Release of libvirt-0.8.5

* configure.ac libvirt.spec.in: new version * docs/news.html.in: update news page and improve format * po/*.po*: Update po again
Updating localization and regenerating before release
2025-08-17 09:49:59 +03:00 · 2010-10-29 16:54:07 +02:00 · 2010-10-29 16:38:43 +02:00 · 2010-10-29 16:33:31 +02:00 · 2010-10-29 15:50:38 +02:00 · 2010-10-29 11:52:31 +11:00
734 changed files with 409379 additions and 313276 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,6 +2,9 @@
 *.#*#
 *.a
 *.exe
+*.gcda
+*.gcno
+*.gcov
 *.o
 *.orig
 *.rej
@ -30,6 +33,7 @@ config.rpath
 config.status
 config.sub
 configure
+configure.lineno
 coverage
 cscope.files
 cscope.out
--- a/.gnulib
+++ b/.gnulib
--- a/.mailmap
+++ b/.mailmap
@ -9,5 +9,8 @@
 <laine@redhat.com> <laine@laine.org>
 <meyering@redhat.com> <jim@meyering.net>
 <socketpair@gmail.com> <socketpair gmail com>
-<soren@canonical.com> <soren@ubuntu.com>
+<soren@linux2go.dk> <soren@ubuntu.com>
 <jfehlig@novell.com> <jfehlig@linux-ypgk.site>
+<jclift@redhat.com> <justin@salasaga.org>
+<berrange@redhat.com> <dan@berrange.com>
+<soren@linux2go.dk> <soren@canonical.com>
--- a/.x-sc_po_check
+++ b/.x-sc_po_check
@ -0,0 +1 @@
+^docs/
--- a/.x-sc_prohibit_empty_lines_at_EOF
+++ b/.x-sc_prohibit_empty_lines_at_EOF
@ -0,0 +1 @@
+^docs/api_extension/.*
--- a/.x-sc_prohibit_strncpy
+++ b/.x-sc_prohibit_strncpy
@ -1 +1,2 @@
 ^src/util/util\.c$
+^tools/virsh\.c$
--- a/13
+++ b/13
@ -28,6 +28,7 @@ The primary maintainers and people with commit access rights:
  Laine Stump          <laine@redhat.com>
  Stefan Berger        <stefanb@us.ibm.com>
  Eric Blake           <eblake@redhat.com>
+  Justin Clift         <jclift@redhat.com>

 Patches have also been contributed by:

@ -73,7 +74,7 @@ Patches have also been contributed by:
  Florian Vichot       <florian.vichot@diateam.net>
  Takahashi Tomohiro   <takatom@jp.fujitsu.com>
  Serge E. Hallyn      <serue@us.ibm.com>
-  Soren Hansen         <soren@canonical.com>
+  Soren Hansen         <soren@linux2go.dk>
  Abel Míguez Rodríguez<amiguezr@pdi.ucm.es>
  Doug Goldstein       <cardoe@gentoo.org>
  Javier Fontan        <jfontan@gmail.com>
@ -124,8 +125,16 @@ Patches have also been contributed by:
  Thomas Treutner      <thomas@scripty.at>
  Jean-Baptiste Rouault <jean-baptiste.rouault@diateam.net>
  Марк Коренберг       <socketpair@gmail.com>
-  Justin Clift         <justin@salasaga.org>
  Alan Pevec           <apevec@redhat.com>
+  Aurelien Rougemont   <beorn@binaries.fr>
+  Patrick Dignan       <pat_dignan@dell.com>
+  Serge Hallyn         <serge.hallyn@canonical.com>
+  Nikunj A. Dadhania   <nikunj@linux.vnet.ibm.com>
+  Lai Jiangshan        <laijs@cn.fujitsu.com>
+  Harsh Prateek Bora   <harsh@linux.vnet.ibm.com>
+  John Morrissey       <jwm@horde.net>
+  Osier Yang           <jyang@redhat.com>
+  Kamezawa Hiroyuki    <kamezawa.hiroyu@jp.fujitsu.com>

  [....send patches to get your name here....]

--- a/17
+++ b/17
@ -318,6 +318,23 @@ routines, use the macros from memory.h
       VIR_FREE(domain);


+File handling
+=============
+
+Use of the close() API is deprecated in libvirt code base to help avoiding
+double-closing of a file descriptor. Instead of this API, use the macro from
+files.h
+
+   - eg close a file descriptor
+
+       if (VIR_CLOSE(fd) < 0) {
+           virReportSystemError(errno, _("failed to close file"));
+       }
+
+   - eg close a file descriptor in an error path, without losing the previous
+     errno value
+
+       VIR_FORCE_CLOSE(fd);

 String comparisons
 ==================
--- a/Makefile.am
+++ b/Makefile.am
@ -6,7 +6,7 @@ GENHTML = genhtml
 SUBDIRS = gnulib/lib include src daemon tools proxy docs gnulib/tests \
  python tests po examples/domain-events/events-c examples/hellolibvirt \
  examples/dominfo examples/domsuspend examples/python examples/apparmor \
-  examples/xml/nwfilter
+  examples/xml/nwfilter examples/openauth examples/systemtap

 ACLOCAL_AMFLAGS = -I m4 -I gnulib/m4

@ -25,6 +25,7 @@ EXTRA_DIST = \
  .x-sc_avoid_write \
  .x-sc_m4_quote_check \
  .x-sc_prohibit_asprintf \
+  .x-sc_prohibit_empty_lines_at_EOF \
  .x-sc_prohibit_gethostby \
  .x-sc_prohibit_gethostname \
  .x-sc_prohibit_gettext_noop \
@ -68,10 +69,14 @@ tests:

 cov: clean-cov
 	mkdir $(top_builddir)/coverage
-	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp -d $(top_srcdir)/src  -d $(top_srcdir)/daemon -d $(top_srcdir)/tests
-	$(LCOV) -r $(top_builddir)/coverage/libvirt.info.tmp -o $(top_builddir)/coverage/libvirt.info *usr*
+	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \
+	  -d $(top_builddir)/src  -d $(top_builddir)/daemon \
+	  -d $(top_builddir)/tests
+	$(LCOV) -r $(top_builddir)/coverage/libvirt.info.tmp \
+	  -o $(top_builddir)/coverage/libvirt.info
 	rm $(top_builddir)/coverage/libvirt.info.tmp
-	$(GENHTML) -s -t "libvirt" -o $(top_builddir)/coverage --legend $(top_builddir)/coverage/libvirt.info
+	$(GENHTML) --show-details -t "libvirt" -o $(top_builddir)/coverage \
+	  --legend $(top_builddir)/coverage/libvirt.info

 clean-cov:
 	rm -rf $(top_builddir)/coverage
--- a/Makefile.nonreentrant
+++ b/Makefile.nonreentrant
@ -12,6 +12,10 @@
 #      | uniq \
 #      | sed -e 's/_r//'
 #
+# Also manually add in all inet_* functions some of which
+# are not threadsafe and do not have _r variants. They are
+# all deprecated in favour of getnameinfo/getaddrinfo
+#

 NON_REENTRANT =
 NON_REENTRANT += asctime
@ -83,3 +87,14 @@ NON_REENTRANT += strerror
 NON_REENTRANT += strtok
 NON_REENTRANT += tmpnam
 NON_REENTRANT += ttyname
+NON_REENTRANT += inet_addr
+NON_REENTRANT += inet_aton
+NON_REENTRANT += inet_lnaof
+NON_REENTRANT += inet_makeaddr
+NON_REENTRANT += inet_netof
+NON_REENTRANT += inet_network
+NON_REENTRANT += inet_nsap_addr
+NON_REENTRANT += inet_nsap_ntoa
+NON_REENTRANT += inet_ntoa
+NON_REENTRANT += inet_ntop
+NON_REENTRANT += inet_pton
--- a/37
+++ b/37
@ -1,29 +1,22 @@
-TODO:
- libvirt_virDomainSetMemory should check memory is > 0
- check how to better handle renaming of domains (xm rename and cache)
+         libvirt TODO list
+         =================

- UUID lookup in hash.c
+The TODO list changes frequently, so is maintained online
+in the libvirt bugzilla

-Other environment:
- support for UML
+  http://bugzilla.redhat.com/

-  + UML control layer should be easy at least for one user but incomplete
+Search against

-Probable TODOs:
- event on big domain state change (create, crashed, paused, shutdown, destroy)
- bindings for more languages
+    Product: Virtualization Tools
+  Component: libvirt
+    Subject: RFE

-Would-be-nice TODO:
- man page for virsh and the libraries entry points
- more documentation and examples on using the toolkit
- examples for the error handling code
+Or browse dependent bugs under

-Cleanup:
- now that libxml2 is linked in, drop hash.[ch] and get back to libxml2 ones ?
-  same for the buffers
+  https://bugzilla.redhat.com/show_bug.cgi?id=libvirtTodo

-Autoconf:
- On Debian and other platforms, C++ compiler is required because
-  autoconf macros to detect libtool depend on it.  (This is probably
-  an autoconf or libtool m4 macro bug, and the fact that it happens
-  on Debian is a red herring).
+Summarized reports automatically generated from bugzilla
+and provided online at
+
+  http://libvirt.org/todo.html
--- a/acinclude.m4
+++ b/acinclude.m4
@ -36,9 +36,19 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
 	try_compiler_flags="-Wall -Wformat -Wformat-security -Wmissing-prototypes $common_flags"
 	;;
    maximum|error)
-	try_compiler_flags="-Wall -Wformat -Wformat-security -Wmissing-prototypes -Wnested-externs -Wpointer-arith"
-	try_compiler_flags="$try_compiler_flags -Wextra -Wshadow -Wcast-align -Wwrite-strings -Waggregate-return"
-	try_compiler_flags="$try_compiler_flags -Wstrict-prototypes -Winline -Wredundant-decls -Wno-sign-compare"
+	try_compiler_flags="-Wall -Wformat -Wformat-security"
+	try_compiler_flags="$try_compiler_flags -Wmissing-prototypes"
+	try_compiler_flags="$try_compiler_flags -Wnested-externs "
+	try_compiler_flags="$try_compiler_flags -Wpointer-arith"
+	try_compiler_flags="$try_compiler_flags -Wextra -Wshadow"
+	try_compiler_flags="$try_compiler_flags -Wcast-align"
+	try_compiler_flags="$try_compiler_flags -Wwrite-strings"
+	try_compiler_flags="$try_compiler_flags -Waggregate-return"
+	try_compiler_flags="$try_compiler_flags -Wstrict-prototypes"
+	try_compiler_flags="$try_compiler_flags -Winline"
+	try_compiler_flags="$try_compiler_flags -Wredundant-decls"
+	try_compiler_flags="$try_compiler_flags -Wno-sign-compare"
+	try_compiler_flags="$try_compiler_flags -Wlogical-op"
 	try_compiler_flags="$try_compiler_flags $common_flags"
 	if test "$enable_compile_warnings" = "error" ; then
 	    try_compiler_flags="$try_compiler_flags -Werror"
--- a/autobuild.sh
+++ b/autobuild.sh
@ -85,6 +85,8 @@ if [ -x /usr/bin/i686-pc-mingw32-gcc ]; then
    --without-one \
    --without-phyp \
    --without-netcf \
+    --without-audit \
+    --without-dtrace \
    --without-libvirtd

  make
--- a/autogen.sh
+++ b/autogen.sh
@ -6,43 +6,6 @@ test -z "$srcdir" && srcdir=.

 THEDIR=`pwd`
 cd "$srcdir"
-DIE=0
-
-(autopoint --version) < /dev/null > /dev/null 2>&1 || {
-        echo
-        echo "You must have autopoint installed to compile libvirt."
-        echo "Download the appropriate package for your distribution,"
-        echo "or see http://www.gnu.org/software/gettext"
-        DIE=1
-}
-
-(autoconf --version) < /dev/null > /dev/null 2>&1 || {
-	echo
-	echo "You must have autoconf installed to compile libvirt."
-	echo "Download the appropriate package for your distribution,"
-	echo "or see http://www.gnu.org/software/autoconf"
-	DIE=1
-}
-
-(libtool --version) < /dev/null > /dev/null 2>&1 || {
-	echo
-	echo "You must have libtool installed to compile libvirt."
-	echo "Download the appropriate package for your distribution,"
-	echo "or see http://www.gnu.org/software/libtool"
-	DIE=1
-}
-
-(automake --version) < /dev/null > /dev/null 2>&1 || {
-	echo
-	DIE=1
-	echo "You must have automake installed to compile libvirt."
-	echo "Download the appropriate package for your distribution,"
-	echo "or see http://www.gnu.org/software/automake"
-}
-
-if test "$DIE" -eq 1; then
-	exit 1
-fi

 test -f src/libvirt.c || {
 	echo "You must run this script in the top-level libvirt directory"
@ -74,15 +37,19 @@ bootstrap_hash()

 # Ensure that whenever we pull in a gnulib update or otherwise change to a
 # different version (i.e., when switching branches), we also rerun ./bootstrap.
+# Also, running 'make rpm' tends to litter the po/ directory, and some people
+# like to run 'git clean -x -f po' to fix it; but only ./bootstrap regenerates
+# the required file po/Makevars.
 curr_status=.git-module-status
 t=$(bootstrap_hash; git diff .gnulib)
-if test "$t" = "$(cat $curr_status 2>/dev/null)"; then
-    : # good, it's up to date, all we need is autoreconf
+if test "$t" = "$(cat $curr_status 2>/dev/null)" \
+    && test -f "po/Makevars"; then
+    # good, it's up to date, all we need is autoreconf
    autoreconf -if
 else
    echo running bootstrap...
    ./bootstrap && bootstrap_hash > $curr_status \
-      || { echo "Failed to bootstrap gnulib, please investigate."; exit 1; }
+      || { echo "Failed to bootstrap, please investigate."; exit 1; }
 fi

 cd "$THEDIR"
--- a/79
+++ b/79
@ -1,6 +1,6 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2010-05-17.18; # UTC
+scriptversion=2010-10-08.16; # UTC

 # Bootstrap this package from checked-out sources.

@ -80,6 +80,10 @@ gnulib_modules=
 # Any gnulib files needed that are not in modules.
 gnulib_files=

+# A function to be called to edit gnulib.mk right after it's created.
+# Override it via your own definition in bootstrap.conf.
+gnulib_mk_hook() { :; }
+
 # A function to be called after everything else in this script.
 # Override it via your own definition in bootstrap.conf.
 bootstrap_epilogue() { :; }
@ -90,7 +94,8 @@ bootstrap_epilogue() { :; }
 # options because the latest/%s directory and the .po files within are
 # all symlinks.
 po_download_command_format=\
-"rsync -Lrtvz 'translationproject.org::tp/latest/%s/' '%s'"
+"rsync --delete --exclude '*.s1' -Lrtvz \
+ 'translationproject.org::tp/latest/%s/' '%s'"

 extract_package_name='
  /^AC_INIT(/{
@ -345,8 +350,12 @@ check_versions() {
  ret=0

  while read app req_ver; do
+    # We only need libtoolize from the libtool package.
+    if test "$app" = libtool; then
+      app=libtoolize
+    fi
    # Honor $APP variables ($TAR, $AUTOCONF, etc.)
-    appvar=`echo $app | tr '[a-z]' '[A-Z]'`
+    appvar=`echo $app | tr '[a-z]-' '[A-Z]_'`
    test "$appvar" = TAR && appvar=AMTAR
    eval "app=\${$appvar-$app}"
    inst_ver=$(get_version $app)
@ -369,16 +378,30 @@ check_versions() {
 print_versions() {
  echo "Program    Min_version"
  echo "----------------------"
-  printf "$buildreq"
+  printf %s "$buildreq"
  echo "----------------------"
  # can't depend on column -t
 }

+use_libtool=0
+# We'd like to use grep -E, to see if any of LT_INIT,
+# AC_PROG_LIBTOOL, AM_PROG_LIBTOOL is used in configure.ac,
+# but that's not portable enough (e.g., for Solaris).
+grep '^[	 ]*A[CM]_PROG_LIBTOOL' configure.ac >/dev/null \
+  && use_libtool=1
+grep '^[	 ]*LT_INIT' configure.ac >/dev/null \
+  && use_libtool=1
+if test $use_libtool = 1; then
+  find_tool LIBTOOLIZE glibtoolize libtoolize
+fi
+
 if ! printf "$buildreq" | check_versions; then
-  test -f README-prereq &&
-  echo "See README-prereq for notes on obtaining these prerequisite programs:" >&2
-  echo
-  print_versions
+  echo >&2
+  if test -f README-prereq; then
+    echo "See README-prereq for how to get the prerequisite programs" >&2
+  else
+    echo "Please install the prerequisite programs" >&2
+  fi
  exit 1
 fi

@ -475,15 +498,17 @@ download_po_files() {
  eval "$cmd"
 }

-# Download .po files to $po_dir/.reference and copy only the new
+# Mirror .po files to $po_dir/.reference and copy only the new
 # or modified ones into $po_dir.  Also update $po_dir/LINGUAS.
+# Note po files that exist locally only are left in $po_dir but will
+# not be included in LINGUAS and hence will not be distributed.
 update_po_files() {
  # Directory containing primary .po files.
  # Overwrite them only when we're sure a .po file is new.
  po_dir=$1
  domain=$2

-  # Download *.po files into this dir.
+  # Mirror *.po files into this dir.
  # Usually contains *.s1 checksum files.
  ref_po_dir="$po_dir/.reference"

@ -657,7 +682,8 @@ slurp() {
    for file in `ls -a $1/$dir`; do
      case $file in
      .|..) continue;;
-      .*) continue;; # FIXME: should all file names starting with "." be ignored?
+      # FIXME: should all file names starting with "." be ignored?
+      .*) continue;;
      esac
      test -d $1/$dir/$file && continue
      for excluded_file in $excluded_files; do
@ -666,10 +692,12 @@ slurp() {
      if test $file = Makefile.am && test "X$gnulib_mk" != XMakefile.am; then
        copied=$copied${sep}$gnulib_mk; sep=$nl
        remove_intl='/^[^#].*\/intl/s/^/#/;'"s!$bt_regex/!!g"
-        sed "$remove_intl" $1/$dir/$file | cmp - $dir/$gnulib_mk > /dev/null || {
+        sed "$remove_intl" $1/$dir/$file |
+        cmp - $dir/$gnulib_mk > /dev/null || {
          echo "$0: Copying $1/$dir/$file to $dir/$gnulib_mk ..." &&
          rm -f $dir/$gnulib_mk &&
-          sed "$remove_intl" $1/$dir/$file >$dir/$gnulib_mk
+          sed "$remove_intl" $1/$dir/$file >$dir/$gnulib_mk &&
+          gnulib_mk_hook $dir/$gnulib_mk
        }
      elif { test "${2+set}" = set && test -r $2/$dir/$file; } ||
           version_controlled_file $dir $file; then
@ -702,7 +730,14 @@ slurp() {
        # the name with just ".h".  Many gnulib headers are generated,
        # e.g., stdint.in.h -> stdint.h, dirent.in.h ->..., etc.
        # Likewise for .gperf -> .h, .y -> .c, and .sin -> .sed
-        f=`echo "$copied"|sed 's/\.in\.h$/.h/;s/\.sin$/.sed/;s/\.y$/.c/;s/\.gperf$/.h/'`
+        f=`echo "$copied" |
+          sed '
+            s/\.in\.h$/.h/
+            s/\.sin$/.sed/
+            s/\.y$/.c/
+            s/\.gperf$/.h/
+          '
+        `
        insert_sorted_if_absent $ig "$f"

        # For files like sys_stat.in.h and sys_time.in.h, record as
@ -733,6 +768,12 @@ gnulib_tool_options="\
 --local-dir $local_gl_dir\
 $gnulib_tool_option_extras\
 "
+if test $use_libtool = 1; then
+  case "$gnulib_tool_options " in
+    *' --libtool '*) ;;
+    *) gnulib_tool_options="$gnulib_tool_options --libtool" ;;
+  esac
+fi
 echo "$0: $gnulib_tool $gnulib_tool_options --import ..."
 $gnulib_tool $gnulib_tool_options --import $gnulib_modules &&
 slurp $bt || exit
@ -775,20 +816,12 @@ grep -E '^[	 ]*AC_CONFIG_HEADERS?\>' configure.ac >/dev/null ||

 for command in \
  libtool \
-  "${ACLOCAL-aclocal} --force -I m4" \
+  "${ACLOCAL-aclocal} --force -I m4 $ACLOCAL_FLAGS" \
  "${AUTOCONF-autoconf} --force" \
  "${AUTOHEADER-autoheader} --force" \
  "${AUTOMAKE-automake} --add-missing --copy --force-missing"
 do
  if test "$command" = libtool; then
-    use_libtool=0
-    # We'd like to use grep -E, to see if any of LT_INIT,
-    # AC_PROG_LIBTOOL, AM_PROG_LIBTOOL is used in configure.ac,
-    # but that's not portable enough (e.g., for Solaris).
-    grep '^[	 ]*A[CM]_PROG_LIBTOOL' configure.ac >/dev/null \
-      && use_libtool=1
-    grep '^[	 ]*LT_INIT' configure.ac >/dev/null \
-      && use_libtool=1
    test $use_libtool = 0 \
      && continue
    command="${LIBTOOLIZE-libtoolize} -c -f"
--- a/bootstrap.conf
+++ b/bootstrap.conf
@ -26,8 +26,10 @@ canonicalize-lgpl
 close
 connect
 count-one-bits
+crypto/md5
 dirname-lgpl
 fcntl-h
+func
 getaddrinfo
 gethostname
 getpass
@ -52,6 +54,7 @@ random_r
 sched
 send
 setsockopt
+snprintf
 socket
 stpcpy
 strchrnul
@ -62,6 +65,7 @@ strsep
 strtok_r
 sys_stat
 sys_wait
+termios
 time_r
 timegm
 uname
@ -146,6 +150,7 @@ git        1.5.5
 gzip       -
 libtool    -
 perl       5.5
+pkg-config -
 tar        -
 "

--- a/cfg.mk
+++ b/cfg.mk
@ -406,17 +406,8 @@ sc_prohibit_newline_at_end_of_diagnostic:
 	  && { echo '$(ME): newline at end of message(s)' 1>&2;		\
 	    exit 1; } || :

-# Disallow trailing blank lines.
-sc_prohibit_trailing_blank_lines:
-	@$(VC_LIST_EXCEPT) | xargs perl -ln -0777 -e			\
-	  '/\n\n+$$/ and print $$ARGV' > $@-t
-	@found=0; test -s $@-t && { found=1; cat $@-t 1>&2;		\
-	  echo '$(ME): found trailing blank line(s)' 1>&2; };		\
-	rm -f $@-t;							\
-	test $$found = 0
-
 # Regex for grep -E that exempts generated files from style rules.
-preprocessor_exempt = (remote_(driver|protocol)\.h)$$
+preprocessor_exempt = ((qemu|remote)_(driver|protocol)\.h)$$
 # Enforce recommended preprocessor indentation style.
 sc_preprocessor_indentation:
 	@if cppi --version >/dev/null 2>&1; then			\
@ -460,6 +451,7 @@ ifeq (0,$(MAKELEVEL))
  _submodule_hash = sed 's/^[ +-]//;s/ .*//'
  _update_required := $(shell						\
      cd '$(srcdir)';							\
+      test -f po/Makevars || { echo 1; exit; };				\
      actual=$$(git submodule status | $(_submodule_hash);		\
 		git hash-object bootstrap.conf;				\
 		git diff .gnulib);					\
--- a/configure.ac
+++ b/configure.ac
@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.

-AC_INIT([libvirt], [0.8.2])
+AC_INIT([libvirt], [0.8.5], [libvir-list@redhat.com], [], [http://libvirt.org])
 AC_CONFIG_SRCDIR([src/libvirt.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
@ -108,20 +108,8 @@ AC_CHECK_FUNCS([pthread_sigmask pthread_mutexattr_init])
 LIBS=$old_libs

 dnl Availability of various common headers (non-fatal if missing).
-AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/syslimits.h \
-  termios.h sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h])
-
-dnl Where are the XDR functions?
-dnl If portablexdr is installed, prefer that.
-dnl Otherwise try -lrpc (Cygwin) -lxdr (some MinGW), -lnsl (Solaris)
-dnl or none (most Unix)
-AC_CHECK_LIB([portablexdr],[xdrmem_create],[],[
-	AC_SEARCH_LIBS([xdrmem_create],[rpc xdr nsl],[],
-		[AC_MSG_ERROR([Cannot find a XDR library])])
-	])
-
-dnl check for cygwin's variation in xdr function names
-AC_CHECK_FUNCS([xdr_u_int64_t],[],[],[#include <rpc/xdr.h>])
+AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/syslimits.h sys/un.h \
+  sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h])

 AC_CHECK_LIB([intl],[gettext],[])

@ -134,9 +122,6 @@ AM_CONDITIONAL([HAVE_GLIBC_RPCGEN],
 	        $ac_cv_path_RPCGEN -t </dev/null >/dev/null 2>&1])

 dnl Miscellaneous external programs.
-AC_PATH_PROG([RM], [rm], [/bin/rm])
-AC_PATH_PROG([MV], [mv], [/bin/mv])
-AC_PATH_PROG([TAR], [tar], [/bin/tar])
 AC_PATH_PROG([XMLLINT], [xmllint], [/usr/bin/xmllint])
 AC_PATH_PROG([XMLCATALOG], [xmlcatalog], [/usr/bin/xmlcatalog])
 AC_PATH_PROG([XSLTPROC], [xsltproc], [/usr/bin/xsltproc])
@ -186,6 +171,15 @@ AC_ARG_WITH([html-subdir], [AC_HELP_STRING([--with-html-subdir=path],
            [HTML_DIR="$HTML_DIR/\$(PACKAGE)-\$(VERSION)/html"])
 AC_SUBST([HTML_DIR])

+dnl Specific XML catalog file for validation of generated html
+AC_ARG_WITH([xml-catalog-file],
+            [AC_HELP_STRING([--with-xml-catalog-file=path],
+                [path to XML catalog file for validating
+                 generated html, default /etc/xml/catalog])],
+            [XML_CATALOG_FILE=$withval],
+            [XML_CATALOG_FILE='/etc/xml/catalog'])
+AC_SUBST([XML_CATALOG_FILE])
+
 dnl if --prefix is /usr, don't use /usr/var for localstatedir
 dnl or /usr/etc for sysconfdir
 dnl as this makes a lot of things break in testing situations
@ -197,22 +191,29 @@ if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc' ; then
    sysconfdir='/etc'
 fi

-dnl lxc and qemu drivers require linux headers
-case "$host" in
-  *-*-linux*)
-    # match linux here so the *) case will match anything non-linux
-    ;;
-  *)
-    if test "x$with_lxc" != "xyes"
+dnl Make some notes about which OS we're compiling for, as the lxc and qemu
+dnl drivers require linux headers, while storage_mpath and nwfilter are also
+dnl linux specific.  The "network" and storage_fs drivers are known to not
+dnl work on MacOS X presently, so we also make a note if compiling for that
+
+with_linux=no with_osx=no
+case $host in
+  *-*-linux*) with_linux=yes ;;
+  *-*-darwin*) with_osx=yes ;;
+esac
+
+if test $with_linux = no; then
+    if test "x$with_lxc" != xyes
    then
        with_lxc=no
    fi
-    if test "x$with_qemu" != "xyes"
+    if test "x$with_qemu" != xyes
    then
        with_qemu=no
    fi
-    ;;
-esac
+fi
+
+AM_CONDITIONAL([WITH_LINUX], [test "$with_linux" = "yes"])

 dnl Allow to build without Xen, QEMU/KVM, test or remote driver
 AC_ARG_WITH([xen],
@ -233,8 +234,8 @@ AC_ARG_WITH([xenapi],
  AC_HELP_STRING([--with-xenapi], [add XenAPI support @<:@default=check@:>@]),[],[with_xenapi=check])
 AC_ARG_WITH([vbox],
  AC_HELP_STRING([--with-vbox=@<:@PFX@:>@],
-                 [VirtualBox XPCOMC location @<:@default=check@:>@]),[],
-                 [with_vbox=check])
+                 [VirtualBox XPCOMC location @<:@default=yes@:>@]),[],
+                 [with_vbox=yes])
 AC_ARG_WITH([lxc],
  AC_HELP_STRING([--with-lxc], [add Linux Container support @<:@default=check@:>@]),[],[with_lxc=check])
 AC_ARG_WITH([one],
@ -249,13 +250,10 @@ AC_ARG_WITH([libvirtd],
  AC_HELP_STRING([--with-libvirtd], [add libvirtd support @<:@default=yes@:>@]),[],[with_libvirtd=yes])

 dnl
-dnl specific tests to setup DV devel environments with debug etc ...
+dnl in case someone want to build static binaries
+dnl STATIC_BINARIES="-static"
 dnl
-if test "${LOGNAME}" = "veillard" && test "`pwd`" = "/u/veillard/libvirt" ; then
-    STATIC_BINARIES="-static"
-else
-    STATIC_BINARIES=
-fi
+STATIC_BINARIES=
 AC_SUBST([STATIC_BINARIES])

 dnl --enable-debug=(yes|no)
@ -288,10 +286,10 @@ AC_ARG_WITH([init-script],
            [AC_HELP_STRING([--with-init-script=@<:@redhat|auto|none@:>@],
 		     [Style of init script to install @<:@default=auto@:>@])])
 if test "x$with_init_script" = "x" || test "x$with_init_script" = "xauto"; then
-    if test -f /etc/redhat-release ; then
-        with_init_script=redhat
-    else
+    if test "$cross_compiling" = yes || test ! -f /etc/redhat-release; then
        with_init_script=none
+    else
+        with_init_script=redhat
    fi
 fi
 AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_RED_HAT], test x$with_init_script = xredhat)
@ -318,56 +316,35 @@ fi
 AM_CONDITIONAL([WITH_OPENVZ], [test "$with_openvz" = "yes"])


+dnl
+dnl check for XDR
+dnl
+
+if test x"$with_remote" = x"yes" || test x"$with_libvirtd" = x"yes"; then
+    dnl Where are the XDR functions?
+    dnl If portablexdr is installed, prefer that.
+    dnl Otherwise try -lrpc (Cygwin) -lxdr (some MinGW), -lnsl (Solaris)
+    dnl or none (most Unix)
+    AC_CHECK_LIB([portablexdr],[xdrmem_create],[],[
+        AC_SEARCH_LIBS([xdrmem_create],[rpc xdr nsl],[],
+            [AC_MSG_ERROR([Cannot find a XDR library])])
+        ])
+
+    dnl check for cygwin's variation in xdr function names
+    AC_CHECK_FUNCS([xdr_u_int64_t],[],[],[#include <rpc/xdr.h>])
+fi
+
+
 dnl
 dnl check for VirtualBox XPCOMC location
 dnl

 vbox_xpcomc_dir=

-if test "x$with_vbox" = "xyes" || test "x$with_vbox" = "xcheck"; then
-    AC_MSG_CHECKING([for VirtualBox XPCOMC location])
-
-    for vbox in \
-        /usr/lib/virtualbox/VBoxXPCOMC.so \
-        /usr/lib/VirtualBox/VBoxXPCOMC.so \
-        /opt/virtualbox/VBoxXPCOMC.so \
-        /opt/VirtualBox/VBoxXPCOMC.so \
-        /opt/virtualbox/i386/VBoxXPCOMC.so \
-        /opt/VirtualBox/i386/VBoxXPCOMC.so \
-        /opt/virtualbox/amd64/VBoxXPCOMC.so \
-        /opt/VirtualBox/amd64/VBoxXPCOMC.so \
-        /usr/local/lib/virtualbox/VBoxXPCOMC.so \
-        /usr/local/lib/VirtualBox/VBoxXPCOMC.so \
-        /Application/VirtualBox.app/Contents/MacOS/VBoxXPCOMC.dylib \
-        ; do
-        if test -f "$vbox"; then
-            vbox_xpcomc_dir=`AS_DIRNAME(["$vbox"])`
-            break
-        fi
-    done
-
-    if test -n "$vbox_xpcomc_dir"; then
-        AC_MSG_RESULT([$vbox_xpcomc_dir])
-        with_vbox=yes
-    else
-        if test "x$with_vbox" = "xcheck"; then
-            AC_MSG_RESULT([not found, disabling VirtualBox driver])
-            with_vbox=no
-        else
-            AC_MSG_RESULT([not found])
-            AC_MSG_ERROR([VirtualBox XPCOMC is required for the VirtualBox driver])
-        fi
-    fi
-else
-    if test "x$with_vbox" != "xno"; then
-        if test -f ${with_vbox}/VBoxXPCOMC.so || \
-           test -f ${with_vbox}/VBoxXPCOMC.dylib; then
-            vbox_xpcomc_dir=$with_vbox
-            with_vbox=yes
-        else
-            AC_MSG_ERROR([$with_vbox does not contain VirtualBox XPCOMC])
-        fi
-    fi
+if test "x$with_vbox" != "xyes" && test "x$with_vbox" != "xno"; then
+    # intentionally don't do any further checks here on the provided path
+    vbox_xpcomc_dir=$with_vbox
+    with_vbox=yes
 fi

 AC_DEFINE_UNQUOTED([VBOX_XPCOMC_DIR], ["$vbox_xpcomc_dir"],
@ -574,6 +551,56 @@ if test "$with_lxc" = "yes" ; then
 fi
 AM_CONDITIONAL([WITH_LXC], [test "$with_lxc" = "yes"])

+dnl
+dnl check for shell that understands <> redirection without truncation,
+dnl needed by src/qemu/qemu_monitor_{text,json}.c.
+dnl
+if test "$with_qemu" = yes; then
+  lv_wrapper_shell=
+  AC_CACHE_CHECK([for shell that supports <> redirection],
+    [lv_cv_wrapper_shell],
+    [
+    # If cross-compiling, guess that /bin/sh is good enough except for
+    # Linux, where it might be dash 0.5.5 which is known broken; and on
+    # Linux, we have a good chance that /bin/bash will exist.
+    # If we guess wrong, a user can override the cache variable.
+    # Going through /bin/bash is a slight slowdown if /bin/sh works.
+    if test "$cross_compiling" = yes; then
+      case $host_os in
+        linux*) lv_cv_wrapper_shell=/bin/bash ;;
+        *) lv_cv_wrapper_shell=/bin/sh ;;
+      esac
+    else
+      for lv_cv_wrapper_shell in /bin/sh bash ksh zsh none; do
+        test $lv_cv_wrapper_shell = none &&
+          AC_MSG_ERROR([could not find decent shell])
+        echo a > conftest.a
+        ($lv_cv_wrapper_shell -c ': 1<>conftest.a') 2>/dev/null &&
+        case `cat conftest.a`.$lv_cv_wrapper_shell in
+          a./*) break;; dnl /bin/sh is good enough
+          a.*) dnl bash, ksh, and zsh all understand 'command', use that
+               dnl to determine the absolute path of the shell
+            lv_cv_wrapper_shell=`$lv_cv_wrapper_shell -c \
+              "command -v $lv_cv_wrapper_shell"`
+            case $lv_cv_wrapper_shell in
+              /*) break;;
+            esac
+            ;;
+        esac
+      done
+      rm -f conftest.a
+    fi
+  ])
+  if test "x$lv_cv_wrapper_shell" != x/bin/sh; then
+    lv_wrapper_shell=$lv_cv_wrapper_shell
+  fi
+  if test "x$lv_wrapper_shell" != x; then
+    AC_DEFINE_UNQUOTED([VIR_WRAPPER_SHELL], ["$lv_wrapper_shell"],
+      [Define to the absolute path of a shell that does not truncate on
+       <> redirection, if /bin/sh does not fit the bill])
+  fi
+fi
+

 dnl
 dnl check for kernel headers required by src/bridge.c
@ -902,6 +929,52 @@ AM_CONDITIONAL([HAVE_AVAHI], [test "x$with_avahi" = "xyes"])
 AC_SUBST([AVAHI_CFLAGS])
 AC_SUBST([AVAHI_LIBS])

+dnl Audit library
+AC_ARG_WITH([audit],
+  AC_HELP_STRING([--with-audit], [use audit library @<:@default=check@:>@]),
+  [],
+  [with_audit=check])
+
+AUDIT_CFLAGS=
+AUDIT_LIBS=
+if test "$with_audit" != "no" ; then
+  old_cflags="$CFLAGS"
+  old_libs="$LIBS"
+  if test "$with_audit" != "check" && "$with_audit" != "yes" ; then
+    AUDIT_CFLAGS="-I$with_audit/include"
+    AUDIT_LIBS="-L$with_audit/lib"
+  fi
+  CFLAGS="$CFLAGS $AUDIT_CFLAGS"
+  LIBS="$LIBS $AUDIT_LIBS"
+  fail=0
+  AC_CHECK_HEADER([libaudit.h], [], [fail=1])
+  AC_CHECK_LIB([audit], [audit_is_enabled], [], [fail=1])
+
+  if test $fail = 1 ; then
+    if test "$with_audit" = "yes" ; then
+      AC_MSG_ERROR([You must install the Audit library in order to compile and run libvirt])
+    else
+      with_audit=no
+      AUDIT_CFLAGS=
+      AUDIT_LIBS=
+    fi
+  else
+    with_audit=yes
+  fi
+
+  if test "$with_audit" = "yes" ; then
+    AUDIT_LIBS="$AUDIT_LIBS -laudit"
+    AC_DEFINE_UNQUOTED([HAVE_AUDIT], 1, [whether libaudit is available])
+  fi
+
+  CFLAGS="$old_cflags"
+  LIBS="$old_libs"
+fi
+AM_CONDITIONAL([HAVE_AUDIT], [test "$with_audit" = "yes"])
+AC_SUBST([AUDIT_CFLAGS])
+AC_SUBST([AUDIT_LIBS])
+
+
 dnl SELinux
 AC_ARG_WITH([selinux],
  AC_HELP_STRING([--with-selinux], [use SELinux to manage security @<:@default=check@:>@]),
@ -1052,6 +1125,29 @@ fi
 AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmor" != "no"])


+dnl DTrace static probes
+AC_ARG_WITH([dtrace],
+  AC_HELP_STRING([--with-dtrace], [use dtrace for static probing @<:@default=check@:>@]),
+  [],
+  [with_dtrace=check])
+
+if test "$with_dtrace" != "no" ; then
+  AC_PATH_PROG([DTRACE], [dtrace], [], [/bin:/usr/bin])
+  if test -z "$DTRACE" ; then
+    if test "$with_dtrace" = "check"; then
+      with_dtrace=no
+    else
+      AC_MSG_ERROR([You must install the 'dtrace' binary to enable libvirt static probes])
+    fi
+  else
+    with_dtrace=yes
+  fi
+  if test "$with_dtrace" = "yes"; then
+    AC_DEFINE_UNQUOTED([WITH_DTRACE], 1, [whether DTrace static probes are available])
+  fi
+fi
+AM_CONDITIONAL([WITH_DTRACE], [test "$with_dtrace" != "no"])
+

 dnl NUMA lib
 AC_ARG_WITH([numactl],
@ -1304,12 +1400,18 @@ fi
 AC_SUBST([READLINE_CFLAGS])
 AC_SUBST([VIRSH_LIBS])

+dnl check if the network driver should be compiled

 AC_ARG_WITH([network],
  AC_HELP_STRING([--with-network], [with virtual network driver @<:@default=yes@:>@]),[],[with_network=yes])
-if test "$with_libvirtd" = "no" ; then
+
+dnl there's no use compiling the network driver without the libvirt
+dnl daemon, nor compiling it for MacOS X, where it breaks the compile
+
+if test "$with_libvirtd" = "no" || test "$with_osx" = "yes"; then
  with_network=no
 fi
+
 if test "$with_network" = "yes" ; then
  AC_DEFINE_UNQUOTED([WITH_NETWORK], 1, [whether network driver is enabled])
 fi
@ -1358,15 +1460,6 @@ if test "$with_secrets" = "yes" ; then
 fi
 AM_CONDITIONAL([WITH_SECRETS], [test "$with_secrets" = "yes"])

-with_nwfilter=yes
-if test "$with_libvirtd" = "no"; then
-  with_nwfilter=no
-fi
-if test "$with_nwfilter" = "yes" ; then
-  AC_DEFINE([WITH_NWFILTER], 1, [whether local network filter management driver is available])
-fi
-AM_CONDITIONAL([WITH_NWFILTER], [test "$with_nwfilter" = "yes"])
-

 AC_ARG_WITH([storage-fs],
  AC_HELP_STRING([--with-storage-fs], [with FileSystem backend for the storage driver @<:@default=check@:>@]),[],[with_storage_fs=check])
@ -1396,6 +1489,11 @@ if test "$with_storage_dir" = "yes" ; then
 fi
 AM_CONDITIONAL([WITH_STORAGE_DIR], [test "$with_storage_dir" = "yes"])

+dnl storage-fs does not work on MacOS X
+
+if test "$with_osx" = "yes"; then
+  with_storage_fs=no
+fi

 if test "$with_storage_fs" = "yes" || test "$with_storage_fs" = "check"; then
  AC_PATH_PROG([MOUNT], [mount], [], [$PATH:/sbin:/usr/sbin])
@ -1510,7 +1608,7 @@ if test "$with_storage_scsi" = "check"; then
 fi
 AM_CONDITIONAL([WITH_STORAGE_SCSI], [test "$with_storage_scsi" = "yes"])

-if test "$with_storage_mpath" = "check"; then
+if test "$with_storage_mpath" = "check" && test "$with_linux" = "yes"; then
   with_storage_mpath=yes

   AC_DEFINE_UNQUOTED([WITH_STORAGE_MPATH], 1,
@ -1631,6 +1729,12 @@ if test "$with_xenapi" = "yes" ; then
 fi
 AM_CONDITIONAL([WITH_XENAPI], [test "$with_xenapi" = "yes"])

+# XXX as of libcurl-devel-7.20.1-3.fc13.x86_64, curl ships a version
+# of <curl/curl.h> that #defines several wrapper macros around underlying
+# functions to add type safety for gcc only.  However, these macros
+# spuriously trip gcc's -Wlogical-op warning.  Avoid the warning by
+# disabling the wrappers; even if it removes some type-check safety.
+LIBCURL_CFLAGS="-DCURL_DISABLE_TYPECHECK $LIBCURL_CFLAGS"

 AC_SUBST([LIBCURL_CFLAGS])
 AC_SUBST([LIBCURL_LIBS])
@ -1746,6 +1850,7 @@ AC_ARG_ENABLE([test-coverage],
 enable_coverage=$enableval

 if test "${enable_coverage}" = yes; then
+  COMPILER_FLAGS=
  gl_COMPILER_FLAGS(-fprofile-arcs)
  gl_COMPILER_FLAGS(-ftest-coverage)
  AC_SUBST([COVERAGE_CFLAGS], [$COMPILER_FLAGS])
@ -1833,6 +1938,7 @@ CYGWIN_EXTRA_PYTHON_LIBADD=
 MINGW_EXTRA_LDFLAGS=
 WIN32_EXTRA_CFLAGS=
 LIBVIRT_SYMBOL_FILE=libvirt.syms
+LIBVIRT_QEMU_SYMBOL_FILE='$(srcdir)/libvirt_qemu.syms'
 case "$host" in
  *-*-cygwin*)
    CYGWIN_EXTRA_LDFLAGS="-no-undefined"
@ -1858,6 +1964,7 @@ case "$host" in
    # Also set the symbol file to .def, so src/Makefile generates libvirt.def
    # from libvirt.syms and passes libvirt.def instead of libvirt.syms to the linker
    LIBVIRT_SYMBOL_FILE=libvirt.def
+    LIBVIRT_QEMU_SYMBOL_FILE=libvirt_qemu.def
    # mingw's ld has the --version-script parameter, but it requires a .def file
    # instead to work properly, therefore clear --version-script here and use
    # -Wl, to pass the .def file to the linker
@ -1872,6 +1979,7 @@ AC_SUBST([CYGWIN_EXTRA_PYTHON_LIBADD])
 AC_SUBST([MINGW_EXTRA_LDFLAGS])
 AC_SUBST([WIN32_EXTRA_CFLAGS])
 AC_SUBST([LIBVIRT_SYMBOL_FILE])
+AC_SUBST([LIBVIRT_QEMU_SYMBOL_FILE])
 AC_SUBST([VERSION_SCRIPT_FLAGS])


@ -2019,14 +2127,17 @@ then
 fi
 AM_CONDITIONAL([WITH_NODE_DEVICES], [test "$with_nodedev" = "yes"])

-with_linux=no
-case "$host" in
-  *-*-linux*)
-    with_linux=yes
-    ;;
-esac
-AM_CONDITIONAL([WITH_LINUX], [test "$with_linux" = "yes"])
+dnl nwfilter should only be compiled for linux, and only if the
+dnl libvirt daemon is also being compiled

+with_nwfilter=yes
+if test "$with_libvirtd" = "no" || test "$with_linux" != "yes"; then
+  with_nwfilter=no
+fi
+if test "$with_nwfilter" = "yes" ; then
+  AC_DEFINE([WITH_NWFILTER], 1, [whether local network filter management driver is available])
+fi
+AM_CONDITIONAL([WITH_NWFILTER], [test "$with_nwfilter" = "yes"])

 AC_ARG_WITH([qemu-user],
  AC_HELP_STRING([--with-qemu-user], [username to run QEMU system instance as @<:@default=root@:>@]),
@ -2045,6 +2156,7 @@ AC_ARG_WITH([macvtap],
  [with_macvtap=${withval}],
  [with_macvtap=check])

+AC_MSG_CHECKING([whether to compile with macvtap support])
 if test "$with_macvtap" != "no" ; then
    AC_TRY_COMPILE([ #include <sys/socket.h>
                     #include <linux/rtnetlink.h> ],
@ -2062,19 +2174,46 @@ if test "$with_macvtap" != "no" ; then
    AC_DEFINE_UNQUOTED([WITH_MACVTAP], $val, [whether macvtap support is enabled])
 fi
 AM_CONDITIONAL([WITH_MACVTAP], [test "$with_macvtap" = "yes"])
+AC_MSG_RESULT([$with_macvtap])
+
+AC_ARG_WITH([virtualport],
+  AC_HELP_STRING([--with-virtualport],[enable virtual port support @<:@default=check@:>@]),
+  [with_virtualport=${withval}],
+  [with_virtualport=check])
+
+dnl Warn the user and error out if they requested virtualport support with configure
+dnl options, but the required macvtap support isn't available

-AC_TRY_COMPILE([ #include <sys/socket.h>
-                 #include <linux/rtnetlink.h> ],
-                 [ int x = IFLA_PORT_MAX; ],
-                 [ with_virtualport=yes ],
-                 [ with_virtualport=no ])
 if test "$with_virtualport" = "yes"; then
-    val=1
-else
-    val=0
+    if test "$with_macvtap" = "no"; then
+        AC_MSG_ERROR([--with-virtualport requires --with-macvtap])
+    fi
+fi
+
+dnl virtualport checks
+
+if test "$with_macvtap" != "yes"; then
+    with_virtualport=no
+fi
+if test "$with_virtualport" != "no"; then
+    AC_MSG_CHECKING([whether to compile with virtual port support])
+    AC_TRY_COMPILE([ #include <sys/socket.h>
+                     #include <linux/rtnetlink.h> ],
+                     [ int x = IFLA_PORT_MAX; ],
+                     [ with_virtualport=yes ],
+                     [ if test "$with_virtualport" = "yes" ; then
+                         AC_MSG_ERROR([Installed linux headers don't show support for virtual port support.])
+                       fi
+                       with_virtualport=no ])
+    if test "$with_virtualport" = "yes"; then
+        val=1
+    else
+        val=0
+    fi
+    AC_DEFINE_UNQUOTED([WITH_VIRTUALPORT], $val,
+                       [whether vsi vepa support is enabled])
+    AC_MSG_RESULT([$with_virtualport])
 fi
-AC_DEFINE_UNQUOTED([WITH_VIRTUALPORT], $val,
-                   [whether vsi vepa support is enabled])
 AM_CONDITIONAL([WITH_VIRTUALPORT], [test "$with_virtualport" = "yes"])


@ -2083,7 +2222,7 @@ dnl netlink library
 LIBNL_CFLAGS=""
 LIBNL_LIBS=""

-if test "$with_macvtap" = "yes" || test "$with_virtualport" = "yes"; then
+if test "$with_macvtap" = "yes"; then
    PKG_CHECK_MODULES([LIBNL], [libnl-1 >= $LIBNL_REQUIRED], [
    ], [
        AC_MSG_ERROR([libnl >= $LIBNL_REQUIRED is required for macvtap support])
@ -2129,8 +2268,10 @@ AC_OUTPUT(Makefile src/Makefile include/Makefile docs/Makefile \
          examples/domain-events/events-c/Makefile \
          examples/domsuspend/Makefile \
          examples/dominfo/Makefile \
+          examples/openauth/Makefile \
          examples/python/Makefile \
          examples/hellolibvirt/Makefile \
+          examples/systemtap/Makefile \
          examples/xml/nwfilter/Makefile)

 AC_MSG_NOTICE([])
@ -2220,6 +2361,11 @@ fi
 else
 AC_MSG_NOTICE([  polkit: no])
 fi
+if test "$with_audit" = "yes" ; then
+AC_MSG_NOTICE([   audit: $AUDIT_CFLAGS $AUDIT_LIBS])
+else
+AC_MSG_NOTICE([   audit: no])
+fi
 if test "$with_selinux" = "yes" ; then
 AC_MSG_NOTICE([ selinux: $SELINUX_CFLAGS $SELINUX_LIBS])
 else
@ -2288,10 +2434,12 @@ AC_MSG_NOTICE([  Alloc OOM: $enable_oom])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Miscellaneous])
 AC_MSG_NOTICE([])
-AC_MSG_NOTICE([     Debug: $enable_debug])
-AC_MSG_NOTICE([  Warnings: $enable_compile_warnings])
-AC_MSG_NOTICE([  Readline: $lv_use_readline])
-AC_MSG_NOTICE([    Python: $with_python])
+AC_MSG_NOTICE([        Debug: $enable_debug])
+AC_MSG_NOTICE([     Warnings: $enable_compile_warnings])
+AC_MSG_NOTICE([     Readline: $lv_use_readline])
+AC_MSG_NOTICE([       Python: $with_python])
+AC_MSG_NOTICE([       DTrace: $with_dtrace])
+AC_MSG_NOTICE([  XML Catalog: $XML_CATALOG_FILE])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Privileges])
 AC_MSG_NOTICE([])
--- a/daemon/.gitignore
+++ b/daemon/.gitignore
@ -1,5 +1,3 @@
-*.gcda
-*.gcno
 *.la
 *.lo
 .deps
@ -9,5 +7,7 @@ Makefile.in
 libvirt_qemud
 libvirtd
 libvirtd.init
-libvirt-guests.init
 libvirtd*.logrotate
+libvirtd.pod
+libvirtd.8
+probes.h
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@ -1,5 +1,7 @@
 ## Process this file with automake to produce Makefile.in

+CLEANFILES =
+
 DAEMON_SOURCES =					\
 		event.c event.h				\
 		libvirtd.c libvirtd.h			\
@ -10,7 +12,12 @@ DAEMON_SOURCES =					\
 		remote_dispatch_table.h			\
 		remote_dispatch_args.h			\
 		remote_dispatch_ret.h			\
-		../src/remote/remote_protocol.c
+		qemu_dispatch_prototypes.h		\
+		qemu_dispatch_table.h			\
+		qemu_dispatch_args.h			\
+		qemu_dispatch_ret.h			\
+		../src/remote/remote_protocol.c		\
+		../src/remote/qemu_protocol.c

 AVAHI_SOURCES =						\
 		mdns.c mdns.h
@ -30,8 +37,8 @@ EXTRA_DIST =						\
 	libvirtd.uml.logrotate.in                       \
 	test_libvirtd.aug                               \
 	THREADING.txt					\
-	libvirt-guests.init.in				\
-	libvirt-guests.sysconf				\
+	libvirtd.pod.in					\
+	libvirtd.stp					\
 	$(AVAHI_SOURCES)				\
 	$(DAEMON_SOURCES)

@ -39,6 +46,8 @@ BUILT_SOURCES =

 if WITH_LIBVIRTD

+man_MANS = libvirtd.8
+
 sbin_PROGRAMS = libvirtd

 confdir = $(sysconfdir)/libvirt/
@ -50,6 +59,20 @@ augeas_DATA = libvirtd.aug
 augeastestsdir = $(datadir)/augeas/lenses/tests
 augeastests_DATA = test_libvirtd.aug

+POD2MAN = pod2man -c "Virtualization Support" \
+			-r "$(PACKAGE)-$(VERSION)" -s 8
+
+libvirtd.pod: libvirtd.pod.in
+	sed \
+	    -e 's![@]sysconfdir[@]!$(sysconfdir)!g' \
+	    -e 's![@]localstatedir[@]!$(localstatedir)!g' \
+	    -e 's![@]remote_pid_file[@]!$(REMOTE_PID_FILE)!g' \
+	    < $< > $@-t
+	mv $@-t $@
+
+libvirtd.8: libvirtd.pod
+	$(AM_V_GEN)$(POD2MAN) $< $@
+
 libvirtd_SOURCES = $(DAEMON_SOURCES)

 #-D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_POSIX_C_SOURCE=199506L
@ -79,11 +102,9 @@ libvirtd_LDADD =					\
 	$(SASL_LIBS)					\
 	$(POLKIT_LIBS)

-libvirtd_LDADD += ../src/libvirt_util.la
+libvirtd_LDADD += ../src/libvirt-qemu.la

-if WITH_DRIVER_MODULES
-  libvirtd_LDADD += ../src/libvirt_driver.la
-else
+if ! WITH_DRIVER_MODULES
 if WITH_QEMU
    libvirtd_LDADD += ../src/libvirt_driver_qemu.la
 endif
@ -143,6 +164,25 @@ libvirtd_CFLAGS += $(AVAHI_CFLAGS)
 libvirtd_LDADD += $(AVAHI_LIBS)
 endif

+EXTRA_DIST += probes.d libvirtd.stp
+
+if WITH_DTRACE
+libvirtd_LDADD += probes.o
+nodist_libvirtd_SOURCES = probes.h
+
+BUILT_SOURCES += probes.h
+
+tapsetdir = $(datadir)/systemtap/tapsets
+tapset_DATA = libvirtd.stp
+
+probes.h: probes.d
+	$(AM_V_GEN)$(DTRACE) -o $@ -h -s $<
+
+probes.o: probes.d
+	$(AM_V_GEN)$(DTRACE) -o $@ -G -s $<
+
+CLEANFILES += probes.h probes.o
+endif

 install-data-local: install-init install-data-sasl install-data-polkit \
                    install-logrotate
@ -167,24 +207,44 @@ uninstall-data-polkit::
 endif


-remote.c: remote_dispatch_prototypes.h \
-	  remote_dispatch_table.h \
-	  remote_dispatch_args.h \
-	  remote_dispatch_ret.h
+remote.c: \
+	remote_dispatch_prototypes.h \
+	remote_dispatch_table.h \
+	qemu_dispatch_prototypes.h \
+	qemu_dispatch_table.h
+
+remote.h: \
+	remote_dispatch_args.h \
+	remote_dispatch_ret.h \
+	qemu_dispatch_args.h \
+	qemu_dispatch_ret.h

 REMOTE_PROTOCOL = $(top_srcdir)/src/remote/remote_protocol.x
+QEMU_PROTOCOL = $(top_srcdir)/src/remote/qemu_protocol.x

 remote_dispatch_prototypes.h: $(srcdir)/remote_generate_stubs.pl $(REMOTE_PROTOCOL)
-	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -p $(REMOTE_PROTOCOL) > $@
+	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -c -p remote $(REMOTE_PROTOCOL) > $@

 remote_dispatch_table.h: $(srcdir)/remote_generate_stubs.pl $(REMOTE_PROTOCOL)
-	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -t $(REMOTE_PROTOCOL) > $@
+	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -c -t remote $(REMOTE_PROTOCOL) > $@

 remote_dispatch_args.h: $(srcdir)/remote_generate_stubs.pl $(REMOTE_PROTOCOL)
-	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -a $(REMOTE_PROTOCOL) > $@
+	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -c -a remote $(REMOTE_PROTOCOL) > $@

 remote_dispatch_ret.h: $(srcdir)/remote_generate_stubs.pl $(REMOTE_PROTOCOL)
-	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -r $(REMOTE_PROTOCOL) > $@
+	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -c -r remote $(REMOTE_PROTOCOL) > $@
+
+qemu_dispatch_prototypes.h: $(srcdir)/remote_generate_stubs.pl $(QEMU_PROTOCOL)
+	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -p qemu $(QEMU_PROTOCOL) > $@
+
+qemu_dispatch_table.h: $(srcdir)/remote_generate_stubs.pl $(QEMU_PROTOCOL)
+	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -t qemu $(QEMU_PROTOCOL) > $@
+
+qemu_dispatch_args.h: $(srcdir)/remote_generate_stubs.pl $(QEMU_PROTOCOL)
+	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -a qemu $(QEMU_PROTOCOL) > $@
+
+qemu_dispatch_ret.h: $(srcdir)/remote_generate_stubs.pl $(QEMU_PROTOCOL)
+	$(AM_V_GEN)perl -w $(srcdir)/remote_generate_stubs.pl -r qemu $(QEMU_PROTOCOL) > $@

 LOGROTATE_CONFS = libvirtd.qemu.logrotate libvirtd.lxc.logrotate \
                  libvirtd.uml.logrotate
@ -219,27 +279,21 @@ install-logrotate: $(LOGROTATE_CONFS)
 	$(INSTALL_DATA) libvirtd.uml.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml

 if LIBVIRT_INIT_SCRIPT_RED_HAT
-install-init: libvirtd.init libvirt-guests.init
+install-init: libvirtd.init
 	mkdir -p $(DESTDIR)$(sysconfdir)/rc.d/init.d
 	$(INSTALL_SCRIPT) libvirtd.init \
 	  $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd
-	$(INSTALL_SCRIPT) libvirt-guests.init \
-	  $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirt-guests
 	mkdir -p $(DESTDIR)$(sysconfdir)/sysconfig
-	$(INSTALL_SCRIPT) $(srcdir)/libvirtd.sysconf \
+	$(INSTALL_DATA) $(srcdir)/libvirtd.sysconf \
 	  $(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
-	$(INSTALL_SCRIPT) $(srcdir)/libvirt-guests.sysconf \
-	  $(DESTDIR)$(sysconfdir)/sysconfig/libvirt-guests

 uninstall-init:
 	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd \
-		$(DESTDIR)$(sysconfdir)/sysconfig/libvirtd \
-		$(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirt-guests \
-		$(DESTDIR)$(sysconfdir)/sysconfig/libvirt-guests
+		$(DESTDIR)$(sysconfdir)/sysconfig/libvirtd

-BUILT_SOURCES += libvirtd.init libvirt-guests.init
+BUILT_SOURCES += libvirtd.init

-%.init: %.init.in $(top_builddir)/config.status
+libvirtd.init: libvirtd.init.in $(top_builddir)/config.status
 	$(AM_V_GEN)sed					\
 	    -e s!\@localstatedir\@!@localstatedir@!g	\
 	    -e s!\@sbindir\@!@sbindir@!g		\
@ -285,5 +339,5 @@ uninstall-data-sasl:
 endif


-CLEANFILES = $(BUILT_SOURCES)
+CLEANFILES += $(BUILT_SOURCES) $(man_MANS) libvirtd.pod
 CLEANFILES += *.cov *.gcov .libs/*.gcda .libs/*.gcno *.gcno *.gcda
--- a/daemon/dispatch.c
+++ b/daemon/dispatch.c
@ -23,6 +23,10 @@

 #include <config.h>

+#include <stdio.h>
+#include <stdarg.h>
+#include <stdbool.h>
+
 #include "dispatch.h"
 #include "remote.h"

@ -194,6 +198,8 @@ remoteSerializeError(struct qemud_client *client,
    return 0;

 xdr_error:
+    VIR_WARN("Failed to serialize remote error '%s' as XDR",
+             rerr->message ? *rerr->message : "<unknown>");
    xdr_destroy(&xdr);
    VIR_FREE(msg);
 fatal_error:
@ -336,10 +342,11 @@ cleanup:
 }


-int
+static int
 remoteDispatchClientCall (struct qemud_server *server,
                          struct qemud_client *client,
-                          struct qemud_client_message *msg);
+                          struct qemud_client_message *msg,
+                          bool qemu_protocol);


 /*
@ -356,12 +363,13 @@ remoteDispatchClientCall (struct qemud_server *server,
 * Returns 0 if the message was dispatched, -1 upon fatal error
 */
 int
-remoteDispatchClientRequest (struct qemud_server *server,
-                             struct qemud_client *client,
-                             struct qemud_client_message *msg)
+remoteDispatchClientRequest(struct qemud_server *server,
+                            struct qemud_client *client,
+                            struct qemud_client_message *msg)
 {
    int ret;
    remote_error rerr;
+    bool qemu_call;

    DEBUG("prog=%d ver=%d type=%d status=%d serial=%d proc=%d",
          msg->hdr.prog, msg->hdr.vers, msg->hdr.type,
@ -370,22 +378,33 @@ remoteDispatchClientRequest (struct qemud_server *server,
    memset(&rerr, 0, sizeof rerr);

    /* Check version, etc. */
-    if (msg->hdr.prog != REMOTE_PROGRAM) {
+    if (msg->hdr.prog == REMOTE_PROGRAM)
+        qemu_call = false;
+    else if (msg->hdr.prog == QEMU_PROGRAM)
+        qemu_call = true;
+    else {
        remoteDispatchFormatError (&rerr,
-                                   _("program mismatch (actual %x, expected %x)"),
-                                   msg->hdr.prog, REMOTE_PROGRAM);
+                                   _("program mismatch (actual %x, expected %x or %x)"),
+                                   msg->hdr.prog, REMOTE_PROGRAM, QEMU_PROGRAM);
        goto error;
    }
-    if (msg->hdr.vers != REMOTE_PROTOCOL_VERSION) {
+
+    if (!qemu_call && msg->hdr.vers != REMOTE_PROTOCOL_VERSION) {
        remoteDispatchFormatError (&rerr,
                                   _("version mismatch (actual %x, expected %x)"),
                                   msg->hdr.vers, REMOTE_PROTOCOL_VERSION);
        goto error;
    }
+    else if (qemu_call && msg->hdr.vers != QEMU_PROTOCOL_VERSION) {
+        remoteDispatchFormatError (&rerr,
+                                   _("version mismatch (actual %x, expected %x)"),
+                                   msg->hdr.vers, QEMU_PROTOCOL_VERSION);
+        goto error;
+    }

    switch (msg->hdr.type) {
    case REMOTE_CALL:
-        return remoteDispatchClientCall(server, client, msg);
+        return remoteDispatchClientCall(server, client, msg, qemu_call);

    case REMOTE_STREAM:
        /* Since stream data is non-acked, async, we may continue to received
@ -427,10 +446,11 @@ error:
 *
 * Returns 0 if the reply was sent, or -1 upon fatal error
 */
-int
+static int
 remoteDispatchClientCall (struct qemud_server *server,
                          struct qemud_client *client,
-                          struct qemud_client_message *msg)
+                          struct qemud_client_message *msg,
+                          bool qemu_protocol)
 {
    XDR xdr;
    remote_error rerr;
@ -469,7 +489,10 @@ remoteDispatchClientCall (struct qemud_server *server,
        }
    }

-    data = remoteGetDispatchData(msg->hdr.proc);
+    if (qemu_protocol)
+        data = qemuGetDispatchData(msg->hdr.proc);
+    else
+        data = remoteGetDispatchData(msg->hdr.proc);

    if (!data) {
        remoteDispatchFormatError (&rerr, _("unknown procedure: %d"),
@ -525,7 +548,8 @@ remoteDispatchClientCall (struct qemud_server *server,

    if (remoteEncodeClientMessageHeader(msg) < 0) {
        xdr_free (data->ret_filter, (char*)&ret);
-        goto fatal_error;
+        remoteDispatchFormatError(&rerr, "%s", _("failed to serialize reply header"));
+        goto xdr_hdr_error;
    }


@ -535,22 +559,30 @@ remoteDispatchClientCall (struct qemud_server *server,
                   msg->bufferLength,
                   XDR_ENCODE);

-    if (xdr_setpos(&xdr, msg->bufferOffset) == 0)
+    if (xdr_setpos(&xdr, msg->bufferOffset) == 0) {
+        remoteDispatchFormatError(&rerr, "%s", _("failed to change XDR reply offset"));
        goto xdr_error;
+    }

    /* If OK, serialise return structure, if error serialise error. */
    /* Serialise reply data */
-    if (!((data->ret_filter) (&xdr, &ret)))
+    if (!((data->ret_filter) (&xdr, &ret))) {
+        remoteDispatchFormatError(&rerr, "%s", _("failed to serialize reply payload (probable message size limit)"));
        goto xdr_error;
+    }

    /* Update the length word. */
    msg->bufferOffset += xdr_getpos (&xdr);
    len = msg->bufferOffset;
-    if (xdr_setpos (&xdr, 0) == 0)
+    if (xdr_setpos (&xdr, 0) == 0) {
+        remoteDispatchFormatError(&rerr, "%s", _("failed to change XDR reply offset"));
        goto xdr_error;
+    }

-    if (!xdr_u_int (&xdr, &len))
+    if (!xdr_u_int (&xdr, &len)) {
+        remoteDispatchFormatError(&rerr, "%s", _("failed to update reply length header"));
        goto xdr_error;
+    }

    xdr_destroy (&xdr);
    xdr_free (data->ret_filter, (char*)&ret);
@ -565,23 +597,27 @@ remoteDispatchClientCall (struct qemud_server *server,

    return 0;

