Imported Upstream version 0.9.10.0upstream/0.9.10.0

1 files changed, 3029 insertions, 0 deletions

diff --git a/man/nm-settings.5 b/man/nm-settings.5
new file mode 100644
index 000000000..6f6aaf8e1
--- /dev/null
+++ b/man/nm-settings.5
@@ -0,0 +1,3029 @@
+'\" t
+.\"     Title: nm-settings
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date: 03 July 2014
+.\"    Manual: Configuration
+.\"    Source: NetworkManager 0.9.10.0
+.\"  Language: English
+.\"
+.TH "NM\-SETTINGS" "5" "" "NetworkManager 0\&.9\&.10\&.0" "Configuration"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+nm-settings \- Description of settings and properties of NetworkManager connection profiles
+.SH "DESCRIPTION"
+.PP
+NetworkManager is based on a concept of connection profiles, sometimes referred to as connections only\&. These connection profiles contain a network configuration\&. When NetworkManager activates a connection profile on a network device the configuration will be applied and an active network connection will be established\&. Users are free to create as many connection profiles as they see fit\&. Thus they are flexible in having various network configurations for different networking needs\&. The connection profiles are handled by NetworkManager via
+\fIsettings service\fR
+and are exported on D\-Bus (\fI/org/freedesktop/NetworkManager/Settings/<num>\fR
+objects)\&. The conceptual objects can be described as follows:
+.PP
+Connection (profile)
+.RS 4
+A specific, encapsulated, independent group of settings describing all the configuration required to connect to a specific network\&. It is referred to by a unique identifier called the UUID\&. A connection is tied to a one specific device type, but not necessarily a specific hardware device\&. It is composed of one or more
+\fISettings\fR
+objects\&.
+.RE
+.PP
+Setting
+.RS 4
+A group of related key/value pairs describing a specific piece of a
+\fIConnection (profile)\fR\&. Settings keys and allowed values are described in the tables below\&. Keys are also reffered to as properties\&. Developers can find the setting objects and their properties in the libnm\-util sources\&. Look for the
+\fBclass_init\fR
+functions near the bottom of each setting source file\&.
+.RE
+.PP
+The settings and properties shown in tables below list all available connection configuration options\&. However, note that not all settings are applicable to all connection types\&. NetworkManager provides a command\-line tool
+\fInmcli\fR
+that allows direct configuration of the settings and properties according to a connection profile type\&.
+\fInmcli\fR
+connection editor has also a built\-in
+\fIdescribe\fR
+command that can display description of particular settings and properties of this page\&.
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&1.\ \&802-1x setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+802\-1x
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+eap
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+The allowed EAP method to be used when authenticating to the network with 802\&.1x\&. Valid methods are: \*(Aqleap\*(Aq, \*(Aqmd5\*(Aq, \*(Aqtls\*(Aq, \*(Aqpeap\*(Aq, \*(Aqttls\*(Aq, \*(Aqpwd\*(Aq, and \*(Aqfast\*(Aq\&. Each method requires different configuration using the properties of this setting; refer to wpa_supplicant documentation for the allowed combinations\&.
+T}
+T{
+identity
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Identity string for EAP authentication methods\&.  Often the user\*(Aqs user or login name\&.
+T}
+T{
+anonymous\-identity
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Anonymous identity string for EAP authentication methods\&.  Used as the unencrypted identity with EAP types that support different tunneled identity like EAP\-TTLS\&.
+T}
+T{
+pac\-file
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+UTF\-8 encoded file path containing PAC for EAP\-FAST\&.
+T}
+T{
+ca\-cert
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+Contains the CA certificate if used by the EAP method specified in the \*(Aqeap\*(Aq property\&.  Certificate data is specified using a \*(Aqscheme\*(Aq; two are currently supported: blob and path\&.  When using the blob scheme (which is backwards compatible with NM 0\&.7\&.x) this property should be set to the certificate\*(Aqs DER encoded data\&.  When using the path scheme, this property should be set to the full UTF\-8 encoded path of the certificate, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&.  This property can be unset even if the EAP method supports CA certificates, but this allows man\-in\-the\-middle attacks and is NOT recommended\&.
+T}
+T{
+ca\-path
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+UTF\-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the \*(Aqca\-cert\*(Aq property\&.
+T}
+T{
+subject\-match
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Substring to be matched against the subject of the certificate presented by the authentication server\&. When unset, no verification of the authentication server certificate\*(Aqs subject is performed\&.
+T}
+T{
+altsubject\-matches
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+List of strings to be matched against the altSubjectName of the certificate presented by the authentication server\&. If the list is empty, no verification of the server certificate\*(Aqs altSubjectName is performed\&.
+T}
+T{
+client\-cert
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+Contains the client certificate if used by the EAP method specified in the \*(Aqeap\*(Aq property\&.  Certificate data is specified using a \*(Aqscheme\*(Aq; two are currently supported: blob and path\&.  When using the blob scheme (which is backwards compatible with NM 0\&.7\&.x) this property should be set to the certificate\*(Aqs DER encoded data\&.  When using the path scheme, this property should be set to the full UTF\-8 encoded path of the certificate, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&.
+T}
+T{
+phase1\-peapver
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Forces which PEAP version is used when PEAP is set as the EAP method in \*(Aqeap\*(Aq property\&.  When unset, the version reported by the server will be used\&.  Sometimes when using older RADIUS servers, it is necessary to force the client to use a particular PEAP version\&.  To do so, this property may be set to \*(Aq0\*(Aq or \*(Aq1\*(Aq to force that specific PEAP version\&.
+T}
+T{
+phase1\-peaplabel
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Forces use of the new PEAP label during key derivation\&.  Some RADIUS servers may require forcing the new PEAP label to interoperate with PEAPv1\&.  Set to \*(Aq1\*(Aq to force use of the new PEAP label\&.  See the wpa_supplicant documentation for more details\&.
+T}
+T{
+phase1\-fast\-provisioning
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Enables or disables in\-line provisioning of EAP\-FAST credentials when FAST is specified as the EAP method in the #NMSetting8021x:eap property\&. Allowed values are \*(Aq0\*(Aq (disabled), \*(Aq1\*(Aq (allow unauthenticated provisioning), \*(Aq2\*(Aq (allow authenticated provisioning), and \*(Aq3\*(Aq (allow both authenticated and unauthenticated provisioning)\&.  See the wpa_supplicant documentation for more details\&.
+T}
+T{
+phase2\-auth
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Specifies the allowed \*(Aqphase 2\*(Aq inner non\-EAP authentication methods when an EAP method that uses an inner TLS tunnel is specified in the \*(Aqeap\*(Aq property\&. Recognized non\-EAP phase2 methods are \*(Aqpap\*(Aq, \*(Aqchap\*(Aq, \*(Aqmschap\*(Aq, \*(Aqmschapv2\*(Aq, \*(Aqgtc\*(Aq, \*(Aqotp\*(Aq, \*(Aqmd5\*(Aq, and \*(Aqtls\*(Aq\&.  Each \*(Aqphase 2\*(Aq inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details\&.
+T}
+T{
+phase2\-autheap
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Specifies the allowed \*(Aqphase 2\*(Aq inner EAP\-based authentication methods when an EAP method that uses an inner TLS tunnel is specified in the \*(Aqeap\*(Aq property\&. Recognized EAP\-based \*(Aqphase 2\*(Aq methods are \*(Aqmd5\*(Aq, \*(Aqmschapv2\*(Aq, \*(Aqotp\*(Aq, \*(Aqgtc\*(Aq, and \*(Aqtls\*(Aq\&. Each \*(Aqphase 2\*(Aq inner method requires specific parameters for successful authentication; see the wpa_supplicant documentation for more details\&.
+T}
+T{
+phase2\-ca\-cert
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+Contains the \*(Aqphase 2\*(Aq CA certificate if used by the EAP method specified in the \*(Aqphase2\-auth\*(Aq or \*(Aqphase2\-autheap\*(Aq properties\&.  Certificate data is specified using a \*(Aqscheme\*(Aq; two are currentlysupported: blob and path\&. When using the blob scheme (which is backwards compatible with NM 0\&.7\&.x) this property should be set to the certificate\*(Aqs DER encoded data\&. When using the path scheme, this property should be set to the full UTF\-8 encoded path of the certificate, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&.  This property can be unset even if the EAP method supports CA certificates, but this allows man\-in\-the\-middle attacks and is NOT recommended\&.
+T}
+T{
+phase2\-ca\-path
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+UTF\-8 encoded path to a directory containing PEM or DER formatted certificates to be added to the verification chain in addition to the certificate specified in the \*(Aqphase2\-ca\-cert\*(Aq property\&.
+T}
+T{
+phase2\-subject\-match
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Substring to be matched against the subject of the certificate presented by the authentication server during the inner \*(Aqphase2\*(Aq authentication\&. When unset, no verification of the authentication server certificate\*(Aqs subject is performed\&.
+T}
+T{
+phase2\-altsubject\-matches
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+List of strings to be matched against List of strings to be matched against the altSubjectName of the certificate presented by the authentication server during the inner \*(Aqphase 2\*(Aq authentication\&. If the list is empty, no verification of the server certificate\*(Aqs altSubjectName is performed\&.
+T}
+T{
+phase2\-client\-cert
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+Contains the \*(Aqphase 2\*(Aq client certificate if used by the EAP method specified in the \*(Aqphase2\-auth\*(Aq or \*(Aqphase2\-autheap\*(Aq properties\&. Certificate data is specified using a \*(Aqscheme\*(Aq; two are currently supported: blob and path\&.  When using the blob scheme (which is backwards compatible with NM 0\&.7\&.x) this property should be set to the certificate\*(Aqs DER encoded data\&.  When using the path scheme, this property should be set to the full UTF\-8 encoded path of the certificate, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&.
+T}
+T{
+password
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+UTF\-8 encoded password used for EAP authentication methods\&.
+T}
+T{
+password\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the 802\&.1x password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+password\-raw
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+Password used for EAP authentication methods, given as a byte array to allow passwords in other encodings than UTF\-8 to be used\&.  If both \*(Aqpassword\*(Aq and \*(Aqpassword\-raw\*(Aq are given, \*(Aqpassword\*(Aq is preferred\&.
+T}
+T{
+password\-raw\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the 802\&.1x password byte array\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+private\-key
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+Contains the private key when the \*(Aqeap\*(Aq property is set to \*(Aqtls\*(Aq\&.  Key data is specified using a \*(Aqscheme\*(Aq; two are currently supported: blob and path\&. When using the blob scheme and private keys, this property should be set to the key\*(Aqs encrypted PEM encoded data\&. When using private keys with the path scheme, this property should be set to the full UTF\-8 encoded path of the key, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&.  When using PKCS#12 format private keys and the blob scheme, this property should be set to the PKCS#12 data and the \*(Aqprivate\-key\-password\*(Aq property must be set to password used to decrypt the PKCS#12 certificate and key\&.  When using PKCS#12 files and the path scheme, this property should be set to the full UTF\-8 encoded path of the key, prefixed with the string \*(Aqfile://\*(Aq and and ending with a terminating NULL byte, and as with the blob scheme the \*(Aqprivate\-key\-password\*(Aq property must be set to the password used to decode the PKCS#12 private key and certificate\&.
+T}
+T{
+private\-key\-password
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The password used to decrypt the private key specified in the \*(Aqprivate\-key\*(Aq property when the private key either uses the path scheme, or if the private key is a PKCS#12 format key\&.
+T}
+T{
+private\-key\-password\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the 802\&.1x private key password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+phase2\-private\-key
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+Contains the \*(Aqphase 2\*(Aq inner private key when the \*(Aqphase2\-auth\*(Aq or \*(Aqphase2\-autheap\*(Aq property is set to \*(Aqtls\*(Aq\&.  Key data is specified using a \*(Aqscheme\*(Aq; two are currently supported: blob and path\&. When using the blob scheme and private keys, this property should be set to the key\*(Aqs encrypted PEM encoded data\&. When using private keys with the path scheme, this property should be set to the full UTF\-8 encoded path of the key, prefixed with the string \*(Aqfile://\*(Aq and ending with a terminating NULL byte\&.  When using PKCS#12 format private keys and the blob scheme, this property should be set to the PKCS#12 data and the \*(Aqphase2\-private\-key\-password\*(Aq property must be set to password used to decrypt the PKCS#12 certificate and key\&.  When using PKCS#12 files and the path scheme, this property should be set to the full UTF\-8 encoded path of the key, prefixed with the string \*(Aqfile://\*(Aq and and ending with a terminating NULL byte, and as with the blob scheme the \*(Aqphase2\-private\-key\-password\*(Aq property must be set to the password used to decode the PKCS#12 private key and certificate\&.
+T}
+T{
+phase2\-private\-key\-password
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The password used to decrypt the \*(Aqphase 2\*(Aq private key specified in the \*(Aqprivate\-key\*(Aq property when the phase2 private key either uses the path scheme, or if the phase2 private key is a PKCS#12 format key\&.
+T}
+T{
+phase2\-private\-key\-password\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the 802\&.1x phase2 private key password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+pin
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+PIN used for EAP authentication methods\&.
+T}
+T{
+pin\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the 802\&.1x PIN\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+system\-ca\-certs
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+When TRUE, overrides \*(Aqca\-path\*(Aq and \*(Aqphase2\-ca\-path\*(Aq properties using the system CA directory specified at configure time with the \-\-system\-ca\-path switch\&.  The certificates in this directory are added to the verification chain in addition to any certificates specified by the \*(Aqca\-cert\*(Aq and \*(Aqphase2\-ca\-cert\*(Aq properties\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&2.\ \&adsl setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+adsl
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+username
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Username used to authenticate with the pppoa service\&.
+T}
+T{
+password
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Password used to authenticate with the pppoa service\&.
+T}
+T{
+password\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the ADSL password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+protocol
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+ADSL connection protocol\&.
+T}
+T{
+encapsulation
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Encapsulation of ADSL connection
+T}
+T{
+vpi
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+VPI of ADSL connection
+T}
+T{
+vci
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+VCI of ADSL connection
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&3.\ \&bluetooth setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+bluetooth
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+bdaddr
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+The Bluetooth address of the device
+T}
+T{
+type
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Either \*(Aqdun\*(Aq for Dial\-Up Networking connections or \*(Aqpanu\*(Aq for Personal Area Networking connections\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&4.\ \&bond setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+bond
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+interface\-name
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The name of the virtual in\-kernel bonding network interface
+T}
+T{
+options
+T}:T{
+dict of (string::string)
+T}:T{
+\ \&
+T}:T{
+Dictionary of key/value pairs of bonding options\&.  Both keys and values must be strings\&.  Option names must contain only alphanumeric characters (ie, [a\-zA\-Z0\-9])\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&5.\ \&bridge setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+bridge
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+interface\-name
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The name of the virtual in\-kernel bridging network interface
+T}
+T{
+mac\-address
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+The MAC address of the bridge
+T}
+T{
+stp
+T}:T{
+boolean
+T}:T{
+TRUE
+T}:T{
+Controls whether Spanning Tree Protocol (STP) is enabled for this bridge\&.
