Merge branch 'upstream' into tizen

Change-Id: Ia439bcb6c0311b7e157318cfc2ab4a12a974f9b4
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>

5 files changed, 981 insertions, 0 deletions

diff --git a/doc/coding-style.txt b/doc/coding-style.txt
new file mode 100644
index 00000000..97410ce7
--- /dev/null
+++ b/doc/coding-style.txt
@@ -0,0 +1,344 @@
+Every project has its coding style, and ConnMan is not an exception. This
+document describes the preferred coding style for ConnMan code, in order to keep
+some level of consistency among developers so that code can be easily
+understood and maintained, and also to help your code survive under
+maintainer's fastidious eyes so that you can get a passport for your patch
+ASAP.
+
+First of all, ConnMan coding style must follow every rule for Linux kernel
+(http://www.kernel.org/doc/Documentation/CodingStyle). There also exists a tool
+named checkpatch.pl to help you check the compliance with it. Just type
+"checkpatch.pl --no-tree patch_name" to check your patch. In theory, you need
+to clean up all the warnings and errors except this one: "ERROR: Missing
+Signed-off-by: line(s)". ConnMan does not used Signed-Off lines, so including
+them is actually an error.  In certain circumstances one can ignore the 80
+character per line limit.  This is generally only allowed if the alternative
+would make the code even less readable.
+
+Besides the kernel coding style above, ConnMan has special flavors for its own.
+Some of them are mandatory (marked as 'M'), while some others are optional
+(marked as 'O'), but generally preferred.
+
+M1: Blank line before and after an if/while/do/for statement
+============================================================
+There should be a blank line before if statement unless the if is nested and
+not preceded by an expression or variable declaration.
+
+Example:
+1)
+a = 1;
+if (b) {  // wrong
+
+2)
+a = 1
+
+if (b) {
+}
+a = 2;	// wrong
+
+3)
+if (a) {
+	if (b)  // correct
+
+4)
+b = 2;
+
+if (a) {	// correct
+
+}
+
+b = 3;
+
+The only exception to this rule applies when a variable is being allocated:
+array = g_try_new0(int, 20);
+if (!array)	// Correct
+	return;
+
+
+M2: Multiple line comment
+=========================
+If your comments have more then one line, please start it from the second line.
+
+Example:
+/*
+ * first line comment	// correct
+ * ...
+ * last line comment
+ */
+
+
+M3: Space before and after operator
+===================================
+There should be a space before and after each operator.
+
+Example:
+a + b;  // correct
+
+
+M4: Wrap long lines
+===================
+If your condition in if, while, for statement or a function declaration is too
+long to fit in one line, the new line needs to be indented not aligned with the
+body.
+
+Example:
+1)
+if (call->status == CALL_STATUS_ACTIVE ||
+	call->status == CALL_STATUS_HELD) {  // wrong
+	connman_dbus_dict_append();
+
+2)
+if (call->status == CALL_STATUS_ACTIVE ||
+		call->status == CALL_STATUS_HELD) {  // correct
+	connman_dbus_dict_append();
+
+3)
+gboolean sim_ust_is_available(unsigned char *service_ust, unsigned char len,
+	enum sim_ust_service index) // wrong
+{
+	int a;
+	...
+}
+
+4)
+gboolean sim_ust_is_available(unsigned char *service_ust, unsigned char len,
+					enum sim_ust_service index) // correct
+{
+	int a;
+	...
+}
+
+If the line being wrapped is a function call or function declaration, the
+preferred style is to indent at least past the opening parenthesis. Indenting
+further is acceptable as well (as long as you don't hit the 80 character
+limit).
+
+If this is not possible due to hitting the 80 character limit, then indenting
+as far as possible to the right without hitting the limit is preferred.
+
+Example:
+
+1)
+gboolean sim_ust_is_available(unsigned char *service_ust, unsigned char len,
+		enum sim_ust_service index); // worse
+
+2)
+gboolean sim_ust_is_available(unsigned char *service_ust, unsigned char len,
+						enum sim_ust_service index);
+						// better
+
+M5: Git commit message 50/72 formatting
+=======================================
+The commit message header should be within 50 characters. And if you have
+detailed explanatory text, wrap it to 72 character.
+
+
+M6: Space when doing type casting
+=================================
+There should be a space between new type and variable.
+
+Example:
+1)
+a = (int *)b;  // wrong
+2)
+a = (int *) b;  // correct
+
+
+M7: Don't initialize variable unnecessarily
+===========================================
+When declaring a variable, try not to initialize it unless necessary.
