lxc_container: remove extra bool from lxcBasicMounts initialization

Seems a backport miss. An extra member is passed to struct virLXCBasicMountInfo. Signed-off-by: Yang hongyang <hongyang.yang@easystack.cn> Commit bda5f2b (a backport of commit 2471041) listed one more value than the virLXCBasicMountInfo has here, because v1.2.9-maint does not have the skipNoNetns bool (introduced by commit ba9b725 released in 1.2.11). Signed-off-by: Ján Tomko <jtomko@redhat.com>
qemu: Let empty default VNC password work as documented
2025-09-24 21:44:59 +03:00 · 2016-07-01 10:16:30 +02:00 · 2016-06-30 12:54:18 +01:00 · 2015-12-15 16:53:03 -07:00 · 2015-09-03 17:45:59 +02:00 · 2015-08-28 10:26:45 -06:00
7578 changed files with 2040290 additions and 3742957 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,5 @@
 *#*#
 *.#*#
-*.[18]
-*.[18].in
 *.a
 *.cov
 *.exe
@@ -11,7 +9,6 @@
 *.gcov
 *.html
 *.i
-*.init
 *.la
 *.lo
 *.loT
@@ -21,9 +18,6 @@
 *.pyc
 *.rej
 *.s
-*.service
-*.socket
-*.swp
 *~
 .#*
 .deps
@@ -43,9 +37,9 @@
 /NEWS
 /aclocal.m4
 /autom4te.cache
+/build-aux
 /build-aux/
 /build/
-/confdefs.h
 /config.cache
 /config.guess
 /config.h
@@ -56,32 +50,28 @@
 /config.sub
 /configure
 /configure.lineno
-/conftest.*
 /daemon/*_dispatch.h
 /daemon/libvirt_qemud
 /daemon/libvirtd
 /daemon/libvirtd*.logrotate
+/daemon/libvirtd.8
+/daemon/libvirtd.8.in
+/daemon/libvirtd.init
+/daemon/libvirtd.pod
 /daemon/libvirtd.policy
+/daemon/libvirtd.service
+/daemon/libvirtd.socket
 /daemon/test_libvirtd.aug
 /docs/aclperms.htmlinc
 /docs/apibuild.py.stamp
 /docs/devhelp/libvirt.devhelp
 /docs/hvsupport.html.in
-/docs/libvirt-admin-*.xml
 /docs/libvirt-api.xml
 /docs/libvirt-lxc-*.xml
 /docs/libvirt-qemu-*.xml
 /docs/libvirt-refs.xml
-/docs/news.html.in
 /docs/search.php
 /docs/todo.html.in
-/examples/admin/client_close
-/examples/admin/client_info
-/examples/admin/client_limits
-/examples/admin/list_clients
-/examples/admin/list_servers
-/examples/admin/logging
-/examples/admin/threadpool_params
 /examples/object-events/event-test
 /examples/dominfo/info1
 /examples/domsuspend/suspend
@@ -89,13 +79,12 @@
 /examples/domtop/domtop
 /examples/hellolibvirt/hellolibvirt
 /examples/openauth/openauth
-/examples/rename/rename
 /gnulib/lib/*
 /gnulib/m4/*
 /gnulib/tests/*
-/include/libvirt/libvirt-common.h
+/include/libvirt/libvirt.h
 /libtool
-/libvirt-*.tar.xz
+/libvirt-*.tar.gz
 /libvirt-[0-9]*
 /libvirt*.pc
 /libvirt.spec
@@ -119,8 +108,6 @@
 /src/access/viraccessapichecklxc.h
 /src/access/viraccessapicheckqemu.c
 /src/access/viraccessapicheckqemu.h
-/src/admin/admin_client.h
-/src/admin/admin_protocol.[ch]
 /src/esx/*.generated.*
 /src/hyperv/*.generated.*
 /src/libvirt*.def
@@ -131,20 +118,15 @@
 /src/libvirt_access_lxc.xml
 /src/libvirt_access_qemu.syms
 /src/libvirt_access_qemu.xml
-/src/libvirt_admin.syms
 /src/libvirt_*.stp
 /src/libvirt_*helper
 /src/libvirt_*probes.h
 /src/libvirt_lxc
-/src/locking/libxl-lockd.conf
-/src/locking/libxl-sanlock.conf
 /src/locking/lock_daemon_dispatch_stubs.h
 /src/locking/lock_protocol.[ch]
 /src/locking/qemu-lockd.conf
 /src/locking/qemu-sanlock.conf
 /src/locking/test_libvirt_sanlock.aug
-/src/logging/log_daemon_dispatch_stubs.h
-/src/logging/log_protocol.[ch]
 /src/lxc/lxc_controller_dispatch.h
 /src/lxc/lxc_monitor_dispatch.h
 /src/lxc/lxc_monitor_protocol.c
@@ -158,32 +140,32 @@
 /src/rpc/virnetprotocol.[ch]
 /src/test_libvirt*.aug
 /src/test_virtlockd.aug
-/src/test_virtlogd.aug
 /src/util/virkeymaps.h
 /src/virt-aa-helper
 /src/virtlockd
-/src/virtlogd
+/src/virtlockd.8
+/src/virtlockd.8.in
+/src/virtlockd.init
 /tests/*.log
 /tests/*.pid
 /tests/*.trs
-/tests/*test
 /tests/commandhelper
-/tests/qemucapsprobe
-!/tests/virsh-self-test
+/tests/*test
+!/tests/*schematest
 !/tests/virt-aa-helper-test
-!/tests/virt-admin-self-test
 /tests/objectlocking
 /tests/objectlocking-files.txt
 /tests/objectlocking.cm[ix]
 /tests/reconnect
 /tests/ssh
-/tests/test_file_access.txt
 /tests/test_conf
+/tools/*.[18]
+/tools/libvirt-guests.init
+/tools/libvirt-guests.service
 /tools/libvirt-guests.sh
 /tools/virt-login-shell
 /tools/virsh
 /tools/virsh-*-edit.c
-/tools/virt-admin
 /tools/virt-*-validate
 /tools/virt-sanlock-cleanup
 /tools/wireshark/src/plugin.c
@@ -205,7 +187,6 @@ stamp-h
 stamp-h.in
 stamp-h1
 tags
-!/build-aux/*.pl
 !/gnulib/lib/Makefile.am
 !/gnulib/tests/Makefile.am
 !/m4/virt-*.m4
--- a/.gnulib
+++ b/.gnulib
--- a/.mailmap
+++ b/.mailmap
@@ -5,10 +5,7 @@

 <bozzolan@gmail.com> <redshift@gmx.com>
 <charles_duffy@messageone.com> <charles@dyfis.net>
-<claudio.bley@gmail.com> <cbley@av-test.de>
 <dfj@redhat.com> <dfj@dfj.bne.redhat.com>
-<dpkshetty@gmail.com> <deepakcs@linux.vnet.ibm.com>
-<dpkshetty@gmail.com> <deepakcs@redhat.com>
 <eblake@redhat.com> <ebb9@byu.net>
 <gdolley@arpnetworks.com> <gdolley@ucla.edu>
 <gerhard.stenzel@de.ibm.com> <gstenzel@linux.vnet.ibm.com>
@@ -59,5 +56,3 @@ Philipp Hahn <hahn@univention.de>
 Marco Bozzolan <bozzolan@gmail.com>
 Marco Bozzolan <redshift@gmx.com>
 Pritesh Kothari <pritesh.kothari@sun.com>
-Wang Yufei (James) <james.wangyufei@huawei.com>
-Deepak C Shetty <dpkshetty@gmail.com>
--- a/AUTHORS.in
+++ b/AUTHORS.in
@@ -8,28 +8,32 @@ Daniel Veillard <veillard@redhat.com> or <daniel@veillard.com>
 The primary maintainers and people with commit access rights:

 Alex Jia <ajia@redhat.com>
-Andrea Bolognani <abologna@redhat.com>
+Anthony Liguori <aliguori@us.ibm.com>
 Cédric Bosdonnat <cbosdonnat@suse.com>
+Chris Lalancette <clalance@redhat.com>
 Christophe Fergeau <cfergeau@redhat.com>
-Claudio Bley <claudio.bley@gmail.com>
+Claudio Bley <cbley@av-test.de>
 Cole Robinson <crobinso@redhat.com>
 Daniel Berrange <berrange@redhat.com>
 Daniel Veillard <veillard@redhat.com>
+Dave Allan <dallan@redhat.com>
 Doug Goldstein <cardoe@gentoo.org>
 Eric Blake <eblake@redhat.com>
-Erik Skultety <eskultet@redhat.com>
 Gao Feng <gaofeng@cn.fujitsu.com>
+Guannan Ren <gren@redhat.com>
 Guido Günther <agx@sigxcpu.org>
 Ján Tomko <jtomko@redhat.com>
 Jim Fehlig <jfehlig@suse.com>
+Jim Meyering <meyering@redhat.com>
 Jiří Denemark <jdenemar@redhat.com>
 John Ferlan <jferlan@redhat.com>
+John Levon <john.levon@sun.com>
 Laine Stump <laine@redhat.com>
 Mark McLoughlin <markmc@redhat.com>
 Martin Kletzander <mkletzan@redhat.com>
 Matthias Bolte <matthias.bolte@googlemail.com>
-Maxim Nestratov <mnestratov@virtuozzo.com>
 Michal Prívozník <mprivozn@redhat.com>
+Osier Yang <jyang@redhat.com>
 Pavel Hrdina <phrdina@redhat.com>
 Peter Krempa <pkrempa@redhat.com>
 Richard W.M. Jones <rjones@redhat.com>
@@ -39,19 +43,11 @@ Wen Congyang <wency@cn.fujitsu.com>

 Previous maintainers:

-Anthony Liguori <aliguori@us.ibm.com>
 Atsushi SAKAI <sakaia@jp.fujitsu.com>
-Chris Lalancette <clalance@redhat.com>
 Dan Smith <danms@us.ibm.com>
-Dave Allan <dallan@redhat.com>
 Dave Leskovec <dlesko@linux.vnet.ibm.com>
-Dmitry Guryanov <dguryanov@parallels.com>
-Guannan Ren <gren@redhat.com>
-Jim Meyering <meyering@redhat.com>
-John Levon <john.levon@sun.com>
 Justin Clift <jclift@redhat.com>
 Karel Zak <kzak@redhat.com>
-Osier Yang <jyang@redhat.com>

 Patches have also been contributed by:

--- a/COPYING.LESSER
+++ b/COPYING.LESSER
@@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
 that what they have is not the original version, so that the original
 author's reputation will not be affected by problems that might be
 introduced by others.
-
+
  Finally, software patents pose a constant threat to the existence of
 any free program.  We wish to make sure that a company cannot
 effectively restrict the users of a free program by obtaining a
@@ -111,7 +111,7 @@ modification follow.  Pay close attention to the difference between a
 "work based on the library" and a "work that uses the library".  The
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
-
+
                  GNU LESSER GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

@@ -158,7 +158,7 @@ Library.
  You may charge a fee for the physical act of transferring a copy,
 and you may at your option offer warranty protection in exchange for a
 fee.
-
+
  2. You may modify your copy or copies of the Library or any portion
 of it, thus forming a work based on the Library, and copy and
 distribute such modifications or work under the terms of Section 1
@@ -216,7 +216,7 @@ instead of to this License.  (If a newer version than version 2 of the
 ordinary GNU General Public License has appeared, then you can specify
 that version instead if you wish.)  Do not make any other change in
 these notices.
-
+
  Once this change is made in a given copy, it is irreversible for
 that copy, so the ordinary GNU General Public License applies to all
 subsequent copies and derivative works made from that copy.
@@ -267,7 +267,7 @@ Library will still fall under Section 6.)
 distribute the object code for the work under the terms of Section 6.
 Any executables containing that work also fall under Section 6,
 whether or not they are linked directly with the Library itself.
-
+
  6. As an exception to the Sections above, you may also combine or
 link a "work that uses the Library" with the Library to produce a
 work containing portions of the Library, and distribute that work
@@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
 accompany the operating system.  Such a contradiction means you cannot
 use both them and the Library together in an executable that you
 distribute.
-
+
  7. You may place library facilities that are a work based on the
 Library side-by-side in a single library together with other library
 facilities not covered by this License, and distribute such a combined
@@ -370,7 +370,7 @@ subject to these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties with
 this License.
-
+
  11. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
@@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
 the Free Software Foundation.  If the Library does not specify a
 license version number, you may choose any version ever published by
 the Free Software Foundation.
-
+
  14. If you wish to incorporate parts of the Library into other free
 programs whose distribution conditions are incompatible with these,
 write to the author to ask for permission.  For software which is
@@ -456,7 +456,7 @@ SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.

                     END OF TERMS AND CONDITIONS
-
+
           How to Apply These Terms to Your New Libraries

  If you develop a new library, and you want it to be of the greatest
--- a/186
+++ b/186
@@ -14,20 +14,19 @@ General tips for contributing patches
 (1) Discuss any large changes on the mailing list first. Post patches early and
 listen to feedback.

-(2) Official upstream repository is kept in git ("git://libvirt.org/libvirt.git")
-and is browsable along with other libvirt-related repositories (e.g.
-libvirt-python) online <http://libvirt.org/git/>.
-
-(3) Patches to translations are maintained via the zanata project
-<https://fedora.zanata.org/>. If you want to fix a translation in a .po file,
-join the appropriate language team. The libvirt release process automatically
-pulls the latest version of each translation file from zanata.
-
-(4) Post patches using "git send-email", with git rename detection enabled. You
+(2) Post patches in unified diff format, with git rename detection enabled. You
 need a one-time setup of:

  git config diff.renames true

+After that, a command similar to this should work:
+
+  diff -urp libvirt.orig/ libvirt.modified/ > libvirt-myfeature.patch
+
+or:
+
+  git diff > libvirt-myfeature.patch
+
 Also, for code motion patches, you may find that "git diff --patience"
 provides an easier-to-read patch. However, the usual workflow of libvirt
 developer is:
@@ -58,14 +57,16 @@ Please follow this as close as you can, especially the rebase and git
 send-email part, as it makes life easier for other developers to review your
 patch set. One should avoid sending patches as attachments, but rather send
 them in email body along with commit message. If a developer is sending
-another version of the patch (e.g. to address review comments), they are
-advised to note differences to previous versions after the "---" line in the
-patch so that it helps reviewers but doesn't become part of git history.
-Moreover, such patch needs to be prefixed correctly with
-"--subject-prefix=PATCHv2" appended to "git send-email" (substitute "v2" with
-the correct version if needed though).
+another version of the patch (e.g. to address review comments), he is advised
+to note differences to previous versions after the "---" line in the patch so
+that it helps reviewers but doesn't become part of git history. Moreover, such
+patch needs to be prefixed correctly with "--subject-prefix=PATCHv2" appended
+to "git send-email" (substitute "v2" with the correct version if needed
+though).

-(5) In your commit message, make the summary line reasonably short (60 characters
+
+
+(3) In your commit message, make the summary line reasonably short (60 characters
 is typical), followed by a blank line, followed by any longer description of
 why your patch makes sense. If the patch fixes a regression, and you know what
 commit introduced the problem, mentioning that is useful. If the patch
@@ -75,7 +76,9 @@ You can use 'git shortlog -30' to get an idea of typical summary lines.
 Libvirt does not currently attach any meaning to Signed-off-by: lines, so it
 is up to you if you want to include or omit them in the commit message.

-(6) Split large changes into a series of smaller patches, self-contained if
+
+
+(4) Split large changes into a series of smaller patches, self-contained if
 possible, with an explanation of each patch and an explanation of how the
 sequence of patches fits together. Moreover, please keep in mind that it's
 required to be able to compile cleanly (*including* "make check" and "make
@@ -84,10 +87,12 @@ of a series, but intermediate patches must compile and not cause test-suite
 failures (this is to preserve the usefulness of "git bisect", among other
 things).

-(7) Make sure your patches apply against libvirt GIT. Developers only follow GIT
+
+
+(5) Make sure your patches apply against libvirt GIT. Developers only follow GIT
 and don't care much about released versions.

-(8) Run the automated tests on your code before submitting any changes. In
+(6) Run the automated tests on your code before submitting any changes. In
 particular, configure with compile warnings set to -Werror. This is done
 automatically for a git checkout; from a tarball, use:

@@ -127,29 +132,13 @@ Also, individual tests can be run from inside the "tests/" directory, like:

  ./qemuxml2xmltest

-If you are adding new test cases, or making changes that alter existing test
-output, you can use the environment variable VIR_TEST_REGENERATE_OUTPUT to
-quickly update the saved test data. Of course you still need to review the
-changes VERY CAREFULLY to ensure they are correct.
-
-  VIR_TEST_REGENERATE_OUTPUT=1 ./qemuxml2argvtest
-
 There is also a "./run" script at the top level, to make it easier to run
 programs that have not yet been installed, as well as to wrap invocations of
 various tests under gdb or Valgrind.

-When running our test suite it may happen that the test result is
-nondeterministic because of the test suite relying on a particular file in the
-system being accessible or having some specific value. To catch this kind of
-errors, the test suite has a module for that prints any path touched that
-fulfils constraints described above into a file. To enable it just set
-"VIR_TEST_FILE_ACCESS" environment variable. Then
-"VIR_TEST_FILE_ACCESS_OUTPUT" environment variable can alter location where
-the file is stored.

-  VIR_TEST_FILE_ACCESS=1 VIR_TEST_FILE_ACCESS_OUTPUT="/tmp/file_access.txt" ./qemuxml2argvtest

-(9) The Valgrind test should produce similar output to "make check". If the output
+(7) The Valgrind test should produce similar output to "make check". If the output
 has traces within libvirt API's, then investigation is required in order to
 determine the cause of the issue. Output such as the following indicates some
 sort of leak:
@@ -223,102 +212,18 @@ to "tests/.valgrind.supp" in order to suppress the warning:
    obj:*/lib*/ld-2.*so*
 }

-(10) Update tests and/or documentation, particularly if you are adding a new
+
+
+(8) Update tests and/or documentation, particularly if you are adding a new
 feature or changing the output of a program.

-(11) Don't forget to update the release notes <news.html> by changing
-"docs/news.xml" if your changes are significant. All user-visible changes,
-such as adding new XML elements or fixing all but the most obscure bugs, must
-be (briefly) described in a release notes entry; changes that are only
-relevant to other libvirt developers, such as code refactoring, don't belong
-in the release notes. Note that "docs/news.xml" should be updated in its own
-commit not to get in the way of backports.
+

 There is more on this subject, including lots of links to background reading
 on the subject, on Richard Jones' guide to working with open source projects
 <http://people.redhat.com/rjones/how-to-supply-code-to-open-source-projects/>.


-Naming conventions
-==================
-When reading libvirt code, a number of different naming conventions will be
-evident due to various changes in thinking over the course of the project's
-lifetime. The conventions documented below should be followed when creating
-any entirely new files in libvirt. When working on existing files, while it is
-desirable to apply these conventions, keeping a consistent style with existing
-code in that particular file is generally more important. The overall guiding
-principal is that every file, enum, struct, function, macro and typedef name
-must have a 'vir' or 'VIR' prefix. All local scope variable names are exempt,
-and global variables are exempt, unless exported in a header file.
-
-*File names*
-
-File naming varies depending on the subdirectory. The preferred style is to
-have a 'vir' prefix, followed by a name which matches the name of the
-functions / objects inside the file. For example, a file containing an object
-'virHashtable' is stored in files 'virhashtable.c' and 'virhashtable.h'.
-Sometimes, methods which would otherwise be declared 'static' need to be
-exported for use by a test suite. For this purpose a second header file should
-be added with a suffix of 'priv', e.g. 'virhashtablepriv.h'. Use of
-underscores in file names is discouraged when using the 'vir' prefix style.
-The 'vir' prefix naming applies to src/util, src/rpc and tests/ directories.
-Most other directories do not follow this convention.
-
-
-
-*Enum type & field names*
-
-All enums should have a 'vir' prefix in their typedef name, and each following
-word should have its first letter in uppercase. The enum name should match the
-typedef name with a leading underscore. The enum member names should be in all
-uppercase, and use an underscore to separate each word. The enum member name
-prefix should match the enum typedef name.
-
-    typedef enum _virSocketType virSocketType;
-    enum _virSocketType {
-        VIR_SOCKET_TYPE_IPV4,
-        VIR_SOCKET_TYPE_IPV6,
-    };
-
-
-*Struct type names*
-
-All structs should have a 'vir' prefix in their typedef name, and each
-following word should have its first letter in uppercase. The struct name
-should be the same as the typedef name with a leading underscore. A second
-typedef should be given for a pointer to the struct with a 'Ptr' suffix.
-
-    typedef struct _virHashTable virHashTable;
-    typedef virHashTable *virHashTablePtr;
-    struct _virHashTable {
-       ...
-    };
-
-
-*Function names*
-
-All functions should have a 'vir' prefix in their name, followed by one or
-more words with first letter of each word capitalized. Underscores should not
-be used in function names. If the function is operating on an object, then the
-function name prefix should match the object typedef name, otherwise it should
-match the filename. Following this comes the verb / action name, and finally
-an optional subject name. For example, given an object 'virHashTable', all
-functions should have a name 'virHashTable$VERB' or
-'virHashTable$VERB$SUBJECT", e.g. 'virHashTableLookup' or
-'virHashTableGetValue'.
-
-
-
-*Macro names*
-
-All macros should have a "VIR" prefix in their name, followed by one or more
-uppercase words separated by underscores. The macro argument names should be
-in lowercase. Aside from having a "VIR" prefix there are no common practices
-for the rest of the macro name.
-
-
-
-
 Code indentation
 ================
 Libvirt's C source code generally adheres to some basic code-formatting
@@ -461,23 +366,16 @@ although use of a semicolon is not currently rejected.

 Curly braces
 ============
-Omit the curly braces around an "if", "while", "for" etc. body only when both
-that body and the condition itself occupy a single line. In every other case
-we require the braces. This ensures that it is trivially easy to identify a
-single-'statement' loop: each has only one 'line' in its body.
+Omit the curly braces around an "if", "while", "for" etc. body only when that
+body occupies a single line. In every other case we require the braces. This
+ensures that it is trivially easy to identify a single-'statement' loop: each
+has only one 'line' in its body.

-  while (expr)             // single line body; {} is forbidden
+Omitting braces with a single-line body is fine:
+
+  while (expr) // one-line body -> omitting curly braces is ok
      single_line_stmt();

-  while (expr(arg1,
-              arg2))      // indentation makes it obvious it is single line,
-      single_line_stmt(); // {} is optional (not enforced either way)
-
-  while (expr1 &&
-         expr2) {         // multi-line, at same indentation, {} required
-      single_line_stmt();
-  }
-
 However, the moment your loop/if/else body extends on to a second line, for
 whatever reason (even if it's just an added comment), then you should add
 braces. Otherwise, it would be too easy to insert a statement just before that
@@ -651,6 +549,8 @@ true) ...". Rather, write "if (seen)...".



+
+
 Of course, take all of the above with a grain of salt. If you're about to use
 some system interface that requires a type like "size_t", "pid_t" or "off_t",
 use matching types for any corresponding variables.
@@ -762,6 +662,8 @@ size:



+
+
 File handling
 =============
 Usage of the "fdopen()", "close()", "fclose()" APIs is deprecated in libvirt
@@ -805,6 +707,8 @@ APIs, use the macros from virfile.h



+
+
 String comparisons
 ==================
 Do not use the strcmp, strncmp, etc functions directly. Instead use one of the
@@ -852,6 +756,8 @@ following semantically named macros



+
+
 String copying
 ==============
 Do not use the strncpy function. According to the man page, it does *not*
@@ -1020,6 +926,8 @@ by further potentially failing calls. You should almost certainly be using a
 conditional and a block instead of a goto. Perhaps some of your function's
 logic would be better pulled out into a helper function.

+
+
 Although libvirt does not encourage the Linux kernel wind/unwind style of
 multiple labels, there's a good general discussion of the issue archived at
 KernelTrap <http://kerneltrap.org/node/553/2131>
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,14 +19,19 @@
 LCOV = lcov
 GENHTML = genhtml

-SUBDIRS = . gnulib/lib include/libvirt src daemon tools docs gnulib/tests \
-  tests po examples
-
-XZ_OPT ?= -v -T0
-export XZ_OPT
+SUBDIRS = . gnulib/lib include src daemon tools docs gnulib/tests \
+  tests po examples/object-events examples/hellolibvirt \
+  examples/dominfo examples/domsuspend examples/apparmor \
+  examples/xml/nwfilter examples/openauth examples/systemtap \
+  tools/wireshark examples/dommigrate \
+  examples/lxcconvert examples/domtop

 ACLOCAL_AMFLAGS = -I m4

+XML_EXAMPLES = \
+  $(patsubst $(srcdir)/%,%,$(wildcard $(addprefix $(srcdir)/examples/xml/, \
+					test/*.xml storage/*.xml)))
+
 EXTRA_DIST = \
  config-post.h \
  ChangeLog-old \
@@ -35,36 +40,24 @@ EXTRA_DIST = \
  libvirt.pc.in \
  libvirt-qemu.pc.in \
  libvirt-lxc.pc.in \
-  libvirt-admin.pc.in \
  autobuild.sh \
  Makefile.nonreentrant \
  autogen.sh \
  cfg.mk \
  run.in \
-  AUTHORS.in
+  AUTHORS.in \
+  $(XML_EXAMPLES)

 pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc libvirt-admin.pc
+pkgconfig_DATA = libvirt.pc libvirt-qemu.pc libvirt-lxc.pc

-NEWS: \
-	  $(srcdir)/docs/news.xml \
-	  $(srcdir)/docs/news-ascii.xsl \
-	  $(srcdir)/docs/reformat-news.py
-	$(AM_V_GEN) \
-	if [ -x $(XSLTPROC) ]; then \
-	  $(XSLTPROC) --nonet \
-	    $(srcdir)/docs/news-ascii.xsl \
-	    $(srcdir)/docs/news.xml \
-	  >$@-tmp \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  $(srcdir)/docs/reformat-news.py $@-tmp >$@ \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  rm -f $@-tmp; \
-	fi
-EXTRA_DIST += \
-	$(srcdir)/docs/news.xml \
-	$(srcdir)/docs/news-ascii.xsl \
-	$(srcdir)/docs/reformat-news.py
+NEWS: $(top_srcdir)/docs/news.xsl $(top_srcdir)/docs/news.html.in
+	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then			\
+	  $(XSLTPROC) --nonet $(top_srcdir)/docs/news.xsl	\
+	     $(top_srcdir)/docs/news.html.in			\
+	   | perl -0777 -pe 's/\n\n+$$/\n/'			\
+	   | perl -pe 's/[ \t]+$$//'				\
+	   > $@-t && mv $@-t $@ ; fi

 $(top_srcdir)/HACKING: $(top_srcdir)/docs/hacking1.xsl \
 			$(top_srcdir)/docs/hacking2.xsl \
@@ -78,15 +71,12 @@ $(top_srcdir)/HACKING: $(top_srcdir)/docs/hacking1.xsl \
 	   > $@-t && mv $@-t $@ ; fi;

 rpm: clean
-	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.xz)
+	@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.gz)

 check-local: all tests

-check-access:
-	@($(MAKE) $(AM_MAKEFLAGS) -C tests check-access)
-
 cov: clean-cov
-	$(MKDIR_P) $(top_builddir)/coverage
+	mkdir $(top_builddir)/coverage
 	$(LCOV) -c -o $(top_builddir)/coverage/libvirt.info.tmp \
 	  -d $(top_builddir)/src  -d $(top_builddir)/daemon \
 	  -d $(top_builddir)/tests
@@ -101,6 +91,9 @@ clean-cov:

 MAINTAINERCLEANFILES = .git-module-status

+# disable this check
+distuninstallcheck:
+
 dist-hook: gen-ChangeLog gen-AUTHORS

 # Generate the ChangeLog file (with all entries since the switch to git)
--- a/Makefile.nonreentrant
+++ b/Makefile.nonreentrant
@@ -113,11 +113,3 @@ NON_REENTRANT += inet_nsap_ntoa
 NON_REENTRANT += inet_ntoa
 NON_REENTRANT += inet_ntop
 NON_REENTRANT += inet_pton
-
-# Separate two nothings by space to get one space in a variable
-space =
-space +=
-# The space needs to be in a variable otherwise it would be ignored.
-# And there must be no spaces around the commas because they would
-# not be ignored, logically.
-NON_REENTRANT_RE=$(subst $(space),|,$(NON_REENTRANT))
--- a/autobuild.sh
+++ b/autobuild.sh
@@ -56,7 +56,7 @@ exec 3>&-
 test "$st" = 0
 test -x /usr/bin/lcov && make cov

-rm -f *.tar.xz
+rm -f *.tar.gz
 make dist

 if test -n "$AUTOBUILD_COUNTER" ; then
--- a/autogen.sh
+++ b/autogen.sh
@@ -20,10 +20,6 @@ no_git=
 if test "x$1" = "x--no-git"; then
  no_git=" $1"
  shift
-  case "$1 $2" in
-    --gnulib-srcdir=*) no_git="$no_git $1"; shift ;;
-    --gnulib-srcdir\ *) no_git="$no_git $1=$2"; shift; shift;;
-  esac
 fi
 if test -z "$NOCONFIGURE" ; then
  if test "x$1" = "x--system"; then
--- a/87
+++ b/87
@@ -1,10 +1,10 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2017-01-09.19; # UTC
+scriptversion=2013-12-05.23; # UTC

 # Bootstrap this package from checked-out sources.

-# Copyright (C) 2003-2017 Free Software Foundation, Inc.
+# Copyright (C) 2003-2014 Free Software Foundation, Inc.

 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -42,9 +42,6 @@ export LC_ALL

 local_gl_dir=gl

-# Honor $PERL, but work even if there is none.
-PERL="${PERL-perl}"
-
 me=$0

 usage() {
@@ -213,17 +210,7 @@ bootstrap_sync=false
 use_git=true

 check_exists() {
-  if test "$1" = "--verbose"; then
-    ($2 --version </dev/null) >/dev/null 2>&1
-    if test $? -ge 126; then
-      # If not found, run with diagnostics as one may be
-      # presented with env variables to set to find the right version
-      ($2 --version </dev/null)
-    fi
-  else
-    ($1 --version </dev/null) >/dev/null 2>&1
-  fi
-
+  ($1 --version </dev/null) >/dev/null 2>&1
  test $? -lt 126
 }

@@ -418,30 +405,28 @@ sort_ver() { # sort -V is not generally available
  done
 }

-get_version_sed='
-# Move version to start of line.
-s/.*[v ]\([0-9]\)/\1/
-
-# Skip lines that do not start with version.
-/^[0-9]/!d
-
-# Remove characters after the version.
-s/[^.a-z0-9-].*//
-
-# The first component must be digits only.
-s/^\([0-9]*\)[a-z-].*/\1/
-
-#the following essentially does s/5.005/5.5/
-s/\.0*\([1-9]\)/.\1/g
-p
-q'
-
 get_version() {
  app=$1

-  $app --version >/dev/null 2>&1 || { $app --version; return 1; }
+  $app --version >/dev/null 2>&1 || return 1

-  $app --version 2>&1 | sed -n "$get_version_sed"
+  $app --version 2>&1 |
+  sed -n '# Move version to start of line.
+          s/.*[v ]\([0-9]\)/\1/
+
+          # Skip lines that do not start with version.
+          /^[0-9]/!d
+
+          # Remove characters after the version.
+          s/[^.a-z0-9-].*//
+
+          # The first component must be digits only.
+          s/^\([0-9]*\)[a-z-].*/\1/
+
+          #the following essentially does s/5.005/5.5/
+          s/\.0*\([1-9]\)/.\1/g
+          p
+          q'
 }

 check_versions() {
@@ -461,7 +446,6 @@ check_versions() {
    test "$appvar" = TAR && appvar=AMTAR
    case $appvar in
        GZIP) ;; # Do not use $GZIP:  it contains gzip options.
-        PERL::*) ;; # Keep perl modules as-is
        *) eval "app=\${$appvar-$app}" ;;
    esac

@@ -479,22 +463,11 @@ check_versions() {
          ret=1
          continue
        } ;;
-      # Another check is for perl modules.  These can be written as
-      # e.g. perl::XML::XPath in case of XML::XPath module, etc.
-      perl::*)
-        # Extract module name
-        app="${app#perl::}"
-        if ! $PERL -m"$app" -e 'exit 0' >/dev/null 2>&1; then
-          warn_ "Error: perl module '$app' not found"
-          ret=1
-        fi
-        continue
-        ;;
    esac
    if [ "$req_ver" = "-" ]; then
      # Merely require app to exist; not all prereq apps are well-behaved
      # so we have to rely on $? rather than get_version.
-      if ! check_exists --verbose $app; then
+      if ! check_exists $app; then
        warn_ "Error: '$app' not found"
        ret=1
      fi
@@ -625,8 +598,8 @@ case ${GNULIB_SRCDIR--} in
  # Note that $use_git is necessarily true in this case.
  if git_modules_config submodule.gnulib.url >/dev/null; then
    echo "$0: getting gnulib files..."
-    git submodule init -- "$gnulib_path" || exit $?
-    git submodule update -- "$gnulib_path" || exit $?
+    git submodule init || exit $?
+    git submodule update || exit $?

  elif [ ! -d "$gnulib_path" ]; then
    echo "$0: getting gnulib files..."
@@ -655,14 +628,13 @@ case ${GNULIB_SRCDIR--} in
      # This fallback allows at least git 1.5.5.
      if test -f "$gnulib_path"/gnulib-tool; then
        # Since file already exists, assume submodule init already complete.
-        git submodule update -- "$gnulib_path" || exit $?
+        git submodule update || exit $?
      else
        # Older git can't clone into an empty directory.
        rmdir "$gnulib_path" 2>/dev/null
        git clone --reference "$GNULIB_SRCDIR" \
          "$(git_modules_config submodule.gnulib.url)" "$gnulib_path" \
-          && git submodule init -- "$gnulib_path" \
-          && git submodule update -- "$gnulib_path" \
+          && git submodule init && git submodule update \
          || exit $?
      fi
    fi
@@ -790,7 +762,7 @@ symlink_to_dir()
      # Leave any existing symlink alone, if it already points to the source,
      # so that broken build tools that care about symlink times
      # aren't confused into doing unnecessary builds.  Conversely, if the
-      # existing symlink's timestamp is older than the source, make it afresh,
+      # existing symlink's time stamp is older than the source, make it afresh,
      # so that broken tools aren't confused into skipping needed builds.  See
      # <http://lists.gnu.org/archive/html/bug-gnulib/2011-05/msg00326.html>.
      test -h "$dst" &&
@@ -917,8 +889,7 @@ if test $use_libtool = 1; then
  esac
 fi
 echo "$0: $gnulib_tool $gnulib_tool_options --import ..."
-$gnulib_tool $gnulib_tool_options --import $gnulib_modules \
-  || die "gnulib-tool failed"
+$gnulib_tool $gnulib_tool_options --import $gnulib_modules &&

 for file in $gnulib_files; do
  symlink_to_dir "$GNULIB_SRCDIR" $file \
@@ -1023,6 +994,6 @@ echo "$0: done.  Now you can run './configure'."
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
+# time-stamp-time-zone: "UTC"
 # time-stamp-end: "; # UTC"
 # End:
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -1,6 +1,6 @@
 # Bootstrap configuration.

-# Copyright (C) 2010-2014 Red Hat, Inc.
+# Copyright (C) 2010-2013 Red Hat, Inc.

 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -35,7 +35,6 @@ clock-time
 close
 connect
 configmake
-count-leading-zeros
 count-one-bits
 crypto/md5
 crypto/sha256
@@ -54,7 +53,6 @@ func
 getaddrinfo
 getcwd-lgpl
 gethostname
-getopt-posix
 getpass
 getpeername
 getsockname
@@ -121,7 +119,6 @@ time_r
 timegm
 ttyname_r
 uname
-unsetenv
 useless-if-before-free
 usleep
 vasprintf
@@ -198,7 +195,10 @@ local_gl_dir=gnulib/local
 # Build prerequisites
 # Note that some of these programs are only required for 'make dist' to
 # succeed from a fresh git checkout; not all of these programs are
-# required to run 'make dist' on a tarball.
+# required to run 'make dist' on a tarball.  As a special case, we want
+# to require the equivalent of the Fedora python-devel package, but
+# RHEL 5 lacks the witness python-config package; we hack around that
+# old environment below.
 buildreq="\
 autoconf   2.59
 automake   1.9.6
@@ -210,11 +210,19 @@ libtool    -
 patch      -
 perl       5.5
 pkg-config -
+python-config -
 rpcgen     -
 tar        -
 xmllint	   -
 xsltproc   -
 "
+# Use rpm as a fallback to bypass the bootstrap probe for python-config,
+# for the sake of RHEL 5; without requiring it on newer systems that
+# have python-config to begin with.
+if `(${PYTHON_CONFIG-python-config} --version;
+     test $? -lt 126 || rpm -q python-devel) >/dev/null 2>&1`; then
+  PYTHON_CONFIG=true
+fi

 # Automake requires that ChangeLog and AUTHORS exist.
 touch AUTHORS ChangeLog || exit 1
--- a/build-aux/bracket-spacing.pl
+++ b/build-aux/bracket-spacing.pl
@@ -0,0 +1,161 @@
+#!/usr/bin/perl
+#
+# bracket-spacing.pl: Report any usage of 'function (..args..)'
+# Also check for other syntax issues, such as correct use of ';'
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see
+# <http://www.gnu.org/licenses/>.
+#
+# Authors:
+#     Daniel P. Berrange <berrange@redhat.com>
+
+use strict;
+use warnings;
+
+my $ret = 0;
+my $incomment = 0;
+
+foreach my $file (@ARGV) {
+    open FILE, $file;
+
+    while (defined (my $line = <FILE>)) {
+        my $data = $line;
+
+        # Kill any quoted , ; = or "
+        $data =~ s/'[";,=]'/'X'/g;
+
+        # Kill any quoted strings
+        $data =~ s,"([^\\\"]|\\.)*","XXX",g;
+
+        # Kill any C++ style comments
+        $data =~ s,//.*$,//,;
+
+        next if $data =~ /^#/;
+
+        # Kill contents of multi-line comments
+        # and detect end of multi-line comments
+        if ($incomment) {
+            if ($data =~ m,\*/,) {
+                $incomment = 0;
+                $data =~ s,^.*\*/,*/,;
+            } else {
+                $data = "";
+            }
+        }
+
+        # Kill single line comments, and detect
+        # start of multi-line comments
+        if ($data =~ m,/\*.*\*/,) {
+            $data =~ s,/\*.*\*/,/* */,;
+        } elsif ($data =~ m,/\*,) {
+            $incomment = 1;
+            $data =~ s,/\*.*,/*,;
+        }
+
+        # We need to match things like
+        #
+        #  int foo (int bar, bool wizz);
+        #  foo (bar, wizz);
+        #
+        # but not match things like:
+        #
+        #  typedef int (*foo)(bar wizz)
+        #
+        # we can't do this (efficiently) without
+        # missing things like
+        #
+        #  foo (*bar, wizz);
+        #
+        while ($data =~ /(\w+)\s\((?!\*)/) {
+            my $kw = $1;
+
+            # Allow space after keywords only
+            if ($kw =~ /^(if|for|while|switch|return)$/) {
+                $data =~ s/($kw\s\()/XXX(/;
+            } else {
+                print "$file:$.: $line";
+                $ret = 1;
+                last;
+            }
+        }
+
+        # Require whitespace immediately after keywords,
+        # but none after the opening bracket
+        while ($data =~ /\b(if|for|while|switch|return)\(/ ||
+               $data =~ /\b(if|for|while|switch|return)\s+\(\s/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+
+        # Forbid whitespace between )( of a function typedef
+        while ($data =~ /\(\*\w+\)\s+\(/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+
+        # Forbid whitespace following ( or prior to )
+        while ($data =~ /\S\s+\)/ ||
+               $data =~ /\(\s+\S/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+
+        # Forbid whitespace before ";" or ",". Things like below are allowed:
+        #
+        # 1) The expression is empty for "for" loop. E.g.
+        #   for (i = 0; ; i++)
+        #
+        # 2) An empty statement. E.g.
+        #   while (write(statuswrite, &status, 1) == -1 &&
+        #          errno == EINTR)
+        #       ;
+        #
+        while ($data =~ /[^;\s]\s+[;,]/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+
+        # Require EOL, macro line continuation, or whitespace after ";".
+        # Allow "for (;;)" as an exception.
+        while ($data =~ /;[^	 \\\n;)]/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+
+        # Require EOL, space, or enum/struct end after comma.
+        while ($data =~ /,[^ \\\n)}]/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+
+        # Require spaces around assignment '=', compounds and '=='
+        # with the exception of virAssertCmpInt()
+        $data =~ s/(virAssertCmpInt\(.* ).?=,/$1op,/;
+        while ($data =~ /[^ ]\b[!<>&|\-+*\/%\^=]?=[^=]/ ||
+               $data =~ /=[^= \\\n]/) {
+            print "$file:$.: $line";
+            $ret = 1;
+            last;
+        }
+    }
+    close FILE;
+}
+
+exit $ret;
--- a/build-aux/check-spacing.pl
+++ b/build-aux/check-spacing.pl
@@ -1,204 +0,0 @@
-#!/usr/bin/perl
-#
-# check-spacing.pl: Report any usage of 'function (..args..)'
-# Also check for other syntax issues, such as correct use of ';'
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see
-# <http://www.gnu.org/licenses/>.
-#
-# Authors:
-#     Daniel P. Berrange <berrange@redhat.com>
-
-use strict;
-use warnings;
-
-my $ret = 0;
-my $incomment = 0;
-
-foreach my $file (@ARGV) {
-    # Per-file variables for multiline Curly Bracket (cb_) check
-    my $cb_linenum = 0;
-    my $cb_code = "";
-    my $cb_scolon = 0;
-
-    open FILE, $file;
-
-    while (defined (my $line = <FILE>)) {
-        my $data = $line;
-        # For temporary modifications
-        my $tmpdata;
-
-        # Kill any quoted , ; = or "
-        $data =~ s/'[";,=]'/'X'/g;
-
-        # Kill any quoted strings
-        $data =~ s,"(?:[^\\\"]|\\.)*","XXX",g;
-
-        # Kill any C++ style comments
-        $data =~ s,//.*$,//,;
-
-        next if $data =~ /^#/;
-
-        # Kill contents of multi-line comments
-        # and detect end of multi-line comments
-        if ($incomment) {
-            if ($data =~ m,\*/,) {
-                $incomment = 0;
-                $data =~ s,^.*\*/,*/,;
-            } else {
-                $data = "";
-            }
-        }
-
-        # Kill single line comments, and detect
-        # start of multi-line comments
-        if ($data =~ m,/\*.*\*/,) {
-            $data =~ s,/\*.*\*/,/* */,;
-        } elsif ($data =~ m,/\*,) {
-            $incomment = 1;
-            $data =~ s,/\*.*,/*,;
-        }
-
-        # We need to match things like
-        #
-        #  int foo (int bar, bool wizz);
-        #  foo (bar, wizz);
-        #
-        # but not match things like:
-        #
-        #  typedef int (*foo)(bar wizz)
-        #
-        # we can't do this (efficiently) without
-        # missing things like
-        #
-        #  foo (*bar, wizz);
-        #
-        # We also don't want to spoil the $data so it can be used
-        # later on.
-        $tmpdata = $data;
-        while ($tmpdata =~ /(\w+)\s\((?!\*)/) {
-            my $kw = $1;
-
-            # Allow space after keywords only
-            if ($kw =~ /^(?:if|for|while|switch|return)$/) {
-                $tmpdata =~ s/(?:$kw\s\()/XXX(/;
-            } else {
-                print "Whitespace after non-keyword:\n";
-                print "$file:$.: $line";
-                $ret = 1;
-                last;
-            }
-        }
-
-        # Require whitespace immediately after keywords
-        if ($data =~ /\b(?:if|for|while|switch|return)\(/) {
-            print "No whitespace after keyword:\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # Forbid whitespace between )( of a function typedef
-        if ($data =~ /\(\*\w+\)\s+\(/) {
-            print "Whitespace between ')' and '(':\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # Forbid whitespace following ( or prior to )
-        # but allow whitespace before ) on a single line
-        # (optionally followed by a semicolon)
-        if (($data =~ /\s\)/ && not $data =~ /^\s+\);?$/) ||
-            $data =~ /\((?!$)\s/) {
-            print "Whitespace after '(' or before ')':\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # Forbid whitespace before ";" or ",". Things like below are allowed:
-        #
-        # 1) The expression is empty for "for" loop. E.g.
-        #   for (i = 0; ; i++)
-        #
-        # 2) An empty statement. E.g.
-        #   while (write(statuswrite, &status, 1) == -1 &&
-        #          errno == EINTR)
-        #       ;
-        #
-        if ($data =~ /\s[;,]/) {
-            unless ($data =~ /\S; ; / ||
-                    $data =~ /^\s+;/) {
-                print "Whitespace before semicolon or comma:\n";
-                print "$file:$.: $line";
-                $ret = 1;
-            }
-        }
-
-        # Require EOL, macro line continuation, or whitespace after ";".
-        # Allow "for (;;)" as an exception.
-        if ($data =~ /;[^	 \\\n;)]/) {
-            print "Invalid character after semicolon:\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # Require EOL, space, or enum/struct end after comma.
-        if ($data =~ /,[^ \\\n)}]/) {
-            print "Invalid character after comma:\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # Require spaces around assignment '=', compounds and '=='
-        if ($data =~ /[^ ]\b[!<>&|\-+*\/%\^=]?=/ ||
-            $data =~ /=[^= \\\n]/) {
-            print "Spacing around '=' or '==':\n";
-            print "$file:$.: $line";
-            $ret = 1;
-        }
-
-        # One line conditional statements with one line bodies should
-        # not use curly brackets.
-        if ($data =~ /^\s*(if|while|for)\b.*\{$/) {
-            $cb_linenum = $.;
-            $cb_code = $line;
-            $cb_scolon = 0;
-        }
-
-        # We need to check for exactly one semicolon inside the body,
-        # because empty statements (e.g. with comment only) are
-        # allowed
-        if ($cb_linenum == $. - 1 && $data =~ /^[^;]*;[^;]*$/) {
-            $cb_code .= $line;
-            $cb_scolon = 1;
-        }
-
-        if ($data =~ /^\s*}\s*$/ &&
-            $cb_linenum == $. - 2 &&
-            $cb_scolon) {
-
-            print "Curly brackets around single-line body:\n";
-            print "$file:$cb_linenum-$.:\n$cb_code$line";
-            $ret = 1;
-
-            # There _should_ be no need to reset the values; but to
-            # keep my inner peace...
-            $cb_linenum = 0;
-            $cb_scolon = 0;
-            $cb_code = "";
-        }
-    }
-    close FILE;
-}
-
-exit $ret;
--- a/build-aux/prohibit-duplicate-header.pl
+++ b/build-aux/prohibit-duplicate-header.pl
@@ -1,26 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-
-my $file = " ";
-my $ret = 0;
-my %includes = ( );
-my $lineno = 0;
-
-while (<>) {
-    if (not $file eq $ARGV) {
-        %includes = ( );
-        $file = $ARGV;
-        $lineno = 0;
-    }
-    $lineno++;
-    if (/^# *include *[<"]([^>"]*\.h)[">]/) {
-        $includes{$1}++;
-        if ($includes{$1} == 2) {
-            $ret = 1;
-            print STDERR "$ARGV:$lineno: $_";
-            print STDERR "Do not include a header more than once per file\n";
-        }
-    }
-}
-exit $ret;
--- a/cfg.mk
+++ b/cfg.mk
@@ -1,5 +1,5 @@
 # Customize Makefile.maint.                           -*- makefile -*-
-# Copyright (C) 2008-2015 Red Hat, Inc.
+# Copyright (C) 2008-2014 Red Hat, Inc.
 # Copyright (C) 2003-2008 Free Software Foundation, Inc.

