Bug#1032939: unblock: network-manager/1.42.4-1

[Michael Biebl <biebl@debian.org>]

Forgot to attach the debdiff.

I've filtered out generated files (like Makfile.in) and po/*


diff --git a/NEWS b/NEWS
index 539f7236e1..9226888545 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,31 @@
+===============================================
+NetworkManager-1.42.4
+Overview of changes since NetworkManager-1.42.2
+===============================================
+
+* Fix a possible crash when [global-dns] is used and improve the
+  documentation.
+* Documentation improvements.
+
+===============================================
+NetworkManager-1.42.2
+Overview of changes since NetworkManager-1.42.0
+===============================================
+
+* Add build option to set the mobile-broadband-provider-info database
+  path.
+* Add new "ipv[46].replace-local-rule" setting to control whether to
+  remove the local route rule that is automatically generated.
+* Add the DHCPv6 IAID to the lease information exposed in /run and on
+  D-Bus.
+* Fix assuming team connections at boot.
+* Fix race condition when setting the MAC address of an OVS interface.
+* Fix constructing the IPv4 name servers variable passed to dispatcher
+  scripts.
+* Don't use tentative IPv6 address to resolve the system hostname via DNS.
+* Deprecate the "Master" property of the NMActiveConnection D-Bus object
+  in favor of the new "Controller" property.
+
 =============================================
 NetworkManager-1.42
 Overview of changes since NetworkManager-1.40
diff --git a/configure.ac b/configure.ac
index bff496795d..329262150b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8,7 +8,7 @@ dnl    "shared/nm-version-macros.h.in"
 dnl  - update number in meson.build
 m4_define([nm_major_version], [1])
 m4_define([nm_minor_version], [42])
-m4_define([nm_micro_version], [0])
+m4_define([nm_micro_version], [4])
 m4_define([nm_version],
           [nm_major_version.nm_minor_version.nm_micro_version])
 
diff --git a/debian/changelog b/debian/changelog
index cfc138770d..c310403309 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,28 @@
+network-manager (1.42.4-1) unstable; urgency=medium
+
+  * New upstream version 1.42.4
+  * Rebase patches
+  * Use execute_before instead of override for dh_install
+
+ -- Michael Biebl <biebl@debian.org>  Thu, 09 Mar 2023 19:42:33 +0100
+
+network-manager (1.42.2-2) unstable; urgency=medium
+
+  * dnsmasq: process both global and per-device configuration.
+    Cherry-pick upstream patch to fix a regression introduced in 1.42 when
+    using the dnsmasq DNS backend and a global DNS configuration.
+    (Closes: #1031891)
+
+ -- Michael Biebl <biebl@debian.org>  Fri, 03 Mar 2023 17:57:30 +0100
+
+network-manager (1.42.2-1) unstable; urgency=medium
+
+  * New upstream version 1.42.2
+  * Drop patches merged upstream
+  * Update symbols file for libnm0
+
+ -- Michael Biebl <biebl@debian.org>  Thu, 23 Feb 2023 17:53:42 +0100
+
 network-manager (1.42.0-1) unstable; urgency=medium
 
   * New upstream version 1.42.0
diff --git a/debian/libnm0.symbols b/debian/libnm0.symbols
index 947f352095..ce5311d14d 100644
--- a/debian/libnm0.symbols
+++ b/debian/libnm0.symbols
@@ -33,6 +33,7 @@ libnm.so.0 libnm0 #MINVER#
  libnm_1_40_0@libnm_1_40_0 1.40.0
  libnm_1_40_4@libnm_1_40_4 1.40.4
  libnm_1_42_0@libnm_1_42_0 1.42.0
+ libnm_1_42_2@libnm_1_42_2 1.42.2
  libnm_1_4_0@libnm_1_4_0 1.4.0
  libnm_1_6_0@libnm_1_6_0 1.6.0
  libnm_1_8_0@libnm_1_8_0 1.8.0
@@ -56,6 +57,7 @@ libnm.so.0 libnm0 #MINVER#
  nm_activation_state_flags_get_type@libnm_1_10_0 1.10.0
  nm_active_connection_get_connection@libnm_1_0_0 1.0.0
  nm_active_connection_get_connection_type@libnm_1_0_0 1.0.0
+ nm_active_connection_get_controller@libnm_1_42_2 1.42.2
  nm_active_connection_get_default6@libnm_1_0_0 1.0.0
  nm_active_connection_get_default@libnm_1_0_0 1.0.0
  nm_active_connection_get_devices@libnm_1_0_0 1.0.0
@@ -1054,6 +1056,7 @@ libnm.so.0 libnm0 #MINVER#
  nm_setting_ip_config_get_num_dns_searches@libnm_1_0_0 1.0.0
  nm_setting_ip_config_get_num_routes@libnm_1_0_0 1.0.0
  nm_setting_ip_config_get_num_routing_rules@libnm_1_18_0 1.18.0
+ nm_setting_ip_config_get_replace_local_rule@libnm_1_42_2 1.42.2
  nm_setting_ip_config_get_required_timeout@libnm_1_30_8 1.34.0
  nm_setting_ip_config_get_required_timeout@libnm_1_32_4 1.32.12
  nm_setting_ip_config_get_route@libnm_1_0_0 1.0.0
diff --git a/debian/org.freedesktop.NetworkManager.rules b/debian/org.freedesktop.NetworkManager.rules
index 83b05767b1..9e2b20d7b9 100644
--- a/debian/org.freedesktop.NetworkManager.rules
+++ b/debian/org.freedesktop.NetworkManager.rules
@@ -1,7 +1,7 @@
 polkit.addRule(function(action, subject) {
-  if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
-	subject.local && subject.active && 
-	(subject.isInGroup ("sudo") || subject.isInGroup ("netdev"))) {
-    return polkit.Result.YES;
-  }
+    if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
+        subject.local && subject.active &&
+        (subject.isInGroup ("sudo") || subject.isInGroup ("netdev"))) {
+        return polkit.Result.YES;
+    }
 });
diff --git a/debian/patches/libnm-docs-fix-gtk-doc-generation-for-settings.patch b/debian/patches/libnm-docs-fix-gtk-doc-generation-for-settings.patch
deleted file mode 100644
index afb66d14c9..0000000000
--- a/debian/patches/libnm-docs-fix-gtk-doc-generation-for-settings.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From: Thomas Haller <thaller@redhat.com>
-Date: Fri, 10 Feb 2023 16:31:50 +0100
-Subject: libnm/docs: fix gtk-doc generation for settings
-
-Marking "nm-core-types.h" as to be ignored by gtk-doc, causes many files
-to have the wrong names:
-
-    /docs/libnm/html/{NMConnection.html => libnm-NMConnection.html}
-    /docs/libnm/html/{NMSetting.html => libnm-NMSetting.html}
-    /docs/libnm/html/{NMSetting6Lowpan.html => libnm-NMSetting6Lowpan.html}
-    /docs/libnm/html/{NMSetting8021x.html => libnm-NMSetting8021x.html}
-    /docs/libnm/html/{NMSettingAdsl.html => libnm-NMSettingAdsl.html}
-    /docs/libnm/html/{NMSettingBluetooth.html => libnm-NMSettingBluetooth.html}
-    /docs/libnm/html/{NMSettingBond.html => libnm-NMSettingBond.html}
-    /docs/libnm/html/{NMSettingBondPort.html => libnm-NMSettingBondPort.html}
-    /docs/libnm/html/{NMSettingBridge.html => libnm-NMSettingBridge.html}
-    /docs/libnm/html/{NMSettingBridgePort.html => libnm-NMSettingBridgePort.html}
-    /docs/libnm/html/{NMSettingCdma.html => libnm-NMSettingCdma.html}
-    /docs/libnm/html/{NMSettingConnection.html => libnm-NMSettingConnection.html}
-    /docs/libnm/html/{NMSettingDcb.html => libnm-NMSettingDcb.html}
-    /docs/libnm/html/{NMSettingDummy.html => libnm-NMSettingDummy.html}
-    /docs/libnm/html/{NMSettingEthtool.html => libnm-NMSettingEthtool.html}
-    /docs/libnm/html/{NMSettingGeneric.html => libnm-NMSettingGeneric.html}
-    /docs/libnm/html/{NMSettingGsm.html => libnm-NMSettingGsm.html}
-    /docs/libnm/html/{NMSettingHostname.html => libnm-NMSettingHostname.html}
-    /docs/libnm/html/{NMSettingIP4Config.html => libnm-NMSettingIP4Config.html}
-    /docs/libnm/html/{NMSettingIP6Config.html => libnm-NMSettingIP6Config.html}
-    /docs/libnm/html/{NMSettingIPConfig.html => libnm-NMSettingIPConfig.html}
-    /docs/libnm/html/{NMSettingIPTunnel.html => libnm-NMSettingIPTunnel.html}
-    /docs/libnm/html/{NMSettingInfiniband.html => libnm-NMSettingInfiniband.html}
-    /docs/libnm/html/{NMSettingMacsec.html => libnm-NMSettingMacsec.html}
-    /docs/libnm/html/{NMSettingMacvlan.html => libnm-NMSettingMacvlan.html}
-    /docs/libnm/html/{NMSettingMatch.html => libnm-NMSettingMatch.html}
-    /docs/libnm/html/{NMSettingOlpcMesh.html => libnm-NMSettingOlpcMesh.html}
-    /docs/libnm/html/{NMSettingOvsBridge.html => libnm-NMSettingOvsBridge.html}
-    /docs/libnm/html/{NMSettingOvsDpdk.html => libnm-NMSettingOvsDpdk.html}
-    /docs/libnm/html/{NMSettingOvsExternalIDs.html => libnm-NMSettingOvsExternalIDs.html}
-    /docs/libnm/html/{NMSettingOvsInterface.html => libnm-NMSettingOvsInterface.html}
-    /docs/libnm/html/{NMSettingOvsPatch.html => libnm-NMSettingOvsPatch.html}
-    /docs/libnm/html/{NMSettingOvsPort.html => libnm-NMSettingOvsPort.html}
-    /docs/libnm/html/{NMSettingPpp.html => libnm-NMSettingPpp.html}
-    /docs/libnm/html/{NMSettingPppoe.html => libnm-NMSettingPppoe.html}
-    /docs/libnm/html/{NMSettingProxy.html => libnm-NMSettingProxy.html}
-    /docs/libnm/html/{NMSettingSerial.html => libnm-NMSettingSerial.html}
-    /docs/libnm/html/{NMSettingSriov.html => libnm-NMSettingSriov.html}
-    /docs/libnm/html/{NMSettingTCConfig.html => libnm-NMSettingTCConfig.html}
-    /docs/libnm/html/{NMSettingTeam.html => libnm-NMSettingTeam.html}
-    /docs/libnm/html/{NMSettingTeamPort.html => libnm-NMSettingTeamPort.html}
-    /docs/libnm/html/{NMSettingTun.html => libnm-NMSettingTun.html}
-    /docs/libnm/html/{NMSettingUser.html => libnm-NMSettingUser.html}
-    /docs/libnm/html/{NMSettingVeth.html => libnm-NMSettingVeth.html}
-    /docs/libnm/html/{NMSettingVlan.html => libnm-NMSettingVlan.html}
-    /docs/libnm/html/{NMSettingVpn.html => libnm-NMSettingVpn.html}
-    /docs/libnm/html/{NMSettingVrf.html => libnm-NMSettingVrf.html}
-    /docs/libnm/html/{NMSettingVxlan.html => libnm-NMSettingVxlan.html}
-    /docs/libnm/html/{NMSettingWifiP2P.html => libnm-NMSettingWifiP2P.html}
-    /docs/libnm/html/{NMSettingWimax.html => libnm-NMSettingWimax.html}
-    /docs/libnm/html/{NMSettingWireGuard.html => libnm-NMSettingWireGuard.html}
-    /docs/libnm/html/{NMSettingWired.html => libnm-NMSettingWired.html}
-    /docs/libnm/html/{NMSettingWireless.html => libnm-NMSettingWireless.html}
-    /docs/libnm/html/{NMSettingWirelessSecurity.html => libnm-NMSettingWirelessSecurity.html}
-    /docs/libnm/html/{NMSettingWpan.html => libnm-NMSettingWpan.html}
-    /docs/libnm/html/{NMSimpleConnection.html => libnm-NMSimpleConnection.html}
-
-Revert that part of the change. Even if this regresses other problems.
-
-Fixes: 1330292d057c ('docs/libnm: fix gtkdoc-scan ignore lists')
-(cherry picked from commit f0e3ca09c9d3a3196bee232307e42f008eb4baf2)
-(cherry picked from commit 51b67d43275af5d7ab50d9b293b60d425925ac9b)
----
- docs/libnm/Makefile.am | 2 --
- docs/libnm/meson.build | 2 --
- 2 files changed, 4 deletions(-)
-
-diff --git a/docs/libnm/Makefile.am b/docs/libnm/Makefile.am
-index 928ea5e..7a10848 100644
---- a/docs/libnm/Makefile.am
-+++ b/docs/libnm/Makefile.am
-@@ -38,8 +38,6 @@ CFILE_GLOB=$(top_srcdir)/src/libnm-core-impl/*.c $(top_srcdir)/src/libnm-client-
- 
- # Header files to ignore when scanning.
- IGNORE_HFILES= \
--	nm-core-types.h \
--	\
- 	nm-dbus-helpers.h \
- 	nm-default-libnm.h \
- 	nm-device-private.h \
-diff --git a/docs/libnm/meson.build b/docs/libnm/meson.build
-index 5e742b6..01c9b66 100644
---- a/docs/libnm/meson.build
-+++ b/docs/libnm/meson.build
-@@ -1,8 +1,6 @@
- # SPDX-License-Identifier: LGPL-2.1-or-later
- 
- private_headers = [
--  'nm-core-types.h',
--
-   'nm-dbus-helpers.h',
-   'nm-default-libnm.h',
-   'nm-device-private.h',
diff --git a/debian/patches/series b/debian/patches/series
index 44b4e48038..a2d7e06dbd 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
 Force-online-state-with-unmanaged-devices.patch
-libnm-docs-fix-gtk-doc-generation-for-settings.patch
diff --git a/debian/rules b/debian/rules
index 140dbbe77e..307641f93d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -57,9 +57,8 @@ override_dh_auto_configure:
 		--disable-modify-system \
 		--disable-ovs
 
-override_dh_install:
+execute_before_dh_install:
 	find debian/tmp -name '*.la' -print -delete
-	dh_install
 
 override_dh_makeshlibs:
 	dh_makeshlibs -X/usr/lib/$(DEB_HOST_MULTIARCH)/NetworkManager/ -X/usr/lib/pppd/
diff --git a/introspection/org.freedesktop.NetworkManager.Connection.Active.xml b/introspection/org.freedesktop.NetworkManager.Connection.Active.xml
index ebcdf95203..faab73a087 100644
--- a/introspection/org.freedesktop.NetworkManager.Connection.Active.xml
+++ b/introspection/org.freedesktop.NetworkManager.Connection.Active.xml
@@ -162,10 +162,22 @@
     -->
     <property name="Vpn" type="b" access="read"/>
 
+    <!--
+        Controller:
+        @Since: 1.44, 1.42.2
+
+        The path to the controller device if the connection is a port. This
+        property replaces the deprecated 'Master' property.
+    -->
+    <property name="Controller" type="o" access="read"/>
+
     <!--
         Master:
 
-        The path to the master device if the connection is a slave.
+        The path to the controller device if the connection is a port.
+
+        This property is deprecated in favor of the 'Controller'
+        property since 1.44 and 1.42.2.
     -->
     <property name="Master" type="o" access="read"/>
 
diff --git a/man/NetworkManager-dispatcher.8 b/man/NetworkManager-dispatcher.8
index 71b472570b..f56114c2b3 100644
--- a/man/NetworkManager-dispatcher.8
+++ b/man/NetworkManager-dispatcher.8
@@ -2,9 +2,9 @@
 .\"     Title: NetworkManager-dispatcher
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Network management daemons
-.\"    Source: NetworkManager-dispatcher 1.42.0
+.\"    Source: NetworkManager-dispatcher 1.42.4
 .\"  Language: English
 .\"
 .TH "NETWORKMANAGER\-DISPATCHER" "8" "" "NetworkManager\-dispatcher 1\&" "Network management daemons"
diff --git a/man/NetworkManager-wait-online.service.8 b/man/NetworkManager-wait-online.service.8
index 355f432d3c..d1ca0eb65c 100644
--- a/man/NetworkManager-wait-online.service.8
+++ b/man/NetworkManager-wait-online.service.8
@@ -2,9 +2,9 @@
 .\"     Title: NetworkManager-wait-online.service
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Network management daemons
-.\"    Source: NetworkManager-wait-online.service 1.42.0
+.\"    Source: NetworkManager-wait-online.service 1.42.4
 .\"  Language: English
 .\"
 .TH "NETWORKMANAGER\-WAIT\-ONLINE\&" "8" "" "NetworkManager\-wait\-online\&" "Network management daemons"
@@ -173,7 +173,7 @@ With Wi\-Fi devices, NetworkManager needs to wait for the first scan result to k
 .IP \(bu 2.3
 .\}
 With Ethernet devices, NetworkManager waits for the carrier until the value in
-[device*]\&.carrier\-timeout
+[device*]\&.carrier\-wait\-timeout
 is reached\&. This is because some devices take a long time to detect the carrier\&. Consequently, booting with cable unplugged, unnecessarily delays
 NetworkManager\-wait\-online\&.service\&.
 .RE
diff --git a/man/NetworkManager-wait-online.service.xml b/man/NetworkManager-wait-online.service.xml
index 464fe43042..46068ea52f 100644
--- a/man/NetworkManager-wait-online.service.xml
+++ b/man/NetworkManager-wait-online.service.xml
@@ -137,7 +137,7 @@
       <listitem>
        <para>
          With Ethernet devices, NetworkManager waits for the carrier until the value in
-	 <literal>[device*].carrier-timeout</literal> is reached. This is because some
+	 <literal>[device*].carrier-wait-timeout</literal> is reached. This is because some
 	 devices take a long time to detect the carrier. Consequently, booting with cable
 	 unplugged, unnecessarily delays <literal>NetworkManager-wait-online.service</literal>.
        </para>
diff --git a/man/NetworkManager.8 b/man/NetworkManager.8
index 23636d90fe..14eda221d0 100644
--- a/man/NetworkManager.8
+++ b/man/NetworkManager.8
@@ -2,12 +2,12 @@
 .\"     Title: NetworkManager
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Network management daemons
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NETWORKMANAGER" "8" "" "NetworkManager 1\&.42\&.0" "Network management daemons"
+.TH "NETWORKMANAGER" "8" "" "NetworkManager 1\&.42\&.4" "Network management daemons"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/NetworkManager.conf.5 b/man/NetworkManager.conf.5
index a2c498a846..5cdb15ff14 100644
--- a/man/NetworkManager.conf.5
+++ b/man/NetworkManager.conf.5
@@ -2,12 +2,12 @@
 .\"     Title: NetworkManager.conf
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Configuration
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NETWORKMANAGER\&.CONF" "5" "" "NetworkManager 1\&.42\&.0" "Configuration"
+.TH "NETWORKMANAGER\&.CONF" "5" "" "NetworkManager 1\&.42\&.4" "Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -1282,7 +1282,7 @@ If set, controls what body content NetworkManager checks for when requesting the
 .RE
 .SH "GLOBAL\-DNS SECTION"
 .PP
-This section specifies global DNS settings that override connection\-specific configuration\&.
+This section specifies DNS settings that are applied globally, in addition to connection\-specific ones\&.
 .PP
 .PP
 \fIsearches\fR
@@ -1296,7 +1296,7 @@ A list of options to be passed to the hostname resolver\&.
 .RE
 .SH "GLOBAL\-DNS\-DOMAIN SECTIONS"
 .PP
-Sections with a name starting with the "global\-dns\-domain\-" prefix allow to define global DNS configuration for specific domains\&. The part of section name after "global\-dns\-domain\-" specifies the domain name a section applies to\&. More specific domains have the precedence over less specific ones and the default domain is represented by the wildcard "*"\&. A default domain section is mandatory\&.
+Sections with a name starting with the "global\-dns\-domain\-" prefix allow to define global DNS configuration for specific domains\&. The part of section name after "global\-dns\-domain\-" specifies the domain name a section applies to (for example, a section could be named "global\-dns\-domain\-foobar\&.com")\&. More specific domains have the precedence over less specific ones and the default domain is represented by the wildcard "*"\&. To be valid, global DNS domains must include a section for the default domain "*"\&. When the global DNS domains are valid, the name servers and domains defined globally override the ones from active connections\&.
 .PP
 .PP
 \fIservers\fR
diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml
index 2c1fc85217..0dcf805d56 100644
--- a/man/NetworkManager.conf.xml
+++ b/man/NetworkManager.conf.xml
@@ -1453,8 +1453,8 @@ managed=1
 
   <refsect1>
     <title><literal>global-dns</literal> section</title>
-    <para>This section specifies global DNS settings that override
-    connection-specific configuration.</para>
+    <para>This section specifies DNS settings that are applied
+    globally, in addition to connection-specific ones.</para>
     <para>
       <variablelist>
         <varlistentry>
@@ -1482,10 +1482,15 @@ managed=1
     <para>Sections with a name starting with the "global-dns-domain-"
     prefix allow to define global DNS configuration for specific
     domains.  The part of section name after "global-dns-domain-"
-    specifies the domain name a section applies to.  More specific
-    domains have the precedence over less specific ones and the
-    default domain is represented by the wildcard "*".  A default
-    domain section is mandatory.
+    specifies the domain name a section applies to (for example, a
+    section could be named "global-dns-domain-foobar.com").  More
+    specific domains have the precedence over less specific ones and
+    the default domain is represented by the wildcard "*".
+
+    To be valid, global DNS domains must include a section for the
+    default domain "*". When the global DNS domains are valid, the
+    name servers and domains defined globally override the ones from
+    active connections.
     </para>
     <para>
       <variablelist>
diff --git a/man/nm-cloud-setup.8 b/man/nm-cloud-setup.8
index 822d97e525..9b851e33f1 100644
--- a/man/nm-cloud-setup.8
+++ b/man/nm-cloud-setup.8
@@ -2,12 +2,12 @@
 .\"     Title: nm-cloud-setup
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Automatic Network Configuration in Cloud with NetworkManager
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NM\-CLOUD\-SETUP" "8" "" "NetworkManager 1\&.42\&.0" "Automatic Network Configuratio"
+.TH "NM\-CLOUD\-SETUP" "8" "" "NetworkManager 1\&.42\&.4" "Automatic Network Configuratio"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/nm-initrd-generator.8 b/man/nm-initrd-generator.8
index 9b46a3c667..c9fc341188 100644
--- a/man/nm-initrd-generator.8
+++ b/man/nm-initrd-generator.8
@@ -2,12 +2,12 @@
 .\"     Title: nm-initrd-generator
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: System Administration
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NM\-INITRD\-GENERATOR" "8" "" "NetworkManager 1\&.42\&.0" "System Administration"
+.TH "NM\-INITRD\-GENERATOR" "8" "" "NetworkManager 1\&.42\&.4" "System Administration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/nm-online.1 b/man/nm-online.1
index 17c14e5cec..4676c95658 100644
--- a/man/nm-online.1
+++ b/man/nm-online.1
@@ -2,12 +2,12 @@
 .\"     Title: nm-online
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: General Commands Manual
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NM\-ONLINE" "1" "" "NetworkManager 1\&.42\&.0" "General Commands Manual"
+.TH "NM\-ONLINE" "1" "" "NetworkManager 1\&.42\&.4" "General Commands Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/nm-openvswitch.7 b/man/nm-openvswitch.7
index 79f6bf2878..2a1eddaadd 100644
--- a/man/nm-openvswitch.7
+++ b/man/nm-openvswitch.7
@@ -2,12 +2,12 @@
 .\"     Title: nm-openvswitch
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Open vSwitch support overview
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NM\-OPENVSWITCH" "7" "" "NetworkManager 1\&.42\&.0" "Open vSwitch support overview"
+.TH "NM\-OPENVSWITCH" "7" "" "NetworkManager 1\&.42\&.4" "Open vSwitch support overview"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/nm-settings-dbus.5 b/man/nm-settings-dbus.5
index e0ee44bda1..48b070ba79 100644
--- a/man/nm-settings-dbus.5
+++ b/man/nm-settings-dbus.5
@@ -2,12 +2,12 @@
 .\"     Title: nm-settings-dbus
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Configuration
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NM\-SETTINGS\-DBUS" "5" "" "NetworkManager 1\&.42\&.0" "Configuration"
+.TH "NM\-SETTINGS\-DBUS" "5" "" "NetworkManager 1\&.42\&.4" "Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -2077,6 +2077,7 @@ l l l l
 l l l l
 l l l l
 l l l l
+l l l l
 l l l l.
 T{
 address\-data
@@ -2176,7 +2177,13 @@ string
 T}:T{
 \ \&
 T}:T{
-A string containing the "Identity Association Identifier" (IAID) used by the DHCP client\&. The property is a 32\-bit decimal value or a special value among "mac", "perm\-mac", "ifname" and "stable"\&. When set to "mac" (or "perm\-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID\&. When set to "ifname", the IAID is computed by hashing the interface name\&. The special value "stable" can be used to generate an IAID based on the stable\-id (see connection\&.stable\-id), a per\-host key and the interface name\&. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname"\&. Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address\&.
+A string containing the "Identity Association Identifier" (IAID) used by the DHCP client\&. The string can be a 32\-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers)\&. Alternatively it can be set to the special values "mac", "perm\-mac", "ifname" or "stable"\&. When set to "mac" (or "perm\-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID\&. When set to "ifname", the IAID is computed by hashing the interface name\&. The special value "stable" can be used to generate an IAID based on the stable\-id (see connection\&.stable\-id), a per\-host key and the interface name\&. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname"\&.
+
+For DHCPv4, the IAID is only used with "ipv4\&.dhcp\-client\-id" values "duid" and "ipv6\-duid" to generate the client\-id\&.
+
+For DHCPv6, note that at the moment this property is only supported by the "internal" DHCPv6 plugin\&. The "dhclient" DHCPv6 plugin always derives the IAID from the MAC address\&.
+
+The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device\&.
 T}
 T{
 dhcp\-reject\-servers
@@ -2369,6 +2376,15 @@ T}:T{
 If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager\&.
 T}
 T{
+replace\-local\-rule
+T}:T{
+NMTernary (int32)
+T}:T{
+\ \&
+T}:T{
+Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE\&.
+T}
+T{
 required\-timeout
 T}:T{
 int32
@@ -2485,6 +2501,7 @@ l l l l
 l l l l
 l l l l
 l l l l
+l l l l
 l l l l.
 T{
 addr\-gen\-mode
@@ -2592,7 +2609,13 @@ string
 T}:T{
 \ \&
 T}:T{
-A string containing the "Identity Association Identifier" (IAID) used by the DHCP client\&. The property is a 32\-bit decimal value or a special value among "mac", "perm\-mac", "ifname" and "stable"\&. When set to "mac" (or "perm\-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID\&. When set to "ifname", the IAID is computed by hashing the interface name\&. The special value "stable" can be used to generate an IAID based on the stable\-id (see connection\&.stable\-id), a per\-host key and the interface name\&. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname"\&. Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address\&.
+A string containing the "Identity Association Identifier" (IAID) used by the DHCP client\&. The string can be a 32\-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers)\&. Alternatively it can be set to the special values "mac", "perm\-mac", "ifname" or "stable"\&. When set to "mac" (or "perm\-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID\&. When set to "ifname", the IAID is computed by hashing the interface name\&. The special value "stable" can be used to generate an IAID based on the stable\-id (see connection\&.stable\-id), a per\-host key and the interface name\&. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname"\&.
+
+For DHCPv4, the IAID is only used with "ipv4\&.dhcp\-client\-id" values "duid" and "ipv6\-duid" to generate the client\-id\&.
+
+For DHCPv6, note that at the moment this property is only supported by the "internal" DHCPv6 plugin\&. The "dhclient" DHCPv6 plugin always derives the IAID from the MAC address\&.
+
+The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device\&.
 T}
 T{
 dhcp\-reject\-servers
@@ -2800,6 +2823,15 @@ A timeout for waiting Router Advertisements in seconds\&. If zero (the default),
 Set to 2147483647 (MAXINT32) for infinity\&.
 T}
 T{
+replace\-local\-rule
+T}:T{
+NMTernary (int32)
+T}:T{
+\ \&
+T}:T{
+Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE\&.
+T}
+T{
 required\-timeout
 T}:T{
 int32
diff --git a/man/nm-settings-dbus.xml b/man/nm-settings-dbus.xml
index 5efef653f0..85a0ccc5e2 100644
--- a/man/nm-settings-dbus.xml
+++ b/man/nm-settings-dbus.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd";>
-<refentry id="nm-settings-dbus"><refentryinfo><title>nm-settings-dbus</title><author>NetworkManager developers</author></refentryinfo><refmeta><refentrytitle>nm-settings-dbus</refentrytitle><manvolnum>5</manvolnum><refmiscinfo class="source">NetworkManager</refmiscinfo><refmiscinfo class="manual">Configuration</refmiscinfo><refmiscinfo class="version">1.42.0</refmiscinfo></refmeta><refnamediv><refname>nm-settings-dbus</refname><refpurpose>Description of settings and properties of NetworkManager connection profiles on the D-Bus API</refpurpose></refnamediv><refsect1 id="description"><title>Description</title><para>
+<refentry id="nm-settings-dbus"><refentryinfo><title>nm-settings-dbus</title><author>NetworkManager developers</author></refentryinfo><refmeta><refentrytitle>nm-settings-dbus</refentrytitle><manvolnum>5</manvolnum><refmiscinfo class="source">NetworkManager</refmiscinfo><refmiscinfo class="manual">Configuration</refmiscinfo><refmiscinfo class="version">1.42.4</refmiscinfo></refmeta><refnamediv><refname>nm-settings-dbus</refname><refpurpose>Description of settings and properties of NetworkManager connection profiles on the D-Bus API</refpurpose></refnamediv><refsect1 id="description"><title>Description</title><para>
           NetworkManager is based on a concept of connection profiles, sometimes referred to as
           connections only. These connection profiles contain a network configuration. When
           NetworkManager activates a connection profile on a network device the configuration will
@@ -171,7 +171,13 @@ If unset, a globally configured default is used. If still unset, the default dep
 
