src/%.,%,$(wildcard $(srcdir)/src/*/.))
-cross_dirs_re=($(subst / ,/|,$(cross_dirs)))
-sc_prohibit_cross_inclusion:
-	@for dir in $(cross_dirs); do					\
-	  case $$dir in							\
-	    util/) safe="util";;					\
-	    cpu/ | locking/ | network/ | rpc/ | security/)		\
-	      safe="($$dir|util|conf)";;				\
-	    xenapi/ | xenxs/ ) safe="($$dir|util|conf|xen)";;		\
-	    *) safe="($$dir|util|conf|cpu|network|locking|rpc|security)";; \
-	  esac;								\
-	  in_vc_files="^src/$$dir"					\
-	  prohibit='^# *include .$(cross_dirs_re)'			\
-	  exclude="# *include .$$safe"					\
-	  halt='unsafe cross-directory include'				\
-	    $(_sc_search_regexp)					\
-	done
-
-# When converting an enum to a string, make sure that we track any new
-# elements added to the enum by using a _LAST marker.
-sc_require_enum_last_marker:
-	@grep -A1 -nE '^[^#]*VIR_ENUM_IMPL *\(' $$($(VC_LIST_EXCEPT))	\
-	   | sed -ne '/VIR_ENUM_IMPL[^,]*,$$/N'				\
-	     -e '/VIR_ENUM_IMPL[^,]*,[^,]*[^_,][^L,][^A,][^S,][^T,],/p'	\
-	     -e '/VIR_ENUM_IMPL[^,]*,[^,]\{0,4\},/p'			\
-	   | grep . &&							\
-	  { echo '$(ME): enum impl needs to use _LAST marker' 1>&2;	\
-	    exit 1; } || :
-
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null
 
@@ -684,7 +633,6 @@ ifeq (0,$(MAKELEVEL))
       test -f po/Makevars || { echo 1; exit; };				\
       actual=$$(git submodule status | $(_submodule_hash);		\
 		git hash-object bootstrap.conf;				\
-		git ls-tree -d HEAD gnulib/local | awk '{print $$3}';	\
 		git diff .gnulib);					\
       stamp="$$($(_submodule_hash) $(_curr_status) 2>/dev/null)";	\
       test "$$stamp" = "$$actual"; echo $$?)
@@ -732,18 +680,15 @@ $(srcdir)/src/remote/remote_client_bodies.h: $(srcdir)/src/remote/remote_protoco
 	$(MAKE) -C src remote/remote_client_bodies.h
 
 # List all syntax-check exemptions:
-exclude_file_name_regexp--sc_avoid_strcase = ^tools/virsh\.h$$
+exclude_file_name_regexp--sc_avoid_strcase = ^tools/virsh\.c$$
 
-_src1=libvirt|fdstream|qemu/qemu_monitor|util/(command|util)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller
+_src1=libvirt|fdstream|qemu/qemu_monitor|util/(command|util)|xen/xend_internal|rpc/virnetsocket
 exclude_file_name_regexp--sc_avoid_write = \
   ^(src/($(_src1))|daemon/libvirtd|tools/console|tests/(shunload|virnettlscontext)test)\.c$$
 
 exclude_file_name_regexp--sc_bindtextdomain = ^(tests|examples)/
 
-exclude_file_name_regexp--sc_copyright_address = \
-  ^COPYING\.LIB$$
-
-exclude_file_name_regexp--sc_flags_usage = ^(docs/|src/util/virnetdevtap\.c$$)
+exclude_file_name_regexp--sc_flags_usage = ^docs/
 
 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
   ^src/rpc/gendispatch\.pl$$
@@ -765,7 +710,7 @@ exclude_file_name_regexp--sc_prohibit_close = \
   (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c)$$)
 
 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(qemuhelp|nodeinfo)data/|\.(gif|ico|png|diff)$$)
+  (^tests/qemuhelpdata/|\.(gif|ico|png)$$)
 
 _src2=src/(util/command|libvirt|lxc/lxc_controller)
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
@@ -782,37 +727,22 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
   ^((po|tests)/|docs/.*py$$|tools/(virsh|console)\.c$$)
 
-exclude_file_name_regexp--sc_prohibit_raw_allocation = \
-  ^(src/util/memory\.[ch]|examples/.*)$$
-
-exclude_file_name_regexp--sc_prohibit_readlink = \
-  ^src/(util/util|lxc/lxc_container)\.c$$
+exclude_file_name_regexp--sc_prohibit_readlink = ^src/util/util\.c$$
 
 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/util\.c$$
 
-exclude_file_name_regexp--sc_prohibit_sprintf = \
-  ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)$$
+exclude_file_name_regexp--sc_prohibit_sprintf = ^docs/hacking\.html\.in$$
 
-exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/util\.c$$
-
-exclude_file_name_regexp--sc_prohibit_strtol = \
-  ^src/(util/sexpr|(vbox|xen|xenxs)/.*)\.c$$
+exclude_file_name_regexp--sc_prohibit_strncpy = \
+  ^(src/util/util|tools/virsh)\.c$$
 
 exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/xml\.c$$
 
-exclude_file_name_regexp--sc_prohibit_xmlURI = ^src/util/viruri\.c$$
+exclude_file_name_regexp--sc_require_config_h = ^examples/
 
-exclude_file_name_regexp--sc_prohibit_return_as_function = \.py$$
+exclude_file_name_regexp--sc_require_config_h_first = ^examples/
 
-_virsh_includes=(edit|domain-monitor|domain|volume|pool|network|interface|nwfilter|secret|snapshot|host|nodedev)
-exclude_file_name_regexp--sc_require_config_h = ^(examples/|tools/virsh-$(_virsh_includes)\.c$$)
-
-exclude_file_name_regexp--sc_require_config_h_first = ^(examples/|tools/virsh-$(_virsh_includes)\.c$$)
-
-exclude_file_name_regexp--sc_trailing_blank = \
-  (/qemuhelpdata/|\.(fig|gif|ico|png)$$)
+exclude_file_name_regexp--sc_trailing_blank = \.(fig|gif|ico|png)$$
 
 exclude_file_name_regexp--sc_unmarked_diagnostics = \
   ^(docs/apibuild.py|tests/virt-aa-helper-test)$$
-
-exclude_file_name_regexp--sc_size_of_brackets = cfg.mk

daemon/.gitignore

@@ -0,0 +1,14 @@
+*.la
+*.lo
+.deps
+.libs
+Makefile
+Makefile.in
+libvirt_qemud
+libvirtd
+libvirtd.init
+libvirtd*.logrotate
+libvirtd.8
+libvirtd.8.in
+libvirtd.pod
+probes.h

daemon/Makefile.am

@@ -1,12 +1,12 @@
 ## Process this file with automake to produce Makefile.in
 
-## Copyright (C) 2005-2012 Red Hat, Inc.
+## Copyright (C) 2005-2011 Red Hat, Inc.
 ## See COPYING.LIB for the License of this software
 
 INCLUDES = \
-	-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \
-	-I$(top_builddir)/include -I$(top_srcdir)/include \
-	-I$(top_builddir)/src -I$(top_srcdir)/src \
+	-I$(top_srcdir)/gnulib/lib -I../gnulib/lib \
+	-I$(top_srcdir)/include -I$(top_builddir)/include \
+	-I$(top_srcdir)/src \
 	-I$(top_srcdir)/src/util \
 	-I$(top_srcdir)/src/conf \
 	-I$(top_srcdir)/src/rpc \
@@ -21,7 +21,6 @@ DAEMON_GENERATED =					\
 
 DAEMON_SOURCES =					\
 		libvirtd.c libvirtd.h			\
-		libvirtd-config.c libvirtd-config.h	\
 		remote.c remote.h			\
 		stream.c stream.h			\
 		../src/remote/remote_protocol.c		\
@@ -39,16 +38,16 @@ EXTRA_DIST =						\
 	libvirtd.policy-1				\
 	libvirtd.sasl					\
 	libvirtd.sysconf				\
-	libvirtd.sysctl					\
 	libvirtd.aug                                    \
 	libvirtd.logrotate.in                           \
 	libvirtd.qemu.logrotate.in                      \
 	libvirtd.lxc.logrotate.in                       \
 	libvirtd.uml.logrotate.in                       \
-	test_libvirtd.aug.in                             \
+	test_libvirtd.aug                               \
 	THREADS.txt					\
 	libvirtd.pod.in					\
 	libvirtd.8.in					\
+	libvirtd.stp					\
 	$(DAEMON_SOURCES)
 
 BUILT_SOURCES =
@@ -58,12 +57,12 @@ QEMU_PROTOCOL = $(top_srcdir)/src/remote/qemu_protocol.x
 
 $(srcdir)/remote_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(REMOTE_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl -b remote REMOTE \
+	$(AM_V_GEN)perl -w $(srcdir)/../src/rpc/gendispatch.pl -b remote \
 	  $(REMOTE_PROTOCOL) > $@
 
 $(srcdir)/qemu_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(QEMU_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl -b qemu QEMU \
+	$(AM_V_GEN)perl -w $(srcdir)/../src/rpc/gendispatch.pl -b qemu \
 	  $(QEMU_PROTOCOL) > $@
 
 if WITH_LIBVIRTD
@@ -81,12 +80,11 @@ augeas_DATA = libvirtd.aug
 augeastestsdir = $(datadir)/augeas/lenses/tests
 augeastests_DATA = test_libvirtd.aug
 
-CLEANFILES += test_libvirtd.aug
-
 libvirtd.8: $(srcdir)/libvirtd.8.in
 	sed \
-	    -e 's!SYSCONFDIR!$(sysconfdir)!g' \
-	    -e 's!LOCALSTATEDIR!$(localstatedir)!g' \
+	    -e 's![@]sysconfdir[@]!$(sysconfdir)!g' \
+	    -e 's![@]localstatedir[@]!$(localstatedir)!g' \
+	    -e 's![@]remote_pid_file[@]!$(REMOTE_PID_FILE)!g' \
 	    < $< > $@-t
 	mv $@-t $@
 
@@ -95,10 +93,11 @@ libvirtd_SOURCES = $(DAEMON_SOURCES)
 #-D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_POSIX_C_SOURCE=199506L
 libvirtd_CFLAGS = \
 	$(LIBXML_CFLAGS) $(GNUTLS_CFLAGS) $(SASL_CFLAGS) \
-	$(XDR_CFLAGS) $(POLKIT_CFLAGS) $(DBUS_CFLAGS) $(LIBNL_CFLAGS) \
+	$(XDR_CFLAGS) $(POLKIT_CFLAGS) \
 	$(WARN_CFLAGS) \
 	$(COVERAGE_CFLAGS) \
-	-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\""
+	-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\"" \
+	-DREMOTE_PID_FILE="\"$(REMOTE_PID_FILE)\""
 
 libvirtd_LDFLAGS =					\
 	$(WARN_CFLAGS)					\
@@ -108,23 +107,16 @@ libvirtd_LDADD =					\
 	$(LIBXML_LIBS)					\
 	$(GNUTLS_LIBS)					\
 	$(SASL_LIBS)					\
-	$(DBUS_LIBS)					\
-	$(POLKIT_LIBS)					\
-	$(LIBNL_LIBS)
-
-if WITH_DTRACE_PROBES
-libvirtd_LDADD += ../src/libvirt_probes.lo
-endif
+	$(POLKIT_LIBS)
 
 libvirtd_LDADD += \
+	../src/libvirt-net-rpc-server.la \
+	../src/libvirt-net-rpc.la \
 	../src/libvirt-qemu.la
 
 if ! WITH_DRIVER_MODULES
 if WITH_QEMU
     libvirtd_LDADD += ../src/libvirt_driver_qemu.la
-if WITH_DTRACE_PROBES
-    libvirtd_LDADD += ../src/libvirt_qemu_probes.lo
-endif
 endif
 
 if WITH_LXC
@@ -139,7 +131,7 @@ if WITH_UML
     libvirtd_LDADD += ../src/libvirt_driver_uml.la
 endif
 
-if WITH_STORAGE
+if WITH_STORAGE_DIR
     libvirtd_LDADD += ../src/libvirt_driver_storage.la
 endif
 
@@ -176,27 +168,41 @@ policyfile = libvirtd.policy-1
 endif
 endif
 
-install-data-local: install-init-redhat install-init-systemd install-init-upstart \
-		install-data-sasl install-data-polkit \
-		install-logrotate install-sysctl
-	$(MKDIR_P) $(DESTDIR)$(localstatedir)/log/libvirt \
-		   $(DESTDIR)$(localstatedir)/run/libvirt \
-		   $(DESTDIR)$(localstatedir)/lib/libvirt
+if WITH_DTRACE
+libvirtd_LDADD += probes.o
+nodist_libvirtd_SOURCES = probes.h
 
-uninstall-local:: uninstall-init-redhat uninstall-init-systemd uninstall-init-upstart \
-		uninstall-data-sasl uninstall-data-polkit \
-		uninstall-logrotate uninstall-sysctl
+BUILT_SOURCES += probes.h
+
+tapsetdir = $(datadir)/systemtap/tapset
+tapset_DATA = libvirtd.stp
+
+probes.h: probes.d
+	$(AM_V_GEN)$(DTRACE) -o $@ -h -s $<
+
+probes.o: probes.d
+	$(AM_V_GEN)$(DTRACE) -o $@ -G -s $<
+
+CLEANFILES += probes.h probes.o
+endif
+
+install-data-local: install-init install-data-sasl install-data-polkit \
+		    install-logrotate
+	mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt
+	mkdir -p $(DESTDIR)$(localstatedir)/run/libvirt
+	mkdir -p $(DESTDIR)$(localstatedir)/lib/libvirt
+
+uninstall-local:: uninstall-init uninstall-data-sasl uninstall-data-polkit
 	rmdir $(DESTDIR)$(localstatedir)/log/libvirt || :
 	rmdir $(DESTDIR)$(localstatedir)/run/libvirt || :
 	rmdir $(DESTDIR)$(localstatedir)/lib/libvirt || :
 
 if HAVE_POLKIT
-install-data-polkit::
-	$(MKDIR_P) $(DESTDIR)$(policydir)
+install-data-polkit:: install-init
+	mkdir -p $(DESTDIR)$(policydir)
 	$(INSTALL_DATA) $(srcdir)/$(policyfile) $(DESTDIR)$(policydir)/org.libvirt.unix.policy
-uninstall-data-polkit::
+uninstall-data-polkit:: install-init
 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
-	rmdir $(DESTDIR)$(policydir) || :
 else
 install-data-polkit::
 uninstall-data-polkit::
@@ -235,99 +241,29 @@ libvirtd.uml.logrotate: libvirtd.uml.logrotate.in
 	    mv $@-t $@
 
 install-logrotate: $(LOGROTATE_CONFS)
-	$(MKDIR_P) $(DESTDIR)$(localstatedir)/log/libvirt/qemu/ \
-		   $(DESTDIR)$(localstatedir)/log/libvirt/lxc/ \
-		   $(DESTDIR)$(localstatedir)/log/libvirt/uml/ \
-		   $(DESTDIR)$(sysconfdir)/logrotate.d/
+	mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt/qemu/
+	mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt/lxc/
+	mkdir -p $(DESTDIR)$(localstatedir)/log/libvirt/uml/
+	mkdir -p $(DESTDIR)$(sysconfdir)/logrotate.d/
 	$(INSTALL_DATA) libvirtd.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd
 	$(INSTALL_DATA) libvirtd.qemu.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu
 	$(INSTALL_DATA) libvirtd.lxc.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc
 	$(INSTALL_DATA) libvirtd.uml.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml
 
-uninstall-logrotate:
-	rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd \
-	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu \
-	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc \
-	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml
-	rmdir $(DESTDIR)$(localstatedir)/log/libvirt/qemu || :
-	rmdir $(DESTDIR)$(localstatedir)/log/libvirt/lxc || :
-	rmdir $(DESTDIR)$(localstatedir)/log/libvirt/uml || :
-	rmdir $(DESTDIR)$(sysconfdir)/logrotate.d || :
-
-install-sysconfig:
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig
-	$(INSTALL_DATA) $(srcdir)/libvirtd.sysconf \
-	  $(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
-uninstall-sysconfig:
-	rm -f $(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
-	rmdir $(DESTDIR)$(sysconfdir)/sysconfig || :
-
-if WITH_SYSCTL
-install-sysctl:
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysctl.d
-	$(INSTALL_DATA) $(srcdir)/libvirtd.sysctl \
-	  $(DESTDIR)$(sysconfdir)/sysctl.d/libvirtd
-
-uninstall-sysctl:
-	rm -f $(DESTDIR)$(sysconfdir)/sysctl.d/libvirtd
-	rmdir $(DESTDIR)$(sysconfdir)/sysctl.d || :
-else
-install-sysctl:
-uninstall-sysctl:
-endif
-
 if LIBVIRT_INIT_SCRIPT_RED_HAT
-
-BUILT_SOURCES += libvirtd.init
-
-install-init-redhat: install-sysconfig libvirtd.init
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
+install-init: libvirtd.init
+	mkdir -p $(DESTDIR)$(sysconfdir)/rc.d/init.d
 	$(INSTALL_SCRIPT) libvirtd.init \
 	  $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd
+	mkdir -p $(DESTDIR)$(sysconfdir)/sysconfig
+	$(INSTALL_DATA) $(srcdir)/libvirtd.sysconf \
+	  $(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
 
-uninstall-init-redhat: uninstall-sysconfig
-	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd
-	rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
-else
-install-init-redhat:
-uninstall-init-redhat:
-endif # LIBVIRT_INIT_SCRIPT_RED_HAT
+uninstall-init:
+	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd \
+		$(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
 
-
-if LIBVIRT_INIT_SCRIPT_UPSTART
-
-install-init-upstart: install-sysconfig
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/event.d
-	$(INSTALL_SCRIPT) libvirtd.upstart \
-	  $(DESTDIR)$(sysconfdir)/event.d/libvirtd
-
-uninstall-init-upstart: uninstall-sysconfig
-	rm -f $(DESTDIR)$(sysconfdir)/event.d/libvirtd
-	rmdir $(DESTDIR)$(sysconfdir)/event.d || :
-else
-install-init-upstart:
-uninstall-init-upstart:
-endif # LIBVIRT_INIT_SCRIPT_UPSTART
-
-
-EXTRA_DIST += libvirtd.service.in
-if LIBVIRT_INIT_SCRIPT_SYSTEMD
-
-SYSTEMD_UNIT_DIR = /lib/systemd/system
-BUILT_SOURCES += libvirtd.service
-
-install-init-systemd: install-sysconfig libvirtd.service
-	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
-	$(INSTALL_DATA) libvirtd.service \
-	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
-
-uninstall-init-systemd: uninstall-sysconfig
-	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
-	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
-else
-install-init-systemd:
-uninstall-init-systemd:
-endif # LIBVIRT_INIT_SCRIPT_SYSTEMD
+BUILT_SOURCES += libvirtd.init
 
 libvirtd.init: libvirtd.init.in $(top_builddir)/config.status
 	$(AM_V_GEN)sed					\
@@ -338,28 +274,18 @@ libvirtd.init: libvirtd.init.in $(top_builddir)/config.status
 	    chmod a+x $@-t &&				\
 	    mv $@-t $@
 
-libvirtd.service: libvirtd.service.in $(top_builddir)/config.status
-	$(AM_V_GEN)sed					\
-	    -e s!\@localstatedir\@!$(localstatedir)!g	\
-	    -e s!\@sbindir\@!$(sbindir)!g		\
-	    -e s!\@sysconfdir\@!$(sysconfdir)!g		\
-	    < $< > $@-t &&				\
-	    chmod a+x $@-t &&				\
-	    mv $@-t $@
-
-
-check-local: check-augeas
-
-AUG_GENTEST = $(PERL) $(top_srcdir)/build-aux/augeas-gentest.pl
-
-test_libvirtd.aug: test_libvirtd.aug.in $(srcdir)/libvirtd.conf
-	$(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libvirtd.conf $< $@
-
-check-augeas: test_libvirtd.aug
+check-local:
 	$(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
-	  '$(AUGPARSE)' -I $(srcdir) test_libvirtd.aug; \
+	  '$(AUGPARSE)' -I $(srcdir) $(srcdir)/test_libvirtd.aug; \
 	fi
 
+else
+
+install-init:
+uninstall-init:
+libvirtd.init:
+
+endif # LIBVIRT_INIT_SCRIPT_RED_HAT
 
 # This must be added last, since functions it provides/replaces
 # are used by nearly every other library.
@@ -370,22 +296,25 @@ install-data-local: install-data-sasl
 uninstall-local:: uninstall-data-sasl
 endif # WITH_LIBVIRTD
 
+# This is needed for 'make dist' too, so can't wrap in WITH_LIBVIRTD.
+EXTRA_DIST += probes.d libvirtd.stp
+
 POD2MAN = pod2man -c "Virtualization Support" \
 			-r "$(PACKAGE)-$(VERSION)" -s 8
 
 $(srcdir)/libvirtd.8.in: libvirtd.pod.in
-	$(AM_V_GEN)$(POD2MAN) --name LIBVIRTD $< $@
+	$(AM_V_GEN)$(POD2MAN) $< $@
 
 # This is needed for clients too, so can't wrap in
 # the WITH_LIBVIRTD conditional
 if HAVE_SASL
 install-data-sasl:
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/
+	mkdir -p $(DESTDIR)$(sysconfdir)/sasl2/
 	$(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
 
 uninstall-data-sasl:
 	rm -f $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf
-	rmdir $(DESTDIR)$(sysconfdir)/sasl2/ || :
+	rmdir $(DESTDIR)$(sysconfdir)/sasl2/
 else
 install-data-sasl:
 uninstall-data-sasl:

daemon/libvirtd-config.c

@@ -1,492 +0,0 @@
-/*
- * libvirtd.c: daemon start of day, guest process & i/o management
- *
- * Copyright (C) 2006-2012 Red Hat, Inc.
- * Copyright (C) 2006 Daniel P. Berrange
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library;  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Daniel P. Berrange <berrange@redhat.com>
- */
-
-#include <config.h>
-
-#include "libvirtd-config.h"
-#include "conf.h"
-#include "memory.h"
-#include "virterror_internal.h"
-#include "logging.h"
-#include "rpc/virnetserver.h"
-#include "configmake.h"
-#include "remote/remote_protocol.h"
-#include "remote/remote_driver.h"
-
-#define VIR_FROM_THIS VIR_FROM_CONF
-
-/* Allocate an array of malloc'd strings from the config file, filename
- * (used only in diagnostics), using handle "conf".  Upon error, return -1
- * and free any allocated memory.  Otherwise, save the array in *list_arg
- * and return 0.
- */
-static int
-remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
-                          const char *filename)
-{
-    char **list;
-    virConfValuePtr p = virConfGetValue (conf, key);
-    if (!p)
-        return 0;
-
-    switch (p->type) {
-    case VIR_CONF_STRING:
-        if (VIR_ALLOC_N(list, 2) < 0) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                           _("failed to allocate memory for %s config list"),
-                           key);
-            return -1;
-        }
-        list[0] = strdup (p->str);
-        list[1] = NULL;
-        if (list[0] == NULL) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                           _("failed to allocate memory for %s config list value"),
-                           key);
-            VIR_FREE(list);
-            return -1;
-        }
-        break;
-
-    case VIR_CONF_LIST: {
-        int i, len = 0;
-        virConfValuePtr pp;
-        for (pp = p->list; pp; pp = pp->next)
-            len++;
-        if (VIR_ALLOC_N(list, 1+len) < 0) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                           _("failed to allocate memory for %s config list"),
-                           key);
-            return -1;
-        }
-        for (i = 0, pp = p->list; pp; ++i, pp = pp->next) {
-            if (pp->type != VIR_CONF_STRING) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                               _("remoteReadConfigFile: %s: %s:"
-                                 " must be a string or list of strings"),
-                               filename, key);
-                VIR_FREE(list);
-                return -1;
-            }
-            list[i] = strdup (pp->str);
-            if (list[i] == NULL) {
-                int j;
-                for (j = 0 ; j < i ; j++)
-                    VIR_FREE(list[j]);
-                VIR_FREE(list);
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                               _("failed to allocate memory for %s config list value"),
-                               key);
-                return -1;
-            }
-
-        }
-        list[i] = NULL;
-        break;
-    }
-
-    default:
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("remoteReadConfigFile: %s: %s:"
-                         " must be a string or list of strings"),
-                       filename, key);
-        return -1;
-    }
-
-    *list_arg = list;
-    return 0;
-}
-
-/* A helper function used by each of the following macros.  */
-static int
-checkType (virConfValuePtr p, const char *filename,
-           const char *key, virConfType required_type)
-{
-    if (p->type != required_type) {
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("remoteReadConfigFile: %s: %s: invalid type:"
-                         " got %s; expected %s"), filename, key,
-                       virConfTypeName (p->type),
-                       virConfTypeName (required_type));
-        return -1;
-    }
-    return 0;
-}
-
-/* If there is no config data for the key, #var_name, then do nothing.
-   If there is valid data of type VIR_CONF_STRING, and strdup succeeds,
-   store the result in var_name.  Otherwise, (i.e. invalid type, or strdup
-   failure), give a diagnostic and "goto" the cleanup-and-fail label.  */
-#define GET_CONF_STR(conf, filename, var_name)                          \
-    do {                                                                \
-        virConfValuePtr p = virConfGetValue (conf, #var_name);          \
-        if (p) {                                                        \
-            if (checkType (p, filename, #var_name, VIR_CONF_STRING) < 0) \
-                goto error;                                             \
-            VIR_FREE(data->var_name);                                   \
-            if (!(data->var_name = strdup (p->str))) {                  \
-                virReportOOMError();                                    \
-                goto error;                                             \
-            }                                                           \
-        }                                                               \
-    } while (0)
-
-/* Like GET_CONF_STR, but for integral values.  */
-#define GET_CONF_INT(conf, filename, var_name)                          \
-    do {                                                                \
-        virConfValuePtr p = virConfGetValue (conf, #var_name);          \
-        if (p) {                                                        \
-            if (checkType (p, filename, #var_name, VIR_CONF_LONG) < 0)  \
-                goto error;                                             \
-            data->var_name = p->l;                                      \
-        }                                                               \
-    } while (0)
-
-
-static int remoteConfigGetAuth(virConfPtr conf, const char *key, int *auth, const char *filename) {
-    virConfValuePtr p;
-
-    p = virConfGetValue (conf, key);
-    if (!p)
-        return 0;
-
-    if (checkType (p, filename, key, VIR_CONF_STRING) < 0)
-        return -1;
-
-    if (!p->str)
-        return 0;
-
-    if (STREQ(p->str, "none")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
-#if HAVE_SASL
-    } else if (STREQ(p->str, "sasl")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
-#endif
-    } else if (STREQ(p->str, "polkit")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
-    } else {
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("remoteReadConfigFile: %s: %s: unsupported auth %s"),
-                       filename, key, p->str);
-        return -1;
-    }
-
-    return 0;
-}
-
-int
-daemonConfigFilePath(bool privileged, char **configfile)
-{
-    if (privileged) {
-        if (!(*configfile = strdup(SYSCONFDIR "/libvirt/libvirtd.conf")))
-            goto no_memory;
-    } else {
-        char *configdir = NULL;
-
-        if (!(configdir = virGetUserConfigDirectory()))
-            goto error;
-
-        if (virAsprintf(configfile, "%s/libvirtd.conf", configdir) < 0) {
-            VIR_FREE(configdir);
-            goto no_memory;
-        }
-        VIR_FREE(configdir);
-    }
-
-    return 0;
-
-no_memory:
-    virReportOOMError();
-error:
-    return -1;
-}
-
-struct daemonConfig*
-daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
-{
-    struct daemonConfig *data;
-    char *localhost;
-    int ret;
-
-    if (VIR_ALLOC(data) < 0) {
-        virReportOOMError();
-        return NULL;
-    }
-
-    data->listen_tls = 1;
-    data->listen_tcp = 0;
-
-    if (!(data->tls_port = strdup(LIBVIRTD_TLS_PORT)))
-        goto no_memory;
-    if (!(data->tcp_port = strdup(LIBVIRTD_TCP_PORT)))
-        goto no_memory;
-
-    /* Only default to PolicyKit if running as root */
-#if HAVE_POLKIT
-    if (privileged) {
-        data->auth_unix_rw = REMOTE_AUTH_POLKIT;
-        data->auth_unix_ro = REMOTE_AUTH_POLKIT;
-    } else {
-#endif
-        data->auth_unix_rw = REMOTE_AUTH_NONE;
-        data->auth_unix_ro = REMOTE_AUTH_NONE;
-#if HAVE_POLKIT
-    }
-#endif
-
-    if (data->auth_unix_rw == REMOTE_AUTH_POLKIT)
-        data->unix_sock_rw_perms = strdup("0777"); /* Allow world */
-    else
-        data->unix_sock_rw_perms = strdup("0700"); /* Allow user only */
-    data->unix_sock_ro_perms = strdup("0777"); /* Always allow world */
-    if (!data->unix_sock_ro_perms ||
-        !data->unix_sock_rw_perms)
-        goto no_memory;
-
-#if HAVE_SASL
-    data->auth_tcp = REMOTE_AUTH_SASL;
-#else
-    data->auth_tcp = REMOTE_AUTH_NONE;
-#endif
-    data->auth_tls = REMOTE_AUTH_NONE;
-
-    data->mdns_adv = 0;
-
-    data->min_workers = 5;
-    data->max_workers = 20;
-    data->max_clients = 20;
-
-    data->prio_workers = 5;
-
-    data->max_requests = 20;
-    data->max_client_requests = 5;
-
-    data->log_buffer_size = 64;
-
-    data->audit_level = 1;
-    data->audit_logging = 0;
-
-    data->keepalive_interval = 5;
-    data->keepalive_count = 5;
-    data->keepalive_required = 0;
-
-    localhost = virGetHostname(NULL);
-    if (localhost == NULL) {
-        /* we couldn't resolve the hostname; assume that we are
-         * running in disconnected operation, and report a less
-         * useful Avahi string
-         */
-        ret = virAsprintf(&data->mdns_name, "Virtualization Host");
-    } else {
-        char *tmp;
-        /* Extract the host part of the potentially FQDN */
-        if ((tmp = strchr(localhost, '.')))
-            *tmp = '\0';
-        ret = virAsprintf(&data->mdns_name, "Virtualization Host %s",
-                          localhost);
-    }
-    VIR_FREE(localhost);
-    if (ret < 0)
-        goto no_memory;
-
-    return data;
-
-no_memory:
-    virReportOOMError();
-    daemonConfigFree(data);
-    return NULL;
-}
-
-void
-daemonConfigFree(struct daemonConfig *data)
-{
-    char **tmp;
-
-    if (!data)
-        return;
-
-    VIR_FREE(data->listen_addr);
-    VIR_FREE(data->tls_port);
-    VIR_FREE(data->tcp_port);
-
-    VIR_FREE(data->unix_sock_ro_perms);
-    VIR_FREE(data->unix_sock_rw_perms);
-    VIR_FREE(data->unix_sock_group);
-    VIR_FREE(data->unix_sock_dir);
-    VIR_FREE(data->mdns_name);
-
-    tmp = data->tls_allowed_dn_list;
-    while (tmp && *tmp) {
-        VIR_FREE(*tmp);
-        tmp++;
-    }
-    VIR_FREE(data->tls_allowed_dn_list);
-
-    tmp = data->sasl_allowed_username_list;
-    while (tmp && *tmp) {
-        VIR_FREE(*tmp);
-        tmp++;
-    }
-    VIR_FREE(data->sasl_allowed_username_list);
-
-    VIR_FREE(data->key_file);
-    VIR_FREE(data->ca_file);
-    VIR_FREE(data->cert_file);
-    VIR_FREE(data->crl_file);
-
-    VIR_FREE(data->host_uuid);
-    VIR_FREE(data->log_filters);
-    VIR_FREE(data->log_outputs);
-
-    VIR_FREE(data);
-}
-
-static int
-daemonConfigLoadOptions(struct daemonConfig *data,
-                        const char *filename,
-                        virConfPtr conf)
-{
-    GET_CONF_INT (conf, filename, listen_tcp);
-    GET_CONF_INT (conf, filename, listen_tls);
-    GET_CONF_STR (conf, filename, tls_port);
-    GET_CONF_STR (conf, filename, tcp_port);
-    GET_CONF_STR (conf, filename, listen_addr);
-
-    if (remoteConfigGetAuth(conf, "auth_unix_rw", &data->auth_unix_rw, filename) < 0)
-        goto error;
-#if HAVE_POLKIT
-    /* Change default perms to be wide-open if PolicyKit is enabled.
-     * Admin can always override in config file
-     */
-    if (data->auth_unix_rw == REMOTE_AUTH_POLKIT) {
-        VIR_FREE(data->unix_sock_rw_perms);
-        if (!(data->unix_sock_rw_perms = strdup("0777"))) {
-            virReportOOMError();
-            goto error;
-        }
-    }
-#endif
-    if (remoteConfigGetAuth(conf, "auth_unix_ro", &data->auth_unix_ro, filename) < 0)
-        goto error;
-    if (remoteConfigGetAuth(conf, "auth_tcp", &data->auth_tcp, filename) < 0)
-        goto error;
-    if (remoteConfigGetAuth(conf, "auth_tls", &data->auth_tls, filename) < 0)
-        goto error;
-
-    GET_CONF_STR (conf, filename, unix_sock_group);
-    GET_CONF_STR (conf, filename, unix_sock_ro_perms);
-    GET_CONF_STR (conf, filename, unix_sock_rw_perms);
-
-    GET_CONF_STR (conf, filename, unix_sock_dir);
-
-    GET_CONF_INT (conf, filename, mdns_adv);
-    GET_CONF_STR (conf, filename, mdns_name);
-
-    GET_CONF_INT (conf, filename, tls_no_sanity_certificate);
-    GET_CONF_INT (conf, filename, tls_no_verify_certificate);
-
-    GET_CONF_STR (conf, filename, key_file);
-    GET_CONF_STR (conf, filename, cert_file);
-    GET_CONF_STR (conf, filename, ca_file);
-    GET_CONF_STR (conf, filename, crl_file);
-
-    if (remoteConfigGetStringList(conf, "tls_allowed_dn_list",
-                                  &data->tls_allowed_dn_list, filename) < 0)
-        goto error;
-
-
-    if (remoteConfigGetStringList(conf, "sasl_allowed_username_list",
-                                  &data->sasl_allowed_username_list, filename) < 0)
-        goto error;
-
-
-    GET_CONF_INT (conf, filename, min_workers);
-    GET_CONF_INT (conf, filename, max_workers);
-    GET_CONF_INT (conf, filename, max_clients);
-
-    GET_CONF_INT (conf, filename, prio_workers);
-
-    GET_CONF_INT (conf, filename, max_requests);
-    GET_CONF_INT (conf, filename, max_client_requests);
-
-    GET_CONF_INT (conf, filename, audit_level);
-    GET_CONF_INT (conf, filename, audit_logging);
-
-    GET_CONF_STR (conf, filename, host_uuid);
-
-    GET_CONF_INT (conf, filename, log_level);
-    GET_CONF_STR (conf, filename, log_filters);
-    GET_CONF_STR (conf, filename, log_outputs);
-    GET_CONF_INT (conf, filename, log_buffer_size);
-
-    GET_CONF_INT (conf, filename, keepalive_interval);
-    GET_CONF_INT (conf, filename, keepalive_count);
-    GET_CONF_INT (conf, filename, keepalive_required);
-
-    return 0;
-
-error:
-    return -1;
-}
-
-
-/* Read the config file if it exists.
- * Only used in the remote case, hence the name.
- */
-int
-daemonConfigLoadFile(struct daemonConfig *data,
-                     const char *filename,
-                     bool allow_missing)
-{
-    virConfPtr conf;
-    int ret;
-
-    if (allow_missing &&
-        access(filename, R_OK) == -1 &&
-        errno == ENOENT)
-        return 0;
-
-    conf = virConfReadFile(filename, 0);
-    if (!conf)
-        return -1;
-
-    ret = daemonConfigLoadOptions(data, filename, conf);
-    virConfFree(conf);
-    return ret;
-}
-
-int daemonConfigLoadData(struct daemonConfig *data,
-                         const char *filename,
-                         const char *filedata)
-{
-    virConfPtr conf;
-    int ret;
-
-    conf = virConfReadMem(filedata, strlen(filedata), 0);
-    if (!conf)
-        return -1;
-
-    ret = daemonConfigLoadOptions(data, filename, conf);
-    virConfFree(conf);
-    return ret;
-}

