]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/8021q/vlan.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland...
[mirror_ubuntu-bionic-kernel.git] / net / 8021q / vlan.c
1 /*
2 * INET 802.1Q VLAN
3 * Ethernet-type device handling.
4 *
5 * Authors: Ben Greear <greearb@candelatech.com>
6 * Please send support related email to: netdev@vger.kernel.org
7 * VLAN Home Page: http://www.candelatech.com/~greear/vlan.html
8 *
9 * Fixes:
10 * Fix for packet capture - Nick Eggleston <nick@dccinc.com>;
11 * Add HW acceleration hooks - David S. Miller <davem@redhat.com>;
12 * Correct all the locking - David S. Miller <davem@redhat.com>;
13 * Use hash table for VLAN groups - David S. Miller <davem@redhat.com>
14 *
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version
18 * 2 of the License, or (at your option) any later version.
19 */
20
21 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
22
23 #include <linux/capability.h>
24 #include <linux/module.h>
25 #include <linux/netdevice.h>
26 #include <linux/skbuff.h>
27 #include <linux/slab.h>
28 #include <linux/init.h>
29 #include <linux/rculist.h>
30 #include <net/p8022.h>
31 #include <net/arp.h>
32 #include <linux/rtnetlink.h>
33 #include <linux/notifier.h>
34 #include <net/rtnetlink.h>
35 #include <net/net_namespace.h>
36 #include <net/netns/generic.h>
37 #include <asm/uaccess.h>
38
39 #include <linux/if_vlan.h>
40 #include "vlan.h"
41 #include "vlanproc.h"
42
43 #define DRV_VERSION "1.8"
44
45 /* Global VLAN variables */
46
47 int vlan_net_id __read_mostly;
48
49 const char vlan_fullname[] = "802.1Q VLAN Support";
50 const char vlan_version[] = DRV_VERSION;
51
52 /* End of global variables definitions. */
53
54 static void vlan_group_free(struct vlan_group *grp)
55 {
56 int i;
57
58 for (i = 0; i < VLAN_GROUP_ARRAY_SPLIT_PARTS; i++)
59 kfree(grp->vlan_devices_arrays[i]);
60 kfree(grp);
61 }
62
63 static struct vlan_group *vlan_group_alloc(struct net_device *real_dev)
64 {
65 struct vlan_group *grp;
66
67 grp = kzalloc(sizeof(struct vlan_group), GFP_KERNEL);
68 if (!grp)
69 return NULL;
70
71 grp->real_dev = real_dev;
72 return grp;
73 }
74
75 static int vlan_group_prealloc_vid(struct vlan_group *vg, u16 vlan_id)
76 {
77 struct net_device **array;
78 unsigned int size;
79
80 ASSERT_RTNL();
81
82 array = vg->vlan_devices_arrays[vlan_id / VLAN_GROUP_ARRAY_PART_LEN];
83 if (array != NULL)
84 return 0;
85
86 size = sizeof(struct net_device *) * VLAN_GROUP_ARRAY_PART_LEN;
87 array = kzalloc(size, GFP_KERNEL);
88 if (array == NULL)
89 return -ENOBUFS;
90
91 vg->vlan_devices_arrays[vlan_id / VLAN_GROUP_ARRAY_PART_LEN] = array;
92 return 0;
93 }
94
95 static void vlan_rcu_free(struct rcu_head *rcu)
96 {
97 vlan_group_free(container_of(rcu, struct vlan_group, rcu));
98 }
99
100 void unregister_vlan_dev(struct net_device *dev, struct list_head *head)
101 {
102 struct vlan_dev_info *vlan = vlan_dev_info(dev);
103 struct net_device *real_dev = vlan->real_dev;
104 const struct net_device_ops *ops = real_dev->netdev_ops;
105 struct vlan_group *grp;
106 u16 vlan_id = vlan->vlan_id;
107
108 ASSERT_RTNL();
109
110 grp = rtnl_dereference(real_dev->vlgrp);
111 BUG_ON(!grp);
112
113 /* Take it out of our own structures, but be sure to interlock with
114 * HW accelerating devices or SW vlan input packet processing if
115 * VLAN is not 0 (leave it there for 802.1p).
116 */
117 if (vlan_id && (real_dev->features & NETIF_F_HW_VLAN_FILTER))
118 ops->ndo_vlan_rx_kill_vid(real_dev, vlan_id);
119
120 grp->nr_vlans--;
121
122 if (vlan->flags & VLAN_FLAG_GVRP)
123 vlan_gvrp_request_leave(dev);
124
125 vlan_group_set_device(grp, vlan_id, NULL);
126 /* Because unregister_netdevice_queue() makes sure at least one rcu
127 * grace period is respected before device freeing,
128 * we dont need to call synchronize_net() here.
129 */
130 unregister_netdevice_queue(dev, head);
131
132 /* If the group is now empty, kill off the group. */
133 if (grp->nr_vlans == 0) {
134 vlan_gvrp_uninit_applicant(real_dev);
135
136 RCU_INIT_POINTER(real_dev->vlgrp, NULL);
137
138 /* Free the group, after all cpu's are done. */
139 call_rcu(&grp->rcu, vlan_rcu_free);
140 }
141
142 /* Get rid of the vlan's reference to real_dev */
143 dev_put(real_dev);
144 }
145
146 int vlan_check_real_dev(struct net_device *real_dev, u16 vlan_id)
147 {
148 const char *name = real_dev->name;
149 const struct net_device_ops *ops = real_dev->netdev_ops;
150
151 if (real_dev->features & NETIF_F_VLAN_CHALLENGED) {
152 pr_info("VLANs not supported on %s\n", name);
153 return -EOPNOTSUPP;
154 }
155
156 if ((real_dev->features & NETIF_F_HW_VLAN_FILTER) &&
157 (!ops->ndo_vlan_rx_add_vid || !ops->ndo_vlan_rx_kill_vid)) {
158 pr_info("Device %s has buggy VLAN hw accel\n", name);
159 return -EOPNOTSUPP;
160 }
161
162 if (vlan_find_dev(real_dev, vlan_id) != NULL)
163 return -EEXIST;
164
165 return 0;
166 }
167
168 int register_vlan_dev(struct net_device *dev)
169 {
170 struct vlan_dev_info *vlan = vlan_dev_info(dev);
171 struct net_device *real_dev = vlan->real_dev;
172 const struct net_device_ops *ops = real_dev->netdev_ops;
173 u16 vlan_id = vlan->vlan_id;
174 struct vlan_group *grp, *ngrp = NULL;
175 int err;
176
177 grp = rtnl_dereference(real_dev->vlgrp);
178 if (!grp) {
179 ngrp = grp = vlan_group_alloc(real_dev);
180 if (!grp)
181 return -ENOBUFS;
182 err = vlan_gvrp_init_applicant(real_dev);
183 if (err < 0)
184 goto out_free_group;
185 }
186
187 err = vlan_group_prealloc_vid(grp, vlan_id);
188 if (err < 0)
189 goto out_uninit_applicant;
190
191 err = register_netdevice(dev);
192 if (err < 0)
193 goto out_uninit_applicant;
194
195 /* Account for reference in struct vlan_dev_info */
196 dev_hold(real_dev);
197
198 netif_stacked_transfer_operstate(real_dev, dev);
199 linkwatch_fire_event(dev); /* _MUST_ call rfc2863_policy() */
200
201 /* So, got the sucker initialized, now lets place
202 * it into our local structure.
203 */
204 vlan_group_set_device(grp, vlan_id, dev);
205 grp->nr_vlans++;
206
207 if (ngrp) {
208 rcu_assign_pointer(real_dev->vlgrp, ngrp);
209 }
210 if (real_dev->features & NETIF_F_HW_VLAN_FILTER)
211 ops->ndo_vlan_rx_add_vid(real_dev, vlan_id);
212
213 return 0;
214
215 out_uninit_applicant:
216 if (ngrp)
217 vlan_gvrp_uninit_applicant(real_dev);
218 out_free_group:
219 if (ngrp) {
220 /* Free the group, after all cpu's are done. */
221 call_rcu(&ngrp->rcu, vlan_rcu_free);
222 }
223 return err;
224 }
225
226 /* Attach a VLAN device to a mac address (ie Ethernet Card).