 # This program is free software: you can redistribute it and/or modify
@@ -64,7 +64,6 @@ local-checks-to-skip =			\
  sc_prohibit_quote_without_use		\
  sc_prohibit_quotearg_without_use	\
  sc_prohibit_stat_st_blocks		\
-  sc_prohibit_undesirable_word_seq	\
  sc_root_tests				\
  sc_space_tab				\
  sc_sun_os_names			\
@@ -91,7 +90,7 @@ endif

 # Files that should never cause syntax check failures.
 VC_LIST_ALWAYS_EXCLUDE_REGEX = \
-  (^(HACKING|docs/(news(-[0-9]*)?\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$
+  (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$

 # Functions like free() that are no-ops on NULL arguments.
 useless_free_options =				\
@@ -127,6 +126,7 @@ useless_free_options =				\
  --name=virDomainDiskDefFree			\
  --name=virDomainEventCallbackListFree		\
  --name=virObjectEventQueueFree		\
+  --name=virObjectEventStateFree		\
  --name=virDomainFSDefFree			\
  --name=virDomainGraphicsDefFree		\
  --name=virDomainHostdevDefFree		\
@@ -160,6 +160,7 @@ useless_free_options =				\
  --name=virNWFilterRuleDefFree			\
  --name=virNWFilterRuleInstFree		\
  --name=virNetworkDefFree			\
+  --name=virNetworkObjFree			\
  --name=virNodeDeviceDefFree			\
  --name=virNodeDeviceObjFree			\
  --name=virObjectUnref                         \
@@ -248,6 +249,8 @@ useless_free_options =				\
 # y virNetworkDefFree
 # n virNetworkFree (returns int)
 # n virNetworkFreeName (returns int)
+# y virNetworkObjFree
+# n virNetworkObjListFree FIXME
 # n virNodeDevCapsDefFree FIXME
 # y virNodeDeviceDefFree
 # n virNodeDeviceFree (returns int)
@@ -300,15 +303,14 @@ sc_flags_debug:
 # than d).  The existence of long long, and of documentation about
 # flags, makes the regex in the third test slightly harder.
 sc_flags_usage:
-	@test "$$(cat $(srcdir)/include/libvirt/libvirt-domain.h	\
+	@test "$$(cat $(srcdir)/include/libvirt/libvirt.h.in		\
 	    $(srcdir)/include/libvirt/virterror.h			\
 	    $(srcdir)/include/libvirt/libvirt-qemu.h			\
 	    $(srcdir)/include/libvirt/libvirt-lxc.h			\
-	    $(srcdir)/include/libvirt/libvirt-admin.h			\
 	  | grep -c '\(long\|unsigned\) flags')" != 4 &&		\
 	  { echo '$(ME): new API should use "unsigned int flags"' 1>&2;	\
 	    exit 1; } || :
-	@prohibit=' flags ATTRIBUTE_UNUSED'				\
+	@prohibit=' flags ''ATTRIBUTE_UNUSED'				\
 	halt='flags should be checked with virCheckFlags'		\
 	  $(_sc_search_regexp)
 	@prohibit='^[^@]*([^d] (int|long long)|[^dg] long) flags[;,)]'	\
@@ -351,8 +353,8 @@ sc_prohibit_mkstemp:
 # access with X_OK accepts directories, but we can't exec() those.
 # access with F_OK or R_OK is okay, though.
 sc_prohibit_access_xok:
-	@prohibit='access(at)? *\(.*X_OK'				\
-	halt='use virFileIsExecutable instead of access(,X_OK)'		\
+	@prohibit='access''(at)? *\(.*X_OK'				\
+	halt='use virFileIsExecutable instead of access''(,X_OK)'	\
 	  $(_sc_search_regexp)

 # Similar to the gnulib maint.mk rule for sc_prohibit_strcmp
@@ -361,7 +363,7 @@ snp_ = strncmp *\(.+\)
 sc_prohibit_strncmp:
 	@prohibit='! *strncmp *\(|\<$(snp_) *[!=]=|[!=]= *$(snp_)'	\
 	exclude=':# *define STR(N?EQLEN|PREFIX)\('			\
-	halt='use STREQLEN or STRPREFIX instead of strncmp'		\
+	halt='use STREQLEN or STRPREFIX instead of str''ncmp'		\
 	  $(_sc_search_regexp)

 # strtol and friends are too easy to misuse
@@ -379,7 +381,7 @@ sc_prohibit_strtol:
 # But for plain %s, virAsprintf is overkill compared to strdup.
 sc_prohibit_asprintf:
 	@prohibit='\<v?a[s]printf\>'					\
-	halt='use virAsprintf, not asprintf'				\
+	halt='use virAsprintf, not as'printf				\
 	  $(_sc_search_regexp)
 	@prohibit='virAsprintf.*, *"%s",'				\
 	halt='use VIR_STRDUP instead of virAsprintf with "%s"'		\
@@ -406,7 +408,7 @@ sc_prohibit_risky_id_promotion:
 # since gnulib has more guarantees for snprintf portability
 sc_prohibit_sprintf:
 	@prohibit='\<[s]printf\>'					\
-	halt='use snprintf, not sprintf'				\
+	halt='use snprintf, not s'printf				\
 	  $(_sc_search_regexp)

 sc_prohibit_readlink:
@@ -420,9 +422,9 @@ sc_prohibit_gethostname:
 	  $(_sc_search_regexp)

 sc_prohibit_readdir:
-	@prohibit='\b(read|close|open)dir *\('				\
+	@prohibit='\breaddir *\('					\
 	exclude='exempt from syntax-check'				\
-	halt='use virDirOpen, virDirRead and VIR_DIR_CLOSE'		\
+	halt='use virDirRead, not readdir'				\
 	  $(_sc_search_regexp)

 sc_prohibit_gettext_noop:
@@ -431,36 +433,43 @@ sc_prohibit_gettext_noop:
 	  $(_sc_search_regexp)

 sc_prohibit_VIR_ERR_NO_MEMORY:
-	@prohibit='\<VIR_ERR_NO_MEMORY\>'				\
-	halt='use virReportOOMError, not VIR_ERR_NO_MEMORY'		\
+	@prohibit='\<V''IR_ERR_NO_MEMORY\>'				\
+	halt='use virReportOOMError, not V'IR_ERR_NO_MEMORY		\
 	  $(_sc_search_regexp)

 sc_prohibit_PATH_MAX:
-	@prohibit='\<PATH_MAX\>'				\
-	halt='dynamically allocate paths, do not use PATH_MAX'	\
+	@prohibit='\<P''ATH_MAX\>'				\
+	halt='dynamically allocate paths, do not use P'ATH_MAX	\
 	  $(_sc_search_regexp)

+# Use a subshell for each function, to give the optimal warning message.
 include $(srcdir)/Makefile.nonreentrant
 sc_prohibit_nonreentrant:
-	@prohibit="\\<(${NON_REENTRANT_RE}) *\\("			\
-	halt="use re-entrant functions (usually ending with _r)"	\
-	  $(_sc_search_regexp)
+	@fail=0 ; \
+	for i in $(NON_REENTRANT) ; \
+	do \
+	    (prohibit="\\<$$i *\\("					\
+	     halt="use $${i}_r, not $$i"				\
+	     $(_sc_search_regexp)					\
+	    ) || fail=1;						\
+	done ; \
+	exit $$fail

 sc_prohibit_select:
-	@prohibit='\<select *\('					\
-	halt='use poll(), not select()'					\
+	@prohibit="\\<select *\\("					\
+	halt="use poll(), not se""lect()"				\
 	  $(_sc_search_regexp)

 # Prohibit the inclusion of <ctype.h>.
 sc_prohibit_ctype_h:
 	@prohibit='^# *include  *<ctype\.h>'				\
-	halt='use c-ctype.h instead of ctype.h'				\
+	halt="don't use ctype.h; instead, use c-ctype.h"		\
 	  $(_sc_search_regexp)

 # Insist on correct types for [pug]id.
 sc_correct_id_types:
 	@prohibit='\<(int|long) *[pug]id\>'				\
-	halt='use pid_t for pid, uid_t for uid, gid_t for gid'		\
+	halt="use pid_t for pid, uid_t for uid, gid_t for gid"		\
 	  $(_sc_search_regexp)

 # "const fooPtr a" is the same as "foo * const a", even though it is
@@ -496,12 +505,12 @@ ctype_re = isalnum|isalpha|isascii|isblank|iscntrl|isdigit|isgraph|islower\

 sc_avoid_ctype_macros:
 	@prohibit='\b($(ctype_re)) *\('					\
-	halt='use c-ctype.h instead of ctype macros'			\
+	halt="don't use ctype macros (use c-ctype.h)"			\
 	  $(_sc_search_regexp)

 sc_avoid_strcase:
 	@prohibit='\bstrn?case(cmp|str) *\('				\
-	halt='use c-strcase.h instead of raw strcase functions'		\
+	halt="don't use raw strcase functions (use c-strcase instead)"	\
 	  $(_sc_search_regexp)

 sc_prohibit_virBufferAdd_with_string_literal:
@@ -519,6 +528,13 @@ sc_forbid_manual_xml_indent:
 	halt='use virBufferAdjustIndent instead of spaces when indenting xml' \
 	  $(_sc_search_regexp)

+# Not only do they fail to deal well with ipv6, but the gethostby*
+# functions are also not thread-safe.
+sc_prohibit_gethostby:
+	@prohibit='\<gethostby(addr|name2?) *\('			\
+	halt='use getaddrinfo, not gethostby*'				\
+	  $(_sc_search_regexp)
+
 # dirname and basename from <libgen.h> are not required to be thread-safe
 sc_prohibit_libgen:
 	@prohibit='( (base|dir)name *\(|include .libgen\.h)'		\
@@ -551,20 +567,14 @@ sc_avoid_attribute_unused_in_header:
 	halt='use ATTRIBUTE_UNUSED in .c rather than .h files'		\
 	  $(_sc_search_regexp)

-sc_prohibit_int_index:
-	@prohibit='\<(int|unsigned)\s*\*?index\>(\s|,|;)'	\
-	halt='use different name than 'index' for declaration'	        \
-	  $(_sc_search_regexp)
-
 sc_prohibit_int_ijk:
 	@prohibit='\<(int|unsigned) ([^(=]* )*(i|j|k)\>(\s|,|;)'	\
-	exclude='exempt from syntax-check'				\
 	halt='use size_t, not int/unsigned int for loop vars i, j, k'	\
 	  $(_sc_search_regexp)

 sc_prohibit_loop_iijjkk:
 	@prohibit='\<(int|unsigned) ([^=]+ )*(ii|jj|kk)\>(\s|,|;)'	\
-	halt='use i, j, k for loop iterators, not ii, jj, kk'		\
+	halt='use i, j, k for loop iterators, not ii, jj, kk' 		\
 	  $(_sc_search_regexp)

 # RHEL 5 gcc can't grok "for (int i..."
@@ -574,17 +584,6 @@ sc_prohibit_loop_var_decl:
 	halt='declare loop iterators outside the for statement'		\
 	  $(_sc_search_regexp)

-# Use 'bool', not 'int', when assigning true or false
-sc_prohibit_int_assign_bool:
-	@prohibit='\<int\>.*= *(true|false)'				\
-	halt='use bool type for boolean values'				\
-	  $(_sc_search_regexp)
-
-sc_prohibit_unsigned_pid:
-	@prohibit='\<unsigned\> [^,=;(]+pid'				\
-	halt='use signed type for pid values'				\
-	  $(_sc_search_regexp)
-
 # Many of the function names below came from this filter:
 # git grep -B2 '\<_('|grep -E '\.c- *[[:alpha:]_][[:alnum:]_]* ?\(.*[,;]$' \
 # |sed 's/.*\.c-  *//'|perl -pe 's/ ?\(.*//'|sort -u \
@@ -611,9 +610,8 @@ msg_gen_function += xenapiSessionErrorHandler
 # msg_gen_function += vshPrint
 # msg_gen_function += vshError

-space =
-space +=
-func_re= ($(subst $(space),|,$(msg_gen_function)))
+func_or := $(shell echo $(msg_gen_function)|tr -s ' ' '|')
+func_re := ($(func_or))

 # Look for diagnostics that aren't marked for translation.
 # This won't find any for which error's format string is on a separate line.
@@ -666,7 +664,7 @@ sc_prohibit_useless_translation:
 	halt='found useless translation'				\
 	  $(_sc_search_regexp)
 	@prohibit='\<N?_ *\('						\
-	in_vc_files='(tests|examples)/'					\
+	in_vc_files='^(tests|examples)/'				\
 	halt='no translations in tests or examples'			\
 	  $(_sc_search_regexp)

@@ -682,7 +680,7 @@ sc_require_whitespace_in_translation:
 # Enforce recommended preprocessor indentation style.
 sc_preprocessor_indentation:
 	@if cppi --version >/dev/null 2>&1; then			\
-	  $(VC_LIST_EXCEPT) | grep -E '\.[ch](\.in)?$$' | xargs cppi -a -c	\
+	  $(VC_LIST_EXCEPT) | grep '\.[ch]$$' | xargs cppi -a -c	\
 	    || { echo '$(ME): incorrect preprocessor indentation' 1>&2;	\
 		exit 1; };						\
 	else								\
@@ -735,7 +733,7 @@ sc_copyright_format:
 	@prohibit='Copyright [^(].*Red 'Hat				\
 	halt='consistently use (C) in Red Hat copyright'		\
 	  $(_sc_search_regexp)
-	@prohibit='\<RedHat\>'						\
+	@prohibit='\<Red''Hat\>'					\
 	halt='spell Red Hat as two words'				\
 	  $(_sc_search_regexp)

@@ -768,7 +766,7 @@ sc_prohibit_gettext_markup:
 # lower-level code must not include higher-level headers.
 cross_dirs=$(patsubst $(srcdir)/src/%.,%,$(wildcard $(srcdir)/src/*/.))
 cross_dirs_re=($(subst / ,/|,$(cross_dirs)))
-mid_dirs=access|conf|cpu|locking|logging|network|node_device|rpc|security|storage
+mid_dirs=access|conf|cpu|locking|network|node_device|rpc|security|storage
 sc_prohibit_cross_inclusion:
 	@for dir in $(cross_dirs); do					\
 	  case $$dir in							\
@@ -802,16 +800,40 @@ sc_require_enum_last_marker:
 sc_prohibit_semicolon_at_eol_in_python:
 	@prohibit='^[^#].*\;$$'			                        \
 	in_vc_files='\.py$$'						\
-	halt='python does not require to end lines with a semicolon'	\
+	halt="Don't use semicolon at eol in python files"		\
 	  $(_sc_search_regexp)

 # mymain() in test files should use return, not exit, for nicer output
 sc_prohibit_exit_in_tests:
 	@prohibit='\<exit *\('						\
-	in_vc_files='tests/.*\.c$$'					\
+	in_vc_files='^tests/'						\
 	halt='use return, not exit(), in tests'				\
 	  $(_sc_search_regexp)

+# Don't include duplicate header in the source (either *.c or *.h)
+sc_prohibit_duplicate_header:
+	@fail=0; for i in $$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); do	\
+	  awk '/# *include.*\.h/ {					\
+	    match($$0, /[<"][^>"]*[">]/);				\
+	    arr[substr($$0, RSTART + 1, RLENGTH - 2)]++;		\
+	  }								\
+	  END {								\
+	    for (key in arr) {						\
+	      if (arr[key] > 1)	{					\
+		fail=1;							\
+		printf("%d %s are included\n", arr[key], key);		\
+	      }								\
+	    }								\
+	    if (fail == 1) {						\
+	      printf("duplicate header(s) in " FILENAME "\n");		\
+	      exit 1;							\
+	    }								\
+	  }' $$i || fail=1;						\
+	done;								\
+	if test $$fail -eq 1; then					\
+	  { echo '$(ME): avoid duplicate headers' 1>&2; exit 1; }	\
+	fi;
+
 # Don't include "libvirt/*.h" in "" form.
 sc_prohibit_include_public_headers_quote:
 	@prohibit='# *include *"libvirt/.*\.h"'				\
@@ -878,30 +900,21 @@ sc_prohibit_wrong_filename_in_comment:

 sc_prohibit_virConnectOpen_in_virsh:
 	@prohibit='\bvirConnectOpen[a-zA-Z]* *\('                      \
-	in_vc_files='tools/virsh-.*\.[ch]$$'                           \
+	in_vc_files='^tools/virsh-.*\.[ch]$$'                          \
 	halt='Use vshConnect() in virsh instead of virConnectOpen*'    \
 	  $(_sc_search_regexp)

 sc_require_space_before_label:
 	@prohibit='^(   ?)?[_a-zA-Z0-9]+:$$'                           \
 	in_vc_files='\.[ch]$$'                                         \
-	halt='Top-level labels should be indented by one space'        \
-	  $(_sc_search_regexp)
-
-# Allow for up to three spaces before the label: this is to avoid running
-# into situations where neither this rule nor require_space_before_label
-# would apply, eg. a line matching ^[a-zA-Z0-9]+ :$
-sc_prohibit_space_in_label:
-	@prohibit='^ {0,3}[_a-zA-Z0-9]+ +:$$'                          \
-	in_vc_files='\.[ch]$$'                                         \
-	halt='There should be no space between label name and colon'   \
+	halt="Top-level labels should be indented by one space"        \
 	  $(_sc_search_regexp)

 # Doesn't catch all cases of mismatched braces across if-else, but it helps
 sc_require_if_else_matching_braces:
 	@prohibit='(  else( if .*\))? {|} else( if .*\))?$$)'		\
 	in_vc_files='\.[chx]$$'						\
-	halt='if one side of if-else uses {}, both sides must use it'	\
+	halt="if one side of if-else uses {}, both sides must use it"	\
 	  $(_sc_search_regexp)

 sc_curly_braces_style:
@@ -949,71 +962,6 @@ sc_prohibit_paren_brace:
 	halt='Put space between closing parenthesis and opening brace'	\
 	  $(_sc_search_regexp)

-# C guarantees that static variables are zero initialized, and some compilers
-# waste space by sticking explicit initializers in .data instead of .bss
-sc_prohibit_static_zero_init:
-	@prohibit='\bstatic\b.*= *(0[^xX0-9]|NULL|false)'		\
-	in_vc_files='\.[chx](\.in)?$$'					\
-	halt='static variables do not need explicit zero initialization'\
-	  $(_sc_search_regexp)
-
-# FreeBSD exports the "devname" symbol which produces a warning.
-sc_prohibit_devname:
-	@prohibit='\bdevname\b'	\
-	exclude='sc_prohibit_devname' \
-	halt='avoid using devname as FreeBSD exports the symbol' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_system_error_with_vir_err:
-	@prohibit='\bvirReportSystemError *\(VIR_ERR_' \
-	halt='do not use virReportSystemError with VIR_ERR_* error codes' \
-	  $(_sc_search_regexp)
-
-# Rule to prohibit usage of virXXXFree within library, daemon, remote, etc.
-# functions. There's a corresponding exclude to allow usage within tests,
-# docs, examples, tools, src/libvirt-*.c, and include/libvirt/libvirt-*.h
-sc_prohibit_virXXXFree:
-	@prohibit='\bvir(Domain|Network|NodeDevice|StorageVol|StoragePool|Stream|Secret|NWFilter|Interface|DomainSnapshot)Free\b'	\
-	exclude='sc_prohibit_virXXXFree' \
-	halt='avoid using virXXXFree, use virObjectUnref instead' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_sysconf_pagesize:
-	@prohibit='sysconf\(_SC_PAGESIZE' \
-	halt='use virGetSystemPageSize[KB] instead of sysconf(_SC_PAGESIZE)' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_virSecurity:
-	@grep -Pn 'virSecurityManager(?!Ptr)' $$($(VC_LIST_EXCEPT) | grep '^src/qemu/' | \
-		grep -v '^src/qemu/qemu_security') && \
-		{ echo '$(ME): prefer qemuSecurity wrappers' 1>&2; exit 1; } || :
-
-sc_prohibit_pthread_create:
-	@prohibit='\bpthread_create\b' \
-	exclude='sc_prohibit_pthread_create' \
-	halt='avoid using pthread_create, use virThreadCreate instead' \
-	  $(_sc_search_regexp)
-
-sc_prohibit_not_streq:
-	@prohibit='! *STRN?EQ *\(.*\)'		\
-	halt='Use STRNEQ instead of !STREQ and STREQ instead of !STRNEQ'	\
-	  $(_sc_search_regexp)
-
-sc_prohibit_verbose_strcat:
-	@prohibit='strncat\([^,]*,\s+([^,]*),\s+strlen\(\1\)\)'     \
-	in_vc_files='\.[ch]$$'                                      \
-	halt='Use strcat(a, b) instead of strncat(a, b, strlen(b))' \
-	  $(_sc_search_regexp)
-
-# Ensure that each .c file containing a "main" function also
-# calls virGettextInitialize
-sc_gettext_init:
-	@require='virGettextInitialize *\('					\
-	in_vc_files='\.c$$'						\
-	containing='\<main *('						\
-	halt='the above files do not call virGettextInitialize'		\
-	  $(_sc_search_regexp)
-
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null

@@ -1061,63 +1009,42 @@ _autogen:

 # regenerate HACKING as part of the syntax-check
 ifneq ($(_gl-Makefile),)
-syntax-check: $(top_srcdir)/HACKING spacing-check test-wrap-argv \
-	prohibit-duplicate-header
+syntax-check: $(top_srcdir)/HACKING bracket-spacing-check
 endif

-# Don't include duplicate header in the source (either *.c or *.h)
-prohibit-duplicate-header:
-	$(AM_V_GEN)files=$$($(VC_LIST_EXCEPT) | grep '\.[chx]$$'); \
-	$(PERL) -W $(top_srcdir)/build-aux/prohibit-duplicate-header.pl $$files
-
-spacing-check:
+bracket-spacing-check:
 	$(AM_V_GEN)files=`$(VC_LIST) | grep '\.c$$'`; \
-	$(PERL) $(top_srcdir)/build-aux/check-spacing.pl $$files || \
-	  { echo '$(ME): incorrect formatting, see HACKING for rules' 1>&2; \
+	$(PERL) $(top_srcdir)/build-aux/bracket-spacing.pl $$files || \
+	  { echo '$(ME): incorrect whitespace, see HACKING for rules' 1>&2; \
 	    exit 1; }

-test-wrap-argv:
-	$(AM_V_GEN)files=`$(VC_LIST) | grep -E '\.(ldargs|args)'`; \
-	$(PERL) $(top_srcdir)/tests/test-wrap-argv.pl --check $$files
-
 # sc_po_check can fail if generated files are not built first
 sc_po_check: \
 		$(srcdir)/daemon/remote_dispatch.h \
 		$(srcdir)/daemon/qemu_dispatch.h \
-		$(srcdir)/src/remote/remote_client_bodies.h \
-		$(srcdir)/daemon/admin_dispatch.h \
-		$(srcdir)/src/admin/admin_client.h
+		$(srcdir)/src/remote/remote_client_bodies.h
 $(srcdir)/daemon/remote_dispatch.h: $(srcdir)/src/remote/remote_protocol.x
 	$(MAKE) -C daemon remote_dispatch.h
 $(srcdir)/daemon/qemu_dispatch.h: $(srcdir)/src/remote/qemu_protocol.x
 	$(MAKE) -C daemon qemu_dispatch.h
 $(srcdir)/src/remote/remote_client_bodies.h: $(srcdir)/src/remote/remote_protocol.x
 	$(MAKE) -C src remote/remote_client_bodies.h
-$(srcdir)/daemon/admin_dispatch.h: $(srcdir)/src/admin/admin_protocol.x
-	$(MAKE) -C daemon admin_dispatch.h
-$(srcdir)/src/admin/admin_client.h: $(srcdir)/src/admin/admin_protocol.x
-	$(MAKE) -C src admin/admin_client.h

 # List all syntax-check exemptions:
-exclude_file_name_regexp--sc_avoid_strcase = ^tools/vsh\.h$$
+exclude_file_name_regexp--sc_avoid_strcase = ^tools/virsh\.h$$

-_src1=libvirt-stream|qemu/qemu_monitor|util/vir(command|file|fdstream)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon
+_src1=libvirt|fdstream|qemu/qemu_monitor|util/(vircommand|virfile)|xen/xend_internal|rpc/virnetsocket|lxc/lxc_controller|locking/lock_daemon
 _test1=shunloadtest|virnettlscontexttest|virnettlssessiontest|vircgroupmock
 exclude_file_name_regexp--sc_avoid_write = \
  ^(src/($(_src1))|daemon/libvirtd|tools/virsh-console|tests/($(_test1)))\.c$$

-exclude_file_name_regexp--sc_bindtextdomain = .*
-
-exclude_file_name_regexp--sc_gettext_init = ^(tests|examples)/
-
-exclude_file_name_regexp--sc_copyright_format = \
-	^cfg\.mk$$
+exclude_file_name_regexp--sc_bindtextdomain = ^(tests|examples)/

 exclude_file_name_regexp--sc_copyright_usage = \
  ^COPYING(|\.LESSER)$$

 exclude_file_name_regexp--sc_flags_usage = \
-  ^(cfg\.mk|docs/|src/util/virnetdevtap\.c$$|tests/(vir(cgroup|pci|test|usb)|nss|qemuxml2argv)mock\.c$$)
+  ^(docs/|src/util/virnetdevtap\.c$$|tests/vir(cgroup|pci|usb)mock\.c$$)

 exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
  ^(src/rpc/gendispatch\.pl$$|tests/)
@@ -1125,27 +1052,23 @@ exclude_file_name_regexp--sc_libvirt_unmarked_diagnostics = \
 exclude_file_name_regexp--sc_po_check = ^(docs/|src/rpc/gendispatch\.pl$$)

 exclude_file_name_regexp--sc_prohibit_VIR_ERR_NO_MEMORY = \
-  ^(cfg\.mk|include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$
+  ^(include/libvirt/virterror\.h|daemon/dispatch\.c|src/util/virerror\.c|docs/internals/oomtesting\.html\.in)$$

-exclude_file_name_regexp--sc_prohibit_PATH_MAX = \
-	^cfg\.mk$$
-
-exclude_file_name_regexp--sc_prohibit_access_xok = \
-	^(cfg\.mk|src/util/virutil\.c)$$
+exclude_file_name_regexp--sc_prohibit_access_xok = ^src/util/virutil\.c$$

 exclude_file_name_regexp--sc_prohibit_asprintf = \
-  ^(cfg\.mk|bootstrap.conf$$|examples/|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c$$)
+  ^(bootstrap.conf$$|src/util/virstring\.[ch]$$|tests/vircgroupmock\.c$$)

 exclude_file_name_regexp--sc_prohibit_strdup = \
-  ^(docs/|examples/|src/util/virstring\.c|tests/vir(netserverclient|cgroup)mock.c$$)
+  ^(docs/|examples/|src/util/virstring\.c|tests/virnetserverclientmock.c$$)

 exclude_file_name_regexp--sc_prohibit_close = \
-  (\.p[yl]$$|\.spec\.in$$|^docs/|^(src/util/virfile\.c|src/libvirt-stream\.c|tests/vir.+mock\.c)$$)
+  (\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c|tests/vir(cgroup|pci)mock\.c)$$)

 exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = \
-  (^tests/(qemuhelp|virhostcpu|virpcitest)data/|docs/js/.*\.js|docs/fonts/.*\.woff|\.diff|tests/virconfdata/no-newline\.conf$$)
+  (^tests/(qemuhelp|nodeinfo|virpcitest)data/|\.diff$$)

-_src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon|logging/log_daemon)
+_src2=src/(util/vircommand|libvirt|lxc/lxc_controller|locking/lock_daemon)
 exclude_file_name_regexp--sc_prohibit_fork_wrappers = \
  (^($(_src2)|tests/testutils|daemon/libvirtd)\.c$$)

@@ -1158,13 +1081,10 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
  ^src/rpc/gendispatch\.pl$$

 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
-  ^((po|tests)/|docs/.*(py|js|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)
-
-exclude_file_name_regexp--sc_prohibit_select = \
-	^cfg\.mk$$
+  ^((po|tests)/|docs/.*(py|html\.in)|run.in$$|tools/wireshark/util/genxdrstub\.pl$$)

 exclude_file_name_regexp--sc_prohibit_raw_allocation = \
-  ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|(vircgroup|nss)mock)\.c|tools/wireshark/src/packet-libvirt\.c)$$
+  ^(docs/hacking\.html\.in|src/util/viralloc\.[ch]|examples/.*|tests/(securityselinuxhelper|vircgroupmock)\.c|tools/wireshark/src/packet-libvirt\.c)$$

 exclude_file_name_regexp--sc_prohibit_readlink = \
  ^src/(util/virutil|lxc/lxc_container)\.c$$
@@ -1172,11 +1092,11 @@ exclude_file_name_regexp--sc_prohibit_readlink = \
 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/virutil\.c$$

 exclude_file_name_regexp--sc_prohibit_sprintf = \
-  ^(cfg\.mk|docs/hacking\.html\.in|.*\.stp|.*\.pl)$$
+  (^docs/hacking\.html\.in|\.stp|\.pl)$$

 exclude_file_name_regexp--sc_prohibit_strncpy = ^src/util/virstring\.c$$

-exclude_file_name_regexp--sc_prohibit_strtol = ^examples/.*$$
+exclude_file_name_regexp--sc_prohibit_strtol = ^examples/dom.*/.*\.c$$

 exclude_file_name_regexp--sc_prohibit_xmlGetProp = ^src/util/virxml\.c$$

@@ -1191,10 +1111,10 @@ exclude_file_name_regexp--sc_require_config_h_first = \
 	^(examples/|tools/virsh-edit\.c$$)

 exclude_file_name_regexp--sc_trailing_blank = \
-  /qemuhelpdata/|/sysinfodata/.*\.data|/virhostcpudata/.*\.cpuinfo$$
+  /qemuhelpdata/|/sysinfodata/.*\.data|/nodeinfodata/.*\.cpuinfo$$

 exclude_file_name_regexp--sc_unmarked_diagnostics = \
-  ^(docs/apibuild.py|tests/virt-aa-helper-test|docs/js/.*\.js)$$
+  ^(docs/apibuild.py|tests/virt-aa-helper-test)$$

 exclude_file_name_regexp--sc_size_of_brackets = cfg.mk

@@ -1207,46 +1127,22 @@ exclude_file_name_regexp--sc_prohibit_include_public_headers_quote = \
  ^(src/internal\.h$$|tools/wireshark/src/packet-libvirt.h$$)

 exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
-  ^(tools/|examples/|include/libvirt/(virterror|libvirt(-(admin|qemu|lxc))?)\.h$$)
+  ^(tools/|examples/|include/libvirt/(virterror|libvirt-(qemu|lxc))\.h$$)

 exclude_file_name_regexp--sc_prohibit_int_ijk = \
-  ^(src/remote_protocol-structs|src/remote/remote_protocol\.x|cfg\.mk|include/libvirt/libvirt.+|src/admin_protocol-structs|src/admin/admin_protocol\.x)$$
-
-exclude_file_name_regexp--sc_prohibit_unsigned_pid = \
-  ^(include/libvirt/.*\.h|src/(qemu/qemu_driver\.c|driver-hypervisor\.h|libvirt(-[a-z]*)?\.c|.*\.x|util/vir(polkit|systemd)\.c)|tests/virpolkittest\.c|tools/virsh-domain\.c)$$
+  ^(src/remote_protocol-structs|src/remote/remote_protocol.x|cfg.mk|include/)$

 exclude_file_name_regexp--sc_prohibit_getenv = \
  ^tests/.*\.[ch]$$

 exclude_file_name_regexp--sc_avoid_attribute_unused_in_header = \
-  ^(src/util/virlog\.h|src/network/bridge_driver\.h)$$
+  ^src/util/virlog\.h$$

 exclude_file_name_regexp--sc_prohibit_mixed_case_abbreviations = \
  ^src/(vbox/vbox_CAPI.*.h|esx/esx_vi.(c|h)|esx/esx_storage_backend_iscsi.c)$$

 exclude_file_name_regexp--sc_prohibit_empty_first_line = \
-  ^(README|daemon/THREADS\.txt|src/esx/README|tests/(vmwarever|virhostcpu)data/.*)$$
+  ^(README|daemon/THREADS\.txt|src/esx/README|docs/library.xen|tests/vmwareverdata/fusion-5.0.3.txt|tests/nodeinfodata/linux-raspberrypi/cpu/offline)$$

 exclude_file_name_regexp--sc_prohibit_useless_translation = \
  ^tests/virpolkittest.c
-
-exclude_file_name_regexp--sc_prohibit_devname = \
-  ^(tools/virsh.pod|cfg.mk|docs/.*)$$
-
-exclude_file_name_regexp--sc_prohibit_virXXXFree = \
-  ^(docs/|tests/|examples/|tools/|cfg.mk|src/test/test_driver.c|src/libvirt_public.syms|include/libvirt/libvirt-(domain|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).h|src/libvirt-(domain|qemu|network|nodedev|storage|stream|secret|nwfilter|interface|domain-snapshot).c$$)
-
-exclude_file_name_regexp--sc_prohibit_sysconf_pagesize = \
-  ^(cfg\.mk|src/util/virutil\.c)$$
-
-exclude_file_name_regexp--sc_prohibit_pthread_create = \
-  ^(cfg\.mk|src/util/virthread\.c|tests/.*)$$
-
-exclude_file_name_regexp--sc_prohibit_always-defined_macros = \
-  ^tests/virtestmock.c$$
-
-exclude_file_name_regexp--sc_prohibit_readdir = \
-  ^tests/.*mock\.c$$
-
-exclude_file_name_regexp--sc_prohibit_cross_inclusion = \
-  ^(src/util/virclosecallbacks\.h|src/util/virhostdev\.h)$$
--- a/config-post.h
+++ b/config-post.h
@@ -20,74 +20,26 @@
 * Since virt-login-shell will be setuid, we must do everything
 * we can to avoid linking to other libraries. Many of them do
 * unsafe things in functions marked __atttribute__((constructor)).
- * The only way to avoid such deps is to re-compile the
+ * The only way avoid to avoid such deps is to re-compile the
 * functions with the code in question disabled, and for that we
 * must override the main config.h rules. Hence this file :-(
 */

 #ifdef LIBVIRT_SETUID_RPC_CLIENT
+# undef HAVE_LIBDEVMAPPER_H
 # undef HAVE_LIBNL
 # undef HAVE_LIBNL3
 # undef HAVE_LIBSASL2
-# undef HAVE_SYS_ACL_H
 # undef WITH_CAPNG
 # undef WITH_CURL
-# undef WITH_DBUS
-# undef WITH_DEVMAPPER
 # undef WITH_DTRACE_PROBES
 # undef WITH_GNUTLS
 # undef WITH_GNUTLS_GCRYPT
-# undef WITH_LIBSSH
 # undef WITH_MACVTAP
 # undef WITH_NUMACTL
 # undef WITH_SASL
 # undef WITH_SSH2
-# undef WITH_SYSTEMD_DAEMON
 # undef WITH_VIRTUALPORT
 # undef WITH_YAJL
 # undef WITH_YAJL2
 #endif
-
-/*
- * With the NSS module it's the same story as virt-login-shell. See the
- * explanation above.
- */
-#ifdef LIBVIRT_NSS
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef HAVE_SYS_ACL_H
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DEVMAPPER
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_GNUTLS_GCRYPT
-# undef WITH_LIBSSH
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_VIRTUALPORT
-# undef WITH_SECDRIVER_SELINUX
-# undef WITH_SECDRIVER_APPARMOR
-# undef WITH_CAPNG
-#endif /* LIBVIRT_NSS */
-
-/*
- * Define __GNUC__ to a sane default if it isn't yet defined.
- * This is done here so that it's included as early as possible; gnulib relies
- * on this to be defined in features.h, which should be included from ctype.h.
- * This doesn't happen on many non-glibc systems.
- * When __GNUC__ is not defined, gnulib defines it to 0, which breaks things.
- */
-#ifdef __GNUC__
-# ifndef __GNUC_PREREQ
-#  if defined __GNUC__ && defined __GNUC_MINOR__
-#   define __GNUC_PREREQ(maj, min)                                        \
-   ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
-#  else
-#   define __GNUC_PREREQ(maj, min) 0
-#  endif
-# endif
-#endif
--- a/configure.ac
+++ b/configure.ac
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in

-## Copyright (C) 2005-2015 Red Hat, Inc.
+## Copyright (C) 2005-2014 Red Hat, Inc.
 ##
 ## This library is free software; you can redistribute it and/or
 ## modify it under the terms of the GNU Lesser General Public
@@ -25,7 +25,6 @@ INCLUDES = \
 	-I$(top_srcdir)/src/conf \
 	-I$(top_srcdir)/src/rpc \
 	-I$(top_srcdir)/src/remote \
-	-I$(top_srcdir)/src/admin \
 	-I$(top_srcdir)/src/access \
 	$(GETTEXT_CPPFLAGS)

@@ -35,7 +34,6 @@ DAEMON_GENERATED =			\
 		remote_dispatch.h	\
 		lxc_dispatch.h		\
 		qemu_dispatch.h		\
-		admin_dispatch.h	\
 		$(NULL)

 DAEMON_SOURCES =					\
@@ -46,40 +44,29 @@ DAEMON_SOURCES =					\

 LIBVIRTD_CONF_SOURCES = libvirtd-config.c libvirtd-config.h

-PODFILES = \
-	libvirtd.pod \
-	$(NULL)
-
-MANINFILES = \
-	libvirtd.8.in \
-	$(NULL)
-
 DISTCLEANFILES =
 EXTRA_DIST =						\
 	remote_dispatch.h				\
 	lxc_dispatch.h					\
 	qemu_dispatch.h					\
-	admin_dispatch.h				\
 	libvirtd.conf					\
 	libvirtd.init.in				\
 	libvirtd.upstart				\
 	libvirtd.policy.in				\
-	libvirt.rules					\
 	libvirtd.sasl					\
 	libvirtd.service.in				\
-	virt-guest-shutdown.target		\
+	libvirtd.socket.in				\
 	libvirtd.sysconf				\
 	libvirtd.sysctl					\
 	libvirtd.aug                                    \
 	libvirtd.logrotate.in                           \
 	libvirtd.qemu.logrotate.in                      \
 	libvirtd.lxc.logrotate.in                       \
-	libvirtd.libxl.logrotate.in                     \
 	libvirtd.uml.logrotate.in                       \
 	test_libvirtd.aug.in                             \
 	THREADS.txt					\
-	$(PODFILES)					\
-	$(MANINFILES)					\
+	libvirtd.pod.in					\
+	libvirtd.8.in					\
 	$(DAEMON_SOURCES)				\
 	$(LIBVIRTD_CONF_SOURCES)			\
 	$(NULL)
@@ -89,32 +76,25 @@ BUILT_SOURCES =
 REMOTE_PROTOCOL = $(top_srcdir)/src/remote/remote_protocol.x
 LXC_PROTOCOL = $(top_srcdir)/src/remote/lxc_protocol.x
 QEMU_PROTOCOL = $(top_srcdir)/src/remote/qemu_protocol.x
-ADMIN_PROTOCOL = $(top_srcdir)/src/admin/admin_protocol.x

-remote_dispatch.h: $(top_srcdir)/src/rpc/gendispatch.pl \
+remote_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(REMOTE_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(top_srcdir)/src/rpc/gendispatch.pl \
+	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
 	  --mode=server remote REMOTE $(REMOTE_PROTOCOL) \
 	  > $(srcdir)/remote_dispatch.h

-lxc_dispatch.h: $(top_srcdir)/src/rpc/gendispatch.pl \
+lxc_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(LXC_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(top_srcdir)/src/rpc/gendispatch.pl \
+	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
 	  --mode=server lxc LXC $(LXC_PROTOCOL) \
 	  > $(srcdir)/lxc_dispatch.h

-qemu_dispatch.h: $(top_srcdir)/src/rpc/gendispatch.pl \
+qemu_dispatch.h: $(srcdir)/../src/rpc/gendispatch.pl \
 		$(QEMU_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(top_srcdir)/src/rpc/gendispatch.pl \
+	$(AM_V_GEN)$(PERL) -w $(srcdir)/../src/rpc/gendispatch.pl \
 	  --mode=server qemu QEMU $(QEMU_PROTOCOL) \
 	  > $(srcdir)/qemu_dispatch.h

-admin_dispatch.h: $(top_srcdir)/src/rpc/gendispatch.pl \
-		$(ADMIN_PROTOCOL)
-	$(AM_V_GEN)$(PERL) -w $(top_srcdir)/src/rpc/gendispatch.pl \
-	  --mode=server admin ADMIN $(ADMIN_PROTOCOL) \
-	  > $(srcdir)/admin_dispatch.h
-
 if WITH_LIBVIRTD

 # Build a convenience library, for reuse in tests/libvirtdconftest
@@ -134,27 +114,6 @@ libvirtd_conf_la_LDFLAGS =				\
 	$(NULL)
 libvirtd_conf_la_LIBADD = $(LIBXML_LIBS)

-noinst_LTLIBRARIES += libvirtd_admin.la
-libvirtd_admin_la_SOURCES = \
-		admin.c admin.h admin_server.c admin_server.h
-
-libvirtd_admin_la_CFLAGS = \
-		$(AM_CFLAGS)		\
-		$(XDR_CFLAGS)		\
-		$(PIE_CFLAGS)		\
-		$(WARN_CFLAGS)		\
-		$(LIBXML_CFLAGS)	\
-		$(COVERAGE_CFLAGS)	\
-		$(NULL)
-libvirtd_admin_la_LDFLAGS = \
-		$(PIE_LDFLAGS)		\
-		$(RELRO_LDFLAGS)	\
-		$(COVERAGE_LDFLAGS)	\
-		$(NO_INDIRECT_LDFLAGS)  \
-		$(NULL)
-libvirtd_admin_la_LIBADD =	\
-		../src/libvirt-admin.la
-
 man8_MANS = libvirtd.8

 sbin_PROGRAMS = libvirtd
@@ -170,6 +129,13 @@ augeastests_DATA = test_libvirtd.aug

 CLEANFILES += test_libvirtd.aug

+libvirtd.8: $(srcdir)/libvirtd.8.in
+	$(AM_V_GEN)sed \
+	    -e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
+	    -e 's|[@]localstatedir[@]|$(localstatedir)|g' \
+	    < $< > $@-t && \
+	mv $@-t $@
+
 libvirtd_SOURCES = $(DAEMON_SOURCES)

 #-D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_POSIX_C_SOURCE=199506L
@@ -200,7 +166,6 @@ endif WITH_DTRACE_PROBES

 libvirtd_LDADD += \
 	libvirtd_conf.la \
-	libvirtd_admin.la \
 	../src/libvirt-lxc.la \
 	../src/libvirt-qemu.la \
 	../src/libvirt_driver_remote.la \
@@ -234,10 +199,6 @@ if WITH_VBOX
    libvirtd_LDADD += ../src/libvirt_driver_vbox.la
 endif WITH_VBOX

-if WITH_VZ
-    libvirtd_LDADD += ../src/libvirt_driver_vz.la
-endif WITH_VZ
-
 if WITH_STORAGE
    libvirtd_LDADD += ../src/libvirt_driver_storage.la
 endif WITH_STORAGE
@@ -272,8 +233,6 @@ policyauth = auth_admin_keep_session
 else ! WITH_POLKIT0
 policydir = $(datadir)/polkit-1/actions
 policyauth = auth_admin_keep
-rulesdir = $(datadir)/polkit-1/rules.d
-rulesfile = libvirt.rules
 endif ! WITH_POLKIT0
 endif WITH_POLKIT

@@ -304,19 +263,9 @@ if WITH_POLKIT
 install-data-polkit::
 	$(MKDIR_P) $(DESTDIR)$(policydir)
 	$(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
-if ! WITH_POLKIT0
-	$(MKDIR_P) $(DESTDIR)$(rulesdir)
-	$(INSTALL_DATA) $(srcdir)/$(rulesfile) $(DESTDIR)$(rulesdir)/50-libvirt.rules
-endif ! WITH_POLKIT0
-
 uninstall-data-polkit::
 	rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
 	rmdir $(DESTDIR)$(policydir) || :
-if ! WITH_POLKIT0
-	rm -f $(DESTDIR)$(rulesdir)/50-libvirt.rules
-	rmdir $(DESTDIR)$(rulesdir) || :
-endif ! WITH_POLKIT0
-
 else ! WITH_POLKIT
 install-data-polkit::
 uninstall-data-polkit::
@@ -324,12 +273,9 @@ endif ! WITH_POLKIT

 remote.c: $(DAEMON_GENERATED)
 remote.h: $(DAEMON_GENERATED)
-admin.c: $(DAEMON_GENERATED)
-admin.h: $(DAEMON_GENERATED)

 LOGROTATE_CONFS = libvirtd.qemu.logrotate libvirtd.lxc.logrotate \
-		  libvirtd.libxl.logrotate libvirtd.uml.logrotate \
-		  libvirtd.logrotate
+		  libvirtd.uml.logrotate libvirtd.logrotate

 BUILT_SOURCES += $(LOGROTATE_CONFS)

@@ -351,12 +297,6 @@ libvirtd.lxc.logrotate: libvirtd.lxc.logrotate.in
 	    < $< > $@-t &&					\
 	    mv $@-t $@

-libvirtd.libxl.logrotate: libvirtd.libxl.logrotate.in
-	$(AM_V_GEN)sed						\
-	    -e 's|[@]localstatedir[@]|$(localstatedir)|g'	\
-	    < $< > $@-t &&					\
-	    mv $@-t $@
-
 libvirtd.uml.logrotate: libvirtd.uml.logrotate.in
 	$(AM_V_GEN)sed						\
 	    -e 's|[@]localstatedir[@]|$(localstatedir)|g'	\
@@ -374,8 +314,6 @@ install-logrotate: $(LOGROTATE_CONFS)
 		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu
 	$(INSTALL_DATA) libvirtd.lxc.logrotate \
 		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc
-	$(INSTALL_DATA) libvirtd.libxl.logrotate \
-		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.libxl
 	$(INSTALL_DATA) libvirtd.uml.logrotate \
 		$(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml

@@ -383,7 +321,6 @@ uninstall-logrotate:
 	rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd \
 	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.qemu \
 	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.lxc \
-	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.libxl \
 	      $(DESTDIR)$(sysconfdir)/logrotate.d/libvirtd.uml
 	rmdir $(DESTDIR)$(localstatedir)/log/libvirt/qemu || :
 	rmdir $(DESTDIR)$(localstatedir)/log/libvirt/lxc || :
@@ -404,10 +341,10 @@ if WITH_SYSCTL
 install-sysctl:
 	$(MKDIR_P) $(DESTDIR)$(prefix)/lib/sysctl.d
 	$(INSTALL_DATA) $(srcdir)/libvirtd.sysctl \
-	  $(DESTDIR)$(prefix)/lib/sysctl.d/60-libvirtd.conf
+	  $(DESTDIR)$(prefix)/lib/sysctl.d/libvirtd.conf

 uninstall-sysctl:
-	rm -f $(DESTDIR)$(prefix)/lib/sysctl.d/60-libvirtd.conf
+	rm -f $(DESTDIR)$(prefix)/lib/sysctl.d/libvirtd.conf
 	rmdir $(DESTDIR)$(prefix)/lib/sysctl.d || :
 else ! WITH_SYSCTL
 install-sysctl:
@@ -451,18 +388,18 @@ endif ! LIBVIRT_INIT_SCRIPT_UPSTART
 if LIBVIRT_INIT_SCRIPT_SYSTEMD

 SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system
-BUILT_SOURCES += libvirtd.service
+BUILT_SOURCES += libvirtd.service libvirtd.socket

-install-init-systemd: install-sysconfig libvirtd.service
+install-init-systemd: install-sysconfig libvirtd.service libvirtd.socket
 	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
 	$(INSTALL_DATA) libvirtd.service \
 	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
-	$(INSTALL_DATA) $(srcdir)/virt-guest-shutdown.target \
-	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/virt-guest-shutdown.target
+	$(INSTALL_DATA) libvirtd.socket \
+	  $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.socket

 uninstall-init-systemd: uninstall-sysconfig
-	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/virt-guest-shutdown.target
 	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.service
+	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirtd.socket
 	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
 else ! LIBVIRT_INIT_SCRIPT_SYSTEMD
 install-init-systemd:
@@ -486,6 +423,12 @@ libvirtd.service: libvirtd.service.in $(top_builddir)/config.status
 	    < $< > $@-t &&					\
 	    mv $@-t $@

+libvirtd.socket: libvirtd.socket.in $(top_builddir)/config.status
+	$(AM_V_GEN)sed						\
+	    -e 's|[@]runstatedir[@]|$(runstatedir)|g'		\
+	    < $< > $@-t &&					\
+	    mv $@-t $@
+

 check-local: check-augeas

@@ -509,24 +452,12 @@ install-data-local: install-data-sasl
 uninstall-local:: uninstall-data-sasl
 endif ! WITH_LIBVIRTD

-POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)"
+POD2MAN = pod2man -c "Virtualization Support" \
+			-r "$(PACKAGE)-$(VERSION)" -s 8

-%.8.in: %.pod
-	$(AM_V_GEN)$(POD2MAN) --section=8 $< $@-t1 && \
-	if grep 'POD ERROR' $@-t1; then rm $@-t1; exit 1; fi && \
-	sed \
-		-e 's|SYSCONFDIR|\@sysconfdir\@|g' \
-		-e 's|LOCALSTATEDIR|\@localstatedir\@|g' \
-		< $@-t1 > $@-t2 && \
-	rm -f $@-t1 && \
-	mv $@-t2 $@
-
-%.8: %.8.in $(top_srcdir)/configure.ac
-	$(AM_V_GEN)sed \
-		-e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-		-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-		< $< > $@-t && \
-	mv $@-t $@
+$(srcdir)/libvirtd.8.in: libvirtd.pod.in $(top_srcdir)/configure.ac
+	$(AM_V_GEN)$(POD2MAN) --name LIBVIRTD $< $@ \
+	    && if grep 'POD ERROR' $@ ; then rm $@; exit 1; fi

 # This is needed for clients too, so can't wrap in
 # the WITH_LIBVIRTD conditional
@@ -547,4 +478,4 @@ endif ! WITH_SASL

 CLEANFILES += $(BUILT_SOURCES) $(man8_MANS)
 CLEANFILES += *.cov *.gcov .libs/*.gcda .libs/*.gcno *.gcno *.gcda
-MAINTAINERCLEANFILES = $(MANINFILES) $(DAEMON_GENERATED)
+MAINTAINERCLEANFILES = $(srcdir)/libvirtd.8.in $(DAEMON_GENERATED)
--- a/daemon/THREADS.txt
+++ b/daemon/THREADS.txt
@@ -42,7 +42,7 @@ event loop thread handles I/O from the client socket, and once a
 complete RPC message has been read off the wire (and optionally
 decrypted), it will be placed on the 'dx' job queue for the
 associated client object. The job condition will be signalled and
-a worker will wakeup and process it.
+a worker will wakup and process it.

 The worker thread must quickly drop its locks on the server and
 client to allow the main event loop thread to continue running
--- a/daemon/admin.c
+++ b/daemon/admin.c
@@ -1,490 +0,0 @@
-/*
- * admin.c: handlers for admin RPC method calls
- *
- * Copyright (C) 2014-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Martin Kletzander <mkletzan@redhat.com>
- */
-
-#include <config.h>
-
-#include "internal.h"
-#include "libvirtd.h"
-#include "libvirt_internal.h"
-
-#include "admin_protocol.h"
-#include "admin.h"
-#include "admin_server.h"
-#include "datatypes.h"
-#include "viralloc.h"
-#include "virerror.h"
-#include "virlog.h"
-#include "virnetdaemon.h"
-#include "virnetserver.h"
-#include "virstring.h"
-#include "virthreadjob.h"
-#include "virtypedparam.h"
-
-#define VIR_FROM_THIS VIR_FROM_ADMIN
-
-VIR_LOG_INIT("daemon.admin");
-
-
-void
-remoteAdmClientFreeFunc(void *data)
-{
-    struct daemonAdmClientPrivate *priv = data;
-
-    virMutexDestroy(&priv->lock);
-    virObjectUnref(priv->dmn);
-    VIR_FREE(priv);
-}
-
-void *
-remoteAdmClientInitHook(virNetServerClientPtr client ATTRIBUTE_UNUSED,
-                        void *opaque)
-{
-    struct daemonAdmClientPrivate *priv;
-
-    if (VIR_ALLOC(priv) < 0)
-        return NULL;
-
-    if (virMutexInit(&priv->lock) < 0) {
-        VIR_FREE(priv);
-        virReportSystemError(errno, "%s", _("unable to init mutex"));
-        return NULL;
-    }
-
-    /*
-     * We don't necessarily need to ref this object right now as there
-     * must be one ref being held throughout the life of the daemon,
-     * but let's just be safe for future.
-     */
-    priv->dmn = virObjectRef(opaque);
-
-    return priv;
-}
-
-/* Helpers */
-
-static virNetServerPtr
-get_nonnull_server(virNetDaemonPtr dmn, admin_nonnull_server srv)
-{
-    return virNetDaemonGetServer(dmn, srv.name);
-}
-
-static void
-make_nonnull_server(admin_nonnull_server *srv_dst,
-                    virNetServerPtr srv_src)
-{
-    ignore_value(VIR_STRDUP_QUIET(srv_dst->name, virNetServerGetName(srv_src)));
-}
-
-static virNetServerClientPtr
-get_nonnull_client(virNetServerPtr srv, admin_nonnull_client clnt)
-{
-    return virNetServerGetClient(srv, clnt.id);
-}
-
-static void
-make_nonnull_client(admin_nonnull_client *clt_dst,
-                    virNetServerClientPtr clt_src)
-{
-    clt_dst->id = virNetServerClientGetID(clt_src);
-    clt_dst->timestamp = virNetServerClientGetTimestamp(clt_src);
-    clt_dst->transport = virNetServerClientGetTransport(clt_src);
-}
-
-/* Functions */
-static int
-adminDispatchConnectOpen(virNetServerPtr server ATTRIBUTE_UNUSED,
-                         virNetServerClientPtr client,
-                         virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                         virNetMessageErrorPtr rerr,
-                         struct admin_connect_open_args *args)
-{
-    unsigned int flags;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-    int ret = -1;
-
-    VIR_DEBUG("priv=%p dmn=%p", priv, priv->dmn);
-    virMutexLock(&priv->lock);
-
-    flags = args->flags;
-    virCheckFlagsGoto(0, cleanup);
-
-    ret = 0;
- cleanup:
-    if (ret < 0)
-        virNetMessageSaveError(rerr);
-    virMutexUnlock(&priv->lock);
-    return ret;
-}
-
-static int
-adminDispatchConnectClose(virNetServerPtr server ATTRIBUTE_UNUSED,
-                          virNetServerClientPtr client,
-                          virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                          virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED)
-{
-    virNetServerClientDelayedClose(client);
-    return 0;
-}
-
-static int
-adminConnectGetLibVersion(virNetDaemonPtr dmn ATTRIBUTE_UNUSED,
-                          unsigned long long *libVer)
-{
-    if (libVer)
-        *libVer = LIBVIR_VERSION_NUMBER;
-    return 0;
-}
-
-static int
-adminDispatchServerGetThreadpoolParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                           virNetServerClientPtr client,
-                                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                           virNetMessageErrorPtr rerr,
-                                           struct admin_server_get_threadpool_parameters_args *args,
-                                           struct admin_server_get_threadpool_parameters_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name)))
-        goto cleanup;
-
-    if (adminServerGetThreadPoolParameters(srv, &params, &nparams,
-                                           args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of threadpool parameters %d exceeds max "
-                         "allowed limit: %d"), nparams,
-                       ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len, 0) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerSetThreadpoolParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                           virNetServerClientPtr client,
-                                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                           virNetMessageErrorPtr rerr,
-                                           struct admin_server_set_threadpool_parameters_args *args)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->srv.name);
-        goto cleanup;
-    }
-
-    if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val,
-                                  args->params.params_len,
-                                  ADMIN_SERVER_THREADPOOL_PARAMETERS_MAX,
-                                  &params,
-                                  &nparams) < 0)
-        goto cleanup;
-
-
-    if (adminServerSetThreadPoolParameters(srv, params,
-                                           nparams, args->flags) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchClientGetInfo(virNetServerPtr server ATTRIBUTE_UNUSED,
-                           virNetServerClientPtr client,
-                           virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                           virNetMessageErrorPtr rerr,
-                           struct admin_client_get_info_args *args,
-                           struct admin_client_get_info_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virNetServerClientPtr clnt = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->clnt.srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->clnt.srv.name);
-        goto cleanup;
-    }
-
-    if (!(clnt = virNetServerGetClient(srv, args->clnt.id))) {
-        virReportError(VIR_ERR_NO_CLIENT,
-                       _("no client with matching id '%llu' found"),
-                       (unsigned long long) args->clnt.id);
-        goto cleanup;
-    }
-
-    if (adminClientGetInfo(clnt, &params, &nparams, args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_CLIENT_INFO_PARAMETERS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of client info parameters %d exceeds max "
-                         "allowed limit: %d"), nparams,
-                       ADMIN_CLIENT_INFO_PARAMETERS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len,
-                                VIR_TYPED_PARAM_STRING_OKAY) < 0)
-        goto cleanup;
-
-    rv = 0;
-
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(clnt);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerGetClientLimits(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                   virNetServerClientPtr client,
-                                   virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                   virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
-                                   admin_server_get_client_limits_args *args,
-                                   admin_server_get_client_limits_ret *ret)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name)))
-        goto cleanup;
-
-    if (adminServerGetClientLimits(srv, &params, &nparams, args->flags) < 0)
-        goto cleanup;
-
-    if (nparams > ADMIN_SERVER_CLIENT_LIMITS_MAX) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Number of client processing parameters %d exceeds "
-                         "max allowed limit: %d"), nparams,
-                       ADMIN_SERVER_CLIENT_LIMITS_MAX);
-        goto cleanup;
-    }
-
-    if (virTypedParamsSerialize(params, nparams,
-                                (virTypedParameterRemotePtr *) &ret->params.params_val,
-                                &ret->params.params_len, 0) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-static int
-adminDispatchServerSetClientLimits(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                   virNetServerClientPtr client,
-                                   virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                   virNetMessageErrorPtr rerr ATTRIBUTE_UNUSED,
-                                   admin_server_set_client_limits_args *args)
-{
-    int rv = -1;
-    virNetServerPtr srv = NULL;
-    virTypedParameterPtr params = NULL;
-    int nparams = 0;
-    struct daemonAdmClientPrivate *priv =
-        virNetServerClientGetPrivateData(client);
-
-    if (!(srv = virNetDaemonGetServer(priv->dmn, args->srv.name))) {
-        virReportError(VIR_ERR_NO_SERVER,
-                       _("no server with matching name '%s' found"),
-                       args->srv.name);
-        goto cleanup;
-    }
-
-    if (virTypedParamsDeserialize((virTypedParameterRemotePtr) args->params.params_val,
-        args->params.params_len,
-        ADMIN_SERVER_CLIENT_LIMITS_MAX, &params, &nparams) < 0)
-        goto cleanup;
-
-    if (adminServerSetClientLimits(srv, params, nparams, args->flags) < 0)
-        goto cleanup;
-
-    rv = 0;
- cleanup:
-    if (rv < 0)
-        virNetMessageSaveError(rerr);
-    virTypedParamsFree(params, nparams);
-    virObjectUnref(srv);
-    return rv;
-}
-
-/* Returns the number of outputs stored in @outputs */
-static int
-adminConnectGetLoggingOutputs(char **outputs, unsigned int flags)
-{
-    char *tmp = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (!(tmp = virLogGetOutputs()))
-        return -1;
-
-    *outputs = tmp;
-    return virLogGetNbOutputs();
-}
-
-/* Returns the number of defined filters or -1 in case of an error */
-static int
-adminConnectGetLoggingFilters(char **filters, unsigned int flags)
-{
-    char *tmp = NULL;
-    int ret = 0;
-
-    virCheckFlags(0, -1);
-
-    if ((ret = virLogGetNbFilters()) > 0 && !(tmp = virLogGetFilters()))
-        return -1;
-
-    *filters = tmp;
-    return ret;
-}
-
-static int
-adminConnectSetLoggingOutputs(virNetDaemonPtr dmn ATTRIBUTE_UNUSED,
-                              const char *outputs,
-                              unsigned int flags)
-{
-    virCheckFlags(0, -1);
-
-    return virLogSetOutputs(outputs);
-}
-
-static int
-adminConnectSetLoggingFilters(virNetDaemonPtr dmn ATTRIBUTE_UNUSED,
-                              const char *filters,
-                              unsigned int flags)
-{
-    virCheckFlags(0, -1);
-
-    return virLogSetFilters(filters);
-}
-
-static int
-adminDispatchConnectGetLoggingOutputs(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                      virNetServerClientPtr client ATTRIBUTE_UNUSED,
-                                      virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                      virNetMessageErrorPtr rerr,
-                                      admin_connect_get_logging_outputs_args *args,
-                                      admin_connect_get_logging_outputs_ret *ret)
-{
-    char *outputs = NULL;
-    int noutputs = 0;
-
-    if ((noutputs = adminConnectGetLoggingOutputs(&outputs, args->flags) < 0)) {
-        virNetMessageSaveError(rerr);
-        return -1;
-    }
-
-    VIR_STEAL_PTR(ret->outputs, outputs);
-    ret->noutputs = noutputs;
-
-    return 0;
-}
-
-static int
-adminDispatchConnectGetLoggingFilters(virNetServerPtr server ATTRIBUTE_UNUSED,
-                                      virNetServerClientPtr client ATTRIBUTE_UNUSED,
-                                      virNetMessagePtr msg ATTRIBUTE_UNUSED,
-                                      virNetMessageErrorPtr rerr,
-                                      admin_connect_get_logging_filters_args *args,
-                                      admin_connect_get_logging_filters_ret *ret)
-{
-    char *filters = NULL;
-    int nfilters = 0;
-
-    if ((nfilters = adminConnectGetLoggingFilters(&filters, args->flags)) < 0) {
-        virNetMessageSaveError(rerr);
-        return -1;
-    }
-
-    if (nfilters == 0) {
-        ret->filters = NULL;
-    } else {
-        char **ret_filters = NULL;
-        if (VIR_ALLOC(ret_filters) < 0)
-            return -1;
-
-        *ret_filters = filters;
-        ret->filters = ret_filters;
-    }
-    ret->nfilters = nfilters;
-
-    return 0;
-}
-#include "admin_dispatch.h"
--- a/daemon/admin.h
+++ b/daemon/admin.h
@@ -1,36 +0,0 @@
-/*
- * admin.h: handlers for admin RPC method calls
- *
- * Copyright (C) 2014-2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Author: Martin Kletzander <mkletzan@redhat.com>
- */
-
-#ifndef __LIBVIRTD_ADMIN_H__
-# define __LIBVIRTD_ADMIN_H__
-
-# include "rpc/virnetserverprogram.h"
-# include "rpc/virnetserverclient.h"
-
-
-extern virNetServerProgramProc adminProcs[];
-extern size_t adminNProcs;
-
-void remoteAdmClientFreeFunc(void *data);
-void *remoteAdmClientInitHook(virNetServerClientPtr client, void *opaque);
-
-#endif /* __ADMIN_REMOTE_H__ */
--- a/daemon/admin_server.c
+++ b/daemon/admin_server.c
@@ -1,390 +0,0 @@
-/*
- * admin_server.c: admin methods to manage daemons and clients
- *
- * Copyright (C) 2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Authors: Erik Skultety <eskultet@redhat.com>
- *          Martin Kletzander <mkletzan@redhat.com>
- */
-
-#include <config.h>
-
-#include "admin_server.h"
-#include "datatypes.h"
-#include "viralloc.h"
-#include "virerror.h"
-#include "viridentity.h"
-#include "virlog.h"
-#include "virnetdaemon.h"
-#include "virnetserver.h"
-#include "virstring.h"
-#include "virthreadpool.h"
-#include "virtypedparam.h"
-
-#define VIR_FROM_THIS VIR_FROM_ADMIN
-
-VIR_LOG_INIT("daemon.admin_server");
-
-int
-adminConnectListServers(virNetDaemonPtr dmn,
-                        virNetServerPtr **servers,
-                        unsigned int flags)
-{
-    int ret = -1;
-    virNetServerPtr *srvs = NULL;
-
-    virCheckFlags(0, -1);
-
-    if ((ret = virNetDaemonGetServers(dmn, &srvs)) < 0)
-        goto cleanup;
-
-    if (servers) {
-        *servers = srvs;
-        srvs = NULL;
-    }
- cleanup:
-    if (ret > 0)
-        virObjectListFreeCount(srvs, ret);
-    return ret;
-}
-
-virNetServerPtr
-adminConnectLookupServer(virNetDaemonPtr dmn,
-                         const char *name,
-                         unsigned int flags)
-{
-    virCheckFlags(flags, NULL);
-
-    return virNetDaemonGetServer(dmn, name);
-}
-
-int
-adminServerGetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr *params,
-                                   int *nparams,
-                                   unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    size_t minWorkers;
-    size_t maxWorkers;
-    size_t nWorkers;
-    size_t freeWorkers;
-    size_t nPrioWorkers;
-    size_t jobQueueDepth;
-    virTypedParameterPtr tmpparams = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virNetServerGetThreadPoolParameters(srv, &minWorkers, &maxWorkers,
-                                            &nWorkers, &freeWorkers,
-                                            &nPrioWorkers,
-                                            &jobQueueDepth) < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                       _("Unable to retrieve threadpool parameters"));
-        goto cleanup;
-    }
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_MIN,
-                              minWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_MAX,
-                              maxWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_CURRENT,
-                              nWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_FREE,
-                              freeWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_WORKERS_PRIORITY,
-                              nPrioWorkers) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams,
-                              &maxparams, VIR_THREADPOOL_JOB_QUEUE_DEPTH,
-                              jobQueueDepth) < 0)
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
-
- cleanup:
-    virTypedParamsFree(tmpparams, *nparams);
-    return ret;
-}
-
-int
-adminServerSetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr params,
-                                   int nparams,
-                                   unsigned int flags)
-{
-    long long int minWorkers = -1;
-    long long int maxWorkers = -1;
-    long long int prioWorkers = -1;
-    virTypedParameterPtr param = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsValidate(params, nparams,
-                               VIR_THREADPOOL_WORKERS_MIN,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_THREADPOOL_WORKERS_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_THREADPOOL_WORKERS_PRIORITY,
-                               VIR_TYPED_PARAM_UINT,
-                               NULL) < 0)
-        return -1;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_MIN)))
-        minWorkers = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_MAX)))
-        maxWorkers = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_THREADPOOL_WORKERS_PRIORITY)))
-        prioWorkers = param->value.ui;
-
-    if (virNetServerSetThreadPoolParameters(srv, minWorkers,
-                                            maxWorkers, prioWorkers) < 0)
-        return -1;
-
-    return 0;
-}
-
-int
-adminServerListClients(virNetServerPtr srv,
-                       virNetServerClientPtr **clients,
-                       unsigned int flags)
-{
-    int ret = -1;
-    virNetServerClientPtr *clts;
-
-    virCheckFlags(0, -1);
-
-    if ((ret = virNetServerGetClients(srv, &clts)) < 0)
-        return -1;
-
-    if (clients) {
-        *clients = clts;
-        clts = NULL;
-    }
-
-    virObjectListFreeCount(clts, ret);
-    return ret;
-}
-
-virNetServerClientPtr
-adminServerLookupClient(virNetServerPtr srv,
-                        unsigned long long id,
-                        unsigned int flags)
-{
-    virCheckFlags(0, NULL);
-
-    return virNetServerGetClient(srv, id);
-}
-
-int
-adminClientGetInfo(virNetServerClientPtr client,
-                   virTypedParameterPtr *params,
-                   int *nparams,
-                   unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    bool readonly;
-    char *sock_addr = NULL;
-    const char *attr = NULL;
-    virTypedParameterPtr tmpparams = NULL;
-    virIdentityPtr identity = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virNetServerClientGetInfo(client, &readonly,
-                                  &sock_addr, &identity) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddBoolean(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_READONLY,
-                                 readonly) < 0)
-        goto cleanup;
-
-    if (virIdentityGetSASLUserName(identity, &attr) < 0 ||
-        (attr &&
-         virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_SASL_USER_NAME,
-                                 attr) < 0))
-        goto cleanup;
-
-    if (!virNetServerClientIsLocal(client)) {
-        if (virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_SOCKET_ADDR,
-                                    sock_addr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetX509DName(identity, &attr) < 0 ||
-            (attr &&
-             virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                     VIR_CLIENT_INFO_X509_DISTINGUISHED_NAME,
-                                     attr) < 0))
-            goto cleanup;
-    } else {
-        pid_t pid;
-        uid_t uid;
-        gid_t gid;
-        if (virIdentityGetUNIXUserID(identity, &uid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_USER_ID, uid) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXUserName(identity, &attr) < 0 ||
-            virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_UNIX_USER_NAME,
-                                    attr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXGroupID(identity, &gid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_GROUP_ID, gid) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXGroupName(identity, &attr) < 0 ||
-            virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                    VIR_CLIENT_INFO_UNIX_GROUP_NAME,
-                                    attr) < 0)
-            goto cleanup;
-
-        if (virIdentityGetUNIXProcessID(identity, &pid) < 0 ||
-            virTypedParamsAddInt(&tmpparams, nparams, &maxparams,
-                                 VIR_CLIENT_INFO_UNIX_PROCESS_ID, pid) < 0)
-            goto cleanup;
-    }
-
-    if (virIdentityGetSELinuxContext(identity, &attr) < 0 ||
-        (attr &&
-         virTypedParamsAddString(&tmpparams, nparams, &maxparams,
-                                VIR_CLIENT_INFO_SELINUX_CONTEXT, attr) < 0))
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
-
- cleanup:
-    virObjectUnref(identity);
-    VIR_FREE(sock_addr);
-    return ret;
-}
-
-int adminClientClose(virNetServerClientPtr client,
-                     unsigned int flags)
-{
-    virCheckFlags(0, -1);
-
-    virNetServerClientClose(client);
-    return 0;
-}
-
-int
-adminServerGetClientLimits(virNetServerPtr srv,
-                           virTypedParameterPtr *params,
-                           int *nparams,
-                           unsigned int flags)
-{
-    int ret = -1;
-    int maxparams = 0;
-    virTypedParameterPtr tmpparams = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_MAX,
-                              virNetServerGetMaxClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_CURRENT,
-                              virNetServerGetCurrentClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_UNAUTH_MAX,
-                              virNetServerGetMaxUnauthClients(srv)) < 0)
-        goto cleanup;
-
-    if (virTypedParamsAddUInt(&tmpparams, nparams, &maxparams,
-                              VIR_SERVER_CLIENTS_UNAUTH_CURRENT,
-                              virNetServerGetCurrentUnauthClients(srv)) < 0)
-        goto cleanup;
-
-    *params = tmpparams;
-    tmpparams = NULL;
-    ret = 0;
-
- cleanup:
-    virTypedParamsFree(tmpparams, *nparams);
-    return ret;
-}
-
-int
-adminServerSetClientLimits(virNetServerPtr srv,
-                           virTypedParameterPtr params,
-                           int nparams,
-                           unsigned int flags)
-{
-    long long int maxClients = -1;
-    long long int maxClientsUnauth = -1;
-    virTypedParameterPtr param = NULL;
-
-    virCheckFlags(0, -1);
-
-    if (virTypedParamsValidate(params, nparams,
-                               VIR_SERVER_CLIENTS_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               VIR_SERVER_CLIENTS_UNAUTH_MAX,
-                               VIR_TYPED_PARAM_UINT,
-                               NULL) < 0)
-        return -1;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_SERVER_CLIENTS_MAX)))
-        maxClients = param->value.ui;
-
-    if ((param = virTypedParamsGet(params, nparams,
-                                   VIR_SERVER_CLIENTS_UNAUTH_MAX)))
-        maxClientsUnauth = param->value.ui;
-
-    if (virNetServerSetClientLimits(srv, maxClients,
-                                    maxClientsUnauth) < 0)
-        return -1;
-
-    return 0;
-}
--- a/daemon/admin_server.h
+++ b/daemon/admin_server.h
@@ -1,75 +0,0 @@
-/*
- * admin_server.h: admin methods to manage daemons and clients
- *
- * Copyright (C) 2016 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Authors: Erik Skultety <eskultet@redhat.com>
- *          Martin Kletzander <mkletzan@redhat.com>
- */
-
-#ifndef __LIBVIRTD_ADMIN_SERVER_H__
-# define __LIBVIRTD_ADMIN_SERVER_H__
-
-# include "rpc/virnetdaemon.h"
-# include "rpc/virnetserver.h"
-
-int adminConnectListServers(virNetDaemonPtr dmn,
-                            virNetServerPtr **servers,
-                            unsigned int flags);
-
-virNetServerPtr adminConnectLookupServer(virNetDaemonPtr dmn,
-                                         const char *name,
-                                         unsigned int flags);
-
-int
-adminServerGetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr *params,
-                                   int *nparams,
-                                   unsigned int flags);
-int
-adminServerSetThreadPoolParameters(virNetServerPtr srv,
-                                   virTypedParameterPtr params,
-                                   int nparams,
-                                   unsigned int flags);
-
-int adminServerListClients(virNetServerPtr srv,
-                           virNetServerClientPtr **clients,
-                           unsigned int flags);
-
-virNetServerClientPtr adminServerLookupClient(virNetServerPtr srv,
-                                              unsigned long long id,
-                                              unsigned int flags);
-
-int adminClientGetInfo(virNetServerClientPtr client,
-                       virTypedParameterPtr *params,
-                       int *nparams,
-                       unsigned int flags);
-
-int adminClientClose(virNetServerClientPtr client,
-                     unsigned int flags);
-
-int adminServerGetClientLimits(virNetServerPtr srv,
-                               virTypedParameterPtr *params,
-                               int *nparams,
-                               unsigned int flags);
-
-int adminServerSetClientLimits(virNetServerPtr srv,
-                               virTypedParameterPtr params,
-                               int nparams,
-                               unsigned int flags);
-
-#endif /* __LIBVIRTD_ADMIN_SERVER_H__ */
--- a/daemon/libvirt.rules
+++ b/daemon/libvirt.rules
@@ -1,9 +0,0 @@
-// Allow any user in the 'libvirt' group to connect to system libvirtd
-// without entering a password.
-
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.libvirt.unix.manage" &&
-        subject.isInGroup("libvirt")) {
-        return polkit.Result.YES;
-    }
-});
--- a/daemon/libvirtd-config.c
+++ b/daemon/libvirtd-config.c
@@ -1,7 +1,7 @@
 /*
 * libvirtd-config.c: daemon start of day, guest process & i/o management
 *
- * Copyright (C) 2006-2012, 2014, 2015 Red Hat, Inc.
+ * Copyright (C) 2006-2012, 2014 Red Hat, Inc.
 * Copyright (C) 2006 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
@@ -32,7 +32,6 @@
 #include "configmake.h"
 #include "remote/remote_protocol.h"
 #include "remote/remote_driver.h"
-#include "util/virnetdevopenvswitch.h"
 #include "virstring.h"
 #include "virutil.h"

