From 69a8bbb906b96b0a7925b04a8e33102a653ecf3a Mon Sep 17 00:00:00 2001 From: Jaehyun Kim Date: Thu, 9 Sep 2021 18:07:45 +0900 Subject: [PATCH] Add support of bpf Change-Id: Iaa5566a1be143ede38832cdd8639111fc26b4586 Signed-off-by: Jaehyun Kim --- COPYING.LGPLv2 | 502 ++ packaging/connman.spec | 54 +- resources/usr/include/bpf/bpf.h | 285 ++ resources/usr/include/bpf/libbpf.h | 765 +++ resources/usr/include/bpf/libbpf_common.h | 42 + .../usr/include/bpf/linux/asm-generic/socket.h | 147 + resources/usr/include/bpf/linux/bpf.h | 5051 ++++++++++++++++++++ resources/usr/include/bpf/linux/bpf_common.h | 57 + resources/usr/lib/libbpf.so.32 | Bin 0 -> 966724 bytes resources/usr/lib/libbpf.so.64 | Bin 0 -> 1239328 bytes resources/var/lib/connman/bpf_code | Bin 0 -> 2488 bytes 11 files changed, 6899 insertions(+), 4 deletions(-) create mode 100644 COPYING.LGPLv2 create mode 100644 resources/usr/include/bpf/bpf.h create mode 100644 resources/usr/include/bpf/libbpf.h create mode 100644 resources/usr/include/bpf/libbpf_common.h create mode 100644 resources/usr/include/bpf/linux/asm-generic/socket.h create mode 100644 resources/usr/include/bpf/linux/bpf.h create mode 100644 resources/usr/include/bpf/linux/bpf_common.h create mode 100755 resources/usr/lib/libbpf.so.32 create mode 100755 resources/usr/lib/libbpf.so.64 create mode 100644 resources/var/lib/connman/bpf_code diff --git a/COPYING.LGPLv2 b/COPYING.LGPLv2 new file mode 100644 index 0000000..4362b49 --- /dev/null +++ b/COPYING.LGPLv2 @@ -0,0 +1,502 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 2.1, February 1999 + + Copyright (C) 1991, 1999 Free Software Foundation, Inc. + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.] + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +Licenses are intended to guarantee your freedom to share and change +free software--to make sure the software is free for all its users. + + This license, the Lesser General Public License, applies to some +specially designated software packages--typically libraries--of the +Free Software Foundation and other authors who decide to use it. You +can use it too, but we suggest you first think carefully about whether +this license or the ordinary General Public License is the better +strategy to use in any particular case, based on the explanations below. + + When we speak of free software, we are referring to freedom of use, +not price. Our General Public Licenses are designed to make sure that +you have the freedom to distribute copies of free software (and charge +for this service if you wish); that you receive source code or can get +it if you want it; that you can change the software and use pieces of +it in new free programs; and that you are informed that you can do +these things. + + To protect your rights, we need to make restrictions that forbid +distributors to deny you these rights or to ask you to surrender these +rights. These restrictions translate to certain responsibilities for +you if you distribute copies of the library or if you modify it. + + For example, if you distribute copies of the library, whether gratis +or for a fee, you must give the recipients all the rights that we gave +you. You must make sure that they, too, receive or can get the source +code. If you link other code with the library, you must provide +complete object files to the recipients, so that they can relink them +with the library after making changes to the library and recompiling +it. And you must show them these terms so they know their rights. + + We protect your rights with a two-step method: (1) we copyright the +library, and (2) we offer you this license, which gives you legal +permission to copy, distribute and/or modify the library. + + To protect each distributor, we want to make it very clear that +there is no warranty for the free library. Also, if the library is +modified by someone else and passed on, the recipients should know +that what they have is not the original version, so that the original +author's reputation will not be affected by problems that might be +introduced by others. + + Finally, software patents pose a constant threat to the existence of +any free program. We wish to make sure that a company cannot +effectively restrict the users of a free program by obtaining a +restrictive license from a patent holder. Therefore, we insist that +any patent license obtained for a version of the library must be +consistent with the full freedom of use specified in this license. + + Most GNU software, including some libraries, is covered by the +ordinary GNU General Public License. This license, the GNU Lesser +General Public License, applies to certain designated libraries, and +is quite different from the ordinary General Public License. We use +this license for certain libraries in order to permit linking those +libraries into non-free programs. + + When a program is linked with a library, whether statically or using +a shared library, the combination of the two is legally speaking a +combined work, a derivative of the original library. The ordinary +General Public License therefore permits such linking only if the +entire combination fits its criteria of freedom. The Lesser General +Public License permits more lax criteria for linking other code with +the library. + + We call this license the "Lesser" General Public License because it +does Less to protect the user's freedom than the ordinary General +Public License. It also provides other free software developers Less +of an advantage over competing non-free programs. These disadvantages +are the reason we use the ordinary General Public License for many +libraries. However, the Lesser license provides advantages in certain +special circumstances. + + For example, on rare occasions, there may be a special need to +encourage the widest possible use of a certain library, so that it becomes +a de-facto standard. To achieve this, non-free programs must be +allowed to use the library. A more frequent case is that a free +library does the same job as widely used non-free libraries. In this +case, there is little to gain by limiting the free library to free +software only, so we use the Lesser General Public License. + + In other cases, permission to use a particular library in non-free +programs enables a greater number of people to use a large body of +free software. For example, permission to use the GNU C Library in +non-free programs enables many more people to use the whole GNU +operating system, as well as its variant, the GNU/Linux operating +system. + + Although the Lesser General Public License is Less protective of the +users' freedom, it does ensure that the user of a program that is +linked with the Library has the freedom and the wherewithal to run +that program using a modified version of the Library. + + The precise terms and conditions for copying, distribution and +modification follow. Pay close attention to the difference between a +"work based on the library" and a "work that uses the library". The +former contains code derived from the library, whereas the latter must +be combined with the library in order to run. + + GNU LESSER GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any software library or other +program which contains a notice placed by the copyright holder or +other authorized party saying it may be distributed under the terms of +this Lesser General Public License (also called "this License"). +Each licensee is addressed as "you". + + A "library" means a collection of software functions and/or data +prepared so as to be conveniently linked with application programs +(which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work +which has been distributed under these terms. A "work based on the +Library" means either the Library or any derivative work under +copyright law: that is to say, a work containing the Library or a +portion of it, either verbatim or with modifications and/or translated +straightforwardly into another language. (Hereinafter, translation is +included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for +making modifications to it. For a library, complete source code means +all the source code for all modules it contains, plus any associated +interface definition files, plus the scripts used to control compilation +and installation of the library. + + Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running a program using the Library is not restricted, and output from +such a program is covered only if its contents constitute a work based +on the Library (independent of the use of the Library in a tool for +writing it). Whether that is true depends on what the Library does +and what the program that uses the Library does. + + 1. You may copy and distribute verbatim copies of the Library's +complete source code as you receive it, in any medium, provided that +you conspicuously and appropriately publish on each copy an +appropriate copyright notice and disclaimer of warranty; keep intact +all the notices that refer to this License and to the absence of any +warranty; and distribute a copy of this License along with the +Library. + + You may charge a fee for the physical act of transferring a copy, +and you may at your option offer warranty protection in exchange for a +fee. + + 2. You may modify your copy or copies of the Library or any portion +of it, thus forming a work based on the Library, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices + stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no + charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a + table of data to be supplied by an application program that uses + the facility, other than as an argument passed when the facility + is invoked, then you must make a good faith effort to ensure that, + in the event an application does not supply such function or + table, the facility still operates, and performs whatever part of + its purpose remains meaningful. + + (For example, a function in a library to compute square roots has + a purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function must + be optional: if the application does not supply it, the square + root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Library, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Library, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote +it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library +with the Library (or with a work based on the Library) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may opt to apply the terms of the ordinary GNU General Public +License instead of this License to a given copy of the Library. To do +this, you must alter all the notices that refer to this License, so +that they refer to the ordinary GNU General Public License, version 2, +instead of to this License. (If a newer version than version 2 of the +ordinary GNU General Public License has appeared, then you can specify +that version instead if you wish.) Do not make any other change in +these notices. + + Once this change is made in a given copy, it is irreversible for +that copy, so the ordinary GNU General Public License applies to all +subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of +the Library into a program that is not a library. + + 4. You may copy and distribute the Library (or a portion or +derivative of it, under Section 2) in object code or executable form +under the terms of Sections 1 and 2 above provided that you accompany +it with the complete corresponding machine-readable source code, which +must be distributed under the terms of Sections 1 and 2 above on a +medium customarily used for software interchange. + + If distribution of object code is made by offering access to copy +from a designated place, then offering equivalent access to copy the +source code from the same place satisfies the requirement to +distribute the source code, even though third parties are not +compelled to copy the source along with the object code. + + 5. A program that contains no derivative of any portion of the +Library, but is designed to work with the Library by being compiled or +linked with it, is called a "work that uses the Library". Such a +work, in isolation, is not a derivative work of the Library, and +therefore falls outside the scope of this License. + + However, linking a "work that uses the Library" with the Library +creates an executable that is a derivative of the Library (because it +contains portions of the Library), rather than a "work that uses the +library". The executable is therefore covered by this License. +Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file +that is part of the Library, the object code for the work may be a +derivative work of the Library even though the source code is not. +Whether this is true is especially significant if the work can be +linked without the Library, or if the work is itself a library. The +threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data +structure layouts and accessors, and small macros and small inline +functions (ten lines or less in length), then the use of the object +file is unrestricted, regardless of whether it is legally a derivative +work. (Executables containing this object code plus portions of the +Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may +distribute the object code for the work under the terms of Section 6. +Any executables containing that work also fall under Section 6, +whether or not they are linked directly with the Library itself. + + 6. As an exception to the Sections above, you may also combine or +link a "work that uses the Library" with the Library to produce a +work containing portions of the Library, and distribute that work +under terms of your choice, provided that the terms permit +modification of the work for the customer's own use and reverse +engineering for debugging such modifications. + + You must give prominent notice with each copy of the work that the +Library is used in it and that the Library and its use are covered by +this License. You must supply a copy of this License. If the work +during execution displays copyright notices, you must include the +copyright notice for the Library among them, as well as a reference +directing the user to the copy of this License. Also, you must do one +of these things: + + a) Accompany the work with the complete corresponding + machine-readable source code for the Library including whatever + changes were used in the work (which must be distributed under + Sections 1 and 2 above); and, if the work is an executable linked + with the Library, with the complete machine-readable "work that + uses the Library", as object code and/or source code, so that the + user can modify the Library and then relink to produce a modified + executable containing the modified Library. (It is understood + that the user who changes the contents of definitions files in the + Library will not necessarily be able to recompile the application + to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a + copy of the library already present on the user's computer system, + rather than copying library functions into the executable, and (2) + will operate properly with a modified version of the library, if + the user installs one, as long as the modified version is + interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at + least three years, to give the same user the materials + specified in Subsection 6a, above, for a charge no more + than the cost of performing this distribution. + + d) If distribution of the work is made by offering access to copy + from a designated place, offer equivalent access to copy the above + specified materials from the same place. + + e) Verify that the user has already received a copy of these + materials or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the +Library" must include any data and utility programs needed for +reproducing the executable from it. However, as a special exception, +the materials to be distributed need not include anything that is +normally distributed (in either source or binary form) with the major +components (compiler, kernel, and so on) of the operating system on +which the executable runs, unless that component itself accompanies +the executable. + + It may happen that this requirement contradicts the license +restrictions of other proprietary libraries that do not normally +accompany the operating system. Such a contradiction means you cannot +use both them and the Library together in an executable that you +distribute. + + 7. You may place library facilities that are a work based on the +Library side-by-side in a single library together with other library +facilities not covered by this License, and distribute such a combined +library, provided that the separate distribution of the work based on +the Library and of the other library facilities is otherwise +permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work + based on the Library, uncombined with any other library + facilities. This must be distributed under the terms of the + Sections above. + + b) Give prominent notice with the combined library of the fact + that part of it is a work based on the Library, and explaining + where to find the accompanying uncombined form of the same work. + + 8. You may not copy, modify, sublicense, link with, or distribute +the Library except as expressly provided under this License. Any +attempt otherwise to copy, modify, sublicense, link with, or +distribute the Library is void, and will automatically terminate your +rights under this License. However, parties who have received copies, +or rights, from you under this License will not have their licenses +terminated so long as such parties remain in full compliance. + + 9. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Library or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Library (or any work based on the +Library), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Library or works based on it. + + 10. Each time you redistribute the Library (or any work based on the +Library), the recipient automatically receives a license from the +original licensor to copy, distribute, link with or modify the Library +subject to these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties with +this License. + + 11. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Library at all. For example, if a patent +license would not permit royalty-free redistribution of the Library by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any +particular circumstance, the balance of the section is intended to apply, +and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 12. If the distribution and/or use of the Library is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Library under this License may add +an explicit geographical distribution limitation excluding those countries, +so that distribution is permitted only in or among countries not thus +excluded. In such case, this License incorporates the limitation as if +written in the body of this License. + + 13. The Free Software Foundation may publish revised and/or new +versions of the Lesser General Public License from time to time. +Such new versions will be similar in spirit to the present version, +but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library +specifies a version number of this License which applies to it and +"any later version", you have the option of following the terms and +conditions either of that version or of any later version published by +the Free Software Foundation. If the Library does not specify a +license version number, you may choose any version ever published by +the Free Software Foundation. + + 14. If you wish to incorporate parts of the Library into other free +programs whose distribution conditions are incompatible with these, +write to the author to ask for permission. For software which is +copyrighted by the Free Software Foundation, write to the Free +Software Foundation; we sometimes make exceptions for this. Our +decision will be guided by the two goals of preserving the free status +of all derivatives of our free software and of promoting the sharing +and reuse of software generally. + + NO WARRANTY + + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO +WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR +OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY +KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME +THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN +WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY +AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU +FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING +RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A +FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF +SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Libraries + + If you develop a new library, and you want it to be of the greatest +possible use to the public, we recommend making it free software that +everyone can redistribute and change. You can do so by permitting +redistribution under these terms (or, alternatively, under the terms of the +ordinary General Public License). + + To apply these terms, attach the following notices to the library. It is +safest to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the library, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the + library `Frob' (a library for tweaking knobs) written by James Random Hacker. + + , 1 April 1990 + Ty Coon, President of Vice + +That's all there is to it! diff --git a/packaging/connman.spec b/packaging/connman.spec index 1a77426..31dcc3e 100644 --- a/packaging/connman.spec +++ b/packaging/connman.spec @@ -1,12 +1,12 @@ %bcond_with connman_openconnect -%bcond_without connman_wireguard +%bcond_without connman_wireguard %bcond_without connman_openvpn %bcond_without connman_ipsec %bcond_without connman_vpnd Name: connman Version: 1.38 -Release: 9 +Release: 10 License: GPL-2.0+ Summary: Connection Manager Url: http://connman.net @@ -111,7 +111,7 @@ Requires: python-xml Scripts for testing Connman and its functionality %package devel -Summary: Development Files for connman +Summary: Development files for connman Group: Development/Tools Requires: %{name} = %{version} @@ -147,6 +147,22 @@ Conflicts: %{name}-extension-ivi Connman without ethernet support This overwrites conf file of %{name}. +%package extension-bpf +Summary: Files for BPF support +Requires: libelf0 +Requires: %{name} = %{version}-%{release} +%description extension-bpf +Files for BPF support + +%package extension-bpf-devel +License: GPL-2.0+ and LGPL-2.1+ +Summary: Development files for BPF support +Requires: %{name} = %{version}-%{release} +Requires: %{name}-extension-bpf +%description extension-bpf-devel +Header files and development files for BPF support + + %prep %setup -q @@ -231,6 +247,17 @@ cp src/connman.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/ cp vpn/vpn-dbus.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf %endif +# BPF file +mkdir -p %{buildroot}/%{_includedir}/bpf +cp -rf resources/usr/include/bpf/* %{buildroot}/%{_includedir}/bpf +cp resources/var/lib/connman/bpf_code %{buildroot}/%{_localstatedir}/lib/connman/bpf_code + +%ifarch aarch64 +cp resources/usr/lib/libbpf.so.64 %{buildroot}/%{_libdir}/libbpf.so.0.2.0 +%else +cp resources/usr/lib/libbpf.so.32 %{buildroot}/%{_libdir}/libbpf.so.0.2.0 +%endif + %post #chsmack -a 'System' /%{_localstatedir}/lib/connman #chsmack -a 'System' /%{_localstatedir}/lib/connman/settings @@ -246,7 +273,6 @@ systemctl daemon-reload %manifest connman.manifest %attr(500,network_fw,network_fw) %{_bindir}/connmand %attr(500,network_fw,network_fw) %{_bindir}/connmanctl -%attr(755,network_fw,network_fw) /%{_localstatedir}/lib/connman %attr(600,network_fw,network_fw) /%{_localstatedir}/lib/connman/settings %attr(644,root,root) %{_datadir}/dbus-1/system-services/net.connman.service %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/* @@ -314,17 +340,37 @@ systemctl daemon-reload %post extension-tv mv -f %{_unitdir}/connman.service.tv %{_unitdir}/connman.service mv -f %{_sysconfdir}/connman/main.conf.tv %{_sysconfdir}/connman/main.conf + %files extension-tv %attr(644,network_fw,network_fw) %{_sysconfdir}/connman/main.conf.tv %license COPYING %attr(644,root,root) %{_unitdir}/connman.service.tv + %post extension-ivi mv -f %{_sysconfdir}/connman/main.conf.ivi %{_sysconfdir}/connman/main.conf + %files extension-ivi %attr(644,network_fw,network_fw) %{_sysconfdir}/connman/main.conf.ivi %license COPYING + %post extension-disable-eth mv -f %{_sysconfdir}/connman/main.conf.disable.eth %{_sysconfdir}/connman/main.conf + %files extension-disable-eth %attr(644,network_fw,network_fw) %{_sysconfdir}/connman/main.conf.disable.eth %license COPYING + +%files extension-bpf +%manifest %{name}.manifest +%attr(755,root,root) %{_libdir}/libbpf.so.0.2.0 +%attr(640,network_fw,network_fw) %{_localstatedir}/lib/connman/bpf_code + +%post extension-bpf +ln -s %{_libdir}/libbpf.so.0.2.0 %{_libdir}/libbpf.so.0 +ln -s %{_libdir}/libbpf.so.0.2.0 %{_libdir}/libbpf.so + +%files extension-bpf-devel +%manifest %{name}.manifest +%{_includedir}/bpf/* +%license COPYING +%license COPYING.LGPLv2 diff --git a/resources/usr/include/bpf/bpf.h b/resources/usr/include/bpf/bpf.h new file mode 100644 index 0000000..875dde2 --- /dev/null +++ b/resources/usr/include/bpf/bpf.h @@ -0,0 +1,285 @@ +/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */ + +/* + * common eBPF ELF operations. + * + * Copyright (C) 2013-2015 Alexei Starovoitov + * Copyright (C) 2015 Wang Nan + * Copyright (C) 2015 Huawei Inc. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License (not later!) + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see + */ +#ifndef __LIBBPF_BPF_H +#define __LIBBPF_BPF_H + +#include +#include +#include +#include + +#include "libbpf_common.h" + +#ifdef __cplusplus +extern "C" { +#endif + +struct bpf_create_map_attr { + const char *name; + enum bpf_map_type map_type; + __u32 map_flags; + __u32 key_size; + __u32 value_size; + __u32 max_entries; + __u32 numa_node; + __u32 btf_fd; + __u32 btf_key_type_id; + __u32 btf_value_type_id; + __u32 map_ifindex; + union { + __u32 inner_map_fd; + __u32 btf_vmlinux_value_type_id; + }; +}; + +LIBBPF_API int +bpf_create_map_xattr(const struct bpf_create_map_attr *create_attr); +LIBBPF_API int bpf_create_map_node(enum bpf_map_type map_type, const char *name, + int key_size, int value_size, + int max_entries, __u32 map_flags, int node); +LIBBPF_API int bpf_create_map_name(enum bpf_map_type map_type, const char *name, + int key_size, int value_size, + int max_entries, __u32 map_flags); +LIBBPF_API int bpf_create_map(enum bpf_map_type map_type, int key_size, + int value_size, int max_entries, __u32 map_flags); +LIBBPF_API int bpf_create_map_in_map_node(enum bpf_map_type map_type, + const char *name, int key_size, + int inner_map_fd, int max_entries, + __u32 map_flags, int node); +LIBBPF_API int bpf_create_map_in_map(enum bpf_map_type map_type, + const char *name, int key_size, + int inner_map_fd, int max_entries, + __u32 map_flags); + +struct bpf_load_program_attr { + enum bpf_prog_type prog_type; + enum bpf_attach_type expected_attach_type; + const char *name; + const struct bpf_insn *insns; + size_t insns_cnt; + const char *license; + union { + __u32 kern_version; + __u32 attach_prog_fd; + }; + union { + __u32 prog_ifindex; + __u32 attach_btf_id; + }; + __u32 prog_btf_fd; + __u32 func_info_rec_size; + const void *func_info; + __u32 func_info_cnt; + __u32 line_info_rec_size; + const void *line_info; + __u32 line_info_cnt; + __u32 log_level; + __u32 prog_flags; +}; + +/* Flags to direct loading requirements */ +#define MAPS_RELAX_COMPAT 0x01 + +/* Recommend log buffer size */ +#define BPF_LOG_BUF_SIZE (UINT32_MAX >> 8) /* verifier maximum in kernels <= 5.1 */ +LIBBPF_API int +bpf_load_program_xattr(const struct bpf_load_program_attr *load_attr, + char *log_buf, size_t log_buf_sz); +LIBBPF_API int bpf_load_program(enum bpf_prog_type type, + const struct bpf_insn *insns, size_t insns_cnt, + const char *license, __u32 kern_version, + char *log_buf, size_t log_buf_sz); +LIBBPF_API int bpf_verify_program(enum bpf_prog_type type, + const struct bpf_insn *insns, + size_t insns_cnt, __u32 prog_flags, + const char *license, __u32 kern_version, + char *log_buf, size_t log_buf_sz, + int log_level); + +LIBBPF_API int bpf_map_update_elem(int fd, const void *key, const void *value, + __u64 flags); + +LIBBPF_API int bpf_map_lookup_elem(int fd, const void *key, void *value); +LIBBPF_API int bpf_map_lookup_elem_flags(int fd, const void *key, void *value, + __u64 flags); +LIBBPF_API int bpf_map_lookup_and_delete_elem(int fd, const void *key, + void *value); +LIBBPF_API int bpf_map_delete_elem(int fd, const void *key); +LIBBPF_API int bpf_map_get_next_key(int fd, const void *key, void *next_key); +LIBBPF_API int bpf_map_freeze(int fd); + +struct bpf_map_batch_opts { + size_t sz; /* size of this struct for forward/backward compatibility */ + __u64 elem_flags; + __u64 flags; +}; +#define bpf_map_batch_opts__last_field flags + +LIBBPF_API int bpf_map_delete_batch(int fd, void *keys, + __u32 *count, + const struct bpf_map_batch_opts *opts); +LIBBPF_API int bpf_map_lookup_batch(int fd, void *in_batch, void *out_batch, + void *keys, void *values, __u32 *count, + const struct bpf_map_batch_opts *opts); +LIBBPF_API int bpf_map_lookup_and_delete_batch(int fd, void *in_batch, + void *out_batch, void *keys, + void *values, __u32 *count, + const struct bpf_map_batch_opts *opts); +LIBBPF_API int bpf_map_update_batch(int fd, void *keys, void *values, + __u32 *count, + const struct bpf_map_batch_opts *opts); + +LIBBPF_API int bpf_obj_pin(int fd, const char *pathname); +LIBBPF_API int bpf_obj_get(const char *pathname); + +struct bpf_prog_attach_opts { + size_t sz; /* size of this struct for forward/backward compatibility */ + unsigned int flags; + int replace_prog_fd; +}; +#define bpf_prog_attach_opts__last_field replace_prog_fd + +LIBBPF_API int bpf_prog_attach(int prog_fd, int attachable_fd, + enum bpf_attach_type type, unsigned int flags); +LIBBPF_API int bpf_prog_attach_xattr(int prog_fd, int attachable_fd, + enum bpf_attach_type type, + const struct bpf_prog_attach_opts *opts); +LIBBPF_API int bpf_prog_detach(int attachable_fd, enum bpf_attach_type type); +LIBBPF_API int bpf_prog_detach2(int prog_fd, int attachable_fd, + enum bpf_attach_type type); + +union bpf_iter_link_info; /* defined in up-to-date linux/bpf.h */ +struct bpf_link_create_opts { + size_t sz; /* size of this struct for forward/backward compatibility */ + __u32 flags; + union bpf_iter_link_info *iter_info; + __u32 iter_info_len; + __u32 target_btf_id; +}; +#define bpf_link_create_opts__last_field target_btf_id + +LIBBPF_API int bpf_link_create(int prog_fd, int target_fd, + enum bpf_attach_type attach_type, + const struct bpf_link_create_opts *opts); + +LIBBPF_API int bpf_link_detach(int link_fd); + +struct bpf_link_update_opts { + size_t sz; /* size of this struct for forward/backward compatibility */ + __u32 flags; /* extra flags */ + __u32 old_prog_fd; /* expected old program FD */ +}; +#define bpf_link_update_opts__last_field old_prog_fd + +LIBBPF_API int bpf_link_update(int link_fd, int new_prog_fd, + const struct bpf_link_update_opts *opts); + +LIBBPF_API int bpf_iter_create(int link_fd); + +struct bpf_prog_test_run_attr { + int prog_fd; + int repeat; + const void *data_in; + __u32 data_size_in; + void *data_out; /* optional */ + __u32 data_size_out; /* in: max length of data_out + * out: length of data_out */ + __u32 retval; /* out: return code of the BPF program */ + __u32 duration; /* out: average per repetition in ns */ + const void *ctx_in; /* optional */ + __u32 ctx_size_in; + void *ctx_out; /* optional */ + __u32 ctx_size_out; /* in: max length of ctx_out + * out: length of cxt_out */ +}; + +LIBBPF_API int bpf_prog_test_run_xattr(struct bpf_prog_test_run_attr *test_attr); + +/* + * bpf_prog_test_run does not check that data_out is large enough. Consider + * using bpf_prog_test_run_xattr instead. + */ +LIBBPF_API int bpf_prog_test_run(int prog_fd, int repeat, void *data, + __u32 size, void *data_out, __u32 *size_out, + __u32 *retval, __u32 *duration); +LIBBPF_API int bpf_prog_get_next_id(__u32 start_id, __u32 *next_id); +LIBBPF_API int bpf_map_get_next_id(__u32 start_id, __u32 *next_id); +LIBBPF_API int bpf_btf_get_next_id(__u32 start_id, __u32 *next_id); +LIBBPF_API int bpf_link_get_next_id(__u32 start_id, __u32 *next_id); +LIBBPF_API int bpf_prog_get_fd_by_id(__u32 id); +LIBBPF_API int bpf_map_get_fd_by_id(__u32 id); +LIBBPF_API int bpf_btf_get_fd_by_id(__u32 id); +LIBBPF_API int bpf_link_get_fd_by_id(__u32 id); +LIBBPF_API int bpf_obj_get_info_by_fd(int bpf_fd, void *info, __u32 *info_len); +LIBBPF_API int bpf_prog_query(int target_fd, enum bpf_attach_type type, + __u32 query_flags, __u32 *attach_flags, + __u32 *prog_ids, __u32 *prog_cnt); +LIBBPF_API int bpf_raw_tracepoint_open(const char *name, int prog_fd); +LIBBPF_API int bpf_load_btf(const void *btf, __u32 btf_size, char *log_buf, + __u32 log_buf_size, bool do_log); +LIBBPF_API int bpf_task_fd_query(int pid, int fd, __u32 flags, char *buf, + __u32 *buf_len, __u32 *prog_id, __u32 *fd_type, + __u64 *probe_offset, __u64 *probe_addr); + +enum bpf_stats_type; /* defined in up-to-date linux/bpf.h */ +LIBBPF_API int bpf_enable_stats(enum bpf_stats_type type); + +struct bpf_prog_bind_opts { + size_t sz; /* size of this struct for forward/backward compatibility */ + __u32 flags; +}; +#define bpf_prog_bind_opts__last_field flags + +LIBBPF_API int bpf_prog_bind_map(int prog_fd, int map_fd, + const struct bpf_prog_bind_opts *opts); + +struct bpf_test_run_opts { + size_t sz; /* size of this struct for forward/backward compatibility */ + const void *data_in; /* optional */ + void *data_out; /* optional */ + __u32 data_size_in; + __u32 data_size_out; /* in: max length of data_out + * out: length of data_out + */ + const void *ctx_in; /* optional */ + void *ctx_out; /* optional */ + __u32 ctx_size_in; + __u32 ctx_size_out; /* in: max length of ctx_out + * out: length of cxt_out + */ + __u32 retval; /* out: return code of the BPF program */ + int repeat; + __u32 duration; /* out: average per repetition in ns */ + __u32 flags; + __u32 cpu; +}; +#define bpf_test_run_opts__last_field cpu + +LIBBPF_API int bpf_prog_test_run_opts(int prog_fd, + struct bpf_test_run_opts *opts); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* __LIBBPF_BPF_H */ diff --git a/resources/usr/include/bpf/libbpf.h b/resources/usr/include/bpf/libbpf.h new file mode 100644 index 0000000..6909ee8 --- /dev/null +++ b/resources/usr/include/bpf/libbpf.h @@ -0,0 +1,765 @@ +/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */ + +/* + * Common eBPF ELF object loading operations. + * + * Copyright (C) 2013-2015 Alexei Starovoitov + * Copyright (C) 2015 Wang Nan + * Copyright (C) 2015 Huawei Inc. + */ +#ifndef __LIBBPF_LIBBPF_H +#define __LIBBPF_LIBBPF_H + +#include +#include +#include +#include +#include // for size_t +#include + +#include "libbpf_common.h" + +#ifdef __cplusplus +extern "C" { +#endif + +enum libbpf_errno { + __LIBBPF_ERRNO__START = 4000, + + /* Something wrong in libelf */ + LIBBPF_ERRNO__LIBELF = __LIBBPF_ERRNO__START, + LIBBPF_ERRNO__FORMAT, /* BPF object format invalid */ + LIBBPF_ERRNO__KVERSION, /* Incorrect or no 'version' section */ + LIBBPF_ERRNO__ENDIAN, /* Endian mismatch */ + LIBBPF_ERRNO__INTERNAL, /* Internal error in libbpf */ + LIBBPF_ERRNO__RELOC, /* Relocation failed */ + LIBBPF_ERRNO__LOAD, /* Load program failure for unknown reason */ + LIBBPF_ERRNO__VERIFY, /* Kernel verifier blocks program loading */ + LIBBPF_ERRNO__PROG2BIG, /* Program too big */ + LIBBPF_ERRNO__KVER, /* Incorrect kernel version */ + LIBBPF_ERRNO__PROGTYPE, /* Kernel doesn't support this program type */ + LIBBPF_ERRNO__WRNGPID, /* Wrong pid in netlink message */ + LIBBPF_ERRNO__INVSEQ, /* Invalid netlink sequence */ + LIBBPF_ERRNO__NLPARSE, /* netlink parsing error */ + __LIBBPF_ERRNO__END, +}; + +LIBBPF_API int libbpf_strerror(int err, char *buf, size_t size); + +enum libbpf_print_level { + LIBBPF_WARN, + LIBBPF_INFO, + LIBBPF_DEBUG, +}; + +typedef int (*libbpf_print_fn_t)(enum libbpf_print_level level, + const char *, va_list ap); + +LIBBPF_API libbpf_print_fn_t libbpf_set_print(libbpf_print_fn_t fn); + +/* Hide internal to user */ +struct bpf_object; + +struct bpf_object_open_attr { + const char *file; + enum bpf_prog_type prog_type; +}; + +struct bpf_object_open_opts { + /* size of this struct, for forward/backward compatiblity */ + size_t sz; + /* object name override, if provided: + * - for object open from file, this will override setting object + * name from file path's base name; + * - for object open from memory buffer, this will specify an object + * name and will override default "-" name; + */ + const char *object_name; + /* parse map definitions non-strictly, allowing extra attributes/data */ + bool relaxed_maps; + /* DEPRECATED: handle CO-RE relocations non-strictly, allowing failures. + * Value is ignored. Relocations always are processed non-strictly. + * Non-relocatable instructions are replaced with invalid ones to + * prevent accidental errors. + * */ + bool relaxed_core_relocs; + /* maps that set the 'pinning' attribute in their definition will have + * their pin_path attribute set to a file in this directory, and be + * auto-pinned to that path on load; defaults to "/sys/fs/bpf". + */ + const char *pin_root_path; + __u32 attach_prog_fd; + /* Additional kernel config content that augments and overrides + * system Kconfig for CONFIG_xxx externs. + */ + const char *kconfig; +}; +#define bpf_object_open_opts__last_field kconfig + +LIBBPF_API struct bpf_object *bpf_object__open(const char *path); +LIBBPF_API struct bpf_object * +bpf_object__open_file(const char *path, const struct bpf_object_open_opts *opts); +LIBBPF_API struct bpf_object * +bpf_object__open_mem(const void *obj_buf, size_t obj_buf_sz, + const struct bpf_object_open_opts *opts); + +/* deprecated bpf_object__open variants */ +LIBBPF_API struct bpf_object * +bpf_object__open_buffer(const void *obj_buf, size_t obj_buf_sz, + const char *name); +LIBBPF_API struct bpf_object * +bpf_object__open_xattr(struct bpf_object_open_attr *attr); + +enum libbpf_pin_type { + LIBBPF_PIN_NONE, + /* PIN_BY_NAME: pin maps by name (in /sys/fs/bpf by default) */ + LIBBPF_PIN_BY_NAME, +}; + +/* pin_maps and unpin_maps can both be called with a NULL path, in which case + * they will use the pin_path attribute of each map (and ignore all maps that + * don't have a pin_path set). + */ +LIBBPF_API int bpf_object__pin_maps(struct bpf_object *obj, const char *path); +LIBBPF_API int bpf_object__unpin_maps(struct bpf_object *obj, + const char *path); +LIBBPF_API int bpf_object__pin_programs(struct bpf_object *obj, + const char *path); +LIBBPF_API int bpf_object__unpin_programs(struct bpf_object *obj, + const char *path); +LIBBPF_API int bpf_object__pin(struct bpf_object *object, const char *path); +LIBBPF_API void bpf_object__close(struct bpf_object *object); + +struct bpf_object_load_attr { + struct bpf_object *obj; + int log_level; + const char *target_btf_path; +}; + +/* Load/unload object into/from kernel */ +LIBBPF_API int bpf_object__load(struct bpf_object *obj); +LIBBPF_API int bpf_object__load_xattr(struct bpf_object_load_attr *attr); +LIBBPF_API int bpf_object__unload(struct bpf_object *obj); + +LIBBPF_API const char *bpf_object__name(const struct bpf_object *obj); +LIBBPF_API unsigned int bpf_object__kversion(const struct bpf_object *obj); + +struct btf; +LIBBPF_API struct btf *bpf_object__btf(const struct bpf_object *obj); +LIBBPF_API int bpf_object__btf_fd(const struct bpf_object *obj); + +LIBBPF_API struct bpf_program * +bpf_object__find_program_by_title(const struct bpf_object *obj, + const char *title); +LIBBPF_API struct bpf_program * +bpf_object__find_program_by_name(const struct bpf_object *obj, + const char *name); + +LIBBPF_API struct bpf_object *bpf_object__next(struct bpf_object *prev); +#define bpf_object__for_each_safe(pos, tmp) \ + for ((pos) = bpf_object__next(NULL), \ + (tmp) = bpf_object__next(pos); \ + (pos) != NULL; \ + (pos) = (tmp), (tmp) = bpf_object__next(tmp)) + +typedef void (*bpf_object_clear_priv_t)(struct bpf_object *, void *); +LIBBPF_API int bpf_object__set_priv(struct bpf_object *obj, void *priv, + bpf_object_clear_priv_t clear_priv); +LIBBPF_API void *bpf_object__priv(const struct bpf_object *prog); + +LIBBPF_API int +libbpf_prog_type_by_name(const char *name, enum bpf_prog_type *prog_type, + enum bpf_attach_type *expected_attach_type); +LIBBPF_API int libbpf_attach_type_by_name(const char *name, + enum bpf_attach_type *attach_type); +LIBBPF_API int libbpf_find_vmlinux_btf_id(const char *name, + enum bpf_attach_type attach_type); + +/* Accessors of bpf_program */ +struct bpf_program; +LIBBPF_API struct bpf_program *bpf_program__next(struct bpf_program *prog, + const struct bpf_object *obj); + +#define bpf_object__for_each_program(pos, obj) \ + for ((pos) = bpf_program__next(NULL, (obj)); \ + (pos) != NULL; \ + (pos) = bpf_program__next((pos), (obj))) + +LIBBPF_API struct bpf_program *bpf_program__prev(struct bpf_program *prog, + const struct bpf_object *obj); + +typedef void (*bpf_program_clear_priv_t)(struct bpf_program *, void *); + +LIBBPF_API int bpf_program__set_priv(struct bpf_program *prog, void *priv, + bpf_program_clear_priv_t clear_priv); + +LIBBPF_API void *bpf_program__priv(const struct bpf_program *prog); +LIBBPF_API void bpf_program__set_ifindex(struct bpf_program *prog, + __u32 ifindex); + +LIBBPF_API const char *bpf_program__name(const struct bpf_program *prog); +LIBBPF_API const char *bpf_program__section_name(const struct bpf_program *prog); +LIBBPF_API LIBBPF_DEPRECATED("BPF program title is confusing term; please use bpf_program__section_name() instead") +const char *bpf_program__title(const struct bpf_program *prog, bool needs_copy); +LIBBPF_API bool bpf_program__autoload(const struct bpf_program *prog); +LIBBPF_API int bpf_program__set_autoload(struct bpf_program *prog, bool autoload); + +/* returns program size in bytes */ +LIBBPF_API size_t bpf_program__size(const struct bpf_program *prog); + +LIBBPF_API int bpf_program__load(struct bpf_program *prog, char *license, + __u32 kern_version); +LIBBPF_API int bpf_program__fd(const struct bpf_program *prog); +LIBBPF_API int bpf_program__pin_instance(struct bpf_program *prog, + const char *path, + int instance); +LIBBPF_API int bpf_program__unpin_instance(struct bpf_program *prog, + const char *path, + int instance); +LIBBPF_API int bpf_program__pin(struct bpf_program *prog, const char *path); +LIBBPF_API int bpf_program__unpin(struct bpf_program *prog, const char *path); +LIBBPF_API void bpf_program__unload(struct bpf_program *prog); + +struct bpf_link; + +LIBBPF_API struct bpf_link *bpf_link__open(const char *path); +LIBBPF_API int bpf_link__fd(const struct bpf_link *link); +LIBBPF_API const char *bpf_link__pin_path(const struct bpf_link *link); +LIBBPF_API int bpf_link__pin(struct bpf_link *link, const char *path); +LIBBPF_API int bpf_link__unpin(struct bpf_link *link); +LIBBPF_API int bpf_link__update_program(struct bpf_link *link, + struct bpf_program *prog); +LIBBPF_API void bpf_link__disconnect(struct bpf_link *link); +LIBBPF_API int bpf_link__detach(struct bpf_link *link); +LIBBPF_API int bpf_link__destroy(struct bpf_link *link); + +LIBBPF_API struct bpf_link * +bpf_program__attach(struct bpf_program *prog); +LIBBPF_API struct bpf_link * +bpf_program__attach_perf_event(struct bpf_program *prog, int pfd); +LIBBPF_API struct bpf_link * +bpf_program__attach_kprobe(struct bpf_program *prog, bool retprobe, + const char *func_name); +LIBBPF_API struct bpf_link * +bpf_program__attach_uprobe(struct bpf_program *prog, bool retprobe, + pid_t pid, const char *binary_path, + size_t func_offset); +LIBBPF_API struct bpf_link * +bpf_program__attach_tracepoint(struct bpf_program *prog, + const char *tp_category, + const char *tp_name); +LIBBPF_API struct bpf_link * +bpf_program__attach_raw_tracepoint(struct bpf_program *prog, + const char *tp_name); +LIBBPF_API struct bpf_link * +bpf_program__attach_trace(struct bpf_program *prog); +LIBBPF_API struct bpf_link * +bpf_program__attach_lsm(struct bpf_program *prog); +LIBBPF_API struct bpf_link * +bpf_program__attach_cgroup(struct bpf_program *prog, int cgroup_fd); +LIBBPF_API struct bpf_link * +bpf_program__attach_netns(struct bpf_program *prog, int netns_fd); +LIBBPF_API struct bpf_link * +bpf_program__attach_xdp(struct bpf_program *prog, int ifindex); +LIBBPF_API struct bpf_link * +bpf_program__attach_freplace(struct bpf_program *prog, + int target_fd, const char *attach_func_name); + +struct bpf_map; + +LIBBPF_API struct bpf_link *bpf_map__attach_struct_ops(struct bpf_map *map); + +struct bpf_iter_attach_opts { + size_t sz; /* size of this struct for forward/backward compatibility */ + union bpf_iter_link_info *link_info; + __u32 link_info_len; +}; +#define bpf_iter_attach_opts__last_field link_info_len + +LIBBPF_API struct bpf_link * +bpf_program__attach_iter(struct bpf_program *prog, + const struct bpf_iter_attach_opts *opts); + +struct bpf_insn; + +/* + * Libbpf allows callers to adjust BPF programs before being loaded + * into kernel. One program in an object file can be transformed into + * multiple variants to be attached to different hooks. + * + * bpf_program_prep_t, bpf_program__set_prep and bpf_program__nth_fd + * form an API for this purpose. + * + * - bpf_program_prep_t: + * Defines a 'preprocessor', which is a caller defined function + * passed to libbpf through bpf_program__set_prep(), and will be + * called before program is loaded. The processor should adjust + * the program one time for each instance according to the instance id + * passed to it. + * + * - bpf_program__set_prep: + * Attaches a preprocessor to a BPF program. The number of instances + * that should be created is also passed through this function. + * + * - bpf_program__nth_fd: + * After the program is loaded, get resulting FD of a given instance + * of the BPF program. + * + * If bpf_program__set_prep() is not used, the program would be loaded + * without adjustment during bpf_object__load(). The program has only + * one instance. In this case bpf_program__fd(prog) is equal to + * bpf_program__nth_fd(prog, 0). + */ + +struct bpf_prog_prep_result { + /* + * If not NULL, load new instruction array. + * If set to NULL, don't load this instance. + */ + struct bpf_insn *new_insn_ptr; + int new_insn_cnt; + + /* If not NULL, result FD is written to it. */ + int *pfd; +}; + +/* + * Parameters of bpf_program_prep_t: + * - prog: The bpf_program being loaded. + * - n: Index of instance being generated. + * - insns: BPF instructions array. + * - insns_cnt:Number of instructions in insns. + * - res: Output parameter, result of transformation. + * + * Return value: + * - Zero: pre-processing success. + * - Non-zero: pre-processing error, stop loading. + */ +typedef int (*bpf_program_prep_t)(struct bpf_program *prog, int n, + struct bpf_insn *insns, int insns_cnt, + struct bpf_prog_prep_result *res); + +LIBBPF_API int bpf_program__set_prep(struct bpf_program *prog, int nr_instance, + bpf_program_prep_t prep); + +LIBBPF_API int bpf_program__nth_fd(const struct bpf_program *prog, int n); + +/* + * Adjust type of BPF program. Default is kprobe. + */ +LIBBPF_API int bpf_program__set_socket_filter(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_tracepoint(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_raw_tracepoint(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_kprobe(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_lsm(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_sched_cls(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_sched_act(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_xdp(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_perf_event(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_tracing(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_struct_ops(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_extension(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_sk_lookup(struct bpf_program *prog); + +LIBBPF_API enum bpf_prog_type bpf_program__get_type(struct bpf_program *prog); +LIBBPF_API void bpf_program__set_type(struct bpf_program *prog, + enum bpf_prog_type type); + +LIBBPF_API enum bpf_attach_type +bpf_program__get_expected_attach_type(struct bpf_program *prog); +LIBBPF_API void +bpf_program__set_expected_attach_type(struct bpf_program *prog, + enum bpf_attach_type type); + +LIBBPF_API int +bpf_program__set_attach_target(struct bpf_program *prog, int attach_prog_fd, + const char *attach_func_name); + +LIBBPF_API bool bpf_program__is_socket_filter(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_tracepoint(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_raw_tracepoint(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_kprobe(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_lsm(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_sched_cls(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_sched_act(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_xdp(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_perf_event(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_tracing(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_struct_ops(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_extension(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_sk_lookup(const struct bpf_program *prog); + +/* + * No need for __attribute__((packed)), all members of 'bpf_map_def' + * are all aligned. In addition, using __attribute__((packed)) + * would trigger a -Wpacked warning message, and lead to an error + * if -Werror is set. + */ +struct bpf_map_def { + unsigned int type; + unsigned int key_size; + unsigned int value_size; + unsigned int max_entries; + unsigned int map_flags; +}; + +/* + * The 'struct bpf_map' in include/linux/bpf.h is internal to the kernel, + * so no need to worry about a name clash. + */ +LIBBPF_API struct bpf_map * +bpf_object__find_map_by_name(const struct bpf_object *obj, const char *name); + +LIBBPF_API int +bpf_object__find_map_fd_by_name(const struct bpf_object *obj, const char *name); + +/* + * Get bpf_map through the offset of corresponding struct bpf_map_def + * in the BPF object file. + */ +LIBBPF_API struct bpf_map * +bpf_object__find_map_by_offset(struct bpf_object *obj, size_t offset); + +LIBBPF_API struct bpf_map * +bpf_map__next(const struct bpf_map *map, const struct bpf_object *obj); +#define bpf_object__for_each_map(pos, obj) \ + for ((pos) = bpf_map__next(NULL, (obj)); \ + (pos) != NULL; \ + (pos) = bpf_map__next((pos), (obj))) +#define bpf_map__for_each bpf_object__for_each_map + +LIBBPF_API struct bpf_map * +bpf_map__prev(const struct bpf_map *map, const struct bpf_object *obj); + +/* get/set map FD */ +LIBBPF_API int bpf_map__fd(const struct bpf_map *map); +LIBBPF_API int bpf_map__reuse_fd(struct bpf_map *map, int fd); +/* get map definition */ +LIBBPF_API const struct bpf_map_def *bpf_map__def(const struct bpf_map *map); +/* get map name */ +LIBBPF_API const char *bpf_map__name(const struct bpf_map *map); +/* get/set map type */ +LIBBPF_API enum bpf_map_type bpf_map__type(const struct bpf_map *map); +LIBBPF_API int bpf_map__set_type(struct bpf_map *map, enum bpf_map_type type); +/* get/set map size (max_entries) */ +LIBBPF_API __u32 bpf_map__max_entries(const struct bpf_map *map); +LIBBPF_API int bpf_map__set_max_entries(struct bpf_map *map, __u32 max_entries); +LIBBPF_API int bpf_map__resize(struct bpf_map *map, __u32 max_entries); +/* get/set map flags */ +LIBBPF_API __u32 bpf_map__map_flags(const struct bpf_map *map); +LIBBPF_API int bpf_map__set_map_flags(struct bpf_map *map, __u32 flags); +/* get/set map NUMA node */ +LIBBPF_API __u32 bpf_map__numa_node(const struct bpf_map *map); +LIBBPF_API int bpf_map__set_numa_node(struct bpf_map *map, __u32 numa_node); +/* get/set map key size */ +LIBBPF_API __u32 bpf_map__key_size(const struct bpf_map *map); +LIBBPF_API int bpf_map__set_key_size(struct bpf_map *map, __u32 size); +/* get/set map value size */ +LIBBPF_API __u32 bpf_map__value_size(const struct bpf_map *map); +LIBBPF_API int bpf_map__set_value_size(struct bpf_map *map, __u32 size); +/* get map key/value BTF type IDs */ +LIBBPF_API __u32 bpf_map__btf_key_type_id(const struct bpf_map *map); +LIBBPF_API __u32 bpf_map__btf_value_type_id(const struct bpf_map *map); +/* get/set map if_index */ +LIBBPF_API __u32 bpf_map__ifindex(const struct bpf_map *map); +LIBBPF_API int bpf_map__set_ifindex(struct bpf_map *map, __u32 ifindex); + +typedef void (*bpf_map_clear_priv_t)(struct bpf_map *, void *); +LIBBPF_API int bpf_map__set_priv(struct bpf_map *map, void *priv, + bpf_map_clear_priv_t clear_priv); +LIBBPF_API void *bpf_map__priv(const struct bpf_map *map); +LIBBPF_API int bpf_map__set_initial_value(struct bpf_map *map, + const void *data, size_t size); +LIBBPF_API bool bpf_map__is_offload_neutral(const struct bpf_map *map); +LIBBPF_API bool bpf_map__is_internal(const struct bpf_map *map); +LIBBPF_API int bpf_map__set_pin_path(struct bpf_map *map, const char *path); +LIBBPF_API const char *bpf_map__get_pin_path(const struct bpf_map *map); +LIBBPF_API bool bpf_map__is_pinned(const struct bpf_map *map); +LIBBPF_API int bpf_map__pin(struct bpf_map *map, const char *path); +LIBBPF_API int bpf_map__unpin(struct bpf_map *map, const char *path); + +LIBBPF_API int bpf_map__set_inner_map_fd(struct bpf_map *map, int fd); + +LIBBPF_API long libbpf_get_error(const void *ptr); + +struct bpf_prog_load_attr { + const char *file; + enum bpf_prog_type prog_type; + enum bpf_attach_type expected_attach_type; + int ifindex; + int log_level; + int prog_flags; +}; + +LIBBPF_API int bpf_prog_load_xattr(const struct bpf_prog_load_attr *attr, + struct bpf_object **pobj, int *prog_fd); +LIBBPF_API int bpf_prog_load(const char *file, enum bpf_prog_type type, + struct bpf_object **pobj, int *prog_fd); + +struct xdp_link_info { + __u32 prog_id; + __u32 drv_prog_id; + __u32 hw_prog_id; + __u32 skb_prog_id; + __u8 attach_mode; +}; + +struct bpf_xdp_set_link_opts { + size_t sz; + int old_fd; +}; +#define bpf_xdp_set_link_opts__last_field old_fd + +LIBBPF_API int bpf_set_link_xdp_fd(int ifindex, int fd, __u32 flags); +LIBBPF_API int bpf_set_link_xdp_fd_opts(int ifindex, int fd, __u32 flags, + const struct bpf_xdp_set_link_opts *opts); +LIBBPF_API int bpf_get_link_xdp_id(int ifindex, __u32 *prog_id, __u32 flags); +LIBBPF_API int bpf_get_link_xdp_info(int ifindex, struct xdp_link_info *info, + size_t info_size, __u32 flags); + +/* Ring buffer APIs */ +struct ring_buffer; + +typedef int (*ring_buffer_sample_fn)(void *ctx, void *data, size_t size); + +struct ring_buffer_opts { + size_t sz; /* size of this struct, for forward/backward compatiblity */ +}; + +#define ring_buffer_opts__last_field sz + +LIBBPF_API struct ring_buffer * +ring_buffer__new(int map_fd, ring_buffer_sample_fn sample_cb, void *ctx, + const struct ring_buffer_opts *opts); +LIBBPF_API void ring_buffer__free(struct ring_buffer *rb); +LIBBPF_API int ring_buffer__add(struct ring_buffer *rb, int map_fd, + ring_buffer_sample_fn sample_cb, void *ctx); +LIBBPF_API int ring_buffer__poll(struct ring_buffer *rb, int timeout_ms); +LIBBPF_API int ring_buffer__consume(struct ring_buffer *rb); + +/* Perf buffer APIs */ +struct perf_buffer; + +typedef void (*perf_buffer_sample_fn)(void *ctx, int cpu, + void *data, __u32 size); +typedef void (*perf_buffer_lost_fn)(void *ctx, int cpu, __u64 cnt); + +/* common use perf buffer options */ +struct perf_buffer_opts { + /* if specified, sample_cb is called for each sample */ + perf_buffer_sample_fn sample_cb; + /* if specified, lost_cb is called for each batch of lost samples */ + perf_buffer_lost_fn lost_cb; + /* ctx is provided to sample_cb and lost_cb */ + void *ctx; +}; + +LIBBPF_API struct perf_buffer * +perf_buffer__new(int map_fd, size_t page_cnt, + const struct perf_buffer_opts *opts); + +enum bpf_perf_event_ret { + LIBBPF_PERF_EVENT_DONE = 0, + LIBBPF_PERF_EVENT_ERROR = -1, + LIBBPF_PERF_EVENT_CONT = -2, +}; + +struct perf_event_header; + +typedef enum bpf_perf_event_ret +(*perf_buffer_event_fn)(void *ctx, int cpu, struct perf_event_header *event); + +/* raw perf buffer options, giving most power and control */ +struct perf_buffer_raw_opts { + /* perf event attrs passed directly into perf_event_open() */ + struct perf_event_attr *attr; + /* raw event callback */ + perf_buffer_event_fn event_cb; + /* ctx is provided to event_cb */ + void *ctx; + /* if cpu_cnt == 0, open all on all possible CPUs (up to the number of + * max_entries of given PERF_EVENT_ARRAY map) + */ + int cpu_cnt; + /* if cpu_cnt > 0, cpus is an array of CPUs to open ring buffers on */ + int *cpus; + /* if cpu_cnt > 0, map_keys specify map keys to set per-CPU FDs for */ + int *map_keys; +}; + +LIBBPF_API struct perf_buffer * +perf_buffer__new_raw(int map_fd, size_t page_cnt, + const struct perf_buffer_raw_opts *opts); + +LIBBPF_API void perf_buffer__free(struct perf_buffer *pb); +LIBBPF_API int perf_buffer__epoll_fd(const struct perf_buffer *pb); +LIBBPF_API int perf_buffer__poll(struct perf_buffer *pb, int timeout_ms); +LIBBPF_API int perf_buffer__consume(struct perf_buffer *pb); +LIBBPF_API int perf_buffer__consume_buffer(struct perf_buffer *pb, size_t buf_idx); +LIBBPF_API size_t perf_buffer__buffer_cnt(const struct perf_buffer *pb); +LIBBPF_API int perf_buffer__buffer_fd(const struct perf_buffer *pb, size_t buf_idx); + +typedef enum bpf_perf_event_ret + (*bpf_perf_event_print_t)(struct perf_event_header *hdr, + void *private_data); +LIBBPF_API enum bpf_perf_event_ret +bpf_perf_event_read_simple(void *mmap_mem, size_t mmap_size, size_t page_size, + void **copy_mem, size_t *copy_size, + bpf_perf_event_print_t fn, void *private_data); + +struct bpf_prog_linfo; +struct bpf_prog_info; + +LIBBPF_API void bpf_prog_linfo__free(struct bpf_prog_linfo *prog_linfo); +LIBBPF_API struct bpf_prog_linfo * +bpf_prog_linfo__new(const struct bpf_prog_info *info); +LIBBPF_API const struct bpf_line_info * +bpf_prog_linfo__lfind_addr_func(const struct bpf_prog_linfo *prog_linfo, + __u64 addr, __u32 func_idx, __u32 nr_skip); +LIBBPF_API const struct bpf_line_info * +bpf_prog_linfo__lfind(const struct bpf_prog_linfo *prog_linfo, + __u32 insn_off, __u32 nr_skip); + +/* + * Probe for supported system features + * + * Note that running many of these probes in a short amount of time can cause + * the kernel to reach the maximal size of lockable memory allowed for the + * user, causing subsequent probes to fail. In this case, the caller may want + * to adjust that limit with setrlimit(). + */ +LIBBPF_API bool bpf_probe_prog_type(enum bpf_prog_type prog_type, + __u32 ifindex); +LIBBPF_API bool bpf_probe_map_type(enum bpf_map_type map_type, __u32 ifindex); +LIBBPF_API bool bpf_probe_helper(enum bpf_func_id id, + enum bpf_prog_type prog_type, __u32 ifindex); +LIBBPF_API bool bpf_probe_large_insn_limit(__u32 ifindex); + +/* + * Get bpf_prog_info in continuous memory + * + * struct bpf_prog_info has multiple arrays. The user has option to choose + * arrays to fetch from kernel. The following APIs provide an uniform way to + * fetch these data. All arrays in bpf_prog_info are stored in a single + * continuous memory region. This makes it easy to store the info in a + * file. + * + * Before writing bpf_prog_info_linear to files, it is necessary to + * translate pointers in bpf_prog_info to offsets. Helper functions + * bpf_program__bpil_addr_to_offs() and bpf_program__bpil_offs_to_addr() + * are introduced to switch between pointers and offsets. + * + * Examples: + * # To fetch map_ids and prog_tags: + * __u64 arrays = (1UL << BPF_PROG_INFO_MAP_IDS) | + * (1UL << BPF_PROG_INFO_PROG_TAGS); + * struct bpf_prog_info_linear *info_linear = + * bpf_program__get_prog_info_linear(fd, arrays); + * + * # To save data in file + * bpf_program__bpil_addr_to_offs(info_linear); + * write(f, info_linear, sizeof(*info_linear) + info_linear->data_len); + * + * # To read data from file + * read(f, info_linear, ); + * bpf_program__bpil_offs_to_addr(info_linear); + */ +enum bpf_prog_info_array { + BPF_PROG_INFO_FIRST_ARRAY = 0, + BPF_PROG_INFO_JITED_INSNS = 0, + BPF_PROG_INFO_XLATED_INSNS, + BPF_PROG_INFO_MAP_IDS, + BPF_PROG_INFO_JITED_KSYMS, + BPF_PROG_INFO_JITED_FUNC_LENS, + BPF_PROG_INFO_FUNC_INFO, + BPF_PROG_INFO_LINE_INFO, + BPF_PROG_INFO_JITED_LINE_INFO, + BPF_PROG_INFO_PROG_TAGS, + BPF_PROG_INFO_LAST_ARRAY, +}; + +struct bpf_prog_info_linear { + /* size of struct bpf_prog_info, when the tool is compiled */ + __u32 info_len; + /* total bytes allocated for data, round up to 8 bytes */ + __u32 data_len; + /* which arrays are included in data */ + __u64 arrays; + struct bpf_prog_info info; + __u8 data[]; +}; + +LIBBPF_API struct bpf_prog_info_linear * +bpf_program__get_prog_info_linear(int fd, __u64 arrays); + +LIBBPF_API void +bpf_program__bpil_addr_to_offs(struct bpf_prog_info_linear *info_linear); + +LIBBPF_API void +bpf_program__bpil_offs_to_addr(struct bpf_prog_info_linear *info_linear); + +/* + * A helper function to get the number of possible CPUs before looking up + * per-CPU maps. Negative errno is returned on failure. + * + * Example usage: + * + * int ncpus = libbpf_num_possible_cpus(); + * if (ncpus < 0) { + * // error handling + * } + * long values[ncpus]; + * bpf_map_lookup_elem(per_cpu_map_fd, key, values); + * + */ +LIBBPF_API int libbpf_num_possible_cpus(void); + +struct bpf_map_skeleton { + const char *name; + struct bpf_map **map; + void **mmaped; +}; + +struct bpf_prog_skeleton { + const char *name; + struct bpf_program **prog; + struct bpf_link **link; +}; + +struct bpf_object_skeleton { + size_t sz; /* size of this struct, for forward/backward compatibility */ + + const char *name; + void *data; + size_t data_sz; + + struct bpf_object **obj; + + int map_cnt; + int map_skel_sz; /* sizeof(struct bpf_skeleton_map) */ + struct bpf_map_skeleton *maps; + + int prog_cnt; + int prog_skel_sz; /* sizeof(struct bpf_skeleton_prog) */ + struct bpf_prog_skeleton *progs; +}; + +LIBBPF_API int +bpf_object__open_skeleton(struct bpf_object_skeleton *s, + const struct bpf_object_open_opts *opts); +LIBBPF_API int bpf_object__load_skeleton(struct bpf_object_skeleton *s); +LIBBPF_API int bpf_object__attach_skeleton(struct bpf_object_skeleton *s); +LIBBPF_API void bpf_object__detach_skeleton(struct bpf_object_skeleton *s); +LIBBPF_API void bpf_object__destroy_skeleton(struct bpf_object_skeleton *s); + +enum libbpf_tristate { + TRI_NO = 0, + TRI_YES = 1, + TRI_MODULE = 2, +}; + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* __LIBBPF_LIBBPF_H */ diff --git a/resources/usr/include/bpf/libbpf_common.h b/resources/usr/include/bpf/libbpf_common.h new file mode 100644 index 0000000..947d8bd --- /dev/null +++ b/resources/usr/include/bpf/libbpf_common.h @@ -0,0 +1,42 @@ +/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */ + +/* + * Common user-facing libbpf helpers. + * + * Copyright (c) 2019 Facebook + */ + +#ifndef __LIBBPF_LIBBPF_COMMON_H +#define __LIBBPF_LIBBPF_COMMON_H + +#include + +#ifndef LIBBPF_API +#define LIBBPF_API __attribute__((visibility("default"))) +#endif + +#define LIBBPF_DEPRECATED(msg) __attribute__((deprecated(msg))) + +/* Helper macro to declare and initialize libbpf options struct + * + * This dance with uninitialized declaration, followed by memset to zero, + * followed by assignment using compound literal syntax is done to preserve + * ability to use a nice struct field initialization syntax and **hopefully** + * have all the padding bytes initialized to zero. It's not guaranteed though, + * when copying literal, that compiler won't copy garbage in literal's padding + * bytes, but that's the best way I've found and it seems to work in practice. + * + * Macro declares opts struct of given type and name, zero-initializes, + * including any extra padding, it with memset() and then assigns initial + * values provided by users in struct initializer-syntax as varargs. + */ +#define DECLARE_LIBBPF_OPTS(TYPE, NAME, ...) \ + struct TYPE NAME = ({ \ + memset(&NAME, 0, sizeof(struct TYPE)); \ + (struct TYPE) { \ + .sz = sizeof(struct TYPE), \ + __VA_ARGS__ \ + }; \ + }) + +#endif /* __LIBBPF_LIBBPF_COMMON_H */ diff --git a/resources/usr/include/bpf/linux/asm-generic/socket.h b/resources/usr/include/bpf/linux/asm-generic/socket.h new file mode 100644 index 0000000..77f7c16 --- /dev/null +++ b/resources/usr/include/bpf/linux/asm-generic/socket.h @@ -0,0 +1,147 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef __ASM_GENERIC_SOCKET_H +#define __ASM_GENERIC_SOCKET_H + +#include +#include + +/* For setsockopt(2) */ +#define SOL_SOCKET 1 + +#define SO_DEBUG 1 +#define SO_REUSEADDR 2 +#define SO_TYPE 3 +#define SO_ERROR 4 +#define SO_DONTROUTE 5 +#define SO_BROADCAST 6 +#define SO_SNDBUF 7 +#define SO_RCVBUF 8 +#define SO_SNDBUFFORCE 32 +#define SO_RCVBUFFORCE 33 +#define SO_KEEPALIVE 9 +#define SO_OOBINLINE 10 +#define SO_NO_CHECK 11 +#define SO_PRIORITY 12 +#define SO_LINGER 13 +#define SO_BSDCOMPAT 14 +#define SO_REUSEPORT 15 +#ifndef SO_PASSCRED /* powerpc only differs in these */ +#define SO_PASSCRED 16 +#define SO_PEERCRED 17 +#define SO_RCVLOWAT 18 +#define SO_SNDLOWAT 19 +#define SO_RCVTIMEO_OLD 20 +#define SO_SNDTIMEO_OLD 21 +#endif + +/* Security levels - as per NRL IPv6 - don't actually do anything */ +#define SO_SECURITY_AUTHENTICATION 22 +#define SO_SECURITY_ENCRYPTION_TRANSPORT 23 +#define SO_SECURITY_ENCRYPTION_NETWORK 24 + +#define SO_BINDTODEVICE 25 + +/* Socket filtering */ +#define SO_ATTACH_FILTER 26 +#define SO_DETACH_FILTER 27 +#define SO_GET_FILTER SO_ATTACH_FILTER + +#define SO_PEERNAME 28 + +#define SO_ACCEPTCONN 30 + +#define SO_PEERSEC 31 +#define SO_PASSSEC 34 + +#define SO_MARK 36 + +#define SO_PROTOCOL 38 +#define SO_DOMAIN 39 + +#define SO_RXQ_OVFL 40 + +#define SO_WIFI_STATUS 41 +#define SCM_WIFI_STATUS SO_WIFI_STATUS +#define SO_PEEK_OFF 42 + +/* Instruct lower device to use last 4-bytes of skb data as FCS */ +#define SO_NOFCS 43 + +#define SO_LOCK_FILTER 44 + +#define SO_SELECT_ERR_QUEUE 45 + +#define SO_BUSY_POLL 46 + +#define SO_MAX_PACING_RATE 47 + +#define SO_BPF_EXTENSIONS 48 + +#define SO_INCOMING_CPU 49 + +#define SO_ATTACH_BPF 50 +#define SO_DETACH_BPF SO_DETACH_FILTER + +#define SO_ATTACH_REUSEPORT_CBPF 51 +#define SO_ATTACH_REUSEPORT_EBPF 52 + +#define SO_CNX_ADVICE 53 + +#define SCM_TIMESTAMPING_OPT_STATS 54 + +#define SO_MEMINFO 55 + +#define SO_INCOMING_NAPI_ID 56 + +#define SO_COOKIE 57 + +#define SCM_TIMESTAMPING_PKTINFO 58 + +#define SO_PEERGROUPS 59 + +#define SO_ZEROCOPY 60 + +#define SO_TXTIME 61 +#define SCM_TXTIME SO_TXTIME + +#define SO_BINDTOIFINDEX 62 + +#define SO_TIMESTAMP_OLD 29 +#define SO_TIMESTAMPNS_OLD 35 +#define SO_TIMESTAMPING_OLD 37 + +#define SO_TIMESTAMP_NEW 63 +#define SO_TIMESTAMPNS_NEW 64 +#define SO_TIMESTAMPING_NEW 65 + +#define SO_RCVTIMEO_NEW 66 +#define SO_SNDTIMEO_NEW 67 + +#define SO_DETACH_REUSEPORT_BPF 68 + +#if !defined(__KERNEL__) + +#if __BITS_PER_LONG == 64 || (defined(__x86_64__) && defined(__ILP32__)) +/* on 64-bit and x32, avoid the ?: operator */ +#define SO_TIMESTAMP SO_TIMESTAMP_OLD +#define SO_TIMESTAMPNS SO_TIMESTAMPNS_OLD +#define SO_TIMESTAMPING SO_TIMESTAMPING_OLD + +#define SO_RCVTIMEO SO_RCVTIMEO_OLD +#define SO_SNDTIMEO SO_SNDTIMEO_OLD +#else +#define SO_TIMESTAMP (sizeof(time_t) == sizeof(__kernel_long_t) ? SO_TIMESTAMP_OLD : SO_TIMESTAMP_NEW) +#define SO_TIMESTAMPNS (sizeof(time_t) == sizeof(__kernel_long_t) ? SO_TIMESTAMPNS_OLD : SO_TIMESTAMPNS_NEW) +#define SO_TIMESTAMPING (sizeof(time_t) == sizeof(__kernel_long_t) ? SO_TIMESTAMPING_OLD : SO_TIMESTAMPING_NEW) + +#define SO_RCVTIMEO (sizeof(time_t) == sizeof(__kernel_long_t) ? SO_RCVTIMEO_OLD : SO_RCVTIMEO_NEW) +#define SO_SNDTIMEO (sizeof(time_t) == sizeof(__kernel_long_t) ? SO_SNDTIMEO_OLD : SO_SNDTIMEO_NEW) +#endif + +#define SCM_TIMESTAMP SO_TIMESTAMP +#define SCM_TIMESTAMPNS SO_TIMESTAMPNS +#define SCM_TIMESTAMPING SO_TIMESTAMPING + +#endif + +#endif /* __ASM_GENERIC_SOCKET_H */ diff --git a/resources/usr/include/bpf/linux/bpf.h b/resources/usr/include/bpf/linux/bpf.h new file mode 