- 29 Dec, 2023 5 commits
-
-
Ido Schimmel authored
As explained in commit e0378187 ("drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group"), the "flags" field in the multicast group structure reuses uAPI flags despite the field not being exposed to user space. This makes it impossible to extend its use without adding new uAPI flags, which is inappropriate for internal kernel checks. Solve this by adding internal flags (i.e., "GENL_MCAST_*") and convert the existing users to use them instead of the uAPI flags. Tested using the reproducers in commit 44ec98ea ("psample: Require 'CAP_NET_ADMIN' when joining "packets" group") and commit e0378187 ("drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group"). No functional changes intended. Signed-off-by:
Ido Schimmel <idosch@nvidia.com> Reviewed-by:
Mat Martineau <martineau@kernel.org> Reviewed-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Greg Kroah-Hartman authored
Now that the driver core can properly handle constant struct bus_type, move the iucv_bus variable to be a constant structure as well, placing it into read-only memory which can not be modified at runtime. Cc: Wenjia Zhang <wenjia@linux.ibm.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: linux-s390@vger.kernel.org Cc: netdev@vger.kernel.org Acked-by:
Alexandra Winter <wintera@linux.ibm.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
-
Jonathan Corbet authored
The kerneldoc comment for struct ethtool_fec_stats attempts to describe the "total" and "lanes" fields of the ethtool_fec_stat substructure in a way leading to these warnings: ./include/linux/ethtool.h:424: warning: Excess struct member 'lane' description in 'ethtool_fec_stats' ./include/linux/ethtool.h:424: warning: Excess struct member 'total' description in 'ethtool_fec_stats' Reformat the comment to retain the information while eliminating the warnings. Signed-off-by:
Jonathan Corbet <corbet@lwn.net> Reviewed-by:
Randy Dunlap <rdunlap@infradead.org> Signed-off-by:
-
Jonathan Corbet authored
The kernel doc comments for struct ethtool_link_settings includes documentation for three fields that were never present there, leading to these docs-build warnings: ./include/uapi/linux/ethtool.h:2207: warning: Excess struct member 'supported' description in 'ethtool_link_settings' ./include/uapi/linux/ethtool.h:2207: warning: Excess struct member 'advertising' description in 'ethtool_link_settings' ./include/uapi/linux/ethtool.h:2207: warning: Excess struct member 'lp_advertising' description in 'ethtool_link_settings' Remove the entries to make the warnings go away. There was some information there on how data in >link_mode_masks is formatted; move that to the body of the comment to preserve it. Signed-off-by:
-
Jonathan Corbet authored
Remove a couple of kerneldoc entries for struct members that do not exist, addressing these warnings: ./include/net/sock.h:548: warning: Excess struct member '__sk_flags_offset' description in 'sock' ./include/net/sock.h:548: warning: Excess struct member 'sk_padding' description in 'sock' Signed-off-by:
-
- 27 Dec, 2023 11 commits
-
-
Kevin Hao authored
A freezable kernel thread can enter frozen state during freezing by either calling try_to_freeze() or using wait_event_freezable() and its variants. So for the following snippet of code in a kernel thread loop: wait_event_interruptible_timeout(); try_to_freeze(); We can change it to a simple wait_event_freezable_timeout() and then eliminate a function call. Signed-off-by:
Kevin Hao <haokexin@gmail.com> Signed-off-by:
-
David S. Miller authored
Radu Pirea says: ==================== Add MACsec support for TJA11XX C45 PHYs This is the MACsec support for TJA11XX PHYs. The MACsec block encrypts the ethernet frames on the fly and has no buffering. This operation will grow the frames by 32 bytes. If the frames are sent back to back, the MACsec block will not have enough room to insert the SecTAG and the ICV and the frames will be dropped. To mitigate this, the PHY can parse a specific ethertype with some padding bytes and replace them with the SecTAG and ICV. These padding bytes might be dummy or might contain information about TX SC that must be used to encrypt the frame. ==================== Signed-off-by: -
