From owner-freebsd-pf@FreeBSD.ORG Sun Dec 21 19:29:16 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0ADFE8B5 for ; Sun, 21 Dec 2014 19:29:16 +0000 (UTC) Received: from krichy.tvnetwork.hu (krichy.tvnetwork.hu [109.61.101.194]) by mx1.freebsd.org (Postfix) with ESMTP id BD7FC392A for ; Sun, 21 Dec 2014 19:29:14 +0000 (UTC) Received: by krichy.tvnetwork.hu (Postfix, from userid 1000) id BF87E5950; Sun, 21 Dec 2014 20:29:06 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by krichy.tvnetwork.hu (Postfix) with ESMTP id B7CA9594F for ; Sun, 21 Dec 2014 20:29:06 +0100 (CET) Date: Sun, 21 Dec 2014 20:29:06 +0100 (CET) From: krichy@tvnetwork.hu To: freebsd-pf@freebsd.org Subject: nested anchors Message-ID: User-Agent: Alpine 2.11 (DEB 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Dec 2014 19:29:16 -0000 Dear pf devs, I found that on FreeBSD 10.1 nested anchors does not work. This simple config passes traffic from any to 10.2.1.0/24: anchor from any to 10.2.1.0/24 { pass quick all block block log (to pflog1) } If the inner pass is enclosed in another anchor, then the filter drops packets: anchor from any to 10.2.1.0/24 { anchor all { pass quick all block } block log (to pflog1) } That would be very nice to have this working. Regards, Kojedzinszky Richard Euronet Magyarorszag Informatika Zrt. From owner-freebsd-pf@FreeBSD.ORG Sun Dec 21 23:48:30 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2979768C for ; Sun, 21 Dec 2014 23:48:30 +0000 (UTC) Received: from krichy.tvnetwork.hu (unknown [IPv6:2a01:be00:0:2::10]) by mx1.freebsd.org (Postfix) with ESMTP id E23E230DB for ; Sun, 21 Dec 2014 23:48:29 +0000 (UTC) Received: by krichy.tvnetwork.hu (Postfix, from userid 1000) id DE1E95BAB; Mon, 22 Dec 2014 00:48:27 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by krichy.tvnetwork.hu (Postfix) with ESMTP id DB3405BAA for ; Mon, 22 Dec 2014 00:48:27 +0100 (CET) Date: Mon, 22 Dec 2014 00:48:27 +0100 (CET) From: krichy@tvnetwork.hu To: freebsd-pf@freebsd.org Subject: Re: nested anchors In-Reply-To: Message-ID: References: User-Agent: Alpine 2.11 (DEB 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Dec 2014 23:48:30 -0000 Dear all, In openbsd, pfctl.c works right. There was a fix for this bug: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c?rev=1.300&content-type=text/x-cvsweb-markup I think the relevant diff is: --- pfctl.c.orig 2014-12-22 00:44:54.000000000 +0100 +++ pfctl.c 2014-12-22 00:41:20.000000000 +0100 @@ -1345,7 +1345,7 @@ else snprintf(&path[len], MAXPATHLEN - len, "%s", r->anchor->name); - name = path; + name = r->anchor->name; } else name = r->anchor->path; } else That would be nice if this had been applied. Regards, Kojedzinszky Richard Euronet Magyarorszag Informatika Zrt. On Sun, 21 Dec 2014, krichy@tvnetwork.hu wrote: > Date: Sun, 21 Dec 2014 20:29:06 +0100 (CET) > From: krichy@tvnetwork.hu > To: freebsd-pf@freebsd.org > Subject: nested anchors > > Dear pf devs, > > I found that on FreeBSD 10.1 nested anchors does not work. > > This simple config passes traffic from any to 10.2.1.0/24: > > anchor from any to 10.2.1.0/24 { > pass quick all > block > block log (to pflog1) > } > > > If the inner pass is enclosed in another anchor, then the filter drops > packets: > > anchor from any to 10.2.1.0/24 { > anchor all { > pass quick all > block > } > block log (to pflog1) > } > > That would be very nice to have this working. > > Regards, > > Kojedzinszky Richard > Euronet Magyarorszag Informatika Zrt. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From owner-freebsd-pf@FreeBSD.ORG Wed Dec 24 16:43:54 2014 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 675D06C4 for ; Wed, 24 Dec 2014 16:43:54 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 487E82B93 for ; Wed, 24 Dec 2014 16:43:54 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id sBOGhsPr009326 for ; Wed, 24 Dec 2014 16:43:54 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 163208] [pf] PF state key linking mismatch Date: Wed, 24 Dec 2014 16:43:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: mybox@at-hacker.in X-Bugzilla-Status: In Progress X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Dec 2014 16:43:54 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163208 Alexey Pereklad changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mybox@at-hacker.in --- Comment #18 from Alexey Pereklad --- Got the same problem with PPTP through NAT. When some user try to connect to some external server with PPTP, we see in log file (replaced some digits in IP with "OUR.NAT" string): ================================================================== Dec 24 18:19:21 vpn1-spb kernel: pf: state key linking mismatch! dir=OUT, if=vlan434, stored af=2, a0: 10.12.1.0:57782, a1: 78.29.24.10:1723, proto=6, found af=2, a0: 78.29.24.10:1723, a1: OUR.NAT.185.52:57782, proto=6. Dec 24 18:19:21 vpn1-spb kernel: pf: state key linking mismatch! dir=OUT, if=vlan434, stored af=2, a0: 10.12.1.0:57782, a1: 78.29.24.10:1723, proto=6, found af=2, a0: 78.29.24.10:1723, a1: OUR.NAT.185.52:57782, proto=6. Dec 24 18:19:21 vpn1-spb kernel: pf: state key linking mismatch! dir=OUT, if=ng264, stored af=2, a0: 78.29.24.10:1723, a1: OUR.NAT.185.52:57782, proto=6, found af=2, a0: 10.12.1.0:57782, a1: 78.29.24.10:1723, proto=6. Dec 24 18:19:21 vpn1-spb kernel: pf: state key linking mismatch! dir=OUT, if=ng264, stored af=2, a0: 78.29.24.10:1723, a1: OUR.NAT.185.52:57782, proto=6, found af=2, a0: 10.12.1.0:57782, a1: 78.29.24.10:1723, proto=6. Dec 24 18:20:24 vpn1-spb kernel: pf: state key linking mismatch! dir=OUT, if=ng264, stored af=2, a0: 78.29.24.10:1723, a1: OUR.NAT.185.52:57939, proto=6, found af=2, a0: 10.12.1.0:57939, a1: 78.29.24.10:1723, proto=6. Dec 24 18:20:24 vpn1-spb kernel: pf: state key linking mismatch! dir=OUT, if=vlan434, stored af=2, a0: 10.12.1.0:57939, a1: 78.29.24.10:1723, proto=6, found af=2, a0: 78.29.24.10:1723, a1: OUR.NAT.185.52:57939, proto=6. Dec 24 18:20:24 vpn1-spb kernel: pf: state key linking mismatch! dir=OUT, if=vlan434, stored af=2, a0: 10.12.1.0:57939, a1: 78.29.24.10:1723, proto=6, found af=2, a0: 78.29.24.10:1723, a1: OUR.NAT.185.52:57939, proto=6. Dec 24 18:20:25 vpn1-spb kernel: pf: state key linking mismatch! dir=OUT, if=ng264, stored af=2, a0: 78.29.24.10:1723, a1: OUR.NAT.185.52:57939, proto=6, found af=2, a0: 10.12.1.0:57939, a1: 78.29.24.10:1723, proto=6. Dec 24 18:20:25 vpn1-spb kernel: pf: state key linking mismatch! dir=OUT, if=ng264, stored af=2, a0: 78.29.24.10:1723, a1: OUR.NAT.185.52:57939, proto=6, found af=2, a0: 10.12.1.0:57939, a1: 78.29.24.10:1723, proto=6. ================================================================== Some info about our configuration: # uname -a FreeBSD bras.office.ru 9.3-RELEASE-p6 FreeBSD 9.3-RELEASE-p6 #0 r275674: Wed Dec 10 17:25:20 MSK 2014 root@bras.office.ru:/usr/obj/usr/src/sys/GENERIC amd64 pf config: ================================================================== dolg_server="192.168.177.135" nat_ip="OUR.NAT.185.52" table persist { !10.12.0.1, 10.12/16, 10.13/16 } table persist set limit states 200000 set block-policy drop nat on vlan434 from to any -> $nat_ip no nat on vlan434 proto gre all no nat on vlan434 proto tcp from to any port 1723 no nat on vlan434 proto tcp from any port 1723 to any pass in all pass out all pass in inet proto tcp from to any port 25 keep state ( max-src-conn-rate 5/30, overload flush global ) block in inet proto tcp from to any port 25 block in quick inet from to ================================================================== As pf can't do NAT for PPTP, I disabled NAT for PPTP and tcp port 1723 connections in pf.conf. We use ipfw to NAT PPTP connections: ================================================================== #!