100644 index 0000000..556216d --- /dev/null +++ b/resources/usr/include/bpf/linux/bpf.h @@ -0,0 +1,5051 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of version 2 of the GNU General Public + * License as published by the Free Software Foundation. + */ +#ifndef _UAPI__LINUX_BPF_H__ +#define _UAPI__LINUX_BPF_H__ + +#include +#include + +/* Extended instruction set based on top of classic BPF */ + +/* instruction classes */ +#define BPF_JMP32 0x06 /* jmp mode in word width */ +#define BPF_ALU64 0x07 /* alu mode in double word width */ + +/* ld/ldx fields */ +#define BPF_DW 0x18 /* double word (64-bit) */ +#define BPF_XADD 0xc0 /* exclusive add */ + +/* alu/jmp fields */ +#define BPF_MOV 0xb0 /* mov reg to reg */ +#define BPF_ARSH 0xc0 /* sign extending arithmetic shift right */ + +/* change endianness of a register */ +#define BPF_END 0xd0 /* flags for endianness conversion: */ +#define BPF_TO_LE 0x00 /* convert to little-endian */ +#define BPF_TO_BE 0x08 /* convert to big-endian */ +#define BPF_FROM_LE BPF_TO_LE +#define BPF_FROM_BE BPF_TO_BE + +/* jmp encodings */ +#define BPF_JNE 0x50 /* jump != */ +#define BPF_JLT 0xa0 /* LT is unsigned, '<' */ +#define BPF_JLE 0xb0 /* LE is unsigned, '<=' */ +#define BPF_JSGT 0x60 /* SGT is signed '>', GT in x86 */ +#define BPF_JSGE 0x70 /* SGE is signed '>=', GE in x86 */ +#define BPF_JSLT 0xc0 /* SLT is signed, '<' */ +#define BPF_JSLE 0xd0 /* SLE is signed, '<=' */ +#define BPF_CALL 0x80 /* function call */ +#define BPF_EXIT 0x90 /* function return */ + +/* Register numbers */ +enum { + BPF_REG_0 = 0, + BPF_REG_1, + BPF_REG_2, + BPF_REG_3, + BPF_REG_4, + BPF_REG_5, + BPF_REG_6, + BPF_REG_7, + BPF_REG_8, + BPF_REG_9, + BPF_REG_10, + __MAX_BPF_REG, +}; + +/* BPF has 10 general purpose 64-bit registers and stack frame. */ +#define MAX_BPF_REG __MAX_BPF_REG + +struct bpf_insn { + __u8 code; /* opcode */ + __u8 dst_reg:4; /* dest register */ + __u8 src_reg:4; /* source register */ + __s16 off; /* signed offset */ + __s32 imm; /* signed immediate constant */ +}; + +/* Key of an a BPF_MAP_TYPE_LPM_TRIE entry */ +struct bpf_lpm_trie_key { + __u32 prefixlen; /* up to 32 for AF_INET, 128 for AF_INET6 */ + __u8 data[0]; /* Arbitrary size */ +}; + +struct bpf_cgroup_storage_key { + __u64 cgroup_inode_id; /* cgroup inode id */ + __u32 attach_type; /* program attach type */ +}; + +union bpf_iter_link_info { + struct { + __u32 map_fd; + } map; +}; + +/* BPF syscall commands, see bpf(2) man-page for details. */ +enum bpf_cmd { + BPF_MAP_CREATE, + BPF_MAP_LOOKUP_ELEM, + BPF_MAP_UPDATE_ELEM, + BPF_MAP_DELETE_ELEM, + BPF_MAP_GET_NEXT_KEY, + BPF_PROG_LOAD, + BPF_OBJ_PIN, + BPF_OBJ_GET, + BPF_PROG_ATTACH, + BPF_PROG_DETACH, + BPF_PROG_TEST_RUN, + BPF_PROG_GET_NEXT_ID, + BPF_MAP_GET_NEXT_ID, + BPF_PROG_GET_FD_BY_ID, + BPF_MAP_GET_FD_BY_ID, + BPF_OBJ_GET_INFO_BY_FD, + BPF_PROG_QUERY, + BPF_RAW_TRACEPOINT_OPEN, + BPF_BTF_LOAD, + BPF_BTF_GET_FD_BY_ID, + BPF_TASK_FD_QUERY, + BPF_MAP_LOOKUP_AND_DELETE_ELEM, + BPF_MAP_FREEZE, + BPF_BTF_GET_NEXT_ID, + BPF_MAP_LOOKUP_BATCH, + BPF_MAP_LOOKUP_AND_DELETE_BATCH, + BPF_MAP_UPDATE_BATCH, + BPF_MAP_DELETE_BATCH, + BPF_LINK_CREATE, + BPF_LINK_UPDATE, + BPF_LINK_GET_FD_BY_ID, + BPF_LINK_GET_NEXT_ID, + BPF_ENABLE_STATS, + BPF_ITER_CREATE, + BPF_LINK_DETACH, + BPF_PROG_BIND_MAP, +}; + +enum bpf_map_type { + BPF_MAP_TYPE_UNSPEC, + BPF_MAP_TYPE_HASH, + BPF_MAP_TYPE_ARRAY, + BPF_MAP_TYPE_PROG_ARRAY, + BPF_MAP_TYPE_PERF_EVENT_ARRAY, + BPF_MAP_TYPE_PERCPU_HASH, + BPF_MAP_TYPE_PERCPU_ARRAY, + BPF_MAP_TYPE_STACK_TRACE, + BPF_MAP_TYPE_CGROUP_ARRAY, + BPF_MAP_TYPE_LRU_HASH, + BPF_MAP_TYPE_LRU_PERCPU_HASH, + BPF_MAP_TYPE_LPM_TRIE, + BPF_MAP_TYPE_ARRAY_OF_MAPS, + BPF_MAP_TYPE_HASH_OF_MAPS, + BPF_MAP_TYPE_DEVMAP, + BPF_MAP_TYPE_SOCKMAP, + BPF_MAP_TYPE_CPUMAP, + BPF_MAP_TYPE_XSKMAP, + BPF_MAP_TYPE_SOCKHASH, + BPF_MAP_TYPE_CGROUP_STORAGE, + BPF_MAP_TYPE_REUSEPORT_SOCKARRAY, + BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE, + BPF_MAP_TYPE_QUEUE, + BPF_MAP_TYPE_STACK, + BPF_MAP_TYPE_SK_STORAGE, + BPF_MAP_TYPE_DEVMAP_HASH, + BPF_MAP_TYPE_STRUCT_OPS, + BPF_MAP_TYPE_RINGBUF, + BPF_MAP_TYPE_INODE_STORAGE, +}; + +/* Note that tracing related programs such as + * BPF_PROG_TYPE_{KPROBE,TRACEPOINT,PERF_EVENT,RAW_TRACEPOINT} + * are not subject to a stable API since kernel internal data + * structures can change from release to release and may + * therefore break existing tracing BPF programs. Tracing BPF + * programs correspond to /a/ specific kernel which is to be + * analyzed, and not /a/ specific kernel /and/ all future ones. + */ +enum bpf_prog_type { + BPF_PROG_TYPE_UNSPEC, + BPF_PROG_TYPE_SOCKET_FILTER, + BPF_PROG_TYPE_KPROBE, + BPF_PROG_TYPE_SCHED_CLS, + BPF_PROG_TYPE_SCHED_ACT, + BPF_PROG_TYPE_TRACEPOINT, + BPF_PROG_TYPE_XDP, + BPF_PROG_TYPE_PERF_EVENT, + BPF_PROG_TYPE_CGROUP_SKB, + BPF_PROG_TYPE_CGROUP_SOCK, + BPF_PROG_TYPE_LWT_IN, + BPF_PROG_TYPE_LWT_OUT, + BPF_PROG_TYPE_LWT_XMIT, + BPF_PROG_TYPE_SOCK_OPS, + BPF_PROG_TYPE_SK_SKB, + BPF_PROG_TYPE_CGROUP_DEVICE, + BPF_PROG_TYPE_SK_MSG, + BPF_PROG_TYPE_RAW_TRACEPOINT, + BPF_PROG_TYPE_CGROUP_SOCK_ADDR, + BPF_PROG_TYPE_LWT_SEG6LOCAL, + BPF_PROG_TYPE_LIRC_MODE2, + BPF_PROG_TYPE_SK_REUSEPORT, + BPF_PROG_TYPE_FLOW_DISSECTOR, + BPF_PROG_TYPE_CGROUP_SYSCTL, + BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE, + BPF_PROG_TYPE_CGROUP_SOCKOPT, + BPF_PROG_TYPE_TRACING, + BPF_PROG_TYPE_STRUCT_OPS, + BPF_PROG_TYPE_EXT, + BPF_PROG_TYPE_LSM, + BPF_PROG_TYPE_SK_LOOKUP, +}; + +enum bpf_attach_type { + BPF_CGROUP_INET_INGRESS, + BPF_CGROUP_INET_EGRESS, + BPF_CGROUP_INET_SOCK_CREATE, + BPF_CGROUP_SOCK_OPS, + BPF_SK_SKB_STREAM_PARSER, + BPF_SK_SKB_STREAM_VERDICT, + BPF_CGROUP_DEVICE, + BPF_SK_MSG_VERDICT, + BPF_CGROUP_INET4_BIND, + BPF_CGROUP_INET6_BIND, + BPF_CGROUP_INET4_CONNECT, + BPF_CGROUP_INET6_CONNECT, + BPF_CGROUP_INET4_POST_BIND, + BPF_CGROUP_INET6_POST_BIND, + BPF_CGROUP_UDP4_SENDMSG, + BPF_CGROUP_UDP6_SENDMSG, + BPF_LIRC_MODE2, + BPF_FLOW_DISSECTOR, + BPF_CGROUP_SYSCTL, + BPF_CGROUP_UDP4_RECVMSG, + BPF_CGROUP_UDP6_RECVMSG, + BPF_CGROUP_GETSOCKOPT, + BPF_CGROUP_SETSOCKOPT, + BPF_TRACE_RAW_TP, + BPF_TRACE_FENTRY, + BPF_TRACE_FEXIT, + BPF_MODIFY_RETURN, + BPF_LSM_MAC, + BPF_TRACE_ITER, + BPF_CGROUP_INET4_GETPEERNAME, + BPF_CGROUP_INET6_GETPEERNAME, + BPF_CGROUP_INET4_GETSOCKNAME, + BPF_CGROUP_INET6_GETSOCKNAME, + BPF_XDP_DEVMAP, + BPF_CGROUP_INET_SOCK_RELEASE, + BPF_XDP_CPUMAP, + BPF_SK_LOOKUP, + BPF_XDP, + __MAX_BPF_ATTACH_TYPE +}; + +#define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE + +enum bpf_link_type { + BPF_LINK_TYPE_UNSPEC = 0, + BPF_LINK_TYPE_RAW_TRACEPOINT = 1, + BPF_LINK_TYPE_TRACING = 2, + BPF_LINK_TYPE_CGROUP = 3, + BPF_LINK_TYPE_ITER = 4, + BPF_LINK_TYPE_NETNS = 5, + BPF_LINK_TYPE_XDP = 6, + + MAX_BPF_LINK_TYPE, +}; + +/* cgroup-bpf attach flags used in BPF_PROG_ATTACH command + * + * NONE(default): No further bpf programs allowed in the subtree. + * + * BPF_F_ALLOW_OVERRIDE: If a sub-cgroup installs some bpf program, + * the program in this cgroup yields to sub-cgroup program. + * + * BPF_F_ALLOW_MULTI: If a sub-cgroup installs some bpf program, + * that cgroup program gets run in addition to the program in this cgroup. + * + * Only one program is allowed to be attached to a cgroup with + * NONE or BPF_F_ALLOW_OVERRIDE flag. + * Attaching another program on top of NONE or BPF_F_ALLOW_OVERRIDE will + * release old program and attach the new one. Attach flags has to match. + * + * Multiple programs are allowed to be attached to a cgroup with + * BPF_F_ALLOW_MULTI flag. They are executed in FIFO order + * (those that were attached first, run first) + * The programs of sub-cgroup are executed first, then programs of + * this cgroup and then programs of parent cgroup. + * When children program makes decision (like picking TCP CA or sock bind) + * parent program has a chance to override it. + * + * With BPF_F_ALLOW_MULTI a new program is added to the end of the list of + * programs for a cgroup. Though it's possible to replace an old program at + * any position by also specifying BPF_F_REPLACE flag and position itself in + * replace_bpf_fd attribute. Old program at this position will be released. + * + * A cgroup with MULTI or OVERRIDE flag allows any attach flags in sub-cgroups. + * A cgroup with NONE doesn't allow any programs in sub-cgroups. + * Ex1: + * cgrp1 (MULTI progs A, B) -> + * cgrp2 (OVERRIDE prog C) -> + * cgrp3 (MULTI prog D) -> + * cgrp4 (OVERRIDE prog E) -> + * cgrp5 (NONE prog F) + * the event in cgrp5 triggers execution of F,D,A,B in that order. + * if prog F is detached, the execution is E,D,A,B + * if prog F and D are detached, the execution is E,A,B + * if prog F, E and D are detached, the execution is C,A,B + * + * All eligible programs are executed regardless of return code from + * earlier programs. + */ +#define BPF_F_ALLOW_OVERRIDE (1U << 0) +#define BPF_F_ALLOW_MULTI (1U << 1) +#define BPF_F_REPLACE (1U << 2) + +/* If BPF_F_STRICT_ALIGNMENT is used in BPF_PROG_LOAD command, the + * verifier will perform strict alignment checking as if the kernel + * has been built with CONFIG_EFFICIENT_UNALIGNED_ACCESS not set, + * and NET_IP_ALIGN defined to 2. + */ +#define BPF_F_STRICT_ALIGNMENT (1U << 0) + +/* If BPF_F_ANY_ALIGNMENT is used in BPF_PROF_LOAD command, the + * verifier will allow any alignment whatsoever. On platforms + * with strict alignment requirements for loads ands stores (such + * as sparc and mips) the verifier validates that all loads and + * stores provably follow this requirement. This flag turns that + * checking and enforcement off. + * + * It is mostly used for testing when we want to validate the + * context and memory access aspects of the verifier, but because + * of an unaligned access the alignment check would trigger before + * the one we are interested in. + */ +#define BPF_F_ANY_ALIGNMENT (1U << 1) + +/* BPF_F_TEST_RND_HI32 is used in BPF_PROG_LOAD command for testing purpose. + * Verifier does sub-register def/use analysis and identifies instructions whose + * def only matters for low 32-bit, high 32-bit is never referenced later + * through implicit zero extension. Therefore verifier notifies JIT back-ends + * that it is safe to ignore clearing high 32-bit for these instructions. This + * saves some back-ends a lot of code-gen. However such optimization is not + * necessary on some arches, for example x86_64, arm64 etc, whose JIT back-ends + * hence hasn't used verifier's analysis result. But, we really want to have a + * way to be able to verify the correctness of the described optimization on + * x86_64 on which testsuites are frequently exercised. + * + * So, this flag is introduced. Once it is set, verifier will randomize high + * 32-bit for those instructions who has been identified as safe to ignore them. + * Then, if verifier is not doing correct analysis, such randomization will + * regress tests to expose bugs. + */ +#define BPF_F_TEST_RND_HI32 (1U << 2) + +/* The verifier internal test flag. Behavior is undefined */ +#define BPF_F_TEST_STATE_FREQ (1U << 3) + +/* If BPF_F_SLEEPABLE is used in BPF_PROG_LOAD command, the verifier will + * restrict map and helper usage for such programs. Sleepable BPF programs can + * only be attached to hooks where kernel execution context allows sleeping. + * Such programs are allowed to use helpers that may sleep like + * bpf_copy_from_user(). + */ +#define BPF_F_SLEEPABLE (1U << 4) + +/* When BPF ldimm64's insn[0].src_reg != 0 then this can have + * the following extensions: + * + * insn[0].src_reg: BPF_PSEUDO_MAP_FD + * insn[0].imm: map fd + * insn[1].imm: 0 + * insn[0].off: 0 + * insn[1].off: 0 + * ldimm64 rewrite: address of map + * verifier type: CONST_PTR_TO_MAP + */ +#define BPF_PSEUDO_MAP_FD 1 +/* insn[0].src_reg: BPF_PSEUDO_MAP_VALUE + * insn[0].imm: map fd + * insn[1].imm: offset into value + * insn[0].off: 0 + * insn[1].off: 0 + * ldimm64 rewrite: address of map[0]+offset + * verifier type: PTR_TO_MAP_VALUE + */ +#define BPF_PSEUDO_MAP_VALUE 2 +/* insn[0].src_reg: BPF_PSEUDO_BTF_ID + * insn[0].imm: kernel btd id of VAR + * insn[1].imm: 0 + * insn[0].off: 0 + * insn[1].off: 0 + * ldimm64 rewrite: address of the kernel variable + * verifier type: PTR_TO_BTF_ID or PTR_TO_MEM, depending on whether the var + * is struct/union. + */ +#define BPF_PSEUDO_BTF_ID 3 + +/* when bpf_call->src_reg == BPF_PSEUDO_CALL, bpf_call->imm == pc-relative + * offset to another bpf function + */ +#define BPF_PSEUDO_CALL 1 + +/* flags for BPF_MAP_UPDATE_ELEM command */ +enum { + BPF_ANY = 0, /* create new element or update existing */ + BPF_NOEXIST = 1, /* create new element if it didn't exist */ + BPF_EXIST = 2, /* update existing element */ + BPF_F_LOCK = 4, /* spin_lock-ed map_lookup/map_update */ +}; + +/* flags for BPF_MAP_CREATE command */ +enum { + BPF_F_NO_PREALLOC = (1U << 0), +/* Instead of having one common LRU list in the + * BPF_MAP_TYPE_LRU_[PERCPU_]HASH map, use a percpu LRU list + * which can scale and perform better. + * Note, the LRU nodes (including free nodes) cannot be moved + * across different LRU lists. + */ + BPF_F_NO_COMMON_LRU = (1U << 1), +/* Specify numa node during map creation */ + BPF_F_NUMA_NODE = (1U << 2), + +/* Flags for accessing BPF object from syscall side. */ + BPF_F_RDONLY = (1U << 3), + BPF_F_WRONLY = (1U << 4), + +/* Flag for stack_map, store build_id+offset instead of pointer */ + BPF_F_STACK_BUILD_ID = (1U << 5), + +/* Zero-initialize hash function seed. This should only be used for testing. */ + BPF_F_ZERO_SEED = (1U << 6), + +/* Flags for accessing BPF object from program side. */ + BPF_F_RDONLY_PROG = (1U << 7), + BPF_F_WRONLY_PROG = (1U << 8), + +/* Clone map from listener for newly accepted socket */ + BPF_F_CLONE = (1U << 9), + +/* Enable memory-mapping BPF map */ + BPF_F_MMAPABLE = (1U << 10), + +/* Share perf_event among processes */ + BPF_F_PRESERVE_ELEMS = (1U << 11), + +/* Create a map that is suitable to be an inner map with dynamic max entries */ + BPF_F_INNER_MAP = (1U << 12), +}; + +/* Flags for BPF_PROG_QUERY. */ + +/* Query effective (directly attached + inherited from ancestor cgroups) + * programs that will be executed for events within a cgroup. + * attach_flags with this flag are returned only for directly attached programs. + */ +#define BPF_F_QUERY_EFFECTIVE (1U << 0) + +/* Flags for BPF_PROG_TEST_RUN */ + +/* If set, run the test on the cpu specified by bpf_attr.test.cpu */ +#define BPF_F_TEST_RUN_ON_CPU (1U << 0) + +/* type for BPF_ENABLE_STATS */ +enum bpf_stats_type { + /* enabled run_time_ns and run_cnt */ + BPF_STATS_RUN_TIME = 0, +}; + +enum bpf_stack_build_id_status { + /* user space need an empty entry to identify end of a trace */ + BPF_STACK_BUILD_ID_EMPTY = 0, + /* with valid build_id and offset */ + BPF_STACK_BUILD_ID_VALID = 1, + /* couldn't get build_id, fallback to ip */ + BPF_STACK_BUILD_ID_IP = 2, +}; + +#define BPF_BUILD_ID_SIZE 20 +struct bpf_stack_build_id { + __s32 status; + unsigned char build_id[BPF_BUILD_ID_SIZE]; + union { + __u64 offset; + __u64 ip; + }; +}; + +#define BPF_OBJ_NAME_LEN 16U + +union bpf_attr { + struct { /* anonymous struct used by BPF_MAP_CREATE command */ + __u32 map_type; /* one of enum bpf_map_type */ + __u32 key_size; /* size of key in bytes */ + __u32 value_size; /* size of value in bytes */ + __u32 max_entries; /* max number of entries in a map */ + __u32 map_flags; /* BPF_MAP_CREATE related + * flags defined above. + */ + __u32 inner_map_fd; /* fd pointing to the inner map */ + __u32 numa_node; /* numa node (effective only if + * BPF_F_NUMA_NODE is set). + */ + char map_name[BPF_OBJ_NAME_LEN]; + __u32 map_ifindex; /* ifindex of netdev to create on */ + __u32 btf_fd; /* fd pointing to a BTF type data */ + __u32 btf_key_type_id; /* BTF type_id of the key */ + __u32 btf_value_type_id; /* BTF type_id of the value */ + __u32 btf_vmlinux_value_type_id;/* BTF type_id of a kernel- + * struct stored as the + * map value + */ + }; + + struct { /* anonymous struct used by BPF_MAP_*_ELEM commands */ + __u32 map_fd; + __aligned_u64 key; + union { + __aligned_u64 value; + __aligned_u64 next_key; + }; + __u64 flags; + }; + + struct { /* struct used by BPF_MAP_*_BATCH commands */ + __aligned_u64 in_batch; /* start batch, + * NULL to start from beginning + */ + __aligned_u64 out_batch; /* output: next start batch */ + __aligned_u64 keys; + __aligned_u64 values; + __u32 count; /* input/output: + * input: # of key/value + * elements + * output: # of filled elements + */ + __u32 map_fd; + __u64 elem_flags; + __u64 flags; + } batch; + + struct { /* anonymous struct used by BPF_PROG_LOAD command */ + __u32 prog_type; /* one of enum bpf_prog_type */ + __u32 insn_cnt; + __aligned_u64 insns; + __aligned_u64 license; + __u32 log_level; /* verbosity level of verifier */ + __u32 log_size; /* size of user buffer */ + __aligned_u64 log_buf; /* user supplied buffer */ + __u32 kern_version; /* not used */ + __u32 prog_flags; + char prog_name[BPF_OBJ_NAME_LEN]; + __u32 prog_ifindex; /* ifindex of netdev to prep for */ + /* For some prog types expected attach type must be known at + * load time to verify attach type specific parts of prog + * (context accesses, allowed helpers, etc). + */ + __u32 expected_attach_type; + __u32 prog_btf_fd; /* fd pointing to BTF type data */ + __u32 func_info_rec_size; /* userspace bpf_func_info size */ + __aligned_u64 func_info; /* func info */ + __u32 func_info_cnt; /* number of bpf_func_info records */ + __u32 line_info_rec_size; /* userspace bpf_line_info size */ + __aligned_u64 line_info; /* line info */ + __u32 line_info_cnt; /* number of bpf_line_info records */ + __u32 attach_btf_id; /* in-kernel BTF type id to attach to */ + __u32 attach_prog_fd; /* 0 to attach to vmlinux */ + }; + + struct { /* anonymous struct used by BPF_OBJ_* commands */ + __aligned_u64 pathname; + __u32 bpf_fd; + __u32 file_flags; + }; + + struct { /* anonymous struct used by BPF_PROG_ATTACH/DETACH commands */ + __u32 target_fd; /* container object to attach to */ + __u32 attach_bpf_fd; /* eBPF program to attach */ + __u32 attach_type; + __u32 attach_flags; + __u32 replace_bpf_fd; /* previously attached eBPF + * program to replace if + * BPF_F_REPLACE is used + */ + }; + + struct { /* anonymous struct used by BPF_PROG_TEST_RUN command */ + __u32 prog_fd; + __u32 retval; + __u32 data_size_in; /* input: len of data_in */ + __u32 data_size_out; /* input/output: len of data_out + * returns ENOSPC if data_out + * is too small. + */ + __aligned_u64 data_in; + __aligned_u64 data_out; + __u32 repeat; + __u32 duration; + __u32 ctx_size_in; /* input: len of ctx_in */ + __u32 ctx_size_out; /* input/output: len of ctx_out + * returns ENOSPC if ctx_out + * is too small. + */ + __aligned_u64 ctx_in; + __aligned_u64 ctx_out; + __u32 flags; + __u32 cpu; + } test; + + struct { /* anonymous struct used by BPF_*_GET_*_ID */ + union { + __u32 start_id; + __u32 prog_id; + __u32 map_id; + __u32 btf_id; + __u32 link_id; + }; + __u32 next_id; + __u32 open_flags; + }; + + struct { /* anonymous struct used by BPF_OBJ_GET_INFO_BY_FD */ + __u32 bpf_fd; + __u32 info_len; + __aligned_u64 info; + } info; + + struct { /* anonymous struct used by BPF_PROG_QUERY command */ + __u32 target_fd; /* container object to query */ + __u32 attach_type; + __u32 query_flags; + __u32 attach_flags; + __aligned_u64 prog_ids; + __u32 prog_cnt; + } query; + + struct { /* anonymous struct used by BPF_RAW_TRACEPOINT_OPEN command */ + __u64 name; + __u32 prog_fd; + } raw_tracepoint; + + struct { /* anonymous struct for BPF_BTF_LOAD */ + __aligned_u64 btf; + __aligned_u64 btf_log_buf; + __u32 btf_size; + __u32 btf_log_size; + __u32 btf_log_level; + }; + + struct { + __u32 pid; /* input: pid */ + __u32 fd; /* input: fd */ + __u32 flags; /* input: flags */ + __u32 buf_len; /* input/output: buf len */ + __aligned_u64 buf; /* input/output: + * tp_name for tracepoint + * symbol for kprobe + * filename for uprobe + */ + __u32 prog_id; /* output: prod_id */ + __u32 fd_type; /* output: BPF_FD_TYPE_* */ + __u64 probe_offset; /* output: probe_offset */ + __u64 probe_addr; /* output: probe_addr */ + } task_fd_query; + + struct { /* struct used by BPF_LINK_CREATE command */ + __u32 prog_fd; /* eBPF program to attach */ + union { + __u32 target_fd; /* object to attach to */ + __u32 target_ifindex; /* target ifindex */ + }; + __u32 attach_type; /* attach type */ + __u32 flags; /* extra flags */ + union { + __u32 target_btf_id; /* btf_id of target to attach to */ + struct { + __aligned_u64 iter_info; /* extra bpf_iter_link_info */ + __u32 iter_info_len; /* iter_info length */ + }; + }; + } link_create; + + struct { /* struct used by BPF_LINK_UPDATE command */ + __u32 link_fd; /* link fd */ + /* new program fd to update link with */ + __u32 new_prog_fd; + __u32 flags; /* extra flags */ + /* expected link's program fd; is specified only if + * BPF_F_REPLACE flag is set in flags */ + __u32 old_prog_fd; + } link_update; + + struct { + __u32 link_fd; + } link_detach; + + struct { /* struct used by BPF_ENABLE_STATS command */ + __u32 type; + } enable_stats; + + struct { /* struct used by BPF_ITER_CREATE command */ + __u32 link_fd; + __u32 flags; + } iter_create; + + struct { /* struct used by BPF_PROG_BIND_MAP command */ + __u32 prog_fd; + __u32 map_fd; + __u32 flags; /* extra flags */ + } prog_bind_map; + +} __attribute__((aligned(8))); + +/* The description below is an attempt at providing documentation to eBPF + * developers about the multiple available eBPF helper functions. It can be + * parsed and used to produce a manual page. The workflow is the following, + * and requires the rst2man utility: + * + * $ ./scripts/bpf_helpers_doc.py \ + * --filename include/uapi/linux/bpf.h > /tmp/bpf-helpers.rst + * $ rst2man /tmp/bpf-helpers.rst > /tmp/bpf-helpers.7 + * $ man /tmp/bpf-helpers.7 + * + * Note that in order to produce this external documentation, some RST + * formatting is used in the descriptions to get "bold" and "italics" in + * manual pages. Also note that the few trailing white spaces are + * intentional, removing them would break paragraphs for rst2man. + * + * Start of BPF helper function descriptions: + * + * void *bpf_map_lookup_elem(struct bpf_map *map, const void *key) + * Description + * Perform a lookup in *map* for an entry associated to *key*. + * Return + * Map value associated to *key*, or **NULL** if no entry was + * found. + * + * long bpf_map_update_elem(struct bpf_map *map, const void *key, const void *value, u64 flags) + * Description + * Add or update the value of the entry associated to *key* in + * *map* with *value*. *flags* is one of: + * + * **BPF_NOEXIST** + * The entry for *key* must not exist in the map. + * **BPF_EXIST** + * The entry for *key* must already exist in the map. + * **BPF_ANY** + * No condition on the existence of the entry for *key*. + * + * Flag value **BPF_NOEXIST** cannot be used for maps of types + * **BPF_MAP_TYPE_ARRAY** or **BPF_MAP_TYPE_PERCPU_ARRAY** (all + * elements always exist), the helper would return an error. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_map_delete_elem(struct bpf_map *map, const void *key) + * Description + * Delete entry with *key* from *map*. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_probe_read(void *dst, u32 size, const void *unsafe_ptr) + * Description + * For tracing programs, safely attempt to read *size* bytes from + * kernel space address *unsafe_ptr* and store the data in *dst*. + * + * Generally, use **bpf_probe_read_user**\ () or + * **bpf_probe_read_kernel**\ () instead. + * Return + * 0 on success, or a negative error in case of failure. + * + * u64 bpf_ktime_get_ns(void) + * Description + * Return the time elapsed since system boot, in nanoseconds. + * Does not include time the system was suspended. + * See: **clock_gettime**\ (**CLOCK_MONOTONIC**) + * Return + * Current *ktime*. + * + * long bpf_trace_printk(const char *fmt, u32 fmt_size, ...) + * Description + * This helper is a "printk()-like" facility for debugging. It + * prints a message defined by format *fmt* (of size *fmt_size*) + * to file *\/sys/kernel/debug/tracing/trace* from DebugFS, if + * available. It can take up to three additional **u64** + * arguments (as an eBPF helpers, the total number of arguments is + * limited to five). + * + * Each time the helper is called, it appends a line to the trace. + * Lines are discarded while *\/sys/kernel/debug/tracing/trace* is + * open, use *\/sys/kernel/debug/tracing/trace_pipe* to avoid this. + * The format of the trace is customizable, and the exact output + * one will get depends on the options set in + * *\/sys/kernel/debug/tracing/trace_options* (see also the + * *README* file under the same directory). However, it usually + * defaults to something like: + * + * :: + * + * telnet-470 [001] .N.. 419421.045894: 0x00000001: + * + * In the above: + * + * * ``telnet`` is the name of the current task. + * * ``470`` is the PID of the current task. + * * ``001`` is the CPU number on which the task is + * running. + * * In ``.N..``, each character refers to a set of + * options (whether irqs are enabled, scheduling + * options, whether hard/softirqs are running, level of + * preempt_disabled respectively). **N** means that + * **TIF_NEED_RESCHED** and **PREEMPT_NEED_RESCHED** + * are set. + * * ``419421.045894`` is a timestamp. + * * ``0x00000001`` is a fake value used by BPF for the + * instruction pointer register. + * * ```` is the message formatted with + * *fmt*. + * + * The conversion specifiers supported by *fmt* are similar, but + * more limited than for printk(). They are **%d**, **%i**, + * **%u**, **%x**, **%ld**, **%li**, **%lu**, **%lx**, **%lld**, + * **%lli**, **%llu**, **%llx**, **%p**, **%s**. No modifier (size + * of field, padding with zeroes, etc.) is available, and the + * helper will return **-EINVAL** (but print nothing) if it + * encounters an unknown specifier. + * + * Also, note that **bpf_trace_printk**\ () is slow, and should + * only be used for debugging purposes. For this reason, a notice + * block (spanning several lines) is printed to kernel logs and + * states that the helper should not be used "for production use" + * the first time this helper is used (or more precisely, when + * **trace_printk**\ () buffers are allocated). For passing values + * to user space, perf events should be preferred. + * Return + * The number of bytes written to the buffer, or a negative error + * in case of failure. + * + * u32 bpf_get_prandom_u32(void) + * Description + * Get a pseudo-random number. + * + * From a security point of view, this helper uses its own + * pseudo-random internal state, and cannot be used to infer the + * seed of other random functions in the kernel. However, it is + * essential to note that the generator used by the helper is not + * cryptographically secure. + * Return + * A random 32-bit unsigned value. + * + * u32 bpf_get_smp_processor_id(void) + * Description + * Get the SMP (symmetric multiprocessing) processor id. Note that + * all programs run with preemption disabled, which means that the + * SMP processor id is stable during all the execution of the + * program. + * Return + * The SMP id of the processor running the program. + * + * long bpf_skb_store_bytes(struct sk_buff *skb, u32 offset, const void *from, u32 len, u64 flags) + * Description + * Store *len* bytes from address *from* into the packet + * associated to *skb*, at *offset*. *flags* are a combination of + * **BPF_F_RECOMPUTE_CSUM** (automatically recompute the + * checksum for the packet after storing the bytes) and + * **BPF_F_INVALIDATE_HASH** (set *skb*\ **->hash**, *skb*\ + * **->swhash** and *skb*\ **->l4hash** to 0). + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_l3_csum_replace(struct sk_buff *skb, u32 offset, u64 from, u64 to, u64 size) + * Description + * Recompute the layer 3 (e.g. IP) checksum for the packet + * associated to *skb*. Computation is incremental, so the helper + * must know the former value of the header field that was + * modified (*from*), the new value of this field (*to*), and the + * number of bytes (2 or 4) for this field, stored in *size*. + * Alternatively, it is possible to store the difference between + * the previous and the new values of the header field in *to*, by + * setting *from* and *size* to 0. For both methods, *offset* + * indicates the location of the IP checksum within the packet. + * + * This helper works in combination with **bpf_csum_diff**\ (), + * which does not update the checksum in-place, but offers more + * flexibility and can handle sizes larger than 2 or 4 for the + * checksum to update. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_l4_csum_replace(struct sk_buff *skb, u32 offset, u64 from, u64 to, u64 flags) + * Description + * Recompute the layer 4 (e.g. TCP, UDP or ICMP) checksum for the + * packet associated to *skb*. Computation is incremental, so the + * helper must know the former value of the header field that was + * modified (*from*), the new value of this field (*to*), and the + * number of bytes (2 or 4) for this field, stored on the lowest + * four bits of *flags*. Alternatively, it is possible to store + * the difference between the previous and the new values of the + * header field in *to*, by setting *from* and the four lowest + * bits of *flags* to 0. For both methods, *offset* indicates the + * location of the IP checksum within the packet. In addition to + * the size of the field, *flags* can be added (bitwise OR) actual + * flags. With **BPF_F_MARK_MANGLED_0**, a null checksum is left + * untouched (unless **BPF_F_MARK_ENFORCE** is added as well), and + * for updates resulting in a null checksum the value is set to + * **CSUM_MANGLED_0** instead. Flag **BPF_F_PSEUDO_HDR** indicates + * the checksum is to be computed against a pseudo-header. + * + * This helper works in combination with **bpf_csum_diff**\ (), + * which does not update the checksum in-place, but offers more + * flexibility and can handle sizes larger than 2 or 4 for the + * checksum to update. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_tail_call(void *ctx, struct bpf_map *prog_array_map, u32 index) + * Description + * This special helper is used to trigger a "tail call", or in + * other words, to jump into another eBPF program. The same stack + * frame is used (but values on stack and in registers for the + * caller are not accessible to the callee). This mechanism allows + * for program chaining, either for raising the maximum number of + * available eBPF instructions, or to execute given programs in + * conditional blocks. For security reasons, there is an upper + * limit to the number of successive tail calls that can be + * performed. + * + * Upon call of this helper, the program attempts to jump into a + * program referenced at index *index* in *prog_array_map*, a + * special map of type **BPF_MAP_TYPE_PROG_ARRAY**, and passes + * *ctx*, a pointer to the context. + * + * If the call succeeds, the kernel immediately runs the first + * instruction of the new program. This is not a function call, + * and it never returns to the previous program. If the call + * fails, then the helper has no effect, and the caller continues + * to run its subsequent instructions. A call can fail if the + * destination program for the jump does not exist (i.e. *index* + * is superior to the number of entries in *prog_array_map*), or + * if the maximum number of tail calls has been reached for this + * chain of programs. This limit is defined in the kernel by the + * macro **MAX_TAIL_CALL_CNT** (not accessible to user space), + * which is currently set to 32. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_clone_redirect(struct sk_buff *skb, u32 ifindex, u64 flags) + * Description + * Clone and redirect the packet associated to *skb* to another + * net device of index *ifindex*. Both ingress and egress + * interfaces can be used for redirection. The **BPF_F_INGRESS** + * value in *flags* is used to make the distinction (ingress path + * is selected if the flag is present, egress path otherwise). + * This is the only flag supported for now. + * + * In comparison with **bpf_redirect**\ () helper, + * **bpf_clone_redirect**\ () has the associated cost of + * duplicating the packet buffer, but this can be executed out of + * the eBPF program. Conversely, **bpf_redirect**\ () is more + * efficient, but it is handled through an action code where the + * redirection happens only after the eBPF program has returned. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * u64 bpf_get_current_pid_tgid(void) + * Return + * A 64-bit integer containing the current tgid and pid, and + * created as such: + * *current_task*\ **->tgid << 32 \|** + * *current_task*\ **->pid**. + * + * u64 bpf_get_current_uid_gid(void) + * Return + * A 64-bit integer containing the current GID and UID, and + * created as such: *current_gid* **<< 32 \|** *current_uid*. + * + * long bpf_get_current_comm(void *buf, u32 size_of_buf) + * Description + * Copy the **comm** attribute of the current task into *buf* of + * *size_of_buf*. The **comm** attribute contains the name of + * the executable (excluding the path) for the current task. The + * *size_of_buf* must be strictly positive. On success, the + * helper makes sure that the *buf* is NUL-terminated. On failure, + * it is filled with zeroes. + * Return + * 0 on success, or a negative error in case of failure. + * + * u32 bpf_get_cgroup_classid(struct sk_buff *skb) + * Description + * Retrieve the classid for the current task, i.e. for the net_cls + * cgroup to which *skb* belongs. + * + * This helper can be used on TC egress path, but not on ingress. + * + * The net_cls cgroup provides an interface to tag network packets + * based on a user-provided identifier for all traffic coming from + * the tasks belonging to the related cgroup. See also the related + * kernel documentation, available from the Linux sources in file + * *Documentation/admin-guide/cgroup-v1/net_cls.rst*. + * + * The Linux kernel has two versions for cgroups: there are + * cgroups v1 and cgroups v2. Both are available to users, who can + * use a mixture of them, but note that the net_cls cgroup is for + * cgroup v1 only. This makes it incompatible with BPF programs + * run on cgroups, which is a cgroup-v2-only feature (a socket can + * only hold data for one version of cgroups at a time). + * + * This helper is only available is the kernel was compiled with + * the **CONFIG_CGROUP_NET_CLASSID** configuration option set to + * "**y**" or to "**m**". + * Return + * The classid, or 0 for the default unconfigured classid. + * + * long bpf_skb_vlan_push(struct sk_buff *skb, __be16 vlan_proto, u16 vlan_tci) + * Description + * Push a *vlan_tci* (VLAN tag control information) of protocol + * *vlan_proto* to the packet associated to *skb*, then update + * the checksum. Note that if *vlan_proto* is different from + * **ETH_P_8021Q** and **ETH_P_8021AD**, it is considered to + * be **ETH_P_8021Q**. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_skb_vlan_pop(struct sk_buff *skb) + * Description + * Pop a VLAN header from the packet associated to *skb*. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_skb_get_tunnel_key(struct sk_buff *skb, struct bpf_tunnel_key *key, u32 size, u64 flags) + * Description + * Get tunnel metadata. This helper takes a pointer *key* to an + * empty **struct bpf_tunnel_key** of **size**, that will be + * filled with tunnel metadata for the packet associated to *skb*. + * The *flags* can be set to **BPF_F_TUNINFO_IPV6**, which + * indicates that the tunnel is based on IPv6 protocol instead of + * IPv4. + * + * The **struct bpf_tunnel_key** is an object that generalizes the + * principal parameters used by various tunneling protocols into a + * single struct. This way, it can be used to easily make a + * decision based on the contents of the encapsulation header, + * "summarized" in this struct. In particular, it holds the IP + * address of the remote end (IPv4 or IPv6, depending on the case) + * in *key*\ **->remote_ipv4** or *key*\ **->remote_ipv6**. Also, + * this struct exposes the *key*\ **->tunnel_id**, which is + * generally mapped to a VNI (Virtual Network Identifier), making + * it programmable together with the **bpf_skb_set_tunnel_key**\ + * () helper. + * + * Let's imagine that the following code is part of a program + * attached to the TC ingress interface, on one end of a GRE + * tunnel, and is supposed to filter out all messages coming from + * remote ends with IPv4 address other than 10.0.0.1: + * + * :: + * + * int ret; + * struct bpf_tunnel_key key = {}; + * + * ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0); + * if (ret < 0) + * return TC_ACT_SHOT; // drop packet + * + * if (key.remote_ipv4 != 0x0a000001) + * return TC_ACT_SHOT; // drop packet + * + * return TC_ACT_OK; // accept packet + * + * This interface can also be used with all encapsulation devices + * that can operate in "collect metadata" mode: instead of having + * one network device per specific configuration, the "collect + * metadata" mode only requires a single device where the + * configuration can be extracted from this helper. + * + * This can be used together with various tunnels such as VXLan, + * Geneve, GRE or IP in IP (IPIP). + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_skb_set_tunnel_key(struct sk_buff *skb, struct bpf_tunnel_key *key, u32 size, u64 flags) + * Description + * Populate tunnel metadata for packet associated to *skb.* The + * tunnel metadata is set to the contents of *key*, of *size*. The + * *flags* can be set to a combination of the following values: + * + * **BPF_F_TUNINFO_IPV6** + * Indicate that the tunnel is based on IPv6 protocol + * instead of IPv4. + * **BPF_F_ZERO_CSUM_TX** + * For IPv4 packets, add a flag to tunnel metadata + * indicating that checksum computation should be skipped + * and checksum set to zeroes. + * **BPF_F_DONT_FRAGMENT** + * Add a flag to tunnel metadata indicating that the + * packet should not be fragmented. + * **BPF_F_SEQ_NUMBER** + * Add a flag to tunnel metadata indicating that a + * sequence number should be added to tunnel header before + * sending the packet. This flag was added for GRE + * encapsulation, but might be used with other protocols + * as well in the future. + * + * Here is a typical usage on the transmit path: + * + * :: + * + * struct bpf_tunnel_key key; + * populate key ... + * bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0); + * bpf_clone_redirect(skb, vxlan_dev_ifindex, 0); + * + * See also the description of the **bpf_skb_get_tunnel_key**\ () + * helper for additional information. + * Return + * 0 on success, or a negative error in case of failure. + * + * u64 bpf_perf_event_read(struct bpf_map *map, u64 flags) + * Description + * Read the value of a perf event counter. This helper relies on a + * *map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. The nature of + * the perf event counter is selected when *map* is updated with + * perf event file descriptors. The *map* is an array whose size + * is the number of available CPUs, and each cell contains a value + * relative to one CPU. The value to retrieve is indicated by + * *flags*, that contains the index of the CPU to look up, masked + * with **BPF_F_INDEX_MASK**. Alternatively, *flags* can be set to + * **BPF_F_CURRENT_CPU** to indicate that the value for the + * current CPU should be retrieved. + * + * Note that before Linux 4.13, only hardware perf event can be + * retrieved. + * + * Also, be aware that the newer helper + * **bpf_perf_event_read_value**\ () is recommended over + * **bpf_perf_event_read**\ () in general. The latter has some ABI + * quirks where error and counter value are used as a return code + * (which is wrong to do since ranges may overlap). This issue is + * fixed with **bpf_perf_event_read_value**\ (), which at the same + * time provides more features over the **bpf_perf_event_read**\ + * () interface. Please refer to the description of + * **bpf_perf_event_read_value**\ () for details. + * Return + * The value of the perf event counter read from the map, or a + * negative error code in case of failure. + * + * long bpf_redirect(u32 ifindex, u64 flags) + * Description + * Redirect the packet to another net device of index *ifindex*. + * This helper is somewhat similar to **bpf_clone_redirect**\ + * (), except that the packet is not cloned, which provides + * increased performance. + * + * Except for XDP, both ingress and egress interfaces can be used + * for redirection. The **BPF_F_INGRESS** value in *flags* is used + * to make the distinction (ingress path is selected if the flag + * is present, egress path otherwise). Currently, XDP only + * supports redirection to the egress interface, and accepts no + * flag at all. + * + * The same effect can also be attained with the more generic + * **bpf_redirect_map**\ (), which uses a BPF map to store the + * redirect target instead of providing it directly to the helper. + * Return + * For XDP, the helper returns **XDP_REDIRECT** on success or + * **XDP_ABORTED** on error. For other program types, the values + * are **TC_ACT_REDIRECT** on success or **TC_ACT_SHOT** on + * error. + * + * u32 bpf_get_route_realm(struct sk_buff *skb) + * Description + * Retrieve the realm or the route, that is to say the + * **tclassid** field of the destination for the *skb*. The + * identifier retrieved is a user-provided tag, similar to the + * one used with the net_cls cgroup (see description for + * **bpf_get_cgroup_classid**\ () helper), but here this tag is + * held by a route (a destination entry), not by a task. + * + * Retrieving this identifier works with the clsact TC egress hook + * (see also **tc-bpf(8)**), or alternatively on conventional + * classful egress qdiscs, but not on TC ingress path. In case of + * clsact TC egress hook, this has the advantage that, internally, + * the destination entry has not been dropped yet in the transmit + * path. Therefore, the destination entry does not need to be + * artificially held via **netif_keep_dst**\ () for a classful + * qdisc until the *skb* is freed. + * + * This helper is available only if the kernel was compiled with + * **CONFIG_IP_ROUTE_CLASSID** configuration option. + * Return + * The realm of the route for the packet associated to *skb*, or 0 + * if none was found. + * + * long bpf_perf_event_output(void *ctx, struct bpf_map *map, u64 flags, void *data, u64 size) + * Description + * Write raw *data* blob into a special BPF perf event held by + * *map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. This perf + * event must have the following attributes: **PERF_SAMPLE_RAW** + * as **sample_type**, **PERF_TYPE_SOFTWARE** as **type**, and + * **PERF_COUNT_SW_BPF_OUTPUT** as **config**. + * + * The *flags* are used to indicate the index in *map* for which + * the value must be put, masked with **BPF_F_INDEX_MASK**. + * Alternatively, *flags* can be set to **BPF_F_CURRENT_CPU** + * to indicate that the index of the current CPU core should be + * used. + * + * The value to write, of *size*, is passed through eBPF stack and + * pointed by *data*. + * + * The context of the program *ctx* needs also be passed to the + * helper. + * + * On user space, a program willing to read the values needs to + * call **perf_event_open**\ () on the perf event (either for + * one or for all CPUs) and to store the file descriptor into the + * *map*. This must be done before the eBPF program can send data + * into it. An example is available in file + * *samples/bpf/trace_output_user.c* in the Linux kernel source + * tree (the eBPF program counterpart is in + * *samples/bpf/trace_output_kern.c*). + * + * **bpf_perf_event_output**\ () achieves better performance + * than **bpf_trace_printk**\ () for sharing data with user + * space, and is much better suitable for streaming data from eBPF + * programs. + * + * Note that this helper is not restricted to tracing use cases + * and can be used with programs attached to TC or XDP as well, + * where it allows for passing data to user space listeners. Data + * can be: + * + * * Only custom structs, + * * Only the packet payload, or + * * A combination of both. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_skb_load_bytes(const void *skb, u32 offset, void *to, u32 len) + * Description + * This helper was provided as an easy way to load data from a + * packet. It can be used to load *len* bytes from *offset* from + * the packet associated to *skb*, into the buffer pointed by + * *to*. + * + * Since Linux 4.7, usage of this helper has mostly been replaced + * by "direct packet access", enabling packet data to be + * manipulated with *skb*\ **->data** and *skb*\ **->data_end** + * pointing respectively to the first byte of packet data and to + * the byte after the last byte of packet data. However, it + * remains useful if one wishes to read large quantities of data + * at once from a packet into the eBPF stack. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_get_stackid(void *ctx, struct bpf_map *map, u64 flags) + * Description + * Walk a user or a kernel stack and return its id. To achieve + * this, the helper needs *ctx*, which is a pointer to the context + * on which the tracing program is executed, and a pointer to a + * *map* of type **BPF_MAP_TYPE_STACK_TRACE**. + * + * The last argument, *flags*, holds the number of stack frames to + * skip (from 0 to 255), masked with + * **BPF_F_SKIP_FIELD_MASK**. The next bits can be used to set + * a combination of the following flags: + * + * **BPF_F_USER_STACK** + * Collect a user space stack instead of a kernel stack. + * **BPF_F_FAST_STACK_CMP** + * Compare stacks by hash only. + * **BPF_F_REUSE_STACKID** + * If two different stacks hash into the same *stackid*, + * discard the old one. + * + * The stack id retrieved is a 32 bit long integer handle which + * can be further combined with other data (including other stack + * ids) and used as a key into maps. This can be useful for + * generating a variety of graphs (such as flame graphs or off-cpu + * graphs). + * + * For walking a stack, this helper is an improvement over + * **bpf_probe_read**\ (), which can be used with unrolled loops + * but is not efficient and consumes a lot of eBPF instructions. + * Instead, **bpf_get_stackid**\ () can collect up to + * **PERF_MAX_STACK_DEPTH** both kernel and user frames. Note that + * this limit can be controlled with the **sysctl** program, and + * that it should be manually increased in order to profile long + * user stacks (such as stacks for Java programs). To do so, use: + * + * :: + * + * # sysctl kernel.perf_event_max_stack= + * Return + * The positive or null stack id on success, or a negative error + * in case of failure. + * + * s64 bpf_csum_diff(__be32 *from, u32 from_size, __be32 *to, u32 to_size, __wsum seed) + * Description + * Compute a checksum difference, from the raw buffer pointed by + * *from*, of length *from_size* (that must be a multiple of 4), + * towards the raw buffer pointed by *to*, of size *to_size* + * (same remark). An optional *seed* can be added to the value + * (this can be cascaded, the seed may come from a previous call + * to the helper). + * + * This is flexible enough to be used in several ways: + * + * * With *from_size* == 0, *to_size* > 0 and *seed* set to + * checksum, it can be used when pushing new data. + * * With *from_size* > 0, *to_size* == 0 and *seed* set to + * checksum, it can be used when removing data from a packet. + * * With *from_size* > 0, *to_size* > 0 and *seed* set to 0, it + * can be used to compute a diff. Note that *from_size* and + * *to_size* do not need to be equal. + * + * This helper can be used in combination with + * **bpf_l3_csum_replace**\ () and **bpf_l4_csum_replace**\ (), to + * which one can feed in the difference computed with + * **bpf_csum_diff**\ (). + * Return + * The checksum result, or a negative error code in case of + * failure. + * + * long bpf_skb_get_tunnel_opt(struct sk_buff *skb, void *opt, u32 size) + * Description + * Retrieve tunnel options metadata for the packet associated to + * *skb*, and store the raw tunnel option data to the buffer *opt* + * of *size*. + * + * This helper can be used with encapsulation devices that can + * operate in "collect metadata" mode (please refer to the related + * note in the description of **bpf_skb_get_tunnel_key**\ () for + * more details). A particular example where this can be used is + * in combination with the Geneve encapsulation protocol, where it + * allows for pushing (with **bpf_skb_get_tunnel_opt**\ () helper) + * and retrieving arbitrary TLVs (Type-Length-Value headers) from + * the eBPF program. This allows for full customization of these + * headers. + * Return + * The size of the option data retrieved. + * + * long bpf_skb_set_tunnel_opt(struct sk_buff *skb, void *opt, u32 size) + * Description + * Set tunnel options metadata for the packet associated to *skb* + * to the option data contained in the raw buffer *opt* of *size*. + * + * See also the description of the **bpf_skb_get_tunnel_opt**\ () + * helper for additional information. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_skb_change_proto(struct sk_buff *skb, __be16 proto, u64 flags) + * Description + * Change the protocol of the *skb* to *proto*. Currently + * supported are transition from IPv4 to IPv6, and from IPv6 to + * IPv4. The helper takes care of the groundwork for the + * transition, including resizing the socket buffer. The eBPF + * program is expected to fill the new headers, if any, via + * **skb_store_bytes**\ () and to recompute the checksums with + * **bpf_l3_csum_replace**\ () and **bpf_l4_csum_replace**\ + * (). The main case for this helper is to perform NAT64 + * operations out of an eBPF program. + * + * Internally, the GSO type is marked as dodgy so that headers are + * checked and segments are recalculated by the GSO/GRO engine. + * The size for GSO target is adapted as well. + * + * All values for *flags* are reserved for future usage, and must + * be left at zero. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_skb_change_type(struct sk_buff *skb, u32 type) + * Description + * Change the packet type for the packet associated to *skb*. This + * comes down to setting *skb*\ **->pkt_type** to *type*, except + * the eBPF program does not have a write access to *skb*\ + * **->pkt_type** beside this helper. Using a helper here allows + * for graceful handling of errors. + * + * The major use case is to change incoming *skb*s to + * **PACKET_HOST** in a programmatic way instead of having to + * recirculate via **redirect**\ (..., **BPF_F_INGRESS**), for + * example. + * + * Note that *type* only allows certain values. At this time, they + * are: + * + * **PACKET_HOST** + * Packet is for us. + * **PACKET_BROADCAST** + * Send packet to all. + * **PACKET_MULTICAST** + * Send packet to group. + * **PACKET_OTHERHOST** + * Send packet to someone else. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_skb_under_cgroup(struct sk_buff *skb, struct bpf_map *map, u32 index) + * Description + * Check whether *skb* is a descendant of the cgroup2 held by + * *map* of type **BPF_MAP_TYPE_CGROUP_ARRAY**, at *index*. + * Return + * The return value depends on the result of the test, and can be: + * + * * 0, if the *skb* failed the cgroup2 descendant test. + * * 1, if the *skb* succeeded the cgroup2 descendant test. + * * A negative error code, if an error occurred. + * + * u32 bpf_get_hash_recalc(struct sk_buff *skb) + * Description + * Retrieve the hash of the packet, *skb*\ **->hash**. If it is + * not set, in particular if the hash was cleared due to mangling, + * recompute this hash. Later accesses to the hash can be done + * directly with *skb*\ **->hash**. + * + * Calling **bpf_set_hash_invalid**\ (), changing a packet + * prototype with **bpf_skb_change_proto**\ (), or calling + * **bpf_skb_store_bytes**\ () with the + * **BPF_F_INVALIDATE_HASH** are actions susceptible to clear + * the hash and to trigger a new computation for the next call to + * **bpf_get_hash_recalc**\ (). + * Return + * The 32-bit hash. + * + * u64 bpf_get_current_task(void) + * Return + * A pointer to the current task struct. + * + * long bpf_probe_write_user(void *dst, const void *src, u32 len) + * Description + * Attempt in a safe way to write *len* bytes from the buffer + * *src* to *dst* in memory. It only works for threads that are in + * user context, and *dst* must be a valid user space address. + * + * This helper should not be used to implement any kind of + * security mechanism because of TOC-TOU attacks, but rather to + * debug, divert, and manipulate execution of semi-cooperative + * processes. + * + * Keep in mind that this feature is meant for experiments, and it + * has a risk of crashing the system and running programs. + * Therefore, when an eBPF program using this helper is attached, + * a warning including PID and process name is printed to kernel + * logs. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_current_task_under_cgroup(struct bpf_map *map, u32 index) + * Description + * Check whether the probe is being run is the context of a given + * subset of the cgroup2 hierarchy. The cgroup2 to test is held by + * *map* of type **BPF_MAP_TYPE_CGROUP_ARRAY**, at *index*. + * Return + * The return value depends on the result of the test, and can be: + * + * * 0, if current task belongs to the cgroup2. + * * 1, if current task does not belong to the cgroup2. + * * A negative error code, if an error occurred. + * + * long bpf_skb_change_tail(struct sk_buff *skb, u32 len, u64 flags) + * Description + * Resize (trim or grow) the packet associated to *skb* to the + * new *len*. The *flags* are reserved for future usage, and must + * be left at zero. + * + * The basic idea is that the helper performs the needed work to + * change the size of the packet, then the eBPF program rewrites + * the rest via helpers like **bpf_skb_store_bytes**\ (), + * **bpf_l3_csum_replace**\ (), **bpf_l3_csum_replace**\ () + * and others. This helper is a slow path utility intended for + * replies with control messages. And because it is targeted for + * slow path, the helper itself can afford to be slow: it + * implicitly linearizes, unclones and drops offloads from the + * *skb*. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_skb_pull_data(struct sk_buff *skb, u32 len) + * Description + * Pull in non-linear data in case the *skb* is non-linear and not + * all of *len* are part of the linear section. Make *len* bytes + * from *skb* readable and writable. If a zero value is passed for + * *len*, then the whole length of the *skb* is pulled. + * + * This helper is only needed for reading and writing with direct + * packet access. + * + * For direct packet access, testing that offsets to access + * are within packet boundaries (test on *skb*\ **->data_end**) is + * susceptible to fail if offsets are invalid, or if the requested + * data is in non-linear parts of the *skb*. On failure the + * program can just bail out, or in the case of a non-linear + * buffer, use a helper to make the data available. The + * **bpf_skb_load_bytes**\ () helper is a first solution to access + * the data. Another one consists in using **bpf_skb_pull_data** + * to pull in once the non-linear parts, then retesting and + * eventually access the data. + * + * At the same time, this also makes sure the *skb* is uncloned, + * which is a necessary condition for direct write. As this needs + * to be an invariant for the write part only, the verifier + * detects writes and adds a prologue that is calling + * **bpf_skb_pull_data()** to effectively unclone the *skb* from + * the very beginning in case it is indeed cloned. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * s64 bpf_csum_update(struct sk_buff *skb, __wsum csum) + * Description + * Add the checksum *csum* into *skb*\ **->csum** in case the + * driver has supplied a checksum for the entire packet into that + * field. Return an error otherwise. This helper is intended to be + * used in combination with **bpf_csum_diff**\ (), in particular + * when the checksum needs to be updated after data has been + * written into the packet through direct packet access. + * Return + * The checksum on success, or a negative error code in case of + * failure. + * + * void bpf_set_hash_invalid(struct sk_buff *skb) + * Description + * Invalidate the current *skb*\ **->hash**. It can be used after + * mangling on headers through direct packet access, in order to + * indicate that the hash is outdated and to trigger a + * recalculation the next time the kernel tries to access this + * hash or when the **bpf_get_hash_recalc**\ () helper is called. + * + * long bpf_get_numa_node_id(void) + * Description + * Return the id of the current NUMA node. The primary use case + * for this helper is the selection of sockets for the local NUMA + * node, when the program is attached to sockets using the + * **SO_ATTACH_REUSEPORT_EBPF** option (see also **socket(7)**), + * but the helper is also available to other eBPF program types, + * similarly to **bpf_get_smp_processor_id**\ (). + * Return + * The id of current NUMA node. + * + * long bpf_skb_change_head(struct sk_buff *skb, u32 len, u64 flags) + * Description + * Grows headroom of packet associated to *skb* and adjusts the + * offset of the MAC header accordingly, adding *len* bytes of + * space. It automatically extends and reallocates memory as + * required. + * + * This helper can be used on a layer 3 *skb* to push a MAC header + * for redirection into a layer 2 device. + * + * All values for *flags* are reserved for future usage, and must + * be left at zero. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_xdp_adjust_head(struct xdp_buff *xdp_md, int delta) + * Description + * Adjust (move) *xdp_md*\ **->data** by *delta* bytes. Note that + * it is possible to use a negative value for *delta*. This helper + * can be used to prepare the packet for pushing or popping + * headers. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_probe_read_str(void *dst, u32 size, const void *unsafe_ptr) + * Description + * Copy a NUL terminated string from an unsafe kernel address + * *unsafe_ptr* to *dst*. See **bpf_probe_read_kernel_str**\ () for + * more details. + * + * Generally, use **bpf_probe_read_user_str**\ () or + * **bpf_probe_read_kernel_str**\ () instead. + * Return + * On success, the strictly positive length of the string, + * including the trailing NUL character. On error, a negative + * value. + * + * u64 bpf_get_socket_cookie(struct sk_buff *skb) + * Description + * If the **struct sk_buff** pointed by *skb* has a known socket, + * retrieve the cookie (generated by the kernel) of this socket. + * If no cookie has been set yet, generate a new cookie. Once + * generated, the socket cookie remains stable for the life of the + * socket. This helper can be useful for monitoring per socket + * networking traffic statistics as it provides a global socket + * identifier that can be assumed unique. + * Return + * A 8-byte long non-decreasing number on success, or 0 if the + * socket field is missing inside *skb*. + * + * u64 bpf_get_socket_cookie(struct bpf_sock_addr *ctx) + * Description + * Equivalent to bpf_get_socket_cookie() helper that accepts + * *skb*, but gets socket from **struct bpf_sock_addr** context. + * Return + * A 8-byte long non-decreasing number. + * + * u64 bpf_get_socket_cookie(struct bpf_sock_ops *ctx) + * Description + * Equivalent to **bpf_get_socket_cookie**\ () helper that accepts + * *skb*, but gets socket from **struct bpf_sock_ops** context. + * Return + * A 8-byte long non-decreasing number. + * + * u32 bpf_get_socket_uid(struct sk_buff *skb) + * Return + * The owner UID of the socket associated to *skb*. If the socket + * is **NULL**, or if it is not a full socket (i.e. if it is a + * time-wait or a request socket instead), **overflowuid** value + * is returned (note that **overflowuid** might also be the actual + * UID value for the socket). + * + * long bpf_set_hash(struct sk_buff *skb, u32 hash) + * Description + * Set the full hash for *skb* (set the field *skb*\ **->hash**) + * to value *hash*. + * Return + * 0 + * + * long bpf_setsockopt(void *bpf_socket, int level, int optname, void *optval, int optlen) + * Description + * Emulate a call to **setsockopt()** on the socket associated to + * *bpf_socket*, which must be a full socket. The *level* at + * which the option resides and the name *optname* of the option + * must be specified, see **setsockopt(2)** for more information. + * The option value of length *optlen* is pointed by *optval*. + * + * *bpf_socket* should be one of the following: + * + * * **struct bpf_sock_ops** for **BPF_PROG_TYPE_SOCK_OPS**. + * * **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT** + * and **BPF_CGROUP_INET6_CONNECT**. + * + * This helper actually implements a subset of **setsockopt()**. + * It supports the following *level*\ s: + * + * * **SOL_SOCKET**, which supports the following *optname*\ s: + * **SO_RCVBUF**, **SO_SNDBUF**, **SO_MAX_PACING_RATE**, + * **SO_PRIORITY**, **SO_RCVLOWAT**, **SO_MARK**, + * **SO_BINDTODEVICE**, **SO_KEEPALIVE**. + * * **IPPROTO_TCP**, which supports the following *optname*\ s: + * **TCP_CONGESTION**, **TCP_BPF_IW**, + * **TCP_BPF_SNDCWND_CLAMP**, **TCP_SAVE_SYN**, + * **TCP_KEEPIDLE**, **TCP_KEEPINTVL**, **TCP_KEEPCNT**, + * **TCP_SYNCNT**, **TCP_USER_TIMEOUT**, **TCP_NOTSENT_LOWAT**. + * * **IPPROTO_IP**, which supports *optname* **IP_TOS**. + * * **IPPROTO_IPV6**, which supports *optname* **IPV6_TCLASS**. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_skb_adjust_room(struct sk_buff *skb, s32 len_diff, u32 mode, u64 flags) + * Description + * Grow or shrink the room for data in the packet associated to + * *skb* by *len_diff*, and according to the selected *mode*. + * + * By default, the helper will reset any offloaded checksum + * indicator of the skb to CHECKSUM_NONE. This can be avoided + * by the following flag: + * + * * **BPF_F_ADJ_ROOM_NO_CSUM_RESET**: Do not reset offloaded + * checksum data of the skb to CHECKSUM_NONE. + * + * There are two supported modes at this time: + * + * * **BPF_ADJ_ROOM_MAC**: Adjust room at the mac layer + * (room space is added or removed below the layer 2 header). + * + * * **BPF_ADJ_ROOM_NET**: Adjust room at the network layer + * (room space is added or removed below the layer 3 header). + * + * The following flags are supported at this time: + * + * * **BPF_F_ADJ_ROOM_FIXED_GSO**: Do not adjust gso_size. + * Adjusting mss in this way is not allowed for datagrams. + * + * * **BPF_F_ADJ_ROOM_ENCAP_L3_IPV4**, + * **BPF_F_ADJ_ROOM_ENCAP_L3_IPV6**: + * Any new space is reserved to hold a tunnel header. + * Configure skb offsets and other fields accordingly. + * + * * **BPF_F_ADJ_ROOM_ENCAP_L4_GRE**, + * **BPF_F_ADJ_ROOM_ENCAP_L4_UDP**: + * Use with ENCAP_L3 flags to further specify the tunnel type. + * + * * **BPF_F_ADJ_ROOM_ENCAP_L2**\ (*len*): + * Use with ENCAP_L3/L4 flags to further specify the tunnel + * type; *len* is the length of the inner MAC header. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_redirect_map(struct bpf_map *map, u32 key, u64 flags) + * Description + * Redirect the packet to the endpoint referenced by *map* at + * index *key*. Depending on its type, this *map* can contain + * references to net devices (for forwarding packets through other + * ports), or to CPUs (for redirecting XDP frames to another CPU; + * but this is only implemented for native XDP (with driver + * support) as of this writing). + * + * The lower two bits of *flags* are used as the return code if + * the map lookup fails. This is so that the return value can be + * one of the XDP program return codes up to **XDP_TX**, as chosen + * by the caller. Any higher bits in the *flags* argument must be + * unset. + * + * See also **bpf_redirect**\ (), which only supports redirecting + * to an ifindex, but doesn't require a map to do so. + * Return + * **XDP_REDIRECT** on success, or the value of the two lower bits + * of the *flags* argument on error. + * + * long bpf_sk_redirect_map(struct sk_buff *skb, struct bpf_map *map, u32 key, u64 flags) + * Description + * Redirect the packet to the socket referenced by *map* (of type + * **BPF_MAP_TYPE_SOCKMAP**) at index *key*. Both ingress and + * egress interfaces can be used for redirection. The + * **BPF_F_INGRESS** value in *flags* is used to make the + * distinction (ingress path is selected if the flag is present, + * egress path otherwise). This is the only flag supported for now. + * Return + * **SK_PASS** on success, or **SK_DROP** on error. + * + * long bpf_sock_map_update(struct bpf_sock_ops *skops, struct bpf_map *map, void *key, u64 flags) + * Description + * Add an entry to, or update a *map* referencing sockets. The + * *skops* is used as a new value for the entry associated to + * *key*. *flags* is one of: + * + * **BPF_NOEXIST** + * The entry for *key* must not exist in the map. + * **BPF_EXIST** + * The entry for *key* must already exist in the map. + * **BPF_ANY** + * No condition on the existence of the entry for *key*. + * + * If the *map* has eBPF programs (parser and verdict), those will + * be inherited by the socket being added. If the socket is + * already attached to eBPF programs, this results in an error. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_xdp_adjust_meta(struct xdp_buff *xdp_md, int delta) + * Description + * Adjust the address pointed by *xdp_md*\ **->data_meta** by + * *delta* (which can be positive or negative). Note that this + * operation modifies the address stored in *xdp_md*\ **->data**, + * so the latter must be loaded only after the helper has been + * called. + * + * The use of *xdp_md*\ **->data_meta** is optional and programs + * are not required to use it. The rationale is that when the + * packet is processed with XDP (e.g. as DoS filter), it is + * possible to push further meta data along with it before passing + * to the stack, and to give the guarantee that an ingress eBPF + * program attached as a TC classifier on the same device can pick + * this up for further post-processing. Since TC works with socket + * buffers, it remains possible to set from XDP the **mark** or + * **priority** pointers, or other pointers for the socket buffer. + * Having this scratch space generic and programmable allows for + * more flexibility as the user is free to store whatever meta + * data they need. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_perf_event_read_value(struct bpf_map *map, u64 flags, struct bpf_perf_event_value *buf, u32 buf_size) + * Description + * Read the value of a perf event counter, and store it into *buf* + * of size *buf_size*. This helper relies on a *map* of type + * **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. The nature of the perf event + * counter is selected when *map* is updated with perf event file + * descriptors. The *map* is an array whose size is the number of + * available CPUs, and each cell contains a value relative to one + * CPU. The value to retrieve is indicated by *flags*, that + * contains the index of the CPU to look up, masked with + * **BPF_F_INDEX_MASK**. Alternatively, *flags* can be set to + * **BPF_F_CURRENT_CPU** to indicate that the value for the + * current CPU should be retrieved. + * + * This helper behaves in a way close to + * **bpf_perf_event_read**\ () helper, save that instead of + * just returning the value observed, it fills the *buf* + * structure. This allows for additional data to be retrieved: in + * particular, the enabled and running times (in *buf*\ + * **->enabled** and *buf*\ **->running**, respectively) are + * copied. In general, **bpf_perf_event_read_value**\ () is + * recommended over **bpf_perf_event_read**\ (), which has some + * ABI issues and provides fewer functionalities. + * + * These values are interesting, because hardware PMU (Performance + * Monitoring Unit) counters are limited resources. When there are + * more PMU based perf events opened than available counters, + * kernel will multiplex these events so each event gets certain + * percentage (but not all) of the PMU time. In case that + * multiplexing happens, the number of samples or counter value + * will not reflect the case compared to when no multiplexing + * occurs. This makes comparison between different runs difficult. + * Typically, the counter value should be normalized before + * comparing to other experiments. The usual normalization is done + * as follows. + * + * :: + * + * normalized_counter = counter * t_enabled / t_running + * + * Where t_enabled is the time enabled for event and t_running is + * the time running for event since last normalization. The + * enabled and running times are accumulated since the perf event + * open. To achieve scaling factor between two invocations of an + * eBPF program, users can use CPU id as the key (which is + * typical for perf array usage model) to remember the previous + * value and do the calculation inside the eBPF program. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_perf_prog_read_value(struct bpf_perf_event_data *ctx, struct bpf_perf_event_value *buf, u32 buf_size) + * Description + * For en eBPF program attached to a perf event, retrieve the + * value of the event counter associated to *ctx* and store it in + * the structure pointed by *buf* and of size *buf_size*. Enabled + * and running times are also stored in the structure (see + * description of helper **bpf_perf_event_read_value**\ () for + * more details). + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_getsockopt(void *bpf_socket, int level, int optname, void *optval, int optlen) + * Description + * Emulate a call to **getsockopt()** on the socket associated to + * *bpf_socket*, which must be a full socket. The *level* at + * which the option resides and the name *optname* of the option + * must be specified, see **getsockopt(2)** for more information. + * The retrieved value is stored in the structure pointed by + * *opval* and of length *optlen*. + * + * *bpf_socket* should be one of the following: + * + * * **struct bpf_sock_ops** for **BPF_PROG_TYPE_SOCK_OPS**. + * * **struct bpf_sock_addr** for **BPF_CGROUP_INET4_CONNECT** + * and **BPF_CGROUP_INET6_CONNECT**. + * + * This helper actually implements a subset of **getsockopt()**. + * It supports the following *level*\ s: + * + * * **IPPROTO_TCP**, which supports *optname* + * **TCP_CONGESTION**. + * * **IPPROTO_IP**, which supports *optname* **IP_TOS**. + * * **IPPROTO_IPV6**, which supports *optname* **IPV6_TCLASS**. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_override_return(struct pt_regs *regs, u64 rc) + * Description + * Used for error injection, this helper uses kprobes to override + * the return value of the probed function, and to set it to *rc*. + * The first argument is the context *regs* on which the kprobe + * works. + * + * This helper works by setting the PC (program counter) + * to an override function which is run in place of the original + * probed function. This means the probed function is not run at + * all. The replacement function just returns with the required + * value. + * + * This helper has security implications, and thus is subject to + * restrictions. It is only available if the kernel was compiled + * with the **CONFIG_BPF_KPROBE_OVERRIDE** configuration + * option, and in this case it only works on functions tagged with + * **ALLOW_ERROR_INJECTION** in the kernel code. + * + * Also, the helper is only available for the architectures having + * the CONFIG_FUNCTION_ERROR_INJECTION option. As of this writing, + * x86 architecture is the only one to support this feature. + * Return + * 0 + * + * long bpf_sock_ops_cb_flags_set(struct bpf_sock_ops *bpf_sock, int argval) + * Description + * Attempt to set the value of the **bpf_sock_ops_cb_flags** field + * for the full TCP socket associated to *bpf_sock_ops* to + * *argval*. + * + * The primary use of this field is to determine if there should + * be calls to eBPF programs of type + * **BPF_PROG_TYPE_SOCK_OPS** at various points in the TCP + * code. A program of the same type can change its value, per + * connection and as necessary, when the connection is + * established. This field is directly accessible for reading, but + * this helper must be used for updates in order to return an + * error if an eBPF program tries to set a callback that is not + * supported in the current kernel. + * + * *argval* is a flag array which can combine these flags: + * + * * **BPF_SOCK_OPS_RTO_CB_FLAG** (retransmission time out) + * * **BPF_SOCK_OPS_RETRANS_CB_FLAG** (retransmission) + * * **BPF_SOCK_OPS_STATE_CB_FLAG** (TCP state change) + * * **BPF_SOCK_OPS_RTT_CB_FLAG** (every RTT) + * + * Therefore, this function can be used to clear a callback flag by + * setting the appropriate bit to zero. e.g. to disable the RTO + * callback: + * + * **bpf_sock_ops_cb_flags_set(bpf_sock,** + * **bpf_sock->bpf_sock_ops_cb_flags & ~BPF_SOCK_OPS_RTO_CB_FLAG)** + * + * Here are some examples of where one could call such eBPF + * program: + * + * * When RTO fires. + * * When a packet is retransmitted. + * * When the connection terminates. + * * When a packet is sent. + * * When a packet is received. + * Return + * Code **-EINVAL** if the socket is not a full TCP socket; + * otherwise, a positive number containing the bits that could not + * be set is returned (which comes down to 0 if all bits were set + * as required). + * + * long bpf_msg_redirect_map(struct sk_msg_buff *msg, struct bpf_map *map, u32 key, u64 flags) + * Description + * This helper is used in programs implementing policies at the + * socket level. If the message *msg* is allowed to pass (i.e. if + * the verdict eBPF program returns **SK_PASS**), redirect it to + * the socket referenced by *map* (of type + * **BPF_MAP_TYPE_SOCKMAP**) at index *key*. Both ingress and + * egress interfaces can be used for redirection. The + * **BPF_F_INGRESS** value in *flags* is used to make the + * distinction (ingress path is selected if the flag is present, + * egress path otherwise). This is the only flag supported for now. + * Return + * **SK_PASS** on success, or **SK_DROP** on error. + * + * long bpf_msg_apply_bytes(struct sk_msg_buff *msg, u32 bytes) + * Description + * For socket policies, apply the verdict of the eBPF program to + * the next *bytes* (number of bytes) of message *msg*. + * + * For example, this helper can be used in the following cases: + * + * * A single **sendmsg**\ () or **sendfile**\ () system call + * contains multiple logical messages that the eBPF program is + * supposed to read and for which it should apply a verdict. + * * An eBPF program only cares to read the first *bytes* of a + * *msg*. If the message has a large payload, then setting up + * and calling the eBPF program repeatedly for all bytes, even + * though the verdict is already known, would create unnecessary + * overhead. + * + * When called from within an eBPF program, the helper sets a + * counter internal to the BPF infrastructure, that is used to + * apply the last verdict to the next *bytes*. If *bytes* is + * smaller than the current data being processed from a + * **sendmsg**\ () or **sendfile**\ () system call, the first + * *bytes* will be sent and the eBPF program will be re-run with + * the pointer for start of data pointing to byte number *bytes* + * **+ 1**. If *bytes* is larger than the current data being + * processed, then the eBPF verdict will be applied to multiple + * **sendmsg**\ () or **sendfile**\ () calls until *bytes* are + * consumed. + * + * Note that if a socket closes with the internal counter holding + * a non-zero value, this is not a problem because data is not + * being buffered for *bytes* and is sent as it is received. + * Return + * 0 + * + * long bpf_msg_cork_bytes(struct sk_msg_buff *msg, u32 bytes) + * Description + * For socket policies, prevent the execution of the verdict eBPF + * program for message *msg* until *bytes* (byte number) have been + * accumulated. + * + * This can be used when one needs a specific number of bytes + * before a verdict can be assigned, even if the data spans + * multiple **sendmsg**\ () or **sendfile**\ () calls. The extreme + * case would be a user calling **sendmsg**\ () repeatedly with + * 1-byte long message segments. Obviously, this is bad for + * performance, but it is still valid. If the eBPF program needs + * *bytes* bytes to validate a header, this helper can be used to + * prevent the eBPF program to be called again until *bytes* have + * been accumulated. + * Return + * 0 + * + * long bpf_msg_pull_data(struct sk_msg_buff *msg, u32 start, u32 end, u64 flags) + * Description + * For socket policies, pull in non-linear data from user space + * for *msg* and set pointers *msg*\ **->data** and *msg*\ + * **->data_end** to *start* and *end* bytes offsets into *msg*, + * respectively. + * + * If a program of type **BPF_PROG_TYPE_SK_MSG** is run on a + * *msg* it can only parse data that the (**data**, **data_end**) + * pointers have already consumed. For **sendmsg**\ () hooks this + * is likely the first scatterlist element. But for calls relying + * on the **sendpage** handler (e.g. **sendfile**\ ()) this will + * be the range (**0**, **0**) because the data is shared with + * user space and by default the objective is to avoid allowing + * user space to modify data while (or after) eBPF verdict is + * being decided. This helper can be used to pull in data and to + * set the start and end pointer to given values. Data will be + * copied if necessary (i.e. if data was not linear and if start + * and end pointers do not point to the same chunk). + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * + * All values for *flags* are reserved for future usage, and must + * be left at zero. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_bind(struct bpf_sock_addr *ctx, struct sockaddr *addr, int addr_len) + * Description + * Bind the socket associated to *ctx* to the address pointed by + * *addr*, of length *addr_len*. This allows for making outgoing + * connection from the desired IP address, which can be useful for + * example when all processes inside a cgroup should use one + * single IP address on a host that has multiple IP configured. + * + * This helper works for IPv4 and IPv6, TCP and UDP sockets. The + * domain (*addr*\ **->sa_family**) must be **AF_INET** (or + * **AF_INET6**). It's advised to pass zero port (**sin_port** + * or **sin6_port**) which triggers IP_BIND_ADDRESS_NO_PORT-like + * behavior and lets the kernel efficiently pick up an unused + * port as long as 4-tuple is unique. Passing non-zero port might + * lead to degraded performance. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_xdp_adjust_tail(struct xdp_buff *xdp_md, int delta) + * Description + * Adjust (move) *xdp_md*\ **->data_end** by *delta* bytes. It is + * possible to both shrink and grow the packet tail. + * Shrink done via *delta* being a negative integer. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_skb_get_xfrm_state(struct sk_buff *skb, u32 index, struct bpf_xfrm_state *xfrm_state, u32 size, u64 flags) + * Description + * Retrieve the XFRM state (IP transform framework, see also + * **ip-xfrm(8)**) at *index* in XFRM "security path" for *skb*. + * + * The retrieved value is stored in the **struct bpf_xfrm_state** + * pointed by *xfrm_state* and of length *size*. + * + * All values for *flags* are reserved for future usage, and must + * be left at zero. + * + * This helper is available only if the kernel was compiled with + * **CONFIG_XFRM** configuration option. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_get_stack(void *ctx, void *buf, u32 size, u64 flags) + * Description + * Return a user or a kernel stack in bpf program provided buffer. + * To achieve this, the helper needs *ctx*, which is a pointer + * to the context on which the tracing program is executed. + * To store the stacktrace, the bpf program provides *buf* with + * a nonnegative *size*. + * + * The last argument, *flags*, holds the number of stack frames to + * skip (from 0 to 255), masked with + * **BPF_F_SKIP_FIELD_MASK**. The next bits can be used to set + * the following flags: + * + * **BPF_F_USER_STACK** + * Collect a user space stack instead of a kernel stack. + * **BPF_F_USER_BUILD_ID** + * Collect buildid+offset instead of ips for user stack, + * only valid if **BPF_F_USER_STACK** is also specified. + * + * **bpf_get_stack**\ () can collect up to + * **PERF_MAX_STACK_DEPTH** both kernel and user frames, subject + * to sufficient large buffer size. Note that + * this limit can be controlled with the **sysctl** program, and + * that it should be manually increased in order to profile long + * user stacks (such as stacks for Java programs). To do so, use: + * + * :: + * + * # sysctl kernel.perf_event_max_stack= + * Return + * A non-negative value equal to or less than *size* on success, + * or a negative error in case of failure. + * + * long bpf_skb_load_bytes_relative(const void *skb, u32 offset, void *to, u32 len, u32 start_header) + * Description + * This helper is similar to **bpf_skb_load_bytes**\ () in that + * it provides an easy way to load *len* bytes from *offset* + * from the packet associated to *skb*, into the buffer pointed + * by *to*. The difference to **bpf_skb_load_bytes**\ () is that + * a fifth argument *start_header* exists in order to select a + * base offset to start from. *start_header* can be one of: + * + * **BPF_HDR_START_MAC** + * Base offset to load data from is *skb*'s mac header. + * **BPF_HDR_START_NET** + * Base offset to load data from is *skb*'s network header. + * + * In general, "direct packet access" is the preferred method to + * access packet data, however, this helper is in particular useful + * in socket filters where *skb*\ **->data** does not always point + * to the start of the mac header and where "direct packet access" + * is not available. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_fib_lookup(void *ctx, struct bpf_fib_lookup *params, int plen, u32 flags) + * Description + * Do FIB lookup in kernel tables using parameters in *params*. + * If lookup is successful and result shows packet is to be + * forwarded, the neighbor tables are searched for the nexthop. + * If successful (ie., FIB lookup shows forwarding and nexthop + * is resolved), the nexthop address is returned in ipv4_dst + * or ipv6_dst based on family, smac is set to mac address of + * egress device, dmac is set to nexthop mac address, rt_metric + * is set to metric from route (IPv4/IPv6 only), and ifindex + * is set to the device index of the nexthop from the FIB lookup. + * + * *plen* argument is the size of the passed in struct. + * *flags* argument can be a combination of one or more of the + * following values: + * + * **BPF_FIB_LOOKUP_DIRECT** + * Do a direct table lookup vs full lookup using FIB + * rules. + * **BPF_FIB_LOOKUP_OUTPUT** + * Perform lookup from an egress perspective (default is + * ingress). + * + * *ctx* is either **struct xdp_md** for XDP programs or + * **struct sk_buff** tc cls_act programs. + * Return + * * < 0 if any input argument is invalid + * * 0 on success (packet is forwarded, nexthop neighbor exists) + * * > 0 one of **BPF_FIB_LKUP_RET_** codes explaining why the + * packet is not forwarded or needs assist from full stack + * + * long bpf_sock_hash_update(struct bpf_sock_ops *skops, struct bpf_map *map, void *key, u64 flags) + * Description + * Add an entry to, or update a sockhash *map* referencing sockets. + * The *skops* is used as a new value for the entry associated to + * *key*. *flags* is one of: + * + * **BPF_NOEXIST** + * The entry for *key* must not exist in the map. + * **BPF_EXIST** + * The entry for *key* must already exist in the map. + * **BPF_ANY** + * No condition on the existence of the entry for *key*. + * + * If the *map* has eBPF programs (parser and verdict), those will + * be inherited by the socket being added. If the socket is + * already attached to eBPF programs, this results in an error. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_msg_redirect_hash(struct sk_msg_buff *msg, struct bpf_map *map, void *key, u64 flags) + * Description + * This helper is used in programs implementing policies at the + * socket level. If the message *msg* is allowed to pass (i.e. if + * the verdict eBPF program returns **SK_PASS**), redirect it to + * the socket referenced by *map* (of type + * **BPF_MAP_TYPE_SOCKHASH**) using hash *key*. Both ingress and + * egress interfaces can be used for redirection. The + * **BPF_F_INGRESS** value in *flags* is used to make the + * distinction (ingress path is selected if the flag is present, + * egress path otherwise). This is the only flag supported for now. + * Return + * **SK_PASS** on success, or **SK_DROP** on error. + * + * long bpf_sk_redirect_hash(struct sk_buff *skb, struct bpf_map *map, void *key, u64 flags) + * Description + * This helper is used in programs implementing policies at the + * skb socket level. If the sk_buff *skb* is allowed to pass (i.e. + * if the verdict eBPF program returns **SK_PASS**), redirect it + * to the socket referenced by *map* (of type + * **BPF_MAP_TYPE_SOCKHASH**) using hash *key*. Both ingress and + * egress interfaces can be used for redirection. The + * **BPF_F_INGRESS** value in *flags* is used to make the + * distinction (ingress path is selected if the flag is present, + * egress otherwise). This is the only flag supported for now. + * Return + * **SK_PASS** on success, or **SK_DROP** on error. + * + * long bpf_lwt_push_encap(struct sk_buff *skb, u32 type, void *hdr, u32 len) + * Description + * Encapsulate the packet associated to *skb* within a Layer 3 + * protocol header. This header is provided in the buffer at + * address *hdr*, with *len* its size in bytes. *type* indicates + * the protocol of the header and can be one of: + * + * **BPF_LWT_ENCAP_SEG6** + * IPv6 encapsulation with Segment Routing Header + * (**struct ipv6_sr_hdr**). *hdr* only contains the SRH, + * the IPv6 header is computed by the kernel. + * **BPF_LWT_ENCAP_SEG6_INLINE** + * Only works if *skb* contains an IPv6 packet. Insert a + * Segment Routing Header (**struct ipv6_sr_hdr**) inside + * the IPv6 header. + * **BPF_LWT_ENCAP_IP** + * IP encapsulation (GRE/GUE/IPIP/etc). The outer header + * must be IPv4 or IPv6, followed by zero or more + * additional headers, up to **LWT_BPF_MAX_HEADROOM** + * total bytes in all prepended headers. Please note that + * if **skb_is_gso**\ (*skb*) is true, no more than two + * headers can be prepended, and the inner header, if + * present, should be either GRE or UDP/GUE. + * + * **BPF_LWT_ENCAP_SEG6**\ \* types can be called by BPF programs + * of type **BPF_PROG_TYPE_LWT_IN**; **BPF_LWT_ENCAP_IP** type can + * be called by bpf programs of types **BPF_PROG_TYPE_LWT_IN** and + * **BPF_PROG_TYPE_LWT_XMIT**. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_lwt_seg6_store_bytes(struct sk_buff *skb, u32 offset, const void *from, u32 len) + * Description + * Store *len* bytes from address *from* into the packet + * associated to *skb*, at *offset*. Only the flags, tag and TLVs + * inside the outermost IPv6 Segment Routing Header can be + * modified through this helper. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_lwt_seg6_adjust_srh(struct sk_buff *skb, u32 offset, s32 delta) + * Description + * Adjust the size allocated to TLVs in the outermost IPv6 + * Segment Routing Header contained in the packet associated to + * *skb*, at position *offset* by *delta* bytes. Only offsets + * after the segments are accepted. *delta* can be as well + * positive (growing) as negative (shrinking). + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_lwt_seg6_action(struct sk_buff *skb, u32 action, void *param, u32 param_len) + * Description + * Apply an IPv6 Segment Routing action of type *action* to the + * packet associated to *skb*. Each action takes a parameter + * contained at address *param*, and of length *param_len* bytes. + * *action* can be one of: + * + * **SEG6_LOCAL_ACTION_END_X** + * End.X action: Endpoint with Layer-3 cross-connect. + * Type of *param*: **struct in6_addr**. + * **SEG6_LOCAL_ACTION_END_T** + * End.T action: Endpoint with specific IPv6 table lookup. + * Type of *param*: **int**. + * **SEG6_LOCAL_ACTION_END_B6** + * End.B6 action: Endpoint bound to an SRv6 policy. + * Type of *param*: **struct ipv6_sr_hdr**. + * **SEG6_LOCAL_ACTION_END_B6_ENCAP** + * End.B6.Encap action: Endpoint bound to an SRv6 + * encapsulation policy. + * Type of *param*: **struct ipv6_sr_hdr**. + * + * A call to this helper is susceptible to change the underlying + * packet buffer. Therefore, at load time, all checks on pointers + * previously done by the verifier are invalidated and must be + * performed again, if the helper is used in combination with + * direct packet access. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_rc_repeat(void *ctx) + * Description + * This helper is used in programs implementing IR decoding, to + * report a successfully decoded repeat key message. This delays + * the generation of a key up event for previously generated + * key down event. + * + * Some IR protocols like NEC have a special IR message for + * repeating last button, for when a button is held down. + * + * The *ctx* should point to the lirc sample as passed into + * the program. + * + * This helper is only available is the kernel was compiled with + * the **CONFIG_BPF_LIRC_MODE2** configuration option set to + * "**y**". + * Return + * 0 + * + * long bpf_rc_keydown(void *ctx, u32 protocol, u64 scancode, u32 toggle) + * Description + * This helper is used in programs implementing IR decoding, to + * report a successfully decoded key press with *scancode*, + * *toggle* value in the given *protocol*. The scancode will be + * translated to a keycode using the rc keymap, and reported as + * an input key down event. After a period a key up event is + * generated. This period can be extended by calling either + * **bpf_rc_keydown**\ () again with the same values, or calling + * **bpf_rc_repeat**\ (). + * + * Some protocols include a toggle bit, in case the button was + * released and pressed again between consecutive scancodes. + * + * The *ctx* should point to the lirc sample as passed into + * the program. + * + * The *protocol* is the decoded protocol number (see + * **enum rc_proto** for some predefined values). + * + * This helper is only available is the kernel was compiled with + * the **CONFIG_BPF_LIRC_MODE2** configuration option set to + * "**y**". + * Return + * 0 + * + * u64 bpf_skb_cgroup_id(struct sk_buff *skb) + * Description + * Return the cgroup v2 id of the socket associated with the *skb*. + * This is roughly similar to the **bpf_get_cgroup_classid**\ () + * helper for cgroup v1 by providing a tag resp. identifier that + * can be matched on or used for map lookups e.g. to implement + * policy. The cgroup v2 id of a given path in the hierarchy is + * exposed in user space through the f_handle API in order to get + * to the same 64-bit id. + * + * This helper can be used on TC egress path, but not on ingress, + * and is available only if the kernel was compiled with the + * **CONFIG_SOCK_CGROUP_DATA** configuration option. + * Return + * The id is returned or 0 in case the id could not be retrieved. + * + * u64 bpf_get_current_cgroup_id(void) + * Return + * A 64-bit integer containing the current cgroup id based + * on the cgroup within which the current task is running. + * + * void *bpf_get_local_storage(void *map, u64 flags) + * Description + * Get the pointer to the local storage area. + * The type and the size of the local storage is defined + * by the *map* argument. + * The *flags* meaning is specific for each map type, + * and has to be 0 for cgroup local storage. + * + * Depending on the BPF program type, a local storage area + * can be shared between multiple instances of the BPF program, + * running simultaneously. + * + * A user should care about the synchronization by himself. + * For example, by using the **BPF_STX_XADD** instruction to alter + * the shared data. + * Return + * A pointer to the local storage area. + * + * long bpf_sk_select_reuseport(struct sk_reuseport_md *reuse, struct bpf_map *map, void *key, u64 flags) + * Description + * Select a **SO_REUSEPORT** socket from a + * **BPF_MAP_TYPE_REUSEPORT_ARRAY** *map*. + * It checks the selected socket is matching the incoming + * request in the socket buffer. + * Return + * 0 on success, or a negative error in case of failure. + * + * u64 bpf_skb_ancestor_cgroup_id(struct sk_buff *skb, int ancestor_level) + * Description + * Return id of cgroup v2 that is ancestor of cgroup associated + * with the *skb* at the *ancestor_level*. The root cgroup is at + * *ancestor_level* zero and each step down the hierarchy + * increments the level. If *ancestor_level* == level of cgroup + * associated with *skb*, then return value will be same as that + * of **bpf_skb_cgroup_id**\ (). + * + * The helper is useful to implement policies based on cgroups + * that are upper in hierarchy than immediate cgroup associated + * with *skb*. + * + * The format of returned id and helper limitations are same as in + * **bpf_skb_cgroup_id**\ (). + * Return + * The id is returned or 0 in case the id could not be retrieved. + * + * struct bpf_sock *bpf_sk_lookup_tcp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u64 netns, u64 flags) + * Description + * Look for TCP socket matching *tuple*, optionally in a child + * network namespace *netns*. The return value must be checked, + * and if non-**NULL**, released via **bpf_sk_release**\ (). + * + * The *ctx* should point to the context of the program, such as + * the skb or socket (depending on the hook in use). This is used + * to determine the base network namespace for the lookup. + * + * *tuple_size* must be one of: + * + * **sizeof**\ (*tuple*\ **->ipv4**) + * Look for an IPv4 socket. + * **sizeof**\ (*tuple*\ **->ipv6**) + * Look for an IPv6 socket. + * + * If the *netns* is a negative signed 32-bit integer, then the + * socket lookup table in the netns associated with the *ctx* + * will be used. For the TC hooks, this is the netns of the device + * in the skb. For socket hooks, this is the netns of the socket. + * If *netns* is any other signed 32-bit value greater than or + * equal to zero then it specifies the ID of the netns relative to + * the netns associated with the *ctx*. *netns* values beyond the + * range of 32-bit integers are reserved for future use. + * + * All values for *flags* are reserved for future usage, and must + * be left at zero. + * + * This helper is available only if the kernel was compiled with + * **CONFIG_NET** configuration option. + * Return + * Pointer to **struct bpf_sock**, or **NULL** in case of failure. + * For sockets with reuseport option, the **struct bpf_sock** + * result is from *reuse*\ **->socks**\ [] using the hash of the + * tuple. + * + * struct bpf_sock *bpf_sk_lookup_udp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u64 netns, u64 flags) + * Description + * Look for UDP socket matching *tuple*, optionally in a child + * network namespace *netns*. The return value must be checked, + * and if non-**NULL**, released via **bpf_sk_release**\ (). + * + * The *ctx* should point to the context of the program, such as + * the skb or socket (depending on the hook in use). This is used + * to determine the base network namespace for the lookup. + * + * *tuple_size* must be one of: + * + * **sizeof**\ (*tuple*\ **->ipv4**) + * Look for an IPv4 socket. + * **sizeof**\ (*tuple*\ **->ipv6**) + * Look for an IPv6 socket. + * + * If the *netns* is a negative signed 32-bit integer, then the + * socket lookup table in the netns associated with the *ctx* + * will be used. For the TC hooks, this is the netns of the device + * in the skb. For socket hooks, this is the netns of the socket. + * If *netns* is any other signed 32-bit value greater than or + * equal to zero then it specifies the ID of the netns relative to + * the netns associated with the *ctx*. *netns* values beyond the + * range of 32-bit integers are reserved for future use. + * + * All values for *flags* are reserved for future usage, and must + * be left at zero. + * + * This helper is available only if the kernel was compiled with + * **CONFIG_NET** configuration option. + * Return + * Pointer to **struct bpf_sock**, or **NULL** in case of failure. + * For sockets with reuseport option, the **struct bpf_sock** + * result is from *reuse*\ **->socks**\ [] using the hash of the + * tuple. + * + * long bpf_sk_release(void *sock) + * Description + * Release the reference held by *sock*. *sock* must be a + * non-**NULL** pointer that was returned from + * **bpf_sk_lookup_xxx**\ (). + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_map_push_elem(struct bpf_map *map, const void *value, u64 flags) + * Description + * Push an element *value* in *map*. *flags* is one of: + * + * **BPF_EXIST** + * If the queue/stack is full, the oldest element is + * removed to make room for this. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_map_pop_elem(struct bpf_map *map, void *value) + * Description + * Pop an element from *map*. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_map_peek_elem(struct bpf_map *map, void *value) + * Description + * Get an element from *map* without removing it. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_msg_push_data(struct sk_msg_buff *msg, u32 start, u32 len, u64 flags) + * Description + * For socket policies, insert *len* bytes into *msg* at offset + * *start*. + * + * If a program of type **BPF_PROG_TYPE_SK_MSG** is run on a + * *msg* it may want to insert metadata or options into the *msg*. + * This can later be read and used by any of the lower layer BPF + * hooks. + * + * This helper may fail if under memory pressure (a malloc + * fails) in these cases BPF programs will get an appropriate + * error and BPF programs will need to handle them. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_msg_pop_data(struct sk_msg_buff *msg, u32 start, u32 len, u64 flags) + * Description + * Will remove *len* bytes from a *msg* starting at byte *start*. + * This may result in **ENOMEM** errors under certain situations if + * an allocation and copy are required due to a full ring buffer. + * However, the helper will try to avoid doing the allocation + * if possible. Other errors can occur if input parameters are + * invalid either due to *start* byte not being valid part of *msg* + * payload and/or *pop* value being to large. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_rc_pointer_rel(void *ctx, s32 rel_x, s32 rel_y) + * Description + * This helper is used in programs implementing IR decoding, to + * report a successfully decoded pointer movement. + * + * The *ctx* should point to the lirc sample as passed into + * the program. + * + * This helper is only available is the kernel was compiled with + * the **CONFIG_BPF_LIRC_MODE2** configuration option set to + * "**y**". + * Return + * 0 + * + * long bpf_spin_lock(struct bpf_spin_lock *lock) + * Description + * Acquire a spinlock represented by the pointer *lock*, which is + * stored as part of a value of a map. Taking the lock allows to + * safely update the rest of the fields in that value. The + * spinlock can (and must) later be released with a call to + * **bpf_spin_unlock**\ (\ *lock*\ ). + * + * Spinlocks in BPF programs come with a number of restrictions + * and constraints: + * + * * **bpf_spin_lock** objects are only allowed inside maps of + * types **BPF_MAP_TYPE_HASH** and **BPF_MAP_TYPE_ARRAY** (this + * list could be extended in the future). + * * BTF description of the map is mandatory. + * * The BPF program can take ONE lock at a time, since taking two + * or more could cause dead locks. + * * Only one **struct bpf_spin_lock** is allowed per map element. + * * When the lock is taken, calls (either BPF to BPF or helpers) + * are not allowed. + * * The **BPF_LD_ABS** and **BPF_LD_IND** instructions are not + * allowed inside a spinlock-ed region. + * * The BPF program MUST call **bpf_spin_unlock**\ () to release + * the lock, on all execution paths, before it returns. + * * The BPF program can access **struct bpf_spin_lock** only via + * the **bpf_spin_lock**\ () and **bpf_spin_unlock**\ () + * helpers. Loading or storing data into the **struct + * bpf_spin_lock** *lock*\ **;** field of a map is not allowed. + * * To use the **bpf_spin_lock**\ () helper, the BTF description + * of the map value must be a struct and have **struct + * bpf_spin_lock** *anyname*\ **;** field at the top level. + * Nested lock inside another struct is not allowed. + * * The **struct bpf_spin_lock** *lock* field in a map value must + * be aligned on a multiple of 4 bytes in that value. + * * Syscall with command **BPF_MAP_LOOKUP_ELEM** does not copy + * the **bpf_spin_lock** field to user space. + * * Syscall with command **BPF_MAP_UPDATE_ELEM**, or update from + * a BPF program, do not update the **bpf_spin_lock** field. + * * **bpf_spin_lock** cannot be on the stack or inside a + * networking packet (it can only be inside of a map values). + * * **bpf_spin_lock** is available to root only. + * * Tracing programs and socket filter programs cannot use + * **bpf_spin_lock**\ () due to insufficient preemption checks + * (but this may change in the future). + * * **bpf_spin_lock** is not allowed in inner maps of map-in-map. + * Return + * 0 + * + * long bpf_spin_unlock(struct bpf_spin_lock *lock) + * Description + * Release the *lock* previously locked by a call to + * **bpf_spin_lock**\ (\ *lock*\ ). + * Return + * 0 + * + * struct bpf_sock *bpf_sk_fullsock(struct bpf_sock *sk) + * Description + * This helper gets a **struct bpf_sock** pointer such + * that all the fields in this **bpf_sock** can be accessed. + * Return + * A **struct bpf_sock** pointer on success, or **NULL** in + * case of failure. + * + * struct bpf_tcp_sock *bpf_tcp_sock(struct bpf_sock *sk) + * Description + * This helper gets a **struct bpf_tcp_sock** pointer from a + * **struct bpf_sock** pointer. + * Return + * A **struct bpf_tcp_sock** pointer on success, or **NULL** in + * case of failure. + * + * long bpf_skb_ecn_set_ce(struct sk_buff *skb) + * Description + * Set ECN (Explicit Congestion Notification) field of IP header + * to **CE** (Congestion Encountered) if current value is **ECT** + * (ECN Capable Transport). Otherwise, do nothing. Works with IPv6 + * and IPv4. + * Return + * 1 if the **CE** flag is set (either by the current helper call + * or because it was already present), 0 if it is not set. + * + * struct bpf_sock *bpf_get_listener_sock(struct bpf_sock *sk) + * Description + * Return a **struct bpf_sock** pointer in **TCP_LISTEN** state. + * **bpf_sk_release**\ () is unnecessary and not allowed. + * Return + * A **struct bpf_sock** pointer on success, or **NULL** in + * case of failure. + * + * struct bpf_sock *bpf_skc_lookup_tcp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u64 netns, u64 flags) + * Description + * Look for TCP socket matching *tuple*, optionally in a child + * network namespace *netns*. The return value must be checked, + * and if non-**NULL**, released via **bpf_sk_release**\ (). + * + * This function is identical to **bpf_sk_lookup_tcp**\ (), except + * that it also returns timewait or request sockets. Use + * **bpf_sk_fullsock**\ () or **bpf_tcp_sock**\ () to access the + * full structure. + * + * This helper is available only if the kernel was compiled with + * **CONFIG_NET** configuration option. + * Return + * Pointer to **struct bpf_sock**, or **NULL** in case of failure. + * For sockets with reuseport option, the **struct bpf_sock** + * result is from *reuse*\ **->socks**\ [] using the hash of the + * tuple. + * + * long bpf_tcp_check_syncookie(void *sk, void *iph, u32 iph_len, struct tcphdr *th, u32 th_len) + * Description + * Check whether *iph* and *th* contain a valid SYN cookie ACK for + * the listening socket in *sk*. + * + * *iph* points to the start of the IPv4 or IPv6 header, while + * *iph_len* contains **sizeof**\ (**struct iphdr**) or + * **sizeof**\ (**struct ip6hdr**). + * + * *th* points to the start of the TCP header, while *th_len* + * contains **sizeof**\ (**struct tcphdr**). + * Return + * 0 if *iph* and *th* are a valid SYN cookie ACK, or a negative + * error otherwise. + * + * long bpf_sysctl_get_name(struct bpf_sysctl *ctx, char *buf, size_t buf_len, u64 flags) + * Description + * Get name of sysctl in /proc/sys/ and copy it into provided by + * program buffer *buf* of size *buf_len*. + * + * The buffer is always NUL terminated, unless it's zero-sized. + * + * If *flags* is zero, full name (e.g. "net/ipv4/tcp_mem") is + * copied. Use **BPF_F_SYSCTL_BASE_NAME** flag to copy base name + * only (e.g. "tcp_mem"). + * Return + * Number of character copied (not including the trailing NUL). + * + * **-E2BIG** if the buffer wasn't big enough (*buf* will contain + * truncated name in this case). + * + * long bpf_sysctl_get_current_value(struct bpf_sysctl *ctx, char *buf, size_t buf_len) + * Description + * Get current value of sysctl as it is presented in /proc/sys + * (incl. newline, etc), and copy it as a string into provided + * by program buffer *buf* of size *buf_len*. + * + * The whole value is copied, no matter what file position user + * space issued e.g. sys_read at. + * + * The buffer is always NUL terminated, unless it's zero-sized. + * Return + * Number of character copied (not including the trailing NUL). + * + * **-E2BIG** if the buffer wasn't big enough (*buf* will contain + * truncated name in this case). + * + * **-EINVAL** if current value was unavailable, e.g. because + * sysctl is uninitialized and read returns -EIO for it. + * + * long bpf_sysctl_get_new_value(struct bpf_sysctl *ctx, char *buf, size_t buf_len) + * Description + * Get new value being written by user space to sysctl (before + * the actual write happens) and copy it as a string into + * provided by program buffer *buf* of size *buf_len*. + * + * User space may write new value at file position > 0. + * + * The buffer is always NUL terminated, unless it's zero-sized. + * Return + * Number of character copied (not including the trailing NUL). + * + * **-E2BIG** if the buffer wasn't big enough (*buf* will contain + * truncated name in this case). + * + * **-EINVAL** if sysctl is being read. + * + * long bpf_sysctl_set_new_value(struct bpf_sysctl *ctx, const char *buf, size_t buf_len) + * Description + * Override new value being written by user space to sysctl with + * value provided by program in buffer *buf* of size *buf_len*. + * + * *buf* should contain a string in same form as provided by user + * space on sysctl write. + * + * User space may write new value at file position > 0. To override + * the whole sysctl value file position should be set to zero. + * Return + * 0 on success. + * + * **-E2BIG** if the *buf_len* is too big. + * + * **-EINVAL** if sysctl is being read. + * + * long bpf_strtol(const char *buf, size_t buf_len, u64 flags, long *res) + * Description + * Convert the initial part of the string from buffer *buf* of + * size *buf_len* to a long integer according to the given base + * and save the result in *res*. + * + * The string may begin with an arbitrary amount of white space + * (as determined by **isspace**\ (3)) followed by a single + * optional '**-**' sign. + * + * Five least significant bits of *flags* encode base, other bits + * are currently unused. + * + * Base must be either 8, 10, 16 or 0 to detect it automatically + * similar to user space **strtol**\ (3). + * Return + * Number of characters consumed on success. Must be positive but + * no more than *buf_len*. + * + * **-EINVAL** if no valid digits were found or unsupported base + * was provided. + * + * **-ERANGE** if resulting value was out of range. + * + * long bpf_strtoul(const char *buf, size_t buf_len, u64 flags, unsigned long *res) + * Description + * Convert the initial part of the string from buffer *buf* of + * size *buf_len* to an unsigned long integer according to the + * given base and save the result in *res*. + * + * The string may begin with an arbitrary amount of white space + * (as determined by **isspace**\ (3)). + * + * Five least significant bits of *flags* encode base, other bits + * are currently unused. + * + * Base must be either 8, 10, 16 or 0 to detect it automatically + * similar to user space **strtoul**\ (3). + * Return + * Number of characters consumed on success. Must be positive but + * no more than *buf_len*. + * + * **-EINVAL** if no valid digits were found or unsupported base + * was provided. + * + * **-ERANGE** if resulting value was out of range. + * + * void *bpf_sk_storage_get(struct bpf_map *map, void *sk, void *value, u64 flags) + * Description + * Get a bpf-local-storage from a *sk*. + * + * Logically, it could be thought of getting the value from + * a *map* with *sk* as the **key**. From this + * perspective, the usage is not much different from + * **bpf_map_lookup_elem**\ (*map*, **&**\ *sk*) except this + * helper enforces the key must be a full socket and the map must + * be a **BPF_MAP_TYPE_SK_STORAGE** also. + * + * Underneath, the value is stored locally at *sk* instead of + * the *map*. The *map* is used as the bpf-local-storage + * "type". The bpf-local-storage "type" (i.e. the *map*) is + * searched against all bpf-local-storages residing at *sk*. + * + * *sk* is a kernel **struct sock** pointer for LSM program. + * *sk* is a **struct bpf_sock** pointer for other program types. + * + * An optional *flags* (**BPF_SK_STORAGE_GET_F_CREATE**) can be + * used such that a new bpf-local-storage will be + * created if one does not exist. *value* can be used + * together with **BPF_SK_STORAGE_GET_F_CREATE** to specify + * the initial value of a bpf-local-storage. If *value* is + * **NULL**, the new bpf-local-storage will be zero initialized. + * Return + * A bpf-local-storage pointer is returned on success. + * + * **NULL** if not found or there was an error in adding + * a new bpf-local-storage. + * + * long bpf_sk_storage_delete(struct bpf_map *map, void *sk) + * Description + * Delete a bpf-local-storage from a *sk*. + * Return + * 0 on success. + * + * **-ENOENT** if the bpf-local-storage cannot be found. + * **-EINVAL** if sk is not a fullsock (e.g. a request_sock). + * + * long bpf_send_signal(u32 sig) + * Description + * Send signal *sig* to the process of the current task. + * The signal may be delivered to any of this process's threads. + * Return + * 0 on success or successfully queued. + * + * **-EBUSY** if work queue under nmi is full. + * + * **-EINVAL** if *sig* is invalid. + * + * **-EPERM** if no permission to send the *sig*. + * + * **-EAGAIN** if bpf program can try again. + * + * s64 bpf_tcp_gen_syncookie(void *sk, void *iph, u32 iph_len, struct tcphdr *th, u32 th_len) + * Description + * Try to issue a SYN cookie for the packet with corresponding + * IP/TCP headers, *iph* and *th*, on the listening socket in *sk*. + * + * *iph* points to the start of the IPv4 or IPv6 header, while + * *iph_len* contains **sizeof**\ (**struct iphdr**) or + * **sizeof**\ (**struct ip6hdr**). + * + * *th* points to the start of the TCP header, while *th_len* + * contains the length of the TCP header. + * Return + * On success, lower 32 bits hold the generated SYN cookie in + * followed by 16 bits which hold the MSS value for that cookie, + * and the top 16 bits are unused. + * + * On failure, the returned value is one of the following: + * + * **-EINVAL** SYN cookie cannot be issued due to error + * + * **-ENOENT** SYN cookie should not be issued (no SYN flood) + * + * **-EOPNOTSUPP** kernel configuration does not enable SYN cookies + * + * **-EPROTONOSUPPORT** IP packet version is not 4 or 6 + * + * long bpf_skb_output(void *ctx, struct bpf_map *map, u64 flags, void *data, u64 size) + * Description + * Write raw *data* blob into a special BPF perf event held by + * *map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. This perf + * event must have the following attributes: **PERF_SAMPLE_RAW** + * as **sample_type**, **PERF_TYPE_SOFTWARE** as **type**, and + * **PERF_COUNT_SW_BPF_OUTPUT** as **config**. + * + * The *flags* are used to indicate the index in *map* for which + * the value must be put, masked with **BPF_F_INDEX_MASK**. + * Alternatively, *flags* can be set to **BPF_F_CURRENT_CPU** + * to indicate that the index of the current CPU core should be + * used. + * + * The value to write, of *size*, is passed through eBPF stack and + * pointed by *data*. + * + * *ctx* is a pointer to in-kernel struct sk_buff. + * + * This helper is similar to **bpf_perf_event_output**\ () but + * restricted to raw_tracepoint bpf programs. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_probe_read_user(void *dst, u32 size, const void *unsafe_ptr) + * Description + * Safely attempt to read *size* bytes from user space address + * *unsafe_ptr* and store the data in *dst*. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_probe_read_kernel(void *dst, u32 size, const void *unsafe_ptr) + * Description + * Safely attempt to read *size* bytes from kernel space address + * *unsafe_ptr* and store the data in *dst*. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_probe_read_user_str(void *dst, u32 size, const void *unsafe_ptr) + * Description + * Copy a NUL terminated string from an unsafe user address + * *unsafe_ptr* to *dst*. The *size* should include the + * terminating NUL byte. In case the string length is smaller than + * *size*, the target is not padded with further NUL bytes. If the + * string length is larger than *size*, just *size*-1 bytes are + * copied and the last byte is set to NUL. + * + * On success, the length of the copied string is returned. This + * makes this helper useful in tracing programs for reading + * strings, and more importantly to get its length at runtime. See + * the following snippet: + * + * :: + * + * SEC("kprobe/sys_open") + * void bpf_sys_open(struct pt_regs *ctx) + * { + * char buf[PATHLEN]; // PATHLEN is defined to 256 + * int res = bpf_probe_read_user_str(buf, sizeof(buf), + * ctx->di); + * + * // Consume buf, for example push it to + * // userspace via bpf_perf_event_output(); we + * // can use res (the string length) as event + * // size, after checking its boundaries. + * } + * + * In comparison, using **bpf_probe_read_user**\ () helper here + * instead to read the string would require to estimate the length + * at compile time, and would often result in copying more memory + * than necessary. + * + * Another useful use case is when parsing individual process + * arguments or individual environment variables navigating + * *current*\ **->mm->arg_start** and *current*\ + * **->mm->env_start**: using this helper and the return value, + * one can quickly iterate at the right offset of the memory area. + * Return + * On success, the strictly positive length of the string, + * including the trailing NUL character. On error, a negative + * value. + * + * long bpf_probe_read_kernel_str(void *dst, u32 size, const void *unsafe_ptr) + * Description + * Copy a NUL terminated string from an unsafe kernel address *unsafe_ptr* + * to *dst*. Same semantics as with **bpf_probe_read_user_str**\ () apply. + * Return + * On success, the strictly positive length of the string, including + * the trailing NUL character. On error, a negative value. + * + * long bpf_tcp_send_ack(void *tp, u32 rcv_nxt) + * Description + * Send out a tcp-ack. *tp* is the in-kernel struct **tcp_sock**. + * *rcv_nxt* is the ack_seq to be sent out. + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_send_signal_thread(u32 sig) + * Description + * Send signal *sig* to the thread corresponding to the current task. + * Return + * 0 on success or successfully queued. + * + * **-EBUSY** if work queue under nmi is full. + * + * **-EINVAL** if *sig* is invalid. + * + * **-EPERM** if no permission to send the *sig*. + * + * **-EAGAIN** if bpf program can try again. + * + * u64 bpf_jiffies64(void) + * Description + * Obtain the 64bit jiffies + * Return + * The 64 bit jiffies + * + * long bpf_read_branch_records(struct bpf_perf_event_data *ctx, void *buf, u32 size, u64 flags) + * Description + * For an eBPF program attached to a perf event, retrieve the + * branch records (**struct perf_branch_entry**) associated to *ctx* + * and store it in the buffer pointed by *buf* up to size + * *size* bytes. + * Return + * On success, number of bytes written to *buf*. On error, a + * negative value. + * + * The *flags* can be set to **BPF_F_GET_BRANCH_RECORDS_SIZE** to + * instead return the number of bytes required to store all the + * branch entries. If this flag is set, *buf* may be NULL. + * + * **-EINVAL** if arguments invalid or **size** not a multiple + * of **sizeof**\ (**struct perf_branch_entry**\ ). + * + * **-ENOENT** if architecture does not support branch records. + * + * long bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, struct bpf_pidns_info *nsdata, u32 size) + * Description + * Returns 0 on success, values for *pid* and *tgid* as seen from the current + * *namespace* will be returned in *nsdata*. + * Return + * 0 on success, or one of the following in case of failure: + * + * **-EINVAL** if dev and inum supplied don't match dev_t and inode number + * with nsfs of current task, or if dev conversion to dev_t lost high bits. + * + * **-ENOENT** if pidns does not exists for the current task. + * + * long bpf_xdp_output(void *ctx, struct bpf_map *map, u64 flags, void *data, u64 size) + * Description + * Write raw *data* blob into a special BPF perf event held by + * *map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. This perf + * event must have the following attributes: **PERF_SAMPLE_RAW** + * as **sample_type**, **PERF_TYPE_SOFTWARE** as **type**, and + * **PERF_COUNT_SW_BPF_OUTPUT** as **config**. + * + * The *flags* are used to indicate the index in *map* for which + * the value must be put, masked with **BPF_F_INDEX_MASK**. + * Alternatively, *flags* can be set to **BPF_F_CURRENT_CPU** + * to indicate that the index of the current CPU core should be + * used. + * + * The value to write, of *size*, is passed through eBPF stack and + * pointed by *data*. + * + * *ctx* is a pointer to in-kernel struct xdp_buff. + * + * This helper is similar to **bpf_perf_eventoutput**\ () but + * restricted to raw_tracepoint bpf programs. + * Return + * 0 on success, or a negative error in case of failure. + * + * u64 bpf_get_netns_cookie(void *ctx) + * Description + * Retrieve the cookie (generated by the kernel) of the network + * namespace the input *ctx* is associated with. The network + * namespace cookie remains stable for its lifetime and provides + * a global identifier that can be assumed unique. If *ctx* is + * NULL, then the helper returns the cookie for the initial + * network namespace. The cookie itself is very similar to that + * of **bpf_get_socket_cookie**\ () helper, but for network + * namespaces instead of sockets. + * Return + * A 8-byte long opaque number. + * + * u64 bpf_get_current_ancestor_cgroup_id(int ancestor_level) + * Description + * Return id of cgroup v2 that is ancestor of the cgroup associated + * with the current task at the *ancestor_level*. The root cgroup + * is at *ancestor_level* zero and each step down the hierarchy + * increments the level. If *ancestor_level* == level of cgroup + * associated with the current task, then return value will be the + * same as that of **bpf_get_current_cgroup_id**\ (). + * + * The helper is useful to implement policies based on cgroups + * that are upper in hierarchy than immediate cgroup associated + * with the current task. + * + * The format of returned id and helper limitations are same as in + * **bpf_get_current_cgroup_id**\ (). + * Return + * The id is returned or 0 in case the id could not be retrieved. + * + * long bpf_sk_assign(struct sk_buff *skb, void *sk, u64 flags) + * Description + * Helper is overloaded depending on BPF program type. This + * description applies to **BPF_PROG_TYPE_SCHED_CLS** and + * **BPF_PROG_TYPE_SCHED_ACT** programs. + * + * Assign the *sk* to the *skb*. When combined with appropriate + * routing configuration to receive the packet towards the socket, + * will cause *skb* to be delivered to the specified socket. + * Subsequent redirection of *skb* via **bpf_redirect**\ (), + * **bpf_clone_redirect**\ () or other methods outside of BPF may + * interfere with successful delivery to the socket. + * + * This operation is only valid from TC ingress path. + * + * The *flags* argument must be zero. + * Return + * 0 on success, or a negative error in case of failure: + * + * **-EINVAL** if specified *flags* are not supported. + * + * **-ENOENT** if the socket is unavailable for assignment. + * + * **-ENETUNREACH** if the socket is unreachable (wrong netns). + * + * **-EOPNOTSUPP** if the operation is not supported, for example + * a call from outside of TC ingress. + * + * **-ESOCKTNOSUPPORT** if the socket type is not supported + * (reuseport). + * + * long bpf_sk_assign(struct bpf_sk_lookup *ctx, struct bpf_sock *sk, u64 flags) + * Description + * Helper is overloaded depending on BPF program type. This + * description applies to **BPF_PROG_TYPE_SK_LOOKUP** programs. + * + * Select the *sk* as a result of a socket lookup. + * + * For the operation to succeed passed socket must be compatible + * with the packet description provided by the *ctx* object. + * + * L4 protocol (**IPPROTO_TCP** or **IPPROTO_UDP**) must + * be an exact match. While IP family (**AF_INET** or + * **AF_INET6**) must be compatible, that is IPv6 sockets + * that are not v6-only can be selected for IPv4 packets. + * + * Only TCP listeners and UDP unconnected sockets can be + * selected. *sk* can also be NULL to reset any previous + * selection. + * + * *flags* argument can combination of following values: + * + * * **BPF_SK_LOOKUP_F_REPLACE** to override the previous + * socket selection, potentially done by a BPF program + * that ran before us. + * + * * **BPF_SK_LOOKUP_F_NO_REUSEPORT** to skip + * load-balancing within reuseport group for the socket + * being selected. + * + * On success *ctx->sk* will point to the selected socket. + * + * Return + * 0 on success, or a negative errno in case of failure. + * + * * **-EAFNOSUPPORT** if socket family (*sk->family*) is + * not compatible with packet family (*ctx->family*). + * + * * **-EEXIST** if socket has been already selected, + * potentially by another program, and + * **BPF_SK_LOOKUP_F_REPLACE** flag was not specified. + * + * * **-EINVAL** if unsupported flags were specified. + * + * * **-EPROTOTYPE** if socket L4 protocol + * (*sk->protocol*) doesn't match packet protocol + * (*ctx->protocol*). + * + * * **-ESOCKTNOSUPPORT** if socket is not in allowed + * state (TCP listening or UDP unconnected). + * + * u64 bpf_ktime_get_boot_ns(void) + * Description + * Return the time elapsed since system boot, in nanoseconds. + * Does include the time the system was suspended. + * See: **clock_gettime**\ (**CLOCK_BOOTTIME**) + * Return + * Current *ktime*. + * + * long bpf_seq_printf(struct seq_file *m, const char *fmt, u32 fmt_size, const void *data, u32 data_len) + * Description + * **bpf_seq_printf**\ () uses seq_file **seq_printf**\ () to print + * out the format string. + * The *m* represents the seq_file. The *fmt* and *fmt_size* are for + * the format string itself. The *data* and *data_len* are format string + * arguments. The *data* are a **u64** array and corresponding format string + * values are stored in the array. For strings and pointers where pointees + * are accessed, only the pointer values are stored in the *data* array. + * The *data_len* is the size of *data* in bytes. + * + * Formats **%s**, **%p{i,I}{4,6}** requires to read kernel memory. + * Reading kernel memory may fail due to either invalid address or + * valid address but requiring a major memory fault. If reading kernel memory + * fails, the string for **%s** will be an empty string, and the ip + * address for **%p{i,I}{4,6}** will be 0. Not returning error to + * bpf program is consistent with what **bpf_trace_printk**\ () does for now. + * Return + * 0 on success, or a negative error in case of failure: + * + * **-EBUSY** if per-CPU memory copy buffer is busy, can try again + * by returning 1 from bpf program. + * + * **-EINVAL** if arguments are invalid, or if *fmt* is invalid/unsupported. + * + * **-E2BIG** if *fmt* contains too many format specifiers. + * + * **-EOVERFLOW** if an overflow happened: The same object will be tried again. + * + * long bpf_seq_write(struct seq_file *m, const void *data, u32 len) + * Description + * **bpf_seq_write**\ () uses seq_file **seq_write**\ () to write the data. + * The *m* represents the seq_file. The *data* and *len* represent the + * data to write in bytes. + * Return + * 0 on success, or a negative error in case of failure: + * + * **-EOVERFLOW** if an overflow happened: The same object will be tried again. + * + * u64 bpf_sk_cgroup_id(void *sk) + * Description + * Return the cgroup v2 id of the socket *sk*. + * + * *sk* must be a non-**NULL** pointer to a socket, e.g. one + * returned from **bpf_sk_lookup_xxx**\ (), + * **bpf_sk_fullsock**\ (), etc. The format of returned id is + * same as in **bpf_skb_cgroup_id**\ (). + * + * This helper is available only if the kernel was compiled with + * the **CONFIG_SOCK_CGROUP_DATA** configuration option. + * Return + * The id is returned or 0 in case the id could not be retrieved. + * + * u64 bpf_sk_ancestor_cgroup_id(void *sk, int ancestor_level) + * Description + * Return id of cgroup v2 that is ancestor of cgroup associated + * with the *sk* at the *ancestor_level*. The root cgroup is at + * *ancestor_level* zero and each step down the hierarchy + * increments the level. If *ancestor_level* == level of cgroup + * associated with *sk*, then return value will be same as that + * of **bpf_sk_cgroup_id**\ (). + * + * The helper is useful to implement policies based on cgroups + * that are upper in hierarchy than immediate cgroup associated + * with *sk*. + * + * The format of returned id and helper limitations are same as in + * **bpf_sk_cgroup_id**\ (). + * Return + * The id is returned or 0 in case the id could not be retrieved. + * + * long bpf_ringbuf_output(void *ringbuf, void *data, u64 size, u64 flags) + * Description + * Copy *size* bytes from *data* into a ring buffer *ringbuf*. + * If **BPF_RB_NO_WAKEUP** is specified in *flags*, no notification + * of new data availability is sent. + * If **BPF_RB_FORCE_WAKEUP** is specified in *flags*, notification + * of new data availability is sent unconditionally. + * Return + * 0 on success, or a negative error in case of failure. + * + * void *bpf_ringbuf_reserve(void *ringbuf, u64 size, u64 flags) + * Description + * Reserve *size* bytes of payload in a ring buffer *ringbuf*. + * Return + * Valid pointer with *size* bytes of memory available; NULL, + * otherwise. + * + * void bpf_ringbuf_submit(void *data, u64 flags) + * Description + * Submit reserved ring buffer sample, pointed to by *data*. + * If **BPF_RB_NO_WAKEUP** is specified in *flags*, no notification + * of new data availability is sent. + * If **BPF_RB_FORCE_WAKEUP** is specified in *flags*, notification + * of new data availability is sent unconditionally. + * Return + * Nothing. Always succeeds. + * + * void bpf_ringbuf_discard(void *data, u64 flags) + * Description + * Discard reserved ring buffer sample, pointed to by *data*. + * If **BPF_RB_NO_WAKEUP** is specified in *flags*, no notification + * of new data availability is sent. + * If **BPF_RB_FORCE_WAKEUP** is specified in *flags*, notification + * of new data availability is sent unconditionally. + * Return + * Nothing. Always succeeds. + * + * u64 bpf_ringbuf_query(void *ringbuf, u64 flags) + * Description + * Query various characteristics of provided ring buffer. What + * exactly is queries is determined by *flags*: + * + * * **BPF_RB_AVAIL_DATA**: Amount of data not yet consumed. + * * **BPF_RB_RING_SIZE**: The size of ring buffer. + * * **BPF_RB_CONS_POS**: Consumer position (can wrap around). + * * **BPF_RB_PROD_POS**: Producer(s) position (can wrap around). + * + * Data returned is just a momentary snapshot of actual values + * and could be inaccurate, so this facility should be used to + * power heuristics and for reporting, not to make 100% correct + * calculation. + * Return + * Requested value, or 0, if *flags* are not recognized. + * + * long bpf_csum_level(struct sk_buff *skb, u64 level) + * Description + * Change the skbs checksum level by one layer up or down, or + * reset it entirely to none in order to have the stack perform + * checksum validation. The level is applicable to the following + * protocols: TCP, UDP, GRE, SCTP, FCOE. For example, a decap of + * | ETH | IP | UDP | GUE | IP | TCP | into | ETH | IP | TCP | + * through **bpf_skb_adjust_room**\ () helper with passing in + * **BPF_F_ADJ_ROOM_NO_CSUM_RESET** flag would require one call + * to **bpf_csum_level**\ () with **BPF_CSUM_LEVEL_DEC** since + * the UDP header is removed. Similarly, an encap of the latter + * into the former could be accompanied by a helper call to + * **bpf_csum_level**\ () with **BPF_CSUM_LEVEL_INC** if the + * skb is still intended to be processed in higher layers of the + * stack instead of just egressing at tc. + * + * There are three supported level settings at this time: + * + * * **BPF_CSUM_LEVEL_INC**: Increases skb->csum_level for skbs + * with CHECKSUM_UNNECESSARY. + * * **BPF_CSUM_LEVEL_DEC**: Decreases skb->csum_level for skbs + * with CHECKSUM_UNNECESSARY. + * * **BPF_CSUM_LEVEL_RESET**: Resets skb->csum_level to 0 and + * sets CHECKSUM_NONE to force checksum validation by the stack. + * * **BPF_CSUM_LEVEL_QUERY**: No-op, returns the current + * skb->csum_level. + * Return + * 0 on success, or a negative error in case of failure. In the + * case of **BPF_CSUM_LEVEL_QUERY**, the current skb->csum_level + * is returned or the error code -EACCES in case the skb is not + * subject to CHECKSUM_UNNECESSARY. + * + * struct tcp6_sock *bpf_skc_to_tcp6_sock(void *sk) + * Description + * Dynamically cast a *sk* pointer to a *tcp6_sock* pointer. + * Return + * *sk* if casting is valid, or **NULL** otherwise. + * + * struct tcp_sock *bpf_skc_to_tcp_sock(void *sk) + * Description + * Dynamically cast a *sk* pointer to a *tcp_sock* pointer. + * Return + * *sk* if casting is valid, or **NULL** otherwise. + * + * struct tcp_timewait_sock *bpf_skc_to_tcp_timewait_sock(void *sk) + * Description + * Dynamically cast a *sk* pointer to a *tcp_timewait_sock* pointer. + * Return + * *sk* if casting is valid, or **NULL** otherwise. + * + * struct tcp_request_sock *bpf_skc_to_tcp_request_sock(void *sk) + * Description + * Dynamically cast a *sk* pointer to a *tcp_request_sock* pointer. + * Return + * *sk* if casting is valid, or **NULL** otherwise. + * + * struct udp6_sock *bpf_skc_to_udp6_sock(void *sk) + * Description + * Dynamically cast a *sk* pointer to a *udp6_sock* pointer. + * Return + * *sk* if casting is valid, or **NULL** otherwise. + * + * long bpf_get_task_stack(struct task_struct *task, void *buf, u32 size, u64 flags) + * Description + * Return a user or a kernel stack in bpf program provided buffer. + * To achieve this, the helper needs *task*, which is a valid + * pointer to **struct task_struct**. To store the stacktrace, the + * bpf program provides *buf* with a nonnegative *size*. + * + * The last argument, *flags*, holds the number of stack frames to + * skip (from 0 to 255), masked with + * **BPF_F_SKIP_FIELD_MASK**. The next bits can be used to set + * the following flags: + * + * **BPF_F_USER_STACK** + * Collect a user space stack instead of a kernel stack. + * **BPF_F_USER_BUILD_ID** + * Collect buildid+offset instead of ips for user stack, + * only valid if **BPF_F_USER_STACK** is also specified. + * + * **bpf_get_task_stack**\ () can collect up to + * **PERF_MAX_STACK_DEPTH** both kernel and user frames, subject + * to sufficient large buffer size. Note that + * this limit can be controlled with the **sysctl** program, and + * that it should be manually increased in order to profile long + * user stacks (such as stacks for Java programs). To do so, use: + * + * :: + * + * # sysctl kernel.perf_event_max_stack= + * Return + * A non-negative value equal to or less than *size* on success, + * or a negative error in case of failure. + * + * long bpf_load_hdr_opt(struct bpf_sock_ops *skops, void *searchby_res, u32 len, u64 flags) + * Description + * Load header option. Support reading a particular TCP header + * option for bpf program (**BPF_PROG_TYPE_SOCK_OPS**). + * + * If *flags* is 0, it will search the option from the + * *skops*\ **->skb_data**. The comment in **struct bpf_sock_ops** + * has details on what skb_data contains under different + * *skops*\ **->op**. + * + * The first byte of the *searchby_res* specifies the + * kind that it wants to search. + * + * If the searching kind is an experimental kind + * (i.e. 253 or 254 according to RFC6994). It also + * needs to specify the "magic" which is either + * 2 bytes or 4 bytes. It then also needs to + * specify the size of the magic by using + * the 2nd byte which is "kind-length" of a TCP + * header option and the "kind-length" also + * includes the first 2 bytes "kind" and "kind-length" + * itself as a normal TCP header option also does. + * + * For example, to search experimental kind 254 with + * 2 byte magic 0xeB9F, the searchby_res should be + * [ 254, 4, 0xeB, 0x9F, 0, 0, .... 0 ]. + * + * To search for the standard window scale option (3), + * the *searchby_res* should be [ 3, 0, 0, .... 