Netdev List
 help / color / mirror / Atom feed
* [PATCH 8/8] netfilter: conntrack: Remove nf_ct_conntrack_flush_report
From: Pablo Neira Ayuso @ 2015-01-14 20:34 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <1421267689-24894-1-git-send-email-pablo@netfilter.org>

From: Kristian Evensen <kristian.evensen@gmail.com>

The only user of nf_ct_conntrack_flush_report() was ctnetlink_del_conntrack().
After adding support for flushing connections with a given mark, this function
is no longer called.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/net/netfilter/nf_conntrack.h |    2 --
 net/netfilter/nf_conntrack_core.c    |    6 ------
 2 files changed, 8 deletions(-)

diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index f0daed2..74f271a 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -191,8 +191,6 @@ __nf_conntrack_find(struct net *net, u16 zone,
 int nf_conntrack_hash_check_insert(struct nf_conn *ct);
 bool nf_ct_delete(struct nf_conn *ct, u32 pid, int report);
 
-void nf_conntrack_flush_report(struct net *net, u32 portid, int report);
-
 bool nf_ct_get_tuplepr(const struct sk_buff *skb, unsigned int nhoff,
 		       u_int16_t l3num, struct nf_conntrack_tuple *tuple);
 bool nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index da58cd4..5a6990b 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1426,12 +1426,6 @@ void nf_ct_free_hashtable(void *hash, unsigned int size)
 }
 EXPORT_SYMBOL_GPL(nf_ct_free_hashtable);
 
-void nf_conntrack_flush_report(struct net *net, u32 portid, int report)
-{
-	nf_ct_iterate_cleanup(net, kill_all, NULL, portid, report);
-}
-EXPORT_SYMBOL_GPL(nf_conntrack_flush_report);
-
 static int untrack_refs(void)
 {
 	int cnt = 0, cpu;
-- 
1.7.10.4

^ permalink raw reply related

* [PATCH 1/8] netfilter: conntrack: adjust nf_conntrack_buckets default value
From: Pablo Neira Ayuso @ 2015-01-14 20:34 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <1421267689-24894-1-git-send-email-pablo@netfilter.org>

From: Marcelo Leitner <mleitner@redhat.com>

Manually bumping either nf_conntrack_buckets or nf_conntrack_max has
become a common task as our Linux servers tend to serve more and more
clients/applications, so let's adjust nf_conntrack_buckets this to a
more updated value.

Now for systems with more than 4GB of memory, nf_conntrack_buckets
becomes 65536 instead of 16384, resulting in nf_conntrack_max=256k
entries.

Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 Documentation/networking/nf_conntrack-sysctl.txt |    3 ++-
 net/netfilter/nf_conntrack_core.c                |   11 ++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Documentation/networking/nf_conntrack-sysctl.txt b/Documentation/networking/nf_conntrack-sysctl.txt
index 70da508..f55599c 100644
--- a/Documentation/networking/nf_conntrack-sysctl.txt
+++ b/Documentation/networking/nf_conntrack-sysctl.txt
@@ -11,7 +11,8 @@ nf_conntrack_buckets - INTEGER (read-only)
 	Size of hash table. If not specified as parameter during module
 	loading, the default size is calculated by dividing total memory
 	by 16384 to determine the number of buckets but the hash table will
-	never have fewer than 32 or more than 16384 buckets.
+	never have fewer than 32 and limited to 16384 buckets. For systems
+	with more than 4GB of memory it will be 65536 buckets.
 
 nf_conntrack_checksum - BOOLEAN
 	0 - disabled
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index a116748..da58cd4 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1624,13 +1624,18 @@ int nf_conntrack_init_start(void)
 	for (i = 0; i < CONNTRACK_LOCKS; i++)
 		spin_lock_init(&nf_conntrack_locks[i]);
 
-	/* Idea from tcp.c: use 1/16384 of memory.  On i386: 32MB
-	 * machine has 512 buckets. >= 1GB machines have 16384 buckets. */
 	if (!nf_conntrack_htable_size) {
+		/* Idea from tcp.c: use 1/16384 of memory.
+		 * On i386: 32MB machine has 512 buckets.
+		 * >= 1GB machines have 16384 buckets.
+		 * >= 4GB machines have 65536 buckets.
+		 */
 		nf_conntrack_htable_size
 			= (((totalram_pages << PAGE_SHIFT) / 16384)
 			   / sizeof(struct hlist_head));
-		if (totalram_pages > (1024 * 1024 * 1024 / PAGE_SIZE))
+		if (totalram_pages > (4 * (1024 * 1024 * 1024 / PAGE_SIZE)))
+			nf_conntrack_htable_size = 65536;
+		else if (totalram_pages > (1024 * 1024 * 1024 / PAGE_SIZE))
 			nf_conntrack_htable_size = 16384;
 		if (nf_conntrack_htable_size < 32)
 			nf_conntrack_htable_size = 32;
-- 
1.7.10.4


^ permalink raw reply related

* [PATCH 2/8] netfilter: xt_osf: Use continue to reduce indentation
From: Pablo Neira Ayuso @ 2015-01-14 20:34 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <1421267689-24894-1-git-send-email-pablo@netfilter.org>

From: Joe Perches <joe@perches.com>

Invert logic in test to use continue.

This routine already uses continue, use it a bit more to
minimize > 80 column long lines and unnecessary indentation.

No change in compiled object file.

Other miscellanea:

o Remove trailing whitespace
o Realign arguments to multiline statement

Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/xt_osf.c |  169 ++++++++++++++++++++++++------------------------
 1 file changed, 85 insertions(+), 84 deletions(-)

diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c
index c529161..0778855 100644
--- a/net/netfilter/xt_osf.c
+++ b/net/netfilter/xt_osf.c
@@ -225,6 +225,8 @@ xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p)
 
 	rcu_read_lock();
 	list_for_each_entry_rcu(kf, &xt_osf_fingers[df], finger_entry) {
+		int foptsize, optnum;
+
 		f = &kf->finger;
 
 		if (!(info->flags & XT_OSF_LOG) && strcmp(info->genre, f->genre))
@@ -233,110 +235,109 @@ xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p)
 		optp = _optp;
 		fmatch = FMATCH_WRONG;
 
-		if (totlen == f->ss && xt_osf_ttl(skb, info, f->ttl)) {
-			int foptsize, optnum;
+		if (totlen != f->ss || !xt_osf_ttl(skb, info, f->ttl))
+			continue;
 
-			/*
-			 * Should not happen if userspace parser was written correctly.
-			 */
-			if (f->wss.wc >= OSF_WSS_MAX)
-				continue;
+		/*
+		 * Should not happen if userspace parser was written correctly.
+		 */
+		if (f->wss.wc >= OSF_WSS_MAX)
+			continue;
 
-			/* Check options */
+		/* Check options */
 
-			foptsize = 0;
-			for (optnum = 0; optnum < f->opt_num; ++optnum)
-				foptsize += f->opt[optnum].length;
+		foptsize = 0;
+		for (optnum = 0; optnum < f->opt_num; ++optnum)
+			foptsize += f->opt[optnum].length;
 
-			if (foptsize > MAX_IPOPTLEN ||
-				optsize > MAX_IPOPTLEN ||
-				optsize != foptsize)
-				continue;
+		if (foptsize > MAX_IPOPTLEN ||
+		    optsize > MAX_IPOPTLEN ||
+		    optsize != foptsize)
+			continue;
 
-			check_WSS = f->wss.wc;
+		check_WSS = f->wss.wc;
 
-			for (optnum = 0; optnum < f->opt_num; ++optnum) {
-				if (f->opt[optnum].kind == (*optp)) {
-					__u32 len = f->opt[optnum].length;
-					const __u8 *optend = optp + len;
-					int loop_cont = 0;
+		for (optnum = 0; optnum < f->opt_num; ++optnum) {
+			if (f->opt[optnum].kind == (*optp)) {
+				__u32 len = f->opt[optnum].length;
+				const __u8 *optend = optp + len;
+				int loop_cont = 0;
 
-					fmatch = FMATCH_OK;
+				fmatch = FMATCH_OK;
 
-					switch (*optp) {
-					case OSFOPT_MSS:
-						mss = optp[3];
-						mss <<= 8;
-						mss |= optp[2];
+				switch (*optp) {
+				case OSFOPT_MSS:
+					mss = optp[3];
+					mss <<= 8;
+					mss |= optp[2];
 
-						mss = ntohs((__force __be16)mss);
-						break;
-					case OSFOPT_TS:
-						loop_cont = 1;
-						break;
-					}
+					mss = ntohs((__force __be16)mss);
+					break;
+				case OSFOPT_TS:
+					loop_cont = 1;
+					break;
+				}
 
-					optp = optend;
-				} else
-					fmatch = FMATCH_OPT_WRONG;
+				optp = optend;
+			} else
+				fmatch = FMATCH_OPT_WRONG;
 
-				if (fmatch != FMATCH_OK)
-					break;
-			}
+			if (fmatch != FMATCH_OK)
+				break;
+		}
 
-			if (fmatch != FMATCH_OPT_WRONG) {
-				fmatch = FMATCH_WRONG;
+		if (fmatch != FMATCH_OPT_WRONG) {
+			fmatch = FMATCH_WRONG;
 
-				switch (check_WSS) {
-				case OSF_WSS_PLAIN:
-					if (f->wss.val == 0 || window == f->wss.val)
-						fmatch = FMATCH_OK;
-					break;
-				case OSF_WSS_MSS:
-					/*
-					 * Some smart modems decrease mangle MSS to 
-					 * SMART_MSS_2, so we check standard, decreased
-					 * and the one provided in the fingerprint MSS
-					 * values.
-					 */
+			switch (check_WSS) {
+			case OSF_WSS_PLAIN:
+				if (f->wss.val == 0 || window == f->wss.val)
+					fmatch = FMATCH_OK;
+				break;
+			case OSF_WSS_MSS:
+				/*
+				 * Some smart modems decrease mangle MSS to
+				 * SMART_MSS_2, so we check standard, decreased
+				 * and the one provided in the fingerprint MSS
+				 * values.
+				 */
 #define SMART_MSS_1	1460
 #define SMART_MSS_2	1448
-					if (window == f->wss.val * mss ||
-					    window == f->wss.val * SMART_MSS_1 ||
-					    window == f->wss.val * SMART_MSS_2)
-						fmatch = FMATCH_OK;
-					break;
-				case OSF_WSS_MTU:
-					if (window == f->wss.val * (mss + 40) ||
-					    window == f->wss.val * (SMART_MSS_1 + 40) ||
-					    window == f->wss.val * (SMART_MSS_2 + 40))
-						fmatch = FMATCH_OK;
-					break;
-				case OSF_WSS_MODULO:
-					if ((window % f->wss.val) == 0)
-						fmatch = FMATCH_OK;
-					break;
-				}
+				if (window == f->wss.val * mss ||
+				    window == f->wss.val * SMART_MSS_1 ||
+				    window == f->wss.val * SMART_MSS_2)
+					fmatch = FMATCH_OK;
+				break;
+			case OSF_WSS_MTU:
+				if (window == f->wss.val * (mss + 40) ||
+				    window == f->wss.val * (SMART_MSS_1 + 40) ||
+				    window == f->wss.val * (SMART_MSS_2 + 40))
+					fmatch = FMATCH_OK;
+				break;
+			case OSF_WSS_MODULO:
+				if ((window % f->wss.val) == 0)
+					fmatch = FMATCH_OK;
+				break;
 			}
+		}
 
-			if (fmatch != FMATCH_OK)
-				continue;
+		if (fmatch != FMATCH_OK)
+			continue;
 
-			fcount++;
+		fcount++;
 
-			if (info->flags & XT_OSF_LOG)
-				nf_log_packet(net, p->family, p->hooknum, skb,
-					p->in, p->out, NULL,
-					"%s [%s:%s] : %pI4:%d -> %pI4:%d hops=%d\n",
-					f->genre, f->version, f->subtype,
-					&ip->saddr, ntohs(tcp->source),
-					&ip->daddr, ntohs(tcp->dest),
-					f->ttl - ip->ttl);
+		if (info->flags & XT_OSF_LOG)
+			nf_log_packet(net, p->family, p->hooknum, skb,
+				      p->in, p->out, NULL,
+				      "%s [%s:%s] : %pI4:%d -> %pI4:%d hops=%d\n",
+				      f->genre, f->version, f->subtype,
+				      &ip->saddr, ntohs(tcp->source),
+				      &ip->daddr, ntohs(tcp->dest),
+				      f->ttl - ip->ttl);
 
-			if ((info->flags & XT_OSF_LOG) &&
-			    info->loglevel == XT_OSF_LOGLEVEL_FIRST)
-				break;
-		}
+		if ((info->flags & XT_OSF_LOG) &&
+		    info->loglevel == XT_OSF_LOGLEVEL_FIRST)
+			break;
 	}
 	rcu_read_unlock();
 
-- 
1.7.10.4


^ permalink raw reply related

* [PATCH 7/8] netfilter: conntrack: Flush connections with a given mark
From: Pablo Neira Ayuso @ 2015-01-14 20:34 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <1421267689-24894-1-git-send-email-pablo@netfilter.org>

From: Kristian Evensen <kristian.evensen@gmail.com>

This patch adds support for selective flushing of conntrack mappings.
By adding CTA_MARK and CTA_MARK_MASK to a delete-message, the mark (and
mask) is checked before a connection is deleted while flushing.

Configuring the flush is moved out of ctnetlink_del_conntrack(), and
instead of calling nf_conntrack_flush_report(), we always call
nf_ct_iterate_cleanup().  This enables us to only make one call from the
new ctnetlink_flush_conntrack() and makes it easy to add more filter
parameters.

Filtering is done in the ctnetlink_filter_match()-function, which is
also called from ctnetlink_dump_table(). ctnetlink_dump_filter has been
renamed ctnetlink_filter, to indicated that it is no longer only used
when dumping conntrack entries.

Moreover, reject mark filters with -EOPNOTSUPP if no ct mark support is
available.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_conntrack_netlink.c |   89 ++++++++++++++++++++++++----------
 1 file changed, 64 insertions(+), 25 deletions(-)

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 1bd9ed9..d1c2394 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -749,13 +749,47 @@ static int ctnetlink_done(struct netlink_callback *cb)
 	return 0;
 }
 
-struct ctnetlink_dump_filter {
+struct ctnetlink_filter {
 	struct {
 		u_int32_t val;
 		u_int32_t mask;
 	} mark;
 };
 
+static struct ctnetlink_filter *
+ctnetlink_alloc_filter(const struct nlattr * const cda[])
+{
+#ifdef CONFIG_NF_CONNTRACK_MARK
+	struct ctnetlink_filter *filter;
+
+	filter = kzalloc(sizeof(*filter), GFP_KERNEL);
+	if (filter == NULL)
+		return ERR_PTR(-ENOMEM);
+
+	filter->mark.val = ntohl(nla_get_be32(cda[CTA_MARK]));
+	filter->mark.mask = ntohl(nla_get_be32(cda[CTA_MARK_MASK]));
+
+	return filter;
+#else
+	return ERR_PTR(-EOPNOTSUPP);
+#endif
+}
+
+static int ctnetlink_filter_match(struct nf_conn *ct, void *data)
+{
+	struct ctnetlink_filter *filter = data;
+
+	if (filter == NULL)
+		return 1;
+
+#ifdef CONFIG_NF_CONNTRACK_MARK
+	if ((ct->mark & filter->mark.mask) == filter->mark.val)
+		return 1;
+#endif
+
+	return 0;
+}
+
 static int
 ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
 {
@@ -768,10 +802,6 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
 	int res;
 	spinlock_t *lockp;
 
-#ifdef CONFIG_NF_CONNTRACK_MARK
-	const struct ctnetlink_dump_filter *filter = cb->data;
-#endif
-
 	last = (struct nf_conn *)cb->args[1];
 
 	local_bh_disable();
@@ -798,12 +828,9 @@ restart:
 					continue;
 				cb->args[1] = 0;
 			}
-#ifdef CONFIG_NF_CONNTRACK_MARK
-			if (filter && !((ct->mark & filter->mark.mask) ==
-					filter->mark.val)) {
+			if (!ctnetlink_filter_match(ct, cb->data))
 				continue;
-			}
-#endif
+
 			rcu_read_lock();
 			res =
 			ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).portid,
@@ -1001,6 +1028,25 @@ static const struct nla_policy ct_nla_policy[CTA_MAX+1] = {
 				    .len = NF_CT_LABELS_MAX_SIZE },
 };
 
+static int ctnetlink_flush_conntrack(struct net *net,
+				     const struct nlattr * const cda[],
+				     u32 portid, int report)
+{
+	struct ctnetlink_filter *filter = NULL;
+
+	if (cda[CTA_MARK] && cda[CTA_MARK_MASK]) {
+		filter = ctnetlink_alloc_filter(cda);
+		if (IS_ERR(filter))
+			return PTR_ERR(filter);
+	}
+
+	nf_ct_iterate_cleanup(net, ctnetlink_filter_match, filter,
+			      portid, report);
+	kfree(filter);
+
+	return 0;
+}
+
 static int
 ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
 			const struct nlmsghdr *nlh,
@@ -1024,11 +1070,9 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
 	else if (cda[CTA_TUPLE_REPLY])
 		err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY, u3);
 	else {
-		/* Flush the whole table */
-		nf_conntrack_flush_report(net,
-					 NETLINK_CB(skb).portid,
-					 nlmsg_report(nlh));
-		return 0;
+		return ctnetlink_flush_conntrack(net, cda,
+						 NETLINK_CB(skb).portid,
+						 nlmsg_report(nlh));
 	}
 
 	if (err < 0)
@@ -1076,21 +1120,16 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
 			.dump = ctnetlink_dump_table,
 			.done = ctnetlink_done,
 		};
-#ifdef CONFIG_NF_CONNTRACK_MARK
+
 		if (cda[CTA_MARK] && cda[CTA_MARK_MASK]) {
-			struct ctnetlink_dump_filter *filter;
+			struct ctnetlink_filter *filter;
 
-			filter = kzalloc(sizeof(struct ctnetlink_dump_filter),
-					 GFP_ATOMIC);
-			if (filter == NULL)
-				return -ENOMEM;
+			filter = ctnetlink_alloc_filter(cda);
+			if (IS_ERR(filter))
+				return PTR_ERR(filter);
 
-			filter->mark.val = ntohl(nla_get_be32(cda[CTA_MARK]));
-			filter->mark.mask =
-				ntohl(nla_get_be32(cda[CTA_MARK_MASK]));
 			c.data = filter;
 		}
-#endif
 		return netlink_dump_start(ctnl, skb, nlh, &c);
 	}
 
-- 
1.7.10.4


^ permalink raw reply related

* Re: [RFC PATCH v2 1/2] net: af_packet support for direct ring access in user space
From: David Miller @ 2015-01-14 20:35 UTC (permalink / raw)
  To: john.fastabend
  Cc: netdev, danny.zhou, nhorman, dborkman, john.ronciak, hannes,
	brouer
In-Reply-To: <20150113043509.29985.33515.stgit@nitbit.x32>

From: John Fastabend <john.fastabend@gmail.com>
Date: Mon, 12 Jan 2015 20:35:11 -0800

> +		if ((region.direction != DMA_BIDIRECTIONAL) &&
> +		    (region.direction != DMA_TO_DEVICE) &&
> +		    (region.direction != DMA_FROM_DEVICE))
> +			return -EFAULT;
 ...
> +		if ((umem->nmap == npages) &&
> +		    (0 != dma_map_sg(dev->dev.parent, umem->sglist,
> +				     umem->nmap, region.direction))) {
> +			region.iova = sg_dma_address(umem->sglist) + offset;

I am having trouble seeing how this can work.

dma_map_{single,sg}() mappings need synchronization after a DMA
transfer takes place.

For example if the DMA occurs to the device, then that region can
be cached in the PCI controller's internal caches and thus future
cpu writes into that memory region will not be seen, until a
dma_sync_*() is invoked.

That isn't going to happen when the device transmit queue is
being completely managed in userspace.

And this takes us back to the issue of protection, I don't think
it is addressed properly yet.

CAP_NET_ADMIN privileges do not mean "can crap all over memory"
yet with this feature that can still happen.

If we are dealing with a device which cannot provide strict protection
to only the process's locked local pages, you have to do something
to implement that protection.

And you have _exactly_ one option to do that, abstracting the page
addresses and eating a system call to trigger the sends, so that you
can read from the user's (fake) descriptors and write into the real
descriptors (translating the DMA addresses along the way) and
triggering the TX doorbell.

I am not going to consider seriously an implementation that says "yeah
sometimes the user can crap onto other people's memory", this isn't
MS-DOS, it's a system where proper memory protections are mandatory
rather than optional.

^ permalink raw reply

* Re: [PATCH 0/5 net-next v4] VXLAN Group Policy Extension
From: David Miller @ 2015-01-14 20:37 UTC (permalink / raw)
  To: tgraf
  Cc: jesse, stephen, pshelar, therbert, alexei.starovoitov,
	nicolas.dichtel, netdev, dev
In-Reply-To: <cover.1421165078.git.tgraf@suug.ch>

From: Thomas Graf <tgraf@suug.ch>
Date: Tue, 13 Jan 2015 17:20:41 +0100

> Implements supports for the Group Policy VXLAN extension [0] to provide
> a lightweight and simple security label mechanism across network peers
> based on VXLAN. The security context and associated metadata is mapped
> to/from skb->mark. This allows further mapping to a SELinux context
> using SECMARK, to implement ACLs directly with nftables, iptables, OVS,
> tc, etc.
> 
> The extension is disabled by default and should be run on a distinct
> port in mixed Linux VXLAN VTEP environments. Liberal VXLAN VTEPs
> which ignore unknown reserved bits will be able to receive VXLAN-GBP
> frames.

Thomas, unfortunately Tom's vxlan RCO patches were ready before your's
in my queue so I applied his work first.  You'll have to therefore
respin this series on top of it.

Thanks.

^ permalink raw reply

* Re: [PATCH net] openvswitch: packet messages need their own probe attribtue
From: Jesse Gross @ 2015-01-14 20:40 UTC (permalink / raw)
  To: Thomas Graf
  Cc: Florian Westphal, David Miller, Sander Eikelenboom,
	Pravin B Shelar, netdev, dev@openvswitch.org, Jarno Rajahalme
In-Reply-To: <20150114135619.GC564@casper.infradead.org>

On Wed, Jan 14, 2015 at 5:56 AM, Thomas Graf <tgraf@suug.ch> wrote:
> User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
> and packet messages. This leads to an out-of-bounds access in
> ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
> OVS_PACKET_ATTR_MAX.
>
> Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
> as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
> while maintaining to be binary compatible with existing OVS binaries.
>
> Fixes: 05da589 ("openvswitch: Add support for OVS_FLOW_ATTR_PROBE.")
> Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
> Tracked-down-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Thomas Graf <tgraf@suug.ch>

This is kind of a nasty bug, thanks for fixing it.

Reviewed-by: Jesse Gross <jesse@nicira.com>

^ permalink raw reply

* Re: [net-next PATCH v2 03/12] net: flow: implement flow cache for get routines
From: David Miller @ 2015-01-14 20:50 UTC (permalink / raw)
  To: john.fastabend
  Cc: tgraf, simon.horman, sfeldma, netdev, gerlitz.or, jhs, andy
In-Reply-To: <20150113213621.13874.40461.stgit@nitbit.x32>

From: John Fastabend <john.fastabend@gmail.com>
Date: Tue, 13 Jan 2015 13:36:22 -0800

> One oddity in the rhashtable implementation is there is no way
> AFAICS to do delayed free's so we use rcu_sync heavily. This should be
> fine, get operations shouldn't be a used heavily.

Thomas please provide some feedback on this, thanks.

^ permalink raw reply

* Re: non-OVS based vxlan config broken on 3.19-rc ?!
From: Or Gerlitz @ 2015-01-14 20:55 UTC (permalink / raw)
  To: thomas Graf
  Cc: Or Gerlitz, tom Herbert, Marcelo Leitner, Jesse Gross,
	netdev@vger.kernel.org
In-Reply-To: <20150114155208.GA24550@casper.infradead.org>

On Wed, Jan 14, 2015 at 5:52 PM, thomas Graf <tgraf@suug.ch> wrote:
> On 01/14/15 at 05:18pm, Or Gerlitz wrote:
>> Guys, just realized that non-OVS based vxlan config is broken with
>> 3.19-rc... I see that it works for me on 3.18.2 and breaks on 3.19-rc3
>> (Linus tree). Tested over mlx4 (both offloaded and non offloaded modes) and
>> igb, see below the simplest form I can see it breaks on 3.19-rcand works on
>> 3.18
>>
>> Looking on tcpdump and stats, the arp reply arrives to the 3.19-rc host NIC
>> driver but is dropped along the stack beforehanded to the vxlan driver, not
>> sure where and why...
>
> As additional data point: I tested the VXLAN-GBP with iproute2 based tunnels
> on net-next and that works fine. Driver used was a e1000 in KVM.


mm, so net-next.git (3.20 candidate code) and 3.18 works, but @ least
for me 3.19-rc doesn't - could you check if net.git works for you on
iproute2 based tunnels in that env? just vxlan is enough.

^ permalink raw reply

* Re: [PATCH net-next] bridge: fix setlink/dellink notifications
From: roopa @ 2015-01-14 20:57 UTC (permalink / raw)
  To: Thomas Graf
  Cc: netdev, shemminger, vyasevic, john.fastabend, jhs, sfeldma, jiri,
	wkok
In-Reply-To: <20150114194137.GC2105@casper.infradead.org>

On 1/14/15, 11:41 AM, Thomas Graf wrote:
> On 01/13/15 at 10:48pm, roopa@cumulusnetworks.com wrote:
>> 2) Generate one notification from master and the other notification from
>>     self (This seems to be ideal):
>>       For master: the master driver will send notification (bridge in this
>> 	example)
>>       For self: the self driver will send notification (rocker in the above
>> 	example. It can use helpers from rtnetlink.c to do so. Like the
>> 	ndo_dflt_bridge_getlink api).
>>
>> This patch implements 2) (leaving the 'rtnl_bridge_notify' around to be used
>> with 'self').
>>
>> CC'ing others who might be affected by this change for review.
>>
>> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
> I haven't digested this line by line yet but I agree that what you
> describe above would be a good end state.
>
> If I read the patch correctly then we would omit one notification
> for the master case.
yes, correct.
> Were both notifications exactly identical
> previously?
> This has the chance of breaking existing users terribly.

yes AFAICT, because

rtnl_bridge_notify() from rtnetlink.c for bridge  results in calling 
br_fill_ifinfo() via ndo_bridge_getlink()
and the notification from bridge driver br_ifinfo_notify() also ends up 
calling br_fill_ifinfo().

Thanks,
Roopa

^ permalink raw reply

* Re: [PATCH 0/5 net-next v4] VXLAN Group Policy Extension
From: Thomas Graf @ 2015-01-14 20:57 UTC (permalink / raw)
  To: David Miller
  Cc: jesse, stephen, pshelar, therbert, alexei.starovoitov,
	nicolas.dichtel, netdev, dev
In-Reply-To: <20150114.153744.360580056667123059.davem@davemloft.net>

On 01/14/15 at 03:37pm, David Miller wrote:
> From: Thomas Graf <tgraf@suug.ch>
> Date: Tue, 13 Jan 2015 17:20:41 +0100
> 
> > Implements supports for the Group Policy VXLAN extension [0] to provide
> > a lightweight and simple security label mechanism across network peers
> > based on VXLAN. The security context and associated metadata is mapped
> > to/from skb->mark. This allows further mapping to a SELinux context
> > using SECMARK, to implement ACLs directly with nftables, iptables, OVS,
> > tc, etc.
> > 
> > The extension is disabled by default and should be run on a distinct
> > port in mixed Linux VXLAN VTEP environments. Liberal VXLAN VTEPs
> > which ignore unknown reserved bits will be able to receive VXLAN-GBP
> > frames.
> 
> Thomas, unfortunately Tom's vxlan RCO patches were ready before your's
> in my queue so I applied his work first.  You'll have to therefore
> respin this series on top of it.

Sure, no problem.

^ permalink raw reply

* Re: [PATCH 1/2] net/macb: Adding comments to various #defs to make interpretation easier
From: David Miller @ 2015-01-14 21:02 UTC (permalink / raw)
  To: brad.mouring
  Cc: ben.shelton, jaeden.amero, linux-kernel, netdev, nicolas.ferre,
	rich.tollerton, xander.huff
In-Reply-To: <OFE030E01C.93929A2C-ON86257DCD.00524615-86257DCD.0052461A@ni.com>


HTML encoded emails will be rejected by the list server, and also
completely not read by me.

^ permalink raw reply

* Re: [PATCH 2/2] net/macb: improved ethtool statistics support
From: David Miller @ 2015-01-14 21:04 UTC (permalink / raw)
  To: nicolas.ferre
  Cc: xander.huff, netdev, jaeden.amero, rich.tollerton, ben.shelton,
	brad.mouring, linux-kernel, cyrille.pitchen
In-Reply-To: <54B690F5.5080308@atmel.com>

From: Nicolas Ferre <nicolas.ferre@atmel.com>
Date: Wed, 14 Jan 2015 16:53:25 +0100

> I see some issues with this patch: can you hold it a little bit please
> (aka NAK)?

I already applied these patches last night to my net-next tree, so
relative fixups against that will need to be submitted.

Submitting new versions of these patches therefore isn't going to
work.

^ permalink raw reply

* Re: [PATCH 1/2] fixup! net/macb: Adding comments to various #defs to make interpretation easier
From: David Miller @ 2015-01-14 21:09 UTC (permalink / raw)
  To: xander.huff
  Cc: nicolas.ferre, netdev, jaeden.amero, rich.tollerton, ben.shelton,
	brad.mouring, linux-kernel, cyrille.pitchen
In-Reply-To: <1421266881-17314-1-git-send-email-xander.huff@ni.com>


As I mentioned, this won't do.

I've already applied your original patches to net-next, therefore you will
have to submit fixups relative to that.

^ permalink raw reply

* [ 2375.793397] WARNING: CPU: 0 PID: 1149 at net/netlink/genetlink.c:1037 genl_unbind+0xc0/0xd0()
From: Jeff Layton @ 2015-01-14 21:13 UTC (permalink / raw)
  To: netdev; +Cc: Johannes Berg

While running the trinity fuzzer in a KVM guest, I ^C'ed it at an
(apparent) inopportune moment, and saw a bunch of these WARN_ONs pop:

[ 2375.793396] ------------[ cut here ]------------
[ 2375.793397] WARNING: CPU: 0 PID: 1149 at net/netlink/genetlink.c:1037 genl_unbind+0xc0/0xd0()
[ 2375.793417] Modules linked in: af_key crypto_user nfnetlink vmw_vsock_vmci_transport vmw_vmci vsock nfc af_802154 ieee802154 bluetooth rfkill pppoe pppox ppp_generic slhc irda crc_ccitt rds rose atm netrom appletalk ipx p8023 p8022 psnap ax25 ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw snd_hda_codec_generic snd_hda_intel snd_hda_controller snd_hda_codec snd_hwdep snd_pcm iosf_mbi crct10dif_pclmul snd_timer crc32_pclmul ppdev crc32c_intel snd ghash_clmulni_intel pa
 rport_pc joydev parport serio_raw pcspkr virtio_balloon soundcore virtio_console pvpanic i2c_piix4 virtio_blk virtio_net qxl drm_kms_helper ttm virtio_pci ata_generic virtio_ring drm pata_acpi virtio floppy
[ 2375.793424] CPU: 0 PID: 1149 Comm: trinity-main Tainted: G        W      3.19.0-rc4+ #26
[ 2375.793424] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140709_153950- 04/01/2014
[ 2375.793426]  0000000000000000 000000002a81588d ffff8800b932bd18 ffffffff8186adb8
[ 2375.793427]  0000000000000000 0000000000000000 ffff8800b932bd58 ffffffff810ac9da
[ 2375.793428]  ffffffff81f8c940 0000000000000000 ffffffff81f8c940 000000000000000f
[ 2375.793429] Call Trace:
[ 2375.793431]  [<ffffffff8186adb8>] dump_stack+0x4c/0x65
[ 2375.793432]  [<ffffffff810ac9da>] warn_slowpath_common+0x8a/0xc0
[ 2375.793433]  [<ffffffff810acb0a>] warn_slowpath_null+0x1a/0x20
[ 2375.793435]  [<ffffffff8175e580>] genl_unbind+0xc0/0xd0
[ 2375.793436]  [<ffffffff8175cbdd>] netlink_release+0x19d/0x3f0
[ 2375.793437]  [<ffffffff81700aaf>] sock_release+0x1f/0x90
[ 2375.793439]  [<ffffffff81700b32>] sock_close+0x12/0x20
[ 2375.793440]  [<ffffffff81275098>] __fput+0xf8/0x220
[ 2375.793441]  [<ffffffff8127520e>] ____fput+0xe/0x10
[ 2375.793443]  [<ffffffff810d29f4>] task_work_run+0xb4/0xe0
[ 2375.793444]  [<ffffffff810b040d>] do_exit+0x37d/0xcf0
[ 2375.793445]  [<ffffffff810b0e24>] do_group_exit+0x54/0xe0
[ 2375.793447]  [<ffffffff810b0ec4>] SyS_exit_group+0x14/0x20
[ 2375.793448]  [<ffffffff81874ff5>] tracesys_phase2+0xd4/0xd9
[ 2375.793449] ---[ end trace be07601dc6d6ab5c ]---

trinity was run with no arguments. I had it happen a couple of times
while running it, but it doesn't happen every time. It seems to be
somewhat contingent on signaling it at the right time.

-- 
Jeff Layton <jlayton@primarydata.com>

^ permalink raw reply

* Re: [PATCH 1/2] fixup! net/macb: Adding comments to various #defs to make interpretation easier
From: Xander Huff @ 2015-01-14 21:18 UTC (permalink / raw)
  To: David Miller
  Cc: nicolas.ferre, netdev, jaeden.amero, rich.tollerton, ben.shelton,
	brad.mouring, linux-kernel, cyrille.pitchen
In-Reply-To: <20150114.160929.619787519481343067.davem@davemloft.net>

On 1/14/2015 3:09 PM, David Miller wrote:
>
> As I mentioned, this won't do.
>
> I've already applied your original patches to net-next, therefore you will
> have to submit fixups relative to that.
>
These fixup commits are relative to an updated net-next, specifically "237de6e 
Merge branch 'hip04'".

Do you need them relative to (what I'm seeing is the latest) "2733135 Merge 
branch 'vxlan_rco'"?

^ permalink raw reply

* Re: [PATCH net] openvswitch: packet messages need their own probe attribtue
From: Pravin Shelar @ 2015-01-14 21:22 UTC (permalink / raw)
  To: Thomas Graf
  Cc: Florian Westphal, David Miller, Sander Eikelenboom, netdev,
	dev@openvswitch.org, Jarno Rajahalme
In-Reply-To: <20150114135619.GC564@casper.infradead.org>

On Wed, Jan 14, 2015 at 5:56 AM, Thomas Graf <tgraf@suug.ch> wrote:
> User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
> and packet messages. This leads to an out-of-bounds access in
> ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
> OVS_PACKET_ATTR_MAX.
>
> Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
> as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
> while maintaining to be binary compatible with existing OVS binaries.
>
> Fixes: 05da589 ("openvswitch: Add support for OVS_FLOW_ATTR_PROBE.")
> Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
> Tracked-down-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Thomas Graf <tgraf@suug.ch>
> ---

Looks good.
Acked-by: Pravin B Shelar <pshelar@nicira.com>

^ permalink raw reply

* [PATCH] rtlwifi: rtl8192ee: New firmware from Realtek
From: Larry Finger @ 2015-01-14 21:24 UTC (permalink / raw)
  To: linux-firmware; +Cc: linux-wireless, Troy Tan, netdev, Larry Finger

From: Troy Tan <troy_tan@realsil.com.cn>

Recent testing by Realtek found bugs in both the driver and firmware for
the RTL8192EE chips.

Signed-off-by: Troy Tan <troy_tan@realsil.com.cn>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
---
 WHENCE                  |   5 ++++-
 rtlwifi/rtl8192eefw.bin | Bin 32754 -> 31818 bytes
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/WHENCE b/WHENCE
index df2dffa..c6f650e 100644
--- a/WHENCE
+++ b/WHENCE
@@ -2115,7 +2115,10 @@ Licence: Redistributable. See LICENCE.rtlwifi_firmware.txt for details.
 
 Driver: rtl8192ee - Realtek 802.11n WLAN driver for RTL8192EE
 
-Info: Taken from Realtek version rtl_92ce_92se_92de_8723ae_88ee_8723be_92ee_linux_mac80211_0017.1224.2013
+Info: Initial version taken from Realtek version
+      rtl_92ce_92se_92de_8723ae_88ee_8723be_92ee_linux_mac80211_0017.1224.2013
+      Updated Jan. 14, 2015 with file added by Realtek to
+      http://github.com/lwfinger/rtlwifi_new.git.
 File: rtlwifi/rtl8192eefw.bin
 
 Licence: Redistributable. See LICENCE.rtlwifi_firmware.txt for details.
diff --git a/rtlwifi/rtl8192eefw.bin b/rtlwifi/rtl8192eefw.bin
index bede1ad79f9c5243484f31c790ef794d579c9b4b..4a034d3ae8910df49682876dfe44fe8690798825 100644
GIT binary patch
literal 31818
zcmb`w3w#q*+CQF|OfGHH+q6K-wS-nhMS^%+*Oekw@dhn~izpJX-epPGbOp6!0CB~&
z%P2+PT@}P6s3=r->#D4Bv9d4kzPr+jyX#(r0h5A2nyE_=Y?J)H&zYGd1=jWddH;oE
z&Ybg{`*WV>InVQ)lLOBdnMzD1lX+Zm_4$vPOz#!pCF_sB;TC>gJS)Ov;ypj;|L#4n
z-}~t={Jaw^iobWV_FQx%UriMvoUhV19@%e2+FOy97H1G9?ZuSO3NQgAg;0??f!=fN
zX0u7ivC+5PYUc56F>@v%Ki6h4*&Vqy!DP?NwIZCCYcbO|VC<!$LogMUiaGeMbPg3w
z6_w612Yr`X>AO(C_sCp)j~WTcicupd>>NSyBS#Db<hZdFr6$+7v1LX0z7Tm`<IXRo
z@AFDc_^xE%!|9vnc?&OCY&M%cm*WMiEjKTpHw!j<UVfnk(b-RqH&ePJzd(aPpvZtJ
zOhXqI3IY|FljA5T5(SIZmX}{#Vmx#3=O`#HF`j}wCzs$#N(DOwic3ld8fhhIs1m{h
z?XU8j^AQ*^vg%wmwWH2CkKRqEKP#%v9X*<*WI_aUKFggB3CKzxJ3fS7W%yL$<HCnf
z!h?^D&klS($LA`1>hW2O&&&9zCKFeU4`4V2?=Rz%701s8`c{}s)@qZ<)`7I$fI}Sw
z%j4aA7}dY^{~`T9)K6vQc+OrA)t~pC$yD;B$u!7|A*?<-Ty}dX4}JbqyLC9;1PsSm
zI!q!)veM+j7<x<(nueP$#>mxT)LuqOsuAKY<Ye>XmQsx9(<YU>mpjhSHdkOwPJcfw
zKR;V|D+6ObZ24!-$9eA+zMP5E$}t~4vn+}OngiF0$|_vdwZMP;nax013&-(1J?Y(I
zv0CvT3m_-gcpB+en*m|ZG17ALG9ixsutb3RcH>E@cC4MulS<a#bMhPxEkzG$X%uIK
z%B=!#Dl5$&P%xlyV9}uBGO?_rZ0LXjEnGfy@X#ScOC6>81*KZLILI+n3zrNkD=9A<
zT#i}%zx{pGDkU!#ul23$$ZPDdZ&E&bI`UNIJ@Ka^PhYYm{`99$AFKS?$*vE0-j`}$
zyR5C+RQ<^k^I~aWm))E9QEQj$fVrmZ#HX$HzeSJyyu%rBq()UPJ6UMAZ#N5m)8b`a
zuJG5Uh@*XdZH2|*d!ov5vMaH1nZ0X^V;dFur;~>ldK7!t4n;Z<aqL}ReQv}-_36op
zvaUa!j4WH|v34jY%A`0FpV)n3fJ53FaZo*eftsM0iw-*cCf5O*>r26JcOQ2@_WMs;
z-O@ES=i(<eF7xpoYs&u9)c#(-IlNdpVLxHt|Lx*sKXu7BEc9_}b|_(dCavNcpYk+5
zz2wuUKW%mLvAr#Pwb`F?`j(9yd$Ow{avT-axX{rpj&5{jWP$IAi%xc(vUioSek7vz
zd2(_Nm6v~$lOz3W;6Ul`-RO*9S!P*A0VhG*yH0h#<KSOkR%W$!u?*$qhjMbhDVP2=
zT>4wA@`;mO!pYcJ0nJ)-!X6vD=7itmOgAJ({q1tGhPa<bLn4lMY`MNC(7O0C{@M>~
zFY^5i;q5f47`9WC(%aSd)q@`UYnDSNhLualUo&sCjG$~^qF@G{D0_k{B*=}N{Rx4R
z_&1kDktILpHA~kw(s7E~w`$oL4WVI=SX>JKY53EF7;KFGL9UR$_Jh@GIF+QykxqW}
zy6c;KzrD+oH|B)LReO<SbM;uGCp=Y4dAmz3LJ>uWMisaYI*?tEMD||dJ~jn?Lx22s
zd#q*!hJ7ZR%c&`6?1EJHmC5K2634FSbH;8<b<asgZ%rJVjhCBJ-8UwqHzbZt?sFbp
zA6Jj8yGH%$rEAo~FJ7xUmA-(I2q?*bl5&RE^kK>qK7LKoXI_(XDklTVsetlrK<P!=
zNu-@Z+P6sSbq1@J$CpRcOIO5KIF()objo>D4IEJeU#ZTH6&=e@hSzvS<niVQ0xWZU
z`I9Tc521v6J+VL_AnoU`yCu9P0JuQ4`GmxMZQp-f8ci{7Tcu-n`}mLDg*6qsS5ynf
zXG+|4C-#S>Jg{qfQAM>R-%uM~%B}Hy5J<TvxFR|35lLk9a0PqZJE|1VYt`@J^;;?n
zpWVBb@BYKC6@O6Eq5WU&J0xx6Z?KythW6pJA0GvuL--uV=PT31jfJM0uc*C!_HBEM
zTDkTe9sbn~&R9hkKT(xUPb={s`<ok_vgsE}d{L~j&m&fLd-;hQDhGJ@i3eMM{LGPw
z2Yn?~KaMXCU-Dvnh0+^Nr0TwHR4tJo%g;Yoyh<r4ahrSd!~G*aE<rSRX7p*GYmgrW
z7N!eqsf+7HuSL?wtPDSwPNqorh~9jPu%iL1Oj!l62#yM1AwC^4r$fT&;FfffH65}M
zP`)%l4&I>mRu0|>#6hic@Misai$YzYm?=nNT|iJztW|o4p-*g_U5YiFzzFZ_=y<l(
z$%>A71)nMnjJ0us@3>SDYvTpqNy!>(Gdp~JV`!lH_==;dQ=hKY%Ntji6nUdn^%pHQ
ziC6y&K_$hC^QXk=TXisT*4GW6HSBKKEpsN{1T~<z6RK>PuGCbha^QDLie_X4S|i&Q
z`#3e$UgA<Nmjiu@$1aDGh><K|1Q;yF-R4qkcu%R472iHyMVffub6RFOuvPK!VO47b
z4{WO85`Mm6A3n~QJBe_1+oMLqHF$S}Gm<|qUhJQNK*7AY=%0x|;k<Z>e-;8o^WvqO
zi~a6~eVavq?Au&|^nII4k+^UAGcl)snO?^-)F)BhQUcF?;#;-i)sw}y=8A8R_H*KO
zE9Kx2v^%AR6hZA-F8;)!<)~&k8qZ6KwKK%G*0CaMgan@Z#J4XGr}*m&<UpxXQ-t9d
zsU-Ys8urP7GQ}gx+*rkR$l@!aapA`LWYuq{CKM&`+~?<dzV*xWj^U8;Ub@u8U;Q(E
zEaZ)ROx19rYcj35SUu;RAa69Q_$Ub^D~)QAybL%USx#s`6bZP6l|=x8s<gKhRqs6u
zR>_Hbm6V+DC~~M&ja4Z8&MrBmDBd#vMOfK^lc;tK1y02<jSA)(a7z6E?}Kt;fs%4{
z4L$CjAS3}ui+Mu(IyqFL?roV+JuIwB<wkTe=ALkokzxjhA*`g_E|9iltV*d;rpTdU
z6@zsV1`A0ayVVq`RNRGA6Q~|>rApgK2dh$)O@5*C7>gPu__@wQEO@Tq=k=h=5$;W3
z8lRnH0M=jPt)<K^<qA1)P)W6yR45ZrCA!o5NN7oM!heZ4dp|{(RV5{^|3nsE3ad&D
zddnSB+(}g`7Vmo)krbvVN<o_vZI{~Qz{m6&ZM$rgoS2VcELN#1IV3WW6e5(wqa3Oc
zSsm!f<!15ayIHHNOSNX%<p7N>t)qZ~{P$9kPEj807gqno&x_YTFK=j3uKkJX49D~1
z1@XehB58BJzZS?{;IG4Xp??~_i~Q5)?~^%KSPig$GIxa@N)RlF31IOJSbQ_sOMIy`
z@KtGGte~b8tss131>t+v{Cz#cdTtQk$`Ri>Z)b1M3-X3v#?+pl%3M7mg)mB~kyQTj
zlm6pC&WcDrd-}PGu*J_i{br~5TMt8bcZ{KXIMwqlEfaT4b^19XO%DIpl(Wm>x6mrU
z!n8E(b2e2p)X0HiEJmle@vwv;Rby(HdM9%^3Pg%Syq`m)vdD9FyBzvjX?ao(^(ZYR
z)pnWNL95V-_i&@iiT1zHngR{n%iu0%aHi^aW$yPtjJKSPhi#3ot#pRv;9pdHlzL9B
zyj|u#R(-VrRlNGq?VMR0_l+DFq<FBx2V>O)%26#}9Q>$NeCs47zkBDWt>O(2iPwH8
zeJBSC6hOEXi<08s-J+zLI7w*Y{6cz37eqlKN|YoRp4$vLX<~V|#`{>9sz@#ZJ1viS
z`H@R2llXqGGU>UYvJatuf!p#EbGq9K_`25!)QhE1_c?{ytbE;477z;LjRi`|BlLtM
zv-rwY6j^VleBuYC6LbDuwgOw-@a>#lZoPxx>xP5iP@rLvmanZJP^L<UmbYOMt4r|S
zA-;bp(W;r^)@rGawd(ui%<7FWMBF-G8pyIb3JGVxjv(zQX7K}#Vr6bC#<3jF-)US$
z4t$6SEs+E5Bn5yQmC4+DM0S59zPg_J0n~VpR@)dFex0|mIG)k0a%FFeK=|{X&#p@J
z46A<5DRb`w4I$=I8)U0cp*WP9YPAUi-(Zpo>rTp+a}~EAZ4rGA6{61ktprK5MyTtP
zh9e8X(>l@e5IkN8UeMt;=Eqd=$Ct?)^A(Q;MKo;HK^csbif?lGxiktnVrr>pK&hv^
zlJ^ddx;fxv324+*RdQfxq97<38Sv26;!Vz&D?Co#=uk>Mwo=b9WEjPOxsS(>AMcis
zb1;ery?s&wO)Cd6UM1e7Ngnbm%~%cIacsdR)TRsliyF2z?Ap$iQVG<b0vZGANCDOx
z#)$~$dji723&hE*l+;pFIMF!`9g;0hFp>@b6-62mPF`)YXZjP`98&{W6&s!d%aVm*
zif1A+fR?_kHl5ScO^B4&`Mw++s#GY0r2%qaCuW!}9)}Ta7T>!M@K|o=Hf(+S3#s7k
zFZv}h+!&OVGmmO;FG@9?*RWL<M))c)*G$-uLl)wBHkx!!T(pYv=%`nLGzFqplTFHD
zL5sC1-;deq`I^YUO*iP}Lk5*?i$MawS0poy3d@%-2ev7dW(@hC#CabRx{^diGLx0b
zOjd#n>|oeiL5QqLS~kL2lC*5pEYP2jRY{2Vy#SuEhn1Xa<H1NeFm_T-tj$8qqyq(g
zs4s&-Myu^oJq7D6UQbhjG@C)V3th?uTC?4@3I)WWTuFr!#UC1(a-^|(rVE-1CEyO|
z;K(zeax()`L|8)IK>rykYhA*8aTJphSO1ObYcG+le<D60TlX+_Acr<9sWgV?5xTsH
z&I&`7Mc(TPOX~}~rSir+#rp$>z*uosq3)z~4okBFt&!###?rP^nz8DTt}V2Nt=a^q
zk+UhiqC&5Bs{suO3H>h8(C<yPskEmX_%5zpDu*_8t9^h;$f4JjROesi(3`-v0S#NF
zvnTh%Db|(H7Nxg|6W4-OwWiBLr+qn0g71Uq=ANL&Jkxxm(-GigS;>rS5c0c0-Y_Vi
zL8fV`s4Zc_RLXaOkqz86^WyX4EmI<fJiEkdaM<_aYz!TqVu%Nh;tw?nWDlnrI<Q<n
z#Ht%j^NwXWQha{592fuz%~OyC%WEZg`QrDTG0(L+;rJ0F97(n50)HV;0yE;?j&)DP
z8Z-oS)N0TWYZeUw1$NTH3d<W!#PlsE6>nic@#f)U!^cd7IYR~p?3FiiN{boLN{gwQ
zmrDGcG(?L$%p%RzxlAy?GB-K>7welMlP)1h>%zU?lI(c>wwUKQ$y}c9k6K+y9^^h?
zZ2eww$=**}KWe3vl<R;M`y}xfi!w0>E$&`*TsRZaWkFYq-}$sv`gIsWU~q}G_#fD`
zmC2!fO1<F8^H=vYP#Cll3wxjHY%=?c4df5~7MLhbUbh8Q{D9)Emjhoa3C6GbqU|LK
zdL;}vr3GkV$$>By)UgU>K(s<B{;EO&sUaY3(LqF(M#_oVm`7pU0;x#mI9hSz7Ek~P
zhOy%Pf=>K?tE4ttQTtjsbO3D#C*?$KOs#i$eh3QP-TqSTaF($47qrC`t*@kf(=MX@
zXCl5LrWQzFbho!yYsY6I!-zbJNZXki>#{Tc6Ac8RGj_1yl>EvnB`Lr1q>^~YDlA14
zmzui4#K%M%)xu!q*Qb0NE>*vMloPl7!q3G#0|^rQowi&aoiWA0MiHY62BEF!35^Ik
z3sG!HF=YM^W9oKpC`Do@u;Iltgw%j9SEWtFy{NAaFbYU(flS%gidJxfF4Y-p6Tl}~
zF0i?w7<RWU)u<N8!O_I>k_g7+;CU35LmNS#L*1-M_tFfp*}#Yml9c!l14{fV@v@iX
z&<0XN#h3qL1++sxi_!A1(Q<)WKB{>CYH!5brZ>D-t+Aik@c#k;wHjHqR!3APqJ$#W
z>|R1>+F<lxdx!SBlqNYiT=8DrG|;~YssZQ(jBcST;>_!^-sIr9)GzE&^wBccy^G8=
zZBz#6!&n1a8xjWYQp#yiP?V9&7?6qE8~)51ft?xlian`r!ELKjra}{uqJok%xbN76
zZg-DbCqqIXuIkNWDG4_0BdAGG?i57jU<HNy+~&kFV7{%l8yihI^k=n|7k@g>Xc-{i
zo@2ad%{-s72`X#l^w*8FL^#ckLVsbr0UHoG^f}R7zM9`KLk|6w&9@vJi2@o`bBt9_
zv-tE1%>Lg1{TIbE4k3jq>Xw6}0I_4mj^$KL$MTL9$V7RdOnJ>}m-zPapZ86b#<L7m
zIx>B)Jjds0wV|GLHfqyZs)ELonnxne=jijY6*^C3Lzi@$Q{6Ol34<1G%!#V8QV+lL
zr?S<ofXc}mbCi$AyNNSjqqx^kO`)KhMf(z18n7X&)kA*MQaf$S&zh2xl~P3IrNVs)
z%)dDmUX1<P^@|13K8KaH5ar}%pdF^upmVbU^9?`;+HxA;;0$0{cFRzr(PmTUmvZPz
z)_#h;nuP?DbQg8J26E|{oiY8}Zc<8CH#5~Z&RPx3XFpZgMED<HYB$C{bR(k^;^mv=
zkXy7bq!vuB6YW>h>*R&v<a2fiJ1je_J8W7Cb%jNDm^=6muEQiw1}e>FIcFoMyy<-w
zzL6=s#Vdl^)RRPK7Jv8d{93|%my*--H@4L3WT(8*21Ssehe+X7Nyest3qol4t$(i^
zyb0_Us!n3M1DP@%3L22nC|lvTFXbj~m$`Xi)hTsIuYi6H;`S@;>r)yXz=j^A_CW$_
zstBii!(gLGMvvc-JmI@yEU^?WzM@-oUc5uup%NnR=xFRP?J(`&cJMpQM$g5YPDV;y
zhs@&CPdaQJ)(%UDVD!GDgH~9F+M)c1BHo@DDR&*<pSc;2FyDCr9uc$n_N#by@jV|!
zhG1jfIUbJ#W^sKvo(Hk3{ym;w0_saV!)Ec<4m=}#=R!QX@cP5ZP!!quIv!#EnNB<+
zeDRlfbny+xzN4k#c)f2~RXugT1@d6ZZI0g+a|>9L6XJLKnzfWykOB?C+(<o>3glp1
zjnunspiaTKQpr)~wE&TW-#}Uoo`8f2Rm*EOyJTq}|H=4IK0lR;&87U%9Y*TqWgL;9
zibIf^^a!3J<lsrQ;!uvv?IeBh#JPA^TwPaWx6XYMG?NtpR9mHh9$Qe}^Uu)>T5Og>
z>oCWy^>qu;*1J5{4!Emd?!Ig9N@YdFP}rIIeWhBTH=sk%r%6*IcZ1K|g2BidCU<Wt
zayKayr+)te*HMAgI%z;_z36|+QXi>rZ;@(wuFJW3eyb<F3SVHf|CAhhK}oXlPIS9%
z;PXW>edy%S%j#EdzZ_bx9`#<}<CqkV2_U4Uu}_os<MRk3K}lYw9leAN>w01)<<$kS
z<qfH|%fcQXbP*Oj!|HdGGgU9<1uzI`f7$#&3ZZsTk#fzoYm&6PKRK16Xw!hU_j(-x
zFr{-z<sd$MfB<`|l*(raTPDR<gkkpL)(|CbRE4ARH4`z3;^Zab<Z?!nse}Z;MFM}0
z7ACeratJ##G$9HNG{9qO)N7Hs-IVY$aUu*@x`8yiMcwi;3n7QQ52@>vsY!yN614bk
z$T;HCghrNZBbZjjHdKLr!vn#hR`HCMgJeZ1^%RwQ211olE(>EwnE;uV0@y~|SfBs`
zO0X8o;TyCi7{{Q>A#*8|zQHB&o_&6SpVt5ZGZ;szuvCfP1)g~KU3YmFVX^qkfEBR+
zh}<o>3*+}-K}PO@eJEIIqOMEv6_Mo(Bbll_<vXdNXOP5SLZLQ$2NU>D^z740xVx>;
z9FE^D3;xL6Y=Qa(ubH26Oq|!?q()3*icL8<olrrlz24_$#193AX~=+NOhf>H>rjDG
zxr|z|h7u*H#CrBn#!5FuA_pWfdWRyQ)$d??9E`(s7Dt6w^E=Pa6b}-z6VeyzWfNef
ziNWMkjW!A=qiEf9r4O^tNXoPNtOMkjye!uMM>sDFyiv`Sn+YQshCoS+A~Y-@sK|2a
z92+`RmD{a>HmW>{PGMpkh0tL9Z>Ci_tZ3gFHYUHK7O*r78+0H`LEX@MV@T4y-*AOf
zeDkoM$0(CJ)}<5$C=EdfnncV$6SsEL##U2EyeK$3v6&jCl**Qe)FvJlg%(MnO>7$n
z1ti!bL}%Lb*7F`S|NJ^})+}hdF7Z{X5D|R?z_xAy&vIq)EXw4?Hi7Cc)*iOb-P<|K
zf!oDdKBsJ%r06<qW4|K@@===rYj++2Lb-@-3@?U$!xjS=rUmUsOJ?bNYpiSww1;wF
zIO~^7fmTd}Zi@6o7PWIX42CQZ^gSLZZHCa+hp}BbFalIyqd4bX+VfX{mDRqFO+9wg
z*x>UXsP@?I-a$H3uNCS5vGzms_A=jM?2e$eTb$}_!4R1{TV!jlQUje-zzMoynXPIA
zhIT-`4>^&QUO<{}z7|?>n8rvk$cDtiH2Kaf?1q9gJrdZ+rM%XFQlI0=jg_)}Aoc)k
zK(MdV7!sEJr8_toTg0s0;A>o86W0M&=PwkkcTyrYgnkpYgtSAX4dE(nTlL)%#oG@@
zMiQ%^Hv`Xu{J4wo0H>d~6;H?o^FD|;Nelh!S$HB|4n#%~cpE(t-*yR}2Xi{#m2InO
z)baKu-=jn-T?Z_FL7Z|7AqWh2&%qPLy>lg=kQm-sj^`nMoasA+13B<H5K0(VCYi-w
z`Q%^@-uTY1oJ}IL>O$wp(7cZ{c+x_KFQu~eSq05w8XD+`zfr~7pmSUq6_p|_LK0?O
zcVYWFC{3UqrOgdqA&eiO%~&CA#xQB0lL5?q0F(NKf?Dw0H}1L4%fLza>06alKr!|U
zs~>D$7<mwQG|_+I(i}*x;S?moH4r-^58~Oz*&&C<Y6J<?2G0s3m0%13mF2u57+F})
zLr8hr@6roOCXAvMdZE*#4Ba)hWVFU>BuKN2Xe**UMs#*lo+k-7(1#`Pyhm$Gh29o{
z+QO3YeOg=kHILe(%g%<35c~(W>Ch0Q+#GD8A7ZqoB-NOkPj$N!*dZY$=@t?(ckeAw
z{(h)-yNfWwu_<~=1yc4KDb+~XuBEsog#A+}hio#Fu7wr9<MiUS#H<>2WYu6KrYoUD
zqY^DKUC$2GBd~fZ(2bpndq3+&HM+5#HhL^E>6Xx5Kecx!isI15B-(2vrn^arJQ5RG
ziABg6GjiII_{|g;UP-vEQ0xq!pn;&8+hIK^=&vA_X^=^w0b})s$7PEfX0}gY;D(<3
zPe4eh%}JL%P&RSs0W|Gs5zj)~RcW#o3m$lWtr%;EqA;+nmTBj6W2AZyZ1bJ3!)L>6
z?+3G;U@|&KXg9Zk`j{V=1HY$cK>7}B*CTc#yp1*Oe^@Lv@(-|$Tn)Jbo(|%}e+1?J
z7OafAq)h@dXjCXaB=lj1>fD&2zdIM5W`d_nfu5g?0#Y7(S{my(3BpBP6W>}l?gh%q
z1_5d<LrH9dA&D2Kn`Dd0Hxv{cR%**^l7|AjpxolfZUCAgky?v|Av(az#LB`TvbnJ~
z8-}L?3MsUBmkO$q)n*V7W`(gdPUE2k2mb5LL<DQtH1Xm3rV4*GEK1q=v|UR-3(4kb
zetz5wB$@&N^tMhyE8BsDRP`Q&$ufcpVMc(NBFf}G7{!=9Axf?*esd3Wbfm5Z>jn01
z*QmX*NJ-g=j>FXj*lK;(mxJ#%-xDbKG*=f$fS`C4$|cO><svrJWTok2RvLJTu`EP9
z<xqmGJQzSTlQH|oJ%`bT&5b#?7<M$H0gPUckb?!_^pM5dxDsUQSpb_IMe&4>onJA2
zpUzPPC|<fz4kEx8_bh<B$SU#WXYdYS>1K+rH^cN1Ea|xmwskEn2bf37l-`8+{73@D
zq|#Gq69yC0V5yICkhQgB3`(#-S2zX-Fy+8zTX#z47KPQ-m$q6~U#9KT#j6e=4ya(T
zYPcT(vDvg>vuFLIOSu$c=_L&NXfZlsi1ebNW|FE|_XjZq%`+1066HfG>$bD=GBWy`
zRp)ne=v!`@{>=98;FA}JQ{kj8GroXr9+;OVYnZl~MJ9!k=9#2WpQK8K{bESyw#VQm
zc3Nz~wxZ32+oe~-^5!p96c6b&mX=<-0SxI?E!bu`<ZEGq;L9YU`$}0Dd)IXMrK~Wv
zpom|_V6fXqSj!8iIfONtm$m;TRbES8D|-5RmR`d0K_&+5vn-4~CvY3aptQhFjmikm
z)Hh2^ejcoIm2Zgt(!$!VC9FkQaVvTX+sC{A)$grOe`Ao)3uyT?$UWI_km$10{Q4VM
zD{7$mpoUQ0Y<GY?2Mu^P#Q%E9!*fr`!VNxE4WRwBT7~ggDFNVd!1(WM_+7)!;?X@X
z)LquFr|yUxya8}btb~&Y_Lo@c`kNE-V4%r_O<7<`iD=&>2L>|wH>?z6697Sm087;n
zO`M`s3Uc5=7R_jp31)X9pW?JWIKJo<bENMJU`-5uUTtQJ@6UwZ)yVu?ATDX{Q9W04
z9t-v_vF8yqh1Z+1m6}2(F+a#qt^!qxM*KkQK2WL6<vL&#fPQJIoz#GV<4k-xPVxzy
zQy|JvqaY`pFDE2rsR`oXQW%5!uuIb353u)y_Ac|is&pe+(}&3kFYQ1S@}dd!VH>Qy
zAHX|oyeJe@r9w_DJ`ISy6ObH8P$u{*Vc3}1DXu%er(O>H1y~BhAP4(2EqKhdEUbnC
z5W;se`+gFmE^olpvQCa+oeVA+%G)>nyzZ%KtEPjCfJCIW7lKq_>z`D`d4GGOZqu~a
zDFq3g1=4?O?>bLMbkbdj-6T}yWD7vM7~=;8M4Vw1aQ96$;)g<<Da85(d<DbCFVjhe
znqG?^LGer;VpT&~^tNDBZ6Ps9i++^LM3a=pG%u8vZWdXCs9BUsY(sAt8H{2o87Wew
z3%ylxa2Nqu0pu=Zu5dH}g;P~nKVWhp9cj-WovYo=Gq#w0Bih%x;YAkQ->tqeBb<2q
zdGObmTKSnY!#9DF2I@&o6|HU~@k!|l-@JZ_)tST&X^78Hi7q3jCzJSiB7BL^harp1
zkPTx8(Y#}{V|TX4UW(6bZ?V@_hU2pUbTrFm5!|0;=ZMTyrRyR9Evn6FoW(_ER-Tjw
z(R&%a^LU2>r*W1Ufx|RL|F)o*+Byp((KJY$)lIE(Yg4bVCgO$7AB-6ZX3Xd%OiE&y
z<q&K^Lgze|MVvcFdrp6Svm5@Kw>KDEH}okqSy&}wkG63(rIL?71aF|wr%Giq{*YlJ
zFr``_>ikRgn^ci`Bj{9iGK(N92Qw@zY$|)q1Q*6GZFAo*I?L#E1sh&DbU74|*kXxS
z|3D61LyI0}3f&HH&FOXkN})Q=v;$nna$bRgc39-lb!?0C9E-aguE7@ZM?YY#0p-cn
zDbJUTT6TgmLQ&-#%UDc+*bQ_v<uMQ{l7}zC=RCHSIXzne%T_=VnL&`@80CyH?TXAz
zfJ;`wZ)WO#(wk)K`sL6$M^zZSL+2>T$`bJCONjmTL2Ie>9(%xZlN>t#s2b>2w^+JK
z*9)eoB$?V*4qXVf-Fc`-4qXO5!5lBo6Yqhp4|+Dr4~647O1jLL>Rj#7c#y`CxL!yI
z5s$`(l=ytNpE<01G-j!sl7kWOEa8Zu7@ZsOoURQ;aVQ|8{f^&xr2UuG{Ky%;(kc)2
z1tP%_hy>{uCBC4&#Zg@qSpenlh~IHTBMT~zCt5w?s^yy(;PIrg$#&$f1s>t4`6G87
z5uogfD5)sUjPN6OMVSnZMPf&ty0AhM#8hi>vdu?9XU@?3ch6XnjLld+#be!Md1}7&
zP`<Q@O1<A(o7Jw!d}7bk7sln8ngGIFWPZgV+mRY6K41Fbe;A6^`A{sPu~~)2)J?XS
z8=0Z_jogU|5*OSDFl=66)u^N4(X1Lfd#LU@eH;yepWoR7eLn*uvj{UhFepu8fl&P=
zYqOD$Ss#L7HBy%)43T8Jx5d=mVyZ=XkvfQQ!AkCwubDX#{CsA7)~eb4GsJI$X83mB
z8m(rCT0o=V=a3eNQ1hbgjno!Zv`J%A5%uaM@e11;V^iIist8-N!geDp2melaktNj*
zf~~AiB1TyY+4!F-HnUo;#G7iBk~%g%85@)6zN$|v7BLZZJj$h7Ssi=EBw|<fy)jcZ
zQSrT-)GhpC7?7ELXH4qY)pBqj)fK7R+rrgOj@$+ld*t?#RQu8ON7ljAz~o8E^~TIi
zvtFN_E+caLmfIGaKWQ)dqy$!?$4pHY(PrLDS*oEwTU(4lF2dw6VGS0dzp8G3e40LC
zBvm3#ft0F^7g<=^TP)BzgODrez_j(%`KzZPn*x=C8k?d<rpXhdYf?BY!lsrEi?pwg
zOslrY6R*Y2VB#;=#OKO^q~d9cOsg;PSR&Kf@+@-DB#pwm$li1D&PgSBFJ|vKc;}Hf
zkW%7zMD8G!`gxH%T85BQP-Je^9jWm6<lb1zknVa33UN#0+#ym$<c_Mj@wrl2dwA^~
z$TWBF+B>T4k-2!8OWW(Yk-3ekHCP!q<*U9_ZJeHpyH|k^{uPFnU#>~P3i>x?J<x)T
zp#09TEW94MU2Sj4job!AgWmr&s3DDECaeI?XyZLL0kr8$&&=NF`eW;=g(kS-vuWV<
zX-K?jHDJc1y01!VWdVowu8*kefXYXA?qX<b*k+XYtw7s3dn32E97ZF|@M#SmgkUO_
zQB*m#ON$~~6AT0g)o^^CRw^{{k$J)R@|Efey`{l}N+R}}1-3&2E8dvC$^H6_mGg85
zpu}S);7F`$PJB-HrMJd!wakmmYqPwiLCGc(lmLQSfB?WQW`;D1BIJt9Ss%G|U9|(x
z_#A}dx1v$;TM?$UYxF5{s~U*RQMcTxTd06JhKZ_OoLr58|6iY|VG)@=`=L}4B-7k2
z4bDchR5o-wrVq-^-~r|VEcjZakp>PEN@4-|TB-{&I9jSodFeOWR0)~p%<b1~W(3JD
z%X?01UGXhIxoPN}VSC#P%iG#H;WcY-t+q9Bt#zU_F`Q_v>r7bcB6Wnp{K&r;d+w-b
zL1ya-N`%^JBT6=+%o`cmGH+zf$-I$8h2Fk<o0zscxwqFyWWUkvP~F;2J+o<5+$tn1
z9YQninIViD+f1cT-vfjBVXqUvhYX$bBli&Fn^VvYhwDqQRoAw%G}gU7(b&o!RkPwN
zuj<Wgj**hyG($orKOgm`WG1d#joh>M#cKZPd%$eS7h&@~;(~>(_kibT3NbdrI{ybN
z?a%+^;339Rzy{eiRSq68-WjEXNN^MpER){v_yS}ii6lL<VH_Cb*7Wuh7LKR^bRZ)J
zbZ5UP@jI!Ey}yLNV(=))=^-^fKMFl~ksLf6RU`9Vhmddx5=uZR1<D>)a6o_(kKi~E
zWqhfYpO}k9-K9qEq_Ms=awmp*I_>(VMDDCSj-xukuT)4Gb-#XN!R9;h9KL!!cq@}o
z7;hC)+a0;Yr5AupPb|w$a~;$Z!o3sAs5<OGB51`C;)@X_(Z0U=0sYt*Fd|DdG4w4;
z?<1zzSp}0h$=GdEJR_Rtqv;@+)H9UXg_9QLto+D)tYU20BIvf%Oi`LBu>jMni4t<~
zSbxOm#lSLTg3d+h^^Dcuh%I@XTg-1-GZ+Jl6%KP{-r+(&F)OpTC_AsYPpZsH?Ddpn
zrFyMYvSe<xI9mnhn>OE?3k^9o<>r~6TQyUgVnXIcJ%ixVSQ4!_dkUiP3(bkb=p{tk
zavf2F_FXHLMPW}tij7k2qba4Bio6!0ICy6%D<55iU#}KsYNh#~N!P<)(tBUjQ-(T9
zsg6RbBbVy1MC)_C=VmH7qo_<R(#@IhS-}{IzE-OGUSQcJpq=S9(-fV`v|mYll@@T1
zogv=>iN5;xNaW2m#zd;gh{<Oy<?J#tLq)G6(;Db6R+E$ijaAyWg*ePKng*g;$-ONX
zS6@hS&@_F+5O?cuOhE0UT|e0^u8X)KKu?z*?cUomyn1X@oc!wJJ*LM`aF6%!kDo9<
z-XlDI!t!{p_3>Vt$+YsiM)x4;mPU7xG`Z1jmnLObxwj=(%fE7*Y2{_y%5nV4%gigs
z2`ewNto)&M<q!4zrBZ&Q+acK--2#a+?v?K8vJi^ECm^(r9I!S|Z=D9(=zCV{4Drr)
zrWb)@vA#jkh_wjKKqeVkvr<WAnE`F%hZs$StPEe;tVE0<GXap9EM8Z+##j{Y7onik
zm?`#pn#)YKt$++nQ##0P=DWdQYWhB472gjG2C_3sgELkIvzXG%VxysNJrc4IBr%)#
zG^|f#bIO)JU|%YX)U`>uT9W*{sCIjV*1BgNH8{E)I>B6@(j}%Uzp3S=+rsgCkwh*T
zc4Gxp-HTykTfAhfQMCmtXVNfMGoKVA3Fp|mZzt*-JtJ4QYPmOZZ=3zKaH8=(YvjH*
z>o9DKPrzuEt|7gLbQj_rXaBUS`;6M<&^JJ!Z{XY7crT8pz`5++Eax&x>5bjy$&1{F
zl7m(ECZw_fsJI>S@TZacJb44|i`<8oYW~2Ka9<oR|M!NB#c2KKhV)5=+6a7RL9O*R
z@8i@(uzriSY@@{Cb-na4V(z+L8dL9&-%s1u2O{_HeW}_OdEl1#{Zd}!{`MDZEs+Oq
zj^ED;sw}1Xz^aMdua}gj7g%o?GE{~&cRyB~Hnwnl(j+&gd&%%0Xt1$(81o{*De1Xf
zXEEdk=Q+Ro5fhYJU7943B?>|9-A@dXCTA7mEzB;1mxgAgB|Ss361@f46);|g+TfJ^
zANbiVQJPh2bT9TC4utKXP@q$_jAtFEp{dd6e+%PT=vkWnGZV?g=4ide<BZnld21x>
z&^T{>R*7I-c4AyP8sqvm<q;S97pqERTw3^yY6(m$L1SG15iFZ=p|NOqx)W)}MU(S?
zV_bTf|GzLUHl$9{QTtPxt~}`;0pCSQQ>uW-G9`xf6(~wc0nyD4W|P`LBUMSaCaB24
zFOa6^Vj2i2sO^245jVJ>d;qkwgdjR;774!v$Z%i46oNGOj($noDQQ2h16cOUsK*ZB
z26By1q-AE(IJDhTLDoC008!j=p~YxqSD`Zg317f|CHGBHp%|<plTxN7|02+Tu$H)u
z6s?f`l(G+nVE@oB%bqD}IN8nAXgG~QJ6I61GmL^!xb(LPpNmiI0c-o54r&Dd3gyn^
zSDVeIW(U_ifNvgF)Ld2Ee396ES!wfxiss29o9jk3-&)zcpsM+S>gLBLHa~Pt^GZ+i
zFXlHtzo7Z$JDXpxZ~paN&0FtoZojAbkM}nJ`M&0T4>TWouvuN$eCo$0(=T{d(OQ1P
zEk@v%T3{#42WZ0D18?gI5AD+vL_OkFC@Khoe>JHGHWg}t127)2lz;)U3F-}snSY6%
zvU0l~cz3uSxF1GnmT69p9+<byh`C%3Y+9oQ4q$)HVAtg7foE3ffoESal0Mc0o8o%l
zO$h!h*PD}!01j>Aa5wDlq<rB%f)_e`4&+y!#!((y=U&*Do=)4Q)7B*TspKQwp)CQ3
z!lR_&h82fgMG(VW^x!pslQE&+z_;q|&lov2>;W5kuoc;$Dj6>{?<9H$%Gl)%FJnKg
zBw&Vsi|7X9R8p(unO_meX%1+xd%-c0PLaWG#_C|cqW|#6mvZ7IA8hBWgsA~iUk8``
z!+%1Lh5qIr*b07O#2@b;zt4#OSO56^M*P?P;}y1a$ZHGtkid5jdQ#HQX<NB2A1*Km
z9*4RJTQKJNjNK|gkW9}Ap2xIuyO??%uC$m0*h1N4z?cZ?p?TmWAn^&6O1uu~RdqNL
ztfx@;2Re<R@b%<j7Nx^JE@dcgIKip6<D|gDO45%kF!SdXK^*BHK=#_uD00CF4T@1a
zLQ4kl_w18Hx063d=zbp@5<_>yR64bcvp0hSATw~Vuz3|Pt}*ekt4rpQ!v;A@&Lfvd
z4|E~;C;dRXzF{8Bns>rI%!6k=p7Zg%3(p03-i_y-c;16&J?fbUqJnCWoi*fkYDnNq
z&B;`N=MzjLcw>apr4+&233+G3XOB+7PC3L9NuY#F9~{6mU_;@30bHyYG#sPg$Z50~
zvjUIKgd8}`Zu!7X7jP(~(|^pdRjZR7^t+u(hrbZRB<p<m3!x=Y)WCNJQGq30{G7}6
z1~3;M0t_rUELE{c^2jnEBRp0(YS0P`EICy7N=9;pi#Q4Na_DJe+C$Cy)XJe>AVell
zIkXxfGNj5OS+faIE$|Rv!}fHO&F{h;8LJy24Q<>AN`mW7jYN}!vm}`#dE%Vy(v^VW
z2g@N;y!PkSPfc8PP2(hs)^_pImC_I-3-H-xMW9u5&rYh2hG|{{TW@mc0bd>laS20|
zg)!B0u{Pg7#%RySye`6%=G}`Y&3gl$H19vblji*)TnZwGejFtwj$z)?`tbm!-yj*G
zkJ!1rFcB-bz@Eph0NF)H4$;3bnYGD5;Vk_Fj_*=%>JYX{6rr8pI|Oy3cI=Sl)cdiG
zY6#(*0R^qb1O%}H*e*m4l5YdXnHCF!oBa<tw38Y!jE&G)8^O=n4j{M+*>o7%wqXvS
zHS$@>lac6<zQog_0@yj?*jz*Zug^89RGIphG|ZSHP&AAXN{H8K`QvV_q4617-Z*R-
zgeCD=TD~~!5@ZdJ-x{d{S8W+&Y8k<`oXfY2HMd+Yv`nzHTyHg*TJC`NS>yE4(zT7#
ztc}ypmwp82v&QM;q)XZJVrdMEA1_rsYI?-9#6AC~uqZ^_P$$p8XC^+g@R_YT8F)$q
z+B~gwIzM}VdO9ER4Zt8i$>`2wI^B5$^iP|M4eONDqxL55ZJg}RNuTV-jY}GR4HY48
zJ~QSLEe+)>bnTcp6GzDNAyg+S^GROqgYXEX_vMc<-sq&ZrVV9jeD<3g4ppH-@FglD
zS$V#m2X?7Y5wzbIkiw0ML=hJnVVJT(YD3mERi~rw71~kvJUV(Yi(R$AKl8jC%EQ@q
zIKFI^=#3p^N6uH#TIy$dSi0FVkV8?Z5)yqq&pl?^44=5DA`4Y$NH=aw@r`7g7`=0?
z7GFjB-MvH2O2r#eGu<Uu*H8?yT$R$>UBg4Yn@)qmwAd&GUO&Fk#tXSOZxLE8Y*x~Z
zv@<0<yH;Yj)>((zbQwB}%T79%$RP*1dO7PV-YnXs5Lb{JBI~w3!#JoD#^HUM;ash}
zkeyBA8|ZL;R6TY|Nx?1Sd}FLJ?&&$em2m0C{2eny!#-YX$rozVXx5TJ@`jh*UM`3J
zkw%}t<3=JvkuT7^^Qn3N79^{kbaw?@G8oIw(e5}QM_Sw%0au2m%h(BD;vilJyGjD)
zz3CmeK>;ys9Imv$?Gl|^rGf07$9elU4$9_1%p<UK4EgggURI&xQHfp)^VW3Ai6R^l
zr2A2RNA9N;$_VNq&gN{u*`7zs;GFWLyiw36fiBu$kc?rCjp+rR!`ujoJ=w^e2p)h`
z8nGd~f<OB5afd+;#gbzyI2M#?6CaY{#EMPg73AYyanLFYUlKlBpM?W}9Qc&9$btWX
za>M*MWWY}$zTs&2#M$s$*oA}+fl5Pu!Fy?T{-OQz@5T~4GcPL8GFv_T$oJ*IUJYt2
z85dzRHN&n&RgZ-kHrXC)naGTdFuDQ|TVsfu%v%|aKsQF-HW5O^$HpBakHAZu7)yFU
z3h3%8cxsJ=z|cXU->WjH%1_Hig@7~eA~}f-5eDK@tkV4x^HDH4d5F_@QRxC4X~lWF
zzh_0YxmvGkX+GH05oXsEr7#M#hF(N@+F04VQwg+9fPmLQUZUwfUzqMQH4?`V&TOP0
z6;dnVdzx+~yt--ra=f=uQ7)i41E3f1S0_!X>)_}#F2I3y5PGWs%3~pGD7ox1WWYUD
zJo<a~G;%10Uu!Xsd|=G*#)Wq^h4^&H%r6tPIDuqMmTEDJ?z=!Tu^#o&G^U&!hN*Uj
zp14{@Qw`^6E5W5)m7aJE>^8!yPvE?Z1=`ofVWPI-PK3apl=gK};juOWW3rt<5V2kk
zd<LX3E`7OBTPaNIJbw?;AR*$WkX&|C2!tZZ@~FQl1vzwWjr4HZaolY<Tqhtg(WxDM
zwYiilX;>k%5OQJ`X#oLuEHolO>s=5H$X8r|ulO#KtO6e>9taS~f<*{09Bpc{>UYEl
zHaJz%RRdJKE*uZZYN6l6w(yeRPc8L}&yAr0VOJuOZ+M21{u-2yW-!(Njvh1JqlAJ}
z<SfrT6QygYf5vrNEHa;60=0uVg}Ib`@)FYsO`(MIJcx(GewKSW?JRx`mq-u4!9ia6
zZd}{dAP4?iTlHjKo`n6MIf$9~ALNa#OI4Z^;qiSmJITE-9jlj4`lSD=ws)_WL+>yr
z@^?Vu5C(~-h1LOFpj-3)pug_|(qfb`!kL9C0lhKTX?Sg_(H6MFlXH3-E4Pg#6y}jl
zGY{u%oED(e->}r*F!|*-bSYzC4}&z&C7(Lzy@nBViJd`Udj-ge?b>aSm`~hdCJoV?
zR3XwjNDTh9(q;xy;#`^yPM;de020@npfsULfYzH0ocEHZJpUr;0xdp~B8;ZIC?BUC
zv=xwt6`<Yk_53=m7Of*%7cIJ@KOGIhxe!bmXbi?@4?U#3tc!#g!-f}|OLs^6kh!C6
zgVfKQec{{M2ZvdBz%qx~gK&`56j)GFQH3~sqdJd)tK{oGu?NW~wnX=d9jg1pQe;fm
zZDH0a+f)@!uE984gD&O4thF<O(1OjJ&YE^%>@mNfzL;Z-BTj9jkZtTzC_0W|%nmK0
zCX0U&4p|u^a@OGjeWin87V*9tB);=yhW<L5mdHU1uuEwx%>gYALyX53k{!asQY~V2
zVfGf$tw}CrlpMH#$dY9NsElR4l87!goKVod$=%HF2`BmVMOz|sKU7>{hxke`eR@(3
zeXHN8gKPPEl@<vR3Ujr|lezyQ!c6-SKSxJ1Ljyq^wPRv9;*K+GeK8M+$v(7-w&#I;
zs($v1P8mhrMTu}<bPAz!U_YUAU_WdA=WLHvEZ$UuB@60~-3hQBrI8DAXrPkt@=|4#
zBpEu!HUd8DAj^nu<Bb@P>WsFTL9QsBn3aB_p+Xt1UDG%S`@R7<zDEty4tfm0e6Ih*
z8S@U6gK*w9!w4@8*#_oNfjgh2bGqR^eX(>trF~3^B-CJukJtuc$#|qxx(#=BA((?Z
zySACx4XgQ>oE)N4ZfFFqjd@1|m;j_LZ*UCUs!A;&a*A`OQUxnrBSy5uPlI4C*to#K
zp1#0gEs$)ZU4dmw-mn(k<a5%xnGL_vw{+0QY<K}-vSLyAMTBWvM`0X7VB0ea!<NCe
zb`)N(IyGgRwyR6UXJC)Vv^l!XD?U@=SI=BI!yR$&T|2XOe8!!dOTqciO<NT>|3PHV
zyeO@1uTXb^#MceBxTW8V4?hx_;Vq*hrd|;gz7A}Xoo0ll0E!alYWN+Ku|{*m=shh0
zObFrt^R?IM7tRgw(@in&l%~agzHSR0XvOz#`1;TLLgr>+op4uyxv=_5&#X^^n+`h}
ztG7b;;CJ%(ETQAWD2ns*>}0Thp+*10!8nIZ+zAJEq5KB59Ry+-b1A?_+;YZyMmK;7
zrB@ja)DEMa<RWjL`0$5ySZc%J0wHtcCE=t7LV?N8|A>{sp1@5IZ&0vvWa}GP5W_(x
zHz@*&!O?`27xfNPk}1g?6R@a<V?V;yJ`S{EVX;%Xcvc|RIM$mr95_b|trqsBbV`_N
zsZ7992`PjQI$Okd_dt2NwJEFdNMenD$7Z3%Zz4!K+lR%b9SGJpMmhpn&Q;=WV2^gt
z5iZ2vb&j$CmIv(&p?;1seY%iRVCcp1MLne&=MJ~ug357&6>8^~MRB}~U-sul_ehQD
z*u}elJ_#mv2l`$JeO^;_s%{H4*3jOWC%MHK<B15BQi`@t@g`|+Y*T{QYTWM#^#Tqu
zVOIUz+rMGO=;W9Vcss?rcgH+*pt%eebCou_xl9iDXYd=gq~89`2Ca6qa>JvO+~fMU
z(%MvwD}GOJAD?cYU=)b<>lH(KVAys)_%tu!1p2w8f1}7YzP#r>G-*3FfOPpExV)KG
zN$rQyj|d?Fqe|nmT1i=~KyVyYXZh{MV(6Ku7l6Ft!!PvPg<~}2jkzi=Hr@FF?i0GE
z)bn5|!uQbEno9I~=Lbl~=0NC-=|NuTOzJ_i(4zwovhVz$vnLJSGb#<<Q<4F<YC#5k
zI0Jkmgk7qJvxrlVNDr_u3cp<PP|!O^oEn#A=nd(ai-UIzSm^va?)Ii2ZxI(Azy(bN
zJf`z=X*7#P2|vL_pE_(iqy+{m^!!Y+Gf=*BCmW5<!%ZVJ(HG+n(nY7;u!<2qQaiz|
zoqnTePIdN-qG<vckg^!BB~q-%DjhXM0R{uw)bCw?F{W38p^GWmUAjFu({I*pAYk*~
zG>X`!mezy|_edzuWW_GLsp>4vMV(ERXNi}E!OC%unN$G+2!*ZQ=ErQ|RcjPoY06Hb
z8mLEI$6}}JOM`V->r+)+6~<09L0JKdg72Sn-5Qu9f}erbWlmZ9LG4uid@Q!g%;1pH
z91)2!xm6hU7~gVpFa|OrotT0H+1jxhg21sFT}v7mh!Ck6UCJFe8EL~lNst4hYXx|2
zTts3zJMj8drS(+!%5RA_`OKBLtqQaNM5Qnly$Ifqupdqpt+<OrJI_m{AzdqJ1P&2{
z_v0dOBbjuZbP5=!a`g=CG!bdMp!7J6=4pI3>u~q)vdEs1n5KM`Xiz>aQ9tXAl5x_S
z5d+-jh=Z+A;y~faHVAoAK{!5*1>t#HCz)}q7z)rjc7}_3G;V$Ra#x@%q#-VI^)4Il
zLYdn}6SNOH>2aSBNJ@OAmY&!PP%I8PlTip`qK$fD+<wSe;NWaKN!(@#=DITJ$rHTi
zf@gsDN&}-_aK!gPfQCUH#5Zn;1veqp2zUoBh}4P#D?JC(g7bGeBFKSvG1W=1OgBff
z%+%6>_W^&lBYK2^bmY!+NdP=yY<e4mGr?q#8g6K)z=qGNkYY$FhYl&;lK!XkLWf9L
zV-rkR6JG6(PmfQ7?i+{rCf6Nv@9Z<~uxfR0nZ9}2n{|uJaZ8zTdllW?6;OHmLds02
z!A{e$^Y~UAU^``8D_{o}euE?R!5mC|*0lmU8c@8kKFlZt!fGEYL_i_E>`*^VOw#Q_
zIeVy_T$ED{=1Eq1-Hrf*i8hKsoUhRgIYE+Ep(I{vdW>tTCI|4vX$NtfM%K0pL8w;G
z4lqCm$j<_RrcsZjdo2dxOfm*AfPc`2VbX0-k3)9H9;<-G8j-M^>7*e&*mAI3@3b5o
ztj_`DvMZp`$7m8wfaG%!qRdn}xR23=G)2cYaVEi~+~5z;32yhv8cTwL`}{An_d;k2
zVPrR>ZP-xI#-MF;2~?z)7U-A7%Ur~Vwn!%Zrg+?%!Y+~5XdLM@v|4*ntIp45+g(ac
z8MWUG<ijrEF2#KauiPI&q2$m>2>T~#1GDpTGA8%C6$M7=j6E9LCJxthfoI4e_|2Yi
z?1!%V+F6QC!YPz^N;w4*SBs-;hoKx5f~l|IpAS_fj;;7Qpi1{~SHlzmi+2x_bpv-~
z`DjS#<aq`%rsu;U6Uw5VB}))C@%~v(L0XkoP<LRmfYWlnTd}mBvWC;~0Co)`#(>p?
zy{j8U7>&uYrF;2hUxyK=F8i8!1VB<pp*50hddg^?%yp1qUgp}fwC}%X2&Umv==Y@8
zrVBR}&lqf0|3_&#EQfZJf)-m<xEV-LYU8r$&~D=z`CN9RlC(>|C_1gv{{&Re|J+i(
z^NN^fw#-3aE^`Bw$MADlr2maoa;Y#*2ZcIu))POufEyS>oiO3@Eo?g-LT*sU0xZHx
zp7h5(9Hm#5VVo$b=XRNY4hw<F57+=-SZSjDQZM|GRL8NlvTmP=8H^Bt^4$|K`I&bg
zZ-l`URi8QiMuw)m%p1Ed{|`{8F`MF7N)k!{6W1+T5BN-DPoXwkw2C|TcwD&?`d>84
zu)OlPWsvVM!}2PJ{s8k*KTs65_A83J^5@lY7;3ewT36$fw46NUJc3$r6Ba$!vR^JC
zg2eDDOh0Qvhr-*66p;HK?XW@0**HK9#|JhJvNe|d1iyO_82}63Kzs(_gXPpXte|l?
zH)*)NafG?CV!@;eY0?M*KZ+2+4k$7lpAq<gmdG3&F+ilb{|?g&?uS6XxnC);MftVK
zmbqUlH9HXbf=?n4N~_7sq(Y;y12+s+Lmfnv=`&EKVhO(Xo@;Tw>(5HdlZc~VB>;oO
z`h>!Y`)^-DmCi-9fmOzj6A<{t4BS-xJNDxQU$zlARM|~DeviO+QuVzBIv5;+LxA|5
zsWNh5qu+fB16}FL`T!YW@+JJF2%3T`8i_#CKQue+E1|RW2wkGg7!WTHC^H7e;Tthy
zP<#l!%i=?k5-G>148~^&K10#eN@Ye>{2a=4l`>;kd?X-;$FVD%F(N(+-xcvnq(nvn
z+KJC7d@9xH&w#OWd*CG!2f-q94qg~xjf`SJ7>aRqRt1h6y%s+#P8|l$0x19oLP2Sz
zq`slW*>jQ|24`)>LA*lX{O>{)Lzh<>fafs4iY!1~te`uuXs>F6z>6D?XrtUl7uTa$
z?1hkq3yt)&hOeMKi9z_ZG;v{xXVR*P)GV&9VwwGVix4LD3x2#sLKDto7aqxhF-q^7
z5K~EUb}<A-91}9v;(f$XsKTR_i3<=^n_vf`O9k3rx)8+wLgc2q1|V6Y4e474kR!d@
z)^vyo%(J0{>phySgww7B)qb){4&2Coo~oUW=bd+SJ=Fm9voCku*aU7BtS#}4WlJ1q
zc0oLGTo>OB@6xlqrM~)J;OhyX6Ev2=I9UhEara#MkT1wIE{+_lqF0t`perEYaGo2h
zJb|vNVMvVh)N=ZA*JD)ZClde$GT%z0k$4mreb+q$#SO__#QG`}D9S5wVi+(eO{m2s
zROiKT*0B;Qi7{%gF|u{fU=Tu9hP(b1;JwUb%|csXY=v3<9V_Pq#kMOg^<=Yz&uKoR
z*x1lgGBVio)g^6XyKk3rHEmUwnqak|3lfTzCR3ZhH*wJ^-b!}Mi<!Usvu7UF_OtZs
zOAZ(-kb`bOBegdAkl9N^sloQrwD0AanS{NX#d~ho;9U5XnSWPZRi?V5tU3o(XNRU7
zIbc8`>|-~s%~Cv*(|Rai8M`Kl?o?ryt1;w8ZMf1KGmAIy<*Z>Y(C{7T$Sz|8APUe`
z0arq{gAp1IUx8BCRfqygMYJB$LO%8@r1)owc`RYlb>R*-wv6<0nArhlJAb;M11JbW
zdm$~lbU{=O796d>Y^5}s1KVFa#OpHVCB@qEG453-0xUsKhwI}IhYM8Sjzc!0OKC4<
zTQeNkm$f^nlP(4K$I(^WbjNfzwH_ByL$?iR0;MY`Zf{6ii^$|Ym>KtF4@eTYJA7m4
z2Vf3_!Q?@`8G9uv>rs8b1tpb9=BrS?@p-^FK4x)*mHz@(YL<H}8(|D~7<i!UtALKj
zm6i@bC@r>H*vfBE+EV#VWo%E4l~xNfYH`9_LHpI4p8+s~q5y`Woc%O_?uAYM5>PPV
zw<3bL@RIJX2*ug2Rg^QMDp}F-+hKYMC>;U<+sMGD_qb;$sP7G6;5_&!opDAXH%3$<
zJN&$-AtbY8O$g%Vp<P%G^%w%SRoCblRwmO?7SJ5odS=2gQQ{?2&k6t!#xKj5+w2A6
zR$)75?|BhoFL2NpY4PUu;#BR@!YwwYRT@ZT=^M}7Rw#~u-e6IrC9uA(@ri_chZoC@
z5oO6Ab#+Z4w1JfdG!%GCn^l%fm^xYx(DohbO&8?=!eFMK+X|Hyy<s}EWZq*DpI;|A
za95**RltfS@`Rx45CC=Ws|-V-not<rKge$})XJP5<Ygw*mB1;keCDyv+*oi8Pv#A%
zic~R^`YoJOGH)X&)tY%P0J^-2RV{49Cj@lB;SmS~`cWe)-o4|NL<R|>G(G7btHI@}
zw;?mENDz3Tpe8FJ<BIPQ&im=UdAd@0Hrzeo#YG*WT{28;%(SzIoF5@6RI4LFYw6c+
zOx3(}DcNf2mxZKz=*mZkE)0lcKoB+DW-S718|1NENrv0$_&CZDaD#2kb&!SegE@0)
zlwD!=3X>eBkW|?0W;cSaP|2<cixvZr$N+0yfc3{-i&gra9K0%^AAPCq5{rf2k)G*a
z;lWe`Y51S%WdIqfARFs%sB)0ZKcQ4;C8BZt^4ckH(-`>L$lT=^J`y<YZoyBsfcTPD
z3hYdTpmh;bYhkZwXsVc!PDBRWR8UU{8?Ohl=Ia;*T;Xejk$P7bOlRx|GQI~I;)>+&
zg@jZg3ia~yf16hG|CVOer3_0;2mMWSH)|VcECEu^dz?_Hm<8`}&18Ue3sqVL<e!*k
z1PG{-sj(jHkhJ$OIgnx(XT<7BKkeml?`^$j5_Od1R?25?<MMQbt5BrEbdXHnl}T{;
z5z5%JUoD#EUd3753*y&Bw4DD93oF!ESf0Vci2XE;g}#!0If!&;0TDv4GpzunE1D4H
KP@SgNTmK&fTs;*4

literal 32754
zcmc(I34Bvk+IQ~F&C)jAZi|$?gredo1i{f67lPIiUq@&qDk@9FqT-0AnvN)zT)=S~
zm0Kw)3L<8Cae<0fMI9+v9k)?YX69v9E|`=x%|!`<ZIbW*oO^GQ0*>>2@BDrrn&hm{
zdCvBnXFI1mA1^bNm`tXEQ_4qv6)>6R79o=NkH2&V?=8(sFqwF7xNqEdexLZU5#H-&
zN&L+>Xur4b>!)T2W<QldwrDYn7Aw<YWm+t$wXH==#SDN6MKTDLsS_w(Xg8ZpLV=CG
z?N&37Z;P2T3B`pri^=XNv<W7AQK1##qC$(AzEQ?rDLMpGS*2Kj?;7V|(NtaIta8wI
zrIo%*1$+-L#P^8dC|NyX7=@j~D1G>_lTdQ(nCeQCYwVb+GJKzox~{RORnqsVl_q@G
zu<xPt&GWp47c4fL&0fgyg4I@7RLq+No4u&G)Pm&vUye6ZzN5HAD}g|nQKmFoy0laf
z2w*{hqohm}ELK}lae0ODTY!I#lJW}USFjfpQn`vs!A^nliprCWyozk8iVAIX@m+KB
zY4{#CeB>#oQrd`<Po?;Azttm888wRK<U&;TG*&ws5>S;sc6`e4slulQ9~VB8@bTg!
z<Fgr`?f9IBPXj*l@p%p()nww__@E4@ApRUad1?GKlgV6dGFjawlWi;VK0-OPL1lTw
z&3n-NEB_byKhi$ID)64T9csU5qsdh9pvlzVhaq&IxLiIyREIu4hPPghH(`ZiEFC5h
zBUxi|VGO;dTTMevXJX{)Flx^Ml4^vw(>d9EpQREb`iM#8Zsrd0)6CTvlVjt@)aR!O
zujI;@_gMa3@P5(8(&ut%8XWVU<6%)6mO0j1Syi>mU5E9Le`Yh5tcBxvo_;BAu~@D6
z9~+>c(D*g-tu~{Cy}-yTEXsvA`iCuorEfQWDc6p@llvvedc2^>;m~sQkd{YjMyPt|
z;Ht8!%Hn<{{Yp<N>t9|aR#j9D?pLCP2MiuKc+lWVM`dwIrIs)DcMR6T75%F!22>3k
zfLZ*{{(G-YN}nlSeBW=j7By|Pzo@+TNbKR7o01R59vOdk@{z9|IZ*S!k*?qIyg$>q
zd{MjG<o^6_^L*)~F1xSjy|ymbPIGP5;jh~4e~It=?N(>Zkr`35=t!yE-eDF3rumDy
zT+we#F-Pa>x@wEVfB#6wk*-u^k-clZV-tb=?8u&ZUd7(ES&<IM9NSjAPl-9GJv}>B
z)%Dqt*rIt}>sIA(m6Sy0{U06f=a9C=9Mn!gAQTjH*)B)G<l1R-eJup+o<p8{fB#jR
zN4n7FoPU30k)QWkGxlF+cJu_y(fQJ0`(gWz@8>W2wM)Kqk)K<(S&8Cv(L-F*!``Mx
z?*8hLuiBh^Vp}WkHU~0J|DrKtj&xPW4xyo17dpD$(T&awFY(_$`bgJNdsh|fM=Czo
zTTrljz<}=x3Z!pOI!XF#H##F&7FiZiz)7X;T}QiLcknMPs<K+UScL%tb{7<UH$eJ!
zsPvaa&HYEZgd>SD0?=A^*q#`(>~O&3%p#JY{&u+-BA!QpNX+rNt<ZlzuuCrDFaE4<
zwEqEwJ7`ofY)2`lr>l4GtzP?D%kINN21tk2nj@BBRPAd3W~EbA_j9FGGQ!#K7buH=
zc~KlyiVN0Sy1tVRQPMvjT67#DH0&{pOX0tYezgmOjnUu5mGT$=VW}F;q-k=bBk#T7
z`mQ)&@A4L%aoFps8!g#f2d(kL-jNG=yGtzth_c-yN?f}fs4hq%i&uCKOh(_(pMc$-
zs9l0#zlzP}l#Da+lT7!|)A66B4xH2LOk9`gzBV1dCUsyMB9~>l|0^B8G<9H7uXF$E
zq`L3f3)Q`=E>!odyjXQAy+I`vRMJ5u<BTrr#gwP~{Iay)ye#8Xjs%sXLFN0P(u2Gs
z$UBO>?~&Kz42@izTpUx+T9RDiRC-vUqt5+maGx67t2(zX*}C{hbeT^?9ba)U$SNln
zKe!}%Cm`JHO$38MX$Sv{8PR1ylnc7ehb8VC`;J4>C`$3zY8)SRj(guzT3h|m61Q;Z
zDvA5W;T=(_2*<a*tlBNfmwKZMxn<tp1v8!ru2_L*SQ-_*T*()n%_9}>TK7gozb9Du
zeDuNMk3RWe$tP+yv}5l-cT1c2ORG#1BVXaO4WB>a^9DX|;<FK-x9~Y?`sJVM8m>Mx
z_OIK@+PKcmTca5{GE0@Y50!>>zOz+1a;v`--!uJ%YETgnnx%|M`@Lh5i=*Qs$tB%t
zX`;P!ugp#G3+e*yp2*!Z#cN*Py7lokrw%Z%v~gpix{JU5e%bVhB1itF1|DtPC`bOD
zP-W9&NcabU{#~i*_4cdj_VL%BUDMCYUq2rOmCS}kTA=1BYVPUe5~U}a$~4N9*`!+J
zCkB<TP%0`s=APo{vB~dOAcH$m#&N}~00n?c^8gQM{B5?8fyjQJ!3uDBMJU-btf$yW
zvda&djsb)u&H#ikpBFagg@xm*S@N>2d0`tBEtV$8;nR(=2%mxFOIU=*=)W$7x=1Nw
zk)?GkJXX&fr}PX#PuaA%6l*jUc(i2!n=l4C;S>C-bW)<76a0syl0-W%_>V}|M7!DH
z?>&R2fln^kuNt$vbaB%X6DIK+HBh$DBwp|Uf=Y&gQ)P?OpHcN?Ag;WsrLkpB%N&_A
z`6pm4c~U4aRjI93<xrcFq1hS+d}P~vKc^--D_qKXa;RJJ+U3YTq)3)10<0|N!sb$J
zi0@Y=E57|ame4*WgN-iEou@&NL+ceUA5|GD0Um3xmP-ZrmIW;ANh7Rd#<~zU@Yl+F
z8aKv@XC=!6S0Yd{D=7x9LZEb3vLbLb0%fz3mFvm_o|Xmc#K4vKt_WO(@5;c{Eeoc$
zB%FaoXph=hg!UwATS^6_mIdN#bHocKiLc!uwvP{R;xCrVp(8*(qlK`&#JY>bJHF7W
zxLK8^Q!`@S4Dq$s7|dFM!4%uw(F}jdP&tGy2bQ%gkV8)^UQy=8D6ZWWe;Ex6H^wik
z0XsEbmI~N`2zT(yfUFOMjCkcj6Mw-2`Y6Z|HKA&YqH7ZE&_o00n;=IHVrUO4DP&{E
zmC1{+#AAzT9S~u};$qwGAW&C2Tg%+rPOz-x)XhppPI(nMd_+xDEBwwHIr2xvR}~ly
zIuP22X3wC&eh`GnA2HP^r!@5Q-72SMD;ZbU;6t7XLK+2Wr%&j7Rt|rsZfl+39uifh
z0Y-8<;h8Yn$T4GqA*^IPE>PHXVx%%snJkA7s~D`&7%XJH?@=>oQt^~dNd?ZJv?EIU
za0hErTyRc6ICvUM8X;iVMzY{3HgRoLfY)O#N3<t}IlO0(QMO^c?^LSqQih@}^rPpV
z@ZE<~f$`$C0DstTR+WtS--{%(IPY5mm})=ECWkgEwVWDncUNjv?Q&?FzS=|ER2n*D
zJH`1g1%#z{1$gn2|CWOTl#B0DozY}*vLspBR3@z}4%A`wl?3YXT^hIo-(`WRix$Y7
zE2;+Be=>KD9!gPJY<iT%H_GChl^u`0Y7{;%TNq2cIYUbv-&o@KzIxGugV!B=Kzwbu
z_?mm?&%`%xWQ)v`V2do8SvnsZvl{?pu0R1}u$vEXi8=GV7j(*zgwpyTGL_Z}w_WBo
zE45{+6Y*%1%8B+r(}DyA*~ZG9$;z4BZ^_*6F{H0L1Bb-RaFE1Gv_OEXj#>h|GhlX>
zkCKB!5~?_*UFI5S{RktJT1n;4KGL+u*0lCF&Zr!I3k%{crGZmx8f5N$)n6A>#S0d6
zaAtArcXDWj;w_OwE3r&N&nUNh`SO?FYZKdxDf_L=S8d{@4~Q3kCcP_%S`?IUDHbKe
zzr9q+G;<QB@EIi&O=Y*ykvNFd6G|HAkH-uaY2u)6?I>blY9)QU52*<sKm5^}G`>Ho
zNqaA==|!Riryx~mFX0b%P*I-+OYF8)6l}Nh2OnVpp;V3>Q8HeO_-=o!rWfW?YJ;6>
ziXFF49Q1<~OKb;E@8ERM4GyYs@O12RR`cB%TFv%8rE;x0>{Qt-zB_|8C-}T#<TWA^
z)5Le5lBP1u{;jI{eG&$V@3u=PvC588IrJnQ1mJfRv)FMxBgJxfFOm1q28Ad`Kk>P%
z<xnRk5;&&<=7R&}P&+m=s&-;p{1#O*6PFTtolb0=63BR!rge+bxmpf=$N*_MqjH7j
zAqV8Ex~>p}VkDiIl4U`lITOu@PhTlbp~lgKOPL^t-c&q0RBRcc{3ESCo8*((KIT<V
zj~bOjzeg*b_`Kz};`<fFt8H_jg#+<+B(-aO*)ooGg$KLSg=u~c<otD`{{`a8IvVZE
zcIwT5|G>dUeKezww93)38Z&k6AjWTlLMJB9#PA*>{^32W1cnBqP_0zxCn?5KJ4wTP
zu^;wgV8VOYnF*}l)A&2;D;qhxhOKl;w)+@MZCI-nNBI^Bqze1SUcN;;=c!vj50NPA
zqPFPSr0pzY9W{ITHFszF_R}oh)}J+??G`&7-o>g^Nzghg@_SqWsMI_gaLm{{G_4;f
z5U(cUWHN^kdsj(!CZ5gIm{ZYly>jR^W!tI)4bl<6^pxAKtd_(3*wF052qLUxXz_Gn
zwMbQRXp<Iw3tTM50<&j*Tnm1nO2q^!TUy5!^YLTjO|!9=HA%zXXS^}oY=X4Gu2#;>
z4)S1HV~i=n!Vy4VD%glNa{-4`$VQx4Hn#jwz?h_A8dfydn57NIDl&_~wI`a80Jl?Q
zQzCfzEkDz?5sic~!EE24&;P&njSZOm@V;R^ax(laUeJX9m%Z~J*)PEIKf7D7e?W7d
zn&AYs%HSAXr3Mo!@fo)+<oKDxsW}&I<~Q{{S|xKEiQ7A0jNC(X9Ea*g+Tmx=38Zt>
zERAQZ(lg4oR)J35jefg|{mX5PssYX^b8msfLdYljD_aF@Z>83a&aK22koqg001G=n
zzfRF2%l#C=MrTzzE2<R`gOx~>hN3=IrUO_5K$TczIiP8kqCMXe>vYNIa`^3p>Q#xQ
z@$P%C&7~B1($FA?b0&xn4*9C>y*A3pxOQ3~ER^4sOW0)rr7izkE}_ff=}^n-ziN|S
zi$V$w-JPtz3!+Pv9QjIV5WGbJ_rXIH7Qi>*H!Hr#K|fY`@J{7*8yG!_5110ZizuFM
zQtfhZgg9x1lIlh{R8w=*A3RI_egW5JX?%~0faMLC+6#%j@j^HW-l>YObP>X}ye4(%
zECD3ykV63jTco63w+ai<%tBK)W^0nnwJE-ec#~Qhs%bL7kG(X&QQ2csU#4b2=!>Xb
zw90U$c0)ydT9d=?h?CaKk++l#hTFs?MC;B#+d{5>c*6U0mKpx7`{9WXT_~GMMC<c4
zeDWd;7<cz`;#t4Zvb7AETdxMe63X1CN`ut5iO45tBJjjQo`7B}bN$gf?j+@2D2p=(
zE=VV8xJ>kdv>f>?p>~7wF9%=$8AJ%am6o$iwZlg1ndrE*_$mZ~&y<=fs2(U!d^I5R
zPhcH01|Z8=y$7ZeyMcIAIr1JUbdrl7TcUW+0Au-q(z-{EysxyH-9?PCl(3$qen>KS
z%R<ImN*@F`2DRB7D9=KEF`)+0qxBX!1i553WGc3IdgGlHDLM2fw%Lwq0USS=oj>Dj
zI#8|ji&rb<d#e>35LAfrT#69jrQvdF8qRp3zE>)fIZp8;)cRfufZ=7!Owf3n$csv5
zofU0|<;b6aK{PF=>Jn;$%X@Axu6B2>svF8O!jF-djp@qxuNX}-cq+Lhp_WMh=<aN_
z){V<0Mv=H5iMHb_*5_CJI}pSGJLT{uG}~+q6xJ^w0#X=wkhttxw={xfVV*cNn-;AP
z8M7;{aOs60(>}=m60!}gxP&<A&FQC@rn|W5KjWugXr6wVFx^u&eMb588^!6jS5BW_
zJ$=#e=?{;X{&>ywXGTsBxu<tboWAbD>2F*#{Uh)6FR!2em)X;I-Y|V{!}M?FOz*jI
zhWVx$j+<vx&Ydyj7L#cPBrr4*=GV?N0uep%!o7N+W3dr<UJtzVq!HMn2kyN=53FBl
z1U}RQZCzSm=T1H0&ad>qE2ry$Wso5m7Ek_C4>Zrv18=>p2X6V57T7XX``xL-mumF_
zuiR+_{-~EUs@`+AmLT1wm$>)WTHyMHY)R8}MP8*<B1c{aas3mmCh!G=>K7m(p>}ZK
z9sWdX4eWz<ctB}Kr^n3;xh=y{M#;4EB@9Lw6Do(ctIkBb0Pd94GE_Qpgw_Nta)_RQ
ze=5P>Lh!+${#gNq27x;k{+GigV7G-@fOG-?S_^+sr6R2fR#E5Zd2An#Ez_hH%i&TY
zv7ola2{~LsVL9?F_V=o8hPh`Um))f+*#1YBk~|lC|2*-htK<mkYIFelR&f9Nwpy=^
z(gtmm1nR{I>cxiKDD|kd_TzdXJ&rQ^C;^7nhyP)tRK`XL{C$QA;|C9+yKmDt(RUcb
z@vh3oG)Y7kTSg8YMu=yj?=(EX1G2*PccF9+lM{|7&DXn%F*#}4sXUV!elLdw#dj$V
zQiu{zs!=+PCL7Fh8o<m#Q!^(%W9gGqOgWfOecsGp4gegD0tk?%eCHaawOL`sUCKyp
zUiyGFAQ<zrWw^NU9w$b)|3r`i9t=vMxb7RUzJj{p8>e)DjY^O>1xO1J>&!b(l_TFm
z>0>A}K=r>>(uv79I#uUpW%H8Fi#Km=+G^Tt*=%brg|r@5{oYJajSD2X;|SPl+iKam
zb?f4-OSUR!qJo;MV%p4Y<~N%+3#e?}Y(oXV8?_<q|8jY(61s@;C;e^)hY|tE3Q)pU
z^HzQ<x7DNrRRK0&VRR5A&H@tmqm6{MM%w=?Ho&!$Z+R0xQU1#X_=%at_E+%R#UBjE
z20;h#<r4htG>gCP#qTcszJTAaQR)DGqh|5-e)vVL;Ai;lLcBIMn94_%;Wx@}I3GVT
ze(a6->Ec`N^oReQ?nINb{oKgebab>rZI|(wlQ$$h4xCsMk`4YcEhmH=C?Wn3o6U~D
zOl-EtmWBn)sFiB7`niRswKltC=^Xd@xX-sA%_L?}4QK{qv*kq`Ewbv}yi}$q@N7L+
z?=FzJEhN-T{6oUkbxuAe9!1s5ny73FT75uzVh}}0)RQBvSZHmt>;DeCZtz~*?}k3L
zdoR8rlb4VHu;c6dS7`lv9{o!#;G`+Bh6c0ma&$azNIc(WVhtqyPx&_h4$uIuB7lUQ
z)UR!}c%N#S9h=?RD%J7B=Q`KTY@3lKT`k1+EZdK-$DtjHwCL(?IkH?$cx-ayNtVd;
zt85JA$Wv<E695bKgqjkUzKY6<Zybs%HH-AwpfwNHHS(mA_H%2kc8TvCx4rk!EZP=;
z_7pMdQX>E;na<V$?h;rM2i4hS;R~?(k_Eqz(tjM@6dha(*ik5d8FHZ9gdc&HYcF1w
z9ye~B=g1UFA~qkL>+v~)Amc^QlVrrZzNUgbBbAyK!u+D-k|>OC+_Frx7n3dQmoJ=%
zxfUlqBu*MNA6mdm)?qv_K&WsMRaj0oCNM)7IyxrG5>P>-LN^kgG7<=_Zdymkw9v}&
z^kV2*mC1SqO6$fUaPZIC`CuEy#2DLP#lv~W$l-B{ca$6^t4XD|tkQc@4euKu3uh1`
z5B`k;R#mdGKnW;lc%144Qy<=rSrry4$s2G2HO#re>yyKO@tYy&?}m64YY;r8$vN0~
zu{lhBFi~%$<dWE8ws@HOJmdeHwvxic&(ZQ}w{HbI9=`i8;{1skh=%r3b2Ql?3xQYz
zU~g9fg3ruPIZd2(h+%OSc;aNE|ED7xsR00rvK`eZFEZ0mxOSIfnX|lQlqZR8jR#-N
zD~?0J(im&Rx^=%Da4;^pFFeqMEw^KEV*qI-kVzwEV=-Skc6%n)hza8egU8u~(N1JF
z3j5S3%GGF63jy&_ZSFwT1Dsxi%ET5E)nQ|VRgx{(r1Ic1S3s*BC%dENGrdXyfz9}<
zw0^Fj!IZ;iDJgXI&w0Jib+wLP^Q05vT7bt$l3LfLln0Sb!AvJKX=d^E(c-(i<%oj)
zLUK1LvO+lg`)KJ5?NvrsOBw1b$lvYI0F%zJxSNQqOscz52}&2FAFJ0&7@`9dMv<MQ
zFpBJCxb#)uQLe&r70Qh$S%X(rnFKsMWEx{)wsdlWVF2AwPNQVSK`lrHtN?-zu?~97
zR}{p(7BCbNEM|nGff1>np^nf-$iieVC&nE6j4dt*`c84vGjeFPQYl;RRGWF6>P_El
zc~+-<aqn!*UP7B?vPEbys+)_^?##t#P32-Vu@r*|C%d{R?yq8}5@wpMb^{+zN3Epq
zd1|9u;|G8A^u9s$-wYO^U5X8-lXli#{O;m6Y{$>n{Mcdm!FfDuN6bm<;&m^6abDj&
zE;a&Z{lTa3gHwGEe!k`pDzO@<D*}Qz<urtFoZqwszo`EDA^hSve`6_rck^Q>`)|+=
zZnXR__z>|e*ETskT4^=O;WO~<?$7)g4lvzNobh1OHQf+5i>YHi#Zu-aGk--jv51i0
zp-`oD-QCAX@gNb@2Ow$k-irdKFDwwxUKh;(=tH7?9x_0^A8P09;-u>nwSt6AkKgKC
zK4|sz@{4bwEUSA?NRB+HH1OaAZVb3|VChsA+=Gg*Ul3KgYi;Rxt<T7iuBP@V*@|SZ
zk(`gtql6Anmm`mQHEgPNYy`rFW#jueZ1NB!e9j3mx^EoE;mzRN!Iow`9JDeUAkj=t
z;~eHQ-JaBx46*TPkB~}udM=0NW`o-8DT8$}F<H;4M$Qf+$Bmp0Eyp7v9GFZsWRsa>
zbq2ouSnyhAUJLDcEf|^EMkv#0M9a*!(~foo)=o9L@j46>tQ&50qXXU0GSeOj_y!2y
z*8xfZjy=HF$mEfkGBS;BYMCB8%6^Cbybil1(XeX8_GN!YIAj_@5{^I=*Nl=a9#YkZ
zwrG@th~7zt4D>2m(qy35RB4iy3V!6YIx*4NYK94;j@dH`6GYcSuli5Z%jcJQtxuWP
zs7%ffa6Xwqp#Hy44!sQ%bOm%nP}XY+zeD&{hT6L<m5|&7h1LZ)o?-qM!v~-}JAjjd
zdZP_4qvO@e81yZxK4ne_Qi)+g*@W#RLGKm@s4&b1&HPxbQQblW+nZ)0Ay0<TGfd-Y
z@(+e44N5S}G<KFiGl#te^)&$^0i1=QX@%2;m4(4}6eikjfY1q<7D&FOl2RatX70QR
zcMv}}fL3!BVWjCOcBta>e{QZ0xJ6Ra<m$7c>`cm;lfoUaj#FQl0mq_YeGvvuGkKAL
zDF0+AkV88dgXCaG1jV4F4VZC2YD^Z1dzCPwC?KhP1WL0f6wh~XaCjM~$)}`6@azP@
ztqRb<@0aW_8#_;5VOd=S>CA8d!)FAG*7~L&Rv>G;|9;ds#%Bb47r<64KVz;V<JfG`
ziOI}ikv)tCwlPhf9N9}|Gz^iM<|DF4ZyGCtRA1yJg5lCS5&15m0;R}zir27gky2a^
zEmxgmuca2*k()-Np3=@|-TazwSt3QTeRgKL!39F5An_NRg-gMDU9K!Nwe$Q!3`wif
zY-$(yW-dP2H-aI~OM?%3s7$+^>^u$})rk14F!|u9&JIgRR^Xt6liVRT{i6dR(p~f7
z3!my^kG6D{1m>XSpv_(zPJ5o6_AJUDT)-r9<iOSjX`$5XAR_{`L`;E!?}Q)3ccg~z
z&e7uAuP}rigs`2ARKQ+91db~oIh`23P%GGC67B!Bq`pt}-;QJW@?BF~I{f>z(-8^(
z;&cSaKH7rwHEn_K2ek#*wr>yz|0eeCn<N>P)iohWN!L^n?@AtKSeZ~oz1eOaq(B!^
z)~(4KIfm3PsS>iN7P61c1^YyRwOsND0~?a7tL0*=FQNia<TprOp1U(Dulrh+my4qP
zZgTErNKygdC%O5F>q*Wj?88KL%a7(UQHbR+QHbR+QHU8#lz#wI0YeOqs{R#uVJ&?n
zOV`4XY*B_|WuP!XxQd0@0KsvKhU_?&jFn(4SvT@l(10>HK{XqHmS7PZXz7-psKVIz
z2kDUkjMLLH1|qCLGr*cblCBT%e5;pb+5t~*UOuY<1%p;!%l{%TpQV6X&Cd_y<qu{p
zrt@$yWJ{Vr2%BuWhF8hLrG8Znq7OumgmEAsLC}Ms@xQb2j>h@rw>7R4-}z(X{f$qF
z>r3jf7*0oN#yrD#0pS!BO^;!lfo_5p_NbtqppPs)AT6|mBa=g2jQ{B(1}C%&VRl|I
zCmoon*)IkYM;^Hefs}#OGlSya527!JJ_dzD8Tb>S1ex3BQuTxi16T-dH~221sxVtI
z<=jz*MgZM`&X}e2Qc4gIgGO77C=j+l6$pQ)Le~s;2$<dsWMBf!(kR&d=#ZqNiE%<L
zfcGyLtroB+8q1+GT4mr(62zNOPBp0M4ub`ABd6nXmO-{hevP1H@Uv(i+Vc-r6U42+
zmbhUr9netoN)Gh)arC3vo%ynyD6wYXAxVi!h-#ckN?NQEW7fh>3L_tC4VD6Z6qq1Z
z#f>Gg31ZVJ$ZFNxbYA$BN*Q#Qh_iFUKN4P|%>!T)>W2z+3h7l~mE_lK&wymF+0HPc
zeuNn8v1<Id9$1^<@pmHJ`98SgXv(6M!v(wxBl^Drf##v7CyOjPKy;cPAin$g1{@(c
zXW+*Ke*?2dxTOooDF<a#X?#BBR7Vpcix>bq9V~QWh><&V5QsFc(+(obMTQF)tjyz~
zi%mr{{(f*&zdU`|?_x3>NBROMNseEZ(;3CG)A2(yk13Jxjc=aM3h@CmihhLSY~5j*
zyBb85I}aN%E6y@TL$($wo+CJSxu5#yV;LiVerCfrXve(a8_KM;VFchm3APM@GMuOV
z<j|7}7B+RfdRGbH2|S6%Pb#&r8_Qu16q`-4i_G0@MB$>kLh%U+tTw8J)ATekj3f6+
z!}<=GtBJq3-B%=r|M4YkEzc=fU|bhqVLOquW)W|DTY|oKEWu`c<1)srfPcD}AQ_Au
z+&j-zT+t!|qRZQIB&yptVFQgRtr8M&rr^|o6%>bh8g_V2Js3H7Yk*^lj-zPc46U~(
z%aNl%0=8tJ-h&XBrK9Ly4^FSp_b`Z)xPNdBbWHp+U2>=wHP4bm8LEN;DfH-M;_j+<
zmC?xf3J<Q4!zSc{kvDv2KqAA;YE`&j^<5=L3USUdPi`C%N-s2oO3#5`dC!+4CGe~7
zR@Yl_PD}w!ia5x>ATkiNhq;tH$|r*TnFR}e5!wcrEEJG4L#l&iJma$lm4*UuVWJW!
zI`WMAUQGiHR{5;W;JX|+y0bR-wOnsAw-t)*K&fcGfils>e9L~wq3IFih@1G&$Yej3
zPUOOb>cf<Mtat|o;b|;6WSb9+nr!nkpXG~)!GxF)xrhd~7Q_etNk1bmPfC+hH{iDx
zzYX}k7{7Dy`wRTuh~G=_dlP;qp`DAMq(n2Q&c?#cO(aVcQ&I^K-Y{c`>AZg#BsNr?
zMym?CswpE`rlu4^;T>9GL%H)42!^aQxo<F!F(%jS!K}e6Ob-2(+<WWc-wI`h49j0$
zo6NjDlc2kl0^kLQ3x4L?T5BW#YH8c~8CYyUPv=GLtmI!O-pvv<8mE=~AAaUkYQm`b
z7jedKVPKo$FTx1SVB=j6PmwdVVY>oYUytFLieDN&4}NL*uEZ}5-&Odf;k#Ou%H_xv
zaW%L<dqQcWIE9;NteeOJO&cIb7DD)Brn?A+MH5>iApK03mm`Z1B5_-eEY^TgCqPEo
ztSoG{1zhCk8~F_x_J&a&jzuWMG5PS~$r)nBnZrR^BfkL|9Vk=Vx;sYGMHX#z;D;d%
zVFd)ZdoVCSjhqs-xtMiGBdy`15M$+tjc7%<Cqa0G?>>sv5&qaOBI$o1I?CZs;o89Z
zFNZ(Gar`-wKEm%8TJeu*WAWHn;ok#8Is8X>EaJRI8Dl8I9~(mv{=^uH@TbO5g#Un$
zg$5=3nFjIq+(d@Rra*EbCyxJJ2M1@wO$uAQ;k!2l4(q8{a5z50o3&b-0*CshZ!yxp
z?VJ9dk^W8J^iCk(!Q?nxcmPcge~5%m{C=cfUr!u}94f`U*c!hACr}EdB_(N-4IK2z
z4sXf!5VEc|*<nD|d-y&=R@T=KRPuJXcbn<n9o)V9`Fp=JH=Bj#QcH7xtI5>trsI<M
z!cnROZ-7l0(;$=<(ku#d2#;0aE~|&nRHaLdGUHU~TsC-{uZJtnW*ojMda(t+2l4wJ
ze!tOr75Wyx?<0PQjwKB!(OQfEqGaR3QrOI2yMWCl^b~qeI}jpmjEBp3Z>Eyla8k?)
zvY%;a0a|kiAz(JcoknoJ9VQtxmW`LO_y^f|6^s8K@$hDNZeoeiy35KkTMi`PVt9ZW
z%b>M7z(O;IcmQ#L?DuF-?GB<Ya5u8Zw#KqPpe#sQaZS`>b1Uh~2h&8ICYu`oe{=%C
zA8UZ2+c*yJr^f;QjGW>Ckgb1o2gg0SgQJMBH|pym43#4hh>1CR8fmFdDE8=LkTx&+
zp3BmodCac?yA<cG9Pv?i>~)p?I~aF_D^^jKii35R9Jw6_mmv<lPu9_U)CSIX1!X{3
z)#Xi4zB@2t_5^MpkzAAZz$N2Og93JYaFl3}=t>e5kR$W;@+4FudN&H(qx5#-7Gwhz
zh5UI8>~0-40X`O(pMaqN1I8L}0tb&`jp~7Ra}o2grZzCxkw(@yh@=ns=zGl_BsQYg
z%)XgU;Nr<`${F~cr;Il}x)_Th({0!|eRNQ_+dq^ecj1Wfl=|#J@M1WO&nE0KE@OZl
zG#ju5HbTFvPDT@i?R>Q9$M4<vZ8C->2)UlBVf1<T$qD4N^LFAk<||Sm{oc*4pOBvd
zDj|yUCqNsXaBPx}6aC3xsU!RuBj8JCkaxmS)h{u5I5tCmLX$$d9;|jmnVnNf&h!Mn
z$D~s}3Czk-TAg|V6Km0RGl)LYgnfoJbzW=+)?%IkRkMr(2CIUj*PQh3>s$ft!cdsU
zXV9RpNiKl~CKpkXvpQQH?h&zBupAG0hZ`81RdXoSHly)^b+g)L)USNewr|cXuki59
ziI43QQou^d#Nmz2PkapG3odiff&|vbs6gPf2UoT@jL66N5_Dg=B%Qc&@no;{Ma#o8
zr8|qI7YXVuzPdcDVl$1-Gnt>M-&~3#HnV!SZC|aFoGG3ABLmSk6GRip<^fHpFWM3w
zREE_!=EWH!&fbn<{sC+clHWkud$xZ?Hs(F8`yNw|9R38CLH9#X!ZOIQf@J%2F5az5
zSLFfmmFB~MsxL1u?H!eu=^Olm4M1(#W<d`=3F1QQ%Qk=2=`?wyn8|qf&I-uMZpLn5
z{a+sMgvH1j-_~k&I}o<J#~@r-H!6<Bafqtbg1jut_y;f;=w|{8zz9dxMVH1KEM8~4
zp~zP&4T8(6uOSa&VZ6cawZt0=e5d>ic$D=mYfAcME___GISA6of2)`VA&V>!&vrsN
zn(Ks;+M8XB2aa2dJ@=UQo^T~zn@(Ie*;i=5lxlNJ`h-wUyq+~EjvO|y(80X{+g?@u
z_rZ$Eu?v-K;go@Zk-ibfoaVw{2GO;|^-bUFU%`rEkHU2!Ifw4uT<9Ob(&(i03duQA
zv7P`$o&wJUY_J^oL=TL?>ScLpFu63w=8#v&EwMSY(QnYJQyT(?GuvP%oW_5Vi$fXs
z6w704&i}a42&N#HUUObgblmqelLKh-pCQ_Ut%3$uy7@=uv{|sz$i;8n9C7yF+vYem
zYG_ma_Xkx*yNqg3wHX^;Cyz8reaIvBf>DIDh&aAKGvWrt{2U3al0LRcFk_#v^E>C2
z@;$s#diu~!hH^fs?FFe#dh-ZJcVB`D&gm0n+X{Cf_y(ZyiJF`lhqK0mrC`M4YHX%!
zH*!7!O%IY1ApEJ4)^o`{nyRj<L+Ju2fIn7a*VEiI#IDEG%%u6gCU$+zp-x<X{DTTA
zEH0n((yVpYBhdQV(wT5_U^JX9B}b;iQACt%7AP72VE<z>p?NZQ*!2R@9u%OaE9qFl
z$Po+qk&^0M?e@#UOIQeuR<b=rTtJSXleSm81A31MPE02t=WO|Vhdm0P-H#a{SW75)
zyBE%fXec%l$3+RjuT-V`C`lv0v#>5S0!&+Fi0Xe38pvcl+|=r6Eop9QTRx<Tsn-uQ
zL!{-me2Ct%VoYtVm(di;!$>TM)niQ>jw-}qZfiAlx0>ouGgc2Zd#Hvx>VK3u`v3OI
z<W&z{-M0c%Idb^jFUSoM?k21uQf8oE9ayR0g27<hUdpUjMVmAx6I0;^4?)8A(wI#5
zSt`QTys$kNhUkIHsFUhUtjcsR$EbH|;HVJR#=Ed%0@;d8XMA-`eHNZvtu3Ts828eZ
zFJAS+)v}4o^}L9BxC9kc=9@q7toXbF4tn>Rnk}NuylwyLeb2g~k7#XSTcJM7O~0dh
z0@@bCV6y!JX^@sR>)dK|uCvtw!`3HArhfiTS?#W%FoJ0A9R&tyH38lVIT?9k9Nt||
zX?2M{z$Ru*$P+J?Y?LogT(L|Je*iUvN}h%gG*PFa!Yd@&i{O0!4KACp6p>O2k@796
zO{q*dr4%6LkOZ^wK_xjoHl5i1(Xr{RgWT|S{eVh-pp2YOHwv~TT5(*F9?Sv*gH)sC
zz;4qST|PZIouZj-%cldi<<ps#hHye+lWGms1dsaNXQ@qBWRg=K@=yom+7-((@WR+k
zcgQ-(34>qL*-1h{E4K5yNT|D27S>{k8<Rn^j5VOm%9s?EL2up^Zi}xz@T^;C=GS~c
zsq{X@dSO1V&sfik)&rR9cm;d!LW78fv5ieTreVz*wjvGQPDxIK``I=6yhFy?(~Z;K
z(sZ3gD#tJkz}lu5TtcGB>$1?+t81@=7pJjEUb^DNsV{gSEvD`@VX-7eUX#40`>bin
zX-0==QJ=7mCR+YbHCp*UP>tl!AF4*f_XE|)vEqlS(H8iDYNWV1wwfl_v%Q5K(`P(r
z!^Eyx9h>&7+kxNYH3%iAK|7Y5hA>eOWB6m!)L`ryb^SE*XQZVH=F?!pAL<k*)nToy
z^*^2^Nnktkc1Icn(A+Hz%umbYm+oAhyf$_%-P#gj_0kyDv~e<O#EZiO$Ligcc_*zu
zlT>k?T7uy@d-~EbdJKB=`gDW|p~u0W>>JfqFG@#YG(g_~uZ1WuoH%hwecAGBqRW;~
zbHf0DGWSCfrS%eShU|Xsmd#8?2AkUH&#X@QGtc%i_=bc`&#r7+wQpstzODk0jpXj7
z4EeIWBv{V~`z_St69FSN!U=#O`B-2`(t&jnupVIcOa_>x{h3x1P;52zG8IVkHcTBt
zbzmr(Ns~k^V}{|R%5)p^BpZyi8T^Z;(D|GGY^jgc6FuU&)13aNm^?t_FTJhxO!p|9
zLJ6I=CZ}o<b|Pt)bNQVQ$EHGZxk760-qt$QeRdqmrKLYLEj^c8`cr=Cx#p!m6_%cB
zS?abfb=#I+Y&V&fKHD_4zci(3YMJz3O;hdC#Z6Pqk~^<iF!}DY7?@_$(q?XHGrzRi
zytG+Z+H6_6*t&GFZRrC#7>8tUnko=+nEIQkS4gEAc8rZmPEB4R3*p!mbYQ^4j+wHr
zP@P&4CP#uD@|t=1T1W+z?n@wBRMkz4w^tRBWt22sR_Q14_Wp$wwZKR!4T-m(#9~m1
z2~ues8SVW9zfIzy%Y=ShfQq~}-aZIUx6HJPIQ=iV;_U;=b7>l|L9F@!JJYpUBrE&X
zYf!zcWgzlTCjH7!=xjg+<14Q<$!j@zEibP%%WDOBtwmmImDk$jwe}WEK}$(tOaG#l
zYDdec;+8Y<d|}H4(d3PC<e%iAo)zs!-e|Bu=|q!i3)Ngjo5Rgqe2px;IMh9z7^k=)
zd}M2NtCkyMH@4f?!YV+J1GUmmw7@UvE)AtTf(I^Gpj9f<0xNNlvXsz5L0ov0!k7=8
z3nEQG^5$r&=_YIJrgrNPXe}r^i!d!q#<F=zHNbg!BX2S?<;V``Dt0LF-MkT-8V>(A
z<~jURPEX=G?|HGCP&+j8##HR)cFuvhFLGP`)n}xnpCf^%gh5ECLc%B{m}^+VP`?ui
zRsGO$h^BRGVmEn<`rQ<}iR4s%_|?(gBqINN%&*66{W#{m4D$mz=BM{c;~C~iV3;Fe
z1YtguB~<yHNDyht8tlI3Ex@zEhDQisVE8BL-Y^HmJjF@!z-Ff%bRcizKsXO1=aP=$
zme|~FtK7EOEte<fN=31`oh$1sv0HwboXY@d1p7Ixp}9JwtilEyJ>~_CL28-{sY#n$
zc%W#WAWW%*Bis|vHQQ;=uvE84(pY1e+|`)!H%;224k+a4Z4?mIY_g^{Af0@+78q8h
zFShqG0RXyN<Z<tl$3OYmQb!qj@OuP(-V93>@;saSWOY#1d$5o#dNuB~!$K;=+l4Z%
zGLz_Fp_EGU;;>rA@!FM^qHS4)V06GgzYpZz$>dlvlC+aKOunU}n;0e@BS!<WgL1Y2
z2n69iRlb<4M$_F)FNIrV#3^89LwTzC?ig}TTrKHt7q*vQhokTdD19{D5Xss-UPDvF
zMDc#>%`fAkOim~CZLLGPHm|&Im>yxpMLbECU)C;-&MVvF9g|ns=R6*^kjmAM!{C*R
zDV}dtsEXQzf2AgZ+{P3>Omf6iK|Q(newD<|S#fWF+zhRVH<-O8aR`qEQ2Ed#7CK10
z7m4OwELFuZv&gYgj-4r(%2`gnrU!$S)zdJQ_?EDA38|Il#=TW&qmtSvr8b~jDj?lb
zp{85X8aWOWwXe0J>6U(=#XK~bZs|vh<u?R8vpCaaAJuh2G<W|A-O|ecrEW>nda=>O
z!lav<paIGHJb$*8SxFTfiGFQ}3hFMe@Xbj~-b%NI41xB<#rS`(7#wx}9cb`rKCT#O
zWHqrwv^hz#*N^LzEWm9^W3S*?Oav*PiH07lG*;gZzeAQKKXH=U?X`d@du$u?uEKQ-
zmohlf&OvzWBH?jY&R?ATtj-BJHH$gDhX5H)I*7v@_x;&@onFi`u4JoP5>p#!N%eXX
zPm5ejx<XGf=aQ!CNkT5kqbFH%NmuGg)?Ct6dXg=dbT#-XI8*3mqiC=H)G_RqeHd4B
zyN}A;yUYcQFCd5KRGE69b4A@n2Yf=a1$R19V9=`TY;BhE`--J+@yb;hI(p!B?ytz9
z&O)r;0%kbzj9)r3M}5jD`L#pZ$N&qv14PhCE<*K>$>Hv9wHF!-h&=nr?8<DeNzm7C
z4rJ}k-!RFxaRw5>Jf~`kjlRGt?k{FqLmD{vkoiSM04WAHw!E0f43LLN>i`hxn$vU$
zWNb`AlKKhJW*U8fINb=NXV?gMOiZ_X3qurd6`Y!(uTWd2;Q6DmFC#=ZUU1t5VPTlR
z8a0B|)U~WpZZ}<!=)%>iRPVvR-)o{vX<dpej6~{gJQn32p2JuIk@Z(+<DSiGUM|H(
z<@)-ax?X6*<yAb7D2I(}wRw+6tu}0dat`fCh@stBD@Q^)+6XhW^~Vh4$ZCu*o0!P+
z#>7O{V1x>CO;1o0-YfEO!R7J1Y|Kf{b^Q{04+(~_>beS;G)K}%8*mb;GZ*m(5X<Ww
zrXklLTqCgm@VptG7BR+k>91J7&Z6l^-Udmm<tjR2hP3@keCL7s2Ohh1>AZFGUcR;M
zSF~#AzOz|;JA=Zp+we%w59a3&1-&pr&X#fn3lWhcimwz_!6JNY_?YqB3Emfrv*#iX
z&~p)m>~4KEJ%187Q-8tmfbLW!bzom4TBgwM08zqib*4V<MX*~Av%7HMrc!jn%LZ!@
z&#rvQk+o`@AZ|2KEmp}Wm|+D|a6i*>>W>0hSa%VFTU>VOea@CHGX`&^S>T~Uh|7^L
zbQH+97xx?J9vp43<l;v_q9R{nVScW7$09`BDB(wLzeMik$X12uJ1S8fn5VMWMW;x(
zREi1&ouT?~)HyUuYc0PT;dFwgbo8)Yfr6l}8N?QTwxh|ony7?#KuWfnncrO`sk}eV
z19XH770+tA!xC|6KGB>U8Lx)|riJ!{xBWm)L0(Ro40t58!z5<TMA_xi`GRP_mcg0_
zIEA^=4%0EE3-b#W8wDM3&pxK$z+Azqe9Q=<j<f0DEplWi!=F-}T2D;U9O`&2RP4uh
z)AWPgq@28N=9+Pwuo=N5zIiVj_rQG%?b)#(%?J%S8Ar|`Cu3kR>3Y%rbBa!C7AO5Q
zdxf6mP*+&8aaCTNbdel6kJUUcd!EXX(M(ZdT)4tHgL|DOkO5rQpksIpTytR=u2xQF
zS4qfI%%*uQvogrjZb}O9Byqym&N%Jx`e=oI`2^C7^$#wke-!s+7{wwWjsy~YX1dW~
z){iRViV)mtC;kREXviO6yymcIm4&Yr?_kYMQN|l$n1RsSSat~F31o?%cniFQ@M2)7
zlg<*VEBMa(7j;STeSBTGk7$*xUViw;coq(~BH(;%JXZ(AhW}<Fy0uZeUgc7naW{)O
zfoNr1N=XohIj-{!$Kx}dRFo9(Xb1=YxHJ^|X6PyD)w415>P}~(^-N9Y&E9G2Q}1;K
z2jle?1~u!R37vOj+r(jX%ZP_d)HDB}1_Zjpb2VN@`?uPvqrqiv=UP{7zIv^rV75A?
zpXPOLbhdLEGPo6TJTlM;5jK`QY;bFgCZND~9Rb6bXay(&LD5OG;@UNe-N~Vegj*f1
z>uiH>R3|R9(sO|58=FnM6v?AsC(hHZ0UD0&hF3e>BZKfj43ct+TGRdB^RwyF(=opA
zsD;5WZcV*`WyDa`3Idf5(sXJ65pEPDM__`#lTd{jj@<sT&B4vS12!7n*&dGj;q53v
zFM-{{HUM^w*`;6_-^Kf)=ppmIrO~C=K0;({=_EhM@OD}}uZmY=8PL@;;|V(U&Ki47
z1dic!904@*s;E{9bx(S}aV>g;+f$y>YGoiD;l4^aI1I!!B|iPwV@*qcZE#V{j~W+>
z;Jb{8qH9GE3wi0i#=Xuj;l&CMX@}QA_nP1%4hPj|x-fw+fHT{!Dk;xqADqxvQO~7&
z<F2mD2n=qO!uOOOF@U2#%O-WfsXA=V2mjJlL_!1Hh7PHkMW}0f%R=K?si<+U1dnM3
zmj(er*X}{YmVilEg|aUxcydOZiKk?rV2<82rTQovxB<0d9RxD@I&hHN6<61Ah9T$s
z54I~~1R)9YYt}Q*a`yWa4Lryf#tOKGp2H4)5x=XkC^J5IqOVrc8OekU9JHFVI_CX(
zgbnZZoR2)~1Xe7Se2O_u)uifpdf|{<&xIC~#J4<|=e~~ZxSIHTc!O{Fhxlt&j%ES_
zs(HmPoz0d*KRGyDeEQ*awwJAV3FDa=`g%yPTjBILcp0vsnEgX^&;N56x2$>o)3CEs
z0Y1wzcO4cW7BJ6z`k7BUP0`DsU!DNH3`EZvO@r?zJ%)$rveQ<h%lV`9sTeM<M(1hz
zy#@L@lUC8f^U*y8c8Bgu+;Zc;oamH=fyyDTna(F+km9j5*a8@Mc3i=yA3dZY!Hs?T
zDPY&^Ed1>Ys3O~ZBd~$U(;JWJxz(NX>Fxte$!;FkB|@*jy1COQ-H4_znXC-Q%B+Hn
zYt|Cri@ty=rK6o>&IK6Ao^unfT`Y`CD>G=aTu~Oq8-J6vX`y?#EU6maqSTTGO`=Et
ztg~_1l4X{&m-rA>O5u}~>5y2ec+8`J*f!{V_<J1E+8ywON5G!$O#o)-OV9}N2M>Lz
zW-oO^`InA+%2LtZ_+&3`SBAb~_jbQx<m6M_H4rcRD~<y!&aId=cIBKN<PLwYq<p+o
z6L05mI}oI97_Mqj!*~OkH&VQ+Gv02-uv0!wD|>~&gBv$P$-CPX>km3{)YX-{xfwpn
z9#n>|{808ep@ATBkwXf!3vzHEpg<l@K_QZEv&2Ws!J$xgl81LDJ_htl*L<=_H6rZN
zHsuUQgx#!OZ=tA@aAj{|X_e_Uv=kl8B1?uIg>(|69F<^*CNJ9XmTr9EjXL7(Guxi6
zJ4Y)?>RB%BFJsFeehhFQ$%f&&ICdH+71bCEZ`Lh1%_O+gmnlB1bu3^ZqrU`9FZYg}
zOY5JmV6n5oxfH$&x#v%M)V>KIkRTocd-X)4@$^`u!Cht5MmQg2cu8lwMMH)4>x4hL
zt}xP5%4k<q<MH^+*iUhF<@V8i7<*iZk|T#zdgXW%82k$=y|XJ3zLUP5t`VR#--LYJ
zf)<4O9u&b7^Noc@nptQpK^oD(iJR(EMzSC@{zNZ2#7IL?QEE>3?x~MSzb1$P*f<G3
z*A(Q0`oBqD7DTxVq$?@tn^ON5=`spY<Bij#3D64(_1)6hK*A#4zEc{_ik(`208Rs}
z7%JZ?Rk30pNM#IH3A>4a@%5do-}NyPI&Y_|UF7sH<GL%xyFMmf_BRTHx1t~DZnT0B
zYY@eS*v6meHL#Id5gj5W(4qbMDclMe^f<0IUlh}V#^o&rk-ZPBHNnzp|LIL?uRr8U
zqrnrQsWovN_Oeie&4rDV7!5^*zHL~9_7JUi7WoN)8cIiUVCyIyNOCZaaFTNMXW)=7
zu6%Y&N&X^Yusx;FwChqeb`1jyQ4MKvUA*@6PBGF4<6VPNO$uiMwdd<>mLc(K>BA_U
zZC~1MrFfvJ1=6sl@T9v6)HIS8aJgjK`Ro~^K4{T%bc7b=l3r3rj9#pR%8j~PInQ^x
z4mxb6qI5sNQ_3Efr(r0aqIwRh;8>cg!R>?(V6fhUVu@6C>&^aQaI)&pv}bTkf-_ud
zLo4&Vulb_{mno0|{{)oi2kjcmZ>~1-AH)q3mOraczT3#(if33^egOIOCm^)?UL*g$
zRCK%mkCgWmHvGCqp&R{z(j=}r$p?v?&_Uth6egX9w;Iao90+3(Cu)vlupc^Gs}Qdv
z<7=V@hXB@dqGk_`(EdEl1MZw`&1xPnKIC@mq_JR}fPTrZ4>O=G9t@hNRAY?^B<^Et
zQ`-xh7{#>P&RUpei5`KWbeb9?tS=HhM_(Fxj5KdXIrh{Y7OV!LjOCOj8qB`?os3*V
z`8Xa6dWz~&2FSr7pd1_ysi6Pw^emtmZ!`q`f6Utju=9ZxQS~={z}jnPhDXJE!80A;
zOvn$Nttk%&+Z7|@smbt9*Om?AU5phB{s3j!qV@17+6LZ~U7;1Q8G6_wAC#H)*l{EF
zJGv{|1_NF09S<!t`<Mu2Lh+6lOK^veISE%QXX6@wHKeMr_8>L>;6|||V&30l2RI$_
zFcIQTUw8{0^0cbpuEY*?w!44#CcPev9Bv~j!1t1S8^6!s_Z|EaA0~5~Fg$E;<Nbq^
zF{W||ernp4l+a7)cp4x*9QB!YnjBh(@}U<2lwNeCtlCpqkmds%kLo=uh{MMP_Kx_u
zta4$Pp<IA~)5e_j!HUpJ55*(}Lhc2#By+osxsoGq;PKtQSFIy&uukf9i|LNg<?JQw
z1D-9tS-l9-CtW{(0JJ~(I+4&W-ae1v2@XK-BXp)R_Xiq^$S#Q7yNDT@I084X`(9WK
z`tvU=f?>mxc{nuW2;LJo&R3qjyN7v-d<}?SD@Wm@TX!cFh5u0~vlqTjPzu1~(7zSD
zhM&6ts&%|`>_@i#tZ{7dC@9a#8vy%KuXl!4MLj{4Q?M`kR{5IvlO@z0a9nTpQ7e*)
zkb24xr{@CM+jJNMmIfi+W5&gEKL9AkJxd=?(rVDJ(o(`7hJXNo>a~(=dKki3Z~S!4
z9@7KUoa#8xUe)b4F_knDK#M&S498{`_wz;`cAM%qXJce}D9XjyU!TC$r67C9bEA@m
zBFMyb<HcmZY0S~+_#V9WjK?H-Tp5jgn0Hf;9*g9+n(4*l$nTXJzE4pA3-6`0pa0gK
zq<5BCRqegw<V9Ldo@#DKt9V9^e#7i<(9lly)8I$xZ|tzYtW>5roBD~-<Vj8aZB12o
z$eb(I4-RK1;nN?VDtO}zDQOzYT{P6*G|b#oJ^P|+34iM&HUybN@fn5>vD#cKttI?b
zrzl16rV4t>J*~hx5zrn+mN`5Rx*3Tu0Z|dkt1ZgqVkd9LT)FYuHOa<rKxxsqoVc`$
z;RyLA{aKIj8}w&Au-&n2%cv<F3FOcDhVcTk@z*`5_?fJ@$^8!d>mFa@4|jY>TAu(f
zhmL@GheT9Gm#OGao<(t$ncgc8lCV-L{gWYpr$RLq3Q&#uOXx)ggvKjZ_Dc>3Dp#JA
z#GTwL`zHtCyDB*tIWbg-4a8><K7)Z?jdJD4<jGX)JmtzE$>AtDH0i|mu;d7QS0`(b
z6B~}wPJBk-Q=?98*@5z3X!;5eGr019LA*}F6&t~VI{<jRAFuBw*CzLfQ?3I=gJK(!
zFCLVU(x7T2+>^Qh`jLToSJ#ixL>L93B}KvNyn-?@{d7Ye>I{hSHlJC0P=~IsXVorD
z)nVjqcmcP0vBg7A;A%N70tsS38kBqw6d2{&UknnWMB(uVgCr^kp%GGVC<>a3RbnU+
zXx8_#K@Tj!J2{9z=AzJgh%ER^60ci1Czir~rL}?nxB?{MVz!apXbRcjeD)bul}*%$
zaVPjZ97lLbLxIfrq=8`>!_YWa7#1KU+BN0^{hB|-j=GoWX?41oK8dcLr@Rx7Ba;M}
zyp^oL-h{~xrOC&>jFwxOdJt+P_Q-`(yi32ljuIMb>?!a6Vi%-!+;(F0AhScB#+_>e
zHyWVVvweYf7s}jDNQO4Nn?~wFHi3j`fctWS_B!ra^ja@*HFB7-9%&c$IOAR@+Rf%h
zz-FM*RFt0XSXBT6<q-Cak8G9Mv0!NO$xb*BjJ@KKy;zSRopzvyKbf;L8h|!Ow-5$o
zdfTX4`3?qLvWPGv#JuLJdrf(Ur@@T-lOuyb5$TY>0DfsFGZp_(!#HsAvBm+)Az;TF
z2To%(2LsS%T=qDP83~?XX?Q(nt3^EjXMKdmNI0R!u{qA%4@*60Di&lUtkeM07jP74
z#uF2$<qP7QzCLlfES<{^ACnzEw!aw7Hy5*(X@D_V;D-*<Gfg&nrU@D~N`}vX$A&)%
z&<#dZobe475B@aQO7_+=%gTu@3hw4*rIlV70}n7`AV~)@83Oro*a7oiXl8sUjE1@`
zP+SEuDgQZa;y-aN(t;45Htd7?LcmK5s|upYJCb+Od?#@~;|wrI*gRMQXLZKzY~32W
zqt#Y-8s3{x+A|ImiurM<hVfh}Nq!k9NtuDua%b#LA8)xsg8TXD(AxPc*_lJ;ckD6z
zNtrO7LWSTJ^LrAghz7_+jz1=+Z(u+Ko5Z*=c$FRU4hBIy9VaJAg>-`g0M3Zvm7Iji
z&m9Kwh-GVfZf+KB!d9&0tgemd4boZ^5Y#HRcgB9x!If$6NM*d{cDo=Asvm_SD-{+k
zuAkb$+3P3DTnr;+C^5v#&ljg`)+UyJK-Y?a+Kt4Y63}B%qV<>g`;}@<M+WwVv|>>V
z3#j^AIAU<XthX^uA6Q6w0){>KQrL#~PQYlQ7^%y+s}=90DE1h=Il{;VnXSkMl_ShR
z_IcpO$TZPjJo8T}?79oi0471Or$(G@^VZ)A*IF=#Dct2NX0BMw4}yb_L^cM<$Q85k
z+V53=c`i1La;>>|38w77fuaz>Cya@Q2aP|a`YW?VJex01<)%H3NrC@ES{4Q?xB1*O
z(&_e+ssxN)blwD@lGSua>~DNHyBn;&K?yijP$r1?v48OcM+GFHAo@-GzX}$NmBe|4
z$0<Uqv34kr9c19{*`G{$9tmscnFsCMVI~_={Gt%fDm<izOV||Ifge&`u?W+A0fJ^J
zA=nY!vP#5~y|EYc{{t`HQWSDpyV>IZ6UhQNlTIXG&=O_G>Tz!yVLlnU=on$T3gZ>-
z1pC$!Ap)Nff6dg-7!gW^K9JO8P!DKZBGuC6OyEy^IRyNDIKBJMxDR^Ib--#hDGfub
zp%s9poyG-vb!fE{-V0@oTlhI8(I{XGmufSC_m;?ZLYg|@#h&t6$^O<9UZu+(O<2!B
zn=u?`G7vb8n3@U{FjtpO{FPv!=%JrnU2H4-{VAC{8%vzHm!@x^XhP>#>g5<5s)!w6
zD7}^=Vpx#a8+nH6iT>`3Zco8r;W6Q-HMC&)M@X|mc%2v^vp||odLIWH9fI}qinl!B
zgDRQ^1_qAsb}SuDACLV>4-wHbjN4W0Sp3yW3gM%8FQIKmEGPjmw{t~0clEp?m1cu*
zh6vT9u`AaoxFxQcf9Ta8!%6@%0^z&|P{4vs*9Q{Uf%dRJ5cS;gc<jmIflA=6yr<}R
z=xwganwgGmhbED|u!%>A^N0vIxC^E8sTX;a<ayFR@DeUV@m9QC#IkbK1?C!}E_l#K
zqb|f8GA-mvtOhp4IgO&WjWFwwRx|8@E_wnCiU^{?aHgX*jE8`bf9F%#BE&A~MJkOV
QSXYengSk?jru9Sq59%k7NdN!<

-- 
2.1.2

^ permalink raw reply related

* Re: [PATCH net-next 1/2] cxgb4: Update ipv6 address handling api
From: David Miller @ 2015-01-14 21:29 UTC (permalink / raw)
  To: anish; +Cc: netdev, hariprasad, kxie, deepak.s
In-Reply-To: <1421202516-13862-2-git-send-email-anish@chelsio.com>

From: Anish Bhatt <anish@chelsio.com>
Date: Tue, 13 Jan 2015 18:28:35 -0800

> +	c.op_to_write = htonl(FW_CMD_OP_V(FW_CLIP_CMD) |
> +			FW_CMD_REQUEST_F | FW_CMD_WRITE_F);

Please indent this properly, the second line should start at the first
column after the openning parenthesis of htonl().

> +	c.op_to_write = htonl(FW_CMD_OP_V(FW_CLIP_CMD) |
> +			FW_CMD_REQUEST_F | FW_CMD_READ_F);

Likewise.

> +	ctbl = t4_alloc_mem(sizeof(*ctbl) +
> +				clipt_size*sizeof(struct list_head));

Likewise.

^ permalink raw reply

* Re: [PATCHv3 net-next] openvswitch: Introduce ovs_tunnel_route_lookup
From: David Miller @ 2015-01-14 21:34 UTC (permalink / raw)
  To: fan.du; +Cc: pshelar, netdev, dev, fengyuleidian0615
In-Reply-To: <1421212235-29447-1-git-send-email-fan.du@intel.com>

aFrom: Fan Du <fan.du@intel.com>
Date: Wed, 14 Jan 2015 13:10:35 +0800

> Introduce ovs_tunnel_route_lookup to consolidate route lookup
> shared by vxlan, gre, and geneve ports.
> 
> Signed-off-by: Fan Du <fan.du@intel.com>

Applied.

^ permalink raw reply

* Re: [PATCH] netdevice: Add missing parentheses in macro
From: David Miller @ 2015-01-14 21:34 UTC (permalink / raw)
  To: bpoirier; +Cc: nikolay, netdev, linux-kernel
In-Reply-To: <1421221955-9505-1-git-send-email-bpoirier@suse.de>

From: Benjamin Poirier <bpoirier@suse.de>
Date: Wed, 14 Jan 2015 16:52:35 +0900

> For example, one could conceivably call
> 	for_each_netdev_in_bond_rcu(condition ? bond1 : bond2, slave)
> and get an unexpected result.
> 
> Signed-off-by: Benjamin Poirier <bpoirier@suse.de>

Applied.

^ permalink raw reply

* Re: [PATCH 1/1] ipv6:icmp:remove unnecessary brackets
From: David Miller @ 2015-01-14 21:36 UTC (permalink / raw)
  To: zyjzyj2000; +Cc: netdev, Yanjun.Zhu
In-Reply-To: <1421227439-13996-1-git-send-email-Yanjun.Zhu@windriver.com>

From: Zhu Yanjun <zyjzyj2000@gmail.com>
Date: Wed, 14 Jan 2015 17:23:59 +0800

> There are too many brackets. Maybe only one bracket is enough.
> 
> Signed-off-by: Zhu Yanjun <Yanjun.Zhu@windriver.com>

Applied to net-next, thanks.

^ permalink raw reply

* net: prevent of emerging cross-namespace symlinks patches for 3.14?
From: Miquel van Smoorenburg @ 2015-01-14 21:45 UTC (permalink / raw)
  To: netdev; +Cc: stable, Alexander Y. Fomichev, David Miller

[first sent to lkml, now to netdev and the original patch author]

When running 'lxc' on the latest -stable kernel, 3.14.28, I'm seeing 
these errors:

Jan 14 17:47:16 lxc2 kernel: [   10.704890] WARNING: CPU: 0 PID: 3209 at 
fs/sys
fs/dir.c:52 sysfs_warn_dup+0x8c/0xb0()
Jan 14 17:47:16 lxc2 kernel: [   10.704892] sysfs: cannot create 
duplicate filename '/devices/virtual/net/eth0.104/upper_eth0'
Jan 14 17:47:16 lxc2 kernel: [   10.704954] CPU: 0 PID: 3209 Comm: 
lxc-autostart Not tainted 3.14.28-xsserver #1

I did not see these errors in 3.12. This was fixed in 3.17 by:

net: prevent of emerging cross-namespace symlinks
https://github.com/torvalds/linux/commit/4c75431ac3520631f1d9e74aa88407e6374dbbc4

net: fix creation adjacent device symlinks
https://github.com/torvalds/linux/commit/7ce64c79c4decdeb1afe0bf2f6ef834b382871d1

These patches apply cleanly to 3.14.28.

If you agree that this should go into 3.14-stable, please ack.

Thanks,

Mike.

^ permalink raw reply

* Re: [PATCH net-next] socket: use iov_length()
From: David Miller @ 2015-01-14 21:45 UTC (permalink / raw)
  To: nicolas.dichtel; +Cc: netdev
In-Reply-To: <1421230070-4104-1-git-send-email-nicolas.dichtel@6wind.com>

From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Wed, 14 Jan 2015 11:07:50 +0100

> @@ -883,10 +883,8 @@ static ssize_t do_sock_read(struct msghdr *msg, struct kiocb *iocb,
>  {
>  	struct socket *sock = file->private_data;
>  	size_t size = 0;
> -	int i;
>  
> -	for (i = 0; i < nr_segs; i++)
> -		size += iov[i].iov_len;
> +	size = iov_length(iov, nr_segs);

In both of these cases you can now remove the initialization of size to '0'.

^ permalink raw reply

* Re: [PATCH_V4] dm9000: Add regulator and reset support to dm9000
From: David Miller @ 2015-01-14 21:47 UTC (permalink / raw)
  To: Zubair.Kakakhel-1AXoQHu6uovQT0dZR+AlfA
  Cc: devicetree-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	netdev-u79uwXL29TY76Z2rM5mHXA, s.hauer-bIcnvbaLZ9MEGnE8C9+IrQ,
	sergei.shtylyov-M4DtvfQ/ZS1MRgGoP+s0PdBPR1lH4CV8
In-Reply-To: <1421231777-12589-1-git-send-email-Zubair.Kakakhel-1AXoQHu6uovQT0dZR+AlfA@public.gmane.org>

From: Zubair Lutfullah Kakakhel <Zubair.Kakakhel-1AXoQHu6uovQT0dZR+AlfA@public.gmane.org>
Date: Wed, 14 Jan 2015 10:36:17 +0000

> +	power = devm_regulator_get(dev, "vcc");
> +	if (PTR_ERR(power) == -EPROBE_DEFER)
> +		return -EPROBE_DEFER;
> +	if (IS_ERR(power)) {
> +		dev_dbg(dev, "no regulator provided\n");

I know it may seem silly, but to me it is more logical to always
guard PTR_ERR() uses with IS_ERR().

Therefore could you please restructure this as:

	if (IS_ERR(power)) {
		if (PTR_ERR(power) == -EPROBE_DEFER)
			return -EPROBE_DEFER;
		else
			dev_dbg(dev, "no regulator provided\n");
	} else {

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox