From nobody Mon Apr 22 05:59:48 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VNF2k4fJXz5JNnH for ; Mon, 22 Apr 2024 05:59:58 +0000 (UTC) (envelope-from gerrit.kuehn@aei.mpg.de) Received: from umail2.aei.mpg.de (umail2.aei.mpg.de [194.94.224.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4VNF2j4vwrz4qn3; Mon, 22 Apr 2024 05:59:57 +0000 (UTC) (envelope-from gerrit.kuehn@aei.mpg.de) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of gerrit.kuehn@aei.mpg.de designates 194.94.224.8 as permitted sender) smtp.mailfrom=gerrit.kuehn@aei.mpg.de Received: from arc.aei.uni-hannover.de (ahgate1.aei.uni-hannover.de [130.75.117.49]) by umail2.aei.mpg.de (Postfix) with ESMTPS id EEE921BA06E1; Mon, 22 Apr 2024 07:59:54 +0200 (CEST) Date: Mon, 22 Apr 2024 07:59:48 +0200 From: Gerrit =?UTF-8?B?S8O8aG4=?= To: Dag-Erling =?UTF-8?B?U23DuHJncmF2?= Cc: freebsd-stable@freebsd.org Subject: Re: possible regression handling packet fragmentation in 14.0 with tftp/pxe Message-ID: <20240422075948.5bb856ac@arc.aei.uni-hannover.de> In-Reply-To: <86y1999wwe.fsf@ltc.des.dev> References: <20240419153951.5a23ce5f@arc.aei.uni-hannover.de> <86y1999wwe.fsf@ltc.des.dev> Organization: MPG X-Mailer: Claws Mail 3.19.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.1) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/Gdv=.qnOy7tmj3EMLUFINuV"; protocol="application/pkcs7-signature"; micalg=SHA384 X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.70 / 15.00]; SIGNED_SMIME(-2.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.998]; NEURAL_HAM_SHORT(-0.90)[-0.904]; RCVD_IN_DNSWL_MED(-0.20)[194.94.224.8:from]; RWL_MAILSPIKE_VERYGOOD(-0.20)[194.94.224.8:from]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_SPF_ALLOW(-0.20)[+ip4:194.94.224.8]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; TO_DN_SOME(0.00)[]; ASN(0.00)[asn:680, ipnet:194.94.0.0/15, country:DE]; ARC_NA(0.00)[]; HAS_ORG_HEADER(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_DKIM_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; DMARC_NA(0.00)[mpg.de]; HAS_ATTACHMENT(0.00)[] X-Rspamd-Queue-Id: 4VNF2j4vwrz4qn3 --Sig_/Gdv=.qnOy7tmj3EMLUFINuV Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am Fri, 19 Apr 2024 17:48:01 +0200 schrieb Dag-Erling Sm=C3=B8rgrav : > Since you control the routers and endpoints, I would suggest running > tcpdump at various points to see what is the tunnel and pf are doing to > the UDP packets. They are presumably getting fragmented at some point, > and hopefully reassembled somewhere else. Yes, I can acces all tap, bridge, and ethernet interfaces along the way (well, apart from what the pxe client actually receives, this is hidden in its firmware). However, I already did that last week but was not