1/* 2 * iterator/iter_hints.c - iterative resolver module stub and root hints. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36/** 37 * \file 38 * 39 * This file contains functions to assist the iterator module. 40 * Keep track of stub and root hints, and read those from config. 41 */ 42#include "config.h" 43#include "iterator/iter_hints.h" 44#include "iterator/iter_delegpt.h" 45#include "util/log.h" 46#include "util/config_file.h" 47#include "util/net_help.h" 48#include "util/data/dname.h" 49#include "sldns/rrdef.h" 50#include "sldns/str2wire.h" 51#include "sldns/wire2str.h" 52 53struct iter_hints* 54hints_create(void) 55{ 56 struct iter_hints* hints = (struct iter_hints*)calloc(1, 57 sizeof(struct iter_hints)); 58 if(!hints) 59 return NULL; 60 lock_rw_init(&hints->lock); 61 lock_protect(&hints->lock, &hints->tree, sizeof(hints->tree)); 62 return hints; 63} 64 65static void hints_stub_free(struct iter_hints_stub* s) 66{ 67 if(!s) return; 68 delegpt_free_mlc(s->dp); 69 free(s); 70} 71 72static void delhintnode(rbnode_type* n, void* ATTR_UNUSED(arg)) 73{ 74 struct iter_hints_stub* node = (struct iter_hints_stub*)n; 75 hints_stub_free(node); 76} 77 78static void hints_del_tree(struct iter_hints* hints) 79{ 80 traverse_postorder(&hints->tree, &delhintnode, NULL); 81} 82 83void 84hints_delete(struct iter_hints* hints) 85{ 86 if(!hints) 87 return; 88 lock_rw_destroy(&hints->lock); 89 hints_del_tree(hints); 90 free(hints); 91} 92 93/** add hint to delegation hints */ 94static int 95ah(struct delegpt* dp, const char* sv, const char* ip) 96{ 97 struct sockaddr_storage addr; 98 socklen_t addrlen; 99 size_t dname_len; 100 uint8_t* dname = sldns_str2wire_dname(sv, &dname_len); 101 if(!dname) { 102 log_err("could not parse %s", sv); 103 return 0; 104 } 105 if(!delegpt_add_ns_mlc(dp, dname, 0, NULL, UNBOUND_DNS_PORT) || 106 !extstrtoaddr(ip, &addr, &addrlen, UNBOUND_DNS_PORT) || 107 !delegpt_add_target_mlc(dp, dname, dname_len, 108 &addr, addrlen, 0, 0)) { 109 free(dname); 110 return 0; 111 } 112 free(dname); 113 return 1; 114} 115 116/** obtain compiletime provided root hints */ 117static struct delegpt* 118compile_time_root_prime(int do_ip4, int do_ip6) 119{ 120 /* from: 121 ; This file is made available by InterNIC 122 ; under anonymous FTP as 123 ; file /domain/named.cache 124 ; on server FTP.INTERNIC.NET 125 ; -OR- RS.INTERNIC.NET 126 ; 127 ; related version of root zone: changes-on-20120103 128 */ 129 struct delegpt* dp = delegpt_create_mlc((uint8_t*)"\000"); 130 if(!dp) 131 return NULL; 132 dp->has_parent_side_NS = 1; 133 if(do_ip4) { 134 if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4")) goto failed; 135 if(!ah(dp, "B.ROOT-SERVERS.NET.", "170.247.170.2")) goto failed; 136 if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) goto failed; 137 if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) goto failed; 138 if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) goto failed; 139 if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) goto failed; 140 if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) goto failed; 141 if(!ah(dp, "H.ROOT-SERVERS.NET.", "198.97.190.53")) goto failed; 142 if(!ah(dp, "I.ROOT-SERVERS.NET.", "192.36.148.17")) goto failed; 143 if(!ah(dp, "J.ROOT-SERVERS.NET.", "192.58.128.30")) goto failed; 144 if(!ah(dp, "K.ROOT-SERVERS.NET.", "193.0.14.129")) goto failed; 145 if(!ah(dp, "L.ROOT-SERVERS.NET.", "199.7.83.42")) goto failed; 146 if(!ah(dp, "M.ROOT-SERVERS.NET.", "202.12.27.33")) goto