1 files changed, 116 insertions, 16 deletions

diff --git a/sys/netinet/libalias/alias_db.c b/sys/netinet/libalias/alias_db.c
index 1061c74..e32a5bd 100644
--- a/sys/netinet/libalias/alias_db.c
+++ b/sys/netinet/libalias/alias_db.c
@@ -463,7 +463,6 @@ AliasLog(char *str, const char *format, ...)
 	
 	va_start(ap, format);
 	vsnprintf(str, LIBALIAS_BUF_SIZE, format, ap);
-	log(LOG_SECURITY | LOG_INFO, "%s\n", str);
 	va_end(ap);
 }
 #else
@@ -482,6 +481,8 @@ AliasLog(FILE *stream, const char *format, ...)
 static void
 ShowAliasStats(struct libalias *la)
 {
+
+	LIBALIAS_LOCK_ASSERT(la);
 /* Used for debugging */
 	if (la->logDesc) {
 		int tot  = la->icmpLinkCount + la->udpLinkCount + 
@@ -575,6 +576,7 @@ GetNewPort(struct libalias *la, struct alias_link *lnk, int alias_port_param)
 	u_short port_sys;
 	u_short port_net;
 
+	LIBALIAS_LOCK_ASSERT(la);
 /*
    Description of alias_port_param for GetNewPort().  When
    this parameter is zero or positive, it precisely specifies
@@ -675,6 +677,7 @@ GetSocket(struct libalias *la, u_short port_net, int *sockfd, int link_type)
 	int sock;
 	struct sockaddr_in sock_addr;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	if (link_type == LINK_TCP)
 		sock = socket(AF_INET, SOCK_STREAM, 0);
 	else if (link_type == LINK_UDP)
@@ -733,6 +736,7 @@ FindNewPortGroup(struct libalias *la,
 	u_short port_sys;
 	int link_type;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	/*
 	 * Get link_type from protocol
 	 */
@@ -812,6 +816,7 @@ CleanupAliasData(struct libalias *la)
 	struct alias_link *lnk;
 	int i, icount;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	icount = 0;
 	for (i = 0; i < LINK_TABLE_OUT_SIZE; i++) {
 		lnk = LIST_FIRST(&la->linkTableOut[i]);
@@ -835,6 +840,7 @@ IncrementalCleanup(struct libalias *la)
 	int icount;
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	icount = 0;
 	lnk = LIST_FIRST(&la->linkTableOut[la->cleanupIndex++]);
 	while (lnk != NULL) {
@@ -875,6 +881,7 @@ DeleteLink(struct alias_link *lnk)
 {
 	struct libalias *la = lnk->la;
 
+	LIBALIAS_LOCK_ASSERT(la);
 /* Don't do anything if the link is marked permanent */
 	if (la->deleteAllLinks == 0 && lnk->flags & LINK_PERMANENT)
 		return;
@@ -959,6 +966,7 @@ AddLink(struct libalias *la, struct in_addr src_addr,
 	u_int start_point;	/* zero, equal to alias port  */
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = malloc(sizeof(struct alias_link));
 	if (lnk != NULL) {
 		/* Basic initialization */
@@ -1100,6 +1108,7 @@ ReLink(struct alias_link *old_lnk,
 	struct alias_link *new_lnk;	/* zero, equal to alias port  */
 	struct libalias *la = old_lnk->la;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	new_lnk = AddLink(la, src_addr, dst_addr, alias_addr,
 	    src_port, dst_port, alias_port_param,
 	    link_type);
@@ -1125,6 +1134,7 @@ _FindLinkOut(struct libalias *la, struct in_addr src_addr,
 	u_int i;
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	i = StartPointOut(src_addr, dst_addr, src_port, dst_port, link_type);
 	LIST_FOREACH(lnk, &la->linkTableOut[i], list_out) {
 		if (lnk->src_addr.s_addr == src_addr.s_addr
@@ -1172,6 +1182,7 @@ FindLinkOut(struct libalias *la, struct in_addr src_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = _FindLinkOut(la, src_addr, dst_addr, src_port, dst_port,
 	    link_type, replace_partial_links);
 
@@ -1208,6 +1219,7 @@ _FindLinkIn(struct libalias *la, struct in_addr dst_addr,
 	struct alias_link *lnk_unknown_dst_addr;
 	struct alias_link *lnk_unknown_dst_port;
 
+	LIBALIAS_LOCK_ASSERT(la);
 /* Initialize pointers */
 	lnk_fully_specified = NULL;
 	lnk_unknown_all = NULL;
@@ -1311,6 +1323,7 @@ FindLinkIn(struct libalias *la, struct in_addr dst_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = _FindLinkIn(la, dst_addr, alias_addr, dst_port, alias_port,
 	    link_type, replace_partial_links);
 
@@ -1358,6 +1371,7 @@ FindIcmpIn(struct libalias *la, struct in_addr dst_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = FindLinkIn(la, dst_addr, alias_addr,
 	    NO_DEST_PORT, id_alias,
 	    LINK_ICMP, 0);
@@ -1381,6 +1395,7 @@ FindIcmpOut(struct libalias *la, struct in_addr src_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = FindLinkOut(la, src_addr, dst_addr,
 	    id, NO_DEST_PORT,
 	    LINK_ICMP, 0);
@@ -1403,6 +1418,7 @@ FindFragmentIn1(struct libalias *la, struct in_addr dst_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = FindLinkIn(la, dst_addr, alias_addr,
 	    NO_DEST_PORT, ip_id,
 	    LINK_FRAGMENT_ID, 0);
@@ -1422,6 +1438,8 @@ FindFragmentIn2(struct libalias *la, struct in_addr dst_addr,	/* Doesn't add a l
     struct in_addr alias_addr,	/* is not found.           */
     u_short ip_id)
 {
+	
+	LIBALIAS_LOCK_ASSERT(la);
 	return FindLinkIn(la, dst_addr, alias_addr,
 	    NO_DEST_PORT, ip_id,
 	    LINK_FRAGMENT_ID, 0);
@@ -1432,6 +1450,8 @@ struct alias_link *
 AddFragmentPtrLink(struct libalias *la, struct in_addr dst_addr,
     u_short ip_id)
 {
+
+	LIBALIAS_LOCK_ASSERT(la);
 	return AddLink(la, la->nullAddress, dst_addr, la->nullAddress,
 	    NO_SRC_PORT, NO_DEST_PORT, ip_id,
 	    LINK_FRAGMENT_PTR);
@@ -1442,6 +1462,8 @@ struct alias_link *
 FindFragmentPtr(struct libalias *la, struct in_addr dst_addr,
     u_short ip_id)
 {
+
+	LIBALIAS_LOCK_ASSERT(la);
 	return FindLinkIn(la, dst_addr, la->nullAddress,
 	    NO_DEST_PORT, ip_id,
 	    LINK_FRAGMENT_PTR, 0);
@@ -1455,6 +1477,7 @@ FindProtoIn(struct libalias *la, struct in_addr dst_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = FindLinkIn(la, dst_addr, alias_addr,
 	    NO_DEST_PORT, 0,
 	    proto, 1);
@@ -1478,6 +1501,7 @@ FindProtoOut(struct libalias *la, struct in_addr src_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = FindLinkOut(la, src_addr, dst_addr,
 	    NO_SRC_PORT, NO_DEST_PORT,
 	    proto, 1);
@@ -1505,6 +1529,7 @@ FindUdpTcpIn(struct libalias *la, struct in_addr dst_addr,
 	int link_type;
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	switch (proto) {
 	case IPPROTO_UDP:
 		link_type = LINK_UDP;
@@ -1544,6 +1569,7 @@ FindUdpTcpOut(struct libalias *la, struct in_addr src_addr,
 	int link_type;
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	switch (proto) {
 	case IPPROTO_UDP:
 		link_type = LINK_UDP;
@@ -1578,6 +1604,7 @@ AddPptp(struct libalias *la, struct in_addr src_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = AddLink(la, src_addr, dst_addr, alias_addr,
 	    src_call_id, 0, GET_ALIAS_PORT,
 	    LINK_PPTP);
@@ -1594,6 +1621,7 @@ FindPptpOutByCallId(struct libalias *la, struct in_addr src_addr,
 	u_int i;
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP);
 	LIST_FOREACH(lnk, &la->linkTableOut[i], list_out)
 	    if (lnk->link_type == LINK_PPTP &&
@@ -1614,6 +1642,7 @@ FindPptpOutByPeerCallId(struct libalias *la, struct in_addr src_addr,
 	u_int i;
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	i = StartPointOut(src_addr, dst_addr, 0, 0, LINK_PPTP);
 	LIST_FOREACH(lnk, &la->linkTableOut[i], list_out)
 	    if (lnk->link_type == LINK_PPTP &&
@@ -1634,6 +1663,7 @@ FindPptpInByCallId(struct libalias *la, struct in_addr dst_addr,
 	u_int i;
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	i = StartPointIn(alias_addr, 0, LINK_PPTP);
 	LIST_FOREACH(lnk, &la->linkTableIn[i], list_in)
 	    if (lnk->link_type == LINK_PPTP &&
@@ -1653,6 +1683,7 @@ FindPptpInByPeerCallId(struct libalias *la, struct in_addr dst_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = FindLinkIn(la, dst_addr, alias_addr,
 	    0 /* any */ , alias_call_id,
 	    LINK_PPTP, 0);
@@ -1672,6 +1703,7 @@ FindRtspOut(struct libalias *la, struct in_addr src_addr,
 	int link_type;
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	switch (proto) {
 	case IPPROTO_UDP:
 		link_type = LINK_UDP;
@@ -1703,6 +1735,7 @@ FindOriginalAddress(struct libalias *la, struct in_addr alias_addr)
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = FindLinkIn(la, la->nullAddress, alias_addr,
 	    0, 0, LINK_ADDR, 0);
 	if (lnk == NULL) {
@@ -1735,6 +1768,7 @@ FindAliasAddress(struct libalias *la, struct in_addr original_addr)
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	lnk = FindLinkOut(la, original_addr, la->nullAddress,
 	    0, 0, LINK_ADDR, 0);
 	if (lnk == NULL) {
@@ -1891,6 +1925,8 @@ GetAliasAddress(struct alias_link *lnk)
 struct in_addr
 GetDefaultAliasAddress(struct libalias *la)
 {
+	
+	LIBALIAS_LOCK_ASSERT(la);
 	return (la->aliasAddress);
 }
 
@@ -1898,6 +1934,8 @@ GetDefaultAliasAddress(struct libalias *la)
 void
 SetDefaultAliasAddress(struct libalias *la, struct in_addr alias_addr)
 {
+
+	LIBALIAS_LOCK_ASSERT(la);
 	la->aliasAddress = alias_addr;
 }
 
@@ -2112,6 +2150,8 @@ SetExpire(struct alias_link *lnk, int expire)
 void
 ClearCheckNewLink(struct libalias *la)
 {
+	
+	LIBALIAS_LOCK_ASSERT(la);
 	la->newDefaultLink = 0;
 }
 
@@ -2134,6 +2174,7 @@ SetDestCallId(struct alias_link *lnk, u_int16_t cid)
 {
 	struct libalias *la = lnk->la;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	la->deleteAllLinks = 1;
 	lnk = ReLink(lnk, lnk->src_addr, lnk->dst_addr, lnk->alias_addr,
 	    lnk->src_port, cid, lnk->alias_port, lnk->link_type);
@@ -2166,6 +2207,7 @@ HouseKeeping(struct libalias *la)
 	struct timezone tz;
 #endif
 
+	LIBALIAS_LOCK_ASSERT(la);
 	/*
 	 * Save system time (seconds) in global variable timeStamp for use
 	 * by other functions. This is done so as not to unnecessarily
@@ -2213,6 +2255,8 @@ HouseKeeping(struct libalias *la)
 static int
 InitPacketAliasLog(struct libalias *la)
 {
+
+	LIBALIAS_LOCK_ASSERT(la);
 	if (~la->packetAliasMode & PKT_ALIAS_LOG) {
 #ifdef _KERNEL
 		if ((la->logDesc = malloc(LIBALIAS_BUF_SIZE)))
@@ -2233,14 +2277,16 @@ InitPacketAliasLog(struct libalias *la)
 static void
 UninitPacketAliasLog(struct libalias *la)
 {
-		if (la->logDesc) {
+
+	LIBALIAS_LOCK_ASSERT(la);
+	if (la->logDesc) {
 #ifdef _KERNEL
-			free(la->logDesc);
+		free(la->logDesc);
 #else
-			fclose(la->logDesc);
+		fclose(la->logDesc);
 #endif
-			la->logDesc = NULL;
-		}
+		la->logDesc = NULL;
+	}
 	la->packetAliasMode &= ~PKT_ALIAS_LOG;
 }
 
@@ -2273,6 +2319,7 @@ LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr, u_short src_p
 	int link_type;
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK(la);
 	switch (proto) {
 	case IPPROTO_UDP:
 		link_type = LINK_UDP;
@@ -2285,7 +2332,8 @@ LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr, u_short src_p
 		fprintf(stderr, "PacketAliasRedirectPort(): ");
 		fprintf(stderr, "only TCP and UDP protocols allowed\n");
 #endif
-		return (NULL);
+		lnk = NULL;
+		goto getout;
 	}
 
 	lnk = AddLink(la, src_addr, dst_addr, alias_addr,
@@ -2302,6 +2350,8 @@ LibAliasRedirectPort(struct libalias *la, struct in_addr src_addr, u_short src_p
 	}
 #endif
 
+getout:
+	LIBALIAS_UNLOCK(la);
 	return (lnk);
 }
 
@@ -2310,7 +2360,9 @@ int
 LibAliasAddServer(struct libalias *la, struct alias_link *lnk, struct in_addr addr, u_short port)
 {
 	struct server *server;
+	int res;
 
+	LIBALIAS_LOCK(la);
 	(void)la;
 
 	server = malloc(sizeof(struct server));
@@ -2332,9 +2384,12 @@ LibAliasAddServer(struct libalias *la, struct alias_link *lnk, struct in_addr ad
 			server->next = head;
 		}
 		lnk->server = server;
-		return (0);
+		res = 0;
 	} else
-		return (-1);
+		res = -1;
+
+	LIBALIAS_UNLOCK(la);
+	return (res);
 }
 
 /* Redirect packets of a given IP protocol from a specific
@@ -2347,6 +2402,7 @@ LibAliasRedirectProto(struct libalias *la, struct in_addr src_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK(la);
 	lnk = AddLink(la, src_addr, dst_addr, alias_addr,
 	    NO_SRC_PORT, NO_DEST_PORT, 0,
 	    proto);
@@ -2361,6 +2417,7 @@ LibAliasRedirectProto(struct libalias *la, struct in_addr src_addr,
 	}
 #endif
 
+	LIBALIAS_UNLOCK(la);
 	return (lnk);
 }
 
@@ -2371,6 +2428,7 @@ LibAliasRedirectAddr(struct libalias *la, struct in_addr src_addr,
 {
 	struct alias_link *lnk;
 
+	LIBALIAS_LOCK(la);
 	lnk = AddLink(la, src_addr, la->nullAddress, alias_addr,
 	    0, 0, 0,
 	    LINK_ADDR);
@@ -2385,6 +2443,7 @@ LibAliasRedirectAddr(struct libalias *la, struct in_addr src_addr,
 	}
 #endif
 
+	LIBALIAS_UNLOCK(la);
 	return (lnk);
 }
 
@@ -2393,15 +2452,19 @@ LibAliasRedirectAddr(struct libalias *la, struct in_addr src_addr,
 int
 LibAliasRedirectDynamic(struct libalias *la, struct alias_link *lnk)
 {
+	int res;
 
+	LIBALIAS_LOCK(la);
 	(void)la;
 
 	if (lnk->flags & LINK_PARTIALLY_SPECIFIED)
-		return (-1);
+		res = -1;
 	else {
 		lnk->flags &= ~LINK_PERMANENT;
-		return (0);
+		res = 0;
 	}
+	LIBALIAS_UNLOCK(la);
+	return (res);
 }
 
 
@@ -2411,27 +2474,35 @@ LibAliasRedirectDelete(struct libalias *la, struct alias_link *lnk)
 /* This is a dangerous function to put in the API,
    because an invalid pointer can crash the program. */
 
+	LIBALIAS_LOCK(la);
 	la->deleteAllLinks = 1;
 	DeleteLink(lnk);
 	la->deleteAllLinks = 0;
+	LIBALIAS_UNLOCK(la);
 }
 
 
 void
 LibAliasSetAddress(struct libalias *la, struct in_addr addr)
 {
+
+	LIBALIAS_LOCK(la);
 	if (la->packetAliasMode & PKT_ALIAS_RESET_ON_ADDR_CHANGE
 	    && la->aliasAddress.s_addr != addr.s_addr)
 		CleanupAliasData(la);
 
 	la->aliasAddress = addr;
+	LIBALIAS_UNLOCK(la);
 }
 
 
 void
 LibAliasSetTarget(struct libalias *la, struct in_addr target_addr)
 {
+
+	LIBALIAS_LOCK(la);
 	la->targetAddress = target_addr;
+	LIBALIAS_UNLOCK(la);
 }
 
 static void
@@ -2476,8 +2547,10 @@ LibAliasInit(struct libalias *la)
 			LIST_INIT(&la->linkTableOut[i]);
 		for (i = 0; i < LINK_TABLE_IN_SIZE; i++)
 			LIST_INIT(&la->linkTableIn[i]);
-
+		LIBALIAS_LOCK_INIT(la);
+		LIBALIAS_LOCK(la);
 	} else {
+		LIBALIAS_LOCK(la);
 		la->deleteAllLinks = 1;
 		CleanupAliasData(la);
 		la->deleteAllLinks = 0;
@@ -2508,12 +2581,15 @@ LibAliasInit(struct libalias *la)
 #ifndef _KERNEL
 	LibAliasRefreshModules();
 #endif
+	LIBALIAS_UNLOCK(la);
 	return (la);
 }
 
