April 2011 - tor-commits - lists.torproject.org

[tor/release-0.2.2] slight tweak on circuit_conforms_to_options
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 7e2e8074d52f9ace76d98a62d67a4bf781f06c3b Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 03:22:53 2011 -0500 slight tweak on circuit_conforms_to_options this function really needs to get a total rewrite (or die) For now, use #if 0 to disable it. --- src/or/circuituse.c | 23 ++++++++++++----------- src/or/circuituse.h | 2 ++ 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/or/circuituse.c b/src/or/circuituse.c index cdf49e3..7b20f7f 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -242,33 +242,34 @@ circuit_get_best(edge_connection_t *conn, int must_be_open, uint8_t purpose, return best ? TO_ORIGIN_CIRCUIT(best) : NULL; } +#if 0 /** Check whether, according to the policies in options, the * circuit circ makes sense. */ -/* XXXX currently only checks Exclude{Exit}Nodes. It should check more. */ +/* XXXX currently only checks Exclude{Exit}Nodes; it should check more. + * Also, it doesn't have the right definition of an exit circuit. Also, + * it's never called. */ int circuit_conforms_to_options(const origin_circuit_t *circ, const or_options_t *options) { const crypt_path_t *cpath, *cpath_next = NULL; - for (cpath = circ->cpath; cpath && cpath_next != circ->cpath; - cpath = cpath_next) { + /* first check if it includes any excluded nodes */ + for (cpath = circ->cpath; cpath_next != circ->cpath; cpath = cpath_next) { cpath_next = cpath->next; - if (routerset_contains_extendinfo(options->ExcludeNodes, cpath->extend_info)) return 0; + } - if (cpath->next == circ->cpath) { - /* This is apparently the exit node. */ + /* then consider the final hop */ + if (routerset_contains_extendinfo(options->ExcludeExitNodes, + circ->cpath->prev->extend_info)) + return 0; - if (routerset_contains_extendinfo(options->ExcludeExitNodes, - cpath->extend_info)) - return 0; - } - } return 1; } +#endif /** Close all circuits that start at us, aren't open, and were born * at least CircuitBuildTimeout seconds ago. diff --git a/src/or/circuituse.h b/src/or/circuituse.h index a121099..9f393ab 100644 --- a/src/or/circuituse.h +++ b/src/or/circuituse.h @@ -16,8 +16,10 @@ void circuit_expire_building(void); void circuit_remove_handled_ports(smartlist_t *needed_ports); int circuit_stream_is_being_handled(edge_connection_t *conn, uint16_t port, int min); +#if 0 int circuit_conforms_to_options(const origin_circuit_t *circ, const or_options_t *options); +#endif void circuit_build_needed_circs(time_t now); void circuit_detach_stream(circuit_t *circ, edge_connection_t *conn);

1 0

[tor/release-0.2.2] Note a slightly less likely way to violate ExcludeNodes
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit e4689d840266088739eee39e9bef84e13c988ce9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 16:51:00 2011 -0400 Note a slightly less likely way to violate ExcludeNodes --- src/or/circuitlist.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index d11b457..42073fb 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -933,6 +933,11 @@ circuit_find_to_cannibalize(uint8_t purpose, extend_info_t *info, "capacity %d, internal %d", purpose, need_uptime, need_capacity, internal); + /* XXX022-1090 We should make sure that when we cannibalize a circuit, it + * contains no excluded nodes. (This is possible if StrictNodes is 0, and + * we thought we needed to use an excluded exit node for, say, a directory + * operation.) -NM */ + for (_circ=global_circuitlist; _circ; _circ = _circ->next) { if (CIRCUIT_IS_ORIGIN(_circ) && _circ->state == CIRCUIT_STATE_OPEN &&

1 0

[tor/release-0.2.2] note another case where strictnodes is considered for exits
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit bcea155ce0999d19b596a24edd359d1fc0dbe380 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 04:36:24 2011 -0500 note another case where strictnodes is considered for exits --- src/or/connection_edge.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 72e2c8a..fff42be 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2969,6 +2969,8 @@ connection_edge_is_rendezvous_stream(edge_connection_t *conn) * * If excluded_means_no is 1 and Exclude*Nodes is set and excludes * this relay, return 0. + * XXX022-1090 This StrictNodes business needs more work, a la bug 1090. See + * also git commit ef81649d. */ int connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit,