failed; 147 } 148 if(do_ip6) { 149 if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed; 150 if(!ah(dp, "B.ROOT-SERVERS.NET.", "2801:1b8:10::b")) goto failed; 151 if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed; 152 if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed; 153 if(!ah(dp, "E.ROOT-SERVERS.NET.", "2001:500:a8::e")) goto failed; 154 if(!ah(dp, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) goto failed; 155 if(!ah(dp, "G.ROOT-SERVERS.NET.", "2001:500:12::d0d")) goto failed; 156 if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::53")) goto failed; 157 if(!ah(dp, "I.ROOT-SERVERS.NET.", "2001:7fe::53")) goto failed; 158 if(!ah(dp, "J.ROOT-SERVERS.NET.", "2001:503:c27::2:30")) goto failed; 159 if(!ah(dp, "K.ROOT-SERVERS.NET.", "2001:7fd::1")) goto failed; 160 if(!ah(dp, "L.ROOT-SERVERS.NET.", "2001:500:9f::42")) goto failed; 161 if(!ah(dp, "M.ROOT-SERVERS.NET.", "2001:dc3::35")) goto failed; 162 } 163 return dp; 164failed: 165 delegpt_free_mlc(dp); 166 return 0; 167} 168 169/** insert new hint info into hint structure */ 170static int 171hints_insert(struct iter_hints* hints, uint16_t c, struct delegpt* dp, 172 int noprime) 173{ 174 struct iter_hints_stub* node = (struct iter_hints_stub*)malloc( 175 sizeof(struct iter_hints_stub)); 176 if(!node) { 177 delegpt_free_mlc(dp); 178 return 0; 179 } 180 node->dp = dp; 181 node->noprime = (uint8_t)noprime; 182 if(!name_tree_insert(&hints->tree, &node->node, dp->name, dp->namelen, 183 dp->namelabs, c)) { 184 char buf[257]; 185 dname_str(dp->name, buf); 186 log_err("second hints for zone %s ignored.", buf); 187 delegpt_free_mlc(dp); 188 free(node); 189 } 190 return 1; 191} 192 193/** set stub name */ 194static struct delegpt* 195read_stubs_name(struct config_stub* s) 196{ 197 struct delegpt* dp; 198 size_t dname_len; 199 uint8_t* dname; 200 if(!s->name) { 201 log_err("stub zone without a name"); 202 return NULL; 203 } 204 dname = sldns_str2wire_dname(s->name, &dname_len); 205 if(!dname) { 206 log_err("cannot parse stub zone name %s", s->name); 207 return NULL; 208 } 209 if(!(dp=delegpt_create_mlc(dname))) { 210 free(dname); 211 log_err("out of memory"); 212 return NULL; 213 } 214 free(dname); 215 return dp; 216} 217 218/** set stub host names */ 219static int 220read_stubs_host(struct config_stub* s, struct delegpt* dp) 221{ 222 struct config_strlist* p; 223 uint8_t* dname; 224 char* tls_auth_name; 225 int port; 226 for(p = s->hosts; p; p = p->next) { 227 log_assert(p->str); 228 dname = authextstrtodname(p->str, &port, &tls_auth_name); 229 if(!dname) { 230 log_err("cannot parse stub %s nameserver name: '%s'", 231 s->name, p->str); 232 return 0; 233 } 234#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) 235 if(tls_auth_name) 236 log_err("no name verification functionality in " 237 "ssl library, ignored name for %s", p->str); 238#endif 239 if(!delegpt_add_ns_mlc(dp, dname, 0, tls_auth_name, port)) { 240 free(dname); 241 log_err("out of memory"); 242 return 0; 243 } 244 free(dname); 245 } 246 return 1; 247} 248 249/** set stub server addresses */ 250static int 251read_stubs_addr(struct config_stub* s, struct delegpt* dp) 252{ 253 struct config_strlist* p; 254 struct sockaddr_storage addr; 255 socklen_t addrlen; 256 char* auth_name; 257 for(p = s->addrs; p; p = p->next) { 258 log_assert(p->str); 259 if(!authextstrtoaddr(p->str, &addr, &addrlen, &auth_name)) { 260 log_err("cannot parse stub %s ip address: '%s'", 261 s->name, p->str); 