| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | // Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved. | 
					
						
							|  |  |  | // Use of this source code is governed by a BSD-style | 
					
						
							|  |  |  | // license that can be found in the LICENSE file. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | package derp | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"bufio" | 
					
						
							| 
									
										
										
										
											2020-02-17 13:17:40 -08:00
										 |  |  | 	crand "crypto/rand" | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	"encoding/json" | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	"errors" | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	"fmt" | 
					
						
							|  |  |  | 	"io" | 
					
						
							| 
									
										
										
										
											2020-03-05 15:00:56 -08:00
										 |  |  | 	"sync" | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	"time" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	"golang.org/x/crypto/nacl/box" | 
					
						
							| 
									
										
										
										
											2020-02-17 13:17:40 -08:00
										 |  |  | 	"tailscale.com/types/key" | 
					
						
							| 
									
										
										
										
											2020-02-14 19:23:16 -08:00
										 |  |  | 	"tailscale.com/types/logger" | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | type Client struct { | 
					
						
							| 
									
										
										
										
											2020-03-04 09:35:32 -08:00
										 |  |  | 	serverKey    key.Public // of the DERP server; not a machine or node key | 
					
						
							|  |  |  | 	privateKey   key.Private | 
					
						
							|  |  |  | 	publicKey    key.Public // of privateKey | 
					
						
							|  |  |  | 	protoVersion int        // min of server+client | 
					
						
							|  |  |  | 	logf         logger.Logf | 
					
						
							| 
									
										
										
										
											2020-03-12 11:05:03 -04:00
										 |  |  | 	nc           Conn | 
					
						
							| 
									
										
										
										
											2020-03-04 09:35:32 -08:00
										 |  |  | 	br           *bufio.Reader | 
					
						
							| 
									
										
										
										
											2020-03-05 15:00:56 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	wmu     sync.Mutex // hold while writing to bw | 
					
						
							|  |  |  | 	bw      *bufio.Writer | 
					
						
							|  |  |  | 	readErr error // sticky read error | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-03-12 11:05:03 -04:00
										 |  |  | func NewClient(privateKey key.Private, nc Conn, brw *bufio.ReadWriter, logf logger.Logf) (*Client, error) { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	c := &Client{ | 
					
						
							|  |  |  | 		privateKey: privateKey, | 
					
						
							| 
									
										
										
										
											2020-02-17 13:17:40 -08:00
										 |  |  | 		publicKey:  privateKey.Public(), | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		logf:       logf, | 
					
						
							| 
									
										
										
										
											2020-02-20 09:11:43 -08:00
										 |  |  | 		nc:         nc, | 
					
						
							|  |  |  | 		br:         brw.Reader, | 
					
						
							|  |  |  | 		bw:         brw.Writer, | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if err := c.recvServerKey(); err != nil { | 
					
						
							|  |  |  | 		return nil, fmt.Errorf("derp.Client: failed to receive server key: %v", err) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	if err := c.sendClientKey(); err != nil { | 
					
						
							|  |  |  | 		return nil, fmt.Errorf("derp.Client: failed to send client key: %v", err) | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-03-04 09:35:32 -08:00
										 |  |  | 	info, err := c.recvServerInfo() | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return nil, fmt.Errorf("derp.Client: failed to receive server info: %v", err) | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-03-04 09:35:32 -08:00
										 |  |  | 	c.protoVersion = minInt(protocolVersion, info.Version) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	return c, nil | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func (c *Client) recvServerKey() error { | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	var buf [40]byte | 
					
						
							|  |  |  | 	t, flen, err := readFrame(c.br, 1<<10, buf[:]) | 
					
						
							|  |  |  | 	if err == io.ErrShortBuffer { | 
					
						
							|  |  |  | 		// For future-proofing, allow server to send more in its greeting. | 
					
						
							|  |  |  | 		err = nil | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		return err | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	if flen < uint32(len(buf)) || t != frameServerKey || string(buf[:len(magic)]) != magic { | 
					
						
							|  |  |  | 		return errors.New("invalid server greeting") | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	copy(c.serverKey[:], buf[len(magic):]) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	return nil | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func (c *Client) recvServerInfo() (*serverInfo, error) { | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	fl, err := readFrameTypeHeader(c.br, frameServerInfo) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	const maxLength = nonceLen + maxInfoLen | 
					
						
							|  |  |  | 	if fl < nonceLen { | 
					
						
							|  |  |  | 		return nil, fmt.Errorf("short serverInfo frame") | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	if fl > maxLength { | 
					
						
							|  |  |  | 		return nil, fmt.Errorf("long serverInfo frame") | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	// TODO: add a read-nonce-and-box helper | 
					
						
							|  |  |  | 	var nonce [nonceLen]byte | 
					
						
							| 
									
										
										
