Guus Sliepen
78fc59e994
Update THANKS and copyright information.
2009-03-05 14:12:36 +01:00
Guus Sliepen
5674bba5c5
Allow weight to be assigned to Subnets.
...
Tinc allows multiple nodes to own the same Subnet, but did not have a sensible
way to decide which one to send packets to. Tinc also did not check the
reachability of nodes when deciding where to route packets to, so it would not
automatically fail over to a reachable node.
Tinc now assigns a weight to each Subnet. The default weight is 10, with lower
weights having higher priority. The Subnets are now internally sorted in the
same way as the kernel's routing table, and the Subnets are search linearly,
skipping those of unreachable nodes. A small cache of recently used addresses
is used to speed up the lookup functions.
2009-03-05 13:34:13 +01:00
Michael Tokarev
76a1bcaffc
Enable PMTUDiscovery only if BOTH sides wants it.
...
Don't enable PMTUDiscovery if at least one side does not support it.
Before it was enabled if at least one side supported it, now both are required.
2009-03-04 21:12:20 +01:00
Guus Sliepen
1c1a67fd93
Handle neighbor solicitation requests without link layer addresses.
...
Apparently FreeBSD likes to send out neighbor solicitation requests, even on a
tun interface where this is completely pointless. These requests do not have an
option header containing a link layer address, so the proxy-neighborsol code
was treating these requests as invalid. We now handle such requests, and send
back equally pointless replies, also without a link layer address. This seems
to satisfy FreeBSD.
2009-02-17 14:43:05 +01:00
Michael Tokarev
2327d3f6eb
Allow tunnelserver to work with clients that have other peers.
...
In TunnelServer mode, tinc server disconnects any client if it announces
indirect subnets -- subnets that are not theirs (e.g. subnets for nodes
the CLIENT has connections now, even if those nodes are known to the server
too). Fix that by ignoring such (indirect) announces instead.
While we're at it, move check for such indirect subnet registration to
before allocating new node structure, as in TunnelServer mode we don't
really need to know that other node.
2009-02-09 23:51:10 +01:00
Guus Sliepen
23730375f2
Disable old RSA keys when generating new ones.
...
When generating an RSA keypair, the new public and private keys are appended to
files. However, when OpenSSL reads keys it only reads the first in a file, not
the last. Instead of printing an easily ignored warning, tinc now disables old
keys when appending new ones.
2009-02-03 14:54:45 +01:00
Guus Sliepen
0d0dfd0852
Validate Name before using it in a filename when generating a keypair.
2009-01-20 14:21:50 +01:00
Guus Sliepen
0966cca8ab
Allow reading config files with CRLF endings on Unix systems.
2009-01-20 14:20:44 +01:00
Guus Sliepen
d1910ac198
Remove unused definitions from net.h.
2009-01-20 13:19:31 +01:00
Guus Sliepen
503c32eb0e
Use a global list to track outgoing connections.
...
Previously an outgoing_t was maintained for each outgoing connection,
but the pointer to it was either stored in a connection_t or in an event_t.
This made it very hard to keep track of and to clean up.
Now a list is created when tinc starts and reads all the ConnectTo variables,
and which is recreated when tinc receives a HUP signal.
2009-01-20 13:12:41 +01:00
Guus Sliepen
a7e793c94e
Add missing cleanup functions in close_network_connections().
2009-01-19 23:17:28 +01:00
Guus Sliepen
116065afe3
Change flush_events() to expire_events().
...
The former function made a totally bogus shallow copy of the event_tree, called
the handler of each event and then deleted the whole tree. This should've
caused tinc to crash when an ALARM signal was sent more than once, but for some
reason it didn't. It also behaved incorrectly when a handler added a new event.
The new function just moves the expiration time of all events to the past.
2009-01-19 22:50:05 +01:00
Guus Sliepen
a39a9506cd
Move free()s at the end om main() to the proper destructor functions.
2009-01-09 12:36:06 +01:00
Guus Sliepen
67df7fb7e1
Only send packets via UDP if UDP communication is possible.
...
When no session key is known for a node, or when it is doing PMTU discovery but
no MTU probes have returned yet, packets are sent via TCP. Some logic is added
to make sure intermediate nodes continue forwarding via TCP. The per-node
packet queue is now no longer necessary and has been removed.
2009-01-03 22:33:55 +01:00
Guus Sliepen
b069da90d6
Consistently allocate device and iface variables on the heap.
...
This fixes a segfault when no Device has been specified and tinc exits, and it
would try to free() a static string. Thanks to Borg for spottin.
2009-01-03 22:06:10 +01:00
Guus Sliepen
a4d99ebf50
Add missing parentheses in check for IPv4 multicast addresses.
2008-12-26 12:46:45 +00:00
Guus Sliepen
099bc56f53
Apply patch from Max Rijevski fixing a memory leak when closing connections.
...
It also cleans up more when stopping tinc, helping tools like valgrind.
2008-12-23 23:14:37 +00:00
Guus Sliepen
de032054de
Handle broadcast and multicast packets in router mode.
...
Multicast packets are treated as broadcast packets.
Based on a patch from Max Rijevski.
2008-12-23 22:31:38 +00:00
Guus Sliepen
0e4d419aae
Enable PMTU discovery by default.
2008-12-22 20:35:45 +00:00
Guus Sliepen
e9576632dc
Update copyright information.
2008-12-22 20:27:52 +00:00
Guus Sliepen
26b490e86b
Make sure IPv6 sockets are IPv6 only.
...
This will get rid of the "Can't bind to 0.0.0.0 port 655/tcp: Address already
in use" message on Linux.
2008-12-22 19:40:40 +00:00
Guus Sliepen
c6830ba821
Use TUNIFHEAD by default on FreeBSD to make sure IPv6 works.
2008-12-22 19:33:37 +00:00
Guus Sliepen
a269ec4193
Treat virtual network device as tap if Mode = switch or hub.
...
On OpenBSD, the link0 flag should still be set in tinc-up or by other means.
2008-12-21 16:19:31 +00:00
Guus Sliepen
551cd19406
Move RSA key generation into the wrappers.
2008-12-14 12:47:26 +00:00
Guus Sliepen
911c05f873
Make sure IPv6 sockets are IPv6 only.
2008-12-11 20:49:14 +00:00
Guus Sliepen
6e80da3370
Use Dijkstra's algorithm. Based on patches from Max Rijevskiy.
2008-12-11 18:07:26 +00:00
Guus Sliepen
26a228e302
Remove wrong checks.
2008-12-11 18:05:59 +00:00
Guus Sliepen
636200d1a2
Remove unnecessary parentheses from sizeof, apply sizeof to variables instead of types whereever possible.
2008-12-11 15:56:18 +00:00
Guus Sliepen
a9bdfb424e
Fix compiler warnings.
2008-12-11 15:42:46 +00:00
Guus Sliepen
76165488f8
Backport fixes from trunk since revision 1555.
2008-12-11 15:21:40 +00:00
Guus Sliepen
046158a216
Use the crypto wrappers again instead of calling OpenSSL directly.
...
This theoretically allows other cryptographic libraries to be used,
and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
Guus Sliepen
8e8fe805c8
Only show meta connection related debug messages when debug level >= 4
2008-12-11 14:03:52 +00:00
Guus Sliepen
40bebbb19f
Look in the configured sbin directory for the tincd binary.
2008-12-11 13:59:46 +00:00
Guus Sliepen
38c2d6c1da
Correct debug message.
2008-12-05 14:17:39 +00:00
Guus Sliepen
a36259435c
Prevent freeing a NULL pointer when a hostname is unresolvable.
2008-11-18 15:11:27 +00:00
Guus Sliepen
4a1740ede7
Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes.
2008-10-25 19:54:00 +00:00
Guus Sliepen
cb52aa0683
Fix reading configuration files that do not end with a newline.
2008-10-25 18:10:08 +00:00
Guus Sliepen
b2cee41b18
Make sure the prefixlength of subnets is sane.
...
Thanks to Sven-Haegar Koch for spotting the bug and providing a fix.
2007-12-14 21:17:08 +00:00
Scott Lamb
fe2f1fceb5
Use a control socket directory to restrict access
...
This provides reasonable security even on Solaris. The sysadmin is
responsible for securing the control socket's ancestors from the
grandparent on.
We could add a cryptographic handshake later if desired.