daemon/libvirtd-config.h

@@ -1,94 +0,0 @@
-/*
- * libvirtd.c: daemon start of day, guest process & i/o management
- *
- * Copyright (C) 2006-2012 Red Hat, Inc.
- * Copyright (C) 2006 Daniel P. Berrange
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library;  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Daniel P. Berrange <berrange@redhat.com>
- */
-
-#ifndef __LIBVIRTD_CONFIG_H__
-# define __LIBVIRTD_CONFIG_H__
-
-# include "internal.h"
-
-struct daemonConfig {
-    char *host_uuid;
-
-    int listen_tls;
-    int listen_tcp;
-    char *listen_addr;
-    char *tls_port;
-    char *tcp_port;
-
-    char *unix_sock_ro_perms;
-    char *unix_sock_rw_perms;
-    char *unix_sock_group;
-    char *unix_sock_dir;
-
-    int auth_unix_rw;
-    int auth_unix_ro;
-    int auth_tcp;
-    int auth_tls;
-
-    int mdns_adv;
-    char *mdns_name;
-
-    int tls_no_verify_certificate;
-    int tls_no_sanity_certificate;
-    char **tls_allowed_dn_list;
-    char **sasl_allowed_username_list;
-
-    char *key_file;
-    char *cert_file;
-    char *ca_file;
-    char *crl_file;
-
-    int min_workers;
-    int max_workers;
-    int max_clients;
-
-    int prio_workers;
-
-    int max_requests;
-    int max_client_requests;
-
-    int log_level;
-    char *log_filters;
-    char *log_outputs;
-    int log_buffer_size;
-
-    int audit_level;
-    int audit_logging;
-
-    int keepalive_interval;
-    unsigned int keepalive_count;
-    int keepalive_required;
-};
-
-
-int daemonConfigFilePath(bool privileged, char **configfile);
-struct daemonConfig* daemonConfigNew(bool privileged);
-void daemonConfigFree(struct daemonConfig *data);
-int daemonConfigLoadFile(struct daemonConfig *data,
-                         const char *filename,
-                         bool allow_missing);
-int daemonConfigLoadData(struct daemonConfig *data,
-                         const char *filename,
-                         const char *filedata);
-
-#endif /* __LIBVIRTD_CONFIG_H__ */

daemon/libvirtd.aug

@@ -62,17 +62,10 @@ module Libvirtd =
    let logging_entry = int_entry "log_level"
                      | str_entry "log_filters"
                      | str_entry "log_outputs"
-                     | int_entry "log_buffer_size"
 
    let auditing_entry = int_entry "audit_level"
                       | bool_entry "audit_logging"
 
-   let keepalive_entry = int_entry "keepalive_interval"
-                       | int_entry "keepalive_count"
-                       | bool_entry "keepalive_required"
-
-   let misc_entry = str_entry "host_uuid"
-
    (* Each enty in the config is one of the following three ... *)
    let entry = network_entry
              | sock_acl_entry
@@ -82,8 +75,6 @@ module Libvirtd =
              | processing_entry
              | logging_entry
              | auditing_entry
-             | keepalive_entry
-             | misc_entry
    let comment = [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
    let empty = [ label "#empty" . eol ]
 

daemon/libvirtd.conf

@@ -56,8 +56,8 @@
 # Alternatively can disable for all services on a host by
 # stopping the Avahi daemon
 #
-# This is disabled by default, uncomment this to enable it
-#mdns_adv = 1
+# This is enabled by default, uncomment this to disable it
+#mdns_adv = 0
 
 # Override the default mDNS advertizement name. This must be
 # unique on the immediate broadcast network.
@@ -284,20 +284,17 @@
 # Logging controls
 #
 
-# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# Logging level: 4 errors, 3 warnings, 2 informations, 1 debug
 # basically 1 will log everything possible
 #log_level = 3
 
 # Logging filters:
 # A filter allows to select a different logging level for a given category
 # of logs
-# The format for a filter is one of:
+# The format for a filter is:
 #    x:name
-#    x:+name
-#      where name is a string which is matched against source file name,
-#      e.g., "remote", "qemu", or "util/json", the optional "+" prefix
-#      tells libvirt to log stack trace for each message matching name,
-#      and x is the minimal level where matching messages should be logged:
+#      where name is a match string e.g. remote or qemu
+# the x prefix is the minimal level where matching messages should be logged
 #    1: DEBUG
 #    2: INFO
 #    3: WARNING
@@ -306,12 +303,13 @@
 # Multiple filter can be defined in a single @filters, they just need to be
 # separated by spaces.
 #
-# e.g. to only get warning or errors from the remote layer and only errors
-# from the event layer:
-#log_filters="3:remote 4:event"
+# e.g:
+# log_filters="3:remote 4:event"
+# to only get warning or errors from the remote layer and only errors from
+# the event layer.
 
 # Logging outputs:
-# An output is one of the places to save logging information
+# An output is one of the places to save logging informations
 # The format for an output can be:
 #    x:stderr
 #      output goes to stderr
@@ -326,9 +324,9 @@
 #    4: ERROR
 #
 # Multiple output can be defined, they just need to be separated by spaces.
-# e.g. to log all warnings and errors to syslog under the libvirtd ident:
-#log_outputs="3:syslog:libvirtd"
-#
+# e.g.:
+# log_outputs="3:syslog:libvirtd"
+# to log all warnings and errors to syslog under the libvirtd ident
 
 # Log debug buffer size: default 64
 # The daemon keeps an internal debug log buffer which will be dumped in case
@@ -368,28 +366,3 @@
 # it with the output of the 'uuidgen' command and then
 # uncomment this entry
 #host_uuid = "00000000-0000-0000-0000-000000000000"
-
-###################################################################
-# Keepalive protocol:
-# This allows libvirtd to detect broken client connections or even
-# dead client.  A keepalive message is sent to a client after
-# keepalive_interval seconds of inactivity to check if the client is
-# still responding; keepalive_count is a maximum number of keepalive
-# messages that are allowed to be sent to the client without getting
-# any response before the connection is considered broken.  In other
-# words, the connection is automatically closed approximately after
-# keepalive_interval * (keepalive_count + 1) seconds since the last
-# message received from the client.  If keepalive_interval is set to
-# -1, libvirtd will never send keepalive requests; however clients
-# can still send them and the deamon will send responses.  When
-# keepalive_count is set to 0, connections will be automatically
-# closed after keepalive_interval seconds of inactivity without
-# sending any keepalive messages.
-#
-#keepalive_interval = 5
-#keepalive_count = 5
-#
-# If set to 1, libvirtd will refuse to talk to clients that do not
-# support keepalive protocol.  Defaults to 0.
-#
-#keepalive_required = 1

daemon/libvirtd.h

@@ -1,7 +1,7 @@
 /*
  * libvirtd.h: daemon data structure definitions
  *
- * Copyright (C) 2006-2012 Red Hat, Inc.
+ * Copyright (C) 2006-2011 Red Hat, Inc.
  * Copyright (C) 2006 Daniel P. Berrange
  *
  * This library is free software; you can redistribute it and/or
@@ -15,17 +15,15 @@
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with this library;  If not, see
- * <http://www.gnu.org/licenses/>.
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
  *
  * Author: Daniel P. Berrange <berrange@redhat.com>
  */
 
 
-#ifndef LIBVIRTD_H__
-# define LIBVIRTD_H__
-
-# define VIR_ENUM_SENTINELS
+#ifndef QEMUD_INTERNAL_H__
+# define QEMUD_INTERNAL_H__
 
 # include <config.h>
 
@@ -35,11 +33,59 @@
 # include "qemu_protocol.h"
 # include "logging.h"
 # include "threads.h"
+# include "network.h"
 # if HAVE_SASL
 #  include "virnetsaslcontext.h"
 # endif
 # include "virnetserverprogram.h"
 
+# if WITH_DTRACE
+#  ifndef LIBVIRTD_PROBES_H
+#   define LIBVIRTD_PROBES_H
+#   include "probes.h"
+#  endif /* LIBVIRTD_PROBES_H */
+
+/* Systemtap 1.2 headers have a bug where they cannot handle a
+ * variable declared with array type.  Work around this by casting all
+ * arguments.  This is some gross use of the preprocessor because
+ * PROBE is a var-arg macro, but it is better than the alternative of
+ * making all callers to PROBE have to be aware of the issues.  And
+ * hopefully, if we ever add a call to PROBE with other than 2 or 3
+ * end arguments, you can figure out the pattern to extend this hack.
+ */
+#  define VIR_COUNT_ARGS(...) VIR_ARG5(__VA_ARGS__, 4, 3, 2, 1)
+#  define VIR_ARG5(_1, _2, _3, _4, _5, ...) _5
+#  define VIR_ADD_CAST_EXPAND(a, b, ...) VIR_ADD_CAST_PASTE(a, b, __VA_ARGS__)
+#  define VIR_ADD_CAST_PASTE(a, b, ...) a##b(__VA_ARGS__)
+
+/* The double cast is necessary to silence gcc warnings; any pointer
+ * can safely go to intptr_t and back to void *, which collapses
+ * arrays into pointers; while any integer can be widened to intptr_t
+ * then cast to void *.  */
+#  define VIR_ADD_CAST(a) ((void *)(intptr_t)(a))
+#  define VIR_ADD_CAST2(a, b)                           \
+    VIR_ADD_CAST(a), VIR_ADD_CAST(b)
+#  define VIR_ADD_CAST3(a, b, c)                        \
+    VIR_ADD_CAST(a), VIR_ADD_CAST(b), VIR_ADD_CAST(c)
+
+#  define VIR_ADD_CASTS(...)                                            \
+    VIR_ADD_CAST_EXPAND(VIR_ADD_CAST, VIR_COUNT_ARGS(__VA_ARGS__),      \
+                        __VA_ARGS__)
+
+#  define PROBE_EXPAND(NAME, ARGS) NAME(ARGS)
+#  define PROBE(NAME, FMT, ...)                              \
+    VIR_DEBUG_INT("trace." __FILE__ , __func__, __LINE__,    \
+                  #NAME ": " FMT, __VA_ARGS__);              \
+    if (LIBVIRTD_ ## NAME ## _ENABLED()) {                   \
+        PROBE_EXPAND(LIBVIRTD_ ## NAME,                      \
+                     VIR_ADD_CASTS(__VA_ARGS__));            \
+    }
+# else
+#  define PROBE(NAME, FMT, ...)                              \
+    VIR_DEBUG_INT("trace." __FILE__, __func__, __LINE__,     \
+                  #NAME ": " FMT, __VA_ARGS__);
+# endif
+
 typedef struct daemonClientStream daemonClientStream;
 typedef daemonClientStream *daemonClientStreamPtr;
 typedef struct daemonClientPrivate daemonClientPrivate;
@@ -63,7 +109,6 @@ struct daemonClientPrivate {
     virConnectPtr conn;
 
     daemonClientStreamPtr streams;
-    bool keepalive_supported;
 };
 
 # if HAVE_SASL

daemon/libvirtd.init.in

@@ -59,13 +59,6 @@ start() {
     echo -n $"Starting $SERVICE daemon: "
     mkdir -p @localstatedir@/cache/libvirt
     rm -rf @localstatedir@/cache/libvirt/*
-
-    # LIBVIRTD_NOFILES_LIMIT from /etc/sysconfig/libvirtd is not handled
-    # automatically
-    if [ -n "$LIBVIRTD_NOFILES_LIMIT" ]; then
-        ulimit -n "$LIBVIRTD_NOFILES_LIMIT"
-    fi
-
     KRB5_KTNAME=$KRB5_KTNAME daemon --pidfile $PIDFILE --check $SERVICE $PROCESS --daemon $LIBVIRTD_CONFIG_ARGS $LIBVIRTD_ARGS
     RETVAL=$?
     echo
@@ -80,6 +73,7 @@ stop() {
     echo
     if [ $RETVAL -eq 0 ]; then
         rm -f @localstatedir@/lock/subsys/$SERVICE
+        rm -f $PIDFILE
         rm -rf @localstatedir@/cache/libvirt/*
     else
         exit $RETVAL

daemon/libvirtd.pod.in

@@ -54,10 +54,7 @@ Use this name for the PID file, overriding the default value.
 
 =item B<-t, --timeout> I<SECONDS>
 
-Exit after timeout period (in seconds) elapse with no client connections
-or registered resources.  Be aware that resources such as autostart
-networks will result in never reaching the timeout, even when there are
-no client connections.
+Exit after timeout period (in seconds) expires.
 
 =item B<-v, --verbose>
 
@@ -75,74 +72,41 @@ On receipt of B<SIGHUP> libvirtd will reload its configuration.
 
 =head1 FILES
 
-=head2 When run as B<root>.
-
 =over
 
-=item F<SYSCONFDIR/libvirtd.conf>
+=item F<@sysconfdir@/libvirtd.conf>
 
 The default configuration file used by libvirtd, unless overridden on the
 command line using the B<-f>|B<--config> option.
 
-=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock>
+=item F<@localstatedir@/run/libvirt/libvirt-sock>
 
-=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock-ro>
+=item F<@localstatedir@/run/libvirt/libvirt-sock-ro>
 
-The sockets libvirtd will use.
+The sockets libvirtd will use when B<run as root>.
 
-=item F<SYSCONFDIR/pki/CA/cacert.pem>
+=item F<$HOME/.libvirt/libvirt-sock>
+
+The socket libvirtd will use when run as a B<non-root> user.
+
+=item F<@sysconfdir@/pki/CA/cacert.pem>
 
 The TLS B<Certificate Authority> certificate libvirtd will use.
 
-=item F<SYSCONFDIR/pki/libvirt/servercert.pem>
+=item F<@sysconfdir@/pki/libvirt/servercert.pem>
 
 The TLS B<Server> certificate libvirtd will use.
 
-=item F<SYSCONFDIR/pki/libvirt/private/serverkey.pem>
+=item F<@sysconfdir@/pki/libvirt/private/serverkey.pem>
 
 The TLS B<Server> private key libvirtd will use.
 
-=item F<LOCALSTATEDIR/run/libvirtd.pid>
+=item F<@remote_pid_file@>
 
 The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
 
 =back
 
-=head2 When run as B<non-root>.
-
-=over
-
-=item F<$XDG_CONFIG_HOME/libvirtd.conf>
-
-The default configuration file used by libvirtd, unless overridden on the
-command line using the B<-f>|B<--config> option.
-
-=item F<$XDG_RUNTIME_DIR/libvirt/libvirt-sock>
-
-The socket libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/cacert.pem>
-
-The TLS B<Certificate Authority> certificate libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/servercert.pem>
-
-The TLS B<Server> certificate libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/serverkey.pem>
-
-The TLS B<Server> private key libvirtd will use.
-
-=item F<$XDG_RUNTIME_DIR/libvirt/libvirtd.pid>
-
-The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
-
-=item If $XDG_CONFIG_HOME is not set in your environment, libvirtd will use F<$HOME/.config>
-
-=item If $XDG_RUNTIME_DIR is not set in your environment, libvirtd will use F<$HOME/.cache>
-
-=back
-
 =head1 EXAMPLES
 
 To retrieve the version of libvirtd:
@@ -154,8 +118,8 @@ To retrieve the version of libvirtd:
 To start libvirtd, instructing it to daemonize and create a PID file:
 
  # libvirtd -d
- # ls -la LOCALSTATEDIR/run/libvirtd.pid
- -rw-r--r-- 1 root root 6 Jul  9 02:40 LOCALSTATEDIR/run/libvirtd.pid
+ # ls -la @remote_pid_file@
+ -rw-r--r-- 1 root root 6 Jul  9 02:40 @remote_pid_file@
  #
 
 =head1 BUGS
@@ -186,7 +150,7 @@ Please refer to the AUTHORS file distributed with libvirt.
 
 =head1 COPYRIGHT
 
-Copyright (C) 2006-2012 Red Hat, Inc., and the authors listed in the
+Copyright (C) 2006-2010 Red Hat, Inc., and the authors listed in the
 libvirt AUTHORS file.
 
 =head1 LICENSE

daemon/libvirtd.policy-0

@@ -34,8 +34,8 @@ file are instantly applied.
       <defaults>
         <!-- Only a program in the active host session can use libvirt in
              read-write mode for management, and we require user password -->
-        <allow_any>auth_admin</allow_any>
-        <allow_inactive>auth_admin</allow_inactive>
+        <allow_any>no</allow_any>
+        <allow_inactive>no</allow_inactive>
         <allow_active>auth_admin_keep_session</allow_active>
       </defaults>
     </action>

daemon/libvirtd.policy-1

@@ -34,8 +34,8 @@ file are instantly applied.
       <defaults>
         <!-- Only a program in the active host session can use libvirt in
              read-write mode for management, and we require user password -->
-        <allow_any>auth_admin</allow_any>
-        <allow_inactive>auth_admin</allow_inactive>
+        <allow_any>no</allow_any>
+        <allow_inactive>no</allow_inactive>
         <allow_active>auth_admin_keep</allow_active>
       </defaults>
     </action>

daemon/libvirtd.service.in

@@ -1,20 +0,0 @@
-# NB we don't use socket activation. When libvirtd starts it will
-# spawn any virtual machines registered for autostart. We want this
-# to occur on every boot, regardless of whether any client connects
-# to a socket. Thus socket activation doesn't have any benefit
-
-[Unit]
-Description=Virtualization daemon
-Before=libvirt-guests.service
-After=network.target
-
-[Service]
-EnvironmentFile=-/etc/sysconfig/libvirtd
-ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-KillMode=process
-# Override the maximum number of opened files
-#LimitNOFILE=2048
-
-[Install]
-WantedBy=multi-user.target

daemon/libvirtd.stp

@@ -0,0 +1,65 @@
+probe libvirt.daemon.client.connect = process("libvirtd").mark("client_connect")
+{
+  fd = $arg1;
+  readonly = $arg2;
+  localAddr = user_string($arg3);
+  remoteAddr = user_string($arg4);
+}
+
+probe libvirt.daemon.client.disconnect = process("libvirtd").mark("client_disconnect")
+{
+  fd = $arg1;
+}
+
+
+probe libvirt.daemon.client.tls_allow = process("libvirtd").mark("client_tls_allow")
+{
+  fd = $arg1;
+  x509dname = user_string($arg2);
+}
+
+probe libvirt.daemon.client.tls_deny = process("libvirtd").mark("client_tls_deny")
+{
+  fd = $arg1;
+  x509dname = user_string($arg2);
+}
+
+probe libvirt.daemon.client.tls_fail = process("libvirtd").mark("client_tls_fail")
+{
+  fd = $arg1;
+}
+
+
+function authtype_to_string(authtype) {
+  if (authtype == 0)
+    return "none"
+  if (authtype == 1)
+    return "sasl"
+  if (authtype == 2)
+    return "polkit"
+  return "unknown"
+}
+
+
+probe libvirt.daemon.client.auth_allow = process("libvirtd").mark("client_auth_allow")
+{
+  fd = $arg1;
+  authtype = $arg2;
+  authname = authtype_to_string($arg2);
+  identity = user_string($arg3);
+}
+
+probe libvirt.daemon.client.auth_deny = process("libvirtd").mark("client_auth_deny")
+{
+  fd = $arg1;
+  authtype = $arg2;
+  authname = authtype_to_string($arg2);
+  identity = user_string($arg3);
+}
+
+probe libvirt.daemon.client.auth_fail = process("libvirtd").mark("client_auth_fail")
+{
+  fd = $arg1;
+  authtype = $arg2;
+  authname = authtype_to_string($arg2);
+}

daemon/libvirtd.sysconf

@@ -1,7 +1,4 @@
 # Override the default config file
-# NOTE: This setting is no longer honoured if using
-# systemd. Set '--config /etc/libvirt/libvirtd.conf'
-# in LIBVIRTD_ARGS instead.
 #LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf
 
 # Listen for TCP/IP connections
@@ -19,6 +16,3 @@
 #QEMU_AUDIO_DRV=sdl
 #
 #SDL_AUDIODRIVER=pulse
-
-# Override the maximum number of opened files
-#LIBVIRTD_NOFILES_LIMIT=2048

daemon/libvirtd.sysctl

@@ -1,8 +0,0 @@
-# The kernel allocates aio memory on demand, and this number limits the
-# number of parallel aio requests; the only drawback of a larger limit is
-# that a malicious guest could issue parallel requests to cause the kernel
-# to set aside memory.  Set this number at least as large as
-#   128 * (number of virtual disks on the host)
-# Libvirt uses a default of 1M requests to allow 8k disks, with at most
-# 64M of kernel memory if all disks hit an aio request at the same time.
-fs.aio-max-nr = 1048576

daemon/libvirtd.upstart

@@ -31,11 +31,9 @@ script
         ulimit -c "$DAEMON_COREFILE_LIMIT"
     fi
 
-    # LIBVIRTD_NOFILES_LIMIT from /etc/sysconfig/libvirtd is not handled
-    # automatically
-    if [ -n "$LIBVIRTD_NOFILES_LIMIT" ]; then
-        ulimit -n "$LIBVIRTD_NOFILES_LIMIT"
-    fi
+    # Clean up a pidfile that might be left around
+    rm -f /var/run/libvirtd.pid
+
     mkdir -p /var/cache/libvirt
     rm -rf /var/cache/libvirt/*
 
@@ -43,5 +41,6 @@ script
 end script
 
 post-stop script
+    rm -f $PIDFILE
     rm -rf /var/cache/libvirt/*
 end script

daemon/probes.d

@@ -0,0 +1,12 @@
+provider libvirtd {
+	 probe client_connect(int fd, int readonly, const char *localAddr, const char *remoteAddr);
+	 probe client_disconnect(int fd);
+
+	 probe client_auth_allow(int fd, int authtype, const char *identity);
+	 probe client_auth_deny(int fd, int authtype, const char *identity);
+	 probe client_auth_fail(int fd, int authtype);
+
+	 probe client_tls_allow(int fd, const char *x509dname);
+	 probe client_tls_deny(int fd, const char *x509dname);
+	 probe client_tls_fail(int fd);
+};

daemon/remote.h

@@ -14,8 +14,8 @@
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with this library;  If not, see
- * <http://www.gnu.org/licenses/>.
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
  *
  * Author: Richard W.M. Jones <rjones@redhat.com>
  * Author: Daniel P. Berrange <berrange@redhat.com>
@@ -35,8 +35,7 @@ extern size_t remoteNProcs;
 extern virNetServerProgramProc qemuProcs[];
 extern size_t qemuNProcs;
 
-void remoteClientFreeFunc(void *data);
-void *remoteClientInitHook(virNetServerClientPtr client,
-                           void *opaque);
+int remoteClientInitHook(virNetServerPtr srv,
+                         virNetServerClientPtr client);
 
 #endif /* __LIBVIRTD_REMOTE_H__ */

daemon/stream.c

@@ -1,7 +1,7 @@
 /*
  * stream.c: APIs for managing client streams
  *
- * Copyright (C) 2009, 2011 Red Hat, Inc.
+ * Copyright (C) 2009 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -14,8 +14,8 @@
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with this library;  If not, see
- * <http://www.gnu.org/licenses/>.
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
  *
  * Author: Daniel P. Berrange <berrange@redhat.com>
  */
@@ -32,6 +32,10 @@
 
 #define VIR_FROM_THIS VIR_FROM_STREAMS
 
+#define virNetError(code, ...)                                    \
+    virReportErrorHelper(VIR_FROM_THIS, code, __FILE__,           \
+                         __FUNCTION__, __LINE__, __VA_ARGS__)
+
 struct daemonClientStream {
     daemonClientPrivatePtr priv;
     int refs;
@@ -90,7 +94,7 @@ daemonStreamUpdateEvents(daemonClientStream *stream)
  * fast stream, but slow client
  */
 static void
-daemonStreamMessageFinished(virNetMessagePtr msg ATTRIBUTE_UNUSED,
+daemonStreamMessageFinished(virNetMessagePtr msg,
                             void *opaque)
 {
     daemonClientStream *stream = opaque;
@@ -104,6 +108,14 @@ daemonStreamMessageFinished(virNetMessagePtr msg ATTRIBUTE_UNUSED,
 }
 
 
+static void
+daemonStreamEventFreeFunc(void *opaque)
+{
+    virNetServerClientPtr client = opaque;
+
+    virNetServerClientFree(client);
+}
+
 /*
  * Callback that gets invoked when a stream becomes writable/readable
  */
@@ -221,11 +233,11 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
         virStreamEventRemoveCallback(stream->st);
         virStreamAbort(stream->st);
         if (events & VIR_STREAM_EVENT_HANGUP)
-            virReportError(VIR_ERR_RPC,
-                           "%s", _("stream had unexpected termination"));
+            virNetError(VIR_ERR_RPC,
+                        "%s", _("stream had unexpected termination"));
         else
-            virReportError(VIR_ERR_RPC,
-                           "%s", _("stream had I/O failure"));
+            virNetError(VIR_ERR_RPC,
+                        "%s", _("stream had I/O failure"));
 
         msg = virNetMessageNew(false);
         if (!msg) {
@@ -264,7 +276,7 @@ cleanup:
  * -1 on fatal client error
  */
 static int
-daemonStreamFilter(virNetServerClientPtr client ATTRIBUTE_UNUSED,
+daemonStreamFilter(virNetServerClientPtr client,
                    virNetMessagePtr msg,
                    void *opaque)
 {
@@ -324,12 +336,14 @@ daemonCreateClientStream(virNetServerClientPtr client,
 
     stream->refs = 1;
     stream->priv = priv;
-    stream->prog = virObjectRef(prog);
+    stream->prog = prog;
     stream->procedure = header->proc;
     stream->serial = header->serial;
     stream->filterID = -1;
     stream->st = st;
 
+    virNetServerProgramRef(prog);
+
     return stream;
 }
 
@@ -355,7 +369,7 @@ int daemonFreeClientStream(virNetServerClientPtr client,
     VIR_DEBUG("client=%p, proc=%d, serial=%d",
               client, stream->procedure, stream->serial);
 
-    virObjectUnref(stream->prog);
+    virNetServerProgramFree(stream->prog);
 
     msg = stream->rx;
     while (msg) {
@@ -401,11 +415,10 @@ int daemonAddClientStream(virNetServerClientPtr client,
 
     if (virStreamEventAddCallback(stream->st, 0,
                                   daemonStreamEvent, client,
-                                  virObjectFreeCallback) < 0)
+                                  daemonStreamEventFreeFunc) < 0)
         return -1;
 