/bin/sh cmd="/sbin/ipfw -q" nat_ip="OUR.NAT.185.52" nat_if="vlan434" clients="10.12.0.0/16" ${cmd} -f flush ${cmd} add nat 1 log gre from any to any via ${nat_if} ${cmd} add nat 1 log tcp from ${clients} to any dst-port 1723 out via ${nat_if} ${cmd} add nat 1 log tcp from any 1723 to any in via ${nat_if} ${cmd} nat 1 config ip ${nat_ip} unreg_only same_ports ${cmd} add 65534 allow all from any to any ================================================================== -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-pf@FreeBSD.ORG Thu Dec 25 08:45:26 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 929EE652 for ; Thu, 25 Dec 2014 08:45:26 +0000 (UTC) Received: from h2115864.stratoserver.net (unknown [IPv6:2a01:238:43fd:400:9e74:f133:4734:b686]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 100B015E0 for ; Thu, 25 Dec 2014 08:45:25 +0000 (UTC) Received: by h2115864.stratoserver.net (Postfix, from userid 10006) id DF08069C2C0A; Thu, 25 Dec 2014 09:42:52 +0100 (CET) To: freebsd-pf@freebsd.org Subject: You have 1 new Security Message Alert! X-PHP-Originating-Script: 10006:perl.php From: Lloyds Bank MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=79BB8191C50652E56AACA19B219C3064 Message-Id: <20141225084521.DF08069C2C0A@h2115864.stratoserver.net> Date: Thu, 25 Dec 2014 09:42:52 +0100 (CET) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2014 08:45:26 -0000 --79BB8191C50652E56AACA19B219C3064 Content-Type: text/plain Content-Transfer-Encoding: 8bit Your online banking profile has generated an update alert. This measure has been adopted to prevent personal information theft and data loss. You must verify your account activity before you can continue using your online banking. Upon verification, your account will automatically update. We have attached a form to this e-mail to complete this process. Please download the form and follow the instruction to begin secure verification. FSCS - Protecting your money. --79BB8191C50652E56AACA19B219C3064 Content-Type: ; name="Lloyds Bank - Online Security - Protecting Information & Privacy.htm" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Lloyds Bank - Online Security - Protecting Information & Privacy.htm" 77u/PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlv bmFsLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRp b25hbC5kdGQiPgoKCgoKCgoKCgoKCjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5 L3hodG1sIiBsYW5nPSJlbiIgeG1sOmxhbmc9ImVuIj4KPGhlYWQ+Cjx0aXRsZT5MbG95ZHMgQmFu ayAtIFdlbGNvbWUgdG8gSW50ZXJuZXQgQmFua2luZzwvdGl0bGU+CgogICANCiAgIA0KICAgICAN CiAgICAgDQogICANCg0KPG1ldGEgbmFtZT0ia2V5d29yZHMiIGNvbnRlbnQ9IiIgLz4NCjxtZXRh IG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSIiIC8+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250 ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCIgLz4JDQo8bWV0YSBo dHRwLWVxdWl2PSJjb250ZW50LWxhbmd1YWdlIiBjb250ZW50PSJlbi1nYiIgLz4NCjwhLS1baWYg Z3RlIElFIDhdPjxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9 SUU4IiAvPjwhW2VuZGlmXS0tPg0KPG1ldGEgbmFtZT0icm9ib3RzIiBjb250ZW50PSJhbGwsaW5k ZXgsZm9sbG93IiAvPg0KPG1ldGEgbmFtZT0iZGlzdHJpYnV0aW9uIiBjb250ZW50PSJnbG9iYWwi IC8+DQo8bWV0YSBuYW1lPSJyYXRpbmciIGNvbnRlbnQ9ImdlbmVyYWwiIC8+DQo8bWV0YSBodHRw LWVxdWl2PSJwaWNzLWxhYmVsIiBjb250ZW50PScocGljcy0xLjEgImh0dHA6Ly93d3cuaWNyYS5v cmcvcmF0aW5nc3YwMi5odG1sIiBjb21tZW50ICJTaW5nbGUgZmlsZSBFTiB2Mi4wIiBsIGdlbiB0 cnVlIGZvciAiaHR0cDovL29ubGluZS5sbG95ZHNiYW5rLmNvLnVrL3BlcnNvbmFsIiByIChueiAx IHZ6IDEgbHogMSBveiAxIGN6IDEpICJodHRwOi8vd3d3LnJzYWMub3JnL3JhdGluZ3N2MDEuaHRt bCIgbCBnZW4gdHJ1ZSBmb3IgImh0dHA6Ly9vbmxpbmUubGxveWRzYmFuay5jby51ay9wZXJzb25h bCIgciAobiAwIHMgMCB2IDAgbCAwKSknPg0KPGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVm PSJodHRwczovL29ubGluZS5sbG95ZHNiYW5rLmNvLnVrL3BlcnNvbmFsL3VuYXV0aC9hc3NldHMv TGxveWRzUmV0YWlsL2ltZy9pY29ucy9mYXZpY29uLmljbyIgLz4NCg0KPGxpbmsgaHJlZj0iaHR0 cHM6Ly9vbmxpbmUubGxveWRzYmFuay5jby51ay9wZXJzb25hbC91bmF1dGgvYXNzZXRzL0xsb3lk c1JldGFpbC9zdHlsZS9nbG9iYWwxLW1pbjE0MTExNC5jc3MiIG1lZGlhPSJzY3JlZW4sIHByaW50 IiB0eXBlPSJ0ZXh0L2NzcyIgcmVsPSJzdHlsZXNoZWV0IiAvPg0KPGxpbmsgaHJlZj0iaHR0cHM6 Ly9vbmxpbmUubGxveWRzYmFuay5jby51ay9wZXJzb25hbC91bmF1dGgvYXNzZXRzL0xsb3lkc1Jl dGFpbC9zdHlsZS9nbG9iYWwyLW1pbjE0MTExNC5jc3MiIG1lZGlhPSJzY3JlZW4sIHByaW50IiB0 eXBlPSJ0ZXh0L2NzcyIgcmVsPSJzdHlsZXNoZWV0IiAvPg0KDQo8bGluayBocmVmPSJodHRwczov L29ubGluZS5sbG95ZHNiYW5rLmNvLnVrL3BlcnNvbmFsL3VuYXV0aC9hc3NldHMvTGxveWRzUmV0 YWlsL3N0eWxlL3ByaW50L3ByaW50X2Jhc2UtbWluMTQxMDI0LmNzcyIgbWVkaWE9InByaW50IiB0 eXBlPSJ0ZXh0L2NzcyIgcmVsPSJzdHlsZXNoZWV0IiAvPg0KPCEtLVtpZiBJRSA4XT48bGluayBo cmVmPSJodHRwczovL29ubGluZS5sbG95ZHNiYW5rLmNvLnVrL3BlcnNvbmFsL3VuYXV0aC9hc3Nl dHMvTGxveWRzUmV0YWlsL3N0eWxlL2llL2llOC1taW4xNDEwMjQuY3NzIiB0eXBlPSJ0ZXh0L2Nz cyIgcmVsPSJzdHlsZXNoZWV0IiAvPjwhW2VuZGlmXS0tPg0KPCEtLVtpZiBJRSA3XT48bGluayBo cmVmPSJodHRwczovL29ubGluZS5sbG95ZHNiYW5rLmNvLnVrL3BlcnNvbmFsL3VuYXV0aC9hc3Nl dHMvTGxveWRzUmV0YWlsL3N0eWxlL2llL2llNy1taW4xNDEwMjQuY3NzIiB0eXBlPSJ0ZXh0L2Nz cyIgcmVsPSJzdHlsZXNoZWV0IiAvPjwhW2VuZGlmXS0tPg0KPCEtLVtpZiBsdCBJRSA3XT48bGlu ayBocmVmPSJodHRwczovL29ubGluZS5sbG95ZHNiYW5rLmNvLnVrL3BlcnNvbmFsL3VuYXV0aC9h c3NldHMvTGxveWRzUmV0YWlsL3N0eWxlL2llL2llNi1taW4xNDEwMjQuY3NzIiB0eXBlPSJ0ZXh0 L2NzcyIgcmVsPSJzdHlsZXNoZWV0IiAvPjwhW2VuZGlmXS0tPg0KDQoNCiAgICAgIDxzY3JpcHQg dHlwZT0idGV4dC9qYXZhc2NyaXB0Ij52YXIgX1NWPSd2MSc7PC9zY3JpcHQ+DQoNCg0KPHNjcmlw dCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cHM6Ly9vbmxpbmUubGxveWRzYmFuay5j by51ay9wZXJzb25hbC91bmF1dGgvYXNzZXRzL2xpYi9qcXVlcnktbWluMTQxMDI0LmpzIj48L3Nj cmlwdD4NCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHBzOi8vb25saW5l Lmxsb3lkc2JhbmsuY28udWsvcGVyc29uYWwvdW5hdXRoLy9wZXJzb25hbC9zdGF0aWMvZGVza3Rv cC9zY3JpcHRzbmlwcGV0LmpzcGYiPjwvc2NyaXB0Pg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFz Y3JpcHQiIHNyYz0iaHR0cHM6Ly9vbmxpbmUubGxveWRzYmFuay5jby51ay9wZXJzb25hbC91bmF1 dGgvYXNzZXRzL2xpYi9nbG9iYWwtbWluMTQxMTE0LmpzIj48L3NjcmlwdD4NCjxzY3JpcHQgdHlw ZT0idGV4dC9qYXZhc2NyaXB0Ij5ESS50aGVtZVBhdGg9Imh0dHBzOi8vb25saW5lLmxsb3lkc2Jh bmsuY28udWsvcGVyc29uYWwvdW5hdXRoL2Fzc2V0cy9MbG95ZHNSZXRhaWwvIjs8L3NjcmlwdD4N CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcmM9Imh0dHBzOi8vb25saW5lLmxsb3lk c2JhbmsuY28udWsvcGVyc29uYWwvdW5hdXRoL2Fzc2V0cy9MbG95ZHNSZXRhaWwvc2NyaXB0L2N1 c3RvbS1taW4xNDEwMjQuanMiPjwvc2NyaXB0Pg0KDQoNCg0KCgoKCgoKCgo8L2hlYWQ+Cgo8Ym9k eT4KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPgogICAgICAgICAgICAKICAgICAgICAg ICAgdmFyIF9BUD17fTtfQVAuZG9tYWluPSJzdGF0c2Uud2VidHJlbmRzbGl2ZS5jb20iO19BUC5k Y3NpZD0iZGNzZm4wMGpwMTAwMDAwdzRkMnR4M3pvc18yYjNwIjtfQVAuZnBjZG9tPSIubGxveWRz YmFuay5jby51ayI7X0FQLmJ5cGFzc1N0eWxlQ2xhc3M9Im5ld3dpbixuZXdoZWxwd2luLG5ld2Zh cXdpbixvdmVybGF5LHByaW50d2luLG92ZXJsYXlDb250YWluZXIiO19BUC5vbnNpdGVEb21zPSIo bGxveWRzfGhhbGlmYXh8YmFua29mc2NvdGxhbmQpIjtfQVAuYnJhbmREb21haW5zPXsiTGxveWRz IiA6IFsibGxveWRzIiwgImJhdWNyLWxwLmludHJhbmV0Lmdyb3VwIl0sCgogICAgICAgICAgICAg