1 /*
2 * Copyright 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * sock_diag_test.cpp - unit tests for SockDiag.cpp
17 */
18
19 #include <sys/socket.h>
20 #include <netdb.h>
21 #include <arpa/inet.h>
22 #include <netinet/in.h>
23 #include <netinet/tcp.h>
24 #include <linux/inet_diag.h>
25
26 #include <gtest/gtest.h>
27
28 #include "Fwmark.h"
29 #include "NetdConstants.h"
30 #include "SockDiag.h"
31 #include "UidRanges.h"
32
33 class SockDiagTest : public ::testing::Test {
34 protected:
isLoopbackSocket(const inet_diag_msg * msg)35 static bool isLoopbackSocket(const inet_diag_msg *msg) {
36 return SockDiag::isLoopbackSocket(msg);
37 };
38 };
39
bindAndListen(int s)40 uint16_t bindAndListen(int s) {
41 for (int i = 0; i < 10; i++) {
42 uint16_t port = 1024 + arc4random_uniform(0xffff - 1024);
43 sockaddr_in6 sin6 = { .sin6_family = AF_INET6, .sin6_port = htons(port) };
44 if (bind(s, (sockaddr *) &sin6, sizeof(sin6)) == 0) {
45 listen(s, 1);
46 return port;
47 }
48 }
49 close(s);
50 return 0;
51 }
52
tcpStateName(uint8_t state)53 const char *tcpStateName(uint8_t state) {
54 static const char *states[] = {
55 "???",
56 "TCP_ESTABLISHED",
57 "TCP_SYN_SENT",
58 "TCP_SYN_RECV",
59 "TCP_FIN_WAIT1",
60 "TCP_FIN_WAIT2",
61 "TCP_TIME_WAIT",
62 "TCP_CLOSE",
63 "TCP_CLOSE_WAIT",
64 "TCP_LAST_ACK",
65 "TCP_LISTEN",
66 "TCP_CLOSING",
67 "TCP_NEW_SYN_RECV",
68 };
69 return states[(state < ARRAY_SIZE(states)) ? state : 0];
70 }
71
TEST_F(SockDiagTest,TestDump)72 TEST_F(SockDiagTest, TestDump) {
73 int v4socket = socket(AF_INET, SOCK_STREAM, 0);
74 ASSERT_NE(-1, v4socket) << "Failed to open IPv4 socket: " << strerror(errno);
75 int v6socket = socket(AF_INET6, SOCK_STREAM, 0);
76 ASSERT_NE(-1, v6socket) << "Failed to open IPv6 socket: " << strerror(errno);
77 int listensocket = socket(AF_INET6, SOCK_STREAM, 0);
78 ASSERT_NE(-1, listensocket) << "Failed to open listen socket: " << strerror(errno);
79
80 uint16_t port = bindAndListen(listensocket);
81 ASSERT_NE(0, port) << "Can't bind to server port";
82
83 // Connect to loopback.
84 sockaddr_in server4 = { .sin_family = AF_INET, .sin_port = htons(port) };
85 sockaddr_in6 server6 = { .sin6_family = AF_INET6, .sin6_port = htons(port) };
86 ASSERT_EQ(0, connect(v4socket, (sockaddr *) &server4, sizeof(server4)))
87 << "IPv4 connect failed: " << strerror(errno);
88 ASSERT_EQ(0, connect(v6socket, (sockaddr *) &server6, sizeof(server6)))
89 << "IPv6 connect failed: " << strerror(errno);
90
91 sockaddr_in6 client46, client6;
92 socklen_t clientlen = std::max(sizeof(client46), sizeof(client6));
93 int accepted4 = accept(listensocket, (sockaddr *) &client46, &clientlen);
94 int accepted6 = accept(listensocket, (sockaddr *) &client6, &clientlen);
95 ASSERT_NE(-1, accepted4);
96 ASSERT_NE(-1, accepted6);
97
98 int v4SocketsSeen = 0;
99 bool seenclient46 = false;
100 bool seenNull = false;
101 char src[INET6_ADDRSTRLEN], dst[INET6_ADDRSTRLEN];
102