227 * Returns 0 if the device was created or a negative error code otherwise.
228 */
229 static int register_vlan_device(struct net_device *real_dev, u16 vlan_id)
230 {
231 struct net_device *new_dev;
232 struct net *net = dev_net(real_dev);
233 struct vlan_net *vn = net_generic(net, vlan_net_id);
234 char name[IFNAMSIZ];
235 int err;
236
237 if (vlan_id >= VLAN_VID_MASK)
238 return -ERANGE;
239
240 err = vlan_check_real_dev(real_dev, vlan_id);
241 if (err < 0)
242 return err;
243
244 /* Gotta set up the fields for the device. */
245 switch (vn->name_type) {
246 case VLAN_NAME_TYPE_RAW_PLUS_VID:
247 /* name will look like: eth1.0005 */
248 snprintf(name, IFNAMSIZ, "%s.%.4i", real_dev->name, vlan_id);
249 break;
250 case VLAN_NAME_TYPE_PLUS_VID_NO_PAD:
251 /* Put our vlan.VID in the name.
252 * Name will look like: vlan5
253 */
254 snprintf(name, IFNAMSIZ, "vlan%i", vlan_id);
255 break;
256 case VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD:
257 /* Put our vlan.VID in the name.
258 * Name will look like: eth0.5
259 */
260 snprintf(name, IFNAMSIZ, "%s.%i", real_dev->name, vlan_id);
261 break;
262 case VLAN_NAME_TYPE_PLUS_VID:
263 /* Put our vlan.VID in the name.
264 * Name will look like: vlan0005
265 */
266 default:
267 snprintf(name, IFNAMSIZ, "vlan%.4i", vlan_id);
268 }
269
270 new_dev = alloc_netdev(sizeof(struct vlan_dev_info), name, vlan_setup);
271
272 if (new_dev == NULL)
273 return -ENOBUFS;
274
275 dev_net_set(new_dev, net);
276 /* need 4 bytes for extra VLAN header info,
277 * hope the underlying device can handle it.
278 */
279 new_dev->mtu = real_dev->mtu;
280
281 vlan_dev_info(new_dev)->vlan_id = vlan_id;
282 vlan_dev_info(new_dev)->real_dev = real_dev;
283 vlan_dev_info(new_dev)->dent = NULL;
284 vlan_dev_info(new_dev)->flags = VLAN_FLAG_REORDER_HDR;
285
286 new_dev->rtnl_link_ops = &vlan_link_ops;
287 err = register_vlan_dev(new_dev);
288 if (err < 0)
289 goto out_free_newdev;
290
291 return 0;
292
293 out_free_newdev:
294 free_netdev(new_dev);
295 return err;
296 }
297
298 static void vlan_sync_address(struct net_device *dev,
299 struct net_device *vlandev)
300 {
301 struct vlan_dev_info *vlan = vlan_dev_info(vlandev);
302
303 /* May be called without an actual change */
304 if (!compare_ether_addr(vlan->real_dev_addr, dev->dev_addr))
305 return;
306
307 /* vlan address was different from the old address and is equal to
308 * the new address */
309 if (compare_ether_addr(vlandev->dev_addr, vlan->real_dev_addr) &&
310 !compare_ether_addr(vlandev->dev_addr, dev->dev_addr))
311 dev_uc_del(dev, vlandev->dev_addr);
312
313 /* vlan address was equal to the old address and is different from
314 * the new address */
315 if (!compare_ether_addr(vlandev->dev_addr, vlan->real_dev_addr) &&
316 compare_ether_addr(vlandev->dev_addr, dev->dev_addr))
317 dev_uc_add(dev, vlandev->dev_addr);
318
319 memcpy(vlan->real_dev_addr, dev->dev_addr, ETH_ALEN);
320 }
321
322 static void vlan_transfer_features(struct net_device *dev,
323 struct net_device *vlandev)
324 {
325 vlandev->gso_max_size = dev->gso_max_size;
326
