Release of libvirt-0.10.2

* configure.ac docs/news.html.in libvirt.spec.in: update for the release * po/*.po*: update from transifex and regenerate
Fix another rpmbuild failure
2025-08-18 13:50:02 +03:00 · 2012-09-24 12:46:37 +08:00 · 2012-09-24 12:46:37 +08:00 · 2012-09-24 12:37:52 +08:00 · 2012-09-24 10:50:16 +08:00 · 2012-09-21 20:10:43 -04:00
1700 changed files with 1251316 additions and 957197 deletions
--- a/.dir-locals.el
+++ b/.dir-locals.el
@ -14,4 +14,7 @@
 (nxml-mode . (
 	       (indent-tabs-mode . nil)
 	       ))
+ (perl-mode . (
+	       (indent-tabs-mode . nil)
+	       ))
 )
--- a/.gitignore
+++ b/.gitignore
@ -18,6 +18,7 @@
 *.s
 *~
 .deps
+.gdb_history
 .git
 .git-module-status
 .libs
@ -48,17 +49,20 @@
 /daemon/*_dispatch.h
 /daemon/libvirt_qemud
 /daemon/libvirtd
-/daemon/libvirtd.init
-/daemon/libvirtd.service
 /daemon/libvirtd*.logrotate
 /daemon/libvirtd.8
 /daemon/libvirtd.8.in
+/daemon/libvirtd.init
 /daemon/libvirtd.pod
+/daemon/libvirtd.service
+/daemon/test_libvirtd.aug
+/docs/apibuild.py.stamp
 /docs/devhelp/libvirt.devhelp
 /docs/hvsupport.html.in
 /docs/libvirt-api.xml
 /docs/libvirt-qemu-*.xml
 /docs/libvirt-refs.xml
+/docs/search.php
 /docs/todo.html.in
 /examples/domain-events/events-c/event-test
 /examples/dominfo/info1
@ -78,7 +82,7 @@
 /ltmain.sh
 /m4/*
 /maint.mk
-/mingw32-libvirt.spec
+/mingw-libvirt.spec
 /mkinstalldirs
 /po/*
 /proxy/
@ -90,20 +94,30 @@
 /python/libvirt.[ch]
 /python/libvirt.py
 /python/libvirt_qemu.py
+/run
 /sc_*
+/src/.*.stamp
 /src/esx/*.generated.*
 /src/hyperv/*.generated.*
 /src/libvirt*.def
 /src/libvirt.syms
 /src/libvirt_*.stp
 /src/libvirt_*helper
+/src/libvirt_*probes.h
 /src/libvirt_lxc
 /src/locking/qemu-sanlock.conf
-/src/probes.h
+/src/locking/test_libvirt_sanlock.aug
+/src/lxc/lxc_controller_dispatch.h
+/src/lxc/lxc_monitor_dispatch.h
+/src/lxc/lxc_protocol.c
+/src/lxc/lxc_protocol.h
+/src/lxc/test_libvirtd_lxc.aug
+/src/qemu/test_libvirtd_qemu.aug
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
 /src/rpc/virkeepaliveprotocol.[ch]
 /src/rpc/virnetprotocol.[ch]
+/src/test_libvirt*.aug
 /src/util/virkeymaps.h
 /src/virt-aa-helper
 /tests/*.log
@ -118,6 +132,7 @@
 /tests/eventtest
 /tests/hashtest
 /tests/jsontest
+/tests/libvirtdconftest
 /tests/networkxml2argvtest
 /tests/nodeinfotest
 /tests/nwfilterxml2xmltest
@ -127,20 +142,26 @@
 /tests/openvzutilstest
 /tests/qemuargv2xmltest
 /tests/qemuhelptest
+/tests/qemumonitorjsontest
 /tests/qemumonitortest
 /tests/qemuxmlnstest
 /tests/qparamtest
 /tests/reconnect
 /tests/secaatest
 /tests/seclabeltest
+/tests/securityselinuxtest
 /tests/sexpr2xmltest
 /tests/shunloadtest
 /tests/sockettest
 /tests/ssh
 /tests/statstest
+/tests/storagebackendsheepdogtest
 /tests/utiltest
+/tests/viratomictest
 /tests/virauthconfigtest
+/tests/virbitmaptest
 /tests/virbuftest
+/tests/virdrivermoduletest
 /tests/virhashtest
 /tests/virkeyfiletest
 /tests/virnet*test
@ -152,6 +173,7 @@
 /tests/xmconfigtest
 /tools/*.[18]
 /tools/libvirt-guests.init
+/tools/libvirt-guests.service
 /tools/virsh
 /tools/virsh-*-edit.c
 /tools/virt-*-validate
--- a/.gnulib
+++ b/.gnulib
--- a/.mailmap
+++ b/.mailmap
@ -28,8 +28,16 @@
 <supriyak@linux.vnet.ibm.com> <supriyak@in.ibm.com>
 <neil@aldur.co.uk> <neil@brightbox.co.uk>
 <stefanb@us.ibm.com> <stefanb@linux.vnet.ibm.com>
-<josh.durgin@dreamhost.com> <joshd@hq.newdream.net>
+<stefanb@us.ibm.com> <stefannb@linux.vnet.ibm.com>
+<josh.durgin@inktank.com> <joshd@hq.newdream.net>
+<josh.durgin@inktank.com> <josh.durgin@dreamhost.com>
+<gerd@egidy.de> <lists@egidy.de>
+<gerd@egidy.de> <gerd.von.egidy@intra2net.com>

 # Name consolidation:
 # Preferred author spelling <preferred email>
 Alex Jia <ajia@redhat.com>
+Royce Lv <lvroyce@linux.vnet.ibm.com>
+Daniel J Walsh <dwalsh@redhat.com>
+Ján Tomko <jtomko@redhat.com>
+Gerd von Egidy <gerd@egidy.de>
--- a/46
+++ b/46
@ -31,6 +31,7 @@ The primary maintainers and people with commit access rights:
  Peter Krempa         <pkrempa@redhat.com>
  Christophe Fergeau   <cfergeau@redhat.com>
  Alex Jia             <ajia@redhat.com>
+  Martin Kletzander    <mkletzan@redhat.com>

 Previous maintainers:
  Karel Zak            <kzak@redhat.com>
@ -70,7 +71,7 @@ Patches have also been contributed by:
  Chris Wright         <chrisw@redhat.com>
  Ben Guthro           <ben.guthro@gmail.com>
  Shigeki Sakamoto     <fj0588di@aa.jp.fujitsu.com>
-  Gerd von Egidy       <lists@egidy.de>
+  Gerd von Egidy       <gerd@egidy.de>
  Itamar Heim          <iheim@redhat.com>
  Markus Armbruster    <armbru@redhat.com>
  Ryota Ozaki          <ozaki.ryota@gmail.com>
@ -143,7 +144,7 @@ Patches have also been contributed by:
  Hu Tao               <hutao@cn.fujitsu.com>
  Laurent Léonard      <laurent@open-minds.org>
  MORITA Kazutaka      <morita.kazutaka@lab.ntt.co.jp>
-  Josh Durgin          <josh.durgin@dreamhost.com>
+  Josh Durgin          <josh.durgin@inktank.com>
  Roopa Prabhu         <roprabhu@cisco.com>
  Paweł Krześniak      <pawel.krzesniak@gmail.com>
  Kay Schubert         <kayegypt@web.de>
@ -198,7 +199,7 @@ Patches have also been contributed by:
  Sage Weil            <sage@newdream.net>
  David L Stevens      <dlstevens@us.ibm.com>
  Tyler Coumbes        <coumbes@gmail.com>
-  Wen Ruo Lv           <lvroyce@linux.vnet.ibm.com>
+  Royce Lv             <lvroyce@linux.vnet.ibm.com>
  Patrice LACHANCE     <patlachance@gmail.com>
  Eli Qiao             <taget@linux.vnet.ibm.com>
  Michael Wood         <esiotrot@gmail.com>
@ -212,7 +213,6 @@ Patches have also been contributed by:
  Rommer               <rommer@active.by>
  Yuri Chornoivan      <yurchor@ukr.net>
  Deepak C Shetty      <deepakcs@linux.vnet.ibm.com>
-  Martin Kletzander    <mkletzan@redhat.com>
  Laszlo Ersek         <lersek@redhat.com>
  Zeeshan Ali (Khattak) <zeeshanak@gnome.org>
  Marcelo Cerri        <mhcerri@linux.vnet.ibm.com>
@ -228,6 +228,44 @@ Patches have also been contributed by:
  Li Zhang             <zhlcindy@linux.vnet.ibm.com>
  Stef Walter          <stefw@gnome.org>
  Christian Benvenuti  <benve@cisco.com>
+  Ilja Livenson        <ilja.livenson@gmail.com>
+  Stefan Bader         <stefan.bader@canonical.com>
+  MATSUDA Daiki        <matsudadik@intellilink.co.jp>
+  Jan Kiszka           <jan.kiszka@siemens.com>
+  Ryan Woodsmall       <rwoodsmall@gmail.com>
+  Wido den Hollander   <wido@widodh.nl>
+  Eugen Feller         <eugen.feller@inria.fr>
+  Dmitry Guryanov      <dguryanov@parallels.com>
+  William Jon McCann   <william.jon.mccann@gmail.com>
+  David Weber          <wb@munzinger.de>
+  Marti Raudsepp       <marti@juffo.org>
+  Radu Caragea         <dmns_serp@yahoo.com>
+  Beat Jörg            <Beat.Joerg@ssatr.ch>
+  Gao feng             <gaofeng@cn.fujitsu.com>
+  Dipankar Sarma       <dipankar@in.ibm.com>
+  Gerd Hoffmann        <kraxel@redhat.com>
+  Viktor Mihajlovski   <mihajlov@linux.vnet.ibm.com>
+  Thang Pham           <thang.pham@us.ibm.com>
+  Eiichi Tsukata       <eiichi.tsukata.xh@hitachi.com>
+  Sascha Peilicke      <saschpe@suse.de>
+  Chuck Short          <chuck.short@canonical.com>
+  Sebastian Wiedenroth <wiedi@frubar.net>
+  Ata E Husain Bohra   <ata.husain@hotmail.com>
+  Ján Tomko            <jtomko@redhat.com>
+  Richa Marwaha        <rmarwah@linux.vnet.ibm.com>
+  Peter Feiner         <peter@gridcentric.ca>
+  Frido Roose          <frido.roose@gmail.com>
+  Asad Saeed           <asad.saeed@acidseed.com>
+  Sukadev Bhattiprolu  <sukadev@linux.vnet.ibm.com>
+  Thomas Woerner       <twoerner@redhat.com>
+  J.B. Joret           <jb@linux.vnet.ibm.com>
+  Stefan Hajnoczi      <stefanha@linux.vnet.ibm.com>
+  Gene Czarcinski      <gene@czarc.net>
+  Nishank Trivedi      <nistrive@cisco.com>
+  Jasper Lievisse Adriaanse <jasper@humppa.nl>
+  Paul Eggert          <eggert@cs.ucla.edu>
+  Dwight Engen         <dwight.engen@oracle.com>
+  liguang              <lig.fnst@cn.fujitsu.com>

  [....send patches to get your name here....]

--- a/48
+++ b/48
@ -1,5 +1,6 @@
 -*- buffer-read-only: t -*- vi: set ro:
-DO NOT EDIT THIS FILE!  IT IS GENERATED AUTOMATICALLY!
+DO NOT EDIT THIS FILE!  IT IS GENERATED AUTOMATICALLY
+from docs/hacking.html.in!



@ -21,9 +22,52 @@ or:

  git diff > libvirt-myfeature.patch

+However, the usual workflow of libvirt developer is:
+
+  git checkout master
+  git pull
+  git checkout -t origin -b workbranch
+  Hack, committing any changes along the way
+
+Then, when you want to post your patches:
+
+  git pull --rebase
+  (fix any conflicts)
+  git send-email --cover-letter --no-chain-reply-to --annotate \
+                 --to=libvir-list@redhat.com master
+
+(Note that the "git send-email" subcommand may not be in the main git package
+and using it may require installion of a separate package, for example the
+"git-email" package in Fedora.) For a single patch you can omit
+"--cover-letter", but a series of two or more patches needs a cover letter. If
+you get tired of typing "--to=libvir-list@redhat.com" designation you can set
+it in git config:
+
+  git config sendemail.to libvir-list@redhat.com
+
+Please follow this as close as you can, especially the rebase and git
+send-email part, as it makes life easier for other developers to review your
+patch set. One should avoid sending patches as attachments, but rather send
+them in email body along with commit message. If a developer is sending
+another version of the patch (e.g. to address review comments), he is advised
+to note differences to previous versions after the "---" line in the patch so
+that it helps reviewers but doesn't become part of git history. Moreover, such
+patch needs to be prefixed correctly with "--subject-prefix=PATCHv2" appended
+to "git send-email" (substitute "v2" with the correct version if needed
+though).
+
+
+
 (3) Split large changes into a series of smaller patches, self-contained if
 possible, with an explanation of each patch and an explanation of how the
-sequence of patches fits together.
+sequence of patches fits together. Moreover, please keep in mind that it's
+required to be able to compile cleanly (*including* "make check" and "make
+syntax-check") after each patch. A feature does not have to work until the end
+of a series, but intermediate patches must compile and not cause test-suite
+failures (this is to preserve the usefulness of "git bisect", among other
+things).
+
+

 (4) Make sure your patches apply against libvirt GIT. Developers only follow GIT
 and don't care much about released versions.
--- a/Makefile.am
+++ b/Makefile.am
@ -20,13 +20,14 @@ XML_EXAMPLES = \
 EXTRA_DIST = \
  ChangeLog-old \
  libvirt.spec libvirt.spec.in \
-  mingw32-libvirt.spec.in \
+  mingw-libvirt.spec.in \
  libvirt.pc.in \
  autobuild.sh \
  Makefile.nonreentrant \
  autogen.sh \
  cfg.mk \
  examples/domain-events/events-python \
+  run.in \
  $(XML_EXAMPLES)

 pkgconfigdir = $(libdir)/pkgconfig
--- a/autobuild.sh
+++ b/autobuild.sh
@ -50,30 +50,30 @@ test -x /usr/bin/lcov && make cov
 rm -f *.tar.gz
 make dist

-if [ -n "$AUTOBUILD_COUNTER" ]; then
+if test -n "$AUTOBUILD_COUNTER" ; then
  EXTRA_RELEASE=".auto$AUTOBUILD_COUNTER"
 else
  NOW=`date +"%s"`
  EXTRA_RELEASE=".$USER$NOW"
 fi

-if [ -f /usr/bin/rpmbuild ]; then
+if test -f /usr/bin/rpmbuild ; then
  rpmbuild --nodeps \
     --define "extra_release $EXTRA_RELEASE" \
     --define "_sourcedir `pwd`" \
     -ba --clean libvirt.spec
 fi

-# Test mingw cross-compile
-if [ -x /usr/bin/i686-pc-mingw32-gcc ]; then
+# Test mingw32 cross-compile
+if test -x /usr/bin/i686-w64-mingw32-gcc ; then
  make distclean

-  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/i686-pc-mingw32/sys-root/mingw/lib/pkgconfig" \
-  CC="i686-pc-mingw32-gcc" \
+  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/i686-w64-mingw32/sys-root/mingw/lib/pkgconfig" \
+  CC="i686-w64-mingw32-gcc" \
  ../configure \
-    --build=$(uname -m)-pc-linux \
-    --host=i686-pc-mingw32 \
-    --prefix="$AUTOBUILD_INSTALL_ROOT/i686-pc-mingw32/sys-root/mingw" \
+    --build=$(uname -m)-w64-linux \
+    --host=i686-w64-mingw32 \
+    --prefix="$AUTOBUILD_INSTALL_ROOT/i686-w64-mingw32/sys-root/mingw" \
    --enable-werror \
    --without-libvirtd \
    --without-python
@ -81,13 +81,33 @@ if [ -x /usr/bin/i686-pc-mingw32-gcc ]; then
  make
  make install

-  #set -o pipefail
-  #make check 2>&1 | tee "$RESULTS"
+fi

-  if [ -f /usr/bin/rpmbuild ]; then
+# Test mingw64 cross-compile
+if test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
+  make distclean
+
+  PKG_CONFIG_PATH="$AUTOBUILD_INSTALL_ROOT/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig" \
+  CC="x86_64-w64-mingw32-gcc" \
+  ../configure \
+    --build=$(uname -m)-w64-linux \
+    --host=x86_64-w64-mingw32 \
+    --prefix="$AUTOBUILD_INSTALL_ROOT/x86_64-w64-mingw32/sys-root/mingw" \
+    --enable-werror \
+    --without-libvirtd \
+    --without-python
+
+  make
+  make install
+
+fi
+
+
+if test -x /usr/bin/i686-w64-mingw32-gcc && test -x /usr/bin/x86_64-w64-mingw32-gcc ; then
+  if test -f /usr/bin/rpmbuild ; then
    rpmbuild --nodeps \
       --define "extra_release $EXTRA_RELEASE" \
       --define "_sourcedir `pwd`" \
-       -ba --clean mingw32-libvirt.spec
+       -ba --clean mingw-libvirt.spec
  fi
 fi
--- a/autogen.sh
+++ b/autogen.sh
@ -1,6 +1,8 @@
 #!/bin/sh
 # Run this to generate all the initial makefiles, etc.

+set -e
+
 srcdir=`dirname "$0"`
 test -z "$srcdir" && srcdir=.

@ -19,7 +21,8 @@ if test "x$1" = "x--no-git"; then
  no_git=" $1"
  shift
 fi
-if test "x$1" = "x--system"; then
+if test -z "$NOCONFIGURE" ; then
+  if test "x$1" = "x--system"; then
    shift
    prefix=/usr
    libdir=$prefix/lib
@ -30,11 +33,12 @@ if test "x$1" = "x--system"; then
    fi
    EXTRA_ARGS="--prefix=$prefix --sysconfdir=$sysconfdir --localstatedir=$localstatedir --libdir=$libdir"
    echo "Running ./configure with $EXTRA_ARGS $@"
-else
+  else
    if test -z "$*" && test ! -f "$THEDIR/config.status"; then
        echo "I am going to run ./configure with no arguments - if you wish "
        echo "to pass any to it, please specify them on the $0 command line."
    fi
+  fi
 fi

 # Compute the hash we'll use to determine whether rerunning bootstrap
@ -70,6 +74,8 @@ if test -d .git; then
    fi
 fi

+test -n "$NOCONFIGURE" && exit 0
+
 cd "$THEDIR"

 if test "x$OBJ_DIR" != x; then
@ -77,7 +83,7 @@ if test "x$OBJ_DIR" != x; then
    cd "$OBJ_DIR"
 fi

-if test -z "$*" && test -f config.status; then
+if test -z "$*" && test -z "$EXTRA_ARGS" && test -f config.status; then
    ./config.status --recheck
 else
    $srcdir/configure $EXTRA_ARGS "$@"
--- a/267
+++ b/267
@ -1,6 +1,6 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2012-02-11.09; # UTC
+scriptversion=2012-07-19.14; # UTC

 # Bootstrap this package from checked-out sources.

@ -36,6 +36,10 @@ nl='
 LC_ALL=C
 export LC_ALL

+# Ensure that CDPATH is not set.  Otherwise, the output from cd
+# would cause trouble in at least one use below.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
 local_gl_dir=gl

 me=$0
@ -73,6 +77,33 @@ Running without arguments will suffice in most cases.
 EOF
 }

+# warnf_ FORMAT-STRING ARG1...
+warnf_ ()
+{
+  warnf_format_=$1
+  shift
+  nl='
+'
+  case $* in
+    *$nl*) me_=$(printf "$me"|tr "$nl|" '??')
+       printf "$warnf_format_" "$@" | sed "s|^|$me_: |" ;;
+    *) printf "$me: $warnf_format_" "$@" ;;
+  esac >&2
+}
+
+# warn_ WORD1...
+warn_ ()
+{
+  # If IFS does not start with ' ', set it and emit the warning in a subshell.
+  case $IFS in
+    ' '*) warnf_ '%s\n' "$*";;
+    *)    (IFS=' '; warn_ "$@");;
+  esac
+}
+
+# die WORD1...
+die() { warn_ "$@"; exit 1; }
+
 # Configuration.

 # Name of the Makefile.am
@ -126,7 +157,8 @@ extract_package_name='
     p
  }
 '
-package=`sed -n "$extract_package_name" configure.ac` || exit
+package=$(sed -n "$extract_package_name" configure.ac) \
+  || die 'cannot find package name in configure.ac'
 gnulib_name=lib$package

 build_aux=build-aux
@ -182,6 +214,8 @@ use_git=true
 # otherwise find the first of the NAMES that can be run (i.e.,
 # supports --version).  If found, set ENVVAR to the program name,
 # die otherwise.
+#
+# FIXME: code duplication, see also gnu-web-doc-update.
 find_tool ()
 {
  find_tool_envvar=$1
@ -199,19 +233,15 @@ find_tool ()
  else
    find_tool_error_prefix="\$$find_tool_envvar: "
  fi
-  if test x"$find_tool_res" = x; then
-    echo >&2 "$me: one of these is required: $find_tool_names"
-    exit 1
-  fi
-  ($find_tool_res --version </dev/null) >/dev/null 2>&1 || {
-    echo >&2 "$me: ${find_tool_error_prefix}cannot run $find_tool_res --version"
-    exit 1
-  }
+  test x"$find_tool_res" != x \
+    || die "one of these is required: $find_tool_names"
+  ($find_tool_res --version </dev/null) >/dev/null 2>&1 \
+    || die "${find_tool_error_prefix}cannot run $find_tool_res --version"
  eval "$find_tool_envvar=\$find_tool_res"
  eval "export $find_tool_envvar"
 }

-# Find sha1sum, named gsha1sum on MacPorts, and shasum on MacOS 10.6.
+# Find sha1sum, named gsha1sum on MacPorts, and shasum on Mac OS X 10.6.
 find_tool SHA1SUM sha1sum gsha1sum shasum

 # Override the default configuration, if necessary.
@ -226,7 +256,6 @@ esac
 test -z "${gnulib_extra_files}" && \
  gnulib_extra_files="
        $build_aux/install-sh
-        $build_aux/missing
        $build_aux/mdate-sh
        $build_aux/texinfo.tex
        $build_aux/depcomp
@ -252,7 +281,7 @@ do
    usage
    exit;;
  --gnulib-srcdir=*)
-    GNULIB_SRCDIR=`expr "X$option" : 'X--gnulib-srcdir=\(.*\)'`;;
+    GNULIB_SRCDIR=${option#--gnulib-srcdir=};;
  --skip-po)
    SKIP_PO=t;;
  --force)
@ -266,21 +295,15 @@ do
  --no-git)
    use_git=false;;
  *)
-    echo >&2 "$0: $option: unknown option"
-    exit 1;;
+    die "$option: unknown option";;
  esac
 done

-if $use_git || test -d "$GNULIB_SRCDIR"; then
-  :
-else
-  echo "$0: Error: --no-git requires --gnulib-srcdir" >&2
-  exit 1
-fi
+$use_git || test -d "$GNULIB_SRCDIR" \
+  || die "Error: --no-git requires --gnulib-srcdir"

 if test -n "$checkout_only_file" && test ! -r "$checkout_only_file"; then
-  echo "$0: Bootstrapping from a non-checked-out distribution is risky." >&2
-  exit 1
+  die "Bootstrapping from a non-checked-out distribution is risky."
 fi

 # Ensure that lines starting with ! sort last, per gitignore conventions
@ -303,10 +326,10 @@ insert_sorted_if_absent() {
  file=$1
  str=$2
  test -f $file || touch $file
-  echo "$str" | sort_patterns - $file | cmp - $file > /dev/null \
+  echo "$str" | sort_patterns - $file | cmp -s - $file > /dev/null \
    || { echo "$str" | sort_patterns - $file > $file.bak \
      && mv $file.bak $file; } \
-    || exit 1
+    || die "insert_sorted_if_absent $file $str: failed"
 }

 # Adjust $PATTERN for $VC_IGNORE_FILE and insert it with
@ -319,7 +342,7 @@ insert_vc_ignore() {
    # A .gitignore entry that does not start with '/' applies
    # recursively to subdirectories, so prepend '/' to every
    # .gitignore entry.
-    pattern=`echo "$pattern" | sed s,^,/,`;;
+    pattern=$(echo "$pattern" | sed s,^,/,);;
  esac
  insert_sorted_if_absent "$vc_ignore_file" "$pattern"
 }
@ -330,11 +353,8 @@ grep '^[	 ]*AC_CONFIG_AUX_DIR(\['"$build_aux"'\])' configure.ac \
    >/dev/null && found_aux_dir=yes
 grep '^[	 ]*AC_CONFIG_AUX_DIR('"$build_aux"')' configure.ac \
    >/dev/null && found_aux_dir=yes
-if test $found_aux_dir = no; then
-  echo "$0: expected line not found in configure.ac. Add the following:" >&2
-  echo "  AC_CONFIG_AUX_DIR([$build_aux])" >&2
-  exit 1
-fi
+test $found_aux_dir = yes \
+  || die "configure.ac lacks 'AC_CONFIG_AUX_DIR([$build_aux])'; add it"

 # If $build_aux doesn't exist, create it now, otherwise some bits
 # below will malfunction.  If creating it, also mark it as ignored.
@ -423,31 +443,48 @@ check_versions() {
      $use_git || continue
    fi
    # Honor $APP variables ($TAR, $AUTOCONF, etc.)
-    appvar=`echo $app | LC_ALL=C tr '[a-z]-' '[A-Z]_'`
+    appvar=$(echo $app | LC_ALL=C tr '[a-z]-' '[A-Z]_')
    test "$appvar" = TAR && appvar=AMTAR
    case $appvar in
        GZIP) ;; # Do not use $GZIP:  it contains gzip options.
        *) eval "app=\${$appvar-$app}" ;;
    esac
+
+    # Handle the still-experimental Automake-NG programs specially.
+    # They remain named as the mainstream Automake programs ("automake",
+    # and "aclocal") to avoid gratuitous incompatibilities with
+    # pre-existing usages (by, say, autoreconf, or custom autogen.sh
+    # scripts), but correctly identify themselves (as being part of
+    # "GNU automake-ng") when asked their version.
+    case $app in
+      automake-ng|aclocal-ng)
+        app=${app%-ng}
+        ($app --version | grep '(GNU automake-ng)') >/dev/null 2>&1 || {
+          warn_ "Error: '$app' not found or not from Automake-NG"
+          ret=1
+          continue
+        } ;;
+    esac
    if [ "$req_ver" = "-" ]; then
      # Merely require app to exist; not all prereq apps are well-behaved
      # so we have to rely on $? rather than get_version.
      $app --version >/dev/null 2>&1
      if [ 126 -le $? ]; then
-        echo "$me: Error: '$app' not found" >&2
+        warn_ "Error: '$app' not found"
        ret=1
      fi
    else
      # Require app to produce a new enough version string.
      inst_ver=$(get_version $app)
      if [ ! "$inst_ver" ]; then
-        echo "$me: Error: '$app' not found" >&2
+        warn_ "Error: '$app' not found"
        ret=1
      else
        latest_ver=$(sort_ver $req_ver $inst_ver | cut -d' ' -f2)
        if [ ! "$latest_ver" = "$inst_ver" ]; then
-          echo "$me: Error: '$app' version == $inst_ver is too old" >&2
-          echo "       '$app' version >= $req_ver is required" >&2
+          warnf_ '%s\n'                                        \
+              "Error: '$app' version == $inst_ver is too old"  \
+              "       '$app' version >= $req_ver is required"
          ret=1
        fi
      fi
@ -492,10 +529,8 @@ esac

 # When we can deduce that gnulib-tool will require patch,
 # and when patch is not already listed as a prerequisite, add it, too.
-if test ! -d "$local_gl_dir" \
-    || find "$local_gl_dir" -name '*.diff' -exec false {} +; then
-  :
-else
+if test -d "$local_gl_dir" \
+    && ! find "$local_gl_dir" -name '*.diff' -exec false {} +; then
  case $buildreq in
    *patch*) ;;
    *) buildreq="patch -
@ -506,11 +541,10 @@ fi
 if ! printf "$buildreq" | check_versions; then
  echo >&2
  if test -f README-prereq; then
-    echo "$0: See README-prereq for how to get the prerequisite programs" >&2
+    die "See README-prereq for how to get the prerequisite programs"
  else
-    echo "$0: Please install the prerequisite programs" >&2
+    die "Please install the prerequisite programs"
  fi
-  exit 1
 fi

 echo "$0: Bootstrapping from checked-out $package sources..."
@ -539,7 +573,7 @@ git_modules_config () {
  test -f .gitmodules && git config --file .gitmodules "$@"
 }

-gnulib_path=`git_modules_config submodule.gnulib.path`
+gnulib_path=$(git_modules_config submodule.gnulib.path)
 test -z "$gnulib_path" && gnulib_path=gnulib

 # Get gnulib files.
@ -612,10 +646,10 @@ download_po_files() {
  subdir=$1
  domain=$2
  echo "$me: getting translations into $subdir for $domain..."
-  cmd=`printf "$po_download_command_format" "$domain" "$subdir"`
+  cmd=$(printf "$po_download_command_format" "$domain" "$subdir")
  eval "$cmd" && return
  # Fallback to HTTP.
-  cmd=`printf "$po_download_command_format2" "$subdir" "$domain"`
+  cmd=$(printf "$po_download_command_format2" "$subdir" "$domain")
  eval "$cmd"
 }

@ -638,7 +672,7 @@ update_po_files() {
    && ls "$ref_po_dir"/*.po 2>/dev/null |
      sed 's|.*/||; s|\.po$||' > "$po_dir/LINGUAS" || return

-  langs=`cd $ref_po_dir && echo *.po|sed 's/\.po//g'`
+  langs=$(cd $ref_po_dir && echo *.po | sed 's/\.po//g')
  test "$langs" = '*' && langs=x
  for po in $langs; do
    case $po in x) continue;; esac
@ -675,18 +709,18 @@ symlink_to_dir()

    # If the destination directory doesn't exist, create it.
    # This is required at least for "lib/uniwidth/cjk.h".
-    dst_dir=`dirname "$dst"`
+    dst_dir=$(dirname "$dst")
    if ! test -d "$dst_dir"; then
      mkdir -p "$dst_dir"

      # If we've just created a directory like lib/uniwidth,
      # tell version control system(s) it's ignorable.
      # FIXME: for now, this does only one level
-      parent=`dirname "$dst_dir"`
+      parent=$(dirname "$dst_dir")
      for dot_ig in x $vc_ignore; do
        test $dot_ig = x && continue
        ig=$parent/$dot_ig
-        insert_vc_ignore $ig `echo "$dst_dir"|sed 's,.*/,,'`
+        insert_vc_ignore $ig "${dst_dir##*/}"
      done
    fi

@ -710,10 +744,10 @@ symlink_to_dir()
      # so that broken tools aren't confused into skipping needed builds.  See
      # <http://lists.gnu.org/archive/html/bug-gnulib/2011-05/msg00326.html>.
      test -h "$dst" &&
-      src_ls=`ls -diL "$src" 2>/dev/null` && set $src_ls && src_i=$1 &&
-      dst_ls=`ls -diL "$dst" 2>/dev/null` && set $dst_ls && dst_i=$1 &&
+      src_ls=$(ls -diL "$src" 2>/dev/null) && set $src_ls && src_i=$1 &&
+      dst_ls=$(ls -diL "$dst" 2>/dev/null) && set $dst_ls && dst_i=$1 &&
      test "$src_i" = "$dst_i" &&
-      both_ls=`ls -dt "$src" "$dst"` &&
+      both_ls=$(ls -dt "$src" "$dst") &&
      test "X$both_ls" = "X$dst$nl$src" || {
        dot_dots=
        case $src in
@ -721,11 +755,10 @@ symlink_to_dir()
        *)
          case /$dst/ in
          *//* | */../* | */./* | /*/*/*/*/*/)
-             echo >&2 "$me: invalid symlink calculation: $src -> $dst"
-             exit 1;;
-          /*/*/*/*/)	dot_dots=../../../;;
-          /*/*/*/)	dot_dots=../../;;
-          /*/*/)	dot_dots=../;;
+             die "invalid symlink calculation: $src -> $dst";;
+          /*/*/*/*/)    dot_dots=../../../;;
+          /*/*/*/)      dot_dots=../../;;
+          /*/*/)        dot_dots=../;;
          esac;;
        esac

@ -736,6 +769,22 @@ symlink_to_dir()
  }
 }

+version_controlled_file() {
+  parent=$1
+  file=$2
+  if test -d .git; then
+    git rm -n "$file" > /dev/null 2>&1
+  elif test -d .svn; then
+    svn log -r HEAD "$file" > /dev/null 2>&1
+  elif test -d CVS; then
+    grep -F "/${file##*/}/" "$parent/CVS/Entries" 2>/dev/null |
+             grep '^/[^/]*/[0-9]' > /dev/null
+  else
+    warn_ "no version control for $file?"
+    false
+  fi
+}
+
 # NOTE: we have to be careful to run both autopoint and libtoolize
 # before gnulib-tool, since gnulib-tool is likely to provide newer
 # versions of files "installed" by these two programs.
@ -748,37 +797,54 @@ with_gettext=yes
 grep '^[	 ]*AM_GNU_GETTEXT_VERSION(' configure.ac >/dev/null || \
    with_gettext=no

-if test $with_gettext = yes; then
-  # Released autopoint has the tendency to install macros that have been
-  # obsoleted in current gnulib, so run this before gnulib-tool.
-  echo "$0: $AUTOPOINT --force"
-  $AUTOPOINT --force || exit
-fi
+if test $with_gettext = yes || test $use_libtool = 1; then

-# Autoreconf runs aclocal before libtoolize, which causes spurious
-# warnings if the initial aclocal is confused by the libtoolized
-# (or worse out-of-date) macro directory.
-if test $use_libtool = 1; then
-  echo "running: $LIBTOOLIZE --copy --install"
-  $LIBTOOLIZE --copy --install
-fi
+  tempbase=.bootstrap$$
+  trap "rm -f $tempbase.0 $tempbase.1" 1 2 13 15

-version_controlled_file() {
-  dir=$1
-  file=$2
-  found=no
-  if test -d CVS; then
-    grep -F "/$file/" $dir/CVS/Entries 2>/dev/null |
-             grep '^/[^/]*/[0-9]' > /dev/null && found=yes
-  elif test -d .git; then
-    git rm -n "$dir/$file" > /dev/null 2>&1 && found=yes
-  elif test -d .svn; then
-    svn log -r HEAD "$dir/$file" > /dev/null 2>&1 && found=yes
-  else
-    echo "$me: no version control for $dir/$file?" >&2
+  > $tempbase.0 > $tempbase.1 &&
+  find . ! -type d -print | sort > $tempbase.0 || exit
+
+  if test $with_gettext = yes; then
+    # Released autopoint has the tendency to install macros that have been
+    # obsoleted in current gnulib, so run this before gnulib-tool.
+    echo "$0: $AUTOPOINT --force"
+    $AUTOPOINT --force || exit
  fi
-  test $found = yes
-}
+
+  # Autoreconf runs aclocal before libtoolize, which causes spurious
+  # warnings if the initial aclocal is confused by the libtoolized
+  # (or worse out-of-date) macro directory.
+  # libtoolize 1.9b added the --install option; but we support back
+  # to libtoolize 1.5.22, where the install action was default.
+  if test $use_libtool = 1; then
+    install=
+    case $($LIBTOOLIZE --help) in
+      *--install*) install=--install ;;
+    esac
+    echo "running: $LIBTOOLIZE $install --copy"
+    $LIBTOOLIZE $install --copy
+  fi
+
+  find . ! -type d -print | sort >$tempbase.1
+  old_IFS=$IFS
+  IFS=$nl
+  for file in $(comm -13 $tempbase.0 $tempbase.1); do
+    IFS=$old_IFS
+    parent=${file%/*}
+    version_controlled_file "$parent" "$file" || {
+      for dot_ig in x $vc_ignore; do
+        test $dot_ig = x && continue
+        ig=$parent/$dot_ig
+        insert_vc_ignore "$ig" "${file##*/}"
+      done
+    }
+  done
+  IFS=$old_IFS
+
+  rm -f $tempbase.0 $tempbase.1
+  trap - 1 2 13 15
+fi

 # Import from gnulib.

@ -804,11 +870,12 @@ echo "$0: $gnulib_tool $gnulib_tool_options --import ..."
 $gnulib_tool $gnulib_tool_options --import $gnulib_modules &&

 for file in $gnulib_files; do
-  symlink_to_dir "$GNULIB_SRCDIR" $file || exit
+  symlink_to_dir "$GNULIB_SRCDIR" $file \
+    || die "failed to symlink $file"
 done

 bootstrap_post_import_hook \
-  || { echo >&2 "$me: bootstrap_post_import_hook failed"; exit 1; }
+  || die "bootstrap_post_import_hook failed"

 # Remove any dangling symlink matching "*.m4" or "*.[ch]" in some
 # gnulib-populated directories.  Such .m4 files would cause aclocal to fail.
@ -836,16 +903,17 @@ echo "running: AUTOPOINT=true LIBTOOLIZE=true " \
    "$AUTORECONF --verbose --install $no_recursive -I $m4_base $ACLOCAL_FLAGS"
 AUTOPOINT=true LIBTOOLIZE=true \
    $AUTORECONF --verbose --install $no_recursive -I $m4_base $ACLOCAL_FLAGS \
-  || exit 1
+  || die "autoreconf failed"

 # Get some extra files from gnulib, overriding existing files.
 for file in $gnulib_extra_files; do
  case $file in
  */INSTALL) dst=INSTALL;;
-  build-aux/*) dst=$build_aux/`expr "$file" : 'build-aux/\(.*\)'`;;
+  build-aux/*) dst=$build_aux/${file#build-aux/};;
  *) dst=$file;;
  esac
-  symlink_to_dir "$GNULIB_SRCDIR" $file $dst || exit
+  symlink_to_dir "$GNULIB_SRCDIR" $file $dst \
+    || die "failed to symlink $file"
 done

 if test $with_gettext = yes; then
@ -861,7 +929,19 @@ if test $with_gettext = yes; then
      a\
          '"$XGETTEXT_OPTIONS"' $${end_of_xgettext_options+}
    }
-  ' po/Makevars.template >po/Makevars || exit 1
+  ' po/Makevars.template >po/Makevars \
+    || die 'cannot generate po/Makevars'
+
+  # If the 'gettext' module is in use, grab the latest Makefile.in.in.
+  # If only the 'gettext-h' module is in use, assume autopoint already
+  # put the correct version of this file into place.
+  case $gnulib_modules in
+  *gettext-h*) ;;
+  *gettext*)
+    cp $GNULIB_SRCDIR/build-aux/po/Makefile.in.in po/Makefile.in.in \
+      || die "cannot create po/Makefile.in.in"
+    ;;
+  esac

  if test -d runtime-po; then
    # Similarly for runtime-po/Makevars, but not quite the same.
@ -875,7 +955,8 @@ if test $with_gettext = yes; then
        a\
            '"$XGETTEXT_OPTIONS_RUNTIME"' $${end_of_xgettext_options+}
      }
-    ' po/Makevars.template >runtime-po/Makevars || exit 1
+    ' po/Makevars.template >runtime-po/Makevars \
+    || die 'cannot generate runtime-po/Makevars'

    # Copy identical files from po to runtime-po.
    (cd po && cp -p Makefile.in.in *-quot *.header *.sed *.sin ../runtime-po)
--- a/bootstrap.conf
+++ b/bootstrap.conf
@ -13,9 +13,8 @@
 # GNU General Public License for more details.

 # You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
-
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.

 # gnulib modules used by this package.
 gnulib_modules='
@ -31,6 +30,7 @@ c-strcasestr
 calloc-posix
 canonicalize-lgpl
 chown
+clock-time
 close
 connect
 configmake
@ -38,11 +38,13 @@ count-one-bits
 crypto/md5
 dirname-lgpl
 environ
+execinfo
 fclose
 fcntl
 fcntl-h
 fdatasync
 ffs
+ffsl
 fnmatch
 fsync
 func
@ -60,13 +62,17 @@ ignore-value
 inet_pton
 intprops
 ioctl
+isatty
 largefile
+ldexp
 listen
+localeconv
 maintainer-makefile
 manywarnings
 mkstemp
 mkstemps
 mktempd
+net_if
 netdb
 nonblocking
 openpty
@ -80,6 +86,7 @@ posix-shell
 pthread
 pthread_sigmask
 recv
+regex
 random_r
 sched
 send
@ -88,6 +95,7 @@ sigaction
 sigpipe
 snprintf
 socket
+stat-time
 stdarg
 stpcpy
 strchrnul
@ -221,7 +229,6 @@ touch ChangeLog || exit 1
 # Override bootstrap's list - we don't use mdate-sh or texinfo.tex.
 gnulib_extra_files="
        $build_aux/install-sh
-        $build_aux/missing
        $build_aux/depcomp
        $build_aux/config.guess
        $build_aux/config.sub
--- a/build-aux/augeas-gentest.pl
+++ b/build-aux/augeas-gentest.pl
@ -0,0 +1,71 @@
+#!/usr/bin/perl
+#
+# augeas-gentest.pl: Generate an augeas test file, from an
+#                    example config file + test file template
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.
+#
+# Authors:
+#     Daniel P. Berrange <berrange@redhat.com>
+
+use strict;
+use warnings;
+
+die "syntax: $0 CONFIG TEMPLATE AUGTEST\n" unless @ARGV == 3;
+
+my $config = shift @ARGV;
+my $template = shift @ARGV;
+my $augtest = shift @ARGV;
+
+open AUGTEST, ">", $augtest or die "cannot create $augtest: $!";
+
+$SIG{__DIE__} = sub {
+    unlink $augtest;
+};
+
+open CONFIG, "<", $config or die "cannot read $config: $!";
+open TEMPLATE, "<", $template or die "cannot read $template: $!";
+
+my $group = 0;
+while (<TEMPLATE>) {
+    if (/::CONFIG::/) {
+        my $group = 0;
+        print AUGTEST "  let conf = \"";
+        while (<CONFIG>) {
+            if (/^#\w/) {
+                s/^#//;
+                s/\"/\\\"/g;
+                print AUGTEST $_;
+                $group = /\[\s$/;
+            } elsif ($group) {
+                s/\"/\\\"/g;
+                if (/#\s*\]/) {
+                    $group = 0;
+                }
+                if (/^#/) {
+                    s/^#//;
+                    print AUGTEST $_;
+                }
+            }
+        }
+        print AUGTEST "\"\n";
+    } else {
+        print AUGTEST $_;
+    }
+}
+
+close TEMPLATE;
+close CONFIG;
+close AUGTEST or die "cannot save $augtest: $!";
--- a/cfg.mk
+++ b/cfg.mk
@ -13,7 +13,8 @@
 # GNU General Public License for more details.

 # You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+# along with this program.  If not, see
+# <http://www.gnu.org/licenses/>.

 # Use alpha.gnu.org for alpha and beta releases.
 # Use ftp.gnu.org for major releases.
@ -76,6 +77,17 @@ local-checks-to-skip =			\
  sc_makefile_check			\
  sc_useless_cpp_parens

+# Most developers don't run 'make distcheck'.  We want the official
+# dist to be secure, but don't want to penalize other developers
+# using a distro that has not yet picked up the automake fix.
+# FIXME remove this ifeq (making the syntax check unconditional)
+# once fixed automake (1.11.6 or 1.12.2+) is more common.
+ifeq ($(filter dist%, $(MAKECMDGOALS)), )
+local-checks-to-skip +=	sc_vulnerable_makefile_CVE-2012-3386
+else
+distdir: sc_vulnerable_makefile_CVE-2012-3386.z
+endif
+
 # Files that should never cause syntax check failures.
 VC_LIST_ALWAYS_EXCLUDE_REGEX = \
  (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po)$$
@ -133,20 +145,9 @@ useless_free_options =				\
  --name=virJSONValueFree			\
  --name=virLastErrFreeData			\
  --name=virNetMessageFree                      \
-  --name=virNetClientFree                       \
-  --name=virNetClientProgramFree                \
-  --name=virNetClientStreamFree                 \
-  --name=virNetServerFree                       \
-  --name=virNetServerClientFree                 \
  --name=virNetServerMDNSFree                   \
  --name=virNetServerMDNSEntryFree              \
  --name=virNetServerMDNSGroupFree              \
-  --name=virNetServerProgramFree                \
-  --name=virNetServerServiceFree                \
-  --name=virNetSocketFree                       \
-  --name=virNetSASLContextFree                  \
-  --name=virNetSASLSessionFree                  \
-  --name=virNetTLSSessionFree                   \
  --name=virNWFilterDefFree			\
  --name=virNWFilterEntryFree			\
  --name=virNWFilterHashTableFree		\
@ -159,6 +160,8 @@ useless_free_options =				\
  --name=virNetworkObjFree			\
  --name=virNodeDeviceDefFree			\
  --name=virNodeDeviceObjFree			\
+  --name=virObjectUnref                         \
+  --name=virObjectFreeCallback                  \
  --name=virSecretDefFree			\
  --name=virStorageEncryptionFree		\
  --name=virStorageEncryptionSecretFree		\
@ -350,7 +353,18 @@ snp_ = strncmp *\(.+\)
 sc_prohibit_strncmp:
 	@prohibit='! *strncmp *\(|\<$(snp_) *[!=]=|[!=]= *$(snp_)'	\
 	exclude=':# *define STR(N?EQLEN|PREFIX)\('			\
-	halt='$(ME): use STREQLEN or STRPREFIX instead of str''ncmp'	\
+	halt='use STREQLEN or STRPREFIX instead of str''ncmp'		\
+	  $(_sc_search_regexp)
+
+# strtol and friends are too easy to misuse
+sc_prohibit_strtol:
+	@prohibit='\bstrto(u?ll?|[ui]max) *\('				\
+	exclude='exempt from syntax-check'				\
+	halt='use virStrToLong_*, not strtol variants'			\
+	  $(_sc_search_regexp)
+	@prohibit='\bstrto[df] *\('					\
+	exclude='exempt from syntax-check'				\
+	halt='use virStrToDouble, not strtod variants'			\
 	  $(_sc_search_regexp)

 # Use virAsprintf rather than as'printf since *strp is undefined on error.
@ -372,11 +386,6 @@ sc_prohibit_sprintf:
 	halt='use snprintf, not s'printf				\
 	  $(_sc_search_regexp)

-sc_prohibit_strncpy:
-	@prohibit='strncpy *\('						\
-	halt='use virStrncpy, not strncpy'				\
-	  $(_sc_search_regexp)
-
 sc_prohibit_readlink:
 	@prohibit='readlink *\('					\
 	halt='use virFileResolveLink, not readlink'			\
@ -397,6 +406,11 @@ sc_prohibit_VIR_ERR_NO_MEMORY:
 	halt='use virReportOOMError, not V'IR_ERR_NO_MEMORY		\
 	  $(_sc_search_regexp)

+sc_prohibit_PATH_MAX:
+	@prohibit='\<P''ATH_MAX\>'				\
+	halt='dynamically allocate paths, do not use P'ATH_MAX	\
+	  $(_sc_search_regexp)
+
 # Use a subshell for each function, to give the optimal warning message.
 include $(srcdir)/Makefile.nonreentrant
 sc_prohibit_nonreentrant:
@ -431,7 +445,7 @@ sc_size_of_brackets:
 # Ensure that no C source file, docs, or rng schema uses TABs for
 # indentation.  Also match *.h.in files, to get libvirt.h.in.  Exclude
 # files in gnulib, since they're imported.
-space_indent_files=(\.(rng|s?[ch](\.in)?|html.in|py|syms)|(daemon|tools)/.*\.in)
+space_indent_files=(\.(rng|s?[ch](\.in)?|html.in|py|pl|syms)|(daemon|tools)/.*\.in)
 sc_TAB_in_indentation:
 	@prohibit='^ *	'						\
 	in_vc_files='$(space_indent_files)$$'				\
@ -495,46 +509,12 @@ sc_avoid_attribute_unused_in_header:
 # |grep -vE '^(qsort|if|close|assert|fputc|free|N_|vir.*GetName|.*Unlock|virNodeListDevices|virHashRemoveEntry|freeaddrinfo|.*[fF]ree|xdrmem_create|xmlXPathFreeObject|virUUIDFormat|openvzSetProgramSentinal|polkit_action_unref)$'

 msg_gen_function =
-msg_gen_function += ESX_ERROR
-msg_gen_function += ESX_VI_ERROR
-msg_gen_function += HYPERV_ERROR
-msg_gen_function += PHYP_ERROR
 msg_gen_function += VIR_ERROR
-msg_gen_function += VMX_ERROR
-msg_gen_function += XENXS_ERROR
-msg_gen_function += eventReportError
-msg_gen_function += ifaceError
-msg_gen_function += interfaceReportError
-msg_gen_function += iptablesError
 msg_gen_function += lxcError
-msg_gen_function += libxlError
-msg_gen_function += macvtapError
-msg_gen_function += networkReportError
-msg_gen_function += nodeReportError
-msg_gen_function += openvzError
-msg_gen_function += pciReportError
-msg_gen_function += qemuReportError
-msg_gen_function += qemudDispatchClientFailure
 msg_gen_function += regerror
-msg_gen_function += remoteError
-msg_gen_function += remoteDispatchFormatError
-msg_gen_function += statsError
-msg_gen_function += streamsReportError
-msg_gen_function += usbReportError
-msg_gen_function += umlReportError
 msg_gen_function += vah_error
 msg_gen_function += vah_warning
-msg_gen_function += vboxError
-msg_gen_function += virCommandError
-msg_gen_function += virConfError
-msg_gen_function += virCPUReportError
-msg_gen_function += virEventError
-msg_gen_function += virDomainReportError
 msg_gen_function += virGenericReportError
-msg_gen_function += virHashError
-msg_gen_function += virHookReportError
-msg_gen_function += virInterfaceReportError
-msg_gen_function += virJSONError
 msg_gen_function += virLibConnError
 msg_gen_function += virLibDomainError
 msg_gen_function += virLibDomainSnapshotError
@ -545,39 +525,21 @@ msg_gen_function += virLibNWFilterError
 msg_gen_function += virLibSecretError
 msg_gen_function += virLibStoragePoolError
 msg_gen_function += virLibStorageVolError
-msg_gen_function += virNetworkReportError
-msg_gen_function += virNodeDeviceReportError
-msg_gen_function += virNWFilterReportError
 msg_gen_function += virRaiseError
+msg_gen_function += virReportError
 msg_gen_function += virReportErrorHelper
 msg_gen_function += virReportSystemError
-msg_gen_function += virSecretReportError
-msg_gen_function += virSecurityReportError
-msg_gen_function += virSexprError
-msg_gen_function += virSmbiosReportError
-msg_gen_function += virSocketError
-msg_gen_function += virStatsError
-msg_gen_function += virStorageReportError
-msg_gen_function += virUtilError
-msg_gen_function += virXMLError
-msg_gen_function += virXenInotifyError
-msg_gen_function += virXenStoreError
-msg_gen_function += virXendError
-msg_gen_function += vmwareError
 msg_gen_function += xenapiSessionErrorHandler
-msg_gen_function += xenUnifiedError
-msg_gen_function += xenXMError

 # Uncomment the following and run "make syntax-check" to see diagnostics
 # that are not yet marked for translation, but that need to be rewritten
 # so that they are translatable.
 # msg_gen_function += fprintf
 # msg_gen_function += testError
-# msg_gen_function += virXenError
 # msg_gen_function += vshPrint
 # msg_gen_function += vshError

-func_or := $(shell printf '$(msg_gen_function)'|tr -s '[[:space:]]' '|')
+func_or := $(shell echo $(msg_gen_function)|tr -s ' ' '|')
 func_re := ($(func_or))

 # Look for diagnostics that aren't marked for translation.
@ -588,11 +550,11 @@ func_re := ($(func_or))
 sc_libvirt_unmarked_diagnostics:
 	@prohibit='\<$(func_re) *\([^"]*"[^"]*[a-z]{3}'			\
 	exclude='_\('							\
-	halt='$(ME): found unmarked diagnostic(s)'			\
+	halt='found unmarked diagnostic(s)'				\
 	  $(_sc_search_regexp)
 	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
 	   grep -A1 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
-	   | sed 's/_("[^"][^"]*"//;s/[	 ]"%s"//'			\
+	   | sed 's/_("\([^\"]\|\\.\)\+"//;s/[	 ]"%s"//'		\
 	   | grep '[	 ]"' &&						\
 	  { echo '$(ME): found unmarked diagnostic(s)' 1>&2;		\
 	    exit 1; } || :
@ -611,6 +573,39 @@ sc_prohibit_newline_at_end_of_diagnostic:
 	  && { echo '$(ME): newline at end of message(s)' 1>&2;		\
 	    exit 1; } || :