able to spot the culprit (the packet being sent back to the pxe client machine is 1460 bytes, so it looks complete to me but is obviously not accepted on the client's end). I'll probably have to read up more on tcpdump and fragmentation handling first to get a better understanding of what I am actually looking for. Any idea what the "bad length 1460 > 1392" message on the 13.3 system means (and why everything is still working)? > Meanwhile you can also set the net.inet.udp.maxdgram sysctl to 1425 on > the NFS server, as tftpd will cap the blocksize to that value. That's an interesting hint I didn't see before. thanks. As the server is used by a bunch of systems and the "-o" option works around the issue for me right now, I will probably refrain from toying with the setting on the production system and see if I can come up with a separate test setup instead. I am working on a new server machine that will come with a migration from syslinux/mbr to ipxe/uefi and thus reduce the usage of tftp (it will only be used for the first ipxe firmware/bootloader step then - bootmenu, kernel and initramfs will be transferred over http). This might give me a good test environment where I can try things without breaking the production system. As this appears to be different behaviour on 13.3 and 14.0, I had hoped this might already be sufficient to ring a bell for someone here reading this (like "oh, yes, there were changes in pf that cause different handling of fragmented udp packets"). I hope I can soon dig up more information. cu Gerrit --Sig_/Gdv=.qnOy7tmj3EMLUFINuV Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgIFADCABgkqhkiG9w0B BwEAAKCCF/QwggQyMIIDGqADAgECAgEBMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV BAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcMB1Nh bGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSEwHwYDVQQDDBhBQUEg Q2VydGlmaWNhdGUgU2VydmljZXMwHhcNMDQwMTAxMDAwMDAwWhcNMjgxMjMxMjM1 OTU5WjB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAvkCd9G7h6naHHE1FRI6+RsiDBp3BKv4YH47kAvrz q11QihYxC5oG0MVwIs1JLVRjzLZuaEYLU+rLTCTAvHJO6vEVrvRUmhIKw3qyM2Di 2olV8yJY897cz++DhqKMlE+faPKYkEaEJ8d2v+PMNSyLXgdkZYLASLCokflhn3Yg UKiRx2a163hiA1bwihoT6jGjHqCZ/Tj29icyWG8H9Wu4+xQrr7eqzNZjX3OM2gWZ qDioyxd4NlGs6Z70eDqNzw/ZQuKYDKsvnw4B3u+fmUnxLd+sdE0bmLVHxeUp0fmQ GMdinL6DxyZ7Poolx8DdneY1aBAgnY/Y3tLDhJwNXugvyQIDAQABo4HAMIG9MB0G A1UdDgQWBBSgEQojPpbxB+zirynvgqV/0DCktDAOBgNVHQ8BAf8EBAMCAQYwDwYD VR0TAQH/BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9k b2NhLmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDA2oDSgMoYwaHR0cDov L2NybC5jb21vZG8ubmV0L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMA0GCSqG SIb3DQEBBQUAA4IBAQAIVvwC8Jvo/6T61nvGRIDOT8TF9gBYzKa2vBRJaAR26Obu XewCD2DWjVAYTyZOAePmsKXuv7x0VEG//fwSuMdPWvSJYAV/YLcFSvP28cK/xLl0 hrYtfWvM0vNG3S/G4GrDwzQDLH2W3VrCDqcKmcEFi6sML/NcOs9sN1UJh95TQGxY 7/y2q2VuBPYb3DzgWhXGntnxWUgwIWUDbOzpIXPsmwOh4DetoBUYj/q6As6nLKkQ EyzU5QgmqyKXYPiQXnTUoppTvfKpaOCibsLXbLGjD56/62jnVvKu8uMrODoJgbVr hde+Le0/GreyY+L1YiyC1GoAQVDxOYOflek2lphuMIIFgTCCBGmgAwIBAgIQOXJE Ovkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7MQswCQYDVQQGEwJHQjEbMBkG A1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYD VQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRl IFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4MTIzMTIzNTk1OVowgYgxCzAJ BgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkg Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVV U0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00ytUINh4qog TQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NCtnbyqTsr kfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQfjtTkUcYR Z0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM8Ny8nkz+ rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hmAUTnAU5G U5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiVZ4vuPVb+ DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9N6frXTps NVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sFqV4Wg8y4 Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9HE0XvMns QybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ+gQek9Qm RkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyXHAc/DVL1 7e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSgEQojPpbxB+zirynvgqV/0DCk tDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgGG MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEMGA1UdHwQ8MDow OKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FBQUNlcnRpZmljYXRlU2Vy dmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29j c3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQAYh1HcdCE9nIrgJ7cz 0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+rvSNb3I8QzvAP+u431yqqcau 8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+/czSAaF9ffgZGclCKxO/WIu6 pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gACiIDEOUMsfnNkjcZ7Tvx5Dq2 +UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1FzZOFli9d31kWTz9RvdVFGD/t So7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyAvGp4z7h/jnZymQyd/teRCBah o1+VMIIG5jCCBM6gAwIBAgIQMQJw1DW+mySa+FbQ4eKFSTANBgkqhkiG9w0BAQwF ADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcT C0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAs BgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcN MjAwMjE4MDAwMDAwWhcNMzMwNTAxMjM1OTU5WjBGMQswCQYDVQQGEwJOTDEZMBcG A1UEChMQR0VBTlQgVmVyZW5pZ2luZzEcMBoGA1UEAxMTR0VBTlQgUGVyc29uYWwg Q0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALNK4iJeJ1vpBFsU BDUyIBSutNIxQMbNUMAeoUTKr55KYX8tkN5imzNqLaRCypYBPP9wED2AaO6e8njk bjzJwLgPqDBkW9sG3kmi3GW6cF4Hwr5ysZqve/5EJDhV+9OhfTu/4dMnoR4Q41Hc jMk9MzLOADAQ0awBZ/29r0d49AUmIKELNeqEqmnTN6fndL7x/2K0TLToZLxqS7sy /Jvi0wEFr0CfdjcAsioh7KaD+Jizyb1aRKQzJ6Q20VEHX7UqWc1SkzTkbz6xj0S5 ydBBFQh0fNiy+qM/deVpK4HgmPSJrrpQZ+LlbHfWabmwoDPxF71QZVYiqrrAoUrG RJ+47iLBiIg8miIYS7Hd2ppvAUt24CugMXUjETjQ+oYh09fNi5n/AvoER8UBvTHL xt+blL0bvL+2z2YiUWk+2Qtn+dD+JU5Z2y71qV7+cr+4YXjvGzF5bYsi8HiwflTb 4Php3y+k1twKtchdcq2QGc0eDG6Y01nRHUiyr8/PtMAsLHEPNZ2wzsA7fb8mftHi V20ZFmYqknJ8AIOfwdTVA+E62JayOJ+sxadqcmFDorsz/mrPwGZ8+txr4xSuvVjg 0dlv0yuA+1YpBDIYNfL4bkX+IcZ1mTstL4Xw0f4N2iW3bBmnPnYmoYxMM8gflCiT gss73nBvG2f7v1PD7BDGYNO4iD4vAgMBAAGjggGLMIIBhzAfBgNVHSMEGDAWgBRT eb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUaQChxyFY+ODFGyCwCt2nUb8T 2eQwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYw FAYIKwYBBQUHAwIGCCsGAQUFBwMEMDgGA1UdIAQxMC8wLQYEVR0gADAlMCMGCCsG AQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzBQBgNVHR8ESTBHMEWgQ6BB hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI hvcNAQEMBQADggIBAAoFTnsNjx8TOQD9b+xixsPt7Req4wHMeNw/R5dddEPgQAQA YJZKz5BEv1cjGbH7nbPH3AxrxhN6OVH40p6OLIo9MXSrrfMzGs7/P+FTCjwgNxFE tLQ1KC9NboA3asJcl7mIs3l8h9iAgEH1zLUvq2s+5n++NQmbzudDsTFDMapY3kX1 TwyUCTRzmItqcbsYIyg2MeIXWfRtqPqC5R4bufmpzA5BPINLX340Sp/CNQ9QZqw3 VkfyHWwTo+vO9Gm2L6srNamJT6Lb+TeXZvl8UPL5a72O/pH0GgGHjt6z9QzPARna RKshVWviNK6ST4WmZHllu3CJg0BXqx1vWyswawgvNeWt1qxITacYe9mSWTbNR2Cf tvTUwerruDSY2jMaZPoNqbjUpuG/blYwWzzvVerBUhviAahPXJF/9V48ybWPBq6q KOEokW+s3B4ad5sY96KlovEijaIQDip1HO0SD+rLNYaiBcr9MV2aK+DfbZ8w9BaN CQyFEYwzxIKOVk3bYvzHRk5ihUDascmbk/bkiNl74c/KfuKQmJImaqWoWZR6jBcX cPV0WUIKz/nILTpFhGojZEQW77by3aezAi9jrEIUBHRG1LwzPbJc2V3SOzYyaJFQ atzuKZbN1Q9s9y/2x1QXtKwREY8jNgvx0iIfOK35gKgYJJcyDql4XfuEc2nVMIIH SzCCBTOgAwIBAgIRAMCEqCZW/bEp9AgcdlGEWuEwDQYJKoZIhvcNAQEMBQAwRjEL MAkGA1UEBhMCTkwxGTAXBgNVBAoTEEdFQU5UIFZlcmVuaWdpbmcxHDAaBgNVBAMT E0dFQU5UIFBlcnNvbmFsIENBIDQwHhcNMjMwODE1MDAwMDAwWhcNMjYwODE0MjM1 OTU5WjCB0zEOMAwGA1UEERMFODA1MzkxRzBFBgNVBAoMPk1heC1QbGFuY2stR2Vz ZWxsc2NoYWZ0IHp1ciBGw7ZyZGVydW5nIGRlciBXaXNzZW5zY2hhZnRlbiBlLlYu MRswGQYDVQQJDBJIb2ZnYXJ0ZW5zdHJhw59lIDgxDzANBgNVBAgTBkJheWVybjEL MAkGA1UEBhMCREUxFTATBgNVBAMTDEdlcnJpdCBLdWVobjEmMCQGCSqGSIb3DQEJ ARYXZ2Vycml0Lmt1ZWhuQGFlaS5tcGcuZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC DwAwggIKAoICAQCg7n7fRC0hIeomyBYF0RZ0L/jKjURwqPL3vBN+HvDxzp+Wcn0a Voeia3LPeXvf18d7BeIQ2SVFXWnWzVpVKzv7VUg4OD424GmcQrFXkChSvOc/rLaA FmNIaKWgYwUOAqmDh3t9JzQTVj6FrAeJwzXmnv42msNUfnhA2dRllOCmilLUqm/5 nOgrImuiA3R1S0CcljAmEr5PnUmKJaanbaq74Jb54gf622cRyWwylMJijMGboDYw uaGynrLgfo+rWbXc2TASO6pjSQDKAAfXO/NzLgp+BmneN1II9alVUAJRUpFDkgx9 peM+qUJryLtO+veOKElsOe2S4qvk0PaE/MVAcIJiThdY7qde8Q9FyOJsDN5kiX4g fsKmtF7EdB71Uc8N78L62r7/7Y5WL8gRxXCN8BsmLXSiCylvtIYsbJMDhK6C+37w 9Cg1A8AWeksg1TmCcvolEJy3+bfPx7NlmEfRdkdzuVb1KxfB0z4SbhSwOAR1WYVg mEAQuj1l9k7suUtdUY4ZeMnRLVPtmQh+bxcJPaRllpHSTYbYVQlSNXkP0al2/J8d jJHhulOsCX8oYfyQ9a33jHsKUf632Lpg8446ym19UrNPh9pntXRXVhhkw+/tPE8G BxH81BCvvSUhVu0Nckx8zOWiI1+6Z5t71udnXOEv9lJFvqDlY71lkiu+jQIDAQAB o4IBpDCCAaAwHwYDVR0jBBgwFoAUaQChxyFY+ODFGyCwCt2nUb8T2eQwHQYDVR0O BBYEFOsacOXMtCWA1hWcY7A/tb8e/tTSMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjA/BgNVHSAEODA2 MDQGCysGAQQBsjEBAgJPMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5j b20vQ1BTMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9HRUFOVC5jcmwuc2VjdGln by5jb20vR0VBTlRQZXJzb25hbENBNC5jcmwweAYIKwYBBQUHAQEEbDBqMD0GCCsG AQUFBzAChjFodHRwOi8vR0VBTlQuY3J0LnNlY3RpZ28uY29tL0dFQU5UUGVyc29u YWxDQTQuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vR0VBTlQub2NzcC5zZWN0aWdv LmNvbTAiBgNVHREEGzAZgRdnZXJyaXQua3VlaG5AYWVpLm1wZy5kZTANBgkqhkiG 9w0BAQwFAAOCAgEAbUB7zWvNZ98vh3u7hzpnbA1K4U9bga1YkpVbOgv7/UY5RiZP Rk06O18f5TnRSWiiF3XImBG1uVjbcwVKIemliCQRQzVVt2JXOJVT1EafDDe9DK5o QaXGHY7NAT1lPLEwtgv8hxBBvthMaMa6lpibT/IUi83jHPZUgsGajCgPXd05Bh/L jCzWDOmHuwFdjRAMQs1VsPYx+OVcRvS1jmw0bT6o5/nruRwF5brxUK39Mftj3sIN b+UvVkXdAGw5iQWFwllGpwBgo3iESa1R72qkBMWph8D6Jbg795WBgjMULCPTiZkq eOif9sW1/37AoutSh7VMh7WMrEW9QURVWYR1hYjS0/TMo8aXfPOLtLYoSg/R6i+j eXqREsJQxMAl0e/JJej1TAFCsWg0r6Dg4mYq636plAr6pu7pJATNVPT0HrsBMYWu PV2WRH8Obs+n1xe4ftGxE4yDWiL56lnp6tnfVR8qinEqpGBfj7BAwEcO/Na9b+oK tDEmWHzupKkdmoOWktURY+Q/5RVWoiozNujYljc9iaK3agqBbJ5ZzRyrCKOPLnw4 9b8koO03WkXPqlm59nxAOdJE6ZQ2aQ8ev6ji+UlGnlIvgk70MsRukY2shpAiowb6 bKjKyK3QGNnT4zmL6ixSRmnYhC95U923Yf+hy+6jqS1Ec6kgpREYG53Qv5IxggMs MIIDKAIBATBbMEYxCzAJBgNVBAYTAk5MMRkwFwYDVQQKExBHRUFOVCBWZXJlbmln aW5nMRwwGgYDVQQDExNHRUFOVCBQZXJzb25hbCBDQSA0AhEAwISoJlb9sSn0CBx2 UYRa4TANBglghkgBZQMEAgIFAKCBozAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB MBwGCSqGSIb3DQEJBTEPFw0yNDA0MjIwNTU5NDhaMCgGCSqGSIb3DQEJDzEbMBkw CwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMD8GCSqGSIb3DQEJBDEyBDDFSviCbimK m//eW5w1mjcldm5WUNWRmk3cLfvTDDWswsf+bnF8XdSECpStTQfCHfkwDQYJKoZI hvcNAQEBBQAEggIAgPnyCmQRqgGFnYVclVtXJ59SFLYlkmYZez9pepdumLsMV/Zw YTUJbp50edmcAdW20SvleF/H2WZHLddFXA5WSXMH7je3b7t35FQIAmQb4LKEdoq+ e5C8vjpprrMhV1yr328fwoeSR+y2fzQbU/ghNDFkclTTOCuxYsZvKOe0I+Z32Aca BcxhDI4b3oSeaaf1SFXXH+2stF6AKUG9SIS9GlRNCaqt19p1giR5k1T/xcf1Y790 N2VGMGXTbYTckQvBetRHABCt79MPYF6JL31YxgfdGKX/RNbK49OoK4j+x74OGQOt kFBc6DlvmqcuFnjbnLFdm2nDwiJ/ebTvjrQfDye4sRUJQj6YIa8yowPzonV3zQ++ 6BBPsM04s+SwP0+/TIeO3TUGqt2HtczMAh4NtXVdq/gVBUpJYZjf7MwxRtT0gM0s HeryxzJIvkR+ZloMFk0koWq4rVH9qraEVybMVXIwsaScDRhh1P/IJ1mk+7GviZTA 3RbMs2eczrR/o+94SqI41bO+t4dk6WEt+2Gp+ulgeGHyk/InHeBGpibsK8yEedzx mrTTBYkh+OFGcKcbY0oBn2mrW7+R7RspXUEIaDPv+/qdEmwuCKiEYhHGY3yyTfbV r0CoprvSo94rfkfUN9/dCWT9o9yxiOqQF0iGIG5jsr8FhWtmdQ0lbND7JFkAAAAA AAA= --Sig_/Gdv=.qnOy7tmj3EMLUFINuV--