 Currently, this property only includes flags to control the FQDN flags set in the DHCP FQDN option. Supported FQDN flags are NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) and NM_DHCP_HOSTNAME_FLAG_FQDN_NO_UPDATE (0x4).  When no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is set, the DHCP FQDN option will contain no flag. Otherwise, if no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is not set, the standard FQDN flags are set in the request: NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) for IPv4 and NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1) for IPv6.
 
-When this property is set to the default value NM_DHCP_HOSTNAME_FLAG_NONE (0x0), a global default is looked up in NetworkManager configuration. If that value is unset or also NM_DHCP_HOSTNAME_FLAG_NONE (0x0), then the standard FQDN flags described above are sent in the DHCP requests.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv4.dhcp-iaid">dhcp-iaid</entry><entry align="left">string</entry><entry align="left"/><entry>A string containing the "Identity Association Identifier" (IAID) used by the DHCP client. The property is a 32-bit decimal value or a special value among "mac", "perm-mac", "ifname" and "stable". When set to "mac" (or "perm-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to "ifname", the IAID is computed by hashing the interface name. The special value "stable" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname". Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv4.dhcp-reject-servers">dhcp-reject-servers</entry><entry align="left">array of string</entry><entry align="left"/><entry>Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers.
+When this property is set to the default value NM_DHCP_HOSTNAME_FLAG_NONE (0x0), a global default is looked up in NetworkManager configuration. If that value is unset or also NM_DHCP_HOSTNAME_FLAG_NONE (0x0), then the standard FQDN flags described above are sent in the DHCP requests.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv4.dhcp-iaid">dhcp-iaid</entry><entry align="left">string</entry><entry align="left"/><entry>A string containing the "Identity Association Identifier" (IAID) used by the DHCP client. The string can be a 32-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers). Alternatively it can be set to the special values "mac", "perm-mac", "ifname" or "stable". When set to "mac" (or "perm-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to "ifname", the IAID is computed by hashing the interface name. The special value "stable" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname".
+
+For DHCPv4, the IAID is only used with "ipv4.dhcp-client-id" values "duid" and "ipv6-duid" to generate the client-id.
+
+For DHCPv6, note that at the moment this property is only supported by the "internal" DHCPv6 plugin. The "dhclient" DHCPv6 plugin always derives the IAID from the MAC address.
+
+The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv4.dhcp-reject-servers">dhcp-reject-servers</entry><entry align="left">array of string</entry><entry align="left"/><entry>Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers.
 
 For DHCPv4, each element must be an IPv4 address, optionally followed by a slash and a prefix length (e.g. "192.168.122.0/24").
 
@@ -217,7 +223,7 @@ In general, for the "auto" method, properties such as "dns" and "routes" specify
 
 For methods that imply no upstream network, such as "shared" or "link-local", these properties must be empty.
 
-For IPv4 method "shared", the IP subnet can be configured by adding one manual IPv4 address or otherwise 10.42.x.0/24 is chosen. Note that the shared method must be configured on the interface which shares the internet to a subnet, not on the uplink which is shared.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv4.never-default">never-default</entry><entry align="left">boolean</entry><entry align="left">FALSE</entry><entry>If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv4.required-timeout">required-timeout</entry><entry align="left">int32</entry><entry align="left">-1</entry><entry>The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds.
+For IPv4 method "shared", the IP subnet can be configured by adding one manual IPv4 address or otherwise 10.42.x.0/24 is chosen. Note that the shared method must be configured on the interface which shares the internet to a subnet, not on the uplink which is shared.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv4.never-default">never-default</entry><entry align="left">boolean</entry><entry align="left">FALSE</entry><entry>If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv4.replace-local-rule">replace-local-rule</entry><entry align="left">NMTernary (int32)</entry><entry align="left"/><entry>Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv4.required-timeout">required-timeout</entry><entry align="left">int32</entry><entry align="left">-1</entry><entry>The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds.
 
 This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active.
 
@@ -257,7 +263,13 @@ When the property is unset, the global value provided for "ipv6.dhcp-duid" is us
 
 Currently, this property only includes flags to control the FQDN flags set in the DHCP FQDN option. Supported FQDN flags are NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) and NM_DHCP_HOSTNAME_FLAG_FQDN_NO_UPDATE (0x4).  When no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is set, the DHCP FQDN option will contain no flag. Otherwise, if no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is not set, the standard FQDN flags are set in the request: NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) for IPv4 and NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1) for IPv6.
 
-When this property is set to the default value NM_DHCP_HOSTNAME_FLAG_NONE (0x0), a global default is looked up in NetworkManager configuration. If that value is unset or also NM_DHCP_HOSTNAME_FLAG_NONE (0x0), then the standard FQDN flags described above are sent in the DHCP requests.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv6.dhcp-iaid">dhcp-iaid</entry><entry align="left">string</entry><entry align="left"/><entry>A string containing the "Identity Association Identifier" (IAID) used by the DHCP client. The property is a 32-bit decimal value or a special value among "mac", "perm-mac", "ifname" and "stable". When set to "mac" (or "perm-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to "ifname", the IAID is computed by hashing the interface name. The special value "stable" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname". Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv6.dhcp-reject-servers">dhcp-reject-servers</entry><entry align="left">array of string</entry><entry align="left"/><entry>Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers.
+When this property is set to the default value NM_DHCP_HOSTNAME_FLAG_NONE (0x0), a global default is looked up in NetworkManager configuration. If that value is unset or also NM_DHCP_HOSTNAME_FLAG_NONE (0x0), then the standard FQDN flags described above are sent in the DHCP requests.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv6.dhcp-iaid">dhcp-iaid</entry><entry align="left">string</entry><entry align="left"/><entry>A string containing the "Identity Association Identifier" (IAID) used by the DHCP client. The string can be a 32-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers). Alternatively it can be set to the special values "mac", "perm-mac", "ifname" or "stable". When set to "mac" (or "perm-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to "ifname", the IAID is computed by hashing the interface name. The special value "stable" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname".
+
+For DHCPv4, the IAID is only used with "ipv4.dhcp-client-id" values "duid" and "ipv6-duid" to generate the client-id.
+
+For DHCPv6, note that at the moment this property is only supported by the "internal" DHCPv6 plugin. The "dhclient" DHCPv6 plugin always derives the IAID from the MAC address.
+
+The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv6.dhcp-reject-servers">dhcp-reject-servers</entry><entry align="left">array of string</entry><entry align="left"/><entry>Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers.
 
 For DHCPv4, each element must be an IPv4 address, optionally followed by a slash and a prefix length (e.g. "192.168.122.0/24").
 
@@ -309,7 +321,7 @@ For methods that imply no upstream network, such as "shared" or "link-local", th
 
 For IPv4 method "shared", the IP subnet can be configured by adding one manual IPv4 address or otherwise 10.42.x.0/24 is chosen. Note that the shared method must be configured on the interface which shares the internet to a subnet, not on the uplink which is shared.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv6.mtu">mtu</entry><entry align="left">uint32</entry><entry align="left">0</entry><entry>Maximum transmission unit size, in bytes. If zero (the default), the MTU is set automatically from router advertisements or is left equal to the link-layer MTU. If greater than the link-layer MTU, or greater than zero but less than the minimum IPv6 MTU of 1280, this value has no effect.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv6.never-default">never-default</entry><entry align="left">boolean</entry><entry align="left">FALSE</entry><entry>If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv6.ra-timeout">ra-timeout</entry><entry align="left">int32</entry><entry align="left">0</entry><entry>A timeout for waiting Router Advertisements in seconds. If zero (the default), a globally configured default is used. If still unspecified, the timeout depends on the sysctl settings of the device.
 
-Set to 2147483647 (MAXINT32) for infinity.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv6.required-timeout">required-timeout</entry><entry align="left">int32</entry><entry align="left">-1</entry><entry>The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds.
+Set to 2147483647 (MAXINT32) for infinity.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv6.replace-local-rule">replace-local-rule</entry><entry align="left">NMTernary (int32)</entry><entry align="left"/><entry>Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE.</entry></row><row><entry align="left" id="nm-settings-dbus.property.ipv6.required-timeout">required-timeout</entry><entry align="left">int32</entry><entry align="left">-1</entry><entry>The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds.
 
 This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active.
 
diff --git a/man/nm-settings-ifcfg-rh.5 b/man/nm-settings-ifcfg-rh.5
index 1dfd9d648d..e96e1e3f74 100644
--- a/man/nm-settings-ifcfg-rh.5
+++ b/man/nm-settings-ifcfg-rh.5
@@ -2,12 +2,12 @@
 .\"     Title: nm-settings-ifcfg-rh
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Configuration
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NM\-SETTINGS\-IFCFG\-RH" "5" "" "NetworkManager 1\&.42\&.0" "Configuration"
+.TH "NM\-SETTINGS\-IFCFG\-RH" "5" "" "NetworkManager 1\&.42\&.4" "Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -2662,6 +2662,7 @@ l l l l
 l l l l
 l l l l
 l l l l
+l l l l
 l l l l.
 T{
 method
@@ -2829,6 +2830,15 @@ T}:T{
 VPN connections will default to add the route automatically unless this setting is set to %FALSE\&. For other connection types, adding such an automatic route is currently not supported and setting this to %TRUE has no effect\&.
 T}
 T{
+replace\-local\-rule
+T}:T{
+IPV4_REPLACE_LOCAL_RULE\fI(+)\fR
+T}:T{
+no
+T}:T{
+Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to %TRUE\&.
+T}
+T{
 dhcp\-client\-id
 T}:T{
 DHCP_CLIENT_ID\fI(+)\fR
@@ -2948,6 +2958,7 @@ l l l l
 l l l l
 l l l l
 l l l l
+l l l l
 l l l l.
 T{
 method
@@ -3124,6 +3135,15 @@ T}:T{
 VPN connections will default to add the route automatically unless this setting is set to %FALSE\&. For other connection types, adding such an automatic route is currently not supported and setting this to %TRUE has no effect\&.
 T}
 T{
+replace\-local\-rule
+T}:T{
+IPV6_REPLACE_LOCAL_RULE\fI(+)\fR
+T}:T{
+no
+T}:T{
+Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to %TRUE\&.
+T}
+T{
 ip6\-privacy
 T}:T{
 IPV6_PRIVACY, IPV6_PRIVACY_PREFER_PUBLIC_IP\fI(+)\fR
diff --git a/man/nm-settings-ifcfg-rh.xml b/man/nm-settings-ifcfg-rh.xml
index cb17e7f2a8..37a46ab37d 100644
--- a/man/nm-settings-ifcfg-rh.xml
+++ b/man/nm-settings-ifcfg-rh.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd";>
-<refentry id="nm-settings-ifcfg-rh"><refentryinfo><title>nm-settings-ifcfg-rh</title><author>NetworkManager developers</author></refentryinfo><refmeta><refentrytitle>nm-settings-ifcfg-rh</refentrytitle><manvolnum>5</manvolnum><refmiscinfo class="source">NetworkManager</refmiscinfo><refmiscinfo class="manual">Configuration</refmiscinfo><refmiscinfo class="version">1.42.0</refmiscinfo></refmeta><refnamediv><refname>nm-settings-ifcfg-rh</refname><refpurpose>Description of <emphasis>ifcfg-rh</emphasis> settings plugin</refpurpose></refnamediv><refsect1 id="description"><title>Description</title><para>
+<refentry id="nm-settings-ifcfg-rh"><refentryinfo><title>nm-settings-ifcfg-rh</title><author>NetworkManager developers</author></refentryinfo><refmeta><refentrytitle>nm-settings-ifcfg-rh</refentrytitle><manvolnum>5</manvolnum><refmiscinfo class="source">NetworkManager</refmiscinfo><refmiscinfo class="manual">Configuration</refmiscinfo><refmiscinfo class="version">1.42.4</refmiscinfo></refmeta><refnamediv><refname>nm-settings-ifcfg-rh</refname><refpurpose>Description of <emphasis>ifcfg-rh</emphasis> settings plugin</refpurpose></refnamediv><refsect1 id="description"><title>Description</title><para>
           NetworkManager is based on the concept of connection profiles that contain
           network configuration (see <citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details). The profiles can be
           stored in various formats. NetworkManager uses plugins for reading and writing
@@ -437,7 +437,7 @@ Example: </emphasis>GATEWAY=10.5.5.1</entry></row><row><entry align="left">route
 
 Example: </emphasis>RES_OPTIONS=ndots:2 timeout:3</entry></row><row><entry align="left">dns-priority</entry><entry align="left">IPV4_DNS_PRIORITY<emphasis>(+)</emphasis></entry><entry align="left">0</entry><entry align="left">The priority for DNS servers of this connection. Lower values have higher priority. If zero, the default value will be used (50 for VPNs, 100 for other connections). A negative value prevents DNS from other connections with greater values to be used.<emphasis role="bold">
 
-Example: </emphasis>IPV4_DNS_PRIORITY=20</entry></row><row><entry align="left">auto-route-ext-gw</entry><entry align="left">IPV4_AUTO_ROUTE_EXT_GW<emphasis>(+)</emphasis></entry><entry align="left">yes</entry><entry align="left">VPN connections will default to add the route automatically unless this setting is set to %FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to %TRUE has no effect.</entry></row><row><entry align="left">dhcp-client-id</entry><entry align="left">DHCP_CLIENT_ID<emphasis>(+)</emphasis></entry><entry align="left"/><entry align="left">A string sent to the DHCP server to identify the local machine. A binary value can be specified using hex notation ('aa:bb:cc').<emphasis role="bold">
+Example: </emphasis>IPV4_DNS_PRIORITY=20</entry></row><row><entry align="left">auto-route-ext-gw</entry><entry align="left">IPV4_AUTO_ROUTE_EXT_GW<emphasis>(+)</emphasis></entry><entry align="left">yes</entry><entry align="left">VPN connections will default to add the route automatically unless this setting is set to %FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to %TRUE has no effect.</entry></row><row><entry align="left">replace-local-rule</entry><entry align="left">IPV4_REPLACE_LOCAL_RULE<emphasis>(+)</emphasis></entry><entry align="left">no</entry><entry align="left">Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to %TRUE.</entry></row><row><entry align="left">dhcp-client-id</entry><entry align="left">DHCP_CLIENT_ID<emphasis>(+)</emphasis></entry><entry align="left"/><entry align="left">A string sent to the DHCP server to identify the local machine. A binary value can be specified using hex notation ('aa:bb:cc').<emphasis role="bold">
 
 Example: </emphasis>DHCP_CLIENT_ID=ax-srv-1; DHCP_CLIENT_ID=01:44:44:44:44:44:44</entry></row><row><entry align="left">dad-timeout</entry><entry align="left">ACD_TIMEOUT<emphasis>(+)</emphasis>, ARPING_WAIT</entry><entry align="left">missing variable means global default (config override or zero)</entry><entry align="left">Timeout (in milliseconds for ACD_TIMEOUT or in seconds for ARPING_WAIT) for address conflict detection before configuring IPv4 addresses. 0 turns off the ACD completely, -1 means default value.<emphasis role="bold">
 
@@ -463,7 +463,7 @@ Example: </emphasis>DHCPV6_HOSTNAME_FLAGS=5</entry></row><row><entry align="left
 
 Example: </emphasis>IPV6_DNS_PRIORITY=20</entry></row><row><entry align="left">dns-options</entry><entry align="left">IPV6_RES_OPTIONS<emphasis>(+)</emphasis></entry><entry align="left"/><entry align="left">List of DNS options to be added to /etc/resolv.conf<emphasis role="bold">
 
-Example: </emphasis>IPV6_RES_OPTIONS=ndots:2 timeout:3</entry></row><row><entry align="left">auto-route-ext-gw</entry><entry align="left">IPV6_AUTO_ROUTE_EXT_GW<emphasis>(+)</emphasis></entry><entry align="left">yes</entry><entry align="left">VPN connections will default to add the route automatically unless this setting is set to %FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to %TRUE has no effect.</entry></row><row><entry align="left">ip6-privacy</entry><entry align="left">IPV6_PRIVACY, IPV6_PRIVACY_PREFER_PUBLIC_IP<emphasis>(+)</emphasis></entry><entry align="left">no</entry><entry align="left">Configure IPv6 Privacy Extensions for SLAAC (RFC4941).<emphasis role="bold">
+Example: </emphasis>IPV6_RES_OPTIONS=ndots:2 timeout:3</entry></row><row><entry align="left">auto-route-ext-gw</entry><entry align="left">IPV6_AUTO_ROUTE_EXT_GW<emphasis>(+)</emphasis></entry><entry align="left">yes</entry><entry align="left">VPN connections will default to add the route automatically unless this setting is set to %FALSE. For other connection types, adding such an automatic route is currently not supported and setting this to %TRUE has no effect.</entry></row><row><entry align="left">replace-local-rule</entry><entry align="left">IPV6_REPLACE_LOCAL_RULE<emphasis>(+)</emphasis></entry><entry align="left">no</entry><entry align="left">Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to %TRUE.</entry></row><row><entry align="left">ip6-privacy</entry><entry align="left">IPV6_PRIVACY, IPV6_PRIVACY_PREFER_PUBLIC_IP<emphasis>(+)</emphasis></entry><entry align="left">no</entry><entry align="left">Configure IPv6 Privacy Extensions for SLAAC (RFC4941).<emphasis role="bold">
 
 Example: </emphasis>IPV6_PRIVACY=rfc3041 IPV6_PRIVACY_PREFER_PUBLIC_IP=yes<emphasis role="bold">
 
