summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip/ip4_forward.c
AgeCommit message (Collapse)AuthorFilesLines
2022-02-03ip nat: use ip rx sw_if_index in ip-local arc startFlorin Coras1-3/+2
This also changes the behavior of the nat44-ei hairpinning feature. Rather then enabling the feature on every nat interface, it is enabled only on local0. Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e16a83c9e328aa75fc61df508b620ef743ca775
2022-01-31ip: reassembly - add a way to disable for forusKlement Sekera1-1/+2
Add API to disable full reassembly of "forus" packets. Mark packets passing through ip[4|6]-local nodes with a new buffer flag and check for that flag in reassembly. Enable IP6 "forus" full reassembly by default to be consistent with existing IP4 setting. Type: improvement Change-Id: I7067792fcd4304182654237968e4c4d9293c6143 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-11-23ip: unlock_fib on if deleteNathan Skrzypczak1-0/+9
On interface delete we were not removing the lock taken by a previous ip_table_bind() call thus preventing the VRFs to be removed. Type: fix Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-11-10ip: always set ip rx_sw_if_indexFlorin Coras1-3/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I43f6bfa028ee37227f27a2fe0303662bf2631b10
2021-10-21ip: Add ip46-local node for local swif[rx]Nathan Skrzypczak1-21/+60
Type: improvement This adds a new ip[46]-receive node, sibling of ip[46]-local. Its goal is to set vnet_buffer (b)->ip.rx_sw_if_index to the sw_if_index of the local interface. In dependant nodes further down the line (e.g. hoststack) we then set sw_if_idx[rx] to this value. So that we know which local interface did receive the packet. The TCP issue this fixes is that : On accepts, we were setting tc->sw_if_index to the source sw_if_index. We should use the dest sw_if_index, so that packets coming back on this connection have the right source sw_if_index. And also setting it in the tx-ed packet. Change-Id: I569ed673e15c21e71f365c3ad45439b05bd14a9f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-24ip: set error number on failed intf addrMatthew Smith1-1/+4
Type: fix A subinterface that does not have exact match enabled cannot have an IP address configured on it. When this is validated in the functions which add an interface IP address for IPv4 and IPv6, a clib_error_t * is returned but api_errno is not set. The API handler uses the value of vnet_main.api_errno to set the return value in it's reply. Since it was not set, the API reports the operation succeeded. Set vnet_main.api_errno if vnet_sw_interface_supports_addressing() returns a non-null value when adding/deleting an interface IP address. Change-Id: I257a30d21788986102a2a719235e714ff16a24e8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-09-16vxlan: improve to use the hardware offloadMohsin Kazmi1-1/+2
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ic0fa4f83048a280a7d1b04198c0f903798562d2d
2021-09-13interface: fix init fib_index_by_sw_if_indexNathan Skrzypczak1-8/+9
Type: fix The init of fib_index_by_sw_if_index wasn't setting default value to 0. Which we now need for setting interfaces unnumbered Change-Id: Ie5be9b5e5373ef055557a871ad4d1c45fbfc1dee Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-08-14ip: Fix crash in ip address add on sub-int without exact-matchPim van Pelt1-6/+3
Type: fix Creating a sub-int without exact-match set, and subsequently adding an IPv4 or IPv6 address will crash VPP. This fix catches this situation and refuses to allow the caller to add an IPv4 or IPv6 address on an ethernet sub-int that does not have exact-match set. TESTED: Before this change, the following crashes VPP: ``` DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10 TenGigabitEthernet3/0/0.1 DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8::1/64 <crash> ``` After the change, VPP refuses to act: ``` DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10 TenGigabitEthernet3/0/0.1 DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 192.0.2.1/30 set interface ip address: sub-interface without exact-match doesn't support IP addressing DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8:1/64 set interface ip address: sub-interface without exact-match doesn't support IP addressing ``` Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I42997db314225cd186ebb54013b5717ace7f7bd6
2021-08-10ip: Use the IP4 lookup functionsNeale Ranns1-27/+5
Type: refactor as opposed to wrtiing out the mtrie steps one by one each time. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I1248861350f9189f9a67ac6e68940813af279e03
2021-08-10ip: Remove the 'test lookup' CLI commandNeale Ranns1-97/+0
Type: fix There's no such thing as a conflict between the FIB and adj tables. This is code that should have been removed way back in 16.04. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I4524e7921b03b89106dd1f35aa1171d0945367cf
2021-07-15misc: replace CLIB_PREFETCH with clib_prefetch_{load,store}Damjan Marion1-6/+6