										
											2020-02-20 09:11:43 -08:00
										 |  |  | 	if _, err := io.ReadFull(c.br, nonce[:]); err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		return nil, fmt.Errorf("nonce: %v", err) | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	msgLen := fl - nonceLen | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	msgbox := make([]byte, msgLen) | 
					
						
							| 
									
										
										
										
											2020-02-20 09:11:43 -08:00
										 |  |  | 	if _, err := io.ReadFull(c.br, msgbox); err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		return nil, fmt.Errorf("msgbox: %v", err) | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-17 13:17:40 -08:00
										 |  |  | 	msg, ok := box.Open(nil, msgbox, &nonce, c.serverKey.B32(), c.privateKey.B32()) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	if !ok { | 
					
						
							|  |  |  | 		return nil, fmt.Errorf("msgbox: cannot open len=%d with server key %x", msgLen, c.serverKey[:]) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	info := new(serverInfo) | 
					
						
							|  |  |  | 	if err := json.Unmarshal(msg, info); err != nil { | 
					
						
							|  |  |  | 		return nil, fmt.Errorf("msg: %v", err) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return info, nil | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-03-04 09:35:32 -08:00
										 |  |  | type clientInfo struct { | 
					
						
							|  |  |  | 	Version int // `json:"version,omitempty"` | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | func (c *Client) sendClientKey() error { | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	var nonce [nonceLen]byte | 
					
						
							| 
									
										
										
										
											2020-02-17 13:17:40 -08:00
										 |  |  | 	if _, err := crand.Read(nonce[:]); err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		return err | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-03-04 09:35:32 -08:00
										 |  |  | 	msg, err := json.Marshal(clientInfo{Version: protocolVersion}) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return err | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-17 13:17:40 -08:00
										 |  |  | 	msgbox := box.Seal(nil, msg, &nonce, c.serverKey.B32(), c.privateKey.B32()) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	buf := make([]byte, 0, nonceLen+keyLen+len(msgbox)) | 
					
						
							|  |  |  | 	buf = append(buf, c.publicKey[:]...) | 
					
						
							|  |  |  | 	buf = append(buf, nonce[:]...) | 
					
						
							|  |  |  | 	buf = append(buf, msgbox...) | 
					
						
							|  |  |  | 	return writeFrame(c.bw, frameClientInfo, buf) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | // Send sends a packet to the Tailscale node identified by dstKey. | 
					
						
							|  |  |  | // | 
					
						
							|  |  |  | // It is an error if the packet is larger than 64KB. | 
					
						
							|  |  |  | func (c *Client) Send(dstKey key.Public, pkt []byte) error { return c.send(dstKey, pkt) } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func (c *Client) send(dstKey key.Public, pkt []byte) (ret error) { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	defer func() { | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 		if ret != nil { | 
					
						
							| 
									
										
										
										
											2020-03-12 11:05:03 -04:00
										 |  |  | 			ret = fmt.Errorf("derp.Send: %w", ret) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		} | 
					
						
							|  |  |  | 	}() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-20 19:10:54 -08:00
										 |  |  | 	if len(pkt) > MaxPacketSize { | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 		return fmt.Errorf("packet too big: %d", len(pkt)) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-03-05 15:00:56 -08:00
										 |  |  | 	c.wmu.Lock() | 
					
						
							|  |  |  | 	defer c.wmu.Unlock() | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	if err := writeFrameHeader(c.bw, frameSendPacket, uint32(len(dstKey)+len(pkt))); err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		return err | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	if _, err := c.bw.Write(dstKey[:]); err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		return err | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 	if _, err := c.bw.Write(pkt); err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		return err | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-20 09:11:43 -08:00
										 |  |  | 	return c.bw.Flush() | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-03-05 15:00:56 -08:00
										 |  |  | // NotePreferred sends a packet that tells the server whether this | 
					
						
							|  |  |  | // client is the user's preferred server. This is only used in the | 
					
						
							|  |  |  | // server for stats. | 
					
						
							|  |  |  | func (c *Client) NotePreferred(preferred bool) (err error) { | 
					
						
							|  |  |  | 	defer func() { | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			err = fmt.Errorf("derp.NotePreferred: %v", err) | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	}() | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	c.wmu.Lock() | 
					
						
							|  |  |  | 	defer c.wmu.Unlock() | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if err := writeFrameHeader(c.bw, frameNotePreferred, 1); err != nil { | 
					
						
							|  |  |  | 		return err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	var b byte = 0x00 | 
					
						
							|  |  |  | 	if preferred { | 
					
						
							|  |  |  | 		b = 0x01 | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	if err := c.bw.WriteByte(b); err != nil { | 
					
						
							|  |  |  | 		return err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return c.bw.Flush() | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-20 19:10:54 -08:00
										 |  |  | // ReceivedMessage represents a type returned by Client.Recv. Unless | 
					
						
							|  |  |  | // otherwise documented, the returned message aliases the byte slice | 
					
						
							|  |  |  | // provided to Recv and thus the message is only as good as that | 
					
						
							|  |  |  | // buffer, which is up to the caller. | 
					
						
							|  |  |  | type ReceivedMessage interface { | 
					
						
							|  |  |  | 	msg() | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // ReceivedPacket is a ReceivedMessage representing an incoming packet. | 
					
						
							| 
									
										
										