327 if (dev->features & NETIF_F_HW_VLAN_TX)
328 vlandev->hard_header_len = dev->hard_header_len;
329 else
330 vlandev->hard_header_len = dev->hard_header_len + VLAN_HLEN;
331
332 #if defined(CONFIG_FCOE) || defined(CONFIG_FCOE_MODULE)
333 vlandev->fcoe_ddp_xid = dev->fcoe_ddp_xid;
334 #endif
335
336 netdev_update_features(vlandev);
337 }
338
339 static void __vlan_device_event(struct net_device *dev, unsigned long event)
340 {
341 switch (event) {
342 case NETDEV_CHANGENAME:
343 vlan_proc_rem_dev(dev);
344 if (vlan_proc_add_dev(dev) < 0)
345 pr_warn("failed to change proc name for %s\n",
346 dev->name);
347 break;
348 case NETDEV_REGISTER:
349 if (vlan_proc_add_dev(dev) < 0)
350 pr_warn("failed to add proc entry for %s\n", dev->name);
351 break;
352 case NETDEV_UNREGISTER:
353 vlan_proc_rem_dev(dev);
354 break;
355 }
356 }
357
358 static int vlan_device_event(struct notifier_block *unused, unsigned long event,
359 void *ptr)
360 {
361 struct net_device *dev = ptr;
362 struct vlan_group *grp;
363 int i, flgs;
364 struct net_device *vlandev;
365 struct vlan_dev_info *vlan;
366 LIST_HEAD(list);
367
368 if (is_vlan_dev(dev))
369 __vlan_device_event(dev, event);
370
371 if ((event == NETDEV_UP) &&
372 (dev->features & NETIF_F_HW_VLAN_FILTER) &&
373 dev->netdev_ops->ndo_vlan_rx_add_vid) {
374 pr_info("adding VLAN 0 to HW filter on device %s\n",
375 dev->name);
376 dev->netdev_ops->ndo_vlan_rx_add_vid(dev, 0);
377 }
378
379 grp = rtnl_dereference(dev->vlgrp);
380 if (!grp)
381 goto out;
382
383 /* It is OK that we do not hold the group lock right now,
384 * as we run under the RTNL lock.
385 */
386
387 switch (event) {
388 case NETDEV_CHANGE:
389 /* Propagate real device state to vlan devices */
390 for (i = 0; i < VLAN_N_VID; i++) {
391 vlandev = vlan_group_get_device(grp, i);
392 if (!vlandev)
393 continue;
394
395 netif_stacked_transfer_operstate(dev, vlandev);
396 }
397 break;
398
399 case NETDEV_CHANGEADDR:
400 /* Adjust unicast filters on underlying device */
401 for (i = 0; i < VLAN_N_VID; i++) {
402 vlandev = vlan_group_get_device(grp, i);
403 if (!vlandev)
404 continue;
405
406 flgs = vlandev->flags;
407 if (!(flgs & IFF_UP))
408 continue;
409
410 vlan_sync_address(dev, vlandev);
411 }
412 break;
413
414 case NETDEV_CHANGEMTU:
415 for (i = 0; i < VLAN_N_VID; i++) {
416 vlandev = vlan_group_get_device(grp, i);
417 if (!vlandev)
418 continue;
419
420 if (vlandev->mtu <= dev->mtu)
421 continue;
422
423 dev_set_mtu(vlandev, dev->mtu);
424 }
425 break;
426
427 case NETDEV_FEAT_CHANGE:
428 /* Propagate device features to underlying device */
429 for (i = 0; i < VLAN_N_VID; i++) {
430 vlandev = vlan_group_get_device(grp, i);
431 if (!vlandev)
432 continue;
433
434 vlan_transfer_features(dev, vlandev);
435 }
436
437 break;
438
439 case NETDEV_DOWN:
440 /* Put all VLANs for this dev in the down state too. */
441 for (i = 0; i < VLAN_N_VID; i++) {
442 vlandev = vlan_group_get_device(grp, i);
443 if (!vlandev)
444 continue;
445
446 flgs = vlandev->flags;
447 if (!(flgs & IFF_UP))
448 continue;
449
450 vlan = vlan_dev_info(vlandev);
451 if (!(vlan->flags & VLAN_FLAG_LOOSE_BINDING))
