From owner-freebsd-pf@freebsd.org Sun Jul 30 20:19:38 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7FE42DC14CE for ; Sun, 30 Jul 2017 20:19:38 +0000 (UTC) (envelope-from heikki@paatela.net) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 62B007F598 for ; Sun, 30 Jul 2017 20:19:38 +0000 (UTC) (envelope-from heikki@paatela.net) Received: by mailman.ysv.freebsd.org (Postfix) id 5EFDBDC14CD; Sun, 30 Jul 2017 20:19:38 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5CBC0DC14CC for ; Sun, 30 Jul 2017 20:19:38 +0000 (UTC) (envelope-from heikki@paatela.net) Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 22FD07F597 for ; Sun, 30 Jul 2017 20:19:37 +0000 (UTC) (envelope-from heikki@paatela.net) Received: by mail-vk0-x229.google.com with SMTP id u133so8801812vke.3 for ; Sun, 30 Jul 2017 13:19:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paatela.net; s=google; h=mime-version:from:date:message-id:subject:to; bh=f4hIqc+eArLUKfhu5cJiV4TQoq5viTBfFQ2e7hChtbo=; b=Xu6AAEFA6QfqpZrTTki4eSMnw72or5zTuHkI8mynD7070ZjbLV+8QR4TdF4IhHVe6T 1/tepC8ZF71FsL7JThQY11EKHttaty/hbO7DxmJp/Hzsy+rp109d+zh+Q4K7x1yfbR98 V4w8HbOyGSnk8auqtrJQT2bVlJPaihJiM2qk8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=f4hIqc+eArLUKfhu5cJiV4TQoq5viTBfFQ2e7hChtbo=; b=Kk3a/lxVzHHLdKbzsZdVSN3dSSSKQYH/VFx7jb2ztEptgGNrbLiKjucuzedMWOaMUA qJalSZ4tqMntE+OzY0zWk4WxROptooy/+vPBqofLVV2Gtne7zTkymjYuk+wgdyGHtjBW Iw0NPRBTW+Gqv3Nf0nMjuLuMaBWJShU+uV8H6csZMrUSwjqjZNCv+HKBBJYEZTAeqI5s G3DlUgaqzl0nNeK7uyZjVmP+oUeFoGTZIBosV95a4PG0lr6Wy+4y+G421N1mHaB3kEqc uk5rtv+xh/X5FM42Bw0Rpl4DNW6zPE2KdH00UEvcUHhS2vfQKI5XhWHSQTMRJVTYkxHZ uADg== X-Gm-Message-State: AIVw110KPNjpqLDP/pE+3CndnpRIknuUD+TSpyff7J1a0APv+0hCOXzW gSEjQ3aiUIIkEGuB7m6m6NV7uczAC4Slg1A= X-Received: by 10.31.85.197 with SMTP id j188mr9634049vkb.135.1501445976619; Sun, 30 Jul 2017 13:19:36 -0700 (PDT) MIME-Version: 1.0 From: Heikki Paatela Date: Sun, 30 Jul 2017 20:19:26 +0000 Message-ID: Subject: Bridge forward detection bug in 11.1-RELEASE? To: "pf@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jul 2017 20:19:38 -0000 I was having kernel panics with 10.2-RELEASE earlier, caused by https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202351. It would seem that some change that has happened between 11.0 and 11.1 has introduced a similar problem. The patch fixed the issue for me with 10-stable, and I installed 11.0-RELEASE via freebsd-update and had everything running nicely. Last week I updated to 11.1-RELEASE via freebsd-update, and started to again experience problems, where my bridge would stop forwarding traffic if my AirPort Extreme -base station was connected. This time I'm not experiencing kernel panics, and I'm not seeing anything peculiar in the log files. The bridge is headless computer, so I haven't been able to check if it's otherwise usable, when it stops forwarding traffic. I didn't report this on bugzilla, as I don't really think I have enough details on the matter. I have since downgraded back to 11.0-RELEASE, where everything is again working flawlessly. Best regards, Heikki Paatela From owner-freebsd-pf@freebsd.org Sun Jul 30 21:00:45 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00577DC20D3 for ; Sun, 30 Jul 2017 21:00:45 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D1C9A808C9 for ; Sun, 30 Jul 2017 21:00:44 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v6UL01oF038712 for ; Sun, 30 Jul 2017 21:00:44 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201707302100.v6UL01oF038712@kenobi.freebsd.org> From: bugzilla-noreply@FreeBSD.org To: freebsd-pf@FreeBSD.org Subject: Problem reports for freebsd-pf@FreeBSD.org that need special attention Date: Sun, 30 Jul 2017 21:00:44 +0000 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jul 2017 21:00:45 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 203735 | Transparent interception of ipv6 with squid and p 1 problems total for which you should take action. From owner-freebsd-pf@freebsd.org Mon Jul 31 11:03:01 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 32D80DD02BB for ; Mon, 31 Jul 2017 11:03:01 +0000 (UTC) (envelope-from srs0=unsz=7c=freebsd.org=kp@codepro.be) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 1E941729CC for ; Mon, 31 Jul 2017 11:03:01 +0000 (UTC) (envelope-from srs0=unsz=7c=freebsd.org=kp@codepro.be) Received: by mailman.ysv.freebsd.org (Postfix) id 1DA47DD02BA; Mon, 31 Jul 2017 11:03:01 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D140DD02B9 for ; Mon, 31 Jul 2017 11:03:01 +0000 (UTC) (envelope-from srs0=unsz=7c=freebsd.org=kp@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DD384729CB for ; Mon, 31 Jul 2017 11:03:00 +0000 (UTC) (envelope-from srs0=unsz=7c=freebsd.org=kp@codepro.be) Received: from [192.168.228.1] (vega.codepro.be [IPv6:2a01:4f8:162:1127::3]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 347BBB51D; Mon, 31 Jul 2017 13:02:57 +0200 (CEST) From: "Kristof Provost" To: "Heikki Paatela" Cc: "pf@freebsd.org" Subject: Re: Bridge forward detection bug in 11.1-RELEASE? Date: Mon, 31 Jul 2017 13:02:57 +0200 Message-ID: <30175FA1-AC06-4494-AFFB-7835ECB435D6@FreeBSD.org> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6089) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2017 11:03:01 -0000 On 30 Jul 2017, at 22:19, Heikki Paatela wrote: > I was having kernel panics with 10.2-RELEASE earlier, caused by > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202351. It would > seem > that some change that has happened between 11.0 and 11.1 has > introduced a > similar problem. > > The patch fixed the issue for me with 10-stable, and I installed > 11.0-RELEASE via freebsd-update and had everything running nicely. > Last > week I updated to 11.1-RELEASE via freebsd-update, and started to > again > experience problems, where my bridge would stop forwarding traffic if > my > AirPort Extreme -base station was connected. This time I'm not > experiencing > kernel panics, and I'm not seeing anything peculiar in the log files. > The > bridge is headless computer, so I haven't been able to check if it's > otherwise usable, when it stops forwarding traffic. > > I didn't report this on bugzilla, as I don't really think I have > enough > details on the matter. I have since downgraded back to 11.0-RELEASE, > where > everything is again working flawlessly. > I’m not aware of relevant changes between 11.0 and 11.1. The closes I can see is the fix for PR 217883, but I’d be surprised if that’s the problem. It’d be useful if you could provide more details on your configuration, and if you could check if you’re seeing kernel panics. Regards, Kristof From owner-freebsd-pf@freebsd.org Tue Aug 1 09:31:06 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BD85ADC9720 for ; Tue, 1 Aug 2017 09:31:06 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 67EDD6CEC9 for ; Tue, 1 Aug 2017 09:31:06 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: by mail-wm0-x235.google.com with SMTP id m85so9170260wma.1 for ; Tue, 01 Aug 2017 02:31:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tuxpowered-net.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:organization:user-agent :mime-version; bh=piD4lHrJEWkc1N5LVS54QOq8Lpx8kNM41U4i/r/Dr4Y=; b=g/jLwrUuE9tRP8De26JF4qGPdKwWErARUPprLk5WVnrMzATz4TXKtNT0Jj/VJmspUe glNUjLSFcrlWh7h4m0sc4TxTuUZgr5RGo2s03xDNK4+dA3uX/hkO10FcxRwFRVrJRyTm sry89ad5CLz1GE3s+p6rBIfBJbJNFxz4YvUZbIXWdn2bE0xnY+OHmQpeupCJsGAYpu7K e9XX8bzqXqiuVQaNY/PvF+xOC6Ofv4sCe0lTqGNgJIrKLLYXqTIdawbobc1cxomInVLf fcA1noBwEzp50AFWWJ4qZPjShTyaUTVPIL8xYJ6FowmBg61Og273R0VjUPuIXPRvRNbF B99Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:organization :user-agent:mime-version; bh=piD4lHrJEWkc1N5LVS54QOq8Lpx8kNM41U4i/r/Dr4Y=; b=HygLV3mm9mlPsn+gNsAoaT2cd0JerJfgO1asDeIPaUYrsvmrXQqt6gJobAvYXpYTpR 70yjvIr751Op1ZvuqJTFg91coLDGPoRpuhYF/OnTeUOKyHds1AfiDSBkIuF0mc3q/bOL kISkJMsnCyFPf4lHDLXoaMRiHMsSVuua4R4rtYkZrobReltnwAt2Q4ey70ZbhUTvAQEb x//EECRg5NmaZI4WI2hRpeonek0Fn68pgzunRPfa++6E53V40k9MiqKap23zDdcxaVae xAqBHT8FRsYDkpbYcx5XSVHCZIjriLeBKzlrQLwsaJrsofDfCUZmrNUxYjnzoOoZO8My IMHA== X-Gm-Message-State: AIVw1134e9oPSFhjYrJKSz7Gpf+d/WurLk9ncQfSelRHZilcVfK8KIPX B8qVzaPqutDRhh3owMgw3Q== X-Received: by 10.80.224.200 with SMTP id j8mr16917135edl.230.1501579864113; Tue, 01 Aug 2017 02:31:04 -0700 (PDT) Received: from energia.localnet ([2a00:1f78:fffb:220:c7f7:2dda:4b51:2d6b]) by smtp.gmail.com with ESMTPSA id c57sm8288014eda.46.2017.08.01.02.31.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Aug 2017 02:31:02 -0700 (PDT) From: Kajetan Staszkiewicz To: freebsd-pf@freebsd.org Subject: Is panic() the way to handle errors in pf? Date: Tue, 01 Aug 2017 11:30:58 +0200 Message-ID: <3546113.bA8rVlP40E@energia> Organization: tuxpowered.net User-Agent: KMail/5.2.3 (Linux/4.11.0-3.3-liquorix-amd64; KDE/5.28.0; x86_64; ; ) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4711798.ytLVbzxzOZ"; micalg="pgp-sha1"; protocol="application/pgp-signature" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Aug 2017 09:31:06 -0000 --nextPart4711798.ytLVbzxzOZ Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Hey, group. A thought came to me: is it really the best thing to panic when errors are encountered within pf? I understand there are situations where it is safer for the kernel to not continue running like some low-level operations in memory allocator or filesystems. But a firewall? Especially that a firewall handles packets coming from the Interent which can be arbitrarily crafted. root:freebsd.git/ (releng/11.1) # git grep panic sys/netpfil/pf/ [11:25:04] sys/netpfil/pf/if_pfsync.c: panic("%s: unable to find deferred state", __func__); sys/netpfil/pf/if_pfsync.c: panic("%s: unexpected sync state %d", __func__, st->sync_state); sys/netpfil/pf/if_pfsync.c: panic("%s: unexpected sync state %d", __func__, st->sync_state); sys/netpfil/pf/if_pfsync.c: panic("%s: unexpected sync state %d", __func__, st->sync_state); sys/netpfil/pf/in4_cksum.c: panic("in4_cksum: offset too short"); sys/netpfil/pf/in4_cksum.c: panic("in4_cksum: bad mbuf chain"); sys/netpfil/pf/pf.c: panic("%s: unknown address family %u", __func__, af); sys/netpfil/pf/pf.c: panic("%s: unknown address family %u", __func__, af); sys/netpfil/pf/pf.c: panic("%s: dir %u", __func__, dir); sys/netpfil/pf/pf.c: panic("%s: unknown type", __func__); sys/netpfil/pf/pf.c: panic("%s: unsupported af %d", __func__, af); sys/netpfil/pf/pf_lb.c: * prefixes (or even IPv4) would cause a panic. sys/netpfil/pf/pf_lb.c: panic("%s: unknown action %u", __func__, r- >action); sys/netpfil/pf/pf_table.c: panic("%s: unknown address family %u", __func__, af); That is 14 places in pf code. Wouldn't it be safer to just drop the packet if it can not be processed? -- | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' --nextPart4711798.ytLVbzxzOZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQSOEQZObv2B8mf0JbnjtFCvbXs6FAUCWYBKUgAKCRDjtFCvbXs6 FNNJAKDjamCIfdaodewG+RI2va8aidHJuACgzGDuWhOJBeOIJhW0YT93HV7tsRk= =vo2V -----END PGP SIGNATURE----- --nextPart4711798.ytLVbzxzOZ-- From owner-freebsd-pf@freebsd.org Wed Aug 2 08:03:24 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 925DCDC9128 for ; Wed, 2 Aug 2017 08:03:24 +0000 (UTC) (envelope-from srs0=auqb=7e=freebsd.org=kp@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 427377E5F5 for ; Wed, 2 Aug 2017 08:03:23 +0000 (UTC) (envelope-from srs0=auqb=7e=freebsd.org=kp@codepro.be) Received: from [172.16.5.2] (vega.codepro.be [IPv6:2a01:4f8:162:1127::3]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 27051BD53; Wed, 2 Aug 2017 10:03:21 +0200 (CEST) From: "Kristof Provost" To: "Kajetan Staszkiewicz" Cc: freebsd-pf@freebsd.org Subject: Re: Is panic() the way to handle errors in pf? Date: Wed, 02 Aug 2017 10:03:12 +0200 Message-ID: <388FADD3-1ADF-44D8-BB5E-C0FBA1BA0730@FreeBSD.org> In-Reply-To: <3546113.bA8rVlP40E@energia> References: <3546113.bA8rVlP40E@energia> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_MailMate_FFEA282E-39B9-4171-917E-8D46BF18E115_="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Mailer: MailMate (2.0BETAr6089) X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Aug 2017 08:03:24 -0000 This is an OpenPGP/MIME signed message (RFC 3156 and 4880). --=_MailMate_FFEA282E-39B9-4171-917E-8D46BF18E115_= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 1 Aug 2017, at 11:30, Kajetan Staszkiewicz wrote: > Hey, group. > > A thought came to me: is it really the best thing to panic when errors = are > encountered within pf? I understand there are situations where it is sa= fer for > the kernel to not continue running like some low-level operations in me= mory > allocator or filesystems. But a firewall? Especially that a firewall ha= ndles > packets coming from the Interent which can be arbitrarily crafted. > pf does not use panic() to handle bad packets, but to handle **impossible= ** situations. Basically, what you see here are assertions (go count KASSERT() too), not= error paths. If it were possible to trigger such a panic by sending a bad packet it wo= uld be a bug, yes, but that=E2=80=99s not what=E2=80=99s happening here. = These panics document invariants. They are assertions. Once the impossible has happened there=E2=80=99s no sane way for the syst= em to continue. It would be irresponsible to even try. Removing them would make pf **more** vulnerable to exploitation, not less= =2E Regards, Kristof --=_MailMate_FFEA282E-39B9-4171-917E-8D46BF18E115_= Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCAAGBQJZgYdGAAoJEG/E3HH7XkpGhJkH/1T7szGycsb/jRgKgYUGl48N 8AzDLhNYHHqxHJbY78UzYLbpp5w3xTR2YN2koMEis20uTUiIL+IcjR5xAGdy5lwG HPK/OZBZr0J6vF0PmrQ0jhJ42fiZz3cvDRjwOYOPhTOehhCNWQs63jf9DQme69C9 VBBhS8fllUzDZB3V5GuKKBBBxAsuhsly+m+sGwb72x8u7wY9GiH1pQoMPCCtyUWB dxCrz4V4Oegv8qoN1fv3bDfQpVYKBSMClGjX396IY279m3PjNuvwvqBD4AkVE2oH 4UuGgPAGPZq9CYHMWKbcs6UPJRAzdJUXrBtvC2g3g0LdpT1B1g7ue1pMTBl1BG8= =toi5 -----END PGP SIGNATURE----- --=_MailMate_FFEA282E-39B9-4171-917E-8D46BF18E115_=--