4 ### Connect to remote peers, and keep track of them
6 ### (c) 2007 Straylight/Edgeware
9 ###----- Licensing notice ---------------------------------------------------
11 ### This file is part of Trivial IP Encryption (TrIPE).
13 ### TrIPE is free software: you can redistribute it and/or modify it under
14 ### the terms of the GNU General Public License as published by the Free
15 ### Software Foundation; either version 3 of the License, or (at your
16 ### option) any later version.
18 ### TrIPE is distributed in the hope that it will be useful, but WITHOUT
19 ### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
20 ### FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
23 ### You should have received a copy of the GNU General Public License
24 ### along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
28 ###--------------------------------------------------------------------------
29 ### External dependencies.
31 from optparse import OptionParser
42 import subprocess as PROC
46 ###--------------------------------------------------------------------------
47 ### Running auxiliary commands.
49 class SelLineQueue (M.SelLineBuffer):
50 """Glues the select-line-buffer into the coroutine queue system."""
52 def __new__(cls, file, queue, tag, kind):
53 """See __init__ for documentation."""
54 return M.SelLineBuffer.__new__(cls, file.fileno())
56 def __init__(me, file, queue, tag, kind):
58 Initialize a new line-reading adaptor.
60 The adaptor reads lines from FILE. Each line is inserted as a message of
61 the stated KIND, bearing the TAG, into the QUEUE. End-of-file is
72 me._q.put((me._tag, me._kind, line))
77 me._q.put((me._tag, me._kind, None))
79 class ErrorWatch (T.Coroutine):
81 An object which watches stderr streams for errors and converts them into
84 WARN connect INFO stderr LINE
86 The INFO is a list of tokens associated with the file when it was
89 Usually there is a single ErrorWatch object, called errorwatch.
93 """Initialization: there are no arguments."""
94 T.Coroutine.__init__(me)
99 def watch(me, file, info):
101 Adds FILE to the collection of files to watch.
103 INFO will be written in the warning messages from this FILE. Returns a
104 sequence number which can be used to unregister the file again.
108 me._map[seq] = info, SelLineQueue(file, me._q, seq, 'stderr')
111 def unwatch(me, seq):
112 """Stop watching the file with sequence number SEQ."""
118 Coroutine function: read items from the queue and report them.
120 Unregisters files automatically when they reach EOF.
123 seq, _, line = me._q.get()
127 S.warn(*['connect'] + me._map[seq][0] + ['stderr', line])
131 Coroutine function: wake up every minute and notice changes to the
132 database. When a change happens, tell the Pinger (q.v.) to rescan its
135 cr = T.Coroutine.getcurrent()
137 fw = M.FWatch(opts.cdb)
139 timer = M.SelTimer(time() + 60, lambda: cr.switch())
143 S.notify('connect', 'peerdb-update')
145 class ChildWatch (M.SelSignal):
147 An object which watches for specified processes exiting and reports
148 terminations by writing items of the form (TAG, 'exit', RESULT) to a queue.
150 There is usually only one ChildWatch object, called childwatch.
154 """Initialize the child-watcher."""
155 return M.SelSignal.__new__(cls, SIG.SIGCHLD)
158 """Initialize the child-watcher."""
162 def watch(me, pid, queue, tag):
164 Register PID as a child to watch. If it exits, write (TAG, 'exit', CODE)
165 to the QUEUE, where CODE is one of
167 * None (successful termination)
168 * ['exit-nonzero', CODE] (CODE is a string!)
169 * ['exit-signal', 'S' + CODE] (CODE is the signal number as a string)
170 * ['exit-unknown', STATUS] (STATUS is the entire exit status, in hex)
172 me._pid[pid] = queue, tag
175 def unwatch(me, pid):
176 """Unregister PID as a child to watch."""
183 Called when child processes exit: collect exit statuses and report
188 pid, status = OS.waitpid(-1, OS.WNOHANG)
190 if exc.errno == E.ECHILD:
194 if pid not in me._pid:
196 queue, tag = me._pid[pid]
197 if OS.WIFEXITED(status):
198 exit = OS.WEXITSTATUS(status)
202 code = ['exit-nonzero', str(exit)]
203 elif OS.WIFSIGNALED(status):
204 code = ['exit-signal', 'S' + str(OS.WTERMSIG(status))]
206 code = ['exit-unknown', hex(status)]
207 queue.put((tag, 'exit', code))
209 class Command (object):
211 Represents a running command.
213 This class is the main interface to the machery provided by the ChildWatch
214 and ErrorWatch objects. See also potwatch.