+
+Example:
+int i = 1;  // wrong
+
+for (i = 0; i < 3; i++) {
+}
+
+
+M8: Use g_try_malloc instead of g_malloc
+========================================
+When g_malloc fails, the whole program would exit. Most of time, this is not
+the expected behavior, and you may want to use g_try_malloc instead.
+
+Example:
+additional = g_try_malloc(len - 1);  // correct
+if (!additional)
+	return FALSE;
+
+
+M9: Follow the order of include header elements
+===============================================
+When writing an include header the various elements should be in the following
+order:
+	- #includes
+	- forward declarations
+	- #defines
+	- enums
+	- typedefs
+	- function declarations and inline function definitions
+
+
+M10: Internal headers must not use include guards
+=================================================
+Any time when creating a new header file with non-public API, that header
+must not contain include guards.
+
+
+M11: Naming of enums
+====================
+
+Enums must have a descriptive name.  The enum type should be small caps and
+it should not be typedef-ed.  Enum contents should be in CAPITAL letters and
+prefixed by the enum type name.
+
+Example:
+
+enum animal_type {
+	ANIMAL_TYPE_FOUR_LEGS,
+	ANIMAL_TYPE_EIGHT_LEGS,
+	ANIMAL_TYPE_TWO_LEGS,
+};
+
+If the enum contents have values (e.g. from specification) the formatting
+should be as follows:
+
+enum animal_type {
+	ANIMAL_TYPE_FOUR_LEGS =		4,
+	ANIMAL_TYPE_EIGHT_LEGS =	8,
+	ANIMAL_TYPE_TWO_LEGS =		2,
+};
+
+M12: Enum as switch variable
+====================
+
+If the variable of a switch is an enum, you must not include a default in
+switch body. The reason for this is: If later on you modify the enum by adding
+a new type, and forget to change the switch accordingly, the compiler will
+complain the new added type hasn't been handled.
+
+Example:
+
+enum animal_type {
+	ANIMAL_TYPE_FOUR_LEGS =		4,
+	ANIMAL_TYPE_EIGHT_LEGS =	8,
+	ANIMAL_TYPE_TWO_LEGS =		2,
+};
+
+enum animal_type t;
+
+switch (t) {
+case ANIMAL_TYPE_FOUR_LEGS:
+	...
+	break;
+case ANIMAL_TYPE_EIGHT_LEGS:
+	...
+	break;
+case ANIMAL_TYPE_TWO_LEGS:
+	...
+	break;
+default:  // wrong
+	break;
+}
+
+However if the enum comes from an external header file outside ConnMan
+we cannot make any assumption of how the enum is defined and this
+rule might not apply.
+
+M13: Check for pointer being NULL
+=================================
+
+When checking if a pointer or a return value is NULL, use the
+check with "!" operator.
+
+Example:
+1)
+array = g_try_new0(int, 20);
+if (!array)	// Correct
+	return;
+
+2)
+if (!g_at_chat_get_slave(chat))	// Correct
+	return -EINVAL;
+
+3)
+array = g_try_new0(int, 20);
+if (array == NULL)	// Wrong
+	return;
+
+
+M14: Always use parenthesis with sizeof
+=======================================
+The expression argument to the sizeof operator should always be in
+parenthesis, too.
+
+Example:
+1)
+memset(stuff, 0, sizeof(*stuff));
+
+2)
+memset(stuff, 0, sizeof *stuff); // Wrong
+
+
+M15: Use void if function has no parameters
+===========================================================
+A function with no parameters must use void in the parameter list.
+
+Example:
+1)
+void foo(void)
+{
+}
+
+2)
+void foo()	// Wrong
+{
+}
+
+M16: Don't use hex value with shift operators
+==============================================
+The expression argument to the shift operators should not be in hex.
+
+Example:
+
+1)
+1 << y
+
+2)
+0x1 << y	// Wrong
+
+O1: Shorten the name
+====================
+Better to use abbreviation, rather than full name, to name a variable,
+function, struct, etc.
+
+Example:
+supplementary_service  // too long
+ss  // better
+
+O2: Try to avoid complex if body
+================================
+It's better not to have a complicated statement for if. You may judge its
+contrary condition and return | break | continue | goto ASAP.