103 fprintf(stderr, "Ports:\n server=%d. client46=%d, client6=%d\n",
104 port, ntohs(client46.sin6_port), ntohs(client6.sin6_port));
105
106 auto checkIPv4Dump = [&] (uint8_t /* proto */, const inet_diag_msg *msg) {
107 if (msg == nullptr) {
108 EXPECT_FALSE(seenNull);
109 seenNull = true;
110 return false;
111 }
112 EXPECT_EQ(htonl(INADDR_LOOPBACK), msg->id.idiag_src[0]);
113 v4SocketsSeen++;
114 seenclient46 |= (msg->id.idiag_sport == client46.sin6_port);
115 inet_ntop(AF_INET, msg->id.idiag_src, src, sizeof(src));
116 inet_ntop(AF_INET, msg->id.idiag_src, dst, sizeof(dst));
117 fprintf(stderr, " v4 %s:%d -> %s:%d %s\n",
118 src, htons(msg->id.idiag_sport),
119 dst, htons(msg->id.idiag_dport),
120 tcpStateName(msg->idiag_state));
121 if (msg->idiag_state == TCP_ESTABLISHED) {
122 EXPECT_TRUE(isLoopbackSocket(msg));
123 }
124 return false;
125 };
126
127 int v6SocketsSeen = 0;
128 bool seenClient6 = false, seenServer46 = false, seenServer6 = false;
129
130 auto checkIPv6Dump = [&] (uint8_t /* proto */, const inet_diag_msg *msg) {
131 if (msg == nullptr) {
132 EXPECT_FALSE(seenNull);
133 seenNull = true;
134 return false;
135 }
136 struct in6_addr *saddr = (struct in6_addr *) msg->id.idiag_src;
137 EXPECT_TRUE(
138 IN6_IS_ADDR_LOOPBACK(saddr) ||
139 (IN6_IS_ADDR_V4MAPPED(saddr) && saddr->s6_addr32[3] == htonl(INADDR_LOOPBACK)));
140 v6SocketsSeen++;
141 seenClient6 |= (msg->id.idiag_sport == client6.sin6_port);
142 seenServer46 |= (msg->id.idiag_sport == htons(port));
143 seenServer6 |= (msg->id.idiag_sport == htons(port));
144 inet_ntop(AF_INET6, msg->id.idiag_src, src, sizeof(src));
145 inet_ntop(AF_INET6, msg->id.idiag_src, dst, sizeof(dst));
146 fprintf(stderr, " v6 [%s]:%d -> [%s]:%d %s\n",
147 src, htons(msg->id.idiag_sport),
148 dst, htons(msg->id.idiag_dport),
149 tcpStateName(msg->idiag_state));
150 if (msg->idiag_state == TCP_ESTABLISHED) {
151 EXPECT_TRUE(isLoopbackSocket(msg));
152 }
153 return false;
154 };
155
156 SockDiag sd;
157 ASSERT_TRUE(sd.open()) << "Failed to open SOCK_DIAG socket";
158
159 seenNull = false;
160 int ret = sd.sendDumpRequest(IPPROTO_TCP, AF_INET, "127.0.0.1");
161 ASSERT_EQ(0, ret) << "Failed to send IPv4 dump request: " << strerror(-ret);
162 fprintf(stderr, "Sent IPv4 dump\n");
163 sd.readDiagMsg(IPPROTO_TCP, checkIPv4Dump);
164 EXPECT_GE(v4SocketsSeen, 1);
165 EXPECT_TRUE(seenclient46);
166 EXPECT_FALSE(seenServer46);
167
168 seenNull = false;
169 ret = sd.sendDumpRequest(IPPROTO_TCP, AF_INET6, "127.0.0.1");
170 ASSERT_EQ(0, ret) << "Failed to send mapped dump request: " << strerror(-ret);
171 fprintf(stderr, "Sent mapped dump\n");
172 sd.readDiagMsg(IPPROTO_TCP, checkIPv6Dump);
173 EXPECT_TRUE(seenServer46);
174
175 seenNull = false;
176 ret = sd.sendDumpRequest(IPPROTO_TCP, AF_INET6, "::1");
177 ASSERT_EQ(0, ret) << "Failed to send IPv6 dump request: " << strerror(-ret);
178 fprintf(stderr, "Sent IPv6 dump\n");
179
180 sd.readDiagMsg(IPPROTO_TCP, checkIPv6Dump);