+T}
+T{
+priority
+T}:T{
+uint32
+T}:T{
+32768
+T}:T{
+Sets the Spanning Tree Protocol (STP) priority for this bridge\&.  Lower values are \*(Aqbetter\*(Aq; the lowest priority bridge will be elected the root bridge\&.
+T}
+T{
+forward\-delay
+T}:T{
+uint32
+T}:T{
+15
+T}:T{
+The Spanning Tree Protocol (STP) forwarding delay, in seconds\&.
+T}
+T{
+hello\-time
+T}:T{
+uint32
+T}:T{
+2
+T}:T{
+The Spanning Tree Protocol (STP) hello time, in seconds\&.
+T}
+T{
+max\-age
+T}:T{
+uint32
+T}:T{
+20
+T}:T{
+The Spanning Tree Protocol (STP) maximum message age, in seconds\&.
+T}
+T{
+ageing\-time
+T}:T{
+uint32
+T}:T{
+300
+T}:T{
+The Ethernet MAC address aging time, in seconds\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&6.\ \&bridge-port setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+bridge\-port
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+priority
+T}:T{
+uint32
+T}:T{
+32
+T}:T{
+The Spanning Tree Protocol (STP) priority of this bridge port
+T}
+T{
+path\-cost
+T}:T{
+uint32
+T}:T{
+100
+T}:T{
+The Spanning Tree Protocol (STP) port cost for destinations via this port\&.
+T}
+T{
+hairpin\-mode
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+Enables or disabled \*(Aqhairpin mode\*(Aq for the port, which allows frames to be sent back out through the port the frame was received on\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&7.\ \&cdma setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+cdma
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+number
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Number to dial when establishing a PPP data session with the CDMA\-based mobile broadband network\&.  If not specified, the default number (#777) is used when required\&.
+T}
+T{
+username
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Username used to authenticate with the network, if required\&.  Note that many providers do not require a username or accept any username\&.
+T}
+T{
+password
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Password used to authenticate with the network, if required\&.  Note that many providers do not require a password or accept any password\&.
+T}
+T{
+password\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the CDMA password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&8.\ \&connection setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+connection
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+id
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+User\-readable connection identifier/name\&.  Must be one or more characters and may change over the lifetime of the connection if the user decides to rename it\&.
+T}
+T{
+uuid
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Universally unique connection identifier\&.  Must be in the format \*(Aq2815492f\-7e56\-435e\-b2e9\-246bd7cdc664\*(Aq (ie, contains only hexadecimal characters and \*(Aq\-\*(Aq)\&. The UUID should be assigned when the connection is created and never changed as long as the connection still applies to the same network\&.  For example, it should not be changed when the user changes the connection\*(Aqs \*(Aqid\*(Aq, but should be recreated when the Wi\-Fi SSID, mobile broadband network provider, or the connection type changes\&.
+T}
+T{
+interface\-name
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Interface name this connection is bound to\&. If not set, then the connection can be attached to any interface of the appropriate type (subject to restrictions imposed by other settings)\&. For connection types where interface names cannot easily be made persistent (e\&.g\&. mobile broadband or USB Ethernet), this property should not be used\&. Setting this property restricts the interfaces a connection can be used with, and if interface names change or are reordered the connection may be applied to the wrong interface\&.
+T}
+T{
+type
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Base type of the connection\&.  For hardware\-dependent connections, should contain the setting name of the hardware\-type specific setting (ie, \*(Aq802\-3\-ethernet\*(Aq or \*(Aq802\-11\-wireless\*(Aq or \*(Aqbluetooth\*(Aq, etc), and for non\-hardware dependent connections like VPN or otherwise, should contain the setting name of that setting type (ie, \*(Aqvpn\*(Aq or \*(Aqbridge\*(Aq, etc)\&.
+T}
+T{
+permissions
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+An array of strings defining what access a given user has to this connection\&.  If this is NULL or empty, all users are allowed to access this connection\&.  Otherwise a user is allowed to access this connection if and only if they are in this array\&. Each entry is of the form "[type]:[id]:[reserved]", for example: "user:dcbw:blah"  At this time only the \*(Aquser\*(Aq [type] is allowed\&.  Any other values are ignored and reserved for future use\&.  [id] is the username that this permission refers to, which may not contain the \*(Aq:\*(Aq character\&.  Any [reserved] information (if present) must be ignored and is reserved for future use\&.  All of [type], [id], and [reserved] must be valid UTF\-8\&.
+T}
+T{
+autoconnect
+T}:T{
+boolean
+T}:T{
+TRUE
+T}:T{
+If TRUE, NetworkManager will activate this connection when its network resources are available\&.  If FALSE, the connection must be manually activated by the user or some other mechanism\&.
+T}
+T{
+timestamp
+T}:T{
+uint64
+T}:T{
+0
+T}:T{
+Timestamp (in seconds since the Unix Epoch) that the connection was last successfully activated\&.  NetworkManager updates the connection timestamp periodically when the connection is active to ensure that an active connection has the latest timestamp\&. The property is only meant for reading (changes to this property will not be preserved)\&.
+T}
+T{
+read\-only
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, the connection is read\-only and cannot be changed by the user or any other mechanism\&.  This is normally set for system connections whose plugin cannot yet write updated connections back out\&.
+T}
+T{
+zone
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The trust level of a the connection\&.Free form case\-insensitive string (for example "Home", "Work", "Public")\&.  NULL or unspecified zone means the connection will be placed in the default zone as defined by the firewall\&.
+T}
+T{
+master
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Interface name of the master device or UUID of the master connection
+T}
+T{
+slave\-type
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Setting name describing the type of slave this connection is (ie, \*(Aqbond\*(Aq) or NULL if this connection is not a slave\&.
+T}
+T{
+secondaries
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+List of connection UUIDs that should be activated when the base connection itself is activated\&.  Currently only VPN connections are supported\&.
+T}
+T{
+gateway\-ping\-timeout
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If greater than zero, delay success of IP addressing until either the timeout is reached, or an IP gateway replies to a ping\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&9.\ \&dcb setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+dcb
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+app\-fcoe\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Specifies the flags for the DCB FCoE application\&. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing)\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+app\-fcoe\-priority
+T}:T{
+int32
+T}:T{
+\-1
+T}:T{
+The highest User Priority (0 \- 7) which FCoE frames should use, or \-1 for default priority\&. Only used when the \*(Aqapp\-fcoe\-flags\*(Aq property includes the \*(Aqenabled\*(Aq flag\&.
+T}
+T{
+app\-fcoe\-mode
+T}:T{
+string
+T}:T{
+"fabric"
+T}:T{
+The FCoe controller mode; either \*(Aqfabric\*(Aq (default) or \*(Aqvn2vn\*(Aq\&.
+T}
+T{
+app\-iscsi\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Specifies the flags for the DCB iSCSI application\&. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing)\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+app\-iscsi\-priority
+T}:T{
+int32
+T}:T{
+\-1
+T}:T{
+The highest User Priority (0 \- 7) which iSCSI frames should use, or \-1 for default priority\&. Only used when the \*(Aqapp\-iscsi\-flags\*(Aq property includes the \*(Aqenabled\*(Aq flag\&.
+T}
+T{
+app\-fip\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Specifies the flags for the DCB FIP application\&. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing)\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+app\-fip\-priority
+T}:T{
+int32
+T}:T{
+\-1
+T}:T{
+The highest User Priority (0 \- 7) which FIP frames should use, or \-1 for default priority\&. Only used when the \*(Aqapp\-fip\-flags\*(Aq property includes the \*(Aqenabled\*(Aq flag\&.