+# Look for diagnostics that lack a % in the format string, except that we
+# allow VIR_ERROR to do this, and ignore functions that take a single
+# string rather than a format argument.
+sc_prohibit_diagnostic_without_format:
+	@{ grep     -nE '\<$(func_re) *\(.*;$$' $$($(VC_LIST_EXCEPT));   \
+	   grep -A2 -nE '\<$(func_re) *\(.*,$$' $$($(VC_LIST_EXCEPT)); } \
+	   | sed -rn -e ':l; /[,"]$$/ {N;b l;}'				 \
+		-e '/(xenapiSessionErrorHandler|vah_(error|warning))/d'	 \
+		-e '/\<$(func_re) *\([^"]*"([^%"]|"\n[^"]*")*"[,)]/p'	 \
+           | grep -vE 'VIR_ERROR' &&					 \
+	  { echo '$(ME): found diagnostic without %' 1>&2;		 \
+	    exit 1; } || :
+
+# The strings "" and "%s" should never be marked for translation.
+# Files under tests/ and examples/ should not be translated.
+sc_prohibit_useless_translation:
+	@prohibit='_\("(%s)?"\)'					\
+	halt='found useless translation'				\
+	  $(_sc_search_regexp)
+	@prohibit='\<N?_ *\('						\
+	in_vc_files='^(tests|examples)/'				\
+	halt='no translations in tests or examples'			\
+	  $(_sc_search_regexp)
+
+# When splitting a diagnostic across lines, ensure that there is a space
+# or \n on one side of the split.
+sc_require_whitespace_in_translation:
+	@grep -n -A1 '"$$' $$($(VC_LIST_EXCEPT))   			\
+	   | sed -ne ':l; /"$$/ {N;b l;}; s/"\n[^"]*"/""/g; s/\\n/ /g'	\
+		-e '/_(.*[^\ ]""[^\ ]/p' | grep . &&			\
+	  { echo '$(ME): missing whitespace at line split' 1>&2;	\
+	    exit 1; } || :
+
 # Enforce recommended preprocessor indentation style.
 sc_preprocessor_indentation:
 	@if cppi --version >/dev/null 2>&1; then			\
@ -633,6 +628,13 @@ sc_copyright_format:
 	halt='spell Red Hat as two words'				\
 	  $(_sc_search_regexp)

+# Prefer the new URL listing over the old street address listing when
+# calling out where to get a copy of the [L]GPL.
+sc_copyright_address:
+	@prohibit=Boston,' MA'						\
+	halt='Point to <http://www.gnu.org/licenses/>, not an address'	\
+	  $(_sc_search_regexp)
+
 # Some functions/macros produce messages intended solely for developers
 # and maintainers.  Do not mark them for translation.
 sc_prohibit_gettext_markup:
@ -739,7 +741,7 @@ $(srcdir)/src/remote/remote_client_bodies.h: $(srcdir)/src/remote/remote_protoco
 	$(MAKE) -C src remote/remote_client_bodies.h

 # List all syntax-check exemptions:
-exclude_file_name_regexp--sc_avoid_strcase = ^tools/virsh\.c$$
+exclude_file_name_regexp--sc_avoid_strcase = ^tools/virsh\.h$$

 _src1=libvirt|fdstream|qemu/qemu_monitor|util/(command|util)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller
 exclude_file_name_regexp--sc_avoid_write = \
@ -747,10 +749,13 @@ exclude_file_name_regexp--sc_avoid_write = \

 exclude_file_name_regexp--sc_bindtextdomain = ^(tests|examples)/

+exclude_file_name_regexp--sc_copyright_address = \
+  ^COPYING\.LIB$$
+
 exclude_file_name_regexp--sc_flags_usage = ^(docs/|src/util/virnetdevtap\.c$$)

 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
-  ^src/rpc/gendispatch\.pl$$
+  ^(src/rpc/gendispatch\.pl$$|tests/)

 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$)

@ -769,7 +774,7 @@ exclude_file_name_regexp--sc_prohibit_close = \
  (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c)$$)

 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/qemuhelpdata/|\.(gif|ico|png|diff)$$)
+  (^tests/(qemuhelp|nodeinfo)data/|\.(gif|ico|png|diff)$$)

 _src2=src/(util/command|libvirt|lxc/lxc_controller)
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
@ -784,20 +789,23 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
  ^src/rpc/gendispatch\.pl$$

 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
-  ^((po|tests)/|docs/.*py$$|tools/(virsh|console)\.c$$)
+  ^((po|tests)/|docs/.*py|run.in$$)

 exclude_file_name_regexp--sc_prohibit_raw_allocation = \
  ^(src/util/memory\.[ch]|examples/.*)$$

-exclude_file_name_regexp--sc_prohibit_readlink = ^src/util/util\.c$$
+exclude_file_name_regexp--sc_prohibit_readlink = \
+  ^src/(util/util|lxc/lxc_container)\.c$$

 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/util\.c$$

 exclude_file_name_regexp--sc_prohibit_sprintf = \
  ^(docs/hacking\.html\.in)|(examples/systemtap/.*stp)|(src/dtrace2systemtap\.pl)|(src/rpc/gensystemtap\.pl)$$

-exclude_file_name_regexp--sc_prohibit_strncpy = \
-  ^(src/util/util|tools/virsh)\.c$$
+exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/util\.c$$
+
+exclude_file_name_regexp--sc_prohibit_strtol = \
+  ^src/(util/sexpr|(vbox|xen|xenxs)/.*)\.c$$

 exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/xml\.c$$

@ -805,11 +813,13 @@ exclude_file_name_regexp--sc_prohibit_xmlURI = ^src/util/viruri\.c$$

 exclude_file_name_regexp--sc_prohibit_return_as_function = \.py$$

-exclude_file_name_regexp--sc_require_config_h = ^examples/
+_virsh_includes=(edit|domain-monitor|domain|volume|pool|network|interface|nwfilter|secret|snapshot|host|nodedev)
+exclude_file_name_regexp--sc_require_config_h = ^(examples/|tools/virsh-$(_virsh_includes)\.c$$)

-exclude_file_name_regexp--sc_require_config_h_first = ^examples/
+exclude_file_name_regexp--sc_require_config_h_first = ^(examples/|tools/virsh-$(_virsh_includes)\.c$$)

-exclude_file_name_regexp--sc_trailing_blank = \.(fig|gif|ico|png)$$
+exclude_file_name_regexp--sc_trailing_blank = \
+  (/qemuhelpdata/|\.(fig|gif|ico|png)$$)

 exclude_file_name_regexp--sc_unmarked_diagnostics = \
  ^(docs/apibuild.py|tests/virt-aa-helper-test)$$
--- a/configure.ac
+++ b/configure.ac
@ -3,13 +3,13 @@ dnl Process this file with autoconf to produce a configure script.
 dnl Copyright (C) 2005-2012 Red Hat, Inc.
 dnl See COPYING.LIB for the License of this software

-AC_INIT([libvirt], [0.9.11], [libvir-list@redhat.com], [], [http://libvirt.org])
+AC_INIT([libvirt], [0.10.2], [libvir-list@redhat.com], [], [http://libvirt.org])
 AC_CONFIG_SRCDIR([src/libvirt.c])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
 dnl Make automake keep quiet about wildcards & other GNUmake-isms
-AM_INIT_AUTOMAKE([-Wno-portability])
+AM_INIT_AUTOMAKE([-Wno-portability tar-ustar])
 AM_MAINTAINER_MODE([enable])

 # Maintainer note - comment this line out if you plan to rerun
@ -23,16 +23,55 @@ AM_SILENT_RULES([yes])

 AC_CANONICAL_HOST

+# First extract pieces from the version number string
 LIBVIRT_MAJOR_VERSION=`echo $VERSION | awk -F. '{print $1}'`
 LIBVIRT_MINOR_VERSION=`echo $VERSION | awk -F. '{print $2}'`
 LIBVIRT_MICRO_VERSION=`echo $VERSION | awk -F. '{print $3}'`
 LIBVIRT_VERSION=$LIBVIRT_MAJOR_VERSION.$LIBVIRT_MINOR_VERSION.$LIBVIRT_MICRO_VERSION$LIBVIRT_MICRO_VERSION_SUFFIX
-LIBVIRT_VERSION_INFO=`expr $LIBVIRT_MAJOR_VERSION + $LIBVIRT_MINOR_VERSION`:$LIBVIRT_MICRO_VERSION:$LIBVIRT_MINOR_VERSION
 LIBVIRT_VERSION_NUMBER=`expr $LIBVIRT_MAJOR_VERSION \* 1000000 + $LIBVIRT_MINOR_VERSION \* 1000 + $LIBVIRT_MICRO_VERSION`

+# In libtool terminology we need to figure out:
+#
+# CURRENT
+#     The most recent interface number that this library implements.
+#
+# REVISION
+#     The implementation number of the CURRENT interface.
+#
+# AGE
+#     The difference between the newest and oldest interfaces that this
+#     library implements.
+#
+# In other words, the library implements all the interface numbers
+# in the range from number `CURRENT - AGE' to `CURRENT'.
+#
+# Libtool assigns the soname version from `CURRENT - AGE', and we
+# don't want that to ever change in libvirt. ie it must always be
+# zero, to produce libvirt.so.0.
+#
+# We would, however, like the libvirt version number reflected
+# in the so version'd symlinks, and this is based on AGE.REVISION
+# eg  libvirt.so.0.AGE.REVISION
+#
+# Assuming we do ever want to break soname version, this can
+# toggled. But seriously, don't ever touch this.
+LIBVIRT_SONUM=0
+
+# The following examples show what libtool will do
+#
+# Input: 0.9.14 ->   libvirt.so.0.9.14
+# Input: 1.0.0  ->   libvirt.so.0.1000.0
+# Input: 2.5.8  ->   libvirt.so.0.2005.8
+#
+AGE=`expr $LIBVIRT_MAJOR_VERSION '*' 1000 + $LIBVIRT_MINOR_VERSION`
+REVISION=$LIBVIRT_MICRO_VERSION
+CURRENT=`expr $LIBVIRT_SONUM + $AGE`
+LIBVIRT_VERSION_INFO=$CURRENT:$REVISION:$AGE
+
 AC_SUBST([LIBVIRT_MAJOR_VERSION])
 AC_SUBST([LIBVIRT_MINOR_VERSION])
 AC_SUBST([LIBVIRT_MICRO_VERSION])
+AC_SUBST([LIBVIRT_SONUM])
 AC_SUBST([LIBVIRT_VERSION])
 AC_SUBST([LIBVIRT_VERSION_INFO])
 AC_SUBST([LIBVIRT_VERSION_NUMBER])
@ -73,13 +112,14 @@ OPENWSMAN_REQUIRED="2.2.3"
 LIBPCAP_REQUIRED="1.0.0"
 LIBNL_REQUIRED="1.1"
 LIBSSH2_REQUIRED="1.0"
+LIBSSH2_TRANSPORT_REQUIRED="1.3"
 LIBBLKID_REQUIRED="2.17"
+DBUS_REQUIRED="1.0.0"

 dnl Checks for C compiler.
 AC_PROG_CC
 AC_PROG_INSTALL
 AC_PROG_CPP
-AM_PROG_CC_STDC

 gl_EARLY
 gl_INIT
@ -132,8 +172,8 @@ AC_CHECK_SIZEOF([long])
 dnl Availability of various common functions (non-fatal if missing),
 dnl and various less common threadsafe functions
 AC_CHECK_FUNCS_ONCE([cfmakeraw geteuid getgid getgrnam_r getmntent_r \
-  getpwuid_r getuid initgroups kill mmap posix_fallocate posix_memalign \
-  regexec sched_getaffinity])
+  getpwuid_r getuid initgroups kill mmap newlocale posix_fallocate \
+  posix_memalign regexec sched_getaffinity])

 dnl Availability of pthread functions (if missing, win32 threading is
 dnl assumed).  Because of $LIB_PTHREAD, we cannot use AC_CHECK_FUNCS_ONCE.
@ -143,35 +183,73 @@ LIBS="$LIBS $LIB_PTHREAD $LIBMULTITHREAD"
 AC_CHECK_FUNCS([pthread_mutexattr_init])
 LIBS=$old_libs

-old_LIBS=$LIBS
-RT_LIBS=
-LIBS="$LIBS $LIB_PTHREAD -lrt"
-AC_CHECK_FUNC([clock_gettime],[
-     AC_DEFINE([HAVE_CLOCK_GETTIME],[],[Defined if clock_gettime() exists in librt.so])
-     RT_LIBS=-lrt
-])
-LIBS=$old_libs
-AC_SUBST(RT_LIBS)
-
 dnl Availability of various common headers (non-fatal if missing).
 AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/un.h \
  sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h \
-  sys/un.h sys/syscall.h netinet/tcp.h ifaddrs.h libtasn1.h \
-  net/if.h])
+  sys/un.h sys/syscall.h netinet/tcp.h ifaddrs.h libtasn1.h])

-AC_MSG_CHECKING([for struct ifreq in net/if.h])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
-   [[
-     #include <net/if.h>
-   ]],
-   [[
-     struct ifreq ifr;
-   ]])],[
-     AC_DEFINE([HAVE_STRUCT_IFREQ],[],[Defined if struct ifreq existsin net/if.h])
-     AC_MSG_RESULT([yes])
-   ],[
-     AC_MSG_RESULT([yes])
-   ])
+dnl We need to decide at configure time if libvirt will use real atomic
+dnl operations ("lock free") or emulated ones with a mutex.
+
+dnl Note that the atomic ops are only available with GCC on x86 when
+dnl using -march=i486 or higher.  If we detect that the atomic ops are
+dnl not available but would be available given the right flags, we want
+dnl to abort and advise the user to fix their CFLAGS.  It's better to do
+dnl that then to silently fall back on emulated atomic ops just because
+dnl the user had the wrong build environment.
+
+atomic_ops=
+
+AC_MSG_CHECKING([for atomic ops implementation])
+
+AC_TRY_COMPILE([], [__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4;],[
+  atomic_ops=gcc
+],[])
+
+if test "$atomic_ops" = "" ; then
+  SAVE_CFLAGS="${CFLAGS}"
+  CFLAGS="-march=i486"
+  AC_TRY_COMPILE([],
+                 [__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4;],
+                 [AC_MSG_ERROR([Libvirt must be built with -march=i486 or later.])],
+                 [])
+  CFLAGS="${SAVE_CFLAGS}"
+
+  case "$host" in
+    *-*-mingw* | *-*-msvc* )
+      atomic_ops=win32
+      ;;
+    *)
+      if test "$ac_cv_header_pthread_h" = "yes" ; then
+        atomic_ops=pthread
+      else
+        AC_MSG_ERROR([Libvirt must be built with GCC or have pthread.h on non-Win32 platforms])
+      fi
+      ;;
+  esac
+fi
+
+case "$atomic_ops" in
+   gcc)
+     AC_DEFINE([VIR_ATOMIC_OPS_GCC],[1],[Use GCC atomic ops])
+     ;;
+   win32)
+     AC_DEFINE([VIR_ATOMIC_OPS_WIN32],[1],[Use Win32 atomic ops])
+     ;;
+   pthread)
+     AC_DEFINE([VIR_ATOMIC_OPS_PTHREAD],[1],[Use pthread atomic ops emulation])
+     ;;
+esac
+AM_CONDITIONAL([WITH_ATOMIC_OPS_PTHREAD],[test "$atomic_ops" = "pthread"])
+AC_MSG_RESULT([$atomic_ops])
+
+
+AC_CHECK_TYPE([struct ifreq],
+  [AC_DEFINE([HAVE_STRUCT_IFREQ],[1],
+    [Defined if struct ifreq exists in net/if.h])],
+  [], [[#include <sys/socket.h>
+        #include <net/if.h>
+  ]])

 dnl Our only use of libtasn1.h is in the testsuite, and can be skipped
 dnl if the header is not present.  Assume -ltasn1 is present if the
@ -330,6 +408,8 @@ AC_ARG_WITH([esx],
  AC_HELP_STRING([--with-esx], [add ESX support @<:@default=check@:>@]),[],[with_esx=check])
 AC_ARG_WITH([hyperv],
  AC_HELP_STRING([--with-hyperv], [add Hyper-V support @<:@default=check@:>@]),[],[with_hyperv=check])
+AC_ARG_WITH([parallels],
+  AC_HELP_STRING([--with-parallels], [add Parallels Cloud Server support @<:@default=check@:>@]),[],[with_parallels=check])
 AC_ARG_WITH([test],
  AC_HELP_STRING([--with-test], [add test driver support @<:@default=yes@:>@]),[],[with_test=yes])
 AC_ARG_WITH([remote],
@ -342,6 +422,8 @@ AC_ARG_WITH([console-lock-files],
                  (use auto for default paths on some platforms)
                  @<:@default=auto@:>@]),
  [],[with_console_lock_files=auto])
+AC_ARG_WITH([libssh2_transport],
+  AC_HELP_STRING([--with-libssh2_transport], [libssh2 location @<:@default=check@:>@]),[],[with_libssh2_transport=check])

 dnl
 dnl in case someone want to build static binaries
@ -368,7 +450,7 @@ AC_MSG_CHECKING([for init script flavor])
 AC_ARG_WITH([init-script],
            [AC_HELP_STRING([--with-init-script@<:@=STYLE@:>@],
                            [Style of init script to install: redhat, systemd, systemd+redhat,
-                             upstart, auto, none @<:@default=auto@:>@])],[],[with_init_script=check])
+                             upstart, check, none @<:@default=check@:>@])],[],[with_init_script=check])
 init_redhat=no
 init_systemd=no
 init_upstart=no
@ -403,6 +485,31 @@ AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_UPSTART], test "$init_upstart" = "yes")
 AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_SYSTEMD], test "$init_systemd" = "yes")
 AC_MSG_RESULT($with_init_script)

+
+AC_MSG_CHECKING([for whether to install sysctl config])
+AC_ARG_WITH([sysctl],
+            [AC_HELP_STRING([--with-sysctl@<:@=yes/no@:>@],
+                            [Whether to install sysctl configs @<:@default=check@:>@])],
+                            [],[with_sysctl=check])
+
+if test "$with_sysctl" = "yes" || test "$with_sysctl" = "check"
+then
+  case $host in
+    *-*-linux*)
+      with_sysctl=yes
+      ;;
+    **)
+      if test "$with_sysctl" = "yes"; then
+         AC_MSG_ERROR([No sysctl configuration supported for $host])
+      else
+         with_sysctl=no
+      fi
+      ;;
+  esac
+fi
+AM_CONDITIONAL([WITH_SYSCTL], test "$with_sysctl" = "yes")
+AC_MSG_RESULT($with_sysctl)
+
 dnl RHEL-5 has a peculiar version of Xen, which requires some special casing
 AC_ARG_WITH([rhel5-api],
 	[AC_HELP_STRING([--with-rhel5-api=@<:@ARG@:>@],
@ -529,12 +636,6 @@ AC_DEFINE_UNQUOTED([VBOX_XPCOMC_DIR], ["$vbox_xpcomc_dir"],
                   [Location of directory containing VirtualBox XPCOMC library])

 if test "x$with_vbox" = "xyes"; then
-    case "$host" in
-      *-*-mingw* | *-*-msvc*) MSCOM_LIBS="-lole32 -loleaut32" ;;
-      *) MSCOM_LIBS= ;;
-    esac
-    AC_SUBST([MSCOM_LIBS])
-
    AC_DEFINE_UNQUOTED([WITH_VBOX], 1, [whether VirtualBox driver is enabled])
 fi
 AM_CONDITIONAL([WITH_VBOX], [test "$with_vbox" = "yes"])
@ -754,6 +855,9 @@ if test "$with_lxc" = "yes" || test "$with_lxc" = "check"; then
        unshare (!(LO_FLAGS_AUTOCLEAR + EPOLL_CLOEXEC));
    ], [
        with_lxc=yes
+       AC_DEFINE([HAVE_DECL_LO_FLAGS_AUTOCLEAR], [1],
+         [Define to 1 if you have the declaration of `LO_FLAGS_AUTOCLEAR',
+         and to 0 if you don't.])
    ], [
        if test "$with_lxc" = "check"; then
            with_lxc=no
@ -768,6 +872,26 @@ if test "$with_lxc" = "yes" ; then
 fi
 AM_CONDITIONAL([WITH_LXC], [test "$with_lxc" = "yes"])

+dnl
+dnl Checks for the Parallels driver
+dnl
+
+if test "$with_parallels" = "check"; then
+    with_parallels=$with_linux
+    if test ! $host_cpu = 'x86_64'; then
+        with_parallels=no
+    fi
+fi
+
+if test "$with_parallels" = "yes" && test "$with_linux" = "no"; then
+    AC_MSG_ERROR([The Parallels driver can be enabled on Linux only.])
+fi
+
+if test "$with_parallels" = "yes"; then
+    AC_DEFINE_UNQUOTED([WITH_PARALLELS], 1, [whether Parallels driver is enabled])
+fi
+AM_CONDITIONAL([WITH_PARALLELS], [test "$with_parallels" = "yes"])
+
 dnl
 dnl check for shell that understands <> redirection without truncation,
 dnl needed by src/qemu/qemu_monitor_{text,json}.c.
@ -972,6 +1096,27 @@ AC_ARG_WITH([yajl],
  [],
  [with_yajl=check])

+if test "$with_qemu:$with_yajl" = yes:check; then
+  dnl Some versions of qemu require the use of yajl; try to detect them
+  dnl here, although we do not require qemu to exist in order to compile.
+  dnl This check mirrors src/qemu/qemu_capabilities.c
+  AC_PATH_PROGS([QEMU], [qemu-kvm qemu kvm qemu-system-x86_64],
+                [], [$PATH:/usr/bin:/usr/libexec])
+  if test -x "$QEMU"; then
+    if `$QEMU -help | grep libvirt` >/dev/null; then
+      with_yajl=yes
+    else
+      [qemu_version_sed='s/.*ersion \([0-9.,]*\).*/\1/']
+      qemu_version=`$QEMU -version | sed "$qemu_version_sed"`
+      case $qemu_version in
+        [[1-9]].* | 0.15.* ) with_yajl=yes ;;
+        0.* | '' ) ;;
+        *) AC_MSG_ERROR([Unexpected qemu version string]) ;;
+      esac
+    fi
+  fi
+fi
+
 YAJL_CFLAGS=
 YAJL_LIBS=
 with_yajl2=no
@ -1074,6 +1219,37 @@ AC_SUBST([SANLOCK_CFLAGS])
 AC_SUBST([SANLOCK_LIBS])


+dnl DBus library
+DBUS_CFLAGS=
+DBUS_LIBS=
+AC_ARG_WITH([dbus],
+  AC_HELP_STRING([--with-dbus], [enable communication with DBus @<:@default=check@:>@]),
+  [],
+  [with_dbus=check])
+if test "$with_dbus" = "yes" || test "$with_dbus" = "check" ; then
+  PKG_CHECK_MODULES(DBUS, dbus-1 >= $DBUS_REQUIRED,
+    [with_dbus=yes], [
+     if test "$with_dbus" = "check" ; then
+       with_dbus=no
+     else
+       AC_MSG_ERROR([You must install DBus >= $DBUS_REQUIRED to compile libvirt])
+     fi])
+fi
+
+if test "$with_dbus" = "yes" ; then
+  AC_DEFINE_UNQUOTED([HAVE_DBUS], 1, [enable communication with DBus])
+
+  save_LIBS="$LIBS"
+  save_CFLAGS="$CFLAGS"
+  LIBS="$LIBS $DBUS_LIBS"
+  CFLAGS="$CFLAGS $DBUS_CFLAGS"
+  AC_CHECK_FUNCS([dbus_watch_get_unix_fd])
+  LIBS="$save_LIBS"
+  CFLAGS="$save_CFLAGS"
+fi
+AM_CONDITIONAL([HAVE_DBUS], [test "$have_dbus" = "yes"])
+
+
 dnl PolicyKit library
 POLKIT_CFLAGS=
 POLKIT_LIBS=
@ -1084,7 +1260,6 @@ AC_ARG_WITH([polkit],
  [with_polkit=check])

 with_polkit0=no
-with_dbus=no
 with_polkit1=no
 if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
  dnl Check for new polkit first - just a binary
@ -1113,8 +1288,6 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
        [use PolicyKit for UNIX socket access checks])
      AC_DEFINE_UNQUOTED([HAVE_POLKIT0], 1,
        [use PolicyKit for UNIX socket access checks])
-      AC_DEFINE_UNQUOTED([HAVE_DBUS], 1,
-        [use DBus for PolicyKit])

      old_CFLAGS=$CFLAGS
      old_LIBS=$LIBS
@ -1129,17 +1302,31 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
        AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
      fi
      with_polkit0="yes"
-      with_dbus="yes"
    fi
  fi
 fi
 AM_CONDITIONAL([HAVE_POLKIT], [test "x$with_polkit" = "xyes"])
 AM_CONDITIONAL([HAVE_POLKIT0], [test "x$with_polkit0" = "xyes"])
-AM_CONDITIONAL([HAVE_DBUS], [test "x$with_dbus" = "xyes"])
 AM_CONDITIONAL([HAVE_POLKIT1], [test "x$with_polkit1" = "xyes"])
 AC_SUBST([POLKIT_CFLAGS])
 AC_SUBST([POLKIT_LIBS])

+dnl firewalld
+AC_ARG_WITH([firewalld],
+  AC_HELP_STRING([--with-firewalld], [enable firewalld support @<:@default=check@:>@]),
+  [],
+  [with_firewalld=check])
+if test "x$with_firewalld" = "xcheck" ; then
+   with_firewalld=$with_dbus
+fi
+if test "x$with_firewalld" == "xyes" ; then
+  if test "x$with_dbus" != "xyes" ; then
+     AC_MSG_ERROR([You must have dbus enabled for firewalld support])
+  fi
+  AC_DEFINE_UNQUOTED([HAVE_FIREWALLD], [1], [whether firewalld support is enabled])
+fi
+AM_CONDITIONAL([HAVE_FIREWALLD], [test "x$with_firewalld" != "xno"])
+
 dnl Avahi library
 AC_ARG_WITH([avahi],
  AC_HELP_STRING([--with-avahi], [use avahi to advertise remote daemon @<:@default=check@:>@]),
@ -1163,7 +1350,6 @@ if test "x$with_avahi" = "xyes" || test "x$with_avahi" = "xcheck"; then
      [whether Avahi is used to broadcast server presense])
  fi
 fi
-AM_CONDITIONAL([HAVE_AVAHI], [test "x$with_avahi" = "xyes"])
 AC_SUBST([AVAHI_CFLAGS])
 AC_SUBST([AVAHI_LIBS])

@ -1309,6 +1495,7 @@ else
  fail=0
  AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
  AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
+  AC_CHECK_FUNCS([selinux_lxc_contexts_path])
  CFLAGS="$old_cflags"
  LIBS="$old_libs"

@ -1454,13 +1641,6 @@ if test "$with_qemu" = "yes" && test "$with_numactl" != "no"; then
  CFLAGS="$old_cflags"
  LIBS="$old_libs"
 fi
-if test "$with_numactl" = "yes"; then
-  NUMACTL_LIBS="-lnuma"
-  AC_DEFINE_UNQUOTED([HAVE_NUMACTL], 1, [whether numactl is available for topology info])
-fi
-AM_CONDITIONAL([HAVE_NUMACTL], [test "$with_numactl" != "no"])
-AC_SUBST([NUMACTL_CFLAGS])
-AC_SUBST([NUMACTL_LIBS])

 dnl numad
 AC_ARG_WITH([numad],
@ -1469,22 +1649,45 @@ AC_ARG_WITH([numad],
  [with_numad=check])

 if test "$with_numad" != "no" ; then
+  old_cflags="$CFLAGS"
+  old_libs="$LIBS"
+  fail=0
+
  AC_PATH_PROG([NUMAD], [numad], [], [/bin:/usr/bin])
-  if test -z "$NUMAD" ; then
-    if test "$with_numad" = "check"; then
+
+  if test "$with_numad" = "check"; then
+    AC_CHECK_HEADER([numa.h], [], [fail=1])
+    AC_CHECK_LIB([numa], [numa_available], [], [fail=1])
+    if test -z "$NUMAD" || test $fail = 1; then
      with_numad="no"
    else
-      AC_MSG_ERROR([You must install the 'numad' to manage CPU placement dynamically])
+      with_numad="yes"
    fi
  else
-    with_numad="yes"
-  fi
-  if test "$with_numad" = "yes"; then
-    AC_DEFINE_UNQUOTED([HAVE_NUMAD], 1, [whether numad is available])
-    AC_DEFINE_UNQUOTED([NUMAD],["$NUMAD"], [Location or name of the numad program])
+    test -z  "$NUMAD" &&
+      AC_MSG_ERROR([You must install numad package to manage CPU and memory placement dynamically])
+
+    AC_CHECK_HEADER([numa.h], [], [fail=1])
+    AC_CHECK_LIB([numa], [numa_available], [], [fail=1])
+    test $fail = 1 &&
+      AC_MSG_ERROR([You must install the numactl development package in order to compile and run libvirt])
  fi
+
+  CFLAGS="$old_cflags"
+  LIBS="$old_libs"
+fi
+if test "$with_numad" = "yes"; then
+  AC_DEFINE_UNQUOTED([HAVE_NUMAD], 1, [whether numad is available])
+  AC_DEFINE_UNQUOTED([NUMAD],["$NUMAD"], [Location or name of the numad program])
+fi
+if test "$with_numactl" = "yes" || test "$with_numad" = "yes"; then
+  NUMACTL_LIBS="-lnuma"
+  AC_DEFINE_UNQUOTED([HAVE_NUMACTL], 1, [whether numactl-devel is available])
 fi
 AM_CONDITIONAL([HAVE_NUMAD], [test "$with_numad" != "no"])
+AM_CONDITIONAL([HAVE_NUMACTL], [test "$with_numad" != "no" || test "$with_numactl" != "no"])
+AC_SUBST([NUMACTL_CFLAGS])
+AC_SUBST([NUMACTL_LIBS])

 dnl pcap lib
 LIBPCAP_CONFIG="pcap-config"
@ -1548,29 +1751,58 @@ AM_CONDITIONAL([WITH_UML], [test "$with_uml" = "yes"])


 dnl
-dnl check for libssh2 (PHYP)
+dnl check for libssh2 (PHYP and libssh2 transport)
 dnl

 LIBSSH2_CFLAGS=""
 LIBSSH2_LIBS=""

-if test "$with_phyp" = "yes" || test "$with_phyp" = "check"; then
+if test "$with_phyp" = "yes" || test "$with_phyp" = "check" ||
+   test "$with_libssh2_transport" = "yes"  || test "$with_libssh2_transport" = "check"; then
    PKG_CHECK_MODULES([LIBSSH2], [libssh2 >= $LIBSSH2_REQUIRED], [
-        with_phyp=yes
+        if test "$with_phyp" = "check"; then
+            with_phyp=yes
+        fi
+        if $PKG_CONFIG "libssh2 >= $LIBSSH2_TRANSPORT_REQUIRED"; then
+            if test "$with_libssh2_transport" = "check"; then
+                with_libssh2_transport=yes
+            fi
+        else
+            if test "$with_libssh2_transport" = "check"; then
+                with_libssh2_transport=no
+                AC_MSG_NOTICE([libssh2 >= $LIBSSH2_TRANSPORT_REQUIRED is required for libssh2 transport])
+            fi
+            if test "$with_libssh2_transport" = "yes"; then
+                AC_MSG_ERROR([libssh2 >= $LIBSSH2_TRANSPORT_REQUIRED is required for libssh2 transport])
+            fi
+        fi
    ], [
        if test "$with_phyp" = "check"; then
            with_phyp=no
            AC_MSG_NOTICE([libssh2 is required for Phyp driver, disabling it])
-        else
+        fi
+        if test "$with_phyp" = "yes"; then
            AC_MSG_ERROR([libssh2 >= $LIBSSH2_REQUIRED is required for Phyp driver])
        fi
+        if test "$with_libssh2_transport" = "check"; then
+            with_libssh2_transport=no
+            AC_MSG_NOTICE([libssh2 >= $LIBSSH2_TRANSPORT_REQUIRED is required for libssh2 transport])
+        fi
+        if test "$with_libssh2_transport" = "yes"; then
+            AC_MSG_ERROR([libssh2 >= $LIBSSH2_TRANSPORT_REQUIRED is required for libssh2 transport])
+        fi
    ])
 fi

 if test "$with_phyp" = "yes"; then
    AC_DEFINE_UNQUOTED([WITH_PHYP], 1, [whether IBM HMC / IVM driver is enabled])
 fi
+if test "$with_libssh2_transport" = "yes"; then
+    AC_DEFINE_UNQUOTED([HAVE_LIBSSH2], 1, [whether libssh2 transport is enabled])
+fi
+
 AM_CONDITIONAL([WITH_PHYP],[test "$with_phyp" = "yes"])
+AM_CONDITIONAL([HAVE_LIBSSH2], [test "$with_libssh2_transport" = "yes"])

 AC_SUBST([LIBSSH2_CFLAGS])
 AC_SUBST([LIBSSH2_LIBS])
@ -1743,6 +1975,10 @@ AC_ARG_WITH([storage-mpath],
  AC_HELP_STRING([--with-storage-mpath], [with mpath backend for the storage driver @<:@default=check@:>@]),[],[with_storage_mpath=check])
 AC_ARG_WITH([storage-disk],
  AC_HELP_STRING([--with-storage-disk], [with GPartd Disk backend for the storage driver @<:@default=check@:>@]),[],[with_storage_disk=check])
+AC_ARG_WITH([storage-rbd],
+  AC_HELP_STRING([--with-storage-rbd], [with RADOS Block Device backend for the storage driver @<:@default=check@:>@]),[],[with_storage_rbd=check])
+AC_ARG_WITH([storage-sheepdog],
+  AC_HELP_STRING([--with-storage-sheepdog], [with Sheepdog backend for the storage driver @<:@default=check@:>@]),[],[with_storage_sheepdog=check])

 if test "$with_libvirtd" = "no"; then
  with_storage_dir=no
@ -1752,6 +1988,8 @@ if test "$with_libvirtd" = "no"; then
  with_storage_scsi=no
  with_storage_mpath=no
  with_storage_disk=no
+  with_storage_rbd=no
+  with_storage_sheepdog=no
 fi
 if test "$with_storage_dir" = "yes" ; then
  AC_DEFINE_UNQUOTED([WITH_STORAGE_DIR], 1, [whether directory backend for storage driver is enabled])
@ -1910,6 +2148,50 @@ if test "$with_storage_mpath" = "check"; then
 fi
 AM_CONDITIONAL([WITH_STORAGE_MPATH], [test "$with_storage_mpath" = "yes"])

+LIBRBD_LIBS=
+if test "$with_storage_rbd" = "yes" || test "$with_storage_rbd" = "check"; then
+    AC_CHECK_HEADER([rbd/librbd.h], [LIBRBD_FOUND=yes; break;])
+
+    if test "$LIBRBD_FOUND" = "yes"; then
+        with_storage_rbd=yes
+        LIBRBD_LIBS="-lrbd -lrados"
+        AC_DEFINE_UNQUOTED([WITH_STORAGE_RBD], [1],
+         [whether RBD backend for storage driver is enabled])
+    else
+        with_storage_rbd=no
+    fi
+fi
+AM_CONDITIONAL([WITH_STORAGE_RBD], [test "$with_storage_rbd" = "yes"])
+AC_SUBST([LIBRBD_LIBS])
+
+if test "$with_storage_sheepdog" = "yes" ||
+   test "$with_storage_sheepdog" = "check"; then
+  AC_PATH_PROG([COLLIE], [collie], [], [$PATH:/sbin:/usr/sbin])
+
+  if test "$with_storage_sheepdog" = "yes"; then
+    if test -z "$COLLIE"; then
+      AC_MSG_ERROR([We need collie for Sheepdog storage driver])
+    fi
+  else
+    if test -z "$COLLIE"; then
+      with_storage_sheepdog=no
+    fi
+
+    if test "$with_storage_sheepdog" = "check"; then
+      with_storage_sheepdog=yes
+    fi
+  fi
+
+  if test "$with_storage_sheepdog" = "yes"; then
+    AC_DEFINE_UNQUOTED([WITH_STORAGE_SHEEPDOG], 1,
+      [whether Sheepdog backend for storage driver is enabled])
+    AC_DEFINE_UNQUOTED([COLLIE],["$COLLIE"],[Location of collie program])
+  fi
+fi
+AM_CONDITIONAL([WITH_STORAGE_SHEEPDOG],
+  [test "$with_storage_sheepdog" = "yes"])
+
+
 LIBPARTED_CFLAGS=
 LIBPARTED_LIBS=
 if test "$with_storage_disk" = "yes" ||
@ -1995,6 +2277,19 @@ fi
 AC_SUBST([DEVMAPPER_CFLAGS])
 AC_SUBST([DEVMAPPER_LIBS])

+with_storage=no
+for backend in dir fs lvm iscsi scsi mpath rbd disk; do
+    if eval test \$with_storage_$backend = yes; then
+        with_storage=yes
+        break
+    fi
+done
+if test $with_storage = yes; then
+    AC_DEFINE([WITH_STORAGE], [1],
+      [Define to 1 if at least one storage backend is in use])
+fi
+AM_CONDITIONAL([WITH_STORAGE], [test "$with_storage" = "yes"])
+
 dnl
 dnl check for libcurl (ESX/XenAPI)
 dnl
@ -2162,6 +2457,9 @@ AM_CONDITIONAL([WITH_PYTHON], [test "$with_python" = "yes"])
 AC_SUBST([PYTHON_VERSION])
 AC_SUBST([PYTHON_INCLUDES])

+dnl Allow perl overrides
+AC_PATH_PROG([PERL], [perl])
+
 AC_ARG_ENABLE([with-test-suite],
              AC_HELP_STRING([--with-test-suite], [build test suite by default @<:@default=check@:>@]),
              [case "${withval}" in
@ -2277,16 +2575,23 @@ MINGW_EXTRA_LDFLAGS=
 WIN32_EXTRA_CFLAGS=
 LIBVIRT_SYMBOL_FILE=libvirt.syms
 LIBVIRT_QEMU_SYMBOL_FILE='$(srcdir)/libvirt_qemu.syms'
+MSCOM_LIBS=
 case "$host" in
  *-*-cygwin*)
    CYGWIN_EXTRA_LDFLAGS="-no-undefined"
    CYGWIN_EXTRA_LIBADD="${INTLLIBS}"
+    MSCOM_LIBS="-lole32 -loleaut32"
+
    if test "x$PYTHON_VERSION" != "x"; then
      CYGWIN_EXTRA_PYTHON_LIBADD="-L/usr/lib/python${PYTHON_VERSION}/config -lpython${PYTHON_VERSION}"
    fi
    ;;
  *-*-mingw*)
    MINGW_EXTRA_LDFLAGS="-no-undefined"
+    MSCOM_LIBS="-lole32 -loleaut32"
+    ;;
+  *-*-msvc*)
+    MSCOM_LIBS="-lole32 -loleaut32"
    ;;
 esac
 case "$host" in
@ -2319,6 +2624,7 @@ AC_SUBST([WIN32_EXTRA_CFLAGS])
 AC_SUBST([LIBVIRT_SYMBOL_FILE])
 AC_SUBST([LIBVIRT_QEMU_SYMBOL_FILE])
 AC_SUBST([VERSION_SCRIPT_FLAGS])
+AC_SUBST([MSCOM_LIBS])


 dnl Look for windres to build a Windows icon resource.
@ -2332,16 +2638,30 @@ AM_CONDITIONAL([WITH_WIN_ICON], [test "$WINDRES" != ""])

 dnl Driver-Modules library
 AC_ARG_WITH([driver-modules],
-  AC_HELP_STRING([--with-driver-modules], [build drivers as loadable modules @<:@default=no@:>@]),
+  AC_HELP_STRING([--with-driver-modules],
+  [build drivers as loadable modules @<:@default=check@:>@]),
  [],
-  [with_driver_modules=no])
+  [with_driver_modules=check])
+
+if test "$with_libvirtd" = "no" ; then
+  with_driver_modules=no
+fi

 DRIVER_MODULE_CFLAGS=
 DRIVER_MODULE_LIBS=
-if test "$with_driver_modules" = "yes"; then
+if test "$with_driver_modules" = "yes" || test "$with_driver_modules" = "check"; then
  if test "$dlfcn_found" != "yes" || test "$dlopen_found" != "yes"; then
-    AC_MSG_ERROR([You must have dlfcn.h / dlopen() support to build driver modules])
+    if test "$with_driver_modules" = "yes" ; then
+      AC_MSG_ERROR([You must have dlfcn.h / dlopen() support to build driver modules])
+    else
+      with_driver_modules=no
+    fi
+  else
+    with_driver_modules=yes
  fi
+fi
+
+if test "$with_driver_modules" = "yes" ; then
  DRIVER_MODULE_CFLAGS="-export-dynamic"
  case $ac_cv_search_dlopen in
    no*) DRIVER_MODULE_LIBS= ;;
@ -2388,7 +2708,6 @@ if test "x$with_hal" = "xyes" || test "x$with_hal" = "xcheck"; then
    CFLAGS="$CFLAGS $HAL_CFLAGS"
    LIBS="$LIBS $HAL_LIBS"
    AC_CHECK_FUNCS([libhal_get_all_devices],,[with_hal=no])
-    AC_CHECK_FUNCS([dbus_watch_get_unix_fd])
    CFLAGS="$old_CFLAGS"
    LIBS="$old_LIBS"
  fi
@ -2468,6 +2787,36 @@ if test "$with_nwfilter" = "yes" ; then
 fi
 AM_CONDITIONAL([WITH_NWFILTER], [test "$with_nwfilter" = "yes"])

+dnl check if the interface driver should be compiled
+AC_ARG_WITH([interface],
+  AC_HELP_STRING([--with-interface],
+    [with host interface driver @<:@default=check@:>@]), [],
+    [with_interface=check])
+
+dnl Don't compile the interface driver without libvirtd
+if test "$with_libvirtd" = "no" ; then
+  with_interface=no
+fi
+
+dnl The interface driver depends on the netcf library
+if test "$with_interface:$with_netcf" = "check:yes" ; then
+  with_interface=yes
+fi
+
+if test "$with_interface:$with_netcf" = "check:no" ; then
+  with_interface=no
+fi
+
+if test "$with_interface:$with_netcf" = "yes:no" ; then
+  AC_MSG_ERROR([Requested the Interface driver without netcf support])
+fi
+
+if test "$with_interface" = "yes" ; then
+  AC_DEFINE_UNQUOTED([WITH_INTERFACE], [1],
+    [whether the interface driver is enabled])
+fi
+AM_CONDITIONAL([WITH_INTERFACE], [test "$with_interface" = "yes"])
+
 dnl libblkid is used by several storage drivers; therefore we probe
 dnl for it unconditionally.
 AC_ARG_WITH([libblkid],
@ -2509,7 +2858,8 @@ AC_MSG_CHECKING([whether to compile with macvtap support])
 if test "$with_macvtap" != "no" ; then
    AC_TRY_COMPILE([ #include <sys/socket.h>
                     #include <linux/rtnetlink.h> ],
-                   [ int x = MACVLAN_MODE_BRIDGE; ],
+                   [ int x = MACVLAN_MODE_BRIDGE;
+                     int y = IFLA_VF_MAX; ],
                   [ with_macvtap=yes ],
                   [ if test "$with_macvtap" = "yes" ; then
                         AC_MSG_ERROR([Installed linux headers don't show support for macvtap device.])
@ -2575,19 +2925,50 @@ AM_CONDITIONAL([WITH_VIRTUALPORT], [test "$with_virtualport" = "yes"])

 dnl netlink library

+LIBNL_ROUTE3_CFLAGS=""
+LIBNL_ROUTE3_LIBS=""
 LIBNL_CFLAGS=""
 LIBNL_LIBS=""
 have_libnl=no

 if test "$with_linux" = "yes"; then
-    PKG_CHECK_MODULES([LIBNL], [libnl-1 >= $LIBNL_REQUIRED], [
-        have_libnl=yes
-        AC_DEFINE_UNQUOTED([HAVE_LIBNL], 1, [whether the netlink library is available])
-    ], [
-        if test "$with_macvtap" = "yes"; then
-            AC_MSG_ERROR([libnl-devel >= $LIBNL_REQUIRED is required for macvtap support])
+    # When linking with netcf, we must ensure that we pick the same version
+    # of libnl that netcf picked.  Prefer libnl-3 unless we can prove
+    # netcf linked against libnl-1, or unless the user set LIBNL_CFLAGS.
+    # (Setting LIBNL_CFLAGS is already used by PKG_CHECK_MODULES to
+    # override any probing, so if it set, you know which libnl is in use.)
+    libnl_ldd=
+    for dir in /usr/lib64 /usr/lib /usr/lib/*-linux-gnu*; do
+        if test -f $dir/libnetcf.so; then
+            libnl_ldd=`(ldd $dir/libnetcf.so) 2>&1`
+            break
        fi
-    ])
+    done
+    case $libnl_ldd:${LIBNL_CFLAGS+set} in
+        *libnl.so.1*:) ;;
+        *)
+        PKG_CHECK_MODULES([LIBNL], [libnl-3.0], [
+            have_libnl=yes
+            AC_DEFINE([HAVE_LIBNL3], [1], [Use libnl-3.0])
+            AC_DEFINE([HAVE_LIBNL], [1], [whether the netlink library is available])
+            PKG_CHECK_MODULES([LIBNL_ROUTE3], [libnl-route-3.0])
+            LIBNL_CFLAGS="$LIBNL_CFLAGS $LIBNL_ROUTE3_CFLAGS"
+            LIBNL_LIBS="$LIBNL_LIBS $LIBNL_ROUTE3_LIBS"
+        ], [:]) ;;
+    esac
+    if test "$have_libnl" = no; then
+        PKG_CHECK_MODULES([LIBNL], [libnl-1 >= $LIBNL_REQUIRED], [
+            have_libnl=yes
+            AC_DEFINE_UNQUOTED([HAVE_LIBNL], [1],
+             [whether the netlink library is available])
+            AC_DEFINE_UNQUOTED([HAVE_LIBNL1], [1],
+             [whether the netlink v1 library is available])
+        ], [
+            if test "$with_macvtap" = "yes"; then
+                AC_MSG_ERROR([libnl-devel >= $LIBNL_REQUIRED is required for macvtap support])
+            fi
+        ])
+    fi
 fi
 AM_CONDITIONAL([HAVE_LIBNL], [test "$have_libnl" = "yes"])

@ -2616,11 +2997,18 @@ test "x$lv_cv_static_analysis" = xyes && t=1
 AC_DEFINE_UNQUOTED([STATIC_ANALYSIS], [$t],
  [Define to 1 when performing static analysis.])