181 EXPECT_GE(v6SocketsSeen, 1);
182 EXPECT_TRUE(seenClient6);
183 EXPECT_TRUE(seenServer6);
184
185 close(v4socket);
186 close(v6socket);
187 close(listensocket);
188 close(accepted4);
189 close(accepted6);
190 }
191
fillDiagAddr(__be32 addr[4],const sockaddr * sa)192 bool fillDiagAddr(__be32 addr[4], const sockaddr *sa) {
193 switch (sa->sa_family) {
194 case AF_INET: {
195 sockaddr_in *sin = (sockaddr_in *) sa;
196 memcpy(addr, &sin->sin_addr, sizeof(sin->sin_addr));
197 return true;
198 }
199 case AF_INET6: {
200 sockaddr_in6 *sin6 = (sockaddr_in6 *) sa;
201 memcpy(addr, &sin6->sin6_addr, sizeof(sin6->sin6_addr));
202 return true;
203 }
204 default:
205 return false;
206 }
207 }
208
makeDiagMessage(__u8 family,const sockaddr * src,const sockaddr * dst)209 inet_diag_msg makeDiagMessage(__u8 family, const sockaddr *src, const sockaddr *dst) {
210 inet_diag_msg msg = {
211 .idiag_family = family,
212 .idiag_state = TCP_ESTABLISHED,
213 .idiag_uid = AID_APP + 123,
214 .idiag_inode = 123456789,
215 .id = {
216 .idiag_sport = 1234,
217 .idiag_dport = 4321,
218 }
219 };
220 EXPECT_TRUE(fillDiagAddr(msg.id.idiag_src, src));
221 EXPECT_TRUE(fillDiagAddr(msg.id.idiag_dst, dst));
222 return msg;
223 }
224
makeDiagMessage(const char * srcstr,const char * dststr)225 inet_diag_msg makeDiagMessage(const char* srcstr, const char* dststr) {
226 addrinfo hints = { .ai_flags = AI_NUMERICHOST }, *src, *dst;
227 EXPECT_EQ(0, getaddrinfo(srcstr, NULL, &hints, &src));
228 EXPECT_EQ(0, getaddrinfo(dststr, NULL, &hints, &dst));
229 EXPECT_EQ(src->ai_addr->sa_family, dst->ai_addr->sa_family);
230 inet_diag_msg msg = makeDiagMessage(src->ai_addr->sa_family, src->ai_addr, dst->ai_addr);
231 freeaddrinfo(src);
232 freeaddrinfo(dst);
233 return msg;
234 }
235
TEST_F(SockDiagTest,TestIsLoopbackSocket)236 TEST_F(SockDiagTest, TestIsLoopbackSocket) {
237 inet_diag_msg msg;
238
239 msg = makeDiagMessage("127.0.0.1", "127.0.0.1");
240 EXPECT_TRUE(isLoopbackSocket(&msg));
241
242 msg = makeDiagMessage("::1", "::1");
243 EXPECT_TRUE(isLoopbackSocket(&msg));
244
245 msg = makeDiagMessage("::1", "::ffff:127.0.0.1");
246 EXPECT_TRUE(isLoopbackSocket(&msg));
247
248 msg = makeDiagMessage("192.0.2.1", "192.0.2.1");
249 EXPECT_TRUE(isLoopbackSocket(&msg));
250
251 msg = makeDiagMessage("192.0.2.1", "8.8.8.8");
252 EXPECT_FALSE(isLoopbackSocket(&msg));
253
254 msg = makeDiagMessage("192.0.2.1", "127.0.0.1");
255 EXPECT_TRUE(isLoopbackSocket(&msg));
256
257 msg = makeDiagMessage("2001:db8::1", "2001:db8::1");
258 EXPECT_TRUE(isLoopbackSocket(&msg));
259
260 msg = makeDiagMessage("2001:db8::1", "2001:4860:4860::6464");
261 EXPECT_FALSE(isLoopbackSocket(&msg));
262
263 // While isLoopbackSocket returns true on these sockets, we usually don't want to close them
264 // because they aren't specific to any particular network and thus don't become unusable when
265 // an app's routing changes or its network access is removed.