+xdr_error:
+    /* Bad stuff serializing reply. Try to send a little info
+     * back to client to assist in bug reporting/diagnosis */
+    xdr_free (data->ret_filter, (char*)&ret);
+    xdr_destroy (&xdr);
+    /* fallthrough */
+
+xdr_hdr_error:
+    VIR_WARN("Failed to serialize reply for program '%d' proc '%d' as XDR",
+             msg->hdr.prog, msg->hdr.proc);
+    /* fallthrough */
+
 rpc_error:
-    /* Semi-bad stuff happened, we can still try to send back
-     * an RPC error message to client */
+    /* Bad stuff (de-)serializing message, but we have an
+     * RPC error message we can send back to the client */
    rv = remoteSerializeReplyError(client, &rerr, &msg->hdr);

    if (rv >= 0)
        VIR_FREE(msg);

    return rv;
-
-xdr_error:
-    /* Seriously bad stuff happened, so we'll kill off this client
-       and not send back any RPC error */
-    xdr_free (data->ret_filter, (char*)&ret);
-    xdr_destroy (&xdr);
-fatal_error:
-    return -1;
 }


@ -664,5 +700,7 @@ xdr_error:
    xdr_destroy (&xdr);
 fatal_error:
    VIR_FREE(msg);
+    VIR_WARN("Failed to serialize stream data for proc %d as XDR",
+             stream->procedure);
    return -1;
 }
--- a/daemon/libvirtd.aug
+++ b/daemon/libvirtd.aug
@ -61,6 +61,9 @@ module Libvirtd =
                     | str_entry "log_filters"
                     | str_entry "log_outputs"

+   let auditing_entry = int_entry "audit_level"
+                      | bool_entry "audit_logging"
+
   (* Each enty in the config is one of the following three ... *)
   let entry = network_entry
             | sock_acl_entry
@ -69,6 +72,7 @@ module Libvirtd =
             | authorization_entry
             | processing_entry
             | logging_entry
+             | auditing_entry
   let comment = [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
   let empty = [ label "#empty" . eol ]

--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@ -64,6 +64,7 @@
 #include "memory.h"
 #include "stream.h"
 #include "hooks.h"
+#include "virtaudit.h"
 #ifdef HAVE_AVAHI
 # include "mdns.h"
 #endif
@ -187,6 +188,9 @@ static int max_requests = 20;
 /* Total number of 'in-process' RPC calls allowed by a single client*/
 static int max_client_requests = 5;

+static int audit_level = 1;
+static int audit_logging = 0;
+
 #define DH_BITS 1024

 static sig_atomic_t sig_errors = 0;
@ -203,6 +207,7 @@ enum {
    VIR_DAEMON_ERR_NETWORK,
    VIR_DAEMON_ERR_CONFIG,
    VIR_DAEMON_ERR_HOOKS,
+    VIR_DAEMON_ERR_AUDIT,

    VIR_DAEMON_ERR_LAST
 };
@ -217,7 +222,8 @@ VIR_ENUM_IMPL(virDaemonErr, VIR_DAEMON_ERR_LAST,
              "Unable to drop privileges",
              "Unable to initialize network sockets",
              "Unable to load configuration file",
-              "Unable to look for hook scripts")
+              "Unable to look for hook scripts",
+              "Unable to initialize audit system")

 static void sig_handler(int sig, siginfo_t * siginfo,
                        void* context ATTRIBUTE_UNUSED) {
@ -535,7 +541,6 @@ static int qemudWritePidFile(const char *pidFile) {
 static int qemudListenUnix(struct qemud_server *server,
                           char *path, int readonly, int auth) {
    struct qemud_socket *sock;
-    struct sockaddr_un addr;
    mode_t oldmask;
    gid_t oldgrp;
    char ebuf[1024];
@ -546,10 +551,15 @@ static int qemudListenUnix(struct qemud_server *server,
    }

    sock->readonly = readonly;
-    sock->port = -1;
    sock->type = QEMUD_SOCK_TYPE_UNIX;
    sock->auth = auth;
    sock->path = path;
+    sock->addr.len = sizeof(sock->addr.data.un);
+    if (!(sock->addrstr = strdup(path))) {
+        VIR_ERROR(_("Failed to copy socket address: %s"),
+                  virStrerror(errno, ebuf, sizeof ebuf));
+        goto cleanup;
+    }

    if ((sock->fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
        VIR_ERROR(_("Failed to create socket: %s"),
@ -561,14 +571,13 @@ static int qemudListenUnix(struct qemud_server *server,
        virSetNonBlock(sock->fd) < 0)
        goto cleanup;

-    memset(&addr, 0, sizeof(addr));
-    addr.sun_family = AF_UNIX;
-    if (virStrcpyStatic(addr.sun_path, path) == NULL) {
+    sock->addr.data.un.sun_family = AF_UNIX;
+    if (virStrcpyStatic(sock->addr.data.un.sun_path, path) == NULL) {
        VIR_ERROR(_("Path %s too long for unix socket"), path);
        goto cleanup;
    }
-    if (addr.sun_path[0] == '@')
-        addr.sun_path[0] = '\0';
+    if (sock->addr.data.un.sun_path[0] == '@')
+        sock->addr.data.un.sun_path[0] = '\0';

    oldgrp = getgid();
    oldmask = umask(readonly ? ~unix_sock_ro_mask : ~unix_sock_rw_mask);
@ -577,7 +586,7 @@ static int qemudListenUnix(struct qemud_server *server,
        goto cleanup;
    }

-    if (bind(sock->fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+    if (bind(sock->fd, &sock->addr.data.sa, sock->addr.len) < 0) {
        VIR_ERROR(_("Failed to bind socket to '%s': %s"),
                  path, virStrerror(errno, ebuf, sizeof ebuf));
        goto cleanup;
@ -686,16 +695,7 @@ remoteListenTCP (struct qemud_server *server,
        return -1;

    for (i = 0; i < nfds; ++i) {
-        union {
-            struct sockaddr_storage sa_stor;
-            struct sockaddr sa;
-            struct sockaddr_in sa_in;
-#ifdef AF_INET6
-            struct sockaddr_in6 sa_in6;
-#endif
-        } s;
        char ebuf[1024];
-        socklen_t salen = sizeof(s);

        if (VIR_ALLOC(sock) < 0) {
            VIR_ERROR(_("remoteListenTCP: calloc: %s"),
@ -703,6 +703,7 @@ remoteListenTCP (struct qemud_server *server,
            goto cleanup;
        }

+        sock->addr.len = sizeof(sock->addr.data.stor);
        sock->readonly = 0;
        sock->next = server->sockets;
        server->sockets = sock;
@ -712,17 +713,11 @@ remoteListenTCP (struct qemud_server *server,
        sock->type = type;
        sock->auth = auth;

-        if (getsockname(sock->fd, &s.sa, &salen) < 0)
+        if (getsockname(sock->fd, &sock->addr.data.sa, &sock->addr.len) < 0)
            goto cleanup;

-        if (s.sa.sa_family == AF_INET) {
-            sock->port = htons(s.sa_in.sin_port);
-#ifdef AF_INET6
-        } else if (s.sa.sa_family == AF_INET6)
-            sock->port = htons(s.sa_in6.sin6_port);
-#endif
-        else
-            sock->port = -1;
+        if (!(sock->addrstr = virSocketFormatAddrFull(&sock->addr, true, ";")))
+            goto cleanup;

        if (virSetCloseExec(sock->fd) < 0 ||
            virSetNonBlock(sock->fd) < 0)
@ -1037,8 +1032,9 @@ static int qemudNetworkInit(struct qemud_server *server) {
         */
        sock = server->sockets;
        while (sock) {
-            if (sock->port != -1 && sock->type == QEMUD_SOCK_TYPE_TLS) {
-                port = sock->port;
+            if (virSocketGetPort(&sock->addr) != -1 &&
+                sock->type == QEMUD_SOCK_TYPE_TLS) {
+                port = virSocketGetPort(&sock->addr);
                break;
            }
            sock = sock->next;
@ -1116,19 +1112,9 @@ remoteInitializeTLSSession (void)

 /* Check DN is on tls_allowed_dn_list. */
 static int
-remoteCheckDN (gnutls_x509_crt_t cert)
+remoteCheckDN (const char *dname)
 {
-    char name[256];
-    size_t namesize = sizeof name;
    char **wildcards;
-    int err;
-
-    err = gnutls_x509_crt_get_dn (cert, name, &namesize);
-    if (err != 0) {
-        VIR_ERROR(_("remoteCheckDN: gnutls_x509_cert_get_dn: %s"),
-                  gnutls_strerror (err));
-        return 0;
-    }

    /* If the list is not set, allow any DN. */
    wildcards = tls_allowed_dn_list;
@ -1136,62 +1122,62 @@ remoteCheckDN (gnutls_x509_crt_t cert)
        return 1;

    while (*wildcards) {
-        if (fnmatch (*wildcards, name, 0) == 0)
+        if (fnmatch (*wildcards, dname, 0) == 0)
            return 1;
        wildcards++;
    }

    /* Print the client's DN. */
-    DEBUG(_("remoteCheckDN: failed: client DN is %s"), name);
+    DEBUG(_("remoteCheckDN: failed: client DN is %s"), dname);

    return 0; // Not found.
 }

 static int
-remoteCheckCertificate (gnutls_session_t session)
+remoteCheckCertificate(struct qemud_client *client)
 {
    int ret;
    unsigned int status;
    const gnutls_datum_t *certs;
    unsigned int nCerts, i;
    time_t now;
+    char name[256];
+    size_t namesize = sizeof name;

-    if ((ret = gnutls_certificate_verify_peers2 (session, &status)) < 0){
-        VIR_ERROR(_("remoteCheckCertificate: verify failed: %s"),
+    memset(name, 0, namesize);
+
+    if ((ret = gnutls_certificate_verify_peers2 (client->tlssession, &status)) < 0){
+        VIR_ERROR(_("Failed to verify certificate peers: %s"),
                  gnutls_strerror (ret));
-        return -1;
+        goto authdeny;
    }

    if (status != 0) {
        if (status & GNUTLS_CERT_INVALID)
-            VIR_ERROR0(_("remoteCheckCertificate: "
-                         "the client certificate is not trusted."));
+            VIR_ERROR0(_("The client certificate is not trusted."));

        if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
-            VIR_ERROR0(_("remoteCheckCertificate: the client "
-                         "certificate has unknown issuer."));
+            VIR_ERROR0(_("The client certificate has unknown issuer."));

        if (status & GNUTLS_CERT_REVOKED)
-            VIR_ERROR0(_("remoteCheckCertificate: "
-                         "the client certificate has been revoked."));
+            VIR_ERROR0(_("The client certificate has been revoked."));

 #ifndef GNUTLS_1_0_COMPAT
        if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
-            VIR_ERROR0(_("remoteCheckCertificate: the client certificate"
-                         " uses an insecure algorithm."));
+            VIR_ERROR0(_("The client certificate uses an insecure algorithm."));
 #endif

-        return -1;
+        goto authdeny;
    }

-    if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) {
-        VIR_ERROR0(_("remoteCheckCertificate: certificate is not X.509"));
-        return -1;
+    if (gnutls_certificate_type_get(client->tlssession) != GNUTLS_CRT_X509) {
+        VIR_ERROR0(_("Only x509 certificates are supported"));
+        goto authdeny;
    }

-    if (!(certs = gnutls_certificate_get_peers(session, &nCerts))) {
-        VIR_ERROR0(_("remoteCheckCertificate: no peers"));
-        return -1;
+    if (!(certs = gnutls_certificate_get_peers(client->tlssession, &nCerts))) {
+        VIR_ERROR0(_("The certificate has no peers"));
+        goto authdeny;
    }

    now = time (NULL);
@ -1200,40 +1186,60 @@ remoteCheckCertificate (gnutls_session_t session)
        gnutls_x509_crt_t cert;

        if (gnutls_x509_crt_init (&cert) < 0) {
-            VIR_ERROR0(_("remoteCheckCertificate: gnutls_x509_crt_init failed"));
-            return -1;
+            VIR_ERROR0(_("Unable to initialize certificate"));
+            goto authfail;
        }

        if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
+            VIR_ERROR0(_("Unable to load certificate"));
            gnutls_x509_crt_deinit (cert);
-            return -1;
-        }
-
-        if (gnutls_x509_crt_get_expiration_time (cert) < now) {
-            VIR_ERROR0(_("remoteCheckCertificate: "
-                         "the client certificate has expired"));
-            gnutls_x509_crt_deinit (cert);
-            return -1;
-        }
-
-        if (gnutls_x509_crt_get_activation_time (cert) > now) {
-            VIR_ERROR0(_("remoteCheckCertificate: the client "
-                         "certificate is not yet activated"));
-            gnutls_x509_crt_deinit (cert);
-            return -1;
+            goto authfail;
        }

        if (i == 0) {
-            if (!remoteCheckDN (cert)) {
-                /* This is the most common error: make it informative. */
-                VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list).  Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
+            ret = gnutls_x509_crt_get_dn (cert, name, &namesize);
+            if (ret != 0) {
+                VIR_ERROR(_("Failed to get certificate distinguished name: %s"),
+                          gnutls_strerror(ret));
                gnutls_x509_crt_deinit (cert);
-                return -1;
+                goto authfail;
            }
+
+            if (!remoteCheckDN (name)) {
+                /* This is the most common error: make it informative. */
+                VIR_ERROR0(_("Client's Distinguished Name is not on the list "
+                             "of allowed clients (tls_allowed_dn_list).  Use "
+                             "'certtool -i --infile clientcert.pem' to view the"
+                             "Distinguished Name field in the client certificate,"
+                             "or run this daemon with --verbose option."));
+                gnutls_x509_crt_deinit (cert);
+                goto authdeny;
+            }
+        }
+
+        if (gnutls_x509_crt_get_expiration_time (cert) < now) {
+            VIR_ERROR0(_("The client certificate has expired"));
+            gnutls_x509_crt_deinit (cert);
+            goto authdeny;
+        }
+
+        if (gnutls_x509_crt_get_activation_time (cert) > now) {
+            VIR_ERROR0(_("The client certificate is not yet active"));
+            gnutls_x509_crt_deinit (cert);
+            goto authdeny;
        }
    }

+    PROBE(CLIENT_TLS_ALLOW, "fd=%d, name=%s", client->fd, (char *)name);
    return 0;
+
+authdeny:
+    PROBE(CLIENT_TLS_DENY, "fd=%d, name=%s", client->fd, (char *)name);
+    return -1;
+
+authfail:
+    PROBE(CLIENT_TLS_FAIL, "fd=%d", client->fd);
+    return -1;
 }

 /* Check the client's access. */
@ -1243,7 +1249,7 @@ remoteCheckAccess (struct qemud_client *client)
    struct qemud_client_message *confirm;

    /* Verify client certificate. */
-    if (remoteCheckCertificate (client->tlssession) == -1) {
+    if (remoteCheckCertificate (client) == -1) {
        VIR_ERROR0(_("remoteCheckCertificate: "
                     "failed to verify client's certificate"));
        if (!tls_no_verify_certificate) return -1;
@ -1299,13 +1305,14 @@ int qemudGetSocketIdentity(int fd, uid_t *uid, pid_t *pid) {

 static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket *sock) {
    int fd;
-    struct sockaddr_storage addr;
-    socklen_t addrlen = (socklen_t) (sizeof addr);
-    struct qemud_client *client;
+    virSocketAddr addr;
+    char *addrstr = NULL;
+    struct qemud_client *client = NULL;
    int no_slow_start = 1;
    int i;

-    if ((fd = accept(sock->fd, (struct sockaddr *)&addr, &addrlen)) < 0) {
+    addr.len = sizeof(addr.data.stor);
+    if ((fd = accept(sock->fd, &addr.data.sa, &addr.len)) < 0) {
        char ebuf[1024];
        if (errno == EAGAIN)
            return 0;
@ -1313,17 +1320,23 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
                  virStrerror(errno, ebuf, sizeof ebuf));
        return -1;
    }
+    if (!(addrstr = virSocketFormatAddrFull(&addr, true, ";"))) {
+        VIR_ERROR0(_("Failed to format addresss: out of memory"));
+        goto error;
+    }
+
+    PROBE(CLIENT_CONNECT, "fd=%d, readonly=%d localAddr=%s remoteAddr=%s",
+          fd, sock->readonly, sock->addrstr, addrstr);

    if (server->nclients >= max_clients) {
-        VIR_ERROR(_("Too many active clients (%d), dropping connection"), max_clients);
-        close(fd);
-        return -1;
+        VIR_ERROR(_("Too many active clients (%d), dropping connection from %s"),
+                  max_clients, addrstr);
+        goto error;
    }

    if (VIR_REALLOC_N(server->clients, server->nclients+1) < 0) {
        VIR_ERROR0(_("Out of memory allocating clients"));
-        close(fd);
-        return -1;
+        goto error;
    }

 #ifdef __sun
@ -1335,14 +1348,12 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
            (privs = ucred_getprivset (ucred, PRIV_EFFECTIVE)) == NULL) {
            if (ucred != NULL)
                ucred_free (ucred);
-            close (fd);
-            return -1;
+            goto error;
        }

        if (!priv_ismember (privs, PRIV_VIRT_MANAGE)) {
            ucred_free (ucred);
-            close (fd);
-            return -1;
+            goto error;
        }

        ucred_free (ucred);
@ -1355,16 +1366,14 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket

    if (virSetCloseExec(fd) < 0 ||
        virSetNonBlock(fd) < 0) {
-        close(fd);
-        return -1;
+        goto error;
    }

    if (VIR_ALLOC(client) < 0)
-        goto cleanup;
+        goto error;
    if (virMutexInit(&client->lock) < 0) {
        VIR_ERROR0(_("cannot initialize mutex"));
-        VIR_FREE(client);
-        goto cleanup;
+        goto error;
    }

    client->magic = QEMUD_CLIENT_MAGIC;
@ -1372,8 +1381,9 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
    client->readonly = sock->readonly;
    client->type = sock->type;
    client->auth = sock->auth;
-    memcpy (&client->addr, &addr, sizeof addr);
-    client->addrlen = addrlen;
+    client->addr = addr;
+    client->addrstr = addrstr;
+    addrstr = NULL;

    for (i = 0 ; i < VIR_DOMAIN_EVENT_ID_LAST ; i++) {
        client->domainEventCallbackID[i] = -1;
@ -1381,7 +1391,7 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket

    /* Prepare one for packet receive */
    if (VIR_ALLOC(client->rx) < 0)
-        goto cleanup;
+        goto error;
    client->rx->bufferLength = REMOTE_MESSAGE_HEADER_XDR_LEN;


@ -1395,11 +1405,12 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
        pid_t pid;

        if (qemudGetSocketIdentity(client->fd, &uid, &pid) < 0)
-            goto cleanup;
+            goto error;

        /* Client is running as root, so disable auth */
        if (uid == 0) {
-            VIR_INFO(_("Turn off polkit auth for privileged client %d"), pid);
+            VIR_INFO(_("Turn off polkit auth for privileged client pid %d from %s"),
+                     pid, addrstr);
            client->auth = REMOTE_AUTH_NONE;
        }
    }
@ -1408,13 +1419,13 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
    if (client->type != QEMUD_SOCK_TYPE_TLS) {
        /* Plain socket, so prepare to read first message */
        if (qemudRegisterClientEvent (server, client) < 0)
-            goto cleanup;
+            goto error;
    } else {
        int ret;

        client->tlssession = remoteInitializeTLSSession ();
        if (client->tlssession == NULL)
-            goto cleanup;
+            goto error;

        gnutls_transport_set_ptr (client->tlssession,
                                  (gnutls_transport_ptr_t) (long) fd);
@ -1426,21 +1437,22 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket

            /* Unlikely, but ...  Next step is to check the certificate. */
            if (remoteCheckAccess (client) == -1)
-                goto cleanup;
+                goto error;

            /* Handshake & cert check OK,  so prepare to read first message */
            if (qemudRegisterClientEvent(server, client) < 0)
-                goto cleanup;
+                goto error;
        } else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
            /* Most likely, need to do more handshake data */
            client->handshake = 1;

            if (qemudRegisterClientEvent (server, client) < 0)
-                goto cleanup;
+                goto error;
        } else {
-            VIR_ERROR(_("TLS handshake failed: %s"),
-                      gnutls_strerror (ret));
-            goto cleanup;
+            PROBE(CLIENT_TLS_FAIL, "fd=%d", client->fd);
+            VIR_ERROR(_("TLS handshake failed for client %s: %s"),
+                      addrstr, gnutls_strerror (ret));
+            goto error;
        }
    }

@ -1461,13 +1473,18 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket

    return 0;

- cleanup:
-    if (client &&
-        client->tlssession) gnutls_deinit (client->tlssession);
+error:
+    if (client) {
+        if (client->tlssession) gnutls_deinit (client->tlssession);
+        if (client) {
+            VIR_FREE(client->addrstr);
+            VIR_FREE(client->rx);
+        }
+        VIR_FREE(client);
+    }
+    VIR_FREE(addrstr);
    close (fd);
-    if (client)
-        VIR_FREE(client->rx);
-    VIR_FREE(client);
+    PROBE(CLIENT_DISCONNECT, "fd=%d", fd);
    return -1;
 }

@ -1511,9 +1528,11 @@ void qemudDispatchClientFailure(struct qemud_client *client) {
        client->tlssession = NULL;
    }
    if (client->fd != -1) {
+        PROBE(CLIENT_DISCONNECT, "fd=%d", client->fd);
        close(client->fd);
        client->fd = -1;
    }
+    VIR_FREE(client->addrstr);
 }


@ -2071,6 +2090,7 @@ qemudDispatchClientHandshake(struct qemud_client *client) {
           direction has changed */
        qemudUpdateClientEvent (client);
    } else {
+        PROBE(CLIENT_TLS_FAIL, "fd=%d", client->fd);
        /* Fatal error in handshake */
        VIR_ERROR(_("TLS handshake failed: %s"),
                  gnutls_strerror (ret));
@ -2431,6 +2451,7 @@ static void qemudCleanup(struct qemud_server *server) {
            sock->path[0] != '@')
            unlink(sock->path);
        VIR_FREE(sock->path);
+        VIR_FREE(sock->addrstr);

        VIR_FREE(sock);
        sock = next;
@ -2852,6 +2873,9 @@ remoteReadConfigFile (struct qemud_server *server, const char *filename)
    GET_CONF_INT (conf, filename, max_requests);
    GET_CONF_INT (conf, filename, max_client_requests);

+    GET_CONF_INT (conf, filename, audit_level);
+    GET_CONF_INT (conf, filename, audit_logging);
+
    GET_CONF_STR (conf, filename, host_uuid);
    if (virSetHostUUIDStr(host_uuid)) {
        VIR_ERROR(_("invalid host UUID: %s"), host_uuid);
@ -3192,6 +3216,16 @@ int main(int argc, char **argv) {
        goto error;
    }

+    if (audit_level) {
+        if (virAuditOpen() < 0) {
+            if (audit_level > 1) {
+                ret = VIR_DAEMON_ERR_AUDIT;
+                goto error;
+            }
+        }
+    }
+    virAuditLog(audit_logging);
+
    /* setup the hooks if any */
    if (virHookInitialize() < 0) {
        ret = VIR_DAEMON_ERR_HOOKS;
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@ -313,6 +313,25 @@
 # log_outputs="3:syslog:libvirtd"
 # to log all warnings and errors to syslog under the libvirtd ident

+
+##################################################################
+#
+# Auditing
+#
+# This setting allows usage of the auditing subsystem to be altered:
+#
+#   audit_level == 0  -> disable all auditing
+#   audit_level == 1  -> enable auditing, only if enabled on host (default)
+#   audit_level == 2  -> enable auditing, and exit if disabled on host
+#
+#audit_level = 2
+#
+# If set to 1, then audit messages will also be sent
+# via libvirt logging infrastructure. Defaults to 0
+#
+#audit_logging = 1
+
+###################################################################
 # UUID of the host:
 # Provide the UUID of the host here in case the command
 # 'dmidecode -s system-uuid' does not provide a valid uuid. In case
--- a/daemon/libvirtd.h
+++ b/daemon/libvirtd.h
@ -45,8 +45,27 @@
 # include <rpc/types.h>
 # include <rpc/xdr.h>
 # include "remote_protocol.h"
+# include "qemu_protocol.h"
 # include "logging.h"
 # include "threads.h"
+# include "network.h"
+
+# if WITH_DTRACE
+#  ifndef LIBVIRTD_PROBES_H
+#   define LIBVIRTD_PROBES_H
+#   include "probes.h"
+#  endif /* LIBVIRTD_PROBES_H */
+#  define PROBE(NAME, FMT, ...)                              \
+    VIR_DEBUG_INT("trace." __FILE__ , __func__, __LINE__,    \
+                  #NAME ": " FMT, __VA_ARGS__);              \
+    if (LIBVIRTD_ ## NAME ## _ENABLED()) {                   \
+        LIBVIRTD_ ## NAME(__VA_ARGS__);                      \
+    }
+# else
+#  define PROBE(NAME, FMT, ...)                              \
+    VIR_DEBUG_INT("trace." __FILE__, __func__, __LINE__,     \
+                  #NAME ": " FMT, __VA_ARGS__);
+# endif

 # ifdef __GNUC__
 #  ifdef HAVE_ANSIDECL_H
@ -179,8 +198,8 @@ struct qemud_client {
    unsigned int closing :1;
    int domainEventCallbackID[VIR_DOMAIN_EVENT_ID_LAST];

-    struct sockaddr_storage addr;
-    socklen_t addrlen;
+    virSocketAddr addr;
+    const char *addrstr;

    int type; /* qemud_sock_type */
    gnutls_session_t tlssession;
@ -234,12 +253,16 @@ struct qemud_client {

 struct qemud_socket {
    char *path;
+
+    virSocketAddr addr;
+    const char *addrstr;
+
    int fd;
    int watch;
    int readonly;
    int type; /* qemud_sock_type */
    int auth;
-    int port;
+
    struct qemud_socket *next;
 };

--- a/daemon/libvirtd.pod.in
+++ b/daemon/libvirtd.pod.in
@ -0,0 +1,168 @@
+=head1 NAME
+
+libvirtd - libvirtd management daemon
+
+=head1 SYNOPSIS
+
+B<libvirtd> [ -dlv ] [ -f config_file ] [ -p pid_file ] [ -t timeout_seconds ]
+
+B<libvirtd> --version
+
+=head1 DESCRIPTION
+
+The B<libvirtd> program is the server side daemon component of the libvirt
+virtualization management system.
+
+This daemon runs on host servers and performs required management tasks for
+virtualized guests.  This includes activities such as starting, stopping
+and migrating guests between host servers, configuring and manipulating
+networking, and managing storage for use by guests.
+
+The libvirt client libraries and utilities connect to this daemon to issue
+tasks and collect information about the configuration and resources of the host
+system and guests.
+
+By default, the libvirtd daemon listens for requests on a local Unix domain
+socket.  Using the B<-l>|B<--listen> command line option, the libvirtd daemon
+can be instructed to additionally listen on a TCP/IP socket.  The TCP/IP socket
+to use is defined in the libvirtd configuration file.
+
+Restarting libvirtd does not impact running guests.  Guests continue to operate
+and will be picked up automatically if their XML configuration has been
+defined.  Any guests whose XML configuration has not been defined will be lost
+from the configuration.
+
+=head1 OPTIONS
+
+=over
+
+=item B<-d, --daemon>
+
+Run as a daemon & write PID file.
+
+=item B<-f, --config> I<FILE>
+
+Use this configuration file, overriding the default value.
+
+=item B<-l, --listen>
+
+Listen for TCP/IP connections.
+
+=item B<-p, --pid-file> I<FILE>
+
+Use this name for the PID file, overriding the default value.
+
+=item B<-t, --timeout> I<SECONDS>
+
+Exit after timeout period (in seconds) expires.
+
+=item B<-v, --verbose>
+
+Enable output of verbose messages.
+
+=item B<    --version>
+
+Display version information then exit.
+
+=back
+
+=head1 SIGNALS
+
+On receipt of B<SIGHUP> libvirtd will reload its configuration.
+
+=head1 FILES
+
+=over
+
+=item F<@sysconfdir@/libvirtd.conf>
+
+The default configuration file used by libvirtd, unless overridden on the
+command line using the B<-f>|B<--config> option.
+
+=item F<@localstatedir@/run/libvirt/libvirt-sock>
+
+=item F<@localstatedir@/run/libvirt/libvirt-sock-ro>
+
+The sockets libvirtd will use when B<run as root>.
+
+=item F<$HOME/.libvirt/libvirt-sock>
+
+The socket libvirtd will use when run as a B<non-root> user.
+
+=item F<@sysconfdir@/pki/CA/cacert.pem>
+
+The TLS B<Certificate Authority> certificate libvirtd will use.
+
+=item F<@sysconfdir@/pki/libvirt/servercert.pem>
+
+The TLS B<Server> certificate libvirtd will use.
+
+=item F<@sysconfdir@/pki/libvirt/private/serverkey.pem>
+
+The TLS B<Server> private key libvirtd will use.
+
+=item F<@remote_pid_file@>
+
+The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
+
+=back
+
+=head1 EXAMPLES
+
+To retrieve the version of libvirtd:
+
+ # libvirtd --version
+ libvirtd (libvirt) 0.8.2
+ #
+
+To start libvirtd, instructing it to daemonize and create a PID file:
+
+ # libvirtd -d
+ # ls -la @remote_pid_file@
+ -rw-r--r-- 1 root root 6 Jul  9 02:40 @remote_pid_file@
+ #
+
+=head1 BUGS
+
+Please report all bugs you discover.  This should be done via either:
+
+=over
+
+=item a) the mailing list
+
+L<http://libvirt.org/contact.html>
+
+=item or,
+
+B<>
+
+=item b) the bug tracker
+
+L<http://libvirt.org/bugs.html>
+
+=item Alternatively, you may report bugs to your software distributor / vendor.
+
+=back
+
+=head1 AUTHORS
+
+Please refer to the AUTHORS file distributed with libvirt.
+
+=head1 COPYRIGHT
+
+Copyright (C) 2006-2010 Red Hat, Inc., and the authors listed in the
+libvirt AUTHORS file.
+
+=head1 LICENSE
+
+libvirtd is distributed under the terms of the GNU LGPL v2.1+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+=head1 SEE ALSO
+
+L<virsh(1)>, L<virt-install(1)>, L<virt-xml-validate(1)>, L<virt-top(1)>,
+L<virt-mem(1)>, L<virt-df(1)>, L<http://www.libvirt.org/>
+
+=cut
--- a/daemon/libvirtd.stp
+++ b/daemon/libvirtd.stp
@ -0,0 +1,65 @@
+probe libvirt.daemon.client.connect = process("libvirtd").mark("client_connect")
+{
+  fd = $arg1;
+  readonly = $arg2;
+  localAddr = user_string($arg3);
+  remoteAddr = user_string($arg4);
+}
+
+probe libvirt.daemon.client.disconnect = process("libvirtd").mark("client_disconnect")
+{
+  fd = $arg1;
+}
+
+
+probe libvirt.daemon.client.tls_allow = process("libvirtd").mark("client_tls_allow")
+{
+  fd = $arg1;
+  x509dname = user_string($arg2);
+}
+
+probe libvirt.daemon.client.tls_deny = process("libvirtd").mark("client_tls_deny")
+{
+  fd = $arg1;
+  x509dname = user_string($arg2);
+}
+
+probe libvirt.daemon.client.tls_fail = process("libvirtd").mark("client_tls_fail")
+{
+  fd = $arg1;
+}
+
+
+function authtype_to_string(authtype) {
+  if (authtype == 0)
+    return "none"
+  if (authtype == 1)
+    return "sasl"
+  if (authtype == 2)
+    return "polkit"
+  return "unknown"
+}
+
+
+probe libvirt.daemon.client.auth_allow = process("libvirtd").mark("client_auth_allow")
+{
+  fd = $arg1;
+  authtype = $arg2;
+  authname = authtype_to_string($arg2);
+  identity = user_string($arg3);
+}
+
+probe libvirt.daemon.client.auth_deny = process("libvirtd").mark("client_auth_deny")
+{
+  fd = $arg1;
+  authtype = $arg2;
+  authname = authtype_to_string($arg2);
+  identity = user_string($arg3);
+}
+
+probe libvirt.daemon.client.auth_fail = process("libvirtd").mark("client_auth_fail")
+{
+  fd = $arg1;
+  authtype = $arg2;
+  authname = authtype_to_string($arg2);
+}
--- a/daemon/probes.d
+++ b/daemon/probes.d
@ -0,0 +1,12 @@
+provider libvirtd {
+	 probe client_connect(int fd, int readonly, const char *localAddr, const char *remoteAddr);
+	 probe client_disconnect(int fd);
+
+	 probe client_auth_allow(int fd, int authtype, const char *identity);
+	 probe client_auth_deny(int fd, int authtype, const char *identity);
+	 probe client_auth_fail(int fd, int authtype);
+
+	 probe client_tls_allow(int fd, const char *x509dname);
+	 probe client_tls_deny(int fd, const char *x509dname);
+	 probe client_tls_fail(int fd);
+};
--- a/daemon/qemu_dispatch_args.h
+++ b/daemon/qemu_dispatch_args.h
@ -0,0 +1,5 @@
+/* Automatically generated by remote_generate_stubs.pl.
+ * Do not edit this file.  Any changes you make will be lost.
+ */
+
+    qemu_monitor_command_args val_qemu_monitor_command_args;
--- a/daemon/qemu_dispatch_prototypes.h
+++ b/daemon/qemu_dispatch_prototypes.h
@ -0,0 +1,12 @@
+/* Automatically generated by remote_generate_stubs.pl.
+ * Do not edit this file.  Any changes you make will be lost.
+ */
+
+static int qemuDispatchMonitorCommand(
+    struct qemud_server *server,
+    struct qemud_client *client,
+    virConnectPtr conn,
+    remote_message_header *hdr,
+    remote_error *err,
+    qemu_monitor_command_args *args,
+    qemu_monitor_command_ret *ret);
--- a/daemon/qemu_dispatch_ret.h
+++ b/daemon/qemu_dispatch_ret.h
@ -0,0 +1,5 @@
+/* Automatically generated by remote_generate_stubs.pl.
+ * Do not edit this file.  Any changes you make will be lost.
+ */
+
+    qemu_monitor_command_ret val_qemu_monitor_command_ret;
--- a/daemon/qemu_dispatch_table.h
+++ b/daemon/qemu_dispatch_table.h
@ -0,0 +1,14 @@
+/* Automatically generated by remote_generate_stubs.pl.
+ * Do not edit this file.  Any changes you make will be lost.
+ */
+
+{   /* (unused) => 0 */
+    .fn = NULL,
+    .args_filter = (xdrproc_t) xdr_void,
+    .ret_filter = (xdrproc_t) xdr_void,
+},
+{   /* MonitorCommand => 1 */
+    .fn = (dispatch_fn) qemuDispatchMonitorCommand,
+    .args_filter = (xdrproc_t) xdr_qemu_monitor_command_args,
+    .ret_filter = (xdrproc_t) xdr_qemu_monitor_command_ret,
+},
--- a/daemon/remote.c
+++ b/daemon/remote.c
@ -57,6 +57,9 @@
 #include "memory.h"
 #include "util.h"
 #include "stream.h"
+#include "uuid.h"
+#include "network.h"
+#include "libvirt/libvirt-qemu.h"

 #define VIR_FROM_THIS VIR_FROM_REMOTE
 #define REMOTE_DEBUG(fmt, ...) DEBUG(fmt, __VA_ARGS__)
@ -81,11 +84,16 @@ static void make_nonnull_domain_snapshot (remote_nonnull_domain_snapshot *snapsh


 #include "remote_dispatch_prototypes.h"
+#include "qemu_dispatch_prototypes.h"

 static const dispatch_data const dispatch_table[] = {
 #include "remote_dispatch_table.h"
 };

+static const dispatch_data const qemu_dispatch_table[] = {
+#include "qemu_dispatch_table.h"
+};
+
 const dispatch_data const *remoteGetDispatchData(int proc)
 {
    if (proc >= ARRAY_CARDINALITY(dispatch_table) ||
@ -96,6 +104,16 @@ const dispatch_data const *remoteGetDispatchData(int proc)
    return &(dispatch_table[proc]);
 }

+const dispatch_data const *qemuGetDispatchData(int proc)
+{
+    if (proc >= ARRAY_CARDINALITY(qemu_dispatch_table) ||
+        qemu_dispatch_table[proc].fn == NULL) {
+        return NULL;
+    }
+
+    return &(qemu_dispatch_table[proc]);
+}
+
 /* Prototypes */
 static void
 remoteDispatchDomainEventSend (struct qemud_client *client,
@ -1734,6 +1752,33 @@ oom:
    return -1;
 }

+static int
+remoteDispatchDomainGetVcpusFlags (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client ATTRIBUTE_UNUSED,
+                                   virConnectPtr conn,
+                                   remote_message_header *hdr ATTRIBUTE_UNUSED,
+                                   remote_error *rerr,
+                                   remote_domain_get_vcpus_flags_args *args,
+                                   remote_domain_get_vcpus_flags_ret *ret)
+{
+    virDomainPtr dom;
+
+    dom = get_nonnull_domain (conn, args->dom);
+    if (dom == NULL) {
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+
+    ret->num = virDomainGetVcpusFlags (dom, args->flags);
+    if (ret->num == -1) {
+        virDomainFree(dom);
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+    virDomainFree(dom);
+    return 0;
+}
+
 static int
 remoteDispatchDomainMigratePrepare (struct qemud_server *server ATTRIBUTE_UNUSED,
                                    struct qemud_client *client ATTRIBUTE_UNUSED,
@ -2315,6 +2360,216 @@ remoteDispatchDomainSetMemory (struct qemud_server *server ATTRIBUTE_UNUSED,
    return 0;
 }

+static int
+remoteDispatchDomainSetMemoryParameters(struct qemud_server *server
+                                        ATTRIBUTE_UNUSED,
+                                        struct qemud_client *client
+                                        ATTRIBUTE_UNUSED,
+                                        virConnectPtr conn,
+                                        remote_message_header *
+                                        hdr ATTRIBUTE_UNUSED,
+                                        remote_error * rerr,
+                                        remote_domain_set_memory_parameters_args
+                                        * args, void *ret ATTRIBUTE_UNUSED)
+{
+    virDomainPtr dom;
+    int i, r, nparams;
+    virMemoryParameterPtr params;
+    unsigned int flags;
+
+    nparams = args->params.params_len;
+    flags = args->flags;
+
+    if (nparams > REMOTE_DOMAIN_MEMORY_PARAMETERS_MAX) {
+        remoteDispatchFormatError(rerr, "%s", _("nparams too large"));
+        return -1;
+    }
+    if (VIR_ALLOC_N(params, nparams) < 0) {
+        remoteDispatchOOMError(rerr);
+        return -1;
+    }
+
+    /* Deserialise parameters. */
+    for (i = 0; i < nparams; ++i) {
+        if (virStrcpyStatic
+            (params[i].field, args->params.params_val[i].field) == NULL) {
+            remoteDispatchFormatError(rerr,
+                                      _
+                                      ("Field %s too big for destination"),
+                                      args->params.params_val[i].field);
+            return -1;
+        }
+        params[i].type = args->params.params_val[i].value.type;
+        switch (params[i].type) {
+            case VIR_DOMAIN_MEMORY_PARAM_INT:
+                params[i].value.i =
+                    args->params.params_val[i].value.
+                    remote_memory_param_value_u.i;
+                break;
+            case VIR_DOMAIN_MEMORY_PARAM_UINT:
+                params[i].value.ui =
+                    args->params.params_val[i].value.
+                    remote_memory_param_value_u.ui;
+                break;
+            case VIR_DOMAIN_MEMORY_PARAM_LLONG:
+                params[i].value.l =
+                    args->params.params_val[i].value.
+                    remote_memory_param_value_u.l;
+                break;
+            case VIR_DOMAIN_MEMORY_PARAM_ULLONG:
+                params[i].value.ul =
+                    args->params.params_val[i].value.
+                    remote_memory_param_value_u.ul;
+                break;
+            case VIR_DOMAIN_MEMORY_PARAM_DOUBLE:
+                params[i].value.d =
+                    args->params.params_val[i].value.
+                    remote_memory_param_value_u.d;
+                break;
+            case VIR_DOMAIN_MEMORY_PARAM_BOOLEAN:
+                params[i].value.b =
+                    args->params.params_val[i].value.
+                    remote_memory_param_value_u.b;
+                break;
+        }
+    }
+
+    dom = get_nonnull_domain(conn, args->dom);
+    if (dom == NULL) {
+        VIR_FREE(params);
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+
+    r = virDomainSetMemoryParameters(dom, params, nparams, flags);
+    virDomainFree(dom);
+    VIR_FREE(params);
+    if (r == -1) {
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+
+    return 0;
+}
+
+static int
+remoteDispatchDomainGetMemoryParameters(struct qemud_server *server
+                                        ATTRIBUTE_UNUSED,
+                                        struct qemud_client *client
+                                        ATTRIBUTE_UNUSED,
+                                        virConnectPtr conn,
+                                        remote_message_header *
+                                        hdr ATTRIBUTE_UNUSED,
+                                        remote_error * rerr,
+                                        remote_domain_get_memory_parameters_args
+                                        * args,
+                                        remote_domain_get_memory_parameters_ret
+                                        * ret)
+{
+    virDomainPtr dom;
+    virMemoryParameterPtr params;
+    int i, r, nparams;
+    unsigned int flags;
+
+    nparams = args->nparams;
+    flags = args->flags;
+
+    if (nparams > REMOTE_DOMAIN_MEMORY_PARAMETERS_MAX) {
+        remoteDispatchFormatError(rerr, "%s", _("nparams too large"));
+        return -1;
+    }
+    if (VIR_ALLOC_N(params, nparams) < 0) {
+        remoteDispatchOOMError(rerr);
+        return -1;
+    }
+
+    dom = get_nonnull_domain(conn, args->dom);
+    if (dom == NULL) {
+        VIR_FREE(params);
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+
+    r = virDomainGetMemoryParameters(dom, params, &nparams, flags);
+    if (r == -1) {
+        virDomainFree(dom);
+        VIR_FREE(params);
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+    /* In this case, we need to send back the number of parameters
+     * supported
+     */
+    if (args->nparams == 0) {
+        ret->nparams = nparams;
+        goto success;
+    }
+
+    /* Serialise the memory parameters. */
+    ret->params.params_len = nparams;
+    if (VIR_ALLOC_N(ret->params.params_val, nparams) < 0)
+        goto oom;
+
+    for (i = 0; i < nparams; ++i) {
+        // remoteDispatchClientRequest will free this:
+        ret->params.params_val[i].field = strdup(params[i].field);
+        if (ret->params.params_val[i].field == NULL)
+            goto oom;
+
+        ret->params.params_val[i].value.type = params[i].type;
+        switch (params[i].type) {
+            case VIR_DOMAIN_MEMORY_PARAM_INT:
+                ret->params.params_val[i].
+                    value.remote_memory_param_value_u.i =
+                    params[i].value.i;
+                break;
+            case VIR_DOMAIN_MEMORY_PARAM_UINT:
+                ret->params.params_val[i].
+                    value.remote_memory_param_value_u.ui =
+                    params[i].value.ui;
+                break;
+            case VIR_DOMAIN_MEMORY_PARAM_LLONG:
+                ret->params.params_val[i].
+                    value.remote_memory_param_value_u.l =
+                    params[i].value.l;
+                break;
+            case VIR_DOMAIN_MEMORY_PARAM_ULLONG:
+                ret->params.params_val[i].
+                    value.remote_memory_param_value_u.ul =
+                    params[i].value.ul;
+                break;
+            case VIR_DOMAIN_MEMORY_PARAM_DOUBLE:
+                ret->params.params_val[i].
+                    value.remote_memory_param_value_u.d =
+                    params[i].value.d;
+                break;
+            case VIR_DOMAIN_MEMORY_PARAM_BOOLEAN:
+                ret->params.params_val[i].
+                    value.remote_memory_param_value_u.b =
+                    params[i].value.b;
+                break;
+            default:
+                remoteDispatchFormatError(rerr, "%s", _("unknown type"));
+                goto cleanup;
+        }
+    }
+
+  success:
+    virDomainFree(dom);
+    VIR_FREE(params);
+
+    return 0;
+
+  oom:
+    remoteDispatchOOMError(rerr);
+  cleanup:
+    virDomainFree(dom);
+    for (i = 0; i < nparams; i++)
+        VIR_FREE(ret->params.params_val[i].field);
+    VIR_FREE(params);
+    return -1;
+}
+
 static int
 remoteDispatchDomainSetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
                              struct qemud_client *client ATTRIBUTE_UNUSED,
@ -2341,6 +2596,32 @@ remoteDispatchDomainSetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
    return 0;
 }

+static int
+remoteDispatchDomainSetVcpusFlags (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client ATTRIBUTE_UNUSED,
+                                   virConnectPtr conn,
+                                   remote_message_header *hdr ATTRIBUTE_UNUSED,
+                                   remote_error *rerr,
+                                   remote_domain_set_vcpus_flags_args *args,
+                                   void *ret ATTRIBUTE_UNUSED)
+{
+    virDomainPtr dom;
+
+    dom = get_nonnull_domain (conn, args->dom);
+    if (dom == NULL) {
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+
+    if (virDomainSetVcpusFlags (dom, args->nvcpus, args->flags) == -1) {
+        virDomainFree(dom);
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+    virDomainFree(dom);
+    return 0;
+}
+
 static int
 remoteDispatchDomainShutdown (struct qemud_server *server ATTRIBUTE_UNUSED,
                              struct qemud_client *client ATTRIBUTE_UNUSED,
@ -3237,49 +3518,6 @@ remoteDispatchAuthList (struct qemud_server *server,


 #if HAVE_SASL
-/*
- * NB, keep in sync with similar method in src/remote/remote_driver.c
- */
-static char *addrToString(remote_error *rerr,
-                          struct sockaddr_storage *ss, socklen_t salen) {
-    char host[NI_MAXHOST], port[NI_MAXSERV];
-    char *addr;
-    int err;
-    struct sockaddr *sa = (struct sockaddr *)ss;
-
-    if ((err = getnameinfo(sa, salen,
-                           host, sizeof(host),
-                           port, sizeof(port),
-                           NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
-        char ip[INET6_ADDRSTRLEN];
-        void *rawaddr;
-
-        if (sa->sa_family == AF_INET)
-            rawaddr = &((struct sockaddr_in *)sa)->sin_addr;
-        else
-            rawaddr = &((struct sockaddr_in6 *)sa)->sin6_addr;
-
-        if (inet_ntop(sa->sa_family, rawaddr, ip, sizeof ip)) {
-            remoteDispatchFormatError(rerr,
-                                      _("Cannot resolve address %s: %s"),
-                                      ip, gai_strerror(err));
-        } else {
-            remoteDispatchFormatError(rerr,
-                                      _("Cannot resolve address: %s"),
-                                      gai_strerror(err));
-        }
-        return NULL;
-    }
-
-    if (virAsprintf(&addr, "%s;%s", host, port) == -1) {
-        virReportOOMError();
-        return NULL;
-    }
-
-    return addr;
-}
-
-
 /*
 * Initializes the SASL session in prepare for authentication
 * and gives the client a list of allowed mechanisms to choose
@ -3289,7 +3527,7 @@ static char *addrToString(remote_error *rerr,
 static int
 remoteDispatchAuthSaslInit (struct qemud_server *server,
                            struct qemud_client *client,
-                            virConnectPtr conn ATTRIBUTE_UNUSED,
+                            virConnectPtr conn,
                            remote_message_header *hdr ATTRIBUTE_UNUSED,
                            remote_error *rerr,
                            void *args ATTRIBUTE_UNUSED,
@ -3298,8 +3536,7 @@ remoteDispatchAuthSaslInit (struct qemud_server *server,
    const char *mechlist = NULL;
    sasl_security_properties_t secprops;
    int err;
-    struct sockaddr_storage sa;
-    socklen_t salen;
+    virSocketAddr sa;
    char *localAddr, *remoteAddr;

    virMutexLock(&server->lock);
@ -3314,29 +3551,31 @@ remoteDispatchAuthSaslInit (struct qemud_server *server,
    }

    /* Get local address in form  IPADDR:PORT */
-    salen = sizeof(sa);
-    if (getsockname(client->fd, (struct sockaddr*)&sa, &salen) < 0) {
+    sa.len = sizeof(sa.data.stor);
+    if (getsockname(client->fd, &sa.data.sa, &sa.len) < 0) {
        char ebuf[1024];
        remoteDispatchFormatError(rerr,
                                  _("failed to get sock address: %s"),
                                  virStrerror(errno, ebuf, sizeof ebuf));
        goto error;
    }
-    if ((localAddr = addrToString(rerr, &sa, salen)) == NULL) {
+    if ((localAddr = virSocketFormatAddrFull(&sa, true, ";")) == NULL) {
+        remoteDispatchConnError(rerr, conn);
        goto error;
    }

    /* Get remote address in form  IPADDR:PORT */
-    salen = sizeof(sa);
-    if (getpeername(client->fd, (struct sockaddr*)&sa, &salen) < 0) {
+    sa.len = sizeof(sa.data.stor);
+    if (getpeername(client->fd, &sa.data.sa, &sa.len) < 0) {
        char ebuf[1024];
        remoteDispatchFormatError(rerr, _("failed to get peer address: %s"),
                                  virStrerror(errno, ebuf, sizeof ebuf));
        VIR_FREE(localAddr);
        goto error;
    }
-    if ((remoteAddr = addrToString(rerr, &sa, salen)) == NULL) {
+    if ((remoteAddr = virSocketFormatAddrFull(&sa, true, ";")) == NULL) {
        VIR_FREE(localAddr);
+        remoteDispatchConnError(rerr, conn);
        goto error;
    }

@ -3438,13 +3677,16 @@ remoteDispatchAuthSaslInit (struct qemud_server *server,
 authfail:
    remoteDispatchAuthError(rerr);
 error:
+    PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
    virMutexUnlock(&client->lock);
    return -1;
 }


 /* We asked for an SSF layer, so sanity check that we actually
- * got what we asked for */
+ * got what we asked for
+ * Returns 0 if ok, -1 on error, -2 if rejected
+ */
 static int
 remoteSASLCheckSSF (struct qemud_client *client,
                    remote_error *rerr) {
@ -3471,7 +3713,7 @@ remoteSASLCheckSSF (struct qemud_client *client,
        remoteDispatchAuthError(rerr);
        sasl_dispose(&client->saslconn);
        client->saslconn = NULL;
-        return -1;
+        return -2;
    }

    /* Only setup for read initially, because we're about to send an RPC
@ -3486,6 +3728,9 @@ remoteSASLCheckSSF (struct qemud_client *client,
    return 0;
 }

+/*
+ * Returns 0 if ok, -1 on error, -2 if rejected
+ */
 static int
 remoteSASLCheckAccess (struct qemud_server *server,
                       struct qemud_client *client,
@ -3537,7 +3782,7 @@ remoteSASLCheckAccess (struct qemud_server *server,
    remoteDispatchAuthError(rerr);
    sasl_dispose(&client->saslconn);
    client->saslconn = NULL;
-    return -1;
+    return -2;
 }


@ -3609,14 +3854,18 @@ remoteDispatchAuthSaslStart (struct qemud_server *server,
    if (err == SASL_CONTINUE) {
        ret->complete = 0;
    } else {
-        if (remoteSASLCheckSSF(client, rerr) < 0)
-            goto error;
-
        /* Check username whitelist ACL */
-        if (remoteSASLCheckAccess(server, client, rerr) < 0)
-            goto error;
+        if ((err = remoteSASLCheckAccess(server, client, rerr)) < 0 ||
+            (err = remoteSASLCheckSSF(client, rerr)) < 0) {
+            if (err == -2)
+                goto authdeny;
+            else
+                goto authfail;
+        }

        REMOTE_DEBUG("Authentication successful %d", client->fd);
+        PROBE(CLIENT_AUTH_ALLOW, "fd=%d, auth=%d, username=%s",
+              client->fd, REMOTE_AUTH_SASL, client->saslUsername);
        ret->complete = 1;
        client->auth = REMOTE_AUTH_NONE;
    }
@ -3625,7 +3874,15 @@ remoteDispatchAuthSaslStart (struct qemud_server *server,
    return 0;

 authfail:
+    PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
    remoteDispatchAuthError(rerr);
+    goto error;
+
+authdeny:
+    PROBE(CLIENT_AUTH_DENY, "fd=%d, auth=%d, username=%s",
+          client->fd, REMOTE_AUTH_SASL, client->saslUsername);
+    goto error;
+
 error:
    virMutexUnlock(&client->lock);
    return -1;
@ -3698,14 +3955,18 @@ remoteDispatchAuthSaslStep (struct qemud_server *server,
    if (err == SASL_CONTINUE) {
        ret->complete = 0;
    } else {
-        if (remoteSASLCheckSSF(client, rerr) < 0)
-            goto error;
-
        /* Check username whitelist ACL */
-        if (remoteSASLCheckAccess(server, client, rerr) < 0)
-            goto error;
+        if ((err = remoteSASLCheckAccess(server, client, rerr)) < 0 ||
+            (err = remoteSASLCheckSSF(client, rerr)) < 0) {
+            if (err == -2)
+                goto authdeny;
+            else
+                goto authfail;
+        }

        REMOTE_DEBUG("Authentication successful %d", client->fd);
+        PROBE(CLIENT_AUTH_ALLOW, "fd=%d, auth=%d, username=%s",
+              client->fd, REMOTE_AUTH_SASL, client->saslUsername);
        ret->complete = 1;
        client->auth = REMOTE_AUTH_NONE;
    }
@ -3714,7 +3975,15 @@ remoteDispatchAuthSaslStep (struct qemud_server *server,
    return 0;

 authfail:
+    PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
    remoteDispatchAuthError(rerr);
+    goto error;
+
+authdeny:
+    PROBE(CLIENT_AUTH_DENY, "fd=%d, auth=%d, username=%s",
+          client->fd, REMOTE_AUTH_SASL, client->saslUsername);
+    goto error;
+
 error:
    virMutexUnlock(&client->lock);
    return -1;
@ -3732,6 +4001,7 @@ remoteDispatchAuthSaslInit (struct qemud_server *server ATTRIBUTE_UNUSED,
                            remote_auth_sasl_init_ret *ret ATTRIBUTE_UNUSED)
 {
    VIR_ERROR0(_("client tried unsupported SASL init request"));
+    PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
    remoteDispatchAuthError(rerr);
    return -1;
 }
@ -3746,6 +4016,7 @@ remoteDispatchAuthSaslStart (struct qemud_server *server ATTRIBUTE_UNUSED,
                             remote_auth_sasl_start_ret *ret ATTRIBUTE_UNUSED)
 {
    VIR_ERROR0(_("client tried unsupported SASL start request"));
+    PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
    remoteDispatchAuthError(rerr);
    return -1;
 }
@ -3760,6 +4031,7 @@ remoteDispatchAuthSaslStep (struct qemud_server *server ATTRIBUTE_UNUSED,
                            remote_auth_sasl_step_ret *ret ATTRIBUTE_UNUSED)
 {
    VIR_ERROR0(_("client tried unsupported SASL step request"));
+    PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_SASL);
    remoteDispatchAuthError(rerr);
    return -1;
 }
@ -3776,13 +4048,16 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
                          void *args ATTRIBUTE_UNUSED,
                          remote_auth_polkit_ret *ret)
 {
-    pid_t callerPid;
-    uid_t callerUid;
+    pid_t callerPid = -1;
+    uid_t callerUid = -1;
    const char *action;
    int status = -1;
    char pidbuf[50];
+    char ident[100];
    int rv;

+    memset(ident, 0, sizeof ident);
+
    virMutexLock(&server->lock);
    virMutexLock(&client->lock);
    virMutexUnlock(&server->lock);
@ -3818,6 +4093,12 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
        goto authfail;
    }

+    rv = snprintf(ident, sizeof ident, "pid:%d,uid:%d", callerPid, callerUid);
+    if (rv < 0 || rv >= sizeof ident) {
+        VIR_ERROR(_("Caller identity was too large %d:%d"), callerPid, callerUid);
+        goto authfail;
+    }
+
    if (virRun(pkcheck, &status) < 0) {
        VIR_ERROR(_("Cannot invoke %s"), PKCHECK_PATH);
        goto authfail;
@ -3825,8 +4106,10 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
    if (status != 0) {
        VIR_ERROR(_("Policy kit denied action %s from pid %d, uid %d, result: %d"),
                  action, callerPid, callerUid, status);
-        goto authfail;
+        goto authdeny;
    }
+    PROBE(CLIENT_AUTH_ALLOW, "fd=%d, auth=%d, username=%s",
+          client->fd, REMOTE_AUTH_POLKIT, (char *)ident);
    VIR_INFO(_("Policy allowed action %s from pid %d, uid %d"),
             action, callerPid, callerUid);
    ret->complete = 1;
@ -3836,6 +4119,15 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
    return 0;

 authfail:
+    PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_POLKIT);
+    goto error;
+
+authdeny:
+    PROBE(CLIENT_AUTH_DENY, "fd=%d, auth=%d, username=%s",
+          client->fd, REMOTE_AUTH_POLKIT, (char *)ident);
+    goto error;
+
+error:
    remoteDispatchAuthError(rerr);
    virMutexUnlock(&client->lock);
    return -1;
@ -3859,6 +4151,9 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
    PolKitResult pkresult;
    DBusError err;
    const char *action;
+    char ident[100];
+
+    memset(ident, 0, sizeof ident);

    virMutexLock(&server->lock);
    virMutexLock(&client->lock);
@ -3879,6 +4174,12 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
        goto authfail;
    }

+    rv = snprintf(ident, sizeof ident, "pid:%d,uid:%d", callerPid, callerUid);
+    if (rv < 0 || rv >= sizeof ident) {
+        VIR_ERROR(_("Caller identity was too large %d:%d"), callerPid, callerUid);
+        goto authfail;
+    }
+
    VIR_INFO(_("Checking PID %d running as %d"), callerPid, callerUid);
    dbus_error_init(&err);
    if (!(pkcaller = polkit_caller_new_from_pid(server->sysbus,
@ -3935,8 +4236,10 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
        VIR_ERROR(_("Policy kit denied action %s from pid %d, uid %d, result: %s"),
                  action, callerPid, callerUid,
                  polkit_result_to_string_representation(pkresult));
-        goto authfail;
+        goto authdeny;
    }
+    PROBE(CLIENT_AUTH_ALLOW, "fd=%d, auth=%d, username=%s",
+          client->fd, REMOTE_AUTH_POLKIT, ident);
    VIR_INFO(_("Policy allowed action %s from pid %d, uid %d, result %s"),
             action, callerPid, callerUid,
             polkit_result_to_string_representation(pkresult));
@ -3947,6 +4250,15 @@ remoteDispatchAuthPolkit (struct qemud_server *server,
    return 0;

 authfail:
+    PROBE(CLIENT_AUTH_FAIL, "fd=%d, auth=%d", client->fd, REMOTE_AUTH_POLKIT);
+    goto error;
+
+authdeny:
+    PROBE(CLIENT_AUTH_DENY, "fd=%d, auth=%d, username=%s",
+          client->fd, REMOTE_AUTH_POLKIT, ident);
+    goto error;
+
+error:
    remoteDispatchAuthError(rerr);
    virMutexUnlock(&client->lock);
    return -1;
@ -6564,6 +6876,35 @@ remoteDispatchDomainGetBlockInfo (struct qemud_server *server ATTRIBUTE_UNUSED,
    return 0;
 }

+static int
+qemuDispatchMonitorCommand (struct qemud_server *server ATTRIBUTE_UNUSED,
+                            struct qemud_client *client ATTRIBUTE_UNUSED,
+                            virConnectPtr conn,
+                            remote_message_header *hdr ATTRIBUTE_UNUSED,
+                            remote_error *rerr,
+                            qemu_monitor_command_args *args,
+                            qemu_monitor_command_ret *ret)
+{
+    virDomainPtr domain;
+
+    domain = get_nonnull_domain(conn, args->domain);
+    if (domain == NULL) {
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+
+    if (virDomainQemuMonitorCommand(domain, args->cmd, &ret->result,
+                                    args->flags) == -1) {
+        virDomainFree(domain);
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+
+    virDomainFree(domain);
+
+    return 0;
+}
+

 /*----- Helpers. -----*/

--- a/daemon/remote.h
+++ b/daemon/remote.h
@ -30,11 +30,22 @@
 typedef union {
 # include "remote_dispatch_args.h"
 } dispatch_args;
+verify(sizeof(dispatch_args) > 0);

 typedef union {
 # include "remote_dispatch_ret.h"
 } dispatch_ret;
+verify(sizeof(dispatch_ret) > 0);

+typedef union {
+# include "qemu_dispatch_args.h"
+} qemu_dispatch_args;
+verify(sizeof(qemu_dispatch_args) > 0);
+
+typedef union {
+# include "qemu_dispatch_ret.h"
+} qemu_dispatch_ret;
+verify(sizeof(qemu_dispatch_ret) > 0);



@ -67,6 +78,7 @@ typedef struct {


 const dispatch_data const *remoteGetDispatchData(int proc);
+const dispatch_data const *qemuGetDispatchData(int proc);



--- a/daemon/remote_dispatch_args.h
+++ b/daemon/remote_dispatch_args.h
@ -165,3 +165,7 @@
    remote_domain_snapshot_delete_args val_remote_domain_snapshot_delete_args;
    remote_domain_get_block_info_args val_remote_domain_get_block_info_args;
    remote_domain_create_with_flags_args val_remote_domain_create_with_flags_args;
+    remote_domain_set_memory_parameters_args val_remote_domain_set_memory_parameters_args;
+    remote_domain_get_memory_parameters_args val_remote_domain_get_memory_parameters_args;
+    remote_domain_set_vcpus_flags_args val_remote_domain_set_vcpus_flags_args;
+    remote_domain_get_vcpus_flags_args val_remote_domain_get_vcpus_flags_args;
--- a/daemon/remote_dispatch_prototypes.h
+++ b/daemon/remote_dispatch_prototypes.h
@ -258,6 +258,14 @@ static int remoteDispatchDomainGetMaxVcpus(
    remote_error *err,
    remote_domain_get_max_vcpus_args *args,
    remote_domain_get_max_vcpus_ret *ret);
+static int remoteDispatchDomainGetMemoryParameters(
+    struct qemud_server *server,
+    struct qemud_client *client,
+    virConnectPtr conn,
+    remote_message_header *hdr,
+    remote_error *err,
+    remote_domain_get_memory_parameters_args *args,
+    remote_domain_get_memory_parameters_ret *ret);
 static int remoteDispatchDomainGetOsType(
    struct qemud_server *server,
    struct qemud_client *client,
@ -298,6 +306,14 @@ static int remoteDispatchDomainGetVcpus(
    remote_error *err,
    remote_domain_get_vcpus_args *args,
    remote_domain_get_vcpus_ret *ret);
+static int remoteDispatchDomainGetVcpusFlags(
+    struct qemud_server *server,
+    struct qemud_client *client,
+    virConnectPtr conn,
+    remote_message_header *hdr,
+    remote_error *err,
+    remote_domain_get_vcpus_flags_args *args,
+    remote_domain_get_vcpus_flags_ret *ret);
 static int remoteDispatchDomainHasCurrentSnapshot(
    struct qemud_server *server,
    struct qemud_client *client,
@ -522,6 +538,14 @@ static int remoteDispatchDomainSetMemory(
    remote_error *err,
    remote_domain_set_memory_args *args,
    void *ret);
+static int remoteDispatchDomainSetMemoryParameters(
+    struct qemud_server *server,
+    struct qemud_client *client,
+    virConnectPtr conn,
+    remote_message_header *hdr,
+    remote_error *err,
+    remote_domain_set_memory_parameters_args *args,
+    void *ret);
 static int remoteDispatchDomainSetSchedulerParameters(
    struct qemud_server *server,
    struct qemud_client *client,
@ -538,6 +562,14 @@ static int remoteDispatchDomainSetVcpus(
    remote_error *err,
    remote_domain_set_vcpus_args *args,
    void *ret);
+static int remoteDispatchDomainSetVcpusFlags(
+    struct qemud_server *server,
+    struct qemud_client *client,
+    virConnectPtr conn,
+    remote_message_header *hdr,
+    remote_error *err,
+    remote_domain_set_vcpus_flags_args *args,
+    void *ret);
 static int remoteDispatchDomainShutdown(
    struct qemud_server *server,
    struct qemud_client *client,
--- a/daemon/remote_dispatch_ret.h
+++ b/daemon/remote_dispatch_ret.h
@ -135,3 +135,5 @@
    remote_domain_snapshot_current_ret val_remote_domain_snapshot_current_ret;
    remote_domain_get_block_info_ret val_remote_domain_get_block_info_ret;
    remote_domain_create_with_flags_ret val_remote_domain_create_with_flags_ret;
+    remote_domain_get_memory_parameters_ret val_remote_domain_get_memory_parameters_ret;
+    remote_domain_get_vcpus_flags_ret val_remote_domain_get_vcpus_flags_ret;
--- a/daemon/remote_dispatch_table.h
+++ b/daemon/remote_dispatch_table.h
@ -987,3 +987,23 @@
    .args_filter = (xdrproc_t) xdr_remote_domain_create_with_flags_args,
    .ret_filter = (xdrproc_t) xdr_remote_domain_create_with_flags_ret,
 },
+{   /* DomainSetMemoryParameters => 197 */
+    .fn = (dispatch_fn) remoteDispatchDomainSetMemoryParameters,
+    .args_filter = (xdrproc_t) xdr_remote_domain_set_memory_parameters_args,
+    .ret_filter = (xdrproc_t) xdr_void,
+},
+{   /* DomainGetMemoryParameters => 198 */
+    .fn = (dispatch_fn) remoteDispatchDomainGetMemoryParameters,
+    .args_filter = (xdrproc_t) xdr_remote_domain_get_memory_parameters_args,
+    .ret_filter = (xdrproc_t) xdr_remote_domain_get_memory_parameters_ret,
+},
+{   /* DomainSetVcpusFlags => 199 */
+    .fn = (dispatch_fn) remoteDispatchDomainSetVcpusFlags,
+    .args_filter = (xdrproc_t) xdr_remote_domain_set_vcpus_flags_args,
+    .ret_filter = (xdrproc_t) xdr_void,
+},
+{   /* DomainGetVcpusFlags => 200 */
+    .fn = (dispatch_fn) remoteDispatchDomainGetVcpusFlags,
+    .args_filter = (xdrproc_t) xdr_remote_domain_get_vcpus_flags_args,
+    .ret_filter = (xdrproc_t) xdr_remote_domain_get_vcpus_flags_ret,
+},
--- a/daemon/remote_generate_stubs.pl
+++ b/daemon/remote_generate_stubs.pl
@ -1,7 +1,16 @@
 #!/usr/bin/perl -w
 #
-# This script parses remote_protocol.x and produces lots of boilerplate
-# code for both ends of the remote connection.
+# This script parses remote_protocol.x or qemu_protocol.x and produces lots of
+# boilerplate code for both ends of the remote connection.
+#
+# The first non-option argument specifies the prefix to be searched for, and
+# output to, the boilerplate code.  The second non-option argument is the
+# file you want to operate on.  For instance, to generate the dispatch table
+# for both remote_protocol.x and qemu_protocol.x, you would run the
+# following:
+#
+# remote_generate_stubs.pl -c -t remote ../src/remote/remote_protocol.x
+# remote_generate_stubs.pl -t qemu ../src/remote/qemu_protocol.x
 #
 # By Richard Jones <rjones@redhat.com>