217 def __init__(me, info, queue, tag, args, env):
219 Start a new child process.
221 The ARGS are a list of arguments to be given to the child process. The
222 ENV is either None or a dictionary of environment variable assignments to
223 override the extant environment. INFO is a list of tokens to be included
224 in warnings about the child's stderr output. If the child writes a line
225 to standard output, put (TAG, 'stdout', LINE) to the QUEUE. When the
226 child exits, write (TAG, 'exit', CODE) to the QUEUE.
231 myenv = OS.environ.copy()
232 if env: myenv.update(env)
233 me._proc = PROC.Popen(args = args, env = myenv, bufsize = 1,
234 stdout = PROC.PIPE, stderr = PROC.PIPE)
235 me._lq = SelLineQueue(me._proc.stdout, queue, tag, 'stdout')
236 errorwatch.watch(me._proc.stderr, info)
237 childwatch.watch(me._proc.pid, queue, tag)
241 If I've been forgotten then stop watching for termination.
243 childwatch.unwatch(me._proc.pid)
245 def potwatch(what, name, q):
247 Watch the queue Q for activity as reported by a Command object.
249 Information from the process's stdout is reported as
251 NOTE WHAT NAME stdout LINE
253 abnormal termination is reported as
257 where CODE is what the ChildWatch wrote.
260 while not deadp or not eofp:
261 _, kind, more = q.get()
266 S.notify('connect', what, name, 'stdout', more)
268 if more: S.warn('connect', what, name, *more)
271 ###--------------------------------------------------------------------------
272 ### Peer database utilities.
274 _magic = ['_magic'] # An object distinct from all others
277 """Representation of a peer in the database."""
279 def __init__(me, peer, cdb = None):
281 Create a new peer, named PEER.
283 Information about the peer is read from the database CDB, or the default
284 one given on the command-line.
287 record = (cdb or CDB.init(opts.cdb))['P' + peer]
288 me.__dict__.update(M.URLDecode(record, semip = True))
290 def get(me, key, default = _magic, filter = None):
292 Get the information stashed under KEY from the peer's database record.
294 If DEFAULT is given, then use it if the database doesn't contain the
295 necessary information. If no DEFAULT is given, then report an error. If
296 a FILTER function is given then apply it to the information from the
297 database before returning it.
300 attr = me.__dict__[key]
302 if default is _magic:
303 raise T.TripeJobError('malformed-peer', me.name, 'missing-key', key)
306 if filter is not None: attr = filter(attr)
311 Return whether the peer's database record has the KEY.
313 return key in me.__dict__
317 Iterate over the available keys in the peer's database record.
319 return me.__dict__.iterkeys()
322 """Parse VALUE as a boolean."""
323 return value in ['t', 'true', 'y', 'yes', 'on']
325 ###--------------------------------------------------------------------------
326 ### Waking up and watching peers.
328 def run_connect(peer, cmd):
330 Start the job of connecting to the passive PEER.
332 The CMD string is a shell command which will connect to the peer (via some
333 back-channel, say ssh and userv), issue a command
335 SVCSUBMIT connect passive [OPTIONS] USER
337 and write the resulting challenge to standard error.
340 cmd = Command(['connect', peer.name], q, 'connect',
341 ['/bin/sh', '-c', cmd], None)
342 _, kind, more = q.peek()
345 S.warn('connect', 'connect', peer.name, 'unexpected-eof')
348 S.greet(peer.name, chal)
350 potwatch('connect', peer.name, q)
352 def run_disconnect(peer, cmd):
354 Start the job of disconnecting from a passive PEER.
356 The CMD string is a shell command which will disconnect from the peer.
359 cmd = Command(['disconnect', peer.name], q, 'disconnect',
360 ['/bin/sh', '-c', cmd], None)
361 potwatch('disconnect', peer.name, q)
364 class PingPeer (object):
366 Object representing a peer which we are pinging to ensure that it is still
369 PingPeer objects are held by the Pinger (q.v.). The Pinger maintains an
370 event queue -- which saves us from having an enormous swarm of coroutines
371 -- but most of the actual work is done here.
