Commit df769041 made the 'machine' element in domaincaps
optional. Update the schema to reflect that.

qemuMigrationResetTLS() does not initialize 'ret' by default,
so when it jumps to 'cleanup' on error, the 'ret' variable will be
uninitialized, which clang complains about.

Set it to '-1' by default.

virPCIGetDeviceAddressFromSysfsLink() should return
virPCIDeviceAddressPtr, so return NULL in the stub instead of "-1".

Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1300769

If the migration flags indicate this migration will be using TLS,
then while we have connection in the Begin phase check and setup the
TLS environment that will be used by virMigrationRun during the Perform
phase for the source to configure TLS.

Processing adds an "-object tls-creds-x509,endpoint=client,..." and
possibly an "-object secret,..." to handle the passphrase response.

Then it sets the 'tls-creds' and possibly 'tls-hostname' migration
parameters.

The qemuMigrateCancel will clean up and reset the environment as it
was originally found.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

If the migration flags indicate this migration will be using TLS,
then set up the destination during the prepare phase once the target
domain has been started to add the TLS objects to perform the migration.

This will create at least an "-object tls-creds-x509,endpoint=server,..."
for TLS credentials and potentially an "-object secret,..." to handle the
passphrase response to access the TLS credentials. The alias/id used for
the TLS objects will contain "libvirt_migrate".

Once the objects are created, the code will set the "tls-creds" and
"tls-hostname" migration parameters to signify usage of TLS.

During the Finish phase we'll be sure to attempt to clear the
migration parameters and delete those objects (whether or not they
were created). We'll also perform the same reset during recovery
if we've reached FINISH3.

If the migration isn't using TLS, then be sure to check if the
migration parameters exist and clear them if so.

Add an asyncJob argument for add/delete TLS Objects. A future patch will
add/delete TLS objects from a migration which may have a job to join.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Add the fields to support setting tls-creds and tls-hostname during
a migration (either source or target). Modify the query migration
function to check for the presence and set the field for future
consumers to determine which of 3 conditions is being met (NULL,
present and set to "", or present and sent to something). These
correspond to qemu commit id '4af245dc3' which added support to
default the value to "" and allow setting (or resetting) to ""
in order to disable. This reset option allows libvirt to properly
use the tls-creds and tls-hostname parameters.

Modify code paths that either allocate or use stack space in order
to call qemuMigrationParamsClear or qemuMigrationParamsFree for cleanup.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Update the descriptions to match the migrate option.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Add a new TLS X.509 certificate type - "migrate". This will handle the
creation of a TLS certificate capability (and possibly repository) to
be used for migrations. Similar to chardev's, credentials will be handled
via a libvirt secrets; however, unlike chardev's enablement and usage
will be via a CLI flag instead of a conf flag and a domain XML attribute.

The migrations using the *x509_verify flag require the client-cert.pem
and client-key.pem files to be present in the TLS directory - so let's
also be sure to note that in the qemu.conf file.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Create GET_CONFIG_TLS_CERT to set up the TLS for 'chardev' TLS setting.
Soon to be reused.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

Fix typo in virNetDevPFGetVF() stub:

  ATTRUBUTE_UNUSED -> ATTRIBUTE_UNUSED.

While here, use common indent style for arguments in
virNetDevGetVirtualFunctionIndex() stub.

If the variable store (<nvram>) file is raw qemu can't do a snapshot of
it and thus the snapshot fails. QEMU rejects such snapshot by a message
which would not be properly interpreted as an error by libvirt.

Additionally allowing to use a qcow2 variable store backing file would
solve this issue but then it would become eligible to become target of
the memory dump.

Offline internal snapshot would be incomplete too with either storage
format since libvirt does not handle the pflash file in this case.

Forbid such snapshot so that we can avoid problems.

commit 00d28a78 added a check to see if there were any IPv6 routes
added by RA (Router Advertisement) via an interface that had accept_ra
set to something other than "2". The check was being done
unconditionally, but it's only relevant if IPv6 forwarding is going to
be turned on, and that will only happen if the network has an IPv6
address.

This reverts commit b7118623.

Migration was implemented by QEMU commit:
commit 8cdcf3c1e58d04b6811956d7608efeb66c42d719
Author: Peter Xu <peterx@redhat.com>
Date:   Fri Jan 6 12:06:13 2017 +0800

    intel_iommu: allow migration

https://bugzilla.redhat.com/show_bug.cgi?id=1433994

Given an SRIOV PF netdev name (e.g. "enp2s0f0") and VF#, this new
function returns the netdev name of the referenced VF device
(e.g. "enp2s11f6"), or NULL if the device isn't bound to a net driver.