Radu Pirea (NXP OSS) authored
Implement mdo_insert_tx_tag to insert the TLV header in the ethernet frame. Signed-off-by:
Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com> Signed-off-by:
-
Radu Pirea (NXP OSS) authored
Add MACsec statistics callbacks. The statistic registers must be set to 0 if the SC/SA is deleted to read relevant values next time when the SC/SA is used. Signed-off-by:
-
Radu Pirea (NXP OSS) authored
Add MACsec support. The MACsec block has four TX SCs and four RX SCs. The driver supports up to four SecY. Each SecY with one TX SC and one RX SC. The RX SCs can have two keys, key A and key B, written in hardware and enabled at the same time. The TX SCs can have two keys written in hardware, but only one can be active at a given time. On TX, the SC is selected using the MAC source address. Due of this selection mechanism, each offloaded netdev must have a unique MAC address. On RX, the SC is selected by SCI(found in SecTAG or calculated using MAC SA), or using RX SC 0 as implicit. Signed-off-by:
-
Radu Pirea (NXP OSS) authored
Offloading MACsec in PHYs requires inserting the SecTAG and the ICV in the ethernet frame. This operation will increase the frame size with up to 32 bytes. If the frames are sent at line rate, the PHY will not have enough room to insert the SecTAG and the ICV. Some PHYs use a hardware buffer to store a number of ethernet frames and, if it fills up, a pause frame is sent to the MAC to control the flow. This HW implementation does not need any modification in the stack. Other PHYs might offer to use a specific ethertype with some padding bytes present in the ethernet frame. This ethertype and its associated bytes will be replaced by the SecTAG and ICV. mdo_insert_tx_tag allows the PHY drivers to add any specific tag in the skb. Signed-off-by:
-
Radu Pirea (NXP OSS) authored
Revert the MAC address if mdo_upd_secy fails. Offloaded MACsec device might be left in an inconsistent state. Signed-off-by:
-
Radu Pirea (NXP OSS) authored
Add description for fields of struct macsec_context and struct macsec_ops. Signed-off-by:
-
Radu Pirea (NXP OSS) authored
Move sci_to_cpu to the MACsec header to use it in drivers. Signed-off-by:
-
Radu Pirea (NXP OSS) authored
Use skb_ensure_writable_head_tail to expand the skb if needed instead of reimplementing a similar operation. Signed-off-by:
-
Radu Pirea (NXP OSS) authored
Rename dsa_realloc_skb to skb_ensure_writable_head_tail and move it to skbuff.c to use it as helper. Signed-off-by:
-
- 26 Dec, 2023 24 commits
-
-
Lin Ma authored
It appears that there is a typo in the code where the nlattr array is being parsed with policy br_cfm_cc_ccm_tx_policy, but the instance is being accessed via IFLA_BRIDGE_CFM_CC_RDI_INSTANCE, which is associated with the policy br_cfm_cc_rdi_policy. This problem was introduced by commit 2be665c3 ("bridge: cfm: Netlink SET configuration Interface."). Though it seems like a harmless typo since these two enum owns the exact same value (1 here), it is quite misleading hence fix it by using the correct enum IFLA_BRIDGE_CFM_CC_CCM_TX_INSTANCE here. Signed-off-by:
Lin Ma <linma@zju.edu.cn> Reviewed-by:
Simon Horman <horms@kernel.org> Acked-by:
Nikolay Aleksandrov <razor@blackwall.org> Signed-off-by:
-
David S. Miller authored
Matthieu Baerts says: ==================== mptcp: cleanup and support more ephemeral ports sockopts Patch 1 is a cleanup one: mptcp_is_tcpsk() helper was modifying sock_ops in some cases which is unexpected with that name. Patch 2 to 4 add support for two socket options: IP_LOCAL_PORT_RANGE and IP_BIND_ADDRESS_NO_PORT. The first one is a preparation patch, the second one adds the support while the last one modifies an existing selftest to validate the new features. ==================== Signed-off-by:
Matthieu Baerts <matttbe@kernel.org> Signed-off-by:
-
Maxim Galaganov authored
