From fb947d186aef2306933ae3a48d6fcd5e3c18d911 Mon Sep 17 00:00:00 2001 From: Srikar Tati Date: Tue, 23 Jun 2020 15:51:44 -0700 Subject: [PATCH] Flow exporter feature Added e2e test that can run on vagrant cluster. Tried to get this working on kind cluster. There are issues with ovs-appctl access on kind cluster nodes, so skipping the test for kind provider. Addressed review comments. --- build/images/ipfixcollector/Dockerfile | 19 ++ build/images/ipfixcollector/README.md | 19 ++ .../ipfixcollector/libipfix-impd4e_110224.tgz | Bin 0 -> 182062 bytes build/yamls/antrea-eks.yml | 13 +- build/yamls/antrea-gke.yml | 13 +- build/yamls/antrea-ipsec.yml | 13 +- build/yamls/antrea.yml | 13 +- build/yamls/base/conf/antrea-agent.conf | 7 + cmd/antrea-agent/agent.go | 15 +- cmd/antrea-agent/config.go | 6 + cmd/antrea-agent/options.go | 86 ++++--- .../flowexporter/connections/connections.go | 24 +- .../connections/conntrack_linux.go | 231 +++++++++++++++--- .../connections/conntrack_test.go | 112 ++++----- .../connections/conntrack_windows.go | 23 +- .../connections/testing/mock_connections.go | 5 +- pkg/agent/flowexporter/exporter/exporter.go | 50 ++-- .../flowexporter/exporter/exporter_test.go | 16 ++ .../flowexporter/flowrecords/flowrecords.go | 14 ++ pkg/agent/flowexporter/ipfix/ipfixprocess.go | 14 ++ pkg/agent/flowexporter/ipfix/ipfixrecord.go | 14 ++ pkg/agent/flowexporter/types.go | 18 +- pkg/agent/flowexporter/utils.go | 4 +- pkg/util/ip/ip.go | 22 +- test/e2e/bandwidth_test.go | 8 +- test/e2e/fixtures.go | 40 +++ test/e2e/flowexporter_test.go | 134 ++++++++++ test/e2e/framework.go | 55 ++++- 28 files changed, 775 insertions(+), 213 deletions(-) create mode 100644 build/images/ipfixcollector/Dockerfile create mode 100644 build/images/ipfixcollector/README.md create mode 100644 build/images/ipfixcollector/libipfix-impd4e_110224.tgz create mode 100644 test/e2e/flowexporter_test.go diff --git a/build/images/ipfixcollector/Dockerfile b/build/images/ipfixcollector/Dockerfile new file mode 100644 index 00000000000..84547e53e70 --- /dev/null +++ b/build/images/ipfixcollector/Dockerfile @@ -0,0 +1,19 @@ +FROM ubuntu:18.04 + +LABEL maintainer="Antrea " +LABEL description="A Docker image based on Ubuntu 18.04 which contains simple IPFIX collector to run flow exporter tests" + +WORKDIR /ipfix + +COPY libipfix-impd4e_110224.tgz /ipfix + +RUN apt-get update && \ + apt-get install -y --no-install-recommends gcc libc6-dev build-essential libpcap0.8-dev && \ + tar -xvf libipfix-* && rm libipfix-* && \ + cd libipfix_* && ./configure && make && make install && ldconfig && \ + cp collector/ipfix_collector /usr/local/bin && \ + apt-get remove -y gcc build-essential && \ + rm -rf /var/cache/apt/* /var/lib/apt/lists/* + + +ENTRYPOINT "ipfix_collector" diff --git a/build/images/ipfixcollector/README.md b/build/images/ipfixcollector/README.md new file mode 100644 index 00000000000..26d90fcd14d --- /dev/null +++ b/build/images/ipfixcollector/README.md @@ -0,0 +1,19 @@ +# images/ipfixcollector + +This Docker image is a very lightweight image based on Ubuntu 18.04 which +includes ipfix collector based on libipfix, a C library. +In this image, IPFIX collector listening on tcp:4739 port. + +libipfix-impd4e_110224.tgz is downloaded from http://sourceforge.net/projects/libipfix/ +If required, please get the latest tar and build the image again. + +New version of the image can be built and pushed to Dockerhub using following instructions: + +```bash +cd build/images/ethtool +docker build -t antrea/ipfixcollector:latest . +docker push antrea/ipfixcollector:latest +``` + +The `docker push` command will fail if you do not have permission to push to the +`antrea` Dockerhub repository. diff --git a/build/images/ipfixcollector/libipfix-impd4e_110224.tgz b/build/images/ipfixcollector/libipfix-impd4e_110224.tgz new file mode 100644 index 0000000000000000000000000000000000000000..41dd612a916c0fe471f23334667cfb824363f895 GIT binary patch literal 182062 zcmV(^K-Iq=iwFo6d}d7o18iwxX>ev~cwaFwFfuYUE_7jX0PH+#ciKp@`D*=&9#1j@ z9t;K>oZw`RWsq&{@VX#7$;tX~WT^p7gv6BujyIeCeydtf#6uEECU5}Ck< zC0mc=VWKG$GPBHurc#^82GLL+rqpm`M>7p#j)*g%MC@IP@35U?f~asLd`6~4MmqhZ z-Rl%y%m<>%j!f+NY-Ukn5bBXO2ucGjBHl<|ZIJ0`G^ziUd z)TlEmn%20aJ{qNmaY>oTmP4%)o6Dj1Rh&3e9Y(K4A(8%Nqgp;HW4ZTUVZ&9aBWt>y zCmh!>XOEUPo;W0@pEdAZDLWIS_`TcIZm3u z%z!LoOP=B+M;46UHb>5bY|%6FXwHcOM75}@*^Z^%&mBrM2S-$bflN(R8$Dvd+)$~- zA&Fo%Q`;x|Rp*AZfM76+D{4?n)=6)EuWJfvX$m!LN@PHfCH91>Yyg_i6 zCIDy5JR?+tdW$TmWg~NseLNnt0)av0WCzC$ESh1bJPh`c=rW9p^ZKoscQ`$jXa<8h zF=sHF2|$DSJ!n9_drIau9nJLuftKX0C|!4NB#!UACvW+FpYKTT&!D9tM;voo=r^vRJ%1s#MCm;Yo4XXHjxZPixB7%9J-#oAjhhzVC%v0~uR9Qm zWI$;^)D6@eF{S{~JQ0DJz6TcCFd|(g6L~>_l?v5>`LKu-5S|R2(oJK`rU!fusdq-S z5iv}sKv3{sM#bQY@jgbaz_qm^`0ZW~WP8M0S1bW{! z(ZE9N5Gw^9t}BKC3`ge2xxKD(q)}b9*VRuoTfq{Lr9<|BP8?|lSb)P_A7D85vkQf^ z-w*z$HN5T)Bv%pd>!u>>6VrC~V{Muj9lkBFHf+rC`kR5!_h788@9~4d+it%Z)`wFX z>*l?zf8~^Hw1WykJL6duT(^cir5}!u?#}#r5MAHufRem7Z93FJgX!cAIa=4~z)@yH z`%UMj)hZCf{Wv=FDoY2%m0BB@dpIEv%xG>XyUi*xp@pfbppE4*&AF31aAf-<&MVJ- zW>yr0*LK{x3DsxLC+EW*c@r4e{SU5vu!U$@?3Y`oSYuN%Ey5$RuRGiu&4~m*kcl5Oj_y)A7>o< z9L+$ecwyg>vFQVRp@Kbrq(#QZLLlD- zAC^ZBhL1@q$&=4qNK!EHUK7tBgwdifYp-3whPU5-iwubgmky)$z@P{8qSpg%HbQB0j1zA9(Z4TxC>Yl zE_75FAgX7<7c6cjyT*Ka4<;ADGJ1si1+{~E4~~*`7W7c>(Q~qpEgO5x9?l{-pvO$M z?FZ9RH}*hqOE?&OR=J@Es_?J}e)(OHJgZ%REaA+VUYp?DeHFo4%Zjs!4$uyD4%wf~ z>I+#+xOp$~2MCk%q!hsxkWwU{CqKO*Lif^Jk>N_V!8e7?Aohl> zkze{bvThYroxje0t#dK83aTN8B!442rj`RV2qRBkALU~$KXa=}c~wPe#zNLX0fHR> zKy%!U{uEKM%MV-r<&~;0vG03O{2wEF%Ad_*Wj4z?^|#;7QbL+6LGq+C4%{`lfdIr| zuT17kR4=0BYX)qmbaOn`j3wSrp==1tVz^-Aj+=&1oDPWV{=#;~P<7bVMWMJ=IWiEh z{t(eO32l%!s7MP*=(o4G5Ia(VEVo#mh-**5_g)$WGc~TR$5uI%q$Q)XMr5L`N3eIJ zYTdWCuv>seV3*hyAs-c^C3=5}BbQZm2-{Esal6ss7 zSfiOny4LiqnL7r)4SW5r)E!EVUV&_*2qG#F{&FaG1Xu{=qcp@|-kCcRZxn#qmy{xk$tp@;pG0Y8 zQD<&}&r@C@3WiothnTY^66Db7%#-O12sOmo9CQwrY(U{J+_R_W?-KuS%O7Dot<$1r ze2e_g=J@~7arNXhmj9{NsrWcj5-uLaPNH?>T!p=Q!I^RL#N?_wAemw{sYlhF|C0%%Z4> zq11gl=jbP@48!8cCxE`!3=fF=cFx&hk?og(Xk$08IQ%;2(1v)$-m6Sq zt3Kb3)cHkWnrS;TR~>Xd&=Jv55cN|G99)5DwSyNA*0%K;#+u zp)0=Ngz_9G@%<}7!bX00-}S{{6S@-b2g);lqdb9P__e}urJ5`=lOrDv-nQ_Ul|Hx z=ReA)$H(O-|L-q4{}H5&15ppt#C~D={O}Ih-OPF1t;y2Y81G`O!k|2fN99>qK1i5^ zvE>7E<^bw9`xB);t1oP4zJC@A+(V1AST6-5As;H$+FiV{e=Y`0Wh_1rZ~3QNFo%-k z$`DHLA02ADQRH&v_#}?=em?qeT)xBV&!k)+l>#{~kdp$b7D%l?P7CB^fxN=d!q(6X zo@gmU-!gPAL+>(lFGK$_04M{5GJvRT2T?)n0HOjQDgdGaASwW&0w5{?q5>d}kI0v^ zXbLBq2036w6PyaBJ);R7hk_W&4#oCvGbh$;DWSrGjON@@sHS>!t8QxNCjvs&bo)}L zyQ%q_f%-ROLkJ%b zk~~=n&GyR-;kk=1~0JUJw)7TaCE;QSx9AN-WU6OgC>R z9;i(rc6%jQzhUX2L!UNo@1zA9tmkBy^RzH;nyF##o~hW2rYQC{<|bCTA11Cp98N$@ zF7Dt(2}7y)IU{bW{tm@rlLlFL0AOwQe@#Dyybcil&JHH{yB}FqEm&0v{o{uTmIJ|l zA~rZn@IuWe0JP(}h{B3yryduYOi=U^061F#fS3iNNgB$0Dqor5GV zrYs9f3YL(~xvjnLk<@ZQz=k_9lawkK5y?