0 ]. + * Note, kind-length must be 0 for regular option. + * + * Searching for No-Op (0) and End-of-Option-List (1) are + * not supported. + * + * *len* must be at least 2 bytes which is the minimal size + * of a header option. + * + * Supported flags: + * + * * **BPF_LOAD_HDR_OPT_TCP_SYN** to search from the + * saved_syn packet or the just-received syn packet. + * + * Return + * > 0 when found, the header option is copied to *searchby_res*. + * The return value is the total length copied. On failure, a + * negative error code is returned: + * + * **-EINVAL** if a parameter is invalid. + * + * **-ENOMSG** if the option is not found. + * + * **-ENOENT** if no syn packet is available when + * **BPF_LOAD_HDR_OPT_TCP_SYN** is used. + * + * **-ENOSPC** if there is not enough space. Only *len* number of + * bytes are copied. + * + * **-EFAULT** on failure to parse the header options in the + * packet. + * + * **-EPERM** if the helper cannot be used under the current + * *skops*\ **->op**. + * + * long bpf_store_hdr_opt(struct bpf_sock_ops *skops, const void *from, u32 len, u64 flags) + * Description + * Store header option. The data will be copied + * from buffer *from* with length *len* to the TCP header. + * + * The buffer *from* should have the whole option that + * includes the kind, kind-length, and the actual + * option data. The *len* must be at least kind-length + * long. The kind-length does not have to be 4 byte + * aligned. The kernel will take care of the padding + * and setting the 4 bytes aligned value to th->doff. + * + * This helper will check for duplicated option + * by searching the same option in the outgoing skb. + * + * This helper can only be called during + * **BPF_SOCK_OPS_WRITE_HDR_OPT_CB**. + * + * Return + * 0 on success, or negative error in case of failure: + * + * **-EINVAL** If param is invalid. + * + * **-ENOSPC** if there is not enough space in the header. + * Nothing has been written + * + * **-EEXIST** if the option already exists. + * + * **-EFAULT** on failrue to parse the existing header options. + * + * **-EPERM** if the helper cannot be used under the current + * *skops*\ **->op**. + * + * long bpf_reserve_hdr_opt(struct bpf_sock_ops *skops, u32 len, u64 flags) + * Description + * Reserve *len* bytes for the bpf header option. The + * space will be used by **bpf_store_hdr_opt**\ () later in + * **BPF_SOCK_OPS_WRITE_HDR_OPT_CB**. + * + * If **bpf_reserve_hdr_opt**\ () is called multiple times, + * the total number of bytes will be reserved. + * + * This helper can only be called during + * **BPF_SOCK_OPS_HDR_OPT_LEN_CB**. + * + * Return + * 0 on success, or negative error in case of failure: + * + * **-EINVAL** if a parameter is invalid. + * + * **-ENOSPC** if there is not enough space in the header. + * + * **-EPERM** if the helper cannot be used under the current + * *skops*\ **->op**. + * + * void *bpf_inode_storage_get(struct bpf_map *map, void *inode, void *value, u64 flags) + * Description + * Get a bpf_local_storage from an *inode*. + * + * Logically, it could be thought of as getting the value from + * a *map* with *inode* as the **key**. From this + * perspective, the usage is not much different from + * **bpf_map_lookup_elem**\ (*map*, **&**\ *inode*) except this + * helper enforces the key must be an inode and the map must also + * be a **BPF_MAP_TYPE_INODE_STORAGE**. + * + * Underneath, the value is stored locally at *inode* instead of + * the *map*. The *map* is used as the bpf-local-storage + * "type". The bpf-local-storage "type" (i.e. the *map*) is + * searched against all bpf_local_storage residing at *inode*. + * + * An optional *flags* (**BPF_LOCAL_STORAGE_GET_F_CREATE**) can be + * used such that a new bpf_local_storage will be + * created if one does not exist. *value* can be used + * together with **BPF_LOCAL_STORAGE_GET_F_CREATE** to specify + * the initial value of a bpf_local_storage. If *value* is + * **NULL**, the new bpf_local_storage will be zero initialized. + * Return + * A bpf_local_storage pointer is returned on success. + * + * **NULL** if not found or there was an error in adding + * a new bpf_local_storage. + * + * int bpf_inode_storage_delete(struct bpf_map *map, void *inode) + * Description + * Delete a bpf_local_storage from an *inode*. + * Return + * 0 on success. + * + * **-ENOENT** if the bpf_local_storage cannot be found. + * + * long bpf_d_path(struct path *path, char *buf, u32 sz) + * Description + * Return full path for given **struct path** object, which + * needs to be the kernel BTF *path* object. The path is + * returned in the provided buffer *buf* of size *sz* and + * is zero terminated. + * + * Return + * On success, the strictly positive length of the string, + * including the trailing NUL character. On error, a negative + * value. + * + * long bpf_copy_from_user(void *dst, u32 size, const void *user_ptr) + * Description + * Read *size* bytes from user space address *user_ptr* and store + * the data in *dst*. This is a wrapper of **copy_from_user**\ (). + * Return + * 0 on success, or a negative error in case of failure. + * + * long bpf_snprintf_btf(char *str, u32 str_size, struct btf_ptr *ptr, u32 btf_ptr_size, u64 flags) + * Description + * Use BTF to store a string representation of *ptr*->ptr in *str*, + * using *ptr*->type_id. This value should specify the type + * that *ptr*->ptr points to. LLVM __builtin_btf_type_id(type, 1) + * can be used to look up vmlinux BTF type ids. Traversing the + * data structure using BTF, the type information and values are + * stored in the first *str_size* - 1 bytes of *str*. Safe copy of + * the pointer data is carried out to avoid kernel crashes during + * operation. Smaller types can use string space on the stack; + * larger programs can use map data to store the string + * representation. + * + * The string can be subsequently shared with userspace via + * bpf_perf_event_output() or ring buffer interfaces. + * bpf_trace_printk() is to be avoided as it places too small + * a limit on string size to be useful. + * + * *flags* is a combination of + * + * **BTF_F_COMPACT** + * no formatting around type information + * **BTF_F_NONAME** + * no struct/union member names/types + * **BTF_F_PTR_RAW** + * show raw (unobfuscated) pointer values; + * equivalent to printk specifier %px. + * **BTF_F_ZERO** + * show zero-valued struct/union members; they + * are not displayed by default + * + * Return + * The number of bytes that were written (or would have been + * written if output had to be truncated due to string size), + * or a negative error in cases of failure. + * + * long bpf_seq_printf_btf(struct seq_file *m, struct btf_ptr *ptr, u32 ptr_size, u64 flags) + * Description + * Use BTF to write to seq_write a string representation of + * *ptr*->ptr, using *ptr*->type_id as per bpf_snprintf_btf(). + * *flags* are identical to those used for bpf_snprintf_btf. + * Return + * 0 on success or a negative error in case of failure. + * + * u64 bpf_skb_cgroup_classid(struct sk_buff *skb) + * Description + * See **bpf_get_cgroup_classid**\ () for the main description. + * This helper differs from **bpf_get_cgroup_classid**\ () in that + * the cgroup v1 net_cls class is retrieved only from the *skb*'s + * associated socket instead of the current process. + * Return + * The id is returned or 0 in case the id could not be retrieved. + * + * long bpf_redirect_neigh(u32 ifindex, struct bpf_redir_neigh *params, int plen, u64 flags) + * Description + * Redirect the packet to another net device of index *ifindex* + * and fill in L2 addresses from neighboring subsystem. This helper + * is somewhat similar to **bpf_redirect**\ (), except that it + * populates L2 addresses as well, meaning, internally, the helper + * relies on the neighbor lookup for the L2 address of the nexthop. + * + * The helper will perform a FIB lookup based on the skb's + * networking header to get the address of the next hop, unless + * this is supplied by the caller in the *params* argument. The + * *plen* argument indicates the len of *params* and should be set + * to 0 if *params* is NULL. + * + * The *flags* argument is reserved and must be 0. The helper is + * currently only supported for tc BPF program types, and enabled + * for IPv4 and IPv6 protocols. + * Return + * The helper returns **TC_ACT_REDIRECT** on success or + * **TC_ACT_SHOT** on error. + * + * void *bpf_per_cpu_ptr(const void *percpu_ptr, u32 cpu) + * Description + * Take a pointer to a percpu ksym, *percpu_ptr*, and return a + * pointer to the percpu kernel variable on *cpu*. A ksym is an + * extern variable decorated with '__ksym'. For ksym, there is a + * global var (either static or global) defined of the same name + * in the kernel. The ksym is percpu if the global var is percpu. + * The returned pointer points to the global percpu var on *cpu*. + * + * bpf_per_cpu_ptr() has the same semantic as per_cpu_ptr() in the + * kernel, except that bpf_per_cpu_ptr() may return NULL. This + * happens if *cpu* is larger than nr_cpu_ids. The caller of + * bpf_per_cpu_ptr() must check the returned value. + * Return + * A pointer pointing to the kernel percpu variable on *cpu*, or + * NULL, if *cpu* is invalid. + * + * void *bpf_this_cpu_ptr(const void *percpu_ptr) + * Description + * Take a pointer to a percpu ksym, *percpu_ptr*, and return a + * pointer to the percpu kernel variable on this cpu. See the + * description of 'ksym' in **bpf_per_cpu_ptr**\ (). + * + * bpf_this_cpu_ptr() has the same semantic as this_cpu_ptr() in + * the kernel. Different from **bpf_per_cpu_ptr**\ (), it would + * never return NULL. + * Return + * A pointer pointing to the kernel percpu variable on this cpu. + * + * long bpf_redirect_peer(u32 ifindex, u64 flags) + * Description + * Redirect the packet to another net device of index *ifindex*. + * This helper is somewhat similar to **bpf_redirect**\ (), except + * that the redirection happens to the *ifindex*' peer device and + * the netns switch takes place from ingress to ingress without + * going through the CPU's backlog queue. + * + * The *flags* argument is reserved and must be 0. The helper is + * currently only supported for tc BPF program types at the ingress + * hook and for veth device types. The peer device must reside in a + * different network namespace. + * Return + * The helper returns **TC_ACT_REDIRECT** on success or + * **TC_ACT_SHOT** on error. + */ +#define __BPF_FUNC_MAPPER(FN) \ + FN(unspec), \ + FN(map_lookup_elem), \ + FN(map_update_elem), \ + FN(map_delete_elem), \ + FN(probe_read), \ + FN(ktime_get_ns), \ + FN(trace_printk), \ + FN(get_prandom_u32), \ + FN(get_smp_processor_id), \ + FN(skb_store_bytes), \ + FN(l3_csum_replace), \ + FN(l4_csum_replace), \ + FN(tail_call), \ + FN(clone_redirect), \ + FN(get_current_pid_tgid), \ + FN(get_current_uid_gid), \ + FN(get_current_comm), \ + FN(get_cgroup_classid), \ + FN(skb_vlan_push), \ + FN(skb_vlan_pop), \ + FN(skb_get_tunnel_key), \ + FN(skb_set_tunnel_key), \ + FN(perf_event_read), \ + FN(redirect), \ + FN(get_route_realm), \ + FN(perf_event_output), \ + FN(skb_load_bytes), \ + FN(get_stackid), \ + FN(csum_diff), \ + FN(skb_get_tunnel_opt), \ + FN(skb_set_tunnel_opt), \ + FN(skb_change_proto), \ + FN(skb_change_type), \ + FN(skb_under_cgroup), \ + FN(get_hash_recalc), \ + FN(get_current_task), \ + FN(probe_write_user), \ + FN(current_task_under_cgroup), \ + FN(skb_change_tail), \ + FN(skb_pull_data), \ + FN(csum_update), \ + FN(set_hash_invalid), \ + FN(get_numa_node_id), \ + FN(skb_change_head), \ + FN(xdp_adjust_head), \ + FN(probe_read_str), \ + FN(get_socket_cookie), \ + FN(get_socket_uid), \ + FN(set_hash), \ + FN(setsockopt), \ + FN(skb_adjust_room), \ + FN(redirect_map), \ + FN(sk_redirect_map), \ + FN(sock_map_update), \ + FN(xdp_adjust_meta), \ + FN(perf_event_read_value), \ + FN(perf_prog_read_value), \ + FN(getsockopt), \ + FN(override_return), \ + FN(sock_ops_cb_flags_set), \ + FN(msg_redirect_map), \ + FN(msg_apply_bytes), \ + FN(msg_cork_bytes), \ + FN(msg_pull_data), \ + FN(bind), \ + FN(xdp_adjust_tail), \ + FN(skb_get_xfrm_state), \ + FN(get_stack), \ + FN(skb_load_bytes_relative), \ + FN(fib_lookup), \ + FN(sock_hash_update), \ + FN(msg_redirect_hash), \ + FN(sk_redirect_hash), \ + FN(lwt_push_encap), \ + FN(lwt_seg6_store_bytes), \ + FN(lwt_seg6_adjust_srh), \ + FN(lwt_seg6_action), \ + FN(rc_repeat), \ + FN(rc_keydown), \ + FN(skb_cgroup_id), \ + FN(get_current_cgroup_id), \ + FN(get_local_storage), \ + FN(sk_select_reuseport), \ + FN(skb_ancestor_cgroup_id), \ + FN(sk_lookup_tcp), \ + FN(sk_lookup_udp), \ + FN(sk_release), \ + FN(map_push_elem), \ + FN(map_pop_elem), \ + FN(map_peek_elem), \ + FN(msg_push_data), \ + FN(msg_pop_data), \ + FN(rc_pointer_rel), \ + FN(spin_lock), \ + FN(spin_unlock), \ + FN(sk_fullsock), \ + FN(tcp_sock), \ + FN(skb_ecn_set_ce), \ + FN(get_listener_sock), \ + FN(skc_lookup_tcp), \ + FN(tcp_check_syncookie), \ + FN(sysctl_get_name), \ + FN(sysctl_get_current_value), \ + FN(sysctl_get_new_value), \ + FN(sysctl_set_new_value), \ + FN(strtol), \ + FN(strtoul), \ + FN(sk_storage_get), \ + FN(sk_storage_delete), \ + FN(send_signal), \ + FN(tcp_gen_syncookie), \ + FN(skb_output), \ + FN(probe_read_user), \ + FN(probe_read_kernel), \ + FN(probe_read_user_str), \ + FN(probe_read_kernel_str), \ + FN(tcp_send_ack), \ + FN(send_signal_thread), \ + FN(jiffies64), \ + FN(read_branch_records), \ + FN(get_ns_current_pid_tgid), \ + FN(xdp_output), \ + FN(get_netns_cookie), \ + FN(get_current_ancestor_cgroup_id), \ + FN(sk_assign), \ + FN(ktime_get_boot_ns), \ + FN(seq_printf), \ + FN(seq_write), \ + FN(sk_cgroup_id), \ + FN(sk_ancestor_cgroup_id), \ + FN(ringbuf_output), \ + FN(ringbuf_reserve), \ + FN(ringbuf_submit), \ + FN(ringbuf_discard), \ + FN(ringbuf_query), \ + FN(csum_level), \ + FN(skc_to_tcp6_sock), \ + FN(skc_to_tcp_sock), \ + FN(skc_to_tcp_timewait_sock), \ + FN(skc_to_tcp_request_sock), \ + FN(skc_to_udp6_sock), \ + FN(get_task_stack), \ + FN(load_hdr_opt), \ + FN(store_hdr_opt), \ + FN(reserve_hdr_opt), \ + FN(inode_storage_get), \ + FN(inode_storage_delete), \ + FN(d_path), \ + FN(copy_from_user), \ + FN(snprintf_btf), \ + FN(seq_printf_btf), \ + FN(skb_cgroup_classid), \ + FN(redirect_neigh), \ + FN(per_cpu_ptr), \ + FN(this_cpu_ptr), \ + FN(redirect_peer), \ + /* */ + +/* integer value in 'imm' field of BPF_CALL instruction selects which helper + * function eBPF program intends to call + */ +#define __BPF_ENUM_FN(x) BPF_FUNC_ ## x +enum bpf_func_id { + __BPF_FUNC_MAPPER(__BPF_ENUM_FN) + __BPF_FUNC_MAX_ID, +}; +#undef __BPF_ENUM_FN + +/* All flags used by eBPF helper functions, placed here. */ + +/* BPF_FUNC_skb_store_bytes flags. */ +enum { + BPF_F_RECOMPUTE_CSUM = (1ULL << 0), + BPF_F_INVALIDATE_HASH = (1ULL << 1), +}; + +/* BPF_FUNC_l3_csum_replace and BPF_FUNC_l4_csum_replace flags. + * First 4 bits are for passing the header field size. + */ +enum { + BPF_F_HDR_FIELD_MASK = 0xfULL, +}; + +/* BPF_FUNC_l4_csum_replace flags. */ +enum { + BPF_F_PSEUDO_HDR = (1ULL << 4), + BPF_F_MARK_MANGLED_0 = (1ULL << 5), + BPF_F_MARK_ENFORCE = (1ULL << 6), +}; + +/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */ +enum { + BPF_F_INGRESS = (1ULL << 0), +}; + +/* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */ +enum { + BPF_F_TUNINFO_IPV6 = (1ULL << 0), +}; + +/* flags for both BPF_FUNC_get_stackid and BPF_FUNC_get_stack. */ +enum { + BPF_F_SKIP_FIELD_MASK = 0xffULL, + BPF_F_USER_STACK = (1ULL << 8), +/* flags used by BPF_FUNC_get_stackid only. */ + BPF_F_FAST_STACK_CMP = (1ULL << 9), + BPF_F_REUSE_STACKID = (1ULL << 10), +/* flags used by BPF_FUNC_get_stack only. */ + BPF_F_USER_BUILD_ID = (1ULL << 11), +}; + +/* BPF_FUNC_skb_set_tunnel_key flags. */ +enum { + BPF_F_ZERO_CSUM_TX = (1ULL << 1), + BPF_F_DONT_FRAGMENT = (1ULL << 2), + BPF_F_SEQ_NUMBER = (1ULL << 3), +}; + +/* BPF_FUNC_perf_event_output, BPF_FUNC_perf_event_read and + * BPF_FUNC_perf_event_read_value flags. + */ +enum { + BPF_F_INDEX_MASK = 0xffffffffULL, + BPF_F_CURRENT_CPU = BPF_F_INDEX_MASK, +/* BPF_FUNC_perf_event_output for sk_buff input context. */ + BPF_F_CTXLEN_MASK = (0xfffffULL << 32), +}; + +/* Current network namespace */ +enum { + BPF_F_CURRENT_NETNS = (-1L), +}; + +/* BPF_FUNC_csum_level level values. */ +enum { + BPF_CSUM_LEVEL_QUERY, + BPF_CSUM_LEVEL_INC, + BPF_CSUM_LEVEL_DEC, + BPF_CSUM_LEVEL_RESET, +}; + +/* BPF_FUNC_skb_adjust_room flags. */ +enum { + BPF_F_ADJ_ROOM_FIXED_GSO = (1ULL << 0), + BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 = (1ULL << 1), + BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 = (1ULL << 2), + BPF_F_ADJ_ROOM_ENCAP_L4_GRE = (1ULL << 3), + BPF_F_ADJ_ROOM_ENCAP_L4_UDP = (1ULL << 4), + BPF_F_ADJ_ROOM_NO_CSUM_RESET = (1ULL << 5), +}; + +enum { + BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff, + BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 56, +}; + +#define BPF_F_ADJ_ROOM_ENCAP_L2(len) (((__u64)len & \ + BPF_ADJ_ROOM_ENCAP_L2_MASK) \ + << BPF_ADJ_ROOM_ENCAP_L2_SHIFT) + +/* BPF_FUNC_sysctl_get_name flags. */ +enum { + BPF_F_SYSCTL_BASE_NAME = (1ULL << 0), +}; + +/* BPF_FUNC__storage_get flags */ +enum { + BPF_LOCAL_STORAGE_GET_F_CREATE = (1ULL << 0), + /* BPF_SK_STORAGE_GET_F_CREATE is only kept for backward compatibility + * and BPF_LOCAL_STORAGE_GET_F_CREATE must be used instead. + */ + BPF_SK_STORAGE_GET_F_CREATE = BPF_LOCAL_STORAGE_GET_F_CREATE, +}; + +/* BPF_FUNC_read_branch_records flags. */ +enum { + BPF_F_GET_BRANCH_RECORDS_SIZE = (1ULL << 0), +}; + +/* BPF_FUNC_bpf_ringbuf_commit, BPF_FUNC_bpf_ringbuf_discard, and + * BPF_FUNC_bpf_ringbuf_output flags. + */ +enum { + BPF_RB_NO_WAKEUP = (1ULL << 0), + BPF_RB_FORCE_WAKEUP = (1ULL << 1), +}; + +/* BPF_FUNC_bpf_ringbuf_query flags */ +enum { + BPF_RB_AVAIL_DATA = 0, + BPF_RB_RING_SIZE = 1, + BPF_RB_CONS_POS = 2, + BPF_RB_PROD_POS = 3, +}; + +/* BPF ring buffer constants */ +enum { + BPF_RINGBUF_BUSY_BIT = (1U << 31), + BPF_RINGBUF_DISCARD_BIT = (1U << 30), + BPF_RINGBUF_HDR_SZ = 8, +}; + +/* BPF_FUNC_sk_assign flags in bpf_sk_lookup context. */ +enum { + BPF_SK_LOOKUP_F_REPLACE = (1ULL << 0), + BPF_SK_LOOKUP_F_NO_REUSEPORT = (1ULL << 1), +}; + +/* Mode for BPF_FUNC_skb_adjust_room helper. */ +enum bpf_adj_room_mode { + BPF_ADJ_ROOM_NET, + BPF_ADJ_ROOM_MAC, +}; + +/* Mode for BPF_FUNC_skb_load_bytes_relative helper. */ +enum bpf_hdr_start_off { + BPF_HDR_START_MAC, + BPF_HDR_START_NET, +}; + +/* Encapsulation type for BPF_FUNC_lwt_push_encap helper. */ +enum bpf_lwt_encap_mode { + BPF_LWT_ENCAP_SEG6, + BPF_LWT_ENCAP_SEG6_INLINE, + BPF_LWT_ENCAP_IP, +}; + +#define __bpf_md_ptr(type, name) \ +union { \ + type name; \ + __u64 :64; \ +} __attribute__((aligned(8))) + +/* user accessible mirror of in-kernel sk_buff. + * new fields can only be added to the end of this structure + */ +struct __sk_buff { + __u32 len; + __u32 pkt_type; + __u32 mark; + __u32 queue_mapping; + __u32 protocol; + __u32 vlan_present; + __u32 vlan_tci; + __u32 vlan_proto; + __u32 priority; + __u32 ingress_ifindex; + __u32 ifindex; + __u32 tc_index; + __u32 cb[5]; + __u32 hash; + __u32 tc_classid; + __u32 data; + __u32 data_end; + __u32 napi_id; + + /* Accessed by BPF_PROG_TYPE_sk_skb types from here to ... */ + __u32 family; + __u32 remote_ip4; /* Stored in network byte order */ + __u32 local_ip4; /* Stored in network byte order */ + __u32 remote_ip6[4]; /* Stored in network byte order */ + __u32 local_ip6[4]; /* Stored in network byte order */ + __u32 remote_port; /* Stored in network byte order */ + __u32 local_port; /* stored in host byte order */ + /* ... here. */ + + __u32 data_meta; + __bpf_md_ptr(struct bpf_flow_keys *, flow_keys); + __u64 tstamp; + __u32 wire_len; + __u32 gso_segs; + __bpf_md_ptr(struct bpf_sock *, sk); + __u32 gso_size; +}; + +struct bpf_tunnel_key { + __u32 tunnel_id; + union { + __u32 remote_ipv4; + __u32 remote_ipv6[4]; + }; + __u8 tunnel_tos; + __u8 tunnel_ttl; + __u16 tunnel_ext; /* Padding, future use. */ + __u32 tunnel_label; +}; + +/* user accessible mirror of in-kernel xfrm_state. + * new fields can only be added to the end of this structure + */ +struct bpf_xfrm_state { + __u32 reqid; + __u32 spi; /* Stored in network byte order */ + __u16 family; + __u16 ext; /* Padding, future use. */ + union { + __u32 remote_ipv4; /* Stored in network byte order */ + __u32 remote_ipv6[4]; /* Stored in network byte order */ + }; +}; + +/* Generic BPF return codes which all BPF program types may support. + * The values are binary compatible with their TC_ACT_* counter-part to + * provide backwards compatibility with existing SCHED_CLS and SCHED_ACT + * programs. + * + * XDP is handled seprately, see XDP_*. + */ +enum bpf_ret_code { + BPF_OK = 0, + /* 1 reserved */ + BPF_DROP = 2, + /* 3-6 reserved */ + BPF_REDIRECT = 7, + /* >127 are reserved for prog type specific return codes. + * + * BPF_LWT_REROUTE: used by BPF_PROG_TYPE_LWT_IN and + * BPF_PROG_TYPE_LWT_XMIT to indicate that skb had been + * changed and should be routed based on its new L3 header. + * (This is an L3 redirect, as opposed to L2 redirect + * represented by BPF_REDIRECT above). + */ + BPF_LWT_REROUTE = 128, +}; + +struct bpf_sock { + __u32 bound_dev_if; + __u32 family; + __u32 type; + __u32 protocol; + __u32 mark; + __u32 priority; + /* IP address also allows 1 and 2 bytes access */ + __u32 src_ip4; + __u32 src_ip6[4]; + __u32 src_port; /* host byte order */ + __u32 dst_port; /* network byte order */ + __u32 dst_ip4; + __u32 dst_ip6[4]; + __u32 state; + __s32 rx_queue_mapping; +}; + +struct bpf_tcp_sock { + __u32 snd_cwnd; /* Sending congestion window */ + __u32 srtt_us; /* smoothed round trip time << 3 in usecs */ + __u32 rtt_min; + __u32 snd_ssthresh; /* Slow start size threshold */ + __u32 rcv_nxt; /* What we want to receive next */ + __u32 snd_nxt; /* Next sequence we send */ + __u32 snd_una; /* First byte we want an ack for */ + __u32 mss_cache; /* Cached effective mss, not including SACKS */ + __u32 ecn_flags; /* ECN status bits. */ + __u32 rate_delivered; /* saved rate sample: packets delivered */ + __u32 rate_interval_us; /* saved rate sample: time elapsed */ + __u32 packets_out; /* Packets which are "in flight" */ + __u32 retrans_out; /* Retransmitted packets out */ + __u32 total_retrans; /* Total retransmits for entire connection */ + __u32 segs_in; /* RFC4898 tcpEStatsPerfSegsIn + * total number of segments in. + */ + __u32 data_segs_in; /* RFC4898 tcpEStatsPerfDataSegsIn + * total number of data segments in. + */ + __u32 segs_out; /* RFC4898 tcpEStatsPerfSegsOut + * The total number of segments sent. + */ + __u32 data_segs_out; /* RFC4898 tcpEStatsPerfDataSegsOut + * total number of data segments sent. + */ + __u32 lost_out; /* Lost packets */ + __u32 sacked_out; /* SACK'd packets */ + __u64 bytes_received; /* RFC4898 tcpEStatsAppHCThruOctetsReceived + * sum(delta(rcv_nxt)), or how many bytes + * were acked. + */ + __u64 bytes_acked; /* RFC4898 tcpEStatsAppHCThruOctetsAcked + * sum(delta(snd_una)), or how many bytes + * were acked. + */ + __u32 dsack_dups; /* RFC4898 tcpEStatsStackDSACKDups + * total number of DSACK blocks received + */ + __u32 delivered; /* Total data packets delivered incl. rexmits */ + __u32 delivered_ce; /* Like the above but only ECE marked packets */ + __u32 icsk_retransmits; /* Number of unrecovered [RTO] timeouts */ +}; + +struct bpf_sock_tuple { + union { + struct { + __be32 saddr; + __be32 daddr; + __be16 sport; + __be16 dport; + } ipv4; + struct { + __be32 saddr[4]; + __be32 daddr[4]; + __be16 sport; + __be16 dport; + } ipv6; + }; +}; + +struct bpf_xdp_sock { + __u32 queue_id; +}; + +#define XDP_PACKET_HEADROOM 256 + +/* User return codes for XDP prog type. + * A valid XDP program must return one of these defined values. All other + * return codes are reserved for future use. Unknown return codes will + * result in packet drops and a warning via bpf_warn_invalid_xdp_action(). + */ +enum xdp_action { + XDP_ABORTED = 0, + XDP_DROP, + XDP_PASS, + XDP_TX, + XDP_REDIRECT, +}; + +/* user accessible metadata for XDP packet hook + * new fields must be added to the end of this structure + */ +struct xdp_md { + __u32 data; + __u32 data_end; + __u32 data_meta; + /* Below access go through struct xdp_rxq_info */ + __u32 ingress_ifindex; /* rxq->dev->ifindex */ + __u32 rx_queue_index; /* rxq->queue_index */ + + __u32 egress_ifindex; /* txq->dev->ifindex */ +}; + +/* DEVMAP map-value layout + * + * The struct data-layout of map-value is a configuration interface. + * New members can only be added to the end of this structure. + */ +struct bpf_devmap_val { + __u32 ifindex; /* device index */ + union { + int fd; /* prog fd on map write */ + __u32 id; /* prog id on map read */ + } bpf_prog; +}; + +/* CPUMAP map-value layout + * + * The struct data-layout of map-value is a configuration interface. + * New members can only be added to the end of this structure. + */ +struct bpf_cpumap_val { + __u32 qsize; /* queue size to remote target CPU */ + union { + int fd; /* prog fd on map write */ + __u32 id; /* prog id on map read */ + } bpf_prog; +}; + +enum sk_action { + SK_DROP = 0, + SK_PASS, +}; + +/* user accessible metadata for SK_MSG packet hook, new fields must + * be added to the end of this structure + */ +struct sk_msg_md { + __bpf_md_ptr(void *, data); + __bpf_md_ptr(void *, data_end); + + __u32 family; + __u32 remote_ip4; /* Stored in network byte order */ + __u32 local_ip4; /* Stored in network byte order */ + __u32 remote_ip6[4]; /* Stored in network byte order */ + __u32 local_ip6[4]; /* Stored in network byte order */ + __u32 remote_port; /* Stored in network byte order */ + __u32 local_port; /* stored in host byte order */ + __u32 size; /* Total size of sk_msg */ + + __bpf_md_ptr(struct bpf_sock *, sk); /* current socket */ +}; + +struct sk_reuseport_md { + /* + * Start of directly accessible data. It begins from + * the tcp/udp header. + */ + __bpf_md_ptr(void *, data); + /* End of directly accessible data */ + __bpf_md_ptr(void *, data_end); + /* + * Total length of packet (starting from the tcp/udp header). + * Note that the directly accessible bytes (data_end - data) + * could be less than this "len". Those bytes could be + * indirectly read by a helper "bpf_skb_load_bytes()". + */ + __u32 len; + /* + * Eth protocol in the mac header (network byte order). e.g. + * ETH_P_IP(0x0800) and ETH_P_IPV6(0x86DD) + */ + __u32 eth_protocol; + __u32 ip_protocol; /* IP protocol. e.g. IPPROTO_TCP, IPPROTO_UDP */ + __u32 bind_inany; /* Is sock bound to an INANY address? */ + __u32 hash; /* A hash of the packet 4 tuples */ +}; + +#define BPF_TAG_SIZE 8 + +struct bpf_prog_info { + __u32 type; + __u32 id; + __u8 tag[BPF_TAG_SIZE]; + __u32 jited_prog_len; + __u32 xlated_prog_len; + __aligned_u64 jited_prog_insns; + __aligned_u64 xlated_prog_insns; + __u64 load_time; /* ns since boottime */ + __u32 created_by_uid; + __u32 nr_map_ids; + __aligned_u64 map_ids; + char name[BPF_OBJ_NAME_LEN]; + __u32 ifindex; + __u32 gpl_compatible:1; + __u32 :31; /* alignment pad */ + __u64 netns_dev; + __u64 netns_ino; + __u32 nr_jited_ksyms; + __u32 nr_jited_func_lens; + __aligned_u64 jited_ksyms; + __aligned_u64 jited_func_lens; + __u32 btf_id; + __u32 func_info_rec_size; + __aligned_u64 func_info; + __u32 nr_func_info; + __u32 nr_line_info; + __aligned_u64 line_info; + __aligned_u64 jited_line_info; + __u32 nr_jited_line_info; + __u32 line_info_rec_size; + __u32 jited_line_info_rec_size; + __u32 nr_prog_tags; + __aligned_u64 prog_tags; + __u64 run_time_ns; + __u64 run_cnt; +} __attribute__((aligned(8))); + +struct bpf_map_info { + __u32 type; + __u32 id; + __u32 key_size; + __u32 value_size; + __u32 max_entries; + __u32 map_flags; + char name[BPF_OBJ_NAME_LEN]; + __u32 ifindex; + __u32 btf_vmlinux_value_type_id; + __u64 netns_dev; + __u64 netns_ino; + __u32 btf_id; + __u32 btf_key_type_id; + __u32 btf_value_type_id; +} __attribute__((aligned(8))); + +struct bpf_btf_info { + __aligned_u64 btf; + __u32 btf_size; + __u32 id; +} __attribute__((aligned(8))); + +struct bpf_link_info { + __u32 type; + __u32 id; + __u32 prog_id; + union { + struct { + __aligned_u64 tp_name; /* in/out: tp_name buffer ptr */ + __u32 tp_name_len; /* in/out: tp_name buffer len */ + } raw_tracepoint; + struct { + __u32 attach_type; + } tracing; + struct { + __u64 cgroup_id; + __u32 attach_type; + } cgroup; + struct { + __aligned_u64 target_name; /* in/out: target_name buffer ptr */ + __u32 target_name_len; /* in/out: target_name buffer len */ + union { + struct { + __u32 map_id; + } map; + }; + } iter; + struct { + __u32 netns_ino; + __u32 attach_type; + } netns; + struct { + __u32 ifindex; + } xdp; + }; +} __attribute__((aligned(8))); + +/* User bpf_sock_addr struct to access socket fields and sockaddr struct passed + * by user and intended to be used by socket (e.g. to bind to, depends on + * attach type). + */ +struct bpf_sock_addr { + __u32 user_family; /* Allows 4-byte read, but no write. */ + __u32 user_ip4; /* Allows 1,2,4-byte read and 4-byte write. + * Stored in network byte order. + */ + __u32 user_ip6[4]; /* Allows 1,2,4,8-byte read and 4,8-byte write. + * Stored in network byte order. + */ + __u32 user_port; /* Allows 1,2,4-byte read and 4-byte write. + * Stored in network byte order + */ + __u32 family; /* Allows 4-byte read, but no write */ + __u32 type; /* Allows 4-byte read, but no write */ + __u32 protocol; /* Allows 4-byte read, but no write */ + __u32 msg_src_ip4; /* Allows 1,2,4-byte read and 4-byte write. + * Stored in network byte order. + */ + __u32 msg_src_ip6[4]; /* Allows 1,2,4,8-byte read and 4,8-byte write. + * Stored in network byte order. + */ + __bpf_md_ptr(struct bpf_sock *, sk); +}; + +/* User bpf_sock_ops struct to access socket values and specify request ops + * and their replies. + * Some of this fields are in network (bigendian) byte order and may need + * to be converted before use (bpf_ntohl() defined in samples/bpf/bpf_endian.h). + * New fields can only be added at the end of this structure + */ +struct bpf_sock_ops { + __u32 op; + union { + __u32 args[4]; /* Optionally passed to bpf program */ + __u32 reply; /* Returned by bpf program */ + __u32 replylong[4]; /* Optionally returned by bpf prog */ + }; + __u32 family; + __u32 remote_ip4; /* Stored in network byte order */ + __u32 local_ip4; /* Stored in network byte order */ + __u32 remote_ip6[4]; /* Stored in network byte order */ + __u32 local_ip6[4]; /* Stored in network byte order */ + __u32 remote_port; /* Stored in network byte order */ + __u32 local_port; /* stored in host byte order */ + __u32 is_fullsock; /* Some TCP fields are only valid if + * there is a full socket. If not, the + * fields read as zero. + */ + __u32 snd_cwnd; + __u32 srtt_us; /* Averaged RTT << 3 in usecs */ + __u32 bpf_sock_ops_cb_flags; /* flags defined in uapi/linux/tcp.h */ + __u32 state; + __u32 rtt_min; + __u32 snd_ssthresh; + __u32 rcv_nxt; + __u32 snd_nxt; + __u32 snd_una; + __u32 mss_cache; + __u32 ecn_flags; + __u32 rate_delivered; + __u32 rate_interval_us; + __u32 packets_out; + __u32 retrans_out; + __u32 total_retrans; + __u32 segs_in; + __u32 data_segs_in; + __u32 segs_out; + __u32 data_segs_out; + __u32 lost_out; + __u32 sacked_out; + __u32 sk_txhash; + __u64 bytes_received; + __u64 bytes_acked; + __bpf_md_ptr(struct bpf_sock *, sk); + /* [skb_data, skb_data_end) covers the whole TCP header. + * + * BPF_SOCK_OPS_PARSE_HDR_OPT_CB: The packet received + * BPF_SOCK_OPS_HDR_OPT_LEN_CB: Not useful because the + * header has not been written. + * BPF_SOCK_OPS_WRITE_HDR_OPT_CB: The header and options have + * been written so far. + * BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB: The SYNACK that concludes + * the 3WHS. + * BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB: The ACK that concludes + * the 3WHS. + * + * bpf_load_hdr_opt() can also be used to read a particular option. + */ + __bpf_md_ptr(void *, skb_data); + __bpf_md_ptr(void *, skb_data_end); + __u32 skb_len; /* The total length of a packet. + * It includes the header, options, + * and payload. + */ + __u32 skb_tcp_flags; /* tcp_flags of the header. It provides + * an easy way to check for tcp_flags + * without parsing skb_data. + * + * In particular, the skb_tcp_flags + * will still be available in + * BPF_SOCK_OPS_HDR_OPT_LEN even though + * the outgoing header has not + * been written yet. + */ +}; + +/* Definitions for bpf_sock_ops_cb_flags */ +enum { + BPF_SOCK_OPS_RTO_CB_FLAG = (1<<0), + BPF_SOCK_OPS_RETRANS_CB_FLAG = (1<<1), + BPF_SOCK_OPS_STATE_CB_FLAG = (1<<2), + BPF_SOCK_OPS_RTT_CB_FLAG = (1<<3), + /* Call bpf for all received TCP headers. The bpf prog will be + * called under sock_ops->op == BPF_SOCK_OPS_PARSE_HDR_OPT_CB + * + * Please refer to the comment in BPF_SOCK_OPS_PARSE_HDR_OPT_CB + * for the header option related helpers that will be useful + * to the bpf programs. + * + * It could be used at the client/active side (i.e. connect() side) + * when the server told it that the server was in syncookie + * mode and required the active side to resend the bpf-written + * options. The active side can keep writing the bpf-options until + * it received a valid packet from the server side to confirm + * the earlier packet (and options) has been received. The later + * example patch is using it like this at the active side when the + * server is in syncookie mode. + * + * The bpf prog will usually turn this off in the common cases. + */ + BPF_SOCK_OPS_PARSE_ALL_HDR_OPT_CB_FLAG = (1<<4), + /* Call bpf when kernel has received a header option that + * the kernel cannot handle. The bpf prog will be called under + * sock_ops->op == BPF_SOCK_OPS_PARSE_HDR_OPT_CB. + * + * Please refer to the comment in BPF_SOCK_OPS_PARSE_HDR_OPT_CB + * for the header option related helpers that will be useful + * to the bpf programs. + */ + BPF_SOCK_OPS_PARSE_UNKNOWN_HDR_OPT_CB_FLAG = (1<<5), + /* Call bpf when the kernel is writing header options for the + * outgoing packet. The bpf prog will first be called + * to reserve space in a skb under + * sock_ops->op == BPF_SOCK_OPS_HDR_OPT_LEN_CB. Then + * the bpf prog will be called to write the header option(s) + * under sock_ops->op == BPF_SOCK_OPS_WRITE_HDR_OPT_CB. + * + * Please refer to the comment in BPF_SOCK_OPS_HDR_OPT_LEN_CB + * and BPF_SOCK_OPS_WRITE_HDR_OPT_CB for the header option + * related helpers that will be useful to the bpf programs. + * + * The kernel gets its chance to reserve space and write + * options first before the BPF program does. + */ + BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG = (1<<6), +/* Mask of all currently supported cb flags */ + BPF_SOCK_OPS_ALL_CB_FLAGS = 0x7F, +}; + +/* List of known BPF sock_ops operators. + * New entries can only be added at the end + */ +enum { + BPF_SOCK_OPS_VOID, + BPF_SOCK_OPS_TIMEOUT_INIT, /* Should return SYN-RTO value to use or + * -1 if default value should be used + */ + BPF_SOCK_OPS_RWND_INIT, /* Should return initial advertized + * window (in packets) or -1 if default + * value should be used + */ + BPF_SOCK_OPS_TCP_CONNECT_CB, /* Calls BPF program right before an + * active connection is initialized + */ + BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB, /* Calls BPF program when an + * active connection is + * established + */ + BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB, /* Calls BPF program when a + * passive connection is + * established + */ + BPF_SOCK_OPS_NEEDS_ECN, /* If connection's congestion control + * needs ECN + */ + BPF_SOCK_OPS_BASE_RTT, /* Get base RTT. The correct value is + * based on the path and may be + * dependent on the congestion control + * algorithm. In general it indicates + * a congestion threshold. RTTs above + * this indicate congestion + */ + BPF_SOCK_OPS_RTO_CB, /* Called when an RTO has triggered. + * Arg1: value of icsk_retransmits + * Arg2: value of icsk_rto + * Arg3: whether RTO has expired + */ + BPF_SOCK_OPS_RETRANS_CB, /* Called when skb is retransmitted. + * Arg1: sequence number of 1st byte + * Arg2: # segments + * Arg3: return value of + * tcp_transmit_skb (0 => success) + */ + BPF_SOCK_OPS_STATE_CB, /* Called when TCP changes state. + * Arg1: old_state + * Arg2: new_state + */ + BPF_SOCK_OPS_TCP_LISTEN_CB, /* Called on listen(2), right after + * socket transition to LISTEN state. + */ + BPF_SOCK_OPS_RTT_CB, /* Called on every RTT. + */ + BPF_SOCK_OPS_PARSE_HDR_OPT_CB, /* Parse the header option. + * It will be called to handle + * the packets received at + * an already established + * connection. + * + * sock_ops->skb_data: + * Referring to the received skb. + * It covers the TCP header only. + * + * bpf_load_hdr_opt() can also + * be used to search for a + * particular option. + */ + BPF_SOCK_OPS_HDR_OPT_LEN_CB, /* Reserve space for writing the + * header option later in + * BPF_SOCK_OPS_WRITE_HDR_OPT_CB. + * Arg1: bool want_cookie. (in + * writing SYNACK only) + * + * sock_ops->skb_data: + * Not available because no header has + * been written yet. + * + * sock_ops->skb_tcp_flags: + * The tcp_flags of the + * outgoing skb. (e.g. SYN, ACK, FIN). + * + * bpf_reserve_hdr_opt() should + * be used to reserve space. + */ + BPF_SOCK_OPS_WRITE_HDR_OPT_CB, /* Write the header options + * Arg1: bool want_cookie. (in + * writing SYNACK only) + * + * sock_ops->skb_data: + * Referring to the outgoing skb. + * It covers the TCP header + * that has already been written + * by the kernel and the + * earlier bpf-progs. + * + * sock_ops->skb_tcp_flags: + * The tcp_flags of the outgoing + * skb. (e.g. SYN, ACK, FIN). + * + * bpf_store_hdr_opt() should + * be used to write the + * option. + * + * bpf_load_hdr_opt() can also + * be used to search for a + * particular option that + * has already been written + * by the kernel or the + * earlier bpf-progs. + */ +}; + +/* List of TCP states. There is a build check in net/ipv4/tcp.c to detect + * changes between the TCP and BPF versions. Ideally this should never happen. + * If it does, we need to add code to convert them before calling + * the BPF sock_ops function. + */ +enum { + BPF_TCP_ESTABLISHED = 1, + BPF_TCP_SYN_SENT, + BPF_TCP_SYN_RECV, + BPF_TCP_FIN_WAIT1, + BPF_TCP_FIN_WAIT2, + BPF_TCP_TIME_WAIT, + BPF_TCP_CLOSE, + BPF_TCP_CLOSE_WAIT, + BPF_TCP_LAST_ACK, + BPF_TCP_LISTEN, + BPF_TCP_CLOSING, /* Now a valid state */ + BPF_TCP_NEW_SYN_RECV, + + BPF_TCP_MAX_STATES /* Leave at the end! */ +}; + +enum { + TCP_BPF_IW = 1001, /* Set TCP initial congestion window */ + TCP_BPF_SNDCWND_CLAMP = 1002, /* Set sndcwnd_clamp */ + TCP_BPF_DELACK_MAX = 1003, /* Max delay ack in usecs */ + TCP_BPF_RTO_MIN = 1004, /* Min delay ack in usecs */ + /* Copy the SYN pkt to optval + * + * BPF_PROG_TYPE_SOCK_OPS only. It is similar to the + * bpf_getsockopt(TCP_SAVED_SYN) but it does not limit + * to only getting from the saved_syn. It can either get the + * syn packet from: + * + * 1. the just-received SYN packet (only available when writing the + * SYNACK). It will be useful when it is not necessary to + * save the SYN packet for latter use. It is also the only way + * to get the SYN during syncookie mode because the syn + * packet cannot be saved during syncookie. + * + * OR + * + * 2. the earlier saved syn which was done by + * bpf_setsockopt(TCP_SAVE_SYN). + * + * The bpf_getsockopt(TCP_BPF_SYN*) option will hide where the + * SYN packet is obtained. + * + * If the bpf-prog does not need the IP[46] header, the + * bpf-prog can avoid parsing the IP header by using + * TCP_BPF_SYN. Otherwise, the bpf-prog can get both + * IP[46] and TCP header by using TCP_BPF_SYN_IP. + * + * >0: Total number of bytes copied + * -ENOSPC: Not enough space in optval. Only optlen number of + * bytes is copied. + * -ENOENT: The SYN skb is not available now and the earlier SYN pkt + * is not saved by setsockopt(TCP_SAVE_SYN). + */ + TCP_BPF_SYN = 1005, /* Copy the TCP header */ + TCP_BPF_SYN_IP = 1006, /* Copy the IP[46] and TCP header */ + TCP_BPF_SYN_MAC = 1007, /* Copy the MAC, IP[46], and TCP header */ +}; + +enum { + BPF_LOAD_HDR_OPT_TCP_SYN = (1ULL << 0), +}; + +/* args[0] value during BPF_SOCK_OPS_HDR_OPT_LEN_CB and + * BPF_SOCK_OPS_WRITE_HDR_OPT_CB. + */ +enum { + BPF_WRITE_HDR_TCP_CURRENT_MSS = 1, /* Kernel is finding the + * total option spaces + * required for an established + * sk in order to calculate the + * MSS. No skb is actually + * sent. + */ + BPF_WRITE_HDR_TCP_SYNACK_COOKIE = 2, /* Kernel is in syncookie mode + * when sending a SYN. + */ +}; + +struct bpf_perf_event_value { + __u64 counter; + __u64 enabled; + __u64 running; +}; + +enum { + BPF_DEVCG_ACC_MKNOD = (1ULL << 0), + BPF_DEVCG_ACC_READ = (1ULL << 1), + BPF_DEVCG_ACC_WRITE = (1ULL << 2), +}; + +enum { + BPF_DEVCG_DEV_BLOCK = (1ULL << 0), + BPF_DEVCG_DEV_CHAR = (1ULL << 1), +}; + +struct bpf_cgroup_dev_ctx { + /* access_type encoded as (BPF_DEVCG_ACC_* << 16) | BPF_DEVCG_DEV_* */ + __u32 access_type; + __u32 major; + __u32 minor; +}; + +struct bpf_raw_tracepoint_args { + __u64 args[0]; +}; + +/* DIRECT: Skip the FIB rules and go to FIB table associated with device + * OUTPUT: Do lookup from egress perspective; default is ingress + */ +enum { + BPF_FIB_LOOKUP_DIRECT = (1U << 0), + BPF_FIB_LOOKUP_OUTPUT = (1U << 1), +}; + +enum { + BPF_FIB_LKUP_RET_SUCCESS, /* lookup successful */ + BPF_FIB_LKUP_RET_BLACKHOLE, /* dest is blackholed; can be dropped */ + BPF_FIB_LKUP_RET_UNREACHABLE, /* dest is unreachable; can be dropped */ + BPF_FIB_LKUP_RET_PROHIBIT, /* dest not allowed; can be dropped */ + BPF_FIB_LKUP_RET_NOT_FWDED, /* packet is not forwarded */ + BPF_FIB_LKUP_RET_FWD_DISABLED, /* fwding is not enabled on ingress */ + BPF_FIB_LKUP_RET_UNSUPP_LWT, /* fwd requires encapsulation */ + BPF_FIB_LKUP_RET_NO_NEIGH, /* no neighbor entry for nh */ + BPF_FIB_LKUP_RET_FRAG_NEEDED, /* fragmentation required to fwd */ +}; + +struct bpf_fib_lookup { + /* input: network family for lookup (AF_INET, AF_INET6) + * output: network family of egress nexthop + */ + __u8 family; + + /* set if lookup is to consider L4 data - e.g., FIB rules */ + __u8 l4_protocol; + __be16 sport; + __be16 dport; + + /* total length of packet from network header - used for MTU check */ + __u16 tot_len; + + /* input: L3 device index for lookup + * output: device index from FIB lookup + */ + __u32 ifindex; + + union { + /* inputs to lookup */ + __u8 tos; /* AF_INET */ + __be32 flowinfo; /* AF_INET6, flow_label + priority */ + + /* output: metric of fib result (IPv4/IPv6 only) */ + __u32 rt_metric; + }; + + union { + __be32 ipv4_src; + __u32 ipv6_src[4]; /* in6_addr; network order */ + }; + + /* input to bpf_fib_lookup, ipv{4,6}_dst is destination address in + * network header. output: bpf_fib_lookup sets to gateway address + * if FIB lookup returns gateway route + */ + union { + __be32 ipv4_dst; + __u32 ipv6_dst[4]; /* in6_addr; network order */ + }; + + /* output */ + __be16 h_vlan_proto; + __be16 h_vlan_TCI; + __u8 smac[6]; /* ETH_ALEN */ + __u8 dmac[6]; /* ETH_ALEN */ +}; + +struct bpf_redir_neigh { + /* network family for lookup (AF_INET, AF_INET6) */ + __u32 nh_family; + /* network address of nexthop; skips fib lookup to find gateway */ + union { + __be32 ipv4_nh; + __u32 ipv6_nh[4]; /* in6_addr; network order */ + }; +}; + +enum bpf_task_fd_type { + BPF_FD_TYPE_RAW_TRACEPOINT, /* tp name */ + BPF_FD_TYPE_TRACEPOINT, /* tp name */ + BPF_FD_TYPE_KPROBE, /* (symbol + offset) or addr */ + BPF_FD_TYPE_KRETPROBE, /* (symbol + offset) or addr */ + BPF_FD_TYPE_UPROBE, /* filename + offset */ + BPF_FD_TYPE_URETPROBE, /* filename + offset */ +}; + +enum { + BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG = (1U << 0), + BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL = (1U << 1), + BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP = (1U << 2), +}; + +struct bpf_flow_keys { + __u16 nhoff; + __u16 thoff; + __u16 addr_proto; /* ETH_P_* of valid addrs */ + __u8 is_frag; + __u8 is_first_frag; + __u8 is_encap; + __u8 ip_proto; + __be16 n_proto; + __be16 sport; + __be16 dport; + union { + struct { + __be32 ipv4_src; + __be32 ipv4_dst; + }; + struct { + __u32 ipv6_src[4]; /* in6_addr; network order */ + __u32 ipv6_dst[4]; /* in6_addr; network order */ + }; + }; + __u32 flags; + __be32 flow_label; +}; + +struct bpf_func_info { + __u32 insn_off; + __u32 type_id; +}; + +#define BPF_LINE_INFO_LINE_NUM(line_col) ((line_col) >> 10) +#define BPF_LINE_INFO_LINE_COL(line_col) ((line_col) & 0x3ff) + +struct bpf_line_info { + __u32 insn_off; + __u32 file_name_off; + __u32 line_off; + __u32 line_col; +}; + +struct bpf_spin_lock { + __u32 val; +}; + +struct bpf_sysctl { + __u32 write; /* Sysctl is being read (= 0) or written (= 1). + * Allows 1,2,4-byte read, but no write. + */ + __u32 file_pos; /* Sysctl file position to read from, write to. + * Allows 1,2,4-byte read an 4-byte write. + */ +}; + +struct bpf_sockopt { + __bpf_md_ptr(struct bpf_sock *, sk); + __bpf_md_ptr(void *, optval); + __bpf_md_ptr(void *, optval_end); + + __s32 level; + __s32 optname; + __s32 optlen; + __s32 retval; +}; + +struct bpf_pidns_info { + __u32 pid; + __u32 tgid; +}; + +/* User accessible data for SK_LOOKUP programs. Add new fields at the end. */ +struct bpf_sk_lookup { + __bpf_md_ptr(struct bpf_sock *, sk); /* Selected socket */ + + __u32 family; /* Protocol family (AF_INET, AF_INET6) */ + __u32 protocol; /* IP protocol (IPPROTO_TCP, IPPROTO_UDP) */ + __u32 remote_ip4; /* Network byte order */ + __u32 remote_ip6[4]; /* Network byte order */ + __u32 remote_port; /* Network byte order */ + __u32 local_ip4; /* Network byte order */ + __u32 local_ip6[4]; /* Network byte order */ + __u32 local_port; /* Host byte order */ +}; + +/* + * struct btf_ptr is used for typed pointer representation; the + * type id is used to render the pointer data as the appropriate type + * via the bpf_snprintf_btf() helper described above. A flags field - + * potentially to specify additional details about the BTF pointer + * (rather than its mode of display) - is included for future use. + * Display flags - BTF_F_* - are passed to bpf_snprintf_btf separately. + */ +struct btf_ptr { + void *ptr; + __u32 type_id; + __u32 flags; /* BTF ptr flags; unused at present. */ +}; + +/* + * Flags to control bpf_snprintf_btf() behaviour. + * - BTF_F_COMPACT: no formatting around type information + * - BTF_F_NONAME: no struct/union member names/types + * - BTF_F_PTR_RAW: show raw (unobfuscated) pointer values; + * equivalent to %px. + * - BTF_F_ZERO: show zero-valued struct/union members; they + * are not displayed by default + */ +enum { + BTF_F_COMPACT = (1ULL << 0), + BTF_F_NONAME = (1ULL << 1), + BTF_F_PTR_RAW = (1ULL << 2), + BTF_F_ZERO = (1ULL << 3), +}; + +#endif /* _UAPI__LINUX_BPF_H__ */ diff --git a/resources/usr/include/bpf/linux/bpf_common.h b/resources/usr/include/bpf/linux/bpf_common.h new file mode 100644 index 0000000..ee97668 --- /dev/null +++ b/resources/usr/include/bpf/linux/bpf_common.h @@ -0,0 +1,57 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _UAPI__LINUX_BPF_COMMON_H__ +#define _UAPI__LINUX_BPF_COMMON_H__ + +/* Instruction classes */ +#define BPF_CLASS(code) ((code) & 0x07) +#define BPF_LD 0x00 +#define BPF_LDX 0x01 +#define BPF_ST 0x02 +#define BPF_STX 0x03 +#define BPF_ALU 0x04 +#define BPF_JMP 0x05 +#define BPF_RET 0x06 +#define BPF_MISC 0x07 + +/* ld/ldx fields */ +#define BPF_SIZE(code) ((code) & 0x18) +#define BPF_W 0x00 /* 32-bit */ +#define BPF_H 0x08 /* 16-bit */ +#define BPF_B 0x10 /* 8-bit */ +/* eBPF BPF_DW 0x18 64-bit */ +#define BPF_MODE(code) ((code) & 0xe0) +#define BPF_IMM 0x00 +#define BPF_ABS 0x20 +#define BPF_IND 0x40 +#define BPF_MEM 0x60 +#define BPF_LEN 0x80 +#define BPF_MSH 0xa0 + +/* alu/jmp fields */ +#define BPF_OP(code) ((code) & 0xf0) +#define BPF_ADD 0x00 +#define BPF_SUB 0x10 +#define BPF_MUL 0x20 +#define BPF_DIV 0x30 +#define BPF_OR 0x40 +#define BPF_AND 0x50 +#define BPF_LSH 0x60 +#define BPF_RSH 0x70 +#define BPF_NEG 0x80 +#define BPF_MOD 0x90 +#define BPF_XOR 0xa0 + +#define BPF_JA 0x00 +#define BPF_JEQ 0x10 +#define BPF_JGT 0x20 +#define BPF_JGE 0x30 +#define BPF_JSET 0x40 +#define BPF_SRC(code) ((code) & 0x08) +#define BPF_K 0x00 +#define BPF_X 0x08 + +#ifndef BPF_MAXINSNS +#define BPF_MAXINSNS 4096 +#endif + +#endif /* _UAPI__LINUX_BPF_COMMON_H__ */ diff --git a/resources/usr/lib/libbpf.so.32 b/resources/usr/lib/libbpf.so.32 new file mode 100755 index 0000000000000000000000000000000000000000..6103a4f1c73e54f1dea90490ce706ba272c25d6b GIT binary patch literal 966724 zcmbTf4SZC^`Nw;9vmqg@xJb~Lrgf22(MG!nDq32jqGB6$k*KJtNhCp11BppMw6q2Y zh?+={pr{~QrIq^UZ)3%Z7HzDkRH>yED=OA~VI@Y|;%jM(<$izX%*mca|GoEf(+dRjm5Po;`lc zO}VsF3Ye4`jR*W~r>#=9UGmxEFX;7K3wpEcw0oFk?I#T}^?u;~zxhd7b_y||lIq<# z@+rHinCD7v-PCkT4aG0~seg!cDfQm@+j1;RN&SVpU_L2}biu`!S@S7XGr-D*gGP z$7bd}IK*d#OD*e&rNO|WK(19bc1rO{x3?y?9ounlc5&G$+3jB~onS=*{*dqPh5lTT zeCoJsW2vFZX;X%7`^Jvv{O7msu-02I`eQl4s^Y9YlgAzrKf84D-bk8Hx`}i%>4&5r zlNOQMNJ~gdNy|v>qz=*wlKxhbR*~*e!ThZT3aK@ub)*>SC#3Zx@88cTJWTqzdH6rT zM@{~h25tgAL3)z3**p_?%H)3y++y<28rWmta|Q}*CA~;`iL{NRzu%Fz+d0d6)j*WT z+DUqy^ag1c=}nUR_ZFGIklrQ5N$y{QOp3IJw3qZgsgLvlX&>otq`#9sBe1WH|XGc>mG|!3*{HmwT*T{!Sqe;h-#*m6h$C30m)YtG|y)N>rDO!23`-GO==|FKx!hjkmi!+ zlYU5AK+@krU>j)(X({Pe((NSuwF5gycaoNyXL^2@C$I8K%3Y*Yq`OJ`j~(-AQ)tYm zkKOmb4`1`uagRJWrr+`|$lwyl}%A z8^8A2-EXAs3T1tD?Ri6=e{|G)%TIWz^stAv6|Q>tw>O^m)}Byc@5{%W|5EiIzIpLK z^5#6cedVO*XTCRY@6mtS`|c;J?z(E&*Pa-4Tkpv3;e{7ob@8eb%YOdSH(p6jfBK}k zr!@W~{m7#qkN!dPT`Nkbtu30gEja$M!Y3vi-Gdg;%9d27wT?|Sp&8%nGnOwIq! zKmUE-wySt=9l7kJp6Q|;+6m8T>Id6pZooamw$M~jP@IjXj=B-6`#%c z#ZqX9{TRg#&0&g^K9$BzgF!&;qw!oJUIHUA!U0mS?5cg+r9FY zniGEe$)}f&t>{>H>%zLJeOsFz>%L>!s+HAWdGDCUS9S5r3y)6N(NE{q}WBsZpZh0@K(2(e_I>TyJFhwg;i zt2;lq?c`q_wg34)zW?yl#%tbq^XSvQ;Og zn}?siE9clBEq&nlv-UoF#_t|zzpnk^Ck`IufOrL$nE$3;i>UQ=kC}wJb2I06<>e;#APROWXO&`pY>|} zId9gE-*)SFj%+)-ul%wd={G+-Y+R`D%|{PBz2f3)3m<&x`60zaPd;Pi!hCVmkf9}OS+aFl9apb12Uw7W) zcMSX519#3{kbl&gyQjV|V%1@j*1leF<-eak@aU?`8y`61o@+k~w*7qh6KD2(zUr~_ z$33$0-;X@-t@pn@{;@M&ex&`Li`U$J;FurWv%ja{*pFX7=k1r*ob!{ZJ&!gW_TWv? zTg%5SIj^&F#Jp8kguioA>Z-$j{nhbL-1_-{hArOpy|29eS=lr9#ERaSzv4{!wZVV$ zr#ervtUNnY^RXgE#f?W=Q-XHZ{^tn({iOm*^QZF0!`%{VAlc`>GO#>! zgZeApbN^Ida+F(g=pU9duza0|-Vs#&YEb=YgYXTG8rc7b&St}YsQG?Ah@USG9oRlR zsQ%C({#~p=%%8Hy4XV!@Bu}k@6kc@J?E)cdv9!}@`yqDwQLYQhpCbIQ+E9zc|4~Lq4`sN_aOXp2l4N| zLHHd%he()<1ZUT&p!w8=aE79oIi+PFAcJXhX>Vn3~^_3_Z}sRsCoXy>}1NpO!)M-!N#rg@f>2If(zqdhAbK zk00dE-t-T|H#$gOe;vfHrGw;^JIFqNItc&SgY@Zf$Hm%{3ZI7t)$biN-(LpVcS#0a zTYtt6lJ}c~%GrbHEgOVi?I8N+d&U=jzaFG-I|t!^$sm5;1U<7}u&grr9$^KocJSFm zS!k$yCi5-(jk8x&xtabYJDhV5mH&!<#H#)FURmV}m_N+MMrf!Ug#T@?X38I{C&+%FH=z;2wMBk$!zqOlrR6YfLE-#>L#vj8t6%YCB{jusV zM*mt~VLxQ*e+|Ah_xY?&Q?8+YKTdM8ng4j^D}6@iC(ig`?4#&SpVeyWE5U#NYtG(O zA%|4KZZP85BJ-9a@9W$K8^4B z>~&J*OT_p-pS|~1`Mbz(Yq7t-{)hOlozUm<>s{m(f}b)QwXdXp^2Zr|z6!pZXfHKV z{oUAa$;m!@|E2ONRCFEhw>HpERK9#b`FE#dX4*XvOey+ZLPX8UhV;wZ~{S|&RvN3kcv%xRm zk>^I_vBpDh0(uT?M+Xdkr-A>JtNd1p8E+f>+1B8*7MS`g8E-Q7=+bv8@~*(%H<_3>`_6yk71=NGmnj=i`3vLkrtHe+9rPpq zQ|!s~e+7QDeu|A7d_D#L4a_&+l(QMH6Z>`L|1{61!*7?KQOG0mV#fZCqrCpt&N+qf zDFv?y^e-{veGhv*@JU9#`S9O*4*8q~m5=T#cdu1EhZ{;%>> z#&3yd_;VxrwE9TDRb~1=2A$zsGWvNR^KTpPv(Ky4|7Paj@_GjUHyN)H{1B@>{&x8B z$q{~QqA6dFKDK-O{Wb7!VyCaa{(1O4AN_Ut^8$Ewx1q15|7-Zu9iH(=(7*R@K5HLz z3!lHCFA@A*zG<(stfC)h{Kao+x8KwMdJz5Ori{P-D~h`ldAj|_f&YBkLzX@M8`x(E zecfTo9aK#6;5&hi5%jau)Q^PTBF1y=!4G}CuV%(ug?v_f#-E1#r*F;h?-$@Vi?U_( zZ6)Iee$V=2$~EYB9RD%j%=Z!U>EU23XzD*e|J=V3)`y1<3@X10ex1zk$}124?La@> za(0p1o7kKFM+_?e1A8m^gU`}q@&A}X^(BMKXACNzKdAhB*2DSGmV%cc8zm_=AucZ!3)2i2rl-?L*p^(SD<;KNbBb z^4PbwiDmV1M zFaP547v*%U!oRrm-Ya{>KHTxv(yx6-rXJU7%^K&kJ~89%g5EgwE`2|SzDW;e^yL=j zi|}&DT@U{Py{!qK)nobx(TB|*e!oEbZTDyNdG;Xr-^6?s|H|k~5JWekFBN9IbK%b< z;zJkzKJ+W@GA#>&3!B5Ph}^q$lK-5B=oP!V;^U+o-NqT zd}jW;k;kMJ8U7E2|C>L_^uL(?WyJsM&3xaa{rs0mrhG2^%lF_L#~+jupSt!NggNI{C^tS&#Q@X84i66`MBoDPRHm;Fjk@e>?WS$<$wkznhM} z!B!ieHPlC6%i#Y8`p|_^uQv7fLSGm9SZvBWke^y9L6sp-r8oydx7y9S#Nqw`ClMb`XVu{DYr8Jo^KK_8+{mser$gw!~bg;Z|4-B zRb|=_g?}Z`BeNI&PeI@IJAD1|=5zSNT`y$#eG`nILVN%jcKbgu{{#=dZP-T-?Gd|O zKN)?<_4w89rv1O**XlPi{AgwTG8U(};m_-|pX^yrf5Z3(kT+tt@i`uTc2)ST0CP<8v$h#}{?2&YJ^pzc1Mm4+#viT&|1IbrB--P@NqNcv zbk>v~Ltl$nzc(3tK7ikCAn($5KJqQcpSt+2WxiQEGW>a+evKae-2^{ERjl`B{4t}@ z-M2IT|6J%OL!OQ3f#^M!c10fhd;J+0Ra-OsN`P<6!^q2wU%`6Qbu;me z;Rm6CH5PoPnEpb1H~zBAl*9DTU7nHW4E)bl){mGOZx;3v9-G1UH2Mc`$mnkc^lgKF z7r&n}?m;@c{7E6tO{~{$d}38rUN^g8PGxgTbyG`arB!)h`9+mAwN16x)it-&HkDs= zZhga?+Vbja>ua65FR!VbF~7QUX5F0X`nsEIt@^rauWg)JIcM(d%EpG~<~ll8&S;$5 zY+c(jv$Aq#Q*EtP+t^TFUpb?xwz{QuoTb(c*Z!b(1}HE}P37$B#>#7Ns%)4!v$?j# zu5N5Wwewpl>uUNRHdW8AtfW;X&uiy2*EP(st29DoV^iI{0fRTzd1}?k zX(6=c)ZS>-HOy$K&ve&RU!148rD-mRHZ(R{bu%l$mR1dOs%O^@n5nv@rFzD!%I529 z>uag*AJj`iZT(Cb-_+RBgc!)oXuPR%#;ohD=9`*lG|ZVfaO%3|%K0^o1LmlyrBlOA z11AxqY@QelTAHe7!0oy@Eml+Aoa-vDojY@8Z48B>6UTAlH-JI*){*{&U8<9hGbFGajL(guQ2P-s=NNSQ;>t;BJyJpeQSUU&X zzzqA_p(D*sBb(Rrs_W<0RyNB3Wl#Nhc=f<)o`c5EX_;y3ShX~Orgrz))$=Q1c~f0& zvn9oBs=l$Nx~1BhJ$DZEnRZ?iGI~;t#nwpAYdtC>-nmHF>Rmkp4$Qi~^18XzO^*7w zw0TXw-;gp|07Dq6xo&o&OTFu9Ds2p1YAfw2=R>cf68#*owGA^s{T=Sv6QahNtnzwH z*g|nzW;UNTp`UfOy3eeUvZEaXEC(4m!!%YmH9PXKb+lhQL3oA{1Tw9eI~!Ld_tMYn z#-`eN778=Ie>$(l&IR#n2MKZR99tJ%QtjsUD0<@6{e~JZMsl@kVRHt>8Ayoji3bcR z?w>9vuNxfJ2A1ShRLvuq@3*)2LGWc0FV5=6QcV<(=Y{_^g1t@auL33VT zi*uDh)zmfhE2cY>twgSl8D&DzW!rG0wyCM1sj^8lHPzS6u4_TJH2t-#tj=oScC{BT z<4-VfR$Utjrm3`T&2>Dpc77uPS#3?F zyMVaswaqBerjAXvE};{dWzv|w-K?hei(w4T(i5nOLNkSjk2SRlpB&8PUmWGHM$`MP zct(A7v%@4;BV^J{&bm5qeUVVU$WcSqoZ6N-tawg5YN9_IC*zvrU=*FX%h$~6I%n0i zCF|me1no{OtlgDObLUi=WeAMywSmU9j#JI74W^H6z0I(i(A8d%GSU%~#m1TS)z^7d zx~5J6;vD+0a5WL9^mmaX2fJ{^0 z3`@lng1UzKd9|6S*G9y2Mu_f~!s`(26~>mo9f$OLB0Vyp7g5)2S3R_Zdb=xR?8mk8 zTB@Z?{ZE`#!`Y_PxvNe;C&4|l;%4}GV~sXF!lVU9!`5fuaOyQ<7CvJ}{Xo;S!`IAa z$Tf>EsHkhoUq-7Z%oN$!d5aueLt~4rpN!Sa!VWLz)XcZoIM!Z25IMu_ev#19v&l5E zfve#zBK=!PTV74IbDL|w%#{z4pxs!+^{)qJ$uu~~YisU)GTrH}pI6(|zlZG?hO>=g z4*oyTboxU$+afEShEjt5zGg;u@2KalN6&=Hwkfz>GLPjwGUmjV7lo3acXvO=Ses{6 zH?e|%+?*M+8wVn2Y};%*ZGpJ7+LLA`voX72Zf(;|&PW6}M7;zRu5|l@efa{LUT0ke zFBW_@2~H&7>Xx%*q@Ck$yWd@wrP+#3* zZ_V6gz*!bfaRVjWkmtDG~nz(p46Aaw> zyLCZ#9?GS9iNjdD}4mSuQSmxP4SHS24bsH`_ z@uWS5vvEKw*36b#gR9G38rYI|wso~c_KvR9)Xu0^pkOxG_CbyeQFwo0bDSX@YzJX7 z(?O)Na^6g5uWk?3Qb(9tS?NUn{e#PIyT=OdWcCVHH>a+puDYJ%5e@}1nmTum_k7Io z&N=2mFfv}Lq8mRAz|!&Swlq*+hx&f+)87)tW*kO8&j)PtoX}YTon0@6OWFJP+O`C| zI_w;0Nv?8Y{lSX8i8BnYtdl}&HInUW#n*Y4I6@e5y~cJNi=No}K48Y?7EU~ytl5al zdjjCbb{f*wcUWYPX{(~}vCT?jy2@d@2V~UW%t+o*Pa47~OmbFjJpquz>!zmJ&DSB> z8IG;7useL|XQ^@EW*5~jWdaKAOd-Tw1XZP8F1NoZojEPD+{MeWdUJx<&s2P7KkBxl zat@Vj)a0{V?$+vT*XS0riktR;a>#BwG01EM`f1TKcL}U+qMKDcV@9nBaif zx~lf73|1_Z92bCNs3$a%f?)g&L@@mf zY|b#yRW;j542*jmfek)FwNXTM= zEmKYBx+{B|=q^gGsKoqCkTp}n6~*>Ctf}<2Mk8i+t?tI(%T=}1u7f$n-7f@FU;duS zb!sy;CF>F%5CuEAx#8r9@;56t&T6Wz;}neY43$r_>T6CyG;`;xG~OtT)2HmhbIysL zUl}<$LN`z06mMa?w=lt5IMrJ?&09F#TbSrAoRKMv1MB`tPoZ!XrOI(9pK|he@VtP+ zxs|7!JfS~#Mt|<~{@f|2@HSI_yd)**Uk5tn;nv~yQ>UbwkSUKaP<`CKnf~q=-WsQ+ zo*dENH`DGg&rIH@?g$QEs&Q)_==|$q}4y~doNNvDw;nq2Gi6)0;cO=a#*^6f9nM1d@;>bO(e->$g+Nj3G zLAv1dbLyPDuGu>OYrQ!qhpQ3xJ(qXQoms9F(8p&@ofkRWt#j|!s!o_(YU*^~M0ag< zkHFg|K$~fvHo9M{HtxM#jUx>x_q5TSTeWfT;;PLM+Fa&oqkFgZodsRY;ZJSE>B~KB zbQf1`+&j8zBQ9LwX`}nOYUAG9RU2_=x~Glq?5d4>msf41i&uKu=-#f{xc7V2M$(SX zb$BQK=slI?FPmSTyNlJ z1GgBs!@!*e_8Pd)K&#KeBVb^Gfkg&J44h!#6a&i)tTM31!1)F)FtF3WE(13hxY59^ z2JSZS69a=EICvEsILW|r1M3ZJGjNT8n+)7;;2r}H8ko-q1d?Nkfs+laFtEkIb_3TN zxW&Mo2JSO3@K59s{=;xXr-r2JSF$r-8c++-+doz&!@` z8o19ueY-AtcN)0Mz}*J!F|gOb{RVzw;6VeePn>ab4GbEXZ(xCeVFQZ|EHN-*;6wu_ z893R%DF#LjEH|)>`A2a_FDl3-$8tdknlAVa?nw(y#J>qv;Q#nQ_ekzzh6HDEFIJE{ zb_Id~)+0ggq=g0XOvQqDz_EfiqQ8P%;)@94I41~lseYm$ckd<%Udw%D!D7C16r9X` zLcwW1t4vV%3LXSsLGIU17vwH(h2T@*D~M;U5#-L^EWvr)brj@>VHyR$&%HiD?o7@X zJc{qc1aY*jg5$YoDaf79WrEz}YZv4$VW%K>C%Xh$Y*!1;;JXe%?jXhlxm&nikV}Fa z1bew_F35epZb2^fZ4%@T;AX*7eAX60?p*c=vJPw&oXZ_RL45pn!LM?kQt)f&o!~Lt zX%+POtlffP%Zdw*=5D6o0-x0@cr4%g2~PJ}`vu4Ft%V?q-2uU`bGK0NI28Ir;KkgF z6+E6bPB6edU%`K}775PguBsqEs#G92m+x!@mmz<_|3UtOV|C{lcmnblywGPw1W!c% zg4_7!M35f{nk0A)@)s=OF00^4+^-ZonY)~VFCl-yMaW-}A61wx_)X+57(xDmEMLjHnlk-y+4$Y1aw z;{(@)oeW2iXxO*xX;XbM0S;$|ohdacAS91?u@J{Y{3r^)b48gx5f5B4Z zFF2A&=Of_R+$9%02l)%0i~S2uM*f2QNKwAv2IMbz9`-M|1o;b|kNgE2kiXz2|3UtO)3ATRR^%_ZANvKhWq-0mmz<_81fh7Ui?iTnkx!u|!{MgD^SLjHnz$Y1bwHwDA9ek7NIWwct^D())A$)(5$*&-4c3C#3`Nb?M>pUd*^{5-$xra)OFa2vPrk^L&-dhm zo_xTQKlphD&rdx0eV+UtPky&2ztfZ7?#XZU_iAp8R@GevK#J<;k~u@@<~{ z0#Clhldt#WYdrZ1PrlrfFZ1Lld-9V!`3atUi6>v|$rpL@`JQ~xlMi_E2M>Dq@5%4; z`1tZx8=H`F)=J9#4L^C%@B^-|oq8 z_2jpB@|!&Qjh_5^PkxOj-{r}-d-83b`~pwD#gni18(31~%@(2Ir;lC%p&y(Nd$?x{$cY5;MJ^8Jk{1#7slPAB?lV9)2 zukqx&Jo$D{zRi$(MWbWuE+GPkxdoKf#kP@#Kp=`65p~-;)n| z@&Ql&;6FY5_vH6^@_Rh_-JbkTPky^6ztxl9;>mCFpl53o_v=l-|oq`dGZT9 z`4&&U-jlEKD^(UV{A$*=L`yFB@JPrl8QU*O5Nc=Gk0e2phx;mMbK z@@1aD1Q_ebd+TpF@4CyRxhbLc9`dUAlyJ{F-W9?Kq)LgefbpwgvR}N7Q$k-FM`nZzi^{ z&a$?VY8WHR7!w&|V#pc87h;Ui+3}y86-%5wVsX5fv7QTcC;r=b%NVPTl+Sooj8{gV zGK04jc`fY^+jwdI5g}sM2{wLr**N(*jvlMBwQldC&kud@@}WZ?_`dT4jNFN@_O8O$_CWk{~)`!bG**f+eM&c-=kK>BI zk)%vcA(NS zlX8IpQf|02of}z!OfF4GJ~{lnF}oP-9M z7bp1@$5hC&-m-dPDMZ)DF;AW^E?HG1hFaDm!N|pNUu1Fe`AB+-O(YXI+-~ z1WUWpyqQU) z4jsB(Y1}Io7CmubGs+s=E*Pcu*b!J)95pa;YU*n(lpMBE% zjg6hy(G@A|@GV~z{i3l{J#s^*;N=yGNTe;9%h*Fgu|&vPna(PWC7KQ%`hXLSlrOp@ ziQEeVRxGi9;WNEfX)NXD8_}^L;aH0C5_(=%g}(`{OAo199+&^hrq3P!amL{owop83 zD{aF!E|0hQTH}rAfUmSIS!$K13PN{}Dhl5{s-SA=5&M}>I->edZq2d^;LlE==Ck6l zL>BY4Mq;VXo^|QfJ1$BNu{z!l_AHMN2k+K6KBK22y?{FH!Gk>y?9H$0NM=FX5b%L- zDXV8qx{Eflg*NcJ1v-cG)7aTz+R#q)Jp%oc!t2uVk>Y(;1V0&GneK|Lr93`vF+XfB zT)m?sDLltummi_q57KYnEy(!JEUTObF`#_y8t_@eSQEilxMoGx>bPbvs^q@R$iN~74g_4Ie3XCin(9&SC`d$_fcH3sFq%@foX^YGM`NHQUeO6P7=efR6 zbGp)+n)>IVLwUZ?Yj*xKe39SeKPI1L^72sulmDyQTZ?Qvk{r9j>+lon(uIGyDCzo+ zd}Hgf@ipTd8^05L8$;`4%gNj@HiA7bvf7eC%JQF$;7nwg;uof}bHi)1Ly@&yP>K2c zxviG;F3W1Q6mzSw@aw5C!xG$HuFN?Sj9^EH-%O~1nYi*E! ztBNTG!0sJCY=yegd%%bPN&$I>{=n>PeVYzS|srHCW*w8qE>YV7<- z7dTC`Wff#B`F72dP}~a7vP)xG_~SzP>K?6bPk?a{XM4$@B2F4AsNoKy!Lt<>)$pKV1G z`)z1FqBY$L$5U;QwsdQ_EximVJ-!q>`Umq(CLU9)CY{#2*lk`Z@$`7bh0I&dn5AaS z$w1s&-iPSAo|iFaInUH?I^`*p%No1V)9vm zIar2*TmMPhjkN!cHWj8LHue(UQBE6;KM%* zgRX`2=Phb7hdlpflz1Tg-S`Tg70`Alw#hz~=F?MnNXCENrWqOGk79|pX*Z&AR9Z3; zf8G!-Vb+rHqNIP=r78cnYKZBU#_=8ZseSsNHox&_vBUv%bHR_Yto1E^>kykcTgSjj z@$*>xiemOEjYn*xx%b+6^slrg8MIcVUqTM9|ML~|9yHvE9cK22_{>M#{h>vj<*CC~ z^b3ym-q3O(I%kDfun(A~{TuXU_Lt$F&UDzWtAI``kNz*a{pFAG3wfc?igXB^ulwhr zz9QNenfA2JV;y)zc9aW!OPKG5o>*!XvNCp+%8AEQ@v3#$jI&?Jj^4d@KK{{)u1dE= zSs$g##I{>m=W48u^ep0pMOJHabI-bTJw9_&WF5XGmY7VNGU`j2M{(wq(vEZ$sgV?o zccjaEI?@%i|24ey$787>;ITk`!|Wp>#4L=VIQlT;GnsYQqECoEtikCsB|8(R&Vu(- zz~#&0>K1&EyC;a5xOzUmNcQ~zW0Wp-*4*Fxg#Ydof_)O>T^(TmzbMO!IDRJeq~Xsd z_^~PO=yHV}SFPGB94A3vF7#RP2h!!>XhDl;jglsVZyES55{-;Al)9Gx7aEDx`suVh zbe;^IiY>m3&hjszvjRFJ&{@M6CD5a|Yf~2I9Sgrm+ZJfs@+GvnvioneeGl4v=#ONm zIB7og&F^u}*Cb2vNc*Z>k1RuR_DIkvS-x~2Bg;=2tMvZ|jo*OAD0GR&U4DKqj%2U#={*!bLpb~=Pm3t*^~EKk*Ud$iQhO&%d=Q7a+xEW{7@kA0B1%{ z85|Vj_KJu0c#%c+d0t>Vb839IJW}PA={ev>TkzwICiGg;g2#;ewB45VOJikWGj6|8 zW_6CHX{$sBcJz(_@XveRWd?b(#h<^4tEPWJf_`y}@BU{kX;nqp-3rE>VONhig zYHOdlA_IST#ok=`BK({e*Iy0az|>?u^9C84Gg4FvU4m!w`Jesc&<8wEY^v6Ht_?%^2@#|+A`-J^k@kE6#Iw|b0rhA zCTT9wBj2XETBs{9bE%K&-MQ8?m*Vd>GyZ1yycwRm@{Eed=(zSo@?X*&&WH2ty--yw z@f7`~7sRoJT0e8)|4u!NMw5y`8X0evXFTz~%%dNiITvQrFY4kOjird0`h;V)hhOJH zgVtY{U+QzwSxaqxH8bBH`jpT<%Gxd4w}3%t+Hd>rsmTCwwRAjNGOL1zA+1HR#O>l6 zxJqX01I$7d0#;oaxymiwB7bC10HdwpQ8pT$oGjX2+P3 zC};Pv=Yx^97uXlPr8Dj9$Wr2T`ubYqvRlQ5?)ju*GUzJgj50-^wB#&3$bmM+)WWYA z{D>3!HerwRNm1bi&z_Xsml6;3#8T(Idr=afoh(miKZ~r!IcG>&kq7K`Pr4B_`{f1L zh0e;_dOFg6WQo3}T1z|9%Sg{7ANZLHQy+}t_e0LvSW#6+`mgZXYK$h2!+(`hZ?C7U zrN5%j9`q*wUuFN&LDek)pNZ5@r0*2QA}&aut}&{dG1OkMqkN9|nH`PWv0x=Klb-&x zGM1|4-_>os0gXSzLve~Hdawt}nl=6`Ce4<<9# zWcaJG>~#a&q(?i6JH_kYagLUR*W&-TnH!x~UoBq(zK2m9sqLp?G?DeAV8OoMUKhE=f3XM`xJ0YBVu7e9_s3c(%Hy zBfZAzNRN88Jt;Z1(MGcB;<@A`8MTvQqz$Aipw-WuuFSMf7lk^AIXlwDRUPS8@f+JY z9+_!;$!#(+S%y5O&^MdDJ3X>fn{x0erA-?+MHx@>EM=^1pD|Xc)}D^E`1z^$%zhmo z@<;&LNnVnb;zF;iN<6Y+A8N~LBxfn|ed2wJasCF6Keu(GGre(;+`f(6bQY_3dV}TG zYvgt{a(kCC@)={pO^%!jMst_$U;G~Fd`@^iLuUU*R#Q%TUpz0zK3p8T@Hu#H*6x+* zc4(FV#ChaRpk0Zlo%F8V;}_3?maZL~2`zi3w?w$(WATfH?9n-g=d9d3<6TW*K@YlE zu%_1v#fcl@DQ+|3Kd$z1PQp|bDc`WGv&Qi5XBhklB7;!36LX~(SRW8aJAKt|$kkaE zGCYE|tKoCS&DIAs;M)m*M9bzb&_R;5l_*@SU17XMiN#75HZ(HHp zbjG@nvC0`o<7q7IJCxVE8jUL-Cg1KIGXS1T7+3!D3G^cbujSi&Z~=&-${Zu zXH@_vk+eq2-nAxbZA7mV8*SZke7x}Wu8sc-AOEkl@g2@M<5sZ0Ioj$(x27e= z!6&^dSzjtXl&1ovvGKF2u&2|OLd)f;Q;=a>h+nB4(H37gB9^#UcpyieyHrJ1rE5x; zq_avV#}|hd$J^MS`iL+6qucB~eucFpy=ZhSu^7KT7aXg4XwUhRWXpS5&RgQC3ig`| z;|t^Mybl~cVqrXM9Pb6kwK7+0ygd$1oVnzaW^sO?cY*&xSAvl{?RK0SB{gFSg$=F4A*iT-lK3&{$fxLdaLKrDS_IycveBsm+vsI%|dxKKQHf)98itNb9ZD z=;+Ar6+a>ui?c7u;8l2$6K3B|`@_S2*56C*SXj1Sj?6dOb9JPLL>zt6x~h5SGp}&) zuG6{jWxtUzXNP&-GfLL`LLcpQ78wo`n-N31ea~c`DV}*WhfCizgXYN%bM~jU=)G`q z@hPXB=;4g9?*KkqX$?u|imZQ$u47p)JJ0rTQ~t0FU#ql8*Q~?;34RV^{bWXDOIhU!?ke^7fU=Kexh6S8J!c2jn^6@ zeLFl-i)~FyWLdFsA?z&#K1H#Pq-=1Z-pNHXwwy;F*|Pk@!{}U5^d01VS&A4fuZ6Ml zpt~|2OIbag=@P3WSxMc=)@37oA@)C^Sk@BgeImSubJSy#4~`xYx8l!_@B z*wUGr<2Ro=b^u-QyDiQ2~ax`4LD z#4+K{Hr}~&RveNqB3=Sc8sVJz?&nNOXJ}7o4)6&R=h$ax`0||aZ&Pa%YLl1LUJ#qGU&OUUN<%^HzS(fS;OYbUgW<2@vGH|f>apvqvXS+IAt)spod{25a zI^qvcj{g?hUE%k~rN^Sf0$=IxHl3M8W2x2n!Y{049{=yg#S>TqbY6Oq^t+02qMScT z52LlbQzfp6z(W(ul~uK+yEVSmm5zvh%8H9;l8?}5Sd_H^93G~P;*NvOjz67L&s`C8 zcEdk>)(aQ!+qw+cdqbA>iPkle;=uyuwc^@0zrgx(SxS2#K1V3jnNlumNBh~a1pY2> zthEDqN9{BGaI_|QN+6aPncbQQM<*x81IGtCIlqkIz_n+NroKrZUr$+*8#<{V_YA1$ z`x;62PH^nzK1!VVocN2I-O15alar&MebmfYVsv8-dea#{^}3~rtmx0;5#|e5)g(s^ zVNTke3Ov;_r`{D<;f0)^JF?A>yqb2$?hZev^J?m!ODiT0S_^x*TLJ9o75_qEz021+ z6-!+X54AVjrTS1uZ@yjsfL(tHb)%{KBX#jlxhqey{XuIi(K3d;?D&i?5Fh0?txoAA zabZZhLJS(gF2V6h$&ncAG591uv!1d~@5aJA_evk~@SEsxR#tdxj;~Sv^ab9tT#;C# z_UNU~(ce?7z`o_{Jj?IiiF~e3jX`$B=;R#s8CkJqoWm|jo`|ohr_8ne+m8jFPMZSS zWV6SNpqf>y?kGn#ub%_P)$3Kc{(D zGw%-SBtI`t@8bEL^!qmRY@%Lqp!)Lu&gS{;2Hz#LS#9byUYmJ-3(wokxS~;bseXZ} zzmfV`UsB&<>Kmvpqh9*q;yT;Z{fWA-ql^0+9Dg?!|F&}up)Ph=N-F*Ye@B`?UcdRD zOWH)*MyltzY}ad}T5J3<`0>_7NyYKP(>Xs|vDbGddoAKEok{7Pm-PQh<_^&gStPXX z+IIXgx`Iv0XC8>IOCM-teQ%|2cSrL0S&H2lzmRt!(DS0&;wxppR^)!!V*>wF*d5uG z;Qea?d9lae#k=rnDZTT~qp#kfNQdLZ;L=IGKNa7HQRl`~!n+tA37^B!^##<|urBGj z=+GIPO-o3$tmOGAyx)u2HYYy&-s(u&u@tt5{o41&9+J&hb*3jUmh?ws%O_~eq0Gge zr0=)TQ_Py9Sbonne(T&zE%i%He%(lghAYtQodJnmowN-wnU8rkQYtnEH% zvhl219@jc<=i%Q3(Sq;Qd)0$g>(U2X*{jTlmJ^-xiEL<_Hb6Fd$L-4IP4wTD&71wQ z5&z|v^XPk%WW$+T0Ix-;(<-~Alc{~PIhoOMmQum-uU@#)O=uD!Q%ek8o@JsxXY{werC{KV6Szft(x zaszVy$-4AWogK*n>>!NXavGP%^J3^tgcwV_0eA7kD(y(e;fcMk?v5omqv5wV7xQk6{Zh~K$grbV zvXEb|fFFvLH1AVJ*2mIkJ3Nytu>>wDm)L->fXYVfFDHup`%E zY|dXAOBAqf>Fh`AC39_{_0_a!%yW>71~0zgYV@-7h^28pFuB2$?FLDZsbM zHy6=YxJ@B0v3bZi8c$=Lt5^kDv40+E#bSvXWEK?P+iE=l& z@G$(I?lPnM_TAGdKt9RrV_(siOUfbf-V_-Q%m*mL2K(-_58f6Vdy)P;jtmPTYttp@ zF+PuV4BBZ^#53{p&z#?>?Dp{$&}Jg|0mlHdxZ5Egy&oOOiiG04SmK?;?c6_Fnhdf2 z=f@bYkv&EgYXWrMI%4%+@kV^{!-HE#+_zV}5l{YuE(c7Va1#ISQLF){W8KdYMj?DD_M6t$j>#ekVZoCCO$>n}W zZsa~}0=YrE-fQ?G(`-3*&|b0cFKMTHAVE(%#mn{R&Y?s6W=Rj{2KWZ;cY{40>6Yi& zdoorQc2!Rd?B1~y{ocKB1#?;5c6^v%{^a!1wf0@gEwbrOd=|XSiM(mwLkbXE>0Nh_ zdo<`~s(|=9J4ctsR%?ZqK{ehGZS!Y)0#@?$|8Wy_6Am z?admuC@wz4XcGwEn+{gpmh>ZM$yz+rJ5BsVp4IBalA#I2y4{?$!sk#3-R90rp2iL# zduuKGR%k5cUZ|1d3h>G=?nCzlC>t6WSD4<_U+~ z#=DW;=d)hrE2rSm+jx=Sa@359o{~ z$|UbF{zcy};9CMA-3R17Ek58Z>(uey>a6cBe$U@RY#Dj7fBcI~U!TEII?tN$ zvTQUbazye$&WLn(QfEZ&eDW7|OuhJ-Ud8L;;Ra+Vx!{{v7rX4UDDgieyQI8`vzK5g zbB9)PUwv`>M#;;_K)R%RfEvdh_uOZCk3Ya&HZ%4L#@5^uP1$YpHQH<^!dg#SLn<>S%x4cn);jVNsYl=-v z&#gfAtTFleOHqy^f+t{?!?}5R`bx&Yr`i|%w@$9LKxz9K% z-2|<^$oCvSJ?{2+5MQIULwj@LkGw!+l-^hI-qiSV&d24CP`&h6#ro{0#4E`+f5LtE zW@o)SPw$#;lH!$R_vQ@I!2k^VMg=W=iKp`W0S$VPrEi+LYuu|8PE zOBnflU*wK>7Gt-LJ2$?>H!bl1ljd-C=I@TJ;GO3xbo0Ii$Xm~D#s;#hVu>Zu%y{>h zv06ueFFwS7slM~My$Iffde)}DK|h@-3hxSV(Hb~kx(-i7+ur@+i|8VjGIv9m<7q3r zjQY!+bGL}}iNxKz{lxFR;|9j7#rPg~-MoRZOH6zehBnRd>X*z>%^ZGckS^p0?&Ho( zED`getF}M8JXLg7!-$7YiH%^+QNmyLuhG9%gQ z)BPLPpJ-{^ii(a{irA+w7@HRN#bP6Mr`d`vOTWT1wG*AC(HTj#eI9?HcR7mr`BjcI z`vPK9+C*>VP9Oaux22zBh!64wdbhwGa+@yMiEMTfvEUG5t-I-? z`$1jmOBAi4o}WxV#c0cDue(S~fzq3`KsH4m1S*~NVEXs7tjJ!U)%~6m z?@MmJ3f`~8S8y(RQF2nLV)biMK6F#-p}$jSMC5x|`$>5{TiG+U5zBEtPYRJXN4IKE zcKgsc_vE`5CV7?&#<8ndE3l1w%dGuj#wdl}9^R2t_jm1u*^jbr=gqa|+I%PG$jXgu z&GzxEl4o^5`6~DPZ%E`~)|6>_UwL01dD*~lbpAZbS+u)E>lpEg&Jb)KS-PVk9y{l6 z(w~CxYMakVVvcKAFW(b?V+(B@<#Pkz*`as@+=!P7h5N)1@m#nqd8_?AmeBc9L8y&$ z2z;<;jWP#5LUV~u_0hh2qVx@VHyK)q;|hcLKfRmEi*8M8&-5Z|R4637z9;=HbV=*5 z`W4vER;Ewmnf6*{|C8cu(6;?7?6d#-PWZq&l85f5#IHQg{al`jrr|sjU1u1&9t023 zr2FZjYrLUr4RpC<5@V(MXeZr0+{`b2>mBpq?suh>(bGchMT5k9(zTG$t1Rfynl*-V z9K{@31J-}j*$>3d;#>uO>1<5r1%b{L*u={8)`=a!Sn89BYtuu(S?hKwJl(%xZTb^* zSo`}3W!7c;-n-gZ`1U7F-DK*9Qm2?ob-C1ao4PP{_+R4R*Wk5%U%F8H_X2PVfsc!e z>~kygyMC}E;OyJSaK2)%mF(Tmq`&3}Hm*#c%$Tbq9mxrd-vyK&S|RR3pR8|>nG^X9 ziCkdoZC6!Cdi6@~WHfiAzlF}){wOSbE=}Px^17Z~mkvkSpL8#eR}e=}FYVBss=oEb z_(R%!#!r8a;VdYZwQV}K?H{4{w~LY$_=n;beChQQ#M4jrYP`SF_Dmq(3i@-AgXHhV z`@exFtmG-)v*(Qp$N7$6ZTe&IoD5B@9g+d-$kdefodw({wuZ0E<}AnJu17Za?Ckfd z(si9xOlEG`m2Aw%9J{`{j(2uE>vZlz<)T~S^Lli{c^~_ybOipPGsN$IqVKfSJLDBd zSF*PAj%_pmLraqIp@oh=jeNPhe$&~MKd(j4}^ z%R}H&6z;{0QPDh@$4#J;uVv32-{EO>&hY0T~eO8|C-Uj5) z;q$dw#EOlv)b~!-UT0DAyARO5du=+>2){_B@F&RKckNFC@K<}o)gz&kv16Q*Iy|42 z`k~)?T4xRgjC(gWzIqaIRgumVmdBTYx9Amrh3jMBD*W_pi1 zHIFHtg+J2IoU>Q%4VQ4P4-e3@^mKG$&6u_6?hAO|&3=pXjMT>U_^#tS()hdk^2{EL zL%sX5p%*7~dyMv?ou8|EtCYD|FL*ztJuiHX!kenae0OHSNA`KptGLO^>*y8DAKNrX zlbn0K6&nwp?0@-6HWB2$zxKWXpY_Pbfc8e%1AU*8Z|D4cA9j+HB+s_I=VhZ+c({vBV_U8qmBh&G}DHiNZ=hH6B?CZ5JlTXIC=E+9~xC5Z_ zcHVOd2hpbY&vy$Kbl`Wi+k&qsW$apBtW@2TmGSy1*5Sr!{{Mc-w2YZa-zS2W76OJBnp1AXm=KIyJCV$oh-xHU;k z&peJEU&NluwrynF2H$n>MYb=0WyM!wJM3$%uciLO+`;IIbZg`tY;Z;T(W$k_Wm;;9 z?~T1ns&9>-N_|eqO3tV6f*#^Pblyj7da{qRLlTa(?>!R8_kBbf%d_K2e5*ax$>a&nDCJA1@(sCc%+<+{@M!_gfpun6tn*UNN#q0ZHH9(oc#!%Q z#M6p@aDV3`tob)_X_=T z!aF%ran7v{5BWH=o@&4AXD?EyZvoWq4vpU(O>%ylXN9%Lyi~DP-b9<<(-V7XYoC`f zuIyo*;Wu{~>~{#cifO{m`@U@Q{s`^hZ5g_!eYEx!vePL%3wAs9cpUu8vhKmQ7bZua z)t#t9=X~5z+b`PjIpwmWh|W@OP5Z+5DE2Q|Q(O1yowj5re^3rD6)W_D&t&8$d6pcB zu9h+f^Xg1g_Ai;a@|A3Jn7h1mZTca86Jbgxc9C~us=ToyJ;BdirwD5iv?!j?8JJ|M zIJT5|POfFG#pf6Q=TKgGRJO1xJr8`d;b99&uIzmkMlwu z?{|$t*9iB#g`zgV?(;5 z>(chW;HP&YI(yBBm*R);*ZGAn#2x~D)ESHNlGo@X6eIJy42&y2x#Qf=IP$0RrLMh= zio{dXX=lsH2lhC16lZoR-_(*=0&BFNqK4~enU9?vggHwA9)nfUwSE>aQWIw z-*#l(Cf?yI3qL=Ux8%7u_I|>7Qb8nWpCx6DyEAT$0~hp7?^)zG*1$X6i_!PN^~54s zi96#pi3gbXn$#@T&VtBx_J)fSOUAv#optUvkK}zjG;3br;L=*f{GT7hpY|+G3&%Fv zsoup;xL!dUt2CDSn0A6Sv{CzDDSc?`m518vTQ!Y;A^qN?kFSXPU&J`w1;0 zo1PE<@~jJziYpY`$HoxTfyWxs>QG1eRXc9uj>zYSZr3Ip^oONtqU-1^cZ~}ED-D}emTi2$azh!Zx`AYrhtV@$OUYSv&M@NB-|cbR{=5(%!e-1a1NDUgd@g z)9yPLCpMd!(EA+4HHsO>{JtY8x^;;qSL^ESdM7K6fSew=zK7IEkn%7g-Z=rBDMJl(4^Pdr`_HJPPJ+yWE<3XK4!lMnuX`Rp{+ZpWrd(fKTSNvA|9nOqNYu?2L2?{uE;ewlaEz!2@K=r{dMpA~z9=ahH7#=V`_ zxd{NA2n>z+-(hj;Vt?Yy8i%@-XFL83PNnRLqid1*F~k|1JFm@X*Vd_@^Rq z0`hG~hjcbATUh>q<4k!873-8gY#66SZ#2CrZwu?;FskHJfjf`y%6xNh@}Njy~Ie(C>Qiu|m=0p?@nb z)%%=i>L7X9lkCW`)%JKS3%}B{Ha)f=%ihQ6Y+QB{%OVcgmX$8ibM&zjJbc8I!b3cE z@fd3KY$G`2hL_s73eOi4PTKc&@`QOAr*WeGu7v6F8ZO4AgkmY>l-cKL- zanUcC>bOyhUZt~E=sa`=d2zF;p&+MP$;MC#o6!`$l>|K6r<@cK8J zvG^Sy-bZmigFadZr8jops5AHP=@+3*PH8N$34XWrao@aCa=Rxz40&8YS?3(*0ToX@ zBH2^Vd%-@{>)B6vrgti1#}UtWi#E=rW9V)pb8(J#GB(XQM(TR$FmgMQat^=C@HDW7 z_ws75Gs3Z>@8=%L?aBJc?f(yDZv$Rcb>;t``w|i^Q7#Z_8e=&~tWl|6G`6W_^rEO4 zo7w|Jj1ud0#F}?HYio8UGdQq&D(rId`Lm8}5vA&d!OiNozX?tHd zC5=pnwzQ=VHUH0dpL5`v2c7vpPfpIc`+cvq_F8MNz4qR$6ZII~O18jJ)E`Ag%q9FI z(j%d9h#G}RJ!!%x z`t>|Od2v(r%u<@X)tA7>Ql4&I3p_1;i&o_`Ks|%rI@-*_9muYlFDz68}vH`-h4LY4O)ylty`iO)@l4prb)hToVYkII9g*K zHG0-E$YX<#Ga5J{ucif!c|tF-`CpsYs5FW7l9keCiyR^U7z)R3_d|U z25#U>a8tXw;7ieD9=c*(iuSO6$k@$|i*xRZY-0Kl6g(YvsFBEkdX_KX_9XZ$hx_FCwR+G{~&AA+AkT{ue;$9 zvhj6kJTZ^boc~s6N4m-d(Ab~&t~@Jec#&X(Q-17X(O^33R)B{w_z}w%U9UWRTgf|% zXYv~!Vtj)$Hs{pMw%(Yp_5%~y1%iI`(2o$~R^?QaU;DpW%GxHoP8VY&u&raOH}lzU z(GL5Hh6aQ$)|7!oWfDIo-l7le34>E8FFVcCNm_x!(PYH*zlwFts}(C^2uC|_{G9$e@EZrVFP0hrD6VHUMd!Ym2QtmIl(bw8*6GjHNHf+Bt$bqDCT z@$G|l1ZUAt6X~_ir~OBIi$+KB{wePP@@IjI^tLhAz4cln-_6j;WFF~~6Y0Bf)`8!L z#ufYCL#ckw3xSThmW29q z4?ljzdh8xno&1C%6Bp+fhcfv%c+~lbjr3JC8PLXU7cDMUsIT-zX+rc@`|h>>#D11v z(6sjQRfErJAD^KlvI?G|HKJwURsDY(Z9BQbIl>?Ke!rp7T;Vj}bOUhE97uLy`HaHv zBI4}}L<6#u;VUWph^EE6w%=gAk@Im=LH;mpR9!zuZb@g_MZPZjq_YWvaW7VjFW9r+WwdcW`{JK@=iTX+N2z5_BMcq57TYFdTp)dWHdpPZ#61G}_QzO5( zqUTCakj<~{1@@q_kK!u)ZUY}X`Id)Lp57oorUmp@c7MSy>hIlderSVxv)Y9$m<)Wh zccLcj@mcxqu9F;rN8sy&dNI57cl6P+^QCa&CgxeWaaE~YX+fSc`?YuLrh@onG=&Yv z&TW+6&YaPz@AhIHW+dN!v>J0nt76Tthv*;D1@!cov+a zWqW=(m&?HUD&LQG9`rFUbh6FJ22Qs4p&!gcH@M?~k$edH zpOam6G2?zop~gnXwt8IFC5>;694KQz}rm9vIlV&CIlZyq*ZbjY`U zPvuGQyPCJdvzs~E0PkMjT|5hUyWf6%(dRRr1!0b}idugP~~rvit}TmDJ3oG>zNM<{02#J30z%A@i88`j|^ zw>qg)zk@vwr}C>m9oTBWgYl_nJby~ChmTvFfr3sssQqDKi}iN!D}Ju>eu%yy-wo|~ zSPJaY^u7Nw4}RNUWG>5h9vFzdgQ z+nk457svlgyt_j72)-|-9??z}d?%iKcHqK8(p$0X)4r#PQ+mlh>9gX=qQe^I!)otF z+8dO|{_Gu+yQUoRXO!0t+G-&mD6e28bl%`B#yNa~wpCl}U7eRLn5aKt+QeFQY$R`d z5$d8z?|ee_M`^3DUzmL8g-zrO0Vhumc<(Ad{hN%}IBVLn(I}ttl&7yzAAER6=yzH= zo?q53YygrWp%m?fRtB)QOKt{drZoC|MtuliCSI-l=MqoV|rrby!*zX6O z9niYYgF}xvvgp~WCgumy^U;^~L!Zd|e5skW$!G|_yxTP9olQMX$ z>{V8Jv8()1bPURVO?*{ls83DyQg`QXI6KE$?KUTuy5HqH&A0ZCKcjEn)Q=4Poa$o< zKt3cMZiUwiXs_yFpUL3f|MXxY{z_k~T3FXKb4p+^owdy1EIajAXV|syETfKE=;l%0 zIs>kjuwK6F`Hu3vns1x$dcIfk-N?7i_m}zB`EZSVPv&XhsY-Zf>KVADfsxLZq3{D0!q2qCafq1O)s^90U ze!-l)2gs{*&@^js`I6G^DoZ=TPm2y3>njU?uOD7X8F{}9_+*{N{67EpFZeCkc4ufG zyh!r(WyYG;kkA8S3KP$HzoAXXoG%q6EbN!9Ickt*rqaN(=-YVOiRQ*WS#U}}$D6em zzwH*VBi~>v_>A)$-ori)Y;Q-d{lIU>e*7+IZANL+mB1mHi&zuGN!aA*XuIxJi}q^%>_oRVHM{+58UX##^PLH80b`n&!-sIap)L0 zcKC1{DISa+k#K|eXtKwR2_}rWQS`B4B7RSlQ?5I9l=a~b{Sz<4yj88;Y4_*?Bh zN%|0SpbC7%(S1C-#Y_15EX8i@t)th&gKYA&67SH~Xo_){Ug|bjOVRC@!n>AYvs~(G ze*3tgYw6V~Ge_*9eCbT<%fi*xg|r8M=)vz1FCJp#DS4hDtO;Cb-g5Yoh&4YRwi=Kt znjgqVL*uw1p7{=Ask{G^)2~F`Uj7CPOpj=f$kj z_@(XOtq_7XMStBs{b9R3L2Jj+ZH^}1PHWv|v<5vHT3hAQn&zF8wI3UpAx8k!?9%%M zFXsMD@H+x_L|D^j%x`JtcLg+FiF~V|FUkX4>bexEg$+kz0pCQK#mIrUnGxgDaKYpzch{&UQ3-SQ|rF6Y2zD=3AQ%eH|K-CD-Np2sdHjjKLtLis*ao%;P7_Y{ zIp*qH`XKbHv1@z-8N1FfShUc-^7tn8`xO1V-0z>x$&ro|^skw4`KYQ7J6}Tw=h0pc z@oCL#niwCg(2DeF!9zN=_KF%A&z|1ldu6XgSFsn-24G<&wRZXCe2vp1J~b$NDYnTi z;&Z~Y#_XJf^fT)er4Nf9g7vTj>7>htY;+dV3O<_WMbpTZOpp7p8Q-jvGe6QfzLGtm zo{POlxDLmOGT0LK~V?FI_2VOb{RQ-Q9onA6scGnYn zJ$o*!Y|hAtNwkqYQG;tKulpj8j^Jp2&b=La3!5m(+e;<8@ zADo0abD99=#2c8)XIOB2-O!e&?>C{x1u)kbEQgu!Qx5YFmctx=(g|ET{ts}$&ST~} zIZjpT$z0(l z>_fF|&angU@P~r*ZHM)$p7fwAUu4zKU+a(|+j;(k}!L&-`+r2m5WKjlc8TCfXK#qI1#) zPd|nqm^Nq}sJ*nwv|%CTCHy*O_;m#RQrl9LksVDQ_O{PW1k6zLjqt-)Wv@{FWTlxz`ow_c~Wvx_2NeB_|~#e~c_D zmyyaNIk|xR_4KE9qRxy5C!Fh~J%@t%-Oz(*Rpr%A%(~ZHbY)Rz@Lw}}aZ&3@3-P&> zO%pu9esU4PD>#dEA@(Ju*Zi&(T2An&Eab6Cr*Fr~j`ws9r(}n`Z{FZS`tAh{*Ri@^->-}pqXLUC0f|XUR)oVr29= z$bo<_eL?UNPU(}{u0Hko`8gjUCV5eB>zo*51$H&VPi^4j%jvHfzGC(QY>^HsS=#!4 zkQthvOO6IIL+wT;8`&V3XznIm=0)0a^juFytj7kH_#4w+ z^+oT1zFB)3M&F)~b~$|m7w9|rf2MEIwc0Cs7QIG|uZ?%!qQWFY6fYXzC!3<5_Q>-m zb+3iscVU?hV9qK*-!gi@De(JY`n1scsToVx@hv>5+^cz}`FZJ_JA^-n|>kG?qjlLt=5?uv!^RNEc!>;_lmUSj&Nk5Yw7SQ58+9I6mK8Jb0 z@c*iN{BJs$WWCB1KIVfD=^h`TuA29Ibkzr5rt=(Yh*-IPzTu7U#DiPxQ}f{IDbMyL z-XR*C4$nWqgX0+^V{3hx8};9s7ixYAKd+-^!~gU)v@N_OJiW(+QEs*RK_9N752F%! zjw)r}6zy&GWw>a5p}#+=HQrxAz7TB~Cw{5_c+-drT@zYB)thf#QLrE zTC<}*-eAt{2|eWb35PP?eCKAh3;Gm}S*O94kuUw6F!6<^OqbgX9Hyqb+`yg^jDz>k zX7LAw>#cSKy4Gm*$B)ZA$C@>d`Yu0|CavFat~b1&cIV&#xgT$QJ!|G+6~L{T_)uu& zA;BCybcg0qIy+oz03q5Jtbf)r-xchRVnbE^*qV%8N9|BL*>1J3Ge|c`I`JUy-LC#7J^NLQ zDVzHxNN*)?FJ4kWkBfV2m>HWq&Kh^=_0}8S91}SPTvV3I`6}gLw;a5cJX%xV$9MbL z-uSUs4hKr?Q#&YEyfUB#rIDTlhabziB4cvl z+!&8my}W1nd5vs(hrDOKL*B5TcjLR%8-9np$UW2MmG6=_@(y{Kf0(>W-X(AJ9r8jK zChz=r$y@ObdB^y9?|7HIW8NVza>dj;`(5&mc!#{$q)pyy-z9J5JLIkN^ESUrUKF%b z(#Dy7-t*oi@0stAx8BcN_bz$s-y!e&{Jf*yCGY!&<<;GtqHFQo?Ve4pRFh=?be6q> z{fsvUKAX!G67Vmbncc`Una57@WfZwThxE3uOXeCcep4>=U@rPHXZ>1}*zwR`Kw zICtCdHgr(hRYm($o_N!JlqG+bX7Y(Q{fzHDXL-D-w`XXmo$n-TZ(4tA^Ldi7^TM0i z;}jE2!>L^13SWOguEca+tay}_V86e<@i~=k!=VkTKTMqJPEoho{R7{&CmVp~_fgU) zUg>W1)BFsWhmk2NCwPnh>35X2**r$?pe>;!wln&pvwbgMZ~PfrdvS7_uf@*fTXx2J z-jc)I`&E)Y_y>bi@$5F)z4i;If1(VvPkM=2%eEEowS5Zhl3hW%RyDLTf;hGLy#@~6 z8E|dH0qYZSWBoX-QA@U#=Nsk6ajucs^J5bq)b$=825QIg@8XBevx#RFPYaL12YSW% z^oMpx7b%74Z!Z0qo1+}9=c{eP`9F$Yphf1Hb;}ao{iC8?