Since previous commit, MPTCP has support for IP_BIND_ADDRESS_NO_PORT and IP_LOCAL_PORT_RANGE sockopts. Add ip4_mptcp and ip6_mptcp fixture variants to ip_local_port_range selftest to provide selftest coverage for these sockopts. Acked-by:
Maxim Galaganov <max@internet.ru> Signed-off-by:
-
Maxim Galaganov authored
Support for IP_BIND_ADDRESS_NO_PORT sockopt was introduced in [1]. Recently [2] allowed its value to be accessed without locking the socket. Support for (newer) IP_LOCAL_PORT_RANGE sockopt was introduced in [3]. In the same series a selftest was added in [4]. This selftest also covers the IP_BIND_ADDRESS_NO_PORT sockopt. This patch enables getsockopt()/setsockopt() on MPTCP sockets for these socket options, syncing set values to subflows in sync_socket_options(). Ephemeral port range is synced to subflows, enabling NAT usecase described in [3]. [1] commit 90c337da ("inet: add IP_BIND_ADDRESS_NO_PORT to overcome bind(0) limitations") [2] commit ca571e2e ("inet: move inet->bind_address_no_port to inet->inet_flags") [3] commit 91d0b78c ("inet: Add IP_LOCAL_PORT_RANGE socket option") [4] commit ae543965 ("selftests/net: Cover the IP_LOCAL_PORT_RANGE socket option") Signed-off-by:
-
Maxim Galaganov authored
Next patch extends this function so that it's not specific to IP_TRANSPARENT. Change function name to mptcp_setsockopt_sol_ip_set(). Reviewed-by:
-
Davide Caratti authored
Eric Dumazet suggests: > The fact that mptcp_is_tcpsk() was able to write over sock->ops was a > bit strange to me. > mptcp_is_tcpsk() should answer a question, with a read-only argument. re-factor code to avoid overwriting sock_ops inside that function. Also, change the helper name to reflect the semantics and to disambiguate from its dual, sk_is_mptcp(). While at it, collapse mptcp_stream_accept() and mptcp_accept() into a single function, where fallback / non-fallback are separated into a single sk_is_mptcp() conditional. Link: https://github.com/multipath-tcp/mptcp_net-next/issues/432Suggested-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
Davide Caratti <dcaratti@redhat.com> Acked-by:
Paolo Abeni <pabeni@redhat.com> Signed-off-by:
-
Christian Marangi authored
Better align function variables to open parenthesis as suggested by checkpatch script for qca808x function to make code cleaner. For cable_test_get_status function some additional rework was needed to handle too long functions. Signed-off-by:
Christian Marangi <ansuelsmth@gmail.com> Reviewed-by:
Andrew Lunn <andrew@lunn.ch> Signed-off-by:
-
David S. Miller authored
Victor Nogueira says: ==================== net/sched: Introduce tc block ports tracking and use __context__ The "tc block" is a collection of netdevs/ports which allow qdiscs to share match-action block instances (as opposed to the traditional tc filter per netdev/port)[1]. Up to this point in the implementation, the block is unaware of its ports. This patch makes the tc block ports available to the datapath. For the datapath we provide a use case of the tc block in a mirred action in patch 3. For users can levarage mirred to do something like the following: $ tc qdisc add dev ens7 ingress_block 22 clsact $ tc qdisc add dev ens8 ingress_block 22 clsact $ tc qdisc add dev ens9 ingress_block 22 clsact $ tc filter add block 22 protocol ip pref 25 \ flower dst_ip 192.168.0.0/16 action mirred egress mirror blockid 22 In this case, if the packet arrives on ens8, it will be copied and sent to all ports in the block excluding ens8. Note that the packet is still in the pipeline at this point - meaning other actions could be added after the mirror because mirred copies/clones the skb. Example the following is valid: $ tc filter add block 22 protocol ip pref 25 flower dst_ip 192.168.0.0/16 \ action mirred egress mirror blockid 22 \ action vlan push id 123 \ action mirred egress redirect dev dummy0 redirect behavior always steals the packet from the pipeline and therefore the skb is no longer available for a subsequent action as illustrated above (in redirecting to dummy0). The behavior of redirecting to a tc block is therefore adapted to work in the same manner. So a setup as such: $ tc qdisc add dev ens7 ingress_block 22 $ tc qdisc add dev ens8 