1 0

[tor/release-0.2.2] Do not automatically ignore Fast/Stable for exits when ExitNodes is set
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 4851de554d5fc473cc9418b15bfb752e45b7d81d Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 17:29:59 2011 -0400 Do not automatically ignore Fast/Stable for exits when ExitNodes is set This once maybe made sense when ExitNodes meant "Here are 3 exits; use them all", but now it more typically means "Here are 3 countries; exit from there." Using non-Fast/Stable exits created a potential partitioning opportunity and an annoying stability problem. (Don't worry about the case where all of our ExitNodes are non-Fast or non-Stable: we handle that later in the function by retrying with need_capacity and need_uptime set to 0.) --- changes/exitnodes_reliable | 7 +++++++ src/or/circuitbuild.c | 18 +++++------------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/changes/exitnodes_reliable b/changes/exitnodes_reliable new file mode 100644 index 0000000..62ef03a --- /dev/null +++ b/changes/exitnodes_reliable @@ -0,0 +1,7 @@ + o Minor features: + - If ExitNodes is set, still pay attention to the Fast/Stable + status of exits when picking exit nodes. (We used to ignore + these flags when ExitNodes was set, on the grounds that people + who set exitnodes wanted all of those nodes to get used, but + with the ability to pick exits by country and IP range, this + doesn't necessarily make sense any more.) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index b6627a0..714d636 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2697,20 +2697,12 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime, continue; /* not one of our chosen exit nodes */ } - if (router_is_unreliable(router, need_uptime, need_capacity, 0) && - !options->ExitNodes) { - /* FFFF Someday, differentiate between a routerset that names - * routers, and a routerset that names countries, and only do this - * check if they've asked for specific exit relays. Or if the country - * they ask for is rare. Or something. */ - /* XXX022-1090 We need to pick a tradeoff here: if we throw it out because - * it's unreliable, users might end up with no exit options even - * though some options are up. If we don't throw it out, users who - * set ExitNodes will have partitioning problems because they'll be - * the only folks willing to use this node. */ + if (router_is_unreliable(router, need_uptime, need_capacity, 0)) { n_supported[i] = -1; - continue; /* skip routers that are not suitable, unless we have - * ExitNodes set, in which case we asked for it */ + continue; /* skip routers that are not suitable. Don't worry if + * this makes us reject all the possible routers: if so, + * we'll retry later in this function with need_update and + * need_capacity set to 0. */ } if (!(router->is_valid || options->_AllowInvalid & ALLOW_INVALID_EXIT)) { /* if it's invalid and we don't want it */

1 0

[tor/release-0.2.2] refuse moria1.exit if moria1 is excluded
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 2b5c39211c2259404ab9bc23a1788b6d529e838f Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 05:29:28 2011 -0500 refuse moria1.exit if moria1 is excluded add a note reminding us to do this for foo.moria1.exit if we decide to. --- src/or/connection_edge.c | 11 +++++++++-- 1 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index fff42be..4c74426 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1610,6 +1610,10 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn, tor_assert(!automap); if (s) { if (s[1] != '\0') { + /* XXX022-1090 we should look this up as a relay and see if it's + * in our excluded set, and refuse it here if so. But first, + * figure out what's up with this 'remapped_to_exit' business + * and whether that needs careful treatment. -RD */ conn->chosen_exit_name = tor_strdup(s+1); if (remapped_to_exit) /* 5 tries before it expires the addressmap */ conn->chosen_exit_retries = TRACKHOSTEXITS_RETRIES; @@ -1627,11 +1631,14 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn, conn->chosen_exit_name = tor_strdup(socks->address); r = router_get_by_nickname(conn->chosen_exit_name, 1); *socks->address = 0; - if (r) { + if (r && (!options->_ExcludeExitNodesUnion || + !routerset_contains_router(options->_ExcludeExitNodesUnion, + r))) { strlcpy(socks->address, r->address, sizeof(socks->address)); } else { log_warn(LD_APP, - "Unrecognized server in exit address '%s.exit'. Refusing.", + "%s relay in exit address '%s.exit'. Refusing.", + r ? "Excluded" : "Unrecognized", safe_str_client(socks->address)); connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); return -1;

1 0

[tor/release-0.2.2] If ExitNodes and Exclude{Exit}Nodes overlap, obey Exclude{Exit}Nodes.
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 0ad3836f73cbb6f0aa8b643c43e799d69d378aea Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 04:35:08 2011 -0500 If ExitNodes and Exclude{Exit}Nodes overlap, obey Exclude{Exit}Nodes. Also, ExitNodes are always strict. --- src/or/circuitbuild.c | 56 ++++++++++++++++++++++-------------------------- src/or/routerlist.c | 4 +++ src/or/routerlist.h | 2 + 3 files changed, 32 insertions(+), 30 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 86406cb..b8a82e8 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2685,13 +2685,29 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime, n_supported[i] = -1; continue; /* skip routers that are known to be down or bad exits */ } + + if (options->_ExcludeExitNodesUnion && + routerset_contains_router(options->_ExcludeExitNodesUnion, router)) { + n_supported[i] = -1; + continue; /* user asked us not to use it, no matter what */ + } + if (options->ExitNodes && + !routerset_contains_router(options->ExitNodes, router)) { + n_supported[i] = -1; + continue; /* not one of our chosen exit nodes */ + } + if (router_is_unreliable(router, need_uptime, need_capacity, 0) && - (!options->ExitNodes || - !routerset_contains_router(options->ExitNodes, router))) { + !options->ExitNodes) { /* FFFF Someday, differentiate between a routerset that names * routers, and a routerset that names countries, and only do this * check if they've asked for specific exit relays. Or if the country * they ask for is rare. Or something. */ + /* XXX022-1090 We need to pick a tradeoff here: if we throw it out because + * it's unreliable, users might end up with no exit options even + * though some options are up. If we don't throw it out, users who + * set ExitNodes will have partitioning problems because they'll be + * the only folks willing to use this node. */ n_supported[i] = -1; continue; /* skip routers that are not suitable, unless we have * ExitNodes set, in which case we asked for it */ @@ -2753,21 +2769,13 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime, /* If any routers definitely support any pending connections, choose one * at random. */ if (best_support > 0) { - smartlist_t *supporting = smartlist_create(), *use = smartlist_create(); + smartlist_t *supporting = smartlist_create(); for (i = 0; i < smartlist_len(dir->routers); i++) if (n_supported[i] == best_support) smartlist_add(supporting, smartlist_get(dir->routers, i)); - routersets_get_disjunction(use, supporting, options->ExitNodes, - options->_ExcludeExitNodesUnion, 1); - if (smartlist_len(use) == 0 && options->ExitNodes && - !options->StrictNodes) { /* give up on exitnodes and try again */ - routersets_get_disjunction(use, supporting, NULL, - options->_ExcludeExitNodesUnion, 1); - } - router = routerlist_sl_choose_by_bandwidth(use, WEIGHT_FOR_EXIT); - smartlist_free(use); + router = routerlist_sl_choose_by_bandwidth(supporting, WEIGHT_FOR_EXIT); smartlist_free(supporting); } else { /* Either there are no pending connections, or no routers even seem to @@ -2775,7 +2783,7 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime, * at least one predicted exit port. */ int attempt; - smartlist_t *needed_ports, *supporting, *use; + smartlist_t *needed_ports, *supporting; if (best_support == -1) { if (need_uptime || need_capacity) { @@ -2792,7 +2800,6 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime, options->_ExcludeExitNodesUnion ? " or are Excluded" : ""); } supporting = smartlist_create(); - use = smartlist_create(); needed_ports = circuit_get_unhandled_ports(time(NULL)); for (attempt = 0; attempt < 2; attempt++) { /* try once to pick only from routers that satisfy a needed port, @@ -2807,25 +2814,13 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime, } } - routersets_get_disjunction(use, supporting, options->ExitNodes, - options->_ExcludeExitNodesUnion, 1); - if (smartlist_len(use) == 0 && options->ExitNodes && - !options->StrictNodes) { /* give up on exitnodes and try again */ - routersets_get_disjunction(use, supporting, NULL, - options->_ExcludeExitNodesUnion, 1); - } - /* FFF sometimes the above results in null, when the requested - * exit node is considered down by the consensus. we should pick - * it anyway, since the user asked for it. */ - router = routerlist_sl_choose_by_bandwidth(use, WEIGHT_FOR_EXIT); + router = routerlist_sl_choose_by_bandwidth(supporting, WEIGHT_FOR_EXIT); if (router) break; smartlist_clear(supporting); - smartlist_clear(use); } SMARTLIST_FOREACH(needed_ports, uint16_t *, cp, tor_free(cp)); smartlist_free(needed_ports); - smartlist_free(use); smartlist_free(supporting); } @@ -2834,10 +2829,11 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime, log_info(LD_CIRC, "Chose exit server '%s'", router->nickname); return router; } - if (options->ExitNodes && options->StrictNodes) { + if (options->ExitNodes) { log_warn(LD_CIRC, - "No specified exit routers seem to be running, and " - "StrictNodes is set: can't choose an exit."); + "No specified %sexit routers seem to be running: " + "can't choose an exit.", + options->_ExcludeExitNodesUnion ? "non-excluded " : ""); } return NULL; } diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 523596d..a9a216b 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -5473,12 +5473,14 @@ routerset_needs_geoip(const routerset_t *set) return set && smartlist_len(set->country_names); } +#if 0 /** Return true iff there are no entries in set. */ static int routerset_is_empty(const routerset_t *set) { return !set || smartlist_len(set->list) == 0; } +#endif /** Helper. Return true iff set contains a router based on the other * provided fields. Return higher values for more specific subentries: a @@ -5594,6 +5596,7 @@ routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset, } } +#if 0 /** Add to target every routerinfo_t from source except: * * 1) Don't add it if include is non-empty and the relay isn't in @@ -5624,6 +5627,7 @@ routersets_get_disjunction(smartlist_t *target, } }); } +#endif /** Remove every routerinfo_t from lst that is in routerset. */ void diff --git a/src/or/routerlist.h b/src/or/routerlist.h index cd0eb95..3bbdc42 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -175,9 +175,11 @@ int routerset_contains_extendinfo(const routerset_t *set, void routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset, const routerset_t *excludeset, int running_only); +#if 0 void routersets_get_disjunction(smartlist_t *target, const smartlist_t *source, const routerset_t *include, const routerset_t *exclude, int running_only); +#endif void routerset_subtract_routers(smartlist_t *out, const routerset_t *routerset); char *routerset_to_string(const routerset_t *routerset);