`6iC>_d{driUsR^g0E~~ zN#If&U(21OYsc579~g_SS=UP0>UV(8!?F(opBsIA%C0b(G>Q*!ilNBB^mgDK;BWr8 zh}Fxck~ZFP`jg=C!ZKbDW?Hn=3v89{|`QhOwFg(R@T2fDZbJUjSyR?<${hwlO2s-O1PS@QWrztcQ8 z?(2tEzib(r8!3)5`g`0@`gv*-z2mDLvma}`%8bK%&g2Z9u>GSFz7*~p%Bf@C6;AxP zl(Ks(IugAV?c_OPZy2Anda+$`_8V>Z@vmqDy3P&EL7?4I0^iVuls7atU#g(}6!QpN z?6nZxk4WaG{EyOtb8L?I-<~YzyM7td)GqW~))`}=va(p~GxNv{u$>McntJ79h}zWH z%UjWn@Nu#zOSCAsrF>c#g?<#=E0&@yS{Dn&W|lsO{aL<%I!qv8)P`}Pk$(QkM z@y}gl{PQl-3KqM?KRGi17`uY4;Cipx4_v>7&qahb9P{nAPtxwWz_^pN^GKVH_qvV1 zwt+nJ312|CoGV@QGvJfX;>+6dc09dn#=Ztz1t1NzyNX{`8x;EgF+n-wOAK zq-V}m+V9uPJS3Jh<*#%*td*`g8=kSaB$UaI6)tV^fx}Vs=dgZ*FUDSM6W@Zb;4D1; z=A+gd2N-L}E#!npmx6O8^~l#K+|OP=%81xJlozG#+S_`y!Lw6(3V7TD9@i&1Taxs> zDvNfij6XA;yZK!~-XQGvge@#f^I!Z{(JhiSDrYtQ>!1ye+5n8+R(D+WYR+|W zUicTU4(vUW0gb>+ci2d7PeKN2eOLWbg zm5(UrT{(-3I-5)9XXyM%@BYqS_nV?G#@iX3*)Wp6=YXH^a|LCM;&&8SJnDztLYRJ6 z$2YiZ{IE{K4zMR%;eu1v4~I9zUMUM-p>SZWvyZ+&Twht-62;jLcT`xh^=0Ar`epr` z@MUG;|LlkVp78l);dlGtPlAtHf2?CdU@zo#ti8`FFu^8VXU6HwwOOSzL)N-x^6Ok2 zt?jG*lc0H>al!n2aD>fRwN@U~8Hk#5+hcmoxVhh#B^EF{&R%SdBbBRiRK{4!(7tc& z3DKDiPr##VE&1GF6Qa#lGFN)#T;{&)pDx!iwZ|&(-C+Bd;gP}FjA~26DcW+o-f$e zUnl>+lb^E=u_1W+t>7tGTEOHIKmRw#zl;6SW^WO240zLX9?f1^on5B3=sdqh+9&+3Q=9sQ&yG?B?KzP@E+4fS@YRmcUfQQJ)Q%?fYqjB((1*;9+31)|UxpW)#<|s?>GVP-bwe23-rZCa> z+3fx8fcC`mbWYh*Z&4p({YKP`6dDt~~d8^~{;0#EDd zmrdU|GVRGei;s%!J+z5MO&wqm2-yQhZy1Vy%LQ^=_BKz zu9kEGd`=_XU$x&37)9+LoBiLUE7_DA(C=dP9Ucko#46GC{j-Bh8z`#=c_aE4a88(DlfG2I2K> z*8T2I>K2TSp&!w9=Aw(t9(lpMh4$$Tm$+aLJ&A8v)*|~9x9xoC z4)sZO(O3ENiU&k($z#qw23~FPHSQHYU4DzR47LNK0i%bKmUhG~k1s#V{7Yk9<7u}a z&-|<)eJ8-_HqwZmp!314K^bN7TZwPbn3Xn{g|BRV%nPY_Cqcw&Ar6e`uR?kCPSL}q&cSbG9!b$ z^8dvz|1-o%?tYYZ>?4iZB3J}EVA@Z2JLz^Ro;dM{PZKT~cMIX0P1#<)KnDJUpYI0Z zyOpmDhI9P5>xt7@ashqc;D@&mp7Qgku8;e5T}gPW!f8WLPm7=DBgECwhlJw&J_KoG zw-8P*Ce0Yq#7~h%Yd=bJ9%+uEvz6Czkso(9anirb;n?WMok^VZ+V}GQ)h~wL*jwZ2 zXEo?$9g(oLXB+2z@5_>H*!O}iIr$^PpLb5@309ybA{`}*180Gdo+VD zMvC^Khei07{!&HxF$=ySo&xV->JfWp(k}}~Ik!~%(XfMrLkXRgbwfdG(KYa>YMt8> zXI|)^&m`U>y8Ie;&1y?$y3i(kC7X4|3*{fXRp+YAD02Qv-Enm2hMdRCG&eoMZ!727 z5~Xi9W{9JGlDE18O?DXR%_?Uye5wK7^?RScVvBlPTh%_n@9V%%b}%cOD|`dkD=a~~ z$8j!<)}q+X7n6OVnXqRr`K1R3e1NOt%gxwpaqtJGf7FMo7bMx z*CuSld0Kjj6Z!#lNFSI8og4n05D#7MvVAI6^Ipb>eR5uylI_=7%RCxCSa2S3mga9E zzibvU($!kai@)3N=^H`+pQB&Le0sSLdQpEmhSA6YV^fywXd9<~uc422=u!76wTV72 zIqWLEzppu4jD6`PNx2 znosIndewauHU!f@U?g90$?mU8hqXDIjk?VFTI3Oo-y6^o?Zl31aJ<>?H$PpLu4pS| zr&qA=bOq}BS2#A|$MA9KQ4L4Uln3i8Hw4G(~pJ-LnVHt^KisOqeSE*yN4 z1l!+9N8z`3_7i7NGZwx9ysIXPU(75WXKr2Xe@8gKF7AI1-*=mEXnu#Di|l6uzx{N{2P3XLJ7KH13;mzML2ROYV*a zSFM6^+$r7+T`Fu0w6QI*r?BrF@m+kgf#m`6t8UTNu1m2?P`~sebbPlql_`D-`WBrE z=ONLS6VTdf_hprz6Ro1d(MOC~vC7O(+|ijT=%Kv?fD9jb1il;akq1F|4gIQy|5Vw_ z(S_dwA6%|^jyvfDO)PgWfF`5^*3mZI>8JIgTGG{LmczT2qwn%fTQfiR@E|_#5PlZ< zbl#BkL!0<+m6;V^7av^B*);ITjFp#;7ti9mrTm0du|{7N@1mX__dfEx7n`y8)>drB zk}o0dXu|G`?UuV7_*Pi8)x{b(`%U^EHRtK;EU)VPdg@-1KOMid@6uN*zTU*iS3-Nj zUZuWT*6FJ_%TV+!y;C-em`y!=OJ~tJCRUDfdz~)#{m{A2s*uhcMJ`HiXpcVU9K$zf zVy`1VK7OCZ-dRnV!qZyynX>h*b9-*_e+TiBpW=<$r|^Z4ME(>pGp_{}qOY=1e`Ny~8%hs|OdRjUzvve_l zTEVz5XG0^y3-T=p*~h4BW{GhS8$ml&ul90k9yo~IOJi5`i5!Zl{$|c6*BKKhbOh!b zt)vO;5!;}%wmqJ`R`g$ELo4wA&jM?m{UMx*zuw1ppg$bpypFwbZ){7ysMZ(+{@}Ls zdFWMnm=nch|J-+qbd2ZHU4A5lk+w|wGksIL1>GIXIBcP#w^3(K?#?yK5aRJV~q*I?n@2Y1W>6ZC*2mQFy&-+F4O1El;|8y!1 zeN}%1L*>22PdA@*MvpJ+?`%KrGkzK8Qij>THmnS-vkKm~lg{YzWo2CL$6>D+JSH8U zxCr&D?#unS8;FxH%`D#g{4@caF7?y264y_h@+AmU`fCa6BP_tr`F{8`!a2xV(|-y%ah}GKRW+TzPp}6kLQ_7*dCsRJp0I#Mab{vyQ_=!L*BB9 z53r_EekOfZYiQU>q{nx|AJm828TTni{>Z|c?juF+z(eJqqA@GIuTlMF++EFho}1Wf zctA7XqVFl}f!5m8DAH%BZ^4we^Mmd(et^zo@?_x&vU#V_C2sTcXoXG zGO@A8ZZ&em+w+pKk@HTfn7i6~qgM3h<63xs0li1-tZMru+mgNy% zmilGpi2pnKw~GT>MTc#?H$y+oJjWAP ztE^wD@8jxM(%TcEe$GvP-~A-%QhvG$ctn7M>7-Sjplqd|L)vDgO$K;4Y2Rq}%iaUb zYDuGd1m}whm(BV(FgnV!iZRx~bHYave+%A1rtXrE-NNV=D~p3-*vmY&vwT_A*zFnLW$UbP``h z?O7Hs#dGym`AN#;x3}&F>|1G*!rA8$lmA*v9-lLOV0Rf#)rWnJ`4`EwzqG-+Sc7hGi766H(fN~ zkJTO6fz&6}TSHpOD(&~CZA^X8bGU!W#FgdwMp>St@Yewz^_%~(kew^t`@5k*o&93` zm$ViKeB0qm?eM{14f22UV{W3X5pm%KyQ)8SSZj{eev3UXIo3bm$^}IwyKl zL4A@wtn;R=z8?3_ep&U*x8$45drLHNv%x9n=@@_43q?bj7b-%DKbY`08Pi%jl0MZA zEdT%bzMr^n5m+D(%=+hl@z#1Mykam)KU)9l@wogd{F0A>Js%&IjV%s*q`-&5z)2`$ zXYygz+&j=Cy>vd=EV-x9y<4;uX4 zX#6vjcA}3z>1DxMb%4j1@R-JC=Hn3gY;Xt<2ZwVEuGq^JlRjy1n0-4AwGJ&AqZ}BIT#qSEg9;L7K)BlliU?o|<@ava-Rs8o} z&J@aXM@9=YaG?C2jI{U>dPNdm0N*_9pDFZ&%A<}Q)Y0P4zb2_Iq|x0i1FT2a@@8zV zYl%z0=L}SQlg>yif)DB(*_nmsNFR#-k+#n$F+O9R)ZaP56iegGwf#Z_4=SXwQ$rtm^<5@sVzep{2X}7P+-!uyssa?tY7XOTtYx^Js`9rgOrr z#7b<`v*d5Kt_B~VfNu8qG}B3$W9d(Kk~{N&-J6y8?xpyS&n~u5Mwj)78x^fWGu@;W z-@XkSifA|+UtT<2{e(}X3F{{9LBjsYq<4zfF}4nJ7oWnPr9RQ+6xB=m;z;}`F8evO zHmkIRbWigw8T}V));Mghb*s5sPjTJpM=CZuJ>l)N3%ggLl6s5&*jYsTDu9i`1@kK3 zwmy^mTcz)lU$*K!+_R^$KZz|SNc(9&?X{G#hkj{%%%N?2$QKPQcL%@)vSm=bb1rH2 zatB8xb!j|`54?hHeAjx`DM%waIO@YQLs|IP?ue2$1W#IJ`s=~&o22!|PFpFOdf2@P zm}y`BEwpi_sViUl0)0zUm-K>BW%X^PKK1e2(8ime$Qv44PT3XNT;US(en>D$XWb0+ zXE}Ek=S=7+3P=BZrS(QbS$U#uwZGTc_HWevEioh0NTWMnbGT8y8RQrEbQ>0&p6P3+VwN`~Kp1(ktIbX`jXheA?h@I=?RjKI+pE!3f?$ zpE)C?fBePNwcyOR-^)AC@Bcl1|G!6?_Ahw;r}C4l%t_AV3N5S|CDFGvZW8desr;Vq z|8C-Ug5QeM`jKcs^67fP4qki^Ja1wn3m^=$v2NF(&n>z$^%K9PUon_&-`r$9D4jtvJ8#Yy3K{qJPI&cL~Cie)vZTKUfxinIC>My}V*0 zZP;BFcZnZ&jJS2gZ7YkL?8p5R<>ku4-|vUpBe-*serTLONM6DG!b;Xdc#p5bSDbex zFzqbMdxoF)fU~?Je)sZSlUyJfJt_5S|*E*2wM#`tOoEueo z30^l~^%Mo?0s6O{d_f)uzNCDc$#*^Zv_JW?jGx}JvI81ZJi@}*yrUSs?BwA1i}%t@Z`_>ZAE zc)~s4;q5$OSut*4HoJ5T`{@+QNILj2)0czzV5y(#Uz)nacXkm!;Pdb6DNDX^tyR{F zogaG4@H&mvyTwLkYk{6LeQy|n{A*vZpQdE#?T8E*}^iGFJR zSL>i318xET+XGC~z)pPTUU2nH;-^MNYtQ&r?!`I#VsPdABQif)G1?ld`Oyg;`4DHE zsQu!@>`O3ry9M{ON#{>wSSJH_k|VuS9>`19{ukqQ5$hoHs5`_x7T*&cQAUz7egmuo z!zAN%iSBcrxi~-1UhbXMMgK+j;_HusE2Xo)MH!kmS#wHh#?95>RI+-i=nvjKN@qdj zSZfB}3ZFr^S+h)gYnEE$d`|?OHMfGZwA*!W=avw-RgTWN zxS@0gxU#`%VB-*OpI4pq10#`vk96c0|Kf#3puHUJ9!b683SLjO31 zZ;s9Zx|i=gd|TLO1V_=xUiu_{C0VYpNGeyDPWW2M6F-atYu|`paTjzkyYvL~K$5)*ZBB5{B4+~Haoxx8(7?xUf~J8}hBTWK zJui&Njf3RuaDpoAcQzzn!=j1aIQ#FFIDP zv^j;37wxG`j3{dDvN6Xv8?kO6mUyJFmGZv#x1qYj_$7ap^Zm45ZRRwTwfM95BMW4k znV~ySVuHgjIQzrOF`uJf@+XPpav}9kvO|4bK)z(OXW$C@r?I3w4q@{(minCH6xvji z)qQuYnL_&yeRz4^%HC8AWzm1Eo3yWpJA4-98!h5FOZ;y?B458#?C59D0AoP;lB_9L zCx{O%%3F7L=NtPUbUW!^s(+xW#jp2d|5^&X?vD_vJO;BeKGncSjwI$ny(an%zDh7!`g$=jdHNH z@Xd;Vd&IJ^y*j076HwCV{qW!^iw{Lpy5IEyHv`P&Pa(Kzy>N2;LHVXKZn&33ag2A37u_W-SBejNHjJh6IdD#3a%WvMOi_uIib zL>*^<4L1JCvr}|F9`AudJyj{ z&%uo$E7Cf2*KXo>@+{!lth78wcy<#%@Dl}>bC4(BLtY;1OPq(xljU*lCysQ-A7njk#?VlPcYXyh&3b3KPbd90YXW2ADrC-# z!aXC z?xo-Bq3xs4>L$j#%5Np_F@Ed&@A=*omrsD!_qoe+%!CtTSL0UWpq6rWIuqP^(8qD~ zPSHGm-1su-+bPZCyGL{czrx2OHk?npH+p=!lXgmONM4-9osSmdRx)DSlnG{@CEaDG z|J}hiJl))>Djq(aHj0mz{*!vB^C@64oR2#`kMC0)>BURG!1*-K*n10-UE-@&j`JAc z!Ll)Jh@d+YwwdyeB(O)u<+IykWR7^W=C|U}9i*ww^|(L9W|+#W&z~q^>x^yAA{Qc$ z3|Rf*=e@-gZ9bM>4X^!Lz5^aJm)}+RK}!$Sc^%-Tlt`{Y#?B~6hw75to%Uc}=l)h% zGegWjR;1#dz9zr!h`l&37zI96tX-@NamH~qYZaaNX<%Ed)BMu#TH1be>;&58$<6?G zU!%>kiT;hdP|ThX>}*6+9`9xf6r1qqI4{0sj(Yh>cvxt;Ppz9cLICyO!}mivT~Aj>~NP&mzg|^KdtG zI_om|!c;>So#=3~1vS@9a8IWVf@uKH8+>?vO)yKL<8qIM(}y1$V@v7Ou3BIq+KCb- zAE0;&pGqIEHF;=)aLuQs+lbCYUsq7>Q1$GR6SmGj!tbML-ANuQHj_p)FqJpoM*q>g zl5}-Z#_aB<3DmRF-H7auI|KERToXIMONnu-}lFP*t9>34Q)p01>kWe<=3L;INV#*e z!{m>0rd-@w>TX4k)!b(i`dpa#**K%0&oTOW6=P?7;w85NeN6TKm3*2DeFnePP#U@t zJ(>Mq?S)SK0;T&aU5q-TtXGb1I=eVJIjv>IXScz?{)v3-|fJ_%HdBeI3Rm2K&3 zAB_)0|NeQ{$4#5f{MRYS2NNYcrh9>O$EVsXIeH~)1|78%ufNN8MK<4>eblynaG(WSnR`>i1mwZ2SPy@CX0?R{7KYGjsUhPUIz;Kab)3Xwu(8 z{=|Ewx3K5IhwnV*q9}f)C_dQHJZtv;UCJik-4Eoe7#Av2ciKs&YYun1H4}dFVsR^c zO7gH8pY5C98oKOs`^tQE|CRa5Onq@S<#y1wc598hH8iWRbsF|XWMnAaRjh>Hz2MhB zi2m%QyB`|6HZPeHVg3@Hm@BBi%HNT`-<_B6PH8pA5`b%<2$Etx^;7ib;Y{%eawStm!S!# z=eN}<#_=$^8VOx}llH28%-;(L!gbm!E8Zvi3Qt>dC>eg>x7E-SHUZ1-hg3QjIg|i^hM#*Flk)Cv;Q!QA|DaB)zJ=0nIL>tm8LNa1Z>|gP~xj z^d0D+f>#S`-GVdgtFaR>W6mZxb-zQI_fV!YXM+1OWvVX0MLwie(0di@>4J&muf_Ln z%8;+O+N1F}w+vRC7rHLYc#!@lIo!#Zv?eY(WaiC+8FEB=uXwg_ktIzqKJ9u>-`Yf8 zm94dbgS6>!+SKgFO`YtG73IH%_?C_d?mFV5;6Q$mA$UP6Wy($^J`}om@gdm~MIZP0 z^j#01j&ZlV!j(pGi~oah3}3Q|W6JinxJLNeQeQ^adhxN&OpiMn8DeZw@OAEgcK4`_ zz)NyXd?rB~)Q@`FS?#QLXOlimJMW>L$4DF4ECRfaC7tZ9pQJxEXH77=^6)jGk$#$6 zNF&=$GwD>P^lFtC1#dxlZ=n}7+%mzPN!keY$`5ib>1D4B()@`us`KwjvyixLewzi~ z-}!M@61PhAAY0Y9&D1OZwxEoIr0b@hX4087@gBEd=}9a9gCO00zq|`cC%K*X%N#+w zne?4Vr}a_k3JognLdtocS5{y%k2v__k*1#b=?-@<^0rAMT2x(W>d}4N}-P=+>Mt_=J66~~R9)3~^Wsrku z-C4_-A@nsi1w0%3>Fh#vW~p11T#D>}pcrKgR-w~{kwdqWw;G*L@;B^pH4x_U99tCv{Dj;Etk=g7;k783te5kAV-`CVvgVHTLFE-FW0`z#Db$#+}I9 zM!}u(B9!|yd3RHmcz`FHJvtEWhz7NOFmUSxcOzvVCY|U!pr>ny6YZ`e&Z>LtglsQQ z^LNUB(_`*Kq|v&V;xwj$GA{MYSWf&a#H&xLTk#hXx1GF;i4(n6W;|U}da3X!-PDOc z;HISeCRvjwf6$MpmBZi8yZci8IFqtclyw(n>32VKz`3Lk>KaFUJMniCFI}dJvv?&h z1;^{4Uqeq0x(_sk&;S04G;N{I#!ulxk@9GYI|2_yGfS9%%_y-MqR!6sBKxi@N`I}e zGWi=hBYvG#osYA(sNU&?-njd)f0?U!g68QOKbkk_{E!N#JO4X$8AE^2jP9UMFb)nv zf1PPynEY9x%6WkHwUy4MeIeTB^y^ZQJ%`; zawj7{EY>wmIreJwBl1#S8{@qT_{v_>&bQ|4ms5wzZRdM{a@Qx(ap+Gr*W>2;u^!}+1)q~xBym6eA6LR; zS(mYaTO7VZ`+l$T_zo#7kuSw_+{3{md?vHJnIl#AEoFRjCkIcf{SxOfEOiS3o^#TN z$U_|t?fZovF8yEvVKK`2DPgzv8C(HpYtZWJcQ2yOhgCQD!4HeM?9HWm>K#iS;qF>L zPI|~`3bS(st=l|KS<*){^jGsc17G@lddONQe29+jmi}Y-{SAeG!A9PmLcd|HOfo|7 z4tUKmbQ$r@*1y0vley9?c+qjzv5q(J)OddITH6ie?P1c3{~jbx{899N$S>m~l%cVv zG1<(w?g!Qy-FRg3cE2p87a!SAolDRsT6}M!xVn zWO-|LqK!7vzDXapktV3O+b@4Fz9Lod)Ia=rDArpR-{r^eBfgsWLE;yd#V_>ZKLOtJ z4t{=jFLyD<4R(-5Fp_RQigv30Ch8X)ml2;NKG54QBwTd2nDEJ`$oGEY>(T2|z$~u1 zZEuW;uc_Sk5wCT*&yoKqKE@h50bb4^PGj&NiIX460cdJ3Y1B5Q6OU3Er}^n_Bi&2% zsWO!-^pQ?{At)=Vdb0Ua_D}f3@%|F;ENOI*#Mt zt2#v^<_g~h-beg3ONC|0yDG^%fO%zxbs*jCo8UcvNyxf| z?>5$mHZ2O7b++E+gtJDri8ZBao*d!Yv$cx#sDrFm4e)d?X1(dYkk#3RCHp#7wRq2a zAY>&FdJUvMwvctT3~O4X>E>zW$s%krJbCgfjl3}29s~{+ys`qAY3%BbhHyMr`0Y{8M_&HT?JGjo z7-MgAJbwVrGYoO2qHOpf#-a8;$nQN&86nD+4zBZ^_ff_X_HalRNdFI|@YBEtzSiK& z%;Aca{i=61&kbW5fOR9!WS#_%ZDW_WSRar7(5=t+a1QqO48Mz5Ul~Yo4q7UKOo7Mf z&RN-7L$V^-@d*7MdJSKq zSG;xBYTklnv)Si{{Ti4tCoYbl{py?AZu6A4zadGx)rVni&*brQq7A3#;iu?xk;GRH z>2AT{eHcmmJHS_fD;r!1ccO22IOBA+d*4xmzd|$VbdQF{fzD@>4O#sP#V;{yQ?fr& zPNA8;38$~nw`DJTecKA%Ht`J|&<6U&8Q|@dS3_T=zXxZ|>AZYwHAU@Ns3u%=BRkHo z-T|)F!{Ay&-8wJ)Yt((<`(EAKc*lY3M+l2Udxh7A2DMjJ^kn?ItlY!qn|8$${boN* zK-1b!ru$RIV{452dk4YAIN9|rNB;CT82Y@FvVfRKLd3xsumOkEdQBxd1#w`@uMR@9v?&s{d)knPQsPkSy>or$cQ1XsGdH$q#= z`S&W>_bE$l*L#3^bgqo{L8yNb+OOY({9bVB&`_4OaN$Dz98%fT8R!0y@#b6p4XGl( z2XuaHRa(DqG;2nJZHV$hDehlpFRS_zz*y(Osy}b};W`IFzt8deBzRS!lh)9$YUp{t z4~t50s6AHDEHs84jBz5`zSZxO%KdMZk<237SG&J3`Q{d-Uu%EIX!@l+o9Z8HI)ew7 z`n-^~3Mc9tzPYjSrVQ^cpI`Xp>Hf0-ZsM2a^{YLX(+1V~J?d0C**^qh?e{}03@)QC z!AN_5wj#3v9%c5(rnpN8Ue)dMDl45UOoA33Ro&3Vm1T5sjSq_(X=f+pRM;L}2!0*N zziRf>i9RMNFa2TdV~1#PIC&hD|$2-%S z@t)*KtIBY9k&nAxA9vz=waK;25v;mC2fA^%Hx9fACZdZwfysJc zB3UBayJWvN_S$ z{LfPMtCZL1=hc3^2Kv1Dc@OsOyxVUISvGK%j&!UYn4@!T;xW9J_Gw%iz5^aPtJPie z3i4yZUGRAPt?|=PJEY5O9Lt!o7w7-_>d+vE`215 z4}-1Xf9z80jZO4jxRZZEfV(Jdw$dl@Hy#-49E*j18QSZp{P&;0U$3E$;7;*?J_NU4 zQ%5Ux1my?#E3e~k*s0l%Z~}*-k8gv6!_Rp*T+e&ejp)6LL)I%i3BL92XwVACV6w;UGr41plbNcWo_ju4KHZPkVjY!dTe>4oa4t zFNMMHu3J6&)_9Z+OE@?8+=FACv(5cIE_VUA=Teqr)&=C3UL`#KfxehA=;R6?0*|M< z7qkd>`QP(!zxUa&wUc>D6}Vo;dl!$<*;4Ay zL)h_=|D+ep;d`-YYK^g9jYxInh0lWGY^TWlEK)(d@TT^NKZX)79DGRel%Y2N^5v7d zn&zJWLtBoZ!{|P*C^QwwJKf1DdK)f#pEYH@{oa^P%2eAfr0!h_@IbxN$0Tdjz6pXk zHp}4Nm{Z-)P%c~9J7#3-DvfdU1P>=CW!m|`P%=&DGVf4(%4FJ;v}L$V`%BZ??`H^b zBAIpuW$mY&J>-*2`x)O2J3YJ%Trf1W{om1G;HUGML&~2ZYJ(5@6p1g+*Ss<`c=m6w z_3``qmxl(qciViAA-oDWSkSWIa6b3eJLE49JBP68!@_LBnhBGv>;wMNrE4f7m^X#; zxk5c-(B^62Y2?w_Mzu+3IgQV@wav`;`oLvh87{5(CyWlYH383qHY}&xW&A-Wx+8B^ zX*#xSe0oao&~=f1_N?}|7Dw6Mo>lpc!E<9F>kmc;#8w*9o_g6PBm+e+g5yir422U6 zse{^w+5it2#T$O~usN?k{?Jm%>Uf;_s!v1gi$9^$|Lpr74ShuIqI}^K&N7C zXWb7P{m$H59IJu%YwpG@)$D=OTydOi4i+|c#+13=A(<;Bz@v0swW${R)|^%ISosyc zZQct1|A59Nywgf){_^?Kd6XU89d)Phmv)NaJ?1!T+TYX<={V}bzbk0NHz#Mr_A%Z`TU>HkA z@>RT}_R@Sbc~u_Tu7hHkgL9t)FjpDMqjTq~ES{#tZuRuVZi5eN;qs5b)?z=mzGaJ* zo|_xZ{ax@w$rr}2x&M{-GTm*dK4Qy=*}k0ue)(cert5`xy6XjW?fn(EWe;hug4UwI zZLBtaf3cB#e*`{)(+K*lwS@oVY!Q{Ga&-16^tNLhaA@%Bz&^62p6}BM)7U;T?b(4* z-ya$rq8xmA26ca(ImbeFjs&)R=7IHb#)%_Z`WRy(>waE1Ntv@G_Cph;RcUYEZawrL zhn}POqiTZbJg>l-cz6Ul<;atCiJkW~CWA#J-em>+(Og6J5<5BRbjxQ-{OsdbPGiKCZ`C-&> zF5q|6XJ`(-8ByD14;xV*0sPoI!0~hT*7|#&LkFT z{~Pup&gcUN#!nu23)aHJnlgBc=T$=YHt9Ur&n#dEdW~>1M-1R<3+B*(#usfiy#6ih zM&GjPi^kS9O#{&=1NU@){jXWr`{UgQQl|4!^F#@(6fB|k=K`1_2YBr z*}?ZK44!sbGzH&qto(@dYUl_aCE7~7_{5mgdmfJ@GP!+;aZh5eds_J-{ku(gbwA<# z^-pRKl+{1)X?!h94{tr6^KuunPf@zfO831X@Bl5zFC3fJI;B-QD}x+K?lS)5>}Ra2 zWUaO`@meWwL3a-PGQGi^+4%jJ=y%pB_EKIvx4gK=#+L_}2oF_B&aTKTcc%fHYT6&l zQ)Yjzl(&}`HD)zWf(OCR+DlgY&Z3p+e474mG3$u*uaf>n>=jS-o_lsal3kID_Ah@@ zylN!#S)Emh4vdcmcVbpV^Pxnx@E68wCbZ_avLXH!{uD{PTpII5{0GtxfWr3DzVsQw z_l`*RmC~3mF&E4%%kRt7x{>sXLnAXQ4oP1zaqOQRiNDdl%sAaWJxIGKW5prqM8db` zeN{I200z}r_8SQI8Sfm6^lgv1=@~remg#SyqovqK!uC%vU5<$#*m+8O}H^V6)y*<$X&Y z?1RBpe)+}QjJu#N{AD-;1A7~NiW6_KW*@be zyB`!>-l0rjX4XTZ@eS^2lqI|9S40!=^Q(EMHP&tDAO0Gq-Y98K%d$pBx>bIjKQ* zR%CsdXA^cB@Z3hbq}Q=;uP(UD&9XMQUsSm2$fD>g28Zj}0`6SoT9-ko?m--#wp zt{Z`SGym6Fanj2>fsyP8g5}e|M{A9;o3;_IZ-s9q9KY5<>C=+klHm&fD&eB<1mP8g z8=4|K=a=&f;@W9b$G>`T-TRHOm7UMtIi7Bw^*rLmNn~L-%Q-Wg30;j3hWJnw{5a4T zCkvKI%7_0pK+l3H!lurVOw4GGa+T4Wp~rDyVA(;q%D5X?HlbTg?eo@Cu4J4x+xq5w z1TzNalzwI2vq~S<+d)5gg1)2~k2&;mWB_t>5Wb4fAY+SuYb{rHx9mai(B~94&<>rg zTLX+$u9a9kp6~Ihrvg8G)gPSg3~u+Ew%|J+<*DM)I@bJhv zrRCH?ze=AHU7^>7;_L&q^W&OX!)c0ljkoN~_$+mE_Ht4E);gPDAXqfeR-3v$=EGt( z>DuKdKzX&qiAK(%UADE#-S8sigEt%7L<3I~XUjHRd=kf+KQ@%nX@+)*FHRPnGAD?p zvu-LUyxv&)H1!;VABqQ#n980Da5FaX6XIr-CJ`5|T0I~d9R-Z;Fk{3iArm3}n@gkM z+vo7z2HYA#Ys~pXmyzd8@`@(vd1I%JY0Omu-^bPNKGF6Z?JIh%i!okFxdE-a%>8}< zou>&GPE6k^TYdi(aXW~Uo?eTLsX!j?1$QmO%GgV~a9_UkUD67tYPUE0SuzPj% zb-6m9wFWwCrfl8a^)-HL?PGYI&r_ECzz;Jfbq}N3s;KCo<4Cl$)Mhgd5dq4;#+Cf z63_W3*llK&?u6fK9as1c=;q7Bv#)Bf1^CC|8-_2#dl$kpCVxF_&3__n?QX%h;B%b$ zdUwd$!@HK>2e0KfPl_<@t=-MxQ0;u{x0RS#4C$Po{u#wke~w!jJFvYo$8nH>(1iGj z@XwqDTH$=oq<4Qj#tbA`%D zK06@!eV@5Q`q_bXFJQx>FFCcBx5kX@(6qM{$$R>0TZ(m-c%~>lAfCI_X>JFL!S`EYb4ca=YsADP?2 z_uK0{2t>!0`E6{xVhQb+-^MI+-?(sL@RX!I)GPSoXIs|>?>SH76Ta1fT`J{tJqhhS zA^496U(&OJIg7c^99V|vQ#j2yr5y3gy&>+)V;t#@%}_jhNcZJQUh94o3qwWWIQ$ zWvykM7``4yAF!{?TS@A$y7JxhMZ7|KQiR_T;>>yKq+6(5*jBQU_4nZ$em*io`IjL-qshg2$rRarq=$AT zrn~J!Uf#{XEH?~hU1cz%P6M-U!Ho5{{f3^h?tH-sKY$UG83kVAy@J&hz=ZjV?w^cE zclZxKz0wAHTzUFSNdHUHYrRrs1?7Bz@DafDr^LDRbJHddruDp=fukOWNA}R2^kHXN zAL1HInlt+_+(cX?`53&RjXNZ){k^0guB(dv13G~Tn?A?svuvmHEZG=)ir5Q^8m~PD zc21G?h&s&`WZx36z+SLF6wff8r@`-`ZTpXgzOWyRl|AK6(tn=5h!30flH?Lsy6QIw zYe%j~*7QCVwi@|9z~Uo;Pdh{_Dx(Q~@{nH+c7%#%r;GhO zYu#t*TNCY&F0Oj93!~F|u-OT|o5|mlf!Ai16-Jn`E&Wn<1L|<@DE7lUHNK}qZ|dJw z7h2vu0FL1a$PeMt8*jIpH3`p7r1o&Wft#QY*mbne-o2&_&QHQmbw7~mc#3wY&K1yP z*0jMXUJf1_q}wr`!<4UjG^Vek4)sIpPxmPwa8^I35+4EY<@F`OKljbX7W(y)en&5P zBr`Qe#A_?*Q;Wus=*ET0KwxKl0QN&X^fgyrEqu7vkI-Ghez6 z{ZQdg0{=GPuDyL)3uv)vQ-b+9d;Zl%>pc&R ziKiU(eH3vW#OJG_x^m)y%`E^dHgr)`qS1pXMwV9?dB;`2A}aG$AOQ=%}3c|0KQA@m$J6@9giQ>gD;2QvY{CMko9aTqT!l8_B|r&n<&2= zHzjPADR86m!@zcKW-s6ErCaz;;hV2LY&sXHlf6V2vS*axq;|Ww3z#V^+pQVKm)ApiSKd#KW)(1n4q&p{kAaQ*b*h5 zU#62KbX% z3oX{B;WHbv@bsI_n2u4#I+X!TtxT@ez?jonL=`q|5A|@?R!{NYp7ZMXH|o%wPx#mT z+TvUd15>_bQ_@_vhjyt>wMDUH>ocX@=3?$~Bt94y zt;Cn(ej>PkMe}U%p)>&xQeUQ#R`hXL{D}1zXf|@Tm_&6WZHQ@8bg+scYi5;(8vBOjbQXoP zM$UAQy-+l7cwoZQsYTDM*yhJXB)vv1H52R}g>fM38rvg9>u@IL&4yx%hQax3Lq@D1=G8qqpjFc!pvk-;VS|KM4`Kyxg?zK(CT z@8kTQBOHP+*(`Q{#n-{%(f#o1ZSdzVzK`*)=DocWpE;g|{LVazFBaeZthZP3ZsKj< z>GAVj{~v4T0w+gN?f;(F?qo8OPIi_oOOQ^o;0h5ZkiP~9mjNS02|6SJ0!ADm+>07v z)Tr@ub9J(hyhvp74k0na%ZrG*Kt$xCcY>(Vi`NLK5nnwsv>OIgyyEKu=KuXwcPEoI zAoBmu=hL5_uCA^+b?VePr%s(Zb^K26V)%EJxZ3h*Srp()d|mu}_C%kbyTp*RhBg5A zyBa^||I*@5`G0BSZsNLq1-jfsU*(`5>ETPQwe<(9oGnIK)#6%j57)`yEMm*QqS9Ex zSl2k8$@|%7bFPaGugl)xqRXSV;v)slA0&^;8sPbkudC1UjVl>bKcbx8bBM)(t}A)a zlLMEzdD0a-ik8yzI+KhZg68d-;R)M6UPtF`p}zRM-5*X3AQux+MRym3#Z`{>lR9rrRS^`z!rZ z`zo`u8*W#=DYS!fp0LW5#x>;cDf&80o|xdH^6)*{FZnoA&qe=Pym&g#dY9!tc84bW zwHsds=Ne0@Gs3wI5n>F=7Mf(OcQrJ%D0h=L$l84D%8kRZa|hfA-(a%owky(uwU4_} zd%N04e-8ma_%`c6I*ZGUDR8)$^y+cYgvC4hLp;EOhCAVRJ)ALyTy5T9_)Xap?Tc0) zfe-CH*?M}-8<>Cat>&qQkCf2#-x%BBe3jFw^%`_E!%J@$jwwrL-u0Yw zJ^XEMElwQGrOtox-|8N#ehln=;-RlWhh9LRYn^|gvlm$BG&C>2+SdPz8sf2&p%-(8 zUdwmCgD1)+mIep=iIJ@~UiilA4Q$^AwtZ9ZH=1#1?y7nA?3OjgJos08FAn%}NHb>z zG$SAV+3eX@|0MV?``5A9(xc9!jYYsGJ^f#a^`h^x!8h95FPdJ+J*2H`_^&hml>R}= z5igu?_(;Bi0!z$KpYEIs|)Qn6I)|eUWtj0_T$OyoCBBU)m@~dduBLhUXjK zA`VYm)`vs$N5yJ7KY-^X%G5adq@i(QDN%-=UoibO-{|=v{wwH$_n)!TyPsGAp}Yuj ze;Vb5^kMiIwkqkQf}{L3pRZ}o5TR`~)3$tLBDBFAvhnla89AAVoH;q#n;l5#JC(Od za8Q=!=%R1+*BhjBJLppI(OFzmh+p0_#5|F4cn!}E&-%ZR|MW?77BX0TQF$eorBhwQ zv%WtjVx80@84XSrAO|AFK36{Y-Snq;Nj|&9>#0IB`3+_+rt^4u?%r@Me@&cm#`oTJ$^LV!pzjm3KlD*(~ROYyUsAtyq8& zYh3MC;$zIC%^FvVEwzCE%L4eO6w$$p%o~Q_Kdh~5J}KQvyuK?(Tsu31t$c^~Yw#7P zUyH={wo0PWj@n05Mgchs{ECO5_nQBN@tEwD_5^oKwxeF) zn{z3DOg_O}wxkliV{mIx^BbpY#X}3cX<-{P<$+vtG3>xa)Wqwin;Yo z%8KC!@%GmEc+>k`>8Aa_rS!DDo;U}q*yBbFChA(i8u|}_Z63MQv zk*DLvHr61tw|bN#*!tZq(2&-$ zo?#CE4D)osD3~>NHAf10-XF2mhI&F0xE~&oSMB>Xc_fo8-m4t(gI_%lz1Zv>D^>2vZ~d?)%`@3Nb`2}RWqi;8vQ_~sR(})YLeW;oTsvmBdNQ{#}zTltG-Ai4z zY#Pvu*40H1>cgc$KTju?Q4jTs_9v7yX6DqetEU`jC=0G8WRWxU1#oYO6e|5{3wO|P zNdx~V?2~@KPAKl^)Vx|}gtwiuept9vyW)B2x|_T@IMjG^xhJLf^BzAUzGu%^U_C~CnQ507hM8*A>Vkb zw9f0B_-W{2ek1w28_N5l(!s4Jx@WV%bpcnT^r*L>e3R#v_TY=WvJojggb%_xZ$*ii zdLLThuK3U@H(n&>Ua^lDqq~i*MRvsu>sKD|OZQ2mla=5PKjj(Nbap{a?HIVKgdgQ* zVx7V3X#=qzUB!M>Ty|jHAY4Km-4S~M`fH_QO@nxPz*HhmBk^x*@;^(We~Jf@zax^3 z@OrM%lc$iL$(Lxmi7oX+Z?){j#4F+BRuO+iV%SEQ~xkzRpPTq0V@zFOe?xCGLbDMT(Dl z@zQ#4Z}Hm=r?`SS(L=-rT4(yC9lx=3sn6RM-x*)zVMOufD=g(R66b zK|V)&u5qAc+Vi!bJ$n^%j<$Z7u>f63zieEm{{@Y6Vvz8^EuU~Lt^-zQ<00sArp76_ z_!M+3{=E&pDqdt&(23wh$ZPD+H+iR!uCm{y@``@h^MiU+_Qm{q&7i=wkUaayFF)`y z>5p7RY;f|tP(TxUZ^SBdfBeP29(aUn0q>SviQf_FJqw8AeK~o#itmb8L-UE}P1=Lp zH?o&6L)zkt*$*@iyTcrOln8V*n|BlVKa}U)MeGmb{gYf<*&i^(CHsQreeLi##Sqe- zj@W6H7`DTN;t!^vyRU=8QH-UI7Z02vUaPdnNt3-+V?1HL_ha1Z?1$%|Pn~JKTD%+n zqw%Nxf|F+WX9P%ZXycvgiUxHxpaUb%0v;#+_HANb?m>3RKAQ^U6||k24Lyk8uqFn7 zUr?LI9929gO&PM6Ypj)s1KT8KpJe}xvBw`#_G{hu0AodY#@LDam}(mP){S12*k6lU zz7Z{oK93>)@5!$*_LynEu`4&EJ8GV^H2YuPEMOZ2PVV4)m8KoeMr858u@Enzw zpuAsF-d^%b2T?s%K=U1xBYp~A%vwdFfWDi<=J1vQSN`Zr9>BKj_;Wh+xLR*vz?;H_ zoI68uTXRC`NYHJ^8!D9!%@6icmdaR88OC3$D4vYof^DN68$i6|@9W1`sOiU^oJ*Xr z!8&W++g45d@$jGQXnl}5zvMxZGfN~>BaVER<}@_7)?SPc@&C=N8(+sAzl z`N2rOM`_26=)Ni!ztQH0gL6vpaayf5UJ$e~UKvcNeP1Mx`v10$fcBs(^?OK5%PC8- z=X~1XY3VGRI^<0x+h=sU>){u)uQ3W-I3;4sQ+7CaSJ`i+?BCGV2T2!x zm6juIG_+6OHp1AsZPWUpNIkZvm{0MlYXREJ8H(kn~r;R*o-v0~X-)8-z z;M33(dIo3c615olt`ffaPIVRdufADQg^r+u@_3&oD8{+wyuyX{KqRX^zCRV;m?9kA$T{j{P*JnwSOw}CTwo< z*)eg7@`^RG7C($b{yV~RyioE!fNo-8TQTd|{Fls%l)x#lCxI=lelF(g%vYJ)e!OuZ zx}w%d+GxvXfJ62`{HnWW!&8L!Ny-l&(%y><^C!-xf!6%}Sr)QsK0HhLIHv|1)PSe5 z)~FoxqIdzj0p;mi*>A+7(fLz~HLq`8PuZF;>VFqF)4eUI551sU{NzWJB|o+!#jj|^ z=No}p-^(9Kertl`-J;owAGb<$+G*gzhc3G*p=Ue0I-z`XgM5>7WxVKK^0rD@>j^O@8NIq z18aPX`(n~6^#43&wOc>Qu2l3``EEsAp1As(c;h11w5=3b?0;bTD?`G?`cEKg0BGgY2b}mR|nVYC*-hy z8hqy)>-kQ0c==pC!~ZEZbz7Cjr@umfFdoh{`u3KmEN9S*6QfY`f6eKWJS%45Z)roh zt#7VG zKMi>Be#NU8m1P|Q90-2f8bDXG9LFJH3;uFGY?=t zvG;m#D|k=iE`Qq|%26Al^od~INg1b*uD*{C4S1&nFsS{4LG2d|*8+p78yv`wX*6kN zzE!M`i7)ZZdt1KA@QvW^=bIn!O$9p$YZYdV^pm6sU-yvyRh0!@YOKwqpJgl8*i*k9 zkGznbE0(J)bFzbjTBlRos#ZNaNnWi3{U`697hTb>rY-cT+M+%^6S#W$&T{;yg5a zt>;iip35SSWH|fN_e8-G{Ht|F+c@69(;(OrZAi9i~H+XLXU*dy;S?lAo zfLVM_G&n~i>}e!R*y@H<7xP&A?XtP0le4EfEi0 zbAkvqyI8pr`|s0z8MMucxY#oq)CFBIFD^4aD)Kp?%%Qd3Sm<>Xut-OtJn+kW1sMD@ zt2l248w7Tg?`Gij6V#vVTP&*0d6gN&|0CwLm3x0ZlOwLgF3yY=ejVBdjuX@){O-k` z-dcu+?4S)YfNjO^P! z94Yv+PvwO3^QDX@@zNK7YYBJBA;B=qg0`Tu8wD?8KAvT71pJ6ST8WXdg_pMQB=PwY z^s9Yz`++}M^!a=rFNUu3=VrpiM(hRyf(w||!0RRBcA>WzIfwid?u0kV<`Bj^hIV*& zRd#qor5&DGL!(a=3k!aLUKzx~%Hj*i*>U61>8Y}*bqsiSDq<@Z7U$WZuPKg?*1SY- zs#jwo3SDWx-$cI2InWR|LYCC;Q~Rqtv!0yh?7SYvwR9-OORyQ&U5s(*4B`A$dV*wR zlsdKdWDIq}OZ@pp6?(LMc_my+W(n8A`9|>vXH zuNY4~v}Z#y>z_*v%Sxjv0+eKcp`2gdrfXnY!ZH4f9{>oWP5-KsGv zdLr$1^sU>aKlX6-a!ujNa-9tgyBK<4*r9C;JE|v}YH_sSsh5H%GO&0090y<;f*AdgDwchww2%lnhi~s)g z-UClpKj6c+l)LaMek_=T*HVDjr2$@rQ{h&8BbOu2DfkU}TZmILCc)K6+)0m3yKBAQ zQ0FVbpKR85gy22Is`&odia6CvBMZs+ZycPo7(Z7d{jY@@eD)4zn znRRmT6^9NqhY+8U-BkFLE@79XoBLx!vgRD}wvG*KJqO3e4}ekfC0<&2Ysl9{_c?2) z%DKI(y!Q4-z~FS*H!+CL!9`dV+P z!+d~x!ZXTc3sPDMzL9s5KJ_`WBGy8vgh4F3Yn+Jq6Mhkv5&QX{61!;a{W`NfTdG z-#woi8>J^*9kdbq+XJI`UVe`s=WBqw=1JF3uXI01oO3j>*U<-p zfjwNTiC@ydhMtmLKUUeMz2;{Bj@q8IISVAO^H1pa3hlS)_sT=YU%M41=7hjSH!cZZ+pPAW-~TTJZSnWln3G&z0kDet;Xj}>JU9&Q{w!p@(%A> zLsOMT5gd$y|7gt#*mx?)ayDX_a&`>-$K zE*|o10QWNi+(wTij&&rDz6k8%w}N{Xa3lNc(ia8$(g1ex*{xg@NoY(O1A5%`s;JFDnC_gz`tcaBFdGy=raQ zFPwz3F~r4RDOb9X#z~a-vn_O@0_`l)#uELQr|r45-WKw`Vp)M4e~Nz20AomVyRM2J zjE@|`y99Wb90A@V!TER#oDtxh37qoN4B@-(AAnDDlik3#5ST*vGW<8XPzyfS2%n4z z;S}4~K^;gqt+e2jH4HO021FO&@pHi9^BvieeVjVLs{K&Ol0P1#dz||cFb|9v3oA7i z!0AR{e(=geFcl_49JUHK51blW2eAV|xt*qt> z(5LjD#o%*s(BI*h6)um|-}75wivgST77JRGo%1>Bc_p-{u_JrqdE{RVEMZ^w^8fz@ zZ&O=f)B4&-T72Xc!WYhyUrYXdg+uVIb~u+kHx{zBD!$CPvX}=`26}HT?ouvgbx{sJRz`PJAHLdhj-ecUtPYl=Iat-GARjl0vz z8`&RVc%yi?Y@k}3QT?jhq3*Cw*;HHW#169!yPnCbIi2!nTJoo<|0lec4xw0KvgNd8 z(E)gy8@ z{gVL)(g&o&F=xWAvSB~toO}QNqkt{%!kes0ZFbc^>nmO5oG)-?Rkt$_WK30wiwF!y znqN;CA?F{cOTc&} z{XlqI1B`2cE0l9N{+n1;z?fm(U*peiS^Jj^wu+3u(&6Lp^%{S9jlYW<7cuTK+%^6Z zdBz{-#&#SWe;3#0X#52+l4M)m#rWGb!nXQ(Y}TSj#zS)qW%V+qu3;QV?%Uwx-L$h^ zzU<{nzZnzYfc2bh{<_^|_(S<|kw=r~d^6`Kt{gOW9_6VVjS-b|0p*0>Ym9{BRz4{` zk)7VJz>jRd=@uTOePXR+mPwv(Q)TXX z&$2=C$>|X**A{tIy2yTT9ge+8;6Kzw21$P<<1UmbKL);CY<>%AdJ+Gh6+g($sTb+X zR(WFR8CsVt{u_Bx6g^)W$dgMAJ-5F~dGaT0TA@5?rHjwgwsz`}Jki`Fo)6^-X~+}V z?po!^ao|PrM6`M~-@X!gV&;R4^-!LK^q{dH*6GWWLv@DoM0vxpQfkRBoqD7^X>Xy= z{|MSEdGZnZqbKN(*=#o375C|7-X&3M!J8r$ks4kVy(|EpkX|OX(92(_?;oL;3&=lk z@gaJd!GGglP=qd^4e26x!KY(6e6iuvirE+1w(lxo(+I}-NM0?Q!D+xqAJ(lZe)jMm z>AUj16Q3!FcNgK^^t)uG#+>Z+-vJ)ka#?%rRP21t*Xh*yj%2mgczS>#w6Bfi>uZpQ zvVj~;8BfkT)TSc;Wd||5n|4HLSB!S;qFuWvPwg2wzq(_{w~L$gGupC?wziIu7pNoT zmnqs*q&>2K$eu5~$bm+>hSqwUOnWYer|sy>oA#_`DGoa`&wiU$@l4zcp5+_S+P+pk ziwHfqcJ+%dpr5z2Z~I(d=D$GsFVG&9YvFOXpi7zEl7MY zZL{8F!BgoEhcxj;tu<-wsE2o&e`tTC)>GoV7ad~zWq+hELxhhh&i#<$TKz&1SK%>w=z0sLVfx8guHqEMgD1nbz}LxzgCu*b8x z6}-#@7a{K(n1jxNuZ%qz9TdB{@S<{!9xdM(=%5uRt0W8Zz8t>=c{*MEUvfO)dv6Zp zxa^ykleblm-i5xPGo@SC3BQUxU9inW?zZCkgWy7Ci~r!4or3>0PUCqdIK+0l`egp+ z`2RNkAJ2cSkM?j~z_ZZ@_&}B?dL4iLD9L^*woMJ+r8)p(p5!=@-^tN=4ubs zHpMcX%zykt6_<6J_5{6=XNTuE@~l3eLO(o;238MduN+7!lz#>%2o*^|lMPU-0z^HD3AB_7m^mNgpOe3>)j)7ht}CGMI(i?946HkU89;ECA#2lbo_NdHIV)(+bG$U9obI{#k{JgZyaVSaWH zp4a_@@O%PzX0*Wb+=Z_Wo_}tEr=ta)*gpu*#lUkHFoe8t;j4t_+!lCV+XBxoDgPho zuc_pp&;rlnv;Fzt_UcZ2Nqrd{+Tf$mlz6lB(pG)3l~+#yF3puKmwifE-`+3=_~tS0 zG_E9r<1S;Uy4Kr8-G}?+3?yEu??Q}k%fK4qaRUD}zdoW}3wUL>4RxZCcCFtE4qy)X z#8}`pwoqWzc$Zyk6?t9>UPC$f)6ZiIz2FdhOZhMT&EAckRKm^(e{I!o;90(2R|Ln@ zUt}zgv~g8(KldIMtl-tkUs|UhI*4^3ohg#AGBvC0>p8EXtf7K@rcInqvrZ>}=W&$V zW>spJPzKf#@mFFDpy}p%@W=1q3_oNZ{FXJ@Q5ot}m6NAGGbQj- zgm1cjf95DxzP{O)(G_582j`_aXG`{>GPs)7f~)y&_w~a4RbRh-GN41P=}FHOy$#Sd z;h~Dmk}hm?$igAt1P7U<^|D<q{niE5%O^(VqHFpY$#RgaS{8_rix zCVw0lLU zcc^!cw4KPOAe^779`TD`@m*MUJh#zfuepIi^H9D2Maz5kq8(<_Y}E_27Ns^Q&iJEu zV$%e#!ttJ7Y?^=cW&N)6@ge4U!XGT-lM`bsipC>47qiHJV!l|kNxZm9z4&o7&IP~e zb?}sB#3U@=;3i8qxI@_=*5p@+5BWC5=Zjg)2iQ}8Plfc)eV4r_m)4kXu-^w7##ek2 zI1^2;c2>K6wCiqrd#%q|<0i4$$ew&p_0d|~eM{Y(g$0ge%RvuMEvpg(vbq&KTp=ID zGj=(T)>Iz!lsXE(MQk|_B*@DZ0YtF=D60tSWs!lfB~dw;Xiw*I2FmD)+9}vH#**mZkNQ zUDZe3wBaA{^z3ZKoqjsa+%#Mh5kE<|*uSck#{N9?m-F`*+~@4A$sbPp3?|r||CAm_ zeH*=L&=WL=p1usdbs2NCW$3l=VD1^Nd+Oh--T%<{YNEvm-(;L}qNhr1glu0lQ|*gd zv?l`(PFw4LrL~(_mO%CNtLO-&%MJ-#2!EOc0Yt51guPbB8ZOvd^N(4&RFc2?)K=3Jet*Gr6@ zXm;;#)G4`#`mfR`MGHLl)35(y`W5?WxAKeLbk`-g{rfqtJ?6SvCF;Mk9Q>Y59dl~x zXZrsn(S-6w4t^7UDO4n-sMwQzd^Q4r7VBlFm1n3vg}*_3K^~zbi1-z=P_=Hl5TNu9mxw zwLQN+(OZNu;@7$0P@U&|#?%=nrbcY)rw`Rx_3Jc#{nV+mA}H6?se3Q`Q`9ztPrKi} z;B%}+1^5z71{Qmr_twv`AD_AQ+LIq6X%u&S;G5u|?|giRG0_xnx*uG|B7UER>DmXM=G;2m8@`mkT-rvN=-aLWp!(1?drr>-lm&2uYDkk-D zT#7XUk7~{h?(ni^2&ZV3m=~!oc!g=l)RLRY*-u@$XOcVRVb0Qifs#+B11Joc8yC?=wJ&LSYQ6@X-P$kRS|)y3>`w=e;PBO!c{gR+F7d3YikndO zg!6^T9(U37DXtUuac^*#t{VIcmkZ;L>4QbWsRd4*Wd`5kv%-I-h2BJKxfWVmG|{Iu zV{6RMsar$X;D%V=kSriZGCUl4icEk;6w}3`O!+xUHpnN?E-TIpe7A5T{;M~_+i&zz zmF3v1R{Q&*;Q8m>A^m`JV!@AOR2%%}KBb|TWbBQy8Ko4@EuG)ujiiyQdrttDTRhR6 zUESh|=Hi@fb2a^O?etSz)vNu|I#XD9QU3`i%0HC#rCp?T^4Bis+*3{YxE8Glax6!_&yTTjFf4jB@ID4?WXq@zjH&)Q`89zyD^DzFN zPZjn!2ggZ)adK61vgxM-^v_l57hnu&{#xqkVeXf#E+0;z4~((~pJHBdhU`75WgCVg zoOhYbFLx8v|5x_giLX8h&f0mt7&t1>hQTxN3s%9oko5K;@fz?zy5hZYrm%Yj>FOs7 zom#d_oe6fZ&%{G>w9zVi!;bYdvHrcY$gh3WXL6Sv^>prWzSmxtH{GE%F8bb)yqkmU z@pTUIwk&0d*T&)dG1?Tq%R+ZLb1E6gFU1l$YJa763K#L*Scfjv(>cxvMaJ8VMcZCB z4jz{3-@R$Lf8xerRvK!orFZx5F7v!@*pKVKpoVVQt$OfZ?H1jso>pE@ETTq2^n?tW z67YYe9Zec`*JiAjF~lVu3}4J{i*crQslE_)wM#McqS?vr2Y1)3i*{v!?V)PSTDql_?-AyoHX%a zwMqL9g|9R*`m~S8j8*E1SJy))3-Fz^QvTUj>|12a$JqNe)96Lug+7hjW$!2#y#aX} z$(7tR^OFSS<)K^7N7GvEHqJpEPTIuQMUO^jCcOh&I=+q71@(AkKymrUA~(k-iG9Uf zz5_ceG;QK}Y!lsx9;7QLp~+Esa9HFloOj&rV&4Rx^CHN#)p0A&9)M-8_9UhqV72?6 zvMPPR3?D+5rF^4H?Sa=Bxk?`Kx&-SvlB;39yGFc!5!-C*`|^nQe+b@77hE#p-EV?- zn(s&lZLN1Wc&GV}_E5IIbAxwUk27&Om`}I9-xs{cZrgm}IL@Zxn!q)SeL4>J?c960 z49_l$=8zTA!Qsam{H`ky53x=Vt8RjMGdG`klIAc(kp3Anf%6Z*PX) z<*WZ*^;v;4&Vv|o#4u>c)(^j19cRCl&HzKNSe+^yO|0SpXvON5UXf6|UY=zeQMm`p z%n}2YeR;%KO2w!r&usp!itZ@^~Fxnk@GOqN!m17B8q1NyVz8wD)!{EePzH@@(%2NubqB=OSF0lOyx zi}IQGv;jZt?gaXATX~gB#sIceb^pC^tup~v)fFpGGETPZ*0w#$bJ#Y@ddar6;z;vi z=>nXSTZ0Z(Gxi%_;9352vYRWeq540P1F!VC{M_PG*TFYG(zu%VAA$+}?@qJFq(FPu zRcapqcJc8E_(Noh8@y4hEBUd+Tw-%98*b13*i(E$VsjGz4gYxbWoV+w9Ig2at}D3S z&9#8*U0lenrtA&UjipbI=90q2VF&Hawz7<9K{BWaCUU(1bYK}#5Z(C$F3U>KelxigXUS{zj5-$ zgJ;PG#eh!I<{0N*!5_NQ>=BM5S4TPh!~aVk!3z%JXa7h1^XNCx=i*Z%@kX2lgE!)b zK44<(f}7a=mD-??@IKx;qK{SAoQC?(#6Y1u$&;|Wr-dh1H0tX;(o2%$@%5d2P5V-GCQf>2 zSv}^y7QI}wN*^GH`*&{}?vLCAj0W2rQvJTt+UakbEpB z6AAk56#6YqU)!YV-SdII*h_jicEY|3`%Qh8rVoXK@Lf2*Obi>|`~5o~c?=!#{7(k% zm+q(B#3S@mFveIvO-;k*cBC=J+;s&0k2JIYmqb9^uc+Iw765LO?<6l zH0K-0ux>pc#kY#b-#6(>=0SaK|EX8GR=(f;C(>WX82(QaU(s!Rjl23n`omX0@#fD= zIWualJR@pZr$;UE_dRd+ZT*Uqpm;J?o;s03;`Q)dhTlB=(fqw)7v2sZ03M4tQ`)O9 zcq}}1C@poK-k~eUiER_|k9diB2yOVi-c>Y)*l(}@1^vg)&+{`pA8pQEy}Y5lc@f12 zq+HDpBSZSn{IJL#McSRD-EnwkiZajUyR?Hp2K$*rn`iQ@HT_KTg-B!Uf* z@65QeZg96A=f^UKSJkGVXDCibri`2_uW(0Uk3|nTsXa%W<^sHpwvOgo$!WDidnmPr z_I1h-jAN~02X+r5Yt*jD(Dlr1uXji1R-p4-rhQ$jGv;h1;(ACv*_Hl?jXyBFT|OTw z!>)j@>Y&$K9AsU5kTv*0_Emoq-;Y7>7HFgu&$sjZ@9KB>tl(J(9Kyx$ZQ#P%;d$KE zb^@+4FFVA?9RRr>rA9h16x|_?6`#PZ))`sB}eIq*GgPzDaAml0U*IAr7;L&=D z=v?vi#b+YRO2byJpE<<(&P;iIXMF00@$KbGBvxL<)NOvFtyGDacct~6sqBXFR`o_N zMvTySh4bWySxYoQ?qh77%%x#;{S0) z**e(ci2kI0Ko?GF?x1q^Qcg0*nH}gbR|IM3% zE3)oJZ&omFX#c)6Wu+Ub*UfJwi`#Z16{Y9c@+KZn!Z{d{tRVpOK!O9G$b43BPU^RB{A=z~id=v<~9oN-XMfpuWw*5QG%HxBE&1A!hDwxih$Fq+$X4s`f%&J6q-yz4 z1=v>oGt0$eB-hi~Dm=@l&!TKv@T&Q@`Zl7AAB#xhoGZ7X zJuPu?qI=<#aLqk0o}E;zKkh51qbKOQvG5St5B)ekb8898>ji%45hrq2{G1-{cx!o+ zOuIO*le^;Uyw*JXw#H*`JAHoon7bci;C35vN4ig? zaSZRLTLYYVI{-deFC<>HVp`v>{J_aM>Yj9`t}5m5%?xZa>1+vEijQBlc{aR8qHKenvolw#RE4;;eD?^icw$Fj@aXkoeAR?zwJ_!>ZmibdM% z40`aqx5u)N4{PoWKkberJa>^>2BKhPK<8! z&VFn?gWma+l`Lqi{Ls*^;LWe zDx!CN?nyZ9#Vi1z&Nz8-wX zx|N9|Q04yTz*ebp?+e~PK>Cv{=|e&KF4Fh5q~95&OZGiTdW^b47;g>UNk_h|<(nNr z`pu+=wpZ1?B}l)C^rbEN*9Gaahg?H?*p}-_zXBZGK)S|dc)yY-v<QWA8pf^hX?dRqfzK6krl0L?RTyF3C27&qQ>hO>-X3{uT7`S=_(W1kKJS} z`8q821;LoR&9~6ykjjJaVcSd9#9!d$qF2R^eKYUi<4rwJHw$ zcbaQ@eBX=*>6frSpPbCRnfa8)PXU~&Po|^)M>z{t@yo?GbSA9gP+9cJ+hixrBR>kj zPu+C3U70>z zne}Ne+;gCKC1IZ;6MeleSQ}B>)R$JiP=Ar{=V?5sEy3Bs!q0!O-e(18aB0m^@xx4e z172}2@3q&>1`gc?5B=V}hVu5~Eiw=0ZgWq!M=YCbI&GJ(GTknjyVeOy)kE>>%$zQW z=YdZ(X9(`~)bFz4hht}cz?-!mkaixY59kN@E%DFbX#>n52NJS(WWmQs-@R5EkAM%+ zcNY4d0lf1k`tVxZWm}Q$NAtyAt2`L7N+o#82EpEb^MR)3lA;&&k7(+SBK!MFf$jxf zrE|%?rE%ATt%&`UHGD2s%T}a5Bp|Yx&i^T^hqH4)C5K%V+~*lpy|d>p;Y=mVQ7 zJVQ64CF$kTo6A8OV+A{-;;QA0uE{(+8P-eew{7wd^5^NkpOD4gz9iR-pdH{M^^Gy# zFl%Mfrv%qG(UE5$W2$4SHR(A=Y3IMvEUw91Iu9{H+c&6w&PA3DPdce| z5Xofe@!C%V-cy@9`drb4bcPLWZJdQz_C)V9m;(!5*+P7LGVi9n)%QSWd@s5Z-x1D! zNDO3nEjZ8D64@VMZ?YcP9AD;c?wshF`si!v&6<}8t|bO%gXWx?wpO^{M`8a){C2I^X?`YKmD)E0T}yPXn5epA z0V){yWm=fTNHE4rB?9{SX5}$9- zV~$K4{k-WIau<<~S3Q@}NWUCyk}=@ATVKWd0%DP;f?a@*ltkN}^N$CNqJ8G=)C?&rW2j-Mblso@8DR|#N-hK;_wE~o=F z#kXflCk0mFT7tIbR3mwdkdI_|1pwhQ4bon1MOJz<^f$?6vG6yIY%SN%1? z*$9ejJBN45o7Z>D?`6Yb+;_|-J;^>xowG(cb?q%XfjnJ9E9>U$!e!UH#PF=c2byV( zMb*dqkpIpUzJUq;lu9|!QBeQPpl;H;6~{lB9nE^q^~7p@7csDWdP>{J`t1tNYZd>4 zN2fx4IYD{qgT`llKLhwmGwt~2%O|l5OKxYN*&c^D!2zCcKX8DdUuoQiTq|b}m-7?I zAIf=naCeVnJT{0{9eEFRi9Vodqa#NtD}-Zr@NSrQd1$%y-2=fpcx_WLC-hFR?+VhN zAbk;40lwUA5nXeZb0PnNLl8v2{xh+>0` zaSj^#$5`mD1KV_}kC>sqj6NqOQ%bXDz9|g=^J0Z z4%El-PUq(t{X*|4&&UP`n=xy4w@e&#M?0loDUWQn*ydKN9-Xyq{0>UX=oil9Ro(bn zwZbzR`0)E}8h?!(IL%}0V0^Udr_xQ$7)39g5a^{Ac7SkConl2OzM96U#*y@C_zP!U zsE=4zw1_7N&eT4w*%4!+9!Gy2MH@riT6^=7CC0wKN9TkerS=LZ$TjhuyGfTkcz|*q zf%YDL8QOy%8eSCApIxCpQmm_^`>6j!+ecGgMCUwo{7uGeG%RYqOYl9=lKhH+7PKeD}SFDrF zZqloj#?0NcwFn<8P(SdB2S=PrBX=|7xw_W-klLNjH~t0uikFBM9#lKQ`TwEM)JCN( zP9D+)MbwX!L99&9c4SOh+11Dg&fm)RdA-b?9L-0;OE}NSOg+SZ zpff`Q=l{~@K`+2F5?SP%b7xLx|9Wepwe)7KrHQETxF#8f72fUC^4mFFk9Rz7c8FK|h>*~8e{ zlRbo2%}FB#aD!}?%vE2iUq2Pheli%Qp2mE9Q^LXxA^g8Y9I%d4TR*I~MF_B~7co^2^d>(%0UBinbrU@aKA+pRIQytRGBL+$HpY2U7( zeNNau+9Uc=8*c`dWEH+w&^YA`o-AXNcVU~~e6;m6>%#Dl9f<_rYg|xogmZopoPCjK zFZNrRVqfBw;K8h;x8UKk)Lo?gngH^@&`e7Ckdzzy?ad{X{C9XzM}$bQkk#~ znY%p@>8UgZr$S$A`q44y@6rn6_hRAC!};rmF5=D#Z%hlmM$!iU*oV=Ee3nMyOMR}j z5YfP2xYJI22#~4hB4-D*5T*Yk&X$^RMc=<&^l$J(yJx8#(DMnjyX$4zZP^2^#=w06 zp0wT*qm62t#hKqpu5_{F*_=C=DV4l9Yd0bN|0ww8Nc6A$F0J&BPxarlQEgKj)mGES zDs)Xdk>9LQRBGp{-9Z{W#-yF4wkvK6ZInNPulME~+0qX0a?wixxeRT_^5ARY`r!=i z$W#XKx#Wxz>oE^~7`sl+*oi_q`s~>oY8QxJSZ9~saW?>SLAGx~rLCJ@; z!rn1tAzUcm2<7vy{|K(pGu}#m&O*ZW>C2Fm#n=$93G^NDnFxLOF5#_`ub&RQno}_c zWUczg@S3>|jp5OJ*FzhU3kIocPU9SFHF5P;%RdD_3qKA^H1M;CqdzNlOmsSa_m6G`!Wb_8Ej_@C2<`EO1mQ!a^LvM%Mf_YBH|XEdVt4@KX*scseT zf>&Q!V=Xg+4PbRnxJ5S*zL7%*X;$;HBhl;^l^?!{4J{SQty_ck(pPumoBn{mk7tF! zcN|_Q9Z6$RYt*r+>xX0b1&LlopQ2aMXmmIG2PH2>qtK;jbWBfF-3I0R?V1S?YW8qoJP zGz+bkl5ge!a)&dM@ZpjE zrhX3Z>TmfYh_@xE({g@b>KA=N%O)n~cR52kq>Yf*vrf@?nDp>D#dEdg8Q;9dgFLHj z@Ne2@Re#_`X`A0pFmh_HLk8YJQM!zV|G5W$GNp?VEj3nF9NKH14v<4%Qd6w}P?NT~u3z{XT^XVEIznjrT(v^N2#ub2JEzz$DIi3UUYdI$1V{9QVja6M7DfUlp#^DEKG zZU}I#HQ7)n8wg;Ab{;q?)K{>9gmjZE@xRF0yff(C71Vbm8hSOlnC4&>ZI|wWY(jSX z?WTPxwNq`}|D4~(6KLZr84H&LZIu2Mw()|XjpJzJn4pb=E%T3$y-d4aZft~W(IfRQ z#fa&thB9eE!|2}{4~&r*?MfSc${#OgOjIB9A_ZU17{gvPbhVC~&)!~>ERz2H@4^9N z#LP?JRiR$=QZlA9Xb=1&WyS)0K(afI-kC%P{eP7wN78vT9zuB%(!7x;(7NVgT8Gtm zSej%lQ~i#9VYm2a$=~W*H)7kQ9PQ=&#*O|wZ2-I10Ji?nw$lZzw8N)0N0+@`GUZz2 zj@GUsIoa7RV(q(9dmn26L&SWTJ&tt(?4X|n7c+zZ*MQR~zHahq_yGT7j&#O3jqCKE zHI`41cM5nu7kGsCf8|+l_2ve>i^4Hp5U(5bKCX9;k#Dun3x0H-@!)ziy1_o|QX|hT z(fUAW7su{q_*K^-KGJv%uqUyxr>)K2c5GU`g~7VkI20pLwm!|bz1?Anx`orVE zR<#e=@V|jgQhf4Dq=$PTWzYIrkp4N+x02riR;5R+O5;A>UBNfE@J_ZgrRm*JkiMPt zMfxU4zcWbRO#1wm{I>;llt~x8ewzE`^r`H$>|1I+67%gQq5p=>^WtYLtB1>l6K`#D z=X!?g&s_7lp4G)Xt3sT_N=ux?+n{67X+$uUz&G@~9bAi^ZwzScQu@(?4%_LEFNhYi z`MT_GSHj0=KW(fuE>t@DC-k1;Y@YhR2H$>==lhQNc};TkjmksbTeotD=5JQHIo6QN z&;&5q_sTEm2I48u-&~`Ipf~E#T2yEQzC`6hTMPIW{i*gzQ`Y6R2!5$0=vei1VV6~% zoyyC&Sw>#%d$?YC?Y!2tQj*!w5xVaVPjogAywiR&jj{LXTiU6y{Y%o8FlJ?|m7QHa zE$Y`Z=qCy?{*CVr@{3L%BfrM`$o!{}U+|p+9<;~dX1@8~E99qQH68Mc?p1CN`7(1D z8}OXxM%a_Lw~SkGZN}|w8n>+Dd`|ey`+flLAqS+>qw1{MGd|U$wJInc_oMb}n-U`TEb7jse@4+dv03^LKsUMt;SG{XKmo80Q*Xb5>^R zBaJUJ_SJtI4GdeoyMggp#!`FOSHW1*TKG=h?Q3}_7`{U~{?yHfl@6Yi_AqH1Nz*(^ zWxt)W#UEtH(DQjb%Xd()hdB7C=!ZH(SoZ|5_5v&P(0o77diPL}K8f_@q$}-fLE3S` z8RNaAx+4A*Ho5uCO#WglBX&e*N8jr7si8gw&4|jeaTF|~lt?%sR|Ew|Mr8l@Uk2id{QLzU0 ztN-TM!M-TqkT2-Zqt@!4qRt~`Kj(Y>K3WFO#e>qkKTdT5gXYr~_LFfuqx&?N-U1`O zL&fvz>{snF!GCj8i@ z(~5h&UdFnOE+?ClV!tXrZ#It&oVY(|mbN}Acnk!2r8cG;<0JNjJdB`SYw)avdxwl{Pf_H=wl{Z`D^ z*G2J-U_9t-ZaN|*ZUZNy$l1B;VK)^LyIv11IOCrb{2Bc0#2 z%30+`KeS<3`*LI#`}1b%gnm}#*t-U;YH!~?G2~Af_=fgDYuK-7qxOOH8Xk7J;&ZH4 zKJ?I3YnduTvUMEoR@vzy{o$0*FJ(6*ejqrOOw$>+QTu$ihyVA*tUFc4DAx4j=U}J6 z|5-jtaeS7TAG6m(`7g)*%HBBIx{tcq$I)aQG2Z+!bPD-0X@3m8fp=X)zJJAp+zxQT zdU53~?B8Wg3^>$3DaYSGn5p!8e^UFg1?@W%xsCoNTnq2Qw~^ub?cSZV=fRWdJH8jM zw8^7>+x}a>zgYW8$==wcEPc1%;FQ?@*2ddmf7qWy+jAQz$tn0oV=;B9Z1vru;J?~t z_NrA`lb^U@xP2XcS6Bl+HhU9;xD4{O3;pbhF=TDTYR;x#FW`DR*W0*0N?JR2Y{bpC za$!4YzJ=>tu5-9@T-cGD(fsyd?IF;<-*kz%8p37EK49$u=7?DMiDGW7H@GwV?Dfgf!Sj}dgA)=(1ES>N%=}+zwH)&q(AFfI*-|7kG`*c5ZHo= z8L|-{hj-OR4fPElFZzZKG&a>I{u$MCYZc>nGq-UMutkPAqyF?jf1^+I{b;SL@P9P6 z!qF4^;30Dx+wuD~{pE5d-0ls->B6TE>#Hzs#(H#!bpA8L5p0UWwQwx^ViLIhJ=exB zR5967;x)1t$EGf0ALv;BJ^9TVUGQwy`bpE?q-2$Ko}%{EU)uPv>8p|ZwbfU8@5c*_ zzdq=zXw*Gbef6Ogu2tT``^y^d(f1YP1pE}mrI{?Vzl`$rZa(kSUx(r%X#baNhe2F~ zB5{epso(&=?AH$ZjD6efQ`e7YADw;rZ+t#OpQXC!1Hm+kHd~A}t%b<;DxAfwdp&H& zb?fG3!(Ep4xa4cB!K`j~{4uLB*i{SittwY zQ0qp?$ogT6u@x;cw%BJWJ6be*DSKU{vl+Y4z4~6bwaT>TA};plTUqv7nmqESz?U@0 zBOWI?rtvP{?e@Z6>fh)+$#c8C*Beu4gZEuhmrWd9p~K9xxeM;cfl=@#inJ5h6o(;+ z9|vuLUf?lB`JKVLkfky5d>G!LvJKthi$( z%Ou|YUH*dXN}2c_8~ykl@R!k3*Nqq7Vc-7C^B3|Y1Ab%p3wTZk{HF0&>i-$}eu(#hXY-#p5?)nf5%{N~lp ziSsM9eqsv<#|i!?^2Fg7fn#9%yS)3k%uD0A4c@JJlHecxq5k34c72Dk{~nHgen6Z6 z_(8f7@Pi6?9=m=#@y=|`d553z$MB}V9$?Sc<7VuNhwGibZ-W*!R+z(4-{ymUQi|(^ z9&pf4O59-<`m}r(>tr*3wu1LSJ>#htfl)Fovc3 zJh>5@2Wb`Zw)X1+@~WJzlrvGdrf)UoV@{uI4fUD%gwJ<1w?Gz=S2Q!4`ubku)68E2 znmG|UJCie)dkW}9%q5|iYr{{rR;k+N$Vk+ zJDhm@5V$$tWj|rv!9Lq#vsObpe?^~9u-I>bj=$H`k#7J1az}No_j(vZY1Z}>&n3fJ zUo5-ERqO)sk_q_9L|oRbtHiDyT8}Q$=YbGtafp1^yYcFVgR$mXV~ze4{D6~Ynu|4= zgE2W-3p2VIW2>3q62BHMA<*VBE{p4GF7cOi9@z(OqPr!hHVsGZi)dRQr)+MUz*8g{HCKBy7aCyzpZX0Cq{a;$N+Xc5~f>zMUub%JzQUdPnUlq-Pv!oa{)Xp3!@ynz_B>@VM~$+tJ!-q~vWsgs zA8-1bCI_%nf1AC9GB0X;nlf#DYxn!GAbb69kKFErqwnT4O6I$MZ#Q*se}Pp~O5gvL z0|%bunttDb0~5I4vFpHrBG;_wFAq4+gv`UU$&Ekb#bv73h@4sj%~cL-PLO!WU8zyHBu zBEaEUl=)!(c=YvtF9DoOfzt-IKGy2d4{DKhL0S2W(L;l>@+#|MQ`V@UoRcZ1Z)`tx z_SF?jkhQh$_W_r9^3}l@VxKAdFT_hqo$(iZTjM`7&b7|{RpQ%7f4`3O55k9}OXbHN ze;DsOjx~A{4+p+@&4_nL^X`7ipuLhG@NMR8;3Sh@=1n6Wae0G3&-yfX@r=(>#~qZ> zi5()8nF-1eAO0-mh`)RgxQ{d^{WxWeoRePu0x_1P@4yE%FFTX+#lP>@nl`+YaR@&x zbDleV20KffXYm;E8;|;ggC*Q|Qg&-OCyOUL8@=Z#N4oWL@(9K#ckMA7s-bu7#wYpb z7uK~dbCk&LxgEqgJbweCt|CO({!aq7$0 z!}EnJJqu>Z_KA|o_7i4qE!x)eN$S@k-=sb+AIH^-?HG3$N3=2Q-?i8ncadJg=Tth9 za3o)PgB$p|bk>M{s>@huuojEoRHb(Q&)0(2wI*()>_;k7db`T}1mz_dukhql(s{u9 zZ|MD}>wP%TFo)iI7M zU)XPs$+@%(n?|MP1bvU(Giwx~Z?Voy=X?)j>kY2z)!Lc%v#Wl=tuyzw@~!@d-z)-$ zS`Ug)?jz88v$R2 z+{;fCUpegjbIe{*=}h>W)zA^JTcDfqUw#|+S&!FtWgmww?FQ|_yLfIxa~_>rFkZR~ zvZP&lh^2Cg^J}m5P7mheZxp>ySKKywWIg6Q^nclV|M0k~>)!jEkz~t~fbp-?6>d2O zy9nYRV=%-q1Z1!Y6a#~82uVmJSsL4_Woe?3z^3#@vPG~Rn+P!ZL4XW_q?GdZIxW3T zY0@hKX-P^NLTKNV(sne%Ja&}amgeT|oZeV*#^@j0{4-fOSD z_S$Q&wf5TkloIKU1>u>%#|AHdcUFpWz?uzSjo{Y=o}3Xh>4UeK%9lfmUKzc zBoT}s7p*+cjxEotj4dBL{8y1n&K@*pc)+vxM8Q>Sq4`M`YFM+vHwLey7)y$|Th1MQ ze`K9DvQsxO{$7WtG^am~xBMp73$}7;z59&`a6|X=+KFiZSA92z zS^IdK{PVQULmn>`|1xGz7p;=)kAuF=hJN|d*J;}^_|1$J_V7zyES1a;E`;~;rE{QT z8|`6D{lrs&{8XD2Yl2P1eo*Lh8g2RmwTX6Wf1dPq)ysMm`k~^uwv-m(qh!wubFh8K z`S$3LV+*yXOz-uZvmLl9zgzgNy_a<)?FEKXX%h)7u>2-Ka>-@~)#b$ng1YFc-=ki{DUdb5AwZ|pv zNk?aA?ysb4zl3~$t%A#Y=7(q0*E*N#OnB)4^p^g9r^>gBAA5>|cPsg`0p}1*<1zJZ zNGn99k$+1ay>`W5{0nq5d+~v#Ip+uXpv42?m4PJlR0x7Uk&oGE}frjM-LFs55Xg5Z_kKin&jO5<-SnXL1%rd_<^_8rgV|D z%V*M#R*T8I6FeF7r8jBco6uLW3R<684xRNq>E*=qE$;kYIT+!aa#`(VID)N(E&+V# z+q3{!N#dBlarXC!;mOZmLw=s;qT|d@tlf_+Mn74*f8M2OzBxC3WFh(o-yP({$I#kD|y6v8{fEMpHKTY zPuvAg{4VY1UavY+`xzJCJn>0>3zvZY323wALkR1#7_6th?|F+czMeXQhQYJSc=XQz z<)XaGko)qkM1>&|AKL=c_Ix@`N{F)=#bboAIG-8x4emd z*Z56NxUo9H-bSt#t|XVvSzN?*BXmE#eSR^Kl|BYNQXB9E&o}Y!(s_TTz9cT=eD!x8 zxdk5jCYiqZ+(dtw?-jQ5?ZQ0#M_rdDzh}N7*)sBQc@1f6x!Sola9z#y)p7AQb06)U zMR|SyaXGxD@7Lt$a|~pixA=_qLe>XXACfNcb$%oNO&RGU(pCOZv8upQ|6!n+b^cp{ zQQw)LJPhskP$oXlY>M%lbW_!z7Qb<};%`YlIXNPDnp+m&SD(%KAq&#^a~6SP1Ng}Q z+D#iIn;U`;78<;Rg?*I8S7u_4HIIIh_jmr2<<)tfUpIy$eFz4-^&fpN1#ccJFb7Up znY)<2ldYltPqZU*(%Og3JO_NU2XcabgywGvKjh$C@J^=wp?rE!Ppp0z_h5YJkbwEO z{o#e^D2$~ArFx!`o18hYfU^`HUI^c}CfXMiTX@!9*IMUzNX~_FQu!A{pA@|Ro3v@- zA8eb}a@QD>jAC3g$`+g>nsA@ZUH-2I?mFYN&ZNU9j16xbdkdZMDC1h+Fp~ZIRr>9z zPR4mw^UKYpFEdsH_)Bu`=x5X?>EgrWdEiqA3(52tx*F>conz%kfh&5j^RIkA?;Gix z&vTyaTa?+^skN1xO9x5MkKbMN>b`J7dzkOy_Y<5CAV1kY+IB4eIrPAfls-wFeWY{# z`sAIYXH%SY%=gvc{}YO9P;A_uKxaAMcOsFxmo+5DRKUJd(jPc~e_;XmB*1HNUf-$J zdg77t-Vi_9#n~z4-y-j#l*Z@%W}nwAe0FO_j+9>lU$tqs%P-wYF$W(fztVSva3+Y` ze?qZ>lD`Qr?K76jH_!&OHfVVBe#sx7vsRG>km+#wdfMv4 zPu?+f@Pg(bF2+-;UG?e=$A^J;6S82de<|z!f~yz=`AbgsZXSIv<(u#W-ZMH#UCKU_Y2E_%?jW5<{CT%TND^xKafm+z~79KI&4`PilcX~lqg=d{zO+!uof zJX>xYUxeI$oOhHRSp;uwEi|UTU0A^T5vtF1*BI5eZ8X;*Hy&Kn4m@x;n(zwV1hELf5KN4PLy5xm#%8y^C(gp99^z99 zW_(XzpONo>0pHAnz}H=Kl;rQ)XVGzJ?;3QRJJ{D9e*2s6br*eTlYst`n;Qc7j&@1s zd3`lC{5|lFA^#trCjVcL?WGRjgFCd38rgqq{z$P&uqAJhDe#D~H>5Yo z9$E^X8q^nZZ<(ilhvRu=%zg_2X!51&$-$*+D)sDH3| zG%q4+*w=cbh@JyYj+Wb@=X+>RhnJoo|E4B#nt2Dk1UoLSV{7gRUOH0D!Y6-58}IzT zZ5!*koBeuO`1{ysaXEO`|_?<aJSW5rMzvm}` z0nT*=cy%H_DW8mDaKsyuCG*fl^o?rSCuewne&P)8Ddf~6Cp3@Od52HP2epX3jsxH~ zi!|vM&E8mH7r%|4$}``xo}A4)#cb}jv@&{aU3-3V6Zs@3meWqj4aL{$+==LXO7gtG z`35gsz!_F%o>yNzM9hM<1x4qSXihuScaPIX^+iAR%tjAe$b7DELZGWm{Wcebo|?zS zSf2VE7qVgsTXE_%F0FYqb1{~u=5X!cn$4Brx|QprT$ghtxab>mR@5cjRUdj*sgAbS zfls2Kwib+S*fO#KnR5#^w|7W$^>&R54_yS^Z+cwmtgyMn6P}ehW=^G9$CnIwUBYP5PQPtZ=KLoyeJ(EJf9JLk3$c^;dj$)eskC$bT3Ti z&&W?|Olo|{=LyfFXTUGeQR5&;QWtfqF11PHZNn!x%WdLFQRj%wrmZ1g%!V)O;Ezk; zKQDL@`}gjm=&=dd$B(d<2Aww1PX`#^*K15<)5Sky%~CvA$2-Qsq&I<&g8cObzI`pc zNLRffZN;ZPc|`But@VBa9^_q;@?YXTZ8ts-pR^E`+Nbu&mn<7SpnZyAQ++=5nZ5*< z1pVoePrNPteO$QmzCr2a7hUC#Qhw>v|C2U~?&8T$L*GXPk9YW!OM>+TzrRDCm;T0% zV~=}!E4Hqk14>?jIGYLf$&vr3kKzlt_eg@#+iAZC%=%8@!+58S^?CRY z9F<=*-3Wd4ta1NimCdJ%@bNQ?N3Q1V9m@mfD7_Q-@7EZ-kFmQSy5&m~M$y*P%nzd38U=)N1uc;6uvI#(%0c!k@3&Uw-p5`^*0-nu4>( z{-Jtkrm+BjOYW7t5yk|(^BuGQ@pI*^;5M5+WzL(g??@Zmz$;wq@WXj;8m}NH>a`OrWFTC+fV>`pf0-x@FS(%e)&D_K`9CNMq$&T%EU=a!+Bm-e2qsfDwGTn5NuT%3bZs zWhpa6nNHGsNMD}jU2?3vX=1E=YhetVeyn_FKwb37^fM^UnxFF{`?THo#qlM5kv@3h z`?e3x18me8Aa=qehqFI~TyvzWqhekMHjSe}7qPNPVY($-Hl5kb#RW zz2dOuJ@p6rFlz(mTLoTwLEi>?5Wc7felp1!`QH8IEP3kOyZd=3U&YPPWDRtXZ`kAh z)c4TKuH)N+X~qKM^A&jU^U&d?XW={Mhj2|4zBfFX$TDt5iJ6t z+r**r4j*Une9;#FGk*V8FVB2@j6Ne~tW#|VhWTbv9zF6Hb}sdM?MKSL0FKZ3G=Gb1 zOe~=cvRh?tnRwW|Z%J}~2bYii%9&`4m65{EBzpYB-Q{%Q;c_SW{NxD!{gDFt0=D@` zVTAX|iO-gkg}b5s-Q~k`M+=N?qra+M!sP({{P(VI@rU>!Nt{*IQ~dOSvUqS0a1I2D zMLbX*p$+&sumQ)AkDMdkKF0a!2g(bQ2hgbwU=JNAYkvMy`ZR2_=&d%3cB1=2`an9x zkEnM6eXV}iSa|+L-}6V{0pv*FjW0xQ)Y<*%=@RF&R{dt3c)oP^L}z|ddjjj=fmdRE zxklp#Jy!OZ^p#uk50`Hphfc>HE_c&Lt)CG;Kfjab*{RPO9UobZ{N)?x;O=v-hUYDu z#0+XpC5=v1ny#1 z;&0JeTVwDJG48<^xqlJb$yYOmo;XGvH9S8-JS?(KV-jB)032RfGEj+=8aoY4D+7j}6;2kZ$4_ws`?c{liah{(x&X?1_q3+B& zrQ!cI;(u%k={K6+RXzZxg^tg~`(7T|JB}Qs|M@-j{#d=*r=7S28lp2TIz~IWSmQD@ zSU|fKw{u#$P(wPSdW^WYW) zhp<^+AwEgGcnBT;Q2FT#zH8P8gi|tcCO93UKM$2ZY5F`}{BQ8x($p7_6U4Qn^DIpr zEI&zXLO@y@`P%sYNL%MYeET;~euKP=+Baa|cvFkonS)5vZ^2MZxO{nU!e7Eqdy4QY zne(m$S7WG+bF3GfeJ1NHhp2C}i6__is8b&XN6N4Ls^q)k%MTTARlA}6Yw9b?Euvhl zGEY!OvT+e*Zg6G3@5%^n?yPHzUvp0J-d-ntoaOwBC1*0W`CcGA z=g-4W*2(x}tP1wk>@WBoU`ysF>F+-=?WHZ>qAkTU%YO38;)|4TNgZab;cz*@dg$}3 zsYlQ3(|X!Jv;2*@CI*wCe(cZ>0}E}~4>R?*6%zkZ+k z5!1o@lAC{ITzfe9Fynr1FZxR_^9JI969$&mA)0{yKMvwkIv1Vkebu@|Tk1^u%El7>m2YKf z@Y1zLmM*5QKz*V0G-LttuWmNDY20Ye6+da*;3sHm^BydJhdR+GIGfeZMOo_9T=Zx3 zg$JF)dy1W!&F{s))&BfzXj4Et7DJ~t+V~^N=(oPz6Oi@_zuUk=c3^Uzc!}>!q{qr< z@VjN4^^Gj!3!jwAen<6DxA1QB7~71!fM@0{bm+12`;yPYn+MTR4pP^d<@#U*orChh z!SdqHG0hcIPirhW-OJ2DjG=FluDM|`<2T@X`ik$ezv>WvlS3ws&Wvs38h(x`@$h1v zZ|C{Z7_3FqCwj5IWcczScu#Hi=j|{2f_&llBv!ad^ekpXEJ1jS{-$q|bXZcZ~481mdJcU-d;>a=-B}oORi? z#h)@4Y^N_~li#eDuutHBbY5Hjq520r8sM{^cAZ&1!FVjtPJJIH(V1VZZ^P7a7Lv+b zZ20-+(jNJ=z|9-Um!4-IK)cTx6L9Bx@EG>*IJl{u{p17plK3_MyyDCEl^-JiLrcF@ zertlc2-)%TWOMnaK{M|jDlh*Q@@#_fQ(!Lln#v# z>s$q{7q}+4p5l6f>+@VMWt+wpl9r>~B_Jsj`Nn8I- z{Q>Qm_nr}7NUsQa>7d@x$HZ#4E~k%!&i#xhc;{uy$FC93AI>4klNZm(OW0w zUlD&vRy_6=@Zg;Xz(;cA7vwSH-Hp|il)XzZ$*X(;G4UO=>m}%zrk~&HytbIkK3Ep- zjQ-2D#up`j#@cPo53T{;YmQF%lUiTsL~bMv{U+C{ zjj42TIb~JPos8|ZgJ+fncQ&}!Q}%bsBYsMeZs_P>zR=lRex5#^NOO1a@fWwgfIMD0 za<`Ec*mg}Sv*rr$L*CZ4Ll59=`OLM&2IN0|IN3*=RYrRRrF(2(4YJ;Qx;#j_`j$1Q zXVTy%x%dX-O=D{xILU9O@@K8Qw)nW}hi3TWTGuchWpir11i9Xt;`g2IH#&0b^3@+T zxM35wrVMW23vVn>oLSy#=ph-urG)%z-9jIA3U-Qlh_oBTGwJT)pOG#d8o%SzEvD_f z@7!KY(1%;y?+*NSq|M{Iv8>1ECoiBqerLYKZ*$&&(o)b@GT>?aed00kX2@raN6E^Sb6Gz3%hhdV3KI6x+Si zy#M}X&-)XU%-IRvefh1o7y1p}6UQi%+m-9s-Ie_*XAzhHG&|w*pUk|CqB?@ToD*@sV*(OiQP}S(?M{^jhW1X`_zQ|K0K! zO>I@Iy!e6oo8)hi&ZO8w`CK<`YX2}z0OBD`}ub?AOSclo34<^El0@)_>3 zA8Yy4;;?0J8Mx5%FQ9GvH!LrVp%ArkdB~;HlOyyOXM=Jr;*u}H^cOt07#Z!Su@T$z zldIt~jZy5G`CjM9Le8G5t51(CY~)*|d>?KhzBb}BM~K-RS*ZS#pU%L6&d6!L@i$&( zU5fF?n#Ov4e|jr(fQ`*kK?>8{4vlp+&A?z_IiFy?~x<;tBe z<`}zfE`EU58j0sIyrlS*G_+hqy=qg^-DPJg-gzx{ZCw`ohjM4xb0V z{Sn^LZZCC^m^!}Qn&k43slgGmr*}c8cbSCXm%(8fF zFVC}X)Hwn-VQ+b@!^q9Xw7$)8Q)!TQl7r$k>F@d`X}Dh)8xH@AaC?CIEnfBJ`QSo7 z^}(Xf#6Vs@sJ+CyfMfTqZ7yBUv-Zh8j{nWsMyVU7aHF>vEE0@kA4bzA4?ZM2t3(oHkR{f`RaRFv(0xGXWytkyh&?~O?EtK zekG2GzE=CxjxP}Oo@#=ItMx7Kn}G4Dve)(LJ2gOfY*U9kQ{JGKvqV=Ccne{-n{!ywu(0cub1+f0@|E5%3az z#H55{K|Yy89{-H+%YGKPv|oLa-C@Rq_A{q$7k=y=1&7(|Ij`Xp`>|`ynVqfl(G>Pm zF~pO>=f;Ef4hx>c6Pxts(Rer-8xKc`mlM4X5-(0$!F>z;vWR*mnDep$~ z4jpO-?<`y^Q#ezy!Arf|a7OC6I=-b_=cT^Y@Na7OIPc*XosBhzIcN#>XGd8lOsbuX zBk-$-x6a`k!#ckvz85o1U%*2qE@2sW`hqhgE3pdDXsUs$o(nlPg^FOlCG2rOhf6%6 zvo8JBFCT9ww$@+$t>YGt4{49WlcK|-^qA?3#$Y~YHH;Lszf$o_`+|Li#S`p>T+P`y z=2$0z;NzTz5Wk9aT9HF{ig*?wg5W0&tQJO`hc zGkMbaN0aP5^r2q^F?v6S|8%C=n&2q07-I`l>9K{1S&|G=dGX`oG<%L$|IKm##=8o2 zoOvo44?k+Z)Li7rTz@n_7u~3dIRL)+Yz-*1Di8lygAqn&TKLQnR`S(_p+pF3j;c#Ax~g{m@PJznbD zRvsX$)@$55IPgAtA$bp=FLEWoi@Bks{mm-F+C;1NZ;8)m2ezKaD)oGwaW~)3N^|~D z>1roWOnYMaKNrjYbo%cm(J`L$M)E(@+$b51zELvYTjpEKVI7BD8LgWG@9UJA-@y90 ze7u?$Rfq5v4^3~QaP@~2yZQ@c4pK1KBbNRo3JP_Vtf30!pq%9I}sK09QM)*Cj@XQ!! zz8{+3Cz?a}s4rPJYhBFR4{{d%hA!A>*W!0SmocJx7rJ{--q|zl$~Rt~Fk?%6#kt({ zH+UEsFWI?Yavzw2H9S^52W$Y&=^ksbg%#zUg)fzNvhJew*G9AE^2l+;l@iOxy1wKV zIsxmh_1H+>1iFFKCu{8&lKv3-Mv=L#jp!)#g@<2n;ja1U2jFq^zgnICR_=a^b|iH+ zwK-RuBAiVIT^3=3$o^R1@YnedEiR4ti>Zl6IXm)8?C*ZW?uGH&uPEqjT+P#M0rCEw z50|m8Ue$Qh9G1+Eml@+to6rUC{zQH%lt3{k$_mHF>HujM)EU~8Xfu!?;q^u=o{k(S&S@LT;d#`QdD8@M-ezm$7Y z&s;itO0<9{eA!%ycKCpPGV=}NY4&P-H|V~yFJ{BX;W(OOY}GBAHx5Y84t?tKTeCf? zRr86l;o9L-2k%aJ`%ZAyTB7!=Dn3%NFtWvEH_$iiT{u$yP5jo4@D4m#(i|VI8P@Yo zYx!DZ{~|s$*|6Hr8rsMDE|y|br^kjQ=?mer0G@yPDa-Rc+~2sC`Rmrofv_) z;3e@_2vcKQ_yzd8grDfL7+vXkU?D>o`{+&VML4A2>?;s0&w?jrt^Pa3z{B73OH14F zA(%Ac;(1@kH`<;C_orgG3-2Jdo^dujB7Rt`^^8w5xA83B-0#89KJ(KY;xuP1Im)>m z)WcW}m~RrmowfQq$B)Acx1<>Z>CY6j_cKjBr_nb5wd?RB9)a$kDJbSw>rvs}Uw<*a zW9s;V`k4D)?8lGjkFkdt-wH6k&F`e6-4nmhcTeG+pMTNw4A0Qc4FPm&xA8sVCqdfC|iI&YotI+g@ebI2Oko(+N4 zF!Ph2feuT7L7ylt#mI>e-jjmw@?$SfEq^aO5A2_#XqcD=V2&vc-+bef^&#-D8^_N8 zAN&Ss^i^v+y05-Hy8)X={g9)+)LdJi*0Pl*+&`l|Q;c8f5N4dRj^E2Q%2uq z4D;*TjQdQP4-s?WHJupwQu)L&Ti5G(#n$u|{oo*dbO8Crw;hqheT>U>+pR^I)I zvBGR*BmVFcO-XE9hf5>*`hZ){JSuyxF}VOX zL+sDT({KQT{%P)u>4S0Zd$@+qLk4kAbC1g*>7j8sbYPq~Ug&fni#;;V+(^GDrq`P$ zpZmmxM#^f z#U7cns*`t>{jbUI^U>0;s14LFUHf-wU;T(3XKi<4hh=9M<RI5XEuA#LU2{jC}k4)4;EYh>%iobU(Qc{6}}3~3XXVBv}i6WG+S3y6e z>%4?3sb_+=>bLfrUCwV}lFe`Fx0mqy>(glQzo3Qq=W52gfzNNnA;#&sf^ttzEB9m3 z5L{JOJKYo%BUaZ*0$V{up$ZKK3#Abb-#gOWUy{ zJ0_eLLcNta^uc!I)1{2jwHoiN8NN?`6=DI}lVjz&F8O$GHu85i{te^v;@efBtd);~ z`DN-ixM+IKeL3iXQ@_rIjWERwH+3f0E21a#7ayswpJr`jEjYJN94$BbBZVgR1J+e@flbvmfs^@t5UUoy_yBnM)P{zI8l@K9!YTMl3t>LiA~Y@9#t&>zqcN z!!aA$%?d2-MB`B=7|ix28Y7Mk^kHog@pd}q;ief#t6u@_2L zQEwA?N&is4`i=I?rq$r3HfX=#BJlcm)&wPMWOpjPF}bj8eIGZMP@S3{N49Fr>z&%x zls!=RXUdF|9;Qw4TWgXn$a2N^y_a$=z|q*~q#tD;dE>z7yubX_fn$^GF)@1zgun1^ zCBGlwt8w@WuJoDuW3s&{7sFY5VE?)X&ZjZ|33t`GhB}RZL2H1?AIc8|y!;>S`^13) zbx$?siG6l?FCW21BdvwBHt>`UfM2jlakIh=I=2QqYaB8L4?Tp8IE}NB%~%Nb6~>XZ zAswCoFRcfuoO}mioNbme%Kty9XXhs@KmC^QaCy~dS5l|yX(T>L>pbRs7y4TLC;n6& z`C8+NV&J^SR@c>E3{ipXL+qrJxdW}YH9Y<&8{@M{_dZ2wz)ssnWKrwY$Q{w{tJJGD&Y@jvNelaVC3FtQyC*#roMj7Q4^7GD zRKCzQJO{czeh+nXWx3u&PAzVi&-<0*{`xV_qN~#x!KF7p!&wL5Al*JOZs$wsa(`j^ z>6Nnd@RpQszK7D*qVc$;bVlHzk6%%I7X0G#gywP`)_d#axw2rUCeb6 zm*xpw)PF)coaBJ?f<}A{@-5>-f(EygTH5a}3daMZcNf&3^~_^YUUab+$cLZG#P$l7 z=KD}5nSfr%ugT@e%-O&eZEt|K!G3fq@lcvRAHl|=9nuHuk(=vyR^Geje*X9d*AK+! zw7$W2N2J?oJl%EUKE9P^@vTR97u>)6#oIqY{;+QSx$@$6*4ChNLyXQ(07Lk-@SZiD zDbJiy`(b$Qxe|NQ;pgY+&(D?Hsb75k5#7mi4tu2i)Hy|+2f#R~^T+GvY5ko{P14gs z{YJ8IEBJ-F)nnkJ@;bxC!hVH*e9k-z55c(F)lpA6d+(!nAxyy+4F&TpH?EHWSGJ*G zH}F1=zw)X7jL%zj;}eqaF@)DAoS-|t#VD;YxV!j1`Y;dt5O=Ksizh?}@j^@f?jn3c zlW!?C9Mk?m&Pp0NP-q-IRFIFo89Y>0e)SE8A3kFEL2X0_kLsFDK8=~V=odO4Dy;82 zu0GYJI_6M^>I9G0W4sITm#!ihzY9&Y&nhf0y&>t%)mU1@d2FRKkk>7ox5n>A^_%V< zF=cAIbe0Lqigs__VEsb7KLtHqz3_9Z{HHqO$G}V4w*8u;9k2~wg#AjM6T&IPaVNO- z#Bf_OjSrMR%q!ae2wF(Sgl$iv+LRTq8@`N&oub=AJ^CuZLr6ho^tt> zPv^WcR$i_1up3EV4!p;?OOO0A_YK_j4dAP}U&TF?e_#AB*csuT%n`;9I;i$JC(`)8 zvcw8d)*}{Xg=oo`_tFn6RQucgu@j0_Zb^@o54*7s%(|o5FO`oncSs-8{Gqc-H9x8h z^Ly#v|BZRSDa-iD@87^X>EjzxV|Sr9AByMu*I2%*UB0WyH;a72ea)M8eE9H)ew!Er zVClJ`9sdM4h3VRtueoY5gX#4GXVT)+mVSwKK}=A7@)Ghku)e*R^ORNQ*94n&a$q+J zZ~2Kem#pa=GqI4$^L1ChM|>}^pIPJj?Pv7CEMP9zZ`#|y8L-OV`yY%W(!v-d`s%wO zY_0LipK9^iT=YA^4Hzp$bIR!a!3(fW^sPzO&<`~L&wQ6U#kwu+mrp@w+%uIv*v!2? zI9g^JeULL-(5>?KDwd%o`N~}?w;=g#V-r1TbYEF-GW_@KlTy1`liw^K zZ~w9(MW3)N~g|JiT3;ze5QEPW^mLV+PWn3 zChyT9j9)M{4c2WjSRu^k@Aka6uE190et>Ha*I|Ck9@LpoEz%K2;8p0w{Dp7$J`;_&NIvl4BnyeT0Bi5B*fhpFJNCpefA*v-JY9H{Hx$x2RyZ1 zF=4~h>$5+I_yVivl9rkHi@z2$taVlcqT9Z<78S(C6y=UHs|2zBe|;`2t+8ah>2=#AW6+<}Sseh5jz& z>T}Fn-)iX0Kg*o@s&wSpY9C|hOz<(Z=1gVn-B`?Ai=2K&{UV-4W;`kW{Odb4w;V0M zXzq;h_1`@4ojc#2`X=p@zG~_%Y$-~HOO_|H;(f{TN6M1r==2ZDHb9oQE`SF#=YAMi znrBZV-?Ow0nwAr@^QEt-Kd4*he&H*6#^}<}L;R$9CF|bvE}94H0?xle)?sfb&ilc{ zgy{FPa)NWbB+F07pM;*?#JDfjlIdC#6>QC^kAq8EeT1Ao%magG3I%6 zk5@H!%x;(Lpiws;rK9q_#72Ii!?&LxGzt@gue6R%-qpYvx=kaK_muOK|9fIe>6$ zFv2$n{9;gM zyhuDWH_=r`T%o>o@fdmLm;Cfbn}_exi^u58$#Xu^g1_*hxyXs8(a!P7{hjyCm0cvd z2?vcGwMXv~UfxF^@|8z+ipoRyR)71r*0xz+y@)tbzQMQsKINTD-nk9>?O=U!!D#6W z(cZz-@5_E=)WG+H8x_yv525oA7cjXCd6V$wPWDkxk~78Tt{R{nR}{`l<@BAsr1VtQ z3K<5hL7kCCNBeSN^o;hvch5f0qo=#{(@A&FKF_14x%AUWch5f0qb)AIg>?7q^E}$@ z(wj+l&pywiO)kBObocD@JUYjv&mrAC`#g^}y7WfU-Lud0=xmohn{@Z=^E^7srOzVW zJ^MV5Hn{W#(%rMq^Ju+GuP5C-`#g`yR%a%wMzGzj@+5 zudYy+TwhRGy&t9D{fU6F(shM+Bg=0ubqrb8d4<+EkUxe$K0*3?>Y97T0Jyam&I$(M zdA`d8k0m1h*aFOaVf6AV;Sc-l^E`UGOTUbC_w4gLdYViB0O{`8=XtcnrC&UrV}s_IVzi?b6>zx_kC{9-ZaV zFDBhR`#g^}xb%xich5f0qxCL*4e9RL=XtcwrC&(8d-i!AO}O+6NO#XZ&!fIeUroAu z_IVzqUksg7q`PPAvw#x<>HE$rY~Nl=p71$;;frVFecv0Yi}Q@~UkKk+^5Hx13(qC| z{2$G7{PX`J>%>39HTWkncL{Qf`0Ul^6jS6GWscm>{MmrKN_Z)s#k;wQi3jFB|J^s{ zew%AAJoNZ)<|n`Mks;=)%pW2PU)9`}2!cXgY6wv7@42(SR!H2)+(WQ{H*qIzeZ$o0&q7Z^ zekQn6e%+(VW0RfC5q%Tj$ow^SKKF*f(oM{<3IEnoexfpOqDxNFrW1!J7-QZs+RMDc z90<&FSYJ5b^H$47p^5prxyWPUv=YtO-a)XXI9u~%aG%!OUR^N3IaiGPx%iS-V-t}! zwSd^SU}D?LbNQWGJoGMhTIdgkc$PWmu zCU^o}A@3v0e8H;oR%6Su&kK3R??sP)mwA-A%+9&cf9~ix%I9x9N*$vY@Vr)i^2r5v zMRT0qt3J(xz!k6g=yY?vfcW#PjIQKUkDvIJQPpw6gF&cMW5E~S`q$=57tn9gpGYq~ z4E`s}lejSnA9P-!eD{-YBseztE$r7WXp=ZSKl%2WdGp?`zi|HP^Owv6{@k~hzAPQV zC#^*NQJtq>hujozq1TK8#}CFO+YLU#Lwp%eOWZgY{)7)5--kFa`Kx1-AJG_Po_^|C zXcz387u}caD+H-+#pHAJoBFVhzJ)guj5)3IOQ*(%SO@Q5TjLM%(sf=^p|pkhs$Vh1 zUgwG*!*@R+7PzdK;1=(jC%_XJD}LOF?7w6$aVgML`zI1!+LvF!Lk`fN7y8Ho?bU=< zt1oAqsJ?mMAModYe_(DfahPGnKD8`dRxEn9j(cX)eYfL;^NYLhaykEe(1ux2$NEg~7BGz2}7N??%xO+R-5W`SgPqa5q0ZHp%h_t|ozY>fQp;Jg>KZ$lK#}>Cyc~ zWldp1#NFLvEUDZXf^Euj*E8i;_H+#y7%p!FL$67jQ9sEu>Yq_oxbc@A9N3oW;Qt*R z+j{$Zw58Xj?aB=HckJjJ*w)q8VKERsZ=d2%c%R}mN9mmUJ$k%{qT=Z;INYk>A)~yG zj&0fP!m^{IcPKOH>6fq{?AqPYu_H5No6_6AeW0VSw?EUxI-JQfusKl!?MdAD`-dEHP8)jRr&`aq?)>O~uDfC!47p+~*i z!a$AEf5oPI0rx*~>2u0+OOt*L2KyME}z3kAS*EKlU#k}n0h6abb>AB(l-hqC8 zXZnYCE6?`Zd%U5&*-TGnJLUSihI;!lO79-% vaGnDLAN%9W&cZYWoWC-Q)HYg>Q z81CQIKX7}$w{7oGrek3Hc9X9+)7R6H+0&aF%ISBmcSnB)%=&UWd$$jD3}3tk__1fG z2G0na4%2|4u0i!olwcklIP;wAy+g>VEf71ZDf~^^u-+S-a(8$+dL=_kmJP2o|AbRt z?>6-sZOjdI4Q0F!rZ;&*w7K$bU6AS9zAo6_1!a1Ip@9IL0?0fBA={SSF??RIGtp5>_aOJ>oUr+zJLqYdo2C4_S-rd>0OkkKbV34i^0{sLj)OTW@Wh+;253cRK z!ldi@I{R$-?jW2(G;C;b%+4)^yP`sRYcfq|h*f}z2^!C+T!PKoCZ z_x0}X9STmzlMA*(1S?7$nbg1#cX9;h zF3X*}4mKDXbdQ-mS%?kCrMGTg9_$!^GjfpSlw~w1f{!j6{#ejY{_O+9{XL@ODa%Cl ztlzwO{fA>UiRS0$bcyC6jLI;GT4xx!R(parI}I4FI!~?BxM6JXfk&3d7=C%My{~IW zE?Bn5bo{C65}g8s(~$aV+wk`7nL)>K6&yv+WkWqdZ!S1{S?+AZOCik69;APN(6+04 z`;PM<=?9ke^$iEPonpvfTLw-Y%IwGtzKb%3QG%XD`mH(U$8QVBk8T=?Wo&kVhJd zmiFh-0A?!WiV@e9E;$vAgRWfI_cQpZR-eT3!;X?(Lz%w4C&OKQ7N=8%%R-#0X=L)B zgog&QnSM}Ru{*PS0AY5mr9z1Gl{Z{})iodNsPvZ+hT=O(ycxv;DLalKjoe-Z3k@dNQl)G6w%#4X1H;VqsXeA<28w;E$@c~heOk#9wQaaR62QCAqcxunW~2zgy~_im z5h2lgKE|jt+K~AXqwkFJJ@2mkrCt34{RE+z*@8;xYAt(b9inh9aFce= z$0WsObf+kAO1#6NEhZ6~{Cltdvx6oS3lWU!mLU=<<~xOXW8_67sbj z;JrhV48y?^jfZ#Y2RCZPEIpZS6igoCVCWeONe}Np$K3F?+)(cj^2W$)H&$+6#kjGv zrpC`Zz=&~DG}_wMZ@Os}*Trkj3-w&1SPm}_kU~Om#bvgsr|y@mdW2z86L9Ztte^=gad};n2W!Kz(ka6*lW2hu-2<2p z-9vqQR|eO0?ZTpAYzKP>hS7!)Zbm++GqVGl`Ui8%8R^y>rmWF8NkUQ>a7LerxZcPI z#v(@29hoZqxF)_c`zGFgjLcZ)#AH=XShd?8>os%`gVs80pfF=uK6(eloEoQCfp~KrNTba=s$qbH zbo)OZf15Tqz>L0&*C1IjYTn&gM*R_E;@1fEj_Ro}M1DDHZck<%D$JhcL2j_yJ@w>< z+!L(jp1{F8z2n%bD0YTxtvrdjLYS7Nl%lDu2#3Qv(jBuZ%McS@4%CnF3VkJ z=lHlJch+6#;*ip`cQ=ZknYG_>ZZ;ZS1Q@bm(o27=%{z9s3u~uOR$j67s+B0CfgEpE z_ryPGX;OoSjsN4M#gH7obQv>a5ADoAQEXd@2;8MKV^?n$FDG8BzCI}}Rd~{g+Xsx8 zs#V{~+h`0Cm3{Z^i;BF*(*Pui~7XjccC3f#!KgVAkdc$Hr)CU4=`l|$-g z=Tx-p8tj#uad_JbM|QLssBOKUwRMroXu`xXt|wE8hHcHh@9ODc4wu<1Oc^EeUxqb0 zQ@mCmM(v6u26Erb`aO1jV|3u#7~U4OF=)d#EZtd^SwH7_u{Kl?-@U7+cM$Cr9$;{V z{91W0AMJMOxHdy<9BF9vGJAqT*U(NWz>G6_!BE4lNM99PwWR{jGNJKFu9JHX0pH)# zml=$lIos$$D-*5Ht|qR=?zK({AsfS`f^Xd4V>1mylx;Yrce(p2OyX7BhI6Yjw_%EQ z<`p%ac||eobk`D92_u< zZDCy%9yH4pdv{kYH^?Yu<%Xuk@e36&javkLsH|4;c05mnn5=r{0hJSTwe9YbhgU;9 zYI_AAW{z+walIMh%p2B+!k3{0s=yfTubo33B{dN080n1xznY9 zQ6rq!-q64>LaZL=(3g~vu-4*WrsooK4{!%>?;Xqy)usUs%%0(FR5P|-Ura_{X`CWj z49X5>B>&|Jp~t$m!xsiTybIv4y;j&ef1o3@dU$(JwOq1r#Sfa(m-Qegx8oy`*biwS z$vV*Aw^uzH(J7TA^n%Z#I2tUa;( z6}GWuW{m$+%JppQ5I2$=llr_mAEjl7&I_x@gUv4)~_E`(m`Vr#HkaClmbdhcvuWBkR)!g*{Xx8WX2Gz!jkZkJHrCEg*~k#L+cJZicEy%E)-~ZUjNx6g zZxk&MIBBKHcbW{)APQKKjXK6QYDT}WSP@*Y@q^b~A8fekx^%GVh7SfSR;-Be5U8jt zA{vr^G=}u566u0$rDn#!t)g#h}UIG%%Jv6_%>f{O4q8x!L3Q{TKT8b zJBC+Hir0c+X>Lo-r25P@oth3|Um19@^`{CQcMtas^{(hc+3aJY>qqSI&e|E# zf55~G)hsYGKQy+YtJef6L`Je9MFhV_d{bX$M_2b=aW|_O+k5+a<$jVQZMw~1%bIl~ z=E##2V{P8WMVtq(8LK12)s!FZHwp*(T1EWU1ZBmR0}!c&`Fb%n;IQ2Apa)c4%BgWItuuiZRlq zkwt^5_-;mB*3FF=LYMZGaM&&hqAT_{Q z880y%FDu{9XVrBppiypi>wL2A3p0jIi@HSlu#acpY3r$i=c*2~R=ulmJh@cIG`kF+ zigB!hgmJ@E&`_f*?TvgiVJ&f@#OUr^TdacG=us<3&16-DSL6ai*)rkVcr3!Mh^8}2 zv}wf|Q<31e3W!Ca^%Snju^u%(3am*CG)=t`6?l#jc3 zQLW`v_|JucyP`3Wd*su|R{4ZL-{}MuW^^8EQOPK6MpKKT;Vbo2%F44Or(;a=v$E7Z zIFQS!`<*hjO=@Y^AW@kW8dhL9z28A{5|#cT+9no?9}6qBE8vdc(W+T2!%6CiHV#ye zWzTU0IpLYlop{e3+v16wUqA_^5w0Gw&V)iFYS0|RKpI}CLZC#)+ed{wKP zSRYn2%qyUi2=vKv08Ono}@mAe1{mTG8CeARBIs;(ze4xyep!@Mi9g~NOJ)c zl7Q%rkN=rv+`PK%jy;v(Q=#Sb{02|SsX^^d3pZNjcJ>Tft8F;m)kc+5tU+&g6nhhs zk2PV3QpCl;hGIRejDRdPC!$eJ7&xq~eP;u}g@&m=U?-nd8{SoU!wp8TL;83VQQi$< zH3ulB=$C{mNoK%GW9Zj3E8XGtUe*zf?+_c*E+2Jhb;}y1p>5vb-h>$?P^O^}wQZ&5 z4uh#2In%jAa#*dX^!4=owK=0g`|0^LG*Io$%A};-3NwVPMH1)1>E+Z0dA6J9|Do=lbwAm}M4Y8k@MD@MU~FL^_?5a*_*<(G&(PIyt#0ZOLw_s9C-u(If{1VtNdP zm`=2eL?Z!-aS325ixrGyPE;-&sBUE1@%Ga{4W=6_{xx%=xHrUJEO4^63xa8Pg`=aP zt@0td>e&eNN!o98?sp69Brt5d45WA2xM^)W)qG`JW>>c0jNOJ(F&>^?cAZvc%s`NO zDST=Ry0Cwymp5~{s7RP|Bz^T5pX(r4^;}OqD=vfX@%ev-c&^3APF1Sa1MZb@F=JRJ zQO&Vy>F=^@b;4$6rh>PovsBpb7+-2EM?CcoL%CKPRKCJTA%Hj+!Z<5;X&tfG9B&Zf zKo%!&r*X27lL_u7+vyS^EHCvF17|SviQ(QsZE4#!%pNG?KMC!x$iUUC6qXCEuDGA8 zf`M^g8Gi@$S`9Q_R*sPEJ@`Ec?uy*4*1-|MkL8Jcmc|KJoiEl0p*%COlP2CUxN3t_ zZ6my6`C;-(tdo38A<1rEHK3AhY_Bp~L`=*}@6hFO{U8RX((Evx2VX31P&Kd09*C9E zHh1ECIr(VwRUKQ_UzgsrvE$11n>Jl}^?G7vkc)8aAR9>03o?7U`-XcmW*z4$-EL)#ec*mJIp*fd@4NM5VID{YyMj{`HkY^6ZOc8$fILI(m*3 zY?uz?B>7Jn4|_^lx_&qb+#pVbQ^KjxU?wQnh<90juQOkl@v&Ne zhLi-#&ST0D|?jxs>q`${3PM=vuIgQs4^$SVarsE`M1<) zwNgPvv8r*jJ!=@xk`8R_TVAv-M%+) z#_BsoNLFA>kI#-F;3!~ZSQX8#M;*=d4-D_v8TY+xju z4;ptX!Evjr;HC#N6baceitCkGqL6X*OdKZ{8eh>-wy>8c3@NUJ1)r>VrQ9Za64E;t ziE6CSuhIvm)8hD5wJk;qdEtmk#vwwJ*wa0L&p}LQPYBYQAey8b@^UM5NV5~L8gw=B z%}~B0z4?X@c5MA{dSl1NTeeCkbr7`TwH>t<--mTR*$qr|Eq5&jjJM)zTd0s3GLHAko1L>f?~y_Njt zyn{;q=#ZjnAFOaN02!@rd#tc<;G68;lW<##J;q@bKv!j1a_MDdD^4dVs+NT-JzbgM zh$vME9KGjGgP>|BKx6$?fq}2i#E2T7Fq%uXoUG)l)a9ly8wf@QE1fH}u|7bO-jg^zKw$ytVSDmujZ5czCR zK0+TM&=>tHRs;1JAFpp9#x^`w%8BK_l)>LFgC2zE-WT-CRP#aquplQ40 z2??{uiMiDlv;$_wHg}kfWc8L0Z;}1-fxVo;(ciO*IbdifT)BDEHP>CUwd1;t*KNAt z%4?-+I3lvWKb&ukdp2%cTAYQNI5xJG!Vz!NHP_#COUJbvH($STQ^(C4H*dM-hU??< zt#v6=M7avEp;JcMPa{|*T$^fYi_YUikY@?}! zwpGtf4!-i`=2x-k6U{;-Eui@ll%qIfykw33jlJ60B*cQoeF_QzebgoeA?DpjP;-794O| zXZoFWnsvCcg->|WV)Xkq7j8#FoUd!ai?`J{nxfe+354+;iL1i3OWUH)b_88ANi)p5=81qqvf#}u89AQRP@$boS3M~;P7Pk^( zkC3v^+=7w(z#Pvd9B#~BG0x&?ioW=*W6H_PTK#6G{Fo|HE05+)=W##+f})P+irRP5ad>5X z*}#r!4aWX(4mQ%%^SBuoGm3(IIcSSkkAZI8nT)D7f|#a@Z8YL^oe*Y;ryl$ zrVX|4;*dl_Ow3jcpoO%J#STVC2`DH>hi4$;Lql9F6P3v-wB0yu!o^zcR~fk7T1Z2; z4@4ewR!(Cys&xDeyTI54mjvt6*O)0alA4#>Xd&iF7w{9}9qNcN45V^hw?1vHW8*~L zc=N{Vw|1CALe+quXhq_K{ICYIP%W8IUSS@FOm@VBL31l#+G8=33jp@V=j7*j!jDS8F?f`BKX$8sg~W9`~>5xt2jm? z#KW;e4LTX?%etMy(e12aE73UfdRK=rr*%TI#=SeG!*eHlRMsU}qv&SaP|ob8_Pj20 z;1B0xcinFHiJJ(FRrYswl{b`Ckj*M@J7(?RUhcaGdZ=j#Fr@A2)q{PvGH24QNIa4rlJfd#G7+mbR_(=bV8nc?BVD(zj?nq z#|mm+?_hTaG|%wy&h32zw|Ddqa7qB+08kuW+6ga|;=hGX_?xMtpAu`P{k}N-ogR} zm9)w{Z|J5_)nQo7(_jt9wQ3bjD#07QCXilf9A?wYwmKPeW`34>ZFa)(P7}GYL&7y~ zIfx1UFs0pl2Qw_@naRzJdMf}_hbBVfC*E|!`VEnVTouhGuVF9C+6GVAa^TLl0^~z7 zW?-fdS+X%&GFH@glgSay!KW9Wd;XluhzuXbCY z-EhmH$SkMZIJrpYqeVoKCblgj3ScGhvKE9E366 zYv4Y;EKY1&Olzq%^1FRK(+&Hu{)(O-!_VTR2oEG#fa{-O5v_h!N>=LAxOEl9n;zkV z2|!SVozux`f={*asvnC?!3>ohIz7WUwzOLf)aqs~YVJwq9gE1Gv3F~&BmZ;7IpA9m%hk2`QF-mGsTNibd zN9wgXoDD0@$PsO2ppOwQ3|E^N!i#r3&}zy6sHG{!Nj8SWv`$fISGbQY{&6RT|FZ(q`SwX`5)?mi6jgX>0 zSOajIa5TxTzyA6gwyxj0vE$mCJJRc~*&O5F5N^!+582AJr&6KuWmeHKENjj17*22^ z3%2{r=ZT(-4fgn3mr_LTLOs_*0UclC*^Re3Z?;CkaVsXIh?VHQBc_>Jt5#YeSJ3$yzg}%r|k?Y2Gw>;Gx+ux%WWd8qD!rO=DeesGTOFjnw*w`hjFrfz>JfA_RHI6CL*b6eKvjiUZ$!ovQfJ# zcA|S9-yR!leWyiU-VkdW%_wsBrO zc^ND6Y$!lQR-Y{Ya-_w1R-2A63;VgcjIgX&iFZ%z+L5*^E~@a4)<%tveiqG)vExy3j1=HO~tE}6y`qZdvgp; zn9Ex=oEw}8!!C40ndpxwpFKF!d>y13lXuQz_c+hUcd`~lW6e34W8U3r=SoP|3J)6J z5E75TTDN9{{Lzr`ZnEDe3v3x@U2tmTmI1;b%-02O*D9op8M3f*lrpkIL!YiW?KGS& zcz3Q7ROdz$cx8JAnm`{u2XCWMMxzJ|uR3nbRfQ2I{5Drs6>M`zb9N3j*(3J0;Xv6{ zIkM1^hp#$1ADD~Vp`K9Tc0_QvsvZY(`kE#rr~noVEANL4MY0f6GeBm@1YA3NOYcJ& zAHK>FBkDx64 zXi}OrVa4Yi*|PFe;b5?Ku`_(}-as1uV*XG><=_Jlc?|Nsi@uu zzwO}I;^y3}<)j&Wz18#fhTq-o>2b zsol_lR+~0@@(Jr167ueMyr4rK8tVt@=xA%pQZCbTp7}NoADHYP?yhu<5JU;2$h1Bq zr8=kQg?Uw1M@M>~Z|~X;89pIzRF3koJ+{hrBEGb2Rbww{YKmZ){!{{gX8s!9o$bir ztTj^-Q*(D;=pqt-Thq!hlf_~6#X=%_=NQbsyLe62J7cU_&U0liPz$26e2=q#X!Qka zV{MXE%xXtG&_zlVqls>H!EbJRhtUQ?T14fP(_{$4E@WUt%UPSRx&DJ!+{Cmnqg-Vo zF^e@~z2V&%4oT1=oeaDPu)5#S@10;6AEe5omec}pit=_PO}jXzRjYQo`0}WqP66j+ z3v;FcZ3o`|Wb6y3Vu}C!`%en|Ck6h0K!H8C^4(*ur#_MJW`XbYaU8su@LEV;IIS%y z(r1&F`2W~@^YEyO>~Fm4cBNCeQ)ot8U+Jf#2CdimLwsPm*m9IrwAu|E8}2{eR*~KPZCde^a;oi~*iSl6W;)QGVm!a=ucKiF&B9D>p$^JB6$1>y5RpPQ&YOL6pbzL z{Ez4;ejV^}fJo02#cu(g@)OsZ=m?)}E$AbBB>C?Gp8aaU$Kdw@&;NIB!N=eaMEK;8 zwfR^%4*^e|wL!{`;C%OS(w$De#nsb@Gs+26M6n-roYh z@nNff(g#Q$F|gl2&vB=&TYmJbRvxo3wkYrdPg=I!@{p-5{Y~T z@U8I8I{ZZC82~)ToOp^D#n%H*S)%mFn$PqIAC9q^1Cf5M0G@3UpHIpNelzftJxU+t zzYTb{OT6hrgnmy8y!n&$2>u}Ol!vxUoksZ_2A=vME$uyue;0TkU=I? zV@SUtWq#<0nIAjiIMPX^-;feN0UoIssS1fr-UGq-{b=O-g~<02d~@7B#5e6^$uMiv zIkO$p_Z45dOrL1W^i7R`>7NMy^v9obs=$=?ycM0}{0PA~sE0iuqMgu2&6;x3W#(-o zh&aB~Ep>kSOq<`;-|D{(j5*$%|G)kD=bR;dh4>xcle|7M`Ht_$?2L5kzZt9ON!MKX^AM^FkTzqrhGtYg43M9<$ zKj-3mI?`$6m*9J51iud7n~^xLw<2vp+KsdWX&2HSq5MZ=DmmEe<>h7WytSb zVDojST!QJ0K7G37hDJ@suelfIb}j8xT2@ltWuXDfS9L5aEyMp(8nmb_M9oRlCQUwH zNUmxzokt3{OUpRfO8I1(%y4DO)-ubXr?viHnWk3M3-L`p{kZ+u^26UtI#JW&tV^JZ#+$F^d%g_+n`mO4t%HUjTYkDmS=~e zOf65CZnV9Sd}M$1p9JEHo(>VJ;az*efr zb;MEMzXY)L``sQb*PYS+fAK&1P_$figQevCXZ;&s%eK;jaaeu1%tbzjnl-O3mR(@S ziA%7wY&st{SO2e(s?o8hU_v!2_78mJbQy~!_ee$wc;xZ2R;n021d-PdK#hu_73K|R zUdN2*mlOM86`~MzF$<{P3B1%u{R3W_oVUW}zd{}@{KAH$`vf5;=KfJ=FCm2RHIy?A zbUFS3$QPxv*_^XcGr2?Y1m=5RfP7hLkonj9BEPjYCCCY$hy3-~`maf`f=saaf|6rEOd#S?d6^`TbK$uNNkZ8t zkzXet7>L-XOvGUlT`uoIq{Du|9UMYaTYcqvGsfRD{U$iOPO;=KJk*7+GLAwk&-8o% zT@0W-E4u-xGC-oohoSa$HGtO>+W|l~1Nc0f0sy)jAk*^}JcqB^06Cu9pUlv#~B3R%!H%pPL1ceNdN}7ng*b+=Zj1LLz1rr(BIS06TndY2)Lc$*^>ldSn~4# z26#R@2f)~*;~=Z^l(XC8GLE2Rj3F3E;|- z0GbgL%$O;$+W<^0glG3YiNIn(iV!GhhPBd6`7wxtm+YY$Y1V>hjU0% z9Qg^%R=*8Jrmr{X>RWM>kiNm@i$){n%}S(M1m@w=55ya!$m_~VH|C-+JBzsLFbUfl z!s;7{Z)fm1Ntnr*t$jODHz$CZoSEh0I+)WJvo|x_XQt8lF}P`IFy3YUgBZlDc24p= zV49|Af%Eqgm1j|-V-+CLW`OG*_*8Ws9h>?XZA&!}x^UDqNa<30I|HrO__0hWFNWQ% zKE};LtojpfPODXz1955)6c(?31cwCGV=DZhdb1C1B-E?tUJy1)#*>U0=$ zQXOfH*{B*}^QkHb59CwpfQO8+P?x$H1C*iCAVa1a1>0+_K3xT|RT-|?s-OqDtcsx6 zHYzk!h_>pwNpL$Vqqh*bDs>=yqUw#=p07sL2;o;xx52HKI)c^%s%|BwyIKi@C{(*~ z4-!&uUnoRa?Zn^}sr&1MXs^BjeX)9JKI}t1m4zcKRiA@{MpZEvQ$~G$rV!=oJ511y zsvf%Tq}HOX3UwI*kj`p#r4W^>ZZ-UZx)OD()O>j2u4?}*A-buxu$S)YF)xN#N%Xo} zU9muj9_q$3gy^YeFBGDey1gy^_!)43wdxnh(_4K7&VAH+c%iTF0gR;@1(;v99TOo(x6xd$^= z?QSK+c-5*FrmyNSA`{gQxa(_BpY%k0qdG$V$*LCDDXI?Fsp@--`!w|+D9=^1q383I z2A}Eb1f)7&ZNP}nP`z{UlMD3?#(k!Gyel3VSEHbT*(w&dYID?0V=&QG3H;85>L{d| zr*7#2yH?qqaPX#%j>Zv}x(yw38t@40rR6C*VHR=iEFH!}ggt%B0z|PmIpJ8d2s3aej2ldQgAudzv zp~-b>`Vy=MYFRnlj#`7hZ&05HgxILspf6Xb*%
N~W1rFs|+e6!jKD{4|FA?;P_ zCn3buY9cIui+TpG;~F)2xe(W?r9FhWPEG8Lg+=Ym7vg$#%XlGfP!swIaibcJ*0-ti zVVO6nH&zR=UG;>;-mLC|3_DZ}X2C7$Rp|UywXLHNx2YFlV>{J#aDTU}YcL9TsFNi^ z+^PD)Hg>5YxZb6@V-DV}VnKP2ny?T7w`zyJ+^gD-6yiShD7^3e$_q{IQR^`l52#9v zSio<9=s~$zW2bEh2@tj%7A5|Q*eM+qd z|DV)w^yMFFCT!zpb;(@ZPKfHOFnO{IJoK2=x2;6JqjkpJ(ShtPHvb6*HM_gbm%|`( zN-X_Hn0`5>CLeLIZ97PMN&m}GxRCyWBz!skMQpI9 zytCCWpchqjxY+eJ?;`gJ6sw(>yWkhYUN%5bM?E%*z3hdnQV(H}V$^~2*vkhnUt`q~ zcuK8CV6fxVVz7%>$1raaRLpd)x7%UGN$Of~^Qhxk8Isj6W4PYV?!)zV!#J+DUw|f6 z4Z`Z-Q~fbh)6`>_4e2T=!1eZy9$as)?!fi-5L(YtZ@6IMDu5Z8BdUIe{Y5%(w|gIK zSoJSw2f}a^QdJhP0|jTX15d&gD|I%6h*9Nm&TiGAC+qI0W(Q`~vIB!*M)4}XJv(p# z>^o7NJ(C>>Lqw1IXaPI$JsgWy{q=lypa7Uw>OBl$s`?w0;!|l5G);|%veH$rVs@Yl z3?NfoHiI4bd@MT*urpoYM`G2Zne5C}D2-Ez&``XJ^RhFa0h6d|`?E6x&~1;} zhPIN`+ZY+I%7kz!Y6keXQvM6rnU64%KE?BhG<6ZiDqXz_p)*t^3@TH-xRjl_xeYsW z7^9u7DlqkP)Dle6HtINhZd>&`uI<#?*^GWJg=+Ftr_qdlegLIkRreE!eg-Bo`gs=~ zHYhgANYA%OcWd-ZWn(%@wE{!#s0{c6rB;}c8Uwv~)%!5tTor?5v_`eUC^Y(ybcd>> ze?EEyKlTm3lplKxP>8<|Ock3xCTtFaxe2k8#gHMeiAb~klHDiZ?No`W*c}Z@RZzyp z{YBLHDri=z?)B7ouroD&A&eqc^~8|E{-KdLbumUOUj2sB1a)8xHGUF&lGJO!c+@J4 zN3vSbK=B7QQsb-9Rx9ao|B9>J1k+m znI{-;4uHoBtLwsyH*dmJXs@^zR;<2*H!M+YQy6b%tYEyE4TCLH#cLREF2u-nR4c%z zliHBac(XrR>8wI&j5qHW;8{+m;=R?o^Rliw`G##`%K$T)48K~-E-)E}2 za~Nq3K9`Z^hQ5q6z3>Y|RFz_+nEIFDCnVtgm4>lzqoegF+LsM)!UH0hHk zD?Z*eMRjW{5NX~zh>_-;3`UyQgYrCe8SvB9WAhnluE8kGP+y~u7bw?oMw(AHGSd7G zBRE@K5BcY)gK!md)znHxnm5J4R}?Islt#RIM=zYt;CWj5H6U?-#4IY=KDg zU{^+(mt!Jcsvd>qU#4z_#jaE5z|JpM_rem^t5X3+ns=PXNb_RIe}&o)d)TDfLX%gj zpE02~s|NI?No7NaSE);Vj5K$TW~6y5$9>R?8iA3;A`)i}s=y?PK9a)YY( zGSb{V8LREiuT_d>X-Izq z738Jbnq|5gO3w3HsA6C*LTQnTRXS-D!1R<@db=7u3s#bsVM*)q$BzS)X(1)sjnq$| zUwK)!l`;BdC?zl3LJfK!1}-nh5>M9xpS(5}nmOr3g~)3c0hj3RO9AFu z+D84w7C?CxT03yxMnL%y(slZYz5xBUaI-!b1XN(5Edwua0u+dlZXKB16JRg`?$C(@ z3oY#~oqq+OkcD>Ze`Ep*TWF77Iss6Th4v0yL8yI%%|87A+*@9;?ehWsMjW6L3%w`; z44)iWnK6S{F{5S-X1UHQOVMuuYt5kCG8V=RI$A*K>6kHjoh+nvG1Qk=VWC9*`b%e13cWy?bP4Gwfy3l-a;>t;nQvqRV2LREGEsx4)WemfoY zdRVBhmY5@XJuNf-CS#H8-@ZxzW}Xkx)JVO1BR^QeR;q6RH@lQmQ}ChG~eZ*MYH1ef~A>t|Zz}LZYHd z5-r0h;%FwhH8Aq+22-UjfS!_a`%s9J=th2CY4P4){tEemTj#bfP?a?8ygv3q=2SIy#Ytq=;JeAU%CDxSbA~)cqzQNXzcTJ4!(pGeJaN@_s*67ESs5Xgz1+CM}(H=*%Pdr{~gD&x5*bQ%I5?60!`;vD}a z(s_nNJ7IwSOJzJ4r%soldH-b=Ag2w|kytQ0eUFCy8zY=rPXcg71o$Zlz@`XrC!D4K z%4i$f-z1$HR)4Mx_^TpB30(nP9RW7Nz4*68fcshfnn?BXjb|ff@b{4Va*UX9p8nnu z$uw=-e};vWZVRLE53==iKkD79|0Kl-i_6qYRsb4lq1^n1BLR($(92$-{2dU|f3}P< zYpd)T%1`SH#F!|eM<{=H2O!2q5!IpmpP+L8IZ;ISQ2xvC5&m&eM7L0WYnX<=K8olX z%1^HWVtf=)70U0l8;A)}M3+$hOc0jC(BJxA|YiQrA zqlmmv{v3E&e`6Gp8_JI#3dEWyqFpHenPEU&6h*WR<*y$I#KjRrTM_EV=~bp5rM<4V zR#?%Gv#F{dr%R1K&4Ij5ns97@-cD<}$wGB{iv)D5G>&gy=dUJK3E)8Ih;4_nH)dMC>svCslBRQppMS3+B? zBa7$|e2#GlTJ{q8lQ=KZoT%Z8{E4|hWJD1?ME+swGc$^)7Wtbw;af)$-9`STtdbQ) zbQAgSakghi5Zwgss6)YY;i$aD*d?sGpTP!WBN@F>E~8@ zp+7(j>i@z*N3{41lw_eq&Bf2}arDz*?bTPpdHRzbGXk0V6i2{oq1=Ad zMM%#=v;L4{^jW4q=6vpLp^o}ALIr;x%eg|&V6{9frVv(9t~ZuwM5$+aICt#OmsQ-s(u%p1)urw-|DlyLs(<&vCEG#roDShs)k> z)N<4&47E%BekPZ_d**Q2yR1K#y(_RB#;W=%G^Sp~8XTu8(c5@+GqjbU&Om9RdUq+8 zy+?|%P*M7Wv+?El-$A1wxTHHJ z?tn$u>ra{iRBoRSU^Mu6``oICCKz-u?BOF0Wu8Wid9cW^ zuJSB_aKZKlsP@Qv02CXb#`6^=DDhIXz9K-WYLSiHMPDhqF6W~Lg=P8{%ASOHps-Us z^TKneCxA)=)OvWkS=iM87kTJD3cDNN*~Pbztfv8#T-^UkKz$6#AKB=fyUf66IYQl4E7zm#Mho`d=_Kk z4Qd7G;N>3*2Z`! zl-F}J6dWFFfL5Mo$?F`?B9!<%mts)D<2;)HWO`P^aKrUUJfz6=`~)Wu9&dn<=lRP3 zOfYrIJp141lweg(n%H%CiG%4o@~fH_sI4Hax`u)t=2~0hnrl zo+9VQS%9Xw*rlO0;VWfa0PCNA3Ox!pNz@r(N=ts5yT4(EMQQM8; zUhcTIgEDe^TQpu?4#QIYV9r8KtmEY9gRyedE%1;obu}EVQg309W7JG|JGaV!GmTYo zup6z)Fg@ec2Qcq=H4}b4K`jL(P6f{8v^W4AdsG}IVzT1afLHaXppXBsm_GhIAAS6M zXx^v303N3TxTdT3!9PQNoy0xr6>YgkeHyZ5sY1|ai=5jq6N^^3-ar?o163nulu=J;SdBa7n^;2=Dbg-vHoJ zQ<5oiE{_FtnTsPQA5~x+>^MU8RkouD11quEc_V_*H+=yS`ayUOx9t8dK=gBtK-o5;?}V`IRp`_F|UiWVm(xr&^-Sv&W`mx2|`tj_Y{iaoY>@L zP?r`}PxWBONLZ5Pz6zE7cfoh;NcMk;QNq{PAiE{mUp@`z^2vS&BHxzmf4P?sJCpqb zyf~Uq_IH7$+>z{0N98+{{ZFBlUCDkQRC`yle+!o7yOaIhpsah6{S}Qkp-=YTt8hf0 z?EejO!5z1`52iX zr4G&n6y#G+qRfrn=#pMK9^TmV#VpjT@vvBU5_bWpO*3biqO2#}XJ$!X%_XGA{AHq~ ze;nHto)5vWWU#5DJb%Lgl?;tt3?l7G8wOyM0pdItpx-6u7_vmquhRjHGZC=Y10xb8 z6HSRvXBOXRg{g*gCUh%qTirMcqxP^xiqZ| z^@QiA%fRw7H#@C7Kb8YnXZUMz!M6x-s-(O|>h>Ttn~(BZX||4qzGw&-UngT%VaUAt zW4J)M)rReLdPEhV8)W)2R2!+&&{27#G&&fgAA=6$HrZ+=Y_(qR!Bmhp*|G+Ws6fc= z7MiNrS-C@MK6)@+55<7XTV(nsv^P_K&u-l+jo5Sb3AhV+n}rtW4IV%{Ewn_R(FxEU z(x`TY-aQ}CofcZD1;$XmC{+-a*;x6=KtQj_RG!*r%BA>exsZpYXFD3qm6h4BEqT;} z1+wxv5XrY>tDPtf$;!htsduFA0$Gb?<(}~X-<4UFP(Yci>q znC=2A^?ck4Exw=gN;h!u+)7zLFnUy;KWYGcXa+-j?#~7Ai2)Kl^CtuN(g0r1{6zr1 zH-OK>Lj(DvVUX$Bv=G402FUST0kh92x?%oEF z+YU;xrqRh*3zg{-*t<-WYAh%#^cX@(GVLIERu|J&WwJEJTBD7cy;jYAwb62l%%;W$ zXm?lCOSMBg$lS?DJU`AUS*JU}q3~I9p4E@kt_DEqw)HW3+Xa9!tm)QkPB)opAsljS z1k~ELH`N?f$ShknUDrcCnQft&nx_%6jisDx&KqP~Ted)7LgQ#>p(XmV(SUL-v_j-@ z?8>+G=JZ6z7Jz9nT}FykqtF{~$MCn3IZIKZ^r>-xQf+1I@>TS z91A^_{-l>Q1B1stU5yST#T#YyU zCoaNCD`R(Umoi5oV^(f42qyLgCWiknbIqxXhY$0XNJ4%`?q|JFp z$yF9gH0K>9h{#yaEAj+*)w(f-OWu^;^8lo&S-4K5_XwIxWC~miMEM}N>FIKa)NexL z)?W>^{zDX_)3Pq20&OP2FbiotkCr;zDm+p5p&gB|WnTTzNI)Yko?#n<=GZ0Gp8zYjD;%9sfrwHp(=AyBhRr=wYBMS)^cjBP1nnebI?Lx zUAG22$IA?-nil?5BcKVEa*!Sz3uvNjU5~Oly$a4mHdwbhQXj%1DJRLeClE!9(ZBQu zG}-o{UjGbdC#P7oG-&R8%BgnNOx1&n08O*dG?8bN`Xt;!W(js{x|czzX4(5(nk7PL zv+jLiXPGjytmI2O%d|P2D*4K`nrLQx$=6Y>at@T7h-g*hy^Ge<9t6um`d1gL<4=FMAGa z?kZ8c2Q8I!b6oCn3Z97Tpf^DpK&FN81X0Y*m-5*&snQ;f-UOt61qv?d&xVm~B4; zX!YwL>S!Fy)vb0EkVW_NA*(8eVa16V{(K>h>yo=1JqsN5I0#g7k7G_B0Abuq?zNE8 z61S5j_eXXs2lDi=WRH`Ez=v1 zjPAheW4JmvZ!Rr& z&O=#m`rXpVc{5M8OQYw_M}mlTN&`B+Ga?&~bZO8IwCBD%0TlZ9yrJ^&+`KeoH;z3# zZZEYb(TN_OwwD$~0%{(%m$o;6&qIG+T5Nz!Pp2~glo%k#!!z>IQUm0Actl>>!2ksw zt`?&>XRbhte!o!@ zPriQCTxLHCnB&Qxhk~(@j`2~9(sLpmW9U;l&cmPogglIOO6yHYv4;;+l#Vw*nTK&t z=>$Vo;bEXtI?^c7? z5Z`Brm8TC4;eHeTXipV8QN?1Gw?!EW6zn?nL&_7>f*m?vQ!BbED*0bCwE z5oE7go}RPeINXOVPtRz0IQJ0)Bzlg|2k?dgyq>i%FZY`U@Of5_1@N{3GCkR`0Nyb` z4$Q~>o^t_Y89aUJJmEf;#e8qhXZQPd{{qjdQf}UY6ubYXA47RR3NJhyH1~(;?3OY^ z<34Txujf_FFZV|V$no$*!TqsmFC@zLz*4mPGyQk4@cazG{kbU;o|j;R?k^0W%r>+8 zt61a4MIIZidJCp#=d}BG_YllD^$*NWq28hwQ`52bI%*vlx)k4wuT(Ld3)Tv9RU>_@ zI~1d)Rc#tKKJHq~jgKj3VdF!TKZ{A`bt9a;25j}>MX1s}dK&!vCP3BE)8NsFeB3=O zq;)*YddjRHAzz}%qfj{?!T;#?t?ocRP3^{Y5ay{kfQJ3uy z*8D^>mHB0yAuUUX<`Z?P&c)>Kf%oJJ-NDQN;rR!gsV*~yr_A%=x;&FqTqVe=?5zTN z(h9u^NKgGLlyq)&0}6y^C}x_jOr=<=2cr?)#V-4vhWk*`wKc0G_Lzd@Om~aS>z`TD z-2gsLAzf|qnP`ozR^5%;1v@}`vimQE|_NMlk(R~{cf?F*EVXV3u z-bJf-`f_wX2Df-oH88H3=|1-`G93gh3pE$jq*|CxrnyF{?tvu790D05^sh+Q}RLQqIw?iUCaYyhql)r^`co$tf zd!CT-(i|G`hGxEy2~zVmPC;h&ul$1H=%n;Z{SVOV?l5Ut5DnJ(=#UJ^)+|zH!InX3 zA{wpN6r-$A#{Gt}L=!y7u)Wdn>V>RVVIiO9Q49!mwIz7(DtW)eL-hVAn&X9A@DysFG3URJ0)H{20r-g7&X(>2q?$IKR98%*6h&a-sN+zU zOI^1RX!SFODMk$S$wuk&Lj88{V2w;=3+8TIUL-Y$ptTnpz~f>IX+88zKx-|OsDFl6 zk(bCgx(zRO-0`DXS3mN5;vN*NlNmv<5c*nN{1!S4s<#+2f&pwhT@6xWe82m}IcgREG6Vh{KAw}VmCHG4Yi)t{2+$SHpRo*L|c~}!n+&J%zdQ!TVp!J#hQ9@5yspsmp zlL7t3LJM>jp#v6LqC@a^@@Z+pxfOc-B0$gBvPPXiOMKQsYxQ=zzJnH8r?(M$&O#gY z(iA|?TWGVMj=3gZu+SE0lxGcT>KBZQ`H=y)M$Js>1uREv3HLDbwg8=`?DazUG(-Cs zkoM+jNFij4Oqk`#?hjF*9#6mksw?Rf)Uwf>R<&PHD{GRIzcJkSbNkJFf?kw2V8{~X z#mUL#H5l}vaN2ThvUQYt+aN%fB&Qmt#drrQOgcH6ZEF!YjjvkNF(Su_tXGmid|9%K zd}3VhVhJk08-YQheAlb5Aa65Q{_3^C2_C3jf=yKmDQnH|c}=?r>_&qAg1p{eV z(>SzWdEK2*)$6L9i6u>*u%&oh<0!TEt!0H@v*cX`QPR})=xl&eu~KA^%sT@5{0lC> z2;N)EKU4HmibVk3iWWfwhB?j+LD&-CeENqReaBLLVqx?nSE9xlx0 z1{Z9%0nm}c1U{FbttG!vXwE+pMfn$%9PGCW_1xx)Z$~QfF?sn;VFI6j(fUUa%6Bc~ z)js;dzgh@N91lqn<+PB#i(Kx2FOuhm%wP*WaW0_qEQF`X8UanW5d02XeGJLWLM^h$ zNX`m{$S1}%9e$^7{bZmP6uEO(OM!?U2UcCcKLhS-K~XPeF@WadRDq%g5byuosz;$SnRw3U_@ZQ^B{=5Cc-zkFt)soQ7#ocg<8(pI+oXjHjD`MT0j-8k}C# zlMO=oyrUOhye4Nxk?H3704E`(H()VK=AM+CRg}g(sat{Ff#gm^bC+&JPWTFFtAmST zz)R$y708EH-iIq=w+0vWU@K1o`7jb&8ERYkC%{uk=>ymb_rc`wq725#At^)wl5Ki~ zZF&$8{fRUuP$P@lFsxnz#3H1Wao0+*7LD60xMDxMD0VP}aLq)~6`zXSFCl;wiBwUZ8TT!y3neZS;9Kow1$4NyAH%AHgf#?wuy6aJV+b#HU)e296{h>$?NzgGfc7!wVUMM=;Sl4`gX3s3n{@=Zrcyzp!zb4x>J2` z0C@dUg~Qx0C%MikxvPh=eRk5}u6Ql#9?xY^qV9$s!zN`Fx*w<9;AofT5DnYMwVBr-1tqCJscHG(o&6wgC|2|%2Kl-LFq zaT4<5^`2-O+xc7kKCQ!H!A#-#q7=MaPWZ*E6QjXw+6z=_K@9yVNu3HW) zid{{E+?X6s<)PVQVKX_l-~k3NG%dINg7BWBdn{~5w+5nDBPINJGfLkNm#~}na?;z1IJ_(!I+c^dv2q||7w0Hl&s15uY_HmGt(kz!Aw z=3UlAoJH&kMp8|r+U%UaZWKAd8Jj@bZS2x~I$eg`f+m3%3jv=zBdeD@Rq5{{WT5qlK?_&Z$@KXD=^ z0-*Vz6JgYOH|!j0t^?p-bpW)e1L#iHK@WLL>l;VIy3_WsFHE2gotN9*8H^cWx_W0g zz^+~eZSr}x1S9XA;f|!(3k2U5mT*yxVbX)U7HR8^d{;P?$g6-@kJQn`WOs*S-$y&HremuT{nx=i(?$g!MU}h5u}21>s2|WT zqQdh?uC4%%BXbNXb_Ix^YH4e9`Y9tovKA%w>H|CZU|5&2l@%yr4Dbh8%>~dJKpK*3 zDuABIbVG{Wg4!=f_|h8v@BkPWH7`Sf%PmSP6KFrMI;ha-$ zJ;*vdCxi?q+eS+$%gC0~#5g>6Rg`W_gl_NuNaxIr6uSzpMakv$cPE%dhTYJE4aX7=mBRk?BPYAcQ z@EGrcSy*3}*tv5Z7&MX59EQxdgyrTlrASPL^Ery1z$-!^d0p6*gx9VGn~nXO=EZRTG_wakn@?uofdHr3%v(Po^Ds6$hE(AI&e zkN{DRdn-y9j5@zXNZyLDHJ;W4M|{|umA{Nu7VZ#G#x#5#XG4nd)(DOcfSX5m<+jE; z46cb2$A_yJC$2%4mLesXXKN;e6FDf)0I`qA6CqTZ81~U%5)zO{O6E_5>PG~b4FAZ z>xV~G(K*~g6 zHW#D$KH-!$XtaeY%8V*@v9LBAKOBWd6+6IbJCaoei(9IK9Am@*R_fbQ6;GnZW2|LV z!SZHR_)cL)%I89oLtfJZ6B?11-1adPo57Xlxlkc3@Hf={1}TBh9ROL*ft{6vS0x}N z8?$*K)Q&u!2I66)EFLS$7enTm1Xokzsw_UvAYZb_%&w;2Rwna_2Kll@_&r!ekZ5zS z*t^gB0bWm(S>0X$7?2(BTs}9{=g=W>thu408LjU*INK4Aj6j-#C!)}5i$#qL@8O!MPmRnSU4ZCBr0MG)wy)!W7=<)~f;Lh_6;5~!&1JHOne16Q(XH7n zOf-@e_hNr`kvJxtkUA=&j*Vcm7RmJK5Hbgm(n)6eQ$H^o6P`o}*4kSl{>a$HNq-gy1|pfse=agpk*vj&He&IK{Xx3Z$eK$I?y&0+ zIm`xnH7YD6he-hLLuMC&kpMnG=5I*ptP`^w7`|-$H()TDys!nH`=Mdf&YGHlHANx%;qTu0)P zXq^EcdWd9(qM?RbY@{%GVZ9x8V9aX+$}dAQLvb%McOj*d%nZd_fQ}$Vn9MXxc92P7 zSbq{_@+&BQK{8CdX*gd*N++3N!uQGqks|YC379y7SAJwDtb^#Gk){SzJ&_Ef(a4NM zGCVFo=6obO)eadJyc!mGN5c707L6cUg=APxnWe;z+w9ZUKVt`$*rx#VwotIXjfe4d_F_zKE2#c|77rG=#l8 z(8&5w+z~Y9x)tc}QGNo+0R9ZTs|v|=A4*0bGZZPEbz=DYzXgEiA;o?QUQe<644W52 zdJ$U;o23!KoUI`^m0E$n?2bs<2>fGI;L=bf^Z!J(zaxc=z@?#DLpIEcT4qHZ z)>??cNHAHRU-+IM3eE)~P157wj9WISB3vI)MM0<=InPIpIjrSlbS}MC5-;fCK0x1q zt{ByML+z=$8$i1SDPcKB#T)9xS#$`9=aFbYt*ikF48&=orp(6pw6X@&6Ua&=YgMg6 zW;bOS5c807bD@e_G-rF2ZY}FUl-!48ENdjhf{&!iGDC6gL2LB>7Rrwx{X4)x_!-zA zk*|fd*dDEae z5z69Y%c9L+;jrcVg_6*LN9_L#$ZgNygf3$m3%c;3;d9YO9a09LR06W53uKJJDe6x^ zTE%`?Xe@gTkQX9(+5GWBbFB6g;BS$V+iXBv9~GLAw^tkNPa*X>jYe}J$x1Zo#dgA1 zh1qQVD9T<#T9NrEv}Nv5V{nGzM-1O91Qe^>5vg*rFy}>N-EBdMG<$%pBCe9h!F(Tz zuzZ*k823~ZaWG)c-$NN`ipN=PmW%^Q_re@1>(hBs{1yXv+nQ-GNVD1Az0eqBKQJ#u zN_d*bE8Powa}s2=6G9%BZf^s%{9nS%Z}IBNh$WyU=V0x|&X|%zCgt5Pb^GA+W3I z)JkjoeGAQY^Gm358xm(u-$Jv|_;?;pSCG8;g-zc=Ge!7Bt``Y+_CT3!M_1G7mHn$x zQ@&Uz8y88DyQd36<0;WmzP`{n<_l5lJk~Y`pEnem^NFW`cn~SeoPXY6ZISm$i6_p* z(-aG!bnzv)$=eH)hD=81{g~^Cer&BFxzYiYAyY&k4glX>I~FPPchpX2#Tc$wmjJaK zscjDcuBM}_V$MY7Wnc~>^*tNFRLGrp9kzRyAOlOULYpatxz9JC!Y-isc9$QKgfkaH zb;Bh507Z2CT81X^joCeiMa2{c(hPmQ#sD^lL8LYPg(sJ@UgOF(e&B_*>hPj#! ztupafqj1AeafYY%;AtA*WVSA-E%TMxtm5if*w*vRt?ip-H37Zz96+ zhZpRJiB($&=XjS`;Z9hBs5Z^;E=D&qQEoU@Aj5Ge+y*)(^4i-4sC1&8vjF3dldtghE$DO54Hd(|?#dB#eoBEecFe zwjslw473zhK`nc-C&HpW$^uaUP?Xd?6ZXWL5%=1NVY#31>-Rdsh1ch<_q=#A?=| zFo%seO@o{u3r{&{3|XFhT|`R8&)6s23EGGX(z5$+wJ4YDQriB|8qOeXvZq z?XzadG75_*nLmIx$|70GG77s=vVK6+5^2s}GYiA4HVcR;NR%wgO6F>MaaER?*V%=w z`RgZG(<-M1df;SvA|h+kr*NFnyVnJH1OVmi%X_xmoE#6s<~e(^5@Yuz$|F7D@5oZ$ z>Hx_<2}%Y}l7?eKt51R*OlW1A|0H-8f6vv*EQg;4%`sMzSq481n&YcD6M=mmG%-@V zS@FLJnibz341Q@J!a2h%y~%~}{Yx+i^5vjgUK?%k5phnEcgWZjoru`>^xrWe}fb~XB37VkK+ZDIrW^nRRJE7f$rYOG)Q2U_n z2RRPraib~0P8^)Cf%uq6^F-2=Ab$oUii5a|KuUOS7OGDTdiWT^FdzoApq!!g)L;}QU_50V2xKp$&&Nc(o^Wpgnl31I8#3Ie z;gW{M5Pz|_1&5eGV&|C6O%M9k%>dI=KraVFZcwMQBt~3=9T`B^BNZe9r~!5bXj^vx zaOSsInaC%`;1hc!xxCj&@hXU4LBiA8n8e6@MBtyG{T-QKkr3XGL^YMNgMXHicm>)G zb)z^tD9)y!lLD)8-2rr35hgE^>jnVrkqILeJP2SPNZlZ7{T6^T9|rd_uy7fC;u((X zU10b^%wDX02*BCMj3V$1fD4h~tNkGft651_d;_6eO)Ieb#&ciZS9 z8f?XfAos&`MwMsZO7pSkO|z^!O@_-G3aSczX1g2AoVJ%g5DrtI%Kd9gbWOt z=e#zc^m3%+eZ#=!%%J%Z61PXU6Ip%{kY@!=y#EXk2aw!-!OL?mn3+iA6d);h1qD}D zH(M~P_YcPAVdlts4YXvTAqqZBIuOEdR$HWS7rHD10n6Y z;li?JO~SDzQCI?Bg=ELbWygCS5a$wkKel)79ztp0hzYfBeM=^8kv&|>l?y3__h{UHmxCf(ht9hoV_ez8k{JU0U<#5L8}=b%Vp6Vs3=`)@ z*m1uDvGK9yTRsX;MjKl&qPIq`-2+e-30M|jjC{XzhfK!;#@kfkPJrWDZyC5`vGr1(2ehaH{K)Jlll(=nKOa>ClFsF*^~O?0kg+26S2{`NJhhr zXhsTN6&w3Lkib8UG8(=PG}jez|>cAzJ_e_t6kX^;~5 zT6EA4VE4HT_Bv9crb z|7xPm$B3BaowkX0kKp+!7`oiHbAGgmI|IdRVhcE}L$Y>qXP}ZzdTYInf=er`M{#*)hTxO)T5&v#iL zcVECPdzXM>Ig<5p_gh0e1jIoijgPxOV0;|kBEsL$8|w_c2@?~%@*@uh;`v@_W1Z!o z>3}4h0dL?ekno!`a{`3&;|#~p!Qd|rD1iu)p2ySgRNhJ!u_i1U#uxHNK6 zv=afhd*+d+He(pw-e7tAU}f6yKD(Ls4S}BIeKT0x*v$LJKn{5y1mXaB)2{DBl?ZRl zjq#%aZLw^1Gh5PFk+%eD$o4DL{;ZkpHG#Hd>#4xa5mJR073m6^*LMEtY?8E?*z0A!E_z$_r3F%Zjz-RUvZCOzDRav`U*57(hbaA9X;o zMm#5K#NR{~>bcg4$AMxPk~QKBtr718;szuy-`68Av_||D5T76!Bi{HLjhI({lE;J0e>ul$L587M!qlFpoM)G zEx@rTP{vLhkTG_;02$h8KAK=l5j*9*wt3{yp`_$u{^usTHv*3CEhw-Cddn!(oody3 zvcg6Ua@zyoXh(Z$pq8WEzB9Jnk*uz#1=>;9!+{utlpM#6hVueuk9{o=tB@)bOn`iv zO~4oAqS)UK@r#`h{F)&wz>KkM`v(S+?Ng}zI8uUPdqyCGF6=lE$B^u}4vda#Gypr( zj;pT3_6evWL9!j!VL+aNWXJU^JFeFPu^GvX>x<~PBY5RUP6))$!Ht#~*QY_lUt424 z4H9!)FGdlyjV~t=RXDCUT3qwE76Z?5eKDQ;u*r{NcD3TqEod2xd%eI=i>4(`s-{&=4oWUwf(Xi#g6WP9V3)b z>{zaK(O{2rD|R1Bs5N32pnJZf`5;NLW;VSX_d&+YM&MS}b}uE+kKOwdV*HAf@Xm11 zw+f_EH+fa)H9%XI)7 z2YMQazaS-2rrnTGi9Oi%kgWqcXF2R{9?*Y7`B5a-Gyrj3kwHo)S=-gXxNr#2cB9E0 zTNQIXGTl(#5h>;l01J?rP2eE_HzRWslCuX*aaXQxnbo0L9iw~g!r71Fr$Ij>Qf!TO zF)IFs5}w7}WJ{uFF?N65oW+34zaPcaceEzVzhJaZE$Wn(poF&jwq<79XIu6$|9vRt zY;cZ7IQ$tA$4r9A28nJIu_q&Zn(e=t2WB--GcrM7uNYV%^DrXRE`P1C7wUKr$(~W| z0ih$lW|>e z9S{%XqPngE0htc81XkBfOu=oEdtdWBU6M%wv2ugQgFL{#Nj{bi#cIIAhBvk>NPJYzw71+py!X5X&2(X{MPyd+zt?o^%@zS`3xbuF8;4v zK2N=VD+oQl) zXq*PP9`7ZW^>yIfzN<+D&??Q%B+I!nmf+-vIlcteYLC#g<^L zE9gpiIMB|p&bIr55mWP>?8JiR%OK+~hNG5tb-;18phZiQuPWi?K@8S>X^-j^Es6{+ zN&50rt$0n^4wDFaSK0m|p#4|Z&|Wk$$!NV9f+_S`})z+8BMm1U_|aBPZqdJ+@&k~#8!z_ATH7ct`hgaOjp2F;+tJ1 z9tB~zh~~*HuDuj-tOvW=e_l& zR!~3Z<6+3tul_>!