@ -10,8 +19,12 @@ use strict;
 use Getopt::Std;

 # Command line options.
-our ($opt_p, $opt_t, $opt_a, $opt_r, $opt_d);
-getopts ('ptard');
+our ($opt_p, $opt_t, $opt_a, $opt_r, $opt_d, $opt_c);
+getopts ('ptardc');
+
+my $structprefix = $ARGV[0];
+my $procprefix = uc $structprefix;
+shift;

 # Convert name_of_call to NameOfCall.
 sub name_to_ProcName {
@ -25,47 +38,50 @@ sub name_to_ProcName {
 # opinion about the name, args and return type of each RPC.
 my ($name, $ProcName, $id, %calls, @calls);

-# REMOTE_PROC_CLOSE has no args or ret.
-$calls{close} = {
-    name => "close",
-    ProcName => "Close",
-    UC_NAME => "CLOSE",
-    args => "void",
-    ret => "void",
-};
+# only generate a close method if -c was passed
+if ($opt_c) {
+    # REMOTE_PROC_CLOSE has no args or ret.
+    $calls{close} = {
+	name => "close",
+	ProcName => "Close",
+	UC_NAME => "CLOSE",
+	args => "void",
+	ret => "void",
+    };
+}

 while (<>) {
-    if (/^struct remote_(.*)_args/) {
+    if (/^struct ${structprefix}_(.*)_args/) {
 	$name = $1;
 	$ProcName = name_to_ProcName ($name);

-	die "duplicate definition of remote_${name}_args"
+	die "duplicate definition of ${structprefix}_${name}_args"
 	    if exists $calls{$name};

 	$calls{$name} = {
 	    name => $name,
 	    ProcName => $ProcName,
 	    UC_NAME => uc $name,
-	    args => "remote_${name}_args",
+	    args => "${structprefix}_${name}_args",
 	    ret => "void",
 	};

-    } elsif (/^struct remote_(.*)_ret/) {
+    } elsif (/^struct ${structprefix}_(.*)_ret/) {
 	$name = $1;
 	$ProcName = name_to_ProcName ($name);

 	if (exists $calls{$name}) {
-	    $calls{$name}->{ret} = "remote_${name}_ret";
+	    $calls{$name}->{ret} = "${structprefix}_${name}_ret";
 	} else {
 	    $calls{$name} = {
 		name => $name,
 		ProcName => $ProcName,
 		UC_NAME => uc $name,
 		args => "void",
-		ret => "remote_${name}_ret"
+		ret => "${structprefix}_${name}_ret"
 	    }
 	}
-    } elsif (/^struct remote_(.*)_msg/) {
+    } elsif (/^struct ${structprefix}_(.*)_msg/) {
 	$name = $1;
 	$ProcName = name_to_ProcName ($name);

@ -73,9 +89,9 @@ while (<>) {
 	    name => $name,
 	    ProcName => $ProcName,
 	    UC_NAME => uc $name,
-	    msg => "remote_${name}_msg"
+	    msg => "${structprefix}_${name}_msg"
 	}
-    } elsif (/^\s*REMOTE_PROC_(.*?)\s+=\s+(\d+),?$/) {
+    } elsif (/^\s*${procprefix}_PROC_(.*?)\s+=\s+(\d+),?$/) {
 	$name = lc $1;
 	$id = $2;
 	$ProcName = name_to_ProcName ($name);
@ -111,7 +127,7 @@ elsif ($opt_p) {
 	# Skip things which are REMOTE_MESSAGE
 	next if $calls{$_}->{msg};

-	print "static int remoteDispatch$calls{$_}->{ProcName}(\n";
+	print "static int ${structprefix}Dispatch$calls{$_}->{ProcName}(\n";
 	print "    struct qemud_server *server,\n";
 	print "    struct qemud_client *client,\n";
 	print "    virConnectPtr conn,\n";
@ -152,7 +168,7 @@ elsif ($opt_t) {
    for ($id = 0 ; $id <= $#calls ; $id++) {
 	if (defined $calls[$id] && !$calls[$id]->{msg}) {
 	    print "{   /* $calls[$id]->{ProcName} => $id */\n";
-	    print "    .fn = (dispatch_fn) remoteDispatch$calls[$id]->{ProcName},\n";
+	    print "    .fn = (dispatch_fn) ${structprefix}Dispatch$calls[$id]->{ProcName},\n";
 	    if ($calls[$id]->{args} ne "void") {
 		print "    .args_filter = (xdrproc_t) xdr_$calls[$id]->{args},\n";
 	    } else {
--- a/daemon/test_libvirtd.aug
+++ b/daemon/test_libvirtd.aug
@ -268,6 +268,9 @@ log_outputs=\"4:stderr\"

 # Logging filters:
 log_filters=\"a\"
+
+# Auditing:
+audit_level = 2
 "

   test Libvirtd.lns get conf =
@ -543,3 +546,6 @@ log_filters=\"a\"
 	{ "#empty" }
        { "#comment" = "Logging filters:" }
        { "log_filters" = "a" }
+	{ "#empty" }
+        { "#comment" = "Auditing:" }
+        { "audit_level" = "2" }
--- a/docs/.gitignore
+++ b/docs/.gitignore
@ -5,3 +5,4 @@ apibuild.pyc
 *.html
 libvirt-api.xml
 libvirt-refs.xml
+todo.html.in
--- a/docs/ChangeLog.awk
+++ b/docs/ChangeLog.awk
@ -1,49 +0,0 @@
-#!/bin/awk -f
-function translate(str) {
-    while (sub(/&/, "#amp;", str) == 1);
-    while (sub(/#amp;/, "\\&amp;", str) == 1); # fun isn't it ?
-    while (sub(/</, "\\&lt;", str) == 1);
-    while (sub(/>/, "\\&gt;", str) == 1);
-    sub(/[0-9][0-9][0-9][0-9][0-9]+/, "<bug number='&'/>", str)
-    return(str)
-}
-BEGIN         {
-		nb_entry = 0
-                in_entry = 0
-                in_item = 0
-		print "<?xml version='1.0' encoding='ISO-8859-1'?>"
-		print "<log>"
-	      }
-END           {
-                if (in_item == 1)  printf("%s</item>\n", translate(item))
-                if (in_entry == 1) print "  </entry>"
-                print "</log>"
-	      }
-/^[ \t]*$/    { next }
-/^[A-Za-z0-9]/ {
-                match($0, "\(.*\) \([A-Z]+\) \([0-9][0-9][0-9][0-9]\) \(.*\) <\(.*\)>", loge)
-                if (in_item == 1)  printf("%s</item>\n", translate(item))
-                if (in_entry == 1) print "  </entry>"
-		nb_entry = nb_entry + 1
-		if (nb_entry > 50) {
-		    in_entry = 0
-		    in_item = 0
-		    exit
-		}
-                in_entry = 1
-                in_item = 0
-		printf("  <entry date='%s' timezone='%s' year='%s'\n         who='%s' email='%s'>\n", loge[1], loge[2], loge[3], loge[4], loge[5])
-	      }
-/^[ \t]*\*/   {
-                if (in_item == 1)  printf("%s</item>\n", translate(item))
-                in_item = 1
-		printf("    <item>")
-                match($0, "[ \t]*. *\(.*\)", loge)
-		item = loge[1]
-              }
-/^[ \t]*[a-zA-Z0-9\#]/    {
-                if (in_item == 1) {
-		    match($0, "[ \t]*\(.*\)[ \t]*", loge)
-		    item = sprintf("%s %s",  item, loge[1])
-		}
-              }
--- a/docs/ChangeLog.xsl
+++ b/docs/ChangeLog.xsl
@ -1,37 +0,0 @@
-<?xml version="1.0"?>
-<!-- this stylesheet builds the ChangeLog.html -->
-<xsl:stylesheet version="1.0"
-  xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
-
-  <!-- Generate XHTML-1.0 transitional -->
-  <xsl:output method="xml" encoding="UTF-8" indent="yes"
-      doctype-public="-//W3C//DTD XHTML 1.0//EN"
-      doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"/>
-
-  <xsl:template match="item">
-    <li><xsl:apply-templates/></li>
-  </xsl:template>
-
-  <xsl:template match="entry">
-    <p>
-      <span class="author"><xsl:value-of select="@who"/> </span>
-      <span class="date"><xsl:value-of select="@date"/> </span>
-      <span class="timezone"><xsl:value-of select="@timezone"/> </span>
-    </p>
-    <ul>
-      <xsl:apply-templates select="item"/>
-    </ul>
-  </xsl:template>
-
-  <xsl:template match="log">
-    <html>
-      <body>
-        <h1>Log of recent changes to libvirt</h1>
-        <div id="changelog">
-          <xsl:apply-templates select="entry"/>
-        </div>
-      </body>
-    </html>
-  </xsl:template>
-
-</xsl:stylesheet>
--- a/docs/FAQ.html.in
+++ b/docs/FAQ.html.in
@ -1,144 +0,0 @@
-<?xml version="1.0"?>
-<html>
-  <body>
-    <h1 >FAQ</h1>
-    <p>Table of Contents:</p>
-    <ul>
-      <li>
-        <a href="FAQ.html#License">License(s)</a>
-      </li>
-      <li>
-        <a href="FAQ.html#Installati">Installation</a>
-      </li>
-      <li>
-        <a href="FAQ.html#Compilatio">Compilation</a>
-      </li>
-      <li>
-        <a href="FAQ.html#Developer">Developer corner</a>
-      </li>
-    </ul>
-    <h3><a name="License" id="License">License</a>(s)</h3>
-    <ol>
-      <li>
-        <em>Licensing Terms for libvirt</em>
-        <p>libvirt is released under the <a href="http://www.opensource.org/licenses/lgpl-license.html">GNU Lesser
-    General Public License</a>, see the file COPYING.LIB in the distribution
-    for the precise wording. The only library that libvirt depends upon is
-    the Xen store access library which is also licenced under the LGPL.</p>
-      </li>
-      <li>
-        <em>Can I embed libvirt in a proprietary application ?</em>
-        <p>Yes. The LGPL allows you to embed libvirt into a proprietary
-    application. It would be graceful to send-back bug fixes and improvements
-    as patches for possible incorporation in the main development tree. It
-    will decrease your maintenance costs anyway if you do so.</p>
-      </li>
-    </ol>
-    <h3>
-      <a name="Installati" id="Installati">Installation</a>
-    </h3>
-    <ol>
-      <li><em>Where can I get libvirt</em> ?
-    <p>The original distribution comes from <a href="ftp://libvirt.org/libvirt/">ftp://libvirt.org/libvirt/</a>.</p>
-  </li>
-      <li>
-        <em>I can't install the libvirt/libvirt-devel RPM packages due to
-    failed dependencies</em>
-        <p>The most generic solution is to re-fetch the latest src.rpm , and
-    rebuild it locally with</p>
-        <p><code>rpm --rebuild libvirt-xxx.src.rpm</code>.</p>
-        <p>If everything goes well it will generate two binary rpm packages (one
-    providing the shared libs and virsh, and the other one, the -devel
-    package, providing includes, static libraries and scripts needed to build
-    applications with libvirt that you can install locally.</p>
-        <p>One can also rebuild the RPMs from a tarball:</p>
-        <p>
-          <code>rpmbuild -ta libdir-xxx.tar.gz</code>
-        </p>
-        <p>Or from a configured tree with:</p>
-        <p>
-          <code>make rpm</code>
-        </p>
-      </li>
-      <li>
-        <em>Failure to use the API for non-root users</em>
-        <p>Large parts of the API may only be accessible with root privileges,
-    however the read only access to the xenstore data doesnot have to be
-    forbidden to user, at least for monitoring purposes. If "virsh dominfo"
-    fails to run as an user, change the mode of the xenstore read-only socket
-    with:</p>
-        <p>
-          <code>chmod 666 /var/run/xenstored/socket_ro</code>
-        </p>
-        <p>and also make sure that the Xen Daemon is running correctly with local
-    HTTP server enabled, this is defined in
-    <code>/etc/xen/xend-config.sxp</code> which need the following line to be
-    enabled:</p>
-        <p>
-          <code>(xend-http-server yes)</code>
-        </p>
-        <p>If needed restart the xend daemon after making the change with the
-    following command run as root:</p>
-        <p>
-          <code>service xend restart</code>
-        </p>
-      </li>
-    </ol>
-    <h3>
-      <a name="Compilatio" id="Compilatio">Compilation</a>
-    </h3>
-    <ol>
-      <li>
-        <em>What is the process to compile libvirt ?</em>
-        <p>As most UNIX libraries libvirt follows the "standard":</p>
-        <p>
-          <code>gunzip -c libvirt-xxx.tar.gz | tar xvf -</code>
-        </p>
-        <p>
-          <code>cd libvirt-xxxx</code>
-        </p>
-        <p>
-          <code>./configure --help</code>
-        </p>
-        <p>to see the options, then the compilation/installation proper</p>
-        <p>
-          <code>./configure [possible options]</code>
-        </p>
-        <p>
-          <code>make</code>
-        </p>
-        <p>
-          <code>make install</code>
-        </p>
-        <p>At that point you may have to rerun ldconfig or a similar utility to
-    update your list of installed shared libs.</p>
-      </li>
-      <li>
-        <em>What other libraries are needed to compile/install libvirt ?</em>
-        <p>Libvirt requires libxenstore, which is usually provided by the xen
-    packages as well as the public headers to compile against libxenstore.</p>
-      </li>
-      <li>
-        <em>I use the GIT version and there is no configure script</em>
-        <p>The configure script (and other Makefiles) are generated. Use the
-    autogen.sh script to regenerate the configure script and Makefiles,
-    like:</p>
-        <p>
-          <code>./autogen.sh --prefix=/usr --disable-shared</code>
-        </p>
-      </li>
-    </ol>
-    <h3><a name="Developer" id="Developer">Developer</a> corner</h3>
-    <ol>
-      <li>
-        <em>Troubles compiling or linking programs using libvirt</em>
-        <p>To simplify the process of reusing the library, libvirt comes with
-    pkgconfig support, which can be used directly from autoconf support or
-    via the pkg-config command line tool, like:</p>
-        <p>
-          <code>pkg-config libvirt --libs</code>
-        </p>
-      </li>
-    </ol>
-  </body>
-</html>
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@ -1,6 +1,8 @@
 ## Process this file with automake to produce Makefile.in
 SUBDIRS= schemas

+PERL = perl
+
 # The directory containing the source code (if it contains documentation).
 DOC_SOURCE_DIR=../src

@ -24,6 +26,11 @@ devhelphtml =			\
  devhelp/libvirt-libvirt.html	\
  devhelp/libvirt-virterror.html

+css =         \
+  generic.css \
+  libvirt.css \
+  main.css
+
 devhelppng =		\
  devhelp/home.png	\
  devhelp/left.png	\
@ -53,7 +60,7 @@ gif = \
  architecture.gif \
  node.gif

-dot_html_in = $(wildcard *.html.in)
+dot_html_in = $(notdir $(wildcard $(srcdir)/*.html.in)) todo.html.in
 dot_html = $(dot_html_in:%.html.in=%.html)

 patches = $(wildcard api_extension/*.patch)
@ -71,13 +78,13 @@ fig = \

 EXTRA_DIST=					\
  apibuild.py \
-  site.xsl newapi.xsl news.xsl page.xsl ChangeLog.xsl \
+  site.xsl newapi.xsl news.xsl page.xsl \
  $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
  $(devhelphtml) $(devhelppng) $(devhelpcss) $(devhelpxsl) \
-  $(xml) $(fig) $(png) \
+  $(xml) $(fig) $(png) $(css) \
  $(patches) \
  sitemap.html.in \
-  ChangeLog.awk
+  todo.pl todo.cfg-example

 MAINTAINERCLEANFILES = $(dot_html) $(apihtml) $(devhelphtml)

@ -87,15 +94,21 @@ api: libvirt-api.xml libvirt-refs.xml

 web: $(dot_html) html/index.html devhelp/index.html

-ChangeLog.xml: ../ChangeLog ChangeLog.awk
-	awk -f ChangeLog.awk < $< > $@
+todo.html.in: todo.pl
+	if [ -f  todo.cfg ]; then \
+		echo "Generating $@"; \
+		$(PERL) $(srcdir)/$< > $@ \
+		|| { rm $@ && exit 1; }; \
+	else \
+		echo "Stubbing $@"; \
+		echo "<html><body><h1>Todo list</h1></body></html>" > $@ ; \
+	fi

-ChangeLog.html.in: ChangeLog.xml ChangeLog.xsl
-	@if [ -x $(XSLTPROC) ] ; then \
-	  echo "Generating $@"; \
-	  name=`echo $@ | sed -e 's/.tmp//'`; \
-	  $(XSLTPROC) --nonet $(top_srcdir)/docs/ChangeLog.xsl $< > $@ \
-	    || { rm $@ && exit 1; }; fi
+todo:
+	rm -f todo.html.in
+	$(MAKE) todo.html
+
+.PHONY: todo

 %.png: %.fig
 	convert -rotate 90 $< $@
@ -110,10 +123,11 @@ ChangeLog.html.in: ChangeLog.xml ChangeLog.xsl

 %.html: %.html.tmp
 	@if test -x $(XMLLINT) && test -x $(XMLCATALOG) ; then \
-	  if $(XMLCATALOG) /etc/xml/catalog \
+	  if $(XMLCATALOG) '$(XML_CATALOG_FILE)' \
 	    "-//W3C//DTD XHTML 1.0 Strict//EN" > /dev/null ; then \
 	  echo "Validating $@" ; \
-	  $(XMLLINT) --nonet --format --valid $< > $@ \
+	  SGML_CATALOG_FILES='$(XML_CATALOG_FILE)' \
+	  $(XMLLINT) --catalogs --nonet --format --valid $< > $@ \
 	  || { rm $@ && exit 1; }; \
 	  else echo "missing XHTML1 DTD" ; fi ; fi

@ -123,10 +137,11 @@ html/index.html: libvirt-api.xml newapi.xsl page.xsl sitemap.html.in
 	  echo "Rebuilding the HTML pages from the XML API" ; \
 	  $(XSLTPROC) --nonet $(srcdir)/newapi.xsl libvirt-api.xml ; fi
 	-@if test -x $(XMLLINT) && test -x $(XMLCATALOG) ; then \
-	  if $(XMLCATALOG) /etc/xml/catalog "-//W3C//DTD XHTML 1.0 Strict//EN" \
+	  if $(XMLCATALOG) '$(XML_CATALOG_FILE)' "-//W3C//DTD XHTML 1.0 Strict//EN" \
 	    > /dev/null ; then \
 	  echo "Validating the resulting XHTML pages" ; \
-	  $(XMLLINT) --nonet --valid --noout html/*.html ; \
+	  SGML_CATALOG_FILES='$(XML_CATALOG_FILE)' \
+	  $(XMLLINT) --catalogs --nonet --valid --noout html/*.html ; \
 	  else echo "missing XHTML1 DTD" ; fi ; fi

 $(addprefix $(srcdir)/,$(devhelphtml)): $(srcdir)/libvirt-api.xml $(devhelpxsl)
@ -150,17 +165,18 @@ $(python_generated_files): $(srcdir)/apibuild.py \
 check-local: all

 clean-local:
-	rm -f *~ *.bak *.hierarchy *.signals *-unused.txt
+	rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.html

 maintainer-clean-local: clean-local
-	rm -rf libvirt-api.xml libvirt-refs.xml
+	rm -rf libvirt-api.xml libvirt-refs.xml todo.html.in

 rebuild: api all

 install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)
-	-$(INSTALL) -m 0644 $(srcdir)/FAQ.html \
-	    $(srcdir)/Libxml2-Logo-90x34.gif $(DESTDIR)$(HTML_DIR)
+	for f in $(css) $(dot_html) $(gif) $(png); do \
+	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR); done
+	-$(INSTALL) -m 0644 $(srcdir)/Libxml2-Logo-90x34.gif $(DESTDIR)$(HTML_DIR)
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/html
 	for h in $(apihtml); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$h $(DESTDIR)$(HTML_DIR)/html; done
--- a/docs/api.html.in
+++ b/docs/api.html.in
@ -5,21 +5,10 @@

    <p> This page describes the main principles and architecture choices
    behind the definition of the libvirt API:
-    <ul>
-      <li>
-        <a href="#Objects">Objects exposed</a>
-      </li>
-      <li>
-        <a href="#Functions">Functions and naming conventions</a>
-      </li>
-      <li>
-        <a href="#Driver">The drivers</a>
-      </li>
-      <li>
-        <a href="#Remote">Daemon and remote access</a>
-      </li>
-    </ul>
-    <h2><a name="Objects" id="Objects">Objects exposed</a></h2>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="Objects">Objects exposed</a></h2>
    <p> As defined in the <a href="goals.html">goals section</a>, libvirt
    API need to expose all the resources needed to manage the virtualization
    support of recent operating systems. The first object manipulated though
@ -85,7 +74,7 @@
      set of nodes.</li>
    </ul>

-    <h2><a name="Functions" id="Functions">Functions and naming
+    <h2><a name="Functions">Functions and naming
      conventions</a></h2>
    <p> The naming of the functions present in the library is usually
      made of a prefix describing the object associated to the function
@ -120,13 +109,13 @@
    </ul>
    <p> For more in-depth details of the storage related APIs see
      <a href="storage.html">the storage management page</a>,
-    <h2><a name="Driver" id="Driver">The libvirt drivers</a></h2>
+    <h2><a name="Driver">The libvirt drivers</a></h2>
    <p></p>
    <p class="image">
      <img alt="The libvirt driver architecture"
           src="libvirt-driver-arch.png"/>
    </p>
-    <h2><a name="Remote" id="Remote">Daemon and remote access</a></h2>
+    <h2><a name="Remote">Daemon and remote access</a></h2>
    <p></p>
    <p class="image">
      <img alt="The libvirt daemon and remote architecture"
--- a/docs/api_extension.html.in
+++ b/docs/api_extension.html.in
@ -10,8 +10,14 @@

    <p>
      This document walks you through the process of implementing a new
-      API in libvirt.  It uses as an example the addition of the node device
-      create and destroy APIs.
+      API in libvirt.  It uses as an example the addition of an API for
+      separating maximum from current vcpu usage of a domain, over
+      the course of a fifteen-patch series.
+      Remember that new API consists of any new public functions, as
+      well as the addition of flags or extensions of XML used by
+      existing functions.  The example in this document adds both new
+      functions and an XML extension.  Not all libvirt API additions
+      require quite as many patches.
    </p>

    <p>
@ -23,7 +29,12 @@
      added to libvirt.  Someone may already be working on the feature you
      want.  Also, recognize that everything you write is likely to undergo
      significant rework as you discuss it with the other developers, so
-      don't wait too long before getting feedback.
+      don't wait too long before getting feedback.  In the vcpu example
+      below, list feedback was first requested
+      <a href="https://www.redhat.com/archives/libvir-list/2010-September/msg00423.html">here</a>
+      and resulted in several rounds of improvements before coding
+      began.  In turn, this example is slightly rearranged from the actual
+      order of the commits.
    </p>

    <p>
@ -46,11 +57,22 @@
      <li>define the public API</li>
      <li>define the internal driver API</li>
      <li>implement the public API</li>
-      <li>define the wire protocol format</li>
-      <li>implement the RPC client</li>
-      <li>implement the server side dispatcher</li>
-      <li>implement the driver methods</li>
+      <li>implement the remote protocol:
+        <ol>
+          <li>define the wire protocol format</li>
+          <li>implement the RPC client</li>
+          <li>implement the server side dispatcher</li>
+        </ol>
+      </li>
+      <li>use new API where appropriate in drivers</li>
      <li>add virsh support</li>
+      <li>add common handling for new API</li>
+      <li>for each driver that can support the new API:
+        <ol>
+          <li>add prerequisite support</li>
+          <li>fully implement new API</li>
+        </ol>
+      </li>
    </ol>

    <p>
@ -66,11 +88,10 @@
      functionality--get the whole thing working and make sure you're happy
      with it.  Then use git or some other version control system that lets
      you rewrite your commit history and break patches into pieces so you
-      don't drop a big blob of code on the mailing list at one go.  For
-      example, I didn't follow my own advice when I originally submitted the
-      example code to the libvirt list but rather submitted it in several
-      large chunks.  I've used git's ability to rewrite my commit history to
-      break the code apart into the example patches shown.
+      don't drop a big blob of code on the mailing list in one go.
+      Also, you should follow the upstream tree, and rebase your
+      series to adapt your patches to work with any other changes
+      that were accepted upstream during your development.
    </p>

    <p>
@ -86,9 +107,24 @@

    <h2><a name='publicapi'>Defining the public API</a></h2>

-    <p>The first task is to define the public API and add it to:</p>
+    <p>The first task is to define the public API.  If the new API
+      involves an XML extension, you have to enhance the RelaxNG
+      schema and document the new elements or attributes:</p>

-    <p><code>include/libvirt/libvirt.h.in</code></p>
+    <p><code>
+        docs/schemas/domain.rng<br/>
+        docs/formatdomain.html.in
+    </code></p>
+
+    <p>If the API extension involves a new function, you have to add a
+      declaration in the public header, and arrange to export the
+      function name (symbol) so other programs can link against the
+      libvirt library and call the new function:</p>
+
+    <p><code>
+        include/libvirt/libvirt.h.in
+        src/libvirt_public.syms
+    </code></p>

    <p>
      This task is in many ways the most important to get right, since once
@ -99,12 +135,9 @@
      rework it as you go through the process of implementing it.
    </p>

-    <p>Once you have defined the API, you have to add the symbol names to:</p>
-
-    <p><code>src/libvirt_public.syms</code></p>
-
-    <p class="example">See <a href="api_extension/0001-Step-1-of-8-Define-the-public-API.patch">0001-Step-1-of-8-Define-the-public-API.patch</a> for example code.</p>
-
+    <p class="example">See <a href="api_extension/0001-add-to-xml.patch">0001-add-to-xml.patch</a>
+    and <a href="api_extension/0002-add-new-public-API.patch">0002-add-new-public-API.patch</a>
+    for example code.</p>

    <h2><a name='internalapi'>Defining the internal API</a></h2>

@ -118,7 +151,7 @@

    <p>
      Of course, it's possible that the new API will involve the creation of
-      an entire new driver type, in which case the changes will include the
+      an entirely new driver type, in which case the changes will include the
      creation of a new struct type to represent the new driver type.
    </p>

@ -129,10 +162,11 @@
    <p>
      To define the internal API, first typedef the driver function
      prototype and then add a new field for it to the relevant driver
-      struct.
+      struct.  Then, update all existing instances of the driver to
+      provide a <code>NULL</code> stub for the new function.
    </p>

-    <p class="example">See <a href="api_extension/0002-Step-2-of-8-Define-the-internal-driver-API.patch">0002-Step-2-of-8-Define-the-internal-driver-API.patch</a></p>
+    <p class="example">See <a href="api_extension/0003-define-internal-driver-API.patch">0003-define-internal-driver-API.patch</a></p>

    <h2><a name='implpublic'>Implementing the public API</a></h2>

@ -166,16 +200,24 @@

    <p><code>src/libvirt.c</code></p>

-    <p class="example">See <a href="api_extension/0003-Step-3-of-8-Implement-the-public-API.patch">0003-Step-3-of-8-Implement-the-public-API.patch</a></p>
+    <p class="example">See <a href="api_extension/0004-implement-the-public-APIs.patch">0004-implement-the-public-APIs.patch</a></p>

-
-    <h2><a name='wireproto'>Defining the wire protocol format</a></h2>
+    <h2><a name='remoteproto'>Implementing the remote protocol</a></h2>

    <p>
-      Defining the wire protocol is essentially a straightforward exercise
-      which is probably most easily understood by referring to the existing
-      remote protocol wire format definitions and the example patch.  It
-      involves making two additions to:
+      Implementing the remote protocol is essentially a
+      straightforward exercise which is probably most easily
+      understood by referring to the existing code and the example
+      patch.  It involves several related changes, including the
+      regeneration of derived files, with further details below.
+    </p>
+
+    <p class="example">See <a href="api_extension/0005-implement-the-remote-protocol.patch">0005-implement-the-remote-protocol.patch</a></p>
+
+    <h3><a name='wireproto'>Defining the wire protocol format</a></h3>
+
+    <p>
+      Defining the wire protocol involves making additions to:
    </p>

    <p><code>src/remote/remote_protocol.x</code></p>
@ -185,7 +227,7 @@
      to the API.  One struct describes the parameters to be passed to the
      remote function, and a second struct describes the value returned by
      the remote function.  The one exception to this rule is that functions
-      that return only integer status do not require a struct for returned
+      that return only 0 or -1 for status do not require a struct for returned
      data.
    </p>

@ -194,23 +236,28 @@
      added to the API.
    </p>

-    <p class="example">See <a href="api_extension/0004-Step-4-of-8-Define-the-wire-protocol-format.patch">0004-Step-4-of-8-Define-the-wire-protocol-format.patch</a></p>
-
    <p>
      Once these changes are in place, it's necessary to run 'make rpcgen'
      in the src directory to create the .c and .h files required by the
      remote protocol code. This must be done on a Linux host using the
      GLibC rpcgen program. Other rpcgen versions may generate code which
-      results in bogus compile time warnings
+      results in bogus compile time warnings.  This regenerates the
+      following files:
    </p>

+    <p><code>
+        daemon/remote_dispatch_args.h
+        daemon/remote_dispatch_prototypes.h
+        daemon/remote_dispatch_table.h
+        src/remote/remote_protocol.c
+        src/remote/remote_protocol.h
+    </code></p>

-    <h2><a name='rpcclient'>Implement the RPC client</a></h2>
+    <h3><a name='rpcclient'>Implement the RPC client</a></h3>

    <p>
-      Implementing the RPC client is also relatively mechanical, so refer to
-      the exising code and example patch for guidance.  The RPC client uses
-      the rpcgen generated .h files.  The remote method calls go in:
+      Implementing the uses the rpcgen generated .h files.  The remote
+      method calls go in:
    </p>

    <p><code>src/remote/remote_internal.c</code></p>
@ -227,17 +274,10 @@
      <li>unlocks the remote driver.</li>
    </ol>

-    <p>
-      Once you have created the remote method calls, you have to add fields
-      for them to the driver structs for the appropriate remote driver.
-    </p>
-
-    <p class="example">See <a href="api_extension/0005-Step-5-of-8-Implement-the-RPC-client.patch">0005-Step-5-of-8-Implement-the-RPC-client.patch</a></p>
-
-    <h2><a name="serverdispatch">Implement the server side dispatcher</a></h2>
+    <h3><a name="serverdispatch">Implement the server side dispatcher</a></h3>

    <p>
-      Implementing the server side of the remote function calls is simply a
+      Implementing the server side of the remote function call is simply a
      matter of deserializing the parameters passed in from the remote
      caller and passing them to the corresponding internal API function.
      The server side dispatchers are implemented in:
@ -247,8 +287,64 @@

    <p>Again, this step uses the .h files generated by make rpcgen.</p>

-    <p class="example">See <a href="api_extension/0006-Step-6-of-8-Implement-the-server-side-dispatcher.patch">0006-Step-6-of-8-Implement-the-server-side-dispatcher.patch</a></p>
+    <p>
+      After all three pieces of the remote protocol are complete, and
+      the generated files have been updated, it will be necessary to
+      update the file:</p>

+    <p><code>src/remote_protocol-structs</code></p>
+
+    <p>
+      This file should only have new lines added; modifications to
+      existing lines probably imply a backwards-incompatible API change.
+    </p>
+
+    <p class="example">See <a href="api_extension/0005-implement-the-remote-protocol.patch">0005-implement-the-remote-protocol.patch</a></p>
+
+    <h2><a name="internaluseapi">Use the new API internally</a></h2>
+
+    <p>
+      Sometimes, a new API serves as a superset of existing API, by
+      adding more granularity in what can be managed.  When this is
+      the case, it makes sense to share a common implementation by
+      making the older API become a trivial wrapper around the new
+      API, rather than duplicating the common code.  This step should
+      not introduce any semantic differences for the old API, and is
+      not necessary if the new API has no relation to existing API.
+    </p>
+
+    <p class="example">See <a href="api_extension/0006-make-old-API-trivially-wrap-to-new-API.patch">0006-make-old-API-trivially-wrap-to-new-API.patch</a></p>
+
+    <h2><a name="virshuseapi">Expose the new API in virsh</a></h2>
+
+    <p>
+      All new API should be manageable from the virsh command line
+      shell.  This proves that the API is sufficient for the intended
+      purpose, and helps to identify whether the proposed API needs
+      slight changes for easier usage.  However, remember that virsh
+      is used to connect to hosts running older versions of libvirtd,
+      so new commands should have fallbacks to an older API if
+      possible; implementing the virsh hooks at this point makes it
+      very easy to test these fallbacks.  Also remember to document
+      virsh additions.
+    </p>
+
+    <p>
+      A virsh command is composed of a few pieces of code.  You need to
+      define an array of vshCmdInfo structs for each new command that
+      contain the help text and the command description text.  You also need
+      an array of vshCmdOptDef structs to describe the command options.
+      Once you have those pieces in place you can write the function
+      implementing the virsh command.  Finally, you need to add the new
+      command to the commands[] array.  The following files need changes:
+    </p>
+
+    <p><code>
+        tools/virsh.c<br/>
+        tools/virsh.pod
+    </code></p>
+
+    <p class="example">See <a href="api_extension/0007-add-virsh-support.patch">0007-add-virsh-support.patch</a></p>

    <h2><a name="driverimpl">Implement the driver methods</a></h2>

@ -261,42 +357,77 @@
      adding.
    </p>

+    <h3><a name="commonimpl">Implement common handling</a></h3>
+
    <p>
-      In the example code, the extension is only an additional two function
-      calls in the node device API, so most of the new code is additions to
-      existing files.  The only new files are there for multi-platform
-      implementation convenience, as some of the new code is Linux specific.
+      If the new API is applicable to more than one driver, it may
+      make sense to provide some utility routines, or to factor some
+      of the work into the dispatcher, to avoid reimplementing the
+      same code in every driver.  In the example code, this involved
+      adding a member to the virDomainDefPtr struct for mapping
+      between the XML API addition and the in-memory representation of
+      a domain, along with updating all clients to use the new member.
+      Up to this point, there have been no changes to existing
+      semantics, and the new APIs will fail unless they are used in
+      the same way as the older API wrappers.
+    </p>
+
+    <p class="example">See <a href="api_extension/0008-support-new-xml.patch">0008-support-new-xml.patch</a></p>
+
+    <h3><a name="drivercode">Implement driver handling</a></h3>
+
+    <p>
+      The remaining patches should only touch one driver at a time.
+      It is possible to implement all changes for a driver in one
+      patch, but for review purposes it may still make sense to break
+      things into simpler steps.  Here is where the new APIs finally
+      start working.
    </p>

    <p>
-      The example code is probably uninteresting unless you're concerned
-      with libvirt storage, but I've included it here to show how new files
-      are added to the build environment.
+      In the example patches, three separate drivers are supported:
+      test, qemu, and xen.  It is always a good idea to patch the test
+      driver in addition to the target driver, to prove that the API
+      can be used for more than one driver.  The example updates the
+      test driver in one patch:
    </p>

-    <p class="example">See <a href="api_extension/0007-Step-7-of-8-Implement-the-driver-methods.patch">0007-Step-7-of-8-Implement-the-driver-methods.patch</a></p>
-
-    <h2><a name="virsh">Implement virsh commands</a></h2>
+    <p class="example">See <a href="api_extension/0009-support-all-flags-in-test-driver.patch">0009-support-all-flags-in-test-driver.patch</a></p>

    <p>
-      Once you have the new functionality in place, the easiest way to test
-      it and also to provide it to end users is to implement support for it
-      in virsh.
+      The qemu changes were easier to split into two phases, one for
+      updating the mapping between the new XML and the hypervisor
+      command line arguments, and one for supporting all possible
+      flags of the new API:
+    </p>
+
+    <p class="example">See <a href="api_extension/0010-improve-vcpu-support-in-qemu-command-line.patch">0010-improve-vcpu-support-in-qemu-command-line.patch</a>
+      and <a href="api_extension/0011-complete-vcpu-support-in-qemu-driver.patch">0011-complete-vcpu-support-in-qemu-driver.patch</a></p>
+
+    <p>
+      Finally, the example breaks the xen driver changes across four
+      patches.  One maps the XML changes to the hypervisor command,
+      the next two are independently implementing the getter and
+      setter APIs, and the last one provides cleanup of code that was
+      rendered dead by the new API.
+    </p>
+
+    <p class="example">See <a href="api_extension/0012-improve-vcpu-support-in-xen-command-line.patch">0012-improve-vcpu-support-in-xen-command-line.patch</a>,
+      <a href="api_extension/0013-improve-getting-xen-vcpu-counts.patch">0013-improve-getting-xen-vcpu-counts.patch</a>,
+      <a href="api_extension/0014-improve-setting-xen-vcpu-counts.patch">0014-improve-setting-xen-vcpu-counts.patch</a>,
+      and <a href="api_extension/0015-remove-dead-xen-code.patch">0015-remove-dead-xen-code.patch</a></p>
+
+    <p>
+      The exact details of the example code are probably uninteresting
+      unless you're concerned with virtual cpu management.
    </p>