2007-11-08 19:18:44 +00:00
Scott Lamb
b1f8c65a2c
Coding style corrections
2007-11-07 06:45:28 +00:00
Scott Lamb
d82fcc88f3
Reload configuration through control socket
...
I also kept the SIGHUP handler, which many people will expect to see.
The control socket is better, though - it will tell you if there is a
problem.
2007-11-07 02:51:24 +00:00
Scott Lamb
f0a57eab4c
Retry connections through control socket
2007-11-07 02:50:58 +00:00
Scott Lamb
a62a6825a8
Alter debugging levels through control socket
2007-11-07 02:50:27 +00:00
Scott Lamb
1065879c8c
Purge through the control socket
2007-11-07 02:49:57 +00:00
Scott Lamb
6eaefb4dbc
Dump through control socket
...
Note this removes SIGUSR1, SIGUSR2, and the graph dumping config option.
It seems cleaner to do everything through the control socket.
2007-11-07 02:49:25 +00:00
Scott Lamb
50ad3f2a89
Fancier protocol for control socket
...
* pass error status back
* pass message boundaries
2007-11-07 02:48:33 +00:00
Scott Lamb
b0b5299184
Fix reload crash
...
sighup_handler was expecting the connection_tree to stay the same across
terminate_connection(), which hasn't been true since r1539.
2007-11-07 02:48:15 +00:00
Scott Lamb
40731d030f
Temporarily revert to old crypto code
...
(The new code is still segfaulting for me, and I'd like to proceed with other
work.)
This largely rolls back to the revision 1545 state of the existing code
(new crypto layer is still there with no callers), though I reintroduced
the segfault fix of revision 1562.
2007-11-07 02:47:05 +00:00
Guus Sliepen
269892f70b
Prevent double free() of a used challenge nonce.
2007-10-20 11:21:44 +00:00
Guus Sliepen
b0709d2649
Fix meta data segfault when receiving a partial command.
2007-10-19 19:07:30 +00:00
Guus Sliepen
67d9a72ea2
Use a dummy function as the read callback for connection bufferevents. Should not be triggered.
2007-10-19 18:54:43 +00:00
Guus Sliepen
54892b2e3e
Fix connection weight estimation.
2007-10-19 18:53:48 +00:00
Guus Sliepen
6c453769fd
Apply patch from Scott Lamb: Update documentation to match tincctl changes
2007-09-04 15:06:35 +00:00
Guus Sliepen
86358fabfe
Small fixes to make gcrypt routines compile.
2007-09-04 14:58:52 +00:00
Guus Sliepen
f8733d1935
Fix formatting of --help output.
2007-09-04 14:58:11 +00:00
Guus Sliepen
d7ca0300a3
Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this.
2007-08-17 22:09:00 +00:00
Scott Lamb
1fd1d5bd93
const correctness
...
cipher_encrypt and cipher_decrypt should take "const void *" data
2007-07-20 20:10:46 +00:00
Guus Sliepen
1b8f891836
Finish crypto wrapping. Also provide wrappers for OpenSSL.
...
Disable libgcrypt by default. Since it doesn't support the OFB cipher mode,
we can't use it in a backwards compatible way.
2007-05-23 13:45:49 +00:00
Guus Sliepen
f42e57f663
Some more crypto wrapper functions are needed.
2007-05-22 23:41:22 +00:00
Guus Sliepen
19413a8048
Make sure the crypto wrapper functions can actually be compiled.
2007-05-22 21:44:17 +00:00
Guus Sliepen
e8689a4753
Create wrappers for the cryptographic operations used in tinc.
...
Implement them using libgcrypt.
2007-05-22 21:32:48 +00:00
Guus Sliepen
465837dd7f
Parse PEM RSA keys ourself, and use libgcrypt to do RSA encryption and decryption.
2007-05-20 22:28:49 +00:00
Guus Sliepen
fbf305c09d
Use libevent for meta socket input/output buffering.
2007-05-19 22:23:02 +00:00
Guus Sliepen
59108e4e4f
Use bufferevents to handle control socket buffering.
2007-05-19 16:21:52 +00:00
Guus Sliepen
8c6131deda
Implement "stop" command, and allow tincctl to retrieve a running tincd's PID.
2007-05-19 15:21:26 +00:00
Guus Sliepen
e9043e17c7
Move key generation to tincctl.