+
+Example:
+1)
+if (a) {  // worse
+	struct voicecall *v;
+	call = synthesize_outgoing_call(vc, vc->pending);
+	v = voicecall_create(vc, call);
+	v->detect_time = time(NULL);
+	DBG("Registering new call: %d", call->id);
+	voicecall_dbus_register(v);
+} else
+	return;
+
+2)
+if (!a)
+	return;
+
+struct voicecall *v;
+call = synthesize_outgoing_call(vc, vc->pending);
+v = voicecall_create(vc, call);
+v->detect_time = time(NULL);
+DBG("Registering new call: %d", call->id);
+voicecall_dbus_register(v);
diff --git a/doc/connmanctl.1 b/doc/connmanctl.1
new file mode 100644
index 00000000..b71c6e62
--- /dev/null
+++ b/doc/connmanctl.1
@@ -0,0 +1,190 @@
+.TH connmanctl 1 07/31/2012 "" "User Commands for Connman CLI"
+.SH
+NAME
+connmanctl \- Connman CLI
+.SH
+SYNOPSIS
+.BR connmanctl " ["
+.BR enable " <technology> | "
+.BR offlinemode "] ["
+.BR disable " <technology> | "
+.BR offlinemode "] ["
+.BR technologies "] ["
+.BR state "] ["
+.BR services " [\-\-properties <service>]] ["
+.BR scan " <technology>] ["
+.BR connect " <service>] ["
+.BR config " <service> \-\-<option> ARGS...] ["
+.BR help " | \-\-help]"
+.PP
+.SH
+DESCRIPTION
+Connmanctl is a Connman command line interface which can be run in two modes:
+a plain synchronous command input, and an asynchronous interactive shell.
+To run a specific command the user may enter connmanctl <command> [options]
+[args], or enter connmanctl; in this case, the program will drop into the
+interactive shell.
+.PP
+Connmantl can handle most simple network connections. It is able to enable/
+disable any technology that exists on the system, display a list of
+services available, connect to/disconnect from any unsecured networks,
+show properties of the system, the technologies, and any individual
+service, and configure all of the properties. It is also able to monitor
+changes in the properties of the services, technologies, and the system.
+.PP
+In the interactive shell, all of the same commands can be used. It
+provides quicker usage when needing to use connmanctl more extensively.
+.SH
+COMMANDS AND OPTIONS
+.TP
+.BR "help | \-\-help | " "(no arguments)"
+Shows the abbreviated help menu in the terminal.
+.PP
+.TP
+.BR enable " <technology>"
+Enables the given technology type (e.g. ethernet, wifi, 3g, etc.)
+Turns power on to the technology, but doesn't connect unless
+there is a service with autoconnect set to True.
+.PP
+.TP
+.BR disable " <technology>"
+Disables the given technology type. Turns power off to the
+technology and disconnects if it is already connected.
+.PP
+.TP
+.B enable offlinemode
+Enables offline mode. Disconnects and powers down all
+technologies system-wide, however each technology can be powered
+back on individually.
+.PP
+.TP
+.B disable offlinemode
+Disables offline mode. Technologies are powered back on according
+to their individual policies.
+.PP
+.TP
+.B technologies
+Shows a list of all technology types existing on the system and
+their properties. See the properties section of the Technology
+API for explanations of each property.
+.PP
+.TP
+.B state
+Shows the system properties. Includes ths online state of the
+system, offline mode, and session mode.
+.PP
+.TP
+.BR scan " <technology>"
+Scans for new services on the given technology.
+.PP
+.TP
+.B services
+Shows a list of all available service names. This includes the
+names of wifi networks, the wired ethernet connection, names of
+bluetooth devices, etc. These are the names used when a
+<service> command is called for. The service name
+(e.g. Joes-wifi), the service path (e.g.
+wifi_6834534139723_managed_none), or the full service path (e.g.
+/net/connman/Service/wifi_5467631...) are all accepted as valid
+input. An asterisk in front of the service indicates that the
+service is favorited, and a "C" indicates a service that is
+already connected.
+.PP
+.TP
+.BR "services \-\-properties" " <service>"
+Shows a list of all properties for that service. See the
+properties section of the Service API for explanations of each
+property.
+.PP
+.TP
+.BR connect " <service>"
+Connects to the given service if it is unsecured.
+.PP
+.TP
+.BR disconnect " <service>"
+Disconnects from the given service.
+.PP
+.TP
+.BR config " <service> " \-\-<option>
+Configures a writable property of the given service to the
+value(s) entered after --<option>.
+.PP
+.TP
+.BR monitor " [\-\-<option>]"
+Listens for and displays DBus signals sent by Connman. The option indicates
+which signals you want to subscribe to. If no option is entered, it displays
+all signals from all interfaces.