(XO?9r*9kNO5vJio*wPBRlG)I1MZDk=a zb3SqXSV`(k6NC2^8L_2|d$@8O6AvV8ngph|g0^1aq(D4X?`A~;eV8d}7D9bt7ht8v zC$=i1OGsn$PBCq;!Nhk@Hci){4?|pYfgcl2*<~bPuB4wQf(sy}nBflT&0I)Pc1SQB zus_~yuHca`jhE7J(7ow51hIE}!Z(|JVK4yi)SqeyI8`U6LJkM(R&IBlYL&GX5XWN5Qzc&{=TDz5n5bdba|L6pKXy z1N}2PkkLq=+Y>fbbME9x#DR#2s-M=4(;oI2Agu0YWJOT7k{Lwy&)F^Iv>DN(zMHL6I*ZFx2m%Gbvm&YwD-b&tV> z)R!N1U25gh&sW|V0&5Un8#3$rXW!^jmb*O9zVa4Qa4K=X=#A_L-W1A~X^e)b{M$la zx^eS$A#){d6_UWs`kk%0PDEt3Q^a7PNAtabOJygMz zvnbf7TSwpF*3naV`P;>R;rpBa4Z!Sw|E*Fze){`wKaBs;;6icoZTP=A{$GWka{T_+ z@yY2^{Qs|s|AWOi@M7^`t>=mZR)q!ESah8IO&!hKz#L#x7T|>+8TJMk&cv_-yEaCe zCWb2sRW;`);&8sg=cSx~w;?U3{9pQ& zjc!xyTn%rSrRThm4D1k{CeRBc=nvGQL>`YVIz~=xnhE*`jc!Y93LQzj6oq~P&kS#w ziheu^}YD)@BV|w(ag{K&^$Q&@GU`qiJ+IQoq}} z5T!u^TyRSorr}toexW(`7O3vY6sga526!Y5|FQGan?bvWtt3k}Z1kae@GlYm^2wJN zbg_q3G5BI{al*R?7gIs+^#v$v37sqHI)OGJf*!j>*`mhSnQY@}=L$y-Fogakk32ou z%2Q*E!xjyPS|fQYPn*I(5<9#kB4g9DK&7^$8BBYmEG% zPlAu2Dbtw*JB5a+GGAvK%pmsBp`GzFk3aDbcH%VR_Lgz7* zN>Rg_^CaUSHd`4Wi>jUiE{MF?5r!$a4I-`?lx;Sn)Dc)QVREn)h1g7oKvUO%7n_@a zzeD#}XfgxDlxrIM;2#8LMu_RxBopD|X@l0|uY}B)+MxC1G0lVvdESTR-EU?_hnwI& zRZL4wg)zQu%CIMM6=2p4K-PUmA{JQj;Dz*GllEkMITYLwXv>^~)M0PcGG{X{s*x)2?P19n zUH8yr2(U+IlX@jaXOn6@F3lz@nqG!=?D_c?QW+BGZ6Zc zC=76SuyxpYUfnc$FnDS?8nw6X61o?-v12x(*A;O`nXu~2d%Ua3>_gAga5tGg5M9d_ zh_0oNy`*1kvEWOJ1=kWgLWA!&6G?*?1RAoXCT#Nh$wWqduoX&MKqb?;0Ie_D(<;1iK)!&;KWAan66)Yck;~C<2ha%N~}LR35MC)IqqjZ2X@ADZ{lY-z0O=Oo?U0EmA3b+eR|ps zD}SD;(P!>#=K5J%o)ZH!KS%w%4@bSO6+>rmZtB8#InU9BJP2qHGFMM~&}nvZcAzuz zvbR51_0at6mDAQ!1xKY(Htwf7PQIa72N(1x52pV6K8RTm5d%CF%)!3?tq)?i?YRM- z59Z+FItasIFrZ!C$;j>$1A%XMfiASGtz`UUbztD+_e4Fdf)CG<2hQlmtl$j$+>NN z6FfniFSC0i=IVgtjhLBEkvC#~RM|&FZ0eY2Q8mkkF3qb5YK(l9QftiOrxdmEAbT4R zvbFIbdmEE#yg24Qy&2rNR}=2fo8r3-bxJ}dTgB30XG-mZqwFmX#@Sj7b>?d^RGhEH zt-oKiI!CQcHbrc;^Y4}8jh$3$BGe7jy3_snv~~QZh34L@D4OGs-u&~-nOxE9JXtXP z4B`ot)%HJH>E!v@^(LU7y8kcbj>tvt4X&kK>Sd8$?Zxs67tuNOtVphz9f4-@nuLnk z>1X=giagc2S!VM*`*dU|6J~QVy}XUj z7JyRjC(rVCd+oRB((@CRN~x!Njyg*QPoKRm3uctOYKGN4PgyY2Ys2jvK+UwcSUyre&T5qES5*GOUiSG8piC%c8DtD$bPURBRR-}B;$p^sQwIh0>j$H72<5Z zcp;8+evvrcH7~>z-3sL>v*L>Gg>t0%u%&D4229CXyEsM9gG3ynXT^a#gZG`x`()f0 z+O=;W_%~XR?ILP67-p$w=8c zW!`XNzn*$z>N_*$1SfXviRYWFeh~L*=gzEJ5c7$S4V{y2?~Kv~>SeC@Y0eE%9FGX*_N(XWWoa5!qg>JMbTd*ud$+jJmZS`kaRdG z>c_*a934Oey!lyc&)Rlo(8)xU6njoc?e6)-X_o6CA+hI+)hz8QNLYKX`Gj5UGL+`as<>)CXFy0aYoGUI4_Jy zoF6k>Y2dr7H8Am=R#sFhy|N=x>9*cIfVI7qvl)(Z6HhWCWhEcSA&z-7dH(uce!iPt zFB9Hb>+L%%40Vzvsr^d}IJjpzol>XW)cxX2S{OVsp}JlRMZ~*SrW%(Hiib~5TBVY% zKqY3Tvw2BVpmHzrfAs8}y>dPVqw)-vq=ePV{-|~Nb%m4K)|5wKR zUl^P>65TMFak^nv5RvEtgWSuJd=rv>u>xVjuWDthvb$A%PO6o|-4}A-NfSbXdkAmcr@g*8lemIAr2191jC~ zhycR5lY<%4fZh5#hKyl3vV#S%8PRfi0cOmzwIh;k#d3FDswuc=EM@1ODY(98wGhx( z|9;Wxy+3VrxKINbRZ$XTt;WG>xjsH6-PYGgANKE+v%LLP>d4dThq{Dw$vKE%&XR|~ z$+LKU^4-a=9~v7!v?qu1j6pt?c)jw1@%ldq=mzA6jrv1pAKRfbqJw!7*e7buaD45I zKMrC3&KxXsK0-4WNLn8Xd2^3GJa+u?(xtNakg&;xDHeQIRRzVz{3B}gnB0q|;gDt^ zE5u@Ndw~&gk(|Bn|NWF~(z#gE(*tg%Iqxu4l1AG8&aB7Y5=^jAX?jUsD6gLZ8);t%lT($IO`HN_hnUSDpHLO2d5b)L|7B6h)%q)`_lN4M~!$ECEopt=sr*F!uliu z*At;+%xUDxN-~OvmO$-l$fy!gM=hw)S4+grn_CmjW#oJ8^A1j=E=%m93{`4NIF8*I zjwvc)HVg%+@f9@}8&CiK^`sD{tH~sO){;JP;e+@>sl&w1!pI#=@=PwT=YCKQe}N9U zjD9UXN8cGS4O!&?Lu>`IN-CwD8*&1_Vv)DD#N`Z4+=P-OQKW>kgJ&e8DWr~HbA|0u z$P$Ti;(KTTQwk%20TYSN4D>(=|LyQ{KA&+-9{N_TqwENlD=ITg zLW8HVD-tm-#DJ_!p71JJW}!rp0D8Lz>er!;AgqlDLGdU_N<`D}d(a%+X|#UKJBN?L2LvL@$yJy$C*TcLt=>9ZI*zN!* zx?PmT`-@J${if484hxozRlPp#zK)8BCuMTpYo9fH@5xWC_oVpP$0Ut0@-Z{<@$1k( zt)Ena#_3cZbdO_?s0U+GCC9D)QLn65tfoOVE1{vhF*F-TCZ5DBCS9>Q3~wB*xQX0l zLX^&NNlDIh?z>@5!+#pyONA)MALQaR5mXo(X)n}&Gf=sWK7mnyhlxNe;J;qcdfcTn z^(!-&itBzn7Gp9Ic*Os6vl)|H>j^Lsge94;&|gvIEB*u$Ef;cw8vq?IeX!Ye1hDA=kwY9Tgv z)TB_RNxU~*qX|kgLh)DKpIJ}mpXC9J8%O{V{mHB&Nh2h~A}c13&yXga9S(W*23tqU zkXS5SelTB#76@KXrahWGnD^8QK0|+e-&ibcmk5(nG0HpwzI;Vz>$Bley@$!D=jZKGkf@phOFX zFmHo!-eRqx@gZ)C32qjbt0`J+!j&2R&0@3Jkg_meuH4y#O*_l7#iwMxh0C^qi_IH} z7NL|rmevz-dJgMJqf#gC%V6u3$MUhlucuFyDWI-9C@aVF+3Lo_`ilf08Q`z(hi%Nd z3BTc)Hfp@5?aD4Y@={4{Vln8>9Dx+eD}(8CIlTJN*Z`7`6kYE1nb)$K(2{Q zEuywNb=>bHJ!S2-!se(%Ho`p!-K9k;fX&*ip8rYOZK8gtocnR0dM0J~s~nHs=hQBr zW`}EP2p&`IUcMr9_~9QYkx93ENkaW=2%D$~L}+~QusFHoRiIDImr|^fH8n)&jMTJ; zRT6jN`?ip7sahfG2E!m4C-^s6y;uRV-5OONBVs0l7&K3|bCmVh;dC~-T5}`G&(>Bb z$f#Er5r_8mn0gDp%H&^VcKU02edBs%G8@qo&ed{=Ivc?NHtgFJ9>bTo>Wljvbf98y zI9d4zIkZ6{b#k)``XxR21N9!Z52M+b;NcS%yt)n^3E`pDZ&R+RjFCqWm{il%r87aL zU_&n$`GJgPv-z0ZI5(ny^M{9W<18LEs@bq&|t`d94f+{ z?OZ4{Va{u$=+ks~zz^;O&^suc0_O7h*P-SR!!{M1nHrUdof?%d&raB;mj;Zxp*To7)f0QU8w$w+KdA#xI@t5I7Il^PyCa`|~3wuas7w)3| zrR<{qrR}0}ZMi~#fUwzQ-5}LtFxcou!nRBzs6yBxj#7hnyM*SD;xu>(VZVV$GYHf~%iH!Gwu+f_C$LA2d(R`QGnPeaZ?TsKBqlK8K zTCa3kut5@_uVltygRO$65JXHjXsxI+YH!p&sd)*9Q&f7nK6M9IkEqtS#<06wp!!iA z{iN4D!@objZS~MN)A;LS|F22MNGWGM8PA`L=S#f5rDQAfe~TK9mQv2}*<2S>Y|~%O zH2qaNBb2#DfJE$kp7^;Qr@M5nI{Lonk(=M)t89Ys0=xU_mGfhA9!@7>P^)J2l=_g&fR&LH(EM zE=1l#hrF`MIV##tZ}BHnH}E;5g}eQm(U%!Iu}a{A3tzgEFRv*094|k8c75D=e_=}# z?78VaIGtnZ7%HlOeB6V3o03JbkaoYywimYqk5?Nu9oV{6z_msmJ3Rhc1NDZqW`+Hg z4Hk{~#9u8YNF{(0XDS+%a!=Ze^J6?;k>)F`;pK2KmzMU)1I%Bp_++2PW#cJM=xL%3 z#Q*X%k3kuaUU$N2%dc_3`ke0 zM?Skg3)`gI`6{r>*!$n)d6?Tgd9J4!3Pai2pcgC@D72Y0XSnG#V36v zRVB&^NgCPSbS{e+%etu1tHK~{TkX!f=Bak?AOUr#E-)%kg0L`*W!59so45ng?-~CC z#`=K*fF#EMs8x6O4r+S*kAs8CxA-65;(vUL|M4yU$G7+&8RLKKpcBL9rgYFvML5iA zHq*lB<%9-8#3MtzI1C^HDj^_9R7eR5QroKSl4|v^x_?;N3xk5JfM4MGiE|kS1(D#T zz#s<)$}6@%5WlwgPT})4j`tiU=M3~U=B_Y_P7b2tjtBbM7#RF$a4y75^mcG`PF*ZU z%gOw+CoYE~vyZ00!Z0^)(ENjrvo0t}Asn}CKm*3B$r2!<0(^m{%D@i%8#rH- zx1UfS3}zrhXNzm(jfq41{7|7yGR81*ue{MreKvD%+#nVbWinb`Ws9Byk1-I2;prUX zf!c$pL{H;SJO}hUC)ja4_MB>sIHdiHbG(gbDC&=c1ue`puc*LixftzW5f#OB>;!Yg%@hj%fo3^d%M>U*a(IH0#Z`vXj16+-JT#8QhAfx1hquC8e~AAT!W!1Y?q zqcUVnO;HpFXXXO3|BLs6vj~vRsXW zdj_$=iGY+~m62e)pf|OL9?t9kL>n5PKEaccO_qgHxB$_ibiKtYpfCA?0_uHKS5S}P zK^`BDKtmeKn9MK9CLYPwO>GHnD@vQxQ=Ra`YD8P_osNPwG0y#Zqy1ToIHp%}gU#<3 zAV>M85YWku+=P-0@^!nbyts7d^?Qv+*apLRgfkLnxS@aX_ev+jnsqC}rVr1fo(_)& zzmUyw@C6>-87fU}n#__KBs2*A`eLumk5t?;5@`IMAU@vP*w3DR9fu7xvq>fqW&8Ya044WZ3;BA&b& ziiiZ_9-P7I2x1fsm8e=q@e9yUqcQkuvKVqEx7Q|BCdyKq>&*fiz7(u^HM|MxsW&{( zg%F`=^bo_M9TOkO=;D#Bkx(fXVsgl(I~8AEL&RXx-6vI0$O8-}(lQ8J$!;IgXGQ&8 zfb`?`CwAZ?*WnxL;GOrIq=jG#U)Qe34Vo0N=({YvW@dZ3pZ? zg$0sg4HGB(1ga6OIgH&nBripA&ZNoL57n}fXY0zt{J`FD8Y3CE`Qt%RScu#8ZIz*^ z-gFEUo)en@#cfLcz5ZM=wu`eQW{+4ppOZXrwxkbaP&C)mt^nijMm_QFA*n)h|lRn#e<@>|w=*FF)tHgg$ zEf@}?N8vFsy+_wP8B!w1*TEQ>U>*hYYrlwXfGXkNAwE}*Cb{esgSjY%^@&LOwkvT| zyl$4B$kk)xOJx#{Vl;daAIptSY%{GhM~lnZ+smrX(ptk^JJHaJp;a4vZf`_qW5OlL z#6Ag(74emN6@~Aa0^n$Q2FiU3Jx&ai_klv@dNlr64qYQKuS6ti!c$o2$Y>D^m*Y&_;~Ud*9{8gWaB0WIW+qEXd?QlM|7Qp!5)4>a^Shu^{i z(a^($%hoAbJCKjiqrD^FG(>g`wwt0V|3vHyzF5LCuB3ue!N33_L0; z&M29b=t5X6Y#7ix0CZ92M$qn@Utq?zqi)BbQxjD+;Wezb-39b)n<*xShpCq@iK3c- zIN`rx0eQldk_5IDtHac#@t#?