projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[VLAN]: Allow vlan devices registration in net namespaces.
[deliverable/linux.git] / net / 8021q / vlan.c
1 /*
2 * INET 802.1Q VLAN
3 * Ethernet-type device handling.
4 *
5 * Authors: Ben Greear <greearb@candelatech.com>
6 * Please send support related email to: netdev@vger.kernel.org
7 * VLAN Home Page: http://www.candelatech.com/~greear/vlan.html
8 *
9 * Fixes:
10 * Fix for packet capture - Nick Eggleston <nick@dccinc.com>;
11 * Add HW acceleration hooks - David S. Miller <davem@redhat.com>;
12 * Correct all the locking - David S. Miller <davem@redhat.com>;
13 * Use hash table for VLAN groups - David S. Miller <davem@redhat.com>
14 *
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version
18 * 2 of the License, or (at your option) any later version.
19 */
20
21 #include <asm/uaccess.h> /* for copy_from_user */
22 #include <linux/capability.h>
23 #include <linux/module.h>
24 #include <linux/netdevice.h>
25 #include <linux/skbuff.h>
26 #include <net/datalink.h>
27 #include <linux/mm.h>
28 #include <linux/in.h>
29 #include <linux/init.h>
30 #include <net/p8022.h>
31 #include <net/arp.h>
32 #include <linux/rtnetlink.h>
33 #include <linux/notifier.h>
34 #include <net/net_namespace.h>
35 #include <net/netns/generic.h>
36
37 #include <linux/if_vlan.h>
38 #include "vlan.h"
39 #include "vlanproc.h"
40
41 #define DRV_VERSION "1.8"
42
43 /* Global VLAN variables */
44
45 int vlan_net_id;
46
47 /* Our listing of VLAN group(s) */
48 static struct hlist_head vlan_group_hash[VLAN_GRP_HASH_SIZE];
49
50 static char vlan_fullname[] = "802.1Q VLAN Support";
51 static char vlan_version[] = DRV_VERSION;
52 static char vlan_copyright[] = "Ben Greear <greearb@candelatech.com>";
53 static char vlan_buggyright[] = "David S. Miller <davem@redhat.com>";
54
55 static struct packet_type vlan_packet_type = {
56 .type = __constant_htons(ETH_P_8021Q),
57 .func = vlan_skb_recv, /* VLAN receive method */
58 };
59
60 /* End of global variables definitions. */
61
62 static inline unsigned int vlan_grp_hashfn(unsigned int idx)
63 {
64 return ((idx >> VLAN_GRP_HASH_SHIFT) ^ idx) & VLAN_GRP_HASH_MASK;
65 }
66
67 /* Must be invoked with RCU read lock (no preempt) */
68 static struct vlan_group *__vlan_find_group(struct net_device *real_dev)
69 {
70 struct vlan_group *grp;
71 struct hlist_node *n;
72 int hash = vlan_grp_hashfn(real_dev->ifindex);
73
74 hlist_for_each_entry_rcu(grp, n, &vlan_group_hash[hash], hlist) {
75 if (grp->real_dev == real_dev)
76 return grp;
77 }
78
79 return NULL;
80 }
81
82 /* Find the protocol handler. Assumes VID < VLAN_VID_MASK.
83 *
84 * Must be invoked with RCU read lock (no preempt)
85 */
86 struct net_device *__find_vlan_dev(struct net_device *real_dev,
87 unsigned short VID)
88 {
89 struct vlan_group *grp = __vlan_find_group(real_dev);
90
91 if (grp)
92 return vlan_group_get_device(grp, VID);
93
94 return NULL;
95 }
96
97 static void vlan_group_free(struct vlan_group *grp)
98 {
99 int i;
100
101 for (i = 0; i < VLAN_GROUP_ARRAY_SPLIT_PARTS; i++)
102 kfree(grp->vlan_devices_arrays[i]);
103 kfree(grp);
104 }
105
106 static struct vlan_group *vlan_group_alloc(struct net_device *real_dev)
107 {
108 struct vlan_group *grp;
109
110 grp = kzalloc(sizeof(struct vlan_group), GFP_KERNEL);
111 if (!grp)
112 return NULL;
113
114 grp->real_dev = real_dev;
115 hlist_add_head_rcu(&grp->hlist,
116 &vlan_group_hash[vlan_grp_hashfn(real_dev->ifindex)]);
117 return grp;
118 }
119
120 static int vlan_group_prealloc_vid(struct vlan_group *vg, int vid)
121 {
122 struct net_device **array;
123 unsigned int size;
124
125 ASSERT_RTNL();
126
127 array = vg->vlan_devices_arrays[vid / VLAN_GROUP_ARRAY_PART_LEN];
128 if (array != NULL)
129 return 0;
130
131 size = sizeof(struct net_device *) * VLAN_GROUP_ARRAY_PART_LEN;
132 array = kzalloc(size, GFP_KERNEL);
133 if (array == NULL)
134 return -ENOBUFS;
135
136 vg->vlan_devices_arrays[vid / VLAN_GROUP_ARRAY_PART_LEN] = array;
137 return 0;
138 }
139
140 static void vlan_rcu_free(struct rcu_head *rcu)
141 {
142 vlan_group_free(container_of(rcu, struct vlan_group, rcu));
143 }
144
145 void unregister_vlan_dev(struct net_device *dev)
146 {
147 struct vlan_dev_info *vlan = vlan_dev_info(dev);
148 struct net_device *real_dev = vlan->real_dev;
149 struct vlan_group *grp;
150 unsigned short vlan_id = vlan->vlan_id;
151
152 ASSERT_RTNL();
153
154 grp = __vlan_find_group(real_dev);
155 BUG_ON(!grp);
156
157 vlan_proc_rem_dev(dev);
158
159 /* Take it out of our own structures, but be sure to interlock with
160 * HW accelerating devices or SW vlan input packet processing.
161 */
162 if (real_dev->features & NETIF_F_HW_VLAN_FILTER)
163 real_dev->vlan_rx_kill_vid(real_dev, vlan_id);
164
165 vlan_group_set_device(grp, vlan_id, NULL);
166 grp->nr_vlans--;
167
168 synchronize_net();
169
170 /* If the group is now empty, kill off the group. */
171 if (grp->nr_vlans == 0) {
172 if (real_dev->features & NETIF_F_HW_VLAN_RX)
173 real_dev->vlan_rx_register(real_dev, NULL);
174
175 hlist_del_rcu(&grp->hlist);
176
177 /* Free the group, after all cpu's are done. */
178 call_rcu(&grp->rcu, vlan_rcu_free);
179 }
180
181 /* Get rid of the vlan's reference to real_dev */
182 dev_put(real_dev);
183
184 unregister_netdevice(dev);
185 }
186
187 static void vlan_transfer_operstate(const struct net_device *dev,
188 struct net_device *vlandev)
189 {
190 /* Have to respect userspace enforced dormant state
191 * of real device, also must allow supplicant running
192 * on VLAN device
193 */
194 if (dev->operstate == IF_OPER_DORMANT)
195 netif_dormant_on(vlandev);
196 else
197 netif_dormant_off(vlandev);
198
199 if (netif_carrier_ok(dev)) {
200 if (!netif_carrier_ok(vlandev))
201 netif_carrier_on(vlandev);
202 } else {
203 if (netif_carrier_ok(vlandev))
204 netif_carrier_off(vlandev);
205 }
206 }
207
208 int vlan_check_real_dev(struct net_device *real_dev, unsigned short vlan_id)
209 {
210 char *name = real_dev->name;
211
212 if (real_dev->features & NETIF_F_VLAN_CHALLENGED) {
213 pr_info("8021q: VLANs not supported on %s\n", name);
214 return -EOPNOTSUPP;
215 }
216
217 if ((real_dev->features & NETIF_F_HW_VLAN_RX) &&
218 !real_dev->vlan_rx_register) {
219 pr_info("8021q: device %s has buggy VLAN hw accel\n", name);
220 return -EOPNOTSUPP;
221 }
222
223 if ((real_dev->features & NETIF_F_HW_VLAN_FILTER) &&
224 (!real_dev->vlan_rx_add_vid || !real_dev->vlan_rx_kill_vid)) {
225 pr_info("8021q: Device %s has buggy VLAN hw accel\n", name);
226 return -EOPNOTSUPP;
227 }
228
229 /* The real device must be up and operating in order to
230 * assosciate a VLAN device with it.
231 */
232 if (!(real_dev->flags & IFF_UP))
233 return -ENETDOWN;
234
235 if (__find_vlan_dev(real_dev, vlan_id) != NULL)
236 return -EEXIST;
237
238 return 0;
239 }
240
241 int register_vlan_dev(struct net_device *dev)
242 {
243 struct vlan_dev_info *vlan = vlan_dev_info(dev);
244 struct net_device *real_dev = vlan->real_dev;
245 unsigned short vlan_id = vlan->vlan_id;
246 struct vlan_group *grp, *ngrp = NULL;
247 int err;
248
249 grp = __vlan_find_group(real_dev);
250 if (!grp) {
251 ngrp = grp = vlan_group_alloc(real_dev);
252 if (!grp)
253 return -ENOBUFS;
254 }
255
256 err = vlan_group_prealloc_vid(grp, vlan_id);
257 if (err < 0)
258 goto out_free_group;
259
260 err = register_netdevice(dev);
261 if (err < 0)
262 goto out_free_group;
263
264 /* Account for reference in struct vlan_dev_info */
265 dev_hold(real_dev);
266
267 vlan_transfer_operstate(real_dev, dev);
268 linkwatch_fire_event(dev); /* _MUST_ call rfc2863_policy() */
269
270 /* So, got the sucker initialized, now lets place
271 * it into our local structure.
272 */
273 vlan_group_set_device(grp, vlan_id, dev);
274 grp->nr_vlans++;
275
276 if (ngrp && real_dev->features & NETIF_F_HW_VLAN_RX)
277 real_dev->vlan_rx_register(real_dev, ngrp);
278 if (real_dev->features & NETIF_F_HW_VLAN_FILTER)
279 real_dev->vlan_rx_add_vid(real_dev, vlan_id);
280
281 if (vlan_proc_add_dev(dev) < 0)
282 pr_warning("8021q: failed to add proc entry for %s\n",
283 dev->name);
284 return 0;
285
286 out_free_group:
287 if (ngrp)
288 vlan_group_free(ngrp);
289 return err;
290 }
291
292 /* Attach a VLAN device to a mac address (ie Ethernet Card).
293 * Returns 0 if the device was created or a negative error code otherwise.
294 */
295 static int register_vlan_device(struct net_device *real_dev,
296 unsigned short VLAN_ID)
297 {
298 struct net_device *new_dev;
299 struct net *net = dev_net(real_dev);
300 struct vlan_net *vn = net_generic(net, vlan_net_id);
301 char name[IFNAMSIZ];
302 int err;
303
304 if (VLAN_ID >= VLAN_VID_MASK)
305 return -ERANGE;
306
307 err = vlan_check_real_dev(real_dev, VLAN_ID);
308 if (err < 0)
309 return err;
310
311 /* Gotta set up the fields for the device. */
312 switch (vn->name_type) {
313 case VLAN_NAME_TYPE_RAW_PLUS_VID:
314 /* name will look like: eth1.0005 */
315 snprintf(name, IFNAMSIZ, "%s.%.4i", real_dev->name, VLAN_ID);
316 break;
317 case VLAN_NAME_TYPE_PLUS_VID_NO_PAD:
318 /* Put our vlan.VID in the name.
319 * Name will look like: vlan5
320 */
321 snprintf(name, IFNAMSIZ, "vlan%i", VLAN_ID);
322 break;
323 case VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD:
324 /* Put our vlan.VID in the name.
325 * Name will look like: eth0.5
326 */
327 snprintf(name, IFNAMSIZ, "%s.%i", real_dev->name, VLAN_ID);
328 break;
329 case VLAN_NAME_TYPE_PLUS_VID:
330 /* Put our vlan.VID in the name.
331 * Name will look like: vlan0005
332 */
333 default:
334 snprintf(name, IFNAMSIZ, "vlan%.4i", VLAN_ID);
335 }
336
337 new_dev = alloc_netdev(sizeof(struct vlan_dev_info), name,
338 vlan_setup);
339
340 if (new_dev == NULL)
341 return -ENOBUFS;
342
343 dev_net_set(new_dev, net);
344 /* need 4 bytes for extra VLAN header info,
345 * hope the underlying device can handle it.
346 */
347 new_dev->mtu = real_dev->mtu;
348
349 vlan_dev_info(new_dev)->vlan_id = VLAN_ID; /* 1 through VLAN_VID_MASK */
350 vlan_dev_info(new_dev)->real_dev = real_dev;
351 vlan_dev_info(new_dev)->dent = NULL;
352 vlan_dev_info(new_dev)->flags = VLAN_FLAG_REORDER_HDR;
353
354 new_dev->rtnl_link_ops = &vlan_link_ops;
355 err = register_vlan_dev(new_dev);
356 if (err < 0)
357 goto out_free_newdev;
358
359 return 0;
360
361 out_free_newdev:
362 free_netdev(new_dev);
363 return err;
364 }
365
366 static void vlan_sync_address(struct net_device *dev,
367 struct net_device *vlandev)
368 {
369 struct vlan_dev_info *vlan = vlan_dev_info(vlandev);
370
371 /* May be called without an actual change */
372 if (!compare_ether_addr(vlan->real_dev_addr, dev->dev_addr))
373 return;
374
375 /* vlan address was different from the old address and is equal to
376 * the new address */
377 if (compare_ether_addr(vlandev->dev_addr, vlan->real_dev_addr) &&
378 !compare_ether_addr(vlandev->dev_addr, dev->dev_addr))
379 dev_unicast_delete(dev, vlandev->dev_addr, ETH_ALEN);
380
381 /* vlan address was equal to the old address and is different from
382 * the new address */
383 if (!compare_ether_addr(vlandev->dev_addr, vlan->real_dev_addr) &&
384 compare_ether_addr(vlandev->dev_addr, dev->dev_addr))
385 dev_unicast_add(dev, vlandev->dev_addr, ETH_ALEN);
386
387 memcpy(vlan->real_dev_addr, dev->dev_addr, ETH_ALEN);
388 }
389
390 static void __vlan_device_event(struct net_device *dev, unsigned long event)
391 {
392 switch (event) {
393 case NETDEV_CHANGENAME:
394 vlan_proc_rem_dev(dev);
395 if (vlan_proc_add_dev(dev) < 0)
396 pr_warning("8021q: failed to change proc name for %s\n",
397 dev->name);
398 break;
399 }
400 }
401
402 static int vlan_device_event(struct notifier_block *unused, unsigned long event,
403 void *ptr)
404 {
405 struct net_device *dev = ptr;
406 struct vlan_group *grp;
407 int i, flgs;
408 struct net_device *vlandev;
409
410 if (is_vlan_dev(dev)) {
411 __vlan_device_event(dev, event);
412 goto out;
413 }
414
415 grp = __vlan_find_group(dev);
416 if (!grp)
417 goto out;
418
419 /* It is OK that we do not hold the group lock right now,
420 * as we run under the RTNL lock.
421 */
422
423 switch (event) {
424 case NETDEV_CHANGE:
425 /* Propagate real device state to vlan devices */
426 for (i = 0; i < VLAN_GROUP_ARRAY_LEN; i++) {
427 vlandev = vlan_group_get_device(grp, i);
428 if (!vlandev)
429 continue;
430
431 vlan_transfer_operstate(dev, vlandev);
432 }
433 break;
434
435 case NETDEV_CHANGEADDR:
436 /* Adjust unicast filters on underlying device */
437 for (i = 0; i < VLAN_GROUP_ARRAY_LEN; i++) {
438 vlandev = vlan_group_get_device(grp, i);
439 if (!vlandev)
440 continue;
441
442 flgs = vlandev->flags;
443 if (!(flgs & IFF_UP))
444 continue;
445
446 vlan_sync_address(dev, vlandev);
447 }
448 break;
449
450 case NETDEV_DOWN:
451 /* Put all VLANs for this dev in the down state too. */
452 for (i = 0; i < VLAN_GROUP_ARRAY_LEN; i++) {
453 vlandev = vlan_group_get_device(grp, i);
454 if (!vlandev)
455 continue;
456
457 flgs = vlandev->flags;
458 if (!(flgs & IFF_UP))
459 continue;
460
461 dev_change_flags(vlandev, flgs & ~IFF_UP);
462 }
463 break;
464
465 case NETDEV_UP:
466 /* Put all VLANs for this dev in the up state too. */
467 for (i = 0; i < VLAN_GROUP_ARRAY_LEN; i++) {
468 vlandev = vlan_group_get_device(grp, i);
469 if (!vlandev)
470 continue;
471
472 flgs = vlandev->flags;
473 if (flgs & IFF_UP)
474 continue;
475
476 dev_change_flags(vlandev, flgs | IFF_UP);
477 }
478 break;
479
480 case NETDEV_UNREGISTER:
481 /* Delete all VLANs for this dev. */
482 for (i = 0; i < VLAN_GROUP_ARRAY_LEN; i++) {
483 vlandev = vlan_group_get_device(grp, i);
484 if (!vlandev)
485 continue;
486
487 /* unregistration of last vlan destroys group, abort
488 * afterwards */
489 if (grp->nr_vlans == 1)
490 i = VLAN_GROUP_ARRAY_LEN;
491
492 unregister_vlan_dev(vlandev);
493 }
494 break;
495 }
496
497 out:
498 return NOTIFY_DONE;
499 }
500
501 static struct notifier_block vlan_notifier_block __read_mostly = {
502 .notifier_call = vlan_device_event,
503 };
504
505 /*
506 * VLAN IOCTL handler.
507 * o execute requested action or pass command to the device driver
508 * arg is really a struct vlan_ioctl_args __user *.
509 */
510 static int vlan_ioctl_handler(struct net *net, void __user *arg)
511 {
512 int err;
513 unsigned short vid = 0;
514 struct vlan_ioctl_args args;
515 struct net_device *dev = NULL;
516
517 if (copy_from_user(&args, arg, sizeof(struct vlan_ioctl_args)))
518 return -EFAULT;
519
520 /* Null terminate this sucker, just in case. */
521 args.device1[23] = 0;
522 args.u.device2[23] = 0;
523
524 rtnl_lock();
525
526 switch (args.cmd) {
527 case SET_VLAN_INGRESS_PRIORITY_CMD:
528 case SET_VLAN_EGRESS_PRIORITY_CMD:
529 case SET_VLAN_FLAG_CMD:
530 case ADD_VLAN_CMD:
531 case DEL_VLAN_CMD:
532 case GET_VLAN_REALDEV_NAME_CMD:
533 case GET_VLAN_VID_CMD:
534 err = -ENODEV;
535 dev = __dev_get_by_name(net, args.device1);
536 if (!dev)
537 goto out;
538
539 err = -EINVAL;
540 if (args.cmd != ADD_VLAN_CMD &&
541 !(dev->priv_flags & IFF_802_1Q_VLAN))
542 goto out;
543 }
544
545 switch (args.cmd) {
546 case SET_VLAN_INGRESS_PRIORITY_CMD:
547 err = -EPERM;
548 if (!capable(CAP_NET_ADMIN))
549 break;
550 vlan_dev_set_ingress_priority(dev,
551 args.u.skb_priority,
552 args.vlan_qos);
553 err = 0;
554 break;
555
556 case SET_VLAN_EGRESS_PRIORITY_CMD:
557 err = -EPERM;
558 if (!capable(CAP_NET_ADMIN))
559 break;
560 err = vlan_dev_set_egress_priority(dev,
561 args.u.skb_priority,
562 args.vlan_qos);
563 break;
564
565 case SET_VLAN_FLAG_CMD:
566 err = -EPERM;
567 if (!capable(CAP_NET_ADMIN))
568 break;
569 err = vlan_dev_set_vlan_flag(dev,
570 args.u.flag,
571 args.vlan_qos);
572 break;
573
574 case SET_VLAN_NAME_TYPE_CMD:
575 err = -EPERM;
576 if (!capable(CAP_NET_ADMIN))
577 break;
578 if ((args.u.name_type >= 0) &&
579 (args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) {
580 struct vlan_net *vn;
581
582 vn = net_generic(net, vlan_net_id);
583 vn->name_type = args.u.name_type;
584 err = 0;
585 } else {
586 err = -EINVAL;
587 }
588 break;
589
590 case ADD_VLAN_CMD:
591 err = -EPERM;
592 if (!capable(CAP_NET_ADMIN))
593 break;
594 err = register_vlan_device(dev, args.u.VID);
595 break;
596
597 case DEL_VLAN_CMD:
598 err = -EPERM;
599 if (!capable(CAP_NET_ADMIN))
600 break;
601 unregister_vlan_dev(dev);
602 err = 0;
603 break;
604
605 case GET_VLAN_REALDEV_NAME_CMD:
606 err = 0;
607 vlan_dev_get_realdev_name(dev, args.u.device2);
608 if (copy_to_user(arg, &args,
609 sizeof(struct vlan_ioctl_args)))
610 err = -EFAULT;
611 break;
612
613 case GET_VLAN_VID_CMD:
614 err = 0;
615 vlan_dev_get_vid(dev, &vid);
616 args.u.VID = vid;
617 if (copy_to_user(arg, &args,
618 sizeof(struct vlan_ioctl_args)))
619 err = -EFAULT;
620 break;
621
622 default:
623 err = -EOPNOTSUPP;
624 break;
625 }
626 out:
627 rtnl_unlock();
628 return err;
629 }
630
631 static int vlan_init_net(struct net *net)
632 {
633 int err;
634 struct vlan_net *vn;
635
636 err = -ENOMEM;
637 vn = kzalloc(sizeof(struct vlan_net), GFP_KERNEL);
638 if (vn == NULL)
639 goto err_alloc;
640
641 err = net_assign_generic(net, vlan_net_id, vn);
642 if (err < 0)
643 goto err_assign;
644
645 vn->name_type = VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD;
646
647 err = vlan_proc_init(net);
648 if (err < 0)
649 goto err_proc;
650
651 return 0;
652
653 err_proc:
654 /* nothing */
655 err_assign:
656 kfree(vn);
657 err_alloc:
658 return err;
659 }
660
661 static void vlan_exit_net(struct net *net)
662 {
663 struct vlan_net *vn;
664
665 vn = net_generic(net, vlan_net_id);
666 rtnl_kill_links(net, &vlan_link_ops);
667 vlan_proc_cleanup(net);
668 kfree(vn);
669 }
670
671 static struct pernet_operations vlan_net_ops = {
672 .init = vlan_init_net,
673 .exit = vlan_exit_net,
674 };
675
676 static int __init vlan_proto_init(void)
677 {
678 int err;
679
680 pr_info("%s v%s %s\n", vlan_fullname, vlan_version, vlan_copyright);
681 pr_info("All bugs added by %s\n", vlan_buggyright);
682
683 err = register_pernet_gen_device(&vlan_net_id, &vlan_net_ops);
684 if (err < 0)
685 goto err0;
686
687 err = register_netdevice_notifier(&vlan_notifier_block);
688 if (err < 0)
689 goto err2;
690
691 err = vlan_netlink_init();
692 if (err < 0)
693 goto err3;
694
695 dev_add_pack(&vlan_packet_type);
696 vlan_ioctl_set(vlan_ioctl_handler);
697 return 0;
698
699 err3:
700 unregister_netdevice_notifier(&vlan_notifier_block);
701 err2:
702 unregister_pernet_gen_device(vlan_net_id, &vlan_net_ops);
703 err0:
704 return err;
705 }
706
707 static void __exit vlan_cleanup_module(void)
708 {
709 unsigned int i;
710
711 vlan_ioctl_set(NULL);
712 vlan_netlink_fini();
713
714 unregister_netdevice_notifier(&vlan_notifier_block);
715
716 dev_remove_pack(&vlan_packet_type);
717
718 /* This table must be empty if there are no module references left. */
719 for (i = 0; i < VLAN_GRP_HASH_SIZE; i++)
720 BUG_ON(!hlist_empty(&vlan_group_hash[i]));
721
722 unregister_pernet_gen_device(vlan_net_id, &vlan_net_ops);
723
724 synchronize_net();
725 }
726
727 module_init(vlan_proto_init);
728 module_exit(vlan_cleanup_module);
729
730 MODULE_LICENSE("GPL");
731 MODULE_VERSION(DRV_VERSION);
Linux kernel - Deliverables
This page took 0.04531 seconds and 5 git commands to generate.