266 //
267 // This isn't a problem, as anything that calls destroyLiveSockets will skip them because
268 // destroyLiveSockets only enumerates ESTABLISHED, SYN_SENT, and SYN_RECV sockets.
269 msg = makeDiagMessage("127.0.0.1", "0.0.0.0");
270 EXPECT_TRUE(isLoopbackSocket(&msg));
271
272 msg = makeDiagMessage("::1", "::");
273 EXPECT_TRUE(isLoopbackSocket(&msg));
274 }
275
276 enum MicroBenchmarkTestType {
277 ADDRESS,
278 UID,
279 UID_EXCLUDE_LOOPBACK,
280 UIDRANGE,
281 UIDRANGE_EXCLUDE_LOOPBACK,
282 PERMISSION,
283 };
284
testTypeName(MicroBenchmarkTestType mode)285 const char *testTypeName(MicroBenchmarkTestType mode) {
286 #define TO_STRING_TYPE(x) case ((x)): return #x;
287 switch((mode)) {
288 TO_STRING_TYPE(ADDRESS);
289 TO_STRING_TYPE(UID);
290 TO_STRING_TYPE(UID_EXCLUDE_LOOPBACK);
291 TO_STRING_TYPE(UIDRANGE);
292 TO_STRING_TYPE(UIDRANGE_EXCLUDE_LOOPBACK);
293 TO_STRING_TYPE(PERMISSION);
294 }
295 #undef TO_STRING_TYPE
296 }
297
298 static struct {
299 unsigned netId;
300 bool explicitlySelected;
301 Permission permission;
302 } permissionTestcases[] = {
303 { 42, false, PERMISSION_NONE, },
304 { 42, false, PERMISSION_NETWORK, },
305 { 42, false, PERMISSION_SYSTEM, },
306 { 42, true, PERMISSION_NONE, },
307 { 42, true, PERMISSION_NETWORK, },
308 { 42, true, PERMISSION_SYSTEM, },
309 { 43, false, PERMISSION_NONE, },
310 { 43, false, PERMISSION_NETWORK, },
311 { 43, false, PERMISSION_SYSTEM, },
312 { 43, true, PERMISSION_NONE, },
313 { 43, true, PERMISSION_NETWORK, },
314 { 43, true, PERMISSION_SYSTEM, },
315 };
316
317 class SockDiagMicroBenchmarkTest : public ::testing::TestWithParam<MicroBenchmarkTestType> {
318
319 public:
SetUp()320 void SetUp() {
321 ASSERT_TRUE(mSd.open()) << "Failed to open SOCK_DIAG socket";
322 }
323
324 protected:
325 SockDiag mSd;
326
327 constexpr static int MAX_SOCKETS = 500;
328 constexpr static int ADDRESS_SOCKETS = 500;
329 constexpr static int UID_SOCKETS = 50;
330 constexpr static int PERMISSION_SOCKETS = 16;
331
332 constexpr static uid_t START_UID = 8000; // START_UID + number of sockets must be <= 9999.
333 constexpr static int CLOSE_UID = START_UID + UID_SOCKETS - 42; // Close to the end
334 static_assert(START_UID + MAX_SOCKETS < 9999, "Too many sockets");
335
336 constexpr static int TEST_NETID = 42; // One of the OEM netIds.
