]>
git.ipfire.org Git - thirdparty/xtables-addons.git/log
Jeremy Sowden [Sat, 7 May 2022 11:59:23 +0000 (13:59 +0200)]
doc: fix some typos in man-pages
libxt_ACCOUNT.man: 'accouting' -> 'accounting'
libxt_DELUDE.man: 'belive' -> 'believe'
libxt_DHCPMAC.man: 'allow to' -> 'allow one to'
libxt_SYSRQ.man: 'allows to' -> 'allows one to'
libxt_ipv4options.man: 'allows to' -> 'allows one to'
libxt_psd.man: 'non-priviliged' -> 'non-privileged'
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jan Engelhardt [Thu, 21 Apr 2022 09:31:55 +0000 (11:31 +0200)]
doc: move documentation to rST format
Jan Engelhardt [Sun, 10 Apr 2022 12:09:52 +0000 (14:09 +0200)]
Xtables-addons 3.20
Jan Engelhardt [Sat, 5 Feb 2022 17:17:35 +0000 (18:17 +0100)]
doc: move changelog to rST
Jan Engelhardt [Sat, 5 Feb 2022 17:16:32 +0000 (18:16 +0100)]
doc: remove old changelog entries
Jeremy Sowden [Fri, 4 Feb 2022 13:26:43 +0000 (14:26 +0100)]
build: bump supported kernel version to 5.17
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Fri, 4 Feb 2022 13:26:42 +0000 (14:26 +0100)]
extensions: replace PDE_DATA
The `PDE_DATA` function for retrieving private data from a procfs inode
has been replaced by `pde_data` in 5.17. Replace all instances of the
former with the latter, but add a macro to xtables_compat.h in order to
preserve compatibility with older kernels.
Link: https://lore.kernel.org/lkml/20211124081956.87711-1-songmuchun@bytedance.com/
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jan Engelhardt [Tue, 1 Feb 2022 17:24:03 +0000 (18:24 +0100)]
Xtables-addons 3.19
Philip Prindeville [Sun, 26 Sep 2021 19:57:34 +0000 (21:57 +0200)]
xt_ECHO, xt_TARPIT: make properly conditional on IPv6
Not all modules compile equally well when CONFIG_IPv6 is disabled.
Jan Engelhardt [Tue, 14 Sep 2021 15:07:58 +0000 (17:07 +0200)]
xt_ipp2p: replace redundant ipp2p_addr
Jeremy Sowden [Tue, 14 Sep 2021 14:09:34 +0000 (16:09 +0200)]
xt_ipp2p: add ipv6 module alias
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Mon, 13 Sep 2021 19:46:07 +0000 (21:46 +0200)]
xt_ipp2p: fix compatibility with pre-5.1 kernels
`ip_transport_len` and `ipv6_transport_len` were introduced in 5.1.
They are both single-statement static inline functions, so add fall-back
implementations for compatibility with older kernels.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jan Engelhardt [Mon, 13 Sep 2021 09:20:51 +0000 (10:20 +0100)]
xt_ipp2p: add IPv6 support
Jeremy Sowden [Mon, 13 Sep 2021 09:20:50 +0000 (11:20 +0200)]
xt_ipp2p: move result printing code into separate functions
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Mon, 13 Sep 2021 09:20:49 +0000 (11:20 +0200)]
xt_ipp2p: move the protocol-specific code out into separate functions
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Mon, 13 Sep 2021 09:20:48 +0000 (11:20 +0200)]
xt_ipp2p: don't search haystack if it's empty
All the search functions have a positive minimum packet length.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 22 Aug 2021 16:35:56 +0000 (17:35 +0100)]
xt_condition: simplify clean-up of variables
Unlocking early and returning in the if-block just complicate the code
to no material benefit.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 22 Aug 2021 16:35:55 +0000 (17:35 +0100)]
xt_condition: do not delete variables in `condition_net_exit`
`condition_mt_destroy` will be called for every match anyway, so we may
as well do the clean-up then, rather than duplicating it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 22 Aug 2021 16:35:54 +0000 (17:35 +0100)]
xt_condition: use condition_net::proc_net_condition to signal condition_net_exit being called
There's no need for a separate boolean flag when we can just set
`proc_net_condition` to `NULL` after the directory has been removed.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 22 Aug 2021 16:35:53 +0000 (17:35 +0100)]
xt_condition: remove `wmb` when adding new variable
Originally, some accesses to `conditions_list` were protected by RCU and
the memory-barrier was needed to ensure that the new variable was fully
initialized before being added to the list. These days, however, all
accesses are protected by the `proc_lock` mutex, so the barrier is no
longer required.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 22 Aug 2021 16:35:52 +0000 (17:35 +0100)]
xt_condition: make mutex per-net
The mutex protects per-net resources, so make it per-net too.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 22 Aug 2021 16:35:51 +0000 (17:35 +0100)]
xt_condition: use `xt_check_proc_name` to validate /proc file name
4.16 introduced a standard function to do the job, so let's use it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 22 Aug 2021 16:35:50 +0000 (17:35 +0100)]
xt_condition: use sizeof_field macro to size variable name
4.16 introduced a macro for getting the size of a struct member, so
let's use it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 22 Aug 2021 16:35:49 +0000 (17:35 +0100)]
build: bump minimum supported kernel version from 4.15 to 4.16
The next two commits make use of a function and macro that were
introduced in 4.16.
