This patch implements support for learning a VM's IP address. It uses
the pcap library to listen on the VM's backend network interface (tap)
or the physical ethernet device (macvtap) and tries to capture packets
with source or destination MAC address of the VM and learn from DHCP
Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
the VM's interface is. This then allows to instantiate the network
traffic filtering rules without the user having to provide the IP
parameter somewhere in the filter description or in the interface
description as a parameter. This only supports to detect the parameter
IP, which is for the assumed single IPv4 address of a VM. There is not
support for interfaces that may have multiple  IP addresses (IP
aliasing) or IPv6 that may then require more than one valid IP address
to be detected. A VM can have multiple independent interfaces that each
uses a different IP address and in that case it will be attempted to
detect each one of the address independently.

So, when for example an interface description in the domain XML has
looked like this up to now:

    <interface type='bridge'>
      <source bridge='mybridge'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'>
        <parameter name='IP' value='10.2.3.4'/>
      </filterref>
    </interface>

you may omit the IP parameter:

    <interface type='bridge'>
      <source bridge='mybridge'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'/>
    </interface>

Internally I am walking the 'tree' of a VM's referenced network filters
and determine with the given variables which variables are missing. Now,
the above IP parameter may be missing and this causes a libvirt-internal
thread to be started that uses the pcap library's API to listen to the
backend interface  (in case of macvtap to the physical interface) in an
attempt to determine the missing IP parameter. If the backend interface
disappears the thread terminates assuming the VM was brought down. In
case of a macvtap device a timeout is being used to wait for packets
from the given VM (filtering by VM's interface MAC address). If the VM's
macvtap device disappeared the thread also terminates. In all other
cases it tries to determine the IP address of the VM and will then apply
the rules late on the given interface, which would have happened
immediately if the IP parameter had been explicitly given. In case an
error happens while the firewall rules are applied, the VM's backend
interface is 'down'ed preventing it to communicate. Reasons for failure
for applying the network firewall rules may that an ebtables/iptables
command failes or OOM errors. Essentially the same failure reasons may
occur as when the firewall rules are applied immediately on VM start,
except that due to the late application of the filtering rules the VM
now is already running and cannot be hindered anymore from starting.
Bringing down the whole VM would probably be considered too drastic.
While a VM's IP address is attempted to be determined only limited
updates to network filters are allowed. In particular it is prevented
that filters are modified in such a way that they would introduce new
variables.

A caveat: The algorithm does not know which one is the appropriate IP
address of a VM. If the VM spoofs an IP address in its first ARP traffic
or IPv4 packets its filtering rules will be instantiated for this IP
address, thus 'locking' it to the found IP address. So, it's still
'safer' to explicitly provide the IP address of a VM's interface in the
filter description if it is known beforehand.

* configure.ac: detect libpcap
* libvirt.spec.in: require libpcap[-devel] if qemu is built
* src/internal.h: add the new ATTRIBUTE_PACKED define
* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
  src/nwfilter/nwfilter_ebiptables_driver.[ch]
  src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
* tests/nwfilterxml2xmltest: extend testing

This patch adds a relaxng nwfilter schema along with a test that
verifies all the test output XML against the schema. The input XMLs
contain a lot of intentional out-of-range values that make them fail the
schema verification, so I am not verifying against those.

* cfg.mk (sc_prohibit_test_minus_ao): Also check for [.
* docs/Makefile.am (%.html, html/index.html): Avoid non-portable
test usage.
* libvirt.spec.in (%post): Likewise.
* tools/virt-pki-validate.in (servercert.pem): Likewise.
* configure.ac (LOGNAME): Use test, not [, in files processed by
autoconf.
Detected by Matthias Bolte.

* examples/xml/nwfilter/Makefile.am: add all xml to the distribution
* libvirt.spec.in: reference them from the rpm spec file to have them
  available in the main libvirt package

related to fix of bug https://bugzilla.redhat.com/show_bug.cgi?id=547514

Having a single logrotate configuration file for all hypervisors
did not work as logrotate would get confused if an hypervisor not
supported on that platform was still listed. Simplest is to split
the logrotate as separate per hypervisor files and change the
spec file to only install the ones compiled in.
* daemon/libvirtd.lxc.logrotate.in daemon/libvirtd.qemu.logrotate.in
  daemon/libvirtd.uml.logrotate.in: copy and split the original
  daemon/libvirtd.logrotate.in file
* daemon/Makefile.am: update to support the different files and
  cleanup in sed suggested by Eric Blake
* libvirt.spec.in: only install the relevant logrotate configs
* daemon/.gitignore: update logrotate generated list

* configure.ac libvirt.spec.in: update with new version
* docs/news.html.in: add list of changes in 0.7.7
* po/*po*: updated spanish and russian localisations, rebuilt

* We are reverting this patch pending a discussion of the right way to implement.