337
338
howManySockets()339 int howManySockets() {
340 MicroBenchmarkTestType mode = GetParam();
341 switch (mode) {
342 case ADDRESS:
343 return ADDRESS_SOCKETS;
344 case UID:
345 case UID_EXCLUDE_LOOPBACK:
346 case UIDRANGE:
347 case UIDRANGE_EXCLUDE_LOOPBACK:
348 return UID_SOCKETS;
349 case PERMISSION:
350 return ARRAY_SIZE(permissionTestcases);
351 }
352 }
353
modifySocketForTest(int s,int i)354 int modifySocketForTest(int s, int i) {
355 MicroBenchmarkTestType mode = GetParam();
356 switch (mode) {
357 case UID:
358 case UID_EXCLUDE_LOOPBACK:
359 case UIDRANGE:
360 case UIDRANGE_EXCLUDE_LOOPBACK: {
361 uid_t uid = START_UID + i;
362 return fchown(s, uid, -1);
363 }
364 case PERMISSION: {
365 Fwmark fwmark;
366 fwmark.netId = permissionTestcases[i].netId;
367 fwmark.explicitlySelected = permissionTestcases[i].explicitlySelected;
368 fwmark.permission = permissionTestcases[i].permission;
369 return setsockopt(s, SOL_SOCKET, SO_MARK, &fwmark.intValue, sizeof(fwmark.intValue));
370 }
371 default:
372 return 0;
373 }
374 }
375
destroySockets()376 int destroySockets() {
377 MicroBenchmarkTestType mode = GetParam();
378 int ret;
379 switch (mode) {
380 case ADDRESS:
381 ret = mSd.destroySockets("::1");
382 EXPECT_LE(0, ret) << ": Failed to destroy sockets on ::1: " << strerror(-ret);
383 break;
384 case UID:
385 case UID_EXCLUDE_LOOPBACK: {
386 bool excludeLoopback = (mode == UID_EXCLUDE_LOOPBACK);
387 ret = mSd.destroySockets(IPPROTO_TCP, CLOSE_UID, excludeLoopback);
388 EXPECT_LE(0, ret) << ": Failed to destroy sockets for UID " << CLOSE_UID << ": " <<
389 strerror(-ret);
390 break;
391 }
392 case UIDRANGE:
393 case UIDRANGE_EXCLUDE_LOOPBACK: {
394 bool excludeLoopback = (mode == UIDRANGE_EXCLUDE_LOOPBACK);
395 const char *uidRangeStrings[] = { "8005-8012", "8042", "8043", "8090-8099" };
396 std::set<uid_t> skipUids { 8007, 8043, 8098, 8099 };
397 UidRanges uidRanges;
398 uidRanges.parseFrom(ARRAY_SIZE(uidRangeStrings), (char **) uidRangeStrings);
399 ret = mSd.destroySockets(uidRanges, skipUids, excludeLoopback);
400 break;
401 }
402 case PERMISSION: {
403 ret = mSd.destroySocketsLackingPermission(TEST_NETID, PERMISSION_NETWORK, false);
404 break;
405 }
406 }
407 return ret;
408 }
409
shouldHaveClosedSocket(int i)410 bool shouldHaveClosedSocket(int i) {
411 MicroBenchmarkTestType mode = GetParam();
412 switch (mode) {
413 case ADDRESS:
414 return true;
415 case UID:
416 return i == CLOSE_UID - START_UID;
417 case UIDRANGE: {
418 uid_t uid = i + START_UID;
419 // Skip UIDs in skipUids.
420 if (uid == 8007 || uid == 8043 || uid == 8098 || uid == 8099) {
421 return false;
422 }
423 // Include UIDs in uidRanges.
424 if ((8005 <= uid && uid <= 8012) || uid == 8042 || (8090 <= uid && uid <= 8099)) {
425 return true;
426 }
427 return false;
428 }
429 case UID_EXCLUDE_LOOPBACK:
430 case UIDRANGE_EXCLUDE_LOOPBACK:
431 return false;
432 case PERMISSION:
433 if (permissionTestcases[i].netId != 42) return false;
434 if (permissionTestcases[i].explicitlySelected != 1) return true;
435 Permission permission = permissionTestcases[i].permission;
436 return permission != PERMISSION_NETWORK && permission != PERMISSION_SYSTEM;
437 }
438 }
439
checkSocketState(int i,int sock,const char * msg)440 bool checkSocketState(int i, int sock, const char *msg) {
441 const char data[] = "foo";
442 const int ret = send(sock, data, sizeof(data), 0);
443 const int err = errno;
444 if (!shouldHaveClosedSocket(i)) {
445 EXPECT_EQ((ssize_t) sizeof(data), ret) <<
446 "Write on open socket failed: " << strerror(err);
447 return false;
448 }
449
450 EXPECT_EQ(-1, ret) << msg << " " << i << " not closed";
451 if (ret != -1) {
452 return false;
453 }
454
455 // Since we're connected to ourselves, the error might be ECONNABORTED (if we destroyed the
456 // socket) or ECONNRESET (if the other end was destroyed and sent a RST).