diff --git a/man/nm-settings-keyfile.5 b/man/nm-settings-keyfile.5
index 943bd5c2dd..fc30ddb862 100644
--- a/man/nm-settings-keyfile.5
+++ b/man/nm-settings-keyfile.5
@@ -2,12 +2,12 @@
 .\"     Title: nm-settings-keyfile
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Configuration
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NM\-SETTINGS\-KEYFILE" "5" "" "NetworkManager 1\&.42\&.0" "Configuration"
+.TH "NM\-SETTINGS\-KEYFILE" "5" "" "NetworkManager 1\&.42\&.4" "Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/nm-settings-keyfile.xml b/man/nm-settings-keyfile.xml
index c3ba409f83..07e45da2d1 100644
--- a/man/nm-settings-keyfile.xml
+++ b/man/nm-settings-keyfile.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd";>
-<refentry id="nm-settings-keyfile"><refentryinfo><title>nm-settings-keyfile</title><author>NetworkManager developers</author></refentryinfo><refmeta><refentrytitle>nm-settings-keyfile</refentrytitle><manvolnum>5</manvolnum><refmiscinfo class="source">NetworkManager</refmiscinfo><refmiscinfo class="manual">Configuration</refmiscinfo><refmiscinfo class="version">1.42.0</refmiscinfo></refmeta><refnamediv><refname>nm-settings-keyfile</refname><refpurpose>Description of <emphasis>keyfile</emphasis> settings plugin</refpurpose></refnamediv><refsect1 id="description"><title>Description</title><para>
+<refentry id="nm-settings-keyfile"><refentryinfo><title>nm-settings-keyfile</title><author>NetworkManager developers</author></refentryinfo><refmeta><refentrytitle>nm-settings-keyfile</refentrytitle><manvolnum>5</manvolnum><refmiscinfo class="source">NetworkManager</refmiscinfo><refmiscinfo class="manual">Configuration</refmiscinfo><refmiscinfo class="version">1.42.4</refmiscinfo></refmeta><refnamediv><refname>nm-settings-keyfile</refname><refpurpose>Description of <emphasis>keyfile</emphasis> settings plugin</refpurpose></refnamediv><refsect1 id="description"><title>Description</title><para>
           NetworkManager is based on the concept of connection profiles that contain
           network configuration (see <citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details). The profiles can be
           stored in various formats. NetworkManager uses plugins for reading and writing
diff --git a/man/nm-settings-nmcli.5 b/man/nm-settings-nmcli.5
index 593adb0da0..c14b6a5263 100644
--- a/man/nm-settings-nmcli.5
+++ b/man/nm-settings-nmcli.5
@@ -2,12 +2,12 @@
 .\"     Title: nm-settings-nmcli
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Configuration
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NM\-SETTINGS\-NMCLI" "5" "" "NetworkManager 1\&.42\&.0" "Configuration"
+.TH "NM\-SETTINGS\-NMCLI" "5" "" "NetworkManager 1\&.42\&.4" "Configuration"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -1834,7 +1834,13 @@ Format: uint32
 .PP
 \fBdhcp\-iaid\fR
 .RS 4
-A string containing the "Identity Association Identifier" (IAID) used by the DHCP client\&. The property is a 32\-bit decimal value or a special value among "mac", "perm\-mac", "ifname" and "stable"\&. When set to "mac" (or "perm\-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID\&. When set to "ifname", the IAID is computed by hashing the interface name\&. The special value "stable" can be used to generate an IAID based on the stable\-id (see connection\&.stable\-id), a per\-host key and the interface name\&. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname"\&. Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address\&.
+A string containing the "Identity Association Identifier" (IAID) used by the DHCP client\&. The string can be a 32\-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers)\&. Alternatively it can be set to the special values "mac", "perm\-mac", "ifname" or "stable"\&. When set to "mac" (or "perm\-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID\&. When set to "ifname", the IAID is computed by hashing the interface name\&. The special value "stable" can be used to generate an IAID based on the stable\-id (see connection\&.stable\-id), a per\-host key and the interface name\&. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname"\&.
+.sp
+For DHCPv4, the IAID is only used with "ipv4\&.dhcp\-client\-id" values "duid" and "ipv6\-duid" to generate the client\-id\&.
+.sp
+For DHCPv6, note that at the moment this property is only supported by the "internal" DHCPv6 plugin\&. The "dhclient" DHCPv6 plugin always derives the IAID from the MAC address\&.
+.sp
+The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device\&.
 .sp
 Format: string
 .RE
@@ -1994,6 +2000,13 @@ If TRUE, this connection will never be the default connection for this IP type,
 Format: boolean
 .RE
 .PP
+\fBreplace\-local\-rule\fR
+.RS 4
+Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE\&.
+.sp
+Format: NMTernary (int32)
+.RE
+.PP
 \fBrequired\-timeout\fR
 .RS 4
 The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds\&.
@@ -2262,7 +2275,7 @@ Various attributes are supported:
 unicast,
 local,
 blackhole,
-unavailable,
+unreachable,
 prohibit,
 throw\&. The default is
 unicast\&.
@@ -2386,7 +2399,13 @@ Format: uint32
 .PP
 \fBdhcp\-iaid\fR
 .RS 4
-A string containing the "Identity Association Identifier" (IAID) used by the DHCP client\&. The property is a 32\-bit decimal value or a special value among "mac", "perm\-mac", "ifname" and "stable"\&. When set to "mac" (or "perm\-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID\&. When set to "ifname", the IAID is computed by hashing the interface name\&. The special value "stable" can be used to generate an IAID based on the stable\-id (see connection\&.stable\-id), a per\-host key and the interface name\&. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname"\&. Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address\&.
+A string containing the "Identity Association Identifier" (IAID) used by the DHCP client\&. The string can be a 32\-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers)\&. Alternatively it can be set to the special values "mac", "perm\-mac", "ifname" or "stable"\&. When set to "mac" (or "perm\-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID\&. When set to "ifname", the IAID is computed by hashing the interface name\&. The special value "stable" can be used to generate an IAID based on the stable\-id (see connection\&.stable\-id), a per\-host key and the interface name\&. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname"\&.
+.sp
+For DHCPv4, the IAID is only used with "ipv4\&.dhcp\-client\-id" values "duid" and "ipv6\-duid" to generate the client\-id\&.
+.sp
+For DHCPv6, note that at the moment this property is only supported by the "internal" DHCPv6 plugin\&. The "dhclient" DHCPv6 plugin always derives the IAID from the MAC address\&.
+.sp
+The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device\&.
 .sp
 Format: string
 .RE
@@ -2548,6 +2567,13 @@ Set to 2147483647 (MAXINT32) for infinity\&.
 Format: int32
 .RE
 .PP
+\fBreplace\-local\-rule\fR
+.RS 4
+Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE\&.
+.sp
+Format: NMTernary (int32)
+.RE
+.PP
 \fBrequired\-timeout\fR
 .RS 4
 The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds\&.
@@ -2804,7 +2830,7 @@ Various attributes are supported:
 unicast,
 local,
 blackhole,
-unavailable,
+unreachable,
 prohibit,
 throw\&. The default is
 unicast\&.
diff --git a/man/nm-settings-nmcli.xml b/man/nm-settings-nmcli.xml
index 1e150b9d74..6154468eb4 100644
--- a/man/nm-settings-nmcli.xml
+++ b/man/nm-settings-nmcli.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd";>
-<refentry id="nm-settings-nmcli"><refentryinfo><title>nm-settings-nmcli</title><author>NetworkManager developers</author></refentryinfo><refmeta><refentrytitle>nm-settings-nmcli</refentrytitle><manvolnum>5</manvolnum><refmiscinfo class="source">NetworkManager</refmiscinfo><refmiscinfo class="manual">Configuration</refmiscinfo><refmiscinfo class="version">1.42.0</refmiscinfo></refmeta><refnamediv><refname>nm-settings-nmcli</refname><refpurpose>Description of settings and properties of NetworkManager connection profiles for nmcli</refpurpose></refnamediv><refsect1 id="description"><title>Description</title><para>
+<refentry id="nm-settings-nmcli"><refentryinfo><title>nm-settings-nmcli</title><author>NetworkManager developers</author></refentryinfo><refmeta><refentrytitle>nm-settings-nmcli</refentrytitle><manvolnum>5</manvolnum><refmiscinfo class="source">NetworkManager</refmiscinfo><refmiscinfo class="manual">Configuration</refmiscinfo><refmiscinfo class="version">1.42.4</refmiscinfo></refmeta><refnamediv><refname>nm-settings-nmcli</refname><refpurpose>Description of settings and properties of NetworkManager connection profiles for nmcli</refpurpose></refnamediv><refsect1 id="description"><title>Description</title><para>
           NetworkManager is based on a concept of connection profiles, sometimes referred to as
           connections only. These connection profiles contain a network configuration. When
           NetworkManager activates a connection profile on a network device the configuration will
@@ -266,7 +266,7 @@
             Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-fqdn">dhcp-fqdn</option></term><listitem><para>If the "dhcp-send-hostname" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and "dhcp-hostname" are mutually exclusive and cannot be set at the same time.</para><para>
             Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-hostname">dhcp-hostname</option></term><listitem><para>If the "dhcp-send-hostname" property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease. This property and "dhcp-fqdn" are mutually exclusive and cannot be set at the same time.</para><para>
             Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-hostname-flags">dhcp-hostname-flags</option></term><listitem><para>Flags for the DHCP hostname and FQDN.</para><para>Currently, this property only includes flags to control the FQDN flags set in the DHCP FQDN option. Supported FQDN flags are NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) and NM_DHCP_HOSTNAME_FLAG_FQDN_NO_UPDATE (0x4).  When no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is set, the DHCP FQDN option will contain no flag. Otherwise, if no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is not set, the standard FQDN flags are set in the request: NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) for IPv4 and NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1) for IPv6.</para><para>When this property is set to the default value NM_DHCP_HOSTNAME_FLAG_NONE (0x0), a global default is looked up in NetworkManager configuration. If that value is unset or also NM_DHCP_HOSTNAME_FLAG_NONE (0x0), then the standard FQDN flags described above are sent in the DHCP requests.</para><para>
-            Format: uint32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-iaid">dhcp-iaid</option></term><listitem><para>A string containing the "Identity Association Identifier" (IAID) used by the DHCP client. The property is a 32-bit decimal value or a special value among "mac", "perm-mac", "ifname" and "stable". When set to "mac" (or "perm-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to "ifname", the IAID is computed by hashing the interface name. The special value "stable" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname". Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address.</para><para>
+            Format: uint32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-iaid">dhcp-iaid</option></term><listitem><para>A string containing the "Identity Association Identifier" (IAID) used by the DHCP client. The string can be a 32-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers). Alternatively it can be set to the special values "mac", "perm-mac", "ifname" or "stable". When set to "mac" (or "perm-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to "ifname", the IAID is computed by hashing the interface name. The special value "stable" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname".</para><para>For DHCPv4, the IAID is only used with "ipv4.dhcp-client-id" values "duid" and "ipv6-duid" to generate the client-id.</para><para>For DHCPv6, note that at the moment this property is only supported by the "internal" DHCPv6 plugin. The "dhclient" DHCPv6 plugin always derives the IAID from the MAC address.</para><para>The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device.</para><para>
             Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-reject-servers">dhcp-reject-servers</option></term><listitem><para>Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers.</para><para>For DHCPv4, each element must be an IPv4 address, optionally followed by a slash and a prefix length (e.g. "192.168.122.0/24").</para><para>This property is currently not implemented for DHCPv6.</para><para>
             Format: array of string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-send-hostname">dhcp-send-hostname</option></term><listitem><para>If TRUE, a hostname is sent to the DHCP server when acquiring a lease. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer.  If the "dhcp-hostname" property is NULL and this property is TRUE, the current persistent hostname of the computer is sent.</para><para>
             Format: boolean</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.dhcp-timeout">dhcp-timeout</option></term><listitem><para>A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds).</para><para>Set to 2147483647 (MAXINT32) for infinity.</para><para>
@@ -283,7 +283,8 @@
             Format: int32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.may-fail">may-fail</option></term><listitem><para>If TRUE, allow overall network configuration to proceed even if the configuration specified by this property times out.  Note that at least one IP configuration must succeed or overall network configuration will still fail.  For example, in IPv6-only networks, setting this property to TRUE on the NMSettingIP4Config allows the overall network configuration to succeed if IPv4 configuration fails but IPv6 configuration completes successfully.</para><para>
             Format: boolean</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.method">method</option></term><listitem><para>IP configuration method.</para><para>NMSettingIP4Config and NMSettingIP6Config both support "disabled", "auto", "manual", and "link-local". See the subclass-specific documentation for other values.</para><para>In general, for the "auto" method, properties such as "dns" and "routes" specify information that is added on to the information returned from automatic configuration.  The "ignore-auto-routes" and "ignore-auto-dns" properties modify this behavior.</para><para>For methods that imply no upstream network, such as "shared" or "link-local", these properties must be empty.</para><para>For IPv4 method "shared", the IP subnet can be configured by adding one manual IPv4 address or otherwise 10.42.x.0/24 is chosen. Note that the shared method must be configured on the interface which shares the internet to a subnet, not on the uplink which is shared.</para><para>
             Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.never-default">never-default</option></term><listitem><para>If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.</para><para>
-            Format: boolean</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.required-timeout">required-timeout</option></term><listitem><para>The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds.</para><para>This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active.</para><para>Note that if "may-fail" is FALSE for the same address family, this property has no effect as NetworkManager needs to wait for the full DHCP timeout.</para><para>A zero value means that no required timeout is present, -1 means the default value (either configuration ipvx.required-timeout override or zero).</para><para>
+            Format: boolean</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.replace-local-rule">replace-local-rule</option></term><listitem><para>Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE.</para><para>
+            Format: NMTernary (int32)</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.required-timeout">required-timeout</option></term><listitem><para>The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds.</para><para>This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active.</para><para>Note that if "may-fail" is FALSE for the same address family, this property has no effect as NetworkManager needs to wait for the full DHCP timeout.</para><para>A zero value means that no required timeout is present, -1 means the default value (either configuration ipvx.required-timeout override or zero).</para><para>
             Format: int32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.route-metric">route-metric</option></term><listitem><para>The default metric for routes that don't explicitly specify a metric. The default value -1 means that the metric is chosen automatically based on the device type. The metric applies to dynamic routes, manual (static) routes that don't have an explicit metric setting, address prefix routes, and the default route. Note that for IPv6, the kernel accepts zero (0) but coerces it to 1024 (user default). Hence, setting this property to zero effectively mean setting it to 1024. For IPv4, zero is a regular value for the metric.</para><para>
             Format: int64</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.route-table">route-table</option></term><listitem><para>Enable policy routing (source routing) and set the routing table used when adding routes.</para><para>This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table.</para><para>If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection.</para><para>Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.</para><para>
             Format: uint32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv4.routes">routes</option></term><listitem><para>
@@ -355,7 +356,7 @@
    </listitem>
    <listitem>
      <para><literal>"type"</literal> - one of <literal>unicast</literal>, <literal>local</literal>, <literal>blackhole</literal>,
-       <literal>unavailable</literal>, <literal>prohibit</literal>, <literal>throw</literal>.
+       <literal>unreachable</literal>, <literal>prohibit</literal>, <literal>throw</literal>.
        The default is <literal>unicast</literal>.</para>
    </listitem>
    <listitem>
@@ -393,7 +394,7 @@ Example: <literal>priority 5 from 192.167.4.0/24 table 45</literal>
             Format: NMTernary (int32)</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.dhcp-duid">dhcp-duid</option></term><listitem><para>A string containing the DHCPv6 Unique Identifier (DUID) used by the dhcp client to identify itself to DHCPv6 servers (RFC 3315). The DUID is carried in the Client Identifier option. If the property is a hex string ('aa:bb:cc') it is interpreted as a binary DUID and filled as an opaque value in the Client Identifier option.</para><para>The special value "lease" will retrieve the DUID previously used from the lease file belonging to the connection. If no DUID is found and "dhclient" is the configured dhcp client, the DUID is searched in the system-wide dhclient lease file. If still no DUID is found, or another dhcp client is used, a global and permanent DUID-UUID (RFC 6355) will be generated based on the machine-id.</para><para>The special values "llt" and "ll" will generate a DUID of type LLT or LL (see RFC 3315) based on the current MAC address of the device. In order to try providing a stable DUID-LLT, the time field will contain a constant timestamp that is used globally (for all profiles) and persisted to disk.</para><para>The special values "stable-llt", "stable-ll" and "stable-uuid" will generate a DUID of the corresponding type, derived from the connection's stable-id and a per-host unique key. You may want to include the "${DEVICE}" or "${MAC}" specifier in the stable-id, in case this profile gets activated on multiple devices. So, the link-layer address of "stable-ll" and "stable-llt" will be a generated address derived from the stable id. The DUID-LLT time value in the "stable-llt" option will be picked among a static timespan of three years (the upper bound of the interval is the same constant timestamp used in "llt").</para><para>When the property is unset, the global value provided for "ipv6.dhcp-duid" is used. If no global value is provided, the default "lease" value is assumed.</para><para>
             Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.dhcp-hostname">dhcp-hostname</option></term><listitem><para>If the "dhcp-send-hostname" property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease. This property and "dhcp-fqdn" are mutually exclusive and cannot be set at the same time.</para><para>
             Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.dhcp-hostname-flags">dhcp-hostname-flags</option></term><listitem><para>Flags for the DHCP hostname and FQDN.</para><para>Currently, this property only includes flags to control the FQDN flags set in the DHCP FQDN option. Supported FQDN flags are NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) and NM_DHCP_HOSTNAME_FLAG_FQDN_NO_UPDATE (0x4).  When no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is set, the DHCP FQDN option will contain no flag. Otherwise, if no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is not set, the standard FQDN flags are set in the request: NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) for IPv4 and NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1) for IPv6.</para><para>When this property is set to the default value NM_DHCP_HOSTNAME_FLAG_NONE (0x0), a global default is looked up in NetworkManager configuration. If that value is unset or also NM_DHCP_HOSTNAME_FLAG_NONE (0x0), then the standard FQDN flags described above are sent in the DHCP requests.</para><para>
-            Format: uint32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.dhcp-iaid">dhcp-iaid</option></term><listitem><para>A string containing the "Identity Association Identifier" (IAID) used by the DHCP client. The property is a 32-bit decimal value or a special value among "mac", "perm-mac", "ifname" and "stable". When set to "mac" (or "perm-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to "ifname", the IAID is computed by hashing the interface name. The special value "stable" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname". Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address.</para><para>
+            Format: uint32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.dhcp-iaid">dhcp-iaid</option></term><listitem><para>A string containing the "Identity Association Identifier" (IAID) used by the DHCP client. The string can be a 32-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers). Alternatively it can be set to the special values "mac", "perm-mac", "ifname" or "stable". When set to "mac" (or "perm-mac"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to "ifname", the IAID is computed by hashing the interface name. The special value "stable" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be "ifname".</para><para>For DHCPv4, the IAID is only used with "ipv4.dhcp-client-id" values "duid" and "ipv6-duid" to generate the client-id.</para><para>For DHCPv6, note that at the moment this property is only supported by the "internal" DHCPv6 plugin. The "dhclient" DHCPv6 plugin always derives the IAID from the MAC address.</para><para>The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device.</para><para>
             Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.dhcp-send-hostname">dhcp-send-hostname</option></term><listitem><para>If TRUE, a hostname is sent to the DHCP server when acquiring a lease. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer.  If the "dhcp-hostname" property is NULL and this property is TRUE, the current persistent hostname of the computer is sent.</para><para>
             Format: boolean</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.dhcp-timeout">dhcp-timeout</option></term><listitem><para>A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds).</para><para>Set to 2147483647 (MAXINT32) for infinity.</para><para>
             Format: int32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.dns">dns</option></term><listitem><para>Array of IP addresses of DNS servers.</para><para>For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved.</para><para>
@@ -410,7 +411,8 @@ Example: <literal>priority 5 from 192.167.4.0/24 table 45</literal>
             Format: string</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.mtu">mtu</option></term><listitem><para>Maximum transmission unit size, in bytes. If zero (the default), the MTU is set automatically from router advertisements or is left equal to the link-layer MTU. If greater than the link-layer MTU, or greater than zero but less than the minimum IPv6 MTU of 1280, this value has no effect.</para><para>
             Format: uint32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.never-default">never-default</option></term><listitem><para>If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.</para><para>
             Format: boolean</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.ra-timeout">ra-timeout</option></term><listitem><para>A timeout for waiting Router Advertisements in seconds. If zero (the default), a globally configured default is used. If still unspecified, the timeout depends on the sysctl settings of the device.</para><para>Set to 2147483647 (MAXINT32) for infinity.</para><para>
-            Format: int32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.required-timeout">required-timeout</option></term><listitem><para>The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds.</para><para>This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active.</para><para>Note that if "may-fail" is FALSE for the same address family, this property has no effect as NetworkManager needs to wait for the full DHCP timeout.</para><para>A zero value means that no required timeout is present, -1 means the default value (either configuration ipvx.required-timeout override or zero).</para><para>
+            Format: int32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.replace-local-rule">replace-local-rule</option></term><listitem><para>Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE.</para><para>
+            Format: NMTernary (int32)</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.required-timeout">required-timeout</option></term><listitem><para>The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds.</para><para>This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active.</para><para>Note that if "may-fail" is FALSE for the same address family, this property has no effect as NetworkManager needs to wait for the full DHCP timeout.</para><para>A zero value means that no required timeout is present, -1 means the default value (either configuration ipvx.required-timeout override or zero).</para><para>
             Format: int32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.route-metric">route-metric</option></term><listitem><para>The default metric for routes that don't explicitly specify a metric. The default value -1 means that the metric is chosen automatically based on the device type. The metric applies to dynamic routes, manual (static) routes that don't have an explicit metric setting, address prefix routes, and the default route. Note that for IPv6, the kernel accepts zero (0) but coerces it to 1024 (user default). Hence, setting this property to zero effectively mean setting it to 1024. For IPv4, zero is a regular value for the metric.</para><para>
             Format: int64</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.route-table">route-table</option></term><listitem><para>Enable policy routing (source routing) and set the routing table used when adding routes.</para><para>This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table.</para><para>If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection.</para><para>Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.</para><para>
             Format: uint32</para></listitem></varlistentry><varlistentry><term><option id="nm-settings-nmcli.property.ipv6.routes">routes</option></term><listitem><para>
@@ -474,7 +476,7 @@ Example: <literal>priority 5 from 192.167.4.0/24 table 45</literal>
    </listitem>
    <listitem>
      <para><literal>"type"</literal> - one of <literal>unicast</literal>, <literal>local</literal>, <literal>blackhole</literal>,
-       <literal>unavailable</literal>, <literal>prohibit</literal>, <literal>throw</literal>.
+       <literal>unreachable</literal>, <literal>prohibit</literal>, <literal>throw</literal>.
        The default is <literal>unicast</literal>.</para>
    </listitem>
    <listitem>
diff --git a/man/nmcli-examples.7 b/man/nmcli-examples.7
index 47e2728bb9..055716bd73 100644
--- a/man/nmcli-examples.7
+++ b/man/nmcli-examples.7
@@ -2,12 +2,12 @@
 .\"     Title: nmcli-examples
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: Examples
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NMCLI\-EXAMPLES" "7" "" "NetworkManager 1\&.42\&.0" "Examples"
+.TH "NMCLI\-EXAMPLES" "7" "" "NetworkManager 1\&.42\&.4" "Examples"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/nmcli.1 b/man/nmcli.1
index 895fa06be8..374593ce72 100644
--- a/man/nmcli.1
+++ b/man/nmcli.1
@@ -2,12 +2,12 @@
 .\"     Title: nmcli
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: General Commands Manual
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NMCLI" "1" "" "NetworkManager 1\&.42\&.0" "General Commands Manual"
+.TH "NMCLI" "1" "" "NetworkManager 1\&.42\&.4" "General Commands Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/man/nmtui.1 b/man/nmtui.1
index 536167aa21..ebf235f68a 100644
--- a/man/nmtui.1
+++ b/man/nmtui.1
@@ -2,12 +2,12 @@
 .\"     Title: nmtui
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/10/2023
+.\"      Date: 03/09/2023
 .\"    Manual: General Commands Manual
-.\"    Source: NetworkManager 1.42.0
+.\"    Source: NetworkManager 1.42.4
 .\"  Language: English
 .\"
-.TH "NMTUI" "1" "" "NetworkManager 1\&.42\&.0" "General Commands Manual"
+.TH "NMTUI" "1" "" "NetworkManager 1\&.42\&.4" "General Commands Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/meson.build b/meson.build
index 62e037a701..4651739a07 100644
--- a/meson.build
+++ b/meson.build
@@ -6,7 +6,7 @@ project(
 #  - add corresponding NM_VERSION_x_y_z macros in
 #    "src/libnm-core-public/nm-version-macros.h.in"
 #  - update number in configure.ac
-  version: '1.42.0',
+  version: '1.42.4',
   license: 'GPL2+',
   default_options: [
     'buildtype=debugoptimized',
@@ -584,7 +584,10 @@ enable_modem_manager = get_option('modem_manager')
 if enable_modem_manager
   mm_glib_dep = dependency('mm-glib', version: '>= 0.7.991')
 
-  mobile_broadband_provider_info_database = dependency('mobile-broadband-provider-info').get_pkgconfig_variable('database')
+  mobile_broadband_provider_info_database = get_option('mobile_broadband_provider_info_database')
+  if mobile_broadband_provider_info_database == ''
+    mobile_broadband_provider_info_database = dependency('mobile-broadband-provider-info').get_pkgconfig_variable('database')
+  endif
   config_h.set_quoted('MOBILE_BROADBAND_PROVIDER_INFO_DATABASE', mobile_broadband_provider_info_database)
 endif
 
@@ -1054,6 +1057,9 @@ output += '  jansson: ' + jansson_msg + '\n'
 output += '  iptables: ' + config_h.get('IPTABLES_PATH') + '\n'
 output += '  nft: ' + config_h.get('NFT_PATH') + '\n'
 output += '  modemmanager-1: ' + enable_modem_manager.to_string() + '\n'
+if enable_modem_manager
+  output += '  mobile-broadband-provider-info-database: ' + mobile_broadband_provider_info_database + '\n'
+endif
 output += '  ofono: ' + enable_ofono.to_string() + '\n'
 output += '  concheck: ' + enable_concheck.to_string() + '\n'
 output += '  libteamdctl: ' + enable_teamdctl.to_string() + '\n'
diff --git a/meson_options.txt b/meson_options.txt
index 8b1d32e645..4e359f9e92 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -32,6 +32,7 @@ option('ppp', type: 'boolean', value: true, description: 'enable PPP/PPPoE suppo
 option('pppd', type: 'string', value: '', description: 'path to pppd binary')
 option('pppd_plugin_dir', type: 'string', value: '', description: 'path to the pppd plugins directory')
 option('modem_manager', type: 'boolean', value: true, description: 'Enable new ModemManager1 interface support')
+option('mobile_broadband_provider_info_database', type: 'string', value: '', description: 'path to the mobile-broadband-provider-info database')
 option('ofono', type: 'boolean', value: false, description: 'Enable oFono support (experimental)')
 option('concheck', type: 'boolean', value: true, description: 'enable connectivity checking support')
 option('teamdctl', type: 'boolean', value: false, description: 'enable Teamd control support')
diff --git a/src/core/devices/nm-device-ip-tunnel.c b/src/core/devices/nm-device-ip-tunnel.c
index 5e5ba63243..a5760bf40e 100644
--- a/src/core/devices/nm-device-ip-tunnel.c
+++ b/src/core/devices/nm-device-ip-tunnel.c
@@ -296,7 +296,7 @@ clear:
         if (lnk->ikey)
             input_key = g_strdup_printf("%u", lnk->ikey);
         if (lnk->okey)
-            input_key = g_strdup_printf("%u", lnk->okey);
+            output_key = g_strdup_printf("%u", lnk->okey);
     } else if (priv->mode == NM_IP_TUNNEL_MODE_VTI6) {
         const NMPlatformLnkVti6 *lnk;
 
@@ -313,7 +313,7 @@ clear:
         if (lnk->ikey)
             input_key = g_strdup_printf("%u", lnk->ikey);
         if (lnk->okey)
-            input_key = g_strdup_printf("%u", lnk->okey);
+            output_key = g_strdup_printf("%u", lnk->okey);
     } else
         g_return_if_reached();
 
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
index 044786149c..3565c04d59 100644
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@@ -312,7 +312,7 @@ typedef struct {
 
 typedef enum {
     RESOLVER_WAIT_ADDRESS = 0,
-    RESOLVER_IN_PROGRESS,
+    RESOLVER_STARTED,
     RESOLVER_DONE,
 } ResolverState;
 
@@ -1810,6 +1810,7 @@ _prop_get_ipvx_dhcp_iaid(NMDevice     *self,
     const char        *iface;
     const char        *fail_reason;
     gboolean           is_explicit = TRUE;
+    gint64             i64;
 
     s_ip     = nm_connection_get_setting_ip_config(connection, addr_family);
     iaid_str = nm_setting_ip_config_get_dhcp_iaid(s_ip);
@@ -1868,7 +1869,7 @@ _prop_get_ipvx_dhcp_iaid(NMDevice     *self,
 
         iaid = unaligned_read_be32(&hwaddr_buf[hwaddr_len - 4]);
         goto out_good;
-    } else if (nm_streq(iaid_str, "stable")) {
+    } else if (nm_streq(iaid_str, NM_IAID_STABLE)) {
         nm_auto_free_checksum GChecksum *sum = NULL;
         guint8                           digest[NM_UTILS_CHECKSUM_LENGTH_SHA1];
         NMUtilsStableType                stable_type;
@@ -1891,14 +1892,21 @@ _prop_get_ipvx_dhcp_iaid(NMDevice     *self,
 
         iaid = unaligned_read_be32(digest);
         goto out_good;
-    } else if ((iaid = _nm_utils_ascii_str_to_int64(iaid_str, 10, 0, G_MAXUINT32, -1)) != -1) {
-        goto out_good;
-    } else {
+    } else if (nm_streq(iaid_str, NM_IAID_IFNAME)) {
         iface = nm_device_get_ip_iface(self);
         iaid  = nm_utils_create_dhcp_iaid(TRUE, (const guint8 *) iface, strlen(iface));
         goto out_good;
+    } else if (_nm_utils_iaid_verify(iaid_str, &i64)) {
+        if (i64 < 0) {
+            fail_reason = nm_assert_unreachable_val("bug handling iaid value");
+            goto out_fail;
+        }
+        nm_assert(i64 <= G_MAXUINT32);
+        iaid = (guint32) i64;
+        goto out_good;
     }
 
+    fail_reason = nm_assert_unreachable_val("bug handling iaid code");
 out_fail:
     nm_assert(fail_reason);
     if (!log_silent) {
@@ -1912,11 +1920,13 @@ out_fail:
     iaid        = nm_utils_create_dhcp_iaid(TRUE, (const guint8 *) iface, strlen(iface));
 out_good:
     if (!log_silent) {
+        char buf[NM_DHCP_IAID_TO_HEXSTR_BUF_LEN];
+
         _LOGD(LOGD_DEVICE | LOGD_DHCPX(IS_IPv4) | LOGD_IPX(IS_IPv4),
-              "ipv%c.dhcp-iaid: using %u (0x%08x) IAID (str: '%s', explicit %d)",
+              "ipv%c.dhcp-iaid: using %u (%s) IAID (str: '%s', explicit %d)",
               nm_utils_addr_family_to_char(addr_family),
               iaid,
-              iaid,
+              nm_dhcp_iaid_to_hexstr(iaid, buf),
               iaid_str,
               is_explicit);
     }
@@ -7168,6 +7178,9 @@ nm_device_update_from_platform_link(NMDevice *self, const NMPlatformLink *plink)
 
     ifindex_changed = _set_ifindex(self, plink ? plink->ifindex : 0, FALSE);
 
+    nm_device_update_hw_address(self);
+    nm_device_update_permanent_hw_address(self, FALSE);
+
     if (ifindex_changed)
         NM_DEVICE_GET_CLASS(self)->link_changed(self, plink);
 