452 dev_change_flags(vlandev, flgs & ~IFF_UP);
453 netif_stacked_transfer_operstate(dev, vlandev);
454 }
455 break;
456
457 case NETDEV_UP:
458 /* Put all VLANs for this dev in the up state too. */
459 for (i = 0; i < VLAN_N_VID; i++) {
460 vlandev = vlan_group_get_device(grp, i);
461 if (!vlandev)
462 continue;
463
464 flgs = vlandev->flags;
465 if (flgs & IFF_UP)
466 continue;
467
468 vlan = vlan_dev_info(vlandev);
469 if (!(vlan->flags & VLAN_FLAG_LOOSE_BINDING))
470 dev_change_flags(vlandev, flgs | IFF_UP);
471 netif_stacked_transfer_operstate(dev, vlandev);
472 }
473 break;
474
475 case NETDEV_UNREGISTER:
476 /* twiddle thumbs on netns device moves */
477 if (dev->reg_state != NETREG_UNREGISTERING)
478 break;
479
480 for (i = 0; i < VLAN_N_VID; i++) {
481 vlandev = vlan_group_get_device(grp, i);
482 if (!vlandev)
483 continue;
484
485 /* unregistration of last vlan destroys group, abort
486 * afterwards */
487 if (grp->nr_vlans == 1)
488 i = VLAN_N_VID;
489
490 unregister_vlan_dev(vlandev, &list);
491 }
492 unregister_netdevice_many(&list);
493 break;
494
495 case NETDEV_PRE_TYPE_CHANGE:
496 /* Forbid underlaying device to change its type. */
497 return NOTIFY_BAD;
498
499 case NETDEV_NOTIFY_PEERS:
500 case NETDEV_BONDING_FAILOVER:
501 /* Propagate to vlan devices */
502 for (i = 0; i < VLAN_N_VID; i++) {
503 vlandev = vlan_group_get_device(grp, i);
504 if (!vlandev)
505 continue;
506
507 call_netdevice_notifiers(event, vlandev);
508 }
509 break;
510 }
511
512 out:
513 return NOTIFY_DONE;
514 }
515
516 static struct notifier_block vlan_notifier_block __read_mostly = {
517 .notifier_call = vlan_device_event,
518 };
519
520 /*
521 * VLAN IOCTL handler.
522 * o execute requested action or pass command to the device driver
523 * arg is really a struct vlan_ioctl_args __user *.
524 */
525 static int vlan_ioctl_handler(struct net *net, void __user *arg)
526 {
527 int err;
528 struct vlan_ioctl_args args;
529 struct net_device *dev = NULL;
530
531 if (copy_from_user(&args, arg, sizeof(struct vlan_ioctl_args)))
532 return -EFAULT;
533
534 /* Null terminate this sucker, just in case. */
535 args.device1[23] = 0;
536 args.u.device2[23] = 0;
537
538 rtnl_lock();
539
540 switch (args.cmd) {
541 case SET_VLAN_INGRESS_PRIORITY_CMD:
542 case SET_VLAN_EGRESS_PRIORITY_CMD:
543 case SET_VLAN_FLAG_CMD:
544 case ADD_VLAN_CMD:
545 case DEL_VLAN_CMD:
546 case GET_VLAN_REALDEV_NAME_CMD:
547 case GET_VLAN_VID_CMD:
548 err = -ENODEV;
549 dev = __dev_get_by_name(net, args.device1);
550 if (!dev)
551 goto out;
552
553 err = -EINVAL;
554 if (args.cmd != ADD_VLAN_CMD && !is_vlan_dev(dev))
555 goto out;
556 }
557
558 switch (args.cmd) {
559 case SET_VLAN_INGRESS_PRIORITY_CMD:
560 err = -EPERM;
561 if (!capable(CAP_NET_ADMIN))
562 break;
563 vlan_dev_set_ingress_priority(dev,
564 args.u.skb_priority,
565 args.vlan_qos);
566 err = 0;
567 break;
568
569 case SET_VLAN_EGRESS_PRIORITY_CMD:
570 err = -EPERM;
571 if (!capable(CAP_NET_ADMIN))
572 break;
573 err = vlan_dev_set_egress_priority(dev,
574 args.u.skb_priority,
575 args.vlan_qos);
576 break;