457 EXPECT_TRUE(err == ECONNABORTED || err == ECONNRESET)
458 << msg << ": unexpected error: " << strerror(err);
459 return (err == ECONNABORTED); // Return true iff. SOCK_DESTROY closed this socket.
460 }
461 };
462
TEST_P(SockDiagMicroBenchmarkTest,TestMicroBenchmark)463 TEST_P(SockDiagMicroBenchmarkTest, TestMicroBenchmark) {
464 MicroBenchmarkTestType mode = GetParam();
465
466 int numSockets = howManySockets();
467
468 fprintf(stderr, "Benchmarking closing %d sockets based on %s\n",
469 numSockets, testTypeName(mode));
470
471 int listensocket = socket(AF_INET6, SOCK_STREAM, 0);
472 ASSERT_NE(-1, listensocket) << "Failed to open listen socket";
473
474 uint16_t port = bindAndListen(listensocket);
475 ASSERT_NE(0, port) << "Can't bind to server port";
476 sockaddr_in6 server = { .sin6_family = AF_INET6, .sin6_port = htons(port) };
477
478 using ms = std::chrono::duration<float, std::ratio<1, 1000>>;
479
480 int clientsockets[MAX_SOCKETS], serversockets[MAX_SOCKETS];
481 uint16_t clientports[MAX_SOCKETS];
482 sockaddr_in6 client;
483 socklen_t clientlen;
484
485 auto start = std::chrono::steady_clock::now();
486 for (int i = 0; i < numSockets; i++) {
487 int s = socket(AF_INET6, SOCK_STREAM, 0);
488 clientlen = sizeof(client);
489 ASSERT_EQ(0, connect(s, (sockaddr *) &server, sizeof(server)))
490 << "Connecting socket " << i << " failed " << strerror(errno);
491 ASSERT_EQ(0, modifySocketForTest(s, i));
492 serversockets[i] = accept(listensocket, (sockaddr *) &client, &clientlen);
493 ASSERT_NE(-1, serversockets[i])
494 << "Accepting socket " << i << " failed " << strerror(errno);
495 clientports[i] = client.sin6_port;
496 clientsockets[i] = s;
497 }
498 fprintf(stderr, " Connecting: %6.1f ms\n",
499 std::chrono::duration_cast<ms>(std::chrono::steady_clock::now() - start).count());
500
501 start = std::chrono::steady_clock::now();
502 destroySockets();
503 fprintf(stderr, " Destroying: %6.1f ms\n",
504 std::chrono::duration_cast<ms>(std::chrono::steady_clock::now() - start).count());
505
506 start = std::chrono::steady_clock::now();
507 int socketsClosed = 0;
508 for (int i = 0; i < numSockets; i++) {
509 socketsClosed += checkSocketState(i, clientsockets[i], "Client socket");
510 socketsClosed += checkSocketState(i, serversockets[i], "Server socket");
511 }
512 fprintf(stderr, " Verifying: %6.1f ms (%d sockets destroyed)\n",
513 std::chrono::duration_cast<ms>(std::chrono::steady_clock::now() - start).count(),
514 socketsClosed);
515 if (strstr(testTypeName(mode), "_EXCLUDE_LOOPBACK") == nullptr) {
516 EXPECT_GT(socketsClosed, 0); // Just in case there's a bug in the test.
517 }
518
519 start = std::chrono::steady_clock::now();
520 for (int i = 0; i < numSockets; i++) {
521 close(clientsockets[i]);
522 close(serversockets[i]);
523 }
524 fprintf(stderr, " Closing: %6.1f ms\n",
525 std::chrono::duration_cast<ms>(std::chrono::steady_clock::now() - start).count());
526
527 close(listensocket);
528 }
529
530 // "SockDiagTest.cpp:232: error: undefined reference to 'SockDiagMicroBenchmarkTest::CLOSE_UID'".
531 constexpr int SockDiagMicroBenchmarkTest::CLOSE_UID;
532
533 INSTANTIATE_TEST_CASE_P(Address, SockDiagMicroBenchmarkTest,
534 testing::Values(ADDRESS, UID, UIDRANGE,
535 UID_EXCLUDE_LOOPBACK, UIDRANGE_EXCLUDE_LOOPBACK,
536 PERMISSION));
537