-    virObjectRef(client);
-
+    virNetServerClientRef(client);
     if ((stream->filterID = virNetServerClientAddFilter(client,
                                                         daemonStreamFilter,
                                                         stream)) < 0) {
@@ -543,7 +556,7 @@ daemonStreamHandleWriteData(virNetServerClientPtr client,
 
 
 /*
- * Process a finish handshake from the client.
+ * Process an finish handshake from the client.
  *
  * Returns a VIR_NET_OK confirmation if successful, or a VIR_NET_ERROR
  * if there was a stream error
@@ -605,13 +618,13 @@ daemonStreamHandleAbort(virNetServerClientPtr client,
     virStreamAbort(stream->st);
 
     if (msg->header.status == VIR_NET_ERROR)
-        virReportError(VIR_ERR_RPC,
-                       "%s", _("stream aborted at client request"));
+        virNetError(VIR_ERR_RPC,
+                    "%s", _("stream aborted at client request"));
     else {
         VIR_WARN("unexpected stream status %d", msg->header.status);
-        virReportError(VIR_ERR_RPC,
-                       _("stream aborted with unexpected status %d"),
-                       msg->header.status);
+        virNetError(VIR_ERR_RPC,
+                    _("stream aborted with unexpected status %d"),
+                    msg->header.status);
     }
 
     return virNetServerProgramSendReplyError(remoteProgram,

daemon/stream.h

@@ -14,8 +14,8 @@
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with this library;  If not, see
- * <http://www.gnu.org/licenses/>.
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
  *
  * Author: Daniel P. Berrange <berrange@redhat.com>
  */

daemon/test_libvirtd.aug

@@ -0,0 +1,553 @@
+module Test_libvirtd =
+   let conf = "# Master libvirt daemon configuration file
+#
+# For further information consult http://libvirt.org/format.html
+
+
+#################################################################
+#
+# Network connectivity controls
+#
+
+# Flag listening for secure TLS connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# It is necessary to setup a CA and issue server certificates before
+# using this capability.
+#
+# This is enabled by default, uncomment this to disable it
+listen_tls = 0
+
+# Listen for unencrypted TCP connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# Using the TCP socket requires SASL authentication by default. Only
+# SASL mechanisms which support data encryption are allowed. This is
+# DIGEST_MD5 and GSSAPI (Kerberos5)
+#
+# This is disabled by default, uncomment this to enable it.
+listen_tcp = 1
+
+
+
+# Override the port for accepting secure TLS connections
+# This can be a port number, or service name
+#
+tls_port = \"16514\"
+
+# Override the port for accepting insecure TCP connections
+# This can be a port number, or service name
+#
+tcp_port = \"16509\"
+
+
+# Override the default configuration which binds to all network
+# interfaces. This can be a numeric IPv4/6 address, or hostname
+#
+listen_addr = \"192.168.0.1\"
+
+
+# Flag toggling mDNS advertizement of the libvirt service.
+#
+# Alternatively can disable for all services on a host by
+# stopping the Avahi daemon
+#
+# This is enabled by default, uncomment this to disable it
+mdns_adv = 0
+
+# Override the default mDNS advertizement name. This must be
+# unique on the immediate broadcast network.
+#
+# The default is \"Virtualization Host HOSTNAME\", where HOSTNAME
+# is subsituted for the short hostname of the machine (without domain)
+#
+mdns_name = \"Virtualization Host Joe Demo\"
+
+
+#################################################################
+#
+# UNIX socket access controls
+#
+
+# Set the UNIX domain socket group ownership. This can be used to
+# allow a 'trusted' set of users access to management capabilities
+# without becoming root.
+#
+# This is restricted to 'root' by default.
+unix_sock_group = \"libvirt\"
+
+# Set the UNIX socket permissions for the R/O socket. This is used
+# for monitoring VM status only
+#
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
+unix_sock_ro_perms = \"0777\"
+
+# Set the UNIX socket permissions for the R/W socket. This is used
+# for full management of VMs
+#
+# Default allows only root. If PolicyKit is enabled on the socket,
+# the default will change to allow everyone (eg, 0777)
+#
+# If not using PolicyKit and setting group ownership for access
+# control then you may want to relax this to:
+unix_sock_rw_perms = \"0770\"
+
+
+
+#################################################################
+#
+# Authentication.
+#
+#  - none: do not perform auth checks. If you can connect to the
+#          socket you are allowed. This is suitable if there are
+#          restrictions on connecting to the socket (eg, UNIX
+#          socket permissions), or if there is a lower layer in
+#          the network providing auth (eg, TLS/x509 certificates)
+#
+#  - sasl: use SASL infrastructure. The actual auth scheme is then
+#          controlled from /etc/sasl2/libvirt.conf. For the TCP
+#          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+#          For non-TCP or TLS sockets,  any scheme is allowed.
+#
+#  - polkit: use PolicyKit to authenticate. This is only suitable
+#            for use on the UNIX sockets. The default policy will
+#            require a user to supply their own password to gain
+#            full read/write access (aka sudo like), while anyone
+#            is allowed read/only access.
+#
+# Set an authentication scheme for UNIX read-only sockets
+# By default socket permissions allow anyone to connect
+#
+# To restrict monitoring of domains you may wish to enable
+# an authentication mechanism here
+auth_unix_ro = \"none\"
+
+# Set an authentication scheme for UNIX read-write sockets
+# By default socket permissions only allow root. If PolicyKit
+# support was compiled into libvirt, the default will be to
+# use 'polkit' auth.
+#
+# If the unix_sock_rw_perms are changed you may wish to enable
+# an authentication mechanism here
+auth_unix_rw = \"none\"
+
+# Change the authentication scheme for TCP sockets.
+#
+# If you don't enable SASL, then all TCP traffic is cleartext.
+# Don't do this outside of a dev/test scenario. For real world
+# use, always enable SASL and use the GSSAPI or DIGEST-MD5
+# mechanism in /etc/sasl2/libvirt.conf
+auth_tcp = \"sasl\"
+
+# Change the authentication scheme for TLS sockets.
+#
+# TLS sockets already have encryption provided by the TLS
+# layer, and limited authentication is done by certificates
+#
+# It is possible to make use of any SASL authentication
+# mechanism as well, by using 'sasl' for this option
+auth_tls = \"none\"
+
+
+
+#################################################################
+#
+# TLS x509 certificate configuration
+#
+
+
+# Override the default server key file path
+#
+key_file = \"/etc/pki/libvirt/private/serverkey.pem\"
+
+# Override the default server certificate file path
+#
+cert_file = \"/etc/pki/libvirt/servercert.pem\"
+
+# Override the default CA certificate path
+#
+ca_file = \"/etc/pki/CA/cacert.pem\"
+
+# Specify a certificate revocation list.
+#
+# Defaults to not using a CRL, uncomment to enable it
+crl_file = \"/etc/pki/CA/crl.pem\"
+
+
+
+#################################################################
+#
+# Authorization controls
+#
+
+
+# Flag to disable verification of client certificates
+#
+# Client certificate verification is the primary authentication mechanism.
+# Any client which does not present a certificate signed by the CA
+# will be rejected.
+#
+# Default is to always verify. Uncommenting this will disable
+# verification - make sure an IP whitelist is set
+tls_no_verify_certificate = 1
+tls_no_sanity_certificate = 1
+
+
+# A whitelist of allowed x509  Distinguished Names
+# This list may contain wildcards such as
+#
+#    \"C=GB,ST=London,L=London,O=Red Hat,CN=*\"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no DN's are checked
+   tls_allowed_dn_list = [\"DN1\", \"DN2\"]
+
+
+# A whitelist of allowed SASL usernames. The format for usernames
+# depends on the SASL authentication mechanism. Kerberos usernames
+# look like username@REALM
+#
+# This list may contain wildcards such as
+#
+#    \"*@EXAMPLE.COM\"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no Username's are checked
+sasl_allowed_username_list = [
+  \"joe@EXAMPLE.COM\",
+  \"fred@EXAMPLE.COM\"
+]
+
+
+#################################################################
+#
+# Processing controls
+#
+
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+max_clients = 20
+
+
+# The minimum limit sets the number of workers to start up
+# initially. If the number of active clients exceeds this,
+# then more threads are spawned, upto max_workers limit.
+# Typically you'd want max_workers to equal maximum number
+# of clients allowed
+min_workers = 5
+max_workers = 20
+
+# Total global limit on concurrent RPC calls. Should be
+# at least as large as max_workers. Beyond this, RPC requests
+# will be read into memory and queued. This directly impact
+# memory usage, currently each request requires 256 KB of
+# memory. So by default upto 5 MB of memory is used
+max_requests = 20
+
+# Limit on concurrent requests from a single client
+# connection. To avoid one client monopolizing the server
+# this should be a small fraction of the global max_requests
+# and max_workers parameter
+max_client_requests = 5
+
+# Logging level:
+log_level = 4
+
+# Logging outputs:
+log_outputs=\"4:stderr\"
+
+# Logging filters:
+log_filters=\"a\"
+
+# Auditing:
+audit_level = 2
+"
+
+   test Libvirtd.lns get conf =
+        { "#comment" = "Master libvirt daemon configuration file" }
+        { "#comment" = "" }
+        { "#comment" = "For further information consult http://libvirt.org/format.html" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################" }
+        { "#comment" = "" }
+        { "#comment" = "Network connectivity controls" }
+        { "#comment" = "" }
+        { "#empty" }
+        { "#comment" = "Flag listening for secure TLS connections on the public TCP/IP port." }
+        { "#comment" = "NB, must pass the --listen flag to the libvirtd process for this to" }
+        { "#comment" = "have any effect." }
+        { "#comment" = "" }
+        { "#comment" = "It is necessary to setup a CA and issue server certificates before" }
+        { "#comment" = "using this capability." }
+        { "#comment" = "" }
+        { "#comment" = "This is enabled by default, uncomment this to disable it" }
+        { "listen_tls" = "0" }
+        { "#empty" }
+        { "#comment" = "Listen for unencrypted TCP connections on the public TCP/IP port." }
+        { "#comment" = "NB, must pass the --listen flag to the libvirtd process for this to" }
+        { "#comment" = "have any effect." }
+        { "#comment" = "" }
+        { "#comment" = "Using the TCP socket requires SASL authentication by default. Only" }
+        { "#comment" = "SASL mechanisms which support data encryption are allowed. This is" }
+        { "#comment" = "DIGEST_MD5 and GSSAPI (Kerberos5)" }
+        { "#comment" = "" }
+        { "#comment" = "This is disabled by default, uncomment this to enable it." }
+        { "listen_tcp" = "1" }
+        { "#empty" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "Override the port for accepting secure TLS connections" }
+        { "#comment" = "This can be a port number, or service name" }
+        { "#comment" = "" }
+        { "tls_port" = "16514" }
+        { "#empty" }
+        { "#comment" = "Override the port for accepting insecure TCP connections" }
+        { "#comment" = "This can be a port number, or service name" }
+        { "#comment" = "" }
+        { "tcp_port" = "16509" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "Override the default configuration which binds to all network" }
+        { "#comment" = "interfaces. This can be a numeric IPv4/6 address, or hostname" }
+        { "#comment" = "" }
+        { "listen_addr" = "192.168.0.1" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "Flag toggling mDNS advertizement of the libvirt service." }
+        { "#comment" = "" }
+        { "#comment" = "Alternatively can disable for all services on a host by" }
+        { "#comment" = "stopping the Avahi daemon" }
+        { "#comment" = "" }
+        { "#comment" = "This is enabled by default, uncomment this to disable it" }
+        { "mdns_adv" = "0" }
+        { "#empty" }
+        { "#comment" = "Override the default mDNS advertizement name. This must be" }
+        { "#comment" = "unique on the immediate broadcast network." }
+        { "#comment" = "" }
+        { "#comment" = "The default is \"Virtualization Host HOSTNAME\", where HOSTNAME" }
+        { "#comment" = "is subsituted for the short hostname of the machine (without domain)" }
+        { "#comment" = "" }
+        { "mdns_name" = "Virtualization Host Joe Demo" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################" }
+        { "#comment" = "" }
+        { "#comment" = "UNIX socket access controls" }
+        { "#comment" = "" }
+        { "#empty" }
+        { "#comment" = "Set the UNIX domain socket group ownership. This can be used to" }
+        { "#comment" = "allow a 'trusted' set of users access to management capabilities" }
+        { "#comment" = "without becoming root." }
+        { "#comment" = "" }
+        { "#comment" = "This is restricted to 'root' by default." }
+        { "unix_sock_group" = "libvirt" }
+        { "#empty" }
+        { "#comment" = "Set the UNIX socket permissions for the R/O socket. This is used" }
+        { "#comment" = "for monitoring VM status only" }
+        { "#comment" = "" }
+        { "#comment" = "Default allows any user. If setting group ownership may want to" }
+        { "#comment" = "restrict this to:" }
+        { "unix_sock_ro_perms" = "0777" }
+        { "#empty" }
+        { "#comment" = "Set the UNIX socket permissions for the R/W socket. This is used" }
+        { "#comment" = "for full management of VMs" }
+        { "#comment" = "" }
+        { "#comment" = "Default allows only root. If PolicyKit is enabled on the socket," }
+        { "#comment" = "the default will change to allow everyone (eg, 0777)" }
+        { "#comment" = "" }
+        { "#comment" = "If not using PolicyKit and setting group ownership for access" }
+        { "#comment" = "control then you may want to relax this to:" }
+        { "unix_sock_rw_perms" = "0770" }
+        { "#empty" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################" }
+        { "#comment" = "" }
+        { "#comment" = "Authentication." }
+        { "#comment" = "" }
+        { "#comment" = "- none: do not perform auth checks. If you can connect to the" }
+        { "#comment" = "socket you are allowed. This is suitable if there are" }
+        { "#comment" = "restrictions on connecting to the socket (eg, UNIX" }
+        { "#comment" = "socket permissions), or if there is a lower layer in" }
+        { "#comment" = "the network providing auth (eg, TLS/x509 certificates)" }
+        { "#comment" = "" }
+        { "#comment" = "- sasl: use SASL infrastructure. The actual auth scheme is then" }
+        { "#comment" = "controlled from /etc/sasl2/libvirt.conf. For the TCP" }
+        { "#comment" = "socket only GSSAPI & DIGEST-MD5 mechanisms will be used." }
+        { "#comment" = "For non-TCP or TLS sockets,  any scheme is allowed." }
+        { "#comment" = "" }
+        { "#comment" = "- polkit: use PolicyKit to authenticate. This is only suitable" }
+        { "#comment" = "for use on the UNIX sockets. The default policy will" }
+        { "#comment" = "require a user to supply their own password to gain" }
+        { "#comment" = "full read/write access (aka sudo like), while anyone" }
+        { "#comment" = "is allowed read/only access." }
+        { "#comment" = "" }
+        { "#comment" = "Set an authentication scheme for UNIX read-only sockets" }
+        { "#comment" = "By default socket permissions allow anyone to connect" }
+        { "#comment" = "" }
+        { "#comment" = "To restrict monitoring of domains you may wish to enable" }
+        { "#comment" = "an authentication mechanism here" }
+        { "auth_unix_ro" = "none" }
+        { "#empty" }
+        { "#comment" = "Set an authentication scheme for UNIX read-write sockets" }
+        { "#comment" = "By default socket permissions only allow root. If PolicyKit" }
+        { "#comment" = "support was compiled into libvirt, the default will be to" }
+        { "#comment" = "use 'polkit' auth." }
+        { "#comment" = "" }
+        { "#comment" = "If the unix_sock_rw_perms are changed you may wish to enable" }
+        { "#comment" = "an authentication mechanism here" }
+        { "auth_unix_rw" = "none" }
+        { "#empty" }
+        { "#comment" = "Change the authentication scheme for TCP sockets." }
+        { "#comment" = "" }
+        { "#comment" = "If you don't enable SASL, then all TCP traffic is cleartext." }
+        { "#comment" = "Don't do this outside of a dev/test scenario. For real world" }
+        { "#comment" = "use, always enable SASL and use the GSSAPI or DIGEST-MD5" }
+        { "#comment" = "mechanism in /etc/sasl2/libvirt.conf" }
+        { "auth_tcp" = "sasl" }
+        { "#empty" }
+        { "#comment" = "Change the authentication scheme for TLS sockets." }
+        { "#comment" = "" }
+        { "#comment" = "TLS sockets already have encryption provided by the TLS" }
+        { "#comment" = "layer, and limited authentication is done by certificates" }
+        { "#comment" = "" }
+        { "#comment" = "It is possible to make use of any SASL authentication" }
+        { "#comment" = "mechanism as well, by using 'sasl' for this option" }
+        { "auth_tls" = "none" }
+        { "#empty" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################" }
+        { "#comment" = "" }
+        { "#comment" = "TLS x509 certificate configuration" }
+        { "#comment" = "" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "Override the default server key file path" }
+        { "#comment" = "" }
+        { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" }
+        { "#empty" }
+        { "#comment" = "Override the default server certificate file path" }
+        { "#comment" = "" }
+        { "cert_file" = "/etc/pki/libvirt/servercert.pem" }
+        { "#empty" }
+        { "#comment" = "Override the default CA certificate path" }
+        { "#comment" = "" }
+        { "ca_file" = "/etc/pki/CA/cacert.pem" }
+        { "#empty" }
+        { "#comment" = "Specify a certificate revocation list." }
+        { "#comment" = "" }
+        { "#comment" = "Defaults to not using a CRL, uncomment to enable it" }
+        { "crl_file" = "/etc/pki/CA/crl.pem" }
+        { "#empty" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################" }
+        { "#comment" = "" }
+        { "#comment" = "Authorization controls" }
+        { "#comment" = "" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "Flag to disable verification of client certificates" }
+        { "#comment" = "" }
+        { "#comment" = "Client certificate verification is the primary authentication mechanism." }
+        { "#comment" = "Any client which does not present a certificate signed by the CA" }
+        { "#comment" = "will be rejected." }
+        { "#comment" = "" }
+        { "#comment" = "Default is to always verify. Uncommenting this will disable" }
+        { "#comment" = "verification - make sure an IP whitelist is set" }
+        { "tls_no_verify_certificate" = "1" }
+        { "tls_no_sanity_certificate" = "1" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "A whitelist of allowed x509  Distinguished Names" }
+        { "#comment" = "This list may contain wildcards such as" }
+        { "#comment" = "" }
+        { "#comment" = "\"C=GB,ST=London,L=London,O=Red Hat,CN=*\"" }
+        { "#comment" = "" }
+        { "#comment" = "See the POSIX fnmatch function for the format of the wildcards." }
+        { "#comment" = "" }
+        { "#comment" = "NB If this is an empty list, no client can connect, so comment out" }
+        { "#comment" = "entirely rather than using empty list to disable these checks" }
+        { "#comment" = "" }
+        { "#comment" = "By default, no DN's are checked" }
+        { "tls_allowed_dn_list"
+             { "1" = "DN1"}
+             { "2" = "DN2"}
+        }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "A whitelist of allowed SASL usernames. The format for usernames" }
+        { "#comment" = "depends on the SASL authentication mechanism. Kerberos usernames" }
+        { "#comment" = "look like username@REALM" }
+        { "#comment" = "" }
+        { "#comment" = "This list may contain wildcards such as" }
+        { "#comment" = "" }
+        { "#comment" = "\"*@EXAMPLE.COM\"" }
+        { "#comment" = "" }
+        { "#comment" = "See the POSIX fnmatch function for the format of the wildcards." }
+        { "#comment" = "" }
+        { "#comment" = "NB If this is an empty list, no client can connect, so comment out" }
+        { "#comment" = "entirely rather than using empty list to disable these checks" }
+        { "#comment" = "" }
+        { "#comment" = "By default, no Username's are checked" }
+        { "sasl_allowed_username_list"
+             { "1" = "joe@EXAMPLE.COM" }
+             { "2" = "fred@EXAMPLE.COM" }
+        }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "################################################################"}
+        { "#comment" = ""}
+        { "#comment" = "Processing controls"}
+        { "#comment" = ""}
+        { "#empty" }
+        { "#comment" = "The maximum number of concurrent client connections to allow"}
+        { "#comment" = "over all sockets combined."}
+        { "max_clients" = "20" }
+        { "#empty" }
+        { "#empty" }
+        { "#comment" = "The minimum limit sets the number of workers to start up"}
+        { "#comment" = "initially. If the number of active clients exceeds this,"}
+        { "#comment" = "then more threads are spawned, upto max_workers limit."}
+        { "#comment" = "Typically you'd want max_workers to equal maximum number"}
+        { "#comment" = "of clients allowed"}
+        { "min_workers" = "5" }
+        { "max_workers" = "20" }
+	{ "#empty" }
+        { "#comment" = "Total global limit on concurrent RPC calls. Should be" }
+        { "#comment" = "at least as large as max_workers. Beyond this, RPC requests" }
+        { "#comment" = "will be read into memory and queued. This directly impact" }
+        { "#comment" = "memory usage, currently each request requires 256 KB of" }
+        { "#comment" = "memory. So by default upto 5 MB of memory is used" }
+        { "max_requests" = "20" }
+	{ "#empty" }
+        { "#comment" = "Limit on concurrent requests from a single client" }
+        { "#comment" = "connection. To avoid one client monopolizing the server" }
+        { "#comment" = "this should be a small fraction of the global max_requests" }
+        { "#comment" = "and max_workers parameter" }
+        { "max_client_requests" = "5" }
+	{ "#empty" }
+        { "#comment" = "Logging level:" }
+        { "log_level" = "4" }
+	{ "#empty" }
+        { "#comment" = "Logging outputs:" }
+        { "log_outputs" = "4:stderr" }
+	{ "#empty" }
+        { "#comment" = "Logging filters:" }
+        { "log_filters" = "a" }
+	{ "#empty" }
+        { "#comment" = "Auditing:" }
+        { "audit_level" = "2" }

daemon/test_libvirtd.aug.in

@@ -1,49 +0,0 @@
-module Test_libvirtd =
-   ::CONFIG::
-
-   test Libvirtd.lns get conf =
-        { "listen_tls" = "0" }
-        { "listen_tcp" = "1" }
-        { "tls_port" = "16514" }
-        { "tcp_port" = "16509" }
-        { "listen_addr" = "192.168.0.1" }
-        { "mdns_adv" = "1" }
-        { "mdns_name" = "Virtualization Host Joe Demo" }
-        { "unix_sock_group" = "libvirt" }
-        { "unix_sock_ro_perms" = "0777" }
-        { "unix_sock_rw_perms" = "0770" }
-        { "unix_sock_dir" = "/var/run/libvirt" }
-        { "auth_unix_ro" = "none" }
-        { "auth_unix_rw" = "none" }
-        { "auth_tcp" = "sasl" }
-        { "auth_tls" = "none" }
-        { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" }
-        { "cert_file" = "/etc/pki/libvirt/servercert.pem" }
-        { "ca_file" = "/etc/pki/CA/cacert.pem" }
-        { "crl_file" = "/etc/pki/CA/crl.pem" }
-        { "tls_no_sanity_certificate" = "1" }
-        { "tls_no_verify_certificate" = "1" }
-        { "tls_allowed_dn_list"
-             { "1" = "DN1"}
-             { "2" = "DN2"}
-        }
-        { "sasl_allowed_username_list"
-             { "1" = "joe@EXAMPLE.COM" }
-             { "2" = "fred@EXAMPLE.COM" }
-        }
-        { "max_clients" = "20" }
-        { "min_workers" = "5" }
-        { "max_workers" = "20" }
-        { "prio_workers" = "5" }
-        { "max_requests" = "20" }
-        { "max_client_requests" = "5" }
-        { "log_level" = "3" }
-        { "log_filters" = "3:remote 4:event" }
-        { "log_outputs" = "3:syslog:libvirtd" }
-        { "log_buffer_size" = "64" }
-        { "audit_level" = "2" }
-        { "audit_logging" = "1" }
-        { "host_uuid" = "00000000-0000-0000-0000-000000000000" }
-        { "keepalive_interval" = "5" }
-        { "keepalive_count" = "5" }
-        { "keepalive_required" = "1" }

docs/.gitignore

@@ -0,0 +1,8 @@
+Makefile
+Makefile.in
+.memdump
+apibuild.pyc
+*.html
+libvirt-api.xml
+libvirt-refs.xml
+todo.html.in

docs/404.html.in

@@ -1,23 +0,0 @@
-<?xml version="1.0"?>
-<html>
-  <body>
-    <h1>404 page not found</h1>
-
-    <p>
-      Someone appears to have eaten the <del>penguin</del>
-      page you were looking for. You might want to try
-    </p>
-    <ul>
-      <li>going back to the <a href="http://libvirt.org/">home page</a> to find
-        a collection of links to interesting pages on this site</li>
-      <li>using the search box at the top right corner of the screen to
-        locate the content on this site or mailing list archives</li>
-    </ul>
-
-    <p class="image">
-      <img src="/libvirtLogo404.png" alt="libvirt Logo"/>
-    </p>
-
-
-  </body>
-</html>

docs/Makefile.am

@@ -60,12 +60,7 @@ png = \
   libvirt-driver-arch.png \
   libvirt-object-model.png \
   madeWith.png \
-  et.png \
-  migration-managed-direct.png \
-  migration-managed-p2p.png \
-  migration-native.png \
-  migration-tunnel.png \
-  migration-unmanaged-direct.png
+  et.png
 
 gif = \
   architecture.gif \
@@ -75,10 +70,6 @@ dot_html_in = $(notdir $(wildcard $(srcdir)/*.html.in)) todo.html.in hvsupport.h
       $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
 dot_html = $(dot_html_in:%.html.in=%.html)
 
-dot_php_in = $(notdir $(wildcard $(srcdir)/*.php.in))
-dot_php_code_in = $(dot_php_in:%.php.in=%.php.code.in)
-dot_php = $(dot_php_in:%.php.in=%.php)
-
 patches = $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/api_extension/*.patch))
 
 xml = \
@@ -97,12 +88,7 @@ fig = \
   libvirt-net-physical.fig \
   libvirt-daemon-arch.fig \
   libvirt-driver-arch.fig \
-  libvirt-object-model.fig \
-  migration-managed-direct.fig \
-  migration-managed-p2p.fig \
-  migration-native.fig \
-  migration-tunnel.fig \
-  migration-unmanaged-direct.fig
+  libvirt-object-model.fig
 
 EXTRA_DIST=					\
   apibuild.py \
@@ -111,22 +97,21 @@ EXTRA_DIST=					\
   $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
   $(devhelphtml) $(devhelppng) $(devhelpcss) $(devhelpxsl) \
   $(xml) $(qemu_xml) $(fig) $(png) $(css) \
-  $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
+  $(patches) \
   sitemap.html.in \
   todo.pl hvsupport.pl todo.cfg-example
 
 MAINTAINERCLEANFILES = \
   $(addprefix $(srcdir)/,$(dot_html)) \
   $(addprefix $(srcdir)/,$(apihtml)) \
-  $(addprefix $(srcdir)/,$(devhelphtml)) \
-  $(addprefix $(srcdir)/,$(dot_php))
+  $(addprefix $(srcdir)/,$(devhelphtml))
 
 all-am: web
 
 api: $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
 qemu_api: $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
 
-web: $(dot_html) html/index.html devhelp/index.html $(dot_php)
+web: $(dot_html) html/index.html devhelp/index.html
 
 todo.html.in: todo.pl
 	if [ -f  todo.cfg ]; then \
@@ -178,18 +163,6 @@ internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in
 	  || { rm $(srcdir)/$@ && exit 1; }; \
 	  else echo "missing XHTML1 DTD" ; fi ; fi
 
-%.php.tmp: %.php.in site.xsl page.xsl sitemap.html.in
-	@if [ -x $(XSLTPROC) ] ; then \
-	  echo "Generating $@"; \
-	  $(XSLTPROC) --stringparam pagename $(@:.tmp=) --nonet --html \
-	    $(top_srcdir)/docs/site.xsl $< > $@ \
-	    || { rm $@ && exit 1; }; fi
-
-%.php: %.php.tmp %.php.code.in
-	@echo "Scripting $@"; \
-	  sed -e '/<a id="php_placeholder"><\/a>/r '"$(srcdir)/$@.code.in" \
-	  -e /php_placeholder/d < $@.tmp > $(srcdir)/$@ \
-	  || { rm $(srcdir)/$@ && exit 1; }
 
 html/index.html: libvirt-api.xml newapi.xsl page.xsl sitemap.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
@@ -219,14 +192,11 @@ python_generated_files = \
 
 APIBUILD=$(srcdir)/apibuild.py
 APIBUILD_STAMP=$(APIBUILD).stamp
-EXTRA_DIST += $(APIBUILD_STAMP)
 
 $(python_generated_files): $(APIBUILD_STAMP)
 
 $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
-		$(srcdir)/../include/libvirt/libvirt.h.in \
-		$(srcdir)/../include/libvirt/libvirt-qemu.h \
-		$(srcdir)/../include/libvirt/virterror.h \
+		$(srcdir)/../include/libvirt/*.h \
 		$(srcdir)/../src/libvirt.c \
 		$(srcdir)/../src/libvirt-qemu.c \
 		$(srcdir)/../src/util/virterror.c

docs/api.html.in

@@ -43,7 +43,7 @@
       <li>virNetworkPtr: represent one network either active or defined (i.e.
       existing as permanent config file and storage but not currently activated.
       The function <code class='docref'>virConnectListNetworks</code>
-      allows to list all the virtualization networks activated on this node.</li>
+      allows to list all the virtualization networks actived on this node.</li>
       <li>virStorageVolPtr: represent one storage volume, usually this is used
       as a block device available to one of the domains. The function
       <code class="docref">virStorageVolLookupByPath</code> allows to find

docs/api_extension.html.in

@@ -1,4 +1,8 @@
 <html>
+  <head>
+    <title>Implementing a new API in Libvirt</title>
+  </head>
+
   <body>
     <h1>Implementing a new API in Libvirt</h1>
 

docs/api_extension/0013-improve-getting-xen-vcpu-counts.patch

@@ -100,7 +100,7 @@ index dfc6415..3642296 100644
 +    /* If xendConfigVersion is 2, then we can only report _LIVE (and
 +     * xm_internal reports _CONFIG).  If it is 3, then _LIVE and
 +     * _CONFIG are always in sync for a running system.  */
-+    if (domain->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
++    if (domain->id < 0 && priv->xendConfigVersion < 3)
 +        return -2;
 +    if (domain->id < 0 && (flags & VIR_DOMAIN_VCPU_LIVE)) {
 +        virXendError(VIR_ERR_OPERATION_INVALID, "%s",

docs/api_extension/0014-improve-setting-xen-vcpu-counts.patch

@@ -110,7 +110,7 @@ index fe2ff86..66e8518 100644
 +     * depends on xendConfigVersion.  */
 +    if (dom) {
 +        priv = dom->conn->privateData;
-+        if (priv->xendConfigVersion >= XEND_CONFIG_VERSION_3_0_4)
++        if (priv->xendConfigVersion >= 3)
 +            flags |= VIR_DOMAIN_VCPU_CONFIG;
 +    }
 +    return xenUnifiedDomainSetVcpusFlags(dom, nvcpus, flags);
@@ -163,14 +163,14 @@ index 3642296..55c2cc4 100644
 +
 +    priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
 +
-+    if ((domain->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) ||
++    if ((domain->id < 0 && priv->xendConfigVersion < 3) ||
 +        (flags & VIR_DOMAIN_VCPU_MAXIMUM))
 +        return -2;
 +
 +    /* With xendConfigVersion 2, only _LIVE is supported.  With
 +     * xendConfigVersion 3, only _LIVE|_CONFIG is supported for
 +     * running domains, or _CONFIG for inactive domains.  */
-+    if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
++    if (priv->xendConfigVersion < 3) {
 +        if (flags & VIR_DOMAIN_VCPU_CONFIG) {
 +            virXendError(VIR_ERR_OPERATION_INVALID, "%s",
 +                         _("Xend version does not support modifying "

docs/api_extension/0015-remove-dead-xen-code.patch

@@ -122,7 +122,7 @@ index 55c2cc4..b90c331 100644
 -
 -    priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
 -
--    if (domain->id < 0 && priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
+-    if (domain->id < 0 && priv->xendConfigVersion < 3)
 -        return(-1);
 -
 -    snprintf(buf, sizeof(buf), "%d", vcpus);

docs/apibuild.py

@@ -1355,95 +1355,6 @@ class CParser:
                 token = self.token()
         return token
 