+# Some GNULIB base64 symbols clash with a kerberos library
+AC_DEFINE_UNQUOTED([isbase64],[libvirt_gl_isbase64],[Hack to avoid symbol clash])
+AC_DEFINE_UNQUOTED([base64_encode],[libvirt_gl_base64_encode],[Hack to avoid symbol clash])
+AC_DEFINE_UNQUOTED([base64_encode_alloc],[libvirt_gl_base64_encode_alloc],[Hack to avoid symbol clash])
+
+AC_CONFIG_FILES([run],
+                [chmod +x,-w run])
 AC_OUTPUT(Makefile src/Makefile include/Makefile docs/Makefile \
 	  docs/schemas/Makefile \
 	  gnulib/lib/Makefile \
 	  gnulib/tests/Makefile \
-          libvirt.pc libvirt.spec mingw32-libvirt.spec \
+          libvirt.pc libvirt.spec mingw-libvirt.spec \
          po/Makefile.in \
 	  include/libvirt/Makefile include/libvirt/libvirt.h \
 	  python/Makefile python/tests/Makefile \
@ -2643,25 +3031,26 @@ AC_MSG_NOTICE([=====================])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Drivers])
 AC_MSG_NOTICE([])
-AC_MSG_NOTICE([     Xen: $with_xen])
-AC_MSG_NOTICE([    QEMU: $with_qemu])
-AC_MSG_NOTICE([     UML: $with_uml])
-AC_MSG_NOTICE([  OpenVZ: $with_openvz])
-AC_MSG_NOTICE([  VMware: $with_vmware])
-AC_MSG_NOTICE([    VBox: $with_vbox])
-AC_MSG_NOTICE([  XenAPI: $with_xenapi])
-AC_MSG_NOTICE([xenlight: $with_libxl])
-AC_MSG_NOTICE([     LXC: $with_lxc])
-AC_MSG_NOTICE([    PHYP: $with_phyp])
-AC_MSG_NOTICE([     ESX: $with_esx])
-AC_MSG_NOTICE([ Hyper-V: $with_hyperv])
-AC_MSG_NOTICE([    Test: $with_test])
-AC_MSG_NOTICE([  Remote: $with_remote])
-AC_MSG_NOTICE([ Network: $with_network])
-AC_MSG_NOTICE([Libvirtd: $with_libvirtd])
-AC_MSG_NOTICE([   netcf: $with_netcf])
-AC_MSG_NOTICE([ macvtap: $with_macvtap])
-AC_MSG_NOTICE([virtport: $with_virtualport])
+AC_MSG_NOTICE([      Xen: $with_xen])
+AC_MSG_NOTICE([     QEMU: $with_qemu])
+AC_MSG_NOTICE([      UML: $with_uml])
+AC_MSG_NOTICE([   OpenVZ: $with_openvz])
+AC_MSG_NOTICE([   VMware: $with_vmware])
+AC_MSG_NOTICE([     VBox: $with_vbox])
+AC_MSG_NOTICE([   XenAPI: $with_xenapi])
+AC_MSG_NOTICE([ xenlight: $with_libxl])
+AC_MSG_NOTICE([      LXC: $with_lxc])
+AC_MSG_NOTICE([     PHYP: $with_phyp])
+AC_MSG_NOTICE([      ESX: $with_esx])
+AC_MSG_NOTICE([  Hyper-V: $with_hyperv])
+AC_MSG_NOTICE([Parallels: $with_parallels])
+AC_MSG_NOTICE([     Test: $with_test])
+AC_MSG_NOTICE([   Remote: $with_remote])
+AC_MSG_NOTICE([  Network: $with_network])
+AC_MSG_NOTICE([ Libvirtd: $with_libvirtd])
+AC_MSG_NOTICE([Interface: $with_interface])
+AC_MSG_NOTICE([  macvtap: $with_macvtap])
+AC_MSG_NOTICE([ virtport: $with_virtualport])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Storage Drivers])
 AC_MSG_NOTICE([])
@ -2673,6 +3062,8 @@ AC_MSG_NOTICE([   iSCSI: $with_storage_iscsi])
 AC_MSG_NOTICE([    SCSI: $with_storage_scsi])
 AC_MSG_NOTICE([   mpath: $with_storage_mpath])
 AC_MSG_NOTICE([    Disk: $with_storage_disk])
+AC_MSG_NOTICE([     RBD: $with_storage_rbd])
+AC_MSG_NOTICE([Sheepdog: $with_storage_sheepdog])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Security Drivers])
 AC_MSG_NOTICE([])
@ -2722,6 +3113,7 @@ AC_MSG_NOTICE([ sanlock: $SANLOCK_CFLAGS $SANLOCK_LIBS])
 else
 AC_MSG_NOTICE([ sanlock: no])
 fi
+AC_MSG_NOTICE([firewalld: $with_firewalld])
 if test "$with_avahi" = "yes" ; then
 AC_MSG_NOTICE([   avahi: $AVAHI_CFLAGS $AVAHI_LIBS])
 else
@ -2811,6 +3203,12 @@ AC_MSG_NOTICE([     xdr: $XDR_CFLAGS])
 else
 AC_MSG_NOTICE([     xdr: no])
 fi
+if test "$with_storage_rbd" = "yes" ; then
+AC_MSG_NOTICE([     rbd: $LIBRBD_LIBS])
+else
+AC_MSG_NOTICE([     rbd: no])
+fi
+
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Test suite])
 AC_MSG_NOTICE([])
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@ -21,6 +21,7 @@ DAEMON_GENERATED =					\

 DAEMON_SOURCES =					\
 		libvirtd.c libvirtd.h			\
+		libvirtd-config.c libvirtd-config.h	\
 		remote.c remote.h			\
 		stream.c stream.h			\
 		../src/remote/remote_protocol.c		\
@ -44,7 +45,7 @@ EXTRA_DIST =						\
 	libvirtd.qemu.logrotate.in                      \
 	libvirtd.lxc.logrotate.in                       \
 	libvirtd.uml.logrotate.in                       \
-	test_libvirtd.aug                               \
+	test_libvirtd.aug.in                             \
 	THREADS.txt					\
 	libvirtd.pod.in					\
 	libvirtd.8.in					\
@ -57,12 +58,12 @@ QEMU_PROTOCOL = $(top_srcdir)/src/remote/qemu_protocol.x

 $(srcdir)/remote_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(REMOTE_PROTOCOL)
-	$(AM_V_GEN)perl -w $(srcdir)/../src/rpc/gendispatch.pl -b remote \
+	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl -b remote REMOTE \
 	  $(REMOTE_PROTOCOL) > $@

 $(srcdir)/qemu_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(QEMU_PROTOCOL)
-	$(AM_V_GEN)perl -w $(srcdir)/../src/rpc/gendispatch.pl -b qemu \
+	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl -b qemu QEMU \
 	  $(QEMU_PROTOCOL) > $@

 if WITH_LIBVIRTD
@ -80,11 +81,12 @@ augeas_DATA = libvirtd.aug
 augeastestsdir = $(datadir)/augeas/lenses/tests
 augeastests_DATA = test_libvirtd.aug

+CLEANFILES += test_libvirtd.aug
+
 libvirtd.8: $(srcdir)/libvirtd.8.in
 	sed \
-	    -e 's![@]sysconfdir[@]!$(sysconfdir)!g' \
-	    -e 's![@]localstatedir[@]!$(localstatedir)!g' \
-	    -e 's![@]remote_pid_file[@]!$(REMOTE_PID_FILE)!g' \
+	    -e 's!SYSCONFDIR!$(sysconfdir)!g' \
+	    -e 's!LOCALSTATEDIR!$(localstatedir)!g' \
 	    < $< > $@-t
 	mv $@-t $@

@ -93,11 +95,10 @@ libvirtd_SOURCES = $(DAEMON_SOURCES)
 #-D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_POSIX_C_SOURCE=199506L
 libvirtd_CFLAGS = \
 	$(LIBXML_CFLAGS) $(GNUTLS_CFLAGS) $(SASL_CFLAGS) \
-	$(XDR_CFLAGS) $(POLKIT_CFLAGS) \
+	$(XDR_CFLAGS) $(POLKIT_CFLAGS) $(DBUS_CFLAGS) $(LIBNL_CFLAGS) \
 	$(WARN_CFLAGS) \
 	$(COVERAGE_CFLAGS) \
-	-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\"" \
-	-DREMOTE_PID_FILE="\"$(REMOTE_PID_FILE)\""
+	-DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\""

 libvirtd_LDFLAGS =					\
 	$(WARN_CFLAGS)					\
@ -107,10 +108,12 @@ libvirtd_LDADD =					\
 	$(LIBXML_LIBS)					\
 	$(GNUTLS_LIBS)					\
 	$(SASL_LIBS)					\
-	$(POLKIT_LIBS)
+	$(DBUS_LIBS)					\
+	$(POLKIT_LIBS)					\
+	$(LIBNL_LIBS)

 if WITH_DTRACE_PROBES
-libvirtd_LDADD += ../src/probes.o
+libvirtd_LDADD += ../src/libvirt_probes.lo
 endif

 libvirtd_LDADD += \
@ -119,12 +122,19 @@ libvirtd_LDADD += \
 if ! WITH_DRIVER_MODULES
 if WITH_QEMU
    libvirtd_LDADD += ../src/libvirt_driver_qemu.la
+if WITH_DTRACE_PROBES
+    libvirtd_LDADD += ../src/libvirt_qemu_probes.lo
+endif
 endif

 if WITH_LXC
    libvirtd_LDADD += ../src/libvirt_driver_lxc.la
 endif

+if WITH_XEN
+    libvirtd_LDADD += ../src/libvirt_driver_xen.la
+endif
+
 if WITH_LIBXL
    libvirtd_LDADD += ../src/libvirt_driver_libxl.la
 endif
@ -133,7 +143,7 @@ if WITH_UML
    libvirtd_LDADD += ../src/libvirt_driver_uml.la
 endif

-if WITH_STORAGE_DIR
+if WITH_STORAGE
    libvirtd_LDADD += ../src/libvirt_driver_storage.la
 endif

@ -141,7 +151,7 @@ if WITH_NETWORK
    libvirtd_LDADD += ../src/libvirt_driver_network.la
 endif

-if WITH_NETCF
+if WITH_INTERFACE
    libvirtd_LDADD += ../src/libvirt_driver_interface.la
 endif

@ -256,6 +266,7 @@ uninstall-sysconfig:
 	rm -f $(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
 	rmdir $(DESTDIR)$(sysconfdir)/sysconfig || :

+if WITH_SYSCTL
 install-sysctl:
 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysctl.d
 	$(INSTALL_DATA) $(srcdir)/libvirtd.sysctl \
@ -264,6 +275,10 @@ install-sysctl:
 uninstall-sysctl:
 	rm -f $(DESTDIR)$(sysconfdir)/sysctl.d/libvirtd
 	rmdir $(DESTDIR)$(sysconfdir)/sysctl.d || :
+else
+install-sysctl:
+uninstall-sysctl:
+endif

 if LIBVIRT_INIT_SCRIPT_RED_HAT

@ -307,7 +322,7 @@ BUILT_SOURCES += libvirtd.service

 install-init-systemd: install-sysconfig libvirtd.service
 	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
-	$(INSTALL_SCRIPT) libvirtd.service \
+	$(INSTALL_DATA) libvirtd.service \
 	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service

 uninstall-init-systemd: uninstall-sysconfig
@ -337,9 +352,16 @@ libvirtd.service: libvirtd.service.in $(top_builddir)/config.status
 	    mv $@-t $@


-check-local:
+check-local: check-augeas
+
+AUG_GENTEST = $(PERL) $(top_srcdir)/build-aux/augeas-gentest.pl
+
+test_libvirtd.aug: test_libvirtd.aug.in $(srcdir)/libvirtd.conf
+	$(AM_V_GEN)$(AUG_GENTEST) $(srcdir)/libvirtd.conf $< $@
+
+check-augeas: test_libvirtd.aug
 	$(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
-	  '$(AUGPARSE)' -I $(srcdir) $(srcdir)/test_libvirtd.aug; \
+	  '$(AUGPARSE)' -I $(srcdir) test_libvirtd.aug; \
 	fi


@ -356,7 +378,7 @@ POD2MAN = pod2man -c "Virtualization Support" \
 			-r "$(PACKAGE)-$(VERSION)" -s 8

 $(srcdir)/libvirtd.8.in: libvirtd.pod.in
-	$(AM_V_GEN)$(POD2MAN) $< $@
+	$(AM_V_GEN)$(POD2MAN) --name LIBVIRTD $< $@

 # This is needed for clients too, so can't wrap in
 # the WITH_LIBVIRTD conditional
--- a/daemon/libvirtd-config.c
+++ b/daemon/libvirtd-config.c
@ -0,0 +1,492 @@
+/*
+ * libvirtd.c: daemon start of day, guest process & i/o management
+ *
+ * Copyright (C) 2006-2012 Red Hat, Inc.
+ * Copyright (C) 2006 Daniel P. Berrange
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Author: Daniel P. Berrange <berrange@redhat.com>
+ */
+
+#include <config.h>
+
+#include "libvirtd-config.h"
+#include "conf.h"
+#include "memory.h"
+#include "virterror_internal.h"
+#include "logging.h"
+#include "rpc/virnetserver.h"
+#include "configmake.h"
+#include "remote/remote_protocol.h"
+#include "remote/remote_driver.h"
+
+#define VIR_FROM_THIS VIR_FROM_CONF
+
+/* Allocate an array of malloc'd strings from the config file, filename
+ * (used only in diagnostics), using handle "conf".  Upon error, return -1
+ * and free any allocated memory.  Otherwise, save the array in *list_arg
+ * and return 0.
+ */
+static int
+remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
+                          const char *filename)
+{
+    char **list;
+    virConfValuePtr p = virConfGetValue (conf, key);
+    if (!p)
+        return 0;
+
+    switch (p->type) {
+    case VIR_CONF_STRING:
+        if (VIR_ALLOC_N(list, 2) < 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list"),
+                           key);
+            return -1;
+        }
+        list[0] = strdup (p->str);
+        list[1] = NULL;
+        if (list[0] == NULL) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list value"),
+                           key);
+            VIR_FREE(list);
+            return -1;
+        }
+        break;
+
+    case VIR_CONF_LIST: {
+        int i, len = 0;
+        virConfValuePtr pp;
+        for (pp = p->list; pp; pp = pp->next)
+            len++;
+        if (VIR_ALLOC_N(list, 1+len) < 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list"),
+                           key);
+            return -1;
+        }
+        for (i = 0, pp = p->list; pp; ++i, pp = pp->next) {
+            if (pp->type != VIR_CONF_STRING) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("remoteReadConfigFile: %s: %s:"
+                                 " must be a string or list of strings"),
+                               filename, key);
+                VIR_FREE(list);
+                return -1;
+            }
+            list[i] = strdup (pp->str);
+            if (list[i] == NULL) {
+                int j;
+                for (j = 0 ; j < i ; j++)
+                    VIR_FREE(list[j]);
+                VIR_FREE(list);
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("failed to allocate memory for %s config list value"),
+                               key);
+                return -1;
+            }
+
+        }
+        list[i] = NULL;
+        break;
+    }
+
+    default:
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s:"
+                         " must be a string or list of strings"),
+                       filename, key);
+        return -1;
+    }
+
+    *list_arg = list;
+    return 0;
+}
+
+/* A helper function used by each of the following macros.  */
+static int
+checkType (virConfValuePtr p, const char *filename,
+           const char *key, virConfType required_type)
+{
+    if (p->type != required_type) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s: invalid type:"
+                         " got %s; expected %s"), filename, key,
+                       virConfTypeName (p->type),
+                       virConfTypeName (required_type));
+        return -1;
+    }
+    return 0;
+}
+
+/* If there is no config data for the key, #var_name, then do nothing.
+   If there is valid data of type VIR_CONF_STRING, and strdup succeeds,
+   store the result in var_name.  Otherwise, (i.e. invalid type, or strdup
+   failure), give a diagnostic and "goto" the cleanup-and-fail label.  */
+#define GET_CONF_STR(conf, filename, var_name)                          \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue (conf, #var_name);          \
+        if (p) {                                                        \
+            if (checkType (p, filename, #var_name, VIR_CONF_STRING) < 0) \
+                goto error;                                             \
+            VIR_FREE(data->var_name);                                   \
+            if (!(data->var_name = strdup (p->str))) {                  \
+                virReportOOMError();                                    \
+                goto error;                                             \
+            }                                                           \
+        }                                                               \
+    } while (0)
+
+/* Like GET_CONF_STR, but for integral values.  */
+#define GET_CONF_INT(conf, filename, var_name)                          \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue (conf, #var_name);          \
+        if (p) {                                                        \
+            if (checkType (p, filename, #var_name, VIR_CONF_LONG) < 0)  \
+                goto error;                                             \
+            data->var_name = p->l;                                      \
+        }                                                               \
+    } while (0)
+
+
+static int remoteConfigGetAuth(virConfPtr conf, const char *key, int *auth, const char *filename) {
+    virConfValuePtr p;
+
+    p = virConfGetValue (conf, key);
+    if (!p)
+        return 0;
+
+    if (checkType (p, filename, key, VIR_CONF_STRING) < 0)
+        return -1;
+
+    if (!p->str)
+        return 0;
+
+    if (STREQ(p->str, "none")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
+#if HAVE_SASL
+    } else if (STREQ(p->str, "sasl")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
+#endif
+    } else if (STREQ(p->str, "polkit")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
+    } else {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s: unsupported auth %s"),
+                       filename, key, p->str);
+        return -1;
+    }
+
+    return 0;
+}
+
+int
+daemonConfigFilePath(bool privileged, char **configfile)
+{
+    if (privileged) {
+        if (!(*configfile = strdup(SYSCONFDIR "/libvirt/libvirtd.conf")))
+            goto no_memory;
+    } else {
+        char *configdir = NULL;
+
+        if (!(configdir = virGetUserConfigDirectory()))
+            goto error;
+
+        if (virAsprintf(configfile, "%s/libvirtd.conf", configdir) < 0) {
+            VIR_FREE(configdir);
+            goto no_memory;
+        }
+        VIR_FREE(configdir);
+    }
+
+    return 0;
+
+no_memory:
+    virReportOOMError();
+error:
+    return -1;
+}
+
+struct daemonConfig*
+daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
+{
+    struct daemonConfig *data;
+    char *localhost;
+    int ret;
+
+    if (VIR_ALLOC(data) < 0) {
+        virReportOOMError();
+        return NULL;
+    }
+
+    data->listen_tls = 1;
+    data->listen_tcp = 0;
+
+    if (!(data->tls_port = strdup(LIBVIRTD_TLS_PORT)))
+        goto no_memory;
+    if (!(data->tcp_port = strdup(LIBVIRTD_TCP_PORT)))
+        goto no_memory;
+
+    /* Only default to PolicyKit if running as root */
+#if HAVE_POLKIT
+    if (privileged) {
+        data->auth_unix_rw = REMOTE_AUTH_POLKIT;
+        data->auth_unix_ro = REMOTE_AUTH_POLKIT;
+    } else {
+#endif
+        data->auth_unix_rw = REMOTE_AUTH_NONE;
+        data->auth_unix_ro = REMOTE_AUTH_NONE;
+#if HAVE_POLKIT
+    }
+#endif
+
+    if (data->auth_unix_rw == REMOTE_AUTH_POLKIT)
+        data->unix_sock_rw_perms = strdup("0777"); /* Allow world */
+    else
+        data->unix_sock_rw_perms = strdup("0700"); /* Allow user only */
+    data->unix_sock_ro_perms = strdup("0777"); /* Always allow world */
+    if (!data->unix_sock_ro_perms ||
+        !data->unix_sock_rw_perms)
+        goto no_memory;
+
+#if HAVE_SASL
+    data->auth_tcp = REMOTE_AUTH_SASL;
+#else
+    data->auth_tcp = REMOTE_AUTH_NONE;
+#endif
+    data->auth_tls = REMOTE_AUTH_NONE;
+
+    data->mdns_adv = 0;
+
+    data->min_workers = 5;
+    data->max_workers = 20;
+    data->max_clients = 20;
+
+    data->prio_workers = 5;
+
+    data->max_requests = 20;
+    data->max_client_requests = 5;
+
+    data->log_buffer_size = 64;
+
+    data->audit_level = 1;
+    data->audit_logging = 0;
+
+    data->keepalive_interval = 5;
+    data->keepalive_count = 5;
+    data->keepalive_required = 0;
+
+    localhost = virGetHostname(NULL);
+    if (localhost == NULL) {
+        /* we couldn't resolve the hostname; assume that we are
+         * running in disconnected operation, and report a less
+         * useful Avahi string
+         */
+        ret = virAsprintf(&data->mdns_name, "Virtualization Host");
+    } else {
+        char *tmp;
+        /* Extract the host part of the potentially FQDN */
+        if ((tmp = strchr(localhost, '.')))
+            *tmp = '\0';
+        ret = virAsprintf(&data->mdns_name, "Virtualization Host %s",
+                          localhost);
+    }
+    VIR_FREE(localhost);
+    if (ret < 0)
+        goto no_memory;
+
+    return data;
+
+no_memory:
+    virReportOOMError();
+    daemonConfigFree(data);
+    return NULL;
+}
+
+void
+daemonConfigFree(struct daemonConfig *data)
+{
+    char **tmp;
+
+    if (!data)
+        return;
+
+    VIR_FREE(data->listen_addr);
+    VIR_FREE(data->tls_port);
+    VIR_FREE(data->tcp_port);
+
+    VIR_FREE(data->unix_sock_ro_perms);
+    VIR_FREE(data->unix_sock_rw_perms);
+    VIR_FREE(data->unix_sock_group);
+    VIR_FREE(data->unix_sock_dir);
+    VIR_FREE(data->mdns_name);
+
+    tmp = data->tls_allowed_dn_list;
+    while (tmp && *tmp) {
+        VIR_FREE(*tmp);
+        tmp++;
+    }
+    VIR_FREE(data->tls_allowed_dn_list);
+
+    tmp = data->sasl_allowed_username_list;
+    while (tmp && *tmp) {
+        VIR_FREE(*tmp);
+        tmp++;
+    }
+    VIR_FREE(data->sasl_allowed_username_list);
+
+    VIR_FREE(data->key_file);
+    VIR_FREE(data->ca_file);
+    VIR_FREE(data->cert_file);
+    VIR_FREE(data->crl_file);
+
+    VIR_FREE(data->host_uuid);
+    VIR_FREE(data->log_filters);
+    VIR_FREE(data->log_outputs);
+
+    VIR_FREE(data);
+}
+
+static int
+daemonConfigLoadOptions(struct daemonConfig *data,
+                        const char *filename,
+                        virConfPtr conf)
+{
+    GET_CONF_INT (conf, filename, listen_tcp);
+    GET_CONF_INT (conf, filename, listen_tls);
+    GET_CONF_STR (conf, filename, tls_port);
+    GET_CONF_STR (conf, filename, tcp_port);
+    GET_CONF_STR (conf, filename, listen_addr);
+
+    if (remoteConfigGetAuth(conf, "auth_unix_rw", &data->auth_unix_rw, filename) < 0)
+        goto error;
+#if HAVE_POLKIT
+    /* Change default perms to be wide-open if PolicyKit is enabled.
+     * Admin can always override in config file
+     */
+    if (data->auth_unix_rw == REMOTE_AUTH_POLKIT) {
+        VIR_FREE(data->unix_sock_rw_perms);
+        if (!(data->unix_sock_rw_perms = strdup("0777"))) {
+            virReportOOMError();
+            goto error;
+        }
+    }
+#endif
+    if (remoteConfigGetAuth(conf, "auth_unix_ro", &data->auth_unix_ro, filename) < 0)
+        goto error;
+    if (remoteConfigGetAuth(conf, "auth_tcp", &data->auth_tcp, filename) < 0)
+        goto error;
+    if (remoteConfigGetAuth(conf, "auth_tls", &data->auth_tls, filename) < 0)
+        goto error;
+
+    GET_CONF_STR (conf, filename, unix_sock_group);
+    GET_CONF_STR (conf, filename, unix_sock_ro_perms);
+    GET_CONF_STR (conf, filename, unix_sock_rw_perms);
+
+    GET_CONF_STR (conf, filename, unix_sock_dir);
+
+    GET_CONF_INT (conf, filename, mdns_adv);
+    GET_CONF_STR (conf, filename, mdns_name);
+
+    GET_CONF_INT (conf, filename, tls_no_sanity_certificate);
+    GET_CONF_INT (conf, filename, tls_no_verify_certificate);
+
+    GET_CONF_STR (conf, filename, key_file);
+    GET_CONF_STR (conf, filename, cert_file);
+    GET_CONF_STR (conf, filename, ca_file);
+    GET_CONF_STR (conf, filename, crl_file);
+
+    if (remoteConfigGetStringList(conf, "tls_allowed_dn_list",
+                                  &data->tls_allowed_dn_list, filename) < 0)
+        goto error;
+
+
+    if (remoteConfigGetStringList(conf, "sasl_allowed_username_list",
+                                  &data->sasl_allowed_username_list, filename) < 0)
+        goto error;
+
+
+    GET_CONF_INT (conf, filename, min_workers);
+    GET_CONF_INT (conf, filename, max_workers);
+    GET_CONF_INT (conf, filename, max_clients);
+
+    GET_CONF_INT (conf, filename, prio_workers);
+
+    GET_CONF_INT (conf, filename, max_requests);
+    GET_CONF_INT (conf, filename, max_client_requests);
+
+    GET_CONF_INT (conf, filename, audit_level);
+    GET_CONF_INT (conf, filename, audit_logging);
+
+    GET_CONF_STR (conf, filename, host_uuid);
+
+    GET_CONF_INT (conf, filename, log_level);
+    GET_CONF_STR (conf, filename, log_filters);
+    GET_CONF_STR (conf, filename, log_outputs);
+    GET_CONF_INT (conf, filename, log_buffer_size);
+
+    GET_CONF_INT (conf, filename, keepalive_interval);
+    GET_CONF_INT (conf, filename, keepalive_count);
+    GET_CONF_INT (conf, filename, keepalive_required);
+
+    return 0;
+
+error:
+    return -1;
+}
+
+
+/* Read the config file if it exists.
+ * Only used in the remote case, hence the name.
+ */
+int
+daemonConfigLoadFile(struct daemonConfig *data,
+                     const char *filename,
+                     bool allow_missing)
+{
+    virConfPtr conf;
+    int ret;
+
+    if (allow_missing &&
+        access(filename, R_OK) == -1 &&
+        errno == ENOENT)
+        return 0;
+
+    conf = virConfReadFile(filename, 0);
+    if (!conf)
+        return -1;
+
+    ret = daemonConfigLoadOptions(data, filename, conf);
+    virConfFree(conf);
+    return ret;
+}
+
+int daemonConfigLoadData(struct daemonConfig *data,
+                         const char *filename,
+                         const char *filedata)
+{
+    virConfPtr conf;
+    int ret;
+
+    conf = virConfReadMem(filedata, strlen(filedata), 0);
+    if (!conf)
+        return -1;
+
+    ret = daemonConfigLoadOptions(data, filename, conf);
+    virConfFree(conf);
+    return ret;
+}
--- a/daemon/libvirtd-config.h
+++ b/daemon/libvirtd-config.h
@ -0,0 +1,94 @@
+/*
+ * libvirtd.c: daemon start of day, guest process & i/o management
+ *
+ * Copyright (C) 2006-2012 Red Hat, Inc.
+ * Copyright (C) 2006 Daniel P. Berrange
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Author: Daniel P. Berrange <berrange@redhat.com>
+ */
+
+#ifndef __LIBVIRTD_CONFIG_H__
+# define __LIBVIRTD_CONFIG_H__
+
+# include "internal.h"
+
+struct daemonConfig {
+    char *host_uuid;
+
+    int listen_tls;
+    int listen_tcp;
+    char *listen_addr;
+    char *tls_port;
+    char *tcp_port;
+
+    char *unix_sock_ro_perms;
+    char *unix_sock_rw_perms;
+    char *unix_sock_group;
+    char *unix_sock_dir;
+
+    int auth_unix_rw;
+    int auth_unix_ro;
+    int auth_tcp;
+    int auth_tls;
+
+    int mdns_adv;
+    char *mdns_name;
+
+    int tls_no_verify_certificate;
+    int tls_no_sanity_certificate;
+    char **tls_allowed_dn_list;
+    char **sasl_allowed_username_list;
+
+    char *key_file;
+    char *cert_file;
+    char *ca_file;
+    char *crl_file;
+
+    int min_workers;
+    int max_workers;
+    int max_clients;
+
+    int prio_workers;
+
+    int max_requests;
+    int max_client_requests;
+
+    int log_level;
+    char *log_filters;
+    char *log_outputs;
+    int log_buffer_size;
+
+    int audit_level;
+    int audit_logging;
+
+    int keepalive_interval;
+    unsigned int keepalive_count;
+    int keepalive_required;
+};
+
+
+int daemonConfigFilePath(bool privileged, char **configfile);
+struct daemonConfig* daemonConfigNew(bool privileged);
+void daemonConfigFree(struct daemonConfig *data);
+int daemonConfigLoadFile(struct daemonConfig *data,
+                         const char *filename,
+                         bool allow_missing);
+int daemonConfigLoadData(struct daemonConfig *data,
+                         const char *filename,
+                         const char *filedata);
+
+#endif /* __LIBVIRTD_CONFIG_H__ */
--- a/daemon/libvirtd.aug
+++ b/daemon/libvirtd.aug
@ -62,6 +62,7 @@ module Libvirtd =
   let logging_entry = int_entry "log_level"
                     | str_entry "log_filters"
                     | str_entry "log_outputs"
+                     | int_entry "log_buffer_size"

   let auditing_entry = int_entry "audit_level"
                      | bool_entry "audit_logging"
@ -70,6 +71,8 @@ module Libvirtd =
                       | int_entry "keepalive_count"
                       | bool_entry "keepalive_required"

+   let misc_entry = str_entry "host_uuid"
+
   (* Each enty in the config is one of the following three ... *)
   let entry = network_entry
             | sock_acl_entry
@ -80,6 +83,7 @@ module Libvirtd =
             | logging_entry
             | auditing_entry
             | keepalive_entry
+             | misc_entry
   let comment = [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
   let empty = [ label "#empty" . eol ]

--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@ -291,10 +291,13 @@
 # Logging filters:
 # A filter allows to select a different logging level for a given category
 # of logs
-# The format for a filter is:
+# The format for a filter is one of:
 #    x:name
-#      where name is a match string e.g. remote or qemu
-# the x prefix is the minimal level where matching messages should be logged
+#    x:+name
+#      where name is a string which is matched against source file name,
+#      e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+#      tells libvirt to log stack trace for each message matching name,
+#      and x is the minimal level where matching messages should be logged:
 #    1: DEBUG
 #    2: INFO
 #    3: WARNING
@ -303,10 +306,9 @@
 # Multiple filter can be defined in a single @filters, they just need to be
 # separated by spaces.
 #
-# e.g:
-# log_filters="3:remote 4:event"
-# to only get warning or errors from the remote layer and only errors from
-# the event layer.
+# e.g. to only get warning or errors from the remote layer and only errors
+# from the event layer:
+#log_filters="3:remote 4:event"

 # Logging outputs:
 # An output is one of the places to save logging information
@ -324,9 +326,9 @@
 #    4: ERROR
 #
 # Multiple output can be defined, they just need to be separated by spaces.
-# e.g.:
-# log_outputs="3:syslog:libvirtd"
-# to log all warnings and errors to syslog under the libvirtd ident
+# e.g. to log all warnings and errors to syslog under the libvirtd ident:
+#log_outputs="3:syslog:libvirtd"
+#

 # Log debug buffer size: default 64
 # The daemon keeps an internal debug log buffer which will be dumped in case
--- a/daemon/libvirtd.h
+++ b/daemon/libvirtd.h
@ -15,8 +15,8 @@
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
 *
 * Author: Daniel P. Berrange <berrange@redhat.com>
 */
--- a/daemon/libvirtd.pod.in
+++ b/daemon/libvirtd.pod.in
@ -54,7 +54,10 @@ Use this name for the PID file, overriding the default value.

 =item B<-t, --timeout> I<SECONDS>

-Exit after timeout period (in seconds) expires.
+Exit after timeout period (in seconds) elapse with no client connections
+or registered resources.  Be aware that resources such as autostart
+networks will result in never reaching the timeout, even when there are
+no client connections.

 =item B<-v, --verbose>

@ -72,41 +75,74 @@ On receipt of B<SIGHUP> libvirtd will reload its configuration.

 =head1 FILES

+=head2 When run as B<root>.
+
 =over

-=item F<@sysconfdir@/libvirtd.conf>
+=item F<SYSCONFDIR/libvirtd.conf>

 The default configuration file used by libvirtd, unless overridden on the
 command line using the B<-f>|B<--config> option.

-=item F<@localstatedir@/run/libvirt/libvirt-sock>
+=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock>

-=item F<@localstatedir@/run/libvirt/libvirt-sock-ro>
+=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock-ro>

-The sockets libvirtd will use when B<run as root>.
+The sockets libvirtd will use.

-=item F<$HOME/.libvirt/libvirt-sock>
-
-The socket libvirtd will use when run as a B<non-root> user.
-
-=item F<@sysconfdir@/pki/CA/cacert.pem>
+=item F<SYSCONFDIR/pki/CA/cacert.pem>

 The TLS B<Certificate Authority> certificate libvirtd will use.

-=item F<@sysconfdir@/pki/libvirt/servercert.pem>
+=item F<SYSCONFDIR/pki/libvirt/servercert.pem>

 The TLS B<Server> certificate libvirtd will use.

-=item F<@sysconfdir@/pki/libvirt/private/serverkey.pem>
+=item F<SYSCONFDIR/pki/libvirt/private/serverkey.pem>

 The TLS B<Server> private key libvirtd will use.

-=item F<@remote_pid_file@>
+=item F<LOCALSTATEDIR/run/libvirtd.pid>

 The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.

 =back

+=head2 When run as B<non-root>.
+
+=over
+
+=item F<$XDG_CONFIG_HOME/libvirtd.conf>
+
+The default configuration file used by libvirtd, unless overridden on the
+command line using the B<-f>|B<--config> option.
+
+=item F<$XDG_RUNTIME_DIR/libvirt/libvirt-sock>
+
+The socket libvirtd will use.
+
+=item F<$HOME/.pki/libvirt/cacert.pem>
+
+The TLS B<Certificate Authority> certificate libvirtd will use.
+
+=item F<$HOME/.pki/libvirt/servercert.pem>
+
+The TLS B<Server> certificate libvirtd will use.
+
+=item F<$HOME/.pki/libvirt/serverkey.pem>
+
+The TLS B<Server> private key libvirtd will use.
+
+=item F<$XDG_RUNTIME_DIR/libvirt/libvirtd.pid>
+
+The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
+
+=item If $XDG_CONFIG_HOME is not set in your environment, libvirtd will use F<$HOME/.config>
+
+=item If $XDG_RUNTIME_DIR is not set in your environment, libvirtd will use F<$HOME/.cache>
+
+=back
+
 =head1 EXAMPLES

 To retrieve the version of libvirtd:
@ -118,8 +154,8 @@ To retrieve the version of libvirtd:
 To start libvirtd, instructing it to daemonize and create a PID file:

 # libvirtd -d
- # ls -la @remote_pid_file@
- -rw-r--r-- 1 root root 6 Jul  9 02:40 @remote_pid_file@
+ # ls -la LOCALSTATEDIR/run/libvirtd.pid
+ -rw-r--r-- 1 root root 6 Jul  9 02:40 LOCALSTATEDIR/run/libvirtd.pid
 #

 =head1 BUGS
@ -150,7 +186,7 @@ Please refer to the AUTHORS file distributed with libvirt.

 =head1 COPYRIGHT

-Copyright (C) 2006-2010 Red Hat, Inc., and the authors listed in the
+Copyright (C) 2006-2012 Red Hat, Inc., and the authors listed in the
 libvirt AUTHORS file.

 =head1 LICENSE
--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@ -5,11 +5,8 @@

 [Unit]
 Description=Virtualization daemon
-After=syslog.target
-After=udev.target
-After=avahi.target
-After=dbus.target
 Before=libvirt-guests.service
+After=network.target

 [Service]
 EnvironmentFile=-/etc/sysconfig/libvirtd
--- a/daemon/remote.c
+++ b/daemon/remote.c
--- a/daemon/remote.h
+++ b/daemon/remote.h
@ -14,8 +14,8 @@
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
 *
 * Author: Richard W.M. Jones <rjones@redhat.com>
 * Author: Daniel P. Berrange <berrange@redhat.com>
@ -35,7 +35,8 @@ extern size_t remoteNProcs;
 extern virNetServerProgramProc qemuProcs[];
 extern size_t qemuNProcs;

-int remoteClientInitHook(virNetServerPtr srv,
-                         virNetServerClientPtr client);
+void remoteClientFreeFunc(void *data);
+void *remoteClientInitHook(virNetServerClientPtr client,
+                           void *opaque);

 #endif /* __LIBVIRTD_REMOTE_H__ */
--- a/daemon/stream.c
+++ b/daemon/stream.c
@ -14,8 +14,8 @@
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
 *
 * Author: Daniel P. Berrange <berrange@redhat.com>
 */
@ -32,10 +32,6 @@

 #define VIR_FROM_THIS VIR_FROM_STREAMS

-#define virNetError(code, ...)                                    \
-    virReportErrorHelper(VIR_FROM_THIS, code, __FILE__,           \
-                         __FUNCTION__, __LINE__, __VA_ARGS__)
-
 struct daemonClientStream {
    daemonClientPrivatePtr priv;
    int refs;
@ -108,14 +104,6 @@ daemonStreamMessageFinished(virNetMessagePtr msg ATTRIBUTE_UNUSED,
 }


-static void
-daemonStreamEventFreeFunc(void *opaque)
-{
-    virNetServerClientPtr client = opaque;
-
-    virNetServerClientFree(client);
-}
-
 /*
 * Callback that gets invoked when a stream becomes writable/readable
 */
@ -233,11 +221,11 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
        virStreamEventRemoveCallback(stream->st);
        virStreamAbort(stream->st);
        if (events & VIR_STREAM_EVENT_HANGUP)
-            virNetError(VIR_ERR_RPC,
-                        "%s", _("stream had unexpected termination"));
+            virReportError(VIR_ERR_RPC,
+                           "%s", _("stream had unexpected termination"));
        else
-            virNetError(VIR_ERR_RPC,
-                        "%s", _("stream had I/O failure"));
+            virReportError(VIR_ERR_RPC,
+                           "%s", _("stream had I/O failure"));

        msg = virNetMessageNew(false);
        if (!msg) {
@ -336,14 +324,12 @@ daemonCreateClientStream(virNetServerClientPtr client,

    stream->refs = 1;
    stream->priv = priv;
-    stream->prog = prog;
+    stream->prog = virObjectRef(prog);
    stream->procedure = header->proc;
    stream->serial = header->serial;
    stream->filterID = -1;
    stream->st = st;

-    virNetServerProgramRef(prog);
-
    return stream;
 }

@ -369,7 +355,7 @@ int daemonFreeClientStream(virNetServerClientPtr client,
    VIR_DEBUG("client=%p, proc=%d, serial=%d",
              client, stream->procedure, stream->serial);

-    virNetServerProgramFree(stream->prog);
+    virObjectUnref(stream->prog);

    msg = stream->rx;
    while (msg) {
@ -415,10 +401,11 @@ int daemonAddClientStream(virNetServerClientPtr client,

    if (virStreamEventAddCallback(stream->st, 0,
                                  daemonStreamEvent, client,
-                                  daemonStreamEventFreeFunc) < 0)
+                                  virObjectFreeCallback) < 0)
        return -1;

-    virNetServerClientRef(client);
+    virObjectRef(client);
+
    if ((stream->filterID = virNetServerClientAddFilter(client,
                                                        daemonStreamFilter,
                                                        stream)) < 0) {
@ -618,13 +605,13 @@ daemonStreamHandleAbort(virNetServerClientPtr client,
    virStreamAbort(stream->st);

    if (msg->header.status == VIR_NET_ERROR)
-        virNetError(VIR_ERR_RPC,
-                    "%s", _("stream aborted at client request"));
+        virReportError(VIR_ERR_RPC,
+                       "%s", _("stream aborted at client request"));
    else {
        VIR_WARN("unexpected stream status %d", msg->header.status);
-        virNetError(VIR_ERR_RPC,
-                    _("stream aborted with unexpected status %d"),
-                    msg->header.status);
+        virReportError(VIR_ERR_RPC,
+                       _("stream aborted with unexpected status %d"),
+                       msg->header.status);
    }

    return virNetServerProgramSendReplyError(remoteProgram,
--- a/daemon/stream.h
+++ b/daemon/stream.h
@ -14,8 +14,8 @@
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
 *
 * Author: Daniel P. Berrange <berrange@redhat.com>
 */
--- a/daemon/test_libvirtd.aug
+++ b/daemon/test_libvirtd.aug
@ -1,553 +0,0 @@
-module Test_libvirtd =
-   let conf = "# Master libvirt daemon configuration file
-#
-# For further information consult http://libvirt.org/format.html
-
-
-#################################################################
-#
-# Network connectivity controls
-#
-
-# Flag listening for secure TLS connections on the public TCP/IP port.
-# NB, must pass the --listen flag to the libvirtd process for this to
-# have any effect.
-#
-# It is necessary to setup a CA and issue server certificates before
-# using this capability.
-#
-# This is enabled by default, uncomment this to disable it
-listen_tls = 0
-
-# Listen for unencrypted TCP connections on the public TCP/IP port.
-# NB, must pass the --listen flag to the libvirtd process for this to
-# have any effect.
-#
-# Using the TCP socket requires SASL authentication by default. Only
-# SASL mechanisms which support data encryption are allowed. This is
-# DIGEST_MD5 and GSSAPI (Kerberos5)
-#
-# This is disabled by default, uncomment this to enable it.
-listen_tcp = 1
-
-
-
-# Override the port for accepting secure TLS connections
-# This can be a port number, or service name
-#
-tls_port = \"16514\"
-
-# Override the port for accepting insecure TCP connections
-# This can be a port number, or service name
-#
-tcp_port = \"16509\"
-
-
-# Override the default configuration which binds to all network
-# interfaces. This can be a numeric IPv4/6 address, or hostname
-#
-listen_addr = \"192.168.0.1\"
-
-
-# Flag toggling mDNS advertizement of the libvirt service.
-#
-# Alternatively can disable for all services on a host by
-# stopping the Avahi daemon
-#
-# This is disabled by default, uncomment this to enable it
-mdns_adv = 1
-
-# Override the default mDNS advertizement name. This must be
-# unique on the immediate broadcast network.
-#
-# The default is \"Virtualization Host HOSTNAME\", where HOSTNAME
-# is subsituted for the short hostname of the machine (without domain)
-#
-mdns_name = \"Virtualization Host Joe Demo\"
-
-
-#################################################################
-#
-# UNIX socket access controls
-#
-
-# Set the UNIX domain socket group ownership. This can be used to
-# allow a 'trusted' set of users access to management capabilities
-# without becoming root.
-#
-# This is restricted to 'root' by default.
-unix_sock_group = \"libvirt\"
-
-# Set the UNIX socket permissions for the R/O socket. This is used
-# for monitoring VM status only
-#
-# Default allows any user. If setting group ownership may want to
-# restrict this to:
-unix_sock_ro_perms = \"0777\"
-
-# Set the UNIX socket permissions for the R/W socket. This is used
-# for full management of VMs
-#
-# Default allows only root. If PolicyKit is enabled on the socket,
-# the default will change to allow everyone (eg, 0777)
-#
-# If not using PolicyKit and setting group ownership for access
-# control then you may want to relax this to:
-unix_sock_rw_perms = \"0770\"
-
-
-
-#################################################################
-#
-# Authentication.
-#
-#  - none: do not perform auth checks. If you can connect to the
-#          socket you are allowed. This is suitable if there are
-#          restrictions on connecting to the socket (eg, UNIX
-#          socket permissions), or if there is a lower layer in
-#          the network providing auth (eg, TLS/x509 certificates)
-#
-#  - sasl: use SASL infrastructure. The actual auth scheme is then
-#          controlled from /etc/sasl2/libvirt.conf. For the TCP
-#          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
-#          For non-TCP or TLS sockets,  any scheme is allowed.
-#
-#  - polkit: use PolicyKit to authenticate. This is only suitable
-#            for use on the UNIX sockets. The default policy will
-#            require a user to supply their own password to gain
-#            full read/write access (aka sudo like), while anyone
-#            is allowed read/only access.
-#
-# Set an authentication scheme for UNIX read-only sockets
-# By default socket permissions allow anyone to connect
-#
-# To restrict monitoring of domains you may wish to enable
-# an authentication mechanism here
-auth_unix_ro = \"none\"
-
-# Set an authentication scheme for UNIX read-write sockets
-# By default socket permissions only allow root. If PolicyKit
-# support was compiled into libvirt, the default will be to
-# use 'polkit' auth.
-#
-# If the unix_sock_rw_perms are changed you may wish to enable
-# an authentication mechanism here
-auth_unix_rw = \"none\"
-
-# Change the authentication scheme for TCP sockets.
-#
-# If you don't enable SASL, then all TCP traffic is cleartext.
-# Don't do this outside of a dev/test scenario. For real world
-# use, always enable SASL and use the GSSAPI or DIGEST-MD5
-# mechanism in /etc/sasl2/libvirt.conf
-auth_tcp = \"sasl\"
-
-# Change the authentication scheme for TLS sockets.
-#
-# TLS sockets already have encryption provided by the TLS
-# layer, and limited authentication is done by certificates
-#
-# It is possible to make use of any SASL authentication
-# mechanism as well, by using 'sasl' for this option
-auth_tls = \"none\"
-
-
-
-#################################################################
-#
-# TLS x509 certificate configuration
-#
-
-
-# Override the default server key file path
-#
-key_file = \"/etc/pki/libvirt/private/serverkey.pem\"
-
-# Override the default server certificate file path
-#
-cert_file = \"/etc/pki/libvirt/servercert.pem\"
-
-# Override the default CA certificate path
-#
-ca_file = \"/etc/pki/CA/cacert.pem\"
-
-# Specify a certificate revocation list.
-#
-# Defaults to not using a CRL, uncomment to enable it
-crl_file = \"/etc/pki/CA/crl.pem\"
-
-
-
-#################################################################
-#
-# Authorization controls
-#
-
-
-# Flag to disable verification of client certificates
-#
-# Client certificate verification is the primary authentication mechanism.
-# Any client which does not present a certificate signed by the CA
-# will be rejected.
-#
-# Default is to always verify. Uncommenting this will disable
-# verification - make sure an IP whitelist is set
-tls_no_verify_certificate = 1
-tls_no_sanity_certificate = 1
-
-
-# A whitelist of allowed x509  Distinguished Names
-# This list may contain wildcards such as
-#
-#    \"C=GB,ST=London,L=London,O=Red Hat,CN=*\"
-#
-# See the POSIX fnmatch function for the format of the wildcards.
-#
-# NB If this is an empty list, no client can connect, so comment out
-# entirely rather than using empty list to disable these checks
-#
-# By default, no DN's are checked
-   tls_allowed_dn_list = [\"DN1\", \"DN2\"]
-
-
-# A whitelist of allowed SASL usernames. The format for usernames
-# depends on the SASL authentication mechanism. Kerberos usernames
-# look like username@REALM
-#
-# This list may contain wildcards such as
-#
-#    \"*@EXAMPLE.COM\"
-#
-# See the POSIX fnmatch function for the format of the wildcards.
-#
-# NB If this is an empty list, no client can connect, so comment out
-# entirely rather than using empty list to disable these checks
-#
-# By default, no Username's are checked
-sasl_allowed_username_list = [
-  \"joe@EXAMPLE.COM\",
-  \"fred@EXAMPLE.COM\"
-]
-
-
-#################################################################
-#
-# Processing controls
-#
-
-# The maximum number of concurrent client connections to allow
-# over all sockets combined.
-max_clients = 20
-
-
-# The minimum limit sets the number of workers to start up
-# initially. If the number of active clients exceeds this,
-# then more threads are spawned, upto max_workers limit.
-# Typically you'd want max_workers to equal maximum number
-# of clients allowed
-min_workers = 5
-max_workers = 20
-
-# Total global limit on concurrent RPC calls. Should be
-# at least as large as max_workers. Beyond this, RPC requests
-# will be read into memory and queued. This directly impact
-# memory usage, currently each request requires 256 KB of
-# memory. So by default upto 5 MB of memory is used
-max_requests = 20
-
-# Limit on concurrent requests from a single client
-# connection. To avoid one client monopolizing the server
-# this should be a small fraction of the global max_requests
-# and max_workers parameter
-max_client_requests = 5
-
-# Logging level:
-log_level = 4
-
-# Logging outputs:
-log_outputs=\"4:stderr\"
-
-# Logging filters:
-log_filters=\"a\"
-
-# Auditing:
-audit_level = 2
-"
-
-   test Libvirtd.lns get conf =
-        { "#comment" = "Master libvirt daemon configuration file" }
-        { "#comment" = "" }
-        { "#comment" = "For further information consult http://libvirt.org/format.html" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "################################################################" }
-        { "#comment" = "" }
-        { "#comment" = "Network connectivity controls" }
-        { "#comment" = "" }
-        { "#empty" }
-        { "#comment" = "Flag listening for secure TLS connections on the public TCP/IP port." }
-        { "#comment" = "NB, must pass the --listen flag to the libvirtd process for this to" }
-        { "#comment" = "have any effect." }
-        { "#comment" = "" }
-        { "#comment" = "It is necessary to setup a CA and issue server certificates before" }
-        { "#comment" = "using this capability." }
-        { "#comment" = "" }
-        { "#comment" = "This is enabled by default, uncomment this to disable it" }
-        { "listen_tls" = "0" }
-        { "#empty" }
-        { "#comment" = "Listen for unencrypted TCP connections on the public TCP/IP port." }
-        { "#comment" = "NB, must pass the --listen flag to the libvirtd process for this to" }
-        { "#comment" = "have any effect." }
-        { "#comment" = "" }
-        { "#comment" = "Using the TCP socket requires SASL authentication by default. Only" }
-        { "#comment" = "SASL mechanisms which support data encryption are allowed. This is" }
-        { "#comment" = "DIGEST_MD5 and GSSAPI (Kerberos5)" }
-        { "#comment" = "" }
-        { "#comment" = "This is disabled by default, uncomment this to enable it." }
-        { "listen_tcp" = "1" }
-        { "#empty" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "Override the port for accepting secure TLS connections" }
-        { "#comment" = "This can be a port number, or service name" }
-        { "#comment" = "" }
-        { "tls_port" = "16514" }
-        { "#empty" }
-        { "#comment" = "Override the port for accepting insecure TCP connections" }
-        { "#comment" = "This can be a port number, or service name" }
-        { "#comment" = "" }
-        { "tcp_port" = "16509" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "Override the default configuration which binds to all network" }
-        { "#comment" = "interfaces. This can be a numeric IPv4/6 address, or hostname" }
-        { "#comment" = "" }
-        { "listen_addr" = "192.168.0.1" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "Flag toggling mDNS advertizement of the libvirt service." }
-        { "#comment" = "" }
-        { "#comment" = "Alternatively can disable for all services on a host by" }
-        { "#comment" = "stopping the Avahi daemon" }
-        { "#comment" = "" }
-        { "#comment" = "This is disabled by default, uncomment this to enable it" }
-        { "mdns_adv" = "1" }
-        { "#empty" }
-        { "#comment" = "Override the default mDNS advertizement name. This must be" }
-        { "#comment" = "unique on the immediate broadcast network." }
-        { "#comment" = "" }
-        { "#comment" = "The default is \"Virtualization Host HOSTNAME\", where HOSTNAME" }
-        { "#comment" = "is subsituted for the short hostname of the machine (without domain)" }
-        { "#comment" = "" }
-        { "mdns_name" = "Virtualization Host Joe Demo" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "################################################################" }
-        { "#comment" = "" }
-        { "#comment" = "UNIX socket access controls" }
-        { "#comment" = "" }
-        { "#empty" }
-        { "#comment" = "Set the UNIX domain socket group ownership. This can be used to" }
-        { "#comment" = "allow a 'trusted' set of users access to management capabilities" }
-        { "#comment" = "without becoming root." }
-        { "#comment" = "" }
-        { "#comment" = "This is restricted to 'root' by default." }
-        { "unix_sock_group" = "libvirt" }
-        { "#empty" }
-        { "#comment" = "Set the UNIX socket permissions for the R/O socket. This is used" }
-        { "#comment" = "for monitoring VM status only" }
-        { "#comment" = "" }
-        { "#comment" = "Default allows any user. If setting group ownership may want to" }
-        { "#comment" = "restrict this to:" }
-        { "unix_sock_ro_perms" = "0777" }
-        { "#empty" }
-        { "#comment" = "Set the UNIX socket permissions for the R/W socket. This is used" }
-        { "#comment" = "for full management of VMs" }
-        { "#comment" = "" }
-        { "#comment" = "Default allows only root. If PolicyKit is enabled on the socket," }
-        { "#comment" = "the default will change to allow everyone (eg, 0777)" }
-        { "#comment" = "" }
-        { "#comment" = "If not using PolicyKit and setting group ownership for access" }
-        { "#comment" = "control then you may want to relax this to:" }
-        { "unix_sock_rw_perms" = "0770" }
-        { "#empty" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "################################################################" }
-        { "#comment" = "" }
-        { "#comment" = "Authentication." }
-        { "#comment" = "" }
-        { "#comment" = "- none: do not perform auth checks. If you can connect to the" }
-        { "#comment" = "socket you are allowed. This is suitable if there are" }
-        { "#comment" = "restrictions on connecting to the socket (eg, UNIX" }
-        { "#comment" = "socket permissions), or if there is a lower layer in" }
-        { "#comment" = "the network providing auth (eg, TLS/x509 certificates)" }
-        { "#comment" = "" }
-        { "#comment" = "- sasl: use SASL infrastructure. The actual auth scheme is then" }
-        { "#comment" = "controlled from /etc/sasl2/libvirt.conf. For the TCP" }
-        { "#comment" = "socket only GSSAPI & DIGEST-MD5 mechanisms will be used." }
-        { "#comment" = "For non-TCP or TLS sockets,  any scheme is allowed." }
-        { "#comment" = "" }
-        { "#comment" = "- polkit: use PolicyKit to authenticate. This is only suitable" }
-        { "#comment" = "for use on the UNIX sockets. The default policy will" }
-        { "#comment" = "require a user to supply their own password to gain" }
-        { "#comment" = "full read/write access (aka sudo like), while anyone" }
-        { "#comment" = "is allowed read/only access." }
-        { "#comment" = "" }
-        { "#comment" = "Set an authentication scheme for UNIX read-only sockets" }
-        { "#comment" = "By default socket permissions allow anyone to connect" }
-        { "#comment" = "" }
-        { "#comment" = "To restrict monitoring of domains you may wish to enable" }
-        { "#comment" = "an authentication mechanism here" }
-        { "auth_unix_ro" = "none" }
-        { "#empty" }
-        { "#comment" = "Set an authentication scheme for UNIX read-write sockets" }
-        { "#comment" = "By default socket permissions only allow root. If PolicyKit" }
-        { "#comment" = "support was compiled into libvirt, the default will be to" }
-        { "#comment" = "use 'polkit' auth." }
-        { "#comment" = "" }
-        { "#comment" = "If the unix_sock_rw_perms are changed you may wish to enable" }
-        { "#comment" = "an authentication mechanism here" }
-        { "auth_unix_rw" = "none" }
-        { "#empty" }
-        { "#comment" = "Change the authentication scheme for TCP sockets." }
-        { "#comment" = "" }
-        { "#comment" = "If you don't enable SASL, then all TCP traffic is cleartext." }
-        { "#comment" = "Don't do this outside of a dev/test scenario. For real world" }
-        { "#comment" = "use, always enable SASL and use the GSSAPI or DIGEST-MD5" }
-        { "#comment" = "mechanism in /etc/sasl2/libvirt.conf" }
-        { "auth_tcp" = "sasl" }
-        { "#empty" }
-        { "#comment" = "Change the authentication scheme for TLS sockets." }
-        { "#comment" = "" }
-        { "#comment" = "TLS sockets already have encryption provided by the TLS" }
-        { "#comment" = "layer, and limited authentication is done by certificates" }
-        { "#comment" = "" }
-        { "#comment" = "It is possible to make use of any SASL authentication" }
-        { "#comment" = "mechanism as well, by using 'sasl' for this option" }
-        { "auth_tls" = "none" }
-        { "#empty" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "################################################################" }
-        { "#comment" = "" }
-        { "#comment" = "TLS x509 certificate configuration" }
-        { "#comment" = "" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "Override the default server key file path" }
-        { "#comment" = "" }
-        { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" }
-        { "#empty" }
-        { "#comment" = "Override the default server certificate file path" }
-        { "#comment" = "" }
-        { "cert_file" = "/etc/pki/libvirt/servercert.pem" }
-        { "#empty" }
-        { "#comment" = "Override the default CA certificate path" }
-        { "#comment" = "" }
-        { "ca_file" = "/etc/pki/CA/cacert.pem" }
-        { "#empty" }
-        { "#comment" = "Specify a certificate revocation list." }
-        { "#comment" = "" }
-        { "#comment" = "Defaults to not using a CRL, uncomment to enable it" }
-        { "crl_file" = "/etc/pki/CA/crl.pem" }
-        { "#empty" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "################################################################" }
-        { "#comment" = "" }
-        { "#comment" = "Authorization controls" }
-        { "#comment" = "" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "Flag to disable verification of client certificates" }
-        { "#comment" = "" }
-        { "#comment" = "Client certificate verification is the primary authentication mechanism." }
-        { "#comment" = "Any client which does not present a certificate signed by the CA" }
-        { "#comment" = "will be rejected." }
-        { "#comment" = "" }
-        { "#comment" = "Default is to always verify. Uncommenting this will disable" }
-        { "#comment" = "verification - make sure an IP whitelist is set" }
-        { "tls_no_verify_certificate" = "1" }
-        { "tls_no_sanity_certificate" = "1" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "A whitelist of allowed x509  Distinguished Names" }
-        { "#comment" = "This list may contain wildcards such as" }
-        { "#comment" = "" }
-        { "#comment" = "\"C=GB,ST=London,L=London,O=Red Hat,CN=*\"" }
-        { "#comment" = "" }
-        { "#comment" = "See the POSIX fnmatch function for the format of the wildcards." }
-        { "#comment" = "" }
-        { "#comment" = "NB If this is an empty list, no client can connect, so comment out" }
-        { "#comment" = "entirely rather than using empty list to disable these checks" }
-        { "#comment" = "" }
-        { "#comment" = "By default, no DN's are checked" }
-        { "tls_allowed_dn_list"
-             { "1" = "DN1"}
-             { "2" = "DN2"}
-        }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "A whitelist of allowed SASL usernames. The format for usernames" }
-        { "#comment" = "depends on the SASL authentication mechanism. Kerberos usernames" }
-        { "#comment" = "look like username@REALM" }
-        { "#comment" = "" }
-        { "#comment" = "This list may contain wildcards such as" }
-        { "#comment" = "" }
-        { "#comment" = "\"*@EXAMPLE.COM\"" }
-        { "#comment" = "" }
-        { "#comment" = "See the POSIX fnmatch function for the format of the wildcards." }
-        { "#comment" = "" }
-        { "#comment" = "NB If this is an empty list, no client can connect, so comment out" }
-        { "#comment" = "entirely rather than using empty list to disable these checks" }
-        { "#comment" = "" }
-        { "#comment" = "By default, no Username's are checked" }
-        { "sasl_allowed_username_list"
-             { "1" = "joe@EXAMPLE.COM" }
-             { "2" = "fred@EXAMPLE.COM" }
-        }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "################################################################"}
-        { "#comment" = ""}
-        { "#comment" = "Processing controls"}
-        { "#comment" = ""}
-        { "#empty" }
-        { "#comment" = "The maximum number of concurrent client connections to allow"}
-        { "#comment" = "over all sockets combined."}
-        { "max_clients" = "20" }
-        { "#empty" }
-        { "#empty" }
-        { "#comment" = "The minimum limit sets the number of workers to start up"}
-        { "#comment" = "initially. If the number of active clients exceeds this,"}
-        { "#comment" = "then more threads are spawned, upto max_workers limit."}
-        { "#comment" = "Typically you'd want max_workers to equal maximum number"}
-        { "#comment" = "of clients allowed"}
-        { "min_workers" = "5" }
-        { "max_workers" = "20" }
-	{ "#empty" }
-        { "#comment" = "Total global limit on concurrent RPC calls. Should be" }
-        { "#comment" = "at least as large as max_workers. Beyond this, RPC requests" }
-        { "#comment" = "will be read into memory and queued. This directly impact" }
-        { "#comment" = "memory usage, currently each request requires 256 KB of" }
-        { "#comment" = "memory. So by default upto 5 MB of memory is used" }
-        { "max_requests" = "20" }
-	{ "#empty" }
-        { "#comment" = "Limit on concurrent requests from a single client" }
-        { "#comment" = "connection. To avoid one client monopolizing the server" }
-        { "#comment" = "this should be a small fraction of the global max_requests" }
-        { "#comment" = "and max_workers parameter" }
-        { "max_client_requests" = "5" }
-	{ "#empty" }
-        { "#comment" = "Logging level:" }
-        { "log_level" = "4" }
-	{ "#empty" }
-        { "#comment" = "Logging outputs:" }
-        { "log_outputs" = "4:stderr" }
-	{ "#empty" }
-        { "#comment" = "Logging filters:" }
-        { "log_filters" = "a" }
-	{ "#empty" }
-        { "#comment" = "Auditing:" }
-        { "audit_level" = "2" }
--- a/daemon/test_libvirtd.aug.in
+++ b/daemon/test_libvirtd.aug.in
@ -0,0 +1,49 @@
+module Test_libvirtd =
+   ::CONFIG::
+
+   test Libvirtd.lns get conf =
+        { "listen_tls" = "0" }
+        { "listen_tcp" = "1" }
+        { "tls_port" = "16514" }
+        { "tcp_port" = "16509" }
+        { "listen_addr" = "192.168.0.1" }
+        { "mdns_adv" = "1" }
+        { "mdns_name" = "Virtualization Host Joe Demo" }
+        { "unix_sock_group" = "libvirt" }
+        { "unix_sock_ro_perms" = "0777" }
+        { "unix_sock_rw_perms" = "0770" }
+        { "unix_sock_dir" = "/var/run/libvirt" }
+        { "auth_unix_ro" = "none" }
+        { "auth_unix_rw" = "none" }
+        { "auth_tcp" = "sasl" }
+        { "auth_tls" = "none" }
+        { "key_file" = "/etc/pki/libvirt/private/serverkey.pem" }
+        { "cert_file" = "/etc/pki/libvirt/servercert.pem" }
+        { "ca_file" = "/etc/pki/CA/cacert.pem" }
+        { "crl_file" = "/etc/pki/CA/crl.pem" }
+        { "tls_no_sanity_certificate" = "1" }
+        { "tls_no_verify_certificate" = "1" }
+        { "tls_allowed_dn_list"
+             { "1" = "DN1"}
+             { "2" = "DN2"}
+        }
+        { "sasl_allowed_username_list"
+             { "1" = "joe@EXAMPLE.COM" }
+             { "2" = "fred@EXAMPLE.COM" }
+        }
+        { "max_clients" = "20" }
+        { "min_workers" = "5" }
+        { "max_workers" = "20" }
+        { "prio_workers" = "5" }
+        { "max_requests" = "20" }
+        { "max_client_requests" = "5" }
+        { "log_level" = "3" }
+        { "log_filters" = "3:remote 4:event" }
+        { "log_outputs" = "3:syslog:libvirtd" }
+        { "log_buffer_size" = "64" }
+        { "audit_level" = "2" }
+        { "audit_logging" = "1" }
+        { "host_uuid" = "00000000-0000-0000-0000-000000000000" }
+        { "keepalive_interval" = "5" }
+        { "keepalive_count" = "5" }
+        { "keepalive_required" = "1" }
--- a/docs/404.html.in
+++ b/docs/404.html.in
@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<html>
+  <body>
+    <h1>404 page not found</h1>
+
+    <p>
+      Someone appears to have eaten the <del>penguin</del>
+      page you were looking for. You might want to try
+    </p>
+    <ul>
+      <li>going back to the <a href="http://libvirt.org/">home page</a> to find
+        a collection of links to interesting pages on this site</li>
+      <li>using the search box at the top right corner of the screen to
+        locate the content on this site or mailing list archives</li>
+    </ul>
+
+    <p class="image">
+      <img src="/libvirtLogo404.png" alt="libvirt Logo"/>
+    </p>
+
+
+  </body>
+</html>
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in

-## Copyright (C) 2005-2011 Red Hat, Inc.
+## Copyright (C) 2005-2012 Red Hat, Inc.
 ## See COPYING.LIB for the License of this software

 SUBDIRS= schemas
@ -75,6 +75,10 @@ dot_html_in = $(notdir $(wildcard $(srcdir)/*.html.in)) todo.html.in hvsupport.h
      $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
 dot_html = $(dot_html_in:%.html.in=%.html)

+dot_php_in = $(notdir $(wildcard $(srcdir)/*.php.in))
+dot_php_code_in = $(dot_php_in:%.php.in=%.php.code.in)
+dot_php = $(dot_php_in:%.php.in=%.php)
+
 patches = $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/api_extension/*.patch))

 xml = \
@ -107,21 +111,22 @@ EXTRA_DIST=					\
  $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
  $(devhelphtml) $(devhelppng) $(devhelpcss) $(devhelpxsl) \
  $(xml) $(qemu_xml) $(fig) $(png) $(css) \
-  $(patches) \
+  $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
  sitemap.html.in \
  todo.pl hvsupport.pl todo.cfg-example

 MAINTAINERCLEANFILES = \
  $(addprefix $(srcdir)/,$(dot_html)) \
  $(addprefix $(srcdir)/,$(apihtml)) \
-  $(addprefix $(srcdir)/,$(devhelphtml))
+  $(addprefix $(srcdir)/,$(devhelphtml)) \
+  $(addprefix $(srcdir)/,$(dot_php))

-all: web
+all-am: web

 api: $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
 qemu_api: $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml

-web: $(dot_html) html/index.html devhelp/index.html
+web: $(dot_html) html/index.html devhelp/index.html $(dot_php)

 todo.html.in: todo.pl
 	if [ -f  todo.cfg ]; then \
@ -173,6 +178,19 @@ internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in
 	  || { rm $(srcdir)/$@ && exit 1; }; \
 	  else echo "missing XHTML1 DTD" ; fi ; fi

+%.php.tmp: %.php.in site.xsl page.xsl sitemap.html.in
+	@if [ -x $(XSLTPROC) ] ; then \
+	  echo "Generating $@"; \
+	  $(XSLTPROC) --stringparam pagename $(@:.tmp=) --nonet --html \
+	    $(top_srcdir)/docs/site.xsl $< > $@ \
+	    || { rm $@ && exit 1; }; fi
+
+%.php: %.php.tmp %.php.code.in
+	@if [ -x $(XSLTPROC) ] ; then \
+	  echo "Scripting $@"; \
+	    sed -e '/<a id="php_placeholder"><\/a>/r '"$(srcdir)/$@.code.in" \
+	    -e /php_placeholder/d < $@.tmp > $(srcdir)/$@ \
+	    || { rm $(srcdir)/$@ && exit 1; }; fi

 html/index.html: libvirt-api.xml newapi.xsl page.xsl sitemap.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
@ -200,12 +218,22 @@ python_generated_files = \
 		$(srcdir)/libvirt-qemu-api.xml \
 		$(srcdir)/libvirt-qemu-refs.xml

-$(python_generated_files): $(srcdir)/apibuild.py \
-		$(srcdir)/../include/libvirt/*.h \
+APIBUILD=$(srcdir)/apibuild.py
+APIBUILD_STAMP=$(APIBUILD).stamp
+EXTRA_DIST += $(APIBUILD_STAMP)
+
+$(python_generated_files): $(APIBUILD_STAMP)
+
+$(APIBUILD_STAMP): $(srcdir)/apibuild.py \
+		$(srcdir)/../include/libvirt/libvirt.h.in \
+		$(srcdir)/../include/libvirt/libvirt-qemu.h \
+		$(srcdir)/../include/libvirt/virterror.h \
 		$(srcdir)/../src/libvirt.c \
 		$(srcdir)/../src/libvirt-qemu.c \
 		$(srcdir)/../src/util/virterror.c
-	$(AM_V_GEN)srcdir=$(srcdir) $(PYTHON) $(srcdir)/apibuild.py
+	$(AM_V_GEN)srcdir=$(srcdir) $(PYTHON) $(APIBUILD)
+	touch $@
+

 check-local: all

@ -215,6 +243,7 @@ clean-local:
 maintainer-clean-local: clean-local
 	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml todo.html.in hvsupport.html.in
 	rm -rf $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
+	rm -rf $(APIBUILD_STAMP)

 rebuild: api qemu_api all

--- a/docs/api.html.in
+++ b/docs/api.html.in
@ -43,7 +43,7 @@
      <li>virNetworkPtr: represent one network either active or defined (i.e.
      existing as permanent config file and storage but not currently activated.
      The function <code class='docref'>virConnectListNetworks</code>
-      allows to list all the virtualization networks actived on this node.</li>
+      allows to list all the virtualization networks activated on this node.</li>
      <li>virStorageVolPtr: represent one storage volume, usually this is used
      as a block device available to one of the domains. The function
      <code class="docref">virStorageVolLookupByPath</code> allows to find
--- a/docs/api_extension.html.in
+++ b/docs/api_extension.html.in
@ -1,8 +1,4 @@
 <html>
-  <head>
-    <title>Implementing a new API in Libvirt</title>
-  </head>
-
  <body>
    <h1>Implementing a new API in Libvirt</h1>

--- a/docs/apibuild.py
+++ b/docs/apibuild.py
@ -1355,6 +1355,95 @@ class CParser:
                token = self.token()
        return token

+    def parseVirEnumDecl(self, token):
+        if token[0] != "name":
+            self.error("parsing VIR_ENUM_DECL: expecting name", token)
+
+        token = self.token()
+
+        if token[0] != "sep":
+            self.error("parsing VIR_ENUM_DECL: expecting ')'", token)
+
+        if token[1] != ')':
+            self.error("parsing VIR_ENUM_DECL: expecting ')'", token)
+
+        token = self.token()
+        if token[0] == "sep" and token[1] == ';':
+            token = self.token()
+
+        return token
+
+    def parseVirEnumImpl(self, token):
+        # First the type name
+        if token[0] != "name":
+            self.error("parsing VIR_ENUM_IMPL: expecting name", token)
+
+        token = self.token()
+
+        if token[0] != "sep":
+            self.error("parsing VIR_ENUM_IMPL: expecting ','", token)
+
+        if token[1] != ',':
+            self.error("parsing VIR_ENUM_IMPL: expecting ','", token)
+        token = self.token()
+
+        # Now the sentinel name
+        if token[0] != "name":
+            self.error("parsing VIR_ENUM_IMPL: expecting name", token)
+
+        token = self.token()
+
+        if token[0] != "sep":
+            self.error("parsing VIR_ENUM_IMPL: expecting ','", token)
+
+        if token[1] != ',':
+            self.error("parsing VIR_ENUM_IMPL: expecting ','", token)
+
+        token = self.token()
+
+        # Now a list of strings (optional comments)
+        while token is not None:
+            isGettext = False
+            # First a string, optionally with N_(...)
+            if token[0] == 'name':
+                if token[1] != 'N_':
+                    self.error("parsing VIR_ENUM_IMPL: expecting 'N_'", token)
+                token = self.token()
+                if token[0] != "sep" or token[1] != '(':
+                    self.error("parsing VIR_ENUM_IMPL: expecting '('", token)
+                token = self.token()
+                isGettext = True
+
+                if token[0] != "string":
+                    self.error("parsing VIR_ENUM_IMPL: expecting a string", token)
+                token = self.token()
+            elif token[0] == "string":
+                token = self.token()
+            else:
+                self.error("parsing VIR_ENUM_IMPL: expecting a string", token)
+
+            # Then a separator
+            if token[0] == "sep":
+                if isGettext and token[1] == ')':
+                    token = self.token()
+
+                if token[1] == ',':
+                    token = self.token()
+
+                if token[1] == ')':
+                    token = self.token()
+                    break
+
+            # Then an optional comment
+            if token[0] == "comment":
+                token = self.token()
+
+
+        if token[0] == "sep" and token[1] == ';':
+            token = self.token()
+
+        return token
+
     #
     # Parse a C definition block, used for structs or unions it parse till
     # the balancing }
@ -1502,6 +1591,29 @@ class CParser:
                               not self.is_header, "enum",
                               (enum[1], enum[2], enum_type))
            return token
+        elif token[0] == "name" and token[1] == "VIR_ENUM_DECL":
+            token = self.token()
+            if token != None and token[0] == "sep" and token[1] == "(":
+                token = self.token()
+                token = self.parseVirEnumDecl(token)
+            else:
+                self.error("parsing VIR_ENUM_DECL: expecting '('", token)
+            if token != None:
+                self.lexer.push(token)
+                token = ("name", "virenumdecl")
+            return token
+
+        elif token[0] == "name" and token[1] == "VIR_ENUM_IMPL":
+            token = self.token()
+            if token != None and token[0] == "sep" and token[1] == "(":
+                token = self.token()
+                token = self.parseVirEnumImpl(token)
+            else:
+                self.error("parsing VIR_ENUM_IMPL: expecting '('", token)
+            if token != None:
+                self.lexer.push(token)
+                token = ("name", "virenumimpl")
+            return token

        elif token[0] == "name":
            if self.type == "":
@ -1647,6 +1759,7 @@ class CParser:
        "virDomainSetMaxMemory"          : (False, ("memory")),
        "virDomainSetMemory"             : (False, ("memory")),
        "virDomainSetMemoryFlags"        : (False, ("memory")),
+        "virDomainBlockCommit"           : (False, ("bandwidth")),
        "virDomainBlockJobSetSpeed"      : (False, ("bandwidth")),
        "virDomainBlockPull"             : (False, ("bandwidth")),
        "virDomainBlockRebase"           : (False, ("bandwidth")),
@ -1849,6 +1962,11 @@ class docBuilder:
        self.index = {}
        self.basename = name

+    def warning(self, msg):
+        global warnings
+        warnings = warnings + 1
+        print msg
+
    def indexString(self, id, str):
        if str == None:
            return
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@ -212,6 +212,14 @@
        modular Web Services architecture.
      </dd>

+      <dt><a href="http://www.eucalyptus.com">Eucalyptus</a></dt>
+      <dd>
+        Eucalyptus is an on-premise Infrastructure as a Service cloud
+        software platform that is open source and
+        AWS-compatible. Eucalyptus uses libivrt virtualization API to
+        directly interact with Xen and KVM hypervisors.
+      </dd>
+
      <dt><a href="http://www.nimbusproject.org">Nimbus</a></dt>
      <dd>
        Nimbus is an open-source toolkit focused on providing
@ -219,6 +227,14 @@
        community.  It uses libvirt for communication with all KVM and Xen
        virtual machines.
      </dd>
+
+      <dt><a href="http://snooze.inria.fr">Snooze</a></dt>
+      <dd>
+        Snooze is an open-source scalable, autonomic, and energy-efficient
+        virtual machine (VM) management framework for private clouds. It
+        integrates libvirt for VM monitoring, live migration, and life-cycle
+        management.
+      </dd>
    </dl>

    <h2><a name="libraries">Libraries</a></h2>
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@ -25,7 +25,7 @@ for the authentication file using the following sequence:
        variable.</li>
      <li>The file path specified by the "authfile=/some/file" URI
        query parameter</li>
-      <li>The file $HOME/.libvirt/auth.conf</li>
+      <li>The file $XDG_CONFIG_DIR/libvirt/auth.conf</li>
      <li>The file /etc/libvirt/auth.conf</li>
    </ol>

--- a/docs/bugs.html.in
+++ b/docs/bugs.html.in
@ -126,7 +126,7 @@
    <p>
      It may also happen that the libvirt daemon itself crashes or gets stuck,
      in the first case run it (as root) under gdb, and reproduce the sequence
-      leading to the crash, similary to a normal program provide the
+      leading to the crash, similarly to a normal program provide the
      "bt" backtrace information to where gdb will have stopped.<br/>
      But if libvirtd gets stuck, for example seems to stop processing
      commands, try to attach to the faulty daemon and issue a gdb command
--- a/docs/compiling.html.in
+++ b/docs/compiling.html.in
@ -62,14 +62,50 @@
    <p>
      The libvirt build process uses GNU autotools, so after obtaining a
      checkout it is necessary to generate the configure script and Makefile.in
-      templates using the <code>autogen.sh</code> command, passing the extra
-      arguments as for configure. As an example, to do a complete build and
-      install it into your home directory run:
+      templates using the <code>autogen.sh</code> command. By default when
+      the <code>configure</code> script is run from within a GIT checkout, it
+      will turn on -Werror for builds. This can be disabled with --disable-werror,
+      but this is not recommended. To build &amp; install libvirt to your home
+      directory the following commands can be run:
    </p>

    <pre>
-      $ ./autogen.sh --prefix=$HOME/usr --enable-compile-warnings=error
+      $ ./autogen.sh --prefix=$HOME/usr
      $ make
      $ <b>sudo</b> make install</pre>
+
+    <p>
+      Be aware though, that binaries built with a custom prefix will not
+      interoperate with OS vendor provided binaries, since the UNIX socket
+      paths will all be different. To produce a build that is compatible
+      with normal OS vendor prefixes, use
+    </p>
+
+    <pre>
+      $ ./autogen.sh --system
+      $ make
+    </pre>
+
+    <p>
+      When doing this for day-to-day development purposes, it is recommended
+      not to install over the OS vendor provided binaries. Instead simply
+      run libvirt directly from the source tree. For example to run
+      a privileged libvirtd instance
+    </p>
+
+    <pre>
+      $ su -
+      # service libvirtd stop  (or systemctl stop libvirtd.service)
+      # /home/to/your/checkout/daemon/libvirtd
+    </pre>
+
+    <p>
+      It is also possible to run virsh directly from the source tree
+      using the ./run script (which sets some environment variables):
+    </p>
+
+    <pre>
+      $ ./run ./tools/virsh ....
+    </pre>
  </body>
 </html>
--- a/docs/drivers.html.in
+++ b/docs/drivers.html.in
@ -31,7 +31,7 @@
      <li><strong><a href="drvhyperv.html">Microsoft Hyper-V</a></strong></li>
    </ul>

-    <h2><a name="stroage">Storage drivers</a></h2>
+    <h2><a name="storage">Storage drivers</a></h2>

    <ul>
      <li><strong><a href="storage.html#StorageBackendDir">Directory backend</a></strong></li>
@ -42,6 +42,8 @@
      <li><strong><a href="storage.html#StorageBackendISCSI">iSCSI backend</a></strong></li>
      <li><strong><a href="storage.html#StorageBackendSCSI">SCSI backend</a></strong></li>
      <li><strong><a href="storage.html#StorageBackendMultipath">Multipath backend</a></strong></li>
+      <li><strong><a href="storage.html#StorageBackendRBD">RBD (RADOS Block Device) backend</a></strong></li>
+      <li><strong><a href="storage.html#StorageBackendSheepdog">Sheepdog backend</a></strong></li>
    </ul>
  </body>
 </html>
--- a/docs/drvopenvz.html.in
+++ b/docs/drvopenvz.html.in
@ -67,7 +67,7 @@ openvz+ssh://root@example.com/system (remote access, SSH tunnelled)
    script must be created manually by the host OS administrator. The
    simplest way is to just download the latest version of this script
    from a newer OpenVZ release, or upstream source repository. Then
-    a generic configuration file <code>/etc/vz/vznetctl.conf</code>
+    a generic configuration file <code>/etc/vz/vznet.conf</code>
    must be created containing
    </p>

--- a/docs/drvparallels.html.in
+++ b/docs/drvparallels.html.in
@ -0,0 +1,67 @@
+<html><body>
+    <h1>Parallels Cloud Server driver</h1>
+    <ul id="toc"></ul>
+    <p>
+        The libvirt Parallels driver can manage Parallels Cloud Server starting from version 6.0.
+    </p>
+
+
+    <h2><a name="project">Project Links</a></h2>
+    <ul>
+      <li>
+        The <a href="http://www.parallels.com/products/server/baremetal/sp/">Parallels Cloud Server</a> Virtualization Solution.
+      </li>
+    </ul>
+
+
+    <h2><a name="uri">Connections to the Parallels Cloud Server driver</a></h2>
+    <p>
+        The libvirt Parallels driver is a single-instance privileged driver, with a driver name of 'parallels'. Some example connection URIs for the libvirt driver are:
+    </p>
+<pre>
+parallels:///system                     (local access)
+parallels+unix:///system                (local access)
+parallels://example.com/system          (remote access, TLS/x509)
+parallels+tcp://example.com/system      (remote access, SASl/Kerberos)
+parallels+ssh://root@example.com/system (remote access, SSH tunnelled)
+</pre>
+
+    <h2><a name="example">Example guest domain XML configuration</a></h2>
+
+    <p>
+    Parallels driver require at least one hard disk for new domains
+    at this time. It is used for defining directory, where VM should
+    be created.
+    </p>
+
+<pre>
+&lt;domain type='parallels'&gt;
+  &lt;name&gt;demo&lt;/name&gt;
+  &lt;uuid&gt;54cdecad-4492-4e31-a209-33cc21d64057&lt;/uuid&gt;
+  &lt;description&gt;some description&lt;/description&gt;
+  &lt;memory unit='KiB'&gt;1048576&lt;/memory&gt;
+  &lt;currentMemory unit='KiB'&gt;1048576&lt;/currentMemory&gt;
+  &lt;vcpu placement='static'&gt;2&lt;/vcpu&gt;
+  &lt;os&gt;
+    &lt;type arch='x86_64'&gt;hvm&lt;/type&gt;
+  &lt;/os&gt;
+  &lt;clock offset='utc'/&gt;
+  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
+  &lt;on_reboot&gt;destroy&lt;/on_reboot&gt;
+  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
+  &lt;devices&gt;
+    &lt;disk type='file' device='disk'&gt;
+      &lt;source file='/storage/vol1'/&gt;
+      &lt;target dev='hda'/&gt;
+    &lt;/disk&gt;
+    &lt;video&gt;
+      &lt;model type='vga' vram='33554432' heads='1'&gt;
+        &lt;acceleration accel3d='no' accel2d='no'/&gt;
+      &lt;/model&gt;
+    &lt;/video&gt;
+  &lt;/devices&gt;
+&lt;/domain&gt;
+
+</pre>
+
+</body></html>
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@ -54,7 +54,7 @@
    The libvirt QEMU driver is a multi-instance driver, providing a single
    system wide privileged driver (the "system" instance), and per-user
    unprivileged drivers (the "session" instance). The URI driver protocol
-    is "qemu". Some example conection URIs for the libvirt driver are:
+    is "qemu". Some example connection URIs for the libvirt driver are:
    </p>

 <pre>
@ -476,7 +476,7 @@ $ virsh domxml-from-native qemu-argv demo.args
 &lt;/domain&gt;
 </pre>

-    <p>NB, don't include the literral \ in the args, put everything on one line</p>
+    <p>NB, don't include the literal \ in the args, put everything on one line</p>

    <h3><a name="xmlexport">Converting from domain XML to QEMU args</a></h3>

--- a/docs/drvtest.html.in
+++ b/docs/drvtest.html.in
@ -8,7 +8,7 @@
    The libvirt Test driver is a per-process fake hypervisor driver,
    with a driver name of 'test'. The driver maintains all its state
    in memory. It can start with a pre-configured default config, or
-    be given a path to a alternate config. Some example conection URIs
+    be given a path to an alternate config. Some example connection URIs
    for the libvirt driver are:
    </p>

--- a/docs/drvxen.html.in
+++ b/docs/drvxen.html.in
@ -59,7 +59,7 @@

    <p>
    The libvirt Xen driver is a single-instance privileged driver,
-    with a driver name of 'xen'. Some example conection URIs for
+    with a driver name of 'xen'. Some example connection URIs for
    the libvirt driver are:
    </p>

--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@ -105,7 +105,7 @@
    &lt;boot dev='cdrom'/&gt;
    &lt;bootmenu enable='yes'/&gt;
    &lt;smbios mode='sysinfo'/&gt;
-    &lt;bios useserial='yes'/&gt;
+    &lt;bios useserial='yes' rebootTimeout='0'/&gt;
  &lt;/os&gt;
  ...</pre>

@ -175,8 +175,13 @@
        Serial Graphics Adapter which allows users to see BIOS messages
        on a serial port. Therefore, one needs to have
        <a href="#elementCharSerial">serial port</a> defined.
-        <span class="since">Since 0.9.4</span>
-      </dd>
+        <span class="since">Since 0.9.4</span>.
+        <span class="since">Since 0.10.2 (QEMU only)</span> there is
+        another attribute, <code>rebootTimeout</code> that controls
+        whether and after how long the guest should start booting
+        again in case the boot fails (according to BIOS). The value is
+        in milliseconds with maximum of <code>65535</code> and special
+        value <code>-1</code> disables the reboot.
    </dl>

    <h4><a name="elementsOSBootloader">Host bootloader</a></h4>
@ -359,17 +364,18 @@
        0.8.5</span>, the optional attribute <code>current</code> can
        be used to specify whether fewer than the maximum number of
        virtual CPUs should be enabled.  <span class="since">Since
-        0.9.11 (QEMU and KVM only), the optional attribute
+        0.9.11 (QEMU and KVM only)</span>, the optional attribute
        <code>placement</code> can be used to indicate the CPU placement
        mode for domain process, its value can be either "static" or
-        "auto", defaults to "static" if <code>cpuset</code> is specified,
-        "auto" indicates the domain process will be pinned to the advisory
-        nodeset from querying numad, and the value of attribute
-        <code>cpuset</code> will be overridden by the advisory nodeset
-        from numad if it's specified. If both <code>cpuset</code> and
-        <code>placement</code> are not specified, or if <code>placement</code>
-        is "static", but no <code>cpuset</code> is specified, the domain
-        process will be pinned to all the available physical CPUs.
+        "auto", defaults to <code>placement</code> of <code>numatune</code>,
+         or "static" if <code>cpuset</code> is specified. "auto" indicates
+        the domain process will be pinned to the advisory nodeset from querying
+        numad, and the value of attribute <code>cpuset</code> will be ignored
+        if it's specified. If both <code>cpuset</code> and <code>placement</code>
+        are not specified, or if <code>placement</code> is "static", but no
+        <code>cpuset</code> is specified, the domain process will be pinned to
+        all the available physical CPUs. These settings are superseded
+        by <a href="#elementsCPUTuning">CPU tuning</a>.
      </dd>
    </dl>

@ -384,9 +390,12 @@
    &lt;vcpupin vcpu="1" cpuset="0,1"/&gt;
    &lt;vcpupin vcpu="2" cpuset="2,3"/&gt;
    &lt;vcpupin vcpu="3" cpuset="0,4"/&gt;
+    &lt;emulatorpin cpuset="1-3"/&gt;
    &lt;shares&gt;2048&lt;/shares&gt;
    &lt;period&gt;1000000&lt;/period&gt;
    &lt;quota&gt;-1&lt;/quota&gt;
+    &lt;emulator_period&gt;1000000&lt;/emulator_period&gt;
+    &lt;emulator_quota&gt;-1&lt;/emulator_quota&gt;
  &lt;/cputune&gt;
  ...
 &lt;/domain&gt;
@ -401,19 +410,29 @@
      </dd>
      <dt><code>vcpupin</code></dt>
      <dd>
-        The optional <code>vcpupin</code> element specifies which of host
-        physical CPUS the domain VCPU will be pinned to. If this is ommited,
-        each VCPU pinned to all the physical CPUS by default. It contains two
+        The optional <code>vcpupin</code> element specifies which of host's
+        physical CPUs the domain VCPU will be pinned to. This setting supersedes
+        previous VCPU placement specified in <a href="#elementsCPUAllocation">CPU
+        Allocation</a> using <code>vcpu</code> element. If this is omitted,
+        each VCPU is pinned to all the physical CPUs by default. It contains two
        required attributes, the attribute <code>vcpu</code> specifies vcpu id,
        and the attribute <code>cpuset</code> is same as
        attribute <code>cpuset</code>
        of element <code>vcpu</code>. (NB: Only qemu driver support)
        <span class="since">Since 0.9.0</span>
       </dd>
+       <dt><code>emulatorpin</code></dt>
+       <dd>
+         The optional <code>emulatorpin</code> element specifies which of host
+         physical CPUs the "emulator", a subset of a domain not including vcpu,
+         will be pinned to. If this is ommitted, "emulator" is pinned to all
+         the physical CPUs by default. It contains one required attribute
+         <code>cpuset</code> specifying which physical CPUs to pin to.
+       </dd>
      <dt><code>shares</code></dt>
      <dd>
        The optional <code>shares</code> element specifies the proportional
-        weighted share for the domain. If this is ommited, it defaults to
+        weighted share for the domain. If this is omitted, it defaults to
        the OS provided defaults. NB, There is no unit for the value,
        it's a relative measure based on the setting of other VM,
        e.g. A VM configured with value
@ -426,8 +445,9 @@
        interval(unit: microseconds). Within <code>period</code>, each vcpu of
        the domain will not be allowed to consume more than <code>quota</code>
        worth of runtime. The value should be in range [1000, 1000000]. A period
-        with value 0 means no value. (NB: Only qemu driver support)
-        <span class="since">Since 0.9.4</span>
+        with value 0 means no value.
+        <span class="since">Only QEMU driver support since 0.9.4, LXC since
+        0.9.10</span>
      </dd>
      <dt><code>quota</code></dt>
      <dd>
@ -437,9 +457,32 @@
        means that it is not bandwidth controlled. The value should be in range
        [1000, 18446744073709551] or less than 0. A quota with value 0 means no
        value. You can use this feature to ensure that all vcpus run at the same
-        speed. (NB: Only qemu driver support)
-        <span class="since">Since 0.9.4</span>
+        speed.
+        <span class="since">Only QEMU driver support since 0.9.4, LXC since
+        0.9.10</span>
      </dd>
+
+      <dt><code>emulator_period</code></dt>
+      <dd>
+        The optional <code>emulator_period</code> element specifies the enforcement
+        interval(unit: microseconds). Within <code>emulator_period</code>, emulator
+        threads(those excluding vcpus) of the domain will not be allowed to consume
+        more than <code>emulator_quota</code> worth of runtime. The value should be
+        in range [1000, 1000000]. A period with value 0 means no value.
+        <span class="since">Only QEMU driver support since 0.10.0</span>
+      </dd>
+      <dt><code>emulator_quota</code></dt>
+      <dd>
+        The optional <code>emulator_quota</code> element specifies the maximum
+        allowed bandwidth(unit: microseconds) for domain's emulator threads(those
+        excluding vcpus). A domain with <code>emulator_quota</code> as any negative
+        value indicates that the domain has infinite bandwidth for emulator threads
+        (those excluding vcpus), which means that it is not bandwidth controlled.
+        The value should be in range [1000, 18446744073709551] or less than 0. A
+        quota with value 0 means no value.
+        <span class="since">Only QEMU driver support since 0.10.0</span>
+      </dd>
+
    </dl>


@ -458,7 +501,7 @@
      <dt><code>memory</code></dt>
      <dd>The maximum allocation of memory for the guest at boot time.
        The units for this value are determined by the optional
-        atttribute <code>unit</code>, which defaults to "KiB"
+        attribute <code>unit</code>, which defaults to "KiB"
        (kibibytes, 2<sup>10</sup> or blocks of 1024 bytes).  Valid
        units are "b" or "bytes" for bytes, "KB" for kilobytes
        (10<sup>3</sup> or 1,000 bytes), "k" or "KiB" for kibibytes
@ -472,9 +515,15 @@
        However, the value will be rounded up to the nearest kibibyte
        by libvirt, and may be further rounded to the granularity
        supported by the hypervisor.  Some hypervisors also enforce a
-        minimum, such as
-        4000KiB. <span class='since'><code>unit</code> since
-        0.9.11</span></dd>
+        minimum, such as 4000KiB.
+
+        In the case of crash, optional attribute <code>dumpCore</code>
+        can be used to control whether the guest memory should be
+        included in the generated coredump or not (values "on", "off").
+
+        <span class='since'><code>unit</code> since 0.9.11</span>,
+        <span class='since'><code>dumpCore</code> since 0.10.2
+        (QEMU only)</span></dd>
      <dt><code>currentMemory</code></dt>
      <dd>The actual allocation of memory for the guest. This value can
        be less than the maximum allocation, to allow for ballooning
@ -578,11 +627,24 @@
      <dt><code>memory</code></dt>
      <dd>
        The optional <code>memory</code> element specifies how to allocate memory
-        for the domain process on a NUMA host. It contains two attributes,
-        attribute <code>mode</code> is either 'interleave', 'strict',
-        or 'preferred',
-        attribute <code>nodeset</code> specifies the NUMA nodes, it leads same
-        syntax with attribute <code>cpuset</code> of element <code>vcpu</code>.
+        for the domain process on a NUMA host. It contains several optional
+        attributes. Attribute <code>mode</code> is either 'interleave',
+        'strict', or 'preferred', defaults to 'strict'. Attribute
+        <code>nodeset</code> specifies the NUMA nodes, using the same syntax as
+        attribute <code>cpuset</code> of element <code>vcpu</code>. Attribute
+        <code>placement</code> (<span class='since'>since 0.9.12</span>) can be
+        used to indicate the memory placement mode for domain process, its value
+        can be either "static" or "auto", defaults to <code>placement</code> of
+        <code>vcpu</code>, or "static" if <code>nodeset</code> is specified.
+        "auto" indicates the domain process will only allocate memory from the
+        advisory nodeset returned from querying numad, and the value of attribute
+        <code>nodeset</code> will be ignored if it's specified.
+
+        If <code>placement</code> of <code>vcpu</code> is 'auto', and
+        <code>numatune</code> is not specified, a default <code>numatune</code>
+        with <code>placement</code> 'auto' and <code>mode</code> 'strict' will
+        be added implicitly.
+
        <span class='since'>Since 0.9.3</span>
      </dd>
    </dl>
@ -766,7 +828,11 @@
        in which case an attempt to start a domain requesting an unsupported
        CPU model will fail. Supported values for <code>fallback</code>
        attribute are: <code>allow</code> (this is the default), and
-        <code>forbid</code>.</dd>
+        <code>forbid</code>. The optional <code>vendor_id</code> attribute
+        (<span class="since">Since 0.10.0</span>)  can be used to set the
+        vendor id seen by the guest. It must be exactly 12 characters long.
+        If not set the vendor id of the host is used. Typical possible
+        values are "AuthenticAMD" and "GenuineIntel".</dd>

      <dt><code>vendor</code></dt>
      <dd><span class="since">Since 0.8.3</span> the content of the
@ -905,6 +971,30 @@
        domain will be restarted with the same configuration</dd>
    </dl>

+    <h3><a name="elementsPowerManagement">Power Management</a></h3>
+
+    <p>
+      <span class="since">Since 0.10.2</span> it is possible to
+      forcibly enable or disable BIOS advertisements to the guest
+      OS. (NB: Only qemu driver support)
+    </p>
+
+<pre>
+  ...
+  &lt;pm&gt;
+    &lt;suspend-to-disk enabled='no'/&gt;
+    &lt;suspend-to-ram enabled='yes'/&gt;
+  &lt;/pm&gt;
+  ...</pre>
+
+    <dl>
+      <dt><code>pm</code></dt>
+      <dd>These elements enable ('yes') or disable ('no') BIOS support
+        for S3 (suspend-to-disk) and S4 (suspend-to-mem) ACPI sleep
+        states. If nothing is specified, then the hypervisor will be
+        left with its default value.</dd>
+    </dl>
+
    <h3><a name="elementsFeatures">Hypervisor features</a></h3>

    <p>
@ -939,6 +1029,13 @@
      <dd>ACPI is useful for power management, for example, with
        KVM guests it is required for graceful shutdown to work.
      </dd>
+      <dt><code>apic</code></dt>
+      <dd>APIC allows the use of programmable IRQ
+      management. <span class="since">Since 0.10.2 (QEMU only)</span> there is
+      an optional attribute <code>eoi</code> with values <code>on</code>
+      and <code>off</code> which toggles the availability of EOI (End of
+      Interrupt) for the guest.
+      </dd>
      <dt><code>hap</code></dt>
      <dd>Enable use of Hardware Assisted Paging if available in
        the hardware.
@ -966,11 +1063,11 @@

 <pre>
  ...
-  &lt;clock offset="localtime"&gt;
-    &lt;timer name="rtc" tickpolicy="catchup" track="guest"&gt;
-      &lt;catchup threshold=123 slew=120 limit=10000/&gt;
+  &lt;clock offset='localtime'&gt;
+    &lt;timer name='rtc' tickpolicy='catchup' track='guest'&gt;
+      &lt;catchup threshold='123' slew='120' limit='10000'/&gt;
    &lt;/timer&gt;
-    &lt;timer name="pit" tickpolicy="delay"/&gt;
+    &lt;timer name='pit' tickpolicy='delay'/&gt;
  &lt;/clock&gt;
  ...</pre>

@ -1205,6 +1302,13 @@
      &lt;target dev='sda' bus='scsi'/&gt;
      &lt;address type='drive' controller='0' bus='0' target='3' unit='0'/&gt;
    &lt;/disk&gt;
+    &lt;disk type='block' device='disk'&gt;
+      &lt;driver name='qemu' type='raw'/&gt;
+      &lt;source dev='/dev/sda'/&gt;
+      &lt;geometry cyls='16383' heads='16' secs='63' trans='lba'/&gt;
+      &lt;blockio logical_block_size='512' physical_block_size='4096'/&gt;
+      &lt;target dev='hda' bus='ide'/&gt;
+    &lt;/disk&gt;
  &lt;/devices&gt;
  ...</pre>

@ -1256,8 +1360,8 @@
        path to the file holding the disk. If the disk
        <code>type</code> is "block", then the <code>dev</code>
        attribute specifies the path to the host device to serve as
-        the disk. With both "file" and "block", an optional
-        sub-element <code>seclabel</code>, <a href="#seclabel">described
+        the disk. With both "file" and "block", one or more optional
+        sub-elements <code>seclabel</code>, <a href="#seclabel">described
        below</a> (and <span class="since">since 0.9.9</span>), can be
        used to override the domain security labeling policy for just
        that source file.  If the disk <code>type</code> is "dir", then the
@ -1296,6 +1400,19 @@
        </table>
        <span class="since">Since 0.9.7</span>
        </dd>
+      <dt><code>mirror</code></dt>
+      <dd>
+        This element is present if the hypervisor has started a block
+        copy operation (via the <code>virDomainBlockCopy</code> API),
+        where the mirror location in attribute <code>file</code> will
+        eventually have the same contents as the source, and with the
+        file format in attribute <code>format</code> (which might
+        differ from the format of the source).  If
+        attribute <code>ready</code> is present, then it is known the
+        disk is ready to pivot; otherwise, the disk is probably still
+        copying.  For now, this element only valid in output; it is
+        ignored on input.  <span class="since">Since 0.9.12</span>
+      </dd>
      <dt><code>target</code></dt>
      <dd>The <code>target</code> element controls the bus / device
        under which the disk is exposed to the guest
@ -1420,7 +1537,7 @@
            The optional <code>event_idx</code> attribute controls
            some aspects of device event processing. The value can be
            either 'on' or 'off' - if it is on, it will reduce the
-            number of interupts and exits for the guest. The default
+            number of interrupts and exits for the guest. The default
            is determined by QEMU; usually if the feature is
            supported, default is on. In case there is a situation
            where this behavior is suboptimal, this attribute provides
@ -1431,7 +1548,7 @@
          </li>
          <li>
            The optional <code>copy_on_read</code> attribute controls
-            wether to copy read backing file into the image file. The
+            whether to copy read backing file into the image file. The
            value can be either "on" or "off".
            Copy-on-read avoids accessing the same backing file sectors
            repeatedly and is useful when the backing file is over a slow
@ -1476,6 +1593,12 @@
          like <code>&lt;serial&gt;WD-WMAP9A966149&lt;/serial&gt;</code>.
          <span class="since">Since 0.7.1</span>
      </dd>
+      <dt><code>wwn</code></dt>
+      <dd>If present, this element specifies the WWN (World Wide Name)
+        of a virtual hard disk or CD-ROM drive. It must be composed
+        of 16 hexadecimal digits.
+        <span class='since'>Since 0.10.1</span>
+      </dd>
      <dt><code>host</code></dt>
      <dd>The <code>host</code> element has two attributes "name" and "port",
        which specify the hostname and the port number. The meaning of this
@ -1539,6 +1662,42 @@
        associated with the Ceph secret
        object.  <span class="since">libvirt 0.9.7</span>
      </dd>
+      <dt><code>geometry</code></dt>
+      <dd>The optional <code>geometry</code> element provides the
+        ability to override geometry settings. This mostly useful for
+        S390 DASD-disks or older DOS-disks.  <span class="since">0.10.0</span>
+        <dl>
+          <dt><code>cyls</code></dt>
+          <dd>The <code>cyls</code> attribute is the
+            number of cylinders. </dd>
+          <dt><code>heads</code></dt>
+          <dd>The <code>heads</code> attribute is the
+            number of heads. </dd>
+          <dt><code>secs</code></dt>
+          <dd>The <code>secs</code> attribute is the
+            number of sectors per track. </dd>
+          <dt><code>trans</code></dt>
+          <dd>The optional <code>trans</code> attribute is the
+            BIOS-Translation-Modus (none, lba or auto)</dd>
+        </dl>
+      </dd>
+      <dt><code>blockio</code></dt>
+      <dd>If present, the <code>blockio</code> element allows
+        to override any of the block device properties listed below.
+        <span class="since">Since 0.10.2 (QEMU and KVM)</span>
+        <dl>
+          <dt><code>logical_block_size</code></dt>
+          <dd>The logical block size the disk will report to the guest
+            OS. For Linux this would be the value returned by the
+            BLKSSZGET ioctl and describes the smallest units for disk
+            I/O.
+          <dt><code>physical_block_size</code></dt>
+          <dd>The physical block size the disk will report to the guest
+            OS. For Linux this would be the value returned by the
+            BLKPBSZGET ioctl and describes the disk's hardware sector
+            size which can be relevant for the alignment of disk data.
+        </dl>
+      </dd>
    </dl>

    <h4><a name="elementsFilesystems">Filesystems</a></h4>
@ -1596,7 +1755,9 @@
        </dd>
        <dt><code>type='file'</code></dt>
        <dd>
-        Currently unused.
+        A host file will be treated as an image and mounted in
+        the guest. The filesystem format will be autodetected.
+        Only used by LXC driver.
        </dd>
        <dt><code>type='block'</code></dt>
        <dd>
@ -1604,6 +1765,18 @@
        format will be autodetected. Only used by LXC driver
        <span class="since">(since 0.9.5)</span>.
        </dd>
+        <dt><code>type='ram'</code></dt>
+        <dd>
+          An in-memory filesystem, using memory from the host OS.
+          The source element has a single attribute <code>usage</code>
+          which gives the memory usage limit in kibibytes. Only used
+          by LXC driver.
+          <span class="since"> (since 0.9.13)</span></dd>
+        <dt><code>type='bind'</code></dt>
+        <dd>
+          A directory inside the guest will be bound to another
+          directory inside the guest. Only used by LXC driver
+          <span class="since"> (since 0.9.13)</span></dd>
        </dl>

      The filesystem block has an optional attribute <code>accessmode</code>
@ -1643,7 +1816,8 @@
        The resource on the host that is being accessed in the guest. The
        <code>name</code> attribute must be used with
        <code>type='template'</code>, and the <code>dir</code> attribute must
-        be used with <code>type='mount'</code>
+        be used with <code>type='mount'</code>. The <code>usage</code> attribute
+        is used with <code>type='ram'</code> to set the memory limit in KB.
      </dd>

      <dt><code>target</code></dt>
@ -1660,6 +1834,20 @@
        default read-write access is given (currently only works for
        QEMU/KVM driver).
      </dd>
+
+      <dt><code>space_hard_limit</code></dt>
+      <dd>
+        Maximum space available to this guest's filesystem.
+        <span class="since">Since 0.9.13</span>
+      </dd>
+
+      <dt><code>space_soft_limit</code></dt>
+      <dd>
+        Maximum space available to this guest's filesystem. The container is
+        permitted to exceed its soft limits for a grace period of time. Afterwards the
+        hard limit is enforced.
+        <span class="since">Since 0.9.13</span>
+      </dd>
    </dl>

    <h4><a name="elementsAddress">Device Addresses</a></h4>
@ -1780,8 +1968,10 @@
      A "usb" controller has an optional attribute <code>model</code>,
      which is one of "piix3-uhci", "piix4-uhci", "ehci",
      "ich9-ehci1", "ich9-uhci1", "ich9-uhci2", "ich9-uhci3",
-      "vt82c686b-uhci" or "pci-ohci".  The PowerPC64 "spapr-vio"
-      addresses do not have an associated controller.
+      "vt82c686b-uhci", "pci-ohci" or "nec-xhci". Additionally,
+      <span class="since">since 0.10.0</span>, if the USB bus needs to be
+      explicitly disabled for the guest, <code>model='none'</code> may be used.
+      The PowerPC64 "spapr-vio" addresses do not have an associated controller.
    </p>

    <p>
@ -1970,6 +2160,10 @@
    &lt;redirdev bus='usb' type='tcp'&gt;
      &lt;source mode='connect' host='localhost' service='4000'/&gt;
    &lt;/redirdev&gt;
+    &lt;redirfilter&gt;
+      &lt;usbdev class='0x08' vendor='0x1234' product='0xbeef' version='2.00' allow='yes'/&gt;
+      &lt;usbdev allow='no'/&gt;
+    &lt;/redirfilter&gt;
  &lt;/devices&gt;
  ...</pre>

@ -1986,21 +2180,27 @@
        tunnel; <code>type='tcp'</code>
        or <code>type='spicevmc'</code> (which uses the usbredir
        channel of a <a href="#elementsGraphics">SPICE graphics
-        device</a>) are typical.</dd>
-
+        device</a>) are typical.The redirdev element has an optional
+        sub-element<code>&lt;address&gt;</code> which can tie the
+        device to a particular controller. Further sub-elements,
+        such as <code>&lt;source&gt;</code>, may be required according
+        to the given type, although a <code>&lt;target&gt;</code> sub-element
+        is not required (since the consumer of the character device is
+        the hypervisor itself,rather than a device visible in the guest).
+      </dd>
+      <dt><code>redirfilter</code></dt>
+      <dd>The<code> redirfilter </code>element is used for creating the
+        filter rule to filter out certain devices from redirection.
+        It uses sub-element <code>&lt;usbdev&gt;</code>to define each filter rule.
+        <code>class</code>attribute is the USB Class code, for example,
+        0x08 represents mass storage devices. The USB device can be addressed by
+        vendor / product id using the<code>vendor</code> and <code>product</code> attributes.
+        <code>version</code> is the bcdDevice value of USB device, such as 1.00, 1.10 and 2.00.
+        These four attributes are optional and <code>-1</code> can be used to allow
+        any value for them. <code>allow</code>attribute is mandatory,
+        'yes' means allow, 'no' for deny.
+      </dd>
    </dl>
-    <p>
-      The redirdev element has an optional sub-element
-      <code>&lt;address&gt;</code> which can tie the device to a
-      particular controller.
-    </p>
-    <p>
-      Further sub-elements, such as <code>&lt;source&gt;</code>, may
-      be required according to the given type, although
-      a <code>&lt;target&gt;</code> sub-element is not required (since
-      the consumer of the character device is the hypervisor itself,
-      rather than a device visible in the guest).
-    </p>

    <h4><a name="elementsSmartcard">Smartcard devices</a></h4>

@ -2169,11 +2369,40 @@
      the network; one network may have multiple portgroups defined,
      with each portgroup containing slightly different configuration
      information for different classes of network
-      connections. <span class="since">Since 0.9.4</span>). Also,
-      similar to <code>direct</code> network connections (described
-      below), a connection of type <code>network</code> may specify
-      a <code>virtportprofile</code> element, with configuration data
-      to be forwarded to a vepa or 802.1Qbh compliant switch.
+      connections. <span class="since">Since 0.9.4</span>.
+    </p>
+    <p>
+      Also, similar to <code>direct</code> network connections
+      (described below), a connection of type <code>network</code> may
+      specify a <code>virtualport</code> element, with configuration
+      data to be forwarded to a vepa (802.1Qbg) or 802.1Qbh compliant
+      switch (<span class="since">Since 0.8.2</span>), or to an
+      Open vSwitch virtual switch (<span class="since">Since
+      0.9.11</span>).
+    </p>
+    <p>
+      Since the actual type of switch may vary depending on the
+      configuration in the <code>&lt;network&gt;</code> on the host,
+      it is acceptable to omit the virtualport <code>type</code>
+      attribute, and specify attributes from multiple different
+      virtualport types (and also to leave out certain attributes); at
+      domain startup time, a complete <code>&lt;virtualport&gt;</code>
+      element will be constructed by merging together the type and
+      attributes found in the which will be filled in from the network
+      or portgroup <code>&lt;virtualport&gt;</code>)
+      (<span class="since">Since 0.10.0</span>). For example, in order
+      to work properly with both an 802.1Qbh switch and an Open vSwitch
+      switch, you may choose to specify no type, but both
+      an <code>instanceid</code> (in case the switch is 802.1Qbh) and
+      an <code>interfaceid</code> (in case the switch is Open vSwitch)
+      (you may also omit the other attributes, such as managerid,
+      typeid, or profileid, to be filled in from the
+      network's <code>&lt;virtualport&gt;</code>). If you want to
+      limit a guest to connecting only to certain types of switches,
+      you can specify the virtualport type, but still omit some/all of
+      the parameters - in this case if the host's network has a
+      different type of virtualport, connection of the interface will
+      fail.
    </p>

 <pre>
@ -2187,8 +2416,8 @@
      &lt;source network='default' portgroup='engineering'/&gt;
      &lt;target dev='vnet7'/&gt;
      &lt;mac address="00:11:22:33:44:55"/&gt;
-      &lt;virtualport type='802.1Qbg'&gt;
-        &lt;parameters managerid='11' typeid='1193047' typeidversion='2' instanceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'/&gt;
+      &lt;virtualport&gt;
+        &lt;parameters instanceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'/&gt;
      &lt;/virtualport&gt;

    &lt;/interface&gt;
@ -2200,7 +2429,7 @@
    <p>
      <strong><em>
      This is the recommended config for general guest connectivity on
-      hosts with static wired networking configs
+      hosts with static wired networking configs.
      </em></strong>
    </p>

@ -2215,19 +2444,40 @@
      configuration is whatever is used on the LAN. This provides the guest VM
      full incoming &amp; outgoing net access just like a physical machine.
    </p>
-
+    <p>
+      On Linux systems, the bridge device is normally a standard Linux
+      host bridge. On hosts that support Open vSwitch, it is also
+      possible to connect to an open vSwitch bridge device by adding
+      a <code>&lt;virtualport type='openvswitch'/&gt;</code> to the
+      interface definition.  (<span class="since">Since
+      0.9.11</span>). The Open vSwitch type virtualport accepts two
+      parameters in its <code>&lt;parameters&gt;</code> element -
+      an <code>interfaceid</code> which is a standard uuid used to
+      uniquely identify this particular interface to Open vSwitch (if
+      you do no specify one, a random interfaceid will be generated
+      for you when you first define the interface), and an
+      optional <code>profileid</code> which is sent to Open vSwitch as
+      the interfaces "port-profile".
+    </p>
 <pre>
  ...
  &lt;devices&gt;
-    &lt;interface type='bridge'&gt;
-      &lt;source bridge='br0'/&gt;
-    &lt;/interface&gt;
    ...
    &lt;interface type='bridge'&gt;
      &lt;source bridge='br0'/&gt;
+    &lt;/interface&gt;
+    &lt;interface type='bridge'&gt;
+      &lt;source bridge='br1'/&gt;
      &lt;target dev='vnet7'/&gt;
      &lt;mac address="00:11:22:33:44:55"/&gt;
    &lt;/interface&gt;
+    &lt;interface type='bridge'&gt;
+      &lt;source bridge='ovsbr'/&gt;
+      &lt;virtualport type='openvswitch'/&gt;
+        &lt;parameters profileid='menial' interfaceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'/&gt;
+      &lt;/virtualport&gt;
+    &lt;/interface&gt;
+    ...
  &lt;/devices&gt;
  ...</pre>

@ -2324,7 +2574,6 @@
 <pre>
  ...
  &lt;devices&gt;
-    &lt;interface type='direct'/&gt;
    ...
    &lt;interface type='direct'&gt;
      &lt;source dev='eth0' mode='vepa'/&gt;
@ -2373,7 +2622,6 @@
 <pre>
  ...
  &lt;devices&gt;
-    &lt;interface type='direct'/&gt;
    ...
    &lt;interface type='direct'&gt;
      &lt;source dev='eth0.2' mode='vepa'/&gt;
@ -2401,7 +2649,6 @@
  <pre>
  ...
  &lt;devices&gt;
-    &lt;interface type='direct'/&gt;
    ...
    &lt;interface type='direct'&gt;
      &lt;source dev='eth0' mode='private'/&gt;
@ -2421,8 +2668,8 @@
      is directly assigned to the guest using generic device
      passthrough, after first optionally setting the device's MAC
      address to the configured value, and associating the device with
-      an 802.1Qgh capable switch using an optionally specified
-      %lt;virtualport%gt; element (see the examples of virtualport
+      an 802.1Qbh capable switch using an optionally specified
+      &lt;virtualport&gt; element (see the examples of virtualport
      given above for type='direct' network devices). Note that - due
      to limitations in standard single-port PCI ethernet card driver
      design - only SR-IOV (Single Root I/O Virtualization) virtual
@ -2627,7 +2874,7 @@ qemu-kvm -net nic,model=? /dev/null
      <dd>
        The <code>event_idx</code> attribute controls some aspects of
        device event processing. The value can be either 'on' or 'off'
-        - if it is on, it will reduce the number of interupts and
+        - if it is on, it will reduce the number of interrupts and
        exits for the guest. The default is determined by QEMU;
        usually if the feature is supported, default is on. In case
        there is a situation where this behavior is suboptimal, this
@ -2747,6 +2994,46 @@ qemu-kvm -net nic,model=? /dev/null
      <span class="since">Since 0.9.4</span>
    </p>

+    <h5><a name="elementVlanTag">Setting VLAN tag (on supported network types only)</a></h5>
+
+<pre>
+  ...
+  &lt;devices&gt;
+    &lt;interface type='bridge'&gt;
+      <b>&lt;vlan&gt;</b>
+        <b>&lt;tag id='42'/&gt;</b>
+      <b>&lt;/vlan&gt;</b>
+      &lt;source bridge='ovsbr0'/&gt;
+      &lt;virtualport type='openvswitch'&gt;
+        &lt;parameters interfaceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'/&gt;
+      &lt;/virtualport&gt;
+    &lt;/interface&gt;
+  &lt;devices&gt;
+  ...</pre>
+
+    <p>
+      If (and only if) the network connection used by the guest
+      supports vlan tagging transparent to the guest, an
+      optional <code>&lt;vlan&gt;</code> element can specify one or
+      more vlan tags to apply to the guest's network
+      traffic <span class="since">Since 0.10.0</span>. (openvswitch
+      and type='hostdev' SR-IOV interfaces do support transparent vlan
+      tagging of guest traffic; everything else, including standard
+      linux bridges and libvirt's own virtual networks, <b>do not</b>
+      support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches
+      provide their own way (outside of libvirt) to tag guest traffic
+      onto specific vlans.) To allow for specification of multiple
+      tags (in the case of vlan trunking), a
+      subelement, <code>&lt;tag%gt;</code>, specifies which vlan tag
+      to use (for example: <code>&lt;tag id='42'/&gt;</code>. If an
+      interface has more than one <code>&lt;vlan&gt;</code> element
+      defined, it is assumed that the user wants to do VLAN trunking
+      using all the specified tags. In the case that vlan trunking
+      with a single tag is desired, the optional
+      attribute <code>trunk='yes'</code> can be added to the toplevel
+      vlan element.
+    </p>
+
    <h5><a name="elementLink">Modifying virtual link state</a></h5>
 <pre>
  ...
@ -2916,6 +3203,13 @@ qemu-kvm -net nic,model=? /dev/null
              <span class="since">Since 0.9.3</span>
              NB, this may not be supported by all hypervisors.
              <span class="since">"spice" since 0.8.6</span>.
+              The <code>defaultMode</code> attribute sets the default channel
+              security policy, valid values are <code>secure</code>,
+              <code>insecure</code> and the default <code>any</code>
+              (which is secure if possible, but falls back to insecure
+              rather than erroring out if no secure path is
+              available). <span class="since">"defaultMode" since
+              0.9.12</span>.
            </p>
            <p>
              When SPICE has both a normal and TLS secured TCP port
@ -2925,9 +3219,11 @@ qemu-kvm -net nic,model=? /dev/null
              main &lt;graphics&gt; element. Valid channel names
              include <code>main</code>, <code>display</code>,
              <code>inputs</code>, <code>cursor</code>,
-              <code>playback</code>, <code>record</code>;
-              and <span class="since">since
-              0.8.8</span>: <code>smartcard</code>.
+              <code>playback</code>, <code>record</code>
+              (all <span class="since"> since 0.8.6</span>);
+              <code>smartcard</code> (<span class="since">since
+              0.8.8</span>); and <code>usbredir</code>
+              (<span class="since">since 0.9.12</span>).
            </p>
            <pre>
  &lt;graphics type='spice' port='-1' tlsPort='-1' autoport='yes'&gt;
@ -3063,7 +3359,7 @@ qemu-kvm -net nic,model=? /dev/null
  &lt;devices&gt;
    &lt;video&gt;
      &lt;model type='vga' vram='8192' heads='1'&gt;
-        &lt;acceleration accel3d='yes' accel3d='yes'/&gt;
+        &lt;acceleration accel3d='yes' accel2d='yes'/&gt;
      &lt;/model&gt;
    &lt;/video&gt;
  &lt;/devices&gt;
@ -3148,6 +3444,14 @@ qemu-kvm -net nic,model=? /dev/null
      configured by the <code>source</code> element.
    </p>

+    <p>
+      The <code>source</code> element may contain an optional
+      <code>seclabel</code> to override the way that labelling
+      is done on the socket path.  If this element is not present,
+      the <a href="#seclabel">security label is inherited from
+        the per-domain setting</a>.
+    </p>
+
    <p>
      Each character device element has an optional
      sub-element <code>&lt;address&gt;</code> which can tie the
@ -3581,6 +3885,25 @@ qemu-kvm -net nic,model=? /dev/null
      </dd>
    </dl>

+    <p>
+      <span class="since">Since 0.9.13</span>, a sound element
+      with <code>ich6</code> model can have optional
+      sub-elements <code>&lt;codec&gt;</code> to attach various audio
+      codecs to the audio device. If not specified, a default codec
+      will be attached to allow playback and recording. Valid values
+      are 'duplex' (advertise a line-in and a line-out) and 'micro'
+      (advertise a speaker and a microphone).
+    </p>
+
+<pre>
+  ...
+  &lt;devices&gt;
+    &lt;sound model='ich6'&gt;
+      &lt;codec type='micro'/&gt;
+    &lt;sound/&gt;
+  &lt;/devices&gt;
+  ...</pre>
+
    <p>
      Each <code>sound</code> element has an optional
      sub-element <code>&lt;address&gt;</code> which can tie the
@ -3741,6 +4064,13 @@ qemu-kvm -net nic,model=? /dev/null
      since 0.6.2, and 'none' since 0.9.10.</span>
    </p>

+    <p>
+      If more than one security driver is used by libvirt, multiple
+      <code>seclabel</code> tags can be used, one for each driver and
+      the security driver referenced by each tag can be defined using
+      the attribute <code>model</code>
+    </p>
+
    <p>
      Valid input XML configurations for the top-level security label
      are:
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@ -15,8 +15,14 @@

    <p>
      The root element required for all virtual networks is
-      named <code>network</code> and has no attributes.
-      The network XML format is available <span class="since">since 0.3.0</span>
+      named <code>network</code> and has no configurable attributes
+      (although <span class="since">since 0.10.0</span> there is one
+      optional read-only attribute - when examining the live
+      configuration of a network, the
+      attribute <code>connections</code>, if present, specifies the
+      number of guest interfaces currently connected via this
+      network).  The network XML format is
+      available <span class="since">since 0.3.0</span>
    </p>

    <h3><a name="elementsMetadata">General metadata</a></h3>
@ -147,10 +153,17 @@
            This network describes either 1) an existing host bridge
            that was configured outside of libvirt (if
            a <code>&lt;bridge name='xyz'/&gt;</code> element has been
-            specified), or 2) an interface or group of interfaces to
-            be used for a "direct" connection via macvtap using
-            macvtap's "bridge" mode (if the forward element has one or
-            more <code>&lt;interface&gt;</code> subelements)
+            specified, <span class="since">Since 0.9.4</span>), 2) an
+            existing Open vSwitch bridge that was configured outside of
+            libvirt (if both a <code>&lt;bridge name='xyz'/&gt;</code>
+            element <b>and</b> a <code>&lt;virtualport
+            type='openvswitch'/&gt;</code> have been
+            specified <span class="since">Since 0.10.0</span>) 3) an
+            interface or group of interfaces to be used for a "direct"
+            connection via macvtap using macvtap's "bridge" mode (if
+            the forward element has one or
+            more <code>&lt;interface&gt;</code>
+            subelements, <span class="since">Since 0.9.4</span>)
            (see <a href="formatdomain.html#elementsNICSDirect">Direct
            attachment to physical interface</a> for descriptions of
            the various macvtap modes). libvirt doesn't attempt to
@ -210,6 +223,42 @@
            (usually either a domain start, or a hotplug interface
            attach to a domain).<span class="since">Since 0.9.4</span>
          </dd>
+          <dt><code>hostdev</code></dt>
+          <dd>
+            This network facilitates PCI Passthrough of a network
+            device.  A network device is chosen from the interface
+            pool and directly assigned to the guest using generic
+            device passthrough, after first optionally setting the
+            device's MAC address and vlan tag to the configured value,
+            and optionally associating the device with an 802.1Qbh
+            capable switch using a <code>&lt;virtualport&gt;</code>
+            element.  Note that - due to limitations in standard
+            single-port PCI ethernet card driver design - only SR-IOV
+            (Single Root I/O Virtualization) virtual function (VF)
+            devices can be assigned in this manner; to assign a
+            standard single-port PCI or PCIe ethernet card to a guest,
+            use the traditional <code>&lt; hostdev&gt;</code> device
+            definition. <span class="since"> Since 0.10.0</span>
+
+            <p>Note that this "intelligent passthrough" of network
+            devices is very similar to the functionality of a
+            standard <code>&lt; hostdev&gt;</code> device, the
+            difference being that this method allows specifying a MAC
+            address, vlan tag, and <code>&lt;virtualport &gt;</code>
+            for the passed-through device. If these capabilities are
+            not required, if you have a standard single-port PCI,
+            PCIe, or USB network card that doesn't support SR-IOV (and
+            hence would anyway lose the configured MAC address during
+            reset after being assigned to the guest domain), or if you
+            are using a version of libvirt older than 0.10.0, you
+            should use a standard
+            <code>&lt;hostdev&gt;</code> device definition in the
+            domain's configuration to assign the device to the guest
+            instead of defining an <code>&lt;interface
+            type='network'&gt;</code> pointing to a network
+            with <code>&lt;forward mode='hostdev'/&gt;</code>.
+            </p>
+          </dd>
        </dl>
        As mentioned above, a <code>&lt;forward&gt;</code> element can
        have multiple <code>&lt;interface&gt;</code> subelements, each
@ -226,12 +275,22 @@
  &lt;/forward&gt;
 ...
        </pre>
-        Additionally, <span class="since">since 0.9.10</span>, libvirt
-        allows a shorthand for specifying all virtual interfaces
-        associated with a single physical function, by using
-        the <code>&lt;pf&gt;</code> subelement to call out the
-        corresponding physical interface associated with multiple
-        virtual interfaces:
+        <p>
+          <span class="since">since 0.10.0</span>,
+          <code>&lt;interface&gt;</code> also has an optional read-only
+          attribute - when examining the live configuration of a
+          network, the attribute <code>connections</code>, if present,
+          specifies the number of guest interfaces currently connected
+          via this physical interface.
+        </p>
+        <p>
+          Additionally, <span class="since">since 0.9.10</span>, libvirt
+          allows a shorthand for specifying all virtual interfaces
+          associated with a single physical function, by using
+          the <code>&lt;pf&gt;</code> subelement to call out the
+          corresponding physical interface associated with multiple
+          virtual interfaces:
+        </p>
        <pre>
 ...
  &lt;forward mode='passthrough'&gt;
@ -249,6 +308,39 @@
        particular, 'passthrough' mode, and 'private' mode when using
        802.1Qbh), libvirt will choose an unused physical interface
        or, if it can't find an unused interface, fail the operation.</p>
+
+        <p>
+          <span class="since">since 0.10.0</span> When using forward
+          mode 'hostdev', the interface pool is specified with a list
+          of <code>&lt;address&gt;</code> elements, each of which has
+          <code>&lt; type&gt;</code> (must always be <code>'pci'</code>,
+          <code>&lt;domain&gt;</code>, <code>&lt;bus&gt;</code>,
+          <code>&lt;slot&gt;</code>, and <code>&lt;function&gt;</code>
+          attributes.
+        </p>
+        <pre>
+...
+  &lt;forward mode='hostdev' managed='yes'&gt;
+    &lt;address type='pci' domain='0' bus='4' slot='0' function='1'/&gt;
+    &lt;address type='pci' domain='0' bus='4' slot='0' function='2'/&gt;
+    &lt;address type='pci' domain='0' bus='4' slot='0' function='3'/&gt;
+  &lt;/forward&gt;
+...
+        </pre>
+
+        Alternatively the interface pool can also be defined using a
+        single physical function  <code>&lt;pf&gt;</code> subelement to
+        call out the  corresponding physical interface associated with
+        multiple virtual interfaces (similar to passthrough mode):
+
+        <pre>
+...
+  &lt;forward mode='hostdev' managed='yes'&gt;
+    &lt;pf dev='eth0'/&gt;
+  &lt;/forward&gt;
+...
+        </pre>
+
      </dd>
    </dl>
    <h5><a name="elementQoS">Quality of service</a></h5>
@ -283,6 +375,56 @@
        <span class="since">Since 0.9.4</span>
      </p>

+    <h5><a name="elementVlanTag">Setting VLAN tag (on supported network types only)</a></h5>
+
+<pre>
+  ...
+  &lt;devices&gt;
+    &lt;interface type='bridge'&gt;
+      <b>&lt;vlan trunk='yes'&gt;</b>
+        <b>&lt;tag id='42'/&gt;</b>
+        <b>&lt;tag id='47'/&gt;</b>
+      <b>&lt;/vlan&gt;</b>
+      &lt;source bridge='ovsbr0'/&gt;
+      &lt;virtualport type='openvswitch'&gt;
+        &lt;parameters interfaceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'/&gt;
+      &lt;/virtualport&gt;
+    &lt;/interface&gt;
+  &lt;devices&gt;
+  ...</pre>
+
+    <p>
+      If (and only if) the network type supports vlan tagging
+      transparent to the guest, an optional <code>&lt;vlan&gt;</code>
+      element can specify one or more vlan tags to apply to the
+      traffic of all guests using this
+      network <span class="since">Since 0.10.0</span>. (openvswitch
+      and type='hostdev' SR-IOV networks do support transparent vlan
+      tagging of guest traffic; everything else, including standard
+      linux bridges and libvirt's own virtual networks, <b>do not</b>
+      support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches
+      provide their own way (outside of libvirt) to tag guest traffic
+      onto specific vlans.) As expected, the <code>tag</code>
+      attribute specifies which vlan tag to use. If a network has more
+      than one <code>&lt;vlan&gt;</code> element defined, it is
+      assumed that the user wants to do VLAN trunking using all the
+      specified tags. In the case that vlan trunking with a single tag
+      is desired, the optional attribute <code>trunk='yes'</code> can
+      be added to the vlan element.
+    </p>
+    <p>
+      <code>&lt;vlan&gt;</code> elements can also be specified in
+      a <code>&lt;portgroup&gt;</code> element, as well as directly in
+      a domain's <code>&lt;interface&gt;</code> element. In the case
+      that a vlan tag is specified in multiple locations, the setting
+      in <code>&lt;interface&gt;</code> takes precedence, followed by
+      the setting in the <code>&lt;portgroup&gt;</code> selected by
+      the interface config. The <code>&lt;vlan&gt;</code>
+      in <code>&lt;network&gt;</code> will be selected only if none is
+      given in <code>&lt;portgroup&gt;</code>
+      or <code>&lt;interface&gt;</code>.
+    </p>
+
    <h5><a name="elementsPortgroup">Portgroups</a></h5>

 <pre>
@ -337,9 +479,15 @@
      default portgroup will be used. If no portgroup is given in the
      interface definition, and there is no default portgroup, then
      none will be used. Any <code>&lt;bandwidth&gt;</code>
-      or <code>&lt;virtualport&gt;</code> specified directly in the
-      domain XML will take precedence over any setting in the chosen
-      portgroup.
+
+      specified directly in the domain XML will take precedence over
+      any setting in the chosen portgroup. if
+      a <code>&lt;virtualport&gt;</code> is specified in the portgroup
+      (and/or directly in the network definition), the multiple
+      virtualports will be merged, and any parameter that is specified
+      in more than one virtualport, and is not identical, will be
+      considered an error, and will prevent the interface from
+      starting.
    </p>

    <h3><a name="elementsAddress">Addressing</a></h3>
--- a/docs/formatnode.html.in
+++ b/docs/formatnode.html.in
@ -143,7 +143,7 @@
            </dl>
          </dd>
          <dt><code>scsi</code></dt>
-          <dd>Desribes a SCSI device.  Sub-elements include:
+          <dd>Describes a SCSI device.  Sub-elements include:
            <dl>
              <dt><code>host</code></dt>
              <dd>The SCSI host containing the device.</dd>
@ -184,7 +184,7 @@
                available.</dd>
              <dt><code>capability</code></dt>
              <dd>If present, an additional capability is listed via
-                the attribute <code>type</code>.  Current capabilites
+                the attribute <code>type</code>.  Current capabilities
                include "hotpluggable" and "removable", with the
                latter implying the following
                sub-elements: <code>media_available</code> (0 or
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@ -371,6 +371,118 @@
      Further, the notation of $VARIABLE is short-hand for $VARIABLE[@0]. The
      former notation always assumes the iterator with Id '0'.
    <p>
+
+    <h3><a name="nwfelemsRulesAdvIPAddrDetection">Automatic IP address detection</a></h3>
+    <p>
+       The detection of IP addresses used on a virtual machine's interface
+       is automatically activated if the variable <code>IP</code> is referenced
+       but no value has been assigned to it.
+       <span class="since">Since 0.9.13</span>
+       the variable <code>CTRL_IP_LEARNING</code> can be used to specify
+       the IP address learning method to use. Valid values are <code>any</code>,
+       <code>dhcp</code>, or <code>none</code>.
+       <br/><br/>
+       The value <code>any</code> means that libvirt may use any packet to
+       determine the address in use by a virtual machine, which is the default
+       behavior if the variable <code>CTRL_IP_LEARNING</code> is not set. This method
+       will only detect a single IP address on an interface.
+       Once a VM's IP address has been detected, its IP network traffic
+       will be locked to that address, if for example IP address spoofing
+       is prevented by one of its filters. In that case the user of the VM
+       will not be able to change the IP address on the interface inside
+       the VM, which would be considered IP address spoofing.
+       When a VM is migrated to another host or resumed after a suspend operation,
+       the first packet sent by the VM will again determine the IP address it can
+       use on a particular interface.
+       <br/><br>
+       A value of <code>dhcp</code> specifies that libvirt should only honor DHCP
+       server-assigned addresses with valid leases. This method supports the detection
+       and usage of multiple IP address per interface.
+       When a VM is resumed after a suspend operation, still valid IP address leases
+       are applied to its filters. Otherwise the VM is expected to again use DHCP to obtain new
+       IP addresses. The migration of a VM to another physical host requires that
+       the VM again runs the DHCP protocol.
+       <br/><br/>
+       Use of <code>CTRL_IP_LEARNING=dhcp</code> (DHCP snooping) provides additional
+       anti-spoofing security, especially when combined with a filter allowing
+       only trusted DHCP servers to assign addresses. To enable this, set the
+       variable <code>DHCPSERVER</code> to the IP address of a valid DHCP server
+       and provide filters that use this variable to filter incoming DHCP responses.
+       <br/><br/>
+       When DHCP snooping is enabled and the DHCP lease expires,
+       the VM will no longer be able to use the IP address until it acquires a
+       new, valid lease from a DHCP server. If the VM is migrated, it must get
+       a new valid DHCP lease to use an IP address (e.g., by
+       bringing the VM interface down and up again).
+       <br/><br/>
+       Note that automatic DHCP detection listens to the DHCP traffic
+       the VM exchanges with the DHCP server of the infrastructure. To avoid
+       denial-of-service attacks on libvirt, the evaluation of those packets
+       is rate-limited, meaning that a VM sending an excessive number of DHCP
+       packets per second on an interface will not have all of those packets
+       evaluated and thus filters may not get adapted. Normal DHCP client
+       behavior is assumed to send a low number of DHCP packets per second.
+       Further, it is important to setup appropriate filters on all VMs in
+       the infrastructure to avoid them  being able to send DHCP
+       packets. Therefore VMs must either be prevented from sending UDP and TCP
+       traffic from port 67 to port 68 or the <code>DHCPSERVER</code>
+       variable should be used on all VMs to restrict DHCP server messages to
+       only be allowed to originate from trusted DHCP servers. At the same
+       time anti-spoofing prevention must be enabled on all VMs in the subnet.
+       <br/><br/>
+       If <code>CTRL_IP_LEARNING</code> is set to <code>none</code>, libvirt does not do
+       IP address learning and referencing <code>IP</code> without assigning it an
+       explicit value is an error.
+       <br/><br/>
+       The following XML provides an example for the activation of IP address learning
+       using the DHCP snooping method:
+    </p>
+<pre>
+    &lt;interface type='bridge'&gt;
+      &lt;source bridge='virbr0'/&gt;
+      &lt;filterref filter='clean-traffic'&gt;
+        &lt;parameter name='CTRL_IP_LEARNING' value='dhcp'/&gt;
+      &lt;/filterref&gt;
+    &lt;/interface&gt;
+</pre>
+
+    <h3><a name="nwfelemsReservedVars">Reserved Variables</a></h3>
+    <p>
+      The following table lists reserved variables in use by libvirt.
+    </p>
+      <table class="top_table">
+       <tr>
+         <th> Variable Name </th>
+         <th> Semantics </th>
+       </tr>
+       <tr>
+         <td> MAC </td>
+         <td> The MAC address of the interface </td>
+       </tr>
+       <tr>
+         <td> IP </td>
+         <td> The list of IP addresses in use by an interface </td>
+       </tr>
+       <tr>
+         <td> IPV6 </td>
+         <td> Not currently implemented:
+              the list of IPV6 addresses in use by an interface </td>
+       </tr>
+       <tr>
+         <td> DHCPSERVER </td>
+         <td> The list of IP addresses of trusted DHCP servers</td>
+       </tr>
+       <tr>
+         <td> DHCPSERVERV6 </td>
+         <td> Not currently implemented:
+              The list of IPv6 addresses of trusted DHCP servers</td>
+       </tr>
+       <tr>
+         <td> CTRL_IP_LEARNING </td>
+         <td> The choice of the IP address detection mode </td>
+       </tr>
+      </table>
+
    <h2><a name="nwfelems">Element and attribute overview</a></h2>

    <p>
@ -493,7 +605,7 @@
    </ul>
    <p>
     The above example indicates that the traffic of type <code>ip</code>
-     will be asscociated with the chain 'ipv4' and the rule will have
+     will be associated with the chain 'ipv4' and the rule will have
     priority 500. If for example another filter is referenced whose
     traffic of type <code>ip</code> is also associated with the chain
     'ipv4' then that filter's rules will be ordered relative to the priority
@ -520,7 +632,7 @@
    <ul>
     <li>UINT8 : 8 bit integer; range 0-255</li>
     <li>UINT16: 16 bit integer; range 0-65535</li>
-     <li>MAC_ADDR: MAC adrress in dotted decimal format, i.e., 00:11:22:33:44:55</li>
+     <li>MAC_ADDR: MAC address in dotted decimal format, i.e., 00:11:22:33:44:55</li>
     <li>MAC_MASK: MAC address mask in MAC address format, i.e., FF:FF:FF:FC:00:00</li>
     <li>IP_ADDR: IP address in dotted decimal format, i.e., 10.1.2.3</li>
     <li>IP_MASK: IP address mask in either dotted decimal format (255.255.248.0) or CIDR mask (0-32)</li>
@ -528,6 +640,11 @@
     <li>IPV6_MASK: IPv6 mask in numbers format (FFFF:FFFF:FC00::) or CIDR mask (0-128)</li>
     <li>STRING: A string</li>
     <li>BOOLEAN: 'true', 'yes', '1' or 'false', 'no', '0'</li>
+     <li>IPSETFLAGS: The source and destination flags of the ipset described
+         by up to 6 'src' or 'dst' elements selecting features from either
+         the source or destination part of the packet header; example:
+         src,src,dst. The number of 'selectors' to provide here depends
+         on the type of ipset that is referenced.</li>
    </ul>
    <p>
     <br/><br/>
@ -693,7 +810,7 @@
       <tr>
         <td>type</td>
         <td>UINT8</td>
-         <td>Bridge Protcol Data Unit (BPDU) type</td>
+         <td>Bridge Protocol Data Unit (BPDU) type</td>
       </tr>
       <tr>
         <td>flags</td>
@ -1169,6 +1286,16 @@
         <td>STRING</td>
         <td>TCP-only: format of mask/flags with mask and flags each being a comma separated list of SYN,ACK,URG,PSH,FIN,RST or NONE or ALL</td>
       </tr>
+       <tr>
+         <td>ipset <span class="since">(Since 0.9.13)</span></td>
+         <td>STRING</td>
+         <td>The name of an IPSet managed outside of libvirt</td>
+       </tr>
+       <tr>
+         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
+         <td>IPSETFLAGS</td>
+         <td>flags for the IPSet; requires ipset attribute</td>
+       </tr>
      </table>
    <p>
      <br/><br/>
@ -1269,6 +1396,16 @@
         <td>STRING</td>
         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
       </tr>
+       <tr>
+         <td>ipset <span class="since">(Since 0.9.13)</span></td>
+         <td>STRING</td>
+         <td>The name of an IPSet managed outside of libvirt</td>
+       </tr>
+       <tr>
+         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
+         <td>IPSETFLAGS</td>
+         <td>flags for the IPSet; requires ipset attribute</td>
+       </tr>
      </table>
    <p>
      <br/><br/>
@ -1358,6 +1495,16 @@
         <td>STRING</td>
         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
       </tr>
+       <tr>
+         <td>ipset <span class="since">(Since 0.9.13)</span></td>
+         <td>STRING</td>
+         <td>The name of an IPSet managed outside of libvirt</td>
+       </tr>
+       <tr>
+         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
+         <td>IPSETFLAGS</td>
+         <td>flags for the IPSet; requires ipset attribute</td>
+       </tr>
      </table>
    <p>
      <br/><br/>
@ -1459,6 +1606,16 @@
         <td>STRING</td>
         <td>TCP-only: format of mask/flags with mask and flags each being a comma separated list of SYN,ACK,URG,PSH,FIN,RST or NONE or ALL</td>
       </tr>
+       <tr>
+         <td>ipset <span class="since">(Since 0.9.13)</span></td>
+         <td>STRING</td>
+         <td>The name of an IPSet managed outside of libvirt</td>
+       </tr>
+       <tr>
+         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
+         <td>IPSETFLAGS</td>
+         <td>flags for the IPSet; requires ipset attribute</td>
+       </tr>
      </table>
    <p>
      <br/><br/>
@ -1545,6 +1702,16 @@
         <td>STRING</td>
         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
       </tr>
+       <tr>
+         <td>ipset <span class="since">(Since 0.9.13)</span></td>
+         <td>STRING</td>
+         <td>The name of an IPSet managed outside of libvirt</td>
+       </tr>
+       <tr>
+         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
+         <td>IPSETFLAGS</td>
+         <td>flags for the IPSet; requires ipset attribute</td>
+       </tr>
      </table>
    <p>
      <br/><br/>
@ -1619,6 +1786,16 @@
         <td>STRING</td>
         <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td>
       </tr>
+       <tr>
+         <td>ipset <span class="since">(Since 0.9.13)</span></td>
+         <td>STRING</td>
+         <td>The name of an IPSet managed outside of libvirt</td>
+       </tr>
+       <tr>
+         <td>ipsetflags <span class="since">(Since 0.9.13)</span></td>
+         <td>IPSETFLAGS</td>
+         <td>flags for the IPSet; requires ipset attribute</td>
+       </tr>
      </table>
    <p>
      <br/><br/>
@ -1629,6 +1806,7 @@
     The following sections discuss advanced filter configuration
     topics.
    </p>
+
    <h4><a name="nwfelemsRulesAdvTracking">Connection tracking</a></h4>
    <p>
     The network filtering subsystem (on Linux) makes use of the connection
@ -1733,7 +1911,7 @@
      unresponsive due to its traffic being dropped.
      Therefore, the limit of connections should be rather high so that
      fluctuations in new TCP connections don't cause odd
-      traffic behavior in relaton to idle connections.
+      traffic behavior in relation to idle connections.
    </p>

    <h2><a name="nwfcli">Command line tools</a></h2>
@ -1875,7 +2053,7 @@
    tree that instantiates iptables or ip6tables rules, a rule to let
    the UDP packet pass will also be necessary to be provided for those
    filtering layers. This can be
-    achieved with a rule containing an approriate <code>udp</code> or
+    achieved with a rule containing an appropriate <code>udp</code> or
    <code>udp-ipv6</code> traffic filtering node.
    </p>

@ -2075,7 +2253,7 @@
 </pre>
    <p>
     Before trying out a filter using the <code>RELATED</code> state,
-     you have to make sure that the approriate connection tracking module
+     you have to make sure that the appropriate connection tracking module
     has been loaded into the host's kernel. Depending on the version of the
     kernel, you must run either one of the following two commands before
     the ftp connection with the VM is established.
@ -2161,36 +2339,6 @@
     filtering subsystem.
    </p>

-    <h3><a name="nwflimitsIP">IP Address Detection</a></h3>
-     <p>
-       In case a network filter references the variable
-       <i>IP</i> and no variable was defined in any higher layer
-       references to the filter, IP address detection will automatically
-       be started when the filter is to be instantiated (VM start, interface
-       hotplug event). Only IPv4
-       addresses can be detected and only a single IP address
-       legitimately in use by a VM on a single interface will be detected.
-       In case a VM was to use multiple IP address on a single interface
-       (IP aliasing),
-       the IP addresses would have to be provided explicitly either
-       in the network filter itself or as variables used in attributes'
-       values. These
-       variables must then be defined in a higher level reference to the filter
-       and each assigned the value of the IP address that the VM is expected
-       to be using.
-       Different IP addresses in use by multiple interfaces of a VM
-       (one IP address each) will be independently detected.
-       <br/><br/>
-       Once a VM's IP address has been detected, its IP network traffic
-       may be locked to that address, if for example IP address spoofing
-       is prevented by one of its filters. In that case the user of the VM
-       will not be able to change the IP address on the interface inside
-       the VM, which would be considered IP address spoofing.
-       <br/><br/>
-       In case a VM is resumed after suspension or migrated, IP address
-       detection will be restarted.
-     </p>
-
    <h3><a name="nwflimitsmigr">VM Migration</a></h3>
     <p>
      VM migration is only supported if the whole filter tree
--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@ -141,6 +141,11 @@
            &lt;mode&gt;0744&lt;/mode&gt;
            &lt;label&gt;virt_image_t&lt;/label&gt;
          &lt;/permissions&gt;
+          &lt;timestamps&gt;
+            &lt;atime&gt;1341933637.273190990&lt;/atime&gt;
+            &lt;mtime&gt;1341930622.047245868&lt;/mtime&gt;
+            &lt;ctime&gt;1341930622.047245868&lt;/ctime&gt;
+          &lt;/timestamps&gt;
          &lt;encryption type='...'&gt;
            ...
          &lt;/encryption&gt;
@ -172,6 +177,19 @@
        contains the MAC (eg SELinux) label string.
        <span class="since">Since 0.4.1</span>
      </dd>
+      <dt><code>timestamps</code></dt>
+      <dd>Provides timing information about the volume. Up to four
+        sub-elements are present,
+        where <code>atime</code>, <code>btime</code>, <code>ctime</code>
+        and <code>mtime</code> hold the access, birth, change and
+        modification time of the volume, where known. The used time
+        format is &lt;seconds&gt;.&lt;nanoseconds&gt; since the
+        beginning of the epoch (1 Jan 1970). If nanosecond resolution
+        is 0 or otherwise unsupported by the host OS or filesystem,
+        then the nanoseconds part is omitted.  This is a readonly
+        attribute and is ignored when creating a volume.
+        <span class="since">Since 0.10.0</span>
+      </dd>
      <dt><code>encryption</code></dt>
      <dd>If present, specifies how the volume is encrypted.  See
        the <a href="formatstorageencryption.html">Storage Encryption</a> page
--- a/docs/hacking.html.in
+++ b/docs/hacking.html.in
@ -20,10 +20,57 @@
 <pre>
  git diff > libvirt-myfeature.patch
 </pre>
+        <p>However, the usual workflow of libvirt developer is:</p>
+<pre>
+  git checkout master
+  git pull
+  git checkout -t origin -b workbranch
+  Hack, committing any changes along the way
+</pre>
+        <p>Then, when you want to post your patches:</p>
+<pre>
+  git pull --rebase
+  (fix any conflicts)
+  git send-email --cover-letter --no-chain-reply-to --annotate \
+                 --to=libvir-list@redhat.com master
+</pre>
+        <p>(Note that the "git send-email" subcommand may not be in
+        the main git package and using it may require installion of a
+        separate package, for example the "git-email" package in
+        Fedora.)  For a single patch you can omit
+        <code>--cover-letter</code>, but a series of two or more
+        patches needs a cover letter. If you get tired of typing
+        <code>--to=libvir-list@redhat.com</code> designation you can
+        set it in git config:</p>
+<pre>
+  git config sendemail.to libvir-list@redhat.com
+</pre>
+        <p>Please follow this as close as you can, especially the rebase and
+        git send-email part, as it makes life easier for other developers to
+        review your patch set. One should avoid sending patches as attachments,
+        but rather send them in email body along with commit message. If a
+        developer is sending another version of the patch (e.g. to address
+        review comments), he is advised to note differences to previous
+        versions after the <code>---</code> line in the patch so that it helps
+        reviewers but doesn't become part of git history. Moreover, such patch
+        needs to be prefixed correctly with
+        <code>--subject-prefix=PATCHv2</code> appended to <code>git
+            send-email</code> (substitute <code>v2</code> with the correct
+        version if needed though).</p>
      </li>
-      <li>Split large changes into a series of smaller patches, self-contained
-        if possible, with an explanation of each patch and an explanation of how
-        the sequence of patches fits together.</li>
+
+      <li><p>Split large changes into a series of smaller patches,
+        self-contained if possible, with an explanation of each patch
+        and an explanation of how the sequence of patches fits
+        together. Moreover, please keep in mind that it's required to
+        be able to compile cleanly (<b>including</b> <code>make
+        check</code> and <code>make syntax-check</code>) after each
+        patch.  A feature does not have to work until the end of a
+        series, but intermediate patches must compile and not cause
+        test-suite failures (this is to preserve the usefulness
+        of <code>git bisect</code>, among other things).</p>
+      </li>
+
      <li>Make sure your patches apply against libvirt GIT.  Developers
        only follow GIT and don't care much about released versions.</li>
      <li><p>Run the automated tests on your code before submitting any changes.
@ -303,7 +350,7 @@
  }
 </pre>

-    <h2><a href="types">Preprocessor</a></h2>
+    <h2><a name="preprocessor">Preprocessor</a></h2>

    <p>
      For variadic macros, stick with C99 syntax:
@ -321,7 +368,7 @@
  #endif
 </pre>

-    <h2><a href="types">C types</a></h2>
+    <h2><a name="types">C types</a></h2>

    <p>
      Use the right type.
--- a/docs/hacking2.xsl
+++ b/docs/hacking2.xsl
@ -18,7 +18,8 @@

 <xsl:template match="/">
 <xsl:text>-*- buffer-read-only: t -*- vi: set ro:
-DO NOT EDIT THIS FILE!  IT IS GENERATED AUTOMATICALLY!
+DO NOT EDIT THIS FILE!  IT IS GENERATED AUTOMATICALLY
+from docs/hacking.html.in!



--- a/docs/hooks.html.in
+++ b/docs/hooks.html.in
@ -101,7 +101,7 @@
    <h5><a name="qemu">/etc/libvirt/hooks/qemu</a></h5>
    <ul>
      <li>Before a QEMU guest is started, the qemu hook script is
-        called in two locations; if either location fails, the guest
+        called in three locations; if any location fails, the guest
        is not started.  The first location, <span class="since">since
        0.9.0</span>, is before libvirt performs any resource
        labeling, and the hook can allocate resources not managed by
@ -110,7 +110,11 @@
        The second location, available <span class="since">Since
        0.8.0</span>, occurs after libvirt has finished labeling
        all resources, but has not yet started the guest, called as:<br/>
-        <pre>/etc/libvirt/hooks/qemu guest_name start begin -</pre></li>
+        <pre>/etc/libvirt/hooks/qemu guest_name start begin -</pre>
+        The third location, <span class="since">0.9.13</span>,
+        occurs after the QEMU process has successfully started up:<br/>
+        <pre>/etc/libvirt/hooks/qemu guest_name started begin -</pre>
+      </li>
      <li>When a QEMU guest is stopped, the qemu hook script is called
        in two locations, to match the startup.
        First, <span class="since">since 0.8.0</span>, the hook is
@ -130,15 +134,51 @@
        script returns failure or the output XML is not valid, incoming
        migration will be canceled. This hook may be used, e.g., to change
        location of disk images for incoming domains.</li>
+      <li><span class="since">Since 0.9.13</span>, the qemu hook script
+        is also called when the libvirtd daemon restarts and reconnects
+        to previously running QEMU processes. If the script fails, the
+        existing QEMU process will be killed off. It is called as:
+        <pre>/etc/libvirt/hooks/qemu guest_name reconnect begin -</pre>
+      </li>
+      <li><span class="since">Since 0.9.13</span>, the qemu hook script
+        is also called when the QEMU driver is told to attach to an
+        externally launched QEMU process. It is called as:
+        <pre>/etc/libvirt/hooks/qemu guest_name attach begin -</pre>
+      </li>
    </ul>

    <h5><a name="lxc">/etc/libvirt/hooks/lxc</a></h5>
    <ul>
-      <li>When an LXC guest is started, the lxc hook script is called as:<br/>
-          <pre>/etc/libvirt/hooks/lxc guest_name start begin -</pre></li>
+      <li>Before a LXC guest is started, the lxc hook script is
+        called in three locations; if any location fails, the guest
+        is not started.  The first location, <span class="since">since
+        0.9.13</span>, is before libvirt performs any resource
+        labeling, and the hook can allocate resources not managed by
+        libvirt such as DRBD or missing bridges.  This is called as:<br/>
+        <pre>/etc/libvirt/hooks/lxc guest_name prepare begin -</pre>
+        The second location, available <span class="since">Since
+        0.8.0</span>, occurs after libvirt has finished labeling
+        all resources, but has not yet started the guest, called as:<br/>
+        <pre>/etc/libvirt/hooks/lxc guest_name start begin -</pre>
+        The third location, <span class="since">0.9.13</span>,
+        occurs after the LXC process has successfully started up:<br/>
+        <pre>/etc/libvirt/hooks/lxc guest_name started begin -</pre>
+      </li>
      <li>When a LXC guest is stopped, the lxc hook script is called
-          as:<br/>
-          <pre>/etc/libvirt/hooks/lxc guest_name stopped end -</pre></li>
+        in two locations, to match the startup.
+        First, <span class="since">since 0.8.0</span>, the hook is
+        called before libvirt restores any labels:<br/>
+        <pre>/etc/libvirt/hooks/lxc guest_name stopped end -</pre>
+        Then, after libvirt has released all resources, the hook is
+        called again, <span class="since">since 0.9.0</span>, to allow
+        any additional resource cleanup:<br/>
+        <pre>/etc/libvirt/hooks/lxc guest_name release end -</pre></li>
+      <li><span class="since">Since 0.9.13</span>, the lxc hook script
+        is also called when the libvirtd daemon restarts and reconnects
+        to previously running LXC processes. If the script fails, the
+        existing LXC process will be killed off. It is called as:
+        <pre>/etc/libvirt/hooks/lxc guest_name reconnect begin -</pre>
+      </li>
    </ul>
    <br/>

--- a/docs/hvsupport.pl
+++ b/docs/hvsupport.pl
@ -27,9 +27,9 @@ my %groupheaders = (
 my @srcs;
 find({
    wanted => sub {
-	if (m!$srcdir/.*/\w+_(driver|tmpl|monitor|hal|udev)\.c$!) {
-	    push @srcs, $_ if $_ !~ /vbox_driver\.c/;
-	}
+        if (m!$srcdir/.*/\w+_(driver|tmpl|monitor|hal|udev)\.c$!) {
+            push @srcs, $_ if $_ !~ /vbox_driver\.c/;
+        }
    }, no_chdir => 1}, $srcdir);
 my $line;

@ -47,26 +47,26 @@ while (defined($line = <FILE>)) {
    next if $line =~ /^\s*$/;
    next if $line =~ /^\s*(global|local):/;
    if ($line =~ /^\s*LIBVIRT_(\d+\.\d+\.\d+)\s*{\s*$/) {
-	if (defined $vers) {
-	    die "malformed syms file";
-	}
-	$vers = $1;
+        if (defined $vers) {
+            die "malformed syms file";
+        }
+        $vers = $1;
    } elsif ($line =~ /\s*}\s*;\s*$/) {
-	if (defined $prevvers) {
-	    die "malformed syms file";
-	}
-	$prevvers = $vers;
-	$vers = undef;
+        if (defined $prevvers) {
+            die "malformed syms file";
+        }
+        $prevvers = $vers;
+        $vers = undef;
    } elsif ($line =~ /\s*}\s*LIBVIRT_(\d+\.\d+\.\d+)\s*;\s*$/) {
-	if ($1 ne $prevvers) {
-	    die "malformed syms file $1 != $vers";
-	}
-	$prevvers = $vers;
-	$vers = undef;
+        if ($1 ne $prevvers) {
+            die "malformed syms file $1 != $vers";
+        }
+        $prevvers = $vers;
+        $vers = undef;
    } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
-	$apis{$1} = $vers;
+        $apis{$1} = $vers;
    } else {
-	die "unexpected data $line\n";
+        die "unexpected data $line\n";
    }
 }

@ -86,26 +86,26 @@ while (defined($line = <FILE>)) {
    next if $line =~ /^\s*$/;
    next if $line =~ /^\s*(global|local):/;
    if ($line =~ /^\s*LIBVIRT_QEMU_(\d+\.\d+\.\d+)\s*{\s*$/) {
-	if (defined $vers) {
-	    die "malformed syms file";
-	}
-	$vers = $1;
+        if (defined $vers) {
+            die "malformed syms file";
+        }
+        $vers = $1;
    } elsif ($line =~ /\s*}\s*;\s*$/) {
-	if (defined $prevvers) {
-	    die "malformed syms file";
-	}
-	$prevvers = $vers;
-	$vers = undef;
+        if (defined $prevvers) {
+            die "malformed syms file";
+        }
+        $prevvers = $vers;
+        $vers = undef;
    } elsif ($line =~ /\s*}\s*LIBVIRT_QEMU_(\d+\.\d+\.\d+)\s*;\s*$/) {
-	if ($1 ne $prevvers) {
-	    die "malformed syms file $1 != $vers";
-	}
-	$prevvers = $vers;
-	$vers = undef;
+        if ($1 ne $prevvers) {
+            die "malformed syms file $1 != $vers";
+        }
+        $prevvers = $vers;
+        $vers = undef;
    } elsif ($line =~ /\s*(\w+)\s*;\s*$/) {
-	$apis{$1} = $vers;
+        $apis{$1} = $vers;
    } else {
-	die "unexpected data $line\n";
+        die "unexpected data $line\n";
    }
 }

@ -143,31 +143,31 @@ my %groups;
 my $ingrp;
 while (defined($line = <FILE>)) {
    if ($line =~ /struct _(vir\w*(?:Driver|Monitor))/) {
-	my $grp = $1;
-	if ($grp ne "virStateDriver" &&
-	    $grp ne "virStreamDriver") {
-	    $ingrp = $grp;
-	    $groups{$ingrp} = { apis => {}, drivers => {} };
-	}
+        my $grp = $1;
+        if ($grp ne "virStateDriver" &&
+            $grp ne "virStreamDriver") {
+            $ingrp = $grp;
+            $groups{$ingrp} = { apis => {}, drivers => {} };
+        }
    } elsif ($ingrp) {
-	if ($line =~ /^\s*vir(?:Drv|DevMon)(\w+)\s+(\w+);\s*$/) {
-	    my $field = $2;
-	    my $name = $1;
+        if ($line =~ /^\s*vir(?:Drv|DevMon)(\w+)\s+(\w+);\s*$/) {
+            my $field = $2;
+            my $name = $1;

-	    my $api;
-	    if (exists $apis{"vir$name"}) {
-		$api = "vir$name";
-	    } elsif (exists $apis{"virConnect$name"}) {
-		$api = "virConnect$name";
-	    } elsif (exists $apis{"virNode$name"}) {
-		$api = "virNode$name";
-	    } else {
-		die "driver $name does not have a public API";
-	    }
-	    $groups{$ingrp}->{apis}->{$field} = $api;
-	} elsif ($line =~ /};/) {
-	    $ingrp = undef;
-	}
+            my $api;
+            if (exists $apis{"vir$name"}) {
+                $api = "vir$name";
+            } elsif (exists $apis{"virConnect$name"}) {
+                $api = "virConnect$name";
+            } elsif (exists $apis{"virNode$name"}) {
+                $api = "virNode$name";
+            } else {
+                die "driver $name does not have a public API";
+            }
+            $groups{$ingrp}->{apis}->{$field} = $api;
+        } elsif ($line =~ /};/) {
+            $ingrp = undef;
+        }
    }
 }

@ -179,60 +179,60 @@ close FILE;

 foreach my $src (@srcs) {
    open FILE, "<$src" or
-	die "cannot read $src: $!";
+        die "cannot read $src: $!";

    $ingrp = undef;
    my $impl;
    while (defined($line = <FILE>)) {
-	if (!$ingrp) {
-	    foreach my $grp (keys %groups) {
-		if ($line =~ /^\s*(?:static\s+)?$grp\s+(\w+)\s*=\s*{/ ||
-		    $line =~ /^\s*(?:static\s+)?$grp\s+NAME\(\w+\)\s*=\s*{/) {
-		    $ingrp = $grp;
-		    $impl = $src;
+        if (!$ingrp) {
+            foreach my $grp (keys %groups) {
+                if ($line =~ /^\s*(?:static\s+)?$grp\s+(\w+)\s*=\s*{/ ||
+                    $line =~ /^\s*(?:static\s+)?$grp\s+NAME\(\w+\)\s*=\s*{/) {
+                    $ingrp = $grp;
+                    $impl = $src;

-		    if ($impl =~ m,.*/node_device_(\w+)\.c,) {
-			$impl = $1;
-		    } else {
-			$impl =~ s,.*/(\w+?)_((\w+)_)?(\w+)\.c,$1,;
-		    }
+                    if ($impl =~ m,.*/node_device_(\w+)\.c,) {
+                        $impl = $1;
+                    } else {
+                        $impl =~ s,.*/(\w+?)_((\w+)_)?(\w+)\.c,$1,;
+                    }

-		    if ($groups{$ingrp}->{drivers}->{$impl}) {
-			die "Group $ingrp already contains $impl";
-		    }
+                    if ($groups{$ingrp}->{drivers}->{$impl}) {
+                        die "Group $ingrp already contains $impl";
+                    }

-		    $groups{$ingrp}->{drivers}->{$impl} = {};
-		}
-	    }
+                    $groups{$ingrp}->{drivers}->{$impl} = {};
+                }
+            }

-	} else {
-	    if ($line =~ m!\s*\.(\w+)\s*=\s*(\w+)\s*,?\s*(?:/\*\s*(\d+\.\d+\.\d+)\s*\*/\s*)?$!) {
-		my $api = $1;
-		my $meth = $2;
-		my $vers = $3;
+        } else {
+            if ($line =~ m!\s*\.(\w+)\s*=\s*(\w+)\s*,?\s*(?:/\*\s*(\d+\.\d+\.\d+)\s*\*/\s*)?$!) {
+                my $api = $1;
+                my $meth = $2;
+                my $vers = $3;

-		next if $api eq "no" || $api eq "name";
+                next if $api eq "no" || $api eq "name";

-		die "Method $meth in $src is missing version" unless defined $vers;
+                die "Method $meth in $src is missing version" unless defined $vers;

-		die "Driver method for $api is NULL in $src" if $meth eq "NULL";
+                die "Driver method for $api is NULL in $src" if $meth eq "NULL";

-		if (!exists($groups{$ingrp}->{apis}->{$api})) {
-		    die "Found unexpected method $api in $ingrp\n";
-		}
+                if (!exists($groups{$ingrp}->{apis}->{$api})) {
+                    die "Found unexpected method $api in $ingrp\n";
+                }

-		$groups{$ingrp}->{drivers}->{$impl}->{$api} = $vers;
-		if ($api eq "domainMigratePrepare" ||
-		    $api eq "domainMigratePrepare2" ||
-		    $api eq "domainMigratePrepare3") {
-		    $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"} = $vers
-			unless $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"};
-		}
+                $groups{$ingrp}->{drivers}->{$impl}->{$api} = $vers;
+                if ($api eq "domainMigratePrepare" ||
+                    $api eq "domainMigratePrepare2" ||
+                    $api eq "domainMigratePrepare3") {
+                    $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"} = $vers
+                        unless $groups{$ingrp}->{drivers}->{$impl}->{"domainMigrate"};
+                }

-	    } elsif ($line =~ /}/) {
-		$ingrp = undef;
-	    }
-	}
+            } elsif ($line =~ /}/) {
+                $ingrp = undef;
+            }
+        }
    }

    close FILE;
@ -253,21 +253,21 @@ foreach my $drv (keys %{$groups{"virDriver"}->{drivers}}) {
    my $openVersStr = $groups{"virDriver"}->{drivers}->{$drv}->{"open"};
    my $openVers;
    if ($openVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
-	$openVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
+        $openVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
    }

    # virConnectOpenReadOnly always matches virConnectOpen version
    $groups{"virDriver"}->{drivers}->{$drv}->{"openReadOnly"} =
-	$groups{"virDriver"}->{drivers}->{$drv}->{"open"};
+        $groups{"virDriver"}->{drivers}->{$drv}->{"open"};

    # virConnectOpenAuth is always 0.4.0 if the driver existed
    # before this time, otherwise it matches the version of
    # the driver's virConnectOpen entry
    if ($openVersStr eq "Y" ||
-	$openVers >= $openAuthVers) {
-	$groups{"virDriver"}->{drivers}->{$drv}->{"openAuth"} = $openVersStr;
+        $openVers >= $openAuthVers) {
+        $groups{"virDriver"}->{drivers}->{$drv}->{"openAuth"} = $openVersStr;
    } else {
-	$groups{"virDriver"}->{drivers}->{$drv}->{"openAuth"} = "0.4.0";
+        $groups{"virDriver"}->{drivers}->{$drv}->{"openAuth"} = "0.4.0";
    }
 }

@ -283,17 +283,17 @@ foreach my $drv (keys %{$groups{"virDriver"}->{drivers}}) {
    next unless defined $createVersStr;
    my $createVers;
    if ($createVersStr =~ /(\d+)\.(\d+)\.(\d+)/) {
-	$createVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
+        $createVers = ($1 * 1000 * 1000) + ($2 * 1000) + $3;
    }

    # virCreateLinux is always 0.0.3 if the driver existed
    # before this time, otherwise it matches the version of
    # the driver's virCreateXML entry
    if ($createVersStr eq "Y" ||
-	$createVers >= $createAPIVers) {
-	$groups{"virDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = $createVersStr;
+        $createVers >= $createAPIVers) {
+        $groups{"virDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = $createVersStr;
    } else {
-	$groups{"virDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = "0.0.3";
+        $groups{"virDriver"}->{drivers}->{$drv}->{"domainCreateLinux"} = "0.0.3";
    }
 }

@ -329,7 +329,7 @@ foreach my $grp (sort { $a cmp $b } keys %groups) {
 EOF

    foreach my $drv (sort { $a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-	print "  <th>$drv</th>\n";
+        print "  <th>$drv</th>\n";
    }

    print <<EOF;
@ -340,27 +340,27 @@ EOF

    my $row = 0;
    foreach my $field (sort {
-	$groups{$grp}->{apis}->{$a}
-	cmp
-	$groups{$grp}->{apis}->{$b}
-	} keys %{$groups{$grp}->{apis}}) {
-	my $api = $groups{$grp}->{apis}->{$field};
-	my $vers = $apis{$api};
-	print <<EOF;
+        $groups{$grp}->{apis}->{$a}
+        cmp
+        $groups{$grp}->{apis}->{$b}
+        } keys %{$groups{$grp}->{apis}}) {
+        my $api = $groups{$grp}->{apis}->{$field};
+        my $vers = $apis{$api};
+        print <<EOF;
 <tr>
 <td><a href=\"html/libvirt-libvirt.html#$api\">$api</a></td>
 <td>$vers</td>
 EOF

        foreach my $drv (sort {$a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-	    if (exists $groups{$grp}->{drivers}->{$drv}->{$field}) {
-		print "<td>", $groups{$grp}->{drivers}->{$drv}->{$field}, "</td>\n";
-	    } else {
-		print "<td></td>\n";
-	    }
+            if (exists $groups{$grp}->{drivers}->{$drv}->{$field}) {
+                print "<td>", $groups{$grp}->{drivers}->{$drv}->{$field}, "</td>\n";
+            } else {
+                print "<td></td>\n";
+            }
        }

-	print <<EOF;
+        print <<EOF;
 </tr>
 EOF

@ -373,13 +373,13 @@ EOF
 EOF

            foreach my $drv (sort { $a cmp $b } keys %{$groups{$grp}->{drivers}}) {
-	        print "  <th>$drv</th>\n";
+                print "  <th>$drv</th>\n";
            }

        print <<EOF;
 </tr>
 EOF
-	}
+        }

    }

--- a/docs/libvirt-daemon-arch.png
+++ b/docs/libvirt-daemon-arch.png
--- a/docs/libvirt-driver-arch.png
+++ b/docs/libvirt-driver-arch.png
--- a/docs/libvirt-net-logical.png
+++ b/docs/libvirt-net-logical.png
--- a/docs/libvirt-net-physical.png
+++ b/docs/libvirt-net-physical.png
--- a/docs/libvirt-object-model.png
+++ b/docs/libvirt-object-model.png
--- a/docs/libvirtLogo404.png
+++ b/docs/libvirtLogo404.png
--- a/docs/locking.html.in
+++ b/docs/locking.html.in
@ -165,7 +165,7 @@
    <p>
      If all went well, libvirtd will have talked to sanlock
      and created the basic lockspace. This can be checked
-      by looking for existance of the following file
+      by looking for existence of the following file
    </p>

    <pre>
--- a/docs/logging.html.in
+++ b/docs/logging.html.in
@ -114,11 +114,16 @@
    </h3>
    <p>The syntax for filters and outputs is the same for both types of
       variables.</p>
-    <p>The format for a filter is:</p>
-    <pre>x:name</pre>
-    <p>where <code>name</code> is a match string e.g. <code>remote</code> or
-    <code>qemu</code> and the x is the minimal level where matching messages
-    should be logged:</p>
+    <p>The format for a filter is one of:</p>
+    <pre>
+  x:name  (log message only)
+  x:+name (log message + stack trace)</pre>
+    <p>where <code>name</code> is a string which is matched against source
+    file name, e.g., <code>remote</code>, <code>qemu</code>, or
+    <code>util/json</code>, the optional <code>+</code> prefix tells libvirt
+    to log stack trace for each message matching <code>name</code>, and
+    <code>x</code> is the minimal level where matching messages should
+    be logged:</p>
    <ul>
      <li>1: DEBUG</li>
      <li>2: INFO</li>
--- a/docs/migration.html.in
+++ b/docs/migration.html.in
@ -87,7 +87,13 @@
      daemon controls the entire migration process itself, by directly
      connecting the destination host libvirtd. If the client application crashes,
      or otherwise loses its connection to libvirtd, the migration process
-      will continue uninterrupted until completion.
+      will continue uninterrupted until completion.  Note that the
+      source libvirtd uses its own credentials (typically root) to
+      connect to the destination, rather than the credentials used
+      by the client to connect to the source; if these differ, it is
+      common to run into a situation where a client can connect to the
+      destination directly but the source cannot make the connection to
+      set up the peer-to-peer migration.
    </p>

    <p>
@ -139,7 +145,9 @@
      connection to the source host, where the virtual guest is
      currently running. The second URI is that of the libvirt
      connection to the destination host, where the virtual guest
-      will be moved to. The third URI is a hypervisor specific
+      will be moved to (and in peer-to-peer migrations, this is from
+      the perspective of the source, not the client). The third URI is
+      a hypervisor specific
      URI used to control how the guest will be migrated. With
      any managed migration flow, the first and second URIs are
      compulsory, while the third URI is optional. With the
@ -533,7 +541,10 @@
      destination libvirtd server will automatically determine
      the native hypervisor URI for migration, based off the
      primary hostname. There is no scope for forcing an alternative
-      network interface for the native migration data with this method.
+      network interface for the native migration data with this
+      method.  The destination URI must be reachable using the source
+      libvirtd credentials (which are not necessarily the same as the
+      credentials of the client in connecting to the source).
    </p>

    <pre>
@ -571,7 +582,10 @@
      in case it is not accessible using the same address that
      the client uses to connect to the destination, or a different
      encryption/auth scheme is required. The native hypervisor URI
-      format is not used at all.
+      format is not used at all.  The destination URI must be
+      reachable using the source libvirtd credentials (which are not
+      necessarily the same as the credentials of the client in
+      connecting to the source).
    </p>

    <pre>
--- a/docs/news.html.in
+++ b/docs/news.html.in
--- a/docs/page.xsl
+++ b/docs/page.xsl
@ -54,7 +54,7 @@
            <xsl:when test="$pagename = a/@href">
              <span class="{$class}"><xsl:value-of select="a"/></span>
            </xsl:when>
-            <xsl:when test="a/@href = 'http://wiki.libvirt.org'">
+            <xsl:when test="starts-with(a/@href, 'http://wiki.libvirt.org')">
              <a title="{./span}" class="{$class}" href="{a/@href}"><xsl:value-of select="a"/></a>
            </xsl:when>
            <xsl:otherwise>
--- a/docs/pending.html.in
+++ b/docs/pending.html.in
@ -0,0 +1,8 @@
+<html>
+  <body>
+    <h1>Pending patches needing review</h1>
+    <p> A list of pending patches needing review upstream is available
+        on <a href="http://libvirt.org/pending.html">the project pending
+        patches page</a>.</p>
+  </body>
+</html>
--- a/docs/relatedlinks.html.in
+++ b/docs/relatedlinks.html.in
@ -59,6 +59,27 @@
      <li>
        <a href="http://en.wikipedia.org/wiki/Virtualization">Wikipedia Virtualization</a>
      </li>
+      <li>
+        <a href="http://www.ibm.com/developerworks/linux/library/l-kvm-libvirt-audit/index.html">IBM developerworks article about libvirt and audit.</a>
+      </li>
+    </ul>
+
+    <h2>Blogs and Podcasts</h2>
+
+    <ul>
+      <li>
+        <a href="http://twit.tv/show/floss-weekly/213">FLOSS Weekly
+        podcast on the topic of libvirt</a>
+      </li>
+      <li>
+        <a href="http://berrange.com/topics/libvirt/">Daniel
+        Berrange's blog on useful libvirt development tips</a>
+      </li>
+      <li>
+        <a href="http://planet.virt-tools.org/index.html">Virt Tools
+        Blog Planet: blog aggregation of several virt-related
+        feeds</a>
+      </li>
    </ul>

  </body>
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@ -136,8 +136,14 @@ Remote libvirt supports a range of transports:
      <dd> Unencrypted TCP/IP socket.  Not recommended for production
 use, this is normally disabled, but an administrator can enable
 it for testing or use over a trusted network.
- The standard port is 16509.
- </dd>
+ The standard port is 16509. </dd>
+      <dt> libssh2 </dt>
+      <dd> Transport over the SSH protocol using
+      <a href="http://libssh2.org/" title="libssh2 homepage">libssh2</a> instead
+of the OpenSSH binary. This transport uses the libvirt authentication callback for
+all ssh authentication calls and therefore supports keyboard-interactive authentication
+even with graphical management applications. As with the classic ssh transport
+netcat is required on the remote side.</dd>
    </dl>
    <p>
 The default transport, if no other is specified, is <code>tls</code>.
@ -182,6 +188,9 @@ Connect to a libvirtd daemon offering unencrypted TCP/IP connections
 on localhost port 5000 and use the test driver with default
 settings.
 </li>
+<li><code>qemu+libssh2://user@host/system?known_hosts=/home/user/.ssh/known_hosts</code><br/> &#x2014;
+Connect to a remote host using a ssh connection with the libssh2 driver
+and use a different known_hosts file.</li>
    </ul>
    <h4>
      <a name="Remote_URI_parameters">Extra parameters</a>
@ -237,7 +246,7 @@ Note that parameter values must be
        <td>
          <code>socket</code>
        </td>
-        <td> unix, ssh </td>
+        <td> unix, ssh, libssh2 </td>
        <td>
  The path to the Unix domain socket, which overrides the
  compiled-in default.  For ssh transport, this is passed to
@ -252,7 +261,7 @@ Note that parameter values must be
        <td>
          <code>netcat</code>
        </td>
-        <td> ssh </td>
+        <td> ssh, libssh2 </td>
        <td>
  The name of the netcat command on the remote machine.
  The default is <code>nc</code>.  For ssh transport, libvirt
@ -277,7 +286,7 @@ Note that parameter values must be
        <td>
          <code>keyfile</code>
        </td>
-        <td> ssh </td>
+        <td> ssh, libssh2 </td>
        <td>
  The name of the private key file to use to authentication to the remote
  machine.  If this option is not used the default keys are used.
@ -341,6 +350,39 @@ Note that parameter values must be
        <td colspan="2"/>
        <td> Example: <code>pkipath=/tmp/pki/client</code> </td>
      </tr>
+      <tr>
+        <td>
+          <code>known_hosts</code>
+        </td>
+        <td> libssh2 </td>
+        <td>
+  Path to the known_hosts file to verify the host key agains. LibSSH2
+  supports OpenSSH-style known_hosts files, although it does not support
+  all key types, so using files created by the OpenSSH binary may result
+  into truncating the known_hosts file. It's recommended to use the default
+  known_hosts file is located in libvirt's client local configuration
+  directory e.g.: ~/.config/libvirt/known_hosts. Note: Use absolute paths.
+</td>
+      </tr>
+      <tr>
+        <td colspan="2"/>
+        <td> Example: <code>known_hosts=/root/.ssh/known_hosts</code> </td>
+      </tr>
+      <tr>
+        <td>
+          <code>sshauth</code>
+        </td>
+        <td> libssh2 </td>
+        <td>
+  A comma separated list of authentication methods to use. Default (is
+  "agent,privkey,keyboard-interactive". The order of the methods is perserved.
+  Some methods may require additional parameters.
+</td>
+      </tr>
+      <tr>
+        <td colspan="2"/>
+        <td> Example: <code>sshauth=privkey,agent</code> </td>
+      </tr>
    </table>
    <h3>
      <a name="Remote_certificates">Generating TLS certificates</a>
--- a/docs/schemas/basictypes.rng
+++ b/docs/schemas/basictypes.rng
@ -54,6 +54,31 @@
    </choice>
  </define>

+  <define name="pciaddress">
+    <optional>
+      <attribute name="domain">
+        <ref name="pciDomain"/>
+      </attribute>
+    </optional>
+    <attribute name="bus">
+      <ref name="pciBus"/>
+    </attribute>
+    <attribute name="slot">
+      <ref name="pciSlot"/>
+    </attribute>
+    <attribute name="function">
+      <ref name="pciFunc"/>
+    </attribute>
+    <optional>
+      <attribute name="multifunction">
+        <choice>
+          <value>on</value>
+          <value>off</value>
+        </choice>
+      </attribute>
+    </optional>
+  </define>
+
  <!-- a 6 byte MAC address in ASCII-hex format, eg "12:34:56:78:9A:BC" -->
  <!-- The lowest bit of the 1st byte is the "multicast" bit. a         -->
  <!-- uniMacAddr requires that bit to be 0, and a multiMacAddr         -->
@ -167,4 +192,31 @@
    <ref name='unsignedLong'/>
  </define>

+  <define name="pciDomain">
+    <data type="string">
+      <param name="pattern">(0x)?[0-9a-fA-F]{1,4}</param>
+    </data>
+  </define>
+  <define name="pciBus">
+    <data type="string">
+      <param name="pattern">(0x)?[0-9a-fA-F]{1,2}</param>
+    </data>
+  </define>
+  <define name="pciSlot">
+    <data type="string">
+      <param name="pattern">(0x)?[0-1]?[0-9a-fA-F]</param>
+    </data>
+  </define>
+  <define name="pciFunc">
+    <data type="string">
+      <param name="pattern">(0x)?[0-7]</param>
+    </data>
+  </define>
+
+  <define name='wwn'>
+    <data type='string'>
+      <param name='pattern'>[0-9a-fA-F]{16}</param>
+    </data>
+  </define>
+
 </grammar>
--- a/docs/schemas/capability.rng
+++ b/docs/schemas/capability.rng
@ -44,20 +44,22 @@
      <optional>
        <ref name='topology'/>
      </optional>
-      <optional>
+      <zeroOrMore>
        <ref name='secmodel'/>
-      </optional>
+      </zeroOrMore>
    </element>
  </define>

  <define name='secmodel'>
    <element name='secmodel'>
-      <element name='model'>
-        <text/>
-      </element>
-      <element name='doi'>
-        <text/>
-      </element>
+      <interleave>
+          <element name='model'>
+            <text/>
+          </element>
+          <element name='doi'>
+            <text/>
+          </element>
+       </interleave>
    </element>
  </define>

@ -296,43 +298,45 @@

  <define name='features'>
    <element name='features'>
-      <optional>
-        <element name='pae'>
-          <empty/>
-        </element>
-      </optional>
-      <optional>
-        <element name='nonpae'>
-          <empty/>
-        </element>
-      </optional>
-      <optional>
-        <element name='ia64_be'>
-          <empty/>
-        </element>
-      </optional>
-      <optional>
-        <element name='acpi'>
-          <ref name='featuretoggle'/>
-          <empty/>
-        </element>
-      </optional>
-      <optional>
-        <element name='apic'>
-          <ref name='featuretoggle'/>
-          <empty/>
-        </element>
-      </optional>
-      <optional>
-        <element name='cpuselection'>
-          <empty/>
-        </element>
-      </optional>
-      <optional>
-        <element name='deviceboot'>
-          <empty/>
-        </element>
-      </optional>
+      <interleave>
+        <optional>
+          <element name='pae'>
+            <empty/>
+          </element>
+        </optional>
+        <optional>
+          <element name='nonpae'>
+            <empty/>
+          </element>
+        </optional>
+        <optional>
+          <element name='ia64_be'>
+            <empty/>
+          </element>
+        </optional>
+        <optional>
+          <element name='acpi'>
+            <ref name='featuretoggle'/>
+            <empty/>
+          </element>
+        </optional>
+        <optional>
+          <element name='apic'>
+            <ref name='featuretoggle'/>
+            <empty/>
+          </element>
+        </optional>
+        <optional>
+          <element name='cpuselection'>
+            <empty/>
+          </element>
+        </optional>
+        <optional>
+          <element name='deviceboot'>
+            <empty/>
+          </element>
+        </optional>
+      </interleave>
    </element>
  </define>

--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@ -53,11 +53,14 @@
        <ref name="features"/>
        <ref name="termination"/>
        <optional>
-          <ref name="devices"/>
+          <ref name="pm"/>
        </optional>
        <optional>
-          <ref name="seclabel"/>
+          <ref name="devices"/>
        </optional>
+        <zeroOrMore>
+          <ref name="seclabel"/>
+        </zeroOrMore>
        <optional>
          <ref name='qemucmdline'/>
        </optional>
@ -148,18 +151,32 @@
      <!-- A per-device seclabel override is more limited, either
           relabel=no or a <label> must be present.  -->
      <choice>
-        <attribute name='relabel'>
-          <value>no</value>
-        </attribute>
        <group>
+          <optional>
+            <attribute name='model'>
+              <text/>
+            </attribute>
+          </optional>
+          <attribute name='relabel'>
+            <value>no</value>
+          </attribute>
+        </group>
+        <group>
+          <optional>
+            <attribute name='model'>
+              <text/>
+            </attribute>
+          </optional>
          <optional>
            <attribute name='relabel'>
              <value>yes</value>
            </attribute>
          </optional>
-          <element name='label'>
-            <text/>
-          </element>
+          <zeroOrMore>
+            <element name='label'>
+              <text/>
+            </element>
+          </zeroOrMore>
        </group>
      </choice>
    </element>
@ -179,6 +196,7 @@
        <value>hyperv</value>
        <value>vbox</value>
        <value>phyp</value>
+        <value>parallels</value>
      </choice>
    </attribute>
  </define>
@ -222,12 +240,14 @@
            <ref name="absFilePath"/>
          </element>
        </optional>
-        <choice>
+        <optional>
          <ref name="osbootkernel"/>
+        </optional>
+        <optional>
          <zeroOrMore>
            <ref name="osbootdev"/>
          </zeroOrMore>
-        </choice>
+        </optional>
        <optional>
          <element name="bootmenu">
            <attribute name="enable">
@ -281,6 +301,7 @@
          <ref name="hvmsparc"/>
          <ref name="hvmppc"/>
          <ref name="hvmppc64"/>
+          <ref name="hvms390"/>
        </choice>
      </optional>
      <value>hvm</value>
@ -367,6 +388,25 @@
      </optional>
    </group>
  </define>
+  <define name="hvms390">
+    <group>
+      <optional>
+        <attribute name="arch">
+          <choice>
+            <value>s390</value>
+            <value>s390x</value>
+          </choice>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="machine">
+          <choice>
+            <value>s390-virtio</value>
+          </choice>
+        </attribute>
+      </optional>
+    </group>
+  </define>
  <define name="osexe">
    <element name="os">
      <element name="type">
@ -430,6 +470,14 @@
    <interleave>
      <element name="memory">
        <ref name='scaledInteger'/>
+        <optional>
+          <attribute name="dumpCore">
+            <choice>
+              <value>on</value>
+              <value>off</value>
+            </choice>
+          </attribute>
+        </optional>
      </element>
      <optional>
        <element name="currentMemory">
@ -544,6 +592,16 @@
              <ref name="cpuquota"/>
            </element>
          </optional>
+          <optional>
+            <element name="emulator_period">
+              <ref name="cpuperiod"/>
+            </element>
+          </optional>
+          <optional>
+            <element name="emulator_quota">
+              <ref name="cpuquota"/>
+            </element>
+          </optional>
          <zeroOrMore>
            <element name="vcpupin">
              <attribute name="vcpu">
@ -554,6 +612,13 @@
              </attribute>
            </element>
          </zeroOrMore>
+          <optional>
+            <element name="emulatorpin">
+              <attribute name="cpuset">
+                <ref name="cpuset"/>
+              </attribute>
+            </element>
+          </optional>
        </element>
      </optional>

@ -562,16 +627,32 @@
        <element name="numatune">
          <optional>
            <element name="memory">
-              <attribute name="mode">
-                <choice>
-                  <value>strict</value>
-                  <value>preferred</value>
-                  <value>interleave</value>
-                </choice>
-              </attribute>
-              <attribute name="nodeset">
-                <ref name="cpuset"/>
-              </attribute>
+              <optional>
+                <attribute name="mode">
+                  <choice>
+                    <value>strict</value>
+                    <value>preferred</value>
+                    <value>interleave</value>
+                  </choice>
+                </attribute>
+              </optional>
+              <choice>
+                <group>
+                  <optional>
+                    <attribute name='placement'>
+                      <value>static</value>
+                    </attribute>
+                  </optional>
+                  <optional>
+                    <attribute name='nodeset'>
+                      <ref name='cpuset'/>
+                    </attribute>
+                  </optional>
+                </group>
+                <attribute name='placement'>
+                  <value>auto</value>
+                </attribute>
+              </choice>
            </element>
          </optional>
        </element>
@ -771,6 +852,9 @@
      <optional>
        <ref name="driver"/>
      </optional>
+      <optional>
+        <ref name='diskMirror'/>
+      </optional>
      <optional>
        <ref name="diskAuth"/>
      </optional>
@ -810,6 +894,17 @@
      <optional>
        <ref name="address"/>
      </optional>
+      <optional>
+        <ref name="geometry"/>
+      </optional>
+      <optional>
+        <ref name="diskBlockIo"/>
+      </optional>
+      <optional>
+        <element name="wwn">
+          <ref name="wwn"/>
+        </element>
+      </optional>
    </interleave>
  </define>
  <define name="snapshot">
@ -1012,10 +1107,44 @@
      </optional>
    </element>
  </define>
+  <define name="geometry">
+    <element name="geometry">
+      <attribute name="cyls">
+        <data type="integer"/>
+      </attribute>
+      <attribute name="heads">
+        <data type="integer"/>
+      </attribute>
+      <attribute name="secs">
+        <data type="integer"/>
+      </attribute>
+      <optional>
+        <attribute name="trans">
+          <choice>
+            <value>auto</value>
+            <value>none</value>
+            <value>lba</value>
+          </choice>
+        </attribute>
+      </optional>
+    </element>
+  </define>
+  <define name="diskBlockIo">
+    <element name="blockio">
+      <optional>
+        <attribute name="logical_block_size">
+          <data type="integer"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="physical_block_size">
+          <data type="integer"/>
+        </attribute>
+      </optional>
+    </element>
+  </define>
  <!--
-      Disk may use a special driver for access. Currently this is
-      only defined for Xen for tap/aio and file, but will certainly be
-      extended in the future, and libvirt doesn't look for specific values.
+      Disk may use a special driver for access.
    -->
  <define name="driver">
    <element name="driver">
@ -1182,6 +1311,8 @@
            <value>ich9-uhci3</value>
            <value>vt82c686b-uhci</value>
            <value>pci-ohci</value>
+            <value>nec-xhci</value>
+            <value>none</value>
          </choice>
        </attribute>
      </optional>
@ -1210,7 +1341,6 @@
              </attribute>
              <empty/>
            </element>
-            <ref name="filesystemtgt"/>
          </interleave>
        </group>
        <group>
@ -1224,7 +1354,6 @@
              </attribute>
              <empty/>
            </element>
-            <ref name="filesystemtgt"/>
          </interleave>
        </group>
        <group>
@ -1257,7 +1386,21 @@
                <empty/>
              </element>
            </optional>
-            <ref name="filesystemtgt"/>
+          </interleave>
+        </group>
+        <group>
+          <optional>
+            <attribute name="type">
+              <value>bind</value>
+            </attribute>
+          </optional>
+          <interleave>
+            <element name="source">
+              <attribute name="dir">
+                <ref name="absFilePath"/>
+              </attribute>
+              <empty/>
+            </element>
          </interleave>
        </group>
        <group>
@ -1271,42 +1414,69 @@
              </attribute>
              <empty/>
            </element>
-            <ref name="filesystemtgt"/>
+          </interleave>
+        </group>
+        <group>
+          <attribute name="type">
+            <value>ram</value>
+          </attribute>
+          <interleave>
+            <element name="source">
+              <attribute name="usage">
+                <ref name="unsignedLong"/>
+              </attribute>
+              <optional>
+                <attribute name='unit'>
+                  <ref name='unit'/>
+                </attribute>
+              </optional>
+              <empty/>
+            </element>
          </interleave>
        </group>
      </choice>
-      <optional>
-        <attribute name="accessmode">
-        <choice>
-          <value>passthrough</value>
-          <value>mapped</value>
-          <value>squash</value>
-        </choice>
-        </attribute>
-      </optional>
-      <optional>
-        <element name='readonly'>
+      <interleave>
+        <element name="target">
+          <attribute name="dir">
+            <ref name="absDirPath"/>
+          </attribute>
          <empty/>
        </element>
-      </optional>
+        <optional>
+          <attribute name="accessmode">
+            <choice>
+              <value>passthrough</value>
+              <value>mapped</value>
+              <value>squash</value>
+            </choice>
+          </attribute>
+        </optional>
+        <optional>
+          <element name='readonly'>
+            <empty/>
+          </element>
+        </optional>
+        <optional>
+          <ref name="alias"/>
+        </optional>
+        <optional>
+          <ref name="address"/>
+        </optional>
+      </interleave>
+      <interleave>
+        <optional>
+          <element name="space_hard_limit">
+            <ref name='scaledInteger'/>
+          </element>
+        </optional>
+        <optional>
+          <element name="space_soft_limit">
+            <ref name='scaledInteger'/>
+          </element>
+        </optional>
+      </interleave>
    </element>
  </define>
-  <define name="filesystemtgt">
-    <interleave>
-      <optional>
-        <ref name="alias"/>
-      </optional>
-      <optional>
-        <ref name="address"/>
-      </optional>
-      <element name="target">
-        <attribute name="dir">
-          <ref name="absDirPath"/>
-        </attribute>
-        <empty/>
-      </element>
-    </interleave>
-  </define>
  <!--
      An interface description can either be of type bridge in which case
      it will use a bridging source, or of type ethernet which uses a device
@ -1329,6 +1499,9 @@
                <empty/>
              </element>
            </optional>
+            <optional>
+              <ref name="virtualPortProfile"/>
+            </optional>
            <ref name="interface-options"/>
          </interleave>
        </group>
@ -1629,6 +1802,9 @@
      <optional>
        <ref name="bandwidth"/>
      </optional>
+      <optional>
+        <ref name="vlan"/>
+      </optional>
    </interleave>
  </define>
  <!--
@ -1779,6 +1955,15 @@
              </choice>
            </attribute>
          </optional>
+          <optional>
+            <attribute name="defaultMode">
+              <choice>
+                <value>any</value>
+                <value>secure</value>
+                <value>insecure</value>
+              </choice>
+            </attribute>
+          </optional>
          <interleave>
            <ref name="listenElements"/>
            <zeroOrMore>
@ -1792,6 +1977,7 @@
                    <value>playback</value>
                    <value>record</value>
                    <value>smartcard</value>
+                    <value>usbredir</value>
                  </choice>
                </attribute>
                <attribute name="mode">
@ -2101,6 +2287,40 @@
      <value>coredump-restart</value>
    </choice>
  </define>
+  <!--
+      Control ACPI sleep states (dis)allowed for the domain
+      For each of the states the following rules apply:
+      on: the state will be forcefully enabled
+      off: the state will be forcefully disabled
+      not specified: hypervisor will be left to decide its defaults
+  -->
+  <define name="pm">
+    <element name="pm">
+      <interleave>
+        <optional>
+          <element name="suspend-to-mem">
+            <ref name="suspendChoices"/>
+          </element>
+        </optional>
+        <optional>
+          <element name="suspend-to-disk">
+            <ref name="suspendChoices"/>
+          </element>
+        </optional>
+      </interleave>
+      <empty/>
+    </element>
+  </define>
+  <define name="suspendChoices">
+    <optional>
+      <attribute name="enabled">
+        <choice>
+          <value>yes</value>
+          <value>no</value>
+        </choice>
+      </attribute>
+    </optional>
+  </define>
  <!--
      Specific setup for a qemu emulated character device.  Note: this
      definition doesn't fully specify the constraints on this node.
@ -2168,6 +2388,49 @@
    </choice>
  </define>

+  <define name="usbdevfilter">
+    <element name="usbdev">
+      <attribute name="allow">
+        <choice>
+          <value>yes</value>
+          <value>no</value>
+        </choice>
+      </attribute>
+      <optional>
+        <attribute name="class">
+          <choice>
+            <ref name="usbClass"/>
+            <ref name="usbIdDefault"/>
+          </choice>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="vendor">
+          <choice>
+            <ref name="usbId"/>
+            <ref name="usbIdDefault"/>
+          </choice>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="product">
+          <choice>
+            <ref name="usbId"/>
+            <ref name="usbIdDefault"/>
+          </choice>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="version">
+          <choice>
+            <ref name="usbVersion"/>
+            <ref name="usbIdDefault"/>
+          </choice>
+        </attribute>
+      </optional>
+    </element>
+  </define>
+
  <define name="qemucdevSrcType">
    <attribute name="type">
      <ref name="qemucdevSrcTypeChoice"/>
@ -2191,6 +2454,9 @@
        <optional>
          <attribute name="wiremode"/>
        </optional>
+        <optional>
+          <ref name='devSeclabel'/>
+        </optional>
      </element>
    </zeroOrMore>
    <optional>
@ -2229,6 +2495,16 @@
      </choice>
    </element>
  </define>
+  <define name="codec">
+    <element name="codec">
+      <attribute name="type">
+        <choice>
+          <value>duplex</value>
+          <value>micro</value>
+        </choice>
+      </attribute>
+    </element>
+  </define>
  <define name="sound">
    <element name="sound">
      <attribute name="model">
@ -2240,12 +2516,19 @@
          <value>ich6</value>
        </choice>
      </attribute>
-      <optional>
-        <ref name="alias"/>
-      </optional>
-      <optional>
-        <ref name="address"/>
-      </optional>
+      <interleave>
+        <optional>
+          <ref name="alias"/>
+        </optional>
+        <optional>
+          <ref name="address"/>
+        </optional>
+        <zeroOrMore>
+          <choice>
+            <ref name="codec"/>
+          </choice>
+        </zeroOrMore>
+      </interleave>
    </element>
  </define>
  <define name="watchdog">
@ -2447,6 +2730,13 @@
      </optional>
    </element>
  </define>
+  <define name="redirfilter">
+    <element name="redirfilter">
+      <zeroOrMore>
+        <ref name="usbdevfilter"/>
+      </zeroOrMore>
+    </element>
+  </define>
  <define name="hostdev">
    <element name="hostdev">
      <optional>
@ -2538,30 +2828,6 @@
      </attribute>
    </optional>
  </define>
-  <define name="pciaddress">
-    <optional>
-      <attribute name="domain">
-        <ref name="pciDomain"/>
-      </attribute>
-    </optional>
-    <attribute name="bus">
-      <ref name="pciBus"/>
-    </attribute>
-    <attribute name="slot">
-      <ref name="pciSlot"/>
-    </attribute>
-    <attribute name="function">
-      <ref name="pciFunc"/>
-    </attribute>
-    <optional>
-      <attribute name="multifunction">
-        <choice>
-          <value>on</value>
-          <value>off</value>
-        </choice>
-      </attribute>
-    </optional>
-  </define>
  <define name="driveaddress">
    <optional>
      <attribute name="controller">
@ -2634,6 +2900,7 @@
            <ref name="smartcard"/>
            <ref name="hub"/>
            <ref name="redirdev"/>
+            <ref name="redirfilter"/>
          </choice>
        </zeroOrMore>
        <optional>
@ -2659,7 +2926,14 @@
          </optional>
          <optional>
            <element name="apic">
-              <empty/>
+              <optional>
+                <attribute name="eoi">
+                  <choice>
+                    <value>on</value>
+                    <value>off</value>
+                  </choice>
+                </attribute>
+              </optional>
            </element>
          </optional>
          <optional>
@ -2768,6 +3042,13 @@
          </choice>
        </attribute>
      </optional>
+      <optional>
+        <attribute name="vendor_id">
+          <data type="string">
+            <param name='pattern'>[^,]{12}</param>
+          </data>
+        </attribute>
+      </optional>
      <choice>
        <text/>
        <empty/>
@ -2920,12 +3201,19 @@

  <define name="bios">
    <element name="bios">
-      <attribute name="useserial">
-        <choice>
-          <value>yes</value>
-          <value>no</value>
-        </choice>
-      </attribute>
+      <optional>
+        <attribute name="useserial">
+          <choice>
+            <value>yes</value>
+            <value>no</value>
+          </choice>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name="rebootTimeout">
+          <ref name="rebootTimeoutDelay"/>
+        </attribute>
+      </optional>
    </element>
  </define>

@ -3024,6 +3312,23 @@
      <empty/>
    </element>
  </define>
+  <define name='diskMirror'>
+    <element name='mirror'>
+      <attribute name='file'>
+        <ref name='absFilePath'/>
+      </attribute>
+      <optional>
+        <attribute name='format'>
+          <ref name="genericName"/>
+        </attribute>
+      </optional>
+      <optional>
+        <attribute name='ready'>
+          <value>yes</value>
+        </attribute>
+      </optional>
+    </element>
+  </define>
  <define name="diskAuth">
    <element name="auth">
      <attribute name="username">
@ -3182,6 +3487,11 @@
      <param name='minInclusive'>-1</param>
    </data>
  </define>
+  <define name="rebootTimeoutDelay">
+    <data type="short">
+      <param name="minInclusive">-1</param>
+    </data>
+  </define>
  <define name="PortNumber">
    <data type="short">
      <param name="minInclusive">-1</param>
@ -3223,39 +3533,34 @@
      <param name="pattern">(([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9])|(([0-9a-fA-F]+|:)+[0-9a-fA-F]+)|([a-zA-Z0-9_\.\+\-]*)</param>
    </data>
  </define>
+  <define name="usbIdDefault">
+    <data type="string">
+      <param name="pattern">-1</param>
+    </data>
+  </define>
  <define name="usbId">
    <data type="string">
      <param name="pattern">(0x)?[0-9a-fA-F]{1,4}</param>
    </data>
  </define>
+  <define name="usbVersion">
+    <data type="string">
+      <param name="pattern">[0-9]{1,2}.[0-9]{1,2}</param>
+    </data>
+  </define>
  <define name="usbAddr">
    <data type="string">
      <param name="pattern">(0x)?[0-9a-fA-F]{1,3}</param>
    </data>
  </define>
-  <define name="usbPort">
-    <data type="string">
-      <param name="pattern">((0x)?[0-9a-fA-F]{1,3}\.){0,3}(0x)?[0-9a-fA-F]{1,3}</param>
-    </data>
-  </define>
-  <define name="pciDomain">
-    <data type="string">
-      <param name="pattern">(0x)?[0-9a-fA-F]{1,4}</param>
-    </data>
-  </define>
-  <define name="pciBus">
+  <define name="usbClass">
    <data type="string">
      <param name="pattern">(0x)?[0-9a-fA-F]{1,2}</param>
    </data>
  </define>
-  <define name="pciSlot">
+  <define name="usbPort">
    <data type="string">
-      <param name="pattern">(0x)?[0-1]?[0-9a-fA-F]</param>
-    </data>
-  </define>
-  <define name="pciFunc">
-    <data type="string">
-      <param name="pattern">(0x)?[0-7]</param>
+      <param name="pattern">((0x)?[0-9a-fA-F]{1,3}\.){0,3}(0x)?[0-9a-fA-F]{1,3}</param>
    </data>
  </define>
  <define name="driveController">
--- a/docs/schemas/network.rng
+++ b/docs/schemas/network.rng
@ -12,6 +12,11 @@
  <define name="network">

    <element name="network">
+      <optional>
+        <attribute name="connections">
+          <data type="unsignedInt"/>
+        </attribute>
+      </optional>
      <interleave>

        <!-- The name of the network, used to refer to it through the API
@ -82,17 +87,51 @@
                  <value>passthrough</value>
                  <value>private</value>
                  <value>vepa</value>
+                  <value>hostdev</value>
+                </choice>
+              </attribute>
+            </optional>
+
+            <optional>
+              <attribute name="managed">
+                <choice>
+                  <value>yes</value>
+                  <value>no</value>
                </choice>
              </attribute>
            </optional>
            <interleave>
-              <zeroOrMore>
-                <element name='interface'>
-                  <attribute name='dev'>
-                    <ref name='deviceName'/>
-                  </attribute>
-                </element>
-              </zeroOrMore>
+              <choice>
+                <group>
+                  <zeroOrMore>
+                    <element name='interface'>
+                      <attribute name='dev'>
+                        <ref name='deviceName'/>
+                      </attribute>
+                      <optional>
+                        <attribute name="connections">
+                          <data type="unsignedInt"/>
+                        </attribute>
+                      </optional>
+                    </element>
+                  </zeroOrMore>
+                </group>
+                <group>
+                  <zeroOrMore>
+                    <element name='address'>
+                      <attribute name='type'>
+                        <value>pci</value>
+                      </attribute>
+                      <ref name="pciaddress"/>
+                      <optional>
+                        <attribute name="connections">
+                          <data type="unsignedInt"/>
+                        </attribute>
+                      </optional>
+                    </element>
+                  </zeroOrMore>
+                </group>
+              </choice>
              <optional>
                <element name='pf'>
                  <attribute name='dev'>
@ -123,9 +162,17 @@
                </choice>
              </attribute>
            </optional>
+            <interleave>
+              <optional>
+                <ref name="virtualPortProfile"/>
+              </optional>
+              <optional>
+                <ref name="bandwidth"/>
+              </optional>
            <optional>
-              <ref name="virtualPortProfile"/>
+              <ref name="vlan"/>
            </optional>
+            </interleave>
          </element>
        </zeroOrMore>

@ -172,6 +219,9 @@
       <optional>
         <ref name="bandwidth"/>
       </optional>
+       <optional>
+         <ref name="vlan"/>
+       </optional>
       <optional>
         <element name="link">
           <attribute name="state">
--- a/docs/schemas/networkcommon.rng
+++ b/docs/schemas/networkcommon.rng
@ -15,22 +15,30 @@
          <attribute name="type">
            <value>802.1Qbg</value>
          </attribute>
-          <element name="parameters">
-            <attribute name="managerid">
-              <ref name="uint8range"/>
-            </attribute>
-            <attribute name="typeid">
-              <ref name="uint24range"/>
-            </attribute>
-            <attribute name="typeidversion">
-              <ref name="uint8range"/>
-            </attribute>
-            <optional>
-              <attribute name="instanceid">
-                <ref name="UUID"/>
-              </attribute>
-            </optional>
-          </element>
+          <optional>
+            <element name="parameters">
+              <optional>
+                <attribute name="managerid">
+                  <ref name="uint8range"/>
+                </attribute>
+              </optional>
+              <optional>
+                <attribute name="typeid">
+                  <ref name="uint24range"/>
+                </attribute>
+              </optional>
+              <optional>
+                <attribute name="typeidversion">
+                  <ref name="uint8range"/>
+                </attribute>
+              </optional>
+              <optional>
+                <attribute name="instanceid">
+                  <ref name="UUID"/>
+                </attribute>
+              </optional>
+            </element>
+          </optional>
        </element>
      </group>
      <group>
@ -38,11 +46,75 @@
          <attribute name="type">
            <value>802.1Qbh</value>
          </attribute>
-          <element name="parameters">
-            <attribute name="profileid">
-              <ref name="virtualPortProfileID"/>
-            </attribute>
-          </element>
+          <optional>
+            <element name="parameters">
+              <optional>
+                <attribute name="profileid">
+                  <ref name="virtualPortProfileID"/>
+                </attribute>
+              </optional>
+            </element>
+          </optional>
+        </element>
+      </group>
+      <group>
+        <element name="virtualport">
+          <attribute name="type">
+            <value>openvswitch</value>
+          </attribute>
+          <optional>
+            <element name="parameters">
+              <optional>
+                <attribute name="profileid">
+                  <ref name="virtualPortProfileID"/>
+                </attribute>
+              </optional>
+              <optional>
+                <attribute name="interfaceid">
+                  <ref name="UUID"/>
+                </attribute>
+              </optional>
+            </element>
+          </optional>
+        </element>
+      </group>
+      <group>
+        <!-- use this when no type attribute is present -->
+        <element name="virtualport">
+          <optional>
+            <element name="parameters">
+              <optional>
+                <attribute name="managerid">
+                  <ref name="uint8range"/>
+                </attribute>
+              </optional>
+              <optional>
+                <attribute name="typeid">
+                  <ref name="uint24range"/>
+                </attribute>
+              </optional>
+              <optional>
+                <attribute name="typeidversion">
+                  <ref name="uint8range"/>
+                </attribute>
+              </optional>
+              <optional>
+                <attribute name="instanceid">
+                  <ref name="UUID"/>
+                </attribute>
+              </optional>
+              <optional>
+                <attribute name="profileid">
+                  <ref name="virtualPortProfileID"/>
+                </attribute>
+              </optional>
+              <optional>
+                <attribute name="interfaceid">
+                  <ref name="UUID"/>
+                </attribute>
+              </optional>
+            </element>
+          </optional>
        </element>
      </group>
    </choice>
@ -112,4 +184,24 @@
      <param name="pattern">(ipv4)|(ipv6)</param>
    </data>
  </define>
+
+  <define name="vlan">
+    <element name="vlan">
+      <optional>
+        <attribute name="trunk">
+          <value>yes</value>
+        </attribute>
+      </optional>
+      <oneOrMore>
+        <element name="tag">
+          <attribute name="id">
+            <data type="unsignedInt">
+              <param name="maxInclusive">4095</param>
+            </data>
+          </attribute>
+          <empty/>
+        </element>
+      </oneOrMore>
+    </element>
+  </define>
 </grammar>
--- a/docs/schemas/nodedev.rng
+++ b/docs/schemas/nodedev.rng
@ -15,6 +15,12 @@
        <element name="parent"><text/></element>
      </optional>

+      <optional>
+        <element name="driver">
+          <element name="name"><text/></element>
+        </element>
+      </optional>
+
      <zeroOrMore>
        <ref name="capability"/>
      </zeroOrMore>
@ -115,6 +121,28 @@
      </choice>
    </element>

+    <optional>
+      <element name='capability'>
+        <attribute name='type'>
+          <value>phys_function</value>
+        </attribute>
+        <optional>
+          <ref name='address'/>
+        </optional>
+      </element>
+    </optional>
+
+    <optional>
+      <element name='capability'>
+        <attribute name='type'>
+          <value>virt_functions</value>
+        </attribute>
+        <optional>
+          <ref name='address'/>
+        </optional>
+      </element>
+    </optional>
+
  </define>

  <define name='capusbdev'>
@ -217,12 +245,6 @@
    </attribute>
  </define>

-  <define name='wwn'>
-    <data type='string'>
-      <param name='pattern'>(0-9a-fA-F){16}</param>
-    </data>
-  </define>
-
  <define name='capsfchost'>
    <attribute name='type'>
      <value>fc_host</value>
@ -369,6 +391,15 @@
    </element>
  </define>

+  <define name='address'>
+    <element name='address'>
+      <attribute name='domain'><ref name='hexuint'/></attribute>
+      <attribute name='bus'><ref name='hexuint'/></attribute>
+      <attribute name='slot'><ref name='hexuint'/></attribute>
+      <attribute name='function'><ref name='hexuint'/></attribute>
+    </element>
+  </define>
+
  <define name='hexuint'>
    <data type='string'>
      <param name="pattern">(0x)?[0-9a-f]+</param>
--- a/docs/schemas/nwfilter.rng
+++ b/docs/schemas/nwfilter.rng
@ -485,6 +485,14 @@
          <ref name="stateflags-type"/>
        </attribute>
      </optional>
+      <optional>
+        <attribute name="ipset">
+          <ref name="ipset-name-type"/>
+        </attribute>
+        <attribute name="ipsetflags">
+          <ref name="ipset-flags-type"/>
+        </attribute>
+      </optional>
    </interleave>
  </define>

@ -1060,4 +1068,19 @@
      <param name="pattern">((SYN|ACK|URG|PSH|FIN|RST)(,(SYN|ACK|URG|PSH|FIN|RST))*|ALL|NONE)/((SYN|ACK|URG|PSH|FIN|RST)(,(SYN|ACK|URG|PSH|FIN|RST))*|ALL|NONE)</param>
    </data>
  </define>
+
+  <define name='ipset-name-type'>
+    <choice>
+      <ref name="variable-name-type"/>
+      <data type="string">
+        <param name="pattern">[a-zA-Z0-9_\.:\-\+ ]{1,31}</param>
+      </data>
+    </choice>
+  </define>
+
+  <define name='ipset-flags-type'>
+    <data type="string">
+      <param name="pattern">(src|dst)(,(src|dst)){0,5}</param>
+    </data>
+  </define>
 </grammar>
--- a/docs/schemas/storagepool.rng
+++ b/docs/schemas/storagepool.rng
@ -19,6 +19,8 @@
        <ref name='pooliscsi'/>
        <ref name='poolscsi'/>
        <ref name='poolmpath'/>
+        <ref name='poolrbd'/>
+        <ref name='poolsheepdog'/>
      </choice>
    </element>
  </define>
@ -105,6 +107,24 @@
    <ref name='target'/>
  </define>

+  <define name='poolrbd'>
+    <attribute name='type'>
+      <value>rbd</value>
+    </attribute>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcerbd'/>
+  </define>
+
+  <define name='poolsheepdog'>
+    <attribute name='type'>
+      <value>sheepdog</value>
+    </attribute>
+    <ref name='commonmetadata'/>
+    <ref name='sizing'/>
+    <ref name='sourcesheepdog'/>
+  </define>
+
  <define name='sourceinfovendor'>
    <optional>
      <element name='vendor'>
@ -158,10 +178,16 @@
          <ref name='unsignedInt'/>
        </element>
        <element name='owner'>
-          <ref name='unsignedInt'/>
+          <choice>
+            <ref name='unsignedInt'/>
+            <value>-1</value>
+          </choice>
        </element>
        <element name='group'>
-          <ref name='unsignedInt'/>
+          <choice>
+            <ref name='unsignedInt'/>
+            <value>-1</value>
+          </choice>
        </element>
        <optional>
          <element name='label'>
@ -184,17 +210,19 @@
  </define>

  <define name='sourceinfohost'>
-    <element name='host'>
-      <attribute name='name'>
-        <text/>
-      </attribute>
-      <optional>
-        <attribute name='port'>
-          <ref name="PortNumber"/>
+    <oneOrMore>
+      <element name='host'>
+        <attribute name='name'>
+          <text/>
        </attribute>
-      </optional>
-      <empty/>
-    </element>
+        <optional>
+          <attribute name='port'>
+            <ref name="PortNumber"/>
+          </attribute>
+        </optional>
+        <empty/>
+      </element>
+    </oneOrMore>
  </define>

  <define name='sourceinfodev'>
@ -265,14 +293,38 @@
      <attribute name='type'>
        <choice>
          <value>chap</value>
+          <value>ceph</value>
        </choice>
      </attribute>
-      <attribute name='login'>
-        <text/>
-      </attribute>
-      <attribute name='passwd'>
-        <text/>
-      </attribute>
+      <choice>
+        <attribute name='login'>
+          <text/>
+        </attribute>
+        <attribute name='username'>
+          <text/>
+        </attribute>
+      </choice>
+      <optional>
+        <attribute name='passwd'>
+          <text/>
+        </attribute>
+      </optional>
+      <optional>
+        <ref name='sourceinfoauthsecret'/>
+      </optional>
+    </element>
+  </define>
+
+  <define name='sourceinfoauthsecret'>
+    <element name='secret'>
+      <choice>
+        <attribute name='uuid'>
+          <text/>
+        </attribute>
+        <attribute name='usage'>
+          <text/>
+        </attribute>
+      </choice>
    </element>
  </define>

@ -450,6 +502,23 @@
    </element>
  </define>

+  <define name='sourcerbd'>
+    <element name='source'>
+      <ref name='sourceinfoname'/>
+      <ref name='sourceinfohost'/>
+      <optional>
+        <ref name='sourceinfoauth'/>
+      </optional>
+    </element>
+  </define>
+
+  <define name='sourcesheepdog'>
+    <element name='source'>
+      <ref name='sourceinfohost'/>
+      <ref name='sourceinfoname'/>
+    </element>
+  </define>
+
  <define name='name'>
    <data type='string'>
      <param name="pattern">[a-zA-Z0-9_\+\-]+</param>
--- a/docs/schemas/storagevol.rng
+++ b/docs/schemas/storagevol.rng
@ -63,15 +63,51 @@
    </optional>
  </define>

+  <define name='timestamps'>
+    <optional>
+      <element name='timestamps'>
+        <interleave>
+          <optional>
+            <element name='atime'>
+              <ref name='timestamp'/>
+            </element>
+          </optional>
+          <optional>
+            <element name='btime'>
+              <ref name='timestamp'/>
+            </element>
+          </optional>
+          <optional>
+            <element name='ctime'>
+              <ref name='timestamp'/>
+            </element>
+          </optional>
+          <optional>
+            <element name='mtime'>
+              <ref name='timestamp'/>
+            </element>
+          </optional>
+        </interleave>
+      </element>
+    </optional>
+  </define>
+
+  <define name='timestamp'>
+    <data type='string'>
+      <param name="pattern">[0-9]+(\.[0-9]{0,9})?</param>
+    </data>
+  </define>
+
  <define name='target'>
    <element name='target'>
      <optional>
        <element name='path'>
-          <ref name='absFilePath'/>
+          <data type='anyURI'/>
        </element>
      </optional>
      <ref name='format'/>
      <ref name='permissions'/>
+      <ref name='timestamps'/>
      <optional>
        <ref name='encryption'/>
      </optional>
@ -144,6 +180,7 @@

  <define name='formatfile'>
    <choice>
+      <value>unknown</value>
      <value>raw</value>
      <value>dir</value>
      <value>bochs</value>
@ -153,6 +190,7 @@
      <value>iso</value>
      <value>qcow</value>
      <value>qcow2</value>
+      <value>qed</value>
      <value>vmdk</value>
      <value>vpc</value>
    </choice>
--- a/docs/search.php.code.in
+++ b/docs/search.php.code.in
@ -1,49 +1,28 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<!--
-        This file is autogenerated from the PHP output
-        Do not edit this file. Changes will be lost.
-      -->
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
-    <link rel="stylesheet" type="text/css" href="main.css" />
-    <link rel="SHORTCUT ICON" href="32favicon.png" />
-    <title>Search the documentation on Libvir.org</title>
-    <meta name="description" content="libvirt, virtualization, virtualization API" />
-  </head>
-  <body>
-    <div id="header">
-      <div id="headerLogo"></div>
-    </div>
-    <div id="body">
-      <div id="content">
 <?php
    $query = $_GET['query'];
    // We handle only the first argument so far
    $query = ltrim ($query);
-    if (! $query) {
-        echo "<h1 align='center'>Search the documentation on Libvir.org</h1>";
-    }
+
    $scope = $_GET['scope'];
    if ($scope == NULL)
        $scope = "any";
    $scope = ltrim ($scope);
    if ($scope == "")
        $scope = "any";
-
 ?>
-<p> The search service indexes the libvirt APIs and documentation as well as the libvir-list@redhat.com mailing-list archives. To use it simply provide a set of keywords:</p>
+
 <form action="<?php echo $_SERVER['PHP_SELF'], "?query=", rawurlencode($query) ?>"
      enctype="application/x-www-form-urlencoded" method="get">
  <input name="query" type="text" size="50" value="<?php echo $query?>"/>
  <select name="scope">
    <option value="any">Search All</option>
    <option value="API" <?php if ($scope == 'API') print "selected='selected'"?>>Only the APIs</option>
-    <option value="DOCS" <?php if ($scope == 'DOCS') print "selected"?>>Only the Documentation</option>
-    <option value="LISTS" <?php if ($scope == 'LISTS') print "selected"?>>Only the lists archives</option>
+    <option value="DOCS" <?php if ($scope == 'DOCS') print "selected='selected'"?>>Only the Documentation</option>
+    <option value="LISTS" <?php if ($scope == 'LISTS') print "selected='selected'"?>>Only the lists archives</option>
  </select>
  <input name="submit" type="submit" value="Search ..."/>
 </form>
+
 <?php
    function logQueryWord($word) {
        $result = mysql_query ("SELECT ID,Count FROM Queries WHERE Value='$word'");
@ -243,62 +222,3 @@
 	}
    }
 ?>
-      <img src="libvirtLogo.png" alt="libvirt Logo" />
-      </div>
-      <div id="menu">
-        <ul class="l0"><li>
-            <span class="active">Home</span>
-          </li><li>
-            <a title="Details of new features and bugs fixed in each release" class="inactive" href="news.html">News</a>
-          </li><li>
-            <a title="Get the latest source releases, binary builds and get access to the source repository" class="inactive" href="downloads.html">Downloads</a>
-          </li><li>
-            <a title="Information for users, administrators and developers" class="inactive" href="docs.html">Documentation</a>
-          </li><li>
-            <a title="User contributed content" class="inactive" href="http://wiki.libvirt.org">Wiki</a>
-          </li><li>
-            <a title="Frequently asked questions" class="inactive" href="http://wiki.libvirt.org/page/FAQ">FAQ</a>
-          </li><li>
-            <a title="How and where to report bugs and request features" class="inactive" href="bugs.html">Bug reports</a>
-          </li><li>
-            <a title="How to contact the developers via email and IRC" class="inactive" href="contact.html">Contact</a>
-          </li><li>
-            <a title="Miscellaneous links of interest related to libvirt" class="inactive" href="relatedlinks.html">Related Links</a>
-          </li><li>
-            <a title="Overview of all content on the website" class="inactive" href="sitemap.html">Sitemap</a>
-          </li></ul>
-      </div>
-    </div>
-    <div id="footer">
-      <div id="projects">
-        <dl id="p1"><dt>
-            <a href="http://augeas.net/">Augeas</a>
-          </dt><dd>
-            <span>A configuration editing tool and API</span>
-          </dd><dt>
-            <a href="http://libvirt.org/">libvirt</a>
-          </dt><dd>
-            <span>The open source virtualization API</span>
-          </dd></dl>
-        <dl id="p2"><dt>
-            <a href="http://cobbler.et.redhat.com/">Cobbler</a>
-          </dt><dd>
-            <span>OS provisioning and profile management</span>
-          </dd><dt>
-            <a href="http://ovirt.org/">oVirt</a>
-          </dt><dd>
-            <span>Virtualization management across the data center</span>
-          </dd></dl>
-        <dl id="p3"><dt>
-            <a href="http://freeipa.org/">FreeIPA</a>
-          </dt><dd>
-            <span>Identity, policy and audit management</span>
-          </dd><dt>
-            <a href="http://virt-manager.org/">Virtual Machine Manager</a>
-          </dt><dd>
-            <span>Virtualization management from the desktop</span>
-          </dd></dl>
-      </div>
-    </div>
-  </body>
-</html>
--- a/docs/search.php.in
+++ b/docs/search.php.in
@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<html>
+  <body>
+    <h1>Search the documentation on Libvirt.org</h1>
+
+    <p>
+      The search service indexes the libvirt APIs and documentation as
+    well as the libvir-list@redhat.com mailing-list archives. To use
+    it simply provide a set of keywords:
+    </p>
+
+<a id="php_placeholder"/>
+
+    <img src="libvirtLogo.png" alt="libvirt Logo" />
+
+  </body>
+</html>
--- a/docs/site.xsl
+++ b/docs/site.xsl
@ -14,7 +14,16 @@
    doctype-public="-//W3C//DTD XHTML 1.0 Strict//EN"
    doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"/>

-  <xsl:variable name="href_base" select="''"/>
+  <xsl:variable name="href_base">
+    <xsl:choose>
+      <xsl:when test="$pagename = '404.html'">
+        <xsl:value-of select="'/'"/>
+      </xsl:when>
+      <xsl:otherwise>
+        <xsl:value-of select="''"/>
+      </xsl:otherwise>
+    </xsl:choose>
+  </xsl:variable>

  <xsl:template match="/">
    <xsl:apply-templates select="." mode="page">
--- a/docs/sitemap.html.in
+++ b/docs/sitemap.html.in
@ -11,10 +11,16 @@
      <li>
        <a href="news.html">News</a>
        <span>Details of new features and bugs fixed in each release</span>
+        <ul>
+          <li>
+            <a href="http://wiki.libvirt.org/page/Maintenance_Releases">Maintenance Releases</a>
+            <span>Details about libvirt maintenance releases</span>
+          </li>
+        </ul>
        <ul>
          <li>
            <a href="http://libvirt.org/git/?p=libvirt.git;a=log">Git log</a>
-            <span>Latest commit messages from the source repository </span>
+            <span>Latest commit messages from the source repository</span>
          </li>
        </ul>
      </li>
@ -332,6 +338,10 @@
            <a href="todo.html">Todo list</a>
            <span>Main feature request list</span>
          </li>
+          <li>
+            <a href="pending.html">Pending patches</a>
+            <span>Pending patches awaiting reviews and integration</span>
+          </li>
        </ul>
      </li>
      <li>
--- a/docs/storage.html.in
+++ b/docs/storage.html.in
@ -107,6 +107,12 @@
      <li>
        <a href="#StorageBackendMultipath">Multipath backend</a>
      </li>
+      <li>
+        <a href="#StorageBackendRBD">RBD (RADOS Block Device) backend</a>
+      </li>
+      <li>
+        <a href="#StorageBackendSheepdog">Sheepdog backend</a>
+      </li>
    </ul>

    <h2><a name="StorageBackendDir">Directory pool</a></h2>
@ -491,6 +497,135 @@
      The Multipath volume pool does not use the volume format type element.
    </p>

+    <h2><a name="StorageBackendRBD">RBD pools</a></h2>
+    <p>
+      This storage driver provides a pool which contains all RBD
+      images in a RADOS pool.  RBD (RADOS Block Device) is part
+      of the Ceph distributed storage project.<br/>
+      This backend <i>only</i> supports Qemu with RBD support. Kernel RBD
+      which exposes RBD devices as block devices in /dev is <i>not</i>
+      supported. RBD images created with this storage backend
+      can be accessed through kernel RBD if configured manually, but
+      this backend does not provide mapping for these images.<br/>
+      Images created with this backend can be attached to Qemu guests
+      when Qemu is build with RBD support (Since Qemu 0.14.0). The
+      backend supports cephx authentication for communication with the
+      Ceph cluster. Storing the cephx authentication key is done with
+      the libvirt secret mechanism. The UUID in the example pool input
+      refers to the UUID of the stored secret.
+      <span class="since">Since 0.9.13</span>
+    </p>
+
+    <h3>Example pool input</h3>
+    <pre>
+      &lt;pool type="rbd"&gt;
+        &lt;name&gt;myrbdpool&lt;/name&gt;
+        &lt;source&gt;
+          &lt;name&gt;rbdpool&lt;/name&gt;
+            &lt;host name='1.2.3.4' port='6789'/&gt;
+            &lt;host name='my.ceph.monitor' port='6789'/&gt;
+            &lt;host name='third.ceph.monitor' port='6789'/&gt;
+            &lt;auth username='admin' type='ceph'&gt;
+              &lt;secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/&gt;
+            &lt;/auth&gt;
+        &lt;/source&gt;
+      &lt;/pool&gt;</pre>
+
+    <h3>Example volume output</h3>
+    <pre>
+       &lt;volume&gt;
+         &lt;name&gt;myvol&lt;/name&gt;
+         &lt;key&gt;rbd/myvol&lt;/key&gt;
+         &lt;source&gt;
+         &lt;/source&gt;
+         &lt;capacity unit='bytes'&gt;53687091200&lt;/capacity&gt;
+         &lt;allocation unit='bytes'&gt;53687091200&lt;/allocation&gt;
+         &lt;target&gt;
+           &lt;path&gt;rbd:rbd/myvol&lt;/path&gt;
+           &lt;format type='unknown'/&gt;
+           &lt;permissions&gt;
+             &lt;mode&gt;00&lt;/mode&gt;
+             &lt;owner&gt;0&lt;/owner&gt;
+             &lt;group&gt;0&lt;/group&gt;
+           &lt;/permissions&gt;
+         &lt;/target&gt;
+       &lt;/volume&gt;</pre>
+
+    <h3>Example disk attachement</h3>
+    <p>RBD images can be attached to Qemu guests when Qemu is built
+    with RBD support. Information about attaching a RBD image to a
+    guest can be found
+    at <a href="formatdomain.html#elementsDisks">format domain</a>
+    page.</p>
+
+    <h3>Valid pool format types</h3>
+    <p>
+      The RBD pool does not use the pool format type element.
+    </p>
+
+    <h3>Valid volume format types</h3>
+    <p>
+      The RBD pool does not use the volume format type element.
+    </p>
+
+    <h2><a name="StorageBackendSheepdog">Sheepdog pools</a></h2>
+    <p>
+      This provides a pool based on a Sheepdog Cluster.
+      Sheepdog is a distributed storage system for QEMU/KVM.
+      It provides highly available block level storage volumes that
+      can be attached to QEMU/KVM virtual machines.
+
+      The cluster must already be formatted.
+
+      <span class="since">Since 0.9.13</span>
+    </p>
+
+    <h3>Example pool input</h3>
+    <pre>
+      &lt;pool type="sheepdog"&gt;
+        &lt;name&gt;mysheeppool&lt;/name&gt;
+        &lt;source&gt;
+          &lt;name&gt;mysheeppool&lt;/name&gt;
+          &lt;host name='localhost' port='7000'/&gt;
+        &lt;/source&gt;
+      &lt;/pool&gt;</pre>
+
+    <h3>Example volume output</h3>
+    <pre>
+       &lt;volume&gt;
+         &lt;name&gt;myvol&lt;/name&gt;
+         &lt;key&gt;sheep/myvol&lt;/key&gt;
+         &lt;source&gt;
+         &lt;/source&gt;
+         &lt;capacity unit='bytes'&gt;53687091200&lt;/capacity&gt;
+         &lt;allocation unit='bytes'&gt;53687091200&lt;/allocation&gt;
+         &lt;target&gt;
+           &lt;path&gt;sheepdog:myvol&lt;/path&gt;
+           &lt;format type='unknown'/&gt;
+           &lt;permissions&gt;
+             &lt;mode&gt;00&lt;/mode&gt;
+             &lt;owner&gt;0&lt;/owner&gt;
+             &lt;group&gt;0&lt;/group&gt;
+           &lt;/permissions&gt;
+         &lt;/target&gt;
+       &lt;/volume&gt;</pre>
+
+    <h3>Example disk attachment</h3>
+    <p>Sheepdog images can be attached to Qemu guests.
+    Information about attaching a Sheepdog image to a
+    guest can be found
+    at the <a href="formatdomain.html#elementsDisks">format domain</a>
+    page.</p>
+
+    <h3>Valid pool format types</h3>
+    <p>
+      The Sheepdog pool does not use the pool format type element.
+    </p>
+
+    <h3>Valid volume format types</h3>
+    <p>
+      The Sheepdog pool does not use the volume format type element.
+    </p>

  </body>
 </html>
--- a/docs/todo.pl
+++ b/docs/todo.pl
@ -22,17 +22,17 @@ my $blurb = $cfg->get("output/blurb", undef);
 $SIG{__DIE__} = sub {
    my $err = shift;
    if (UNIVERSAL::isa($err, "BZ::Client::Exception")) {
-	die "Unable to access bugzilla: " . $err->message;
+        die "Unable to access bugzilla: " . $err->message;
    }
    die $err;
 };

 my $client = BZ::Client->new(url => $server,
-			     user => $username,
-			     password => $password);
+                             user => $username,
+                             password => $password);

 my $todo = BZ::Client::Bug->search($client, {'product' => $product,
-					     'alias' => $todoalias});
+                                             'alias' => $todoalias});

 die "Cannot find bug alias 'libvirtTodo'" unless $#{$todo} > -1;
 my $todoid = $todo->[0]->{'bug_id'};
@ -42,7 +42,7 @@ $todosummary =~ s/^\s*\[\s*RFE\s*\]\s*:?\s*//;
 $todosummary =~ s/^\s*Tracker\s*:\s*//;

 my $trackers = BZ::Client::Bug->search($client, {'product' => $product,
-						 'blocked' => $todoid });
+                                                 'blocked' => $todoid });

 my @trackers;

@ -55,27 +55,27 @@ foreach my $tracker (@{$trackers}) {
    $summary =~ s/^\s*Tracker\s*:\s*//;

    push @trackers, {
-	id => $tracker->{'bug_id'},
-	summary => $summary,
-	features => [],
+        id => $tracker->{'bug_id'},
+        summary => $summary,
+        features => [],
    };
 }

 foreach my $tracker (@trackers) {
    my $features = BZ::Client::Bug->search($client, {'product' => $product,
-						     'blocked' => $tracker->{id}});
+                                                     'blocked' => $tracker->{id}});

    foreach my $feature (@{$features}) {
-	next if $feature->{'bug_status'} eq "CLOSED";
+        next if $feature->{'bug_status'} eq "CLOSED";

-	my $summary = $feature->{'short_desc'};
-	$summary =~ s/^\s*RFE\s*:\s*//;
-	$summary =~ s/^\s*\[\s*RFE\s*\]\s*:?\s*//;
+        my $summary = $feature->{'short_desc'};
+        $summary =~ s/^\s*RFE\s*:\s*//;
+        $summary =~ s/^\s*\[\s*RFE\s*\]\s*:?\s*//;

-	push @{$tracker->{features}}, {
-	    id => $feature->{'bug_id'},
-	    summary => $summary,
-	};
+        push @{$tracker->{features}}, {
+            id => $feature->{'bug_id'},
+            summary => $summary,
+        };
    }
 }

@ -108,11 +108,11 @@ foreach my $tracker (sort { $a->{summary} cmp $b->{summary} } @trackers) {
    print "    <h2><a href=\"$server/$id\">$summary</a></h2>\n";
    print "    <ul>\n";
    foreach my $feature (sort { $a->{summary} cmp $b->{summary} } @{$tracker->{features}}) {
-	$summary = &escape($feature->{summary});
-	$summary =~ s,^([^:]+):,<strong>$1</strong>,;
+        $summary = &escape($feature->{summary});
+        $summary =~ s,^([^:]+):,<strong>$1</strong>,;

-	$id = $feature->{id};
-	print "      <li>$summary (<strong>rhbz <a href=\"$server/$id\">$id</a></strong>)</li>\n";
+        $id = $feature->{id};
+        print "      <li>$summary (<strong>rhbz <a href=\"$server/$id\">$id</a></strong>)</li>\n";
    }
    print "    </ul>\n";
 }
--- a/docs/uri.html.in
+++ b/docs/uri.html.in
@ -30,7 +30,7 @@ virConnectPtr conn = virConnectOpenReadOnly (<b>"test:///default"</b>);
    <p>
 To simplify life for administrators, it is possible to setup URI aliases in a
 libvirt client configuration file. The configuration file is <code>/etc/libvirt/libvirt.conf</code>
-for the root user, or <code>$HOME/.libvirt/libvirt.conf</code> for any unprivileged user.
+for the root user, or <code>$XDG_CONFIG_DIR/libvirt/libvirt.conf</code> for any unprivileged user.
 In this file, the following syntax can be used to setup aliases
    </p>

--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@ -1,4 +1,4 @@
-# Last Modified: Mon Apr  5 15:11:27 2010
+# Last Modified: Fri Mar 9 14:43:22 2012

  #include <abstractions/base>
  #include <abstractions/consoles>
@ -108,3 +108,22 @@
  /bin/dash rmix,
  /bin/dd rmix,
  /bin/cat rmix,
+
+  /usr/libexec/qemu-bridge-helper Cx,
+  # child profile for bridge helper process
+  profile /usr/libexec/qemu-bridge-helper {
+   #include <abstractions/base>
+
+   capability setuid,
+   capability setgid,
+   capability setpcap,
+   capability net_admin,
+
+   network inet stream,
+
+   /dev/net/tun rw,
+   /etc/qemu/** r,
+   owner @{PROC}/*/status r,
+
+   /usr/libexec/qemu-bridge-helper rmix,
+  }
--- a/examples/domain-events/events-c/event-test.c
+++ b/examples/domain-events/events-c/event-test.c
@ -4,6 +4,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <signal.h>
+#include <inttypes.h>

 #include <libvirt/libvirt.h>
 #include <libvirt/virterror.h>
@ -15,6 +16,8 @@
 # define ATTRIBUTE_UNUSED __attribute__((__unused__))
 #endif

+int run = 1;
+
 /* Prototypes */
 const char *eventToString(int event);
 int myEventAddHandleFunc  (int fd, int event,
@ -38,6 +41,31 @@ void usage(const char *pname);

 /* Callback functions */

+
+static void connectClose(virConnectPtr conn ATTRIBUTE_UNUSED,
+                         int reason,
+                         void *opaque ATTRIBUTE_UNUSED)
+{
+    switch (reason) {
+    case VIR_CONNECT_CLOSE_REASON_ERROR:
+        fprintf(stderr, "Connection closed due to I/O error\n");
+        break;
+    case VIR_CONNECT_CLOSE_REASON_EOF:
+        fprintf(stderr, "Connection closed due to end of file\n");
+        break;
+    case VIR_CONNECT_CLOSE_REASON_KEEPALIVE:
+        fprintf(stderr, "Connection closed due to keepalive timeout\n");
+        break;
+    case VIR_CONNECT_CLOSE_REASON_CLIENT:
+        fprintf(stderr, "Connection closed due to client request\n");
+        break;
+    default:
+        fprintf(stderr, "Connection closed due to unknown reason\n");
+        break;
+    };
+    run = 0;
+}
+
 const char *eventToString(int event) {
    const char *ret = "";
    switch ((virDomainEventType) event) {
@ -62,6 +90,9 @@ const char *eventToString(int event) {
        case VIR_DOMAIN_EVENT_SHUTDOWN:
            ret = "Shutdown";
            break;
+        case VIR_DOMAIN_EVENT_PMSUSPENDED:
+            ret = "PMSuspended";
+            break;
    }
    return ret;
 }
@ -148,7 +179,7 @@ static const char *eventDetailToString(int event, int detail) {
                ret = "Migrated";
                break;
            case VIR_DOMAIN_EVENT_STOPPED_SAVED:
-                ret = "Failed";
+                ret = "Saved";
                break;
            case VIR_DOMAIN_EVENT_STOPPED_FAILED:
                ret = "Failed";
@ -165,6 +196,13 @@ static const char *eventDetailToString(int event, int detail) {
                break;
            }
            break;
+        case VIR_DOMAIN_EVENT_PMSUSPENDED:
+            switch ((virDomainEventPMSuspendedDetailType) detail) {
+            case VIR_DOMAIN_EVENT_PMSUSPENDED_MEMORY:
+                ret = "Memory";
+                break;
+            }
+            break;
    }
    return ret;
 }
@ -222,6 +260,17 @@ static int myDomainEventRTCChangeCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
    return 0;
 }

+static int myDomainEventBalloonChangeCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
+                                              virDomainPtr dom,
+                                              unsigned long long actual,
+                                              void *opaque ATTRIBUTE_UNUSED)
+{
+    printf("%s EVENT: Domain %s(%d) balloon change %" PRIuMAX "KB\n",
+           __func__, virDomainGetName(dom), virDomainGetID(dom), (uintmax_t)actual);
+
+    return 0;
+}
+
 static int myDomainEventWatchdogCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
                                         virDomainPtr dom,
                                         int action,
@ -338,7 +387,7 @@ static int myDomainEventPMWakeupCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
                                         int reason ATTRIBUTE_UNUSED,
                                         void *opaque ATTRIBUTE_UNUSED)
 {
-    printf("%s EVENT: Domain %s(%d) system pmwakeup",
+    printf("%s EVENT: Domain %s(%d) system pmwakeup\n",
           __func__, virDomainGetName(dom), virDomainGetID(dom));
    return 0;
 }
@ -348,7 +397,7 @@ static int myDomainEventPMSuspendCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
                                          int reason ATTRIBUTE_UNUSED,
                                          void *opaque ATTRIBUTE_UNUSED)
 {
-    printf("%s EVENT: Domain %s(%d) system pmsuspend",
+    printf("%s EVENT: Domain %s(%d) system pmsuspend\n",
           __func__, virDomainGetName(dom), virDomainGetID(dom));
    return 0;
 }
@ -368,7 +417,6 @@ void usage(const char *pname)
    printf("%s uri\n", pname);
 }

-int run = 1;

 static void stop(int sig)
 {
@ -391,6 +439,7 @@ int main(int argc, char **argv)
    int callback10ret = -1;
    int callback11ret = -1;
    int callback12ret = -1;
+    int callback13ret = -1;
    struct sigaction action_stop;

    memset(&action_stop, 0, sizeof(action_stop));
@ -413,6 +462,9 @@ int main(int argc, char **argv)
        return -1;
    }

+    virConnectRegisterCloseCallback(dconn,
+                                    connectClose, NULL, NULL);
+
    sigaction(SIGTERM, &action_stop, NULL);
    sigaction(SIGINT, &action_stop, NULL);

@ -476,6 +528,11 @@ int main(int argc, char **argv)
                                                     VIR_DOMAIN_EVENT_ID_PMSUSPEND,
                                                     VIR_DOMAIN_EVENT_CALLBACK(myDomainEventPMSuspendCallback),
                                                     strdup("pmsuspend"), myFreeFunc);
+    callback13ret = virConnectDomainEventRegisterAny(dconn,
+                                                     NULL,
+                                                     VIR_DOMAIN_EVENT_ID_BALLOON_CHANGE,
+                                                     VIR_DOMAIN_EVENT_CALLBACK(myDomainEventBalloonChangeCallback),
+                                                     strdup("callback balloonchange"), myFreeFunc);
    if ((callback1ret != -1) &&
        (callback2ret != -1) &&
        (callback3ret != -1) &&
@ -486,7 +543,8 @@ int main(int argc, char **argv)
        (callback9ret != -1) &&
        (callback10ret != -1) &&
        (callback11ret != -1) &&
-        (callback12ret != -1)) {
+        (callback12ret != -1) &&
+        (callback13ret != -1)) {
        if (virConnectSetKeepAlive(dconn, 5, 3) < 0) {
            virErrorPtr err = virGetLastError();
            fprintf(stderr, "Failed to start keepalive protocol: %s\n",
@ -494,7 +552,7 @@ int main(int argc, char **argv)
            run = 0;
        }

-        while (run && virConnectIsAlive(dconn) == 1) {
+        while (run) {
            if (virEventRunDefaultImpl() < 0) {
                virErrorPtr err = virGetLastError();
                fprintf(stderr, "Failed to run event loop: %s\n",
@ -514,6 +572,7 @@ int main(int argc, char **argv)
        virConnectDomainEventDeregisterAny(dconn, callback10ret);
        virConnectDomainEventDeregisterAny(dconn, callback11ret);
        virConnectDomainEventDeregisterAny(dconn, callback12ret);
+        virConnectDomainEventDeregisterAny(dconn, callback13ret);
        if (callback8ret != -1)
            virConnectDomainEventDeregisterAny(dconn, callback8ret);
    }
--- a/examples/domain-events/events-python/event-test.py
+++ b/examples/domain-events/events-python/event-test.py
@ -178,48 +178,53 @@ class virEventLoopPure:
    def run_once(self):
        sleep = -1
        self.runningPoll = True
-        next = self.next_timeout()
-        debug("Next timeout due at %d" % next)
-        if next > 0:
+        try:
+            next = self.next_timeout()
+            debug("Next timeout due at %d" % next)
+            if next > 0:
+                now = int(time.time() * 1000)
+                if now >= next:
+                    sleep = 0
+                else:
+                    sleep = (next - now) / 1000.0
+
+            debug("Poll with a sleep of %d" % sleep)
+            events = self.poll.poll(sleep)
+
+            # Dispatch any file handle events that occurred
+            for (fd, revents) in events:
+                # See if the events was from the self-pipe
+                # telling us to wakup. if so, then discard
+                # the data just continue
+                if fd == self.pipetrick[0]:
+                    self.pendingWakeup = False
+                    data = os.read(fd, 1)
+                    continue
+
+                h = self.get_handle_by_fd(fd)
+                if h:
+                    debug("Dispatch fd %d handle %d events %d" % (fd, h.get_id(), revents))
+                    h.dispatch(self.events_from_poll(revents))
+
            now = int(time.time() * 1000)
-            if now >= next:
-                sleep = 0
-            else:
-                sleep = (next - now) / 1000.0
+            for t in self.timers:
+                interval = t.get_interval()
+                if interval < 0:
+                    continue

-        debug("Poll with a sleep of %d" % sleep)
-        events = self.poll.poll(sleep)
+                want = t.get_last_fired() + interval
+                # Deduct 20ms, since scheduler timeslice
+                # means we could be ever so slightly early
+                if now >= (want-20):
+                    debug("Dispatch timer %d now %s want %s" % (t.get_id(), str(now), str(want)))
+                    t.set_last_fired(now)
+                    t.dispatch()

-        # Dispatch any file handle events that occurred
-        for (fd, revents) in events:
-            # See if the events was from the self-pipe
-            # telling us to wakup. if so, then discard
-            # the data just continue
-            if fd == self.pipetrick[0]:
-                self.pendingWakeup = False
-                data = os.read(fd, 1)
-                continue
-
-            h = self.get_handle_by_fd(fd)
-            if h:
-                debug("Dispatch fd %d handle %d events %d" % (fd, h.get_id(), revents))
-                h.dispatch(self.events_from_poll(revents))
-
-        now = int(time.time() * 1000)
-        for t in self.timers:
-            interval = t.get_interval()
-            if interval < 0:
-                continue
-
-            want = t.get_last_fired() + interval
-            # Deduct 20ms, since schedular timeslice
-            # means we could be ever so slightly early
-            if now >= (want-20):
-                debug("Dispatch timer %d now %s want %s" % (t.get_id(), str(now), str(want)))
-                t.set_last_fired(now)
-                t.dispatch()
-
-        self.runningPoll = False
+        except (os.error, select.error), e:
+            if e.args[0] != errno.EINTR:
+                raise
+        finally:
+            self.runningPoll = False


    # Actually the event loop forever
@ -431,18 +436,20 @@ def eventToString(event):
                     "Suspended",
                     "Resumed",
                     "Stopped",
-                     "Shutdown" );
+                     "Shutdown",
+                     "PMSuspended" );
    return eventStrings[event];

 def detailToString(event, detail):
    eventStrings = (
        ( "Added", "Updated" ),
-        ( "Removed" ),
-        ( "Booted", "Migrated", "Restored", "Snapshot" ),
-        ( "Paused", "Migrated", "IOError", "Watchdog" ),
-        ( "Unpaused", "Migrated"),
+        ( "Removed", ),
+        ( "Booted", "Migrated", "Restored", "Snapshot", "Wakeup" ),
+        ( "Paused", "Migrated", "IOError", "Watchdog", "Restored", "Snapshot" ),
+        ( "Unpaused", "Migrated", "Snapshot" ),
        ( "Shutdown", "Destroyed", "Crashed", "Migrated", "Saved", "Failed", "Snapshot"),
-        ( "Finished" )
+        ( "Finished", ),
+        ( "Memory", )
        )
    return eventStrings[event][detail]

@ -483,6 +490,8 @@ def myDomainEventPMWakeupCallback(conn, dom, reason, opaque):
 def myDomainEventPMSuspendCallback(conn, dom, reason, opaque):
    print "myDomainEventPMSuspendCallback: Domain %s(%s) system pmsuspend" % (
            dom.name(), dom.ID())
+def myDomainEventBalloonChangeCallback(conn, dom, utcoffset, actual):
+    print "myDomainEventBalloonChangeCallback: Domain %s(%s) %d" % (dom.name(), dom.ID(), actual)
 def usage(out=sys.stderr):
    print >>out, "usage: "+os.path.basename(sys.argv[0])+" [-hdl] [uri]"
    print >>out, "   uri will default to qemu:///system"
@ -544,6 +553,7 @@ def main():
    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_TRAY_CHANGE, myDomainEventTrayChangeCallback, None)
    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_PMWAKEUP, myDomainEventPMWakeupCallback, None)
    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_PMSUSPEND, myDomainEventPMSuspendCallback, None)
+    vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_BALLOON_CHANGE, myDomainEventBalloonChangeCallback, None)

    vc.setKeepAlive(5, 3)

--- a/examples/python/Makefile.am
+++ b/examples/python/Makefile.am
@ -1,6 +1,7 @@
-## Copyright (C) 2005-2011 Red Hat, Inc.
+## Copyright (C) 2005-2012 Red Hat, Inc.
 ## See COPYING.LIB for the License of this software

 EXTRA_DIST=						\
 	README						\
+	consolecallback.py				\
 	dominfo.py domrestore.py domsave.py domstart.py esxlist.py
--- a/examples/python/consolecallback.py
+++ b/examples/python/consolecallback.py
@ -0,0 +1,88 @@
+#!/usr/bin/env python
+# consolecallback - provide a persistent console that survives guest reboots
+
+import sys, os, logging, libvirt, tty, termios, atexit
+
+def reset_term():
+    termios.tcsetattr(0, termios.TCSADRAIN, attrs)
+
+def error_handler(unused, error):
+    # The console stream errors on VM shutdown; we don't care
+    if (error[0] == libvirt.VIR_ERR_RPC and
+        error[1] == libvirt.VIR_FROM_STREAMS):
+        return
+    logging.warn(error)
+
+class Console(object):
+    def __init__(self, uri, uuid):
+        self.uri = uri
+        self.uuid = uuid
+        self.connection = libvirt.open(uri)
+        self.domain = self.connection.lookupByUUIDString(uuid)
+        self.state = self.domain.state(0)
+        self.connection.domainEventRegister(lifecycle_callback, self)
+        self.stream = None
+        self.run_console = True
+        logging.info("%s initial state %d, reason %d",
+                     self.uuid, self.state[0], self.state[1])
+
+def check_console(console):
+    if (console.state[0] == libvirt.VIR_DOMAIN_RUNNING or
+        console.state[0] == libvirt.VIR_DOMAIN_PAUSED):
+        if console.stream == None:
+            console.stream = console.connection.newStream(libvirt.VIR_STREAM_NONBLOCK)
+            console.domain.openConsole(None, console.stream, 0)
+            console.stream.eventAddCallback(libvirt.VIR_STREAM_EVENT_READABLE, stream_callback, console)
+    else:
+        if console.stream:
+            console.stream.eventRemoveCallback()
+            console.stream = None
+
+    return console.run_console
+
+def stdin_callback(watch, fd, events, console):
+    readbuf = os.read(fd, 1024)
+    if readbuf.startswith(""):
+        console.run_console = False
+        return
+    if console.stream:
+        console.stream.send(readbuf)
+
+def stream_callback(stream, events, console):
+    try:
+        received_data = console.stream.recv(1024)
+    except:
+        return
+    os.write(0, received_data)
+
+def lifecycle_callback (connection, domain, event, detail, console):
+    console.state = console.domain.state(0)
+    logging.info("%s transitioned to state %d, reason %d",
+                 console.uuid, console.state[0], console.state[1])
+
+# main
+if len(sys.argv) != 3:
+    print "Usage:", sys.argv[0], "URI UUID"
+    print "for example:", sys.argv[0], "'qemu:///system' '32ad945f-7e78-c33a-e96d-39f25e025d81'"
+    sys.exit(1)
+
+uri = sys.argv[1]
+uuid = sys.argv[2]
+
+print "Escape character is ^]"
+logging.basicConfig(filename='msg.log', level=logging.DEBUG)
+logging.info("URI: %s", uri)
+logging.info("UUID: %s", uuid)
+
+libvirt.virEventRegisterDefaultImpl()
+libvirt.registerErrorHandler(error_handler, None)
+
+atexit.register(reset_term)
+attrs = termios.tcgetattr(0)
+tty.setraw(0)
+
+console = Console(uri, uuid)
+console.stdin_watch = libvirt.virEventAddHandle(0, libvirt.VIR_EVENT_HANDLE_READABLE, stdin_callback, console)
+
+while check_console(console):
+    libvirt.virEventRunDefaultImpl()
--- a/examples/systemtap/events.stp
+++ b/examples/systemtap/events.stp
@ -13,8 +13,8 @@
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.
 #
 # Author: Daniel P. Berrange <berrange@redhat.com>
 #
--- a/examples/systemtap/qemu-monitor.stp
+++ b/examples/systemtap/qemu-monitor.stp
@ -13,8 +13,8 @@
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.
 #
 # Author: Daniel P. Berrange <berrange@redhat.com>
 #
--- a/examples/systemtap/rpc-monitor.stp
+++ b/examples/systemtap/rpc-monitor.stp
@ -13,8 +13,8 @@
 # Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.
 #
 # Author: Daniel P. Berrange <berrange@redhat.com>
 #
--- a/gnulib/local/top/maint.mk.diff
+++ b/gnulib/local/top/maint.mk.diff
@ -1,32 +0,0 @@
-diff --git i/top/maint.mk w/top/maint.mk
-index 4cbd5f4..2228a37 100644
--- i/top/maint.mk
-+++ w/top/maint.mk
-@@ -279,7 +279,7 @@ define _sc_search_regexp
-    if test -n "$$files"; then						\
-      if test -n "$$prohibit"; then					\
-        grep $$with_grep_options $(_ignore_case) -nE "$$prohibit" $$files \
-         | grep -vE "$${exclude-^$$}"					\
-+         | grep -vE "$${exclude:-^$$}"					\
-          && { msg="$$halt" $(_sc_say_and_exit) } || :;			\
-      else								\
-        grep $$with_grep_options $(_ignore_case) -LE "$$require" $$files \
-@@ -455,7 +455,8 @@ sc_prohibit_quotearg_without_use:
-
- # Don't include quote.h unless you use one of its functions.
- sc_prohibit_quote_without_use:
-	@h='quote.h' re='\<quote(_n)? *\(' $(_sc_header_without_use)
-+	@h='quote.h' re='\<quote((_n)? *\(|_quoting_options\>)' \
-+	  $(_sc_header_without_use)
-
- # Don't include this header unless you use one of its functions.
- sc_prohibit_long_options_without_use:
-@@ -1332,7 +1333,7 @@ alpha beta stable: $(local-check) writable-files $(submodule-checks)
- 	$(MAKE) vc-diff-check
- 	$(MAKE) news-check
- 	$(MAKE) distcheck
-	$(MAKE) dist XZ_OPT=-9ev
-+	$(MAKE) dist
- 	$(MAKE) $(release-prep-hook) RELEASE_TYPE=$@
- 	$(MAKE) -s emit_upload_commands RELEASE_TYPE=$@
-
--- a/include/libvirt/libvirt-qemu.h
+++ b/include/libvirt/libvirt-qemu.h
@ -1,12 +1,24 @@
 /* -*- c -*-
- * libvirt-qemu.h:
+ * libvirt-qemu.h: Interfaces specific for QEMU/KVM driver
 * Summary: qemu specific interfaces
 * Description: Provides the interfaces of the libvirt library to handle
 *              qemu specific methods
 *
- * Copy:  Copyright (C) 2010, 2012 Red Hat, Inc.
+ * Copyright (C) 2010, 2012 Red Hat, Inc.
 *
- * See COPYING.LIB for the License of this software
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
 *
 * Author: Chris Lalancette <clalance@redhat.com>
 */
@ -32,6 +44,16 @@ virDomainPtr virDomainQemuAttach(virConnectPtr domain,
                                 unsigned int pid_value,
                                 unsigned int flags);

+typedef enum {
+    VIR_DOMAIN_QEMU_AGENT_COMMAND_MIN = -2,
+    VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK = -2,
+    VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT = -1,
+    VIR_DOMAIN_QEMU_AGENT_COMMAND_NOWAIT = 0,
+} virDomainQemuAgentCommandTimeoutValues;
+
+char *virDomainQemuAgentCommand(virDomainPtr domain, const char *cmd,
+                                int timeout, unsigned int flags);
+
 # ifdef __cplusplus
 }
 # endif
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@ -1,12 +1,24 @@
 /* -*- c -*-
- * libvirt.h:
+ * libvirt.h: Core interfaces for the libvirt library
 * Summary: core interfaces for the libvirt library
 * Description: Provides the interfaces of the libvirt library to handle
 *              virtualized domains
 *
- * Copy:  Copyright (C) 2005-2006, 2010-2012 Red Hat, Inc.
+ * Copyright (C) 2005-2006, 2010-2012 Red Hat, Inc.
 *
- * See COPYING.LIB for the License of this software
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
 *
 * Author: Daniel Veillard <veillard@redhat.com>
 */
@ -49,6 +61,24 @@ extern "C" {
 * defines VIR_ENUM_SENTINELS.  Enumerations for bit values do not
 * have a *_LAST value, but additional bits may be defined.  */

+/*
+ * virFreeCallback:
+ * @opaque: opaque user data provided at registration
+ *
+ * Type for a callback cleanup function to be paired with a callback.  This
+ * function will be called as a final chance to clean up the @opaque
+ * registered with the primary callback, at the time when the primary
+ * callback is deregistered.
+ *
+ * It is forbidden to call any other libvirt APIs from an
+ * implementation of this callback, since it can be invoked
+ * from a context which is not re-entrant safe. Failure to
+ * abide by this requirement may lead to application deadlocks
+ * or crashes.
+ */
+typedef void (*virFreeCallback)(void *opaque);
+
+
 /**
 * virConnect:
 *
@ -649,18 +679,36 @@ typedef virTypedParameter *virTypedParameterPtr;
 * VIR_DOMAIN_SCHEDULER_VCPU_PERIOD:
 *
 * Macro represents the enforcement period for a quota, in microseconds,
- * when using the posix scheduler, as a ullong.
+ * for vcpus only, when using the posix scheduler, as a ullong.
 */
 #define VIR_DOMAIN_SCHEDULER_VCPU_PERIOD "vcpu_period"

 /**
 * VIR_DOMAIN_SCHEDULER_VCPU_QUOTA:
 *
- * Macro represents the maximum bandwidth to be used within a period,
- * when using the posix scheduler, as an llong.
+ * Macro represents the maximum bandwidth to be used within a period for
+ * vcpus only, when using the posix scheduler, as an llong.
 */
 #define VIR_DOMAIN_SCHEDULER_VCPU_QUOTA "vcpu_quota"

+/**
+ * VIR_DOMAIN_SCHEDULER_EMULATOR_PERIOD:
+ *
+ * Macro represents the enforcement period for a quota in microseconds,
+ * when using the posix scheduler, for all emulator activity not tied to
+ * vcpus, as a ullong.
+ */
+#define VIR_DOMAIN_SCHEDULER_EMULATOR_PERIOD "emulator_period"
+
+/**
+ * VIR_DOMAIN_SCHEDULER_EMULATOR_QUOTA:
+ *
+ * Macro represents the maximum bandwidth to be used within a period for
+ * all emulator activity not tied to vcpus, when using the posix scheduler,
+ * as an llong.
+ */
+#define VIR_DOMAIN_SCHEDULER_EMULATOR_QUOTA "emulator_quota"
+
 /**
 * VIR_DOMAIN_SCHEDULER_WEIGHT:
 *
@ -736,11 +784,11 @@ int     virDomainSetSchedulerParametersFlags (virDomainPtr domain,
 typedef struct _virDomainBlockStats virDomainBlockStatsStruct;

 struct _virDomainBlockStats {
-  long long rd_req; /* number of read requests */
-  long long rd_bytes; /* number of read bytes */
-  long long wr_req; /* number of write requests */
-  long long wr_bytes; /* number of written bytes */
-  long long errs;   /* In Xen this returns the mysterious 'oo_req'. */
+    long long rd_req; /* number of read requests */
+    long long rd_bytes; /* number of read bytes */
+    long long wr_req; /* number of write requests */
+    long long wr_bytes; /* number of written bytes */
+    long long errs;   /* In Xen this returns the mysterious 'oo_req'. */
 };

 /**
@ -843,14 +891,14 @@ typedef virDomainBlockStatsStruct *virDomainBlockStatsPtr;
 typedef struct _virDomainInterfaceStats virDomainInterfaceStatsStruct;

 struct _virDomainInterfaceStats {
-  long long rx_bytes;
-  long long rx_packets;
-  long long rx_errs;
-  long long rx_drop;
-  long long tx_bytes;
-  long long tx_packets;
-  long long tx_errs;
-  long long tx_drop;
+    long long rx_bytes;
+    long long rx_packets;
+    long long rx_errs;
+    long long rx_drop;
+    long long tx_bytes;
+    long long tx_packets;
+    long long tx_errs;
+    long long tx_drop;
 };

 /**
@ -927,6 +975,7 @@ typedef enum {
    VIR_DUMP_LIVE         = (1 << 1), /* live dump */
    VIR_DUMP_BYPASS_CACHE = (1 << 2), /* avoid file system cache pollution */
    VIR_DUMP_RESET        = (1 << 3), /* reset domain after dump finishes */
+    VIR_DUMP_MEMORY_ONLY  = (1 << 4), /* use dump-guest-memory */
 } virDomainCoreDumpFlags;

 /* Domain migration flags. */
@ -1147,6 +1196,27 @@ int virConnectSetKeepAlive(virConnectPtr conn,
                           int interval,
                           unsigned int count);

+typedef enum {
+    VIR_CONNECT_CLOSE_REASON_ERROR     = 0, /* Misc I/O error */
+    VIR_CONNECT_CLOSE_REASON_EOF       = 1, /* End-of-file from server */
+    VIR_CONNECT_CLOSE_REASON_KEEPALIVE = 2, /* Keepalive timer triggered */
+    VIR_CONNECT_CLOSE_REASON_CLIENT    = 3, /* Client requested it */
+
+# ifdef VIR_ENUM_SENTINELS
+    VIR_CONNECT_CLOSE_REASON_LAST
+# endif
+} virConnectCloseReason;
+
+typedef void (*virConnectCloseFunc)(virConnectPtr conn,
+                                    int reason,
+                                    void *opaque);
+
+int virConnectRegisterCloseCallback(virConnectPtr conn,
+                                    virConnectCloseFunc cb,
+                                    void *opaque,
+                                    virFreeCallback freecb);
+int virConnectUnregisterCloseCallback(virConnectPtr conn,
+                                      virConnectCloseFunc cb);

 /*
 * Capabilities of the connection / driver.
@ -1339,7 +1409,8 @@ int                     virDomainGetState       (virDomainPtr domain,

 /**
 * VIR_DOMAIN_CPU_STATS_CPUTIME:
- * cpu usage in nanoseconds, as a ullong
+ * cpu usage (sum of both vcpu and hypervisor usage) in nanoseconds,
+ * as a ullong
 */
 #define VIR_DOMAIN_CPU_STATS_CPUTIME "cpu_time"

@ -1355,6 +1426,13 @@ int                     virDomainGetState       (virDomainPtr domain,
 */
 #define VIR_DOMAIN_CPU_STATS_SYSTEMTIME "system_time"

+/**
+ * VIR_DOMAIN_CPU_STATS_VCPUTIME:
+ * vcpu usage in nanoseconds (cpu_time excluding hypervisor time),
+ * as a ullong
+ */
+#define VIR_DOMAIN_CPU_STATS_VCPUTIME "vcpu_time"
+
 int virDomainGetCPUStats(virDomainPtr domain,
                         virTypedParameterPtr params,
                         unsigned int nparams,
@ -1531,6 +1609,10 @@ int                     virDomainSetMemoryFlags (virDomainPtr domain,
 int                     virDomainGetMaxVcpus    (virDomainPtr domain);
 int                     virDomainGetSecurityLabel (virDomainPtr domain,
                                                   virSecurityLabelPtr seclabel);
+char *                  virDomainGetHostname    (virDomainPtr domain,
+                                                 unsigned int flags);
+int                     virDomainGetSecurityLabelList (virDomainPtr domain,
+                                                       virSecurityLabelPtr* seclabels);

 typedef enum {
    VIR_DOMAIN_METADATA_DESCRIPTION = 0, /* Operate on <description> */
@ -1719,8 +1801,8 @@ int                     virDomainMemoryStats (virDomainPtr dom,
 /* Memory peeking flags. */

 typedef enum {
-  VIR_MEMORY_VIRTUAL            = 1 << 0, /* addresses are virtual addresses */
-  VIR_MEMORY_PHYSICAL           = 1 << 1, /* addresses are physical addresses */
+    VIR_MEMORY_VIRTUAL            = 1 << 0, /* addresses are virtual addresses */
+    VIR_MEMORY_PHYSICAL           = 1 << 1, /* addresses are physical addresses */
 } virDomainMemoryFlags;

 int                     virDomainMemoryPeek (virDomainPtr dom,
@ -1751,8 +1833,40 @@ int                     virDomainUndefineFlags   (virDomainPtr domain,
                                                  unsigned int flags);
 int                     virConnectNumOfDefinedDomains  (virConnectPtr conn);
 int                     virConnectListDefinedDomains (virConnectPtr conn,
-                                                 char **const names,
-                                                 int maxnames);
+                                                      char **const names,
+                                                      int maxnames);
+/**
+ * virConnectListAllDomainsFlags:
+ *
+ * Flags used to tune which domains are listed by virConnectListAllDomains().
+ * Note that these flags come in groups; if all bits from a group are 0,
+ * then that group is not used to filter results.
+ */
+typedef enum {
+    VIR_CONNECT_LIST_DOMAINS_ACTIVE         = 1 << 0,
+    VIR_CONNECT_LIST_DOMAINS_INACTIVE       = 1 << 1,
+
+    VIR_CONNECT_LIST_DOMAINS_PERSISTENT     = 1 << 2,
+    VIR_CONNECT_LIST_DOMAINS_TRANSIENT      = 1 << 3,
+
+    VIR_CONNECT_LIST_DOMAINS_RUNNING        = 1 << 4,
+    VIR_CONNECT_LIST_DOMAINS_PAUSED         = 1 << 5,
+    VIR_CONNECT_LIST_DOMAINS_SHUTOFF        = 1 << 6,
+    VIR_CONNECT_LIST_DOMAINS_OTHER          = 1 << 7,
+
+    VIR_CONNECT_LIST_DOMAINS_MANAGEDSAVE    = 1 << 8,
+    VIR_CONNECT_LIST_DOMAINS_NO_MANAGEDSAVE = 1 << 9,
+
+    VIR_CONNECT_LIST_DOMAINS_AUTOSTART      = 1 << 10,
+    VIR_CONNECT_LIST_DOMAINS_NO_AUTOSTART   = 1 << 11,
+
+    VIR_CONNECT_LIST_DOMAINS_HAS_SNAPSHOT   = 1 << 12,
+    VIR_CONNECT_LIST_DOMAINS_NO_SNAPSHOT    = 1 << 13,
+} virConnectListAllDomainsFlags;
+
+int                     virConnectListAllDomains (virConnectPtr conn,
+                                                  virDomainPtr **domains,
+                                                  unsigned int flags);
 int                     virDomainCreate         (virDomainPtr domain);
 int                     virDomainCreateWithFlags (virDomainPtr domain,
                                                 unsigned int flags);
@ -1820,6 +1934,16 @@ int                     virDomainGetVcpuPinInfo (virDomainPtr domain,
                                                 int maplen,
                                                 unsigned int flags);

+int                     virDomainPinEmulator   (virDomainPtr domain,
+                                                unsigned char *cpumap,
+                                                int maplen,
+                                                unsigned int flags);
+
+int                     virDomainGetEmulatorPinInfo (virDomainPtr domain,
+                                                     unsigned char *cpumaps,
+                                                     int maplen,
+                                                     unsigned int flags);
+
 /**
 * VIR_USE_CPU:
 * @cpumap: pointer to a bit map of real CPUs (in 8-bit bytes) (IN/OUT)
@ -1934,18 +2058,35 @@ int virDomainUpdateDeviceFlags(virDomainPtr domain,
 /**
 * virDomainBlockJobType:
 *
- * VIR_DOMAIN_BLOCK_JOB_TYPE_PULL: Block Pull (virDomainBlockPull or
- * virDomainBlockRebase)
+ * VIR_DOMAIN_BLOCK_JOB_TYPE_PULL: Block Pull (virDomainBlockPull, or
+ * virDomainBlockRebase without flags), job ends on completion
+ * VIR_DOMAIN_BLOCK_JOB_TYPE_COPY: Block Copy (virDomainBlockRebase with
+ * flags), job exists as long as mirroring is active
+ * VIR_DOMAIN_BLOCK_JOB_TYPE_COMMIT: Block Commit (virDomainBlockCommit),
+ * job ends on completion
 */
 typedef enum {
    VIR_DOMAIN_BLOCK_JOB_TYPE_UNKNOWN = 0,
    VIR_DOMAIN_BLOCK_JOB_TYPE_PULL = 1,
+    VIR_DOMAIN_BLOCK_JOB_TYPE_COPY = 2,
+    VIR_DOMAIN_BLOCK_JOB_TYPE_COMMIT = 3,

 #ifdef VIR_ENUM_SENTINELS
    VIR_DOMAIN_BLOCK_JOB_TYPE_LAST
 #endif
 } virDomainBlockJobType;

+/**
+ * virDomainBlockJobAbortFlags:
+ *
+ * VIR_DOMAIN_BLOCK_JOB_ABORT_ASYNC: Request only, do not wait for completion
+ * VIR_DOMAIN_BLOCK_JOB_ABORT_PIVOT: Pivot to mirror when ending a copy job
+ */
+typedef enum {
+    VIR_DOMAIN_BLOCK_JOB_ABORT_ASYNC = 1 << 0,
+    VIR_DOMAIN_BLOCK_JOB_ABORT_PIVOT = 1 << 1,
+} virDomainBlockJobAbortFlags;
+
 /* An iterator for monitoring block job operations */
 typedef unsigned long long virDomainBlockJobCursor;

@ -1974,10 +2115,42 @@ int    virDomainBlockJobSetSpeed(virDomainPtr dom, const char *disk,

 int           virDomainBlockPull(virDomainPtr dom, const char *disk,
                                 unsigned long bandwidth, unsigned int flags);
+
+/**
+ * virDomainBlockRebaseFlags:
+ *
+ * Flags available for virDomainBlockRebase().
+ */
+typedef enum {
+    VIR_DOMAIN_BLOCK_REBASE_SHALLOW   = 1 << 0, /* Limit copy to top of source
+                                                   backing chain */
+    VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT = 1 << 1, /* Reuse existing external
+                                                   file for a copy */
+    VIR_DOMAIN_BLOCK_REBASE_COPY_RAW  = 1 << 2, /* Make destination file raw */
+    VIR_DOMAIN_BLOCK_REBASE_COPY      = 1 << 3, /* Start a copy job */
+} virDomainBlockRebaseFlags;
+
 int           virDomainBlockRebase(virDomainPtr dom, const char *disk,
                                   const char *base, unsigned long bandwidth,
                                   unsigned int flags);

+/**
+ * virDomainBlockCommitFlags:
+ *
+ * Flags available for virDomainBlockCommit().
+ */
+typedef enum {
+    VIR_DOMAIN_BLOCK_COMMIT_SHALLOW = 1 << 0, /* NULL base means next backing
+                                                 file, not whole chain */
+    VIR_DOMAIN_BLOCK_COMMIT_DELETE  = 1 << 1, /* Delete any files that are now
+                                                 invalid after their contents
+                                                 have been committed */
+} virDomainBlockCommitFlags;
+
+int virDomainBlockCommit(virDomainPtr dom, const char *disk, const char *base,
+                         const char *top, unsigned long bandwidth,
+                         unsigned int flags);
+

 /* Block I/O throttling support */

@ -2126,6 +2299,26 @@ int                     virConnectNumOfDefinedNetworks  (virConnectPtr conn);
 int                     virConnectListDefinedNetworks   (virConnectPtr conn,
                                                         char **const names,
                                                         int maxnames);
+/*
+ * virConnectListAllNetworks:
+ *
+ * Flags used to filter the returned networks. Flags in each group
+ * are exclusive attributes of a network.
+ */
+typedef enum {
+    VIR_CONNECT_LIST_NETWORKS_INACTIVE      = 1 << 0,
+    VIR_CONNECT_LIST_NETWORKS_ACTIVE        = 1 << 1,
+
+    VIR_CONNECT_LIST_NETWORKS_PERSISTENT    = 1 << 2,
+    VIR_CONNECT_LIST_NETWORKS_TRANSIENT     = 1 << 3,
+
+    VIR_CONNECT_LIST_NETWORKS_AUTOSTART     = 1 << 4,
+    VIR_CONNECT_LIST_NETWORKS_NO_AUTOSTART  = 1 << 5,
+} virConnectListAllNetworksFlags;
+
+int                     virConnectListAllNetworks       (virConnectPtr conn,
+                                                         virNetworkPtr **nets,
+                                                         unsigned int flags);

 /*
 * Lookup network by name or uuid
@ -2154,6 +2347,72 @@ virNetworkPtr           virNetworkDefineXML     (virConnectPtr conn,
 */
 int                     virNetworkUndefine      (virNetworkPtr network);

+/**
+ * virNetworkUpdateCommand:
+ *
+ * describes which type of update to perform on a <network>
+ * definition.
+ *
+ */
+typedef enum {
+    VIR_NETWORK_UPDATE_COMMAND_NONE      = 0, /* (invalid) */
+    VIR_NETWORK_UPDATE_COMMAND_MODIFY    = 1, /* modify an existing element */
+    VIR_NETWORK_UPDATE_COMMAND_DELETE    = 2, /* delete an existing element */
+    VIR_NETWORK_UPDATE_COMMAND_ADD_LAST  = 3, /* add an element at end of list */
+    VIR_NETWORK_UPDATE_COMMAND_ADD_FIRST = 4, /* add an element at start of list */
+#ifdef VIR_ENUM_SENTINELS
+    VIR_NETWORK_UPDATE_COMMAND_LAST
+#endif
+} virNetworkUpdateCommand;
+
+/**
+ * virNetworkUpdateSection:
+ *
+ * describes which section of a <network> definition the provided
+ * xml should be applied to.
+ *
+ */
+typedef enum {
+    VIR_NETWORK_SECTION_NONE              =  0, /* (invalid) */
+    VIR_NETWORK_SECTION_BRIDGE            =  1, /* <bridge> */
+    VIR_NETWORK_SECTION_DOMAIN            =  2, /* <domain> */
+    VIR_NETWORK_SECTION_IP                =  3, /* <ip> */
+    VIR_NETWORK_SECTION_IP_DHCP_HOST      =  4, /* <ip>/<dhcp>/<host> */
+    VIR_NETWORK_SECTION_IP_DHCP_RANGE     =  5, /* <ip>/<dhcp>/<range> */
+    VIR_NETWORK_SECTION_FORWARD           =  6, /* <forward> */
+    VIR_NETWORK_SECTION_FORWARD_INTERFACE =  7, /* <forward>/<interface> */
+    VIR_NETWORK_SECTION_FORWARD_PF        =  8, /* <forward>/<pf> */
+    VIR_NETWORK_SECTION_PORTGROUP         =  9, /* <portgroup> */
+    VIR_NETWORK_SECTION_DNS_HOST          = 10, /* <dns>/<host> */
+    VIR_NETWORK_SECTION_DNS_TXT           = 11, /* <dns>/<txt> */
+    VIR_NETWORK_SECTION_DNS_SRV           = 12, /* <dns>/<srv> */
+#ifdef VIR_ENUM_SENTINELS
+    VIR_NETWORK_SECTION_LAST
+#endif
+} virNetworkUpdateSection;
+
+/**
+ * virNetworkUpdateFlags:
+ *
+ * Flags to control options for virNetworkUpdate()
+ */
+typedef enum {
+    VIR_NETWORK_UPDATE_AFFECT_CURRENT = 0,      /* affect live if network is active,
+                                                   config if it's not active */
+    VIR_NETWORK_UPDATE_AFFECT_LIVE    = 1 << 0, /* affect live state of network only */
+    VIR_NETWORK_UPDATE_AFFECT_CONFIG  = 1 << 1, /* affect persistent config only */
+    } virNetworkUpdateFlags;
+
+/*
+ * Update an existing network definition
+ */
+int                     virNetworkUpdate(virNetworkPtr network,
+                                         unsigned int command, /* virNetworkUpdateCommand */
+                                         unsigned int section, /* virNetworkUpdateSection */
+                                         int parentIndex,
+                                         const char *xml,
+                                         unsigned int flags);
+
 /*
 * Activate persistent network
 */
@ -2213,6 +2472,19 @@ int                     virConnectNumOfDefinedInterfaces (virConnectPtr conn);
 int                     virConnectListDefinedInterfaces  (virConnectPtr conn,
                                                          char **const names,
                                                          int maxnames);
+/*
+ * virConnectListAllInterfaces:
+ *
+ * Flags used to filter the returned interfaces.
+ */
+typedef enum {
+    VIR_CONNECT_LIST_INTERFACES_INACTIVE      = 1 << 0,
+    VIR_CONNECT_LIST_INTERFACES_ACTIVE        = 1 << 1,
+} virConnectListAllInterfacesFlags;
+
+int                     virConnectListAllInterfaces (virConnectPtr conn,
+                                                     virInterfacePtr **ifaces,
+                                                     unsigned int flags);

 virInterfacePtr         virInterfaceLookupByName  (virConnectPtr conn,
                                                   const char *name);
@ -2288,17 +2560,17 @@ typedef enum {
 } virStoragePoolBuildFlags;

 typedef enum {
-  VIR_STORAGE_POOL_DELETE_NORMAL = 0, /* Delete metadata only    (fast) */
-  VIR_STORAGE_POOL_DELETE_ZEROED = 1 << 0,  /* Clear all data to zeros (slow) */
+    VIR_STORAGE_POOL_DELETE_NORMAL = 0, /* Delete metadata only    (fast) */
+    VIR_STORAGE_POOL_DELETE_ZEROED = 1 << 0,  /* Clear all data to zeros (slow) */
 } virStoragePoolDeleteFlags;

 typedef struct _virStoragePoolInfo virStoragePoolInfo;

 struct _virStoragePoolInfo {
-  int state;                     /* virStoragePoolState flags */
-  unsigned long long capacity;   /* Logical size bytes */
-  unsigned long long allocation; /* Current allocation bytes */
-  unsigned long long available;  /* Remaining free space bytes */
+    int state;                     /* virStoragePoolState flags */
+    unsigned long long capacity;   /* Logical size bytes */
+    unsigned long long allocation; /* Current allocation bytes */
+    unsigned long long available;  /* Remaining free space bytes */
 };

 typedef virStoragePoolInfo *virStoragePoolInfoPtr;
@ -2321,9 +2593,10 @@ typedef virStorageVol *virStorageVolPtr;


 typedef enum {
-  VIR_STORAGE_VOL_FILE = 0,     /* Regular file based volumes */
-  VIR_STORAGE_VOL_BLOCK = 1,    /* Block based volumes */
-  VIR_STORAGE_VOL_DIR = 2,      /* Directory-passthrough based volume */
+    VIR_STORAGE_VOL_FILE = 0,     /* Regular file based volumes */
+    VIR_STORAGE_VOL_BLOCK = 1,    /* Block based volumes */
+    VIR_STORAGE_VOL_DIR = 2,      /* Directory-passthrough based volume */
+    VIR_STORAGE_VOL_NETWORK = 3,  /* Network volumes like RBD (RADOS Block Device) */

 #ifdef VIR_ENUM_SENTINELS
    VIR_STORAGE_VOL_LAST
@ -2331,49 +2604,53 @@ typedef enum {
 } virStorageVolType;

 typedef enum {
-  VIR_STORAGE_VOL_DELETE_NORMAL = 0, /* Delete metadata only    (fast) */
-  VIR_STORAGE_VOL_DELETE_ZEROED = 1 << 0,  /* Clear all data to zeros (slow) */
+    VIR_STORAGE_VOL_DELETE_NORMAL = 0, /* Delete metadata only    (fast) */
+    VIR_STORAGE_VOL_DELETE_ZEROED = 1 << 0,  /* Clear all data to zeros (slow) */
 } virStorageVolDeleteFlags;

 typedef enum {
-  VIR_STORAGE_VOL_WIPE_ALG_ZERO = 0, /* 1-pass, all zeroes */
-  VIR_STORAGE_VOL_WIPE_ALG_NNSA = 1, /* 4-pass  NNSA Policy Letter
+    VIR_STORAGE_VOL_WIPE_ALG_ZERO = 0, /* 1-pass, all zeroes */
+    VIR_STORAGE_VOL_WIPE_ALG_NNSA = 1, /* 4-pass  NNSA Policy Letter
                                        NAP-14.1-C (XVI-8) */
-  VIR_STORAGE_VOL_WIPE_ALG_DOD = 2, /* 4-pass DoD 5220.22-M section
+    VIR_STORAGE_VOL_WIPE_ALG_DOD = 2, /* 4-pass DoD 5220.22-M section
                                       8-306 procedure */
-  VIR_STORAGE_VOL_WIPE_ALG_BSI = 3, /* 9-pass method recommended by the
+    VIR_STORAGE_VOL_WIPE_ALG_BSI = 3, /* 9-pass method recommended by the
                                       German Center of Security in
                                       Information Technologies */
-  VIR_STORAGE_VOL_WIPE_ALG_GUTMANN = 4, /* The canonical 35-pass sequence */
-  VIR_STORAGE_VOL_WIPE_ALG_SCHNEIER = 5, /* 7-pass method described by
+    VIR_STORAGE_VOL_WIPE_ALG_GUTMANN = 4, /* The canonical 35-pass sequence */
+    VIR_STORAGE_VOL_WIPE_ALG_SCHNEIER = 5, /* 7-pass method described by
                                             Bruce Schneier in "Applied
                                             Cryptography" (1996) */
-  VIR_STORAGE_VOL_WIPE_ALG_PFITZNER7 = 6, /* 7-pass random */
+    VIR_STORAGE_VOL_WIPE_ALG_PFITZNER7 = 6, /* 7-pass random */

-  VIR_STORAGE_VOL_WIPE_ALG_PFITZNER33 = 7, /* 33-pass random */
+    VIR_STORAGE_VOL_WIPE_ALG_PFITZNER33 = 7, /* 33-pass random */

-  VIR_STORAGE_VOL_WIPE_ALG_RANDOM = 8, /* 1-pass random */
+    VIR_STORAGE_VOL_WIPE_ALG_RANDOM = 8, /* 1-pass random */

 #ifdef VIR_ENUM_SENTINELS
-  /*
-   * NB: this enum value will increase over time as new algorithms are
-   * added to the libvirt API. It reflects the last algorithm supported
-   * by this version of the libvirt API.
-   */
-  VIR_STORAGE_VOL_WIPE_ALG_LAST
+    /*
+     * NB: this enum value will increase over time as new algorithms are
+     * added to the libvirt API. It reflects the last algorithm supported
+     * by this version of the libvirt API.
+     */
+    VIR_STORAGE_VOL_WIPE_ALG_LAST
 #endif
 } virStorageVolWipeAlgorithm;

 typedef struct _virStorageVolInfo virStorageVolInfo;

 struct _virStorageVolInfo {
-  int type;                      /* virStorageVolType flags */
-  unsigned long long capacity;   /* Logical size bytes */
-  unsigned long long allocation; /* Current allocation bytes */
+    int type;                      /* virStorageVolType flags */
+    unsigned long long capacity;   /* Logical size bytes */
+    unsigned long long allocation; /* Current allocation bytes */
 };

 typedef virStorageVolInfo *virStorageVolInfoPtr;

+typedef enum {
+    VIR_STORAGE_XML_INACTIVE    = (1 << 0), /* dump inactive pool/volume information */
+} virStorageXMLFlags;
+
 /*
 * Get connection from pool.
 */
@ -2395,6 +2672,39 @@ int                     virConnectListDefinedStoragePools(virConnectPtr conn,
                                                          char **const names,
                                                          int maxnames);

+/*
+ * virConnectListAllStoragePoolsFlags:
+ *
+ * Flags used to tune pools returned by virConnectListAllStoragePools().
+ * Note that these flags come in groups; if all bits from a group are 0,
+ * then that group is not used to filter results.
+ */
+typedef enum {
+    VIR_CONNECT_LIST_STORAGE_POOLS_INACTIVE      = 1 << 0,
+    VIR_CONNECT_LIST_STORAGE_POOLS_ACTIVE        = 1 << 1,
+
+    VIR_CONNECT_LIST_STORAGE_POOLS_PERSISTENT    = 1 << 2,
+    VIR_CONNECT_LIST_STORAGE_POOLS_TRANSIENT     = 1 << 3,
+
+    VIR_CONNECT_LIST_STORAGE_POOLS_AUTOSTART     = 1 << 4,
+    VIR_CONNECT_LIST_STORAGE_POOLS_NO_AUTOSTART  = 1 << 5,
+
+    /* List pools by type */
+    VIR_CONNECT_LIST_STORAGE_POOLS_DIR           = 1 << 6,
+    VIR_CONNECT_LIST_STORAGE_POOLS_FS            = 1 << 7,
+    VIR_CONNECT_LIST_STORAGE_POOLS_NETFS         = 1 << 8,
+    VIR_CONNECT_LIST_STORAGE_POOLS_LOGICAL       = 1 << 9,
+    VIR_CONNECT_LIST_STORAGE_POOLS_DISK          = 1 << 10,
+    VIR_CONNECT_LIST_STORAGE_POOLS_ISCSI         = 1 << 11,
+    VIR_CONNECT_LIST_STORAGE_POOLS_SCSI          = 1 << 12,
+    VIR_CONNECT_LIST_STORAGE_POOLS_MPATH         = 1 << 13,
+    VIR_CONNECT_LIST_STORAGE_POOLS_RBD           = 1 << 14,
+    VIR_CONNECT_LIST_STORAGE_POOLS_SHEEPDOG      = 1 << 15,
+} virConnectListAllStoragePoolsFlags;
+
+int                     virConnectListAllStoragePools(virConnectPtr conn,
+                                                      virStoragePoolPtr **pools,
+                                                      unsigned int flags);
 /*
 * Query a host for storage pools of a particular type
 */
@ -2463,6 +2773,9 @@ int                     virStoragePoolNumOfVolumes      (virStoragePoolPtr pool)
 int                     virStoragePoolListVolumes       (virStoragePoolPtr pool,
                                                         char **const names,
                                                         int maxnames);
+int                     virStoragePoolListAllVolumes    (virStoragePoolPtr pool,
+                                                         virStorageVolPtr **vols,
+                                                         unsigned int flags);

 virConnectPtr           virStorageVolGetConnect         (virStorageVolPtr vol);

@ -2515,9 +2828,9 @@ char *                  virStorageVolGetXMLDesc         (virStorageVolPtr pool,
 char *                  virStorageVolGetPath            (virStorageVolPtr vol);

 typedef enum {
-  VIR_STORAGE_VOL_RESIZE_ALLOCATE = 1 << 0, /* force allocation of new size */
-  VIR_STORAGE_VOL_RESIZE_DELTA    = 1 << 1, /* size is relative to current */
-  VIR_STORAGE_VOL_RESIZE_SHRINK   = 1 << 2, /* allow decrease in capacity */
+    VIR_STORAGE_VOL_RESIZE_ALLOCATE = 1 << 0, /* force allocation of new size */
+    VIR_STORAGE_VOL_RESIZE_DELTA    = 1 << 1, /* size is relative to current */
+    VIR_STORAGE_VOL_RESIZE_SHRINK   = 1 << 2, /* allow decrease in capacity */
 } virStorageVolResizeFlags;

 int                     virStorageVolResize             (virStorageVolPtr vol,
@ -2607,6 +2920,28 @@ int                     virNodeListDevices      (virConnectPtr conn,
                                                 char **const names,
                                                 int maxnames,
                                                 unsigned int flags);
+/*
+ * virConnectListAllNodeDevices:
+ *
+ * Flags used to filter the returned node devices. Flags in each group
+ * are exclusive. Currently only one group to filter the devices by cap
+ * type.
+ */
+typedef enum {
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_SYSTEM        = 1 << 0, /* System capability */
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_PCI_DEV       = 1 << 1, /* PCI device */
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_USB_DEV       = 1 << 2, /* USB device */
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_USB_INTERFACE = 1 << 3, /* USB interface */
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_NET           = 1 << 4, /* Network device */
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_SCSI_HOST     = 1 << 5, /* SCSI Host Bus Adapter */
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_SCSI_TARGET   = 1 << 6, /* SCSI Target */
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_SCSI          = 1 << 7, /* SCSI device */
+    VIR_CONNECT_LIST_NODE_DEVICES_CAP_STORAGE       = 1 << 8, /* Storage device */
+} virConnectListAllNodeDeviceFlags;
+
+int                     virConnectListAllNodeDevices (virConnectPtr conn,
+                                                      virNodeDevicePtr **devices,
+                                                      unsigned int flags);

 virNodeDevicePtr        virNodeDeviceLookupByName (virConnectPtr conn,
                                                   const char *name);
@ -2654,6 +2989,7 @@ typedef enum {
    VIR_DOMAIN_EVENT_RESUMED = 4,
    VIR_DOMAIN_EVENT_STOPPED = 5,
    VIR_DOMAIN_EVENT_SHUTDOWN = 6,
+    VIR_DOMAIN_EVENT_PMSUSPENDED = 7,

 #ifdef VIR_ENUM_SENTINELS
    VIR_DOMAIN_EVENT_LAST
@ -2770,6 +3106,19 @@ typedef enum {
 #endif
 } virDomainEventShutdownDetailType;

+/**
+ * virDomainEventPMSuspendedDetailType:
+ *
+ * Details about the 'pmsuspended' lifecycle event
+ */
+typedef enum {
+    VIR_DOMAIN_EVENT_PMSUSPENDED_MEMORY = 0, /* Guest was PM suspended to memory */
+
+#ifdef VIR_ENUM_SENTINELS
+    VIR_DOMAIN_EVENT_PMSUSPENDED_LAST
+#endif
+} virDomainEventPMSuspendedDetailType;
+
 /**
 * virConnectDomainEventCallback:
 * @conn: virConnect connection
@ -2786,16 +3135,6 @@ typedef int (*virConnectDomainEventCallback)(virConnectPtr conn,
                                             int detail,
                                             void *opaque);

-/*
- * virFreeCallback:
- * @opaque: opaque user data provided at registration
- *
- * Type for a domain event callback when the event is deregistered and
- * need to be freed, @opaque is provided along with the callback at
- * registration time
- */
-typedef void (*virFreeCallback)(void *opaque);
-
 int virConnectDomainEventRegister(virConnectPtr conn,
                                  virConnectDomainEventCallback cb,
                                  void *opaque,
@ -2996,6 +3335,27 @@ int                     virConnectNumOfSecrets  (virConnectPtr conn);
 int                     virConnectListSecrets   (virConnectPtr conn,
                                                 char **uuids,
                                                 int maxuuids);
+
+/*
+ * virConnectListAllSecrets:
+ *
+ * Flags used to filter the returned secrets. Flags in each group
+ * are exclusive attributes of a secret.
+ */
+typedef enum {
+    VIR_CONNECT_LIST_SECRETS_EPHEMERAL    = 1 << 0, /* kept in memory, never
+                                                      stored persistently */
+    VIR_CONNECT_LIST_SECRETS_NO_EPHEMERAL = 1 << 1,
+
+    VIR_CONNECT_LIST_SECRETS_PRIVATE      = 1 << 2, /* not revealed to any caller
+                                                      of libvirt, nor to any other
+                                                      node */
+    VIR_CONNECT_LIST_SECRETS_NO_PRIVATE   = 1 << 3,
+} virConnectListAllSecretsFlags;
+
+int                     virConnectListAllSecrets(virConnectPtr conn,
+                                                 virSecretPtr **secrets,
+                                                 unsigned int flags);
 virSecretPtr            virSecretLookupByUUID(virConnectPtr conn,
                                              const unsigned char *uuid);
 virSecretPtr            virSecretLookupByUUIDString(virConnectPtr conn,
@ -3314,10 +3674,17 @@ virDomainSnapshotPtr virDomainSnapshotCreateXML(virDomainPtr domain,
 char *virDomainSnapshotGetXMLDesc(virDomainSnapshotPtr snapshot,
                                  unsigned int flags);

-/* Flags valid for virDomainSnapshotNum(),
+/**
+ * virDomainSnapshotListFlags:
+ *
+ * Flags valid for virDomainSnapshotNum(),
 * virDomainSnapshotListNames(), virDomainSnapshotNumChildren(), and
- * virDomainSnapshotListChildrenNames().  Note that the interpretation
- * of flag (1<<0) depends on which function it is passed to.  */
+ * virDomainSnapshotListChildrenNames(), virDomainListAllSnapshots(),
+ * and virDomainSnapshotListAllChildren().  Note that the interpretation
+ * of flag (1<<0) depends on which function it is passed to; but serves
+ * to toggle the per-call default of whether the listing is shallow or
+ * recursive.  Remaining bits come in groups; if all bits from a group are
+ * 0, then that group is not used to filter results.  */
 typedef enum {
    VIR_DOMAIN_SNAPSHOT_LIST_ROOTS       = (1 << 0), /* Filter by snapshots
                                                        with no parents, when
@ -3325,10 +3692,18 @@ typedef enum {
    VIR_DOMAIN_SNAPSHOT_LIST_DESCENDANTS = (1 << 0), /* List all descendants,
                                                        not just children, when
                                                        listing a snapshot */
-    VIR_DOMAIN_SNAPSHOT_LIST_METADATA    = (1 << 1), /* Filter by snapshots
-                                                        which have metadata */
+
+    /* For historical reasons, groups do not use contiguous bits.  */
+
    VIR_DOMAIN_SNAPSHOT_LIST_LEAVES      = (1 << 2), /* Filter by snapshots
                                                        with no children */
+    VIR_DOMAIN_SNAPSHOT_LIST_NO_LEAVES   = (1 << 3), /* Filter by snapshots
+                                                        that have children */
+
+    VIR_DOMAIN_SNAPSHOT_LIST_METADATA    = (1 << 1), /* Filter by snapshots
+                                                        which have metadata */
+    VIR_DOMAIN_SNAPSHOT_LIST_NO_METADATA = (1 << 4), /* Filter by snapshots
+                                                        with no metadata */
 } virDomainSnapshotListFlags;

 /* Return the number of snapshots for this domain */
@ -3338,6 +3713,11 @@ int virDomainSnapshotNum(virDomainPtr domain, unsigned int flags);
 int virDomainSnapshotListNames(virDomainPtr domain, char **names, int nameslen,
                               unsigned int flags);

+/* Get all snapshot objects for this domain */
+int virDomainListAllSnapshots(virDomainPtr domain,
+                              virDomainSnapshotPtr **snaps,
+                              unsigned int flags);
+
 /* Return the number of child snapshots for this snapshot */
 int virDomainSnapshotNumChildren(virDomainSnapshotPtr snapshot,
                                 unsigned int flags);
@ -3347,6 +3727,11 @@ int virDomainSnapshotListChildrenNames(virDomainSnapshotPtr snapshot,
                                       char **names, int nameslen,
                                       unsigned int flags);

+/* Get all snapshot object children for this snapshot */
+int virDomainSnapshotListAllChildren(virDomainSnapshotPtr snapshot,
+                                     virDomainSnapshotPtr **snaps,
+                                     unsigned int flags);
+
 /* Get a handle to a named snapshot */
 virDomainSnapshotPtr virDomainSnapshotLookupByName(virDomainPtr domain,
                                                   const char *name,
@ -3363,6 +3748,15 @@ virDomainSnapshotPtr virDomainSnapshotCurrent(virDomainPtr domain,
 virDomainSnapshotPtr virDomainSnapshotGetParent(virDomainSnapshotPtr snapshot,
                                                unsigned int flags);

+/* Determine if a snapshot is the current snapshot of its domain.  */
+int virDomainSnapshotIsCurrent(virDomainSnapshotPtr snapshot,
+                               unsigned int flags);
+
+/* Determine if a snapshot has associated libvirt metadata that would
+ * prevent the deletion of its domain.  */
+int virDomainSnapshotHasMetadata(virDomainSnapshotPtr snapshot,
+                                 unsigned int flags);
+
 typedef enum {
    VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING = 1 << 0, /* Run after revert */
    VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED  = 1 << 1, /* Pause after revert */
@ -3386,6 +3780,7 @@ typedef enum {
 int virDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
                            unsigned int flags);

+int virDomainSnapshotRef(virDomainSnapshotPtr snapshot);
 int virDomainSnapshotFree(virDomainSnapshotPtr snapshot);

 /*
@ -3617,6 +4012,7 @@ typedef void (*virConnectDomainEventGraphicsCallback)(virConnectPtr conn,
 typedef enum {
    VIR_DOMAIN_BLOCK_JOB_COMPLETED = 0,
    VIR_DOMAIN_BLOCK_JOB_FAILED = 1,
+    VIR_DOMAIN_BLOCK_JOB_CANCELED = 2,

 #ifdef VIR_ENUM_SENTINELS
    VIR_DOMAIN_BLOCK_JOB_LAST
@ -3750,6 +4146,22 @@ typedef void (*virConnectDomainEventPMSuspendCallback)(virConnectPtr conn,
                                                       int reason,
                                                       void *opaque);

+
+/**
+ * virConnectDomainEventBalloonChangeCallback:
+ * @conn: connection object
+ * @dom: domain on which the event occurred
+ * @actual: the new balloon level measured in kibibytes(blocks of 1024 bytes)
+ * @opaque: application specified data
+ *
+ * The callback signature to use when registering for an event of type
+ * VIR_DOMAIN_EVENT_ID_BALLOON_CHANGE with virConnectDomainEventRegisterAny()
+ */
+typedef void (*virConnectDomainEventBalloonChangeCallback)(virConnectPtr conn,
+                                                           virDomainPtr dom,
+                                                           unsigned long long actual,
+                                                           void *opaque);
+
 /**
 * VIR_DOMAIN_EVENT_CALLBACK:
 *
@ -3773,6 +4185,7 @@ typedef enum {
    VIR_DOMAIN_EVENT_ID_TRAY_CHANGE = 10,    /* virConnectDomainEventTrayChangeCallback */
    VIR_DOMAIN_EVENT_ID_PMWAKEUP = 11,       /* virConnectDomainEventPMWakeupCallback */
    VIR_DOMAIN_EVENT_ID_PMSUSPEND = 12,      /* virConnectDomainEventPMSuspendCallback */
+    VIR_DOMAIN_EVENT_ID_BALLOON_CHANGE = 13, /* virConnectDomainEventBalloonChangeCallback */

 #ifdef VIR_ENUM_SENTINELS
    /*
@ -3820,7 +4233,9 @@ int                     virConnectNumOfNWFilters (virConnectPtr conn);
 int                     virConnectListNWFilters  (virConnectPtr conn,
                                                  char **const names,
                                                  int maxnames);
-
+int                     virConnectListAllNWFilters(virConnectPtr conn,
+                                                   virNWFilterPtr **filters,
+                                                   unsigned int flags);
 /*
 * Lookup nwfilter by name or uuid
 */
@ -4021,6 +4436,69 @@ typedef struct _virTypedParameter virMemoryParameter;
 */
 typedef virMemoryParameter *virMemoryParameterPtr;

+/*
+ * VIR_NODE_MEMORY_SHARED_PAGES_TO_SCAN:
+ *
+ * Macro for typed parameter that represents how many present pages
+ * to scan before the shared memory service goes to sleep.
+ */
+# define VIR_NODE_MEMORY_SHARED_PAGES_TO_SCAN      "shm_pages_to_scan"
+
+/*
+ * VIR_NODE_MEMORY_SHARED_SLEEP_MILLISECS:
+ *
+ * Macro for typed parameter that represents how many milliseconds
+ * the shared memory service should sleep before next scan.
+ */
+# define VIR_NODE_MEMORY_SHARED_SLEEP_MILLISECS    "shm_sleep_millisecs"
+
+/*
+ * VIR_NODE_MEMORY_SHARED_PAGES_SHARED:
+ *
+ * Macro for typed parameter that represents how many the shared
+ * mmeory pages are being used.
+ */
+# define VIR_NODE_MEMORY_SHARED_PAGES_SHARED       "shm_pages_shared"
+
+/*
+ * VIR_NODE_MEMORY_SHARED_PAGES_SHARING:
+ *
+ * Macro for typed parameter that represents how many sites are
+ * sharing the pages i.e. how much saved.
+ */
+# define VIR_NODE_MEMORY_SHARED_PAGES_SHARING      "shm_pages_sharing"
+
+/* VIR_NODE_MEMORY_SHARED_PAGES_UNSHARED:
+ *
+ * Macro for typed parameter that represents how many pages unique
+ * but repeatedly checked for merging.
+ */
+# define VIR_NODE_MEMORY_SHARED_PAGES_UNSHARED     "shm_pages_unshared"
+
+/* VIR_NODE_MEMORY_SHARED_PAGES_VOLATILE:
+ *
+ * Macro for typed parameter that represents how many pages changing
+ * too fast to be placed in a tree.
+ */
+# define VIR_NODE_MEMORY_SHARED_PAGES_VOLATILE     "shm_pages_volatile"
+
+/* VIR_NODE_MEMORY_SHARED_FULL_SCAN:
+ *
+ * Macro for typed parameter that represents how many times all
+ * mergeable areas have been scanned.
+ */
+# define VIR_NODE_MEMORY_SHARED_FULL_SCANS         "shm_full_scans"
+
+int virNodeGetMemoryParameters(virConnectPtr conn,
+                               virTypedParameterPtr params,
+                               int *nparams,
+                               unsigned int flags);
+
+int virNodeSetMemoryParameters(virConnectPtr conn,
+                               virTypedParameterPtr params,
+                               int nparams,
+                               unsigned int flags);
+
 #ifdef __cplusplus
 }
 #endif
--- a/include/libvirt/virterror.h
+++ b/include/libvirt/virterror.h
@ -1,12 +1,24 @@
 /*
- * virterror.h:
+ * virterror.h: Error handling interfaces for the libvirt library
 * Summary: error handling interfaces for the libvirt library
 * Description: Provides the interfaces of the libvirt library to handle
 *              errors raised while using the library.
 *
- * Copy:  Copyright (C) 2006, 2010-2012 Red Hat, Inc.
+ * Copyright (C) 2006, 2010-2012 Red Hat, Inc.
 *
- * See COPYING.LIB for the License of this software
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
 *
 * Author: Daniel Veillard <veillard@redhat.com>
 */
@ -43,50 +55,68 @@ typedef enum {
    VIR_FROM_XEND = 2,		/* Error at connection with xend daemon */
    VIR_FROM_XENSTORE = 3,	/* Error at connection with xen store */
    VIR_FROM_SEXPR = 4,		/* Error in the S-Expression code */
+
    VIR_FROM_XML = 5,		/* Error in the XML code */
    VIR_FROM_DOM = 6,		/* Error when operating on a domain */
    VIR_FROM_RPC = 7,		/* Error in the XML-RPC code */
    VIR_FROM_PROXY = 8,		/* Error in the proxy code; unused since
                                   0.8.6 */
    VIR_FROM_CONF = 9,		/* Error in the configuration file handling */
+
    VIR_FROM_QEMU = 10,		/* Error at the QEMU daemon */
    VIR_FROM_NET = 11,		/* Error when operating on a network */
    VIR_FROM_TEST = 12,		/* Error from test driver */
    VIR_FROM_REMOTE = 13,	/* Error from remote driver */
    VIR_FROM_OPENVZ = 14,	/* Error from OpenVZ driver */
+
    VIR_FROM_XENXM = 15,	/* Error at Xen XM layer */
    VIR_FROM_STATS_LINUX = 16,	/* Error in the Linux Stats code */
    VIR_FROM_LXC = 17,		/* Error from Linux Container driver */
    VIR_FROM_STORAGE = 18,	/* Error from storage driver */
    VIR_FROM_NETWORK = 19,	/* Error from network config */
+
    VIR_FROM_DOMAIN = 20,	/* Error from domain config */
    VIR_FROM_UML = 21,		/* Error at the UML driver */
    VIR_FROM_NODEDEV = 22,	/* Error from node device monitor */
    VIR_FROM_XEN_INOTIFY = 23,	/* Error from xen inotify layer */
    VIR_FROM_SECURITY = 24,	/* Error from security framework */
+
    VIR_FROM_VBOX = 25,		/* Error from VirtualBox driver */
    VIR_FROM_INTERFACE = 26,	/* Error when operating on an interface */
    VIR_FROM_ONE = 27,		/* The OpenNebula driver no longer exists.
                                   Retained for ABI/API compat only */
    VIR_FROM_ESX = 28,		/* Error from ESX driver */
    VIR_FROM_PHYP = 29,		/* Error from IBM power hypervisor */
+
    VIR_FROM_SECRET = 30,	/* Error from secret storage */
    VIR_FROM_CPU = 31,		/* Error from CPU driver */
    VIR_FROM_XENAPI = 32,	/* Error from XenAPI */
    VIR_FROM_NWFILTER = 33,	/* Error from network filter driver */
    VIR_FROM_HOOK = 34,		/* Error from Synchronous hooks */
+
    VIR_FROM_DOMAIN_SNAPSHOT = 35,/* Error from domain snapshot */
    VIR_FROM_AUDIT = 36,	/* Error from auditing subsystem */
    VIR_FROM_SYSINFO = 37,	/* Error from sysinfo/SMBIOS */
    VIR_FROM_STREAMS = 38,	/* Error from I/O streams */
    VIR_FROM_VMWARE = 39,	/* Error from VMware driver */
+
    VIR_FROM_EVENT = 40,	/* Error from event loop impl */
    VIR_FROM_LIBXL = 41,	/* Error from libxenlight driver */
    VIR_FROM_LOCKING = 42,	/* Error from lock manager */
    VIR_FROM_HYPERV = 43,	/* Error from Hyper-V driver */
    VIR_FROM_CAPABILITIES = 44, /* Error from capabilities */
+
    VIR_FROM_URI = 45,          /* Error from URI handling */
    VIR_FROM_AUTH = 46,         /* Error from auth handling */
+    VIR_FROM_DBUS = 47,         /* Error from DBus */
+    VIR_FROM_PARALLELS = 48,    /* Error from Parallels */
+    VIR_FROM_DEVICE = 49,       /* Error from Device */
+
+    VIR_FROM_SSH = 50,       /* Error from libssh2 connection transport */
+
+# ifdef VIR_ENUM_SENTINELS
+    VIR_ERR_DOMAIN_LAST
+# endif
 } virErrorDomain;


@ -249,6 +279,12 @@ typedef enum {
    VIR_ERR_NO_DOMAIN_METADATA = 80,    /* The metadata is not present */
    VIR_ERR_MIGRATE_UNSAFE = 81,        /* Migration is not safe */
    VIR_ERR_OVERFLOW = 82,              /* integer overflow */
+    VIR_ERR_BLOCK_COPY_ACTIVE = 83,     /* action prevented by block copy job */
+    VIR_ERR_OPERATION_UNSUPPORTED = 84, /* The requested operation is not
+                                           supported */
+    VIR_ERR_SSH = 85,                   /* error in ssh transport driver */
+    VIR_ERR_AGENT_UNRESPONSIVE = 86,    /* guest agent is unresponsive,
+                                           not running or not usable */
 } virErrorNumber;

 /**
--- a/libvirt.pc.in
+++ b/libvirt.pc.in
@ -2,6 +2,7 @@ prefix=@prefix@
 exec_prefix=@exec_prefix@
 libdir=@libdir@
 includedir=@includedir@
+datarootdir=@datarootdir@

 libvirt_api=@datadir@/libvirt/api/libvirt-api.xml
 libvirt_qemu_api=@datadir@/libvirt/api/libvirt-qemu-api.xml
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@ -55,6 +55,28 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
    dontwarn="$dontwarn -Wunsafe-loop-optimizations"
    # Things like virAsprintf mean we can't use this
    dontwarn="$dontwarn -Wformat-nonliteral"
+    # Gnulib's stat-time.h violates this
+    dontwarn="$dontwarn -Waggregate-return"
+    # gcc 4.4.6 complains this is C++ only; gcc 4.7.0 implies this from -Wall
+    dontwarn="$dontwarn -Wenum-compare"
+
+    # Gnulib uses '#pragma GCC diagnostic push' to silence some
+    # warnings, but older gcc doesn't support this.
+    AC_CACHE_CHECK([whether pragma GCC diagnostic push works],
+      [lv_cv_gcc_pragma_push_works], [
+      save_CFLAGS=$CFLAGS
+      CFLAGS='-Wunknown-pragmas -Werror'
+      AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+        #pragma GCC diagnostic push
+        #pragma GCC diagnostic pop
+      ]])],
+      [lv_cv_gcc_pragma_push_works=yes],
+      [lv_cv_gcc_pragma_push_works=no])
+      CFLAGS=$save_CFLAGS])
+    if test $lv_cv_gcc_pragma_push_works = no; then
+      dontwarn="$dontwarn -Wmissing-prototypes"
+      dontwarn="$dontwarn -Wmissing-declarations"
+    fi

    # We might fundamentally need some of these disabled forever, but
    # ideally we'd turn many of them on
@ -90,8 +112,14 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
    gl_WARN_ADD([-Wjump-misses-init])

    # GNULIB turns on -Wformat=2 which implies -Wformat-nonliteral,
-    # so we need to manually re-exclude it.
+    # so we need to manually re-exclude it.  Also, older gcc 4.2
+    # added an implied ATTRIBUTE_NONNULL on any parameter marked
+    # ATTRIBUTE_FMT_PRINT, which causes -Wformat failure on our
+    # intentional use of virReportError(code, NULL).
    gl_WARN_ADD([-Wno-format-nonliteral])
+    if test $lv_cv_gcc_pragma_push_works = no; then
+      gl_WARN_ADD([-Wno-format])
+    fi

    # This should be < 256 really. Currently we're down to 4096,
    # but using 1024 bytes sized buffers (mostly for virStrerror)
@ -102,8 +130,13 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
    # Silence certain warnings in gnulib, and use improved glibc headers
    AC_DEFINE([lint], [1],
      [Define to 1 if the compiler is checking for lint.])
-    AC_DEFINE([_FORTIFY_SOURCE], [2],
-      [enable compile-time and run-time bounds-checking, and some warnings])
+    AH_VERBATIM([FORTIFY_SOURCE],
+    [/* Enable compile-time and run-time bounds-checking, and some warnings,
+        without upsetting newer glibc. */
+     #if defined __OPTIMIZE__ && __OPTIMIZE__
+     # define _FORTIFY_SOURCE 2
+     #endif
+    ])

    # Extra special flags
    dnl -fstack-protector stuff passes gl_WARN_ADD with gcc
--- a/mingw-libvirt.spec.in
+++ b/mingw-libvirt.spec.in
@ -0,0 +1,291 @@
+%{?mingw_package_header}
+
+# Default to skipping autoreconf.  Distros can change just this one line
+# (or provide a command-line override) if they backport any patches that
+# touch configure.ac or Makefile.am.
+%{!?enable_autotools:%define enable_autotools 0}
+
+# The mingw build is client only.  Set up defaults for hypervisor drivers
+# that talk via a native remote protocol, and for which prereq mingw
+# libraries exist.
+%define with_phyp          0%{!?_without_phyp:1}
+%define with_esx           0%{!?_without_esx:1}
+# missing libwsman, so can't build hyper-v
+%define with_hyperv        0%{!?_without_hyperv:0}
+%define with_xenapi        0%{!?_without_xenapi:1}
+%define with_parallels           0%{!?_without_parallels:0}
+
+# RHEL ships ESX but not PowerHypervisor, HyperV, or libxenserver (xenapi)
+%if 0%{?rhel}
+%define with_phyp 0
+%define with_xenapi 0
+%define with_hyperv 0
+%endif
+
+Name:           mingw-libvirt
+Version:        @VERSION@
+Release:        1%{?dist}%{?extra_release}
+Summary:        MinGW Windows libvirt virtualization library
+
+License:        LGPLv2+
+Group:          Development/Libraries
+URL:            http://libvirt.org/
+Source0:        ftp://libvirt.org/libvirt/libvirt-%{version}.tar.gz
+
+BuildRequires:  mingw32-filesystem >= 95
+BuildRequires:  mingw64-filesystem >= 95
+BuildRequires:  mingw32-gcc
+BuildRequires:  mingw64-gcc
+BuildRequires:  mingw32-binutils
+BuildRequires:  mingw64-binutils
+BuildRequires:  mingw32-libgpg-error
+BuildRequires:  mingw64-libgpg-error
+BuildRequires:  mingw32-libgcrypt
+BuildRequires:  mingw64-libgcrypt
+BuildRequires:  mingw32-gnutls
+BuildRequires:  mingw64-gnutls
+BuildRequires:  mingw32-gettext
+BuildRequires:  mingw64-gettext
+BuildRequires:  mingw32-libxml2
+BuildRequires:  mingw64-libxml2
+BuildRequires:  mingw32-portablexdr
+BuildRequires:  mingw64-portablexdr
+
+BuildRequires:  pkgconfig
+# Need native version for msgfmt
+BuildRequires:  gettext
+%if 0%{?enable_autotools}
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: gettext-devel
+BuildRequires: libtool
+%endif
+
+%if %{with_phyp}
+BuildRequires: mingw32-libssh2
+BuildRequires: mingw64-libssh2
+%endif
+%if %{with_esx}
+BuildRequires: mingw32-curl
+BuildRequires: mingw64-curl
+%endif
+
+BuildArch:      noarch
+
+%description
+MinGW Windows libvirt virtualization library.
+
+# Mingw32
+%package -n mingw32-libvirt
+Summary: %{summary}
+
+%description -n mingw32-libvirt
+MinGW Windows libvirt virtualization library.
+
+%package -n mingw32-libvirt-static
+Summary: %{summary}
+Requires: mingw32-libvirt = %{version}-%{release}
+
+%description -n mingw32-libvirt-static
+MinGW Windows libvirt virtualization library, static version.
+
+# Mingw64
+%package -n mingw64-libvirt
+Summary: %{summary}
+
+%description -n mingw64-libvirt
+MinGW Windows libvirt virtualization library.
+
+%package -n mingw64-libvirt-static
+Summary: %{summary}
+Requires: mingw64-libvirt = %{version}-%{release}
+
+%description -n mingw64-libvirt-static
+MinGW Windows libvirt virtualization library, static version.
+
+%{?mingw_debug_package}
+
+
+%prep
+%setup -q -n libvirt-%{version}
+
+%build
+%if ! %{with_phyp}
+%define _without_phyp --without-phyp
+%endif
+
+%if ! %{with_esx}
+%define _without_esx --without-esx
+%endif
+
+%if ! %{with_hyperv}
+%define _without_hyperv --without-hyperv
+%endif
+
+%if ! %{with_xenapi}
+%define _without_xenapi --without-xenapi
+%endif
+
+%if ! %{with_parallels}
+%define _without_parallels --without-parallels
+%endif
+
+%if 0%{?enable_autotools}
+autoreconf -if
+%endif
+
+# XXX enable SASL in future
+%mingw_configure \
+  --enable-static \
+  --without-xen \
+  --without-qemu \
+  --without-openvz \
+  --without-lxc \
+  --without-vbox \
+  %{?_without_xenapi} \
+  --without-sasl \
+  --without-avahi \
+  --without-polkit \
+  --without-python \
+  --without-libvirtd \
+  --without-uml \
+  %{?_without_phyp} \
+  %{?_without_esx} \
+  %{?_without_hyperv} \
+  --without-vmware \
+  --without-parallels \
+  --without-netcf \
+  --without-audit \
+  --without-dtrace
+
+
+%mingw_make %{?_smp_mflags}
+
+
+%install
+%mingw_make_install "DESTDIR=$RPM_BUILD_ROOT"
+
+# Libtool files don't need to be bundled
+find $RPM_BUILD_ROOT -name "*.la" -delete
+
+rm -rf $RPM_BUILD_ROOT%{mingw32_sysconfdir}/libvirt/nwfilter
+rm -rf $RPM_BUILD_ROOT%{mingw64_sysconfdir}/libvirt/nwfilter
+rm -rf $RPM_BUILD_ROOT%{mingw32_datadir}/doc/*
+rm -rf $RPM_BUILD_ROOT%{mingw64_datadir}/doc/*
+rm -rf $RPM_BUILD_ROOT%{mingw32_datadir}/gtk-doc/*
+rm -rf $RPM_BUILD_ROOT%{mingw64_datadir}/gtk-doc/*
+
+rm -rf $RPM_BUILD_ROOT%{mingw32_libexecdir}/libvirt_iohelper.exe
+rm -rf $RPM_BUILD_ROOT%{mingw64_libexecdir}/libvirt_iohelper.exe
+
+
+# Mingw32
+%files -n mingw32-libvirt
+%dir %{mingw32_sysconfdir}/libvirt/
+%config(noreplace) %{mingw32_sysconfdir}/libvirt/libvirt.conf
+
+%{mingw32_bindir}/libvirt-0.dll
+%{mingw32_bindir}/virsh.exe
+%{mingw32_bindir}/virt-xml-validate
+%{mingw32_bindir}/virt-pki-validate
+%{mingw32_bindir}/virt-host-validate.exe
+%{mingw32_bindir}/libvirt-qemu-0.dll
+
+%{mingw32_libdir}/libvirt.dll.a
+%{mingw32_libdir}/pkgconfig/libvirt.pc
+%{mingw32_libdir}/libvirt-qemu.dll.a
+
+%dir %{mingw32_datadir}/libvirt/
+%dir %{mingw32_datadir}/libvirt/schemas/
+%{mingw32_datadir}/libvirt/schemas/basictypes.rng
+%{mingw32_datadir}/libvirt/schemas/capability.rng
+%{mingw32_datadir}/libvirt/schemas/domain.rng
+%{mingw32_datadir}/libvirt/schemas/domaincommon.rng
+%{mingw32_datadir}/libvirt/schemas/domainsnapshot.rng
+%{mingw32_datadir}/libvirt/schemas/interface.rng
+%{mingw32_datadir}/libvirt/schemas/network.rng
+%{mingw32_datadir}/libvirt/schemas/networkcommon.rng
+%{mingw32_datadir}/libvirt/schemas/nodedev.rng
+%{mingw32_datadir}/libvirt/schemas/nwfilter.rng
+%{mingw32_datadir}/libvirt/schemas/secret.rng
+%{mingw32_datadir}/libvirt/schemas/storageencryption.rng
+%{mingw32_datadir}/libvirt/schemas/storagepool.rng
+%{mingw32_datadir}/libvirt/schemas/storagevol.rng
+%dir %{mingw32_datadir}/libvirt/api/
+%{mingw32_datadir}/libvirt/api/libvirt-api.xml
+%{mingw32_datadir}/libvirt/api/libvirt-qemu-api.xml
+
+%{mingw32_datadir}/libvirt/cpu_map.xml
+
+%{mingw32_datadir}/locale/*/LC_MESSAGES/libvirt.mo
+
+%dir %{mingw32_includedir}/libvirt
+%{mingw32_includedir}/libvirt/libvirt.h
+%{mingw32_includedir}/libvirt/virterror.h
+%{mingw32_includedir}/libvirt/libvirt-qemu.h
+
+%{mingw32_mandir}/man1/virsh.1*
+%{mingw32_mandir}/man1/virt-xml-validate.1*
+%{mingw32_mandir}/man1/virt-pki-validate.1*
+%{mingw32_mandir}/man1/virt-host-validate.1*
+
+%files -n mingw32-libvirt-static
+%{mingw32_libdir}/libvirt.a
+%{mingw32_libdir}/libvirt-qemu.a
+
+# Mingw64
+%files -n mingw64-libvirt
+%dir %{mingw64_sysconfdir}/libvirt/
+%config(noreplace) %{mingw64_sysconfdir}/libvirt/libvirt.conf
+
+%{mingw64_bindir}/libvirt-0.dll
+%{mingw64_bindir}/virsh.exe
+%{mingw64_bindir}/virt-xml-validate
+%{mingw64_bindir}/virt-pki-validate
+%{mingw64_bindir}/virt-host-validate.exe
+%{mingw64_bindir}/libvirt-qemu-0.dll
+
+%{mingw64_libdir}/libvirt.dll.a
+%{mingw64_libdir}/pkgconfig/libvirt.pc
+%{mingw64_libdir}/libvirt-qemu.dll.a
+
+%dir %{mingw64_datadir}/libvirt/
+%dir %{mingw64_datadir}/libvirt/schemas/
+%{mingw64_datadir}/libvirt/schemas/basictypes.rng
+%{mingw64_datadir}/libvirt/schemas/capability.rng
+%{mingw64_datadir}/libvirt/schemas/domain.rng
+%{mingw64_datadir}/libvirt/schemas/domaincommon.rng
+%{mingw64_datadir}/libvirt/schemas/domainsnapshot.rng
+%{mingw64_datadir}/libvirt/schemas/interface.rng
+%{mingw64_datadir}/libvirt/schemas/network.rng
+%{mingw64_datadir}/libvirt/schemas/networkcommon.rng
+%{mingw64_datadir}/libvirt/schemas/nodedev.rng
+%{mingw64_datadir}/libvirt/schemas/nwfilter.rng
+%{mingw64_datadir}/libvirt/schemas/secret.rng
+%{mingw64_datadir}/libvirt/schemas/storageencryption.rng
+%{mingw64_datadir}/libvirt/schemas/storagepool.rng
+%{mingw64_datadir}/libvirt/schemas/storagevol.rng
+%dir %{mingw64_datadir}/libvirt/api/
+%{mingw64_datadir}/libvirt/api/libvirt-api.xml
+%{mingw64_datadir}/libvirt/api/libvirt-qemu-api.xml
+
+%{mingw64_datadir}/libvirt/cpu_map.xml
+
+%{mingw64_datadir}/locale/*/LC_MESSAGES/libvirt.mo
+
+%dir %{mingw64_includedir}/libvirt
+%{mingw64_includedir}/libvirt/libvirt.h
+%{mingw64_includedir}/libvirt/virterror.h
+%{mingw64_includedir}/libvirt/libvirt-qemu.h
+
+%{mingw64_mandir}/man1/virsh.1*
+%{mingw64_mandir}/man1/virt-xml-validate.1*
+%{mingw64_mandir}/man1/virt-pki-validate.1*
+%{mingw64_mandir}/man1/virt-host-validate.1*
+
+%files -n mingw64-libvirt-static
+%{mingw64_libdir}/libvirt.a
+%{mingw64_libdir}/libvirt-qemu.a
+
+
+%changelog
--- a/mingw32-libvirt.spec.in
+++ b/mingw32-libvirt.spec.in
@ -1,216 +0,0 @@
-%define __strip %{_mingw32_strip}
-%define __objdump %{_mingw32_objdump}
-%define _use_internal_dependency_generator 0
-%define __find_requires %{_mingw32_findrequires}
-%define __find_provides %{_mingw32_findprovides}
-%define __debug_install_post %{_mingw32_debug_install_post}
-
-# Default to skipping autoreconf.  Distros can change just this one line
-# (or provide a command-line override) if they backport any patches that
-# touch configure.ac or Makefile.am.
-%{!?enable_autotools:%define enable_autotools 0}
-
-# The mingw build is client only.  Set up defaults for hypervisor drivers
-# that talk via a native remote protocol, and for which prereq mingw
-# libraries exist.
-%define with_phyp          0%{!?_without_phyp:1}
-%define with_esx           0%{!?_without_esx:1}
-# missing libwsman, so can't build hyper-v
-%define with_hyperv        0%{!?_without_hyperv:0}
-%define with_xenapi        0%{!?_without_xenapi:1}
-
-# RHEL ships ESX but not PowerHypervisor, HyperV, or libxenserver (xenapi)
-%if 0%{?rhel}
-%define with_phyp 0
-%define with_xenapi 0
-%define with_hyperv 0
-%endif
-
-Name:           mingw32-libvirt
-Version:        @VERSION@
-Release:        3%{?dist}%{?extra_release}
-Summary:        MinGW Windows libvirt virtualization library
-
-License:        LGPLv2+
-Group:          Development/Libraries
-URL:            http://libvirt.org/
-Source0:        ftp://libvirt.org/libvirt/libvirt-%{version}.tar.gz
-BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-
-BuildRequires:  mingw32-filesystem >= 23
-BuildRequires:  mingw32-gcc
-BuildRequires:  mingw32-binutils
-BuildRequires:  mingw32-libgpg-error
-BuildRequires:  mingw32-libgcrypt
-BuildRequires:  mingw32-gnutls
-BuildRequires:  mingw32-gettext
-BuildRequires:  mingw32-libxml2
-BuildRequires:  mingw32-portablexdr
-BuildRequires:  pkgconfig
-# Need native version for msgfmt
-BuildRequires:  gettext
-%if 0%{?enable_autotools}
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: gettext-devel
-BuildRequires: libtool
-%endif
-
-%if %{with_phyp}
-BuildRequires: mingw32-libssh2
-%endif
-%if %{with_esx}
-BuildRequires: mingw32-curl
-%endif
-
-BuildArch:      noarch
-
-%{?_mingw32_debug_package}
-
-%description
-MinGW Windows libvirt virtualization library.
-
-
-%prep
-%setup -q -n libvirt-%{version}
-
-
-%build
-%if ! %{with_phyp}
-%define _without_phyp --without-phyp
-%endif
-
-%if ! %{with_esx}
-%define _without_esx --without-esx
-%endif
-
-%if ! %{with_hyperv}
-%define _without_hyperv --without-hyperv
-%endif
-
-%if ! %{with_xenapi}
-%define _without_xenapi --without-xenapi
-%endif
-
-%if 0%{?enable_autotools}
-autoreconf -if
-%endif
-# XXX enable SASL in future
-%{_mingw32_configure} \
-  --without-xen \
-  --without-qemu \
-  --without-openvz \
-  --without-lxc \
-  --without-vbox \
-  %{?_without_xenapi} \
-  --without-sasl \
-  --without-avahi \
-  --without-polkit \
-  --without-python \
-  --without-libvirtd \
-  --without-uml \
-  %{?_without_phyp} \
-  %{?_without_esx} \
-  %{?_without_hyperv} \
-  --without-vmware \
-  --without-netcf \
-  --without-audit \
-  --without-dtrace
-make
-
-
-%install
-rm -rf $RPM_BUILD_ROOT
-
-make DESTDIR=$RPM_BUILD_ROOT install
-
-rm -rf $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/libvirt/nwfilter
-rm -rf $RPM_BUILD_ROOT%{_mingw32_datadir}/doc/*
-rm -rf $RPM_BUILD_ROOT%{_mingw32_datadir}/gtk-doc/*
-
-rm -rf $RPM_BUILD_ROOT%{_mingw32_libexecdir}/libvirt_iohelper.exe
-
-rm $RPM_BUILD_ROOT%{_mingw32_libdir}/libvirt.a
-rm $RPM_BUILD_ROOT%{_mingw32_libdir}/libvirt-qemu.a
-
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
-%files
-%defattr(-,root,root)
-%dir %{_mingw32_sysconfdir}/libvirt/
-%config(noreplace) %{_mingw32_sysconfdir}/libvirt/libvirt.conf
-
-%{_mingw32_bindir}/libvirt-0.dll
-%{_mingw32_bindir}/virsh.exe
-%{_mingw32_bindir}/virt-xml-validate
-%{_mingw32_bindir}/virt-pki-validate
-%{_mingw32_bindir}/virt-host-validate.exe
-%{_mingw32_bindir}/libvirt-qemu-0.dll
-
-%{_mingw32_libdir}/libvirt.dll.a
-%{_mingw32_libdir}/libvirt.la
-%{_mingw32_libdir}/pkgconfig/libvirt.pc
-%{_mingw32_libdir}/libvirt-qemu.dll.a
-%{_mingw32_libdir}/libvirt-qemu.la
-
-%dir %{_mingw32_datadir}/libvirt/api/
-%{_mingw32_datadir}/libvirt/api/libvirt-api.xml
-%{_mingw32_datadir}/libvirt/api/libvirt-qemu-api.xml
-
-%dir %{_mingw32_datadir}/libvirt/
-%dir %{_mingw32_datadir}/libvirt/schemas/
-%{_mingw32_datadir}/libvirt/schemas/basictypes.rng
-%{_mingw32_datadir}/libvirt/schemas/capability.rng
-%{_mingw32_datadir}/libvirt/schemas/domain.rng
-%{_mingw32_datadir}/libvirt/schemas/domaincommon.rng
-%{_mingw32_datadir}/libvirt/schemas/domainsnapshot.rng
-%{_mingw32_datadir}/libvirt/schemas/interface.rng
-%{_mingw32_datadir}/libvirt/schemas/network.rng
-%{_mingw32_datadir}/libvirt/schemas/networkcommon.rng
-%{_mingw32_datadir}/libvirt/schemas/nodedev.rng
-%{_mingw32_datadir}/libvirt/schemas/nwfilter.rng
-%{_mingw32_datadir}/libvirt/schemas/secret.rng
-%{_mingw32_datadir}/libvirt/schemas/storageencryption.rng
-%{_mingw32_datadir}/libvirt/schemas/storagepool.rng
-%{_mingw32_datadir}/libvirt/schemas/storagevol.rng
-
-%{_mingw32_datadir}/libvirt/cpu_map.xml
-
-%{_mingw32_datadir}/locale/*/LC_MESSAGES/libvirt.mo
-
-%dir %{_mingw32_includedir}/libvirt
-%{_mingw32_includedir}/libvirt/libvirt.h
-%{_mingw32_includedir}/libvirt/virterror.h
-%{_mingw32_includedir}/libvirt/libvirt-qemu.h
-
-%{_mingw32_mandir}/man1/virsh.1*
-%{_mingw32_mandir}/man1/virt-xml-validate.1*
-%{_mingw32_mandir}/man1/virt-pki-validate.1*
-%{_mingw32_mandir}/man1/virt-host-validate.1*
-
-
-%changelog
-* Thu Sep 25 2008 Richard Jones <rjones@redhat.com> - 0.4.6-3
- BuildArch should be noarch
-
-* Wed Sep 24 2008 Richard W.M. Jones <rjones@redhat.com> - 0.4.6-2
- Whitespace removal.
-
-* Wed Sep 24 2008 Richard W.M. Jones <rjones@redhat.com> - 0.4.6-1
- New upstream release 0.4.6.
- Rename mingw -> mingw32.
-
-* Mon Sep 22 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.5-4%{?extra_release}
- Import crash fix from rawhide
-
-* Thu Sep 11 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.5-3%{?extra_release}
- Add dep on gettext & pkgconfig
-
-* Wed Sep 10 2008 Richard W.M. Jones <rjones@redhat.com> - 0.4.5-2
- Remove static lib.
-
-* Tue Sep  2 2008 Daniel P. Berrange <berrange@redhat.com> - 0.4.4-1
- Initial RPM release, largely based on earlier work from several sources.
--- a/Show More
+++ b/Show More