2007-05-19 14:55:35 +00:00
Guus Sliepen
bf8e3ce13d
Remove pidfile in favour of control socket.
2007-05-19 14:13:21 +00:00
Guus Sliepen
bc0a24ec81
Fix retrying outgoing connections.
2007-05-19 13:34:32 +00:00
Guus Sliepen
ce976717ea
We can safely delete a connection_t in terminate_connection() now.
2007-05-19 12:07:30 +00:00
Guus Sliepen
01f47c46af
Start of control socket implementation.
2007-05-18 16:52:34 +00:00
Guus Sliepen
e37ef57a95
More consistent variable naming.
2007-05-18 11:19:31 +00:00
Guus Sliepen
29fbce4497
Detect duplicate outgoing connections.
2007-05-18 10:29:10 +00:00
Guus Sliepen
fb0cfccf7d
Use splay trees instead of AVL trees.
2007-05-18 10:05:26 +00:00
Guus Sliepen
f02d3ed3e1
K&R style braces
2007-05-18 10:00:00 +00:00
Guus Sliepen
760dd966ef
Remove last references to the global variable "running".
2007-05-18 09:51:54 +00:00
Guus Sliepen
3909b8e51b
Remove the last bits of the legacy main_loop().
2007-05-18 09:43:52 +00:00
Guus Sliepen
ddc6a81a85
Remove global variable "now".
2007-05-18 09:34:06 +00:00
Guus Sliepen
7e1117197c
Move key regeneration handling to net_setup.c.
2007-05-17 23:57:48 +00:00
Guus Sliepen
563577a147
Use libevent to handle key expiration.
2007-05-17 23:33:07 +00:00
Guus Sliepen
8852d4407d
Use libevent to age learned MAC addresses.
2007-05-17 23:24:40 +00:00
Guus Sliepen
a530f94e7c
Use libevent to age past requests.
2007-05-17 23:14:42 +00:00
Guus Sliepen
aaf1851315
Redo SIGALRM handling.
2007-05-17 23:04:02 +00:00
Guus Sliepen
6d19ebd612
Use libevent to handle all non-fatal signals.
2007-05-17 22:41:34 +00:00
Guus Sliepen
531d5a904a
Properly use the timeout_initialized() macro.
2007-05-17 22:17:24 +00:00
Guus Sliepen
bf6490825e
Remove legacy event system.
2007-05-17 22:13:12 +00:00
Guus Sliepen
a67ab277c9
Use libevent for retrying outgoing connections.
2007-05-17 22:09:55 +00:00
Guus Sliepen
3321591d93
Use libevent to send MTU probes.
2007-05-17 22:01:07 +00:00
Guus Sliepen
ee7844905f
Configure events after obtaining a socket.
2007-05-17 21:47:27 +00:00
Guus Sliepen
294ce72441
Use libevent to handle HUP signal.
2007-05-17 21:34:58 +00:00
Guus Sliepen
4d0621b1f3
Use libevent to dump graphs when necessary.
...
event_add() can be called repeatedly, the second and later calls are ignored if
the event hasn't been removed yet.
2007-05-17 21:14:30 +00:00
Guus Sliepen
0f6f54ff8a
Use a separate event structure to handle meta data writes.
...
Make meta socket events persistent.
2007-05-17 20:20:10 +00:00
Guus Sliepen
17c8033029
128 listener sockets is way too much.
2007-05-17 19:52:12 +00:00
Guus Sliepen
d8dea8091f
Properly delete listener socket events on shutdown.
2007-05-17 19:51:26 +00:00
Guus Sliepen
6ea1dfc995
Port fixes from release 1.0.8.
2007-05-17 19:15:48 +00:00
Guus Sliepen
6af8900f8e
Don't free struct addrinfo too early. Spotted by Christian Cier-Zniewski.
2007-05-16 14:46:25 +00:00
Guus Sliepen
480dd127c8
Make sure connection->name is never NULL.
2007-05-16 14:42:08 +00:00
Guus Sliepen
f0cf4991e2
Apply patch from "dnk" making sockets non-blocking under Windows.
2007-05-14 09:21:09 +00:00
Guus Sliepen
3730156165
Only free members of connection_t that have been allocated.
2007-03-12 17:55:43 +00:00
Scott Lamb
38c25d62c2
Convert to libevent.
...
This is a quick initial conversion that doesn't yet show much advantage:
- We roll our own timeouts.
- We roll our own signal handling.
- We build up the meta connection fd events on each loop rather than
on state changes.
2007-02-27 01:57:01 +00:00
Scott Lamb
834290b00f
A couple missed tevent things.
...
(Sorry; had a couple changes queued.)
2007-02-27 01:30:57 +00:00
Scott Lamb
6362b12df7
Rename "event_t" to "tevent_t", along with associated functions.
...
This relieves some confusion and problems during the libevent transition.
In particular, "event_add" was defined by both.
(The 't' stands for 'timeout', 'tinc', 'temporary', or some such.)
2007-02-27 01:26:11 +00:00
Guus Sliepen
45fca3c723
Apply patch from Scott Lamb fixing some memory and resource leaks.
2007-02-14 09:21:34 +00:00
Guus Sliepen
6c6535a416
Apply patch from Scott Lamb preventing an infinite loop when sending SIGALRM.
2007-02-14 09:20:20 +00:00
Guus Sliepen
a1e72f84d0
Update copyright notices.
2007-01-05 13:18:36 +00:00
Guus Sliepen
d80cc7a5cc
rename() cannot replace existing files on Windows.
2007-01-05 05:44:01 +00:00
Guus Sliepen
5214ece030
Fix generic BSD tun device to write only the actual packet length.
...
Due to a copy&paste bug, it tried to write a packet with the maximum size.
This was not a problem until the maximum size was increased to support VLANs.
2007-01-05 04:49:02 +00:00
Guus Sliepen
40f02ff8ee
Tapreader socket should be bound to localhost only.
2007-01-04 15:28:36 +00:00
Guus Sliepen
03f3fc01e8
Use a ringbuffer in shared memory to transfer packets from the tapreader thread to the main thread.
...
It's a wonder it ever worked before. The socket that is created is not of a
datagram type, therefore packet boundaries were not preserved, which becomes
a problem as soon as the TAP-Win32 device receives packets in fast succession.
2007-01-03 18:18:54 +00:00
Guus Sliepen
855806b2f7
Do a simple test for linux/if_tun.h instead of no test at all.
2006-12-16 16:53:58 +00:00
Guus Sliepen
0322c0883b
Remove the test for linux/if_tun.h.
...
It has been available for years on any decent Linux distribution.
Although linux/if_tun.h is now required to compile tinc,
you can still run it on systems which only support Ethertap.
2006-12-16 16:40:09 +00:00
Guus Sliepen
b834d67d7c
Use the correct next pointer.
2006-12-12 14:54:39 +00:00
Guus Sliepen
8b55dfacb1
When building the minimum spanning tree, make sure we start from a reachable node.
2006-12-12 14:49:09 +00:00
Guus Sliepen
47d916ec5e
Search for lzo/lzo1x.h, lzo2/lzo1x.h and lzo1x.h.
2006-11-29 17:18:39 +00:00
Guus Sliepen
1bb5a284fe
Make sure resolved addressed for outgoing connections are freed, if there are any.
2006-11-29 16:57:46 +00:00
Guus Sliepen
e5b1b5cefb
EWOULDBLOCK does not exist on platforms without O_NONBLOCK
2006-11-14 12:28:04 +00:00
Guus Sliepen
0714ac6c59
Nodes use events, so event system should be initialised first and destroyed last.
2006-11-11 22:44:15 +00:00
Guus Sliepen
8d393b30a9
Support and autodetect LZO version 2.0 and later.
2006-11-11 20:10:46 +00:00
Guus Sliepen
0d1ac68c59
popen() requires pclose().
2006-11-11 14:37:03 +00:00
Guus Sliepen
0200d3cd5d
Added graph dumping ability based on Markus Goetz's patch.
2006-11-11 14:11:16 +00:00
Guus Sliepen
1728d5b2c4
The "active" bit in node.status is not used.
2006-11-11 13:43:00 +00:00
Guus Sliepen
134dc8995b
memcpy() addresses from packet headers before calling the lookup functions.
...
This probably fixes a problem on the ARM architecture that causes tinc to fail to lookup IPv4 addresses.
2006-08-09 22:31:10 +00:00
Guus Sliepen
64e0519cb5
Remove unused variable.