										
											2020-03-04 09:35:32 -08:00
										 |  |  | type ReceivedPacket struct { | 
					
						
							|  |  |  | 	Source key.Public | 
					
						
							|  |  |  | 	// Data is the received packet bytes. It aliases the memory | 
					
						
							|  |  |  | 	// passed to Client.Recv. | 
					
						
							|  |  |  | 	Data []byte | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2020-02-20 19:10:54 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | func (ReceivedPacket) msg() {} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-03-21 18:24:28 -07:00
										 |  |  | // PeerGoneMessage is a ReceivedMessage that indicates that the client | 
					
						
							|  |  |  | // identified by the underlying public key had previously sent you a | 
					
						
							|  |  |  | // packet but has now disconnected from the server. | 
					
						
							|  |  |  | type PeerGoneMessage key.Public | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func (PeerGoneMessage) msg() {} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-20 19:10:54 -08:00
										 |  |  | // Recv reads a message from the DERP server. | 
					
						
							|  |  |  | // The provided buffer must be large enough to receive a complete packet, | 
					
						
							|  |  |  | // which in practice are are 1.5-4 KB, but can be up to 64 KB. | 
					
						
							| 
									
										
										
										
											2020-02-20 09:11:43 -08:00
										 |  |  | // Once Recv returns an error, the Client is dead forever. | 
					
						
							| 
									
										
										
										
											2020-02-20 19:10:54 -08:00
										 |  |  | func (c *Client) Recv(b []byte) (m ReceivedMessage, err error) { | 
					
						
							| 
									
										
										
										
											2020-02-20 09:11:43 -08:00
										 |  |  | 	if c.readErr != nil { | 
					
						
							| 
									
										
										
										
											2020-02-20 19:10:54 -08:00
										 |  |  | 		return nil, c.readErr | 
					
						
							| 
									
										
										
										
											2020-02-20 09:11:43 -08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 	defer func() { | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							| 
									
										
										
										
											2020-03-12 11:05:03 -04:00
										 |  |  | 			err = fmt.Errorf("derp.Recv: %w", err) | 
					
						
							| 
									
										
										
										
											2020-02-20 09:11:43 -08:00
										 |  |  | 			c.readErr = err | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		} | 
					
						
							|  |  |  | 	}() | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	for { | 
					
						
							| 
									
										
										
										
											2020-02-20 09:11:43 -08:00
										 |  |  | 		c.nc.SetReadDeadline(time.Now().Add(120 * time.Second)) | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 		t, n, err := readFrame(c.br, 1<<20, b) | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		if err != nil { | 
					
						
							| 
									
										
										
										
											2020-02-20 19:10:54 -08:00
										 |  |  | 			return nil, err | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		} | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 		switch t { | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		default: | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 			continue | 
					
						
							|  |  |  | 		case frameKeepAlive: | 
					
						
							|  |  |  | 			// TODO: eventually we'll have server->client pings that | 
					
						
							|  |  |  | 			// require ack pongs. | 
					
						
							|  |  |  | 			continue | 
					
						
							| 
									
										
										
										
											2020-03-21 18:24:28 -07:00
										 |  |  | 		case framePeerGone: | 
					
						
							|  |  |  | 			if n < keyLen { | 
					
						
							|  |  |  | 				c.logf("[unexpected] dropping short peerGone frame from DERP server") | 
					
						
							|  |  |  | 				continue | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			var pg PeerGoneMessage | 
					
						
							|  |  |  | 			copy(pg[:], b[:keyLen]) | 
					
						
							|  |  |  | 			return pg, nil | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-02-20 12:27:12 -08:00
										 |  |  | 		case frameRecvPacket: | 
					
						
							| 
									
										
										
										
											2020-03-04 09:35:32 -08:00
										 |  |  | 			var rp ReceivedPacket | 
					
						
							|  |  |  | 			if c.protoVersion < protocolSrcAddrs { | 
					
						
							|  |  |  | 				rp.Data = b[:n] | 
					
						
							|  |  |  | 			} else { | 
					
						
							|  |  |  | 				if n < keyLen { | 
					
						
							|  |  |  | 					c.logf("[unexpected] dropping short packet from DERP server") | 
					
						
							|  |  |  | 					continue | 
					
						
							|  |  |  | 				} | 
					
						
							|  |  |  | 				copy(rp.Source[:], b[:keyLen]) | 
					
						
							|  |  |  | 				rp.Data = b[keyLen:n] | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			return rp, nil | 
					
						
							| 
									
										
										
										
											2020-02-05 14:16:58 -08:00
										 |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | } |