In case of authentication frame exchange between two IBSS STAs, the
DA field must contain the destinatioin address (instead of the BSSID).
Signed-off-by: Antonio Quartulli <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
---
net/mac80211/ibss.c | 2 +-
net/mac80211/ieee80211_i.h | 2 +-
net/mac80211/util.c | 6 +++---
net/mac80211/work.c | 5 +++--
4 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index b4c3031..4345e94 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -57,7 +57,7 @@ static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
* has actually implemented this.
*/
if (auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1)
- ieee80211_send_auth(sdata, 2, WLAN_AUTH_OPEN, NULL, 0,
+ ieee80211_send_auth(sdata, 2, WLAN_AUTH_OPEN, NULL, 0, mgmt->sa,
sdata->u.ibss.bssid, NULL, 0, 0);
}
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 2f0642d..ca6486b 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1396,7 +1396,7 @@ void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
u16 transaction, u16 auth_alg,
u8 *extra, size_t extra_len, const u8 *bssid,
- const u8 *key, u8 key_len, u8 key_idx);
+ const u8 *da, const u8 *key, u8 key_len, u8 key_idx);
int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
const u8 *ie, size_t ie_len,
enum ieee80211_band band, u32 rate_mask,
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 9919892..30d72e2 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -862,8 +862,8 @@ u32 ieee80211_mandatory_rates(struct ieee80211_local *local,
void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
u16 transaction, u16 auth_alg,
- u8 *extra, size_t extra_len, const u8 *bssid,
- const u8 *key, u8 key_len, u8 key_idx)
+ u8 *extra, size_t extra_len, const u8 *da,
+ const u8 *bssid, const u8 *key, u8 key_len, u8 key_idx)
{
struct ieee80211_local *local = sdata->local;
struct sk_buff *skb;
@@ -881,7 +881,7 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
memset(mgmt, 0, 24 + 6);
mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
IEEE80211_STYPE_AUTH);
- memcpy(mgmt->da, bssid, ETH_ALEN);
+ memcpy(mgmt->da, da, ETH_ALEN);
memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
memcpy(mgmt->bssid, bssid, ETH_ALEN);
mgmt->u.auth.auth_alg = cpu_to_le16(auth_alg);
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index c6dd01a..0a1a176 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -480,7 +480,8 @@ ieee80211_authenticate(struct ieee80211_work *wk)
sdata->name, wk->filter_ta, wk->probe_auth.tries);
ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie,
- wk->ie_len, wk->filter_ta, NULL, 0, 0);
+ wk->ie_len, wk->filter_ta, wk->filter_ta, NULL, 0,
+ 0);
wk->probe_auth.transaction = 2;
wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
@@ -598,7 +599,7 @@ static void ieee80211_auth_challenge(struct ieee80211_work *wk,
return;
ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm,
elems.challenge - 2, elems.challenge_len + 2,
- wk->filter_ta, wk->probe_auth.key,
+ wk->filter_ta, wk->filter_ta, wk->probe_auth.key,
wk->probe_auth.key_len, wk->probe_auth.key_idx);
wk->probe_auth.transaction = 4;
}
--
1.7.9.4
In case of a node re-joining the cell the sta_info structure belonging to it is
first destroyed and then reinserted. In this way its internal state is reset.
The joining operation is recognised thank the Auth frame being received.
This operation is helpful in case of a node being rebooted that is joining the
ad-hoc cell again, before its purge timeout on other nodes expires.
Signed-off-by: Antonio Quartulli <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
---
net/mac80211/ibss.c | 85 +++++++++++++++++++++++++++++----------------------
1 file changed, 49 insertions(+), 36 deletions(-)
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index a497c03..d38baa4 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -36,31 +36,6 @@
#define IEEE80211_IBSS_MAX_STA_ENTRIES 128
-static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
- struct ieee80211_mgmt *mgmt,
- size_t len)
-{
- u16 auth_alg, auth_transaction;
-
- lockdep_assert_held(&sdata->u.ibss.mtx);
-
- if (len < 24 + 6)
- return;
-
- auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
- auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
-
- /*
- * IEEE 802.11 standard does not require authentication in IBSS
- * networks and most implementations do not seem to use it.
- * However, try to reply to authentication attempts if someone
- * has actually implemented this.