1 0

[tor/release-0.2.2] If we're excluded, and StrictNodes is set, do not do self-tests.
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit ca74badbe95be77bd990c9c4f9c1b26052d4159e Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 14:14:45 2011 -0400 If we're excluded, and StrictNodes is set, do not do self-tests. --- src/or/router.c | 22 ++++++++++++++++++++-- 1 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/or/router.c b/src/or/router.c index 6993e1e..64cb079 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -850,14 +850,33 @@ consider_testing_reachability(int test_or, int test_dir) routerinfo_t *me = router_get_my_routerinfo(); int orport_reachable = check_whether_orport_reachable(); tor_addr_t addr; + or_options_t *options = get_options(); if (!me) return; + if (routerset_contains_router(options->ExcludeNodes, me) && + options->StrictNodes) { + /* If we've excluded ourself, and StrictNodes is set, we can't test + * ourself. */ + if (test_or || test_dir) { +#define SELF_EXCLUDED_WARN_INTERVAL 3600 + static ratelim_t warning_limit=RATELIM_INIT(SELF_EXCLUDED_WARN_INTERVAL); + char *msg; + if ((msg = rate_limit_log(&warning_limit, approx_time()))) { + log_warn(LD_CIRC, "Can't peform self-tests for this relay: we have " + "listed ourself in ExcludeNodes, and StrictNodes is set. " + "We will cannot learn whether we are usable, and will not " + "be able to advertise ourself.%s", msg); + tor_free(msg); + } + } + return; + } + if (test_or && (!orport_reachable || !circuit_enough_testing_circs())) { log_info(LD_CIRC, "Testing %s of my ORPort: %s:%d.", !orport_reachable ? "reachability" : "bandwidth", me->address, me->or_port); - /* XXX022-1090 If we ExcludeNodes ourself, should this fail? -RD */ circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me, CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL); } @@ -868,7 +887,6 @@ consider_testing_reachability(int test_or, int test_dir) CONN_TYPE_DIR, &addr, me->dir_port, DIR_PURPOSE_FETCH_SERVERDESC)) { /* ask myself, via tor, for my server descriptor. */ - /* XXX022-1090 If we ExcludeNodes ourself, should this fail? -RD */ directory_initiate_command(me->address, &addr, me->or_port, me->dir_port, 0, /* does not matter */

1 0

[tor/release-0.2.2] don't exit enclave to excluded relays
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 719b5b87dee4910bb3e2d29db6e2012416f60d3d Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 03:57:01 2011 -0500 don't exit enclave to excluded relays --- src/or/routerlist.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 29e2e96..523596d 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1538,6 +1538,8 @@ routerlist_find_my_routerinfo(void) /** Find a router that's up, that has this IP address, and * that allows exit to this address:port, or return NULL if there * isn't a good one. + * Don't exit enclave to excluded relays -- it wouldn't actually + * hurt anything, but this way there are fewer confused users. */ routerinfo_t * router_find_exact_exit_enclave(const char *address, uint16_t port) @@ -1545,6 +1547,7 @@ router_find_exact_exit_enclave(const char *address, uint16_t port) uint32_t addr; struct in_addr in; tor_addr_t a; + or_options_t *options = get_options(); if (!tor_inet_aton(address, &in)) return NULL; /* it's not an IP already */ @@ -1557,7 +1560,8 @@ router_find_exact_exit_enclave(const char *address, uint16_t port) if (router->addr == addr && router->is_running && compare_tor_addr_to_addr_policy(&a, port, router->exit_policy) == - ADDR_POLICY_ACCEPTED) + ADDR_POLICY_ACCEPTED && + !routerset_contains_router(options->_ExcludeExitNodesUnion, router)) return router; }); return NULL;

1 0

[tor/release-0.2.2] Merge remote-tracking branch 'sebastian/bug2917' into maint-0.2.2
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit a7a906603e0c7e3c8519a948b5adf43bfecf6f66 Merge: b75d1da 5114e3e Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 26 15:17:03 2011 -0400 Merge remote-tracking branch 'sebastian/bug2917' into maint-0.2.2 changes/bug2917 | 4 ++++ src/or/control.c | 3 ++- src/or/main.c | 43 +------------------------------------------ src/or/main.h | 2 +- src/or/or.h | 2 +- 5 files changed, 9 insertions(+), 45 deletions(-)

1 0

[tor/release-0.2.2] Fix more of bug 2704
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 6fde2b46d2cc2345ec955b1ed9674a777e5e8716 Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Tue Apr 26 15:33:08 2011 +0200 Fix more of bug 2704 The last entry of the *Maxima values in the state file was inflated by a factor of NUM_SECS_ROLLING_MEASURE (currently 10). This could lead to a wrong maximum value propagating through the state file history. --- changes/bug2704 | 5 +++++ src/or/rephist.c | 3 ++- 2 files changed, 7 insertions(+), 1 deletions(-) diff --git a/changes/bug2704 b/changes/bug2704 new file mode 100644 index 0000000..821b38b --- /dev/null +++ b/changes/bug2704 @@ -0,0 +1,5 @@ + o Major bugfixes: + - When writing our maximum bw for the current interval to the state + file, don't wrongly inflate that value by a factor of 10 anymore. + Fixes more of bug 2704. + diff --git a/src/or/rephist.c b/src/or/rephist.c index fb091d5..9146fce 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -1614,7 +1614,8 @@ rep_hist_update_bwhist_state_section(or_state_t *state, } tor_asprintf(&cp, U64_FORMAT, U64_PRINTF_ARG(b->total_in_period & ~0x3ff)); smartlist_add(*s_values, cp); - tor_asprintf(&cp, U64_FORMAT, U64_PRINTF_ARG(b->max_total & ~0x3ff)); + maxval = b->max_total / NUM_SECS_ROLLING_MEASURE; + tor_asprintf(&cp, U64_FORMAT, U64_PRINTF_ARG(maxval & ~0x3ff)); smartlist_add(*s_maxima, cp); }

1 0