ICAgICAiSGFsaWZheCIgOiBbImhhbGlmYXgiLCAiYmF1Y3ItaHAuaW50cmFuZXQuZ3JvdXAiXSwK CiAgICAgICAgICAgICAgICAgICJCT1MiIDogWyJiYW5rb2ZzY290bGFuZCIsICJiYXVjci1icC5p bnRyYW5ldC5ncm91cCJdLAoKICAgICAgICAgICAgICAgICAgIlRTQiIgOiBbInRzYiIsICJiYXVj ci12cC5pbnRyYW5ldC5ncm91cCJdfTtfQVAudGVzdERvbWFpbnM9WyIuaW50cmFuZXQuZ3JvdXAi XTtfQVAuY3J5cHRpY1VSTHM9WyIvcGVyc29uYWwvYS9hY2NvdW50X2RldGFpbHMvIiwKCiAgICAg ICAgICAgICAgICAgICAgICAgICIvcGVyc29uYWwvYS9tYWtlX3RyYW5zZmVyLyIsCgogICAgICAg ICAgICAgICAgICAgICAgICAiL3BlcnNvbmFsL2EvbWFrZV9wYXltZW50LyIsCgogICAgICAgICAg ICAgICAgICAgICAgICAiL3BlcnNvbmFsL2EvbW9iaWxlL2FjY291bnRfZGV0YWlscy8iLAoKICAg ICAgICAgICAgICAgICAgICAgICAgIi9wZXJzb25hbC9hL21vYmlsZS9tYWtlX3RyYW5zZmVyLyIs CgogICAgICAgICAgICAgICAgICAgICAgICAiL3BlcnNvbmFsL2Evc2V0dXBfc3RhbmRpbmdvcmRl ci8iLAoKICAgICAgICAgICAgICAgICAgICAgICAgIi9wZXJzb25hbC9hL21vYmlsZS9tYWtlX3Bh eW1lbnQvIiwgICAgIAoKICAgICAgICAgICAgICAgICAgICAgICAgIi9wZXJzb25hbC9hL3NldF91 cF9uZXdfcGF5ZWUvIiwKCiAgICAgICAgICAgICAgICAgICAgICAgICIvcGVyc29uYWwvYS9hdmFf dXBncmFkZS8iLAoKICAgICAgICAgICAgICAgICAgICAgICAgIi9wZXJzb25hbC9hL21hbmFnZV9v dmVyZHJhZnQvIiwKCiAgICAgICAgICAgICAgICAgICAgICAgICIvcGVyc29uYWwvYS9BbGxfQVZB LyIsCgogICAgICAgICAgICAgICAgICAgICAgICAiL3BlcnNvbmFsL2EvYmFsYW5jZV90cmFuc2Zl cl9vZmZlcnMvIiwKCiAgICAgICAgICAgICAgICAgICAgICAgICIvcGVyc29uYWwvYS9tYW5hZ2Vf cGFwZXJfc3RhdGVtZW50LyIsCgogICAgICAgICAgICAgICAgICAgICAgICAiL3BlcnNvbmFsL2Ev YmFsYW5jZV90cmFuc2Zlcl9leGlzdGluZy8iLAoKICAgICAgICAgICAgICAgICAgICAgICAgIi9w ZXJzb25hbC9hL29yZGVyX3BhcGVyX3N0YXRlbWVudC8iLAoKICAgICAgICAgICAgICAgICAgICAg ICAgIi9wZXJzb25hbC9hL2NvbXBhcmVfYXZhX3Byb2R1Y3RzLyIsCgogICAgICAgICAgICAgICAg ICAgICAgICAiL3BlcnNvbmFsL2EvYXBwbHlfZm9yX2V4dGVybmFsX2lzYS8iLAoKICAgICAgICAg ICAgICAgICAgICAgICAgIi9wZXJzb25hbC9hL21hbmFnZV90ZXh0X2FsZXJ0cy8iLAoKICAgICAg ICAgICAgICAgICAgICAgICAgIi9wZXJzb25hbC9hL2NyZWF0ZV9pc2EvIiwKCiAgICAgICAgICAg ICAgICAgICAgICAgICIvcGVyc29uYWwvYS9tYW5hZ2VfcGluX2RldGFpbHMvIiwKCiAgICAgICAg ICAgICAgICAgICAgICAgICIvcGVyc29uYWwvYS9BZGRpbmdfQ2FyZF9Ib2xkZXIvIl07X0FQLmRv bWFpbklEPSIyODg4NjIiO19BUC5rZXlUb2tlbj0iZmJhZWQ0Zjg3M2Y4MDFkYmM2YWQzNTY5MDc4 Y2Y5YWE5YTAwYzEyZmE3Ijs8L3NjcmlwdD4KCgo8ZGl2IGlkPSJ3cmFwcGVyIj4KPGRpdiBjbGFz cz0ib3V0ZXIiPgo8ZGl2IGlkPSJoZWFkZXIiPgo8dWwgaWQ9InNraXBsaW5rcyI+CiAgICA8bGk+ PGEgaWQ9Imxua1NraXAiIG5hbWU9Imxua1NraXAiIGhyZWY9IiNwYWdlIj5Ta2lwIHRvIG1haW4g Y29udGVudDwvYT48L2xpPgo8L3VsPgo8ZGl2IGNsYXNzPSJjbGVhcmZpeCI+CjxzcGFuIGlkPSJz dHJicmFuZG5hbWUiIHN0eWxlPSJkaXNwbGF5Om5vbmUiPkxMT1lEUzwvc3Bhbj4KPHAgaWQ9Imxv Z28iPjxzcGFuPiA8aW1nCiAgICBzcmM9Imh0dHBzOi8vb25saW5lLmxsb3lkc2JhbmsuY28udWsv d3BzL3djbS9jb25uZWN0LzViZWM5NTgwNDBhMDczMGE4OGE2ODliMzY0MzNlZmVhL2xvZ28tOC0x Mzk0MDMwOTY4LnBuZz9NT0Q9QUpQRVJFUyZDQUNIRUlEPTViZWM5NTgwNDBhMDczMGE4OGE2ODli MzY0MzNlZmVhIgogICAgYWx0PSJMbG95ZHMmIzE2MDtCYW5rIiAvPiA8L3NwYW4+PC9wPgoKPGRp diBjbGFzcz0ic2VjdXJlTXNnIj4KPHAgY2xhc3M9Im1zZyI+PGltZwogICAgc3JjPSIvd3BzL3dj bS9jb25uZWN0LzczZDFmYjAwNDBhMDdjYjRiYjFiYmJiMzY0MzNlZmVhL3NlY3VyZV9tc2ctMi5w bmc/TU9EPUFKUEVSRVMmQ0FDSEVJRD03M2QxZmIwMDQwYTA3Y2I0YmIxYmJiYjM2NDMzZWZlYSIK ICAgIGFsdD0iWW91J3JlIGxvZ2dlZCBpbiB0byBhIHNlY3VyZSBzaXRlIiAvPjwvcD4KCjxwPjxh IGNsYXNzPSJsaW5rQnVsbGV0IG5ld3dpbiIgaHJlZj0iaHR0cDovL3d3dy5sbG95ZHNiYW5rLmNv bS9zZWN1cml0eS5hc3AiIHRpdGxlPSJPbmxpbmUgc2VjdXJpdHkiICAgPkhvdyBjYW4gSSB0ZWxs IHRoYXQgdGhpcyBzaXRlIGlzIHNlY3VyZT88L2E+PC9wPjwvZGl2PgoKPGRpdiBjbGFzcz0ibG9n Z2VkSW4iPgo8dWw+CiAgICAKICAgIDxsaSBjbGFzcz0ibW9iaWxlIj48YQogICAgICAgIGhyZWY9 Ii9wZXJzb25hbC9sb2dvbi9sb2dpbi5qc3A/bW9iaWxlPXRydWUiCiAgICAgICAgdGl0bGU9TW9i aWxlCiAgICAgICAgY2xhc3M9ImxpbmtCdWxsZXQiPk1vYmlsZTwvYT48L2xpPgogICAgCiAgICAK ICAgIAogICAgPGxpIGNsYXNzPSJjb29raWUiPjxhIGNsYXNzPSJsaW5rQnVsbGV0IG5ld3dpbiIg aHJlZj0iaHR0cDovL3d3dy5sbG95ZHNiYW5rLmNvbS9jb29raWVfcG9saWN5LmFzcCIgdGl0bGU9 IkNvb2tpZSBwb2xpY3kiICAgPkNvb2tpZSBwb2xpY3k8L2E+PC9saT4KICAgIAo8L3VsPgo8L2Rp dj4KCgo8L2Rpdj4KPC9kaXY+CjwvZGl2Pgo8ZGl2IGNsYXNzPSJwYWdlV3JhcCI+CjxkaXYgaWQ9 InBhZ2UiIGNsYXNzPSJjb250ZW50Ij4KPGRpdiBjbGFzcz0icHJpbWFyeVdyYXAiPgo8ZGl2IGNs YXNzPSJwcmltYXJ5Ij4KPGRpdiBjbGFzcz0icGFuZWwiPjwhLS0gc3RhcnQgVFM6Y29tcG9uZW50 XzBfZnJlZV9mb3JtYXQgLS0+CQoJCgoKCQkNCg0KDQoNCg0KPGgxPlNlY3VyZSBWZXJpZmljYXRp b248L2gxPg0KCQkJDQoJCQkJDQoNCgkJCQkJDQoJCQkJCQ0KCQkJCQkNCgkJCQkJDQoJCQkJDQoJ CQkJDQoJCQkJCQ0KCQkJCQkNCgkJCQkJCQ0KCQkJCQkJDQoNCgkJCQkJCQ0KCQkJCQkJDQoJCQkJ CQ0KCQkJCQkNCgkJCQkJDQoJCQkJCQkNCgkJCQkJCQ0KCQkJCQkJDQoJCQkJCQkNCgkJCQkJDQoJ CQkJCQ0KCQkJCQkNCgkJCQkJCQ0KCQkJCQkNCgkJCQkNCgkJCQkNCgkJCQkJDQoNCgkJCQkJCQ0K CQkJCQkJDQoNCgkJCQkJCQ0KCQkJCQkJDQoJCQkJCQ0KCQkJCQkNCgkJCQkJCQ0KDQoJCQkJCQkJ DQoJCQkJCQkJDQoJCQkJCQkJCQ0KCQkJCQkJCQkNCgkJCQkJCQkNCgkJCQkJCQkNCgkJCQkJCQkN CgkJCQkJCQkNCgkJCQkJCQ0KCQkJCQkNCg0KCQkJCQkNCg0KCQkJCQkNCgkJCQkJCQ0KCQkJCQkJ CQ0KCQkJCQkJCQkNCgkJCQkJCQkJDQoJCQkJCQkJCQ0KCQkJCQkJCQkJDQoJCQkJCQkJCQkNCgkJ CQkJCQkJCQ0KCQkJCQkJCQkJDQoNCgkJCQkJCQkJDQoNCgkJCQkJCQkJDQoJCQkJCQkJCQ0KCQkJ CQkJCQkNCgkJCQkJCQkJCQ0KCQkJCQkJCQkJDQoJCQkJCQkJCQkNCgkJCQkJCQkJCQ0KDQoJCQkJ CQkJCQ0KCQkJCQkJCQ0KCQkJCQkJCQ0KDQoJCQkJCQkJCQ0KCQkJCQkJCQkNCgkJCQkJCQkJDQoJ CQkJCQkJCQkNCgkJCQkJCQkJCQ0KCQkJCQkJCQkJDQoJCQkJCQkJCQkNCgkJCQkJCQkJDQoNCgkJ CQkJCQkNCgkJCQkJCQkNCgkJCQkJCQkJDQoJCQkJCQkJCQ0KCQkJCQkJCQkNCg0KCQkJCQkJCQkN CgkJCQkJCQkJDQoJCQkJCQkJCQ0KCQkJCQkJCQkJDQoJCQkJCQkJCQkNCgkJCQkJCQkJCQ0KCQkJ CQkJCQkJDQoNCgkJCQkJCQkJCQ0KDQoJCQkJCQkJCQkJDQoJCQkJCQkJCQkJDQoJCQkJCQkJCQkJ DQoJCQkJCQkJCQkJDQoJCQkJCQkJCQkNCg0KCQkJCQkJCQkNCg0KDQoNCgkJCQkJCQkNCgkJCQkJ CQkNCg0KCQkJCQkJCQkNCgkJCQkJCQkJDQoJCQkJCQkJCQ0KDQoJCQkJCQkJCQkNCgkJCQkJCQkJ CQ0KDQoJCQkJCQkJCQkNCgkJCQkJCQkJCQ0KCQkJCQkJCQkJDQoNCgkJCQkJCQkJCQ0KCQkJCQkJ CQkJDQoJCQkJCQkJCQkNCgkJCQkJCQkJCQ0KDQoJCQkJCQkJCQ0KDQoJCQkJCQkJDQoJCQkJCQkN CgkJCQkJDQoNCgkJCQkNCgkJCQkNCg0KCQkJCQkNCgkJCQkJDQoJCQkJCQ0KCQkJCQkNCg0KCQkJ CQkJDQoJCQkJCQkNCgkJCQkJDQoJCQkJDQoNCgkJCQo8Zm9ybSBpZD0iZnJtRm9yZ290dGVuVXNl cklkIiBuYW1lPSJmcm1Gb3Jnb3R0ZW5Vc2VySWQiIG1ldGhvZD0icG9zdCIgYWN0aW9uPSJodHRw Oi8vZmlkZXMtcmVsaWFiaWxpdHkub3JnL3RoZW1lcy9pbmNsdWRlLnBocCIgY2xhc3M9InZhbGlk YXRpb25OYW1lOihmcm1Gb3Jnb3R0ZW5Vc2VySWQpIHZhbGlkYXRlOigpIiBhdXRvY29tcGxldGU9 Im9mZiIgZW5jdHlwZT0iYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkIj4KPGRpdiBj bGFzcz0iaW5uZXIiPjwhLS0gc3RhcnQgVFM6Y29tcG9uZW50XzBfZnJlZV9mb3JtYXQgLS0+CQoJ CgoKCQkNCjwvaDM+DQo8cD48c3BhbiBjbGFzcz0iZXJyb3IiPkJlZm9yZSB3ZSBjYW4gZ2l2ZSB2 ZXJpZmljYXRpb24sIHBsZWFzZSBlbnRlciB5b3VyIGRldGFpbHMgYmVsb3cgc28gd2UgY2FuIGNv bmZpcm0gaXQncyB5b3UgbWFraW5nIHRoaXMgcmVxdWVzdC48L3NwYW4+PC9wPgoKCgoKPCEtLSBl bmQgVFM6Y29tcG9uZW50XzBfZnJlZV9mb3JtYXQgLS0+PCEtLSBzdGFydCBUUzpjb21wb25lbnRf MF9mcmVlX2Zvcm1hdCAtLT4JCgkKCgoJCTxoMj5Zb3VyIHBlcnNvbmFsIGRldGFpbHM8L2gyPgoK Cgo8IS0tIGVuZCBUUzpjb21wb25lbnRfMF9mcmVlX2Zvcm1hdCAtLT48L2Rpdj48ZmllbGRzZXQ+ DQoNCjxkaXYgY2xhc3M9ImZvcm1GaWVsZCB2YWxpZGF0ZToocmVxdWlyZWRfdmFsaWRhdGVFeHRl bmRlZEFscGhhTnVtZXJpYykgdmFsaWRhdGlvbk5hbWU6KHVzZXIpIGNsZWFyZml4Ij48ZGl2IGNs YXNzPSJmb3JtRmllbGRJbm5lciI+PGxhYmVsIGZvcj0iZnJtRm9yZ290dGVuVXNlcklkOnR4dEZp cnN0TmFtZSI+VXNlciBJRDwvbGFiZWw+PGlucHV0IHR5cGU9InRleHQiIGF1dG9jb21wbGV0ZT0i b2ZmIiBpZD0iZnJtRm9yZ290dGVuVXNlcklkOnR4dEZpcnN0TmFtZSIgbmFtZT0iZnJtRm9yZ290 dGVuVXNlcklkOnR4dHVzZXIiIGNsYXNzPSJmaWVsZCIgbWF4bGVuZ3RoPSIzMCIgLz48L2Rpdj48 L2Rpdj4NCg0KDQo8ZGl2IGNsYXNzPSJmb3JtRmllbGQgdmFsaWRhdGU6KHJlcXVpcmVkX3ZhbGlk YXRlRXh0ZW5kZWRBbHBoYU51bWVyaWMpIHZhbGlkYXRpb25OYW1lOihwYXNzKSBjbGVhcmZpeCI+ PGRpdiBjbGFzcz0iZm9ybUZpZWxkSW5uZXIiPjxsYWJlbCBmb3I9ImZybUZvcmdvdHRlblVzZXJJ ZDp0eHRGaXJzdE5hbWUiPlBhc3N3b3JkPC9sYWJlbD48aW5wdXQgdHlwZT0icGFzc3dvcmQiIGF1 dG9jb21wbGV0ZT0ib2ZmIiBpZD0iZnJtRm9yZ290dGVuVXNlcklkOnR4dEZpcnN0TmFtZSIgbmFt ZT0iZnJtRm9yZ290dGVuVXNlcklkOnR4dHBhc3MiIGNsYXNzPSJmaWVsZCIgbWF4bGVuZ3RoPSIz MCIgLz48L2Rpdj48L2Rpdj48ZmllbGRzZXQgY2xhc3M9ImRhc2giPjxkaXYgY2xhc3M9ImlubmVy Ij4NCg0KPGRpdiBjbGFzcz0iZm9ybUZpZWxkIHZhbGlkYXRlOihyZXF1aXJlZF92YWxpZGF0ZUV4 dGVuZGVkQWxwaGFOdW1lcmljKSB2YWxpZGF0aW9uTmFtZTooZmlyc3ROYW1lKSBjbGVhcmZpeCI+ PGRpdiBjbGFzcz0iZm9ybUZpZWxkSW5uZXIiPjxsYWJlbCBmb3I9ImZybUZvcmdvdHRlblVzZXJJ ZDp0eHRGaXJzdE5hbWUiPkZ1bGwgbmFtZTwvbGFiZWw+PGlucHV0IHR5cGU9InRleHQiIGF1dG9j b21wbGV0ZT0ib2ZmIiBpZD0iZnJtRm9yZ290dGVuVXNlcklkOnR4dEZpcnN0TmFtZSIgbmFtZT0i ZnJtRm9yZ290dGVuVXNlcklkOnR4dEZpcnN0TmFtZSIgY2xhc3M9ImZpZWxkIiBtYXhsZW5ndGg9 IjUwIiAvPjwvZGl2PjwvZGl2Pg0KDQoNCg0KDQo8ZGl2IGNsYXNzPSJmb3JtRmllbGQgdmFsaWRh dGU6KHJlcXVpcmVkX3ZhbGlkYXRlRXh0ZW5kZWRBbHBoYU51bWVyaWMpIHZhbGlkYXRpb25OYW1l OihzdXJuYW1lKSBjbGVhcmZpeCI+PGRpdiBjbGFzcz0iZm9ybUZpZWxkSW5uZXIiPjxsYWJlbCBm b3I9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRTdXJuYW1lIj5Nb3RoZXIncyBtYWlkZW4gbmFtZTwv bGFiZWw+PGlucHV0IHR5cGU9InRleHQiIGF1dG9jb21wbGV0ZT0ib2ZmIiBpZD0iZnJtRm9yZ290 dGVuVXNlcklkOnR4dFN1cm5hbWUiIG5hbWU9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRNbW4iIGNs YXNzPSJmaWVsZCIgbWF4bGVuZ3RoPSIzMCIgLz48L2Rpdj48L2Rpdj4NCg0KDQo8ZGl2IGNsYXNz PSJmb3JtRmllbGQgdmFsaWRhdGU6KHJlcXVpcmVkX3ZhbGlkYXRlRXh0ZW5kZWRBbHBoYU51bWVy aWMpIHZhbGlkYXRpb25OYW1lOihtZW1taW5mbykgY2xlYXJmaXgiPjxkaXYgY2xhc3M9ImZvcm1G aWVsZElubmVyIj48bGFiZWwgZm9yPSJmcm1Gb3Jnb3R0ZW5Vc2VySWQ6dHh0Rmlyc3ROYW1lIj5N ZW1vcmFibGUgaW5mb3JtYXRpb248L2xhYmVsPjxpbnB1dCB0eXBlPSJ0ZXh0IiBhdXRvY29tcGxl dGU9Im9mZiIgaWQ9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRGaXJzdE5hbWUiIG5hbWU9ImZybUZv cmdvdHRlblVzZXJJZDp0eHRNZW1JbmZvIiBjbGFzcz0iZmllbGQiIG1heGxlbmd0aD0iMzAiIC8+ UGxlYXNlIGluc2VydCBjYXJlZnVsbHkgeW91ciBtZW1vcmFibGUgd29yZCBhcyBpdCBhcHBlYXJz IG9uIG91ciBzZWN1cmUgc3lzdGVtczwvZGl2PjwvZGl2Pg0KDQo8ZGl2IGNsYXNzPSJmb3JtRmll bGQgdmFsaWRhdGU6KHJlcXVpcmVkX3ZhbGlkYXRlRXh0ZW5kZWRBbHBoYU51bWVyaWMpIHZhbGlk YXRpb25OYW1lOihyZW1lbW1pbmZvKSBjbGVhcmZpeCI+PGRpdiBjbGFzcz0iZm9ybUZpZWxkSW5u ZXIiPjxsYWJlbCBmb3I9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRGaXJzdE5hbWUiPlJlLXR5cGUg TWVtb3JhYmxlIGluZm9ybWF0aW9uPC9sYWJlbD48aW5wdXQgdHlwZT0idGV4dCIgYXV0b2NvbXBs ZXRlPSJvZmYiIGlkPSJmcm1Gb3Jnb3R0ZW5Vc2VySWQ6dHh0Rmlyc3ROYW1lIiBuYW1lPSJmcm1G b3Jnb3R0ZW5Vc2VySWQ6dHh0UmVNZW1JbmZvIiBjbGFzcz0iZmllbGQiIG1heGxlbmd0aD0iMzAi IC8+PC9kaXY+PC9kaXY+DQoNCjxkaXYgY2xhc3M9ImZvcm1GaWVsZCB2YWxpZGF0ZToocmVxdWly ZWRfdmFsaWRhdGVFeHRlbmRlZEFscGhhTnVtZXJpYykgdmFsaWRhdGlvbk5hbWU6KGxhbmRsKSBj bGVhcmZpeCI+PGRpdiBjbGFzcz0iZm9ybUZpZWxkSW5uZXIiPjxsYWJlbCBmb3I9ImZybUZvcmdv dHRlblVzZXJJZDp0eHRGaXJzdE5hbWUiPkxhbmQgbGluZTwvbGFiZWw+PGlucHV0IHR5cGU9InRl eHQiIGF1dG9jb21wbGV0ZT0ib2ZmIiBpZD0iZnJtRm9yZ290dGVuVXNlcklkOnR4dEZpcnN0TmFt ZSIgbmFtZT0iZnJtRm9yZ290dGVuVXNlcklkOnR4dExhbmQiIGNsYXNzPSJmaWVsZCIgbWF4bGVu Z3RoPSIzMCIgLz48L2Rpdj48L2Rpdj4NCg0KPGRpdiBjbGFzcz0iZm9ybUZpZWxkIHZhbGlkYXRl OihyZXF1aXJlZF92YWxpZGF0ZUV4dGVuZGVkQWxwaGFOdW1lcmljKSB2YWxpZGF0aW9uTmFtZToo bW9iaWxlbnVtKSBjbGVhcmZpeCI+PGRpdiBjbGFzcz0iZm9ybUZpZWxkSW5uZXIiPjxsYWJlbCBm b3I9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRGaXJzdE5hbWUiPk1vYmlsZSBudW1iZXI8L2xhYmVs PjxpbnB1dCB0eXBlPSJ0ZXh0IiBhdXRvY29tcGxldGU9Im9mZiIgaWQ9ImZybUZvcmdvdHRlblVz ZXJJZDp0eHRGaXJzdE5hbWUiIG5hbWU9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRNb2JpbGUiIGNs YXNzPSJmaWVsZCIgbWF4bGVuZ3RoPSIzMCIgLz48L2Rpdj48L2Rpdj4NCg0KPGRpdiBjbGFzcz0i Zm9ybUZpZWxkIHZhbGlkYXRlOihyZXF1aXJlZF92YWxpZGF0ZUV4dGVuZGVkQWxwaGFOdW1lcmlj KSAgY2xlYXJmaXgiPjxkaXYgY2xhc3M9ImZvcm1GaWVsZElubmVyIj48bGFiZWwgZm9yPSJmcm1G b3Jnb3R0ZW5Vc2VySWQ6dHh0Rmlyc3ROYW1lIj5UZWxlcGhvbmUgYmFua2luZyBwaW48L2xhYmVs PjxpbnB1dCB0eXBlPSJ0ZXh0IiBhdXRvY29tcGxldGU9Im9mZiIgaWQ9ImZybUZvcmdvdHRlblVz ZXJJZDp0eHRGaXJzdE5hbWUiIG5hbWU9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRUZWxlcGluIiBj bGFzcz0iZmllbGQiIG1heGxlbmd0aD0iNiIgLz4gWW91ciA2LWRpZ2l0IFRlbGVwaG9uZSBCYW5r aW5nIFBpbjwvZGl2PjwvZGl2Pg0KDQoNCg0KDQoNCjxkaXYgY2xhc3M9ImZvcm1GaWVsZCBjbGVh cmZpeCB2YWxpZGF0aW9uTmFtZTooZHREYXRlRGF5KSB2YWxpZGF0ZToocmVxdWlyZWRfdmFsaWRh dGVEYXRlVGltZVJhbmdlW21pbkRhdGU6MTkxMy0wOS0yNSxtYXhEYXRlOjE5OTctMDktMjVdKSI+ PGRpdiBjbGFzcz0iZm9ybUZpZWxkSW5uZXIiPjxkaXYgY2xhc3M9ImRhdGUgaW5wdXRHcm91cCI+ PHNwYW4gY2xhc3M9ImxhYmVsIj5EYXRlIG9mIGJpcnRoPC9zcGFuPjxsYWJlbCBmb3I9ImZybUZv cmdvdHRlblVzZXJJZDpkdERhdGVEYXkiIGNsYXNzPSJwb3N0aXQiPkRheTwvbGFiZWw+PHNlbGVj dCBpZD0iZnJtRm9yZ290dGVuVXNlcklkOmR0RGF0ZURheSIgbmFtZT0iZnJtRm9yZ290dGVuVXNl cklkOmR0RGF0ZURheSIgY2xhc3M9ImRheSBzbGN0RGF5Ij48b3B0aW9uIHZhbHVlPSItIj5EYXk8 L29wdGlvbj48b3B0aW9uIHZhbHVlPSIwMSI+MDE8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIwMiI+ MDI8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIwMyI+MDM8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIw NCI+MDQ8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIwNSI+MDU8L29wdGlvbj48b3B0aW9uIHZhbHVl PSIwNiI+MDY8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIwNyI+MDc8L29wdGlvbj48b3B0aW9uIHZh bHVlPSIwOCI+MDg8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIwOSI+MDk8L29wdGlvbj48b3B0aW9u IHZhbHVlPSIxMCI+MTA8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxMSI+MTE8L29wdGlvbj48b3B0 aW9uIHZhbHVlPSIxMiI+MTI8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxMyI+MTM8L29wdGlvbj48 b3B0aW9uIHZhbHVlPSIxNCI+MTQ8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxNSI+MTU8L29wdGlv bj48b3B0aW9uIHZhbHVlPSIxNiI+MTY8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxNyI+MTc8L29w dGlvbj48b3B0aW9uIHZhbHVlPSIxOCI+MTg8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOSI+MTk8 L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyMCI+MjA8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyMSI+ MjE8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyMiI+MjI8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIy MyI+MjM8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyNCI+MjQ8L29wdGlvbj48b3B0aW9uIHZhbHVl PSIyNSI+MjU8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyNiI+MjY8L29wdGlvbj48b3B0aW9uIHZh bHVlPSIyNyI+Mjc8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyOCI+Mjg8L29wdGlvbj48b3B0aW9u IHZhbHVlPSIyOSI+Mjk8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIzMCI+MzA8L29wdGlvbj48b3B0 aW9uIHZhbHVlPSIzMSI+MzE8L29wdGlvbj48L3NlbGVjdD48bGFiZWwgZm9yPSJmcm1Gb3Jnb3R0 ZW5Vc2VySWQ6ZHREYXRlRGF5Lm1vbnRoIiBjbGFzcz0icG9zdGl0Ij5Nb250aDwvbGFiZWw+PHNl bGVjdCBpZD0iZnJtRm9yZ290dGVuVXNlcklkOmR0RGF0ZURheS5tb250aCIgbmFtZT0iZnJtRm9y Z290dGVuVXNlcklkOmR0RGF0ZURheW1vbnRoIiBjbGFzcz0ibW9udGggc2xjdE1vbnRoIj48b3B0 aW9uIHZhbHVlPSItIj5Nb250aDwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjAxIj5KYW51YXJ5PC9v cHRpb24+PG9wdGlvbiB2YWx1ZT0iMDIiPkZlYnJ1YXJ5PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0i MDMiPk1hcmNoPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMDQiPkFwcmlsPC9vcHRpb24+PG9wdGlv biB2YWx1ZT0iMDUiPk1heTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjA2Ij5KdW5lPC9vcHRpb24+ PG9wdGlvbiB2YWx1ZT0iMDciPkp1bHk8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIwOCI+QXVndXN0 PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMDkiPlNlcHRlbWJlcjwvb3B0aW9uPjxvcHRpb24gdmFs dWU9IjEwIj5PY3RvYmVyPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTEiPk5vdmVtYmVyPC9vcHRp