- */
- if (auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1)
- ieee80211_send_auth(sdata, 2, WLAN_AUTH_OPEN, NULL, 0, mgmt->sa,
- sdata->u.ibss.bssid, NULL, 0, 0);
-}
-
static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
const u8 *bssid, const int beacon_int,
struct ieee80211_channel *chan,
@@ -275,7 +250,8 @@ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
cbss->tsf);
}
-static struct sta_info *ieee80211_ibss_finish_sta(struct sta_info *sta)
+static struct sta_info *ieee80211_ibss_finish_sta(struct sta_info *sta,
+ bool auth)
__acquires(RCU)
{
struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -298,20 +274,22 @@ static struct sta_info *ieee80211_ibss_finish_sta(struct sta_info *sta)
/* If it fails, maybe we raced another insertion? */
if (sta_info_insert_rcu(sta))
return sta_info_get(sdata, addr);
+ if (auth) {
#ifdef CONFIG_MAC80211_IBSS_DEBUG
- printk(KERN_DEBUG "TX Auth SA=%pM DA=%pM BSSID=%pM"
- "(auth_transaction=1)\n", sdata->vif.addr,
- sdata->u.ibss.bssid, addr);
+ printk(KERN_DEBUG "TX Auth SA=%pM DA=%pM BSSID=%pM"
+ "(auth_transaction=1)\n", sdata->vif.addr,
+ sdata->u.ibss.bssid, addr);
#endif
- ieee80211_send_auth(sdata, 1, WLAN_AUTH_OPEN, NULL, 0,
- addr, sdata->u.ibss.bssid, NULL, 0, 0);
+ ieee80211_send_auth(sdata, 1, WLAN_AUTH_OPEN, NULL, 0,
+ addr, sdata->u.ibss.bssid, NULL, 0, 0);
+ }
return sta;
}
static struct sta_info *
ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
const u8 *bssid, const u8 *addr,
- u32 supp_rates)
+ u32 supp_rates, bool auth)
__acquires(RCU)
{
struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
@@ -353,7 +331,42 @@ ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
sta->sta.supp_rates[band] = supp_rates |
ieee80211_mandatory_rates(local, band);
- return ieee80211_ibss_finish_sta(sta);
+ return ieee80211_ibss_finish_sta(sta, auth);
+}
+
+static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
+ struct ieee80211_mgmt *mgmt,
+ size_t len)
+{
+ u16 auth_alg, auth_transaction;
+
+ lockdep_assert_held(&sdata->u.ibss.mtx);
+
+ if (len < 24 + 6)
+ return;
+
+ auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
+ auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
+
+ if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1)
+ return;
+#ifdef CONFIG_MAC80211_IBSS_DEBUG
+ printk(KERN_DEBUG "%s: RX Auth SA=%pM DA=%pM BSSID=%pM."
+ "(auth_transaction=%d)\n",
+ sdata->name, mgmt->sa, mgmt->da, mgmt->bssid, auth_transaction);
+#endif
+ sta_info_destroy_addr(sdata, mgmt->sa);
+ ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa, 0, false);
+ rcu_read_unlock();
+
+ /*
+ * IEEE 802.11 standard does not require authentication in IBSS
+ * networks and most implementations do not seem to use it.
+ * However, try to reply to authentication attempts if someone
+ * has actually implemented this.
+ */
+ ieee80211_send_auth(sdata, 2, WLAN_AUTH_OPEN, NULL, 0,
+ mgmt->sa, sdata->u.ibss.bssid, NULL, 0, 0);
}
static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
@@ -418,7 +431,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
} else {
rcu_read_unlock();
sta = ieee80211_ibss_add_sta(sdata, mgmt->bssid,
- mgmt->sa, supp_rates);
+ mgmt->sa, supp_rates, true);
}
}
@@ -546,7 +559,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
ieee80211_sta_join_ibss(sdata, bss);
supp_rates = ieee80211_sta_get_rates(local, elems, band);
ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa,
- supp_rates);
+ supp_rates, true);
rcu_read_unlock();
}
@@ -947,7 +960,7 @@ void ieee80211_ibss_work(struct ieee80211_sub_if_data *sdata)
list_del(&sta->list);
spin_unlock_bh(&ifibss->incomplete_lock);
- ieee80211_ibss_finish_sta(sta);
+ ieee80211_ibss_finish_sta(sta, true);
rcu_read_unlock();
spin_lock_bh(&ifibss->incomplete_lock);
}
--
1.7.9.4
If the IBSS network is RSN-protected, let userspace authorize the stations
instead of adding them as AUTHORIZED by default.