+.PP
+.SS
+Config Options:
+.PP
+.TP
+.B \-\-autoconnect=y/n
+Sets the autoconnect property of the service.
+.PP
+.TP
+.B \-\-ipv4
+Configures the IPv4 settings for the service. Enter the settings
+in the order "Method", "Address", "Netmask", then "Gateway"
+after the argument. See the properties section of the Service
+API for more information on these settings and the values
+accepted for them. It also displays a list of changes to both the
+IPv4 settings, and incidental changes to other values related to
+it.
+.PP
+.TP
+.B \-\-ipv6
+Configures the IPv6 settings for the service. Enter the settings
+in the order "Method", "Address", "PrefixLength", "Gateway", then
+"Privacy". See the properties section of the Service API for more
+information on these settings and the values accepted for them.
+It also displays a list of entered changes to the IPv6 settings,
+and incidental changes to other values related to it.
+.PP
+.TP
+.B \-\-nameservers
+Adds to the list of manually configured domain name servers.
+Enter the name servers after the argument separated by spaces.
+.PP
+.TP
+.B \-\-timeservers
+Adds to the list of manually configured time servers. Enter the
+time servers after the argument separated by spaces.
+.PP
+.TP
+.B \-\-domains
+Adds to the list of manually configured search domains. Enter
+the domains after the argument, separated by spaces.
+.PP
+.TP
+.B \-\-proxy
+Configures the IPv6 settings for the service. Enter the settings in the
+order "Method", "URL". If the Method is set to "direct", no other arguments
+are taken. If the Method is set to "auto", the URL is optional. To set the
+Servers and Excludes manually, enter "manual" followed by "servers" with a
+list of servers separated by spaces. Then, optionally, the word "excludes"
+followed by a list of excludes separated by spaces. e.g. "./connmanctl config
+joes-wifi \-\-proxy manual servers serv1 serv2 serv3 excludes excl1 excl2"
+.PP
+.SS
+Monitor Options:
+.PP
+.TP
+.B \-\-services
+Listens for and displays the PropertyChanged signal from the Service interface.
+Also displays the service name (e.g. Joes-wifi) that the property is part of.
+More information, including a list of possible properties can be found in the
+Service API.
+.PP
+.TP
+.B \-\-tech
+Listens for and displays the PropertyChanged signal from the Technology
+interface. More information, including a list of possible properties can be
+found in the Technology API.
+.PP
+.TP
+.B \-\-manager
+Listens for and displays the PropertyChanged, ServicesChanged, TechnologyAdded,
+and TechnologyRemoved signals from the Manager interface. More information on
+these signals and a list of possible properties can be found in the Manager API.
+.PP
diff --git a/doc/vpn-agent-api.txt b/doc/vpn-agent-api.txt
new file mode 100644
index 00000000..72bee9db
--- /dev/null
+++ b/doc/vpn-agent-api.txt
@@ -0,0 +1,158 @@
+Agent hierarchy
+===============
+
+Service		unique name
+Interface	net.connman.vpn.Agent
+Object path	freely definable
+
+Methods		void Release()
+
+			This method gets called when the service daemon
+			unregisters the agent. An agent can use it to do
+			cleanup tasks. There is no need to unregister the
+			agent, because when this method gets called it has
+			already been unregistered.
+
+		void ReportError(object service, string error)
+
+			This method gets called when an error has to be
+			reported to the user.
+
+			A special return value can be used to trigger a
+			retry of the failed transaction.
+
+			Possible Errors: net.connman.vpn.Agent.Error.Retry
+
+		dict RequestInput(object service, dict fields)
+
+			This method gets called when trying to connect to
+			a service and some extra input is required. For
+			example a password or username.
+
+			The return value should be a dictionary where the
+			keys are the field names and the values are the
+			actual fields. Alternatively an error indicating that
+			the request got canceled can be returned.
+
+			Most common return field names are "Username" and of
+			course "Password".
+
+			The dictionary arguments contains field names with
+			their input parameters.
+
+			Possible Errors: net.connman.vpn.Agent.Error.Canceled
+
+		void Cancel()
+
+			This method gets called to indicate that the agent
+			request failed before a reply was returned.
+
+Fields		string Username
+
+			Username for authentication. This field will be
+			requested when connecting to L2TP and PPTP.
+
+		string Password
+
+			Password for authentication.
+
+		boolean SaveCredentials
+
+			Tells if the user wants the user credentials
+			be saved by connman-vpnd.
+
+		string Host
+
+			End point of this VPN link i.e., the VPN gateway
+			we are trying to connect to.
+
+		string Name
+
+			Name of the VPN connection we are trying to connect to.
+
+		string OpenConnect.CACert
+
+			Informational field containing a path name for an
+			additional Certificate Authority file.
+
+		string OpenConnect.ClientCert
+
+			Informational field containing a pkcs11 URL or a path
+                        name for the client certificate.
+
+		string OpenConnect.Cookie
+
+			Return the OpenConnect cookie value that is used for
+			authenticating the VPN session.
+
+		string OpenConnect.ServerCert
+
+			Return the OpenConnect server hash used to identify
+			the final server after possible web authentication
+			logins, selections and redirections.
+
+		string OpenConnect.VPNHost
+
+			Return the final VPN server to use after possible
+			web authentication logins, selections and redirections.
+
+Arguments	string Type
+
+			Contains the type of a field. For example "password",
+			"response", "boolean" or plain "string".
+
+		string Requirement
+
+			Contains the requirement option. Valid values are
+			"mandatory", "optional", "alternate" or
+			"informational".
+
+			The "alternate" value specifies that this field can be
+			returned as an alternative to another one.
+
+			All "mandatory" fields must be returned, while the
+			"optional" can be returned if available.
+
+			Nothing needs to be returned for "informational", as it
+			is here only to provide an information so a value is
+			attached to it.
+
+		array{string} Alternates
+
+			Contains the list of alternate field names this
+			field can be represented by.
+
+		string Value
+
+			Contains data as a string, relatively to an
+			"informational" argument.
+
+Examples	Requesting a username and password for L2TP network
+
+			RequestInput("/vpn1",
+				{ "Username" : { "Type"        : "string",
+						 "Requirement" : "mandatory"
+						} }
+				{ "Password" : { "Type"        : "password",
+						 "Requirement" : "mandatory"
+						} }
+				{ "SaveCredentials" : { "Type" : "boolean",
+						"Requirement" : "optional"
+						}
+				}
+			==> { "Username" : "foo", "Password" : "secret123",
+				"SaveCredentials" : true }
+
+		Requesting a OpenConnect cookie
+
+			RequestInput("/vpn2",
+				{ "OpenConnect.Cookie" : { "Type" : "string",
+						 "Requirement" : "mandatory"
+							} }
+				{ "Host" : { "Type" : "string",
+					 "Requirement" : "informational"
+							} }
+				{ "Name" : { "Type" : "string",
+					 "Requirement" : "informational"
+							} }
+			==> { "OpenConnect.Cookie" : "0123456@adfsf@asasdf" }
diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
new file mode 100644
index 00000000..23c9c149
--- /dev/null
+++ b/doc/vpn-config-format.txt
@@ -0,0 +1,235 @@
+Connman configuration file format for VPN
+*****************************************
+
+Connman VPN uses configuration files to provision existing providers.
+vpnd will be looking for its configuration files at VPN_STORAGEDIR
+which by default points to /var/lib/connman-vpn. Configuration file names
+must not include other characters than letters or numbers and must have
+a .config suffix. Those configuration files are text files with a simple
+key-value pair format organized into sections. Values do not comprise leading
+trailing whitespace. We typically have one file per provisioned network.
+
+If the config file is removed, then vpnd tries to remove the
+provisioned service. If an individual service entry inside a config is removed,
+then the corresponding provisioned service is removed. If a service
+section is changed, then the corresponding service is removed and immediately
+re-provisioned.
+
+
+Global section [global]
+=======================
+
+These files can have an optional global section describing the actual file.
+The two allowed fields for this section are:
+- Name: Name of the network.
+- Description: Description of the network.
+
+
+Provider section [provider_*]
+=============================
+
+Each provisioned provider must start with the [provider_*] tag.
+Replace * with an identifier unique to the config file.
+
+Allowed fields:
+- Type: Provider type. Value of OpenConnect, OpenVPN, VPNC, L2TP or PPTP
+
+VPN related parameters (M = mandatory, O = optional):
+- Name: A user defined name for the VPN (M)
+- Host: VPN server IP address (M)
+- Domain: Domain name for the VPN service (M)
+- Networks: The networks behind the VPN link can be defined here. This can
+  be missing if all traffic should go via VPN tunnel. If there are more
+  than one network, then separate them by comma. Format of the entry
+  is network/netmask/gateway. The gateway can be left out. (O)
+  Example: 192.168.100.0/24/10.1.0.1,192.168.200.0/255.255.255.0/10.1.0.2
+  For IPv6 addresses only prefix length is accepted like this 2001:db8::1/64
+
+OpenConnect VPN supports following options (see openconnect(8) for details):
+ Option name            OpenConnect option Description
+ OpenConnect.ServerCert --servercert       SHA1 certificate fingerprint of the
+                                           final VPN server after possible web
+                                           authentication login, selection and
+                                           redirection (O)
+ OpenConnect.CACert     --cafile           File containing other Certificate
+                                           Authorities in addition to the ones
+                                           in the system trust database (O)
+ OpenConnect.ClientCert --certificate      Client certificate file, if needed
+                                           by web authentication (O)
+ VPN.MTU                --mtu              Request MTU from server as the MTU
+                                           of the tunnel (O)
+ OpenConnect.Cookie     --cookie-on-stdin  Cookie received as a result of the
+                                           web authentication. As the cookie
+                                           lifetime can be very limited, it
+                                           does not usually make sense to add
+                                           it into the configuration file (O)
+ OpenConnect.VPNHost                       The final VPN server to use after
+                                           completing the web authentication.
+                                           Only usable for extremely simple VPN
+                                           configurations and should normally
+                                           be set only via the VPN Agent API.
+If OpenConnect.Cookie or OpenConnect.ServerCert are missing, the VPN Agent will
+be contacted to supply the information.
+
+OpenVPN VPN supports following options (see openvpn(8) for details):
+ Option name            OpenVPN option   Description
+ OpenVPN.CACert         --ca             Certificate authority file (M)
+ OpenVPN.Cert           --cert           Local peer's signed certificate (M)
+ OpenVPN.Key            --key            Local peer's private key (M)
+ OpenVPN.MTU            --mtu            MTU of the tunnel (O)
+ OpenVPN.NSCertType     --ns-cert-type   Peer certificate type, value of
+                                         either server or client (O)
+ OpenVPN.Proto          --proto          Use protocol (O)
+ OpenVPN.Port           --port           TCP/UDP port number (O)
+ OpenVPN.AuthUserPass   --auth-user-pass Authenticate with server using
+                                         username/password (O)
+ OpenVPN.AskPass        --askpass        Get certificate password from file (O)
+ OpenVPN.AuthNoCache    --auth-nocache   Don't cache --askpass or
+                                         --auth-user-pass value (O)
+ OpenVPN.TLSRemote      --tls-remote     Accept connections only from a host
+                                         with X509 name or common name equal
+                                         to name parameter (O)
+ OpenVPN.TLSAuth        sub-option of --tls-remote (O)
+ OpenVPN.TLSAuthDir     sub-option of --tls-remote (O)
+ OpenVPN.Cipher         --cipher         Encrypt packets with cipher algorithm
+                                         given as parameter (O)
+ OpenVPN.Auth           --auth           Authenticate  packets with HMAC using
+                                         message digest algorithm alg (O)
+ OpenVPN.CompLZO        --comp-lzo       Use  fast  LZO compression. Value can
+                                         be "yes", "no", or "adaptive". Default
+                                         is adaptive (O)
+ OpenVPN.RemoteCertTls  --remote-cert-tls Require that peer certificate was
+                                          signed based on RFC3280 TLS rules.
+                                          Value is "client" or "server" (O)
+ OpenVPN.ConfigFile     --config         OpenVPN config file that can contain
+                                         extra options not supported by OpenVPN
+                                         plugin (O)
+
+VPNC VPN supports following options (see vpnc(8) for details):
+ Option name         VPNC config value     Description
+ VPNC.IPSec.ID       IPSec ID              your group username (M)
+ VPNC.IPSec.Secret   IPSec secret          your group password (cleartext) (O)
+ VPNC.Xauth.Username Xauth username        your username (O)
+ VPNC.Xauth.Password Xauth password        your password (cleartext) (O)
+ VPNC.IKE.Authmode   IKE Authmode          IKE Authentication mode (O)
+ VPNC.IKE.DHGroup    IKE DH Group          name of the IKE DH Group (O)
+ VPNC.PFS Perfect    Forward Secrecy       Diffie-Hellman group to use for PFS (O)
+ VPNC.Domain         Domain                Domain name for authentication (O)
+ VPNC.Vendor         Vendor                vendor of your IPSec gateway (O)
+ VPNC.LocalPort      Local Port            local ISAKMP port number to use
+ VPNC.CiscoPort      Cisco UDP Encapsulation Port  Local UDP port number to use (O)
+ VPNC.AppVersion     Application Version   Application Version to report (O)
+ VPNC.NATTMode       NAT Traversal Mode    Which NAT-Traversal Method to use (O)
+ VPNC.DPDTimeout     DPD idle timeout (our side)  Send DPD packet after timeout (O)
+ VPNC.SingleDES      Enable Single DES     enables single DES encryption (O)
+ VPNC.NoEncryption   Enable no encryption  enables using no encryption for data traffic (O)
+
+L2TP VPN supports following options (see xl2tpd.conf(5) and pppd(8) for details)
+ Option name         xl2tpd config value    Description
+ L2TP.User           -                      L2TP user name, asked from the user
+                                            if not set here (O)
+ L2TP.Password       -                      L2TP password, asked from the user
+                                            if not set here (O)
+ L2TP.BPS            bps                    Max bandwith to use (O)
+ L2TP.TXBPS          tx bps                 Max transmit bandwith to use (O)
+ L2TP.RXBPS          rx bps                 Max receive bandwith to use (O)
+ L2TP.LengthBit      length bit             Use length bit (O)
+ L2TP.Challenge      challenge              Use challenge authentication (O)
+ L2TP.DefaultRoute   defaultroute           Default route (O)
+ L2TP.FlowBit        flow bit               Use seq numbers (O)
+ L2TP.TunnelRWS      tunnel rws             Window size (O)
+ L2TP.Exclusive      exclusive              Use only one control channel (O)
+ L2TP.Redial         redial                 Redial if disconnected (O)
+ L2TP.RedialTimeout  redial timeout         Redial timeout (O)
+ L2TP.MaxRedials     max redials            How many times to try redial (O)
+ L2TP.RequirePAP     require pap            Need pap (O)
+ L2TP.RequireCHAP    require chap           Need chap (O)
+ L2TP.ReqAuth        require authentication Need auth (O)
+ L2TP.AccessControl  access control         Accept only these peers (O)
+ L2TP.AuthFile       auth file              Authentication file location (O)
+ L2TP.ListenAddr     listen-addr            Listen address (O)
+ L2TP.IPsecSaref     ipsec saref            Use IPSec SA (O)
+ L2TP.Port           port                   What UDP port is used (O)
+
+ Option name         pppd config value      Description
+ PPPD.EchoFailure    lcp-echo-failure       Dead peer check count (O)
+ PPPD.EchoInterval   lcp-echo-interval      Dead peer check interval (O)
+ PPPD.Debug          debug                  Debug level (O)
+ PPPD.RefuseEAP      refuse-eap             Deny eap auth (O)
+ PPPD.RefusePAP      refuse-pap             Deny pap auth (O)
+ PPPD.RefuseCHAP     refuse-chap            Deny chap auth (O)
+ PPPD.RefuseMSCHAP   refuse-mschap          Deny mschap auth (O)
+ PPPD.RefuseMSCHAP2  refuse-mschapv2        Deny mschapv2 auth (O)
+ PPPD.NoBSDComp      nobsdcomp              Disables BSD compression (O)
+ PPPD.NoPcomp        nopcomp                Disable protocol compression (O)
+ PPPD.UseAccomp      accomp                 Disable address/control compression (O)
+ PPPD.NoDeflate      nodeflate              Disable deflate compression (O)
+ PPPD.ReqMPPE        require-mppe           Require the use of MPPE (O)
+ PPPD.ReqMPPE40      require-mppe-40        Require the use of MPPE 40 bit (O)
+ PPPD.ReqMPPE128     require-mppe-128       Require the use of MPPE 128 bit (O)
+ PPPD.ReqMPPEStateful mppe-stateful         Allow MPPE to use stateful mode (O)
+ PPPD.NoVJ           no-vj-comp             No Van Jacobson compression (O)
+
+
+PPTP VPN supports following options (see pptp(8) and pppd(8) for details)
+ Option name         pptp config value    Description
+ PPTP.User           -                    PPTP user name, asked from the user
+                                          if not set here (O)
+ PPTP.Password       -                    PPTP password, asked from the user
+                                          if not set here (O)
+
+ Option name         pppd config value    Description
+ PPPD.EchoFailure    lcp-echo-failure     Dead peer check count (O)
+ PPPD.EchoInterval   lcp-echo-interval    Dead peer check interval (O)
+ PPPD.Debug          debug                Debug level (O)
+ PPPD.RefuseEAP      refuse-eap           Deny eap auth (O)
+ PPPD.RefusePAP      refuse-pap           Deny pap auth (O)
+ PPPD.RefuseCHAP     refuse-chap          Deny chap auth (O)
+ PPPD.RefuseMSCHAP   refuse-mschap        Deny mschap auth (O)
+ PPPD.RefuseMSCHAP2  refuse-mschapv2      Deny mschapv2 auth (O)
+ PPPD.NoBSDComp      nobsdcomp            Disables BSD compression (O)
+ PPPD.NoDeflate      nodeflate            Disable deflate compression (O)
+ PPPD.RequirMPPE     require-mppe         Require the use of MPPE (O)
+ PPPD.RequirMPPE40   require-mppe-40      Require the use of MPPE 40 bit (O)
+ PPPD.RequirMPPE128  require-mppe-128     Require the use of MPPE 128 bit (O)
+ PPPD.RequirMPPEStateful mppe-stateful    Allow MPPE to use stateful mode (O)
+ PPPD.NoVJ           no-vj-comp           No Van Jacobson compression (O)
+
+
+Example
+=======
+
+This is a configuration file for a VPN providing L2TP, OpenVPN and
+OpenConnect services.