-    def parseVirEnumDecl(self, token):
-        if token[0] != "name":
-            self.error("parsing VIR_ENUM_DECL: expecting name", token)
-
-        token = self.token()
-
-        if token[0] != "sep":
-            self.error("parsing VIR_ENUM_DECL: expecting ')'", token)
-
-        if token[1] != ')':
-            self.error("parsing VIR_ENUM_DECL: expecting ')'", token)
-
-        token = self.token()
-        if token[0] == "sep" and token[1] == ';':
-            token = self.token()
-
-        return token
-
-    def parseVirEnumImpl(self, token):
-        # First the type name
-        if token[0] != "name":
-            self.error("parsing VIR_ENUM_IMPL: expecting name", token)
-
-        token = self.token()
-
-        if token[0] != "sep":
-            self.error("parsing VIR_ENUM_IMPL: expecting ','", token)
-
-        if token[1] != ',':
-            self.error("parsing VIR_ENUM_IMPL: expecting ','", token)
-        token = self.token()
-
-        # Now the sentinel name
-        if token[0] != "name":
-            self.error("parsing VIR_ENUM_IMPL: expecting name", token)
-
-        token = self.token()
-
-        if token[0] != "sep":
-            self.error("parsing VIR_ENUM_IMPL: expecting ','", token)
-
-        if token[1] != ',':
-            self.error("parsing VIR_ENUM_IMPL: expecting ','", token)
-
-        token = self.token()
-
-        # Now a list of strings (optional comments)
-        while token is not None:
-            isGettext = False
-            # First a string, optionally with N_(...)
-            if token[0] == 'name':
-                if token[1] != 'N_':
-                    self.error("parsing VIR_ENUM_IMPL: expecting 'N_'", token)
-                token = self.token()
-                if token[0] != "sep" or token[1] != '(':
-                    self.error("parsing VIR_ENUM_IMPL: expecting '('", token)
-                token = self.token()
-                isGettext = True
-
-                if token[0] != "string":
-                    self.error("parsing VIR_ENUM_IMPL: expecting a string", token)
-                token = self.token()
-            elif token[0] == "string":
-                token = self.token()
-            else:
-                self.error("parsing VIR_ENUM_IMPL: expecting a string", token)
-
-            # Then a separator
-            if token[0] == "sep":
-                if isGettext and token[1] == ')':
-                    token = self.token()
-
-                if token[1] == ',':
-                    token = self.token()
-
-                if token[1] == ')':
-                    token = self.token()
-                    break
-
-            # Then an optional comment
-            if token[0] == "comment":
-                token = self.token()
-
-
-        if token[0] == "sep" and token[1] == ';':
-            token = self.token()
-
-        return token
-
      #
      # Parse a C definition block, used for structs or unions it parse till
      # the balancing }
@@ -1591,29 +1502,6 @@ class CParser:
                                not self.is_header, "enum",
                                (enum[1], enum[2], enum_type))
             return token
-        elif token[0] == "name" and token[1] == "VIR_ENUM_DECL":
-            token = self.token()
-            if token != None and token[0] == "sep" and token[1] == "(":
-                token = self.token()
-                token = self.parseVirEnumDecl(token)
-            else:
-                self.error("parsing VIR_ENUM_DECL: expecting '('", token)
-            if token != None:
-                self.lexer.push(token)
-                token = ("name", "virenumdecl")
-            return token
-
-        elif token[0] == "name" and token[1] == "VIR_ENUM_IMPL":
-            token = self.token()
-            if token != None and token[0] == "sep" and token[1] == "(":
-                token = self.token()
-                token = self.parseVirEnumImpl(token)
-            else:
-                self.error("parsing VIR_ENUM_IMPL: expecting '('", token)
-            if token != None:
-                self.lexer.push(token)
-                token = ("name", "virenumimpl")
-            return token
 
         elif token[0] == "name":
             if self.type == "":
@@ -1761,7 +1649,6 @@ class CParser:
         "virDomainSetMemoryFlags"        : (False, ("memory")),
         "virDomainBlockJobSetSpeed"      : (False, ("bandwidth")),
         "virDomainBlockPull"             : (False, ("bandwidth")),
-        "virDomainBlockRebase"           : (False, ("bandwidth")),
         "virDomainMigrateGetMaxSpeed"    : (False, ("bandwidth")) }
 
     def checkLongLegacyFunction(self, name, return_type, signature):
@@ -1961,11 +1848,6 @@ class docBuilder:
         self.index = {}
         self.basename = name
 
-    def warning(self, msg):
-        global warnings
-        warnings = warnings + 1
-        print msg
-
     def indexString(self, id, str):
         if str == None:
             return

docs/apps.html.in

@@ -219,14 +219,6 @@
         community.  It uses libvirt for communication with all KVM and Xen
         virtual machines.
       </dd>
-
-      <dt><a href="http://snooze.inria.fr">Snooze</a></dt>
-      <dd>
-        Snooze is an open-source scalable, autonomic, and energy-efficient
-        virtual machine (VM) management framework for private clouds. It
-        integrates libvirt for VM monitoring, live migration, and life-cycle
-        management.
-      </dd>
     </dl>
 
     <h2><a name="libraries">Libraries</a></h2>
@@ -356,16 +348,5 @@
       </dd>
     </dl>
 
-    <h2><a name="mobile">Mobile applications</a></h2>
-
-    <dl>
-      <dt><a href="https://market.android.com/details?id=vm.manager">VM Manager</a></dt>
-      <dd>
-        VM Manager is VM (libvirt) manager (over SSH) application. VM Manager
-        is an application for libvirt VM / Domain management over SSH.
-        Please keep in mind that this software is under heavy development.
-      </dd>
-    </dl>
-
   </body>
 </html>

docs/architecture.fig

@@ -2,7 +2,7 @@
 Landscape
 Center
 Inches
-Letter
+Letter  
 100.00
 Single
 -2

docs/auth.html.in

@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <html>
   <body>
-    <h1 >Authentication &amp; access control</h1>
+    <h1 >Access control</h1>
     <p>
       When connecting to libvirt, some connections may require client
       authentication before allowing use of the APIs. The set of possible
@@ -11,122 +11,6 @@
 
     <ul id="toc"></ul>
 
-    <h2><a name="Auth_client_config">Client configuration</a></h2>
-
-    <p>
-      When connecting to a remote hypervisor which requires authentication,
-most libvirt applications will prompt the user for the credentials. It is
-also possible to provide a client configuration file containing all the
-authentication credentials, avoiding any interaction. Libvirt will look
-for the authentication file using the following sequence:
-    </p>
-    <ol>
-      <li>The file path specified by the $LIBVIRT_AUTH_FILE environment
-        variable.</li>
-      <li>The file path specified by the "authfile=/some/file" URI
-        query parameter</li>
-      <li>The file $XDG_CONFIG_DIR/libvirt/auth.conf</li>
-      <li>The file /etc/libvirt/auth.conf</li>
-    </ol>
-
-    <p>
-      The auth configuration file uses the traditional <code>".ini"</code>
-      style syntax. There are two types of groups that can be present in
-      the config. First there are one or more <strong>credential</strong>
-      sets, which provide the actual authentication credentials. The keys
-      within the group may be:
-    </p>
-
-    <ul>
-      <li><code>username</code>: the user login name to act as. This
-        is relevant for ESX, Xen, HyperV and SSH, but probably not
-        the one you want to libvirtd with SASL.</li>
-      <li><code>authname</code>: the name to authorize as. This is
-        what is commonly required for libvirtd with SASL.</li>
-      <li><code>password</code>: the secret password</li>
-      <li><code>realm</code>: the domain realm for SASL, mostly
-        unused</li>
-    </ul>
-
-    <p>
-      Each set of credentials has a name, which is part of the group
-      entry name. Overall the syntax is
-    </p>
-
-    <pre>
-[credentials-$NAME]
-credname1=value1
-credname2=value2</pre>
-
-    <p>
-      For example, to define two sets of credentials used for production
-      and test machines, using libvirtd, and a further ESX server for dev:
-    </p>
-<pre>
-[credentials-test]
-authname=fred
-password=123456
-
-[credentials-prod]
-authname=bar
-password=letmein
-
-[credentials-dev]
-username=joe
-password=hello</pre>
-
-    <p>
-      The second set of groups provide mappings of credentials to
-      specific machine services. The config file group names compromise
-      the service type and host:
-    </p>
-
-    <pre>
-[auth-$SERVICE-$HOSTNAME]
-credentials=$CREDENTIALS</pre>
-
-    <p>
-      For example, following the previous example, here is how to
-      list some machines
-    </p>
-
-    <pre>
-[auth-libvirt-test1.example.com]
-credentials=test
-
-[auth-libvirt-test2.example.com]
-credentials=test
-
-[auth-libvirt-demo3.example.com]
-credentials=test
-
-[auth-libvirt-prod1.example.com]
-credentials=prod
-
-[auth-esx-dev1.example.com]
-credentials=dev</pre>
-
-    <p>
-      The following service types are known to libvirt
-    </p>
-
-    <ol>
-      <li><code>libvirt</code> - used for connections to a libvirtd
-        server, which is configured with SASL auth</li>
-      <li><code>ssh</code> - used for connections to a Phyp server
-        over SSH</li>
-      <li><code>esx</code> - used for connections to an ESX or
-        VirtualCenter server</li>
-      <li><code>xen</code> - used for connections to a Xen Enterprise
-        sever using XenAPI</li>
-    </ol>
-
-    <p>
-      Applications using libvirt are free to use this same configuration
-      file for storing other credentials. For example, it can be used
-      to storage VNC or SPICE login credentials
-    </p>
-
     <h2><a name="ACL_server_config">Server configuration</a></h2>
     <p>
 The libvirt daemon allows the administrator to choose the authentication

docs/bugs.html.in

@@ -9,47 +9,22 @@
     <h2><a name="bugzilla">Bug Tracking</a></h2>
 
     <p>
-      If you are using libvirt binaries from a Linux distribution
-      check below for distribution specific bug reporting policies
-      first.
+      The <a href="http://bugzilla.redhat.com">Red Hat Bugzilla Server</a>
+      should be used to report bugs and request features in libvirt.
+      Before submitting a ticket, check the existing tickets to see if
+      the bug/feature is already tracked.
     </p>
 
     <h2><a name="general">General libvirt bug reports</a></h2>
 
     <p>
-      The <a href="http://bugzilla.redhat.com">Red Hat Bugzilla Server</a>
-      should be used to report bugs and request features in libvirt.
-      Before submitting a ticket, check the existing tickets to see if
-      the bug/feature is already tracked.
-
+      If you are using official libvirt binaries from a Linux distribution
+      check below for distribution specific bug reporting policies first.
       For general libvirt bug reports, from self-built releases, GIT snapshots
       and any other non-distribution supported builds, enter tickets under
       the <code>Virtualization Tools</code> product and the <code>libvirt</code>
       component.
     </p>
-    <p>
-      It's always a good idea to file bug reports, as the process of
-      filing the report always makes it easier to describe the
-      problem, and the bug number provides a quick way of referring to
-      the problem.  However, not everybody in the community pays
-      attention to bugzilla, so after you file a bug, asking questions
-      and submitting patches on <a href="contact.html">the libvirt
-      mailing lists</a> will increase your bug's visibility and
-      encourage people to think about your problem.  Don't hesitate to
-      ask questions on the list, as others may know of existing
-      solutions or be interested in collaborating with you on finding
-      a solution.  Patches are always appreciated, and it's likely
-      that someone else has the same problem you do!
-    </p>
-    <p>
-      If you decide to write code, though, before you begin please
-      read the <a href="hacking.html">contributor guidelines</a>,
-      especially the first point: "Discuss any large changes on the
-      mailing list first. Post patches early and listen to feedback."
-      Few development experiences are more discouraging than spending
-      a bunch of time writing a patch only to have someone point out a
-      better approach on list.
-    </p>
 
     <ul>
       <li><a href="http://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Virtualization%20Tools">View libvirt tickets</a></li>
@@ -59,37 +34,26 @@
     <h2><a name="distribution">Linux Distribution specific bug reports</a></h2>
     <ul>
       <li>
-        If you are using binaries from <strong>Fedora</strong>, enter
-        tickets against the <code>Fedora</code> product and
-        the <code>libvirt</code> component.
+        If you are using official binaries from a <strong>Fedora distribution</strong>, enter
+        tickets against the <code>Fedora</code> product and the <code>libvirt</code>
+        component.
         <ul>
           <li><a href="http://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Fedora">View Fedora libvirt tickets</a></li>
           <li><a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora&amp;component=libvirt">New Fedora libvirt ticket</a></li>
         </ul>
       </li>
       <li>
-        <p>
-          If you are using binaries from <strong>Red Hat Enterprise
-          Linux</strong>, enter tickets against the Red Hat Enterprise
-          Linux product that you're using (e.g., Red Hat Enterprise
-          Linux 6) and the <code>libvirt</code> component.  Red Hat
-          bugzilla has <a href="http://bugzilla.redhat.com">additional guidance</a> about getting support if
-          you are a Red Hat customer.
-        </p>
+        If you are using official binaries from <strong>Red Hat Enterprise Linux distribution</strong>,
+        tickets against the <code>Red Hat Enterprise Linux 5</code> product and
+        the <code>libvirt</code> component.
+        <ul>
+          <li><a href="http://bugzilla.redhat.com/buglist.cgi?component=libvirt&amp;product=Red%20Hat%20Enterprise%20Linux%205">View Red Hat Enterprise Linux libvirt tickets</a></li>
+          <li><a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%205&amp;component=libvirt">New Red Hat Enterprise Linux libvirt ticket</a></li>
+        </ul>
       </li>
       <li>
-        <p>
-          If you are using binaries from another Linux distribution
-          first follow their own bug reporting guidelines.
-        </p>
-      </li>
-      <li>
-        <p>
-          Finally, if you are a contributor to another Linux
-          distribution and would like to have your procedure for
-          filing bugs mentioned here, please mail the libvirt
-          development list.
-        </p>
+        If you are using official binaries from another Linux distribution first
+        follow their own bug reporting guidelines.
       </li>
     </ul>
 
@@ -117,18 +81,18 @@
       If the bug leads to a tool linked to libvirt crash, then the best
       is to provide a backtrace along with the scenario used to get the
       crash, the simplest is to run the program under gdb, reproduce the
-      steps leading to the crash and then issue a gdb "bt -a" command to
+      steps leading to the crash and then issue a gdb "bt" command to
       get the stack trace, attach it to the bug. Note that for the
       data to be really useful libvirt debug informations must be present
       for example by installing libvirt debuginfo package on Fedora or
       Red Hat Enterprise Linux (with debuginfo-install libvirt) prior
       to running gdb.</p>
     <p>
-      It may also happen that the libvirt daemon itself crashes or gets stuck,
+      It may also happen that the libvirt daemon itself crashes or get stuck,
       in the first case run it (as root) under gdb, and reproduce the sequence
-      leading to the crash, similarly to a normal program provide the
+      leading to the crash, similary to a normal program provide the
       "bt" backtrace information to where gdb will have stopped.<br/>
-      But if libvirtd gets stuck, for example seems to stop processing
+      But if libvirtd get stuck, for example seems to stop processing
       commands, try to attach to the faulty daemon and issue a gdb command
       "thread apply all bt" to show all the threads backtraces, as in:</p>
       <pre> #  ps -o etime,pid `pgrep libvirt`
@@ -142,5 +106,10 @@
 (gdb)
 </pre>
 
+    <p>
+      If requesting a new feature attach any available patch to the ticket
+      and also email the patch to the libvirt mailing list for discussion
+    </p>
+
   </body>
 </html>

docs/compiling.html.in

@@ -62,57 +62,14 @@
     <p>
       The libvirt build process uses GNU autotools, so after obtaining a
       checkout it is necessary to generate the configure script and Makefile.in
-      templates using the <code>autogen.sh</code> command. By default when
-      the <code>configure</code> script is run from within a GIT checkout, it
-      will turn on -Werror for builds. This can be disabled with --disable-werror,
-      but this is not recommended. To build &amp; install libvirt to your home
-      directory the following commands can be run:
+      templates using the <code>autogen.sh</code> command, passing the extra
+      arguments as for configure. As an example, to do a complete build and
+      install it into your home directory run:
     </p>
 
     <pre>
-      $ ./autogen.sh --prefix=$HOME/usr
+      $ ./autogen.sh --prefix=$HOME/usr --enable-compile-warnings=error
       $ make
       $ <b>sudo</b> make install</pre>
-
-    <p>
-      Be aware though, that binaries built with a custom prefix will not
-      interoperate with OS vendor provided binaries, since the UNIX socket
-      paths will all be different. To produce a build that is compatible
-      with normal OS vendor prefixes, use
-    </p>
-
-    <pre>
-      $ ./autogen.sh --system
-      $ make
-    </pre>
-
-    <p>
-      When doing this for day-to-day development purposes, it is recommended
-      not to install over the OS vendor provided binaries. Instead simply
-      run libvirt directly from the source tree. For example to run
-      a privileged libvirtd instance
-    </p>
-
-    <pre>
-      $ su -
-      # service libvirtd stop  (or systemctl stop libvirtd.service)
-      # /home/to/your/checkout/daemon/libvirtd
-    </pre>
-
-    <p>
-      It is also possible to run virsh directly from the source tree
-    </p>
-
-    <pre>
-      $ ./tools/virsh ....
-    </pre>
-
-    <p>
-      A normal configuration of libvirt will build hypervisor drivers
-      as loadable modules. When running from a non-installed source
-      tree, libvirtd will attempt to find the modules from the same
-      source tree. If this is not possible though, you can explicitly
-      set <code>LIBVIRT_DRIVER_DIR=/path/to/source/tree/src/.libs</code>
-    </p>
   </body>
 </html>

docs/devhelp/.gitignore

@@ -0,0 +1,4 @@
+Makefile
+Makefile.in
+libvirt.devhelp
+*.html

docs/drivers.html.in

@@ -31,7 +31,7 @@
       <li><strong><a href="drvhyperv.html">Microsoft Hyper-V</a></strong></li>
     </ul>
 
-    <h2><a name="storage">Storage drivers</a></h2>
+    <h2><a name="stroage">Storage drivers</a></h2>
 
     <ul>
       <li><strong><a href="storage.html#StorageBackendDir">Directory backend</a></strong></li>
@@ -42,8 +42,6 @@
       <li><strong><a href="storage.html#StorageBackendISCSI">iSCSI backend</a></strong></li>
       <li><strong><a href="storage.html#StorageBackendSCSI">SCSI backend</a></strong></li>
       <li><strong><a href="storage.html#StorageBackendMultipath">Multipath backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendRBD">RBD (RADOS Block Device) backend</a></strong></li>
-      <li><strong><a href="storage.html#StorageBackendSheepdog">Sheepdog backend</a></strong></li>
     </ul>
   </body>
 </html>

docs/drvesx.html.in

@@ -56,7 +56,7 @@ esx://example-esx.com/?no_verify=1     (ESX over HTTPS, but doesn't verify the s
         URIs have this general form (<code>[...]</code> marks an optional part).
     </p>
 <pre>
-type://[username@]hostname[:port]/[[folder/...]datacenter/[folder/...][cluster/]server][?extraparameters]
+type://[username@]hostname[:port]/[datacenter[/cluster]/server][?extraparameters]
 </pre>
     <p>
         The <code>type://</code> is either <code>esx://</code> or
@@ -79,14 +79,6 @@ type://[username@]hostname[:port]/[[folder/...]datacenter/[folder/...][cluster/]
     </p>
 <pre>
 vpx://example-vcenter.com/dc1/cluster1/example-esx.com
-</pre>
-    <p>
-        Datacenters and clusters can be organized in folders, those have to be
-        specified as well. The driver can handle folders
-        <span class="since">since 0.9.7</span>.
-    </p>
-<pre>
-vpx://example-vcenter.com/folder1/dc1/folder2/example-esx.com
 </pre>
 
 

docs/drvlxc.html.in

@@ -35,27 +35,10 @@ mount them use:
 <p>
 NB, the blkio controller in some kernels will not allow creation of nested
 sub-directories which will prevent correct operation of the libvirt LXC
-driver. On such kernels, it may be necessary to unmount the blkio controller.
+driver. On such kernels, it may be neccessary to unmount the blkio controller.
 </p>
 
 
-<h2>Environment setup for the container init</h2>
-
-<p>
-When the container "init" process is started, it will be given several useful
-environment variables.
-</p>
-
-<dl>
-<dt>LIBVIRT_LXC_NAME</dt>
-<dd>The name assigned to the container by libvirt</dd>
-<dt>LIBVIRT_LXC_UUID</dt>
-<dd>The UUID assigned to the container by libvirt</dd>
-<dt>LIBVIRT_LXC_CMDLINE</dt>
-<dd>The unparsed command line arguments specified in the container configuration</dd>
-</dl>
-
-
 <h3>Example config version 1</h3>
 <p></p>
 <pre>

docs/drvopenvz.html.in

@@ -67,7 +67,7 @@ openvz+ssh://root@example.com/system (remote access, SSH tunnelled)
     script must be created manually by the host OS administrator. The
     simplest way is to just download the latest version of this script
     from a newer OpenVZ release, or upstream source repository. Then
-    a generic configuration file <code>/etc/vz/vznet.conf</code>
+    a generic configuration file <code>/etc/vz/vznetctl.conf</code>
     must be created containing
     </p>
 

docs/drvparallels.html.in

@@ -1,67 +0,0 @@
-<html><body>
-    <h1>Parallels Cloud Server driver</h1>
-    <ul id="toc"></ul>
-    <p>
-        The libvirt Parallels driver can manage Parallels Cloud Server starting from version 6.0.
-    </p>
-
-
-    <h2><a name="project">Project Links</a></h2>
-    <ul>
-      <li>
-        The <a href="http://www.parallels.com/products/server/baremetal/sp/">Parallels Cloud Server</a> Virtualization Solution.
-      </li>
-    </ul>
-
-
-    <h2><a name="uri">Connections to the Parallels Cloud Server driver</a></h2>
-    <p>
-        The libvirt Parallels driver is a single-instance privileged driver, with a driver name of 'parallels'. Some example connection URIs for the libvirt driver are:
-    </p>
-<pre>
-parallels:///system                     (local access)
-parallels+unix:///system                (local access)
-parallels://example.com/system          (remote access, TLS/x509)
-parallels+tcp://example.com/system      (remote access, SASl/Kerberos)
-parallels+ssh://root@example.com/system (remote access, SSH tunnelled)
-</pre>
-
-    <h2><a name="example">Example guest domain XML configuration</a></h2>
-
-    <p>
-    Parallels driver require at least one hard disk for new domains
-    at this time. It is used for defining directory, where VM should
-    be created.
-    </p>
-
-<pre>
-&lt;domain type='parallels'&gt;
-  &lt;name&gt;demo&lt;/name&gt;
-  &lt;uuid&gt;54cdecad-4492-4e31-a209-33cc21d64057&lt;/uuid&gt;
-  &lt;description&gt;some description&lt;/description&gt;
-  &lt;memory unit='KiB'&gt;1048576&lt;/memory&gt;
-  &lt;currentMemory unit='KiB'&gt;1048576&lt;/currentMemory&gt;
-  &lt;vcpu placement='static'&gt;2&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='x86_64'&gt;hvm&lt;/type&gt;
-  &lt;/os&gt;
-  &lt;clock offset='utc'/&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;destroy&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;devices&gt;
-    &lt;disk type='file' device='disk'&gt;
-      &lt;source file='/storage/vol1'/&gt;
-      &lt;target dev='hda'/&gt;
-    &lt;/disk&gt;
-    &lt;video&gt;
-      &lt;model type='vga' vram='33554432' heads='1'&gt;
-        &lt;acceleration accel3d='no' accel2d='no'/&gt;
-      &lt;/model&gt;
-    &lt;/video&gt;
-  &lt;/devices&gt;
-&lt;/domain&gt;
-
-</pre>
-
-</body></html>

docs/drvqemu.html.in

@@ -54,7 +54,7 @@
     The libvirt QEMU driver is a multi-instance driver, providing a single
     system wide privileged driver (the "system" instance), and per-user
     unprivileged drivers (the "session" instance). The URI driver protocol
-    is "qemu". Some example connection URIs for the libvirt driver are:
+    is "qemu". Some example conection URIs for the libvirt driver are:
     </p>
 
 <pre>
@@ -432,16 +432,9 @@ mount -t cgroup none /dev/cgroup -o devices
     <h3><a name="xmlimport">Converting from QEMU args to domain XML</a></h3>
 
     <p>
-      The <code>virsh domxml-from-native</code> provides a way to
-      convert an existing set of QEMU args into a guest description
-      using libvirt Domain XML that can then be used by libvirt.
-      Please note that this command is intended to be used to convert
-      existing qemu guests previously started from the command line to
-      be managed through libvirt.  It should not be used a method of
-      creating new guests from scratch.  New guests should be created
-      using an application calling the libvirt APIs (see
-      the <a href="apps.html">libvirt applications page</a> for some
-      examples) or by manually crafting XML to pass to virsh.
+      The <code>virsh domxml-from-native</code> provides a way to convert an
+      existing set of QEMU args into a guest description using libvirt Domain XML
+      that can then be used by libvirt.
     </p>
 
     <pre>$ cat &gt; demo.args &lt;&lt;EOF
@@ -476,7 +469,7 @@ $ virsh domxml-from-native qemu-argv demo.args
 &lt;/domain&gt;
 </pre>
 
-    <p>NB, don't include the literal \ in the args, put everything on one line</p>
+    <p>NB, don't include the literral \ in the args, put everything on one line</p>
 
     <h3><a name="xmlexport">Converting from domain XML to QEMU args</a></h3>
 
@@ -520,73 +513,6 @@ $ virsh domxml-to-native qemu-argv demo.xml
   -serial none -parallel none -usb
 </pre>
 
-    <h2><a name="qemucommand">Pass-through of arbitrary qemu
-    commands</a></h2>
-
-    <p>Libvirt provides an XML namespace and an optional
-      library <code>libvirt-qemu.so</code> for dealing specifically
-      with qemu.  When used correctly, these extensions allow testing
-      specific qemu features that have not yet been ported to the
-      generic libvirt XML and API interfaces.  However, they
-      are <b>unsupported</b>, in that the library is not guaranteed to
-      have a stable API, abusing the library or XML may result in
-      inconsistent state the crashes libvirtd, and upgrading either
-      qemu-kvm or libvirtd may break behavior of a domain that was
-      relying on a qemu-specific pass-through.  If you find yourself
-      needing to use them to access a particular qemu feature, then
-      please post an RFE to the libvirt mailing list to get that
-      feature incorporated into the stable libvirt XML and API
-      interfaces.
-    </p>
-    <p>The library provides two
-      API: <code>virDomainQemuMonitorCommand</code>, for sending an
-      arbitrary monitor command (in either HMP or QMP format) to a
-      qemu guest (<span class="since">Since 0.8.3</span>),
-      and <code>virDomainQemuAttach</code>, for registering a qemu
-      domain that was manually started so that it can then be managed
-      by libvirtd (<span class="since">Since 0.9.4</span>).
-    </p>
-    <p>Additionally, the following XML additions allow fine-tuning of
-      the command line given to qemu when starting a domain
-      (<span class="since">Since 0.8.3</span>).  In order to use the
-      XML additions, it is necessary to issue an XML namespace request
-      (the special <code>xmlns:<i>name</i></code> attribute) that
-      pulls in <code>http://libvirt.org/schemas/domain/qemu/1.0</code>;
-      typically, the namespace is given the name
-      of <code>qemu</code>.  With the namespace in place, it is then
-      possible to add an element <code>&lt;qemu:commandline&gt;</code>
-      under <code>driver</code>, with the following sub-elements
-      repeated as often as needed:
-      <dl>
-        <dt><code>qemu:arg</code></dt>
-        <dd>Add an additional command-line argument to the qemu
-          process when starting the domain, given by the value of the
-          attribute <code>value</code>.
-        </dd>
-        <dt><code>qemu:env</code></dt>
-        <dd>Add an additional environment variable to the qemu
-          process when starting the domain, given with the name-value
-          pair recorded in the attributes <code>name</code>
-          and optional <code>value</code>.</dd>
-      </dl>
-
-      <p>Example:</p><pre>
-&lt;domain type='qemu' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'&gt;
-  &lt;name&gt;QEmu-fedora-i686&lt;/name&gt;
-  &lt;memory&gt;219200&lt;/memory&gt;
-  &lt;os&gt;
-    &lt;type arch='i686' machine='pc'&gt;hvm&lt;/type&gt;
-  &lt;/os&gt;
-  &lt;devices&gt;
-    &lt;emulator&gt;/usr/bin/qemu-system-x86_64&lt;/emulator&gt;
-  &lt;/devices&gt;
-  &lt;qemu:commandline&gt;
-    &lt;qemu:arg value='-newarg'/&gt;
-    &lt;qemu:env name='QEMU_ENV' value='VAL'/&gt;
-  &lt;/qemu:commandline&gt;
-&lt;/domain&gt;
-</pre>
-
     <h2><a name="xmlconfig">Example domain XML config</a></h2>
 
     <h3>QEMU emulated guest on x86_64</h3>

docs/drvtest.html.in

@@ -8,7 +8,7 @@
     The libvirt Test driver is a per-process fake hypervisor driver,
     with a driver name of 'test'. The driver maintains all its state
     in memory. It can start with a pre-configured default config, or
-    be given a path to an alternate config. Some example connection URIs
+    be given a path to a alternate config. Some example conection URIs
     for the libvirt driver are:
     </p>
 

docs/drvvbox.html.in

@@ -70,11 +70,6 @@ vbox+ssh://user@example.com/session  (remote access, SSH tunnelled)
       <target dev='fda'/>
     </disk>
 
-    <filesystem type='mount'>
-      <source dir='/home/user/stuff'/>
-      <target dir='my-shared-folder'/>
-    </filesystem>
-
     <!--BRIDGE-->
     <interface type='bridge'>
       <source bridge='eth0'/>

docs/drvxen.html.in

@@ -59,7 +59,7 @@
 
     <p>
     The libvirt Xen driver is a single-instance privileged driver,
-    with a driver name of 'xen'. Some example connection URIs for
+    with a driver name of 'xen'. Some example conection URIs for
     the libvirt driver are:
     </p>
 

docs/formatcaps.html.in

@@ -28,11 +28,6 @@ BIOS you will see</p>
       &lt;feature name='xtpr'/&gt;
       ...
     &lt;/cpu&gt;
-    &lt;power_management&gt;
-      &lt;suspend_mem/&gt;
-      &lt;suspend_disk/&gt;
-      &lt;suspend_hybrid/&gt;
-    &lt;power_management/&gt;
   &lt;/host&gt;</span>
 