*GJF4FsPpckl7n>^)ruz`rd5S&wJ~$?vjwkjl&TbDIu$$9S~xw z%dh@I57fukN>KIlWP~P4(4S6Z%8uV*sq?TZ5L8gc5LpP*0l|vE;Mr(&0|P4KqP4nvMZEstP(OZNT$~LX*)e16oi)n~hEm zj4o?7x=RJcbaXaSu4c|1irG?}3<*9TXu-dEtx{$m%A8_?yQhkGn z_d>W!M0;CuQvDDO5o;m51azUDN)b6L-Ka($VWM%dSKJC&2&pcQW1biS)V zr=}{<##y;`Y0nf_SN_E07l5lkQ=G%+?!&?;;409RdONgpFNC{*>P-wUgD-)5{3NpJ z+S41fYe7a*g-gyYMQ*O-QWP2=49 zWDzk$-h|Z^=`PZEKc(UCAf(djfef>c78~8M#Bw(bsSC7Dgu%ya6DFdil!E)UD5lou z&rlSFu!drO5D;C3j5%e;?DL4m_m*iiy{x{?9Z1_T`^%8L1n}C_p*t2K_iJWPuWz+M zX7_+~CqlOZ(P?SV7ZHKxr`wQGwYJ%lb2M{0RTDwYLi>?!*r{2l?Hac}*Ngup=)^;1 zvVdW^b@y{aB6KxEm373;CxyC^6UwAxoUPQObMyJ0!9iA??F7=<6&()4#`NidiG}}{ ziFtvECw4Wl3Wl3+b!QB7e3g^qACux=TLXVoz*mMl z{t+qu1!eGu1$>pA;~$#h$E)Bs1bp=!)V7czt^XEg; z%D_JyExj_Z61onbZ3<+qgN|fp)@KaRs7{0QHwGfxTZ#my)U+yJk2mVV+mMezOLmX_ z-C)>4!TUcY95Aj;F}&z< zNEZ8Q0v7uw0*d{)|0{Oot788+WyNJd5PNh7Y&T&1R!UNTsk7&jWv5slNkuy53M!JV zF8oqw+lzmrIF0~Z!EbkWyv~9!9q`wnsH`7?nmWd;kk0*)qtT6U%=Ikt+v+Hyo!0>(P7`M6@H$Zq9h;B!53o%ABC{pV*x)4x`Uoszt z>ph7ENXjm@Ly0W3*2UQY)fL3ej^&l9RIaV7*E(_=T2%ySWw+d~t=m)0^JECe0xs#V zI!9iB@HpTP#@f-VS;fGXYN)0PW1)Th98;ARw5iav5OY#9EjkC<_t5;s1mye0jw#=l zL$ZupMZhKEx?-Yu(Ip}SYP}`m9duk#y;#>?iKrY%(*~k>$o#21Di3UViNANn#Qk;l z%rmAF7iXA>Emx(Ie1DyFPy3_358$3j9;mZtl2agz1MC&|r7jy*fG+{;KAGX|k{iz~kBw3_^M z5#CbQQEF3BnJl%wXH(HbbDToxQCM!ne@mlQSQ)3hdTRg z#{vZA0J#OD5b988TR<5H@)Qrz-EGpb&h9oj7UE%myThhaoqgHkF$jxAw8xsxF2f7R z$5ueKR&AGEgK^vM>swc>?=lR7b0FYvB#~!7z{WEYs(GrN-A?C$5!&f3X#JpN+{KMS zX_{8IW*|Kfjx5}f=6JDD(Aq9{7FodZ+Vtm8V$usC zBfaRRRB{vDs}aesiynsFymTKiu~BnFy{nyHSGR$Y@@DMb0JN{7-bfD5_{~5ol&Fh` zyFq>${y%}!v=r>P`qf{oPxMes+KSW1hZtR?1AQZ&tA$(fLcfL@tJM>Owjm zHU|@#5JOFi<&<4HlvCGJm#=Tf%1?lM2F ztgf$+iXkk_0q(&zR(G(9bUz4t1O99jb=goH2zoPe(biW+$*F!fBhAfmIFfjUDjE8t z)*K%5JDV*Q;p6ED|ETSy2v5T93F!#`s2!{buYhnVkf*Oph5oFy&gJhA?gRX3SW}&z z>%7oYk=w7F2SbZL3yq-{O}*HnK-hIDfuz@0?;3`_bKZrvAfKbpT0v`^$Ph2lrm9 z9ZDC@fnMEhxxO~*I*L4tgl}*O&*J^74Yf&?{8$eCde>qu5?;)`0AAaR(GzYjr{;3C zIpM^;qlo;OTAMZ&|HASPLZPN=8mv2I_)P8YGPZ@xd<(Ga5uT~-Egud%nCT3Vz4&4l zLecfT;hIZ5TO0cm)8T(Yz7+n207s<|P*0MFX)>6eBsMi5In+xW7KQb=^TmUQF?<=D z_T}-~PV(h`?A-%&utPYH*Y062qf&3jE7u>XjS1iWb87C;# zpz!zFsFrEAqTnjJdRv$Hzt?t`!jA}lX9^6woKbNK8&OD@hd-tj7T5NcLh(>o08Q}( z6mD}#nvKFJQ@H1bR1CM(c2kn}MYs>p%HDRny|zf5#w-ZajW`w~x7XG;pu7yi5}>`E z3dSO{ZhoyNSyb!WiQo_6zYm0UBKT(l-wV+Z-r`}5_&{tWI_^Yp>Oej%^DudQc?mWb z)W$f%;Y~%#<;hz&q&!|w+gVA}hetaDUgGrGD9mw5?0^DYH>KA9#+1UG+V)D~XoQCY zt?Ua;b834ig6kmYf}&RTp{6TpEA&yDXCXWZOdX9i*A|Ipdl=+mSGeUcvMrh^>1Zx? zS^q7HUjkm@)g%hDoI+k&;f}PztlB-5kb*;)WdL5{UsUSQ*)Ad5e@a!qkJ1Wf*Y2i- z^hUS==uk1%*3-_=tc=^|W~j_`-H{*kra6yf*iegk-kQ>hH0LtTUm z(h>Gpkjj!nU4+R)>D+)0`mO`==?HbzerSk`a9%pX6Vm!aT!ed}+Y9g#kB&oOKNsQj zbcA=O74~zLaV)}P6roK#_N(1np9Im+x0@bc`qvf+pPG(P7YDi?p?_^JrSMX8FSH2X z)Kg3ET6=2Ad^c4sBMfd%p|>maB?#YZ3bmS?_pB}36Orxjq}rD-r_i%@Z^iI0gx5-; zFyrv9B*~gfpHSIm@hmP#g)j-w@$sTs+bg{m^eUiwQvp*6e2Ep~ zT8%xL*fTo=Fa&k`Iha*HZySkcGak%@F=QdS0i(O;F9>A&w3MBO)rBzhu%7A+3N!RL zP_Rr{`D=|WvV?R<)Sb}!wZ;x%$1O#_)!0$NxZN!EdySoXkK0Q8A2qf|q*r5h)VQr* zdlcDGV|VV{#7z}#8;Ia77s2d(L*7ujtWc9~m~wNTw`y#^_hGW&?|{3$>aCi7YA>Hc z_!r>r3EEU+_XM5F=F*8kuH6FhPEE1yTeuIxoj?z}e)`=S`<|fRIMzKGz2|)U1cA2z zcMj!;nowdt7S!~FvKq(SZ=Qy?KvgW}Wd#@_|9A@%O_`#Yz^zlY#^TC=yY7x%nLp5b))2hV7 zftiYzPsGe^u0m`c>jev5-_vUqnZ4U;_S7=)!Q}LTK&vy_nEZjVdm4mEB3c4&ud!1B zcSE>MM17ScbbC#;s?M7bHUOocmOxxs6P#=PdX_sXaHsR;S0sJ}?5IEk{a)BjnC`C0 zdx(1 zR7d`;&f1>7HC48nVud#czS}L>d<+t8g9e&$2f1#O<+e2g^!$;tdkyS%HGE$X#AZJ2 zYTD|a{`gwuTZfvmEI4s{v87{;z1R}BW%y1twgM5Kkc(L78v7KWEB!7tc6oc2y&WHKC4iyXAOBO{Gq)sW;b`4+=A0WO7n4 zZU#d6HN_fpLx-ocC%@((%O2YrEU3|!wLF)gLYE-Lnyj%q#l1wQQ7CV(wgxi#4Gx1K z9cmi5FjdjES9enFn~HZ6fmYdzO@5#xmOxk}qJ91Hx9Tc&{_j9|18^^|{84Q$uVfL6 z54aIwN41RzgCXoK#?&{MVcf}}Pa0Ca%OYs%6QaZe&2{|hc9z0W$6x9gws^B95boJh zcp9~HJ&c`uek~DHT)rLl<;C~oY`5rRm#`NRcn+xEiv32cW?#W@F#QxFB?0_?Umf-#hwp{F6~Qe) z_!f}F;lu{Sx*$A)Mxv%+R{-#Sxice<@Aa0MAF9KnQ)U{_>H(OUg9scbGXoGFV`hfO z&gK+$ZJk{zV0~z02842qO+@Gx*4VSG0 zVhga5nh%_X;_$*T81$;6!zoxdLDrG@4%V!_YCAd|8t$fLq3TL?!J3xUGPH&Ms0s;R zzagc0irg~IKdSbc(U}u+#Qz}RC6cG2u)T^4KIx=UD25nndM&L0OUT;@zX7x_c)-c| zCY_KpBH!;OSP%&?v!U(k!O3M(-Vj- zMn=n&loQ?QaH@x{w@xe_3+Y$q@65Env(jc@$=`D^aTZ|yO3wH6YyKi){x-qC1u%b? z6Iccy(|Ur7LY|IB$$9!h%P8dO2S~pO#3m!Ni>E^|GmM%P`o(!V01=n79Tue$3`?Gt z9m$von5UBCT`GRfQ$)2rWsH)MA4 z^kB^N<0tg9^E3ky=jrQdGqB|8QE`t*PfPAeWdCChlSn~8ZOdJiEr;_6c zIKSp8BIfBu@Mi<&=`93q1dw_7Z!QXXx(Fqgr_Z;HLY_X4^pikr1v0yM+6yy7#$o11 z=jmKTiZRC*H116$7?wN@k)S^@W1dQmmk{_hPZ2Rs>yfDi%+r1ZdIQMh_Ha?i(}^fK zPfu+bg*-hG>0^M{Ok{TPbWhCmk6`8p=jm`noTuy4W?;$FyD@PGV4g~jMJ#^JQ$)smwrMp2o=fztD&cKxP+D_r=VieK7OA^E82o z^K?eq3@mwi0A}_D%u~tvo_@_!M9kBP@FxJ~>1+Zs0c6JYby3LEZU0Jn`fST6qdS(=^8-^uM|BZ=H0rOOHzNcUF6cO_@>u7p$z&x!b zPzfM2s*{UCo-R*&dP>VE_RA#`Er~0_gXFzN&GP`)% z6EnNVF!QbRbSxsy)9Gn5u;giHdYbkEjZ~8J?bkd-#5_F&{!qX?oj~AtfGDP@o+2bq z`=vd7rezfJ^jf4Z2V%qj+f&+PqOcuizHy$`r#-D*l1eZvdHO0QUIxrl$@!js%~M3o z({1p-1zE}nMh5#ZuBnAud7qj^e5e7A(Lsj8nG%(3OEcdAM>>Gg)6tDfD}X1`k;-MrPt1$sIqyrm+-rycB@kxwT@B7Jp5p3Do1Xu zviDmD5JwN7Ri_~)Z|}D*g0Miu0vTzlDp}3k>Q4yY1G#TZgLr$DeVFO6<9K=i?1H2w zq6vBW%~oU&RryPa&i47{AafaD`+T<%xK)Vu`5q(i2oPJ0UT{H@J-v>wTe=R@v1g7$ z!PL}v6$Uk@hUl+@rbn7L9E~lE=+=PbCGy51cw?2_aX1)iwk2QtuC7AdSk<8H+eFM8 z0WVQhf~yOnSsYcn&ZrLA>ML}_lC5Y zIaNJX5o>X;66kQ@`6j=&)i|ohG~pLl*&awe`mSQVnAX3zYEQXwAiDblUgFwLD4bbk zE1vJKO|AF$d@z;JGpqVaK~E18fmX+A%5Y}Y0gCWJ2upz6CK)-a%2wdsgzzsQx&v!E zoDwa@4`np3rH@2zii>O`Z0DUm#^Z8zO4YuK%qNcjV1l;GOg%KoDXdE?+>ln7RMkfc z?NO)$yx}jGp)kHGx;ibq7Gc+@#=E?uQQ210_^N$UE8)-Yj@EHiwo9@c%{)wnns%h4 zInFhfp+qrQ(IoCY6@gK%n5LmHz!Xk+D3y>=u63M_@Tq{?B^gzxC6p=z@73qxXRX8b~~P@LLmF2hneJHG3>3$Cyqm^vd+e8IQ|Gz2KYAv;T_0) zO5hzK--C2Nfqh3HDV<0X*(<;<1tN7I4-%L@=gO>(f6?cw%!IjCF4&I4Qy_IEjWFNB4F%fWqI4t@yXb-;3P zAQpM0rwumutIAr2RZC946X_HIOXyqzvxO)NJ|^%Ekd%()VEYNY69ZTdP9ksuU^%${ zMWvuyKE}zxVyTH&{0J4{~lZ+V29Ea|I_c zYyga9$s!lADp;sHrIF9ATXn7%a|?fURR^o0 z%5i?JMe!wI)K+AseM=mPhxbD>vnofc&g-CNn}ZE$&CIGjm7;BEeGPbt%@PP#wcd^Y ztI`T5rWL|f{iIMhks%TA5~Yk(q5o7`_q;r~LeMKYN_mx?)@i5$n z0PmL2RAe#oOP_$jOSyS0r9%$L~l}fkld22|Y z%M9IHnX__|=T(!np{8a3ApdRQ_uk5`T2uWLyB`7jtUKA|^gWo&oz@!R7b?RC5N8o)tXKyeXz}&4BR4@Ef>=-kqd$Qwf1*1GXh|=c zjfMjL7y`4YYv%^y=O8sbU`BQAmWeM&1s0|P%Tj@rL4flVImCEFr8^t)yXOs5W;7lC zSgM-eP}xD{vIZYk1MYb54V8T+BljhQ&jGiIbyKBH5)+ut1pE$Id+15>09#6vy$5RR zmIL8D{y6K(yK-Wq;r#W)F7jUDG?pboGn|v#Uc#i+1(|St#EeQi>@<;Rj|H5QGb#tl z$p;|Z2e|%vW~GgIZ$fw(aGsy_~OdU^lO~9o_tBAy+6|z z(FVZwW@fLUx_HY_3|&?kKLKUin>i8w34ra*TtMJ_A=;a{iNFm&Y!RBNy&20QR%!E6 zn==;H+j?x9rLH88jYs2e&$>)<=L*jvoqlh~ngm==g;Kj$wz~>@ZX` zcU6N&@OTN}a(GbXepU@2d=9uA9_(^h_XA}D zE{6|tIXnx(bYRdUw7Jm4%23lQWcTm_W&tZw**z+i-R~dgKJ<0C%kICUcOPKcJsG{Q zHxN(EqEuQ0C{%Ii}r<8x3puN&a^0L<${2n-b>uO|=~55(U8|Mq$t8vmn` z)I(M!S>YO4b0rxcFkW|z=1Sr(gQGd@*Sm6}qt?3VM05-R+YL;-uZR0OSC1C_LTOt) zQa9l0QC;Qksz(=-DE8ZedQ?|AfO7I)gzy~Tju5x4w2i%O5VnYDo3!m*J?b}wM_8bG zDx>ll7|;E6Z{qDz8P{gfk#G(LT*>T~Dw&PPRnJ5GXvAH`>QAvQ|XTz<&y`B6^3w+d@=C-xK%_h)qQ^Rk7@Ly8qdZ*(OpuR)Zb62&v{NVP$llAJLEg$! z#Wx)}zX`HRX$U5ED!%OjW4vQD7oR^9(>gdi>%TY);HZk+)RGfo4Pyrk+o{c9gtex6 z)c4gyxTPW|v>M@jj+bt!XshPqCE`p1LLXJwa>3ZuZbBDo`WZ1d_4=s7&YWq{sUGkW zBgUZcZiUT9N2e9q;fPasx1x{EI}JnlASv|So`u3%SM5S_IN#=UYb)$9T#kE(sG^^0 zS=N*j*$I8M!giy1##V*B&uI?)k=dA4SmmpW>b{D4O$%ob%@n{@*!wE>kg4|}=%O@N zH}7|K^MW%x?{vVQjy0VY-ndf}qow+D;OM2KtpP{0MbPvX)sALbbQv^z@n|CfmA$`} zfU>Nj zy+P*xgn^r1IO_g_gScaP$V) zz5$06M>j%KW=FRY&?{cip9t8yOPN1VyP?c-;^DKrDw>flywqu<%-I}VLPGi7=p?B5 zem_WBaJnZQyXQ|1#8w1iJ#Z3|GJ0JgMk@Syf!IgQVhaPYA6tm648(HCUDtv&W20E3 zYXWKi{XnFX6H(%$KLxbtj+9hhP+NuvQZi8v&7G23S&jMrL7UNp#4RKDudvJbT$}0d zdS*RE?c<8Xosrt7!j3?6bnnX^?t0ZMo6R0kVY68ZuCa&+{wQ~A!Us?UE`mSGJLzfP zMes+tYm`LrXSwz5E`mSH-IRX?8!&vcH%1Mi*jT)yXc)SpE$?7zMI5)GBBe${slTgZ!E0(;d#dYI5nE3XCo+&%3;aA*FH7tlW+<2zNTQ?WpJ)y1em|c=6=U z@;r6e{i#j80M``na^6jaFahxA;+WO{=P_fg&+`{Ro6Ga#69G+fi=Zul_C`Q+PZsCH zSq?`Jl>cs)j&6r$Z8CeAYm===wKc}(*Ldq;sWH|YD|opd=lyOlWU#kmSXVGA5FXJ| zSPft*3~K-tSC1x&%Y*EGkc=hm%vD%%aM^u%c?V_p3R1HiuxLk?=8u?dCb9O_{8LxvAf*@{XFSzd6f*v&$=Q>qvSU zC;FLFdFu%2{{+!cRieG2IqSEn)(&^pw;jQ&<;Ajo*2ffG)8(T)YEWdg>hn)Z&M;cjf7x>IPmj?{MotHhcJhb>IUW`0sAT{eqmWREu zyA$Ww^2{YH8HC3|eiq?dfuuNSp-)DHyFOCYtZJwy%wITGp!z}>dgVYJFezxoSpk4Fzi(B6H!0-?(#m^})$ zF@KZDRyp`>Ja)c>CO}?@KohVN;$_>*a!0Fhyl!ax7LVU04ZSnB3hAe1*3To>d+1c2 zghi&fM_>{Vt%mUw+3yb|Qb~NUi-bQtV0>>39s2WPi-|ADU)Kbwqd0#amAi|jvRJMh zU!M2WI$XI0^4qxahMd0|B!_168%R=Ok^7)r0p(&KvK(YJf#pJ;1?fGDm#TrtYamY& zxJSr)AV*)o&K(fh3KE~q9fCrB2AKtNJW%g_!V?>DwB~U>5(4RXA^SE!q&3J00tW)o z^(5z+E69Ye2^37Hx>6}rciebD;{41pF2xyGQU)?v&&qk*7d9 zTug=mkyk(l6Bq>eE75tG`thBm+aBMd>!7^}E&6^c@HK&%bc6o(AW%sZ%0POCSO@yq z7L`R8^V$O?Q)2)8JPm{l*ppo}N0^?ArU{y&@s|@w@Lum(#^lqNeAmsCwBx6(DC`1LD9St&}>x6Xk6q9&v}#4xKQdt5!Dg!4_s8Cy}j7PK--!P zzIy&Ps<`I%t*G2CkyaTj{!DrvoeR~DbqgNG>CQsExHBZ^nhtORuKAEn{`82!9GV!ER{q847+)uxnPqSt-Ha z5!!BopQF}$0@cHQX)U}Jl$GPgxQu=Vh(ze_FCcKfkbIE&1g;ZO1#&-u`v89c zrjFT@kKAKGMZE`=As~GjkQ%($=zt`Np0t;@N#6o8M`t7>n?Rn%)=HrAGY~aUyJ+tc z)VMK_UrSI~R&3B~_^FHb-avQ*;AMBm>-i?=^}vVftgwz2hWCN|0|K7|;h`V{FK3_v zk`jv?1!XqabRaSTWF>*+Le2!y%{AME%m(Q_hwd4OTm>?hz(qoC1bL0XIw5z0d`{pK zpiTAlB<>{ntltd&hi1fU+x`nbdcexQf~Osz{ps_a95)08a(?SjJbV%48u(QJ*0x+n zt1)Z(&6Ks_@uD+j?H5>kBGr(xCJD~g1#*6IU~L5agPb)V2ez9v{btMB8S%1bWi0{g za-=RzS=(W9`c!b)fq_Cc zfE-8QD8TPPzo)(`i2>K_ITr^_U1xwZ)d?z3Unit0wm2XS3rKtuY{t8_G z7)#SySYHRN*}D1)x;ko+rUMNVm3^aCi^{WFJ&cx32j=4Gm4N3@BaUw{_>viPUrP3( zGok(lHKtk^`A(jX2=zvMF-=x&i`ClEt#%B%ltMj# z-mz+EK^qNC28Qiwpq}nZjIjZO$Y#=8$>y{`U(ZupplR!QP79mcpj9B()GQa<5zt&I zD4)2uk9@j!3#Y~LA>vI{K8-KWJN|X@X$9oF$)h`fq&Sfmpu7zBEZ~nvLkpK-WP@be zjL4q`!(PaC3}z0Ve+e{YTc<#nHv#7dr2YYEPtRW#m^?DADJL~ItDod@f@Sk#E+eHq zi1WnqJpWzh6sJK*iV~SgDEBJPQ{i9a3XmH?E&(F*LGtJF^Z<0d3uMeOYRnzzxIzoV z@$hSq_JP+P2tNz*9)Yz&mV+E~HH{5ON< zDKLTOgye!8dM)n<0FiQ#f_W@_1Cfp(`x59bqyc0Vf#pK>1u1PLRv>Z+$bJNR3ppC( zW&&3UnFx|~9p`3*oCPu+WC{?u2t+0HiI8hSx?E3h3}l}?$K^n_w@o=v6V5#TP15=b z9wg^R=B_~GKOnsbbQaQz$!H^i3xyPe{6XMXAUjG|xtwC; zPM8J~vE476w~=UzA(!9811sS9V-e6S<{?N;NDiLJ&v4~||U z+}4tl!B+`2docqeWngh&AnVPR_GMt`I9FvmIgaZVf=eyWf zBHKY06Idi9LYBWvU_DTh4-%>3r)B{d5a|MPCV>-y>~0i7)3M6;O}G)-H{9mfx5)Ru zL0$)c4G=yQ%4*BqbX;iBR}v9vC4<&H!l-QU~~(FsM;uD5g|S=P+B|3{8_u zbpq2VOfP$OBSW1GeQ-2zyYD+oLWSd_9C@g}y6ax=X3fT9fH!W=}H%_z!o;n<}_S)32KmnInEh3!}3 z{yI0mIO0}bt^uebeJHL4s1Dsk?0rF|L!Sn;(OhA*nbxn(W2T1V-zY_zD=a|fM!@DV zk_el$M&iWd3XQfAJd+F<>uPb&fTt$6^Ycz-M&k-5?6GVn?7>4( zhWm`HeXzu{kK$$0N_ev) zt~@_lOZAC0zJGr7Y>!}Y^mkrR-JWvZ1y4+)g7m!Gf{Kd1DC_x?1LiM5f^1bLNbLL| zvAOS9MyRb@8vLa&Ix-Bmb&MdM)d97SqpGs|N}_V%^uUCBs;vv8Cn6#ILq6olr73h|10AqpfQ`35;93HeV2Agx{d4U0=0=fohDk3 zi0+_MU)5c8g6`o*_S8uXXW3MHPb$wl=Oaq&P{^NCTAu*n{Xi<{T;o7eVv#XW?gqOa zh)e=0y^UcXh)e^yi@15vO7o}kd#>D zJSZ1~oeM#1BMX23bU4fsnUA zvhL(TOvtAoSA(1fM7{+nz6+m(`~k8SV#_nyBcZ8g6MkL10V zjGpiwDbjoXJ?>^v3vdf)+f7iv`U`!WjLwyyo}vyy=s**^urovc@yaayn#C`Yv42SL zdRSu-8Y4lQDEB+TIvnNdC&~D`64JWaYy|X*qVsRG3F)_5(N-13!tV$E-GtB$CirUy zdRRnQqT@GDf;B}M2S_l|kq`SIv=oRgf~$4v*wP@NF61o4?TYH{^a{SGU+bmbPll(+ zf_!=&?PnELbQKw}2hGdhMqpn8S0Y1;4YB2|G~1fVSOOYG?lYb}9QgC0scNq=T51i; zmO-qC@ZU$EGez@5pky-!ZC$E$xONyc<~+QAeK6C@4-|E3hT%R#aR#lZ0luQ@8Sw3n zF=xVd34LX!9tjR|0vT@kWj)kkr0BR5)z(zl5FGG^Wn}A{uBq?^Jlu+&>%mK67f~*p? z9f6@x1_F_uAae*@BxC@{69gUxVvCwxz;ERvj`270B3k%X#r~h-_(ozcz7s<6e14K5 zM;;`Ua}NQ*lOP8XI8exoAjc6nM#u(`vk06Cw9$$1P2*LC^jl0cq1DBik11_B89oo0 zIY6;ahI_FACx*O_P;V|jch$k!^3QB7zzVs`Z@p~&Q5?(qD6sV|c3uJOtn|V6;vV4n zW3j0csYlM$>|juc4yE5!#rKy}yCpKni8Pny_#mss2D+}q;{WktD|gC7Mw$4RM3%kp zR(dPU^4E*#CYI;@ycv(iLOvdEjs?OaK`tS15s;KvU6G`8A|JuN0oJuZ=jv6T^NaxVX~^aa5;fX&FWaBuir{DFst^#l-Me0 zDlnO~MM-s6Ui1pWap zW_N|S*q(N=$>uXmwtfkITx;!pls1LZ6i7Sr*+j%aC#*{8b#+9(=BI ze&c0yjWXJF1BLANOXrsDt$eY?|-noRZ>AXD4?s+Z)p2NmUz}*Ma=(6Hh2w#b4+22@Z+n|Tu&j}hJk6X^KE3;e9 z9|e5?a66-qmxVT8PBqQr=cw3)w2uh7(qq_foAl=i^TxX|tu@%N_gb!>XJampT zJ+Y-Qb&*jc{BtWl_d6B=+W^%q;Bw-sw6-SsI1#-BjESS!Tx>y}qvvMf9XHcPggUXDQK>%F^#EOe(YY6*|VJsREu> zW^WyED(knzCRv|#4zVn z=v~Bf%$H$hwels$d>B^N!+iMh4rC80>-^ggJW6cL1l!MPZfwT`w+M%& zr(MS2;30tfbn$*=L#6#Rgyn$09YvK^Z`6WL)C#L1j}+YfZzHDe%+NZjYRO0lBXD3p zHOO9N2^Epok%wAyKzH&w2YQutS6hufzz^UKEc7W0E;gR*_d`e054pJg#_?WsGBnGW z#DR3>p&rh9HQBY zdoLMuw`MfQ-!U)MBOlv;bs`T25VH(0vtUYLId zF)?5~S?b;}v)*x~Gwmh5n25@8rPhMi?Z=vA26)p&UsJMX;JDJxI#xE1LYfV<(p`+m z_d1ORk+GB&KoKvSVZ=ciPcDaeG2nXPaW0;hAlw7=&_)?B9Gp9vY!6*qnp_Q@ z^B_I}b{=Kb{+hpUMlaM@8h+>ts+i8B)WNR->^w>z0=CZHM{U)%Z3+Q^vhBTWEl}If%FUSbxk?j)EH?t57RZG-EQA>}* zp?;pFT;~hN~{A}_a@uC*4*_B2|Fe>+L-wFLHO`x5#}Yp;vBRZ%Kgc}Z}p znh!o5p!ok?V%^znB+dYG@4N`&R;T(Egm*;jc_73uN~{|l_Xra_z|9%IC}}PCABS)Q zFlbZ^$wX;rz}u;b;po!PdXVZoYHsImF*bj1MB0`nbT)kMqdYDG(bb#SWWSlzY$Pz3 ziP|sUAVpc*oo7rHz365*HXGYUK*!Nau|{2P`JJcCcicoxn&^1d+jt^5PO&~hafJ3P z%~t{ZOpHGQxl5D-5H<3&Sx%1!c>82yq#J?T(X+2<3@x>Z{2p+70)7VsbcSxeIbiz; z(FSPl#m@pdzr+aLMZXM487@_r*Cyt^Iz>|JR>Z!B>>!eu+UZw`5ZUKolunLmiUG}#VP}>^j zc$&fb2?|GvIW?f2uRK-98_aO4;aj$=NY#?A3w7h|AfU<7P0$p7);3G4R`H_6R0T^}2Lj57c8JyOqc>YidNl^_8Oem_c0qvwTO(|F6rUsnz(i{%{1hn~qQ6A8p@S=cmzcJjmF{7&> zT8B{(uEFVNOWbp_Rv_Gr7;tCCpDj5|okqNO6xruX3e;J|590EF4Gyt z`4?O(^a`Gfz*t`5ZhYy1#T?UHUeZH)Ii|O~WQaJt5-s(DgVc;011FZGooIAU$olop zx|=s$Ut*8Ldo>{$-(3l~v81)`*o;?P1#(kKjxNG;-Mv}pB8qpD za$$+htFq2UAz4zb$g}JN_C+NndY;cZdmN|ai%O~t8GjKTqIgq z;w}=Mb}9u>RbmS$WZyMKWZ&c}jJ{Rurn_1Qb(Qa}Vmo}D)8#N@_q8}}wz{d$dq82rs#eWvto0qOS|FhV>OCSGiB(f`;Ek5OpWRdMp z6+mYh9*4qTMdoh95{5q;TtDBQS_Jv4$foJnEa!L)(CQJ5j(-&mRGnJ} zVX26g4zIXU#MdFb2IPhhLDF|A`US!^5$*0)zqqJ@WOn`s=cj<&k&{faM#PyA&KA*9 z5_Tzh7{Waw+R&a+Y_0V#2!DuZO);amOii)dV@wQz-0W&>Mv4nBpxP{ja4+Dd_feN6 zn<2afWdH3qri`Q<4_l*?S)4ie7Y2#TAU8bD-YXD37i1BE`9daxBv$Y!0VJgpxgN?~ zuxY@+g&^y&=j*{)-Q=*JG0S+NZW7WG__G`-IJ{sJyYP%HZZ%}a*ZQ9k*79vshSZ7r znGZNkeK#OARJ#?Pk>MHJ0?qA#=1*vj`g@=`n}Fi{VJA&3?V$NT;`CPrnyttN`E7fj z(@4a13Vvf((-J!mJMo&La1SWs;U5o#+k%`+;2a<+iO4=st_N!bB11uz61W$z zzcwGvW8ZD5GEct=h@k<++21H{VvU^ZMDR@@{0DO15co>ScOd?g$O4f9#L5U10&TEj`g&Qi>y<1-rQeQFK=8A{y>op4+mb+h?Vt4 zoEP6D>*JhT^G@P9n)pLapZt;P%EuM$EyIseOnQIc_1ec5)yd{22pdJ*DkCQp)l2P9 z2)~JVQ!j|)i}IfAL65zXO%R~NGkUZbUsSteFLJ!m>+s5c;3pR4IXok`uoC>FA{!is zps+WPd*{(cEZ3I9Z4hn(c(^%%9WE!i0m93YJiR}X6N_3)Qg35NfZP&IaV8cOi?|zv z_CTJ^5GEDXZ2g1BItWKd@7C%b%K0Aap}Hpw`-sEvwoC4|RByekXIQ;KX#@CAg= z04?%Nb{SmoGz|vGE#Dux$wfAZPJnPcP(2(+`V(*NIaH(2*+sT7G6&8jfVa;kR;scI zj7^K&TGUDzv>5ii60s(?Obc3`eyzz}TNHi<1#5CoA@n3*P40C9>xHPv{hPpNKx`Fy z!5JA_u}?h{oP+u38Y+S|&7+$LXwy742XWW<-65>PjOBZ3*7_}lT#!+WCtZU&sk0fb zPIfKoYLh=3=(`pjsDWOyx^6CyI=Y(OvnZ+dD)IWHeW)RBg}xzag|39Wp0w8Fn%3({H$k;l|9UcC z58d(q3_$($WVsNxwpT`@E6li|w=%CCaaYWu^g>lh>lc2y(enlrfHz%Hz}pm-aaG9% zW!!%#wBLbN)*VzQ+bcGjDnC0z>@Hy(phyJXRIcph$CbXw`Z4mLuaBdk0pe!6Ch?UG$Z$X#$aNc&`K zbz3j4V$J}RE}9ClL$YiN5r-SUo>Cg#+X!tPVa{o}w%^tKbiSzm^6nwao+wV=9vhEe?jIkkflKQ3y|D3ES3m)A7m}a6F~T1AcJ3K zRS8JST4f$q!i`&}R90Bv>nV{=1fGHaC=l5LB>4($1c>YhaxVd0k`oyQvfElZO`!5` zAiRxyT4VwNUH38?u=_c;SPJ!9O#(t^w($=k#kQPsF)|kdww!V+ft!VBIprS&9s*(+ z3)0Ie8I8-QFfxy@mCIoIB2 zSpfSIfIK^coLPgrFZ<-#IUtGGJg+qnxd>!`0{Z~j&o`3LdzEK)|Hq0pZLUWlyczO| z@W%n+H$ko-a4C?KSmYZh_k-OBM7D!GM?lx(w%6(1db6ir{rUR`CwTvY{~N$xw%Xx> z#frAL6~9lniLX$!YJ*+=MaKwuF$rkkOXt?5cNFub8u9N6l1O9veuxop#N* zIaIr93KQNYBvhtnq$PO$gmRJA+%!$=Ueo|TGf30IG{=h$zMq-*RL1pb1T?G09k&;u zcyz`*H7yQuZUwIMpsbwRCmH?$QHxE+i@MN?sBM`hAp{pdA z-I?{#F?UFCxU7vywmve3(2kDEcOkEU)W7a| z(<%1HS>uT#`z?B}#`yi^!)6H-FSH|V4Rm*K@&qCWG>DCvbd=EvryqC6gO$S;5hEH;|jK;-k2#cZW-0=mD>b`y5+w)gI*Xv=|2Nq^vbsIFr_xCi-Erff% z@=x(So93`r22Jt38PLwd!eD6HKl|0u%!lR%tfn>^2{o%$)M%w?8np2Nttz0A!q{AB zsaEGscyH98NBdsSe>+}H`UvQbF#cuhq?c+>1&!numH8Uw_~c~#*jD8D637kYb|)Zw z8^|RDE)p^i^+vKr*?1nw5H0b~b(AB21eGVU$5 zK!L~?Apaz=Ldee`|03`zV4KkLF6J%6cxYIGKRgrfw575I{wILV0d^4hU5MrY`EOGv zf!I8GX^rqd4jdcdX_dlTpfBqe84 zjFDg?fLIgysVT+`nS!qZ|fj5C{jj&U1$5U^%{5`%Pa~h^>bdA14HUO4!lHsyPe)X3cU8`W102r$0 zjjwrTXn_o!R8VlU4DAVd2oi%O5M zO?d%LJ%L)kwz}=c70>TLoze^Vc{EB9ZMoDsfpRkMs~QeG87K9u4Zryuxth2?6gjy! zG_U|I)~%^|24{tlJvqsnp0_E{%aqcml9|Q1r1UDtlSt(;K=>Yzw+TEYWC6%S?@|;% zcoxWv_dIVbkd%SQBT$ZfpS5)$@{HIYu)kYIS0n+evfB;2nQLemTLf0N)qShEnCDM5b`LP|jy5mUdkO1ZOd ze(%8Z{(*!R%3J1!7u(jHHa9KYiS1=K660)}@Gd5aq5g&8m#`JS1M>Aa(FlZJ1X)60 zv5+S~o+0p*kfk6S3A_%(7GS2uK(wadAWHhePtVEMC^=9rQQFnD&6c2NgP&b^_ zBycD?p8eYF^2B6DmptrhBKR>jKLVnokg{6u_bk->p*Oj~W)M0erk;1`tl_8+ z{#%;EA^Ctdr3G#20ypit#L;-6P?N)qn_Zn);i$V*DbmDuE;Aa}SvQm&Oenjd(~7}$ zU10qj{2LzF`8KfAvgTxHF6)m$q9MTxkZsb9o*M*M$KZ9rK)F1{qN)dRbaN#COe`!9 z#0DA7Rc_DU2z3!D5#@x2Rbnm}Up6kEa-n zbqqDK_I8SdHFZInh$^A$;LFywX1=qvIZzDe2RY#RJ0NYO2k7re+%994i7SHiU&npT zRju~47zC*i{%}TDc`-ULmTpL%--SuMSTlBInGLzv8wt61eY1pfacH2rw3%UNj{Qvw zUF~_!F@oBorl**GY8G$N=j>8@Y>eM}m($2CaCy+e?FFm}$XJJfr7EP#@2`ZROd9JL zmMOYL$z_q&2Z%JtBG>4+LFF{hpH8PNgBO@y+OZ7heAMG%D>x;*|GrFU4%gGd)AV4n?X=>bfDxzk5N$8f zLL)|;Fbz|m79P+`=wV*P$XWdVurRj)%PTQv-B*)JWQ6T^eOTDVG>1FQ4-0#l<_KN%6fs|QpvGU{EtFg-(Ly3 z9Iz#%b;x?&03I4bPZsX|2kEkfknQk)0K7J9JF&23Li)9*kf#cx^@RxPai#7v&#M94 z<4VT0bkClCO>k9VbeIJ7xY8S;Jxx%LD|sfUUwd46xiEUR1ogNw455Q1=r1NhP1~=8 zrGA_C5M2Sy=CP{@=-Ko>W4cd={sc|c=-Gg#3TIc$`9q0GocCIAZ0Ei4iDm3vN4%A%&wZLD^oF}Z!unnK$*$;qyUU0Z1TB{{ZFQdemEB>88YNL{Ee>@1!5 zJ!D|0ovQ=!L~BEAJHc&CwJ&ssy=-@`+6B4j>NBUrjodH%l%pjK8YZM=JgxEd@JfBNGWyp?PWknLHju3OiaG zEm#|a{d>YC@^mHA4zT>5XwZI{S8$#9KPTK-Gffa3|K~(U;~(|i3GhEl4QxD5I% zv8OhcT%LTE7$EQ5p7rO6EJG}c&l7FUM8$uqFmaW0p=mzTI%}hwIIZtCs;)}d_m-x9 z#-jz`Hmc?(+G(R|D}?nTS^-?0up_Bgea<`5Kr7pGx+c+1t@%d?UjZF#o9S9d)QMUv zt$B%hMaV{#+oHKH;r6rtP2&az^&5nbuO~wFH+WukW}FwSOIX$az5wb2346P%^;Vh? zko%mP@B@i@oeJ9vLNCDXTo`;Kb=m8Na_H$q=AXqhGu^pxH2kB0AzH$dOolfYnbf@t zXTzET(6B2I7=wUkzZv`wtx8l5!IN-TSWA&w0@zcn zdjXbuA3c1hzE!Rx$|E&_)l4Ip&rHh(%k-z^@h{t-7VmQz?+3DA-sgJ#KO2ivv8c)5 zJAp+_)S95FPx`^pY*J~9mMdV)x|PE|RL|z~VZU{qRJ-&M#z< z^+zV$p-e{R(Fq%wy@I9fu-84XH!W?idtyMdy&j4BW_vvoxn@sY~Xj*SD$3)(iD{6|6CW|NN<*cp_Z=VxN&v4V2h&#{TYV+Fez zGA#$r;|00zG55$CcLE0so+zkQJWAF-3oKdjLkkglvcRSi@v0LIal^>A3k)e!e;yzG zupu@9i{CTOkS^lrrNfm4cI-6kRO~(#*zL+>J@j;ey{Vg}WIt2jl3kc_^#BsTMV;}$ zAn}K@29;x->cE0M4Y6JS0}AXYK+bA)k_Qy*rucHKn;le8BQf_P?cgBF{0L$Pxg^G4 zRTny>p!{gWboAli0(bO5t{hz8PCooH2AP8kat@$0_R`X6oD1E&(3pZOO$Or&4>6=% zNEXF^OhKt8W^sGn_Sgb@Etk=8oEN&bpkkcV2ke8!yn-yfk*tC8x&itfWxsQi%v}Gd zK;Y+mEApjtn3ma)^cf3n?(oCU`Mq`c;Ziz?3xQU4cHrmygOu`nAlxmY<;^eo<&s

>9JBMbp?g;c)(Z8MuFUS4uV+kh$lhNdq26uMnh~{5Wg*p zZU(|k5tk`P+d1O(5E=o^TiX}dQST+7_ljhv8QK@vpuQHu%RrmM89g>#p_Li^>JR(L zbyak%6JTvY=0l)auvN2QyMjW#ckKl8zh;vcVEOY(H>1lXX>R_f&QCML-T|j$z@cKp zISkTx=rl*8~qdIV;!-p(+Um8%cl$-HTvlGkUna z9vdiaVqG7xl#_*csZHev>xsK^sfsu+)JkW|Wf>f;7T$_D8XPu3)7VFp%+qO!uc!?c zXl8l4YlFM+z9s~(xwdt-4c=bdRW0jqJnsqQS+{aWaVzzlcR;vRL~DaJ#buIw0m51l ztqtB;oK|c78p0Pq8yj5iDsH0wO6QlJS7&y2aYkJ<(?Zuq?{#go@Eb}TaBcKn*G79m z=pf=cbyxQlTVFdL!WBRv-S2(H?Q-w-yeC1IO3scY{i)cNjQ@u4oruef6+rBIyz^#iY4B!o zI@|#1eR%Hz;VO{51ilvXFi6jDnUVtGogl{(7z#AljB>}_XFz`!| z9AdFkB|QkRZsj*kwEm>x#E>c~xlWZF_8pfK0CuWm0)gWJn*d8ZtX0aMDtR3C-2jhm zz9)(W2u%R_1$*%yAQXL1o&oWI?Z;LGs)Q7P^d`_#NE47@1daiM8VqPnxda1hG3t7j zMYPos?P6%Fq3Q9@rii8;r412nM?{-RQ`ia3JpgjAQEF+drb9Dv?RYN&WH7(_=g%(A zZADR8gP(#!rvOec_D2c0Uj*kA=N_9CycnUG5=`sN&PWq%lVdsC>S_roXKz5@dZ2+g zmc2{B?vomCjuF3F{=G=MWXnks5VVOnYa@-#M|Kis%^c*QPMNOS90L@tDEPunKqYwSeaA> zxZmlpI$*L3&0Q>5cN8b8%7d*oEraV=g=q`)8rgFfKoO1@eU;qLtuM=UZyi_Xc*hi2odjUJR z2MP7>XGIdK$Qz(3ZI{;35;G}9_g-7qzC<_5^(?*)-(>7u=&0hJ>TEMMB|5&i$R>l< z4WCe4Z<;vTaohzdC%JCbO%qRY-Km?^j4k%trmUl!R$MTRq_|n#v|_tACG`$HxPMl$ zn+G0RX2^bB5u>$L9|W3PT&4q_zMdvH|8k4_nSXYJOI~q7oqy@##^SiiWqz?cByW?; z{Nlzk>KrL>J+^bC!1dIcsTW3xc(9Uq3yUi>Z%f%J)1qQKWttjIee{cqQ?|sQ`z~?a zw>#!r;yUhJ`tXus+r~KZV@*>B6jN+HGK6Bq8DD)!#*D^_J1b>g#V^!o|Jx$l7%gRC zFda|*n!6Enw|jhB)Lj{O0u^Bdph4pMB1_zbpcjaQFFzF7obr#L*8pkh5708h+bMf{ zi;{nY5Sj&gh5iKa1RMk9;ZcSyc-%TsB0ho6gsYyjP#M(OO>>^tS z_11w+EuNk%s?g}2vLW-SB6sJIttwtFYErkV_*+rRttv|X*#K`2it<9+5}91u4wL~( zhF3B&1=cF!e_6|KRn*t{XR-Qi=R%!lJJn=kUZTwfEB}|q3 zr$WmzujH}wP~IIG(WO!<;oXI;tb{9yj)%LT(9Y9W4(E|%9K7cC&g}TxO&tpg+w0{1 z@q1a$0PfR%Hx}A^k}pGeUc^&)jq#>JdxJgw6CEYs-eA9}u=WjhRoO*__C};WuGbFG zaqC5e_Llc7&}xxvfpT-9Rqb~mJOvzK&58$c-;eOU%0V4Dzulh6j@_>FgcDuyGg%5G zt~=g+5XI|#9Ww3)o;6O!>pvR(GBS2`t@?&Sy9MNJRJTffDiZc)cx55c?5LI7QfQa> z>_X-X$&DNt$)#6zWAQ}Bu{YI$th=Ky_q7f*yN!_3|0XV=fjIHEpqvDDJka!GkZ|GF zIq|OvTmfY!5dSyGCj_D0j-T)-XQTQ9?(6(oN<5T!Pdhwfv-1%!=3t|BlGXdtns z-JtMbXin2ZEx>1Mjj_>9%cGYQO z@2KeOGU?-aLWRsulgYkXl{1fb!r;_S7G!cJiT4uQ$(j@$PGTnkdo?}hIA@|W*`#hr zPa5hO3Yx%|p`ng1{}|AB%x37`iicv2&$2k|3P}Zaz9ZR;rU%|i?COYi0VCslX!jlt zL^Q1y-BXOEk@Pyp(UAn=+eLiI#iU8b<)$Skt%gyJgG8W0Syh;KZ$~nG8RVxZ1Kkl? zDbB4><7=S41!W7+^d%5wdDATx*f%@=0fC=jeFp?fFxuxfc1uuHbQfzhhc=DOKG|q& z!|kTP?5b%dHQ^7*R$j0>%B%~WnmMm2ZDK`KV#%FR@-S+T4Rh>Kd!med(?fVKeN;ED zilRDmgDO?tf4ng7flf4&F_6Ql{Ip^tuLaOR?Dz#x27?U*;+KKUCU61J^p8?dmA-?( z^H81;b*WLQeH(~EiD`*(a#;0>-AR(6%e!{KT>cHUWETNfOGdd`a)OEfcP*)euQEO} z;!`|{_7s;X4~lB(qW`U&oKRO+m04u<;^EHR8mHlNv3?)2_DhQB&B%zIMAV=ejE*w> zpLN0$AT36n^LWG7|A$cn+*ndxc(BHj zR=<)bfcx-ddEt=RG?;rK+zB-LQyL?U3oB0RO8>TS#hgNWO}|ND1KD{2iRXdJHmE$> zg+X9)BgESk+Ah})IBx@q?Z^7wZ-dFreFT&>w;-wpkbT;o+&j!MR4!Vtxx3UW2VnMB zWZf`yWT8E@YyBHCvEncwr*e70b^+-i+=hzzK~tq0JIHy)e->EA%}AyG>}pk@Q0d zflH`=;ep#F^f=@)%$EY;eIUIE91Jv&SbQCnv0$TtrZ0np3zyAl`nCm@&x!woz!k9O z0KsOgtC8M~UDqI~A<#CGRnLm1{%GNnIsA=<3zyFEf-*8v8e8f#66+}Ft!Pjo){!xK zL;oAcrm-eEVNajl2!;_*8KkMUii~ndw8xy7iO~eqQzbfK%qR;83|)cDVgl-z6W;LJ z``tWhQAx@9UqQp54{cXf@0S9bow<)! z{!&oy^vwrWiyV`?2>y#+7%&GKU2Y2_qelh>Cg2bn|d(b@;p^!EGdEz~OJWqW57fH?9lpASV?H<)^JGlyu<%wY47@Qw7y~(=fko<8`khptXuf zrg-)o8T1jcV(JCI2VliCjKDEMR7__Omt`Z;bD)Hl}JOsGK+VQRd{sY4MK!LqVe0)Kn7TV2td#fQZfdSq-6@dgtJ=(4OkFiipJ+qs(aJ6DvrY6NtB*;*$+7cGAFK|Kdd;cNQ;dc>!Mg9Q=o zAGJDOVgodrcWx)3Av;4(s!IIVknPchsJ^s`1n@-@Kd3>PA4S$DVi8%Q44Tc=THc*U zlY?_0V;(uz@^b#DybLe#nu}L4UA<-xSM3%}^Snx{cBk~A0@+ody|UGA@0>v)anThwWXI>48JaO&PU2J zBkon4dJ2&=clodasqL8aYtHDK&4>N7`LKAd%ZDo0kb;F{EgSZt!+b`rwk-(q(6ek9 zhMUI#mJO#7m?A_qlLOG+B|tKEcD-y^Jh!g8@A7lR&*uCxv^;OB^nS@t4TNI}`I$ug zsD!Nk&zzTn5^@HjmXLKWAvO)K=GW4(Th35E&gCnRwRGfp71by%n^xy^vA z%O7Q3-dgMO$G>;E$z-{_RC-_Lr~Z|7xk;QE1(0k5|95#W1-aamNdD91uzI;4`8)wJ zS3$ZltMIotAE!fIVm|)4*2g#VOWy>Ehr4Ti+?t>BWidU)!pT;l*Q4cm8>RPde(DZ{ zEnD?gZ7=z_3I6YVl!AO*<9wv~t3nTuYu&s=jIHvzYN5C-J7ZpRIaRT55b-Q^{&u3D zUPi|IHNPH8p4u4yaDFt#&zs}M_($@iF@CcfzlzalNjRo8ozbrr6Fx?e((U0aA z%VxN6Lo~)em2dO)t5BH(xH0~ze4Dp#fba}p!+F!glw0X@qTzg*1{rU4h?h_22RjbI zruz1Hf`CAMdlLeUgs4;NN}v;vT#jaK-@frbhI8vMcOt=hTDD)}``7YUwogENl+4LC z=h(ezLTsu);4&b&tG;db{cG35*Nz+Q83=iND%-E+r_PmawfeizzFiio;ny$K#AZy| z_}>JMjsNIa6}0`%dgH%LOZ9Olp#7J`ENC{CFCw6^{M}k6l|yqco5;-L0Wks^%fF8V z@H-mI6YF8Qs-tl`pMr?0j*Z(Y7{eQQ&Bd#DOFha>t|~2{JKt$lUtOLXw{Ol?rR;ch zOTJC~sIYF{ce|?->&cIGfR)Ks4Dq>~0MmEn2b+n<%47%p4*@F^y}tZ|5S2+L$*KuR z?m)A)ycg9U#0ErzSmik?lQNab{rRalj#`;ipj)=8CcOfrIg3QocPn82v0y zym8F0(Ur<>M{81kOD&QIlM{ymd9O1SL%x#+l4~Gb0d$>;qEu8dImoWMYHI8pkv`%Hd z8i?BvtA@W1z8<3Fl7Fh{T2t`A{))M5C}ZqtSj`+OTzC(}sStND2KD-#yy8kMhGjcJ zI|*2yv^Szmh=l285*}r2%t8W6>g-xeEFhq%T_u`CQeMg5Cy)pGGH%y*53;TW?aOr2 z-mKe`*_Rn?+dQ`Q`fJ9vUQ_QiK=HSX6=^CSGo)O#%rzm;m91B@axkn%Gp>o+cd)F9 zKAJhmt^n)U+}MZJ-T(S%W<+H_ws!0W)yFwNEaW^Er2g`ZJ?V9~Z7t6H#D0>o;{e;gG>Ym4E(g1qY!DDdX`i$F_dljBL zD}8;Ymz|Y1Kd;XmDL=iE#~UM@h$_#~RB-@7erVp{37ys1R*n{1W)pr)y?zGF`4z+_oVGTB(G$T`njEv@R(ZRo%Mx3kAzDZ1&%W~QyJw9TDCj$N5-pDy`aKWZ`^8RdNRhuM+rQ+wd>W4(cf#eDybcwI(9p5}Tb|1R(#+90 zH7Omq;&_B>T_>~X^>;=F^!UgwE#H|}wFRH-((;{oT@}uq==opdHIaxeE&tL5@#EvZ z?AVS`OMWh|;e7rs;7}4VP@6tGmfB<|o}SCI*9T@&KX_ZnYpAnF&*dE=A8rS~1<3oC zYUJ~Ig?cOGc?eWadlU5qmx9kgKL85s5Yvl!Rx}+lJYWYZdl2E7L{~WFY~53tXSsbU zoJl}yy@XYEn!M64W3NOq_NLY%_%{NKMLLJR8s|f=QtrQ;m%9Lqb_V@%Bp#Ghumk}e zEL;vNJ3+CzC-W2@U{aovs1zk)|K$mJXgXT3|gA!YBhzu)S2~4?0~}j zD3S+jBblGqS+yl&b$)){p=#o)I@dVEspiU!Yh8w`?OYedg6ZpAEMCcBhaodJ&-Kz< zW!hT8+`I!cN~I1_mwu_!^Ge3F2iueDYVE?|2;0EFC%3z%IJr}%(Gb7OO`b=}Q~#9a z_qlFXQ=(4j2Zy-3_;b$Y^LlMpx|JmFF9Dm=5@E?kDdyR})Za9Q>;KR9gLvO}Dxc6|beTl^t=fk<3WWY@|mqmF>HFz}Frjx21kGTS&V^9}Z zl79)-Z_O>%q}2bZHu76t^x4*2oJg&|?R(b4|9816E zPs}Y6%YU_2bE1piFTlDT*gIs$lgPdQfzU1wc>mEjq%I4DBsXi93eNb~- z%0*?9ns-w+{ZjRNFIBHUcrRsrU|To(|2ADstf7S_f98dbs{cM@84Th`f^F^7i^jcu%eH^{K8B&RCcA$5eqDK*l<=8yw;? zW}!0^eXT6T_uAT3U~hiPwf&;wv#Fn->aIHCl{~2$eQCt+T+6>S;-A<+L-FCMjK8Cn zcX-OayyAwG!&8Gbq@>zt_IqTMjgRQj*PsX~XY0m4${`vD2B&PIrR*INWiJEF5SO{B zYGGdvVInjx)lgp8MCas`O>|uC9G}WPhmKD3n1!s1ON!Lt_K6a8 z;0f78_et4^;C$^@-`D>2eI4KsujH?TFw-S6b84-bF3wD`wXZHIJ0oG;MAww{{@!U9 zv_P@KC1Uiap0_y}jK{^2MW#{j8bLFhMk)s zTq)v(iy=0Tye(vF3~(DaEnHq61>pc79XpRJ35lC0HL8EDQ#mh^ z(e*Po0u3YDb0{ND}7eXe199YUt9zgsYkW&Z@ z5i$$pdjh+GL4N>g|4-f&qnw@`&9jI9AU6}ZLC6M>*9bfZRBZw2M2)!qL^yAN^lHF@9I%VpSAV7K z(Qhd}`9~&Wry*w-wO@zKH9)9uBiu*e9wEA@oqMLer-9@~^s*PVUsUE6Sel3pWJxs( zo_3?NYp)o)OL_$+ws4XDx{pQ{>C&mf&*X!C_0KO#CRfUbX|TQ^mYqQ4tO>5>*LKUg zCS&`Z6gm4FLcaj!Y-vMs1u$n1B+wd2Zba{YIIDxL?p~`+cpP~8)jz*Dnb%L|uepWi zAs9FbV7o0Us7bI$8dnF|3qEcW-(K@!c1lba&Go$*PR8Eos)VLd=9+r6k5Y$JRN3 z-<3pS@@}W?1siEG8lAgFvdlMvZP1=Sj;GDFG!=HWTqHk~hUt!@G+5N^s9Q;MsNowY zapV6fp*I|5;^<@ny^(fd~)K?gz?#ML*obPs<7p9{~+yCq5LJo58LG;wQ>PQ=Z2NITd6o$Y>yb9?0Jb zY!fmUq<=GdTp)fO$XWtV14W;ZCSCC1er=8Td`@!JIL!VC>z~Mc0<>0gB^TPS!tn{JZfR4FpS+b-W8fVCK)nX9`Q zZASE~fBri;iIyj0NZrjZNc~%q30;Kp^4IKBuOpz9d zZ*ES8rY3t{M4N#hOQ5NK-{xphJ71h_=jseEL~J8s50HUdYR##UX*AFq(MZL4Zn4PM zLp?iM%Z*wK)VQ}tjr)tpyqb@l;As=Jt8jd6H|$=lSPVmNP&af8JKMiJ67E!ASl(}n z7)SjlV|!#}Ts57w%;&gqxsc8|J^V-PR7)49E;S^l1%G+Q}&Hm zuSXd|d&6*rgwBI}Dgu)Lo1$Dp;3^@SPc0|#7?2#htKJla%EEBRq)A-^1<;d9{wBs$ zMyw%hHyaVZKf^O@^;VzNvgtx`RJ4B^&1!t24K(Y_h7nNDRd$NArzSQNntHAdjuxY{ zp>tUVRo9pw;i&E!^P%(#(DgCUu~})REi~OodU|A+2LORbq9l1$BstUTQso8LLA5bI zvg_tPOI@F+KF|8Z#CpW6AKpwrt|vYr5Z_Jf%84eJ??)Cm>%Kc`zJYF5ko8}(Javgo z^n#%gqhzuYPW~#9$zip9kUb}`PLe@jK4fo+AA znzYT@Ho5s$H`r|fTF__&tohC(pwEH?>j=oh+cAhsjE1&Su!|5zMy{@mc)H1#RfKqn z6%jA7fq>>N!S;yqp_6uUN$(%E$+bxm>kk~M?8NeU#MCHH^K)wRbooavPdmX=AMro( zbTcCI_%IW(JgttRRst9!D+ghH*y&M*HqNmOy^evkYB{ z%nHCVR1#sWT=tf{w_v{vkfCJ=ScVQDU>Q1(fZY4axfd=R7=5L|vUG9eX$tSm+qx_b zs-mpgzdlddmFN?3f}sSI*#n%2n90fYbC|@BrZ&ZH)ti;675&LUdwAv7AWERsZ6E0_I9!R4^e zk}a3tgUpzI&Dgk{)PZM2`JFhB6&zs3BoTU9xom#7hFuOYo@*8{-Ha`j`={ij&XXan zI_4lT3$Rs(WSAi#lbt=>0c)WdDQa;Wx3-uO{nD}VmSaxrSsCgNYdcc!0c8h)BzGcG z#Q3JEVrNy!)Nd*?l`F;n-qZA$0ia;sRBIR3SGrWl%OpT~HXIdqX zsPmy}WN&WNVTz2S$WwXX218de9PAhtb7GxrARVNsQCg*(?YPlCl_n&tPu6AEC%TGT zmvAR$Wvfz66u8OhnG+i2t4Y=Bi1$F`3VMZ~M9sVn0j2ma_4K?%*DQNz#Qvl{JD3_# zf38nWToF;d%0e3K^V8@K>qH4$|Z zK{X_eSC>1I9lYYa<^T$0K_q>fV?_nBIm(4)wKkHm$m80gW>UgnXmhy51hl02dt~3u z33=)nEQ>h%e#f~4&iaT`c9vBiGM_?^cCEHWy!N#`-sX;I1M1PzR6)f%vL3A}qD`$w z>l4vt)uWA!XbbAm)a>(tOF}Cz)Nh5EG8CH zeQW|-@oPt3iImE$x~(UAvn(ElqZ`nG^a40C_zdoBV)j$ejb>G@#3*3wVtD za5A}dHl5wVUE>SwP~{_TzVjp!4**49vZ5JH6rTOIS47K`Ij^3Bo27Jczap~_2y;Nn zI^r`B?n9{yfet|O3bbD(=SXQxwaABHGFWfsfB|;uk=>2U@G= zxagvmrk;(hjKp3zZbHBMblkco>7EH`gv;2x^qQnS;&sn;u1OwQaR?7andn`c++R1h zxNDiOP1>cKnw($n=7jDM%pa3(a{lOGY~PSPykPQZfpj9eA1Vyug>3j zKR#Jy-s@n<_+&>r^wxHciT1MFgNSfq)~}Y#n*C#(jjpF=&o1fti92m_OtPJfB@d#g z06T4ROtPDdwgqnqBD4+uGA>_{0j!b)+qQL=2Ug;WjB?3a(cvZ zRPyYF>6m#V;ns87S8?mPHxj+-)^l$p25L3n9?fq}xV09O`L_}_zfbMC7#nXT?15;? zP6NJ`uvJ^?jv>ZrrInO>2LE=XZjYefN!U`Yw;t=b<4t=K?s!vMhbEGSx}{Rmtq$Dk zDks@cw+^^Q#8EW;M?Iip$xJQX$s#xPV$=ryy!vJpCw` zUO-;c$?)$?*crdc5XOpVM@a5WRCY&MFTdXbxbEfdMAW@(9q$I?dz=@qAfZ>{3qCsw zd-o=Ca$|fHh`iVzNYA;DIqDTK+;u^ZBvQkw>0KU%9Nx*#M1;lzWeY$W=t`mTRfNhn z=x2+5KIA9aM&HvGI#;9Vgae!e5H2S_eKGduiXl#}-V zWB3UdzBG=Ql>F@$Q%-`IZb+nFo>9Nz<&pXn;3}SE{?CfHKVr>+dKIsb#AGWTOLZ!q z{IT09jjXX=upHtc5cfKwDcIl_Y=v_Sobn4@1#sP?8B_wjKv|~> z)WZq53M9Upr}Th52K}M6`t0ICQ*0BA=HgirnW?UmODu!t2HyL$iQF^lol0hAd#9d> z0qS{+ZHmz=QOM98Z9?@*H0}=KPMq|K`mOV)aD_zQgu6oG$3d9vo5+`rt3Lhe_gwv4 z^+~;eeZPOgKHr{u_63aU0}?s*or8*;99Wf6pT-zD5KDf|cD!q7J!EC#AoY+(;fOv7 zl4qtW6aD1a%ltemqPfvLQ7Dsbda#rQ(z3A?i@aMC$7Y*E@_8uX*ZkDLUjP{L1A)(l z{Cg&Qtvxx(1~iaPJaLilodq_Yj1Sxf`v35oz&H-v#lT5g2O(}}S=6^EL z&rYIpmL!=tN)EbPzEdurypkVBqW68=jfZ2<%UEi@kGIeS&`o>3k9Qit!M9Xjje9@F zE$`jf@UOUyh+fGtr@?wVGIL*T^l!&4`!beoZ^!#t;aUXm#2Y9AS8DIZZRp`*k+U)L zRAgp*t(m9ln|Ug3x$pd35igj98LwikM&1YGO;lQ?6SDIdJ-u;#)PwP(bmnJKPqH3x z2hf+s%eRoVYau)hXv6Mdm!dC0KLe7(u%)?tG?Da5YT6LdWs!?|isL2_m&NTQm&=wb zqHHABs))K2;1!_FLuZ&|yRJyGm+9^+8WFdbX7(WP72w{|92vKr z*M_}0B?Y+dc9e6wJA`h4Ju_`j_TqYD$0xkB5Kj`{}e*AKD^xs#J>gUM&KYIITo?( z9h4N0SLN|&WFroYnT4niG8nNzKs+BrHxx_+lGE$yU5K8IJ0ixs9ZKcEc<|aR5~guy zCJHkE8+UFbut12$oreiL03?^8nH_hmx7VA$ZqY+XAB3>4M5Ns&Wg%lbG8rjvx&DOtk;S26**BKiT8o?4b-oI_)#Ec&s$-Zf=>gehXzn*n z68u^5@EsKGA=!N>-2>P|vQ-407NUn_n+WJmfaG?x-8r7@&Bp9`@UWGP&?BucXS+P0 zKmw&+BigTyrhS8TkQU<4{!{?#K9$7>X^hKhu6;JP+q@t~k1f4}BcU#Ai9)ie(&UJD zqT|^D)h_EwOoL;u$IT?5(JnDRlJ!b-nS|dvZex_Mf^q#t@3?yh&02h)c%@proA&pM zC(8@y85!sL#j9*+JO5M;v-Xd>MdqNBFgU<9)zqz|-9N-3y;XTrPin9m5HCECtVumg zZzx0^g4Z^62o(ou$2&4YjOUd+Q30=W++Gdym7VVWyUy`$pU`inZq0*zP&`S87OfY$ zx=y>ds(^df;^276(H4W5$R<-BY+SP<{8Ztx!z z@<%|yog?8Fxh^W+kKzIf_Kb#D>>@n?LQ6nBc8N>nxei)&A^dg?RBoI_F8n&&p}mm7bR5d_8LvS(dsVtj|cA)Pgx(x z_BM25tds*~dK)^~14;K5wB}h<+y63{+=Phgt(zBkrTa8WeHF78gC{(bo!9(!X*S2d zirLZcgNUOe;D*DmVs-?39E9OOLpurmbu6uQ{Tc|50tNPJYsn06!Y2TtLbEfEQitm4>}BTkZx62LwBDQpX_I!E_y2-K1Ar zJ7sI#DZ0%OU(c7@K-1X#NkpUJCuc!(8DSTPdx-@QYyw)kCWVumT%P2tVUx;g;nK^q zd9o>H$AYiM&)I;>lTEQfnx|}m@Un;%6EN~>%zc*S5DFb|Z@#}Cv$@a^2!{Zbqe~sz z6iUQV9Wzd{5KeaXQ%yE_$toy1jw1`Ta$e9C;}Se4GJ$X~J)&J+k5&`WZmpvwS41?K zR3s(gxg>r=%*|ytBAKyXazm_lI}IBpFZF`YSA#2rV^~)6>}5nD{HOZ6|+qkPUL6cA0P4mUdul|W@p^p{Bg9aO1WC=oEXbU z>d1ptdvA+z0;!Zqzkfz7rAz4SW`Q$eEi_E%3Hs%%jL$96TA+6I^d?7XBdZ2P9ihba^ch-l-0%ht`aC8$zLYt-b&U#`hp-ZVfiTMQVw$_qz#yCF_ zYpmSzbyz54d&h~GT^XKvZ-2BzvM6%)zFKD&g@-GDoZc;Udbfsdx6K}%E)Jt*)Y_vkQXCl> zJU=@K7l*wxbh_=`lCWH!WbB=hQir5o(Rq#rp&d#{JwDKoD!X$01;^=Ph-F#BD9avG z)oAFlEVYWt1kzr6$x2t5OIIpKrC1i`X~Q?wq=6y!s(otkU_;s%$1=G*%4BOfjY3;* zr&bR~tWj8?X5_NJvCDo})tk7aw@rnOkn0gPk^`w<%MEE^NPk+E-!rsVT2j3nQev?t zTf*rTYMaGN1r8}Plcd>eovu)VG4>?a)bCIldFP zc3|cBPSDbF&dPpU;A({x-n)UT;8v{f1`Vx(Q{3+bt{U$blj43c)s~WlClSl@fiJ|L zQ=5wCgVw5m#cU8g9~>rm_XgMcz#R=@f91tsKYLjP%YP1{x?QO5_KC>a^RkA4CxQ-U zz%IsrBIvGS)rI*_)fre38K~%WG6wDs@+EV{6wh0(`df3_HC+19H$m`0mxgfRj#-V) zQ6KqWUvNVXcA9u|PR$x+_YF#iG4Mo9LX#ZvsH_p+* z>dUw-iaRv6&0^ia1-P@ca8QI^qKclyZFC*hgQzA(h2QDgY_~NraN|nxCC2V!Z!y_B zZIgl`s|mjjfHNs*b~p)hRc>N7Pup5_P*cLzWn3^Q{V;#^RRPZ3zE$BTD)`)n%M}uUo&&bp|SXFzwqz{n- zPdkL6?&yU|S_06ZlAo zwo3LA_z_5MM=`rqq8(}uu1wZKUJr-~k_|Hdy_s(#^OuHIidZ`_g#&#rA29Rn2(%F* z^SZ{XKj5^}7im&FK-zP|YqHuW!aqR@dVGC8fpdjO`#J*ifn-+{|6iQ5hu5@zFVO@4 zuBWdFh7!1)z@x-M_42t7P?zg--}7!bDxjAljy=?=Mz;@+ za{UDGV?{IfhZV~G1>k=Kx<5_P?82O9zcd*hIj71#gc`oV&qK)k2?$>Td6&RjK-YaJ zJV1d^4t5C3U4`X!JC^Yy=VCjk8(xEF9W@cmxwuoyUp%j)z9F7-Nkg@jX4>7(xuk{q zv}UiINO)G6}r}?;@ph7 z!)8A*t52M3%Z+BAl@mVC9;&uI>2xn~k$t}iYadXeiE;ZW;;?dI)PfV^I+`b^QoM!J>mQlWu^5@??;l!cVt{WG1erLrzKO%KCO&8N z81(d8Xo3<}MJ9SWFT9fXNk-7suRIh+s2@ep)gKV0vK_Oql558z)6s8!s$}#dnU2m0 z%Ju}wjB15UJHJ$4;STi;Mai`D?U;vG(vZRpT1H&ms3C4kzn8^Q@+2i0R7TvFB5tMM z$8mR`0JpL4s?8@6w{ceYer=XCh`7N`&T<3)V5i$P4{lM!t&F%ueqYCJH4JV#;_9%5 zyh{7s9XDUPVZ=Q>;)c$0N*@j4Xhx2{1nPAgp{nwY^YBU}J7VV>m$+^_RYg8^Jbgh< zyiZ*e-EKY&-iMB-^Oxd%Xvv;r5$uTUe@7=8Y;|&mW}dM9z<;$4MVlBIU5}%~{I_9U;q;(k#N$ zeG^&BeKQ@AaF+XK>MZxo)U(_-lR=0>^iNUg^G+`fPmtAj9uv~Bm@46odP1BNO2bFR zX+;CgJE4m>%~BLo-U&k#ZhKrT@1)@FY^0W zi?5kdk=OSK7xw{@YE>G>dDi5lT6MO#&5zbiENp(Xv9LF)5p(3c^3t#w8qHQ7C8V3# z>UK3fbh3M;CNp7Q+0zs#*?r&^%h?_r;7WFBu7g3LUM6(hE)n-Lw2}upt{#Rt?ty)r z?&qW7wrPHxEZox3{p_zlD4INi^e2>!_*)$Le_msW%ox5^uWhgrz4|??d8W;;-t! z0<5inM?N1%#auW7^=920i)gF6X1mT(*w!egdqb`-V}{?trx)_VKS*>oUT0d^v5jWC z=>sz@8d_Y7Mkw4;gN`?(NjsjD&G9u851*3O$vk|3Z~=s7$1y?@riVoGlJh}MbCRFe zN}g6v@-&ldwwPWWL1+J?!62iZmbTiR{n7QbMo0GlMQw=n_T^%z2UJed5t6_uvq)PcJsjOEt8qjP+=# zhPG8W>C!WhX;>0RS*#MC8)A;Ei zwSm)RVVHdCj89^k_!)>!2F%cH1a1NvNG>kjO<=k*D=`dxy)whUb~lq%SAfq4@oO%t zLHj{Sdy)GdXu1L%it&A9|MuZpWedy#4BHxCBGhmC=$?Uzg(*;a@P@EvgYKre7@^VOL5%KBrq!q{w1g-_* z2Z20I;8CDRn$ywbQ3b#4rO(|=zAQ-TOJqI=%$#>LPxL{`Wg(b}yqy0>J?9rei<~#V zb(B$Cb-a6d8c-5cla^wg^c;#PCJ{BGjOBhM;`rvwPgK&BCx1jJi{tRnCP(6kE( zA7+|cBol2Ir8xSHJ={SZ1hLf~}-MHRRushI=xn{Sh`Rb+_+M1eDVSBvH{Yn@mi=q^;uH z>4DyKuo}yToO^J03#3-K+6V|g1er%*1`z)eT@Z2 ztw@`)N}-orgvcJ$T+V7u--*hqD+VT9L}zcw)f*_`N07$j+ZZ6+1#&5Y*+Bd!kOv9e z4HQZ9Iy61|waUsBWRJ;$lyoWK`+%AImcVYHTo!^wXej{;kd-$|z;bBWGPSb$U1gmK z_gC}XPFH&E^v=e%i#gmtKjYWvbZFQRQfe4p0$~+MX9BH(aeY8I0#>FMMC~Vj6rqb@ z%>d#fLGB@-PkhBEf@~w8y9VQDgCvGibRcOhph}s=hu(Ci8~%;SatZ(mQ_7BDEH9@0D6)S-I>xe%oMg zHe`!1>7?-9xgK8+Qn}?mK)UTPIu$()*fI6f z2#gW(Fv4pItODXXslJE6yFzqg{U)l?Y#^?a>n&){O@O#gun#9NM97yQ3kb{-Vkg;0 z(U}2pooGLfz@b1|M?II%Q=trs^Lt7n)nW4LR5VQwQ~4$Dm4*wh@$G=1OvRL~|$JIi?>q|DfyTP9T?*NhvEpPZ)82 zM`e`P$<>jUDpzJIS0*G<3zaLciHwiO$mthA{y^YTAuB*$Ch#l}%tupI>*6Rr8+vrY zA~`g2wJttQ+0#0wy8xxYTdL?zOQibVkI{o5myf2@fUp(F2?T}%4J6id02JN|j~~t7 z%b?B!5{ocnr_`1c$lF74W69-|`p|`gqO1%yM6R@q_^PPUEi=mM2|J-@Wp8UZ^K8i!$jh$FWOMtT=bT(6R8XxU8MoE`rps>Pulu=*Q2b+lPCt|Y~No&({i5b}_Bju%ePsqqKkmn*XTT+RUIHJxtSU^C%{%gpnG#3u? z64P#UllsKwY~T~@*_-iQ7rBPG&&2Jd{IrOam`}jXdKw}=e|h%O{MS?m+CsXIs22fY zSCGWX_yL56fb=2I1&9v?xthSGLQVvEkH8y3CWBOtCwqa`ir{-9aKBaj^M^Q7F?uPrsYR;5=w zL^YC4i{*O+zmX)qlsP_?@WFG{w(>d;h zaaXYflS$!;->{C0)HH<8gmx;loe{0xY}eLX3*cLvO9?2>VlwA{#Tl$eKye=61k@Q> zyun5odS|MCq^YTahl8SxsG}tYLUXn07WS@7SMqX{in-=vWWwc;+K?ShfU+eZ_LCTd z)I4f+Vln|eGoDx-1s-#jdFFJS7tDh=66ZG>kynxYD!ilY6Z7Hd0dMji0@*C1PPEfC zgVR@$X7ge3Bls`^(nZ970T50Axr4y1K>RF_7YM8YY!$WyO zuvJ)k5(j<(w+dT^ye77%Bda{t#C9XJ$S*7B->g7i9?uK?jAAbSXWC1f>7$tkR)fbze9lyBiD z{vkhyK$>1goy5Gr4*4ifVZZa(O`;oa9FvEW(@Mj^4@^b>80&yA6n@kY{O%;J! zibZk&l(s;yoe1_&KmJZ?HBzc&?1iR`|F_X}$BL`Z3Gex+Nt6*#lW2)E^_s-??6;(n z?GdO~r-G@N9J7I^!I6TZSqg0zPK~Qa8ye}&aJ1~anpz$)64MB{wsJVS^T9S*fnWL< zsXqbIp(Lvx5Kab}Oh9)!hUbD@Mc^_ZJ_lqafh9nZ%yeCk4g0O+um4e#c=N2e{ipC+ z9bo2q66h{O=8hqt8xPB6E-`SuOR*O$!6&7w8zz)FO6z85pM2$eN7d01+o4$p6N^;O zbj;fPPPUI2SgFkkuie@gXwq=1t)fj_jytbHIulnW%D4AGRuEVY#6JUhkH8y3z6IIu zRMHF#{0$@rsLH`tJx`neIJG1L!jYu$@kRuCB6kpAFQ#lK%Frt;B7YiHq|QXxjzdg_ zKMAk{4RZ+05~2eQw-8taB=@12JI`6ca{z(1Kyo^o*}SpR`Ttt1Jy6W%jnxM$ zT$^39^$AmXb3UGA^JXJ7wUopT0xpx(2zGG8#x-DYG-090d;nX zSy8}ir!u?_Y(ACKuURhlRE7(PdmdnAm^g#eNFe1ZLo2%(P^JOFJ*di+nJ!v&ArrSk zQ)6HB->xKfL=lhto`AA85u>w}PhLA+Wl;(?&|De%6tVY!w1#+|2ExNZJ|OT85I+v2 z=uFZJ6iIUsn(mh#f{%1m#5-gy3_|7zz$}a>Fa{`>g~U*_RA64vo{(NEI}|MyCmEgS z1I-S9w`;k=^QI~WME#od(-=Dl(v=vREn@>f(t3(2A#P<=E#1^Kaf@6y2J&+VtpmIc zvNQ`J)*TYs*fe35-i5gZXdr4_<{C|-3IJ(6*dF>9T=dpUY% z_rZTfL09eA_rXigVxkGy_rW_5&~-ZccftZvHy;n9TnrY2@4SMY=X$hzplOP;ypEPw z3hnT(sh!ISRMD~$TL}y$D-yd2*feHeHju_cqjV*pgOCYjktkiKMuDgq$ftG>KEjg( z#@|ICe$7KqC2 znFpA;l?0vy%4H!r3whOSCME7zRdQr4#SN2=+^#Eq!|pe6(44z<71oY`^gfo}0m2a= zI>-4FNPGgw6Cig3@v}ghPG`yu*!!#6+NT)!)jxkz^F;YdEa?5!gOJhosF%J3twIxA zU4qb-<~bb{=Yx<(BX9%|-VX9Mfj5L)50W^Sy={;N(uuEtG8f9ZK#}YXwJ7ylridSF zUh{|LVa+t3lCj@XBIic|=zVX-5_Z>bXTm*(-=*}^Ep zO;zqpb0(2r3*)x=g~b04J9 z*c+w@QY?QL6Sxs*E#dhHyI-~rJpZ39{4&XuNvrDum|A#8m7STfDivw-J0sj~6*7g? zD_hpq%u{49L)wIGU7jDl4WfH=6F`xKD^&^Yw@Q(H)54#K(gVJexoa3?>7`l--QJATp&7SKihTTV|XCz{V1CD*LM!e1c&g7!~9xCZ3F3t0sK z;iDj@6PN;&-3u~k3qPGOp+X;ka`_t&ymMrEAY}Jj29wi^55YGrvvVyr{ve}@;a&oF z3sKx_2xvchij2#O^v!T`ELgp&;w3i+JT&{GRT1rVq?KLel}ui+ID|+G(Dtfg7&lk@$dW{-|aqAC6fa} zrv32ibRCZZ@rravND+kgYx9`~v9N3%PHcxY0Vhrd!p$Hv2=JbU7j6K#mcSo?WEI+- z_BiwICLi^Gx)_fI@Z;WQrL}u3m@msOLB0pwyJYMckY@<22Dtjf-bE$R|X2fIn~krc-#rswY9N&mt<4bXo3ovn-LbAw7) z<6)IPuV{vc7kz>gT_NfzbI^ytG`O7|R|}V*J@H-yZLp)+fq1P0g0V2P>36a*Y|}5O zj-0&E(cHENeg?B(Xu5lCB&-KF)zliLXvu#G!;tXmdcq3=Ix%9~6ww$=gQd`9;GYrA zZ7(Rg<#1%-=Xw@)L>BU?7Rq5+*c(}B6Vd7{c%ieQ50&b(G^~lr5?&}lup>V z@UYhy_5KN=fhh6s2u-3Dj|Sr2aQaUI_X^2?d`{qFA&o%#U&C+)#9M@b?Cxj5;#0fdaCFBSp$L;_Ato7_^>iGZuuh)NGug{+E_q)F9yVm-y>$9Hc zSX&;4L2Xhs~ z#bVBdc^6_6D3rC(gGkDj^0gKa`YX&$5SNL02_|_hr2y%-VL~7Cb2i*@AoL%Y=ymi2 zF~7i^3Ue$7MQH&qKs+O+8BCMw88Tp6wuT8T-8?sO&=>|5ibPjXk!E_4m;O%B`G^;z zya)sq!K{XOK+Fu7w;)~zMaRJe#__WUZZ{~DmCy}HikS=xLFi7HT8Q3a9)y_;aTJKO zZN)nE8(TYe_fV(e*li~Npbj)RsDocEBi%(_Ugr&@7{M!xv2X=22X)*HafcWk)bSF; z3&0%I@gc-E5ZQwfdr$|5DsNOHFnj4vLa%O?m#R`Z`;a5%yx5Evv9uiVFGTzn1eU-I zW{Ro>fs0|TgSZkDodZ*JGCzSy{A@w=nsi3OM43uF5I6{?7ep6Os6+O+q$ z_a<@sYnpnN*A-tNRxLrt6JxSW)WDnzF&F{}j`l}d zVC~GxpTnUE)s{M~-r2oCYU~IQsD_yVF<3j!Nh#!vQukXO^nTEos#fzN*Z@qc`4-|EP^4B9=}wH? zWyHC3o5*kk{*3IJ+hME`oPGrCSIDK8NWH(Ge8A4^t@J zmM*!}2x*%3WNgqA`8A8hXM^5dvZG8+B-)X(qo#cZ#OY#`$txfhg2*)D`I!wY-8h#9 zvJi=KyACTHhJOfTLLbvy7Etm_RD=uiV$)wCf!7c}hw-PB+IpDCEzGZC z9)mdo<}gsGI3YddwG8eGFz9m_C&Sq=c-bRQJ^GN{?QvWw=0=B-wy9v1D zTQu5|JGr;oYG`>k%lG(!zKA2lYDiC7X8O>AQ-!~CynNkgu?#vDoIa+ zIg>1%0zzlQ{1xH>F$-W?)iDl&gg(}(uPS-YF1cxZUMxlIz;MJz6MiHJ8~}3>#9UA) zwU$RBQG4`CiK+)wfALFcuEfkB;zVi)(*wfFrsO;ptoG(4^xo-I0=e30Nt%=M5*I2> zO{8~_#O+G+7j*s#@q`#nq}w4r1ci!YX49YGegKh$*s7mR*J*S!-{Ycb&%{$&Rb7jH zWkbXDB42h-16dt172|nd)}R>PD#CtdrSNWjm=k#$ne7?o3OD!YB||D>u`NDx#cz%| z{HWO`o4EEC?32aI2$5%c_#q}aQt#7>y9iOCzqBECoKT_08oxpq zU;pk$l&_0?S;1?2{m*5F(QDs8Hr$u>X&{^C%MNQGoA1kxZy;Oe%g$*a+lfqBy}`=t zMdaSBP7T=L`%JJI+&m3yOTT4#>dRQLc*|Ies`*xuhdPN_OdB$MC$Bj$xe5EM!h8V^;yoOu_7 zj)ytoHWs^}?ddR^QSpcnng!#opc&r|a}mtZFg-x%YM7JnVC@bP-wxp(L7411i&_z3 zWjg-kJM_L5Ls`ZWz8nPdVYc5%R|J6oOy(|@W-x_{6RJScaV6_|q@i9g)9+>o1))JO z>+az-c@P>6v-4h>5(pgwQ@M&bVorq_aUVuNXb#Ny`}z192weg*>@Oq;LQ7!Ie}ISo zKxjG46A#kMLFj&%haO_G11+C~(Kyv|gCV$_d~Fy@(5T8dr<5{&myBJv1)b7ESl2yF z89|^a%pun844(%09}&kRY%VruSov>>%(FOy4!kV4zSYL!F2)?s0~75b6W- z;1k#dp&>9wJjwMU2#td|x>MY<_Tc^M_?mJHv%nG8LJ_94{KPNxfy0 zYG6(yyV-}DPT@6I?8>R^GBZwa>91P$UqGm4i||_}ufe5+@+dh{b^OYlv_6-1!dN&L zrD^0;N{3n{TTG^g+%kL>;Y#@AoRNJJUQ4JFp4T9h5x%*#d23EupRnUi@WY<`ld$Xk zuz%RF|H;cvKm7N7;|7;f5?drw?)4d)<e><; zc9ISAS3Twu#a#M$RV}T;Mf)i@kx_n#rhjHjfB7+-j^jA%)hfPB=KY6QX8F;bM$i?Q z<;P(VL&a$MaS6mlpm05L%<|)YxRoG06I)t-(0q3OZnqfo-d1_X@V#bpHO0jbfjbyl zHQTl_fm#vLFeBDM*?O5~TkVJ^2$7RU)Q33UP-Jq^JS$VJ)L)<4v}pNEb7m3piCn#i z7`J`P%h@)DzbEA%Wy>d%rL$5gu~Pk8PDhu3cIU%$D4Q-Qx7aX~=W=AqMV!gO?~deR ztBF*f3%eAedy<);d7{2I(cT)$6}OFM7sTeGH@6&F-N-s)K)nVJ_#l%T#x;;_E3z4w zX=J{abE}ZF4ZEsgn7S@C5UKJ5>#N2@s&|*ksxI@H3Yix-(P=$rtJ=t&>G)6Y(Gv2% zbDYnq^H0IPObbHd&$I8PkO0hLnDaoP41_9>xPNCO14*bC%t)AnL1+-ny%5)l841&S z19Jxm9R+g*#2hgv!9-qw5N5%YLlldd4|5a5C1S3E3BE|aLFg8k3`BD=_reT;$ckA5 zvkGE`nCDo9#@;w}RS{S)SVh;zm4fLQ@?wU{4Z$~H0?gO=X+x?RaE+t?6G z=7vfjMiO)=Fdt=GOf@>rgw}ZBuynNiA2{i+7c-d=emZcP9DY5|;-qL$=2vy#9-WSi zmg0#7-GI_kDJFD=%T5%z9Vu&5)A5Z`+K%{f6dnVCcVOOv*bEA#7Wx{==Ww5b&>on` z%MhT0UOte$i1}5*-a!8agi^v=0{+ZNz2llGfBH2S-e;ua6juogaVW$v zF&a1~LmUIlm~lSD*&s3rBlePIba1vlQEJcUoo-TCqJo{B4xTIP+Id?|lm~#>dHV;% zJ7To+_6@{WATpnrcIVAr`-FGUdd+(bqmp(AScNq+LoV^>D~(MWqs$;M9W4z48**9= z27&p6X%N_I!^|MC37G}~k8ZJd5HJ^C^}}Am^!xc#y)@hSn!3$UKTI%9dvox9`dY{7 zXBF(gps3*`gqSj{fJmLe<)~3H52SBKWIoZl4MGcYZ!IoRLRaq165F@)>Ia~NKZ)F7 zjhH+*UX3q(-jDS^*&F36Y;71Vl4xTSQ`z@MVW4rfKb81)x#Mi0;H*4UnJd!quRf&8 zTHHp*eTA}sKt9YGh)2Z)U_OF)2^1<$r~=99ud;y-LcL(>Ag&fO2<8unZ^ev;Iert( z5`>O{c@5%8F{i?u@*4ZLAT$T&afsW+Tmm!Zb?&i&(6unvLR>25c9`7|+r&HobHy8M zp@Ei9!I)0|q9N$yTOhU)^ehN{2(yT#xioF89@M)HZWvq^8}&~L z+Zl1IH(7ImKx>%p5M4o`)IzmL4uu;6Lc?HYLQDrZR!2h4$rm|U7N?XYdTztWt%#SR zaSaG8fw>1_B`B0yXcdxY;r33#f&!x!3_Xryg3r$aA00`lC7|_6~+3o=1RgY z1LiNGZ*=W43GPyY)61e`KOmi75I>00UqI0}FoA#Z^8(y+pisJ@=o#FGgZmViuYvA1 zcJv#>xH~lxc~u_M`?N9EJrQ7DgOx_W$?4_ZsclVg31A4+$xf*z@`8Siv6CaQv@(_= zXarh^0`nm;X|Sp0>v>IG`!d$?gii((TnVX5_aeR-mU6>U9cz+^Vk-21Lb#sTP3wv> zVqQqh&<`-@V)1Mc8Aq(U?x2vY^)!!rRkS@Vf9}jBV#huf1A9llq3CGjdp4)zk9^u7 znM9aIzPD_c8TmFN(=hX?m1*0qoU%w1p^s}oucQI!;i7XDQX}1~d7sKBqZFM=;P6?|D$D zkWe!ur@qa!079){K7)8)OlO$h?=YxFmYC92h!G1B(Pt~~7kSUa!xnM7*!xjO2qrFo;?gF_;Mmi;8 ze~}TbL9%G{QrFhr=@^K^#AppN2jU!1s5oXJvJ~zr5T1@Ld+}mE5U?25b5_W7*F+%v zF$S~%`5UUw0J8vj7vgO(T7c|?_!2}`5YsL|{Jm~nh;S7_BXbhNDdQRx7(ivZN1{pM zUl=$Qafoj8hpZg~(+8$ID3n@g4wBR0rhw4JFb_dIAZ7{7%Mj0rxfLc%+x#6S@yWF` zLX*-CrF27H^a&N>N5r-0^a1AUe$ol>)2VassSja+hfJ#ybA`sJBQJbDl3gC;R3_=V0}{=ClNZ9|U%l=* z5cnCLtq|{mLaBwC68t@!77(FUFkL?4K}ry+fH@puw3r?+b0B7k831!D#7&@yPV?Js zlGSgJoVbtVMc-7?TM2p^ou_~qxA&mIQ;Fu6lC|(%^A_Q+14Nq$lWRUDzVDid?8-Hk z_pe~l-AQZL(Axap#u4VS-R?Y><4g^#l_tc0w?1sgkHJ>vFRSD`Z@!%*ZtHY%nsmyjjgoeUQf|wv?EX+j^=Yu9Ku4kJVd-m6~s&FFGUN)-< zdH|jKfmvEeFJQE#=e=YX1Aiy@Z-Ax6^lP~(XfkJi$zV89G*ZScBQF zQwUPwnRz0zo@;&f$qlp5)AkLDzl;)ngl=dv%&(aE5rnqEbf&X*1mQ^;8$CQ7!nBzS zAhw-Li}w?;w`UjwBG(h5I@Z9Zd%BUGq-_P-wUJnJ;m|Khpu7d1g=zK~DSm_CC{mjM zoVLHgZ6;^a74$pIS%^s8rQM5bFnx7N$Zq`492tsqEwUt@z@RxM_@_R9T2y_5@}k0H`j{ZAtr<3(BZOebfG z|KFUNI=)@JXaj3qnGH@dcdI{ibt2mk`4he@FeJ`8+;vLBY6DIODm|3RpRcL@Qp79q z#|luWkkEBVG#Wn-yzaz!g4~>JP3tI!NVL8tOxN@8iF$f+S(&^!mkYm+!W(|&g6M0E zE&APY^ghrNdyRQRN#MlsEY9j>W*lFou_zH|a$m^&UmwO4g6!_qT$TB$u>2XVT!pI$ zxa$tp4a5LmNGaK2tC1$^O+yyElP7EU$|5U#OR8#n+y!RP-Thx)v7pEktu8MXctJ9* zqRsL}T61aZF#Ky6iaz1_ ze2_jL#=f|QQoz~FlTq&L?ZYEwT4kMt(ow*vmZb|&q6tdrmG)s{NsrZPu~{f-Nap?y z_cUmGDU8E;o^N9;bQ#RANdF7Gb=c9daSsz>x^59~&>+*X4l1q2v)o6|&T+CjOu+1* zhqt3-Ui;eZ6URAyt>hPD$`(7!8JG42cs%e2=TKhHvVObqfFh^69Ll>G{q-}9pU^md znlj)v2I=EqhR)z;EpfEjb~8Q;Ekn?Q;4YxU*Z4)Dk$N5X<&Mcf{!O@w@ChIggqaC3 zL(G4Pa0SF7z?7pL?IFJXoy>pt`HrE}$XQ4^y9cd1K}+S(TRJ_YOumR<12CEW5aNAl zD6^d2H}oF<4`nb5eizOb@>zmKyhiXNoK+X#}T@AOk_$AbR2=t z#AUir6rp-{e&#IF655@XsQk-$yx|RsHwO}#+8&N0w40j9oHNpKgzCrhGsAjOYoPk; z{7l8kWDs<@w^3$MF_&7P%fA{;ydaO$`azA8aq*1MqKS)9ncGlcWRfLEKJxt0nOyvl;i z{nVu3l{J~TZNB5Y1!|m$6__gpIDW`bcK1P-i`>SU^B7_UuUCF%AOn%md3YjoE+&NT z#f>s8`f`h+DgCKUqVk@zXz!qBKPqZ2$7KrDr?{CZ188r+8(WmQnLG+!b(_rVlX)#1 zczud8!TF4a!0S|y`I5FJc-f-N)sy)?1MpfGWrm(W&j4PR{ESPP1U5}FVJc4WdN;{@ ze2n7=UiX5`??>^10PxxtWzKIwy9Cign`Ay{%ge_gIx<{&3(h||L+f(gMwO#ya8@fQ zyva>e_Qj%5_>-5&%s-X|FDQH`kx3p&>jl-n444DnBg9 zbj8tv*CT)8CS=b8+K>+CJ(cr zL5?F-Z3z`s=8=?8bxgP@^8!s*XgRV?Wj^^7D%!bCGPmcGK~V8cqVmK_#}SI}@$xf= zjOPaEIb^bDBGY^hFA;*k#6)J}Y|;SL^YSZy=)OkdPO)KYTsa{agpNhY$$Z>>DMn@d`3+NcY0LXk__dhqVVo$HRHi(9!zmM!z_Ke_rIH-X_-1itL8JGQ!Zqhht+rEg;mnY6R+m zH)sH%W$D49+n)q|vpI}86b#>rC=y&{ZGK1esOU)WZ~TVW@Dqy!ALd_lJwNeBJ0Wf5 zHQovn(K^)0yOzN)(zcPI@50@Yt_iF-d3{fX?q%tJQ|pnwhW4VtE2+f5E%d`^v*xr| zC$MX#Dzlhh9^9uvM~jPOBJdy`CYmXf7XnywqOCN1If+aSbnL+BJuaPd5fv6YDAEkt zX_TAU_PXZw;G>(+G$Q~aI_Ol(20)bUw$xlxc59n z@+mSFJ0g~aX5v4&B`UFT5%!$y_eNvmgMU#_)2A<^WI^RHHZlB?=QyeS%VAP4EMmw? z4ZoChQu?-dAoc1+*hsZsi1SlXe#5B`6gTxMbTp;!)yGm#p%YKtgFG+w(E>`ENJR9~sn_|9<1`&bx%{Fo z2rr@yr&gAzs66>hQ72O;Ug{||ywm~w22+nwd!f|&lT_44=zEdWn~hY|vDADlH5+sB z)VAYQ)X+2)^|sL}>Wx@yl-ka0(m3_=1Qm70Ko#}Mi7M*n=rm0YXIxCB2A8X-PlZ*~ zWIGl0o_;Fob)8kzO{89&dW&pkQtdiWRHx}rbb7x4_lFM;VqM~c2@z$PgemtlEp@;k7ua> z-*#02-aAboTdXQv0s=?;W0QZ^%DMYQti)EVGbapUh2V_DohWu6-?dM zScQ3o78*|V8n41US){^TOK2>Wz(es=EMJBB6iFg=;9wPID8+7+sw1t&sdq^vKUGBL znxsy_enF}Yow8}_V`?&$a$+jX0_v(T^%|LOp6bbnSCra#t_pK|3l(NFwVg?I@2$ej zX|KX;AEt))8^5hm3z?TnQ@ZvjOLaR!4evWN+oWm_X8R*GEW!FKwRNiYUz_;_zupZ$ zu99aMmE6&mt}#A=#;a z!NO6v#)%dVq@_CfPV-Oc0DdwryWuyK%z5+-iZmehiR&$)*`*)47vFvA+EF4sjn)_Y z%yPkWRTS=X%SF>~$jdt{mq@=uxnf^fE-lC|!LS+%7k&ZCF*h+Yq?#ELW3$m&rT!z2&;6U0Qc+x8-`L->QcD!E&`u@hVEO0)v?kS&1hfR1U;ZmE8CYEcP9xPuK*c8ic`b{lYHCMvRtt2DrTQpx;`@t4udVuWhVWDQpi}{qVxu3t;BLAWp^xqYvHSwrvEhswxta$ zPhUoJj{Cc=@%MCAE zyBMycpWvwUB>F(C!Uj%Ax4sIl(sGl^E?){)<*QCkU&6Q(>tq9`rR(U#v1-drPyaFv zuCwK4IxX{~v96x?9d0Z8=R!id`9_@dra6CKssYJC&w4`jZdP2VkU zq~*%fqm}+B%T<+qEi>bMGc{!)`QdP%?QI+35mt9V>nStOc4Ff#H^?ao#wL1!DHN&A zsmk^wFHha6P0PDrj`o?8<&{y@KtV~U|j8l||9p!mTuvID_Iq5|TJ>Di2 zOy8U4lw_G%BYIUaN5@oIAyEA-~`RQjF@ndJ&z#^w8KX$g~jg)@jwZ7t`S3 z*Z6GD46`;L=Xu^;=(W<etNxH!-bYhrN5O+=H-%Z zSrd&d@Vrh5W}TTQPjzA!+YqPqi7*Q-6SUQNiRGf{FJ$6U%OzUr>w&S$>WgM-aj^|7 zN*|+)U1hnF^kNOpSKFbfG@a0(evLnDsa0I>1;&t(Hm2*`;8*uFC3d4<-RhQgUhsUh z$_8roSnf47gRhgGe=_WCUP4VN>a<1i7B6s%%-z$2kXx;Vc1pmy@>ueUC zQhCDfpv$Z*YD<5!xtM(-$HtZy81nq^F4QO&Qd42<9^?g zQxuFn=y}bV6*t7<$~%JfAzeFq-F+< zr*mp%`da6!*+|b=F6wkxNRMW=__rImtPxLMY36UI$uZhumPWvo7t|COZKt^`+DUq&NeOQFV=6FGMsCH`g(H2Eg zSmFiMwxcc18wq!Z7gX&<+w@Aq{lyEavf8vf1m7vF-Y6^}IZ>|f3p!LEC zDeeGk`9-s@sTmE6rB8|77FoEMlDr3nuLo=mBEsvX7Kote(5xU$B*($ zr};ZRvC$ghmnSuQ$0wPPs-!0G_|b-`NowwnA7j+ICpB}&k2N8^lUj|$CmW_VsTD^2 zIKvEZqAGeMsLSKT%`}Lj_{Gsj$aLeg&U4}mO_rUcmP_$VqGsGkYPA->)G+x@bgl|` z5>rSberxp0T*Nv*qS0O6n6`y~W;3eBZwuoK#*^q1ia1+WXYmK3{hIhGKG-ngLne>G zq{glI!zBly6isT>imx^yiKGUq_#=iPFW+D?64W($;xUSnh(8^@AZK`8L&MMbhBdgv zpEV3Q()pB$rWB?Aeq$6q!~FsT(n{1xNsXi`gw_^W=Fv{;C5 zir#AKTFZ*~YbGR>)cPa-hGB}5S~kQt8>S?wl|lSXW34o)B}Du!6Vf)RMM8Xwu~wec zaw7h=38``tmDrBPe~OMFr>3^{G%VuJMvc7+6{PY?V)l+ZZnPr~Z>_3zU8|ioCGlL7 zcra~pA8<{AQL{#h2VG+-Vb(}-K8UE!oS!y%j@o#sw8>}8#w#+bpm^MBmY7vgJkN5a zW)&81WVyCxEfsI<8n2d{wNyOchEpxWjRTGIySFo>`v%la$0McUWSP#=W<<_*V{0OWa?;`tYPw#5jsm=AH$@QSGR-d zYnYmJs z@>!GI^eD{W)Eh9}ljRB-YI5B>xkb4iW|-QfHyq}WJQ{*CAo;>^Fe3`MPId+*KWF01 zJFGE%z!{vJ%oTUu$mly*8#7 zFEEpmopEB`(Iz{SlY2avV`6H!QIf#*{IW<73zi?NFfqbfVqfNzRX3Wr0ZZhRg$0 zFYne;!ZO7YHJxh`(~#7-OL!5IRJuD%YAS8OO}V&)W1(DcawT^)w4LwX6bPwh&AOL+ z;WT}>?o0LxYBV+wlu^)`pYaersL^TxVY!5R5bTgppTKpO1u7Kn#Lu~R2)ev_Ji=Q7 zO|<0T_u(CPhl+c9 zz?+A6x}AtLqTA%4+fgvJ5Iw~l1~UU<8t9u(#K#c~CJyQ7D*%05K7`bVTb9x3PTyI6 z_;C%xO;GlFKWJ|>ZaVw%oUXUxo8HP*bTGME8HjCHt~MaOnRIVbM%KcthImNK128W@ z{2gR#iMXCz$#i@HUryw_kTxVb~o_hENV!;s6oM9E6djhVmoD7z8FB<{xT+CjE6W}jC?U2;uMhW zPQ?9vQM#WmrlMnf(K)q{6wa|;*nT&UKA3KHc`+|-=n{({)6Fiy@lzHc<{G1)=&!3VcTOPR^7*z-&db%w)(a0XpO8O4U?#N;PZp#>*Ei)JYS^1B zcg_!FerJ{5?O#Z12(AX!<YeTz)X&1A%e*F%UHkf^=5q;J-T>v{lt5u~9BUdzEve{aL8q_Ep?d2@kg2!r z4eD*CQ@fe?wkzow11jCjSSezyz};@$ycRSw?UWGIaXq5LF*_RAX>3fOoBGmh1ZM&3 z>~T3~@3N!JaQSkXe0fB``&N0>Xnhm(8&Af5-=QGVu4#v6_@)2RV< z3n_SOWqEv{MKiK$O8*{l{{d_*&6Lho=^Pb^oh=>J(tilw2}~`8{=;J}z}6B(5y;LW z;(p!Y!2JfIm8e+n=@An5K-Zx^&=Pm)b#MkZr&>qH#Siqxmw@4fIw?2M4?(N!s}NF9hEQjGv!} zST9C?-U{(9$kq|Del*|Hpn**D{k$FpcY-Vr3pAZ8%Nl;ZChk|j`gwzN=1AwzK=cFY z$j=^+Cp*CSIStWVjCw;gL>0(xB;tO4K43pT2kZSjRL<;W{k-YU+_d*qD@GKJ_q_sT z8W9F#_aI=Mm(4lPpY`}6G`F~w)4l=kBBB~U=_5K*f$`H^i1WqBPuD>#1=%1G>;2TQ zJ?3V;BKe?Hmiq@{AIq|Qu!^|%$e3omzd<}BMm~5O;w_LZ`ClI#wx17%qhj0IL@xT= zPSyvt^*;Ef)b~NBK&gDN6T3Tr^+D(Td@z%E-qwK_>JsoSA*%5~f~W4{!1$mIM41@* zAPdn8WM>ia|MbBk6x?01+&vKcRF>s~!-zXv#^i$&Af||s56**_1G0;WxL-RMxStQ! zq2iBLT;jNGtPdWzBi9bTFY|rS#`@q|>|PD558CbLgYCrgRw<_)0^a3BH9pXjhpU0{ z!OIXYiIERJg7^SrKOy4(>4QBexa(!PA`tsRmgR%p#QjdjQJ%mAS@s7$$Jg1DWp;UyLCskVcgXX4}wf*_z=VIgBsnlK-fh? zY~VZI@IiQ>oOf|sJ3;bbER!+M$BrgVcO;7#eJPI@uT2t(`XrvIPoi<4mHJyb*4hG_ zMB_k>k{E$t7&uUQ`|~7*ki<;&=(tTHSf7MmC9|c7+a%7!(v12f;x>t!5L~Aul(#=m zqLw7i(F!MIllXN-&Qa30NrbGU)?sOFeG(z-sE-kRpd^&HKTo2s;~Z3>QvB$d3+Zh< zcC^ye#m08IB!2YT%TeL)X>!0i>PN4a9952>E$BDpG=}jXy+NwbLl6uGw(0Ki{A=D_ z{zCa@&n%QrL1P-QS2XjP1D9!?{fp-vP12@4&m(v)Fzxw9i0j3uJwE_(KggC4vA#Vw zyeiC%?KLR4t7Z9jFZ!%3t35wQ+`q|~+VfV3cg3hZe+}^!$aW{VHZRheEh}@C-U*eCz+Ar{330d>Z5*5rF@?CENCfu9(HFbA#EHy z3~`?rHII)W{t5a{AflSbJmQ$;=qC-9Nwb{3*WYf#Z)q6L#=$HnTSac_Tb803v0cFG ztJcmA<>w2p*}KY*7FPK`F%1K&^R{$~2BPz&SNPwY&LF~TjgBt2OGw@wDxLp$(fKq5 z(>Ui7egQCz^B#yh#i(&^gxCQ3mJ(5o^JwCzTz31x?Xyq&%r2w|`!?bIG@RPisF)TU z369tP#A_OupSJCIRUOq%A>6wD?C{mJ(opoYS1V>0nb-krlYJ)FWa;9j$v$hFZ2LWo z4q%`*f3{)G)eoEYoL%C1gF5>4*cX*7F!eYFVw4!w<1~m9L3Stc>MLXaZmvs;aykTy zM=ZbK6;6|7)yQ1po)2t|NGGpUIxl<87Uy)XBYf#TI*kWN=M}GTbx!9#!tXUYsOLV&AZFK%HsUY zOEy@c&ItGG>>_SqbpG!`RPVBNw(-{7OA#H}@w8*lU7p!ZX^w%Wphh<~&^McwSp+>K zY;mO#_SBWlLbn;?JbS= z*PRddZqMItN!TWHZ?4I(ePWu-D%)h1lftdQ&I;6eVD*7Szu)uDVt>}I^ax%JOmle| z;w3R^E+0XB0J0?wo6Fn#ba{K#GeDL%%km>$bc-yTl^$`wlQFZ>`!6d!V5+bbq9w=< zBI5sDg#*tj^Ci^t7ibR3V*4Hh zcS@+oFx(|xQuFyn1RFqqJ&l2|wS=lTk?k2%iPzam+<}G9fT_gZ zw8+2&74Zho>rH-5CH_Y6FThk{>K9JG1EvxyAj&~jC#BZ+`G(`Rwh`11XQB|ABg=JO z^cGoGB_2fF0l-w^M2PWX)DP!EoDZ_IZvCH19KgsK18Au@pG9YYDg2laOaGvDGv6mfWKLb?%nb=-CH?(pnnbPqcf0^&gLf*xLdA6|T;) z^~#mp<(@Z%xW-klpuZ6qSA7iekr=i2pCEn!**YTDyXw!ba95+?4v^)=UTlLb%T+OJh@K$3hKT#NcQ0DD&n)BAeu9qmf?h&#XIU?7SjJ`)PIBwYyX3qu z%X;BBERO&+GcGdv?d6)!5&T0!bNl3MuR_rd|BV;;fc4kxoWK0rC%=+}vvmMA&h;YY z+{4+r@VsZ01+9WU$L_~UNUNZdKiI1Trg3OtjqXlWBf0T&7&*A4skic(In$nQ2<*lJ0C}L__Hk zh^xh@Y26KR7s%ETao?upj@Ykd4a&8wNKiNSJL}~q_Y~W{x>NZ}aE)8ny=$(0onqV9 zGnju0*j6(=*J}J;HjRkhD!Fln=e?{9%Z(qP|4(4txEta-G3sS;?hi&mR_B1%`{K`f z*?bh-^|E}17povw#ucrI+X5I@^n~E^4AvEgLJR}hg+$!f6<)OUe!f_Pj_qZ7#mpUM zy|C*BZUTDpLS7HNV6HWWSub3G<;lR#55qju%X+$=(-PF^!94d6uSE01iwK^V&~&{+ zy$addfq;jZok4o$!X4q6#{e36e0c{9(o-1-n`h}Fhe!adyAR8`d%L~IS#={S)8v#< zUgR}yFq2=`x5Lf$5|S13N}gmuFC6@df$Szfd~aA`O_#Hsvz?miaz>4&=du(qgc=@w-x;V$cBjgt zpA_YGPx4|e&B3(mGs*Q#VA}QN5SNKj7rzan4rCpY+_zo3!}n{}sa&&;1oco*=f5r_ znSQo$52tajRI+sk_RKZzeqOO=izhJuD6oyYpVvXctq9(h(A-Mx=M7Qg{x5I_o}%;+>4VuTotTW3R@0qg@FSW*`pgb_3N-Au@Jz<g>hVD_2_lzCgNvS4Py_wn4lvM$PS8h;Kl4I1%^j ziM{t5zILNxI$|WKhao$kuSVC*Ho6r3Un`e(Yjn+QcTC1TCj@MxYi8%>;Rpsv zXojz5-e5Jl%Me^Fp?Th+&`WWV=-h|kZqUWF#3Ikr!c!pTSLVC>bKW^^*b3A z>!>ydlYnC#Rg0rm7)O21CcSw)#qpYv1LrdAUJR`B9IxGag!du18(8OgIp_IP&@7C3 z`O1FK^Nz%xao)@5zXXi)wnKaf^`n$XdeIB@@>>xuLvXExdff|QcL`rb@PdST=?mdN z?MwWQU=QeTdc}X;_Oj3BMYcOBW(JrZ;T~dd6LGhQV_zA(_+k1mH;y=2n*U?qqx>Js z|3qNvoUk5?(G$|0|E9jZ%NAno60WVth+B76f4>mB+>Rw_{*z{B8lf7U8ec+Ic-TSYIrS^0Pyf~^voHu#ct{O<_<3;LTXddV%x z)rM()FWIttOM|xgZFCd1cA~cVy_~BZe^>Wa*Wb{}?doo_PkOh^_nZ=7?pgidxUHO zc1;w#hI@~L%fZVaE)k=_eL2LfAlsdI^@IDOc{Crj z8C z-I>$*knnBwI+LYSBb|5M!WVNoKM?-C(b1xQg>;5W=bvu01Fh6dBnciYj{`H2w1FrS zqlu&sL{E@iNyL38lK;KY+7|cPnM8-Fxa({eUUf}w3#i8+zYDK(%{KTX3{L=d#(g%| zEdAxmHsX2P`(tRm>%FS1s!}dM|2$wScI;PMA4G|` zLhY;WF%~Fh5Lj)8F|R4>du;d9JJ_gKuR*OX!ctJ97q}6ckzp``gMjtcqd9N+>ytsG z;H_4f*0|o!DwDi*BKlK-@zz|3^To(p*Fh`=*`Y+N_tu|X2Tn!7-6+dXxv?Y3zVX&7 z;@%@;^48xVo)IH&y$$ge$W9~Te%|W7ueZ!ym`Sp)pP(G{gqyrbX{eigiIp9|F?y4w zryryDq+4)bPVWzNev@A9GJ>u5b(oENw?9i>ox9@RJ=pjD-EIpF!G$T0QxJ0AzuWC3 z@ApQ~9au--yPu<1Va%H^ciiWC$79bpdII`K0ORP>Ax;w`M_&SQF~~kZ#Q)RL8&GhU z$?}74?0H$%BJURBE|W1i`VokS#mLbwLTmupjYQnf(cS*U(d%VjKgNN7ag$#v4LN!n zR^A6r?H+=y10T7VjNEJ;xcRDF^F5R0lxe;V=>iuwK1&Kd&Z8*Bhm>FL%AQLwv7}NB?le(+E5RV!9Z4bs@w8kj*FJ|LN5# z6x?aDe5V^LB16WjHxu_J8IxC6Lp&r#UVQ=L?;u-4#QnT_@Sk|Kt?cW^c=dKSIY4R1 ztN+Bxd%!l|a_Q;E=&f)YPs{1;LgzoytDQ`+^?olc@)ld~m*9Q5)va?6@x8y;ZKLKJ zDfFBGu-;$nc9U911nq$J{$jVk77K?W7y|m63)IE#p$9X)vtYHgadoaX*bvcE08>fP zE0WKaxZdDler=pe{F8yHjRg?%#i%xxLEH$k(}-AK8x8LU&hm%e#j@O6mTz=p_sX)` z_-f)lBx9MEA>w|u(S_OwEY&mD_BnbpN-RXr)sJ!WwQlkaC8Fx^ zn&V=@=q-|-evICAZsVVFdd<;kCcWDA1l#J^y@(vox7BgM;#_B##|4n-4D;=1QcbK1 zV5?)k9Zg0d7!GW8%(rXqGZD-H*8K}|?)S&?wWQ$f=tq(ZUGD|z+zc_-qQ3+f_umI` zuNb-iZxGLb>^dUWyZ_I|@~tRv-x$l6yRmj;-?;y6;=Uzga{pHlUx<hr4+E-{sW_opJ546OIhbo;A^T#8@;u$|#7*Bo(D z-x?}z0R-Ns|Fe6alQbe+ua1j53-6?VEC`-!l@bCJ&Jb_TyAv3@8RGK%mXmm@hF z?ldq|>-gzJ4d~5%cUW|%@~f8f7eem?rsX^jv0jW?&OadD0onP)^IHyQS?hYGhZ>Ha zne^X89${&Ha2#uE^0#Hej-f_MdF#}To0nOxJ+mu!!KHkM5eK<-mmbb7U6bGU28jNe6h8uonEvp7 zQbinDLK^~ym_G4-3ps2y{OOXvw*oWU%q!(j!#^z9Z+A=9TnmQ67Tiwgx>o4$UHB67wqj|KrL%acc9Bw1kb2wP4Nj?clDFNy1T=>Yqaml zzoY&fFrIuLVyhT=au>vZKz0|=>OJ|k9*c;a=PccHVYpb0m*+s8q1s6ua2ZK#*TwBm zjbD^`b+u?qZia)sDxv(osO)L-MNXv!!5OKT9=jGRf!Y z0&~B_j4S?qfv5%+4IaCdg(b>DV>i-wET%PhY$5U+vZgWQ7lg8Tc-3@GMwo7G~RJyy-Uvs5-mhg4Jl;$0XEnrBLzGzCb6K)4M zOe5khECfo`O@~EINfM=OY5-G`HV|cERFd8hJwY}|F+ifl+&3)_;E%@bv6qfZ>Dq(awGqej_T|@!sh@}%B2w3 zfFX-eGo`#AZY40KT!@9h3R&<=`3@mlfGOoph%d#clx`XKFJZFF8kAB4y+7vvZz)xR zwX)sXZ5C!sG4<3OGtGe0R}K1W+GH_78nWniwHxrvV)(u(BLA1bUVh-Y$VzSE%)VD1Z~T6<1D7;!S2!e&711J@Pw)R3@(47>WF zAUu~GxPt|c84=Dx;|yR%ghddSiqVL$9O71xT}`yeu{qCEi~j!G983+>04oJ=zP1`S z2Y!`dZ2&z=)YY=3E9gxSuZYp$`WeJ_kljE$e{c=Wa^^TZ(&X=Ao`>n|LV^oyx}n+5 zxtv_-4C^j$J!xj7Q4GyhDoveEfH*|Q47pEsdWrVZqK)UI!6D`i*Cz+AN9!Q?{*sxc z%i6dWWhcQ;kxZu=xogeN;9~eiV6=`Pa@SVa#hWu)2N$_dnX|E2`(c?BJY_Ex3C(D{)b`tkX8PoMmpdB}yff=!iAPPY?pLqLS-cwfj?F;I7Im&%RF;k@q3O@4dNNdTL} z`KDWSg|C*(bfNj?d8~2pqkzrk{7(M5*k*Hq$!1{bnt6REk-C~qK53hLHe9{dIJL6~ zS2=1|LfE|byqwIQYVtne;@rYsIyUd88jsH*?K71p)0s{+9)A%2Zpln}rW=oc4ga}h z#^ckC$4fhSPBE|^pT4ihPs@4ScBa$JW8AFhZOKlruYkA7nlklau3)NwV0|HU?z=nE z6k-tfGE(#n-gl }R(E8r=+R_i1h5@-wBJ#8*^WAgXx=on__5wRx`7#l&p`Wh zU^?m|h)cz&quvHl2eKCsufC)H+Tg+8seVUYgMy!>OG5}mJXPm9%3M$=K-mwQfIU^;3)h`wU9v={?1 z3S^6j_y5sRm1lL-QN&Y6J)34TlxU{eM1nf0Zp@^MNO@3GHRZq!=#72#cnNwKy2WJC zLp8~a(}l)hGp};HUr*(aiK^Z8w^4NsaJaea+P{1o?y_e3_uFgcfTl9zjQMW?v9iq$ zMk%0^cMhL9>r4byT01yn{>eK8yhW#zE&`fa$Lhv$U}lf?1dhFo8w-ImlHElA+(ERt zt{VG!8v4uv=^QccWG8U0Ii`u{TJ@z2udi9K1T^H1J*GvyVC*2;6@e=G*k$-1T9%#h zmjq#2*;u-VX=Al=mrHX@R}=Wx`dF=OtO@s?z=#L}gOW$)zR=OcIV$%djW8e5n3(&{ z$AsL6K=RuqkK8ujeqaJ+eNjRv;Hwfxd(=Fya|c{nZeIMmDe zo|^Q}#}8a#&&S`fig)A~vs#tVEBq7jyO8OCe@MPP{N6twKNMtQbHZFVIvjPTgY3gx zpi$3oIx3$?IwL<|&&UsW=8SwVubejq%1c-mIG%rA{&lioPuUOnhw}TU=Rc?r{}_J% z5Pc>JClpjdQFC}%xJz^dIgaV@vao-6SxkqQg?q-aZ3)dQ^B&Ng5!u%z=g} zkLmET@Ii*Dis|sO@SwsI$!ASWhnIy1r>4VnkLmETuzz@2Oox|+{lm**I=n1=NZuV3 zVLK})Cf0_;ba+{KbmIjuLt{F;EPP~AJ!Di& zhnIyXHouCH2{9dB7M_$|1~Vz9!^^@)o9s-E?LibiCWc#_sT}MKb8H+>IMZU=$Vk{f zyey`}%fiP;Z$n|G6VU#S#VV7ZJQ9Z84rsosXuMKbK4t6`6MV;DykcLS;4jFkK@* zQ58LpU7XnMSCYL>u~yJd><}^4v8FJ=*bvkboedL?MHNzG)S|K0V!9Y6fp5@`UV|u= zI4ydwY}S&m#0+yRoRfdrStmJ((+i{(begQiXe6j?BrXeoh^!!i#3@+LuUoK-k<=?F zgANpYh{a&Rc76j+bfB2TmS~u+ANv@s#M=eRr4u_2<-|LNVUtA`n_ByURQL$A3%U^1 zDcGbjy5JO)y@DOa{xe8|1#<}v6oXVK&5?-x5m~-R`%sFxe_8hr@YtE4i1vTs@Wb!o> zO;d_;3P1MT{3g#J3I+C@&eiYJWW>GAEDJ{6pIa7qVK&KTOrJ(bXVIrHAD#$OV-#%g_Wq%9&YtlPM?zpLSbK*uSxUvAHa)(mz^rJub<_;T(WL(k{ zjqboHzQ$JzO&%hZ*ymDNfp8?j!=zF+)c2Y^#xuKkjDMqBxMM;*6V@gu=h>&iLP6y! z6qG-j^;F)cnSyFQ97-nKy7@7`pwrr^pci3(F0ciiX08(j4WrPbQUOHiQ)vb-1TU=v*Tx>n0XE1 z5<(Y&cF)0N9_Qy3xEDctsdjh|$$#K>fDWI)R8+Cr1RZw4jE6WJl>Z7-PK9*%4PrWy zQviRZdDKiT348h>QQqcibc+%%A>d+^E|Ovy-!(Jsm@0E?s4#ZesW0z5A{4)hW|Y`Y zsq#L<%O{DrEw~)rKHhtVx2eq2%9(y&@2Rw<%>Mt%w zF=MX`D&B_)9Btj9-fvk?Eo zSglw2tMzus`DEM)cHP}*P_k=oecdg$0H^z2`=Tb`?W}WxQ_UBoZo1m8kf$<&j^Zlp z@G?FCXcwy$cDY+&7snNLsmwnuek<(ax56%di?#U8D=*O%!wL2yQ>Dj47q=OTyrPiR zkW;KhabD-DOQ9?5qPX~=QxVlvE9=Et8Rsoa->qP~GA`E2IPd0+`pAjFgV*w}AovQu z2meh37za2lZjwt+W*7Y znZR8&wSRw~bM`s=%;(%g_n5k)iIOHXYNQaFP$Y>6A*8`n2q6@qxRJ*cLgo-M=aD(- z!9z62^vLuW|GeMdwa&RKdEftge?Hf~*LAJmy4G6Pny$6?+WYJXv!^lfKrVEqi!tdy zE_9}=G5J6)bf%jz<$+x2Om}0d0=dwc9>z2d(3!(4<(Q5L zx(3!FEX8=s} zYUDy^gX+(~9VZt$(?0St)W1tXxzMHl!vqcc zMiJY}>ns;KcS-gGM5VqOdv66h%a6`oYU0lFqjQ(Ju>9zJO?oWZ>{h469~$q~CHYtC zzlF4}hTz`1biSbuY;BDoH6yV^Np0DgAP!7V1Kc{2JIE3p%ymEMJD$Mq4Hwi+La?_4 z#~-BMIxFM1&d!G`_0{z{>$lFzn`bS2>p6rwTB$ngx6aDe^IDW z`*1ou}nDc{o=o^i?8}t0|TLjz77(X<;|CMli z8^_HDvui7~SsV0r#@TZVU#GZ(-nkB6p-HGl5eKaj)6_A$xP3>B_8pbg*rvbOwkh4pJ~RgLWT=xVe#sj8|{->uQFwN=$r$&@wPr&QItX=C_g!cA=2 zs6mZa<$k%XdEFes)v0)|C?>eL4bSS+@yjWgXSJ@*1n0qo106G~&KeU5;zz>d;>mEZGj;VGMB{6Vf+W zOHp+v3wzCH(qGcmP2=-axZipaQ)e2yK+kQecQ(d9q(9MduTHv}e^5!ddTjjJh9pP3 zBwZ#SHNmSsCcZ$W_UaZ0eAy`JA0PisV9WXVg8q9?MgIv-f6$w;P<^5?Wb=|z-cq8J zr^k0^wRI(%R7h!R&M2hZco-?qE~exdfY-dk@hae@@v#jlFWWlhY?soj>qh*L!0$#= zR9_jJ1y}a@&M;+dhp{x4{dp+O;`Mn$E#*Mh#O@X7G6soPw#yy@otYD;d5&9Ie)Uc9 z70Pmr6yEHz#F<9aJVZ}RSKkp22Sqd7Styc~e~~LvV9j)wF__^sQr48!aH%Uj0-M&n zgE4Dblpe3}H7&WcDLq5s!;j|D-i61}IyIdwyc_eFH;f!@tmM2yd)FMCC}Y?K-_f;e z4lU_NoEHpG4kNMwOg^}ou~#$Fn9|^R={hW1Mof8d5eaJ!&$fZ73Z@?bGb*zuOkMEf zelSNE(>i$RVwlmErhTxqG0c&st#hz!3d|T|_6WvQz#L^vmtY}Nam`p`x&=oMg*n=o z9>JXbVU96oFR$i?li=a+b6-^5Q;RVWQD#}dqn8W1RZ8?#+_Go zeW&bQj2JDOFo+F&S!Gw6r7S_a#LL<~v~YUiKOCMrG%7ttk69`YX%6$k38yXE&j< zminf?9c&NqU;ZP zy;pVxdO~GQN6JjMSIbO4?;$gNTqZMpL{(#DdoxUfvTK<~;$<(>D2cLnnWmFv%{$6W zjYh~!^?PF`@5H?)9P8DtDVOU!LE)MYnQ&@9sM1DZABAgf#Y&C$D%bF+d6TRf_bFHJ z>ht4VGO^+BH;&z*0`ASE>y^Do-S`CIE0;G!9~+ZzTz1oSioOL7y7TinHW;RQF$gt^_#nO(H6 zkKa+8Gedxz|4G&A;;+PCRZ6Y6@qcc$;>KUyYQ>GO+-k**zvgrXhpJD#>2wB%)WE!D zOgdP5I?UU~#$H`_%5ktC{~-Jwfr;afIn9fI zSflV@?F8fhcB87)7q0n>bb_|=_v5`8o`<}N#0&JZIq{DxR5w4+kK@GG8j}xRtAhE& zn8v}oonSt-Oj~<(KTFvXnl&EZ5I+-T!B1i~TD%v$(g)@`^Peki2;imo01v5;~#u=szCi3jt={A5hptNDas$ggt0hJsT69j^PW zrZS%qaNei2WzCPwW8t>>?+x{fP#O%S*&@muRf9IKAR--Z7au@m7rp!w-Yu(WFVI^P z;r7-${2+k?8tzafRGgfps`xf`b?h;XTS!EWgXqlcw_2 z#q`93G4~PEwOUEiU5-AA`|RBkszE;ZNip4xDerRnncPvaa22^J*FJY2j$)fL!ee6_ zk(90LPQtP}x?-s8U;C4~tOUm);+{KxPEHN!?8cBCi{|XIi^gikH!G_C;IndIS2YsaAAXnDl&g)@@ zCe{LL9F)+ep z(7DU8JaZf!lY`tP_~cL`jxwePof2b|`tnUneL170{sBn#-;c?zJXDp4_hJ6&svj&4 zRVSEqgvx-|4S)<>riDX zzDla?Gym18tQfCWLoL)KRr)@hU+c>tEmKyZc-NC?@KEcN*(Y6FK>W%$YsdzQ>VAs?2G__O8 z%I?)BW#`T*vw&awr8>dxDKjp^b1kLae-(&)s7oq7j?}du3g0zVA;zoKXbyFAy8Nzo zo~ygl74NEk9O~h?GzF5f120sWpG)PYlDyPEm#b|QuOhI!`p51|QR_82x;L-`N-{Fu zvMBGQGju}rkCx$$#X|>`gja#Dy@2H{G`J+EM(}DEE6I?OxLe@b9BzHC#8;Zg+&QD# zbj1-3jV=jZGQpZ7N7@fv99dGbl;r&4!>G8m*q9P)v5UBQcQzE~tk_W{)~8;EeGzKu zoy2w@EwN)C^1RtGe)`7ijVN?%No0O0gX>Df;S0F@8}tWIcnZvq1ipt7w~^wc7r@&o zy%6`Qlh~Jc={tltmoU`}@pd`4Eorjj9^m+o>DN_%p@}7tXUQWxm8fJp$_IJr3*p)Z zg1D;#>b67pTB4c)+Cjj`67)ZqB&HuXNlb_ z2&Kw#T$wC-mULDyL%a5J?V4dY^eRb=RVrpxdR)o)1*BY?cPUpEQm)N+Qp)O=uCT}+ znp85FP7lF+?35B}dGLxzQ=fFdN*Ix7l5$y18H~n{#h=#_~!=YPy?IP`$jMdPcru zvB}Oaq_W2%=ND2ntJbVl?ow@fEaa`H@}c^mj$T0Z%JUtRd=LYmBb2iCE6;aRWxhr5 zIh4KbN|IFMZ7FZR8_zbNY*^i((iQ(S1jk6YFY7Bpv&AX||AgXngDTezYTI+H5X!zP zjaB(d^^L<393+qas8pY%Ic7krj}V_n{B$V% z4$O4~u7SMrVv4*sMkzi`#|(Whk@pnQ&l7l7Xr|O6zQUU-{K=WvQ^g!U0rGJ%%})e= zRGNkqHQs!sI3*MNrkJ9(6Hm|}D^q&{?Vv4XYT_+biisIlro)IFQAD3Y;3T1$UC+Od z8={!oU9mJ@{mVxVCJ?@nsD;4lmF{YoX9+x`bg>0@@QDU%q&3QAP(JmHQrv@hHGox0 zu?@47n6Hq20hKHDD$CQ;*jpH?jtXp-u#ln793TftP77)GO<;NAEbIaKcrUt6_-Vuy zpvs}}gD`Cf>3=Km8(Z@9f6|2>#P2^CdfncHbFj(U@4@fc|_iBvHu5l6BKKGKf0dKyK-yL7aEgKeIrwJ zLtMK%odNPQEUb$g{sc;l6df%ULb zX<()Iq^gj0;&udffm|n6ii|f$DT)JYD3J#i(bEW=Ds*9(OtMNZ7yi~vP@zgIhqr*d zQB3n0felJyLsu!H-WsL2jcy?HA4L9IMAvoUr~|~G4U^^IJx|vv{)bM;N6uC*8YaDf zb%$)2j3F>u>0&F{sHEvE_;||Yq=|cz%g}ie0qFI(= zj8ZJ4=ITL{iJT+=#n$*72!vm75oAI>b)%GOj9w1p5@=gSWA*{0_d+(he>PJsRO;M;n3@L7WU#D#nK3C2$u&HUyQ5+bNnA7=n8$ zmAd>>#6Jny5PX}!n~)nIN|EyFl%hBUHxaq9i2fe}zX@F!AU>^0&RlJPbj(L?R4y7I zjeB5f$OcGH0^K3k(~beprzPvxe;autXS;hvDAhwS9})NvirxWJwfSC`GO{J*zNtjG8e4o1=vx6ZFyRoFcu(30N=zb`2VWo; z>)Q?6jZi1{O&-{Vp6+oyy&Zw0C{Z`ie?>ZWx;rK1zPbnmh6cF%Lj(Uen&{M<)yoj@3~8w$GavMY7N@+1w2z4Yx)7F7S7t z@*kHtOyG?X=2RxO7?b2z#BG9@W2B`ATG+M=@q0FB8q$4veG)Paiub+wTWe@WTvLd@ zmQ{!Fmds9+dM7ng<6Ny8W)C7eL)lg8E{$_7B|HGZ{!sc1*3b2ptFBdO2{p;Zr=cW# zHBrZa84HCkhM7iS3RI=3LvY`&mS|4Fb-aT3*-9YS@m2!2Ks-fh{6ff6H`VYwLuKtv zS@&;FS^e2a+vFN&Db`ZJk3!i~)bwp~EhKym!K)IQYuGktZSg6BwNPxI`|+nx?t3H9 z$jPYmPb&Nf#6J=LBjlw88V-n0lo=FY$6Th4>q9w=HmOJHGC!FM~QzJ3SR*8DuGv^O2PaakZgkc2=ecQIk-P93i%JgJV9Wo znB_2U5qJ$UmwArm$o_ zhkkyl(58vr1zE9;%@-NCKS2PD&l6?MS`7 z>+}++=b*yUIT0+KQ`pb5xsELhIsF7;17tZBnW%EI943*<^LlTWgCXcTa$d$T)5Yz| zDB#WfZ0ss&mkTp-AI?HTVYx6j5Lf`2D>I%%{AiaYB@wPnRIZG%)3@EqmLo1H1X(=0*P27UAE%x{?&>sZ1tkc#cy0S!gq4C+^KgFz51Mv$W%UTFZ zTfh~wt|Ph$L?>0*zPz1MQ}^OH7F;s%(*VUQWXhlU z<#VVM8(As-BAdgz~PiJrNKPRTZsGZfJf%Hg-2lIjgjaRa#%JNyp zIlWqSRF=;&Th-ySOn3A6sQKp^^TnLU`bEZhtahXG%R-E~uU}`}ZDaHF{^J_Q&YXn&wM>l`%*;v1U&}OA*xfOIJ>xuM zD)&YvHWnjzB{{Xp0|nK((_^Y1$h2=z{Xk~#2GtL3rTU?*RX@B%^&>^qJ6wb68!{Q@ z2`?lUDThgJ$m}LS2tEa4S7yJ@+#+}f(e)5sRS6Ss6Hdiy2CgY&#fn>w?z*K| z-H7fC6^b>I#vBrZq)=-D5$eK{SlE-EGmKirkNu-8snb}?4!YjE$J*cG6gO*w> z?NQ=7p7o%TOy7ncRF=a-bg;GI+F* z!G~!Z>(cpAQRk;u0z5A5X71ZMpp%*VxO98l?7zE&$m7%TXJ~@VxRZ%Fp}_DM?nD<% zHkIX0OqUCk+)2!YbVZXAQZP}SmbMu+bAo~iO|EX`IL+ml+(Y=&(v1|8{Ol^2)6;ft zpqqVNYIQo)<6;VxTrb>N=_(xb-0w(|^M!hQyoU;Q8t_Q{0b!x@0?;ptfPT}0tmxa@cUo+K203T7aI zzG5DLIfuYBF}K6qOyCBnQX2eEkh}=@6y$#m6Fv}sTg)#oU10Wr{OCh$!U^mTH7$YZ z(6}=X?I;P)D$o;YRvGS&WGwMxpl~~wDFn`dDuwU|BDn(YQpo;FeYI#a|0*id&Drk< z-fNjiWT;;1o&CBw`@KlAXCY_5Zq9yRAlL{w`}J`4%N>Mk2g!ato&7q(wuh=@zjCvm zt~j@RZER~B?h9yd$ZU8Df#b!&3`?I}heHFUZVyB!MHu z$b6FsoCa+%Uk@|iqOHt#3Go+0X1<#U)I*g*nE4)pdjQg3$%|J}_zs0pHXL(R@1*Ij zL%N;LgH_+Ff!!h9PmG>$cS<)F2>(%MZJPZ?Nr6QLIX>(%mHs4T(<#v9r_HVF)klLGg(oc5$+c;AcW!voq&_Z|ZXSncAi;m)&vy8y~7m!|0+l066iG-P=-b9z66UuQCKJ33iZE)|K5=I>I*W=p)$jY zR9b^I)OQaz{j5ltyO}$dgH$V0{Z7ONIU9*9QU_=xCNr|vKT~!LAi35tRf^G+^J=PL z%6T>Arkv9xwLFqKiV2fbhB|k#GG)$aj}NJ5hBqhQOI2<;OtB`Fl+W(<__YwbF4ahd zbc@OQVr&&6rTr#VvE`t}=0a?{%<1EfX8lMv9;lQ$4H=53cQ{at&NPM+Y4>Uat*ti@ zN_`z?EcK^zE%`|1xj0p$**LU{Bsn`?baAS)&NNlqd9aI9`@S#6j&99L?JQV^sru4X zxlQ6aJs7$yWyc3)pVlqzr*tj$hP1YZJ3qCLnkO{WYt~cB&PnA~!!JRZ zw)Ua=<4hSxB#GKned-W24V5-ae@?2er61xoo2`{#s!P9^^yWR)-$MG<_I>rKsXeUc z4|XZ1rur08o)MNYk4t6h@TD}m_}Fq6s-X2Q)lR0GPJUCMiuNGhqkmR(A+Sz?-o?Pc zLZH>~LV#_c-W2w{0j;#Sj80`j+V=A$XdhGf<8 z-B}%HAnthxy%Gwa4)Yj+yTlv|)8tSdwnLRl<6n;COt|roKOg2B0vp8K4l{5BD>URU zfjN)B>Cm93V8)Zb9kE+$`Rl5`(DkWUb6Ura*nI@}L&)3tB~nZ!yAO!+UxxVw@wbrO z&+Pnzwhi-Dg+-|Ma#|`}>!NfEo_5fM06st$4i&)v?)I2Z6e;U3b`G|Y~p5`1}`#;T5V<+{6LZD?>b{RBph$;MOG2< zKSTtWn}=vTGK>6-DDfgEB~0YbaZFJ5$adRGHVMON)b=aLCgGTj_qhcJ?$9l`#7tzu zkuS#v`HRV&U5rL7eGKx=$@ucUu=EPV>nZTtP^Du0caWTZ7<(?rUkkIEz}sTJhN(Q9 zvoB(PhItX@9;kb?1FGis_e=Rdc@#HbA%6#$mkB&8Mn8w^AHh9sF}uTD2{Rq?`@;OL z7--NzF#7TMoktKDNO7L(p>#0&jpm19pqOsawf#{Q8Ka7vo6gMxW4Gx}Abvb#x9QF& zaIP5Lrn{BEEl{P>*loIHa7&>?Z*=K4olG@FraJ5dvdbg&VSMIlZv(h>kUtgX4+6hK zbWAzfGf+6WC%{=SRYx*9ApaVe0R;L$u~v9ZOa7}~x(IOSiL^h21mVGmFCzYYDB2$; z+=a_xxJ6LpHd0j3tX;rTHh*sY^ccOx=R0IEFVQ8+j7zL5b%WfC%qCegBF4F7s#2m3 zuw=z5T8TPiW`1p5C0daVKMOpn5`|Tgw<*BuDwax==mN5s*BK}o!WWYD@b^q?5Sf6X zr2E}Meh4e(Aybcxyg=ZWN11KuYRa5tGBm`WyHGV5=Fh!tdTihToCI~z$a=8tNVJ1t zhlV(q+J(BvnvQ>f~3Nk(fp!AJH7h?*Oxkz)CTD!Q_u(f`|P5VFnZEFJ=VH zZ3M0tGY;lU0_z}~CRhBd=AN&7TV+$vu>JeXG}&w{#e{5{Tm_o43cdX_xd*7u5VMMo zr_AQ(n?v3jVe{Ekb?@yo?+@q11udyPORFrXKHrd<&u;n$FjN=Ujqv`!ZHy??A{#kVx#)1qTws?g zoeoJpNMMQ5*?s&?;Q3`l<8UjeMd#*V}w9v@{t4%h1_Uq&Cj`q zyhX~z&!z_S+itX+40HnI+!fHC_omR>kHZTYh$LJ)s;5~<#5 zrfVIdQ0Hvz;QrK3Cz0#~QWe+=D0&AHJAou@#A`@VJb|<;pf&>P1X5HdkP^#4ZhP`* z3LS9Rb|;TwPh*I+RuDdPPFq;I#1uS0WapDpQUz?T?r=_3!r>qd5)0%kHf4UwynSVfGU zRVe2Msmio#P{+iiX81K3zhDr3rW!$|Bz|*3r6jnQYHB@mk1w* z=r{mJK;eU6mJqlDsuaXO4#~H0-$4E(nB<8BMAKoq66hpmHp~P9W5q0hxu3v2V(x%h zPvCuM=LcZC<2e$tFRCAe*=+(JcY^$9U``}(9Aqo&*}tlotpSJL&*e@Zu-#m78OTc@ zn=594#vKrP`?+EvsGA_HrTzPOp+3q*Zj{a(f=WsJ8bVKkddMMPqd>ES+>nc0vMFnjLj*?vd}gx#Woh>BKtNp>OBtlPY$wqcwq+kR9w0+_yw__idYl9X$bchYANf z1{F0=&n2HKY93DfU}($14#C)saNSM)MlZ2IP4QWu+Op^rzA(ui-Kf7Yk*e zd8Tig#7`qvFS3x{qeqiB8p?K{iOtA*(?kufd%^M7Hpx2Z zM8*+&h~t60n2WXEk9z4W(HG>q3EGyCgZ3xV|AEXwQ)=JSHIKr->9pmiu$_VmR-6eE zr%AcJluI0-++^wwAX*6((?invR;2t1fL_hTZrdNwEX1b)m2y(T~$)D$ip?K2$`1K;S*03u{-EO)k3H+O;wl zeqXt0?aH6V;Dv1M>Of#O$hib>(n&*}u5~C1eUYm@TGMlbORx{f{?HbeK-kEZ6h)Wd za6lsk+~N{!2DzDU4CN5V8AP$TA8 zm|g^Wia8Z#G=ZUF&W2e+U@>Gn|E1)_M(0FwT9S{vsN!hn|0eOTLv{z?GXm?x=ngP~FwmP~mFZ_pbkrBCKFRVuztPBkG}4P>`u`V-hojBd%CLEsdq zQfZp%%w9_hkqxc5t6n~xsJs)Yc$eX{;pYe{ zCGmeCbUXRn4EcY;yhGp(sJw)I;dm?dS|#mU5`^0!`h~dfq3BL9m5TDa6KZz`@8&`N zJ}`3#oGoSu%np-z-378KQ3@ko?+GaUG+(*rLD)f4;!NVtg|=lhB|eCB31n-yQpdb8 zO1=FW{xYZ+A$peftCPUG>u~j~4f&+r8?Y&HBdGUqa3K;hrPjU;d=)U=!!zZsX4;U+*;I$^m9!s!8Ysi6M&XN{Ozpwbf;3~Pbif?3FZwVUW5GeU^Wu?6taWGjl)toNA`)A zG##vJ=wNX$mF9xHD%H0KAa`YM#y2nFgG^MW34j^_Ro5+b?1iW&WOY>1h$%4tqgcm7 zh##t?4e!MW$d6HR-M(&y=yR5ZnI=_Bs)T8 z$*u(Ugsl8Z95EH!lz%YsgP<+t7cgeP?aMzA0d48XZQyo>tS3mpHa(#)F?&HGZ!Xk%YtUCp9R3l^OQG|Hk=XewxW^VtjQO?!0yAzLiW)FyxYh?BJ?z5S^+!> z*@x^)1-|O9;8`r#inwR%h{>eTLo-FZuyusgFC#+g?L01Jk@_W6M&NJ%3SL==NFHnj z-%`kY)TP*I>xje`+)XFKKD*GU`f}0?Oa^-L*qsG~jI@0rZ&+fd=T zJiOL#Q}s;lsHe94SWGLGxy_+ya}SMK_4%&!ke&454jv*8#p%=6r9&i*%=KdY=l6{K zn5wU@>omG+Hc30U+O%z`jTE}tba1tKpQ5Z*8SSxaM^~HBIlMzCq1C37t4$|_yFsot zom_23AQ%pH)MuPRo&Qps&Rc3DgZ@oz{Qs>s%?`d=CP=2o((1ETvuR>C6soTsS*%AW z*+H#x4uzPe(rv0EKAdbJ#6J++B%#$KlB`gxyo}&^39VHk$(CxBuMlj4I@*CcKUuO( ztN6(#g;qHtqTS`5I4^7Zd<>nZKbYxji)Bb$VVgyUqsZ-fLcM} zGhzA?=pp80m{SRy0wubTuKSCmW8k}&lP1OG7*9c0WI4?=a2D@WqENke?x2_#S%FYb zwF25j9<1(dHAahj2stFG9~0YAy;q+^Yt&iw{wZJL&RWf?quI&jUF+UP-bS60y)b(rD>kNHkX-Udh|)7z-2DPeYl*ia9PU?>CPNHi4;-TIVU$s-E@TwO@tTj@>z)rsAu-+i6snnbg&sGwJJ?^S>=Du7RF z0AG~oyaha~2<~wO;AsW$^$p-@TZ7Lkf{)c?TUP*gIJ{Vly2NhMTs>IbxmjWt#U!oA z?v!Y@rx+V|&E4m!k_*&RTevS-C2d5sNR*keZG5##Sa)rgw9zy?Vc%Cw_K^h+P9)U5 zlOL#tha?(~JE`7$lUNh`t?C=!#iMGXHGJ@|&Sr%DMi*y<@8WHApyUzy#a&S9dNP#Kr%6#VK!rLE!Qm1%9cRLWC43&iV^Ew~`G>e2{Hi>UFRegv?!*2VuhGYF z2Eg`{h%cpu{u{S$b3FVw$TmjJztp{epU0s1w|Gq7_O`vyT;eZ*wq>+2dKu}9kZp{V znn!_0k$U@$(Z4}`0I`!^ct2lJ0UP()3;R2t(p63mBK{u4x6-H0lQ2ndAQ*p#!r6_g z^NE9WPleGdMAjQ4Eq}&iPfE)>i1z`}U#RrlY1|zG#14w9Ia@&@R(%A(B}5$#Xe1QA z73Nd|r$C8OK+jl=&MnhL71ITWL-Y$1i9hWf>K+t9PgbV_<|_v(LOv0@Semt$oQ0y9 z(!32LlPyMi2V}R`&L%adDY$A_{*Bq*2e}#|x1N-7Hb@TAD7TVCxGTLVyg%aKK>PyP zo^y`rbXRayv6@vXm2Si3FJKOaytH1e6~wnI>ILlbKLY9%+ZKR!60rPG)C(ARZz|WS zSUP+GqHaWXfx?qvh7lMd=6INi1WtySG24<(4xkJ<2|=UF)wy4AgTZ4ktWm!8R~=a# z3@^lY)L>XZ^2?!={nXkE@lIL^zd`W1gx2q0h}(CVcASYJA@%#0T)!U=dyGWt;;~^A)q2iqFsmTz zIbRX@0!oYkTI@NK%C&Gz`rDopX$?@8ISzdV>qI6Xdm00t*C3Mumc+ztVh+Ej0qHe* z znq{9Ae==qGF~z1iB;Gg!Kr9LZjg7~~Q6`(z-U09`v@N3&x+ z7gQ?E_lJNPE^Rj73*viQ0lR!HpyvA%0Ua-(&G&)?-csdSobP84c`ju0{Q?5liP3!j zD1nC|22h-I8bCcMXJG&(Rw2^>+A?^i0&Ubzn~GfvGZ;;}6k(|T99$YVgYD{u$;T*u z2TCOt7{1+DaJyf|-VV};*v*ZIF|ea0(j?U0b^kNqPnXOlq4uu(Uxwfk$hyC8eRHXL zcE@<^S6Nr?!#{|>33BsIb3oi7<7(ZhYdkiBQrdj;9H8Zpb*D81RzrzFK#Se!|G5Y> z1}Jk)kR#{jo5Vz9ThA(uM$REJ;|w)tWAVkFjmH)Zm5DdieDV`He+jwyBolA1`Q)J4 z99o0iRG*F4>dX3b5L_hT^0{cv##_szYY@B*#g9J*KgQWFb~*RHpqAq?&~s!cd)LJ6 z1br>?YRFumH57}Nv1P`Zc-2K9Z4~q*zB{xnqaiUA>0rnv2&MMDSxUYA1aTawaZsUS z3LEzp3fnlIF-PQVV$X!EV_rpIju>^!I|FhjfMX0-6N512! z8z4i-XPtWf4?$GvCN|{rXhS|f1a-=%;tKY^kjv+XU}xcbBG?mZr2_sXpKgE2r;$d? zCYR5chJ2cgFV<&MVD&i(b;md4vnjCp%tLU6@=*c*l26yaK1B|B?bSh_4}!U*w%+g0rJf?K4h@WkLN(G# z$cBPa`(Bs79}4Y2wS`z2^S=Be|l;X7mUbJVkDIFt8Z&(|_o)A;#2@Xq8j0&{WZ zklFc=Gx?0bT$~>eY?9DkyOLB1d;)4NH}z&eBmjtn$PAs&@aN_ratVJ3awa7I{ zuZFBelse)KRO;;~r@KKdf@l%F_be=5DiZe6AQ-Qlbg=6g5KloJEN@BuZhw%W`OVlPRNyxU#o@wfo8)uuOry`aR;K#QwQ;ojEvTaGRT=cP66 z$^l~)@wOn=c|yS$hoWehG^=|yFfztjNY8-Gd1*^(p7wHOe)>Cu+y(M>sNlTx0I37~ zU~dn?8q-OU4P@eY?uvXs2c#i z*HJDT03%N>4uGM7t;r{&cogIYz|g?f99z@94CC=EF6MX>`=UvCrppo8_OfBHa8h@V8z7%Uz??Be)8(Dd=IU#+Km-qN{`09jB1H2HHB} zKZdqtH0mPPlQ(2jkW%BdEA{qMP!*^Oh!Ho9xklKyH(%JAAoxQ$U5dB^h&E8AV*GhX zE`d7_vPns)lHL-N*d+k6IUgOD~YEe06! zbk!fg0euA2wDdcmUj?-FdWk{enwIto(o+FNwO-qlR8k-Ia*$0)EeSM-yhu4oG`eO3 zF3w2J8C}JZME}KRw1d~^(QASH88fGH0*yrnW=Y=hwBktmGiFX@PxN+$+(`N}W+Uks z1fwOi8R^fMeU0&21aqKP8ke`AXNxNk+I@?+fLkCZY@`PA*Dm`J4cRN1^9a6rz<}cZI{%iKl{$~!^KNU-lrPfnF z;sfVa`<*5gvwteKi?Tlmh5JJ(`)=e@u};FDf#4(wtxQkF?1%i8AXqHnv%8w+Au7|` z2wsOYZ#)w-FXdO*%@S#nULG@-q~}f87;=;J@|d|KMfcv1d-Fdua4L1m*$AM$an*UWO7c04vVcekQWe*CIb7(@dVmkj4Jj`{Td%Kby&0XhodwI>5}eA#atnz=LNL zTVTHHf14=yhfr$3)rPlCP2Zcjl?k#}KY9)*OW$&lc8e8pUn+>~)e2#PjZ|1*4-VZWez0B$IIWo4h243wg z%x{nzct^%MDxXsk94Da-ydz`%H5ojG;2{ZZcYS2+Kp~_5;5IfwHTzMn*}EWW2U#1B zb!~hW{1nKIv9Yd=Z$)r}fY$J1V^vc4A%gcIYfqJ%lj&;DV`8yCv5__U_r!k#71|RJ z?a9^J^Tb%}2r6mqS$1pKD}k&%cP7vZN~{6;zqThXl#R}xtq2rgax8s5dbb;$ivXz6 zuO+fLI@5*GdG{7sVmPvGR|k#Gl1`eQ4|UBHS_?j>+dPNHn#mYmqo1!Jy1DBuqZr>+ z=7#BUlWWE1uD1-NUOgb!V9jH;g|0_1UqYL`o5y;rM&ok`o{;c~vrY59$|rOin{9+@ z#g?uWdm!opSu3`3tvCw)Fv+aJTDev{4Z%dnHEk<5eO`j#LdXW(Qp!zd=4uVJXDs#y zRksGZ8_Xie8fZCzr=i4Jp#N(F^=7~=0Vvy-VvnNje?TTXw{4IWp9-{Q&}=;v2kd(} z$tq%*kfvdM45=b!-&*rZCTO}ViP<+1LV8eHZR=7=tWM^tw(p*n#C9>}-JK2F*&3|m zInB1ISazw*s&crGXQX2GD7pHiYb<(CHHFvc2Q~h>sJRAbe~5o*tvltcV(YGp+FbA+ zMtKLy^SzpNQES`K?R*LrQJcZnqGChTKGqbTJ0@!%BH9qm-;VxafQCSE`ykPVXtjjn z5gaQa4=6T9?eY0JuxCkR?fO|Xrm9?pU=9@XFz^Zr$8&~J-5Mb0_(--^hoLsvJw4GN_To>NZ~GsJ2rHQBpqqY z;MF1clT4;F?G)6m!}N}no+-~AVTEPxshA4dog^EsVfm74xcU!xg#&|y>SZZ6EMJP+ zE^|l9*aT9;y%e=QW`Ee;kZZUV#fBU28g7MaxMKi}grwUK`(0VvU!l!Z3ZCe(|pq@Ze?6(}h-&WFg~{~5Xo}16d<0V^w6AkbiB@RT zzl`8{32)UTG9|i$gr6bU0O^xcQ=+XU`UCb?;q2=uQ=|5iYAqMBO@re0^KR2z_c#T? zaT412JkyQOMF{SI`hB9k?Ss+KjA!^Li7K;+s)f7}!w{bvjqHCeO|=s7Q-Gg@wqYuM z2E2|D;F2DLj;J?7N$-n>FDfQ|n`CbmlNOnZ@}~<)?HJf3I39s;HIL?!Xn2E?tCM_2 z(hW+kPVzf}U&W}Cl-z~)0VQUVu6PWru-~+yIF*u_dI4}di|Q|phPzBJsBeja=8&oH zL7EC)746RSu}iEQRQ(Y8Ye9(@i_#}5+jvY6PODnZre&F z%eMO-%L@p3%aW`9LRUs(4@;$f@@x@_?tr{l%lmNpfw1(+(AP&3JI(-f5aOo*JPC#S zZO!Zn^ET2qp@c^hx%YMkhxtw%yG-{r3HSDnenfzctEMjZOKg$$_HwHZCJFT zM?qFGs1S%OBcN}pj53s_K=!!gq%k?Mka7~TS;+Ku&de>^B6EQ$6!Tr?AUADA1tO0`Ax|OCWA@+W zT8pv|Kz)u)HbAM}oNzB4^vmAO6L-jc3T{+%KaICe2zG@7?h$~0x9-0=4+fN)G>auK(pb1nyiViS?40v^807*wi z6XBB(9Y)-6s8UjY3X;p=E`<1NG`#|7#;s9}|HVT<#G(3`7Zzu`Oth`eyS@zkc_`KH zV#D{8um3rM4HABL8NzJT4xy$Nvw4G3yQ^uk(dOFs?TTP$sN?&}E*DL^^Q~UTD3S1W zh4Zf2K5~poqSY$END}N1#m!8mQTz1jqX_PUviA6)G}=txVEq-rchKb5uON9@H210M z7RpYzj%#@|xD;(&?&TYVP@C~R5jKj(_1q#h{A&N;tNk`@<0dQJN|qffT@_LL3HHNC zI0&*|L>z;e0&m7BqN}2@hb~}L>K73oApU;Hei`vq08F-(GY~kRGv`WCdDtEe^l&WvI#EBP?!S<|Y`zo(zan5)ns~MQ zN>ZcyXatB!M=zVNuxNKRWvzFXGQDs<3e<2RBl7|EzKMrWL}~oFTfG|Qi;2;zVn=Kf zqrtwOnANwi9c+m4BKh~7?82>NbCBt<{%ua?&g9z%25cT#REU165N$u4$oP*eFGQ^V zYsA_@#P8ci@Sv8nYBs~+SVug324!1IAD~Lw{Oa7WP^wq+LUf<)qYFx=g6dyDjoBWh zB919UpJ~xW^%$pO0x{-;l=}0cp8E~QdQelk(JtZmpI)PPHCA8qqhk@w=YaA|+A>t% zcNPOsd%V~D#u`BLXr4Kca~xmucNO4q1dl*%z8OQBH~fk}dHNZi+k2#W@^AWfYCJM` z+4SrOnxfuvf=@{C9+d5*oZt3i%6ZrO8K6*nqJBK}9p60uBM|H_p?MUm9C8hU6;Qvk zG`M2XQ0Fxvucc0!c4unHPSgbZwQoPe+-nIp(xCLWbh4$u*xzwYlV9k+e&pkeC~Xa^ z97YIOyznc&xEpAn06-s;`!-%#YO(`CC z(5Icml$A3PSrK)ghq{^joy3(BHcl>(N^kyrMnvXAmFhLEtUA-h9hk517}|y2tL3)Q>toQd!p~^(ANWS08ufRO!u87)ekUy! zKU3EqAb09{g>N^6cX)ss!ceP0BvcX#qe^0LZOYKTS?m0Ar@bwp#xhd<#s=-n{f^S! z7bSZ^9qml@a^LQDqoC0j2Y|oVw?q8%UN3$j`;trW1wL3{QTFP_ail#OO6{Q9-0Sz& z+H(nl3n91M-tXJ8e-DB?p*DAM7$LO84WIDb@$Myv2izce6~HS{WF=WDv+0lwtqwW_ zKg+AAqcUd3W>?K4?kwLnBJG#(`r&a9-ezGQ$pnI|M0zsO6CkhCjc|h~CpXCU2lHrdCos|bkZy_NNAwi8 zG~a9cI6kAGxX1E`Zy%TR7AfxW+?0m64#oU3-de>yk#l*ut+EPI>QxOQVxAxVo>XR| zizw;&knJh%B5=DH?I~U-umXwVSTAE(B@YHM46;g|NZ@!es^kR(rb88RzG13L@?e8j)fXP$ zBQ@2tFFY3B@j?61cY5BJE=KElVhu7)Z88K?oi{bs2WGM#o6YcyBM8-ZxSZo8=2lPk z?aoO67=?KHG{qncqNqGTifxzZg};4ltBQs`IqiI^!4qRce$gKz2$uPe!hL< zdZ6gKy=x*_h&S zBNg8pa!uIE@1Z7~k6<3;Y`(Lz`AP(jO2`bki)+=Rm-4_6YFTwS8(~yyHr~~@Q)pKs zzZ|mX;-gk+Mj8W(=&A^wnmr0%LHu*jwv3*Oe~sD;9M&Fc~Z=RnbgFqOh~e^J1>gSx+M{|EaY^Z#8S??C<+ zFkch+T+B}}J3YY?1^NEfJoqGVznBu3e-n61OcR(+PqNR3{5CL05I7hb)CFeYyWFAr z>OR~EE3PNEE9RHKC&T=K_-cT2Aup}Z$4&z67p?%4e!Rt8fclK=-GCNBRXPtKT&w}t z@G046iGNDUyhuIS={3Txq%TaPkvEauNv|7Okh$|&?*8xG{$8XrT9xLct7kNnCw0qKY33tSM}ES|+}=n-U^6WLJ`8<*yD|LNo@th61&m$c) z=-dsS&m(;`*z~yNi%5Uqx(Fld&70UqwnaN9iNhUqxyaOm5!)1XYb$L#ayYEiUlH@X zW>?S$L!Y>kAH$s%O31vim~{Cgk5Y`?$=R1$?+vv+a;#)s?3>?1^n80=q)yxt#FDB)JW8Z>hc$=`O^V z2-ZQ)mwh*4zHIZSc<%?Yy~^)s|(lScmz>ho?(*#h4+U!n!r(F_JWy4 zV2YRyFjo?|97-%k$uo>q8Efugj8eHOLpAJdo%Aff`jyI0SL-}4L}EV|^Sc8jw@It= zdy>H8VwB&T1YQ@T{5BC-4<#0(q?n)i%$A>RUR{QfIh1H6CCaE>T$8c7BK#M^mQF~! zS}D0@NrbKAzZ2L9qF)1oH$%uwvO~AXDtaTc1j7kv;h$89)H*z>kYLu91d$2IzC%g< zR|+*WMs>cX|MW4K~~(g<601-lKjyS<3&~>Q_)N5 zhlP$@@gXwJMv3)>$U=lStd~&Lt`CR4g{igySM9p4drP`H(n|v^S+)z<+DKZku&5iW9C?#%f^wM=DW=C$8h7Jaiq!^b3%7;{XcX1(fp=FlSt|(OFw}g-!u~Z zk2If9jpn*Y`jn(scu9PEgr7q=UEjcuWX?kBrn=sd#53ffN#vu1uA_-6^$+0M=!!Au z*c`SAWzx$b?<>Y(sD4U4L(^VW-yGgi^HlkAJO;?^JU55iX;!@+!D)~iuiu4jLRt7M z=LR4*?!FJ(jQInCRgim?Jmn!<(t2#4RN@oXpX%5&WHhHNMB5rGfI zXeaO^fp4M2QqmQ-hUylD#m{XGGxu=o$J7r#6xHEK{J85;-2`!~=Xre^s#J`>3z7%m zZiM_jV0M3jdl8WB3P-)760VVoR|35lZkw4ah@K63o%)erl3_Lr^LpehVYC6gmH1nV zYSserz5ECukL70o*=lpCI9_{G+~c|W?c?}zvEr8Imo~)N22$xV-Xg^{Y#<|p{^?fx z^UVR{qj z0wsRH4svi@Mab-W*P_A)G^ki=axy_!UUrf_nqV|kZr8jTDHBF?KvU;g&W9L8|y*D?jaq4Qz1KVmR_9Elar*kPE0mTM3 zZ4cpHb}w=pG1>-ySBTLJxvYSWVG@Vtr$f-HFS|wB78S^@X3*u&yx7|!~ z8RobEifjU-+?G2fw$l&C$*rnTj5S+Dg!c6kB7Fb~E zRakJTf>ae1Wkpm}6ciLxL@covumur&2_{%$EHMQY4Jsz~5{Aex`HzTp0O+cS{g&Dgi2VV*6kZdtb!#W+Lg0igB%n3jK-BBS@TN%B89(9X zIJ{E;&z7z?M^aM03Bsj-oon7oL|$unVy5G6jU+xHD|W8=K4k6zoT%7(#VA6%$|js2 zHJk2Gy1cN|b#wUSFEqI-B}qN41CF4E79^wTa#rIp0Fk+Cw? ze#R%vto>lm#bL(63F?wCLrh1512i5VDbO_d`XhXPL7CZd?=@Y8eSD;kRR4+WJOPAv z1dfjk)pYbZgbx9g+nR_i=o=p6Km_1Dy&OF!gp<);5cUA#$K1fUMBBnijZVHcRCFc@ zMNWsj4gOXjdr@8nR5Im}ROC8He}wnA`1)~R>4-V6i|?MVXD0rMBlir6<_R)8-9R7P{cGWr?lM!>T+IyYhq=aElDoW4M>`}T93_1Ds5 zCY(f~`$URfz+`Vq9vKaC5n>kr+27pACpn(cw&7Dml5FIUkbVa52B2^&yjLM8H@q~k z((FWTK4$B7#=#N$&GW~Qd;|!89ehc|e%|~a5Z(pUV-ATV)Hs4&Xav09vfzSPB;rB{ zdyBZU(}m8l6vk<3M=Tk%XMq?N4k61z^V?r z=Zz$AIS}@t>d0{Qp`t%B7X#h^?VZ*}><3kMhcE$9qp1rUO(*CA$+c4eZjZ2IZ-Q{C zh_x#I`iQyGABJ!*pt|cBcEBlr;{GrYt_CMZT2e9I&1! z8Fum|)729ng!g;#)f2@pa4J-uT|Myyc+UaW6UFB<^YFWR;>WQ54(MN8Rg$#2n<^Cp zBgKK(WxrwL^P}ty05ve3ZKfex*CUn_(jNM^K*@c7Hwo? zBfDvgcl0BS!8F>X!awHB|SFJ3@oVqr`d$a8BB+O^=V= zaGosF52d*8x;9X+A$kQm-7P0|M}ODttv!l=5cOSP@Eckmzv~Xs@S&abt2FDr{_d`b3c<~N{lC^B8et|{H$pG|l7G1rdIxZ;F!&tqXcr|0RH!