+
+
+example@example:[~]$ cat /var/lib/connman/vpn/example.config
+[global]
+Name = Example
+Description = Example VPN configuration
+
+[provider_l2tp]
+Type = L2TP
+Name = Connection to corporate network
+Host = 1.2.3.4
+Domain = corporate.com
+Networks = 10.10.30.0/24
+L2TP.User = username
+
+[provider_openconnect]
+Type = OpenConnect
+Name = Connection to corporate network using Cisco VPN
+Host = 7.6.5.4
+Domain = corporate.com
+Networks = 10.10.20.0/255.255.255.0/10.20.1.5,192.168.99.1/24,2001:db8::1/64
+OpenConnect.ServerCert = 263AFAB4CB2E6621D12E90182008AEF44AEFA031
+OpenConnect.CACert = /etc/certs/certificate.p12
+
+[provider_openvpn]
+Type = OpenVPN
+Name = Connection to corporate network using OpenVPN
+Host = 3.2.5.6
+Domain = my.home.network
+OpenVPN.CACert = /etc/certs/cacert.pem
+OpenVPN.Cert = /etc/certs/cert.pem
+OpenVPN.Key = /etc/certs/cert.key
diff --git a/doc/wifi-p2p-overview.txt b/doc/wifi-p2p-overview.txt
new file mode 100644
index 00000000..73b677c5
--- /dev/null
+++ b/doc/wifi-p2p-overview.txt
@@ -0,0 +1,54 @@
+WiFi P2P Functionality [experimental]
+*************************************
+
+Note: Nothing about WiFi P2P Services is exposed, this is yet to be specified.
+
+Summary
+=======
+
+WiFi P2P is supported as follows:
+- if hardware and wpa_supplicant supports it, a "p2p" technology will appear
+  in the technology list
+- "p2p" technology, as for "wifi" technology, supports a Scan() method. Such
+  method will trigger a P2P find process. The results will be available
+  through the Manager interface, comparable to services being available
+  through this same interface after a Scan() on "wifi" technology.
+- the result of a "p2p" Scan() consists into a list of "peer" objects
+- it is then possible to access peer information, connecting and disconnecting
+  it via the Peer API.
+
+
+API Usage
+=========
+
+The UI willing to access to WiFi P2P technology should proceed this way:
+- Request Manager.GetTechnologies() and figure out from the result if "p2p"
+  technology is provided. What comes next implies this successful case.
+- Add a listener to signal Manager.PeersChanged(): this signal will provide
+  the results of a "p2p" technology Scan().
+- From the "p2p" technology object, request a Technology.Scan() method. This
+  will run for a while a P2P find process.
+- If P2P peers are found, it will be signaled through Manager.PeersChanged().
+  Objects are "Peer" objects. UI might use Manager.GetPeers() instead, if
+  listening to a signal is not the preferred way.
+- Once selected the proper Peer object, request a Peer.Connect() method on it
+  so it will connect to it. Peer.Disconnect() will disconnect.
+
+Internals
+=========
+
+Through such API, everything is made to hide irrelevant informations for the
+applications, which are:
+
+- Everything related to the P2P group and the Group Owner (GO)
+- All low level peer settings
+- All Service Request Discovery mechanism
+
+Hiding this mean ConnMan will handle it properly behind.
+
+For instance, if you connect to a Peer which happens to be a persistent GO
+ConnMan will notice it and store the Group information for a later connection
+to speed up such connection.
+
+For Service Discovery (SD), this will be handled the same way: silently
+behind, by ConnMan.