ingress_block 22 $ tc qdisc add dev ens9 ingress_block 22 $ tc filter add block 22 protocol ip pref 25 \ flower dst_ip 192.168.0.0/16 action mirred egress redirect blockid 22 for a matching packet arriving on ens7 will first send a copy/clone to ens8 (as in the "mirror" behavior) then to ens9 as in the redirect behavior above. Once this processing is done - no other actions are able to process this skb. i.e it is removed from the "pipeline". In this case, if the packet arrives on ens8, it will be copied and sent to all ports in the block excluding ens8. Patch 1 separates/exports mirror and redirect functions from act_mirred Patch 2 introduces the required infra. Patch 3 Allows mirred to blocks Subsequent patches will come with tdc test cases. __Acknowledgements__ Suggestions from Vlad Buslov and Marcelo Ricardo Leitner made this patchset better. The idea of integrating the ports into the tc block was suggested by Jiri Pirko. [1] See commit ca46abd6 ("Merge branch'net-sched-allow-qdiscs-to-share-filter-block-instances'") Changes in v2: - Remove RFC tag - Add more details in patch 0(Jiri) - When CONFIG_NET_TC_SKB_EXT is selected we have unused qdisc_cb Reported-by: kernel test robot <lkp@intel.com> (and horms@kernel.org) - Fix bad dev dereference in printk of blockcast action (Simon) Changes in v3: - Add missing xa_destroy (pointed out by Vlad) - Remove bugfix pointed by Vlad (will send in separate patch) - Removed ports from subject in patch #2 and typos (suggested by Marcelo) - Remove net_notice_ratelimited debug messages in error cases (suggested by Marcelo) - Minor changes to appease sparse's lock context warning Changes in v4: - Avoid code repetition using gotos in cast_one (suggested by Paolo) - Fix typo in cover letter (pointed out by Paolo) - Create a module description for act_blockcast (reported by Paolo and CI) Changes in v5: - Add new patch which separated mirred into mirror and redirect functions (suggested by Jiri) - Instead of repeating the code to mirror in blockcast use mirror exported function by patch1 (tcf_mirror_act) - Make Block ID into act_blockcast's parameter passed by user space instead of always getting it from SKB (suggested by Jiri) - Add tx_type parameter which will specify what transmission behaviour we want (as described earlier) Changes in v6: - Remove blockcast and make it a part of mirred (suggestd by Jiri) - Block ID is now a mirred parameter - We now allow redirecting and mirroring to either ingress or egress Changes in v7: - Remove set but not used variable in tcf_mirred_act (pointed out by Jakub) Changes in v8: - Fix uapi issues (pointed out by Jiri) - Separate last patch into 3 - two as preparations for adding block ID to mirred and one allowing mirred to block (suggested by Jiri) - Remove declaration initialisation of eg_block and in_block in qdisc_block_add_dev (suggested by Jiri) - Avoid unnecessary if guards in qdisc_block_add_dev (suggested by Jiri) - Remove unncessary block_index retrieval in __qdisc_destroy (suggested by Jiri) ==================== Signed-off-by:
-
Victor Nogueira authored
So far the mirred action has dealt with syntax that handles mirror/redirection for netdev. A matching packet is redirected or mirrored to a target netdev. In this patch we enable mirred to mirror to a tc block as well. IOW, the new syntax looks as follows: ... mirred <ingress | egress> <mirror | redirect> [index INDEX] < <blockid BLOCKID> | <dev <devname>> > Examples of mirroring or redirecting to a tc block: $ tc filter add block 22 protocol ip pref 25 \ flower dst_ip 192.168.0.0/16 action mirred egress mirror blockid 22 $ tc filter add block 22 protocol ip pref 25 \ flower dst_ip 10.10.10.10/32 action mirred egress redirect blockid 22 Co-developed-by:
Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by:
Pedro Tammela <pctammela@mojatatu.com> Signed-off-by:
Victor Nogueira <victor@mojatatu.com> Signed-off-by:
-
Victor Nogueira authored
The act of replacing a device will be repeated by the init logic for the block ID in the patch that allows mirred to a block. Therefore we encapsulate this functionality in a function (tcf_mirred_replace_dev) so that we can reuse it and avoid code repetition. Co-developed-by:
-
Victor Nogueira authored
As a preparation for adding block ID to mirred, separate the part of mirred that redirect/mirrors to a dev into a specific function so that it can be called by blockcast for each dev. Also improve readability. Eg. rename use_reinsert to dont_clone and skb2 to skb_to_send. Co-developed-by:
-
Victor Nogueira authored
The datapath can now find the block of the port in which the packet arrived at. In the next patch we show a possible usage of this patch in a new version of mirred that multicasts to all ports except for the port in which the packet arrived on. Co-developed-by:
-
Victor Nogueira authored
This commit makes tc blocks track which ports have been added to them. And, with that, we'll be able to use this new information to send packets to the block's ports. Which will be done in the patch #3 of this series. Suggested-by:
Jiri Pirko <jiri@nvidia.com> Co-developed-by:
-
Denis Kirjanov authored
Since there are no more users of the macro let's finally burn it Signed-off-by:
Denis Kirjanov <dkirjanov@suse.de> Signed-off-by:
-
Denis Kirjanov authored
SOCK_DEBUG comes from the old days. Let's move logging to standard net core ratelimited logging functions Signed-off-by:
-
David S. Miller authored
Wen Gu says: ==================== net/smc: implement SMCv2.1 virtual ISM device support The fourth edition of SMCv2 adds the SMC version 2.1 feature updates for SMC-Dv2 with virtual ISM. Virtual ISM are created and supported mainly by OS or hypervisor software, comparable to IBM ISM which is based on platform firmware or hardware. With the introduction of virtual ISM, SMCv2.1 makes some updates: - Introduce feature bitmask to indicate supplemental features. - Reserve a range of CHIDs for virtual ISM. - Support extended GIDs (128 bits) in CLC handshake. So this patch set aims to implement these updates in Linux kernel. And it acts as the first part of SMC-D virtual ISM extension & loopback-ism [1]. [1] https://lore.kernel.org/netdev/1695568613-125057-1-git-send-email-guwen@linux.alibaba.com/ v8->v7: - Patch #7: v7 mistakenly changed the type of gid_ext in smc_clc_msg_accept_confirm to u64 instead of __be64 as previous versions when fixing the rebase conflicts. So fix this mistake. v7->v6: Link: https://lore.kernel.org/netdev/20231219084536.8158-1-guwen@linux.alibaba.com/ - Collect the Reviewed-by tag in v6; - Patch #3: redefine the struct smc_clc_msg_accept_confirm; - Patch #7: Because that the Patch #3 already adds '__packed' to smc_clc_msg_accept_confirm, so Patch #7 doesn't need to do the same thing. But this is a minor change, so I kept the 'Reviewed-by' tag. Other changes in previous versions but not yet acked: - Patch #1: Some minor changes in subject and fix the format issue (length exceeds 80 columns) compared to v3. - Patch #5: removes useless ini->feature_mask assignment in __smc_connect() and smc_listen_v2_check() compared to v4. - Patch #8: new added, compared to v3. v6->v5: Link: https://lore.kernel.org/netdev/1702371151-125258-1-git-send-email-guwen@linux.alibaba.com/ - Add 'Reviewed-by' label given in the previous versions: * Patch #4, #6, #9, #10 have nothing changed since v3; - Patch #2: * fix the format issue (Alignment should match open parenthesis) compared to v5; * remove useless clc->hdr.length assignment in smcr_clc_prep_confirm_accept() compared to v5; - Patch #3: new added compared to v5. - Patch #7: some minor changes like aclc_v2->aclc or clc_v2->clc compared to v5 due to the introduction of Patch #3. Since there were no major changes, I kept the 'Reviewed-by' label. Other changes in previous versions but not yet acked: - Patch #1: Some minor changes in subject and fix the format issue (length exceeds 80 columns) compared to v3. - Patch #5: removes useless ini->feature_mask assignment in __smc_connect() and smc_listen_v2_check() compared to v4. - Patch #8: new added, compared to v3. v5->v4: Link: https://lore.kernel.org/netdev/1702021259-41504-1-git-send-email-guwen@linux.alibaba.com/ - Patch #6: improve the comment of SMCD_CLC_MAX_V2_GID_ENTRIES; - Patch #4: remove useless ini->feature_mask assignment; v4->v3: https://lore.kernel.org/netdev/1701920994-73705-1-git-send-email-guwen@linux.alibaba.com/ - Patch #6: use SMCD_CLC_MAX_V2_GID_ENTRIES to indicate the max gid entries in CLC proposal and using SMC_MAX_V2_ISM_DEVS to indicate the max devices to propose; - Patch #6: use i and i+1 in smc_find_ism_v2_device_serv(); - Patch #2: replace the large if-else block in smc_clc_send_confirm_accept() with 2 subfunctions; - Fix missing byte order conversion of GID and token in CLC handshake, which is in a separate patch sending to net: https://lore.kernel.org/netdev/1701882157-87956-1-git-send-email-guwen@linux.alibaba.com/ - Patch #7: add extended GID in SMC-D lgr netlink attribute; v3->v2: https://lore.kernel.org/netdev/1701343695-122657-1-git-send-email-guwen@linux.alibaba.com/ - Rename smc_clc_fill_fce as smc_clc_fill_fce_v2x; - Remove ISM_IDENT_MASK from drivers/s390/net/ism.h; - Add explicitly assigning 'false' to ism_v2_capable in ism_dev_init(); - Remove smc_ism_set_v2_capable() helper for now, and introduce it in later loopback-ism implementation; v2->v1: - Fix sparse complaint; - Rebase to the latest net-next; ==================== Signed-off-by:
-
Wen Gu authored
The System EID (SEID) is an internal EID that is used by the SMCv2 software stack that has a predefined and constant value representing the s390 physical machine that the OS is executing on. So it should be managed by SMC stack instead of ISM driver and be consistent for all ISMv2 device (including virtual ISM devices) on s390 architecture. Suggested-by:
Wen Gu <guwen@linux.alibaba.com> Reviewed-and-tested-by:
Wenjia Zhang <wenjia@linux.ibm.com> Reviewed-by:
-
Wen Gu authored
The system EID (SEID) is an internal EID used by SMC-D to represent the s390 physical machine that OS is executing on. On s390 architecture, it predefined by fixed string and part of cpuid and is enabled regardless of whether underlay device is virtual ISM or platform firmware ISM. However on non-s390 architectures where SMC-D can be used with virtual ISM devices, there is no similar information to identify physical machines, especially in virtualization scenarios. So in such cases, SEID is forcibly disabled and the user-defined UEID will be used to represent the communicable space. Signed-off-by:
-
Wen Gu authored
Virtual ISM devices introduced in SMCv2.1 requires a 128 bit extended GID vs. the existing ISM 64bit GID. So the 2nd 64 bit of extended GID should be included in SMC-D linkgroup netlink attribute as well. Signed-off-by:
-
Wen Gu authored
According to virtual ISM support feature defined by SMCv2.1, GIDs of virtual ISM device are UUIDs defined by RFC4122, which are 128-bits long. So some adaptation work is required. And note that the GIDs of existing platform firmware ISM devices still remain 64-bits long. Signed-off-by:
-
Wen Gu authored
According to virtual ISM support feature defined by SMCv2.1, CHIDs in the range 0xFF00 to 0xFFFF are reserved for use by virtual ISM devices. And two helpers are introduced to distinguish virtual ISM devices from the existing platform firmware ISM devices. Signed-off-by:
-
Wen Gu authored
This introduces virtual ISM device support feature to SMCv2.1 as the first supplemental feature. Signed-off-by:
-
Wen Gu authored
This patch adds SMCv2.x supplemental features negotiation. Supported SMCv2.x supplemental features are represented by feature_mask in FCE field. The negotiation process is as follows. Server Client Proposal(features(c-mask bits)) <----------------------------------------- Accept(features(s-mask bits)) -----------------------------------------> Confirm(features(s&c-mask bits)) <----------------------------------------- Signed-off-by: -
Wen Gu authored
The structs of CLC accept and confirm messages for SMCv1 and SMCv2 are separately defined and often casted to each other in the code, which may increase the risk of errors caused by future divergence of them. So unify them into one struct for better maintainability. Suggested-by:
-