@@ -40,38 +39,158 @@

 VIR_LOG_INIT("daemon.libvirtd-config");

-
+/* Allocate an array of malloc'd strings from the config file, filename
+ * (used only in diagnostics), using handle "conf".  Upon error, return -1
+ * and free any allocated memory.  Otherwise, save the array in *list_arg
+ * and return 0.
+ */
 static int
-remoteConfigGetAuth(virConfPtr conf,
-                    const char *filename,
-                    const char *key,
-                    int *auth)
+remoteConfigGetStringList(virConfPtr conf, const char *key, char ***list_arg,
+                          const char *filename)
 {
-    char *authstr = NULL;
-
-    if (virConfGetValueString(conf, key, &authstr) < 0)
-        return -1;
-
-    if (!authstr)
+    char **list;
+    virConfValuePtr p = virConfGetValue(conf, key);
+    if (!p)
        return 0;

-    if (STREQ(authstr, "none")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
-#if WITH_SASL
-    } else if (STREQ(authstr, "sasl")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
-#endif
-    } else if (STREQ(authstr, "polkit")) {
-        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
-    } else {
+    switch (p->type) {
+    case VIR_CONF_STRING:
+        if (VIR_ALLOC_N(list, 2) < 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list"),
+                           key);
+            return -1;
+        }
+        if (VIR_STRDUP(list[0], p->str) < 0) {
+            VIR_FREE(list);
+            return -1;
+        }
+        list[1] = NULL;
+        break;
+
+    case VIR_CONF_LIST: {
+        int len = 0;
+        size_t i;
+        virConfValuePtr pp;
+        for (pp = p->list; pp; pp = pp->next)
+            len++;
+        if (VIR_ALLOC_N(list, 1+len) < 0) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("failed to allocate memory for %s config list"),
+                           key);
+            return -1;
+        }
+        for (i = 0, pp = p->list; pp; ++i, pp = pp->next) {
+            if (pp->type != VIR_CONF_STRING) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("remoteReadConfigFile: %s: %s:"
+                                 " must be a string or list of strings"),
+                               filename, key);
+                VIR_FREE(list);
+                return -1;
+            }
+            if (VIR_STRDUP(list[i], pp->str) < 0) {
+                size_t j;
+                for (j = 0; j < i; j++)
+                    VIR_FREE(list[j]);
+                VIR_FREE(list);
+                return -1;
+            }
+
+        }
+        list[i] = NULL;
+        break;
+    }
+
+    default:
        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("%s: %s: unsupported auth %s"),
-                       filename, key, authstr);
-        VIR_FREE(authstr);
+                       _("remoteReadConfigFile: %s: %s:"
+                         " must be a string or list of strings"),
+                       filename, key);
+        return -1;
+    }
+
+    *list_arg = list;
+    return 0;
+}
+
+/* A helper function used by each of the following macros.  */
+static int
+checkType(virConfValuePtr p, const char *filename,
+          const char *key, virConfType required_type)
+{
+    if (p->type != required_type) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s: invalid type:"
+                         " got %s; expected %s"), filename, key,
+                       virConfTypeName(p->type),
+                       virConfTypeName(required_type));
+        return -1;
+    }
+    return 0;
+}
+
+/* If there is no config data for the key, #var_name, then do nothing.
+   If there is valid data of type VIR_CONF_STRING, and VIR_STRDUP succeeds,
+   store the result in var_name.  Otherwise, (i.e. invalid type, or VIR_STRDUP
+   failure), give a diagnostic and "goto" the cleanup-and-fail label.  */
+#define GET_CONF_STR(conf, filename, var_name)                          \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
+        if (p) {                                                        \
+            if (checkType(p, filename, #var_name, VIR_CONF_STRING) < 0) \
+                goto error;                                             \
+            VIR_FREE(data->var_name);                                   \
+            if (VIR_STRDUP(data->var_name, p->str) < 0)                 \
+                goto error;                                             \
+        }                                                               \
+    } while (0)
+
+/* Like GET_CONF_STR, but for integral values.  */
+#define GET_CONF_INT(conf, filename, var_name)                          \
+    do {                                                                \
+        virConfValuePtr p = virConfGetValue(conf, #var_name);           \
+        if (p) {                                                        \
+            if (checkType(p, filename, #var_name, VIR_CONF_LONG) < 0)   \
+                goto error;                                             \
+            data->var_name = p->l;                                      \
+        }                                                               \
+    } while (0)
+
+
+static int
+remoteConfigGetAuth(virConfPtr conf,
+                    const char *key,
+                    int *auth,
+                    const char *filename)
+{
+    virConfValuePtr p;
+
+    p = virConfGetValue(conf, key);
+    if (!p)
+        return 0;
+
+    if (checkType(p, filename, key, VIR_CONF_STRING) < 0)
+        return -1;
+
+    if (!p->str)
+        return 0;
+
+    if (STREQ(p->str, "none")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
+#if WITH_SASL
+    } else if (STREQ(p->str, "sasl")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL;
+#endif
+    } else if (STREQ(p->str, "polkit")) {
+        *auth = VIR_NET_SERVER_SERVICE_AUTH_POLKIT;
+    } else {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("remoteReadConfigFile: %s: %s: unsupported auth %s"),
+                       filename, key, p->str);
        return -1;
    }

-    VIR_FREE(authstr);
    return 0;
 }

@@ -132,8 +251,7 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)

    if (VIR_STRDUP(data->unix_sock_rw_perms,
                   data->auth_unix_rw == REMOTE_AUTH_POLKIT ? "0777" : "0700") < 0 ||
-        VIR_STRDUP(data->unix_sock_ro_perms, "0777") < 0 ||
-        VIR_STRDUP(data->unix_sock_admin_perms, "0700") < 0)
+        VIR_STRDUP(data->unix_sock_ro_perms, "0777") < 0)
        goto error;

 #if WITH_SASL
@@ -148,7 +266,6 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)
    data->min_workers = 5;
    data->max_workers = 20;
    data->max_clients = 5000;
-    data->max_queued_clients = 1000;
    data->max_anonymous_clients = 20;

    data->prio_workers = 5;
@@ -161,17 +278,7 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED)

    data->keepalive_interval = 5;
    data->keepalive_count = 5;
-
-    data->admin_min_workers = 5;
-    data->admin_max_workers = 20;
-    data->admin_max_clients = 5000;
-    data->admin_max_queued_clients = 20;
-    data->admin_max_client_requests = 5;
-
-    data->admin_keepalive_interval = 5;
-    data->admin_keepalive_count = 5;
-
-    data->ovs_timeout = VIR_NETDEV_OVS_DEFAULT_TIMEOUT;
+    data->keepalive_required = 0;

    localhost = virGetHostname();
    if (localhost == NULL) {
@@ -217,7 +324,6 @@ daemonConfigFree(struct daemonConfig *data)
    }
    VIR_FREE(data->access_drivers);

-    VIR_FREE(data->unix_sock_admin_perms);
    VIR_FREE(data->unix_sock_ro_perms);
    VIR_FREE(data->unix_sock_rw_perms);
    VIR_FREE(data->unix_sock_group);
@@ -237,7 +343,6 @@ daemonConfigFree(struct daemonConfig *data)
        tmp++;
    }
    VIR_FREE(data->sasl_allowed_username_list);
-    VIR_FREE(data->tls_priority);

    VIR_FREE(data->key_file);
    VIR_FREE(data->ca_file);
@@ -245,7 +350,6 @@ daemonConfigFree(struct daemonConfig *data)
    VIR_FREE(data->crl_file);

    VIR_FREE(data->host_uuid);
-    VIR_FREE(data->host_uuid_source);
    VIR_FREE(data->log_filters);
    VIR_FREE(data->log_outputs);

@@ -257,18 +361,13 @@ daemonConfigLoadOptions(struct daemonConfig *data,
                        const char *filename,
                        virConfPtr conf)
 {
-    if (virConfGetValueBool(conf, "listen_tcp", &data->listen_tcp) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "listen_tls", &data->listen_tls) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "tls_port", &data->tls_port) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "tcp_port", &data->tcp_port) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "listen_addr", &data->listen_addr) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, listen_tcp);
+    GET_CONF_INT(conf, filename, listen_tls);
+    GET_CONF_STR(conf, filename, tls_port);
+    GET_CONF_STR(conf, filename, tcp_port);
+    GET_CONF_STR(conf, filename, listen_addr);

-    if (remoteConfigGetAuth(conf, filename, "auth_unix_rw", &data->auth_unix_rw) < 0)
+    if (remoteConfigGetAuth(conf, "auth_unix_rw", &data->auth_unix_rw, filename) < 0)
        goto error;
 #if WITH_POLKIT
    /* Change default perms to be wide-open if PolicyKit is enabled.
@@ -280,119 +379,67 @@ daemonConfigLoadOptions(struct daemonConfig *data,
            goto error;
    }
 #endif
-    if (remoteConfigGetAuth(conf, filename, "auth_unix_ro", &data->auth_unix_ro) < 0)
+    if (remoteConfigGetAuth(conf, "auth_unix_ro", &data->auth_unix_ro, filename) < 0)
        goto error;
-    if (remoteConfigGetAuth(conf, filename, "auth_tcp", &data->auth_tcp) < 0)
+    if (remoteConfigGetAuth(conf, "auth_tcp", &data->auth_tcp, filename) < 0)
        goto error;
-    if (remoteConfigGetAuth(conf, filename, "auth_tls", &data->auth_tls) < 0)
+    if (remoteConfigGetAuth(conf, "auth_tls", &data->auth_tls, filename) < 0)
        goto error;

-    if (virConfGetValueStringList(conf, "access_drivers", false,
-                                  &data->access_drivers) < 0)
+    if (remoteConfigGetStringList(conf, "access_drivers",
+                                  &data->access_drivers, filename) < 0)
        goto error;

-    if (virConfGetValueString(conf, "unix_sock_group", &data->unix_sock_group) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_admin_perms", &data->unix_sock_admin_perms) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_ro_perms", &data->unix_sock_ro_perms) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "unix_sock_rw_perms", &data->unix_sock_rw_perms) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, unix_sock_group);
+    GET_CONF_STR(conf, filename, unix_sock_ro_perms);
+    GET_CONF_STR(conf, filename, unix_sock_rw_perms);

-    if (virConfGetValueString(conf, "unix_sock_dir", &data->unix_sock_dir) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, unix_sock_dir);

-    if (virConfGetValueBool(conf, "mdns_adv", &data->mdns_adv) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "mdns_name", &data->mdns_name) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, mdns_adv);
+    GET_CONF_STR(conf, filename, mdns_name);

-    if (virConfGetValueBool(conf, "tls_no_sanity_certificate", &data->tls_no_sanity_certificate) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "tls_no_verify_certificate", &data->tls_no_verify_certificate) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, tls_no_sanity_certificate);
+    GET_CONF_INT(conf, filename, tls_no_verify_certificate);

-    if (virConfGetValueString(conf, "key_file", &data->key_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "cert_file", &data->cert_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "ca_file", &data->ca_file) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "crl_file", &data->crl_file) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, key_file);
+    GET_CONF_STR(conf, filename, cert_file);
+    GET_CONF_STR(conf, filename, ca_file);
+    GET_CONF_STR(conf, filename, crl_file);

-    if (virConfGetValueStringList(conf, "tls_allowed_dn_list", false,
-                                  &data->tls_allowed_dn_list) < 0)
+    if (remoteConfigGetStringList(conf, "tls_allowed_dn_list",
+                                  &data->tls_allowed_dn_list, filename) < 0)
        goto error;


-    if (virConfGetValueStringList(conf, "sasl_allowed_username_list", false,
-                                  &data->sasl_allowed_username_list) < 0)
+    if (remoteConfigGetStringList(conf, "sasl_allowed_username_list",
+                                  &data->sasl_allowed_username_list, filename) < 0)
        goto error;

-    if (virConfGetValueString(conf, "tls_priority", &data->tls_priority) < 0)
-        goto error;

-    if (virConfGetValueUInt(conf, "min_workers", &data->min_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_workers", &data->max_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_clients", &data->max_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_queued_clients", &data->max_queued_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_anonymous_clients", &data->max_anonymous_clients) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, min_workers);
+    GET_CONF_INT(conf, filename, max_workers);
+    GET_CONF_INT(conf, filename, max_clients);
+    GET_CONF_INT(conf, filename, max_queued_clients);
+    GET_CONF_INT(conf, filename, max_anonymous_clients);

-    if (virConfGetValueUInt(conf, "prio_workers", &data->prio_workers) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, prio_workers);

-    if (virConfGetValueUInt(conf, "max_requests", &data->max_requests) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "max_client_requests", &data->max_client_requests) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, max_requests);
+    GET_CONF_INT(conf, filename, max_client_requests);

-    if (virConfGetValueUInt(conf, "admin_min_workers", &data->admin_min_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_workers", &data->admin_max_workers) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_clients", &data->admin_max_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_queued_clients", &data->admin_max_queued_clients) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_max_client_requests", &data->admin_max_client_requests) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, audit_level);
+    GET_CONF_INT(conf, filename, audit_logging);

-    if (virConfGetValueUInt(conf, "audit_level", &data->audit_level) < 0)
-        goto error;
-    if (virConfGetValueBool(conf, "audit_logging", &data->audit_logging) < 0)
-        goto error;
+    GET_CONF_STR(conf, filename, host_uuid);

-    if (virConfGetValueString(conf, "host_uuid", &data->host_uuid) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "host_uuid_source", &data->host_uuid_source) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, log_level);
+    GET_CONF_STR(conf, filename, log_filters);
+    GET_CONF_STR(conf, filename, log_outputs);

-    if (virConfGetValueUInt(conf, "log_level", &data->log_level) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "log_filters", &data->log_filters) < 0)
-        goto error;
-    if (virConfGetValueString(conf, "log_outputs", &data->log_outputs) < 0)
-        goto error;
-
-    if (virConfGetValueInt(conf, "keepalive_interval", &data->keepalive_interval) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "keepalive_count", &data->keepalive_count) < 0)
-        goto error;
-
-    if (virConfGetValueInt(conf, "admin_keepalive_interval", &data->admin_keepalive_interval) < 0)
-        goto error;
-    if (virConfGetValueUInt(conf, "admin_keepalive_count", &data->admin_keepalive_count) < 0)
-        goto error;
-
-    if (virConfGetValueUInt(conf, "ovs_timeout", &data->ovs_timeout) < 0)
-        goto error;
+    GET_CONF_INT(conf, filename, keepalive_interval);
+    GET_CONF_INT(conf, filename, keepalive_count);
+    GET_CONF_INT(conf, filename, keepalive_required);

    return 0;

--- a/daemon/libvirtd-config.h
+++ b/daemon/libvirtd-config.h
@@ -1,7 +1,7 @@
 /*
 * libvirtd-config.h: daemon start of day, guest process & i/o management
 *
- * Copyright (C) 2006-2012, 2015 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
 * Copyright (C) 2006 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
@@ -28,15 +28,13 @@

 struct daemonConfig {
    char *host_uuid;
-    char *host_uuid_source;

-    bool listen_tls;
-    bool listen_tcp;
+    int listen_tls;
+    int listen_tcp;
    char *listen_addr;
    char *tls_port;
    char *tcp_port;

-    char *unix_sock_admin_perms;
    char *unix_sock_ro_perms;
    char *unix_sock_rw_perms;
    char *unix_sock_group;
@@ -49,51 +47,40 @@ struct daemonConfig {

    char **access_drivers;

-    bool mdns_adv;
+    int mdns_adv;
    char *mdns_name;

-    bool tls_no_verify_certificate;
-    bool tls_no_sanity_certificate;
+    int tls_no_verify_certificate;
+    int tls_no_sanity_certificate;
    char **tls_allowed_dn_list;
    char **sasl_allowed_username_list;
-    char *tls_priority;

    char *key_file;
    char *cert_file;
    char *ca_file;
    char *crl_file;

-    unsigned int min_workers;
-    unsigned int max_workers;
-    unsigned int max_clients;
-    unsigned int max_queued_clients;
-    unsigned int max_anonymous_clients;
+    int min_workers;
+    int max_workers;
+    int max_clients;
+    int max_queued_clients;
+    int max_anonymous_clients;

-    unsigned int prio_workers;
+    int prio_workers;

-    unsigned int max_requests;
-    unsigned int max_client_requests;
+    int max_requests;
+    int max_client_requests;

-    unsigned int log_level;
+    int log_level;
    char *log_filters;
    char *log_outputs;

-    unsigned int audit_level;
-    bool audit_logging;
+    int audit_level;
+    int audit_logging;

    int keepalive_interval;
    unsigned int keepalive_count;
-
-    unsigned int admin_min_workers;
-    unsigned int admin_max_workers;
-    unsigned int admin_max_clients;
-    unsigned int admin_max_queued_clients;
-    unsigned int admin_max_client_requests;
-
-    int admin_keepalive_interval;
-    unsigned int admin_keepalive_count;
-
-    unsigned int ovs_timeout;
+    int keepalive_required;
 };


--- a/daemon/libvirtd.aug
+++ b/daemon/libvirtd.aug
@@ -13,7 +13,7 @@ module Libvirtd =

   let str_val = del /\"/ "\"" . store /[^\"]*/ . del /\"/ "\""
   let bool_val = store /0|1/
-   let int_val = store /-?[0-9]+/
+   let int_val = store /[0-9]+/
   let str_array_element = [ seq "el" . str_val ] . del /[ \t\n]*/ ""
   let str_array_val = counter "el" . array_start . ( str_array_element . ( array_sep . str_array_element ) * ) ? . array_end

@@ -35,7 +35,6 @@ module Libvirtd =
   let sock_acl_entry = str_entry "unix_sock_group"
                      | str_entry "unix_sock_ro_perms"
                      | str_entry "unix_sock_rw_perms"
-                      | str_entry "unix_sock_admin_perms"
                      | str_entry "unix_sock_dir"

   let authentication_entry = str_entry "auth_unix_ro"
@@ -53,7 +52,6 @@ module Libvirtd =
                           | str_array_entry "tls_allowed_dn_list"
                           | str_array_entry "sasl_allowed_username_list"
                           | str_array_entry "access_drivers"
-                           | str_entry "tls_priority"

   let processing_entry = int_entry "min_workers"
                        | int_entry "max_workers"
@@ -64,12 +62,6 @@ module Libvirtd =
                        | int_entry "max_client_requests"
                        | int_entry "prio_workers"

-   let admin_processing_entry = int_entry "admin_min_workers"
-                              | int_entry "admin_max_workers"
-                              | int_entry "admin_max_clients"
-                              | int_entry "admin_max_queued_clients"
-                              | int_entry "admin_max_client_requests"
-
   let logging_entry = int_entry "log_level"
                     | str_entry "log_filters"
                     | str_entry "log_outputs"
@@ -82,13 +74,7 @@ module Libvirtd =
                       | int_entry "keepalive_count"
                       | bool_entry "keepalive_required"

-   let admin_keepalive_entry = int_entry "admin_keepalive_interval"
-                             | int_entry "admin_keepalive_count"
-                             | bool_entry "admin_keepalive_required"
-
   let misc_entry = str_entry "host_uuid"
-                  | str_entry "host_uuid_source"
-                  | int_entry "ovs_timeout"

   (* Each enty in the config is one of the following three ... *)
   let entry = network_entry
@@ -97,11 +83,9 @@ module Libvirtd =
             | certificate_entry
             | authorization_entry
             | processing_entry
-             | admin_processing_entry
             | logging_entry
             | auditing_entry
             | keepalive_entry
-             | admin_keepalive_entry
             | misc_entry
   let comment = [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
   let empty = [ label "#empty" . eol ]
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@@ -77,6 +77,11 @@
 # UNIX socket access controls
 #

+# Beware that if you are changing *any* of these options, and you use
+# socket activation with systemd, you need to adjust the settings in
+# the libvirtd.socket file as well since it could impose a security
+# risk if you rely on file permission checking only.
+
 # Set the UNIX domain socket group ownership. This can be used to
 # allow a 'trusted' set of users access to management capabilities
 # without becoming root.
@@ -101,17 +106,9 @@
 # control, then you may want to relax this too.
 #unix_sock_rw_perms = "0770"

-# Set the UNIX socket permissions for the admin interface socket.
-#
-# Default allows only owner (root), do not change it unless you are
-# sure to whom you are exposing the access to.
-#unix_sock_admin_perms = "0700"
-
 # Set the name of the directory in which sockets will be found/created.
 #unix_sock_dir = "/var/run/libvirt"

-
-
 #################################################################
 #
 # Authentication.
@@ -242,7 +239,7 @@
 #tls_allowed_dn_list = ["DN1", "DN2"]


-# A whitelist of allowed SASL usernames. The format for username
+# A whitelist of allowed SASL usernames. The format for usernames
 # depends on the SASL authentication mechanism. Kerberos usernames
 # look like username@REALM
 #
@@ -259,13 +256,6 @@
 #sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]


-# Override the compile time default TLS priority string. The
-# default is usually "NORMAL" unless overridden at build time.
-# Only set this is it is desired for libvirt to deviate from
-# the global default settings.
-#
-#tls_priority="NORMAL"
-

 #################################################################
 #
@@ -282,9 +272,9 @@
 # connection succeeds.
 #max_queued_clients = 1000

-# The maximum length of queue of accepted but not yet
-# authenticated clients. The default value is 20. Set this to
-# zero to turn this feature off.
+# The maximum length of queue of accepted but not yet not
+# authenticated clients. The default value is zero, meaning
+# the feature is disabled.
 #max_anonymous_clients = 20

 # The minimum limit sets the number of workers to start up
@@ -317,16 +307,6 @@
 # and max_workers parameter
 #max_client_requests = 5

-# Same processing controls, but this time for the admin interface.
-# For description of each option, be so kind to scroll few lines
-# upwards.
-
-#admin_min_workers = 1
-#admin_max_workers = 5
-#admin_max_clients = 5
-#admin_max_queued_clients = 5
-#admin_max_client_requests = 5
-
 #################################################################
 #
 # Logging controls
@@ -346,16 +326,10 @@
 # The format for a filter is one of:
 #    x:name
 #    x:+name
-
-#      where name is a string which is matched against the category
-#      given in the VIR_LOG_INIT() at the top of each libvirt source
-#      file, e.g., "remote", "qemu", or "util.json" (the name in the
-#      filter can be a substring of the full category name, in order
-#      to match multiple similar categories), the optional "+" prefix
-#      tells libvirt to log stack trace for each message matching
-#      name, and x is the minimal level where matching messages should
-#      be logged:
-
+#      where name is a string which is matched against source file name,
+#      e.g., "remote", "qemu", or "util/json", the optional "+" prefix
+#      tells libvirt to log stack trace for each message matching name,
+#      and x is the minimal level where matching messages should be logged:
 #    1: DEBUG
 #    2: INFO
 #    3: WARNING
@@ -417,16 +391,10 @@

 ###################################################################
 # UUID of the host:
-# Host UUID is read from one of the sources specified in host_uuid_source.
-#
-# - 'smbios': fetch the UUID from 'dmidecode -s system-uuid'
-# - 'machine-id': fetch the UUID from /etc/machine-id
-#
-# The host_uuid_source default is 'smbios'. If 'dmidecode' does not provide
-# a valid UUID a temporary UUID will be generated.
-#
-# Another option is to specify host UUID in host_uuid.
-#
+# Provide the UUID of the host here in case the command
+# 'dmidecode -s system-uuid' does not provide a valid uuid. In case
+# 'dmidecode' does not provide a valid UUID and none is provided here, a
+# temporary UUID will be generated.
 # Keep the format of the example UUID below. UUID must not have all digits
 # be the same.

@@ -434,7 +402,6 @@
 # it with the output of the 'uuidgen' command and then
 # uncomment this entry
 #host_uuid = "00000000-0000-0000-0000-000000000000"
-#host_uuid_source = "smbios"

 ###################################################################
 # Keepalive protocol:
@@ -455,24 +422,8 @@
 #
 #keepalive_interval = 5
 #keepalive_count = 5
-
 #
-# These configuration options are no longer used.  There is no way to
-# restrict such clients from connecting since they first need to
-# connect in order to ask for keepalive.
+# If set to 1, libvirtd will refuse to talk to clients that do not
+# support keepalive protocol.  Defaults to 0.
 #
 #keepalive_required = 1
-#admin_keepalive_required = 1
-
-# Keepalive settings for the admin interface
-#admin_keepalive_interval = 5
-#admin_keepalive_count = 5
-
-###################################################################
-# Open vSwitch:
-# This allows to specify a timeout for openvswitch calls made by
-# libvirt. The ovs-vsctl utility is used for the configuration and
-# its timeout option is set by default to 5 seconds to avoid
-# potential infinite waits blocking libvirt.
-#
-#ovs_timeout = 5
--- a/daemon/libvirtd.h
+++ b/daemon/libvirtd.h
@@ -1,7 +1,7 @@
 /*
 * libvirtd.h: daemon data structure definitions
 *
- * Copyright (C) 2006-2015 Red Hat, Inc.
+ * Copyright (C) 2006-2014 Red Hat, Inc.
 * Copyright (C) 2006 Daniel P. Berrange
 *
 * This library is free software; you can redistribute it and/or
@@ -30,11 +30,9 @@
 # include <rpc/types.h>
 # include <rpc/xdr.h>
 # include "remote_protocol.h"
-# include "admin_protocol.h"
 # include "lxc_protocol.h"
 # include "qemu_protocol.h"
 # include "virthread.h"
-
 # if WITH_SASL
 #  include "virnetsaslcontext.h"
 # endif
@@ -44,8 +42,6 @@ typedef struct daemonClientStream daemonClientStream;
 typedef daemonClientStream *daemonClientStreamPtr;
 typedef struct daemonClientPrivate daemonClientPrivate;
 typedef daemonClientPrivate *daemonClientPrivatePtr;
-typedef struct daemonAdmClientPrivate daemonAdmClientPrivate;
-typedef daemonAdmClientPrivate *daemonAdmClientPrivatePtr;
 typedef struct daemonClientEventCallback daemonClientEventCallback;
 typedef daemonClientEventCallback *daemonClientEventCallbackPtr;

@@ -60,13 +56,6 @@ struct daemonClientPrivate {
    size_t nnetworkEventCallbacks;
    daemonClientEventCallbackPtr *qemuEventCallbacks;
    size_t nqemuEventCallbacks;
-    daemonClientEventCallbackPtr *storageEventCallbacks;
-    size_t nstorageEventCallbacks;
-    daemonClientEventCallbackPtr *nodeDeviceEventCallbacks;
-    size_t nnodeDeviceEventCallbacks;
-    daemonClientEventCallbackPtr *secretEventCallbacks;
-    size_t nsecretEventCallbacks;
-    bool closeRegistered;

 # if WITH_SASL
    virNetSASLSessionPtr sasl;
@@ -79,14 +68,7 @@ struct daemonClientPrivate {
    virConnectPtr conn;

    daemonClientStreamPtr streams;
-};
-
-/* Separate private data for admin connection */
-struct daemonAdmClientPrivate {
-    /* Just a placeholder, not that there is anything to be locked */
-    virMutex lock;
-
-    virNetDaemonPtr dmn;
+    bool keepalive_supported;
 };

 # if WITH_SASL
--- a/daemon/libvirtd.init.in
+++ b/daemon/libvirtd.init.in
@@ -1,16 +1,19 @@
 #!/bin/sh

 # the following is the LSB init header see
-# http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html
+# http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV
 #
 ### BEGIN INIT INFO
 # Provides: libvirtd
+# Required-Start: $network messagebus
+# Should-Start: $named
+# Should-Start: xend
+# Should-Start: avahi-daemon
+# Should-Start: virtlockd
+# Required-Stop: $network messagebus
+# Should-Stop: $named
 # Default-Start: 3 4 5
 # Default-Stop: 0 1 2 6
-# Required-Start: $network messagebus virtlogd
-# Required-Stop: $network messagebus
-# Should-Start: $named xend avahi-daemon virtlockd
-# Should-Stop: $named
 # Short-Description: daemon for libvirt virtualization API
 # Description: This is a daemon for managing guest instances
 #              and libvirt virtual networks
--- a/daemon/libvirtd.libxl.logrotate.in
+++ b/daemon/libvirtd.libxl.logrotate.in
@@ -1,9 +0,0 @@
-@localstatedir@/log/libvirt/libxl/*.log {
-        weekly
-        missingok
-        rotate 4
-        compress
-        delaycompress
-        copytruncate
-        minsize 100k
-}
--- a/daemon/libvirtd.pod
+++ b/daemon/libvirtd.pod
@@ -1,206 +0,0 @@
-=head1 NAME
-
-libvirtd - libvirtd management daemon
-
-=head1 SYNOPSIS
-
-B<libvirtd> [I<OPTION>]...
-
-=head1 DESCRIPTION
-
-The B<libvirtd> program is the server side daemon component of the libvirt
-virtualization management system.
-
-This daemon runs on host servers and performs required management tasks for
-virtualized guests.  This includes activities such as starting, stopping
-and migrating guests between host servers, configuring and manipulating
-networking, and managing storage for use by guests.
-
-The libvirt client libraries and utilities connect to this daemon to issue
-tasks and collect information about the configuration and resources of the host
-system and guests.
-
-By default, the libvirtd daemon listens for requests on a local Unix domain
-socket.  Using the B<-l>|B<--listen> command line option, the libvirtd daemon
-can be instructed to additionally listen on a TCP/IP socket.  The TCP/IP socket
-to use is defined in the libvirtd configuration file.
-
-Restarting libvirtd does not impact running guests.  Guests continue to operate
-and will be picked up automatically if their XML configuration has been
-defined.  Any guests whose XML configuration has not been defined will be lost
-from the configuration.
-
-=head1 OPTIONS
-
-=over
-
-=item B<-h, --help>
-
-Display command line help usage then exit.
-
-=item B<-d, --daemon>
-
-Run as a daemon & write PID file.
-
-=item B<-f, --config> I<FILE>
-
-Use this configuration file, overriding the default value.
-
-=item B<-l, --listen>
-
-Listen for TCP/IP connections.
-
-=item B<-p, --pid-file> I<FILE>
-
-Use this name for the PID file, overriding the default value.
-
-=item B<-t, --timeout> I<SECONDS>
-
-Exit after timeout period (in seconds) elapse with no client connections
-or registered resources.  Be aware that resources such as autostart
-networks will result in never reaching the timeout, even when there are
-no client connections.
-
-=item B<-v, --verbose>
-
-Enable output of verbose messages.
-
-=item B<    --version>
-
-Display version information then exit.
-
-=back
-
-=head1 SIGNALS
-
-On receipt of B<SIGHUP> libvirtd will reload its configuration.
-
-=head1 FILES
-
-=head2 When run as B<root>.
-
-=over
-
-=item F<SYSCONFDIR/libvirtd.conf>
-
-The default configuration file used by libvirtd, unless overridden on the
-command line using the B<-f>|B<--config> option.
-
-=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock>
-
-=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock-ro>
-
-The sockets libvirtd will use.
-
-=item F<SYSCONFDIR/pki/CA/cacert.pem>
-
-The TLS B<Certificate Authority> certificate libvirtd will use.
-
-=item F<SYSCONFDIR/pki/libvirt/servercert.pem>
-
-The TLS B<Server> certificate libvirtd will use.
-
-=item F<SYSCONFDIR/pki/libvirt/private/serverkey.pem>
-
-The TLS B<Server> private key libvirtd will use.
-
-=item F<LOCALSTATEDIR/run/libvirtd.pid>
-
-The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
-
-=back
-
-=head2 When run as B<non-root>.
-
-=over
-
-=item F<$XDG_CONFIG_HOME/libvirtd.conf>
-
-The default configuration file used by libvirtd, unless overridden on the
-command line using the B<-f>|B<--config> option.
-
-=item F<$XDG_RUNTIME_DIR/libvirt/libvirt-sock>
-
-The socket libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/cacert.pem>
-
-The TLS B<Certificate Authority> certificate libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/servercert.pem>
-
-The TLS B<Server> certificate libvirtd will use.
-
-=item F<$HOME/.pki/libvirt/serverkey.pem>
-
-The TLS B<Server> private key libvirtd will use.
-
-=item F<$XDG_RUNTIME_DIR/libvirt/libvirtd.pid>
-
-The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
-
-=item If $XDG_CONFIG_HOME is not set in your environment, libvirtd will use F<$HOME/.config>
-
-=item If $XDG_RUNTIME_DIR is not set in your environment, libvirtd will use F<$HOME/.cache>
-
-=back
-
-=head1 EXAMPLES
-
-To retrieve the version of libvirtd:
-
- # libvirtd --version
- libvirtd (libvirt) 0.8.2
- #
-
-To start libvirtd, instructing it to daemonize and create a PID file:
-
- # libvirtd -d
- # ls -la LOCALSTATEDIR/run/libvirtd.pid
- -rw-r--r-- 1 root root 6 Jul  9 02:40 LOCALSTATEDIR/run/libvirtd.pid
- #
-
-=head1 BUGS
-
-Please report all bugs you discover.  This should be done via either:
-
-=over
-
-=item a) the mailing list
-
-L<http://libvirt.org/contact.html>
-
-=item or,
-
-B<>
-
-=item b) the bug tracker
-
-L<http://libvirt.org/bugs.html>
-
-=item Alternatively, you may report bugs to your software distributor / vendor.
-
-=back
-
-=head1 AUTHORS
-
-Please refer to the AUTHORS file distributed with libvirt.
-
-=head1 COPYRIGHT
-
-Copyright (C) 2006-2012 Red Hat, Inc., and the authors listed in the
-libvirt AUTHORS file.
-
-=head1 LICENSE
-
-libvirtd is distributed under the terms of the GNU LGPL v2.1+.
-This is free software; see the source for copying conditions. There
-is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
-PURPOSE
-
-=head1 SEE ALSO
-
-L<virsh(1)>, L<virt-install(1)>, L<virt-xml-validate(1)>, L<virt-top(1)>,
-L<virt-df(1)>, L<http://www.libvirt.org/>
-
-=cut
--- a/daemon/libvirtd.pod.in
+++ b/daemon/libvirtd.pod.in
@@ -0,0 +1,208 @@
+=head1 NAME
+
+libvirtd - libvirtd management daemon
+
+=head1 SYNOPSIS
+
+B<libvirtd> [ -dlv ] [ -f config_file ] [ -p pid_file ] [ -t timeout_seconds ]
+
+B<libvirtd> --version
+
+=head1 DESCRIPTION
+
+The B<libvirtd> program is the server side daemon component of the libvirt
+virtualization management system.
+
+This daemon runs on host servers and performs required management tasks for
+virtualized guests.  This includes activities such as starting, stopping
+and migrating guests between host servers, configuring and manipulating
+networking, and managing storage for use by guests.
+
+The libvirt client libraries and utilities connect to this daemon to issue
+tasks and collect information about the configuration and resources of the host
+system and guests.
+
+By default, the libvirtd daemon listens for requests on a local Unix domain
+socket.  Using the B<-l>|B<--listen> command line option, the libvirtd daemon
+can be instructed to additionally listen on a TCP/IP socket.  The TCP/IP socket
+to use is defined in the libvirtd configuration file.
+
+Restarting libvirtd does not impact running guests.  Guests continue to operate
+and will be picked up automatically if their XML configuration has been
+defined.  Any guests whose XML configuration has not been defined will be lost
+from the configuration.
+
+=head1 OPTIONS
+
+=over
+
+=item B<-h, --help>
+
+Display command line help usage then exit.
+
+=item B<-d, --daemon>
+
+Run as a daemon & write PID file.
+
+=item B<-f, --config> I<FILE>
+
+Use this configuration file, overriding the default value.
+
+=item B<-l, --listen>
+
+Listen for TCP/IP connections.
+
+=item B<-p, --pid-file> I<FILE>
+
+Use this name for the PID file, overriding the default value.
+
+=item B<-t, --timeout> I<SECONDS>
+
+Exit after timeout period (in seconds) elapse with no client connections
+or registered resources.  Be aware that resources such as autostart
+networks will result in never reaching the timeout, even when there are
+no client connections.
+
+=item B<-v, --verbose>
+
+Enable output of verbose messages.
+
+=item B<    --version>
+
+Display version information then exit.
+
+=back
+
+=head1 SIGNALS
+
+On receipt of B<SIGHUP> libvirtd will reload its configuration.
+
+=head1 FILES
+
+=head2 When run as B<root>.
+
+=over
+
+=item F<SYSCONFDIR/libvirtd.conf>
+
+The default configuration file used by libvirtd, unless overridden on the
+command line using the B<-f>|B<--config> option.
+
+=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock>
+
+=item F<LOCALSTATEDIR/run/libvirt/libvirt-sock-ro>
+
+The sockets libvirtd will use.
+
+=item F<SYSCONFDIR/pki/CA/cacert.pem>
+
+The TLS B<Certificate Authority> certificate libvirtd will use.
+
+=item F<SYSCONFDIR/pki/libvirt/servercert.pem>
+
+The TLS B<Server> certificate libvirtd will use.
+
+=item F<SYSCONFDIR/pki/libvirt/private/serverkey.pem>
+
+The TLS B<Server> private key libvirtd will use.
+
+=item F<LOCALSTATEDIR/run/libvirtd.pid>
+
+The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
+
+=back
+
+=head2 When run as B<non-root>.
+
+=over
+
+=item F<$XDG_CONFIG_HOME/libvirtd.conf>
+
+The default configuration file used by libvirtd, unless overridden on the
+command line using the B<-f>|B<--config> option.
+
+=item F<$XDG_RUNTIME_DIR/libvirt/libvirt-sock>
+
+The socket libvirtd will use.
+
+=item F<$HOME/.pki/libvirt/cacert.pem>
+
+The TLS B<Certificate Authority> certificate libvirtd will use.
+
+=item F<$HOME/.pki/libvirt/servercert.pem>
+
+The TLS B<Server> certificate libvirtd will use.
+
+=item F<$HOME/.pki/libvirt/serverkey.pem>
+
+The TLS B<Server> private key libvirtd will use.
+
+=item F<$XDG_RUNTIME_DIR/libvirt/libvirtd.pid>
+
+The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
+
+=item If $XDG_CONFIG_HOME is not set in your environment, libvirtd will use F<$HOME/.config>
+
+=item If $XDG_RUNTIME_DIR is not set in your environment, libvirtd will use F<$HOME/.cache>
+
+=back
+
+=head1 EXAMPLES
+
+To retrieve the version of libvirtd:
+
+ # libvirtd --version
+ libvirtd (libvirt) 0.8.2
+ #
+
+To start libvirtd, instructing it to daemonize and create a PID file:
+
+ # libvirtd -d
+ # ls -la LOCALSTATEDIR/run/libvirtd.pid
+ -rw-r--r-- 1 root root 6 Jul  9 02:40 LOCALSTATEDIR/run/libvirtd.pid
+ #
+
+=head1 BUGS
+
+Please report all bugs you discover.  This should be done via either:
+
+=over
+
+=item a) the mailing list
+
+L<http://libvirt.org/contact.html>
+
+=item or,
+
+B<>
+
+=item b) the bug tracker
+
+L<http://libvirt.org/bugs.html>
+
+=item Alternatively, you may report bugs to your software distributor / vendor.
+
+=back
+
+=head1 AUTHORS
+
+Please refer to the AUTHORS file distributed with libvirt.
+
+=head1 COPYRIGHT
+
+Copyright (C) 2006-2012 Red Hat, Inc., and the authors listed in the
+libvirt AUTHORS file.
+
+=head1 LICENSE
+
+libvirtd is distributed under the terms of the GNU LGPL v2.1+.
+This is free software; see the source for copying conditions. There
+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE
+
+=head1 SEE ALSO
+
+L<virsh(1)>, L<virt-install(1)>, L<virt-xml-validate(1)>, L<virt-top(1)>,
+L<virt-df(1)>, L<http://www.libvirt.org/>
+
+=cut
--- a/daemon/libvirtd.sasl
+++ b/daemon/libvirtd.sasl
@@ -1,45 +1,31 @@
-# If you want to use the non-TLS socket, then you *must* pick a
-# mechanism which provides session encryption as well as
-# authentication.
+# If you want to use the non-TLS socket, then you *must* include
+# the GSSAPI or DIGEST-MD5 mechanisms, because they are the only
+# ones that can offer session encryption as well as authentication.
 #
-# If you are only using TLS, then you can turn on any mechanisms
+# If you're only using TLS, then you can turn on any mechanisms
 # you like for authentication, because TLS provides the encryption
 #
-# If you are only using UNIX, sockets then encryption is not
-# required at all.
-#
-# Since SASL is the default for the libvirtd non-TLS socket, we
-# pick a strong mechanism by default.
-#
-# NB, previously DIGEST-MD5 was set as the default mechanism for
-# libvirt. Per RFC 6331 this is vulnerable to many serious security
-# flaws and should no longer be used. Thus GSSAPI is now the default.
-#
-# To use GSSAPI requires that a libvirtd service principal is
-# added to the Kerberos server for each host running libvirtd.
-# This principal needs to be exported to the keytab file listed below
-mech_list: gssapi
-
-# If using a TLS socket or UNIX socket only, it is possible to
-# enable plugins which don't provide session encryption. The
-# 'scram-sha-1' plugin allows plain username/password authentication
-# to be performed
-#
-#mech_list: scram-sha-1
+# Default to a simple username+password mechanism
+mech_list: digest-md5

+# Before you can use GSSAPI, you need a service principle on the
+# KDC server for libvirt, and that to be exported to the keytab
+# file listed below
+#mech_list: gssapi
 #
 # You can also list many mechanisms at once, then the user can choose
 # by adding  '?auth=sasl.gssapi' to their libvirt URI, eg
 #   qemu+tcp://hostname/system?auth=sasl.gssapi
-#mech_list: scram-sha-1 gssapi
+#mech_list: digest-md5 gssapi

 # Some older builds of MIT kerberos on Linux ignore this option &
 # instead need KRB5_KTNAME env var.
 # For modern Linux, and other OS, this should be sufficient
 #
-keytab: /etc/libvirt/krb5.tab
+# There is no default value here, uncomment if you need this
+#keytab: /etc/libvirt/krb5.tab

-# If using scram-sha-1 for username/passwds, then this is the file
+# If using digest-md5 for username/passwds, then this is the file
 # containing the passwds. Use 'saslpasswd2 -a libvirt [username]'
 # to add entries, and 'sasldblistusers2 -f [sasldb_path]' to browse it
-#sasldb_path: /etc/libvirt/passwd.db
+sasldb_path: /etc/libvirt/passwd.db
--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -1,19 +1,10 @@
-# NB we don't use socket activation. When libvirtd starts it will
-# spawn any virtual machines registered for autostart. We want this
-# to occur on every boot, regardless of whether any client connects
-# to a socket. Thus socket activation doesn't have any benefit
-
 [Unit]
 Description=Virtualization daemon
-Requires=virtlogd.socket
-Requires=virtlockd.socket
 Before=libvirt-guests.service
 After=network.target
 After=dbus.service
 After=iscsid.service
 After=apparmor.service
-After=local-fs.target
-After=remote-fs.target
 Documentation=man:libvirtd(8)
 Documentation=http://libvirt.org

@@ -24,13 +15,8 @@ ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
-# At least 1 FD per guest, often 2 (eg qemu monitor + qemu agent).
-# eg if we want to support 4096 guests, we'll typically need 8192 FDs
-# If changing this, also consider virtlogd.service & virtlockd.service
-# limits which are also related to number of guests
-LimitNOFILE=8192
+# Override the maximum number of opened files
+#LimitNOFILE=2048

 [Install]
 WantedBy=multi-user.target
-Also=virtlockd.socket
-Also=virtlogd.socket
--- a/daemon/libvirtd.socket.in
+++ b/daemon/libvirtd.socket.in
@@ -0,0 +1,11 @@
+[Socket]
+ListenStream=@runstatedir@/libvirt/libvirt-sock
+ListenStream=@runstatedir@/libvirt/libvirt-sock-ro
+
+; The following settings must match libvirtd.conf file in order to
+; work as expected because libvirtd can't change them later.
+; SocketMode=0777 is safe only if authentication on the socket is set
+; up.  For further information, please see the libvirtd.conf file.
+SocketMode=0777
+SocketUser=root
+SocketGroup=root
--- a/daemon/remote.c
+++ b/daemon/remote.c
--- a/daemon/stream.c
+++ b/daemon/stream.c
@@ -42,15 +42,15 @@ struct daemonClientStream {

    virStreamPtr st;
    int procedure;
-    unsigned int serial;
+    int serial;

-    bool recvEOF;
-    bool closed;
+    unsigned int recvEOF : 1;
+    unsigned int closed : 1;

    int filterID;

    virNetMessagePtr rx;
-    bool tx;
+    int tx;

    daemonClientStreamPtr next;
 };
@@ -76,8 +76,6 @@ static void
 daemonStreamUpdateEvents(daemonClientStream *stream)
 {
    int newEvents = 0;
-    if (stream->closed)
-        return;
    if (stream->rx)
        newEvents |= VIR_STREAM_EVENT_WRITABLE;
    if (stream->tx && !stream->recvEOF)
@@ -94,14 +92,14 @@ daemonStreamUpdateEvents(daemonClientStream *stream)
 * fast stream, but slow client
 */
 static void
-daemonStreamMessageFinished(virNetMessagePtr msg,
+daemonStreamMessageFinished(virNetMessagePtr msg ATTRIBUTE_UNUSED,
                            void *opaque)
 {
    daemonClientStream *stream = opaque;
-    VIR_DEBUG("stream=%p proc=%d serial=%u",
+    VIR_DEBUG("stream=%p proc=%d serial=%d",
              stream, msg->header.proc, msg->header.serial);

-    stream->tx = true;
+    stream->tx = 1;
    daemonStreamUpdateEvents(stream);

    daemonFreeClientStream(NULL, stream);
@@ -199,8 +197,8 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
        (events & VIR_STREAM_EVENT_HANGUP)) {
        virNetMessagePtr msg;
        events &= ~(VIR_STREAM_EVENT_HANGUP);
-        stream->tx = false;
-        stream->recvEOF = true;
+        stream->tx = 0;
+        stream->recvEOF = 1;
        if (!(msg = virNetMessageNew(false))) {
            daemonRemoveClientStream(client, stream);
            virNetServerClientClose(client);
@@ -229,7 +227,7 @@ daemonStreamEvent(virStreamPtr st, int events, void *opaque)
        virNetMessageError rerr;

        memset(&rerr, 0, sizeof(rerr));
-        stream->closed = true;
+        stream->closed = 1;
        virStreamEventRemoveCallback(stream->st);
        virStreamAbort(stream->st);
        if (events & VIR_STREAM_EVENT_HANGUP)
@@ -295,7 +293,7 @@ daemonStreamFilter(virNetServerClientPtr client ATTRIBUTE_UNUSED,
        msg->header.serial != stream->serial)
        goto cleanup;

-    VIR_DEBUG("Incoming client=%p, rx=%p, serial=%u, proc=%d, status=%d",
+    VIR_DEBUG("Incoming client=%p, rx=%p, serial=%d, proc=%d, status=%d",
              client, stream->rx, msg->header.proc,
              msg->header.serial, msg->header.status);

@@ -326,7 +324,7 @@ daemonCreateClientStream(virNetServerClientPtr client,
    daemonClientStream *stream;
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);

-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p",
              client, header->proc, header->serial, st);

    if (VIR_ALLOC(stream) < 0)
@@ -362,7 +360,7 @@ int daemonFreeClientStream(virNetServerClientPtr client,
    if (stream->refs)
        return 0;

-    VIR_DEBUG("client=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d",
              client, stream->procedure, stream->serial);

    virObjectUnref(stream->prog);
@@ -385,7 +383,7 @@ int daemonFreeClientStream(virNetServerClientPtr client,
        msg = tmp;
    }

-    virObjectUnref(stream->st);
+    virStreamFree(stream->st);
    VIR_FREE(stream);

    return ret;
@@ -400,7 +398,7 @@ int daemonAddClientStream(virNetServerClientPtr client,
                          daemonClientStream *stream,
                          bool transmit)
 {
-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p, transmit=%d",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p, transmit=%d",
              client, stream->procedure, stream->serial, stream->st, transmit);
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);

@@ -424,7 +422,7 @@ int daemonAddClientStream(virNetServerClientPtr client,
    }

    if (transmit)
-        stream->tx = true;
+        stream->tx = 1;

    virMutexLock(&priv->lock);
    stream->next = priv->streams;
@@ -444,13 +442,13 @@ int daemonAddClientStream(virNetServerClientPtr client,
 *
 * Removes a stream from the list of active streams for the client
 *
- * Returns 0 if the stream was removed, -1 if it doesn't exist
+ * Returns 0 if the stream was removd, -1 if it doesn't exist
 */
 int
 daemonRemoveClientStream(virNetServerClientPtr client,
                         daemonClientStream *stream)
 {
-    VIR_DEBUG("client=%p, proc=%d, serial=%u, st=%p",
+    VIR_DEBUG("client=%p, proc=%d, serial=%d, st=%p",
              client, stream->procedure, stream->serial, stream->st);
    daemonClientPrivatePtr priv = virNetServerClientGetPrivateData(client);
    daemonClientStream *curr = priv->streams;
@@ -463,7 +461,6 @@ daemonRemoveClientStream(virNetServerClientPtr client,
    }

    if (!stream->closed) {
-        stream->closed = true;
        virStreamEventRemoveCallback(stream->st);
        virStreamAbort(stream->st);
    }
@@ -494,7 +491,6 @@ daemonRemoveAllClientStreams(daemonClientStream *stream)
        tmp = stream->next;

        if (!stream->closed) {
-            stream->closed = true;
            virStreamEventRemoveCallback(stream->st);
            virStreamAbort(stream->st);
        }
@@ -519,7 +515,7 @@ daemonStreamHandleWriteData(virNetServerClientPtr client,
 {
    int ret;

-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u, len=%zu, offset=%zu",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d, len=%zu, offset=%zu",
              client, stream, msg->header.proc, msg->header.serial,
              msg->bufferLength, msg->bufferOffset);

@@ -542,10 +538,7 @@ daemonStreamHandleWriteData(virNetServerClientPtr client,
        memset(&rerr, 0, sizeof(rerr));

        VIR_INFO("Stream send failed");
-        stream->closed = true;
-        virStreamEventRemoveCallback(stream->st);
-        virStreamAbort(stream->st);
-
+        stream->closed = 1;
        return virNetServerProgramSendReplyError(stream->prog,
                                                 client,
                                                 msg,
@@ -572,10 +565,10 @@ daemonStreamHandleFinish(virNetServerClientPtr client,
 {
    int ret;

-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d",
              client, stream, msg->header.proc, msg->header.serial);

-    stream->closed = true;
+    stream->closed = 1;
    virStreamEventRemoveCallback(stream->st);
    ret = virStreamFinish(stream->st);

@@ -609,42 +602,31 @@ daemonStreamHandleAbort(virNetServerClientPtr client,
                        daemonClientStream *stream,
                        virNetMessagePtr msg)
 {
-    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%u",
+    VIR_DEBUG("client=%p, stream=%p, proc=%d, serial=%d",
              client, stream, msg->header.proc, msg->header.serial);
-    int ret;
-    bool raise_error = false;
+    virNetMessageError rerr;

-    stream->closed = true;
+    memset(&rerr, 0, sizeof(rerr));
+
+    stream->closed = 1;
    virStreamEventRemoveCallback(stream->st);
-    ret = virStreamAbort(stream->st);
+    virStreamAbort(stream->st);

    if (msg->header.status == VIR_NET_ERROR) {
-        VIR_INFO("stream aborted at client request");
-        raise_error = (ret < 0);
+        virReportError(VIR_ERR_RPC,
+                       "%s", _("stream aborted at client request"));
    } else {
+        VIR_WARN("unexpected stream status %d", msg->header.status);
        virReportError(VIR_ERR_RPC,
                       _("stream aborted with unexpected status %d"),
                       msg->header.status);
-        raise_error = true;
    }

-    if (raise_error) {
-        virNetMessageError rerr;
-        memset(&rerr, 0, sizeof(rerr));
-        return virNetServerProgramSendReplyError(remoteProgram,
-                                                 client,
-                                                 msg,
-                                                 &rerr,
-                                                 &msg->header);
-    } else {
-        /* Send zero-length confirm */
-        return virNetServerProgramSendStreamData(stream->prog,
-                                                 client,
-                                                 msg,
-                                                 stream->procedure,
-                                                 stream->serial,
-                                                 NULL, 0);
-    }
+    return virNetServerProgramSendReplyError(remoteProgram,
+                                             client,
+                                             msg,
+                                             &rerr,
+                                             &msg->header);
 }


@@ -719,7 +701,7 @@ daemonStreamHandleWrite(virNetServerClientPtr client,
 * worth of data, and then queues that for transmission
 * to the client.
 *
- * Returns 0 if data was queued for TX, or an error RPC
+ * Returns 0 if data was queued for TX, or a error RPC
 * was sent, or -1 on fatal error, indicating client should
 * be killed
 */
@@ -727,12 +709,9 @@ static int
 daemonStreamHandleRead(virNetServerClientPtr client,
                       daemonClientStream *stream)
 {
-    virNetMessagePtr msg = NULL;
-    virNetMessageError rerr;
    char *buffer;
    size_t bufferLen = VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX;
-    int ret = -1;
-    int rv;
+    int ret;

    VIR_DEBUG("client=%p, stream=%p tx=%d closed=%d",
              client, stream, stream->tx, stream->closed);
@@ -749,48 +728,50 @@ daemonStreamHandleRead(virNetServerClientPtr client,
    if (!stream->tx)
        return 0;

-    memset(&rerr, 0, sizeof(rerr));
-
    if (VIR_ALLOC_N(buffer, bufferLen) < 0)
        return -1;

-    if (!(msg = virNetMessageNew(false)))
-        goto cleanup;
-
-    rv = virStreamRecv(stream->st, buffer, bufferLen);
-    if (rv == -2) {
+    ret = virStreamRecv(stream->st, buffer, bufferLen);
+    if (ret == -2) {
        /* Should never get this, since we're only called when we know
         * we're readable, but hey things change... */
-    } else if (rv < 0) {
-        if (virNetServerProgramSendStreamError(remoteProgram,
-                                               client,
-                                               msg,
-                                               &rerr,
-                                               stream->procedure,
-                                               stream->serial) < 0)
-            goto cleanup;
-        msg = NULL;
-    } else {
-        stream->tx = false;
-        if (rv == 0)
-            stream->recvEOF = true;
+        ret = 0;
+    } else if (ret < 0) {
+        virNetMessagePtr msg;
+        virNetMessageError rerr;

-        msg->cb = daemonStreamMessageFinished;
-        msg->opaque = stream;
-        stream->refs++;
-        if (virNetServerProgramSendStreamData(remoteProgram,
-                                              client,
-                                              msg,
-                                              stream->procedure,
-                                              stream->serial,
-                                              buffer, rv) < 0)
-            goto cleanup;
-        msg = NULL;
+        memset(&rerr, 0, sizeof(rerr));
+
+        if (!(msg = virNetMessageNew(false)))
+            ret = -1;
+        else
+            ret = virNetServerProgramSendStreamError(remoteProgram,
+                                                     client,
+                                                     msg,
+                                                     &rerr,
+                                                     stream->procedure,
+                                                     stream->serial);
+    } else {
+        virNetMessagePtr msg;
+        stream->tx = 0;
+        if (ret == 0)
+            stream->recvEOF = 1;
+        if (!(msg = virNetMessageNew(false)))
+            ret = -1;
+
+        if (msg) {
+            msg->cb = daemonStreamMessageFinished;
+            msg->opaque = stream;
+            stream->refs++;
+            ret = virNetServerProgramSendStreamData(remoteProgram,
+                                                    client,
+                                                    msg,
+                                                    stream->procedure,
+                                                    stream->serial,
+                                                    buffer, ret);
+        }
    }

-    ret = 0;
- cleanup:
    VIR_FREE(buffer);
-    virNetMessageFree(msg);
    return ret;
 }
--- a/daemon/stream.h
+++ b/daemon/stream.h
@@ -26,6 +26,8 @@

 # include "libvirtd.h"

+
+
 daemonClientStream *
 daemonCreateClientStream(virNetServerClientPtr client,
                         virStreamPtr st,
--- a/daemon/test_libvirtd.aug.in
+++ b/daemon/test_libvirtd.aug.in
@@ -12,7 +12,6 @@ module Test_libvirtd =
        { "unix_sock_group" = "libvirt" }
        { "unix_sock_ro_perms" = "0777" }
        { "unix_sock_rw_perms" = "0770" }
-        { "unix_sock_admin_perms" = "0700" }
        { "unix_sock_dir" = "/var/run/libvirt" }
        { "auth_unix_ro" = "none" }
        { "auth_unix_rw" = "none" }
@@ -35,7 +34,6 @@ module Test_libvirtd =
             { "1" = "joe@EXAMPLE.COM" }
             { "2" = "fred@EXAMPLE.COM" }
        }
-        { "tls_priority" = "NORMAL" }
        { "max_clients" = "5000" }
        { "max_queued_clients" = "1000" }
        { "max_anonymous_clients" = "20" }
@@ -44,11 +42,6 @@ module Test_libvirtd =
        { "prio_workers" = "5" }
        { "max_requests" = "20" }
        { "max_client_requests" = "5" }
-        { "admin_min_workers" = "1" }
-        { "admin_max_workers" = "5" }
-        { "admin_max_clients" = "5" }
-        { "admin_max_queued_clients" = "5" }
-        { "admin_max_client_requests" = "5" }
        { "log_level" = "3" }
        { "log_filters" = "3:remote 4:event" }
        { "log_outputs" = "3:syslog:libvirtd" }
@@ -56,11 +49,6 @@ module Test_libvirtd =
        { "audit_level" = "2" }
        { "audit_logging" = "1" }
        { "host_uuid" = "00000000-0000-0000-0000-000000000000" }
-        { "host_uuid_source" = "smbios" }
        { "keepalive_interval" = "5" }
        { "keepalive_count" = "5" }
        { "keepalive_required" = "1" }
-        { "admin_keepalive_required" = "1" }
-        { "admin_keepalive_interval" = "5" }
-        { "admin_keepalive_count" = "5" }
-        { "ovs_timeout" = "5" }
--- a/daemon/virt-guest-shutdown.target
+++ b/daemon/virt-guest-shutdown.target
@@ -1,3 +0,0 @@
-[Unit]
-Description=Libvirt guests shutdown
-Documentation=http://libvirt.org
--- a/docs/404.html.in
+++ b/docs/404.html.in
@@ -15,5 +15,10 @@
        locate the content on this site or mailing list archives</li>
    </ul>

+    <p class="image">
+      <img src="/libvirtLogo404.png" alt="libvirt Logo"/>
+    </p>
+
+
  </body>
 </html>
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in

-## Copyright (C) 2005-2016 Red Hat, Inc.
+## Copyright (C) 2005-2013 Red Hat, Inc.
 ##
 ## This library is free software; you can redistribute it and/or
 ## modify it under the terms of the GNU Lesser General Public
@@ -16,25 +16,18 @@
 ## License along with this library.  If not, see
 ## <http://www.gnu.org/licenses/>.

+SUBDIRS= schemas
+
+PERL = perl
+
+# The directory containing the source code (if it contains documentation).
+DOC_SOURCE_DIR=../src
+
 DEVHELP_DIR=$(datadir)/gtk-doc/html/libvirt

-apihtml =					\
-  html/index.html				\
-  $(apihtml_generated)
-
-apihtml_generated = \
-  html/libvirt-libvirt-common.html		\
-  html/libvirt-libvirt-domain.html		\
-  html/libvirt-libvirt-domain-snapshot.html	\
-  html/libvirt-libvirt-event.html		\
-  html/libvirt-libvirt-host.html		\
-  html/libvirt-libvirt-interface.html		\
-  html/libvirt-libvirt-network.html		\
-  html/libvirt-libvirt-nodedev.html		\
-  html/libvirt-libvirt-nwfilter.html		\
-  html/libvirt-libvirt-secret.html		\
-  html/libvirt-libvirt-storage.html		\
-  html/libvirt-libvirt-stream.html		\
+apihtml =			\
+  html/index.html		\
+  html/libvirt-libvirt.html	\
  html/libvirt-virterror.html

 apipng =	\
@@ -47,6 +40,7 @@ devhelphtml =			\
  devhelp/libvirt.devhelp	\
  devhelp/index.html		\
  devhelp/general.html		\
+  devhelp/libvirt-libvirt.html	\
  devhelp/libvirt-virterror.html

 css =         \
@@ -64,30 +58,20 @@ devhelpcss = devhelp/style.css

 devhelpxsl = devhelp/devhelp.xsl devhelp/html.xsl

-logofiles = \
-  logos/logo-base.svg \
-  logos/logo-square.svg \
-  logos/logo-square-powered.svg \
-  logos/logo-banner-dark.svg \
-  logos/logo-banner-light.svg \
-  logos/logo-square-96.png \
-  logos/logo-square-128.png \
-  logos/logo-square-192.png \
-  logos/logo-square-256.png \
-  logos/logo-square-powered-96.png \
-  logos/logo-square-powered-128.png \
-  logos/logo-square-powered-192.png \
-  logos/logo-square-powered-256.png \
-  logos/logo-banner-dark-256.png \
-  logos/logo-banner-dark-800.png \
-  logos/logo-banner-light-256.png \
-  logos/logo-banner-light-800.png
-
 png = \
  32favicon.png \
+  footer_corner.png \
+  footer_pattern.png \
+  libvirt-header-bg.png \
+  libvirt-header-logo.png \
+  libvirtLogo.png \
+  libvirt-net-logical.png \
+  libvirt-net-physical.png \
  libvirt-daemon-arch.png \
  libvirt-driver-arch.png \
  libvirt-object-model.png \
+  madeWith.png \
+  et.png \
  migration-managed-direct.png \
  migration-managed-p2p.png \
  migration-native.png \
@@ -103,14 +87,15 @@ internals_html_in = \
  $(patsubst $(srcdir)/%,%,$(wildcard $(srcdir)/internals/*.html.in))
 internals_html = $(internals_html_in:%.html.in=%.html)

-# Since we ship pre-built html in the tarball, we must also
-# ship the sources, even when those sources are themselves
-# generated.
-# Generate hvsupport.html and news.html first, since they take one extra step.
-dot_html_in = \
-  hvsupport.html.in \
-  news.html.in \
-  $(notdir $(wildcard $(srcdir)/*.html.in))
+# todo.html is special - it is shipped in the tarball, but we
+# have a dedicated 'todo' target to rebuild it from a proper
+# config file, all other users are able to build it locally.
+# For all other files, since we ship pre-built html in the
+# tarball, we must also ship the sources, even when those
+# sources are themselves generated.
+dot_html_in = $(notdir $(wildcard $(srcdir)/*.html.in)) \
+  todo.html.in \
+  hvsupport.html.in
 dot_html = $(dot_html_in:%.html.in=%.html)

 dot_php_in = $(notdir $(wildcard $(srcdir)/*.php.in))
@@ -131,18 +116,12 @@ lxc_xml = \
  libvirt-lxc-api.xml \
  libvirt-lxc-refs.xml

-admin_xml = \
-  libvirt-admin-api.xml \
-  libvirt-admin-refs.xml
-
 apidir = $(pkgdatadir)/api
-api_DATA = \
-       libvirt-api.xml \
-       libvirt-qemu-api.xml \
-       libvirt-lxc-api.xml \
-       libvirt-admin-api.xml
+api_DATA = libvirt-api.xml libvirt-qemu-api.xml libvirt-lxc-api.xml

 fig = \
+  libvirt-net-logical.fig \
+  libvirt-net-physical.fig \
  libvirt-daemon-arch.fig \
  libvirt-driver-arch.fig \
  libvirt-object-model.fig \
@@ -152,23 +131,19 @@ fig = \
  migration-tunnel.fig \
  migration-unmanaged-direct.fig

-schemadir = $(pkgdatadir)/schemas
-schema_DATA = $(wildcard $(srcdir)/schemas/*.rng)
-
 EXTRA_DIST=					\
  apibuild.py genaclperms.pl \
-  site.xsl subsite.xsl newapi.xsl page.xsl \
+  site.xsl newapi.xsl news.xsl page.xsl \
  hacking1.xsl hacking2.xsl wrapstring.xsl \
  $(dot_html) $(dot_html_in) $(gif) $(apihtml) $(apipng) \
  $(devhelphtml) $(devhelppng) $(devhelpcss) $(devhelpxsl) \
-  $(xml) $(qemu_xml) $(lxc_xml) $(admin_xml) $(fig) $(png) $(css) \
-  $(logofiles) $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
+  $(xml) $(qemu_xml) $(lxc_xml) $(fig) $(png) $(css) \
+  $(patches) $(dot_php_in) $(dot_php_code_in) $(dot_php)\
  $(internals_html_in) $(internals_html) \
-  aclperms.htmlinc \
-  hvsupport.pl \
-  $(schema_DATA)
+  sitemap.html.in aclperms.htmlinc \
+  todo.pl hvsupport.pl todo.cfg-example

-acl_generated = aclperms.htmlinc
+acl.html:: $(srcdir)/aclperms.htmlinc

 $(srcdir)/aclperms.htmlinc: $(top_srcdir)/src/access/viraccessperm.h \
        $(srcdir)/genaclperms.pl Makefile.am
@@ -187,61 +162,57 @@ all-am: web
 api: $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
 qemu_api: $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
 lxc_api: $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
-admin_api: $(srcdir)/libvirt-admin-api.xml $(srcdir)/libvirt-admin-refs.xml

 web: $(dot_html) $(internals_html) html/index.html devhelp/index.html \
  $(dot_php)

-hvsupport.html: $(srcdir)/hvsupport.html.in
+todo.html.in: todo.pl
+	if [ -f  todo.cfg ]; then \
+		echo "Generating $@"; \
+		$(PERL) $< > $@ \
+		|| { rm $@ && exit 1; }; \
+	else \
+		echo "Stubbing $@"; \
+		printf "%s\n" \
+		  "<html xmlns=\"http://www.w3.org/1999/xhtml\">" \
+		  "<body>" \
+		  "<h1>Todo list unavailable: no config file</h1>" \
+		  "</body></html>" > $@ ; \
+	fi

-$(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl $(api_DATA) \
-		$(top_srcdir)/src/libvirt_public.syms \
-	$(top_srcdir)/src/libvirt_qemu.syms $(top_srcdir)/src/libvirt_lxc.syms \
-	$(top_srcdir)/src/driver.h
-	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(top_srcdir)/src > $@ \
+todo:
+	rm -f todo.html.in
+	$(MAKE) todo.html
+
+hvsupport.html:: $(srcdir)/hvsupport.html.in
+
+$(srcdir)/hvsupport.html.in: $(srcdir)/hvsupport.pl \
+		$(srcdir)/../src/libvirt_public.syms \
+	$(srcdir)/../src/libvirt_qemu.syms $(srcdir)/../src/libvirt_lxc.syms \
+	$(srcdir)/../src/driver.h
+	$(AM_V_GEN)$(PERL) $(srcdir)/hvsupport.pl $(srcdir)/../src > $@ \
 		|| { rm $@ && exit 1; }

-# xsltproc seems to add the xmlns="" attribute to random output elements:
-# use sed to strip it out, as leaving it there triggers XML errors during
-# further transformation steps
-news.html.in: \
-	  $(srcdir)/news.xml \
-	  $(srcdir)/news-html.xsl
-	$(AM_V_GEN) \
-	if [ -x $(XSLTPROC) ]; then \
-	  $(XSLTPROC) --nonet \
-	    $(srcdir)/news-html.xsl \
-	    $(srcdir)/news.xml \
-	  >$@-tmp \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  sed 's/ xmlns=""//g' $@-tmp >$@ \
-	    || { rm -f $@-tmp; exit 1; }; \
-	  rm -f $@-tmp; \
-	fi
-EXTRA_DIST += \
-	$(srcdir)/news.xml \
-	$(srcdir)/news-html.xsl
-MAINTAINERCLEANFILES += \
-	$(srcdir)/news.html.in
+.PHONY: todo

 %.png: %.fig
 	convert -rotate 90 $< $@

-%.html.tmp: %.html.in site.xsl subsite.xsl page.xsl \
-		$(acl_generated)
+internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in
+	@if [ -x $(XSLTPROC) ] ; then \
+	  echo "Generating $@"; \
+	  $(MKDIR_P) internals; \
+	  name=`echo $@ | sed -e 's/.tmp//'`; \
+	  $(XSLTPROC) --stringparam pagename $$name --nonet \
+	    $(top_srcdir)/docs/subsite.xsl $< > $@ \
+	    || { rm $@ && exit 1; }; fi
+
+%.html.tmp: %.html.in site.xsl page.xsl sitemap.html.in
 	@if [ -x $(XSLTPROC) ] ; then \
 	  echo "Generating $@"; \
 	  name=`echo $@ | sed -e 's/.tmp//'`; \
-	  dir=`dirname $@` ; \
-	  if test "$$dir" = "."; \
-	  then \
-	    style=site.xsl; \
-	  else \
-	    $(MKDIR_P) $$dir; \
-	    style=subsite.xsl; \
-	  fi; \
 	  $(XSLTPROC) --stringparam pagename $$name --nonet \
-	    $(top_srcdir)/docs/$$style $< > $@ \
+	    $(top_srcdir)/docs/site.xsl $< > $@ \
 	    || { rm $@ && exit 1; }; fi

 %.html: %.html.tmp
@@ -252,9 +223,9 @@ MAINTAINERCLEANFILES += \
 	  SGML_CATALOG_FILES='$(XML_CATALOG_FILE)' \
 	  $(XMLLINT) --catalogs --nonet --format --valid $< > $(srcdir)/$@ \
 	  || { rm $(srcdir)/$@ && exit 1; }; \
-	  else echo "missing XHTML1 DTD"; cat $< > $(srcdir)/$@ ; fi ; fi
+	  else echo "missing XHTML1 DTD" ; fi ; fi

-%.php.tmp: %.php.in site.xsl page.xsl
+%.php.tmp: %.php.in site.xsl page.xsl sitemap.html.in
 	@if [ -x $(XSLTPROC) ] ; then \
 	  echo "Generating $@"; \
 	  $(XSLTPROC) --stringparam pagename $(@:.tmp=) --nonet \
@@ -268,9 +239,7 @@ MAINTAINERCLEANFILES += \
 	    -e /php_placeholder/d < $@.tmp > $(srcdir)/$@ \
 	    || { rm $(srcdir)/$@ && exit 1; }; fi

-$(apihtml_generated): html/index.html
-
-html/index.html: libvirt-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
+html/index.html: libvirt-api.xml newapi.xsl page.xsl sitemap.html.in
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
 	  $(XSLTPROC) --nonet -o $(srcdir)/ \
 	  --stringparam builddir '$(abs_top_builddir)' \
@@ -280,7 +249,7 @@ html/index.html: libvirt-api.xml newapi.xsl page.xsl $(APIBUILD_STAMP)
 	    > /dev/null ; then \
 	  SGML_CATALOG_FILES='$(XML_CATALOG_FILE)' \
 	  $(XMLLINT) --catalogs --nonet --valid --noout $(srcdir)/html/*.html ; \
-	  else echo "missing XHTML1 DTD"; cat $< > $(srcdir)/$@ ; fi ; fi
+	  else echo "missing XHTML1 DTD" ; fi ; fi

 $(addprefix $(srcdir)/,$(devhelphtml)): $(srcdir)/libvirt-api.xml $(devhelpxsl)
 	$(AM_V_GEN)if [ -x $(XSLTPROC) ] ; then \
@@ -289,9 +258,9 @@ $(addprefix $(srcdir)/,$(devhelphtml)): $(srcdir)/libvirt-api.xml $(devhelpxsl)


 python_generated_files = \
+		$(srcdir)/html/libvirt-libvirt.html \
 		$(srcdir)/html/libvirt-libvirt-lxc.html \
 		$(srcdir)/html/libvirt-libvirt-qemu.html \
-		$(srcdir)/html/libvirt-libvirt-admin.html \
 		$(srcdir)/html/libvirt-virterror.html \
 		$(srcdir)/libvirt-api.xml \
 		$(srcdir)/libvirt-refs.xml \
@@ -299,8 +268,6 @@ python_generated_files = \
 		$(srcdir)/libvirt-lxc-refs.xml \
 		$(srcdir)/libvirt-qemu-api.xml \
 		$(srcdir)/libvirt-qemu-refs.xml \
-		$(srcdir)/libvirt-admin-api.xml \
-		$(srcdir)/libvirt-admin-refs.xml \
 		$(NULL)

 APIBUILD=$(srcdir)/apibuild.py
@@ -310,41 +277,17 @@ EXTRA_DIST += $(APIBUILD_STAMP)
 $(python_generated_files): $(APIBUILD_STAMP)

 $(APIBUILD_STAMP): $(srcdir)/apibuild.py \
-		$(top_srcdir)/include/libvirt/libvirt.h \
-		$(top_srcdir)/include/libvirt/libvirt-common.h.in \
-		$(top_srcdir)/include/libvirt/libvirt-domain-snapshot.h \
-		$(top_srcdir)/include/libvirt/libvirt-domain.h \
-		$(top_srcdir)/include/libvirt/libvirt-event.h \
-		$(top_srcdir)/include/libvirt/libvirt-host.h \
-		$(top_srcdir)/include/libvirt/libvirt-interface.h \
-		$(top_srcdir)/include/libvirt/libvirt-network.h \
-		$(top_srcdir)/include/libvirt/libvirt-nodedev.h \
-		$(top_srcdir)/include/libvirt/libvirt-nwfilter.h \
-		$(top_srcdir)/include/libvirt/libvirt-secret.h \
-		$(top_srcdir)/include/libvirt/libvirt-storage.h \
-		$(top_srcdir)/include/libvirt/libvirt-stream.h \
-		$(top_srcdir)/include/libvirt/libvirt-lxc.h \
-		$(top_srcdir)/include/libvirt/libvirt-qemu.h \
-		$(top_srcdir)/include/libvirt/libvirt-admin.h \
-		$(top_srcdir)/include/libvirt/virterror.h \
-		$(top_srcdir)/src/libvirt.c \
-		$(top_srcdir)/src/libvirt-domain-snapshot.c \
-		$(top_srcdir)/src/libvirt-domain.c \
-		$(top_srcdir)/src/libvirt-host.c \
-		$(top_srcdir)/src/libvirt-interface.c \
-		$(top_srcdir)/src/libvirt-network.c \
-		$(top_srcdir)/src/libvirt-nodedev.c \
-		$(top_srcdir)/src/libvirt-nwfilter.c \
-		$(top_srcdir)/src/libvirt-secret.c \
-		$(top_srcdir)/src/libvirt-storage.c \
-		$(top_srcdir)/src/libvirt-stream.c \
-		$(top_srcdir)/src/libvirt-lxc.c \
-		$(top_srcdir)/src/libvirt-qemu.c \
-		$(top_srcdir)/src/libvirt-admin.c \
-		$(top_srcdir)/src/util/virerror.c \
-		$(top_srcdir)/src/util/virevent.c \
-		$(top_srcdir)/src/util/virtypedparam.c
-	$(AM_V_GEN)srcdir=$(srcdir) builddir=$(builddir) $(PYTHON) $(APIBUILD)
+		$(srcdir)/../include/libvirt/libvirt.h.in \
+		$(srcdir)/../include/libvirt/libvirt-lxc.h \
+		$(srcdir)/../include/libvirt/libvirt-qemu.h \
+		$(srcdir)/../include/libvirt/virterror.h \
+		$(srcdir)/../src/libvirt.c \
+		$(srcdir)/../src/libvirt-lxc.c \
+		$(srcdir)/../src/libvirt-qemu.c \
+		$(srcdir)/../src/util/virerror.c \
+		$(srcdir)/../src/util/virevent.c \
+		$(srcdir)/../src/util/virtypedparam.c
+	$(AM_V_GEN)srcdir=$(srcdir) $(PYTHON) $(APIBUILD)
 	touch $@


@@ -352,24 +295,21 @@ check-local: all
 dist-local: all

 clean-local:
-	rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.html html/*.html
+	rm -f *~ *.bak *.hierarchy *.signals *-unused.txt *.html

 maintainer-clean-local: clean-local
-	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml
+	rm -rf $(srcdir)/libvirt-api.xml $(srcdir)/libvirt-refs.xml \
+		todo.html.in
 	rm -rf $(srcdir)/libvirt-qemu-api.xml $(srcdir)/libvirt-qemu-refs.xml
 	rm -rf $(srcdir)/libvirt-lxc-api.xml $(srcdir)/libvirt-lxc-refs.xml
-	rm -rf $(srcdir)/libvirt-admin-api.xml $(srcdir)/libvirt-admin-refs.xml
 	rm -rf $(APIBUILD_STAMP)

-rebuild: api qemu_api lxc_api admin_api all
+rebuild: api qemu_api lxc_api all

 install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)
 	for f in $(css) $(dot_html) $(gif) $(png); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR); done
-	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/logos
-	for f in $(logofiles); do \
-	  $(INSTALL) -m 0644 $(srcdir)/$$f $(DESTDIR)$(HTML_DIR)/logos; done
 	$(mkinstalldirs) $(DESTDIR)$(HTML_DIR)/html
 	for h in $(apihtml); do \
 	  $(INSTALL) -m 0644 $(srcdir)/$$h $(DESTDIR)$(HTML_DIR)/html; done
@@ -382,19 +322,11 @@ install-data-local:
 	for file in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
 	    $(INSTALL) -m 0644 $(srcdir)/$${file} $(DESTDIR)$(DEVHELP_DIR) ; \
 	done
+	$(INSTALL_DATA) $(srcdir)/libvirtLogo.png $(DESTDIR)$(pkgdatadir)

 uninstall-local:
-	for f in $(css) $(dot_html) $(gif) $(png); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for f in $(logofiles); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
-	for h in $(apihtml); do rm -f $(DESTDIR)$(HTML_DIR)/$$h; done
-	for p in $(apipng); do rm -f $(DESTDIR)$(HTML_DIR)/$$p; done
-	for f in $(internals_html); do \
-	  rm -f $(DESTDIR)$(HTML_DIR)/$$f; \
-	done
+	for h in $(apihtml); do rm $(DESTDIR)$(HTML_DIR)/$$h; done
+	for p in $(apipng); do rm $(DESTDIR)$(HTML_DIR)/$$p; done
 	for f in $(devhelphtml) $(devhelppng) $(devhelpcss); do \
-	  rm -f $(DESTDIR)$(DEVHELP_DIR)/$$(basename $$f); \
+	  rm $(DESTDIR)$(DEVHELP_DIR)/$$(basename $$f); \
 	done
--- a/docs/acl.html.in
+++ b/docs/acl.html.in
@@ -90,7 +90,7 @@
      types in its API. Each object type, in turn, has a set
      of permissions defined. To determine what permissions
      are checked for specific API call, consult the
-      <a href="html/index.html">API reference manual</a>
+      <a href="html/libvirt-libvirt.html">API reference manual</a>
      documentation for the API in question.
    </p>

--- a/docs/aclpolkit.html.in
+++ b/docs/aclpolkit.html.in
@@ -121,7 +121,7 @@
          <td>Name of the network interface, unique to the local host</td>
        </tr>
        <tr>
-          <td>interface_macaddr</td>
+          <td>interface_mac</td>
          <td>MAC address of the network interface, not unique</td>
        </tr>
      </tbody>
@@ -224,10 +224,6 @@
          <td>secret_usage_target</td>
          <td>Name of the associated iSCSI target, if any</td>
        </tr>
-        <tr>
-          <td>secret_usage_name</td>
-          <td>Name of the associated TLS secret, if any</td>
-        </tr>
      </tbody>
    </table>

@@ -334,9 +330,9 @@
    </p>

    <pre>
-polkit.addRule(function(action, subject) {
-  ....logic to check 'action' and 'subject'...
-});
+      polkit.addRule(function(action, subject) {
+        ....logic to check 'action' and 'subject'...
+      });
    </pre>

    <p>
@@ -352,12 +348,6 @@ polkit.addRule(function(action, subject) {
      <code>lookup</code> method.
    </p>

-    <p>
-    See
-    <a href="http://libvirt.org/git/?p=libvirt.git;a=tree;f=examples/polkit;hb=HEAD">source code</a>
-    for a more complex example.
-    </p>
-
    <h3><a name="exconnect">Example: restricting ability to connect to drivers</a></h3>

    <p>
--- a/docs/api.html.in
+++ b/docs/api.html.in
@@ -16,7 +16,7 @@
    manipulated through the API is the <code>virConnectPtr</code>, which
    represents the connection to a hypervisor. Any application using libvirt
    is likely to start using the
-    API by calling one of <a href="html/libvirt-libvirt-host.html#virConnectOpen"
+    API by calling one of <a href="html/libvirt-libvirt.html#virConnectOpen"
    >the virConnectOpen functions</a>. You will note that those functions take
    a name argument which is actually a <a href="uri.html">connection URI</a>
    to select the right hypervisor to open.
@@ -26,10 +26,7 @@
    name will default to a preselected hypervisor, but it's probably not a
    wise thing to do in most cases. See the <a href="uri.html">connection
    URI</a> page for a full descriptions of the values allowed.</p>
-    <p> OnDevice the application obtains a
-      <a href="/html/libvirt-libvirt-host.html#virConnectPtr">
-        <code>virConnectPtr</code>
-      </a>
+    <p> Once the application obtains a <code class='docref'>virConnectPtr</code>
    connection to the hypervisor it can then use it to manage the hypervisor's
    available domains and related virtualization
    resources, such as storage and networking. All those are
@@ -41,61 +38,33 @@
    </p>
    <p> The figure above shows the five main objects exported by the API:</p>
    <ul>
-      <li>
-        <a href="html/libvirt-libvirt-host.html#virConnectPtr">
-          <code>virConnectPtr</code>
-        </a>
+      <li><code class='docref'>virConnectPtr</code>
      <p>Represents the connection to a hypervisor. Use one of the
-      <a href="html/libvirt-libvirt-host.html#virConnectOpen">virConnectOpen</a>
+      <a href="html/libvirt-libvirt.html#virConnectOpen">virConnectOpen</a>
      functions to obtain connection to the hypervisor which is then used
      as a parameter to other connection API's.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-domain.html#virDomainPtr">
-          <code>virDomainPtr</code>
-        </a>
+      <li><code class='docref'>virDomainPtr</code>
      <p>Represents one domain either active or defined (i.e. existing as
      permanent config file and storage but not currently running on that
-      node). The function
-        <a href="html/libvirt-libvirt-domain.html#virConnectListAllDomains">
-          <code>virConnectListAllDomains</code>
-        </a>
+      node). The function <code class='docref'>virConnectListAllDomains</code>
      lists all the domains for the hypervisor.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-network.html#virNetworkPtr">
-          <code>virNetworkPtr</code>
-        </a>
+      <li><code class='docref'>virNetworkPtr</code>
      <p>Represents one network either active or defined (i.e. existing
      as permanent config file and storage but not currently activated).
-      The function
-        <a href="html/libvirt-libvirt-network.html#virConnectListAllNetworks">
-          <code>virConnectListAllNetworks</code>
-        </a>
+      The function <code class='docref'>virConnectListAllNetworks</code>
      lists all the virtualization networks for the hypervisor.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-storage.html#virStorageVolPtr">
-          <code>virStorageVolPtr</code>
-        </a>
+      <li><code class='docref'>virStorageVolPtr</code>
      <p>Represents one storage volume generally used
      as a block device available to one of the domains. The function
-        <a href="html/libvirt-libvirt-storage.html#virStorageVolLookupByPath">
-          <code>virStorageVolLookupByPath</code>
-        </a>
-      finds the storage volume object based on its path on the node.</p></li>
-      <li>
-        <a href="html/libvirt-libvirt-storage.html#virStoragePoolPtr">
-          <code>virStoragePoolPtr</code>
-        </a>
+      <code class="docref">virStorageVolLookupByPath</code> finds
+      the storage volume object based on its path on the node.</p></li>
+      <li><code class='docref'>virStoragePoolPtr</code>
      <p>Represents a storage pool, which is a logical area
      used to allocate and store storage volumes. The function
-        <a href="html/libvirt-libvirt-storage.html#virConnectListAllStoragePools">
-          <code>virConnectListAllStoragePools</code>
-        </a>
-      lists all of the virtualization storage pools on the hypervisor.
-      The function
-        <a href="html/libvirt-libvirt-storage.html#virStoragePoolLookupByVolume">
-          <code>virStoragePoolLookupByVolume</code>
-        </a>
-      finds the storage pool containing a given storage volume.</p></li>
+      <code class='docref'>virConnectListAllStoragePools</code> lists
+      all of the virtualization storage pools on the hypervisor. The function
+      <code class="docref">virStoragePoolLookupByVolume</code> finds
+      the storage pool containing a given storage volume.</p></li>
    </ul>
    <p> Most objects manipulated by the library can also be represented using
      XML descriptions. This is used primarily to create those object, but is
@@ -132,114 +101,42 @@
      <p>Used to perform lookups on objects by some type of identifier,
      such as:</p>
          <ul>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByID">
-                <code>virDomainLookupByID</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByName">
-                <code>virDomainLookupByName</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByUUID">
-                <code>virDomainLookupByUUID</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virDomainLookupByUUIDString">
-                <code>virDomainLookupByUUIDString</code>
-              </a>
-            </li>
+            <li><code class='docref'>virDomainLookupByID</code></li>
+            <li><code class='docref'>virDomainLookupByName</code></li>
+            <li><code class='docref'>virDomainLookupByUUID</code></li>
+            <li><code class='docref'>virDomainLookupByUUIDString</code></li>
          </ul>
      </li>
      <li><b>Enumeration</b> [virConnectList..., virConnectNumOf...]
      <p>Used to enumerate a set of object available to an given
      hypervisor connection such as:</p>
          <ul>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virConnectListDomains">
-                <code>virConnectListDomains</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-domain.html#virConnectNumOfDomains">
-                <code>virConnectNumOfDomains</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-network.html#virConnectListNetworks">
-                <code>virConnectListNetworks</code>
-              </a>
-            </li>
-            <li>
-              <a href="html/libvirt-libvirt-storage.html#virConnectListStoragePools">
-                <code>virConnectListStoragePools</code>
-              </a>
-            </li>
+            <li><code class='docref'>virConnectListDomains</code></li>
+            <li><code class='docref'>virConnectNumOfDomains</code></li>
+            <li><code class='docref'>virConnectListNetworks</code></li>
+            <li><code class='docref'>virConnectListStoragePools</code></li>
          </ul>
      </li>
      <li><b>Description</b> [...GetInfo]
      <p>Generic accessor providing a set of generic information about an
      object, such as: </p>
        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-host.html#virNodeGetInfo">
-              <code>virNodeGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetInfo">
-              <code>virDomainGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolGetInfo">
-              <code>virStoragePoolGetInfo</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStorageVolGetInfo">
-              <code>virStorageVolGetInfo</code>
-            </a>
-          </li>
+          <li><code class='docref'>virNodeGetInfo</code></li>
+          <li><code class='docref'>virDomainGetInfo</code></li>
+          <li><code class='docref'>virStoragePoolGetInfo</code></li>
+          <li><code class='docref'>virStorageVolGetInfo</code></li>
        </ul>
      </li>
      <li><b>Accessors</b> [...Get..., ...Set...]
      <p>Specific accessors used to query or modify data for the given object,
      such as: </p>
        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-host.html#virConnectGetType">
-              <code>virConnectGetType</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetMaxMemory">
-              <code>virDomainGetMaxMemory</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainSetMemory">
-              <code>virDomainSetMemory</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainGetVcpus">
-              <code>virDomainGetVcpus</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolSetAutostart">
-              <code>virStoragePoolSetAutostart</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkGetBridgeName">
-              <code>virNetworkGetBridgeName</code>
-            </a>
-          </li>
+          <li><code class='docref'>virConnectGetType</code></li>
+          <li><code class='docref'>virDomainGetMaxMemory</code></li>
+          <li><code class='docref'>virDomainSetMemory</code></li>
+          <li><code class='docref'>virDomainGetVcpus</code></li>
+          <li><code class='docref'>virStoragePoolSetAutostart</code></li>
+          <li><code class='docref'>virNetworkGetBridgeName</code></li>
        </ul>
      </li>
      <li><b>Creation</b> [...Create, ...CreateXML]
@@ -247,46 +144,18 @@
      the object based on an XML description, while the ...Create APIs will
      create the object based on existing object pointer, such as: </p>
        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainCreate">
-              <code>virDomainCreate</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainCreateXML">
-              <code>virDomainCreateXML</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkCreate">
-              <code>virNetworkCreate</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkCreateXML">
-              <code>virNetworkCreateXML</code>
-            </a>
-          </li>
+          <li><code class='docref'>virDomainCreate</code></li>
+          <li><code class='docref'>virDomainCreateXML</code></li>
+          <li><code class='docref'>virNetworkCreate</code></li>
+          <li><code class='docref'>virNetworkCreateXML</code></li>
        </ul>
      </li>
      <li><b>Destruction</b> [...Destroy]
      <p>Used to shutdown or deactivate and destroy objects, such as: </p>
        <ul>
-          <li>
-            <a href="html/libvirt-libvirt-domain.html#virDomainDestroy">
-              <code>virDomainDestroy</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-network.html#virNetworkDestroy">
-              <code>virNetworkDestroy</code>
-            </a>
-          </li>
-          <li>
-            <a href="html/libvirt-libvirt-storage.html#virStoragePoolDestroy">
-              <code>virStoragePoolDestroy</code>
-            </a>
-          </li>
+          <li><code class='docref'>virDomainDestroy</code></li>
+          <li><code class='docref'>virNetworkDestroy</code></li>
+          <li><code class='docref'>virStoragePoolDestroy</code></li>
        </ul>
      </li>
    </ul>
@@ -301,11 +170,7 @@
    <p>Drivers are the basic building block for libvirt functionality
    to support the capability to handle specific hypervisor driver calls.
    Drivers are discovered and registered during connection processing as
-    part of the
-      <a href="html/libvirt-libvirt-host.html#virInitialize">
-        <code>virInitialize</code>
-      </a>
-    API. Each driver
+    part of the <code class='docref'>virInitialize</code> API. Each driver
    has a registration API which loads up the driver specific function
    references for the libvirt APIs to call. The following is a simplistic
    view of the hypervisor driver mechanism. Consider the stacked list of
@@ -330,14 +195,11 @@
    daemon through the <a href="remote.html">remote</a> driver via an
    <a href="internals/rpc.html">RPC</a>. Some hypervisors do support
    client-side connections and responses, such as Test, OpenVZ, VMware,
-    Power VM (phyp), VirtualBox (vbox), ESX, Hyper-V, Xen, and Virtuozzo.
+    Power VM (phyp), VirtualBox (vbox), ESX, Hyper-V, Xen, and Parallels.
    The libvirtd daemon service is started on the host at system boot
    time and can also be restarted at any time by a properly privileged
    user, such as root. The libvirtd daemon uses the same libvirt API
-    <a href="html/libvirt-libvirt-host.html#virInitialize">
-      <code>virInitialize</code>
-    </a>
-    sequence as applications
+    <code class='docref'>virInitialize</code> sequence as applications
    for client-side driver registrations, but then extends the registered
    driver list to encompass all known drivers supported for all driver
    types supported on the host. </p>
--- a/docs/apibuild.py
+++ b/docs/apibuild.py
@@ -21,30 +21,9 @@ debugsym=None
 # C parser analysis code
 #
 included_files = {
-  "libvirt-common.h": "header with general libvirt API definitions",
-  "libvirt-domain.h": "header with general libvirt API definitions",
-  "libvirt-domain-snapshot.h": "header with general libvirt API definitions",
-  "libvirt-event.h": "header with general libvirt API definitions",
-  "libvirt-host.h": "header with general libvirt API definitions",
-  "libvirt-interface.h": "header with general libvirt API definitions",
-  "libvirt-network.h": "header with general libvirt API definitions",
-  "libvirt-nodedev.h": "header with general libvirt API definitions",
-  "libvirt-nwfilter.h": "header with general libvirt API definitions",
-  "libvirt-secret.h": "header with general libvirt API definitions",
-  "libvirt-storage.h": "header with general libvirt API definitions",
-  "libvirt-stream.h": "header with general libvirt API definitions",
+  "libvirt.h": "header with general libvirt API definitions",
  "virterror.h": "header with error specific API definitions",
  "libvirt.c": "Main interfaces for the libvirt library",
-  "libvirt-domain.c": "Domain interfaces for the libvirt library",
-  "libvirt-domain-snapshot.c": "Domain snapshot interfaces for the libvirt library",
-  "libvirt-host.c": "Host interfaces for the libvirt library",
-  "libvirt-interface.c": "Interface interfaces for the libvirt library",
-  "libvirt-network.c": "Network interfaces for the libvirt library",
-  "libvirt-nodedev.c": "Node device interfaces for the libvirt library",
-  "libvirt-nwfilter.c": "NWFilter interfaces for the libvirt library",
-  "libvirt-secret.c": "Secret interfaces for the libvirt library",
-  "libvirt-storage.c": "Storage interfaces for the libvirt library",
-  "libvirt-stream.c": "Stream interfaces for the libvirt library",
  "virerror.c": "implements error handling and reporting code for libvirt",
  "virevent.c": "event loop for monitoring file handles",
  "virtypedparam.c": "virTypedParameters APIs",
@@ -60,11 +39,6 @@ lxc_included_files = {
  "libvirt-lxc.c": "Implementations for the LXC specific APIs",
 }

-admin_included_files = {
-  "libvirt-admin.h": "header with admin specific API definitions",
-  "libvirt-admin.c": "Implementations for the admin specific APIs",
-}
-
 ignored_words = {
  "ATTRIBUTE_UNUSED": (0, "macro keyword"),
  "ATTRIBUTE_SENTINEL": (0, "macro keyword"),
@@ -91,7 +65,6 @@ ignored_functions = {
  "virDomainMigratePrepareTunnel3": "private function for tunnelled migration",
  "DllMain": "specific function for Win32",
  "virTypedParamsValidate": "internal function in virtypedparam.c",
-  "virTypedParameterValidateSet": "internal function in virtypedparam.c",
  "virTypedParameterAssign": "internal function in virtypedparam.c",
  "virTypedParameterAssignFromStr": "internal function in virtypedparam.c",
  "virTypedParameterToString": "internal function in virtypedparam.c",
@@ -103,7 +76,6 @@ ignored_functions = {
  "virDomainMigratePrepare3Params": "private function for migration",
  "virDomainMigrateConfirm3Params": "private function for migration",
  "virDomainMigratePrepareTunnel3Params": "private function for tunnelled migration",
-  "virErrorCopyNew": "private",
 }

 ignored_macros = {
@@ -112,12 +84,6 @@ ignored_macros = {
  "_virMemoryParameter": "backward compatibility macro for virTypedParameter",
 }

-# macros that should be completely skipped
-hidden_macros = {
-  "VIR_DEPRECATED": "internal macro to mark deprecated apis",
-  "VIR_EXPORT_VAR": "internal macro to mark exported vars",
-}
-
 def escape(raw):
    raw = string.replace(raw, '&', '&amp;')
    raw = string.replace(raw, '<', '&lt;')
@@ -240,11 +206,6 @@ class index:
        self.references = {}
        self.info = {}

-    def warning(self, msg):
-        global warnings
-        warnings = warnings + 1
-        print msg
-
    def add_ref(self, name, header, module, static, type, lineno, info=None, extra=None, conditionals = None):
        if name[0:2] == '__':
            return None
@@ -477,14 +438,6 @@ class CLexer:
            if line[0] == '#':
                self.tokens = map((lambda x: ('preproc', x)),
                                  string.split(line))
-
-                # We might have whitespace between the '#' and preproc
-                # macro name, so instead of having a single token element
-                # of '#define' we might end up with '#' and 'define'. This
-                # merges them back together
-                if self.tokens[0][1] == "#":
-                    self.tokens[0] = ('preproc', self.tokens[0][1] + self.tokens[1][1])
-                    self.tokens = self.tokens[:1] + self.tokens[2:]
                break
            l = len(line)
            if line[0] == '"' or line[0] == "'":
@@ -1046,17 +999,9 @@ class CParser:
                    name = string.split(name, '(') [0]
                except:
                    pass
-
-                # skip hidden macros
-                if name in hidden_macros:
-                    return token
-
-                strValue = None
-                if len(lst) == 1 and lst[0][0] == '"' and lst[0][-1] == '"':
-                    strValue = lst[0][1:-1]
-                (args, desc) = self.parseMacroComment(name, not self.is_header)
+                info = self.parseMacroComment(name, not self.is_header)
                self.index_add(name, self.filename, not self.is_header,
-                               "macro", (args, desc, strValue))
+                                "macro", info)
                return token

        #
@@ -1382,33 +1327,32 @@ class CParser:
                token = self.token()
                return token
            elif token[0] == "name":
-                self.cleanupComment()
-                if name is not None:
-                    if self.comment is not None:
-                        comment = string.strip(self.comment)
-                        self.comment = None
-                    self.enums.append((name, value, comment))
-                name = token[1]
-                comment = ""
-                token = self.token()
-                if token[0] == "op" and token[1][0] == "=":
-                    value = ""
-                    if len(token[1]) > 1:
-                        value = token[1][1:]
+                    self.cleanupComment()
+                    if name is not None:
+                        if self.comment is not None:
+                            comment = string.strip(self.comment)
+                            self.comment = None
+                        self.enums.append((name, value, comment))
+                    name = token[1]
+                    comment = ""
                    token = self.token()
-                    while token[0] != "sep" or (token[1] != ',' and
-                          token[1] != '}'):
-                        # We might be dealing with '1U << 12' here
-                        value = value + re.sub("^(\d+)U$","\\1", token[1])
+                    if token[0] == "op" and token[1][0] == "=":
+                        value = ""
+                        if len(token[1]) > 1:
+                            value = token[1][1:]
+                        token = self.token()
+                        while token[0] != "sep" or (token[1] != ',' and
+                              token[1] != '}'):
+                            value = value + token[1]
+                            token = self.token()
+                    else:
+                        try:
+                            value = "%d" % (int(value) + 1)
+                        except:
+                            self.warning("Failed to compute value of enum %s" % (name))
+                            value=""
+                    if token[0] == "sep" and token[1] == ",":
                        token = self.token()
-                else:
-                    try:
-                        value = "%d" % (int(value) + 1)
-                    except:
-                        self.warning("Failed to compute value of enum %s" % (name))
-                        value=""
-                if token[0] == "sep" and token[1] == ",":
-                    token = self.token()
            else:
                token = self.token()
        return token
@@ -2045,8 +1989,6 @@ class docBuilder:
            self.includes = includes + qemu_included_files.keys()
        elif name == "libvirt-lxc":
            self.includes = includes + lxc_included_files.keys()
-        elif name == "libvirt-admin":
-            self.includes = includes + admin_included_files.keys()
        self.modules = {}
        self.headers = {}
        self.idx = index()
@@ -2173,30 +2115,24 @@ class docBuilder:

    def serialize_macro(self, output, name):
        id = self.idx.macros[name]
-        output.write("    <macro name='%s' file='%s'" % (name,
+        output.write("    <macro name='%s' file='%s'>\n" % (name,
                     self.modulename_file(id.header)))
-        if id.info is None:
-            args = []
-            desc = None
-            strValue = None
-        else:
-            (args, desc, strValue) = id.info
-
-        if strValue is not None:
-            output.write(" string='%s'" % strValue)
-        output.write(">\n")
-
-        if desc is not None and desc != "":
-            output.write("      <info><![CDATA[%s]]></info>\n" % (desc))
-            self.indexString(name, desc)
-        for arg in args:
-            (name, desc) = arg
-            if desc is not None and desc != "":
-                output.write("      <arg name='%s' info='%s'/>\n" % (
-                             name, escape(desc)))
-                self.indexString(name, desc)
-            else:
-                output.write("      <arg name='%s'/>\n" % (name))
+        if id.info is not None:
+            try:
+                (args, desc) = id.info
+                if desc is not None and desc != "":
+                    output.write("      <info><![CDATA[%s]]></info>\n" % (desc))
+                    self.indexString(name, desc)
+                for arg in args:
+                    (name, desc) = arg
+                    if desc is not None and desc != "":
+                        output.write("      <arg name='%s' info='%s'/>\n" % (
+                                     name, escape(desc)))
+                        self.indexString(name, desc)
+                    else:
+                        output.write("      <arg name='%s'/>\n" % (name))
+            except:
+                pass
        output.write("    </macro>\n")

    def serialize_union(self, output, field, desc):
@@ -2267,7 +2203,6 @@ class docBuilder:
        if name == debugsym and not quiet:
            print "=>", id

-        # NB: this is consumed by a regex in 'getAPIFilenames' in hvsupport.pl
        output.write("    <%s name='%s' file='%s' module='%s'>\n" % (id.type,
                     name, self.modulename_file(id.header),
                     self.modulename_file(id.module)))
@@ -2586,64 +2521,51 @@ class docBuilder:
        output.close()


-class app:
-    def warning(self, msg):
-        global warnings
-        warnings = warnings + 1
-        print msg
-
-    def rebuild(self, name):
-        if name not in ["libvirt", "libvirt-qemu", "libvirt-lxc", "libvirt-admin"]:
-            self.warning("rebuild() failed, unknown module %s" % name)
-            return None
-        builder = None
-        srcdir = os.path.abspath((os.environ["srcdir"]))
-        builddir = os.path.abspath((os.environ["builddir"]))
-        if srcdir == builddir:
-            builddir = None
-        if glob.glob(srcdir + "/../src/libvirt.c") != [] :
-            if not quiet:
-                print "Rebuilding API description for %s" % name
-            dirs = [srcdir + "/../src",
-                    srcdir + "/../src/util",
-                    srcdir + "/../include/libvirt"]
-            if (builddir and
-                not os.path.exists(srcdir + "/../include/libvirt/libvirt-common.h")):
-                dirs.append(builddir + "/../include/libvirt")
-            builder = docBuilder(name, srcdir, dirs, [])
-        elif glob.glob("src/libvirt.c") != [] :
-            if not quiet:
-                print "Rebuilding API description for %s" % name
-            builder = docBuilder(name, srcdir,
-                                 ["src", "src/util", "include/libvirt"],
-                                 [])
-        else:
-            self.warning("rebuild() failed, unable to guess the module")
-            return None
-        builder.scan()
-        builder.analyze()
-        builder.serialize()
-        return builder
-
-    #
-    # for debugging the parser
-    #
-    def parse(self, filename):
-        parser = CParser(filename)
-        idx = parser.parse()
-        return idx
+def rebuild(name):
+    if name not in ["libvirt", "libvirt-qemu", "libvirt-lxc"]:
+        self.warning("rebuild() failed, unknown module %s") % name
+        return None
+    builder = None
+    srcdir = os.environ["srcdir"]
+    if glob.glob(srcdir + "/../src/libvirt.c") != [] :
+        if not quiet:
+            print "Rebuilding API description for %s" % name
+        dirs = [srcdir + "/../src",
+                srcdir + "/../src/util",
+                srcdir + "/../include/libvirt"]
+        if glob.glob(srcdir + "/../include/libvirt/libvirt.h") == [] :
+            dirs.append("../include/libvirt")
+        builder = docBuilder(name, srcdir, dirs, [])
+    elif glob.glob("src/libvirt.c") != [] :
+        if not quiet:
+            print "Rebuilding API description for %s" % name
+        builder = docBuilder(name, srcdir,
+                             ["src", "src/util", "include/libvirt"],
+                             [])
+    else:
+        self.warning("rebuild() failed, unable to guess the module")
+        return None
+    builder.scan()
+    builder.analyze()
+    builder.serialize()
+    return builder

+#
+# for debugging the parser
+#
+def parse(filename):
+    parser = CParser(filename)
+    idx = parser.parse()
+    return idx

 if __name__ == "__main__":
-    app = app()
    if len(sys.argv) > 1:
        debug = 1
-        app.parse(sys.argv[1])
+        parse(sys.argv[1])
    else:
-        app.rebuild("libvirt")
-        app.rebuild("libvirt-qemu")
-        app.rebuild("libvirt-lxc")
-        app.rebuild("libvirt-admin")
+        rebuild("libvirt")
+        rebuild("libvirt-qemu")
+        rebuild("libvirt-lxc")
    if warnings > 0:
        sys.exit(2)
    else:
--- a/docs/apps.html.in
+++ b/docs/apps.html.in
@@ -2,7 +2,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>Applications using libvirt</h1>
+    <h1>Applications using <strong>libvirt</strong></h1>

    <p>
      This page provides an illustration of the wide variety of
@@ -19,15 +19,12 @@
      be added here, or simply send a patch against the documentation
      in the libvirt.git docs subdirectory.
      If your application uses libvirt as its API,
-      the following graphics are available for your website to advertise
+      the following graphic is available for your website to advertise
      support for libvirt:
    </p>

    <p class="image">
-      <img src="logos/logo-square-powered-96.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-128.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-192.png" alt="libvirt powered"/>
-      <img src="logos/logo-square-powered-256.png" alt="libvirt powered"/>
+      <img src="madeWith.png" alt="Made with libvirt"/>
    </p>

    <h2><a name="clientserver">Client/Server applications</a></h2>
@@ -166,21 +163,25 @@
    <h2><a name="conversion">Conversion</a></h2>

    <dl>
-      <dt><a href="http://libguestfs.org/virt-p2v.1.html">virt-p2v</a></dt>
+      <dt><a href="https://rwmj.wordpress.com/2009/10/13/poor-mans-p2v/">Poor mans p2v</a></dt>
      <dd>
-        Convert a physical machine to run on KVM.  It is a LiveCD
-        which is booted on the machine to be converted.  It collects a
-        little information from the user, then copies the disks over
-        to a remote machine and defines the XML for a domain to run
-        the guest.  (Note this tool is included with libguestfs)
+        A simple approach for converting a physical machine to a virtual
+        machine, using a rescue CD.
      </dd>
-      <dt><a href="http://libguestfs.org/virt-v2v.1.html">virt-v2v</a></dt>
+      <dt><a href="http://et.redhat.com/~rjones/virt-p2v/">virt-p2v</a></dt>
      <dd>
-        virt-v2v converts guests from a foreign hypervisor to run on
-        KVM, managed by libvirt.  It can convert guests from VMware or
-        Xen to run on OpenStack, oVirt (RHEV-M), or local libvirt.  It
+        An older tool for converting a physical machine into a virtual
+        machine.  It is a LiveCD which is booted on the machine to be
+        converted.  It collects a little information from the user, then
+        copies the disks over to a remote machine and defines the XML for a
+        domain to run the guest.
+      </dd>
+      <dt><a href="http://git.fedorahosted.org/git/?p=virt-v2v.git;a=summary">virt-v2v</a></dt>
+      <dd>
+        virt-v2v converts guests from a foreign hypervisor to run on KVM,
+        managed by libvirt.  It can currently convert Red Hat Enterprise
+        Linux (RHEL) and Fedora guests running on Xen and VMware ESX.  It
        will enable VirtIO drivers in the converted guest if possible.
-        (Note this tool is included with libguestfs)
      </dd>
      <dd>
        For RHEL customers of Red Hat, conversion of Windows guests is also
@@ -211,17 +212,6 @@
        to remote consoles supporting the VNC protocol. Also provides
        an optional mozilla browser plugin.
      </dd>
-      <dt><a href="http://f1ash.github.io/qt-virt-manager">qt-virt-manager</a></dt>
-      <dd>
-        The Qt GUI for create and control VMs and another virtual entities
-        (aka networks, storages, interfaces, secrets, network filters).
-        Contains integrated LXC/SPICE/VNC viewer for accessing the graphical or
-        text console associated with a virtual machine or container.
-      </dd>
-      <dt><a href="http://f1ash.github.io/qt-virt-manager/#virtual-machines-viewer">qt-remote-viewer</a></dt>
-      <dd>
-        The Qt VNC/SPICE viewer for access to remote desktops or VMs.
-      </dd>
    </dl>

    <h2><a name="iaas">Infrastructure as a Service (IaaS)</a></h2>
@@ -276,16 +266,6 @@
        using a dashboard.  Compute part uses libvirt to manage VM
        life-cycle, monitoring and so on.
      </dd>
-
-      <dt><a href="https://github.com/gustavfranssonnyvell/cherrypop">Cherrypop</a></dt>
-      <dd>
-        A cloud software with no masters or central points. Nodes
-        autodetect other nodes and autodistribute virtual
-        machines and autodivide up the workload. Also there is no
-        minimum limit for hosts, well, one might be nice. It's
-        perfect for setting up low-end servers in a cloud or a
-        cloud where you want the most bang for the bucks.
-      </dd>
    </dl>

    <h2><a name="libraries">Libraries</a></h2>
@@ -345,12 +325,6 @@
        For a full description, please refer to the libvirt section in the
        collectd.conf(5) manual page.
      </dd>
-      <dt><a href="http://host-sflow.sourceforge.net/">Host sFlow</a></dt>
-      <dd>
-        Host sFlow is a lightweight agent running on KVM hypervisors that
-        links to libvirt library and exports standardized cpu, memory, network
-        and disk metrics for all virtual machines.
-      </dd>
      <dt><a href="http://honk.sigxcpu.org/projects/libvirt/#munin">Munin</a></dt>
      <dd>
        The plugins provided by Guido G&uuml;nther allow to monitor various things
@@ -365,14 +339,6 @@
        your Xen or QEMU/KVM guests, or to integrate with your existing Nagios
        installation.
      </dd>
-      <dt><a href="http://www.pcp.io/man/man1/pmdalibvirt.1.html" shape="rect">PCP</a></dt>
-      <dd>
-        The PCP libvirt PMDA (plugin) is part of the
-        <a href="http://pcp.io/" shape="rect">PCP</a> toolkit and provides
-        hypervisor and guest information and complete set of guest performance
-        metrics. It supports pCPU, vCPU, memory, block device, network interface,
-        and performance event metrics for each virtual guest.
-      </dd>
      <dt><a href="http://community.zenoss.org/docs/DOC-4687">Zenoss</a></dt>
      <dd>
        The Zenoss libvirt Zenpack adds support for monitoring virtualization
@@ -426,14 +392,6 @@
        infrastructure. You can deploy a new service just dragging and
        dropping a VM.
      </dd>
-      <dt><a href="https://kimchi-project.github.io/kimchi/">Kimchi</a></dt>
-      <dd>
-        Kimchi is an HTML5 based management tool for KVM. It is designed to
-        make it as easy as possible to get started with KVM and create your first guest.
-
-        Kimchi manages KVM guests through libvirt. The management interface is accessed
-        over the web using a browser that supports HTML5.
-      </dd>
      <dt><a href="http://ovirt.org/">oVirt</a></dt>
      <dd>
        oVirt provides the ability to manage large numbers of virtual
@@ -450,14 +408,6 @@
        functions, such as live migration that allows for load
        balancing between cluster nodes, monitoring CPU, memory.
      </dd>
-      <dt><a href="http://mist.io/">mist.io</a></dt>
-      <dd>
-        Mist.io is an open source project and a service that can assist you in
-        managing your virtual machines on a unified way, providing a simple
-        interface for all of your infrastructure (multiple public cloud
-        providers, OpenStack based public/private clouds, Docker servers, bare
-        metal servers and now KVM hypervisors).
-      </dd>
    </dl>

    <h2><a name="mobile">Mobile applications</a></h2>
@@ -471,19 +421,5 @@
      </dd>
    </dl>

-    <h2><a name="other">Other</a></h2>
-
-    <dl>
-      <dt><a href="http://cuckoosandbox.org/">Cuckoo Sandbox</a></dt>
-      <dd>
-        Cuckoo Sandbox is a malware analysis system.  You can throw
-        any suspicious file at it and in a matter of seconds Cuckoo
-        will provide you back some detailed results outlining what
-        such file did when executed inside an isolated environment.
-        And libvirt is one of the backends that can be used for the
-        isolated environment.
-      </dd>
-    </dl>
-
  </body>
 </html>
--- a/docs/archdomain.html.in
+++ b/docs/archdomain.html.in
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Domain management architecture</h1>
+  </body>
+</html>
--- a/docs/archnetwork.html.in
+++ b/docs/archnetwork.html.in
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Network management architecture</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="architecture">Architecture illustration</a></h2>
+
+    <p>
+      The diagrams below illustrate some of the network configurations
+      enabled by the libvirt networking APIs
+    </p>
+
+    <ul>
+      <li><strong>VLAN 1</strong>. This virtual network has connectivity
+        to <code>LAN 2</code> with traffic forwarded and NATed.
+      </li>
+      <li><strong>VLAN 2</strong>. This virtual network is completely
+        isolated from any physical LAN.
+      </li>
+      <li><strong>Guest A</strong>. The first network interface is bridged
+        to the physical <code>LAN 1</code>. The second interface is connected
+        to a virtual network <code>VLAN 1</code>.
+      </li>
+      <li><strong>Guest B</strong>. The first network interface is connected
+        to a virtual network <code>VLAN 1</code>, giving it limited NAT
+        based connectivity to LAN2. It has a second network interface
+        connected to <code>VLAN 2</code>. It acts a router allowing limited
+        traffic between the two VLANs, thus giving <code>Guest C</code>
+        connectivity to the physical <code>LAN 2</code>.
+        </li>
+      <li><strong>Guest C</strong>. The only network interface is connected
+        to a virtual network <code>VLAN 2</code>. It has no direct connectivity
+        to a physical LAN, relying on <code>Guest B</code> to route traffic
+        on its behalf.
+      </li>
+    </ul>
+
+    <h3><a name="logical">Logical diagram</a></h3>
+
+    <p class="image">
+      <img src="libvirt-net-logical.png" alt="Logical network architecture"/>
+    </p>
+
+    <h3><a name="physical">Physical diagram</a></h3>
+
+    <p class="image">
+      <img src="libvirt-net-physical.png" alt="Physical network architecture"/>
+    </p>
+
+  </body>
+</html>
--- a/docs/archnode.html.in
+++ b/docs/archnode.html.in
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Node device management architecture</h1>
+  </body>
+</html>
--- a/docs/archstorage.html.in
+++ b/docs/archstorage.html.in
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Storage management architecture</h1>
+
+    <p>
+      The storage management APIs are based around 2 core concepts
+    </p>
+    <ol>
+      <li>
+        <strong>Volume</strong> - a single storage volume which can
+        be assigned to a guest, or used for creating further pools. A
+        volume is either a block device, a raw file, or a special format
+        file.
+      </li>
+      <li>
+        <strong>Pool</strong> - provides a means for taking a chunk
+        of storage and carving it up into volumes. A pool can be used to
+        manage things such as a physical disk, a NFS server, a iSCSI target,
+        a host adapter, an LVM group.
+      </li>
+    </ol>
+
+    <p>
+      These two concepts are mapped through to two libvirt objects, a
+      <code>virStorageVolPtr</code> and a <code>virStoragePoolPtr</code>,
+      each with a collection of APIs for their management.
+    </p>
+
+  </body>
+</html>
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -57,13 +57,13 @@
    </p>

    <dl>
-      <dt><code>pid</code></dt>
+      <dt>pid</dt>
      <dd>Process ID of the libvirtd daemon generating the audit record.</dd>
-      <dt><code>uid</code></dt>
+      <dt>uid</dt>
      <dd>User ID of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>subj</code></dt>
+      <dt>subj</dt>
      <dd>Security context of the libvirtd daemon process generating the audit record.</dd>
-      <dt><code>msg</code></dt>
+      <dt>msg</dt>
      <dd>String containing a list of key=value pairs specific to the type of audit record being reported.</dd>
    </dl>

@@ -72,21 +72,21 @@
    </p>

    <dl>
-      <dt><code>virt</code></dt>
+      <dt>virt</dt>
      <dd>Type of virtualization driver used. One of <code>qemu</code> or <code>lxc</code></dd>
-      <dt><code>vm</code></dt>
+      <dt>vm</dt>
      <dd>Host driver unique name of the guest</dd>
-      <dt><code>uuid</code></dt>
+      <dt>uuid</dt>
      <dd>Globally unique identifier for the guest</dd>
-      <dt><code>exe</code></dt>
+      <dt>exe</dt>
      <dd>Path of the libvirtd daemon</dd>
-      <dt><code>hostname</code></dt>
+      <dt>hostname</dt>
      <dd>Currently unused</dd>
-      <dt><code>addr</code></dt>
+      <dt>addr</dt>
      <dd>Currently unused</dd>
-      <dt><code>terminal</code></dt>
+      <dt>terminal</dt>
      <dd>Currently unused</dd>
-      <dt><code>res</code></dt>
+      <dt>res</dt>
      <dd>Result of the action, either <code>success</code> or <code>failed</code></dd>
    </dl>

@@ -98,15 +98,15 @@
    </p>

    <dl>
-      <dt><code>op</code></dt>
+      <dt>op</dt>
      <dd>Type of operation performed. One of <code>start</code>, <code>stop</code> or <code>init</code></dd>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the operation to happen</dd>
-      <dt><code>vm-pid</code></dt>
+      <dt>vm-pid</dt>
      <dd>ID of the primary/leading process associated with the guest</dd>
-      <dt><code>init-pid</code></dt>
+      <dt>init-pid</dt>
      <dd>ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
-      <dt><code>pid-ns</code></dt>
+      <dt>pid-ns</dt>
      <dd>Namespace ID of the <code>init</code> process in a container. Only if <code>op=init</code> and <code>virt=lxc</code></dd>
    </dl>

@@ -118,11 +118,11 @@
    </p>

    <dl>
-      <dt><code>model</code></dt>
+      <dt>model</dt>
      <dd>The security driver type. One of <code>selinux</code> or <code>apparmor</code></dd>
-      <dt><code>vm-ctx</code></dt>
+      <dt>vm-ctx</dt>
      <dd>Security context for the guest process</dd>
-      <dt><code>img-ctx</code></dt>
+      <dt>img-ctx</dt>
      <dd>Security context for the guest disk images and other assigned host resources</dd>
    </dl>

@@ -144,13 +144,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>vcpu</code></dd>
-      <dt><code>old-vcpu</code></dt>
+      <dt>old-vcpu</dt>
      <dd>Original vCPU count, or 0</dd>
-      <dt><code>new-vcpu</code></dt>
+      <dt>new-vcpu</dt>
      <dd>Updated vCPU count</dd>
    </dl>

@@ -162,13 +162,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>mem</code></dd>
-      <dt><code>old-mem</code></dt>
+      <dt>old-mem</dt>
      <dd>Original memory size in bytes, or 0</dd>
-      <dt><code>new-mem</code></dt>
+      <dt>new-mem</dt>
      <dd>Updated memory size in bytes</dd>
    </dl>

@@ -178,13 +178,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>disk</code></dd>
-      <dt><code>old-disk</code></dt>
+      <dt>old-disk</dt>
      <dd>Original host file or device path acting as the disk backing file</dd>
-      <dt><code>new-disk</code></dt>
+      <dt>new-disk</dt>
      <dd>Updated host file or device path acting as the disk backing file</dd>
    </dl>

@@ -195,13 +195,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>old-net</code></dt>
+      <dt>old-net</dt>
      <dd>Original MAC address of the guest network interface</dd>
-      <dt><code>new-net</code></dt>
+      <dt>new-net</dt>
      <dd>Updated MAC address of the guest network interface</dd>
    </dl>

@@ -211,13 +211,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>net</code></dd>
-      <dt><code>net</code></dt>
+      <dt>net</dt>
      <dd>MAC address of the host network interface</dd>
-      <dt><code>rdev</code></dt>
+      <dt>rdev</dt>
      <dd>Name of the host network interface</dd>
    </dl>

@@ -227,13 +227,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>fs</code></dd>
-      <dt><code>old-fs</code></dt>
+      <dt>old-fs</dt>
      <dd>Original host directory, file or device path backing the filesystem </dd>
-      <dt><code>new-fs</code></dt>
+      <dt>new-fs</dt>
      <dd>Updated host directory, file or device path backing the filesystem</dd>
    </dl>

@@ -243,15 +243,15 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>hostdev</code> or <code>dev</code></dd>
-      <dt><code>dev</code></dt>
+      <dt>dev</dt>
      <dd>The unique bus identifier of the USB, PCI or SCSI device, if <code>resrc=dev</code></dd>
-      <dt><code>disk</code></dt>
+      <dt>disk</dt>
      <dd>The path of the block device assigned to the guest, if <code>resrc=hostdev</code></dd>
-      <dt><code>chardev</code></dt>
+      <dt>chardev</dt>
      <dd>The path of the character device assigned to the guest, if <code>resrc=hostdev</code></dd>
    </dl>

@@ -261,11 +261,11 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>tpm</code></dd>
-      <dt><code>device</code></dt>
+      <dt>device</dt>
      <dd>The path of the host TPM device assigned to the guest</dd>
    </dl>

@@ -275,13 +275,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>rng</code></dd>
-      <dt><code>old-rng</code></dt>
+      <dt>old-rng</dt>
      <dd>Original path of the host entropy source for the RNG</dd>
-      <dt><code>new-rng</code></dt>
+      <dt>new-rng</dt>
      <dd>Updated path of the host entropy source for the RNG</dd>
    </dl>

@@ -291,13 +291,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>chardev</code></dd>
-      <dt><code>old-chardev</code></dt>
+      <dt>old-chardev</dt>
      <dd>Original path of the backing character device for given emulated device</dd>
-      <dt><code>new-chardev</code></dt>
+      <dt>new-chardev</dt>
      <dd>Updated path of the backing character device for given emulated device</dd>
    </dl>

@@ -307,15 +307,15 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
-      <dt><code>old-smartcard</code></dt>
+      <dt>old-smartcard</dt>
      <dd>Original path of the backing character device, certificate store or
          "nss-smartcard-device" for host smartcard passthrough.
      </dd>
-      <dt><code>new-smartcard</code></dt>
+      <dt>new-smartcard</dt>
      <dd>Updated path of the backing character device, certificate store or
          "nss-smartcard-device" for host smartcard passthrough.
      </dd>
@@ -327,13 +327,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>redir</code></dd>
-      <dt><code>bus</code></dt>
+      <dt>bus</dt>
      <dd>The bus type, only <code>usb</code> allowed</dd>
-      <dt><code>device</code></dt>
+      <dt>device</dt>
      <dd>The device type, only <code>USB redir</code> allowed</dd>
    </dl>

@@ -344,32 +344,13 @@
    </p>

    <dl>
-      <dt><code>reason</code></dt>
+      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>resrc</code></dt>
+      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>cgroup</code></dd>
-      <dt><code>cgroup</code></dt>
+      <dt>cgroup</dt>
      <dd>The name of the cgroup controller</dd>
    </dl>

-
-    <h4><a name="typeresourceshmem">Shared memory</a></h4>
-    <p>
-      The <code>msg</code> field will include the following sub-fields
-    </p>
-
-    <dl>
-      <dt><code>resrc</code></dt>
-      <dd>The type of resource assigned. Set to <code>shmem</code></dd>
-      <dt><code>reason</code></dt>
-      <dd>The reason which caused the resource to be assigned to happen</dd>
-      <dt><code>size</code></dt>
-      <dd>The size of the shared memory region</dd>
-      <dt><code>shmem</code></dt>
-      <dd>Name of the shared memory region</dd>
-      <dt><code>source</code></dt>
-      <dd>Path of the backing character device for given emulated device</dd>
-    </dl>
-
  </body>
 </html>
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@@ -76,11 +76,7 @@ password=letmein

 [credentials-dev]
 username=joe
-password=hello
-
-[credentials-defgrp]
-username=defuser
-password=defpw</pre>
+password=hello</pre>

    <p>
      The second set of groups provide mappings of credentials to
@@ -94,8 +90,7 @@ credentials=$CREDENTIALS</pre>

    <p>
      For example, following the previous example, here is how to
-      map some machines. For convenience libvirt supports a default
-      mapping of credentials to machines:
+      list some machines
    </p>

    <pre>
@@ -111,15 +106,8 @@ credentials=test
 [auth-libvirt-prod1.example.com]
 credentials=prod

-[auth-libvirt-default]
-credentials=defgrp
-
 [auth-esx-dev1.example.com]
-credentials=dev
-
-[auth-esx-default]
-credentials=defgrp</pre>
-
+credentials=dev</pre>

    <p>
      The following service types are known to libvirt
@@ -173,7 +161,7 @@ the libvirt daemon.
    <h2><a name="ACL_server_polkit">UNIX socket PolicyKit auth</a></h2>
    <p>
 If libvirt contains support for PolicyKit, then access control options are
-more advanced. The <code>auth_unix_rw</code> parameter will default to
+more advanced. The <code>unix_sock_auth</code> parameter will default to
 <code>polkit</code>, and the file permissions will default to <code>0777</code>
 even on the RW socket. Upon connecting to the socket, the client application
 will be required to identify itself with PolicyKit. The default policy for the
@@ -204,72 +192,16 @@ ResultActive=yes</pre>
 Further examples of PolicyKit setup can be found on the
 <a href="http://wiki.libvirt.org/page/SSHPolicyKitSetup">wiki page</a>.
    </p>
-    <h2><a name="ACL_server_sasl">SASL pluggable authentication</a></h2>
-
+    <h2><a name="ACL_server_username">Username/password auth</a></h2>
    <p>
-Libvirt integrates with the cyrus-sasl library to provide a pluggable authentication
-system using the SASL protocol. SASL can be used in combination with libvirtd's TLS
-or TCP socket listeners. When used with the TCP listener, the SASL mechanism is
-rqeuired to provide session encryption in addition to authentication. Only a very
-few SASL mechanisms are able to do this, and of those that can do it, only the
-GSSAPI plugin is considered acceptably secure by modern standards:
-    </p>
-
-    <dl>
-      <dt>GSSAPI</dt>
-      <dd><strong>This is the current default mechanism to use with libvirtd</strong>.
-        It uses the Kerberos v5 authentication protocol underneath, and assuming
-        the Kerberos client/server are configured with modern ciphers (AES),
-        it provides strong session encryption capabilities.</dd>
-
-      <dt>DIGEST-MD5</dt>
-      <dd>This was previously set as the default mechanism to use with libvirtd.
-        It provides a simple username/password based authentication mechanism
-        that includes session encryption.
-        <a href="https://tools.ietf.org/html/rfc6331">RFC 6331</a>, however,
-        documents a number of serious security flaws with DIGEST-MD5 and as a
-        result marks it as <code>OBSOLETE</code>. Specific concerns are that
-        it is vulnerable to MITM attacks and the MD5 hash can be brute-forced
-        to reveal the password. A replacement is provided via the SCRAM mechanism,
-        however, note that this does not provide encryption, so the SCRAM
-        mechanism can only be used on the libvirtd TLS listener.
-      </dd>
-
-      <dt>PASSDSS-3DES-1</dt>
-      <dd>This provides a simple username/password based authentication
-        mechanism that includes session encryption. The current cyrus-sasl
-        implementation does not provide a way to validate the server's
-        public key identity, thus it is susceptible to a MITM attacker
-        impersonating the server. It is also not enabled in many OS
-        distros when building SASL libraries.</dd>
-
-      <dt>KERBEROS_V4</dt>
-      <dd>This uses the obsolete Kerberos v4 protocol to provide both authentication
-        and session encryption. Kerberos v4 protocol has been obsolete since the
-        early 1990's and has known security vulnerabilities so this will never be
-        used in practice.</dd>
-    </dl>
-
-    <p>
-      Other SASL mechanisms, not listed above, can only be used when the libvirtd
-      TLS or UNIX socket listeners.
-    </p>
-
-    <h3><a name="ACL_server_username">Username/password auth</a></h3>
-    <p>
-As noted above, the DIGEST-MD5 mechanism is considered obsolete and should
-not be used anymore. To provide a simple username/password auth scheme on
-the libvirt UNIX socket or TLS listeners, however, it is possible to use
-the SCRAM mechanism. The <code>auth_unix_ro</code>, <code>auth_unix_rw</code>,
-<code>auth_tls</code> config params in <code>libvirt.conf</code> can be used
-to turn on SASL auth in these listeners.
-    </p>
-    <p>
-Since the libvirt SASL config file defaults to using GSSAPI (Kerberos), a
-config change is rquired to enable plain password auth. This is done by
-editting <code>/etc/sasl2/libvirt.conf</code> to set the <code>mech_list</code>
-parameter to <code>scram-sha-1</code>.
-    </p>
+The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
+The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
+username+password style authentication. It also provides for encryption of the data
+stream, so the security of the plain TCP socket is on a par with that of the TLS
+socket. If desired the UNIX socket and TLS socket can also have SASL enabled by
+setting the <code>auth_unix_ro</code>, <code>auth_unix_rw</code>, <code>auth_tls</code>
+config params in <code>libvirt.conf</code>.
+</p>
    <p>
 Out of the box, no user accounts are defined, so no clients will be able to authenticate
 on the TCP socket. Adding users and setting their passwords is done with the <code>saslpasswd2</code>
@@ -297,13 +229,17 @@ again:
    <pre>
 # saslpasswd2 -a libvirt -d fred
 </pre>
-    <h3><a name="ACL_server_kerberos">GSSAPI/Kerberos auth</a></h3>
+    <h2><a name="ACL_server_kerberos">Kerberos auth</a></h2>
    <p>
-The plain TCP listener of the libvirt daemon defaults to using SASL for authentication.
-The libvirt SASL config also defaults to GSSAPI, so there is no need to edit the
-SASL config when using GSSAPI. If the libvirtd TLS or UNIX listeners are used,
-then the Kerberos session encryption will be disabled since it is not required
-in these scenarios - only the plain TCP listener needs encryption
+The plain TCP socket of the libvirt daemon defaults to using SASL for authentication.
+The SASL mechanism configured by default is DIGEST-MD5, which provides a basic
+username+password style authentication. To enable Kerberos single-sign-on instead,
+the libvirt SASL configuration file must be changed. This is <code>/etc/sasl2/libvirt.conf</code>.
+The <code>mech_list</code> parameter must first be changed to <code>gssapi</code>
+instead of the default <code>digest-md5</code>, and keytab should be set to
+<code>/etc/libvirt/krb5.tab</code> . If SASL is enabled on the UNIX
+and/or TLS sockets, Kerberos will also be used for them. Like DIGEST-MD5, the Kerberos
+mechanism provides data encryption of the session.
 </p>
    <p>
 Some operating systems do not install the SASL kerberos plugin by default. It
--- a/docs/bindings.html.in
+++ b/docs/bindings.html.in
@@ -14,10 +14,6 @@
        <strong>C#</strong>: Arnaud Champion develops
        <a href="csharp.html">C# bindings</a>.
      </li>
-     <li>
-        <strong>Go</strong>: Daniel Berrange develops
-        <a href="https://godoc.org/github.com/libvirt/libvirt-go">Go bindings</a>.
-      </li>
      <li>
        <strong>Java</strong>: Daniel Veillard develops
        <a href="java.html">Java bindings</a>.
@@ -48,10 +44,8 @@
      </li>
      <li>
        <p>
-          <strong>Python</strong>: Libvirt's python bindings are split to a
-          separate <a href="http://libvirt.org/git/?p=libvirt-python.git">package</a>
-          since version 1.2.0, older versions came with direct support for the
-          Python language.
+          <strong>Python</strong>: Libvirt comes with direct support for
+          the Python language.
        </p>
        <p>
          If your libvirt is installed as packages, rather than compiled
--- a/docs/bugs.html.in
+++ b/docs/bugs.html.in
@@ -11,7 +11,7 @@

    <p>
      If you think that an issue with libvirt may have security
-      implications, <strong>please do not</strong> publicly
+      implications, <strong>please do not</strong> publically
      report it in the bug tracker, mailing lists, or irc. Libvirt
      has <a href="securityprocess.html">a dedicated process for handling (potential) security issues</a>
      that should be used instead. So if your issue has security
--- a/docs/cgroups.html.in
+++ b/docs/cgroups.html.in
@@ -221,11 +221,11 @@ $ROOT
    </p>

    <pre>
-...
-&lt;resource&gt;
-  &lt;partition&gt;/machine/production&lt;/partition&gt;
-&lt;/resource&gt;
-...
+  ...
+  &lt;resource&gt;
+    &lt;partition&gt;/machine/production&lt;/partition&gt;
+  &lt;/resource&gt;
+  ...
    </pre>

    <p>
--- a/docs/compiling.html.in
+++ b/docs/compiling.html.in
@@ -13,9 +13,9 @@
    </p>

    <pre>
-$ xz -c libvirt-x.x.x.tar.xz | tar xvf -
-$ cd libvirt-x.x.x
-$ ./configure</pre>
+      $ gunzip -c libvirt-x.x.x.tar.gz | tar xvf -
+      $ cd libvirt-x.x.x
+      $ ./configure</pre>

    <p>
      The <i>configure</i> script can be given options to change its default
@@ -28,7 +28,7 @@ $ ./configure</pre>
    </p>

    <pre>
-$ ./configure <i>--help</i></pre>
+      $ ./configure <i>--help</i></pre>

    <p>
      When you have determined which options you want to use (if any),
@@ -49,9 +49,9 @@ $ ./configure <i>--help</i></pre>
    </p>

    <pre>
-$ ./configure <i>[possible options]</i>
-$ make
-$ <b>sudo</b> <i>make install</i></pre>
+      $ ./configure <i>[possible options]</i>
+      $ make
+      $ <b>sudo</b> <i>make install</i></pre>

    <p>
      At this point you <b>may</b> have to run ldconfig or a similar utility
@@ -91,7 +91,7 @@ $ <b>sudo</b> <i>make install</i></pre>
      drive or manual download, and run this any time libvirt.git
      updates the commit stored in the .gnulib submodule:</p>
    <pre>
-$ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
+      $ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
    </pre>

    <p>To build &amp; install libvirt to your home
@@ -99,9 +99,9 @@ $ GNULIB_SRCDIR=/path/to/gnulib ./autogen.sh --no-git
    </p>

    <pre>
-$ ./autogen.sh --prefix=$HOME/usr
-$ make
-$ <b>sudo</b> make install</pre>
+      $ ./autogen.sh --prefix=$HOME/usr
+      $ make
+      $ <b>sudo</b> make install</pre>

    <p>
      Be aware though, that binaries built with a custom prefix will not
@@ -111,8 +111,8 @@ $ <b>sudo</b> make install</pre>
    </p>

    <pre>
-$ ./autogen.sh --system
-$ make
+      $ ./autogen.sh --system
+      $ make
    </pre>

    <p>
@@ -123,9 +123,9 @@ $ make
    </p>

    <pre>
-$ su -
-# service libvirtd stop  (or systemctl stop libvirtd.service)
-# /home/to/your/checkout/daemon/libvirtd
+      $ su -
+      # service libvirtd stop  (or systemctl stop libvirtd.service)
+      # /home/to/your/checkout/daemon/libvirtd
    </pre>

    <p>
@@ -134,7 +134,7 @@ $ su -
    </p>

    <pre>
-$ ./run ./tools/virsh ....
+      $ ./run ./tools/virsh ....
    </pre>
  </body>
 </html>
--- a/docs/contact.html.in
+++ b/docs/contact.html.in
@@ -2,7 +2,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>Contacting the project contributors</h1>
+    <h1>Contacting the development team</h1>

    <ul id="toc"></ul>

@@ -10,7 +10,7 @@

    <p>
      If you think that an issue with libvirt may have security
-      implications, <strong>please do not</strong> publicly
+      implications, <strong>please do not</strong> publically
      report it in the bug tracker, mailing lists, or irc. Libvirt
      has <a href="securityprocess.html">a dedicated process for handling (potential) security issues</a>
      that should be used instead. So if your issue has security
@@ -24,7 +24,7 @@
      There are three mailing-lists:
    </p>

-    <dl class="mail">
+    <dl>
      <dt><a href="https://www.redhat.com/mailman/listinfo/libvir-list">libvir-list@redhat.com</a> (for development)</dt>
      <dd>
        Archives at <a href="https://www.redhat.com/archives/libvir-list">https://www.redhat.com/archives/libvir-list</a>
--- a/docs/contribute.html.in
+++ b/docs/contribute.html.in
@@ -1,140 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Contributing to libvirt</h1>
-
-    <p>
-      This page provides guidance on how to contribute to the
-      libvirt project
-    </p>
-
-    <ul id="toc"></ul>
-
-    <h2><a name="skills">Contributions required</a></h2>
-
-    <p>
-      The libvirt project is always looking for new contributors to
-      participate in ongoing activities. While code development is a
-      major part of the project, assistance is needed in many other
-      areas including documentation writing, bug triage, testing,
-      application integration, website / wiki content management,
-      translation, branding, social media and more. The only
-      requirement is an interest in virtualization and desire to
-      help.
-    </p>
-
-    <p>
-      The following is a non-exhaustive list of areas in which
-      people can contribute to libvirt. If you have ideas for
-      other contributions feel free to follow them.
-    </p>
-
-    <ul>
-      <li><strong>Software development</strong>. The core library / daemon (and
-        thus the bulk of coding) is written in C, but there are
-        language bindings written in Python, Perl, Java, Ruby,
-        Php, OCaml and Go. There are also higher level wrappers
-        mapping libvirt into other object frameworks, such GLib,
-        CIM and SNMP</li>
-      <li><strong>Translation</strong>. All the libvirt modules aim to support
-        translations where appropriate. All translation is
-        handling outside of the normal libvirt review process,
-        using the <a href="http://fedora.zanata.org">Fedora
-        instance</a> of the Zanata tool. Thus people wishing
-        to contribute to translation should join the Fedora
-        translation team</li>
-      <li><strong>Documentation</strong>. There are docbook guides on various
-        aspects of libvirt, particularly application development
-        guides for the C library and Python, and a virsh command
-        reference. There is thus scope for work by people who are
-        familiar with using or developing against libvirt, to
-        write further content for these guides. There is also a
-        need for people to review existing content for copy editing
-        and identifying gaps in the docs</li>
-      <li><strong>Website / wiki curation</strong>. The bulk of the website is
-        maintained in the primary GIT repository, while the wiki
-        site uses mediawiki. In both cases there is a need for
-        people to both write new content and curate existing
-        content to identify outdated information, improve its
-        organization and target gaps.</li>
-      <li><strong>Testing</strong>. There are a number of tests suites that can run
-        automated tests against libvirt. The coverage of the tests
-        is never complete, so there is a need for people to create
-        new test suites and / or provide environments to actually
-        run the tests in a variety of deployment scenarios.</li>
-      <li><strong>Code analysis</strong>. The libvirt project has access to the coverity
-        tool to run static analysis against the codebase, however,
-        there are other types of code analysis that can be useful.
-        In particular fuzzing of the inputs can be very effective
-        at identifying problematic edge cases.</li>
-      <li><strong>Security handling</strong>. Downstream (operating system) vendors
-        who distribute libvirt may wish to propose a person to
-        be part of the security handling team, to get early access
-        to information about forthcoming vulnerability fixes.</li>
-      <li><strong>Evangalism</strong>. Work done by the project is of no benefit
-        unless the (potential) user community knows that it
-        exists. Thus it is critically important to the health
-        and future growth of the project, that there are a people
-        who evangalise the work created by the project. This can
-        take many forms, writing blog posts (about usage of features,
-        personal user experiances, areas for future work, and more),
-        syndicating docs and blogs via social media, giving user
-        group and/or conference talks about libvirt.</li>
-      <li><strong>User assistance</strong>. Since documentation
-        is never perfect, there are inevitably cases where users
-        will struggle to attain a deployment goal they have, or
-        run into trouble with managing an existing deployment.
-        While some users may be able to contact a software vendor
-        to obtain support, it is common to rely on community help
-        forums such as <a href="contact.html#email">libvirt users
-          mailing list</a>, or sites such as
-        <a href="http://stackoverflow.com/questions/tagged/libvirt">stackoverflow.</a>
-        People who are familiar with libvirt and have ability &amp;
-        desire to help other users are encouraged to participate in
-        these help forums.</li>
-    </ul>
-
-    <h2><a name="comms">Communication</a></h2>
-
-    <p>
-      For full details on contacting other project contributors
-      read the <a href="contact.html">contact</a> page. There
-      are two main channels that libvirt uses for communication
-      between contributors:
-    </p>
-
-    <h3><a name="email">Mailing lists</a></h3>
-
-    <p>
-      The project has a number of
-      <a href="contact.html#email">mailing lists</a> for
-      general communication between contributors.
-      In general any design discussions and review
-      of contributions will take place on the mailing
-      lists, so it is important for all contributors
-      to follow the traffic.
-    </p>
-
-    <h3><a name="irc">Instant messaging / chat</a></h3>
-
-    <p>
-      Contributors to libvirt are encouraged to join the
-      <a href="contact.html#irc">IRC channel</a> used by
-      the project, where they can have live conversations
-      with others members.
-    </p>
-
-    <h2><a name="outreach">Student / outreach coding programs</a></h2>
-
-    <p>
-      Since 2016, the libvirt project directly participates as an
-      organization in the <a href="http://wiki.libvirt.org/page/Google_Summer_of_Code_Ideas">Google Summer of Code program</a>. Prior to
-      this the project had a number of students in the program
-      via a joint application with the QEMU project. People are
-      encouraged to look at both the libvirt and QEMU programs
-      to identify potentially interesting projects to work on.
-    </p>
-
-  </body>
-</html>
--- a/docs/deployment.html.in
+++ b/docs/deployment.html.in
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Deployment</h1>
+
+    <ul id="toc"></ul>
+
+    <h2><a name="packages">Pre-packaged releases</a></h2>
+
+    <p>
+      The libvirt API is now available in all major Linux distributions,
+      so the simplest deployment approach is to use your distributions'
+      package management software to install the <code>libvirt</code>
+      module.
+    </p>
+
+    <h2><a name="tarball">Self-built releases</a></h2>
+
+    <p>
+      libvirt uses GNU autotools for its build system, so deployment
+      follows the usual process of <code>configure; make ; make install</code>
+    </p>
+
+    <pre>
+
+      # ./configure --prefix=$HOME/usr
+      # make
+      # make install
+    </pre>
+
+    <h2><a name="git">Built from GIT</a></h2>
+
+    <p>
+      When building from GIT it is necessary to generate the autotools
+      support files. This requires having <code>autoconf</code>,
+      <code>automake</code>, <code>libtool</code> and <code>intltool</code>
+      installed. The process can be automated with the <code>autogen.sh</code>
+      script.
+    </p>
+
+    <pre>
+
+      # ./autogen.sh --prefix=$HOME/usr
+      # make
+      # make install
+    </pre>
+
+  </body>
+</html>
--- a/docs/devguide.html.in
+++ b/docs/devguide.html.in
@@ -2,41 +2,55 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>libvirt Application Development Guides</h1>
+    <h1>libvirt Application Development Guide</h1>
+
+    <ul id="toc"></ul>

    <p>
-      The libvirt API is accessible from a number of programming languages.
-      At this time, there are application development guides available
-      which cover the C API and the Python API. Of the two, the Python guide
-      is currently the more comprehensive document.
+      The guide is both a learning tool for developing with libvirt and an
+      API reference document. It is a work in progress, composed by a
+      professional author from contributions written by members of the
+      libvirt team.
    </p>

+    <p>
+      Contributions to the guide are <b>VERY</b> welcome. If you'd like to get
+      your name on this and demonstrate your virtualisation prowess, a solid
+      contribution to the content here will do it. :)
+    </p>
+
+    <h2><a name="online">Browsable online</a></h2>
+
    <ul>
-      <li><a href="http://libvirt.org/docs/libvirt-appdev-guide/en-US/html/">Application Development Guide (C language) HTML</a></li>
-      <li><a href="http://libvirt.org/docs/libvirt-appdev-guide/en-US/pdf/">Application Development Guide (C language) PDF</a></li>
-      <li><a href="http://libvirt.org/docs/libvirt-appdev-guide-python/en-US/html/">Application Development Guide (Python language) HTML</a></li>
-      <li><a href="http://libvirt.org/docs/libvirt-appdev-guide-python/en-US/pdf/">Application Development Guide (Python language) PDF</a></li>
+      <li><a href="http://libvirt.org/guide/html/">
+        HTML format using multiple pages</a></li>
+      <li><a href="http://libvirt.org/guide/html-single/">
+        HTML format using one big page</a></li>
+      <li><a href="http://libvirt.org/guide/pdf/Application_Development_Guide.pdf">
+        PDF format</a></li>
+      <li><a href="http://libvirt.org/guide/libvirt-0.7.5-Application_Development_Guide-en-US.epub">
+        ePub format</a></li>
+      <li><a href="http://libvirt.org/guide/txt/Application_Development_Guide.txt">
+        Plain text format</a></li>
+      <li><a href="http://libvirt.org/guide/libvirt-Application_Development_Guide-0.7.5-web-en-US-1-9.el5.src.rpm">
+        Source RPM format</a></li>
    </ul>

-    <h2>Contributing content</h2>
+    <h2><a name="git">GIT source repository</a></h2>

    <p>
-      These guides are written in DocBook and published with the
-      publican tool, which is also used for Fedora and Red Hat
-      documentation. The original content is provided in GIT and
-      any contributions to the guide are welcome.
+      The source is in a git repository:
    </p>

    <pre>
-# C language
-$ git clone <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git">git://libvirt.org/libvirt-appdev-guide.git</a>
+      git clone git://libvirt.org/libvirt-appdev-guide.git</pre>

-# Python language
-$ git clone <a href="http://libvirt.org/git/?p=libvirt-appdev-guide-python.git">git://libvirt.org/libvirt-appdev-guide-python.git</a>
+    <p>
+      Browsable here:
+    </p>

-# Publican Style/Theme
-$ git clone <a href="http://libvirt.org/git/?p=libvirt-publican.git">git://libvirt.org/libvirt-publican.git</a>
-    </pre>
+    <pre>
+      <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary</a></pre>

  </body>
 </html>
--- a/docs/docs.html.in
+++ b/docs/docs.html.in
@@ -1,166 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
-  <body class="docs">
-    <div class="panel">
-      <h2>Deployment / operation</h2>
-
-      <dl>
-        <dt><a href="apps.html">Applications</a></dt>
-        <dd>Applications known to use libvirt</dd>
-
-        <dt><a href="windows.html">Windows</a></dt>
-        <dd>Downloads for Windows</dd>
-
-        <dt><a href="migration.html">Migration</a></dt>
-        <dd>Migrating guests between machines</dd>
-
-        <dt><a href="remote.html">Remote access</a></dt>
-        <dd>Enable remote access over TCP</dd>
-
-        <dt><a href="auth.html">Authentication</a></dt>
-        <dd>Configure authentication for the libvirt daemon</dd>
-
-        <dt><a href="acl.html">Access control</a></dt>
-        <dd>Configure access control libvirt APIs with <a href="aclpolkit.html">polkit</a></dd>
-
-        <dt><a href="logging.html">Logging</a></dt>
-        <dd>The library and the daemon logging support</dd>
-
-        <dt><a href="auditlog.html">Audit log</a></dt>
-        <dd>Audit trail logs for host operations</dd>
-
-        <dt><a href="firewall.html">Firewall</a></dt>
-        <dd>Firewall and network filter configuration</dd>
-
-        <dt><a href="hooks.html">Hooks</a></dt>
-        <dd>Hooks for system specific management</dd>
-
-        <dt><a href="nss.html">NSS module</a></dt>
-        <dd>Enable domain host name translation to IP addresses</dd>
-
-        <dt><a href="http://wiki.libvirt.org/page/FAQ">FAQ</a></dt>
-        <dd>Frequently asked questions</dd>
-      </dl>
-
-    </div>
-
-    <div class="panel">
-      <h2>Application development</h2>
-      <dl>
-        <dt><a href="devguide.html">Development Guide</a></dt>
-        <dd>A guide and reference for developing with libvirt</dd>
-
-        <dt><a href="virshcmdref.html">Virsh Commands</a></dt>
-        <dd>Command reference for virsh</dd>
-
-        <dt><a href="bindings.html">Language bindings</a></dt>
-        <dd>Bindings of the libvirt API for
-          <a href="csharp.html">c#</a>,
-          <a href="https://godoc.org/github.com/libvirt/libvirt-go">go</a>,
-          <a href="java.html">java</a>,
-          <a href="http://libvirt.org/ocaml/">ocaml</a>.
-          <a href="http://search.cpan.org/dist/Sys-Virt/">perl</a>,
-          <a href="python.html">python</a>,
-          <a href="php.html">php</a>,
-          <a href="http://libvirt.org/ruby/">ruby</a></dd>
-
-
-        <dt><a href="format.html">XML schemas</a></dt>
-        <dd>Description of the XML schemas for
-          <a href="formatdomain.html">domains</a>,
-          <a href="formatnetwork.html">networks</a>,
-          <a href="formatnwfilter.html">network filtering</a>,
-          <a href="formatstorage.html">storage</a>,
-          <a href="formatstorageencryption.html">storage encryption</a>,
-          <a href="formatcaps.html">capabilities</a>,
-          <a href="formatdomaincaps.html">domain capabilities</a>,
-          <a href="formatnode.html">node devices</a>,
-          <a href="formatsecret.html">secrets</a>,
-          <a href="formatsnapshot.html">snapshots</a></dd>
-
-        <dt><a href="uri.html">URI format</a></dt>
-        <dd>The URI formats used for connecting to libvirt</dd>
-
-        <dt><a href="locking.html">Disk locking</a></dt>
-        <dd>Ensuring exclusive guest access to disks with
-          <a href="locking-lockd.html">virtlockd</a> or
-          <a href="locking-sanlock.html">Sanlock</a></dd>
-
-        <dt><a href="cgroups.html">CGroups</a></dt>
-        <dd>Control groups integration</dd>
-
-        <dt><a href="html/index.html">API reference</a></dt>
-        <dd>Reference manual for the C public API, split in
-          <a href="html/libvirt-libvirt-common.html">common</a>,
-          <a href="html/libvirt-libvirt-domain.html">domain</a>,
-          <a href="html/libvirt-libvirt-domain-snapshot.html">domain snapshot</a>,
-          <a href="html/libvirt-virterror.html">error</a>,
-          <a href="html/libvirt-libvirt-event.html">event</a>,
-          <a href="html/libvirt-libvirt-host.html">host</a>,
-          <a href="html/libvirt-libvirt-interface.html">interface</a>,
-          <a href="html/libvirt-libvirt-network.html">network</a>,
-          <a href="html/libvirt-libvirt-nodedev.html">node device</a>,
-          <a href="html/libvirt-libvirt-nwfilter.html">network filter</a>,
-          <a href="html/libvirt-libvirt-secret.html">secret</a>,
-          <a href="html/libvirt-libvirt-storage.html">storage</a>,
-          <a href="html/libvirt-libvirt-stream.html">stream</a>
-        </dd>
-
-        <dt><a href="drivers.html">Drivers</a></dt>
-        <dd>Hypervisor specific driver information</dd>
-
-        <dt><a href="hvsupport.html">Driver support</a></dt>
-        <dd>matrix of API support per hypervisor per release</dd>
-
-        <dt><a href="secureusage.html">Secure usage</a></dt>
-        <dd>Secure usage of the libvirt APIs</dd>
-      </dl>
-    </div>
-
-    <div class="panel">
-      <h2>Project development</h2>
-      <dl>
-        <dt><a href="hacking.html">Contributor guidelines</a></dt>
-        <dd>General hacking guidelines for contributors</dd>
-
-        <dt><a href="bugs.html">Bug reports</a></dt>
-        <dd>How and where to report bugs and request features</dd>
-
-        <dt><a href="compiling.html">Compiling</a></dt>
-        <dd>How to compile libvirt</dd>
-
-        <dt><a href="goals.html">Goals</a></dt>
-        <dd>Terminology and goals of libvirt API</dd>
-
-        <dt><a href="api.html">API concepts</a></dt>
-        <dd>The libvirt API concepts</dd>
-
-        <dt><a href="api_extension.html">API extensions</a></dt>
-        <dd>Adding new public libvirt APIs</dd>
-
-        <dt><a href="internals/eventloop.html">Event loop and worker pool</a></dt>
-        <dd>Libvirt's event loop and worker pool mode</dd>
-
-        <dt><a href="internals/command.html">Spawning commands</a></dt>
-        <dd>Spawning commands from libvirt driver code</dd>
-
-        <dt><a href="internals/rpc.html">RPC protocol &amp; APIs</a></dt>
-        <dd>RPC protocol information and API / dispatch guide</dd>
-
-        <dt><a href="internals/locking.html">Lock managers</a></dt>
-        <dd>Use lock managers to protect disk content</dd>
-
-        <dt><a href="internals/oomtesting.html">Out of memory testing</a></dt>
-        <dd>Simulating OOM conditions in the test suite</dd>
-
-        <dt><a href="testsuites.html">Functional testing</a></dt>
-        <dd>Testing libvirt with <a href="testtck.html">TCK test suite</a> and
-         <a href="testapi.html">Libvirt-test-API</a></dd>
-      </dl>
-    </div>
-
-    <br class="clear"/>
-
+  <body>
+    <h1>Documentation</h1>
  </body>
 </html>
--- a/docs/downloads.html.in
+++ b/docs/downloads.html.in
@@ -6,417 +6,15 @@

    <ul id="toc"></ul>

-    <h2><a name="releases">Project modules</a></h2>
+    <h2><a name="releases">Official Releases</a></h2>

    <p>
-      The libvirt project maintains a number of inter-related modules beyond
-      the core C library/daemon.
-    </p>
-
-    <table class="top_table downloads">
-      <thead>
-        <tr>
-          <th>Module</th>
-          <th>Releases</th>
-          <th>GIT Repo</th>
-          <th>GIT Mirrors</th>
-          <th>Resources</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td>libvirt</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/">ftp</a>
-            <a href="http://libvirt.org/sources/">http</a>
-            <a href="https://libvirt.org/sources/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt">github</a>
-          </td>
-          <td>
-            <a href="html/index.html">api ref</a>
-            <a href="news.html">changes</a>
-          </td>
-        </tr>
-        <tr>
-          <th colspan="7">Language bindings</th>
-        </tr>
-        <tr>
-          <td>C#</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/csharp/">ftp</a>
-            <a href="http://libvirt.org/sources/csharp/">http</a>
-            <a href="https://libvirt.org/sources/csharp/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-csharp.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-csharp">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-csharp">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Go</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/go/">ftp</a>
-            <a href="http://libvirt.org/sources/go/">http</a>
-            <a href="https://libvirt.org/sources/go/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-go.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-go">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-go">github</a>
-          </td>
-          <td>
-            <a href="https://godoc.org/github.com/libvirt/libvirt-go">api ref</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Java</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/java/">ftp</a>
-            <a href="http://libvirt.org/sources/java/">http</a>
-            <a href="https://libvirt.org/sources/java/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-java.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-java">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-java">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>OCaml</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/ocaml/">ftp</a>
-            <a href="http://libvirt.org/sources/ocaml/">http</a>
-            <a href="https://libvirt.org/sources/ocaml/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-ocaml.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-ocaml">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-ocaml">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Perl (Sys::Virt)</td>
-          <td>
-            <a href="http://search.cpan.org/dist/Sys-Virt/">cpan</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-perl.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-perl">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-perl">github</a>
-          </td>
-          <td>
-            <a href="http://search.cpan.org/dist/Sys-Virt/">api ref</a>
-            <a href="http://libvirt.org/git/?p=libvirt-perl.git;a=blob;f=Changes;hb=HEAD">changes</a>
-          </td>
-        </tr>
-        <tr>
-          <td>PHP</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/php/">ftp</a>
-            <a href="http://libvirt.org/sources/php/">http</a>
-            <a href="https://libvirt.org/sources/php/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-php.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-php">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-php">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Python</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/python/">ftp</a>
-            <a href="http://libvirt.org/sources/python/">http</a>
-            <a href="https://libvirt.org/sources/python/">https</a>
-            <a href="https://pypi.python.org/pypi/libvirt-python">pypi</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-python.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-python">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-python">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Ruby</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/ruby/">ftp</a>
-            <a href="http://libvirt.org/sources/ruby/">http</a>
-            <a href="https://libvirt.org/sources/ruby/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=ruby-libvirt.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/ruby-libvirt">gitlab</a>
-            <a href="https://github.com/libvirt/ruby-libvirt">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <th colspan="7">Integration modules</th>
-        </tr>
-        <tr>
-          <td>GLib / GConfig / GObject</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/glib/">ftp</a>
-            <a href="http://libvirt.org/sources/glib/">http</a>
-            <a href="https://libvirt.org/sources/glib/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-glib.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-glib">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-glib">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Go XML</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/go/">ftp</a>
-            <a href="http://libvirt.org/sources/go/">http</a>
-            <a href="https://libvirt.org/sources/go/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-go-xml.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-go-xml">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-go-xml">github</a>
-          </td>
-          <td>
-            <a href="https://godoc.org/github.com/libvirt/libvirt-go-xml">api ref</a>
-          </td>
-        </tr>
-        <tr>
-          <td>Console Proxy</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/consoleproxy/">ftp</a>
-            <a href="http://libvirt.org/sources/consoleproxy/">http</a>
-            <a href="https://libvirt.org/sources/consoleproxy/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-console-proxy.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-console-proxy">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-console-proxy">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>CIM provider</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/CIM/">ftp</a>
-            <a href="http://libvirt.org/sources/CIM/">http</a>
-            <a href="https://libvirt.org/sources/CIM/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-cim.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-cim">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-cim">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>CIM utils</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/CIM/">ftp</a>
-            <a href="http://libvirt.org/sources/CIM/">http</a>
-            <a href="https://libvirt.org/sources/CIM/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libcmpiutil.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libcmpiutil">gitlab</a>
-            <a href="https://github.com/libvirt/libcmpiutil">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>SNMP</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/snmp/">ftp</a>
-            <a href="http://libvirt.org/sources/snmp/">http</a>
-            <a href="https://libvirt.org/sources/snmp/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-snmp.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-snmp">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-snmp">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Application Sandbox</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/sandbox/">ftp</a>
-            <a href="http://libvirt.org/sources/sandbox/">http</a>
-            <a href="https://libvirt.org/sources/sandbox/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-sandbox.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-sandbox">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-sandbox">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <th colspan="7">Testing</th>
-        </tr>
-        <tr>
-          <td>TCK</td>
-          <td>
-            <a href="ftp://libvirt.org/libvirt/tck/">ftp</a>
-            <a href="http://libvirt.org/sources/tck/">http</a>
-            <a href="https://libvirt.org/sources/tck/">https</a>
-          </td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-tck.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-tck">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-tck">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Test API</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-test-API.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-test-API">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-test-API">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>Jenkins Config</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-jenkins-ci.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-jenkins-ci">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-jenkins-ci">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>CIM Test</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=cimtest.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/cimtest">gitlab</a>
-            <a href="https://github.com/libvirt/cimtest">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <th colspan="7">Documentation</th>
-        </tr>
-        <tr>
-          <td>Publican Brand</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-publican.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-publican">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-publican">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>App Development Guide</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-appdev-guide">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>App Development Guide Python</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-appdev-guide-python.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-appdev-guide-python">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-appdev-guide-python">github</a>
-          </td>
-          <td></td>
-        </tr>
-        <tr>
-          <td>virsh Command Reference</td>
-          <td></td>
-          <td>
-            <a href="http://libvirt.org/git/?p=libvirt-virshcmdref.git;a=summary">libvirt</a>
-          </td>
-          <td>
-            <a href="https://gitlab.com/libvirt/libvirt-virshcmdref">gitlab</a>
-            <a href="https://github.com/libvirt/libvirt-virshcmdref">github</a>
-          </td>
-          <td></td>
-        </tr>
-      </tbody>
-    </table>
-
-    <h2>Primary download site</h2>
-
-    <p>
-      Most modules have releases made available for download on the project
-      site, via FTP, HTTP or HTTPS. Some modules are instead made available
-      at alternative locations, for example, the Perl binding is made
-      available only on CPAN.
+      The latest versions of the libvirt C library can be downloaded from:
    </p>

    <ul>
      <li><a href="ftp://libvirt.org/libvirt/">libvirt.org FTP server</a></li>
      <li><a href="http://libvirt.org/sources/">libvirt.org HTTP server</a></li>
-      <li><a href="https://libvirt.org/sources/">libvirt.org HTTPS server</a></li>
    </ul>

    <h2><a name="hourly">Hourly development snapshots</a></h2>
@@ -430,77 +28,24 @@
    </p>

    <ul>
-      <li><a href="ftp://libvirt.org/libvirt/libvirt-git-snapshot.tar.xz">libvirt.org FTP server</a></li>
-      <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.xz">libvirt.org HTTP server</a></li>
+      <li><a href="ftp://libvirt.org/libvirt/libvirt-git-snapshot.tar.gz">libvirt.org FTP server</a></li>
+      <li><a href="http://libvirt.org/sources/libvirt-git-snapshot.tar.gz">libvirt.org HTTP server</a></li>
    </ul>

-    <h2><a name="schedule">Primary release schedule</a></h2>
-
-    <p>
-      The core libvirt module follows a time based plan, with releases made
-      once a month on the 1st of each month give or take a few days. The only
-      exception is at the start of the year where there are two 6 weeks gaps
-      (first release in the middle of Jan, then skip the Feb release), giving
-      a total of 11 releases a year. The Python and Perl modules will aim to
-      release at the same time as the core libvirt module. Other modules have
-      independant ad-hoc releases with no fixed time schedle.
-    </p>
-
-    <h2><a name="numbering">Release numbering</a></h2>
-
-    <p>
-      Since libvirt 2.0.0, a time based version numbering rule
-      is applied to the core library releases. As such, the changes
-      in version number have do not have any implications with respect
-      to the scope of features or bugfixes included, the stability of
-      the code, or the API / ABI compatibility (libvirt API / ABI is
-      guaranteed stable forever). The rules applied for changing the
-      libvirt version number are:
-    </p>
-
-    <dl>
-      <dt><code>major</code></dt>
-      <dd>incremented by 1 for the first release of the year (the
-        Jan 15th release)</dd>
-      <dt><code>minor</code></dt>
-      <dd>reset to 0 with every major increment, otherwise incremented by 1
-        for each monthly release from git master</dd>
-      <dt><code>micro</code></dt>
-      <dd>always 0 for releases from git master, incremented by 1
-        for each stable maintenance release</dd>
-    </dl>
-
-    <p>
-      Prior to 2.0.0, the major/minor numbers were incremented
-      fairly arbitrarily, and maintenance releases appended a
-      fourth digit. The language bindings will aim to use the
-      same version number as the most recent core library API
-      they support. The other modules have their own distinct
-      release numbering sequence, though they generally aim
-      to follow the above rules for incrementing major/minor/micro
-      digits.
-    </p>
-
    <h2><a name="maintenance">Maintenance releases</a></h2>
    <p>
-      In the git repository are several stable maintenance branches
-      for the core library, matching the
-      pattern <code>v<i>major</i>.<i>minor</i>-maint</code>;
+      In the git repository are several stable maintenance branches,
+      matching the
+      pattern <code>v<i>major</i>.<i>minor</i>.<i>micro</i>-maint</code>;
      these branches are forked off the corresponding
-      <code>v<i>major</i>.<i>minor</i>.0</code> formal
+      <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code> formal
      release, and may have further releases of the
-      form <code>v<i>major</i>.<i>minor</i>.<i>micro</i></code>.
+      form <code>v<i>major</i>.<i>minor</i>.<i>micro</i>.<i>rel</i></code>.
      These maintenance branches should only contain bug fixes, and no
      new features, backported from the master branch, and are
      supported as long as at least one downstream distribution
      expresses interest in a given branch.  These maintenance
-      branches are considered during CVE analysis. In contrast
-      to the primary releases which are made once a month, there
-      is no formal schedule for the maintenance releases, which
-      are made whenever there is a need to make available key
-      bugfixes to downstream consumers. The language bindings
-      and other modules generally do not provide stable branch
-      releases.
+      branches are considered during CVE analysis.
    </p>

    <p>
@@ -512,26 +57,68 @@
    <h2><a name="git">GIT source repository</a></h2>

    <p>
-      All modules maintained by the libvirt project have their primary
-      source available in the <a href="http://libvirt.org/git/">project GIT server</a>.
-      Each module can be cloned anonymously using:
+      Libvirt code source is now maintained in a <a href="http://git-scm.com/">git</a>
+      repository available on <a href="http://libvirt.org/git/">libvirt.org</a>:
    </p>

    <pre>
-git clone git://libvirt.org/[module name].git</pre>
+      git clone git://libvirt.org/libvirt.git</pre>

    <p>
-      In addition to this primary repository, there are the following read-only git
-      repositories which mirror the master one. Note that we currently do not
-      use the full set of features on these mirrors (e.g. pull requests on
-      GitHub, so please don't use them). All patch review and discussion only
-      occurs on the <a href="contact.html">libvir-list</a> mailing list. Also
-      note that some repositories listed below allow HTTP checkouts too.
+      It can also be browsed at:
    </p>

    <pre>
-<a href="https://github.com/libvirt/">https://github.com/libvirt/</a>
-<a href="https://gitlab.com/libvirt/libvirt">https://gitlab.com/libvirt/</a></pre>
+      <a href="http://libvirt.org/git/?p=libvirt.git;a=summary">http://libvirt.org/git/?p=libvirt.git;a=summary</a></pre>

+    <br />
+
+    <h1>libvirt Application Development Guide</h1>
+
+    <p>
+      The guide is both a learning tool for developing with libvirt and an
+      API reference document. It is a work in progress, composed by a
+      professional author from contributions written by members of the
+      libvirt team.
+    </p>
+
+    <p>
+      Contributions to the guide are <b>VERY</b> welcome. If you'd like to get
+      your name on this and demonstrate your virtualisation prowess, a solid
+      contribution to the content here will do it. :)
+    </p>
+
+    <h2><a name="appdevpdf">Application Development Guide PDF</a></h2>
+
+    <p>
+      PDF download is available here:
+    </p>
+
+    <ul>
+      <li><a href="http://libvirt.org/guide/pdf/Application_Development_Guide.pdf">libvirt App Dev Guide</a> (PDF)</li>
+    </ul>
+
+    <h2><a name="appdevgit">Application Development Guide source GIT repository</a></h2>
+
+    <p>
+      The source is also in a git repository:
+    </p>
+
+    <pre>
+      git clone git://libvirt.org/libvirt-appdev-guide.git</pre>
+
+    <p>
+      Browsable at:
+    </p>
+
+    <pre>
+      <a href="http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary">http://libvirt.org/git/?p=libvirt-appdev-guide.git;a=summary</a></pre>
+
+    <br />
+
+    <p>
+      Once you've have obtained the libvirt source code, you can compile it
+      using the <a href="compiling.html">instructions here</a>.
+    </p>
  </body>
 </html>
--- a/docs/drivers.html.in
+++ b/docs/drivers.html.in
@@ -32,7 +32,7 @@
      <li><strong><a href="drvxen.html">Xen</a></strong></li>
      <li><strong><a href="drvhyperv.html">Microsoft Hyper-V</a></strong></li>
      <li><strong><a href="drvphyp.html">IBM PowerVM (phyp)</a></strong></li>
-      <li><strong><a href="drvvirtuozzo.html">Virtuozzo</a></strong></li>
+      <li><strong><a href="drvparallels.html">Parallels</a></strong></li>
      <li><strong><a href="drvbhyve.html">Bhyve</a></strong> - The BSD Hypervisor</li>
    </ul>

--- a/docs/drvbhyve.html.in
+++ b/docs/drvbhyve.html.in
@@ -13,20 +13,9 @@ of bhyve are supported.

 In order to enable bhyve on your FreeBSD host, you'll need to load the <code>vmm</code>
 kernel module. Additionally, <code>if_tap</code> and <code>if_bridge</code> modules
-should be loaded for networking support. Also, <span class="since">since 3.2.0</span> the
-<code>virt-host-validate(1)</code> supports the bhyve host validation and could be
-used like this:
+should be loaded for networking support.
 </p>

-<pre>
-$ virt-host-validate bhyve
- BHYVE: Checking for vmm module                                              : PASS
- BHYVE: Checking for if_tap module                                           : PASS
- BHYVE: Checking for if_bridge module                                        : PASS
- BHYVE: Checking for nmdm module                                             : PASS
-$
-</pre>
-
 <p>
 Additional information on bhyve could be obtained on <a href="http://bhyve.org/">bhyve.org</a>.
 </p>
@@ -48,7 +37,8 @@ bhyve+ssh://root@example.com/system (remote access, SSH tunnelled)
 <h3>Example config</h3>
 <p>
 The bhyve driver in libvirt is in its early stage and under active development. So it supports
-only limited number of features bhyve provides.
+only limited number of features bhyve provides. All the supported features could be found
+in this sample domain XML.
 </p>

 <p>
@@ -58,21 +48,10 @@ disk device were supported per-domain. However,
 up to 31 PCI devices.
 </p>

-<p>
-Note: the Bhyve driver in libvirt will boot whichever device is first. If you
-want to install from CD, put the CD device first. If not, put the root HDD
-first.
-</p>
-
-<p>
-Note: Only the SATA bus is supported. Only <code>cdrom</code>- and
-<code>disk</code>-type disks are supported.
-</p>
-
 <pre>
 &lt;domain type='bhyve'&gt;
-    &lt;name&gt;bhyve&lt;/name&gt;
-    &lt;uuid&gt;df3be7e7-a104-11e3-aeb0-50e5492bd3dc&lt;/uuid&gt;
+  &lt;name&gt;bhyve&lt;/name&gt;
+  &lt;uuid&gt;df3be7e7-a104-11e3-aeb0-50e5492bd3dc&lt;/uuid&gt;
    &lt;memory&gt;219136&lt;/memory&gt;
    &lt;currentMemory&gt;219136&lt;/currentMemory&gt;
    &lt;vcpu&gt;1&lt;/vcpu&gt;
@@ -97,7 +76,6 @@ Note: Only the SATA bus is supported. Only <code>cdrom</code>- and
        &lt;driver name='file' type='raw'/&gt;
        &lt;source file='/path/to/cdrom.iso'/&gt;
        &lt;target dev='hdc' bus='sata'/&gt;
-        &lt;readonly/&gt;
      &lt;/disk&gt;
      &lt;interface type='bridge'&gt;
        &lt;model type='virtio'/&gt;
@@ -107,53 +85,6 @@ Note: Only the SATA bus is supported. Only <code>cdrom</code>- and
 &lt;/domain&gt;
 </pre>

-<p>(The &lt;disk&gt; sections may be swapped in order to install from
-<em>cdrom.iso</em>.)</p>
-
-<h3>Example config (Linux guest)</h3>
-
-<p>
-Note the addition of &lt;bootloader&gt;.
-</p>
-
-<pre>
-&lt;domain type='bhyve'&gt;
-    &lt;name&gt;linux_guest&lt;/name&gt;
-    &lt;uuid&gt;df3be7e7-a104-11e3-aeb0-50e5492bd3dc&lt;/uuid&gt;
-    &lt;memory&gt;131072&lt;/memory&gt;
-    &lt;currentMemory&gt;131072&lt;/currentMemory&gt;
-    &lt;vcpu&gt;1&lt;/vcpu&gt;
-    &lt;bootloader&gt;/usr/local/sbin/grub-bhyve&lt;/bootloader&gt;
-    &lt;os&gt;
-       &lt;type&gt;hvm&lt;/type&gt;
-    &lt;/os&gt;
-    &lt;features&gt;
-      &lt;apic/&gt;
-      &lt;acpi/&gt;
-    &lt;/features&gt;
-    &lt;clock offset='utc'/&gt;
-    &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-    &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
-    &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-    &lt;devices&gt;
-      &lt;disk type='file' device='disk'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-        &lt;source file='/path/to/guest_hdd.img'/&gt;
-        &lt;target dev='hda' bus='sata'/&gt;
-      &lt;/disk&gt;
-      &lt;disk type='file' device='cdrom'&gt;
-        &lt;driver name='file' type='raw'/&gt;
-        &lt;source file='/path/to/cdrom.iso'/&gt;
-        &lt;target dev='hdc' bus='sata'/&gt;
-        &lt;readonly/&gt;
-      &lt;/disk&gt;
-      &lt;interface type='bridge'&gt;
-        &lt;model type='virtio'/&gt;
-        &lt;source bridge="virbr0"/&gt;
-      &lt;/interface&gt;
-    &lt;/devices&gt;
-&lt;/domain&gt;
-</pre>

 <h2><a name="usage">Guest usage / management</a></h2>

@@ -165,13 +96,13 @@ the following to the domain XML (<span class="since">Since 1.2.4</span>):
 </p>

 <pre>
-...
-&lt;devices&gt;
-  &lt;serial type="nmdm"&gt;
-    &lt;source master="/dev/nmdm0A" slave="/dev/nmdm0B"/&gt;
-  &lt;/serial&gt;
-&lt;/devices&gt;
-...</pre>
+  ...
+  &lt;devices&gt;
+    &lt;serial type="nmdm"&gt;
+      &lt;source master="/dev/nmdm0A" slave="/dev/nmdm0B"/&gt;
+    &lt;/serial&gt;
+  &lt;/devices&gt;
+  ...</pre>


 <p>Make sure to load the <code>nmdm</code> kernel module if you plan to use that.</p>
@@ -188,20 +119,6 @@ to let a guest boot or start a guest using:</p>

 <pre>start --console domname</pre>

-<p><b>NB:</b> An bootloader configured to require user interaction will prevent
-the domain from starting (and thus <code>virsh console</code> or <code>start
--console</code> from functioning) until the user interacts with it manually on
-the VM host. Because users typically do not have access to the VM host,
-interactive bootloaders are unsupported by libvirt. <em>However,</em> if you happen to
-run into this scenario and also happen to have access to the Bhyve host
-machine, you may select a boot option and allow the domain to finish starting
-by using an alternative terminal client on the VM host to connect to the
-domain-configured null modem device. One example (assuming
-<code>/dev/nmdm0B</code> is configured as the slave end of the domain serial
-device) is:</p>
-
-<pre>cu -l /dev/nmdm0B</pre>
-
 <h3><a name="xmltonative">Converting from domain XML to Bhyve args</a></h3>

 <p>
@@ -230,79 +147,15 @@ tweak them.</p>
 An example of domain XML device entry for that will look like:</p>

 <pre>
-...
-&lt;disk type='volume' device='disk'&gt;
-  &lt;source pool='zfspool' volume='vol1'/&gt;
-  &lt;target dev='vdb' bus='virtio'/&gt;
-&lt;/disk&gt;
-...</pre>
+  ...
+  &lt;disk type='volume' device='disk'&gt;
+    &lt;source pool='zfspool' volume='vol1'/&gt;
+    &lt;target dev='vdb' bus='virtio'/&gt;
+  &lt;/disk&gt;
+  ...</pre>

 <p>Please refer to the <a href="storage.html">Storage documentation</a> for more details on storage
 management.</p>

-<h3><a name="grubbhyve">Using grub2-bhyve or Alternative Bootloaders</a></h3>
-
-<p>It's possible to boot non-FreeBSD guests by specifying an explicit
-bootloader, e.g. <code>grub-bhyve(1)</code>. Arguments to the bootloader may be
-specified as well. If the bootloader is <code>grub-bhyve</code> and arguments
-are omitted, libvirt will try and infer boot ordering from user-supplied
-&lt;boot order='N'&gt; configuration in the domain. Failing that, it will boot
-the first disk in the domain (either <code>cdrom</code>- or
-<code>disk</code>-type devices). If the disk type is <code>disk</code>, it will
-attempt to boot from the first partition in the disk image.</p>
-
-<pre>
-...
-&lt;bootloader&gt;/usr/local/sbin/grub-bhyve&lt;/bootloader&gt;
-&lt;bootloader_args&gt;...&lt;/bootloader_args&gt;
-...
-</pre>
-
-<p>Caveat: <code>bootloader_args</code> does not support any quoting.
-Filenames, etc, must not have spaces or they will be tokenized incorrectly.</p>
-
-<h3><a name="clockconfig">Clock configuration</a></h3>
-
-<p>Originally bhyve supported only localtime for RTC. Support for UTC time was introduced in
-<a href="http://svnweb.freebsd.org/changeset/base/284894">r284894</a> for <i>10-STABLE</i> and
-in <a href="http://svnweb.freebsd.org/changeset/base/279225">r279225</a> for <i>-CURRENT</i>.
-It's possible to use this in libvirt <span class="since">since 1.2.18</span>, just place the
-following to domain XML:</p>
-
-<pre>
-&lt;domain type="bhyve"&gt;
-    ...
-    &lt;clock offset='utc'/&gt;
-    ...
-&lt;/domain&gt;
-</pre>
-
-<p>Please note that if you run the older bhyve version that doesn't support UTC time, you'll
-fail to start a domain. As UTC is used as a default when you do not specify clock settings,
-you'll need to explicitly specify 'localtime' in this case:</p>
-
-<pre>
-&lt;domain type="bhyve"&gt;
-    ...
-    &lt;clock offset='localtime'/&gt;
-    ...
-&lt;/domain&gt;
-</pre>
-
-<h3><a name="e1000">e1000 NIC</a></h3>
-
-<p>As of <a href="https://svnweb.freebsd.org/changeset/base/302504">r302504</a> bhyve
-supports Intel e1000 network adapter emulation. It's supported in libvirt
-<span class="since">since 3.1.0</span> and could be used as follows:</p>
-
-<pre>
-...
-    &lt;interface type='bridge'&gt;
-      &lt;source bridge='virbr0'/&gt;
-      &lt;model type='<b>e1000</b>'/&gt;
-    &lt;/interface&gt;
-...
-</pre>
-
  </body>
 </html>
--- a/docs/drvesx.html.in
+++ b/docs/drvesx.html.in
@@ -467,14 +467,14 @@ ethernet0.checkMACAddress = "false"
        Here a domain XML snippet:
    </p>
 <pre>
-...
-&lt;disk type='file' device='disk'&gt;
-  &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
-  &lt;target dev='sda' bus='scsi'/&gt;
-  &lt;address type='drive' controller='0' bus='0' unit='0'/&gt;
-&lt;/disk&gt;
-&lt;controller type='scsi' index='0' model='<strong>lsilogic</strong>'/&gt;
-...
+    ...
+    &lt;disk type='file' device='disk'&gt;
+      &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
+      &lt;target dev='sda' bus='scsi'/&gt;
+      &lt;address type='drive' controller='0' bus='0' unit='0'/&gt;
+    &lt;/disk&gt;
+    &lt;controller type='scsi' index='0' model='<strong>lsilogic</strong>'/&gt;
+    ...
 </pre>
    <p>
        The controller element is supported <span class="since">since 0.8.2</span>.
@@ -482,13 +482,13 @@ ethernet0.checkMACAddress = "false"
        specify the SCSI controller model. This attribute usage is deprecated now.
    </p>
 <pre>
-...
-&lt;disk type='file' device='disk'&gt;
-  &lt;driver name='<strong>lsilogic</strong>'/&gt;
-  &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
-  &lt;target dev='sda' bus='scsi'/&gt;
-&lt;/disk&gt;
-...
+    ...
+    &lt;disk type='file' device='disk'&gt;
+      &lt;driver name='<strong>lsilogic</strong>'/&gt;
+      &lt;source file='[local-storage] Fedora11/Fedora11.vmdk'/&gt;
+      &lt;target dev='sda' bus='scsi'/&gt;
+    &lt;/disk&gt;
+    ...
 </pre>


@@ -513,13 +513,13 @@ ethernet0.checkMACAddress = "false"
        Here a domain XML snippet:
    </p>
 <pre>
-...
-&lt;interface type='bridge'&gt;
-  &lt;mac address='00:50:56:25:48:c7'/&gt;
-  &lt;source bridge='VM Network'/&gt;
-  &lt;model type='<strong>e1000</strong>'/&gt;
-&lt;/interface&gt;
-...
+    ...
+    &lt;interface type='bridge'&gt;
+      &lt;mac address='00:50:56:25:48:c7'/&gt;
+      &lt;source bridge='VM Network'/&gt;
+      &lt;model type='<strong>e1000</strong>'/&gt;
+    &lt;/interface&gt;
+    ...
 </pre>


--- a/docs/drvlxc.html.in
+++ b/docs/drvlxc.html.in
@@ -62,12 +62,12 @@ would use the following XML
 </p>

 <pre>
-&lt;os&gt;
-  &lt;type arch='x86_64'&gt;exe&lt;/type&gt;
-  &lt;init&gt;/bin/systemd&lt;/init&gt;
-  &lt;initarg&gt;--unit&lt;/initarg&gt;
-  &lt;initarg&gt;emergency.service&lt;/initarg&gt;
-&lt;/os&gt;
+  &lt;os&gt;
+    &lt;type arch='x86_64'&gt;exe&lt;/type&gt;
+    &lt;init&gt;/bin/systemd&lt;/init&gt;
+    &lt;initarg&gt;--unit&lt;/initarg&gt;
+    &lt;initarg&gt;emergency.service&lt;/initarg&gt;
+  &lt;/os&gt;
 </pre>

 <h3><a name="envvars">Environment variables</a></h3>
@@ -80,15 +80,15 @@ to be provided by all container technologies on Linux.
 </p>

 <dl>
-<dt><code>container</code></dt>
+<dt>container</dt>
 <dd>The fixed string <code>libvirt-lxc</code> to identify libvirt as the creator</dd>
-<dt><code>container_uuid</code></dt>
+<dt>container_uuid</dt>
 <dd>The UUID assigned to the container by libvirt</dd>
-<dt><code>PATH</code></dt>
+<dt>PATH</dt>
 <dd>The fixed string <code>/bin:/usr/bin</code></dd>
-<dt><code>TERM</code></dt>
+<dt>TERM</dt>
 <dd>The fixed string <code>linux</code></dd>
-<dt><code>HOME</code></dt>
+<dt>HOME</dt>
 <dd>The fixed string <code>/</code></dd>
 </dl>

@@ -98,11 +98,11 @@ environment variables are also provided
 </p>

 <dl>
-<dt><code>LIBVIRT_LXC_NAME</code></dt>
+<dt>LIBVIRT_LXC_NAME</dt>
 <dd>The name assigned to the container by libvirt</dd>
-<dt><code>LIBVIRT_LXC_UUID</code></dt>
+<dt>LIBVIRT_LXC_UUID</dt>
 <dd>The UUID assigned to the container by libvirt</dd>
-<dt><code>LIBVIRT_LXC_CMDLINE</code></dt>
+<dt>LIBVIRT_LXC_CMDLINE</dt>
 <dd>The unparsed command line arguments specified in the container configuration.
 Use of this is discouraged, in favour of passing arguments directly to the
 container init process via the <code>initarg</code> config element.</dd>
@@ -167,7 +167,7 @@ numbered incrementally from there.

 <p>
 Since /dev/ttyN and /dev/console are linked to the pts devices. The
-tty device of login program is pts device. The pam module securetty
+tty device of login program is pts device. the pam module securetty
 may prevent root user from logging in container. If you want root
 user to log in container successfully, add the pts device to the file
 /etc/securetty of container.
@@ -590,31 +590,6 @@ Note that allowing capabilities that are normally dropped by default can serious
 affect the security of the container and the host.
 </p>

-<h2><a name="share">Inherit namespaces</a></h2>
-
-<p>
-Libvirt allows you to inherit the namespace from container/process just like lxc tools
-or docker provides to share the network namespace. The following can be used to share
-required namespaces. If we want to share only one then the other namespaces can be ignored.
-The netns option is specific to sharenet. It can be used in cases we want to use existing network namespace
-rather than creating new network namespace for the container. In this case privnet option will be
-ignored.
-</p>
-<pre>
-&lt;domain type='lxc' xmlns:lxc='http://libvirt.org/schemas/domain/lxc/1.0'&gt;
-...
-&lt;lxc:namespace&gt;
-  &lt;lxc:sharenet type='netns' value='red'/&gt;
-  &lt;lxc:shareuts type='name' value='container1'/&gt;
-  &lt;lxc:shareipc type='pid' value='12345'/&gt;
-&lt;/lxc:namespace&gt;
-&lt;/domain&gt;
-</pre>
-
-<p>
-The use of namespace passthrough requires libvirt >= 1.2.19
-</p>
-
 <h2><a name="usage">Container usage / management</a></h2>

 <p>
--- a/docs/drvparallels.html.in
+++ b/docs/drvparallels.html.in
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <body>
+    <h1>Parallels Cloud Server driver</h1>
+    <ul id="toc"></ul>
+    <p>
+        The libvirt Parallels driver can manage Parallels Cloud Server starting from version 6.0.
+    </p>
+
+
+    <h2><a name="project">Project Links</a></h2>
+    <ul>
+      <li>
+        The <a href="http://www.parallels.com/products/server/baremetal/sp/">Parallels Cloud Server</a> Virtualization Solution.
+      </li>
+    </ul>
+
+
+    <h2><a name="uri">Connections to the Parallels Cloud Server driver</a></h2>
+    <p>
+        The libvirt Parallels driver is a single-instance privileged driver, with a driver name of 'parallels'. Some example connection URIs for the libvirt driver are:
+    </p>
+<pre>
+parallels:///system                     (local access)
+parallels+unix:///system                (local access)
+parallels://example.com/system          (remote access, TLS/x509)
+parallels+tcp://example.com/system      (remote access, SASl/Kerberos)
+parallels+ssh://root@example.com/system (remote access, SSH tunnelled)
+</pre>
+
+    <h2><a name="example">Example guest domain XML configuration</a></h2>
+
+    <p>
+    Parallels driver require at least one hard disk for new domains
+    at this time. It is used for defining directory, where VM should
+    be created.
+    </p>
+
+<pre>
+&lt;domain type='parallels'&gt;
+  &lt;name&gt;demo&lt;/name&gt;
+  &lt;uuid&gt;54cdecad-4492-4e31-a209-33cc21d64057&lt;/uuid&gt;
+  &lt;description&gt;some description&lt;/description&gt;
+  &lt;memory unit='KiB'&gt;1048576&lt;/memory&gt;
+  &lt;currentMemory unit='KiB'&gt;1048576&lt;/currentMemory&gt;
+  &lt;vcpu placement='static'&gt;2&lt;/vcpu&gt;
+  &lt;os&gt;
+    &lt;type arch='x86_64'&gt;hvm&lt;/type&gt;
+  &lt;/os&gt;
+  &lt;clock offset='utc'/&gt;
+  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
+  &lt;on_reboot&gt;destroy&lt;/on_reboot&gt;
+  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
+  &lt;devices&gt;
+    &lt;disk type='file' device='disk'&gt;
+      &lt;source file='/storage/vol1'/&gt;
+      &lt;target dev='hda'/&gt;
+    &lt;/disk&gt;
+    &lt;video&gt;
+      &lt;model type='vga' vram='33554432' heads='1'&gt;
+        &lt;acceleration accel3d='no' accel2d='no'/&gt;
+      &lt;/model&gt;
+    &lt;/video&gt;
+  &lt;/devices&gt;
+&lt;/domain&gt;
+
+</pre>
+
+</body></html>
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -8,7 +8,9 @@

    <p>
      The libvirt KVM/QEMU driver can manage any QEMU emulator from
-      version 0.12.0 or later.
+      version 0.8.1 or later. It can also manage Xenner, which
+      provides the same QEMU command line syntax and monitor
+      interaction.
    </p>

    <h2><a name="project">Project Links</a></h2>
@@ -41,6 +43,12 @@
        node. If both are found, then KVM fullyvirtualized, hardware accelerated
        guests will be available.
      </li>
+      <li>
+        <strong>Xenner hypervisor</strong>: The driver will probe <code>/usr/bin</code>
+        for the presence of <code>xenner</code> and <code>/dev/kvm</code> device
+        node. If both are found, then Xen paravirtualized guests can be run using
+        the KVM hardware acceleration.
+      </li>
    </ul>

    <h2><a name="uris">Connections to QEMU driver</a></h2>
@@ -639,5 +647,9 @@ $ virsh domxml-to-native qemu-argv demo.xml
  &lt;/devices&gt;
 &lt;/domain&gt;</pre>

+    <h3>Xen paravirtualized guests with hardware acceleration</h3>
+
+
+
  </body>
 </html>
--- a/docs/drvvirtuozzo.html.in
+++ b/docs/drvvirtuozzo.html.in
@@ -1,70 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <body>
-    <h1>Virtuozzo driver</h1>
-    <ul id="toc"></ul>
-    <p>
-        The libvirt vz driver can manage Virtuozzo starting from version 6.0.
-    </p>
-
-
-    <h2><a name="project">Project Links</a></h2>
-    <ul>
-      <li>
-        The <a href="http://www.odin.com/products/virtuozzo/">Virtuozzo</a> Solution.
-      </li>
-    </ul>
-
-
-    <h2><a name="uri">Connections to the Virtuozzo driver</a></h2>
-    <p>
-        The libvirt Virtuozzo driver is a single-instance privileged driver, with a driver name of 'virtuozzo'. Some example connection URIs for the libvirt driver are:
-    </p>
-<pre>
-vz:///system                     (local access)
-vz+unix:///system                (local access)
-vz://example.com/system          (remote access, TLS/x509)
-vz+tcp://example.com/system      (remote access, SASl/Kerberos)
-vz+ssh://root@example.com/system (remote access, SSH tunnelled)
-</pre>
-
-    <h2><a name="example">Example guest domain XML configuration</a></h2>
-
-    <p>
-    Virtuozzo driver require at least one hard disk for new domains
-    at this time. It is used for defining directory, where VM should
-    be created.
-    </p>
-
-<pre>
-&lt;domain type='vz'&gt;
-  &lt;name&gt;demo&lt;/name&gt;
-  &lt;uuid&gt;54cdecad-4492-4e31-a209-33cc21d64057&lt;/uuid&gt;
-  &lt;description&gt;some description&lt;/description&gt;
-  &lt;memory unit='KiB'&gt;1048576&lt;/memory&gt;
-  &lt;currentMemory unit='KiB'&gt;1048576&lt;/currentMemory&gt;
-  &lt;vcpu placement='static'&gt;2&lt;/vcpu&gt;
-  &lt;os&gt;
-    &lt;type arch='x86_64'&gt;hvm&lt;/type&gt;
-  &lt;/os&gt;
-  &lt;clock offset='utc'/&gt;
-  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
-  &lt;on_reboot&gt;destroy&lt;/on_reboot&gt;
-  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
-  &lt;devices&gt;
-    &lt;disk type='file' device='disk'&gt;
-      &lt;source file='/storage/vol1'/&gt;
-      &lt;target dev='hda'/&gt;
-    &lt;/disk&gt;
-    &lt;video&gt;
-      &lt;model type='vga' vram='33554432' heads='1'&gt;
-        &lt;acceleration accel3d='no' accel2d='no'/&gt;
-      &lt;/model&gt;
-    &lt;/video&gt;
-  &lt;/devices&gt;
-&lt;/domain&gt;
-
-</pre>
-
-</body></html>
--- a/docs/errors.html.in
+++ b/docs/errors.html.in
@@ -46,9 +46,9 @@ following fields:</p>
      <li>level: the error level, usually VIR_ERR_ERROR, though there is room for
    warnings like VIR_ERR_WARNING</li>
      <li>message: the full human-readable formatted string of the error</li>
-      <li>conn: if available a pointer to the <a href="html/libvirt-libvirt-host.html#virConnectPtr">virConnectPtr</a>
+      <li>conn: if available a pointer to the <a href="html/libvirt-libvirt.html#virConnectPtr">virConnectPtr</a>
    connection to the hypervisor where this happened</li>
-      <li>dom: if available a pointer to the <a href="html/libvirt-libvirt-domain.html#virDomainPtr">virDomainPtr</a> domain
+      <li>dom: if available a pointer to the <a href="html/libvirt-libvirt.html#virDomainPtr">virDomainPtr</a> domain
    targeted in the operation</li>
    </ul>
    <p>and then extra raw information about the error which may be initialized
--- a/docs/et.png
+++ b/docs/et.png
--- a/docs/fonts/LICENSE.md
+++ b/docs/fonts/LICENSE.md
@@ -1,90 +0,0 @@
-## License
-
-Copyright (C) 2015 Red Hat, Inc.,
-
-This Font Software is licensed under the SIL Open Font License, Version 1.1.
-This license is copied below, and is also available with a FAQ at:
-http://scripts.sil.org/OFL
-
-
-#### SIL OPEN FONT LICENSE
-Version 1.1 - 26 February 2007
-
---
-
-#### PREAMBLE
-The goals of the Open Font License (OFL) are to stimulate worldwide development
-of collaborative font projects, to support the font creation efforts of
-academic and linguistic communities, and to provide a free and open framework
-in which fonts may be shared and improved in partnership with others.
-
-The OFL allows the licensed fonts to be used, studied, modified and
-redistributed freely as long as they are not sold by themselves. The fonts,
-including any derivative works, can be bundled, embedded, redistributed and/or
-sold with any software provided that any reserved names are not used by
-derivative works. The fonts and derivatives, however, cannot be released under
-any other type of license. The requirement for fonts to remain under this
-license does not apply to any document created using the fonts or their
-derivatives.
-
-#### DEFINITIONS
-“Font Software” refers to the set of files released by the Copyright Holder(s)
-under this license and clearly marked as such. This may include source files,
-build scripts and documentation.
-
-“Reserved Font Name” refers to any names specified as such after the copyright
-statement(s).
-
-“Original Version” refers to the collection of Font Software components as
-distributed by the Copyright Holder(s).
-
-“Modified Version” refers to any derivative made by adding to, deleting, or
-substituting—in part or in whole—any of the components of the Original Version,
-by changing formats or by porting the Font Software to a new environment.
-
-“Author” refers to any designer, engineer, programmer, technical writer or
-other person who contributed to the Font Software.
-
-#### PERMISSION & CONDITIONS
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-the Font Software, to use, study, copy, merge, embed, modify, redistribute, and
-sell modified and unmodified copies of the Font Software, subject to the
-following conditions:
-
-1) Neither the Font Software nor any of its individual components, in Original
-or Modified Versions, may be sold by itself.
-
-2) Original or Modified Versions of the Font Software may be bundled,
-redistributed and/or sold with any software, provided that each copy contains
-the above copyright notice and this license. These can be included either as
-stand-alone text files, human-readable headers or in the appropriate machine-
-readable metadata fields within text or binary files as long as those fields
-can be easily viewed by the user.
-
-3) No Modified Version of the Font Software may use the Reserved Font Name(s)
-unless explicit written permission is granted by the corresponding Copyright
-Holder. This restriction only applies to the primary font name as presented to
-the users.
-
-4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font Software
-shall not be used to promote, endorse or advertise any Modified Version, except
-to acknowledge the contribution(s) of the Copyright Holder(s) and the Author(s)
-or with their explicit written permission.
-
-5) The Font Software, modified or unmodified, in part or in whole, must be
-distributed entirely under this license, and must not be distributed under any
-other license. The requirement for fonts to remain under this license does not
-apply to any document created using the Font Software.
-
-#### TERMINATION
-This license becomes null and void if any of the above conditions are not met.
-
-#### DISCLAIMER
-THE FONT SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT,
-TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, INCLUDING ANY GENERAL, SPECIAL,
-INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF
-CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF THE USE OR INABILITY TO USE
-THE FONT SOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.
--- a/docs/fonts/overpass-bold-italic.woff
+++ b/docs/fonts/overpass-bold-italic.woff
--- a/docs/fonts/overpass-bold.woff
+++ b/docs/fonts/overpass-bold.woff
--- a/docs/fonts/overpass-italic.woff
+++ b/docs/fonts/overpass-italic.woff
--- a/docs/fonts/overpass-light-italic.woff
+++ b/docs/fonts/overpass-light-italic.woff
--- a/docs/fonts/overpass-light.woff
+++ b/docs/fonts/overpass-light.woff
--- a/docs/fonts/overpass-mono-bold.woff
+++ b/docs/fonts/overpass-mono-bold.woff
--- a/docs/fonts/overpass-mono-light.woff
+++ b/docs/fonts/overpass-mono-light.woff
--- a/docs/fonts/overpass-mono-regular.woff
+++ b/docs/fonts/overpass-mono-regular.woff
--- a/docs/fonts/overpass-mono-semibold.woff
+++ b/docs/fonts/overpass-mono-semibold.woff
--- a/docs/fonts/overpass-regular.woff
+++ b/docs/fonts/overpass-regular.woff
--- a/docs/fonts/stylesheet.css
+++ b/docs/fonts/stylesheet.css
@@ -1,62 +0,0 @@
-@font-face {
-	font-family: 'LibvirtOverpass';
-	src: url('overpass-regular.woff') format('woff');
-	font-weight: normal;
-	font-style: normal;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpass';
-	src: url('overpass-italic.woff') format('woff');
-	font-weight: normal;
-	font-style: italic;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpass';
-	src: url('overpass-bold.woff') format('woff');
-	font-weight: bold;
-	font-style: normal;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpass';
-	src: url('overpass-bold-italic.woff') format('woff');
-	font-weight: bold;
-	font-style: italic;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpassLight';
-	src: url('overpass-light.woff') format('woff');
-	font-weight: 300;
-	font-style: normal;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpassLight';
-	src: url('overpass-light-italic.woff') format('woff');
-	font-weight: 300;
-	font-style: italic;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpassMono';
-	src: url('overpass-mono-regular.woff') format('woff');
-	font-weight: normal;
-	font-style: normal;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpassMono';
-	src: url('overpass-mono-bold.woff') format('woff');
-	font-weight: bold;
-	font-style: normal;
-}
-
-@font-face {
-	font-family: 'LibvirtOverpassMonoLight';
-	src: url('overpass-mono-light.woff') format('woff');
-	font-weight: 300;
-	font-style: normal;
-}
--- a/docs/footer_corner.png
+++ b/docs/footer_corner.png
--- a/docs/footer_pattern.png
+++ b/docs/footer_pattern.png
--- a/docs/format.html.in
+++ b/docs/format.html.in
@@ -2,43 +2,9 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <body>
-    <h1>XML Format</h1>
+    <h1 >XML Format</h1>


-    <p>
-      Objects in the libvirt API are configured using XML documents to allow
-      for ease of extension in future releases. Each XML document has an
-      associated Relax-NG schema that can be used to validate documents
-      prior to usage.
-    </p>
-
-
-    <ul>
-      <li><a href="formatdomain.html" shape="rect">Domains</a></li>
-      <li><a href="formatnetwork.html" shape="rect">Networks</a></li>
-      <li><a href="formatnwfilter.html" shape="rect">Network filtering</a></li>
-      <li><a href="formatstorage.html" shape="rect">Storage</a></li>
-      <li><a href="formatstorageencryption.html" shape="rect">Storage encryption</a></li>
-      <li><a href="formatcaps.html" shape="rect">Capabilities</a></li>
-      <li><a href="formatdomaincaps.html" shape="rect">Domain capabilities</a></li>
-      <li><a href="formatnode.html" shape="rect">Node devices</a></li>
-      <li><a href="formatsecret.html" shape="rect">Secrets</a></li>
-      <li><a href="formatsnapshot.html" shape="rect">Snapshots</a></li>
-    </ul>
-
-    <h2>Command line validation</h2>
-
-    <p>
-      The <code>virt-xml-validate</code> tool provides a simple command line
-      for validating XML documents prior to giving them to libvirt. It uses
-      the locally instaled RNG schema documents. It will auto-detect which
-      schema to use for validation based on the name of the top level element
-      in the input document. Thus it merely requires the XML document filename
-      to be passed on the command line
-    </p>
-
-    <pre>
-$ virt-xml-validate /path/to/XML/file</pre>

  </body>
 </html>
--- a/docs/formatcaps.html.in
+++ b/docs/formatcaps.html.in
@@ -13,7 +13,7 @@
    interface has been added in 0.2.1 allowing to list the set of supported
    virtualization capabilities on the host:</p>

-    <pre>char * virConnectGetCapabilities (virConnectPtr conn);</pre>
+    <pre>    char * virConnectGetCapabilities (virConnectPtr conn);</pre>

    <p>The value returned is an XML document listing the virtualization
    capabilities of the host and virtualization engine to which
@@ -73,19 +73,19 @@
        <dd>This expresses what kind of operating system the hypervisor
        is able to run. Possible values are:
        <dl>
-          <dt><code>xen</code></dt>
+          <dt>xen</dt>
          <dd>for XEN</dd>

-          <dt><code>linux</code></dt>
+          <dt>linux</dt>
          <dd>legacy alias for <code>xen</code></dd>

-          <dt><code>hvm</code></dt>
+          <dt>hvm</dt>
          <dd>Unmodified operating system</dd>

-          <dt><code>exe</code></dt>
+          <dt>exe</dt>
          <dd>Container based virtualization</dd>

-          <dt><code>uml</code></dt>
+          <dt>uml</dt>
          <dd>User Mode Linux</dd>
        </dl>
        </dd>
@@ -97,37 +97,37 @@
        <dd>This optional element encases possible features that can be used
          with a guest of described type.  Possible subelements are:
          <dl>
-            <dt><code>pae</code></dt><dd>If present, 32-bit guests can use PAE
+            <dt>pae</dt><dd>If present, 32-bit guests can use PAE
              address space extensions, <span class="since">since
              0.4.1</span></dd>
-            <dt><code>nonpae</code></dt><dd>If present, 32-bit guests can be run
+            <dt>nonpae</dt><dd>If present, 32-bit guests can be run
              without requiring PAE, <span class="since">since
              0.4.1</span></dd>
-            <dt><code>ia64_be</code></dt><dd>If present, IA64 guests can be run in
+            <dt>ia64_be</dt><dd>If present, IA64 guests can be run in
              big-endian mode, <span class="since">since 0.4.1</span></dd>
-            <dt><code>acpi</code></dt><dd>If this element is present,
+            <dt>acpi</dt><dd>If this element is present,
              the <code>default</code> attribute describes whether the
              hypervisor exposes ACPI to the guest by default, and
              the <code>toggle</code> attribute describes whether the
              user can override this
              default. <span class="since">Since 0.4.1</span></dd>
-            <dt><code>apic</code></dt><dd>If this element is present,
+            <dt>apic</dt><dd>If this element is present,
              the <code>default</code> attribute describes whether the
              hypervisor exposes APIC to the guest by default, and
              the <code>toggle</code> attribute describes whether the
              user can override this
              default. <span class="since">Since 0.4.1</span></dd>
-            <dt><code>cpuselection</code></dt><dd>If this element is present, the
+            <dt>cpuselection</dt><dd>If this element is present, the
              hypervisor supports the <code>&lt;cpu&gt;</code> element
              within a domain definition for fine-grained control over
              the CPU presented to the
              guest. <span class="since">Since 0.7.5</span></dd>
-            <dt><code>deviceboot</code></dt><dd>If this element is present,
+            <dt>deviceboot</dt><dd>If this element is present,
              the <code>&lt;boot order='...'/&gt;</code> element can
              be used inside devices, rather than the older boot
              specification by category. <span class="since">Since
              0.8.8</span></dd>
-            <dt><code>disksnapshot</code></dt><dd>If this element is present,
+            <dt>disksnapshot</dt><dd>If this element is present,
              the <code>default</code> attribute describes whether
              external disk snapshots are supported.  If absent,
              external snapshots may still be supported, but it
@@ -162,7 +162,7 @@
      &lt;suspend_mem/&gt;
      &lt;suspend_disk/&gt;
      &lt;suspend_hybrid/&gt;
-    &lt;/power_management&gt;
+    &lt;power_management/&gt;
  &lt;/host&gt;</span>

  &lt;!-- xen-3.0-x86_64 --&gt;
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -16,14 +16,11 @@
    then it needs to be more recent to support VFIO, while legacy KVM is
    achievable just fine with older qemus.</p>

-    <p>The main difference between
-      <a href="/html/libvirt-libvirt-host.html#virConnectGetCapabilities">
-        <code>virConnectGetCapabilities</code>
-      </a>
-    and the emulator capabilities API is, the former one aims more on
-    the host capabilities (e.g.  NUMA topology, security models in
-    effect, etc.) while the latter one specializes on the hypervisor
-    capabilities.</p>
+    <p>The main difference between <code
+        class="docref">virConnectGetCapabilities</code> and the emulator
+    capabilities API is, the former one aims more on the host capabilities
+    (e.g.  NUMA topology, security models in effect, etc.) while the latter one
+    specializes on the hypervisor capabilities.</p>

    <p>While the <a href="formatcaps.html">Driver Capabilities</a> provides the
    host capabilities (e.g NUMA topology, security models in effect, etc.), the
@@ -44,7 +41,7 @@
    1.2.7</span>):</p>

 <pre>
-<a href="/html/libvirt-libvirt-domain.html#virConnectGetDomainCapabilities">virConnectGetDomainCapabilities</a>
+    <code class="docref">virConnectGetDomainCapabilities</code>
 </pre>

    <p>The root element that emulator capability XML document starts with has
@@ -61,19 +58,18 @@
 &lt;/domainCapabilities&gt;
 </pre>
    <dl>
-      <dt><code>path</code></dt>
+      <dt>path</dt>
      <dd>The full path to the emulator binary.</dd>

-      <dt><code>domain</code></dt>
+      <dt>domain</dt>
      <dd>Describes the <a href="formatdomain.html#elements">virtualization
          type</a> (or so called domain type).</dd>

-      <dt><code>machine</code></dt>
+      <dt>machine</dt>
      <dd>The domain's <a href="formatdomain.html#elementsOSBIOS">machine
-          type</a>. Since not every hypervisor has a sense of machine types
-          this element might be omitted in such drivers.</dd>
+          type</a>.</dd>

-      <dt><code>arch</code></dt>
+      <dt>arch</dt>
      <dd>The domain's <a href="formatdomain.html#elementsOSBIOS">
          architecture</a>.</dd>

@@ -93,7 +89,7 @@
 </pre>

    <dl>
-      <dt><code>vcpu</code></dt>
+      <dt>vcpu</dt>
      <dd>The maximum number of supported virtual CPUs</dd>
    </dl>

@@ -127,91 +123,26 @@
    <p>For the <code>loader</code> element, the following can occur:</p>

    <dl>
-      <dt><code>value</code></dt>
+      <dt>value</dt>
      <dd>List of known loader paths. Currently this is only used
      to advertise known locations of OVMF binaries for qemu. Binaries
      will only be listed if they actually exist on disk.</dd>

-      <dt><code>type</code></dt>
+      <dt>type</dt>
      <dd>Whether loader is a typical BIOS (<code>rom</code>) or
      an UEFI binary (<code>pflash</code>). This refers to
      <code>type</code> attribute of the &lt;loader/&gt;
      element.</dd>

-      <dt><code>readonly</code></dt>
+      <dt>readonly</dt>
      <dd>Options for the <code>readonly</code> attribute of the
      &lt;loader/&gt; element.</dd>
    </dl>

-    <h3><a name="elementsCPU">CPU configuration</a></h3>
-
-    <p>
-      The <code>cpu</code> element exposes options usable for configuring
-      <a href="formatdomain.html#elementsCPU">guest CPUs</a>.
-    </p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;cpu&gt;
-    &lt;mode name='host-passthrough' supported='yes'/&gt;
-    &lt;mode name='host-model' supported='yes'&gt;
-      &lt;model fallback='allow'&gt;Broadwell&lt;/model&gt;
-      &lt;vendor&gt;Intel&lt;/vendor&gt;
-      &lt;feature policy='disable' name='aes'/&gt;
-      &lt;feature policy='require' name='vmx'/&gt;
-    &lt;/mode&gt;
-    &lt;mode name='custom' supported='yes'&gt;
-      &lt;model usable='no'&gt;Broadwell&lt;/model&gt;
-      &lt;model usable='yes'&gt;Broadwell-noTSX&lt;/model&gt;
-      &lt;model usable='no'&gt;Haswell&lt;/model&gt;
-      ...
-    &lt;/mode&gt;
-  &lt;/cpu&gt;
-  ...
-&lt;domainCapabilities&gt;
-</pre>
-
-    <p>
-      Each CPU mode understood by libvirt is described with a
-      <code>mode</code> element which tells whether the particular mode
-      is supported and provides (when applicable) more details about it:
-    </p>
-
-    <dl>
-      <dt><code>host-passthrough</code></dt>
-      <dd>No mode specific details are provided.</dd>
-
-      <dt><code>host-model</code></dt>
-      <dd>
-        If <code>host-model</code> is supported by the hypervisor, the
-        <code>mode</code> describes the guest CPU which will be used when
-        starting a domain with <code>host-model</code> CPU. The hypervisor
-        specifics (such as unsupported CPU models or features, machine type,
-        etc.) may be accounted for in this guest CPU specification and thus
-        the CPU can be different from the one shown in host capabilities XML.
-        This is indicated by the <code>fallback</code> attribute of the
-        <code>model</code> sub element: <code>allow</code> means not all
-        specifics were accounted for and thus the CPU a guest will see may
-        be different; <code>forbid</code> indicates that the CPU a guest will
-        see should match this CPU definition.
-      </dd>
-
-      <dt><code>custom</code></dt>
-      <dd>
-        The <code>mode</code> element contains a list of supported CPU
-        models, each described by a dedicated <code>model</code> element.
-        The <code>usable</code> attribute specifies whether the model can
-        be used on the host. A special value <code>unknown</code> indicates
-        libvirt does not have enough information to provide the usability
-        data.
-      </dd>
-    </dl>
-
    <h3><a name="elementsDevices">Devices</a></h3>

    <p>
-      Another set of XML elements describe the supported devices and their
+      The final set of XML elements describe the supported devices and their
      capabilities. All devices occur as children of the main
      <code>devices</code> element.
    </p>
@@ -241,7 +172,7 @@
    <code>floppy</code>, or <code>lun</code>.</p>

    <h4><a name="elementsDisks">Hard drives, floppy disks, CDROMs</a></h4>
-    <p>Disk capabilities are exposed under the <code>disk</code> element. For
+    <p>Disk capabilities are exposed under <code>disk</code> element. For
    instance:</p>

 <pre>
@@ -273,72 +204,15 @@
 </pre>

    <dl>
-      <dt><code>diskDevice</code></dt>
+      <dt>diskDevice</dt>
      <dd>Options for the <code>device</code> attribute of the &lt;disk/&gt;
      element.</dd>

-      <dt><code>bus</code></dt>
+      <dt>bus</dt>
      <dd>Options for the <code>bus</code> attribute of the &lt;target/&gt;
      element for a &lt;disk/&gt;.</dd>
    </dl>

-
-    <h4><a name="elementsGraphics">Graphical framebuffers</a></h4>
-    <p>Graphics device capabilities are exposed under the
-    <code>graphics</code> element. For instance:</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;devices&gt;
-    &lt;graphics supported='yes'&gt;
-      &lt;enum name='type'&gt;
-        &lt;value&gt;sdl&lt;/value&gt;
-        &lt;value&gt;vnc&lt;/value&gt;
-        &lt;value&gt;spice&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/graphics&gt;
-    ...
-  &lt;/devices&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <dl>
-      <dt><code>type</code></dt>
-      <dd>Options for the <code>type</code> attribute of the &lt;graphics/&gt;
-      element.</dd>
-    </dl>
-
-
-    <h4><a name="elementsVideo">Video device</a></h4>
-    <p>Video device capabilities are exposed under the
-    <code>video</code> element. For instance:</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;devices&gt;
-    &lt;video supported='yes'&gt;
-      &lt;enum name='modelType'&gt;
-        &lt;value&gt;vga&lt;/value&gt;
-        &lt;value&gt;cirrus&lt;/value&gt;
-        &lt;value&gt;vmvga&lt;/value&gt;
-        &lt;value&gt;qxl&lt;/value&gt;
-        &lt;value&gt;virtio&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/video&gt;
-    ...
-  &lt;/devices&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <dl>
-      <dt><code>modelType</code></dt>
-      <dd>Options for the <code>type</code> attribute of the
-      &lt;video&gt;&lt;model&gt; element.</dd>
-    </dl>
-
-
    <h4><a name="elementsHostDev">Host device assignment</a></h4>
    <p>Some host devices can be passed through to a guest (e.g. USB, PCI and
    SCSI). Well, only if the following is enabled:</p>
@@ -380,66 +254,25 @@
 </pre>

    <dl>
-      <dt><code>mode</code></dt>
+      <dt>mode</dt>
      <dd>Options for the <code>mode</code> attribute of the &lt;hostdev/&gt;
      element.</dd>

-      <dt><code>startupPolicy</code></dt>
+      <dt>startupPolicy</dt>
      <dd>Options for the <code>startupPolicy</code> attribute of the
      &lt;hostdev/&gt; element.</dd>

-      <dt><code>subsysType</code></dt>
+      <dt>subsysType</dt>
      <dd>Options for the <code>type</code> attribute of the &lt;hostdev/&gt;
      element in case of <code>mode="subsystem"</code>.</dd>

-      <dt><code>capsType</code></dt>
+      <dt>capsType</dt>
      <dd>Options for the <code>type</code> attribute of the &lt;hostdev/&gt;
      element in case of <code>mode="capabilities"</code>.</dd>

-      <dt><code>pciBackend</code></dt>
+      <dt>pciBackend</dt>
      <dd>Options for the <code>name</code> attribute of the &lt;driver/&gt;
      element.</dd>
    </dl>
-
-    <h3><a name="elementsFeatures">Features</a></h3>
-
-    <p>One more set of XML elements describe the supported features and
-    their capabilities. All features occur as children of the main
-    <code>features</code> element.</p>
-
-<pre>
-&lt;domainCapabilities&gt;
-  ...
-  &lt;features&gt;
-    &lt;gic supported='yes'&gt;
-      &lt;enum name='version'&gt;
-        &lt;value&gt;2&lt;/value&gt;
-        &lt;value&gt;3&lt;/value&gt;
-      &lt;/enum&gt;
-    &lt;/gic&gt;
-  &lt;/features&gt;
-&lt;/domainCapabilities&gt;
-</pre>
-
-    <p>Reported capabilities are expressed as an enumerated list of
-    possible values for each of the elements or attributes. For example, the
-    <code>gic</code> element has an attribute <code>version</code> which can
-    support the values <code>2</code> or <code>3</code>.</p>
-
-    <p>For information about the purpose of each feature, see the
-    <a href="formatdomain.html#elementsFeatures">relevant section</a> in
-    the domain XML documentation.
-    </p>
-
-    <h4><a name="elementsGIC">GIC capabilities</a></h4>
-
-    <p>GIC capabilities are exposed under the <code>gic</code> element.</p>
-
-    <dl>
-      <dt><code>version</code></dt>
-      <dd>Options for the <code>version</code> attribute of the
-      <code>gic</code> element.</dd>
-    </dl>
-
  </body>
 </html>
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -35,14 +35,10 @@
    </p>