    <p>
-      A virsh command is composed of a few pieces of code.  You need to
-      define an array of vshCmdInfo structs for each new command that
-      contain the help text and the command description text.  You also need
-      an array of vshCmdOptDef structs to describe the command options.
-      Once you have those pieces of data in place you can write the function
-      implementing the virsh command.  Finally, you need to add the new
-      command to the commands[] array.
+      Once you have working functionality, run make check and make
+      syntax-check on each patch of the series before submitting
+      patches.  It may also be worth writing tests for the libvirt-TCK
+      testsuite to exercise your new API, although those patches are
+      not kept in the libvirt repository.
    </p>
-
-    <p class="example">See <a href="api_extension/0008-Step-8-of-8-Add-virsh-support.patch">0008-Step-8-of-8-Add-virsh-support.patch</a></p>
-
-    <p>Once you have working functionality, run make check and make
-      syntax-check before generating patches.</p>
  </body>
 </html>
--- a/docs/api_extension/0001-Step-1-of-8-Define-the-public-API.patch
+++ b/docs/api_extension/0001-Step-1-of-8-Define-the-public-API.patch
@ -1,44 +0,0 @@
-From 2ae8fd62a1e5e085b7902da9bc207b806d84fd91 Mon Sep 17 00:00:00 2001
-From: David Allan <dallan@redhat.com>
-Date: Tue, 19 May 2009 16:16:11 -0400
-Subject: [PATCH] Step 1 of 8 Define the public API
-
---
- include/libvirt/libvirt.h.in |    6 ++++++
- src/libvirt_public.syms      |    6 ++++++
- 2 files changed, 12 insertions(+), 0 deletions(-)
-
-diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
-index a028b21..2f7076f 100644
--- a/include/libvirt/libvirt.h.in
-+++ b/include/libvirt/libvirt.h.in
-@@ -1124,6 +1124,12 @@ int                     virNodeDeviceDettach    (virNodeDevicePtr dev);
- int                     virNodeDeviceReAttach   (virNodeDevicePtr dev);
- int                     virNodeDeviceReset      (virNodeDevicePtr dev);
- 
-+virNodeDevicePtr        virNodeDeviceCreateXML  (virConnectPtr conn,
-+                                                 const char *xmlDesc,
-+                                                 unsigned int flags);
-+
-+int                     virNodeDeviceDestroy    (virNodeDevicePtr dev);
-+
- /*
-  * Domain Event Notification
-  */
-diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
-index f7ebbc3..b8f9128 100644
--- a/src/libvirt_public.syms
-+++ b/src/libvirt_public.syms
-@@ -258,4 +258,10 @@ LIBVIRT_0.6.1 {
- 	virNodeGetSecurityModel;
- } LIBVIRT_0.6.0;
- 
-+LIBVIRT_0.6.3 {
-+    global:
-+	virNodeDeviceCreateXML;
-+	virNodeDeviceDestroy;
-+} LIBVIRT_0.6.1;
-+
- # .... define new API here using predicted next version number ....
-- 
-1.6.0.6
--- a/docs/api_extension/0001-add-to-xml.patch
+++ b/docs/api_extension/0001-add-to-xml.patch
@ -0,0 +1,145 @@
+From a74f4e44649906dcd82151f7ef837f66d7fa2ab1 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Mon, 27 Sep 2010 17:36:06 -0600
+Subject: [PATCH 01/15] vcpu: add current attribute to <vcpu> element
+
+Syntax agreed on in
+https://www.redhat.com/archives/libvir-list/2010-September/msg00476.html
+
+<domain ...>
+  <vcpu current='x'>y</vcpu>
+...
+
+can now be used to specify 1 <= x <= y current vcpus, in relation
+to the boot-time max of y vcpus.  If current is omitted, then
+current and max are assumed to be the same value.
+
+* docs/schemas/domain.rng: Add new attribute.
+* docs/formatdomain.html.in: Document it.
+* tests/qemuxml2argvdata/qemuxml2argv-smp.xml: Add to
+domainschematest.
+* tests/xml2sexprdata/xml2sexpr-pv-vcpus.xml: Likewise.
+---
+ docs/formatdomain.html.in                   |    9 +++++--
+ docs/schemas/domain.rng                     |    5 ++++
+ tests/qemuxml2argvdata/qemuxml2argv-smp.xml |   28 +++++++++++++++++++++++++++
+ tests/xml2sexprdata/xml2sexpr-pv-vcpus.xml  |   22 +++++++++++++++++++++
+ 4 files changed, 61 insertions(+), 3 deletions(-)
+ create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smp.xml
+ create mode 100644 tests/xml2sexprdata/xml2sexpr-pv-vcpus.xml
+
+diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
+index a8a1fac..96de121 100644
+--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
+@@ -200,7 +200,7 @@
+     &lt;swap_hard_limit&gt;2097152&lt;/swap_hard_limit&gt;
+     &lt;min_guarantee&gt;65536&lt;/min_guarantee&gt;
+   &lt;/memtune&gt;
+-  &lt;vcpu cpuset="1-4,^3,6"&gt;2&lt;/vcpu&gt;
+  &lt;vcpu cpuset="1-4,^3,6" current="1"&gt;2&lt;/vcpu&gt;
+   ...</pre>
+
+     <dl>
+@@ -238,7 +238,7 @@
+ 	minimum memory allocation for the guest. The units for this value are
+ 	kilobytes (i.e. blocks of 1024 bytes)</dd>
+       <dt><code>vcpu</code></dt>
+-      <dd>The content of this element defines the number of virtual
+      <dd>The content of this element defines the maximum number of virtual
+         CPUs allocated for the guest OS, which must be between 1 and
+         the maximum supported by the hypervisor.  <span class="since">Since
+         0.4.4</span>, this element can contain an optional
+@@ -246,7 +246,10 @@
+         list of physical CPU numbers that virtual CPUs can be pinned
+         to.  Each element in that list is either a single CPU number,
+         a range of CPU numbers, or a caret followed by a CPU number to
+-        be excluded from a previous range.
+        be excluded from a previous range.  <span class="since">Since
+        0.8.5</span>, the optional attribute <code>current</code> can
+        be used to specify whether fewer than the maximum number of
+        virtual CPUs should be enabled.
+       </dd>
+     </dl>
+
+diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng
+index f230263..a934a77 100644
+--- a/docs/schemas/domain.rng
+++ b/docs/schemas/domain.rng
+@@ -337,6 +337,11 @@
+               <ref name="cpuset"/>
+             </attribute>
+           </optional>
+          <optional>
+            <attribute name="current">
+              <ref name="countCPU"/>
+            </attribute>
+          </optional>
+           <ref name="countCPU"/>
+         </element>
+       </optional>
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-smp.xml b/tests/qemuxml2argvdata/qemuxml2argv-smp.xml
+new file mode 100644
+index 0000000..975f873
+--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-smp.xml
+@@ -0,0 +1,28 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory>219200</memory>
+  <currentMemory>219200</currentMemory>
+  <vcpu current='1'>2</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <cpu>
+    <topology sockets='2' cores='1' threads='1'/>
+  </cpu>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <disk type='block' device='disk'>
+      <source dev='/dev/HostVG/QEMUGuest1'/>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' unit='0'/>
+    </disk>
+    <controller type='ide' index='0'/>
+    <memballoon model='virtio'/>
+  </devices>
+</domain>
+diff --git a/tests/xml2sexprdata/xml2sexpr-pv-vcpus.xml b/tests/xml2sexprdata/xml2sexpr-pv-vcpus.xml
+new file mode 100644
+index 0000000..d061e11
+--- /dev/null
+++ b/tests/xml2sexprdata/xml2sexpr-pv-vcpus.xml
+@@ -0,0 +1,22 @@
+<domain type='xen' id='15'>
+  <name>pvtest</name>
+  <uuid>596a5d2171f48fb2e068e2386a5c413e</uuid>
+  <os>
+    <type>linux</type>
+    <kernel>/var/lib/xen/vmlinuz.2Dn2YT</kernel>
+    <initrd>/var/lib/xen/initrd.img.0u-Vhq</initrd>
+    <cmdline> method=http://download.fedora.devel.redhat.com/pub/fedora/linux/core/test/5.91/x86_64/os  </cmdline>
+  </os>
+  <memory>430080</memory>
+  <vcpu current='2'>4</vcpu>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>destroy</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <disk type='file' device='disk'>
+      <source file='/root/some.img'/>
+      <target dev='xvda'/>
+    </disk>
+    <console tty='/dev/pts/4'/>
+  </devices>
+</domain>
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0002-Step-2-of-8-Define-the-internal-driver-API.patch
+++ b/docs/api_extension/0002-Step-2-of-8-Define-the-internal-driver-API.patch
@ -1,36 +0,0 @@
-From b26d7fc2d64e7e6e4d3ea2b43361015d3620d7a6 Mon Sep 17 00:00:00 2001
-From: David Allan <dallan@redhat.com>
-Date: Tue, 19 May 2009 16:19:14 -0400
-Subject: [PATCH] Step 2 of 8 Define the internal driver API
-
---
- src/driver.h |    7 +++++++
- 1 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/src/driver.h b/src/driver.h
-index 39dc413..c357b76 100644
--- a/src/driver.h
-+++ b/src/driver.h
-@@ -684,6 +684,11 @@ typedef int (*virDevMonDeviceListCaps)(virNodeDevicePtr dev,
-                                        char **const names,
-                                        int maxnames);
- 
-+typedef virNodeDevicePtr (*virDrvNodeDeviceCreateXML)(virConnectPtr conn,
-+                                                      const char *xmlDesc,
-+                                                      unsigned int flags);
-+typedef int (*virDrvNodeDeviceDestroy)(virNodeDevicePtr dev);
-+
- /**
-  * _virDeviceMonitor:
-  *
-@@ -702,6 +707,8 @@ struct _virDeviceMonitor {
-     virDevMonDeviceGetParent deviceGetParent;
-     virDevMonDeviceNumOfCaps deviceNumOfCaps;
-     virDevMonDeviceListCaps deviceListCaps;
-+    virDrvNodeDeviceCreateXML deviceCreateXML;
-+    virDrvNodeDeviceDestroy deviceDestroy;
- };
- 
- /*
-- 
-1.6.0.6
--- a/docs/api_extension/0002-add-new-public-API.patch
+++ b/docs/api_extension/0002-add-new-public-API.patch
@ -0,0 +1,62 @@
+From ea3f5c68093429c6ad507b45689cdf209c2c257b Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Fri, 24 Sep 2010 16:48:45 -0600
+Subject: [PATCH 02/15] vcpu: add new public API
+
+API agreed on in
+https://www.redhat.com/archives/libvir-list/2010-September/msg00456.html,
+but modified for enum names to be consistent with virDomainDeviceModifyFlags.
+
+* include/libvirt/libvirt.h.in (virDomainVcpuFlags)
+(virDomainSetVcpusFlags, virDomainGetVcpusFlags): New
+declarations.
+* src/libvirt_public.syms: Export new symbols.
+---
+ include/libvirt/libvirt.h.in |   15 +++++++++++++++
+ src/libvirt_public.syms      |    2 ++
+ 2 files changed, 17 insertions(+), 0 deletions(-)
+
+diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
+index 2eba61e..d0cc4c0 100644
+--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
+@@ -915,8 +915,23 @@ struct _virVcpuInfo {
+ };
+ typedef virVcpuInfo *virVcpuInfoPtr;
+
+/* Flags for controlling virtual CPU hot-plugging.  */
+typedef enum {
+    /* Must choose at least one of these two bits; SetVcpus can choose both */
+    VIR_DOMAIN_VCPU_LIVE    = (1 << 0), /* Affect active domain */
+    VIR_DOMAIN_VCPU_CONFIG  = (1 << 1), /* Affect next boot */
+
+    /* Additional flags to be bit-wise OR'd in */
+    VIR_DOMAIN_VCPU_MAXIMUM = (1 << 2), /* Max rather than current count */
+} virDomainVcpuFlags;
+
+ int                     virDomainSetVcpus       (virDomainPtr domain,
+                                                  unsigned int nvcpus);
+int                     virDomainSetVcpusFlags  (virDomainPtr domain,
+                                                 unsigned int nvcpus,
+                                                 unsigned int flags);
+int                     virDomainGetVcpusFlags  (virDomainPtr domain,
+                                                 unsigned int flags);
+
+ int                     virDomainPinVcpu        (virDomainPtr domain,
+                                                  unsigned int vcpu,
+diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
+index fceb516..a8091b1 100644
+--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
+@@ -409,6 +409,8 @@ LIBVIRT_0.8.5 {
+     global:
+         virDomainSetMemoryParameters;
+         virDomainGetMemoryParameters;
+        virDomainGetVcpusFlags;
+        virDomainSetVcpusFlags;
+ } LIBVIRT_0.8.2;
+
+ # .... define new API here using predicted next version number ....
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0003-Step-3-of-8-Implement-the-public-API.patch
+++ b/docs/api_extension/0003-Step-3-of-8-Implement-the-public-API.patch
@ -1,119 +0,0 @@
-From fc585594a207dfb9149e7d3d01c9eb1c79b6d52d Mon Sep 17 00:00:00 2001
-From: David Allan <dallan@redhat.com>
-Date: Tue, 19 May 2009 16:22:23 -0400
-Subject: [PATCH] Step 3 of 8 Implement the public API
-
---
- src/libvirt.c |   97 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 files changed, 97 insertions(+), 0 deletions(-)
-
-diff --git a/src/libvirt.c b/src/libvirt.c
-index f3d4484..ded18a7 100644
--- a/src/libvirt.c
-+++ b/src/libvirt.c
-@@ -7509,6 +7509,103 @@ error:
- }
- 
- 
-+/**
-+ * virNodeDeviceCreateXML:
-+ * @conn: pointer to the hypervisor connection
-+ * @xmlDesc: string containing an XML description of the device to be created
-+ * @flags: callers should always pass 0
-+ *
-+ * Create a new device on the VM host machine, for example, virtual
-+ * HBAs created using vport_create.
-+ *
-+ * Returns a node device object if successful, NULL in case of failure
-+ */
-+virNodeDevicePtr
-+virNodeDeviceCreateXML(virConnectPtr conn,
-+                       const char *xmlDesc,
-+                       unsigned int flags)
-+{
-+    VIR_DEBUG("conn=%p, xmlDesc=%s, flags=%d", conn, xmlDesc, flags);
-+
-+    virResetLastError();
-+
-+    if (!VIR_IS_CONNECT(conn)) {
-+        virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__);
-+        return NULL;
-+    }
-+
-+    if (conn->flags & VIR_CONNECT_RO) {
-+        virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+        goto error;
-+    }
-+
-+    if (xmlDesc == NULL) {
-+        virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__);
-+        goto error;
-+    }
-+
-+    if (conn->deviceMonitor &&
-+        conn->deviceMonitor->deviceCreateXML) {
-+        virNodeDevicePtr dev = conn->deviceMonitor->deviceCreateXML(conn, xmlDesc, flags);
-+        if (dev == NULL)
-+            goto error;
-+        return dev;
-+    }
-+
-+    virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
-+
-+error:
-+    /* Copy to connection error object for back compatability */
-+    virSetConnError(conn);
-+    return NULL;
-+}
-+
-+
-+/**
-+ * virNodeDeviceDestroy:
-+ * @dev: a device object
-+ *
-+ * Destroy the device object. The virtual device is removed from the host operating system.
-+ * This function may require privileged access
-+ *
-+ * Returns 0 in case of success and -1 in case of failure.
-+ */
-+int
-+virNodeDeviceDestroy(virNodeDevicePtr dev)
-+{
-+    DEBUG("dev=%p", dev);
-+
-+    virResetLastError();
-+
-+    if (!VIR_IS_CONNECTED_NODE_DEVICE(dev)) {
-+        virLibNodeDeviceError(NULL, VIR_ERR_INVALID_NODE_DEVICE, __FUNCTION__);
-+        return (-1);
-+    }
-+
-+    if (dev->conn->flags & VIR_CONNECT_RO) {
-+        virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
-+        goto error;
-+    }
-+
-+    if (dev->conn->deviceMonitor &&
-+        dev->conn->deviceMonitor->deviceDestroy) {
-+        int retval = dev->conn->deviceMonitor->deviceDestroy(dev);
-+        if (retval < 0) {
-+            goto error;
-+        }
-+
-+        return 0;
-+    }
-+
-+    virLibConnError (dev->conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
-+
-+error:
-+    /* Copy to connection error object for back compatability */
-+    virSetConnError(dev->conn);
-+    return -1;
-+}
-+
-+
- /*
-  * Domain Event Notification
-  */
-- 
-1.6.0.6
--- a/docs/api_extension/0003-define-internal-driver-API.patch
+++ b/docs/api_extension/0003-define-internal-driver-API.patch
@ -0,0 +1,222 @@
+From dd255d64053e9960cd375994ce8f056522e12acc Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Mon, 27 Sep 2010 09:18:22 -0600
+Subject: [PATCH 03/15] vcpu: define internal driver API
+
+* src/driver.h (virDrvDomainSetVcpusFlags)
+(virDrvDomainGetVcpusFlags): New typedefs.
+(_virDriver): New callback members.
+* src/esx/esx_driver.c (esxDriver): Add stub for driver.
+* src/lxc/lxc_driver.c (lxcDriver): Likewise.
+* src/opennebula/one_driver.c (oneDriver): Likewise.
+* src/openvz/openvz_driver.c (openvzDriver): Likewise.
+* src/phyp/phyp_driver.c (phypDriver): Likewise.
+* src/qemu/qemu_driver.c (qemuDriver): Likewise.
+* src/remote/remote_driver.c (remote_driver): Likewise.
+* src/test/test_driver.c (testDriver): Likewise.
+* src/uml/uml_driver.c (umlDriver): Likewise.
+* src/vbox/vbox_tmpl.c (Driver): Likewise.
+* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
+* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.
+---
+ src/driver.h                |    9 +++++++++
+ src/esx/esx_driver.c        |    2 ++
+ src/lxc/lxc_driver.c        |    2 ++
+ src/opennebula/one_driver.c |    2 ++
+ src/openvz/openvz_driver.c  |    2 ++
+ src/phyp/phyp_driver.c      |    2 ++
+ src/qemu/qemu_driver.c      |    2 ++
+ src/remote/remote_driver.c  |    2 ++
+ src/test/test_driver.c      |    2 ++
+ src/uml/uml_driver.c        |    2 ++
+ src/vbox/vbox_tmpl.c        |    2 ++
+ src/xen/xen_driver.c        |    2 ++
+ src/xenapi/xenapi_driver.c  |    2 ++
+ 13 files changed, 33 insertions(+), 0 deletions(-)
+
+diff --git a/src/driver.h b/src/driver.h
+index 32aeb04..79a96c1 100644
+--- a/src/driver.h
+++ b/src/driver.h
+@@ -185,6 +185,13 @@ typedef int
+         (*virDrvDomainSetVcpus)		(virDomainPtr domain,
+                                          unsigned int nvcpus);
+ typedef int
+        (*virDrvDomainSetVcpusFlags)	(virDomainPtr domain,
+                                         unsigned int nvcpus,
+                                         unsigned int flags);
+typedef int
+        (*virDrvDomainGetVcpusFlags)	(virDomainPtr domain,
+                                         unsigned int flags);
+typedef int
+         (*virDrvDomainPinVcpu)		(virDomainPtr domain,
+                                          unsigned int vcpu,
+                                          unsigned char *cpumap,
+@@ -520,6 +527,8 @@ struct _virDriver {
+     virDrvDomainRestore		domainRestore;
+     virDrvDomainCoreDump		domainCoreDump;
+     virDrvDomainSetVcpus		domainSetVcpus;
+    virDrvDomainSetVcpusFlags		domainSetVcpusFlags;
+    virDrvDomainGetVcpusFlags		domainGetVcpusFlags;
+     virDrvDomainPinVcpu		domainPinVcpu;
+     virDrvDomainGetVcpus		domainGetVcpus;
+     virDrvDomainGetMaxVcpus		domainGetMaxVcpus;
+diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
+index 1b4ee29..2a32374 100644
+--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
+@@ -4160,6 +4160,8 @@ static virDriver esxDriver = {
+     NULL,                            /* domainRestore */
+     NULL,                            /* domainCoreDump */
+     esxDomainSetVcpus,               /* domainSetVcpus */
+    NULL,                            /* domainSetVcpusFlags */
+    NULL,                            /* domainGetVcpusFlags */
+     NULL,                            /* domainPinVcpu */
+     NULL,                            /* domainGetVcpus */
+     esxDomainGetMaxVcpus,            /* domainGetMaxVcpus */
+diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
+index df814da..7563a8c 100644
+--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
+@@ -2768,6 +2768,8 @@ static virDriver lxcDriver = {
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+     NULL, /* domainSetVcpus */
+    NULL, /* domainSetVcpusFlags */
+    NULL, /* domainGetVcpusFlags */
+     NULL, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+     NULL, /* domainGetMaxVcpus */
+diff --git a/src/opennebula/one_driver.c b/src/opennebula/one_driver.c
+index ced9a38..199fca3 100644
+--- a/src/opennebula/one_driver.c
+++ b/src/opennebula/one_driver.c
+@@ -751,6 +751,8 @@ static virDriver oneDriver = {
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+     NULL, /* domainSetVcpus */
+    NULL, /* domainSetVcpusFlags */
+    NULL, /* domainGetVcpusFlags */
+     NULL, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+     NULL, /* domainGetMaxVcpus */
+diff --git a/src/openvz/openvz_driver.c b/src/openvz/openvz_driver.c
+index 92cf4a1..9d19aeb 100644
+--- a/src/openvz/openvz_driver.c
+++ b/src/openvz/openvz_driver.c
+@@ -1590,6 +1590,8 @@ static virDriver openvzDriver = {
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+     openvzDomainSetVcpus, /* domainSetVcpus */
+    NULL, /* domainSetVcpusFlags */
+    NULL, /* domainGetVcpusFlags */
+     NULL, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+     openvzDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/phyp/phyp_driver.c b/src/phyp/phyp_driver.c
+index e63d8d9..6e0a5e9 100644
+--- a/src/phyp/phyp_driver.c
+++ b/src/phyp/phyp_driver.c
+@@ -3941,6 +3941,8 @@ static virDriver phypDriver = {
+     NULL,                       /* domainRestore */
+     NULL,                       /* domainCoreDump */
+     phypDomainSetCPU,           /* domainSetVcpus */
+    NULL,                       /* domainSetVcpusFlags */
+    NULL,                       /* domainGetVcpusFlags */
+     NULL,                       /* domainPinVcpu */
+     NULL,                       /* domainGetVcpus */
+     phypGetLparCPUMAX,          /* domainGetMaxVcpus */
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index abd8e9d..3d17e04 100644
+--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
+@@ -12938,6 +12938,8 @@ static virDriver qemuDriver = {
+     qemudDomainRestore, /* domainRestore */
+     qemudDomainCoreDump, /* domainCoreDump */
+     qemudDomainSetVcpus, /* domainSetVcpus */
+    NULL, /* domainSetVcpusFlags */
+    NULL, /* domainGetVcpusFlags */
+     qemudDomainPinVcpu, /* domainPinVcpu */
+     qemudDomainGetVcpus, /* domainGetVcpus */
+     qemudDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
+index 0b10406..1a687ad 100644
+--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
+@@ -10468,6 +10468,8 @@ static virDriver remote_driver = {
+     remoteDomainRestore, /* domainRestore */
+     remoteDomainCoreDump, /* domainCoreDump */
+     remoteDomainSetVcpus, /* domainSetVcpus */
+    NULL, /* domainSetVcpusFlags */
+    NULL, /* domainGetVcpusFlags */
+     remoteDomainPinVcpu, /* domainPinVcpu */
+     remoteDomainGetVcpus, /* domainGetVcpus */
+     remoteDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/test/test_driver.c b/src/test/test_driver.c
+index 7d4d119..6a00558 100644
+--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
+@@ -5260,6 +5260,8 @@ static virDriver testDriver = {
+     testDomainRestore, /* domainRestore */
+     testDomainCoreDump, /* domainCoreDump */
+     testSetVcpus, /* domainSetVcpus */
+    NULL, /* domainSetVcpusFlags */
+    NULL, /* domainGetVcpusFlags */
+     testDomainPinVcpu, /* domainPinVcpu */
+     testDomainGetVcpus, /* domainGetVcpus */
+     testDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c
+index 3dcd321..5161012 100644
+--- a/src/uml/uml_driver.c
+++ b/src/uml/uml_driver.c
+@@ -2129,6 +2129,8 @@ static virDriver umlDriver = {
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+     NULL, /* domainSetVcpus */
+    NULL, /* domainSetVcpusFlags */
+    NULL, /* domainGetVcpusFlags */
+     NULL, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+     NULL, /* domainGetMaxVcpus */
+diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c
+index 7e7d8e4..cb9193a 100644
+--- a/src/vbox/vbox_tmpl.c
+++ b/src/vbox/vbox_tmpl.c
+@@ -8267,6 +8267,8 @@ virDriver NAME(Driver) = {
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+     vboxDomainSetVcpus, /* domainSetVcpus */
+    NULL, /* domainSetVcpusFlags */
+    NULL, /* domainGetVcpusFlags */
+     NULL, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+     vboxDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
+index c2a4de3..7d67ced 100644
+--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
+@@ -1951,6 +1951,8 @@ static virDriver xenUnifiedDriver = {
+     xenUnifiedDomainRestore, /* domainRestore */
+     xenUnifiedDomainCoreDump, /* domainCoreDump */
+     xenUnifiedDomainSetVcpus, /* domainSetVcpus */
+    NULL, /* domainSetVcpusFlags */
+    NULL, /* domainGetVcpusFlags */
+     xenUnifiedDomainPinVcpu, /* domainPinVcpu */
+     xenUnifiedDomainGetVcpus, /* domainGetVcpus */
+     xenUnifiedDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/xenapi/xenapi_driver.c b/src/xenapi/xenapi_driver.c
+index e62a139..753169c 100644
+--- a/src/xenapi/xenapi_driver.c
+++ b/src/xenapi/xenapi_driver.c
+@@ -1754,6 +1754,8 @@ static virDriver xenapiDriver = {
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+     xenapiDomainSetVcpus, /* domainSetVcpus */
+    NULL, /* domainSetVcpusFlags */
+    NULL, /* domainGetVcpusFlags */
+     xenapiDomainPinVcpu, /* domainPinVcpu */
+     xenapiDomainGetVcpus, /* domainGetVcpus */
+     xenapiDomainGetMaxVcpus, /* domainGetMaxVcpus */
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0004-Step-4-of-8-Define-the-wire-protocol-format.patch
+++ b/docs/api_extension/0004-Step-4-of-8-Define-the-wire-protocol-format.patch
@ -1,47 +0,0 @@
-From bce8f1243b0454c0d70e3db832a039d22faab09a Mon Sep 17 00:00:00 2001
-From: David Allan <dallan@redhat.com>
-Date: Wed, 20 May 2009 13:58:58 -0400
-Subject: [PATCH] Step 4 of 8 Define the wire protocol format
-
---
- qemud/remote_protocol.x |   18 +++++++++++++++++-
- 1 files changed, 17 insertions(+), 1 deletions(-)
-
-diff --git a/qemud/remote_protocol.x b/qemud/remote_protocol.x
-index 2d8e6a2..2c79949 100644
--- a/qemud/remote_protocol.x
-+++ b/qemud/remote_protocol.x
-@@ -1109,6 +1109,19 @@ struct remote_node_device_reset_args {
-     remote_nonnull_string name;
- };
- 
-+struct remote_node_device_create_xml_args {
-+    remote_nonnull_string xml_desc;
-+    int flags;
-+};
-+
-+struct remote_node_device_create_xml_ret {
-+    remote_nonnull_node_device dev;
-+};
-+
-+struct remote_node_device_destroy_args {
-+    remote_nonnull_string name;
-+};
-+
- 
- /**
-  * Events Register/Deregister:
-@@ -1270,7 +1283,10 @@ enum remote_procedure {
-     REMOTE_PROC_NODE_DEVICE_RESET = 120,
- 
-     REMOTE_PROC_DOMAIN_GET_SECURITY_LABEL = 121,
-    REMOTE_PROC_NODE_GET_SECURITY_MODEL = 122
-+    REMOTE_PROC_NODE_GET_SECURITY_MODEL = 122,
-+
-+    REMOTE_PROC_NODE_DEVICE_CREATE_XML = 123,
-+    REMOTE_PROC_NODE_DEVICE_DESTROY = 124
- };
- 
- /* Custom RPC structure. */
-- 
-1.6.0.6
--- a/docs/api_extension/0004-implement-the-public-APIs.patch
+++ b/docs/api_extension/0004-implement-the-public-APIs.patch
@ -0,0 +1,188 @@
+From 9d2c60799271d605f82dfd4bfa6ed7d14ad87e26 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Mon, 27 Sep 2010 09:37:22 -0600
+Subject: [PATCH 04/15] vcpu: implement the public APIs
+
+Factors common checks (such as nonzero vcpu count) up front, but
+drivers will still need to do additional flag checks.
+
+* src/libvirt.c (virDomainSetVcpusFlags, virDomainGetVcpusFlags):
+New functions.
+(virDomainSetVcpus, virDomainGetMaxVcpus): Refer to new API.
+---
+ src/libvirt.c |  140 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 files changed, 134 insertions(+), 6 deletions(-)
+
+diff --git a/src/libvirt.c b/src/libvirt.c
+index 629d97b..1b39210 100644
+--- a/src/libvirt.c
+++ b/src/libvirt.c
+@@ -5192,7 +5192,9 @@ error:
+  * This function requires privileged access to the hypervisor.
+  *
+  * This command only changes the runtime configuration of the domain,
+- * so can only be called on an active domain.
+ * so can only be called on an active domain.  It is hypervisor-dependent
+ * whether it also affects persistent configuration; for more control,
+ * use virDomainSetVcpusFlags().
+  *
+  * Returns 0 in case of success, -1 in case of failure.
+  */
+@@ -5237,13 +5239,139 @@ error:
+ }
+
+ /**
+ * virDomainSetVcpusFlags:
+ * @domain: pointer to domain object, or NULL for Domain0
+ * @nvcpus: the new number of virtual CPUs for this domain, must be at least 1
+ * @flags: an OR'ed set of virDomainVcpuFlags
+ *
+ * Dynamically change the number of virtual CPUs used by the domain.
+ * Note that this call may fail if the underlying virtualization hypervisor
+ * does not support it or if growing the number is arbitrary limited.
+ * This function requires privileged access to the hypervisor.
+ *
+ * @flags must include VIR_DOMAIN_VCPU_LIVE to affect a running
+ * domain (which may fail if domain is not active), or
+ * VIR_DOMAIN_VCPU_CONFIG to affect the next boot via the XML
+ * description of the domain.  Both flags may be set.
+ *
+ * If @flags includes VIR_DOMAIN_VCPU_MAXIMUM, then
+ * VIR_DOMAIN_VCPU_LIVE must be clear, and only the maximum virtual
+ * CPU limit is altered; generally, this value must be less than or
+ * equal to virConnectGetMaxVcpus().  Otherwise, this call affects the
+ * current virtual CPU limit, which must be less than or equal to the
+ * maximum limit.
+ *
+ * Returns 0 in case of success, -1 in case of failure.
+ */
+
+int
+virDomainSetVcpusFlags(virDomainPtr domain, unsigned int nvcpus,
+                       unsigned int flags)
+{
+    virConnectPtr conn;
+    DEBUG("domain=%p, nvcpus=%u, flags=%u", domain, nvcpus, flags);
+
+    virResetLastError();
+
+    if (!VIR_IS_CONNECTED_DOMAIN(domain)) {
+        virLibDomainError(NULL, VIR_ERR_INVALID_DOMAIN, __FUNCTION__);
+        virDispatchError(NULL);
+        return (-1);
+    }
+    if (domain->conn->flags & VIR_CONNECT_RO) {
+        virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
+
+    /* Perform some argument validation common to all implementations.  */
+    if (nvcpus < 1 || (unsigned short) nvcpus != nvcpus ||
+        (flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) == 0) {
+        virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__);
+        goto error;
+    }
+    conn = domain->conn;
+
+    if (conn->driver->domainSetVcpusFlags) {
+        int ret;
+        ret = conn->driver->domainSetVcpusFlags (domain, nvcpus, flags);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+
+    virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+    virDispatchError(domain->conn);
+    return -1;
+}
+
+/**
+ * virDomainGetVcpusFlags:
+ * @domain: pointer to domain object, or NULL for Domain0
+ * @flags: an OR'ed set of virDomainVcpuFlags
+ *
+ * Query the number of virtual CPUs used by the domain.  Note that
+ * this call may fail if the underlying virtualization hypervisor does
+ * not support it.  This function requires privileged access to the
+ * hypervisor.
+ *
+ * @flags must include either VIR_DOMAIN_VCPU_ACTIVE to query a
+ * running domain (which will fail if domain is not active), or
+ * VIR_DOMAIN_VCPU_PERSISTENT to query the XML description of the
+ * domain.  It is an error to set both flags.
+ *
+ * If @flags includes VIR_DOMAIN_VCPU_MAXIMUM, then the maximum
+ * virtual CPU limit is queried.  Otherwise, this call queries the
+ * current virtual CPU limit.
+ *
+ * Returns 0 in case of success, -1 in case of failure.
+ */
+
+int
+virDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags)
+{
+    virConnectPtr conn;
+    DEBUG("domain=%p, flags=%u", domain, flags);
+
+    virResetLastError();
+
+    if (!VIR_IS_CONNECTED_DOMAIN(domain)) {
+        virLibDomainError(NULL, VIR_ERR_INVALID_DOMAIN, __FUNCTION__);
+        virDispatchError(NULL);
+        return (-1);
+    }
+
+    /* Exactly one of these two flags should be set.  */
+    if (!(flags & VIR_DOMAIN_VCPU_LIVE) == !(flags & VIR_DOMAIN_VCPU_CONFIG)) {
+        virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__);
+        goto error;
+    }
+    conn = domain->conn;
+
+    if (conn->driver->domainGetVcpusFlags) {
+        int ret;
+        ret = conn->driver->domainGetVcpusFlags (domain, flags);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+
+    virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+    virDispatchError(domain->conn);
+    return -1;
+}
+
+/**
+  * virDomainPinVcpu:
+  * @domain: pointer to domain object, or NULL for Domain0
+  * @vcpu: virtual CPU number
+  * @cpumap: pointer to a bit map of real CPUs (in 8-bit bytes) (IN)
+- * 	Each bit set to 1 means that corresponding CPU is usable.
+- * 	Bytes are stored in little-endian order: CPU0-7, 8-15...
+- * 	In each byte, lowest CPU number is least significant bit.
+ *      Each bit set to 1 means that corresponding CPU is usable.
+ *      Bytes are stored in little-endian order: CPU0-7, 8-15...
+ *      In each byte, lowest CPU number is least significant bit.
+  * @maplen: number of bytes in cpumap, from 1 up to size of CPU map in
+  *	underlying virtualization system (Xen...).
+  *	If maplen < size, missing bytes are set to zero.
+@@ -5371,9 +5499,9 @@ error:
+  *
+  * Provides the maximum number of virtual CPUs supported for
+  * the guest VM. If the guest is inactive, this is basically
+- * the same as virConnectGetMaxVcpus. If the guest is running
+ * the same as virConnectGetMaxVcpus(). If the guest is running
+  * this will reflect the maximum number of virtual CPUs the
+- * guest was booted with.
+ * guest was booted with.  For more details, see virDomainGetVcpusFlags().
+  *
+  * Returns the maximum of virtual CPU or -1 in case of error.
+  */
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0005-Step-5-of-8-Implement-the-RPC-client.patch
+++ b/docs/api_extension/0005-Step-5-of-8-Implement-the-RPC-client.patch
@ -1,84 +0,0 @@
-From ff272552c297966ace3492aefe91fc830152251a Mon Sep 17 00:00:00 2001
-From: David Allan <dallan@redhat.com>
-Date: Tue, 19 May 2009 16:26:12 -0400
-Subject: [PATCH] Step 5 of 8 Implement the RPC client
-
---
- src/remote_internal.c |   55 +++++++++++++++++++++++++++++++++++++++++++++++++
- 1 files changed, 55 insertions(+), 0 deletions(-)
-
-diff --git a/src/remote_internal.c b/src/remote_internal.c
-index 4b3afb0..e665ef8 100644
--- a/src/remote_internal.c
-+++ b/src/remote_internal.c
-@@ -4978,6 +4978,59 @@ done:
- }
- 
- 
-+static virNodeDevicePtr
-+remoteNodeDeviceCreateXML(virConnectPtr conn,
-+                          const char *xmlDesc,
-+                          unsigned int flags)
-+{
-+    remote_node_device_create_xml_args args;
-+    remote_node_device_create_xml_ret ret;
-+    virNodeDevicePtr dev = NULL;
-+    struct private_data *priv = conn->privateData;
-+
-+    remoteDriverLock(priv);
-+
-+    memset(&ret, 0, sizeof ret);
-+    args.xml_desc = (char *)xmlDesc;
-+    args.flags = flags;
-+
-+    if (call(conn, priv, 0, REMOTE_PROC_NODE_DEVICE_CREATE_XML,
-+             (xdrproc_t) xdr_remote_node_device_create_xml_args, (char *) &args,
-+             (xdrproc_t) xdr_remote_node_device_create_xml_ret, (char *) &ret) == -1)
-+        goto done;
-+
-+    dev = get_nonnull_node_device(conn, ret.dev);
-+    xdr_free ((xdrproc_t) xdr_remote_node_device_create_xml_ret, (char *) &ret);
-+
-+done:
-+    remoteDriverUnlock(priv);
-+    return dev;
-+}
-+
-+static int
-+remoteNodeDeviceDestroy(virNodeDevicePtr dev)
-+{
-+    int rv = -1;
-+    remote_node_device_destroy_args args;
-+    struct private_data *priv = dev->conn->privateData;
-+
-+    remoteDriverLock(priv);
-+
-+    args.name = dev->name;
-+
-+    if (call(dev->conn, priv, 0, REMOTE_PROC_NODE_DEVICE_DESTROY,
-+             (xdrproc_t) xdr_remote_node_device_destroy_args, (char *) &args,
-+             (xdrproc_t) xdr_void, (char *) NULL) == -1)
-+        goto done;
-+
-+    rv = 0;
-+
-+done:
-+    remoteDriverUnlock(priv);
-+    return rv;
-+}
-+
-+
- /*----------------------------------------------------------------------*/
- 
- static int
-@@ -6982,6 +7035,8 @@ static virDeviceMonitor dev_monitor = {
-     .deviceGetParent = remoteNodeDeviceGetParent,
-     .deviceNumOfCaps = remoteNodeDeviceNumOfCaps,
-     .deviceListCaps = remoteNodeDeviceListCaps,
-+    .deviceCreateXML = remoteNodeDeviceCreateXML,
-+    .deviceDestroy = remoteNodeDeviceDestroy
- };
- 
- 
-- 
-1.6.0.6
--- a/docs/api_extension/0005-implement-the-remote-protocol.patch
+++ b/docs/api_extension/0005-implement-the-remote-protocol.patch
@ -0,0 +1,421 @@
+From eb826444f90c2563dadf148630b0cd6a9b41ba1e Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Mon, 27 Sep 2010 10:10:06 -0600
+Subject: [PATCH 05/15] vcpu: implement the remote protocol
+
+Done by editing the first three files, then running
+'make -C src rpcgen', then editing src/remote_protocol-structs
+to match.
+
+* daemon/remote.c (remoteDispatchDomainSetVcpusFlags)
+(remoteDispatchDomainGetVcpusFlags): New functions.
+* src/remote/remote_driver.c (remoteDomainSetVcpusFlags)
+(remoteDomainGetVcpusFlags, remote_driver): Client side
+serialization.
+* src/remote/remote_protocol.x
+(remote_domain_set_vcpus_flags_args)
+(remote_domain_get_vcpus_flags_args)
+(remote_domain_get_vcpus_flags_ret)
+(REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
+(REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS): Define wire format.
+* daemon/remote_dispatch_args.h: Regenerate.
+* daemon/remote_dispatch_prototypes.h: Likewise.
+* daemon/remote_dispatch_table.h: Likewise.
+* src/remote/remote_protocol.c: Likewise.
+* src/remote/remote_protocol.h: Likewise.
+* src/remote_protocol-structs: Likewise.
+---
+ daemon/remote.c                     |   53 ++++++++++++++++++++++++++++++++
+ daemon/remote_dispatch_args.h       |    2 +
+ daemon/remote_dispatch_prototypes.h |   16 ++++++++++
+ daemon/remote_dispatch_ret.h        |    1 +
+ daemon/remote_dispatch_table.h      |   10 ++++++
+ src/remote/remote_driver.c          |   57 +++++++++++++++++++++++++++++++++-
+ src/remote/remote_protocol.c        |   33 ++++++++++++++++++++
+ src/remote/remote_protocol.h        |   26 ++++++++++++++++
+ src/remote/remote_protocol.x        |   19 +++++++++++-
+ src/remote_protocol-structs         |   12 +++++++
+ 10 files changed, 226 insertions(+), 3 deletions(-)
+
+diff --git a/daemon/remote.c b/daemon/remote.c
+index 7a96e29..323f00c 100644
+--- a/daemon/remote.c
+++ b/daemon/remote.c
+@@ -1751,6 +1751,33 @@ oom:
+ }
+
+ static int
+remoteDispatchDomainGetVcpusFlags (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client ATTRIBUTE_UNUSED,
+                                   virConnectPtr conn,
+                                   remote_message_header *hdr ATTRIBUTE_UNUSED,
+                                   remote_error *rerr,
+                                   remote_domain_get_vcpus_flags_args *args,
+                                   remote_domain_get_vcpus_flags_ret *ret)
+{
+    virDomainPtr dom;
+
+    dom = get_nonnull_domain (conn, args->dom);
+    if (dom == NULL) {
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+
+    ret->num = virDomainGetVcpusFlags (dom, args->flags);
+    if (ret->num == -1) {
+        virDomainFree(dom);
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+    virDomainFree(dom);
+    return 0;
+}
+
+static int
+ remoteDispatchDomainMigratePrepare (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                     struct qemud_client *client ATTRIBUTE_UNUSED,
+                                     virConnectPtr conn,
+@@ -2568,6 +2595,32 @@ remoteDispatchDomainSetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
+ }
+
+ static int
+remoteDispatchDomainSetVcpusFlags (struct qemud_server *server ATTRIBUTE_UNUSED,
+                                   struct qemud_client *client ATTRIBUTE_UNUSED,
+                                   virConnectPtr conn,
+                                   remote_message_header *hdr ATTRIBUTE_UNUSED,
+                                   remote_error *rerr,
+                                   remote_domain_set_vcpus_flags_args *args,
+                                   void *ret ATTRIBUTE_UNUSED)
+{
+    virDomainPtr dom;
+
+    dom = get_nonnull_domain (conn, args->dom);
+    if (dom == NULL) {
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+
+    if (virDomainSetVcpusFlags (dom, args->nvcpus, args->flags) == -1) {
+        virDomainFree(dom);
+        remoteDispatchConnError(rerr, conn);
+        return -1;
+    }
+    virDomainFree(dom);
+    return 0;
+}
+
+static int
+ remoteDispatchDomainShutdown (struct qemud_server *server ATTRIBUTE_UNUSED,
+                               struct qemud_client *client ATTRIBUTE_UNUSED,
+                               virConnectPtr conn,
+diff --git a/daemon/remote_dispatch_args.h b/daemon/remote_dispatch_args.h
+index d8528b6..9583e9c 100644
+--- a/daemon/remote_dispatch_args.h
+++ b/daemon/remote_dispatch_args.h
+@@ -167,3 +167,5 @@
+     remote_domain_create_with_flags_args val_remote_domain_create_with_flags_args;
+     remote_domain_set_memory_parameters_args val_remote_domain_set_memory_parameters_args;
+     remote_domain_get_memory_parameters_args val_remote_domain_get_memory_parameters_args;
+    remote_domain_set_vcpus_flags_args val_remote_domain_set_vcpus_flags_args;
+    remote_domain_get_vcpus_flags_args val_remote_domain_get_vcpus_flags_args;
+diff --git a/daemon/remote_dispatch_prototypes.h b/daemon/remote_dispatch_prototypes.h
+index b674bb4..6b35851 100644
+--- a/daemon/remote_dispatch_prototypes.h
+++ b/daemon/remote_dispatch_prototypes.h
+@@ -306,6 +306,14 @@ static int remoteDispatchDomainGetVcpus(
+     remote_error *err,
+     remote_domain_get_vcpus_args *args,
+     remote_domain_get_vcpus_ret *ret);
+static int remoteDispatchDomainGetVcpusFlags(
+    struct qemud_server *server,
+    struct qemud_client *client,
+    virConnectPtr conn,
+    remote_message_header *hdr,
+    remote_error *err,
+    remote_domain_get_vcpus_flags_args *args,
+    remote_domain_get_vcpus_flags_ret *ret);
+ static int remoteDispatchDomainHasCurrentSnapshot(
+     struct qemud_server *server,
+     struct qemud_client *client,
+@@ -554,6 +562,14 @@ static int remoteDispatchDomainSetVcpus(
+     remote_error *err,
+     remote_domain_set_vcpus_args *args,
+     void *ret);
+static int remoteDispatchDomainSetVcpusFlags(
+    struct qemud_server *server,
+    struct qemud_client *client,
+    virConnectPtr conn,
+    remote_message_header *hdr,
+    remote_error *err,
+    remote_domain_set_vcpus_flags_args *args,
+    void *ret);
+ static int remoteDispatchDomainShutdown(
+     struct qemud_server *server,
+     struct qemud_client *client,
+diff --git a/daemon/remote_dispatch_ret.h b/daemon/remote_dispatch_ret.h
+index 17c9bca..3723b00 100644
+--- a/daemon/remote_dispatch_ret.h
+++ b/daemon/remote_dispatch_ret.h
+@@ -136,3 +136,4 @@
+     remote_domain_get_block_info_ret val_remote_domain_get_block_info_ret;
+     remote_domain_create_with_flags_ret val_remote_domain_create_with_flags_ret;
+     remote_domain_get_memory_parameters_ret val_remote_domain_get_memory_parameters_ret;
+    remote_domain_get_vcpus_flags_ret val_remote_domain_get_vcpus_flags_ret;
+diff --git a/daemon/remote_dispatch_table.h b/daemon/remote_dispatch_table.h
+index 47d95eb..dd2adc7 100644
+--- a/daemon/remote_dispatch_table.h
+++ b/daemon/remote_dispatch_table.h
+@@ -997,3 +997,13 @@
+     .args_filter = (xdrproc_t) xdr_remote_domain_get_memory_parameters_args,
+     .ret_filter = (xdrproc_t) xdr_remote_domain_get_memory_parameters_ret,
+ },
+{   /* DomainSetVcpusFlags => 199 */
+    .fn = (dispatch_fn) remoteDispatchDomainSetVcpusFlags,
+    .args_filter = (xdrproc_t) xdr_remote_domain_set_vcpus_flags_args,
+    .ret_filter = (xdrproc_t) xdr_void,
+},
+{   /* DomainGetVcpusFlags => 200 */
+    .fn = (dispatch_fn) remoteDispatchDomainGetVcpusFlags,
+    .args_filter = (xdrproc_t) xdr_remote_domain_get_vcpus_flags_args,
+    .ret_filter = (xdrproc_t) xdr_remote_domain_get_vcpus_flags_ret,
+},
+diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
+index 1a687ad..37c37ef 100644
+--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
+@@ -2580,6 +2580,59 @@ done:
+ }
+
+ static int
+remoteDomainSetVcpusFlags (virDomainPtr domain, unsigned int nvcpus,
+                           unsigned int flags)
+{
+    int rv = -1;
+    remote_domain_set_vcpus_flags_args args;
+    struct private_data *priv = domain->conn->privateData;
+
+    remoteDriverLock(priv);
+
+    make_nonnull_domain (&args.dom, domain);
+    args.nvcpus = nvcpus;
+    args.flags = flags;
+
+    if (call (domain->conn, priv, 0, REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS,
+              (xdrproc_t) xdr_remote_domain_set_vcpus_flags_args,
+              (char *) &args,
+              (xdrproc_t) xdr_void, (char *) NULL) == -1)
+        goto done;
+
+    rv = 0;
+
+done:
+    remoteDriverUnlock(priv);
+    return rv;
+}
+
+static int
+remoteDomainGetVcpusFlags (virDomainPtr domain, unsigned int flags)
+{
+    int rv = -1;
+    remote_domain_get_vcpus_flags_args args;
+    remote_domain_get_vcpus_flags_ret ret;
+    struct private_data *priv = domain->conn->privateData;
+
+    remoteDriverLock(priv);
+
+    make_nonnull_domain (&args.dom, domain);
+    args.flags = flags;
+
+    memset (&ret, 0, sizeof ret);
+    if (call (domain->conn, priv, 0, REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS,
+              (xdrproc_t) xdr_remote_domain_get_vcpus_flags_args, (char *) &args,
+              (xdrproc_t) xdr_remote_domain_get_vcpus_flags_ret, (char *) &ret) == -1)
+        goto done;
+
+    rv = ret.num;
+
+done:
+    remoteDriverUnlock(priv);
+    return rv;
+}
+
+static int
+ remoteDomainPinVcpu (virDomainPtr domain,
+                      unsigned int vcpu,
+                      unsigned char *cpumap,
+@@ -10468,8 +10521,8 @@ static virDriver remote_driver = {
+     remoteDomainRestore, /* domainRestore */
+     remoteDomainCoreDump, /* domainCoreDump */
+     remoteDomainSetVcpus, /* domainSetVcpus */
+-    NULL, /* domainSetVcpusFlags */
+-    NULL, /* domainGetVcpusFlags */
+    remoteDomainSetVcpusFlags, /* domainSetVcpusFlags */
+    remoteDomainGetVcpusFlags, /* domainGetVcpusFlags */
+     remoteDomainPinVcpu, /* domainPinVcpu */
+     remoteDomainGetVcpus, /* domainGetVcpus */
+     remoteDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/remote/remote_protocol.c b/src/remote/remote_protocol.c
+index 5c55713..38ea050 100644
+--- a/src/remote/remote_protocol.c
+++ b/src/remote/remote_protocol.c
+@@ -1355,6 +1355,39 @@ xdr_remote_domain_set_vcpus_args (XDR *xdrs, remote_domain_set_vcpus_args *objp)
+ }
+
+ bool_t
+xdr_remote_domain_set_vcpus_flags_args (XDR *xdrs, remote_domain_set_vcpus_flags_args *objp)
+{
+
+         if (!xdr_remote_nonnull_domain (xdrs, &objp->dom))
+                 return FALSE;
+         if (!xdr_u_int (xdrs, &objp->nvcpus))
+                 return FALSE;
+         if (!xdr_u_int (xdrs, &objp->flags))
+                 return FALSE;
+        return TRUE;
+}
+
+bool_t
+xdr_remote_domain_get_vcpus_flags_args (XDR *xdrs, remote_domain_get_vcpus_flags_args *objp)
+{
+
+         if (!xdr_remote_nonnull_domain (xdrs, &objp->dom))
+                 return FALSE;
+         if (!xdr_u_int (xdrs, &objp->flags))
+                 return FALSE;
+        return TRUE;
+}
+
+bool_t
+xdr_remote_domain_get_vcpus_flags_ret (XDR *xdrs, remote_domain_get_vcpus_flags_ret *objp)
+{
+
+         if (!xdr_int (xdrs, &objp->num))
+                 return FALSE;
+        return TRUE;
+}
+
+bool_t
+ xdr_remote_domain_pin_vcpu_args (XDR *xdrs, remote_domain_pin_vcpu_args *objp)
+ {
+         char **objp_cpp0 = (char **) (void *) &objp->cpumap.cpumap_val;
+diff --git a/src/remote/remote_protocol.h b/src/remote/remote_protocol.h
+index 756da11..d75e76c 100644
+--- a/src/remote/remote_protocol.h
+++ b/src/remote/remote_protocol.h
+@@ -750,6 +750,24 @@ struct remote_domain_set_vcpus_args {
+ };
+ typedef struct remote_domain_set_vcpus_args remote_domain_set_vcpus_args;
+
+struct remote_domain_set_vcpus_flags_args {
+        remote_nonnull_domain dom;
+        u_int nvcpus;
+        u_int flags;
+};
+typedef struct remote_domain_set_vcpus_flags_args remote_domain_set_vcpus_flags_args;
+
+struct remote_domain_get_vcpus_flags_args {
+        remote_nonnull_domain dom;
+        u_int flags;
+};
+typedef struct remote_domain_get_vcpus_flags_args remote_domain_get_vcpus_flags_args;
+
+struct remote_domain_get_vcpus_flags_ret {
+        int num;
+};
+typedef struct remote_domain_get_vcpus_flags_ret remote_domain_get_vcpus_flags_ret;
+
+ struct remote_domain_pin_vcpu_args {
+         remote_nonnull_domain dom;
+         int vcpu;
+@@ -2281,6 +2299,8 @@ enum remote_procedure {
+         REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS = 196,
+         REMOTE_PROC_DOMAIN_SET_MEMORY_PARAMETERS = 197,
+         REMOTE_PROC_DOMAIN_GET_MEMORY_PARAMETERS = 198,
+        REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS = 199,
+        REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS = 200,
+ };
+ typedef enum remote_procedure remote_procedure;
+
+@@ -2422,6 +2442,9 @@ extern  bool_t xdr_remote_domain_define_xml_args (XDR *, remote_domain_define_xm
+ extern  bool_t xdr_remote_domain_define_xml_ret (XDR *, remote_domain_define_xml_ret*);
+ extern  bool_t xdr_remote_domain_undefine_args (XDR *, remote_domain_undefine_args*);
+ extern  bool_t xdr_remote_domain_set_vcpus_args (XDR *, remote_domain_set_vcpus_args*);
+extern  bool_t xdr_remote_domain_set_vcpus_flags_args (XDR *, remote_domain_set_vcpus_flags_args*);
+extern  bool_t xdr_remote_domain_get_vcpus_flags_args (XDR *, remote_domain_get_vcpus_flags_args*);
+extern  bool_t xdr_remote_domain_get_vcpus_flags_ret (XDR *, remote_domain_get_vcpus_flags_ret*);
+ extern  bool_t xdr_remote_domain_pin_vcpu_args (XDR *, remote_domain_pin_vcpu_args*);
+ extern  bool_t xdr_remote_domain_get_vcpus_args (XDR *, remote_domain_get_vcpus_args*);
+ extern  bool_t xdr_remote_domain_get_vcpus_ret (XDR *, remote_domain_get_vcpus_ret*);
+@@ -2762,6 +2785,9 @@ extern bool_t xdr_remote_domain_define_xml_args ();
+ extern bool_t xdr_remote_domain_define_xml_ret ();
+ extern bool_t xdr_remote_domain_undefine_args ();
+ extern bool_t xdr_remote_domain_set_vcpus_args ();
+extern bool_t xdr_remote_domain_set_vcpus_flags_args ();
+extern bool_t xdr_remote_domain_get_vcpus_flags_args ();
+extern bool_t xdr_remote_domain_get_vcpus_flags_ret ();
+ extern bool_t xdr_remote_domain_pin_vcpu_args ();
+ extern bool_t xdr_remote_domain_get_vcpus_args ();
+ extern bool_t xdr_remote_domain_get_vcpus_ret ();
+diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
+index e80fb5f..d57e6d0 100644
+--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
+@@ -768,6 +768,21 @@ struct remote_domain_set_vcpus_args {
+     int nvcpus;
+ };
+
+struct remote_domain_set_vcpus_flags_args {
+    remote_nonnull_domain dom;
+    unsigned int nvcpus;
+    unsigned int flags;
+};
+
+struct remote_domain_get_vcpus_flags_args {
+    remote_nonnull_domain dom;
+    unsigned int flags;
+};
+
+struct remote_domain_get_vcpus_flags_ret {
+    int num;
+};
+
+ struct remote_domain_pin_vcpu_args {
+     remote_nonnull_domain dom;
+     int vcpu;
+@@ -2062,7 +2077,9 @@ enum remote_procedure {
+     REMOTE_PROC_DOMAIN_EVENT_IO_ERROR_REASON = 195,
+     REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS = 196,
+     REMOTE_PROC_DOMAIN_SET_MEMORY_PARAMETERS = 197,
+-    REMOTE_PROC_DOMAIN_GET_MEMORY_PARAMETERS = 198
+    REMOTE_PROC_DOMAIN_GET_MEMORY_PARAMETERS = 198,
+    REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS = 199,
+    REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS = 200
+
+     /*
+      * Notice how the entries are grouped in sets of 10 ?
+diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs
+index 838423e..d505886 100644
+--- a/src/remote_protocol-structs
+++ b/src/remote_protocol-structs
+@@ -461,6 +461,18 @@ struct remote_domain_set_vcpus_args {
+ 	remote_nonnull_domain      dom;
+ 	int                        nvcpus;
+ };
+struct remote_domain_set_vcpus_flags_args {
+	remote_nonnull_domain      dom;
+	u_int                      nvcpus;
+	u_int                      flags;
+};
+struct remote_domain_get_vcpus_flags_args {
+	remote_nonnull_domain      dom;
+	u_int                      flags;
+};
+struct remote_domain_get_vcpus_flags_ret {
+	int                        num;
+};
+ struct remote_domain_pin_vcpu_args {
+ 	remote_nonnull_domain      dom;
+ 	int                        vcpu;
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0006-Step-6-of-8-Implement-the-server-side-dispatcher.patch
+++ b/docs/api_extension/0006-Step-6-of-8-Implement-the-server-side-dispatcher.patch
@ -1,70 +0,0 @@
-From 4c5166df583459574526841234d61d6ae5be19a0 Mon Sep 17 00:00:00 2001
-From: David Allan <dallan@redhat.com>
-Date: Tue, 19 May 2009 16:26:55 -0400
-Subject: [PATCH] Step 6 of 8 Implement the server side dispatcher
-
---
- qemud/remote.c |   48 ++++++++++++++++++++++++++++++++++++++++++++++++
- 1 files changed, 48 insertions(+), 0 deletions(-)
-
-diff --git a/qemud/remote.c b/qemud/remote.c
-index e27820f..8d24a3a 100644
--- a/qemud/remote.c
-+++ b/qemud/remote.c
-@@ -4323,6 +4323,54 @@ remoteDispatchNodeDeviceReset (struct qemud_server *server ATTRIBUTE_UNUSED,
- }
- 
- 
-+static int
-+remoteDispatchNodeDeviceCreateXml(struct qemud_server *server ATTRIBUTE_UNUSED,
-+                                  struct qemud_client *client ATTRIBUTE_UNUSED,
-+                                  virConnectPtr conn,
-+                                  remote_error *rerr,
-+                                  remote_node_device_create_xml_args *args,
-+                                  remote_node_device_create_xml_ret *ret)
-+{
-+    virNodeDevicePtr dev;
-+
-+    dev = virNodeDeviceCreateXML (conn, args->xml_desc, args->flags);
-+    if (dev == NULL) {
-+        remoteDispatchConnError(rerr, conn);
-+        return -1;
-+    }
-+
-+    make_nonnull_node_device (&ret->dev, dev);
-+    virNodeDeviceFree(dev);
-+
-+    return 0;
-+}
-+
-+
-+static int
-+remoteDispatchNodeDeviceDestroy(struct qemud_server *server ATTRIBUTE_UNUSED,
-+                                struct qemud_client *client ATTRIBUTE_UNUSED,
-+                                virConnectPtr conn,
-+                                remote_error *rerr,
-+                                remote_node_device_destroy_args *args,
-+                                void *ret ATTRIBUTE_UNUSED)
-+{
-+    virNodeDevicePtr dev;
-+
-+    dev = virNodeDeviceLookupByName(conn, args->name);
-+    if (dev == NULL) {
-+        remoteDispatchFormatError(rerr, "%s", _("node_device not found"));
-+        return -1;
-+    }
-+
-+    if (virNodeDeviceDestroy(dev) == -1) {
-+        remoteDispatchConnError(rerr, conn);
-+        return -1;
-+    }
-+
-+    return 0;
-+}
-+
-+
- /**************************
-  * Async Events
-  **************************/
-- 
-1.6.0.6
--- a/docs/api_extension/0006-make-old-API-trivially-wrap-to-new-API.patch
+++ b/docs/api_extension/0006-make-old-API-trivially-wrap-to-new-API.patch
@ -0,0 +1,735 @@
+From 50c51f13e2af04afac46e181c4ed62581545a488 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Mon, 27 Sep 2010 16:37:53 -0600
+Subject: [PATCH 06/15] vcpu: make old API trivially wrap to new API
+
+Note - this wrapping is completely mechanical; the old API will
+function identically, since the new API validates that the exact
+same flags are provided by the old API.  On a per-driver basis,
+it may make sense to have the old API pass a different set of flags,
+but that should be done in the per-driver patch that implements
+the full range of flag support in the new API.
+
+* src/esx/esx_driver.c (esxDomainSetVcpus, escDomainGetMaxVpcus):
+Move guts...
+(esxDomainSetVcpusFlags, esxDomainGetVcpusFlags): ...to new
+functions.
+(esxDriver): Trivially support the new API.
+* src/openvz/openvz_driver.c (openvzDomainSetVcpus)
+(openvzDomainSetVcpusFlags, openvzDomainGetMaxVcpus)
+(openvzDomainGetVcpusFlags, openvzDriver): Likewise.
+* src/phyp/phyp_driver.c (phypDomainSetCPU)
+(phypDomainSetVcpusFlags, phypGetLparCPUMAX)
+(phypDomainGetVcpusFlags, phypDriver): Likewise.
+* src/qemu/qemu_driver.c (qemudDomainSetVcpus)
+(qemudDomainSetVcpusFlags, qemudDomainGetMaxVcpus)
+(qemudDomainGetVcpusFlags, qemuDriver): Likewise.
+* src/test/test_driver.c (testSetVcpus, testDomainSetVcpusFlags)
+(testDomainGetMaxVcpus, testDomainGetVcpusFlags, testDriver):
+Likewise.
+* src/vbox/vbox_tmpl.c (vboxDomainSetVcpus)
+(vboxDomainSetVcpusFlags, virDomainGetMaxVcpus)
+(virDomainGetVcpusFlags, virDriver): Likewise.
+* src/xen/xen_driver.c (xenUnifiedDomainSetVcpus)
+(xenUnifiedDomainSetVcpusFlags, xenUnifiedDomainGetMaxVcpus)
+(xenUnifiedDomainGetVcpusFlags, xenUnifiedDriver): Likewise.
+* src/xenapi/xenapi_driver.c (xenapiDomainSetVcpus)
+(xenapiDomainSetVcpusFlags, xenapiDomainGetMaxVcpus)
+(xenapiDomainGetVcpusFlags, xenapiDriver): Likewise.
+(xenapiError): New helper macro.
+---
+ src/esx/esx_driver.c       |   32 +++++++++++++++++++---
+ src/openvz/openvz_driver.c |   34 +++++++++++++++++++++---
+ src/phyp/phyp_driver.c     |   32 ++++++++++++++++++++---
+ src/qemu/qemu_driver.c     |   38 +++++++++++++++++++++++++---
+ src/test/test_driver.c     |   36 ++++++++++++++++++++++---
+ src/vbox/vbox_tmpl.c       |   36 +++++++++++++++++++++++---
+ src/xen/xen_driver.c       |   34 ++++++++++++++++++++++---
+ src/xenapi/xenapi_driver.c |   60 ++++++++++++++++++++++++++++++++++++++------
+ 8 files changed, 263 insertions(+), 39 deletions(-)
+
+diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
+index 2a32374..b3e1284 100644
+--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
+@@ -2384,7 +2384,8 @@ esxDomainGetInfo(virDomainPtr domain, virDomainInfoPtr info)
+
+
+ static int
+-esxDomainSetVcpus(virDomainPtr domain, unsigned int nvcpus)
+esxDomainSetVcpusFlags(virDomainPtr domain, unsigned int nvcpus,
+                       unsigned int flags)
+ {
+     int result = -1;
+     esxPrivate *priv = domain->conn->privateData;
+@@ -2394,6 +2395,11 @@ esxDomainSetVcpus(virDomainPtr domain, unsigned int nvcpus)
+     esxVI_ManagedObjectReference *task = NULL;
+     esxVI_TaskInfoState taskInfoState;
+
+    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+        ESX_ERROR(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"), flags);
+        return -1;
+    }
+
+     if (nvcpus < 1) {
+         ESX_ERROR(VIR_ERR_INVALID_ARG, "%s",
+                   _("Requested number of virtual CPUs must at least be 1"));
+@@ -2453,15 +2459,26 @@ esxDomainSetVcpus(virDomainPtr domain, unsigned int nvcpus)
+ }
+
+
+static int
+esxDomainSetVcpus(virDomainPtr domain, unsigned int nvcpus)
+{
+    return esxDomainSetVcpusFlags(domain, nvcpus, VIR_DOMAIN_VCPU_LIVE);
+}
+
+
+ static int
+-esxDomainGetMaxVcpus(virDomainPtr domain)
+esxDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags)
+ {
+     esxPrivate *priv = domain->conn->privateData;
+     esxVI_String *propertyNameList = NULL;
+     esxVI_ObjectContent *hostSystem = NULL;
+     esxVI_DynamicProperty *dynamicProperty = NULL;
+
+    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+        ESX_ERROR(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"), flags);
+        return -1;
+    }
+
+     if (priv->maxVcpus > 0) {
+         return priv->maxVcpus;
+     }
+@@ -2507,7 +2524,12 @@ esxDomainGetMaxVcpus(virDomainPtr domain)
+     return priv->maxVcpus;
+ }
+
+-
+static int
+esxDomainGetMaxVcpus(virDomainPtr domain)
+{
+    return esxDomainGetVcpusFlags(domain, (VIR_DOMAIN_VCPU_LIVE |
+                                           VIR_DOMAIN_VCPU_MAXIMUM));
+}
+
+ static char *
+ esxDomainDumpXML(virDomainPtr domain, int flags)
+@@ -4160,8 +4182,8 @@ static virDriver esxDriver = {
+     NULL,                            /* domainRestore */
+     NULL,                            /* domainCoreDump */
+     esxDomainSetVcpus,               /* domainSetVcpus */
+-    NULL,                            /* domainSetVcpusFlags */
+-    NULL,                            /* domainGetVcpusFlags */
+    esxDomainSetVcpusFlags,          /* domainSetVcpusFlags */
+    esxDomainGetVcpusFlags,          /* domainGetVcpusFlags */
+     NULL,                            /* domainPinVcpu */
+     NULL,                            /* domainGetVcpus */
+     esxDomainGetMaxVcpus,            /* domainGetMaxVcpus */
+diff --git a/src/openvz/openvz_driver.c b/src/openvz/openvz_driver.c
+index 9d19aeb..0f3cfdf 100644
+--- a/src/openvz/openvz_driver.c
+++ b/src/openvz/openvz_driver.c
+@@ -67,7 +67,6 @@
+ static int openvzGetProcessInfo(unsigned long long *cpuTime, int vpsid);
+ static int openvzGetMaxVCPUs(virConnectPtr conn, const char *type);
+ static int openvzDomainGetMaxVcpus(virDomainPtr dom);
+-static int openvzDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus);
+ static int openvzDomainSetVcpusInternal(virDomainObjPtr vm,
+                                         unsigned int nvcpus);
+ static int openvzDomainSetMemoryInternal(virDomainObjPtr vm,
+@@ -1211,11 +1210,24 @@ static int openvzGetMaxVCPUs(virConnectPtr conn ATTRIBUTE_UNUSED,
+     return -1;
+ }
+
+static int
+openvzDomainGetVcpusFlags(virDomainPtr dom ATTRIBUTE_UNUSED,
+                          unsigned int flags)
+{
+    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+        openvzError(VIR_ERR_INVALID_ARG, _("unsupported flags (0x%x)"), flags);
+        return -1;
+    }
+
+-static int openvzDomainGetMaxVcpus(virDomainPtr dom ATTRIBUTE_UNUSED) {
+     return openvzGetMaxVCPUs(NULL, "openvz");
+ }
+
+static int openvzDomainGetMaxVcpus(virDomainPtr dom)
+{
+    return openvzDomainGetVcpusFlags(dom, (VIR_DOMAIN_VCPU_LIVE |
+                                           VIR_DOMAIN_VCPU_MAXIMUM));
+}
+
+ static int openvzDomainSetVcpusInternal(virDomainObjPtr vm,
+                                         unsigned int nvcpus)
+ {
+@@ -1241,12 +1253,18 @@ static int openvzDomainSetVcpusInternal(virDomainObjPtr vm,
+     return 0;
+ }
+
+-static int openvzDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus)
+static int openvzDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
+                                     unsigned int flags)
+ {
+     virDomainObjPtr         vm;
+     struct openvz_driver   *driver = dom->conn->privateData;
+     int                     ret = -1;
+
+    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+        openvzError(VIR_ERR_INVALID_ARG, _("unsupported flags (0x%x)"), flags);
+        return -1;
+    }
+
+     openvzDriverLock(driver);
+     vm = virDomainFindByUUID(&driver->domains, dom->uuid);
+     openvzDriverUnlock(driver);
+@@ -1272,6 +1290,12 @@ cleanup:
+     return ret;
+ }
+
+static int
+openvzDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus)
+{
+    return openvzDomainSetVcpusFlags(dom, nvcpus, VIR_DOMAIN_VCPU_LIVE);
+}
+
+ static virDrvOpenStatus openvzOpen(virConnectPtr conn,
+                                    virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+                                    int flags ATTRIBUTE_UNUSED)
+@@ -1590,8 +1614,8 @@ static virDriver openvzDriver = {
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+     openvzDomainSetVcpus, /* domainSetVcpus */
+-    NULL, /* domainSetVcpusFlags */
+-    NULL, /* domainGetVcpusFlags */
+    openvzDomainSetVcpusFlags, /* domainSetVcpusFlags */
+    openvzDomainGetVcpusFlags, /* domainGetVcpusFlags */
+     NULL, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+     openvzDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/phyp/phyp_driver.c b/src/phyp/phyp_driver.c
+index 6e0a5e9..e284ae0 100644
+--- a/src/phyp/phyp_driver.c
+++ b/src/phyp/phyp_driver.c
+@@ -1497,15 +1497,27 @@ phypGetLparCPU(virConnectPtr conn, const char *managed_system, int lpar_id)
+ }
+
+ static int
+-phypGetLparCPUMAX(virDomainPtr dom)
+phypDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
+ {
+     phyp_driverPtr phyp_driver = dom->conn->privateData;
+     char *managed_system = phyp_driver->managed_system;
+
+    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+        PHYP_ERROR(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"), flags);
+        return -1;
+    }
+
+     return phypGetLparCPUGeneric(dom->conn, managed_system, dom->id, 1);
+ }
+
+ static int
+phypGetLparCPUMAX(virDomainPtr dom)
+{
+    return phypDomainGetVcpusFlags(dom, (VIR_DOMAIN_VCPU_LIVE |
+                                         VIR_DOMAIN_VCPU_MAXIMUM));
+}
+
+static int
+ phypGetRemoteSlot(virConnectPtr conn, const char *managed_system,
+                   const char *lpar_name)
+ {
+@@ -3831,7 +3843,8 @@ phypConnectGetCapabilities(virConnectPtr conn)
+ }
+
+ static int
+-phypDomainSetCPU(virDomainPtr dom, unsigned int nvcpus)
+phypDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
+                        unsigned int flags)
+ {
+     ConnectionData *connection_data = dom->conn->networkPrivateData;
+     phyp_driverPtr phyp_driver = dom->conn->privateData;
+@@ -3846,6 +3859,11 @@ phypDomainSetCPU(virDomainPtr dom, unsigned int nvcpus)
+     unsigned int amount = 0;
+     virBuffer buf = VIR_BUFFER_INITIALIZER;
+
+    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+        PHYP_ERROR(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"), flags);
+        return -1;
+    }
+
+     if ((ncpus = phypGetLparCPU(dom->conn, managed_system, dom->id)) == 0)
+         return 0;
+
+@@ -3891,6 +3909,12 @@ phypDomainSetCPU(virDomainPtr dom, unsigned int nvcpus)
+
+ }
+
+static int
+phypDomainSetCPU(virDomainPtr dom, unsigned int nvcpus)
+{
+    return phypDomainSetVcpusFlags(dom, nvcpus, VIR_DOMAIN_VCPU_LIVE);
+}
+
+ static virDrvOpenStatus
+ phypVIOSDriverOpen(virConnectPtr conn,
+                    virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+@@ -3941,8 +3965,8 @@ static virDriver phypDriver = {
+     NULL,                       /* domainRestore */
+     NULL,                       /* domainCoreDump */
+     phypDomainSetCPU,           /* domainSetVcpus */
+-    NULL,                       /* domainSetVcpusFlags */
+-    NULL,                       /* domainGetVcpusFlags */
+    phypDomainSetVcpusFlags,    /* domainSetVcpusFlags */
+    phypDomainGetVcpusFlags,    /* domainGetVcpusFlags */
+     NULL,                       /* domainPinVcpu */
+     NULL,                       /* domainGetVcpus */
+     phypGetLparCPUMAX,          /* domainGetMaxVcpus */
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 3d17e04..7a2ea8f 100644
+--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
+@@ -5934,13 +5934,22 @@ unsupported:
+ }
+
+
+-static int qemudDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus) {
+static int
+qemudDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
+                         unsigned int flags)
+{
+     struct qemud_driver *driver = dom->conn->privateData;
+     virDomainObjPtr vm;
+     const char * type;
+     int max;
+     int ret = -1;
+
+    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+        qemuReportError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"),
+                        flags);
+        return -1;
+    }
+
+     qemuDriverLock(driver);
+     vm = virDomainFindByUUID(&driver->domains, dom->uuid);
+     qemuDriverUnlock(driver);
+@@ -5994,6 +6003,12 @@ cleanup:
+     return ret;
+ }
+
+static int
+qemudDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus)
+{
+    return qemudDomainSetVcpusFlags(dom, nvcpus, VIR_DOMAIN_VCPU_LIVE);
+}
+
+
+ static int
+ qemudDomainPinVcpu(virDomainPtr dom,
+@@ -6150,12 +6165,20 @@ cleanup:
+ }
+
+
+-static int qemudDomainGetMaxVcpus(virDomainPtr dom) {
+static int
+qemudDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
+{
+     struct qemud_driver *driver = dom->conn->privateData;
+     virDomainObjPtr vm;
+     const char *type;
+     int ret = -1;
+
+    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+        qemuReportError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"),
+                        flags);
+        return -1;
+    }
+
+     qemuDriverLock(driver);
+     vm = virDomainFindByUUID(&driver->domains, dom->uuid);
+     qemuDriverUnlock(driver);
+@@ -6183,6 +6206,13 @@ cleanup:
+     return ret;
+ }
+
+static int
+qemudDomainGetMaxVcpus(virDomainPtr dom)
+{
+    return qemudDomainGetVcpusFlags(dom, (VIR_DOMAIN_VCPU_LIVE |
+                                          VIR_DOMAIN_VCPU_MAXIMUM));
+}
+
+ static int qemudDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr seclabel)
+ {
+     struct qemud_driver *driver = (struct qemud_driver *)dom->conn->privateData;
+@@ -12938,8 +12968,8 @@ static virDriver qemuDriver = {
+     qemudDomainRestore, /* domainRestore */
+     qemudDomainCoreDump, /* domainCoreDump */
+     qemudDomainSetVcpus, /* domainSetVcpus */
+-    NULL, /* domainSetVcpusFlags */
+-    NULL, /* domainGetVcpusFlags */
+    qemudDomainSetVcpusFlags, /* domainSetVcpusFlags */
+    qemudDomainGetVcpusFlags, /* domainGetVcpusFlags */
+     qemudDomainPinVcpu, /* domainPinVcpu */
+     qemudDomainGetVcpus, /* domainGetVcpus */
+     qemudDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/test/test_driver.c b/src/test/test_driver.c
+index 6a00558..b70c80d 100644
+--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
+@@ -2029,17 +2029,37 @@ cleanup:
+     return ret;
+ }
+
+-static int testDomainGetMaxVcpus(virDomainPtr domain)
+static int
+testDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags)
+ {
+    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+        testError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"), flags);
+        return -1;
+    }
+
+     return testGetMaxVCPUs(domain->conn, "test");
+ }
+
+-static int testSetVcpus(virDomainPtr domain,
+-                        unsigned int nrCpus) {
+static int
+testDomainGetMaxVcpus(virDomainPtr domain)
+{
+    return testDomainGetVcpusFlags(domain, (VIR_DOMAIN_VCPU_LIVE |
+                                            VIR_DOMAIN_VCPU_MAXIMUM));
+}
+
+static int
+testDomainSetVcpusFlags(virDomainPtr domain, unsigned int nrCpus,
+                        unsigned int flags)
+{
+     testConnPtr privconn = domain->conn->privateData;
+     virDomainObjPtr privdom = NULL;
+     int ret = -1, maxvcpus;
+
+    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+        testError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"), flags);
+        return -1;
+    }
+
+     /* Do this first before locking */
+     maxvcpus = testDomainGetMaxVcpus(domain);
+     if (maxvcpus < 0)
+@@ -2082,6 +2102,12 @@ cleanup:
+     return ret;
+ }
+
+static int
+testSetVcpus(virDomainPtr domain, unsigned int nrCpus)
+{
+    return testDomainSetVcpusFlags(domain, nrCpus, VIR_DOMAIN_VCPU_LIVE);
+}
+
+ static int testDomainGetVcpus(virDomainPtr domain,
+                               virVcpuInfoPtr info,
+                               int maxinfo,
+@@ -5260,8 +5286,8 @@ static virDriver testDriver = {
+     testDomainRestore, /* domainRestore */
+     testDomainCoreDump, /* domainCoreDump */
+     testSetVcpus, /* domainSetVcpus */
+-    NULL, /* domainSetVcpusFlags */
+-    NULL, /* domainGetVcpusFlags */
+    testDomainSetVcpusFlags, /* domainSetVcpusFlags */
+    testDomainGetVcpusFlags, /* domainGetVcpusFlags */
+     testDomainPinVcpu, /* domainPinVcpu */
+     testDomainGetVcpus, /* domainGetVcpus */
+     testDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c
+index cb9193a..0cbe8b3 100644
+--- a/src/vbox/vbox_tmpl.c
+++ b/src/vbox/vbox_tmpl.c
+@@ -1839,13 +1839,21 @@ cleanup:
+     return ret;
+ }
+
+-static int vboxDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus) {
+static int
+vboxDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
+                        unsigned int flags)
+{
+     VBOX_OBJECT_CHECK(dom->conn, int, -1);
+     IMachine *machine    = NULL;
+     vboxIID  *iid        = NULL;
+     PRUint32  CPUCount   = nvcpus;
+     nsresult rc;
+
+    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+        vboxError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"), flags);
+        return -1;
+    }
+
+ #if VBOX_API_VERSION == 2002
+     if (VIR_ALLOC(iid) < 0) {
+         virReportOOMError();
+@@ -1887,11 +1895,24 @@ cleanup:
+     return ret;
+ }
+
+-static int vboxDomainGetMaxVcpus(virDomainPtr dom) {
+static int
+vboxDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus)
+{
+    return vboxDomainSetVcpusFlags(dom, nvcpus, VIR_DOMAIN_VCPU_LIVE);
+}
+
+static int
+vboxDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
+{
+     VBOX_OBJECT_CHECK(dom->conn, int, -1);
+     ISystemProperties *systemProperties = NULL;
+     PRUint32 maxCPUCount = 0;
+
+    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+        vboxError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"), flags);
+        return -1;
+    }
+
+     /* Currently every domain supports the same number of max cpus
+      * as that supported by vbox and thus take it directly from
+      * the systemproperties.
+@@ -1909,6 +1930,13 @@ static int vboxDomainGetMaxVcpus(virDomainPtr dom) {
+     return ret;
+ }
+
+static int
+vboxDomainGetMaxVcpus(virDomainPtr dom)
+{
+    return vboxDomainGetVcpusFlags(dom, (VIR_DOMAIN_VCPU_LIVE |
+                                         VIR_DOMAIN_VCPU_MAXIMUM));
+}
+
+ static char *vboxDomainDumpXML(virDomainPtr dom, int flags) {
+     VBOX_OBJECT_CHECK(dom->conn, char *, NULL);
+     virDomainDefPtr def  = NULL;
+@@ -8267,8 +8295,8 @@ virDriver NAME(Driver) = {
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+     vboxDomainSetVcpus, /* domainSetVcpus */
+-    NULL, /* domainSetVcpusFlags */
+-    NULL, /* domainGetVcpusFlags */
+    vboxDomainSetVcpusFlags, /* domainSetVcpusFlags */
+    vboxDomainGetVcpusFlags, /* domainGetVcpusFlags */
+     NULL, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+     vboxDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
+index 7d67ced..d6c9c57 100644
+--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
+@@ -1069,11 +1069,18 @@ xenUnifiedDomainCoreDump (virDomainPtr dom, const char *to, int flags)
+ }
+
+ static int
+-xenUnifiedDomainSetVcpus (virDomainPtr dom, unsigned int nvcpus)
+xenUnifiedDomainSetVcpusFlags (virDomainPtr dom, unsigned int nvcpus,
+                               unsigned int flags)
+ {
+     GET_PRIVATE(dom->conn);
+     int i;
+
+    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+        xenUnifiedError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"),
+                        flags);
+        return -1;
+    }
+
+     /* Try non-hypervisor methods first, then hypervisor direct method
+      * as a last resort.
+      */
+@@ -1093,6 +1100,12 @@ xenUnifiedDomainSetVcpus (virDomainPtr dom, unsigned int nvcpus)
+ }
+
+ static int
+xenUnifiedDomainSetVcpus (virDomainPtr dom, unsigned int nvcpus)
+{
+    return xenUnifiedDomainSetVcpusFlags(dom, nvcpus, VIR_DOMAIN_VCPU_LIVE);
+}
+
+static int
+ xenUnifiedDomainPinVcpu (virDomainPtr dom, unsigned int vcpu,
+                          unsigned char *cpumap, int maplen)
+ {
+@@ -1126,11 +1139,17 @@ xenUnifiedDomainGetVcpus (virDomainPtr dom,
+ }
+
+ static int
+-xenUnifiedDomainGetMaxVcpus (virDomainPtr dom)
+xenUnifiedDomainGetVcpusFlags (virDomainPtr dom, unsigned int flags)
+ {
+     GET_PRIVATE(dom->conn);
+     int i, ret;
+
+    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+        xenUnifiedError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"),
+                        flags);
+        return -1;
+    }
+
+     for (i = 0; i < XEN_UNIFIED_NR_DRIVERS; ++i)
+         if (priv->opened[i] && drivers[i]->domainGetMaxVcpus) {
+             ret = drivers[i]->domainGetMaxVcpus (dom);
+@@ -1140,6 +1159,13 @@ xenUnifiedDomainGetMaxVcpus (virDomainPtr dom)
+     return -1;
+ }
+
+static int
+xenUnifiedDomainGetMaxVcpus (virDomainPtr dom)
+{
+    return xenUnifiedDomainGetVcpusFlags(dom, (VIR_DOMAIN_VCPU_LIVE |
+                                               VIR_DOMAIN_VCPU_MAXIMUM));
+}
+
+ static char *
+ xenUnifiedDomainDumpXML (virDomainPtr dom, int flags)
+ {
+@@ -1951,8 +1977,8 @@ static virDriver xenUnifiedDriver = {
+     xenUnifiedDomainRestore, /* domainRestore */
+     xenUnifiedDomainCoreDump, /* domainCoreDump */
+     xenUnifiedDomainSetVcpus, /* domainSetVcpus */
+-    NULL, /* domainSetVcpusFlags */
+-    NULL, /* domainGetVcpusFlags */
+    xenUnifiedDomainSetVcpusFlags, /* domainSetVcpusFlags */
+    xenUnifiedDomainGetVcpusFlags, /* domainGetVcpusFlags */
+     xenUnifiedDomainPinVcpu, /* domainPinVcpu */
+     xenUnifiedDomainGetVcpus, /* domainGetVcpus */
+     xenUnifiedDomainGetMaxVcpus, /* domainGetMaxVcpus */
+diff --git a/src/xenapi/xenapi_driver.c b/src/xenapi/xenapi_driver.c
+index 753169c..7d4ab8d 100644
+--- a/src/xenapi/xenapi_driver.c
+++ b/src/xenapi/xenapi_driver.c
+@@ -40,6 +40,11 @@
+ #include "xenapi_driver_private.h"
+ #include "xenapi_utils.h"
+
+#define VIR_FROM_THIS VIR_FROM_XENAPI
+
+#define xenapiError(code, ...)                                    \
+        virReportErrorHelper(NULL, VIR_FROM_THIS, code, __FILE__, \
+                             __FUNCTION__, __LINE__, __VA_ARGS__)
+
+ /*
+  * getCapsObject
+@@ -987,19 +992,26 @@ xenapiDomainGetInfo (virDomainPtr dom, virDomainInfoPtr info)
+
+
+ /*
+- * xenapiDomainSetVcpus
+ * xenapiDomainSetVcpusFlags
+  *
+  * Sets the VCPUs on the domain
+  * Return 0 on success or -1 in case of error
+  */
+ static int
+-xenapiDomainSetVcpus (virDomainPtr dom, unsigned int nvcpus)
+xenapiDomainSetVcpusFlags (virDomainPtr dom, unsigned int nvcpus,
+                           unsigned int flags)
+ {
+-
+     /* vm.set_vcpus_max */
+     xen_vm vm;
+     xen_vm_set *vms;
+     xen_session *session = ((struct _xenapiPrivate *)(dom->conn->privateData))->session;
+
+    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+        xenapiError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"),
+                    flags);
+        return -1;
+    }
+
+     if (xen_vm_get_by_name_label(session, &vms, dom->name) && vms->size > 0) {
+         if (vms->size != 1) {
+             xenapiSessionErrorHandler(dom->conn, VIR_ERR_INTERNAL_ERROR,
+@@ -1019,6 +1031,18 @@ xenapiDomainSetVcpus (virDomainPtr dom, unsigned int nvcpus)
+ }
+
+ /*
+ * xenapiDomainSetVcpus
+ *
+ * Sets the VCPUs on the domain
+ * Return 0 on success or -1 in case of error
+ */
+static int
+xenapiDomainSetVcpus (virDomainPtr dom, unsigned int nvcpus)
+{
+    return xenapiDomainSetVcpusFlags(dom, nvcpus, VIR_DOMAIN_VCPU_LIVE);
+}
+
+/*
+  * xenapiDomainPinVcpu
+  *
+  * Dynamically change the real CPUs which can be allocated to a virtual CPU
+@@ -1140,19 +1164,26 @@ xenapiDomainGetVcpus (virDomainPtr dom,
+ }
+
+ /*
+- * xenapiDomainGetMaxVcpus
+ * xenapiDomainGetVcpusFlags
+  *
+  *
+- * Returns maximum number of Vcpus on success or -1 in case of error
+ * Returns Vcpus count on success or -1 in case of error
+  */
+ static int
+-xenapiDomainGetMaxVcpus (virDomainPtr dom)
+xenapiDomainGetVcpusFlags (virDomainPtr dom, unsigned int flags)
+ {
+     xen_vm vm;
+     xen_vm_set *vms;
+     int64_t maxvcpu = 0;
+     enum xen_vm_power_state state;
+     xen_session *session = ((struct _xenapiPrivate *)(dom->conn->privateData))->session;
+
+    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+        xenapiError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"),
+                    flags);
+        return -1;
+    }
+
+     if (xen_vm_get_by_name_label(session, &vms, dom->name) && vms->size > 0) {
+         if (vms->size != 1) {
+             xenapiSessionErrorHandler(dom->conn, VIR_ERR_INTERNAL_ERROR,
+@@ -1176,6 +1207,19 @@ xenapiDomainGetMaxVcpus (virDomainPtr dom)
+ }
+
+ /*
+ * xenapiDomainGetMaxVcpus
+ *
+ *
+ * Returns maximum number of Vcpus on success or -1 in case of error
+ */
+static int
+xenapiDomainGetMaxVcpus (virDomainPtr dom)
+{
+    return xenapiDomainGetVcpusFlags(dom, (VIR_DOMAIN_VCPU_LIVE |
+                                           VIR_DOMAIN_VCPU_MAXIMUM));
+}
+
+/*
+  * xenapiDomainDumpXML
+  *
+  *
+@@ -1754,8 +1798,8 @@ static virDriver xenapiDriver = {
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+     xenapiDomainSetVcpus, /* domainSetVcpus */
+-    NULL, /* domainSetVcpusFlags */
+-    NULL, /* domainGetVcpusFlags */
+    xenapiDomainSetVcpusFlags, /* domainSetVcpusFlags */
+    xenapiDomainGetVcpusFlags, /* domainGetVcpusFlags */
+     xenapiDomainPinVcpu, /* domainPinVcpu */
+     xenapiDomainGetVcpus, /* domainGetVcpus */
+     xenapiDomainGetMaxVcpus, /* domainGetMaxVcpus */
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0007-Step-7-of-8-Implement-the-driver-methods.patch
+++ b/docs/api_extension/0007-Step-7-of-8-Implement-the-driver-methods.patch
--- a/docs/api_extension/0007-add-virsh-support.patch
+++ b/docs/api_extension/0007-add-virsh-support.patch
@ -0,0 +1,388 @@
+From bf945ee97b72d3b0c4fc2da04530f5294f529d66 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 29 Sep 2010 15:20:23 -0600
+Subject: [PATCH 08/15] vcpu: add virsh support
+
+* tools/virsh.c (cmdSetvcpus): Add new flags.  Let invalid
+commands through to driver, to ease testing of hypervisor argument
+validation.
+(cmdMaxvcpus, cmdVcpucount): New commands.
+(commands): Add new commands.
+* tools/virsh.pod (setvcpus, vcpucount, maxvcpus): Document new
+behavior.
+---
+ tools/virsh.c   |  247 ++++++++++++++++++++++++++++++++++++++++++++++++++-----
+ tools/virsh.pod |   38 ++++++++-
+ 2 files changed, 262 insertions(+), 23 deletions(-)
+
+diff --git a/tools/virsh.c b/tools/virsh.c
+index 4f8c495..7fb7fbd 100644
+--- a/tools/virsh.c
+++ b/tools/virsh.c
+@@ -2281,10 +2281,216 @@ cmdFreecell(vshControl *ctl, const vshCmd *cmd)
+ }
+
+ /*
+ * "maxvcpus" command
+ */
+static const vshCmdInfo info_maxvcpus[] = {
+    {"help", N_("connection vcpu maximum")},
+    {"desc", N_("Show maximum number of virtual CPUs for guests on this connection.")},
+    {NULL, NULL}
+};
+
+static const vshCmdOptDef opts_maxvcpus[] = {
+    {"type", VSH_OT_STRING, 0, N_("domain type")},
+    {NULL, 0, 0, NULL}
+};
+
+static int
+cmdMaxvcpus(vshControl *ctl, const vshCmd *cmd)
+{
+    char *type;
+    int vcpus;
+
+    type = vshCommandOptString(cmd, "type", NULL);
+
+    if (!vshConnectionUsability(ctl, ctl->conn))
+        return FALSE;
+
+    vcpus = virConnectGetMaxVcpus(ctl->conn, type);
+    if (vcpus < 0)
+        return FALSE;
+    vshPrint(ctl, "%d\n", vcpus);
+
+    return TRUE;
+}
+
+/*
+ * "vcpucount" command
+ */
+static const vshCmdInfo info_vcpucount[] = {
+    {"help", N_("domain vcpu counts")},
+    {"desc", N_("Returns the number of virtual CPUs used by the domain.")},
+    {NULL, NULL}
+};
+
+static const vshCmdOptDef opts_vcpucount[] = {
+    {"domain", VSH_OT_DATA, VSH_OFLAG_REQ, N_("domain name, id or uuid")},
+    {"maximum", VSH_OT_BOOL, 0, N_("get maximum cap on vcpus")},
+    {"current", VSH_OT_BOOL, 0, N_("get current vcpu usage")},
+    {"config", VSH_OT_BOOL, 0, N_("get value to be used on next boot")},
+    {"live", VSH_OT_BOOL, 0, N_("get value from running domain")},
+    {NULL, 0, 0, NULL}
+};
+
+static int
+cmdVcpucount(vshControl *ctl, const vshCmd *cmd)
+{
+    virDomainPtr dom;
+    int ret = TRUE;
+    int maximum = vshCommandOptBool(cmd, "maximum");
+    int current = vshCommandOptBool(cmd, "current");
+    int config = vshCommandOptBool(cmd, "config");
+    int live = vshCommandOptBool(cmd, "live");
+    bool all = maximum + current + config + live == 0;
+    int count;
+
+    if (maximum && current) {
+        vshError(ctl, "%s",
+                 _("--maximum and --current cannot both be specified"));
+        return FALSE;
+    }
+    if (config && live) {
+        vshError(ctl, "%s",
+                 _("--config and --live cannot both be specified"));
+        return FALSE;
+    }
+    /* We want one of each pair of mutually exclusive options; that
+     * is, use of flags requires exactly two options.  */
+    if (maximum + current + config + live == 1) {
+        vshError(ctl,
+                 _("when using --%s, either --%s or --%s must be specified"),
+                 (maximum ? "maximum" : current ? "current"
+                  : config ? "config" : "live"),
+                 maximum + current ? "config" : "maximum",
+                 maximum + current ? "live" : "current");
+        return FALSE;
+    }
+
+    if (!vshConnectionUsability(ctl, ctl->conn))
+        return FALSE;
+
+    if (!(dom = vshCommandOptDomain(ctl, cmd, NULL)))
+        return FALSE;
+
+    /* In all cases, try the new API first; if it fails because we are
+     * talking to an older client, try a fallback API before giving
+     * up.  */
+    if (all || (maximum && config)) {
+        count = virDomainGetVcpusFlags(dom, (VIR_DOMAIN_VCPU_MAXIMUM |
+                                             VIR_DOMAIN_VCPU_CONFIG));
+        if (count < 0 && (last_error->code == VIR_ERR_NO_SUPPORT
+                          || last_error->code == VIR_ERR_INVALID_ARG)) {
+            char *tmp;
+            char *xml = virDomainGetXMLDesc(dom, VIR_DOMAIN_XML_INACTIVE);
+            if (xml && (tmp = strstr(xml, "<vcpu"))) {
+                tmp = strchr(tmp, '>');
+                if (!tmp || virStrToLong_i(tmp + 1, &tmp, 10, &count) < 0)
+                    count = -1;
+            }
+            VIR_FREE(xml);
+        }
+
+        if (count < 0) {
+            virshReportError(ctl);
+            ret = FALSE;
+        } else if (all) {
+            vshPrint(ctl, "%-12s %-12s %3d\n", _("maximum"), _("config"),
+                     count);
+        } else {
+            vshPrint(ctl, "%d\n", count);
+        }
+        virFreeError(last_error);
+        last_error = NULL;
+    }
+
+    if (all || (maximum && live)) {
+        count = virDomainGetVcpusFlags(dom, (VIR_DOMAIN_VCPU_MAXIMUM |
+                                             VIR_DOMAIN_VCPU_LIVE));
+        if (count < 0 && (last_error->code == VIR_ERR_NO_SUPPORT
+                          || last_error->code == VIR_ERR_INVALID_ARG)) {
+            count = virDomainGetMaxVcpus(dom);
+        }
+
+        if (count < 0) {
+            virshReportError(ctl);
+            ret = FALSE;
+        } else if (all) {
+            vshPrint(ctl, "%-12s %-12s %3d\n", _("maximum"), _("live"),
+                     count);
+        } else {
+            vshPrint(ctl, "%d\n", count);
+        }
+        virFreeError(last_error);
+        last_error = NULL;
+    }
+
+    if (all || (current && config)) {
+        count = virDomainGetVcpusFlags(dom, VIR_DOMAIN_VCPU_CONFIG);
+        if (count < 0 && (last_error->code == VIR_ERR_NO_SUPPORT
+                          || last_error->code == VIR_ERR_INVALID_ARG)) {
+            char *tmp, *end;
+            char *xml = virDomainGetXMLDesc(dom, VIR_DOMAIN_XML_INACTIVE);
+            if (xml && (tmp = strstr(xml, "<vcpu"))) {
+                end = strchr(tmp, '>');
+                if (end) {
+                    *end = '\0';
+                    tmp = strstr(tmp, "current=");
+                    if (!tmp)
+                        tmp = end + 1;
+                    else {
+                        tmp += strlen("current=");
+                        tmp += *tmp == '\'' || *tmp == '"';
+                    }
+                }
+                if (!tmp || virStrToLong_i(tmp, &tmp, 10, &count) < 0)
+                    count = -1;
+            }
+            VIR_FREE(xml);
+        }
+
+        if (count < 0) {
+            virshReportError(ctl);
+            ret = FALSE;
+        } else if (all) {
+            vshPrint(ctl, "%-12s %-12s %3d\n", _("current"), _("config"),
+                     count);
+        } else {
+            vshPrint(ctl, "%d\n", count);
+        }
+        virFreeError(last_error);
+        last_error = NULL;
+    }
+
+    if (all || (current && live)) {
+        count = virDomainGetVcpusFlags(dom, VIR_DOMAIN_VCPU_LIVE);
+        if (count < 0 && (last_error->code == VIR_ERR_NO_SUPPORT
+                          || last_error->code == VIR_ERR_INVALID_ARG)) {
+            virDomainInfo info;
+            if (virDomainGetInfo(dom, &info) == 0)
+                count = info.nrVirtCpu;
+        }
+
+        if (count < 0) {
+            virshReportError(ctl);
+            ret = FALSE;
+        } else if (all) {
+            vshPrint(ctl, "%-12s %-12s %3d\n", _("current"), _("live"),
+                     count);
+        } else {
+            vshPrint(ctl, "%d\n", count);
+        }
+        virFreeError(last_error);
+        last_error = NULL;
+    }
+
+    virDomainFree(dom);
+    return ret;
+}
+
+/*
+  * "vcpuinfo" command
+  */
+ static const vshCmdInfo info_vcpuinfo[] = {
+-    {"help", N_("domain vcpu information")},
+    {"help", N_("detailed domain vcpu information")},
+     {"desc", N_("Returns basic information about the domain virtual CPUs.")},
+     {NULL, NULL}
+ };
+@@ -2514,6 +2720,9 @@ static const vshCmdInfo info_setvcpus[] = {
+ static const vshCmdOptDef opts_setvcpus[] = {
+     {"domain", VSH_OT_DATA, VSH_OFLAG_REQ, N_("domain name, id or uuid")},
+     {"count", VSH_OT_DATA, VSH_OFLAG_REQ, N_("number of virtual CPUs")},
+    {"maximum", VSH_OT_BOOL, 0, N_("set maximum limit on next boot")},
+    {"config", VSH_OT_BOOL, 0, N_("affect next boot")},
+    {"live", VSH_OT_BOOL, 0, N_("affect running domain")},
+     {NULL, 0, 0, NULL}
+ };
+
+@@ -2522,8 +2731,13 @@ cmdSetvcpus(vshControl *ctl, const vshCmd *cmd)
+ {
+     virDomainPtr dom;
+     int count;
+-    int maxcpu;
+     int ret = TRUE;
+    int maximum = vshCommandOptBool(cmd, "maximum");
+    int config = vshCommandOptBool(cmd, "config");
+    int live = vshCommandOptBool(cmd, "live");
+    int flags = ((maximum ? VIR_DOMAIN_VCPU_MAXIMUM : 0) |
+                 (config ? VIR_DOMAIN_VCPU_CONFIG : 0) |
+                 (live ? VIR_DOMAIN_VCPU_LIVE : 0));
+
+     if (!vshConnectionUsability(ctl, ctl->conn))
+         return FALSE;
+@@ -2532,26 +2746,15 @@ cmdSetvcpus(vshControl *ctl, const vshCmd *cmd)
+         return FALSE;