2006-08-08 13:50:58 +00:00
Guus Sliepen
ddcf079cad
Remove unused parameter from maskcmp().
2006-08-08 13:44:37 +00:00
Guus Sliepen
c620df3c15
Remove unused variables.
2006-08-08 13:44:19 +00:00
Guus Sliepen
9fa27097dd
Fix format string warnings.
2006-08-08 13:29:17 +00:00
Guus Sliepen
eb391c52ee
Do not break strict aliasing of status_t structs.
2006-08-08 13:21:08 +00:00
Guus Sliepen
2077451e07
Add generic host-up and host-down scripts.
...
Thanks to Menno Smits for a patch.
2006-06-12 21:45:39 +00:00
Guus Sliepen
f88c9942e1
Use memcpy() to copy sockaddrs returned by getaddrinfo().
...
Thanks to Miles Nordin for spotting this.
2006-06-11 18:53:27 +00:00
Guus Sliepen
412f3fb510
Restore length of the original packet in send_udppacket().
2006-04-26 16:29:47 +00:00
Guus Sliepen
de78d79db8
Update copyright notices, remove Ivo's email address.
2006-04-26 13:52:58 +00:00
Guus Sliepen
8ebb017a10
Fix a bug in handling prefixlengths that are not a multiple of 4.
...
Thanks to Sven-Haegar Koch for spotting the bug and providing the fix.
2006-04-12 08:38:35 +00:00
Guus Sliepen
af95368c0f
Fix signedness compiler warnings.
2006-03-19 13:06:21 +00:00
Guus Sliepen
fb1cda2ca4
Export flush_meta().
2006-03-19 12:43:45 +00:00
Guus Sliepen
098090468a
Missing #include.
2006-03-19 12:43:28 +00:00
Guus Sliepen
a90f1b652c
Make sure $NAME is set correctly when executing tinc-down script.
2006-02-06 12:30:51 +00:00
Guus Sliepen
228e7a5c8f
Apply patch from Scott Lamb adding an output buffer for the TCP sockets.
...
This helps coalescing multiple send_meta() commands into one TCP packet.
Also limit the size of the output buffer before dropping PACKETs.
2006-01-19 17:13:18 +00:00
Guus Sliepen
a5a4d2b865
Apply patch from Scott Lamb unifying configuration of TCP socket options.
2006-01-13 11:21:59 +00:00
Guus Sliepen
e02f13cdb3
EVP_Cleanup() when quitting.
2006-01-13 11:09:19 +00:00
Guus Sliepen
0912260755
Enable OpenSSL ENGINE, so crypto hardware gets used. Thanks to Andreas van Cranenburgh.
2005-11-16 10:45:11 +00:00
Guus Sliepen
e810545dc2
Prevent possible buffer overflows when using very large (>= 8192 bit) RSA keys.
...
Thanks to Tonnerre Lombard for noticing!
2005-06-03 10:16:03 +00:00
Guus Sliepen
df3220a154
Update copyright notices.
2005-05-04 18:09:30 +00:00
Guus Sliepen
faaaa1ef38
Searching through splay trees may change the tree variable.
2005-05-04 15:52:55 +00:00
Guus Sliepen
dc09f6fe89
Be on the safe side with initialisation of c->name.
2005-05-04 15:51:45 +00:00
Guus Sliepen
92c4a28d7d
Remove unused (and potentially segfaulting) net2str() call.
2005-04-06 20:43:37 +00:00
Guus Sliepen
6363ed4d9c
Don't try to add a non-existing node back to the node_udp_tree.
2005-01-20 15:14:25 +00:00
Guus Sliepen
39fe3b445c
Nodes should only be in the node_udp_tree if they are reachable.
2005-01-04 22:19:56 +00:00
Guus Sliepen
fe0bfa3e65
Correct size argument for strncat().
2005-01-04 22:18:58 +00:00
Guus Sliepen
56c36a14d8
Use the proper free function.
2004-12-03 13:27:33 +00:00
Guus Sliepen
18c617ecf2
Free memory used by connection_t after it is deleted from the connection tree.
2004-12-03 13:22:18 +00:00
Guus Sliepen
672ad5634c
Small fix.
2004-12-01 21:26:51 +00:00