We will want to allow silent failure of virNetDevSetMAC() in the case
that the SIOSIFHWADDR ioctl fails with errno == EADDRNOTAVAIL. (Yes,
that is very specific, but we really *do* want a logged failure in all
other circumstances, and don't want to duplicate code in the caller
for the other possibilities).

This patch renames the 3 different virNetDevSetMAC() functions to
virNetDevSetMACInternal(), adding a 3rd arg called "quiet" and making
them static (because this extra control will only be needed within
virnetdev.c). A new global virNetDevSetMAC() is defined that calls
whichever of the three *Internal() functions gets compiled with quiet
= false. Callers in virnetdev.c that want to notice a failure with
errno == EADDRNOTAVAIL and retry with a different strategy rather than
immediately failing, can call virNetDevSetMACInternal(..., true).

This function unbinds a device from its driver, then immediately
rebinds it to its driver again. The code for this new function is just
the 2nd half of virPCIDeviceBindWithDriverOverride(), so that
function's 2nd half is replaced with a call to virPCIDeviceRebind().

This function will be useful in virnetdev.c, so promote it from static.

...and cleanup the callers to report it when it *is* an error.

In many cases It's useful for virPCIGetNetName() to not log an error
and simply return a NULL pointer when the given device isn't bound to
a net driver (e.g. we're looking at a VF that is permanently bound to
vfio-pci). The existing code would silently return an error in this
case, which could eventually lead to the dreaded "An error occurred
but the cause is unknown" log message.

This patch changes virPCIGetNetName() to still return success if the
device simply isn't bound to a net driver, and adjusts all the callers
that require a non-null netname to check for that condition and log an
error when it happens.

Previously the MAC address text was required to be terminated with a
NULL. After this, it can be terminated with a space or any control
character.

vf in virNetDevMacVLanDeleteWithVPortProfile() is initialized to -1
and never set. It's not set for a good reason - because it doesn't
make sense during macvtap device setup to refer to a VF device as
"PF:VF#". This patch replaces the two uses of "vf" with "-1", and
removes the local variable, so that it's more clear we are always
calling the utility functions with vf set to -1.

This will make an upcoming functional change more straightforward.

This function is only called in two places, and the ifindex,
nltarget_kernel, and getPidFunc args are never used (and never will
be).

ifindex - we always know the name of the device, and never know the
ifindex - if we really did need the ifindex we would have to get it
from the name using virNetDevGetIndex(). In practice, we just send -1
to virNetDevSetVfConfig(), which doesn't bother to learn the real
ifindex (you only need a name *or* an ifindex for the netlink command
to succeed, not both).

nltarget_kernel - messages to set the config of an SRIOV VF will
always go to netlink in the kernel, not to another user process, so
this arg is always true (there are other uses of netlink messages
where the message might need to go to another user process, but never
in the case of RTM_SETLINK for SRIOV).

getPidFunc - this arg is only used if nltarget_kernel is false, and it
never is.

None of this has any functional effect, it just makes it easier to
follow what's happening when virNetDevSetVfConfig() is called.

virNetDevParseVfConfig() assumed that both the MAC address and VLAN
tag pointers were valid, so even if you only wanted one or the other,
you would need a variable to hold the returned value for both. This
patch checks each for a NULL pointer before filling it in.

https://bugzilla.redhat.com/show_bug.cgi?id=1433994

Decorate unused arguments of the virNetDevGetMaster() stub
with ATTRIBUTE_UNUSED to fix build on systems where this
stub is used.

Since the code checks and handles a NULL 'cpus' anyway, so no need
for the NONNULL.

Since the source code checks 'ifname' for NULL before using, the prototype
doesn't need the NONNULL

The source code will check for NULL arguments for 'macvtap_macaddr' and
'vmuuid', so no need for the NONNULL in the prototypes. Following the stack
for both arguments to virNetDevVPortProfileOpSetLink also shows called
functions would handle a NULL value.

Additionally, modified the prototype to use the same 'macvtap_macaddr'
name as the source code for consistency.

Since the code checks and handles a NULL 'path', no need for the NONNULL

Since the code checks and handles a NULL 'net_bandwidth' parameter,
so no need for NONNNULL.

The API checks each parameter for NULL anyway and would error, so need
to add NONNULL on prototype.

The code checks and handles a NULL 'migrate', so no need for NONNULL

Since the function handles a NULL 'mgr' condition, no need for the NONNULL

Since the code checks 'mgr == NULL' anyway, no need for the prototype
to have the NONNULL arg check.  Also add an error message to indicate what
the failure is so that there isn't a failed for some reason error.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>

The comparison code used STREQ_NULLABLE anyway for both 'drv_name' and
'dom_name', so no need. Add a NULLSTR on the 'dom_name' too.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>