373 In order to avoid confusion between different PingPeer instances for the
374 same actual peer, each PingPeer has a sequence number (its `seq'
375 attribute). Events for the PingPeer are identified by a (PEER, SEQ) pair.
376 (Using the PingPeer instance itself will prevent garbage collection of
377 otherwise defunct instances.)
380 def __init__(me, pinger, queue, peer, pingnow):
382 Create a new PingPeer.
384 The PINGER is the Pinger object we should send the results to. This is
385 used when we remove ourselves, if the peer has been explicitly removed.
387 The QUEUE is the event queue on which timer and ping-command events
390 The PEER is a `Peer' object describing the peer.
392 If PINGNOW is true, then immediately start pinging the peer. Otherwise
393 wait until the usual retry interval.
409 me._min = me._max = '-'
414 me._timer = M.SelTimer(time() + me._every, me._time)
416 def update(me, peer):
418 Refreshes the timer parameters for this peer. We don't, however,
419 immediately reschedule anything: that will happen next time anything
422 if peer is None: peer = Peer(me._peer)
423 assert peer.name == me._peer
424 me._every = peer.get('every', filter = T.timespec, default = 120)
425 me._timeout = peer.get('timeout', filter = T.timespec, default = 10)
426 me._retries = peer.get('retries', filter = int, default = 5)
427 me._connectp = peer.has('connect')
432 Send a ping to the peer; the result is sent to the Pinger's event queue.
434 S.rawcommand(T.TripeAsynchronousCommand(
435 me._q, (me._peer, me.seq),
437 '-background', S.bgtag(),
438 '-timeout', str(me._timeout),
444 peer = Peer(me._peer)
446 S.warn('connect', 'reconnecting', me._peer)
448 T.spawn(run_connect, peer, peer.get('connect'))
449 me._timer = M.SelTimer(time() + me._every, me._time)
453 except TripeError, e:
454 if e.args[0] == 'unknown-peer': me._pinger.kill(me._peer)
456 def event(me, code, stuff):
458 Respond to an event which happened to this peer.
460 Timer events indicate that we should start a new ping. (The server has
461 its own timeout which detects lost packets.)
463 We trap unknown-peer responses and detach from the Pinger.
465 If the ping fails and we run out of retries, we attempt to restart the
472 S.notify('connect', 'ping-failed', me._peer, *stuff)
474 elif stuff[0] == 'unknown-peer': me._pinger.kill(me._peer)
475 elif stuff[0] == 'ping-send-failed': me._reconnect()
478 if outcome == 'ping-ok' and me._sabotage:
479 outcome = 'ping-timeout'
480 if outcome == 'ping-ok':
481 if me._failures > 0: S.warn('connect', 'ping-ok', me._peer)
483 me._last = '%.1fms' % t
487 if me._min == '-' or t < me._min: me._min = t
488 if me._max == '-' or t > me._max: me._max = t
489 me._timer = M.SelTimer(time() + me._every, me._time)
490 elif outcome == 'ping-timeout':
493 S.warn('connect', 'ping-timeout', me._peer,
494 'attempt', str(me._failures), 'of', str(me._retries))
495 if me._failures < me._retries:
500 me._last = 'reconnect'
501 elif outcome == 'ping-peer-died':
502 me._pinger.kill(me._peer)
505 """Sabotage the peer, for testing purposes."""
507 if me._timer: me._timer.kill()
514 mean = me._sigma_t/me._nping
515 sd = sqrt(me._sigma_t2/me._nping - mean*mean)
516 n = me._nping + me._nlost
517 if not n: pclost = '-'
518 else: pclost = '%d' % ((100*me._nlost + n//2)//n)
519 return { 'last-ping': me._last,
520 'mean-ping': '%.1fms' % mean,
521 'sd-ping': '%.1fms' % sd,
522 'n-ping': '%d' % me._nping,
523 'n-lost': '%d' % me._nlost,
524 'percent-lost': pclost,
525 'min-ping': '%.1fms' % me._min,
526 'max-ping': '%.1fms' % me._max,
527 'state': me._timer and 'idle' or 'check',
528 'failures': me._failures }
533 Handle timer callbacks by posting a timeout event on the queue.
536 me._q.put(((me._peer, me.seq), 'TIMER', None))
539 return 'PingPeer(%s, %d, f = %d)' % (me._peer, me.seq, me._failures)
543 class Pinger (T.Coroutine):
545 The Pinger keeps track of the peers which we expect to be connected and
546 takes action if they seem to stop responding.