+
+     count = vshCommandOptInt(cmd, "count", &count);
+-    if (count <= 0) {
+-        vshError(ctl, "%s", _("Invalid number of virtual CPUs."));
+-        virDomainFree(dom);
+-        return FALSE;
+-    }
+-
+-    maxcpu = virDomainGetMaxVcpus(dom);
+-    if (maxcpu <= 0) {
+-        virDomainFree(dom);
+-        return FALSE;
+-    }
+-
+-    if (count > maxcpu) {
+-        vshError(ctl, "%s", _("Too many virtual CPUs."));
+-        virDomainFree(dom);
+-        return FALSE;
+-    }
+
+-    if (virDomainSetVcpus(dom, count) != 0) {
+-        ret = FALSE;
+    if (!flags) {
+        if (virDomainSetVcpus(dom, count) != 0) {
+            ret = FALSE;
+        }
+    } else {
+        if (virDomainSetVcpusFlags(dom, count, flags) < 0) {
+            ret = FALSE;
+        }
+     }
+
+     virDomainFree(dom);
+@@ -9642,6 +9845,7 @@ static const vshCmdDef commands[] = {
+     {"freecell", cmdFreecell, opts_freecell, info_freecell},
+     {"hostname", cmdHostname, NULL, info_hostname},
+     {"list", cmdList, opts_list, info_list},
+    {"maxvcpus", cmdMaxvcpus, opts_maxvcpus, info_maxvcpus},
+     {"migrate", cmdMigrate, opts_migrate, info_migrate},
+     {"migrate-setmaxdowntime", cmdMigrateSetMaxDowntime, opts_migrate_setmaxdowntime, info_migrate_setmaxdowntime},
+
+@@ -9748,6 +9952,7 @@ static const vshCmdDef commands[] = {
+     {"vol-name", cmdVolName, opts_vol_name, info_vol_name},
+     {"vol-key", cmdVolKey, opts_vol_key, info_vol_key},
+
+    {"vcpucount", cmdVcpucount, opts_vcpucount, info_vcpucount},
+     {"vcpuinfo", cmdVcpuinfo, opts_vcpuinfo, info_vcpuinfo},
+     {"vcpupin", cmdVcpupin, opts_vcpupin, info_vcpupin},
+     {"version", cmdVersion, NULL, info_version},
+diff --git a/tools/virsh.pod b/tools/virsh.pod
+index 943a563..dbcc680 100644
+--- a/tools/virsh.pod
+++ b/tools/virsh.pod
+@@ -443,7 +443,14 @@ Remove the managed save file for a domain if it exists.  The next time the
+ domain is started it will not restore to its previous state but instead will
+ do a full boot.
+
+-=item B<migrate> optional I<--live> I<--suspend> I<domain-id> I<desturi> I<migrateuri>
+=item B<maxvcpus> optional I<type>
+
+Provide the maximum number of virtual CPUs supported for a guest VM on
+this connection.  If provided, the I<type> parameter must be a valid
+type attribute for the <domain> element of XML.
+
+=item B<migrate> optional I<--live> I<--suspend> I<domain-id> I<desturi>
+I<migrateuri>
+
+ Migrate domain to another host.  Add --live for live migration; --suspend
+ leaves the domain paused on the destination host. The I<desturi> is the
+@@ -521,7 +528,8 @@ Displays the domain memory parameters.
+
+ Allows you to set the domain memory parameters. LXC and QEMU/KVM supports these parameters.
+
+-=item B<setvcpus> I<domain-id> I<count>
+=item B<setvcpus> I<domain-id> I<count> optional I<--maximum> I<--config>
+I<--live>
+
+ Change the number of virtual CPUs active in the guest domain. Note that
+ I<count> may be limited by host, hypervisor or limit coming from the
+@@ -530,6 +538,17 @@ original description of domain.
+ For Xen, you can only adjust the virtual CPUs of a running domain if
+ the domain is paravirtualized.
+
+If I<--config> is specified, the change will only affect the next
+boot of a domain.  If I<--live> is specified, the domain must be
+running, and the change takes place immediately.  Both flags may be
+specified, if supported by the hypervisor.  If neither flag is given,
+then I<--live> is implied and it is up to the hypervisor whether
+I<--config> is also implied.
+
+If I<--maximum> is specified, then you must use I<--config> and
+avoid I<--live>; this flag controls the maximum limit of vcpus that
+can be hot-plugged the next time the domain is booted.
+
+ =item B<shutdown> I<domain-id>
+
+ Gracefully shuts down a domain.  This coordinates with the domain OS
+@@ -568,6 +587,21 @@ is not available the processes will provide an exit code of 1.
+ Undefine the configuration for an inactive domain. Since it's not running
+ the domain name or UUID must be used as the I<domain-id>.
+
+=item B<vcpucount> I<domain-id>  optional I<--maximum> I<--current>
+I<--config> I<--live>
+
+Print information about the virtual cpu counts of the given
+I<domain-id>.  If no flags are specified, all possible counts are
+listed in a table; otherwise, the output is limited to just the
+numeric value requested.
+
+I<--maximum> requests information on the maximum cap of vcpus that a
+domain can add via B<setvcpus>, while I<--current> shows the current
+usage; these two flags cannot both be specified.  I<--config>
+requests information regarding the next time the domain will be
+booted, while I<--live> requires a running domain and lists current
+values; these two flags cannot both be specified.
+
+ =item B<vcpuinfo> I<domain-id>
+
+ Returns basic information about the domain virtual CPUs, like the number of
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0008-Step-8-of-8-Add-virsh-support.patch
+++ b/docs/api_extension/0008-Step-8-of-8-Add-virsh-support.patch
@ -1,131 +0,0 @@
-From 193cc4abbb6c2fc5557d3699f86ff0103d5a21ef Mon Sep 17 00:00:00 2001
-From: David Allan <dallan@redhat.com>
-Date: Tue, 19 May 2009 16:47:31 -0400
-Subject: [PATCH 8/8] Step 8 of 8 Add virsh support
-
---
- src/virsh.c |  103 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 files changed, 103 insertions(+), 0 deletions(-)
-
-diff --git a/src/virsh.c b/src/virsh.c
-index cb32ede..ab2a2b7 100644
--- a/src/virsh.c
-+++ b/src/virsh.c
-@@ -2962,6 +2962,106 @@ cmdPoolCreate(vshControl *ctl, const vshCmd *cmd)
- 
- 
- /*
-+ * "nodedev-create" command
-+ */
-+static const vshCmdInfo info_node_device_create[] = {
-+    {"help", N_("create a device defined by an XML file on the node")},
-+    {"desc", N_("Create a device on the node.  Note that this "
-+                "command creates devices on the physical host "
-+                "that can then be assigned to a virtual machine.")},
-+    {NULL, NULL}
-+};
-+
-+static const vshCmdOptDef opts_node_device_create[] = {
-+    {"file", VSH_OT_DATA, VSH_OFLAG_REQ,
-+     N_("file containing an XML description of the device")},
-+    {NULL, 0, 0, NULL}
-+};
-+
-+static int
-+cmdNodeDeviceCreate(vshControl *ctl, const vshCmd *cmd)
-+{
-+    virNodeDevicePtr dev = NULL;
-+    char *from;
-+    int found = 0;
-+    int ret = TRUE;
-+    char *buffer;
-+
-+    if (!vshConnectionUsability(ctl, ctl->conn, TRUE))
-+        return FALSE;
-+
-+    from = vshCommandOptString(cmd, "file", &found);
-+    if (!found) {
-+        return FALSE;
-+    }
-+
-+    if (virFileReadAll(from, VIRSH_MAX_XML_FILE, &buffer) < 0) {
-+        return FALSE;
-+    }
-+
-+    dev = virNodeDeviceCreateXML(ctl->conn, buffer, 0);
-+    free (buffer);
-+
-+    if (dev != NULL) {
-+        vshPrint(ctl, _("Node device %s created from %s\n"),
-+                 virNodeDeviceGetName(dev), from);
-+    } else {
-+        vshError(ctl, FALSE, _("Failed to create node device from %s"), from);
-+        ret = FALSE;
-+    }
-+
-+    return ret;
-+}
-+
-+
-+/*
-+ * "nodedev-destroy" command
-+ */
-+static const vshCmdInfo info_node_device_destroy[] = {
-+    {"help", N_("destroy a device on the node")},
-+    {"desc", N_("Destroy a device on the node.  Note that this "
-+                "command destroys devices on the physical host")},
-+    {NULL, NULL}
-+};
-+
-+static const vshCmdOptDef opts_node_device_destroy[] = {
-+    {"name", VSH_OT_DATA, VSH_OFLAG_REQ,
-+     N_("name of the device to be destroyed")},
-+    {NULL, 0, 0, NULL}
-+};
-+
-+static int
-+cmdNodeDeviceDestroy(vshControl *ctl, const vshCmd *cmd)
-+{
-+    virNodeDevicePtr dev = NULL;
-+    int ret = TRUE;
-+    int found = 0;
-+    char *name;
-+
-+    if (!vshConnectionUsability(ctl, ctl->conn, TRUE)) {
-+        return FALSE;
-+    }
-+
-+    name = vshCommandOptString(cmd, "name", &found);
-+    if (!found) {
-+        return FALSE;
-+    }
-+
-+    dev = virNodeDeviceLookupByName(ctl->conn, name);
-+
-+    if (virNodeDeviceDestroy(dev) == 0) {
-+        vshPrint(ctl, _("Destroyed node device '%s'\n"), name);
-+    } else {
-+        vshError(ctl, FALSE, _("Failed to destroy node device '%s'"), name);
-+        ret = FALSE;
-+    }
-+
-+    virNodeDeviceFree(dev);
-+    return ret;
-+}
-+
-+
-+/*
-  * XML Building helper for pool-define-as and pool-create-as
-  */
- static const vshCmdOptDef opts_pool_X_as[] = {
-@@ -5895,6 +5996,8 @@ static const vshCmdDef commands[] = {
-     {"nodedev-dettach", cmdNodeDeviceDettach, opts_node_device_dettach, info_node_device_dettach},
-     {"nodedev-reattach", cmdNodeDeviceReAttach, opts_node_device_reattach, info_node_device_reattach},
-     {"nodedev-reset", cmdNodeDeviceReset, opts_node_device_reset, info_node_device_reset},
-+    {"nodedev-create", cmdNodeDeviceCreate, opts_node_device_create, info_node_device_create},
-+    {"nodedev-destroy", cmdNodeDeviceDestroy, opts_node_device_destroy, info_node_device_destroy},
- 
-     {"pool-autostart", cmdPoolAutostart, opts_pool_autostart, info_pool_autostart},
-     {"pool-build", cmdPoolBuild, opts_pool_build, info_pool_build},
-- 
-1.6.0.6
--- a/docs/api_extension/0008-support-new-xml.patch
+++ b/docs/api_extension/0008-support-new-xml.patch
@ -0,0 +1,519 @@
+From 4617eedfaeee2b187a1f14691d25746ba3ff31b6 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 29 Sep 2010 10:20:07 -0600
+Subject: [PATCH 07/15] vcpu: support maxvcpu in domain_conf
+
+Although this patch adds a distinction between maximum vcpus and
+current vcpus in the XML, the values should be identical for all
+drivers at this point.  Only in subsequent per-driver patches will
+a distinction be made.
+
+In general, virDomainGetInfo should prefer the current vcpus.
+
+* src/conf/domain_conf.h (_virDomainDef): Adjust vcpus to unsigned
+short, to match virDomainGetInfo limit.  Add maxvcpus member.
+* src/conf/domain_conf.c (virDomainDefParseXML)
+(virDomainDefFormat): parse and print out vcpu details.
+* src/xen/xend_internal.c (xenDaemonParseSxpr)
+(xenDaemonFormatSxpr): Manage both vcpu numbers, and require them
+to be equal for now.
+* src/xen/xm_internal.c (xenXMDomainConfigParse)
+(xenXMDomainConfigFormat): Likewise.
+* src/phyp/phyp_driver.c (phypDomainDumpXML): Likewise.
+* src/openvz/openvz_conf.c (openvzLoadDomains): Likewise.
+* src/openvz/openvz_driver.c (openvzDomainDefineXML)
+(openvzDomainCreateXML, openvzDomainSetVcpusInternal): Likewise.
+* src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxDomainDefineXML):
+Likewise.
+* src/xenapi/xenapi_driver.c (xenapiDomainDumpXML): Likewise.
+* src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise.
+* src/esx/esx_vmx.c (esxVMX_ParseConfig, esxVMX_FormatConfig):
+Likewise.
+* src/qemu/qemu_conf.c (qemuBuildSmpArgStr)
+(qemuParseCommandLineSmp, qemuParseCommandLine): Likewise.
+* src/qemu/qemu_driver.c (qemudDomainHotplugVcpus): Likewise.
+* src/opennebula/one_conf.c (xmlOneTemplate): Likewise.
+---
+ src/conf/domain_conf.c     |   45 +++++++++++++++++++++++++++++++++++++------
+ src/conf/domain_conf.h     |    3 +-
+ src/esx/esx_vmx.c          |   24 ++++++++++++++--------
+ src/opennebula/one_conf.c  |    9 +++++--
+ src/openvz/openvz_conf.c   |    7 +++--
+ src/openvz/openvz_driver.c |   15 +++++++++----
+ src/phyp/phyp_driver.c     |    2 +-
+ src/qemu/qemu_conf.c       |   14 +++++++++++-
+ src/qemu/qemu_driver.c     |    5 ++-
+ src/vbox/vbox_tmpl.c       |   12 +++++++---
+ src/xen/xend_internal.c    |    9 ++++---
+ src/xen/xm_internal.c      |   11 ++++++---
+ src/xenapi/xenapi_driver.c |    2 +-
+ src/xenapi/xenapi_utils.c  |    4 +-
+ 14 files changed, 114 insertions(+), 48 deletions(-)
+
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index 78d7a6a..a997e06 100644
+--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
+@@ -4203,6 +4203,7 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
+     int i, n;
+     long id = -1;
+     virDomainDefPtr def;
+    unsigned long count;
+
+     if (VIR_ALLOC(def) < 0) {
+         virReportOOMError();
+@@ -4287,8 +4288,37 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
+                       &def->mem.swap_hard_limit) < 0)
+         def->mem.swap_hard_limit = 0;
+
+-    if (virXPathULong("string(./vcpu[1])", ctxt, &def->vcpus) < 0)
+-        def->vcpus = 1;
+    n = virXPathULong("string(./vcpu[1])", ctxt, &count);
+    if (n == -2) {
+        virDomainReportError(VIR_ERR_XML_ERROR, "%s",
+                             _("maximum vcpus must be an integer"));
+        goto error;
+    } else if (n < 0) {
+        def->maxvcpus = 1;
+    } else {
+        def->maxvcpus = count;
+        if (def->maxvcpus != count || count == 0) {
+            virDomainReportError(VIR_ERR_XML_ERROR,
+                                 _("invalid maxvcpus %lu"), count);
+            goto error;
+        }
+    }
+
+    n = virXPathULong("string(./vcpu[1]/@current)", ctxt, &count);
+    if (n == -2) {
+        virDomainReportError(VIR_ERR_XML_ERROR, "%s",
+                             _("current vcpus must be an integer"));
+        goto error;
+    } else if (n < 0) {
+        def->vcpus = def->maxvcpus;
+    } else {
+        def->vcpus = count;
+        if (def->vcpus != count || count == 0 || def->maxvcpus < count) {
+            virDomainReportError(VIR_ERR_XML_ERROR,
+                                 _("invalid current vcpus %lu"), count);
+            goto error;
+        }
+    }
+
+     tmp = virXPathString("string(./vcpu[1]/@cpuset)", ctxt);
+     if (tmp) {
+@@ -6462,17 +6492,18 @@ char *virDomainDefFormat(virDomainDefPtr def,
+         if (def->cpumask[n] != 1)
+             allones = 0;
+
+-    if (allones) {
+-        virBufferVSprintf(&buf, "  <vcpu>%lu</vcpu>\n", def->vcpus);
+-    } else {
+    virBufferAddLit(&buf, "  <vcpu");
+    if (!allones) {
+         char *cpumask = NULL;
+         if ((cpumask =
+              virDomainCpuSetFormat(def->cpumask, def->cpumasklen)) == NULL)
+             goto cleanup;
+-        virBufferVSprintf(&buf, "  <vcpu cpuset='%s'>%lu</vcpu>\n",
+-                          cpumask, def->vcpus);
+        virBufferVSprintf(&buf, " cpuset='%s'", cpumask);
+         VIR_FREE(cpumask);
+     }
+    if (def->vcpus != def->maxvcpus)
+        virBufferVSprintf(&buf, " current='%u'", def->vcpus);
+    virBufferVSprintf(&buf, ">%u</vcpu>\n", def->maxvcpus);
+
+     if (def->os.bootloader) {
+         virBufferEscapeString(&buf, "  <bootloader>%s</bootloader>\n",
+diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
+index db09c23..5499f28 100644
+--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
+@@ -885,7 +885,8 @@ struct _virDomainDef {
+         unsigned long min_guarantee;
+         unsigned long swap_hard_limit;
+     } mem;
+-    unsigned long vcpus;
+    unsigned short vcpus;
+    unsigned short maxvcpus;
+     int cpumasklen;
+     char *cpumask;
+
+diff --git a/src/esx/esx_vmx.c b/src/esx/esx_vmx.c
+index 7ec8c0e..0a26614 100644
+--- a/src/esx/esx_vmx.c
+++ b/src/esx/esx_vmx.c
+@@ -50,7 +50,7 @@ def->uuid = <value>               <=>   uuid.bios = "<value>"
+ def->name = <value>               <=>   displayName = "<value>"
+ def->mem.max_balloon = <value kilobyte>    <=>   memsize = "<value megabyte>"            # must be a multiple of 4, defaults to 32
+ def->mem.cur_balloon = <value kilobyte>    <=>   sched.mem.max = "<value megabyte>"      # defaults to "unlimited" -> def->mem.cur_balloon = def->mem.max_balloon
+-def->vcpus = <value>              <=>   numvcpus = "<value>"                    # must be 1 or a multiple of 2, defaults to 1
+def->maxvcpus = <value>           <=>   numvcpus = "<value>"                    # must be 1 or a multiple of 2, defaults to 1
+ def->cpumask = <uint list>        <=>   sched.cpu.affinity = "<uint list>"
+
+
+@@ -1075,7 +1075,7 @@ esxVMX_ParseConfig(esxVMX_Context *ctx, virCapsPtr caps, const char *vmx,
+         goto cleanup;
+     }
+
+-    def->vcpus = numvcpus;
+    def->maxvcpus = def->vcpus = numvcpus;
+
+     /* vmx:sched.cpu.affinity -> def:cpumask */
+     // VirtualMachine:config.cpuAffinity.affinitySet
+@@ -2609,16 +2609,22 @@ esxVMX_FormatConfig(esxVMX_Context *ctx, virCapsPtr caps, virDomainDefPtr def,
+                           (int)(def->mem.cur_balloon / 1024));
+     }
+
+-    /* def:vcpus -> vmx:numvcpus */
+-    if (def->vcpus <= 0 || (def->vcpus % 2 != 0 && def->vcpus != 1)) {
+    /* def:maxvcpus -> vmx:numvcpus */
+    if (def->vcpus != def->maxvcpus) {
+        ESX_ERROR(VIR_ERR_CONFIG_UNSUPPORTED,
+                  _("No support for domain XML entry 'vcpu' attribute "
+                    "'current'"));
+        goto cleanup;
+    }
+    if (def->maxvcpus <= 0 || (def->maxvcpus % 2 != 0 && def->maxvcpus != 1)) {
+         ESX_ERROR(VIR_ERR_INTERNAL_ERROR,
+                   _("Expecting domain XML entry 'vcpu' to be an unsigned "
+                     "integer (1 or a multiple of 2) but found %d"),
+-                  (int)def->vcpus);
+                  def->maxvcpus);
+         goto cleanup;
+     }
+
+-    virBufferVSprintf(&buffer, "numvcpus = \"%d\"\n", (int)def->vcpus);
+    virBufferVSprintf(&buffer, "numvcpus = \"%d\"\n", def->maxvcpus);
+
+     /* def:cpumask -> vmx:sched.cpu.affinity */
+     if (def->cpumasklen > 0) {
+@@ -2632,11 +2638,11 @@ esxVMX_FormatConfig(esxVMX_Context *ctx, virCapsPtr caps, virDomainDefPtr def,
+             }
+         }
+
+-        if (sched_cpu_affinity_length < def->vcpus) {
+        if (sched_cpu_affinity_length < def->maxvcpus) {
+             ESX_ERROR(VIR_ERR_INTERNAL_ERROR,
+                       _("Expecting domain XML attribute 'cpuset' of entry "
+-                        "'vcpu' to contains at least %d CPU(s)"),
+-                      (int)def->vcpus);
+                        "'vcpu' to contain at least %d CPU(s)"),
+                      def->maxvcpus);
+             goto cleanup;
+         }
+
+diff --git a/src/opennebula/one_conf.c b/src/opennebula/one_conf.c
+index 44e28dc..2079c51 100644
+--- a/src/opennebula/one_conf.c
+++ b/src/opennebula/one_conf.c
+@@ -1,5 +1,7 @@
+ /*----------------------------------------------------------------------------------*/
+-/* Copyright 2002-2009, Distributed Systems Architecture Group, Universidad
+/*
+ * Copyright (C) 2010 Red Hat, Inc.
+ * Copyright 2002-2009, Distributed Systems Architecture Group, Universidad
+  * Complutense de Madrid (dsa-research.org)
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -169,9 +171,10 @@ char* xmlOneTemplate(virDomainDefPtr def)
+ {
+     int i;
+     virBuffer buf= VIR_BUFFER_INITIALIZER;
+-    virBufferVSprintf(&buf,"#OpenNebula Template automatically generated by libvirt\nNAME = %s\nCPU = %ld\nMEMORY = %ld\n",
+    virBufferVSprintf(&buf,"#OpenNebula Template automatically generated "
+                      "by libvirt\nNAME = %s\nCPU = %d\nMEMORY = %ld\n",
+                       def->name,
+-                      def->vcpus,
+                      def->maxvcpus,
+                       (def->mem.max_balloon)/1024);
+
+     /*Optional Booting OpenNebula Information:*/
+diff --git a/src/openvz/openvz_conf.c b/src/openvz/openvz_conf.c
+index ec11bbc..c84a6f3 100644
+--- a/src/openvz/openvz_conf.c
+++ b/src/openvz/openvz_conf.c
+@@ -507,11 +507,12 @@ int openvzLoadDomains(struct openvz_driver *driver) {
+                         veid);
+             goto cleanup;
+         } else if (ret > 0) {
+-            dom->def->vcpus = strtoI(temp);
+            dom->def->maxvcpus = strtoI(temp);
+         }
+
+-        if (ret == 0 || dom->def->vcpus == 0)
+-            dom->def->vcpus = openvzGetNodeCPUs();
+        if (ret == 0 || dom->def->maxvcpus == 0)
+            dom->def->maxvcpus = openvzGetNodeCPUs();
+        dom->def->vcpus = dom->def->maxvcpus;
+
+         /* XXX load rest of VM config data .... */
+
+diff --git a/src/openvz/openvz_driver.c b/src/openvz/openvz_driver.c
+index 0f3cfdf..b7c2754 100644
+--- a/src/openvz/openvz_driver.c
+++ b/src/openvz/openvz_driver.c
+@@ -925,8 +925,13 @@ openvzDomainDefineXML(virConnectPtr conn, const char *xml)
+     if (openvzDomainSetNetworkConfig(conn, vm->def) < 0)
+         goto cleanup;
+
+-    if (vm->def->vcpus > 0) {
+-        if (openvzDomainSetVcpusInternal(vm, vm->def->vcpus) < 0) {
+    if (vm->def->vcpus != vm->def->maxvcpus) {
+        openvzError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                    _("current vcpu count must equal maximum"));
+        goto cleanup;
+    }
+    if (vm->def->maxvcpus > 0) {
+        if (openvzDomainSetVcpusInternal(vm, vm->def->maxvcpus) < 0) {
+             openvzError(VIR_ERR_INTERNAL_ERROR, "%s",
+                         _("Could not set number of virtual cpu"));
+              goto cleanup;
+@@ -1019,8 +1024,8 @@ openvzDomainCreateXML(virConnectPtr conn, const char *xml,
+     vm->def->id = vm->pid;
+     vm->state = VIR_DOMAIN_RUNNING;
+
+-    if (vm->def->vcpus > 0) {
+-        if (openvzDomainSetVcpusInternal(vm, vm->def->vcpus) < 0) {
+    if (vm->def->maxvcpus > 0) {
+        if (openvzDomainSetVcpusInternal(vm, vm->def->maxvcpus) < 0) {
+             openvzError(VIR_ERR_INTERNAL_ERROR, "%s",
+                         _("Could not set number of virtual cpu"));
+             goto cleanup;
+@@ -1249,7 +1254,7 @@ static int openvzDomainSetVcpusInternal(virDomainObjPtr vm,
+         return -1;
+     }
+
+-    vm->def->vcpus = nvcpus;
+    vm->def->maxvcpus = vm->def->vcpus = nvcpus;
+     return 0;
+ }
+
+diff --git a/src/phyp/phyp_driver.c b/src/phyp/phyp_driver.c
+index e284ae0..3d0ed11 100644
+--- a/src/phyp/phyp_driver.c
+++ b/src/phyp/phyp_driver.c
+@@ -3540,7 +3540,7 @@ phypDomainDumpXML(virDomainPtr dom, int flags)
+         goto err;
+     }
+
+-    if ((def.vcpus =
+    if ((def.maxvcpus = def.vcpus =
+          phypGetLparCPU(dom->conn, managed_system, dom->id)) == 0) {
+         VIR_ERROR0(_("Unable to determine domain's CPU."));
+         goto err;
+diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
+index 83c0f83..38c8351 100644
+--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
+@@ -3711,7 +3711,7 @@ qemuBuildSmpArgStr(const virDomainDefPtr def,
+ {
+     virBuffer buf = VIR_BUFFER_INITIALIZER;
+
+-    virBufferVSprintf(&buf, "%lu", def->vcpus);
+    virBufferVSprintf(&buf, "%u", def->vcpus);
+
+     if ((qemuCmdFlags & QEMUD_CMD_FLAG_SMP_TOPOLOGY)) {
+         /* sockets, cores, and threads are either all zero
+@@ -3722,11 +3722,18 @@ qemuBuildSmpArgStr(const virDomainDefPtr def,
+             virBufferVSprintf(&buf, ",threads=%u", def->cpu->threads);
+         }
+         else {
+-            virBufferVSprintf(&buf, ",sockets=%lu", def->vcpus);
+            virBufferVSprintf(&buf, ",sockets=%u", def->maxvcpus);
+             virBufferVSprintf(&buf, ",cores=%u", 1);
+             virBufferVSprintf(&buf, ",threads=%u", 1);
+         }
+     }
+    if (def->vcpus != def->maxvcpus) {
+        virBufferFreeAndReset(&buf);
+        qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                        _("setting current vcpu count less than maximum is "
+                          "not supported yet"));
+        return NULL;
+    }
+
+     if (virBufferError(&buf)) {
+         virBufferFreeAndReset(&buf);
+@@ -6178,6 +6185,8 @@ qemuParseCommandLineSmp(virDomainDefPtr dom,
+         }
+     }
+
+    dom->maxvcpus = dom->vcpus;
+
+     if (sockets && cores && threads) {
+         virCPUDefPtr cpu;
+
+@@ -6247,6 +6256,7 @@ virDomainDefPtr qemuParseCommandLine(virCapsPtr caps,
+
+     def->id = -1;
+     def->mem.cur_balloon = def->mem.max_balloon = 64 * 1024;
+    def->maxvcpus = 1;
+     def->vcpus = 1;
+     def->clock.offset = VIR_DOMAIN_CLOCK_OFFSET_UTC;
+     def->features = (1 << VIR_DOMAIN_FEATURE_ACPI)
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 7a2ea8f..c66dc04 100644
+--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
+@@ -2425,8 +2425,9 @@ qemuDetectVcpuPIDs(struct qemud_driver *driver,
+
+     if (ncpupids != vm->def->vcpus) {
+         qemuReportError(VIR_ERR_INTERNAL_ERROR,
+-                        _("got wrong number of vCPU pids from QEMU monitor. got %d, wanted %d"),
+-                        ncpupids, (int)vm->def->vcpus);
+                        _("got wrong number of vCPU pids from QEMU monitor. "
+                          "got %d, wanted %d"),
+                        ncpupids, vm->def->vcpus);
+         VIR_FREE(cpupids);
+         return -1;
+     }
+diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c
+index 0cbe8b3..5a859a4 100644
+--- a/src/vbox/vbox_tmpl.c
+++ b/src/vbox/vbox_tmpl.c
+@@ -2028,7 +2028,7 @@ static char *vboxDomainDumpXML(virDomainPtr dom, int flags) {
+             def->mem.max_balloon = memorySize * 1024;
+
+             machine->vtbl->GetCPUCount(machine, &CPUCount);
+-            def->vcpus = CPUCount;
+            def->maxvcpus = def->vcpus = CPUCount;
+
+             /* Skip cpumasklen, cpumask, onReboot, onPoweroff, onCrash */
+
+@@ -4598,11 +4598,15 @@ static virDomainPtr vboxDomainDefineXML(virConnectPtr conn, const char *xml) {
+                   def->mem.cur_balloon, (unsigned)rc);
+     }
+
+-    rc = machine->vtbl->SetCPUCount(machine, def->vcpus);
+    if (def->vcpus != def->maxvcpus) {
+        vboxError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                    _("current vcpu count must equal maximum"));
+    }
+    rc = machine->vtbl->SetCPUCount(machine, def->maxvcpus);
+     if (NS_FAILED(rc)) {
+         vboxError(VIR_ERR_INTERNAL_ERROR,
+-                  _("could not set the number of virtual CPUs to: %lu, rc=%08x"),
+-                  def->vcpus, (unsigned)rc);
+                  _("could not set the number of virtual CPUs to: %u, rc=%08x"),
+                  def->maxvcpus, (unsigned)rc);
+     }
+
+ #if VBOX_API_VERSION < 3001
+diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
+index 5ffc3c8..456b477 100644
+--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
+@@ -2190,7 +2190,8 @@ xenDaemonParseSxpr(virConnectPtr conn,
+         }
+     }
+
+-    def->vcpus = sexpr_int(root, "domain/vcpus");
+    def->maxvcpus = sexpr_int(root, "domain/vcpus");
+    def->vcpus = def->maxvcpus;
+
+     tmp = sexpr_node(root, "domain/on_poweroff");
+     if (tmp != NULL) {
+@@ -5649,7 +5650,7 @@ xenDaemonFormatSxprInput(virDomainInputDefPtr input,
+  *
+  * Generate an SEXPR representing the domain configuration.
+  *
+- * Returns the 0 terminatedi S-Expr string or NULL in case of error.
+ * Returns the 0 terminated S-Expr string or NULL in case of error.
+  *         the caller must free() the returned value.
+  */
+ char *
+@@ -5666,7 +5667,7 @@ xenDaemonFormatSxpr(virConnectPtr conn,
+     virBufferVSprintf(&buf, "(name '%s')", def->name);
+     virBufferVSprintf(&buf, "(memory %lu)(maxmem %lu)",
+                       def->mem.cur_balloon/1024, def->mem.max_balloon/1024);
+-    virBufferVSprintf(&buf, "(vcpus %lu)", def->vcpus);
+    virBufferVSprintf(&buf, "(vcpus %u)", def->maxvcpus);
+
+     if (def->cpumask) {
+         char *ranges = virDomainCpuSetFormat(def->cpumask, def->cpumasklen);
+@@ -5761,7 +5762,7 @@ xenDaemonFormatSxpr(virConnectPtr conn,
+             else
+                 virBufferVSprintf(&buf, "(kernel '%s')", def->os.loader);
+
+-            virBufferVSprintf(&buf, "(vcpus %lu)", def->vcpus);
+            virBufferVSprintf(&buf, "(vcpus %u)", def->maxvcpus);
+
+             for (i = 0 ; i < def->os.nBootDevs ; i++) {
+                 switch (def->os.bootDevs[i]) {
+diff --git a/src/xen/xm_internal.c b/src/xen/xm_internal.c
+index 8e42a1c..bf20a64 100644
+--- a/src/xen/xm_internal.c
+++ b/src/xen/xm_internal.c
+@@ -678,6 +678,7 @@ xenXMDomainConfigParse(virConnectPtr conn, virConfPtr conf) {
+     int i;
+     const char *defaultArch, *defaultMachine;
+     int vmlocaltime = 0;
+    unsigned long count;
+
+     if (VIR_ALLOC(def) < 0) {
+         virReportOOMError();
+@@ -770,9 +771,11 @@ xenXMDomainConfigParse(virConnectPtr conn, virConfPtr conf) {
+     def->mem.cur_balloon *= 1024;
+     def->mem.max_balloon *= 1024;
+
+-
+-    if (xenXMConfigGetULong(conf, "vcpus", &def->vcpus, 1) < 0)
+    if (xenXMConfigGetULong(conf, "vcpus", &count, 1) < 0 ||
+        (unsigned short) count != count)
+         goto cleanup;
+    def->maxvcpus = count;
+    def->vcpus = def->maxvcpus;
+
+     if (xenXMConfigGetString(conf, "cpus", &str, NULL) < 0)
+         goto cleanup;
+@@ -1650,7 +1653,7 @@ int xenXMDomainSetVcpus(virDomainPtr domain, unsigned int vcpus) {
+     if (!(entry = virHashLookup(priv->configCache, filename)))
+         goto cleanup;
+
+-    entry->def->vcpus = vcpus;
+    entry->def->maxvcpus = entry->def->vcpus = vcpus;
+
+     /* If this fails, should we try to undo our changes to the
+      * in-memory representation of the config file. I say not!
+@@ -2241,7 +2244,7 @@ virConfPtr xenXMDomainConfigFormat(virConnectPtr conn,
+     if (xenXMConfigSetInt(conf, "memory", def->mem.cur_balloon / 1024) < 0)
+         goto no_memory;
+
+-    if (xenXMConfigSetInt(conf, "vcpus", def->vcpus) < 0)
+    if (xenXMConfigSetInt(conf, "vcpus", def->maxvcpus) < 0)
+         goto no_memory;
+
+     if ((def->cpumask != NULL) &&
+diff --git a/src/xenapi/xenapi_driver.c b/src/xenapi/xenapi_driver.c
+index 7d4ab8d..5ccdede 100644
+--- a/src/xenapi/xenapi_driver.c
+++ b/src/xenapi/xenapi_driver.c
+@@ -1335,7 +1335,7 @@ xenapiDomainDumpXML (virDomainPtr dom, int flags ATTRIBUTE_UNUSED)
+     } else {
+         defPtr->mem.cur_balloon = memory;
+     }
+-    defPtr->vcpus = xenapiDomainGetMaxVcpus(dom);
+    defPtr->maxvcpus = defPtr->vcpus = xenapiDomainGetMaxVcpus(dom);
+     enum xen_on_normal_exit action;
+     if (xen_vm_get_actions_after_shutdown(session, &action, vm)) {
+         defPtr->onPoweroff = xenapiNormalExitEnum2virDomainLifecycle(action);
+diff --git a/src/xenapi/xenapi_utils.c b/src/xenapi/xenapi_utils.c
+index be55491..a7e2a4b 100644
+--- a/src/xenapi/xenapi_utils.c
+++ b/src/xenapi/xenapi_utils.c
+@@ -510,8 +510,8 @@ createVMRecordFromXml (virConnectPtr conn, virDomainDefPtr def,
+     else
+         (*record)->memory_dynamic_max = (*record)->memory_static_max;
+
+-    if (def->vcpus) {
+-        (*record)->vcpus_max = (int64_t) def->vcpus;
+    if (def->maxvcpus) {
+        (*record)->vcpus_max = (int64_t) def->maxvcpus;
+         (*record)->vcpus_at_startup = (int64_t) def->vcpus;
+     }
+     if (def->onPoweroff)
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0009-support-all-flags-in-test-driver.patch
+++ b/docs/api_extension/0009-support-all-flags-in-test-driver.patch
@ -0,0 +1,197 @@
+From 6c9e6b956453d0f0c4ff542ef8a184d663a39266 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Mon, 4 Oct 2010 17:01:12 -0600
+Subject: [PATCH 09/15] vcpu: support all flags in test driver
+
+* src/test/test_driver.c (testDomainGetVcpusFlags)
+(testDomainSetVcpusFlags): Support all flags.
+(testDomainUpdateVCPUs): Update cpu count here.
+---
+ src/test/test_driver.c |  128 ++++++++++++++++++++++++++++++++++++++++-------
+ 1 files changed, 109 insertions(+), 19 deletions(-)
+
+diff --git a/src/test/test_driver.c b/src/test/test_driver.c
+index b70c80d..a9d3d89 100644
+--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
+@@ -450,6 +450,7 @@ testDomainUpdateVCPUs(virConnectPtr conn,
+                 goto cleanup;
+     }
+
+    dom->def->vcpus = nvcpus;
+     ret = 0;
+ cleanup:
+     return ret;
+@@ -2032,12 +2033,51 @@ cleanup:
+ static int
+ testDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags)
+ {
+-    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+-        testError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"), flags);
+    testConnPtr privconn = domain->conn->privateData;
+    virDomainObjPtr vm;
+    virDomainDefPtr def;
+    int ret = -1;
+
+    virCheckFlags(VIR_DOMAIN_VCPU_LIVE |
+                  VIR_DOMAIN_VCPU_CONFIG |
+                  VIR_DOMAIN_VCPU_MAXIMUM, -1);
+
+    /* Exactly one of LIVE or CONFIG must be set.  */
+    if (!(flags & VIR_DOMAIN_VCPU_LIVE) == !(flags & VIR_DOMAIN_VCPU_CONFIG)) {
+        testError(VIR_ERR_INVALID_ARG,
+                  _("invalid flag combination: (0x%x)"), flags);
+         return -1;
+     }
+
+-    return testGetMaxVCPUs(domain->conn, "test");
+    testDriverLock(privconn);
+    vm = virDomainFindByUUID(&privconn->domains, domain->uuid);
+    testDriverUnlock(privconn);
+
+    if (!vm) {
+        char uuidstr[VIR_UUID_STRING_BUFLEN];
+        virUUIDFormat(domain->uuid, uuidstr);
+        testError(VIR_ERR_NO_DOMAIN,
+                  _("no domain with matching uuid '%s'"), uuidstr);
+        goto cleanup;
+    }
+
+    if (flags & VIR_DOMAIN_VCPU_LIVE) {
+        if (!virDomainObjIsActive(vm)) {
+            testError(VIR_ERR_OPERATION_INVALID, "%s",
+                      _("domain not active"));
+            goto cleanup;
+        }
+        def = vm->def;
+    } else {
+        def = vm->newDef ? vm->newDef : vm->def;
+    }
+
+    ret = (flags & VIR_DOMAIN_VCPU_MAXIMUM) ? def->maxvcpus : def->vcpus;
+
+cleanup:
+    if (vm)
+        virDomainObjUnlock(vm);
+    return ret;
+ }
+
+ static int
+@@ -2053,21 +2093,30 @@ testDomainSetVcpusFlags(virDomainPtr domain, unsigned int nrCpus,
+ {
+     testConnPtr privconn = domain->conn->privateData;
+     virDomainObjPtr privdom = NULL;
+    virDomainDefPtr def;
+     int ret = -1, maxvcpus;
+
+-    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+-        testError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"), flags);
+    virCheckFlags(VIR_DOMAIN_VCPU_LIVE |
+                  VIR_DOMAIN_VCPU_CONFIG |
+                  VIR_DOMAIN_VCPU_MAXIMUM, -1);
+
+    /* At least one of LIVE or CONFIG must be set.  MAXIMUM cannot be
+     * mixed with LIVE.  */
+    if ((flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) == 0 ||
+        (flags & (VIR_DOMAIN_VCPU_MAXIMUM | VIR_DOMAIN_VCPU_LIVE)) ==
+         (VIR_DOMAIN_VCPU_MAXIMUM | VIR_DOMAIN_VCPU_LIVE)) {
+        testError(VIR_ERR_INVALID_ARG,
+                  _("invalid flag combination: (0x%x)"), flags);
+        return -1;
+    }
+    if (!nrCpus || (maxvcpus = testGetMaxVCPUs(domain->conn, NULL)) < nrCpus) {
+        testError(VIR_ERR_INVALID_ARG,
+                  _("argument out of range: %d"), nrCpus);
+         return -1;
+     }
+-
+-    /* Do this first before locking */
+-    maxvcpus = testDomainGetMaxVcpus(domain);
+-    if (maxvcpus < 0)
+-        goto cleanup;
+
+     testDriverLock(privconn);
+-    privdom = virDomainFindByName(&privconn->domains,
+-                                  domain->name);
+    privdom = virDomainFindByUUID(&privconn->domains, domain->uuid);
+     testDriverUnlock(privconn);
+
+     if (privdom == NULL) {
+@@ -2075,13 +2124,17 @@ testDomainSetVcpusFlags(virDomainPtr domain, unsigned int nrCpus,
+         goto cleanup;
+     }
+
+-    if (!virDomainObjIsActive(privdom)) {
+    if (!virDomainObjIsActive(privdom) && (flags & VIR_DOMAIN_VCPU_LIVE)) {
+         testError(VIR_ERR_OPERATION_INVALID,
+                   "%s", _("cannot hotplug vcpus for an inactive domain"));
+         goto cleanup;
+     }
+
+-    /* We allow more cpus in guest than host */
+    /* We allow more cpus in guest than host, but not more than the
+     * domain's starting limit.  */
+    if ((flags & (VIR_DOMAIN_VCPU_MAXIMUM | VIR_DOMAIN_VCPU_LIVE)) ==
+        VIR_DOMAIN_VCPU_LIVE && privdom->def->maxvcpus < maxvcpus)
+        maxvcpus = privdom->def->maxvcpus;
+     if (nrCpus > maxvcpus) {
+         testError(VIR_ERR_INVALID_ARG,
+                   "requested cpu amount exceeds maximum (%d > %d)",
+@@ -2089,12 +2142,49 @@ testDomainSetVcpusFlags(virDomainPtr domain, unsigned int nrCpus,
+         goto cleanup;
+     }
+
+-    /* Update VCPU state for the running domain */
+-    if (testDomainUpdateVCPUs(domain->conn, privdom, nrCpus, 0) < 0)
+-        goto cleanup;
+    switch (flags) {
+    case VIR_DOMAIN_VCPU_MAXIMUM | VIR_DOMAIN_VCPU_CONFIG:
+        def = privdom->def;
+        if (virDomainObjIsActive(privdom)) {
+            if (privdom->newDef)
+                def = privdom->newDef;
+            else {
+                testError(VIR_ERR_OPERATION_INVALID, "%s",
+                          _("no persistent state"));
+                goto cleanup;
+            }
+        }
+        def->maxvcpus = nrCpus;
+        if (nrCpus < def->vcpus)
+            def->vcpus = nrCpus;
+        ret = 0;
+        break;
+
+-    privdom->def->vcpus = nrCpus;
+-    ret = 0;
+    case VIR_DOMAIN_VCPU_CONFIG:
+        def = privdom->def;
+        if (virDomainObjIsActive(privdom)) {
+            if (privdom->newDef)
+                def = privdom->newDef;
+            else {
+                testError(VIR_ERR_OPERATION_INVALID, "%s",
+                          _("no persistent state"));
+                goto cleanup;
+            }
+        }
+        def->vcpus = nrCpus;
+        ret = 0;
+        break;
+
+    case VIR_DOMAIN_VCPU_LIVE:
+        ret = testDomainUpdateVCPUs(domain->conn, privdom, nrCpus, 0);
+        break;
+
+    case VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG:
+        ret = testDomainUpdateVCPUs(domain->conn, privdom, nrCpus, 0);
+        if (ret == 0 && privdom->newDef)
+            privdom->newDef->vcpus = nrCpus;
+        break;
+    }
+
+ cleanup:
+     if (privdom)
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0010-improve-vcpu-support-in-qemu-command-line.patch
+++ b/docs/api_extension/0010-improve-vcpu-support-in-qemu-command-line.patch
@ -0,0 +1,122 @@
+From d67c189e80e6aef7adf13e5763365555cfc1a02a Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 29 Sep 2010 15:58:47 -0600
+Subject: [PATCH 10/15] vcpu: improve vcpu support in qemu command line
+
+* src/qemu/qemu_conf.c (qemuParseCommandLineSmp): Distinguish
+between vcpus and maxvcpus, for new enough qemu.
+* tests/qemuargv2xmltest.c (mymain): Add new test.
+* tests/qemuxml2argvtest.c (mymain): Likewise.
+* tests/qemuxml2xmltest.c (mymain): Likewise.
+* tests/qemuxml2argvdata/qemuxml2argv-smp.args: New file.
+---
+ src/qemu/qemu_conf.c                         |   13 +++++++++----
+ tests/qemuargv2xmltest.c                     |    2 ++
+ tests/qemuxml2argvdata/qemuxml2argv-smp.args |    1 +
+ tests/qemuxml2argvtest.c                     |    2 ++
+ tests/qemuxml2xmltest.c                      |    2 ++
+ 5 files changed, 16 insertions(+), 4 deletions(-)
+ create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-smp.args
+
+diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
+index 38c8351..ffe184b 100644
+--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
+@@ -3714,6 +3714,8 @@ qemuBuildSmpArgStr(const virDomainDefPtr def,
+     virBufferVSprintf(&buf, "%u", def->vcpus);
+
+     if ((qemuCmdFlags & QEMUD_CMD_FLAG_SMP_TOPOLOGY)) {
+        if (def->vcpus != def->maxvcpus)
+            virBufferVSprintf(&buf, ",maxcpus=%u", def->maxvcpus);
+         /* sockets, cores, and threads are either all zero
+          * or all non-zero, thus checking one of them is enough */
+         if (def->cpu && def->cpu->sockets) {
+@@ -3726,12 +3728,12 @@ qemuBuildSmpArgStr(const virDomainDefPtr def,
+             virBufferVSprintf(&buf, ",cores=%u", 1);
+             virBufferVSprintf(&buf, ",threads=%u", 1);
+         }
+-    }
+-    if (def->vcpus != def->maxvcpus) {
+    } else if (def->vcpus != def->maxvcpus) {
+         virBufferFreeAndReset(&buf);
+        /* FIXME - consider hot-unplugging cpus after boot for older qemu */
+         qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                         _("setting current vcpu count less than maximum is "
+-                          "not supported yet"));
+                          "not supported with this QEMU binary"));
+         return NULL;
+     }
+
+@@ -6153,6 +6155,7 @@ qemuParseCommandLineSmp(virDomainDefPtr dom,
+     unsigned int sockets = 0;
+     unsigned int cores = 0;
+     unsigned int threads = 0;
+    unsigned int maxcpus = 0;
+     int i;
+     int nkws;
+     char **kws;
+@@ -6180,12 +6183,14 @@ qemuParseCommandLineSmp(virDomainDefPtr dom,
+                 cores = n;
+             else if (STREQ(kws[i], "threads"))
+                 threads = n;
+            else if (STREQ(kws[i], "maxcpus"))
+                maxcpus = n;
+             else
+                 goto syntax;
+         }
+     }
+
+-    dom->maxvcpus = dom->vcpus;
+    dom->maxvcpus = maxcpus ? maxcpus : dom->vcpus;
+
+     if (sockets && cores && threads) {
+         virCPUDefPtr cpu;
+diff --git a/tests/qemuargv2xmltest.c b/tests/qemuargv2xmltest.c
+index 4f9ec84..d941b0b 100644
+--- a/tests/qemuargv2xmltest.c
+++ b/tests/qemuargv2xmltest.c
+@@ -221,6 +221,8 @@ mymain(int argc, char **argv)
+
+     DO_TEST("hostdev-pci-address");
+
+    DO_TEST("smp");
+
+     DO_TEST_FULL("restore-v1", 0, "stdio");
+     DO_TEST_FULL("restore-v2", 0, "stdio");
+     DO_TEST_FULL("restore-v2", 0, "exec:cat");
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-smp.args b/tests/qemuxml2argvdata/qemuxml2argv-smp.args
+new file mode 100644
+index 0000000..3ec8f15
+--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-smp.args
+@@ -0,0 +1 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1,maxcpus=2,sockets=2,cores=1,threads=1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb
+diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
+index 92d5b18..551d6c4 100644
+--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
+@@ -385,6 +385,8 @@ mymain(int argc, char **argv)
+
+     DO_TEST("qemu-ns", 0);
+
+    DO_TEST("smp", QEMUD_CMD_FLAG_SMP_TOPOLOGY);
+
+     free(driver.stateDir);
+     virCapabilitiesFree(driver.caps);
+
+diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
+index a33d435..cdc4390 100644
+--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
+@@ -180,6 +180,8 @@ mymain(int argc, char **argv)
+     DO_TEST("encrypted-disk");
+     DO_TEST("memtune");
+
+    DO_TEST("smp");
+
+     /* These tests generate different XML */
+     DO_TEST_DIFFERENT("balloon-device-auto");
+     DO_TEST_DIFFERENT("channel-virtio-auto");
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0011-complete-vcpu-support-in-qemu-driver.patch
+++ b/docs/api_extension/0011-complete-vcpu-support-in-qemu-driver.patch
@ -0,0 +1,169 @@
+From 28a3605906385cba43df77051dc26e865f237b09 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 29 Sep 2010 17:40:45 -0600
+Subject: [PATCH 11/15] vcpu: complete vcpu support in qemu driver
+
+* src/qemu/qemu_driver.c (qemudDomainSetVcpusFlags)
+(qemudDomainGetVcpusFlags): Support all feasible flag
+combinations.
+---
+ src/qemu/qemu_driver.c |  100 ++++++++++++++++++++++++++++++++++++++++-------
+ 1 files changed, 85 insertions(+), 15 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index c66dc04..a9e057f 100644
+--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
+@@ -5941,13 +5941,27 @@ qemudDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
+ {
+     struct qemud_driver *driver = dom->conn->privateData;
+     virDomainObjPtr vm;
+    virDomainDefPtr def;
+     const char * type;
+     int max;
+     int ret = -1;
+
+-    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+-        qemuReportError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"),
+-                        flags);
+    virCheckFlags(VIR_DOMAIN_VCPU_LIVE |
+                  VIR_DOMAIN_VCPU_CONFIG |
+                  VIR_DOMAIN_VCPU_MAXIMUM, -1);
+
+    /* At least one of LIVE or CONFIG must be set.  MAXIMUM cannot be
+     * mixed with LIVE.  */
+    if ((flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) == 0 ||
+        (flags & (VIR_DOMAIN_VCPU_MAXIMUM | VIR_DOMAIN_VCPU_LIVE)) ==
+         (VIR_DOMAIN_VCPU_MAXIMUM | VIR_DOMAIN_VCPU_LIVE)) {
+        qemuReportError(VIR_ERR_INVALID_ARG,
+                        _("invalid flag combination: (0x%x)"), flags);
+        return -1;
+    }
+    if (!nvcpus || (unsigned short) nvcpus != nvcpus) {
+        qemuReportError(VIR_ERR_INVALID_ARG,
+                        _("argument out of range: %d"), nvcpus);
+         return -1;
+     }
+
+@@ -5966,7 +5980,7 @@ qemudDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
+     if (qemuDomainObjBeginJob(vm) < 0)
+         goto cleanup;
+
+-    if (!virDomainObjIsActive(vm)) {
+    if (!virDomainObjIsActive(vm) && (flags & VIR_DOMAIN_VCPU_LIVE)) {
+         qemuReportError(VIR_ERR_OPERATION_INVALID,
+                          "%s", _("domain is not running"));
+         goto endjob;
+@@ -5985,6 +5999,11 @@ qemudDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
+         goto endjob;
+     }
+
+    if ((flags & (VIR_DOMAIN_VCPU_MAXIMUM | VIR_DOMAIN_VCPU_LIVE)) ==
+        VIR_DOMAIN_VCPU_LIVE && vm->def->maxvcpus < max) {
+        max = vm->def->maxvcpus;
+    }
+
+     if (nvcpus > max) {
+         qemuReportError(VIR_ERR_INVALID_ARG,
+                         _("requested vcpus is greater than max allowable"
+@@ -5992,7 +6011,49 @@ qemudDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
+         goto endjob;
+     }
+
+-    ret = qemudDomainHotplugVcpus(vm, nvcpus);
+    switch (flags) {
+    case VIR_DOMAIN_VCPU_MAXIMUM | VIR_DOMAIN_VCPU_CONFIG:
+        def = vm->def;
+        if (virDomainObjIsActive(vm)) {
+            if (vm->newDef)
+                def = vm->newDef;
+            else{
+                qemuReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                                _("no persistent state"));
+                goto endjob;
+            }
+        }
+        def->maxvcpus = nvcpus;
+        if (nvcpus < vm->newDef->vcpus)
+            def->vcpus = nvcpus;
+        ret = 0;
+        break;
+
+    case VIR_DOMAIN_VCPU_CONFIG:
+        def = vm->def;
+        if (virDomainObjIsActive(vm)) {
+            if (vm->newDef)
+                def = vm->newDef;
+            else {
+                qemuReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                                _("no persistent state"));
+                goto endjob;
+            }
+        }
+        def->vcpus = nvcpus;
+        ret = 0;
+        break;
+
+    case VIR_DOMAIN_VCPU_LIVE:
+        ret = qemudDomainHotplugVcpus(vm, nvcpus);
+        break;
+
+    case VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG:
+        ret = qemudDomainHotplugVcpus(vm, nvcpus);
+        if (ret == 0 && vm->newDef)
+            vm->newDef->vcpus = nvcpus;
+        break;
+    }
+
+ endjob:
+     if (qemuDomainObjEndJob(vm) == 0)
+@@ -6171,12 +6232,17 @@ qemudDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
+ {
+     struct qemud_driver *driver = dom->conn->privateData;
+     virDomainObjPtr vm;
+-    const char *type;
+    virDomainDefPtr def;
+     int ret = -1;
+
+-    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+-        qemuReportError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"),
+-                        flags);
+    virCheckFlags(VIR_DOMAIN_VCPU_LIVE |
+                  VIR_DOMAIN_VCPU_CONFIG |
+                  VIR_DOMAIN_VCPU_MAXIMUM, -1);
+
+    /* Exactly one of LIVE or CONFIG must be set.  */
+    if (!(flags & VIR_DOMAIN_VCPU_LIVE) == !(flags & VIR_DOMAIN_VCPU_CONFIG)) {
+        qemuReportError(VIR_ERR_INVALID_ARG,
+                        _("invalid flag combination: (0x%x)"), flags);
+         return -1;
+     }
+
+@@ -6192,14 +6258,18 @@ qemudDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
+         goto cleanup;
+     }
+
+-    if (!(type = virDomainVirtTypeToString(vm->def->virtType))) {
+-        qemuReportError(VIR_ERR_INTERNAL_ERROR,
+-                        _("unknown virt type in domain definition '%d'"),
+-                        vm->def->virtType);
+-        goto cleanup;
+    if (flags & VIR_DOMAIN_VCPU_LIVE) {
+        if (!virDomainObjIsActive(vm)) {
+            qemuReportError(VIR_ERR_OPERATION_INVALID, "%s",
+                            _("domain not active"));
+            goto cleanup;
+        }
+        def = vm->def;
+    } else {
+        def = vm->newDef ? vm->newDef : vm->def;
+     }
+
+-    ret = qemudGetMaxVCPUs(NULL, type);
+    ret = (flags & VIR_DOMAIN_VCPU_MAXIMUM) ? def->maxvcpus : def->vcpus;
+
+ cleanup:
+     if (vm)
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0012-improve-vcpu-support-in-xen-command-line.patch
+++ b/docs/api_extension/0012-improve-vcpu-support-in-xen-command-line.patch
@ -0,0 +1,294 @@
+From 0fab10e5ed971ab4f960a53e9640b0672f4b8ac3 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Tue, 5 Oct 2010 08:18:52 -0600
+Subject: [PATCH 12/15] vcpu: improve vcpu support in xen command line
+
+This patch series focuses on xendConfigVersion 2 (xm_internal) and 3
+(xend_internal), but leaves out changes for xenapi drivers.
+
+See this link for more details about vcpu_avail for xm usage.
+http://lists.xensource.com/archives/html/xen-devel/2009-11/msg01061.html
+
+This relies on the fact that def->maxvcpus can be at most 32 with xen.
+
+* src/xen/xend_internal.c (xenDaemonParseSxpr)
+(sexpr_to_xend_domain_info, xenDaemonFormatSxpr): Use vcpu_avail
+when current vcpus is less than maximum.
+* src/xen/xm_internal.c (xenXMDomainConfigParse)
+(xenXMDomainConfigFormat): Likewise.
+* tests/xml2sexprdata/xml2sexpr-pv-vcpus.sexpr: New file.
+* tests/sexpr2xmldata/sexpr2xml-pv-vcpus.sexpr: Likewise.
+* tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml: Likewise.
+* tests/xmconfigdata/test-paravirt-vcpu.cfg: Likewise.
+* tests/xmconfigdata/test-paravirt-vcpu.xml: Likewise.
+* tests/xml2sexprtest.c (mymain): New test.
+* tests/sexpr2xmltest.c (mymain): Likewise.
+* tests/xmconfigtest.c (mymain): Likewise.
+---
+ src/xen/xend_internal.c                      |   19 +++++++++++++--
+ src/xen/xm_internal.c                        |   10 ++++++-
+ tests/sexpr2xmldata/sexpr2xml-pv-vcpus.sexpr |    1 +
+ tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml   |   27 +++++++++++++++++++++
+ tests/sexpr2xmltest.c                        |    1 +
+ tests/xmconfigdata/test-paravirt-vcpu.cfg    |   17 +++++++++++++
+ tests/xmconfigdata/test-paravirt-vcpu.xml    |   32 ++++++++++++++++++++++++++
+ tests/xmconfigtest.c                         |    1 +
+ tests/xml2sexprdata/xml2sexpr-pv-vcpus.sexpr |    1 +
+ tests/xml2sexprtest.c                        |    1 +
+ 10 files changed, 105 insertions(+), 5 deletions(-)
+ create mode 100644 tests/sexpr2xmldata/sexpr2xml-pv-vcpus.sexpr
+ create mode 100644 tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml
+ create mode 100644 tests/xmconfigdata/test-paravirt-vcpu.cfg
+ create mode 100644 tests/xmconfigdata/test-paravirt-vcpu.xml
+ create mode 100644 tests/xml2sexprdata/xml2sexpr-pv-vcpus.sexpr
+
+diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
+index 456b477..dfc6415 100644
+--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
+@@ -44,6 +44,7 @@
+ #include "xen_hypervisor.h"
+ #include "xs_internal.h" /* To extract VNC port & Serial console TTY */
+ #include "memory.h"
+#include "count-one-bits.h"
+
+ /* required for cpumap_t */
+ #include <xen/dom0_ops.h>
+@@ -2191,7 +2192,9 @@ xenDaemonParseSxpr(virConnectPtr conn,
+     }
+
+     def->maxvcpus = sexpr_int(root, "domain/vcpus");
+-    def->vcpus = def->maxvcpus;
+    def->vcpus = count_one_bits(sexpr_int(root, "domain/vcpu_avail"));
+    if (!def->vcpus || def->maxvcpus < def->vcpus)
+        def->vcpus = def->maxvcpus;
+
+     tmp = sexpr_node(root, "domain/on_poweroff");
+     if (tmp != NULL) {
+@@ -2433,7 +2436,7 @@ sexpr_to_xend_domain_info(virDomainPtr domain, const struct sexpr *root,
+                           virDomainInfoPtr info)
+ {
+     const char *flags;
+-
+    int vcpus;
+
+     if ((root == NULL) || (info == NULL))
+         return (-1);
+@@ -2464,7 +2467,11 @@ sexpr_to_xend_domain_info(virDomainPtr domain, const struct sexpr *root,
+             info->state = VIR_DOMAIN_NOSTATE;
+     }
+     info->cpuTime = sexpr_float(root, "domain/cpu_time") * 1000000000;
+-    info->nrVirtCpu = sexpr_int(root, "domain/vcpus");
+    vcpus = sexpr_int(root, "domain/vcpus");
+    info->nrVirtCpu = count_one_bits(sexpr_int(root, "domain/vcpu_avail"));
+    if (!info->nrVirtCpu || vcpus < info->nrVirtCpu)
+        info->nrVirtCpu = vcpus;
+
+     return (0);
+ }
+
+@@ -5668,6 +5675,9 @@ xenDaemonFormatSxpr(virConnectPtr conn,
+     virBufferVSprintf(&buf, "(memory %lu)(maxmem %lu)",
+                       def->mem.cur_balloon/1024, def->mem.max_balloon/1024);
+     virBufferVSprintf(&buf, "(vcpus %u)", def->maxvcpus);
+    /* Computing the vcpu_avail bitmask works because MAX_VIRT_CPUS is 32.  */
+    if (def->vcpus < def->maxvcpus)
+        virBufferVSprintf(&buf, "(vcpu_avail %u)", (1U << def->vcpus) - 1);
+
+     if (def->cpumask) {
+         char *ranges = virDomainCpuSetFormat(def->cpumask, def->cpumasklen);
+@@ -5763,6 +5773,9 @@ xenDaemonFormatSxpr(virConnectPtr conn,
+                 virBufferVSprintf(&buf, "(kernel '%s')", def->os.loader);
+
+             virBufferVSprintf(&buf, "(vcpus %u)", def->maxvcpus);
+            if (def->vcpus < def->maxvcpus)
+                virBufferVSprintf(&buf, "(vcpu_avail %u)",
+                                  (1U << def->vcpus) - 1);
+
+             for (i = 0 ; i < def->os.nBootDevs ; i++) {
+                 switch (def->os.bootDevs[i]) {
+diff --git a/src/xen/xm_internal.c b/src/xen/xm_internal.c
+index bf20a64..f7121ab 100644
+--- a/src/xen/xm_internal.c
+++ b/src/xen/xm_internal.c
+@@ -46,6 +46,7 @@
+ #include "util.h"
+ #include "memory.h"
+ #include "logging.h"
+#include "count-one-bits.h"
+
+ #define VIR_FROM_THIS VIR_FROM_XENXM
+
+@@ -772,10 +773,12 @@ xenXMDomainConfigParse(virConnectPtr conn, virConfPtr conf) {
+     def->mem.max_balloon *= 1024;
+
+     if (xenXMConfigGetULong(conf, "vcpus", &count, 1) < 0 ||
+-        (unsigned short) count != count)
+        MAX_VIRT_CPUS < count)
+         goto cleanup;
+     def->maxvcpus = count;
+-    def->vcpus = def->maxvcpus;
+    if (xenXMConfigGetULong(conf, "vcpu_avail", &count, -1) < 0)
+        goto cleanup;
+    def->vcpus = MIN(count_one_bits(count), def->maxvcpus);
+
+     if (xenXMConfigGetString(conf, "cpus", &str, NULL) < 0)
+         goto cleanup;
+@@ -2246,6 +2249,9 @@ virConfPtr xenXMDomainConfigFormat(virConnectPtr conn,
+
+     if (xenXMConfigSetInt(conf, "vcpus", def->maxvcpus) < 0)
+         goto no_memory;
+    if (def->vcpus < def->maxvcpus &&
+        xenXMConfigSetInt(conf, "vcpu_avail", (1U << def->vcpus) - 1) < 0)
+        goto no_memory;
+
+     if ((def->cpumask != NULL) &&
+         ((cpus = virDomainCpuSetFormat(def->cpumask,
+diff --git a/tests/sexpr2xmldata/sexpr2xml-pv-vcpus.sexpr b/tests/sexpr2xmldata/sexpr2xml-pv-vcpus.sexpr
+new file mode 100644
+index 0000000..2be6822
+--- /dev/null
+++ b/tests/sexpr2xmldata/sexpr2xml-pv-vcpus.sexpr
+@@ -0,0 +1 @@
+(domain (domid 6)(name 'pvtest')(memory 420)(maxmem 420)(vcpus 4)(vcpu_avail 3)(uuid '596a5d2171f48fb2e068e2386a5c413e')(on_poweroff 'destroy')(on_reboot 'destroy')(on_crash 'destroy')(image (linux (kernel '/var/lib/xen/vmlinuz.2Dn2YT')(ramdisk '/var/lib/xen/initrd.img.0u-Vhq')(args ' method=http://download.fedora.devel.redhat.com/pub/fedora/linux/core/test/5.91/x86_64/os  ')))(device (vbd (dev 'xvda')(uname 'file:/root/some.img')(mode 'w'))))
+diff --git a/tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml b/tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml
+new file mode 100644
+index 0000000..0d6bf11
+--- /dev/null
+++ b/tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml
+@@ -0,0 +1,27 @@
+<domain type='xen' id='6'>
+  <name>pvtest</name>
+  <uuid>596a5d21-71f4-8fb2-e068-e2386a5c413e</uuid>
+  <memory>430080</memory>
+  <currentMemory>430080</currentMemory>
+  <vcpu current='2'>4</vcpu>
+  <os>
+    <type>linux</type>
+    <kernel>/var/lib/xen/vmlinuz.2Dn2YT</kernel>
+    <initrd>/var/lib/xen/initrd.img.0u-Vhq</initrd>
+    <cmdline> method=http://download.fedora.devel.redhat.com/pub/fedora/linux/core/test/5.91/x86_64/os  </cmdline>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>destroy</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <disk type='file' device='disk'>
+      <driver name='file'/>
+      <source file='/root/some.img'/>
+      <target dev='xvda' bus='xen'/>
+    </disk>
+    <console type='pty'>
+      <target type='xen' port='0'/>
+    </console>
+  </devices>
+</domain>
+diff --git a/tests/sexpr2xmltest.c b/tests/sexpr2xmltest.c
+index d62b44f..f100dd8 100644
+--- a/tests/sexpr2xmltest.c
+++ b/tests/sexpr2xmltest.c
+@@ -132,6 +132,7 @@ mymain(int argc, char **argv)
+     DO_TEST("pv-vfb-type-crash", "pv-vfb-type-crash", 3);
+     DO_TEST("fv-autoport", "fv-autoport", 3);
+     DO_TEST("pv-bootloader", "pv-bootloader", 1);
+    DO_TEST("pv-vcpus", "pv-vcpus", 1);
+
+     DO_TEST("disk-file", "disk-file", 2);
+     DO_TEST("disk-block", "disk-block", 2);
+diff --git a/tests/xmconfigdata/test-paravirt-vcpu.cfg b/tests/xmconfigdata/test-paravirt-vcpu.cfg
+new file mode 100644
+index 0000000..24c78f4
+--- /dev/null
+++ b/tests/xmconfigdata/test-paravirt-vcpu.cfg
+@@ -0,0 +1,17 @@
+name = "XenGuest1"
+uuid = "c7a5fdb0-cdaf-9455-926a-d65c16db1809"
+maxmem = 579
+memory = 394
+vcpus = 4
+vcpu_avail = 3
+bootloader = "/usr/bin/pygrub"
+on_poweroff = "destroy"
+on_reboot = "restart"
+on_crash = "restart"
+sdl = 0
+vnc = 1
+vncunused = 1
+vnclisten = "127.0.0.1"
+vncpasswd = "123poi"
+disk = [ "phy:/dev/HostVG/XenGuest1,xvda,w" ]
+vif = [ "mac=00:16:3e:66:94:9c,bridge=br0,script=vif-bridge" ]
+diff --git a/tests/xmconfigdata/test-paravirt-vcpu.xml b/tests/xmconfigdata/test-paravirt-vcpu.xml
+new file mode 100644
+index 0000000..0be9456
+--- /dev/null
+++ b/tests/xmconfigdata/test-paravirt-vcpu.xml
+@@ -0,0 +1,32 @@
+<domain type='xen'>
+  <name>XenGuest1</name>
+  <uuid>c7a5fdb0-cdaf-9455-926a-d65c16db1809</uuid>
+  <memory>592896</memory>
+  <currentMemory>403456</currentMemory>
+  <vcpu current='2'>4</vcpu>
+  <bootloader>/usr/bin/pygrub</bootloader>
+  <os>
+    <type arch='i686' machine='xenpv'>linux</type>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <devices>
+    <disk type='block' device='disk'>
+      <driver name='phy'/>
+      <source dev='/dev/HostVG/XenGuest1'/>
+      <target dev='xvda' bus='xen'/>
+    </disk>
+    <interface type='bridge'>
+      <mac address='00:16:3e:66:94:9c'/>
+      <source bridge='br0'/>
+      <script path='vif-bridge'/>
+    </interface>
+    <console type='pty'>
+      <target type='xen' port='0'/>
+    </console>
+    <input type='mouse' bus='xen'/>
+    <graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1' passwd='123poi'/>
+  </devices>
+</domain>
+diff --git a/tests/xmconfigtest.c b/tests/xmconfigtest.c
+index 221b322..ea00747 100644
+--- a/tests/xmconfigtest.c
+++ b/tests/xmconfigtest.c
+@@ -210,6 +210,7 @@ mymain(int argc, char **argv)
+     DO_TEST("paravirt-new-pvfb-vncdisplay", 3);
+     DO_TEST("paravirt-net-e1000", 3);
+     DO_TEST("paravirt-net-vifname", 3);
+    DO_TEST("paravirt-vcpu", 2);
+     DO_TEST("fullvirt-old-cdrom", 1);
+     DO_TEST("fullvirt-new-cdrom", 2);
+     DO_TEST("fullvirt-utc", 2);
+diff --git a/tests/xml2sexprdata/xml2sexpr-pv-vcpus.sexpr b/tests/xml2sexprdata/xml2sexpr-pv-vcpus.sexpr
+new file mode 100644
+index 0000000..e886545
+--- /dev/null
+++ b/tests/xml2sexprdata/xml2sexpr-pv-vcpus.sexpr
+@@ -0,0 +1 @@
+(vm (name 'pvtest')(memory 420)(maxmem 420)(vcpus 4)(vcpu_avail 3)(uuid '596a5d21-71f4-8fb2-e068-e2386a5c413e')(on_poweroff 'destroy')(on_reboot 'destroy')(on_crash 'destroy')(image (linux (kernel '/var/lib/xen/vmlinuz.2Dn2YT')(ramdisk '/var/lib/xen/initrd.img.0u-Vhq')(args ' method=http://download.fedora.devel.redhat.com/pub/fedora/linux/core/test/5.91/x86_64/os  ')))(device (vbd (dev 'xvda')(uname 'file:/root/some.img')(mode 'w'))))
+\ No newline at end of file
+diff --git a/tests/xml2sexprtest.c b/tests/xml2sexprtest.c
+index 77cf760..9cf8d39 100644
+--- a/tests/xml2sexprtest.c
+++ b/tests/xml2sexprtest.c
+@@ -118,6 +118,7 @@ mymain(int argc, char **argv)
+     DO_TEST("pv-vfb-new", "pv-vfb-new", "pvtest", 3);
+     DO_TEST("pv-vfb-new-auto", "pv-vfb-new-auto", "pvtest", 3);
+     DO_TEST("pv-bootloader", "pv-bootloader", "pvtest", 1);
+    DO_TEST("pv-vcpus", "pv-vcpus", "pvtest", 1);
+
+     DO_TEST("disk-file", "disk-file", "pvtest", 2);
+     DO_TEST("disk-block", "disk-block", "pvtest", 2);
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0013-improve-getting-xen-vcpu-counts.patch
+++ b/docs/api_extension/0013-improve-getting-xen-vcpu-counts.patch
@ -0,0 +1,216 @@
+From 290ea33111be7bdf1f1381b90de33eb0e67c1a15 Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Wed, 6 Oct 2010 17:54:41 -0600
+Subject: [PATCH 13/15] vcpu: improve support for getting xen vcpu counts
+
+* src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Support
+more flags.
+* src/xen/xend_internal.h (xenDaemonDomainGetVcpusFlags): New
+prototype.
+* src/xen/xm_internal.h (xenXMDomainGetVcpusFlags): Likewise.
+* src/xen/xend_internal.c (virDomainGetVcpusFlags): New function.
+* src/xen/xm_internal.c (xenXMDomainGetVcpusFlags): Likewise.
+---
+ src/xen/xen_driver.c    |   31 +++++++++++++++++++--------
+ src/xen/xend_internal.c |   52 +++++++++++++++++++++++++++++++++++++++++++++++
+ src/xen/xend_internal.h |    2 +
+ src/xen/xm_internal.c   |   47 ++++++++++++++++++++++++++++++++++++++++++
+ src/xen/xm_internal.h   |    1 +
+ 5 files changed, 124 insertions(+), 9 deletions(-)
+
+diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
+index d6c9c57..fe2ff86 100644
+--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
+@@ -1142,20 +1142,33 @@ static int
+ xenUnifiedDomainGetVcpusFlags (virDomainPtr dom, unsigned int flags)
+ {
+     GET_PRIVATE(dom->conn);
+-    int i, ret;
+    int ret;
+
+-    if (flags != (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_MAXIMUM)) {
+-        xenUnifiedError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"),
+-                        flags);
+    virCheckFlags(VIR_DOMAIN_VCPU_LIVE |
+                  VIR_DOMAIN_VCPU_CONFIG |
+                  VIR_DOMAIN_VCPU_MAXIMUM, -1);
+
+    /* Exactly one of LIVE or CONFIG must be set.  */
+    if (!(flags & VIR_DOMAIN_VCPU_LIVE) == !(flags & VIR_DOMAIN_VCPU_CONFIG)) {
+        xenUnifiedError(VIR_ERR_INVALID_ARG,
+                        _("invalid flag combination: (0x%x)"), flags);
+         return -1;
+     }
+
+-    for (i = 0; i < XEN_UNIFIED_NR_DRIVERS; ++i)
+-        if (priv->opened[i] && drivers[i]->domainGetMaxVcpus) {
+-            ret = drivers[i]->domainGetMaxVcpus (dom);
+-            if (ret != 0) return ret;
+-        }
+    if (priv->opened[XEN_UNIFIED_XEND_OFFSET]) {
+        ret = xenDaemonDomainGetVcpusFlags(dom, flags);
+        if (ret != -2)
+            return ret;
+    }
+    if (priv->opened[XEN_UNIFIED_XM_OFFSET]) {
+        ret = xenXMDomainGetVcpusFlags(dom, flags);
+        if (ret != -2)
+            return ret;
+    }
+    if (flags == (VIR_DOMAIN_VCPU_CONFIG | VIR_DOMAIN_VCPU_MAXIMUM))
+        return xenHypervisorGetVcpuMax(dom);
+
+    xenUnifiedError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+     return -1;
+ }
+
+diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
+index dfc6415..3642296 100644
+--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
+@@ -3620,6 +3620,58 @@ xenDaemonDomainPinVcpu(virDomainPtr domain, unsigned int vcpu,
+ }
+
+ /**
+ * xenDaemonDomainGetVcpusFlags:
+ * @domain: pointer to domain object
+ * @flags: bitwise-ORd from virDomainVcpuFlags
+ *
+ * Extract information about virtual CPUs of domain according to flags.
+ *
+ * Returns the number of vcpus on success, -1 if an error message was
+ * issued, and -2 if the unified driver should keep trying.
+
+ */
+int
+xenDaemonDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags)
+{
+    struct sexpr *root;
+    int ret;
+    xenUnifiedPrivatePtr priv;
+
+    if (domain == NULL || domain->conn == NULL || domain->name == NULL) {
+        virXendError(VIR_ERR_INVALID_ARG, __FUNCTION__);
+        return -1;
+    }
+
+    priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
+
+    /* If xendConfigVersion is 2, then we can only report _LIVE (and
+     * xm_internal reports _CONFIG).  If it is 3, then _LIVE and
+     * _CONFIG are always in sync for a running system.  */
+    if (domain->id < 0 && priv->xendConfigVersion < 3)
+        return -2;
+    if (domain->id < 0 && (flags & VIR_DOMAIN_VCPU_LIVE)) {
+        virXendError(VIR_ERR_OPERATION_INVALID, "%s",
+                     _("domain not active"));
+        return -1;
+    }
+
+    root = sexpr_get(domain->conn, "/xend/domain/%s?detail=1", domain->name);
+    if (root == NULL)
+        return -1;
+
+    ret = sexpr_int(root, "domain/vcpus");
+    if (!(flags & VIR_DOMAIN_VCPU_MAXIMUM)) {
+        int vcpus = count_one_bits(sexpr_int(root, "domain/vcpu_avail"));
+        if (vcpus)
+            ret = MIN(vcpus, ret);
+    }
+    if (!ret)
+        ret = -2;
+    sexpr_free(root);
+    return ret;
+}
+
+/**
+  * virDomainGetVcpus:
+  * @domain: pointer to domain object, or NULL for Domain0
+  * @info: pointer to an array of virVcpuInfo structures (OUT)
+diff --git a/src/xen/xend_internal.h b/src/xen/xend_internal.h
+index c757716..923cebd 100644
+--- a/src/xen/xend_internal.h
+++ b/src/xen/xend_internal.h
+@@ -155,6 +155,8 @@ int	xenDaemonDomainPinVcpu		(virDomainPtr domain,
+                                          unsigned int vcpu,
+                                          unsigned char *cpumap,
+                                          int maplen);
+int     xenDaemonDomainGetVcpusFlags    (virDomainPtr domain,
+                                         unsigned int flags);
+ int	xenDaemonDomainGetVcpus		(virDomainPtr domain,
+                                          virVcpuInfoPtr info,
+                                          int maxinfo,
+diff --git a/src/xen/xm_internal.c b/src/xen/xm_internal.c
+index f7121ab..4ea4245 100644
+--- a/src/xen/xm_internal.c
+++ b/src/xen/xm_internal.c
+@@ -1671,6 +1671,53 @@ cleanup:
+ }
+
+ /**
+ * xenXMDomainGetVcpusFlags:
+ * @domain: pointer to domain object
+ * @flags: bitwise-ORd from virDomainVcpuFlags
+ *
+ * Extract information about virtual CPUs of domain according to flags.
+ *
+ * Returns the number of vcpus on success, -1 if an error message was
+ * issued, and -2 if the unified driver should keep trying.
+ */
+int
+xenXMDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags)
+{
+    xenUnifiedPrivatePtr priv;
+    const char *filename;
+    xenXMConfCachePtr entry;
+    int ret = -2;
+
+    if ((domain == NULL) || (domain->conn == NULL) || (domain->name == NULL)) {
+        xenXMError(VIR_ERR_INVALID_ARG, __FUNCTION__);
+        return -1;
+    }
+
+    if (domain->id != -1)
+        return -2;
+    if (flags & VIR_DOMAIN_VCPU_LIVE) {
+        xenXMError(VIR_ERR_OPERATION_FAILED, "%s", _("domain not active"));
+        return -1;
+    }
+
+    priv = domain->conn->privateData;
+    xenUnifiedLock(priv);
+
+    if (!(filename = virHashLookup(priv->nameConfigMap, domain->name)))
+        goto cleanup;
+
+    if (!(entry = virHashLookup(priv->configCache, filename)))
+        goto cleanup;
+
+    ret = ((flags & VIR_DOMAIN_VCPU_MAXIMUM) ? entry->def->maxvcpus
+           : entry->def->vcpus);
+
+cleanup:
+    xenUnifiedUnlock(priv);
+    return ret;
+}
+
+/**
+  * xenXMDomainPinVcpu:
+  * @domain: pointer to domain object
+  * @vcpu: virtual CPU number (reserved)
+diff --git a/src/xen/xm_internal.h b/src/xen/xm_internal.h
+index 3ad3456..3295fbd 100644
+--- a/src/xen/xm_internal.h
+++ b/src/xen/xm_internal.h
+@@ -45,6 +45,7 @@ int xenXMDomainSetMemory(virDomainPtr domain, unsigned long memory);
+ int xenXMDomainSetMaxMemory(virDomainPtr domain, unsigned long memory);
+ unsigned long xenXMDomainGetMaxMemory(virDomainPtr domain);
+ int xenXMDomainSetVcpus(virDomainPtr domain, unsigned int vcpus);
+int xenXMDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags);
+ int xenXMDomainPinVcpu(virDomainPtr domain, unsigned int vcpu,
+                        unsigned char *cpumap, int maplen);
+ virDomainPtr xenXMDomainLookupByName(virConnectPtr conn, const char *domname);
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0014-improve-setting-xen-vcpu-counts.patch
+++ b/docs/api_extension/0014-improve-setting-xen-vcpu-counts.patch
@ -0,0 +1,342 @@
+From e443a003129a172a7332f3cb6e40b3c39363ed5e Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Thu, 14 Oct 2010 16:17:18 -0600
+Subject: [PATCH 14/15] vcpu: improve support for setting xen vcpu counts
+
+Tested with RHEL 5.6 (xendConfigVersion 2, where xend_internal
+controls live domains and xm_internal controls inactive domains).
+Hopefully this works with xendConfigVersion 3 (where xend_internal
+controls everything).
+
+* src/xen/xen_driver.c (xenUnifiedDomainSetVcpusFlags): Support
+more flags.
+(xenUnifiedGetMaxVcpus): Export.
+* src/xen/xm_internal.h (xenXMDomainSetVcpusFlags): New prototype.
+* src/xen/xend_internal.h (xenDaemonDomainSetVcpusFlags): Likewise.
+* src/xen/xen_driver.h (xenUnifiedGetMaxVcpus): Likewise.
+* src/xen/xm_internal.c (xenXMDomainSetVcpusFlags): New function.
+* src/xen/xend_internal.c (xenDaemonDomainSetVcpusFlags): Likewise.
+---
+ src/xen/xen_driver.c    |   60 ++++++++++++++++++++++++---------
+ src/xen/xen_driver.h    |    1 +
+ src/xen/xend_internal.c |   76 +++++++++++++++++++++++++++++++++++++++++++
+ src/xen/xend_internal.h |    3 ++
+ src/xen/xm_internal.c   |   83 +++++++++++++++++++++++++++++++++++++++++++++++
+ src/xen/xm_internal.h   |    2 +
+ 6 files changed, 208 insertions(+), 17 deletions(-)
+
+diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
+index fe2ff86..66e8518 100644
+--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
+@@ -508,7 +508,7 @@ xenUnifiedIsSecure(virConnectPtr conn)
+     return ret;
+ }
+
+-static int
+int
+ xenUnifiedGetMaxVcpus (virConnectPtr conn, const char *type)
+ {
+     GET_PRIVATE(conn);
+@@ -1073,36 +1073,62 @@ xenUnifiedDomainSetVcpusFlags (virDomainPtr dom, unsigned int nvcpus,
+                                unsigned int flags)
+ {
+     GET_PRIVATE(dom->conn);
+-    int i;
+    int ret;
+
+    virCheckFlags(VIR_DOMAIN_VCPU_LIVE |
+                  VIR_DOMAIN_VCPU_CONFIG |
+                  VIR_DOMAIN_VCPU_MAXIMUM, -1);
+
+-    if (flags != VIR_DOMAIN_VCPU_LIVE) {
+-        xenUnifiedError(VIR_ERR_INVALID_ARG, _("unsupported flags: (0x%x)"),
+-                        flags);
+    /* At least one of LIVE or CONFIG must be set.  MAXIMUM cannot be
+     * mixed with LIVE.  */
+    if ((flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) == 0 ||
+        (flags & (VIR_DOMAIN_VCPU_MAXIMUM | VIR_DOMAIN_VCPU_LIVE)) ==
+         (VIR_DOMAIN_VCPU_MAXIMUM | VIR_DOMAIN_VCPU_LIVE)) {
+        xenUnifiedError(VIR_ERR_INVALID_ARG,
+                        _("invalid flag combination: (0x%x)"), flags);
+        return -1;
+    }
+    if (!nvcpus || (unsigned short) nvcpus != nvcpus) {
+        xenUnifiedError(VIR_ERR_INVALID_ARG,
+                        _("argument out of range: %d"), nvcpus);
+         return -1;
+     }
+
+     /* Try non-hypervisor methods first, then hypervisor direct method
+      * as a last resort.
+      */
+-    for (i = 0; i < XEN_UNIFIED_NR_DRIVERS; ++i)
+-        if (i != XEN_UNIFIED_HYPERVISOR_OFFSET &&
+-            priv->opened[i] &&
+-            drivers[i]->domainSetVcpus &&
+-            drivers[i]->domainSetVcpus (dom, nvcpus) == 0)
+-            return 0;
+-
+-    if (priv->opened[XEN_UNIFIED_HYPERVISOR_OFFSET] &&
+-        drivers[XEN_UNIFIED_HYPERVISOR_OFFSET]->domainSetVcpus &&
+-        drivers[XEN_UNIFIED_HYPERVISOR_OFFSET]->domainSetVcpus (dom, nvcpus) == 0)
+-        return 0;
+    if (priv->opened[XEN_UNIFIED_XEND_OFFSET]) {
+        ret = xenDaemonDomainSetVcpusFlags(dom, nvcpus, flags);
+        if (ret != -2)
+            return ret;
+    }
+    if (priv->opened[XEN_UNIFIED_XM_OFFSET]) {
+        ret = xenXMDomainSetVcpusFlags(dom, nvcpus, flags);
+        if (ret != -2)
+            return ret;
+    }
+    if (flags == VIR_DOMAIN_VCPU_LIVE)
+        return xenHypervisorSetVcpus(dom, nvcpus);
+
+    xenUnifiedError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
+     return -1;
+ }
+
+ static int
+ xenUnifiedDomainSetVcpus (virDomainPtr dom, unsigned int nvcpus)
+ {
+-    return xenUnifiedDomainSetVcpusFlags(dom, nvcpus, VIR_DOMAIN_VCPU_LIVE);
+    unsigned int flags = VIR_DOMAIN_VCPU_LIVE;
+    xenUnifiedPrivatePtr priv;
+
+    /* Per the documented API, it is hypervisor-dependent whether this
+     * affects just _LIVE or _LIVE|_CONFIG; in xen's case, that
+     * depends on xendConfigVersion.  */
+    if (dom) {
+        priv = dom->conn->privateData;
+        if (priv->xendConfigVersion >= 3)
+            flags |= VIR_DOMAIN_VCPU_CONFIG;
+    }
+    return xenUnifiedDomainSetVcpusFlags(dom, nvcpus, flags);
+ }
+
+ static int
+diff --git a/src/xen/xen_driver.h b/src/xen/xen_driver.h
+index 3e7c1d0..115a26a 100644
+--- a/src/xen/xen_driver.h
+++ b/src/xen/xen_driver.h
+@@ -220,6 +220,7 @@ int  xenUnifiedRemoveDomainInfo(xenUnifiedDomainInfoListPtr info,
+ void xenUnifiedDomainEventDispatch (xenUnifiedPrivatePtr priv,
+                                     virDomainEventPtr event);
+ unsigned long xenUnifiedVersion(void);
+int xenUnifiedGetMaxVcpus(virConnectPtr conn, const char *type);
+
+ # ifndef PROXY
+ void xenUnifiedLock(xenUnifiedPrivatePtr priv);
+diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
+index 3642296..55c2cc4 100644
+--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
+@@ -3535,6 +3535,82 @@ xenDaemonLookupByID(virConnectPtr conn, int id) {
+ }
+
+ /**
+ * xenDaemonDomainSetVcpusFlags:
+ * @domain: pointer to domain object
+ * @nvcpus: the new number of virtual CPUs for this domain
+ * @flags: bitwise-ORd from virDomainVcpuFlags
+ *
+ * Change virtual CPUs allocation of domain according to flags.
+ *
+ * Returns 0 on success, -1 if an error message was issued, and -2 if
+ * the unified driver should keep trying.
+ */
+int
+xenDaemonDomainSetVcpusFlags(virDomainPtr domain, unsigned int vcpus,
+                             unsigned int flags)
+{
+    char buf[VIR_UUID_BUFLEN];
+    xenUnifiedPrivatePtr priv;
+    int max;
+
+    if ((domain == NULL) || (domain->conn == NULL) || (domain->name == NULL)
+        || (vcpus < 1)) {
+        virXendError(VIR_ERR_INVALID_ARG, __FUNCTION__);
+        return (-1);
+    }
+
+    priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
+
+    if ((domain->id < 0 && priv->xendConfigVersion < 3) ||
+        (flags & VIR_DOMAIN_VCPU_MAXIMUM))
+        return -2;
+
+    /* With xendConfigVersion 2, only _LIVE is supported.  With
+     * xendConfigVersion 3, only _LIVE|_CONFIG is supported for
+     * running domains, or _CONFIG for inactive domains.  */
+    if (priv->xendConfigVersion < 3) {
+        if (flags & VIR_DOMAIN_VCPU_CONFIG) {
+            virXendError(VIR_ERR_OPERATION_INVALID, "%s",
+                         _("Xend version does not support modifying "
+                           "persistent config"));
+            return -1;
+        }
+    } else if (domain->id < 0) {
+        if (flags & VIR_DOMAIN_VCPU_LIVE) {
+            virXendError(VIR_ERR_OPERATION_INVALID, "%s",
+                         _("domain not running"));
+            return -1;
+        }
+    } else {
+        if ((flags & (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) !=
+            (VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG)) {
+            virXendError(VIR_ERR_OPERATION_INVALID, "%s",
+                         _("Xend only supports modifying both live and "
+                           "persistent config"));
+        }
+    }
+
+    /* Unfortunately, xend_op does not validate whether this exceeds
+     * the maximum.  */
+    flags |= VIR_DOMAIN_VCPU_MAXIMUM;
+    if ((max = xenDaemonDomainGetVcpusFlags(domain, flags)) < 0) {
+        virXendError(VIR_ERR_OPERATION_INVALID, "%s",
+                     _("could not determin max vcpus for the domain"));
+        return -1;
+    }
+    if (vcpus > max) {
+        virXendError(VIR_ERR_INVALID_ARG,
+                     _("requested vcpus is greater than max allowable"
+                       " vcpus for the domain: %d > %d"), vcpus, max);
+        return -1;
+    }
+
+    snprintf(buf, sizeof(buf), "%d", vcpus);
+    return xend_op(domain->conn, domain->name, "op", "set_vcpus", "vcpus",
+                   buf, NULL);
+}
+
+/**
+  * xenDaemonDomainSetVcpus:
+  * @domain: pointer to domain object
+  * @nvcpus: the new number of virtual CPUs for this domain
+diff --git a/src/xen/xend_internal.h b/src/xen/xend_internal.h
+index 923cebd..53f5d2c 100644
+--- a/src/xen/xend_internal.h
+++ b/src/xen/xend_internal.h
+@@ -151,6 +151,9 @@ int xenDaemonDomainUndefine(virDomainPtr domain);
+
+ int	xenDaemonDomainSetVcpus		(virDomainPtr domain,
+                                          unsigned int vcpus);
+int	xenDaemonDomainSetVcpusFlags	(virDomainPtr domain,
+                                         unsigned int vcpus,
+                                         unsigned int flags);
+ int	xenDaemonDomainPinVcpu		(virDomainPtr domain,
+                                          unsigned int vcpu,
+                                          unsigned char *cpumap,
+diff --git a/src/xen/xm_internal.c b/src/xen/xm_internal.c
+index 4ea4245..2b8e51e 100644
+--- a/src/xen/xm_internal.c
+++ b/src/xen/xm_internal.c
+@@ -1670,6 +1670,89 @@ cleanup:
+     return ret;
+ }
+
+/*
+ * xenXMDomainSetVcpusFlags:
+ * @domain: pointer to domain object
+ * @nvcpus: number of vcpus
+ * @flags: bitwise-ORd from virDomainVcpuFlags
+ *
+ * Change virtual CPUs allocation of domain according to flags.
+ *
+ * Returns 0 on success, -1 if an error message was issued, and -2 if
+ * the unified driver should keep trying.
+ */
+int
+xenXMDomainSetVcpusFlags(virDomainPtr domain, unsigned int vcpus,
+                         unsigned int flags)
+{
+    xenUnifiedPrivatePtr priv;
+    const char *filename;
+    xenXMConfCachePtr entry;
+    int ret = -1;
+    int max;
+
+    if ((domain == NULL) || (domain->conn == NULL) || (domain->name == NULL)) {
+        xenXMError(VIR_ERR_INVALID_ARG, __FUNCTION__);
+        return -1;
+    }
+    if (domain->conn->flags & VIR_CONNECT_RO) {
+        xenXMError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        return -1;
+    }
+    if (domain->id != -1)
+        return -2;
+    if (flags & VIR_DOMAIN_VCPU_LIVE) {
+        xenXMError(VIR_ERR_OPERATION_INVALID, "%s",
+                   _("domain is not running"));
+        return -1;
+    }
+
+    priv = domain->conn->privateData;
+    xenUnifiedLock(priv);
+
+    if (!(filename = virHashLookup(priv->nameConfigMap, domain->name)))
+        goto cleanup;
+
+    if (!(entry = virHashLookup(priv->configCache, filename)))
+        goto cleanup;
+
+    /* Hypervisor maximum. */
+    if ((max = xenUnifiedGetMaxVcpus(domain->conn, NULL)) < 0) {
+        xenXMError(VIR_ERR_INTERNAL_ERROR, "%s",
+                   _("could not determin max vcpus for the domain"));
+        goto cleanup;
+    }
+    /* Can't specify a current larger than stored maximum; but
+     * reducing maximum can silently reduce current.  */
+    if (!(flags & VIR_DOMAIN_VCPU_MAXIMUM))
+        max = entry->def->maxvcpus;
+    if (vcpus > max) {
+        xenXMError(VIR_ERR_INVALID_ARG,
+                   _("requested vcpus is greater than max allowable"
+                     " vcpus for the domain: %d > %d"), vcpus, max);
+        goto cleanup;
+    }
+
+    if (flags & VIR_DOMAIN_VCPU_MAXIMUM) {
+        entry->def->maxvcpus = vcpus;
+        if (entry->def->vcpus > vcpus)
+            entry->def->vcpus = vcpus;
+    } else {
+        entry->def->vcpus = vcpus;
+    }
+
+    /* If this fails, should we try to undo our changes to the
+     * in-memory representation of the config file. I say not!
+     */
+    if (xenXMConfigSaveFile(domain->conn, entry->filename, entry->def) < 0)
+        goto cleanup;
+    ret = 0;
+
+cleanup:
+    xenUnifiedUnlock(priv);
+    return ret;
+}
+
+ /**
+  * xenXMDomainGetVcpusFlags:
+  * @domain: pointer to domain object
+diff --git a/src/xen/xm_internal.h b/src/xen/xm_internal.h
+index 3295fbd..a46e1a2 100644
+--- a/src/xen/xm_internal.h
+++ b/src/xen/xm_internal.h
+@@ -45,6 +45,8 @@ int xenXMDomainSetMemory(virDomainPtr domain, unsigned long memory);
+ int xenXMDomainSetMaxMemory(virDomainPtr domain, unsigned long memory);
+ unsigned long xenXMDomainGetMaxMemory(virDomainPtr domain);
+ int xenXMDomainSetVcpus(virDomainPtr domain, unsigned int vcpus);
+int xenXMDomainSetVcpusFlags(virDomainPtr domain, unsigned int vcpus,
+                             unsigned int flags);
+ int xenXMDomainGetVcpusFlags(virDomainPtr domain, unsigned int flags);
+ int xenXMDomainPinVcpu(virDomainPtr domain, unsigned int vcpu,
+                        unsigned char *cpumap, int maplen);
+-- 
+1.7.2.3
+
--- a/docs/api_extension/0015-remove-dead-xen-code.patch
+++ b/docs/api_extension/0015-remove-dead-xen-code.patch
@ -0,0 +1,228 @@
+From b013788742183afec9aa5068d3cfd185a3b5c62e Mon Sep 17 00:00:00 2001
+From: Eric Blake <eblake@redhat.com>
+Date: Thu, 7 Oct 2010 08:59:27 -0600
+Subject: [PATCH 15/15] vcpu: remove dead xen code
+
+* src/xen/xen_driver.h (xenUnifiedDriver): Remove now-unused
+domainGetMaxVcpus, domainSetVcpus.
+* src/xen/proxy_internal.c (xenProxyDriver): Likewise.
+* src/xen/xen_hypervisor.c (xenHypervisorDriver): Likewise.
+* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
+* src/xen/xend_internal.c (xenDaemonDriver)
+(xenDaemonDomainSetVcpus): Likewise.
+* src/xen/xm_internal.c (xenXMDriver, xenXMDomainSetVcpus):
+Likewise.
+* src/xen/xs_internal.c (xenStoreDriver): Likewise.
+---
+ src/xen/proxy_internal.c |    2 --
+ src/xen/xen_driver.h     |    4 +---
+ src/xen/xen_hypervisor.c |    2 --
+ src/xen/xen_inotify.c    |    2 --
+ src/xen/xend_internal.c  |   33 ---------------------------------
+ src/xen/xm_internal.c    |   43 -------------------------------------------
+ src/xen/xs_internal.c    |    2 --
+ 7 files changed, 1 insertions(+), 87 deletions(-)
+
+diff --git a/src/xen/proxy_internal.c b/src/xen/proxy_internal.c
+index 335dfc4..4033727 100644
+--- a/src/xen/proxy_internal.c
+++ b/src/xen/proxy_internal.c
+@@ -67,10 +67,8 @@ struct xenUnifiedDriver xenProxyDriver = {
+     NULL, /* domainSave */
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+-    NULL, /* domainSetVcpus */
+     NULL, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+-    NULL, /* domainGetMaxVcpus */
+     NULL, /* listDefinedDomains */
+     NULL, /* numOfDefinedDomains */
+     NULL, /* domainCreate */
+diff --git a/src/xen/xen_driver.h b/src/xen/xen_driver.h
+index 115a26a..53f97d4 100644
+--- a/src/xen/xen_driver.h
+++ b/src/xen/xen_driver.h
+@@ -1,7 +1,7 @@
+ /*
+  * xen_unified.c: Unified Xen driver.
+  *
+- * Copyright (C) 2007 Red Hat, Inc.
+ * Copyright (C) 2007, 2010 Red Hat, Inc.
+  *
+  * See COPYING.LIB for the License of this software
+  *
+@@ -84,10 +84,8 @@ struct xenUnifiedDriver {
+         virDrvDomainSave		domainSave;
+         virDrvDomainRestore		domainRestore;
+         virDrvDomainCoreDump		domainCoreDump;
+-        virDrvDomainSetVcpus		domainSetVcpus;
+         virDrvDomainPinVcpu		domainPinVcpu;
+         virDrvDomainGetVcpus		domainGetVcpus;
+-        virDrvDomainGetMaxVcpus		domainGetMaxVcpus;
+         virDrvListDefinedDomains	listDefinedDomains;
+         virDrvNumOfDefinedDomains	numOfDefinedDomains;
+         virDrvDomainCreate		domainCreate;
+diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c
+index 6246513..3797865 100644
+--- a/src/xen/xen_hypervisor.c
+++ b/src/xen/xen_hypervisor.c
+@@ -784,10 +784,8 @@ struct xenUnifiedDriver xenHypervisorDriver = {
+     NULL, /* domainSave */
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+-    xenHypervisorSetVcpus, /* domainSetVcpus */
+     xenHypervisorPinVcpu, /* domainPinVcpu */
+     xenHypervisorGetVcpus, /* domainGetVcpus */
+-    xenHypervisorGetVcpuMax, /* domainGetMaxVcpus */
+     NULL, /* listDefinedDomains */
+     NULL, /* numOfDefinedDomains */
+     NULL, /* domainCreate */
+diff --git a/src/xen/xen_inotify.c b/src/xen/xen_inotify.c
+index d24b20f..9507061 100644
+--- a/src/xen/xen_inotify.c
+++ b/src/xen/xen_inotify.c
+@@ -71,10 +71,8 @@ struct xenUnifiedDriver xenInotifyDriver = {
+     NULL, /* domainSave */
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+-    NULL, /* domainSetVcpus */
+     NULL, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+-    NULL, /* domainGetMaxVcpus */
+     NULL, /* listDefinedDomains */
+     NULL, /* numOfDefinedDomains */
+     NULL, /* domainCreate */
+diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
+index 55c2cc4..b90c331 100644
+--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
+@@ -3611,37 +3611,6 @@ xenDaemonDomainSetVcpusFlags(virDomainPtr domain, unsigned int vcpus,
+ }
+
+ /**
+- * xenDaemonDomainSetVcpus:
+- * @domain: pointer to domain object
+- * @nvcpus: the new number of virtual CPUs for this domain
+- *
+- * Dynamically change the number of virtual CPUs used by the domain.
+- *
+- * Returns 0 for success; -1 (with errno) on error
+- */
+-int
+-xenDaemonDomainSetVcpus(virDomainPtr domain, unsigned int vcpus)
+-{
+-    char buf[VIR_UUID_BUFLEN];
+-    xenUnifiedPrivatePtr priv;
+-
+-    if ((domain == NULL) || (domain->conn == NULL) || (domain->name == NULL)
+-     || (vcpus < 1)) {
+-        virXendError(VIR_ERR_INVALID_ARG, __FUNCTION__);
+-        return (-1);
+-    }
+-
+-    priv = (xenUnifiedPrivatePtr) domain->conn->privateData;
+-
+-    if (domain->id < 0 && priv->xendConfigVersion < 3)
+-        return(-1);
+-
+-    snprintf(buf, sizeof(buf), "%d", vcpus);
+-    return(xend_op(domain->conn, domain->name, "op", "set_vcpus", "vcpus",
+-                   buf, NULL));
+-}
+-
+-/**
+  * xenDaemonDomainPinCpu:
+  * @domain: pointer to domain object
+  * @vcpu: virtual CPU number
+@@ -5213,10 +5182,8 @@ struct xenUnifiedDriver xenDaemonDriver = {
+     xenDaemonDomainSave,         /* domainSave */
+     xenDaemonDomainRestore,      /* domainRestore */
+     xenDaemonDomainCoreDump,     /* domainCoreDump */
+-    xenDaemonDomainSetVcpus,     /* domainSetVcpus */
+     xenDaemonDomainPinVcpu,      /* domainPinVcpu */
+     xenDaemonDomainGetVcpus,     /* domainGetVcpus */
+-    NULL,                        /* domainGetMaxVcpus */
+     xenDaemonListDefinedDomains, /* listDefinedDomains */
+     xenDaemonNumOfDefinedDomains,/* numOfDefinedDomains */
+     xenDaemonDomainCreate,       /* domainCreate */
+diff --git a/src/xen/xm_internal.c b/src/xen/xm_internal.c
+index 2b8e51e..430d40b 100644
+--- a/src/xen/xm_internal.c
+++ b/src/xen/xm_internal.c
+@@ -103,10 +103,8 @@ struct xenUnifiedDriver xenXMDriver = {
+     NULL, /* domainSave */
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+-    xenXMDomainSetVcpus, /* domainSetVcpus */
+     xenXMDomainPinVcpu, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+-    NULL, /* domainGetMaxVcpus */
+     xenXMListDefinedDomains, /* listDefinedDomains */
+     xenXMNumOfDefinedDomains, /* numOfDefinedDomains */
+     xenXMDomainCreate, /* domainCreate */
+@@ -1630,47 +1628,6 @@ cleanup:
+ }
+
+ /*
+- * Set the VCPU count in config
+- */
+-int xenXMDomainSetVcpus(virDomainPtr domain, unsigned int vcpus) {
+-    xenUnifiedPrivatePtr priv;
+-    const char *filename;
+-    xenXMConfCachePtr entry;
+-    int ret = -1;
+-
+-    if ((domain == NULL) || (domain->conn == NULL) || (domain->name == NULL)) {
+-        xenXMError(VIR_ERR_INVALID_ARG, __FUNCTION__);
+-        return (-1);
+-    }
+-    if (domain->conn->flags & VIR_CONNECT_RO)
+-        return (-1);
+-    if (domain->id != -1)
+-        return (-1);
+-
+-    priv = domain->conn->privateData;
+-    xenUnifiedLock(priv);
+-
+-    if (!(filename = virHashLookup(priv->nameConfigMap, domain->name)))
+-        goto cleanup;
+-
+-    if (!(entry = virHashLookup(priv->configCache, filename)))
+-        goto cleanup;
+-
+-    entry->def->maxvcpus = entry->def->vcpus = vcpus;
+-
+-    /* If this fails, should we try to undo our changes to the
+-     * in-memory representation of the config file. I say not!
+-     */
+-    if (xenXMConfigSaveFile(domain->conn, entry->filename, entry->def) < 0)
+-        goto cleanup;
+-    ret = 0;
+-
+-cleanup:
+-    xenUnifiedUnlock(priv);
+-    return ret;
+-}
+-
+-/*
+  * xenXMDomainSetVcpusFlags:
+  * @domain: pointer to domain object
+  * @nvcpus: number of vcpus
+diff --git a/src/xen/xs_internal.c b/src/xen/xs_internal.c
+index 9296f25..a9817b1 100644
+--- a/src/xen/xs_internal.c
+++ b/src/xen/xs_internal.c
+@@ -67,10 +67,8 @@ struct xenUnifiedDriver xenStoreDriver = {
+     NULL, /* domainSave */
+     NULL, /* domainRestore */
+     NULL, /* domainCoreDump */
+-    NULL, /* domainSetVcpus */
+     NULL, /* domainPinVcpu */
+     NULL, /* domainGetVcpus */
+-    NULL, /* domainGetMaxVcpus */
+     NULL, /* listDefinedDomains */
+     NULL, /* numOfDefinedDomains */
+     NULL, /* domainCreate */
+-- 
+1.7.2.3
+
--- a/docs/apibuild.py
+++ b/docs/apibuild.py
@ -22,6 +22,7 @@ included_files = {
  "virterror.h": "header with error specific API definitions",
  "libvirt.c": "Main interfaces for the libvirt library",
  "virterror.c": "implements error handling and reporting code for libvirt",
+  "event.c": "event loop for monitoring file handles",
 }

 ignored_words = {
@ -43,6 +44,12 @@ ignored_functions = {
  "virDomainMigratePrepareTunnel": "private function for tunnelled migration",
  "virDrvSupportsFeature": "private function for remote access",
  "DllMain": "specific function for Win32",
+  "virEventAddHandle": "internal function in event.c",
+  "virEventUpdateHandle": "internal function in event.c",
+  "virEventRemoveHandle": "internal function in event.c",
+  "virEventAddTimeout": "internal function in event.c",
+  "virEventUpdateTimeout": "internal function in event.c",
+  "virEventRemoveTimeout": "internal function in event.c",
 }

 def escape(raw):
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@ -4,19 +4,26 @@

    <p>
      This page provides an illustration of the wide variety of
-      applications using the libvirt management API. If you know
-      of interesting applications not listed on this page, send
-      a message to the <a href="contact.html">mailing list</a>
-      to request that it be added here. If your application uses
-      libvirt as its API, the following graphic is available for
-      your website to advertise support for libvirt:
+      applications using the libvirt management API.
+    </p>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="add">Add an application</a></h2>
+
+    <p>
+      To add an application not listed on this page, send a message
+      to the <a href="contact.html">mailing list</a>, requesting it
+      be added here. If your application uses libvirt as its API,
+      the following graphic is available for your website to advertise
+      support for libvirt:
    </p>

    <p class="image">
      <img src="madeWith.png" alt="Made with libvirt"/>
    </p>

-    <h2>Command line tools</h2>
+    <h2><a name="command">Command line tools</a></h2>

    <dl>
      <dt>virsh</dt>
@ -60,7 +67,7 @@
      </dd>
    </dl>

-    <h2>Desktop applications</h2>
+    <h2><a name="desktop">Desktop applications</a></h2>

    <dl>
      <dt><a href="http://virt-manager.org/">virt-manager</a></dt>
@ -79,7 +86,7 @@
      </dd>
    </dl>

-    <h2>Web applications</h2>
+    <h2><a name="web">Web applications</a></h2>

    <dl>
      <dt><a href="http://ovirt.org/">oVirt</a></dt>
@ -99,7 +106,7 @@
      </dd>
    </dl>

-    <h2>LiveCD / Appliances</h2>
+    <h2><a name="livecd">LiveCD / Appliances</a></h2>

    <dl>
      <dt><a href="http://et.redhat.com/~rjones/virt-p2v/">virt-p2v</a></dt>
@ -111,7 +118,7 @@
      </dd>
    </dl>

-    <h2>Monitoring plugins</h2>
+    <h2><a name="monitoring">Monitoring plugins</a></h2>
    <dl>
      <dt><a href="http://honk.sigxcpu.org/projects/libvirt/#munin">for munin</a></dt>
      <dd>
--- a/docs/architecture.html.in
+++ b/docs/architecture.html.in
@ -1,23 +1,19 @@
+<?xml version="1.0"?>
 <html>
  <body>
    <h1 >libvirt architecture</h1>
-    <p>Currently libvirt supports 2 kind of virtualization, and its
-internal structure is based on a driver model which simplifies adding new
-engines:</p>
-    <ul>
-      <li>
-        <a href="#Xen">Xen hypervisor</a>
-      </li>
-      <li>
-        <a href="#QEmu">QEmu and KVM based virtualization</a>
-      </li>
-      <li>
-        <a href="#drivers">the driver architecture</a>
-      </li>
-    </ul>
-    <h3>
-      <a name="Xen" id="Xen">Libvirt Xen support</a>
-    </h3>
+
+    <p>
+      Currently libvirt supports 2 kind of virtualization, and its
+      internal structure is based on a driver model which simplifies
+      adding new
+      engines:
+    </p>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="Xen">Xen support</a></h2>
+
    <p>When running in a Xen environment, programs using libvirt have to execute
 in "Domain 0", which is the primary Linux OS loaded on the machine. That OS
 kernel provides most if not all of the actual drivers used by the set of
@ -48,9 +44,9 @@ privilege access).</p>
 connect to initialize the library. It will then fork a libvirt_proxy
 program running as root and providing read_only access to the API, this is
 then only useful for reporting and monitoring.</p>
-    <h3>
-      <a name="QEmu" id="QEmu">Libvirt QEmu and KVM support</a>
-    </h3>
+
+    <h2><a name="QEmu">QEmu and KVM support</a></h2>
+
    <p>The model for QEmu and KVM is completely similar, basically KVM is based
 on QEmu for the process controlling a new domain, only small details differs
 between the two. In both case the libvirt API is provided by a controlling
@ -62,9 +58,9 @@ emulations models of QEmu, the selection is done when creating the new
 domain, by specifying the architecture and machine type targeted.</p>
    <p>The code controlling the QEmu process is available in the
 <code>qemud/</code> directory.</p>
-    <h3>
-      <a name="drivers" id="drivers">the driver based architecture</a>
-    </h3>
+
+    <h2><a name="drivers">Driver based architecture</a></h2>
+
    <p>As the previous section explains, libvirt can communicate using different
 channels with the current hypervisor, and should also be able to use
 different kind of hypervisor. To simplify the internal design, code, ease
--- a/docs/archnetwork.html.in
+++ b/docs/archnetwork.html.in
@ -1,8 +1,11 @@
+<?xml version="1.0"?>
 <html>
  <body>
    <h1>Network management architecture</h1>

-    <h2>Architecture illustration</h2>
+    <ul id="toc"></ul>
+
+    <h2><a name="architecture">Architecture illustration</a></h2>

    <p>
      The diagrams below illustrate some of the network configurations
@ -34,13 +37,13 @@
      </li>
    </ul>

-    <h3>Logical diagram</h3>
+    <h3><a name="logical">Logical diagram</a></h3>

    <p class="image">
      <img src="libvirt-net-logical.png" alt="Logical network architecture"/>
    </p>

-    <h3>Physical diagram</h3>
+    <h3><a name="physical">Physical diagram</a></h3>

    <p class="image">
      <img src="libvirt-net-physical.png" alt="Physical network architecture"/>
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@ -1,30 +1,17 @@
+<?xml version="1.0"?>
 <html>
  <body>
    <h1 >Access control</h1>
    <p>
-When connecting to libvirt, some connections may require client
-authentication before allowing use of the APIs. The set of possible
-authentication mechanisms is administrator controlled, independent
-of applications using libvirt.
-</p>
-    <ul>
-      <li>
-        <a href="#ACL_server_config">Server configuration</a>
-      </li>
-      <li>
-        <a href="#ACL_server_unix_perms">UNIX socket permissions/group</a>
-      </li>
-      <li>
-        <a href="#ACL_server_polkit">UNIX socket PolicyKit auth</a>
-      </li>
-      <li>
-        <a href="#ACL_server_username">Username/password auth</a>
-      </li>
-      <li>
-        <a href="#ACL_server_kerberos">Kerberos auth</a>
-      </li>
-    </ul>
-    <h3><a name="ACL_server_config">Server configuration</a></h3>
+      When connecting to libvirt, some connections may require client
+      authentication before allowing use of the APIs. The set of possible
+      authentication mechanisms is administrator controlled, independent
+      of applications using libvirt.
+    </p>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="ACL_server_config">Server configuration</a></h2>
    <p>
 The libvirt daemon allows the administrator to choose the authentication
 mechanisms used for client connections on each network socket independently.
@ -35,7 +22,7 @@ currently a choice of <code>none</code>, <code>polkit</code>, and <code>sasl</co
 The SASL scheme can be further configured to choose between a large
 number of different mechanisms.
 </p>
-    <h3><a name="ACL_server_unix_perms">UNIX socket permissions/group</a></h3>
+    <h2><a name="ACL_server_unix_perms">UNIX socket permissions/group</a></h2>
    <p>
 If libvirt does not contain support for PolicyKit, then access control for
 the UNIX domain socket is done using traditional file user/group ownership
@ -52,7 +39,7 @@ parameter. For example, setting the former to mode <code>0770</code> and the
 latter <code>wheel</code> would let any user in the wheel group connect to
 the libvirt daemon.
 </p>
-    <h3><a name="ACL_server_polkit">UNIX socket PolicyKit auth</a></h3>
+    <h2><a name="ACL_server_polkit">UNIX socket PolicyKit auth</a></h2>
    <p>
 If libvirt contains support for PolicyKit, then access control options are
 more advanced. The <code>unix_sock_auth</code> parameter will default to
@ -65,30 +52,28 @@ auth, but does not require that the client application ultimately run as root.
 Default policy will still allow any application to connect to the RO socket.
 </p>
    <p>
-The default policy can be overridden by the administrator using the PolicyKit
-master configuration file in <code>/etc/PolicyKit/PolicyKit.conf</code>. The
-<code>PolicyKit.conf(5)</code> manual page provides details on the syntax
-available. The two libvirt daemon actions available are named <code>org.libvirt.unix.monitor</code>
-for the RO socket, and <code>org.libvirt.unix.manage</code> for the RW socket.
-</p>
+The default policy can be overridden by creating a new policy file in the
+local override directory <code>/etc/polkit-1/localauthority/50-local.d/</code>.
+Policy files should have a unique name ending with .pkla.  Using reverse DNS
+naming works well. Information on the options available can be found by
+reading the pklocalauthority man page. The two libvirt daemon actions
+available are named <code>org.libvirt.unix.manage</code> for full management
+access, and <code>org.libvirt.unix.monitor</code> for read-only access.
+    </p>
    <p>
-As an example, to allow a user <code>fred</code> full access to the RW socket,
-while requiring <code>joe</code> to authenticate with the admin password,
-would require adding the following snippet to <code>PolicyKit.conf</code>.
-</p>
-    <pre>
-  &lt;match action="org.libvirt.unix.manage"&gt;
-    &lt;match user="fred"&gt;
-      &lt;return result="yes"/&gt;
-    &lt;/match&gt;
-  &lt;/match&gt;
-  &lt;match action="org.libvirt.unix.manage"&gt;
-    &lt;match user="joe"&gt;
-      &lt;return result="auth_admin"/&gt;
-    &lt;/match&gt;
-  &lt;/match&gt;
-</pre>
-    <h3><a name="ACL_server_username">Username/password auth</a></h3>
+As an example, this gives the user <code>fred</code> full management access:
+    </p>
+<pre>[Allow fred libvirt management permissions]
+Identity=unix-user:fred
+Action=org.libvirt.unix.manage
+ResultAny=yes
+ResultInactive=yes
+ResultActive=yes</pre>
+    <p>
+Further examples of PolicyKit setup can be found on the
+<a href="http://wiki.libvirt.org/page/SSHPolicyKitSetup">wiki page</a>.
+    </p>
+    <h2><a name="ACL_server_username">Username/password auth</a></h2>
    <p>
 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
@ -125,7 +110,7 @@ again:
    <pre>
 # saslpasswd2 -a libvirt -d fred
 </pre>
-    <h3><a name="ACL_server_kerberos">Kerberos auth</a></h3>
+    <h2><a name="ACL_server_kerberos">Kerberos auth</a></h2>
    <p>
 The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
 The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
--- a/docs/bindings.html.in
+++ b/docs/bindings.html.in
@ -1,31 +1,81 @@
+<?xml version="1.0"?>
 <html>
  <body>
    <h1 >Bindings for other languages</h1>
-    <p>Libvirt comes with bindings to support other languages than
-pure <strong>C</strong>. First the headers embeds the necessary declarations to
-allow direct access from <strong>C++</strong> code, but also we have bindings for
-higher level kind of languages:</p>
-    <ul>
-      <li><strong>Python</strong>: Libvirt comes with direct support for the Python language
-     (just make sure you installed the libvirt-python package if not
-     compiling from sources). See below for more information about
-     using libvirt with python</li>
-      <li><strong>Perl</strong>: Daniel Berrange provides <a href="http://search.cpan.org/dist/Sys-Virt/">bindings for
-     Perl</a>.</li>
-      <li><strong>OCaml</strong>: Richard Jones supplies <a href="http://libvirt.org/ocaml/">bindings for OCaml</a>.</li>
-      <li><strong>Ruby</strong>: David Lutterkort provides <a href="http://libvirt.org/ruby/">bindings for Ruby</a>.</li>
-      <li><strong>Java</strong>: Daniel Veillard maintains <a href="java.html">Java bindings</a>.</li>
-      <li><strong>C#</strong>: Jarom&iacute;r &#x010C;ervenka maintains <a href="http://svn.i-tux.cz/listing.php?repname=SharpLibVirt">C# bindings here</a>.</li>
-      <li><strong>PHP</strong>: Radek Hladik is developing <a href="http://phplibvirt.cybersales.cz/">PHP bindings</a>.</li>
-    </ul>
-    <p>For information on using libvirt on <strong>Windows</strong>
-      <a href="windows.html">please see the Windows
-        support page</a>.
+
+    <p>
+      Libvirt supports C and C++ directly, and has bindings available
+      for other languages:
    </p>
-    <p>Support, requests or help for libvirt bindings are welcome on
-the <a href="https://www.redhat.com/mailman/listinfo/libvir-list/">mailing
-list</a>, as usual try to provide enough background information
-and make sure you use recent version, see the <a href="bugs.html">help
-page</a>.</p>
+
+    <ul>
+      <li>
+        <strong>C#</strong>: Arnaud Champion develops
+        <a href="csharp.html">C# bindings</a>.
+      </li>
+      <li>
+        <strong>Java</strong>: Daniel Veillard develops
+        <a href="java.html">Java bindings</a>.
+      </li>
+      <li>
+        <strong>OCaml</strong>: Richard Jones develops
+        <a href="http://libvirt.org/ocaml/">OCaml bindings</a>.
+      </li>
+      <li>
+        <strong>Perl</strong>: Daniel Berrange develops
+        <a href="http://search.cpan.org/dist/Sys-Virt/">Perl bindings</a>.
+      </li>
+      <li>
+        <p>
+          <strong>PHP</strong>: Radek Hladik develops
+          <a href="http://phplibvirt.cybersales.cz/">PHP bindings</a>.
+        </p>
+        <p>
+          The php-libvirt bindings also have their source online
+          <a href="http://github.com/Kedarius/php-libvirt">here in Github</a>.
+        </p>
+        <p>
+          This allows you to easily see the code, make comments on it,
+          create your own forks, and contribute the changes back.
+        </p>
+      </li>
+      <li>
+        <p>
+          <strong>Python</strong>: Libvirt comes with direct support for
+          the Python language.
+        </p>
+        <p>
+          If your libvirt is installed as packages, rather than compiled
+          by you from source code, ensure you have the appropriate
+          package installed.
+        </p>
+        <p>
+          This is named <b>libvirt-python</b> on RHEL/Fedora,
+          <a href="http://packages.ubuntu.com/search?keywords=python-libvirt"><b>python-libvirt</b></a>
+          on Ubuntu, and may be named differently on others.
+        </p>
+        <p>
+          For usage information, see the
+          <a href="python.html">Python API bindings</a> page.
+        </p>
+      </li>
+      <li>
+        <strong>Ruby</strong>: Chris Lalancette develops
+        <a href="http://libvirt.org/ruby/">Ruby bindings</a>.
+      </li>
+    </ul>
+
+    <p>
+      For information on using libvirt on <strong>Windows</strong>
+      <a href="windows.html">please see the Windows support page</a>.
+    </p>
+
+    <p>
+      Support, requests or help for libvirt bindings are welcome on the
+      <a href="https://www.redhat.com/mailman/listinfo/libvir-list/">mailing list</a>,
+      as usual try to provide enough background information and make sure
+      you use recent version, see the <a href="bugs.html">help page</a>.
+    </p>
+
  </body>
 </html>
--- a/docs/bugs.html.in
+++ b/docs/bugs.html.in
@ -4,14 +4,18 @@

    <h1>Bug reporting</h1>

+    <ul id="toc"></ul>
+
+    <h2><a name="bugzilla">Bug Tracking</a></h2>
+
    <p>
      The <a href="http://bugzilla.redhat.com">Red Hat Bugzilla Server</a>
-      should be used to report bugs and request features against libvirt.
+      should be used to report bugs and request features in libvirt.
      Before submitting a ticket, check the existing tickets to see if
      the bug/feature is already tracked.
    </p>

-    <h2>General libvirt bug reports</h2>
+    <h2><a name="general">General libvirt bug reports</a></h2>

    <p>
      If you are using official libvirt binaries from a Linux distribution
@ -27,7 +31,7 @@
      <li><a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Virtualization%20Tools&amp;component=libvirt">New libvirt ticket</a></li>
    </ul>

-    <h2>Linux Distribution specific bug reports</h2>
+    <h2><a name="distribution">Linux Distribution specific bug reports</a></h2>
    <ul>
      <li>
        If you are using official binaries from a <strong>Fedora distribution</strong>, enter
@ -54,7 +58,7 @@
    </ul>


-    <h2>How to file high quality bug reports</h2>
+    <h2><a name="quality">How to file high quality bug reports</a></h2>

    <p>
      To increase the likelihood of your bug report being addressed it is
--- a/docs/contact.html.in
+++ b/docs/contact.html.in
@ -3,7 +3,9 @@
  <body>
    <h1>Contacting the development team</h1>

-    <h2>Mailing lists</h2>
+    <ul id="toc"></ul>
+
+    <h2><a name="email">Mailing lists</a></h2>

    <p>
      There are two mailing-lists:
@ -45,7 +47,7 @@
      clone.
    </p>

-    <h2>IRC discussion</h2>
+    <h2><a name="irc">IRC discussion</a></h2>

    <p>
      Some of the libvirt developers may be found on IRC on the <a href="http://oftc.net">OFTC IRC</a>
--- a/docs/csharp.html.in
+++ b/docs/csharp.html.in
@ -0,0 +1,498 @@
+<?xml version="1.0"?>
+<html>
+  <body>
+    <h1>C# API bindings</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="description">Description</a></h2>
+
+    <p>
+      The C# libvirt bindings are a class library.  They use a Microsoft
+      Visual Studio project architecture, and have been tested with Windows
+      .NET, and Mono, on both Linux and Windows.
+    </p>
+    <p>
+      Compiling them produces <b>LibvirtBindings.dll</b>, which can
+      be added as a .NET reference to any .NET project needing access
+      to libvirt.
+    </p>
+
+    <p>&nbsp;</p>
+
+    <h2><a name="requirements">Requirements</a></h2>
+
+    <p>
+      These bindings depend upon the libvirt libraries being installed.
+    </p>
+    <p>
+      In the .NET case, this is <b>libvirt-0.dll</b>, produced from
+      compiling libvirt for windows.
+    </p>
+
+    <p>&nbsp;</p>
+
+<!-- 2010-10-19 JC: Commented out until we have C# tarballs to download
+    <h2><a name="getting">Getting them</a></h2>
+
+    <p>
+      The latest versions of the libvirt C# bindings can be downloaded from:
+    </p>
+
+    <ul>
+      <li><a href="ftp://libvirt.org/libvirt/csharp/">libvirt.org FTP server</a></li>
+      <li><a href="http://libvirt.org/sources/csharp/">libvirt.org HTTP server</a></li>
+    </ul>
+-->
+
+    <h2><a name="git">GIT source repository</a></h2>
+    <p>
+      The C# bindings source code is maintained in a <a
+      href="http://git-scm.com/">git</a> repository available on
+      <a href="http://libvirt.org/git/">libvirt.org</a>:
+    </p>
+
+<pre>
+git clone git://libvirt.org/libvirt-csharp.git
+</pre>
+
+    <p>
+      They can also be browsed online:
+    </p>
+
+<pre>
+<a href="http://libvirt.org/git/?p=libvirt-csharp.git;a=summary">http://libvirt.org/git/?p=libvirt-csharp.git;a=summary</a>
+</pre>
+
+    <p>&nbsp;</p>
+
+    <h2><a name="usage">Usage</a></h2>
+
+    <p>
+      The libvirt C# bindings class library exposes the <b>Libvirt</b>
+      namespace.  This namespace exposes all of the needed types (enum,
+      struct), plus many classes exposing the libvirt API methods.
+    </p>
+    <p>
+      These classes are grouped into functional areas, with each class
+      exposing libvirt methods related to that area.
+    </p>
+    <p>
+      For example, the libvirt methods related to connections, such as
+      <b>virConnectOpenAuth</b> and <b>virConnectNumOfDomains</b>, are in
+      the <b>Connect</b> class.
+      <br />
+      They are accessed as <b>Connect.OpenAuth</b>, and
+      <b>Connect.NumOfDomains</b> respectively.
+    </p>
+    <p>
+      In the same manner, the other class name mappings are:
+    </p>
+    <table class="top_table">
+      <tr><th>Name of libvirt function</th><th>C# class name</th></tr>
+      <tr><td>virDomain...</td><td>Domain</td></tr>
+      <tr><td>virEvent...</td><td>Event</td></tr>
+      <tr><td>virInterface...</td><td>Interface</td></tr>
+      <tr><td>virNetwork...</td><td>Network</td></tr>
+      <tr><td>virNode...</td><td>Node</td></tr>
+      <tr><td>virSecret...</td><td>Secret</td></tr>
+      <tr><td>virStoragePool...</td><td>StoragePool</td></tr>
+      <tr><td>virStorageVolume...</td><td>StorageVolume</td></tr>
+      <tr><td>virStream...</td><td>Stream</td></tr>
+    </table>
+    <p>
+      There are some additions as well:
+    </p>
+    <ul>
+      <li>
+        There is a class named <b>Library</b>, exposing the
+        <b>virGetVersion</b> and <b>virInitialize</b> methods
+      </li>
+      <li>
+        There is a class named <b>Errors</b>, exposing the error
+        related methods.  For example, <b>virSetErrorFunc</b> and
+        <b>virConnResetLastError</b>.
+      </li>
+    </ul>
+
+    <p>&nbsp;</p>
+
+    <h2><a name="authors">Authors</a></h2>
+
+    <p>
+      The C# bindings are the work of Arnaud Champion
+      &lt;<a href="mailto:arnaud.champion AT devatom.fr">arnaud.champion AT devatom.fr</a>&gt;,
+      based upon the previous work of Jarom&iacute;r &#x010C;ervenka.
+    </p>
+
+    <p>&nbsp;</p>
+
+    <h2><a name="notes">Test Configuration</a></h2>
+
+    <p>
+      Testing is performed using the following configurations:
+    </p>
+    <ul>
+      <li>Windows 7 (64 bits) / .Net 4</li>
+      <li>Windows 7 (64 bits) / Mono 2.6.7 (compiled in 32 bits)</li>
+      <li>Ubuntu 10.10 amd64 / Mono 2.6.7 (compiled in 64 bits)</li>
+    </ul>
+
+    <p>&nbsp;</p>
+
+    <h2><a name="type">Type Coverage</a></h2>
+
+    <p>
+      Coverage of the libvirt types is:
+    </p>
+    <table class="top_table">
+      <tr><th>Type</th><th>Name</th><th>Binding?</th><th>Tested?</th><th>Sample Code?</th><th>Works?</th><th>Tested .Net/Windows Works?</th><th>Tested Mono (32-bit)/Windows Works?</th><th>Tested Mono (64-bit)/Linux Works?</th></tr>
+      <tr><td>enum</td><td>virCPUCompareResult</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virConnect</td><td>Yes, an IntPtr as the struct is not public</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virConnectAuth</td><td>Yes</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>struct</td><td>virConnectCredential</td><td>Yes</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>enum</td><td>virConnectCredentialType</td><td>Yes</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>enum</td><td>virConnectFlags</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virDomain</td><td>Yes, an IntPtr as the struct is not public</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virDomainBlockInfo</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virDomainBlockStatsInfo</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainCoreDumpFlags</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainCreateFlags</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainDeviceModifyFlags</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainEventDefinedDetailType</td><td>Yes</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>struct</td><td>virDomainEventGraphicsAddress</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainEventGraphicsAddressType</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainEventGraphicsPhase</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virDomainEventGraphicsSubject</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virDomainEventGraphicsSubjectIdentity</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainEventID</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainEventIOErrorAction</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainEventResumedDetailType</td><td>Yes</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>enum</td><td>virDomainEventStartedDetailType</td><td>Yes</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>enum</td><td>virDomainEventStoppedDetailType</td><td>Yes</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>enum</td><td>virDomainEventSuspendedDetailType</td><td>Yes</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>enum</td><td>virDomainEventType</td><td>Yes</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>enum</td><td>virDomainEventUndefinedDetailType</td><td>Yes</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>enum</td><td>virDomainEventWatchdogAction</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virDomainInfo</td><td>Yes</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virDomainInterfaceStatsStruct</td><td>Yes</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virDomainJobInfo</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainJobType</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainMemoryFlags</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virDomainMemoryStatStruct</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainMemoryStatTags</td><td>Yes</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainMigrateFlags</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virDomainSnapshot</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainSnapshotDeleteFlags</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainState</td><td>Yes</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virDomainXMLFlags</td><td>Yes</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virEventHandleType</td><td>Yes</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>struct</td><td>virInterface</td><td>Yes, an IntPtr as the struct is not public</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virInterfaceXMLFlags</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virNWFilter</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virNetwork</td><td>Yes, an IntPtr as the struct is not public</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virNodeDevice</td><td>Yes, an IntPtr as the struct is not public</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virNodeInfo</td><td>Yes</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virSchedParameter</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virSchedParameterType</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virSecret</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virSecretUsageType</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virSecurityLabel</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virSecurityModel</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virStoragePoolBuildFlags</td><td>Yes</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virStoragePoolDeleteFlags</td><td>Yes</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virStoragePoolInfo</td><td>Yes</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virStoragePool</td><td>Yes, an IntPtr as the struct is not public</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virStoragePoolState</td><td>Yes</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virStorageVol</td><td>Yes, an IntPtr as the struct is not public</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virStorageVolDeleteFlags</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virStorageVolInfo</td><td>Yes</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virStorageVolType</td><td>Yes</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virStream</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virStreamEventType</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virStreamFlags</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>struct</td><td>virVcpuInfo</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>enum</td><td>virVcpuState</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+    </table>
+
+    <p>&nbsp;</p>
+
+    <h2><a name="funccover">Function Coverage</a></h2>
+
+    <p>
+      Coverage of the libvirt functions is:
+    </p>
+    <table class="top_table">
+      <tr><th>Name</th><th>Binding?</th><th>Type?</th><th>Tested?</th><th>Sample Code?</th><th>Working?</th><th>Tested .Net/Windows Works?</th><th>Tested Mono (32-bit)/Windows Works?</th><th>Tested Mono (64-bit)/Linux Works?</th></tr>
+      <tr><td>virConnectAuthCallback</td><td>Yes</td><td>delegate</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectBaselineCPU</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectClose</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectCompareCPU</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainEventCallback</td><td>Yes</td><td>delegate</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainEventDeregister</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainEventDeregisterAny</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainEventGenericCallback</td><td>No</td><td>delegate</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainEventGraphicsCallback</td><td>No</td><td>delegate</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainEventIOErrorCallback</td><td>No</td><td>delegate</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainEventIOErrorReasonCallback</td><td>No</td><td>delegate</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainEventRTCChangeCallback</td><td>No</td><td>delegate</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainEventRegister</td><td>Yes</td><td>function</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectDomainEventRegisterAny</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainEventWatchdogCallback</td><td>No</td><td>delegate</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainXMLFromNative</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectDomainXMLToNative</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectFindStoragePoolSources</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectGetCapabilities</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectGetHostname</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectGetLibVersion</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectGetMaxVcpus</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectGetType</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectGetURI</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectGetVersion</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectIsEncrypted</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectIsSecure</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectListDefinedDomains</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectListDefinedInterfaces </td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectListDefinedNetworks</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectListDefinedStoragePools</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectListDomains</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectListInterfaces</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes, if the host handle the method</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectListNWFilters </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectListNetworks</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectListSecrets</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectListStoragePools</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpen</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectNumOfDefinedDomains</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectNumOfDefinedInterfaces</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectNumOfDefinedNetworks</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectNumOfDefinedStoragePools</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectNumOfDomains</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectNumOfInterfaces</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectNumOfNWFilters</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectNumOfNetworks </td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectNumOfSecrets</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectNumOfStoragePools</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpen</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectOpen</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpen, virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectOpenAuth</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virConnectOpenReadOnly</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virConnectRef</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainAbortJob</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainAttachDevice</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainAttachDeviceFlags</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainBlockPeek</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainBlockStats</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainCoreDump</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainCreate</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainCreateLinux</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainCreateWithFlags</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainCreateXML</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainDefineXML</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainDestroy</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainDetachDevice</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainDetachDeviceFlags</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainFree</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetAutostart</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetBlockInfo</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetConnect</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetID</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetInfo</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetJobInfo</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetMaxMemory</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetMaxVcpus</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetName</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virDomainGetOSType</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetSchedulerParameters</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetSchedulerType</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetSecurityLabel</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetUUID</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetUUIDString</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetVcpus</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainGetXMLDesc</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainHasCurrentSnapshot</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainHasManagedSaveImage</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainInterfaceStats </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainIsActive</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainIsPersistent</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainLookupByID</td><td>Yes</td><td>function</td><td>Yes</td><td>virConnectOpenAuth</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virDomainLookupByName</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainLookupByUUID</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainLookupByUUIDString</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainManagedSave    </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainManagedSaveRemove</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainMemoryPeek</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainMemoryStats</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainMigrate</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainMigrateSetMaxDowntime</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainMigrateToURI   </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainPinVcpu</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainReboot</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainRef    </td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainRestore</td><td>Yes </td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainResume </td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainRevertToSnapshot</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSave</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSetAutostart</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSetMaxMemory   </td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSetMemory</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSetSchedulerParameters</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSetVcpus</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainShutdown</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSnapshotCreateXML</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSnapshotCurrent</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSnapshotDelete</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSnapshotFree</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSnapshotGetXMLDesc</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSnapshotListNames</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSnapshotLookupByName</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSnapshotNum</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainSuspend</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainUndefine</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virDomainUpdateDeviceFlags</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virEventAddHandleFunc</td><td>Yes</td><td>delegate</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virEventAddTimeoutFunc</td><td>Yes</td><td>delegate</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virEventHandleCallback</td><td>Yes</td><td>delegate</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virEventRegisterImpl</td><td>Yes</td><td>function</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virEventRemoveHandleFunc</td><td>Yes</td><td>delegate</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virEventRemoveTimeoutFunc</td><td>Yes</td><td>delegate</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virEventTimeoutCallback</td><td>Yes</td><td>delegate</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virEventUpdateHandleFunc</td><td>Yes</td><td>delegate</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virEventUpdateTimeoutFunc</td><td>Yes</td><td>delegate</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virFreeCallback</td><td>Yes</td><td>function</td><td>Yes</td><td>virEventRegisterImpl</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes</td></tr>
+      <tr><td>virGetVersion</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInitialize</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceCreate</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceDefineXML</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceDestroy</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceFree</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceGetConnect</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceGetMACString</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceGetName</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceGetXMLDesc</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceIsActive</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceLookupByMACString</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceLookupByName</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceRef </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virInterfaceUndefine</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterDefineXML</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterFree</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterGetName</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterGetUUID</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterGetUUIDString</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterGetXMLDesc</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterLookupByName </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterLookupByUUID</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterLookupByUUIDString</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterRef  </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNWFilterUndefine</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkCreate</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkCreateXML</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkDefineXML</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkDestroy</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkFree</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkGetAutostart</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkGetBridgeName</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkGetConnect</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkGetName</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkGetUUID</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkGetUUIDString </td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkGetXMLDesc</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkIsActive</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkIsPersistent</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkLookupByName</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkLookupByUUID</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkLookupByUUIDString</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkRef</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkSetAutostart</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNetworkUndefine</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceCreateXML</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceDestroy</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceDettach</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceFree</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceGetName</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceGetParent</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceGetXMLDesc</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceListCaps</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceLookupByName</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceNumOfCaps</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceReAttach</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceRef</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeDeviceReset</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeGetCellsFreeMemory</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeGetFreeMemory</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeGetInfo</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeGetSecurityModel </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeListDevices</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virNodeNumOfDevices</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretDefineXML</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretFree   </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretGetConnect</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretGetUUID</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretGetUUIDString  </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretGetUsageID</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretGetUsageType</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretGetValue</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretGetXMLDesc</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretLookupByUUID</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretLookupByUUIDString</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretLookupByUsage</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretRef</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretSetValue</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virSecretUndefine</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolBuild</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolCreate</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolCreateXML </td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolDefineXML</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolDelete</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolDestroy</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolFree</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolGetAutostart</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolGetConnect</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolGetInfo</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolGetName</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolGetUUID</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolGetUUIDString</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolGetXMLDesc</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolIsActive</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolIsPersistent</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolListVolumes</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolLookupByName</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolLookupByUUID</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolLookupByUUIDString</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolLookupByVolume</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolNumOfVolumes</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolRef</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolRefresh</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolSetAutostart</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStoragePoolUndefine</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolCreateXML</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolCreateXMLFrom</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolDelete</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolFree</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolGetConnect  </td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>Maybe</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolGetInfo</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolGetKey</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolGetName</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolGetPath</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolGetXMLDesc </td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolLookupByKey</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolLookupByName</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolLookupByPath</td><td>Yes</td><td>function</td><td>Yes</td><td>&nbsp;</td><td>Yes</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolRef</td><td>Yes</td><td>function</td><td>No</td><td>&nbsp;</td><td>No</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStorageVolWipe</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamAbort  </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamEventAddCallback</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamEventCallback</td><td>No</td><td>delegate</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamEventRemoveCallback</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamEventUpdateCallback</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamFinish </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamFree   </td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamNew</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamRecv</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamRecvAll</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamRef</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamSend</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamSendAll</td><td>No</td><td>function</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamSinkFunc</td><td>No</td><td>delegate</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+      <tr><td>virStreamSourceFunc</td><td>No</td><td>delegate</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+    </table>
+  </body>
+</html>
--- a/docs/deployment.html.in
+++ b/docs/deployment.html.in
@ -2,16 +2,18 @@
  <body>
    <h1>Deployment</h1>

-    <h2>Pre-packaged releases</h2>
+    <ul id="toc"></ul>
+
+    <h2><a name="packages">Pre-packaged releases</a></h2>

    <p>
-      The libvirt API is now available in all major Linux distributions
+      The libvirt API is now available in all major Linux distributions,
      so the simplest deployment approach is to use your distributions'
      package management software to install the <code>libvirt</code>
      module.
    </p>

-    <h2>Self-built releases</h2>
+    <h2><a name="tarball">Self-built releases</a></h2>

    <p>
      libvirt uses GNU autotools for its build system, so deployment
@ -25,7 +27,7 @@
      # make install
    </pre>

-    <h2>Built from GIT</h2>
+    <h2><a name="git">Built from GIT</a></h2>

    <p>
      When building from GIT it is necessary to generate the autotools
--- a/docs/devguide.html.in
+++ b/docs/devguide.html.in
@ -0,0 +1,55 @@
+<?xml version="1.0"?>
+<html>
+  <body>
+    <h1>libvirt Application Development Guide</h1>
+
+    <ul id="toc"></ul>
+
+    <p>
+      The guide is both a learning tool for developing with libvirt and an
+      API reference document. It is a work in progress, composed by a
+      professional author from contributions written by members of the
+      libvirt team.
+    </p>
+
+    <p>
+      Contributions to the guide are <b>VERY</b> welcome. If you'd like to get
+      your name on this and demonstrate your virtualisation prowess, a solid
+      contribution to the content here will do it. :)
+    </p>
+
+    <h2><a name="online">Browsable online</a></h2>
+
+    <ul>
+      <li><a href="http://libvirt.org/guide/html/">
+        HTML format using multiple pages</a></li>
+      <li><a href="http://libvirt.org/guide/html-single/">
+        HTML format using one big page</a></li>
+      <li><a href="http://libvirt.org/guide/pdf/Application_Development_Guide.pdf">
+        PDF format</a></li>
+      <li><a href="http://libvirt.org/guide/libvirt-0.7.5-Application_Development_Guide-en-US.epub">
+        ePub format</a></li>
+      <li><a href="http://libvirt.org/guide/txt/Application_Development_Guide.txt">
+        Plain text format</a></li>
+      <li><a href="http://libvirt.org/guide/libvirt-Application_Development_Guide-0.7.5-web-en-US-1-9.el5.src.rpm">
+        Source RPM format</a></li>
+    </ul>
+
+    <h2><a name="git">GIT source repository</a></h2>
+
+    <p>
+      The source is in a git repository:
+    </p>
+
+    <pre>
+      git clone git://libvirt.org/libvirt-appdev-guide.git</pre>
+
+    <p>
+      Browsable here:
+    </p>
+
+    <pre>
+      <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary</a></pre>
+
+  </body>
+</html>
--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@ -1,9 +1,11 @@
 <?xml version="1.0"?>
 <html>
  <body>
-    <h1 >Downloads</h1>
+    <h1>Downloads</h1>

-    <h2>Official Releases</h2>
+    <ul id="toc"></ul>
+
+    <h2><a name="releases">Official Releases</a></h2>

    <p>
      The latest versions of the libvirt C library can be downloaded from:
@ -14,7 +16,7 @@
      <li><a href="http://libvirt.org/sources/">libvirt.org HTTP server</a></li>
    </ul>

-    <h2>Hourly development snapshots</h2>
+    <h2><a name="hourly">Hourly development snapshots</a></h2>

    <p>
      Once an hour, an automated snapshot is made from the git server
@ -27,33 +29,108 @@
      <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.gz">libvirt.org HTTP server</a></li>
    </ul>

-      <h2>GIT source repository</h2>
-      <p> Libvirt code source is now maintained in a <a
-      href="http://git-scm.com/">git</a> repository available on
-      <a href="http://libvirt.org/git/">libvirt.org</a>:
+    <h2><a name="git">GIT source repository</a></h2>
+
+    <p>
+      Libvirt code source is now maintained in a <a href="http://git-scm.com/">git</a>
+      repository available on <a href="http://libvirt.org/git/">libvirt.org</a>:
    </p>
-        <pre>

-      git clone git://libvirt.org/libvirt.git
-    </pre>
-        <p>
-      It can also be browsed at
+    <pre>
+      git clone git://libvirt.org/libvirt.git</pre>
+
+    <p>
+      It can also be browsed at:
    </p>
-        <pre>

-      <a href="http://libvirt.org/git/?p=libvirt.git;a=summary">http://libvirt.org/git/?p=libvirt.git;a=summary</a>
-    </pre>
-       <h2>Building from a source code checkout</h2>
-    <p> The libvirt build process uses GNU autotools, so after obtaining a
-    checkout it is necessary to generate the configure script and Makefile.in
-    templates using the <code>autogen.sh</code> command, passing the extra
-    arguments as for configure. As an example, to do a complete build and
-    install it into your home directory run:</p>
-        <pre>
+    <pre>
+      <a href="http://libvirt.org/git/?p=libvirt.git;a=summary">http://libvirt.org/git/?p=libvirt.git;a=summary</a></pre>

-      ./autogen.sh --prefix=$HOME/usr
+    <br />
+
+    <h1>libvirt Application Development Guide</h1>
+
+    <p>
+      The guide is both a learning tool for developing with libvirt and an
+      API reference document. It is a work in progress, composed by a
+      professional author from contributions written by members of the
+      libvirt team.
+    </p>
+
+    <p>
+      Contributions to the guide are <b>VERY</b> welcome. If you'd like to get
+      your name on this and demonstrate your virtualisation prowess, a solid
+      contribution to the content here will do it. :)
+    </p>
+
+    <h2><a name="appdevpdf">Application Development Guide PDF</a></h2>
+
+    <p>
+      PDF download is available here:
+    </p>
+
+    <ul>
+      <li><a href="http://libvirt.org/guide/pdf/Application_Development_Guide.pdf">libvirt App Dev Guide</a> (PDF)</li>
+    </ul>
+
+    <h2><a name="appdevgit">Application Development Guide source GIT repository</a></h2>
+
+    <p>
+      The source is also in a git repository:
+    </p>
+
+    <pre>
+      git clone git://libvirt.org/libvirt-appdev-guide.git</pre>
+
+    <p>
+      Browsable at:
+    </p>
+
+    <pre>
+      <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary</a></pre>
+
+    <br />
+
+    <h1><a name="installation">libvirt Installation</a></h1>
+
+    <h2><a name="Compilatio">Compiling a release tarball</a></h2>
+
+    <p>
+      libvirt uses the standard configure/make/install steps:
+    </p>
+
+    <pre>
+      gunzip -c libvirt-xxx.tar.gz | tar xvf -
+      cd libvirt-xxxx
+      ./configure --help</pre>
+
+    <p>
+      To see the options, then the compilation/installation proper:
+    </p>
+
+    <pre>
+      ./configure [possible options]
      make
-      make install
-    </pre>
+      make install</pre>
+
+    <p>
+      At that point you may have to rerun ldconfig or a similar utility to
+      update your list of installed shared libs.
+    </p>
+
+    <h2><a name="build">Building from a GIT checkout</a></h2>
+
+    <p>
+      The libvirt build process uses GNU autotools, so after obtaining a
+      checkout it is necessary to generate the configure script and Makefile.in
+      templates using the <code>autogen.sh</code> command, passing the extra
+      arguments as for configure. As an example, to do a complete build and
+      install it into your home directory run:
+    </p>
+
+    <pre>
+      ./autogen.sh --prefix=$HOME/usr --enable-compile-warnings=error
+      make
+      make install</pre>
  </body>
 </html>
--- a/docs/drivers.html.in
+++ b/docs/drivers.html.in
@ -2,6 +2,8 @@
  <body>
    <h1>Internal drivers</h1>

+    <ul id="toc"></ul>
+
    <p>
      The libvirt public API delegates its implementation to one or
      more internal drivers, depending on the <a href="uri.html">connection URI</a>
@ -10,21 +12,35 @@
      network and storage driver active.
    </p>

-    <h2>Hypervisor drivers</h2>
+    <h2><a name="hypervisor">Hypervisor drivers</a></h2>

    <p>
      The hypervisor drivers currently supported by libvirt are:
    </p>

    <ul>
-      <li><strong><a href="drvxen.html">Xen</a></strong></li>
-      <li><strong><a href="drvqemu.html">QEMU</a></strong></li>
-      <li><strong><a href="drvlxc.html">LXC</a></strong></li>
-      <li><strong><a href="drvtest.html">Test</a></strong></li>
-      <li><strong><a href="drvopenvz.html">OpenVZ</a></strong></li>
-      <li><strong><a href="drvvbox.html">VirtualBox</a></strong></li>
+      <li><strong><a href="drvlxc.html">LXC</a></strong> - Linux Containers</li>
      <li><strong><a href="drvone.html">OpenNebula</a></strong></li>
+      <li><strong><a href="drvopenvz.html">OpenVZ</a></strong></li>
+      <li><strong><a href="drvqemu.html">QEMU</a></strong></li>
+      <li><strong><a href="drvtest.html">Test</a></strong> - Used for testing</li>
+      <li><strong><a href="drvuml.html">UML</a></strong> - User Mode Linux</li>
+      <li><strong><a href="drvvbox.html">VirtualBox</a></strong></li>
      <li><strong><a href="drvesx.html">VMware ESX</a></strong></li>
+      <li><strong><a href="drvxen.html">Xen</a></strong></li>
+    </ul>
+
+    <h2><a name="stroage">Storage drivers</a></h2>
+
+    <ul>
+      <li><strong><a href="storage.html#StorageBackendDir">Directory backend</a></strong></li>
+      <li><strong><a href="storage.html#StorageBackendFS">Local filesystem backend</a></strong></li>
+      <li><strong><a href="storage.html#StorageBackendNetFS">Network filesystem backend</a></strong></li>
+      <li><strong><a href="storage.html#StorageBackendLogical">Logical Volume Manager (LVM) backend</a></strong></li>
+      <li><strong><a href="storage.html#StorageBackendDisk">Disk backend</a></strong></li>
+      <li><strong><a href="storage.html#StorageBackendISCSI">iSCSI backend</a></strong></li>
+      <li><strong><a href="storage.html#StorageBackendSCSI">SCSI backend</a></strong></li>
+      <li><strong><a href="storage.html#StorageBackendMultipath">Multipath backend</a></strong></li>
    </ul>
  </body>
 </html>
--- a/docs/drvesx.html.in
+++ b/docs/drvesx.html.in
@ -2,15 +2,16 @@
    <h1>VMware ESX hypervisor driver</h1>
    <ul id="toc"></ul>
    <p>
-        The libvirt VMware ESX driver can manage VMware ESX/ESXi 3.5/4.0 and
+        The libvirt VMware ESX driver can manage VMware ESX/ESXi 3.5/4.x and
        VMware GSX 2.0, also called VMware Server 2.0, and possibly later
-        versions.
+        versions. <span class="since">Since 0.8.3</span> the driver can also
+        connect to a VMware vCenter 2.5/4.x (VPX).
    </p>


    <h2><a name="prereq">Deployment pre-requisites</a></h2>
    <p>
-        None. Any out-of-the-box installation of ESX/GSX should work. No
+        None. Any out-of-the-box installation of VPX/ESX(i)/GSX should work. No
        preparations are required on the server side, no libvirtd must be
        installed on the ESX server. The driver uses version 2.5 of the remote,
        SOAP based
@ -27,10 +28,11 @@
        Some example remote connection URIs for the driver are:
    </p>
 <pre>
-esx://example.com                  (ESX over HTTPS)
-gsx://example.com                  (GSX over HTTPS)
-esx://example.com/?transport=http  (ESX over HTTP)
-esx://example.com/?no_verify=1     (ESX over HTTPS, but doesn't verify the server's SSL certificate)
+vpx://example-vcenter.com/dc1/srv1     (VPX over HTTPS, select ESX server 'srv1' in datacenter 'dc1')
+esx://example-esx.com                  (ESX over HTTPS)
+gsx://example-gsx.com                  (GSX over HTTPS)
+esx://example-esx.com/?transport=http  (ESX over HTTP)
+esx://example-esx.com/?no_verify=1     (ESX over HTTPS, but doesn't verify the server's SSL certificate)
 </pre>
    <p>
        <strong>Note</strong>: In contrast to other drivers, the ESX driver is
@ -43,24 +45,47 @@ esx://example.com/?no_verify=1     (ESX over HTTPS, but doesn't verify the serve

    <h3><a name="uriformat">URI Format</a></h3>
    <p>
-        URIs have this general form ('[...]' marks an optional part).
+        URIs have this general form (<code>[...]</code> marks an optional part).
    </p>
 <pre>
-type://[username@]hostname[:port]/[?extraparameters]
+type://[username@]hostname[:port]/[datacenter[/cluster]/server][?extraparameters]
 </pre>
    <p>
        The <code>type://</code> is either <code>esx://</code> or
-        <code>gsx://</code> and the driver selects the default port depending
-        on it. For ESX the default HTTPS port is 443, for GSX it is 8333. If
-        the port parameter is given, it overrides the default port.
+        <code>gsx://</code> or <code>vpx://</code> <span class="since">since 0.8.3</span>.
+        The driver selects the default port depending on the <code>type://</code>.
+        For <code>esx://</code> and <code>vpx://</code> the default HTTPS port
+        is 443, for <code>gsx://</code> it is 8333.
+        If the port parameter is given, it overrides the default port.
    </p>
+    <p>
+        A <code>vpx://</code> connection is currently restricted to a single
+        ESX server. This might be relaxed in the future. The path part of the
+        URI is used to specify the datacenter and the ESX server in it. If the
+        ESX server is part of a cluster then the cluster has to be specified too.
+    </p>
+    <p>
+        An example: ESX server <code>example-esx.com</code> is managed by
+        vCenter <code>example-vcenter.com</code> and part of cluster
+        <code>cluster1</code>. This cluster is part of datacenter <code>dc1</code>.
+    </p>
+<pre>
+vpx://example-vcenter.com/dc1/cluster1/example-esx.com
+</pre>


-    <h4>Extra parameters</h4>
+    <h4><a name="extraparams">Extra parameters</h4>
    <p>
        Extra parameters can be added to a URI as part of the query string
-        (the part following '?'). The driver understands the extra parameters
-        shown below.
+        (the part following <code>?</code>). A single parameter is formed by a
+        <code>name=value</code> pair. Multiple parameters are separated by
+        <code>&amp;</code>.
+    </p>
+<pre>
+?<span style="color: #E50000">no_verify=1</span>&amp;<span style="color: #00B200">auto_answer=1</span>&amp;<span style="color: #0000E5">proxy=socks://example-proxy.com:23456</span>
+</pre>
+    <p>
+        The driver understands the extra parameters shown below.
    </p>
    <table class="top_table">
        <tr>
@ -76,8 +101,9 @@ type://[username@]hostname[:port]/[?extraparameters]
                <code>http</code> or <code>https</code>
            </td>
            <td>
-                Overrides the default HTTPS transport. For ESX the default
-                HTTP port is 80, for GSX it is 8222.
+                Overrides the default HTTPS transport. For <code>esx://</code>
+                and <code>vpx://</code> the default HTTP port is 80, for
+                <code>gsx://</code> it is 8222.
            </td>
        </tr>
        <tr>
@ -91,6 +117,7 @@ type://[username@]hostname[:port]/[?extraparameters]
                In order to perform a migration the driver needs to know the
                VMware vCenter for the ESX server. If set to <code>*</code>,
                the driver connects to the vCenter known to the ESX server.
+                This parameter in useful when connecting to an ESX server only.
            </td>
        </tr>
        <tr>
@ -102,7 +129,9 @@ type://[username@]hostname[:port]/[?extraparameters]
            </td>
            <td>
                If set to 1, this disables libcurl client checks of the server's
-                SSL certificate. The default value it 0.
+                SSL certificate. The default value it 0. See the
+                <a href="#certificates">Certificates for HTTPS</a> section for
+                details.
            </td>
        </tr>
        <tr>
@ -160,6 +189,101 @@ type://[username@]hostname[:port]/[?extraparameters]
    </p>


+    <h3><a name="certificates">Certificates for HTTPS</a></h3>
+    <p>
+        By default the ESX driver uses HTTPS to communicate with an ESX server.
+        Proper HTTPS communication requires correctly configured SSL
+        certificates. This certificates are different from the ones libvirt
+        uses for <a href="remote.html">secure communication over TLS</a> to a
+        libvirtd one a remote server.
+    </p>
+    <p>
+        By default the driver tries to verify the server's SSL certificate
+        using the CA certificate pool installed on your client computer. With
+        an out-of-the-box installed ESX server this won't work, because a newly
+        installed ESX server uses auto-generated self-signed certificates.
+        Those are singed by a CA certificate that is typically not known to your
+        client computer and libvirt will report an error like this one:
+    </p>
+<pre>
+error: internal error curl_easy_perform() returned an error: Peer certificate cannot be authenticated with known CA certificates (60)
+</pre>
+    <p>
+        Where are two ways to solve this problem:
+    </p>
+    <ul>
+        <li>
+            Use the <code>no_verify=1</code> <a href="#extraparams">extra parameter</a>
+            to disable server certificate verification.
+        </li>
+        <li>
+            Generate new SSL certificates signed by a CA known to your client
+            computer and replace the original ones on your ESX server. See the
+            section <i>Replace a Default Certificate with a CA-Signed Certificate</i>
+            in the <a href="http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf">ESX Configuration Guide</a>
+        </li>
+    </ul>
+
+
+    <h3><a name="connproblems">Connection problems</a></h3>
+    <p>
+        There are also other causes for connection problems than the
+        <a href="#certificates">HTTPS certificate</a> related ones.
+    </p>
+    <ul>
+        <li>
+            As stated before the ESX driver doesn't need the
+            <a href="remote.html">remote transport mechanism</a>
+            provided by the remote driver and libvirtd, nor does the ESX driver
+            support it. Therefore, using an URI including a transport in the
+            scheme won't work. Only <a href="#uriformat">URIs as described</a>
+            are supported by the ESX driver. Here's a collection of possible
+            error messages:
+<pre>
+$ virsh -c esx+tcp://example.com/
+error: unable to connect to libvirtd at 'example.com': Connection refused
+</pre>
+<pre>
+$ virsh -c esx+tls://example.com/
+error: Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
+</pre>
+<pre>
+$ virsh -c esx+ssh://example.com/
+error: cannot recv data: ssh: connect to host example.com port 22: Connection refused
+</pre>
+<pre>
+$ virsh -c esx+ssh://example.com/
+error: cannot recv data: Resource temporarily unavailable
+</pre>
+        </li>
+        <li>
+            <span class="since">Since 0.7.0</span> libvirt contains the ESX
+            driver. Earlier versions of libvirt will report a misleading error
+            about missing certificates when you try to connect to an ESX server.
+<pre>
+$ virsh -c esx://example.com/
+error: Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
+</pre>
+            <p>
+                Don't let this error message confuse you. Setting up certificates
+                as described on the <a href="remote.html#Remote_certificates">remote transport mechanism</a> page
+                does not help, as this is not a certificate related problem.
+            </p>
+            <p>
+                To fix this problem you need to update your libvirt to 0.7.0 or newer.
+                You may also see this error when you use a libvirt version that
+                contains the ESX driver but you or your distro disabled the ESX
+                driver during compilation. <span class="since">Since 0.8.3</span>
+                the error message has been improved in this case:
+            </p>
+<pre>
+$ virsh -c esx://example.com/
+error: invalid argument in libvirt was built without the 'esx' driver
+</pre>
+        </li>
+    </ul>
+
+
    <h2><a name="questions">Questions blocking tasks</a></h2>
    <p>
        Some methods of the VI API start tasks, for example
@ -217,7 +341,7 @@ type://[username@]hostname[:port]/[?extraparameters]
        To define a new domain the driver converts the domain XML into a
        VMware VMX file and uploads it to a datastore known to the ESX server.
        Because multiple datastores may be known to an ESX server the driver
-        needs to decide to which datastores the VMX file should be uploaded.
+        needs to decide to which datastore the VMX file should be uploaded.
        The driver deduces this information from the path of the source of the
        first file-based harddisk listed in the domain XML.
    </p>
@ -292,6 +416,15 @@ ethernet0.checkMACAddress = "false"

    <h4>SCSI controller models</h4>
    <dl>
+        <dt><code>auto</code></dt>
+        <dd>
+            This isn't a actual controller model. If specified the ESX driver
+            tries to detect the SCSI controller model referenced in the
+            <code>.vmdk</code> file and use it. Autodetection fails when a
+            SCSI controller has multiple disks attached and the SCSI controller
+            models referenced in the <code>.vmdk</code> files are inconsistent.
+            <span class="since">Since 0.8.3</span>
+        </dd>
        <dt><code>buslogic</code></dt>
        <dd>
            BusLogic SCSI controller for older guests.
@ -302,7 +435,13 @@ ethernet0.checkMACAddress = "false"
        </dd>
        <dt><code>lsisas1068</code></dt>
        <dd>
-            LSI Logic SAS 1068 controller.
+            LSI Logic SAS 1068 controller. <span class="since">Since 0.8.0</span>
+        </dd>
+        <dt><code>vmpvscsi</code></dt>
+        <dd>
+            Special VMware Paravirtual SCSI controller, requires VMware tools inside
+            the guest. See <a href="http://kb.vmware.com/kb/1010398">VMware KB1010398</a>
+            for details. <span class="since">Since 0.8.3</span>
        </dd>
    </dl>
    <p>
@ -560,7 +699,7 @@ ethernet0.address = "00:50:56:25:48:C7"
 esx://example.com/?vcenter=example-vcenter.com
 </pre>
    <p>
-        Here an example how to migrate the domain <code>Fedora11</code> from
+        Here's an example how to migrate the domain <code>Fedora11</code> from
        ESX server <code>example-src.com</code> to ESX server
        <code>example-dst.com</code> implicitly involving vCenter
        <code>example-vcenter.com</code> using <code>virsh</code>.
@ -575,6 +714,19 @@ Enter username for example-dst.com [root]:
 Enter root password for example-dst.com:
 Enter username for example-vcenter.com [administrator]:
 Enter administrator password for example-vcenter.com:
+</pre>
+    <p>
+        <span class="since">Since 0.8.3</span> you can directly connect to a vCenter.
+        This simplifies migration a bit. Here's the same migration as above but
+        using <code>vpx://</code> connections and assuming both ESX server are in
+        datacenter <code>dc1</code> and aren't part of a cluster.
+    </p>
+<pre>
+$ virsh -c vpx://example-vcenter.com/dc1/example-src.com migrate Fedora11 vpx://example-vcenter.com/dc1/example-dst.com
+Enter username for example-vcenter.com [administrator]:
+Enter administrator password for example-vcenter.com:
+Enter username for example-vcenter.com [administrator]:
+Enter administrator password for example-vcenter.com:
 </pre>


@ -642,5 +794,10 @@ Enter administrator password for example-vcenter.com:
                VMware VMX config parameters
            </a>
        </li>
+        <li>
+            <a href="http://www.vmware.com/pdf/vsp_4_pvscsi_perf.pdf">
+                VMware ESX 4.0 PVSCSI Storage Performance
+            </a>
+        </li>
    </ul>
 </body></html>
--- a/docs/drvlxc.html.in
+++ b/docs/drvlxc.html.in
@ -34,6 +34,11 @@ start it using
 &lt;/domain&gt;
 </pre>

+<p>
+In the &lt;emulator&gt; element, be sure you specify the correct path
+to libvirt_lxc, if it does not live in /usr/libexec on your system.
+</p>
+
 <p>
 The next example assumes there is a private root filesystem
 (perhaps hand-crafted using busybox, or installed from media,
@ -71,14 +76,17 @@ debootstrap, whatever) under /opt/vm-1-root:
 In both cases, you can define and start a container using:</p>
 <pre>
 virsh --connect lxc:/// define v1.xml
-virsh --connect lxc:/// start v1.xml
+virsh --connect lxc:/// start vm1
 </pre>
 and then get a console  using:
 <pre>
-virsh --connect lxc:/// console v1
+virsh --connect lxc:/// console vm1
 </pre>
 <p>Now doing 'ps -ef' will only show processes in the container, for
-instance.
+instance.  You can undefine it using
 </p>
+<pre>
+virsh --connect lxc:/// undefine vm1
+</pre>
  </body>
 </html>
--- a/docs/firewall.html.in
+++ b/docs/firewall.html.in
@ -0,0 +1,477 @@
+<?xml version="1.0"?>
+<html>
+  <body>
+    <h1 >Firewall and network filtering in libvirt</h1>
+    <p>There are three pieces of libvirt functionality which do network
+       filtering of some type.
+       <br /><br />
+       At a high level they are:
+    </p>
+    <ul>
+      <li>The virtual network driver
+          <br /><br />
+          This provides a isolated bridge device (ie no physical NICs
+          enslaved). Guest TAP devices are attached to this bridge.
+          Guests can talk to each other and the host, and optionally the
+          wider world.
+          <br /><br />
+      </li>
+      <li>The QEMU driver MAC filtering
+          <br /><br />
+          This provides a generic filtering of MAC addresses to prevent
+          the guest spoofing its MAC address. This is mostly obsoleted by
+          the next item, so won't be discussed further.
+          <br /><br />
+      </li>
+      <li>The network filter driver
+          <br /><br />
+          This provides fully configurable, arbitrary network filtering
+          of traffic on guest NICs. Generic rulesets are defined at the
+          host level to control traffic in some manner. Rules sets are
+          then associated with individual NICs of a guest. While not as
+          expressive as directly using iptables/ebtables, this can still
+          do nearly everything you would want to on a guest NIC filter.
+      </li>
+    </ul>
+
+    <h3><a name="name-fw-virtual-network-driver"
+           id="id-fw-virtual-network-driver">The virtual network driver</a>
+    </h3>
+    <p>The typical configuration for guests is to use bridging of the
+       physical NIC on the host to connect the guest directly to the LAN.
+       In RHEL6 there is also the possibility of using macvtap/sr-iov
+       and VEPA connectivity. None of this stuff plays nicely with wireless
+       NICs, since they will typically silently drop any traffic with a
+       MAC address that doesn't match that of the physical NIC.
+    </p>
+    <p>Thus the virtual network driver in libvirt was invented. This takes
+       the form of an isolated bridge device (ie one with no physical NICs
+       enslaved). The TAP devices associated with the guest NICs are attached
+       to the bridge device. This immediately allows guests on a single host
+       to talk to each other and to the host OS (modulo host IPtables rules).
+    </p>
+    <p>libvirt then uses iptables to control what further connectivity is
+       available. There are three configurations possible for a virtual
+       network at time of writing:
+    </p>
+    <ul>
+      <li>isolated: all off-node traffic is completely blocked</li>
+      <li>nat: outbound traffic to the LAN is allowed, but MASQUERADED</li>
+      <li>forward: outbound traffic to the LAN is allowed</li>
+    </ul>
+    <p>The latter 'forward' case requires the virtual network be on a
+       separate sub-net from the main LAN, and that the LAN admin has
+       configured routing for this subnet.  In the future we intend to
+       add support for IP subnetting and/or proxy-arp. This allows for
+       the virtual network to use the same subnet as the main LAN and
+       should avoid need for the LAN admin to configure special routing.
+    </p>
+    <p>Libvirt will optionally also provide DHCP services to the virtual
+       network using DNSMASQ. In all cases, we need to allow DNS/DHCP
+       queries to the host OS. Since we can't predict whether the host
+       firewall setup is already allowing this, we insert 4 rules into
+       the head of the INPUT chain
+    </p>
+    <pre>
+target     prot opt in     out     source               destination
+ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           udp dpt:53
+ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53
+ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           udp dpt:67
+ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           tcp dpt:67</pre>
+    <p>Note we have restricted our rules to just the bridge associated
+       with the virtual network, to avoid opening undesirable holes in
+       the host firewall wrt the LAN/WAN.
+    </p>
+    <p>The next rules depend on the type of connectivity allowed, and go
+       in the main FORWARD chain:
+    </p>
+    <ul>
+      <li>type=isolated
+          <br /><br />
+Allow traffic between guests. Deny inbound. Deny outbound.
+    <pre>
+target     prot opt in     out     source               destination
+ACCEPT     all  --  virbr1 virbr1  0.0.0.0/0            0.0.0.0/0
+REJECT     all  --  *      virbr1  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
+REJECT     all  --  virbr1 *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable</pre>
+      </li>
+      <li>type=nat
+          <br /><br />
+Allow inbound related to an established connection. Allow
+outbound, but only from our expected subnet. Allow traffic
+between guests. Deny all other inbound. Deny all other outbound.
+    <pre>
+target     prot opt in     out     source               destination
+ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED
+ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0
+ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0
+REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
+REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable</pre>
+      </li>
+      <li>type=routed
+          <br /><br />
+Allow inbound, but only to our expected subnet. Allow
+outbound, but only from our expected subnet. Allow traffic
+between guests. Deny all other inbound. Deny all other outbound.
+    <pre>
+target     prot opt in     out     source               destination
+ACCEPT     all  --  *      virbr2  0.0.0.0/0            192.168.124.0/24
+ACCEPT     all  --  virbr2 *       192.168.124.0/24     0.0.0.0/0
+ACCEPT     all  --  virbr2 virbr2  0.0.0.0/0            0.0.0.0/0
+REJECT     all  --  *      virbr2  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
+REJECT     all  --  virbr2 *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable</pre>
+      </li>
+      <li>Finally, with type=nat, there is also an entry in the POSTROUTING
+chain to apply masquerading:
+    <pre>
+target     prot opt in     out     source               destination
+MASQUERADE all  --  *      *       192.168.122.0/24    !192.168.122.0/24</pre>
+      </li>
+    </ul>
+
+    <h3><a name="name-fw-network-filter-driver"
+           id="id-fw-network-filter-driver">The network filter driver</a>
+    </h3>
+    <p>This driver provides a fully configurable network filtering capability
+       that leverages ebtables, iptables and ip6tables. This was written by
+       the libvirt guys at IBM and although its XML schema is defined by libvirt,
+       the conceptual model is closely aligned with the DMTF CIM schema for
+       network filtering:
+    </p>
+    <p><a href="http://www.dmtf.org/standards/cim/cim_schema_v2230/CIM_Network.pdf">http://www.dmtf.org/standards/cim/cim_schema_v2230/CIM_Network.pdf</a></p>
+    <p>The filters are managed in libvirt as a top level, standalone object.
+       This allows the filters to then be referenced by any libvirt object
+       that requires their functionality, instead tieing them only to use
+       by guest NICs. In the current implementation, filters can be associated
+       with individual guest NICs via the libvirt domain XML format. In the
+       future we might allow filters to be associated with the virtual network
+       objects. Further we're expecting to define a new 'virtual switch' object
+       to remove the complexity of configuring bridge/sriov/vepa networking
+       modes. This make also end up making use of network filters.
+    </p>
+    <p>There are a new set of virsh commands for managing network filters:</p>
+    <ul>
+      <li>virsh nwfilter-define
+          <br /><br />
+          define or update a network filter from an XML file
+          <br /><br />
+      </li>
+      <li>virsh nwfilter-undefine
+          <br /><br />
+          undefine a network filter
+          <br /><br />
+      </li>
+      <li>virsh nwfilter-dumpxml
+          <br /><br />
+          network filter information in XML
+          <br /><br />
+      </li>
+      <li>virsh nwfilter-list
+          <br /><br />
+          list network filters
+          <br /><br />
+      </li>
+      <li>virsh nwfilter-edit
+          <br /><br />
+          edit XML configuration for a network filter
+      </li>
+    </ul>
+    <p>There are equivalently named C APIs for each of these commands.</p>
+    <p>As with all objects libvirt manages, network filters are configured
+using an XML format. At a high level the format looks like this:
+    </p>
+<pre>
+&lt;filter name='no-spamming' chain='XXXX'&gt;
+  &lt;uuid&gt;d217f2d7-5a04-0e01-8b98-ec2743436b74&lt;/uuid&gt;
+
+  &lt;rule ...&gt;
+    ....
+  &lt;/rule&gt;
+
+  &lt;filterref filter='XXXX'/&gt;
+&lt;/filter&gt;</pre>
+    <p>Every filter has a name and UUID which serve as unique identifiers.
+       A filter can have zero-or-more <code>&lt;rule&gt;</code> elements which
+       are used to actually define network controls. Filters can be arranged
+       into a DAG, so zero-or-more <code>&lt;filterref/&gt;</code> elements are
+       also allowed. Cycles in the graph are not allowed.
+    </p>
+    <p>The <code>&lt;rule&gt;</code> element is where all the interesting stuff
+       happens. It has three attributes, an action, a traffic direction and an
+       optional priority. eg:
+    </p>
+    <pre>&lt;rule action='drop' direction='out' priority='500'&gt;</pre>
+    <p>Within the rule there are a wide variety of elements allowed, which
+       do protocol specific matching. Supported protocols currently include
+       <code>mac</code>, <code>arp</code>, <code>rarp</code>, <code>ip</code>,
+       <code>ipv6</code>, <code>tcp/ip</code>, <code>icmp/ip</code>,
+       <code>igmp/ip</code>, <code>udp/ip</code>, <code>udplite/ip</code>,
+       <code>esp/ip</code>, <code>ah/ip</code>, <code>sctp/ip</code>,
+       <code>tcp/ipv6</code>, <code>icmp/ipv6</code>, <code>igmp/ipv6</code>,
+       <code>udp/ipv6</code>, <code>udplite/ipv6</code>, <code>esp/ipv6</code>,
+       <code>ah/ipv6</code>, <code>sctp/ipv6</code>. Each protocol defines what
+       is valid inside the &lt;rule&gt; element. The general pattern though is:
+    </p>
+    <pre>
+&lt;protocol match='yes|no' attribute1='value1' attribute2='value2'/&gt;</pre>
+    <p>So, eg a TCP protocol, matching ports 0-1023 would be expressed as:</p>
+    <pre>&lt;tcp match='yes' srcportstart='0' srcportend='1023'/&gt;</pre>
+    <p>Attributes can included references to variables defined by the
+       object using the rule. So the guest XML format allows each NIC
+       to have a MAC address and IP address defined. These are made
+       available to filters via the variables <code><b>$IP</b></code> and
+       <code><b>$MAC</b></code>.
+    </p>
+    <p>So to define a filter that prevents IP address spoofing we can
+       simply match on source IP address <code>!= $IP</code> like this:
+    </p>
+    <pre>
+&lt;filter name='no-ip-spoofing' chain='ipv4'&gt;
+  &lt;rule action='drop' direction='out'&gt;
+    &lt;ip match='no' srcipaddr='<b>$IP</b>' /&gt;
+  &lt;/rule&gt;
+&lt;/filter&gt;</pre>
+    <p>I'm not going to go into details on all the other protocol
+       matches you can do, because it'll take far too much space.
+       You can read about the options
+       <a href="formatnwfilter.html#nwfelemsRulesProto">here</a>.
+    </p>
+    <p>Out of the box in RHEL6/Fedora rawhide, libvirt ships with a
+       set of default useful rules:
+    </p>
+    <pre>
+# virsh nwfilter-list
+UUID                                  Name
+----------------------------------------------------------------
+15b1ab2b-b1ac-1be2-ed49-2042caba4abb  allow-arp
+6c51a466-8d14-6d11-46b0-68b1a883d00f  allow-dhcp
+7517ad6c-bd90-37c8-26c9-4eabcb69848d  allow-dhcp-server
+3d38b406-7cf0-8335-f5ff-4b9add35f288  allow-incoming-ipv4
+5ff06320-9228-2899-3db0-e32554933415  allow-ipv4
+db0b1767-d62b-269b-ea96-0cc8b451144e  clean-traffic
+f88f1932-debf-4aa1-9fbe-f10d3aa4bc95  no-arp-spoofing
+772f112d-52e4-700c-0250-e178a3d91a7a  no-ip-multicast
+7ee20370-8106-765d-f7ff-8a60d5aaf30b  no-ip-spoofing
+d5d3c490-c2eb-68b1-24fc-3ee362fc8af3  no-mac-broadcast
+fb57c546-76dc-a372-513f-e8179011b48a  no-mac-spoofing
+dba10ea7-446d-76de-346f-335bd99c1d05  no-other-l2-traffic
+f5c78134-9da4-0c60-a9f0-fb37bc21ac1f  no-other-rarp-traffic
+7637e405-4ccf-42ac-5b41-14f8d03d8cf3  qemu-announce-self
+9aed52e7-f0f3-343e-fe5c-7dcb27b594e5  qemu-announce-self-rarp</pre>
+    <p>Most of these are just building blocks. The interesting one here
+       is 'clean-traffic'. This pulls together all the building blocks
+       into one filter that you can then associate with a guest NIC.
+       This stops the most common bad things a guest might try, IP
+       spoofing, arp spoofing and MAC spoofing. To look at the rules for
+       any of these just do:
+    </p>
+    <pre>virsh nwfilter-dumpxml FILTERNAME|UUID</pre>
+    <p>They are all stored in <code>/etc/libvirt/nwfilter</code>, but don't
+       edit the files there directly. Use <code>virsh nwfilter-define</code>
+       to update them. This ensures the guests have their iptables/ebtables
+       rules recreated.
+    </p>
+    <p>To associate the clean-trafffic filter with a guest, edit the
+       guest XML config and change the <code>&lt;interface&gt;</code> element
+       to include a <code>&lt;filterref&gt;</code> and also specify the
+       whitelisted <code>&lt;ip address/&gt;</code> the guest is allowed to
+       use:
+    </p>
+    <pre>
+&lt;interface type='bridge'&gt;
+  &lt;mac address='52:54:00:56:44:32'/&gt;
+  &lt;source bridge='br1'/&gt;
+  &lt;ip address='10.33.8.131'/&gt;
+  &lt;target dev='vnet0'/&gt;
+  &lt;model type='virtio'/&gt;
+  &lt;filterref filter='clean-traffic'/&gt;
+&lt;/interface&gt;</pre>
+    <p>If no <code>&lt;ip address&gt;</code> is included, the network filter
+       driver will activate its 'learning mode'. This uses libpcap to snoop on
+       network traffic the guest sends and attempts to identify the
+       first IP address it uses. It then locks traffic to this address.
+       Obviously this isn't entirely secure, but it does offer some
+       protection against the guest being trojaned once up and running.
+       In the future we intend to enhance the learning mode so that it
+       looks for DHCPOFFERS from a trusted DHCP server and only allows
+       the offered IP address to be used.
+    </p>
+    <p>Now, how is all this implemented...?</p>
+    <p>The network filter driver uses a combination of ebtables, iptables and
+       ip6tables, depending on which protocols are referenced in a filter. The
+       out of the box 'clean-traffic' filter rules only require use of
+       ebtables. If you want to do matching at tcp/udp/etc protocols (eg to add
+       a new filter 'no-email-spamming' to block port 25), then iptables will
+       also be used.
+    </p>
+    <p>The driver attempts to keep its rules separate from those that
+       the host admin might already have configured. So the first thing
+       it does with ebtables, is to add two hooks in POSTROUTING and
+       PREROUTING chains, to redirect traffic to custom chains. These
+       hooks match on the TAP device name of the guest NIC, so they
+       should not interact badly with any administrator defined rules:
+    </p>
+    <pre>
+Bridge chain: PREROUTING, entries: 1, policy: ACCEPT
+-i vnet0 -j libvirt-I-vnet0
+
+Bridge chain: POSTROUTING, entries: 1, policy: ACCEPT
+-o vnet0 -j libvirt-O-vnet0</pre>
+    <p>To keep things managable and easy to follow, the driver will then
+       create further sub-chains for each protocol then it needs to match
+       against:
+    </p>
+    <pre>
+Bridge chain: libvirt-I-vnet0, entries: 5, policy: ACCEPT
+-p IPv4 -j I-vnet0-ipv4
+-p ARP -j I-vnet0-arp
+-p 0x8035 -j I-vnet0-rarp
+-p 0x835 -j ACCEPT
+-j DROP
+
+Bridge chain: libvirt-O-vnet0, entries: 4, policy: ACCEPT
+-p IPv4 -j O-vnet0-ipv4
+-p ARP -j O-vnet0-arp
+-p 0x8035 -j O-vnet0-rarp
+-j DROP</pre>
+    <p>Finally, here comes the actual implementation of the filters. This
+       example shows the 'clean-traffic' filter implementation.
+       I'm not going to explain what this is doing now. :-)
+    </p>
+    <pre>
+Bridge chain: I-vnet0-ipv4, entries: 2, policy: ACCEPT
+-s ! 52:54:0:56:44:32 -j DROP
+-p IPv4 --ip-src ! 10.33.8.131 -j DROP
+
+Bridge chain: O-vnet0-ipv4, entries: 1, policy: ACCEPT
+-j ACCEPT
+
+Bridge chain: I-vnet0-arp, entries: 6, policy: ACCEPT
+-s ! 52:54:0:56:44:32 -j DROP
+-p ARP --arp-mac-src ! 52:54:0:56:44:32 -j DROP
+-p ARP --arp-ip-src ! 10.33.8.131 -j DROP
+-p ARP --arp-op Request -j ACCEPT
+-p ARP --arp-op Reply -j ACCEPT
+-j DROP
+
+Bridge chain: O-vnet0-arp, entries: 5, policy: ACCEPT
+-p ARP --arp-op Reply --arp-mac-dst ! 52:54:0:56:44:32 -j DROP
+-p ARP --arp-ip-dst ! 10.33.8.131 -j DROP
+-p ARP --arp-op Request -j ACCEPT
+-p ARP --arp-op Reply -j ACCEPT
+-j DROP
+
+Bridge chain: I-vnet0-rarp, entries: 2, policy: ACCEPT
+-p 0x8035 -s 52:54:0:56:44:32 -d Broadcast --arp-op Request_Reverse --arp-ip-src 0.0.0.0 --arp-ip-dst 0.0.0.0 --arp-mac-src 52:54:0:56:44:32 --arp-mac-dst 52:54:0:56:44:32 -j ACCEPT
+-j DROP
+
+Bridge chain: O-vnet0-rarp, entries: 2, policy: ACCEPT
+-p 0x8035 -d Broadcast --arp-op Request_Reverse --arp-ip-src 0.0.0.0 --arp-ip-dst 0.0.0.0 --arp-mac-src 52:54:0:56:44:32 --arp-mac-dst 52:54:0:56:44:32 -j ACCEPT
+-j DROP</pre>
+    <p>NB, we would have liked to include the prefix 'libvirt-' in all
+       of our chain names, but unfortunately the kernel limits names
+       to a very short maximum length. So only the first two custom
+       chains can include that prefix. The others just include the
+       TAP device name + protocol name.
+    </p>
+    <p>If I define a new filter 'no-spamming' and then add this to the
+       'clean-traffic' filter, I can illustrate how iptables usage works:
+    </p>
+    <pre>
+# cat &gt; /root/spamming.xml &lt;&lt;EOF
+&lt;filter name='no-spamming' chain='root'&gt;
+  &lt;uuid&gt;d217f2d7-5a04-0e01-8b98-ec2743436b74&lt;/uuid&gt;
+  &lt;rule action='drop' direction='out' priority='500'&gt;
+    &lt;tcp dstportstart='25' dstportend='25'/&gt;
+  &lt;/rule&gt;
+&lt;/filter&gt;
+EOF
+# virsh nwfilter-define /root/spamming.xml
+# virsh nwfilter-edit clean-traffic</pre>
+
+    <p>...add <code>&lt;filterref filter='no-spamming'/&gt;</code></p>
+    <p>All active guests immediately have their iptables/ebtables rules
+       rebuilt.
+    </p>
+    <p>The network filter driver deals with iptables in a very similar
+       way. First it separates out its rules from those the admin may
+       have defined, by adding a couple of hooks into the INPUT/FORWARD
+       chains:
+    </p>
+    <pre>
+Chain INPUT (policy ACCEPT 13M packets, 21G bytes)
+target           prot opt in     out     source               destination
+libvirt-host-in  all  --  *      *       0.0.0.0/0            0.0.0.0/0
+
+Chain FORWARD (policy ACCEPT 5532K packets, 3010M bytes)
+target           prot opt in     out     source               destination
+libvirt-in       all  --  *      *       0.0.0.0/0            0.0.0.0/0
+libvirt-out      all  --  *      *       0.0.0.0/0            0.0.0.0/0
+libvirt-in-post  all  --  *      *       0.0.0.0/0            0.0.0.0/0</pre>
+    <p>These custom chains then do matching based on the TAP device
+       name, so they won't open holes in the admin defined matches for
+       the LAN/WAN (if any).
+    </p>
+    <pre>
+Chain libvirt-host-in (1 references)
+  target     prot opt in     out     source               destination
+  HI-vnet0   all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] PHYSDEV match --physdev-in vnet0
+
+Chain libvirt-in (1 references)
+  target     prot opt in     out     source               destination
+  FI-vnet0   all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] PHYSDEV match --physdev-in vnet0
+
+Chain libvirt-in-post (1 references)
+  target     prot opt in     out     source               destination
+  ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-in vnet0
+
+Chain libvirt-out (1 references)
+  target     prot opt in     out     source               destination
+  FO-vnet0   all  --  *      *       0.0.0.0/0            0.0.0.0/0           [goto] PHYSDEV match --physdev-out vnet0</pre>
+    <p>Finally, we can see the interesting bit which is the actual
+       implementation of my filter to block port 25 access:
+    </p>
+    <pre>
+Chain FI-vnet0 (1 references)
+  target     prot opt in     out     source               destination
+  DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25
+
+Chain FO-vnet0 (1 references)
+  target     prot opt in     out     source               destination
+  DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:25
+
+Chain HI-vnet0 (1 references)
+  target     prot opt in     out     source               destination
+  DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25</pre>
+    <p>One thing in looking at this you may notice is that if there
+       are many guests all using the same filters, we will be duplicating
+       the iptables rules over and over for each guest. This is merely a
+       limitation of the current rules engine implementation. At the libvirt
+       object modelling level you can clearly see we've designed the model
+       so filter rules are defined in one place, and indirectly referenced
+       by guests. Thus it should be possible to change the implementation in
+       the future so we can share the actual iptables/ebtables rules for
+       each guest to create a more scalable system. The stuff in current libvirt
+       is more or less the very first working implementation we've had of this,
+       so there's not been much optimization work done yet.
+    </p>
+    <p>Also notice that at the XML level we don't expose the fact we
+       are using iptables or ebtables at all. The rule definition is done in
+       terms of network protocols. Thus if we ever find a need, we could
+       plug in an alternative implementation that calls out to a different
+       firewall implementation instead of ebtables/iptables (providing that
+       implementation was suitably expressive of course)
+    </p>
+    <p>Finally, in terms of problems we have in deployment. The biggest
+       problem is that if the admin does <code>service iptables restart</code>
+       all our work gets blown away. We've experimented with using lokkit
+       to record our custom rules in a persistent config file, but that
+       caused different problem. Admins who were not using lokkit for
+       their config found that all their own rules got blown away. So
+       we threw away our lokkit code. Instead we document that if you
+       run <code>service iptables restart</code>, you need to send SIGHUP to
+       libvirt to make it recreate its rules.
+    </p>
+    <p>More in depth documentation on this is <a href="formatnwfilter.html">here</a>.</p>
+  </body>
+</html>
--- a/docs/formatcaps.html.in
+++ b/docs/formatcaps.html.in
@ -22,6 +22,7 @@ BIOS you will see</p>
        &lt;vmx/&gt;
      &lt;/features&gt;
      &lt;model&gt;core2duo&lt;/model&gt;
+      &lt;vendor&gt;Intel&lt;/vendor&gt;
      &lt;topology sockets="1" cores="2" threads="1"/&gt;
      &lt;feature name="lahf_lm"/&gt;
      &lt;feature name='xtpr'/&gt;
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@ -79,6 +79,8 @@
    &lt;type&gt;hvm&lt;/type&gt;
    &lt;loader&gt;/usr/lib/xen/boot/hvmloader&lt;/loader&gt;
    &lt;boot dev='hd'/&gt;
+    &lt;boot dev='cdrom'/&gt;
+    &lt;bootmenu enable='yes'/&gt;
  &lt;/os&gt;
  ...</pre>

@ -104,6 +106,12 @@
        times to setup a priority list of boot devices to try in turn.
        <span class="since">Since 0.1.3</span>
      </dd>
+      <dt><code>bootmenu</code></dt>
+      <dd> Whether or not to enable an interactive boot menu prompt on guest
+      startup. The <code>enable</code> attribute can be either "yes" or "no".
+      If not specified, the hypervisor default is used. <span class="since">
+      Since 0.8.3</span>
+      </dd>
    </dl>

    <h4><a name="elementsOSBootloader">Host bootloader</a></h4>
@ -186,7 +194,13 @@
  &lt;memoryBacking&gt;
    &lt;hugepages/&gt;
  &lt;/memoryBacking&gt;
-  &lt;vcpu&gt;1&lt;/vcpu&gt;
+  &lt;memtune&gt;
+    &lt;hard_limit&gt;1048576&lt;/hard_limit&gt;
+    &lt;soft_limit&gt;131072&lt;/soft_limit&gt;
+    &lt;swap_hard_limit&gt;2097152&lt;/swap_hard_limit&gt;
+    &lt;min_guarantee&gt;65536&lt;/min_guarantee&gt;
+  &lt;/memtune&gt;
+  &lt;vcpu cpuset="1-4,^3,6" current="1"&gt;2&lt;/vcpu&gt;
  ...</pre>

    <dl>
@ -203,9 +217,40 @@
        <code>hugepages</code> element set within it. This tells the
        hypervisor that the guest should have its memory allocated using
        hugepages instead of the normal native page size.</dd>
+      <dt><code>memtune</code></dt>
+      <dd> The optional <code>memtune</code> element provides details
+      regarding the memory tuneable parameters for the domain. If this is
+      omitted, it defaults to the OS provided defaults.</dd>
+      <dt><code>hard_limit</code></dt>
+      <dd> The optional <code>hard_limit</code> element is the maximum memory
+	the guest can use. The units for this value are kilobytes (i.e. blocks
+	of 1024 bytes)</dd>
+      <dt><code>soft_limit</code></dt>
+      <dd> The optional <code>soft_limit</code> element is the memory limit to
+	enforce during memory contention. The units for this value are
+	kilobytes (i.e. blocks of 1024 bytes)</dd>
+      <dt><code>swap_hard_limit</code></dt>
+      <dd> The optional <code>swap_hard_limit</code> element is the maximum
+	swap the guest can use. The units for this value are kilobytes
+	(i.e. blocks of 1024 bytes)</dd>
+      <dt><code>min_guarantee</code></dt>
+      <dd> The optional <code>min_guarantee</code> element is the guaranteed
+	minimum memory allocation for the guest. The units for this value are
+	kilobytes (i.e. blocks of 1024 bytes)</dd>
      <dt><code>vcpu</code></dt>
-      <dd>The content of this element defines the number of virtual
-        CPUs allocated for the guest OS.</dd>
+      <dd>The content of this element defines the maximum number of virtual
+        CPUs allocated for the guest OS, which must be between 1 and
+        the maximum supported by the hypervisor.  <span class="since">Since
+        0.4.4</span>, this element can contain an optional
+        <code>cpuset</code> attribute, which is a comma-separated
+        list of physical CPU numbers that virtual CPUs can be pinned
+        to.  Each element in that list is either a single CPU number,
+        a range of CPU numbers, or a caret followed by a CPU number to
+        be excluded from a previous range.  <span class="since">Since
+        0.8.5</span>, the optional attribute <code>current</code> can
+        be used to specify whether fewer than the maximum number of
+        virtual CPUs should be enabled.
+      </dd>
    </dl>

    <h3><a name="elementsCPU">CPU model and topology</a></h3>
@ -220,6 +265,7 @@
  ...
  &lt;cpu match='exact'&gt;
    &lt;model&gt;core2duo&lt;/model&gt;
+    &lt;vendor&gt;Intel&lt;/vendor&gt;
    &lt;topology sockets='1' cores='2' threads='1'/&gt;
    &lt;feature policy='disable' name='lahf_lm'/&gt;
  &lt;/cpu&gt;
@ -259,6 +305,9 @@
          <dd>The guest will not be created unless the host CPU does exactly
            match the specification.</dd>
        </dl>
+
+	<span class="since">Since 0.8.5</span> the <code>match</code>
+	attribute can be omitted and will default to <code>exact</code>.
      </dd>

      <dt><code>model</code></dt>
@ -267,6 +316,13 @@
        definition can be found in <code>cpu_map.xml</code> file installed
        in libvirt's data directory.</dd>

+      <dt><code>vendor</code></dt>
+      <dd><span class="since">Since 0.8.3</span> the content of the
+        <code>vendor</code> element specifies CPU vendor requested by the
+        guest. If this element is missing, the guest can be run on a CPU
+        matching given features regardless on its vendor. The list of
+        supported vendors can be found in <code>cpu_map.xml</code>.</dd>
+
      <dt><code>topology</code></dt>
      <dd>The <code>topology</code> element specifies requested topology of
        virtual CPU provided to the guest. Three non-zero values have to be
@ -298,6 +354,9 @@
          <dd>Guest creation will fail if the feature is supported by host
            CPU.</dd>
        </dl>
+
+	<span class="since">Since 0.8.5</span> the <code>policy</code>
+	attribute can be omitted and will default to <code>require</code>.
      </dd>
    </dl>

@ -350,6 +409,21 @@
        a new name</dd>
    </dl>

+    <p>
+      on_crash supports these additional
+      actions <span class="since">since 0.8.4</span>.
+    </p>
+
+    <dl>
+      <dt><code>coredump-destroy</code></dt>
+      <dd>The crashed domain's core will be dumped, and then the
+        domain will be terminated completely and all resources
+        released</dd>
+      <dt><code>coredump-restart</code></dt>
+      <dd>The crashed domain's core will be dumped, and then the
+        domain will be restarted with the same configuration</dd>
+    </dl>
+
    <h3><a name="elementsFeatures">Hypervisor features</a></h3>

    <p>
@ -395,13 +469,18 @@

 <pre>
  ...
-  &lt;clock offset="localtime"/&gt;
+  &lt;clock offset="localtime"&gt;
+    &lt;timer name="rtc" tickpolicy="catchup" track="guest"&gt;
+      &lt;catchup threshold=123 slew=120 limit=10000/&gt;
+    &lt;/timer&gt;
+    &lt;timer name="pit" tickpolicy="none"/&gt;
+  &lt;/clock&gt;
  ...</pre>

    <dl>
      <dt><code>clock</code></dt>
      <dd>
-	<p>The <code>offset</code> attribute takes three possible
+	<p>The <code>offset</code> attribute takes four possible
 	  values, allowing fine grained control over how the guest
 	  clock is synchronized to the host. NB, not all hypervisors
 	  support all modes.</p>
@ -419,6 +498,7 @@
 	  <dd>
 	    The guest clock will be synchronized to the requested timezone
 	    using the <code>timezone</code> attribute.
+	    <span class="since">Since 0.7.7</span>
 	  </dd>
 	  <dt><code>variable</code></dt>
 	  <dd>
@ -428,14 +508,74 @@
 	    The guest is free to adjust the RTC over time an expect
 	    that it will be honoured at next reboot. This is in
 	    contrast to 'utc' mode, where the RTC adjustments are
-	    lost at each reboot.
+	    lost at each reboot. <span class="since">Since 0.7.7</span>
 	  </dd>
 	</dl>
 	<p>
-	  NB, at time of writing, only QEMU supports the variable
-	  clock mode, or custom timezones.
+	  A <code>clock</code> may have zero or more
+	  <code>timer</code>sub-elements. <span class="since">Since
+	  0.8.0</span>
 	</p>
      </dd>
+      <dt><code>timer</code></dt>
+      <dd>
+	<p>
+	  Each timer element requires a <code>name</code> attribute,
+	  and has other optional attributes that depend on
+	  the <code>name</code> specified.  Various hypervisors
+	  support different combinations of attributes.
+	</p>
+	<dl>
+	  <dt><code>name</code></dt>
+	  <dd>
+	    The <code>name</code> attribute selects which timer is
+	    being modified, and can be one of "platform", "pit",
+	    "rtc", "hpet", or "tsc".
+	  </dd>
+	  <dt><code>track</code></dt>
+	  <dd>
+	    The <code>track</code> attribute specifies what the timer
+	    tracks, and can be "boot", "guest", or "wall".
+	    Only valid for <code>name="rtc"</code>
+	    or <code>name="platform"</code>.
+	  </dd>
+	  <dt><code>tickpolicy</code></dt>
+	  <dd>
+	    The <code>tickpolicy</code> attribute determines how
+	    missed ticks in the guest are handled, and can be "delay",
+	    "catchup", "merge", or "discard".  If the policy is
+	    "catchup", there can be further details in
+	    the <code>catchup</code> sub-element.
+	    <dl>
+	      <dt><code>catchup</code></dt>
+	      <dd>
+		The <code>catchup</code> element has three optional
+		attributes, each a positive integer.  The attributes
+		are <code>threshold</code>, <code>slew</code>,
+		and <code>limit</code>.
+	      </dd>
+	    </dl>
+	  </dd>
+	  <dt><code>frequency</code></dt>
+	  <dd>
+	    The <code>frequency</code> attribute is an unsigned
+	    integer specifying the frequency at
+	    which <code>name="tsc"</code> runs.
+	  </dd>
+	  <dt><code>mode</code></dt>
+	  <dd>
+	    The <code>mode</code> attribute controls how
+	    the <code>name="tsc"</code> timer is managed, and can be
+	    "auto", "native", "emulate", "paravirt", or "smpsafe".
+	    Other timers are always emulated.
+	  </dd>
+	  <dt><code>present</code></dt>
+	  <dd>
+	    The <code>present</code> attribute can be "yes" or "no" to
+	    specify whether a particular timer is available to the guest.
+	  </dd>
+	</dl>
+      </dd>
    </dl>

    <h3><a name="elementsDevices">Devices</a></h3>
@ -1116,8 +1256,16 @@ qemu-kvm -net nic,model=? /dev/null

    <p>
      This represents the primary console. This can be the paravirtualized
-      console with Xen guests, or duplicates the primary serial port for fully
-      virtualized guests without a paravirtualized console.
+      console with Xen guests, virtio console for QEMU/KVM, or duplicates
+      the primary serial port for fully virtualized guests without a
+      paravirtualized console.
+    </p>
+
+    <p>
+      A virtio console device is exposed in the
+      guest as /dev/hvc[0-7] (for more information, see
+      <a href="http://fedoraproject.org/wiki/Features/VirtioSerial">http://fedoraproject.org/wiki/Features/VirtioSerial</a>)
+      <span class="since">Since 0.8.3</span>
    </p>

 <pre>
@ -1127,6 +1275,12 @@ qemu-kvm -net nic,model=? /dev/null
      &lt;source path='/dev/pts/4'/&gt;
      &lt;target port='0'/&gt;
    &lt;/console&gt;
+
+    &lt;!-- KVM virtio console --&gt;
+    &lt;console type='pty'&gt;
+      &lt;source path='/dev/pts/5'/&gt;
+      &lt;target type='virtio' port='0'/&gt;
+    &lt;/console&gt;
  &lt;/devices&gt;
  ...</pre>

@ -1150,6 +1304,11 @@ qemu-kvm -net nic,model=? /dev/null
      &lt;source mode='bind' path='/tmp/guestfwd'/&gt;
      &lt;target type='guestfwd' address='10.0.2.1' port='4600'/&gt;
    &lt;/channel&gt;
+
+    &lt;!-- KVM virtio channel --&gt;
+    &lt;channel type='pty'&gt;
+      &lt;target type='virtio' name='arbitrary.virtio.serial.port.name'/&gt;
+    &lt;/channel&gt;
  &lt;/devices&gt;
  ...</pre>

@ -1166,6 +1325,13 @@ qemu-kvm -net nic,model=? /dev/null
        forwarded to the channel device on the host. The <code>target</code>
        element must have <code>address</code> and <code>port</code> attributes.
        <span class="since">Since 0.7.3</span></dd>
+
+      <dt><code>virtio</code></dt>
+      <dd>Paravirtualized virtio channel. Channel is exposed in the guest under
+        /dev/vport*, and if the optional element<code>name</code> is specified,
+        /dev/virtio-ports/$name (for more info, please see
+        <a href="http://fedoraproject.org/wiki/Features/VirtioSerial">http://fedoraproject.org/wiki/Features/VirtioSerial</a>)
+        <span class="since">Since 0.7.7</span></dd>
    </dl>

    <h5><a name="elementsCharHostInterface">Host interface</a></h5>
@ -1338,7 +1504,9 @@ qemu-kvm -net nic,model=? /dev/null
  ...</pre>

    <p>
-      Alternatively you can use telnet instead of raw TCP.
+      Alternatively you can use <code>telnet</code> instead of <code>raw</code> TCP.
+      <span class="since">Since 0.8.5</span> you can also use <code>telnets</code>
+      (secure telnet) and <code>tls</code>.
    <p>

 <pre>
@ -1498,6 +1666,56 @@ qemu-kvm -net nic,model=? /dev/null
      </dd>
    </dl>

+    <h4><a name="elementsMemBalloon">Memory balloon device</a></h4>
+
+    <p>
+      A virtual memory balloon device is added to all Xen and KVM/QEMU
+      guests. It will be seen as <code>memballoon</code> element.
+      It will be automatically added when appropriate, so there is no
+      need to explicitly add this element in the guest XML unless a
+      specific PCI slot needs to be assigned.
+      <span class="since">Since 0.8.3, Xen, QEMU and KVM only</span>
+      Additionally, <span class="since">since 0.8.4</span>, if the
+      memballoon device needs to be explicitly disabled,
+      <code>model='none'</code> may be used.
+    </p>
+
+    <p>
+      Example automatically added device with KVM
+    </p>
+<pre>
+  ...
+  &lt;devices&gt;
+    &lt;memballoon model='virtio'/&gt;
+  &lt;/devices&gt;
+  ...</pre>
+
+    <p>
+      Example manually added device with static PCI slot 2 requested
+    </p>
+<pre>
+  ...
+  &lt;devices&gt;
+    &lt;watchdog model='virtio'/&gt;
+    &lt;address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/&gt;
+  &lt;/devices&gt;
+&lt;/domain&gt;</pre>
+
+    <dl>
+      <dt><code>model</code></dt>
+      <dd>
+        <p>
+          The required <code>model</code> attribute specifies what type
+	  of balloon device is provided. Valid values are specific to
+	  the virtualization platform
+        </p>
+        <ul>
+          <li>'virtio' &mdash; default with QEMU/KVM</li>
+          <li>'xen' &mdash; default with Xen</li>
+        </ul>
+      </dd>
+    </dl>
+
    <h2><a name="examples">Example configs</a></h2>

    <p>
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@ -388,6 +388,11 @@
         <td>UINT16 (0x600-0xffff), STRING</td>
         <td>Layer 3 protocol ID</td>
       </tr>
+       <tr>
+         <td>comment <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>text with max. 256 characters</td>
+       </tr>
      </table>
    <p>
      Valid Strings for <code>protocolid</code> are: arp, rarp, ipv4, ipv6
@ -466,6 +471,11 @@
         <td>IP_ADDR</td>
         <td>Destination IP address in ARP/RARP packet</td>
       </tr>
+       <tr>
+         <td>comment <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>text with max. 256 characters</td>
+       </tr>
      </table>
    <p>
      Valid strings for the <code>Opcode</code> field are:
@ -551,6 +561,11 @@
         <td>UINT16</td>
         <td>End of range of valid destination ports; requires <code>protocol</code></td>
       </tr>
+       <tr>
+         <td>comment <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>text with max. 256 characters</td>
+       </tr>
      </table>
    <p>
      Valid strings for <code>protocol</code> are:
@ -636,6 +651,11 @@
         <td>UINT16</td>
         <td>End of range of valid destination ports; requires <code>protocol</code></td>
       </tr>
+       <tr>
+         <td>comment <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>text with max. 256 characters</td>
+       </tr>
      </table>
    <p>
      Valid strings for <code>protocol</code> are:
@ -723,6 +743,16 @@
         <td>UINT16</td>
         <td>End of range of valid destination ports</td>
       </tr>
+       <tr>
+         <td>comment <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>text with max. 256 characters</td>
+       </tr>
+       <tr>
+         <td>state <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
+       </tr>
      </table>
    <p>
      <br><br>
@ -813,6 +843,16 @@
         <td>UINT16</td>
         <td>ICMP code</td>
       </tr>
+       <tr>
+         <td>comment <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>text with max. 256 characters</td>
+       </tr>
+       <tr>
+         <td>state <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
+       </tr>
      </table>
    <p>
      <br><br>
@ -892,6 +932,16 @@
         <td>IP_ADDR</td>
         <td>End of range of destination IP address</td>
       </tr>
+       <tr>
+         <td>comment <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>text with max. 256 characters</td>
+       </tr>
+       <tr>
+         <td>state <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
+       </tr>
      </table>
    <p>
      <br><br>
@ -978,6 +1028,16 @@
         <td>UINT16</td>
         <td>End of range of valid destination ports</td>
       </tr>
+       <tr>
+         <td>comment <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>text with max. 256 characters</td>
+       </tr>
+       <tr>
+         <td>state <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
+       </tr>
      </table>
    <p>
      <br><br>
@ -1054,6 +1114,16 @@
         <td>UINT16</td>
         <td>ICMPv6 code</td>
       </tr>
+       <tr>
+         <td>comment <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>text with max. 256 characters</td>
+       </tr>
+       <tr>
+         <td>state <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
+       </tr>
      </table>
    <p>
      <br><br>
@ -1118,7 +1188,16 @@
         <td>IPV6_ADDR</td>
         <td>End of range of destination IP address</td>
       </tr>
-
+       <tr>
+         <td>comment <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>text with max. 256 characters</td>
+       </tr>
+       <tr>
+         <td>state <span class="since">(Since 0.8.5)</span></td>
+         <td>STRING</td>
+         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
+       </tr>
      </table>
    <p>
      <br><br>
@ -1379,7 +1458,8 @@
     <li>prevents a VM's interface from MAC, IP and ARP spoofing</li>
     <li>opens only TCP ports 22 and 80 of a VM's interface</li>
     <li>allows the VM to send ping traffic from an interface
-        but no let the VM be pinged on the interface</li>
+        but not let the VM be pinged on the interface</li>
+     <li>allows the VM to do DNS lookups (UDP towards port 53)</li>
    </ul>
    <p>
     The requirement to prevent spoofing is fulfilled by the existing
@ -1421,6 +1501,11 @@
    &lt;icmp/&gt;
  &lt;/rule&gt;

+  &lt;!-- enable outgoing DNS lookups using UDP --&gt;
+  &lt;rule action='accept' direction='out'&gt;
+    &lt;udp dstportstart='53'/&gt;
+  &lt;/rule&gt;
+
  &lt;!-- drop all other traffic --&gt;
  &lt;rule action='drop' direction='inout'&gt;
    &lt;all/&gt;
@ -1467,6 +1552,178 @@
  &lt;/rule&gt;
 </pre>

+    <h3><a name="nwfwriteexample2nd">Second example custom filter</a></h3>
+    <p>
+     In this example we now want to build a similar filter as in the
+     example above, but extend the list of requirements with an
+     ftp server located inside the VM. Further, we will be using features
+     that have been added in <span class="since">version 0.8.5</span>.
+     The requirements for this filter are:
+    </p>
+    <ul>
+     <li>prevents a VM's interface from MAC, IP and ARP spoofing</li>
+     <li>opens only TCP ports 22 and 80 of a VM's interface</li>
+     <li>allows the VM to send ping traffic from an interface
+        but not let the VM be pinged on the interface</li>
+     <li>allows the VM to do DNS lookups (UDP towards port 53)</li>
+     <li>enable an ftp server (in active mode) to be run inside the VM
+    </ul>
+    <p>
+     The additional requirement of allowing an ftp server to be run inside
+     the VM maps into the requirement of allowing port 21 to be reachable
+     for ftp control traffic as well as enabling the VM to establish an
+     outgoing tcp connection originating from the VM's TCP port 20 back to
+     the ftp client (ftp active mode). There are several ways of how this
+     filter can be written and we present 2 solutions.
+     <br><br>
+     The 1st solution makes use of the <code>state</code> attribute of
+     the TCP protocol that gives us a hook into the connection tracking
+     framework of the Linux host. For the VM-initiated ftp data connection
+     (ftp active mode) we use the <code>RELATED</code> state that allows
+     us to detect that the VM-initiated ftp data connection is a consequence of
+     ( or 'has a relationship with' ) an existing ftp control connection,
+     thus we want to allow it to let packets
+     pass the firewall. The <code>RELATED</code> state, however, is only
+     valid for the very first packet of the outgoing TCP connection for the
+     ftp data path. Afterwards, the state to compare against is
+     <code>ESTABLISHED</code>, which then applies equally
+     to the incoming and outgoing direction. All this is related to the ftp
+     data traffic originating from TCP port 20 of the VM. This then leads to
+     the following solution
+     <span class="since">(since 0.8.5 (Qemu, KVM, UML))</span>:
+    </p>
+<pre>
+&lt;filter name='test-eth0'&gt;
+  &lt;!-- reference the clean traffic filter to prevent
+       MAC, IP and ARP spoofing. By not providing
+       and IP address parameter, libvirt will detect the
+       IP address the VM is using. --&gt;
+  &lt;filterref filter='clean-traffic'/&gt;
+
+  &lt;!-- enable TCP port 21 (ftp-control) to be reachable --&gt;
+  &lt;rule action='accept' direction='in'&gt;
+    &lt;tcp dstportstart='21'/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- enable TCP port 20 for VM-initiated ftp data connection
+       related to an existing ftp control connection --&gt;
+  &lt;rule action='accept' direction='out'&gt;
+    &lt;tcp srcportstart='20' state='RELATED,ESTABLISHED'/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- accept all packets from client on the ftp data connection --&gt;
+  &lt;rule action='accept' direction='in'&gt;
+    &lt;tcp dstportstart='20' state='ESTABLISHED'/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- enable TCP ports 22 (ssh) and 80 (http) to be reachable --&gt;
+  &lt;rule action='accept' direction='in'&gt;
+    &lt;tcp dstportstart='22'/&gt;
+  &lt;/rule&gt;
+
+  &lt;rule action='accept' direction='in'&gt;
+    &lt;tcp dstportstart='80'/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- enable general ICMP traffic to be initiated by the VM;
+       this includes ping traffic --&gt;
+  &lt;rule action='accept' direction='out'&gt;
+    &lt;icmp/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- enable outgoing DNS lookups using UDP --&gt;
+  &lt;rule action='accept' direction='out'&gt;
+    &lt;udp dstportstart='53'/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- drop all other traffic --&gt;
+  &lt;rule action='drop' direction='inout'&gt;
+    &lt;all/&gt;
+  &lt;/rule&gt;
+
+&lt;/filter&gt;
+</pre>
+    <p>
+     Before trying out a filter using the <code>RELATED</code> state,
+     you have to make sure that the approriate connection tracking module
+     has been loaded into the host's kernel. Depending on the version of the
+     kernel, you must run either one of the following two commands before
+     the ftp connection with the VM is established.
+    </p>
+<pre>
+    modprobe nf_conntrack_ftp   # where available  or
+
+    modprobe ip_conntrack_ftp   # if above is not available
+</pre>
+    <p>
+     If other protocols than ftp are to be used in conjunction with the
+     <code>RELATED</code> state, their corresponding module must be loaded.
+     Modules exist at least for the protocols ftp, tftp, irc, sip,
+     sctp, and amanda.
+    </p>
+    <p>
+     The 2nd solution makes uses the state flags of connections more
+     than the previous solution did.
+     In this solution we take advantage of the fact that the
+     <code>NEW</code> state of a connection is valid when the very
+     first packet of a traffic flow is seen. Subsequently, if the very first
+     packet of a flow is accepted, the flow becomes a connection and enters
+     the <code>ESTABLISHED</code> state. This allows us to write a general
+     rule for allowing packets of <code>ESTABLISHED</code> connections to
+     reach the VM or be sent by the VM.
+     We write specific rules for the very first packets identified by the
+     <code>NEW</code> state and for which ports they are acceptable. All
+     packets for ports that are not explicitly accepted will be dropped and
+     therefore the connection will not go into the <code>ESTABLISHED</code>
+     state and any subsequent packets be dropped.
+    </p>
+
+<pre>
+&lt;filter name='test-eth0'&gt;
+  &lt;!-- reference the clean traffic filter to prevent
+       MAC, IP and ARP spoofing. By not providing
+       and IP address parameter, libvirt will detect the
+       IP address the VM is using. --&gt;
+  &lt;filterref filter='clean-traffic'/&gt;
+
+  &lt;!-- let the packets of all previously accepted connections reach the VM --&gt;
+  &lt;rule action='accept' direction='in'&gt;
+    &lt;all state='ESTABLISHED'/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- let the packets of all previously accepted and related connections be sent from the VM --&gt;
+  &lt;rule action='accept' direction='out'&gt;
+    &lt;all state='ESTABLISHED,RELATED'/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- enable traffic towards port 21 (ftp), 22 (ssh) and 80 (http) --&gt;
+  &lt;rule action='accept' direction='in'&gt;
+    &lt;tcp dstportstart='21' dstportend='22' state='NEW'/&gt;
+  &lt;/rule&gt;
+
+  &lt;rule action='accept' direction='in'&gt;
+    &lt;tcp dstportstart='80' state='NEW'/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- enable general ICMP traffic to be initiated by the VM;
+       this includes ping traffic --&gt;
+  &lt;rule action='accept' direction='out'&gt;
+    &lt;icmp state='NEW'/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- enable outgoing DNS lookups using UDP --&gt;
+  &lt;rule action='accept' direction='out'&gt;
+    &lt;udp dstportstart='53' state='NEW'/&gt;
+  &lt;/rule&gt;
+
+  &lt;!-- drop all other traffic --&gt;
+  &lt;rule action='drop' direction='inout'&gt;
+    &lt;all/&gt;
+  &lt;/rule&gt;
+
+&lt;/filter&gt;
+
+</pre>

    <h2><a name="nwflimits">Limitations</a></h2>
    <p>
--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@ -70,6 +70,8 @@
        &lt;source&gt;
          &lt;host name="iscsi.example.com"/&gt;
          &lt;device path="demo-target"/&gt;
+          &lt;vendor name="Acme"/&gt;
+          &lt;product name="model"/&t;
        &lt;/source&gt;
        ...</pre>

@ -108,6 +110,16 @@
        type, or network filesystem type, or partition table type, or
        LVM metadata type. All drivers are required to have a default
        value for this, so it is optional. <span class="since">Since 0.4.1</span></dd>
+
+      <dt><code>vendor</code></dt>
+      <dd>Provides optional information about the vendor of the
+        storage device. This contains a single
+        attribute <code>name</code> whose value is backend
+        specific. <span class="since">Since 0.8.4</span></dd>
+      <dt><code>product</code></dt>
+      <dd>Provides an optional product name of the storage device.
+        This contains a single attribute <code>name</code> whose value
+        is backend specific.  <span class="since">Since 0.8.4</span></dd>
    </dl>

    <h3><a name="StoragePoolTarget">Target elements</a></h3>
--- a/docs/hacking.html.in
+++ b/docs/hacking.html.in
@ -389,7 +389,30 @@
 </pre></li>
    </ul>

+    <h2><a name="file_handling">File handling</a></h2>

+    <p>
+      Use of the close() API is deprecated in libvirt code base to help
+      avoiding double-closing of a file descriptor. Instead of this API,
+      use the macro from files.h
+    </p>
+
+    <ul>
+      <li><p>eg close a file descriptor</p>
+
+<pre>
+       if (VIR_CLOSE(fd) &lt; 0) {
+           virReportSystemError(errno, _("failed to close file"));
+       }
+</pre></li>
+
+      <li><p>eg close a file descriptor in an error path, without losing
+             the previous errno value</p>
+
+<pre>
+       VIR_FORCE_CLOSE(fd);
+</pre></li>
+    </ul>

    <h2><a name="string_comparision">String comparisons</a></h2>

--- a/docs/hooks.html.in
+++ b/docs/hooks.html.in
@ -2,69 +2,184 @@
 <html>
  <body>
    <h1>Hooks for specific system management</h1>
-    <p>Libvirt includes synchronous hooks, starting from version 0.8.0, as a
-       way to tie in specific tailored system actions at a specific time.
-       If these scripts are present on the host where the hypervisor
-       is running, then they are called when the libvirt daemon is doingi
-       some significant action.</p>
-    <p>The scripts are expected to execute quickly, return a zero exit
-       status if all conditions are set for the daemon to continue the
-       action (non zero will be considered a failure which may
-       be ignored but in general will stop the ongoing operation).
-       The script also should not call back into libvirt as the daemon
-       is waiting for the script exit and deadlock is likely to occur.</p>
-    <p>The scripts are stored in the directory <code>/etc/libvirt/hooks/</code>
-       when using a standard installation path
-       (<code>$SYSCONF_DIR/libvirt/hooks/</code> in general).</p>
-    <p>Each script is given the following command line arguments:</p>
-       <ul>
-         <li> the first argument is the name of the object involved in the
-              operation, or '-' if there is none.
-         <li> the second argument is the name of the operation.
-         <li> the third argument is a suboperation indication like 'start' or
-              'end', or '-' if there is none.
-         <li> the last argument is an extra argument string or '-' if there
-              is none.
-       </ul>
-    <p>There are currently scripts for 3 domains of operation:
+
+    <ul id="toc"></ul>
+
+    <h2><a name="intro">Custom event scripts</a></h2>
+    <p>Beginning with libvirt 0.8.0, specific events on a host system will
+       trigger custom scripts.</p>
+    <p>These custom <b>hook</b> scripts are executed when any of the following
+       actions occur:</p>
    <ul>
-      <li><p><code>/etc/libvirt/hooks/daemon</code> script if
-          present is called at 3 points in time:</p>
-          <p>at daemon startup, typically started with the following
-             arguments:</p>
-                <pre>/etc/libvirt/hooks/daemon - start - start</pre>
-            <p>at daemon shutdown when it is about to exit, with the following
-                arguments:</p>
-                <pre>/etc/libvirt/hooks/daemon - shutdown - shutdown</pre>
-            <p>When the daemon is asked to reload its driver state when
-                receiving the SIGHUP signal, arguments are:</p>
-                <pre>/etc/libvirt/hooks/daemon - reload begin SIGHUP</pre>
-          </li>
-      <li><p><code>/etc/libvirt/hooks/qemu</code> script and <br/>
-             <code>/etc/libvirt/hooks/lxc</code> associate hooks for domain
-             operation on the respective QEmu/KVM and LXC drivers.</p>
-          <p> The domain related hooks also receive the full XML description
-              for the concerned domain on their stdin, which allows them to get
-              all the information from the domain, including UUID or storage
-              if that is needed for the script operation.</p>
-          <p> Currently only domain startup and domain end operations
-              involve the hook, the first one just before the domain gets
-              created.
-              For example if starting a QEmu domain named <code>test</code>
-              the following script will get called:</p>
-              <pre>/etc/libvirt/hooks/qemu test start begin -</pre>
-          <p> note that a non-zero return value from the script will abort the
-              domain startup operation, and if an error string is passed on
-              stderr by the hook script, it will be provided back to the user
-              at the libvirt API level.</p>
-          <p> For domain shutdown, the script will be called just after the
-              domain has finished execution, and the script will get:</p>
-              <pre>/etc/libvirt/hooks/qemu test stopped end -</pre>
-          <p> It is expected that other operations will be associated to hooks
-              but at the time of 0.8.0 only those 2 are associated to the
-              domains life cycle</p>
-          </li>
+      <li>The libvirt daemon starts, stops, or reloads its
+          configuration<br/><br/></li>
+      <li>A QEMU guest is started or stopped<br/><br/></li>
+      <li>An LXC guest is started or stopped<br/><br/></li>
    </ul>
-    <p></p>
+
+    <h2><a name="location">Script location</a></h2>
+    <p>The libvirt hook scripts are located in the directory
+       <code>$SYSCONF_DIR/libvirt/hooks/</code>.</p>
+    <ul>
+      <li>In Linux distributions such as Fedora and RHEL, this is
+          <code>/etc/libvirt/hooks/</code>.  Other Linux distributions may do
+          this differently.</li>
+      <li>If your installation of libvirt has instead been compiled from
+          source, it is likely to be
+          <code>/usr/local/etc/libvirt/hooks/</code>.</li>
+    </ul>
+    <p>To use hook scripts, you will need to create this <code>hooks</code>
+       directory manually, place the desired hook scripts inside, then make
+       them executable.</p>
+    <br/>
+
+    <h2><a name="names">Script names</a></h2>
+    <p>At present, there are three hook scripts that can be called:</p>
+    <ul>
+      <li><code>/etc/libvirt/hooks/daemon</code><br/><br/>
+          Executed when the libvirt daemon is started, stopped, or reloads
+          its configuration<br/><br/></li>
+      <li><code>/etc/libvirt/hooks/qemu</code><br/><br/>
+          Executed when a QEMU guest is started, stopped, or migrated<br/><br/></li>
+      <li><code>/etc/libvirt/hooks/lxc</code><br /><br/>
+          Executed when an LXC guest is started or stopped</li>
+    </ul>
+    <br/>
+
+    <h2><a name="structure">Script structure</a></h2>
+    <p>The hook scripts are executed using standard Linux process creation
+       functions.  Therefore, they must begin with the declaration of the
+       command interpreter to use.</p>
+    <p>For example:</p>
+    <pre>#!/bin/bash</pre>
+    <p>or:</p>
+    <pre>#!/usr/bin/python</pre>
+    <p>Other command interpreters are equally valid, as is any executable
+       binary, so you are welcome to use your favourite languages.</p>
+    <br/>
+
+    <h2><a name="arguments">Script arguments</a></h2>
+    <p>The hook scripts are called with specific command line arguments,
+       depending upon the script, and the operation being performed.</p>
+    <p>The guest hook scripts, qemu and lxc, are also given the <b>full</b>
+       XML description for the domain on their stdin. This includes items
+       such the UUID of the domain and its storage information, and is
+       intended to provide all the libvirt information the script needs.</p>
+
+    <p>The command line arguments take this approach:</p>
+    <ol>
+      <li>The first argument is the name of the <b>object</b> involved in the
+          operation, or '-' if there is none.<br/><br/>
+          For example, the name of a guest being started.<br/><br/></li>
+      <li>The second argument is the name of the <b>operation</b> being
+          performed.<br/><br/>
+          For example, "start" if a guest is being started.<br/><br/></li>
+      <li>The third argument is a <b>sub-operation</b> indication, or '-' if there
+          is none.<br/><br/></li>
+      <li>The last argument is an <b>extra argument</b> string, or '-' if there is
+          none.</li>
+    </ol>
+
+    <h4><a name="arguments_specifics">Specifics</a></h4>
+    <p>This translates to the following specifics for each hook script:</p>
+
+    <h5><a name="daemon">/etc/libvirt/hooks/daemon</a></h5>
+    <ul>
+      <li>When the libvirt daemon is started, this script is called as:<br/>
+          <pre>/etc/libvirt/hooks/daemon - start - start</pre></li>
+      <li>When the libvirt daemon is shut down, this script is called as:<br/>
+          <pre>/etc/libvirt/hooks/daemon - shutdown - shutdown</pre></li>
+      <li>When the libvirt daemon receives the SIGHUP signal, it reloads its
+          configuration and triggers the hook script as:<br/>
+          <pre>/etc/libvirt/hooks/daemon - reload begin SIGHUP</pre></li>
+    </ul>
+    <p>Please note that when the libvirt daemon is restarted, the <i>daemon</i>
+       hook script is called once with the "shutdown" operation, and then once
+       with the "start" operation.  There is no specific operation to indicate
+       a "restart" is occurring.</p>
+
+    <h5><a name="qemu">/etc/libvirt/hooks/qemu</a></h5>
+    <ul>
+      <li>When a QEMU guest is started, the qemu hook script is called as:<br/>
+          <pre>/etc/libvirt/hooks/qemu guest_name start begin -</pre></li>
+      <li>When a QEMU guest is stopped, the qemu hook script is called
+          as:<br/>
+          <pre>/etc/libvirt/hooks/qemu guest_name stopped end -</pre></li>
+    </ul>
+
+    <h5><a name="lxc">/etc/libvirt/hooks/lxc</a></h5>
+    <ul>
+      <li>When an LXC guest is started, the lxc hook script is called as:<br/>
+          <pre>/etc/libvirt/hooks/lxc guest_name start begin -</pre></li>
+      <li>When a LXC guest is stopped, the lxc hook script is called
+          as:<br/>
+          <pre>/etc/libvirt/hooks/lxc guest_name stopped end -</pre></li>
+    </ul>
+    <br/>
+
+    <h2><a name="execution">Script execution</a></h2>
+    <ul>
+      <li>The "start" operation for the guest hook scripts, qemu and lxc,
+          executes <b>prior</b> to the guest being created.  This allows the
+          guest start operation to be aborted if the script returns indicating
+          failure.<br/><br/></li>
+      <li>The "shutdown" operation for the guest hook scripts, qemu and lxc,
+          executes <b>after</b> the guest has stopped.  If the hook script
+          indicates failure in its return, the shut down of the guest cannot
+          be aborted because it has already been performed.<br/><br/></li>
+      <li>Hook scripts execute in a synchronous fashion.  Libvirt waits
+          for them to return before continuing the given operation.<br/><br/>
+          This is most noticeable with the guest start operation, as a lengthy
+          operation in the hook script can mean an extended wait for the guest
+          to be available to end users.<br/><br/></li>
+      <li>For a hook script to be utilised, it must have its execute bit set
+          (ie. chmod o+rx <i>qemu</i>), and must be present when the libvirt
+          daemon is started.<br/><br/></li>
+      <li>If a hook script is added to a host after the libvirt daemon is
+          already running, it won't be used until the libvirt daemon
+          next starts.</li>
+    </ul>
+    <br/>
+
+    <h2><a name="qemu_migration">QEMU guest migration</a></h2>
+    <p>Migration of a QEMU guest involves running hook scripts on both the
+       source and destination hosts:</p>
+    <ol>
+      <li>At the beginning of the migration, the <i>qemu</i> hook script on
+          the <b>destination</b> host is executed with the "start"
+          operation.<br/><br/></li>
+      <li>If this hook script returns indicating success (error code 0), the
+          migration continues.  Any other return code indicates failure, and
+          the migration is aborted.<br/><br/></li>
+      <li>The QEMU guest is then migrated to the destination host.<br/>
+          <br/></li>
+      <li>Unless an error occurs during the migration process, the <i>qemu</i>
+          hook script on the <b>source</b> host is then executed with the "stopped"
+          operation, to indicate it is no longer running on this
+          host.<br/><br/>
+          Regardless of the return code from this hook script, the migration
+          is not aborted as it has already been performed.</li>
+    </ol>
+    <br/>
+
+    <h2><a name="recursive">Calling libvirt functions from within a hook script</a></h2>
+    <p><b>DO NOT DO THIS!</b></p>
+    <p>A hook script must not call back into libvirt, as the libvirt daemon
+       is already waiting for the script to exit.</p>
+    <p>A deadlock is likely to occur.</p>
+    <br/>
+
+    <h2><a name="return_codes">Return codes and logging</a></h2>
+    <p>If a hook script returns with an exit code of 0, the libvirt daemon
+       regards this as successful and performs no logging of it.</p>
+    <p>However, if a hook script returns with a non zero exit code, the libvirt
+       daemon regards this as a failure, logs it with return code 256, and
+       additionally logs anything on stderr the hook script returns.</p>
+    <p>For example, a hook script might use this code to indicate failure,
+       and send a text string to stderr:</p>
+    <pre>echo "Could not find required XYZZY" &gt;&amp;2
+exit 1</pre>
+    <p>The resulting entry in the libvirt log will appear as:</p>
+    <pre>20:02:40.297: error : virHookCall:416 : Hook script execution failed: Hook script /etc/libvirt/hooks/qemu qemu failed with error code 256:Could not find required XYZZY</pre>
  </body>
 </html>
--- a/docs/logging.html.in
+++ b/docs/logging.html.in
@ -4,33 +4,33 @@
    <h1 >Logging in the library and the daemon</h1>
    <p>Libvirt includes logging facilities starting from version 0.6.0,
       this complements the <a href="errors.html">error handling</a>
-       mechanism and APIs to allow tracing though the execution of the
+       mechanism and APIs to allow tracing through the execution of the
       library as well as in the libvirtd daemon.</p>
    <p>The logging functionalities in libvirt are based on 3 key concepts,
       similar to the one present in other generic logging facilities like
       log4j:</p>
    <ul>
      <li>log messages: they are information generated at runtime by
-          the libvirt code, it includes a priority level (DEBUG = 1,
+          the libvirt code. Each message includes a priority level (DEBUG = 1,
          INFO = 2, WARNING = 3, ERROR = 4), a category, function name and
          line number, indicating where it originated from, and finally
-          a formatted message, in addition the library adds a timestamp
+          a formatted message.  In addition the library adds a timestamp
          at the begining of the message</li>
-      <li>log filters: it's a set of patter and priorities allowing to acept
-          or reject a log message, if the message category matches a filter,
+      <li>log filters: a set of patterns and priorities to accept
+          or reject a log message.  If the message category matches a filter,
          the message priority is compared to the filter priority, if lower
          the message is discarded, if higher the message is output. If
          no filter matches, then a general priority level is applied to
-          all remaining messages. This allows to capture for example all
-          debug messages for the QEmu driver, but otherwise only allow
-          errors to show up from other parts</li>
-      <li>log outputs: once a message has gone though filtering a set of
+          all remaining messages. This allows, for example, capturing all
+          debug messages for the QEmu driver, but otherwise only allowing
+          errors to show up from other parts.</li>
+      <li>log outputs: once a message has gone through filtering a set of
          output defines where to send the message, they can also filter
          based on the priority, for example it may be useful to output
          all messages to a debugging file but only allow errors to be
-          logged though syslog.</li>
+          logged through syslog.</li>
    </ul>
-    <p>The library configuration of logging is though 3 environment variables
+    <p>The library configuration of logging is through 3 environment variables
    allowing to control the logging behaviour:</p>
    <ul>
      <li>LIBVIRT_DEBUG: it can take the four following values:
@ -41,14 +41,14 @@
        <li>3 or "warn": log warnings and errors, that's the default value</li>
        <li>4 or "error": log only error messages</li>
      </ul></li>
-      <li>LIBVIRT_LOG_FILTERS: allow to define logging filters</li>
-      <li>LIBVIRT_LOG_OUTPUTS: allow to define logging outputs</li>
+      <li>LIBVIRT_LOG_FILTERS: defines logging filters</li>
+      <li>LIBVIRT_LOG_OUTPUTS: defines logging outputs</li>
    </ul>
    <p>Note that, for example, setting LIBVIRT_DEBUG= is the same as unset. If
       you specify an invalid value, it will be ignored with a warning. If you
       have an error in a filter or output string, some of the settings may be
       applied up to the point at which libvirt encountered the error.</p>
-    <p>Similary the daemon logging behaviour can be tuned using 3 config
+    <p>Similarly the daemon logging behaviour can be tuned using 3 config
    variables, stored in the configuration file:
    <ul>
      <li>log_level: accepts the following values:
@ -58,8 +58,8 @@
        <li>2: informations, warnings and errors</li>
        <li>1: debug and everything</li>
      </ul></li>
-      <li>log_filters: allow to define logging filters</li>
-      <li>log_outputs: allow to define logging outputs</li>
+      <li>log_filters: defines logging filters</li>
+      <li>log_outputs: defines logging outputs</li>
    </ul>
    <p>When starting the libvirt daemon, any logging environment variable
       settings will override settings in the config file. Command line options
@ -106,7 +106,7 @@
      <li>3: WARNING</li>
      <li>4: ERROR</li>
    </ul>
-    <p>Multiple output can be defined , they just need to be separated by
+    <p>Multiple output can be defined, they just need to be separated by
       spaces, e.g.: <code>"3:syslog:libvirtd 1:file:/tmp/libvirt.log"</code>
       will log all warnings and errors to syslog under the libvirtd ident
       but also log everything debugging and informations included in the
--- a/docs/news.html.in
+++ b/docs/news.html.in
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@ -58,14 +58,20 @@ machines through authenticated and encrypted connections.
      </li>
    </ul>
    <h3>
-      <a name="Remote_basic_usage" id="Remote_basic_usage">Basic usage</a>
+      <a name="Remote_basic_usage">Basic usage</a>
    </h3>
    <p>
-On the remote machine, <code>libvirtd</code> should be running.
+On the remote machine, <code>libvirtd</code> should be running in general.
 See <a href="#Remote_libvirtd_configuration">the section
 on configuring libvirtd</a> for more information.
 </p>
    <p>
+    Not all hypervisors supported by libvirt require a running
+    <code>libvirtd</code>. If you want to connect to a VMware ESX/ESXi or
+    GSX server then <code>libvirtd</code> is not necessary. See the
+    <a href="drvesx.html">VMware ESX page</a> for details.
+    </p>
+    <p>
 To tell libvirt that you want to access a remote resource,
 you should supply a hostname in the normal <a href="uri.html">URI</a> that is passed
 to <code>virConnectOpen</code> (or <code>virsh -c ...</code>).
@ -92,7 +98,7 @@ relating to failures in the remote transport itself. </li>
 much slower than, say, direct hypervisor calls. </li>
    </ul>
    <h3>
-      <a name="Remote_transports" id="Remote_transports">Transports</a>
+      <a name="Remote_transports">Transports</a>
    </h3>
    <p>
 Remote libvirt supports a range of transports:
@ -140,7 +146,7 @@ Remote libvirt supports a range of transports:
 The default transport, if no other is specified, is <code>tls</code>.
 </p>
    <h3>
-      <a name="Remote_URI_reference" id="Remote_URI_reference">Remote URIs</a>
+      <a name="Remote_URI_reference">Remote URIs</a>
    </h3>
    <p>
 See also: <a href="uri.html">documentation on ordinary ("local") URIs</a>.
@ -181,7 +187,7 @@ settings.
 </li>
    </ul>
    <h4>
-      <a name="Remote_URI_parameters" id="Remote_URI_parameters">Extra parameters</a>
+      <a name="Remote_URI_parameters">Extra parameters</a>
    </h4>
    <p>
 Extra parameters can be added to remote URIs as part
@ -304,10 +310,10 @@ Note that parameter values must be
      </tr>
    </table>
    <h3>
-      <a name="Remote_certificates" id="Remote_certificates">Generating TLS certificates</a>
+      <a name="Remote_certificates">Generating TLS certificates</a>
    </h3>
    <h4>
-      <a name="Remote_PKI" id="Remote_PKI">Public Key Infrastructure set up</a>
+      <a name="Remote_PKI">Public Key Infrastructure set up</a>
    </h4>
    <p>
 If you are unsure how to create TLS certificates, skip to the
@ -367,7 +373,7 @@ next section.
      </tr>
    </table>
    <h4>
-      <a name="Remote_TLS_background" id="Remote_TLS_background">Background to TLS certificates</a>
+      <a name="Remote_TLS_background">Background to TLS certificates</a>
    </h4>
    <p>
 Libvirt supports TLS certificates for verifying the identity
@ -402,7 +408,7 @@ address.  You may want to change this to make it less (or more)
 permissive, depending on your needs.
 </p>
    <h4>
-      <a name="Remote_TLS_CA" id="Remote_TLS_CA">Setting up a Certificate Authority (CA)</a>
+      <a name="Remote_TLS_CA">Setting up a Certificate Authority (CA)</a>
    </h4>
    <p>
 You will need the <a href="http://www.gnu.org/software/gnutls/manual/html_node/Invoking-certtool.html">GnuTLS
@ -473,7 +479,7 @@ key carefully as you will need it when you come to issue certificates
 for your clients and servers.
 </p>
    <h4>
-      <a name="Remote_TLS_server_certificates" id="Remote_TLS_server_certificates">Issuing server certificates</a>
+      <a name="Remote_TLS_server_certificates">Issuing server certificates</a>
    </h4>
    <p>
 For each server (libvirtd) you need to issue a certificate
@ -556,7 +562,7 @@ which can be installed on the server as
 </li>
    </ul>
    <h4>
-      <a name="Remote_TLS_client_certificates" id="Remote_TLS_client_certificates">Issuing client certificates</a>
+      <a name="Remote_TLS_client_certificates">Issuing client certificates</a>
    </h4>
    <p>
 For each client (ie. any program linked with libvirt, such as
@ -609,7 +615,7 @@ cp clientcert.pem /etc/pki/libvirt/clientcert.pem
 </li>
    </ol>
    <h4>
-      <a name="Remote_TLS_troubleshooting" id="Remote_TLS_troubleshooting">Troubleshooting TLS certificate problems</a>
+      <a name="Remote_TLS_troubleshooting">Troubleshooting TLS certificate problems</a>
    </h4>
    <dl>
      <dt> failed to verify client's certificate </dt>
@ -627,7 +633,7 @@ to analyze the setup on the client or server machines, preferably as root.
 It will try to point out the possible problems and provide solutions to
 fix the set up up to a point where you have secure remote access.</p>
    <h3>
-      <a name="Remote_libvirtd_configuration" id="Remote_libvirtd_configuration">libvirtd configuration file</a>
+      <a name="Remote_libvirtd_configuration">libvirtd configuration file</a>
    </h3>
    <p>
 Libvirtd (the remote daemon) is configured from a file called
@ -795,7 +801,7 @@ Blank lines and comments beginning with <code>#</code> are ignored.
      </tr>
    </table>
    <h3>
-      <a name="Remote_IPv6" id="Remote_IPv6">IPv6 support</a>
+      <a name="Remote_IPv6">IPv6 support</a>
    </h3>
    <p>
 The libvirtd service and libvirt remote client driver both use the
@ -808,7 +814,7 @@ connection will be made, otherwise IPv4 will be used. In summary it
 should just 'do the right thing(tm)'.
 </p>
    <h3>
-      <a name="Remote_limitations" id="Remote_limitations">Limitations</a>
+      <a name="Remote_limitations">Limitations</a>
    </h3>
    <ul>
      <li> Fine-grained authentication: libvirt in general,
@ -821,7 +827,7 @@ just read-write/read-only as at present.
 Please come and discuss these issues and more on <a href="https://www.redhat.com/mailman/listinfo/libvir-list" title="libvir-list mailing list">the mailing list</a>.
 </p>
    <h3>
-      <a name="Remote_implementation_notes" id="Remote_implementation_notes">Implementation notes</a>
+      <a name="Remote_implementation_notes">Implementation notes</a>
    </h3>
    <p>
 The current implementation uses <a href="http://en.wikipedia.org/wiki/External_Data_Representation" title="External Data Representation">XDR</a>-encoded packets with a
--- a/docs/schemas/capability.rng
+++ b/docs/schemas/capability.rng
@ -79,6 +79,11 @@
    <element name='model'>
      <text/>
    </element>
+    <optional>
+      <element name='vendor'>
+        <text/>
+      </element>
+    </optional>
    <element name='topology'>
      <attribute name='sockets'>
        <ref name='positiveInteger'/>
--- a/docs/schemas/domain.rng
+++ b/docs/schemas/domain.rng
@ -41,6 +41,9 @@
        <optional>
          <ref name="seclabel"/>
        </optional>
+        <optional>
+          <ref name='qemucmdline'/>
+        </optional>
      </interleave>
    </element>
  </define>
@ -119,6 +122,16 @@
            <ref name="osbootdev"/>
          </oneOrMore>
        </choice>
+        <optional>
+          <element name="bootmenu">
+            <attribute name="enable">
+              <choice>
+                <value>yes</value>
+                <value>no</value>
+              </choice>
+            </attribute>
+          </element>
+        </optional>
      </interleave>
    </element>
  </define>
@ -286,10 +299,48 @@
          </optional>
        </element>
      </optional>
+
+      <!-- All the memory/swap related tunables would go in the memtune -->
+      <optional>
+        <element name="memtune">
+          <!-- Maximum memory the VM can use -->
+          <optional>
+            <element name="hard_limit">
+              <ref name="memoryKB"/>
+            </element>
+          </optional>
+          <!-- Minimum memory ascertained for the VM during contention -->
+          <optional>
+            <element name="soft_limit">
+              <ref name="memoryKB"/>
+            </element>
+          </optional>
+          <!-- Minimum amount of memory required to start the VM -->
+          <optional>
+            <element name="min_guarantee">
+              <ref name="memoryKB"/>
+            </element>
+          </optional>
+          <!-- Maximum swap area the VM can use -->
+          <optional>
+            <element name="swap_hard_limit">
+              <ref name="memoryKB"/>
+            </element>
+          </optional>
+        </element>
+      </optional>
+
      <optional>
        <element name="vcpu">
          <optional>
-            <attribute name="cpuset"/>
+            <attribute name="cpuset">
+              <ref name="cpuset"/>
+            </attribute>
+          </optional>
+          <optional>
+            <attribute name="current">
+              <ref name="countCPU"/>
+            </attribute>
          </optional>
          <ref name="countCPU"/>
        </element>
@ -673,9 +724,11 @@
      <optional>
        <attribute name="model">
          <choice>
+            <value>auto</value>
            <value>buslogic</value>
            <value>lsilogic</value>
            <value>lsisas1068</value>
+            <value>vmpvscsi</value>
          </choice>
        </attribute>
      </optional>
@ -746,6 +799,13 @@
      </choice>
      <optional>
        <ref name="address"/>
+        <attribute name="accessmode">
+        <choice>
+          <value>passthrough</value>
+          <value>mapped</value>
+          <value>squash</value>
+        </choice>
+        </attribute>
      </optional>
    </element>
  </define>
@ -1162,7 +1222,7 @@
      </optional>
      <optional>
        <element name="on_crash">
-          <ref name="offOptions"/>
+          <ref name="crashOptions"/>
        </element>
      </optional>
    </interleave>
@ -1183,6 +1243,29 @@
      <value>rename-restart</value>
    </choice>
  </define>
+  <!--
+      Options when a domain crashes:
+      destroy: The domain is cleaned up
+      restart: A new domain is started in place of the old one
+      preserve: The domain will remain in memory until it is destroyed manually
+      rename-restart: a variant of the previous one but where the old domain is
+                      renamed before being saved to allow a restart
+      coredump-destroy: The crashed domain's core will be dumped, and then the
+                        domain will be terminated completely and all resources
+                        released
+      coredump-restart: The crashed domain's core will be dumped, and then the
+                        domain will be restarted with the same configuration
+    -->
+  <define name="crashOptions">
+    <choice>
+      <value>destroy</value>
+      <value>restart</value>
+      <value>preserve</value>
+      <value>rename-restart</value>
+      <value>coredump-destroy</value>
+      <value>coredump-restart</value>
+    </choice>
+  </define>
  <!--
      Specific setup for a qemu emulated character device.  Note: this
      definition doesn't fully specify the constraints on this node.
@ -1197,17 +1280,38 @@
    <interleave>
      <ref name="qemucdevSrcDef"/>
      <optional>
-        <element name="target">
-          <optional>
-            <attribute name="port"/>
-          </optional>
-        </element>
+        <ref name="qemucdevTgtDef"/>
      </optional>
      <optional>
        <ref name="address"/>
      </optional>
    </interleave>
  </define>
+
+  <define name="qemucdevConsoleTgtType">
+    <attribute name="type">
+      <choice>
+        <value>xen</value>
+        <value>serial</value>
+        <value>uml</value>
+        <value>virtio</value>
+      </choice>
+    </attribute>
+  </define>
+
+  <define  name="qemucdevTgtDef">
+    <element name="target">
+      <interleave>
+        <optional>
+          <ref name="qemucdevConsoleTgtType"/>
+        </optional>
+        <optional>
+          <attribute name="port"/>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+
  <define name="qemucdevSrcType">
    <attribute name="type">
      <choice>
@ -1267,7 +1371,9 @@
          </optional>
          <empty/>
        </group>
-        <ref name="qemucdev"/>
+        <choice>
+          <ref name="qemucdev"/>
+        </choice>
      </choice>
    </element>
  </define>
@ -1310,6 +1416,20 @@
      </optional>
    </element>
  </define>
+  <define name="memballoon">
+    <element name="memballoon">
+      <attribute name="model">
+        <choice>
+          <value>virtio</value>
+          <value>xen</value>
+          <value>none</value>
+        </choice>
+      </attribute>
+      <optional>
+        <ref name="address"/>
+      </optional>
+    </element>
+  </define>
  <define name="parallel">
    <element name="parallel">
      <ref name="qemucdev"/>
@ -1516,6 +1636,9 @@
        <optional>
          <ref name="watchdog"/>
        </optional>
+        <optional>
+          <ref name="memballoon"/>
+        </optional>
      </interleave>
    </element>
  </define>
@ -1557,6 +1680,7 @@
          <interleave>
            <ref name="cpuModel"/>
            <optional>
+              <ref name="cpuVendor"/>
              <ref name="cpuTopology"/>
            </optional>
            <zeroOrMore>
@ -1584,6 +1708,12 @@
    </element>
  </define>

+  <define name="cpuVendor">
+    <element name="vendor">
+      <text/>
+    </element>
+  </define>
+
  <define name="cpuFeature">
    <element name="feature">
      <attribute name="policy">
@ -1657,6 +1787,31 @@
    </optional>
  </define>

+  <!--
+       Optional hypervisor extensions in their own namespace:
+         QEmu
+    -->
+  <define name="qemucmdline">
+    <element name="commandline" ns="http://libvirt.org/schemas/domain/qemu/1.0">
+      <zeroOrMore>
+        <element name="arg">
+          <attribute name='value'/>
+        </element>
+      </zeroOrMore>
+      <zeroOrMore>
+        <element name="env">
+          <attribute name='name'>
+            <ref name="filter-param-name"/>
+          </attribute>
+          <optional>
+            <attribute name='value'/>
+          </optional>
+          <empty/>
+        </element>
+      </zeroOrMore>
+    </element>
+  </define>
+
  <!--
       Type library

@ -1675,6 +1830,11 @@
      <param name="pattern">[0-9]+</param>
    </data>
  </define>
+  <define name="cpuset">
+    <data type="string">
+      <param name="pattern">([0-9]+(-[0-9]+)?|\^[0-9]+)(,([0-9]+(-[0-9]+)?|\^[0-9]+))*</param>
+    </data>
+  </define>
  <define name="countCPU">
    <data type="unsignedShort">
      <param name="pattern">[0-9]+</param>
--- a/docs/schemas/nwfilter.rng
+++ b/docs/schemas/nwfilter.rng
@ -24,6 +24,7 @@
                  <ref name="match-attribute"/>
                  <ref name="common-l2-attributes"/>
                  <ref name="mac-attributes"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -33,6 +34,7 @@
                  <ref name="match-attribute"/>
                  <ref name="common-l2-attributes"/>
                  <ref name="arp-attributes"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -42,6 +44,7 @@
                  <ref name="match-attribute"/>
                  <ref name="common-l2-attributes"/>
                  <ref name="arp-attributes"/> <!-- same as arp -->
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -54,6 +57,7 @@
                  <ref name="common-port-attributes"/>
                  <ref name="ip-attributes"/>
                  <ref name="dscp-attribute"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -65,6 +69,7 @@
                  <ref name="common-ipv6-attributes-p1"/>
                  <ref name="common-port-attributes"/>
                  <ref name="ip-attributes"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -76,6 +81,7 @@
                  <ref name="common-port-attributes"/>
                  <ref name="common-ip-attributes-p1"/>
                  <ref name="common-ip-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -87,6 +93,7 @@
                  <ref name="common-port-attributes"/>
                  <ref name="common-ip-attributes-p1"/>
                  <ref name="common-ip-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -98,6 +105,7 @@
                  <ref name="common-port-attributes"/>
                  <ref name="common-ip-attributes-p1"/>
                  <ref name="common-ip-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -109,6 +117,7 @@
                  <ref name="common-ip-attributes-p1"/>
                  <ref name="common-ip-attributes-p2"/>
                  <ref name="icmp-attributes"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -119,6 +128,7 @@
                  <ref name="srcmac-attribute"/>
                  <ref name="common-ip-attributes-p1"/>
                  <ref name="common-ip-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -129,6 +139,7 @@
                  <ref name="srcmac-attribute"/>
                  <ref name="common-ip-attributes-p1"/>
                  <ref name="common-ip-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -139,6 +150,7 @@
                  <ref name="srcmac-attribute"/>
                  <ref name="common-ip-attributes-p1"/>
                  <ref name="common-ip-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -149,6 +161,7 @@
                  <ref name="srcmac-attribute"/>
                  <ref name="common-ip-attributes-p1"/>
                  <ref name="common-ip-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -159,6 +172,7 @@
                  <ref name="srcmac-attribute"/>
                  <ref name="common-ip-attributes-p1"/>
                  <ref name="common-ip-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -170,6 +184,7 @@
                  <ref name="common-port-attributes"/>
                  <ref name="common-ipv6-attributes-p1"/>
                  <ref name="common-ipv6-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -181,6 +196,7 @@
                  <ref name="common-port-attributes"/>
                  <ref name="common-ipv6-attributes-p1"/>
                  <ref name="common-ipv6-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -192,6 +208,7 @@
                  <ref name="common-port-attributes"/>
                  <ref name="common-ipv6-attributes-p1"/>
                  <ref name="common-ipv6-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -203,6 +220,7 @@
                  <ref name="common-ipv6-attributes-p1"/>
                  <ref name="common-ipv6-attributes-p2"/>
                  <ref name="icmp-attributes"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -213,6 +231,7 @@
                  <ref name="srcmac-attribute"/>
                  <ref name="common-ipv6-attributes-p1"/>
                  <ref name="common-ipv6-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -223,6 +242,7 @@
                  <ref name="srcmac-attribute"/>
                  <ref name="common-ipv6-attributes-p1"/>
                  <ref name="common-ipv6-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -233,6 +253,7 @@
                  <ref name="srcmac-attribute"/>
                  <ref name="common-ipv6-attributes-p1"/>
                  <ref name="common-ipv6-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -243,6 +264,7 @@
                  <ref name="srcmac-attribute"/>
                  <ref name="common-ipv6-attributes-p1"/>
                  <ref name="common-ipv6-attributes-p2"/>
+                  <ref name="comment-attribute"/>
                </element>
              </zeroOrMore>
            </optional>
@ -407,6 +429,11 @@
          <ref name="uint16range"/>
        </attribute>
      </optional>
+      <optional>
+        <attribute name="state">
+          <ref name="stateflags-type"/>
+        </attribute>
+      </optional>
    </interleave>
  </define>

@ -571,6 +598,14 @@
    </optional>
  </define>

+  <define name="comment-attribute">
+    <optional>
+      <attribute name="comment">
+        <ref name="comment-type"/>
+      </attribute>
+    </optional>
+  </define>
+
  <!-- ################  type library ################ -->

  <define name="UUID">
@ -826,4 +861,14 @@
      <param name="pattern">([Ff][Aa][Ll][Ss][Ee]|0)</param>
    </data>
  </define>
+
+  <define name='comment-type'>
+    <data type="string"/>
+  </define>
+
+  <define name='stateflags-type'>
+    <data type="string">
+      <param name="pattern">((NEW|ESTABLISHED|RELATED|INVALID)(,(NEW|ESTABLISHED|RELATED|INVALID))*|NONE)</param>
+    </data>
+  </define>
 </grammar>
--- a/docs/schemas/storagepool.rng
+++ b/docs/schemas/storagepool.rng
@ -103,6 +103,23 @@
    <ref name='target'/>
  </define>

+  <define name='sourceinfovendor'>
+    <optional>
+      <element name='vendor'>
+        <attribute name='name'>
+          <text/>
+        </attribute>
+      </element>
+    </optional>
+    <optional>
+      <element name='product'>
+        <attribute name='name'>
+          <text/>
+        </attribute>
+      </element>
+    </optional>
+  </define>
+
  <define name='commonmetadata'>
    <element name='name'>
      <ref name='name'/>
@ -286,6 +303,9 @@
            <value>nfs</value>
          </choice>
        </attribute>
+        <optional>
+          <ref name='sourceinfovendor'/>
+        </optional>
      </element>
    </optional>
  </define>
@ -307,6 +327,9 @@
            <value>lvm2</value>
          </choice>
        </attribute>
+        <optional>
+          <ref name='sourceinfovendor'/>
+        </optional>
      </element>
    </optional>
  </define>
@ -321,6 +344,9 @@
            <value>lvm2</value>
          </choice>
        </attribute>
+        <optional>
+          <ref name='sourceinfovendor'/>
+        </optional>
      </element>
    </optional>
  </define>
@ -330,13 +356,20 @@
    <optional>
      <element name='source'>
        <empty/>
+        <optional>
+          <ref name='sourceinfovendor'/>
+        </optional>
      </element>
    </optional>
  </define>
+
  <define name='sourcefs'>
    <element name='source'>
      <ref name='sourceinfodev'/>
      <ref name='sourcefmtfs'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
    </element>
  </define>

@ -345,6 +378,9 @@
      <ref name='sourceinfohost'/>
      <ref name='sourceinfodir'/>
      <ref name='sourcefmtnetfs'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
    </element>
  </define>

@ -359,6 +395,9 @@
        </optional>
      </oneOrMore>
      <ref name='sourcefmtlogical'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
    </element>
  </define>

@ -366,6 +405,9 @@
    <element name='source'>
      <ref name='sourceinfodev'/>
      <ref name='sourcefmtdisk'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
    </element>
  </define>

@ -379,12 +421,19 @@
      <optional>
        <ref name='sourceinfoauth'/>
      </optional>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
    </element>
  </define>

  <define name='sourcescsi'>
    <element name='source'>
      <ref name='sourceinfoadapter'/>
+      <optional>
+        <ref name='sourceinfovendor'/>
+      </optional>
+
    </element>
  </define>

--- a/docs/search.php
+++ b/docs/search.php
@ -258,7 +258,7 @@
          </li><li>
            <a title="User contributed content" class="inactive" href="http://wiki.libvirt.org">Wiki</a>
          </li><li>
-            <a title="Frequently asked questions" class="inactive" href="FAQ.html">FAQ</a>
+            <a title="Frequently asked questions" class="inactive" href="http://wiki.libvirt.org/page/FAQ">FAQ</a>
          </li><li>
            <a title="How and where to report bugs and request features" class="inactive" href="bugs.html">Bug reports</a>
          </li><li>
--- a/Show More
+++ b/Show More