    <pre>
-&lt;network ipv6='yes' trustGuestRxFilters='no'&gt;
-  &lt;name&gt;default&lt;/name&gt;
-  &lt;uuid&gt;3e3fce45-4f53-4fa7-bb32-11f34168b82b&lt;/uuid&gt;
-  &lt;metadata&gt;
-    &lt;app1:foo xmlns:app1="http://app1.org/app1/"&gt;..&lt;/app1:foo&gt;
-    &lt;app2:bar xmlns:app2="http://app1.org/app2/"&gt;..&lt;/app2:bar&gt;
-  &lt;/metadata&gt;
-  ...</pre>
+      &lt;network ipv6='yes'&gt;
+        &lt;name&gt;default&lt;/name&gt;
+        &lt;uuid&gt;3e3fce45-4f53-4fa7-bb32-11f34168b82b&lt;/uuid&gt;
+        ...</pre>

    <dl>
      <dt><code>name</code></dt>
@@ -58,29 +54,12 @@
        The format must be RFC 4122 compliant, eg <code>3e3fce45-4f53-4fa7-bb32-11f34168b82b</code>.
        If omitted when defining/creating a new network, a random
        UUID is generated. <span class="since">Since 0.3.0</span></dd>
-      <dd>The <code>metadata</code> node can be used by applications to
-        store custom metadata in the form of XML nodes/trees. Applications
-        must use custom namespaces on their XML nodes/trees, with only
-        one top-level element per namespace (if the application needs
-        structure, they should have sub-elements to their namespace
-        element). <span class="since">Since 2.1.0</span></dd>
-      <dt><code>ipv6</code></dt>
-      <dd>When set to <code>yes</code>, the optional parameter
-        <code>ipv6</code> enables
+      <dt><code>ipv6='yes'</code></dt>
+      <dd>The new, optional parameter <code>ipv6='yes'</code> enables
        a network definition with no IPv6 gateway addresses specified
        to have guest-to-guest communications.  For further information,
        see the example below for the example with no gateway addresses.
        <span class="since">Since 1.0.1</span></dd>
-      <dt><code>trustGuestRxFilters</code></dt>
-      <dd>The optional parameter <code>trustGuestRxFilters</code> can
-        be used to set that attribute of the same name for each domain
-        interface connected to this network (<span class="since">since
-        1.2.10</span>). See
-        the <a href="formatdomain.html#elementsNICS">Network
-        interfaces</a> section of the domain XML documentation for
-        more details. Note that an explicit setting of this attribute
-        in a portgroup or the individual domain interface will
-        override the setting in the network.</dd>
    </dl>

    <h3><a name="elementsConnect">Connectivity</a></h3>
@@ -91,12 +70,11 @@
    </p>

    <pre>
-...
-&lt;bridge name="virbr0" stp="on" delay="5" macTableManager="libvirt"/&gt;
-&lt;mtu size="9000"/&gt;
-&lt;domain name="example.com" localOnly="no"/&gt;
-&lt;forward mode="nat" dev="eth0"/&gt;
-...</pre>
+        ...
+        &lt;bridge name="virbr0" stp="on" delay="5"/&gt;
+        &lt;domain name="example.com"/&gt;
+        &lt;forward mode="nat" dev="eth0"/&gt;
+        ...</pre>

    <dl>
      <dt><code>bridge</code></dt>
@@ -104,73 +82,19 @@
        defines the name of a bridge device which will be used to construct
        the virtual network. The virtual machines will be connected to this
        bridge device allowing them to talk to each other. The bridge device
-        may also be connected to the LAN. When defining
+        may also be connected to the LAN. It is recommended that bridge
+        device names started with the prefix <code>vir</code>, but the name
+        <code>virbr0</code> is reserved for the "default" virtual
+        network.  This element should always be provided when defining
        a new network with a <code>&lt;forward&gt;</code> mode of
-
        "nat" or "route" (or an isolated network with
-        no <code>&lt;forward&gt;</code> element), libvirt will
-        automatically generate a unique name for the bridge device if
-        none is given, and this name will be permanently stored in the
-        network configuration so that that the same name will be used
-        every time the network is started. For these types of networks
-        (nat, routed, and isolated), a bridge name beginning with the
-        prefix "virbr" is recommended (and that is what is
-        auto-generated), but not enforced.
+        no <code>&lt;forward&gt;</code> element).
        Attribute <code>stp</code> specifies if Spanning Tree Protocol
        is 'on' or 'off' (default is
        'on'). Attribute <code>delay</code> sets the bridge's forward
        delay value in seconds (default is 0).
        <span class="since">Since 0.3.0</span>
-
-        <p>
-          The <code>macTableManager</code> attribute of the bridge
-          element is used to tell libvirt how the bridge's MAC address
-          table (used to determine the correct egress port for packets
-          based on destination MAC address) will be managed. In the
-          default <code>kernel</code> setting, the kernel
-          automatically adds and removes entries, typically using
-          learning, flooding, and promiscuous mode on the bridge's
-          ports in order to determine the proper egress port for
-          packets.  When <code>macTableManager</code> is set
-          to <code>libvirt</code>, libvirt disables kernel management
-          of the MAC table (in the case of the Linux host bridge, this
-          means enabling vlan_filtering on the bridge, and disabling
-          learning and unicast_filter for all bridge ports), and
-          explicitly adds/removes entries to the table according to
-          the MAC addresses in the domain interface configurations.
-          Allowing libvirt to manage the MAC table can improve
-          performance - with a Linux host bridge, for example, turning
-          off learning and unicast_flood on ports has its own
-          performance advantage, and can also lead to an additional
-          boost by permitting the kernel to automatically turn off
-          promiscuous mode on some ports of the bridge (in particular,
-          the port attaching the bridge to the physical
-          network). However, it can also cause some networking setups
-          to stop working (e.g. vlan tagging, multicast,
-          guest-initiated changes to MAC address) and is not supported
-          by older kernels.
-          <span class="since">Since 1.2.11, requires kernel 3.17 or
-          newer</span>
-        </p>
      </dd>
-
-      <dt><code>mtu</code></dt>
-      <dd>
-        The <code>size</code> attribute of the <code>mtu></code>
-        element specifies the Maximum Transmission Unit (MTU) for the
-        network. <span class="since">Since 3.1.0</span>. In the case
-        of a libvirt-managed network (one with forward mode
-        of <code>nat</code>, <code>route</code>, <code>open</code>, or
-        no <code>forward</code> element (i.e. an isolated network),
-        this will be the MTU assigned to the bridge device when
-        libvirt creates it, and thereafter also assigned to all tap
-        devices created to connect guest interfaces. Network types not
-        specifically mentioned here don't support having an MTU set in
-        the libvirt network config. If mtu size is unspecified, the
-        default setting for the type of device being used is assumed
-        (usually 1500).
-      </dd>
-
      <dt><code>domain</code></dt>
      <dd>
        The <code>name</code> attribute on the <code>domain</code>
@@ -179,16 +103,6 @@
        a <code>&lt;forward&gt;</code> mode of "nat" or "route" (or an
        isolated network with no <code>&lt;forward&gt;</code>
        element). <span class="since">Since 0.4.5</span>
-
-        <p>
-          If the optional <code>localOnly</code> attribute on the
-          <code>domain</code> element is "yes", then DNS requests under
-          this domain will only be resolved by the virtual network's own
-          DNS server - they will not be forwarded to the host's upstream
-          DNS server.  If <code>localOnly</code> is "no", and by
-          default, unresolved requests <b>will</b> be forwarded.
-          <span class="since">Since 1.2.12</span>
-        </p>
      </dd>
      <dt><code>forward</code></dt>
      <dd>Inclusion of the <code>forward</code> element indicates that
@@ -228,8 +142,6 @@
            <p><span class="since">Since 1.0.3</span> it is possible to
            specify a public IPv4 address and port range to be used for
            the NAT by using the <code>&lt;nat&gt;</code> subelement.
-            Note that all addresses from the range are used, not just those
-            that are in use on the host.
            The address range is set with the <code>&lt;address&gt;</code>
            subelements and <code>start</code> and <code>stop</code>
            attributes:
@@ -277,28 +189,6 @@
            <span class="since">Since 0.4.2</span>
          </dd>

-          <dt><code>open</code></dt>
-          <dd>
-            As with mode='route', guest network traffic will be
-            forwarded to the physical network via the host's IP
-            routing stack, but there will be no firewall rules added
-            to either enable or prevent any of this traffic. When
-            forward='open' is set, the <code>dev</code> attribute
-            cannot be set (because the forward dev is enforced with
-            firewall rules, and the purpose of forward='open' is to
-            have a forwarding mode where libvirt doesn't add any
-            firewall rules).  This mode presumes that the local LAN
-            router has suitable routing table entries to return
-            traffic to this host, and that some other management
-            system has been used to put in place any necessary
-            firewall rules. Although no firewall rules will be added
-            for the network, it is of course still possible to add
-            restrictions for specific guests using
-            <a href="formatnwfilter.html">nwfilter rules</a> on the
-            guests' interfaces.)
-            <span class="since">Since 2.2.0</span>
-          </dd>
-
          <dt><code>bridge</code></dt>
          <dd>
            This network describes either 1) an existing host bridge
@@ -388,7 +278,7 @@
            (Single Root I/O Virtualization) virtual function (VF)
            devices can be assigned in this manner; to assign a
            standard single-port PCI or PCIe ethernet card to a guest,
-            use the traditional <code>&lt;hostdev&gt;</code> device
+            use the traditional <code>&lt; hostdev&gt;</code> device
            definition. <span class="since"> Since 0.10.0</span>

            <p>
@@ -412,9 +302,9 @@

            <p>Note that this "intelligent passthrough" of network
            devices is very similar to the functionality of a
-            standard <code>&lt;hostdev&gt;</code> device, the
+            standard <code>&lt; hostdev&gt;</code> device, the
            difference being that this method allows specifying a MAC
-            address, vlan tag, and <code>&lt;virtualport&gt;</code>
+            address, vlan tag, and <code>&lt;virtualport &gt;</code>
            for the passed-through device. If these capabilities are
            not required, if you have a standard single-port PCI,
            PCIe, or USB network card that doesn't support SR-IOV (and
@@ -483,9 +373,9 @@
          <span class="since">since 0.10.0</span> When using forward
          mode 'hostdev', the interface pool is specified with a list
          of <code>&lt;address&gt;</code> elements, each of which has
-          <code>&lt;type&gt;</code> (must always be <code>'pci'</code>),
+          <code>&lt; type&gt;</code> (must always be <code>'pci'</code>,
          <code>&lt;domain&gt;</code>, <code>&lt;bus&gt;</code>,
-          <code>&lt;slot&gt;</code>and <code>&lt;function&gt;</code>
+          <code>&lt;slot&gt;</code>, and <code>&lt;function&gt;</code>
          attributes.
        </p>
        <pre>
@@ -657,47 +547,31 @@
 </pre>

    <p>
-      If (and only if) the network connection used by the guest
-      supports VLAN tagging transparent to the guest, an
-      optional <code>&lt;vlan&gt;</code> element can specify one or
-      more VLAN tags to apply to the guest's network
-      traffic <span class="since">Since 0.10.0</span>. Network
-      connections that support guest-transparent VLAN tagging include
-      1) type='bridge' interfaces connected to an Open vSwitch bridge
-      <span class="since">Since 0.10.0</span>, 2) SRIOV Virtual
-      Functions (VF) used via type='hostdev' (direct device
-      assignment) <span class="since">Since 0.10.0</span>, and 3)
-      SRIOV VFs used via type='direct' with mode='passthrough'
-      (macvtap "passthru" mode) <span class="since">Since
-      1.3.5</span>. All other connection types, including standard
+      If (and only if) the network type supports vlan tagging
+      transparent to the guest, an optional <code>&lt;vlan&gt;</code>
+      element can specify one or more vlan tags to apply to the
+      traffic of all guests using this
+      network <span class="since">Since 0.10.0</span>. (openvswitch
+      and type='hostdev' SR-IOV networks do support transparent vlan
+      tagging of guest traffic; everything else, including standard
      linux bridges and libvirt's own virtual networks, <b>do not</b>
      support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) switches
      provide their own way (outside of libvirt) to tag guest traffic
-      onto a specific VLAN. Each tag is given in a
-      separate <code>&lt;tag&gt;</code> subelement
-      of <code>&lt;vlan&gt;</code> (for example: <code>&lt;tag
-      id='42'/&gt;</code>). For VLAN trunking of multiple tags (which
-      is supported only on Open vSwitch connections),
-      multiple <code>&lt;tag&gt;</code> subelements can be specified,
-      which implies that the user wants to do VLAN trunking on the
-      interface for all the specified tags. In the case that VLAN
-      trunking of a single tag is desired, the optional
-      attribute <code>trunk='yes'</code> can be added to the toplevel
-      <code>&lt;vlan&gt;</code> element to differentiate trunking of a
-      single tag from normal tagging.
+      onto specific vlans.) As expected, the <code>tag</code>
+      attribute specifies which vlan tag to use. If a network has more
+      than one <code>&lt;vlan&gt;</code> element defined, it is
+      assumed that the user wants to do VLAN trunking using all the
+      specified tags. In the case that vlan trunking with a single tag
+      is desired, the optional attribute <code>trunk='yes'</code> can
+      be added to the vlan element.
    </p>
    <p>
-      For network connections using Open vSwitch it is also possible
-      to configure 'native-tagged' and 'native-untagged' VLAN modes
-      <span class="since">Since 1.1.0.</span> This is done with the
-      optional <code>nativeMode</code> attribute on
-      the <code>&lt;tag&gt;</code> subelement: <code>nativeMode</code>
-      may be set to 'tagged' or 'untagged'. The <code>id</code>
-      attribute of the <code>&lt;tag&gt;</code> subelement
-      containing <code>nativeMode</code> sets which VLAN is considered
-      to be the "native" VLAN for this interface, and
-      the <code>nativeMode</code> attribute determines whether or not
-      traffic for that VLAN will be tagged.
+      For network connections using openvswitch it is possible to
+      configure the 'native-tagged' and 'native-untagged' vlan modes
+      <span class="since">Since 1.1.0</span>. This uses the optional
+      <code>nativeMode</code> attribute on the <code>&lt;tag&gt;</code>
+      element: <code>nativeMode</code> may be set to 'tagged' or
+      'untagged'. The id attribute of the element sets the native vlan.
    </p>
    <p>
      <code>&lt;vlan&gt;</code> elements can also be specified in
@@ -732,7 +606,7 @@
      &lt;outbound average='1000' peak='5000' burst='5120'/&gt;
    &lt;/bandwidth&gt;
  &lt;/portgroup&gt;</b>
-  <b>&lt;portgroup name='sales' trustGuestRxFilters='no'&gt;
+  <b>&lt;portgroup name='sales'&gt;
    &lt;virtualport type='802.1Qbh'&gt;
      &lt;parameters profileid='salestest'/&gt;
    &lt;/virtualport&gt;
@@ -752,7 +626,7 @@
      network can have multiple portgroup elements (and one of those
      can optionally be designated as the 'default' portgroup for the
      network), and each portgroup has a name, as well as various
-      attributes and subelements associated with it. The currently supported
+      subelements associated with it. The currently supported
      subelements are <code>&lt;bandwidth&gt;</code>
      (described <a href="formatnetwork.html#elementQoS">here</a>)
      and <code>&lt;virtualport&gt;</code>
@@ -776,19 +650,6 @@
      considered an error, and will prevent the interface from
      starting.
    </p>
-    <p>
-      portgroups also support the optional
-      parameter <code>trustGuestRxFilters</code> which can be used to
-      set that attribute of the same name for each domain interface
-      using this portgroup (<span class="since">since
-      1.2.10</span>). See
-      the <a href="formatdomain.html#elementsNICS">Network
-      interfaces</a> section of the domain XML documentation for more
-      details. Note that an explicit setting of this attribute in the
-      portgroup overrides the network-wide setting, and an explicit
-      setting in the individual domain interface will override the
-      setting in the portgroup.
-    </p>

    <h5><a name="elementsStaticroute">Static Routes</a></h5>
    <p>
@@ -832,17 +693,18 @@
    </p>

    <pre>
-...
-  &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.122.128" end="192.168.122.254"/&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;route address="192.168.222.0" prefix="24" gateway="192.168.122.2"/&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64"/&gt;
-  &lt;route family="ipv6" address="2001:db8:ca2:3::" prefix="64" gateway="2001:db8:ca2:2::2"/&gt;
-  &lt;route family="ipv6" address="2001:db9:4:1::" prefix="64" gateway="2001:db8:ca2:2::3" metric='2'/&gt;
-...
+      ...
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.128" end="192.168.122.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;route address="192.168.222.0" prefix="24" gateway="192.168.122.2" /&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
+        &lt;route family="ipv6" address="2001:db8:ca2:3::" prefix="64" gateway="2001:db8:ca2:2::2"/&gt;
+        &lt;route family="ipv6" address="2001:db9:4:1::" prefix="64" gateway="2001:db8:ca2:2::3" metric='2'&gt;
+        &lt;/route&gt;
+      ...
    </pre>

    <h3><a name="elementsAddress">Addressing</a></h3>
@@ -857,31 +719,29 @@
    </p>

    <pre>
-...
-&lt;mac address='00:16:3E:5D:C7:9E'/&gt;
-&lt;domain name="example.com"/&gt;
-&lt;dns&gt;
-  &lt;txt name="example" value="example value"/&gt;
-  &lt;forwarder addr="8.8.8.8"/&gt;
-  &lt;forwarder domain='example.com' addr="8.8.4.4"/&gt;
-  &lt;forwarder domain='www.example.com'/&gt;
-  &lt;srv service='name' protocol='tcp' domain='test-domain-name' target='.'
-    port='1024' priority='10' weight='10'/&gt;
-  &lt;host ip='192.168.122.2'&gt;
-    &lt;hostname&gt;myhost&lt;/hostname&gt;
-    &lt;hostname&gt;myhostalias&lt;/hostname&gt;
-  &lt;/host&gt;
-&lt;/dns&gt;
-&lt;ip address="192.168.122.1" netmask="255.255.255.0" localPtr="yes"&gt;
-  &lt;dhcp&gt;
-    &lt;range start="192.168.122.100" end="192.168.122.254"/&gt;
-    &lt;host mac="00:16:3e:77:e2:ed" name="foo.example.com" ip="192.168.122.10"/&gt;
-    &lt;host mac="00:16:3e:3e:a9:1a" name="bar.example.com" ip="192.168.122.11"/&gt;
-  &lt;/dhcp&gt;
-&lt;/ip&gt;
-&lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" localPtr="yes"/&gt;
-&lt;route family="ipv6" address="2001:db9:ca1:1::" prefix="64" gateway="2001:db8:ca2:2::2"/&gt;
-</pre>
+        ...
+        &lt;mac address='00:16:3E:5D:C7:9E'/&gt;
+        &lt;domain name="example.com"/&gt;
+        &lt;dns&gt;
+          &lt;txt name="example" value="example value" /&gt;
+          &lt;forwarder addr="8.8.8.8"/&gt;
+          &lt;forwarder addr="8.8.4.4"/&gt;
+          &lt;srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1024' priority='10' weight='10'/&gt;
+          &lt;host ip='192.168.122.2'&gt;
+            &lt;hostname&gt;myhost&lt;/hostname&gt;
+            &lt;hostname&gt;myhostalias&lt;/hostname&gt;
+          &lt;/host&gt;
+        &lt;/dns&gt;
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.100" end="192.168.122.254" /&gt;
+            &lt;host mac="00:16:3e:77:e2:ed" name="foo.example.com" ip="192.168.122.10" /&gt;
+            &lt;host mac="00:16:3e:3e:a9:1a" name="bar.example.com" ip="192.168.122.11" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
+        &lt;route family="ipv6" address="2001:db9:ca1:1::" prefix="64" gateway="2001:db8:ca2:2::2" /&gt;
+      &lt;/network&gt;</pre>

    <dl>
      <dt><code>mac</code></dt>
@@ -903,18 +763,6 @@
        information for the virtual network's DNS
        server <span class="since">Since 0.9.3</span>.

-        <p>
-          The dns element can have an optional <code>enable</code>
-          attribute <span class="since">Since 2.2.0</span>.
-          If <code>enable</code> is "no", then no DNS server will be
-          setup by libvirt for this network (and any other
-          configuration in <code>&lt;dns&gt;</code> will be ignored).
-          If <code>enable</code> is "yes" or unspecified (including
-          the complete absence of any <code>&lt;dns&gt;</code>
-          element) then a DNS server will be setup by libvirt to
-          listen on all IP addresses specified in the network's
-          configuration.
-        </p>
        <p>
          The dns element
          can have an optional <code>forwardPlainNames</code>
@@ -933,25 +781,12 @@
        Currently supported sub-elements of <code>&lt;dns&gt;</code> are:
        <dl>
          <dt><code>forwarder</code></dt>
-          <dd>The dns element can have 0 or
-            more <code>&lt;forwarder&gt;</code> elements.  Each
-            forwarder element defines an alternate DNS server to use
-            for some, or all, DNS requests sent to this network's DNS
-            server. There are two attributes - <code>domain</code>,
-            and <code>addr</code>; at least one of these must be
-            specified in any <code>&lt;forwarder&gt;</code>
-            element. If both <code>domain</code> and <code>addr</code>
-            are specified, then all requests that match the given
-            domain will be forwarded to the DNS server at addr. If
-            only <code>domain</code> is specified, then all matching
-            domains will be resolved locally (or via the host's
-            standard DNS forwarding if they can't be resolved
-            locally). If an <code>addr</code> is specified by itself,
-            then all DNS requests to the network's DNS server will be
-            forwarded to the DNS server at that address with no
-            exceptions. <code>addr</code> <span class="since">Since
-            1.1.3</span>, <code>domain</code> <span class="since">Since
-            2.2.0</span>.
+          <dd>A <code>dns</code> element can have 0 or
+            more <code>forwarder</code> elements.  Each forwarder
+            element defines an IP address to be used as forwarder in
+            DNS server configuration. The addr attribute is required
+            and defines the IP address of every
+            forwarder. <span class="since">Since 1.1.3</span>
          </dd>
          <dt><code>txt</code></dt>
          <dd>A <code>dns</code> element can have 0 or more <code>txt</code> elements.
@@ -975,61 +810,58 @@
          <dd>The <code>dns</code> element can have also 0 or more <code>srv</code>
            record elements. Each <code>srv</code> record element defines a DNS SRV record
            and has 2 mandatory and 5 optional attributes. The mandatory attributes
-            are service <code>name</code> and <code>protocol</code> (tcp, udp)
-            and the optional attributes are <code>target</code>,
-            <code>port</code>, <code>priority</code>, <code>weight</code> and
-            <code>domain</code> as defined in DNS server SRV RFC (RFC 2782).
+            are service name and protocol (tcp, udp) and the optional attributes are
+            target, port, priority, weight and domain as defined in DNS server SRV
+            RFC (RFC 2782).
            <span class="since">Since 0.9.9</span>
          </dd>
        </dl>
      </dd>
      <dt><code>ip</code></dt>
      <dd>The <code>address</code> attribute defines an IPv4 address in
-        dotted-decimal format, or an IPv6 address in standard colon-separated
-        hexadecimal format, that will be configured on the bridge device
-        associated with the virtual network. To the guests this IPv4 address
-        will be their IPv4 default route. For IPv6, the default route is
-        established via Router Advertisement. For IPv4 addresses, the
-        <code>netmask</code> attribute defines the significant bits of the
-        network address, again specified in dotted-decimal format. For IPv6
-        addresses, and as an alternate method for IPv4 addresses, the
-        significant bits of the network address can be specified with the
-        <code>prefix</code> attribute, which is an integer (for example,
-        <code>netmask='255.255.255.0'</code> could also be given as
-        <code>prefix='24'</code>). The <code>family</code> attribute is used
-        to specify the type of address &mdash; <code>ipv4</code> or
-        <code>ipv6</code>; if no <code>family</code> is given,
-        <code>ipv4</code> is assumed. More than one address of each family can
-        be defined for a network. The optional <code>localPtr</code> attribute
-        (<span class="since">since 3.0.0</span>) configures the DNS server to
-        not forward any reverse DNS requests for IP addresses from the network
-        configured by the <code>address</code> and
-        <code>netmask</code>/<code>prefix</code> attributes. For some unusual
-        network prefixes (not divisible by 8 for IPv4 or not divisible by 4 for
-        IPv6) libvirt may be unable to compute the PTR domain automatically.
-        The <code>ip</code> element is supported <span class="since">since
-        0.3.0</span>. IPv6, multiple addresses on a single network,
-        <code>family</code>, and <code>prefix</code> are supported
-        <span class="since">since 0.8.7</span>. The <code>ip</code> element may
-        contain the following elements:
+        dotted-decimal format, or an IPv6 address in standard
+        colon-separated hexadecimal format, that will be configured on
+        the bridge
+        device associated with the virtual network. To the guests this IPv4
+        address will be their IPv4 default route.  For IPv6, the default route is
+        established via Router Advertisement.
+        For IPv4 addresses, the <code>netmask</code>
+        attribute defines the significant bits of the network address,
+        again specified in dotted-decimal format.  For IPv6 addresses,
+        and as an alternate method for IPv4 addresses, you can specify
+        the significant bits of the network address with the <code>prefix</code>
+        attribute, which is an integer (for example, <code>netmask='255.255.255.0'</code>
+        could also be given as <code>prefix='24'</code>. The <code>family</code>
+        attribute is used to specify the type of address - 'ipv4' or 'ipv6'; if no
+        <code>family</code> is given, 'ipv4' is assumed. A network can have more than
+        one of each family of address defined, but only a single IPv4 address can have a
+        <code>dhcp</code> or <code>tftp</code> element. <span class="since">Since 0.3.0 </span>
+        IPv6, multiple addresses on a single network, <code>family</code>, and
+        <code>prefix</code> are support <span class="since">Since 0.8.7</span>.
+        Similar to IPv4, one IPv6 address per network can also have
+        a <code>dhcp</code> definition.  <span class="since">Since 1.0.1</span>

        <dl>
          <dt><code>tftp</code></dt>
-          <dd>The optional <code>tftp</code> element and its mandatory
-            <code>root</code> attribute enable TFTP services. The attribute
-            specifies the path to the root directory served via TFTP. The
-            <code>tftp</code> element is not supported for IPv6 addresses,
-            and can only be specified on a single IPv4 address per network.
+          <dd>Immediately within
+            the <code>ip</code> element there is an optional <code>tftp</code>
+            element. The presence of this element and of its attribute
+            <code>root</code> enables TFTP services.  The attribute specifies
+            the path to the root directory served via TFTP. <code>tftp</code> is not
+            supported for IPv6 addresses, and can only be specified on a single IPv4 address
+            per network.
            <span class="since">Since 0.7.1</span>
          </dd>

          <dt><code>dhcp</code></dt>
-          <dd>The presence of this element enables DHCP services on the
-            virtual network. The <code>dhcp</code> element is supported for
-            both IPv4 (<span class="since">since 0.3.0</span>) and IPv6
-            (<span class="since">since 1.0.1</span>), but only for one IP
-            address of each type per network. The following sub-elements are
-            supported:
+          <dd>Also within the <code>ip</code> element there is an
+            optional <code>dhcp</code> element. The presence of this element
+            enables DHCP services on the virtual network. It will further
+            contain one or more <code>range</code> elements. The
+            <code>dhcp</code> element supported for both
+            IPv4 <span class="since">Since 0.3.0</span>
+            and IPv6 <span class="since">Since 1.0.1</span>, but
+            only for one IP address of each type per network.
            <dl>
              <dt><code>range</code></dt>
              <dd>The <code>start</code> and <code>end</code> attributes on the
@@ -1039,39 +871,39 @@
                <code>ip</code> element.  There may be zero or more
                <code>range</code> elements specified.
                <span class="since">Since 0.3.0</span>
+                <code>range</code> can be specified for one IPv4 address,
+                one IPv6 address, or both. <span class="since">Since 1.0.1</span>
              </dd>
              <dt><code>host</code></dt>
-              <dd>Within the <code>dhcp</code> element there may be zero or
-                more <code>host</code> elements. These specify hosts which will
-                be given names and predefined IP addresses by the built-in DHCP
-                server. Any IPv4 <code>host</code> element must specify the MAC
-                address of the host to be assigned a given name (via the
-                <code>mac</code> attribute), the IP to be assigned to that host
-                (via the <code>ip</code> attribute), and the name itself (the
-                <code>name</code> attribute). The IPv6 <code>host</code>
-                element differs slightly from that for IPv4: there is no
-                <code>mac</code> attribute since a MAC address has no defined
-                meaning in IPv6. Instead, the <code>name</code> attribute is
-                used to identify the host to be assigned the IPv6 address. For
-                DHCPv6, the name is the plain name of the client host sent by the
-                client to the server. Note that this method of assigning a
-                specific IP address can also be used for IPv4 instead of the
-                <code>mac</code> attribute.
-                <span class="since">Since 0.4.5</span>
+              <dd>Within the <code>dhcp</code> element there may be zero or more
+                <code>host</code> elements.  These specify hosts which will be given
+                names and predefined IP addresses by the built-in DHCP server. Any
+                IPv4 <code>host</code> element must specify the MAC address of the host to be assigned
+                a given name (via the <code>mac</code> attribute), the IP to be
+                assigned to that host (via the <code>ip</code> attribute), and the
+                name to be given that host by the DHCP server (via the
+                <code>name</code> attribute).  <span class="since">Since 0.4.5</span>
+                An IPv6 <code>host</code> element differs slightly from that for IPv4:
+                there is no <code>mac</code> attribute since a MAC address has no
+                defined meaning in IPv6.  Instead, the <code>name</code> attribute is
+                used to identify the host to be assigned the IPv6 address.  For DHCPv6,
+                the name is the plain name of the client host sent by the
+                client to the server.  Note that this method of assigning a
+                specific IP address can also be used instead of the <code>mac</code>
+                attribute for IPv4.  <span class="since">Since 1.0.1</span>
              </dd>
              <dt><code>bootp</code></dt>
-              <dd>The optional <code>bootp</code> element specifies BOOTP
-                options to be provided by the DHCP server for IPv4 only. Two
-                attributes are supported: <code>file</code> is mandatory and
-                gives the file to be used for the boot image;
-                <code>server</code> is optional and gives the address of the
-                TFTP server from which the boot image will be fetched.
-                <code>server</code> defaults to the same host that runs the
-                DHCP server, as is the case when the <code>tftp</code> element
-                is used. The BOOTP options currently have to be the same for
-                all address ranges and statically assigned addresses. <span
-                class="since">Since 0.7.1</span> (<code>server</code>
-                <span class="since">since 0.7.3</span>)
+              <dd>The optional <code>bootp</code>
+                element specifies BOOTP options to be provided by the DHCP
+                server for IPv4 only.
+                Two attributes are supported: <code>file</code> is mandatory and
+                gives the file to be used for the boot image; <code>server</code> is
+                optional and gives the address of the TFTP server from which the boot
+                image will be fetched.  <code>server</code> defaults to the same host
+                that runs the DHCP server, as is the case when the <code>tftp</code>
+                element is used.  The BOOTP options currently have to be the same
+                for all address ranges and statically assigned addresses.<span
+                class="since">Since 0.7.1 (<code>server</code> since 0.7.3).</span>
              </dd>
            </dl>
          </dd>
@@ -1094,17 +926,17 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;default&lt;/name&gt;
-  &lt;bridge name="virbr0"/&gt;
-  &lt;forward mode="nat"/&gt;
-  &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.122.2" end="192.168.122.254"/&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64"/&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;default&lt;/name&gt;
+        &lt;bridge name="virbr0" /&gt;
+        &lt;forward mode="nat"/&gt;
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
+      &lt;/network&gt;</pre>


    <p>
@@ -1113,21 +945,21 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;default6&lt;/name&gt;
-  &lt;bridge name="virbr0"/&gt;
-  &lt;forward mode="nat"/&gt;
-  &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.122.2" end="192.168.122.254"/&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="2001:db8:ca2:2:1::10" end="2001:db8:ca2:2:1::ff"/&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;default6&lt;/name&gt;
+        &lt;bridge name="virbr0" /&gt;
+        &lt;forward mode="nat"/&gt;
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" &gt;
+          &lt;dhcp&gt;
+            &lt;range start="2001:db8:ca2:2:1::10" end="2001:db8:ca2:2:1::ff" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesRoute">Routed network config</a></h3>

@@ -1141,17 +973,17 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;local&lt;/name&gt;
-  &lt;bridge name="virbr1"/&gt;
-  &lt;forward mode="route" dev="eth1"/&gt;
-  &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.122.2" end="192.168.122.254"/&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64"/&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;local&lt;/name&gt;
+        &lt;bridge name="virbr1" /&gt;
+        &lt;forward mode="route" dev="eth1"/&gt;
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" /&gt;
+      &lt;/network&gt;</pre>

    <p>
      Below is another IPv6 variation.  Instead of a dhcp range being
@@ -1164,25 +996,24 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;local6&lt;/name&gt;
-  &lt;bridge name="virbr1"/&gt;
-  &lt;forward mode="route" dev="eth1"/&gt;
-  &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.122.2" end="192.168.122.254"/&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64"&gt;
-    &lt;dhcp&gt;
-      &lt;host name="paul" ip="2001:db8:ca2:2:3::1"/&gt;
-      &lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66" ip="2001:db8:ca2:2:3::2"/&gt;
-      &lt;host id="0:3:0:1:0:16:3e:11:22:33" name="ralph" ip="2001:db8:ca2:2:3::3"/&gt;
-      &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63"
-        name="badbob" ip="2001:db8:ca2:2:3::4"/&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;local6&lt;/name&gt;
+        &lt;bridge name="virbr1" /&gt;
+        &lt;forward mode="route" dev="eth1"/&gt;
+        &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.122.2" end="192.168.122.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" &gt;
+          &lt;dhcp&gt;
+            &lt;host name="paul"   ip="2001:db8:ca2:2:3::1" /&gt;
+            &lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66"    ip="2001:db8:ca2:2:3::2" /&gt;
+            &lt;host id="0:3:0:1:0:16:3e:11:22:33" name="ralph"  ip="2001:db8:ca2:2:3::3" /&gt;
+            &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="badbob" ip="2001:db8:ca2:2:3::4" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+      &lt;/network&gt;</pre>

    <p>
      Below is yet another IPv6 variation.  This variation has only
@@ -1197,19 +1028,19 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;net7&lt;/name&gt;
-  &lt;bridge name="virbr7"/&gt;
-  &lt;forward mode="route"/&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:7::1" prefix="64"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="2001:db8:ca2:7::100" end="2001:db8:ca2::1ff"/&gt;
-      &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63"
-        name="lucas" ip="2001:db8:ca2:2:3::4"/&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;route family="ipv6" address="2001:db8:ca2:8::" prefix="64" gateway="2001:db8:ca2:7::4"/&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;net7&lt;/name&gt;
+        &lt;bridge name="virbr7" /&gt;
+        &lt;forward mode="route"/&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:7::1" prefix="64" &gt;
+          &lt;dhcp&gt;
+            &lt;range start="2001:db8:ca2:7::100" end="2001:db8:ca2::1ff" /&gt;
+            &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="lucas" ip="2001:db8:ca2:2:3::4" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;route family="ipv6" address="2001:db8:ca2:8::" prefix="64" gateway="2001:db8:ca2:7::4" &gt;
+        &lt;/route&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesPrivate">Isolated network config</a></h3>

@@ -1222,16 +1053,16 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;private&lt;/name&gt;
-  &lt;bridge name="virbr2"/&gt;
-  &lt;ip address="192.168.152.1" netmask="255.255.255.0"&gt;
-    &lt;dhcp&gt;
-      &lt;range start="192.168.152.2" end="192.168.152.254"/&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:3::1" prefix="64"/&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;private&lt;/name&gt;
+        &lt;bridge name="virbr2" /&gt;
+        &lt;ip address="192.168.152.1" netmask="255.255.255.0"&gt;
+          &lt;dhcp&gt;
+            &lt;range start="192.168.152.2" end="192.168.152.254" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:3::1" prefix="64" /&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesPrivate6">Isolated IPv6 network config</a></h3>

@@ -1245,19 +1076,18 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;sixnet&lt;/name&gt;
-  &lt;bridge name="virbr6"/&gt;
-  &lt;ip family="ipv6" address="2001:db8:ca2:6::1" prefix="64"&gt;
-    &lt;dhcp&gt;
-      &lt;host name="peter" ip="2001:db8:ca2:6:6::1"/&gt;
-      &lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66" ip="2001:db8:ca2:6:6::2"/&gt;
-      &lt;host id="0:3:0:1:0:16:3e:11:22:33" name="dariusz" ip="2001:db8:ca2:6:6::3"/&gt;
-      &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63"
-        name="anita" ip="2001:db8:ca2:6:6::4"/&gt;
-    &lt;/dhcp&gt;
-  &lt;/ip&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;sixnet&lt;/name&gt;
+        &lt;bridge name="virbr6" /&gt;
+        &lt;ip family="ipv6" address="2001:db8:ca2:6::1" prefix="64" &gt;
+          &lt;dhcp&gt;
+            &lt;host name="peter"   ip="2001:db8:ca2:6:6::1" /&gt;
+            &lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66" ip="2001:db8:ca2:6:6::2" /&gt;
+            &lt;host id="0:3:0:1:0:16:3e:11:22:33" name="dariusz" ip="2001:db8:ca2:6:6::3" /&gt;
+            &lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="anita" ip="2001:db8:ca2:6:6::4" /&gt;
+          &lt;/dhcp&gt;
+        &lt;/ip&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesBridge">Using an existing host bridge</a></h3>

@@ -1271,11 +1101,11 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;host-bridge&lt;/name&gt;
-  &lt;forward mode="bridge"/&gt;
-  &lt;bridge name="br0"/&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;host-bridge&lt;/name&gt;
+        &lt;forward mode="bridge"/&gt;
+        &lt;bridge name="br0"/&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesDirect">Using a macvtap "direct" connection</a></h3>

@@ -1301,16 +1131,16 @@
    </p>

    <pre>
-&lt;network&gt;
-  &lt;name&gt;direct-macvtap&lt;/name&gt;
-  &lt;forward mode="bridge"&gt;
-    &lt;interface dev="eth20"/&gt;
-    &lt;interface dev="eth21"/&gt;
-    &lt;interface dev="eth22"/&gt;
-    &lt;interface dev="eth23"/&gt;
-    &lt;interface dev="eth24"/&gt;
-  &lt;/forward&gt;
-&lt;/network&gt;</pre>
+      &lt;network&gt;
+        &lt;name&gt;direct-macvtap&lt;/name&gt;
+        &lt;forward mode="bridge"&gt;
+          &lt;interface dev="eth20"/&gt;
+          &lt;interface dev="eth21"/&gt;
+          &lt;interface dev="eth22"/&gt;
+          &lt;interface dev="eth23"/&gt;
+          &lt;interface dev="eth24"/&gt;
+        &lt;/forward&gt;
+      &lt;/network&gt;</pre>

    <h3><a name="examplesNoGateway">Network config with no gateway addresses</a></h3>

@@ -1325,12 +1155,12 @@
    </p>

    <pre>
-&lt;network ipv6='yes'&gt;
-  &lt;name&gt;nogw&lt;/name&gt;
-  &lt;uuid&gt;7a3b7497-1ec7-8aef-6d5c-38dff9109e93&lt;/uuid&gt;
-  &lt;bridge name="virbr2" stp="on" delay="0"/&gt;
-  &lt;mac address='00:16:3E:5D:C7:9E'/&gt;
-&lt;/network&gt;</pre>
+      &lt;network ipv6='yes'&gt;
+        &lt;name&gt;nogw&lt;/name&gt;
+        &lt;uuid&gt;7a3b7497-1ec7-8aef-6d5c-38dff9109e93&lt;/uuid&gt;
+        &lt;bridge name="virbr2" stp="on" delay="0" /&gt;
+        &lt;mac address='00:16:3E:5D:C7:9E'/&gt;
+      &lt;/network&gt;</pre>

  </body>
 </html>
--- a/docs/formatnode.html.in
+++ b/docs/formatnode.html.in
@@ -37,12 +37,6 @@
      <dd>If this element is present, it names the parent device (that
        is, a controller to which this node belongs).
      </dd>
-      <dt><code>devnode</code></dt>
-      <dd>This node appears for each associated <code>/dev</code>
-      special file. A mandatory attribute <code>type</code> specify
-      the kind of file path, which may be either <code>dev</code> for
-      the main name, or <code>link</code> for additional symlinks.
-      </dd>
      <dt><code>capability</code></dt>
      <dd>This node appears for each capability that libvirt
        associates with a node.  A mandatory
@@ -103,38 +97,18 @@
              <dd>
                This optional element can occur multiple times. If it
                exists, it has a mandatory <code>type</code> attribute
-                which will be set to:
-                <dl>
-                  <dt><code>physical_function</code></dt>
-                  <dd>
-                    That means there will be a single <code>address</code>
-                    subelement which contains the PCI address of the SRIOV
-                    Physical Function (PF) that is the parent of this device
-                    (and this device is, by implication, an SRIOV Virtual
-                    Function (VF)).
-                  </dd>
-                  <dt><code>virtual_function</code></dt>
-                  <dd>
-                    In this case this device is an SRIOV PF, and the capability
-                    element will have a list of <code>address</code>
-                    subelements, one for each VF on this PF. If the host system
-                    supports reporting it (via the "sriov_maxvfs" file in the
-                    device's sysfs directory) the capability element will also
-                    have an attribute named <code>maxCount</code> which is the
-                    maximum number of SRIOV VFs supported by this device, which
-                    could be higher than the number of VFs that are curently
-                    active <span class="since">since 1.3.0</span>; in this case,
-                    even if there are currently no active VFs the
-                    virtual_functions capabililty will still be shown.
-                  </dd>
-                  <dt><code>pci-bridge</code> or <code>cardbus-bridge</code></dt>
-                  <dd>
-                    This shows merely that the lower 7 bits of PCI header type
-                    have either value of 1 or 2 respectively.  Usually this
-                    means such device cannot be used for PCI passthrough.
-                    <span class="since">Since 1.3.3</span>
-                  </dd>
-                </dl>
+                which will be set to
+                either <code>physical_function</code>
+                or <code>virtual_functions</code>. If the type
+                is <code>physical_function</code>, there will be a
+                single <code>address</code> subelement which contains
+                the PCI address of the SRIOV Physical Function (PF)
+                that is the parent of this device (and this device is,
+                by implication, an SRIOV Virtual Function (VF)). If
+                the type is <code>virtual_functions</code>, then this
+                device is an SRIOV PF, and the capability element will
+                have a list of <code>address</code> subelements, one
+                for each VF on this PF.
              </dd>
              <dt><code>numa</code></dt>
              <dd>
@@ -148,7 +122,7 @@
              This optional element contains information on PCI Express part of
              the device. For example, it can contain a child element
              <code>link</code> which addresses the PCI Express device's link.
-              While a device has its own capabilities
+              While a device has it's own capabilities
              (<code>validity='cap'</code>), the actual run time capabilities
              are negotiated on the device initialization
              (<code>validity='sta'</code>). The <code>link</code> element then
@@ -209,26 +183,6 @@
                link. So far, the whole element is just for output,
                not setting.
              </dd>
-              <dt><code>feature</code></dt>
-              <dd>If present, the hw offloads supported by this network
-                interface. Possible features are:
-                <dl>
-                    <dt><code>rx</code></dt><dd>rx-checksumming</dd>
-                    <dt><code>tx</code></dt><dd>tx-checksumming</dd>
-                    <dt><code>sg</code></dt><dd>scatter-gather</dd>
-                    <dt><code>tso</code></dt><dd>tcp-segmentation-offload</dd>
-                    <dt><code>ufo</code></dt><dd>udp-fragmentation-offload</dd>
-                    <dt><code>gso</code></dt><dd>generic-segmentation-offload</dd>
-                    <dt><code>gro</code></dt><dd>generic-receive-offload</dd>
-                    <dt><code>lro</code></dt><dd>large-receive-offload</dd>
-                    <dt><code>rxvlan</code></dt><dd>rx-vlan-offload</dd>
-                    <dt><code>txvlan</code></dt><dd>tx-vlan-offload</dd>
-                    <dt><code>ntuple</code></dt><dd>ntuple-filters</dd>
-                    <dt><code>rxhash</code></dt><dd>receive-hashing</dd>
-                    <dt><code>rdma</code></dt><dd>remote-direct-memory-access</dd>
-                    <dt><code>txudptnl</code></dt><dd>tx-udp-tunnel-segmentation</dd>
-                </dl>
-              </dd>
              <dt><code>capability</code></dt>
              <dd>A network protocol exposed by the device, where the
                attribute <code>type</code> can be "80203" for IEEE
@@ -260,7 +214,7 @@
                number of vport in use. <code>max_vports</code> shows the
                maximum vports the HBA supports. "fc_host" implies following
                sub-elements: <code>wwnn</code>, <code>wwpn</code>, and
-                optionally <code>fabric_wwn</code>.
+                <code>fabric_wwn</code>.
              </dd>
            </dl>
          </dd>
@@ -314,16 +268,6 @@
                and <code>media_label</code>.</dd>
            </dl>
          </dd>
-          <dt><code>drm</code></dt>
-          <dd>Describes a Direct Rendering Manager (DRM) device.
-          Sub-elements include:
-            <dl>
-              <dt><code>type</code></dt>
-              <dd>The type of DRM device. Could be
-              <code>primary</code>, <code>control</code> or
-              <code>render</code>.</dd>
-            </dl>
-          </dd>
        </dl>
      </dd>
    </dl>
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -40,7 +40,7 @@
      of all running virtual machines that reference this filter are updated.
      <br/><br/>
      Network filtering support is available <span class="since">since 0.8.1
-      (QEMU, KVM)</span>
+      (Qemu, KVM)</span>
    </p>

    <h2><a name="nwfconcepts">Concepts</a></h2>
@@ -61,14 +61,14 @@
    the filter <code>clean-traffic</code>.
    </p>
 <pre>
-...
-&lt;devices&gt;
-  &lt;interface type='bridge'&gt;
-    &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
-    &lt;filterref filter='clean-traffic'/&gt;
-  &lt;/interface&gt;
-&lt;/devices&gt;
-...</pre>
+  ...
+  &lt;devices&gt;
+    &lt;interface type='bridge'&gt;
+      &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
+      &lt;filterref filter='clean-traffic'/&gt;
+    &lt;/interface&gt;
+  &lt;/devices&gt;
+  ...</pre>

    <p>
    Network filters are written in XML and may either contain references
@@ -91,16 +91,16 @@
    the parameter <code>IP</code> and a dotted IP address as value.
    </p>
 <pre>
-...
-&lt;devices&gt;
-  &lt;interface type='bridge'&gt;
-    &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
-    &lt;filterref filter='clean-traffic'&gt;
-      &lt;parameter name='IP' value='10.0.0.1'/&gt;
-    &lt;/filterref&gt;
-  &lt;/interface&gt;
-&lt;/devices&gt;
-...</pre>
+  ...
+  &lt;devices&gt;
+    &lt;interface type='bridge'&gt;
+      &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
+      &lt;filterref filter='clean-traffic'&gt;
+        &lt;parameter name='IP' value='10.0.0.1'/&gt;
+      &lt;/filterref&gt;
+    &lt;/interface&gt;
+  &lt;/devices&gt;
+  ...</pre>

    <p>
      In this particular example, the <code>clean-traffic</code> network
@@ -285,18 +285,18 @@
      providing multiple elements for the IP variable is:
    </p>
 <pre>
-...
-&lt;devices&gt;
-  &lt;interface type='bridge'&gt;
-    &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
-    &lt;filterref filter='clean-traffic'&gt;
-      &lt;parameter name='IP' value='10.0.0.1'/&gt;
-      &lt;parameter name='IP' value='10.0.0.2'/&gt;
-      &lt;parameter name='IP' value='10.0.0.3'/&gt;
-    &lt;/filterref&gt;
-  &lt;/interface&gt;
-&lt;/devices&gt;
-...</pre>
+  ...
+  &lt;devices&gt;
+    &lt;interface type='bridge'&gt;
+      &lt;mac address='00:16:3e:5d:c7:9e'/&gt;
+      &lt;filterref filter='clean-traffic'&gt;
+        &lt;parameter name='IP' value='10.0.0.1'/&gt;
+        &lt;parameter name='IP' value='10.0.0.2'/&gt;
+        &lt;parameter name='IP' value='10.0.0.3'/&gt;
+      &lt;/filterref&gt;
+    &lt;/interface&gt;
+  &lt;/devices&gt;
+  ...</pre>
    <p>
      This then allows filters to enable multiple IP addresses
      per interface. Therefore, with the list
@@ -304,11 +304,11 @@
      individual filtering rules, one for each IP address.
    </p>
 <pre>
-...
-&lt;rule action='accept' direction='in' priority='500'&gt;
-  &lt;tcp srpipaddr='$IP'/&gt;
-&lt;/rule&gt;
-...
+  ...
+  &lt;rule action='accept' direction='in' priority='500'&gt;
+    &lt;tcp srpipaddr='$IP'/&gt;
+  &lt;/rule&gt;
+  ...
 </pre>
    <p>
      <span class="since">Since 0.9.10</span> it is possible to access
@@ -317,11 +317,11 @@
      of the variable DSTPORTS.
    </p>
 <pre>
-...
-&lt;rule action='accept' direction='in' priority='500'&gt;
-  &lt;udp dstportstart='$DSTPORTS[1]'/&gt;
-&lt;/rule&gt;
-...
+  ...
+  &lt;rule action='accept' direction='in' priority='500'&gt;
+    &lt;udp dstportstart='$DSTPORTS[1]'/&gt;
+  &lt;/rule&gt;
+  ...
 </pre>
    <p>
      <span class="since">Since 0.9.10</span> it is possible to create
@@ -336,29 +336,29 @@
      iterators to access their elements.
    </p>
 <pre>
-...
-&lt;rule action='accept' direction='in' priority='500'&gt;
-  &lt;ip srcipaddr='$SRCIPADDRESSES[@1]' dstportstart='$DSTPORTS[@2]'/&gt;
-&lt;/rule&gt;
-...
+  ...
+  &lt;rule action='accept' direction='in' priority='500'&gt;
+    &lt;ip srcipaddr='$SRCIPADDRESSES[@1]' dstportstart='$DSTPORTS[@2]'/&gt;
+  &lt;/rule&gt;
+  ...
 </pre>

    <p>
      In an example we assign concrete values to SRCIPADDRESSES and DSTPORTS
    </p>
 <pre>
-SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ]
-DSTPORTS = [ 80, 8080 ]
+  SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ]
+  DSTPORTS = [ 80, 8080 ]
 </pre>
    <p>
      Accessing the variables using $SRCIPADDRESSES[@1] and $DSTPORTS[@2] would
      then result in all combinations of addresses and ports being created:
    </p>
 <pre>
-10.0.0.1, 80
-10.0.0.1, 8080
-11.1.2.3, 80
-11.1.2.3, 8080
+  10.0.0.1, 80
+  10.0.0.1, 8080
+  11.1.2.3, 80
+  11.1.2.3, 8080
 </pre>
    <p>
      Accessing the same variables using a single iterator, for example by using
@@ -366,8 +366,8 @@ DSTPORTS = [ 80, 8080 ]
      parallel access to both lists and result in the following combinations:
    </p>
 <pre>
-10.0.0.1, 80
-11.1.2.3, 8080
+  10.0.0.1, 80
+  11.1.2.3, 8080
 </pre>
    <p>
      Further, the notation of $VARIABLE is short-hand for $VARIABLE[@0]. The
@@ -440,12 +440,12 @@ DSTPORTS = [ 80, 8080 ]
       using the DHCP snooping method:
    </p>
 <pre>
-&lt;interface type='bridge'&gt;
-  &lt;source bridge='virbr0'/&gt;
-  &lt;filterref filter='clean-traffic'&gt;
-    &lt;parameter name='CTRL_IP_LEARNING' value='dhcp'/&gt;
-  &lt;/filterref&gt;
-&lt;/interface&gt;
+    &lt;interface type='bridge'&gt;
+      &lt;source bridge='virbr0'/&gt;
+      &lt;filterref filter='clean-traffic'&gt;
+        &lt;parameter name='CTRL_IP_LEARNING' value='dhcp'/&gt;
+      &lt;/filterref&gt;
+    &lt;/interface&gt;
 </pre>

    <h3><a name="nwfelemsReservedVars">Reserved Variables</a></h3>
@@ -658,10 +658,10 @@ DSTPORTS = [ 80, 8080 ]
    </p>
 <pre>
 [...]
-&lt;rule action='drop' direction='in'&gt;
-  &lt;protocol match='no' attribute1='value1' attribute2='value2'/&gt;
-  &lt;protocol attribute3='value3'/&gt;
-&lt;/rule&gt;
+  &lt;rule action='drop' direction='in'&gt;
+    &lt;protocol match='no' attribute1='value1' attribute2='value2'/&gt;
+    &lt;protocol attribute3='value3'/&gt;
+  &lt;/rule&gt;
 [...]
 </pre>
    <p>
@@ -1196,26 +1196,6 @@ DSTPORTS = [ 80, 8080 ]
         <td>UINT16</td>
         <td>End of range of valid destination ports; requires <code>protocol</code></td>
       </tr>
-       <tr>
-         <td>type<span class="since">(Since 1.2.12)</span></td>
-         <td>UINT8</td>
-         <td>ICMPv6 type; requires <code>protocol</code> to be set to <code>icmpv6</code></td>
-       </tr>
-       <tr>
-         <td>typeend<span class="since">(Since 1.2.12)</span></td>
-         <td>UINT8</td>
-         <td>ICMPv6 type end of range; requires <code>protocol</code> to be set to <code>icmpv6</code></td>
-       </tr>
-       <tr>
-         <td>code<span class="since">(Since 1.2.12)</span></td>
-         <td>UINT8</td>
-         <td>ICMPv6 code; requires <code>protocol</code> to be set to <code>icmpv6</code></td>
-       </tr>
-       <tr>
-         <td>code<span class="since">(Since 1.2.12)</span></td>
-         <td>UINT8</td>
-         <td>ICMPv6 code end of range; requires <code>protocol</code> to be set to <code>icmpv6</code></td>
-       </tr>
       <tr>
         <td>comment <span class="since">(Since 0.8.5)</span></td>
         <td>STRING</td>
@@ -1779,9 +1759,9 @@ DSTPORTS = [ 80, 8080 ]
      <br/><br/>
    </p>