@@ -8581,6 +8594,7 @@ nm_device_generate_connection(NMDevice *self,
                         nm_device_get_iface(master),
                         local->message);
             g_error_free(local);
+            NM_SET_OUT(out_maybe_later, TRUE);
             return NULL;
         }
     } else {
@@ -9641,6 +9655,18 @@ _routing_rules_sync(NMDevice *self, NMTernary set_mode)
                                               user_tag_1,
                                               NMP_GLOBAL_TRACKER_EXTERN_WEAKLY_TRACKED_USER_TAG);
             }
+
+            if (nm_setting_ip_config_get_replace_local_rule(s_ip) == NM_TERNARY_TRUE) {
+                /* The user specified that the local rule should be replaced.
+                 * In order to do that, we track the local rule with negative
+                 * priority. */
+                nmp_global_tracker_track_local_rule(
+                    global_tracker,
+                    addr_family,
+                    -5,
+                    user_tag_1,
+                    NMP_GLOBAL_TRACKER_EXTERN_WEAKLY_TRACKED_USER_TAG);
+            }
         }
 
         if (klass->get_extra_rules) {
@@ -17093,6 +17119,21 @@ nm_device_auth_retries_try_next(NMDevice *self)
     return TRUE;
 }
 
+static const char *
+_resolver_state_to_string(ResolverState state)
+{
+    switch (state) {
+    case RESOLVER_WAIT_ADDRESS:
+        return "WAIT-ADDRESS";
+    case RESOLVER_STARTED:
+        return "STARTED";
+    case RESOLVER_DONE:
+        return "DONE";
+    }
+    nm_assert_not_reached();
+    return "UNKNOWN";
+}
+
 static void
 hostname_dns_lookup_callback(GObject *source, GAsyncResult *result, gpointer user_data)
 {
@@ -17112,7 +17153,9 @@ hostname_dns_lookup_callback(GObject *source, GAsyncResult *result, gpointer use
 
     if (error) {
         _LOGD(LOGD_DNS,
-              "hostname-from-dns: lookup error for %s: %s",
+              "hostname-from-dns: ipv%c resolver %s: lookup error for %s: %s",
+              nm_utils_addr_family_to_char(resolver->addr_family),
+              _resolver_state_to_string(RESOLVER_DONE),
               (addr_str = g_inet_address_to_string(resolver->address)),
               error->message);
     } else {
@@ -17122,7 +17165,9 @@ hostname_dns_lookup_callback(GObject *source, GAsyncResult *result, gpointer use
         valid              = nm_utils_validate_hostname(resolver->hostname);
 
         _LOGD(LOGD_DNS,
-              "hostname-from-dns: lookup done for %s, result %s%s%s%s",
+              "hostname-from-dns: ipv%c resolver %s: lookup successful for %s, result %s%s%s%s",
+              nm_utils_addr_family_to_char(resolver->addr_family),
+              _resolver_state_to_string(RESOLVER_DONE),
               (addr_str = g_inet_address_to_string(resolver->address)),
               NM_PRINT_FMT_QUOTE_STRING(resolver->hostname),
               valid ? "" : " (invalid)");
@@ -17148,8 +17193,9 @@ hostname_dns_address_timeout(gpointer user_data)
     nm_assert(!resolver->cancellable);
 
     _LOGT(LOGD_DNS,
-          "hostname-from-dns: timed out while waiting IPv%c address",
-          nm_utils_addr_family_to_char(resolver->addr_family));
+          "hostname-from-dns: ipv%c state %s: timed out while waiting for address",
+          nm_utils_addr_family_to_char(resolver->addr_family),
+          _resolver_state_to_string(RESOLVER_DONE));
 
     resolver->timeout_id = 0;
     resolver->state      = RESOLVER_DONE;
@@ -17158,30 +17204,16 @@ hostname_dns_address_timeout(gpointer user_data)
     return G_SOURCE_REMOVE;
 }
 
-static const char *
-_resolver_state_to_string(ResolverState state)
-{
-    switch (state) {
-    case RESOLVER_WAIT_ADDRESS:
-        return "wait-address";
-    case RESOLVER_IN_PROGRESS:
-        return "in-progress";
-    case RESOLVER_DONE:
-        return "done";
-    default:
-        nm_assert_not_reached();
-        return "unknown";
-    }
-}
-
 void
-nm_device_clear_dns_lookup_data(NMDevice *self)
+nm_device_clear_dns_lookup_data(NMDevice *self, const char *reason)
 {
     NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE(self);
-    guint            i;
 
-    for (i = 0; i < 2; i++)
-        nm_clear_pointer(&priv->hostname_resolver_x[i], _hostname_resolver_free);
+    if (priv->hostname_resolver_4 || priv->hostname_resolver_6) {
+        _LOGT(LOGD_DNS, "hostname-from-dns: resetting (%s)", reason);
+        nm_clear_pointer(&priv->hostname_resolver_4, _hostname_resolver_free);
+        nm_clear_pointer(&priv->hostname_resolver_6, _hostname_resolver_free);
+    }
 }
 
 gboolean
@@ -17222,6 +17254,9 @@ get_address_for_hostname_dns_lookup(NMDevice *self, int addr_family)
                 return g_inet_address_new_from_bytes(addr->ax.address_ptr, G_SOCKET_FAMILY_IPV4);
             }
 
+            if (addr->ax.n_ifa_flags & IFA_F_TENTATIVE)
+                continue;
+
             /* For IPv6 prefer, in order:
              * - !link-local, !deprecated
              * - !link-local, deprecated
@@ -17315,29 +17350,35 @@ nm_device_get_hostname_from_dns_lookup(NMDevice *self, int addr_family, gboolean
     } else if (new_address != resolver->address)
         address_changed = TRUE;
 
+    if (address_changed) {
+        /* set new state before logging */
+        if (new_address)
+            resolver->state = RESOLVER_STARTED;
+        else
+            resolver->state = RESOLVER_WAIT_ADDRESS;
+    }
+
     {
         gs_free char *old_str = NULL;
         gs_free char *new_str = NULL;
 
-        _LOGT(LOGD_DNS,
-              "hostname-from-dns: ipv%c resolver state %s, old address %s, new address %s",
-              nm_utils_addr_family_to_char(resolver->addr_family),
-              _resolver_state_to_string(resolver->state),
-              resolver->address ? (old_str = g_inet_address_to_string(resolver->address))
-                                : "(null)",
-              new_address ? (new_str = g_inet_address_to_string(new_address)) : "(null)");
+        if (address_changed) {
+            _LOGT(LOGD_DNS,
+                  "hostname-from-dns: ipv%c resolver %s, address changed from %s to %s",
+                  nm_utils_addr_family_to_char(resolver->addr_family),
+                  _resolver_state_to_string(resolver->state),
+                  resolver->address ? (old_str = g_inet_address_to_string(resolver->address))
+                                    : "(null)",
+                  new_address ? (new_str = g_inet_address_to_string(new_address)) : "(null)");
+        }
     }
 
-    /* In every state, if the address changed, we restart
-     * the resolution with the new address */
     if (address_changed) {
         nm_clear_g_cancellable(&resolver->cancellable);
         g_clear_object(&resolver->address);
-        resolver->state = RESOLVER_WAIT_ADDRESS;
     }
 
     if (address_changed && new_address) {
-        resolver->state       = RESOLVER_IN_PROGRESS;
         resolver->cancellable = g_cancellable_new();
         resolver->address     = g_steal_pointer(&new_address);
 
@@ -17355,7 +17396,7 @@ nm_device_get_hostname_from_dns_lookup(NMDevice *self, int addr_family, gboolean
             resolver->timeout_id = g_timeout_add(30000, hostname_dns_address_timeout, resolver);
         NM_SET_OUT(out_wait, TRUE);
         return NULL;
-    case RESOLVER_IN_PROGRESS:
+    case RESOLVER_STARTED:
         NM_SET_OUT(out_wait, TRUE);
         return NULL;
     case RESOLVER_DONE:
diff --git a/src/core/devices/nm-device.h b/src/core/devices/nm-device.h
index f54457d12e..bcf4d7b991 100644
--- a/src/core/devices/nm-device.h
+++ b/src/core/devices/nm-device.h
@@ -817,7 +817,7 @@ gboolean nm_device_is_vpn(NMDevice *self);
 const char *
 nm_device_get_hostname_from_dns_lookup(NMDevice *self, int addr_family, gboolean *out_pending);
 
-void nm_device_clear_dns_lookup_data(NMDevice *self);
+void nm_device_clear_dns_lookup_data(NMDevice *self, const char *reason);
 
 gboolean nm_device_get_allow_autoconnect_on_external(NMDevice *self);
 
diff --git a/src/core/devices/wwan/nm-modem-ofono.c b/src/core/devices/wwan/nm-modem-ofono.c
index b374562189..33a19e9366 100644
--- a/src/core/devices/wwan/nm-modem-ofono.c
+++ b/src/core/devices/wwan/nm-modem-ofono.c
@@ -734,7 +734,7 @@ update_connection_list(NMModemOfono *self)
 
     g_hash_table_iter_init(&iter, priv->contexts);
     while (g_hash_table_iter_next(&iter, (gpointer *) &uuid, (gpointer *) &octx)) {
-        if (octx->preferred) {
+        if (octx->preferred && nm_streq(octx->type, "internet")) {
             octx_preferred = octx;
             break;
         }
@@ -743,8 +743,7 @@ update_connection_list(NMModemOfono *self)
     g_hash_table_iter_init(&iter, priv->contexts);
     while (g_hash_table_iter_next(&iter, (gpointer *) &uuid, (gpointer *) &octx)) {
         gboolean connection_should_exist =
-            (!octx_preferred || octx_preferred == octx)
-            && (nm_streq(octx->type, "internet") || nm_streq(octx->type, "internet+mms"));
+            octx_preferred == octx || (!octx_preferred && nm_streq(octx->type, "internet"));
         gboolean connection_exists = g_hash_table_contains(priv->connections, uuid);
 
         if (connection_should_exist && !connection_exists) {
diff --git a/src/core/dhcp/nm-dhcp-client.c b/src/core/dhcp/nm-dhcp-client.c
index 600cb930dc..1fc2d94461 100644
--- a/src/core/dhcp/nm-dhcp-client.c
+++ b/src/core/dhcp/nm-dhcp-client.c
@@ -241,7 +241,8 @@ nm_dhcp_client_create_l3cd(NMDhcpClient *self)
 GHashTable *
 nm_dhcp_client_create_options_dict(NMDhcpClient *self, gboolean static_keys)
 {
-    NMDhcpClientPrivate *priv = NM_DHCP_CLIENT_GET_PRIVATE(self);
+    NMDhcpClientPrivate *priv    = NM_DHCP_CLIENT_GET_PRIVATE(self);
+    const int            IS_IPv4 = NM_IS_IPv4(priv->config.addr_family);
     GHashTable          *options;
     GBytes              *effective_client_id;
 
@@ -249,22 +250,18 @@ nm_dhcp_client_create_options_dict(NMDhcpClient *self, gboolean static_keys)
 
     effective_client_id = nm_dhcp_client_get_effective_client_id(self);
     if (effective_client_id) {
-        guint         option = NM_IS_IPv4(priv->config.addr_family) ? NM_DHCP_OPTION_DHCP4_CLIENT_ID
-                                                                    : NM_DHCP_OPTION_DHCP6_CLIENT_ID;
-        gs_free char *str    = nm_dhcp_utils_duid_to_string(effective_client_id);
+        guint option = IS_IPv4 ? NM_DHCP_OPTION_DHCP4_CLIENT_ID : NM_DHCP_OPTION_DHCP6_CLIENT_ID;
+        gs_free char *str = nm_dhcp_utils_duid_to_string(effective_client_id);
 
         /* Note that for the nm-dhcp-helper based plugins (dhclient), the plugin
          * may send the used client-id/DUID via the environment variables and
          * overwrite them yet again. */
 
-        if (static_keys) {
-            nm_dhcp_option_add_option(options, priv->config.addr_family, option, str);
-        } else {
-            g_hash_table_insert(
-                options,
-                g_strdup(nm_dhcp_option_request_string(priv->config.addr_family, option)),
-                g_steal_pointer(&str));
-        }
+        nm_dhcp_option_take_option(options,
+                                   static_keys,
+                                   priv->config.addr_family,
+                                   option,
+                                   g_steal_pointer(&str));
     }
 
     return options;
@@ -1591,6 +1588,20 @@ maybe_add_option(NMDhcpClient *self, GHashTable *hash, const char *key, GVariant
         str_value = nm_dhcp_utils_duid_to_string(bytes);
     }
 
+    if (!IS_IPv4 && nm_streq(key, "iaid")) {
+        gs_free char *str = g_steal_pointer(&str_value);
+        guint32       iaid;
+
+        /* Validate and normalize the iaid. */
+
+        if (!nm_dhcp_iaid_from_hexstr(str, &iaid)) {
+            /* Seems invalid. Ignore */
+            return;
+        }
+
+        str_value = nm_dhcp_iaid_to_hexstr(iaid, g_malloc(NM_DHCP_IAID_TO_HEXSTR_BUF_LEN));
+    }
+
     g_hash_table_insert(hash, g_strdup(key), str_value);
 
     /* dhclient has no special labels for private dhcp options: it uses "unknown_xyz"
diff --git a/src/core/dhcp/nm-dhcp-nettools.c b/src/core/dhcp/nm-dhcp-nettools.c
index 9cdfd9aa6a..f36dfb4d38 100644
--- a/src/core/dhcp/nm-dhcp-nettools.c
+++ b/src/core/dhcp/nm-dhcp-nettools.c
@@ -84,6 +84,11 @@ static void dhcp4_event_pop_all_events_on_idle(NMDhcpNettools *self);
 
 /*****************************************************************************/
 
+#define _add_option(options, option, str) \
+    nm_dhcp_option_add_option((options), TRUE, AF_INET, (option), (str))
+
+/*****************************************************************************/
+
 static void
 set_error_nettools(GError **error, int r, const char *message)
 {
@@ -266,26 +271,34 @@ lease_parse_address(NMDhcpNettools    *self /* for logging context only */,
     }
 
     nm_dhcp_option_add_option_in_addr(options,
+                                      TRUE,
                                       AF_INET,
                                       NM_DHCP_OPTION_DHCP4_NM_IP_ADDRESS,
                                       a_address.s_addr);
     nm_dhcp_option_add_option_in_addr(options,
+                                      TRUE,
                                       AF_INET,
                                       NM_DHCP_OPTION_DHCP4_SUBNET_MASK,
                                       a_netmask);
 
     nm_dhcp_option_add_option_u64(options,
+                                  TRUE,
                                   AF_INET,
                                   NM_DHCP_OPTION_DHCP4_IP_ADDRESS_LEASE_TIME,
                                   (guint64) a_lifetime);
 
     if (a_expiry != G_MAXUINT64) {
-        nm_dhcp_option_add_option_u64(options, AF_INET, NM_DHCP_OPTION_DHCP4_NM_EXPIRY, a_expiry);
+        nm_dhcp_option_add_option_u64(options,
+                                      TRUE,
+                                      AF_INET,
+                                      NM_DHCP_OPTION_DHCP4_NM_EXPIRY,
+                                      a_expiry);
     }
 
     n_dhcp4_client_lease_get_siaddr(lease, &a_next_server);
     if (a_next_server.s_addr != INADDR_ANY) {
         nm_dhcp_option_add_option_in_addr(options,
+                                          TRUE,
                                           AF_INET,
                                           NM_DHCP_OPTION_DHCP4_NM_NEXT_SERVER,
                                           a_next_server.s_addr);
@@ -368,7 +381,7 @@ lease_parse_address_list(NDhcp4ClientLease       *lease,
         }
     }
 
-    nm_dhcp_option_add_option(options, AF_INET, option, nm_str_buf_get_str(sbuf));
+    _add_option(options, option, nm_str_buf_get_str(sbuf));
 }
 
 static void
@@ -446,7 +459,7 @@ lease_parse_routes(NDhcp4ClientLease *lease,
         }
 
         has_classless = TRUE;
-        nm_dhcp_option_add_option(options, AF_INET, option_code, nm_str_buf_get_str(sbuf));
+        _add_option(options, option_code, nm_str_buf_get_str(sbuf));
     }
 
     r = _client_lease_query(lease, NM_DHCP_OPTION_DHCP4_STATIC_ROUTE, &l_data, &l_data_len);
@@ -489,10 +502,7 @@ lease_parse_routes(NDhcp4ClientLease *lease,
                                           }));
         }
 
-        nm_dhcp_option_add_option(options,
-                                  AF_INET,
-                                  NM_DHCP_OPTION_DHCP4_STATIC_ROUTE,
-                                  nm_str_buf_get_str(sbuf));
+        _add_option(options, NM_DHCP_OPTION_DHCP4_STATIC_ROUTE, nm_str_buf_get_str(sbuf));
     }
 
     r = _client_lease_query(lease, NM_DHCP_OPTION_DHCP4_ROUTER, &l_data, &l_data_len);
@@ -534,10 +544,7 @@ lease_parse_routes(NDhcp4ClientLease *lease,
                                           }));
         }
 
-        nm_dhcp_option_add_option(options,
-                                  AF_INET,
-                                  NM_DHCP_OPTION_DHCP4_ROUTER,
-                                  nm_str_buf_get_str(sbuf));
+        _add_option(options, NM_DHCP_OPTION_DHCP4_ROUTER, nm_str_buf_get_str(sbuf));
     }
 }
 
@@ -570,6 +577,7 @@ lease_parse_search_domains(NDhcp4ClientLease *lease,
         nm_l3_config_data_add_search(l3cd, AF_INET, domains[i]);
 
     nm_dhcp_option_take_option(options,
+                               TRUE,
                                AF_INET,
                                NM_DHCP_OPTION_DHCP4_DOMAIN_SEARCH_LIST,
                                g_strjoinv(" ", domains));
@@ -598,7 +606,7 @@ lease_parse_private_options(NDhcp4ClientLease *lease, GHashTable *options)
             continue;
 
         option_string = nm_utils_bin2hexstr_full(l_data, l_data_len, ':', FALSE, NULL);
-        nm_dhcp_option_take_option(options, AF_INET, i, g_steal_pointer(&option_string));
+        nm_dhcp_option_take_option(options, TRUE, AF_INET, i, g_steal_pointer(&option_string));
     }
 }
 
@@ -632,6 +640,7 @@ lease_to_ip4_config(NMDhcpNettools *self, NDhcp4ClientLease *lease, GError **err
     r = n_dhcp4_client_lease_get_server_identifier(lease, &v_inaddr_s);
     if (r == 0) {
         nm_dhcp_option_add_option_in_addr(options,
+                                          TRUE,
                                           AF_INET,
                                           NM_DHCP_OPTION_DHCP4_SERVER_ID,
                                           v_inaddr_s.s_addr);
@@ -645,6 +654,7 @@ lease_to_ip4_config(NMDhcpNettools *self, NDhcp4ClientLease *lease, GError **err
                                             iface,
                                             NM_DHCP_OPTION_DHCP4_BROADCAST)) {
         nm_dhcp_option_add_option_in_addr(options,
+                                          TRUE,
                                           AF_INET,
                                           NM_DHCP_OPTION_DHCP4_BROADCAST,
                                           v_inaddr);
@@ -696,10 +706,7 @@ lease_to_ip4_config(NMDhcpNettools *self, NDhcp4ClientLease *lease, GError **err
         }
 
         if (sbuf.len > 0) {
-            nm_dhcp_option_add_option(options,
-                                      AF_INET,
-                                      NM_DHCP_OPTION_DHCP4_DOMAIN_NAME,
-                                      nm_str_buf_get_str(&sbuf));
+            _add_option(options, NM_DHCP_OPTION_DHCP4_DOMAIN_NAME, nm_str_buf_get_str(&sbuf));
         }
     }
 
@@ -713,7 +720,11 @@ lease_to_ip4_config(NMDhcpNettools *self, NDhcp4ClientLease *lease, GError **err
                                         iface,
                                         AF_INET,
                                         NM_DHCP_OPTION_DHCP4_INTERFACE_MTU)) {
-        nm_dhcp_option_add_option_u64(options, AF_INET, NM_DHCP_OPTION_DHCP4_INTERFACE_MTU, v_u16);
+        nm_dhcp_option_add_option_u64(options,
+                                      TRUE,
+                                      AF_INET,
+                                      NM_DHCP_OPTION_DHCP4_INTERFACE_MTU,
+                                      v_u16);
         nm_l3_config_data_set_mtu(l3cd, v_u16);
     }
 
@@ -731,7 +742,7 @@ lease_to_ip4_config(NMDhcpNettools *self, NDhcp4ClientLease *lease, GError **err
                                             iface,
                                             AF_INET,
                                             NM_DHCP_OPTION_DHCP4_HOST_NAME)) {
-            nm_dhcp_option_add_option(options, AF_INET, NM_DHCP_OPTION_DHCP4_HOST_NAME, s);
+            _add_option(options, NM_DHCP_OPTION_DHCP4_HOST_NAME, s);
         }
     }
 
@@ -755,6 +766,7 @@ lease_to_ip4_config(NMDhcpNettools *self, NDhcp4ClientLease *lease, GError **err
             /* "Its minimum length is 1." */
         } else {
             nm_dhcp_option_add_option_utf8safe_escape(options,
+                                                      TRUE,
                                                       AF_INET,
                                                       NM_DHCP_OPTION_DHCP4_ROOT_PATH,
                                                       l_data,
@@ -782,10 +794,7 @@ lease_to_ip4_config(NMDhcpNettools *self, NDhcp4ClientLease *lease, GError **err
         const char   *escaped;
 
         escaped = nm_utils_buf_utf8safe_escape((char *) l_data, l_data_len, 0, &to_free);
-        nm_dhcp_option_add_option(options,
-                                  AF_INET,
-                                  NM_DHCP_OPTION_DHCP4_PRIVATE_PROXY_AUTODISCOVERY,
-                                  escaped ?: "");
+        _add_option(options, NM_DHCP_OPTION_DHCP4_PRIVATE_PROXY_AUTODISCOVERY, escaped ?: "");
 
         nm_l3_config_data_set_proxy_method(l3cd, NM_PROXY_CONFIG_METHOD_AUTO);
         nm_l3_config_data_set_proxy_pac_url(l3cd, escaped ?: "");
@@ -808,7 +817,7 @@ lease_to_ip4_config(NMDhcpNettools *self, NDhcp4ClientLease *lease, GError **err
                                              NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL,
                                              &to_free);
 
-        nm_dhcp_option_add_option(options, AF_INET, NM_DHCP_OPTION_DHCP4_NIS_DOMAIN, v_str ?: "");
+        _add_option(options, NM_DHCP_OPTION_DHCP4_NIS_DOMAIN, v_str ?: "");
         nm_l3_config_data_set_nis_domain(l3cd, v_str ?: "");
     }
 
@@ -820,7 +829,7 @@ lease_to_ip4_config(NMDhcpNettools *self, NDhcp4ClientLease *lease, GError **err
                                              -1,
                                              NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL,
                                              &to_free);
-        nm_dhcp_option_add_option(options, AF_INET, NM_DHCP_OPTION_DHCP4_NM_FILENAME, v_str ?: "");
+        _add_option(options, NM_DHCP_OPTION_DHCP4_NM_FILENAME, v_str ?: "");
     }
 
     r = _client_lease_query(lease, NM_DHCP_OPTION_DHCP4_BOOTFILE_NAME, &l_data, &l_data_len);
@@ -837,10 +846,7 @@ lease_to_ip4_config(NMDhcpNettools *self, NDhcp4ClientLease *lease, GError **err
                                              l_data_len,
                                              NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL,
                                              &to_free);
-        nm_dhcp_option_add_option(options,
-                                  AF_INET,
-                                  NM_DHCP_OPTION_DHCP4_BOOTFILE_NAME,
-                                  v_str ?: "");
+        _add_option(options, NM_DHCP_OPTION_DHCP4_BOOTFILE_NAME, v_str ?: "");
     }
 
     lease_parse_address_list(lease, l3cd, iface, NM_DHCP_OPTION_DHCP4_NIS_SERVERS, options, &sbuf);
diff --git a/src/core/dhcp/nm-dhcp-options.c b/src/core/dhcp/nm-dhcp-options.c
index d95fe01658..33a9f4ed1d 100644
--- a/src/core/dhcp/nm-dhcp-options.c
+++ b/src/core/dhcp/nm-dhcp-options.c
@@ -383,8 +383,14 @@ nm_dhcp_option_find(int addr_family, guint option)
 /*****************************************************************************/
 
 void
-nm_dhcp_option_take_option(GHashTable *options, int addr_family, guint option, char *value)
+nm_dhcp_option_take_option(GHashTable *options,
+                           gboolean    static_keys,
+                           int         addr_family,
+                           guint       option,
+                           char       *value)
 {
+    const char *key;
+
     nm_assert_addr_family(addr_family);
     nm_assert(value);
     nm_assert(g_utf8_validate(value, -1, NULL));
@@ -395,19 +401,13 @@ nm_dhcp_option_take_option(GHashTable *options, int addr_family, guint option, c
         return;
     }
 
-    g_hash_table_insert(options,
-                        (gpointer) nm_dhcp_option_request_string(addr_family, option),
-                        value);
-}
-
-void
-nm_dhcp_option_add_option(GHashTable *options, int addr_family, guint option, const char *value)
-{
-    nm_dhcp_option_take_option(options, addr_family, option, g_strdup(value));
+    key = nm_dhcp_option_request_string(addr_family, option),
+    g_hash_table_insert(options, static_keys ? (gpointer) key : g_strdup(key), value);
 }
 
 void
 nm_dhcp_option_add_option_utf8safe_escape(GHashTable   *options,
+                                          gboolean      static_keys,
                                           int           addr_family,
                                           guint         option,
                                           const guint8 *data,
@@ -420,13 +420,18 @@ nm_dhcp_option_add_option_utf8safe_escape(GHashTable   *options,
                                            n_data,
                                            NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL,
                                            &to_free);
-    nm_dhcp_option_add_option(options, addr_family, option, escaped ?: "");
+    nm_dhcp_option_add_option(options, static_keys, addr_family, option, escaped ?: "");
 }
 
 void
-nm_dhcp_option_add_option_u64(GHashTable *options, int addr_family, guint option, guint64 value)
+nm_dhcp_option_add_option_u64(GHashTable *options,
+                              gboolean    static_keys,
+                              int         addr_family,
+                              guint       option,
+                              guint64     value)
 {
     nm_dhcp_option_take_option(options,
+                               static_keys,
                                addr_family,
                                option,
                                g_strdup_printf("%" G_GUINT64_FORMAT, value));
@@ -434,13 +439,18 @@ nm_dhcp_option_add_option_u64(GHashTable *options, int addr_family, guint option
 
 void
 nm_dhcp_option_add_option_in_addr(GHashTable *options,
+                                  gboolean    static_keys,
                                   int         addr_family,
                                   guint       option,
                                   in_addr_t   value)
 {
     char sbuf[NM_INET_ADDRSTRLEN];
 