Create the filesystem on the partition used by the pool
* configure.ac: check for mkfs availability
* libvirt.spec.in: add extra require on util-linux for mkfs
* src/storage/storage_backend_fs.c: run mkfs with the expected
  fs type when creating a filesystem pool

* configure.ac docs/news.html.in libvirt.spec.in: version bump and doc
  updates
* po/*.po*: updated and regenerated the localizations

All the cpu code is part of libvirt library and it might be used by
drivers which do not require libvirtd to be running.

* libvirt.spec.in: embbed it in the main libvirt binary rpm

Long ago we tried to use Fedora's lokkit utility in order to register
our iptables rules so that 'service iptables restart' would
automatically load our rules.

There was one fatal flaw - if the user had configured iptables without
lokkit, then we would clobber that configuration by running lokkit.

We quickly disabled lokkit support, but never removed it. Let's do
that now.

The 'my virtual network stops working when I restart iptables' still
remains. For all the background on this saga, see:

  https://bugzilla.redhat.com/227011

* src/util/iptables.c: remove lokkit support

* configure.in: remove --enable-lokkit

* libvirt.spec.in: remove the dirs used only for saving rules for lokkit

* src/Makefile.am: ditto

* src/libvirt_private.syms, src/network/bridge_driver.c,
  src/util/iptables.h: remove references to iptablesSaveRules

This introduces simple API for handling JSON data. There is
an internal data structure 'virJSONValuePtr' which stores a
arbitrary nested JSON value (number, string, array, object,
nul, etc).  There are APIs for constructing/querying objects
and APIs for parsing/formatting string formatted JSON data.

This uses the YAJL library for parsing/formatting from

 http://lloyd.github.com/yajl/

* src/util/json.h, src/util/json.c: Data structures and APIs
  for representing JSON data, and parsing/formatting it
* configure.in: Add check for yajl library
* libvirt.spec.in: Add build requires for yajl
* src/Makefile.am: Add json.c/h
* src/libvirt_private.syms: Export JSON symbols to drivers

0.7.3 was broken

* configure.in docs/news.html.in: release of 0.7.4
* configure.in libvirt.spec.in: require netcf >= 0.1.4
* src/Makefile.am: node_device/node_device_udev.h was missing from
  NODE_DEVICE_DRIVER_UDEV_SOURCES breaking compilation on platforms with
  udev

* configure.in docs/news.html.in libvirt.spec.in: describe new release
* po/*.po*: regenerate

HAL has been deprecated since F12 and RHEL-6, so if building on
these platforms, switch on the udev driver instead

* libvirt.spec.in: Activate udev on F12/RHEL6

The numactl package is not applicable for s390[x] arches, so do
not enable it as a build dep.

* libvirt.spec.in: Exclude numactl on s390[x]

This patch adds the flag VIR_INTERFACE_XML_INACTIVE to
virInterfaceGetXMLDesc's flags. When it is*not* set (the default), the
live interface info will be returned in the XML (in particular, the IP
address(es) and netmask(s) will be retrieved by querying the interface
directly, rather than  reporting what's in the config file). The
backend of this is in netcf's ncf_if_xml_state() function.

* configure.in libvirt.spec.in: requires netcf >= 0.1.3
* include/libvirt/libvirt.h.in: adds flag VIR_INTERFACE_XML_INACTIVE
* src/conf/interface_conf.c src/interface/netcf_driver.c src/libvirt.c:
  update the parsing and backend routines accordingly
* tools/virsh.c: change interface edit to inactive definition and
  adds the inactive flag for interface dump

There's a long known issue where if you install libvirt in a guest,
the default virtual network will conflict with the default virtual
network in the host.

That's one of the reasons we have the libvirt-client RPM - it allows
you to install the client library without having the host side
installed.

Rich Jones points out that if you install libvirt-devel in a guest,
then you get libvirtd installed and the network conflict:

  https://bugzilla.redhat.com/531200

libvirt-devel should only require libvirt-client - e.g. nothing in
the devel package pertains to anything in the libvirt RPM. The Fedora
packaging guidelines say:

  https://fedoraproject.org/wiki/Packaging/Guidelines#Devel_Packages

  Devel packages must require the base package using a fully versioned
  dependency ...

But for all intents and purposes, libvirt-client is our base RPM.

* libvirt.spec.in: make libvirt-devel require libvirt-client

* libvirt.spec.in: missing % broke 'make rpm'

* src/lxc/libvirtd_lxc.aug src/lxc/test_libvirtd_lxc.aug: augeas schemas
  for lxc.conf
* src/Makefile.am libvirt.spec.in: glue the new augeas files in

* src/lxc/lxc.conf: new configuration file, there is currently one
  tunable "log_with_libvirtd" that controls whether an lxc controller will
  log only to the container log file, or whether it will honor libvirtd's
  log output configuration. This provides a way to have libvirtd and its
  children log to a single file.  The default is to log to the container
  log file.
* src/Makefile.am libvirt.spec.in: add the new file
* src/lxc/lxc_conf.[ch] src/lxc/lxc_driver.c: read the new log value
  from the configuration file and pass the log informations when
  starting up a container.

Otherwise logrotate barfs:

  error: error accessing /var/log/libvirt/uml: No such file or directory
  error: libvirtd:1 glob failed for /var/log/libvirt/uml/*.log
  error: found error in /var/log/libvirt/qemu/*.log /var/log/libvirt/uml/*.log /var/log/libvirt/lxc/*.log , skipping

* qemud/Makefile.am: always create /var/log/libvirt/{lxc,uml} when
  installing the logrotate conf; not ideal, but easier than making
  the logrotate conf depend on which drivers are enabled

* Makefile.am: examples/domain-events/events-python should be added
  to dist tarball
* libvirt.spec.in: there is no makefile in domain-events but in
  domain-events/events-c and python/libvirtclass.txt has vanished

Signed-off-by: NChris Lalancette <clalance@redhat.com>

* libvirt.spec.in: libvirt-python only needs to depend on
  libvirt-clients

* libvirt.spec.in: ESX/PHYP drivers do not require libvirtd.
  RHEL-6 should include LXC on all arches

* docs/storage/: Move to examples/xml/storage/
* docs/test*.xml: Move to examples/xml/test/
* docs/Makefile.am: Remove example XML files from dist
* Makefile.am: Add examples/xml to EXTRA_DIST
* tests/virshtest.c: Update for moved test XML
* libvirt.spec.in: Include example XML files as docs
* tests/int-overflow: UPdate for moved XML

* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add
  in POD man page documentation
* tools/.gitignore: Ignore generated virt-pki-validate file
* tools/Makefile.am: Install & build virt-pki-validate and
  virt-pki-validate.1
* docs/remote.html, docs/remote.html.in: Refer to new tool
  name virt-pki-validate
* libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate
  and virt-pki-validate.1 to files list

* Makefile.am: Add examples/dominfo examples/domsuspend examples/python
  as SUBDIRS
* configure.in: Update AC_OUTPUT for new/old Makefiles
* docs/Makefile.am: Remove examples from SUBDIRS
* docs/examples/info1.c: Move to examples/dominfo/info1.c
* docs/examples/suspend.c: Move to examples/domsuspend/suspend.c
* docs/examples: Remove all remaining files
* docs/examples/python: Moved to examples/python/
* examples/dominfo/Makefile.am, examples/domsuspend/Makefile.am: New
  build files
* libvirt.spec.in: Update to take account of moved examples

Some architectures in certain RHEL versions do not include any
hypervisors. Update the specfile to allow those to easily build
a remote client only version of libvirt. ie no libvirtd related
bits at all.

* qemud/Makefile.am: Always instal SASL config since its needed
  by client too
* libvirt.spec.in: Re-factor specfile conditionals to allow entire
  server side build to be disabled easily, eg a remote client only
  build. Make RHEL-5 do client only build for s390/ppc. Make RHEL-6
  do a client only build for all non-x86_64 archs. Enable LXC on
  RHEL-6. Enable all Fedora >= 6 features on RHEL-6 too. Add some
  more conditionals around dnsmasq/iptables/hal Requires tags.
  Add missing e2fsprogs-devel BR for RHEL-5 as workaround for broken
  parted. Fix the device mapper BR for RHEL-5. Add conditional rules
  for ESX build. Add conditional rules for SELinux + HAL builds.
  Fix a mistaken %{with_qemu} to be %{with_network} when setting
  up default network XML

* configure.in docs/news.html.in libvirt.spec.in src/libvirt_public.syms:
  updates to new release
* NEWS docs/devhelp/libvirt-libvirt.html docs/html/libvirt-libvirt.html
  docs/libvirt-api.xml docs/libvirt-refs.xml docs/news.html
  include/libvirt/libvirt.h: regenerated

* libvirt.spec.in: Restart libvirtd in %post

lzop was removed due to some confusion over whether it provided functional
advantages distinct from xz. This has been addressed in the mailing list post
archived at http://permalink.gmane.org/gmane.comp.emulators.libvirt/16487, and
support for lzop is re-added here.

* libvirt.spec.in: add dependancy on lzop
* src/qemu.conf: update documentation of save_image_format
* src/qemu_driver.c: re-add lzop compression option

* src/qemu_driver.c: drop lzma and lzop images compression options
  as they are deprecated by xz
* libvirt.spec.in: add requires for xz/bzip2/gzip as they are needed
  to implement the compression options

* libvirt.spec.in: the new multipath module requires device-mapper
  and device-mapper-devel for build

* libvirt.spec.in: activate phyp and fix the BuildDep to libssh2-devel
* src/phyp/phyp_driver.c: fix a debug macro to use the normal logging API

Separate the guest created QEMU monitor socket location
from the libvirtd create XML / PID data files, to improve
security separation when running QEMU non-root

* libvirt.spec.in: Leave /var/run/libvirt/qemu as root:root
* src/qemu_conf.h: Add libDir and cacheDir directory paths
* src/qemu_driver.c: Move QEMU monitor socket from
  stateDir to libDir to avoid making security critical directory
  accessible to QEMU guests.
* src/util.c: Delay running hook till after damonizing to
  ensure pidfile is still written before changing UID/GID