262 return 0; 263 } 264#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) 265 if(auth_name) 266 log_err("no name verification functionality in " 267 "ssl library, ignored name for %s", p->str); 268#endif 269 if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0, 270 auth_name, -1)) { 271 log_err("out of memory"); 272 return 0; 273 } 274 } 275 return 1; 276} 277 278/** read stubs config */ 279static int 280read_stubs(struct iter_hints* hints, struct config_file* cfg) 281{ 282 struct config_stub* s; 283 struct delegpt* dp; 284 for(s = cfg->stubs; s; s = s->next) { 285 if(!(dp=read_stubs_name(s))) 286 return 0; 287 if(!read_stubs_host(s, dp) || !read_stubs_addr(s, dp)) { 288 delegpt_free_mlc(dp); 289 return 0; 290 } 291 /* the flag is turned off for 'stub-first' so that the 292 * last resort will ask for parent-side NS record and thus 293 * fallback to the internet name servers on a failure */ 294 dp->has_parent_side_NS = (uint8_t)!s->isfirst; 295 /* Do not cache if set. */ 296 dp->no_cache = s->no_cache; 297 /* ssl_upstream */ 298 dp->ssl_upstream = (uint8_t)s->ssl_upstream; 299 /* tcp_upstream */ 300 dp->tcp_upstream = (uint8_t)s->tcp_upstream; 301 delegpt_log(VERB_QUERY, dp); 302 if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, !s->isprime)) 303 return 0; 304 } 305 return 1; 306} 307 308/** read root hints from file */ 309static int 310read_root_hints(struct iter_hints* hints, char* fname) 311{ 312 struct sldns_file_parse_state pstate; 313 struct delegpt* dp; 314 uint8_t rr[LDNS_RR_BUF_SIZE]; 315 size_t rr_len, dname_len; 316 int status; 317 uint16_t c = LDNS_RR_CLASS_IN; 318 FILE* f = fopen(fname, "r"); 319 if(!f) { 320 log_err("could not read root hints %s: %s", 321 fname, strerror(errno)); 322 return 0; 323 } 324 dp = delegpt_create_mlc(NULL); 325 if(!dp) { 326 log_err("out of memory reading root hints"); 327 fclose(f); 328 return 0; 329 } 330 verbose(VERB_QUERY, "Reading root hints from %s", fname); 331 memset(&pstate, 0, sizeof(pstate)); 332 pstate.lineno = 1; 333 dp->has_parent_side_NS = 1; 334 while(!feof(f)) { 335 rr_len = sizeof(rr); 336 dname_len = 0; 337 status = sldns_fp2wire_rr_buf(f, rr, &rr_len, &dname_len, 338 &pstate); 339 if(status != 0) { 340 log_err("reading root hints %s %d:%d: %s", fname, 341 pstate.lineno, LDNS_WIREPARSE_OFFSET(status), 342 sldns_get_errorstr_parse(status)); 343 goto stop_read; 344 } 345 if(rr_len == 0) 346 continue; /* EMPTY line, TTL or ORIGIN */ 347 if(sldns_wirerr_get_type(rr, rr_len, dname_len) 348 == LDNS_RR_TYPE_NS) { 349 if(!delegpt_add_ns_mlc(dp, sldns_wirerr_get_rdata(rr, 350 rr_len, dname_len), 0, NULL, UNBOUND_DNS_PORT)) { 351 log_err("out of memory reading root hints"); 352 goto stop_read; 353 } 354 c = sldns_wirerr_get_class(rr, rr_len, dname_len); 355 if(!dp->name) { 356 if(!delegpt_set_name_mlc(dp, rr)) { 357 log_err("out of memory."); 358 goto stop_read; 359 } 360 } 361 } else if(sldns_wirerr_get_type(rr, rr_len, dname_len) 362 == LDNS_RR_TYPE_A && sldns_wirerr_get_rdatalen(rr, 363 rr_len, dname_len) == INET_SIZE) { 364 struct sockaddr_in sa; 365 socklen_t len = (socklen_t)sizeof(sa); 366 memset(&sa, 0, len); 367 sa.sin_family = AF_INET; 368 sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); 369 memmove(&sa.sin_addr, 370 sldns_wirerr_get_rdata(rr, rr_len, dname_len), 371 INET_SIZE); 372 if(!delegpt_add_target_mlc(dp, rr, dname_len, 373 (struct sockaddr_storage*)&sa, len, 374 0, 0)) { 375 log_err("out of memory reading root hints"); 376 goto stop_read; 377 } 378 } else if(sldns_wirerr_get_type(rr, rr_len, dname_len) 379 == LDNS_RR_TYPE_AAAA && sldns_wirerr_get_rdatalen(rr, 380 rr_len, dname_len) == INET6_SIZE) { 381 struct sockaddr_in6 sa; 382 socklen_t len = (socklen_t)sizeof(sa); 383 memset(&sa, 0, len); 384 sa.sin6_family = AF_INET6; 385 sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); 386 memmove(&sa.sin6_addr, 387 sldns_wirerr_get_rdata(rr, rr_len, dname_len), 388 INET6_SIZE); 389 if(!delegpt_add_target_mlc(dp, rr, dname_len, 390 (struct sockaddr_storage*)&sa, len, 391 0, 0)) { 392 log_err("out of memory reading root hints"); 393 goto stop_read; 394 } 395 } else { 396 char buf[17]; 397 sldns_wire2str_type_buf(sldns_wirerr_get_type(rr, 398 rr_len, dname_len), buf, sizeof(buf)); 399 log_warn("root hints %s:%d skipping type %s", 400 fname, pstate.lineno, buf); 401 } 402 } 403 fclose(f); 404 if(!dp->name) { 405 log_warn("root hints %s: no NS content", fname); 406 delegpt_free_mlc(dp); 407 return 1; 408 } 409 delegpt_log(VERB_QUERY, dp); 410 if(!hints_insert(hints, c, dp, 0)) { 411 return 0; 412 } 413 return 1; 414 415stop_read: 416 delegpt_free_mlc(dp); 417 fclose(f); 418 return 0; 419} 420 421/** read root hints list */ 422static int 423read_root_hints_list(struct iter_hints* hints, struct config_file* cfg) 424{ 425 struct config_strlist* p; 426 for(p = cfg->root_hints; p; p = p->next) { 427 log_assert(p->str); 428 if(p->str && p->str[0]) { 429 char* f = p->str; 430 if(cfg->chrootdir && cfg->chrootdir[0] && 431 strncmp(p->str, cfg->chrootdir, 432 strlen(cfg->chrootdir)) == 0) 433 f += strlen(cfg->chrootdir); 434 if(!read_root_hints(hints, f)) 435 return 0; 436 } 437 } 438 return 1; 439} 440 441int 442hints_apply_cfg(struct iter_hints* hints, struct config_file* cfg) 443{ 444 int nolock = 1; 445 lock_rw_wrlock(&hints->lock); 446 hints_del_tree(hints); 447 name_tree_init(&hints->tree); 448 449 /* read root hints */ 450 if(!read_root_hints_list(hints, cfg)) { 451 lock_rw_unlock(&hints->lock); 452 return 0; 453 } 454 455 /* read stub hints */ 456 if(!read_stubs(hints, cfg)) { 457 lock_rw_unlock(&hints->lock); 458 return 0; 459 } 460 461 /* use fallback compiletime root hints */ 462 if(!hints_find_root(hints, LDNS_RR_CLASS_IN, nolock)) { 463 struct delegpt* dp = compile_time_root_prime(cfg->do_ip4, 464 cfg->do_ip6); 465 verbose(VERB_ALGO, "no config, using builtin root hints."); 466 if(!dp) { 467 lock_rw_unlock(&hints->lock); 468 return 0; 469 } 470 if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, 0)) { 471 lock_rw_unlock(&hints->lock); 472 return 0; 473 } 474 } 475 476 name_tree_init_parents(&hints->tree); 477 lock_rw_unlock(&hints->lock); 478 return 1; 479} 480 481struct delegpt* 482hints_find(struct iter_hints* hints, uint8_t* qname, uint16_t qclass, 483 int nolock) 484{ 485 struct iter_hints_stub *stub; 486 size_t len; 487 int has_dp; 488 int labs = dname_count_size_labels(qname, &len); 489 /* lock_() calls are macros that could be nothing, surround in {} */ 490 if(!nolock) { lock_rw_rdlock(&hints->lock); } 491 stub = (struct iter_hints_stub*)name_tree_find(&hints->tree, 492 qname, len, labs, qclass); 493 has_dp = stub && stub->dp; 494 if(!has_dp && !nolock) { lock_rw_unlock(&hints->lock); } 495 return has_dp?stub->dp:NULL; 496} 497 498struct delegpt* 499hints_find_root(struct iter_hints* hints, uint16_t qclass, int nolock) 500{ 501 uint8_t rootlab = 0; 502 return hints_find(hints, &rootlab, qclass, nolock); 503} 504 505struct iter_hints_stub* 506hints_lookup_stub(struct iter_hints* hints, uint8_t* qname, 507 uint16_t qclass, struct delegpt* cache_dp, int nolock) 508{ 509 size_t len; 510 int labs; 511 struct iter_hints_stub *r; 512 513 /* first lookup the stub */ 514 labs = dname_count_size_labels(qname, &len); 515 /* lock_() calls are macros that could be nothing, surround in {} */ 516 if(!nolock) { lock_rw_rdlock(&hints->lock); } 517 r = (struct iter_hints_stub*)name_tree_lookup(&hints->tree, qname, 518 len, labs, qclass); 519 if(!r) { 520 if(!nolock) { lock_rw_unlock(&hints->lock); } 521 return NULL; 522 } 523 524 /* If there is no cache (root prime situation) */ 525 if(cache_dp == NULL) { 526 if(r->dp->namelabs != 1) 527 return r; /* no cache dp, use any non-root stub */ 528 if(!nolock) { lock_rw_unlock(&hints->lock); } 529 return NULL; 530 } 531 532 /* 533 * If the stub is same as the delegation we got 534 * And has noprime set, we need to 'prime' to use this stub instead. 535 */ 536 if(r->noprime && query_dname_compare(cache_dp->name, r->dp->name)==0) 537 return r; /* use this stub instead of cached dp */ 538 539 /* 540 * If our cached delegation point is above the hint, we need to prime. 541 */ 542 if(dname_strict_subdomain(r->dp->name, r->dp->namelabs, 543 cache_dp->name, cache_dp->namelabs)) 544 return r; /* need to prime this stub */ 545 if(!nolock) { lock_rw_unlock(&hints->lock); } 546 return NULL; 547} 548 549int hints_next_root(struct iter_hints* hints, uint16_t* qclass, int nolock) 550{ 551 int ret; 552 /* lock_() calls are macros that could be nothing, surround in {} */ 553 if(!nolock) { lock_rw_rdlock(&hints->lock); } 554 ret = name_tree_next_root(&hints->tree, qclass); 555 if(!nolock) { lock_rw_unlock(&hints->lock); } 556 return ret; 557} 558 559size_t 560hints_get_mem(struct iter_hints* hints) 561{ 562 size_t s; 563 struct iter_hints_stub* p; 564 if(!hints) return 0; 565 lock_rw_rdlock(&hints->lock); 566 s = sizeof(*hints); 567 RBTREE_FOR(p, struct iter_hints_stub*, &hints->tree) { 568 s += sizeof(*p) + delegpt_get_mem(p->dp); 569 } 570 lock_rw_unlock(&hints->lock); 571 return s; 572} 573 574int 575hints_add_stub(struct iter_hints* hints, uint16_t c, struct delegpt* dp, 576 int noprime, int nolock) 577{ 578 struct iter_hints_stub *z; 579 /* lock_() calls are macros that could be nothing, surround in {} */ 580 if(!nolock) { lock_rw_wrlock(&hints->lock); } 581 if((z=(struct iter_hints_stub*)name_tree_find(&hints->tree, 582 dp->name, dp->namelen, dp->namelabs, c)) != NULL) { 583 (void)rbtree_delete(&hints->tree, &z->node); 584 hints_stub_free(z); 585 } 586 if(!hints_insert(hints, c, dp, noprime)) { 587 if(!nolock) { lock_rw_unlock(&hints->lock); } 588 return 0; 589 } 590 name_tree_init_parents(&hints->tree); 591 if(!nolock) { lock_rw_unlock(&hints->lock); } 592 return 1; 593} 594 595void 596hints_delete_stub(struct iter_hints* hints, uint16_t c, uint8_t* nm, 597 int nolock) 598{ 599 struct iter_hints_stub *z; 600 size_t len; 601 int labs = dname_count_size_labels(nm, &len); 602 /* lock_() calls are macros that could be nothing, surround in {} */ 603 if(!nolock) { lock_rw_wrlock(&hints->lock); } 604 if(!(z=(struct iter_hints_stub*)name_tree_find(&hints->tree, 605 nm, len, labs, c))) { 606 if(!nolock) { lock_rw_unlock(&hints->lock); } 607 return; /* nothing to do */ 608 } 609 (void)rbtree_delete(&hints->tree, &z->node); 610 hints_stub_free(z); 611 name_tree_init_parents(&hints->tree); 612 if(!nolock) { lock_rw_unlock(&hints->lock); } 613} 614