This is a step towards controller support for the ESX driver.

The domain XML parsing code autogenerates disk address and
controller elements when they are not explicitly specified.
The code assumes a narrow SCSI bus (7 units per bus). ESX
uses a wide SCSI bus (16 units per bus).

This is a step towards controller support for the ESX driver.

Following Daniel Berrange's multiple helpful suggestions for improving
this patch and introducing another driver interface, I now wrote the
below patch where the nwfilter driver registers the functions to
instantiate and teardown the nwfilters with a function in
conf/domain_nwfilter.c called virDomainConfNWFilterRegister. Previous
helper functions that were called from qemu_driver.c and qemu_conf.c
were move into conf/domain_nwfilter.h with slight renaming done for
consistency. Those functions now call the function expored by
domain_nwfilter.c, which in turn call the functions of the new driver
interface, if available.

This patch adds an optional XML attribute to a nwfilter rule to give the user control over whether the rule is supposed to be using the iptables state match or not. A rule may now look like shown in the XML below with the statematch attribute either having value '0' or 'false' (case-insensitive).

[...]
<rule action='accept' direction='in' statematch='false'>
<tcp srcmacaddr='1:2:3:4:5:6'
           srcipaddr='10.1.2.3' srcipmask='32'
           dscp='33'
           srcportstart='20' srcportend='21'
           dstportstart='100' dstportend='1111'/>
</rule>
[...]

I am also extending the nwfilter schema and add this attribute to a test case.

* Use virBufferEscapeString() per Dan B.

The network driver is not doing correct checking for
duplicate UUID/name values. This introduces a new method
virNetworkObjIsDuplicate, based on the previously
written virDomainObjIsDuplicate.

* src/conf/network_conf.c, src/conf/network_conf.c,
  src/libvirt_private.syms: Add virNetworkObjIsDuplicate,
* src/network/bridge_driver.c: Call virNetworkObjIsDuplicate
  for checking uniqueness of uuid/names

The storage pool driver is not doing correct checking for
duplicate UUID/name values. This introduces a new method
virStoragePoolObjIsDuplicate, based on the previously
written virDomainObjIsDuplicate.

* src/conf/storage_conf.c, src/conf/storage_conf.c,
  src/libvirt_private.syms: Add virStoragePoolObjIsDuplicate,
* src/storage/storage_driver.c: Call virStoragePoolObjIsDuplicate
  for checking uniqueness of uuid/names

The domain parsing code would auto-add a virtio serial controller
if it saw any virtio serial channel defined. Unfortunately it
always added a controller with index=0, even if the channel address
specified an index != 0. It only added one controller, even if
multiple controllers were referenced by channels. Finally, it let
the ports+vectors parameters initialize to zero instead of -1, which
prevented the controllers accepting any ports.

* src/conf/domain_conf.c: Initialize ports+vectors when adding
  virtio serial controllers. Add all neccessary virtio serial
  controllers, instead of hardcoding controller 0
* qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
  qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Expand to
  test controller auto-add behaviour

To ensure that the device addressing scheme is stable across
hotplug/unplug, all virtio serial channels needs to have an
associated port number in their address. This is then specified
to QEMU using the nr=NNN parameter

* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
  for port number in vioserial address types.
* src/qemu/qemu_conf.c: Set 'nr=NNN' parameter with virtio
  serial port number
* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Expand
  data set to ensure coverage of port addressing

* Set return value in error cases
* Clarify error message when parent device is not vport capable

Since the macvtap device needs active tear-down and the teardown logic
is based on the interface name, it can happen that if for example 1 out
of 3 interfaces was successfully created, that during the failure path
the macvtap's target device name is used to tear down an interface that
is doesn't own (owned by another VM).

So, in this patch, the target interface name is reset so that there is
no target interface name and the interface name is always cleared after
a tear down.

The virVirtualPortProfileFormat just went below the
virVirtualPortProfileParamsParseXML function and got inside the

The attached patch moves virVirtualPortProfileFormat below the #ifndef
PROXY block.

This patch parses the following two XML descriptions, one for
802.1Qbg and one for 802.1Qbh, and stores the data internally.
The actual triggering of the switch setup protocol has not been
implemented here but the relevant code to do that should go into
the functions associatePortProfileId() and disassociatePortProfileId().

   <interface type='direct'>
      <source dev='eth0.100' mode='vepa'/>
      <model type='virtio'/>
      <virtualport type='802.1Qbg'>
        <parameters managerid='12' typeid='0x123456' typeidversion='1'
         instanceid='fa9b7fff-b0a0-4893-8e0e-beef4ff18f8f'/>
      </virtualport>
      <filterref filter='clean-traffic'/>
    </interface>

    <interface type='direct'>
      <source dev='eth0.100' mode='vepa'/>
      <model type='virtio'/>
      <virtualport type='802.1Qbh'>
        <parameters profileid='my_profile'/>
      </virtualport>
    </interface>

I'd suggest to use this patch as a base for triggering the setup
protocol with the 802.1Qb{g|h} switch.

Several rounds of changes were made to this patch. The
following is a list of these changes.
- Renamed structure virVirtualPortProfileDef to virVirtualPortProfileParams
  as per Daniel Berrange's request
- Addressing Daniel Berrange's comments:
 - removing macvtap.h's dependency on domain_conf.h by
   moving the virVirtualPortProfileDef structure into macvtap.h
   and not passing virtDomainNetDefPtr to any functions in
   macvtap.c
- Addressed most of Chris Wright's comments:
  - indicating error in case virtualport XML node cannot be parsed
    properly
  - parsing hex and decimal numbers using virStrToLong_ui() with
    parameter '0' for base
  - tgifname (target interface name) variable wasn't necessary
    to pass to openMacvtapTap function anymore
- assigning the virtual port data structure to the virDomainNetDef
  only if it was previously parsed
- make sure that the error code returned by openMacvtapTap() is a negative n
  in case the associatePortProfileId() function failed.
- renaming vsi in the XML to virtualport
- replace all occurrences of vsi in the source as well
- removing mode and MAC address parameters from the functions that
  will communicate with the hareware diretctly or indirectly
- moving the associate and disassociate functions to the end of the
  file for subsequent patches to easier make them generally available
  for export
- passing the macvtap interface name rather than the link device since
  this otherwise gives funny side effects when using netlink messages
  where IFLA_IFNAME and IFLA_ADDRESS are specified and the link dev
  all of a sudden gets the MAC address of the macvtap interface.
- Removing rc = -1 error indications in the case of 802.1Qbg|h setup in case
  we wanted to use hook scripts for the setup and so the setup doesn't fail
  here.
- if instance ID UUID is not supplied it will automatically be generated
  - adapted schema to make instance ID UUID optional
  - added test case
- parser and XML generator have been separated into their own
  functions so they can be re-used elsewhere (passthrough case
  for example)
- Adapted XML parser and generator support the above shown type
  (802.1Qbg, 802.1Qbh).
- Adapted schema to above XML
- Adapted test XML to above XML
- Passing through the VM's UUID which seems to be necessary for
  802.1Qbh -- sorry no host UUID
- adding virtual function ID to association function, in case it's
  necessary to use (for SR-IOV)

Spurious / in a pool target path makes life difficult for apps using the
GetVolByPath, and doing other path based comparisons with pools. This
has caused a few issues for virt-manager users:

https://bugzilla.redhat.com/show_bug.cgi?id=494005
https://bugzilla.redhat.com/show_bug.cgi?id=593565

Add a new util API which removes spurious /, virFileSanitizePath. Sanitize
target paths when parsing pool XML, and for paths passed to GetVolByPath.

v2: Leading // must be preserved, properly sanitize path=/, sanitize
    away /./ -> /

v3: Properly handle starting ./ and ending /.

v4: Drop all '.' handling, just sanitize / for now.

Allow for a host UUID in the capabilities XML. Local drivers
will initialize this from the SMBIOS data. If a sanity check
shows SMBIOS uuid is invalid, allow an override from the
libvirtd.conf configuration file

* daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid
  configuration option
* docs/schemas/capability.rng: Add optional host uuid field
* src/conf/capabilities.c, src/conf/capabilities.h: Include
  host UUID in XML
* src/libvirt_private.syms: Export new uuid.h functions
* src/lxc/lxc_conf.c, src/qemu/qemu_driver.c,
  src/uml/uml_conf.c: Set host UUID in capabilities
* src/util/uuid.c, src/util/uuid.h: Support for host UUIDs
* src/node_device/node_device_udev.c: Use the host UUID functions
* tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add
  new host_uuid config option to test

We shouldn't be checking validity in domain_conf, since
it can be used by multiple different hosts and hypervisors.
Remove the check completely.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

We need to be able to assign new def to an existing virDomainObj which
is already locked. This patch factors out the relevant code from
virDomainAssignDef into virDomainObjAssignDef.

* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Don't ignore
virDomainSaveStatus failure.
* src/conf/domain_conf.h (virDomainSaveStatus): Use
ATTRIBUTE_RETURN_CHECK, so this doesn't happen again.

* src/conf/nwfilter_conf.c (virNWFilterDefParseXML): Also free "ret"
via cleanup.

* src/conf/domain_conf.c (virDomainNetDefParseXML): Don't leak
memory when parsing two or more "filterref" elements.

* cfg.mk (useless_free_options): Add many vir*Free* function names,
and then remove the useless if-before-free tests exposed by running
make syntax-check.
* src/conf/interface_conf.c (virInterfaceDefFree): Remove useless "if".
(virInterfaceAssignDef): Likewise.
* src/conf/network_conf.c (virNetworkAssignDef): Likewise.
* src/conf/storage_conf.c (virStoragePoolObjAssignDef): Likewise.
* src/node_device/node_device_hal.c (dev_create): Likewise.
* src/security/virt-aa-helper.c (vahDeinit): Likewise.
* src/test/test_driver.c (testNodeDeviceCreateXML): Likewise.
* src/util/conf.c (virConfSetValue): Likewise.

ESX supports NFS and CIFS. The ESX storage driver will reflect this.

If the IO error event does not include a reason, then there
is a possible crash dispatching the event

* src/conf/domain_event.c: Missing check for a NULL reason before
  strduping allows for a crash

For printf("%*s",foo,bar), clang complains if foo is not int:

warning: field width should have type 'int', but argument has
type 'unsigned int' [-Wformat]

* src/conf/storage_encryption_conf.c
(virStorageEncryptionSecretFormat, virStorageEncryptionFormat):
Use correct type.
* src/conf/storage_encryption_conf.h (virStorageEncryptionFormat):
Likewise.

Wipe generated interface target only when reading configuration of
inactive domains.

When a filter is updated, only those interfaces must have their old
rules cleared that either reference the filter directly or indirectly
through another filter. Remember between the different steps of the
instantiation of the filters which interfaces must be skipped. I am
using a hash map to remember the names of the interfaces and store a
bogus pointer to ~0 into it that need not be freed.

<hostdev> address parsing previously attempted to detect the number
base: currently it is hardcoded to base 16, which can break PCI
assignment via virt-manager. Revert to the previous behavior.

* src/conf/domain_conf.c: virDomainDevicePCIAddressParseXML, switch to
  virStrToLong_ui(bus, NULL, 0, ...) to autodetect base

This introduces a new event type

   VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON

This event is the same as the previous VIR_DOMAIN_ID_IO_ERROR
event, but also includes a string describing the cause of
the event.