-    <h5><a name="nwfelemsRulesProtoMiscv6">ESP, AH, UDPLITE, 'ALL' over IPv6</a></h5>
+    <h5><a name="nwfelemsRulesProtoMiscv6">IGMP, ESP, AH, UDPLITE, 'ALL' over IPv6</a></h5>
    <p>
-      Protocol ID: <code>esp-ipv6</code>, <code>ah-ipv6</code>, <code>udplite-ipv6</code>, <code>all-ipv6</code>
+      Protocol ID: <code>igmp-ipv6</code>, <code>esp-ipv6</code>, <code>ah-ipv6</code>, <code>udplite-ipv6</code>, <code>all-ipv6</code>
      <br/>
      Note: The chain parameter is ignored for this type of traffic
      and should either be omitted or set to <code>root</code>.
@@ -1896,11 +1876,11 @@ DSTPORTS = [ 80, 8080 ]
     turned off for incoming connections to TCP port 12345.
    </p>
 <pre>
-[...]
-&lt;rule direction='in' action='accept' statematch='false'&gt;
-  &lt;tcp dstportstart='12345'/&gt;
-&lt;/rule&gt;
-[...]
+   [...]
+    &lt;rule direction='in' action='accept' statematch='false'&gt;
+      &lt;tcp dstportstart='12345'/&gt;
+    &lt;/rule&gt;
+   [...]
 </pre>
    <p>
     This now allows incoming traffic to TCP port 12345, but would also
@@ -1918,26 +1898,26 @@ DSTPORTS = [ 80, 8080 ]
     time, the following XML fragment can be used to achieve this.
    </p>
 <pre>
-[...]
-&lt;rule action='drop' direction='in' priority='400'&gt;
-  &lt;tcp connlimit-above='1'/&gt;
-&lt;/rule&gt;
-&lt;rule action='accept' direction='in' priority='500'&gt;
-  &lt;tcp dstportstart='22'/&gt;
-&lt;/rule&gt;
-&lt;rule action='drop' direction='out' priority='400'&gt;
-  &lt;icmp connlimit-above='1'/&gt;
-&lt;/rule&gt;
-&lt;rule action='accept' direction='out' priority='500'&gt;
-  &lt;icmp/&gt;
-&lt;/rule&gt;
-&lt;rule action='accept' direction='out' priority='500'&gt;
-  &lt;udp dstportstart='53'/&gt;
-&lt;/rule&gt;
-&lt;rule action='drop' direction='inout' priority='1000'&gt;
-  &lt;all/&gt;
-&lt;/rule&gt;
-[...]
+  [...]
+  &lt;rule action='drop' direction='in' priority='400'&gt;
+    &lt;tcp connlimit-above='1'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='accept' direction='in' priority='500'&gt;
+    &lt;tcp dstportstart='22'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='drop' direction='out' priority='400'&gt;
+    &lt;icmp connlimit-above='1'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='accept' direction='out' priority='500'&gt;
+    &lt;icmp/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='accept' direction='out' priority='500'&gt;
+    &lt;udp dstportstart='53'/&gt;
+  &lt;/rule&gt;
+  &lt;rule action='drop' direction='inout' priority='1000'&gt;
+    &lt;all/&gt;
+  &lt;/rule&gt;
+  [...]
 </pre>
    <p>
     Note that the rule for the limit has to logically appear
@@ -1958,7 +1938,7 @@ DSTPORTS = [ 80, 8080 ]
    </p>

 <pre>
-echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
+  echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
 </pre>
    <p>
      sets the ICMP connection tracking timeout to 3 seconds. The
@@ -2064,7 +2044,7 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
     traffic you want to allow does pass.
     <br/><br/>
     The network filtering subsystem is currently only available on
-     Linux hosts and only works for QEMU and KVM type of virtual machines.
+     Linux hosts and only works for Qemu and KVM type of virtual machines.
     On Linux
     it builds upon the support for <code>ebtables</code>, <code>iptables
     </code> and <code>ip6tables</code> and makes use of their features.
@@ -2201,12 +2181,12 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
     the domain XML of the <code>test</code> VM could then look like this:
    </p>
 <pre>
-[...]
-&lt;interface type='bridge'&gt;
-  &lt;source bridge='mybridge'/&gt;
-  &lt;filterref filter='test-eth0'/&gt;
-&lt;/interface&gt;
-[...]
+   [...]
+    &lt;interface type='bridge'&gt;
+      &lt;source bridge='mybridge'/&gt;
+      &lt;filterref filter='test-eth0'/&gt;
+    &lt;/interface&gt;
+   [...]
 </pre>

    <p>
@@ -2216,15 +2196,15 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
     <code>ICMP</code> rule can be replaced with the following two rules:
    </p>
 <pre>
-&lt;!-- enable outgoing ICMP echo requests--&gt;
-&lt;rule action='accept' direction='out'&gt;
-  &lt;icmp type='8'/&gt;
-&lt;/rule&gt;
+  &lt;!-- enable outgoing ICMP echo requests--&gt;
+  &lt;rule action='accept' direction='out'&gt;
+    &lt;icmp type='8'/&gt;
+  &lt;/rule&gt;

-&lt;!-- enable incoming ICMP echo replies--&gt;
-&lt;rule action='accept' direction='in'&gt;
-  &lt;icmp type='0'/&gt;
-&lt;/rule&gt;
+  &lt;!-- enable incoming ICMP echo replies--&gt;
+  &lt;rule action='accept' direction='in'&gt;
+    &lt;icmp type='0'/&gt;
+  &lt;/rule&gt;
 </pre>

    <h3><a name="nwfwriteexample2nd">Second example custom filter</a></h3>
@@ -2265,7 +2245,7 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
     to the incoming and outgoing direction. All this is related to the ftp
     data traffic originating from TCP port 20 of the VM. This then leads to
     the following solution
-     <span class="since">(since 0.8.5 (QEMU, KVM, UML))</span>:
+     <span class="since">(since 0.8.5 (Qemu, KVM, UML))</span>:
    </p>
 <pre>
 &lt;filter name='test-eth0'&gt;
@@ -2326,9 +2306,9 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
     the ftp connection with the VM is established.
    </p>
 <pre>
-modprobe nf_conntrack_ftp   # where available  or
+    modprobe nf_conntrack_ftp   # where available  or

-modprobe ip_conntrack_ftp   # if above is not available
+    modprobe ip_conntrack_ftp   # if above is not available
 </pre>
    <p>
     If other protocols than ftp are to be used in conjunction with the
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -41,83 +41,53 @@
      <dd>
        Specifies what this secret is used for.  A mandatory
        <code>type</code> attribute specifies the usage category, currently
-        only <code>volume</code>, <code>ceph</code>, <code>iscsi</code>,
-        and <code>tls</code> are defined. Specific usage categories
-        are described below.
+        only <code>volume</code>, <code>ceph</code> and <code>iscsi</code>
+        are defined. Specific usage categories are described below.
      </dd>
    </dl>

    <h3><a name="VolumeUsageType">Usage type "volume"</a></h3>

    <p>
-      This secret is associated with a volume, whether the format is either
-      for a "qcow" or a "luks" encrypted volume. Each volume will have a
-      unique secret associated with it and it is safe to delete the
-      secret after the volume is deleted. The
-      <code>&lt;usage type='volume'&gt;</code> element must contain a
-      single <code>volume</code> element that specifies the path of the volume
+      This secret is associated with a volume, and it is safe to delete the
+      secret after the volume is deleted.  The <code>&lt;usage
+      type='volume'&gt;</code> element must contain a
+      single <code>volume</code> element that specifies the key of the volume
      this secret is associated with. For example, create a volume-secret.xml
      file as follows:
    </p>

    <pre>
-&lt;secret ephemeral='no' private='yes'&gt;
-   &lt;description&gt;Super secret name of my first puppy&lt;/description&gt;
-   &lt;uuid&gt;0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f&lt;/uuid&gt;
-   &lt;usage type='volume'&gt;
-      &lt;volume&gt;/var/lib/libvirt/images/puppyname.img&lt;/volume&gt;
-   &lt;/usage&gt;
-&lt;/secret&gt;
+      &lt;secret ephemeral='no' private='yes'&gt;
+         &lt;description&gt;Super secret name of my first puppy&lt;/description&gt;
+         &lt;uuid&gt;0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f&lt;/uuid&gt;
+         &lt;usage type='volume'&gt;
+            &lt;volume&gt;/var/lib/libvirt/images/puppyname.img&lt;/volume&gt;
+         &lt;/usage&gt;
+      &lt;/secret&gt;
    </pre>

    <p>
-      Define the secret and set the passphrase as follows:
+      Define the secret and set the pass phrase as follows:
    </p>
    <pre>
-# virsh secret-define volume-secret.xml
-Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
-#
-# MYSECRET=`printf %s "open sesame" | base64`
-# virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
-Secret value set
-#
+      # virsh secret-define volume-secret.xml
+      Secret 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f created
+      #
+      # MYSECRET=`printf %s "open sesame" | base64`
+      # virsh secret-set-value 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f $MYSECRET
+      Secret value set
+      #
    </pre>

    <p>
-      The volume type secret can be supplied in domain XML for a qcow storage
-      volume <a href="formatstorageencryption.html">encryption</a> as follows:
+      The volume type secret can then be used in the XML for a storage volume
+      <a href="formatstorageencryption.html">encryption</a> as follows:
    </p>
    <pre>
-&lt;encryption format='qcow'&gt;
-  &lt;secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/&gt;
-&lt;/encryption&gt;
-    </pre>
-
-    <p>
-      The volume type secret can be supplied either in volume XML during
-      creation of a <a href="formatstorage.html#StorageVol">storage volume</a>
-      in order to provide the passphrase to encrypt the volume or in
-      domain XML <a href="formatdomain.html#elementsDisks">disk device</a>
-      in order to provide the passphrase to decrypt the volume,
-      <span class="since">since 2.1.0</span>. An example follows:
-    </p>
-    <pre>
-# cat luks-secret.xml
-&lt;secret ephemeral='no' private='yes'&gt;
-   &lt;description&gt;LUKS Sample Secret&lt;/description&gt;
-   &lt;uuid&gt;f52a81b2-424e-490c-823d-6bd4235bc57&lt;/uuid&gt;
-   &lt;usage type='volume'&gt;
-      &lt;volume&gt;/var/lib/libvirt/images/luks-sample.img&lt;/volume&gt;
-   &lt;/usage&gt;
-&lt;/secret&gt;
-
-# virsh secret-define luks-secret.xml
-Secret f52a81b2-424e-490c-823d-6bd4235bc57 created
-#
-# MYSECRET=`printf %s "letmein" | base64`
-# virsh secret-set-value f52a81b2-424e-490c-823d-6bd4235bc57 $MYSECRET
-Secret value set
-#
+      &lt;encryption format='qcow'&gt;
+        &lt;secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/&gt;
+      &lt;/encryption&gt;
    </pre>

    <h3><a name="CephUsageType">Usage type "ceph"</a></h3>
@@ -134,12 +104,12 @@ Secret value set
    </p>

    <pre>
-&lt;secret ephemeral='no' private='yes'&gt;
-   &lt;description&gt;CEPH passphrase example&lt;/description&gt;
-   &lt;usage type='ceph'&gt;
-      &lt;name&gt;ceph_example&lt;/name&gt;
-   &lt;/usage&gt;
-&lt;/secret&gt;
+      &lt;secret ephemeral='no' private='yes'&gt;
+         &lt;description&gt;CEPH passphrase example&lt;/description&gt;
+         &lt;usage type='ceph'&gt;
+            &lt;name&gt;ceph_example&lt;/name&gt;
+         &lt;/usage&gt;
+      &lt;/secret&gt;
    </pre>

    <p>
@@ -149,19 +119,19 @@ Secret value set
      chosen secret pass phrase.
    </p>
    <pre>
-# virsh secret-define ceph-secret.xml
-Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created
-#
-# virsh secret-list
- UUID                                 Usage
-----------------------------------------------------------
- 1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
-#
-# CEPHPHRASE=`printf %s "pass phrase" | base64`
-# virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE
-Secret value set
+      # virsh secret-define ceph-secret.xml
+      Secret 1b40a534-8301-45d5-b1aa-11894ebb1735 created
+      #
+      # virsh secret-list
+      UUID                                 Usage
+      -----------------------------------------------------------
+      1b40a534-8301-45d5-b1aa-11894ebb1735 cephx ceph_example
+      #
+      # CEPHPHRASE=`printf %s "pass phrase" | base64`
+      # virsh secret-set-value 1b40a534-8301-45d5-b1aa-11894ebb1735 $CEPHPHRASE
+      Secret value set

-#
+      #
    </pre>

    <p>
@@ -171,9 +141,9 @@ Secret value set
      element as follows:
    </p>
    <pre>
-&lt;auth username='myname'&gt;
-  &lt;secret type='ceph' usage='ceph_example'/&gt;
-&lt;/auth&gt;
+      &lt;auth username='myname'&gt;
+        &lt;secret type='ceph' usage='ceph_example'/&gt;
+      &lt;/auth&gt;
    </pre>

    <p>
@@ -182,9 +152,9 @@ Secret value set
      <code>&lt;source&gt;</code> element as follows:
    </p>
    <pre>
-&lt;auth type='ceph' username='myname'&gt;
-  &lt;secret usage='ceph_example'/&gt;
-&lt;/auth&gt;
+      &lt;auth type='ceph' username='myname'&gt;
+        &lt;secret usage='ceph_example'/&gt;
+      &lt;/auth&gt;
    </pre>

    <h3><a name="iSCSIUsageType">Usage type "iscsi"</a></h3>
@@ -203,11 +173,11 @@ Secret value set
      authentication file:
    </p>
      <pre>
-&lt;target iqn.2013-07.com.example:iscsi-pool&gt;
-backing-store /home/tgtd/iscsi-pool/disk1
-backing-store /home/tgtd/iscsi-pool/disk2
-incominguser myname mysecret
-&lt;/target&gt;
+      &lt;target iqn.2013-07.com.example:iscsi-pool&gt;
+      backing-store /home/tgtd/iscsi-pool/disk1
+      backing-store /home/tgtd/iscsi-pool/disk2
+      incominguser myname mysecret
+      &lt;/target&gt;
      </pre>
    <p>
      Define an iscsi-secret.xml file to describe the secret. Use the
@@ -219,12 +189,12 @@ incominguser myname mysecret
      or disk XML description.
    </p>
    <pre>
-&lt;secret ephemeral='no' private='yes'&gt;
-   &lt;description&gt;Passphrase for the iSCSI example.com server&lt;/description&gt;
-   &lt;usage type='iscsi'&gt;
-      &lt;target&gt;libvirtiscsi&lt;/target&gt;
-   &lt;/usage&gt;
-&lt;/secret&gt;
+      &lt;secret ephemeral='no' private='yes'&gt;
+         &lt;description&gt;Passphrase for the iSCSI example.com server&lt;/description&gt;
+         &lt;usage type='iscsi'&gt;
+            &lt;target&gt;libvirtiscsi&lt;/target&gt;
+         &lt;/usage&gt;
+      &lt;/secret&gt;
    </pre>

    <p>
@@ -235,18 +205,18 @@ incominguser myname mysecret
      used in the iSCSI authentication configuration file.
    </p>
    <pre>
-# virsh secret-define secret.xml
-Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created
+      # virsh secret-define secret.xml
+      Secret c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 created

-# virsh secret-list
- UUID                                 Usage
-----------------------------------------------------------
- c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi
+      # virsh secret-list
+      UUID                                 Usage
+      -----------------------------------------------------------
+      c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 iscsi libvirtiscsi

-# MYSECRET=`printf %s "mysecret" | base64`
-# virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET
-Secret value set
-#
+      # MYSECRET=`printf %s "mysecret" | base64`
+      # virsh secret-set-value c4dbe20b-b1a3-4ac1-b6e6-2ac97852ebb6 $MYSECRET
+      Secret value set
+      #
    </pre>

    <p>
@@ -256,9 +226,9 @@ Secret value set
      element as follows:
    </p>
    <pre>
-&lt;auth username='myname'&gt;
-  &lt;secret type='iscsi' usage='libvirtiscsi'/&gt;
-&lt;/auth&gt;
+      &lt;auth username='myname'&gt;
+        &lt;secret type='iscsi' usage='libvirtiscsi'/&gt;
+      &lt;/auth&gt;
    </pre>

    <p>
@@ -267,64 +237,9 @@ Secret value set
      <code>&lt;source&gt;</code> element as follows:
    </p>
    <pre>
-&lt;auth type='chap' username='myname'&gt;
-  &lt;secret usage='libvirtiscsi'/&gt;
-&lt;/auth&gt;
+      &lt;auth type='chap' username='myname'&gt;
+        &lt;secret usage='libvirtiscsi'/&gt;
+      &lt;/auth&gt;
    </pre>
-
-    <h3><a name="tlsUsageType">Usage type "tls"</a></h3>
-
-    <p>
-      This secret may be used in order to provide the passphrase for the
-      private key used to provide TLS credentials.
-      The <code>&lt;usage type='tls'&gt;</code> element must contain a
-      single <code>name</code> element that specifies a usage name
-      for the secret.
-      <span class="since">Since 2.3.0</span>.
-      The following is an example of the expected XML and processing to
-      define the secret:
-    </p>
-
-    <pre>
-# cat tls-secret.xml
-&lt;secret ephemeral='no' private='yes'&gt;
-   &lt;description&gt;sample tls secret&lt;/description&gt;
-   &lt;usage type='tls'&gt;
-      &lt;name&gt;TLS_example&lt;/name&gt;
-   &lt;/usage&gt;
-&lt;/secret&gt;
-
-# virsh secret-define tls-secret.xml
-Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
-
-# virsh secret-list
- UUID                                 Usage
-----------------------------------------------------------
- 718c71bd-67b5-4a2b-87ec-a24e8ca200dc  tls TLS_example
-#
-
-    </pre>
-
-    <p>
-      A secret may also be defined via the
-      <a href="html/libvirt-libvirt-secret.html#virSecretDefineXML">
-       <code>virSecretDefineXML</code></a> API.
-
-      Once the secret is defined, a secret value will need to be set. The
-      secret would be the passphrase used to access the TLS credentials.
-      The following is a simple example of using
-      <code>virsh secret-set-value</code> to set the secret value. The
-      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
-      <code>virSecretSetValue</code></a> API may also be used to set
-      a more secure secret without using printable/readable characters.
-    </p>
-
-    <pre>
-# MYSECRET=`printf %s "letmein" | base64`
-# virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
-Secret value set
-
-    </pre>
-
  </body>
 </html>
--- a/docs/formatsnapshot.html.in
+++ b/docs/formatsnapshot.html.in
@@ -156,31 +156,22 @@
            require that if specified, the snapshot mode must not
            override any snapshot mode attached to the corresponding
            domain disk, while others like qemu allow this field to
-            override the domain default.
-
-            <dl>
-              <dt><code>source</code></dt>
-              <dd>If the snapshot mode is external (whether specified
-              or inherited), then there is an optional sub-element
-              <code>source</code>, with an attribute <code>file</code>
-              giving the name of the new file.
-              If <code>source</code> is not
-              given and the disk is backed by a local image file (not
-              a block device or remote storage), a file name is
-              generated that consists of the existing file name
-              with anything after the trailing dot replaced by the
-              snapshot name.  Remember that with external
-              snapshots, the original file name becomes the read-only
-              snapshot, and the new file name contains the read-write
-              delta of all disk changes since the snapshot.
-              </dd>
-              <dt><code>driver</code></dt>
-              <dd>An optional sub-element <code>driver</code>,
-              with an attribute <code>type</code> giving the driver type (such
-              as qcow2), of the new file created by the external
-              snapshot of the new file.
-              </dd>
-            </dl>
+            override the domain default.  If the snapshot mode is
+            external (whether specified or inherited), then there is
+            an optional sub-element <code>source</code>, with an
+            attribute <code>file</code> giving the name, and an
+            optional sub-element <code>driver</code>, with an
+            attribute <code>type</code> giving the driver type (such
+            as qcow2), of the new file created by the external
+            snapshot of the new file.  If <code>source</code> is not
+            given and the disk is backed by a local image file (not
+            a block device or remote storage), a file name is
+            generated that consists of the existing file name
+            with anything after the trailing dot replaced by the
+            snapshot name.  Remember that with external
+            snapshots, the original file name becomes the read-only
+            snapshot, and the new file name contains the read-write
+            delta of all disk changes since the snapshot.

            <span class="since">Since 1.2.2</span> the <code>disk</code> element
            supports an optional attribute <code>type</code> if the
--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@@ -24,21 +24,20 @@
      (<span class="since">since 0.9.13</span>), <code>sheepdog</code>
      (<span class="since">since 0.10.0</span>),
      <code>gluster</code> (<span class="since">since
-      1.2.0</span>),  <code>zfs</code> (<span class="since">since
-      1.2.8</span>) or <code>vstorage</code> (<span class="since">since
-      3.1.0</span>). This corresponds to the
+      1.2.0</span>) or <code>zfs</code> (<span class="since">since
+      1.2.8</span>). This corresponds to the
      storage backend drivers listed further along in this document.
    </p>
    <h3><a name="StoragePoolFirst">General metadata</a></h3>

    <pre>
-&lt;pool type="iscsi"&gt;
-  &lt;name&gt;virtimages&lt;/name&gt;
-  &lt;uuid&gt;3e3fce45-4f53-4fa7-bb32-11f34168b82b&lt;/uuid&gt;
-  &lt;allocation&gt;10000000&lt;/allocation&gt;
-  &lt;capacity&gt;50000000&lt;/capacity&gt;
-  &lt;available&gt;40000000&lt;/available&gt;
-  ...</pre>
+      &lt;pool type="iscsi"&gt;
+        &lt;name&gt;virtimages&lt;/name&gt;
+        &lt;uuid&gt;3e3fce45-4f53-4fa7-bb32-11f34168b82b&lt;/uuid&gt;
+        &lt;allocation&gt;10000000&lt;/allocation&gt;
+        &lt;capacity&gt;50000000&lt;/capacity&gt;
+        &lt;available&gt;40000000&lt;/available&gt;
+        ...</pre>

    <dl>
      <dt><code>name</code></dt>
@@ -76,84 +75,58 @@
    </p>

    <pre>
-...
-&lt;source&gt;
-  &lt;host name="iscsi.example.com"/&gt;
-  &lt;device path="iqn.2013-06.com.example:iscsi-pool"/&gt;
-  &lt;auth type='chap' username='myname'&gt;
-    &lt;secret usage='mycluster_myname'/&gt;
-  &lt;/auth&gt;
-  &lt;vendor name="Acme"/&gt;
-  &lt;product name="model"/&gt;
-&lt;/source&gt;
-...</pre>
+        ...
+        &lt;source&gt;
+          &lt;host name="iscsi.example.com"/&gt;
+          &lt;device path="demo-target"/&gt;
+          &lt;auth type='chap' username='myname'&gt;
+            &lt;secret type='iscsi' usage='mycluster_myname'/&gt;
+          &lt;/auth&gt;
+          &lt;vendor name="Acme"/&gt;
+          &lt;product name="model"/&gt;
+        &lt;/source&gt;
+        ...</pre>

    <pre>
-...
-&lt;source&gt;
-  &lt;device path='/dev/mapper/mpatha' part_separator='no'/&gt;
-  &lt;format type='gpt'/&gt;
-&lt;/source&gt;
-...</pre>
+        ...
+        &lt;source&gt;
+          &lt;adapter type='scsi_host' name='scsi_host1'/&gt;
+        &lt;/source&gt;
+        ...</pre>

    <pre>
-...
-&lt;source&gt;
-  &lt;adapter type='scsi_host' name='scsi_host1'/&gt;
-&lt;/source&gt;
-...</pre>
+        ...
+        &lt;source&gt;
+          &lt;adapter type='scsi_host'&gt;
+            &lt;parentaddr unique_id='1'&gt;
+              &lt;address domain='0x0000' bus='0x00' slot='0x1f' addr='0x2'/&gt;
+            &lt;/parentaddr&gt;
+          &lt;/adapter&gt;
+        &lt;/source&gt;
+        ...</pre>

    <pre>
-...
-&lt;source&gt;
-  &lt;adapter type='scsi_host'&gt;
-    &lt;parentaddr unique_id='1'&gt;
-      &lt;address domain='0x0000' bus='0x00' slot='0x1f' addr='0x2'/&gt;
-    &lt;/parentaddr&gt;
-  &lt;/adapter&gt;
-&lt;/source&gt;
-...</pre>
-
-    <pre>
-...
-&lt;source&gt;
-  &lt;adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/&gt;
-&lt;/source&gt;
-...</pre>
+        ...
+        &lt;source&gt;
+          &lt;adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/&gt;
+        &lt;/source&gt;
+        ...</pre>

    <dl>
      <dt><code>device</code></dt>
      <dd>Provides the source for pools backed by physical devices
        (pool types <code>fs</code>, <code>logical</code>, <code>disk</code>,
-        <code>iscsi</code>, <code>zfs</code>, <code>vstorage</code>).
+        <code>iscsi</code>, <code>zfs</code>).
        May be repeated multiple times depending on backend driver. Contains
-        a required attribute <code>path</code> which is either the fully
-        qualified path to the block device node or for <code>iscsi</code>
-        the iSCSI Qualified Name (IQN).
-        <span class="since">Since 0.4.1</span>
-        <p>An optional attribute <code>part_separator</code> for each
-        <code>path</code> may be supplied. Valid values for the attribute
-        may be either "yes" or "no". This attribute is to be used for a
-        <code>disk</code> pool type using a <code>path</code> to a
-        device mapper multipath device. Setting the attribute to "yes"
-        causes libvirt to attempt to generate and find target volume path's
-        using a "p" separator. The default algorithm used by device mapper
-        is to add the "p" separator only when the source device path ends
-        with a number; however, it's possible to configure the devmapper
-        device to not use 'user_friendly_names' thus creating partitions
-        with the "p" separator even when the device source path does not
-        end with a number.
-        <span class="since">Since 1.3.1</span></p></dd>
+        a single attribute <code>path</code> which is the fully qualified
+        path to the block device node. <span class="since">Since 0.4.1</span></dd>
      <dt><code>dir</code></dt>
      <dd>Provides the source for pools backed by directories (pool
-        types <code>dir</code>, <code>netfs</code>, <code>gluster</code>),
-        or optionally to select a subdirectory
+        type <code>dir</code>), or optionally to select a subdirectory
        within a pool that resembles a filesystem (pool
        type <code>gluster</code>). May
        only occur once. Contains a single attribute <code>path</code>
-        which is the fully qualified path to the backing directory or
-        for a <code>netfs</code> pool type using <code>format</code>
-        type "cifs", the path to the Samba share without the leading slash.
+        which is the fully qualified path to the backing directory.
        <span class="since">Since 0.4.1</span></dd>
      <dt><code>adapter</code></dt>
      <dd>Provides the source for pools backed by SCSI adapters (pool
@@ -184,41 +157,16 @@
            compatibility, this attribute is optional <b>only</b> for the
            "scsi_host" adapter, but is mandatory for the "fc_host" adapter.
            <span class="since">Since 1.0.5</span>
-            A "fc_host" capable scsi_hostN can be determined by using
-            <code>virsh nodedev-list --cap fc_host</code>.
-            <span class="since">Since 1.2.8</span>
-            <p>
-            Note: Regardless of whether a "scsi_host" adapter type is defined
-            using a <code>name</code> or a <code>parentaddr</code>, it
-            should refer to a real scsi_host adapter as found through a
-            <code>virsh nodedev-list scsi_host</code> and <code>virsh
-            nodedev-dumpxml scsi_hostN</code> on one of the scsi_host's
-            displayed. It should not refer to a "fc_host" capable scsi_hostN
-            nor should it refer to the vHBA created for some "fc_host"
-            adapter. For a vHBA the <code>nodedev-dumpxml</code>
-            output parent setting will be the "fc_host" capable scsi_hostN
-            value. Additionally, do not refer to an iSCSI scsi_hostN for the
-            "scsi_host" source. An iSCSI scsi_hostN's
-            <code>nodedev-dumpxml</code> output parent field is generally
-            "computer". This is a libvirt created parent value indicating
-            no parent was defined for the node device.
-            </p>
            </dd>
        </dl>
        <dl>
-          <dt><code>wwnn</code> and <code>wwpn</code></dt>
+          <dt><code>wwwn</code> and <code>wwpn</code></dt>
          <dd>The "World Wide Node Name" (<code>wwnn</code>) and "World Wide
            Port Name" (<code>wwpn</code>) are used by the "fc_host" adapter
            to uniquely identify the device in the Fibre Channel storage fabric
            (the device can be either a HBA or vHBA). Both wwnn and wwpn should
            be specified. Use the command 'virsh nodedev-dumpxml' to determine
-            how to set the values for the wwnn/wwpn of a (v)HBA. The wwnn and
-            wwpn have very specific numerical format requirements based on the
-            hypervisor being used, thus care should be taken if you decide to
-            generate your own to follow the standards; otherwise, the pool
-            will fail to start with an opaque error message indicating failure
-            to write to the vport_create file during vport create/delete due
-            to "No such file or directory".
+            how to set the values for the wwnn/wwpn of a (v)HBA.
            <span class="since">Since 1.0.4</span>
          </dd>
        </dl>
@@ -228,49 +176,9 @@
            parent scsi_host device defined in the
            <a href="formatnode.html">Node Device</a> database as the
            <a href="http://wiki.libvirt.org/page/NPIV_in_libvirt">NPIV</a>
-            virtual Host Bus Adapter (vHBA). The value provided must be
-            a vport capable scsi_host. The value is not the scsi_host of
-            the vHBA created by 'virsh nodedev-create', rather it is
-            the parent of that vHBA. If the value is not provided, libvirt
-            will determine the parent based either finding the wwnn,wwpn
-            defined for an existing scsi_host or by creating a vHBA. Providing
-            the parent attribute is also useful for the duplicate pool
-            definition checks. This is more important in environments where
-            both the "fc_host" and "scsi_host" source adapter pools are being
-            used in order to ensure a new definition doesn't duplicate using
-            the scsi_hostN of some existing storage pool.
+            virtual Host Bus Adapter (vHBA).
            <span class="since">Since 1.0.4</span>
          </dd>
-          <dt><code>parent_wwnn</code> and <code>parent_wwpn</code></dt>
-          <dd>Instead of the <code>parent</code> to specify which scsi_host
-            to use by name, it's possible to provide the wwnn and wwpn of
-            the parent to be used for the vHBA in order to ensure that
-            between reboots or after a hardware configuration change that
-            the scsi_host parent name doesn't change. Both the parent_wwnn
-            and parent_wwpn must be provided.
-            <span class="since">Since 3.0.0</span>
-          </dd>
-          <dt><code>parent_fabric_wwn</code></dt>
-          <dd>Instead of the <code>parent</code> to specify which scsi_host
-            to use by name, it's possible to provide the fabric_wwn on which
-            the scsi_host exists. This provides flexibility for choosing
-            a scsi_host that may be available on the fabric rather than
-            requiring a specific parent by wwnn or wwpn to be available.
-            <span class="since">Since 3.0.0</span>
-          </dd>
-          <dt><code>managed</code></dt>
-          <dd>An optional attribute to instruct the SCSI storage backend to
-            manage destroying the vHBA when the pool is destroyed. For
-            configurations that do not provide an already created vHBA
-            from a 'virsh nodedev-create', libvirt will set this property
-            to "yes". For configurations that have already created a vHBA
-            via 'virsh nodedev-create' and are using the wwnn/wwpn from
-            that vHBA and optionally the scsi_host parent, setting this
-            attribute to "yes" will allow libvirt to destroy the node device
-            when the pool is destroyed. If this attribute is set to "no" or
-            not defined in the XML, then libvirt will not destroy the vHBA.
-            <span class="since">Since 1.2.11</span>
-          </dd>
        </dl>
        <dl>
          <dt><code>parentaddr</code></dt>
@@ -336,15 +244,7 @@
        or <code>device</code> element. Contains an attribute <code>name</code>
        which is the hostname or IP address of the server. May optionally
        contain a <code>port</code> attribute for the protocol specific
-        port number. Duplicate storage pool definition checks may perform
-        a cursory check that the same host name by string comparison in the
-        new pool does not match an existing pool's source host name when
-        combined with the <code>directory</code> or <code>device</code>
-        element. Name resolution of the provided hostname or IP address
-        is left to the storage driver backend interactions with the remote
-        server. See the <a href="storage.html">storage driver page</a> for
-        any restrictions for specific storage backends.
-        <span class="since">Since 0.4.1</span></dd>
+        port number. <span class="since">Since 0.4.1</span></dd>
      <dt><code>auth</code></dt>
      <dd>If present, the <code>auth</code> element provides the
        authentication credentials needed to access the source by the
@@ -401,60 +301,74 @@
      <code>pool</code> element for some types of pools (pool
      types <code>dir</code>, <code>fs</code>, <code>netfs</code>,
      <code>logical</code>, <code>disk</code>, <code>iscsi</code>,
-      <code>scsi</code>, <code>mpath</code>, <code>zfs</code>).
-      This tag is used to describe the mapping of
+      <code>scsi</code>, <code>mpath</code>). This tag is used to
+      describe the mapping of
      the storage pool into the host filesystem. It can contain the following
      child elements:
    </p>

    <pre>
-  ...
-  &lt;target&gt;
-    &lt;path&gt;/dev/disk/by-path&lt;/path&gt;
-    &lt;permissions&gt;
-      &lt;owner&gt;107&lt;/owner&gt;
-      &lt;group&gt;107&lt;/group&gt;
-      &lt;mode&gt;0744&lt;/mode&gt;
-      &lt;label&gt;virt_image_t&lt;/label&gt;
-    &lt;/permissions&gt;
-  &lt;/target&gt;
-&lt;/pool&gt;</pre>
+        ...
+        &lt;target&gt;
+          &lt;path&gt;/dev/disk/by-path&lt;/path&gt;
+          &lt;permissions&gt;
+            &lt;owner&gt;107&lt;/owner&gt;
+            &lt;group&gt;107&lt;/group&gt;
+            &lt;mode&gt;0744&lt;/mode&gt;
+            &lt;label&gt;virt_image_t&lt;/label&gt;
+          &lt;/permissions&gt;
+          &lt;timestamps&gt;
+            &lt;atime&gt;1341933637.273190990&lt;/atime&gt;
+            &lt;mtime&gt;1341930622.047245868&lt;/mtime&gt;
+            &lt;ctime&gt;1341930622.047245868&lt;/ctime&gt;
+          &lt;/timestamps&gt;
+          &lt;encryption type='...'&gt;
+            ...
+          &lt;/encryption&gt;
+        &lt;/target&gt;
+      &lt;/pool&gt;</pre>

    <dl>
      <dt><code>path</code></dt>
      <dd>Provides the location at which the pool will be mapped into
-        the local filesystem namespace, as an absolute path. For a
-        filesystem/directory based pool it will be a fully qualified name of
-        the directory in which volumes will be created. For device based pools
-        it will be a fully qualified name of the directory in which
+        the local filesystem namespace. For a filesystem/directory based
+        pool it will be the name of the directory in which volumes will
+        be created. For device based pools it will be the name of the directory in which
        devices nodes exist. For the latter <code>/dev/</code> may seem
        like the logical choice, however, devices nodes there are not
        guaranteed stable across reboots, since they are allocated on
        demand. It is preferable to use a stable location such as one
-        of the <code>/dev/disk/by-{path|id|uuid|label}</code> locations.
-        For <code>logical</code> and <code>zfs</code> pool types, a
-        provided value is ignored and a default path generated.
-        For a Multipath pool (type <code>mpath</code>), the provided
-        value is ignored and the default value of "/dev/mapper" is used.
+        of the <code>/dev/disk/by-{path,id,uuid,label</code> locations.
        <span class="since">Since 0.4.1</span>
      </dd>
      <dt><code>permissions</code></dt>
      <dd>This is currently only useful for directory or filesystem based
        pools, which are mapped as a directory into the local filesystem
        namespace. It provides information about the permissions to use for the
-        final directory when the pool is built. There are 4 child elements.
-        The <code>mode</code> element contains the octal permission set.
-        The <code>mode</code> defaults to 0755 when not provided.
-        The <code>owner</code> element contains the numeric user ID.
-        The <code>group</code> element contains the numeric group ID.
-        If <code>owner</code> or <code>group</code> aren't specified when
-        creating a directory, the values are inherited from the parent
-        directory. The <code>label</code> element contains the MAC (eg SELinux)
-        label string.
+        final directory when the pool is built. The
+        <code>mode</code> element contains the octal permission set. The
+        <code>owner</code> element contains the numeric user ID. The <code>group</code>
+        element contains the numeric group ID. The <code>label</code> element
+        contains the MAC (eg SELinux) label string.
        <span class="since">Since 0.4.1</span>
-        For running directory or filesystem based pools, these fields
-        will be filled with the values used by the existing directory.
-        <span class="since">Since 1.2.16</span>
+      </dd>
+      <dt><code>timestamps</code></dt>
+      <dd>Provides timing information about the volume. Up to four
+        sub-elements are present,
+        where <code>atime</code>, <code>btime</code>, <code>ctime</code>
+        and <code>mtime</code> hold the access, birth, change and
+        modification time of the volume, where known. The used time
+        format is &lt;seconds&gt;.&lt;nanoseconds&gt; since the
+        beginning of the epoch (1 Jan 1970). If nanosecond resolution
+        is 0 or otherwise unsupported by the host OS or filesystem,
+        then the nanoseconds part is omitted.  This is a readonly
+        attribute and is ignored when creating a volume.
+        <span class="since">Since 0.10.0</span>
+      </dd>
+      <dt><code>encryption</code></dt>
+      <dd>If present, specifies how the volume is encrypted.  See
+        the <a href="formatstorageencryption.html">Storage Encryption</a> page
+        for more information.
      </dd>
    </dl>

@@ -483,7 +397,7 @@
      A storage volume will generally be either a file or a device
      node; <span class="since">since 1.2.0</span>, an optional
      output-only attribute <code>type</code> lists the actual type
-      (file, block, dir, network, netdir or ploop), which is also available
+      (file, block, dir, network, or netdir), which is also available
      from <code>virStorageVolGetInfo()</code>.  The storage volume
      XML format is available <span class="since">since 0.4.1</span>
    </p>
@@ -491,23 +405,17 @@
    <h3><a name="StorageVolFirst">General metadata</a></h3>

    <pre>
-&lt;volume type='file'&gt;
-  &lt;name&gt;sparse.img&lt;/name&gt;
-  &lt;key&gt;/var/lib/xen/images/sparse.img&lt;/key&gt;
-  &lt;allocation&gt;0&lt;/allocation&gt;
-  &lt;capacity unit="T"&gt;1&lt;/capacity&gt;
-  ...</pre>
+      &lt;volume type='file'&gt;
+        &lt;name&gt;sparse.img&lt;/name&gt;
+        &lt;key&gt;/var/lib/xen/images/sparse.img&lt;/key&gt;
+        &lt;allocation&gt;0&lt;/allocation&gt;
+        &lt;capacity unit="T"&gt;1&lt;/capacity&gt;
+        ...</pre>

    <dl>
      <dt><code>name</code></dt>
      <dd>Providing a name for the volume which is unique to the pool.
-        This is mandatory when defining a volume. For a disk pool, the
-        name must be combination of the <code>source</code> device path
-        device and next partition number to be created. For example, if
-        the <code>source</code> device path is /dev/sdb and there are no
-        partitions on the disk, then the name must be sdb1 with the next
-        name being sdb2 and so on.
-        <span class="since">Since 0.4.1</span></dd>
+        This is mandatory when defining a volume.  <span class="since">Since 0.4.1</span></dd>
      <dt><code>key</code></dt>
      <dd>Providing an identifier for the volume which identifies a
          single volume. In some cases it's possible to have two distinct keys
@@ -553,11 +461,6 @@
        specified with the same semantics as for <code>allocation</code>
        This is compulsory when creating a volume.
        <span class="since">Since 0.4.1</span></dd>
-      <dt><code>physical</code></dt>
-      <dd>This output only element provides the host physical size of
-        the target storage volume. The default output <code>unit</code>
-        will be in bytes.
-        <span class="since">Since 3.0.0</span></dd>
      <dt><code>source</code></dt>
      <dd>Provides information about the underlying storage allocation
        of the volume. This may not be available for some pool types.
@@ -577,30 +480,22 @@
    </p>

    <pre>
-...
-&lt;target&gt;
-  &lt;path&gt;/var/lib/virt/images/sparse.img&lt;/path&gt;
-  &lt;format type='qcow2'/&gt;
-  &lt;permissions&gt;
-    &lt;owner&gt;107&lt;/owner&gt;
-    &lt;group&gt;107&lt;/group&gt;
-    &lt;mode&gt;0744&lt;/mode&gt;
-    &lt;label&gt;virt_image_t&lt;/label&gt;
-  &lt;/permissions&gt;
-  &lt;timestamps&gt;
-    &lt;atime&gt;1341933637.273190990&lt;/atime&gt;
-    &lt;mtime&gt;1341930622.047245868&lt;/mtime&gt;
-    &lt;ctime&gt;1341930622.047245868&lt;/ctime&gt;
-  &lt;/timestamps&gt;
-  &lt;encryption type='...'&gt;
-    ...
-  &lt;/encryption&gt;
-  &lt;compat&gt;1.1&lt;/compat&gt;
-  &lt;nocow/&gt;
-  &lt;features&gt;
-    &lt;lazy_refcounts/&gt;
-  &lt;/features&gt;
-&lt;/target&gt;</pre>
+        ...
+        &lt;target&gt;
+          &lt;path&gt;/var/lib/virt/images/sparse.img&lt;/path&gt;
+          &lt;format type='qcow2'/&gt;
+          &lt;permissions&gt;
+            &lt;owner&gt;107&lt;/owner&gt;
+            &lt;group&gt;107&lt;/group&gt;
+            &lt;mode&gt;0744&lt;/mode&gt;
+            &lt;label&gt;virt_image_t&lt;/label&gt;
+          &lt;/permissions&gt;
+          &lt;compat&gt;1.1&lt;/compat&gt;
+          &lt;nocow/&gt;
+          &lt;features&gt;
+            &lt;lazy_refcounts/&gt;
+          &lt;/features&gt;
+        &lt;/target&gt;</pre>

    <dl>
      <dt><code>path</code></dt>
@@ -610,9 +505,7 @@
        <span class="since">Since 0.4.1</span></dd>
      <dt><code>format</code></dt>
      <dd>Provides information about the pool specific volume format.
-        For disk pools it will provide the partition table format type, but is
-        not preserved after a pool refresh or libvirtd restart. Use extended
-        in order to create an extended disk extent partition. For filesystem
+        For disk pools it will provide the partition type. For filesystem
        or directory pools it will provide the file format type, eg cow,
        qcow, vmdk, raw. If omitted when creating a volume, the pool's
        default format will be used. The actual format is specified via
@@ -623,41 +516,17 @@
        volume format type value and the default pool format will be used.
        <span class="since">Since 0.4.1</span></dd>
      <dt><code>permissions</code></dt>
-      <dd>Provides information about the permissions to use
+      <dd>Provides information about the default permissions to use
        when creating volumes. This is currently only useful for directory
        or filesystem based pools, where the volumes allocated are simple
        files. For pools where the volumes are device nodes, the hotplug
-        scripts determine permissions. There are 4 child elements.
-        The <code>mode</code> element contains the octal permission set.
-        The <code>mode</code> defaults to 0600 when not provided.
-        The <code>owner</code> element contains the numeric user ID.
-        The <code>group</code> element contains the numeric group ID.
-        If <code>owner</code> or <code>group</code> aren't specified when
-        creating a supported volume, the values are inherited from the parent
-        directory. The <code>label</code> element contains the MAC (eg SELinux)
-        label string.
-        For existing directory or filesystem based volumes, these fields
-        will be filled with the values used by the existing file.
+        scripts determine permissions. It contains 4 child elements. The
+        <code>mode</code> element contains the octal permission set. The
+        <code>owner</code> element contains the numeric user ID. The <code>group</code>
+        element contains the numeric group ID. The <code>label</code> element
+        contains the MAC (eg SELinux) label string.
        <span class="since">Since 0.4.1</span>
      </dd>
-      <dt><code>timestamps</code></dt>
-      <dd>Provides timing information about the volume. Up to four
-        sub-elements are present,
-        where <code>atime</code>, <code>btime</code>, <code>ctime</code>
-        and <code>mtime</code> hold the access, birth, change and
-        modification time of the volume, where known. The used time
-        format is &lt;seconds&gt;.&lt;nanoseconds&gt; since the
-        beginning of the epoch (1 Jan 1970). If nanosecond resolution
-        is 0 or otherwise unsupported by the host OS or filesystem,
-        then the nanoseconds part is omitted.  This is a readonly
-        attribute and is ignored when creating a volume.
-        <span class="since">Since 0.10.0</span>
-      </dd>
-      <dt><code>encryption</code></dt>
-      <dd>If present, specifies how the volume is encrypted.  See
-        the <a href="formatstorageencryption.html">Storage Encryption</a> page
-        for more information.
-      </dd>
      <dt><code>compat</code></dt>
      <dd>Specify compatibility level. So far, this is only used for
        <code>type='qcow2'</code> volumes. Valid values are <code>0.10</code>
@@ -693,18 +562,18 @@
    </p>

    <pre>
-  ...
-  &lt;backingStore&gt;
-    &lt;path&gt;/var/lib/virt/images/master.img&lt;/path&gt;
-    &lt;format type='raw'/&gt;
-    &lt;permissions&gt;
-      &lt;owner&gt;107&lt;/owner&gt;
-      &lt;group&gt;107&lt;/group&gt;
-      &lt;mode&gt;0744&lt;/mode&gt;
-      &lt;label&gt;virt_image_t&lt;/label&gt;
-    &lt;/permissions&gt;
-  &lt;/backingStore&gt;
-&lt;/volume&gt;</pre>
+        ...
+        &lt;backingStore&gt;
+          &lt;path&gt;/var/lib/virt/images/master.img&lt;/path&gt;
+          &lt;format type='raw'/&gt;
+          &lt;permissions&gt;
+            &lt;owner&gt;107&lt;/owner&gt;
+            &lt;group&gt;107&lt;/group&gt;
+            &lt;mode&gt;0744&lt;/mode&gt;
+            &lt;label&gt;virt_image_t&lt;/label&gt;
+          &lt;/permissions&gt;
+        &lt;/backingStore&gt;
+      &lt;/volume&gt;</pre>

    <dl>
      <dt><code>path</code></dt>
@@ -723,8 +592,11 @@
        <span class="since">Since 0.6.0</span></dd>
      <dt><code>permissions</code></dt>
      <dd>Provides information about the permissions of the backing file.
-          See volume <code>permissions</code> documentation for explanation
-          of individual fields.
+        It contains 4 child elements. The
+        <code>mode</code> element contains the octal permission set. The
+        <code>owner</code> element contains the numeric user ID. The <code>group</code>
+        element contains the numeric group ID. The <code>label</code> element
+        contains the MAC (eg SELinux) label string.
        <span class="since">Since 0.6.0</span>
      </dd>
    </dl>
@@ -739,62 +611,46 @@
    <h3><a name="exampleFile">File based storage pool</a></h3>

    <pre>
-&lt;pool type="dir"&gt;
-  &lt;name&gt;virtimages&lt;/name&gt;
-  &lt;target&gt;
-    &lt;path&gt;/var/lib/virt/images&lt;/path&gt;
-  &lt;/target&gt;
-&lt;/pool&gt;</pre>
+      &lt;pool type="dir"&gt;
+        &lt;name&gt;virtimages&lt;/name&gt;
+        &lt;target&gt;
+          &lt;path&gt;/var/lib/virt/images&lt;/path&gt;
+        &lt;/target&gt;
+      &lt;/pool&gt;</pre>

    <h3><a name="exampleISCSI">iSCSI based storage pool</a></h3>

    <pre>
-&lt;pool type="iscsi"&gt;
-  &lt;name&gt;virtimages&lt;/name&gt;
-  &lt;source&gt;
-    &lt;host name="iscsi.example.com"/&gt;
-    &lt;device path="iqn.2013-06.com.example:iscsi-pool"/&gt;
-    &lt;auth type='chap' username='myuser'&gt;
-      &lt;secret usage='libvirtiscsi'/&gt;
-    &lt;/auth&gt;
-  &lt;/source&gt;
-  &lt;target&gt;
-    &lt;path&gt;/dev/disk/by-path&lt;/path&gt;
-  &lt;/target&gt;
-&lt;/pool&gt;</pre>
+      &lt;pool type="iscsi"&gt;
+        &lt;name&gt;virtimages&lt;/name&gt;
+        &lt;source&gt;
+          &lt;host name="iscsi.example.com"/&gt;
+          &lt;device path="iqn.2013-06.com.example:iscsi-pool"/&gt;
+          &lt;auth type='chap' username='myuser'&gt;
+            &lt;secret usage='libvirtiscsi'/&gt;
+          &lt;/auth&gt;
+        &lt;/source&gt;
+        &lt;target&gt;
+          &lt;path&gt;/dev/disk/by-path&lt;/path&gt;
+        &lt;/target&gt;
+      &lt;/pool&gt;</pre>

    <h3><a name="exampleVol">Storage volume</a></h3>

    <pre>
-&lt;volume&gt;
-  &lt;name&gt;sparse.img&lt;/name&gt;
-  &lt;allocation&gt;0&lt;/allocation&gt;
-  &lt;capacity unit="T"&gt;1&lt;/capacity&gt;
-  &lt;target&gt;
-    &lt;path&gt;/var/lib/virt/images/sparse.img&lt;/path&gt;
-    &lt;permissions&gt;
-      &lt;owner&gt;107&lt;/owner&gt;
-      &lt;group&gt;107&lt;/group&gt;
-      &lt;mode&gt;0744&lt;/mode&gt;
-      &lt;label&gt;virt_image_t&lt;/label&gt;
-    &lt;/permissions&gt;
-  &lt;/target&gt;
-&lt;/volume&gt;</pre>
-
-    <h3><a name="exampleLuks">Storage volume using LUKS</a></h3>
-
-    <pre>
-&lt;volume&gt;
-  &lt;name&gt;MyLuks.img&lt;/name&gt;
-  &lt;capacity unit="G"&gt;5&lt;/capacity&gt;
-  &lt;target&gt;
-    &lt;path&gt;/var/lib/virt/images/MyLuks.img&lt;/path&gt;
-    &lt;format type='raw'/&gt;
-    &lt;encryption format='luks'&gt;
-      &lt;secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/&gt;
-    &lt;/encryption&gt;
-  &lt;/target&gt;
-&lt;/volume&gt;
-    </pre>
+      &lt;volume&gt;
+        &lt;name&gt;sparse.img&lt;/name&gt;
+        &lt;allocation&gt;0&lt;/allocation&gt;
+        &lt;capacity unit="T"&gt;1&lt;/capacity&gt;
+        &lt;target&gt;
+          &lt;path&gt;/var/lib/virt/images/sparse.img&lt;/path&gt;
+          &lt;permissions&gt;
+            &lt;owner&gt;107&lt;/owner&gt;
+            &lt;group&gt;107&lt;/group&gt;
+            &lt;mode&gt;0744&lt;/mode&gt;
+            &lt;label&gt;virt_image_t&lt;/label&gt;
+          &lt;/permissions&gt;
+        &lt;/target&gt;
+      &lt;/volume&gt;</pre>
  </body>
 </html>
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -25,14 +25,10 @@
    <p>
      The <code>encryption</code> tag can currently contain a sequence of
      <code>secret</code> tags, each with mandatory attributes <code>type</code>
-      and either <code>uuid</code> or <code>usage</code>
-      (<span class="since">since 2.1.0</span>). The only currently defined
-      value of <code>type</code> is <code>volume</code>. The
-      <code>uuid</code> is "uuid" of the <code>secret</code> while
-      <code>usage</code> is the "usage" subelement field.
-      A secret value can be set in libvirt by the
-      <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
-      <code>virSecretSetValue</code></a> API. Alternatively, if supported
+      and <code>uuid</code>.  The only currently defined value of
+      <code>type</code> is <code>passphrase</code>.  <code>uuid</code>
+      refers to a secret known to libvirt.  libvirt can use a secret value
+      previously set using <code>virSecretSetValue()</code>, or, if supported
      by the particular volume format and driver, automatically generate a
      secret value at the time of volume creation, and store it using the
      specified <code>uuid</code>.
@@ -40,7 +36,7 @@
    <h3><a name="StorageEncryptionDefault">"default" format</a></h3>
    <p>
      <code>&lt;encryption format="default"/&gt;</code> can be specified only
-      when creating a qcow volume.  If the volume is successfully created, the
+      when creating a volume.  If the volume is successfully created, the
      encryption formats, parameters and secrets will be auto-generated by
      libvirt and the attached <code>encryption</code> tag will be updated.
      The unmodified contents of the <code>encryption</code> tag can be used
@@ -56,112 +52,16 @@
      the <code>secret</code> element is not present during volume creation,
      a secret is automatically generated and attached to the volume.
    </p>
-    <h3><a name="StorageEncryptionLuks">"luks" format</a></h3>
-    <p>
-      The <code>luks</code> format is specific to a luks encrypted volume
-      and the secret is used in order to either encrypt during volume creation
-      or decrypt the volume for usage by the domain. A single
-      <code>&lt;secret type='passphrase'...&gt;</code> element is expected.
-      <span class="since">Since 2.1.0</span>.
-    </p>
-    <p>
-      For volume creation, it is possible to specify the encryption
-      algorithm used to encrypt the luks volume. The following two
-      optional elements may be provided for that purpose. It is hypervisor
-      dependent as to which algorithms are supported. The default algorithm
-      used by the storage driver backend when using qemu-img to create
-      the volume is 'aes-256-cbc' using 'essiv' for initialization vector
-      generation and 'sha256' hash algorithm for both the cipher and the
-      initialization vector generation.
-    </p>

-    <dl>
-      <dt><code>cipher</code></dt>
-      <dd>This element describes the cipher algorithm to be used to either
-          encrypt or decrypt the luks volume. This element has the following
-          attributes:
-          <dl>
-            <dt><code>name</code></dt>
-            <dd>The name of the cipher algorithm used for data encryption,
-            such as 'aes', 'des', 'cast5', 'serpent', 'twofish', etc.
-            Support of the specific algorithm is storage driver
-            implementation dependent.</dd>
-            <dt><code>size</code></dt>
-            <dd>The size of the cipher in bits, such as '256', '192', '128',
-            etc. Support of the specific size for a specific cipher is
-            hypervisor dependent.</dd>
-            <dt><code>mode</code></dt>
-            <dd>An optional cipher algorithm mode such as 'cbc', 'xts',
-            'ecb', etc. Support of the specific cipher mode is
-            hypervisor dependent.</dd>
-            <dt><code>hash</code></dt>
-            <dd>An optional master key hash algorithm such as 'md5', 'sha1',
-            'sha256', etc. Support of the specific hash algorithm is
-            hypervisor dependent.</dd>
-          </dl>
-      </dd>
-      <dt><code>ivgen</code></dt>
-      <dd>This optional element describes the initialization vector
-          generation algorithm used in conjunction with the
-          <code>cipher</code>. If the <code>cipher</code> is not provided,
-          then an error will be generated by the parser.
-          <dl>
-            <dt><code>name</code></dt>
-            <dd>The name of the algorithm, such as 'plain', 'plain64',
-            'essiv', etc. Support of the specific algorithm is hypervisor
-            dependent.</dd>
-            <dt><code>hash</code></dt>
-            <dd>An optional hash algorithm such as 'md5', 'sha1', 'sha256',
-            etc. Support of the specific ivgen hash algorithm is hypervisor
-            dependent.</dd>
-          </dl>
-      </dd>
-    </dl>
-
-
-    <h2><a name="example">Examples</a></h2>
+    <h2><a name="example">Example</a></h2>

    <p>
      Here is a simple example, specifying use of the <code>qcow</code> format:
    </p>

    <pre>
-&lt;encryption format='qcow'&gt;
-   &lt;secret type='passphrase' uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' /&gt;
-&lt;/encryption&gt;</pre>
-
-    <p>
-      Assuming a <a href="formatsecret.html#VolumeUsageType">
-      <code>luks volume type secret</code></a> is already defined,
-      a simple example specifying use of the <code>luks</code> format
-      for either volume creation without a specific cipher being defined or
-      as part of a domain volume definition:
-    </p>
-    <pre>
-&lt;encryption format='luks'&gt;
-  &lt;secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/&gt;
-&lt;/encryption&gt;
-    </pre>
-
-    <p>
-      Here is an example specifying use of the <code>luks</code> format for
-      a specific cipher algorithm for volume creation:
-    </p>
-    <pre>
-&lt;volume&gt;
-  &lt;name&gt;twofish.luks&lt;/name&gt;
-  &lt;capacity unit='G'&gt;5&lt;/capacity&gt;
-  &lt;target&gt;
-    &lt;path&gt;/var/lib/libvirt/images/demo.luks&lt;/path&gt;
-    &lt;format type='raw'/&gt;
-    &lt;encryption format='luks'&gt;
-       &lt;secret type='passphrase' uuid='f52a81b2-424e-490c-823d-6bd4235bc572'/&gt;
-       &lt;cipher name='twofish' size='256' mode='cbc' hash='sha256'/&gt;
-       &lt;ivgen name='plain64' hash='sha256'/&gt;
-    &lt;/encryption&gt;
-  &lt;/target&gt;
-&lt;/volume&gt;
-    </pre>
-
+      &lt;encryption format='qcow'&gt;
+         &lt;secret type='passphrase' uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' /&gt;
+      &lt;/encryption&gt;</pre>
  </body>
 </html>
--- a/Show More
+++ b/Show More