+T}
+T{
+priority\-flow\-control\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Specifies the flags for DCB Priority Flow Control\&. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing)\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+priority\-flow\-control
+T}:T{
+array of uint32
+T}:T{
+\ \&
+T}:T{
+An array of 8 uint values, where the array index corresponds to the User Priority (0 \- 7) and the value indicates whether or not the corresponding priority should transmit priority pause\&.  Allowed values are 0 (do not transmit pause) and 1 (transmit pause)\&.
+T}
+T{
+priority\-group\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Specifies the flags for DCB Priority Groups\&. Flags may be any combination of 0x1 (enable), 0x2 (advertise), and 0x4 (willing)\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+priority\-group\-id
+T}:T{
+array of uint32
+T}:T{
+\ \&
+T}:T{
+An array of 8 uint values, where the array index corresponds to the User Priority (0 \- 7) and the value indicates the Priority Group ID\&. Allowed Priority Group ID values are 0 \- 7 or 15 for the unrestricted group\&.
+T}
+T{
+priority\-group\-bandwidth
+T}:T{
+array of uint32
+T}:T{
+\ \&
+T}:T{
+An array of 8 uint values, where the array index corresponds to the Priority Group ID (0 \- 7) and the value indicates the percentage of link bandwidth allocated to that group\&.  Allowed values are 0 \- 100, and the sum of all values must total 100 percent\&.
+T}
+T{
+priority\-bandwidth
+T}:T{
+array of uint32
+T}:T{
+\ \&
+T}:T{
+An array of 8 uint values, where the array index corresponds to the User Priority (0 \- 7) and the value indicates the percentage of bandwidth of the priority\*(Aqs assigned group that the priority may use\&.  The sum of all percentages for priorities which belong to the same group must total 100 percent\&.
+T}
+T{
+priority\-strict\-bandwidth
+T}:T{
+array of uint32
+T}:T{
+\ \&
+T}:T{
+An array of 8 uint values, where the array index corresponds to the User Priority (0 \- 7) and the value indicates whether or not the priority may use all of the bandwidth allocated to its assigned group\&. Allowed values are 0 (the priority may not utilize all bandwidth) or 1 (the priority may utilize all bandwidth)\&.
+T}
+T{
+priority\-traffic\-class
+T}:T{
+array of uint32
+T}:T{
+\ \&
+T}:T{
+An array of 8 uint values, where the array index corresponds to the User Priority (0 \- 7) and the value indicates the traffic class (0 \- 7) to which the priority is mapped\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&10.\ \&gsm setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+gsm
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+number
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Number to dial when establishing a PPP data session with the GSM\-based mobile broadband network\&.  Many modems do not require PPP for connections to the mobile network and thus this property should be left blank, which allows NetworkManager to select the appropriate settings automatically\&.
+T}
+T{
+username
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Username used to authenticate with the network, if required\&.  Note that many providers do not require a username or accept any username\&.
+T}
+T{
+password
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Password used to authenticate with the network, if required\&.  Note that many providers do not require a password or accept any password\&.
+T}
+T{
+password\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the GSM password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+apn
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The GPRS Access Point Name specifying the APN used when establishing a data session with the GSM\-based network\&.  The APN often determines how the user will be billed for their network usage and whether the user has access to the Internet or just a provider\-specific walled\-garden, so it is important to use the correct APN for the user\*(Aqs mobile broadband plan\&.  The APN may only be composed of the characters a\-z, 0\-9, \&., and \- per GSM 03\&.60 Section 14\&.9\&.
+T}
+T{
+network\-id
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The Network ID (GSM LAI format, ie MCC\-MNC) to force specific network registration\&.  If the Network ID is specified, NetworkManager will attempt to force the device to register only on the specified network\&.  This can be used to ensure that the device does not roam when direct roaming control of the device is not otherwise possible\&.
+T}
+T{
+network\-type
+T}:T{
+int32
+T}:T{
+\-1
+T}:T{
+Network preference to force the device to only use specific network technologies\&.  The permitted values are: \-1: any, 0: 3G only, 1: GPRS/EDGE only, 2: prefer 3G, 3: prefer 2G, 4: prefer 4G/LTE, 5: 4G/LTE only\&. Notes: This property is deprecated and NetworkManager from 0\&.9\&.10 onwards doesn\*(Aqt use this property when talking to ModemManager\&.Also, not all devices allow network preference control\&.
+T}
+T{
+pin
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+If the SIM is locked with a PIN it must be unlocked before any other operations are requested\&.  Specify the PIN here to allow operation of the device\&.
+T}
+T{
+pin\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the GSM SIM PIN\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+allowed\-bands
+T}:T{
+uint32
+T}:T{
+1
+T}:T{
+Bitfield of allowed frequency bands\&.Notes: This property is deprecated and NetworkManager from 0\&.9\&.10 onwards doesn\*(Aqt use this property when talking to ModemManager\&.Also, not all devices allow frequency band control\&.
+T}
+T{
+home\-only
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+When TRUE, only connections to the home network will be allowed\&.  Connections to roaming networks will not be made\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&11.\ \&infiniband setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+infiniband
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+mac\-address
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+If specified, this connection will only apply to the IPoIB device whose permanent MAC address matches\&.  This property does not change the MAC address of the device (i\&.e\&. MAC spoofing)\&.
+T}
+T{
+mtu
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple frames\&.
+T}
+T{
+transport\-mode
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The IPoIB transport mode\&. Either \*(Aqdatagram\*(Aq or \*(Aqconnected\*(Aq\&.
+T}
+T{
+p\-key
+T}:T{
+int32
+T}:T{
+\-1
+T}:T{
+The InfiniBand P_Key\&. Either \-1 for the default, or a 16\-bit unsigned integer\&.
+T}
+T{
+parent
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The interface name of the parent device, or NULL
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&12.\ \&ipv4 setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+ipv4
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+method
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+IPv4 configuration method\&.  If \*(Aqauto\*(Aq is specified then the appropriate automatic method (DHCP, PPP, etc) is used for the interface and most other properties can be left unset\&.  If \*(Aqlink\-local\*(Aq is specified, then a link\-local address in the 169\&.254/16 range will be assigned to the interface\&.  If \*(Aqmanual\*(Aq is specified, static IP addressing is used and at least one IP address must be given in the \*(Aqaddresses\*(Aq property\&.  If \*(Aqshared\*(Aq is specified (indicating that this connection will provide network access to other computers) then the interface is assigned an address in the 10\&.42\&.x\&.1/24 range and a DHCP and forwarding DNS server are started, and the interface is NAT\-ed to the current default network connection\&.  \*(Aqdisabled\*(Aq means IPv4 will not be used on this connection\&.  This property must be set\&.
+T}
+T{
+dns
+T}:T{
+array of uint32
+T}:T{
+\ \&
+T}:T{
+List of DNS servers (network byte order)\&. For the \*(Aqauto\*(Aq method, these DNS servers are appended to those (if any) returned by automatic configuration\&.  DNS servers cannot be used with the \*(Aqshared\*(Aq, \*(Aqlink\-local\*(Aq, or \*(Aqdisabled\*(Aq methods as there is no upstream network\&.  In all other methods, these DNS servers are used as the only DNS servers for this connection\&.
+T}
+T{
+dns\-search
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+List of DNS search domains\&.  For the \*(Aqauto\*(Aq method, these search domains are appended to those returned by automatic configuration\&. Search domains cannot be used with the \*(Aqshared\*(Aq, \*(Aqlink\-local\*(Aq, or \*(Aqdisabled\*(Aq methods as there is no upstream network\&.  In all other methods, these search domains are used as the only search domains for this connection\&.
+T}
+T{
+addresses
+T}:T{
+array of array of uint32
+T}:T{
+\ \&
+T}:T{
+Array of IPv4 address structures\&.  Each IPv4 address structure is composed of 3 32\-bit values; the first being the IPv4 address (network byte order), the second the prefix (1 \- 32), and last the IPv4 gateway (network byte order)\&. The gateway may be left as 0 if no gateway exists for that subnet\&.  For the \*(Aqauto\*(Aq method, given IP addresses are appended to those returned by automatic configuration\&.  Addresses cannot be used with the \*(Aqshared\*(Aq, \*(Aqlink\-local\*(Aq, or \*(Aqdisabled\*(Aq methods as addressing is either automatic or disabled with these methods\&.
+T}
+T{
+address\-labels
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+Internal use only
+T}
+T{
+routes
+T}:T{
+array of array of uint32
+T}:T{
+\ \&
+T}:T{
+Array of IPv4 route structures\&.  Each IPv4 route structure is composed of 4 32\-bit values; the first being the destination IPv4 network or address (network byte order), the second the destination network or address prefix (1 \- 32), the third being the next\-hop (network byte order) if any, and the fourth being the route metric\&. For the \*(Aqauto\*(Aq method, given IP routes are appended to those returned by automatic configuration\&.  Routes cannot be used with the \*(Aqshared\*(Aq, \*(Aqlink\-local\*(Aq, or \*(Aqdisabled\*(Aq, methods as there is no upstream network\&.
+T}
+T{
+ignore\-auto\-routes
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+When the method is set to \*(Aqauto\*(Aq and this property to TRUE, automatically configured routes are ignored and only routes specified in the \*(Aqroutes\*(Aq property, if any, are used\&.
+T}
+T{
+ignore\-auto\-dns
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+When the method is set to \*(Aqauto\*(Aq and this property to TRUE, automatically configured nameservers and search domains are ignored and only nameservers and search domains specified in the \*(Aqdns\*(Aq and \*(Aqdns\-search\*(Aq properties, if any, are used\&.
+T}
+T{
+dhcp\-client\-id
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options\&.
+T}
+T{
+dhcp\-send\-hostname
+T}:T{
+boolean
+T}:T{
+TRUE
+T}:T{
+If TRUE, a hostname is sent to the DHCP server when acquiring a lease\&.  Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer\&.  If the \*(Aqdhcp\-hostname\*(Aq property is empty and this property is TRUE, the current persistent hostname of the computer is sent\&.
+T}
+T{
+dhcp\-hostname
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+If the \*(Aqdhcp\-send\-hostname\*(Aq property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease\&.
+T}
+T{
+never\-default
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, this connection will never be the default IPv4 connection, meaning it will never be assigned the default route by NetworkManager\&.
+T}
+T{
+may\-fail
+T}:T{
+boolean
+T}:T{
+TRUE
+T}:T{
+If TRUE, allow overall network configuration to proceed even if IPv4 configuration times out\&. Note that at least one IP configuration must succeed or overall network configuration will still fail\&.  For example, in IPv6\-only networks, setting this property to TRUE allows the overall network configuration to succeed if IPv4 configuration fails but IPv6 configuration completes successfully\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&13.\ \&ipv6 setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+ipv6
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+method
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+IPv6 configuration method\&.  If \*(Aqauto\*(Aq is specified then the appropriate automatic method (PPP, router advertisement, etc) is used for the device and most other properties can be left unset\&.  To force the use of DHCP only, specify \*(Aqdhcp\*(Aq; this method is only valid for Ethernet\-based hardware\&.  If \*(Aqlink\-local\*(Aq is specified, then an IPv6 link\-local address will be assigned to the interface\&.  If \*(Aqmanual\*(Aq is specified, static IP addressing is used and at least one IP address must be given in  the \*(Aqaddresses\*(Aq property\&.  If \*(Aqignore\*(Aq is specified, IPv6 configuration is not done\&. This property must be set\&.  Note: the \*(Aqshared\*(Aq method is not yet supported\&.
+T}
+T{
+dhcp\-hostname
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The specified name will be sent to the DHCP server when acquiring a lease\&.
+T}
+T{
+dns
+T}:T{
+array of byte array
+T}:T{
+\ \&
+T}:T{
+Array of DNS servers, where each member of the array is a byte array containing the IPv6 address of the DNS server (in network byte order)\&. For the \*(Aqauto\*(Aq method, these DNS servers are appended to those (if any) returned by automatic configuration\&.  DNS servers cannot be used with the \*(Aqshared\*(Aq or \*(Aqlink\-local\*(Aq methods as there is no usptream network\&.  In all other methods, these DNS servers are used as the only DNS servers for this connection\&.
+T}
+T{
+dns\-search
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+List of DNS search domains\&.  For the \*(Aqauto\*(Aq method, these search domains are appended to those returned by automatic configuration\&. Search domains cannot be used with the \*(Aqshared\*(Aq or \*(Aqlink\-local\*(Aq methods as there is no upstream network\&.  In all other methods, these search domains are used as the only search domains for this connection\&.
+T}
+T{
+addresses
+T}:T{
+array of (byte array, uint32, byte array)
+T}:T{
+\ \&
+T}:T{
+Array of IPv6 address structures\&.  Each IPv6 address structure is composed of 3 members, the first being a byte array containing the IPv6 address (network byte order), the second a 32\-bit integer containing the IPv6 address prefix, and the third a byte array containing the IPv6 address (network byte order) of the gateway associated with this address, if any\&. If no gateway is given, the third element should be given as all zeros\&.  For the \*(Aqauto\*(Aq method, given IP addresses are appended to those returned by automatic configuration\&.  Addresses cannot be used with the \*(Aqshared\*(Aq or \*(Aqlink\-local\*(Aq methods as the interface is automatically assigned an address with these methods\&.
+T}
+T{
+routes
+T}:T{
+array of (byte array, uint32, byte array, uint32)
+T}:T{
+\ \&
+T}:T{
+Array of IPv6 route structures\&.  Each IPv6 route structure is composed of 4 members; the first being the destination IPv6 network or address (network byte order) as a byte array, the second the destination network or address IPv6 prefix, the third being the next\-hop IPv6 address (network byte order) if any, and the fourth being the route metric\&. For the \*(Aqauto\*(Aq method, given IP routes are appended to those returned by automatic configuration\&.  Routes cannot be used with the \*(Aqshared\*(Aq or \*(Aqlink\-local\*(Aq methods because there is no upstream network\&.
+T}
+T{
+ignore\-auto\-routes
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+When the method is set to \*(Aqauto\*(Aq or \*(Aqdhcp\*(Aq and this property is set to TRUE, automatically configured routes are ignored and only routes specified in the \*(Aqroutes\*(Aq property, if any, are used\&.
+T}
+T{
+ignore\-auto\-dns
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+When the method is set to \*(Aqauto\*(Aq or \*(Aqdhcp\*(Aq and this property is set to TRUE, automatically configured nameservers and search domains are ignored and only nameservers and search domains specified in the \*(Aqdns\*(Aq and \*(Aqdns\-search\*(Aq properties, if any, are used\&.
+T}
+T{
+never\-default
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, this connection will never be the default IPv6 connection, meaning it will never be assigned the default IPv6 route by NetworkManager\&.
+T}
+T{
+may\-fail
+T}:T{
+boolean
+T}:T{
+TRUE
+T}:T{
+If TRUE, allow overall network configuration to proceed even if IPv6 configuration times out\&. Note that at least one IP configuration must succeed or overall network configuration will still fail\&.  For example, in IPv4\-only networks, setting this property to TRUE allows the overall network configuration to succeed if IPv6 configuration fails but IPv4 configuration completes successfully\&.
+T}
+T{
+ip6\-privacy
+T}:T{
+int32
+T}:T{
+\-1
+T}:T{
+Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941\&.  If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI\-64\&.  This enhances privacy, but could cause problems in some applications, on the other hand\&.  The permitted values are: 0: disabled, 1: enabled (prefer public address), 2: enabled (prefer temporary addresses)\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&14.\ \&802-11-olpc-mesh setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+802\-11\-olpc\-mesh
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+ssid
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+SSID of the mesh network to join\&.
+T}
+T{
+channel
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Channel on which the mesh network to join is located\&.
+T}
+T{
+dhcp\-anycast\-address
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+Anycast DHCP MAC address used when requesting an IP address via DHCP\&.  The specific anycast address used determines which DHCP server class answers the the request\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&15.\ \&ppp setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+ppp
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+noauth
+T}:T{
+boolean
+T}:T{
+TRUE
+T}:T{
+If TRUE, do not require the other side (usually the PPP server) to authenticate itself to the client\&.  If FALSE, require authentication from the remote side\&.  In almost all cases, this should be TRUE\&.
+T}
+T{
+refuse\-eap
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, the EAP authentication method will not be used\&.
+T}
+T{
+refuse\-pap
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, the PAP authentication method will not be used\&.
+T}
+T{
+refuse\-chap
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, the CHAP authentication method will not be used\&.
+T}
+T{
+refuse\-mschap
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, the MSCHAP authentication method will not be used\&.
+T}
+T{
+refuse\-mschapv2
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, the MSCHAPv2 authentication method will not be used\&.
+T}
+T{
+nobsdcomp
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, BSD compression will not be requested\&.
+T}
+T{
+nodeflate
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, \*(Aqdeflate\*(Aq compression will not be requested\&.
+T}
+T{
+no\-vj\-comp
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, Van Jacobsen TCP header compression will not be requested\&.
+T}
+T{
+require\-mppe
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, MPPE (Microsoft Point\-to\-Point Encrpytion) will be required for the PPP session\&.  If either 64\-bit or 128\-bit MPPE is not available the session will fail\&.  Note that MPPE is not used on mobile broadband connections\&.
+T}
+T{
+require\-mppe\-128
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, 128\-bit MPPE (Microsoft Point\-to\-Point Encrpytion) will be required for the PPP session, and the \*(Aqrequire\-mppe\*(Aq property must also be set to TRUE\&.  If 128\-bit MPPE is not available the session will fail\&.
+T}
+T{
+mppe\-stateful
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, stateful MPPE is used\&.  See pppd documentation for more information on stateful MPPE\&.
+T}
+T{
+crtscts
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, specify that pppd should set the serial port to use hardware flow control with RTS and CTS signals\&.  This value should normally be set to FALSE\&.
+T}
+T{
+baud
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, instruct pppd to set the serial port to the specified baudrate\&.  This value should normally be left as 0 to automatically choose the speed\&.
+T}
+T{
+mru
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, instruct pppd to request that the peer send packets no larger than the specified size\&.  If non\-zero, the MRU should be between 128 and 16384\&.
+T}
+T{
+mtu
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, instruct pppd to send packets no larger than the specified size\&.
+T}
+T{
+lcp\-echo\-failure
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, instruct pppd to presume the connection to the peer has failed if the specified number of LCP echo\-requests go unanswered by the peer\&.  The \*(Aqlcp\-echo\-interval\*(Aq property must also be set to a non\-zero value if this property is used\&.
+T}
+T{
+lcp\-echo\-interval
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, instruct pppd to send an LCP echo\-request frame to the peer every n seconds (where n is the specified value)\&.  Note that some PPP peers will respond to echo requests and some will not, and it is not possible to autodetect this\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&16.\ \&pppoe setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+pppoe
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+service
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+If specified, instruct PPPoE to only initiate sessions with access concentrators that provide the specified service\&.  For most providers, this should be left blank\&.  It is only required if there are multiple access concentrators or a specific service is known to be required\&.
+T}
+T{
+username
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Username used to authenticate with the PPPoE service\&.
+T}
+T{
+password
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Password used to authenticate with the PPPoE service\&.
+T}
+T{
+password\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the PPPoE password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&17.\ \&serial setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+serial
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+baud
+T}:T{
+uint32
+T}:T{
+57600
+T}:T{
+Speed to use for communication over the serial port\&.  Note that this value usually has no effect for mobile broadband modems as they generally ignore speed settings and use the highest available speed\&.
+T}
+T{
+bits
+T}:T{
+uint32
+T}:T{
+8
+T}:T{
+Byte\-width of the serial communication\&.  The 8 in \*(Aq8n1\*(Aq for example\&.
+T}
+T{
+parity
+T}:T{
+gchar
+T}:T{
+110
+T}:T{
+Parity setting of the serial port\&.  Either \*(AqE\*(Aq for even parity, \*(Aqo\*(Aq for odd parity, or \*(Aqn\*(Aq for no parity\&.
+T}
+T{
+stopbits
+T}:T{
+uint32
+T}:T{
+1
+T}:T{
+Number of stop bits for communication on the serial port\&.  Either 1 or 2\&.  The 1 in \*(Aq8n1\*(Aq for example\&.
+T}
+T{
+send\-delay
+T}:T{
+uint64
+T}:T{
+0
+T}:T{
+Time to delay between each byte sent to the modem, in microseconds\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&18.\ \&team setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+team
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+interface\-name
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The name of the virtual in\-kernel team network interface
+T}
+T{
+config
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+JSON configuration for the team network interface\&. The property should contain raw JSON configuration data suitable for teamd, because the value is passed directly to teamd\&. If not specified, the default configuration is used\&. See man teamd\&.conf for the format details\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&19.\ \&team-port setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+team\-port
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+config
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+JSON configuration for the team port\&. The property should contain raw JSON configuration data suitable for teamd, because the value is passed directly to teamd\&. If not specified, the dafault configuration is used\&. See man teamd\&.conf for the format details\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&20.\ \&vlan setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+vlan
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+interface\-name
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+If given, specifies the kernel name of the VLAN interface\&. If not given, a default name will be constructed from the interface described by the parent interface and the \*(Aqid\*(Aq property, ex \*(Aqeth2\&.1\*(Aq\&. The parent interface may be given by the \*(Aqparent\*(Aq property or by the \*(Aqmac\-address\*(Aq property of a \*(Aqwired\*(Aq setting\&.
+T}
+T{
+parent
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+If given, specifies the parent interface name or parent connection UUID from which this VLAN interface should be created\&.  If this property is not specified, the connection must contain a \*(Aqwired\*(Aq setting with a \*(Aqmac\-address\*(Aq property\&.
+T}
+T{
+id
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+The VLAN indentifier the interface created by this connection should be assigned\&.
+T}
+T{
+flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+One or more flags which control the behavior and features of the VLAN interface\&.  Flags include reordering of output packet headers (0x01), use of the GVRP protocol (0x02), and loose binding of the interface to its master device\*(Aqs operating state (0x04)\&.
+T}
+T{
+ingress\-priority\-map
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+For incoming packets, a list of mappings from 802\&.1p priorities to Linux SKB priorities\&.  The mapping is given in the format \*(Aqfrom:to\*(Aq where both \*(Aqfrom\*(Aq and \*(Aqto\*(Aq are unsigned integers, ie \*(Aq7:3\*(Aq\&.
+T}
+T{
+egress\-priority\-map
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+For outgoing packets, a list of mappings from Linux SKB priorities to 802\&.1p priorities\&.  The mapping is given in the format \*(Aqfrom:to\*(Aq where both \*(Aqfrom\*(Aq and \*(Aqto\*(Aq are unsigned integers, ie \*(Aq7:3\*(Aq\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&21.\ \&vpn setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+vpn
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+service\-type
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+D\-Bus service name of the VPN plugin that this setting uses to connect to its network\&.  i\&.e\&. org\&.freedesktop\&.NetworkManager\&.vpnc for the vpnc plugin\&.