-    nm_dhcp_option_add_option(options, addr_family, option, nm_inet4_ntop(value, sbuf));
+    nm_dhcp_option_add_option(options,
+                              static_keys,
+                              addr_family,
+                              option,
+                              nm_inet4_ntop(value, sbuf));
 }
 
 void
diff --git a/src/core/dhcp/nm-dhcp-options.h b/src/core/dhcp/nm-dhcp-options.h
index fcc6f9cd08..050080d975 100644
--- a/src/core/dhcp/nm-dhcp-options.h
+++ b/src/core/dhcp/nm-dhcp-options.h
@@ -208,20 +208,38 @@ nm_dhcp_option_request_string(int addr_family, guint option)
     return nm_dhcp_option_get_name(nm_dhcp_option_find(addr_family, option));
 }
 
-void nm_dhcp_option_take_option(GHashTable *options, int addr_family, guint option, char *value);
-void
-nm_dhcp_option_add_option(GHashTable *options, int addr_family, guint option, const char *value);
+void nm_dhcp_option_take_option(GHashTable *options,
+                                gboolean    static_keys,
+                                int         addr_family,
+                                guint       option,
+                                char       *value);
+
+static inline void
+nm_dhcp_option_add_option(GHashTable *options,
+                          gboolean    static_keys,
+                          int         addr_family,
+                          guint       option,
+                          const char *value)
+{
+    nm_dhcp_option_take_option(options, static_keys, addr_family, option, g_strdup(value));
+}
+
 void nm_dhcp_option_add_option_utf8safe_escape(GHashTable   *options,
+                                               gboolean      static_keys,
                                                int           addr_family,
                                                guint         option,
                                                const guint8 *data,
                                                gsize         n_data);
 void nm_dhcp_option_add_option_in_addr(GHashTable *options,
+                                       gboolean    static_keys,
                                        int         addr_family,
                                        guint       option,
                                        in_addr_t   value);
-void
-nm_dhcp_option_add_option_u64(GHashTable *options, int addr_family, guint option, guint64 value);
+void nm_dhcp_option_add_option_u64(GHashTable *options,
+                                   gboolean    static_keys,
+                                   int         addr_family,
+                                   guint       option,
+                                   guint64     value);
 void nm_dhcp_option_add_requests_to_options(GHashTable *options, int addr_family);
 
 GHashTable *nm_dhcp_option_create_options_dict(gboolean static_keys);
diff --git a/src/core/dhcp/nm-dhcp-systemd.c b/src/core/dhcp/nm-dhcp-systemd.c
index 109908224c..6f9312da27 100644
--- a/src/core/dhcp/nm-dhcp-systemd.c
+++ b/src/core/dhcp/nm-dhcp-systemd.c
@@ -70,11 +70,13 @@ G_DEFINE_TYPE(NMDhcpSystemd, nm_dhcp_systemd, NM_TYPE_DHCP_CLIENT)
 static NML3ConfigData *
 lease_to_ip6_config(NMDhcpSystemd *self, sd_dhcp6_lease *lease, gint32 ts, GError **error)
 {
+    const NMDhcpClientConfig               *config;
     nm_auto_unref_l3cd_init NML3ConfigData *l3cd    = NULL;
     gs_unref_hashtable GHashTable          *options = NULL;
     struct in6_addr                         tmp_addr;
     const struct in6_addr                  *dns;
     char                                    addr_str[NM_INET_ADDRSTRLEN];
+    char                                    iaid_buf[NM_DHCP_IAID_TO_HEXSTR_BUF_LEN];
     char                                  **domains;
     char                                  **ntp_fqdns;
     const struct in6_addr                  *ntp_addrs;
@@ -84,11 +86,19 @@ lease_to_ip6_config(NMDhcpSystemd *self, sd_dhcp6_lease *lease, gint32 ts, GErro
 
     nm_assert(lease);
 
+    config = nm_dhcp_client_get_config(NM_DHCP_CLIENT(self));
+
     l3cd = nm_dhcp_client_create_l3cd(NM_DHCP_CLIENT(self));
 
     options = nm_dhcp_client_create_options_dict(NM_DHCP_CLIENT(self), TRUE);
 
-    if (!nm_dhcp_client_get_config(NM_DHCP_CLIENT(self))->v6.info_only) {
+    nm_dhcp_option_add_option(options,
+                              TRUE,
+                              AF_INET6,
+                              NM_DHCP_OPTION_DHCP6_NM_IAID,
+                              nm_dhcp_iaid_to_hexstr(config->v6.iaid, iaid_buf));
+
+    if (!config->v6.info_only) {
         gboolean has_any_addresses = FALSE;
         uint32_t lft_pref;
         uint32_t lft_valid;
@@ -115,6 +125,7 @@ lease_to_ip6_config(NMDhcpSystemd *self, sd_dhcp6_lease *lease, gint32 ts, GErro
 
         if (str->len) {
             nm_dhcp_option_add_option(options,
+                                      TRUE,
                                       AF_INET6,
                                       NM_DHCP_OPTION_DHCP6_NM_IP_ADDRESS,
                                       str->str);
@@ -137,7 +148,11 @@ lease_to_ip6_config(NMDhcpSystemd *self, sd_dhcp6_lease *lease, gint32 ts, GErro
             g_string_append(nm_gstring_add_space_delimiter(str), addr_str);
             nm_l3_config_data_add_nameserver_detail(l3cd, AF_INET6, &dns[i], NULL);
         }
-        nm_dhcp_option_add_option(options, AF_INET6, NM_DHCP_OPTION_DHCP6_DNS_SERVERS, str->str);
+        nm_dhcp_option_add_option(options,
+                                  TRUE,
+                                  AF_INET6,
+                                  NM_DHCP_OPTION_DHCP6_DNS_SERVERS,
+                                  str->str);
     }
 
     num = sd_dhcp6_lease_get_domains(lease, &domains);
@@ -147,11 +162,15 @@ lease_to_ip6_config(NMDhcpSystemd *self, sd_dhcp6_lease *lease, gint32 ts, GErro
             g_string_append(nm_gstring_add_space_delimiter(str), domains[i]);
             nm_l3_config_data_add_search(l3cd, AF_INET6, domains[i]);
         }
-        nm_dhcp_option_add_option(options, AF_INET6, NM_DHCP_OPTION_DHCP6_DOMAIN_LIST, str->str);
+        nm_dhcp_option_add_option(options,
+                                  TRUE,
+                                  AF_INET6,
+                                  NM_DHCP_OPTION_DHCP6_DOMAIN_LIST,
+                                  str->str);
     }
 
     if (sd_dhcp6_lease_get_fqdn(lease, &s) >= 0) {
-        nm_dhcp_option_add_option(options, AF_INET6, NM_DHCP_OPTION_DHCP6_FQDN, s);
+        nm_dhcp_option_add_option(options, TRUE, AF_INET6, NM_DHCP_OPTION_DHCP6_FQDN, s);
     }
 
     /* RFC 5908, section 4 states: "This option MUST include one, and only
@@ -175,7 +194,11 @@ lease_to_ip6_config(NMDhcpSystemd *self, sd_dhcp6_lease *lease, gint32 ts, GErro
         }
     }
     if (str->len) {
-        nm_dhcp_option_add_option(options, AF_INET6, NM_DHCP_OPTION_DHCP6_NTP_SERVER, str->str);
+        nm_dhcp_option_add_option(options,
+                                  TRUE,
+                                  AF_INET6,
+                                  NM_DHCP_OPTION_DHCP6_NTP_SERVER,
+                                  str->str);
     }
 
     nm_l3_config_data_set_dhcp_lease_from_options(l3cd, AF_INET6, g_steal_pointer(&options));
diff --git a/src/core/dns/nm-dns-dnsmasq.c b/src/core/dns/nm-dns-dnsmasq.c
index 8ae1bb961b..05aeff492d 100644
--- a/src/core/dns/nm-dns-dnsmasq.c
+++ b/src/core/dns/nm-dns-dnsmasq.c
@@ -922,7 +922,8 @@ create_update_args(NMDnsDnsmasq            *self,
 
     if (global_config)
         add_global_config(self, &servers, global_config);
-    else {
+
+    if (!global_config || !nm_global_dns_config_lookup_domain(global_config, "*")) {
         c_list_for_each_entry (ip_data, ip_data_lst_head, ip_data_lst)
             add_ip_config(self, &servers, ip_data);
     }
diff --git a/src/core/nm-active-connection.c b/src/core/nm-active-connection.c
index 4488d909e3..6f62a601c2 100644
--- a/src/core/nm-active-connection.c
+++ b/src/core/nm-active-connection.c
@@ -81,6 +81,7 @@ NM_GOBJECT_PROPERTIES_DEFINE(NMActiveConnection,
                              PROP_DHCP6_CONFIG,
                              PROP_VPN,
                              PROP_MASTER,
+                             PROP_CONTROLLER,
 
                              PROP_INT_SETTINGS_CONNECTION,
                              PROP_INT_APPLIED_CONNECTION,
@@ -803,7 +804,7 @@ check_master_ready(NMActiveConnection *self)
          * ensure that if the master connection was created without a device
          * that we notify clients when the master device is known.
          */
-        _notify(self, PROP_MASTER);
+        nm_gobject_notify_together(self, PROP_MASTER, PROP_CONTROLLER);
     }
 }
 
@@ -1343,6 +1344,7 @@ get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
     case PROP_VPN:
         g_value_set_boolean(value, priv->vpn);
         break;
+    case PROP_CONTROLLER:
     case PROP_MASTER:
         if (priv->master)
             master_device = nm_active_connection_get_device(priv->master);
@@ -1440,8 +1442,6 @@ set_property(GObject *object, guint prop_id, const GValue *value, GParamSpec *ps
         /* construct-only */
         priv->vpn = g_value_get_boolean(value);
         break;
-    case PROP_MASTER:
-        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
         break;
@@ -1601,6 +1601,9 @@ static const NMDBusInterfaceInfoExtended interface_info_active_connection = {
                                                            "o",
                                                            NM_ACTIVE_CONNECTION_DHCP6_CONFIG),
             NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE("Vpn", "b", NM_ACTIVE_CONNECTION_VPN),
+            NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE("Controller",
+                                                           "o",
+                                                           NM_ACTIVE_CONNECTION_CONTROLLER),
             NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE("Master",
                                                            "o",
                                                            NM_ACTIVE_CONNECTION_MASTER), ), ),
@@ -1732,6 +1735,13 @@ nm_active_connection_class_init(NMActiveConnectionClass *ac_class)
                                                       NULL,
                                                       G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
 
+    obj_properties[PROP_CONTROLLER] =
+        g_param_spec_string(NM_ACTIVE_CONNECTION_CONTROLLER,
+                            "",
+                            "",
+                            NULL,
+                            G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
     /* Internal properties */
     obj_properties[PROP_INT_SETTINGS_CONNECTION] =
         g_param_spec_object(NM_ACTIVE_CONNECTION_INT_SETTINGS_CONNECTION,
diff --git a/src/core/nm-active-connection.h b/src/core/nm-active-connection.h
index a2353a6558..15db68c369 100644
--- a/src/core/nm-active-connection.h
+++ b/src/core/nm-active-connection.h
@@ -38,6 +38,7 @@
 #define NM_ACTIVE_CONNECTION_DHCP6_CONFIG    "dhcp6-config"
 #define NM_ACTIVE_CONNECTION_VPN             "vpn"
 #define NM_ACTIVE_CONNECTION_MASTER          "master"
+#define NM_ACTIVE_CONNECTION_CONTROLLER      "controller"
 
 /* Internal non-exported properties */
 #define NM_ACTIVE_CONNECTION_INT_SETTINGS_CONNECTION "int-settings-connection"
diff --git a/src/core/nm-config-data.c b/src/core/nm-config-data.c
index c6ab998f94..ff44bc46b3 100644
--- a/src/core/nm-config-data.c
+++ b/src/core/nm-config-data.c
@@ -1463,21 +1463,23 @@ global_dns_equal(NMGlobalDnsConfig *old, NMGlobalDnsConfig *new)
     if ((!old->domains || !new->domains) && old->domains != new->domains)
         return FALSE;
 
-    if (g_hash_table_size(old->domains) != g_hash_table_size(new->domains))
+    if (nm_g_hash_table_size(old->domains) != nm_g_hash_table_size(new->domains))
         return FALSE;
 
-    g_hash_table_iter_init(&iter, old->domains);
-    while (g_hash_table_iter_next(&iter, &key, &value_old)) {
-        value_new = g_hash_table_lookup(new->domains, key);
-        if (!value_new)
-            return FALSE;
+    if (old->domains) {
+        g_hash_table_iter_init(&iter, old->domains);
+        while (g_hash_table_iter_next(&iter, &key, &value_old)) {
+            value_new = g_hash_table_lookup(new->domains, key);
+            if (!value_new)
+                return FALSE;
 
-        domain_old = value_old;
-        domain_new = value_new;
+            domain_old = value_old;
+            domain_new = value_new;
 
-        if (!nm_strv_equal(domain_old->options, domain_new->options)
-            || !nm_strv_equal(domain_old->servers, domain_new->servers))
-            return FALSE;
+            if (!nm_strv_equal(domain_old->options, domain_new->options)
+                || !nm_strv_equal(domain_old->servers, domain_new->servers))
+                return FALSE;
+        }
     }
 
     return TRUE;
diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
index 9448ba7b03..500bffb98d 100644
--- a/src/core/nm-core-utils.c
+++ b/src/core/nm-core-utils.c
@@ -4868,11 +4868,14 @@ typedef struct {
 
     int      child_stdin;
     int      child_stdout;
+    int      child_stderr;
     GSource *input_source;
     GSource *output_source;
+    GSource *error_source;
 
     NMStrBuf in_buffer;
     NMStrBuf out_buffer;
+    NMStrBuf err_buffer;
     gsize    out_buffer_offset;
 } HelperInfo;
 
@@ -4908,13 +4911,17 @@ helper_info_free(gpointer data)
 
     nm_str_buf_destroy(&info->in_buffer);
     nm_str_buf_destroy(&info->out_buffer);
+    nm_str_buf_destroy(&info->err_buffer);
     nm_clear_g_source_inst(&info->input_source);
     nm_clear_g_source_inst(&info->output_source);
+    nm_clear_g_source_inst(&info->error_source);
 
     if (info->child_stdout != -1)
         nm_close(info->child_stdout);
     if (info->child_stdin != -1)
         nm_close(info->child_stdin);
+    if (info->child_stderr != -1)
+        nm_close(info->child_stderr);
 
     if (info->pid != -1) {
         nm_assert(info->pid > 1);
@@ -4928,6 +4935,10 @@ static void
 helper_complete(HelperInfo *info, GError *error)
 {
     if (error) {
+        if (info->err_buffer.len > 0) {
+            _LOG2T(info, "stderr: %s", nm_str_buf_get_str(&info->err_buffer));
+        }
+
         nm_clear_g_cancellable_disconnect(g_task_get_cancellable(info->task),
                                           &info->cancellable_id);
         g_task_return_error(info->task, error);
@@ -5023,6 +5034,24 @@ helper_have_data(int fd, GIOCondition condition, gpointer user_data)
     return G_SOURCE_CONTINUE;
 }
 
+static gboolean
+helper_have_err_data(int fd, GIOCondition condition, gpointer user_data)
+{
+    HelperInfo *info = user_data;
+    gssize      n_read;
+
+    n_read = nm_utils_fd_read(fd, &info->err_buffer);
+
+    if (n_read > 0)
+        return G_SOURCE_CONTINUE;
+
+    nm_clear_g_source_inst(&info->error_source);
+    nm_close(info->child_stderr);
+    info->child_stderr = -1;
+
+    return G_SOURCE_CONTINUE;
+}
+
 static void
 helper_child_terminated(GPid pid, int status, gpointer user_data)
 {
@@ -5098,10 +5127,11 @@ nm_utils_spawn_helper(const char *const  *args,
                                   &info->pid,
                                   &info->child_stdin,
                                   &info->child_stdout,
-                                  NULL,
+                                  &info->child_stderr,
                                   &error)) {
         info->child_stdin  = -1;
         info->child_stdout = -1;
+        info->child_stderr = -1;
         info->pid          = -1;
         g_task_return_error(info->task,
                             g_error_new(NM_UTILS_ERROR,
@@ -5130,9 +5160,11 @@ nm_utils_spawn_helper(const char *const  *args,
     fcntl(info->child_stdin, F_SETFL, fd_flags | O_NONBLOCK);
     fd_flags = fcntl(info->child_stdout, F_GETFD, 0);
     fcntl(info->child_stdout, F_SETFL, fd_flags | O_NONBLOCK);
+    fd_flags = fcntl(info->child_stderr, F_GETFD, 0);
+    fcntl(info->child_stderr, F_SETFL, fd_flags | O_NONBLOCK);
 
     /* Watch process stdin */
-    info->out_buffer = NM_STR_BUF_INIT(32, TRUE);
+    info->out_buffer = NM_STR_BUF_INIT(NM_UTILS_GET_NEXT_REALLOC_SIZE_40, TRUE);
     for (arg = args; *arg; arg++) {
         nm_str_buf_append(&info->out_buffer, *arg);
         nm_str_buf_append_c(&info->out_buffer, '\0');
@@ -5146,7 +5178,7 @@ nm_utils_spawn_helper(const char *const  *args,
     g_source_attach(info->output_source, g_main_context_get_thread_default());
 
     /* Watch process stdout */
-    info->in_buffer    = NM_STR_BUF_INIT(NM_UTILS_GET_NEXT_REALLOC_SIZE_1000, FALSE);
+    info->in_buffer    = NM_STR_BUF_INIT(0, FALSE);
     info->input_source = nm_g_unix_fd_source_new(info->child_stdout,
                                                  G_IO_IN | G_IO_ERR | G_IO_HUP,
                                                  G_PRIORITY_DEFAULT,
@@ -5155,6 +5187,16 @@ nm_utils_spawn_helper(const char *const  *args,
                                                  NULL);
     g_source_attach(info->input_source, g_main_context_get_thread_default());
 
+    /* Watch process stderr */
+    info->err_buffer   = NM_STR_BUF_INIT(0, FALSE);
+    info->error_source = nm_g_unix_fd_source_new(info->child_stderr,
+                                                 G_IO_IN | G_IO_ERR | G_IO_HUP,
+                                                 G_PRIORITY_DEFAULT,
+                                                 helper_have_err_data,
+                                                 info,
+                                                 NULL);
+    g_source_attach(info->error_source, g_main_context_get_thread_default());
+
     if (cancellable) {
         gulong signal_id;
 
diff --git a/src/core/nm-dispatcher.c b/src/core/nm-dispatcher.c
index 01a6382609..cdc07dd60e 100644
--- a/src/core/nm-dispatcher.c
+++ b/src/core/nm-dispatcher.c
@@ -231,7 +231,7 @@ dump_ip_to_props(const NML3ConfigData *l3cd, int addr_family, GVariantBuilder *b
             continue;
 
         if (IS_IPv4)
-            g_variant_builder_add(&int_builder, "u", &a);
+            g_variant_builder_add(&int_builder, "u", a.addr4);
         else
             g_variant_builder_add(&int_builder, "@ay", nm_g_variant_new_ay_in6addr(&a.addr6));
     }
diff --git a/src/core/nm-ip-config.c b/src/core/nm-ip-config.c
index f87840cc3e..bec67d9a46 100644
--- a/src/core/nm-ip-config.c
+++ b/src/core/nm-ip-config.c
@@ -368,7 +368,7 @@ get_property_ip4(GObject *object, guint prop_id, GValue *value, GParamSpec *pspe
                     continue;
 
                 if (prop_id == PROP_IP4_NAMESERVERS)
-                    g_variant_builder_add(&builder, "u", &a);
+                    g_variant_builder_add(&builder, "u", a);
                 else {
                     GVariantBuilder nested_builder;
 
diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c
index 4192808a7b..d7e05b7b5b 100644
--- a/src/core/nm-policy.c
+++ b/src/core/nm-policy.c
@@ -2581,7 +2581,7 @@ dns_config_changed(NMDnsManager *dns_manager, gpointer user_data)
         return;
 
     nm_manager_for_each_device (priv->manager, device, tmp_lst) {
-        nm_device_clear_dns_lookup_data(device);
+        nm_device_clear_dns_lookup_data(device, "DNS configuration changed");
     }
 
     update_system_hostname(self, "DNS configuration changed");
diff --git a/src/core/settings/nm-settings.c b/src/core/settings/nm-settings.c
index 63476c3c94..9995b490d2 100644
--- a/src/core/settings/nm-settings.c
+++ b/src/core/settings/nm-settings.c
@@ -2009,6 +2009,7 @@ nm_settings_update_connection(NMSettings                      *self,
     const char                        *uuid;
     gboolean                           tombstone_in_memory = FALSE;
     gboolean                           tombstone_on_disk   = FALSE;
+    NMSettingsConnectionIntFlags       new_flags;
 
     g_return_val_if_fail(NM_IS_SETTINGS(self), FALSE);
     g_return_val_if_fail(NM_IS_SETTINGS_CONNECTION(sett_conn), FALSE);
@@ -2228,13 +2229,16 @@ nm_settings_update_connection(NMSettings                      *self,
             }
         }
 
+        new_flags = nm_settings_connection_get_flags(sett_conn);
+        new_flags = NM_FLAGS_ASSIGN_MASK(new_flags, sett_mask, sett_flags);
+
         if (!update_storage) {
             success = _add_connection_to_first_plugin(self,
                                                       plugin_name,
                                                       sett_conn_entry,
                                                       connection,
                                                       new_in_memory,
-                                                      sett_flags,
+                                                      new_flags,
                                                       new_shadowed_storage_filename,
                                                       new_shadowed_owned,
                                                       &new_storage,
@@ -2245,7 +2249,7 @@ nm_settings_update_connection(NMSettings                      *self,
             success = _update_connection_to_plugin(self,
                                                    update_storage,
                                                    connection,
-                                                   sett_flags,
+                                                   new_flags,
                                                    update_reason,
                                                    new_shadowed_storage_filename,
                                                    new_shadowed_owned,
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index 0eeead8af5..aa593331c5 100644
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -1944,6 +1944,8 @@ make_ip4_setting(shvarFile *ifcfg,
                  ipv4_link_local,
                  NM_SETTING_IP_CONFIG_AUTO_ROUTE_EXT_GW,
                  svGetValueTernary(ifcfg, "IPV4_AUTO_ROUTE_EXT_GW"),
+                 NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE,
+                 svGetValueTernary(ifcfg, "IPV4_REPLACE_LOCAL_RULE"),
                  NULL);
 
     if (nm_streq(method, NM_SETTING_IP4_CONFIG_METHOD_DISABLED))
@@ -2459,6 +2461,8 @@ make_ip6_setting(shvarFile *ifcfg, shvarFile *network_ifcfg, gboolean routes_rea
                  ip6_privacy_val,
                  NM_SETTING_IP_CONFIG_AUTO_ROUTE_EXT_GW,
                  svGetValueTernary(ifcfg, "IPV6_AUTO_ROUTE_EXT_GW"),
+                 NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE,
+                 svGetValueTernary(ifcfg, "IPV6_REPLACE_LOCAL_RULE"),
                  NULL);
 
     /* Don't bother to read IP, DNS and routes when IPv6 is disabled */
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c
index 85a0eb2631..552310ddf7 100644
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c
@@ -962,6 +962,7 @@ const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[] = {
     _KEY_TYPE("IPV4_DNS_PRIORITY", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
     _KEY_TYPE("IPV4_FAILURE_FATAL", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
     _KEY_TYPE("IPV4_LINK_LOCAL", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
+    _KEY_TYPE("IPV4_REPLACE_LOCAL_RULE", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
     _KEY_TYPE("IPV4_REQUIRED_TIMEOUT", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
     _KEY_TYPE("IPV4_ROUTE_METRIC", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
     _KEY_TYPE("IPV4_ROUTE_TABLE", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
@@ -986,6 +987,7 @@ const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[] = {
     _KEY_TYPE("IPV6_PRIVACY", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
     _KEY_TYPE("IPV6_PRIVACY_PREFER_PUBLIC_IP", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
     _KEY_TYPE("IPV6_RA_TIMEOUT", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
+    _KEY_TYPE("IPV6_REPLACE_LOCAL_RULE", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
     _KEY_TYPE("IPV6_REQUIRED_TIMEOUT", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
     _KEY_TYPE("IPV6_RES_OPTIONS", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
     _KEY_TYPE("IPV6_ROUTE_METRIC", NMS_IFCFG_KEY_TYPE_IS_PLAIN),
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h
index 31064274ee..4fa9f18ce5 100644
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h
@@ -33,7 +33,7 @@ typedef struct {
     NMSIfcfgKeyTypeFlags key_flags;
 } NMSIfcfgKeyTypeInfo;
 
-extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[259];
+extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[261];
 
 const NMSIfcfgKeyTypeInfo *nms_ifcfg_well_known_key_find_info(const char *key, gssize *out_idx);
 
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index 2ea097fd98..4126002039 100644
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -2941,6 +2941,10 @@ write_ip4_setting(NMConnection *connection,
     svSetValueTernary(ifcfg,
                       "IPV4_AUTO_ROUTE_EXT_GW",
                       nm_setting_ip_config_get_auto_route_ext_gw(s_ip4));
+
+    svSetValueTernary(ifcfg,
+                      "IPV4_REPLACE_LOCAL_RULE",
+                      nm_setting_ip_config_get_replace_local_rule(s_ip4));
 }
 
 static void
@@ -3205,6 +3209,10 @@ write_ip6_setting(NMConnection *connection, shvarFile *ifcfg, GString **out_rout
     svSetValueTernary(ifcfg,
                       "IPV6_AUTO_ROUTE_EXT_GW",
                       nm_setting_ip_config_get_auto_route_ext_gw(s_ip6));
+
+    svSetValueTernary(ifcfg,
+                      "IPV6_REPLACE_LOCAL_RULE",
+                      nm_setting_ip_config_get_replace_local_rule(s_ip6));
 }
 
 static void
diff --git a/src/core/vpn/nm-vpn-connection.c b/src/core/vpn/nm-vpn-connection.c
index 4fb926a595..d7102a12ef 100644
--- a/src/core/vpn/nm-vpn-connection.c
+++ b/src/core/vpn/nm-vpn-connection.c
@@ -99,6 +99,7 @@ NM_GOBJECT_PROPERTIES_DEFINE(NMVpnConnection, PROP_VPN_STATE, PROP_BANNER,
 #define PROP_IP4_CONFIG 2000
 #define PROP_IP6_CONFIG 2001
 #define PROP_MASTER     2002
+#define PROP_CONTROLLER 2003
 );
 
 typedef struct {
@@ -2899,6 +2900,7 @@ get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
     case PROP_IP6_CONFIG:
         nm_dbus_utils_g_value_set_object_path(value, priv->ip_data_6.ip_config);
         break;
+    case PROP_CONTROLLER:
     case PROP_MASTER:
         nm_dbus_utils_g_value_set_object_path(
             value,
@@ -3065,6 +3067,9 @@ nm_vpn_connection_class_init(NMVpnConnectionClass *klass)
 
     g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties);
 