   &lt;!-- xen-3.0-x86_64 --&gt;
@@ -65,30 +60,20 @@ BIOS you will see</p>
   &lt;/guest&gt;</span>
   ...
 &lt;/capabilities&gt;</pre>
-        <p>The first block (in red) indicates the host hardware
-          capabilities, such as CPU properties and the power
-          management features of the host platform.  CPU models are
-          shown as additional features relative to the closest base
-          model, within a feature block (the block is similar to what
-          you will find in a Xen fully virtualized domain
-          description). Further, the power management features
-          supported by the host are shown, such as Suspend-to-RAM (S3),
-          Suspend-to-Disk (S4) and Hybrid-Suspend (a combination of S3
-          and S4). In case the host does not support
-          any such feature, then an empty &lt;power_management/&gt;
-          tag will be shown. </p>
-        <p>The second block (in blue) indicates the paravirtualization
-          support of the Xen support, you will see the os_type of xen
-          to indicate a paravirtual kernel, then architecture
-          information and potential features.</p>
-        <p>The third block (in green) gives similar information but
-          when running a 32 bit OS fully virtualized with Xen using
-          the hvm support.</p>
-        <p>This section is likely to be updated and augmented in the
-          future,
-          see <a href="https://www.redhat.com/archives/libvir-list/2007-March/msg00215.html">the
-          discussion</a> which led to the capabilities format in the
-          mailing-list archives.</p>
+        <p>The first block (in red) indicates the host hardware capabilities, currently
+it is limited to the CPU properties but other information may be available,
+it shows the CPU architecture, topology, model name, and additional features
+which are not included in the model but the CPU provides them. Features of the
+chip are shown within the feature block (the block is similar to what you will
+find in a Xen fully virtualized domain description).</p>
+        <p>The second block (in blue) indicates the paravirtualization support of the
+Xen support, you will see the os_type of xen to indicate a paravirtual
+kernel, then architecture information and potential features.</p>
+        <p>The third block (in green) gives similar information but when running a
+32 bit OS fully virtualized with Xen using the hvm support.</p>
+        <p>This section is likely to be updated and augmented in the future, see <a href="https://www.redhat.com/archives/libvir-list/2007-March/msg00215.html">the
+discussion</a> which led to the capabilities format in the mailing-list
+archives.</p>
 
   </body>
 </html>

docs/formatnetwork.html.in

@@ -15,14 +15,8 @@
 
     <p>
       The root element required for all virtual networks is
-      named <code>network</code> and has no configurable attributes
-      (although <span class="since">since 0.10.0</span> there is one
-      optional read-only attribute - when examining the live
-      configuration of a network, the
-      attribute <code>connections</code>, if present, specifies the
-      number of guest interfaces currently connected via this
-      network).  The network XML format is
-      available <span class="since">since 0.3.0</span>
+      named <code>network</code> and has no attributes.
+      The network XML format is available <span class="since">since 0.3.0</span>
     </p>
 
     <h3><a name="elementsMetadata">General metadata</a></h3>
@@ -64,7 +58,7 @@
     <pre>
         ...
         &lt;bridge name="virbr0" stp="on" delay="5"/&gt;
-        &lt;domain name="example.com"/&gt;
+        &lt;domain name="example"/&gt;
         &lt;forward mode="nat" dev="eth0"/&gt;
         ...</pre>
 
@@ -140,12 +134,12 @@
             attribute is set, firewall rules will restrict forwarding
             to the named device only. This presumes that the local LAN
             router has suitable routing table entries to return
-            traffic to this host. All incoming and outgoing sessions
-            to guest on these networks are unrestricted. (To restrict
-            incoming traffic to a guest on a routed network, you can
-            configure <a href="formatnwfilter.html">nwfilter rules</a>
-            on the guest's interfaces.)
-            <span class="since">Since 0.4.2</span>
+            traffic to this host. Firewall rules are also installed
+            that prevent incoming sessions from the physical network
+            to the guests, but outgoing sessions are unrestricted (as
+            are sessions from the host to the guests, and between
+            guests on the same network.)<span class="since">Since
+            0.4.2</span>
           </dd>
 
           <dt><code>bridge</code></dt>
@@ -153,17 +147,10 @@
             This network describes either 1) an existing host bridge
             that was configured outside of libvirt (if
             a <code>&lt;bridge name='xyz'/&gt;</code> element has been
-            specified, <span class="since">Since 0.9.4</span>), 2) an
-            existing Open vSwitch bridge that was configured outside of
-            libvirt (if both a <code>&lt;bridge name='xyz'/&gt;</code>
-            element <b>and</b> a <code>&lt;virtualport
-            type='openvswitch'/&gt;</code> have been
-            specified <span class="since">Since 0.10.0</span>) 3) an
-            interface or group of interfaces to be used for a "direct"
-            connection via macvtap using macvtap's "bridge" mode (if
-            the forward element has one or
-            more <code>&lt;interface&gt;</code>
-            subelements, <span class="since">Since 0.9.4</span>)
+            specified), or 2) an interface or group of interfaces to
+            be used for a "direct" connection via macvtap using
+            macvtap's "bridge" mode (if the forward element has one or
+            more <code>&lt;interface&gt;</code> subelements)
             (see <a href="formatdomain.html#elementsNICSDirect">Direct
             attachment to physical interface</a> for descriptions of
             the various macvtap modes). libvirt doesn't attempt to
@@ -223,47 +210,11 @@
             (usually either a domain start, or a hotplug interface
             attach to a domain).<span class="since">Since 0.9.4</span>
           </dd>
-          <dt><code>hostdev</code></dt>
-          <dd>
-            This network facilitates PCI Passthrough of a network
-            device.  A network device is chosen from the interface
-            pool and directly assigned to the guest using generic
-            device passthrough, after first optionally setting the
-            device's MAC address and vlan tag to the configured value,
-            and optionally associating the device with an 802.1Qbh
-            capable switch using a <code>&lt;virtualport&gt;</code>
-            element.  Note that - due to limitations in standard
-            single-port PCI ethernet card driver design - only SR-IOV
-            (Single Root I/O Virtualization) virtual function (VF)
-            devices can be assigned in this manner; to assign a
-            standard single-port PCI or PCIe ethernet card to a guest,
-            use the traditional <code>&lt; hostdev&gt;</code> device
-            definition. <span class="since"> Since 0.10.0</span>
-
-            <p>Note that this "intelligent passthrough" of network
-            devices is very similar to the functionality of a
-            standard <code>&lt; hostdev&gt;</code> device, the
-            difference being that this method allows specifying a MAC
-            address, vlan tag, and <code>&lt;virtualport &gt;</code>
-            for the passed-through device. If these capabilities are
-            not required, if you have a standard single-port PCI,
-            PCIe, or USB network card that doesn't support SR-IOV (and
-            hence would anyway lose the configured MAC address during
-            reset after being assigned to the guest domain), or if you
-            are using a version of libvirt older than 0.10.0, you
-            should use a standard
-            <code>&lt;hostdev&gt;</code> device definition in the
-            domain's configuration to assign the device to the guest
-            instead of defining an <code>&lt;interface
-            type='network'&gt;</code> pointing to a network
-            with <code>&lt;forward mode='hostdev'/&gt;</code>.
-            </p>
-          </dd>
         </dl>
         As mentioned above, a <code>&lt;forward&gt;</code> element can
         have multiple <code>&lt;interface&gt;</code> subelements, each
         one giving the name of a physical interface that can be used
-        for this network <span class="since">Since 0.9.4</span>:
+        for this network<span class="since">Since 0.9.4</span>:
         <pre>
 ...
   &lt;forward mode='passthrough'&gt;
@@ -275,31 +226,7 @@
   &lt;/forward&gt;
 ...
         </pre>
-        <p>
-          <span class="since">since 0.10.0</span>,
-          <code>&lt;interface&gt;</code> also has an optional read-only
-          attribute - when examining the live configuration of a
-          network, the attribute <code>connections</code>, if present,
-          specifies the number of guest interfaces currently connected
-          via this physical interface.
-        </p>
-        <p>
-          Additionally, <span class="since">since 0.9.10</span>, libvirt
-          allows a shorthand for specifying all virtual interfaces
-          associated with a single physical function, by using
-          the <code>&lt;pf&gt;</code> subelement to call out the
-          corresponding physical interface associated with multiple
-          virtual interfaces:
-        </p>
-        <pre>
-...
-  &lt;forward mode='passthrough'&gt;
-    &lt;pf dev='eth0'/&gt;
-  &lt;/forward&gt;
-...
-        </pre>
-
-        <p>When a guest interface is being constructed, libvirt will pick
+        When a guest interface is being constructed, libvirt will pick
         an interface from this list to use for the connection. In
         modes where physical interfaces can be shared by multiple
         guest interfaces, libvirt will choose the interface that
@@ -307,40 +234,7 @@
         that do not allow sharing of the physical device (in
         particular, 'passthrough' mode, and 'private' mode when using
         802.1Qbh), libvirt will choose an unused physical interface
-        or, if it can't find an unused interface, fail the operation.</p>
-
-        <p>
-          <span class="since">since 0.10.0</span> When using forward
-          mode 'hostdev', the interface pool is specified with a list
-          of <code>&lt;address&gt;</code> elements, each of which has
-          <code>&lt; type&gt;</code> (must always be <code>'pci'</code>,
-          <code>&lt;domain&gt;</code>, <code>&lt;bus&gt;</code>,
-          <code>&lt;slot&gt;</code>, and <code>&lt;function&gt;</code>
-          attributes.
-        </p>
-        <pre>
-...
-  &lt;forward mode='hostdev' managed='yes'&gt;
-    &lt;address type='pci' domain='0' bus='4' slot='0' function='1'/&gt;
-    &lt;address type='pci' domain='0' bus='4' slot='0' function='2'/&gt;
-    &lt;address type='pci' domain='0' bus='4' slot='0' function='3'/&gt;
-  &lt;/forward&gt;
-...
-        </pre>
-
-        Alternatively the interface pool can also be defined using a
-        single physical function  <code>&lt;pf&gt;</code> subelement to
-        call out the  corresponding physical interface associated with
-        multiple virtual interfaces (similar to passthrough mode):
-
-        <pre>
-...
-  &lt;forward mode='hostdev' managed='yes'&gt;
-    &lt;pf dev='eth0'/&gt;
-  &lt;/forward&gt;
-...
-        </pre>
-
+        or, if it can't find an unused interface, fail the operation.
       </dd>
     </dl>
     <h5><a name="elementQoS">Quality of service</a></h5>
@@ -375,56 +269,6 @@
         <span class="since">Since 0.9.4</span>
       </p>
 
-    <h5><a name="elementVlanTag">Setting VLAN tag (on supported network types only)</a></h5>
-
-<pre>
-  ...
-  &lt;devices&gt;
-    &lt;interface type='bridge'&gt;
-      <b>&lt;vlan trunk='yes'&gt;</b>
-        <b>&lt;tag id='42'/&gt;</b>
-        <b>&lt;tag id='47'/&gt;</b>
-      <b>&lt;/vlan&gt;</b>
-      &lt;source bridge='ovsbr0'/&gt;
-      &lt;virtualport type='openvswitch'&gt;
-        &lt;parameters interfaceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'/&gt;
-      &lt;/virtualport&gt;
-    &lt;/interface&gt;
-  &lt;devices&gt;
-  ...</pre>
-
-    <p>
-      If (and only if) the network type supports vlan tagging
-      transparent to the guest, an optional <code>&lt;vlan&gt;</code>
-      element can specify one or more vlan tags to apply to the
-      traffic of all guests using this
-      network <span class="since">Since 0.10.0</span>. (openvswitch
-      and type='hostdev' SR-IOV networks do support transparent vlan
-      tagging of guest traffic; everything else, including standard
-      linux bridges and libvirt's own virtual networks, <b>do not</b>
-      support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches
-      provide their own way (outside of libvirt) to tag guest traffic
-      onto specific vlans.) As expected, the <code>tag</code>
-      attribute specifies which vlan tag to use. If a network has more
-      than one <code>&lt;vlan&gt;</code> element defined, it is
-      assumed that the user wants to do VLAN trunking using all the
-      specified tags. In the case that vlan trunking with a single tag
-      is desired, the optional attribute <code>trunk='yes'</code> can
-      be added to the vlan element.
-    </p>
-    <p>
-      <code>&lt;vlan&gt;</code> elements can also be specified in
-      a <code>&lt;portgroup&gt;</code> element, as well as directly in
-      a domain's <code>&lt;interface&gt;</code> element. In the case
-      that a vlan tag is specified in multiple locations, the setting
-      in <code>&lt;interface&gt;</code> takes precedence, followed by
-      the setting in the <code>&lt;portgroup&gt;</code> selected by
-      the interface config. The <code>&lt;vlan&gt;</code>
-      in <code>&lt;network&gt;</code> will be selected only if none is
-      given in <code>&lt;portgroup&gt;</code>
-      or <code>&lt;interface&gt;</code>.
-    </p>
-
     <h5><a name="elementsPortgroup">Portgroups</a></h5>
 
 <pre>
@@ -457,11 +301,9 @@
 ...</pre>
 
     <p>
-      <span class="since">Since 0.9.4</span>
       A portgroup provides a method of easily putting guest
       connections to the network into different classes, with each
-      class potentially having a different level/type of service.
-      <span class="since">Since 0.9.4</span> Each
+      class potentially having a different level/type of service. Each
       network can have multiple portgroup elements (and one of those
       can optionally be designated as the 'default' portgroup for the
       network), and each portgroup has a name, as well as various
@@ -479,15 +321,9 @@
       default portgroup will be used. If no portgroup is given in the
       interface definition, and there is no default portgroup, then
       none will be used. Any <code>&lt;bandwidth&gt;</code>
-
-      specified directly in the domain XML will take precedence over
-      any setting in the chosen portgroup. if
-      a <code>&lt;virtualport&gt;</code> is specified in the portgroup
-      (and/or directly in the network definition), the multiple
-      virtualports will be merged, and any parameter that is specified
-      in more than one virtualport, and is not identical, will be
-      considered an error, and will prevent the interface from
-      starting.
+      or <code>&lt;virtualport&gt;</code> specified directly in the
+      domain XML will take precedence over any setting in the chosen
+      portgroup.
     </p>
 
     <h3><a name="elementsAddress">Addressing</a></h3>
@@ -504,14 +340,8 @@
     <pre>
         ...
         &lt;mac address='00:16:3E:5D:C7:9E'/&gt;
-        &lt;domain name="example.com"/&gt;
         &lt;dns&gt;
           &lt;txt name="example" value="example value" /&gt;
-          &lt;srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1024' priority='10' weight='10'/&gt;
-          &lt;host ip='192.168.122.2'&gt;
-            &lt;hostname&gt;myhost&lt;/hostname&gt;
-            &lt;hostname&gt;myhostalias&lt;/hostname&gt;
-          &lt;/host&gt;
         &lt;/dns&gt;
         &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
           &lt;dhcp&gt;
@@ -560,17 +390,6 @@
             <span class="since">Since 0.9.3</span>
           </dd>
         </dl>
-        <dl>
-          <dt><code>srv</code></dt>
-          <dd>The <code>dns</code> element can have also 0 or more <code>srv</code>
-            record elements. Each <code>srv</code> record element defines a DNS SRV record
-            and has 2 mandatory and 5 optional attributes. The mandatory attributes
-            are service name and protocol (tcp, udp) and the optional attributes are
-            target, port, priority, weight and domain as defined in DNS server SRV
-            RFC (RFC 2782).
-            <span class="since">Since 0.9.9</span>
-          </dd>
-        </dl>
       </dd>
       <dt><code>ip</code></dt>
       <dd>The <code>address</code> attribute defines an IPv4 address in
@@ -723,7 +542,6 @@
     <h3><a name="examplesBridge">Using an existing host bridge</a></h3>
 
     <p>
-      <span class="since">Since 0.9.4</span>
       This shows how to use a pre-existing host bridge "br0". The
       guests will effectively be directly connected to the physical
       network (i.e. their IP addresses will all be on the subnet of
@@ -741,8 +559,6 @@
     <h3><a name="examplesDirect">Using a macvtap "direct" connection</a></h3>
 
     <p>
-      <span class="since">Since 0.9.4, QEMU and KVM only, requires
-      Linux kernel 2.6.34 or newer</span>
       This shows how to use macvtap to connect to the physical network
       directly through one of a group of physical devices (without
       using a host bridge device). As with the host bridge network,

docs/formatnode.html.in

@@ -1,232 +1,5 @@
 <html>
   <body>
     <h1>Node devices XML format</h1>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="NodedevAttributes">Node Device XML</a></h2>
-
-    <p>
-      There are several libvirt functions, all with the
-      prefix <code>virNodeDevice</code>, which deal with management of
-      host devices that can be handed to guests via passthrough as
-      &lt;hostdev&gt; elements
-      in <a href="formatdomain.html#elementsUSB">the domain XML</a>.
-      These devices are represented as a hierarchy, where a device on
-      a bus has a parent of the bus controller device; the root of the
-      hierarchy is the node named "computer".
-    </p>
-
-    <p>
-      When represented in XML, a node device uses the
-      top-level <code>device</code> element, with the following
-      elements present according to the type of device:
-    </p>
-    <dl>
-      <dt><code>name</code></dt>
-      <dd>The name for this device.  The name will be alphanumeric,
-        with words separated by underscore.  For many devices, the
-        name is just the bus type and address, as in
-        "pci_0000_00_02_1" or "usb_1_5_3", but some devices are able
-        to provide more specific names, such as
-        "net_eth1_00_27_13_6a_fe_00".
-      </dd>
-      <dt><code>parent</code></dt>
-      <dd>If this element is present, it names the parent device (that
-        is, a controller to which this node belongs).
-      </dd>
-      <dt><code>capability</code></dt>
-      <dd>This node appears for each capability that libvirt
-        associates with a node.  A mandatory
-        attribute <code>type</code> lists which category the device
-        belongs to, and controls which further subelements will be
-        present to describe the node:
-        <dl>
-          <dt><code>system</code></dt>
-          <dd>Describes the overall host.  Sub-elements include:
-            <dl>
-              <dt><code>product</code></dt>
-              <dd>If present, a simple text string giving the product
-                name of the system.</dd>
-              <dt><code>hardware</code></dt>
-              <dd>Describes the hardware of the system, including
-                sub-elements for <code>vendor</code>, <code>version</code>,
-                <code>serial</code>, and <code>uuid</code>.</dd>
-              <dt><code>firmware</code></dt>
-              <dd>Describes the firmware of the system, including
-                sub-elements for <code>vendor</code>, <code>version</code>,
-                and <code>release_date</code>.</dd>
-            </dl>
-          </dd>
-          <dt><code>pci</code></dt>
-          <dd>Describes a device on the host's PCI bus.  Sub-elements
-            include:
-            <dl>
-              <dt><code>domain</code></dt>
-              <dd>Which domain the device belongs to.</dd>
-              <dt><code>bus</code></dt>
-              <dd>Which bus within the domain.</dd>
-              <dt><code>slot</code></dt>
-              <dd>Which slot within the bus.</dd>
-              <dt><code>function</code></dt>
-              <dd>Which function within the slot.</dd>
-              <dt><code>product</code></dt>
-              <dd>Product details from the device ROM, including an
-                attribute <code>id</code> with the hexadecimal product
-                id, and an optional text description of that id.</dd>
-              <dt><code>vendor</code></dt>
-              <dd>Vendor details from the device ROM, including an
-                attribute <code>id</code> with the hexadecimal vendor
-                id, and an optional text name of that vendor.</dd>
-            </dl>
-          </dd>
-          <dt><code>usb_device</code></dt>
-          <dd>Describes a device on the host's USB bus, based on its
-            location within the bus.  Sub-elements include:
-            <dl>
-              <dt><code>bus</code></dt>
-              <dd>Which bus the device belongs to.</dd>
-              <dt><code>device</code></dt>
-              <dd>Which device within the bus.</dd>
-              <dt><code>product</code></dt>
-              <dd>Product details from the device ROM, including an
-                attribute <code>id</code> with the hexadecimal product
-                id, and an optional text description of that id.</dd>
-              <dt><code>vendor</code></dt>
-              <dd>Vendor details from the device ROM, including an
-                attribute <code>id</code> with the hexadecimal vendor
-                id, and an optional text name of that vendor.</dd>
-            </dl>
-          </dd>
-          <dt><code>usb</code></dt>
-          <dd>Describes a USB device, based on its advertised driver
-            interface.  Sub-elements include:
-            <dl>
-              <dt><code>number</code></dt>
-              <dd>The device number.</dd>
-              <dt><code>number</code></dt>
-              <dd>The device class.</dd>
-              <dt><code>number</code></dt>
-              <dd>The device subclass.</dd>
-              <dt><code>number</code></dt>
-              <dd>The device protocol.</dd>
-              <dt><code>description</code></dt>
-              <dd>If present, a description of the device.</dd>
-            </dl>
-          </dd>
-          <dt><code>net</code></dt>
-          <dd>Describes a device capable for use as a network
-            interface.  Sub-elements include:
-            <dl>
-              <dt><code>interface</code></dt>
-              <dd>The interface name tied to this device.</dd>
-              <dt><code>address</code></dt>
-              <dd>If present, the MAC address of the device.</dd>
-              <dt><code>capability</code></dt>
-              <dd>A network protocol exposed by the device, where the
-                attribute <code>type</code> can be "80203" for IEEE
-                802.3, or "80211" for various flavors of IEEE 802.11.
-              </dd>
-            </dl>
-          </dd>
-          <dt><code>scsi_host</code></dt>
-          <dd>Describes a SCSI host device.  Sub-elements include:
-            <dl>
-              <dt><code>host</code></dt>
-              <dd>The SCSI host number.</dd>
-              <dt><code>capability</code></dt>
-              <dd>Current capabilities include "vports_ops" (indicates
-                vport operations are supported) and "fc_host", the later
-                implies following sub-elements: <code>wwnn</code>,
-                <code>wwpn</code>, <code>fabric_wwn</code>.
-              </dd>
-            </dl>
-          </dd>
-          <dt><code>scsi</code></dt>
-          <dd>Describes a SCSI device.  Sub-elements include:
-            <dl>
-              <dt><code>host</code></dt>
-              <dd>The SCSI host containing the device.</dd>
-              <dt><code>bus</code></dt>
-              <dd>The bus within the host.</dd>
-              <dt><code>target</code></dt>
-              <dd>The target within the bus.</dd>
-              <dt><code>lun</code></dt>
-              <dd>The lun within the target.</dd>
-              <dt><code>type</code></dt>
-              <dd>The type of SCSI device.</dd>
-            </dl>
-          </dd>
-          <dt><code>storage</code></dt>
-          <dd>Describes a device usable for storage.  Sub-elements
-            include:
-            <dl>
-              <dt><code>block</code></dt>
-              <dd>A block device file name that accesses the storage
-                present on the device.</dd>
-              <dt><code>bus</code></dt>
-              <dd>If present, the name of the bus the device is found
-                on.</dd>
-              <dt><code>drive_type</code></dt>
-              <dd>The type of the drive, such as "disk" or
-                "cdrom".</dd>
-              <dt><code>model</code></dt>
-              <dd>Any model information available from the
-                device.</dd>
-              <dt><code>vendor</code></dt>
-              <dd>Any vendor information available from the
-                device.</dd>
-              <dt><code>serial</code></dt>
-              <dd>Any serial number information available from the
-                device.</dd>
-              <dt><code>size</code></dt>
-              <dd>For fixed-size storage, the amount of storage
-                available.</dd>
-              <dt><code>capability</code></dt>
-              <dd>If present, an additional capability is listed via
-                the attribute <code>type</code>.  Current capabilities
-                include "hotpluggable" and "removable", with the
-                latter implying the following
-                sub-elements: <code>media_available</code> (0 or
-                1), <code>media_size</code>,
-                and <code>media_label</code>.</dd>
-            </dl>
-          </dd>
-        </dl>
-      </dd>
-    </dl>
-
-    <h2><a name="nodeExample">Examples</a></h2>
-
-    <p>The following are some example node device XML outputs:</p>
-    <pre>
-&lt;device&gt;
-  &lt;name&gt;computer&lt;/name&gt;
-  &lt;capability type='system'&gt;
-    &lt;product&gt;2241B36&lt;/product&gt;
-    &lt;hardware&gt;
-      &lt;vendor&gt;LENOVO&lt;/vendor&gt;
-      &lt;version&gt;ThinkPad T500&lt;/version&gt;
-      &lt;serial&gt;R89055N&lt;/serial&gt;
-      &lt;uuid&gt;c9488981-5049-11cb-9c1c-993d0230b4cd&lt;/uuid&gt;
-    &lt;/hardware&gt;
-    &lt;firmware&gt;
-      &lt;vendor&gt;LENOVO&lt;/vendor&gt;
-      &lt;version&gt;6FET82WW (3.12 )&lt;/version&gt;
-      &lt;release_date&gt;11/26/2009&lt;/release_date&gt;
-    &lt;/firmware&gt;
-  &lt;/capability&gt;
-&lt;/device&gt;
-
-&lt;device&gt;
-  &lt;name&gt;net_eth1_00_27_13_6a_fe_00&lt;/name&gt;
-  &lt;parent&gt;pci_0000_00_19_0&lt;/parent&gt;
-  &lt;capability type='net'&gt;
-    &lt;interface&gt;eth1&lt;/interface&gt;
-    &lt;address&gt;00:27:13:6a:fe:00&lt;/address&gt;
-    &lt;capability type='80203'/&gt;
-  &lt;/capability&gt;
-&lt;/device&gt;</pre>
-
   </body>
 </html>

docs/formatnwfilter.html.in

@@ -109,131 +109,6 @@
       <br/><br/>
     </p>
 
-    <h3><a name="nwfconceptschains">Filtering chains</a></h3>
-    <p>
-      Filtering rules are organized in filter chains. These chains can be
-      thought of as having a tree structure with packet
-      filtering rules as entries in individual chains (branches). <br>
-      Packets start their filter evaluation in the <code>root</code> chain
-      and can then continue their evaluation in other chains, return from
-      those chains back into the <code>root</code> chain or be
-      dropped or accepted by a filtering rule in one of the traversed chains.
-      <br/>
-      Libvirt's network filtering system automatically creates individual
-      <code>root</code> chains for every virtual machine's network interface
-      on which the user chooses to activate traffic filtering.
-      The user may write filtering rules that are either directly instantiated
-      in the <code>root</code> chain or may create protocol-specific
-      filtering chains for efficient evaluation of protocol-specific rules.
-      The following chains exist:
-    </p>
-    <ul>
-     <li>root</li>
-     <li>mac <span class="since">(since 0.9.8)</span></li>
-     <li>stp (spanning tree protocol)
-         <span class="since">(since 0.9.8)</span></li>
-     <li>vlan (802.1Q) <span class="since">(since 0.9.8)</span></li>
-     <li>arp, rarp</li>
-     <li>ipv4</li>
-     <li>ipv6</li>
-    </ul>
-    <p>
-      <span class="since">Since 0.9.8</span> multiple chains evaluating the
-      <code>mac</code>, <code>stp</code>, <code>vlan</code>,
-      <code>arp</code>, <code>rarp</code>, <code>ipv4</code>, or
-      <code>ipv6</code> protocol can be created using
-      the protocol name only as a prefix in the chain's name. This for
-      examples allows chains with names <code>arp-xyz</code> or
-      <code>arp-test</code> to be specified and have ARP protocol packets
-      evaluated in those chains.
-    <br/><br/>
-      The following filter shows an example of filtering ARP traffic
-      in the <code>arp</code> chain.
-    </p>
-<pre>
-&lt;filter name='no-arp-spoofing' chain='arp' priority='-500'&gt;
-  &lt;uuid&gt;f88f1932-debf-4aa1-9fbe-f10d3aa4bc95&lt;/uuid&gt;
-  &lt;rule action='drop' direction='out' priority='300'&gt;
-    &lt;mac match='no' srcmacaddr='$MAC'/&gt;
-  &lt;/rule&gt;
-  &lt;rule action='drop' direction='out' priority='350'&gt;
-    &lt;arp match='no' arpsrcmacaddr='$MAC'/&gt;
-  &lt;/rule&gt;
-  &lt;rule action='drop' direction='out' priority='400'&gt;
-    &lt;arp match='no' arpsrcipaddr='$IP'/&gt;
-  &lt;/rule&gt;
-  &lt;rule action='drop' direction='in' priority='450'&gt;
-    &lt;arp opcode='Reply'/&gt;
-    &lt;arp match='no' arpdstmacaddr='$MAC'/&gt;
-  &lt;/rule&gt;
-  &lt;rule action='drop' direction='in' priority='500'&gt;
-    &lt;arp match='no' arpdstipaddr='$IP'/&gt;
-  &lt;/rule&gt;
-  &lt;rule action='accept' direction='inout' priority='600'&gt;
-    &lt;arp opcode='Request'/&gt;
-  &lt;/rule&gt;
-  &lt;rule action='accept' direction='inout' priority='650'&gt;
-    &lt;arp opcode='Reply'/&gt;
-  &lt;/rule&gt;
-  &lt;rule action='drop' direction='inout' priority='1000'/&gt;
-&lt;/filter&gt;
-</pre>
-    <p>
-      The consequence of putting ARP-specific rules in the <code>arp</code>
-      chain, rather than for example in the <code>root</code> chain, is that
-      packets for any other protocol than ARP do not need to be evaluated by
-      ARP protocol-specific rules. This improves the efficiency
-      of the traffic filtering. However, one must then pay attention to only
-      put filtering rules for the given protocol into the chain since
-      any other rules will not be evaluated, i.e., an IPv4 rule will not
-      be evaluated in the ARP chain since no IPv4 protocol packets will
-      traverse the ARP chain.
-      <br/><br/>
-    </p>
-    <h3><a name="nwfconceptschainpriorities">Filtering chain priorities</a></h3>
-    <p>
-      All chains are connected to the <code>root</code> chain. The order in
-      which those chains are accessed is influenced by the priority of the
-      chain. The following table shows the chains that can be assigned a
-      priority and their default priorities.
-    </p>
-      <table class="top_table">
-       <tr>
-         <th> Chain (prefix) </th>
-         <th> Default priority </th>
-       </tr>
-       <tr>
-         <td>stp</td><td>-810</td>
-       </tr>
-       <tr>
-         <td>mac</td><td>-800</td>
-       </tr>
-       <tr>
-         <td>vlan</td><td>-750</td>
-       </tr>
-       <tr>
-         <td>ipv4</td><td>-700</td>
-       </tr>
-       <tr>
-         <td>ipv6</td><td>-600</td>
-       </tr>
-       <tr>
-         <td>arp</td><td>-500</td>
-       </tr>
-       <tr>
-         <td>rarp</td><td>-400</td>
-       </tr>
-      </table>
-    <p>
-      A chain with a lower priority value is accessed before one with a
-      higher value.
-      <br><br>
-      <span class="since">Since 0.9.8</span> the above listed chains
-      can be assigned custom priorities by writing a value in the
-      range [-1000, 1000] into the priority (XML) attribute in the filter
-      node. The above example filter shows the default priority of -500
-      for <code>arp</code> chains.
-    </p>
     <h3><a name="nwfconceptsvars">Usage of variables in filters</a></h3>
     <p>
 