+T}
+T{
+user\-name
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+If the VPN connection requires a user name for authentication, that name should be provided here\&.  If the connection is available to more than one user, and the VPN requires each user to supply a different name, then leave this property empty\&.  If this property is empty, NetworkManager will automatically supply the username of the user which requested the VPN connection\&.
+T}
+T{
+data
+T}:T{
+dict of (string::string)
+T}:T{
+\ \&
+T}:T{
+Dictionary of key/value pairs of VPN plugin specific data\&.  Both keys and values must be strings\&.
+T}
+T{
+secrets
+T}:T{
+dict of (string::string)
+T}:T{
+\ \&
+T}:T{
+Dictionary of key/value pairs of VPN plugin specific secrets like passwords or private keys\&.  Both keys and values must be strings\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&22.\ \&wimax setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+wimax
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+network\-name
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Network Service Provider (NSP) name of the WiMAX network this connection should use\&.
+T}
+T{
+mac\-address
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+If specified, this connection will only apply to the WiMAX device whose MAC address matches\&.  This property does not change the MAC address of the device (known as MAC spoofing)\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&23.\ \&802-3-ethernet setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+802\-3\-ethernet
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+port
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Specific port type to use if multiple the device supports multiple attachment methods\&.  One of \*(Aqtp\*(Aq (Twisted Pair), \*(Aqaui\*(Aq (Attachment Unit Interface), \*(Aqbnc\*(Aq (Thin Ethernet) or \*(Aqmii\*(Aq (Media Independent Interface\&.  If the device supports only one port type, this setting is ignored\&.
+T}
+T{
+speed
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, request that the device use only the specified speed\&.  In Mbit/s, ie 100 == 100Mbit/s\&.
+T}
+T{
+duplex
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+If specified, request that the device only use the specified duplex mode\&.  Either \*(Aqhalf\*(Aq or \*(Aqfull\*(Aq\&.
+T}
+T{
+auto\-negotiate
+T}:T{
+boolean
+T}:T{
+TRUE
+T}:T{
+If TRUE, allow auto\-negotiation of port speed and duplex mode\&.  If FALSE, do not allow auto\-negotiation,in which case the \*(Aqspeed\*(Aq and \*(Aqduplex\*(Aq properties should be set\&.
+T}
+T{
+mac\-address
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+If specified, this connection will only apply to the Ethernet device whose permanent MAC address matches\&.  This property does not change the MAC address of the device (i\&.e\&. MAC spoofing)\&.
+T}
+T{
+cloned\-mac\-address
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+If specified, request that the device use this MAC address instead of its permanent MAC address\&.  This is known as MAC cloning or spoofing\&.
+T}
+T{
+mac\-address\-blacklist
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+If specified, this connection will never apply to the Ethernet device whose permanent MAC address matches an address in the list\&.  Each MAC address is in the standard hex\-digits\-and\-colons notation (00:11:22:33:44:55)\&.
+T}
+T{
+mtu
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames\&.
+T}
+T{
+s390\-subchannels
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+Identifies specific subchannels that this network device uses for communcation with z/VM or s390 host\&.  Like the \*(Aqmac\-address\*(Aq property for non\-z/VM devices, this property can be used to ensure this connection only applies to the network device that uses these subchannels\&. The list should contain exactly 3 strings, and each string may only be composed of hexadecimal characters and the period (\&.) character\&.
+T}
+T{
+s390\-nettype
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+s390 network device type; one of \*(Aqqeth\*(Aq, \*(Aqlcs\*(Aq, or \*(Aqctc\*(Aq, representing the different types of virtual network devices available on s390 systems\&.
+T}
+T{
+s390\-options
+T}:T{
+dict of (string::string)
+T}:T{
+\ \&
+T}:T{
+Dictionary of key/value pairs of s390\-specific device options\&.  Both keys and values must be strings\&.  Allowed keys include \*(Aqportno\*(Aq, \*(Aqlayer2\*(Aq, \*(Aqportname\*(Aq, \*(Aqprotocol\*(Aq, among others\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&24.\ \&802-11-wireless setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+802\-11\-wireless
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+ssid
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+SSID of the Wi\-Fi network\&.  Must be specified\&.
+T}
+T{
+mode
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Wi\-Fi network mode; one of \*(Aqinfrastructure\*(Aq, \*(Aqadhoc\*(Aq or \*(Aqap\*(Aq\&.  If blank, infrastructure is assumed\&.
+T}
+T{
+band
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+802\&.11 frequency band of the network\&.  One of \*(Aqa\*(Aq for 5GHz 802\&.11a or \*(Aqbg\*(Aq for 2\&.4GHz 802\&.11\&.  This will lock associations to the Wi\-Fi network to the specific band, i\&.e\&. if \*(Aqa\*(Aq is specified, the device will not associate with the same network in the 2\&.4GHz band even if the network\*(Aqs settings are compatible\&.  This setting depends on specific driver capability and may not work with all drivers\&.
+T}
+T{
+channel
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Wireless channel to use for the Wi\-Fi connection\&.  The device will only join (or create for Ad\-Hoc networks) a Wi\-Fi network on the specified channel\&.  Because channel numbers overlap between bands, this property also requires the \*(Aqband\*(Aq property to be set\&.
+T}
+T{
+bssid
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+If specified, directs the device to only associate with the given access point\&.  This capability is highly driver dependent and not supported by all devices\&.  Note: this property does not control the BSSID used when creating an Ad\-Hoc network and is unlikely to in the future\&.
+T}
+T{
+rate
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, directs the device to only use the specified bitrate for communication with the access point\&.  Units are in Kb/s, ie 5500 = 5\&.5 Mbit/s\&.  This property is highly driver dependent and not all devices support setting a static bitrate\&.
+T}
+T{
+tx\-power
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, directs the device to use the specified transmit power\&.  Units are dBm\&.  This property is highly driver dependent and not all devices support setting a static transmit power\&.
+T}
+T{
+mac\-address
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+If specified, this connection will only apply to the Wi\-Fi device whose permanent MAC address matches\&.  This property does not change the MAC address of the device (i\&.e\&. MAC spoofing)\&.
+T}
+T{
+cloned\-mac\-address
+T}:T{
+byte array
+T}:T{
+[]
+T}:T{
+If specified, request that the Wi\-Fi device use this MAC address instead of its permanent MAC address\&.  This is known as MAC cloning or spoofing\&.
+T}
+T{
+mac\-address\-blacklist
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+A list of permanent MAC addresses of Wi\-Fi devices to which this connection should never apply\&.  Each MAC address should be given in the standard hex\-digits\-and\-colons notation (eg \*(Aq00:11:22:33:44:55\*(Aq)\&.
+T}
+T{
+mtu
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+If non\-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple Ethernet frames\&.
+T}
+T{
+seen\-bssids
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+A list of BSSIDs (each BSSID formatted as a MAC address like 00:11:22:33:44:55\*(Aq) that have been detected as part of the Wi\-Fi network\&. NetworkManager internally tracks previously seen BSSIDs\&. The property is only meant for reading and reflects the BSSID list of NetworkManager\&. The changes you make to this property will not be preserved\&.
+T}
+T{
+security
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+If the wireless connection has any security restrictions, like 802\&.1x, WEP, or WPA, set this property to \*(Aq802\-11\-wireless\-security\*(Aq and ensure the connection contains a valid 802\-11\-wireless\-security setting\&.
+T}
+T{
+hidden
+T}:T{
+boolean
+T}:T{
+FALSE
+T}:T{
+If TRUE, indicates this network is a non\-broadcasting network that hides its SSID\&.  In this case various workarounds may take place, such as probe\-scanning the SSID for more reliable network discovery\&.  However, these workarounds expose inherent insecurities with hidden SSID networks, and thus hidden SSID networks should be used with caution\&.
+T}
+.TE
+.sp 1
+.sp
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.B Table\ \&25.\ \&802-11-wireless-security setting
+.TS
+allbox tab(:);
+lB lB lB lB.
+T{
+Key Name
+T}:T{
+Value Type
+T}:T{
+Default Value
+T}:T{
+Value Description
+T}
+.T&
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l
+l l l l.
+T{
+name
+T}:T{
+string
+T}:T{
+802\-11\-wireless\-security
+T}:T{
+The setting\*(Aqs name; these names are defined by the specification and cannot be changed after the object has been created\&.  Each setting class has a name, and all objects of that class share the same name\&.
+T}
+T{
+key\-mgmt
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Key management used for the connection\&.  One of \*(Aqnone\*(Aq (WEP), \*(Aqieee8021x\*(Aq (Dynamic WEP), \*(Aqwpa\-none\*(Aq (WPA\-PSK Ad\-Hoc), \*(Aqwpa\-psk\*(Aq (infrastructure WPA\-PSK), or \*(Aqwpa\-eap\*(Aq (WPA\-Enterprise)\&.  This property must be set for any Wi\-Fi connection that uses security\&.
+T}
+T{
+wep\-tx\-keyidx
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+When static WEP is used (ie, key\-mgmt = \*(Aqnone\*(Aq) and a non\-default WEP key index is used by the AP, put that WEP key index here\&.  Valid values are 0 (default key) through 3\&.  Note that some consumer access points (like the Linksys WRT54G) number the keys 1 \- 4\&.
+T}
+T{
+auth\-alg
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+When WEP is used (ie, key\-mgmt = \*(Aqnone\*(Aq or \*(Aqieee8021x\*(Aq) indicate the 802\&.11 authentication algorithm required by the AP here\&.  One of \*(Aqopen\*(Aq for Open System, \*(Aqshared\*(Aq for Shared Key, or \*(Aqleap\*(Aq for Cisco LEAP\&.  When using Cisco LEAP (ie, key\-mgmt = \*(Aqieee8021x\*(Aq and auth\-alg = \*(Aqleap\*(Aq) the \*(Aqleap\-username\*(Aq and \*(Aqleap\-password\*(Aq properties must be specified\&.
+T}
+T{
+proto
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+List of strings specifying the allowed WPA protocol versions to use\&.  Each element may be one \*(Aqwpa\*(Aq (allow WPA) or \*(Aqrsn\*(Aq (allow WPA2/RSN)\&.  If not specified, both WPA and RSN connections are allowed\&.
+T}
+T{
+pairwise
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+A list of pairwise encryption algorithms which prevents connections to Wi\-Fi networks that do not utilize one of the algorithms in the list\&. For maximum compatibility leave this property empty\&.  Each list element may be one of \*(Aqtkip\*(Aq or \*(Aqccmp\*(Aq\&.
+T}
+T{
+group
+T}:T{
+array of string
+T}:T{
+\ \&
+T}:T{
+A list of group/broadcast encryption algorithms which prevents connections to Wi\-Fi networks that do not utilize one of the algorithms in the list\&.  For maximum compatibility leave this property empty\&.  Each list element may be one  of \*(Aqwep40\*(Aq, \*(Aqwep104\*(Aq, \*(Aqtkip\*(Aq, or \*(Aqccmp\*(Aq\&.
+T}
+T{
+leap\-username
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The login username for legacy LEAP connections (ie, key\-mgmt = \*(Aqieee8021x\*(Aq and auth\-alg = \*(Aqleap\*(Aq)\&.
+T}
+T{
+wep\-key0
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Index 0 WEP key\&.  This is the WEP key used in most networks\&.  See the \*(Aqwep\-key\-type\*(Aq property for a description of how this key is interpreted\&.
+T}
+T{
+wep\-key1
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Index 1 WEP key\&.  This WEP index is not used by most networks\&.  See the \*(Aqwep\-key\-type\*(Aq property for a description of how this key is interpreted\&.
+T}
+T{
+wep\-key2
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Index 2 WEP key\&.  This WEP index is not used by most networks\&.  See the \*(Aqwep\-key\-type\*(Aq property for a description of how this key is interpreted\&.
+T}
+T{
+wep\-key3
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Index 3 WEP key\&.  This WEP index is not used by most networks\&.  See the \*(Aqwep\-key\-type\*(Aq property for a description of how this key is interpreted\&.
+T}
+T{
+wep\-key\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the WEP keys\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+wep\-key\-type
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Controls the interpretation of WEP keys\&.  Allowed values are 1 (interpret WEP keys as hexadecimal or ASCII keys) or 2 (interpret WEP keys as WEP Passphrases)\&.  If set to 1 and the keys are hexadecimal, they must be either 10 or 26 characters in length\&.  If set to 1 and the keys are ASCII keys, they must be either 5 or 13 characters in length\&.  If set to 2, the passphrase is hashed using  the de\-facto MD5 method to derive the actual WEP key\&.
+T}
+T{
+psk
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+Pre\-Shared\-Key for WPA networks\&.  If the key is 64\-characters long, it must contain only hexadecimal characters and is interpreted as a hexadecimal WPA key\&.  Otherwise, the key must be between 8 and 63 ASCII characters (as specified in the 802\&.11i standard) and is interpreted as a WPA passphrase, and is hashed to derive the actual WPA\-PSK used when connecting to the Wi\-Fi network\&.
+T}
+T{
+psk\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the WPA PSK key\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+T{
+leap\-password
+T}:T{
+string
+T}:T{
+\ \&
+T}:T{
+The login password for legacy LEAP connections (ie, key\-mgmt = \*(Aqieee8021x\*(Aq and auth\-alg = \*(Aqleap\*(Aq)\&.
+T}
+T{
+leap\-password\-flags
+T}:T{
+uint32
+T}:T{
+0
+T}:T{
+Flags indicating how to handle the LEAP password\&. (see the section called \(lqSecret flag types:\(rq for flag values)
+T}
+.TE
+.sp 1
+.SS "Secret flag types:"
+.PP
+Each secret property in a setting has an associated
+\fIflags\fR
+property that describes how to handle that secret\&. The
+\fIflags\fR
+property is a bitfield that contains zero or more of the following values logically OR\-ed together\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+0x0 (none) \- the system is responsible for providing and storing this secret\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+0x1 (agent\-owned) \- a user\-session secret agent is responsible for providing and storing this secret; when it is required, agents will be asked to provide it\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+0x2 (not\-saved) \- this secret should not be saved but should be requested from the user each time it is required\&. This flag should be used for One\-Time\-Pad secrets, PIN codes from hardware tokens, or if the user simply does not want to save the secret\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+0x4 (not\-required) \- in some situations it cannot be automatically determined that a secret is required or not\&. This flag hints that the secret is not required and should not be requested from the user\&.
+.RE
+.SH "AUTHOR"
+.PP
+NetworkManager developers
+.SH "FILES"
+.PP
+/etc/NetworkManager/system\-connections
+.PP
+or distro plugin\-specific location
+.SH "SEE ALSO"
+.PP
+https://live\&.gnome\&.org/NetworkManagerConfiguration
+.PP
+NetworkManager(8), nmcli(1), nmcli\-examples(5), NetworkManager\&.conf(5)