+    g_object_class_override_property(object_class,
+                                     PROP_CONTROLLER,
+                                     NM_ACTIVE_CONNECTION_CONTROLLER);
     g_object_class_override_property(object_class, PROP_MASTER, NM_ACTIVE_CONNECTION_MASTER);
     g_object_class_override_property(object_class,
                                      PROP_IP4_CONFIG,
diff --git a/src/libnm-base/nm-base.c b/src/libnm-base/nm-base.c
index f81b285c4e..fa64372fd8 100644
--- a/src/libnm-base/nm-base.c
+++ b/src/libnm-base/nm-base.c
@@ -9,3 +9,33 @@
 NM_CACHED_QUARK_FCN("nm-crypto-error-quark", _nm_crypto_error_quark);
 
 /*****************************************************************************/
+
+char *
+nm_dhcp_iaid_to_hexstr(guint32 iaid, char buf[static NM_DHCP_IAID_TO_HEXSTR_BUF_LEN])
+{
+    iaid = htobe32(iaid);
+    return nm_utils_bin2hexstr_full(&iaid, sizeof(iaid), ':', FALSE, buf);
+}
+
+gboolean
+nm_dhcp_iaid_from_hexstr(const char *str, guint32 *out_value)
+{
+    union {
+        guint32 num;
+        guint8  bin[sizeof(guint32)];
+    } iaid;
+
+    if (!nm_utils_hexstr2bin_full(str,
+                                  TRUE,
+                                  FALSE,
+                                  FALSE,
+                                  ":",
+                                  sizeof(iaid),
+                                  iaid.bin,
+                                  sizeof(iaid),
+                                  NULL))
+        return FALSE;
+
+    NM_SET_OUT(out_value, be32toh(iaid.num));
+    return TRUE;
+}
diff --git a/src/libnm-base/nm-base.h b/src/libnm-base/nm-base.h
index 74e8142f21..77d2ef0a16 100644
--- a/src/libnm-base/nm-base.h
+++ b/src/libnm-base/nm-base.h
@@ -423,4 +423,12 @@ typedef enum {
     NM_DNS_IP_CONFIG_TYPE_VPN,
 } NMDnsIPConfigType;
 
+/*****************************************************************************/
+
+#define NM_DHCP_IAID_TO_HEXSTR_BUF_LEN (3 * sizeof(guint32))
+
+char *nm_dhcp_iaid_to_hexstr(guint32 iaid, char buf[static NM_DHCP_IAID_TO_HEXSTR_BUF_LEN]);
+
+gboolean nm_dhcp_iaid_from_hexstr(const char *str, guint32 *out_value);
+
 #endif /* __NM_LIBNM_BASE_H__ */
diff --git a/src/libnm-client-impl/libnm.ver b/src/libnm-client-impl/libnm.ver
index c373c82322..3c200fb3bc 100644
--- a/src/libnm-client-impl/libnm.ver
+++ b/src/libnm-client-impl/libnm.ver
@@ -1919,3 +1919,9 @@ global:
 	nm_utils_ensure_gtypes;
 	nm_version_info_capability_get_type;
 } libnm_1_40_0;
+
+libnm_1_42_2 {
+global:
+	nm_active_connection_get_controller;
+	nm_setting_ip_config_get_replace_local_rule;
+} libnm_1_42_0;
diff --git a/src/libnm-client-impl/nm-active-connection.c b/src/libnm-client-impl/nm-active-connection.c
index 52e82b9f08..ca6b18f911 100644
--- a/src/libnm-client-impl/nm-active-connection.c
+++ b/src/libnm-client-impl/nm-active-connection.c
@@ -12,6 +12,7 @@
 #include "nm-object-private.h"
 #include "libnm-core-intern/nm-core-internal.h"
 #include "nm-device.h"
+#include "nm-client.h"
 #include "nm-connection.h"
 #include "nm-vpn-connection.h"
 #include "nm-dbus-helpers.h"
@@ -39,7 +40,8 @@ NM_GOBJECT_PROPERTIES_DEFINE(NMActiveConnection,
                              PROP_IP6_CONFIG,
                              PROP_DHCP6_CONFIG,
                              PROP_VPN,
-                             PROP_MASTER, );
+                             PROP_MASTER,
+                             PROP_CONTROLLER, );
 
 enum {
     STATE_CHANGED,
@@ -51,7 +53,7 @@ static guint signals[LAST_SIGNAL];
 
 enum {
     PROPERTY_O_IDX_CONNECTION,
-    PROPERTY_O_IDX_MASTER,
+    PROPERTY_O_IDX_CONTROLLER,
     PROPERTY_O_IDX_IP4_CONFIG,
     PROPERTY_O_IDX_IP6_CONFIG,
     PROPERTY_O_IDX_DHCP4_CONFIG,
@@ -73,6 +75,7 @@ typedef struct _NMActiveConnectionPrivate {
     bool is_default;
     bool is_default6;
     bool is_vpn;
+    bool controller_is_new : 1;
 
     guint32 reason;
 } NMActiveConnectionPrivate;
@@ -380,15 +383,34 @@ nm_active_connection_get_vpn(NMActiveConnection *connection)
  *
  * Gets the master #NMDevice of the connection.
  *
+ * This is replaced by nm_active_connection_get_controller() since 1.44 and 1.42.2.
+ *
  * Returns: (transfer none): the master #NMDevice of the #NMActiveConnection.
  **/
 NMDevice *
 nm_active_connection_get_master(NMActiveConnection *connection)
+{
+    return nm_active_connection_get_controller(connection);
+}
+
+/**
+ * nm_active_connection_get_controller:
+ * @connection: a #NMActiveConnection
+ *
+ * Gets the controller #NMDevice of the connection. This replaces the
+ * deprecated nm_active_connection_get_master() method.
+ *
+ * Returns: (transfer none): the controller #NMDevice of the #NMActiveConnection.
+ *
+ * Since: 1.44, 1.42.2
+ **/
+NMDevice *
+nm_active_connection_get_controller(NMActiveConnection *connection)
 {
     g_return_val_if_fail(NM_IS_ACTIVE_CONNECTION(connection), NULL);
 
     return nml_dbus_property_o_get_obj(
-        &NM_ACTIVE_CONNECTION_GET_PRIVATE(connection)->property_o[PROPERTY_O_IDX_MASTER]);
+        &NM_ACTIVE_CONNECTION_GET_PRIVATE(connection)->property_o[PROPERTY_O_IDX_CONTROLLER]);
 }
 
 /*****************************************************************************/
@@ -455,6 +477,54 @@ is_ready(NMObject *nmobj)
 
 /*****************************************************************************/
 
+static NMLDBusNotifyUpdatePropFlags
+active_connection_update_prop_controller(NMClient               *client,
+                                         NMLDBusObject          *dbobj,
+                                         const NMLDBusMetaIface *meta_iface,
+                                         guint                   dbus_property_idx,
+                                         GVariant               *value)
+{
+    NMActiveConnection          *self          = NM_ACTIVE_CONNECTION(dbobj->nmobj);
+    NMActiveConnectionPrivate   *priv          = NM_ACTIVE_CONNECTION_GET_PRIVATE(self);
+    const NMLDBusMetaProperty   *meta_property = &meta_iface->dbus_properties[dbus_property_idx];
+    gboolean                     is_new = (meta_property->obj_properties_idx == PROP_CONTROLLER);
+    NMLDBusNotifyUpdatePropFlags notify_update_prop_flags;
+    guint                        controller_dbus_property_idx;
+
+    nm_assert(NM_IN_STRSET(meta_property->dbus_property_name, "Controller", "Master"));
+    nm_assert(NM_IN_SET(meta_property->obj_properties_idx, PROP_CONTROLLER, PROP_MASTER));
+
+    if (!is_new && priv->controller_is_new) {
+        /* once the instance is marked to honor the new property, the
+         * changed signal for the old variant gets ignored. */
+        goto out;
+    }
+
+    priv->controller_is_new      = is_new;
+    controller_dbus_property_idx = meta_iface->obj_properties_reverse_idx[PROP_CONTROLLER];
+    nm_assert(nm_streq(meta_iface->dbus_properties[controller_dbus_property_idx].dbus_property_name,
+                       "Controller"));
+
+    notify_update_prop_flags =
+        nml_dbus_property_o_notify(client,
+                                   &priv->property_o[PROPERTY_O_IDX_CONTROLLER],
+                                   dbobj,
+                                   meta_iface,
+                                   controller_dbus_property_idx,
+                                   value);
+    if (notify_update_prop_flags == NML_DBUS_NOTIFY_UPDATE_PROP_FLAGS_NONE)
+        goto out;
+    nm_assert(notify_update_prop_flags == NML_DBUS_NOTIFY_UPDATE_PROP_FLAGS_NOTIFY);
+
+    _nm_client_queue_notify_object(client, self, obj_properties[PROP_MASTER]);
+    _nm_client_queue_notify_object(client, self, obj_properties[PROP_CONTROLLER]);
+
+out:
+    return NML_DBUS_NOTIFY_UPDATE_PROP_FLAGS_NONE;
+}
+
+/*****************************************************************************/
+
 static void
 nm_active_connection_init(NMActiveConnection *self)
 {
@@ -531,7 +601,8 @@ get_property(GObject *object, guint prop_id, GValue *value, GParamSpec *pspec)
         g_value_set_boolean(value, nm_active_connection_get_vpn(self));
         break;
     case PROP_MASTER:
-        g_value_set_object(value, nm_active_connection_get_master(self));
+    case PROP_CONTROLLER:
+        g_value_set_object(value, nm_active_connection_get_controller(self));
         break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
@@ -549,6 +620,12 @@ const NMLDBusMetaIface _nml_dbus_meta_iface_nm_connection_active = NML_DBUS_META
                                            NMActiveConnectionPrivate,
                                            property_o[PROPERTY_O_IDX_CONNECTION],
                                            nm_remote_connection_get_type),
+        NML_DBUS_META_PROPERTY_INIT_FCN("Controller",
+                                        PROP_CONTROLLER,
+                                        "o",
+                                        active_connection_update_prop_controller,
+                                        .extra.property_vtable_o = &((const NMLDBusPropertVTableO){
+                                            .get_o_type_fcn = (nm_device_get_type)})),
         NML_DBUS_META_PROPERTY_INIT_B("Default",
                                       PROP_DEFAULT,
                                       NMActiveConnectionPrivate,
@@ -583,11 +660,12 @@ const NMLDBusMetaIface _nml_dbus_meta_iface_nm_connection_active = NML_DBUS_META
                                            NMActiveConnectionPrivate,
                                            property_o[PROPERTY_O_IDX_IP6_CONFIG],
                                            nm_ip6_config_get_type),
-        NML_DBUS_META_PROPERTY_INIT_O_PROP("Master",
-                                           PROP_MASTER,
-                                           NMActiveConnectionPrivate,
-                                           property_o[PROPERTY_O_IDX_MASTER],
-                                           nm_device_get_type),
+        NML_DBUS_META_PROPERTY_INIT_FCN("Master",
+                                        PROP_MASTER,
+                                        "o",
+                                        active_connection_update_prop_controller,
+                                        .extra.property_vtable_o = &((const NMLDBusPropertVTableO){
+                                            .get_o_type_fcn = (nm_device_get_type)})),
         NML_DBUS_META_PROPERTY_INIT_O("SpecificObject",
                                       PROP_SPECIFIC_OBJECT_PATH,
                                       NMActiveConnectionPrivate,
@@ -802,7 +880,8 @@ nm_active_connection_class_init(NMActiveConnectionClass *klass)
     /**
      * NMActiveConnection:master:
      *
-     * The master device if one exists.
+     * The master device if one exists. Replaced by the "controller" property
+     * since 1.44 and 1.42.2.
      **/
     obj_properties[PROP_MASTER] = g_param_spec_object(NM_ACTIVE_CONNECTION_MASTER,
                                                       "",
@@ -810,6 +889,21 @@ nm_active_connection_class_init(NMActiveConnectionClass *klass)
                                                       NM_TYPE_DEVICE,
                                                       G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
 
+    /**
+     * NMActiveConnection:controller:
+     *
+     * The controller device if one exists. This replaces the deprecated
+     * "master" property.
+     *
+     * Since: 1.44, 1.42.2
+     **/
+    obj_properties[PROP_CONTROLLER] =
+        g_param_spec_object(NM_ACTIVE_CONNECTION_CONTROLLER,
+                            "",
+                            "",
+                            NM_TYPE_DEVICE,
+                            G_PARAM_READABLE | G_PARAM_STATIC_STRINGS);
+
     _nml_dbus_meta_class_init_with_properties(object_class,
                                               &_nml_dbus_meta_iface_nm_connection_active);
 
diff --git a/src/libnm-client-impl/nm-client.c b/src/libnm-client-impl/nm-client.c
index 44a9699423..3ad4b9d6c1 100644
--- a/src/libnm-client-impl/nm-client.c
+++ b/src/libnm-client-impl/nm-client.c
@@ -1789,7 +1789,7 @@ nml_dbus_property_o_notify_watch_cb(NMClient *self, gpointer obj_watcher)
     }
 }
 
-static NMLDBusNotifyUpdatePropFlags
+NMLDBusNotifyUpdatePropFlags
 nml_dbus_property_o_notify(NMClient               *self,
                            NMLDBusPropertyO       *pr_o,
                            NMLDBusObject          *dbobj,
diff --git a/src/libnm-client-impl/nm-libnm-utils.h b/src/libnm-client-impl/nm-libnm-utils.h
index a60706bdd7..5b9883efd0 100644
--- a/src/libnm-client-impl/nm-libnm-utils.h
+++ b/src/libnm-client-impl/nm-libnm-utils.h
@@ -340,6 +340,13 @@ NMLDBusNotifyUpdatePropFlags nml_dbus_property_ao_notify(NMClient
                                                          guint                   dbus_property_idx,
                                                          GVariant               *value);
 
+NMLDBusNotifyUpdatePropFlags nml_dbus_property_o_notify(NMClient               *self,
+                                                        NMLDBusPropertyO       *pr_o,
+                                                        NMLDBusObject          *dbobj,
+                                                        const NMLDBusMetaIface *meta_iface,
+                                                        guint                   dbus_property_idx,
+                                                        GVariant               *value);
+
 typedef struct {
     const char         *dbus_property_name;
     const GVariantType *dbus_type;
diff --git a/src/libnm-client-public/nm-active-connection.h b/src/libnm-client-public/nm-active-connection.h
index 5c3148269a..38dff0f3b1 100644
--- a/src/libnm-client-public/nm-active-connection.h
+++ b/src/libnm-client-public/nm-active-connection.h
@@ -42,6 +42,7 @@ G_BEGIN_DECLS
 #define NM_ACTIVE_CONNECTION_DHCP6_CONFIG         "dhcp6-config"
 #define NM_ACTIVE_CONNECTION_VPN                  "vpn"
 #define NM_ACTIVE_CONNECTION_MASTER               "master"
+#define NM_ACTIVE_CONNECTION_CONTROLLER           "controller"
 
 /**
  * NMActiveConnection:
@@ -66,6 +67,8 @@ NMActiveConnectionStateReason nm_active_connection_get_state_reason(NMActiveConn
 struct _NMDevice;
 
 struct _NMDevice *nm_active_connection_get_master(NMActiveConnection *connection);
+NM_AVAILABLE_IN_1_42_2
+struct _NMDevice *nm_active_connection_get_controller(NMActiveConnection *connection);
 
 gboolean      nm_active_connection_get_default(NMActiveConnection *connection);
 NMIPConfig   *nm_active_connection_get_ip4_config(NMActiveConnection *connection);
diff --git a/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in b/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
index 3b210b1686..a40b8695d4 100644
--- a/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
+++ b/src/libnm-core-impl/gen-metadata-nm-settings-libnm-core.xml.in
@@ -1574,6 +1574,10 @@
                   dbus-type="b"
                   gprop-type="gboolean"
                   />
+        <property name="replace-local-rule"
+                  dbus-type="i"
+                  gprop-type="NMTernary"
+                  />
         <property name="required-timeout"
                   dbus-type="i"
                   gprop-type="gint"
@@ -1705,6 +1709,10 @@
                   dbus-type="i"
                   gprop-type="gint"
                   />
+        <property name="replace-local-rule"
+                  dbus-type="i"
+                  gprop-type="NMTernary"
+                  />
         <property name="required-timeout"
                   dbus-type="i"
                   gprop-type="gint"
diff --git a/src/libnm-core-impl/nm-setting-ip-config.c b/src/libnm-core-impl/nm-setting-ip-config.c
index 3a31848e84..5d947e29c1 100644
--- a/src/libnm-core-impl/nm-setting-ip-config.c
+++ b/src/libnm-core-impl/nm-setting-ip-config.c
@@ -3999,7 +3999,8 @@ NM_GOBJECT_PROPERTIES_DEFINE(NMSettingIPConfig,
                              PROP_REQUIRED_TIMEOUT,
                              PROP_DHCP_IAID,
                              PROP_DHCP_REJECT_SERVERS,
-                             PROP_AUTO_ROUTE_EXT_GW, );
+                             PROP_AUTO_ROUTE_EXT_GW,
+                             PROP_REPLACE_LOCAL_RULE, );
 
 G_DEFINE_ABSTRACT_TYPE(NMSettingIPConfig, nm_setting_ip_config, NM_TYPE_SETTING)
 
@@ -5445,6 +5446,22 @@ nm_setting_ip_config_get_auto_route_ext_gw(NMSettingIPConfig *setting)
     return NM_SETTING_IP_CONFIG_GET_PRIVATE(setting)->auto_route_ext_gw;
 }
 
+/**
+ * nm_setting_ip_config_get_replace_local_rule:
+ * @setting: the #NMSettingIPConfig
+ *
+ * Returns: the #NMSettingIPConfig:replace-local-rule property of the setting
+ *
+ * Since: 1.44, 1.42.2
+ **/
+NMTernary
+nm_setting_ip_config_get_replace_local_rule(NMSettingIPConfig *setting)
+{
+    g_return_val_if_fail(NM_IS_SETTING_IP_CONFIG(setting), NM_TERNARY_DEFAULT);
+
+    return NM_SETTING_IP_CONFIG_GET_PRIVATE(setting)->replace_local_rule;
+}
+
 static gboolean
 verify_label(const char *label)
 {
@@ -6105,6 +6122,13 @@ _nm_sett_info_property_override_create_array_ip_config(int addr_family)
         .direct_offset =
             NM_STRUCT_OFFSET_ENSURE_TYPE(int, NMSettingIPConfigPrivate, auto_route_ext_gw));
 
+    _nm_properties_override_gobj(
+        properties_override,
+        obj_properties[PROP_REPLACE_LOCAL_RULE],
+        &nm_sett_info_propert_type_direct_enum,
+        .direct_offset =
+            NM_STRUCT_OFFSET_ENSURE_TYPE(int, NMSettingIPConfigPrivate, replace_local_rule));
+
     return properties_override;
 }
 
@@ -6702,18 +6726,28 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass)
     /**
      * NMSettingIPConfig:dhcp-iaid:
      *
-     * A string containing the "Identity Association Identifier" (IAID) used
-     * by the DHCP client. The property is a 32-bit decimal value or a
-     * special value among "mac", "perm-mac", "ifname" and "stable". When
-     * set to "mac" (or "perm-mac"), the last 4 bytes of the current (or
-     * permanent) MAC address are used as IAID. When set to "ifname", the
-     * IAID is computed by hashing the interface name. The special value
-     * "stable" can be used to generate an IAID based on the stable-id (see
-     * connection.stable-id), a per-host key and the interface name. When
-     * the property is unset, the value from global configuration is used;
-     * if no global default is set then the IAID is assumed to be
-     * "ifname". Note that at the moment this property is ignored for IPv6
-     * by dhclient, which always derives the IAID from the MAC address.
+     * A string containing the "Identity Association Identifier" (IAID) used by
+     * the DHCP client. The string can be a 32-bit number (either decimal,
+     * hexadecimal or or as colon separated hexadecimal numbers). Alternatively
+     * it can be set to the special values "mac", "perm-mac", "ifname" or
+     * "stable". When set to "mac" (or "perm-mac"), the last 4 bytes of the
+     * current (or permanent) MAC address are used as IAID. When set to
+     * "ifname", the IAID is computed by hashing the interface name. The
+     * special value "stable" can be used to generate an IAID based on the
+     * stable-id (see connection.stable-id), a per-host key and the interface
+     * name. When the property is unset, the value from global configuration is
+     * used; if no global default is set then the IAID is assumed to be
+     * "ifname".
+     *
+     * For DHCPv4, the IAID is only used with "ipv4.dhcp-client-id"
+     * values "duid" and "ipv6-duid" to generate the client-id.
+     *
+     * For DHCPv6, note that at the moment this property is
+     * only supported by the "internal" DHCPv6 plugin. The "dhclient" DHCPv6
+     * plugin always derives the IAID from the MAC address.
+     *
+     * The actually used DHCPv6 IAID for a currently activated interface is
+     * exposed in the lease information of the device.
      *
      * Since: 1.22
      **/
@@ -6797,5 +6831,21 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass)
                           NM_TERNARY_DEFAULT,
                           G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
 
+    /**
+     * NMSettingIPConfig:replace-local-rule:
+     *
+     * Connections will default to keep the autogenerated priority 0 local rule
+     * unless this setting is set to %TRUE.
+     *
+     * Since: 1.44, 1.42.2
+     */
+    obj_properties[PROP_REPLACE_LOCAL_RULE] =
+        g_param_spec_enum(NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE,
+                          "",
+                          "",
+                          NM_TYPE_TERNARY,
+                          NM_TERNARY_DEFAULT,
+                          G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
+
     g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties);
 }
diff --git a/src/libnm-core-impl/nm-setting-ip4-config.c b/src/libnm-core-impl/nm-setting-ip4-config.c
index f847918eda..7819c2e816 100644
--- a/src/libnm-core-impl/nm-setting-ip4-config.c
+++ b/src/libnm-core-impl/nm-setting-ip4-config.c
@@ -808,6 +808,15 @@ nm_setting_ip4_config_class_init(NMSettingIP4ConfigClass *klass)
      * ---end---
      */
 
+    /* ---ifcfg-rh---
+     * property: replace-local-rule
+     * variable: IPV4_REPLACE_LOCAL_RULE(+)
+     * default: no
+     * description: Connections will default to keep the autogenerated priority
+     *     0 local rule unless this setting is set to %TRUE.
+     * ---end---
+     */
+
     /**
      * NMSettingIP4Config:dhcp-client-id:
      *
@@ -1143,7 +1152,7 @@ nm_setting_ip4_config_class_init(NMSettingIP4ConfigClass *klass)
      *      </listitem>
      *      <listitem>
      *        <para><literal>"type"</literal> - one of <literal>unicast</literal>, <literal>local</literal>, <literal>blackhole</literal>,
-     *          <literal>unavailable</literal>, <literal>prohibit</literal>, <literal>throw</literal>.
+     *          <literal>unreachable</literal>, <literal>prohibit</literal>, <literal>throw</literal>.
      *          The default is <literal>unicast</literal>.</para>
      *      </listitem>
      *      <listitem>
diff --git a/src/libnm-core-impl/nm-setting-ip6-config.c b/src/libnm-core-impl/nm-setting-ip6-config.c
index 43e2e3c708..573211b23c 100644
--- a/src/libnm-core-impl/nm-setting-ip6-config.c
+++ b/src/libnm-core-impl/nm-setting-ip6-config.c
@@ -752,6 +752,15 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass)
      * ---end---
      */
 
+    /* ---ifcfg-rh---
+     * property: replace-local-rule
+     * variable: IPV6_REPLACE_LOCAL_RULE(+)
+     * default: no
+     * description: Connections will default to keep the autogenerated priority
+     *     0 local rule unless this setting is set to %TRUE.
+     * ---end---
+     */
+
     /**
      * NMSettingIP6Config:ip6-privacy:
      *
@@ -1129,7 +1138,7 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass)
      *      </listitem>
      *      <listitem>
      *        <para><literal>"type"</literal> - one of <literal>unicast</literal>, <literal>local</literal>, <literal>blackhole</literal>,
-     *          <literal>unavailable</literal>, <literal>prohibit</literal>, <literal>throw</literal>.
+     *          <literal>unreachable</literal>, <literal>prohibit</literal>, <literal>throw</literal>.
      *          The default is <literal>unicast</literal>.</para>
      *      </listitem>
      *      <listitem>
diff --git a/src/libnm-core-impl/nm-setting-private.h b/src/libnm-core-impl/nm-setting-private.h
index 26a31b1e5c..fff6c1ccc5 100644
--- a/src/libnm-core-impl/nm-setting-private.h
+++ b/src/libnm-core-impl/nm-setting-private.h
@@ -198,6 +198,7 @@ typedef struct {
     char      *dhcp_iaid;
     gint64     route_metric;
     int        auto_route_ext_gw;
+    int        replace_local_rule;
     gint32     required_timeout;
     gint32     dad_timeout;
     gint32     dhcp_timeout;
diff --git a/src/libnm-core-impl/nm-utils.c b/src/libnm-core-impl/nm-utils.c
index 8ffc070e90..c389213f3f 100644
--- a/src/libnm-core-impl/nm-utils.c
+++ b/src/libnm-core-impl/nm-utils.c
@@ -5666,7 +5666,8 @@ _nm_utils_ranges_cmp(_NM_SETT_INFO_PROP_COMPARE_FCN_ARGS _nm_nil)
 gboolean
 _nm_utils_iaid_verify(const char *str, gint64 *out_value)
 {
-    gint64 iaid;
+    gint64  i64;
+    guint32 u32;
 
     NM_SET_OUT(out_value, -1);
 
@@ -5676,10 +5677,16 @@ _nm_utils_iaid_verify(const char *str, gint64 *out_value)
     if (NM_IAID_IS_SPECIAL(str))
         return TRUE;
 
-    if (NM_STRCHAR_ALL(str, ch, ch >= '0' && ch <= '9') && (str[0] != '0' || str[1] == '\0')
-        && (iaid = _nm_utils_ascii_str_to_int64(str, 10, 0, G_MAXUINT32, -1)) != -1) {
-        NM_SET_OUT(out_value, iaid);
-        return TRUE;
+    if (NM_STRCHAR_ALL(str, ch, g_ascii_isxdigit(ch) || NM_IN_SET(ch, 'x', ':'))) {
+        if ((i64 = _nm_utils_ascii_str_to_int64(str, 0, 0, G_MAXUINT32, -1)) != -1) {
+            NM_SET_OUT(out_value, i64);
+            return TRUE;
+        }
+
+        if (nm_dhcp_iaid_from_hexstr(str, &u32)) {
+            NM_SET_OUT(out_value, u32);
+            return TRUE;
+        }
     }
 
     return FALSE;
diff --git a/src/libnm-core-public/nm-setting-ip-config.h b/src/libnm-core-public/nm-setting-ip-config.h
index d52cf1474b..f3bdc79634 100644
--- a/src/libnm-core-public/nm-setting-ip-config.h
+++ b/src/libnm-core-public/nm-setting-ip-config.h
@@ -340,6 +340,7 @@ char *nm_ip_routing_rule_to_string(const NMIPRoutingRule       *self,
 #define NM_SETTING_IP_CONFIG_DHCP_IAID           "dhcp-iaid"
 #define NM_SETTING_IP_CONFIG_DHCP_REJECT_SERVERS "dhcp-reject-servers"
 #define NM_SETTING_IP_CONFIG_AUTO_ROUTE_EXT_GW   "auto-route-ext-gw"
+#define NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE  "replace-local-rule"
 
 /* these are not real GObject properties. */
 #define NM_SETTING_IP_CONFIG_ROUTING_RULES "routing-rules"
@@ -499,6 +500,8 @@ NM_AVAILABLE_IN_1_28
 void nm_setting_ip_config_clear_dhcp_reject_servers(NMSettingIPConfig *setting);
 NM_AVAILABLE_IN_1_42
 NMTernary nm_setting_ip_config_get_auto_route_ext_gw(NMSettingIPConfig *setting);
+NM_AVAILABLE_IN_1_42_2
+NMTernary nm_setting_ip_config_get_replace_local_rule(NMSettingIPConfig *setting);
 
 G_END_DECLS
 
diff --git a/src/libnm-core-public/nm-version-macros.h b/src/libnm-core-public/nm-version-macros.h
index bbdeb2f3f0..159d3bd831 100644
--- a/src/libnm-core-public/nm-version-macros.h
+++ b/src/libnm-core-public/nm-version-macros.h
@@ -30,7 +30,7 @@
  * Evaluates to the micro version number of NetworkManager which this source
  * compiled against.
  */
-#define NM_MICRO_VERSION (0)
+#define NM_MICRO_VERSION (4)
 
 /**
  * NM_CHECK_VERSION:
@@ -72,6 +72,7 @@
 #define NM_VERSION_1_38   (NM_ENCODE_VERSION(1, 38, 0))
 #define NM_VERSION_1_40   (NM_ENCODE_VERSION(1, 40, 0))
 #define NM_VERSION_1_42   (NM_ENCODE_VERSION(1, 42, 0))
+#define NM_VERSION_1_42_2 (NM_ENCODE_VERSION(1, 42, 2))
 
 /* For releases, NM_API_VERSION is equal to NM_VERSION.
  *
diff --git a/src/libnm-core-public/nm-version-macros.h.in b/src/libnm-core-public/nm-version-macros.h.in
index 543edcf096..5cdba6087b 100644
--- a/src/libnm-core-public/nm-version-macros.h.in
+++ b/src/libnm-core-public/nm-version-macros.h.in
@@ -72,6 +72,7 @@
 #define NM_VERSION_1_38   (NM_ENCODE_VERSION(1, 38, 0))
 #define NM_VERSION_1_40   (NM_ENCODE_VERSION(1, 40, 0))
 #define NM_VERSION_1_42   (NM_ENCODE_VERSION(1, 42, 0))
+#define NM_VERSION_1_42_2 (NM_ENCODE_VERSION(1, 42, 2))
 
 /* For releases, NM_API_VERSION is equal to NM_VERSION.
  *
diff --git a/src/libnm-core-public/nm-version.h b/src/libnm-core-public/nm-version.h
index 0b2e6103a2..249084ae21 100644
--- a/src/libnm-core-public/nm-version.h
+++ b/src/libnm-core-public/nm-version.h
@@ -355,6 +355,12 @@
 #define NM_AVAILABLE_IN_1_42
 #endif
 
+#if NM_VERSION_MAX_ALLOWED < NM_VERSION_1_42_2
+#define NM_AVAILABLE_IN_1_42_2 G_UNAVAILABLE(1, 42.2)
+#else
+#define NM_AVAILABLE_IN_1_42_2
+#endif
+
 /*
  * Synchronous API for calling D-Bus in libnm is deprecated. See
  * https://networkmanager.dev/docs/libnm/latest/usage.html#sync-api
diff --git a/src/libnm-glib-aux/nm-macros-internal.h b/src/libnm-glib-aux/nm-macros-internal.h
index 71a17e3e37..0534ee5d9b 100644
--- a/src/libnm-glib-aux/nm-macros-internal.h
+++ b/src/libnm-glib-aux/nm-macros-internal.h
@@ -529,12 +529,12 @@ nm_str_realloc(char *str)
 
 /* redefine assertions to use g_assert*() */
 #undef _nm_assert_fail
-#define _nm_assert_fail(msg)                                                        \
-    G_STMT_START                                                                    \
-    {                                                                               \
-        g_assertion_message_expr(G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, msg); \
-        _nm_unreachable_code();                                                     \
-    }                                                                               \
+#define _nm_assert_fail(msg)                                                              \
+    G_STMT_START                                                                          \
+    {                                                                                     \
+        g_assertion_message_expr(G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, "" msg ""); \
+        _nm_unreachable_code();                                                           \
+    }                                                                                     \
     G_STMT_END
 
 #undef _NM_ASSERT_FAIL_ENABLED
diff --git a/src/libnm-glib-aux/nm-test-utils.h b/src/libnm-glib-aux/nm-test-utils.h
index 41e1a6cedf..b65818e00a 100644
--- a/src/libnm-glib-aux/nm-test-utils.h
+++ b/src/libnm-glib-aux/nm-test-utils.h
@@ -846,6 +846,17 @@ nmtst_test_skip_slow(void)
 #define NMTST_EXPECT_LIBNM_WARNING(msg)  NMTST_EXPECT_LIBNM(G_LOG_LEVEL_WARNING, msg)
 #define NMTST_EXPECT_LIBNM_CRITICAL(msg) NMTST_EXPECT_LIBNM(G_LOG_LEVEL_CRITICAL, msg)
 
+/* Commit [1] changed the level in which glib emits certain assertions.
+ * As we have test that check for those assertions (g_test_expect_message()),
+ * we need to choose the right one.
+ *
+ * [1] https://gitlab.gnome.org/GNOME/glib/-/commit/0ffe86a1f7e215e4561c3b9f1d03c3cd638ed00f */
+#if GLIB_CHECK_VERSION(2, 75, 0)
+#define NMTST_EXPECT_GOBJECT_ASSERT_LEVEL G_LOG_LEVEL_CRITICAL
+#else
+#define NMTST_EXPECT_GOBJECT_ASSERT_LEVEL G_LOG_LEVEL_WARNING
+#endif
+
 /*****************************************************************************/
 
 typedef struct _NmtstTestData NmtstTestData;
diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c
index d4ab36f93d..30ad1275d8 100644
--- a/src/libnm-platform/nm-linux-platform.c
+++ b/src/libnm-platform/nm-linux-platform.c
@@ -9213,15 +9213,27 @@ get_ext_data(NMPlatform *platform, int ifindex)
     return obj->_link.ext_data;
 }
 
+#define get_ext_data_check(platform, ifindex, is_check)      \
+    ({                                                       \
+        GObject *_obj = get_ext_data((platform), (ifindex)); \
+                                                             \
+        _obj &&is_check(_obj) ? ((gpointer) _obj) : NULL;    \
+    })
+
 /*****************************************************************************/
 
-#define WIFI_GET_WIFI_DATA_NETNS(wifi_data, platform, ifindex, retval) \
-    nm_auto_pop_netns NMPNetns *netns = NULL;                          \
-    NMWifiUtils                *wifi_data;                             \
-    if (!nm_platform_netns_push(platform, &netns))                     \
-        return retval;                                                 \
-    wifi_data = NM_WIFI_UTILS(get_ext_data(platform, ifindex));        \
-    if (!wifi_data)                                                    \
+#define WIFI_GET_WIFI_DATA(wifi_data, platform, ifindex, retval)                      \
+    NMWifiUtils *wifi_data = get_ext_data_check(platform, ifindex, NM_IS_WIFI_UTILS); \
+    if (!wifi_data)                                                                   \
+        return retval;
+
+#define WIFI_GET_WIFI_DATA_NETNS(wifi_data, platform, ifindex, retval)   \
+    nm_auto_pop_netns NMPNetns *netns = NULL;                            \
+    NMWifiUtils                *wifi_data;                               \
+    if (!nm_platform_netns_push(platform, &netns))                       \
+        return retval;                                                   \
+    wifi_data = get_ext_data_check(platform, ifindex, NM_IS_WIFI_UTILS); \
+    if (!wifi_data)                                                      \
         return retval;
 
 static gboolean
@@ -9390,9 +9402,9 @@ mesh_set_ssid(NMPlatform *platform, int ifindex, const guint8 *ssid, gsize len)
 
 /*****************************************************************************/
 
-#define WPAN_GET_WPAN_DATA(wpan_data, platform, ifindex, retval)             \
-    NMWpanUtils *wpan_data = NM_WPAN_UTILS(get_ext_data(platform, ifindex)); \
-    if (!wpan_data)                                                          \
+#define WPAN_GET_WPAN_DATA(wpan_data, platform, ifindex, retval)                      \
+    NMWpanUtils *wpan_data = get_ext_data_check(platform, ifindex, NM_IS_WPAN_UTILS); \
+    if (!wpan_data)                                                                   \
         return retval;
 
 static guint16
@@ -9444,10 +9456,7 @@ link_get_wake_on_lan(NMPlatform *platform, int ifindex)
     if (type == NM_LINK_TYPE_ETHERNET)
         return nmp_utils_ethtool_get_wake_on_lan(ifindex);
     else if (type == NM_LINK_TYPE_WIFI) {
-        NMWifiUtils *wifi_data = NM_WIFI_UTILS(get_ext_data(platform, ifindex));
-
-        if (!wifi_data)
-            return FALSE;
+        WIFI_GET_WIFI_DATA(wifi_data, platform, ifindex, FALSE);
 
         return !NM_IN_SET(nm_wifi_utils_get_wake_on_wlan(wifi_data),
                           _NM_SETTING_WIRELESS_WAKE_ON_WLAN_NONE,
diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c
index c80d964851..2e9e940c2f 100644
--- a/src/libnm-platform/nm-platform.c
+++ b/src/libnm-platform/nm-platform.c
@@ -7951,6 +7951,7 @@ int
 nm_platform_lnk_bond_cmp(const NMPlatformLnkBond *a, const NMPlatformLnkBond *b)
 {
     NM_CMP_SELF(a, b);
+    NM_CMP_FIELD(a, b, arp_ip_targets_num);
     NM_CMP_FIELD_MEMCMP_LEN(a,
                             b,
                             arp_ip_target,
@@ -7972,7 +7973,6 @@ nm_platform_lnk_bond_cmp(const NMPlatformLnkBond *a, const NMPlatformLnkBond *b)
     NM_CMP_FIELD_MEMCMP(a, b, ad_actor_system);
     NM_CMP_FIELD(a, b, ad_select);
     NM_CMP_FIELD(a, b, all_ports_active);
-    NM_CMP_FIELD(a, b, arp_ip_targets_num);
     NM_CMP_FIELD(a, b, fail_over_mac);
     NM_CMP_FIELD(a, b, lacp_rate);
     NM_CMP_FIELD(a, b, num_grat_arp);
diff --git a/src/libnm-platform/nmp-global-tracker.c b/src/libnm-platform/nmp-global-tracker.c
index 09f1e21711..3fd31e4e14 100644
--- a/src/libnm-platform/nmp-global-tracker.c
+++ b/src/libnm-platform/nmp-global-tracker.c
@@ -26,7 +26,7 @@
  * view. That is mainly, because such objects are themselves tied to an ifindex.
  *
  * However, for certain objects that's not the case. For example, policy routing
- * rules, certain route types (blackhole, unavailable, prohibit, throw) and MPTCP
+ * rules, certain route types (blackhole, unreachable, prohibit, throw) and MPTCP
  * endpoints require a holistic view of the system. That is, because rules and
  * these route types have no ifindex. For MPTCP endpoints, they have an ifindex,
  * however we can only configure a small number of them at a time, so we need a
@@ -1155,11 +1155,12 @@ nmp_global_tracker_track_rule_default(NMPGlobalTracker *self,
     /* track the default rules. See also `man ip-rule`. */
 
     if (NM_IN_SET(addr_family, AF_UNSPEC, AF_INET)) {
+        nmp_global_tracker_track_local_rule(self, addr_family, track_priority, user_tag, NULL);
         nmp_global_tracker_track_rule(self,
                                       &((NMPlatformRoutingRule){
                                           .addr_family = AF_INET,
-                                          .priority    = 0,
-                                          .table       = RT_TABLE_LOCAL,
+                                          .priority    = 32766,
+                                          .table       = RT_TABLE_MAIN,
                                           .action      = FR_ACT_TO_TBL,
                                           .protocol    = RTPROT_KERNEL,
                                       }),
@@ -1169,19 +1170,22 @@ nmp_global_tracker_track_rule_default(NMPGlobalTracker *self,
         nmp_global_tracker_track_rule(self,
                                       &((NMPlatformRoutingRule){
                                           .addr_family = AF_INET,
-                                          .priority    = 32766,
-                                          .table       = RT_TABLE_MAIN,
+                                          .priority    = 32767,
+                                          .table       = RT_TABLE_DEFAULT,
                                           .action      = FR_ACT_TO_TBL,
                                           .protocol    = RTPROT_KERNEL,
                                       }),
                                       track_priority,
                                       user_tag,
                                       NULL);
+    }
+    if (NM_IN_SET(addr_family, AF_UNSPEC, AF_INET6)) {
+        nmp_global_tracker_track_local_rule(self, addr_family, track_priority, user_tag, NULL);
         nmp_global_tracker_track_rule(self,
                                       &((NMPlatformRoutingRule){
-                                          .addr_family = AF_INET,
-                                          .priority    = 32767,
-                                          .table       = RT_TABLE_DEFAULT,
+                                          .addr_family = AF_INET6,
+                                          .priority    = 32766,
+                                          .table       = RT_TABLE_MAIN,
                                           .action      = FR_ACT_TO_TBL,
                                           .protocol    = RTPROT_KERNEL,
                                       }),
@@ -1189,10 +1193,23 @@ nmp_global_tracker_track_rule_default(NMPGlobalTracker *self,
                                       user_tag,
                                       NULL);
     }
-    if (NM_IN_SET(addr_family, AF_UNSPEC, AF_INET6)) {
+}
+
+void
+nmp_global_tracker_track_local_rule(NMPGlobalTracker *self,
+                                    int               addr_family,
+                                    gint32            track_priority,
+                                    gconstpointer     user_tag,
+                                    gconstpointer     user_tag_untrack)
+{
+    g_return_if_fail(NMP_IS_GLOBAL_TRACKER(self));
+
+    nm_assert(NM_IN_SET(addr_family, AF_UNSPEC, AF_INET, AF_INET6));
+
+    if (NM_IN_SET(addr_family, AF_UNSPEC, AF_INET)) {
         nmp_global_tracker_track_rule(self,
                                       &((NMPlatformRoutingRule){
-                                          .addr_family = AF_INET6,
+                                          .addr_family = AF_INET,
                                           .priority    = 0,
                                           .table       = RT_TABLE_LOCAL,
                                           .action      = FR_ACT_TO_TBL,
@@ -1200,18 +1217,20 @@ nmp_global_tracker_track_rule_default(NMPGlobalTracker *self,
                                       }),
                                       track_priority,
                                       user_tag,
-                                      NULL);
+                                      user_tag_untrack);
+    }
+    if (NM_IN_SET(addr_family, AF_UNSPEC, AF_INET6)) {
         nmp_global_tracker_track_rule(self,
                                       &((NMPlatformRoutingRule){
                                           .addr_family = AF_INET6,
-                                          .priority    = 32766,
-                                          .table       = RT_TABLE_MAIN,
+                                          .priority    = 0,
+                                          .table       = RT_TABLE_LOCAL,
                                           .action      = FR_ACT_TO_TBL,
                                           .protocol    = RTPROT_KERNEL,
                                       }),
                                       track_priority,
                                       user_tag,
-                                      NULL);
+                                      user_tag_untrack);
     }
 }
 
diff --git a/src/libnm-platform/nmp-global-tracker.h b/src/libnm-platform/nmp-global-tracker.h
index 08a4d85f41..c6d7bc11d0 100644
--- a/src/libnm-platform/nmp-global-tracker.h
+++ b/src/libnm-platform/nmp-global-tracker.h
@@ -46,6 +46,12 @@ void nmp_global_tracker_track_rule_default(NMPGlobalTracker *self,
                                            gint32            track_priority,
                                            gconstpointer     user_tag);
 
+void nmp_global_tracker_track_local_rule(NMPGlobalTracker *self,
+                                         int               addr_family,
+                                         gint32            track_priority,
+                                         gconstpointer     user_tag,
+                                         gconstpointer     user_tag_untrack);
+
 void nmp_global_tracker_track_rule_from_platform(NMPGlobalTracker *self,
                                                  NMPlatform       *platform,
                                                  int               addr_family,
diff --git a/src/libnm-std-aux/nm-std-aux.h b/src/libnm-std-aux/nm-std-aux.h
index e556aa4b52..a5e5abd3d5 100644
--- a/src/libnm-std-aux/nm-std-aux.h
+++ b/src/libnm-std-aux/nm-std-aux.h
@@ -219,36 +219,16 @@ typedef uint64_t _nm_bitwise nm_be64_t;
 #define NM_MORE_ASSERTS 0
 #endif
 
-#if NM_MORE_ASSERTS == 0
-/* The string with the assertion check and the function name blows up the
- * binary size. In production mode, let's drop those, similar to
- * g_assertion_message_expr.
- *
- * Note that <assert.h> can be included multiple times. We can thus
- * not redefine __assert_fail(...). Instead, just redefine the name
- * __assert_fail. */
-_nm_noreturn static inline void
-_nm_assert_fail_internal(const char  *assertion,
-                         const char  *file,
-                         unsigned int line,
-                         const char  *function)
-{
-    __assert_fail("<dropped>", file, line, "<unknown-fcn>");
-}
-#define __assert_fail _nm_assert_fail_internal
-#endif
-
 #ifndef NDEBUG
 #define _NM_ASSERT_FAIL_ENABLED 1
-#define _nm_assert_fail(msg)    __assert_fail((msg), __FILE__, __LINE__, __func__)
+#define _nm_assert_fail(msg)                                     \
+    __assert_fail(((NM_MORE_ASSERTS) ? "" msg "" : "<dropped>"), \
+                  __FILE__,                                      \
+                  __LINE__,                                      \
+                  ((NM_MORE_ASSERTS) ? __func__ : "<unknown-fcn>"))
 #else
 #define _NM_ASSERT_FAIL_ENABLED 0
-#define _nm_assert_fail(msg)                 \
-    do {                                     \
-        _nm_unused const char *_msg = (msg); \
-                                             \
-        _nm_unreachable_code();              \
-    } while (0)
+#define _nm_assert_fail(msg)    ((void) ("" msg ""), _nm_unreachable_code())
 #endif
 