^J84XYp7VJq(X;x5hm@0 zyu63qR7=U7Hr8$T%Hygyy+9DVIUl38?ukb5`sR3XTa2SMvbTx1%?+0EsaLFG&jjcjFsTjVo(T`c!WCK-}yD^)s@d$AfE#$0q(xFv&dax;01Yy1M<0cvyHHrZA28KvC$b@{3MKos7WPxwE zb1S$aQct9xrc23Ui*H`M6kAB@LKeTB95pAlzS$PIQqsWTePUc=ZWhr5NMBRT4SZNw zw&!4qwC(b@K6>W&cb4a|h&$GS(U-v3xZpKoorIx`%tQr~XeFj?#8>XSCF)T6dTLv_ z>1h{pCqu*S^=Pqxk(KU1n45ZM43mc2e1p+=huzQ=5?GH8RP=3XtB^#gYAeMqL=BZR zbtzy5yAMi*3_oVq@N>3k7?gXqOmM z1f^Gp8rsbv)_vNb=|o%(g7&kcE7n3iCC}zUwSsvw2jg6MSeLMg;3MQsS^+D*AdFw3 zc2yH*g}RSx~*EYv5zANdWWM~^Z_e%iwSKKe(d zAg^XszcdcH(-R%rJCof`#E`Cz@k{5k@++$Hpv2biBX}DHO z$TgnyMvdg(VkK7F-t@)x7?zhn>B`eu$x_z8^;Zk-j3@kvq5Ph${K|uMB3Ar)ytwcD zn=1KIsj8tBY~`Q|v0U;Xn{km7Ju|@{nAptKorP-6KyOx@DX*DGZlK}w%p|NOkkGI} z(>kqE#28@I5+hVu;+fMYyT8gNdfLp6L1`15&G5wCa2VE+&;M+NH>r5b6(dtz%O#ua zj)I8tokQ>g0xNs zFqb;VU6?2BL0rq`&3>LOB6$=7km6{N;{VTtMh?cJv$;GOv_4QAvD?P90)_>Ubh@oh zH+J|`5HRpRUM$~vIO{0{DLoKJOk&M7l;y{6ph7WhE{M(jNt3i28r;xn+k=H9e^0a!o zBV)JZsprJQ5YZfD zm2f}2uV^34u!*@Nc6JGAvLh6#IA7oiMMxFBT*##jwd$vF$zb51I~ynI6U|z{xXb2> z^+Pd^+(|p*2%boyqZg-#HXs!%tqeQ0q}ZgQMm;p?juhIFMpKw9N1sPCk!#f+S4k0XT#z84=){GG>>lFn2) zbR#6DnrVBJ1$I=m-q=xdZq|$12fLM`kOHspj7qzt#QY%iGqlngT%yR9FbzdQgu=k; z_Zg|HCHWNFw&B&|xZCO#%5Evad5|8D2Wtc-3~y0|*h79ub=5F;o?DZ0x0c=0%GHHX zGnZb6yn@#!6HaJ#t)9*ab{@*$>jnAZGruNwGylZm2%!#7E*%VECC4(IFZuO4;=WAG zEx}f$Y!~TLF4HC6pws7xoBhxB<|>i;>2c`MQw<|vWyS>dv+JUCj$D3k_D|KoHz90q^g{Q zafT+byA1eG=u8uuO81xl9TD=Q=#1E6Z7L$yMR5S{*?8=aG z-oaKNx}!KOm_}P{<+yIm(?!KcR;n+9$y70_t!Fm17|l{_X4=jE1f%NjZV%-h(liBn zrK)5rOl_h;%p$tJEgRtz#s)oCLcs9yBBu_E9ZBO$(q^!F;zQbC5ojBx@U!t|nBp2G z53Y7qiJOEWnLR8%oZ~-XFA_C!DTt> zO=oWPTtIgZ3a#MO-bo!~&^e}_A!VRWW;s1K3;W219n=uRx*yx}!9EbnZ@s!1eG&Uo zeb%r7=rWHlna{BDtZpg~UDJ!RM|z@x=v}m1inTLTti*XlsZ=r_e(K%P3}|V&SEMG< z-eqYMyQXVvP!a{A2GchUgHQ2V{gGZ5>=nhk6m$7jWP!p^A=g4hY_2IP9g!5ah2*I~ zFZk;8n2_7s5 z^EqC#SO(IugZs3qbF*^fmc!^^3tR&$D;0UgMR`%iJ*Z^jiDnLzM&?p_EKOp3-5?7I zG-S!A8kFo%6234k=+qrwG9biOK6QB@(E>pVil|HxxK>$`E_^eKp&RE0^n@bUX)2lp zPVR>kRsm?B`&?4Df*g1IV)qtUI6d2HuX%FGu=NF^*MEe(jd7M)RS6$JDY>Na(n$0}IcMay7lY$*mIHo+f9<*`?|;I%!wygQ{jg$#_)EOU zOrDbYC8ic&sTU^mo003W{4j<)e1?n8p+w?=B5^Q6pW19WIL9Lo@AaT5R=Pw;k9YF0 z!;T>j)U^XUGY~%H#`S&NopD7i+AYW8W^+Rx-dq~;(nH_F*+9F7PQ}r=)OXRY0@XD< z*AvsH@EunF9o6E{-luHE$s-Y$6kqY}IMV35?~vB|&Kl|kK4I^_)8;5ITL*l~_FOKe zRYZ5_%A8dTql7L=6*AK?+Ks>a?ym6NT}&v*o`tFeNc8+;GJr~Hj9X-|U{LLsUBh^~ zS9-~>hQu{r#-Oqw2-R9?@|Uz_6R%#ouNnv@`ToaE=h{`>JN5KV>IJu!@D;KsRu8sv zl+4)+ogn5(@s!^?kqgD0a2Qo&j|#rAc&a#5h=^3wrGGC~r-hQJ&c7QWy*{a_uG zU9pDhN-roTf$OatV{SSIv1M)bD{)6=i))^-Q!No-+SS4ba3*4VC^ups%0Ka>>mo#( zAHeV}DMc!^FCXxtA|Wxl%3p9 zxzc-W>?g016#>>dq4fs#Tl2}b1C2C#)V`#4$y6~1_sbY{ zA|9l|;QypL5#Z`+J|Od>w2ujqGmPia>47s81CDf4RR8dEd1k;!C}-i<#}j@DnT^gQ z&j6S}XTMMweI zfG4GGNAW|~kB_h?5$7@)Bm&19r?r)yhCOsuGaRZoEi++_Bev9wClh2@d$b_ixf?Z2 z1x%cA(anWq9-$`n*mP#6vTh-6Z{bU`bQJ5y(Ho-9thw@7iE2G=3siwG3Gp?^6w3YN zfGH`;AD8`n-;hJ{uP6O8%H2W&^I4D0*`e*Peo5C_ZOqd z#PzOn%Y8k}fPFPflu&mWvm&SO-rx^c%xMo7&Lr!`A}&}{7O6Y5GSTTw%i*3rjFG_P zoshYuf{`5yB=S`<9~?Z9MUn^_m{PWvUN5_t+T zi#F&x-ovLvHd>0PU9=7Ac|$>9&TD;)q2~5Rl3;Lz!h5W{-)xOv*VY(b{?xa8Bvdb@ zXRlzMP|^3@cQ$s&Xkuhc_?^rgag!qFczPITG$K-gA6XIc7&W%7L}P@Od1Y zPFW3tyjHCP>i&;Sqwl`sA{@VlHyRnRIF(ct*W{B)K@f{?cuBM@#f6-bPWK@fExs%8 zmK%18^aW>|r|MHPM;MKGae>6K@h03A=s*80wmD&jiVb8oQ&fT(%CdX@J&aHp3{VNC z0JFJrIsSbNmVbb~(qyjupEA(>DeZHAF7w{ChLulK^ zzqSMlxABGU^X|U1UPw@_fxK1PVG>tAk{2R_lMvBbk&sufrZfW-rQnt~#%PU{1g47j zE}OM9fvjs;Pgzs9jcqkHP*@>ZLtsN;HE_~t5GBZD041_zhKPEfX4zA%ff{#mOGOzY zRbG!UfW(~NR>B*QTmi&~xD~I}tIA8i-I+yM&yPW97#rJM~E?xZ2}wHk!VN#xGQdAuTsW85g}#KSU85jn*BqGyRpOs-C7+I^^0CexN>dE{o8LV+ z55Fe2#w6zQx94}@AHz5qg8$ms$e=tZsa>S)1-(Ursc7)b$aBVMZdbHQeT&F6*QhXq z)|6L4)0@S7HXBYS%bTL~l&8L755iX97DcXi>7ccX8;y!ld>5s4Jc^-0Zd;n1@ZwNx zcy#!9q8y&EOBrWTj@{m*8-{oa9n)rNHOab}^5da*`36)n1sI(IxSZtsoO+b4y)`&6 z=BoFD`4XoHY({8W`oygE;-s9H4A;#lExUd_G|I%wHBtJcR5#=?R<2jTqm*9SwqHQy z`1XqjL!9hn-F2bm)n6@W`e$5PZdS9vC5y=_exFOo2Y!4C`>^pROgbb5XH!lXHCh@2hY+7h8Yv>1p8enws}vICFm)XuRoCaeBpC_g>lzo z_%cJ4<(7dnNBpNbHe)7YD$ z4pJU7DuKu(8MMGZR&QHRZIiS%(FU9mzBgHpKViHFc)oNK9A8mB`d9RXgzLERDaF~G zKC34x%UN_~SyfIdXHzz@eGj2+(hX{8K4sVYy?NkH-SH?MEmqbxDTPq!qneSXai;A* zGpL+tbv%I~h2r73Wl&L-Cg)dEO}k%qoj7d66LQvnGwgH+?UVLVb0F*|p*G;*Mw7Ke zrZU;|y#;mhr3DP{OZ3=CGm>}<5ER~!Tl3+Y$QqC8=CIlCcaMfgZ=0Prt(Y8==LutT z;6M+i^`<{UetRM+mtSf}%VBDi(HM%3#zS1&O!?=jhcj){QTOa@cyVq@_|0_gm>TvZ zY9hL_2vj!x!+eK3)FMdb3n)27+Rz4%*`A=!ahA}LmSbHuHNtrRG$KW>)gLr_gToBX zM`Q448T?7QkdU-p9z#{Fd5~dT-ux*@V2rkA*u(NTG*Vk z1)34r=Rz<_GVX?8q!*`>0b$}sT{qWZ>I&rV&;&Z4lEoIGq>^xLdj-O&WOU+VX=ySZJTYBCYWlg=p!*2 zkDWy@9A9R%Y>Lff7*5Dwe*SaYEG>#F_6n<oCcf4M9mi2(r!3i&Ib)P}m?-m)p##B)G7D3-Wn%`X%BGKr zwz1i$$Ww+HHjj^c{Q*W5eOmn>ooBIeL#~tbCxAzpgw<`9Zf;>LUwxIxJe5CWr2Zk7v1 z!a^r(JRJ;_Fj#sbJ}=o_n{{rPujr}zjdL?!-da!Oxa^5|(3msDa$ii?is)1#;^;>1 zRfZL8-Bm36N~Y2`JY#B5-CH?>Vrv`8PULmmvEpZ14>K6hXEBS>CkR#=GMmpAF)kB} z5R@;e2e`cROU(aC_=n1p{W}}-cHc8|bxd2hm>0(NU0c*xxXZqx%w@SbH zq5kjrp-R%>5A#Bed7u8TJD-{b%QrvNuj7aMKj?;hR1Cw%zIz|R19VDNXQDiN+Uw{7N+FpvN0Pi>i%j}ku*y!C7Bp0|9TZn=AUIQEs-bmb+2{Q zYQJk85BqN~2FKl>JCanu_XbdbLg^@$9nYN6(ohiJ(LHK}U7Y8Ol5$=pk&`^9H?KDO zI=t1J*Vnh!u(p#*L`3#}v2;Euj1WBzU0v8C**it6BzF5bddx92qo-*9W0%>@5nYg)%%g8Pz6Av1ABrEeFLo{7W+0Nb54;aL~ zd%clK#|D4wp?5@~wT}tzdqiL)8fzB_x(0|r+92#E#^&MdfsZ@gqtkA`m7!hSD_W~7 z%@n_0qk*p)sH*^?A~5D`>(w~;lD&-rH0HyWw>4DnLf;c6q^Tba-6+cn6&3(0)90|| zaOd=&&@{|?gho*;%w;HQUZBx7RDo-@$zrYeCN3pHeqmb_RyXE0QdQSOZjv>PPiTqF zHZstzh2t#oen!Yf`Xn;mk4f`A7A@yS|QpTb!$IUVMWxw)b z_-@$!$CZOUE`sw7O5u(w*K8u{dLAm_kcnP;6l-m7i%d1v}3#{{^il zqp7M0HCk6dQ-y;a)IitERs7NR^3cjwRx={5lst8@ioyD%}ImEFew zmTgHn7q?sDcR<+TPSB9kiquIUqL-QM&jD&>LEKhMuNeiVdoR%q6=>uusDMT(0~!vo zy~$DQwDedRW66bE-w$la!uWxYSBH-$nbJHI!<6qBycXy)pWv}oAY}v&Y|g^AEINu2 zC!ppViSBq8+sm84#;0}!?aYQwaMMU|UwsKFnzb3f6cSq-nVb}c^_2$S?Q9A&7AwH# z#GM?+$%mz8vYM%`v{%C$6m(29BUdcxny?F_sm{%E$lZ51<+t#|H|h zukh^zh_-YWOuxKxJfKd1o9vb6{(I#Rw$9@+OWOxp06pcE@iHOrvyN4e59S}sWUER* zz|y6yz@2cz-h-r^e`3eQY%jXQy>s!}A&@J|+YqOaFk6RDsrX8nanusAN#R3v4*(e< zB1ap=KIWFmzd$9KuY_4zeSPD4WqPL$xM;N;I^G<&>mXCL!aj9% zh2XarE0V71Qe^`JokMBuXoJ@szYpYz#E!J_PoeQZ4o097J?`1k9$7eR6_<_7p?#S(>um0z+BX zyv`PJm>Rs>C7OC*8oY$T5Z`H@-I6^tri)BI4eFMdr$8n0^lA2BoYW;LEG9 zf#wLOA;X1})Pjd83NAgOWvphXkzbyP1OAKA1UvPrYHABG8*IKfH-dICj3*h*&$1hj zzW`@qqqPN}Pa=4u9cijl$#z~Sh{k9kCaTse!$l(fq?cFoN@gN9@TEcy;)tn-SD1N~ z(%t5;tx{9fjg(4PaiC9qMm8S%KtU$oI1Tx!3Zu08ift&uN0H#AX&)NlGLtG=`O^wl zKw^82=+p%d2EEmySW*>+LsZs1X;tQ+xaCOLqQvWEn-s+ZHOwls>B!+4>>H9SI-UX> z(!vl;MA>RYSI1O@=@;^%AJWbH5V6?qMTfvtUBq)>szl0Rm84rmNEcJimt2_yjbWPk zaA@FDe0L`i-{Ka;mANyka!LQ%u{rHX2u1(|ZiHkZ@@F>)6c zyhtyA`gK>t2{3fD%*HY0$lQ09pN8_uPwdFsuPgJM-R_3D7qYW4Qx@as!I5&OTM!nF z{oSLVhW$aW)jX?fC1}Np>MGO<#t$z^)u1g=b0AdQYIoi>Pj!7rTR-BvcU$T$){l$h z#C{yV>1FE%$6}G!2ER!