Thus there is a new callback definition for this event type

typedef void (*virConnectDomainEventIOErrorReasonCallback)(virConnectPtr conn,
                                                           virDomainPtr dom,
                                                           const char *srcPath,
                                                           const char *devAlias,
                                                           int action,
                                                           const char *reason,
                                                           void *opaque);

This is currently wired up to the QEMU block IO error events

* daemon/remote.c: Dispatch IO error events to client
* examples/domain-events/events-c/event-test.c: Watch for
  IO error events
* include/libvirt/libvirt.h.in: Define new IO error event ID
  and callback signature
* src/conf/domain_event.c, src/conf/domain_event.h,
  src/libvirt_private.syms: Extend API to handle IO error events
* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
  for block IO errors and emit a libvirt IO error event
* src/remote/remote_driver.c: Receive and dispatch IO error
  events to application
* src/remote/remote_protocol.x: Wire protocol definition for
  IO error events
* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
  src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event
  from QEMU monitor

The functions invoked by the IP address learning thread
that apply some basic filtering rules did not clean up
any previous filtering rules that may still be there
(due to a libvirt restart for example). With the
patch below all the rules are cleaned up first.

Also, I am introducing a function to drop all traffic
in case the IP address learning thread could not apply
the rules.

Signed-off-by: NChris Lalancette <clalance@redhat.com>

This patch adds support for the RARP protocol. This may be needed due to
qemu sending out a RARP packet (at least that's what it seems to want to
do even though the protocol id is wrong) when migration finishes and
we'd need a rule to let the packets pass.

Unfortunately my installation of ebtables does not understand -p RARP
and also seems to otherwise depend on strings in /etc/ethertype
translated to protocol identifiers. Therefore I need to pass -p 0x8035
for RARP. To generally get rid of the dependency of that file I switch
all so far supported protocols to use their protocol identifier in the
-p parameter rather than the string.

I am also extending the schema and added a test case.

changes from v1 to v2:
- added test case into patch

* virStorageEncryptionFormat is called from both
  virDomainDiskDefFormat and virStorageVolTargetDefFormat.  The proper
  indentation in the generated XML depends on the caller.  My earlier
  patch to fix the incorrect indentation for the domain XML broke the
  indentation for the storage XML.  This patch adopts Laine's
  suggestion of requring the caller of virStorageEncryptionFormat to
  provide an unsigned int with the number of spaces the output should
  be indented.  The patch modifies both callers to provide the
  additional argument.

* Add a regression test for the domain XML

* src/conf/domain_conf.c src/conf/storage_conf.c
  src/conf/storage_encryption_conf.c src/conf/storage_encryption_conf.h:
  change the indentation code
* tests/qemuxml2xmltest.c
  tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk.args
  tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk.xml: add a regression test

With this patch I want to enable hex number inputs in the filter XML. A
number that was entered as hex is also printed as hex unless a string
representing the meaning can be found.

I am also extending the schema and adding a test case. A problem with
the DSCP value is fixed on the way as well.

Changes from V1 to V2:

- using asHex boolean in all printf type of functions to select the
output format in hex or decimal format

We were freeing the virDomainSnapshotDefPtr, but not
the virDomainSnapshotObjPtr in virDomainSnapshotObjFree.
Signed-off-by: NChris Lalancette <clalance@redhat.com>

Signed-off-by: NChris Lalancette <clalance@redhat.com>

* Fix for the bug reported at:

https://bugzilla.redhat.com/show_bug.cgi?id=573908

This patch adds support for the connlimit match in iptables that is used
to limit the number of outgoing directions.

I am moving some of the eb/iptables related functions into the interface
of the firewall driver and am making them only accessible via the driver's
interface. Otherwise exsiting code is adapted where needed. I am adding one
new function to the interface that checks whether the 'basic' rules can be
applied,  which will then be used by a subsequent patch.

No semantic change, the now explicitly set default are all zero and
that's what GCC sets unspecified struct members to.

Triggered by gnulib when compiling with MinGW.