548 There is usually only one Pinger, called pinger.
550 The Pinger maintains a collection of PingPeer objects, and an event queue.
551 The PingPeers direct the results of their pings, and timer events, to the
552 event queue. The Pinger's coroutine picks items off the queue and
553 dispatches them back to the PingPeers as appropriate.
557 """Initialize the Pinger."""
558 T.Coroutine.__init__(me)
564 Coroutine function: reads the pinger queue and sends events to the
565 PingPeer objects they correspond to.
568 (peer, seq), code, stuff = me._q.get()
569 if peer in me._peers and seq == me._peers[peer].seq:
570 try: me._peers[peer].event(code, stuff)
572 SYS.excepthook(*SYS.exc_info())
574 def add(me, peer, pingnow):
576 Add PEER to the collection of peers under the Pinger's watchful eye.
577 The arguments are as for PingPeer: see above.
579 me._peers[peer.name] = PingPeer(me, me._q, peer, pingnow)
582 def kill(me, peername):
583 """Remove PEER from the peers being watched by the Pinger."""
584 try: del me._peers[peername]
585 except KeyError: pass
588 def rescan(me, startup):
590 General resynchronization method.
592 We scan the list of peers (with connect scripts) known at the server.
593 Any which are known to the Pinger but aren't known to the server are
594 removed from our list; newly arrived peers are added. (Note that a peer
595 can change state here either due to the server sneakily changing its list
596 without issuing notifications or, more likely, the database changing its
597 idea of whether a peer is interesting.) Finally, PingPeers which are
598 still present are prodded to update their timing parameters.
600 This method is called once at startup to pick up the peers already
601 installed, and again by the dbwatcher coroutine when it detects a change
604 if T._debug: print '# rescan peers'
607 for name in S.list():
608 try: peer = Peer(name)
609 except KeyError: continue
610 if peer.get('watch', filter = boolean, default = False):
611 if T._debug: print '# interesting peer %s' % peer
612 correct[peer.name] = start[peer.name] = peer
614 if T._debug: print '# peer %s ready for adoption' % peer
615 start[peer.name] = peer
616 for name, obj in me._peers.items():
620 if T._debug: print '# peer %s vanished' % name
624 for name, peer in start.iteritems():
625 if name in me._peers: continue
627 if T._debug: print '# setting up peer %s' % name
628 ifname = S.ifname(name)
630 T.defer(adoptpeer, peer, ifname, *addr)
632 if T._debug: print '# adopting new peer %s' % name
638 Returns the list of peers being watched by the Pinger.
640 return me._peers.keys()
643 """Return the PingPeer with the given name."""
644 return me._peers[name]
646 ###--------------------------------------------------------------------------
649 def encode_envvars(env, prefix, vars):
651 Encode the variables in VARS suitably for including in a program
652 environment. Lowercase letters in variable names are forced to uppercase;
653 runs of non-alphanumeric characters are replaced by single underscores; and
654 the PREFIX is prepended. The resulting variables are written to ENV.
656 for k, v in vars.iteritems():
657 env[prefix + r_bad.sub('_', k.upper())] = v
659 r_bad = RX.compile(r'[\W_]+')
662 Translate the database information for a PEER into a dictionary of
663 environment variables with plausible upper-case names and a P_ prefix.
664 Also collect the crypto information into A_ variables.
667 encode_envvars(env, 'P_', dict([(k, peer.get(k)) for k in peer.list()]))
668 encode_envvars(env, 'A_', S.algs(peer.name))
671 def run_ifupdown(what, peer, *args):
673 Run the interface up/down script for a peer.
675 WHAT is 'ifup' or 'ifdown'. PEER names the peer in question. ARGS is a
676 list of arguments to pass to the script, in addition to the peer name.
678 The command is run and watched in the background by potwatch.
681 c = Command([what, peer.name], q, what,
682 M.split(peer.get(what), quotep = True)[0] +
683 [peer.name] + list(args),
685 potwatch(what, peer.name, q)
687 def adoptpeer(peer, ifname, *addr):
689 Add a new peer to our collection.
691 PEER is the `Peer' object; IFNAME is the interface name for its tunnel; and
692 ADDR is the list of tokens representing its address.
694 We try to bring up the interface and provoke a connection to the peer if
698 T.Coroutine(run_ifupdown, name = 'ifup %s' % peer.name) \
699 .switch('ifup', peer, ifname, *addr)
700 cmd = peer.get('connect', default = None)
702 T.Coroutine(run_connect, name = 'connect %s' % peer.name) \
704 if peer.get('watch', filter = boolean, default = False):
705 pinger.add(peer, False)
707 def disownpeer(peer):
708 """Drop the PEER from the Pinger and put its interface to bed."""
709 try: pinger.kill(peer)
710 except KeyError: pass
711 cmd = peer.get('disconnect', default = None)
713 T.Coroutine(run_disconnect, name = 'disconnect %s' % peer.name) \
715 if peer.has('ifdown'):
716 T.Coroutine(run_ifupdown, name = 'ifdown %s' % peer.name) \
717 .switch('ifdown', peer)
719 def addpeer(peer, addr):
721 Process a connect request from a new peer PEER on address ADDR.
723 Any existing peer with this name is disconnected from the server.
725 if peer.name in S.list():
729 tunnel = peer.get('tunnel', default = None),
730 keepalive = peer.get('keepalive', default = None),
731 key = peer.get('key', default = None),
732 priv = peer.get('priv', default = None),
733 mobile = peer.get('mobile', filter = boolean, default = False),
734 cork = peer.get('cork', filter = boolean, default = False),
736 except T.TripeError, exc:
737 raise T.TripeJobError(*exc.args)
739 ## Dictionary mapping challenges to waiting passive-connection coroutines.
742 def notify(_, code, *rest):
744 Watch for notifications.
746 We trap ADD and KILL notifications, and send them straight to adoptpeer and
747 disownpeer respectively; and dispatch GREET notifications to the
748 corresponding waiting coroutine.
751 try: p = Peer(rest[0])
752 except KeyError: return
753 adoptpeer(p, *rest[1:])
755 try: p = Peer(rest[0])
756 except KeyError: return
757 disownpeer(p, *rest[1:])
758 elif code == 'GREET':
760 try: cr = chalmap[chal]
761 except KeyError: pass
762 else: cr.switch(rest[1:])
764 ###--------------------------------------------------------------------------
765 ### Command implementation.
769 kick NAME: Force a new connection attempt for the NAMEd peer.
771 try: pp = pinger.find(name)
772 except KeyError: raise T.TripeJobError('peer-not-adopted', name)
773 try: peer = Peer(name)
774 except KeyError: raise T.TripeJobError('unknown-peer', name)
775 conn = peer.get('connect', None)
776 if conn: T.spawn(run_connect, peer, peer.get('connect'))
777 else: T.spawn(lambda p: S.forcekx(p.name), peer)
781 adopted: Report a list of adopted peers.
783 for name in pinger.adopted():
786 def cmd_active(name):
788 active NAME: Handle an active connection request for the peer called NAME.
790 The appropriate address is read from the database automatically.
792 try: peer = Peer(name)
793 except KeyError: raise T.TripeJobError('unknown-peer', name)
794 addr = peer.get('peer')
795 if addr == 'PASSIVE':
796 raise T.TripeJobError('passive-peer', name)
797 addpeer(peer, M.split(addr, quotep = True)[0])
799 def cmd_listactive():
801 list: Report a list of the available active peers.
803 cdb = CDB.init(opts.cdb)
804 for key in cdb.keys():
805 if key.startswith('P') and Peer(key[1:]).get('peer', '') != 'PASSIVE':
810 info NAME: Report the database entries for the named peer.
812 try: peer = Peer(name)
813 except KeyError: raise T.TripeJobError('unknown-peer', name)
815 try: pp = pinger.find(name)
816 except KeyError: pass
817 else: d.update(pp.info())
818 items = list(peer.list()) + d.keys()
822 except KeyError: v = peer.get(i)
823 T.svcinfo('%s=%s' % (i, v))
825 def cmd_userpeer(user):
827 userpeer USER: Report the peer name for the named user.
829 try: name = CDB.init(opts.cdb)['U' + user]
830 except KeyError: raise T.TripeJobError('unknown-user', user)
833 def cmd_passive(*args):
835 passive [OPTIONS] USER: Await the arrival of the named USER.
837 Report a challenge; when (and if!) the server receives a greeting quoting
838 this challenge, add the corresponding peer to the server.
841 op = T.OptParse(args, ['-timeout'])
843 if opt == '-timeout':
844 timeout = T.timespec(op.arg())
845 user, = op.rest(1, 1)
846 try: name = CDB.init(opts.cdb)['U' + user]
847 except KeyError: raise T.TripeJobError('unknown-user', user)
848 try: peer = Peer(name)
849 except KeyError: raise T.TripeJobError('unknown-peer', name)
851 cr = T.Coroutine.getcurrent()
852 timer = M.SelTimer(time() + timeout, lambda: cr.switch(None))
856 addr = cr.parent.switch()
858 raise T.TripeJobError('connect-timeout')
863 def cmd_sabotage(name):
865 sabotage NAME: Sabotage the NAMEd peer so that we think it can't be pinged.
867 try: pp = pinger.find(name)
868 except KeyError: raise T.TripeJobError('unknown-peer', name)
871 ###--------------------------------------------------------------------------
878 Register the notification watcher, rescan the peers, and add automatic
881 S.handler['NOTE'] = notify
884 pinger.rescan(opts.startup)
887 cdb = CDB.init(opts.cdb)
892 for name in M.split(autos)[0]:
894 peer = Peer(name, cdb)
895 addpeer(peer, M.split(peer.get('peer'), quotep = True)[0])
896 except T.TripeJobError, err:
897 S.warn('connect', 'auto-add-failed', name, *err.args)
901 Initialization to be done before service startup.
903 global errorwatch, childwatch, pinger
904 errorwatch = ErrorWatch()
905 childwatch = ChildWatch()
907 T.Coroutine(dbwatch, name = 'dbwatch').switch()
913 Parse the command-line options.
915 Automatically changes directory to the requested configdir, and turns on
916 debugging. Returns the options object.
918 op = OptionParser(usage = '%prog [-a FILE] [-d DIR]',
919 version = '%%prog %s' % VERSION)
921 op.add_option('-a', '--admin-socket',
922 metavar = 'FILE', dest = 'tripesock', default = T.tripesock,
923 help = 'Select socket to connect to [default %default]')
924 op.add_option('-d', '--directory',
925 metavar = 'DIR', dest = 'dir', default = T.configdir,
926 help = 'Select current diretory [default %default]')
927 op.add_option('-p', '--peerdb',
928 metavar = 'FILE', dest = 'cdb', default = T.peerdb,
929 help = 'Select peers database [default %default]')
930 op.add_option('--daemon', dest = 'daemon',
931 default = False, action = 'store_true',
932 help = 'Become a daemon after successful initialization')
933 op.add_option('--debug', dest = 'debug',
934 default = False, action = 'store_true',
935 help = 'Emit debugging trace information')
936 op.add_option('--startup', dest = 'startup',
937 default = False, action = 'store_true',
938 help = 'Being called as part of the server startup')
940 opts, args = op.parse_args()
941 if args: op.error('no arguments permitted')
943 T._debug = opts.debug
946 ## Service table, for running manually.
947 service_info = [('connect', T.VERSION, {
948 'adopted': (0, 0, '', cmd_adopted),
949 'kick': (1, 1, 'PEER', cmd_kick),
950 'passive': (1, None, '[OPTIONS] USER', cmd_passive),
951 'active': (1, 1, 'PEER', cmd_active),
952 'info': (1, 1, 'PEER', cmd_info),
953 'list-active': (0, 0, '', cmd_listactive),
954 'userpeer': (1, 1, 'USER', cmd_userpeer),
955 'sabotage': (1, 1, 'PEER', cmd_sabotage)
958 if __name__ == '__main__':
959 opts = parse_options()
960 OS.environ['TRIPESOCK'] = opts.tripesock
961 T.runservices(opts.tripesock, service_info,
962 init = init, setup = setup,
963 daemon = opts.daemon)
965 ###----- That's all, folks --------------------------------------------------