Type: refactor Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-06-07pg: Reduce the inclusion of pg.hNeale Ranns1-0/+1
Type: style reduce the number of files recompiled after changing pg.h from 1110 to 102. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I50611eba818eeb3a2dffd437a3c72c77766bed80
2021-05-05vlib: move offload flags to 1st cacheline in vlib_buffer_tMohsin Kazmi1-2/+2
Type: improvement Some tests i.e. ipsec see performance regression when offload flags are moved to 2nd cacheline. This patch moves them back to 1st cacheline. Change-Id: I6ead45ff6d2c467b0d248f409e27c2ba31758741 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-04-22ip: remove unnecesary inlining in ip4-rewrite nodeDamjan Marion1-16/+3
Type: refactor Change-Id: Ifbaf42ef88a7e0f1715b7b5e342af790e3b6acd9 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-02-15vlib: refactor checksum offload supportMohsin Kazmi1-4/+5
Type: refactor This patch refactors the offload flags in vlib_buffer_t. There are two main reasons behind this refactoring. First, offload flags are insufficient to represent outer and inner headers offloads. Second, room for these flags in first cacheline of vlib_buffer_t is also limited. This patch introduces a generic offload flag in first cacheline. And detailed offload flags in 2nd cacheline of the structure for performance optimization. Change-Id: Icc363a142fb9208ec7113ab5bbfc8230181f6004 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-01-21ip: use IPv6 flowlabel in flow hash computationAhmed Abdelsalam1-21/+7
extends ip6_compute_flow_hash() to include IPv6 flowlabel in flowhash computation Type: improvement Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Id1aaa20c9dac729c22b714eea1cdd6e9e4d1f75e
2020-12-14misc: move to new pool_foreach macrosDamjan Marion1-3/+3
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-11ip: ip4 rewrite prefetch optimizationPiotrX Kleski1-2/+5
Type: improvement ip4_rewrite_inline_with_gso() did vlib_prefetch_buffer_header() for all nodes. However it is not necessary for ip-rewrite, it is only needed by ip-midchain. This patch makes ip4-rewrite prefetches less buffers to save cycles. Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Change-Id: Ib82dcb0eda4a2d1d7b8d664f2224d49b72aef50f
2020-12-08fib: Adjacency flag for midchain to perfom flow hash (on inner packet)Neale Ranns1-4/+4
Type: feature Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: I964afd9266645de5c87d49c58ce6b48c2c18f97f
2020-12-08fib: Source Address SelectionNeale Ranns1-89/+49
Type: feature Use the FIB to provide SAS (in so far as it is today) - Use the glean adjacency as the record of the connected prefixes = there's a glean per-{interface, protocol, connected-prefix} - Keep the glean up to date with whatever the recieve host prefix is (since it can change) Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: I0f3dd1edb1f3fc965af1c7c586709028eb9cdeac
2020-09-23ip: use main heap for mtrie, part 2 (remove args)Damjan Marion1-26/+0
Type: improvement Change-Id: I8c28c845c75657852f1e513e2832771fad6b90b7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-01ip: fix ip zero checksum verificationBenoît Ganne1-2/+2
In one's complement, there are two representations of zero: the all zero and the all one bit values, often referred to as +0 and -0. See RFC 1624 section 3 for more details. This used to be taken care of in ip4_header_checksum(), but it is no longer the case. The check ip->checksum == ip4_header_checksum (ip) is no longer correct in the -0 case. Always use ip4_header_checksum_is_valid() instead (which behaves correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4). Type: fix Fixes: e5f0050c7a5d411f96af6401797529d58825e2af Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-06-12ip: allocate ip4 mtrie pages in htlb memoryDave Barach1-0/+3
No change in default behavior. To use htlb pages for the ip4 mtrie, use the "ip" command-line option "mtrie-hugetlb". Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I5497e426a47200edff2c7e15563ed6a42af12e7f
2020-06-08vxlan: Fixed checksum caclculation offsetVladimir Isaev1-8/+4
VXLAN uses csum_offload for IPv6 packets. But without gso node we have csum calculated only for inner packet. This patch adds support for outer header csum calculation. Checksum for inner packet should be calculated before interface-output node (for example in vxlan node). Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Ica68429ede4426293769207cd83c791ebe72fe56
2020-05-27ethernet: fix DMAC check and skip unnecessary ones (VPP-1868)John Lo1-0/+7