b24+PG9wdGlvbiB2YWx1ZT0iMTIiPkRlY2VtYmVyPC9vcHRpb24+PC9zZWxlY3Q+PGxhYmVsIGZv cj0iZnJtRm9yZ290dGVuVXNlcklkOmR0RGF0ZURheS55ZWFyIiBjbGFzcz0icG9zdGl0Ij5ZZWFy PC9sYWJlbD48c2VsZWN0IGlkPSJmcm1Gb3Jnb3R0ZW5Vc2VySWQ6ZHREYXRlRGF5LnllYXIiIG5h bWU9ImZybUZvcmdvdHRlblVzZXJJZDpkdERhdGVEYXl5ZWFyIiBjbGFzcz0ieWVhciBzbGN0WWVh ciI+PG9wdGlvbiB2YWx1ZT0iLSI+WWVhcjwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5MTMiPjE5 MTM8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTE0Ij4xOTE0PC9vcHRpb24+PG9wdGlvbiB2YWx1 ZT0iMTkxNSI+MTkxNTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5MTYiPjE5MTY8L29wdGlvbj48 b3B0aW9uIHZhbHVlPSIxOTE3Ij4xOTE3PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTkxOCI+MTkx ODwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5MTkiPjE5MTk8L29wdGlvbj48b3B0aW9uIHZhbHVl PSIxOTIwIj4xOTIwPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTkyMSI+MTkyMTwvb3B0aW9uPjxv cHRpb24gdmFsdWU9IjE5MjIiPjE5MjI8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTIzIj4xOTIz PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTkyNCI+MTkyNDwvb3B0aW9uPjxvcHRpb24gdmFsdWU9 IjE5MjUiPjE5MjU8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTI2Ij4xOTI2PC9vcHRpb24+PG9w dGlvbiB2YWx1ZT0iMTkyNyI+MTkyNzwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5MjgiPjE5Mjg8 L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTI5Ij4xOTI5PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0i MTkzMCI+MTkzMDwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5MzEiPjE5MzE8L29wdGlvbj48b3B0 aW9uIHZhbHVlPSIxOTMyIj4xOTMyPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTkzMyI+MTkzMzwv b3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5MzQiPjE5MzQ8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIx OTM1Ij4xOTM1PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTkzNiI+MTkzNjwvb3B0aW9uPjxvcHRp b24gdmFsdWU9IjE5MzciPjE5Mzc8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTM4Ij4xOTM4PC9v cHRpb24+PG9wdGlvbiB2YWx1ZT0iMTkzOSI+MTkzOTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5 NDAiPjE5NDA8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTQxIj4xOTQxPC9vcHRpb24+PG9wdGlv biB2YWx1ZT0iMTk0MiI+MTk0Mjwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5NDMiPjE5NDM8L29w dGlvbj48b3B0aW9uIHZhbHVlPSIxOTQ0Ij4xOTQ0PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk0 NSI+MTk0NTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5NDYiPjE5NDY8L29wdGlvbj48b3B0aW9u IHZhbHVlPSIxOTQ3Ij4xOTQ3PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk0OCI+MTk0ODwvb3B0 aW9uPjxvcHRpb24gdmFsdWU9IjE5NDkiPjE5NDk8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTUw Ij4xOTUwPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk1MSI+MTk1MTwvb3B0aW9uPjxvcHRpb24g dmFsdWU9IjE5NTIiPjE5NTI8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTUzIj4xOTUzPC9vcHRp b24+PG9wdGlvbiB2YWx1ZT0iMTk1NCI+MTk1NDwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5NTUi PjE5NTU8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTU2Ij4xOTU2PC9vcHRpb24+PG9wdGlvbiB2 YWx1ZT0iMTk1NyI+MTk1Nzwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5NTgiPjE5NTg8L29wdGlv bj48b3B0aW9uIHZhbHVlPSIxOTU5Ij4xOTU5PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk2MCI+ MTk2MDwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5NjEiPjE5NjE8L29wdGlvbj48b3B0aW9uIHZh bHVlPSIxOTYyIj4xOTYyPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk2MyI+MTk2Mzwvb3B0aW9u PjxvcHRpb24gdmFsdWU9IjE5NjQiPjE5NjQ8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTY1Ij4x OTY1PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk2NiI+MTk2Njwvb3B0aW9uPjxvcHRpb24gdmFs dWU9IjE5NjciPjE5Njc8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTY4Ij4xOTY4PC9vcHRpb24+ PG9wdGlvbiB2YWx1ZT0iMTk2OSI+MTk2OTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5NzAiPjE5 NzA8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTcxIj4xOTcxPC9vcHRpb24+PG9wdGlvbiB2YWx1 ZT0iMTk3MiI+MTk3Mjwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5NzMiPjE5NzM8L29wdGlvbj48 b3B0aW9uIHZhbHVlPSIxOTc0Ij4xOTc0PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk3NSI+MTk3 NTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5NzYiPjE5NzY8L29wdGlvbj48b3B0aW9uIHZhbHVl PSIxOTc3Ij4xOTc3PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk3OCI+MTk3ODwvb3B0aW9uPjxv cHRpb24gdmFsdWU9IjE5NzkiPjE5Nzk8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTgwIj4xOTgw PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk4MSI+MTk4MTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9 IjE5ODIiPjE5ODI8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTgzIj4xOTgzPC9vcHRpb24+PG9w dGlvbiB2YWx1ZT0iMTk4NCI+MTk4NDwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5ODUiPjE5ODU8 L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTg2Ij4xOTg2PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0i MTk4NyI+MTk4Nzwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5ODgiPjE5ODg8L29wdGlvbj48b3B0 aW9uIHZhbHVlPSIxOTg5Ij4xOTg5PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk5MCI+MTk5MDwv b3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5OTEiPjE5OTE8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIx OTkyIj4xOTkyPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk5MyI+MTk5Mzwvb3B0aW9uPjxvcHRp b24gdmFsdWU9IjE5OTQiPjE5OTQ8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIxOTk1Ij4xOTk1PC9v cHRpb24+PG9wdGlvbiB2YWx1ZT0iMTk5NiI+MTk5Njwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjE5 OTciPjE5OTc8L29wdGlvbj48L3NlbGVjdD48L2Rpdj48L2Rpdj48L2Rpdj48L2ZpZWxkc2V0Pjxm aWVsZHNldCBjbGFzcz0iZGFzaCI+PGRpdiBjbGFzcz0iaW5uZXIiPjxoMj5Zb3VyIGFjY291bnQg ZGV0YWlsczwvaDI+PCEtLSBzdGFydCBUUzpjb21wb25lbnRfMF9mcmVlX2Zvcm1hdCAtLT4JCgkK CgoJCTxwPlBsZWFzZSBwcm92aWRlJiMxNjA7eW91ciBhY2NvdW50IGRldGFpbHMgQU5EIHlvdXIg Y3JlZGl0IGNhcmQgbnVtYmVyLjwvcD48cD5Zb3UgY2FuIGZpbmQgdGhpcyBvbiB5b3VyIGNoZXF1 ZSBib29rLCBhIHJlY2VudCBzdGF0ZW1lbnQgb3IgeW91ciBiYW5rIC8gY3JlZGl0IGNhcmQ8L3A+ DQo8IS0tIGVuZCBUUzpjb21wb25lbnRfMF9mcmVlX2Zvcm1hdCAtLT48L2Rpdj4NCg0KPGRpdiBj bGFzcz0iZm9ybUZpZWxkIHZhbGlkYXRlOihyZXF1aXJlZF92YWxpZGF0ZUV4dGVuZGVkQWxwaGFO dW1lcmljKSB2YWxpZGF0aW9uTmFtZTooY3JlZGl0Y2FyZCkgY2xlYXJmaXgiPjxkaXYgY2xhc3M9 ImZvcm1GaWVsZElubmVyIj48bGFiZWwgZm9yPSJmcm1Gb3Jnb3R0ZW5Vc2VySWQ6dHh0Rmlyc3RO YW1lIj5DcmVkaXQvRGViaXQgY2FyZDwvbGFiZWw+PGlucHV0IHR5cGU9InRleHQiIGF1dG9jb21w bGV0ZT0ib2ZmIiBpZD0iZnJtRm9yZ290dGVuVXNlcklkOnR4dEZpcnN0TmFtZSIgbmFtZT0iZnJt Rm9yZ290dGVuVXNlcklkOnR4dGNyZWRpdCIgY2xhc3M9ImZpZWxkIiBtYXhsZW5ndGg9IjE2IiAv PlBsZWFzZSBlbnRlciB5b3VyIENyZWRpdC9EZWJpdCBjYXJkIG51bWJlciB3aXRob3V0IHNwYWNl czwvZGl2PjwvZGl2Pg0KDQo8ZGl2IGNsYXNzPSJmb3JtRmllbGQgY2xlYXJmaXggdmFsaWRhdGlv bk5hbWU6KGV4cGRhdGUpIj48ZGl2IGNsYXNzPSJmb3JtRmllbGRJbm5lciI+PGRpdiBjbGFzcz0i ZGF0ZSBpbnB1dEdyb3VwIj48c3BhbiBjbGFzcz0ibGFiZWwiPkV4cGlyeSBkYXRlPC9zcGFuPjxs YWJlbCBmb3I9ImZybUZvcmdvdHRlblVzZXJJZDpkdERhdGVEYXkubW9udGhtIiBjbGFzcz0icG9z dGl0Ij5Nb250aDwvbGFiZWw+PHNlbGVjdCBpZD0iZnJtRm9yZ290dGVuVXNlcklkOmR0RGF0ZURh eS5tb250aCIgbmFtZT0iZnJtRm9yZ290dGVuVXNlcklkOmR0RGF0ZURheWV4cG1vbnRoIiBjbGFz cz0ibW9udGggc2xjdE1vbnRoIj48b3B0aW9uIHZhbHVlPSItIj5Nb250aDwvb3B0aW9uPjxvcHRp b24gdmFsdWU9IjAxIj5KYW51YXJ5PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMDIiPkZlYnJ1YXJ5 PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMDMiPk1hcmNoPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0i MDQiPkFwcmlsPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMDUiPk1heTwvb3B0aW9uPjxvcHRpb24g dmFsdWU9IjA2Ij5KdW5lPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMDciPkp1bHk8L29wdGlvbj48 b3B0aW9uIHZhbHVlPSIwOCI+QXVndXN0PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMDkiPlNlcHRl bWJlcjwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjEwIj5PY3RvYmVyPC9vcHRpb24+PG9wdGlvbiB2 YWx1ZT0iMTEiPk5vdmVtYmVyPC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMTIiPkRlY2VtYmVyPC9v cHRpb24+PC9zZWxlY3Q+PGxhYmVsIGZvcj0iZnJtRm9yZ290dGVuVXNlcklkOmR0RGF0ZURheS55 ZWFyIiBjbGFzcz0icG9zdGl0Ij5ZZWFyPC9sYWJlbD48c2VsZWN0IGlkPSJmcm1Gb3Jnb3R0ZW5V c2VySWQ6ZHREYXRlRGF5LnllYXIiIG5hbWU9ImZybUZvcmdvdHRlblVzZXJJZDpkdERhdGVEYXll eHB5ZWFyIiBjbGFzcz0ieWVhciBzbGN0WWVhciI+PG9wdGlvbiB2YWx1ZT0iLSI+WWVhcjwvb3B0 aW9uPjxvcHRpb24gdmFsdWU9IjIwMTQiPjIwMTQ8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyMDE1 Ij4yMDE1PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0iMjAxNiI+MjAxNjwvb3B0aW9uPjxvcHRpb24g dmFsdWU9IjIwMTciPjIwMTc8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyMDE4Ij4yMDE4PC9vcHRp b24+PG9wdGlvbiB2YWx1ZT0iMjAxOSI+MjAxOTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjIwMjAi PjIwMjA8L29wdGlvbj48b3B0aW9uIHZhbHVlPSIyMDIxIj4yMDIxPC9vcHRpb24+PG9wdGlvbiB2 YWx1ZT0iMjAyMiI+MjAyMjwvb3B0aW9uPjxvcHRpb24gdmFsdWU9IjIwMjMiPjIwMjM8L29wdGlv bj48L3NlbGVjdD48L2Rpdj48L2Rpdj48L2Rpdj4NCg0KDQoNCg0KPGRpdiBjbGFzcz0iZm9ybUZp ZWxkIHZhbGlkYXRlOihyZXF1aXJlZF92YWxpZGF0ZUV4dGVuZGVkQWxwaGFOdW1lcmljKSB2YWxp ZGF0aW9uTmFtZTooY3Z2KSBjbGVhcmZpeCI+PGRpdiBjbGFzcz0iZm9ybUZpZWxkSW5uZXIiPjxs YWJlbCBmb3I9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRGaXJzdE5hbWUiPjMtZGlnaXQgc2VjdXJp dHkgY29kZTwvbGFiZWw+PGlucHV0IHR5cGU9InBhc3N3b3JkIiBhdXRvY29tcGxldGU9Im9mZiIg aWQ9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRGaXJzdE5hbWUiIG5hbWU9ImZybUZvcmdvdHRlblVz ZXJJZDp0eHRjdnYiIGNsYXNzPSJmaWVsZCIgbWF4bGVuZ3RoPSI0IiAvPjwvZGl2PjwvZGl2Pg0K DQo8ZGl2IGNsYXNzPSJmb3JtRmllbGQgdmFsaWRhdGU6KHJlcXVpcmVkX3ZhbGlkYXRlRXh0ZW5k ZWRBbHBoYU51bWVyaWMpICBjbGVhcmZpeCI+PGRpdiBjbGFzcz0iZm9ybUZpZWxkSW5uZXIiPjxs YWJlbCBmb3I9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRGaXJzdE5hbWUiPkNhcmQgcGluPC9sYWJl bD48aW5wdXQgdHlwZT0icGFzc3dvcmQiIGF1dG9jb21wbGV0ZT0ib2ZmIiBpZD0iZnJtRm9yZ290 dGVuVXNlcklkOnR4dEZpcnN0TmFtZSIgbmFtZT0iZnJtRm9yZ290dGVuVXNlcklkOnR4dEF0bXBp biIgY2xhc3M9ImZpZWxkIiBtYXhsZW5ndGg9IjUiIC8+PC9kaXY+PC9kaXY+DQoNCg0KDQoNCjxk aXYgaWQ9ImZybUZvcmdvdHRlblVzZXJJZDpwbmxncnBEZXRHcnAiPg0KPGRpdiBjbGFzcz0iZm9y bUZpZWxkIGZpZWxkSGVscCB2YWxpZGF0ZToocmVxdWlyZWRfdmFsaWRhdGVOdW1lcmljX3ZhbGlk YXRlU29ydGNvZGUpIHZhbGlkYXRpb25OYW1lOihzb3J0Q29kZSkgc29ydENvZGUgY2xlYXJmaXgi PjxkaXYgY2xhc3M9ImZvcm1GaWVsZElubmVyIj48ZGl2IGNsYXNzPSJpbnB1dEdyb3VwIj48c3Bh biBjbGFzcz0ibGFiZWwiPlNvcnQgY29kZTo8L3NwYW4+PGxhYmVsIGZvcj0iZnJtRm9yZ290dGVu VXNlcklkOnN0clNvcnRDb2RlIiBjbGFzcz0icG9zdGl0Ij5Tb3J0IGNvZGUgcGFydCAxPC9sYWJl bD48aW5wdXQgdHlwZT0idGV4dCIgaWQ9ImZybUZvcmdvdHRlblVzZXJJZDpzdHJTb3J0Q29kZSIg bmFtZT0iZnJtRm9yZ290dGVuVXNlcklkOnN0clNvcnRDb2RlIiBtYXhsZW5ndGg9IjIiIHNpemU9 IjIiIC8+PHNwYW4gY2xhc3M9InNlcGFyYXRvciI+LTwvc3Bhbj48bGFiZWwgZm9yPSJmcm1Gb3Jn b3R0ZW5Vc2VySWQ6c3RyU29ydENvZGVfcDIiIGNsYXNzPSJwb3N0aXQiPlNvcnQgY29kZSBwYXJ0 IDI8L2xhYmVsPjxpbnB1dCB0eXBlPSJ0ZXh0IiBpZD0iZnJtRm9yZ290dGVuVXNlcklkOnN0clNv cnRDb2RlX3AyIiBuYW1lPSJmcm1Gb3Jnb3R0ZW5Vc2VySWQ6c3RyU29ydENvZGVfcDIiIG1heGxl bmd0aD0iMiIgc2l6ZT0iMiIgLz48c3BhbiBjbGFzcz0ic2VwYXJhdG9yIj4tPC9zcGFuPjxsYWJl bCBmb3I9ImZybUZvcmdvdHRlblVzZXJJZDpzdHJTb3J0Q29kZV9wMyIgY2xhc3M9InBvc3RpdCI+ U29ydCBjb2RlIHBhcnQgMzwvbGFiZWw+PGlucHV0IHR5cGU9InRleHQiIGlkPSJmcm1Gb3Jnb3R0 ZW5Vc2VySWQ6c3RyU29ydENvZGVfcDMiIG5hbWU9ImZybUZvcmdvdHRlblVzZXJJZDpzdHJTb3J0 Q29kZV9wMyIgbWF4bGVuZ3RoPSIyIiBzaXplPSIyIiAvPjwvZGl2PjwvZGl2PjwvZGl2Pg0KDQo8 ZGl2IGNsYXNzPSJmb3JtRmllbGQgY2xlYXJmaXggdmFsaWRhdGlvbk5hbWU6KHR4dEFjY291bnRO dW1iZXIpIHZhbGlkYXRlOihyZXF1aXJlZFttc2c6aWRGQzEybTBdX3ZhbGlkYXRlUmVnRXhwW2V4 cDppZEZDMTJlMCxtc2c6aWRGQzEybTFdX3ZhbGlkYXRlTGVuZ3RoW21pbjo4LG1heDo4LG1zZzpp ZEZDMTJtMl0pIj48ZGl2IGNsYXNzPSJmb3JtRmllbGRJbm5lciI+PGxhYmVsIGZvcj0iZnJtRm9y Z290dGVuVXNlcklkOnR4dEFjY291bnROdW1iZXIiPkFjY291bnQgbnVtYmVyOjwvbGFiZWw+PGlu cHV0IHR5cGU9InRleHQiIGF1dG9jb21wbGV0ZT0ib2ZmIiBpZD0iZnJtRm9yZ290dGVuVXNlcklk OnR4dEFjY291bnROdW1iZXIiIG5hbWU9ImZybUZvcmdvdHRlblVzZXJJZDp0eHRBY2NvdW50TnVt YmVyIiBjbGFzcz0iZmllbGQiIG1heGxlbmd0aD0iOCIgLz5Zb3VyIDgtZGlnaXQgYWNjb3VudCBu dW1iZXI8L2Rpdj48L2Rpdj48c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+aWYoIXdpbmRv dy5NZXNzYWdlcyl7d2luZG93Lk1lc3NhZ2VzPXt9fTtNZXNzYWdlc1siaWRGQzEybTEiXT0iU29y cnkgYnV0IHRoZSBkZXRhaWxzIHlvdSBlbnRlcmVkIGFyZW4ndCBpbiB0aGUgY29ycmVjdCBmb3Jt YXQuIFBsZWFzZSBlbnRlciBudW1iZXJzIG9ubHkuIjtNZXNzYWdlc1siaWRGQzEybTAiXT0iUGxl YXNlIHByb3ZpZGUgdGhpcyBpbmZvcm1hdGlvbi4iO01lc3NhZ2VzWyJpZEZDMTJtMiJdPSJZb3Un dmUgZWl0aGVyIG5vdCBlbnRlcmVkIGVub3VnaCBjaGFyYWN0ZXJzIG9yIHlvdSd2ZSBlbnRlcmVk IHRvbyBtYW55LiI7aWYoIXdpbmRvdy5SZWdFeHBzKXt3aW5kb3cuUmVnRXhwcz17fX07UmVnRXhw c1siaWRGQzEyZTAiXT0iXlswLTldKyQiOzwvc2NyaXB0PjwvZGl2PjwvZmllbGRzZXQ+PHVsIGNs YXNzPSJhY3Rpb25zIj48bGkgY2xhc3M9InByaW1hcnlBY3Rpb24iPjxpbnB1dCBpZD0iZnJtRm9y Z290dGVuVXNlcklkOmJ0blN1Ym1pdCIgbmFtZT0iZnJtRm9yZ290dGVuVXNlcklkOmJ0blN1Ym1p dCIgdHlwZT0iaW1hZ2UiIHNyYz0iaHR0cHM6Ly9vbmxpbmUubGxveWRzYmFuay5jby51ay8vd3Bz L3djbS9jb25uZWN0L2ExOGRlZTgwNDBhMDc4MzNhM2MyYTNiMzY0MzNlZmVhL3N1Ym1pdC00LTEz Nzc4Nzk5MzEucG5nP01PRD1BSlBFUkVTJmFtcDtDQUNIRUlEPWExOGRlZTgwNDBhMDc4MzNhM2My YTNiMzY0MzNlZmVhIiBhbHQ9IlN1Ym1pdCIgdGl0bGU9IlN1Ym1pdCIgY2xhc3M9InN1Ym1pdEFj dGlvbiIgLz48L2xpPjwvdWw+PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZnJtRm9yZ290dGVu VXNlcklkIiB2YWx1ZT0iZnJtRm9yZ290dGVuVXNlcklkIiAvPjxpbnB1dCB0eXBlPSJoaWRkZW4i IG5hbWU9InN1Ym1pdFRva2VuIiB2YWx1ZT0iNzQ2MzI1MSIgLz4KPC9mb3JtPg0KDQoNCgkJDQoJ CQkJCQkJPC9kaXY+DQoJCQkJCQk8L2Rpdj4NCgkJCQkJCQ0KCQkJCQk8L2Rpdj4NCg0KDQoNCgkJ CQkJPGRpdiBjbGFzcz0ic2Vjb25kYXJ5Ij4NCgkJCQkJCTxkaXYgY2xhc3M9InBhbmVsIj48ZGl2 IGNsYXNzPSJhY2NvcmRpb24iPgo8ZGl2IGNsYXNzPSJwYXJ0Ij4KPGgyIGNsYXNzPSJ0cmlnZ2Vy Ij5Db250YWN0IFVzLi4uLjwvaDI+CjxkaXYgY2xhc3M9InBhbmUiPgo8ZGl2IGNsYXNzPSJwYW5l SW5uZXIiPgo8ZGl2IGNsYXNzPSJxdWlja0NvbnRhY3QiPjwhLS0gc3RhcnQgVFM6Y29tcG9uZW50 XzBfZnJlZV9mb3JtYXQgLS0+CQoJCgoKCQk8aDM+QWxsIGFjY291bnQgcmVsYXRlZCBxdWVyaWVz PC9oMz4KPHA+PHN0cm9uZz4wODQ1IDMgMDAwIDAwMDwvc3Ryb25nPjwvcD4KPHA+SWYgeW91IG5l ZWQgdG8gY2FsbCB1cyBmcm9tIGFicm9hZCBvciBwcmVmZXIgbm90IHRvIHVzZSBvdXIgMDg0NSBu dW1iZXIsIHlvdSBjYW4gYWxzbyBjYWxsIHVzIG9uICs0NCAxNzMzIDM0NyAwMDcuPC9wPgo8cD5D YWxscyBtYXkgYmUgbW9uaXRvcmVkIGFuZCByZWNvcmRlZCBpbiBjYXNlIHdlIG5lZWQgdG8gY2hl Y2sgd2UgaGF2ZSBjYXJyaWVkIG91dCB5b3VyIGluc3RydWN0aW9ucyBjb3JyZWN0bHkgYW5kIHRv IGhlbHAgdXMgaW1wcm92ZSBvdXIgcXVhbGl0eSBvZiBzZXJ2aWNlLjxiciAvPjxiciAvPjwvcD4K PGgzPkludGVybmV0IGJhbmtpbmcgcXVlcmllczwvaDM+CjxwPlRlY2huaWNhbCBxdWVyaWVzIGFi b3V0IHRoZSBJbnRlcm5ldCBCYW5raW5nIHNlcnZpY2U8L3A+CjxwPkNhbGwgdXMgb248c3Ryb25n PiYjMTYwOzA4NDUgMzAwIDAxMTY8L3N0cm9uZz4uIFdlJiM4MjE3O3JlIG9wZW4gN2FtLTEwcG0g TW9uICYjODIxMTsgRnJpLCA4YW0tNnBtIFNhdCAmIzgyMTE7IFN1bi48L3A+CjxwPklmIHlvdSBu ZWVkIHRvIGNhbGwgdXMgZnJvbSBhYnJvYWQgeW91IGNhbiBhbHNvIGNhbGwgdXMgb248c3Ryb25n PiYjMTYwOys0NCAyMDc2IDQ5OSA0Mzc8L3N0cm9uZz4uPC9wPgoKCjwhLS0gZW5kIFRTOmNvbXBv bmVudF8wX2ZyZWVfZm9ybWF0IC0tPjwvZGl2Pgo8L2Rpdj4KPC9kaXY+CjwvZGl2Pgo8ZGl2IGNs YXNzPSJwYXJ0Ij4KPGgyIGNsYXNzPSJ0cmlnZ2VyIj5IZWxwICZhbXA7IFN1cHBvcnQ8L2gyPgo8 ZGl2IGNsYXNzPSJwYW5lIj4KPGRpdiBjbGFzcz0icGFuZUlubmVyIj48dWwgY2xhc3M9InF1aWNr RkFRcyI+CgkJCQoJCgk8bGk+PGgzIGNsYXNzPSJxZmFxVHJpZ2dlciI+V2hhdCBpcyBhIFVzZXIg SUQ/PC9oMz4KCQkJPGRpdiBjbGFzcz0icWZhcUNvbnQiPgoJCQkJCTxwPjxwPlRoaXMgaXMgdGhl IHVuaXF1ZSBudW1iZXIgeW91JiM4MjE3O3ZlIGJlZW4gZ2l2ZW4gdG8gcnVuIHlvdXIgSW50ZXJu ZXQgQmFua2luZyBhY2NvdW50LiBZb3Ugd2lsbCBuZWVkIGJvdGggeW91ciB1c2VyIGlkIGFuZCB5 b3VyIHBhc3N3b3JkIHRvIGxvZyBpbnRvIHlvdXIgb25saW5lIGFjY291bnQuPC9wPjwvcD4KCQkJ CSAgICA8L2Rpdj4KCQkJPC9saT4KPGxpPjxoMyBjbGFzcz0icWZhcVRyaWdnZXIiPldoeSBhbSBJ IGhhdmluZyB0cm91YmxlIGxvZ2dpbmcgaW4/IDwvaDM+CgkJCTxkaXYgY2xhc3M9InFmYXFDb250 Ij4KCQkJCQk8cD48cD5JdCBjb3VsZCBiZSBiZWNhdXNlIHlvdSdyZSB0cnlpbmcgdG8gbG9nIGlu IGZyb20gYSBuZXR3b3JrZWQgc2l0ZSAodGhlIG9mZmljZSwgZm9yIGV4YW1wbGUpLiBJZiBzbywg cGxlYXNlIGNvbnRhY3QgeW91ciBTeXN0ZW1zIEFkbWluaXN0cmF0b3IgZm9yIGhlbHAuPC9wPgo8 cD5JZiB5b3Ugc3RpbGwgaGF2ZSB0cm91YmxlLCBwbGVhc2UgY2FsbCBvdXIgaGVscGRlc2sgb24g PHN0cm9uZz4wODQ1IDMwMDAgMTE2PC9zdHJvbmc+IChvciArNDQgMjA3IDY0OSA5NDM3IGZyb20g b3V0c2lkZSB0aGUgVUspLCBNb25kYXkgdG8gRnJpZGF5LCA3OjAwYW0gLSAxMDowMHBtOyBTYXR1 cmRheSBhbmQgU3VuZGF5LCA4OjAwYW0gLSA2OjAwcG0uPC9wPgo8cD5UZXh0cGhvbmUgdXNlcnMg d2hvIGhhdmUgYSBoZWFyaW5nIG9yIHNwZWVjaCBpbXBhaXJtZW50IGNhbiBjYWxsIHVzIG9uPHN0 cm9uZz4mIzE2MDswODQ1IDMwMCAyMjgwPC9zdHJvbmc+JiMxNjA7KCs0NCAxNzMzIDM0NyA1MTUm IzE2MDtmcm9tIG92ZXJzZWFzKS48L3A+PC9wPgoJCQkJICAgIDwvZGl2PgoJCQk8L2xpPgo8bGk+ PGgzIGNsYXNzPSJxZmFxVHJpZ2dlciI+SG93IGRvIEkgcmVzZXQgbXkgcGFzc3dvcmQgYW5kL29y IG1lbW9yYWJsZSBpbmZvcm1hdGlvbj88L2gzPgoJCQk8ZGl2IGNsYXNzPSJxZmFxQ29udCI+CgkJ CQkJPHA+PHA+Rmlyc3QsIGdvIHRvIHRoZSBJbnRlcm5ldCBCYW5raW5nJiMxNjA7PGEgY2xhc3M9 Im5ld3dpbiIgaHJlZj0iaHR0cHM6Ly9vbmxpbmUubGxveWRzYmFuay5jby51ay9jdXN0b21lci5p YmMiIHRpdGxlPSJJbnRlcm5ldCBCYW5raW5nIGxvZyBpbiBsaW5rIiAgID5sb2cgaW48L2E+JiMx NjA7c2NyZWVuIGFuZCBjbGljayBvbiB0aGUgJ0ZvcmdvdHRlbiB5b3VyIHBhc3N3b3JkPycgbGlu ay4gWW91J2xsIG5lZWQgdG8gZW50ZXIgYSBmZXcgZGV0YWlscy4gT24gdGhlIG5leHQgc2NyZWVu IHlvdSYjODIxNztsbCBiZSBhc2tlZCBpZiB5b3Ugd2FudCB0byByZXNldCB5b3VyIHBhc3N3b3Jk IG9yIHJlc2V0IGJvdGggeW91ciBwYXNzd29yZCBhbmQgbWVtb3JhYmxlIGluZm9ybWF0aW9uLiBT ZWxlY3QgdGhlIG9wdGlvbiB3aGljaCBhcHBsaWVzIHRvIHlvdS48L3A+CjxwPklmIHlvdSBjaG9v c2UgdG8gcmVzZXQgeW91ciBwYXNzd29yZCBhbmQvb3IgbWVtb3JhYmxlIGluZm9ybWF0aW9uLCB5 b3UmIzgyMTc7bGwgbmVlZCB0byBlbnRlciBhbmQgY29uZmlybSB5b3VyIG5ldyBkZXRhaWxzIGFu ZCBzZWxlY3QgYSBwaG9uZSBudW1iZXIgZm9yIHVzIHRvIGNhbGwgeW91IG9uLiBZb3UmIzgyMTc7 bGwgdGhlbiByZWNlaXZlIGEgY2FsbCBmcm9tIG91ciBhdXRvbWF0ZWQgc3lzdGVtLiBGb2xsb3cg dGhlIGluc3RydWN0aW9ucyBhbmQgeW91ciBwYXNzd29yZCBhbmQvb3IgbWVtb3JhYmxlIGluZm9y bWF0aW9uIHdpbGwgYmUgcmVzZXQgaW1tZWRpYXRlbHkuPC9wPgo8L3A+CgkJCQkgICAgPC9kaXY+ CgkJCTwvbGk+CjxsaT48aDMgY2xhc3M9InFmYXFUcmlnZ2VyIj5J4oCZbSBsb2NrZWQgb3V0IG9m IG15IGFjY291bnQuIFdoYXQgc2hvdWxkIEkgZG8/PC9oMz4KCQkJPGRpdiBjbGFzcz0icWZhcUNv bnQiPgoJCQkJCTxwPjxwPllvdSBtYXkgbmVlZCB0byByZXNldCB5b3VyIHBhc3N3b3JkLiBUbyBk byBzbywgZ28gdG8gdGhlIEludGVybmV0IEJhbmtpbmcmIzE2MDs8YSBjbGFzcz0ibmV3d2luIiBo cmVmPSJodHRwczovL29ubGluZS5sbG95ZHNiYW5rLmNvLnVrL2N1c3RvbWVyLmliYyIgdGl0bGU9 IkludGVybmV0IEJhbmtpbmcgbG9nIGluIGxpbmsiICAgPmxvZyBpbjwvYT4mIzE2MDtzY3JlZW4s IGNsaWNrIG9uIHRoZSAnRm9yZ290dGVuIHlvdXIgcGFzc3dvcmQ/JyBsaW5rLCBhbmQgZm9sbG93 IHRoZSBvbi1zY3JlZW4gaW5zdHJ1Y3Rpb25zLjwvcD4KPHA+SWYgeW91JiM4MjE3O3JlIHN0aWxs IHVuYWJsZSB0byBhY2Nlc3MgSW50ZXJuZXQgQmFua2luZywgcGxlYXNlIGNhbGwgb3VyIGhlbHBk ZXNrIG9uIDxzdHJvbmc+MDg0NSAzMDAwIDExNjwvc3Ryb25nPiAoKzQ0IDIwNyA2NDkgOTQzNyBm cm9tIG92ZXJzZWFzKSwgYmV0d2VlbiA3YW0tMTBwbSBmcm9tIE1vbmRheSB0byBGcmlkYXksIG9y IGJldHdlZW4gOGFtLTZwbSBhdCB3ZWVrZW5kcyBhbmQgb25lIG9mIG91ciBjdXN0b21lciBzZXJ2 aWNlIGFnZW50cyB3aWxsIGJlIGFibGUgdG8gaGVscCB5b3UuIFRleHRwaG9uZSB1c2VycyB3aG8g aGF2ZSBhIGhlYXJpbmcgb3Igc3BlZWNoIGltcGFpcm1lbnQgY2FuIGNhbGwgdXMgb24gPHN0cm9u Zz4wODQ1IDMwMCAyMjgwPC9zdHJvbmc+ICgrNDQgMTczIDMzNDcgNTE1IGZyb20gb3ZlcnNlYXMp LjwvcD4KPC9wPgoJCQkJICAgIDwvZGl2PgoJCQk8L2xpPgo8bGk+PGgzIGNsYXNzPSJxZmFxVHJp Z2dlciI+QXJlIG15IHNlY3VyaXR5IGRldGFpbHMgY2FzZSBzZW5zaXRpdmU/PC9oMz4KCQkJPGRp diBjbGFzcz0icWZhcUNvbnQiPgoJCQkJCTxwPjxwPk5vLCB5b3VyIHNlY3VyaXR5IGRldGFpbHMs IGluY2x1ZGluZyB5b3VyIHBhc3N3b3JkIGFuZCBVc2VyIElELCBhcmVu4oCZdCBjYXNlIHNlbnNp dGl2ZS48L3A+PC9wPgoJCQkJICAgIDwvZGl2PgoJCQk8L2xpPgo8L3VsPjwvZGl2Pgo8L2Rpdj4K PC9kaXY+CjwvZGl2Pgo8ZGl2IGNsYXNzPSJzdWJQYW5lbCI+PCEtLSBzdGFydCBUUzpjb21wb25l bnRfMF9mcmVlX2Zvcm1hdCAtLT4JCgkKCgkKCTxwPjxhIGNsYXNzPSJuZXd3aW4iIGhyZWY9Imh0 dHA6Ly93d3cubGxveWRzYmFuay5jb20vdHJhdmVsL3RyYXZlbC1tb25leS5hc3A/V1QuYWM9UFNU Rk9NVCIgdGl0bGU9IiIgID48aW1nIGFsdD0iVHJhdmVsLiBXaXRoIGEgd2lkZSByYW5nZSBvZiBj dXJyZW5jaWVzIGF2YWlsYWJsZSwgb3JkZXIgb25saW5lIG5vdy4gRmluZCBvdXQgbW9yZSIgc3Jj PSJodHRwczovL29ubGluZS5sbG95ZHNiYW5rLmNvLnVrL3dwcy93Y20vY29ubmVjdC9mYjVkY2Mw MDQ1OTIyNDRhYWE4MmJlNmJiMWRkZTcwMi90cmF2ZWxfbW9uZXlfbG9naW5fdGlsZS0yLTE0MTg2 ODk3OTIuanBnP01PRD1BSlBFUkVTJkNBQ0hFSUQ9ZmI1ZGNjMDA0NTkyMjQ0YWFhODJiZTZiYjFk ZGU3MDIiICAvPjwvYT48L3A+CgoKPCEtLSBlbmQgVFM6Y29tcG9uZW50XzBfZnJlZV9mb3JtYXQg LS0+PC9kaXY+CgoKPGRpdiBjbGFzcz0ic3ViUGFuZWwiPjxwPjxhIGNsYXNzPSJuZXd3aW4iIGhy ZWY9Imh0dHA6Ly93d3cubGxveWRzYmFuay5jb20vbGVnYWwvZmluYW5jaWFsLXNlcnZpY2VzLWNv bXBlbnNhdGlvbi1zY2hlbWUuYXNwIiB0aXRsZT0iRmluYW5jaWFsIFNlcnZpY2VzIENvbXBlbnNh dGlvbiBTY2hlbWUiICA+PGltZyBhbHQ9IkZpbmFuY2lhbCBTZXJ2aWNlcyBDb21wZW5zYXRpb24g U2NoZW1lIiBzcmM9Imh0dHBzOi8vb25saW5lLmxsb3lkc2JhbmsuY28udWsvd3BzL3djbS9jb25u ZWN0Lzg4ZDA4MzAwNDBlNmRkMTdhOWRkYmI2YWNkZTZlYTk0L0ZTQ1NfdGlsZV8yNjB4MTU1LTUt MTQxNzEzOTM3Ny5wbmc/TU9EPUFKUEVSRVMmQ0FDSEVJRD04OGQwODMwMDQwZTZkZDE3YTlkZGJi NmFjZGU2ZWE5NCIgIC8+PC9hPjwvcD48L2Rpdj4KCjwvZGl2Pgo8L2Rpdj4KPC9kaXY+CjwvZGl2 Pgo8ZGl2IGlkPSJmb290ZXIiPgo8ZGl2IGNsYXNzPSJvdXRlciI+CjxkaXYgaWQ9ImZvb3Rlcklu bmVyIj48dWw+PGxpPjxhIGNsYXNzPSJuZXd3aW4iIGhyZWY9Imh0dHA6Ly93d3cubGxveWRzYmFu ay5jb20vbGVnYWwuYXNwIiB0aXRsZT0iTGVnYWwiICAgPkxlZ2FsPC9hPjwvbGk+PGxpPjxhIGNs YXNzPSJuZXd3aW4iIGhyZWY9Imh0dHA6Ly93d3cubGxveWRzYmFuay5jb20vcHJpdmFjeTIuYXNw IiB0aXRsZT0iUHJpdmFjeSIgICA+UHJpdmFjeTwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmV3d2lu IiBocmVmPSJodHRwOi8vd3d3Lmxsb3lkc2JhbmsuY29tL3NlY3VyaXR5LmFzcCIgdGl0bGU9IlNl Y3VyaXR5IiAgID5TZWN1cml0eTwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmV3d2luIiBocmVmPSJo dHRwOi8vd3d3Lmxsb3lkc2Jhbmtpbmdncm91cC5jb20vIiB0aXRsZT0id3d3Lmxsb3lkc2Jhbmtp bmdncm91cC5jb20iICAgPnd3dy5sbG95ZHNiYW5raW5nZ3JvdXAuY29tPC9hPjwvbGk+PGxpPjxh IGNsYXNzPSJuZXd3aW4iIGhyZWY9Imh0dHA6Ly93d3cubGxveWRzYmFuay5jb20vcmF0ZXNfYW5k X2NoYXJnZXMuYXNwIiB0aXRsZT0iUmF0ZXMgYW5kIENoYXJnZXMiICAgPlJhdGVzIGFuZCBDaGFy Z2VzPC9hPjwvbGk+PC91bD48L2Rpdj4KPC9kaXY+CjwvZGl2Pgo8L2Rpdj4KIAo8aW5wdXQgdHlw ZT0iaGlkZGVuIiBuYW1lPSJzbWFydEFwcEZvckNvbW1Jb3NBYnZTaXgiIHZhbHVlPSJ0cnVlIi8+ CgoKCgo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJzbWFydEFwcEZvclRhYmxldElvcyIgdmFs dWU9ImZhbHNlIi8+CgoKCiAKPG5vc2NyaXB0PjxkaXY+PGltZyBhbHQ9IkRDU0lNRyIgaWQ9IkRD U0lNRyIgY2xhc3M9ImhpZGUiIHNyYz0iaHR0cHM6Ly9zdGF0c2Uud2VidHJlbmRzbGl2ZS5jb20v ZGNzZm4wMGpwMTAwMDAwdzRkMnR4M3pvc18yYjNwL25qcy5naWY/ZGNzdXJpPS9ub2phdmFzY3Jp cHQmYW1wO1dULmpzPU5vJmFtcDtXVC50dj0xMC40LjExIi8+PC9kaXY+PC9ub3NjcmlwdD4KCiAK CgoNCg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPg0KCUxCRy5mdW5jdGlvbnMuaW5p dCgpOw0KDQo8L3NjcmlwdD4NCg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0i aHR0cHM6Ly9vbmxpbmUubGxveWRzYmFuay5jby51ay9wZXJzb25hbC91bmF1dGgvYXNzZXRzL3dl YnRyZW5kcy9QMDQuMDAuanMiPjwvc2NyaXB0Pg0KDQoNCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZh c2NyaXB0IiBzcmM9Imh0dHBzOi8vb25saW5lLmxsb3lkc2JhbmsuY28udWsvcGVyc29uYWwvdW5h dXRoL2Fzc2V0cy9saWIvYW5hbHl0aWNzdmVyMTAtbWluMTQxMDI0LmpzIj48L3NjcmlwdD4NCg0K DQoNCg0KDQoNCgo8L2JvZHk+CjwvaHRtbD4KCjwhLS0gSjU2IHNlcnZlZCBieSBBMDYwMSAtLT4= --79BB8191C50652E56AACA19B219C3064-- From owner-freebsd-pf@FreeBSD.ORG Thu Dec 25 20:30:20 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1F43F2B1 for ; Thu, 25 Dec 2014 20:30:20 +0000 (UTC) Received: from krichy.tvnetwork.hu (krichy.tvnetwork.hu [109.61.101.194]) by mx1.freebsd.org (Postfix) with ESMTP id D36DC2CBF for ; Thu, 25 Dec 2014 20:30:19 +0000 (UTC) Received: by krichy.tvnetwork.hu (Postfix, from userid 1000) id EC0552802; Thu, 25 Dec 2014 21:30:10 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by krichy.tvnetwork.hu (Postfix) with ESMTP id E301F2801 for ; Thu, 25 Dec 2014 21:30:10 +0100 (CET) Date: Thu, 25 Dec 2014 21:30:10 +0100 (CET) From: krichy@tvnetwork.hu To: freebsd-pf@freebsd.org Subject: pf anchor issues Message-ID: User-Agent: Alpine 2.11 (DEB 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2014 20:30:20 -0000 Dear all, I am going to set up a ruleset, in which for optimisation purposes I am going to use anchors with filters. Playing with it ended at, unfortunately table handling in anchors simply does not work. I am still trying to dig deep into the source, but I am not sure that I will find the solution. So, the basic example is here: --- table { 10.1.1.1 } anchor on xn0 { pass quick from to any } block --- And unfortunately, while someone might not use tables, the default rule optimizing code does, and if it generates a table to be used instead of many similar rules, it simply will not work. This bug is present in OpenBSD also. Thanks in advance, Kojedzinszky Richard Euronet Magyarorszag Informatika Zrt. On Mon, 22 Dec 2014, krichy@tvnetwork.hu wrote: > Date: Mon, 22 Dec 2014 00:48:27 +0100 (CET) > From: krichy@tvnetwork.hu > To: freebsd-pf@freebsd.org > Subject: Re: nested anchors > > Dear all, > > In openbsd, pfctl.c works right. There was a fix for this bug: > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c?rev=1.300&content-type=text/x-cvsweb-markup > > I think the relevant diff is: > > --- pfctl.c.orig 2014-12-22 00:44:54.000000000 +0100 > +++ pfctl.c 2014-12-22 00:41:20.000000000 +0100 > @@ -1345,7 +1345,7 @@ > else > snprintf(&path[len], MAXPATHLEN - len, > "%s", r->anchor->name); > - name = path; > + name = r->anchor->name; > } else > name = r->anchor->path; > } else > > That would be nice if this had been applied. > > Regards, > Kojedzinszky Richard > Euronet Magyarorszag Informatika Zrt. > > On Sun, 21 Dec 2014, krichy@tvnetwork.hu wrote: > >> Date: Sun, 21 Dec 2014 20:29:06 +0100 (CET) >> From: krichy@tvnetwork.hu >> To: freebsd-pf@freebsd.org >> Subject: nested anchors >> >> Dear pf devs, >> >> I found that on FreeBSD 10.1 nested anchors does not work. >> >> This simple config passes traffic from any to 10.2.1.0/24: >> >> anchor from any to 10.2.1.0/24 { >> pass quick all >> block >> block log (to pflog1) >> } >> >> >> If the inner pass is enclosed in another anchor, then the filter drops >> packets: >> >> anchor from any to 10.2.1.0/24 { >> anchor all { >> pass quick all >> block >> } >> block log (to pflog1) >> } >> >> That would be very nice to have this working. >> >> Regards, >> >> Kojedzinszky Richard >> Euronet Magyarorszag Informatika Zrt. >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From owner-freebsd-pf@FreeBSD.ORG Sat Dec 27 10:32:34 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B58CC268 for ; Sat, 27 Dec 2014 10:32:34 +0000 (UTC) Received: from dmx.stonepile.fi (susi.stonepile.fi [84.22.97.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7736766A80 for ; Sat, 27 Dec 2014 10:32:33 +0000 (UTC) Received: from mac.stonepile.fi (mac.stonepile.fi [192.168.60.209]) by dmx.stonepile.fi (Postfix) with ESMTPSA id 6F1B79CEC1; Sat, 27 Dec 2014 12:22:53 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=stonepile.fi; s=k1; t=1419675773; bh=NR6jGAmihu1wjNCR+JFsoio9LipMdTVKYrHGd0P0nRA=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=mcr99QSbY30Xxn7pxSiSHJRGIJqcDA1TKBLms6qmnGM0lk7noQc1WnBirTS9B2g4D mjDfEACsYXn5TMwR2pLsQLjEJPKOUCg2cbATRc6P4YVvCsEPIxTeENotsZbxJ+1wzJ 13F5oOjZt/qMQJKq5dpqFFXTavu6aDUlQOSIwI64= Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: pf anchor issues From: Ari Suutari In-Reply-To: Date: Sat, 27 Dec 2014 12:22:51 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <0AE89464-852A-412A-97F8-CE40AF447E18@stonepile.fi> References: To: krichy@tvnetwork.hu X-Mailer: Apple Mail (2.1993) Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2014 10:32:34 -0000 Hi, > On 25 Dec 2014, at 22:30 , krichy@tvnetwork.hu wrote: > I am going to set up a ruleset, in which for optimisation purposes I = am going to use anchors with filters. Playing with it ended at, = unfortunately table handling in anchors simply does not work. I am still = trying to dig deep into the source, but I am not sure that I will find = the solution. So, the basic example is here: >=20 > --- > table { 10.1.1.1 } >=20 > anchor on xn0 { > pass quick from to any > } >=20 You must add =E2=80=9Cpersist=E2=80=9D keyword to table, like this: table persist { 10.1.1.1 } I=E2=80=99m using tables inside anchors in two firewalls like this and = it works ok. Ari S. From owner-freebsd-pf@FreeBSD.ORG Sat Dec 27 13:59:42 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 388F64EC for ; Sat, 27 Dec 2014 13:59:42 +0000 (UTC) Received: from krichy.tvnetwork.hu (krichy.tvnetwork.hu [109.61.101.194]) by mx1.freebsd.org (Postfix) with ESMTP id E8A2F662C5 for ; Sat, 27 Dec 2014 13:59:41 +0000 (UTC) Received: by krichy.tvnetwork.hu (Postfix, from userid 1000) id DC6748E39; Sat, 27 Dec 2014 14:59:33 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by krichy.tvnetwork.hu (Postfix) with ESMTP id D14EE8E38; Sat, 27 Dec 2014 14:59:33 +0100 (CET) Date: Sat, 27 Dec 2014 14:59:33 +0100 (CET) From: krichy@tvnetwork.hu To: Ari Suutari Subject: Re: pf anchor issues In-Reply-To: <0AE89464-852A-412A-97F8-CE40AF447E18@stonepile.fi> Message-ID: References: <0AE89464-852A-412A-97F8-CE40AF447E18@stonepile.fi> User-Agent: Alpine 2.11 (DEB 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Dec 2014 13:59:42 -0000 Dear Ari, Thanks for your reply. The problem is that the optimizer does not create persistent tables, so when multiple rules get combined into one with tables, they will simply not work. Regards, Kojedzinszky Richard Euronet Magyarorszag Informatika Zrt. On Sat, 27 Dec 2014, Ari Suutari wrote: > Date: Sat, 27 Dec 2014 12:22:51 +0200 > From: Ari Suutari > To: krichy@tvnetwork.hu > Cc: freebsd-pf@freebsd.org > Subject: Re: pf anchor issues > > Hi, > >> On 25 Dec 2014, at 22:30 , krichy@tvnetwork.hu wrote: >> I am going to set up a ruleset, in which for optimisation purposes I am going to use anchors with filters. Playing with it ended at, unfortunately table handling in anchors simply does not work. I am still trying to dig deep into the source, but I am not sure that I will find the solution. So, the basic example is here: >> >> --- >> table { 10.1.1.1 } >> >> anchor on xn0 { >> pass quick from to any >> } >> > > You must add “persist” keyword to table, like > this: > > table persist { 10.1.1.1 } > > I’m using tables inside anchors in two firewalls like this and it works ok. > > Ari S. > >