577
578 case SET_VLAN_FLAG_CMD:
579 err = -EPERM;
580 if (!capable(CAP_NET_ADMIN))
581 break;
582 err = vlan_dev_change_flags(dev,
583 args.vlan_qos ? args.u.flag : 0,
584 args.u.flag);
585 break;
586
587 case SET_VLAN_NAME_TYPE_CMD:
588 err = -EPERM;
589 if (!capable(CAP_NET_ADMIN))
590 break;
591 if ((args.u.name_type >= 0) &&
592 (args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) {
593 struct vlan_net *vn;
594
595 vn = net_generic(net, vlan_net_id);
596 vn->name_type = args.u.name_type;
597 err = 0;
598 } else {
599 err = -EINVAL;
600 }
601 break;
602
603 case ADD_VLAN_CMD:
604 err = -EPERM;
605 if (!capable(CAP_NET_ADMIN))
606 break;
607 err = register_vlan_device(dev, args.u.VID);
608 break;
609
610 case DEL_VLAN_CMD:
611 err = -EPERM;
612 if (!capable(CAP_NET_ADMIN))
613 break;
614 unregister_vlan_dev(dev, NULL);
615 err = 0;
616 break;
617
618 case GET_VLAN_REALDEV_NAME_CMD:
619 err = 0;
620 vlan_dev_get_realdev_name(dev, args.u.device2);
621 if (copy_to_user(arg, &args,
622 sizeof(struct vlan_ioctl_args)))
623 err = -EFAULT;
624 break;
625
626 case GET_VLAN_VID_CMD:
627 err = 0;
628 args.u.VID = vlan_dev_vlan_id(dev);
629 if (copy_to_user(arg, &args,
630 sizeof(struct vlan_ioctl_args)))
631 err = -EFAULT;
632 break;
633
634 default:
635 err = -EOPNOTSUPP;
636 break;
637 }
638 out:
639 rtnl_unlock();
640 return err;
641 }
642
643 static int __net_init vlan_init_net(struct net *net)
644 {
645 struct vlan_net *vn = net_generic(net, vlan_net_id);
646 int err;
647
648 vn->name_type = VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD;
649
650 err = vlan_proc_init(net);
651
652 return err;
653 }
654
655 static void __net_exit vlan_exit_net(struct net *net)
656 {
657 vlan_proc_cleanup(net);
658 }
659
660 static struct pernet_operations vlan_net_ops = {
661 .init = vlan_init_net,
662 .exit = vlan_exit_net,
663 .id = &vlan_net_id,
664 .size = sizeof(struct vlan_net),
665 };
666
667 static int __init vlan_proto_init(void)
668 {
669 int err;
670
671 pr_info("%s v%s\n", vlan_fullname, vlan_version);
672
673 err = register_pernet_subsys(&vlan_net_ops);
674 if (err < 0)
675 goto err0;
676
677 err = register_netdevice_notifier(&vlan_notifier_block);
678 if (err < 0)
679 goto err2;
680
681 err = vlan_gvrp_init();
682 if (err < 0)
683 goto err3;
684
685 err = vlan_netlink_init();
686 if (err < 0)
687 goto err4;
688
689 vlan_ioctl_set(vlan_ioctl_handler);
690 return 0;
691
692 err4:
693 vlan_gvrp_uninit();
694 err3:
695 unregister_netdevice_notifier(&vlan_notifier_block);
696 err2:
697 unregister_pernet_subsys(&vlan_net_ops);
698 err0:
699 return err;
700 }
701
702 static void __exit vlan_cleanup_module(void)
703 {
704 vlan_ioctl_set(NULL);
705 vlan_netlink_fini();
706
707 unregister_netdevice_notifier(&vlan_notifier_block);
708
709 unregister_pernet_subsys(&vlan_net_ops);
710 rcu_barrier(); /* Wait for completion of call_rcu()'s */
711
712 vlan_gvrp_uninit();
713 }
714
715 module_init(vlan_proto_init);
716 module_exit(vlan_cleanup_module);
717
718 MODULE_LICENSE("GPL");
719 MODULE_VERSION(DRV_VERSION);
ubuntu-bionic-kernel mirror