2019-11-23 03:40:23 +00:00
|
|
|
/***************************************************************************
|
|
|
|
* Copyright (C) 2019 by John D. Robertson *
|
|
|
|
* john@rrci.com *
|
|
|
|
* *
|
|
|
|
* This program is free software; you can redistribute it and/or modify *
|
|
|
|
* it under the terms of the GNU General Public License as published by *
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or *
|
|
|
|
* (at your option) any later version. *
|
|
|
|
* *
|
|
|
|
* This program is distributed in the hope that it will be useful, *
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
|
|
* *
|
|
|
|
* You should have received a copy of the GNU General Public License *
|
|
|
|
* along with this program; if not, write to the *
|
|
|
|
* Free Software Foundation, Inc., *
|
|
|
|
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
|
|
|
|
***************************************************************************/
|
2019-11-29 22:23:16 +00:00
|
|
|
#define _GNU_SOURCE
|
2019-11-23 03:40:23 +00:00
|
|
|
#include <assert.h>
|
2019-11-26 11:42:23 +00:00
|
|
|
#include <stdlib.h>
|
2019-11-23 03:40:23 +00:00
|
|
|
#include <string.h>
|
|
|
|
#include <sys/types.h>
|
2020-09-16 02:26:09 +00:00
|
|
|
#include <sys/wait.h>
|
2019-11-23 03:40:23 +00:00
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
#include "ban2fail.h"
|
2019-11-29 14:00:39 +00:00
|
|
|
#include "ez_libc.h"
|
2019-11-23 03:40:23 +00:00
|
|
|
#include "iptables.h"
|
2021-02-26 15:35:42 +00:00
|
|
|
#include "limits.h"
|
2019-11-23 03:40:23 +00:00
|
|
|
#include "map.h"
|
2021-02-26 15:35:42 +00:00
|
|
|
#include "offEntry.h"
|
2019-11-23 03:40:23 +00:00
|
|
|
#include "util.h"
|
|
|
|
|
2021-02-26 15:35:42 +00:00
|
|
|
/* JDR Fri 26 Feb 2021 09:37:59 AM EST
|
|
|
|
* it appears that iptables has a limit on how many
|
|
|
|
* addresses it will handle in a single command.
|
|
|
|
*/
|
|
|
|
#define IPTABLES_MAX_ADDR 9000
|
|
|
|
|
2019-11-23 03:40:23 +00:00
|
|
|
static struct {
|
|
|
|
|
|
|
|
int is_init;
|
|
|
|
MAP addr_map;
|
|
|
|
|
|
|
|
} S;
|
|
|
|
|
|
|
|
static void
|
|
|
|
initialize (void)
|
|
|
|
/********************************************************
|
|
|
|
* Prepare static data, populate index from iptables.
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
S.is_init= 1;
|
|
|
|
|
2019-11-29 22:23:16 +00:00
|
|
|
MAP_constructor(&S.addr_map, N_ADDRESSES_HINT/BUCKET_DEPTH_HINT, BUCKET_DEPTH_HINT);
|
2019-11-23 03:40:23 +00:00
|
|
|
|
2019-11-28 03:06:49 +00:00
|
|
|
const static struct ipv {
|
|
|
|
const char *cmd,
|
|
|
|
*pattern;
|
2019-11-28 15:10:31 +00:00
|
|
|
} ipv_arr[] = {
|
2019-11-28 03:06:49 +00:00
|
|
|
{ .cmd= IPTABLES " -nL INPUT 2>/dev/null",
|
|
|
|
.pattern= "DROP[[:space:]]+all[[:space:]]+--[[:space:]]+([0-9.]+)[[:space:]]+0\\.0\\.0\\.0/0"
|
|
|
|
},
|
|
|
|
{ .cmd= IP6TABLES " -nL INPUT 2>/dev/null",