@u1v zS&Xn;i#sg=RaBV3?XJ!5^H9DAptgOdYm>$X&~t%svc1c-eWKq&xL zK<(v+BNlhV(cJv&ZVvM`G|kP=)MBc zoU+(@gf_eOVaBhwceP}_283DL?AmhVd~}~J{r-oS5aEchX}DS;huV*D?UZ%+S+r%Y zxlD^%)hCZ~ZP%&jDRrr%LnM5aUmi9Et!|dP#f!1Ms8!mRyBQ%)&w5QyeZ#bN+{%?| z3~;x|3zw$F^>yu+zn{jeTLImPZgp+<@xJFc&je^{?C;ve#lq*gEg{lDjyu4$8!_`C z%?9MD9q8KkV%CEmFVZ0n3wXO<{WRzwfN)M7zz4V$OEGtGnWM67N98HK7d%MV*}z+TX2wxJzg?0xP?PcA2KvCA7%(-s=*& z0)d}O$b6Mwi+zymeGmIbR>W>s4qB$c>~zyjx8!qhJMnJqPN2<%7D#BKo0--nv;%>M zx)V5C?A_hcPS`(6;0%jW=%K*!#HNmj4-dJ8`2<#dMfc-O>lU z;(kWFj}+I6$hpJnKtj{p;BQ?**_Zju1P}_vOz3P0O?OkpG(W4Tz6i8PsIUovu0@0# z0(x_wvP46Eqg(3g^-xn)qdQn#(&^cvM$Xrr7lY`hQMdEg-J%zLHEYKmq;Y0%G>-!g z_HfM3g~9jwsd>f zWc>z0>&(2H2TE-%8`n8t_#sOB=Fu8#XMyhlETT(qEz|*ztK zWo6<%!gq6|_ip~WTXa+_v}t9PY&rl9djX+MD_dmK72q31Gn-b9l(rYZpAv13Y+6+! zTESl!C!rnm%_h-mMB`TYL3gS!R<(v`Z1Fr=qkDXz(80tQ04)9lYuweAkNM!Ufm8H- zeO+K@`r>I*-#MjcVXu8+|9C`>1?&_1mlL>Dh(57@D}h@8`@zF!2UHs~ZUkMu8$*y*>z*YLIicKU4)fq_DF`fVD4NkCx-k;2n&b}oxX{7nW0 zOUm@^%IGK9SYzk*me^rur|wy~6wVFQX`?zvUUSqzD?c%%CLrJ9wX{j?P@ZmAP# zuyS|mHqdz^sZdGi)8pmH7c>QXQ2K*z%P;V4w)KhprQI zjK$KcNAdt`n;i=#5ndFgk!q3a>T{XVqT6je1Md?qy;GHN_jP;pJ_v40p1ZF* zF66GHug2!PJ@q}d=;S{*Zw-D|?x2LYRM&(sylm(v{aMKM3m{U*=#-TbSDCvG&)ZN4Ln8x7+YX(J$35Dw5z-8>b|$Ds{+$EqQfk3$pc z?x8`&-Vb^DQi^!*hX&NWr$T!tb7)_ejXo2QkHaByZQ#ec(M1@^k=N zya&Q}th!su;oVbqfx3@Q2Z(o1o;P$4LzCY4voNc-lV2|LpQf&w=iz$fp8let>HfixAvU^5!xi~ ztatAnz>2evd!^?%)~hv?)Q+eYF;HKt{op8tdx&|kGxMwcSPzVGOiM{Mm<-fE)Ra!a86WQF@!cnQ5enzdP=wz^Z{sWt*! z*`IKkKT#viqD9M`XwLSm2p>n--WNMgJp!3rR`SqSu#=pU&W;t!p;y`llXIH8n75EZ zCRvF^55<fk~Kn?UqFC-ZduJj3oy?^8+v z-;ks$xw+EB3@Op?Q)d6lmLgz3LpYkiV8F>L$xX!IqNif`rKOh2YM94JTIv6Sz)e6- zA~B`=3fRj)OzD3@;3FZjqu_OR{(+e6sUc7S#5KGsmAI3hNh;N)i5F$p@sM|eKL&6r zB(xPF_H2354Dqb;GfNVhi@+WX}cy=L5={KCs<%H@C@HR=8XA z1HF;^A^i#V?Lfgc5PQTPC3MSMd_EJ1Jqz+af%k;G4pR0uzZoXvLy!kR?gV1rfW+V7 zDjrCm#Qu(R?M%nHibP^bkcDve24ZC(=Mp$uNCU{t1g;07>0gB_`3s1{P6dw2!nQmq zL^;ly$M5JCi7v~N9{z!JcAoUY52PFOq`!BQ3U}m5dEFz14dc87G>5`+w>)q^fw_=& zV%iQMav;e21pWpT=tq+65j&EQ_cz{|f!G?5-3W{j@)MBb2^=b91IQNyUKMgB$j{#8 z6b}%)8D!LZIG2IgFF{riSPa;SzlwX*FrK0)-9Hs4zPuN!w88Qu{3n3_iD-l6O{lK} zcH&R5W6n#8{l7O?zC!9tfcG!WYwgH}&m@1{=ZcH9*0Z;*^1pNV8*uvk4*Nbq-N~?G z4}&a)d?*n6Bgn}FP6F(gfjZ6dC!I)T>^h2;Iy4B0d}N#ImGX95{dTt z1|{{xcvb4Z2ic0`%|NVZICmKdJOISC7~5*MKw( zn;6rm+*l>Z2T1-6i1h-gexLpY#D;*3Col?VZM~O6u*l2OaPJIDTW3HWZd9|pZ5g;p z@T(E|yu7N?A+fDW>>+J^qG?2VAObOG+6^{T%utACA}uOQupimggYD-`h=t64<4_ebK6WcGvnPxxOb zsjQSNLx>F!3E?0$CBZ*0$1;%J6yt4TbSef8$C1P- zkXV5t#w2qM!dCzbSA#hFLtR7QNhps2vC~05Ch!j+>O33nwPsMGnzTE2cB&{1M|-Wk zx;c2iq5aqo%FQ55`7ve0z56=O*Z;_WqGHSAM2JP0Vy!c%SZuFnU$%9bM4Pg01y6GiTp*MEod zm5_c-yla8TdXSYLvK0gLxBw)!nMdv;3Im8g3o@1HQ4YYP;OWBTZ+?S{&mi9p|0*Ez z4#<#?`K&XLlUVF~C{Kgk3q&hE3P8}L-B19*X{z>37pzt~3 zb)8HKxAE;*t{p`v(a&V0NrzhI*&+3B7bYK*`cq()f5vbQj5!}9vT=6de5ABA`JtUk zrS1|=)f{e~)DpcnEHR~e#-#Mi!lKWl^ln)FP}m1>O4^CC%mnppm*9Ja$tfzixv<(1 z8mH73sh%UH^rOP$7Ab9pwHFHKN$KFcQWf+6pVH`!6rv7&+<_X6 zv&mK`dLJ~MF4LWo_Fcl?^7 z-DusWWR&J71l|L35{oIVme2X{01#7>GYCu-qLkMYSSCd22Vbx$55#1~asr14ku}>1 z+$Kaub$rS182~Za_D2H02FA$5=*A7F{KVZws6;Q2GM0pSTGQ?wO^n%&!EeEu{7=5t z3PfH6Sx8_%ps)?m?%9X*m$xPQ>Cz z@n)l6k;4h?L@at0P7cobdCu|BK7gh%_2xV+9FtFill&y)JoIA@C*Id_yuAWm6PjMg z^Hw207Mga6zYl4#jXTzHHeUBO!xOi51$Z@rQ}dAn@(>#6M3?0wj}2+DjobfUBER=( zn9Ba4V0c(6Oak47&SxR}hlHUz)=|G831(oP`senG7F~%B>!`OUF^9dALTgIsLWKekA<|ZJKHo7vM$D7jA6h3 z6iq{u{?C7`KiZO)OgyYoFv;=`XgW3=T|i(hW;PkqPCZ4}<|B;D)6|N?1h&CZrsn=g zT6LgAmxi=3Q_-DJwbojjmsDP|`3ADVXraa?Xk%{Vb*x)X6*SU`4$U(j`X7v;PWeaJ13?eBq~T|W@PY&+J4&Z% ze@ZW!J)DMp=5weVD4SDqrdyt6Tn8E!SFq6qL{=0u-qz|kf=sW7*Wh|&0;oTyq~R}3 zv;-hBE8ckfkt|_=%&WDW@+g;BB7&?W0 za6$d4ZmKaLEkR~nv~-$ww@w1E^c5lsBA3J)HjoiP&%dV|_GcX_==pAXno@lOKzwBl zOEI9KxwP?n_CW=~K@`OGr#gf%*$vui^eeiVH|?E@=3!g=Gqm+)~h} z{i%00P(LZG+f3#UuV#C|b-l)ak(3~{EmG2;@AnH*&zCe_La7Tx zNki|REG&VVJA=k|dZ8Dn{w1njU&Bc}p!#|@)6jkpYXqSBtYLn5W4fH>4p80f`VH5lS*HWlAD1+oav^goP;*5|<6fg#B>>f*yJgPu z0wzeOl&r+u5la~gAEz8HJe>J7fy4GUy!42{2xXvxP33)7h(m6^8<&Geby3TVCxD+PZk_te-d9H9{E!ToK2PIn&N`R z{E76^ZuJ$_O9;nfTX`m~64y})IA#j3Sna&|wEp+$NHESPFm zk1TptR!=izY*Aze$n@fMWTCz25vspnW@Z9NN71`fbHSdeSs;^(I>&*`N_L`cO3@vq zAahbHK&BSGvmeO5rL;R|cF`bZd;i=?a26C5NNi!{nIH>`22zLx2bejXMPEZIIIxf` zI!lT&LKYQK63)`1SFZ!yR9%TwbKbqYwy0L+TVj#n^(QSsQR1Wk5Jmuzn*HLoYNe~z~mQaq;0PQ5^} zCC)WU>UtV_;=C~2cW>H8Rf!rwsWx74{&99Y`HaP6^TJ7Lr!JvK>dJc1>MDsuldms*1~VoLi>l&hM;Uc)p?I%NW!_^L z^BoQSwiN9<(%BE=W#Kg#V8vDH1mA6Dq|Ie7f>aRQ^ikBwejrM3>qT9C)ZJ1+H!cf5 z^{8KESb8^I1#K6!-vH&cozl>z`rVz19|+`zCfR6%Fc_;U?E2k6 ztMeT&9|9^zA~1_ooSZ|5+IDV`=us;VbKDWyC3Rjw>_wnT#z-jIc@znaj#f{A(DPrs z3j@`|K*kdoC8Q6?(FBeFYMO|%5JIhO64bJqIi7NN>ZGp&o~uU_6nA{YbY4iT^QA^Q zw-LBmh;+U};6*Ys)a03LwM=RV+xTpLGgn89>8klT})_VdSVzXP)BpojUg-%n~e9XksLAk}8 zOfAoF$jw|C4!P%J>oQbcdfxvzme1yq&#sykM1FO53=1g1k)dW7=k6$Jp>Es9)g8*55YpZ zhhQPyL$HwUAy`QF5GmGvFgLDtUw<6X(1fK_|dkDT9qV&eSYL$GY?9)dMY z{xAgZfb~Cy;DXp91PWqel&aQbSAGaCi0uPnLvTS%bAb)P1^PXeP<>fmeUJ)b zs_d>ISd^|I*uwcCSXP$K;GqtYcH%!Caz*m%=^gxhfNH0!!Mj_&)|hMKSE^PTzNhd0 z3&<>4$tysrMbd-5;l3%5u@5Vy21%|Hd_N$tAW zQpD)ue4|C1v#qXs9MLImE#1DxobMQD`d*M9N8( z%J7J->>`a*A@wcSlxgEhVqmL{LdhT2b%{-t%BqbZi7TqlCR`AU<2`jEL-!^2gVpL& ziP$clUCTR#BeQOV9GV;%j%0FK@N1L&mS_AE9)*e6v;0YZ$D?Qt;)NNv>?M%myZVFl zh@^Tlb0lJqLMpkK1yfOzXW<)8COo)A373rFMWtv&7=EiK;V~A@uL&X($aHZYIxLa%uA>ta8NKvBjP4~~vwqag@qTqJ zk6yXWgdHz^HILrD#rA$d6tAW5LO3yRusD6vLXuAD?JSSeUTbm$-N(D;JRbc`&he%T z8BlndMVf+`H_(u{mlUVX#FAcvkU@r&IHebXWxb=48X>%~^*oMFs6d>QCUb9jMwaqU zusd=w@7d&8l6&JE9?xZzlH(nul%6+)RfF`T!_`yji1?>;FuxaN=lHEujO&+gp>TX1 zw2t~6*Pzlrof0YVe|{~M=}&;3@V_IR^dCX8&@bXyHQ{^}F ztoG}WuknwETkF3MrOv;Sw0ihwB3bXxAg!K$Pqa1o$3buO_l45re}MhX{?)|lE~*2kCcqpyDylKuRz(bMWTA=BT#9LfOyU{V?2Z|6DCAB$w0AE0@VKauBP z|9NsT#2-qmq5kpc9OmnK)Np?~;So+IU&w!o#(Tub`ex!g{;^o&`Z>Z8|1>O!`hVrg z0wXW|Vl;lFq~~I<!ImFu%e-80D4zNhqxH z2a|M-e=(F=|0XDPzK3MJzY9uFe>+At_%C5tlbspChNU{llQl@yp=O^`oRU-#-HGUj7kSwYOhD z$t>{CfWEK4FY^2OUqN5!*AYI@|22}GeiX_Q{}3pL_`Q%n)L%mCOZ{c&JluZ-`VoE$ zGDkYW1`oe{ahl0llfJV7#uXw zkpBX~N|{&cR6NR`zjfj4n~x%DaE&LCk_RcG;M#D=9zgzs>-_PEmuMR=xH*)0STeVT zGHsH%-DFB_(;z!2`Ku%*Xwx7&BpmiUZ5m{U7b@YHr%i+G2t$&dHVv{P4Jq-oX^@NQBSVR)9z{0AUiXo zTIle!X^`DBwHRcwr%i+GtmL23HpSDXL3U2+eUPc1HVv}-mi`Q}*`78Hvis-0gtNfY zra^XLC8L0|(9@iP$F!YSSPQ`<9@|mZRHb zdpjlCG$=pEYk-u9sj^G7X;6NyQA)IFP<~z*)`~S(Wi6#5;<5oslo}^FgFhu#*2Al= z5~=Km-GR!g_&=cJ!rg&fxI2&wcL#Fe?m#Zw9ms{d1G#W_AQ$cq5SRR z&)wuQn1NpY3<4royzarLYh4~m(!Oj|Lw+Yuwk)=K;&v#qFbK&8R10iR-Sd@K1!g6 znoIZ)3VW9cX%!I}g(|lq^_o%M=4sLXO`wN8u2e`0h^AFa=?&Oi<5nj}7SpMZT0-m^ zv%~QYm#SLJcFfZ^@7%gvj_66JeitKz+vyg_BzHS8d*16ArACyVT8Y6PsM7A46mpPT zr<8l@)dXaiENG~A4|XFr5xe&2Wn4vA;s&zFsXhEqE)gB#W;Ii$oyKDiImU4hbz|$0 zY+Na1Sy)s~(`xCSAKKAM|Jg}&cgu|>On8=+`EIS1>9-UO(5$LNzP}{;h#;_h&UeSE zerG|L0`#){?(JHJ`G#F@dpp`EO!sUA&IDS1j+zxD>*~>=wD)(tRnq+!kLwV*66o_A zkf#Xz5peo0MfNXHHUs^_(=9^>pi$+D-_+1A3it9g>Z_AW}`yjn|&i- z^``&0qg~r!eFWyiT>{wd#1ZIk_rFKGDH;A}xGw?y?H)KpHO!A8d-{0-z@0(SxfW3+?4Le&K)ILA2+YAdVMRti>w z)}U^Xx^4x!odrjue59Mam^$vW1nNhqcwah?0jc_)H*%oQJ|JTWj1)2*HwmkGM0;fS<3-oOxfldq=k8b7jM4IvpXv?5==4r==dB2;y&ohCw2%N-xan_Fo z_++ulhD_vN|66w=wgx?@e4U0mvqC$-Vei;@=_yX%4e-x^|3J4Ir#0KvL56*+*7J$A zsP~F^o1#&=TPFCd`farN#D=@u$-^&z5w_j>Nq-GMPlG=x+N#AUn5e<@8_>^yk>6?X z`^=XbPPL4(#{GGAjQ7*w4mg9}sbrU2G8-gQ>{i_>nSVmv41ZI%%pH>1Dw&j9_jH%c z?eK5ymf0?u?UD)Hx-YwAcEEqATjn{*yd;^NTU$vEEUlN}zbKi$tKe^>#7DqVZEJMG zvrE0YZBFakaBXm^(9EMkv86+jkw?8h5!1*$EUtQa!|LS|BK(FDcel)BDKo-``!@z^ zLi&Q_J^+T>H1TGwW{E*=)aeg|_4npb)zv)kS-=?8)!V+*;Ok#E>WRf@eY;6^tcHCI zF#7OAxg+|HRm?BIZxPLQy#8htvmN|*K;Ic992FyzO(;_)S1Xf|4J_z8a7tk*M<@NW*QIeRZft**?%3fpHqhYZ*kaSLYNp*6`J7EOy(d9Kv%s ze)v~S&yQQm>r)&Nwv=ta&vK8bg{;zy9;z4cN6Ef_f-4U5^dOBH(~#o)_&6-Kl?>txLb~7 zGz&}d%mFI0p7E$t3s@~M4-(Dl^sG{q>;>Sb1EXxBJjY7$ zCGcl}(YDSx#}ZE@qK*rMgUdN((l-Kph-gPIJBSmezS{r3;Clh1-niCfWo7N#) zvkLYhTv)q`gz^g{G4!XE;o&5JN6kTH7|MV)!TXf>O;fky0O zL5~2&m}7KaVk~0Ojn6F#huHbnjBkT~v!dC2IKNmnegOU^Fm>!?l040wbO~)>K_P>y z9<(#ZT~PR8j>_E$V?c4#X$AWH2Bd?)L?L&8EF`d>kQ+gcA+Q`6xC|Y?qQq67T3_gb zDNTqUBS}+j8Y#v)EDl(nrLecV);VmqC@#5^ow(EYS|lDsNn^K&)A}1|R+Y~Yu&PYN zw2f?U&1zcH24VX5DQDO=Uhv$WR-@aP6qZbX(r+8fZbpdL zi;?pcx2Ysy=uB~pPQ)*=6eXNJA zw!nQEu1?daB#+}cCtBpW2)JX^OE%81*>kAVw;kDckUjOsvSIgj$2xsGVSftyy8q3N zY@F(}u7|JE@4JD3dfD%~1)bI%UCh@BXbyNK&&0^quc29WO&@<94Rlt;5tMB-N~!Fj zF*7==Lt(~xZO%`>iPxOy^xT1x>D?_eeWJ-s&zuK&QknWpRMT6iVbbW3`$~Ua5>{l@ zg`#THGc;2ctQhtk;xo=-jZkomy*|zO7yDWT$JFYLWQM*qR&Z=aGBfu)+$lK0US)Wv zxZ+A$M1%Xb(o!AHIGGte(qLU^#wWcL&dHEH%-z+{Y}yW^7e^XwLULw(wI921V_dUV zgXaugn#>bsbkGI~t0~RUMMlEX;LOqiu~?5VmdY)R)x-UjBz64}=0Ce*^$26l?mFl; zr|W!Kl`}`_>rh;kGk4&=%+NrvM{4e3Y!p<3&AsUyRs%qE zNx|IV=h6Uy=;DI8I&dc_=qR1566&W?s!Y#)fSM6Rmln)@^cLO?f$Bp`<_xO?dzE?zr&G zRy2Q%OG}bScxc&32wNa>^(pGeY4uW0^= z*OA1E<_~o(Q8<5^>q5ebSn@9Z6vU*uAoe&<`>1|lBs_%^m1nJ>EO#u7sJv+f)#WlZ z{+bBVT+pMhsyqHMk0NPF)8dOIlX6Nf8R0ljCF4bYl3CR$9exUe#ePze*$rCa#7jaX z=B+yDFehH>CpB0kOHW^kpcnGer91WpONCfA#pL6}(|%eBCM!~>Vp`nKqxGeIX&dp3 zpA@&H^n*2EK^U{GbnE~yTv1AXXllH$vV6pmrTVU5yxdPXnBQKi^>jQJiq1|Sus>Ku zh{fC<^GhEfU-7Cil?A1b*MU`sSZC>dQ^9IN;iaV{<-}`4Y+337@#^wvu1JwrE(qt* zHKk)t0Id&Y*O$I~DOk@CJ0o@9`Ctus(X&e*=m2dDnHx%X(23(sA$Do%oQ+`3dC^U& z)Hu*ydGy-S5~00A*{!7w7l5^d*tXJtR)F;hu{%mnI1sFFh~1r9E398$&3&bJ4gqZq z^Sr(EnL@DsA-0p+p$vH(}@*5Pyq6iek#IP|zc3C?R^;;^fOn!rc zSYPO6@*5PybX?42XLrf=cFN^9C_Km00kndcD!W{MgTix-QZBzi;dx^wdqU4VAzon< zQpq4HBxOiR&_hVtnr}LoFC^?J+2G1EKr+Uu2!fx1gl)IRiQi)Rcn$L^PE?dv+`q&* zHCrBWI-$8+gjL>aoS|-`n8mLllabHa-raPzd<(q`{5OxUMML_kxMSHDI8ZH6f zD4JRFSF>a*_|2l3-G9v}?r*^#0BYFV_-lhI?{KmY0Ys z%hNr*Lo`-x<#wN$ej3v2fiOGwRY>Hg;FpPJ*}1Plv~A!&7tOwMbYH7z4}sE_!g0hc4c8nMRO5Z z4fwhZy~f=ltkO2VmrU(P_;eziEJaqYhgOPzKltsUnfZrVHY3ai--u?7=`gFIanMEs z)%KfHOKnnH3ce7i{kc-V-F=SYulol|&%gv%j}mNiPm9Ps*CSg@J5Ta>k0^fw>c2zu zdjkIkdTv1ca<~nw!`Be4QHol!DB5&1N-mGcLHL7`@^sY60H$OlfuTUpcH~1P;SUQn z?tzjG5S=@uWNZ8$l+>?+xF6zsEB;cD^#s-mSqQR~z_mb=qBO6E@;2COK=b(^Wj-$z zK=US$c?4z(xe??H0&9ib0kWOIeL{W%Qj&=}F`!wyurmlu6r%UoD+pWw^m-M9o&SZD z!gZ9wpRlumcauR4+O(^8dar?T8;rL?hKi`Af{cmQdul$wx62hv%-)@OTJ{H8&sV9S zL3y0l2pUf~3}{8v=Xq7)g1D<9>uW7!!C3l-q#jzSGSuA1-d+4PxeUYLtD8 zG{ocvN~YD?PNlV{R%=_8*1=k>u~%7RZ?y(pZ4J8hGd1oSYghg0A`M~83TbaBR(I*o zN##bP4j4`$;OWBt_hAgw@;uVR)r1l4NqO|uI{}2dA@tSip70|I>z#nGCKIPk1);_8 zNDz06T21{pNFP%h?*fCwcPMpdy_(K~xN!#r)D_T@g!2G#TGCyCimpI?J}_84Q8HAC zUAxBp(Df!!;tcJ&|5D8Tm!VyEUW&Q%GPLWOOflDFocmby#+Id3;kPd^Fgdi)w2lW!Q~mho=5)eASpsjuM?cpQ)wq+s*9v5A+AR(e{Sz` z!i5t46tGD?fvnye7z-G9yPgW4lRj~kfV)-M2tXQ1bNykF3 zs*u&OTh|e;E?43C^&1%BON*0hBG`CVKk{0Ve9a7&S*4|kM?oSf?Y@?JhD1}zMIfo< zKjFkuhinGP7?Mm~PNA0uhLoh1Yy!y|l1}~Pryym9WOY7FiF*U%enq)aTI zjfHumPm8~g`ryVI8SNCv=uXm&1o!J@G#Jk_7W|STE(o@(Z3lN&%IK#(89k4xDhyVm zt|)kQF-8XkOR0?D>NzU7%hBcquP?{?;9m=Pj|h(5ojMB6+n<+#;9X>bU`D_yG??7N zY!Tca$Fx9uB)Q<`-KfYwU)QM&c9D8j@C;^F2hF{8vZVa0QQaB%dHh}mwP5lfWuVV- z%E0g@WuR#fW#G3|O)S_4BMO2+Bb0%Gw8=zp?O0{ts0qrzOxk%-P(*Vn4vrkE4D7Q^ z8R&zFUhoFve=7Kt!7&}Ye7G{u1SJ!^LX8B$pDC1VP==vp!2uLjc`%+9nhQoWDg$R7 zp$zJ4Z&6O@FY9syOZO5ZS0EQO`!#Upgf$Q*NMu^cnpmM zx2{lThGAALxH_fGJWfT%gAsJfL~w6~GIKH9!k~l_DhdkI%FH`ZN`eWKm6@qz+Y7dk zRw{UbMAAV8#`(b!=+6X=M=CRKP?Om}2b9W!)2OTR;7N?m1;ZKOD}tRTC^OeEV^jrC zQQOtQ(2>f_8b;jO;Pq)_Cipkc9>E#R1NFg~6iv@y2xDPG@EMYg!PrT7*@9^$tQLZo zmT(Z!$>lSCsTCE4OQ{q83nW>EJKL(p$jX)E;E0g!L6qkD;X8 zij`!@iBx=`Ke3A06b-u!yVFwfLsafb6UZksDHVU2+y(t57>pqSH)v{8VvT)O!0RZ; zSTJUx3b@xW74R{%fkZHl8l<^X0ENNnR8CRw9o*tz`vMj4C+H~+^mQ38SV!@vf>oU| zciMUt@F}E~33Lc62(DzT$p-(R^OOZ=OjQBL+Eu{%=2=DX1mViy2HI^^a4>DSI`}f7 z0=@@sZSZgGtPA!dGd+S~j1cv~MXOc7|2{?q{A=uQ3_h8q0^SYD=HL-Je6L{O8df+# zPlx$8n96w5C-`X}=J((#T7JL4p|!ULAD_&cA*l1&ZVz&6StbP4w9mGn^;Dd&!Esd7 z;9xC!h6Lv|=q-3MsSFER%Gj3+v~xWoc#XV_3=W^fXM%!n$?xdkWWr;DDKz1+!5vi9 zZh;GBTyXFdd^y3$L8`)|v428v$8nq<4H^%?V-_5UWJmCG%$*b*PB~8wCLN_W|hslHz(*b5l>~X ziv~U~cmNIagQ^j{Dg+Cuk-dYvDdByBU6kj7pnfUdv%sgx?-%SMmHmSqC+VI01~eZK zOs9Si41U__IE#YUD1px4=z7OFD7c13xj1O1lnxF?*Xd3C`Wd|A1C5^Sf5h%xSke!cCa7q{G8xcTEe-(7tM}yUU2ha+&u|S$Nmd~-_RZ|4C*M!i-ND{z#D>2 z^0G0grVK9*&dfT_CBe46xs(-LkDZqV5o+P`AehOEVekg!vnkjgd#(uXqJ?Y@7N#BN z%3#~kd@aSPilqiczNOz*{}NkMg9|lRS3g7EQbR24_)qtu!KRv%S2I$jv@4kEkc zRDVNiQZJN)3^1fV<&xRdKtq~RyHkRxHbYu!G~%=>6LTWlF|Yc~gJI4MGx06Oo|+eC z0*SpMZ%QKC33cyKVhas7wNE~q&rG0yq^2i-Pn%1XY~`^>ndWZ_g7Qku$Z0N&g#|Fv z3Lu%ffHt4nvr&hP2skX6ir_8=CsbKsbwxGcxt%Ssv`d&CZAdnyUBdJjLn>0*B}|Vsq$Z_Z!t`#2)Tgvdm~J6w{UkdBmg3DbL~s9$GtO1p&VS;=G2HYKH9!t|Wfsr;Fm(k@|o-_p|&o1M}wVS4}E z`EVAbv`d&?Sou@_EKF&aFnxfT)0xsPVfw(ri-@y?JGUT6l(E(7ZH0iiBqIb{mZg-cxdZ)HJociz}<2LHPM2j1x|}rMGs=Z z13*vpc!=ZGYt6W^V5~7QEo=6IMQ%nAM?`h<|a-w!mEooPP@`^ z$GHg=(ImvI$BC#Ncojktj_6UMgqjkUDWTuNxD{2uknX!c9wzXhbhjh< zF9<3K)9tpQXb_aCa9ll@1Rb{}`Kc7`2jdmuy(~q0f_zHgV<8hkip!%;0%%=8v;wAO zX+6;_rfFd@BUW<^o)52>!tG8~_BStqQwyg@o&&9Q1GK(*P12#W5o)*a!kXWTfTIWI zIqnoUbE+y$HQx_Q`T$n*lL+iC)9yp`4Q%bMc{QIMQlf_`nd-(L?NV|8arW<0vYNng zQu5sYrQ~%f(ZiHXbX$sPwr0si#JQkL$t?taCMBQzmy+hCG`->EwUu}>Pd!uzX31}~ z=)08DtOl-r+?f|xZ31iNt7r$SF`QuiSO-U}Q5?_0I!53Bp(Cp&*}#|I$~X_)IyQ$u z+HO?G-f3e{wu(<^S-*aQ>K~-_h`Y0&)+0}2`tN~3)`fSDQ4iiD7j>opgS9$wAGcBH zIPk+o(;~%vJgt%GdGLot(^|!SyhgNrDu@dV)-uO^ypL#4g8x=DEmqtoY_6SD$*D15 zu+}W@6SYcrC-^<0+eyk@wOVdPH||BFD{Fom0i8B@1uoU4Ls+V> z)ir9L$r(=T7YOLwn)TQjqHb)bmfUHy_4yRA>RN{ox_g1!W>MRm=GjD@0lRNEo9+Qk z-D6yywhA??^0c{m+G=RmGA1uT?xc{WVPcLuRBeREJWvhw$04{A!6gXZ+O1HQ+Pq+* z8W51R7=%jF@rSu4yO6h5|K+wn~02lE3bjGMfLOla$bgURo>9q0VLk zgF1{h@_uM5!Iz7+$HmBP^d)y0_(svR3+8U@DY<*We+dk=U#_?$8==9!0{%P@wwEid z4egC5crGxwL1|p+$)Yvjt3=z@4sA@$4GHHG0kC9I~~?)wHDV5IzTC z)>hi`Y>TLSo?_$C{0i=Xz;U-|{2OFzic|V)N%0P*y#a*d(JA9JE+p!rP81ko%cN6n zK@r)wuxUG5Y(exo0V%pUZ&o;~ZtNaN>4<9hdRoJ8YQi*YmxaQmZNQ~oitK;SGk{uXAx6RbAVEq6N-g+ka0BoWHjJeinFcZSyW-UQSKiLacmMwpLJP*Fyu3o_HEJ zT;?(goe{Po)pJ**XnEW8XLCV1=D=Z*8U`+Fe-?)q-ohJ_rGU zRVX+9>n_e z5VPHx*mX26+g!SP*Xg>BP2^cnHr@3mb$!jE!kKub$CxyU==CKNm8V<#Vs2%6Vqath zhigv^3@YLZVjYHx)c9#hT{lQh_W zl&)r4G-@ra^uN>W?`wU)j3#68sLm)*PS-8aemMZ}}n};iKABFSIzu5}s zy?!?lj>i&@iFEMK2|tn2K%0!c$usZpvv5=&=HOc*Qkvu^OBiOqAy}A<{hdFtI0X9` zM}m)Wd<4Zl#*yG-9R1)VV^V4#<487n7M61_Ik-d_w~uioM}%QH_mX2Q9GyTm3o8Pu z)QOgozrxDw1q$nn9EDZcD+rf{SJ-7$rXnuykvEQ^)b*~p7W=(jXoz}th266&>|TH9 zac?5eqSQWcNsa9q6+_aA>I!>NjTNGASJ;d1O2#9o))n^Ry9=b>$><7u@vn-+;NvqY zC}sn$iWA_YUBY{H;l23@=8_i*=7X1SqIs0ORAgcAR>ChA>%&ClRSN&PcokuNosf6J zuGlF&bKv5b_Jk9h0DeXn9(DYCQJOA!E_n^KOoLK*rBJC;B@!$7O3L4^6T4)G!tYqP z>(u4p1=!qam1-w2y)tW5Q8_WaT-BNAiOPxTRa98Zk`vRbs!*-jDNV0BY-LA6@WKO{ zzPATunVOUwAH}4?ljtmyvmJ!_dL)}NsmawsVor=V0UCy$(FfI))(%vAjxJY+I(dL4 zcV8pnb#^#7dKqTKP8raQjDO)R%n#|_$$t|$cQ9jlx+VF&a-BJWJf`~?63g5nq^}{# z%styc`WaG^Iar)lL(-W`h4eQho7pI_0ftm$j-p4T2O3h7*(s#Wkb0*gVg1)17@r>_ z>*hf9R%5Q~nFG}`2dcMO8Su=3>X`%8GY6_?4ph$^sGd1cy&pSJ{Rzoi(3+70)t{Kq z7K~FV2dcljA#$Krp4blFk;gfhAqT2IDftS*k(?Z;{^aE6AbiY49X@aGY4Ibda?gCH zp7~Ba^PPI;JN3+W>Y4AGN5Q_p;-p7~Ba^PPI3@3b`ZovMTRKaY=Kd&x83 zsb{`Z&wQtz`A$9aoqFaw^#+YlS2y3OXTDREl(imvd?cj}q%)HC0yXTDR8&k-G zb?KB-75e%tbNKoSi^!e%`aJXXdFJc$8tD~L&wPEJ`T9Kb^?By&^UT-h%{zf%(KBD4 zXTCnqe0`qz`aJXXdFJc$R&~;py=m(yPtSaPp85Jb^YwY=>+{Ul=f&FTVfN#F72Xqs zD?Rh|dFJc$%-84LLoclL%-83cug^1IpJ%>4&wPEJ`T9Kb^?By&^UT-hnXk|5>9Bj~ znXk_?U!P~bKF@r8p85Jb^YwY=>+{Ul=b5k1Ghd%)zCO=+{Ul=b5k1Ghd%)zCO=< zeV+OHJoEK==Iis!*XNn9&of`2XTCnqe0`qz`aJXXdFJc$%-83cug^1IpJ%>4&wPEJ z`T9Kb^?By&^UT-hnXk_?U!V8WPJDfy`TD%0>+$t@*A(OH^UT-hnXk_?U!P~bKF@r8 zp85Jb^YwY=>+{Ul=b5k1`|WyOS3L9edFJc$cCfZw;hC?`Ghd%)zCO=4&wPEJ`T9Kb^?By& z^UT-hnXk_?U!P~bKF@r8-s#wXfoHxx&wPEJ`T9Kb^?By&^UT-hnXk_?U!P~bKF@r8 zp85Jb^YwY=>+{Ul=Y_t$>hSh~&+P+kyVmITfzRy&n~`eS6!*D(AS70++Xp_k4U8_S=k|f2^)44-8#X zquU2Qw+|${zDBM(pW6q*&Zv{G&gb@liJo1f+Xp_k55(M1v!fRnw-1C}TBq9wKDQ4{ zbW>ew94NOB4868Sw-0=7A4qmRk`5KGo*i_{+)VkI@&9QB8VSh_~rqW4N>W>Stsm!)4w9-L+a&Rfjkq(xZ zLC@s7WZTIcz7?dwkVxiu#DYdE!dQm;{7%qhNHXIoPO~8;j=zdX^+CVnDyh3t8d|L| zxdVF}NPk0;nOVF%1p^F8XLRr_7-&d^b% zLt~~If-!#~2kGqc_u_!G`$X8xA!jNP}zVfn>hLmLFD=!;mNID~5dD&<~vKjfx z%f=W|k&&;wY^)(Q8Trb~b~B_tBVT!0yCF>(`O3>C7}AoFue@xcA*~tt%F8;+pU2L& zjC|!~le4dY49&<_UN+UN9+`PoR!=izY$h@TWP0(PWT8Ft2&?z9nHjyvbY$c!FWWQ4 zfbUGs$X8xAEBOZ6rex$RFPoE+e{E{!o&7-eE&VNGvorFQm+hbX4$gv%eC1^eD-(F8 z7G~rtFFU}@>CAjhe=Iw&@G;^n$;ek;wy3BTWNAje^0H2|ZCOUX^0LKAy{hJK)RZSG zRa^D)m6!GNddgRxj6Fqi$(R_nQk7jcz=^sOq^Er4$=Fv4%2%F@MX<@fyp=o0(+4?{ zF;%X8c`J9WQS8fGx%0xXeB%{W_J$vn(0=zMN`n*IU0SZJhgV%CQfc_vD{795=kYV3 zc=p*VZwYnodf{iU@(y&rjwV`P)ys9sWab3gI$;gyPNwbFZX}k`$9eLcWTv*W8!55D zC?7v5M^Ya|b0akj~qP=?<>An6Q)ihGEMcQn3jnmiaSc?$D$edxO`@k;*1Xzr6f$O-4aV@v{G^>7?RE0GYw>-rCgC2bQ;L+c>|xM zxZRGtfwr$a$;QeStdfQPLkP6FQ!v~%qtdCkHjOr0}h5;>B z2&YD^6!wR(kBIiMhtr}~0w+N@0qApWi{o576wik}l>_(OX!JdD)%P}77b9~a(C-0| zy9nF?v~D9p)lhs_i1n8fG|3qbXuY6uAD>JeJAkitXnPFxa1{ivs-Y7#KVCX2lh$sjHqJpA;ARu6iU4jEq2Pprx66A~jD!l;WCa!@wZ|la*A|G-F+bto39sL*wE~5+ABk?7A5x z^`>@C_WH;~Um)wh0BWv4Mj9J-5m0(ce>IWn-jb$Pt7#}qcxc+x4o$UchE}gi$RV_R z3Dg^tZS_WKJGWC;Zqxzwri(1`3gqoZK^QKg$;c9~QW-fO!eXFN2EEklsxHmBRii9- zsW({NopY;xH>h(Q?^T>jijf`BhGk^v0>b20HABVoXIeD}LA=eT+Po5IMl~l(6oo&& zw_{@_e+#@F4%6SLFQbb3@>O+h?nCp#5mRAT^x?aVxhiHktznD#aHLViyo)?;Rpw1G zABmKxm``={oXY@P%ts@pn58{#oQY)#askFT{M;Tu}D{y z^)2w{fqLV09=F8ly|@?#)En>fgpK_?gvUiRRr6%TRL!W~oGSx;?vxvNDiZxQjrJ;p zyF{FCiKQa`qmSpj4D|O@{+~rkwC*s+a;8`9iv+!D_r|`aCq5l%t4eFjgB&hkd(|@$ z)2nWVaG{8%SN%L?b~I0NrwB(LkMzIx~s$onJFRqg4gzl2;>#Z@ez z;&G6p3CseV^0v(CZZR?RJ6YEJek7_zeZ@#v7a??kV)X;LiNFm)`hYw_U=L7vB*=>d zehmz~rjGR>itv{!QFUS@Q!lruxC`=M;r|72nvN#M9)x_vGD)d&Aq2k~mSE7yV0FZ< zJcU3XNIgV$2Fm&lQW<yrHwnBBlxH^JZ>e@ZhsbY% z>h32IFNY~nMJ=pD$b1b{^Z?1P;~peX(GH|1f$l&?Ssvbh*LDDAG(+Nx!BGtb`gwf5)drxywoXz&`ctIT+nLrTc+Mq?4Mc8SOfnbKS7eQ}Cq~bIvZaoieAXBjvqy(fG7%~q8`~8%rUr1dIKqC&$t=G5` zZE~ubcwo|JG?`}^9Dq}eL3PgHVa^SiPQ#52>3-Z9crL~@nGVDkHkH+hUiP*gWc4b@ zjig!*3>K&IW+fq}nf=-ZAi%;8jYjg4gIcR|ZBL zIky6X#i{%l%3ENs1C?KaF_55 zgT)zE1BJ&YH&zZIuo?0OVAyy=-Lk227J)mV+yqn}2l76FcZ8e_lF^Ua1{uBqq-zcC zL#FW&>AKD`rTdH&JXxqUu|?=fb@& zh`mll@^Z#*lfYWi?@N_wlJHDIz^N&~&bC9V=^6wYng~crGl+FE=Fq3&bB4Y#xK233#A?!Q*)EpBd*|DxP$7_&_`+H6vkcJGFSmj?~kAXD|X#OWi z7HMq-*#cB%Rq*K|0>2be4B`&(oUcHJbpzqilTDR11g1fq1XNvA%ixcK=P_vYx&f*L zq?GS5Cd!WCy~;%R9Aw5lj1N=!VbVRuR` zA&Uomfe!W@TKJSLzm%J)btHQpfr@uvZ6v0h17y zGqjOM*Zi7d=SCvCyOGa-z`7dYD}jo?g4|EwULo&;{DQ#GfrihB{X5Dl^EI8CXWuZ_ zNb~?zAoVNjrM^j3(1F2ERUp-G6ZtJ^lj<)Bd@e+)vj^ewfQEC48LBp&%dIn-r(!F& zkgWQ41^SeV)gJgC!5?e*L8te3JcqBZ+7C|y#e&qhZa-cVOM;4Yrj5k= z-pt4qM4Jj%ExRKT&8b-i?K5aqR|HX?NHCQjW5M#jPSx88Xrb_m74UZ)P*%3n2%`Qe zmD;c`pi(d^7Z~V#=)59=-(rl)ogDFx)Q}_t?M#K00meWZ3Dg5s%Mg`;wjdT7=t^kD zK&zJFz`ljM*m5;&IW@&pj@UKx31s&t@EJKbF6&?z(;11ob|#a;Sf$dJshaBZexoNG zczN~f78q?&@e9i^GXbZnYk9=!2K6sNvN;`HISc$M?*V4Y%5#9U#mqpeO;3|`W=%$_ z(MXksQp=IjLa}!swPQC`y&GaR35++y>8|2eT^?K)^Oo_`pcebYtF6%ftl$L=t&mw;{S>$N^z6126RHn7dRB+@_Gyh|b@O!Jx+ zT^h+#i`sTuX4`F|7FCm;XD#Ngh(x5tnVgQY@*hFAN0r@$%;1RGO?EX1ThkgGX^?4I zr9-XKNu6&-c38yh^;ydp9<9Q^P@|#Js%ePSCDrt^YMfE~wA4N1+BCJ_WQ7m8 zjYgQOSpRfQB9nCZ3KG+{^rVv&?VoO2m3Gn#vklV4Am`oz!sitXa`ixvZ{2o!5X9#H zJJ+nxC$-Fl^KZ9AXO3gEE&3nVtkP{+{^RDTQja)KMX8Rs&XK=VxBJYEyPELZJbvc( zOBU$wR~%Y=r`c?|9XB?1qjB|MfJWY$nnsMFvpABdR5Y-G1A1R z9VQXg=6Fd^2{)Y$XQ`W|IJWkWw^^QKc7u<1%|^+jr`Wr2H@Jn95SwJ4{l3XH+n)Al zMdYbE-*Afb5ZTe7=A@29qMcL?uSqWjjH z?Q_;GzecVH#4bR6r-ew&aPxFrJqE%^pr3J^Gu#ThDd+SvzH_GA+3wi|n{>0>-j|}D zO}hSOFMf_|HsiVfVisL}*fiN(7ysOi>~ttoFhbwuDb}_1~l{| zX1M5LS5K33N81Q)GyZ2T%qvm08PF_B^CvS`(o%zEvX&a_^(V@Xpi{FI@nF|ft|jX0 zD5UPxyUA5yP;))$YW#P1X~Au4uF%%pZ^_MbfUUVgTXU0!LJ*jmE3!5B6@wZ#D;rL6mZHnGe~SFhHHLJf|YJ0UQMivVAUa1 zBSAB{-e*+rmg*WeGFd{JT#rFuG+-vz^9jroqRI7Y0xJQhY9UcIYgzZQZ%%ntBs) zZudr+dfjx><=!k)kDF;WYTq*Zv@=&6w~|-&neE=0X5#X;aqmaeDvh}7I3a(DcSVdpSOaSn zVEn;F1TGLFe{d6l8vyEjBhjYQf~(L+!-od}K|``@rjN>)cHA-5skw!jThQlqU^H)* zJor!Iu6B}Vm;(P~unK(i(dt6Cbb66yaHc&fsS9i)y(Y=UOZjl|14G#}Z|>nGK&*t?*B&mB&;wQU7A{KEMBcNG&yyo=rr$ z9KmCZp)D;}_yZ!m8$`mWru_(m@t!D>HF%ngPUj^G5C)iu)Vzo0gPc(8X~sGI4fJ~_ z)V8QC<~<}eBq#>q?8f|&Gdu7-`ZX;(_Bcd;jjW2Ji6o3u?n`jnZl z$wyxkcII`MM~wExp60#NbtLPx?{9ULma{>BX(#X3(#4AbE*)+{x<2k-I_}qGYPvkU zf9X_J5mo&%f(sVvR!L-tIc@i3(bLT(8B3V1w@U1<>A&6twEKBq>Hiq3vpv!@nb73Am)aiy;aJ|a8-(IhZ_NUuWL!F-d|N3e~@4vnp z(fj_Z5xvB#5&f%a+u%-Amcr&Gh`xOZVy6EvlxX7H=)>rJ;kVJJz;SZ)d|SqV>>Y}j zv#dMFK!YT{jV?~&+vq|P-$oab_%^zb#JACfB)*LS&p7>%UEdN1(T!a+cFkKFCk9w zE||=$_KzT!_HFb`e;NXrz8G<}q4JeShv#3WKLNyi8$Husr=Xs1%kpJ$|k>! zeix)nUyU7p8(oy}+vp~&=iQ?AT`=)aV7>1KVTDA#pGtYZgp!`Di_ z&u|i{EX?yHSq@t*v$KUMV^u*pG{mjj)ocWs& z=wBFt;p9wlK?W2lcYcw!3?c)Ko@ma(```>}AED32iWW1;jSSAdnJ5K0--t8BAjL(i z);p1*CS2-dU5T1ZUr86=bu?9EURN1el-Y=qwjT~5cH6EL#clh$NvLSsCZ7?C843E_ zw=-4txJ^(0v;V7cK)AnQJ=7Y}_ zElQKP@AUc`v`ygaf%ct<<-TXi^keW{qG>MWzSm8eehB;lpab8YIcUoCJlHRRj-O*w zbIF`junO@HGP6)y7R$rwjfM-9ML?Pf3J;*Txjsm*uCc&=e$bib} zb}Lza9g3@;s4Dd@k*Ac6r(kSGegjaZh3*Xmt_Pg%GnM7l&MSy@W%OUiaC8vT@sv$C zV<7EoTUiZ2Tk~7;duDF#OQr#@XbRrMv#TyEY`~W)6n=yR9t3OyzBEMf-voahD3t}f zFO5@U{S*9az&6YQW5^xGAOomjUNH?*3sw!7hS^J^&cV}A@ml7MnL)#hg*yr`4Rbt! zC4g<11IR}XN&fY$9%Ril%qH0DC9j6Li@xt&0pwdh z#pJ@hJyTaCOefig#FKz&i}wk<2RPkSz*fc4PmAK*nR&0`sH1$1$d`(v_9z(7Q8ZxM zqc?$`Lew5Z2n-UU_LxfGNWe735(0~bsE=$Suny>QBT0pQq}#E%*q}0?pPtIV6PfQT z1E;{)i}-^;8sc>P8`{1_++8LEdNTWO*~tF~;-8RxALt}T=Ug;&n7}u}fX?ke77#c} zNDq(;2y7Kn3vxe!>xB#fX`IMe1kigNNatz%YyevW7*k(1klb!p%BN?YL&|;RgG{yF zfyixu)A0qGVkL6!Zpp3n9#RfJg7{O|PXJ|ag1k!LfaLr3MRql6UPKPN^ma_nq=wvn zPWe4>)c1Rg$7Cgv#-;_;>dz`m`Z2Bkv#jpag=zKA(Eh2ClWS}fWT-~*HzL>|G(Z=doX7tpoUcrvhvd$WDYQK=o z3D%{3K3Cy(%1;fQ?nFbaS#%Pc<|oEPbt>PH_ySuty_UhIx1dq!IVH=)ofnnpmv|8j z8831-V%Ceyt5X#mMWxPC#g?p>_$(v-X+r$1g!rr~iEl!5y~OL@p@X=SGY=rjiUZ9R zEUvBQ$vu^U+Y!3~=z9?r9(-=ohnlw5}5;Dwv(Ta;C=v>?vF*{*%y6eM6%v%GLm}HM~3~tRz}JPwxYFF zvabyLB7gHPkLb?!(;=C6c|@=2sPgkJ51))V(K{t;Kj&o#yi^HFc9#DHfBaubL_g-O z57}+oG3|BCn;x=DOBX7vH$7x`DD9>2y%=+L#}ZSVe~B=Y2}gEklb;+vr#>W?=wxa6E< z5R$o8F>h+4n5&}Mux!p&2QiJBH9^cjvN4#mF^u`TV%DFa3|TmU8m4C0Ao3~MORALXudrVHk$9S!f{i9cN&BY4nf#Em9<@N-;QSyE_h%94Oe7lbZs=5 zyj@l3cn?9&U0k{bkqo=Oi~Zq#B)zTCUqZ`QclEYKt+ao)w7y1f@-8ZPgK(Dr4!?ze z=SQEy;XUs9(X7#leT-OvcU82JKAg|$%-d-XFXN9W{*Ut{>c@MKn0JdFTjP6bM`L^5 zZCSSvKj!$->II8f=HVo!SwgXT#IXd5_7O0t^4yzU#GYuRR!T}bwk4#JqOoxG`V`Fk zVD&1t6AxCeDu*8rRNPA}k0E}ES-6&%g=>jfxR%(3YivJVWM`~C z`VpQiu3M3@#w^vS6W6X$Y(TcUvme*4QEZ?=qH*1dj5Qe~7T2xF*dT)x#C0n&HrOD= zaoviH4KYY*T(=@)Lk&_E*R9CdFoSfB>sDl}*&sdRx)m84X^_5g-HMEjGDuZiw<2RL zCEtN(VER_1ibt^J9-sHL|u3M3@2?iM&*R9Cd#9aC7=D2o^Vn-A%1ZjzD z*C=*m{>dO?sDm!sQ7h=O^xeTWbEj6`c&53c!tF0 zx32}6AJ?tO*fAzM3*(1mg2!g74O`=dLV{b7aqSw#7Mi>*k89T`wkX;k1;MSzcvgG0 zRXg2^j8*29>Q-cye~1ES`C_z}dsV(VsAWa{3|^^ygRuE#m3@P71tLavOeovO={Tbs z-BH3ZXvD@c=@+lH`!K^OSifu9pk=@0C0Q+mCPC!S6wX z6vSV|4*mBHQWpPBBgh9PJ?_=rPt^8L5Ix2u*fe?E@xO)G`Ig;GAWDiv&+sLUWv(t4uOt-eH67VBsPS>U4*PDiLT|Rnsn()Q| zXTkbc5_bCsxJ$8aLBV9VDf&(}Mzv@)xA6uQe@fVis|wx0rGE$UB>H%mCmHHv>R%yuZ>OVK}Anb5*2K-4CIyEPlNzVYG3VUE_Tv zHYWeyaC*iY#2ITiedDuKxCz<5+A=;x3MLwDb@9_BHpw9U;u*@@G$Ym&Um(tO!xAmbfhRohL4_dg&PS^l5QuWTpFSF>c98B><|99x$E zEZ)8Qz2q(GPKZQ@ps&XXt-P9gVkBRP(_`_;th6RYOu9ai^>O6(zk)LdwlN~l{JKuh zKd6Y?z2cE@GQ0zSV`HUAhIM^Lu_CxvK<~}r{`DDyOi=IGzCL4=nLlNjeD^vR5WN<(CIc9Jh|gmFnv_4b1*eogPU-uT%Rel7CG|vP%83KOR}>>W3s%^bRYO zcE$j{gpT%?m0UhZ+o`Y48h2&J zST*hd(_E)!6v_$*nig4QTf}L4T(!T?j~9%OI5Qc<++9}|TNB#n50s{9l%_vW{xdc2 z(|$+s+fCyFkBED3hxm+NBF)c1d=Tin{Pg7_cGG~jY&w@Jfy%38GB5hZon*5O^A$vy z)=R!It!E*f4OHr_Htx&5F|Coa*zN%;b1s2+z>jLQx){P5phDf}72i1b3A4Go1Poe9 z?Jmk^Kj=8ejb)TwM_!+Tz6YqhM5Y+e=qO9hox@cCpmOUu5c4u})HA9fl#6&sMa|F1 zz6GavB7|0;`rm^bXA7rF?j5Az_RPp%$9l9TpDE0}u)RAv_Cb zA3(D&g!e~CcMwx{czV$6m|-LDTK06OU%mdWVLdNhGM&b~1TN~&^X`d=PUC)P zYV}VOG;2dB(|6=$)pVl9w}Yq-wPMqBh8zlLjW11dJ^ILZQ(R-hp(y`lgdx6ni~;Nn;ex8pt1wnssv4K zvYuurCgCgEV!bIG(?CO;;7HF;EXVZz#%0vIh>s-1oyLtpTfCE?{a}M%6hzhAK7#hB z{WPG3?NcvH-Ab2t^~0d(xbONo6*QPJ*~_S^BLQ2#RTRqoSVsS$pW7-KxxM0}`K~8m z>bIOgAE2QLS>yJqPsDeuqiF6rwajv$f!eLeYQRgj#Rjrf ze|#sJh}^sS>8p%>^soDaviNHo7Yd|h1umh;R7M+UgZC5_-^&*Xm ztmA__VBaSBdq93l;0d6%AF|)iN9}mXYLKu78@Et#>YH;>r*jUPcfc_==>(7xBd zPoe$QuNw~`CuLV8@alV=I*Bk=@sC-%Z8|UXr*)#}KfDw;81aY44eoCfC z3>^!y)^}$f$;W#yWwx*vs`)VvcCuf(w*=R76P%?)ZUvg}0og#{3}B?3vf@PUz*Tt} zZoYBGSHrpzz#Hq83i}ao_sN${@w4^HjhgLH??d1&pyoV~0|fR1qa@a>&)WPQ>~BEx zogjtmj1>T*9|74%W@%KX5lzjHLg)jh7ts7H$Or;M0Hy@Z%dfc* z>T>ue0yUdK&L*%07_$nbS@&PA1G^HaJxIjf^Z}fMzt(BM^l|Sh@|P-+ekM!p0zdb` zc9cp}rvt>>4>*l?z?QfDB`kR+Mx#d6vpUs#hQ?hx^)@lKz|f>60|Qd`lIxom*)dse zP%~{a?lydjlqT4&^*6wn zW3}HTb3Azgx6^@gv#74|`zg-55MBZ*&0M+8&TL05>rSZ{6Z zVhHB|)x}iiLUQ9YG1Rz?epY{!*XYH#ufpCB)Jy>JkK?IsA;Un%f(!*}dV%a9a6T}4 z7Rc)=7g^TV1;)*WQ0p8WRs&TDJ~_ z*P=b=UgOn$KKINfnEM*yauA<;$%XLeo>>SFJXSvF3(xET3^a$IU)uKzjUQ<4|9s== zHN(z8bN?qma9zKb{&&2%E2l2q?|8{Y^E;kdH20>jzw33={J*!U_jkR%MwfA)2R*aq zaGKUi)vI2-U`)iBN>c7FIe0bwt6o1f{o7RH0l+l!(H z2G}LdZ>;*;AlwL;c}Z7NaPOcZ-QRd^^vPa9&~zni;}0 zd_o8MNfo@vbJFvMm-(6WR6^~%n8&C9XXtqNns4YsPBfjFVh))b5S^xu8WVPV@qJKs z8e2b(NrVc#+v~3aFGb5-z!Z45H(Uk&CHPaKQQ!x>E-G-emBaw+cptQlJq5x@pyG7L z-Q%^F=0`y90_;lQVb3h<@|JMK3E0|t#MV|hgl;05MeC#15Eer?2GE*euV=jUrJxrB z6SQVHq>6ah%m19xj?r?#R`zF<&MCk@xQ~00L1jT@-%hNX0aMxg2|NeXev52a*&6fB z+lq*Jw#IkWVKcQ*S=XKaOY^(g} zUG&MFL^sn3Yfim2ZMe&tk^1D_)_j~{->K(aM+8k`72!H>sO--~xXv3RyHkW+Ho`#D zZ+~n}WjNMwgSCc9Y=Z7V(>%U3fN$^X6W-N{0Y@f1&okQ^YpKbT0Atcedj(RxAN*O- zNMgSA6UE0fnF6dyALHf8Ut9v=0-$0A!v_YP8{bID3J=z@YK# z*d*)5R+<@MmV5b{1@(Z_4ygQM5=vKi=8)u62rESV?rK9c#kmr~rNE%MXRv+T1wF>m zZuHE}$7kT|1FXY^sP{ZJH1X(dBZH^y5;Lb_u-nOnyTxOY6LC^Ovincz{5bpv&h7kT+!cVsjYTnztA$<%9GV5`*V$9U-jkj>=?lGzH>=BvR6rW@?r~=w0hs!u(trF7hX-^N??@4OfS3#>@L9c!siM6 z5-`0`>aspVF3}6Wfb}`RzsC7+)#$58N4CZoQM)Ce1vpYqQk$j^1X8L|z5ht|jfphw z4$SYd1fP))EwbVd5;V;>)yZZs{l{=K*e~hfI*oM*O8M6bL1*aXfR>BDCL3lJR2!XP z^Qtl4v}Tr{O)E9+mn)v`#TPOYSSVB5rF1obOt%9_!6}}T377$7y4Ul{yDY zQmJda;o5PSiM|$~{AA4;YrT9@cAkOoxQJ$`srAZ4bWY_J8Y0fNl6^!hhu94`(u|08 zHabrnPchT+I}cM+v?KO>%dgy(hXP2H)lz76}gfK#tBFGt4HPboQaM|t^^ zksDJEr>2ab>{XtV0XWqXeiOM!Up2-UFaJy_lwc+NK7ffZjldC!2(eK_XjX*rUjBVy zgjMiQ2_sxh;BrMU*=aTr_+gsOaio|3VHoK#WF8J9y+h!4iqyD=EU9h3K~8;+v?gvL zep-9;;Yd|nd9W;#j~Xy{jG=TYKpDc??#2AWncunnmBT0yXuo2!;8u=AdQ=6Iluo#Hr6qs3Yu zi65Y!E~MMIyY!J3S>*bN*_+B*%|1UxHvMpYWU%Rn&}IVV<5ax$5p(W&9)vT1%3r7$ z8zbhB^BoAk5wU|T|ICP)w-v2nasX&=Xj8--PxTWD*psNuk?4n1$gL1o0fTlk>VCxL zv?hdqigeP1Fmo;De>xFNaXyaZD8dmC#{ruA{W)SzJI(}M3sjC)R{tC^`%4c&xD%+> zh__`n)_RZ>P~GiCQZb|5*RcN%IJHm0S7WG^O-GZ-6|&m`HoO7^=*mlhP&TnP0T*hd2#VZv9k$HGb` z&5%%gPryl|I@R)Q#ZuZ=O3#aAUn8a3=2?%zl~P)-g~DEBBKp}v?%anW-qjVz{S?j< z$UFwrJOFZlz)M1I1Nj4i4}s?AK)xk#NXTzMI-kK)xPWn*((12N@;~<44v|_7_9I{q z1B}z0Nnkoq`y8^N(+tn)7{U*tb2}Ou--bVlL2fQ;R8kFD(OH(ZEXJJcQr zu8bW-PRlsG+a$DvWG2jj?KF0sV|UN*|8GJ%!W^;^DQ)yMUO_;)di5}ICKGT}O@BX( z6IRoH_$qQHv2AXg#!sQCBsB?IN;M@*Qu}QXH;Cu-*`=;}RK)nfSaa}g;a#7jMtKLdy)mZ2H8@Ei(^+M?9 z0meW2!{w+nn*YY_`qyeIOsj#%VebW;#>pchj@l*@9ibuWt!lL!VW6O4TNVuf5`j)on%HOUgbc;ic9Oe}$s|0c;BGBT-dq z^_dWW#*IM=`eJ98HPhE?cL$s_s&%YYy0%)XO8BLl^LJtz$J&a%X27X`oGRH%1|#}0 z*0s;g8cX48UVt-T6YsFS&m8EzXQGAL3Dz=z3WpndP9h%x} z{0N%rboJr&+IT3){KY989=>sE50Qj=H>J`RzD_E!*c)VT6RpKA!(v5rcimcNEq0=7 zHg|6(Bi8}OVkf$0llS-FZvd6+?Y7dF2Do)VrP*u_h!Y`<1?-u~9^yvy6H^AKu_vK3k+tyG0Om~OVgeTm(V56C z1a1V(*~s$*o&{?6p&&dPS!2&edcCI_h}jx&ht@N}!nwp;<6Ja(%ClW(_=yT;Ylb%b zWCcwp*CAcL?S*!e?7yv3PTBLc=cz%`F;IOB)2 zb34rKt}JLfe-3nwRz3 z!bLd1z7pqC)Ad`y=Zi*>J~cgm7uZgq;aN1#!7>_OC!oWGXGuWDk1;eJf~Jo6QG%BA z-db?>pz#MZiz&c|@ZJID$y}dBNo4LSv^*O9c_ST8Z*eI+ zi_LCelo-v=Kp6=(1ZaK{WF>(Ug}e!J3xQoiJ_PxQz?(w;2GVji<_VaomBS?i??$Cl z;^uxy@r(y}9`;j!Gg=M51(~6=LnHZUZUdq09F7Qpk!GR^*WD`(wQe`#L?^%+2XL10 zFVZ^zPhU7}=IhtavC!v>ceD)VV^}AMRSR+kvPl_+bEOJ>aKVa zx1aVBWDNHNLPnsc5$KyLz{_*g>}M3JdH2ob)vKi8?)nikh8bp!b4G)fIA4>kzX9{j z2ccnb7=rzzB%*T&_{9RfKL(4JZZbJ>kAmsRp6HZGqJi&MM~!luop!!X0+MZ zUx)K(5a1X?yWYJBD?j!k=E%(i?2mGGQRZ*4$eQb63`V*Muwu(3W_~1gS>|`4*c3#L zkXYkEigyYXRzgPQb9w%ex0z37`bpf4Fe)rV71vk?Z7Z}137VwMt|tAdac;m~_QULT zu+`Hx25kCm!%k>&6nK(flGg>^ZZf(eKC?OEoNFpwTd?vXEBa}}VJUfD1T0*-0++U8 z^skVK>{xwV=k1$_cS??~w?uX(|>ezgo7+0mj4|?bTXok6vdTbx5 z{x>SV1{NCC$2Lf{J8f_+eJ4gFr+F3l!t9!62qS;Qvzovt5t}DMxf1MRfPYI?F6Fxx z?QIR{FnPAwbZKvQYZm{WnUlZLT-EV(*xxF9_E+{-g}0u+mhh=@<+Sx5eH89w!urI5 zf0}u&bUaSfKf`>jiu2%iHo`cjtupKBvEA7#SM!MfF|{JJE~V-GV}=+FofaxQLE)v^ zdhi#RM}?i^KfIR1vSwG~n)iEY&^Of~&`%XUSz)6=-&803D)i%=#Zykh9@ZC`XysJE zY~8?&tgq8^u(Qn#qYdr$A=+v#7;WfoGNkM8k&UI2Z;i^JHulx^3rtj^iz_aL)U`yZ zd9$Q*6=>zJK<99+vAfN1uii((Uf{Z`knr@wCJ1=BHbKyYb9H*@xj=8G+wE$}=tnX$ z-O+(eo@DN1dge`X+iJk{bf6)bN$wcQ4CvMZakAS+Oh#?*NY@-c4g3vjY4&2x_Jz~y z*JRZj5vY)Bmx>YYsHBQ!H!oB%DpkekP{p5dE#4rv`$%GY`jLu3HW!pe7w3BYz8$=N zZr3G}(T`;Mxy?aobfK@8F7$bfC)*^WAIa3(te{6%_j={!!t-2fdzz_A#&ZWq&pxj_=M%@ELprK`di+eCGZ|;`=Q!Jn;GIg67Z(iLVUpTP7Zhv1iYq379S1W zG|Bhm%1vL$Y-rhsB4_cRF#61D%e^bXtsZK*f1V4sZ@1}4de0@eeTP}DZqH`+=ph^S z^ek(uZqH`+sFS#}tQ7ZofGs~-fU!(RykqoavHj7r#?8a|c@gjM0?<4GCwzQq9IP<_u3t=z;?6QX z$X*3@qsf|{^{dhMZjME69#Hcc$QA+{h3J|18wvavIN>`G{C%}t!d5i6D@n{7(PeJ}k;1E!I5h|~+zS?Y<=r~+^6*?7j zn0K1PF@`axahbA@WGm@vT45d&u)8{u9Sfa?eeli5vrG@u&E<%EuPLnAacG6qW-H%i z0mhsHVt$%866z1B7HB>nWD$X50rQ;Hjp%UoW7^{yKld#aSsQ3O5xER-8pKu=H|{5( z4Ug~AvbPq_X8}i7nv)q{$1KSS9!pJ9&mhao^t8@YwqLiH{I?rUqVGd`nFOB(YCZ+2 z*~a1>sL}qLGx6C# zI-pWeO-t&S9c?!S)n$>ItOg#(ARnIsxi+}aeykwc-`;`yby%~5EZU0I;O*lP!bKegx_S-A_ zp1sG<8JfMazZAjDnUb~_?lTwI@Smw*6zD>~XD{@7_CkN8$9Q5?lqiMBoQ;HQtHvrk z>LkK-HFqn%z33l#nbA9QXM0pRk=~4Cnb&l@oN$((;VYSF_N)Bn>_^GYtorBz28>)? zAkJ#cYJ%b9>H=}rfb9K*{oG~UK?WKmnyU-MSxp9s<>~@))*yov~@))-Z!~&D90stY(As%+&?rtdR!ko2v`NS)&Y6mFv#|X(?Gp zKI?LIfjDby@g|Udxw=4{HQwa9DfczydV)cQ=0+xiOw2{tY0lLJ;;bVIj{s@O)dk|L zBlFJy8JnvM#933K=b~*~t}YN~P0POmWPI))=7Ag)e+sdwxw=4{b#%KM;LOd{1>&sv z?e7AapQ{VRS;v^{EX+LwDeKtm=ZVvrTPS1!FQcT#=jsA+)H=|we=9*F zyDyaO;}qxuarU;n{g7yXehYMgIQs%aDbNMt>Z z@;lm|0@=y$qOT)5k*D$5k&U$?MNXlHBWKneq43@w{A|+pf)lxt^_4KQ@bQS3H7WzxW~2%_!cd4p;mD<5O1gD|xhS@r;gC zaq(Kz{yM6<>w6yyAnWkk8_O%q6YjlSfnS#TOn;H5LB}nWEy! zMI>81wl5D96+ec{DJj;zVY}knhOrx4d^ugOeer%$?@;_IRot<-7hSH*TEg?>+gMG$ z(>5r~3;CIUhg$N+9!kRmsALNsjepI>oe4ypcFkmCYP5i_lK+CtmFo2q1$>qK0dza< z*=8%?tK>rbQhk-YfUlAZi55h`zDh1$-_lp<5CwddTv%19J}6(nSIK`0R#&PI$`|lea$!xS`Ye0_UnQ4h zbE&>cUcgt$g|(FGtKuU*^8l69DVp05wsB$i%z0F8@dI7d zx|>I+b^nMp_{D!2q`LXCfU4^FYFi?@9ebb5pGe0yXf*`R8=_{erCS$tjGqXpYstH9 z_yb;Y!+I0wT2ihag`$%2XPLkjr|kX7#4DVXe>LfL(#o~)2;)3DEp2rQk2Kz*)0)Nx zr*KN_8j8_r&47MR;ndizgn9oWwp%#OQ=W55P9v$p8POL&a`j^K!dWJUz2;sxyFe*K zog#blUlv_dpZOWIVsrDq*xdXtwm1Jh`$muq&19Xk?0t>?N_aLit-|6!12?CTz#3@?OZ_7o#Ncb7)#wQnaW!!85J=n z{sJ5f%GyNjplxX*|@!po>=ZoCD+Fw1t`6l ztY-KV$w`k<;>6tyrFY|T;g(WnHg~{ITO>}U!p|`4dJ5>Z;dmq7DDgi+I0*D+GdSNh z%F8a~jvLV1TmsK`vn6*Dgasm+Ejm7{F5;sQ9u`qArY3rkhzB4%5A<1wx&DbV_5B$= z+bwdlW&G|%?2p6ktJ-&q-2#=m1>#Vk{8KW2HCc5ko+Na7TaLA1SMpeq=D+0yiz3e1 z5GnU#l)LJW((zAI>=xwb!*O>hezl7I&l;8bN%ZakYAE2hrhMOleIbe|%D1L?qb_Ei z3e=dAd}~T~H25r_b}9v_Gx`0G$?gRZe*~1T4zugjzoM+XXa)q$#GW%*nHN`9px3CB z4-(}*pl+XJU(Wi527Dd-08pcMR=6*l>)?mL|1O%z-^=E041F%)5h9?*w8_gIRM9iR zrvi1)N#6ludTYQ}iT0A}{6Gg;-UZ-WMf+5=SF+U8ZU?_!v|ow#solc+K#Jn|; zy*Kidz59^42WXNMb*}8akvAPFn>{OKv-d_`O7`B!t3&7)M12|0ts70m{;NVmv^WNcrQ; z#RP1He4MFjvnhX^nUeCynIjQ;p4iU;{RgA2YCi3?P$_?$Ip7!w@56Zy7%&aw8vNM^`$D6VAFT%+R9 zn5_I6uGcu%6&nIf-;e^~L$65-P?caV-)L5*I1A zzLJyS7N>kB^xL6VEF`dpzyT}ZHIL}&RBVAbhT?y1iR?BJjsC4>Ih|kgSZw)0q~!T4 zR9vN6NE9Vf=alZ1*;jMi1`Oz?4np80A#Fj< zBXAZl>LcRqqgvIvs{3hfof;s@Dq-+5)JyR(a@Ep1E&77={srQ##JpLm-UIn5fyacr z2J!)cgFvmKjQj@5Kf%5R%Inbd0x7Y?mEsmD)(^Si;oxX@W~xScubn(Z4jARb2n-S; z<%{fo~N7hTF>fy)8?E*|a>>===5Y@x;1fBy%T|~UF z9?pm+EDr=df$}Z&5>6_z3&n89jQ|NensF5A<~=6L^&H6)kM5d?^-{pcPJ+P zC3XKMHSz`eRR6O2pa<{`$xTkh0W$Rw0;Pq?2IBjQ^bPu$c4!%RD|}Lr(6BTi`e3Ti zT!cPDXuc7erY@S=%kF?}df9UX)XUDb%B(Ti-nfS8_JL6Dvq0|NAkpyoJN!A(vk3FDWUv?r#?F@I3*NeLU2lGG;~_Xg5a153Qr1735|-$ z`jmz@#5Ec;Fi+5TUIM}dedmR++|>kqv4yaSHC`W;iSSXG6HS@~hntXQypc=CnbehH zb@?ymQU zJ3wzr=uT(o3`{u|qgRSAKuLBKguj(jI=v(CiR3SdAjq>0372Br=MnI@sn)Cn)m zoFZH8w6%V8C66%(Mp?366G<7 zogwmX<~A6D!VR&RtIF6226B7FXQu2N&k8qui`np<6@C>Y##cdR4((560EMlw+2LnU z+BviCtFl|oeA_E;X84_wwtp^|8GdS{WLW;pRZB<>C|nVn6K+_~98EC<&Z5@ZrD_aPFIBCw)u4K0IgplTTA*W% zGot;__9y3=L?|1(4<)vSOhK82r{^mz1D#Flpr%VuS3w*yKdYT`*sZst{B=)lqukth zZY)PrDVUPU2Jrbo)fkehW_UZ-6gDW^h+H~rVWwg?_r&yu=X#ov2liq*AQwA> z+#4l01k=WhQ7t*-OJB$v6Q{nVeQZvmD~diYi827nBErNbq*lmQ*VxX)M4gz%GBq+O zQQ$;<_A?!2a$8r`tBkYWGR+@k@5r=D49YpBD6QC26Kdi2X`g0b)6%*e%{@J+GW09C z8Omm8P9n^-PAq8uS*h)Bn`gG~9^R;Ptj#F;+#vfwWgnH=Ic@xTfdK{uJUXohQ0w!l z=D_|{>&F;HM>`hIXfjtAf-_v)InGnr@+b4%%T& zYPU$bz|-4>{v)WnwW)II{OhR9s4DY})TS3_z3E!)32acId9=^w-jwjnbepxNvB|nw zcCl25py-TtY%&H_fFbKSr{ zFjGCx)iA}&t9)^qdPh3Tl)(#xhrH*y3iK|tm{LK z#^hx4KThT`MLd{2+@SW=%qby$<6+`q&kQ2m6xM-_U}tJSNz2b+F>a=@9p{!bwI}D< zkfF8i6yYw6P2=s-0rfK~UEA`@N^c@UX>pX)%MoRhm8uwhu~ST%2;( zA)Kjo3@1=!>C=TysWEWd9F<9Bngj0=6v1c>hW4)E1fknu3Y4m*l8JsKLXT7-rjp7- zS`xja&LrPE2q{`0TbXH+eXR>APaneBCQfz})@_OA4eF^XX;Mrk!=bN6F01y3{Y}uH z>Vp1f${zUF`cxBB7j6j0o7~h{L}SWYsb4tAs=528td|BPq6V%We^z$F?Pi>Hgq84?BZyALPhGpJt5IT^cT4w>uiG-nwaJxt@=r+Jw7Pc zB@o7k>AUJ<4g(4{6mRP4Qe@6ho+lpE_-^q0z1ynNR?vBnVK0c-lXbf zA66@;Ifqw6SB7D=`rM>%wIhY&9Fkg8E8vr~JhI(JS|J1hRMOU6Qn6%QR&UTV8p@13uHTM#%IQ}t5VCe1+x z$rgsL6~}w{l)X4rv-)w{!)rLr&`MIMJZ(uIXzrTOobFM&h5GQ%skWzF_Xzqtm8L$=Qa@Pe+iu$1_Rc;j zeyeXdO)XC(7j{{*#t(Zya<)*JT74|>Q}cjNPOT%B`Ki^2kCy${9o{;j{nsZAIkf+V zB#G615)ogHBWlsfmqI#Of!DaFmO6_FVhHf<9s>u}SK28BuWz1gAa!=@~sZ za$q+Dlk3W0@NGKW2@eVgiMAV@oKA3TZn_k?8EW^phAC4?!%&Wf2NoVQE;AInplA-q zgONYv=0_z;7icrfy3xtB<<`Q9NT7O*T}6xyhn{h%Mq>NK_>`Tx328=wNlZ*`SWQY; z2jx~NCWjkoNBlRZb!1@krlOc+q}qXPh^eV=g|mzA4`9>NtB;+mL~5u_y55o1UXa@6 zfvqh}2+~~Nb2P`LStnUZ+w2NdEQap1et+X*NpeBC)GjEGPdXsSS=NncCul8cce7Hq zDNaHzWxr^7xb3sTwtw0}<>b_!07s7O6uSwuGGGOUcxq5d235VDhPr5K1FbT~Ps6Pa zYg|UQCe>imeA?-0)lR&%MggkVC92g}NLs8jl3T~?)5XFmcd&`Ep(e4$wnoOjR;m-W zt;+UR>MS5FsZD`*v_-blB(vdVPI!`iSjF6uw*8R4HE~uNFKO}G0!!aT3MUKaBzKJL zk=D6(&w?$w^MYNBAN}u}6-j$Jd}eG7DkEuPnc=v~OS2>#ZdN2*26dof=A?B}j3qaj z2+xd$UMe2C|Gdy4hG$%+F0Jb*kO}`^=EGP7SMDBr6;5=Ppi8#5ZbD1R@6Uk$%lwxCKV`bsIrQ|*RLx19@$_91%^hSuZ0@e9 z`R1%EHOowdkK9vIdh~GbUv^$BM^0f=6uBD+bX&?HMl$kiaG4wfQ zawpm;RC^^7>71PZunv`tcTF9T!sGF<%b9p|x%4?jkHFdjZqJ0ZK=_^$>J`|C5f03? zcWR?(@MM*m%x56f_i(2XET_s-?6)GcUsZ8siUn&%9&D;%BiXMNjQjK@QnKO!3oH(V#Sfb=-r4YD;wm zOxKfLRCTNUMM@iN>JLja)(?#s!>w#EBOH;ak8q8mYHm)Q&Wu#C*Ts$CikhT*hkc=?8wxr zGJA%>^y9GcXll}fF{Mu;c4K0CIzj$zMj8pr|1T~txupDGj!#ktBRdL3tqZirC!tHo z4P8QTRFXEg4NprDm1S(IBSrkMxwyETb zlMWtd7rLpERI|3uxSc%L_lBUfUKH*{80A5aNgIr0EFDu-2SR13O&-uXC5=kf`9qTx z6$pPRQ)hCL=;*22b1BZJN5Z~S`;FP4<4q7Lj-t0cfeSVv?9{d|T`BNf<>`IZ+I2;` zAy@v8?N_Ci{QLWK$?~S2q#S1S?A(Rt(ZRk!V#~rhLNkYJNa^@LuxZ!t|9wYDPQ(19 z!N~sqmvh9h59EY>AXlrwaI7~*AB^>>m19YH#&}cKjA2hm7;o4OEP<(bvI9Vpd8Cf{ z0V%mDm)aMSov1D3#B54kq~wRD0GuHvHo+-|(kcxn1MSly1l$hk8wKIcoXI-#vvA*_ zQ?hz>fcSrCdk;9hs%q~)=h<`4Jkyg*NryB_$~-e^+>4^GqJYe#0Tu)mNysx9NWm0} zg}{WW+$&tU2qFQbhy@W*!Km03MN||c#Vaa^6-z|D$VK1pZ>@cvG6}if`+xuWd@|2D z`|PvJ+N-=B0LL3g`2%Zc z=b)Ua*ZbmJ-pz^BTj^zPh0>xVi8=y)>k5%Z=bUI4Re)kfhpW2syl-?HaW`)d*L58b z7SxhqoS#C}M%z{>2sLGNE$>}r(c_Dw6b2`B&RbUBtcg{tP@gd2pKHm#Zh(i@%D>pp z3+e{VU;Ketfnq>|V_sTYx!&$Syp9>r7J5Rp z2v=YA##L4{g}NeM*sJC6{9@ES$)gQ>!dz=CI`I}4qyH<*p^gG0;kW08K!;tRzK_i* zc2B-h%NxW5I&)6em29ve!M$ULwf)p+)hb>0JVj=+I-KcN`XLc{E zogJ*8c5bkN+6BW-s5M#ZnBGy9fyPxdC8ZMcip`*bu?^r`8F|QofgBq_M!~Ww(6A6{ zd-9R4;CaL_5*3IeaPxMj*Z>uC=`` zJU_m+y;$kBdx3`V@PyjVe6T0hwnr>$g%0Up50jqIRzo!J+}HRGwOojlhl)?zV>=*s zBb~g5Zn>&5)EvV!(ACBPxj3a>4oGyYsViay35Bf|DHOKW?ZngnPIUaYif6?q>{11v zFoI*W+4KM2BV6^^;Q14_$+D_w5N27`v2j*KubH=##Sv5 zYvloh8YS%(_;{ixW?}u*oMsp8Nydx!AS`xXj)DDA+Cu z%2ZAmbv}uDorOu>T6(oeVsZvvsa5N;`R)Vg77m_XI%5Sc(U@T3?;3SCr7xr_B~ zJf^e677f7UK3AIrdQdIkswR|ytqveCQV*$mL4_6N(h1YaM-T}#I$0~K9&T1!UTf6J zH4l=Aqxe5nJwwWwX-pBAFRky6DdS;vuKBWBZSCcidR5?{EIC6%N!o`Ef0Q#nG$V8( zHB+k+4%G3UL3$svw01rYq{vs7jUI%lT+8e5hBa7Gi-*G2mAR^UjO$_qT-JME>z1NU zdx~JHQ=wuRdQ@#I4*5C-ikQrZzmZmtk5e-qJW3~5^u%bXcS2>tIWmaOPOK`wuZwfH z_T#u-AGJoxwAyc|v=LV>`W#NG9ZMYm-WcKMjRL=u`9EfruapL`y7tw4ALo?Xp-5*U zMnPWdS`JaJoueHgs)e9ha%+F>9{%Mn|17H2^fW&l(_G=IfIv{IlS`62t<|15shSId_FNDU#p-7obs)8Z z87>IM&0s~w$8w``FaKX2AHZuc!G~LCicgG!!#dE2W!qQSu?n#2D-Odr%_+J2fs+LF zf;Tth4X+Sfar%)-?O&Cj_`L=C85IapMG(x-4Oj!}ev}PAilX*v#YZf)P9wq88}cqt z4$Aql4EWJT{hm6TI~VJA1?#!PsG&)Bi_}puRu$7ax{Sb9naKUM7!XIjpq>cp80Esq z@BtLoe7$^w%0&4J4K z)Edp>xEcW}aKEyS%NYXjZJip%2KZ^OE z^lja|sqf@X>wDJ?Z`gWP@6d*=YffG@+&8>o^}4O6tm#`dyk+y4zB4y&I<0Sr%f8dM zu39&|y3Z?bI(@ir%f^lCHdm@!`50?+-SDcuq1CH+;}4=4R6@8 zX48g~*Lfpk^6{r@Pu{$iwEbR6)70)=wRz3Sn^v!-j4sOLep?s2TQ|IUi@#>wuG(5I z=e=y*z_Zvt7pJVzXi0Enkn)!DOE5=s*s!IS{~P?7_slh0T3nyJX~pI}Zt5?QKXG3eYY&?C-Nvk(*TEjzLrJW72 z+0`32lsBBbK0a8j@p}Ur`?__9Ear}rsrkHswN`7bGQjz2adG;ZP34o;oUz9G=6=oT z8`o(K)Kk1Pc$~bYyxEJlZrL0=mKUvVG)x%b89bPB!zt|BPh^QTRvOAhXxnyd@4d4&7g< z87t*u(qv3pcDVA?P#ZO_8lNjg3@+sCtn=KIqYezVe2)qQg*Q%j+()S0Ff z&s0NY(k=6og)$xLsw+L%3K+~_DQyaqO67D$*a|crUs;Zj0~UR0(yPCMFNjfU;ClvHmO&`F6DuAa@2Dn4El9LD0#uC%(WpO&wS-q?TpyD!Fm^K}4 zu)5(8;9hBoMwX??Q8aL>HNc{TY?%!wZOGQ7-5qHUtD|NL{5IWWZG0&i$r6U&9B%sT zwz3cVhhH3{8Cg-KWFRjQ2_&JmPC1`1h2UZ~)Y&C~glj*$4P-Hhs2Nb?NmUSz6tblP zT$x&1_@HnpY}Vhj`S*aRKMTJ+VMjKSP8&><^VFV}J8ilpohH02WVh(mv^5LAJ%`&a zYfva(=%Y9Z7bHn&E`>8n{7qZKAE=ascLID}kN9;Kj@bq7E=ZGkX_3FhX`p1A9&R2{ zk6ode9=(@$ZrfWgKOU2Wj#7A2iNCabIhB&|J3hy#Yc<4m_NTf&4z;f4(Nnu7zA5(9 zQt632cYB%7Zh9J93a6L&OY48L`4I7K*XoJuEG*q!*VjJgbHiTe^R4>%+-URp51Y@8 zHXp9DutvS~r^)=Z*q=7tNatsRcT3{$di{zQ40TS(p?BwAdjk(bQz@KT;xF^~g!Oix z_4Wztjq5C2mF=$3T$`v3ZZ%%W!{n!oK(WFG@uR`CEo|UHH+Pe>0BJ4C!e-dvnxS-d zIbBqS0zwBoDbnC=Czrsl!tyjZ(nj0W2WhF{r$MH%X%jOHXYa6y^?`GTq|NgUFK=in zZmEoD+EAMIr_<*1T7MckjU|fW8aj2CW%JY4zEaxQS1JLsdB~Ek@DauY!ghxbLm7px z40iC~m_$FPCgE_BNuZF>9wqFcu6tvQwg@5l+w@u;K!y@oPxUy$pCs3FsX##iUSs{GyRCSqU;kIr; zeXSKfV1W$8YW6;QIezI@8;`TtZf2NwMwcl*_YWWZz+rIi_u;+VTa(Me}YLki(wo>qxmJX z6FWIXzaYaQHh^~C4cYKm8%g6*&4*i7XaE@=HVvczc|sUhN)MvbfwXN!+Q?khP~#yW zS-+!L2xlaqWHU?8e9uUdw4tv@j8MX~v0vzsedV+zEE@<@z}_r;^tBRYTrq*hKIt$8C<#m*&-6ntjTExU>3HY= z{isx|C56ar`-PJ1cU=6PWWW9J#jg2TA5Bc{)pM-ALPJ0!(+{N*xuMr@>A~*oQAvM0 z?N2(!3ubq>(8jm8XMA{inuF`oRa!;e3lO2HYyket$$%rYN=A&&c$U9wY9-bFHZ2hb_op2QB>v8? z{%xBprX`q;gD%_b66lGjn8g?Osuz6#J#Ty|Y$)*;9pWpd7k!#V)3x*>uCwr(;_-}z zIh`_MQ@MGStF(_!V};@zxmaN{__tNHGx(13ME&&_%wQ@5WUL*i;d{-n!}}oZWSExpTG8<^HL4b6MVFleu%whc+Ge#7r6zSX$<{DrJSisv z*S>pdm*iBCIDq}F;Z&_h4<;Y0d0WfQw9v!qa*a4FEaCatqMr5O^hGA!c(Mfymm&w| z8{(qdOWiLF=rllAeW&yK=jDoEyMq2g?FRmt*)0t7&DLinqbQ;tEbovT|0O-j$6-i^EW2 zf-8Z04{bpc z+y+%dYz~`?)79>qg;Sg;%}N6{C^7h+?1svCn0qr5pPM=mSUF9sGPYyI)=p<^ux{Ge zSsKZ9p^41X2;bf;A;HzShBTcOet5D|=1u#FllFIkWeE?ah3~;55#-I?>ETFl5E*Uy z*8L>RQ&pH19~yclB<#N{@Z>D z3)q?V^rcaFjwh5+Etmg-}kqzH~MeDX#imX#!BMPQtuWcvXqNtXvoZ_cRgl)kddz zv8@16uMtZCyjj_F9Mx_qf%Yi>)PVQ~(2UO!*n3he)$szpOXeDAzGt-nJw7}+b-)&; zdhZMK9upFJF3Y90MAa<<_QekD3!{{%0ru|@41l-qe+6xDZ2Rg&L+S|6(GYO5HTY8$ ztu_6ei!|*<>F9)I+A383vKHND#&o+Tz#<4{1?ZrNwOHsAj9SAzWZESQ> z5)Led6H5FQNMBN%4igI4J^$b`u+IydzG3xlx*W}PlDT0*DGZnRn@*6f8P@MkyL2I# zE{nr-E~I<;Nz(z5>adNoF06ROX( zdZxh=j+KQMd$q#{MySRl57T`TUdoMGdwM&B!**C>FE6>%?#uWZ!nZn$hgCRUaX5Ow za{NwKqJf32qZ#nWw~A}Kdf$e`Nf+5{Nna&SC~D|z$na}?8N0X8H4%@j27kVm4WneK zxfHT+2P!X|P>@=L$Gj&UD}LT*mxytsF2+m2(e|b@MEb4aVN4o0z2VSRv@Qix3z=&% zKc!8n!IMyeajshIYTTH%>N66X~Qqs07SaE>PV*{;@V&Y z)37y!zQ_xCMVi9Rn>4@f@FR3Xq-3=kD;|-_q#yU+*xQe5Rd~k z$8cIL=YX|#?#SDDquP-kO=oHNwRLt{Lm~X@W=g^zfn}4kI-JdF1?xoyfh51r!YAK?bSV#L;kQSuNQ*0^7ogTK9l$ape1EG?B5i8ZT+{FoybO}svNYPm zsuC;$|5AHc&B6!MVf#!J9yV508yO%r_(Z|v zR6&oycY+dOJqzC|gGwWm>If!xroEu@q`q|Qs zCq+1}6iTIVto~|Yr5p*V(DEgpa7)R1C$CAzdAdkSUCBTcNpg|}g41~c!syKgq*R!S z_JssP%Qc{M21-<~{-P7+8zqa(*o8Pw0w_}8(245ifOcpoEElR&l!-gaKpp3}L~fcr z1=3T6?oS!ePFpHNX~h1rO;lnIEm>gcv{i5*>sgrKy1Mztv|7S!s$dc4Rm25a*kF;l zc7QmB-7lzp4s^h~0rbUEE~1y|J{#~`)ZBJ9P|71{_^kuN4U?^*wHzfujwLH~Z|LCY zgqv$Ynws}bjxr{>6i9Yz1*)iJFG+S-EBJNPz_3BQfU4>~B^Qi%pl_u2Kb}KV-MM~z zTD4Qh)%9!v;c%_(!wug%wupw*a;_iU59H-MYRCNZ`o4379hQZ^kKv1SI~<={!;!3V zc%deLM7%15Q&|u>W?RGeY)Hmc3rG$YaN>xpg0gFH;rhf_=a0|9HNwMpbK4sJ#U#6l zeddggn==-J9$G$B471^H6kQk7z5*9U|dr z96_T-$vb#{X{!s>pe*%(;|V( z8nu%|O61Yz0pyY)2{%`4gI5A<=Ro0I4(z9V2DQs@sXuu-F2giNz+NLl(;#W*< zEnsva&pwkjNh-JpqWZg1Gjkf#0=1$DfB%@`%Zy=#M>GVz!fIG`D*a zh0TLxp1mkBjL!)0VJcx4iLOOji-MJ-MtoDP49zFraO?k<0&p$}&Y>V(Ks zf@$xFFcaW>c7w^Q&TjAs8tu3!ays~30a@TQ+lMmM9qv4lg%-Vbqs-Q5Q}@k=94?^x zMb0U=i&NVBIn6t4@kApCqq{;a5{Gdj1=@MrFAERNmS?L{D2VbPrMyIWQ@Hg+*Pghi zkztg#n@_YFdR5UMNm!&AABl*M3LDaZz1jg9GMCw%uT%XHzBLQI$%{S~i@rU}IuDn} zIjSBCtPd$%R#*DF*+g-$%;;@6O(ZRwcbV3-9b<;O{j+P*h8~mi)8|qL8HZvdy}K|M z9c5&@aky3Luq#~pItMBp&JDY56nJPZeI29;sPj^KIbU|2Tzu$O;^oc&StWF23pgpu zX~UqW_$KAQ*~}2kznxX{nr0m?w?}aB-|xXl3kV2jQ7a{EN++%oz!{ACurXo$DBmaytd;U)G%D`8o2I=U5f zW1^k)y!7>Yr30V&%%rb(P(p1`75MGv@r5>Q97TUMFg1lsUT?f7JTtSL9nDx~h6|-D z8{9HV8MoeLGzddHIXK^d;SMf`wK_r;`I&{%V+F|LOWLF83I~-c_fz7%pd``-J*gF& zh2wP5ZFjiXRCE9}nYaH_f}S>U6(UO(;$&k|^z;@I%l@i)DRVeI z#Z)wB?Qph*kGxfl`LGc^KfpqRB-wD)R>#sVUP70^8#G(|L}pb_I)0uQOpmr!<+Z`v z5|GWl$mfDc*tw!AB7I(mOO2(+ z(6!=aUi{4*>n@&M1cpH5j%_6d2w34e{jwJL8z2`3#?GBzr0sqwMkLTkM`*adoX+S4 zt-^X1k%j#uLL-Ftvv(zuy0wA?kkqc3MrU{zUtdE~l%iE<;SpZ+mcwn^P{&l48Qg9| zWrPpRN=95mqnGbkFCW}i%B$UB_&SRjv$Pe;%%6VLozggF8!$r0XEAiFXf%>dp50(H4-&%DDABUR1o@Iavp}SV+3Jd zd_p&dI3s4$H}F84lnscm%ziP^?Kk{VRdv~whV_6K09-BuKK#+V7-=}o3*Tvl-?Bmk z8gwd0hWKB4DnjuUX}WO!K)N3-6|!?pK8f}^?4I?uU(+Si6lvNCvW}Htk{7-eF&D*H zI)pHIk5PkIC(UQ;ktp6#Gj!aS?b2XrdZzuJXHDyVmhM3xEA}2KhSz_hl(S4&2b{ zso^Ls1>uuFyo~V4N8ZAMwG-l0lDqQrwxVFX7K&-#5avn!@*AD<;_(K6Id{V+k>3 zx^E6w9l+$=ZjjIdyLj9kesTiWcxN(bOPe`e;Wrh2b_M)w33aF7$QidFU6T8rt~tOZ z5Fj0@$R#SSOdc(Vs2!=DD&=NHrlwE*HyWm|~`R;1O|sV|+P2XHwA$yr1> z@e*%9ktglQSF<@g)(m7dW7=0Ezou5j#c#NEpN?URw6jZeBi08W9J?TGNBLe%g{|U&;bN4MB>X2>Gxh?xZYKFA zntU6$NyIY`;u0w@f@=%UD*6epTNa+9xDd8$#}%lb-^i@8WS4F(Fg$?^E<#~dJGg?( z`cIiN%c$`u$Lg&worTsUpx?^tZQ+O3I7129F8bHG1}P=w;P_oK^6gSC{63?4sk7uudpKaNEE5t2h&nhxrMuPPI08 zmkLvOu2tP&1S_MIqG7F*VSW?aH*5j}g^esTz3p|fNF zQ+}XXaGCu_a+Wtsm5nv;&x$sQM|3oNy=CVB|h zRF=ZX?+Nn&`#MOxs)=-`)cOwhg3HMkK6Pe!r&a%G0S=udJJsWRG#l&u*d!~%vWCuQ z9~zlGhr({)=;UY;&~_kyc$~lFYpHfrbPXqb)oXi=*=PIht$> zJFF1p4F>qQbs|bHzD#^acF{ru$Siig)J>Ag)GjGL%$=T^hsV<8oBK?yjBcXqOWyxUD7Uw-xBPc+EydaN5l{(TJRuhCmxn`KIT&ADe1J{ zw5K;6kI`gO)T1qX*ovJ;Ehiba#IdM|SyaJ%Aj7Z6Wi|G>=+)dM4j1r?!UN3si`aW< z89BdzVXS!vJfnlJ?9O^<+h~Z(GI>vx6P;ObU{E4?>c1;kL zGZ`)5(g}9{A_djv3E*N%DFFmnKdz4EUVCBy#A5J8DlW+CxuVsd;j)61J`ZY2Q)))u zNZXvlExdgJ)3nK~aC>K`1WM8VWV?0QleXxGH<;+x&K~H*`2{yOA$j46BO<oJ=|~gtzHOsm=CEbeEUQbzd(-?>kTx1 zK#IGDq1KwsOW}S7ErsSJbaTwo86#9lF!!a|5r%??Yb{FkP0f!38(^pZ!VGj_8N)l? zTsB?nw`qchaOgT)+K|neoP?orIx&3YOc9+ST5gupBJFzW%tZWcZW zca&UdBNBPO{>o#h74bFIuVI)ko;yt#h$6|F6iH@RJ#62O7&~(wBXF2qVC(VD*Sjvd z8#HWO!y~s+@DxdQse8F1fgx_8-DYPmaLFuXsx5r2GGbx}vamA_SPzBy;$A=(Wnb_a zOp5n*n}cCWpLX$4>&#luxAAeez{7GS3MZo8)r$*JcREGeS}kq9&jt-!!j}s?Z4U2# z8$ZNia=uK%*N*Uaj`QI&ZW!n7^YNEx|NNWB$yG$j$LA+maZ9(={hHOao_W|3?wU_? z+1x0IM>m&+kIYv;iyMmYl6Sw7e#{}SxK#k~=980jlJI* ze}XSgWToO|l|HYg820eLFnl!Ldu+Uy zzl{Teq7wQ}6ga0xzv597!in+jdYgPJgdbpYh^O!qE3@Y_66;@QO>ra(yyGc*%%Gp@ z>bZUeZ~Zd#Z@(F?O~d!20<(Df0O4K7zdbWW;P{V>f-{pRWiP17TM z;-kFQ7`{V8-CUdc;kWWMYbG;k{Q7ji-gKsG7_K@HOpGNh@#`pay;g50!5Cq=mcU*c z#S~e`?Gb^O>BOz#E&Sk%>s+_Jfj7GhV;C1+dv0J_8hY+-1R-V!PQ;JqK-_MSf)hVC zgE_cz1bDl{MJLf5gEHHDN;ZjRhS2OrySRzv0e!h1I5Lk&+=-UCBD+1PY1M|`++EZ z6xTz3aE$Mb!8WDAub;tO)z}koVQ7)kso`C4=yvBUcVXe|?l%71Kzwl)K70nIB~7JL z-@?a)xhB1d($M2?C+=%&zd$@n{Ju&o=22Q%gNBI4e5iPbRfFBZgJc>TIF6g7nqu&`yGxLgT0oS6)SUs9PmUmm0V zcxD`5mZ8-Ut`{q}MUTZlq8J6{eQzV$CnNMIA(}T2nE1N&mmI_5^6ZaizzPeKnaIlw z5IAKH<08D=q+1qVD4h!j#^Yvg@buc*+73ZJzo8`8z)xBLepG=R-P3Tp`2`;U8a3A- z&MlM|dM4<#2f##sIFZK8&7{R4Y)5N3YM$*N);&GB5W@X^9{W7F@uMr6& z89Qs*6s~@yoHjp41Wygua$O9M&l5&Vow`!`L>Df=p7h{(>C|OrBmW$oLW=nmi^gz% z)6gW~yayj^Acz4RA~XQ9DTH0NWz+;u3b(GLQ{*YSeIu>^GfgzjOIsG`j=HVke)bUy zT^N&A{evq-cs;bha;Turt>PWio)&5790BOGL1c zKunI?!QGJwW=6V||AQ4QS~b9kmp;%B3AxrGrC;w0+?PyDkJ5np)1y$WHEh~KDUeGZ zoi{Aa@E0xim8D+pe`pF1T0(|73j7_&hqq2EB_k&KEd-d+pI9xJtx^8Hh^B{-wCD{T)o4qb6@;7bN#~)* zuHfSc(&GF)51(Y8b->hzcX7z15&im#JRb z&I{P#u3o!vpadRNMBgVkb_AyT?zE z_|4alJ5Aw=yV;PTF>XupVRWR$W!x`RXBsupQk5eZ4C=0JL<`jp3vH!#Sast@{{Z2p zu{zEL7Mn@Io(h7Z@|QQ>$OL_+{zgxHqrp}}ZkGmk;_lQX3XFctfdv``+&j9jsb-tI z@I$YrF<^{|bm|tyo<`@et#i#A1m*@#H8zCxurl;*61*f~5({|Wn8IAe-(f)f^pm#f zg<<&hnB;>Jxf-m*lYCGj#$I1%&yvbpo-Bm7&?_qMu^f3GkVokg=C4PD1b#i9a8NI* z&NALiSzM5%@ppx5?`$CtKrk`Q1~54r7nm4rGce57N@>#0n!p5;LmYl1aIDxv?>WS! z$a_1>W#{t6W+0)iYk764i_geb8NlVotnFb-KP8%gTgV!(-?4v4_GL|!88=+gR}Fv0lD}V zWc(8{At#2!LHZeI(FK8Z)SaPmf|_U2r6=lEtfgMY7S|7!t$r+-fS((;rZYP%V_6(B z`Dtq(StLa7=(pk-bKB&_WS7uJfnn)|POY|7;zWovx!r^caY+goO571D-R7avE@1l! zmW_wq_xgh;2FWm&m2|&uzIWsfN+l_}iw<(Yl0Al=qbw6sY2rmxDvTFcoiIbKxPj2D zZET(YoT<16P#E0D^kZ1s7SxWYbTOjZtFMWK5xYFySb5sSH20{;JFD}q=N%b^Eb~$N|>lpU0x!wmotH4*0YLfNcc&2;>viJ zVr>b?49iLi%VdRLgYYr6JFfwnHZ;@ev#WtJkdCA5j0VQ*vgw!lw{7Th-Vi z77@l^BqH);f~nI>TGX!-k3Wy(DA$rz(GVBnOv2^@5fs$Ob_)}2U*vb3!{pFi7n>8D zrd%M&-Yjo|MlG7tOksh3&eHvDdX(S$iLbaf1R9-E6<#bwAxtNwbSQYhiw;f#po?nNmrM5zYj;6!%vtIJ*Rh zS>>9eKAfx0{>&gaI#|f&yFfDSt7?h(m{-`C<5&xXIMvNbOCJS!vYeJyCz)A9@c`P^ za_vaqK(N2S0r|wNB<{yafi46hs#44Z#Iq~~T?)acfH}B56sUjOky0|6!uJk!<%W9{ z7xtqMmFraaXsU*|ikVIWoE{1~J;$?ysw>KHV^*_Uj^rh?TjSosL$qYNVzJMbuR}6` zW48Ry2XWPrc`)oR4`r8{fhFPc(d|4%J4H7m*`GmCP%0}09kMvet|!$fyi_nq>^#ek1u3!V=?zc^wPe6FM^gHH?aNdrtz2c)@rl_tOyM#*uJg~nry zT8oGrE#XY5Om2x>u}v(&a1OJ<(iiYI=c^n-GOOSfGBKWqd}P!io%~E0xQ)&D3Rf^J zeIHTIz%UC3^GE^D&;;KGuO6p)Gv2C-O14Bw;qwhfx=2n3`{;C%@oMXcZ^h?r%PCLS z1cfn{2^tGaS2q^Q&rL=&8G`~K$W319Nk+|v&YJ2%ab8YfxVqV~VPNLzOk!>mo`Dj|rE#1)Zo*i%`^pT(&v$Q63QMa8+U{R&COZT%UJ=Cz0%T2e|mmTDt}{DA|! zjdj~PVh>4zLRhTycsn31A!UMXhFUO6nt2Yw7OwM#>RtY)Y(3dS&0}_6yCFq{| zi&i2TPcWeW0Dk&+??rc>eM%vTq7~-hT_LmaB3N(IjI33%y6DA#5<*yK5>Dow?#{06 z2@?!!)Pl|v2!lk(K-y-$9veV4&D<;D7A)H8At7yq%R(*iP1N~8l(GW z2ycX&F&6YFKNm+ue1$C2M)Yur?HmAFaEjN8=RI$O{hEjtc1XzzBReQ8!*~NLJU0|q zI%Q7lW*Oy^K3d~f=C9>i{4jy?QSTQsSb!GNW_py>w@W9aHcP=Hu-fnmJ|TDJmSjYp z6{L_F{r6b|rh26GF&8*V^>DVd0L8{EcWld-SsDS@{?|ZrFb}#|UfzP<@5>E4&`#9nHD~{P>$T63;%gSj)TusaPT6>K~C-q z|MuDkvue^YNZ}K*mD|euF%d#ufs`P!JC0va)j4pWl+`jMB3@@z{JOt^*G zV#7s={(Ql|w@0HNrdo~CVtOypwaJ{YpcGb=_zNy>sHi7EZxb5#XqEC{@Zd)Yo|`CJ zYxtVd?*WZ*{!`D_>dg8YzJ`;Oj0?usjHOEc=IqtPnw3_rL=hHTF1!(ODD9CbOy-ZM z0rzZ+av&Hfq~s{VhBQq85m*Qxc&RpM*sc4)i|IBYI-hA&8po`S8iyZiS084$%u_<< zLsVC$6T@3>34vwHQjt}VdG`cYs95+43iX@h*BWF7%Vz0QLqa=^Ez}@P$ zJz8tGJxqBQKyvG2sR5i!GNvq8@R&0MjlX3HdS*r|gzt-rP}c8r+9NN-9DjjL;oDD1|7V8Hs-Sz4qBrbM)dG;lQ}RaToB3XcmXpdw(uFyOKU3h>4b z134T!zqZt{I~XclnK(0c>=edm8cQ+})o_fYaur}rq_JA9HkP|nR!WF@C{_#5-bxsWq+z3lE(?D0F4L@qj0~jaLM^2) zHqLBEE!jt~J0ZkEGZH}tiDooiy(rvZ#N#tkWr{S$6Q{twIDyf+>t!vd#F6KmY?@fi z1-u&12I^qh6rErv@B%A1ZCRL3p6iWvQ_`W(koc-VC_^3n>@|uBnL~Iw{h>5V&AJ0* zDhBqcdz3v>uLza3RIW98NU2o&B8oxlYN{-Veit{YZ4*57M8~p@lY+RyEO1EXQX0tJ zG*3l1iVM=$T`4#=wsL;FrwO|n&t_JK#(a#8q>%x!D@1#Oc)>QC8KneosZ)+=X)LGN z;s6?%MecVdbGuMFynR~|{xYVdkW~FLjPO3~?COwYOJF-?il-6OrPQ_x(9G(Jj+U5b z!U?@IC6oc!Pw1P+)dF2kk~+hR;_6nrT3d&rM>y-=%fmQF00R@QV?hhG%tDYj+-juz_0hG6Vpa}iq5HDIGWws?gra6cB3%y19hd-g`OHnhb$EK4JIjFdQtXuqvFHt z^CH?#O3A~3>TDnd^uT8(5uh4A`q0cZ=>%h*bQ>oo{AHtrU3Ts2G|(uoY)Cqjkxr-- z8@>_jW6e=_`K&RaFg!l6EdR2HRNTled`p;5S4sGi681mb;WaHmeheb(eU(}kS*a~$T?kL5AJD8k|w2%m|SwK(Fa$skV5>R0U2rW z^0#XPu2E;<+7~a@1w~v4RFIm1(s#;gm|`>TZsBtq$tm`7i8~1FwhFooRIA>QQ@MIW zYLa*Z%_9{=5iJ&O?u*a>!N{+JX4-%!yDj{kT?f2bb0{P4AYMY^Nm(%716^3i3t(6^P!Cb4HBl0v@Lo>z{fv`+ z*Z8k``sg{(W^GrVg*@-L=5A@SlZc&4RcO@*{^Vuu|uKPZK8 z|26z4E{sJK8%4xk9Jb7&+fMV_()f{k#h{8aDRk9b)R}12_B~+HwmyG52a??r6pIWL zQ+;Rxh0ezVAz5SgrgcCS$Y@RAyWWag<-huP`df)&R4evU|0SP!{{F6$@ z6k^v31^_sA=fKeskcquwo%|(SP-224?Zmu|xHZoxAsK5I&hPEozHYevtdh@SgyX`o zpX%I{>r->gqr`oYpJDsl7Fl|)K?)Ah7;fxf=b|81@u+AVn>ySKJ+mUvx0Ua*a;WHo z?G|aRBTHT3sk}KE3)SX6h}hC}9NMJ4JVFL=M@W z+%CodIKPd%Qd%G<7-yWUM4+-)jfAM!MZKSgsp7tb3_1y)vL+Db-v-TP*b!S!T+5{$4Zq?1{ zm2T|eiRQkojuOiP=2SCmMO0SDwJ5)4BMd&6ghOFq&yFdq!ua7s6i}Ci;8_wg5vV1y zLW?M;{4&OxOHz!Ebt@9uTc^1UQN1L!0C`7CzCv6cb2X z7oM9Tg_$rd9bTG=3u0YEKB_qhB zTIPy3J`7t}52eS?GaFj~ldfCMLa~!*Aj}%!gd6X^+DWYw0IM1B&|a*m;0@YO>zJ7$ATdBgc zdf4yIjdI#GhWoK^1V1sC_vFmwimHj2g>OOmGO}1>SzFFjutZ=Zd?bvKh|v(DFQ$j7 zv(a>$hsR>j#Q|}I6(23j-3K?zIM)O^g~te;X3AF(dg-U`#mspBc2k$W%T#>UgI*8su#eu3H%|AzZuC`Gos{G5ETHg_BQf2fB23p70XJ>OfCFYd~Uz#`EIyg|GT z4M3il@Z?z>2L^nW1M?ou)bMmKWec<~2yKZM1`ccLoZU_da&D*kCm7g1gy+t*bs5n1 zNCjLa@~}V_VI?&f*)?yKTITOw#$bWu?@>N@!oifC@xcY8z0i}tzQrU$xH0%k$O=56 zH1;uNZRMSd`3zZ}2KG^3mz#;>@r0Y+$q&5v16nR-{WvG@Y*R!`;y=8#8)IubX)Qkh zcbC8Rbz5a(K?y0&cG~$x+z4@)w=ztd+pajy&ofS)ld~`2X`K2b9-WRgEky&(@F~~~ zEIYpKxPg%BlznP{@+p63y=)*AKkUWt*C1)@7652Ercdunz>tnUs}Zz>XVH(SbE5Yb zhxt3ELY2!k6=3#jrjo<#??E#F(tnRL_!u)#G+Gu2aN?ySc_-2L{BX#T-G%b69$Z)n z7u@3`0!`Y%au->y47nExVu%6Qxdtjf0hlQC>B)0Sd+MEpp@$cg!jUEZ>iLGfg$;tL zlEBWRq$D;XWb_3b@qo%Vs7CqXqU7NWk`Z-21|5xJz7*Q2YbZ;Ni1E=o>Ct5m(^9*_ zA&Idz+7uKy$`tclal^i;@-Iut=B^d!mohhCwHl`l2$ZmtN@{T`b(m@ot?MPuYw_`x z6LGj&s6~u_A`0q%091x+$51rz9GE%=$%e1NSm5;iL@kec#krO!*KOF~XHSt3Aa*g%!-FCVbh!gDWVN_MF&pU!+EK?p`FliC-- zrRg|TJy1H~E6JX0O?`|tCPJiixSQkFibYPB?;{}Ss+ViCq%qv`!krdG`-pu(geV!t zB5tGzd`+^Vv}vQKz{v(&#KejiPhcsXI^@I1!oM%)Ap6Hoov0>n4ASomNQQ>6+RD;v=+jnJUHjx3aEC~f$AH32Nm-<5=gDz2c+() zK*~N~0jR!^gQ^9L6qf~5Z~R9g)kJ1Q+c6@xT^z*&dJMMuvZ*582+RVK3rk^niN7c( zTZ>ybc%^9)cOZ2OFmYad59Y-N6#0EUSs{yzDqIr@4xt)PCG|Kh=(5675z0=htkDly z?9p*=)wsDBFlXUEG$BgPM#atT+6bk{&7V~^1eMc0qM_O4ZWh_jN}1!#7EVbD4YtD7 zV$xG{LSnfVcm$suUy#(ag@IT%tR1}ltImU-o`T>ylD$yvhcZH*YQ6I;42P*dx5d6Vt?U}21+wUXoz-*VW_G%B)<&b*CKE%-$=*MYDLvr zUtvsSyr$wIPHHb`2?Ng zg0qL~`S5_~|1qLHYseW+%ArrOvubWL_aPIQ%Y>pET@rSIt(^EOnYXbp`6QA#?j=u6 z9({LzJCxU8AxRC{4oIXyaZaL@hVX>}LwsEWSm7yIL`mS(3>kcZgjzKxnj}OpcsY0G zUnGu9M?2VJx#J1{B`kA3BxP2(V}TmX&FS#&*GN_gOIT@nDRmU-Iy8Rum z7H}~SHZ+C{Y*=V$&o1F1L;J?DY=vm*O_pg^^A-PZuy2Q$of^X&Sh073c;c(P_RTeA zH*9GC`ve#bU`XM1`F}u$mjBHx^Y8FIZBfQYAqAY0q#`0NCTb(mVE-7zStDT?nGGNL zDu#=R2Z0tQRK>T+97A{Y5S zHvXMvCZhGFV877?%_soznJz_BxRiA%){R})Wmz+H#SV?i<_@F>jVRZ=76qb757M5^ zLUafcuxis2Z^b{aG5G#SN=g_}h~2I4zYN4=w` z4~s(oKT9wsMgY?v+6EjB5bSgNC!OK9=s>b);KexaVWuR>L6r=bzm-mV93Dbht*(BE zdebz0f8wh3RB|DXe+NMwvO^R?Wl(G+r@K<}=X}Wb*vSiPe#CzB7hO=>z%w+E@AE(v z`nGHro}f;n*WQG2gFhUzR%WULhfGT7(*dpF5`_jvuWP=7!=`aD;%bHr*$Q+p98bo4 zI>~I)7#F-;%#F$%Jue)|9kGL*&}VcW)L1`%E+bzNh*giz8vs+rf?!mlQjjW(`aYe-Ey zzo8wWz(M#m=fh_nWyIsc%_bg%3ik0Sz?*|M&+=BYm&O=u8^v}Tu0PdxVt!2WKe(Se zq7_>!N3?HR82aPdL_6%^$hEYf2vyS8g&T>akP^Yins8VEFD+a6Cg~&uJN*A2d%XZ- zTAHtEzNKU;BL4sIHC%&I?RWvRi40I$;xv2$v}p?Wv8_@V2p{B3%EYigORyHo_#{x6 zPbFU(vLDRTr-K2AyS82R&o87L}qc34$?`lMXaqXVF_d18&qh1UL+E@^=ws z=Am0KKuu}L)IpGv@kkxb_j$B=OdMoa)E2ML_rY}fO9+DzM_0CKx!f<6pwhJ`oGh4N zgc&tQRc0{*o`m|#J|5e6{Hg`t&+C_rUuGLdnzeLOa7iH-E+z70aVs4^pFIWq3>Qv` z*twf;$mQ5c1|$v@k4Dh#Q>qBMn0x@!!+Suj)!I>vf#|cCM|{KYq0mME|BZ7)T;wWE(E<&ARY_ zvboLfmGlhv;(AmZmMlZHtESAiuqN(oz2egJ`~ zTSk+fTqMb$^1%qnO3<4c{zj5;2#@%DOYl1`EN1*+sR)fLh@VSmM0DOuZX2+%MCMlrIwrQTTYcGh(^u0ggU>^;Fpp96WUkaR6&&4(&($2vW7p|cQl z6i-jg`JHYZ-nO8NFqrjSU;^(@ut(n9rM9CmNoqItS~=WvO5rn5tDw%_qVd<2P=saH zi(&v$5u6%F{mO0@jhc%c_Ok=V{=RJ^0OUu?N(NRi6jE@bRw4WjW-g`-JdWOmW8Ct% zv54=jT{gzo!OHzkNaMTC`9@rnaD4XVK*7aMH1O-Tw3I5grGPH>G!7qa14p5tBP?@- zaD3Y&oWA3E=#J^(XQ8I}u6tbAmrsgYdi3cLi*93$SAx16$HG3Gc|_X1h{1+8mp!ut zYy^&2pzE;1GL@kxJHMe+G{DvQ%WI_ z;p;Sbg~`n4DYp=)e||M{k5O%GYN^s=@_p&ePr?heHQBbyZY5e;!v&1K4v=uNi5aRK z8Kawz5}<@U0w|lh6^H>aeZ?_^7O?Ns8knu9@+x3KXWikrGPOAkDzGtmjKd~nipJ`N z9&}`~rdbHfeS_iYmx-^0OF1?b_wfb&8HiTS#rAS0_DJAUl_)k-pouui$`#Cc^mK#I z`#MS!J&73{2TnokCl@kViuX=(+JLiaw9MOB?nN+qK2;aK$NAR-6)*dt7ctiGeQy2Q zWgb@4Lwsr&ncEs})d_Q$z_+L)>zAdT8Ma$`VUvV2QA$Zj7*Sy4t-Qtl8Jlsi$npAG zK~uQsttR#t@o6f`7c(CA7op0T)&0eq_m~22@og#f0q;^E%kzF-iaoZ1F|KgiixP`^ z&{}-g2S0(NzX)71mWDg94Wx%rRg~@;!mX~~ck{hNdkM}4>}G~fwsCX^RJ{aMnXYwh8l_fsu?b#DIz~QHqBk#*8c4TQt`8DaS8A3fw zGKKdqqb8K{$JM6ZNPtu#Qm_$or1;!v0tZ*6Yf`-F6FBU;*=J~=@`d3> z;KG1DirS#W!Y(u6N3cZsGkd5ch(zv7TSLyunX4Qg=nx9;a}>GGFiz{LSNIh{-bP~S zucHo$E9u*~xkUSTtwhVhjjskuY&_4=;`2o~O>@1?pekxCbj%S4ssTIDt&EKs4|sUF z7RQn2<^}5i{2Zn~T#d)9HwlR43v4v!nhrxF#qW^K$yQ?kTL&NUXUTgCrhUo zEF%(;)(&p7EUC(~8AUY$Q}AsWlE6BU{ZX7WLcU?R#*Sc>07mE;aZd3=V;&COZmEPrEz;m_yj}GV+($Rhmkkl zrHuK_;mNYpc<#S`4zV4g@=o(!2#+*^M!q=V9$T#gVcIr=#_bVhY;{yBCf#_wLfC{; z)YYM~vet3P*}ZWZ_4uhou`cw;K>!a|VJ45so>1XUYaK?K-XnS8=P4u(*y1}VzsJg( z!z20FKSP|bf->~dFHNA((lu=5=Wjfo7v4!>4yXI_!nw_z;&0-|G>l0sU?|74^UcNq2ap+ho6eYC1AuOk7gyH7v}IGR+dUhqFfu z>`S^-h5|ZsyY0|KPMvK4p3cZVVg43C`%T%6#xT=~M!E`Bm_*ho8Y}0u?;95DK#jhe zLdF~b-mq!hvEu9IGS!azEVM} zXGCheLCW1Kg8nuyd^?2}Bn6cC#Yv~f*iNnf_4B9kYj?5Ie{Eha%523ih-8|YjL^B-Ckjns_@4$1h4$Lk&!%F^IX>LRVbc9JH6hxgLT_3k*Y6kbFjuX zF13>5=GWaHqA%$OND5)#l(`2TZ`65 z7h5Y-CRRnlfLC0KrVFfuzk#USim%I}@}{gc@G?i{+3Yk!gQk%8A8rRN6Ppb+)V9bc^r5MSLmuyDqh_6w0MZU)PI6(IA%~ zN|9c1d+;3wK6QwzknUXzPQ!cQj7{MQxBISArd{9PImAfF15Pp6OeHaj&%cNHN6fpn zj4hY$1v=?Hp77~IfF4H~6={^C;ET(tgvz z?gg~fU3+-RU6{HCPK?ZMouQNypevZohnt2lPUOQE#*UbHuK0*SYgXNjEhNUbN$j8v zJ0!39L9Tj>#YGzXdAGC#SdU=AYk$%{4N7jfmH2vNd|y6ABj^ZMp-W*ofFulS;b_Sh zX7f5;31^(txPF>3W3_qT8^!Wa*uqcWg7-b_;5%y|gkl~dFYm*j93C~aGQAG=I6^ne zw2u0Wh~A)~rV;QDgYyEjhx)^_-O<Vq~6ApVltt;8Vqu#AgZwGK$YfN3eaHzpoRb zn3~@Z{!XF{qV-&k4U(DCs{C7ZYlkw+0cyj$N z#)5E;vKjX(I2*3rMymr5Azc1n7IMN19|6}EbqLzh2>brd>TrExY$k&x++&Zoa1BHk*;>8Nl*X${^E2?($D@kC(ie? zoVHEtXa}#m8q_y+VuBAVT*BnhPQKnj?xqMp(3!**f*8g{fmAu+O2R0aA&~wx8}uHQ z30_POH!8jo{dk4~rbKONQ=2NPp0uOiAzWxxqJUjvg;{!v!CMs3o#z<*{#QvAt|WsW zBCbk7OJKo+lqt=irpN)CbWu9Pz6l_|33Jt4+~dp=s*Kbp(FU-)zNP9BJ3-rA2}({~ zvcuzTP~ZykuaEWqv`6t~m8b8rrz{>Hi;PRGY0t+utf;tw)UtE~ z2i?V0V&)y5QeB)Jcrna@#x3C<5rbMZ zwu6C1qq$oWrBulhC4z6JK7)oZDq(|U$S^A}-%Is1(27g7~iNkB}6*(}!vf?&J0YqVT zc0(RWzQj)OB$1cO;Q_07y^`SAcZY0|uC6T7&wXi?b5SrMGExRa*4M`#jr&=U)zEnG zOjPIA;6-!zTYPyvTw88BYg^w_0Bb;xr{ZIrS~c*F&12l}_BNln%ZSoMW^=gUUT}>l zlxF2|W*yFFAPlUyC{0ebzjN}x7mb2s5iW}!SO-C{0)_(BFti!r{Fi1A&lI$%@Xq3&EM`FqkJEnz|~(%6lCSk=~Dz2$EFz2 z2A`5WIq&Ntp?TT*NGLOc*L6*Sen+SP6jixw?-sY{hYe@D)5|H}3Mjs$hC{RglsPGX z3(z&zps>JHa;4;KTITH3&>6|{1o@`qy8}!KNMSz)$|KU^X@GhTFITV<&S5zo=o!u$DDgw4_Z_5kr&R{p)` z1?Gngm~*oY6<~VZ3NSys2QV*FlQmyDo|`7@TmBOvUL2t$Srmiczr0o-r`y3Dcb$x@0IG?^cvjHfd_12Gq4}FowSxs7JEmbdQbT5Wt^nQPgshx7CWW zPyU%!d2wjd{$(3-i za>ez$Up2HsbFWpcT-frV zvY2%)BIsHpg=&sRvOCTy>03aY>QJi?!w@?4{&uN`39C_uj19X;0@BkzURg;&_bX-s ze0cH6kL$Buc&gB4Y?7C2l01m#-f)+ptJGwtiwU`bkX6KS24s>$GT%SE?gW!}iESZ<4QNd3Y*y4&l z=A(2XTI&kmlD3Uf{V^%ka{vo;F4k_qjtQ3XZu5?GZ~2o7;r9k7+^?F|ct$9hGGuOZ zR4=Gq%8ndp@-U;abf$+g&;9#G(z$ekK17VF)zeN zeqhj0kiCp**RcJs=4L=?R`ZWA4|PXEEqvq7T1DsMd^a;qmSmrg zE7Xuu*foV<&b9Uy#%o?l%Li|DuG22oX2*S%$972V_M^WLk0yT{8seE33sO26g| zyT+d}*lKBW*ufCXaZB=X4beCw>EdiTw99WwQ0|dqG0M1fw11|NOa*xkUXd2(2w5n$ zRD1Ybc!;apMe+WEMOXNw!L&OWh!B;g=ny^F=#zx)_l+4~#SRWoV2P~m0|sc2j`Ps? zm<4y>c&`SDxI#MvO#qtm*_b;B2eP)4dIc9M-cO2*+(>fQH8BlVXbb0d`| zuB1$k11$=6iN3ZZ&p+ya!xHQ`%o}Dk0WGD?)@24NMMwCs0f3Bez~5D!abR)+}ek<^EyI%lD>w75(@ zW$j<`p=Z<>PB+4a^XkpR)NsS5mWT0KT&*6{WJ)?$X;L+MivDG1PaKi{6F7w z?(@EH(y%!CUw&2czVChRbC+|^J?GqW&!Rg3^y$hQ>%e_@Kw&uGZD5H6)bFS6z>7z` zJDIiVyVis68x#&tzt#P@;=ouEm_uB5;_T*57^!eV8P)}JzonE1GiPGK8woRj?BM&y zzlVFE3#0OIjGJ~?mkpnt6?XL>vJhNU&f(KgB#1udw(PLr4#)-pYsH4Om+)vi8ILwT zd5^T$5KduYo+KOfQH>qYm2D@Fr>2>ag5cWBNKFGbV zW%S!*i4fyRkmuiS1b(c|53id{6C8esQjQh`c9|ZwqLK=DHZf{tq zfnvE%tulT|be8dYo&Dk>&;b%L%q~?TUDPB_H*X1BjC!5F3!;>a_HrfDb*eoB*l-`H zlO25)i@=rV7jOlWh55Wd@@of)8>558a+Q|Kh6m5`pw*67_Fh-H!Bx(@PXM7>f}Hko zunv=8LZ)cd9%!2g9LM=vq%z6?U2xqe)q?av048VFaCz`VY}a+i1e;;p%8D+Hi;A;_ z#8&Y!DPwwLSk9M6p*nv3^%PGVJo1Cah|%nrwCw7%!G4sMJs$YxLV4fs%gCQZt}LOA zy8Y;e^%AzGLTWT%>6BQFn~w;}jCTIc;J>cLtcj3WIHFH=waA8zkx<^jrd5?W z4VSp@VEd&X&@kzRFv0$`hFh(yO{}R8T}TH}84(FVb;-{yn+r`N9Lt1D7_SJ>-rb)7 zQKP-*rpa0*b+;D>%>h$ehTzBE}0i;Oo~{fD@Nc zkYRiqxn}dY`ZCY=UCxX+1ltSyZ(^WzA()r{>N0IjY*6VLC7f?JE8Bhz#rwH}oFR@9 z5@@>0*Q~7!TDf;97|%jOubk#wILl=(dkDLHGy>WUGL*`rlj2#xt6-;OD$yS4KsNWpNw>*&i|hu1oavBMI5({XXqME+r67^uVUK)56wwDe z=aG|T=Eq-+V~B*W@xFP**S0JBC^0iYzA$vAYF)}PMm&u8$k;=OV~L^l8r zo;Fw=4}BN8cF?z|Z=}~FA}@6TCSFs>I4Z{}Kp&p0%nN+OM_3}g>`&_%3@(BXMV*6 z61NNAXV8f7Uv)`I*kZrofrcjWMJ7-@B|4?nj&GxSN=;MsB-&*>>l_NKNB-TfxD-^J zH?BLt@1up+ys=a}9|L4J)w1sn=3-5i-rXO1G6(=yd*GL-oJZ~h`55}N4Mg=CRyCfP zvN()unA#|;V>-kym6-{KtR#-o70Cua z*ot7?o+^Az!!B32sZ`;nRG~2>&BA_?71c9JTsU(boY^%yFYba=b^~M4;F$wMknFh4 zO!(~+*ktnB4(dk2E+KeR?N#VB<2+d$ z0SQ3NBk|e6p5D{G&68H!=t3{V+kPk#+hA{&s5!Jx>`3hYPluwib0%+Zi4ZHxUVj7r zSqyl?|75_A$AIx!(tsb_e84~S0lS>UiO%f$81U1*27F2k_;=+2V_~TQ%M}I)j|IHh zW2~?%J&sIhffv6h7FVM($r>zEPKj}FET8l0g+T1GJp@A&F6@TE{$U|3XWBHwtP{UnM_?!a~CQe__?n|)L2PbRo z-Um1tfWl6Azc1VVobu*QkN1;M-k+W$>;7aIJep)BQC?>kQ?ABF_bE!wmk&_S4U#kL zl9AA3qiE-V3JZJ}dye%qP(mg9edIK!T~>T8C-Zq+DA{BbL3Zp$a{U98J?Mm_pdmm8 z4jA!#bzjIjeYRj7?RdlTS5Kvr(Ew`q5j9xIZqu12UdFhcB_US|oL9uKChl&Bb{5}& zzx7ntA)FkSW{fX~CMUVTFKMgU8><~k$ohGn)er~XQbqL%udi-konP??WQ5hGYI4SR zT?WHD;z8MwfFh}W`kWIwaQrD10WmIi3S{joC%t0e3d`j*958d68Txx7Ua3qznFx&t zG~zy3+Qo-B7c@(M#f+*wgE((^vEG^r6;}fgm+8gFP#U-(#FROnp!67JR|{{X5NVa# zHK{+?_Z)edwoh6@yJ#TUYD?E^$Z|?PT4jS=D5lxd9&^|UBwjQ%LNBnCdf)?ySlsxgmRK-jQQ0$Mh)@#Sh=UMt`_UHqImab72to=L2pl%CZ$tXcx=PSRH1Mk_1x!#!Zk?P> z^?o>9FqN$zr!Xk_&{;+osZ%((fSbSUz z32isom7~5m`Q>K#y7qLjsrhJi_gr8cw zr0Dsacw`|PQx@p81i~W;mSxB=nybazWr{DkFW)0VH79Z9^^wAw*VjwBrc^U@R{%zF zHS9my-m~2H9RDizq(_Q$36MJB(EJ*x!KX+(RH(PGSds!v2rkpuJp?8x+-i$>xf5*7 z@tohK(>SG{Ae z;mUd*F4)!L!FUR?IWQ?qO-B#jJ zw58nA!jQnl!%RG1pY*5?DR&LP2|J9;^ZH=eskC7KyWMW#NOc28Dn2!oFG8mZ;F(X3 zOZ#m2&KgL5c@--0#GZH{J^8qpY$8#bYwT-nIw2NLTD538WJ8j5?Vfq{X)i zP+?lS%fzV#@Jztr3e2ClCTm}lO<5x#lgr#uNFty}i^#s~AdqEn!xOx6wEO{{a`VwB zx)EyLdGeoRmNTOvR^^+A5-D;8y|$-tqO1T4;ap%Sk-`$<%k^J?`VnIkJ}Vrqgava% zNjSp!4$Li5%xo6pHtR?4OJ%uA&$y7q?<;ptNs9kfV!ZLzl}-Ny{!igh=m%Z4^FnRmBmC0}R=p?jnF* zM1~ISnQNV{L_e8~i!-~cnQaBrT|JIM_caLG;!xU6>dspB3BO$X-Y_$(!r4Q%Xu@Yu zN$>y-6fa^1?r`uCyApwahTYBgfoMk=^F*u=WeQilgOW#7@2WUR%u)O=XEx1KJDHd= zNJ|vVFA%g%L>231X9LS}I{}wQtrkh3NyQr*w_3PCxM6qYVq7<)L(?YY(jNH6XTgbzr zQAV#4t{dg+%q0lOtb_g-|71S?NtN_lOh&pbs*I$FL5luwy{n{*eDcM82pz3!DTpTt z$Vo&VX~^y6|ESp-<%G{fv@=)O;L!DXx@hrCX1;uTY9F|OHj+CoHZ4Q-5_y(ww%#6I z|NSorHyDG~Rp=T!DMD!_*{VT4t&Tx#?bX`aa2WPH8NOsiB&VN^+facM0~%c|>yjK% z(9LKFAvHG08Ako=-s`iG7$5>-^-)Ys(rvKJP(`(H6GW8L2sJ?4x^k+(7+2U|{RNpX zjj@Xz&)J(ab6=P=*(Hnf11crrv?zH*q#EtnafC~;(+DRFQuwg!x4;NUxbg>08a)eP z*Cb1P_g3WhJ}TD=LIjbIyqU59n2vXUBd7Z%L25hs|2oq?-|;7YjB zp>R`PC4!O?87qR4zLQl0kqA{=V4+BfOS!o~v^K`_Dx*N1d^`(}GdAP_m5czmhQ?~_ zeMw;Kb9M?E8G0g{{2?K1qw=iUo{NTlz)mY1+7(fIATajz>&K{nND&K z$6y%kOxitA3~r`t2Yl0UG>684-P(lHbtM4O3)u%tWk|>?{LIGM%?HyU7viu?lZRrh z-9oe)(1Z1nr$i%MBplLiRDJ-+2+wLk)$IZE1dXOWBN7F)sh@fxD{Mx=%qA7cC))0| zY-4$iquj7y3xcZ#EL{#HnUe?+oXT^Y%1vj}ysU~-EEH2b8U=y+Vz(+}g}v8nl&fQu z?{gFZFmfUGe@Q^ab(EYjq>pj_0BE&Hiue%?{y_}_l%uUQ>(`>a<1}lsTDND@!JF|6 z6-E7c#@X2?97aX`oTwJpsW*FXKw*R+X;cw@^!U}v7&|7D(M+wqagf07zo{OPG~}xl z{_gv6!jg;9i;nGLj^6^+W@`C)i_@O39&r$Q4rXy-Z@TaA?-hDh8#6s70}+L0>ir44 zFKF!v`+-MH&l<>^Ob#W5dl|F`Bntznh59>i3XCGoSFl$J{#s1maZ8v*i#?y`e(>NM zfK`LLC=-cT6g;#VEyO_HP!K54Su{eZ*kWe^7pQEXSR4cGddRl&GL3OBtx-009Z=d` zkuqS9TkYV4HQ(HQMP`8_c4}5UN>cxZR+o=Xgan5wYNG&58^6M@ z8Pb~j18pnONf|PD^q*bO#&#V7>kv1E{dV|td3R}NcvJ}tmYhr4%i^i}Dr<}?-Fn0y zVCxmwL;BQk(AL=t4%65JxrIQJoy>IUi} zAFW@b$t#(FShpZwrE7~Zc5(@jZs5+=n_M7tDxp6#3Uqo;E20=@I;Rk))fKS8+KuVh zwGcIlF>t6lqBrr4C2gFg4R&ysS3Z@b29m>_e!C7pfTR{=YHOL3eWuwDu!GT=P2wk8 zqxwJw3^3A~F&xF&2O+gqEE#%Tap@Rtq4RZ@ir;k4AQVN~M=yX8em&ThjWBKFXf z{78gcZ$DRzU$IRD`3%+8l=h993{n61J&tQMmysP!6>w{fv|)L50Q&0i4O|NnDBe#^ zWe;YN4ncX5Py)oD1M>zY5=E2fw}eKthftE%L*$U*dDN3ot+@CCt8=!)`H~^Rohv-~ zGXyS|8$c34c4$X7j=ZyzvT@G2_(?`VOwA(P3SXS_Vt^;hEI|@YQ-IkWv;g|($sVl? zBCGYB=CRH+6GdsBh8)nNt8*`QXF)Gz*~9Ktb$e?A(v)t9Dv8bRs<> z6VopAY;qOKM~*Ne=v*>#!|4=VWRx!)-Pu7~*&W=O$}v>h(McY2a|gZ&rChQTe*5*d zGRC0xO;;1q=Iu+hW8e}I(@||o_uOLN!}X96)OC9A!0V?=@qlzDOLm^~;wixnOQTyK zqmw=XzPS!jHioF?M%a!1!tQxvr_$KD-WY)uZsl416j_eF>bhf_?nekGLhmmOIs4cW zSc|sd6PlgMYwh-3Ts7Y4h2ww`YFw@0wk|{gOSC}~?Z4*o0ZDsz8E7D`ln52}0)^rx zjx8PqU$5A+lxWrMTqA$90EmYKddKEa3`h7}Aw{*Ff+Hu#j1BFj_vzxD4sfJ&fg4Rd zRnS?n(bh9KMkJbIQ`$N5YDcg*utMdtWz6CJ!4>&LouU zWm}38spV1J!%eXhxazC1S4OHS?bB5Ym~f(=n<%r_Mh5$U$V=wnI7i`HUAangTAE#$ z<7u9D8cxJG@=7hMZ3*?@jc3RE4Mq_EpW_@6Ba8^0gOT47@7@OfE1>5rT3jST4UJYi z6-c;%kYinc%iE|=FbgTJh+z`Y|K^YEc@EUTUHAFLKsgo0a_sCKnoubm8^;cy0b zMSzejAn`;k+=7f2BaeGuHrtV$AG9INrYWZD9C{+}0!sTXQjc*jjkVK|UG!IrMd!#h zduPoNB0`u1!5lnMe+_+Aw4Dd)R#s|N*^*Up>Wn<9^Ac2XEKbI~*fFmwb9y8aX2fwf z>8MQ(VjVzZqptNLc)OpyMWdM(aaP#x_{9T1;X+Bm1Fzzk_PPVS(egta=6+SmwUx?&;vT{k#?ia}_;%J-#JzH~?z zYaCIewZKh4mZ_?xDJ}zXvcaf{P`N4)6IGL<%B%@dxVTJcVnjNu)Y*$*1yDNX8<=_M z0Hc=R;`){~%~n8;CTK076!ojd&{@$Crutgm>H7temo9Q`TQ_UdfsB1(mwg3t$k{yf zI1W;l>uH28N<8=y5I%zN@*GS~Ua3o*f~_7zw{>>KZrHd8PIkVsyvpFk)y%wqV!Tg$ z0fCPmP8`_9mtNlF`z9a7VaO_tS?wHt%6@VN$k57(xHdzdH6Ae z)@q9P0)3TYc^FV1;%arL6k|r%++;%)1~PPnP^aF zA|0y3tW45JCR2AFYx~!w=nRvzUBdmH4wtdCql)$~)QdQ!GX#}Ru5s8vvb|uKf5$1| zl5ea7)unE~Xu~(8q%YV5cto^Lsa*gbwxO`u)d$U}J&&yld zqrB|RoxdSWpc%_X!UKrXXtZuyUfYhM8*WDAgVSqzD6QE&8#ztN@B$B9*Dl%=7u7Br z3J}bArXP%dFKt%dYiE~)EqXaZDerXl8|(q@b2RZcS$=fdMQ>w2U$OG_jr<6BDQ>S_ z+yIJ_ak<4#fnY>)gn8Q5T>TQ8Q^3#b4q*`^fQ@#r6i}(LG-mIQxrv^Oy)jmnPjnie z(q55lrbh#ddN(j5O(j`lw1N%6KVBg)W-VbPh3l_yDSIG_Mx|6FAvH~z8M-&` zs(?iVw39F&j4zmzA&|(vfat7TgRm4M1Z-)I$=T(5IyR|FKg&jCFfvkQ9sa$LDW|!> zsoP1Nf67-0x=!7eC(=6%M};^@xA4>bw5O|B^mgO);oot==c*92)b8SYgo7NoGrdhm zgA}gxcUR19kX;^gD_ILOeFCgeg_$FRd|!_XiV(sA`||oiL!FgmLKvw_mz-~VqPZ$u zZgfB>+P85>l7v%bFW`+-Ttw+Mc2amQIcOQ}>U-UHsXvfA+1rMrfNq*mL)c@N_^@dC zJl@h=ze#|#b?&huoEK_uHl$50)A}m}#_$+2B^G+Z;PSSZGaTvK1QHTDs8yCQ#27~u z0ablKYlj1Ov2=Y<$?d0n6uMkTOz3JRUsZp71CV?0w{}J@#1&dWc>|po)jqndg^Do5 z{3K6%h)|y-`gK1~q>E-gz++M8X6RdI*8_ZU*eBVJb(}W6=60P(WgU`tAf@?NDxL5R z?pry@qmr2n3FKr^*dc4fiO2nR{D@C@ndIG0)@UR}|Y9?+!`= z$jN5Qn9^+5K;}&3EA7xw?ne2`sWo!}qY9hX0;UIR+!GqlOn|yv&?x&tKZli{Z;S6> z(nXsbVP5XGf$l&rUc+kN&FhYo(s@M+tf@|=F_#Q3 z?bvXwUM$@R|5Ptwugr|G^2M=Fe*viLoRI6C4r16ZHswo`V>oIxfUKqQB@&DwGNbu` zgem&8e?u#xPfo1aQ4Ts72uPK&Y^o{1$52s0=k%u21(H)R*L2Il`7bn_Tpo18|)sE^1tBt zTj5uo-;J^e&~*Vohf!iQU&W?vwpWPKKq-vbj*B1-PN0Svksq8`9#1_u6#M+|ox{Un zk)gHR;*AXYB{`>s>^@_-28R1{vo|l+%lDhSXyKBD%ev3=v5aiSlGpPpy|y--IYtam#@%!HekS_g)5fszhbZXOP4K-hqN$x z@!}n4@T)p{-FrZme~Io_&R?29&?iX!p`+cKLzJ_gc7Y*~{}RFMZrBbYKO$j}t@OQ1%30ya*{?4_?rNh*^%Vn^4`9648ce-^qdO z81;#sV35>UafLP<)2hS@3%Z{pWNBxyu+iVV?;yqCqmP1J!bLDF-E&bC>?ZDt^OK+p zyhXc`3J9vV@ubPF^>CG(8oVaKfwX&h-)^9mHj;XmjG}`lmLOhi4W=way)`i|BQBAA!MH z3Ww@u zHJ?#g>0#+@sNmuP-rcruJAZ?m+CiJLHeR>S#P3=0i&MG^;U9?x zlYSMpbjBg#OYI(5RWgD-2AB(kScAPDEFH~r0}d&h^!%oouvAd;>5VG<0`7z4TKZcOHGRxdjtU6 zR6K`~>#UKrBwO%dGnpcuOdQ+La1@a2Wcm|3L!x@C3~{-+#J_JUmJ^89O7A+EuWX&F z;+Za>t7{I8VQA^8aR;|6ZXbSBHD3c#qpnq#qnvk*T14y8rL1uvYU4@2Ebz22v|(8C zfX7l9cxVD4vbHIm!ut8Ui4(;K&w)MKI*Dm1hx^>iJB91iaFZN2hbQFCCC zn|4Qr^S;rO)1Sv&h)4e=g!m3pMxt{pA&*k+e1|Fn zSi2}v2`e_qAioz{90%phkw?f?YbPQA4kf6jZ1iCHt*rXdl73q0+FoG<=!j4UFx>wh zP~JL10I0qLbu!)~z9RbDjV&RB7dkhCSMY@gY}c~3LG0Wa8DwK;K?8dKQfi$1yr&_K zRi#cpsPN&xLf&)|Jk=qn9DSudl{9&0GevH+JF=;q{t$F#Nh2;KK!9cxoC?t)&7=b^ zTV$peVs*IkNv@UFU7*mXkV@QuZr}!VT+4S|ChEH|t<`SfnIt~UTIrae&86Qra)+t6 zZ=xi#n|K4`<60`9&Els3PUtj@?`WJ0A>LM$8>ud&<>E#8HVn3Vd2tIZKM<|8OL@DM zv}#-nAP#EtUPZ|kL^Ot4ag(IX|0;5beVSZCmZ~(g2BqoCnR;OfD%sAeOrN zzm$T^`|pKSCvS#TFHk?Q=?c0V>VpyJn(a#L#Ob>gV>L|Is){>%s0Q-bIfj8g>vWoN zD#?@zIFA(UMU>wp)6pjo!EPCiRjXa^qhnYC6H-Sgd1_tNIE3G#XM16H0Wy-^2fV`} zaUePrK08qjy8dU(qs||P3HoHV2>mvyRF?E6JS!vDVK%ih(f*R-5qikYjFWsPIzy2{;RIaRh|wXM zNib_@hyCz(Q}M{s0G=%m;4~k=nxN5-_8I_>d;rgu2Jk(>oDe)z8$w7W0sVd!AilRi zJ?!B_Kvg@3M#ZRfaNZpG}wkJtgUvTSXAbwUSqz|=W%1NvYV=;46&P4SQ0)i zXN+aeeO5li+ZkdS(uT?*{e+kM4C#g#(sev(v|AZcjOX%RegE9Yb6KylUr+`mQ(0*^ zH!+;@Jru(Uv2O!dBV zSU~K26_$qh^Zp_B<1)k^tQ^uhUhXrbM`B3l@TAcmFG1|Pz54!*kLR>rWzRaq&QMut zILOJpAr@z|vkoEdi-U}eon-)>#Jhb)^K^{nRGu{2^QF;zvscfXyyp{p_57Qv!j1^N zJ8n`C^T6y=%0T#CWw%Fc-tF(B+he`k*Gt_-8bhbtp!<6cgq~hQ`I8UjuwFxXr7sWy zZH_)99T)ykIhc1j6!n3@J29A5KA2S|92S>V%`&9lt15T|cJ4>FLQU>x^ISrk)rDbA zVTumpsa*PQ32^B43Tr!cUcLH+6mrx3vj1ax>+9Z+JJE?CQ9F zJ7%J>up4wB%W1_=HlLKN{9Ek`%^@uG^m@JCtwrpS1$d*~tz)5GDN8N1vgQQhs$R3c z$tqSkhH&k{?l@Mk+bTzJ;pQW_%SZ6T4;cZyKB8l+>FqM8@3s=C2XhmiW#mPk1R!vC z>;H6rw`KrK-~4pX;r=7Sq{>M*o$b%_3B}p|R+JFD zQAc(|9R;z|R7_X;M)Fhkg*83k*c>-pn9g5*?5-c6F3glkA$DHu{uxzvzp;Q~#mP*C ztv0MDS2qF7g!wP}G9@mFvq<0V{0h$z9**Y8Q2T>#=lra%ZM{~IFA>m9l?WbmcsstdC()jfp50AcwX-Ek1TMR%bi1Q*IosJe}Mk# z%n!uykDA&BS4|5~lFE)NW~9v>GiuY<*^cg~^hNhy0?47Wy^T`GJ^&OZ zF%bO)M)6TqJggs3$5s=h+ZYny93>@Y8O{kD0&h?_w0gh#dK};RdM+>O)}qLPd#ry7 z^CJp~4wqwrW*r$!q-Pj{vIqO|K=EIFJ+VfGfhcj2dn(W%QGxS$&R%+eCnN15M{w;S z)hr|QkE(NejgYG-4^V4ug%6R_5m(cYt+Ty|b@$?=d-?Erz6V zm)BUAXrk3)^vTHdQKr>i>YJj!R?{l=*KD9p(CRn7-iKDNWjGKa@=}*j0sw?^^+q3R zBCnTK05)~@Q=WqoKjFzpyQ_o}s#!*f+bU54S1Ab}SAD%JKUMrJ`bZZBKS-TuP$ajn zj?>^(U-u&jtmxk8@dBz1vq!P-B&-U{HQXMqmcarra{!e;8Q$4m`3WkkLaVLU@LZwv zB&{|3^L)6O{mRFKVuTYsZMluY5LVV-j;n}ex{81!t2wSBYPR-Uh&xY5s)I#^O7bj* zEGVJXOOsGZUcjr@rWv1@W{d_Rce8(nYK;37p0wESa#lio7>%1JLK@q|d|K_;G#7%z zyvAE7EK!Gbi2GDjfxvs6>v5lD>=)#R4fM#rZ)WUKJ^aQ8UaEnJa7i_<- zUUL-TgUn~aES@+Bzwpw8#cptOIjBI1PP=qWXEWkrjQT^scEt?l@siItB{4rsd zeJBt5!X)uvT?NTV;D3bYY^ig2GT0t3UG=MG&Tk7wAjqUlf!2jcdQRTKn)KQPx~9qZdWVbgCmpT-G1Z?&gNgVE0Jt;HH`-}Bi$%`G{D;)m4S z&*+WPA^)UeuEpYj(!<5U8g8=umYb}LxIc2g!K~$dy0O#~;>U&fzt!49G~8rA^iCcp z>p;5sp`bO%4KwKQ{!)h$N$tlDepn~A_c$d&LD_qhbD1KlA_EAC1GV^5B2KpLhxBEPAVjv@lj;ldk$M?K^1K->17U~E~5`EM_uknG35Z+!S4SBO& zTY`rV`}ewO_hdYKB< zqtu+a9Ck*<&`WaIV^kQGA7*teD!|FiMS>2o{avBHFs^;)uU1;(EH@(5$eN;AlQO*VTQM26wxbLV5x z_qKQ zC35yp5PeUnv(4meJW8^TY&>@?=%1AwsNN#erC+}frzYhx0GDxt5~YOgy~0wutvOy; zB6eRx;ayPpN^Ga`OUG#fOPE}HD90@PB2fVhA0Uw=c?jb@87p%M#hh43{4i`K|r z;ztZ_5ExF%4D~mHRK4wzR5E`9@$5h%o>H6x5U|rMEJXQ13>^tFZn&9oIqtsz-J*1^ z{{zMV3RbQKnVP;y*BVUB&cejz$pM`?bDRy6Y{L5(+Y&8F#7iYVQRdziKG-ANDjtB^ z+t{iZ0>BZ;QOrvU#KGj*mkLCjvoE&uS4;Dinym{x;drgfgsOU|CR-1xIg)++Kcku- z+p@dDsGH6GS202V>rq(<*Z=c`c;1R+rM~yv<$LcpcYlH2$tUobJa75Jxy$D79Yj(! z{o%X=S1erqRj&$P>)*N^i*YJr#ojN?bm}}Un(dmuWX0n2y~5<3Dq#ul#JrNuL(&tS z7jaJ(?2zpbqVr`kPi2Nfx703~)bo8allqk_mM@vRpX}@50L!}<-!3wcsBoSyEB6J+nqQdEkA6OCOX$ zfo&DE297Zleu1|xk}5#T$3Mqd9JpGs|BH5I!@(I9y+3el-D;T zwBQXD74322r>H)j-ndHwN@CD*4}}!N&z$)&d3gVS4XBzZ1Z)x0m>@kM7jsseC|-sZ z7nNBxcz!zkMwkv?Q7SXl()U5QU(vpO+x_+^ctL#D<}0SfD5X~N<%4}HmKg)mzw)49 zVhrk?0R=@RXiZU6>4XU=l?lylQ79JEeD zDy{M)3I*G!Hr?=>nVnzNUQJ+sOrE3{8*b;(uH*orGzQOlt(6Dcd+?loCMC|8ZDrC4bTi$q%6Hg zM%=Hi+rR^}r)oAa+2c{10A6oVw&>9!4+XIkm4S8}SQ_w4Aqf>EMh7^se4MAEC76UC zq7?WJ*htqBkUusb@<2SXe0hj_#-X*8uVZhSxhtD>9qSoO@d`i$f%;5D6e%Xc>oLps za8-7w!NU*3(7&2&b8+t#ITj)k$>&p;-u5X}GVd)UM?7;lI zWtRVs611UkS-(8^S5^Il8OmKJ2j{rdseyMV`()iyA;4xW&lnBT;+V&*u z32`vDr#5~FVpN3UTLc2y(=h952+?VKt0kyz!JZu+wD&Z!q{LKz%NAFq?|3E2RO!L9 z!@*FAUIe%8P_SN4ysMD#BN{oZ5+A)swjGMCHjZCapCM@kQ)w8k7K{PgUAE5(&hQo48oMqIRkXn!Y0=DV!NT zHv~O}wiQ-qJMvLIOMf(ZUOj9Pnqvtq@hb4Q?PX{ha6i#ci3#v84XA{?Vps&|e-C3F zO@`P2{%`qJhW@X+1pTwx(qcU2i?QA%LDuF;|9K|DT%#BSq*%eA`G8`Tftw)fa3*S$ zpu1SmmDqQK9L^+aMh=${+4O+O4Gp4l^@`(13F+=lqk=~#65^i6 zbN8yEojC=ZNUsFo%W!+EnW$1JUm78%B*e=|^u%~)FoqFrTYwExg$&-qiLPYj);%)z zXsi3#x9Ks+K*D9k>lw*D$FoIR7P;@`3hCVbF}#Od4Gn@{?w%IJERmN=H(E@O%B7cp zg^`|z;(4B)4k0Op=aSVLBF`L(VJ0E?^1G|g@2%r^NLD=Gug`B~y;DF1mok9u2^qJ2 z#Np>Fmq$1a)YE3AH9HI6nd;*8JR56I5xL9J7$~eqCncfk$$fldQ}R8c zg{us5_UmqKw`w~Z4NZh$Bg_VwB#}b|mpgrU=SpJ)qy85Vns- zM|RTU82e2{&u65bpDFeH-Ez-&rk*$a**$ZWQ?&nZ5m{lvQwYbRO;uP!5SJ|jn1tIx zSbdJoEhYTOXv9Kj;Ew%ip3q6< z96(o%LOvn{|2$AU$6OHv`_q=PQW4Z=Gfym}=K5P8Pt~}gVA(i3dnCAA18L*-U(cvK z4&5zpT*ucsld*cio(ShSWm9C&3;8|Jg}#uk2QGI!wy;h7v{%_srJr1RrV^?3&~VxX z&S>Zb(t2>g&ZPAQdqS4SUUruMe%yZxO+@_cY=x)ieY-bwtC1L{OYA}yx1NfQ(;x15 z(ws&*;x@N0r5E~>7+si|&F~jeSeh(SzN$!4gboh{J8f&%=K>6t=hb;oa+O06j~}H6 z-Y=`AV_404f2Ndy+bWVb_B!@rED8Ay?*Kb8yN2^9aoGmhiLpE{_Ff*a?}SmB{-q8R zXJO+PW~0}HlKKSHFj_i%s*@2>NV=g{!Qr&d&Si)!D=xF7MPe2OyL&4K)aS@Z7{MBQ ztrXLO>^hy#iOpkQ7O^oqe=BW-G4{G6h>Ez!9xeJor2e`2DfpPtC3z2tT=9e$p}xdc z1O)&M!GZ)KZFJdeRyAZ>_)lK-PjDiB6OE+7F4N_{Bn-fDjWgRjVYVFM#r;|Q?{8LV&|s&Bk)h}n zsNBTv)g^vqdsLNy;s`>aYR?p;#}Vv)>PK{#5>qY6Kqq18xqC4nmAPZ+{|HO(FJb8f zLX#bYOf$$X%209@?TShaL*ls={?lgHbqB4x)3NPV2Y3ii7bA*?)LKII)dPE>`Xe4y zF7W$`GRdi%MeDZ{;;7Cxq}G4-A+2i}#!t>hFOuA6_bb|v*85Myj)tsl!4Es#*Z#LI z1dp-rxDYDc|Fd3FYo~=$i`OYhz?LwU%~aU>_OdM2SI~vZvL36TuflNN2gM!bzX>vL zM$G&`DpJK0KQoI3IhljW+dC*Zp>mE38DZC*;vI#SXOO*#jYs+^0+@bM$LuKfipQiE z0X(w;-*5LhU(0+N2%4v*_*l3t;^{PzEz0d)gWaDH7sDw>+xtqtFZSQ}meANYz$Ln* z5>T)<5-RpjPjCCn>FK2rGE9k?f%gBopoYVbIQpJ`}Uhcig+kL94^q zvn9OFoT56~otC5B#SZodauNR`|M?)RFh%F2)#OfV?{PrA&aMjX$*rg$h31=8(l@#5 z>YfdWOQM6mg%tsy)eq-R(!{w#xV;o~c`1j#{wZE;h`)%~aa1E2YEyqiP8`kNgI(I= z10Z7H&%525{0QaBWXZ^+rY3-b3m7+GK8H|oC$snbi$nql<{c-)P^Zk2XSQ|;TWYqS zJ2~0ZNuipN5kNZz^K10d^hOpi)iOffAq*n>aNc(wt5QYPb2cBkAhuScZ!kBeyxtG| zrvUV%)Jdn^=jx;$DA>14PkI0~T|A#2e5>z+7ZGW6I3}Y95!>KR9wuv@mQ&0}?E2R( z^~`YJdXag!+ZJjx?mV7c>FNV^%{lbJ;@f}eWjCdgl5KmWdK$3d5d}@At5sMv=_Ay4 z5qq;e`^P8>o=7+PsU1!Dv#mJ2)skW`+un37Jxo?n@czs`Et2wg8dF#r>yvc!M30!9 zZBJs}2z^iBkzpiM%P;I%C%qA#W0i}8v}{sxa1q{4@U76h6gu47@`@X!0@2LGA>7u0 zV7Dv@4PbYj9nNdqJNUA5y&|P9gPA>hx9S?i%YWrpi)Uud+N3!s&emB7C3;%7F~Hg1 zm?Mj5Eg=?RoYHff1>m@&-9b=Z>3*(}_C38Qivt}b0sw^h3rlD$@2R-2ux;lM7ikdx zQpIdjz&1qx!hG&Urs_}*QIF22GVCTf6{$5LMVk91H!*i9R?^!;xsC>>G4Lnh9k&Fu zUD_x#DkTf(t2XN<5hQXdAz;C7*Bv#Z`_+LyqNG$2b-yjdYp>qM1zAZ>$9pfU)2@}t z1lK%#A#Umxom#y*yKiBa6R%6Rz+|6)M1hHn=p38q82(owyCXKyj>Pwk{xpg7V1O;~NAyNmS@TVD zy$&rB7ipnqAv52+g)2w8^OJ7#J&-osQVTE|5gHj+qp7#&zDCQ6QVQU~Pa+)3rV4H3 zK&de{(D2sw6Yc=@V!9U6-Z>6gxy`O#=)>xDe6QP;u%zDBt&FqHeiC)GXl>+EVHJc6 z6Y$p);kt7R$xBx+1d8;28*k{!)3s1{fJc6OCyme5oT@V2WRTuszT4k0wk=iB3lh#! zORrKT2V{Cc)r5)cEG-AfB$8-@(U$WYPyhid*8G;utn67@p9bspX2y$xjwU4}j+`tE z2Qjd#B`_?~d9}RDWNInyo;)s(U8(wVH5O_ZXE1j!Q z{SH*P`vyDe5WOhO-X_f*upxlEY`9LcVK&D8)TK(U6zyr#$)J{^oH(p*i%Ng=O2XI# z=pIfDDN38Ch0_3Ll_kZp*3Ji{hz+4{aFZl(fJ$27{hZ-j?2zm3BkzP|Tosf!Nr6${0-FsSufDl9#!bjO~0Hj^c z%?hD|^7f9LAML&E_%+s!T#&;CI{MbgfXQ-@3keibp-m+vQ$toADj6W6OG~M# z0xX(n7t!jNC&Wl&J^bJ15VsuW(@}x8Y;<(CppE)v!G68X8SXr`qNF+c? z+D~A-MHAeOO~^j65113zUF6f?{Lgi@%V3I1+{O~^lofU?+V5n~mUuTh`|rYC3-((I zi*tCNp#H8$=jz&zMJUEWjw(C+kb+&rG{69dG|@uIG+_T!AaG8BdvHM$_4^Y9lz54F zNhd2r*JQr3tcw_kYt~>zJM*1ep9WU;J9O-u#+4g%(qfPKPR}_@sYNaN>jU!h{<8R?0HMf4qR>@R zh_Lz`ir7WUcSY99m7YnLlib5%k*C8hk>Zf?#*zX)nm`=&rg%cODK85f3AG#YHrD|m z`RwhBSl6lSYgNX{9x!m!x-J758GDn!=7Vo!aptgQIR1Q7o8>!SSEyXRyizfha?b}i+Q@z6*r2?UFv>r#OGgx?tRu41Lt7MGxv*A(}4 z;Yeee?*4JUV!Ky5YP?efu8#L0>KXr_7vXVdr;7}`j76j~}uwaT< zo6M%RbN6g?7xs{%JiBEbJVhL{;y%rdPVky-3A;|oZ=0sk$Ub};8WZ%t`*_L^z*a4B z{RiwjP+FJLaWx8gV)5>Fb~HF6p&h=HWKB*yf{Jx^^&#yXF736#COl;xb>-~T;nH=A z(hdQWcVMvr{Ym7=a@;t{af4QdFt52V8#KwwNC`_Pks!8#teS!Cc{}7K<>_DT z@|(7pDxq8*2%myQw|fXpa19LMUXG#v{_BBMs0B(0_I4Er7H1klt8jk_BYN@Rbk_uA zdHo10c=4u#3-}Wn#4wP7be}=irh#l(bj5=9P-dr#JLRU%hZWml;ogZG z78ED;8YLTbz$Ti_j%38r$LtZGFd(2BRJLYlOhfUDyv>;`g7dJ}?s>)u$j z79yW42{n4LYmo_8U!lW9ieV~J=7*e*tW{lX5hOTqFhWT&>Ar{0h*c=Yrt&=JB-z;M zenh*R;q6}vMjXJ;w(}SI_iw-#Fq2ZqFY5@?zcF%OD_NU}$Co#F&Rvgte?1I~CUQ|o z3oHIVvt6MZYe|CZ5pvcD0s(Xvh=dZH)lmk(U72j+v5Z}(kvMc{tk|LYnBCS0$FMvK zT{utea4*hN>fbXn3pcnHmRMKE1$PG>@JLLJ@nI`6o7(nU2{*nT>6lTN3j#K>vbD-) zHxLVS1sl=#R6%hefrFo5{&39}gG zJEDC|YaLiqP)jwT0x8F66D_&-ZQrvA|Ho0^9d_+h4jRW{7o-6+CN$P?(qh zi(s)i4b?_ zYU~Pax+ZjX^)xybhzSL^DVaQEwMyEwi_WfDVH%7qKRgiqN5-LXF(6kSa53(n`*b?i zeUE#!DM~b&1|c3{G<;MEVF2Agd&Ag@F}g$?g2Fp#SCj;X?)Mi$P*41ZE)TAYd;&lk zk#66r>ZE;6_=Sng{BWsy#c4_xq;(#aq>5`adA=g%RzW22qx@;v=^ zBAP;vIPXkaw+VCyD^KbdrecI__ZqXo|Tvz^^8V1?b z99u<=73~)I*LwPd$)jIpX!0&=>C;NCVb9AXg?ayt>g}|bX@%Hyp zE4!;yp#qE21k-Dm@5BWzGImL1k?E?nbCC+BYz7!5ARVR2G}ExsThDWnFj$p*`Oh)UHGF@`8~J9%dYcLZS;kE)a5 z5GW&22@_Fl+FX-j`*b-eN7;|?pk)#cq#({(nyG#$UcH#_F0LZ`19{eb74~3|SSh2~ zg`kmiWHg|^9`B5_ZeCJw?ram?4u#AqZgnq0z-!~YMx)bJNPixOP+BHy$E;780^!(7 zITfP|y_a0phjBBspDUd%TggI89f1QsMoxttT-`2lV+(GGkjy2lB>_kqf>W=kR9Q0L z6Kw>LCQh3hCcFJq#pB%pf!Tk5MH{Tj&c?WwaL}NR#1sI!7OFsMpRb57#t#CO@;IL4 zw=X~ptpuFT1$N+Eg@`sbH+*V1p3!d!p+ewIAAOqpm4XThq*3-D=?SQ_^opcz$P-(?c5yK<^_&9l?4)d z^t(O1p;_p6XWl~ooUT39B+)H&hB{vpkcBuMmYWZ?cx8L8@XzdFCMO%w&>_Xem5w89 zQPIKNl70`TH0NP04hI*&A*Nqo)~qsJW%f>uXpv98Xh(gOa2o%K*B{B^* z9Y=nRSM2S9NFf{+IK*&X`AkJu(|y~xdP!PKX-Q*28n)0dT+#P4ovRNnvt?h+%B^y%QcuGH}6*iV^Pv=9Qa$8bwrlGy! z=@&W+WQ_{yz@065YV||pa(npb8v|-iAaDy~TEm5glG32u^6}4cjI6cAx_t$e1@Ojn zrvsGrid=GoIqjyM2$I&>Ju8F_Eq1xzNOw5m-i4uFqC!05y{ph`N-Tjn3(KVtmW~iroV1{iV7!*`H+(a{qoz->Gi1pZf2MLnzFgcO|SaZJZGPfIzCQIc~P zcx@fh)GiDiE13%QJ<`PC>0G9vD=kE9$r$>EP+ZaSZa#qCL)YDD4cuWXGCug=Z=rg> zgCER5Gaosg|Ku1Uh8boB@mHf3dDmy3S%Ap>%tCW`3L%`e3H;Bd>&(tyClkQR1yMAb zivL-d>eO9-IEd<_cxJ?X<6NRcMgjEjDvV$bOUcp-;=Yt_Y#<61;Fy#zL0CH%+?K!k@9kb@m@b!+{+Fi${pH z;3|zF_&7?clI~#buhAX2n@M1Br!^}IJ7_B@rD?sp0Wt|mAR%8pdwvd|SlvDdB?#r|U*7i|uMK4AQ_fUtLG zp!B_t(##wXaL1Qmu=q(}KsNduIOQj+^aPR0bqzuy>9uS31UT$&5_0FCLS}^UV~I%s zLmF(?9vXp=(G}k0hue}Zzhu)lu-ei2;#TFLlySnI{>g3rWRbjo(ZHYw9Xdo){n~n6 z4{Qj?B4OW5rjQ%SEzxFopoyyDjD~6m%&c-sH674hwY*@Ta~6s2t{%KY*AKGtw~EXe zPM!r#N8KmlCai?JXL0luYvZKR!P9sK6BWzG*d&EbV|!eFnP!l0_C&l9oUQOZtiVu)A&~{1qxY{=QbyKLqVPmP1Pp)V{=5cd#Vk zc5qV3R)e;+_P*osRM7an*pPa?7xtzNxr&Y0K(aF*a|w}8leoax*&JnD1xp_SnH)*`i_gA2_VkO+173xGKS!m1`z5dN-AB}nP{s}zU)Q;C>~!f zom>UkQuXx!pwaGe0Pu8zorGvU$fG7S*}VsIjVI&4OPPRLlPoHUh|q|_v2Lg>-x7kw zAYDZs3tb)~q=0Ma^#xgQ7$Fz? z0FaziJVk#*ta5$9GMbV6Dh}@tEN?nk-tY_F3b4EhJsWRtejQdj$d2M*<}^g` z-~oG1@Tg~&3gsKj_uN1&7V=?Xv0VU86!^~W(|76-TAU}ng%1V(t`x?&DogXkkTxeI zla%pVRD{}wDfVB?Quj$Lb)1jhrQdgBAPoOcKKvdZ{-1pK`d({CRQn{Dk0aM?G0mSY zbEa8qzdsc31noQ{S6gr7LkejKigD2aKG{}V=h8FPY84OxVLFJ;B_0^LFOfL24~Pi; zoQ6;-uL2)2xk?IgAq1+<9#S|D$a$Nc7X)iF3c=d4HV=bkx$j1q(|rsA@jT<%4yTVY zfp`Yvf$?@KC5kjH0&xo8oj^R#PbUzkCod9tee_2l*s%v}&c!ZU*41Sj8VWjNu~g%n zot4NvWIiYNzAZ}UkJ-eO(v`7L4bpinve|84@6t}OTj;+xO1=o=s6@$=(N4ya@Ad%_ zam@@U3qqAp^ab9=G(mTiSQ0hB2AyI{D7@qV35EAJ{)Jqy&c0L{LR^qJXhA2Ks!_{7FtL-ZGKxm=3fKDOKkaA>yFj}Ay%>Mi6@JLMbF>ST6TQ>Q(S zeUf(A9begOhdt65J8b>_X@`9)?J&upKgZp(-gJ@d%kM`S`w??@VN%QH%y?}d=qLng zkX#pruyFN5jS%P*HgdiFuF;oVyn;5g!%m0|zS#~-JorV9(YWwOKYtDnRuP2vDF;swzBs@K;L4k_~~10ZRBwz0&M?Vtj>-*Ks*@WDZ&bnx>?*K48&es zEN}sPicf4VpdlP#FE7pw#7=1D=`c5&>*dbB^@|?Tmj(Ox4eZ4U0+6mh>cg+!d6=#m zJ|*qcV%GzPdBVGklgNKqGwV}Zx*p$GbwUi?z49v{2K8OlGekOQ`Jp3?Ya!wyLPr3_ z73T;p*&|tvVIkI!jn+-fH55Uj;k0@q)1wDOW+k58q22zqoxggrFRIjfMXV7njiJBV z9kVg+FZ+iKb3(p~s!-;^IcgEldFiQ8j<{$(xLt-s+t@`8-++L~^nHRTmM)wm5_^zm zLNb zvzja<_wsMRy$Irvo2Z}+p!8o!cwV||pxbS{^os@VEY>AkmeF1`S4FuEPn#EYfj<>D z6}&y(%Rf)~(9Tlj7BAeFMXlrd14di0vAU9*udi^>Wi@w7-3DZnQ4F>VQoiSVm{<_p z8dagFs;;9-4=7$e7IrGAe4G6(*PB{o z;$Mxno&2yj&^Sx*d!TO3q4*7c?}1k<(j&tf$l4V<RnC&5S>iBvVfUg z`^>$d6uNJr+dUH9E}yDZxNky6bAf8rPGj7sGUrT7QncvW*&Bm`~EZR*AeCHkxc^4i zRM?q8k%l(V7!NUymo-l58~_i<{X@sP1~E^p6uI%m)j?!Jvdl9fO*U>&i=Qe}-Tl6XWBxS=@R<=0uZ(~PWPy@x>z;62ig4>EW)MA14}O8}E=rSS5&Fi)nT#0LT5o^c7b%hD zUjuz=v$uMOwxDGm9o`b6#|!(Ych10Zrws71Aty^Gl$Z-r%)i^Q|8|8#tG$Iqkv6ih zr<%i@KF6Y;(_AVo7K%bKtqOBZmo*xD^K?4y(uEUmO-?3JDDy8ll=~y%*6ovc=`|R= z>mFVND20xwH>?gdPPIx_Z_oB!Bdil(#LzM+QHBYd$1G4`^N6%IHQX)ufp1Ih1J=0% z%M)DF0qq+57G9q^Hp@sG%w}#avW)Sg5Xu!fyF9l@R2YMH>;t$uc4wFW#&WHfvr7#q zUpqw=*@LIhs7PRSaSjkdL1-X=cswptI?*aB?v`QCtD6LvpN4?&y;KK#5JO*?m;$$o zz?MaWJ>rHIo&0K_cU(lQNr*A0xK2S{uwMgA>;=rTwIf(2IXV+vV#-F^=9c#w-6WH^ z1S|k%f-<8XL?|zMBc?f_(eP!UG&cw^L>|>reJ&-u{(4}hs~%J)U4mt`oz&LpzklzJ zk~MaG8(aa)=ZOMaL}z-ji$+}Kq#jR((}L~9dP3OO-lE}A;Dwj9qxYhxsgnYHe8m@x zWVZr`+nuw7;ZH`cR#9v3`$_M6xUI)YNMkGi78QxBsV968&N~=4bdA_Q9(11Yvm-e) z@b?=OPgU3uJ-;@AcTb6pv$Q|HgUUeo+{nEv_$=J7v)^>}Y!HObptX8CKLi;Z&XmrN zD!s$X_$B#mBk+KdEC3q|{p?K(S#}ApM9tVj)^811dh_WgkeWRmZD+XPuqB59AK9^6B5EoBW_6|C z_S;<=Cuma<{9=$D2AkyM^R{SVg{z&!1zQ848tjJ9&nj?MMeqxyr!9-ViT1IRwuQ1t zTY&<)WO60Vs$GThL+ik;SDjrvpV6@t4{WKW_-74FfR0TFUzW~W0N9P~{mc3Nt&bMf z&f<00PAts}bG0=5V*S58T7^)@7d(_eMuE_)o9Vplha|m(7mz!a_vC)&?{%eP9_MW-U* z4kn&7(R^v-U?w zg4WuDRx;V9JAQEjA;!?wB|d{nn;zc9IAO3I_EpD^cZn*eW<-=BFrvfm1f)h4Jj@%_ zo%$j%h>nno1vb6Vs}v<$uczu-4Sx3f#JM9{857WqvWr zamy~7r`=X>zZjL&3KWRW@@`aVwM*uyf6DND`el0U+9I{ZxyN_`;KQ)q?D>(xdgSr57KNMZe~%E#_ac>Nxb)y8 z*24omIl?jh44o$O=uMp0dIxX$H9|#$y&l{khYRF3kxgeP@{eS;17$F-)z;Qg2rjLx zn?;+bD*y-^P|-ZK8hc` z;ULe9Xg^ZOf<^mx_67L~0dfey%fKyPwi}ap_>>p5rLE;Wk)I)xb zw!5Gelw5g;s01Zjnb>1>afyUs!4}>BS4$_t<2^!|*(Ss&-_kO29BT7aPv&-`LU!Rt zc!oW{H*CpnZmkf(%{H`RXssjZjea^1+hYlDBo11bOgS}w$=aK9c?diq;)fr9=^+lS z+DDHXaf;O+`aO;&rf!xDkIv+NYfD{xa*C2R%K7`-GF}@o%f){J-MXf5 zh!H6i*+4k>`U!?tSjA? z`OwymJp#L&QNTrA(5;5rj3bf+agaN*f8uYu{vuFN-Xd>6bt!piHC$u3S5yH;2+z#r zRA^^_p=lj|3YTcK>vXP9^De0s+w2DPbb64>(k!1N;tivbdP+j{&-bFW5Tb9~T0*q; zE`5Do#X9J&4f#jw)hBpHFmDa!Od-|VS~l;|b+cM#w0jY`66mXnQlxC#mUf<9v=kKdS)T*a!IVdykyPmy`x{bqWsmv#m-% z+(SxkI~oY~3p%EOfD@3@Nxe~nNxd`uN%SraBkF8nZ@tYHXe!p^&zlb|cF>|!F=;t4 zpR%s1X`9X9t}>LrnV|f73CbK91m!S}22s|194J@LG;pL0IJ<0GA;$FshJ`Cu+7Q7#*qu*32g9!Xr!Yt`=5?WpOaVFfW zm%cN;S2LDmER15VI?5|n0yykPsgv=)*T|&%nvMXD+$Fqd#(pE4KrO80KA0O}<29U( z4)$(>ez4kIdfR@1z=1&N49RXD6pZlB6@_3zKL_^1K{e$;pOy`u$Q!fVvyYQ~=@f71 zuA_-+yTI^;EXp+eucFcj^@WZZ2qiK-xJdF*(S8OWk&rf`gY!gAjJIQ;BXqSC>ZL@F z74C!=e>5!a71p3q00tK@F~o#uxxG^~rq*85QB$nt^f8?z=d0c)E6k(0HN1c+mkp67 zw%V0S#3kC`7Z3nl_8HvVK+2taG`YR`ufG)Poa4u`e3BhhB|Y(LG+sPstc=;wihhYD zaDNC79gaSGY+x-~5wSptGl;lwT0%rRrNOT-1dHo=HO|xYa`RYXdJw*sec@Vd9>#Rm zk1bzgNgg4>-Ir=slwZ7kY@vtXf4$$EfH_H(UByt`8;O2Yz)-4-M`;k9jz0B;g6sxX#-LhK&Dend{eN1XwLCpe^EHIwYCgsE7dnCbOcD-`rROZ7W zLC(j^d)7O@Ol9VoQm&cmJg>|Z1FHt$P9#;kCG^1U7yRBx3_bgkYKv@AUnM1}zrPH6-yN zrQ>&_(n!e%T?jXx9@lJFaY3PE1Ick%ugP|*y{ZmmI0-bc0n`4ELk5;%FEC+gDKFlF z?xp`PV8Z6Be{2n_5BKwnmLXX^2mi@_8N}aNthF;vExPtMVAA{69y+&R_cQmgjY^Se`OEmeLjm60Hnx|h7X_6RvN!E4^$QI0lw2j!`Ia`%FK~-2 zbajP8U)T>IDMQhus43Qb+G(V9@&oxA^MN343O@>YP5uc4ybeku^kppN?9u`Zw5GmQRkf7V~0PXT~v5_{g zgX5`$eMBG~q;Z>UhrT1maD*?QlpwT&&C*|9$4F&GgquJwn-%xwt{K_@XWqYaj$T>j zA;FYHj3Lkpb~;GYFAdm0=kvTkKyT7v(@19(!4HlOP85;lk1;w%fnyujtBN zo19a?mUJf|p*Y30P(cK`h-W178g94iDj1Oi(}`N5B>?2iu0=4_-I4g1zs_y9Kq6w+ z!CNEj*8DAb+cKv*KT?k{dGYAAKGkpPxB8ZLL;uyU`+(}<^i$FLEFa9({Z=1ox6^uI zPSJMlVerGJ%X5bi55w^#!(fkZ?s`%BOfDJ4nb=^(9q=MjiTL!%jS)dU5=_NWvEu0A zz7Z_Ytz+HGSz$NytcT($nGK$a6kCU|2{3UHU}-1G$$}MBxenbtD98;_&gT+&>qs1t zSB8VgExv#xk1ScQ)0MM}d8oAfbpqu{>pu@;qzL*MYZUTn#;u)D1DtmowODg@e2UT2^d9G=D~T)q8yxdqzi+WE@^n=gk}T4v`F zCyGH@^E!X8cUq$Ye&L_mNIe{PWH!`E9En;tbz{2*T!w4+Blu85d{gjEjFiva92&Bv zD*3kxSYY~n10swlN01>v1iRf9oeG-u4Iiz+llZ!Sdp6?#=I&j<gj9L?J*77~>n1G|AaWmSo8uT_VZGq_ksM7fZ1$DY_U#C?U2XB&FG$ZcYzROA^ve zQ<9RFcGHHFkd`zzk`PK0nv#U3bT{p$yE!dQ$v(8rY4`8{zH5E+%}4^;z56`-96ygW z^Ub%e?|Sd=yVjB}c11Lo*01CG60Jm%a08JVO74J?$g&`9kS%UjTc>yltl&FKzZQFw zjE}XKT}20M2?i)6lK!n~Cl)$@5z(fwMN7nCL=y4qIg7|CMysi9O@8Z;ZC8@xy^&_u zDZ1}r8e4;&K(IeFrz7=Rwy=w83)`jiA*dhsOd)n0TjN0P%EoV_jd(yDxpAq_SX=>NmQTZ1OLfL%s zPkN&OrdgD7=OzDH>=T~?CwxJ@IQVs*h7R7Vo~Pl$C1||zfrUN5j*Bc>vGn2M7Wrs> zV=M;@7MFXn>H_&{4MR1IC%_@eg5mEEwiFuCls|`dl;j@yU&DU+AHM7R<*yq57hIRC zYfvjQv(tyA9*#}F+~wiR7|xk{zR}$LR@FrcBft*|Bj2LJDAjY3!WgfUb%oqn6cvF=Q#nmc#}EXSkxi7V-o~@iZiF~J ziX+IAZg^=w=%x_lzJ5A4{mM}ml&9m37DNcOx0WCCcM?ach_Uav-mEgQ#!vqg1h(ujkv>b$qAq!^LLqkr36!v3mFK zOS^~RZ6ZmOL?F2d$QTWxPnTSRBM%NWLf3Ub>M{)Bd#kG5jn@5W);CEMiTURb#p=@9>_i&@xxyar-ni2no-Zw@nzz<%2_JZ3$n`uk zCTbD}utHmX^IW0vwopqtzqzZm$mqqs+PEkayV-n0@q9!~0r$H3^-x6g$kCMgz}B#r zm+7zcew+?EW{LaL7r6szeH9ltGS}B^K_FM>W5g2iE6&A+QoI5z*jij2P}0$-TEfQ2 z=vh1)#rFE4+8BFk#^}RaQ}3&^!J#?jIY87L9v{cxOmgr2|E0s@-`1D$3L*oKKJBRCSmrA_+9{3}^M z1-_0TcK8;>&QgAgjKd-8xtj<#ic=NGh5I;`l1eX~g;XNB9Ce4yJm%SZ9b5V3;ghnc zP5*?5A>{SRrJsT~v9&>Ff&QN9*Nwnfj15$8w$SZ@?uk{juqr`hS;2eQMD}A_k}my~ zGPmys=s!c0!c1{>P}^VDuqi=XKH-{|nubc{^a}0_>hs(kD=@%$q*rlhMj-E{&HiPn396c4#s{q9*;WBrY; zpw%0{f>v)Vt(H2vH^Nx^GaeCM)c;L3}RvO-q0QvT{&qO-@U$7xb^&!oAvC*s^4wTItCj@O~pk11liiR{=$R zDx9WIxgPW>v66k3M6|dhzw6VkslALMJA>)yo88TDcPqudmJN{SlL;s}n0zjWRiG0q zVz=@0mAYRqanP8w*)epij!r5PE+}<`W6gem3P932J&?ig=0UQWQ}!A;VUlX>WD-!; ziCEZx#>PxsaBM3+Eg2zIyF&-guou)1TeQr@U&Q$fRt6>oElJxx89D>L54D8l{dLYS;SlNEiN;@I z@bm#c(BG~T#WRgbtT-Yjafz@ar~$VJS|U3lhIYXl)0@;@`2^GdNA6ov^Y4X>bA{9Bv4uVM(9 zfX*unRuQb+@wp=}r}~881{&z_^wF7#$x+2kcuLJW=vJcaxJ+0>jyC*vqiF;` zOw|baYcJx^h!gz2id%$aW$W3^?#y$M3ob6|RGRfgJFM(qTiLZLoBd%Oj$t-<$edrr zu@q*uuT6fAiCyFwL-yit%u&29`Gx!*)ByYG`}Wh?gZalK9i4B7y#pm{YE&)0dW z{I+U?c`RCyDtYQ4pgK^rb#CiApq(W5@|VYHeJ8y?FRj+UJyT3N(RHL)NGo~`M*o%~ zw=OhXPNJ%QvG3vc{QH$mr3o6=aAk8Ad8&e164dd=qg>483=hezGJW}QzN(lr)o^!lrqGv_&u-k*{OC{`q8F5f;D!ej2-D;_Dn z5n-*j#0nj*lH^5XI#8Y2(b~ zA*-lJ=KAEXT_5wg0w9J59=z{Zu3 zwOG{g`Wm55o`43}GLG@fAp~Zxy-ryahs{>x)4JzI5Bw6M;NaZ!2#;{j`Ng-arZzr{ zeye+^;_s7Un}TXO4=;C8^V?H=Egs6ti$pd#Xh1u?WH##f25oY{4A`)PTyz-WIk+z` zxBP1k89`;>a6!1{IhShPFfj4Wh%wn4e&ZXzX|uBIY}5pQEr9Y9CWfRQl8QhCmX43d zJ*BVZpmv7y-~Ls@dBb+xHw^X-JBu4G;dV1N1^ehWcX_|-5Z`N5LIVqJWg$B4ES z*IicJ0DQrm&6>fwt(?+e(r{bxyzR=nJ&#P}t^QjO`vj!d3kw~{aZ`1#(Z}nd583y0*gxBfe~Y|$q*lK1FH z3)O1kLOUUD@(%>C^@CyQ;pF{zA~yONDcam#iw*9DrsPV_basf08wdD*WvrT+E60!e z;WT-%h96a51a<)ZqWvhFXjSr$s8`w#dK-j-%K;+O&+MSIlQ~u=xAQv(h!z?zCpSRN z{V;9L5;Gb8`)E%0cdp(p?IpSEU21W4@XYBU|)!b+YMGJRGoZg*FMq zYt(?$KdLB0Lsvwdsmr1$t8bL8{$}4OE;ZHhF}e5$I%YM`>Pgybt(6nR^yNy5EWsIt z>jlzZBv_Onlfe(UYp>-OnPJ@NC!T2nR~dMq+Qku%v~8O!7AeRnE~L6yQ-7JuBS(ld zB5$tpnf%6&GblB;?hnL&2ToAIS{LJbE+}uc6EyfTX$`nyv%X_+4|L;r(5Cgb)E;(pa3Ky=bgx+h>U46yd6w57rX*b}SwO88lb_VQyFAV+o>bUS z9V)TsYZ(RQ(NE;R^hrEHWzjmL``k}+Um+_2*Ko_}M;B*97xNRSVBsC2o1G&?fxr(~a&=Gx z(QOfmIp7he#g)>!il1c!;HaydAfpqh4g(fu3HR0&SE#XwhDN_CZ$*U(V(K7>gv8|( zBL;)b9PV;i`~o$tY)%7CPm?6Pv{>A(zt!u}E!*NJ=svkf>O0Ac{_T&71t~Gwyt*d& z3+)Pm%=Z9ygWu05`Gn)NnAr7ul8d(_Z{Nb-AJ|5OUL09T?)v{V5_w*=Yw=%@sqVhq z-1yMk_|c&mcSXhr^QuKZA0SAbj^=>OI_~g7zPcSO_}6f>xnnW)%(+vo=}MexzG3Bb zbYyXLQIgO{3W7d`E|}=b8(_6?zp%NMCf zOs_>9Tshw5xSVa$W7ojByM*z zHX$x9*BB;RR(+TJIbA_B$11^6ffJNFXyN# zYKv}y`3J?f(}DFzhnaga%uQoa#yL#2^oyR!Kho57_)W502My`sHOoJjIo1toYR=! zv!^#;sUMRCE$F)EJS2x z0Y5L77ml$=tUcu}C5?1t@@o_GQMXV&BF3x1ch;gY(bW;EBx$GU^{OqLKaT`u2^S5q zCk*iu|H2`D#fJD{VS3#VQ9dJ8t{pG3yL3syw1G+m^?`bHAJW%i$DgEgaZFc9PFTFP zY$D*}vdAxi;F%$D60_g3!^d6c$j3h_!*KXD#G8i-gzQqup zqJj0fw>~tQ;9r^rrGhd0iSJ8gKQ;U~Y67ek`hmN$tEWxuHlMsX5Kjx(i2t3vS}RG_ zRl>g9MW~AsFimUiiIB%iB?jy?R-I4Yls734VJcN$VmW!M2vk3CRRJO;>KANfLO-^X z{vmF{NSk0wjigx6fjp;@O+^I?dW>?`GE%&cNC1~+oV#b^kZUFRLrr46HdxDsSerbX zBLyWWvp>C z6yBtWm;RpH*cD39jgH~=F>@yj)wGXBtmRDHQg}w?w|ygz^4sEaKQk?Tp_l%t*qJ%| zboz_*h)v9DaaT8}qt`3ZBo6(M5B;@q=!ar!+C~=}TW09Ugui184O8#e#9?wWx{P-t z_boNo%n(FO@f}(dxZ&%0foXM-+df)GBqJhhjrnG_e27PF?b%>=&lBbaT_yc(c$EB0 z*tzh?FHv^H75hD{)2;;mnp8hmPLugOiv*`Wcc(j=CA>+=vy^cmvKB9(KWxDZl!+t z!dnSlP|5-ka?YEN+bIM2He9(B4rX^sJ>#pEAxjJ29m;C(lru5|Hd`+NpnsUq*X2bS9daSZg@- z2QWbT*^oTwf|BKV8X*i;@q?k&KXdlnnH)LSUOaOLz~YD|@_hC%$(1C5UdBoWg{VrFvA~@@klRAX$EW<3ifr0)bZhP)Qnduv-8={fbD#=i!cc;FZy5g44Zi;8#h7neDawE zIe(2OCtubkTm5Qx@q(#M_5i}!XIXiiR_P%IZod)g@FM#AP5qIS_2S8s%;!vhZ8xOn zLh!LCfcm_Qx*M-a6|G`Wl%QTbsK?ou#6%)xe)PNim}bgKS86YVlYlCRPFqOE-L z5ov)CID4vC9tI1=ey#ycQeP=%zX$>i<~H&_{xHn#UqHwu1*VX{W9=8?)`<*j(j>wz>Aabkh)Mzer<*L*w>Fs z5B@mc-3nKHvM7Nm(;SGalpPIxyM^)=tAk_FJLVV9My)~nJ1w(Lv2!e z)|u4<$QxkdDsib5%O@AYLnw>?ie>ZjCrFDf=|bnc{FzNUd@z2)Ev4Z!ByZWXW%n?{ zO5WxtzvEsr79K+{{RW#=2xvok8|^pXMUKjf3{m$Jbk~sFP`Ds}63@k9<+0%zYSPX( z7QoZSIJI9W2{$M28L(19DAbiFhg9Q{HhOeLvm0VKe5ipcdM z=$ki^(d;cYocwUHh^=$75vhXTNMLJW|8~-E1lM>%WM{O{xHlQnti*6{OM%2}bS*PI z-%ih(8c$(uPoY2IID;qib5}a!`@@X?c!h?%AvtM{2?*Q_u#)ku&`A+1lfOR}rt)6y zug?5Hu^%-dB;czCU-X5BQ}46yYZ)!~sn}lzqfeH+%*mRJP43=e;{@0CC3o6kpwa^V zZv@b5ENAs>FD)`JB>&;qm_8v%d;B{^m+jln9uw7*QD-jz>Po?h{jB!aoXPs;H?J4g z8ox#x)=-E9>aPZIDaew%4oWTpQ-j*4->m@H-b>RzztE4c|m z3-w*l>@cXVf+y+QaK~W+o+f{r`xM$B%er!pN<;Oq`S-nB#jZkU_$_4taIbapSE-~B zmHh|tx`YE(?K@NjRyQPHXA;zYEH`%Y!<_Y>{6zjFhrO9pLLp^d9{&BQ{D+}14u#&# zd+VbM3PwUL6#Nm)F{P_W#{zSPon#olvzey z;r#Y@m!sI-#caWNd&pM?gC={_cvx z#iaeotoW?sEY}>Z;2c_Vb#%S6HL071q!N%A#w^ei&UlZ$n3hP}`Q(%ABKiuuiGJHZ zh2_`&z=ntYx7AwzvfZQt6@QW%vI>*r16Y>9PS#!=x0C#< zi6L1EGc2r?72KFVvCab8YCoUcehb2r&Q~TcS+Y$&xx-vH%Co#6`L?IOpb)-vi)kYH zt;%`oVqo`csmC4hg`bUeweBwZ5z?V-x8Y+C-e_$0JuwT|EFV<)c5({L` zA(3fs1MO)M{Kp5$pWz+9yqQCJ%f&aN1nR=Z1~xBCc0<3vNxVt&xXIND!sB`XkM)r} z@h*F8Y`VyHmcXa%ccA>%(G?w8!xFRn&~qKr@zYiK;FzxUa(G15S!D>UioMMaU-D2IB>>rhB0 zPt@=7#i1b;DEa%UW`QF04P0pX+GrrpyxfbO+HY?5OXkN)F>)CX!Wistj1a>z( z>PlF>X{{LFHq#BsD?me+%LrQy1h^4Sz|Lsf=B#j-RwCbc^1fojS;f=x`4a$=DH8uc zBsQJovQZ+R%r0Ewsc&M=utrA2ZaG&-G$ny!8aD5AGx{s0%BD(sOb0 zvp0%0C0|wdjmc}rGV61)XwgiO7~Qz;iYcV;@^jj!Y90QFbb(^hRWzBBTni~{Tu^|5 zT>82}f6Q30Kg1BNKpeh3klkaSnnbr2g2OMB6pF$sjNM9jy?AGXMfY ztlY}vBkwYum%`75HL=4$;Scp|sb5$|>ezrX7nRp2Z z0(;%qs7x773Qsd!bjs{kF($E1e*N8J3Y`K^TczZ0V7Wi3du5UzN60A~)iP*vWJpupQ_W z6EbrQx({-`JU>uZxjHD9QbJGWo4zO9;pkF1VE@SKI#4-4b<0Vs`Lx%h*aNyA{bD42Q*dsrn#na_ZcU#|9$Z!QM}P)M~GgS5v{?d~rJ-qY%?> zJi*b`#x_1E=72ZRouf-Zoq2ygHwGjMT#6hp?(ReZ2UK0L12mMgv=cLFoT7b#56ldF zi5I`U0j~hej_oatSDds{m>Vc)o<3ysyHD7X(#Zwv#iliQ9s6P$rMx13Pam^UvPHt) z!GAPSdEDI~pgZkHM1t!026J4ZUY&k|;a-q@Juc_vTpne)*(;N$ZZ;#-t0hKzDbdf;A$JU%VyWr1>*ah|i%FbDxWdPe;cO-e%Z|G#qT2vyl?$W;nh$ z`nkDrBoY*SV=w;{tH+ZRQ%oK^0K2d(2{DHdGKZWAnfHM7G{RIA+Il^nkrHW=#vSBK zx3^J?)#n>Y>?}i1t3At7_H7Z{ajO#C)zX=bXK0p6h=88luYX4JCos*Tyj*M}^BNpi z5;psAWSZBww_4*&U6AHAb|UmO40Bj9W=_T9^b~-v`N6^v!Rr+ziai2dW7VH8C4ofmQZq7e6k zCh)X47weINhR#gf(V9d57|=UyK###xVmg3a!vMe76VFHEstal`?9ad!Oo(y^r~RU- zBYzo=^Wxt@A!cxt^1-=qWlHK1ue?5(f<812`*aT*#AlB zBood4pL4A3t4{!Uh26#f)|m>nds!#Z9$Falw86{{WlI)ZbWANPvRp!fA5)vz%xozM z*%U+44?7fHgc*jt0DW83%6Pd;w^ zQ@dN=!0TA4#O^AcBjc5{eV{>^c`G^7L28bUKVkQWZk?3M!-l_NOQLZ@Pke@dtk7h;)H|9u2b!Ht%Ex3U1M6WOK>0o>@k=2-DF3MKL!7EkX z08wnEHf4xE5Vwir=Dht4gej6CN^MxDd;1tCHv`Kjs~@=zVuiK_pLP{F_M=<;!BRMQ zKfgx_+oz-2H^#aAN@gys2#0dnTr|Z9I4Xt#NQ%gr3;cgu*>~=M0cspsrN5HT$~5$( zDls_oQ%MoqTfCZ~Ub02|WfOd0CjRneR;($*fdwJqAC+td{vO z9$6ZJ;mboz0Y4`rX8BW5hjw|9xJ}?~L8MQ@Ows$flQdu4$uTBdl#@UdQ7dT|(@=L@ zdkjdLv3oX=gcE|TNtmtJz3cr{E`8M=>J4__POMsXD>)hpgdNkGI;xZ)2d-=LDy*V& z#<13X4&iAHyTBR1R(VJANk!%XZY!c!p{PScqt+aSwoU9$JAbz_1kYy&M6H^l!|GA% zfm7UU7Pr9kSv@wUT!c4WJ5%tW>oQniCMka^0PAhIm^Rp;AqX^@&9)eO)%%&rPL=e~ zS~}uKLE3c4VURx#db3)%v?=Went`LFTiVD>zcs&Ie{c>e?gtylgKS#}QEt&EDA3W= zY>GTvn-$Gl!GrnQ!89%*w%-tvuY1|IkhbcEidS%fwE1$l+aqn@RTOF4l0RYPW&i!V zEsafYh>Ddq1g5GH>Xrt~aVPHqQ28Rm4L^Q$MC-fPAc#0s~T$eYag$>!?-|A>eJkA0tOf%%@=hL5WdP zG?5 z)m&M3JN#FdOYaGd?ogu%`=T?7PaY2|DDq|wp+TQDX9xoxwoJ`V?Jx%Dx+G?;41$&0 zvbg`Gf-6_PmyDZ${StK#?;V9oBGWPQ>8wYxr#R1lp<{h1BmoH*4) z+aiH5gmt?WFsE}$T?BU}!}_Aji?1htVk1Lg1C~bCogK*~K9VbaB=R3I5`~)TMslTj zM0C{;-Z5L_yJe{d?*s zk}&PG zTn>dGcOL)sZ~ehsj^WVP##8KHyuIPQ$sOu3j%9}TGxmP%sfOE<+x6~3p7rm!gSp%z ze72U-cY8_?EAs=x!l8iww9VsQNN>fO`&sDsYylBGUY=xW!jc1 zlN-+E9<8?1R_ZL2>)UyhGMT=XY-eU9!q>*rR%+IeeLU-FU;oyR#(7(rbeyO7{UP3` zb9o>sw1vtMW;@3sOjEd|@Vtw6x-B6Cv)oQ~$iKS|Ge3KG;i;9kHQm1Ay_}2szJ~WF zKLgY{OIr&MttwsEdfK4Ex=# zy{3IUbR?I%#>!Ruh&c5^co(0yPUdoeIK`8@dDa;ARPm&zbVt50R);4KAI;^SwLSvg z_msv9{i{l=!IWlx*T1`_a=GXEOld=9_IsH)r{mL{YLqR*O0My+(!2fOfqG6>(+tJhW=%YI#9y=YHPb$vW1w(^-0; zP&i>N#d2GZ<#G>FuA{o%eWk|=h1=`a``H_Exl`62>n$ALQ@StzQ?=`T@Wx#3fQ>1g zAFJ78Ek*o)gfhafEKS9=dFCegVf~o*l$u#n=6=2Xg`f-$o9RdYo_|*^_XM_9YiS8O z>?s{c&dM7JZt~)}hi?Ig7Wc8~xV1ZJe`DJ(y&D=&mT9|Oy1MWSPTg_*51-_qD{Fg+ zv6M^qH+PgCYA)Ptm13Puw>kWm9Dir&{x`Ii9(zOK9;*|__4Mtz+%wDd!|F8@K49f{ zhB-e7fn2j3j9TH$$E^4P`%9hJ&-dRCE;9eNrC{4yI#2+;;c>aP(9azoKvr5m=bc({ z8!12UZMY+OAGp$1+En<;s?vF_r@cdepZxOUU;5$~J})Zk$v(z@pS>%Wdu+LWJ4=0q zzwmzJ{O-LQyjyO5ovag*hj9id=5i7CFaA7mS+~skc9gz%Mr-MXGYW7cD#yNdejFas zuuPqDsWa(ue1kLunv}0z|7!qgG2Y#mFTCAwF4E)mzYhEtmwPFHiz9xdqdOjQx!C9Y z@OUZr`6pu=n}35jS{o@H_LT0)7oZ)J^%2h3|0eQxdAL1P2#67BXYFsHztC=5mN&JQ z?rv@sUOR`1V_5&&;5AbYvbU|Y76#kY`lPM;!BW%ufHRL#j;Z7Z17B|rzt4Pfd43vs z;8T=&nDWc%L#G~rXW9D{4k`a^`oF*#gHbL2jIcTQsmLdqPc_}P;`YY(7Vl_yU-Evi zc@TXEmeg!ABF^{zPa{|A*R8E|T-u5l*6J{?t3Ts9U3|WVXRT>`J`kSc9A|ib%;r!# z&e-qP--+|c$cr+X-MIG~*Y1wrg-=>LnR3W6=XmgF2DzE{`ZxGklfWdi1=^~&(Bh}?DSIT6yft6 z+dA({%j>hpd3T($S-5QGS^r+(-Gz(Sursb9cw%c9>302>UB8d|SZwDhe!t(^sl%Pl zh&#VzxD&@a|JCK^{xI*>GPVed&-0vJyC>?NpAOG)jL-7iN&TL{TVgvGK2h7wW}XG# z_`Z{8eZPkP`Zvh){d}T|)boO4fd30${LqaOQ~g`&T&M>4_Y!T~&1Yu`J#|lM zEh4F*^|by{j(Tgc)6}2--T5^iTda3C&vp6|bd^u-wpj0BkRS`2N5gZ3vyen>b~-FN zgf_A6^So2JST^_j%a^^7ciFOUd6}{Y>&hN~nX>oRm3{bS%05$9_Jx-zyZ))#@owgM zIXLvyl^uVXvUk>%z5iv(K3-S$xtA&1@CUWyJ&)(*#(Pa&*#j?A_U5{>cfU;8M?%?% zA5ZZt+}g~4{d+1SQQ->T(1P2cu+o2*6r z4LsM4ud{R)vhD%Xf@*ZE)!%_vuhLwX=)Vp7q{+LFus!hS_?S*xw*2vAQ-f)i!U_G` z^tbRX)8SHB$ug6lqh=g!e;4)2w47VoltOdkFC3n~5e73a*7B3%Jd5t*`@8Di-&6Pg zp}O~v)V+VI?)@`$?_a2U|5DxiwLkQ+#POULo;61O+r+bYe^%DTvNOC}%ez?iR-OlW z-s8OS`YdmJns@7Y7wbMB>c;1nc+T?O+<)_SRY(6e@;uIGl#{XEt)X1R(|dS!npy%+ zumi!a$C?X2Z)+dhSPK$fP1~`JPM)7Kx?Hx6$D0eEvNqz}H~zz7T`9i1o_E*NeinwC zdDg#2cy}HT%i#4r4Z&`Tc>46k`TF%Z5Hza2l zZAJlo&dR0uEz9;`AcIuz&s~x?9jHTc7z#j5Mh;hT;W+Pw8_{l&!4lzp2k)|LeHYJq z7vJ9-o+JDo;Q4s%n9{P%mwH>xyw|@?Ja6VR1MB{vcBXX(L!H?E^*ldNTgPx!?KNEH zzTYs9bpD(8{Sm8E%RghA&+&e;uFXwqkbh+i)8`DoYU-LF86IN#VJy3O3v*vwwzKq5 zzR()VHe0LcR;0#X!}rYG_s6-%_P$4%Q`TOcUfEH4Bwy&Lu}8+Y<#R7u*+udR%cxK| z6y#H!^YuFx&pG1X=K#;mCI@QPrnU5VzVJYRckKK4k2&5(nR<%ns}26R(dM$ zALad^!E*_|(u05HR%0n?`L%D#2itmy@}f$2XXWD9$A3JZyU+Ts89RZ8CsRjJ9DCE7 z9gdqRuYYTKeu~c;{;;RC36~bD(`SFnrS&P?p9}S4d(ZQ{lll=B=e;FwF_iwmANIo@ zP}0+}-pTui>-)pMg;!7g(Nk4Vy5_Cmb%VyX1RTnxM+!GN+#(!qwldE_8xXV==6C1**tnIYcNN%}i#;tNVq5dw`P_r}8tZh?j?#1a!kq!=QNA|64O}ZOyPgjeIECAx zUX{r&?9b<(fzd3918t?33Y;Gu>%=iXKAq3q%$TE$!f9$UD#EL62KrqZUS%RrKNsN@ z+v}UnhnR=acc)PYFo^T|9`Ap&+`Igmn#~9)E9L#+^Yk&yN#v=EK8%JM3Gjq_t z7jJa>Zi_KeeCN=oLPaTE-F;KUfx0#AFCCOSnkB6yOc|JY@29rgu8m-w_c-NU7OGl~s?WNV}`$v{} zAKT9T?|I9YXcgXelr|31b~Ej%?YHpmzHHlA=y}jJ#-~;0S<2jPWddKkLu=sp8rNXv z=fG*hgPJw4cnV;%HE5;{wYUE6*k`(~@M9)2KAUSs*DcH2$V}00Vp}7>uzXu_Y%fygY2eaY zS~NEJ6!8Ye7J0(szZhlo5_H@rzSeKF7W;qTUUFV+oEaQ0V9Bw#vH!=Nr( zmgUD9!82q3-}~tD^Nn+v{}p8Dk~oQ06zs38>{Z*3Ttr^L1Mn8Bw^-JTf2hpXkLPnL zZ~Ox{Jid8**1JC5Nxw;9)92m<@ekoiwog58zL-3kUv=L>e4gj|YTm`?2YGJDJU_&9 z#5>i0q^|zsJa4A_`q2K1JkRhw`0!09v3?(ndPch5X`N?y*G!$P|4DUT;&+WJj;-Mn z`P^eX$G$$#^CY|_#F@;;q39ELrdBf@fKT42?Zj zdu!9tRit#k{we1wl`}Yz~Lp{-?bbq_Q03F z??f1B_l|GEhi$A&(%@FK8SyB@As^}^^mET2MIYl5^~C?*?lofh^S;G;FE_5Tvgkf! z6(Szp`<teZ^p9L>${26@1r&Vx~XZC^Ma_W!qb1sIP@w{krYzlKb z{$2Re;W$d*Dy2 zK2FVNGCaq1yp`w2US=KT*klErqta*Oqu2bI>mhYEe02=YS-$i*KBzeEw(lYDtgkvf zN6`EQ_dmq45B)iKLVuZ@$^O)pcF4I_oa4^FaC(Z*2YFsg-S|9H_k3%3Zl;W2au?6@ zwSCP*z8LYP;lC`>_i)R|im%!WYU@$TxlXibU2lo&8t2&Xm(fmNR2IY6aUk}e`>*)8 z7-NkOR@idA^T*icGn8vy4#qGx`FJ9~cKN}J?hw@MVAj-;=Mh`~kXk4@N{;qZnH}l*?{rG-o-Sb=O zp4-B69Ala1nKK2yCB|4TjVHHz%s1lqqinT!$>6w1&fvEsWAvpr6dnx1Mq|qAs)FG& zH1zO_f~^@T(=q1=a$#vfnP?}}*VTHj-$sr~Q=vXa1Z|=DQTIS;t-&GNr^a2T-b>Vz z?zrSUJ;q6H*(0_dk`1c!{Hj9Wg@y+`rLALTqH8RA|H5g7u+JdFE6b%@3nB3?mU|F~ z>4^26Dc6U08L2E8F1V<@wWUICW+@z%H$~bWNE*xDdU_%EdFt))xbci|v?Ju#MBPI$ zRJ(0Bxb=N=c<$pFHjf^?Xbtz5W+XUVS7;99H=kKBIiAr4Hp$h!lszIEdUQK}SL$5N z_n_|_(D=k#^=|XJ!t#03ZKZ?B9(Vb|L`+C(Jyh?d4Tao&)@BXunf{>n_ncM89klnh zUW;%+^FOeIb|`nf!FkdA@gp@zC>j8?ekwn>5qR;vr;4xAsZgMu$HjKHo>K^NZV6iI zATDyqC!{r0yX(&_R_?tWt-_W%mplKi7}^=S=BLt)kGH7UNT z&RcdAa(qM@fZY01+ehzbc>flApYlP|BlPY;-Z_q@@63M$FxQ5NS?g&mpD?g~{q%gz zRrs8_lSTBX|9Wobxvj3h_-=%Elf293fyQ@F@lG@t<5;5Q*oW?YY2sacela|6<~Q~E zBcAUuyj_AOT1!{6moVkIDu4IYgOo7bm0FTY>If0cWTa=4M1{}Q-{^!A{fSnGwY zPk!|))tw;JZw_r7*j=z3l_hLe_kU^ZorT=s%lTPwP1f}w<*@#zdl&ySx#*_|-;r+Q z{bKlPPXIGhQoQr4Yr;G>^%j=jE7D2sU#rudRF%4crEAnT0RN}G%oSzyp@_ zQJUZSMFHIOIF-MrQdr8bG@nU7F&L=q+Jo>h!+}~Dh)(prZ79-k&3m^Bu{g!URqj5@ zow7OBl*>)cR^Bl&KRQwwTbLTIOpZ>?&9mCC|Z zJ99$|$1C$g6O*})_Ljj)`+>en%iv(kuFlHfb$#uW8Jn0IsT@0MH@{VMi_FAGZhCg& zaOK$0WbVl5EFG!ozV`l(N`L#V-u|{qPfK_EKwrzQ_5r(g#%D4yb!6yp?MROt8=akF zsJY6(u8NLpsg!$n?d|H>Z9kOT_qUgKR(3I#_R2ul+uL*V+#*A_vz4i#qu!EcR+*Tq zOplFCP7jS#rbZWl)uh2=czSlUGWyPip~=eFRBmeY21Y*TBOV(anqT1U$mrZ~ZhqqE zs2Z3Xov)dN0L>7326J;mM`tESD|7Qh!$&F$bEC7>MVJ|#9jlBU8=ac3%#JbufU+=J zeLZ*NP-S?0XzK8&!??ZNQ5mcZTnm(P<*ruiqQAeVw^Hfo?eA_G%*~EYPBYHqx#`K+ zSfw&EG;*cx+%uf8x!Jrq1*c}=1p($cIeK(1H#<3Tv@*O9Mq26XZy#vy-``$oFSmCO z_%sJvy88fmYkx}*tKHSpR@t+!yRS0P+0`+a>l^H^wDPb?P|}pPmWavhNr5lGdD9j zTsb;4KRlkRjLnXY&W_GiI3OrDH(nW=96CIgGt>!dlOjH6^HgT17v@I=^2wvn$MEFB z$Y^DFXmS!@PfS&WmZOdZK&l2vGqcl&Mk@jphY{&2q4}Xhf_FHeXV})RufKOU5b5Zx z94NO8GU=|Kft~>k%Wz%j3Ze8@dfEpDE8Q&zY8PDNn_rk>1eNKTd3)F0(r5Hk=?A-8 z_jTkV2KsQoPf@U~sz}VR$odksjZM$qFf==2v=j)@iFJ3mx3#5QX=@p5sU5-aVc;{P zx`6|L+m#tkSn|;r`y)e>YwZ}$hD-}B`sWLWF3$4zUflinfH7i5I z!!>Bz($>~ro%F(#P|5mY(1&M-jv8B-9lD_cKNzNUV|c9FcBoJIm|NhNnfcjD07+$6 zxwogi+M;H8Y;tI-GP5u@UOOskvz`&O!U*wNt()0E=b?DUeY{fgPbkkT%YdO>RG<fqC!#_WqpFo2FVhbfY+aMZM;Z z4!vV~Hbo^-)J+*aDI}Os#nIzN&n^AC4S9!W7DRPW8)86fKX+4QXyhFWbMw%L&q)|R z*bhfH-fp!roX?0t}Oz3UHH8y=5PBEJs0~;ns=bX26 zb+`8q(AzP1Eqzz9&Sd(?#274)#X2%PW@2_>v@*4DROEQLGIvwD zzJX1sbuqH3;iEG(Btl1By=^&uHqg&iyO}#8IF1g@1-TtWL4W)10a)E&e-6Pp1;`^r*A4&T%Po>t~^GpJZTlwH01dL+jy zyZZKtbL`q%Gs&oe89ZherYgg5-bKhWcZ4;VNBxP!VQfp%!&Z7?YD^m3)acM`yl^+H zipJa0w!dpYf>>h8pyu@1fx^;%T}@{*aP&YU0sGS7_qFV9uXMERD-Vjq_8269LwOK# zMCaPw(^7V#9ISM2a2un&N(I@PS?8b!Ntl5fXsuCk8a@=5xB*{nW)l;hvvtvA=d2Z^oR}3RKjhQF4qZJoOaU-)g7fwSzw~`)49>9 zp+hVgTJY#`vK&oXtwFPw|DPDv7v5Qe5#Di9hy7>o?f*xibNS1rqmvq9hyR~n;m6XsL;dwi1KAT z+?L-+3YJi*NbR%+vdC_-N^1+_SVGSpxVCE$1yq!DZC4v6M^|s<21!3Go1rSeXNR?P zBhxpqVqF81(>I`o508(ckvpcqXANqSdNBVf1}ZvPilDQDgE(@iTN7qR1#QW20M2j> z9dej)OXaVanQ+tS>~wWVbD}KNlOr|cCMG1wSF7V8U1dn2bVU8wZGo132hc^pTC`G| z2)s*-Tw{mHncx#gm9^!x=8F+*5(E9*_{7+}TSsvzst9yM-HIU!A*zb)9?&Q1wH5TQ z*;(uIKyP1rPi0sCbuiu8X{~^1rP7ec#JUlJDGAISfxk{y=7(platf$&Y2!uCrByuD z3j$|v>F;m3F5A!{beL3W7KK{R<5*NV>42)=(#Oc!a{cY)UX*WezsDQsYKM&a&1$La zV|egrX)_|$U}33t>%c$`6>@ZL&aA7s@sU~kBI`FOv#o={unw(j1rD?hTv;jifzrJl z9bxVRdn*HbTPx6EdrP;dwykT|pi{q^2uith>>MpsB1e#164S}x3W^0B#NggBa2@4E zB$5h|(*$tA=LWB;?CS05!Q`^~ft^>Rx5MJledRI;_Lp!V&K(<0)}^4fs|xVhQMi$u z1vA)O#$;!P5I(M^8R`tp%uL>B%9bbq6KQf{egak`*@2weLhUCg1b z-u=1$a#wd3B2v7rj-?4BBWE9#Vq=n^zpb@}^{tVG3sYv(23&{3q`0Sfi|g_+JUxA6 z0uF5?gavWLGyu51k$=m8E00;4mnwjI2%A8oq~hq<#PQrAP-AX<3Pi6NLeLm;^Jr17 zai)5Yb+Ai9?ArFO-JK>v54eND3CFY}o2i@@q9L1U`+;5MeFI(l-BNP5je8-EE=&ea zU2B}PguAZWRc;>$)_DMK3$j^4v~yn{%JiY3V{+rb9FLDo9ESg7r)*MncH&r#f*4GH zTJI>gp!x;VU%FN*DQYx?t{ybQxp8zu(`<}FjA69*;6d1Sbl9BFAL}7qRt|XrI+6@It1@!LBQ0x>B(bg z*}{EbVdJY|J^k$rq_4LhoJ3u74m5LgSfWOX2I7NJ9H|81hT%SkQav<}S(JsNOB^U* zVh96&ZchF>M&z;vg|+Y63X{cIWsKV#RFUNF!;$ROt+x>5I~&AYL{l;#!= ziMZWt6o6Y>Fsac@%=v^`QjwKr?F?clb(>Wn#c^Wln2=hYKf_Z)a`$iv4yHVJwN(bO z`sm$-PfsUCwALetWr{S3#BP3f7u^~ITKm@ zMvJF`%|!+h_!FF(5m^;uKR^~Fo51eZTuezf-JYSE^>Mt)3677<1Zx#@Bq$7SUCCv5 z2$M^*Gg=+2>iEdkPRyghno)wDXad-3Qli`=al;UVltstBPOMRLK4^ZB6L%65F@`H}&fzyR1@BlC z@v0tmM*DtMR#IVHOB1qA&@M4?E6B`l=yzsZJQu?W(>QQE6RO6=jhMt-wNgipq4j_b znyH?(-p8mpB5gq>k45Xr+Lt3N1xo6Vv5G2;Sa;(KK5lS}7MWxK>J1D`M%mEp?9h$$ zNe!lrUTU*2J35tmILK#fRwZz;-pn;X9R1qf&wxAReM*9TRZoh( zL(|I)Yf%|$dPrrJVFQvJxmxKl;W}W8JJ1PBQ#*tGU6t$F2V4)-!ej?(7^!K@rM9G8 zMx(Rnjq-mF-#9E+ObQN)qL51aw`Pnr!c64fHI&43wgK6T;I_+XD?2N#IFz%?j4^8? z!~wPsUsvTAepgv&?sxZ)hr|G*!t6ykF|UbZ83wTClCA>%iL-*GE|DYe4#5y#>Mpb; zj4vE@LZu+aC3g;slTdjS0eCF~IRB*NLh9@x|BVrr9+BWiOg&P@#A2lK790AG<*xETXnMGIpwxgBE zV$x;H#v3FFEl`6dY^Je06hI7Q7Ct}x846xR4=mv&0!r{c^T^7fG(7I3@9XLkpF-nC za7;{%kIupqE5f;oI>u`h%zL+5wx?Vv9hM+DGd<&Ov6`g}Dl03hpR;I&ZW==?RkRE@ z2uMmEWe|qCM~CK)Fr3s13~?}9O%vl9M!G`f{(ZPIa4VZRLp}9tD{V{#6d#>EDm-*g zqL0EBgmBr_PP!q?C0<=K88?tkz}5MprG8~yuX}o1rOyxc_m*K77`wqgWCMXk3{~Wv z#{!$iDw2a)4mSoG<`%USil>PrbLTt0M}U6#k}|LTYNV)zvm*%UO81ognv< zFx`sww^!PTkZIxqkqJhv_*@0$kjJCoHGFgiFF!ob*RUosn$9f+7X~>FAbCdSZk!6% zkw)dVeN-9Ln^4|~PP`!~A-kj$ri}%;CIN?&Y_sxX4oRt$va=kHh5{BW)0m(MMvtXd zM08Nrt{8?AjX=g|p#q2k%#it@%_is-T>~ssI-J=NjGxS833rVSPnjDAnoNrshn*Xr z7UpH{P6-Sj4=;k+;vCYkYp`HpO3D(}sK*^Wpky-K9AMJz4C&^E@RdpF7E`Ea;+5)K zbQc@0;I=&#;&S9Tm8KSJOBug)H;gCxHg)|=jW%S;khw1ft2%&I`W;`1l;dov%7f^m zlT)}dsLE0cK!m5Ge59)94D;vjEE#cGF6tlMZ;=6B8OgR?Wk$!Uz zsH$C={&p2i!Ga8v6T}&OZB^pxw8WdDW73rtciCbHBiRn684PkX*ICB+JiA(YY`Nx! zaBvuJ3=Xl`(Zgb}S>LYF`d%Q>>fWVPXAWSWoI7emvJ?RE4D&09D`s`U)N*u@abVZJ z8lA4*i!2euY7mD)vYAqgGC3~_pSxi~$sIwm#?N5XnQ|Jn8#E2Yu|Y=Hfz7%Q@Kepr zU5Pc(8gx_yqhd8tsYfUnxru~dti4Aa{~Bx8OaP6|ZksTNhf)8)}STacl+fL70V(pJ8_2TY07nPRvdPX(?&h5pIkVc)`N`!97RUjv zL(}xe=JX}dbyZr~N}9+*5ldA_TaDmUlX7Kj*L*qivt}O2;Bb^QPk!rlgY9y*%SD!f zw~r~hz-#cLtB0Hl9L>G`h)|n&jqZm77}xilFGLNeGxm3cq#=-o=piv)ABW;zS(S5P zVx)37DBvkQ$yJAvh0~o-rua%n7x-VB(#pKVtG>DqQt;ZQ(p*{akW_;ip%H2|VR3sZY8Rs@uaIMU%pcMU0PKMM$xJ3Pq{ zFW)3dG&R68F>!cu`VfvA(W;CCOI36RP`7k&hux&04TuTK4`@sx(5UHEsUaWrF+AoI zSr0*_;!4#tCWE^MjY78>8XIVb`E;Uq4b&n=YM@CrS*G35q2sk2G$?|yYvuYoi6KLmY*ymu$iO07r)oPlSZC&3TV9Lj_sl}kLlF`UT4(W2{A213v4jD<*&GFgX4MRspF;lG+ zksku0$0laU<1w62!~ymKBkvjjOrjFYW!)YvHM2tH-#6!!#+h*~Vtv#swAi|$Ec6nB ze*JLKxg!%ZN{Ycrz`AS7xMgB23RuorBpEJe3?OBwDg!;u<;c}|hgoD$K+Y9Z-!BDd^p=VJ5@#h~Q*pxPUKo@4c!-_&0L7G?R7R0`ut^?*&Ak_q<^l+)EX*;qB{^|JT z#}?|>rBMeZ8LY>Hg9kiJN{gOW6)UVmnBbyJi$IiefLDZC7W&!+JF)qqCn@!C zh;k}rTRQ3@wqrPF{vXe#gRnGZ%bT^Fb48}%S0QPt>W4L9P@BMj;@%cat>|SnpB%Y@ zT9vBABDqEul?Ef^u5lw6tBg5ORQH5G*Fke#1988CWeYP=nUdaVP-3S}-CUGHT4|9NNeXf*T_Sh2-s0jC z);47?Mbb=M+w!0S(;{EECxSd}AacGaUE2}Wn!s{Bxgu9PS}9luNZAQqV7ik8J46cn zktMa3R`IOC=zr1LxbDrQcZCF9Mc91W;t|7mJ4j?Emkq7hN7~&>63iGBqGS&7f0j&9 zh{=j402mj^PJ{%iRLwDFVA=ihGfmAO2_btoHn-VgIKvQcQYsONdKxF@E&fs4XQZ~{ z3K+u)>f@r{>vj@kNLB)eMlB6S4kLw$QiVEQ&8$v5gFQJP4N4cE?kr79PwuQWyfCQ4 zD4lb5_3gi^s-AepSxz35v5DD`P?qL8^s)_0sXgSGx8;u3;uwvFD6hE&Nq5v#*7!WH%Sspr$!3E z+OBdo^f3BPUs()i)Q%K7shL|@fEm_eu`*u8^|sp(YgY}03*j%~J&Havg#5U%hDz#$ zmEzntTWOz!etrfX4_a5+vZ79xA`EM*<@yn%Qg|x(ZE)NGetP2TcU2 zpBf42j*P6I&fJHAg}S6xPH@efL@+7pWVLijkD8J(%%Ql7#nVic(z+tf3@`SjsRq%X zA*Y!9K|*M2OguX%ogt)azvz!|=(12kGuw5H*qb3+TR@gg3BU+iTOZRkb0Gq2Nt4bm z5Y{c$k5kRa#2k*sDI5w4*U7IRWU~61EORa~=WOf7TRa_R=lc{LQ4G^p13apT& z1A;IR78-Ei(XLG@FvgBdF-fe6Stp$y+box2Y7AFvpxVLZv)J9U&mz#47}Vcpi9vCk znb3l5yhF2qY=sLgXvE?#VxVSd$cE8E3==6HKITrSo^qv3j)CzZ>g+1-tqhWXDUBlL zq{N;KBBo7pu_ak$CFJ4HshLEu{A-CFZIcy)IlDYb73h@Phgu%iL4o%@gr+xz zG|m1DFOoEldBUmVEN&JMlQ8{3{s7yFV7uG|#GrPB#3NI5QWpkUWX7u;YnPf5e)z?n zx6~+8w;8UXOm|zLOdgKqI+D)K)?NgyaM<<~88oz(wGIMX-AX^nY2-+yOC6CIe>4nJ zKUdYYSbuNpQaXav>Y()*>q$d&nWR#d($k_1$8nSpSB-HOm)Fza~tUxO6q#Tyiv1?GbC-tzsvX9;68iKR(H25plHkX>+h5_O= zE?Yw~gQ`W&9l)5zS;r>X-8dH@|?kK?Qx<=AaCc z+36c|K;k%RMzG{8xk_fU?G)1NYr*3QR4t_YpbEoDa;Xet%kr$n(FGiHPghAV%$U;5S zPlSE_S>sG3+N?EM+JVojEYG#AwLSHGmUnX513f84`({H#tV8>|fES?ylW&_nM)rEeu9Vn{9}N zC51lJBnWSi#38Lz@7gsE<*GQALxGhL&OkLX3nPDP(Ki4Z0;GKWz`$N9pc&3dkRk3s z9h=6DX3G$gjoLi5%(e0?5X?`S<@7>e(I@Gmq@=UyDjcWa-f2$Tupkh7611gVWI*zN zHLp)ofji1Hb`Q7jxfPXYq$Z2qq1(b?1n$vOkEnt@_0*mjm1*}B3#^`mfqhgrHWE|g zQw*CGW0+ynUyO8H;(;YAWQHU{Og-#unw1ufl+dCDXS#=E>DeQw-P$&d)0v#@fe_zkMFkbLuMNf32o%B?;kcI_F;$#a!TITVcF+kh z#JoAYq1uneiEE%XB}ZWh85F~Z+;9;y3O1@XT{!75HT`V3W|3{3eqro_#@L7v4k9tB zAy(wxZxc%Ht};|LnP_UUS(U6{h{1$IO3-1&Xf2`Mv^O(yz+$r-#rvZBXJi_=oIzjT zH`dq7!dl8_3fjpV;ESV&*|ukC#17ypykNRUlOgiOR_9J6%V741g1OW-_fUiFRmMQj zRt1ha;hdJNPgYB*{9hY6XPxMznO(90qBcg4E}C^%KomaiPvR(<0R{GD_oTebYDTIS zC}_aL1xg|G(=swjLfn2L{XE0PZCDGF9>7-MPC*3Yhgk_KPex^+-$S(06JjoOr41J5 zDWN75=EuQ==vNk|N#qi%+4+3%AlX4cQO3YBXJxMi4-3`aX{|;Pq>xh9WEXY{P2EUO@ubRBVE`!JDk9Y; zEg&>7xL0*m^B+i%+g7A;uRj_e5qbkf}J9@R6CJF_MgbzycMcv&V2*krf62NYK#3_UywB z9*zy6#NxtAvDqzNAya1cj40e)74&i^&upGe9qn2Yjs%b;;iUBG+JPW0pqlkvr)-vc zaqbvv7HXMJsTKFcS5idBj5kZ?whVKNI=FAbP9_p~P0Gd7mqHE=a@8zHz3=Nne}@fL zb(~0!k=VlOisHO&0u91Toh+jkw(HEJK|6~@n+g?e&T<`Df~aB0e$%jGf)^xg=x4IT z!-3{z-^D=%f>6Y8+wp;CLn6i2L%8c_kqFA|aB=X73=D9}D#qc9NBHJYWd>pJ%#AZ> zIfA5U;v36gKU$ziMNLAPLLInBv^UKQVXQmuW8T*XLut=hB8sGkv=z-=Tgv$C1;{H>91YoJ~#uQ-mx9(_taXeBma?!_qO&j3{9$mFH4{D zy~U8=HuA>>g=#*W?GW^KNm*da*(&LnGFzrnyUrDL#pliN(27LBhRwXbug)a_Q|WF6 z)p~3=YPhP-7@MeuXqAs-fg3;CXn0ZqV-Eh9VP~N+P}rH6P0d{4S>g~Sb%{WShz#AaLb4A`}HQ4<5lW;?X@fDP0?VW@)tdgBcb^#T$%qXhl$av$K>ZLT6mn2u_2k0#fNn9VuOj zG1WS&gT$og{lT3kpg^utx1Awa_~}63ZiEvv3~9T4yAe;>$DM)X)BUT0jOo!DMrsIY zj}*PjOfyF{w5C%A!l6FS5X6*&3&JuMca*LP~!l4W{0;901ft!JVAK5Tab)m=H65}<}&t^DWV}#8n z@a$xx7*c0Y7T^sj9wfFn8)QP&B4{^mR)9k>pUZgG{tnZTp0yL4M~qCeTZPe z5@9QZ13C?ESgrr%o zN@dDTq(wLvOwDvg+T}T5i|bl$HNI*j?Wl=T@0{R;Ow+UqRwG18grPi5@bq)pEu0GowaW%$@iP{R z42Lvnwi?(UIADt8v9XYL?NMNC_vq`^858a-w5{;2n(H{y8Zg+PQC#KHiboKP`*z$~ zMI-QZ2Yt%NY(c#j_lwl7Uq`u@qX4@G2vg&}XO(LZ0BnN)AmiIx`U!^^gmp4az<7%` z&4BBStvQAdWm-NEPJ{HonC(dH1HrVPJI%%5SlT&wnOPpDvBn$=?H$~< zH8+CZt&rRz7%zF`mwKyPO%^h)mH8jV+Dvs?)S?_;@|BpwVi-p@mNb&c9NpGNDucpN zKJMs{a%4^#_MwDS3pZB718oG){k7UWwpjcVJx2E08PMn-A;%r^50=XQw)PIoa*5vE ztYKQNP{9#tk~s!WxsGL=v< ziOCxhlbB>kO!A0LVk$#2R0ezU{j9ZroqJo7?If>~E;ei3z1LoA?X}nbdG^_7?5StC z-OxI$=JOhxQ`&BOyqGN?5TVL&*>J_R8Yqub;S(nB+%arE&4WIl>*ckzEaBq~TZQlJ z+oK`YCKRDr`hnO*O{rSuSpy45*;5L{RgjFcL;a*U2g8&Xzl4o(y*chfHrDWdJNsAh zQm0xKH@vBT(OdIj6U&}&Yom=f!?l97L4Tfmw{Z{a41Ho|(_^}`IB>|3Ih6BcfO-rb zZkR{=j;>El18mu<{COeEjCj~A4W`k%Y!jBFJ{%pTHNdc3g=t}CR?QC+b&UqoD1Yrl zvjr%x`X12(WgU{jTF$7t9RVzwP!mDQ>?!oq1l+wy>;ZckIig>GVu zJxuOYx1(;ay!v{0;lCWMF}iOg(S`f)5HDLqr|5z-L!DpY{+0Ap&T441qXnx?TK%?T zTM~qoTbkdP<`_{NX7{~?DdN$$=8(mC>#@zx{feJNpi-aKg5h~?!7gjlS9{zOi>V|= zt4Fg3IhtMD;x5OK{PMo}cbG2OUC^=Prp$~ye&~V?FLtQ>5_4K!X_Ig&z%Hk>D~sRK ziN;3vHloKdmc=>|o1593nL>|@vG?cqPo^o}Nd1Dw#^*O@?^Dir8kuDTBWmu5Y=j6G zPB#n`+}+Qb+4W2LWx7=TukP17(f$PaDemBOQMPHTp){T~aIfRAzb->zcUwy~Z3Wte zN76>#)$DqP$6t71tHv${Rkc~GAvFVbm7znO|mp`Wa)1@`sS5&thPEz-J3G#;hU})^>f3~CyVz^xH5+>6vh2Sh`l}-FO@RJ zcC;v6s~e}%>1!>)>KtnFal!_SbOKvS%b}G$EU9h4`;mQY@nDd*Ad|zjda3^)pX?YxS@G@;85Z-RdXa;&V9j zPw3v>U*G%AYx9bjpWXX}E-mGp*srU?74!0*x9tC2GrunM-M=fU*H=IB(l=H=@!Gp@ z=-oB0{Qcgq&%Ci)hd32iKmUyWS1-8h%_mf|^J4VQo+o5ceN(8%sLwt>s#R((wM`u2 zmScF1-gIpnoWkVD-A4ZBzO$pz`>+M1mi2~i!;$FS?A)lu*xa^931438T3g>?P%~B6 zT=)VHzxgnaIjgO=t@)(QQ)?Vw*G(61eqER8?*00l?ty<}*VpCf`}RMvXYP%!&+A3< zz54yi*HwYMQ66SBeBgv$A#VJIy_Dp4HZ^VDP-7oqN|U=W-AlsF@VaM^yQM~lx!>37 zy}4nTI2N94rq%=1vEqJ^Fmr0$4^sMEd`xV!3z@xfw9K@P4=A(-=4%Z0bj;TA>WNEE z_WaPs?l@Vo`53EV8_YxJrftjjSl@@`*0b6PeC`FkVxVqCvtS*%vsrMlcCkx9?Pv`L zmnnD9$c{G0CrDaeupO!wuw?$v>Kxb<++pV+!r?LPZqXv@(5oYUQ?n48&N45V5BDM4i=(#7SyW{{o`UfhmrQ2_ zaSAX&wgc;qGwl_Gph&=Imv;UUws?!!W)YD77BO9-m@Dbs zg%^##wFLHzns;c~WFS1m3PY}RwJF%{ecCXzrLGNdT>aj7_~-M-^x}JR3!7!|nm5^K zv04@DS|V1lW#jOT)$lfpm6B16i$U^d+0vnKI*`}j_tBtd5R);zW0)N6zcC%!;HEr# z)0P?^LV9P{ul}lD)6(9~YnA%UZ&vZd!L`Hg z|1?9h+T@~cMq-u`p)KpOY1*p3|O7ng^CM zHAe5Jb&+P%*nVkWT$66L{QmE7Jh zusuSJeP3YLY1fGgC^-u{z@7vv0m~4TVHd`0f+EsGX4lAwyac6 ztYwQg>(BgvLOfjZj?V9BS<4w8o4>OXqK^;hHtN~{^?t>J6r7hLz&kH@!()f|#=X6+ z%*kKArR9>*k&Pg8b?@_w+X<+l&F%5$C-gi>V}orX5T|Ky>SDCBl`>NxdqG~?Qu=IK zSfW_Lyp1vVXpWvTFv0gPPrc20;^}a1L17LuhkceR)zJ;7N68l}@+lPH)QsO;LCqeb<}J zKvZ`B>YWPnHir|7&XEO@szBdSlnC!v?arvT-sEwZjLV~Zwh4-+D>m9~F;#d}<`teg zF3lfNUTYN`5g+ge1o6;)IU?)Kv^F5Dj>B7dc0SHxY<%vWocYD{Z|!>*?%Z16$8JR;AN(p;c&Gki8GoYn*uY-KcmLpSQY`2Qt+9S3~@)gdP3xDRn%h zD%W#6^(pUna5h!;*Rkb-eob&1$M*U-hTzPH?q{=Z{PZ`ERHtgfadfdgW$(!;ke`Ra z>e>Mf1+mhgP4`JA(R1l5HZzk4UO3<_iqDD%2N+259$!sbOon zo05xL25lQRoj1fIZAa9mfqsFb@4a%C`7K|du#45Ks4(BK-i39LKLs(GSOxwNQEF*3 z#O$fF?6kk4*{D6LWyHyv)r=McZ0$3HFjMA{EBdy#q_TCZpguzx-kLjs_`p_8GrdsN z?5&I2Htf_Q7KrBxY=T4e_FbeCPZ5VlC>$P*C!f%eF`>Mlt?UUyHS0F3bcQq*%Cx0S z4RzyL8oTb2S*k6mib{P&13-M2VG&8Zc2hVMo^Kzn(|U`WZh6X;n8jMK&NUx>=aMWA z-OlOt4pn-?`QxXc?1?;I&G4HmLw~|Dz_t$J`}Ot=*N?N|GuCJ(wmnPFV&*Y_ z$S?8P`eE-Ie2Un(mq&g!`|XPUf)Nj=Q<)npAch5NirKTwN%O-Q|JI>*FWRF{`<&_r zZGvU<*vY59y;)llYU;e~n)WTcxSFWPJy|QWpTE);wm%-oN0@eam+Xy12OoSZA$7gB zBOFfrPXZW!9yd_f) z9;{2nhwKrPomd;yL+#S-@_ZJ$zCo5Y+qhtNk2XQW_OnLV1}h)k#6r_zA5FYYqV0w^ zKRwQ;CmFoT&YPKGSZmW}Yy(35e|`fccDc!yOom3!uqP6)x-~b`J0Y52>adn(IXX?F zFAXzUMj@;1w9!+|h2ta`k2eW8hZ5huM}2k8uj;OO`>1mG7AQC1>B~}F1;;?eE=1Th zmn^RC^l>qHs@HfOdnH7T(9`(I6ydk@T@J|eNV}HV7v6%%8-_{YV&M)+ff<#rG(;$ z4m#^Cl&7}lchZv`R4iVzN}o2N7PPCUZYGCjxFGbjcF0r$ItoZ<)HPGgGxy780PUtle&5&M~ZG*A2*!Qm> zQ(Ep2;8Us;v*?hvVR_Ba>2TWmD3pU(&`$ zbARIb7bnIxx3jfi6rSp&w`TlRN3$B>rz#6^=@s5r z_Uht!txT5kaYWhCa_|z-W>WS<~4o}(i-7LD)9ekivb*5)GI_k(Wv)VPUsh8D} z4xqlK;~pHXKpK@EW~W|)WSX#8zlMxH zo5-NVnU#k(>-qhb%sIU1nDk1@q{-*vrjo(butE`WVij9c9QBsF_vw%x2UHTzpuHDQ zStz14J)XiU2g=!JJy~7qn;QDyvc78-Z5oc5V9Ndy+uFm<55u@6MHm~$Somj_sl4lJqEinwYCqDgzg(TPLI@3(N4OYBmgfCTLw=LwkFtKDZ(myv6&RATop7?awCF zAIinn9(4%ivS#t}uK9g>B$VpXmJD3v?3x+Bpqk#{RdS!BWxvS}af((*(+iH0R8KmXrNU$(o`8X>$e&vTb@=S) z=FNJ`(Dsr1ors2F<-oA(t=(E->Dt#GI!y)iRd%w`s8t+Y^(zPEm{l;CpBXPGv{rfc zB|4mEhxLRgTxj&Z2FWnspt2_Wjo!-Yzvz_QSvkrV`n=e^r5-UByzKLcYjm*<^P{2- z!fN?mEWMjy9hpgw^;UGv<``s)9ci=}{b-?Wxn~u|>eM-gR%n%Ix`mG0?Tp5yOK^BE z3bZbgALdEv`VnedjY@4eTmxy2+G_@=QXKpHGt^m_RJ=X=GDi>WR#SZmJ{@maC*dzgoNBA?M+Cptsd ztB`oG@OR^AB-5b{Hk04j^*y+It1GqB5=$L{eFS}n2;z(q&G|I2&baOGSC+?FCWn1s zLo`u0$JuLACuIeC z_Poj&K~C52&;f_CzELBMuW~ORU+wu?IDD%oAUj@rPcORf*K1l#>X1z<=GjO*p0A&_ zw&SUBc;i7Q-prs(WAwO1GhHFX;Pm9T3}Mf~_-WfHe$-eyP(~{6w>i4Vb(^xTyx01` z?||^J3Z6VW(8M!6U^C|E<{b18JTCw={eSBn-qDZx+vmUeWgC5(sOd^YZe*5TdtJkP zBurE$PeW~Zf|3TYWJ2En^RY+tUS2) z51l06r+5AqBe4x8d-iC%0IBEl>eimf4!y&z7H5*}D0bi(4X1|yCc`u6LC!mR;H7uO z-qr@Xa&v%}GRgO)2Cc$g_7Tolf#LZgM|q?jyP!Nzglrp|$H+9}O8LEVI9`)X<~1%( zYSG@5qH4Xun%EUbTGhy}XZc#K4xr&qNuXCCC;~hz3gwjs#9D$(okdEin>$t58Wl6%S<)ZT&^4~+h1jzlPJBROYxty z|G#1Ovb(E@#96$zrq*P}@Z3#h>SJsUg@ces8v7VZcOPE-(P)YSW@{g0)FzWH@^m4O zuwF(^uQe^8|*wTxR~`B&eKW=shgB`fW7xt)S#X_;ZUB| zXlII!Ei|;SSmV6+YI>-n(&F12u-XR`HRR~9zsw!XlU@|%cm&->Qd+&NYELKB?Qw$g zS$C@ge0%o1tckk&vXi@)@L< zHp9&gbCGZb8{tD|YNH8HK~+qzDLY(jT6_pf^$!JoXUS!W3niR#R5j#!OBU?-zf`4{GCeSB+bYwvJiis@4Ecf2h4&wYp zOG}>jWheKt@d(Q{N-(`?L+8P?3BQ-sv@lN=Op3ny4(F8g06ZJXU%<^Bq+Rq$ufjJf zlTVlxeGgbx)thjcL7sPKgIFnSF=25S%*m*T@SeK6qFEkhc^tH7Z45O=UPm1oP-B2_lCs~7CCqyYA1f}qlMDXmc6={IV^|u^X+%EcF661 zZ@4!Ny606# zTQ=)XwBeZb#WC&Q2V#GK1)=Xyi*R^!!m}GA)`U9Nq&EAe$%-1<^4|9$bWB^0%JCuj z?B17s(iGHWn`_HUwTXLi^Q68zV{h{D_+BH)o-Bw@(wJf~Nt-a9`hqU?-8|~})1$i9 z@fk(@V;hks0&rw|o&trMnB^(f-l1#W>sj%_{z3lWuW~80EXpv4hKxY<|6YLnB zVvlcJuT_&*g)lzFPKQcw`#k$L*p$LsoMjJJ9&e2~?b0zV_jbJY@>_4re$S#+mrwcG zBghkUN{l9@G{&KO0mvFXSU zU;dt6exI3-y#*B%3TuyiQpqucHsX^3XbrjpeB`O8H;=eXN~A6+`MW71Gw2?8`ZPOq zKm5!ybu|+&N8as`wNAI{A%oGwgja)NqrnWS?V_B|joF7ZbWA~yIU4o6WineyRtpmC z-ecq4*8N$};DVu1TjcZ4J~i_EQ{H7Dh}Nt6XOZ1tZvBvXh8?7LZJ*&q^3a&gKdePZ zle;{VV&~UmypGFShZbE@+sLVB(hiDccuLRrH6Hj6eGFFSP9B6;#!8C4`Hpyff_UZ|Tv_qpv4I)*tzWE(lHd>VKY*jn5K8;d( z2kG_3F1BezBcNTTQilNpBWRRKO-p5A5VCo7@VD&R!D5M+-)hcPWkBUiDI3-=lq2-?xlxhxMFBgK@`egHuM9Ulp-~P6=1*=>n?Vd)`fD z3v9Bvf_{^#93A4_JjIcbJsd@~1nAIFL*e^oZWpGPr4Z(G0j*_Z5wn4g28F&M7>NGg zvP7rVxbxz38t^TWiirJ&Mc|S;u^c7^7S)+*>y6V`e7kXFRL5^dI~FCcz%xUs+=u&H z8+}7+W|7ziU=uNEUAD#Z)k#C-@;*dbxila>&5b;+b}^2GVtKr^8^0-rmJ^GZkTemj zsATJYa%+74+0O&9&kO{U!F@C!`)`E0LMzqzrvzsAJawnfu-eq@IN z5BntA+0sGHcXzx27t3c$aL14?%%6$$u-8dHt+SNLdD_-*`eoTUx#lNc;gc29wN9KA zws+V(osFeJwR8r$Mopbu})*(%(HYObG`b1cr^V0TIH zU(M@73%Uf(UP$tX=*%;8B33kZs(^KmzF8e^Qq@X{OS9t1=(ZqYN9mw0K2PIk-vbjWt zIi1nNLadu5i$pv6!~TQ(f^8!+216ZEU(+tBE*T;I)%h7-^S2RS7b5Ph_U+|jA1fHe zG;fvpyp((O6|GlIq?-WL-(HmU>}ClpyGNQxqo~!cnSEManl!6I4S0N>fK$fQLCU5A z1S4x}u~GZ%1(1ZpmbI+TKfc;#CodUvcFpJ;sM<-gcS0-sjFifwcS5z9W?wfm!4|xE^TGylFku4XoV1qkC92l{%Yp{&*2;Yc%XPJ0pz>)?cw%m#gEIJ?arn z7c3TboMb<@s%a3*7)ugro4q^#CK}-QSdV_##csmiJn{>Kq`Zu;X*y5Ik_@RFDkQp_R<58)>w8px2?paSS$oWJgu^JL<8FAJ4|+K(FflU+=7J`L?Yl14{;lxB|So0}rjVKd!^jw~9BZ`j%<6FaXu$oVGCBt9}i2W>gWb2s`(qRxf9 z_wx6=Shhb4iA~7TFI)PjU)qL`&oE4k-L~l4^e#5(;+vx3T!`(|8i8+t`8Eqr5fEr^ zh3gBk%z!usCZi;QW*winL~@Jb+zQXQR8CELxZuYosqg7oG%n%m9W4>w*`sH{i{wWG zG1#RJ++^y1ZNxRjLL(U_M{ftcWpDmBw9p-Mdakcm4QJm_b1%$qI@%UJN``^Us>mw2 zUrwbvb$LSczJ{7)2z%0~d-~W1FWp3=6*C2$OyQHxdaSAqc@4Sjaa+0EF-(%am#L>c z8hZSdC$q#$qr;o+=olVmE}iu8`pi#Nt$s{&GMH}$Wi7MO;z5sOZV)NoD3WxfcVps^ zq^ciR*^`8vVDZ*sRH?3N(y)grJ=IBEtx@O3)#p_vPa7pVNA==Mx|tWN=!{&-Z)Y1c zV!x`(rFW?f>C>+7?0bF2{0ky?J)Xa+dwR2MWX9QUaIlxGc|1T@!LzBt6-=tNZAs15 zn-%aUeMukVnrv$|V^NmXs=P9T)91%b>KsCE!pe@$$0|e5S3E+`J16h+EX^hbS&#hJJTE4=vAp5W7`^+dRymeDu@%` zT;b5GuA`$Du@hNgP&JiGy71yIk2iHtI7(n|Q(vSsU7;3J6+SM5`j}W}E?v!s8NU++ zTb*i z>?n5Li2!gKs3s%DAjrT#qH0y^x{w_(vT?u(g~4jyhg}fQJ|44I)!`I5ks}>j_*Vw1 z3kp&iuv(M@)f8Z@f@=zfhDwOpO{FSkMxmU0GSjCbknc+3Kb|R)mIKBbnja~&s`;f4 z1ecrGPNwff4XWy<(toBP)nnwq;8JBE6p>YHogxV08YzWuQOrnBtS7HsJy2~_5EH-& z6EXpy#QoJ*RU;zXsemPbYb?v;I)Qmdli&i`6mm%pnMOp}sy-S4dae%OfH9~6hYcMA zpb5kUJE8MQb_dy8jJ^YS$gu6GVn?|Ls%=q9H8}VXQG`d5DY`N0)2tI&&>Y~5qOEE}H);wVX<8=W zwx~+kN?rM7H8ur#0bs3Bq;?UrM+o(MM%@OSH?#xT`4#ugb{A|`VW4UQ4j9@2+*QDT z+g-3_CaMEKswYH2B|Iti7fn(PSZ53;VR*~Y+X8nSg>hw!YkH#1~Zvi8@#m;4kMZ3O+DM6%dM! ztu=(L2}L9bvzN0zU1L;yJ5?ykvq$s|yCM1P5HQXoyiG$VBLn$MLBw?AtQ1#KZ-{^ut zCg+OWBT->Nr%1MnlvQ>9PE}n~kfi~u{uj{kV*+O#?MTfT1;ri_Sa38ma2D5%MH_$* z6a|42AyG8&N6 zA)!>zaf-Iy%2We>O<}OwJJ7u*WJtMWff<4QjsiY3bgap0qsX@?h#Y{Wq!VUAv|=N< zrZr02Vd-h4^2nWvEZu<$gLu2b5=|!Ns>izEo;h)Z^KM1YD?CztR4>_Et@`Rfm!BUf z3{**s(;ZM`t9mjyPs~57c*N|L7;w+r5CiFy>f(siS`9dBXa{i4V*ym{Vl$V>;FyuN z0jCWe2mFT~3vjmM0C;I^A#3vwO+L27Q2-o}Ioi#<>d4CzGP}Yi>WP)}lrgH$2)OK2 zaE9Akf360mB&r99=z%Kvz>r9YUajz`47l;jgEK!KlpTqHR*@g3$XtpIO4_2(s`li_ zYOP{OdARy+^^G;}Rgc9qrcoqpEED+wk7W|E_roXGJl4p9@^e!DxB|)pDNK*@M4wS; zC{F~mpP>9DC0$c!Dt}Hfq&!@GPs+dBRGx&(Wg{SEB!pIQQ7|E-t+c2z++0M}B2VgI8gL_rZE@UFs=YV_lwv5$wq5x1oJ@!N{!(j;6JV+XmRJAPL{=g1m0=V*r=@(ba>oG~_L`xOy;ZA(gHkEX31S z4-Tqi_GdjeGM5?eHejW~VD;S(yC54p9xxo^L0p&iNuijDT9dA7T@VGKm<+TAh`6ZmutuMsJn@rXO!b|U3a3KpmKE`F3DAa7 zw$UU7tUb0YVR1+g6w6?_W+Dk^iTY(ey%XAp9NvDxm zvM5c~COJG1~w8s=%xYCf3F{%`ittFI_(D2+8TaXSJnL9%AE$#cL z!5vl5`t53Ja5oYh4IMIO9mZ(uF&5k2R8l;HL4cnBlM`Rtl@9rM^$xQK?Hz5H*`DTfr9G@ zR^46=W$uamqbdham5a#q_ zQGgrmq6j{#2!Hz=m>CI+XcU>MFA>2#g-T?5dg>2}WU_CtP1#vLT@XF#0xT>3zFvU6#cW9451yN$9aw_ z>X=6ZsH4SdB9=A6VfENM6~qm&%g|B4ZUyH6He(4j;Dn*0fZtLWtTcNEIi=tkz%D9i z`~qA{31Bxo0dOxRM0I-Muqd`$hBg3A5Yg^}9rpwP51cquXwBajou4iLaQUY5<1PrUn`yR%kSaP>SzT z#&g;0SauOCE@H7*SYMauJ7$Xdq(onJEzYhSs4gkUGXb{^-G*LYH{I&>0-F?uv{U_+ zE*Rday>=8vTTh_c{;`7i;DGlW1>k}5z7+x+4DE~vykuw%*ly@H0ESil0#17@09OsQ zzD%{QhYa_+AXwUdELLQ7#-Wsq%aqoQJ&~(Bd7hY~Q^(~XeZf&$hF3vjgpKkRmoSwj zq*f{eAi+yAmD#4bHv^de9ZuEId4S!`lH15VYf5#{@0_EN(I;BrrpoPgy0sFsJ`-%s z{Q5BZ7y&EwV4039E72rsmqd969EmO&r%^!UG@6P75$$kZLE->N z@9CYOIAIiRfKwE{4;TKRJ8E>JfEC861K6(MoiEsoCjj8(3C<$^fBZ&O{jq|S0^BmR z1Gw|w+Jtx{Qbw3_w8?QsWZIKH{~^d#g@>z;E_}E|Px|-)6HAS`fpEBFf<^(*^s5HZ zc_SJFK&1YsWTTm*68?J1yW?CJ{b@03RR>MgYXQG5cr)Nl3H-XLT=Pm@Qf>QqX!_%! z{lY11{0)9Z0j@yGtumkeFd85dM%Dwy@{Y)g`e#0y=ClJ&GH09~`KvC-A)~JWltGQ? zueyl-9ghbD$>&Wng;K2oZYUT%2y*q~XAR$ss!{P@5P{YLfQ<@T6m0?SRCv_t_WkOM z`}7czh<6l3dr|JcN5*4pL)=GWMg?xeN}ROSJj4SdNv<|G1QyQ`FszEcxn@EH(4w_jsmHbrmU(i|U+<1GuH6X^@e|DPC-Ld<1F+)((rYTpVu z(>K=aTejq}C6A@bQbh#{Su2)kU~s<#5c--bBukZJg@SSb)*IRZe9O=_V1t5N6pSh< zoD(i973K6b6dR2qsQ|@|>!SLvO%C9}fAb0YKpX#Zo;GloK!%eb{Fi7CA0y* zZ|HXb8zjPMz_yscHeh#30Gss$zz2qY2Y`N_IVzLkH8HV?sj00djeoMC4jk#ovdQJRI%O7Dz-}% zoAcdLy{z15R1P&pyXdzNO-`|-+xKbcQcx)Yt27ajBLhYhoH^K0PXL@t31HVeA@T!eo^5zKMKSm^ zX-1*BYAS34K(49r)!$g0CCsg^V4O^LW`(rSPgxHBX2{g$Nz z_`uLQm#?pPy`sD~oDE>aGHe5MJTHKv6pLY3V!0w+YK_!4jiyHGSwmAF+8R2e2trS1 zM2BC6Ay9xJw%-fF7-MAZA%TYttpPDd(^ z#2NL~syaf^bes<0jKMBMSW%RFM^b*vQ&|-!!xa#2ne2zHp3;msZ~$S~54J*&Y1JtRtI4I)D3E zH*;#o0s%+OuV;05Pg$IkDb@-H*88bB^- zoTX<=4lGsLMoXV4bP>JYC{y$rOR52n8#)Rg=o#UMU68N)kAXB1s|MC9%9%Dyedn4O z{+DJV00k}<(TIm)l~J?-PSH>dij_t&3UG?ahU(QxB`g?CeMmA6o17YO(a`Zs&Y7zt ziM;bb=mw+d%nO`wG?EWiM-!j<(M*5eXd$w#LFc`|6>KI4CqBkS!S5C;(E;gD(F@nWs6;CC9ww7z4QIp4MUG6rDYV4q%tX z)_|D3w~tj1r&MGut>(i>%CBc)%s$4}TEBKGEYVR$hE{NAJ{n7^{#lV7g@^Q(%({Oq zc^?F4{|jw)D#$VbG%h-mNbysnXak_=_bu2s(P$*Dh#t8EgQ!So_{nia5E_0$ zc0!Mz+*Gf!Y{D1-=$iUn1ELj1)CNSNrUO8<+=xa25cO0{EK7vLBI{U=8gSOo&V7O9 zYOyL3V8qZ4pyRQCS&uy_aMoi1S3P#6M6WUN^*VtKhW1p}8A&;30&8;p(3t?PJCmp+ z@TQ_*D%-&qrafkaYL%$gS>}4Dz=w_kP*WMmx5@J6My-5HmAXbjeeg2+;7AsK!<)aB z*<#))uN^6RYoEuiQ*p4P@@*m&lLcz~jTWaoxBYgm;yZL)xd`f8kEAuGGrgtgpxi7> zqirR`eizEx@5nU5tA8Z6SFJVy#|)hWEO;z{#<+;DicY?gfEpHp(d8OrIe=9|> z&S-1EPD49q1ui-Y_ya@h^-^Nk6zKq-GqgS=;3De91Pm$f3eOL40pkcbZ?WSmm4CIf z0!$e?p1C##b+jRad<7K_I2z@)hE^zoP&i*}Xul!|MI<@a|Gefi3Tj4xc|#l0)V35k z=`?`thIV!eIC-PZ?EWL|yeWtwfXeBa*C6(QqJPt=07nh&oDewUv4Be+3w`h3ng3kL z3X%f2X6QKJhJtrZV70Lr2TU1S1JH31r4Rz+KUC0}TYxj3C>giAnejws+|GAr8v4BZK#{fu_ zuL4}xZ3x z#{HZ;vy-&}*DS|4Am(Teke7c!2TBxF3c$60q3<9=G%%FEw1VU|;D(`7fMv>rF6}PZ zd1EmJxM*k_0Ar_#{DAPhZqi2qE?vuk^k*;l#b3jc)iJR(;JBe3!0&i0!1d~&$uF4r z8Zc#O=di%{Jr;1zVC7Q8&`5+wlF zirXdy@drF(XdB=%CXoSi4L(tZXb}bLMTR8jzCwv#HG&$j(a>#x+G7FEcN@&mS(~0m z1r`jg0WM-&sW5m)Njsei;A}duIpDDX=UDX57!>18DzvJ7OHT??N8rG#3dO!FE;8+&7vr0L=7!q~tl4Rtc?YrIObwl$U3evFjG0?J4>SHRDy*qHDlvg=S%y9(^X! z&=N=pJ?xh$YPm-PplGtE3Lae1+{uXm=lBDb4J((L=o*S*lkY$L=M?Hs>T6wpH+}&uO!3OfR|DZEAF_03IQNXe_b3< z>>(!tkf)z$RFc@f4l|C^T3 z25eCvN4pE=IohQW${eF*j?p5=Xw0FGQEZ(5cXFhhD@B{wO-XDf$|Q{r>D~#o3I){y zfWj|smNQEI6DI`RF|-4?>#+d1_4PF5yl4q+fajb5IC+mjAa_BdSO0kbS5r91XL@N}#(un}%=_h*d12qpP0+6Sl=$?q~ zE2vrkh??>^eN&vg-34j%n>^Z<5H$BDysI*AgrOXy( z+io0c0Qs2Z3amD?26%~5nHeAC`yuCGHMhJ=-UWrhYJPbab>Uz?V!>^8YyW8xBmzpP zv!j331v#pqS_QyG<1joPC>RNdYc>v8XS|g)^QIUmBqlKuxLXfWPAe!Hu<9YuR1T+v z=9JO20l%l9J)dj80YZkw>_(n53Yu>LLZ0i5Jk33La?D$fF@S5*m~C88^i`v%E5w?v zsWgMtd8I+4U8cJ?i;b?F(zq~7>p{zcZYn;2+@>6nph%B*?EE9sGR!Evz z;m_YnrF>06iU8IpLa+^<0D$2l92C3Mi2yKb5=j@utx(Xub3;Soi>#0|v$}q2Z1cJk zPeB?2?khMU*aJ@hz_6dgC8b<(A^^;qM6C*v>k6&v+YJqSvO?0#8Z}%{%I_#hL%@YZ z2zJpE05I(5a73}koCpB3CXt?`EAFI1tNMEl4STXe(##q)+^v-N6r>^GP$C37>H{2VAdpR zRgm0PXjM-&H0;R=Ni%EI@T^k)KtYNCt|UURtDXRWVLyixid}Fb0L+?1tqPJe3a#qz zHZ<(X3Q03-)No!Yzo{S%0ml*{*l|w)z_6dgcE#$W4&(;FtVz_WAemEWRqGoX_GE>m znKf#-K`Gx>kPJX45rR#50sw~n99AoKtrG!Y)+B0GkgQi|Ro`rA*pn5KX4a_TgFSj0 ztW;?TSeXdHR(S#dhW#9FDfb-(@O8KFJWB_g? zLa>{j0DxgXhtrBZ>qG#UHHlgkBo`D~)e8*`d$K~(%o;U3tdt)pNJGFvA_P0-2>=-O zbC^}EzI{P%0L+?1tqPJu3gw-ejLSV)A!%lf8g5a_w1Q*+b|*rx8BYMfu%82`FgH38 zVAG;RQItl%chrN;nJ~a6Lpy*i9t)WASip9V1?*IC`Ctbup_4gh3>jarH z765a&wYy+&)c$W~JeApHEHfU>j3;6IlI0%-M8=~9x_G^7Ip-*G{F(IU!&^5rXaa1ON>CIgtB9BWeR8QO_J#J?#;ZTDyZBKif_itRWNfIR&~8x*_Ai2z#`CA$B%ZcK9` z0C{@WK~Su*=r+J98kGyhN~0JBIK_A@5b(sT_M;V4vw+T9i|Gr|My05s03uPgCfyDl zk^gBBSB9(3^{&7@g(cO2ii?E7R~fGwuttI93~;SS10GjcB6{A61mEOITLh3^F6#!X zK?JwX20^ws5)IrVXIOx55QN7f`3nvz<_ZzHmTfd6zhcS0(NO@LsN8G^mTA6JlWR+# zPq0DeUVlotkrv7w467Z8hm0>(rRz+uSCNzbh*S=*i{`e1_R;~=!^5)Zw|?=-Rb75i z5lgGNLjx8Q^XfrczgYDotU6bU-tT7~<*f3JB7u*tXc)^Bv6m)h^8oT`=zQL`Bp9&M%358ox zb{M;NM%JR4S0tPZGw_4ZTW$)AqE@EJA{G`Njl$xY{87{!3QD|QMdj>AWMMy|9`?gB zrvL6M_fk`F41ikhx4Lm4>WJTd_^n@5Ow2|ZKG6V~2$E>=7|X@MgH}I_RWl{+t6F@v zWmzbqjESM(Ei`6mm{^^xigiIj4h+EI`Ui%2#s0Pv0m#$S=R>hz(QSZJH2QofjvK`& zz$qGi{&q$0G>RHPhJICQ#ZEa9fIR&~!-^eoA^>^%i8d&9lM?~R(@&%o!;Ipc46rJZ zfx)BbGpM=;q9;kay^kk~(O9W1OC#Gu)nLu$TKH3Eql{$M7Ws)dWLe^-&uc!cAVC1O z84K&Ts#*~pg>v+0Ri{LH%W~y8>F3TWf>7u@v~+2T{(LpRddXM$9L@ZiC137F>Mu8< zHCpnSnmPYW&73|{6U#7Yyb)Ty!2ht4;dI{R0$i_#dz}0Sy6;{=ngMv4UhFd>Ayc$7 zMT1AwRYqr5&kNn}?3@gT98v@{+HAh_{l?RTn9}=_LyYgKLs)j+Qb(X5O9J+5 zE+|6*4j5Vkm?8F1FlwOm^ z_=d@Mig3=wxC&I~Mn#a&&pW2{@{aKh-jU%dohsR>prQbF8QKOs{##ayfOUq}fa4w; zvjbtV*7E_JqA@r`>fK5{X_PhKf}tJ24?Py(ayv5;H0yE!hYT%h@U%$JdalSG$e4Xh z(eS5F1v=T}C801UdM>amyIp5fJsAZz*Ub0{K#VgoEPcwpUAa@NVsPb+JGU;)d8$9bbPgd%N@^h z+sK_Wf(~F_fl{=)V5cl$9B{?Z4gmd}2JD(8v;p^0LaA8BmnnUPk=H1*#!C*q7BJ_r zM+Cfp)F$y=YJazOSHzwFY?y0YA@YN}`eu=l@UjWeTz?;P5}k7Q#n&4uTw0 zP(0uVhK>Q&{_}wZWSxRY04QNun*u)l*J;VD{u1%i7X;>o2nAFR8M{*lPduWFNfpHV z)IpGiM~&#bz!gVt3EXoOuw_}Go)K~){s1|vApUbdr}rxqjO7_2YkuD1HwkncJt45# z3Ozj>3ayNk^Sl*#`o6$YFY>8_Aj=g*63aWlX0B#fgT9@lO27krneMwTL;CgjPc^Sn zpiWOe&>~d9&!h=iZHAfJ@UyDgq@edaZU_*}1!SP53gEyM3aSdgGlsUY&?PfV4RB*^ z!#WtoL0t?H)ic1uC$_=Z!hG zi~6@MbA4IFKeY_?0|C!aXEo9+n{FAQJ5AEMF7RXHp^movTcwh$wbImpuNgWD2#v8M zZW+H>@zJ+0w|7D26o#t3XFlwLA;OYku7SZbiXy1$QlyZZQvaTpWD)hXSt||Dt;j}p zs^fwQ`QWw{f2Hg;Sm{UlE1MTxkh&yt(eJ3rFd2D-&IlkzC}lnFXwgw#R)27Rx%u=` zxi{T{Xz3{F6ok@I(j^F8q;Iqb3MPB4Wa9==IQR)kUob@`qw3~&t+4m0VxV@+3fyQ# znA{}brI{=lQk=uiFc)VsYde`$OcG_A7F~AuTSTS{+S)7VoC(^R1#QiC+lt*DDCh$1 zEPiViU+(@CwH4=56m`Uk+S#6p+M##{Ols$vz)uYw%L;UEs3X6vApe`~g4|J%YhL)U zYnT+WB&zZYR)1qzyH3_FwZA1;rDgxSeF|^7rK+J8fp-=7Xo&#U(r|m`V6VOKGfRjH z+mC27`w_j(enfw>A5l&F5q-|d!ia1?LM0YJ3J=Xm@*#8W`hpB{SwU?IfWfp%UM|C| zw%V$%3fyq?j{F|qw=obOC)ltT`K!99JPrPhKa5mi7OD{w0kMnr$f(0vtGIE%yux6$ z@53&Lw}o*W>xu$7f!;vJquIm+qg^u9#{rZAV&IVJJ{pZD;%GXdxrWn7jN-LybIj~B z1@VY^MjB62(OMnR%(@)`?-)7?@Q!1G++&uz26z`Skr+^<7Oi5zdX&x?0gNolSfxT6 zJd!B3Wr}UFB;FM)6OEko{u&u}nVc0)*1;@L{3MJP$is%&?Mr8EI&G-tjcw@XI@VdoZLASo$4=I9Th_6Yb=;P9O!Yrlos;-KQFyre;CO4vy1&!S zS_>JE2IqyWyJCXC29ab~$u{FKrO$Ot)tJwq~YVvwmri(Y#Kq?<>$&qN?zZ`S>*L z=YICHFLrN;=#J@;N3@|;l1V7m5`z{I3K}`;iHE3m_fmQ?N%NkR75@wqXvV4>N16=r zu0x6nrj12tC}$!EqJ4GpVOcj?SnmTa>tc(Q8kzKCz6-L-f6OH7glX&lEgm|}BeuS( z&rQxId}pM#GZj0(C z3d#&vZy7oO&s*ob$@N0s0-O^4U1_e?2Dme56OA(m?+ZDjU0j<$gFH|WQQVFbdQWx5 zZjzC(r4;ts&KxW@*u+VuVv4y)d(L{GGTVOmG4POr_+CB;azsJ%aX{D>yj*SzUOrf8 za`|AP$>ma$%SjVs9A)d43YBb)6;-=nF*?9vMD&=OQsPfdAAR{)+gxV4X#l2E88I9j zg~Alm2?d-tboz$CEk`ltg7xOpu?V7#1rQnyDHJn4P-uEWL%*!s7`mZ_ihA-OdQg4# zBUYgOh*IrGlxshtWcv}T(0(*5)R3>oDiZri-W1e1W9t0B=2~h$LpF0tn%z|0ENu;F zmi5uugG;`;tjmu}=I81oKyF*jbpY=FijUQ39Z9T6`;l!XGHf<$Z9qS=&Ge%%lT?|N z%sUDi_9JIp9bPMyy)hdQbx>Io(rEf(3G}&CG-Oce!L(<~nm$`Lk+WqJIa@Z7vt<)G zTQ-ri%_T`WqbSOjRo#kRy%9`P#ue`40Q8gjFCJX7aaA`OQ;tmWms|0t0azlD@ne&x z0k)KBSpAr%0qA#9J}Tj;g4hGt=TB+bm}v;5D7g$1nIcUBG+^LS$>`CasK4w=TASfY zw-h99L5?<1_>dxEvDJna%Gy{cYh$6TjfGqRNw_N;>icTR^lHiUYRU9!$@FSj#aFY0 zh8dGa>D0m;Kbo8e&2iaL%&AIrz% zP*CUp$6pp{6*75hJ@cZ@;oBZr|!Owmd{OtFq@LSWv&wdyD?03P>et!zTf1`(={Vw>~ z?}DHG{uF*+=;3F-3x4*y;Ag)JenpM=9LF4o%8`r2dJ!5~3XR+fA5z7JzwCiFS#n0x zFgmZG9vVis9EDMs3&re$^2Oy6?>V<-6}D!%jjp_EZ4mj0XfYn?6NYlgM~E@3L?pF+1&Hm$1x?1gAcq$ri6p`G1Q;yne;;{iW0v<+Bg zLZ$!+(a3T2U=(9NFyC!6Uk!L*sEJ3WkwmEoqqMaGtq|y%k3|x_GNVX{n(L8}{y^Q; zu!c7!ZV@=*;v!PVrS5>RUalL{p2XGyy;yh5Uk=31w{1uzkor+=#H)6Hi!oe#q=`Fg&Ip zCC?rN3G>rz@M-+x|LJ*VR7ej{B=e*~pMS)JVmUXIsFzkB$oU@AS|xIN*wQe@lIjC9 zL`*3j!&%fn`%<#sRP+dowS6^($JL~0R(kdc#k}5N;|Q8mre z3St{A0$dr6!DvEvN3OFpA82WGNM#nr8nV%Qt5(>BVt+;`d%rx37kXCSa@%^7>CAGP z^F!=?iGcG%Y-|f%t?iy++wz${ule+CU%Ycph_g~6h|*I>5h4yetQG50NIHP!3i>Gb zp%1&Ogx#@(34m+b$?8p@-bGVy;&RfolSTFpZBYaD`P$=?SVYt0fh$bX_{t=-lZB3F zp`9p{d)tb-t3|GbVfgFWYU4=&!b^pl~jy^>#8$T=K5%IjZgv80r za}q`e%yTBQ=S<=`&M2Kth>TW?g|ita@4V$5&w0nmd(o6=SlaU+mJ%1lVX)f2s*4(@ z6zm7g_AA&A*sWEtA27V5U_YW7dK4}DjF^p*e=*GT{k1UW0R{6g!BYxq?*Iy-Ui#!g zkZTHx2Vi@PkCyTu>OFYe4Wno`OTd6MKN6xPEFs#_e)MUUBL*%>nL7$_06tLAh}_4$5s;P(h+PLa7u2GP3A|wYErDDEPv`qTmY$PltkQ z%?fLZsuC?6jLhvvQPyG)A+Zlg>#U?)x6;*s^``t*K&Xt4VwL zwo<4o3Ze(NGXOIb;QBW}e=R-8mO{3cZL9T=ZAkJ#e1>!x%RBTr0fEj%}nTov! z(Xkf6(SD;17&XAhj;X~8;#y;xT0wi`#{|wg3UEhEGy7P`6-q*HT}zGJd2`Hd*=XBx zRi?+(8kJQs+ZD{WBCCNx8ZtpTq(~un71gTfSo{V>w42!~XS^Y`sNY6(RjpPvuTvvjD zhWiRSCJP|1UId@*=G<*^udv+deSKG9A!JbHW%5zTR~mWGaYSX(ykxb_O(p@4D}28C z?y@D{{POxWAKa-lncl6a8K(g3@27~R2U3Vy18K*{RKRuxK8^ih7wn8D0M4a^%wdz_ z$dBb>tUN+7$9iI`flG?HqEL7OS*WwWy$U{U^8YCevm>~v@&C=4UirM9>nOlNee5O$ zp@3%;KBq66e{0PL*RV2*^QZN>gkgo=L0)WzjMW%`*=~0G_$2z zhz{jhL`$zeXdX9ylK@1i#b@%K`O9vle_%AD(9~A&QNRubUBGWofUu^UAhM@)ng70~^H`{@Pw#a}yTfFQ*iJk#Cq`u)nGA;ACq}?_?|lP5m96{!>t)0P7wHP1WG4 z+*QH@rvZHHYtW3H6!;@YgT@VTU6gk`6JVoJP6IX>S_5`_EUZpBdR^eAqmkW^51?Tf zJtk&5MSy96u&_Bd2#n;BfU6470AXr0Aa_Fo(2JY;=qT~HWSn>10j|$D;7=7~DuCy0 zILh_^RO}T*0XX%CpnVkgjG_&2iiWx2vDPw<0-$JBA8m=MHQ|(q=Z#$r_`uLnz)?dx zfR7EW0ml{m?HsTZo&Z=dw9gRo4<*c6VjJLW$1~fpl5M*STj$j?`W(KZjdlf@2Jrg| zyfOsj8wmZc3{mh~W``O;{=$~JGExzn6sY596p!s8jfoL*`}0`^X#&`<1M6}bzzIWZ zz{)?fSio9CYruMs1#I+Kzy*(u`~_`wTl}^gr(I?nu*C#T0g&tO1!fJ}S%WDwSY-m* z07N@^R-%m(b4D`-Kp&^+RbjUkdlUdsv4s&Q7-fzoengq>DPV74^-p0?1C|*&4Or)~ zfEfjdfhRl~aL&+az)F=J3gBu5u>-6(bQ*iC{GS7b;2H%{0M;8i4LG0x58w%lt^ubF zod#eMD4NC5JG4Cox@3xtBhvYgA5DykHXOzeB|)hHbxL5Tf;yPL?9K|AxA+=>R>hdx zs)i+`qtL46H%5g9Ew;AUjY-WiHY=ZFi(c9)&-F5Y!hK{ZzzS2KLxIp!j*hBmDHQ8G za1?LaU@np7*36Zt1K8+9(KYiuXzWK+UNA^Ll*Dbz;k=G9Be%DK!F0dAt{i$dWbo;L*GAoRX~ zn<&`@hFs`Bs~`%%0X=>#_Q9JXp*>}^Z9x4#wBvxIAH;?Vc1J-8fOX>MEf{Qrac=_< z)ZetTJY=0VS)+h0CaVL8vPQdL3nr@rh_XhzS=MMNt9kKzQ`Wr68Ut)MSrdRLYs_R( zAUP`_${H(VO_Z|6lKV$FtCVexai{^mWa#LD0~!$&WPiZ-4Na>hTbV@$)iEhIFRkbU zfM-q7&P9PMjshMiK!NV}6u_fFz|nG}RYV#jlUt_Fvscss<3A2KW@rugfuU`{b}P;} zLa`5mqMhUlz4AAi{Dvb^%3(1YF`hMGr=gvb;&3k#_kz)C}>0jm@!An=$+1I`=T0bEoVsve!V z+XW*?W55GX*m}1Mw$#l4SYhZiV6CAYfVCBh+++c-8 z)Fy>T^cYBy+_uQiVTGTo_Ft@)e04v>#1r?N!Y>r@MzOtEsp+nI83zwrQZ4)0&wf^Z zblDy7oYEfB0mLWQbU`6))Xo`+_+16e82+^RCQm-A(0HLTM`PT6;(_YlijlzcFX+Iz zf*1pM$-Nk$BE^r4q7870ZM{64Vl-3q>=ti-Np7H^-G-wo!Z8J*%O!55iR|BPkc8te z$`lHe1i0IBP0S0Nb`%C{jlsmQz>K4Z1dcdb>M4fOV5#Nopn)^#Kz`WB%l43R&MMP_ zsa^wIiK(1_3MIZ``D=jdGnJKSJb6DY7FV1b;Exnq)%&ZHG?3JR@PmS1QP2|Wj=-Ci zcMPynMbKJc7<;%u$D&q5N85m7oZ3_z1MF7N7n`eZ>Vq(kb)%*bA~FAMk`!uAolg`( zU1U=i6CrZ(irIspnLO&c6uV(cu1i7`eL~VtDrkoESKTv0ZpI&3a)F8IRXJYaVfclf zU7QnZLAM(H=X58XL-|E-gJ_&7$UiAWXKI>%o;FdXy>Sa zt5BoDB{OjiaBFvlWIeZbjW+Aem^Hu+-$Ai?j|F%gbh3_}tYd0&dg>v$OU>KT(4AYt zG9`G^o1B*>-gGC?0u@x3*(oQZLpN#|2KaL^QC2BJq-Nr&udE(^*y2f(w`P*}9?xcs zvD&ljkJQ%9Km0#(boJ1~k0g$?pPX5$``?m+BnaK$@*{=Xdr(##XO3KxB2!z`X>vub zx9p2V_G&j+kf*H&pUl9gX#Ypd6UMWp3+{BS^ljxuirU!@vBh9kMsAJe@OnNe>Qf4g zgx_4#1^q_~+T8}gJ*32Jt?Hs8=|h)P``0W{p8k|pwSRSvRevgKdfrE>{VSA%K|FTE zpYy2qR~KV9SywzN*HKW#0In|cS$CbJHHq3KQNGhS60I>#qX0M+rim0TYb>%+zdS+` ze_C9nHi2446mTivA>%fFRN%A%(dPv(dNkm2hz7dsRD)q1Td*wol$l)-|DQ?XobsGe zP*XTBaNW@ty1 z2CD=6yRk4D$zoZAmU-`sbe-|vmiZ@zgVmMpg__DLPi68n(o;txVmPfJ-LuG~u+<{- zYngCHRAoh;vRq?;a|(Jn{=+WFRgVW?Ws3*7?eS%4Fzx{>%~;knb*oS!@VsUG&Lx3I zjrco}hbmJMa~7G5pl7s-7`DhXc9xOJpk-vr4)6W{x*SpgqX;nl)U%0GZ%4V2=91C0 z0fFXhAI)*283hEIGYy)O=cnQ5bl7-}0apJS>P-Nq6j)!6b-{N2x+MVqFZSLCNUrb7 z?|R)c(r^5;ysN|_7Pk1UuxED_qD^F5!~(0ZAOZ`ls=S`*o`0Iyf)%U^t7PqZY|HEZ zSpo}Iu!0?9QA~kI&+ZP1k{z&MC+v_+*jZM|PFNL8)v9V$g^Em7hKedy)e5X&1&f&P z=bU%mz1=hV{ruaF15~9|N8j_#J@=e*&pr3P*RNmqZ2b$-0C(z7Sp#rJS5V#qt`x}> zaPyPV0JkVo18}cyfP3^WTLW~W@ZOIlwo>DQL20xvKJDmnN zorW}>1~Gl38ict?W2jFoyM$heHZ_86oAna-ma*diGcS9qml@ej&9)sdwrvl5^>PGm zEfKmMMDTVH;oCtBzz$*vc5qdLxGu5-MpTtEKj=F6da3{m#ia!VRIxs=SlcJf#)HfA zVk(0VE@uWG)CS)(Xg53l|JU3uXoBw9%4{G0=QLj;ol+nF^ZMvTG;ns!MrrIwl|p5c z$-e4|1z6>pkGq$d_YoDd9c1%<_i{GxcQ0r2e)n=V?{_a}^M3boHt%=q$*7`w-EX{b zgm(tUIUKw%($(yU2KVR_#sY^=Sy=0rH^n>^NrizQRmft2>mo(Ie)*Odh9Y_FI%4H2 zUhdpZOD-CW;ohk#2`~>t`kv9<%Y4s>gNGtrm;yv%*_u@>__TxYY6r*v72U-V*+J}S zb`blR9TfFz@9Q-yMsHp0pL4V{t=XfGR^4_{+Ey)f;bB(ga4v#VTtT>#I~5JICw7RMI4;`mvj~onc5L;@JB^> zI4f*d{0$+Mg?vePSELSqueTy*H4cs`U*rv~$e&_5rH!BB6MI`gGSOHOu9D$U--K7xgOlliFB6(81k!!K9Ek_f}j|8bwRxXnzPMUT=I>?0` zuog*%9c+jp9d?i{%oSUhB*a<K0G$ZHx}*>~gmB41=m1qZ9@^GKI%G9V#>2~5G9Ko; z)WbX(4=?uzuA{!#nH-fs#3VLFG##@dX-bNn)R_@UBLuNA8)DfcnG3PskMoJ-d?GoY zNX{pc^NGlSu5*&}iR64DIj=8-V!#Tfc~+SvyX*{+Wo-w^Y&)54C$sHjHoN0txx{*N zxH79bUAv6kJEDDsz5(*a*SjBleRkwfZ%*aSoc2p&Xx1_O^{Z@D>Fk&8$ZVhBv1;kL zNV^K~BZ@{#lfb&hmcR{TJHV<-&nv!Fk-7ndtEwZ$>o(!z5uv1n_1iYfC9r91{SLyT zIV9l`*8xgnTfjw;-T*!NTpsoT`8y?2GS=-ROquO1#=bE;{*B>K)cY;1rJExCn)Siq z`b~V2vwtRSIC{Ktv%-`-uGA|j)WA+B37((E}`i*b1Ng-di%BY3m+mSN6Zl+qm*F;0bSBHCa znzxQE;DN~G6x9c;9;8HBJre1z5%3++Yely>^P``5e?6(V$riPF9jNWn{B*7gb{2Hx zpDI=&IirXr49Ze0tDQjJw#=C)saB)mBN6ptEMfsKb5*nHRsXHk>a$6GHZ&O69ckPZ z$qGORRp?f2C3Lc(p`&oaiuZS6eY?@4#o|4YzE#Dyq+qe5KQm@u41#AsI&<}XQON6x z&Y9OoI_ytf1VD%b%m0|=rM_p{XtJ@Cmi+qGhISqas@*1R=~F(Prs}sxA(jhW9PSq> zIq7m7&wlym@84(QJ*ysDjyF?cGb_Q`HRC&Z1B^M|waWkI(RHn(-4vR zd-|~c%6ItMMfA>QL!`9Tg9t|A4|o$$y_vszIeb{oA|HJTbOU$P=~ul!K!1I-7%>fe z${0RL-bL#)eM_)lYzcV(`u>5g4KQ_6Bz8$~*V(X?@Tn5_LZmSQXZ->`hM|);hUTqz z8$}u}9?G`;{o)GUZw$ru(F zo;t}>y<+vV6SBqtbfx~hZ?9tjVN+R1CMS}~iDWXr@R9d}qQ3grQzZmDK3Q!h%cE>3 zlY@!%)YR8M8sE^+?xrv&m%ksYI{B*eJvUHUH#n%&lYai(Fj*p+{7(Mp?HQ}&)nN4(+Zt*f{326nza;ypKSD7`HOjfFqqH%gMQG2l#F95+<(BsScL z4Ig5|f!J3Y(%!IgIZW9>7_);gX9r=>4wA`=t0Lqc&m9ZD1U8IqZwd~6!sY?+`y}nS zPok5|b7g8oxzR)cBu&!rnB6I|qBLJ;WfN}-XYDeKTkV8ZlV_t@yPV9`3v-z0`^@Ri z$;RcqCl2+(Nh_Y~WjEIjZ8&)Ymal{{?oE=NH&X+FzxO#u-^) z0(21*-u5&QO!W(gOu(=+P3G{WLa4oh@O^h3oLFXb1>wZ>~t zWd+Jc$YdhIro>@7DEKMJS8V>+KN@r)Zdn ziIz^9=X#^pr#hPaDN$}i;T)0(ect>DD390m*C0MR`h~u)hYz}IpOWIAvVJAtWmWI| zjXkVID0lZd3nhj8iuD>fY78+XD7$L)72ql_PO0F{#W*l4(sI3bd0RU%ciZfM>rZZ` z*#Q^ZT)Eo;ACLHLFZBth!npGoTy?h*Z@5qqU;kVWAKW4IBkmJ&i_nj_QOG?)KjKay zHwpddia72P`VsdExliavZE@Tw^dkc2j-VeAIrsMbh|sy8=SQRBxS{7q+}7icUZt4^ z_BP{EPL?fo49gB;RCW-9vV$0t9mJ6AAVy>dF(5mL@z_BO#|~mNb`XQHgBXjey_2CV z2fxdrOVk+mM&*Q(WjhBJQJgUmo8^Rk%4Mj ztR;=)6F-Qbb<#F*jKu6=F#QqZiBA8L(J}%fQ4kmQPvy zvkZm!B_(=77E8cHDV7)sOl%g-D^}UzI<$${I<#jK8vBM=LSxeqOK9vEVxu6%MmdTl zG&TycQHo-t5XBNDWhgd^P;8W-*a)}*^NNs%74iYmp5m*;M}M>j%l@a$IE|o_M$kzk z=%f*J(g-?f1f4X3P8vZcji8f8&`Bfcq!HBDUX2*aD=-qjM_)er*!ykY9#MX)L&86t z4q;D;_UWGdM@PR@eDHQdeHhrqqy+nDhY~|Rrb(*|!%|)&EEcmuA{LTDteSpTGaP`wS#uR%0QQf%FK(n*FlQnaeX19AFh#T zeo(BR#E|H|D8EEc((K)763Q@tYc^h+>b)h(F3V^-tt;{~B4r+Ei?}b<{}5f+P?dZ{ z@0mqX2lVs8W>D~MV@qJ4$c?}qwT2GxCyXtD^P*Qd!pRYH(gGfT6en#UEVp{eavRHG zuK&5di2InV95;g{uxjkYT^Zao+Y`VeV@u#$#*X9TpeU;}tzotKu-joi;b~buZ`ND) zq_<*rTF(T}jV%H1J%;uDX1(veg|=@QSTQ4$gy`y%DVX|W3jA`-aYxGcMHB~k#C%Ph z5L^%;?h0?Zm|p2sN`Gg>yT#V%O7*5lWgq>A8VGI=2u(mxnP&6|JbXg8*+eQNVAI$s z;HgW2BmWEvQ@}A}OJMk)H7T&q*b=zv(y;$3#Ba|$w1E4@P5}6(B3r!_MJq)yK@`U= ziWabH>;yn0`q8wx9?Xcv(E^SeI{{o0nF@@DTA$7bLnXv{i)#!Z8r@4xL5-!LrU~kV zMKT6>YNmnxBE9hj+~4$WemoW9fcu#Q9-7N>!28xE7yIFWty)a%iz40Y{KX#3U6JM( zSTVK}12L6R1$|Ov2QX(u>_vhpV>`2gu1kSiE(Pwn6nN=U0HWkc!U2()h8Y#HZwZbW z+liSO*b{wn@0-aIz?3$Dq~14o52W$Jm6Jw&r?FYkzG>}sw>?c|OhnU`Hv!L#EwKXi zxvUKq!>D?%TBvQ?M3sdz>P@9-xb;j8C$qJ1$o!z4Yc>(Mu#UKBPDu!5n%a9B7d5L_ zY-T^r%tDQ#z7iN}Ab30=G=Z=4T9Y{Wvi_$;asgcV51=C`xVnki)*4S@DNj$YP(`&dbT!Q-W9uM zUP{2d%;2RoFEg`(JI(@?!_&#(Oma9AewcT?C?~xbC?nBV&kpxs@S?kvYuEOE_)sr= z)dD;+mRi8UnOg9XLp=`8itL%@a9^vNPyI&_*dk9u#TWPWU>JjbX73a~tsaVdO^ueJ z;%AfiU9~u?t@oJlymYf0@)(+{jI+iuMWXsHfHrGkUFRe3es>ikacXt}I_rjA*vP+U zwXf2C3zh0alJuUxnr@~X2LdlDo9=a&0*{QH0kTr_BCxpLan2(%7+nmwt3#27II?ux)0i8RjAH58OIN4Ac8G$O9s=PXvrvY;N_ml-=1l zP^D+J9<277YWmNsd0nIl0yae2eCB#E?rtKvn@H}`bXI=PsDsZ)37oP}JM`Ue@pb6? z)Y&}L#MAATNZS{%Y3#XuGIYd@mB1e}wgp@=_8ic4X$tRLnAI;Q$pl5c;IlQEqMJ;8>nl(Cw>69@(d)&}Ts!&3obFT% z_c)#v{ZKJ?Yp+goAy58ps?}W#p8hqG8*0R{76^sOV8k+>+s-Zt7?z}rjL7;H69(LR zE4egI*00yr&n4^UlJ#@R`nhDiE`iFR4Bf2_O zbz~zN;imMSi1z3aW<4oJnwXR7FjAl&)l?1-i?YZXuRYNI4rM~ykxa-5AVnAFfF$8m zz>YRje0g95!$4hgee#}b2Wz8IH7^l z*@E)@%OZsijJyjrduy^J;jjtod1l0j?~3#h`B!={-mzW|jiLJzLUv^yQ}+A8^Sz-@Cl z2|N`I6<^Yyq!#1pn~X6tHKfh|=O{iCgLnC&QgBzK2RVu#>8*= z2=}YPO%s>EV`Dq#<@|z0qHp0`tt06$(m9cgtO?dd7&-d)bnPsHza+dWlFG7R#o28E zlPxJJI^gUfflqjcY#kMO+;BeO9UH9;RmqW+7b5&%X1@qNbcQVcry4^pZCb7$X%xA% z(Nr+xPeIKpHzZCw)k}3|^kVO7bc|9g17(n685;u=%P1Iv*oXkUElYRIS_$-wt*fc> zX@0M$3BNw*@aISS?_sK#|(wm&P<^aDP`DTcVuhFAhV z+Ntoa^JyCGR2uD68tqj0^O7r?0~Sx4aWhlc2+Yh~XZ!kEPgl1bySnAr)$7FSQmFYt zW1x1GZ>sH*8B7|od|0hr)0jcS>u@Gq8aB_U{etO~=zPqql&1x5uoLPUU6X<*Gjh2s z4a#_6wpICRZ=22xa8;zcJwrV@tXhZu2xR}ZbnaM}68L3f#~(`hv2`eczh!JHoQMl- zo>7=f`hmv#jnxvj%*x?Nz+*eSrrQ;#_J;QWhc+K2yls~}*@*hygY|DbO9 z;0*4GNcW_G_P3(}?xjc#z^Hc5s)xAiA~gVk8|d{1g;r74%{-fb3q0#nb8vPcy^@Xp_I3*LkT?bzGu{-?R^1EX=h8$wZNo! z!21CoFm^mNbQ@aHpAhNJWxjufINzys(lzyuNnI-$pl5bXtx9dIOY}gbpKv_5E^iQg zxI~9}dtT`Md^Z8qDZ8WtnX(%!EznKUND4;v5_@jzr#6FR%h(+%m|HeV&M zWNhbj?Y6!|#Q6OC^nOXC6aYswvVoj0R~qluLlh_97<%;WA$?&nblj3*joF@i@SyiWS&4wjD#)58nSF&4XybM~M4fkZ}=UNG=LYz_GuiG=;N*doZP9g_*zl?ibytqWn=qnoYp(hKP{35P#T+S z6h}UwD+7@-Q1SJU*`n zXhezxcq;O%8MtTO06ec7ioRFs-^%;9di1B$z~_PYC3%Wg!XJ!{%6;HI$?z^VxAtsdMnZvZYq+?qEO zySyIB%C<-$0^c&W^;Gb}r2xid82GHQ<#oY=ON;y!cT|h(>gFRTiFwV90sF068#rKW ziCqlpI_Q?b?Y8fTz3b9q;I%F@58NW)9VY3}vkoP&X6$59y;xt*r93P##R*paD-HSI zkOCPQ)^|nHkIW_c-ePFuK{NfXD?R5`$#~r>qKf zRJ|~MPejDvmPk(;15b<{2cEhVOGnI7_9*hA+T48KlM!xq-EBOmZH!~%sM#2g7;+?r z73Y#6oN|PSh8?LzSP6530;IZFU-ChzY?Z6e0 z?*eewy#cscH^ANU24KE!i1BF^)UO|a`5}uLx7p59J2d9;O;z>3XM+N6&%>SrR*Wry z*{_=vxM*w%?7MAJVARd6 zw0wR38fNz^R695+2FrGU-R(GdD(2#URJAOKS&4&3VphLVwXBO7(MZie?srLUaHWP@ z*CIwc2(88tQ$4Irez$+4iWlM(a7%Vbj2=P!JH34h%;VQVsRQCy{XG_V^!nZ95yiOQ z0+!OKn4=>7+WKdn^-haB8%=X!x_6UXRWRNph6@U4Sw!7| z_e6UB8hC8%6!6rgz^KC3U+ir3V9tu@33^`JDX;Aqhc@CEh1eK_SVr(dgo%hd-?ig9 zb0C{|rb|SiiA@2_qyT1805d6onH0cGq!4S7!~S4qB87Ge(aJrl9FQo~z{3h=U?{nz z=uYm*HG%5lARK4c33?OmFCQ%)AagidIRtU45d)s`$u#20G~&rL;>k4PNgO{D$pXN_ z(*0v1UNW`>SYeW;DXFioiLjLCwg&-RGPdop5BzUC-I9j9VZ$zg-!*m&@c1WE{1Yku z3F7~dM+&ex=n^LlWg>+)a3ys@E8I5he00&ZhE*_ci?rrEh5 zB{F4tI)yi#!kdn)ROfmtYpkx>CjW&4J(&9Qq_z3x%eN@Pv`mj3j49h4xWnPoM;DU#q54+ z=Nw1rn;K`b-A?VhJG_-Uymc*ecrfTu_I5B26FQeJ7%C z_FhC&AKSR~jE+3_N6&rcbqc@;oSD_S#q2?m78X!d%k6xM zZs${UJD;N4`4rvGrpUH6t3}!r`LhM+{_+L*it*Wg<^F8Ha(}j8xxaJC-?`-PT=Hidn)|Ca zG#h8;@woDN!lx2=Z0t-*?MzCo&8oY$S@qP;B-b;^b$yDf@>*S=4HS+~3b);SYwC`LVbI&Z=LsSJ3GfM7S0>l)rUuPSM9D- z-cb9z>6FX0dOZ--QG6ic+5mhm%I;=yaf$e`iN}E#B0b`ozK-q}pn4;#2D*LsbSBsm@u4+ym+Pv(x*%gbjy5vrQ6Xu|ktag&sPO{p; z>bhCoZObk$$rQKGG!%fab%DHeE$rGsShj<(Z3ki94kAJIeiGYs?Zx&L{2Vhs`X&y{ zaU046z^LpSI+w(FFj7jv=pY57gA|MoQZPD*V7wSk{es?&h%`*Vlh>yABTIh&J6eys zxTio@JU4)Mnu%bv@FNtl5s26bLu>@0a;|g1@O_xN#g&GsgRrb*-ntgH?I5h%LD;v0 z3D%`U_!S#o#fDF@;ZbbvPy47$Pq`Q1oUtv+ZNo~g z%+#AF)XLy>iHC-ldSBuntM!R#lt9}itUgUv+gzQ|aDg0fx2b~las zZ`#PmfGv?CS*+iYgwA6%@bk!fKd+691Mk$TBQ73P-L=t&upj5Ys$&@@0>PE*uv5T2 zk$>0$ck+fc0Bw;sz#Y`Be)Ryj>+cOk_QJ!WNIN)y(!jYn#V|$;VW$6Y)uMFQ%!~t} zwDXV5X0E?4_VK?ZwSSwSO5m!o?K@x7REs19eE97J4R}K&De&9Ijz17Qap`lx$iHI> zz-?pOtAfYQz7!n(cTs4M3O;6R37mB4DZwXQ3S4mMMZui2Hw6pME(?C$*b=z!(hb1_ zmjX{+dgSM{<%$$K@Nr|u=LO$zDR9r&_KM)wT>4z_noU``UvR+Kb|iMBV%9Yy&qYJU z&+O~LP(Z5xR5_hgEA>fePeDH~hAE=LL(-66FPvEC8Q3b{wEq zB)y}Gpg_cK2`CV;&opbpJ{u!~QD>RNQ_h|iOgTF%_^h$xz!jIy32r&dd_Hvck>HuL zOzpn@`7G?UuUZD$bM9RuG~%)Y%8>fA16NkGd!8smkkS~!;b4R`?Ob8mqIlby&y0zE zpvp#wgfo4Wmgqpn7&Kaw*{Oxtu{a>|A0Jouj7gC;D{6tTfY+c zkg?-*y5v&eic5hxmjYK^nyfum4A@hKp8kAahN4Bk8C>k|r5@Ve)#r&wPb+SJrU!?G zfh&N#!|#XZ{-W{=oEP~;2;2pc8h}e8Z-Bev4Zzj90j}!}fC{SW0jHf3Q^0)P0C(FP zfID>q+@eT5fV(1h4!0~)1F%vzz^!@%urBf*aQ8*(0Xz_S1Kg%J0FUYhxX0cAY}XBN zPrLzmRyV*s_Xgl)-2f-gI0r^V?i_BPHvl}!;th1*HRSLI`hQBjsiZ=jP>jt>4Hvl*42DqEv0L<47aJRhyxKlU4EsEqExGQq!aLXb!04sF^+^RPK z>mu&~cVDC)zypytz-@X1@ThKpd+ZIscHIE?#2bKTbpzaUZvbA_4RG>|bKo7!D;-yL zzw)<5>J9L8+Q9CWG+Ifc?~Yv37)u&$tf$vQ8Gq(}fNvW+`$FI@%TR5+_U=D~7*bFf z8yfoJ`s+VjJXZS?QTncVsP;=RpCrkK%KG&mGAp}>mH8it5F00cT(=-ZiV#>n0=wgl z8Cqves|9?;*b=yHY#X32)zbeqA9DclutfxRqzQSsn@i>w6R zXY4pIYwQFtC!!VAqc&-x`8mp$!0$iiMJ6CUVT0>9NeEN@i zlxKvuD;``HDG|W08aocG89Vtxa8#c2;Z>tFIIeaK%K%VVkR4#y*b><9QsBp33V68n zJ1+g1b_IDvMsy0_yqcZDQ%is5a{1REe5O9NH;VJJ!q9YL&*XcW$X7(K8jX+a#0PZ^ zBhr|FHDf;w+!y&i2zTs5=zJPDYitSpX_o?1B3Fm|tTzDNx*^YH@c4J9t=ws=htpGL zr3HlfRuAsHHvnP2e*q4fk3U})KK2&h9{Rh@A2TnfWhL6-aS-kB7qWJEJVtx?QQ6h6 zDMh|Br2|PkAtTB;_TMsBKQP0DOQiFn7(FqL*y#HI*c-a%D_vb~hgx>!jmE-|PDmmR z3wSQ_f}kpaLU-{n zx)Z>yf0B!(FAnu!)u?R)C{*zA;m+o^YDUCmS-vx|hr5S<`p4;#E1#UlxB zAGX|>WI$No>1k?%5f#UzTZ*)616Pb42d;|rnNXt#bHn9D_0o^z)PCx{T(`<3JZ_rx zG&hUq5*893EI#pt;?N&H^{LShUMc>_0q`e|G>Sj+-d<%?<&0H~G>ebbQr$kOq}f1+ zny6uVkC{!{O@vUUJ#2zw3PRiVoVjYVmuDxx;%u^xC^#ynk+V?;E|)expx(rTE~74}Iq+t`y(- zi4S~7*XM84VG;p-h@e@VsLKmpP4;@t{zvPjNO1rja)*#NEc%XV=|4p;!Fdzb7go72 zD{eGDW14mSVdmsNp^G$;d;zm>z}61XxFPYXYXE;mq(9%t6?y);An}4}wSh`&yEr9- zZZumUMX@fOXQn=TTpDO)e|(@>wAF^mzV8pqAMz>DYsFmg(KkN)qdg8#d{^;>?P9Nq zBCMu05Wc?Ocd^cK5@(a|!mmj;oBT#GCjkcb%H7DtG?$Iyo}_D{!Snw1pOO1dyBWce z&%oBx5TSu+o-xf9ux{)m@J!^pBHW0Xm<0A4+X67`I=Ri@lkKr&dpfs0)=RdhlkKtG zcD{R#DiVBVOUj+yQNvx4@&^2hu`P^$&!rKQ;}Ho7iM)Y6>~;#KuS~qptyyiIBDnzW zD{(rR02{`ZzylEpDSL1vV3)ftSXwemEx;|c0Xpe3o78tl9Q6G)>pKQ`-%jc~mipG~ zhdtXL5Ty4bk-mZO_j@o~A`NI;up-|khruAp0k@;U^T7XiDwV!7?_CM$+gH0qab6`nsLjV*z%8QTKf@g!z9O zV=6hWmr0|zq4sZBx4zwKbDz$26>U~LlPYp5$6fv$%;3H>c0`?{Kq~0 z08^7~1)Py63GW}UF5lkyWtJMeBF@DI){a> zDYk%X#*P7Dtkr|VLiQw(&VCY1nQ*M%<`oIw&SKsJ{i~v;u24V^p>L^$`rHqz>O>kY zFfa1q!rk=-V7YF9yXOtSO5G49ZC9)gegNjRx+=GQ$@AEkEU*?a64-!7u2a74IAT1G zn0sI*OJGw}tx0iDya9MxH^9C02B6pU+Cl=GcFURaM75Iyu(uI|x_9(k61us^uy zR6=@@f$uju^q;>{pVsPy((XwL4a1jzSeN|owFw2<#OL0T2exgGVrNg(hs|-j-_>`swglEi{XPe6&zf=zaNF(NcB_Z& zo2JtSun#*J`6LxCN zn!&`R^(cWkV<&)RkxSA&%_MWJWUh_5rK(q}2e&HH@&UqJx|8SDE~$-< z$|M2Ya~AMe^1(FG$ZS5=;oyX!f_#@ZR5&Dz1Mf3;z+q!2fTJQ$1l+7Q09|YN;)6GP zaQtf9uC}qf-x^zhTW;r;TRkkFF`YJmt%3M0DF-F@{v|z*iIg6I9{q);Gv|QStI~0+ z5$_HkRVPNLu>jubEe5%*3)ts&5nBS>is=ueK;yfn(E?m!!e=@C|58oE*0}`s8`}mB zxD@cdS;fL<&}&2tW%Il@`>q8|PrMnx-S_KtAVqpit+rKP zL~^H;*E_N8J@WtgWM)aE$biG6u+zYWAM?2^dvJ>)H2^2{!6lPi_HskPWALsSYyrP! zYzY)*yA6cxR%W}M+wR{5v3b)BjR6Gkiu-U81^7~`r_E;xEV}zmLGhzDVBmnUZQy+_ z1(sY2Y`7G7?b{@#9R>305VjS=ca(v zo6fN8kBHDYBZRbDtP0jert?S)qqT$QVtm+qTea_XNJ03pXVS1|7OM_B?vbXxrxndv z(O!Nov-OQ(`15f*{*7VypR{BDY>*?*`UL+ZYlnZDwMQg&Ur$Lr zUS(ACN6x6;YRQrpv80Bqh<$b6nbg;k;C*LO-})H?-E`!>BeP(>v&H76+)kzj*N0ne zC#&_oDtm6VIHU2*iZuCv+nm7W9UI!jVm-t6zHs*R~^ukt|J$!eLb))_L3%>(Mmn$r)te(#s$ z2-jysal9p-{Ne^;b0!~;|Rv}FX?6mbR` z@4@Z=lhy#75qSgLb#DM3)eUe@tzjG}KNdaUZi$q2V54q;d*Ka0al%3Z4vXAfids8* z75D4KSM)c0c$YuiV*pP@F8f)N<$ZDJ(v6F=P$|NJ-59gSQYIpzF;4C!sA+Nu&Z?4x6GAf?vOhe6%d6K@V@Nqy5PRE zBx=NRR@Ys>cfI$nopdhA@|-&Xd^Xp;@<$LUpKeA{p}S1I{j&XDQ7!z6gfZ?xJR-&8BF!D(DH#K*5ZA7y zM2tlu6w}(ZEZVheS+r}{B3e@mkJ>Bj6`9zhFR&i_i?0mt)t?Ot_1Ef_>=C@i z9x5N|8|bi!sF6N#F?2*Cs9zi|4EMFQszjO&;HISY8-P1?1KgrDl)$~Z zq0dEuk7K6R0-}Gb2S=wJHdqJP`U{@gBgOXg_Zz zt`vtp`eR=$-q3SCAM7E;^Z{CQpYubrd$ZOUk)O*o36&k?EjsQ|NA<$SO_5pvGFG*O zjf6+kI4gRWp10QH0W2mCvG^Xdc7AUq4kv#oi9N;-T0ZcU841Vlal4@zju`}DW|Mkb zhd$d$36+qiH%HN#-0RaVAe8dY`+a8rwkegsRtJ6kx7&*<*f8A|u+MbcKvzUyx*sX- zrZ)h$>IS&m-T>gpdt{yz^-CFkuc?)X1ZRzHWA(aAGj(I1sKa+Hs1m@9E+c?n@D6|v zYohMkqH$wDYx~YvX$&rY#aEFu_f?A#JI+KaL097sJDQ?X=D3p z{<%c^w9Tjp0X~Wz$UPdvCT;<)k%m#lctA~uOsfQr7~2Mpx)kufX<$v-&suvjmTnenXv@dyFpYl=@9eHO49yQeo;G#%R3tsENTy;5cQ-nIW zWa2uiA+vR&Qg8?UKOsCa6u98h6~TR%0uNpKNbt8^T6=2h;zFXXi6^fM=$qf0YvvlA zq>)C|r!kQ<`ZBX5v&&|>1ioo(RsvOJf-qn#;7{tZUe0j5NL z`h`314ZvL85Jo@@O_`w+4k z&T|2AOC5u={pv$z3Z22krI!B0CHcUH>Yn+ZL0)%1zyo7D!0)&ecqsBb!u>Da06eZ6 z;P(HNXFgfaI2`?)NDBaPNA2XOl{;$nlA~7csMSl3`ZAq)DsIaDytyhD1b3VTdd7|| z3N~B{_(;c+%Q2jM%N3przUOT2Bj*|SAsc%Mw2f^8lP(3OL{%+{yJ8J(;7i7qz*Uj! zz%5wAD@Tdf51C2}aIc-@wUv9-H%Fx7UOUNaEBD&!C9i!uy^nQN2F{wl62Q7HtT6kN zE=^{~F!XaS%@egC(Xxwy$Hor0Lg$;-&;nMBZ3C#2o&Jkv>@TV1o`^*Wu8OpV9ti$t zX90It=d)4J{>a+v7})g(y17Q(EynXy9p8J=`~XjkZ3EwODezR}6B^xy3OW|962clK z{(acAQWWm7_iGF;3pG<$H2X1KVb zqZrp~nu_v65=8WWfUd>RBiY{;el8*`129*8me1#^D%^j z*uA1_43TOESTS}SSQGgK!fkp3uvIs}ZCgVLyfAhg*#FbfdC*}TcKs;h8FNWW5vM1VS#m|w}9hPfX|F2le6qHBS7Tx!3hvR0Sik`hie(S(pf>=A>V^~$TO61F%*%z&-K?;OZ|$54dfSdH^H891U>$L}~y|{<&y?n-!@6xK%g6ZF&Q6eIt6n z-4LkpsZ6Gq!>cP!h0@^@iM&~~rd1l&q zW^{>KXQrKJrqv@e2P`vfATrbHrOdSR%(QwbGwnPxddOetxNDhd1Cg1&)7h)iv5TAx zowW>&0iK~wo}n?z&{fM&2Z#)fS%y|DLmeP8G?rzkLxv70FO;E7i5nGZ2Lz(1bcbI@ zc+Cvb@J4WWvT1rsT<2u*CBOh*TXs7d69eoQEg*cPCI!{`|oX&skUWm93b)f zkmYW-h?gEum{-G=NbiBy|8sq7hUsmK;y6?T(Z4Iw{lJIqW^+R(h^9|kAWg$LP z&;CkcvyQ>`EB7*aR?Zg8;Y6}9naX4`8Jir~Ef#Hg)Tf#1{3th=9u@Hp1pD{g{zko? zC$N7{ghq0ZnL4?sA0HHDXGahJ&VQ-5k0LbyqyH6b8@Th$KJ}qA-2YE#JvM7aE$mmwPp4eEdVp*Pt{-Wsu^UJUu;I^^Tz=BJG zMVA66E!7>s^E(Zky=NAH(%5NW8*XTA4JTkTeJa#E?>o1#KVBXkiV9TYzwo8Gzzhb(;Rb!`t+b#tb zTna3@6gahJF#s2g?En{D3fy!laLc8@ic5i2mjaJm3Osfx@Z6=q3zq_i{;I_b95!|u zIPFs4j7xz_E(MPNy2T4zHMRqET?*WGDX`#DVAZ9-noEI4E(Kn=6xg?JkpTydod!<1 z6gcft;H*o5TfbqE0V~FKfK`_Qk6a2I_-m#M95S{8T>9%K1#TPL0lKzbO)m)8x%3?2 z^B&BS%Q+);|Auu0IPYkY6xB-)I*M!9Ke&Ncd|IX*jn;|=q%^3d(l9H(q>~S1e=zNg zIA7?USm-+QU4OICqV}sl{;b;ZKNlA^?>_&mcSA>Ppl;!bxM%gz{Xef&@)w9ke`89x zB+`%`2z)mv0T#TuVY%PbI=2HDR=V{SKF~6=1{f9^4dA?L-x^?86N+T^Sua+HTdvjz zeOMq@RDag6Am*Sdg$D4jNb~Z4_bAK9cA)V;6GJ`8@}GIugQHB$z^s@HA~h))a5q#H zm;)&xGY9k74rFfgzDh`h7KL+IWX52wif90@TZ8_dO8c*SP0>J6Er_hg`ftgUhz4*= zWY4F4GDnQ`ZsFR2rI)R#raW<$rmtUuw4*QSiR%J*dh-SazDkDHQT3Cg=DfOw2?KgV6aB?T z_v&qq$B|uaSQuel(I1VTCJYF zQ%}M{8>uC;p_?!o;D#s<84t+si=+(vma+A-cbY#5=%%y3Q@#+vg9PP!4{?o(XaPM&dx!X<5`)C+9SHfThz=m( z`yR{)x>XCvXuMAhh(0kQc-gfVW8t;1=vf>tzC7Qspoit#kI0&z3TeZNZA(N*>st(|j#*Rm~|JShjcAmEv>-P<9#k})v0q+HvCshsG(m#3w zP;~y$8-Tw`J#>DMZvePjQ^|3ewr}0M0pIT%fD6+7LA?QByHI3reW73YOUv)sVl1#p zmeL`S&c(nPV`m;|RdK~FDc7ouSZrlLtX`QJwmR(489sW$NB4X?RM$UH{~`MGGDFT* z|G!04MCY5vB%207YD{^o&m`iVg~ao!CNAN{a^=oNyV!g%Ty%52jSYdnU7O^>nrmuF zxs>KATI@kh50}JZ(-hU|wBe+o)NiC1pv0U6ovY_963%eo84uG1AA^98QNYJA;0MRC zQN3pX8IzyY7}mb(O#{dfy(LD8tr#Xe<2)vU2TzFX!UBc_&_D)WRy;WTH^MC3ArV^O zXx#$G`vzM2=6jceo0{ikkq7y*ltIA<#tlQ z9Rj}iKhUj1!22!APRx>|Dc}yNJS)oHt&H@=W(TPp2ivL^wvZPhW&|9z(X@es#+JYb zjBNqj^VjXn*e5i?wr1y&PZaPuV_SgFj(u$5yHJ~|K4?p`1bmgYQwrKq-f}Tm-RCVc zZGhs|`_7l$v}D^UP3@><8Hsr{Z6^4%O>znNQnn9I$fl{Jw6@7E#cJ|MUn7`Z@pe7v ziByskX?PQ9h9{V4U!-5Z`DQN_=mY~fpvu%c7~q6RPsCj5!JP7g^F0_gD7BQmR2CC4 zUcHl+RZ5u=`B56%M2yWFc8-OCWQ%Xh=5z`;VrAVKScjChmQEOISm!nGm4x(vX2MPq zo>U&Hq7R{}(f<`RvYS<#FPl-d`LgAR9oFdBW5mXo#J-gwTk3Aembx37N`|JAp?W~O zMKn#W-H@HJ-OzM0G@T69?~3yJx$~QP^J{~%51Ss?h&sTg=!f;Kr|#a5jedQjyZ3`5 z*AMj&Zn+MIuiB_P09Cp}z0QF%RYFxlO6h5lK12e#3PKgW(S_L%X+;BM-Q=;)+d&M@ z4v6A{MNtCPTG{A^=OMP0Y$AP@$AHTEb~kb;gWKKA)pj>?wcU+Onp)UbE_s{`54;S| z$T$wz&%k*f#%dSFlRXAh0j%Z$tXcr1S#DOlDc@tHo#{1s7T9VY*lIm+3&vvNzZVL_ zJ=^L$W>Yx9Shts~eZ}=!qmwl1O|xmn z&{+^M1E9w~lk{i8r+%MS`Sz7Qa=jijW@xx#bJ78--5{@n)K!~ASoBV4XV)K!ge>W` zj47p9r!eZA!V$~teE-E=RUoF;&CeKsRb~8z)d_a(0L$k^dMp#59!>7i*#DSoVr<2X zjRTc2U-y+UU(%I@Y)RMst4?02Ri}Hl4^*8}c~3@%km)d(zf9fEDz0v) z5?8M)sZp$H3=c%Qqn>6pi7AZ8K$2z-DS#tNC?z9tEa^3q$<002r!S;{acm4mm1Bx|60Fq zR}L-RUq-2r61SQKmAi zT&#DT!JxFIMo3~KAhFRq+jEEPsdI&W>&;nxgoqIQvHW%(^=Qx zp!(o}4s@9WFz{@>G=@&e0HpRh7em)2fHEPCI9o9B^s>O;4b_D@w1=TUS+~YeM3V`_ z(ZXNTN1`HS7x4E7I>8d;>~C4B?{!DD=^XP7GTW)bgyEt(|FYWwM$}!iwAO|3cP1rp zM5Mnr0=TO$KW${L)^boV0LK1-qIDyP8`_dokPAK=1pqpb%fBQ{n-gtSGc3 zB=E6~q=%(Q01dC%;Kl%S^!ot!_|b!UL(RJ@HI_H~k9!OB$lea6#+qXceXqDfu2C#^ zAO8iF>0k7!%sv5M?(zxvsDA>!+=V$R(sTnn0b{*k+9GNied4@;=<`W}j;>ce4+ym%H3rIV>`@?DOa4E|-PX19HoClA79Z*mOvO zzdu0Y|Kd0hE&fGoJXPd(ux=?IJQ}2G;tV zJy>v6EzKrJc zWu)#^daZl5jOO!YG@mb{`EIt1=JRDV-;KOfJ86^Qd!8p#o+neDCsUr&oe?Ena~R~S zD^?>?Z`1$T#x&oZ>d!RG&&I^6JD_dG4#+gC&kl|#jdgn2byz#ra`wN|)})1E2R!Y@ z%CQ5M4-3Z*7R2!QnjNq?v54$|mBbpd0~QiX$PQRX>v2Hx=S0@Rr#vS`c0i4vjRQ6` zO5F{Jq0;Rj+r#qYlZ&dni~7}gM>*B5j1|%-Hj-HF)ud2tBv5RmPi!PlY@|+XBu;Fk zO>87hY@|$VBus3iOKc=dY@|wTBuZ?gN$hHsB(aeqv2`k7-cdG`?A7kYy28d;%T>yHR2az;8h_u;3 zB+d>Zb#@TRvx7*V9rPveou_cAdtG_^nn>3Lz@o7eK$XpwK|-Fanh)sk2O8^(?Uzb$GOZyHv)-Oh8no#%Et&+T@eTixGGd!hWL zy>L6v?RK8q?L4>Jd2YA!+-~Q&mD7}4-FscH_rmQww=$4&D+4LF+j(xc>)bXAR&8|( z$`U@T{nO7RaYpgRrXV}R=tAUI^gdLi_cVa-hv!)GFKuf)7pD|G851j9ELpoR5(^yg z^T*3B3}+U}BbQ>S(o!c9v9aRCvfj^##8Q&qG`0jdn@Ae9DK@evHgYF6s#0v^O>AUM zEUWvbNGwoY4!`VXnToRX^Dw(6uPjH;m6rXMixN0&>?}~#-CACEYkA$R<)yZkm)crh zYHN9^t>vY*W~D}wv_Gxo1trs|pw{w&TFVP+EiWh;NCl-^)F~tBT~u>eH|uJ0PCw&n z{}?ai7ogM!7aqLV;fw%Pm#w(M&~UNH^+2Y|5HA&x+^AbMzJ&Q@w6=BWK!NB4s8gY1K9B zR=!@g@_l+MUp!m+;@Qd<&sM&8w(`ZZmG9GA`98gs@6%iPvXaxZthVxHwUsX`8Bk?a z=Rg_IL3Pc#l`pHUe53I#+0*EG9oUR-YNNUBTQT4THbbs_E1pS(G;_MTwpV6TABL`iaw2Ju_*`ok=A#lS*bLMz3zEWM)#y%*42*5Th2G_Su=YDH)mv#(hPD zy>H{50KRSP7~mf87T!5X)R5p6ilSGG?CWQL|RJ|DH{_h8xv&Xjz}M40Dc0R zNQs$9iJ3@=nMjG5NQs$9iJ3@islMgT=y!V^(M080nNqHy;2$rEq^d)p|QkberMcvr`B8}Jhi z4N(=YMqzNW@gq(-eyTx}RNfIOOn`U7u0~c*Td}kOPS4&zg4etOSg#vW^|VR!A(5;C zCq>@*v^Zu!4WxfwBo^><8X-|xYu*6(>5T@a=!RYBv;i)3+-gz18fmVWuY8_3^0_OR znQYPdzLPJymztWqyFT>uWQKhi9P$g$X{Rk2a1VxvmMrnLP*7u`D@{$wh} z$yADyY50?A_>*b)lWF*qQD}N7CaO$q8vbM&{$v{dWE%ct8vbP3b0$-rOr||&GVM8& zv0SsKakAkv2|oW(8rl5o=4@R7Z}BF8)u>DAl!C$c1FS=x>EG)8fS1EL^6{2$4N^XS zpl<>g&|AJvDlu0?I^zO2MDHrTSbTK!D~I=f&~~mRZv|L5St}K^C{kbG_e5DMMRm$D zS^`%^Su06i>laaEe@v8VMJ;8bsHsd8xy(e=*q;(*B5LiZNYMhvL|H2}wN`~ab;RXdNqvo|BKkdxv-8sTpt#(e3nFr!F7?uX(>%pI%jQDnT|DqGH!2+vJafh z6Pp|i7@QyHn_;xOR^Jg7a8)!^{LGdy)PR0KdcD~Dq4V(UoT~Z<_I~hbXu?nrp-C}N z0cHlKx}EmGu6Ns-YHNX^6rvkE>&_fRQA8sJ@-P}>J2K6v6|+gva3-{t*q`hm(rO2> zN7+GCmKlhevV*85JBT{60}5(RWCkdwQIWO4P*4##{7Gw6+D?n%3~1e`vjvfLgQ4i6 z8+>*3{lKoiH$oGJS`1D2>eBpyU7AxKW;44X@Ss~%uWH))u=@LYMNR0sk;;kX^UUtFFrVrHFlQ!@`I0Uh)M>o7f%$1IuGmKfQUo`TF<1_kP=KH@z8nDSB5ix3_9dDIU*O*Go(BH?&4_OQiRA z24rOUs%P2HU!LXhZ1KFz-+;cfH=vx(l*X6!8&KT>PWc~C`5#aDA7^PC5lI*LxG0bA zw2rIw@Y3FJaxs{Vl*4a|@;=N8H7}ECBI<9fHH!3lT-6_YCSzu&fah|VYSP6ga8-mj zf{87bOHBA=P#m-CKH&U_|LwJ3Z(vS}bY1~IDdG+;SZ#qf-XxGIk#vCSIzn;qF1MFvd2g+{dr-%~ZR+6M_YcGr~0l(&$$@aG!Z?;wcmqfA*d|pIUr`PM;-*_|I zDsH@4jmCg)clwJn*G&t29JnPKEd9R$!knrY@e0(leWyB37f;Y|8z3_Yh%lA*C==oM##Fw`tq zqN7$U^_Gzf>kU16oK|YPB0cv8kZEm#x8Eeg>n;b_Voe_XG^Gvtwnc0rpuef;d+HaJ z8zQYuEN(a(Mv&8S%EaRr1lOGnji%iKyJWST4T#Oeh1q~Mb-#&Q{mtTZFZw&u@PhtciIT z2ie0${*=VLJ%A$9ukfEmpwFknzu5532iUTXZ?WN7Z1@$6*Fz$)08cyV+Mb6ra4%^% z=LWUE7&aqq7AJb)3LamNMes2g_;}(2K5Xn}?RaMGcxLT*X6<-p?RafXvtd(XSWV7? zqGbM90bn&zOZh}Cb&3C|Pt;QPq!?z6eN*G8=1d>`>Y$plrEcU-v$>Q%*|KC$wp4SL zKA*L?Y}Dm{ttBKPAaG06C}z{V%@WLaZIR8AvtO_Yn2nUFrrlUwe=$TAem265e1sb| z!m1SYWtcRqjeJ-e`LH(fVQu8Y${&<}w5li1ELoEg;oe|CTOBb0iyG^aXr!3aPu%jS zlsMY7475`Q+GJo;hBX6GL1I%i)*BcO%v+s|OPb>wA|(T0x^)*N**+Jg$|sjq8pOuj zijA2So1C9Z&d-@c`|p5aJZy26NvKMasB|%K!`M1KBMPW~^`(b$cx=g-0H}=N;)}X= zN#ReV@F!Aq6Dhj-7I?ULsa)>&V1V};I}TLk@SvXOZ0Gcac~V-ZMEi=*7rZO*zlnu} zalNOwGQ2m55sjPpOCkQ!u751+pvJ|wYy~6|4EGSj|_(YQ8E~^Hs50XG<%8HD49!>0FO=NfB;Zl(WDQ z-%)^%i@5&HUt3anY1$<)Bo%%6@lmeQ+^?j0;>JlFqzji&Vf=4hdChlUk!k2%`bBAG z?!)|2pubXMc29F}-D6+Xfp1)(#$v;R#tgcp-)dWbJ^bWO+W;4tPkG$75Yh3yC+rb`V+6&ts~9s)ti+VZC!^ zp{o&9!q%xjf)*Pgiyin0Kw{SwLqslxh+Aw#EjD5n8xfhfGw-yynaePI$ zyF?Nb1m5#0%7WKAxLBoGTX>52T%=gi6wtX8(76=QIRf%1vhAKYnwq3o&|@kXDd5P^p!+a<(D+LD?U!38s}<0&eeRJ zdSEk+bG4g|Q|FGfE?2wRI9I#bI9I#bIHi`xnNAnVzlF!x&f0vpBh|X<3Cm)`u2|1Z z^*_D!danL!)_)TCU1P^m=}ac8R;YI@k7ESbwmgpYS>5H}nR0eUUR1~gd&ODcS45i0 z>s{99m(24xaKd~{10OeboP;j86!=YJKTQx9EQo2qSIehK*YG<2rU74&pRNO|CUsVR zd~vj6wv?gBJ1MNoqaA%M=Q6Ah?Z};5GM=Tt9!a%Q^CCUo6E!0?Dn@LY)u}YAQz_;tVlLLrLd0xW{wY%DZ0Y)*UPic@h>g6YH}aC+ z$V+-7FKN9=NF}|Im-I$n(i?e6OD&aj{=VRaQg_noBh6Qlgq>_q#jx~FnC=Wfx8dSv zb=@0ET#eEfMdk%`<71(st0xJMTjkB}6gKrYNJGl|6O{Lx@)+R#rb7eO(7<0(8Lw6L zq5$Ql8^vK+J8Fh&)g;VS_hhQIW3Df7hLv~mXH!39e>s)I&-9BT4!*k;Jun}txvQp~ zIq%8f2r6&pWJDmH$ORICM4|EG<~0}^ijx4PC4DLa6NG(|}JwP3ZI-1zUcIVu;LyR|Ms zT@v|09m`Y-U@8SLl>(Rw-~P?Dl#TMP7f$BzsLWmvQBUu{E+t2P!{UgNTa6~S7=iSm zO^ye(Pf0l7`2gN$>^OiiE8v(fI~dgzow8|~CDrhUGeGdqaE*+Hbu z4kB@O5Ro=C9irV{F`sJNP(puCq#sjyT09f8-|DRdy!1M$^g0aXq|I{&I3?Q0w zAJtcjRnMhn|8pYUMY=0^Xlz-i9^NNX(JZZN>$E{nrBsxcB>9?2ODdKL(B*feLToDD zPNYH7NP<{WaA3o_0sPoWe`Jvd#_lgTOHkAAqS~g+S(q39+cb|VCs8AyC#9W|(vJDn z*`4+H)Gi&`M>O=)BFYkEUFeeewt&na23Jfx18j(fil4pKgJB8jYVzv3HX{-0pr>wf zzj8(T5Q9fW(gse7%nHm6m#3Vz^V&}NZKwRUQ-0eizwIco!RtMxseUPE^&b|f^S56) zJ0#NF10OPW3?Q4@Fe0fc-rLOBHU^khw3SohsVX(mBF_;&1u z)-f_+2ayW}5veeFB*P9O9d-~2v4cp79Yhiu&M4RdI)r5y zRqNID{&|0(V^#T6!LZF~N7i?~+^y%H>JYcAEI+YKmjLCffami}>+73Z*DPjhA)^mP zdT;t%@WR*<@I0TR;(QOAIxqHu1ylkzjGfA|Jm1YyJOBT1_x2%n<>#H}xi9t7-R17G zU3O}mO1siso@jQIjT~zxnu#W^8EeMcwPt+oty?eMT}cE}5J3bk$7QEHQ)3lG5J3bf zV?i`T?9~wcA+R8V6hun|5k#b^nK3rd)|J}@8z6(?yY;bveNEsWu@KO%1XPlm6bNV*HCqrUa4P?wZ;CK?Y1T0 zTlc$k#4kkehPYZ6A&}S*Mr;ToHm~GkT@?02ny|oM7~4r2UgLD`9JBbOm3e7X;9sx4 z6sEIgWGJy%rt(AEC6)lb0YPuLp8I$9o#lM|!q39Q^|Me@+0(Oa+ai}jJtd`+Yp#KB7GA_x*4OHhQ}g3#{#%Qj1}K}s!u-Uf0vI|ym$n! z4Ka_@fZeFx<{CfrW1=<5wf&B-~Nmsu7`%;MRvtkn>NL@b&|Q2u)c5BCE$*hlcVgp$^*6ksjCLB z)&uq7n4FcOX7SlR=+56wslA&#)+VhSMPntFY*&)4ElcdR-^IWqbO(}E5XM(0mEim8 z@v5!GJ!&5>&xM$ruK;Sm=tfCUF=t*NWwS{;llyvq)PxfpXkF} z@so`{%r%iZ1mILk8*vKJsZ9wnk`55F3>9EJN;RAmF%}?>vXm(jNnpzi1zjb+*uq=z zqDaX}Du0tqwnSO^36AKJivgTl8F6WccA*1tNA9iN3Rk{f)o#GfEi;tzXCz4yhFK{tieMsS!dM_HdMzoq-1CNNz zJ&a!vmjSMV`@&w)8oOod>>ZvI@=cZdUTEo$U!zuu)|P3Nz;7740Jv?IW$51J|5Y(W z>J4yPxod#(n!MK`zT)K-+{sMPM7MHg_3h1{b4+g_gE z4{q^;W%YyiT>I4jrbiqil@YjTY!A5XQs9b9L)Cm=!gAhq-d|m24HUC5J9UReV@(1V z)`t4r15E~zvIEYGh7BNzJ^3$c`#($-*fzEY{F+OFvm$o@citM}^46~t%SU0txGmti zI+SAW?Tv!a4B%arNA+l0^2SPQ3sJM)+}BJ@GO>q z%Ps{x-V!ip?mB?STLR`?3V6IYk*avrV-%uIo8K;Q-Pj&b$do0d4NlyY`Rf4$^#-_A zZvY5XS%gmMRn0N^+7anDPHx`QFZz&OPZZ9Bs-bDGSQ3lCZ;JGE)p~|ec7rT=^vy?} zg5Uh(Pq~g3O;E{S?^_)xG&HI=pEvaDe(>ue-i+3{ULSBqGC?C`-E3}3O8+vaNth?o zEKm(S3J!|sV6Y(mt1A~}b5*2QGn+ON6Dot9Q2m49B)F>^*{YKYHt@kDUyXH(M)C6u zHwI#ZKGN#Yuk|XM`!S<^;+N^ZUAwey{e)JPNNWvX8s-Hou1mNp@@`i_no*p0AW3VX z@5uV@poc~g#4ppGt);p7cXb0SQkno+XSd6wg~koj=m4%!TWo0Tnno9JjoQ`Ey__?h z1z_6Z^Z?XZR0~;NnJ7xm3Yh@gh5t?JB-38FmOY(c)icym7 z{tuJtD)bpGcaiD>+%WbX;I^n)eAAGglY1GxhIFytG@}l1)7T{dd%dRJ`xZ=aP`@q1 zcuS