@@ -260,11 +135,42 @@
       <a href="#nwflimits">section on limitations</a> on how to use this
       feature and what to expect when using it.
       <br/><br/>
-      The above-shown network filer <code>no-arp-spoofing</code>
-      is an example of
+      The following is the XML description of the network filer
+      <code>no-arp-spoofing</code>. It serves as an example for
       a network filter XML referencing the <code>MAC</code> and
-      <code>IP</code> variables.
-      <br/><br/>
+      <code>IP</code> parameters. This particular filter is referenced by the
+      <code>clean-traffic</code> filter.
+    </p>
+<pre>
+&lt;filter name='no-arp-spoofing' chain='arp'&gt;
+  &lt;uuid&gt;f88f1932-debf-4aa1-9fbe-f10d3aa4bc95&lt;/uuid&gt;
+  &lt;rule action='drop' direction='out' priority='300'&gt;
+    &lt;mac match='no' srcmacaddr='$MAC'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='drop' direction='out' priority='350'&gt;
+    &lt;arp match='no' arpsrcmacaddr='$MAC'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='drop' direction='out' priority='400'&gt;
+    &lt;arp match='no' arpsrcipaddr='$IP'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='drop' direction='in' priority='450'&gt;
+    &lt;arp opcode='Reply'/&gt;
+    &lt;arp match='no' arpdstmacaddr='$MAC'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='drop' direction='in' priority='500'&gt;
+    &lt;arp match='no' arpdstipaddr='$IP'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='accept' direction='inout' priority='600'&gt;
+    &lt;arp opcode='Request'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='accept' direction='inout' priority='650'&gt;
+    &lt;arp opcode='Reply'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='drop' direction='inout' priority='1000'/&gt;
+&lt;/filter&gt;
+</pre>
+
+    <p>
       Note that referenced variables are always prefixed with the
       $ (dollar) sign. The format of the value of a variable
       must be of the type expected by the filter attribute in the
@@ -276,212 +182,7 @@
       interface from attaching when hotplugging is used. The types
       that are expected for each XML attribute are shown
       below.
-      <br/><br/>
-      <span class="since">Since 0.9.8</span> variables can contain lists of
-      elements, e.g., the variable <code>IP</code> can contain multiple IP
-      addresses that are valid on a particular interface. The notation for
-      providing multiple elements for the IP variable is:
     </p>
-<pre>
-  ...
-  &lt;devices&gt;
-    &lt;interface type='bridge'&gt;
-      &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
-      &lt;filterref filter='clean-traffic'&gt;
-        &lt;parameter name='IP' value='10.0.0.1'/&gt;
-        &lt;parameter name='IP' value='10.0.0.2'/&gt;
-        &lt;parameter name='IP' value='10.0.0.3'/&gt;
-      &lt;/filterref&gt;
-    &lt;/interface&gt;
-  &lt;/devices&gt;
-  ...</pre>
-    <p>
-      This then allows filters to enable multiple IP addresses
-      per interface. Therefore, with the list
-      of IP address shown above, the following rule will create 3
-      individual filtering rules, one for each IP address.
-    </p>
-<pre>
-  ...
-  &lt;rule action='accept' direction='in' priority='500'&gt;
-    &lt;tcp srpipaddr='$IP'/&gt;
-  &lt;/rule&gt;
-  ...
-</pre>
-    <p>
-      <span class="since">Since 0.9.10</span> it is possible to access
-      individual elements of a variable holding a list of elements.
-      A filtering rule like the following accesses the 2nd element
-      of the variable DSTPORTS.
-    </p>
-<pre>
-  ...
-  &lt;rule action='accept' direction='in' priority='500'&gt;
-    &lt;udp dstportstart='$DSTPORTS[1]'/&gt;
-  &lt;/rule&gt;
-  ...
-</pre>
-    <p>
-      <span class="since">Since 0.9.10</span> it is possible to create
-      filtering rules that instantiate all combinations of rules from
-      different lists using the notation of
-      <code>$VARIABLE[@&lt;iterator ID&gt;]</code>.
-      The following rule allows a virtual machine to
-      receive traffic on a set of ports, which are specified in DSTPORTS,
-      from the set of source IP address specified in SRCIPADDRESSES.
-      The rule generates all combinations of elements of the variable
-      DSTPORT with those of SRCIPADDRESSES by using two independent
-      iterators to access their elements.
-    </p>
-<pre>
-  ...
-  &lt;rule action='accept' direction='in' priority='500'&gt;
-    &lt;ip srcipaddr='$SRCIPADDRESSES[@1]' dstportstart='$DSTPORTS[@2]'/&gt;
-  &lt;/rule&gt;
-  ...
-</pre>
-
-    <p>
-      In an example we assign concrete values to SRCIPADDRESSES and DSTPORTS
-    </p>
-<pre>
-  SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ]
-  DSTPORTS = [ 80, 8080 ]
-</pre>
-    <p>
-      Accessing the variables using $SRCIPADDRESSES[@1] and $DSTPORTS[@2] would
-      then result in all combinations of addresses and ports being created:
-    </p>
-<pre>
-  10.0.0.1, 80
-  10.0.0.1, 8080
-  11.1.2.3, 80
-  11.1.2.3, 8080
-</pre>
-    <p>
-      Accessing the same variables using a single iterator, for example by using
-      the notation $SRCIPADDRESSES[@1] and $DSTPORTS[@1], would result in
-      parallel access to both lists and result in the following combinations:
-    </p>
-<pre>
-  10.0.0.1, 80
-  11.1.2.3, 8080
-</pre>
-    <p>
-      Further, the notation of $VARIABLE is short-hand for $VARIABLE[@0]. The
-      former notation always assumes the iterator with Id '0'.
-    <p>
-
-    <h3><a name="nwfelemsRulesAdvIPAddrDetection">Automatic IP address detection</a></h3>
-    <p>
-       The detection of IP addresses used on a virtual machine's interface
-       is automatically activated if the variable <code>IP</code> is referenced
-       but no value has been assigned to it.
-       <span class="since">Since 0.9.13</span>
-       the variable <code>CTRL_IP_LEARNING</code> can be used to specify
-       the IP address learning method to use. Valid values are <code>any</code>,
-       <code>dhcp</code>, or <code>none</code>.
-       <br/><br/>
-       The value <code>any</code> means that libvirt may use any packet to
-       determine the address in use by a virtual machine, which is the default
-       behavior if the variable <code>CTRL_IP_LEARNING</code> is not set. This method
-       will only detect a single IP address on an interface.
-       Once a VM's IP address has been detected, its IP network traffic
-       will be locked to that address, if for example IP address spoofing
-       is prevented by one of its filters. In that case the user of the VM
-       will not be able to change the IP address on the interface inside
-       the VM, which would be considered IP address spoofing.
-       When a VM is migrated to another host or resumed after a suspend operation,
-       the first packet sent by the VM will again determine the IP address it can
-       use on a particular interface.
-       <br/><br>
-       A value of <code>dhcp</code> specifies that libvirt should only honor DHCP
-       server-assigned addresses with valid leases. This method supports the detection
-       and usage of multiple IP address per interface.
-       When a VM is resumed after a suspend operation, still valid IP address leases
-       are applied to its filters. Otherwise the VM is expected to again use DHCP to obtain new
-       IP addresses. The migration of a VM to another physical host requires that
-       the VM again runs the DHCP protocol.
-       <br/><br/>
-       Use of <code>CTRL_IP_LEARNING=dhcp</code> (DHCP snooping) provides additional
-       anti-spoofing security, especially when combined with a filter allowing
-       only trusted DHCP servers to assign addresses. To enable this, set the
-       variable <code>DHCPSERVER</code> to the IP address of a valid DHCP server
-       and provide filters that use this variable to filter incoming DHCP responses.
-       <br/><br/>
-       When DHCP snooping is enabled and the DHCP lease expires,
-       the VM will no longer be able to use the IP address until it acquires a
-       new, valid lease from a DHCP server. If the VM is migrated, it must get
-       a new valid DHCP lease to use an IP address (e.g., by
-       bringing the VM interface down and up again).
-       <br/><br/>
-       Note that automatic DHCP detection listens to the DHCP traffic
-       the VM exchanges with the DHCP server of the infrastructure. To avoid
-       denial-of-service attacks on libvirt, the evaluation of those packets
-       is rate-limited, meaning that a VM sending an excessive number of DHCP
-       packets per second on an interface will not have all of those packets
-       evaluated and thus filters may not get adapted. Normal DHCP client
-       behavior is assumed to send a low number of DHCP packets per second.
-       Further, it is important to setup appropriate filters on all VMs in
-       the infrastructure to avoid them  being able to send DHCP
-       packets. Therefore VMs must either be prevented from sending UDP and TCP
-       traffic from port 67 to port 68 or the <code>DHCPSERVER</code>
-       variable should be used on all VMs to restrict DHCP server messages to
-       only be allowed to originate from trusted DHCP servers. At the same
-       time anti-spoofing prevention must be enabled on all VMs in the subnet.
-       <br/><br/>
-       If <code>CTRL_IP_LEARNING</code> is set to <code>none</code>, libvirt does not do
-       IP address learning and referencing <code>IP</code> without assigning it an
-       explicit value is an error.
-       <br/><br/>
-       The following XML provides an example for the activation of IP address learning
-       using the DHCP snooping method:
-    </p>
-<pre>
-    &lt;interface type='bridge'&gt;
-      &lt;source bridge='virbr0'/&gt;
-      &lt;filterref filter='clean-traffic'&gt;
-        &lt;parameter name='CTRL_IP_LEARNING' value='dhcp'/&gt;
-      &lt;/filterref&gt;
-    &lt;/interface&gt;
-</pre>
-
-    <h3><a name="nwfelemsReservedVars">Reserved Variables</a></h3>
-    <p>
-      The following table lists reserved variables in use by libvirt.
-    </p>
-      <table class="top_table">
-       <tr>
-         <th> Variable Name </th>
-         <th> Semantics </th>
-       </tr>
-       <tr>
-         <td> MAC </td>
-         <td> The MAC address of the interface </td>
-       </tr>
-       <tr>
-         <td> IP </td>
-         <td> The list of IP addresses in use by an interface </td>
-       </tr>
-       <tr>
-         <td> IPV6 </td>
-         <td> Not currently implemented:
-              the list of IPV6 addresses in use by an interface </td>
-       </tr>
-       <tr>
-         <td> DHCPSERVER </td>
-         <td> The list of IP addresses of trusted DHCP servers</td>
-       </tr>
-       <tr>
-         <td> DHCPSERVERV6 </td>
-         <td> Not currently implemented:
-              The list of IPv6 addresses of trusted DHCP servers</td>
-       </tr>
-       <tr>
-         <td> CTRL_IP_LEARNING </td>
-         <td> The choice of the IP address detection mode </td>
-       </tr>
-      </table>
 
     <h2><a name="nwfelems">Element and attribute overview</a></h2>
 
@@ -557,19 +258,11 @@
     </p>
     <ul>
      <li>
-        action -- mandatory; must either be <code>drop</code>
-        (matching the rule silently discards the packet with no
-        further analysis),
-        <code>reject</code> (matching the rule generates an ICMP
-        reject message with no further analysis) <span class="since">(since
-        0.9.0)</span>, <code>accept</code> (matching the rule accepts
-        the packet with no further analysis), <code>return</code>
-        (matching the rule passes this filter, but returns control to
-        the calling filter for further
-        analysis) <span class="since">(since 0.9.7)</span>,
-        or <code>continue<code> (matching the rule goes on to the next
-        rule for further analysis) <span class="since">(since
-        0.9.7)</span>.
+        action -- mandatory; must either be <code>drop</code>,
+        <code>reject</code><span class="since">(since 0.9.0)</span>,
+        or <code>accept</code> if
+        the evaluation of the filtering rule is supposed to drop,
+        reject (using ICMP message), or accept a packet
      </li>
      <li>
         direction -- mandatory; must either be <code>in</code>, <code>out</code> or
@@ -579,21 +272,10 @@
      <li>
         priority -- optional; the priority of the rule controls the order in
         which the rule will be instantiated relative to other rules.
-        Rules with lower value will be instantiated before rules with higher
-        values.
-        Valid values are in the range of 0 to 1000.
-        <span class="since">Since 0.9.8</span> this has been extended to cover
-        the range of -1000 to 1000. If this attribute is not
-        provided, priority 500 will automatically be assigned.
-        <br>
-        Note that filtering rules in the <code>root</code> chain are sorted
-        with filters connected to the <code>root</code> chain following
-        their priorities. This allows to interleave filtering rules with
-        access to filter chains.
-        (See also section on
-         <a href="#nwfconceptschainpriorities">
-           filtering chain priorities
-         </a>.)
+        Rules with lower value will be instantiated and therefore evaluated
+        before rules with higher value.
+        Valid values are in the range of 0 to 1000. If this attribute is not
+        provided, the value 500 will automatically be assigned.
      </li>
      <li>
         statematch -- optional; possible values are '0' or 'false' to
@@ -605,7 +287,7 @@
     </ul>
     <p>
      The above example indicates that the traffic of type <code>ip</code>
-     will be associated with the chain 'ipv4' and the rule will have
+     will be asscociated with the chain 'ipv4' and the rule will have
      priority 500. If for example another filter is referenced whose
      traffic of type <code>ip</code> is also associated with the chain
      'ipv4' then that filter's rules will be ordered relative to the priority
@@ -632,7 +314,7 @@
     <ul>
      <li>UINT8 : 8 bit integer; range 0-255</li>
      <li>UINT16: 16 bit integer; range 0-65535</li>
-     <li>MAC_ADDR: MAC address in dotted decimal format, i.e., 00:11:22:33:44:55</li>
+     <li>MAC_ADDR: MAC adrress in dotted decimal format, i.e., 00:11:22:33:44:55</li>
      <li>MAC_MASK: MAC address mask in MAC address format, i.e., FF:FF:FF:FC:00:00</li>
      <li>IP_ADDR: IP address in dotted decimal format, i.e., 10.1.2.3</li>
      <li>IP_MASK: IP address mask in either dotted decimal format (255.255.248.0) or CIDR mask (0-32)</li>
@@ -640,11 +322,6 @@
      <li>IPV6_MASK: IPv6 mask in numbers format (FFFF:FFFF:FC00::) or CIDR mask (0-128)</li>
      <li>STRING: A string</li>
      <li>BOOLEAN: 'true', 'yes', '1' or 'false', 'no', '0'</li>
-     <li>IPSETFLAGS: The source and destination flags of the ipset described
-         by up to 6 'src' or 'dst' elements selecting features from either
-         the source or destination part of the packet header; example:
-         src,src,dst. The number of 'selectors' to provide here depends
-         on the type of ipset that is referenced.</li>
     </ul>
     <p>
      <br/><br/>
@@ -727,203 +404,6 @@
 [...]
 </pre>
 
-    <h5><a name="nwfelemsRulesProtoVLAN">VLAN (802.1Q)</a>
-      <span class="since">(Since 0.9.8)</span>
-    </h5>
-    <p>
-      Protocol ID: <code>vlan</code>
-      <br/>
-      Note: Rules of this type should go either into the <code>root</code> or
-      <code>vlan</code> chain.
-    </p>
-      <table class="top_table">
-       <tr>
-         <th> Attribute </th>
-         <th> Datatype </th>
-         <th> Semantics </th>
-       </tr>
-       <tr>
-         <td>srcmacaddr</td>
-         <td>MAC_ADDR</td>
-         <td>MAC address of sender</td>
-       </tr>
-       <tr>
-         <td>srcmacmask</td>
-         <td>MAC_MASK</td>
-         <td>Mask applied to MAC address of sender</td>
-       </tr>
-       <tr>
-         <td>dstmacaddr</td>
-         <td>MAC_ADDR</td>
-         <td>MAC address of destination</td>
-       </tr>
-       <tr>
-         <td>dstmacmask</td>
-         <td>MAC_MASK</td>
-         <td>Mask applied to MAC address of destination</td>
-       </tr>
-       <tr>
-         <td>vlan-id</td>
-         <td>UINT16 (0x0-0xfff, 0 - 4095)</td>
-         <td>VLAN ID</td>
-       </tr>
-       <tr>
-         <td>encap-protocol</td>
-         <td>UINT16 (0x03c-0xfff), String</td>
-         <td>Encapsulated layer 3 protocol ID</td>
-       </tr>
-       <tr>
-         <td>comment </td>
-         <td>STRING</td>
-         <td>text with max. 256 characters</td>
-       </tr>
-      </table>
-    <p>
-      Valid Strings for <code>encap-protocol</code> are: arp, ipv4, ipv6
-    </p>
-
-    <h5><a name="nwfelemsRulesProtoSTP">STP (Spanning Tree Protocol)</a>
-      <span class="since">(Since 0.9.8)</span>
-    </h5>
-    <p>
-      Protocol ID: <code>stp</code>
-      <br/>
-      Note: Rules of this type should go either into the <code>root</code> or
-      <code>stp</code> chain.
-    </p>
-      <table class="top_table">
-       <tr>
-         <th> Attribute </th>
-         <th> Datatype </th>
-         <th> Semantics </th>
-       </tr>
-       <tr>
-         <td>srcmacaddr</td>
-         <td>MAC_ADDR</td>
-         <td>MAC address of sender</td>
-       </tr>
-       <tr>
-         <td>srcmacmask</td>
-         <td>MAC_MASK</td>
-         <td>Mask applied to MAC address of sender</td>
-       </tr>
-       <tr>
-         <td>type</td>
-         <td>UINT8</td>
-         <td>Bridge Protocol Data Unit (BPDU) type</td>
-       </tr>
-       <tr>
-         <td>flags</td>
-         <td>UINT8</td>
-         <td>BPDU flag</td>
-       </tr>
-       <tr>
-         <td>root-priority</td>
-         <td>UINT16</td>
-         <td>Root priority (range start)</td>
-       </tr>
-       <tr>
-         <td>root-priority-hi</td>
-         <td>UINT16</td>
-         <td>Root priority range end</td>
-       </tr>
-       <tr>
-         <td>root-address</td>
-         <td>MAC_ADDRESS</td>
-         <td>Root MAC address</td>
-       </tr>
-       <tr>
-         <td>root-address-mask</td>
-         <td>MAC_MASK</td>
-         <td>Root MAC address mask</td>
-       </tr>
-       <tr>
-         <td>root-cost</td>
-         <td>UINT32</td>
-         <td>Root path cost (range start)</td>
-       </tr>
-       <tr>
-         <td>root-cost-hi</td>
-         <td>UINT32</td>
-         <td>Root path cost range end</td>
-       </tr>
-       <tr>
-         <td>sender-priority</td>
-         <td>UINT16</td>
-         <td>Sender priority (range start)</td>
-       </tr>
-       <tr>
-         <td>sender-priority-hi</td>
-         <td>UINT16</td>
-         <td>Sender priority range end</td>
-       </tr>
-       <tr>
-         <td>sender-address</td>
-         <td>MAC_ADDRESS</td>
-         <td>BPDU sender MAC address</td>
-       </tr>
-       <tr>
-         <td>sender-address-mask</td>
-         <td>MAC_MASK</td>
-         <td>BPDU sender MAC address mask</td>
-       </tr>
-       <tr>
-         <td>port</td>
-         <td>UINT16</td>
-         <td>Port identifier (range start)</td>
-       </tr>
-       <tr>
-         <td>port_hi</td>
-         <td>UINT16</td>
-         <td>Port identifier range end</td>
-       </tr>
-       <tr>
-         <td>msg-age</td>
-         <td>UINT16</td>
-         <td>Message age timer (range start)</td>
-       </tr>
-       <tr>
-         <td>msg-age-hi</td>
-         <td>UINT16</td>
-         <td>Message age timer range end</td>
-       </tr>
-       <tr>
-         <td>max-age</td>
-         <td>UINT16</td>
-         <td>Maximum age timer (range start)</td>
-       </tr>
-       <tr>
-         <td>max-age-hi</td>
-         <td>UINT16</td>
-         <td>Maximum age timer range end</td>
-       </tr>
-       <tr>
-         <td>hello-time</td>
-         <td>UINT16</td>
-         <td>Hello time timer (range start)</td>
-       </tr>
-       <tr>
-         <td>hello-time-hi</td>
-         <td>UINT16</td>
-         <td>Hello time timer range end</td>
-       </tr>
-       <tr>
-         <td>forward-delay</td>
-         <td>UINT16</td>
-         <td>Forward delay (range start)</td>
-       </tr>
-       <tr>
-         <td>forward-delay-hi</td>
-         <td>UINT16</td>
-         <td>Forward delay range end</td>
-       </tr>
-       <tr>
-         <td>comment</td>
-         <td>STRING</td>
-         <td>text with max. 256 characters</td>
-       </tr>
-      </table>
-
     <h5><a name="nwfelemsRulesProtoARP">ARP/RARP</a></h5>
     <p>
       Protocol ID: <code>arp</code> or <code>rarp</code>
@@ -1013,7 +493,6 @@
     <h5><a name="nwfelemsRulesProtoIP">IPv4</a></h5>
     <p>
       Protocol ID: <code>ip</code>
-      <br/>
       Note: Rules of this type should either go into the
       <code>root</code> or <code>ipv4</code> chain.
     </p>
@@ -1104,7 +583,6 @@
     <h5><a name="nwfelemsRulesProtoIPv6">IPv6</a></h5>
     <p>
       Protocol ID: <code>ipv6</code>
-      <br/>
       Note: Rules of this type should either go into the
       <code>root</code> or <code>ipv6</code> chain.
     </p>
@@ -1286,16 +764,6 @@
          <td>STRING</td>
          <td>TCP-only: format of mask/flags with mask and flags each being a comma separated list of SYN,ACK,URG,PSH,FIN,RST or NONE or ALL</td>
        </tr>
-       <tr>
-         <td>ipset <span class="since">(Since 0.9.13)</span></td>
-         <td>STRING</td>
-         <td>The name of an IPSet managed outside of libvirt</td>
-       </tr>
-       <tr>
-         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
-         <td>IPSETFLAGS</td>
-         <td>flags for the IPSet; requires ipset attribute</td>
-       </tr>
       </table>
     <p>
       <br/><br/>
@@ -1396,16 +864,6 @@
          <td>STRING</td>
          <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
        </tr>
-       <tr>
-         <td>ipset <span class="since">(Since 0.9.13)</span></td>
-         <td>STRING</td>
-         <td>The name of an IPSet managed outside of libvirt</td>
-       </tr>
-       <tr>
-         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
-         <td>IPSETFLAGS</td>
-         <td>flags for the IPSet; requires ipset attribute</td>
-       </tr>
       </table>
     <p>
       <br/><br/>
@@ -1495,16 +953,6 @@
          <td>STRING</td>
          <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
        </tr>
-       <tr>
-         <td>ipset <span class="since">(Since 0.9.13)</span></td>
-         <td>STRING</td>
-         <td>The name of an IPSet managed outside of libvirt</td>
-       </tr>
-       <tr>
-         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
-         <td>IPSETFLAGS</td>
-         <td>flags for the IPSet; requires ipset attribute</td>
-       </tr>
       </table>
     <p>
       <br/><br/>
@@ -1606,16 +1054,6 @@
          <td>STRING</td>
          <td>TCP-only: format of mask/flags with mask and flags each being a comma separated list of SYN,ACK,URG,PSH,FIN,RST or NONE or ALL</td>
        </tr>
-       <tr>
-         <td>ipset <span class="since">(Since 0.9.13)</span></td>
-         <td>STRING</td>
-         <td>The name of an IPSet managed outside of libvirt</td>
-       </tr>
-       <tr>
-         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
-         <td>IPSETFLAGS</td>
-         <td>flags for the IPSet; requires ipset attribute</td>
-       </tr>
       </table>
     <p>
       <br/><br/>
@@ -1702,16 +1140,6 @@
          <td>STRING</td>
          <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
        </tr>
-       <tr>
-         <td>ipset <span class="since">(Since 0.9.13)</span></td>
-         <td>STRING</td>
-         <td>The name of an IPSet managed outside of libvirt</td>
-       </tr>
-       <tr>
-         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
-         <td>IPSETFLAGS</td>
-         <td>flags for the IPSet; requires ipset attribute</td>
-       </tr>
       </table>
     <p>
       <br/><br/>
@@ -1786,16 +1214,6 @@
          <td>STRING</td>
          <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
        </tr>
-       <tr>
-         <td>ipset <span class="since">(Since 0.9.13)</span></td>
-         <td>STRING</td>
-         <td>The name of an IPSet managed outside of libvirt</td>
-       </tr>
-       <tr>
-         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
-         <td>IPSETFLAGS</td>
-         <td>flags for the IPSet; requires ipset attribute</td>
-       </tr>
       </table>
     <p>
       <br/><br/>
@@ -1806,7 +1224,6 @@
      The following sections discuss advanced filter configuration
      topics.
     </p>
-
     <h4><a name="nwfelemsRulesAdvTracking">Connection tracking</a></h4>
     <p>
      The network filtering subsystem (on Linux) makes use of the connection
@@ -1911,7 +1328,7 @@
       unresponsive due to its traffic being dropped.
       Therefore, the limit of connections should be rather high so that
       fluctuations in new TCP connections don't cause odd
-      traffic behavior in relation to idle connections.
+      traffic behavior in relaton to idle connections.
     </p>
 
     <h2><a name="nwfcli">Command line tools</a></h2>
@@ -2006,10 +1423,8 @@
     </p>
     <ul>
      <li>mac</li>
-     <li>stp (spanning tree protocol)</li>
-     <li>vlan (802.1Q)</li>
      <li>arp, rarp</li>
-     <li>ipv4</li>
+     <li>ip</li>
      <li>ipv6</li>
     </ul>
 
@@ -2021,14 +1436,13 @@
     filter subsystem first passes through the filtering support implemented
     by ebtables and only then through iptables or ip6tables filters. If
     a filter tree has rules with the protocols <code>mac</code>,
-    <code>stp</code>, <code>vlan</code>
-    <code>arp</code>, <code>rarp</code>, <code>ipv4</code>,
-    or <code>ipv6</code> ebtables rules will automatically be instantiated.
+    <code>arp</code>, <code>rarp</code>, <code>ip</code>, or <code>ipv6</code>
+    ebtables rules will automatically be instantiated.
     <br/>
     The role of the <code>chain</code> attribute in the network filter
     XML is that internally a new user-defined ebtables table is created
     that then for example receives all <code>arp</code> traffic coming
-    from or going to a virtual machine if the chain <code>arp</code>
+    from or going to a virtual machine, if the chain <code>arp</code>
     has been specified. Further, a rule is generated in an interface's
     <code>root</code> chain that directs all ipv4 traffic into the
     user-defined chain. Therefore, all ARP traffic rules should then be
@@ -2036,12 +1450,6 @@
     into user-defined tables is only supported with filtering on the ebtables
     layer.
     <br/>
-    <span class="since">Since 0.9.8</span> multiple chains for the same
-    protocol can be created. For this the name of the chain must have
-    a prefix of one of the previously enumerated protocols. To create an
-    additional chain for handling of ARP traffic, a chain with name
-    <code>arp-test</code> can be specified.
-    <br/>
     As an example, it is
     possible to filter on UDP traffic by source and destination ports using
     the <code>ip</code> protocol filter and specifying attributes for the
@@ -2053,7 +1461,7 @@
     tree that instantiates iptables or ip6tables rules, a rule to let
     the UDP packet pass will also be necessary to be provided for those
     filtering layers. This can be
-    achieved with a rule containing an appropriate <code>udp</code> or
+    achieved with a rule containing an approriate <code>udp</code> or
     <code>udp-ipv6</code> traffic filtering node.
     </p>
 
@@ -2253,7 +1661,7 @@
 </pre>
     <p>
      Before trying out a filter using the <code>RELATED</code> state,
-     you have to make sure that the appropriate connection tracking module
+     you have to make sure that the approriate connection tracking module
      has been loaded into the host's kernel. Depending on the version of the
      kernel, you must run either one of the following two commands before
      the ftp connection with the VM is established.
@@ -2339,6 +1747,36 @@
      filtering subsystem.
     </p>
 
+    <h3><a name="nwflimitsIP">IP Address Detection</a></h3>
+     <p>
+       In case a network filter references the variable
+       <i>IP</i> and no variable was defined in any higher layer
+       references to the filter, IP address detection will automatically
+       be started when the filter is to be instantiated (VM start, interface
+       hotplug event). Only IPv4
+       addresses can be detected and only a single IP address
+       legitimately in use by a VM on a single interface will be detected.
+       In case a VM was to use multiple IP address on a single interface
+       (IP aliasing),
+       the IP addresses would have to be provided explicitly either
+       in the network filter itself or as variables used in attributes'
+       values. These
+       variables must then be defined in a higher level reference to the filter
+       and each assigned the value of the IP address that the VM is expected
+       to be using.
+       Different IP addresses in use by multiple interfaces of a VM
+       (one IP address each) will be independently detected.
+       <br/><br/>
+       Once a VM's IP address has been detected, its IP network traffic
+       may be locked to that address, if for example IP address spoofing
+       is prevented by one of its filters. In that case the user of the VM
+       will not be able to change the IP address on the interface inside
+       the VM, which would be considered IP address spoofing.
+       <br/><br/>
+       In case a VM is resumed after suspension or migrated, IP address
+       detection will be restarted.
+     </p>
+
     <h3><a name="nwflimitsmigr">VM Migration</a></h3>
      <p>
       VM migration is only supported if the whole filter tree
@@ -2357,13 +1795,6 @@
       0.8.1 or later in order not to lose the network traffic filters
       associated with an interface.
      </p>
-    <h3><a name="nwflimitsvlan">VLAN filtering on Linux</a></h3>
-     <p>
-      VLAN (802.1Q) packets, if sent by a virtual machine, cannot be filtered
-      with rules for protocol IDs <code>arp</code>, <code>rarp</code>,
-      <code>ipv4</code> and <code>ipv6</code> but only
-      with protocol IDs <code>mac</code> and <code>vlan</code>. Therefore,
-      the example filter <code>clean-traffic</code> will not work as expected.
-     </p>
+
   </body>
 </html>

docs/formatsecret.html.in

@@ -39,8 +39,8 @@
       <dd>
         Specifies what this secret is used for.  A mandatory
         <code>type</code> attribute specifies the usage category, currently
-        only <code>volume</code> and <code>ceph</code> are defined.
-        Specific usage categories are described below.
+        only <code>volume</code> is defined.  Specific usage categories are
+        described below.
       </dd>
     </dl>
 
@@ -54,18 +54,6 @@
       this secret is associated with.
     </p>
 
-    <h3>Usage type "ceph"</h3>
-
-    <p>
-      This secret is associated with a Ceph RBD (rados block device).
-      The <code>&lt;usage type='ceph'&gt;</code> element must contain
-      a single <code>name</code> element that specifies a usage name
-      for the secret.  The Ceph secret can then be used by UUID or by
-      this usage name via the <code>&lt;auth&gt;</code> element of
-      a <a href="domain.html#elementsDisks">disk
-      device</a>. <span class="since">Since 0.9.7</span>.
-    </p>
-
     <h2><a name="example">Example</a></h2>
 
     <pre>

docs/formatstorage.html.in

@@ -13,7 +13,7 @@
       volumes. Some may have constraints on volume size, or placement.
     </p>
     <p>
-      The top level tag for a storage pool document is 'pool'. It has
+      The is the top level tag for a storage pool document is 'pool'. It has
       a single attribute <code>type</code>, which is one of <code>dir</code>,
       <code>fs</code>,<code>netfs</code>,<code>disk</code>,<code>iscsi</code>,
       <code>logical</code>. This corresponds to the storage backend drivers
@@ -141,11 +141,6 @@
             &lt;mode&gt;0744&lt;/mode&gt;
             &lt;label&gt;virt_image_t&lt;/label&gt;
           &lt;/permissions&gt;
-          &lt;timestamps&gt;
-            &lt;atime&gt;1341933637.273190990&lt;/atime&gt;
-            &lt;mtime&gt;1341930622.047245868&lt;/mtime&gt;
-            &lt;ctime&gt;1341930622.047245868&lt;/ctime&gt;
-          &lt;/timestamps&gt;
           &lt;encryption type='...'&gt;
             ...
           &lt;/encryption&gt;
@@ -177,19 +172,6 @@
         contains the MAC (eg SELinux) label string.
         <span class="since">Since 0.4.1</span>
       </dd>
-      <dt><code>timestamps</code></dt>
-      <dd>Provides timing information about the volume. Up to four
-        sub-elements are present,
-        where <code>atime</code>, <code>btime</code>, <code>ctime</code>
-        and <code>mtime</code> hold the access, birth, change and
-        modification time of the volume, where known. The used time
-        format is &lt;seconds&gt;.&lt;nanoseconds&gt; since the
-        beginning of the epoch (1 Jan 1970). If nanosecond resolution
-        is 0 or otherwise unsupported by the host OS or filesystem,
-        then the nanoseconds part is omitted.  This is a readonly
-        attribute and is ignored when creating a volume.
-        <span class="since">Since 0.10.0</span>
-      </dd>
       <dt><code>encryption</code></dt>
       <dd>If present, specifies how the volume is encrypted.  See
         the <a href="formatstorageencryption.html">Storage Encryption</a> page
@@ -252,24 +234,11 @@
         to sparsely allocate a volume. It does not have to honour requests
         for sparse allocation though.<br/>
         <br/>
-        By default this is specified in bytes, but an optional attribute
+        By default this is specified in bytes, but an optional
         <code>unit</code> can be specified to adjust the passed value.
-        Values can be: 'B' or 'bytes' for bytes, 'KB' (kilobytes,
-        10<sup>3</sup> or 1000 bytes), 'K' or 'KiB' (kibibytes,
-        2<sup>10</sup> or 1024 bytes), 'MB' (megabytes, 10<sup>6</sup>
-        or 1,000,000 bytes), 'M' or 'MiB' (mebibytes, 2<sup>20</sup>
-        or 1,048,576 bytes), 'GB' (gigabytes, 10<sup>9</sup> or
-        1,000,000,000 bytes), 'G' or 'GiB' (gibibytes, 2<sup>30</sup>
-        or 1,073,741,824 bytes), 'TB' (terabytes, 10<sup>12</sup> or
-        1,000,000,000,000 bytes), 'T' or 'TiB' (tebibytes,
-        2<sup>40</sup> or 1,099,511,627,776 bytes), 'PB' (petabytes,
-        10<sup>15</sup> or 1,000,000,000,000,000 bytes), 'P' or 'PiB'
-        (pebibytes, 2<sup>50</sup> or 1,125,899,906,842,624 bytes),
-        'EB' (exabytes, 10<sup>18</sup> or 1,000,000,000,000,000,000
-        bytes), or 'E' or 'EiB' (exbibytes, 2<sup>60</sup> or
-        1,152,921,504,606,846,976 bytes).  <span class="since">Since
-        0.4.1, multi-character <code>unit</code> since
-        0.9.11</span></dd>
+        Values can be: 'K' (kilobytes), 'M' (megabytes), 'G' (gigabytes),
+        'T' (terabytes), 'P' (petabytes), or 'E' (exabytes).
+        <span class="since">Since 0.4.1</span></dd>
       <dt><code>capacity</code></dt>
       <dd>Providing the logical capacity for the volume. This value is
         in bytes by default, but a <code>unit</code> attribute can be

docs/hacking.html.in

@@ -20,49 +20,10 @@
 <pre>
   git diff > libvirt-myfeature.patch
 </pre>
-        <p>However, the usual workflow of libvirt developer is:</p>
-<pre>
-  git checkout master
-  git pull
-  git checkout -t origin -b workbranch
-  Hack, committing any changes along the way
-</pre>
-        <p>Then, when you want to post your patches:</p>
-<pre>
-  git pull --rebase
-  (fix any conflicts)
-  git send-email --cover-letter --no-chain-reply-to --annotate --to=libvir-list@redhat.com master
-</pre>
-        <p>For a single patch you can omit <code>--cover-letter</code>, but
-        series of a two or more patches needs a cover letter. If you get tired
-        of typing <code>--to=libvir-list@redhat.com</code> designation you can
-        set it in git config:</p>
-<pre>
-  git config sendemail.to libvir-list@redhat.com
-</pre>
-        <p>Please follow this as close as you can, especially the rebase and
-        git send-email part, as it makes life easier for other developers to
-        review your patch set. One should avoid sending patches as attachments,
-        but rather send them in email body along with commit message. If a
-        developer is sending another version of the patch (e.g. to address
-        review comments), he is advised to note differences to previous
-        versions after the <code>---</code> line in the patch so that it helps
-        reviewers but doesn't become part of git history. Moreover, such patch
-        needs to be prefixed correctly with
-        <code>--subject-prefix=PATCHv2</code> appended to <code>git
-            send-email</code> (substitute <code>v2</code> with the correct
-        version if needed though).</p>
       </li>
-
-      <li><p>Split large changes into a series of smaller patches,
-        self-contained if possible, with an explanation of each patch and an
-        explanation of how the sequence of patches fits together. Moreover,
-        please keep in mind that it's required to be able to compile cleanly
-        after each patch.  A feature does not have to work until the end of a
-        series, as long as intermediate patches don't cause test-suite
-        failures.</p>
-      </li>
-
+      <li>Split large changes into a series of smaller patches, self-contained
+        if possible, with an explanation of each patch and an explanation of how
+        the sequence of patches fits together.</li>
       <li>Make sure your patches apply against libvirt GIT.  Developers
         only follow GIT and don't care much about released versions.</li>
       <li><p>Run the automated tests on your code before submitting any changes.
@@ -624,12 +585,6 @@
       <li><p>For strict equality of a prefix:</p>
 <pre>
   STRPREFIX(a,b)
-</pre>
-      </li>
-      <li><p>To avoid having to check if a or b are NULL:</p>
-<pre>
-  STREQ_NULLABLE(a, b)
-  STRNEQ_NULLABLE(a, b)
 </pre>
       </li>
     </ul>

docs/hooks.html.in

@@ -101,7 +101,7 @@
     <h5><a name="qemu">/etc/libvirt/hooks/qemu</a></h5>
     <ul>
       <li>Before a QEMU guest is started, the qemu hook script is
-        called in three locations; if any location fails, the guest
+        called in two locations; if either location fails, the guest
         is not started.  The first location, <span class="since">since
         0.9.0</span>, is before libvirt performs any resource
         labeling, and the hook can allocate resources not managed by
@@ -110,11 +110,7 @@
         The second location, available <span class="since">Since
         0.8.0</span>, occurs after libvirt has finished labeling
         all resources, but has not yet started the guest, called as:<br/>
-        <pre>/etc/libvirt/hooks/qemu guest_name start begin -</pre>
-        The third location, <span class="since">0.9.13</span>,
-        occurs after the QEMU process has successfully started up:<br/>
-        <pre>/etc/libvirt/hooks/qemu guest_name started begin -</pre>
-      </li>
+        <pre>/etc/libvirt/hooks/qemu guest_name start begin -</pre></li>
       <li>When a QEMU guest is stopped, the qemu hook script is called
         in two locations, to match the startup.
         First, <span class="since">since 0.8.0</span>, the hook is
@@ -124,61 +120,15 @@
         called again, <span class="since">since 0.9.0</span>, to allow
         any additional resource cleanup:<br/>
         <pre>/etc/libvirt/hooks/qemu guest_name release end -</pre></li>
-      <li><span class="since">Since 0.9.11</span>, the qemu hook script
-        is also called at the beginning of incoming migration. It is called
-        as: <pre>/etc/libvirt/hooks/qemu guest_name migrate begin -</pre>
-        with domain XML sent to standard input of the script. In this case,
-        the script acts as a filter and is supposed to modify the domain
-        XML and print it out on its standard output. Empty output is
-        identical to copying the input XML without changing it. In case the
-        script returns failure or the output XML is not valid, incoming
-        migration will be canceled. This hook may be used, e.g., to change
-        location of disk images for incoming domains.</li>
-      <li><span class="since">Since 0.9.13</span>, the qemu hook script
-        is also called when the libvirtd daemon restarts and reconnects
-        to previously running QEMU processes. If the script fails, the
-        existing QEMU process will be killed off. It is called as:
-        <pre>/etc/libvirt/hooks/qemu guest_name reconnect begin -</pre>
-      </li>
-      <li><span class="since">Since 0.9.13</span>, the qemu hook script
-        is also called when the QEMU driver is told to attach to an
-        externally launched QEMU process. It is called as:
-        <pre>/etc/libvirt/hooks/qemu guest_name attach begin -</pre>
-      </li>
     </ul>
 
     <h5><a name="lxc">/etc/libvirt/hooks/lxc</a></h5>
     <ul>
-      <li>Before a LXC guest is started, the lxc hook script is
-        called in three locations; if any location fails, the guest
-        is not started.  The first location, <span class="since">since
-        0.9.13</span>, is before libvirt performs any resource
-        labeling, and the hook can allocate resources not managed by
-        libvirt such as DRBD or missing bridges.  This is called as:<br/>
-        <pre>/etc/libvirt/hooks/lxc guest_name prepare begin -</pre>
-        The second location, available <span class="since">Since
-        0.8.0</span>, occurs after libvirt has finished labeling
-        all resources, but has not yet started the guest, called as:<br/>
-        <pre>/etc/libvirt/hooks/lxc guest_name start begin -</pre>
-        The third location, <span class="since">0.9.13</span>,
-        occurs after the LXC process has successfully started up:<br/>
-        <pre>/etc/libvirt/hooks/lxc guest_name started begin -</pre>
-      </li>
+      <li>When an LXC guest is started, the lxc hook script is called as:<br/>
+          <pre>/etc/libvirt/hooks/lxc guest_name start begin -</pre></li>
       <li>When a LXC guest is stopped, the lxc hook script is called
-        in two locations, to match the startup.
-        First, <span class="since">since 0.8.0</span>, the hook is
-        called before libvirt restores any labels:<br/>
-        <pre>/etc/libvirt/hooks/lxc guest_name stopped end -</pre>
-        Then, after libvirt has released all resources, the hook is
-        called again, <span class="since">since 0.9.0</span>, to allow
-        any additional resource cleanup:<br/>
-        <pre>/etc/libvirt/hooks/lxc guest_name release end -</pre></li>
-      <li><span class="since">Since 0.9.13</span>, the lxc hook script
-        is also called when the libvirtd daemon restarts and reconnects
-        to previously running LXC processes. If the script fails, the
-        existing LXC process will be killed off. It is called as:
-        <pre>/etc/libvirt/hooks/lxc guest_name reconnect begin -</pre>
-      </li>
+          as:<br/>
+          <pre>/etc/libvirt/hooks/lxc guest_name stopped end -</pre></li>
     </ul>
     <br/>
 
@@ -211,20 +161,19 @@
        source and destination hosts:</p>
     <ol>
       <li>At the beginning of the migration, the <i>qemu</i> hook script on
-          the <b>destination</b> host is executed with the "migrate"
-          operation.</li>
-      <li>Before QEMU process is spawned, the two operations ("prepare" and
-          "start") called for domain start are executed on
-          <b>destination</b> host.</li>
-      <li>If both of these hook script executions exit successfully (exit
-          status 0), the migration continues.  Any other exit code indicates
-          failure, and the migration is aborted.</li>
-      <li>The QEMU guest is then migrated to the destination host.</li>
+          the <b>destination</b> host is executed with the "start"
+          operation.<br/><br/></li>
+      <li>If this hook script returns indicating success (error code 0), the
+          migration continues.  Any other return code indicates failure, and
+          the migration is aborted.<br/><br/></li>
+      <li>The QEMU guest is then migrated to the destination host.<br/>
+          <br/></li>
       <li>Unless an error occurs during the migration process, the <i>qemu</i>
-          hook script on the <b>source</b> host is then executed with the
-          "stopped" and "release" operations to indicate it is no longer
-          running on this host. Regardless of the return codes, the
-          migration is not aborted as it has already been performed.</li>
+          hook script on the <b>source</b> host is then executed with the "stopped"
+          operation, to indicate it is no longer running on this
+          host.<br/><br/>
+          Regardless of the return code from this hook script, the migration
+          is not aborted as it has already been performed.</li>
     </ol>
     <br/>
 

docs/html/.gitignore

@@ -0,0 +1 @@
+*.html

docs/hvsupport.pl

@@ -27,9 +27,9 @@ my %groupheaders = (
 my @srcs;
 find({
     wanted => sub {
-        if (m!$srcdir/.*/\w+_(driver|tmpl|monitor|hal|udev)\.c$!) {
-            push @srcs, $_ if $_ !~ /vbox_driver\.c/;
-        }
+	if (m!$srcdir/.*/\w+_(driver|tmpl|monitor|hal|udev)\.c$!) {
+	    push @srcs, $_ if $_ !~ /vbox_driver\.c/;
+	}
     }, no_chdir => 1}, $srcdir);
 my $line;
 
@@ -47,26 +47,26 @@ while (defined($line = <FILE>)) {
     next if $line =~ /^\s*$/;
     next if $line =~ /^\s*(global|local):/;
     if ($line =~ /^\s*LIBVIRT_(\d+\.\d+\.\d+)\s*{\s*$/) {
-        if (defined $vers) {
-            die "malformed syms file";
-        }
-        $vers = $1;
+	if (defined $vers) {
+	    die "malformed syms file";
+	}
+	$vers = $1;
     } elsif ($line =~ /\s*}\s*;\s*$/) {
-        if (defined $prevvers) {
-            die "malformed syms file";
-        }
-        $prevvers = $vers;
-        $vers = undef;
+	if (defined $prevvers) {
+	    die "malformed syms file";
+	}
+	$prevvers = $vers;
+	$vers = undef;
     } elsif ($line =~ /\s*}\s*LIBVIRT_(\d+\.\d+\.\d+)\s*;\s*$/) {
-        if ($1 ne $prevvers) {
-            die "malformed syms file $1 != $vers";
-        }
-        $prevvers = $vers;
-        $vers = undef;
+	if ($1 ne $prevvers) {
+	    die "malformed syms file $1 != $vers";
+	}
+	$prevvers = $vers;
+	$vers = undef;
     } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
-        $apis{$1} = $vers;
+	$apis{$1} = $vers;
     } else {
-        die "unexpected data $line\n";
+	die "unexpected data $line\n";
     }
 }
 
@@ -86,26 +86,26 @@ while (defined($line = <FILE>)) {
     next if $line =~ /^\s*$/;
     next if $line =~ /^\s*(global|local):/;
     if ($line =~ /^\s*LIBVIRT_QEMU_(\d+\.\d+\.\d+)\s*{\s*$/) {
-        if (defined $vers) {
-            die "malformed syms file";
-        }
-        $vers = $1;
+	if (defined $vers) {
+	    die "malformed syms file";
+	}
+	$vers = $1;
     } elsif ($line =~ /\s*}\s*;\s*$/) {
-        if (defined $prevvers) {
-            die "malformed syms file";
-        }
-        $prevvers = $vers;
-        $vers = undef;
+	if (defined $prevvers) {
+	    die "malformed syms file";
+	}
+	$prevvers = $vers;
+	$vers = undef;
     } elsif ($line =~ /\s*}\s*LIBVIRT_QEMU_(\d+\.\d+\.\d+)\s*;\s*$/) {
-        if ($1 ne $prevvers) {
-            die "malformed syms file $1 != $vers";
-        }
-        $prevvers = $vers;
-        $vers = undef;
+	if ($1 ne $prevvers) {
+	    die "malformed syms file $1 != $vers";
+	}
+	$prevvers = $vers;
+	$vers = undef;
     } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
-        $apis{$1} = $vers;
+	$apis{$1} = $vers;
     } else {
-        die "unexpected data $line\n";
+	die "unexpected data $line\n";
     }
 }
 
@@ -143,31 +143,31 @@ my %groups;
 my $ingrp;
 while (defined($line = <FILE>)) {
     if ($line =~ /struct _(vir\w*(?:Driver|Monitor))/) {
-        my $grp = $1;
-        if ($grp ne "virStateDriver" &&
-            $grp ne "virStreamDriver") {
-            $ingrp = $grp;
-            $groups{$ingrp} = { apis => {}, drivers => {} };
-        }
+	my $grp = $1;
+	if ($grp ne "virStateDriver" &&
+	    $grp ne "virStreamDriver") {
+	    $ingrp = $grp;
+	    $groups{$ingrp} = { apis => {}, drivers => {} };
+	}
     } elsif ($ingrp) {
-        if ($line =~ /^\s*vir(?:Drv|DevMon)(\w+)\s+(\w+);\s*$/) {
-            my $field = $2;
-            my $name = $1;
+	if ($line =~ /^\s*vir(?:Drv|DevMon)(\w+)\s+(\w+);\s*$/) {
+	    my $field = $2;
+	    my $name = $1;
 
-            my $api;
-            if (exists $apis{"vir$name"}) {
-                $api = "vir$name";
-            } elsif (exists $apis{"virConnect$name"}) {
-                $api = "virConnect$name";
-            } elsif (exists $apis{"virNode$name"}) {
-                $api = "virNode$name";
-            } else {
-                die "driver $name does not have a public API";
-            }
-            $groups{$ingrp}->{apis}->{$field} = $api;
-        } elsif ($line =~ /};/) {
-            $ingrp = undef;
-        }
+	    my $api;
+	    if (exists $apis{"vir$name"}) {
+		$api = "vir$name";
+	    } elsif (exists $apis{"virConnect$name"}) {
+		$api = "virConnect$name";
+	    } elsif (exists $apis{"virNode$name"}) {
+		$api = "virNode$name";
+	    } else {
+		die "driver $name does not have a public API";
+	    }
+	    $groups{$ingrp}->{apis}->{$field} = $api;
+	} elsif ($line =~ /};/) {
+	    $ingrp = undef;
+	}
     }
 }
 
@@ -179,60 +179,60 @@ close FILE;
 
 foreach my $src (@srcs) {
     open FILE, "<$src" or
-        die "cannot read $src: $!";
+	die "cannot read $src: $!";
 
     $ingrp = undef;
     my $impl;
     while (defined($line = <FILE>)) {
-        if (!$ingrp) {
-            foreach my $grp (keys %groups) {
-                if ($line =~ /^\s*(?:static\s+)?$grp\s+(\w+)\s*=\s*{/ ||
-                    $line =~ /^\s*(?:static\s+)?$grp\s+NAME\(\w+\)\s*=\s*{/) {
-                    $ingrp = $grp;
-                    $impl = $src;
+	if (!$ingrp) {
+	    foreach my $grp (keys %groups) {
+		if ($line =~ /^\s*(?:static\s+)?$grp\s+(\w+)\s*=\s*{/ ||
+		    $line =~ /^\s*(?:static\s+)?$grp\s+NAME\(\w+\)\s*=\s*{/) {
+		    $ingrp = $grp;
+		    $impl = $src;
 
-                    if ($impl =~ m,.*/node_device_(\w+)\.c,) {
-                        $impl = $1;
-                    } else {
-                        $impl =~ s,.*/(\w+?)_((\w+)_)?(\w+)\.c,$1,;
-                    }
+		    if ($impl =~ m,.*/node_device_(\w+)\.c,) {
+			$impl = $1;
+		    } else {
+			$impl =~ s,.*/(\w+?)_((\w+)_)?(\w+)\.c,$1,;
+		    }
 
-                    if ($groups{$ingrp}->{drivers}->{$impl}) {
-                        die "Group $ingrp already contains $impl";
-                    }
+		    if ($groups{$ingrp}->{drivers}->{$impl}) {
+			die "Group $ingrp already contains $impl";
+		    }
 
-                    $groups{$ingrp}->{drivers}->{$impl} = {};
-                }
-            }
+		    $groups{$ingrp}->{drivers}->{$impl} = {};
+		}
+	    }
 
-        } else {
-            if ($line =~ m!\s*\.(\w+)\s*=\s*(\w+)\s*,?\s*(?:/\*\s*(\d+\.\d+\.\d+)\s*\*/\s*)?$!) {
-                my $api = $1;
-                my $meth = $2;
-                my $vers = $3;
+	} else {
+	    if ($line =~ m!\s*\.(\w+)\s*=\s*(\w+)\s*,?\s*(?:/\*\s*(\d+\.\d+\.\d+)\s*\*/\s*)?$!) {
+		my $api = $1;
+		my $meth = $2;
+		my $vers = $3;
 
-                next if $api eq "no" || $api eq "name";
+		next if $api eq "no" || $api eq "name";
 
-                die "Method $meth in $src is missing version" unless defined $vers;
+		die "Method $meth in $src is missing version" unless defined $vers;
 
-                die "Driver method for $api is NULL in $src" if $meth eq "NULL";
+		die "Driver method for $api is NULL in $src" if $meth eq "NULL";
 
-                if (!exists($groups{$ingrp}->{apis}->{$api})) {
-                    die "Found unexpected method $api in $ingrp\n";
-                }
+		if (!exists($groups{$ingrp}->{apis}->{$api})) {
+		    die "Found unexpected method $api in $ingrp\n";
+		}
 
-                $groups{$ingrp}->{drivers}->{$impl}->{$api} = $vers;
-                if ($api eq "domainMigratePrepare" ||
-                    $api eq "domainMigratePrepare2" ||
-                    $api eq "domainMigratePrepare3") {
-                    $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"} = $vers
-                        unless $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"};
-                }
+		$groups{$ingrp}->{drivers}->{$impl}->{$api} = $vers;
+		if ($api eq "domainMigratePrepare" ||
+		    $api eq "domainMigratePrepare2" ||
+		    $api eq "domainMigratePrepare3") {
+		    $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"} = $vers
+			unless $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"};
+		}
 
-            } elsif ($line =~ /}/) {
-                $ingrp = undef;
-            }
-        }
+	    } elsif ($line =~ /}/) {
+		$ingrp = undef;
+	    }
+	}
     }
 
     close FILE;
@@ -253,21 +253,21 @@ foreach my $drv (keys %{$groups{"virDriver"}->{drivers}}) {
     my $openVersStr = $groups{"virDriver"}->{drivers}->{$drv}->{"open"};
     my $openVers;
     if ($openVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
-        $openVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
+	$openVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
     }
 
     # virConnectOpenReadOnly always matches virConnectOpen version
     $groups{"virDriver"}->{drivers}->{$drv}->{"openReadOnly"} =
-        $groups{"virDriver"}->{drivers}->{$drv}->{"open"};
+	$groups{"virDriver"}->{drivers}->{$drv}->{"open"};
 
     # virConnectOpenAuth is always 0.4.0 if the driver existed
     # before this time, otherwise it matches the version of
     # the driver's virConnectOpen entry
     if ($openVersStr eq "Y" ||
-        $openVers >= $openAuthVers) {
-        $groups{"virDriver"}->{drivers}->{$drv}->{"openAuth"} = $openVersStr;
+	$openVers >= $openAuthVers) {
+	$groups{"virDriver"}->{drivers}->{$drv}->{"openAuth"} = $openVersStr;
     } else {
-        $groups{"virDriver"}->{drivers}->{$drv}->{"openAuth"} = "0.4.0";
+	$groups{"virDriver"}->{drivers}->{$drv}->{"openAuth"} = "0.4.0";
     }
 }
 
@@ -283,17 +283,17 @@ foreach my $drv (keys %{$groups{"virDriver"}->{drivers}}) {
     next unless defined $createVersStr;
     my $createVers;
     if ($createVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
-        $createVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
+	$createVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
     }
 
     # virCreateLinux is always 0.0.3 if the driver existed
     # before this time, otherwise it matches the version of
     # the driver's virCreateXML entry
     if ($createVersStr eq "Y" ||
-        $createVers >= $createAPIVers) {
-        $groups{"virDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = $createVersStr;
+	$createVers >= $createAPIVers) {
+	$groups{"virDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = $createVersStr;
     } else {
-        $groups{"virDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = "0.0.3";
+	$groups{"virDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = "0.0.3";
     }
 }
 
@@ -329,7 +329,7 @@ foreach my $grp (sort { $a cmp $b } keys %groups) {
 EOF
 
     foreach my $drv (sort { $a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-        print "  <th>$drv</th>\n";
+	print "  <th>$drv</th>\n";
     }
 
     print <<EOF;
@@ -340,27 +340,27 @@ EOF
 
     my $row = 0;
     foreach my $field (sort {
-        $groups{$grp}->{apis}->{$a}
-        cmp
-        $groups{$grp}->{apis}->{$b}
-        } keys %{$groups{$grp}->{apis}}) {
-        my $api = $groups{$grp}->{apis}->{$field};
-        my $vers = $apis{$api};
-        print <<EOF;
+	$groups{$grp}->{apis}->{$a}
+	cmp
+	$groups{$grp}->{apis}->{$b}
+	} keys %{$groups{$grp}->{apis}}) {
+	my $api = $groups{$grp}->{apis}->{$field};
+	my $vers = $apis{$api};
+	print <<EOF;
 <tr>
 <td><a href=\"html/libvirt-libvirt.html#$api\">$api</a></td>
 <td>$vers</td>
 EOF
 
         foreach my $drv (sort {$a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-            if (exists $groups{$grp}->{drivers}->{$drv}->{$field}) {
-                print "<td>", $groups{$grp}->{drivers}->{$drv}->{$field}, "</td>\n";
-            } else {
-                print "<td></td>\n";
-            }
+	    if (exists $groups{$grp}->{drivers}->{$drv}->{$field}) {
+		print "<td>", $groups{$grp}->{drivers}->{$drv}->{$field}, "</td>\n";
+	    } else {
+		print "<td></td>\n";
+	    }
         }
 
-        print <<EOF;
+	print <<EOF;
 </tr>
 EOF
 
@@ -373,13 +373,13 @@ EOF
 EOF
 
             foreach my $drv (sort { $a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-                print "  <th>$drv</th>\n";
+	        print "  <th>$drv</th>\n";
             }
 
         print <<EOF;
 </tr>
 EOF
-        }
+	}
 
     }
 

docs/internals/command.html.in

@@ -373,10 +373,7 @@
       allocation of collected information (however, on an
       out-of-memory condition, the buffer may still be NULL).  The
       caller is responsible for freeing registered buffers, since the
-      buffers are designed to persist beyond virCommandFree.  It
-      is possible to pass the same pointer to both
-      virCommandSetOutputBuffer and virCommandSetErrorBuffer, in which
-      case the child process interleaves output into a single string.
+      buffers are designed to persist beyond virCommandFree.
     </p>
 
     <h3><a name="directory">Setting working directory</a></h3>
@@ -448,7 +445,7 @@
       <strong>Note:</strong> if the command has been daemonized
       this will only block &amp; wait for the intermediate process,
       not the real command. <code>virCommandRun</code> will
-      report on any errors that have occurred upon this point
+      report on any errors that have occured upon this point
       with all previous API calls. If the command fails to
       run, or exits with non-zero status an error will be
       reported via normal libvirt error infrastructure. If a

docs/internals/rpc.html.in

@@ -163,28 +163,14 @@
 
     <ul>
       <li>type=call: the in parameters for the method call, XDR encoded</li>
-      <li>type=call-with-fds: number of file handles, then the in parameters for the method call, XDR encoded, followed by the file handles</li>
       <li>type=reply+status=ok: the return value and/or out parameters for the method call, XDR encoded</li>
       <li>type=reply+status=error: the error information for the method, a virErrorPtr XDR encoded</li>
-      <li>type=reply-with-fds+status=ok: number of file handles, the return value and/or out parameters for the method call, XDR encoded, followed by the file handles</li>
-      <li>type=reply-with-fds+status=error: number of file handles, the error information for the method, a virErrorPtr XDR encoded, followed by the file handles</li>
       <li>type=event: the parameters for the event, XDR encoded</li>
       <li>type=stream+status=ok: no payload</li>
       <li>type=stream+status=error: the error information for the method, a virErrorPtr XDR encoded</li>
       <li>type=stream+status=continue: the raw bytes of data for the stream. No XDR encoding</li>
     </ul>
 
-    <p>
-      With the two packet types that support passing file descriptors, in
-      between the header and the payload there will be a 4-byte integer
-      specifying the number of file descriptors which are being sent.
-      The actual file handles are sent after the payload has been sent.
-      Each file handle has a single dummy byte transmitted as a carrier
-      for the out of band file descriptor. While the sender should always
-      send '\0' as the dummy byte value, the receiver ought to ignore the
-      value for the sake of robustness.
-    </p>
-
     <p>
       For the exact payload information for each procedure, consult the XDR protocol
       definition for the program+version in question
@@ -353,27 +339,6 @@
           +--+-----------------------+--------+
     </pre>
 
-    <h4><a name="wireexamplescallfd">Method call with passed FD</a></h4>
-
-    <p>
-      A single method call with 2 passed file descriptors and successful
-      reply, for a program=8, version=1, procedure=3, which 10 bytes worth
-      of input args, and 4 bytes worth of return values. The number of
-      file descriptors is encoded as a 32-bit int. Each file descriptor
-      then has a 1 byte dummy payload. The overall input
-      packet length is 4 + 24 + 4 + 2 + 10 == 44, and output packet length 32.
-    </p>
-
-    <pre>
-          +--+-----------------------+---------------+-------+
-   C --&gt;  |44| 8 | 1 | 3 | 0 | 1 | 0 | 2 | .o.oOo.o. | 0 | 0 |  --&gt; S  (call)
-          +--+-----------------------+---------------+-------+
-
-          +--+-----------------------+--------+
-   C &lt;--  |32| 8 | 1 | 3 | 1 | 1 | 0 | .o.oOo |  &lt;-- S  (reply)
-          +--+-----------------------+--------+
-    </pre>
-
 
     <h2><a name="security">RPC security</a></h2>
 

docs/libvirt-daemon-arch.fig

@@ -2,7 +2,7 @@
 Landscape
 Center
 Inches
-Letter
+Letter  
 100.00
 Single
 -2

docs/libvirt-driver-arch.fig

@@ -2,7 +2,7 @@
 Landscape
 Center
 Inches
-Letter
+Letter  
 100.00
 Single
 -2

docs/libvirt-net-logical.fig

@@ -2,7 +2,7 @@
 Landscape
 Center
 Inches
-Letter
+Letter  
 100.00
 Single
 -2

docs/libvirt-net-physical.fig

@@ -2,7 +2,7 @@
 Landscape
 Center
 Inches
-Letter
+Letter  
 100.00
 Single
 -2

docs/libvirt-object-model.fig

@@ -2,7 +2,7 @@
 Landscape
 Center
 Inches
-Letter
+Letter  
 100.00
 Single
 -2

docs/libvirt.css

@@ -364,51 +364,3 @@ span.since {
     font-style: italic;
     font-weight: bold;
 }
-
-img.diagram {
-    background: rgb(230,230,230);
-    border: 2px dotted rgb(178,178,178);
-    padding: 1em;
-    display: block;
-    margin-left: auto;
-    margin-right: auto;
-}
-
-table.data th, table.data td {
-    padding: 0.3em;
-}
-
-table.data {
-    border-spacing: 0px;
-}
-
-table.data thead th {
-    background: rgb(178,178,178);
-    text-align: center;
-}
-
-table.data {
-    border: 1px solid black;
-    border-collapse: collapse;
-}
-
-table.data thead tr th {
-    border: 1px solid black;
-}
-
-table.data tr.head th {
-    border-left: 1px solid black;
-    border-right: 1px solid black;
-}
-
-table.data tbody td {
-    background: rgb(240,240,240);
-}
-table.data tbody td.y {
-    background: rgb(220,255,220);
-    text-align: center;
-}
-table.data tbody td.n {
-    background: rgb(255,220,220);
-    text-align: center;
-}

docs/locking.html.in

@@ -76,7 +76,7 @@
     <p>
       The sanlock daemon must be started on every single host
       that will be running virtual machines. So repeat these
-      steps as necessary.
+      steps as neccessary.
     </p>
 
     <h2><a name="sanlockplugin">libvirt sanlock plugin configuration</a></h2>
@@ -165,7 +165,7 @@
     <p>
       If all went well, libvirtd will have talked to sanlock
       and created the basic lockspace. This can be checked
-      by looking for existence of the following file
+      by looking for existance of the following file
     </p>
 
     <pre>

docs/logging.html.in

@@ -114,16 +114,11 @@
     </h3>
     <p>The syntax for filters and outputs is the same for both types of
        variables.</p>
-    <p>The format for a filter is one of:</p>
-    <pre>
-  x:name  (log message only)
-  x:+name (log message + stack trace)</pre>
-    <p>where <code>name</code> is a string which is matched against source
-    file name, e.g., <code>remote</code>, <code>qemu</code>, or
-    <code>util/json</code>, the optional <code>+</code> prefix tells libvirt
-    to log stack trace for each message matching <code>name</code>, and
-    <code>x</code> is the minimal level where matching messages should
-    be logged:</p>
+    <p>The format for a filter is:</p>
+    <pre>x:name</pre>
+    <p>where <code>name</code> is a match string e.g. <code>remote</code> or
+    <code>qemu</code> and the x is the minimal level where matching messages
+    should be logged:</p>
     <ul>
       <li>1: DEBUG</li>
       <li>2: INFO</li>
@@ -175,8 +170,8 @@ export LIBVIRT_LOG_OUTPUTS="1:file:virsh.log"</pre>
     put the correct breakpoints when running under a debugger.</p>
     <p>To activate full debug of the libvirt entry points, utility
     functions and the QEmu/KVM driver, set:</p>
-    <pre>log_filters="1:libvirt 1:util 1:qemu"
-log_outputs="1:file:/var/log/libvirt/libvirtd.log"</pre>
+    <pre>log_filters=1:libvirt 1:util 1:qemu
+log_output=1:file:/var/log/libvirt/libvirtd.log</pre>
     <p>in libvirtd.conf and restart the daemon will allow to
     gather a copious amount of debugging traces for the operations done
     in those areas.</p>

docs/migration-managed-direct.fig

@@ -1,58 +0,0 @@
-#FIG 3.2  Produced by xfig version 3.2.5b
-Landscape
-Center
-Inches
-Letter
-100.00
-Single
--2
-1200 2
-6 2775 2400 3675 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 2775 2400 3675 2400 3675 2850 2775 2850 2775 2400
-4 0 0 50 -1 16 12 0.0000 4 150 570 2925 2700 libvirtd\001
--6
-6 5400 2400 6300 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 5400 2400 6300 2400 6300 2850 5400 2850 5400 2400
-4 0 0 50 -1 16 12 0.0000 4 150 570 5550 2700 libvirtd\001
--6
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1200 1200 3825 1200 3825 3000 1200 3000 1200 1200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5250 1200 7875 1200 7875 3000 5250 3000 5250 1200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5400 1350 6075 1350 6075 1950 5400 1950 5400 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6225 1350 6900 1350 6900 1950 6225 1950 6225 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3000 1350 3675 1350 3675 1950 3000 1950 3000 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2175 1350 2850 1350 2850 1950 2175 1950 2175 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1350 1350 2025 1350 2025 1950 1350 1950 1350 1350
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 4
-	1 1 1.00 135.00 180.00
-	 4350 4275 4350 3600 3300 3600 3300 2850
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 4
-	1 1 1.00 135.00 180.00
-	 4800 4275 4800 3600 5775 3600 5775 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3225 4125 5850 4125 5850 6000 3225 6000 3225 4125
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 3375 5100 5700 5100 5700 5550 3375 5550 3375 5100
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 3
-	1 1 1.00 135.00 180.00
-	 3750 5100 3750 4500 4050 4500
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 4050 4275 5100 4275 5100 4725 4050 4725 4050 4275
-4 0 0 50 -1 16 12 0.0000 4 150 870 6825 2850 Dest Host\001
-4 0 0 50 -1 16 12 0.0000 4 150 1080 1350 2850 Source Host\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 1425 1725 VM-A\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 2250 1725 VM-B\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 3075 1725 VM-C\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 5475 1725 VM-C\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 6300 1725 VM-D\001
-4 0 0 50 -1 16 12 0.0000 4 150 960 4725 5850 Client Host\001
-4 0 0 50 -1 16 12 0.0000 4 180 1500 3525 5400 management app\001
-4 0 0 50 -1 16 12 0.0000 4 150 735 4200 4575 libvirt.so\001

docs/migration-managed-p2p.fig

@@ -1,58 +0,0 @@
-#FIG 3.2  Produced by xfig version 3.2.5b
-Landscape
-Center
-Inches
-Letter
-100.00
-Single
--2
-1200 2
-6 2775 2400 3675 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 2775 2400 3675 2400 3675 2850 2775 2850 2775 2400
-4 0 0 50 -1 16 12 0.0000 4 150 570 2925 2700 libvirtd\001
--6
-6 5400 2400 6300 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 5400 2400 6300 2400 6300 2850 5400 2850 5400 2400
-4 0 0 50 -1 16 12 0.0000 4 150 570 5550 2700 libvirtd\001
--6
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1200 1200 3825 1200 3825 3000 1200 3000 1200 1200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5250 1200 7875 1200 7875 3000 5250 3000 5250 1200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5400 1350 6075 1350 6075 1950 5400 1950 5400 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6225 1350 6900 1350 6900 1950 6225 1950 6225 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3000 1350 3675 1350 3675 1950 3000 1950 3000 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2175 1350 2850 1350 2850 1950 2175 1950 2175 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1350 1350 2025 1350 2025 1950 1350 1950 1350 1350
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 4
-	1 1 1.00 135.00 180.00
-	 4350 4275 4350 3600 3300 3600 3300 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3225 4125 5850 4125 5850 6000 3225 6000 3225 4125
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 3375 5100 5700 5100 5700 5550 3375 5550 3375 5100
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 3
-	1 1 1.00 135.00 180.00
-	 3750 5100 3750 4500 4050 4500
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 4050 4275 5100 4275 5100 4725 4050 4725 4050 4275
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
-	1 1 1.00 135.00 180.00
-	 3675 2625 5400 2625
-4 0 0 50 -1 16 12 0.0000 4 150 870 6825 2850 Dest Host\001
-4 0 0 50 -1 16 12 0.0000 4 150 1080 1350 2850 Source Host\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 1425 1725 VM-A\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 2250 1725 VM-B\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 3075 1725 VM-C\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 5475 1725 VM-C\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 6300 1725 VM-D\001
-4 0 0 50 -1 16 12 0.0000 4 150 960 4725 5850 Client Host\001
-4 0 0 50 -1 16 12 0.0000 4 180 1500 3525 5400 management app\001
-4 0 0 50 -1 16 12 0.0000 4 150 735 4200 4575 libvirt.so\001

docs/migration-native.fig

@@ -1,43 +0,0 @@
-#FIG 3.2  Produced by xfig version 3.2.5b
-Landscape
-Center
-Inches
-Letter
-100.00
-Single
--2
-1200 2
-6 2775 2400 3675 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 2775 2400 3675 2400 3675 2850 2775 2850 2775 2400
-4 0 0 50 -1 16 12 0.0000 4 150 570 2925 2700 libvirtd\001
--6
-6 5400 2400 6300 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 5400 2400 6300 2400 6300 2850 5400 2850 5400 2400
-4 0 0 50 -1 16 12 0.0000 4 150 570 5550 2700 libvirtd\001
--6
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 7 1 0 4
-	1 1 1.00 135.00 180.00
-	 3375 1350 3375 825 5700 825 5700 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1200 1200 3825 1200 3825 3000 1200 3000 1200 1200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5250 1200 7875 1200 7875 3000 5250 3000 5250 1200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6225 1350 6900 1350 6900 1950 6225 1950 6225 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5400 1350 6075 1350 6075 1950 5400 1950 5400 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3000 1350 3675 1350 3675 1950 3000 1950 3000 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2175 1350 2850 1350 2850 1950 2175 1950 2175 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1350 1350 2025 1350 2025 1950 1350 1950 1350 1350
-4 0 0 50 -1 16 12 0.0000 4 150 495 1425 1725 VM-A\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 2250 1725 VM-B\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 3075 1725 VM-C\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 5475 1725 VM-C\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 6300 1725 VM-D\001
-4 0 0 50 -1 16 12 0.0000 4 150 1080 1350 2850 Source Host\001
-4 0 0 50 -1 16 12 0.0000 4 150 870 6825 2850 Dest Host\001

docs/migration-tunnel.fig

@@ -1,49 +0,0 @@
-#FIG 3.2  Produced by xfig version 3.2.5b
-Landscape
-Center
-Inches
-Letter
-100.00
-Single
--2
-1200 2
-6 2775 2400 3675 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 2775 2400 3675 2400 3675 2850 2775 2850 2775 2400
-4 0 0 50 -1 16 12 0.0000 4 150 570 2925 2700 libvirtd\001
--6
-6 5400 2400 6300 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 5400 2400 6300 2400 6300 2850 5400 2850 5400 2400
-4 0 0 50 -1 16 12 0.0000 4 150 570 5550 2700 libvirtd\001
--6
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
-	1 1 1.00 135.00 180.00
-	 3375 1950 3375 2400
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 7 1 0 4
-	1 1 1.00 135.00 180.00
-	 3375 2850 3375 3375 5700 3375 5700 2850
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
-	1 1 1.00 135.00 180.00
-	 5700 2400 5700 1950
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1200 1200 3825 1200 3825 3000 1200 3000 1200 1200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5250 1200 7875 1200 7875 3000 5250 3000 5250 1200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5400 1350 6075 1350 6075 1950 5400 1950 5400 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6225 1350 6900 1350 6900 1950 6225 1950 6225 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3000 1350 3675 1350 3675 1950 3000 1950 3000 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2175 1350 2850 1350 2850 1950 2175 1950 2175 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1350 1350 2025 1350 2025 1950 1350 1950 1350 1350
-4 0 0 50 -1 16 12 0.0000 4 150 870 6825 2850 Dest Host\001
-4 0 0 50 -1 16 12 0.0000 4 150 1080 1350 2850 Source Host\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 1425 1725 VM-A\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 2250 1725 VM-B\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 3075 1725 VM-C\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 5475 1725 VM-C\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 6300 1725 VM-D\001

docs/migration-unmanaged-direct.fig

@@ -1,58 +0,0 @@
-#FIG 3.2  Produced by xfig version 3.2.5b
-Landscape
-Center
-Inches
-Letter
-100.00
-Single
--2
-1200 2
-6 2775 2400 3675 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 2775 2400 3675 2400 3675 2850 2775 2850 2775 2400
-4 0 0 50 -1 16 12 0.0000 4 150 630 2925 2700 HV Ctrl\001
--6
-6 5400 2400 6300 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 5400 2400 6300 2400 6300 2850 5400 2850 5400 2400
-4 0 0 50 -1 16 12 0.0000 4 150 630 5550 2700 HV Ctrl\001
--6
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1200 1200 3825 1200 3825 3000 1200 3000 1200 1200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5250 1200 7875 1200 7875 3000 5250 3000 5250 1200
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 5400 1350 6075 1350 6075 1950 5400 1950 5400 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 6225 1350 6900 1350 6900 1950 6225 1950 6225 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3000 1350 3675 1350 3675 1950 3000 1950 3000 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 2175 1350 2850 1350 2850 1950 2175 1950 2175 1350
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 1350 1350 2025 1350 2025 1950 1350 1950 1350 1350
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 4
-	1 1 1.00 135.00 180.00
-	 4350 4275 4350 3600 3300 3600 3300 2850
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
-	 3225 4125 5850 4125 5850 6000 3225 6000 3225 4125
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 3375 5100 5700 5100 5700 5550 3375 5550 3375 5100
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 3
-	1 1 1.00 135.00 180.00
-	 3750 5100 3750 4500 4050 4500
-2 2 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5
-	 4050 4275 5100 4275 5100 4725 4050 4725 4050 4275
-2 1 0 3 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
-	1 1 1.00 135.00 180.00
-	 3675 2625 5400 2625
-4 0 0 50 -1 16 12 0.0000 4 150 870 6825 2850 Dest Host\001
-4 0 0 50 -1 16 12 0.0000 4 150 1080 1350 2850 Source Host\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 1425 1725 VM-A\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 2250 1725 VM-B\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 3075 1725 VM-C\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 5475 1725 VM-C\001
-4 0 0 50 -1 16 12 0.0000 4 150 495 6300 1725 VM-D\001
-4 0 0 50 -1 16 12 0.0000 4 150 960 4725 5850 Client Host\001
-4 0 0 50 -1 16 12 0.0000 4 180 1500 3525 5400 management app\001
-4 0 0 50 -1 16 12 0.0000 4 150 735 4200 4575 libvirt.so\001

docs/migration.html.in

@@ -1,615 +0,0 @@
-<html>
-  <body>
-    <h1>Guest migration</h1>
-
-    <ul id="toc"></ul>
-
-    <p>
-      Migration of guests between hosts is a complicated problem with many possible
-      solutions, each with their own positive and negative points. For maximum
-      flexibility of both hypervisor integration, and adminsitrator deployment,
-      libvirt implements several options for migration.
-    </p>
-
-    <h2><a id="transport">Network data transports</a></h2>
-
-    <p>
-      There are two options for the data transport used during migration, either
-      the hypervisor's own <strong>native</strong> transport, or <strong>tunnelled</strong>
-      over a libvirtd connection.
-    </p>
-
-    <h3><a id="transportnative">Hypervisor native transport</a></h3>
-    <p>
-      <em>Native</em> data transports may or may not support encryption, depending
-      on the hypervisor in question, but will typically have the lowest computational costs
-      by minimising the number of data copies involved. The native data transports will also
-      require extra hypervisor-specific network configuration steps by the administrator when
-      deploying a host. For some hypervisors, it might be necessary to open up a large range
-      of ports on the firewall to allow multiple concurrent migration operations.
-    </p>
-
-    <p>
-      <img class="diagram" src="migration-native.png" alt="Migration native path">
-    </p>
-
-    <h3><a id="transporttunnel">libvirt tunnelled transport</a></h3>
-    <p>
-      <em>Tunnelled</em> data transports will always be capable of strong encryption
-      since they are able to leverage the capabilities built in to the libvirt RPC protocol.
-      The downside of a tunnelled transport, however, is that there will be extra data copies
-      involved on both the source and destinations hosts as the data is moved between libvirtd
-      and the hypervisor. This is likely to be a more significant problem for guests with
-      very large RAM sizes, which dirty memory pages quickly. On the deployment side, tunnelled
-      transports do not require any extra network configuration over and above what's already
-      required for general libvirtd <a href="remote.html">remote access</a>, and there is only
-      need for a single port to be open on the firewall to support multiple concurrent
-      migration operations.
-    </p>
-
-    <p>
-      <img class="diagram" src="migration-tunnel.png" alt="Migration tunnel path">
-    </p>
-
-    <h2><a id="flow">Communication control paths/flows</a></h2>
-
-    <p>
-      Migration of virtual machines requires close co-ordination of the two
-      hosts involved, as well as the application invoking the migration,
-      which may be on the source, the destination, or a third host.
-    </p>
-
-    <h3><a id="flowmanageddirect">Managed direct migration</a></h3>
-
-    <p>
-      With <em>managed direct</em> migration, the libvirt client process
-      controls the various phases of migration. The client application must
-      be able to connect and authenticate with the libvirtd daemons on both
-      the source and destination hosts. There is no need for the two libvirtd
-      daemons to communicate with each other. If the client application
-      crashes, or otherwise loses its connection to libvirtd during the
-      migration process, an attempt will be made to abort the migration and
-      restart the guest CPUs on the source host. There may be scenarios
-      where this cannot be safely done, in which cases the guest will be
-      left paused on one or both of the hosts.
-    </p>
-
-    <p>
-      <img class="diagram" src="migration-managed-direct.png" alt="Migration direct, managed">
-    </p>
-
-
-    <h3><a id="flowpeer2peer">Managed peer to peer migration</a></h3>
-
-    <p>
-      With <em>peer to peer</em> migration, the libvirt client process only
-      talks to the libvirtd daemon on the source host. The source libvirtd
-      daemon controls the entire migration process itself, by directly
-      connecting the destination host libvirtd. If the client application crashes,
-      or otherwise loses its connection to libvirtd, the migration process
-      will continue uninterrupted until completion.  Note that the
-      source libvirtd uses its own credentials (typically root) to
-      connect to the destination, rather than the credentials used
-      by the client to connect to the source; if these differ, it is
-      common to run into a situation where a client can connect to the
-      destination directly but the source cannot make the connection to
-      set up the peer-to-peer migration.
-    </p>
-
-    <p>
-      <img class="diagram" src="migration-managed-p2p.png" alt="Migration peer-to-peer">
-    </p>
-
-
-    <h3><a id="flowunmanageddirect">Unmanaged direct migration</a></h3>
-
-    <p>
-      With <em>unmanaged direct</em> migration, neither the libvirt client
-      or libvirtd daemon control the migration process. Control is instead
-      delegated to the hypervisor's over management services (if any). The
-      libvirt client merely initiates the migration via the hypervisor's
-      management layer. If the libvirt client or libvirtd crash, the
-      migration process will continue uninterrupted until completion.
-    </p>
-
-    <p>
-      <img class="diagram" src="migration-unmanaged-direct.png" alt="Migration direct, unmanaged">
-    </p>
-
-
-    <h2><a id="security">Data security</a></h2>
-
-    <p>
-      Since the migration data stream includes a complete copy of the guest
-      OS RAM, snooping of the migration data stream may allow compromise
-      of sensitive guest information. If the virtualization hosts have
-      multiple network interfaces, or if the network switches support
-      tagged VLANs, then it is very desirable to separate guest network
-      traffic from migration or management traffic.
-    </p>
-
-    <p>
-      In some scenarios, even a separate network for migration data may
-      not offer sufficient security. In this case it is possible to apply
-      encryption to the migration data stream. If the hypervisor does not
-      itself offer encryption, then the libvirt tunnelled migration
-      facility should be used.
-    </p>
-
-    <h2><a id="uris">Migration URIs</a></h2>
-
-    <p>
-      Initiating a guest migration requires the client application to
-      specify up to three URIs, depending on the choice of control
-      flow and/or APIs used. The first URI is that of the libvirt
-      connection to the source host, where the virtual guest is
-      currently running. The second URI is that of the libvirt
-      connection to the destination host, where the virtual guest
-      will be moved to (and in peer-to-peer migrations, this is from
-      the perspective of the source, not the client). The third URI is
-      a hypervisor specific
-      URI used to control how the guest will be migrated. With
-      any managed migration flow, the first and second URIs are
-      compulsory, while the third URI is optional. With the
-      unmanaged direct migration mode, the first and third URIs are
-      compulsory and the second URI is not used.
-    </p>
-
-    <p>
-      Ordinarily management applications only need to care about the
-      first and second URIs, which are both in the normal libvirt
-      connection URI format. Libvirt will then automatically determine
-      the hypervisor specific URI, by looking up the target host's
-      configured hostname. There are a few scenarios where the management
-      application may wish to have direct control over the third URI.
-    </p>
-
-    <ol>
-      <li>The configured hostname is incorrect, or DNS is broken. If a
-        host has a hostname which will not resolve to match one of its
-        public IP addresses, then libvirt will generate an incorrect
-        URI. In this case the management application should specify the
-        hypervisor specific URI explicitly, using an IP address, or a
-        correct hostname.</li>
-      <li>The host has multiple network interaces. If a host has multiple
-        network interfaces, it might be desirable for the migration data
-        stream to be sent over a specific interface for either security
-        or performance reasons. In this case the management application
-        should specify the hypervisor specific URI, using an IP address
-        associated with the network to be used.</li>
-      <li>The firewall restricts what ports are available. When libvirt
-        generates a migration URI will pick a port number using hypervisor
-        specific rules. Some hypervisors only require a single port to be
-        open in the firewalls, while others require a whole range of port
-        numbers. In the latter case the management application may wish
-        to choose a specific port number outside the default range in order
-        to comply with local firewall policies</li>
-    </ol>
-
-    <h2><a id="config">Configuration file handling</a></h2>
-
-    <p>
-      There are two types of virtual machine known to libvirt. A <em>transient</em>
-      guest only exists while it is running, and has no configuration file stored
-      on disk. A <em>persistent</em> guest maintains a configuration file on disk
-      even when it is not running.
-    </p>
-
-    <p>
-      By default, a migration operation will not attempt to change any configuration
-      files that may be stored on either the source or destination host. It is the
-      administrator, or management application's, responsibility to manage distribution
-      of configuration files (if desired). It is important to note that the <code>/etc/libvirt</code>
-      directory <strong>MUST NEVER BE SHARED BETWEEN HOSTS</strong>. There are some
-      typical scenarios that might be applicable:
-    </p>
-
-    <ul>
-      <li>Centralized configuration files outside libvirt, in shared storage. A cluster
-        aware  management application may maintain all the master guest configuration
-        files in a cluster filesystem. When attempting to start a guest, the config
-        will be read from the cluster FS and used to deploy a persistent guest.
-        For migration the configuration will need to be copied to the destination
-        host and removed on the original.
-      </li>
-      <li>Centralized configuration files outside libvirt, in a database. A data center
-        management application may not storage configuration files at all. Instead it
-        may generate libvirt XML on the fly when a guest is booted. It will typically
-        use transient guests, and thus not have to consider configuration files during
-        migration.
-      </li>
-      <li>Distributed configuration inside libvirt. The configuration file for each
-        guest is copied to every host where the guest is able to run. Upon migration
-        the existing config merely needs to be updated with any changes
-      </li>
-      <li>Ad-hoc configuration management inside libvirt. Each guest is tied to a
-        specific host and rarely migrated. When migration is required, the config
-        is moved from one host to the other.
-      </li>
-    </ul>
-
-    <p>
-      As mentioned above, libvirt will not touch configuration files during
-      migration by default. The <code>virsh</code> command has two flags to
-      influence this behaviour. The  <code>--undefine-source</code> flag
-      will cause the configuration file to be removed on the source host
-      after a successful migration. The <code>--persist</code> flag will
-      cause a configuration file to be created on the destination host
-      after a successful migration. The following table summarizes the
-      configuration file handling in all possible state and flag
-      combinations.
-    </p>
-
-    <table class="data">
-      <thead>
-        <tr class="head">
-          <th colspan="3">Before migration</th>
-          <th colspan="2">Flags</th>
-          <th colspan="3">After migration</th>
-        </tr>
-        <tr class="subhead">
-          <th>Guest type</th>
-          <th>Source config</th>
-          <th>Dest config</th>
-          <th>--undefine-source</th>
-          <th>--persist</th>
-          <th>Guest type</th>
-          <th>Source config</th>
-          <th>Dest config</th>
-        </tr>
-      </thead>
-      <tbody>
-        <!-- src:N, dst:N -->
-        <tr>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-        </tr>
-        <tr>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-        </tr>
-        <tr>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td>Persistent</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-        </tr>
-        <tr>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td>Persistent</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-        </tr>
-
-        <!-- src:N, dst:Y -->
-        <tr>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-        </tr>
-        <tr>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-        </tr>
-        <tr>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td>Persistent</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-        </tr>
-        <tr>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td>Persistent</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-        </tr>
-
-        <!-- src:Y dst:N -->
-        <tr>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td>Transient</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-        </tr>
-        <tr>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td>Transient</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-        </tr>
-        <tr>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-        </tr>
-        <tr>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td>Persistent</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-        </tr>
-
-        <!-- src:Y dst:Y -->
-        <tr>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td class="n">N</td>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-        </tr>
-        <tr>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td>Persistent</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-        </tr>
-        <tr>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-        </tr>
-        <tr>
-          <td>Persistent</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td class="y">Y</td>
-          <td>Persistent</td>
-          <td class="n">N</td>
-          <td class="y">Y</td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h2><a id="scenarios">Migration scenarios</a></h2>
-
-
-    <h3><a id="scenarionativedirect">Native migration, client to two libvirtd servers</a></h3>
-
-    <p>
-      At an API level this requires use of virDomainMigrate, without the
-      VIR_MIGRATE_PEER2PEER flag set. The destination libvirtd server
-      will automatically determine the native hypervisor URI for migration
-      based off the primary hostname. To force migration over an alternate
-      network interface the optional hypervisor specific URI must be provided
-    </p>
-
-    <pre>
-      syntax: virsh migrate GUESTNAME DEST-LIBVIRT-URI [HV-URI]
-
-
-      eg using default network interface
-
-      virsh migrate web1 qemu+ssh://desthost/system
-      virsh migrate web1 xen+tls://desthost/system
-
-
-      eg using secondary network interface
-
-      virsh migrate web1 qemu://desthost/system tcp://10.0.0.1/
-      virsh migrate web1 xen+tcp://desthost/system  xenmigr:10.0.0.1/
-    </pre>
-
-    <p>
-      Supported by Xen, QEMU, VMWare and VirtualBox drivers
-    </p>
-
-    <h3><a id="scenarionativepeer2peer">Native migration, client to and peer2peer between, two libvirtd servers</a></h3>
-
-    <p>
-      virDomainMigrate, with the VIR_MIGRATE_PEER2PEER flag set,
-      using the libvirt URI format for the 'uri' parameter. The
-      destination libvirtd server will automatically determine
-      the native hypervisor URI for migration, based off the
-      primary hostname. The optional uri parameter controls how
-      the source libvirtd connects to the destination libvirtd,
-      in case it is not accessible using the same address that
-      the client uses to connect to the destination, or a different
-      encryption/auth scheme is required. There is no
-      scope for forcing an alternative network interface for the
-      native migration data with this method.
-    </p>
-
-    <p>
-      This mode cannot be invoked from virsh
-    </p>
-
-    <p>
-      Supported by QEMU driver
-    </p>
-
-    <h3><a id="scenariotunnelpeer2peer1">Tunnelled migration, client and peer2peer between two libvirtd servers</a></h3>
-
-    <p>
-      virDomainMigrate, with the VIR_MIGRATE_PEER2PEER &amp; VIR_MIGRATE_TUNNELLED
-      flags set, using the libvirt URI format for the 'uri' parameter. The
-      destination libvirtd server will automatically determine
-      the native hypervisor URI for migration, based off the
-      primary hostname. The optional uri parameter controls how
-      the source libvirtd connects to the destination libvirtd,
-      in case it is not accessible using the same address that
-      the client uses to connect to the destination, or a different
-      encryption/auth scheme is required. The native hypervisor URI
-      format is not used at all.
-    </p>
-
-    <p>
-      This mode cannot be invoked from virsh
-    </p>
-
-    <p>
-      Supported by QEMU driver
-    </p>
-
-    <h3><a id="nativedirectunmanaged">Native migration, client to one libvirtd server</a></h3>
-
-    <p>
-      virDomainMigrateToURI, without the VIR_MIGRATE_PEER2PEER flag set,
-      using a hypervisor specific URI format for the 'uri' parameter.
-      There is no use or requirement for a destination libvirtd instance
-      at all. This is typically used when the hypervisor has its own
-      native management daemon available to handle incoming migration
-      attempts on the destination.
-    </p>
-
-    <pre>
-      syntax: virsh migrate GUESTNAME HV-URI
-
-
-      eg using same libvirt URI for all connections
-
-      virsh migrate --direct web1 xenmigr://desthost/
-    </pre>
-
-    <p>
-      Supported by Xen driver
-    </p>
-
-    <h3><a id="nativepeer2peer">Native migration, peer2peer between two libvirtd servers</a></h3>
-
-    <p>
-      virDomainMigrateToURI, with the VIR_MIGRATE_PEER2PEER flag set,
-      using the libvirt URI format for the 'uri' parameter. The
-      destination libvirtd server will automatically determine
-      the native hypervisor URI for migration, based off the
-      primary hostname. There is no scope for forcing an alternative
-      network interface for the native migration data with this
-      method.  The destination URI must be reachable using the source
-      libvirtd credentials (which are not necessarily the same as the
-      credentials of the client in connecting to the source).
-    </p>
-
-    <pre>
-      syntax: virsh migrate GUESTNAME DEST-LIBVIRT-URI [ALT-DEST-LIBVIRT-URI]
-
-
-      eg using same libvirt URI for all connections
-
-      virsh migrate --p2p web1 qemu+ssh://desthost/system
-
-
-      eg using different libvirt URI auth scheme for peer2peer connections
-
-      virsh migrate --p2p web1 qemu+ssh://desthost/system qemu+tls:/desthost/system
-
-
-      eg using different libvirt URI hostname for peer2peer connections
-
-      virsh migrate --p2p web1 qemu+ssh://desthost/system qemu+ssh://10.0.0.1/system
-    </pre>
-
-    <p>
-      Supported by the QEMU driver
-    </p>
-
-    <h3><a id="scenariotunnelpeer2peer2">Tunnelled migration, peer2peer between two libvirtd servers</a></h3>
-
-    <p>
-      virDomainMigrateToURI, with the VIR_MIGRATE_PEER2PEER &amp; VIR_MIGRATE_TUNNELLED
-      flags set, using the libvirt URI format for the 'uri' parameter. The
-      destination libvirtd server will automatically determine
-      the native hypervisor URI for migration, based off the
-      primary hostname. The optional uri parameter controls how
-      the source libvirtd connects to the destination libvirtd,
-      in case it is not accessible using the same address that
-      the client uses to connect to the destination, or a different
-      encryption/auth scheme is required. The native hypervisor URI
-      format is not used at all.  The destination URI must be
-      reachable using the source libvirtd credentials (which are not
-      necessarily the same as the credentials of the client in
-      connecting to the source).
-    </p>
-
-    <pre>
-      syntax: virsh migrate GUESTNAME DEST-LIBVIRT-URI [ALT-DEST-LIBVIRT-URI]
-
-
-      eg using same libvirt URI for all connections
-
-      virsh migrate --p2p --tunnelled web1 qemu+ssh://desthost/system
-
-
-      eg using different libvirt URI auth scheme for peer2peer connections
-
-      virsh migrate --p2p --tunnelled web1 qemu+ssh://desthost/system qemu+tls:/desthost/system
-
-
-      eg using different libvirt URI hostname for peer2peer connections
-
-      virsh migrate --p2p --tunnelled web1 qemu+ssh://desthost/system qemu+ssh://10.0.0.1/system
-    </pre>
-
-    <p>
-      Supported by QEMU driver
-    </p>
-
-  </body>
-</html>