 #define NM_MORE_ASSERTS_EFFECTIVE (_NM_ASSERT_FAIL_ENABLED ? NM_MORE_ASSERTS : 0)
diff --git a/src/libnmc-setting/nm-meta-setting-desc.c b/src/libnmc-setting/nm-meta-setting-desc.c
index f3372fb230..0f67c9bda2 100644
--- a/src/libnmc-setting/nm-meta-setting-desc.c
+++ b/src/libnmc-setting/nm-meta-setting-desc.c
@@ -6192,6 +6192,9 @@ static const NMMetaPropertyInfo *const property_infos_IP4_CONFIG[] = {
             ),
         ),
     ),
+    PROPERTY_INFO (NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE, DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_REPLACE_LOCAL_RULE,
+        .property_type =                &_pt_gobject_ternary,
+    ),
     PROPERTY_INFO (NM_SETTING_IP_CONFIG_IGNORE_AUTO_ROUTES, DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_IGNORE_AUTO_ROUTES,
         .property_type =                &_pt_gobject_bool,
     ),
@@ -6447,6 +6450,9 @@ static const NMMetaPropertyInfo *const property_infos_IP6_CONFIG[] = {
             ),
         ),
     ),
+    PROPERTY_INFO (NM_SETTING_IP_CONFIG_REPLACE_LOCAL_RULE, DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_REPLACE_LOCAL_RULE,
+        .property_type =                &_pt_gobject_ternary,
+    ),
     PROPERTY_INFO (NM_SETTING_IP_CONFIG_IGNORE_AUTO_ROUTES, DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_IGNORE_AUTO_ROUTES,
         .property_type =                &_pt_gobject_bool,
     ),
diff --git a/src/libnmc-setting/settings-docs.h b/src/libnmc-setting/settings-docs.h
index b7f1dc2458..cd5b231bb9 100644
--- a/src/libnmc-setting/settings-docs.h
+++ b/src/libnmc-setting/settings-docs.h
@@ -163,7 +163,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_FQDN N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-hostname\" are mutually exclusive and cannot be set at the same time.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_HOSTNAME N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-fqdn\" are mutually exclusive and cannot be set at the same time.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_HOSTNAME_FLAGS N_("Flags for the DHCP hostname and FQDN. Currently, this property only includes flags to control the FQDN flags set in the DHCP FQDN option. Supported FQDN flags are NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) and NM_DHCP_HOSTNAME_FLAG_FQDN_NO_UPDATE (0x4).  When no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is set, the DHCP FQDN option will contain no flag. Otherwise, if no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is not set, the standard FQDN flags are set in the request: NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) for IPv4 and NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1) for IPv6. When this property is set to the default value NM_DHCP_HOSTNAME_FLAG_NONE (0x0), a global default is looked up in NetworkManager configuration. If that value is unset or also NM_DHCP_HOSTNAME_FLAG_NONE (0x0), then the standard FQDN flags described above are sent in the DHCP requests.")
-#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_IAID N_("A string containing the \"Identity Association Identifier\" (IAID) used by the DHCP client. The property is a 32-bit decimal value or a special value among \"mac\", \"perm-mac\", \"ifname\" and \"stable\". When set to \"mac\" (or \"perm-mac\"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to \"ifname\", the IAID is computed by hashing the interface name. The special value \"stable\" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be \"ifname\". Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_IAID N_("A string containing the \"Identity Association Identifier\" (IAID) used by the DHCP client. The string can be a 32-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers). Alternatively it can be set to the special values \"mac\", \"perm-mac\", \"ifname\" or \"stable\". When set to \"mac\" (or \"perm-mac\"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to \"ifname\", the IAID is computed by hashing the interface name. The special value \"stable\" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be \"ifname\". For DHCPv4, the IAID is only used with \"ipv4.dhcp-client-id\" values \"duid\" and \"ipv6-duid\" to generate the client-id. For DHCPv6, note that at the moment this property is only supported by the \"internal\" DHCPv6 plugin. The \"dhclient\" DHCPv6 plugin always derives the IAID from the MAC address. The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_REJECT_SERVERS N_("Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers. For DHCPv4, each element must be an IPv4 address, optionally followed by a slash and a prefix length (e.g. \"192.168.122.0/24\"). This property is currently not implemented for DHCPv6.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_SEND_HOSTNAME N_("If TRUE, a hostname is sent to the DHCP server when acquiring a lease. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer.  If the \"dhcp-hostname\" property is NULL and this property is TRUE, the current persistent hostname of the computer is sent.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_TIMEOUT N_("A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds). Set to 2147483647 (MAXINT32) for infinity.")
@@ -179,6 +179,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_MAY_FAIL N_("If TRUE, allow overall network configuration to proceed even if the configuration specified by this property times out.  Note that at least one IP configuration must succeed or overall network configuration will still fail.  For example, in IPv6-only networks, setting this property to TRUE on the NMSettingIP4Config allows the overall network configuration to succeed if IPv4 configuration fails but IPv6 configuration completes successfully.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_METHOD N_("IP configuration method. NMSettingIP4Config and NMSettingIP6Config both support \"disabled\", \"auto\", \"manual\", and \"link-local\". See the subclass-specific documentation for other values. In general, for the \"auto\" method, properties such as \"dns\" and \"routes\" specify information that is added on to the information returned from automatic configuration.  The \"ignore-auto-routes\" and \"ignore-auto-dns\" properties modify this behavior. For methods that imply no upstream network, such as \"shared\" or \"link-local\", these properties must be empty. For IPv4 method \"shared\", the IP subnet can be configured by adding one manual IPv4 address or otherwise 10.42.x.0/24 is chosen. Note that the shared method must be configured on the interface which shares the internet to a subnet, not on the uplink which is shared.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_NEVER_DEFAULT N_("If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_REPLACE_LOCAL_RULE N_("Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_REQUIRED_TIMEOUT N_("The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds. This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active. Note that if \"may-fail\" is FALSE for the same address family, this property has no effect as NetworkManager needs to wait for the full DHCP timeout. A zero value means that no required timeout is present, -1 means the default value (either configuration ipvx.required-timeout override or zero).")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_METRIC N_("The default metric for routes that don't explicitly specify a metric. The default value -1 means that the metric is chosen automatically based on the device type. The metric applies to dynamic routes, manual (static) routes that don't have an explicit metric setting, address prefix routes, and the default route. Note that for IPv6, the kernel accepts zero (0) but coerces it to 1024 (user default). Hence, setting this property to zero effectively mean setting it to 1024. For IPv4, zero is a regular value for the metric.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_TABLE N_("Enable policy routing (source routing) and set the routing table used when adding routes. This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.")
@@ -191,7 +192,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_DUID N_("A string containing the DHCPv6 Unique Identifier (DUID) used by the dhcp client to identify itself to DHCPv6 servers (RFC 3315). The DUID is carried in the Client Identifier option. If the property is a hex string ('aa:bb:cc') it is interpreted as a binary DUID and filled as an opaque value in the Client Identifier option. The special value \"lease\" will retrieve the DUID previously used from the lease file belonging to the connection. If no DUID is found and \"dhclient\" is the configured dhcp client, the DUID is searched in the system-wide dhclient lease file. If still no DUID is found, or another dhcp client is used, a global and permanent DUID-UUID (RFC 6355) will be generated based on the machine-id. The special values \"llt\" and \"ll\" will generate a DUID of type LLT or LL (see RFC 3315) based on the current MAC address of the device. In order to try providing a stable DUID-LLT, the time field will contain a constant timestamp that is used globally (for all profiles) and persisted to disk. The special values \"stable-llt\", \"stable-ll\" and \"stable-uuid\" will generate a DUID of the corresponding type, derived from the connection's stable-id and a per-host unique key. You may want to include the \"${DEVICE}\" or \"${MAC}\" specifier in the stable-id, in case this profile gets activated on multiple devices. So, the link-layer address of \"stable-ll\" and \"stable-llt\" will be a generated address derived from the stable id. The DUID-LLT time value in the \"stable-llt\" option will be picked among a static timespan of three years (the upper bound of the interval is the same constant timestamp used in \"llt\"). When the property is unset, the global value provided for \"ipv6.dhcp-duid\" is used. If no global value is provided, the default \"lease\" value is assumed.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_HOSTNAME N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-fqdn\" are mutually exclusive and cannot be set at the same time.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_HOSTNAME_FLAGS N_("Flags for the DHCP hostname and FQDN. Currently, this property only includes flags to control the FQDN flags set in the DHCP FQDN option. Supported FQDN flags are NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) and NM_DHCP_HOSTNAME_FLAG_FQDN_NO_UPDATE (0x4).  When no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is set, the DHCP FQDN option will contain no flag. Otherwise, if no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is not set, the standard FQDN flags are set in the request: NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) for IPv4 and NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1) for IPv6. When this property is set to the default value NM_DHCP_HOSTNAME_FLAG_NONE (0x0), a global default is looked up in NetworkManager configuration. If that value is unset or also NM_DHCP_HOSTNAME_FLAG_NONE (0x0), then the standard FQDN flags described above are sent in the DHCP requests.")
-#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_IAID N_("A string containing the \"Identity Association Identifier\" (IAID) used by the DHCP client. The property is a 32-bit decimal value or a special value among \"mac\", \"perm-mac\", \"ifname\" and \"stable\". When set to \"mac\" (or \"perm-mac\"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to \"ifname\", the IAID is computed by hashing the interface name. The special value \"stable\" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be \"ifname\". Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address.")
+#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_IAID N_("A string containing the \"Identity Association Identifier\" (IAID) used by the DHCP client. The string can be a 32-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers). Alternatively it can be set to the special values \"mac\", \"perm-mac\", \"ifname\" or \"stable\". When set to \"mac\" (or \"perm-mac\"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to \"ifname\", the IAID is computed by hashing the interface name. The special value \"stable\" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be \"ifname\". For DHCPv4, the IAID is only used with \"ipv4.dhcp-client-id\" values \"duid\" and \"ipv6-duid\" to generate the client-id. For DHCPv6, note that at the moment this property is only supported by the \"internal\" DHCPv6 plugin. The \"dhclient\" DHCPv6 plugin always derives the IAID from the MAC address. The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_REJECT_SERVERS N_("Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers. For DHCPv4, each element must be an IPv4 address, optionally followed by a slash and a prefix length (e.g. \"192.168.122.0/24\"). This property is currently not implemented for DHCPv6.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_SEND_HOSTNAME N_("If TRUE, a hostname is sent to the DHCP server when acquiring a lease. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer.  If the \"dhcp-hostname\" property is NULL and this property is TRUE, the current persistent hostname of the computer is sent.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_TIMEOUT N_("A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds). Set to 2147483647 (MAXINT32) for infinity.")
@@ -208,6 +209,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_MTU N_("Maximum transmission unit size, in bytes. If zero (the default), the MTU is set automatically from router advertisements or is left equal to the link-layer MTU. If greater than the link-layer MTU, or greater than zero but less than the minimum IPv6 MTU of 1280, this value has no effect.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_NEVER_DEFAULT N_("If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_RA_TIMEOUT N_("A timeout for waiting Router Advertisements in seconds. If zero (the default), a globally configured default is used. If still unspecified, the timeout depends on the sysctl settings of the device. Set to 2147483647 (MAXINT32) for infinity.")
+#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_REPLACE_LOCAL_RULE N_("Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_REQUIRED_TIMEOUT N_("The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds. This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active. Note that if \"may-fail\" is FALSE for the same address family, this property has no effect as NetworkManager needs to wait for the full DHCP timeout. A zero value means that no required timeout is present, -1 means the default value (either configuration ipvx.required-timeout override or zero).")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_METRIC N_("The default metric for routes that don't explicitly specify a metric. The default value -1 means that the metric is chosen automatically based on the device type. The metric applies to dynamic routes, manual (static) routes that don't have an explicit metric setting, address prefix routes, and the default route. Note that for IPv6, the kernel accepts zero (0) but coerces it to 1024 (user default). Hence, setting this property to zero effectively mean setting it to 1024. For IPv4, zero is a regular value for the metric.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_TABLE N_("Enable policy routing (source routing) and set the routing table used when adding routes. This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.")
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index b7f1dc2458..cd5b231bb9 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -163,7 +163,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_FQDN N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified FQDN will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-hostname\" are mutually exclusive and cannot be set at the same time.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_HOSTNAME N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-fqdn\" are mutually exclusive and cannot be set at the same time.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_HOSTNAME_FLAGS N_("Flags for the DHCP hostname and FQDN. Currently, this property only includes flags to control the FQDN flags set in the DHCP FQDN option. Supported FQDN flags are NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) and NM_DHCP_HOSTNAME_FLAG_FQDN_NO_UPDATE (0x4).  When no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is set, the DHCP FQDN option will contain no flag. Otherwise, if no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is not set, the standard FQDN flags are set in the request: NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) for IPv4 and NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1) for IPv6. When this property is set to the default value NM_DHCP_HOSTNAME_FLAG_NONE (0x0), a global default is looked up in NetworkManager configuration. If that value is unset or also NM_DHCP_HOSTNAME_FLAG_NONE (0x0), then the standard FQDN flags described above are sent in the DHCP requests.")
-#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_IAID N_("A string containing the \"Identity Association Identifier\" (IAID) used by the DHCP client. The property is a 32-bit decimal value or a special value among \"mac\", \"perm-mac\", \"ifname\" and \"stable\". When set to \"mac\" (or \"perm-mac\"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to \"ifname\", the IAID is computed by hashing the interface name. The special value \"stable\" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be \"ifname\". Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_IAID N_("A string containing the \"Identity Association Identifier\" (IAID) used by the DHCP client. The string can be a 32-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers). Alternatively it can be set to the special values \"mac\", \"perm-mac\", \"ifname\" or \"stable\". When set to \"mac\" (or \"perm-mac\"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to \"ifname\", the IAID is computed by hashing the interface name. The special value \"stable\" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be \"ifname\". For DHCPv4, the IAID is only used with \"ipv4.dhcp-client-id\" values \"duid\" and \"ipv6-duid\" to generate the client-id. For DHCPv6, note that at the moment this property is only supported by the \"internal\" DHCPv6 plugin. The \"dhclient\" DHCPv6 plugin always derives the IAID from the MAC address. The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_REJECT_SERVERS N_("Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers. For DHCPv4, each element must be an IPv4 address, optionally followed by a slash and a prefix length (e.g. \"192.168.122.0/24\"). This property is currently not implemented for DHCPv6.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_SEND_HOSTNAME N_("If TRUE, a hostname is sent to the DHCP server when acquiring a lease. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer.  If the \"dhcp-hostname\" property is NULL and this property is TRUE, the current persistent hostname of the computer is sent.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_TIMEOUT N_("A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds). Set to 2147483647 (MAXINT32) for infinity.")
@@ -179,6 +179,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_MAY_FAIL N_("If TRUE, allow overall network configuration to proceed even if the configuration specified by this property times out.  Note that at least one IP configuration must succeed or overall network configuration will still fail.  For example, in IPv6-only networks, setting this property to TRUE on the NMSettingIP4Config allows the overall network configuration to succeed if IPv4 configuration fails but IPv6 configuration completes successfully.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_METHOD N_("IP configuration method. NMSettingIP4Config and NMSettingIP6Config both support \"disabled\", \"auto\", \"manual\", and \"link-local\". See the subclass-specific documentation for other values. In general, for the \"auto\" method, properties such as \"dns\" and \"routes\" specify information that is added on to the information returned from automatic configuration.  The \"ignore-auto-routes\" and \"ignore-auto-dns\" properties modify this behavior. For methods that imply no upstream network, such as \"shared\" or \"link-local\", these properties must be empty. For IPv4 method \"shared\", the IP subnet can be configured by adding one manual IPv4 address or otherwise 10.42.x.0/24 is chosen. Note that the shared method must be configured on the interface which shares the internet to a subnet, not on the uplink which is shared.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_NEVER_DEFAULT N_("If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.")
+#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_REPLACE_LOCAL_RULE N_("Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_REQUIRED_TIMEOUT N_("The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds. This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active. Note that if \"may-fail\" is FALSE for the same address family, this property has no effect as NetworkManager needs to wait for the full DHCP timeout. A zero value means that no required timeout is present, -1 means the default value (either configuration ipvx.required-timeout override or zero).")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_METRIC N_("The default metric for routes that don't explicitly specify a metric. The default value -1 means that the metric is chosen automatically based on the device type. The metric applies to dynamic routes, manual (static) routes that don't have an explicit metric setting, address prefix routes, and the default route. Note that for IPv6, the kernel accepts zero (0) but coerces it to 1024 (user default). Hence, setting this property to zero effectively mean setting it to 1024. For IPv4, zero is a regular value for the metric.")
 #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTE_TABLE N_("Enable policy routing (source routing) and set the routing table used when adding routes. This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.")
@@ -191,7 +192,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_DUID N_("A string containing the DHCPv6 Unique Identifier (DUID) used by the dhcp client to identify itself to DHCPv6 servers (RFC 3315). The DUID is carried in the Client Identifier option. If the property is a hex string ('aa:bb:cc') it is interpreted as a binary DUID and filled as an opaque value in the Client Identifier option. The special value \"lease\" will retrieve the DUID previously used from the lease file belonging to the connection. If no DUID is found and \"dhclient\" is the configured dhcp client, the DUID is searched in the system-wide dhclient lease file. If still no DUID is found, or another dhcp client is used, a global and permanent DUID-UUID (RFC 6355) will be generated based on the machine-id. The special values \"llt\" and \"ll\" will generate a DUID of type LLT or LL (see RFC 3315) based on the current MAC address of the device. In order to try providing a stable DUID-LLT, the time field will contain a constant timestamp that is used globally (for all profiles) and persisted to disk. The special values \"stable-llt\", \"stable-ll\" and \"stable-uuid\" will generate a DUID of the corresponding type, derived from the connection's stable-id and a per-host unique key. You may want to include the \"${DEVICE}\" or \"${MAC}\" specifier in the stable-id, in case this profile gets activated on multiple devices. So, the link-layer address of \"stable-ll\" and \"stable-llt\" will be a generated address derived from the stable id. The DUID-LLT time value in the \"stable-llt\" option will be picked among a static timespan of three years (the upper bound of the interval is the same constant timestamp used in \"llt\"). When the property is unset, the global value provided for \"ipv6.dhcp-duid\" is used. If no global value is provided, the default \"lease\" value is assumed.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_HOSTNAME N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-fqdn\" are mutually exclusive and cannot be set at the same time.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_HOSTNAME_FLAGS N_("Flags for the DHCP hostname and FQDN. Currently, this property only includes flags to control the FQDN flags set in the DHCP FQDN option. Supported FQDN flags are NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) and NM_DHCP_HOSTNAME_FLAG_FQDN_NO_UPDATE (0x4).  When no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is set, the DHCP FQDN option will contain no flag. Otherwise, if no FQDN flag is set and NM_DHCP_HOSTNAME_FLAG_FQDN_CLEAR_FLAGS (0x8) is not set, the standard FQDN flags are set in the request: NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1), NM_DHCP_HOSTNAME_FLAG_FQDN_ENCODED (0x2) for IPv4 and NM_DHCP_HOSTNAME_FLAG_FQDN_SERV_UPDATE (0x1) for IPv6. When this property is set to the default value NM_DHCP_HOSTNAME_FLAG_NONE (0x0), a global default is looked up in NetworkManager configuration. If that value is unset or also NM_DHCP_HOSTNAME_FLAG_NONE (0x0), then the standard FQDN flags described above are sent in the DHCP requests.")
-#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_IAID N_("A string containing the \"Identity Association Identifier\" (IAID) used by the DHCP client. The property is a 32-bit decimal value or a special value among \"mac\", \"perm-mac\", \"ifname\" and \"stable\". When set to \"mac\" (or \"perm-mac\"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to \"ifname\", the IAID is computed by hashing the interface name. The special value \"stable\" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be \"ifname\". Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address.")
+#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_IAID N_("A string containing the \"Identity Association Identifier\" (IAID) used by the DHCP client. The string can be a 32-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers). Alternatively it can be set to the special values \"mac\", \"perm-mac\", \"ifname\" or \"stable\". When set to \"mac\" (or \"perm-mac\"), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to \"ifname\", the IAID is computed by hashing the interface name. The special value \"stable\" can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be \"ifname\". For DHCPv4, the IAID is only used with \"ipv4.dhcp-client-id\" values \"duid\" and \"ipv6-duid\" to generate the client-id. For DHCPv6, note that at the moment this property is only supported by the \"internal\" DHCPv6 plugin. The \"dhclient\" DHCPv6 plugin always derives the IAID from the MAC address. The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_REJECT_SERVERS N_("Array of servers from which DHCP offers must be rejected. This property is useful to avoid getting a lease from misconfigured or rogue servers. For DHCPv4, each element must be an IPv4 address, optionally followed by a slash and a prefix length (e.g. \"192.168.122.0/24\"). This property is currently not implemented for DHCPv6.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_SEND_HOSTNAME N_("If TRUE, a hostname is sent to the DHCP server when acquiring a lease. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer.  If the \"dhcp-hostname\" property is NULL and this property is TRUE, the current persistent hostname of the computer is sent.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_TIMEOUT N_("A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds). Set to 2147483647 (MAXINT32) for infinity.")
@@ -208,6 +209,7 @@
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_MTU N_("Maximum transmission unit size, in bytes. If zero (the default), the MTU is set automatically from router advertisements or is left equal to the link-layer MTU. If greater than the link-layer MTU, or greater than zero but less than the minimum IPv6 MTU of 1280, this value has no effect.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_NEVER_DEFAULT N_("If TRUE, this connection will never be the default connection for this IP type, meaning it will never be assigned the default route by NetworkManager.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_RA_TIMEOUT N_("A timeout for waiting Router Advertisements in seconds. If zero (the default), a globally configured default is used. If still unspecified, the timeout depends on the sysctl settings of the device. Set to 2147483647 (MAXINT32) for infinity.")
+#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_REPLACE_LOCAL_RULE N_("Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_REQUIRED_TIMEOUT N_("The minimum time interval in milliseconds for which dynamic IP configuration should be tried before the connection succeeds. This property is useful for example if both IPv4 and IPv6 are enabled and are allowed to fail. Normally the connection succeeds as soon as one of the two address families completes; by setting a required timeout for e.g. IPv4, one can ensure that even if IP6 succeeds earlier than IPv4, NetworkManager waits some time for IPv4 before the connection becomes active. Note that if \"may-fail\" is FALSE for the same address family, this property has no effect as NetworkManager needs to wait for the full DHCP timeout. A zero value means that no required timeout is present, -1 means the default value (either configuration ipvx.required-timeout override or zero).")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_METRIC N_("The default metric for routes that don't explicitly specify a metric. The default value -1 means that the metric is chosen automatically based on the device type. The metric applies to dynamic routes, manual (static) routes that don't have an explicit metric setting, address prefix routes, and the default route. Note that for IPv6, the kernel accepts zero (0) but coerces it to 1024 (user default). Hence, setting this property to zero effectively mean setting it to 1024. For IPv4, zero is a regular value for the metric.")
 #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTE_TABLE N_("Enable policy routing (source routing) and set the routing table used when adding routes. This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager.")
diff --git a/src/nm-daemon-helper/nm-daemon-helper.c b/src/nm-daemon-helper/nm-daemon-helper.c
index a101bf9b4f..a447d63cfe 100644
--- a/src/nm-daemon-helper/nm-daemon-helper.c
+++ b/src/nm-daemon-helper/nm-daemon-helper.c
@@ -11,6 +11,7 @@
 #if defined(__GLIBC__)
 #include <nss.h>
 #endif
+#include <stdarg.h>
 
 enum {
     RETURN_SUCCESS      = 0,
@@ -61,6 +62,7 @@ cmd_resolve_address(void)
     } sockaddr;
     socklen_t sockaddr_size;
     char      name[NI_MAXHOST];
+    int       ret;
 
     address = read_arg();
     if (!address)
@@ -83,15 +85,26 @@ cmd_resolve_address(void)
     } else
         return RETURN_INVALID_ARGS;
 
-    if (getnameinfo((struct sockaddr *) &sockaddr,
-                    sockaddr_size,
-                    name,
-                    sizeof(name),
-                    NULL,
-                    0,
-                    NI_NAMEREQD)
-        != 0)
+    ret = getnameinfo((struct sockaddr *) &sockaddr,
+                      sockaddr_size,
+                      name,
+                      sizeof(name),
+                      NULL,
+                      0,
+                      NI_NAMEREQD);
+    if (ret != 0) {
+        if (ret == EAI_SYSTEM) {
+            fprintf(stderr,
+                    "getnameinfo() failed: %d (%s), system error: %d (%s)\n",
+                    ret,
+                    gai_strerror(ret),
+                    errno,
+                    strerror(errno));
+        } else {
+            fprintf(stderr, "getnameinfo() failed: %d (%s)\n", ret, gai_strerror(ret));
+        }
         return RETURN_ERROR;
+    }
 
     printf("%s", name);
 
diff --git a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
index cec7a58eb8..dfea3c3440 100644
--- a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
+++ b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
@@ -674,6 +674,8 @@
         <property name="route-table"
                   description="Enable policy routing (source routing) and set the routing table used when adding routes. This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager." />
         <property name="routing-rules" />
+        <property name="replace-local-rule"
+                  description="Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE." />
         <property name="ignore-auto-routes"
                   description="When &quot;method&quot; is set to &quot;auto&quot; and this property to TRUE, automatically configured routes are ignored and only routes specified in the &quot;routes&quot; property, if any, are used." />
         <property name="ignore-auto-dns"
@@ -681,7 +683,7 @@
         <property name="dhcp-client-id"
                   description="A string sent to the DHCP server to identify the local machine which the DHCP server may use to customize the DHCP lease and options. When the property is a hex string (&apos;aa:bb:cc&apos;) it is interpreted as a binary client ID, in which case the first byte is assumed to be the &apos;type&apos; field as per RFC 2132 section 9.14 and the remaining bytes may be an hardware address (e.g. &apos;01:xx:xx:xx:xx:xx:xx&apos; where 1 is the Ethernet ARP type and the rest is a MAC address). If the property is not a hex string it is considered as a non-hardware-address client ID and the &apos;type&apos; field is set to 0. The special values &quot;mac&quot; and &quot;perm-mac&quot; are supported, which use the current or permanent MAC address of the device to generate a client identifier with type ethernet (01). Currently, these options only work for ethernet type of links. The special value &quot;ipv6-duid&quot; uses the DUID from &quot;ipv6.dhcp-duid&quot; property as an RFC4361-compliant client identifier. As IAID it uses &quot;ipv4.dhcp-iaid&quot; and falls back to &quot;ipv6.dhcp-iaid&quot; if unset. The special value &quot;duid&quot; generates a RFC4361-compliant client identifier based on &quot;ipv4.dhcp-iaid&quot; and uses a DUID generated by hashing /etc/machine-id. The special value &quot;stable&quot; is supported to generate a type 0 client identifier based on the stable-id (see connection.stable-id) and a per-host key. If you set the stable-id, you may want to include the &quot;${DEVICE}&quot; or &quot;${MAC}&quot; specifier to get a per-device key. If unset, a globally configured default is used. If still unset, the default depends on the DHCP plugin." />
         <property name="dhcp-iaid"
-                  description="A string containing the &quot;Identity Association Identifier&quot; (IAID) used by the DHCP client. The property is a 32-bit decimal value or a special value among &quot;mac&quot;, &quot;perm-mac&quot;, &quot;ifname&quot; and &quot;stable&quot;. When set to &quot;mac&quot; (or &quot;perm-mac&quot;), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to &quot;ifname&quot;, the IAID is computed by hashing the interface name. The special value &quot;stable&quot; can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be &quot;ifname&quot;. Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address." />
+                  description="A string containing the &quot;Identity Association Identifier&quot; (IAID) used by the DHCP client. The string can be a 32-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers). Alternatively it can be set to the special values &quot;mac&quot;, &quot;perm-mac&quot;, &quot;ifname&quot; or &quot;stable&quot;. When set to &quot;mac&quot; (or &quot;perm-mac&quot;), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to &quot;ifname&quot;, the IAID is computed by hashing the interface name. The special value &quot;stable&quot; can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be &quot;ifname&quot;. For DHCPv4, the IAID is only used with &quot;ipv4.dhcp-client-id&quot; values &quot;duid&quot; and &quot;ipv6-duid&quot; to generate the client-id. For DHCPv6, note that at the moment this property is only supported by the &quot;internal&quot; DHCPv6 plugin. The &quot;dhclient&quot; DHCPv6 plugin always derives the IAID from the MAC address. The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device." />
         <property name="dhcp-timeout"
                   description="A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds). Set to 2147483647 (MAXINT32) for infinity." />
         <property name="dhcp-send-hostname"
@@ -733,6 +735,8 @@
         <property name="route-table"
                   description="Enable policy routing (source routing) and set the routing table used when adding routes. This affects all routes, including device-routes, IPv4LL, DHCP, SLAAC, default-routes and static routes. But note that static routes can individually overwrite the setting by explicitly specifying a non-zero routing table. If the table setting is left at zero, it is eligible to be overwritten via global configuration. If the property is zero even after applying the global configuration value, policy routing is disabled for the address family of this connection. Policy routing disabled means that NetworkManager will add all routes to the main table (except static routes that explicitly configure a different table). Additionally, NetworkManager will not delete any extraneous routes from tables except the main table. This is to preserve backward compatibility for users who manage routing tables outside of NetworkManager." />
         <property name="routing-rules" />
+        <property name="replace-local-rule"
+                  description="Connections will default to keep the autogenerated priority 0 local rule unless this setting is set to TRUE." />
         <property name="ignore-auto-routes"
                   description="When &quot;method&quot; is set to &quot;auto&quot; and this property to TRUE, automatically configured routes are ignored and only routes specified in the &quot;routes&quot; property, if any, are used." />
         <property name="ignore-auto-dns"
@@ -754,7 +758,7 @@
         <property name="dhcp-duid"
                   description="A string containing the DHCPv6 Unique Identifier (DUID) used by the dhcp client to identify itself to DHCPv6 servers (RFC 3315). The DUID is carried in the Client Identifier option. If the property is a hex string (&apos;aa:bb:cc&apos;) it is interpreted as a binary DUID and filled as an opaque value in the Client Identifier option. The special value &quot;lease&quot; will retrieve the DUID previously used from the lease file belonging to the connection. If no DUID is found and &quot;dhclient&quot; is the configured dhcp client, the DUID is searched in the system-wide dhclient lease file. If still no DUID is found, or another dhcp client is used, a global and permanent DUID-UUID (RFC 6355) will be generated based on the machine-id. The special values &quot;llt&quot; and &quot;ll&quot; will generate a DUID of type LLT or LL (see RFC 3315) based on the current MAC address of the device. In order to try providing a stable DUID-LLT, the time field will contain a constant timestamp that is used globally (for all profiles) and persisted to disk. The special values &quot;stable-llt&quot;, &quot;stable-ll&quot; and &quot;stable-uuid&quot; will generate a DUID of the corresponding type, derived from the connection&apos;s stable-id and a per-host unique key. You may want to include the &quot;${DEVICE}&quot; or &quot;${MAC}&quot; specifier in the stable-id, in case this profile gets activated on multiple devices. So, the link-layer address of &quot;stable-ll&quot; and &quot;stable-llt&quot; will be a generated address derived from the stable id. The DUID-LLT time value in the &quot;stable-llt&quot; option will be picked among a static timespan of three years (the upper bound of the interval is the same constant timestamp used in &quot;llt&quot;). When the property is unset, the global value provided for &quot;ipv6.dhcp-duid&quot; is used. If no global value is provided, the default &quot;lease&quot; value is assumed." />
         <property name="dhcp-iaid"
-                  description="A string containing the &quot;Identity Association Identifier&quot; (IAID) used by the DHCP client. The property is a 32-bit decimal value or a special value among &quot;mac&quot;, &quot;perm-mac&quot;, &quot;ifname&quot; and &quot;stable&quot;. When set to &quot;mac&quot; (or &quot;perm-mac&quot;), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to &quot;ifname&quot;, the IAID is computed by hashing the interface name. The special value &quot;stable&quot; can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be &quot;ifname&quot;. Note that at the moment this property is ignored for IPv6 by dhclient, which always derives the IAID from the MAC address." />
+                  description="A string containing the &quot;Identity Association Identifier&quot; (IAID) used by the DHCP client. The string can be a 32-bit number (either decimal, hexadecimal or or as colon separated hexadecimal numbers). Alternatively it can be set to the special values &quot;mac&quot;, &quot;perm-mac&quot;, &quot;ifname&quot; or &quot;stable&quot;. When set to &quot;mac&quot; (or &quot;perm-mac&quot;), the last 4 bytes of the current (or permanent) MAC address are used as IAID. When set to &quot;ifname&quot;, the IAID is computed by hashing the interface name. The special value &quot;stable&quot; can be used to generate an IAID based on the stable-id (see connection.stable-id), a per-host key and the interface name. When the property is unset, the value from global configuration is used; if no global default is set then the IAID is assumed to be &quot;ifname&quot;. For DHCPv4, the IAID is only used with &quot;ipv4.dhcp-client-id&quot; values &quot;duid&quot; and &quot;ipv6-duid&quot; to generate the client-id. For DHCPv6, note that at the moment this property is only supported by the &quot;internal&quot; DHCPv6 plugin. The &quot;dhclient&quot; DHCPv6 plugin always derives the IAID from the MAC address. The actually used DHCPv6 IAID for a currently activated interface is exposed in the lease information of the device." />
         <property name="dhcp-timeout"
                   description="A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds). Set to 2147483647 (MAXINT32) for infinity." />
         <property name="dhcp-send-hostname"

Attachment: OpenPGP_signature
Description: OpenPGP digital signature