Fix and optimize DMAC check in ethernet-input node to utilize NIC or driver which support L3 DMAC-filtering mode so that DMAC check can be bypassed safely for interfaces/sub-interfaces in L3 mode. Checking of interface in L3-DMAC-filtering state to avoid DMAC check require the following: a) Fix interface driver init sequence for devices which supports L3 DMAC-filtering to indicate its capability and initialize interface to L3 DMAC-filtering state. b) Fix ethernet_set_flags() function and its associated callback flags_change() functions registered by various drivers in interface infra to provide proper L3 DMAC filtering status. Maintain interface/sub-interface L3 config count so DMAC checks can be bypassed if L3 forwarding is not setup on any main/sub-interfaces. Type: fix Ticket: VPP-1868 Signed-off-by: John Lo <loj@cisco.com> Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
2020-05-21ip: Dual loop error in midchain chksumNeale Ranns1-1/+1
Type: fix Change-Id: Idf7c80b7d81f796bd0512bca4276bcfcf2af241a Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-14ip: fix interface ip address del sw_if_index checkyedg1-1/+4
Type: fix Signed-off-by: Ye donggang <yedg@wangsu.com> Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
2020-05-04fib: midchain adjacency optimisationsNeale Ranns1-31/+55
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-04-23ip: Replace Sematics for Interface IP addressesNeale Ranns1-15/+80
Type: feature - replace functions for prefixes attached to interfaces - add ip_interface.[ch] to consoldate the functions Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I9c0c39c09dbf80ea1aadefee02c9bd16f094b6ad
2020-04-15misc: refactor calc_checksumsDave Barach1-4/+12
Merge two mildly incompatible static inlines, and rename the results vnet_calc_checksums_inline (...). The resulting inline has three additional parameters: int is_ip4, int is_ip6, and int with_gso. All calls manage to pass one or more as compile-time constants, which causes a certain amount of code to disappear in each instantiation. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I1a2a0e353b9a7bca20bc81318e8c915617261e1a
2020-04-14urpf: Unicast reverse Path Forwarding (plugin)Neale Ranns1-14/+0
Type: feature - move the IP4 code to plugin - add ip6 support - add suport for uRPF on TX - add tests Change-Id: I074c2debc486d3e79c12fad4b8dbd72c41e841a0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-04-08ip: do not clear the locally-originated flagNeale Ranns1-8/+2
Type: fix - doing so in MTU dec, means mtu_inc is broken - there's no need to. if a packet encounters ipX-rewrite a second time then it went through a tunnel the first time and is still locally originated. Change-Id: I0f279c2837b608c1677485fe93f63398ab2737b3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-17fib: Always install all routers mcast addressesNeale Ranns1-0/+3
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ia8dff15855a81cf29729bdaa3ff28fbe3254fa97
2020-02-11ip: fix ip-local errorsFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie8bc5c9a03e858487cf565b4e9b520e6b496337a
2020-01-14classify: Reduce the include dependencies on vnet_classify.hNeale Ranns1-0/+1
Type: refactor currently vnet_classify.h is included in ip.h where it's not required. Change-Id: Id55682637601655aa2edda681536a979c8e323bd Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-11ip: avoid fib lookup for consecutive pkts having same source IPNitin Saxena1-5/+5
Type: fix Fixes: be2286b0 This patch does following: - If terminating frame has consecutive packets with same source IP, this patch avoids fib lookup for those packets in ip4-local node. This drops cycle count for ip4-local node on both ARM and x86. It being done by enabling dead code in else {} case of ip4_local_check_src_x2() and ip4_local_check_src() functions. - In case all packets in terminating frame have unique source IP (e.g: incrementing), ip4-local is costlier by 2 cycles (broadwell) Change-Id: I472ddc324716cec8bfe601568b8aeb7565f97ab3 Signed-off-by: Nitin Saxena <nsaxena@marvell.com>
2019-12-17ip: Protocol Independent IP NeighborsNeale Ranns1-343/+0
Type: feature - ip-neighbour: generic neighbour handling; APIs, DBs, event handling, aging - arp: ARP protocol implementation - ip6-nd; IPv6 neighbor discovery implementation; separate ND, MLD, RA - ip6-link; manage link-local addresses - l2-arp-term; events separated from IP neighbours, since they are not the same. vnet retains just enough education to perform ND/ARP packet construction. arp and ip6-nd to be moved to plugins soon. Change-Id: I88dedd0006b299344f4c7024a0aa5baa6b9a8bbe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-04gso: remove the interface countMohsin Kazmi1-15/+7
Type: refactor Change-Id: I51405b9d09fb6fb03d08569369fdd4e11c647908 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-12-03fib: constify the adjacency in the rewrite nodesNeale Ranns1-1/+1
Type: refactor Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I3aad20b35d89fc541fdf185096d71ca12b09a6e2
2019-11-11ip: functional interface to ip fragmentationOle Troan1-8/+8
This provides a functional interface to IP fragmentation. Allowing external features to fragment. Supports arbitrary encap size, for e.g. MPLS or inner fragmentation of tunnels. This also removed dual loop in MAP that was fundamentally broken. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8 Signed-off-by: Ole Troan <ot@cisco.com>
2019-11-05ip: Fragmentation fixesNeale Ranns1-96/+121
Type: fix if the packet is about to be fragmented, then don't call any of the actions that expect the rewrite to have been written. 1) don't double count packets thru the adjacency (original & fragments) 2) don't double decrement the TTL for fragments 3) return to ip4-midchain post ip-frag if that's where we started. 4) only run midchain/mcast fixups if not fragmenting (if no errors) Change-Id: Ib2866787a42713ee5871b87b597d8f74b901044b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-10-10tcp: custom checksum calculations for Ipv4/Ipv6Srikanth A1-43/+3
Type: feature Based on the configuration, we can disable checksum offload capability and calculate checksum while pushing the TCP & IP header. This saves some cycles when VPP stack is used in legacy hardware devices. Signed-off-by: Srikanth A <srakula@cisco.com> Change-Id: Ic1b3fcf3040917e47ee65263694ebf7437ac5668 (cherry picked from commit 3642782a2748503f5b5ccf89d1575c1d489948ef)
2019-09-25ip: refactor reassemblyKlement Sekera1-1/+1
this is a preparation step for introducing other reassembly types Type: refactor Change-Id: I197e299dbd729b00eead31667913b8ceff915d63 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-09-16api: autogenerate api trace print/endianOle Troan1-1/+3
In addition to the external vppapitrace tool, VPP itself supports dumping of API trace files. In two formats, "custom-dump" and "dump". "dump" gives a human friendly list, and "custom-dump" is meant to give a list of commands that can be fed to VAT. This patch only deals with "dump". Prior to this fix, auto-generation was only done for the basic types. This fix adds support for any type, including lists, and supports pretty-printing of enums, strings, IP addresses, MAC addresses and so on. Usage: api trace dump <api-trace-file> For example Change-Id: I4e485680e6dcfce7489299ae6cf31d835071ac40 ---------- trace 48 ----------- vl_api_sw_interface_set_flags_t: _vl_msg_id: 75 client_index: 0 context: 10 sw_if_index: 1 flags: IF_STATUS_API_FLAG_ADMIN_UP ---------- trace 49 ----------- vl_api_sw_interface_add_del_address_t: _vl_msg_id: 88 client_index: 0 context: 11 sw_if_index: 1 is_add: 1 del_all: 0 prefix: 172.16.1.1/24 ---------- trace 51 ----------- vl_api_cli_inband_t: _vl_msg_id: 819 client_index: 0 context: 13 cmd: packet-generator capture pg0 pcap /tmp/vpp-unittest-TestMAP-YhcmDX/pg0_out.pcap disable ---------- trace 58 ----------- vl_api_ip_neighbor_add_del_t: _vl_msg_id: 199 client_index: 0 context: 20 is_add: 1 neighbor: sw_if_index: 2 flags: IP_API_NEIGHBOR_FLAG_NONE mac_address: 0202.0000.ff02 ip_address: fd01:2::2 Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I5556d06008de2762e7c2d35a8b0963ae670b3db1 Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2019-09-11ip: apply dual loop unrolling in ip4_rewriteLijian.Zhang1-0/+131
Too many prefetches within loop unrollings induce bottleneck and performance degradation on some CPUs which have less cache line fill buffers, e.g, Arm Cortex-A72. Apply dual loop unrolling and tune prefetches manually to remove hot-spot with prefetch instructions, to get throughput improvement. It brings about 7% throughput improvement and saves 28% clocks with ip4_rewrite nodes on Cortex-A72 CPUs. Type: feature Change-Id: I0d35ef19faccbd7a5a4647f50bc369bfcb01a20d Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
2019-09-07ip: fix udp/tcp checksum corner casesDave Barach1-3/+15
When checksumming chained buffers with odd lengths: insert a NULL byte, or the calculation fails. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: John Lo <loj@cisco.com> Change-Id: I380f7c42897bdb28c8c29aa1c4cdaaa849cc9ecc
2019-08-19ip: leverage existing vlib_buffer_advanceZhiyong Yang1-6/+3
The function ip4_rewrite_inline_with_gso can leverage the existing vlib_buffer_advance to simplify code. Type: fix Change-Id: I25d943dc78aba2f67654385cf3f693eb01e0210e Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-08-12ip: allow addrs from the same prefix on intfMatthew Smith1-79/+234
Type: feature Adding a prefix to an interface was not permitted if it overlapped with another prefix on an interface which used the same FIB. Loosen the restriction. Allow 2 or more addresses from the same prefix on a single interface. Reference count the prefix to figure out when a glean/connected route for the prefix needs to be added or removed. Added unit tests to check that the route is only removed when all addresses in the prefix are removed from the interface. Change-Id: I1a962ecb5e1ee65fc6d41f98a4cc097a51a55321 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-08-03ip: fix ip6/udp checksum for pkts using buffer chainingJohn Lo1-0/+3
Fix ip6_tcp_udp_icmp_compute_checksum to work properly for packets with multiple buffers. Fix ip4_tcp_udp_compute_checksum to exit upon detecting error. Type: fix Signed-off-by: John Lo <loj@cisco.com> Change-Id: I673547f4479d72cd60757383343fc562cff10265