 void
 LibAliasUninit(struct libalias *la)
 {
+
+	LIBALIAS_LOCK(la);
 	la->deleteAllLinks = 1;
 	CleanupAliasData(la);
 	la->deleteAllLinks = 0;
@@ -2522,6 +2598,8 @@ LibAliasUninit(struct libalias *la)
 	UninitPunchFW(la);
 #endif
 	LIST_REMOVE(la, instancelist);
+	LIBALIAS_UNLOCK(la);
+	LIBALIAS_LOCK_DESTROY(la);
 	free(la);
 }
 
@@ -2534,11 +2612,14 @@ LibAliasSetMode(
 				 * do a probe for flag values) */
 )
 {
+	int res = -1;
+
+	LIBALIAS_LOCK(la);
 /* Enable logging? */
 	if (flags & mask & PKT_ALIAS_LOG) {
 		/* Do the enable */
 		if (InitPacketAliasLog(la) == ENOMEM)
-			return (-1);
+			goto getout;
 	} else
 /* _Disable_ logging? */
 	if (~flags & mask & PKT_ALIAS_LOG) {
@@ -2557,14 +2638,22 @@ LibAliasSetMode(
 
 /* Other flags can be set/cleared without special action */
 	la->packetAliasMode = (flags & mask) | (la->packetAliasMode & ~mask);
-	return (la->packetAliasMode);
+	res = la->packetAliasMode;
+getout:
+	LIBALIAS_UNLOCK(la);
+	return (res);
 }
 
 
 int
 LibAliasCheckNewLink(struct libalias *la)
 {
-	return (la->newDefaultLink);
+	int res;
+
+	LIBALIAS_LOCK(la);
+	res = la->newDefaultLink;
+	LIBALIAS_UNLOCK(la);
+	return (res);
 }
 
 
@@ -2670,6 +2759,7 @@ static void
 InitPunchFW(struct libalias *la)
 {
 
+	LIBALIAS_LOCK_ASSERT(la);
 	la->fireWallField = malloc(la->fireWallNumNums);
 	if (la->fireWallField) {
 		memset(la->fireWallField, 0, la->fireWallNumNums);
@@ -2684,6 +2774,8 @@ InitPunchFW(struct libalias *la)
 static void
 UninitPunchFW(struct libalias *la)
 {
+
+	LIBALIAS_LOCK_ASSERT(la);
 	ClearAllFWHoles(la);
 	if (la->fireWallFD >= 0)
 		close(la->fireWallFD);
@@ -2703,6 +2795,7 @@ PunchFWHole(struct alias_link *lnk)
 	struct ip_fw rule;	/* On-the-fly built rule */
 	int fwhole;		/* Where to punch hole */
 
+	LIBALIAS_LOCK_ASSERT(la);
 	la = lnk->la;
 
 /* Don't do anything unless we are asked to */
@@ -2774,9 +2867,9 @@ PunchFWHole(struct alias_link *lnk)
 static void
 ClearFWHole(struct alias_link *lnk)
 {
-
 	struct libalias *la;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	la = lnk->la;
 	if (lnk->link_type == LINK_TCP) {
 		int fwhole = lnk->data.tcp->fwhole;	/* Where is the firewall
@@ -2801,6 +2894,7 @@ ClearAllFWHoles(struct libalias *la)
 	struct ip_fw rule;	/* On-the-fly built rule */
 	int i;
 
+	LIBALIAS_LOCK_ASSERT(la);
 	if (la->fireWallFD < 0)
 		return;
 
@@ -2819,14 +2913,20 @@ ClearAllFWHoles(struct libalias *la)
 void
 LibAliasSetFWBase(struct libalias *la, unsigned int base, unsigned int num)
 {
+
+	LIBALIAS_LOCK(la);
 #ifndef NO_FW_PUNCH
 	la->fireWallBaseNum = base;
 	la->fireWallNumNums = num;
 #endif
+	LIBALIAS_UNLOCK(la);
 }
 
 void
 LibAliasSetSkinnyPort(struct libalias *la, unsigned int port)
 {
+
+	LIBALIAS_LOCK(la);
 	la->skinnyPort = port;
+	LIBALIAS_UNLOCK(la);
 }