Jeremy Sowden [Sat, 21 Aug 2021 10:17:24 +0000 (12:17 +0200)]
Add DWARF object files to .gitignore.
If we build against a kernel with `CONFIG_DEBUG_INFO_SPLIT` enabled, the
kernel compiler flags will include `-gsplit-dwarf`, and the linker will
emit .dwo files.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jan Engelhardt [Mon, 16 Aug 2021 06:49:55 +0000 (08:49 +0200)]
Merge branch 'master' of ssh://git.code.sf.net/u/jeffcarlson72/xtables-addons
Jeff Carlson [Mon, 16 Aug 2021 01:59:25 +0000 (18:59 -0700)]
pknock: added UDP options to help and made whitespace consistent
Jeremy Sowden [Sat, 14 Aug 2021 14:33:59 +0000 (16:33 +0200)]
libxt_ACCOUNT_cl: correct LDFLAGS variable name
The LT library name is libxt_ACCOUNT_cl.la, so the variable should be
`libxt_ACCOUNT_cl_la_LDFLAGS`.
Fixes: 81ab0b9586e6 ("libxt_ACCOUNT_cl: drop padding holes from struct ipt_ACCOUNT_context")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jan Engelhardt [Sat, 17 Jul 2021 09:37:50 +0000 (11:37 +0200)]
doc: add incompatibility notice with transmogrified kernels
Jan Engelhardt [Sat, 17 Jul 2021 09:34:34 +0000 (11:34 +0200)]
extensions: remove unused code from compat_xtnu.h
Jan Engelhardt [Sat, 17 Jul 2021 09:33:20 +0000 (11:33 +0200)]
xt_ipp2p: use fixed-size integers for struct ipt_p2p_info
Jan Engelhardt [Sat, 17 Jul 2021 09:32:19 +0000 (11:32 +0200)]
extensions: syntactically compact struct definitions
Jan Engelhardt [Sat, 17 Jul 2021 09:31:10 +0000 (11:31 +0200)]
libxt_ACCOUNT_cl: drop padding holes from struct ipt_ACCOUNT_context
Jan Engelhardt [Sat, 17 Jul 2021 09:24:47 +0000 (11:24 +0200)]
extensions: use simpler header guards
Jan Engelhardt [Thu, 11 Mar 2021 16:13:17 +0000 (17:13 +0100)]
Xtables-addons 3.18
Jan Engelhardt [Thu, 11 Mar 2021 16:11:47 +0000 (17:11 +0100)]
xt_pknock: fix build failure under platforms like ARM 32-bit
./arch/arm/include/asm/div64.h:24:45: note: expected "uint64_t *"
{aka "long long unsigned int *"} but argument is of type
"long unsigned int *"
24 | static inline uint32_t __div64_32(uint64_t *n, uint32_t base)
Jan Engelhardt [Sun, 28 Feb 2021 16:54:20 +0000 (17:54 +0100)]
Xtables-addons 3.17
Jan Engelhardt [Sun, 28 Feb 2021 16:48:47 +0000 (17:48 +0100)]
xt_pknock: reduce indent in the two most-recently touched functions
Andrew S. Johnson [Sun, 28 Feb 2021 14:54:56 +0000 (15:54 +0100)]
xt_pknock: cure NULL dereference
The original patch for long division on x86 didn't take into account
the use of short circuit logic for checking if peer is NULL before
testing it. Here is a revised patch to v3.16.
Jan Engelhardt [Wed, 24 Feb 2021 00:16:22 +0000 (01:16 +0100)]
Xtables-addons 3.16
Jan Engelhardt [Wed, 24 Feb 2021 00:12:28 +0000 (01:12 +0100)]
xt_quota2: silence a compiler warning
libxt_quota2.c:73:3: warning: ‘strncpy’ specified bound 15 equals destination size [-Wstringop-truncation]
73 | strncpy(info->name, optarg, sizeof(info->name));
Andrew S. Johnson [Sun, 21 Feb 2021 14:50:50 +0000 (07:50 -0700)]
xt_pknock: use do_div for long division
Jan Engelhardt [Fri, 5 Feb 2021 20:55:57 +0000 (21:55 +0100)]
Xtables-addons 3.15
Jan Engelhardt [Fri, 5 Feb 2021 19:14:55 +0000 (20:14 +0100)]
xt_pknock: replace obsolete function get_seconds
get_seconds is removed in 5.11; its replacement ktime_get_real_seconds
is available since 3.19. The timestamps should not be affected by clock
resets, so will be switched to ktime_get_seconds.
Jan Engelhardt [Wed, 20 Jan 2021 02:06:11 +0000 (03:06 +0100)]
xt_lscan: add --mirai option
Jan Engelhardt [Wed, 20 Jan 2021 01:50:01 +0000 (02:50 +0100)]
xt_lscan: extend info struct to support more flags (without size change)
Jan Engelhardt [Wed, 20 Jan 2021 01:44:25 +0000 (02:44 +0100)]
xt_ECHO: support new function signature of security_skb_classify_flow
Jan Engelhardt [Tue, 24 Nov 2020 17:41:52 +0000 (18:41 +0100)]
Xtables-addons 3.14
Jeremy Sowden [Sun, 22 Nov 2020 14:05:30 +0000 (15:05 +0100)]
geoip: use correct download URL for MaxMind DBs
The download URL for the GeoLite2 DBs has changed and includes a
licence key. Update the download script to read the key from file or
stdin and use the correct URL.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jan Engelhardt [Mon, 23 Nov 2020 22:11:41 +0000 (23:11 +0100)]
extensions: reduce number of arguments to send_reset functions
Jan Engelhardt [Sun, 22 Nov 2020 16:54:35 +0000 (17:54 +0100)]
extensions: call send_reset with xtables state socket
Reported-by: Minqiang Chen <ptpt52@gmail.com>
Jan Engelhardt [Sun, 22 Nov 2020 16:45:37 +0000 (17:45 +0100)]
build: cure overall build failure when CONFIG_NF_NAT=n
Jan Engelhardt [Sun, 22 Nov 2020 16:44:51 +0000 (17:44 +0100)]
geoip: rename xt_geoip_fetch to xt_geoip_query
"fetch" sounds a bit like "download", but that is not what this
utility does. Calling it "query" seems more appropriate.
Jeremy Sowden [Sun, 22 Nov 2020 14:05:29 +0000 (15:05 +0100)]
geoip: add man pages for MaxMind scripts
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 22 Nov 2020 14:05:28 +0000 (15:05 +0100)]
doc: fix man page typos
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 22 Nov 2020 14:05:27 +0000 (15:05 +0100)]
geoip: remove superfluous xt_geoip_fetch_maxmind script
xt_geoip_fetch and xt_geoip_fetch_maxmind are identical. Remove the
latter.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jan Engelhardt [Fri, 20 Nov 2020 12:03:06 +0000 (13:03 +0100)]
Xtables-addons 3.13
Jan Engelhardt [Fri, 20 Nov 2020 12:01:17 +0000 (13:01 +0100)]
compat_xtables: employ route_me_harder define for 4.19 and 5.4 too
The API change found its way into some more Linux stable series.
Jan Engelhardt [Thu, 19 Nov 2020 11:30:46 +0000 (12:30 +0100)]
Xtables-addons 3.12
Jan Engelhardt [Thu, 19 Nov 2020 21:11:13 +0000 (22:11 +0100)]
compat_xtables: fix a spello near route_me_harder
Jan Engelhardt [Thu, 19 Nov 2020 12:41:23 +0000 (13:41 +0100)]
xt_DNETMAP: compaction of variable declarations
Philip Prindeville [Mon, 25 May 2020 20:05:42 +0000 (14:05 -0600)]
geoip: re-add Maxmind scripts
Jan Engelhardt [Thu, 19 Nov 2020 11:52:57 +0000 (12:52 +0100)]
extensions: abolish NIPQUAD/NIP6
Support for Linux 2.6.28 is long gone.
Jan Engelhardt [Thu, 19 Nov 2020 11:28:55 +0000 (12:28 +0100)]
build: adjust for changed signature of ip_route_me_harder
(Cf. commit
46d6c5ae953cc0be38efd0e469284df7c4328cf8 in Linux.)
Jeremy Sowden [Sun, 25 Oct 2020 18:15:51 +0000 (19:15 +0100)]
pknlusr: mention the group ID command-line paramater in the man page
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jan Engelhardt [Mon, 26 Oct 2020 10:06:57 +0000 (11:06 +0100)]
pknock: trim some blank lines
Jan Engelhardt [Sun, 25 Oct 2020 14:41:24 +0000 (15:41 +0100)]
extensions: split assignments and if-exprs
Jeremy Sowden [Sun, 25 Oct 2020 13:15:59 +0000 (14:15 +0100)]
xt_pknock: remove DEBUG definition and disable debug output
The DEBUG definition in xt_pknock.h causes a compiler warning if one
adds a DEBUG define to xt_pknock.c to enable pr_debug. Since it only
controls some debugging output in libxt_pknock.c, it would make sense to
move the definition there, but let's just disable the debugging instead.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:58 +0000 (14:15 +0100)]
xt_pknock: use `pr_err`
Replace some instances of `printk(KERN_ERR PKNOCK ...)`. We define
`pr_fmt`, so `pr_err` is equivalent.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:57 +0000 (14:15 +0100)]
xt_pknock: use kzalloc
Replace some instances of kmalloc + memset.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:56 +0000 (14:15 +0100)]
xt_pknock: use IS_ENABLED
It is more succinct than checking whether CONFIG_BLAH or
CONFIG_BLAH_MODULE are defined.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:55 +0000 (14:15 +0100)]
pknlusr: fix hard-coded netlink multicast group ID
The group ID used by xt_pknock is configurable, but pknlusr hard-codes
it. Modify pknlusr to accept an optional ID from the command line.
Group IDs range from 1 to 32 and each ID appears in the group bitmask
at position `group_id - 1`.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:54 +0000 (14:15 +0100)]
pknlusr: always close socket
On some error paths, the socket was not being closed before exit.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:53 +0000 (14:15 +0100)]
pknlusr: do not treat recv return value of zero as an error
A return-value of zero is not an error, so there is no point calling
perror, but since we have not requested and do not expect a zero-length
datagram, we treat it as EOF and exit.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:52 +0000 (14:15 +0100)]
pknlusr: use macro to define inet_ntop buffer size
POSIX provides a macro to define the minimum length required, so let's
use it.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:51 +0000 (14:15 +0100)]
pknlusr: use NLMSG macros and proper types, rather than arithmetic on char pointers
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:50 +0000 (14:15 +0100)]
pknlusr: tidy up initialization of local address
Use struct initialization and drop memset. We do not need to set the port
ID, since the kernel will do it for us.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:49 +0000 (14:15 +0100)]
pknock: pknlusr: tighten up variable scopes
Make global variables local, and move variables local to while-loop into
the loop.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:48 +0000 (14:15 +0100)]
pknock: pknlusr: remove dest_addr and rename src_addr
We only need to specify the address at our end, and given that we are
receiving messages, not sending them, calling it `src_addr` is
misleading.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sun, 25 Oct 2020 13:15:47 +0000 (14:15 +0100)]
pknock: pknlusr: ensure man-page is included by `make dist`
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Thu, 22 Oct 2020 17:30:05 +0000 (19:30 +0200)]
pknlusr: add man page
Since pknlusr is now being installed, let's give it a man page.
Jeremy Sowden [Thu, 22 Oct 2020 17:30:03 +0000 (19:30 +0200)]
pknlusr: fix formatting of a line
Jan Engelhardt [Sun, 6 Sep 2020 14:35:13 +0000 (16:35 +0200)]
Xtables-addons 3.11
Jeremy Sowden [Mon, 31 Aug 2020 12:59:48 +0000 (14:59 +0200)]
build: bump supported kernel version to 5.9
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Mon, 31 Aug 2020 12:59:47 +0000 (14:59 +0200)]
xt_ACCOUNT: update prototype of nf_sockopt_ops::set callback
In 5.9, the `void __user` parameter has been replaced by a `sockptr`.
Update `ipt_acc_set_ctl` appropriately.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Helmut Grohne [Mon, 31 Aug 2020 10:36:35 +0000 (12:36 +0200)]
build: do not hard-code pkg-config
Use $PKG_CONFIG in configure.ac in order to allow it to be overridden.
Fixes cross-compilation.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jeremy Sowden [Sat, 29 Aug 2020 20:41:27 +0000 (22:41 +0200)]
build: clean some extra build artifacts.
Makefile.mans creates .manpages.lst, but does not remove it. Add
it to the `clean` target.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Jan Engelhardt [Sun, 30 Aug 2020 11:36:10 +0000 (13:36 +0200)]
build: do build & install userspace programs for xt_ACCOUNT and xt_pknock
Jan Engelhardt [Tue, 28 Jul 2020 07:56:10 +0000 (09:56 +0200)]
Xtables-addons 3.10
Jeremy Sowden [Tue, 21 Jul 2020 13:03:45 +0000 (14:03 +0100)]
doc: fix quoted string in libxt_DNETMAP manpage
In roff, lines beginning with a single quote are control lines. In the
libxt_DNETMAP man-page there is a single-quoted string at the beginning
of a line, which troff tries and fails to interpret as a macro:
troff: <standard input>:49: warning: macro 'S'' not defined
This means that the line is not output.
Replace the single quotes with the appropriate escape-sequences.
Fixes: v2.3~9 ("doc: spelling and grammar corrections to DNETMAP")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Philip Prindeville [Mon, 25 May 2020 20:05:42 +0000 (14:05 -0600)]
geoip: add quiet flag to xt_geoip_build
Conceivably someone might want to run a refresh of the geoip database
from within a script, particularly an unattended script such as a cron
job. Do not generate output in that case.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Jan Engelhardt [Tue, 12 May 2020 20:49:37 +0000 (22:49 +0200)]
geoip: add -s option to xt_geoip_build
Jan Engelhardt [Tue, 12 May 2020 20:43:58 +0000 (22:43 +0200)]
geoip: replace xt_geoip_build's -S option by new option -i
The Maxmind DB came with potentially multiple files, but DBIP is
currently just one. Drop the -S argument and instead introduce -i.
Jan Engelhardt [Tue, 12 May 2020 20:38:32 +0000 (22:38 +0200)]
geoip: set +x again on xt_geoip_build
Jan Engelhardt [Fri, 1 May 2020 21:07:16 +0000 (23:07 +0200)]
build: do install xt_geoip_fetch.1
Philip Prindeville [Thu, 30 Apr 2020 22:15:46 +0000 (00:15 +0200)]
geoip: install and document xt_geoip_fetch
Add a man page for xt_geoip_fetch.1 and include it as part of
the installed scripts.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Jan Engelhardt [Tue, 21 Apr 2020 10:01:52 +0000 (12:01 +0200)]
geoip: pipe wget right into gzip
Skip over creating temporary files.
Philip Prindeville [Sun, 19 Apr 2020 23:17:14 +0000 (01:17 +0200)]
geoip: simplify unpacking start/end tuples from database
Use unpack() to separate start/end instead of substr().
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Mon, 20 Apr 2020 00:11:47 +0000 (02:11 +0200)]
geoip: update download script for DBIP database
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Jan Engelhardt [Tue, 25 Feb 2020 06:35:08 +0000 (07:35 +0100)]
Xtables-addons 3.9