Signed-off-by: Antonio Quartulli <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
---
include/net/cfg80211.h | 5 +++++
net/mac80211/ibss.c | 6 +++++-
net/mac80211/ieee80211_i.h | 2 ++
net/wireless/nl80211.c | 20 ++++++++++++--------
4 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 229edc5..e0c9ff3 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -1147,6 +1147,10 @@ struct cfg80211_disassoc_request {
* @beacon_interval: beacon interval to use
* @privacy: this is a protected network, keys will be configured
* after joining
+ * @control_port: whether user space controls IEEE 802.1X port, i.e.,
+ * sets/clears %NL80211_STA_FLAG_AUTHORIZED. If true, the driver is
+ * required to assume that the port is unauthorized until authorized by
+ * user space. Otherwise, port is marked authorized by default.
* @basic_rates: bitmap of basic rates to use when creating the IBSS
* @mcast_rate: per-band multicast rate index + 1 (0: disabled)
*/
@@ -1161,6 +1165,7 @@ struct cfg80211_ibss_params {
u32 basic_rates;
bool channel_fixed;
bool privacy;
+ bool control_port;
int mcast_rate[IEEE80211_NUM_BANDS];
};
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 7b3a0b0..8361da4 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -268,7 +268,10 @@ static struct sta_info *ieee80211_ibss_finish_sta(struct sta_info *sta,
sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
- sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
+ /* authorize the station only if the network is not RSN protected. If
+ * not wait for the userspace to authorize it */
+ if (!sta->sdata->u.ibss.control_port)
+ sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
rate_control_rate_init(sta);
@@ -1075,6 +1078,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
sdata->u.ibss.fixed_bssid = false;
sdata->u.ibss.privacy = params->privacy;
+ sdata->u.ibss.control_port = params->control_port;
sdata->u.ibss.basic_rates = params->basic_rates;
memcpy(sdata->vif.bss_conf.mcast_rate, params->mcast_rate,
sizeof(params->mcast_rate));
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index a146b11..74594f0 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -478,6 +478,8 @@ struct ieee80211_if_ibss {
bool fixed_channel;
bool privacy;
+ bool control_port;
+
u8 bssid[ETH_ALEN];
u8 ssid[IEEE80211_MAX_SSID_LEN];
u8 ssid_len, ie_len;
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e1fd1bf..f1681e2 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2654,13 +2654,6 @@ static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
break;
case NL80211_IFTYPE_P2P_CLIENT:
case NL80211_IFTYPE_STATION:
- /* disallow things sta doesn't support */
- if (params.plink_action)
- return -EINVAL;
- if (params.ht_capa)
- return -EINVAL;
- if (params.listen_interval >= 0)
- return -EINVAL;
/*
* Don't allow userspace to change the TDLS_PEER flag,
* but silently ignore attempts to change it since we
@@ -2668,7 +2661,15 @@ static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
* to change the flag.
*/
params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
-
+ /* fall through */
+ case NL80211_IFTYPE_ADHOC:
+ /* disallow things sta doesn't support */
+ if (params.plink_action)
+ return -EINVAL;
+ if (params.ht_capa)
+ return -EINVAL;
+ if (params.listen_interval >= 0)
+ return -EINVAL;
/* reject any changes other than AUTHORIZED */
if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
return -EINVAL;
@@ -4802,6 +4803,9 @@ static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
return PTR_ERR(connkeys);
}
+ ibss.control_port =
+ nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
+
err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
if (err)
kfree(connkeys);
--
1.7.9.4
Actually the DA field has already been checked along the rx path (in
prepare_for_handlers()) and this check is therefore useless at this point.
Signed-off-by: Antonio Quartulli <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
---
net/mac80211/ibss.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 4345e94..b253d0a 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -853,9 +853,6 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
size_t baselen;
struct ieee802_11_elems elems;
- if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN))
- return; /* ignore ProbeResp to foreign address */
-
baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
if (baselen > len)
return;
--
1.7.9.4
Sorry John and the others,
this patchset is a mistake.
It has already been merged. I wrongly sent it over the ml again.
Cheers,
On Sat, Jun 16, 2012 at 06:50:01PM +0200, Antonio Quartulli wrote:
> In case of authentication frame exchange between two IBSS STAs, the
> DA field must contain the destinatioin address (instead of the BSSID).
>
> Signed-off-by: Antonio Quartulli <[email protected]>
> Signed-off-by: John W. Linville <[email protected]>
> ---
> net/mac80211/ibss.c | 2 +-
> net/mac80211/ieee80211_i.h | 2 +-
> net/mac80211/util.c | 6 +++---
> net/mac80211/work.c | 5 +++--
> 4 files changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
> index b4c3031..4345e94 100644
> --- a/net/mac80211/ibss.c
> +++ b/net/mac80211/ibss.c
> @@ -57,7 +57,7 @@ static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
> * has actually implemented this.
> */
> if (auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1)
> - ieee80211_send_auth(sdata, 2, WLAN_AUTH_OPEN, NULL, 0,
> + ieee80211_send_auth(sdata, 2, WLAN_AUTH_OPEN, NULL, 0, mgmt->sa,
> sdata->u.ibss.bssid, NULL, 0, 0);
> }
>
> diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
> index 2f0642d..ca6486b 100644
> --- a/net/mac80211/ieee80211_i.h
> +++ b/net/mac80211/ieee80211_i.h
> @@ -1396,7 +1396,7 @@ void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
> void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
> u16 transaction, u16 auth_alg,
> u8 *extra, size_t extra_len, const u8 *bssid,
> - const u8 *key, u8 key_len, u8 key_idx);
> + const u8 *da, const u8 *key, u8 key_len, u8 key_idx);
> int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
> const u8 *ie, size_t ie_len,
> enum ieee80211_band band, u32 rate_mask,
> diff --git a/net/mac80211/util.c b/net/mac80211/util.c
> index 9919892..30d72e2 100644
> --- a/net/mac80211/util.c
> +++ b/net/mac80211/util.c
> @@ -862,8 +862,8 @@ u32 ieee80211_mandatory_rates(struct ieee80211_local *local,
>
> void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
> u16 transaction, u16 auth_alg,
> - u8 *extra, size_t extra_len, const u8 *bssid,
> - const u8 *key, u8 key_len, u8 key_idx)
> + u8 *extra, size_t extra_len, const u8 *da,
> + const u8 *bssid, const u8 *key, u8 key_len, u8 key_idx)
> {
> struct ieee80211_local *local = sdata->local;
> struct sk_buff *skb;
> @@ -881,7 +881,7 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
> memset(mgmt, 0, 24 + 6);
> mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
> IEEE80211_STYPE_AUTH);
> - memcpy(mgmt->da, bssid, ETH_ALEN);
> + memcpy(mgmt->da, da, ETH_ALEN);
> memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
> memcpy(mgmt->bssid, bssid, ETH_ALEN);
> mgmt->u.auth.auth_alg = cpu_to_le16(auth_alg);
> diff --git a/net/mac80211/work.c b/net/mac80211/work.c
> index c6dd01a..0a1a176 100644
> --- a/net/mac80211/work.c
> +++ b/net/mac80211/work.c
> @@ -480,7 +480,8 @@ ieee80211_authenticate(struct ieee80211_work *wk)
> sdata->name, wk->filter_ta, wk->probe_auth.tries);
>
> ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie,
> - wk->ie_len, wk->filter_ta, NULL, 0, 0);
> + wk->ie_len, wk->filter_ta, wk->filter_ta, NULL, 0,
> + 0);
> wk->probe_auth.transaction = 2;
>
> wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
> @@ -598,7 +599,7 @@ static void ieee80211_auth_challenge(struct ieee80211_work *wk,
> return;
> ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm,
> elems.challenge - 2, elems.challenge_len + 2,
> - wk->filter_ta, wk->probe_auth.key,
> + wk->filter_ta, wk->filter_ta, wk->probe_auth.key,
> wk->probe_auth.key_len, wk->probe_auth.key_idx);
> wk->probe_auth.transaction = 4;
> }
> --
> 1.7.9.4
>
--
Antonio Quartulli
..each of us alone is worth nothing..
Ernesto "Che" Guevara
In IBSS mode, whenever a new station is added a 2-way authentication challenge
is performed. Actually this event can be used to recognise a new station joining
the cell even if its sta_info entry is already in the list.
Signed-off-by: Antonio Quartulli <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
---
net/mac80211/ibss.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index b253d0a..a497c03 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -298,6 +298,13 @@ static struct sta_info *ieee80211_ibss_finish_sta(struct sta_info *sta)
/* If it fails, maybe we raced another insertion? */
if (sta_info_insert_rcu(sta))
return sta_info_get(sdata, addr);
+#ifdef CONFIG_MAC80211_IBSS_DEBUG
+ printk(KERN_DEBUG "TX Auth SA=%pM DA=%pM BSSID=%pM"
+ "(auth_transaction=1)\n", sdata->vif.addr,
+ sdata->u.ibss.bssid, addr);
+#endif
+ ieee80211_send_auth(sdata, 1, WLAN_AUTH_OPEN, NULL, 0,
+ addr, sdata->u.ibss.bssid, NULL, 0, 0);
return sta;
}
--
1.7.9.4