|
|
|
|
.pattern= "DROP[[:space:]]+all[[:space:]]+([0-9a-f:]+)[[:space:]]+::/0"
|
|
|
|
},
|
|
|
|
{ /* Terminating member */ }
|
|
|
|
};
|
|
|
|
|
2019-11-28 15:10:31 +00:00
|
|
|
/* Take care of all ip versions ... */
|
|
|
|
for(const struct ipv *ipv= ipv_arr; ipv->cmd; ++ipv) {
|
2019-11-28 03:06:49 +00:00
|
|
|
|
|
|
|
static char lbuf[1024];
|
|
|
|
static char addr[43];
|
|
|
|
regex_t re;
|
|
|
|
regmatch_t matchArr[2];
|
|
|
|
size_t len;
|
|
|
|
FILE *fh= NULL;
|
|
|
|
|
|
|
|
if(regex_compile(&re, ipv->pattern, REG_EXTENDED)) {
|
|
|
|
eprintf("ERROR: regex_compile(\"%s\") failed.", ipv->pattern);
|
2019-11-29 22:23:16 +00:00
|
|
|
exit(EXIT_FAILURE);
|
2019-11-28 03:06:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
fh= ez_popen(ipv->cmd, "r");
|
2019-12-04 02:38:51 +00:00
|
|
|
#ifdef qqDEBUG
|
|
|
|
unsigned count= 0;
|
|
|
|
#endif
|
2019-11-28 03:06:49 +00:00
|
|
|
while(ez_fgets(lbuf, sizeof(lbuf)-1, fh)) {
|
2019-11-24 22:12:21 +00:00
|
|
|
|
2019-11-28 03:06:49 +00:00
|
|
|
/* Filter all that looks uninteresting */
|
|
|
|
if(regexec(&re, lbuf, 2, matchArr, 0)) continue;
|
|
|
|
|
|
|
|
/* Compute the length needed for the address string */
|
|
|
|
len= matchArr[1].rm_eo - matchArr[1].rm_so;
|
|
|
|
|
|
|
|
/* Copy address into a null terminated static buffer */
|
|
|
|
strncpy(addr, lbuf + matchArr[1].rm_so, sizeof(addr)-1);
|
|
|
|
addr[len]= '\0';
|
|
|
|
|
|
|
|
if(MAP_findStrItem(&S.addr_map, addr))
|
|
|
|
eprintf("WARNING: duplicate iptable entry for %s", addr);
|
|
|
|
else
|
|
|
|
MAP_addStrKey(&S.addr_map, addr, strdup(addr));
|
2019-12-04 02:38:51 +00:00
|
|
|
#ifdef qqDEBUG
|
|
|
|
++count;
|
|
|
|
#endif
|
2019-11-24 22:12:21 +00:00
|
|
|
}
|
2019-11-28 03:06:49 +00:00
|
|
|
ez_pclose(fh);
|
|
|
|
regfree(&re);
|
2019-12-04 02:38:51 +00:00
|
|
|
#ifdef qqDEBUG
|
|
|
|
eprintf("%s got %u entries", ipv->cmd, count);
|
|
|
|
#endif
|
2019-11-23 03:40:23 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
IPTABLES_is_currently_blocked(const char *addr)
|
|
|
|
/********************************************************
|
|
|
|
* This provides an efficient lookup of addresses blocked
|
|
|
|
* by iptables in the filter table, INPUT chain.
|
|
|
|
*
|
|
|
|
* RETURN:
|
|
|
|
* 1 if the supplied addr is blocked by iptables.
|
|
|
|
* 0 otherwise.
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
if(!S.is_init)
|
|
|
|
initialize();
|
|
|
|
|
|
|
|
/* See if this addr is in the map */
|
|
|
|
if(MAP_findStrItem(&S.addr_map, addr)) return 1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-11-24 22:12:21 +00:00
|
|
|
static int
|
|
|
|
addrCmp_pvsort(const void *const* pp1, const void *const* pp2)
|
|
|
|
/**************************************************************
|
|
|
|
* PTRVEC_sort() comparison function for addresses, puts
|
|
|
|
* ipv6 at the bottom.
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
const char *addr1= *((const char*const*)pp1),
|
|
|
|
*addr2= *((const char*const*)pp2);
|
|
|
|
|
|
|
|
if(strchr(addr2, ':')) {
|
|
|
|
if(!strchr(addr1, ':')) return -1;
|
|
|
|
} else {
|
|
|
|
if(strchr(addr1, ':')) return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-11-23 03:40:23 +00:00
|
|
|
static int
|
2020-09-16 02:26:09 +00:00
|
|
|
run_command(const char *argv[])
|
2019-11-23 03:40:23 +00:00
|
|
|
/**************************************************************
|
2020-09-16 02:26:09 +00:00
|
|
|
* Run a command given argv using fork() and execve(). Wait
|
|
|
|
* for command to finish.
|
|
|
|
*/
|
|
|
|
{
|
2020-09-18 14:35:35 +00:00
|
|
|
#ifdef DEBUG
|
|
|
|
{ // Print argv[] to stderr
|
|
|
|
ez_fprintf(stderr, "argv[]= {\n");
|
|
|
|
const char **ppstr;
|
|
|
|
for(ppstr= argv; *ppstr; ++ppstr)
|
|
|
|
ez_fprintf(stderr, "\t%s\n", *ppstr);
|
|
|
|
|
|
|
|
ez_fputs("}\n", stderr);
|
|
|
|
ez_fflush(stderr);
|
2020-09-16 02:26:09 +00:00
|
|
|
}
|
|
|
|
#endif
|
2020-09-18 14:35:35 +00:00
|
|
|
int out_pipe[2];
|
2020-09-16 02:26:09 +00:00
|
|
|
|
|
|
|
/* Create a connected pipe for output from command */
|
2020-09-18 14:35:35 +00:00
|
|
|
ez_pipe(out_pipe);
|
2020-09-16 02:26:09 +00:00
|
|
|
|
2020-09-18 14:35:35 +00:00
|
|
|
// Parent will read from out_pipe[0];
|
2020-09-16 02:26:09 +00:00
|
|
|
|
|
|
|
// Create child process
|
|
|
|
pid_t child_pid= ez_fork();
|
|
|
|
|
|
|
|
if(!child_pid) { // Child process
|
|
|
|
|
|
|
|
// Close useless end of pipe
|
2020-09-18 14:35:35 +00:00
|
|
|
ez_close(out_pipe[0]);
|
2020-09-16 02:26:09 +00:00
|
|
|
|
|
|
|
// Attach standard outputs to our pipe
|
2020-09-18 14:35:35 +00:00
|
|
|
ez_dup2(out_pipe[1], STDOUT_FILENO);
|
|
|
|
ez_dup2(out_pipe[1], STDERR_FILENO);
|
2020-09-16 02:26:09 +00:00
|
|
|
|
|
|
|
#pragma GCC diagnostic push
|
|
|
|
#pragma GCC diagnostic ignored "-Wincompatible-pointer-types"
|
|
|
|
// Execute command
|
|
|
|
ez_execve(argv[0], argv, environ);
|
|
|
|
// We will never get to here
|
|
|
|
#pragma GCC diagnostic pop
|
|
|
|
}
|
|
|
|
|
|
|
|
// Close useless end of pipe
|
2020-09-18 14:35:35 +00:00
|
|
|
ez_close(out_pipe[1]);
|
2020-09-16 02:26:09 +00:00
|
|
|
|
|
|
|
#define BUF_SZ 1024
|
|
|
|
// Read buffer
|
|
|
|
static char buf[BUF_SZ];
|
|
|
|
|
|
|
|
// Loop reading data from child's output
|
|
|
|
ssize_t nRead;
|
2020-09-18 14:35:35 +00:00
|
|
|
while(0 < (nRead= read(out_pipe[0], buf, BUF_SZ-1)))
|
2020-09-16 02:26:09 +00:00
|
|
|
// Relay to our stderr
|
|
|
|
ez_write(STDERR_FILENO, buf, nRead);
|
|
|
|
|
|
|
|
#undef BUF_SZ
|
|
|
|
|
|
|
|
if(-1 == nRead)
|
|
|
|
sys_eprintf("ERROR: read()");
|
|
|
|
|
|
|
|
/* Wait indefinitely for child to finish */
|
|
|
|
int wstatus;
|
|
|
|
pid_t rc= waitpid(child_pid, &wstatus, 0);
|
|
|
|
|
|
|
|
// Proper exit
|
|
|
|
if(WIFEXITED(wstatus))
|
|
|
|
return WEXITSTATUS(wstatus);
|
|
|
|
|
|
|
|
// Killed with signal
|
|
|
|
if(WIFSIGNALED(wstatus)) {
|
|
|
|
eprintf("ERROR: %s killed by signal: %s", argv[0], strsignal(WTERMSIG(wstatus)));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Shouldn't ever get here
|
|
|
|
assert(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
_control_addresses(const char *cmdFlag, PTRVEC *h_vec)
|
|
|
|
/**************************************************************
|
|
|
|
* (Un)block addresses.
|
2019-11-23 03:40:23 +00:00
|
|
|
*/
|
|
|
|
{
|
|
|
|
if(!S.is_init)
|
|
|
|
initialize();
|
|
|
|
|
|
|
|
int rtn= -1;
|
|
|
|
|
2020-09-16 02:26:09 +00:00
|
|
|
// Need a large string buffer for comma separated address list
|
|
|
|
static STR addr_sb;
|
|
|
|
STR_sinit(&addr_sb, N_ADDRESSES_HINT*20);
|
|
|
|
|
|
|
|
// argv always same length, with NULL at the end
|
|
|
|
static const char *argv[8];
|
2019-11-23 03:40:23 +00:00
|
|
|
|
2020-09-16 02:26:09 +00:00
|
|
|
/**************************************************************************/
|
|
|
|
/**************** ip4 addresses *******************************************/
|
|
|
|
/**************************************************************************/
|
|
|
|
/* Name of executable file */
|
|
|
|
argv[0]= IPTABLES;
|
|
|
|
|
|
|
|
/* iptables command string begins like this */
|
|
|
|
argv[1]= cmdFlag;
|
|
|
|
argv[2]= "INPUT";
|
|
|
|
argv[3]= "-s";
|
2021-02-26 15:35:42 +00:00
|
|
|
/* argv[4] supplied below */
|
|
|
|
argv[5]= "-j";
|
|
|
|
argv[6]= "DROP";
|
2019-11-23 03:40:23 +00:00
|
|
|
|
2021-02-26 15:35:42 +00:00
|
|
|
const char *addr= NULL;
|
2019-11-23 03:40:23 +00:00
|
|
|
|
2020-09-16 02:26:09 +00:00
|
|
|
/* Move any ipv6 addresses to the end */
|
2019-11-24 22:12:21 +00:00
|
|
|
PTRVEC_sort(h_vec, addrCmp_pvsort);
|
2021-02-26 18:16:14 +00:00
|
|
|
#ifdef DEBUG
|
|
|
|
{
|
|
|
|
const char *addr;
|
|
|
|
unsigned i;
|
|
|
|
PTRVEC_loopFwd(h_vec, i, addr) {
|
|
|
|
eprintf("%s", addr);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
2019-11-23 03:40:23 +00:00
|
|
|
|
2020-09-18 14:35:35 +00:00
|
|
|
{ /* Place comma separated address list into single string buffer */
|
2021-02-26 15:35:42 +00:00
|
|
|
const char *colon=NULL;
|
|
|
|
unsigned naddr= 0;
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
|
|
|
addr= PTRVEC_remHead(h_vec);
|
|
|
|
if(addr)
|
|
|
|
colon= strchr(addr, ':');
|
|
|
|
|
|
|
|
/* We have an ipv4 address */
|
|
|
|
if(addr && !colon) {
|
|
|
|
|
|
|
|
/* Need comma after 1st address */
|
|
|
|
if(naddr)
|
|
|
|
STR_append(&addr_sb, ",", 1);
|
|
|
|
|
|
|
|
/* Put address in buffer */
|
|
|
|
STR_append(&addr_sb, addr, -1);
|
|
|
|
|
|
|
|
/* Note we will use this address */
|
|
|
|
++naddr;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Keep adding addresses until we bump up against iptables maximum,
|
|
|
|
* or run out of ipv4 addresses
|
|
|
|
*/
|
2021-02-26 18:16:14 +00:00
|
|
|
if(!naddr || (naddr < IPTABLES_MAX_ADDR && (addr && !colon)))
|
2021-02-26 15:35:42 +00:00
|
|
|
continue;
|
|
|
|
|
|
|
|
// Place string buffer in argv
|
|
|
|
argv[4]= STR_str(&addr_sb);
|
|
|
|
if(run_command(argv)) {
|
|
|
|
eprintf("ERROR: run_command() failed.");
|
|
|
|
goto abort;
|
|
|
|
}
|
|
|
|
/* Reset for next command */
|
|
|
|
naddr= 0;
|
|
|
|
STR_reset(&addr_sb);
|
|
|
|
|
|
|
|
} while(addr && !colon);
|
2019-11-24 22:12:21 +00:00
|
|
|
}
|
|
|
|
|
2020-09-16 02:26:09 +00:00
|
|
|
/**************************************************************************/
|
|
|
|
/**************** ip6 addresses *******************************************/
|
|
|
|
/**************************************************************************/
|
2019-11-24 22:12:21 +00:00
|
|
|
|
2020-09-18 14:35:35 +00:00
|
|
|
{ // ipv6 addresses
|
|
|
|
argv[0]= IP6TABLES;
|
2021-02-26 15:55:56 +00:00
|
|
|
// Prepare to load up ipv6 addresses in string buffer
|
2020-09-18 14:35:35 +00:00
|
|
|
STR_reset(&addr_sb);
|
2019-11-24 22:12:21 +00:00
|
|
|
|
2021-02-26 15:55:56 +00:00
|
|
|
unsigned naddr= 0;
|
2019-11-23 03:40:23 +00:00
|
|
|
|
2021-02-26 15:55:56 +00:00
|
|
|
for(;;) { /* Work through ipv6 addresses in the vector */
|
2019-11-23 03:40:23 +00:00
|
|
|
|
2021-02-26 15:35:42 +00:00
|
|
|
if(addr) {
|
|
|
|
/* Need comma after 1st address */
|
|
|
|
if(naddr)
|
|
|
|
STR_append(&addr_sb, ",", 1);
|
2019-11-23 03:40:23 +00:00
|
|
|
|
2021-02-26 15:35:42 +00:00
|
|
|
/* Put address in place */
|
|
|
|
STR_append(&addr_sb, addr, -1);
|
2021-02-26 15:55:56 +00:00
|
|
|
|
|
|
|
/* Note that we will use this address */
|
|
|
|
++naddr;
|
2021-02-26 15:35:42 +00:00
|
|
|
}
|
2021-02-26 15:55:56 +00:00
|
|
|
|
|
|
|
/* See if there is another address */
|
|
|
|
addr= PTRVEC_remHead(h_vec);
|
2019-11-23 03:40:23 +00:00
|
|
|
|
2021-02-26 18:16:14 +00:00
|
|
|
/* Break out if nothing remains */
|
2021-02-26 18:00:14 +00:00
|
|
|
if(!addr && !naddr)
|
|
|
|
break;
|
|
|
|
|
2021-02-26 15:35:42 +00:00
|
|
|
/* Keep adding addresses until we bump up against iptables maximum,
|
2021-02-26 15:55:56 +00:00
|
|
|
* or run out of addresses
|
2021-02-26 15:35:42 +00:00
|
|
|
*/
|
|
|
|
if(!naddr || (naddr < IPTABLES_MAX_ADDR && addr))
|
|
|
|
continue;
|
2019-11-23 03:40:23 +00:00
|
|
|
|
2021-02-26 15:35:42 +00:00
|
|
|
// Place string buffer in argv
|
|
|
|
argv[4]= STR_str(&addr_sb);
|
|
|
|
if(run_command(argv)) {
|
|
|
|
eprintf("ERROR: run_command() failed.");
|
|
|
|
goto abort;
|
|
|
|
}
|
|
|
|
|
2021-02-26 15:55:56 +00:00
|
|
|
/* Bail out now if we are done with the list */
|
|
|
|
if(!addr)
|
|
|
|
break;
|
|
|
|
|
2021-02-26 15:35:42 +00:00
|
|
|
/* Reset for next command */
|
|
|
|
naddr= 0;
|
|
|
|
STR_reset(&addr_sb);
|
2021-02-26 15:55:56 +00:00
|
|
|
}
|
2019-11-23 03:40:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
rtn= 0;
|
|
|
|
abort:
|
|
|
|
return rtn;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2020-09-16 02:26:09 +00:00
|
|
|
IPTABLES_block_addresses(PTRVEC *h_vec)
|
2019-11-23 03:40:23 +00:00
|
|
|
/**************************************************************
|
2020-09-16 02:26:09 +00:00
|
|
|
* Block addresses.
|
2019-11-23 03:40:23 +00:00
|
|
|
*/
|
|
|
|
{
|
|
|
|
if(!S.is_init)
|
|
|
|
initialize();
|
|
|
|
|
2020-09-16 02:26:09 +00:00
|
|
|
return _control_addresses("-A", h_vec);
|
2019-11-23 03:40:23 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2020-09-16 02:26:09 +00:00
|
|
|
IPTABLES_unblock_addresses(PTRVEC *h_vec)
|
2019-11-23 03:40:23 +00:00
|
|
|
/**************************************************************
|
2020-09-16 02:26:09 +00:00
|
|
|
* Unblock addresses.
|
2019-11-23 03:40:23 +00:00
|
|
|
*/
|
|
|
|
{
|
|
|
|
if(!S.is_init)
|
|
|
|
initialize();
|
|
|
|
|
2020-09-16 02:26:09 +00:00
|
|
|
return _control_addresses("-D", h_vec);
|
2019-11-23 03:40:23 +00:00
|
|
|
|
|
|
|
}
|
2019-11-26 11:42:23 +00:00
|
|
|
|
|
|
|
static int
|
|
|
|
fill_in_missing(char *blocked_addr, MAP *h_rtn_map)
|
|
|
|
/**************************************************************
|
|
|
|
* If blocked_addr is not in h_rtn_map, create an object and
|
|
|
|
* place it their.
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
if( MAP_findStrItem(h_rtn_map, blocked_addr)) return 0;
|
|
|
|
|
|
|
|
/* Create a new faux logentry object */
|
2019-12-02 03:29:32 +00:00
|
|
|
OFFENTRY *e;
|
|
|
|
OFFENTRY_addr_create(e, blocked_addr);
|
2019-11-26 11:42:23 +00:00
|
|
|
assert(e);
|
|
|
|
|
|
|
|
/* Place in the return map */
|
|
|
|
MAP_addStrKey(h_rtn_map, blocked_addr, e);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
IPTABLES_fill_in_missing(MAP *h_rtn_map)
|
|
|
|
/**************************************************************
|
|
|
|
* Fill in all blocked IP's which are not already in *h_map.
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
if(!S.is_init)
|
|
|
|
initialize();
|
|
|
|
|
|
|
|
int rtn= -1;
|
|
|
|
|
|
|
|
MAP_visitAllEntries(&S.addr_map, (int(*)(void*,void*))fill_in_missing, h_rtn_map);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rtn= 0;
|
|
|
|
abort:
|
|
|
|
return rtn;
|
|
|
|
}
|