^hFK_^$rF&fE0h7IV_2Du*jWQ6Mu@CHyLT$f+@f0;|C_r_Cm*Y}5bY4sHpe=hGf+t}2Jh|H5|%B{Bm38_nF0PC2Xrt7G$l z*N>$)IQML9$43E33>-;^!EY#wdqbAISnQE}rV~DG5P6hJj70yji|Bmwkz=9tn?y&J z`B*DyzVxC(yQGOt&+v$}xapS~!XH9ZB$O__rHPjLSSx6t9li6W41jvJKST#=T#+g* z{qE@yC01*I--o@{MZbmKPYG=)GIJ&Di-kr=)Tx6*U&)XFQ8c79_yUDrlimMw8JZ7%s=3Cb0QMLP$=Q=nV>$xSlg9w$I-k4Bs7eJE!kU znwdZyOtd*PPlj}@jAy^pi7wOxtR8=bNRkc3g76l)lRuL1lFG_xgvX}dg!Na@in%<< zzqr!|Nxzs&Ya2};PagYa6i|5gFZ2CeZRVK@Y6IG6gv0r_jUxN9VS+of0SdU%#^Hv! zZEPEs?e6fVpC#F67NH57gcz}zIf!pDam2)4(3ZtYA04qrUyGsmX3`X~@-9BPO>0DS zZ6(J-AqU@bK2e8?)g_)bT{?vR_BB%{uGch;5Su=}-dL_5lP3&X){xngSkKwxZDtr6 z1*4%mXHALcT$77Z(~wJJlG%!j%z#F@gXAc)_*boWtvLc1Qd#2@bnYE;9nZ2dNFf^V_V`SK~*shr-l9?mX=vl zbmG-0Kcc=B_!jg~kJRa-8JgA-8w*CZOmL4MZL*Ww)?KPB*hN13YD#*SJxhrwIgWB1!*?Dg&D;qBx zyEPaVmqisVp3Vk*d*8b~hfPg62J-}9&2D6JjmPP;TJXip90Vns>cFDTPbbU=F*@*~ z$93ohAU)HL(rxGH-;O?2LS#Sw{5nUVZrOOGxxfi>IRc$yDh`&|?`-FoQ3u71%=?`B z3Eb#DC5MKruY3F^RT$5;^PtCVc1*b5)W7n1mlk+Hu-p?N^`7v*AtTwAEXG@cuWSo| z?Mwh(Tp{XZNDhO* zV%*~TdF+)Ehk)(PO=+W3{J^m4`*?w|sL9g_FUmZ2jSHl{WbkgWmd zy5K)rEP!d~IV;+UXquS$G`#a4iWnl@U<|#(4A)`B1uTk9@*|U`MHo*Y%<5u{_)A&X zY0y+TIULd?hf&953W~0fsi%-?t{S_4qsB})foJQFyf*4o%F{~*bU^53d%SL78y0$Y zi!2hoA;S5N>Jl!(0C4g+at3LH{Gm|P$ug31Wf?LIJ?wbPPKdT%7{}SM-OaM(C5ju6 zZLD?|S~X+tJIeetBrURfQ%b#IHle((l#=9jG!bWFZYD%|$k*^GYS-7mcQfE!izc0L zYLKR5C!TdjSBlZ5L9YwK_vmUR^%wB8D7IF8Pa22Fii@}3j|RU;IyqkbmxTqEIBN~w zc8^5~SiY|3lT0eVF_w*G_n-!=2}l^qCL!9*CjKq6KS?=`tUC=k94*&^=CDE_3fBjz z<^~2nM3T(h%jIZ!ON$gGErPzAk0#0mY+o)B-W2j32jdNUSAUcBC>^~xLy$G|M~orK zZ@-a83QMTb4UC?2W_|lUJ1xc!ER@2h+U}73E|#o2t%um5>`;RrhzY^L{KmR`qbiy| zwCE5Gz@WDPhr@OT{w?#Smx)S5CDU+p%rEfb2nnOVUov3)DqAL7gP7)o_EfGrX{u8+ zqt*!;^C;7e|L|@(6CUudeBYcK)TF6SpNEz)3{>0)C7EF6>g96D( zoke3aE6$O^X4R77@%~^i8RA3*ifc~^0RcB@SPB{~L?2=8C^Cv2rO;jF6kbL?SD=H; zWNgT-b^3s9hDhCV`<4buW3z)ckUmHXT_J@ip>d^*3vn2?Gak}Y4YD8yQBmHo=!tq< zOr`y-e!X6Gx8*7GTAuOzg{gKrx1@xuhI2V-U5@Q7k)iAMi_X&0ZNKR(PsRwBVMa=` zGO^s9A@7IW3HwBrq|cou*1}o*m;b2`>`d5HuU0Fy+TITQ-eC_Wm)qA5gQEhUgS|cc zTittB!@v9RKl&U#y9axfzf`OHyYTV=O8f=>+j~~|3#t4b1Xy8yN<#iJ_Q#3kyerTB z%m3bIXS1-$6V1>OCt-Ayi8G#Iya&vrOJ}tx#Nws^7(yP+7q?6I>N+4N%hAfao=-s) zKk5E-(dPwzXipC1`fIzSR;fJSg8x_dNVR&nTRGg@`v)xbOY#GU>2YH={kapafPQIAn#t{k;3-%E9r@U>+i&$-rV~Cp6$?ol^1O5zkR(C-smD^ zI2&OC2nw;AIfBoCoUGa<5vGDLb4&nmf0|L`K;CNH{Y}d&DWSLk&w~ z!Y}}sEN$oITAe}E5+w$X4TiR+(_~%P2u7DPXNU(!M&dWm&)c0h2I7wv3)j0cQD}ff zQaA%>nm%L$+Byj?0+YyP=#%IUY$RLoENtRNQrVMk@2oip%TiaX$14NK@p|1k>YiSl zb!1cskHr$WLX084Gr6 zxLt84DV3PQPBE=^ymaUjI^Xcpt?0SZbkG-9Hy&#{zNB%Y@C)+`wzZKG!nm%4?q%!` zDf|)o-`VIRaP7?5cD>(2|9iFz&ouq-pmOj{|NA{Y-xuJ2Oi7c5oxA|y1Zvugt;+6J z^#!RuKdkOiH4VrFYTEY%{x8ZG`fppX>u!)A>6af11%El7xOnjSBm4GaA($_Q(bMSH zkA=n3!Jv2WlzsaVbSq~(j2=rrp=xxsW|gpSKNkGxkuRPB7b6&d9R2#SfJ+B|%)hc{ z%lSNzp7Woyrl=PBoSV?~kN#bbfwv+I&MFiSIuaPLIQf{3|?bzh)2M?~l;2E+xs<&*%!U zbyfIYe?qpV=j|gP(a|ZwZMC=YKlaa#_zS~-q(6$EXyU@(FeK-1k9%QTuElETOvCRi^ql-^IGul7`C0+- zuyFkLya^nR9h_Y6S8Lk~=LWvPYP5%63rDA|X6K}R+F~?ES|Fvdm*P7oU@0rg?;pNS zdAzna3k6`TL#dWRfm-qp3*RkofZLFF!Y07WiR%Xm1(2~gl}eG+71Ie|e*BeeO~?=b zVIt~|e898b;>|~tI$MkAMIAJfoB4!1+ux5KmI~i#vOwm;uo&pF_HxkaABudQmt>e2 zh>b;M7}1?bk{Y@sy;Qp;y(mGOXCB$|rRr1LEYCct`Al$fe%OQ&S1^ILZs{2e&v>GC zyNP(Mfzb*_IAw)pH`@ z67`IA2mYmUnSSGo1GIQ7YUlWv)I5|#XdEv-&5M9lC6HjtLnQcPtaQoT(VPfrwE`iR z|A)$QAonb1<-7ukXkxuMj4dG#M?g`bj20KALv@jgBcyi4d*a551!5Vg9brx+3_-ZW z9U>UlbxN?_QBPkejcFCgR)B}MTl)kG!?eSsIsy)>5Nl($I2ZJfcH4I*Tg+^_#fS?JP#))i(b2uK zh{lkKBaKBgm73*;?UuhCdgw^sdT|M{KH|3cl7Y!SNgL|0Xe zGBLhJf3Qz3I^K*t;@&J~&W+;*^w0>M(a`&zPQ}n~te|-UOlQs)_Y$PnbTRJb4b^x)%dG1UR|5hz;+!cIKlFtUdZ(oea9i!L9jU7+4=nW^S0{*)9v~4YG-om z?R>u4L2GN^EE)T5@n755!OaYB0w{*y-pSE^wNj-w1lac)Z7%ofM1?v!*es4qXbaol zs#U7ha{QdLIhzq$(#IHY=ruaohP^&o@qsK?xF*9_>S*E5r@?2?yX)k3zQVh-0D+so zrF*#wK*R^wq8(@mY-cbn13XxH6K7dq`5Bfsz99RX&ILIIfDfx{X49d!>gqtH69K{X9Y^MQ6}Hx;Sn2$oWO@yxVVWlfL7GM72DUWsdn6wOZXMX6CW7k? zlXrsli0ywi#M#pEYvDDhm%|;55n8+nlVq`cH$1rCn%Qzh#vJK1^zRp~-g|x&3LoH+ ziiC}Y^SCcIod`H+_=E=wkzFy^k@Dn{UqqA7A?t-ZaWRb-8V2<^fv#rr%hBwfO-BB4 z$A+77S3_}ai|0EIa~Uo9R3h$#+#B(D?)d>bwj6)*-N~;X8XJ-WPbg2M(;=ATF!Sl; z=chv(QtR$b74t}n=JMM+^pyEmiK}P=Vr_^B2fAn0r&wE}Lt)NJp7YsXj)73cSpGJV zTO4Ex0VPAZ^%yc2PdzR?bfq_&B>)WXO3^d!$WNZT!C>-(Mn$=#gz#IhC^O&Z(odLM zgCFWk^p5$uZ}eNIt)l^X?30sT_YD93{I=C=!I#EgAFuvOnw?|z-T!OcQ(p6hDjPhi z%5mqWG7(wVlB#2ou;dwrNy@1g14~5(mGE@HO8&yQ!-GWDvY^Qmc^HyIN9)}3fz?rb z?2C&8?3M?8nk^8R$^;E9KxnQ3q=VS*^jp0FX?F%)9Kn8TAjYpO29JH&`m6c6!~MqX zK4X_!7jtVXX_1%cXb#yx7zWrdr1oLG@vrEx%5_GAn|Mov4-kW7H$|kzlrl#viU|f% zSmd{;g!-`?NY2S?$A0*R)>=6P^v%i(yUGxlXPSyuO~}-4+5jHN%C@CaT!ey zn;`rOGh?<&n-a38WFoglZjWVkD9Q#$MP`JOK>UyZXW9let7)#L^i-YpNH?LqQ@P7Lcnq!z1B**+po-hIIE9c8e z(u`4(zCOT=Nshl1YuAQd+pxynh%yd_?tezLL*HAn z{H1I-qNjii@H~1HzjGV+JXCm6MXLFIrl*1>&B1I!bl)843kbojEW~F7!&9UtXY*LLhh%Q5Dm}RD_Rbr;ZRSX)l2T944eJD(H(W;C0rb3E6M z!oK9jxm=yVG4JrQCcHUUGNMHp0cop5K0qyhr(p3|9#0XimN~97$MSx3|CXV6+R!`y zRE!wEEzWRniKiP(t=LHBNU2?>44`5LM)yPS(WJzNKyx<|z3cDW6?C+|4?Invss#y- zB4IL$V0dl0=i2>GEwVxgoq~A`J00%|cV~<~N3aFzycxcJKWO#Mv3rWe32>|9VMUv@ z($gB|ekhs-g=T0a@%1ShVy2Z~!r`Igk4FoK#~d*!W#RazuXlzIv>7iWvAgzB2TXT5 zg^oaL{wf>b$Ez~?L((?C(oMB;{5G12|CJ@X zY`BWXRLw}~mMNc`)gEx?x(1g;oc0hqR%MrgH*4A9D`y7O>3w$TOc2kw3CXhKvTSRm zkRWOt%$VwrL9D3WpKyn*kaj67e!ETViZiI^N}wcsV2?5xLS_jxsqQ}6WxglMSi&;N zyDKj1v5trfditJ`hAhAe(&KAmw;MdV&1Q*pGqw+tuK%ea^XPy)xFIec5X8JIk#=X{ zrNk%JNuU$uF1k_|9t80V?)N+hQiHir#-+^>;VzSIVWuwc_G_Aj|HO}=!p&%mgUypG ziOy8uXf-J}PSXUzyahAY!`9U^()9T;I;&zl_-0=kNB=QKHp{PVH&9 z+UIg6I1L+S!)~$^h&gbvI4-9x*v-GqNW}=UdYdbvkEs-e9kw##Zm7iJY;Q zi8H(_>{8nUWoA0cz!}G_{-E7y4%)~b`G;=e_<`$DIhSwzB)sbkqJ%fkNNQNu7)}jw zt}$(`HKb0?5pAD$TE7h5cF)(LtGnnpUxK&uMINfYesj*INVDI$ID3r(GgHqluNHke zJDNU|+F3A3Lzo}kaWr~)aNdKUfOHLto_G6$v!iBzu!}tY z;%-hI1K0jm=eYkK_W8`WXD_Q7(DEkzTmND)aBrM!I>w;c8?1w=59)J}9T(DaeKO{y zAY!`*yX5ASvv#L_c5&7|A9OKj02iW}@ZEr#eY3i0F9!2qG|MPG&zirijc@cNKfZ9) zKM3c1^&qE;aj@RPlpmwIEFI+5Y!2?D*&O6r1+}i;dkxNq9q0dP^L6VKap#!&r=v?} zhS<{A-=nkh!Ta+T)JS#4jGB}?zF7=l$9FWJP;D_C&l`p(>z?6?)t}B2O*~;jRzpSQ zUGp>}mHZK2QS+|QVH~4v&P=_kXb(%+m_PZ7?8{LbnIx^yFjsy3TgR91Tm2EL>AD^y)r#+cv#sX8W-DwST@DNNf z*K??0!bHy&eN8BrWk8Iln0e5;lLVyg<7AY~C;yl($8-V7vp#Y+@;GfI!z<#XWIx6Eto&Y4(WZ%eoCJ~AUtkV>H0ozrzB z$MgYd;}7Nwx|C!R#WJ3CHXky=JlhZC8YX;Oz3kHzr{j=HUV1^oG+9qVvFj|;rmWJ4 zGgwU5X~qq#rl}1%!$O&x(rb2(yJvYv0Fu%qY~?%1Vdc9IPQ?(G z87ZOyq^%B)6AMe&&uR)^d^%`-2^3G2Jv8je|JCA43byf zegJa3pK(wTc?@$cFX|ZH+Ion0?~QnOJ;ZzWM!dHk;{AIg-d_*#!Mzb5tcUp7y%9fK z5ApMRBYwUf;urTu{9--C)ylmwS1WmTL;08f$y&=kF460%H@I5&^Qt)O?cwJ+_wLM; zo*NBwddPuCXusVP&_gqudbrlxolbox$i$HE&O5#C#h`WEMh`2W*9f}Z9-wnN3CIr-OU3|-E1Zg&n(*T;Ge-*aOX!5`My zu8Z65dA8~jzWh3wgfRO_MX!5)&JAg~51J;+`C`HCXgQ9WILZ+=2V8PbbISp_ zr#Ym7($jU3p68Z9?C`bMYW8#OS6ber=ZyRes_jwt?5x{4hu*b%gLbQr`?*YA8qaTT z=H5AU%vlDm<7e2{bzkF#p00uC-8R}4GR}D^P1yO|MVmt2!=8in4toyrS_1P=bI9NXRhZQjh2&4oBLk&!9hutq0X}w3d7DDV6`K3w#i!kje}uEyer@| zjLn$=6O+7apkh)t7cP;mEwdR!+-}NH_s^%z4u+BJv`#addOy!b-qH2Q^MIMMVPNzz zX&e0kj+YSy0%bfb%i%VfPlOzI&zkMdIx^&#W*W?ZE%HeLInp`q=k`c(#&d7tXZEql zjRieya^RqSIcuMuwnJ3Ub9LykBh9-l>U3dk>vB#-o*6pcL6*GHUpB*oUA`EXYAZ0oc6 zZ$kZ%k7(xlv-^ie?LWxh{)0U2Kgi$y^!hK3`K^*1*O68eexoGQ9VEaY3BP=3Bo~QH zxCTf0dlQWF^ae1j*Bd~yPH$R&zi4%iTDh$1*dyoPE5{o<8SUwS2?S23`}1k*_)QBB zO7bFXjz4pqD1z%X-Md&v{Q~ zqpOSucEm$#WRLE>5bF<-)1BUuXA7mA$XC zxV$P}9JyIN^4`dLzfHjh{Jti-V`q^Oo1kIqm-97f*!r@_GN;y%6fmuF$qCTo_zeqz zCaV_5FIHrgNBy&l(?J{eB3T85f3}(hu*LGT$e(w6?YG(2gHKpGQ?1=|)ChCZ~rvEU8Ji#dv9!JDuS?(F+7 z1KuoqFyZ;L4oczplMf^A`rdbPTVQb0ckAV_ya1k)_F8yO+?;rN{lPkTdVY`(&w2mt zI(W|g>wI`Xb65ut?2+@~ft~9*cwpz6#{##;Rev|v9e-+DTuT$8X2qP^P-Ig$YM$md zDvU=nXAS44;W^%1%XJbZyFfAUbb~(4frgp@w+m%<$?%;Sb8i-wp$r}q3>z$GS^Z%c z5?IDExO8<`;C|=}U||>2vbuFeQQulD=v$7yNO#FIHem^AcYZqQHDQpl z(+|VNp1R)0ljR6TDGL#W36!&X{)=P69LhO9^Ho5;$G!(%zTeJ=Sfy-!v?_(~b4Tvp zH*4}3J=Z3)WB|=aXpT|1nB=;N;&-`kNmeXuIm(NrPZy&MSl~|!=19+UQf;2}7+!tS z!fXJkmG@dGyxz5P)laj7yPuqFC?x%gO8s2kMUr+!Wq&T;q7dgAj$9hzTpm?1?0Fp# zW5{#6RfWiNdkSi}^LPv%x8Jn-gSXB8TTmh{T3N4PxL1xJydC-1??$s#`l5mLhZ0=e z0n3Ex8gKw46DS!kf+^V8VwfLSro|93buR|z7igY%gIsoIMFI)vQ?#jFz~(j_pWeP|GyRc{@W)h{{MJByHC*n%<=!LwY_~k z{{P;=!NIrq|G!WC|3X3V0NElV0za0c00f&X~pHE3} z?eNS2BF?*#4tBmI)0y+d#nfdqfD_9jx>}%heVapK+9{~UUybqJ*PKSF?>N*onS6R7 z*H`o%kaIz>INaI!{Q2{?>jcy7`SNOKa_jAUzS_Y&If1ie?7PK(ZC?jBGt6Y5q}=J9 z9PL*tRhr>|eXr5xPMl!m&ioQ76prSL+ogMT9gyOs3{6pWWE z%=#8!i*}$PH}i=*y~PJB4|cx=BoXxH#usFN)43q0Krm><8=8h;M$T84Gj~i*-Ld1r ziZBB7_{6_$w4-%i&le8MK>+>x40<=Yq*=(Ot67;qN%C`hfXYju*?CWX zZuVe}AH1(a$>4epZ(+q_^&msKP%U(3Ir4&AZ1Y*GhZpw-+=>FtE}XOnomRgOqtzo# za^CC>+D8|s%^o?w=$(V=yiNL!6B5-z%_$ueAR1>8=;?bHLLXW*o51S(2{%n+2lh-8 zm_%b>o*W~ExzuU*3V}quI$`Pl$^;qzrNsGH-ik8*j8)+8yxOKoG+;7sZW2j+lQ7xU z#2L><><$OzAvWQ|V>Xry3!t%ri1lN<&Ii%J6 z?;ixDD*1sz?O@s}kEX`u%FOBTZQ*;GU&K+KK|yakTTP(PGxx>~{O#*k(lh_o-=S$h z;*b3~ZoJj!EH^!Uq-D+0$_yu$v=~no#)}V!!%9iFtK+>Go=8#87U?)cEV9_X|@ zSxY^tjU|zh%MdAFoC3uY3&MAneQD*P?2*z^vZ~b7iu@stHKt1?oA_^CDzLK|p5+pF z2UAZ@V@Rt2*qP&r24E>n_*}PDf&K(!Mvu?rs*n({Z>}e|S5N4@iCNaP_G11Vn%+&R z9iQ^FRAg1x>24u8%X`lAX~kdA1^^?odIQ-154G&!*mHLYkKtWi8n`gCCM&x}SW25(viW(vjG0{=d(eyAhWZbly+mbel$fYA*|R8GE?=et*) zqb6sUGK1Db!n+e#nCCZ9;#Hn#^?Ee^SW2u;&UzVEhxstMXcgHtF;`|(9hVw+YL0r# zQ2Mr^^bJF~a=l=;rVS=&5tF(t#~`#GMSMp zOpKAt4MtwZYUUG_6(k;rvns9bPVR_(9TMp$MV>(*UU5^;6j>@NG}|oGe5oS$v<3nL z9V^dpT~C&Yz&shG89GQuKJlG^14pG{9RfO`5O|J1G56*$NT?%Q8xr!Aa-9iwbUZ<2 zQj?b>1HH&5BYT;sji=j0mOc~;!4go8lF#zW>F=<1p69Yul<~{?Q16JIgfxv$Z1X}b zAWscrDbCiI?G7;B$#Y9-18ukji|@3gnV5x-XW@k&(%G+NpG9>+OFj#|pSVi|Fs0y> z0g@^- zUuIu7*;iVQT05W`VfC;l^hHo?1FK{TO3Lh(eZLuf0k$_Z0PRt99huFqifr|Q)e1Mh zr8+T_lb7X`Br$5Rq{*}e6T_JB`4bHV&Dn?!AKnQ122_Nlg&KZlG*x3%`(lKt8A0F` z)j3QyFIUrW3d46gizV?095h*KooAJSsK5>tiA7c@QwZkP)ljT{Hfg1`3@Q&>=3U;R zR$*#K)P?|_Kw-ady<@9fS#KF{ns4QTybZW=f}y0X0^y5s9egvKe{oV<*?Q>vGkH2- z>#s-NWai{&?JVqFP6Vb1p+&>_BJk-L^Y5k^jXZ2J#bPCX2EgHa&L;<%2(X$Pp+l}jwckrL>>ka7*KN^WWVuv~#xDD9C4{$acFf^BLt@Xh~@JJotdPz$g zfAZbQuOAv4(t(oT*%vPk6c&5VSd1SjZPcUI!RF_3H1pSNnbx}aR`F^mHj52(l&OdP z&~1>x%>vZ#UttDRKGees>7EM2)->A7nY3bB+w>;*^+TC#Z*P+lsG*~POU~ht6pQQ{ z1u0SjP3eV*-BPI}5rSi+lbYO@5T;SZ?qrMfVHu$aH_cEx zO^JN+SyzgTaI{F7mKFt}4p6&`;WK7fnvx=!E`UPOIm?vSM6i(?kI|8lRVr$_qyIWH zkhT%j4eXi$reXuRi@3rIWcG|qhVgBxWUPWFa{34gk_IW__stT#=KWzbrVao8pWgQb z>gEBx4#{JG=kaU>Pygv{$Xt`KyYaVP@f}T>6jwuBT1xN?PXa{GmQJu*dZbcM?xArP z9^b_)9p?Sj<^~EXoErNUo4kcGJDY5!BG>c^0P8*aVXAlh6a`e z6^N~!c;JFsW{8=ED|wW& z4XQdkdhK6ph*0=s9iGe*iXWp`MO1j&h?cUrh+^kwt}Ktz1+<7cPFVg>5I7s6<#K<+ z(_|Oa8uEAra-4QO0NG5Nw)HA-C$c~#1r3@q2n-iHe*ZfSsejS6fuUdGG8)2C0ZVvx{6k1Msw;bWh;z;>%`khwU0;A_Ny z?$fHS?i5vQYHtbsiCxseBp6ouSNFp;QDcm>BsrzAYHT{1?0Ei$RnTr zOKnM|uxXsGTh;ia#XEUo!jj)}#_}`P2biz-p01ApjaqvWzZNp^x9?GAEfS%<;|auE zDD$P{bA#9iM|0~Hx>_NMGXD*e4u4vf6){Ab)^43w;%T^Xyn_OM=%!J0z_w9vR~s@nm9BKWRh*o@eqxFQgP;?Heh6ARcR8H}?I1yh(Q z20$fLgK)0|I=FR(I};AOrD3P6m~iY{N@o|o;kKTSE7-z4_0n-HuOyQQVKx!5Vg7cZ z=6~S)5B(~)_@%UV>-4xkq$c3u+wIZkk87U)J=@>6oc~p-mAzf<{O?)q*|+n*-{tfD zqn(w%+_`kU9T;4)H7yigx8AfnAU(c2>BIcqC~p+LV`i9*oy~uGWRo8zFo!4DZBb)5 zJxZe<=PtctfCXt`dL9J-ACW71`hn*_=ydK{1NAPfV@ z5QiN=Ql~&(nsG1HPJ~xEe-sR-^N%b4*ALK(|7;Xcj21d4jYft1hsJjWfwlAf4!s)5 ze-;XWXM9bHKfoq_=b!Mu-~PGz8~okeL2>$>znHlJeK}fvfyHxm2}Gd3do+&<{AGce zN+m(Fgfbgs1FHG8_5m>ij(_g#AQDdN&7F;~#Rt;!e+K{I)~Z&g%O)o1LO;-i#y`;P z!araWf48!hJqYmTsBAPub@qgpNEuUL1($zpuwf-kYSEJvp+vW@PmEpdP6G zqrrLnma3@19|sHRrmDgFLxEw}S|7wAM1PE2Ci{u78>jd6#1I!(d#&bi^`LlJBE{k+ z{CWBEdFi*!B7A#V1qE9!wp(Mx@FNwy#DerYK7Cp%m7+JhP=#ptme|aYdo}!zaF<~d zUGkNIDTwY^I5oeTuMBP;K!$thukHHuk_havD)qwgTe3O1-mlg|!w`D{>+4?lC~OQ> z8rbgf9*yC*vJnxwK~VI?Qa%108&Q<~W$t0nmGDcZxzLxL+0Nn)?##JeHrPGlk5n70 zbn1ccw_c4$xMwa2vz+p<9xFR>mnEW?#fN&)kIpTxS1KwV#_DyJ0V^%nD<1Mg3fghu z!+$4Ry+b;9&Sw*CLhpb3c~czd6Ebs1P$RwN6C~PbtNlBIjO^be-2l#NE@D%nfqL=; z9?8Sh01-1;E!1KqZe)+fAJ4X;y68YERlyUzCM=X(Q8>&}Rs5M+nJAdjE-~inK*{ao zCA6jrxUhPKy2d#qSSfi3qMIWP!p1yy2&6J1=&PV#50MitN8^u0D$zcc$uIkr7sLLb z+iMMv2ERbP0qA_nF(&R|ey!~ve31C+(flK$MbsIrh-_kyp-F13)LU!3S}q+tJb)5K zh9&AGJr|u|&Jr`QgJBtmw162F3M4>=FuErkOo)wNANwB&jr&M7Qi2V1rX1BkHIFp<84gjT4u@q{OllQv3SQqI&OK)a%XX1HqK<36zjBsCJbWx7wo;kj00k;b zRY+}wUQ!r(2*Zy75hNo*e|7mUXB_0i$bsw_mC`r>kKIFF5`J;k5_|_p`6x2|wFo~- z#v{!6N6Nl*ixBZIhFS-$%=1{d)ZzHr0WR+MPw7-BOSd!y^HPRnNArliUQnn6V9-B3 zn1jUY(Q!Sya2`-^H~sniBhv$f``!^Y3mwgIBg8vI<1Ii-=};^j77m2?FK$N;t zj5e+H%b?Xk-$hYOLeB?G>jiCpnYg98UJx+gu_dD4ERpW(|Ig5KCpF(I;@A1*ziRNa zsA8p+&gld}sxh}@W#z^(f{MpCiy}h-(}Yi{<}B#IOx!4`>&br#rrUwS%r6pD=hNJHKYPB1y4( z4g(ESEA)`12`7>Hzrenu@~l#+oR*AD#0GA?asyLqqCPhJo$AmHoSWgK<`&rj#1kfy zZgevEBKv#=t!_KEhb zEKsmR978XuEczFhMgIa>j+Y@TDx7?2{5d9&3wQ73~IARwn;4G(?vQ zSO@b!LYJ*he}ihP>RVc6nNR_4=I;MkS%WT3)w=b)WnM%+!}ce4F;OSqr0AHIF23ULe_-pl z+$S7~k?-JWusY~4kVg$sOY(}!drF&2ReRbMMNt=PH&>FDj=!1(bm0auBvp7A(u~%j zlEP9qefMtI>h*@r^Yc?o432UP4!H(zn(WD1y4)0b4T&T`OztDcF+VX11^e1Xk#K%dd@U1< z3$*yBne)k+DLdwKSk^u-Vc8raHT$hTuFYZX<#0mzpf{(s|LN(;hWZA z$Wqi+%FHS9i9&$EX}`(}4B@ND(l~s5@y1A~szj)B*r#CdZjc(|IrI~Dm{7&1D!H7& zj23wtqj{9z--?z_j72}3TrWn;(M=cy=o*bKq2R(|0N#ik_dtG-%}aMKiyrvdK)K>M zpJ|++BCDmmvD~1xF^vs`%nxNQtRKjou;xvMP}lJIEp3yJ6;m2U|4@zu*hs8HnK-9m zYp8ICwMhj5zR-SPX6!P&TrFMYaRFe)-%vl>PkZ+;Vl) z$V4mv)@PUcPDN$ICZgUzfFOqjWo3aDQ##2@4%d=oKXkLKk zuz{xT1oJs8BYrTug|B2XCv$dOJcS2JAW+c+L||w`B-qVtrm6})lv#l6_`(DiwH{Kl zBs@yrupkKEDAHZxe3JFPh8{mhgxV7$6*dOip{g5GXBkFI{GeFLi%_<~0jas3HAymx zt9D^glrk<~Bk_70^#lYl6ri(Q)HY%MF6X);pjANQnxT}aDtb;#2l&9&e1dI5RvC|| z`=M~OfNE#}qHmZ|Hw`Y~fH zJ*-w%G*y_&(nAp1$BE9Sf}r+Nmc@Hew>SZ}_)eg)!7sN5}Qz?dL&rpo{j`>ncy63~@>FIC$Yo|M;6p@afWpK6$ zpwT9H6@1@t+U^f>%r&TsY7VSE7G<{R&C#mnhWnP%#ve72w7~r6`?v%G=a@;hiNq@U zHj%!@MEXtoebQ{74%;Wl&-iM1)anh^m}n&9Od~m_8u^WAla2gVNE~q}+J_zOX$$so zn2h#aMLC+hz~HOTW0p8m?&HqTwmRKG|KdDE%YTzr_ndt@4-q`H2RM2u1t{!Z z@Tg^k-Cl+9*(9W5(66e7XEnpKT~-BFQiTG$p!4mM1M-YKCol3m5-0ECNIm(dGHCNCDQp%n2xM^K*Nu5-LNh)Itd*UG!d%h_gEYr9^aN~O{fHo@UC5y zAuB^>KnbUCuN63hIVLah*hm2i9{YzXq%mZ2eLSUF82Pf!>I;8k6*r*5x<1tCP5gv9 zM1;mVZ?E`jqfks;|s*vK7I3OfwxwG*aWVxem51x*Q+W4%V7%9qLuU0Xfw zvHb2z(ON|-)^82k$3qbyQj|59>Yfjjf>lf7w3!QyYuXy8u1E)ojSKsb);PXwsijT^ z!*@-LVWOZs*x%pXkC*IpLHE{rp_OW3g{{tU7kbhjM16f;sZ?~j;Eh=Azt!Dm(<-_nR9jfTzW%gD~Ul3j?VE4%0W4tN&f~*7!-ZOq3+Zi zK(QQYg_vlMY(0wn33K;h-c;B)JOAD$Jjx)Cp&Q=aFu3%uypP`evp1Y7`B;4rSFj)E zFKKm2mEcYHTe%8a$-h>9z+Mpy7Yb5mPETBmAnvwHYVJ!OQiv!y-0t*5OuUpWpIj78 zQ$$LSIs0$Y1h#(NLfcIYf@phrGx{Q;Kgy(H4tr=7xs{V7DzQE5#{9n+D>IZ6WdgDQ zWu$nZc0VQcuON{ri(VLRQ)HK5%7^sMhX2+iJ z7N7f$H=(Vdi#i%fFqLbt9C`kYOT8!QnquRBR`;ZC8oFtQ;ZqWr~-__W?0rzG_owzA}sbmjFcuqB#n;s7$7M9&OsE5#~%6<@ogHK~kASpoBo} zNOcP;Xh|e7l0=x`5SBxCdd<8}g-9q%u9i|V2dN5JL5Jb&l~Z4Lq!INuoK~!Y_dTycV#%8t^8}XC3*r~o?KTe zA>>}T!YNxqMH%LfQS@}qm_7&AA?h?-x4oRWOUpa%5E`mNvTG?{4dV52w_Kr#$-cId zju-iJ)eBZxEN5(8S03ACayBSihFLm9nxh?Co0R?EW|Wk78sOr}GAYx16Ey2>5X)ap zuh@I@p$m(bxP?Qj8MK2&OD!E~5Zm4mB^$ z)}-S&$e&=#1S2fz8$+QCX!zJ(Z8MS?%KXujPyb&`!~5rp|Gjij)zadCzuoqo$(BD} zx{F{7WyAyce^n~A%AV@~Rjbu1m2duEzsJYl(Pyf7!Wlq$b5-znXvk>zx7T_%Ja2X2 zJ3ig`XL0-2|L?|!&3~3Qb~ZRH`Db+l-hS`zga+a08^E`E{T96cHVgl>@&AuoC-)5g zpCSH#72c`-p9jyr`G5YI;{Usiik<|3as@Xz@VKA%i21KNj4_Tw-g^tL)H5admHsk} zi2u)^THCGdV~LIbk+}b&rx@y=(AfUfLgBkBz*F2naf*Tdhew^^1~lQ*X!)!Ap<#g8 zhp~M6RL=x3B^zPV1yG1rHy)v>ptO7r(6aA7U*kPFm&Oi3c-}mQ5q`Q`TZQlLq6`Bb z)7aQJd=t0-W%2(X<_q^0X5#$Qm@)15KgSP-BT@gWRY2>D-~ZgLebfKG>3`q!zi;~AH~lZW z{wJk?lF~nMHBfR+UN`Sk^#x5X1FGJh$on+7UX|ftTHdGXcI}z;X6f9FmLL5?&=)6j zvLzxO&{$Zg;$a+HR#N?J!7LapC+GnjEw^MeMdu=aj@L0JAZ(})XK`?JUNYA~6ZANd zFBwi-k2wNg9NU0aiwTxR=j<{WO(x{Lw?#d*xj-{R@t5RgH49vjpOO<{S@_rqU%dr< z4_}+BL%cjDBy-C$7rR={SBnUzOoEnq=Q_dG zWCzk-EJO{Z>co zq}@vKDG$UB4X+tbs6a0tDEjoqmm1T&`vErqq4hRCK{JeY_9dk8J| zi_|h6I*$c63oQDjGOAow#+6CE@SUNmA{KkpAYL%Pp5c!YO`s&&`*zUnoSxFy?4Sw7 z;QvO7MMQY8Hw;R}>tOE9*aK`qi6-tTy?V8a8PLdYqhJXfBTY5ODe|A`#OhCu`A<1-wk zI=OLf#*16bPgj0249YclRGgKbHfnWpr`L`N>uj}Crs1{EY_;!++V|@80P7FPJ%@Sc zq{MTm8$4&a!BXY!wO=dg?#E}78h;(kfY^<9K|UEz%+v-2E#jZsof!s4mncHjrR zF7W6PbCN^!_S-SsAHEQG_)Ea~f!{tA&h&Y%2B@EVUlfQ{mvn95PVKavD&Blzyf1{$ zi87YLrBLx)bf?$#$PFKXOsFE~#5g+jor2JKGiHVNVre2Ii!UXbe58A?k-H(jpogrM zTP$N#8|7;U5vY85MRklMp^_hZd_oH+krR8-*}mE)!FW-!;hj$O`ydP0ZZQqW27@NB z>1=eR-ME>9EMIHC(S52xk6JKsa%d27*ShIIRA+W20&ZG<2oGD6l1<|sfCA-UVP$MO+#y{RnrQ{6J9wDTwEcglzJ=y6{Q+WWIA$Z&LoVU z{m-mnzrzsO%q~DMNOmIhokEb6CzIqqMC&epEp?dcX*7XHoUX>2V|$i|$!JTr6r4RK z%lRUHwMm{jo160OBo4;1f+XK5Q7TFGrcb+v!V#k(MF^&hXqg{7EFbBYvLcDMDRdxX z$8Y?r>&eoLU#`QyDu+T0?_h?$>4N&OCuYL8XlcEUKl$DWatd>;qMt)DnX?xA4%Uj6 z7aA?qL3`FAdBs-RDZ8FZBYRIAe;l(7@p7Pxhy_M3@sgF;L^5NGiw4wAwODK8M3BG1FJD&La~`abFlMlDH*=;znRpysT}&uu(vnMxw4*f5A8{L%I&oim z`~tN5^r;l&ddgfsffa)ZO;Ee>>*Gr8%LiDYi_oB7-4E1m5@x1|mxtAyMEMB|VM{Rt z0YgcjQI}CtWUpSu)0ZLpY`qeD2+S>{ay+e9P`beeivuA`Q{vIewcKU2?hx=Lt+o)4 z6GA6}RIpT!Yltj9v>forvY8Pn!0gS(O^e(G>K+jFfn?}}At>uyUFO4!wL1Eo-}Bq2;S;&NPi8Gf*M3 zj*1+|W`3xkPDHw9djsqZE~Mv;T$9_>%I@@xpp0?08j^qr7e^{+pX#sVv_?fw-0v5Y z=q|j2*X|tkhP__~zn}rC-~LAn7l`Z8_+vR_w{Yu3ZxDtT2#2G|Xb}v3Zvq0o$glHb z2=`e04}1(|(A-qlcGxpIV|aQUshl9T^e9>p>5KuU#+UO23=e)OlYaMf*azjKHNfw~ ze&-mvWYIW_r~_`6o=Ek>(uu7pH5%#!&`mzRrko{JxI=SxmE`eI zyHnk*R-V=BvdZw_eWG2`H4M{KiBQM3bCyI#tV^0KG-L`yRgO~%mg`hXS%>|BhCb); zTUa0(dT;(YTc_^g`NkB@Owucar`gb(dzaDN!o@IV*YZcWwj^wc+9q#w7%grn^Ui5uTRGXEZXKRQ4#w63w<<2pfRp-XWTa#fq(}=l8e3JG0=}rj^cf7R@;A~QimeJxj#5Hq5GJZs*;7QJB^C#PqZk{R z5@BP*=#Hsf9zX(k|8~75xP|m!|EJ^a(oS2bTqzxcF5-u z3?Ng%&>Mxfi@IHnKGJAPs0nX}fq4+IN0l%wyW?c;Nd`ty&v=erVbr@~+XeO_o@outch+^s$$; zX|ll!y%d?k7PUmlnyTWDP)Ln6Hcm=M%J9)B71G`EScr;E1{-2m-v&2}GTFqbvMJMu zT~8#Q(n{ul;py~Yj`+$J2kV2+xi$(b2U{A~Y%3Drt?MnJqc}q6`wSuYT-Cr@$xn);Jp_E*)-1h;b zHMSH~6t20-RnS*ZHS@{fKa~=q7D{bVRji(PQ}%34!N{$artH>uQ)Wf}Gr1{PRfeWK zw>9Np&)Sp&%nZ!khxqU0wqRY!Z87Y%p%#$pyq3zB>C{k1Y{}GhU1_?o`SfkNeC_Fi z9#emk>B5}1{uI-NJForsOc&pyD-WA5jHUfx8O{>6g=Mn`Pq2;CCyIN?DDgZzRWb6u zjrB8fegfCaBlWyYSc7fk;XS8zY2IN_`5sR|wL|a-CVie*5bf-wPnJxLk%7{uN>Xc5 z=1Y2OitxOoL8eccq$Z`!o8&glX0%oGA_Tiz$J!^?Vwgs@OzmbYptjQk3**dL-Dm2o zEOY1UEgWBY`mDaj^s%dEnHuxJ)5orzrMD(h6~4|qN>JC*=Fv)>M|wlQ{)FNi9eSvc zU3X)tem%5y(PQs|alOTQB(f#zj(=bagizs4SW~J94_wexyvW8VWDRtQDy{4%sH<3y z;$ndI@t2qyxR8l?#AwQgwxn2u7H!r_cqs(rK#g2J(QL+`$)As^^m74wJ*Ta*j;6({xqzUX&q0W8u-?;3=F$ZwEoD1Lz8_> zc+ZhyRp|CBN`tK}5<3oeyBzgF3w8vC>RL0e9$2Lidw4K#eKW z+H_Kusa*|7!saKGg6Y|)84mgNwZF)=%t+#=fT9*ZKTlTzl-bYP@f4^EBT;0(N|eJN zqcm{;ws8pmiz^2DxqJF_VRc6}+!gH0Bd^UU-(K?iJZ>nqdew~ht(OA_vzlB z$gbu6*BQ1lXeT)bU*SBJe-N00@pc(yDlfaHNZr|?@G{fw>`dk>jO?%$zwPXph{5m+ zzS+y6_fAnmDAH<}6iQOZ(~u*dJkO(aGwh5W41H!DJJ(XlorezQHxThZmnZ7AFrY?BPo?>h1FW6l5v$tDxipI zBazLa*h`ATwtvXNvQP0mD{_!#6)^}vIKSa{A$e|~B|TTN$DPj-1RfDu4$8RCa6SG? z1Z5Abw;#EBv>$3m+?S#;9?fR+aj{w!=hRBYC3=vKy;4|(Gr4>gDb*RIR7zWGsaYFE z3$lVizo5F>kZ$QIF&QEGPDQY41E=EzL)5FPLY)1QN<#hkwLw$=gik52;8U8zEPTw< z(lz)s^`q`F`pnaNreZh2PhM%2Q8yW{6ZTjP?G&+7XHYy#h;7otLQEb;h2(v7ScnU$ zu#ln!)fIU*wF@mNo5JrgiLA*R5@rs~_~+B3ZS|&>e9+9wsDcvMnLcI$ij8oCjc|!P zd7`|9hBO)ub(=Ho@@Pp(RToX-HALsx>OvBpR7ZM1-joy%O%j+GxDbzTU~+K05*d&| zaB5fdwPlk|n+8!yrb>C%Vx`P9nob%;E2d>2BUw?u3y=S0o|dy^=GB0^sOSfRrHL*zD#zb%d3_VjM{q~#l_Iay} zUxw{B9Z_|72Ni8$`}?84-X@{z9&@5W?%NWc~TTt zaVsCfCWr^y+-oN)RMiVr!$M4&gw3V=EAkpftm}tu-eLk;^6lBamR`D;YX(T{uwvu6 zH+8S5FP9&7Ml#5*mu|+7yEWS#_VOVyomkqe7+c+F>`)+0b5(e8QJ7QVHFjTp9rGkcOi&;yIrQ4S8WQ5@P#{p3uTc2Hjri8g&r{VJcbZsVW+2 zq0u%^QgAg57n5(tu6~8uYa`}LSJz8&6}A!cB8rvddTS%@Kw;Jpd?&T_7k_;7SNCau zXK?=C-29W%ZZik{so5uE7tCcXozM#B>_z*$d3@Z<-VJGYmf8(-S=&sYr!Z^xqd(}u zpFcrA*ioOgAAfZ7w8D1t+Xp0iozC8 zT&TP7ixpW8P-EIB(X63Tp{-XuMnpuL?5$U$^GJ+=w&?Ad;~`ftGnw)%UKZzktT2Bl zaM5RBM)(M)T(!auN;Tqzd1FZL-j&oH9jKhaa(=6XY7x6KZsZt>3-;_*l09078gOls zg_NiFwPqm7XtXZ*+8d4JLyc*y01e6|7r@IZEXyx`qw!y2?*STlD!fzM8XU-%+>k8P zu0=MN4(tFoNA99-E&y9}5f+R002_oS^Si=BnB(PFRK5@I=xF!PU{%I|Awn@{wWd<$S%!n{(G}8BEu9_^w z@#+)G+GVusuzd$9(kCS@b?A@nkvo*=E52$arlT8oc1tJi`N{C2(?4$=)m7_1pEbf8 zmd^5$b<`u$2!?MobQX|yi?CJvJYRl=rLV3lC5rf zBd)O5k|_?a+odkZ)FuWp5^suPSQGsEh_5PyJ%@j{UP0ZcnCP3~ZWPaOn+!m85d29= zKXLG~qmOn{yhST1U7JdmOVIXD7`1*|(aWrIBNrE?b5O0M$A=JIw$2Z|pu|Ml(q#-X z!51<{xT2_p&9!n2dpU+iyT!_?L(ycpPOn@fWk|Dz9+1xk!vTxfTo1+(-rH0HyTn6Z zDB%H0T7U}{+@h{iEp5;k0k37_~r3O9rZPPm>kjfp6M)PDy7mU*1HrnT(4#U_CyXyksMa(5s&&KoX~i4Q)Z`5 zZw|#`0%&CoGRw5=WEvN-_7t=;GP+|J2a6%*TmfOXxpX=tru^okQOX}3x zn7hsoE^qPBkZbkEsbZiiU&|#FxILrF#a|!$e@)ZcuR{`F5934*H=^y%yXI+v4lnU@ zk@=yNo`i-7nX|)(Vh_ltXdrB=Tu-Gg%2ww(Gg(52u z^Ipf_CFw|93XyIYG}>j*JA_5Z(Zmxs(~91wD2aD^;Iq8yP_ind6UVfQ#yV(U zN3GJ(Am;80)+JG%y9VsCU0+%bVjq0I6#4P@+@ijctemui|IHm~O0^4d6FpSo#9Br|uG8`0u{f5jN^h|4sacQ`9zHDeLr=OGY94#_MC6@80? zQj#LP9GjS-F4==e8!0E%^2ZR3I;26lMrxYvh(^L{RWjgx)F8j?S6&R?4ZA;OrUH*$ zxNtBvr?U*)sXL|_QPW64Q9)bW>Fp2!S%__M?;L)VjKr}ufw_C5pAC*BHfJMFU7do4 z6J0$-wes87Hf5oPbrh4Kew}XE(6!Y{HZl0f-A` z-xPW05_%7YGULe;N%fLQ%J&{a=J;mP&Z2#c=IN+xi?ps`wNjO|K;3pYLv=a@9Q9WU zF5c_yVOpiyp0KV)?6$2$;mCn5Z^o;_e{887Q}%~h=p^1hD3x?#Sjl%6+n0k9n!F_} zg)9{)?ZPjvI@SxHE!z@{9A zAW{OQ7ftt$bXao=K0X1h@Nz3lqCuZE8m*&lr_*coTZ58C z$<>lm(PTk}v{c!XLETxlbwD6n94K`=o1`qtJrHr;JdBM+(<3SKy{?7WqEW{dO3<;Q zGyrOjC=se2YkgI*QC`oDX0za6)(dYE%;m&rWsx|pQZ~svvw4Ok9DCWY>+cq7Cs~hE z{h?TlK%IGcRI!C6H`>EASUs`ljR`Yq=>QA*?^Er~oy|}E?jD}xapgW*Z-rh@=z@v7 zfm->_CR?7^ac1Rzem18$$H!{o3uh>zJ(k&7y2GN&`0z!t0Z8g^m_kEZYotvIZ_i;y z5FT^Fpn7Fq(v|$SQdTDy!%xusHw|_9RWH-DqW&W1Jw<)ogYsPFX37z*Kt#JYh`;89F{S-!$7DTd71t*Il+%DT5BU zh8}2Ya5mL2|AMkMdnl=JZJC0!Hb zaICSmKtGDL0!$YD|RJ5t%%szwQRb#PrBG^u^qP;sn?nMsYOn41`kX~tKXYiBgU z^z6FsMi0_35E6}hC}KanYxVl=ZfDpzd7pt)isUM)4`D!_)aRL*P z{aOe84;$Ws@lf|$l> zvVZj_6J}P9tQRNK2t5~9;aBGX(nZ5Xx zNL~p8|JD7ljX@~G5X5LAVe{)`Fzj?&oo;;dWvcy7Yx+Fi>ZAtGziNZ$i4CSagSR*; zAX|7**2lV(5IiK(k>?YVMLed+Sr*VomtiKqIZB|NgYR<>x74O4w>!f*cI>2j* zr>#zs<#El^fpv_uRT{rVj4ll}PwU};Y`C(b9Ofi;yCu1A?!+=IRwCtqeJ=e$Dq<2eCk*e3JIM*?uYqi?!`zufY7TP!m(WU8cnql-bu#>ZTt@yY$(93H+5mhF z&iilXy24ufEtJEW1|Q#x<=TSDEwCx|4PB`>s)X4nV!|<%^FH0DN_>13T*ty@*_20- z6f>=Dzp?JOp#Se$o#SqA__{sF-&}Lf%?Imd+=7#55FBq#O7`o=W>KlC1vc)K14k0; zCRD$O_aKb+|kVSX&NAVD5SOW?g%GMt=}dqpEUG`8QiIO@xvU9nGnZ2AzpXUwI=KdN+ipj z8D5Rpc+1t9O&bXrINkIsORjWUL+{tK?{)E#Pfco&tb|X+*hHx*`IE2&J6Q_hLW2Oy zjR)*DnaL^g@V2`lQX9K{ZXqaR_L4ES6Yak%xwxq>N-5#+!ppj>hrInT2Zrd%Dw63* z*UzI|9`xS6NZb}CoM@0JA^=vi@teFF*_@T5q+KRLNr!u?@sBDD1pX zAuH-BOpT(AdVtU52n}W8HD-0Pa&k|AnagCO-5Ioco#rWN^?Kdj zA@?nzaSv!p8jRWghI*~$k^c;y9KTT+H0{beKcSWX-?k7d|GU}+Q#PV}3a7k#XgPp+b0m}f^TzsZsz zFv%*exjmAzI>bG?*_hLX*%XQh;#-l+*Ff1;cAtW;^!s1k@(J7=iRyY>(D+)g$ zJx$2+pwv$z1M5PHGk3zov(r(JLy_cWh?zhWrCBDW!^h0*VM~=r#SKD27RZ5aunT`2Nl?~LA7$iX=jm*8-E&St18 z`Hr4OVO;QA$(*-Ebct$#I$zOh#PX+FiAapd4aW7GB|6Cs!(B-_((LgbkqTWCc`ZluWP)Xe(^OeVTC;V?D~Tr``JsMMzyWyy9@=2&JLgX%QiOUn|pG zHZyJ#D!XKig#n5!#|eZ^wJGJlEoiV=B{$B}u&_~-Vx2Bub?R&aJ$fWstInM`=Ojd+ zvadASDoX>gJ}D|8a!X~B94$9(NUQ^rE~P`3nNC8eC@hmAJ?II7ZQHg^Y$qqSb7I@J-LZXQ+di@FF<+akpB32~#=SAJ;7psOVlwAYlj% zG2ZnuESU__w;+dXI2KI`UiS3UTPZ&tM$-`gtrunr(2bB+PUJ>8;5l~KP$W%P(c26X zTni99itHWJy+tK*QGA_M6Xo|%?s`vQ#b~N7kPmtNDB>8a^3bBsP-|*hq}x+1^8)2T z#EJeF@Ht9sW1ZU=CX_uI`gmuzYIO{qAS<0IsWd)6MLXi0O1gG{GBa@Ergr+WghbB} zz>CbI)2Hi1;yAGrWgYTR$6tMi z00t!){pYJsv|y!U*|3@)&+ozCQo-Ic6bzF+@-aZ&R$YVPZX_aC%(<(-StqH|t;~UMr=(+F?GyM4_V4z*WVE+Q(Leo7#5P5m#a4jGXzED8)D;`38?0EwzcK@mnZR zvS{hLy#KxQhfQIi0E1Xlmu<)euQ_Z=#!YTsVXAs;#8f!WynY<<`6+@ykwN zium27K)(Qy=l4IHm3ZA(3Z<*x$$l&~+$E+O+md6oU9ZFHwOaxP)F4HWC6i92aDa~^ z2>jubZCIV8#D)G)4c%PJg_+&JkEXZ&R6$D6CiLamktx-~B`)_BG~I@@M^IVD=8-kA zHBniXwU`~UY2!k=Fs^}IzI=)j)#s5*k_l69Z(cLn-`#cc?`EAB{ASX$Wq~0#Yh`os z1k;jvb9duu@{+QU8Q6<0@s03ha2!il((zh#u%Lg+QKhCzV5UlXBE)UXG}-gwC#AC! zf$UT6&*36+_a}ehQbI1mxne+9VMWjq=7laW)~AcXYT*|1FtAfrkQzopjHp1cqY<+9 zoqC|IA0{>#&lZ-fLVtjj_TbFoQPwltBunDdE}QvEuFWyHYHsVXaT>5 zLZ*lCd)5roU}*~IEpjFjgUmKje}Ub9k$s7%R~ral&Zdi9x{{_ldL)av!fb*0kEDrV zBKEA^)jMd+4?oq1^(~!}BsM==QDPiLQDQsT)9@f`DBIk1(60SMo#V*gycnvgOhpT2 z!s-`Un$el0j=tzROqwAN0ThuK7>PXlzyyiXnx~d+W?_jV{ctwjUzaw=YgOX$EjjB8 z^u{w{9-zxKb7z}6+-~O|st+lqIvcvT$aXq6y@je>)EP>Ppgr2PnBK5}x6+YmCVz)c z7mQ`2borCgE!E{!;T*g+ZGrdOZ3p?YiFKZ9;qi&9?h+dqm|VWdMYj*X|9je)Y9x1! z%=YWte$3Y^bHN1uo!V*U6s6!@5ezUc{C0IZVLe0FD+lKhT{Sn%dF?d^7`6WMvbF_0 zV~Z7wuQ#+wcn{P3yjD2@6--{lpeTf_F}?n?b{Be(UQ|0>7IDSxz)W(xrlQ`=V_leu zfjB1O1ciYhT0!GslQeJnFJnE^u7PS~V0f^gCt~rKVH;_y8}zDSJaak~k;-D-UNw;3 ze}QdX;s^|5b`<+YF1@nwxTF>)NywaSn=z`OE%6q3DpN!#c80oJfy7!2={Mms1@Afv z1_8C3e6L|O<;6kiwB7jrjJHjP{5=}poTL|cjBjJZ6+!@ICj~=#O0=H8z%gb zvw zU_3diP0-&v->Q|Pa4AFMHf{^p5?lypG}wCP*9dYaLTj}XBJ0?j0(`G)!xp8J( z7IyV$Cb!EAltC{AjqOz*inI)df_4QM@hJhdKhUstr}_vLNE2%m+ias zH2vH2Z^|-Iw?EO`K0G6rvEm;%itTT5W1KplVOzQp@WK>L8NRE`ArRXij%IumU~#EQ`YU)ya?lf z3rzvxK(boIMXI2c#vbX1KoWPECBqIk4W*uO5$mk`CSd zVF>wm2%biObZAn8pu`y##gjQRi4C;m$HZ8~-nM{m-Ol+0lStxUYI1t>RH{I)bC=%< z+Y(7&188={%IDN<20V>(H5^$aA)~kPsH;BI#xfikP%_5}>_WjRKr5Yz7F&A60dT3a zc5sd?GN6G}8LetJ_68NA|m1QAA}6_%X~cH1}%IYg%&onn4no4D?nO6vY(DKtwrnE(!% zj)jh~3zLN3#i9)c2QJ_Ko(7|jqm*%!y6JCb9}4a8iqkM}w}F@#3j=>-Ig#P9kCful zoX~c-I1h$wMQT%{>3c(MPPw z&DbmomzEw$w+z%$@ZleE+=(4`26oCUVoFhm4C%fFEp;PJLkTFN;cuCyb}=(^hIWvm z*n70ssmNp|Hf>Xv&ZFhuWM4Ac)2bV+npLVUFZ-@@l&BCXe>8A@?ayWZ4<5MAcW=K6 z^=J3JL*V2WS@52f+|LlzuRC5JbxSqMe~kGsl&SZ%e9w&E-g!Aw{~KU909u_dhHr2X zvZ;6l_UX>IKj7kEXUJUK&!yZeS(0}~EyhlE2Z{w3#O&PDmWFj>_anb?SEG9waK!%yy0BTB;=iqQ2el8y z?+fC+v%$7B^rwRlfqGMv77cn-a7sU&V7dWrAvt2dP9V@6XC$)Wp*0iXb@i8Da&xr;TRKh0q(6vzin_IXo zc7a-V8!PDm-z@wsu%IV!#guazSvv~++RpE>(T#q3f){#M!lptTpr_8X?T zao4x~)s08Ns$YV<@BNNr&Za}=-#Eg`huL?|w#ve>SK`5*zxfUngDzH0c;KqO8}{@s zzPt*o;&PwNvj_aU?kd6R(V^9;t@Rl(Fy&il&uzf)myNyiB0v6rivba5bZ6!WVc9)? zoPUN9gWoXuFx-G>TRhtz{{_KDxE1brV)$~-Ar{Usrj}qdKFm3%8as!iY&4<@C#Z?U zZ&oH+=yfJnk!-q@Gr4APxdquu2Bl(cOqpd6b{-2(i?6*8)4RjK`BaSTlgz+#AZ#;CZ$3ex) zx3C{q5bzVy@z8%M?Jlu>_^W%kf*BQQmt;cF6#v7TnPEk$)2#lxB=iI87HA)33Hvt` zP)y`?ux16){rKYy+UfaIA^@^iETH4rr;pl=H~guZHkf8-f7H zW)5*XQ!_@G%eLmd--P#q{!F8qMV@j9mT}Z#Gk6G{-Gj&Rm4AN#AJnmMK(xs*B*wJ< z=6X#E`I6K0Pgg`J4?X;!FhMBic|_zvGD90Fp{y>>eP)|lkmb)?%AK4aSzLX=Wy)U{ zu+p?61UWn&_pboThJRu36#-pVJkn#`)SxgOP2z=XoR&%RPttdziSjmZzvJPXW8t~o z+pzxdRWS~S{b>YyOl{E*kweKzgA!UJnYmAZ1HzM zTdtzss0^1#9UJ~ZoYnU#W8|=1`kG#Wt3D`@mmBH}RTa-jQD05)7rrG$w{Tv3nYyHj zhSg=o`Rg-m5w>^>eme;R%Sg92{qeo<6Iudy#%C&)qP$xf`7#(1r(cLg@GPaUO(X=L^|4dj%tAQJiJ(PL zMLP6+Ju@8}*V>ajuFPbyNPy2Be?KZ9S?(OR0i@@ZB(HsTB)rAzqAfI0W|P~{Za~o~ zl{RusxWkv*=Rb9HFc*#P5m*qu6f5pS0@ZJa0EJ<+kf0zHg-lXd&^M!P1J}j4N-~WK zQ5K^rT;Fe&O+8^;xlu%@u8;+bZl~=9=qhef0aY9a?ErG}LA(k3w{QUM!-)EV%U zR0tGp9cDrG<_gqxJs!P~t1P5Z2dX6In(%$!gTQ?KuapwpeqUyJs4C5;ZIJEB*pK=9 zcc_d*=5c}7y;P+D^+6rw2gU2aB##mL*2Uv52=qt?geGzV`~1NPlU}IAqub&pBUTz& z+a`%p00V@0a~ut{FYIkYeu*(7VmWnJQV@U)TV(Eynd1K?5M(=M6A z$m1q6+VHIc{6i)z+A{-b;Q~(DKBMGLz67oj9i8e(VkC2-HfhxzseVlU_#RYlV8;x@ z?qs4F^NnwL5feHo@F1o@ex|6%TI7~kKu1bzEOuf$e%Y@4{ z)`-=qZhQU|{U8t|%KOrw*dJw2!E{E`KXF)_)17n$sjAQy>%-HN(JH;l_8#Qenk88e zE|q?~Cg0b5-+5dMVGdt%{NFn}JKpL`)8EesPu4rr-+pn3Mvm^QYea(7#&bTtRu84M zS`2Xma#8c3`fLwBO@0)r8Cw)1&Y3_f8EyTf>YDDaJa##MKe|^N(@|F)JMYa`ui%to zRj2G3SI;wFFVCNY)brx??l->jA^k>kUoXdgw?eC3XYIH_9IsY_%4W@Ejg0W$(VeN( zJ=%F}pT)07ZH)`)!)o$ao;ijOeo){1UHJ@#L_iq+^e4QT*4fhCuYu-!H)DY56cY#+ z%_(cE*sK$wuly^)ERsq@y(-kKW&hIu{HP-WX!P(*~5mjlYIqgUxPVef!4ar)*Ya z1v`H@2P%9BBwpm;#IgJ~IVA+>xS+_Gk!t=XRH{qeM^J5BW^>>~0Ks`^Bt6iID^_2K z;N3C}>snneZ<#X4=-F}>2d`BDa;oSGJZpQd42RKgo9}H5Mky*Stm55yrv-L{eKD>8 zIkuzh@<9DZ$@ja}OXaoOKtpxiqkIGVp`)yB1GL)+ z^7iiYO8mN<{e+#@chV~CTl_F@ZM=16=dxf`SP=8{p0DD=vkrVlK_`bZsI}_@R@9Hz z9-yB2@KIdx*s2`?ir4xUdoZ9XKQ>n_xGDXK~)?@WoGhT!v^*@CA=YDkj->F~VhK#`Zo^Pca z)`;7=V?ggm3Y>8em+tic7Oz4Y9xe#df!9aMO80>bv3}=!bS~gzzIVTG!psVAsEjeq z*BB^0w8Wm072?s#M|4Nx@4{);zLu5*UZ`CHt-caOyI*Stu2q#V3ds;YJ+VZ-BmH~< zGm64C*}p<#=G?A{u!$)2o^vxKGnrMZFmYqLkEwwyn5fbGF{yz7(FE=@Bnmrqn&4}O z4pxRSpP6d$T0n5DSH&wn&Y?0WE6K4Z@lgK!jZ7_-vhVL4%Usq3*kt5uf=njytD+&B zoN${zvX>D)Z=}A4NbP_p`M3G@@HN91JWbPcN8HlsJ|Gt*d36P2>v3Uvao1U51h*Jp zE+Bt($oK!~c0&oov7Qnsk?3wD1s_YU_^Q%@jZ3UWCTh&VR?&f)qk)X^y;`!64Gn-U z%)pSU4jMnBfo8z^geClsL3Xty{4qgxJth3DLO{u?5N75F|(Mxy+uX34ztI73j(%I;8Y)b ztmgNCKrmX|IiTL>w^{8zD?3xf!a+fUe_Jn~=jJ(I5|=7z$a~?1F`e(KC6Q1bgu@#z z6^~JKxx`n>rv&B5AhuXIV(YM+GwS85wA7zFV}6L=2(Y3-)fPI zb*?!O6?WUgDhP`7lzkSTWB2bJ$LHC%Fs$OBAAKk^ep55rjCD{^)cjT-HL;&Jqo zZ~3Z-mA{d^s^q-L4)j`eK1JBZTqNiKB<9Aa3c9M*@KNJxLHygN-H`W82p>+3#VC z?1rF->r)}r*-saOip22PNySiN^;lzSC!zXVIy3dsMAL`)fPskMOc>T;4kk6( zFDa(8t`$3{4v>z7LYOk4Ce85?jIf-oi1PV=q*{+5X1&!-av@B)m3Xa+<-|}H(D-QB z18g&nzg!l1B!*cYNR8~>e=N}paiV;(Jn*{+IjKPHtY?Y-NDsAFkfRZ_9YZ35g3 zZSp0dLPAzm6?!ru15Yul6m6#}A<`8cGd4IaNj&1G=)1_QM0ld+$lsIi7MNv09JP>+ z+cjzk(MOftPdc!@D>O5cNOYWDJ7Bk)RM^!(Kt?A)6Qb>Yh5tGE=9)t-sVEbDNoyA+r)Hp0$5K!)c1WRafxbDo^R7UD*7-Qq5u$`}AqrvI-~_KVAx{(+#gQNXlP|tJ9RG*=@hwIQ1890D< zdNt#$RyuMV2?rwB!!C@e!U5=(q=0biK5C)VO|0Q(JF!^ZyS7+B0+F2hG{ucq=RN8P z!Yp#l?@kJ8nkE4Sy~hjl*32fSOd&UU6;<05H@+sFDX$(RVLY-khg-MH%wj4=3OV2o z%06dWFq1c~;IaLsFL2c!eZ>u1m}B6<^k?l++-q%#e7z*J6jNw3gQ2HJovIR%a*5QR zS7L-m|7%_%QmtC79m79t`-Et*vd{W#Wzu8R_L_k=i8T|oTa5cjjzA3~X7eXqffcFH zo0+S(@9-5~`$tTNd5Sb;fc701i7mpU1~*ZA%0`MnY_!InV@?EC#AKayl+s{bp!Oeq zMgp(bS^mY<)m-1l!K;ny!Q9J7X3%5o)vrxyxAaYioN+)0a+r)uR-+DS^&4LiFOtefg^2~ie_c% zFZ0k`tdusUbUUqF?#Pq8&JDxPEJWU+uR=94iVOXfhGu2;6KTMdwZs^rvD26ZP>DUc zEd^noX&hmf0cXPrJxPXuwVG=tqNB%#z1ky>u!_fyy&6!Gpzb)-m#fuReHR&!L7`oE zP65g~)g%U~0Kp-XxeUo+q$Hnb4H??5j!$Xa2%T_7hM#2=tByb6ptHq`o&LLroX4|) zeVA?0E(v%^Niv5Swfgw1W9U_)|lPk1R z*qF8=k^|Hh`dl+tRB9s2~;m z@OQD&e?yS*zF#yIj1LsxhV`vQI|J66F z)t^gim{e`Zh{i-oo9h$HMGe%qg35}DZ(Edz`v~xzO0WtIL_>iFz`lVG?kdA7X z?b1%uf&L#DX7HA+q~c071rEvX3EfQ#}MLa z0M6VU$=r~XHGNAqJwPwB|01^+&c>$6kn9DP^}nLvm>UkirvBre?3*-C1$#Df6SDky z>jHn_s;%ZGYwSwkCb@PJyCSgD9erh;sDDyI<60IOFoSOFNbz)Ww!!?IsMvu&`h`{| zx(=Z*M5>)9OHO#q0=;79ATua#2^-6i>wiK|fvuQ8aBxgWcYZU2vSzX;WyfQuzi#sM zqhUFE{fdPd46yi=&4ej?rFCv2g9IruU<=!j4~X)V zbZ+Yg<0^{#St_38jr}wj;*<4fe3blDsJxJS$vd|lL*oGE+%pHerBs0A{PFCP*A*^( zk_OEL&gOTA$IfiJO7QHA`Pb?_)SbCT5G=Ufu z)utkp;Y@RF+F@|5ISubU&F`tol7+DnERlH{J9903$Ucl5In2!OPTtRWOlO~DP3`HM z`v2l<;@%tuv3OiKa!AYAC5y(hvk7Q?vvF>Vh{@%cu|o?c-R2#{&v+=wHZjX1Sg$*XV7z{N{Tp$OJkT~SEo|V!%sfM<-2YoePn?+ zpcx_UNgErUe_h0fRB*VM44j+uIRsDl2xqau((w(v9>t3iCIvtl`ji?kDjrNoW6k_< zq_vb7EZd=uow1J%9hR-!LNNh_$wl!d7}>%O2hm-7uY}1b1!3(iBwi5#8o{F?@i3xSqxAiLSu4YEAGx>AKj>eDkDDxy_ zV@UeAi*!I{^l*p-3di-~qNW9hD)oH7 z>L21Bh3lDV@^2||U_3%kTf4_BBO;gt>idP+X4Kf2$)qh^$Z{JWJzYA7G>I-oVbMk1 zDuA(U24g>wq4ZVRz%oi8NC2_zfrXU?qjc;@A+CMsXm@CYZ0~~2aTDvYrZdqbSg(W| zN#$-I@QI-3$revQ9DWwZqP8AW**HLTn{=TvMQg0pu8jKDlu=!~&0e8aMrw~oH$GSL zqb}Sy&R0IfiYNDZ5R;Q?6czZIK5z=Bi3G&^QP?`C^;e+HS6tn;U}58CUiXpMLx)+0O)uc?)L@aokyoogXL)!sPv zvb07$QIqQ-W&E*#%J!5QZPh=5Z}7zCe*auKBVzs#K}R@@jh3?ivQ zq}7c>C#FIWE|Enl<|}hdJrp_?7n<5haaorK6xFA}f`e?_O>g|oUYTI!+0sPO21O`U zstS3*YS&e2&zV8XH;J#KtH2>z|Kk)O=(%69G3ET2xX41(2 zdKmV3HE!fdt8r@U=?ZIu3&TS21k72pGQ={H=D+Ky3PP^d2^(~=N zj>W^5H;3ki^ubP4Q7P4Nt=+xwq@|Nd%0Z^L8ala&%LypRkOcoxp;zm;Ih~~DYK`Sb zUaSfy94V`IN}x9;i4HwfpFxNpjjcXKSDI6XRi0|G#bL3m66P@;e>)8W7g&I9F2lye zmx#NhT^6sM>fhAFC?nYdHZv~o6}>4*>pByk*k7XMjK;#k{Dm+O)@wNX=C6|Jp(wbv z_&cN==xiBd|B5GQq?iFGEl%mzeb#zLW~;O?IO59nv8AOi+qgm46cFdjQfmN9RHO9= zUu{H(`L}VpkmYUM45p__OMF~QOiZ4n0QV?EzI3fz<@LXH(MAQ_6HtZu@)<*@o$yYq z@ALM={VRP#tOOkmQ6yquGLP{o`zI0gSUF7LIg1WommjF4ZmP zw(>}JKOYAzGv~%7CvmREa_Vn0fLJ*3!AJn%62tBQx_WP}5~b6&ESQU%KZEK5(azAN z+|`Ol=pzwEUw+J)+)J@cj+Wg*ZF$)nP@{e6gXBMZoh7UqM_r&T71#t`eykA7-f}p=5N?2VNnUn!5#6^9rK4i z@%bScDCeSM`?@aM`+3tN@6Ce4yNR(xLwt;{VRo*sdi*mwo0}hL4Tc@nqXi2c?*^AU z2-DxZ#}_djGs7g0F-5x`^*E$lGi6ZB`fB`|G@B_|HrY-i|%;ii~bYsjdsk(f8L0uwIeREN? ze9@)eGrK@7{^7s^ZE!H$y9=C43F?4wgH879(SZCkIr4EbFXqywGrvk_5G=R5x?I-* z%26z&vKRhd#>8)F^-l_H-79K*$i^1$wUCGd^Lvi_gVK%6kMyzi4Lb+9g3w<^v_3}Z zj$Li2wdaC)2?gD2KeBOd(Z6vY*{u*Y-q_sLh&y%BzBEzu!?} zQC&sae$jBjKcxKQe*-}kIT@@Txz&w%lzA#_#9edbUbHs8mtwNS=3dJS;R~9F>Gn)J zygq?FxueusuDLjltFV-ohmZ94ekuBDh}4^c{~sv>|4l$Ub7u0`Aq|m9i+FaxgFZbI zCRgcOx1+GuZEZ_IMy3x;_kCzishx&&%UTf(M~J+Lh08&(SXuG!D2?DA&|-F6m09mN zFWZiRw0k1{BS>Xu#mNGwQ%4u6W?~HFmbl9uuLJLDLKpZoHMk#I2>zS|2i^WS>o6s_*8dDZ5VHnm-rk@zTN=0?-p<^41-CR6zDC6Bwr^4STF~db0JetCY{Rmu)0$%P`Xi~A1@X<1 zvy_G0Z6|@Osj`J6WSRhIdi8Omr57OD+y+XedZ(U+PN$=&c14qioat^b0VP=DCHv`j zQ@%V#%C-XtmVrCIyc()1^|2QS$8Nwr4mh@BOrT908fdDDIBa+(Ja+12xIFjwDg9CY z^Hv}NFcYcDda!y=CZ~gWdT8)ZBMk zv=9l^0pSr$Ha+&HHi`ucAO1TbS-gQr>}ns{#>%1mnmmaE9$C)Pacv<42~C zKkaw+6U8X}eZE4_xFku_KTcoYFjY0cU9$>|v|BLba(Y2l?3fQa-K<@cMiq7?LaotD z?Qx^D)uWNLm9fh(L$k4%B5(lBVJM(>8z^ov^oq=Acwz`(b(@rP)X5~m#cb`p+!4mQ zf~fLJ17XxJe!?q6CHuF9Q!iE%;%R9f+e_ibv*#myk&zZG#quI;c`(Q&c(Rv*aNJ+k zI{?iuX&-l0$lgdE(;`T~C#e5>O2{k_#8) zvznd-eYlj%00VHfKRyYAr0n1Khd}*MQ3%T%`?((Nf>^K}FhUIQfo&m}5~3(LM%F&p zwHI&Y_HI6wmhYb4o;|Odl~Wo@Yf4~*i;+uUx2g}b(?u7jG;&S)0s5(#ccKz*3%$ay zX*2s0aI^Bn1iPo3Jt{>R6;(m%bh1a_grIJ zc-M!=mUTbUuJwNXD#7r@aXmHsqx1$VF{e{_ z^REF&11(CLkHd{)zt^I7KTudOUc_k7?ykJcYn_kYQ_1`9TKrE0ZV)e3w7R6DQ`tun`_mA!6-C zulsJN`g)N6Ou4l^SMI5+_ZAx@U@y^n+`E7DVqV9xg6VDdKMuffbBP42)c!O%*mUChYN@%!kQ2+ak#ipR12Q$X~9~b z1=)_^x4HM5X=TYxAj+i^Vu%O)o}YhnI$tz>*Z+DD7ncf{xqpx87XX2gCB6O>nHl=Q z9zb*$Bw)XU0k0JsjPG;$#W8XWA#SFFfw^FQ*)EvKQXxLoIP9AFwhz%;S)XQFF5ZHQ9;_P&+WJF37$246lq;h+*+WNd|5a(^pSE zD}~*yGSm*}9}5^@=O&B$^ega4@qb%n8=KhDtt#<~<>On$^-G4M138|rWy03O6hvDW|^$M+O2 zI|Wlqr8HR3gd?Aw5oDdfun!ub{lgd=$Kfsu>wMOuS<%At{62}a&~BQfKbT0>O!}^l zN)yaw%+8igr@+<(tO%~1J@$6-;hOIaDzs-MoD;+IKQwjYq}`TVL*GOH@qw{G@|6(G zVgk)ajDZ)_^z9%ZWI(V-;CxsEGdsiCeDS)1>|K6B6gUaNls$R&5C}qO04_+#VWNuD zN5PrtVVmtaP95vrH8{anc#;rjq#vXCvIA#Cd@}rEmBp#6Xz7H^((V4cZ?cSX@?bM$6)uHq0fBhY_RgrQlW>F{iH1RKAE;nVa z_d+~FHK~j;cW+-D_+eMF*UQCPl2QHvPV)MKMpaq17G#Fyb{2UC{PqJOZt*4=7BTsz z7y?nm?T5R`0Q<`n{O$2=Wec$hF(+zaq2Zwp0!iASe-SDj*NGsILgedv?R`14CBby= z9sM(sU<8`uc0&jSi^a%aZk4=m$drK72%mVYg`(kKiYWo=-HsxE$72gKbdvM5egp4t zYDZOPRaI5x&x4d^*V1=GmEE$%p_<8pi7uO4?R22%bwEAcWxG|!;fA^?@PC8%vr4% zb95*tK~WIMJu=Y>RC*U#`2_NfkkW8GywCyB;jXN>6Q(IGd%s+8Q#N7C-|ac;3Vq+@ z)IeEYHVNJKN_z4Xc~L~VdOrQ_Q6*OBclv^`T)hCRSuqLs;H4v-w=#KKX<%q4A#*^% z_VnqkZQp=+fHQQKT?xCGXe$SI08cYZO|=E7r8;3iAp zm!9}-QF_r$0nms5CN+eLu!3&N1!0sbiki>{iYdSZ5^G4h_%$wbeg1u`f} zo-)=Ms>BN18$^&UvbFz2RS<{FvZc{T*hI5p0FZwPSqN5NZvf0$GFavd$M5Sy!O+lC z5G8{d#t0&;53Z&BH`o544*KCO5@f;RI5k{a0DS#MC6+{}9vy)3a6KNjBdsO}?CT41 z9p8%w-YAi&HxBY9H=k!%b+!b0vR@TDP#fr__@pRuB_$!qS?3agmHcz)LL*~{VU+bD zehs})4=d}lQ~gz2Mv;o1udkLaNmA9xfCpCW-{=w^Eh!!X(wNB`Mfm=xhb6@3Xrt;R z+teNMo+=l(CcB_*XZE)>=Mbb|J;KpQ=HXwpbdTvPp@yg-&aF%7O}{xS7E&i zJTF;shR`7uP&E(BIlSJKs2s@qtjt_d@E|m+^W4T_l8lySH$Dk>VP+9lh z^Cw5dK3b2O7(>)q%#g;ku}- z?Sn(Nc`IP@aluL~AbaS9XKZka?1EAHSEcbQa%){{z)mk2vQk~ymc4Uz?QasP-`K6o zcjg+bc#Hs*U)dbt6C$Zs3Y6%tu`YBwFjbb1zEBnKGZEiskjKx+Aa1fB8t%=Xbg19W zEiiS2`@IDFy@P2eRSnNNZ+` zb@a-c=C>Xz8oiExQDhch;OH<&jwlKMD0-o2FT0O@ zuh{a_j()Fbd53?0DBR{{76L0{@@U8T$VK~bH^d~!5aUC2r67`u%*hQ>5N1%O+5pd` za*VmhtHI%E>RYZA!5T#jje48mG?d~y&}>%(gnGu=d2lritZ07ii=*h11L&Ax2FD~C zJv}|w05uM?Hy=g|U2a)vgA^Tj{>03W%ZGKtRCv6z-mF8&iu%{p%{sO|4888@!L~CAUAw8A4i{~u|P&Cr5j9Opd07ZFT{QglOdQk&HN$z4$dnEm{ zo@VOW?g}QLiXO9dtR*jj5d1uRLjYtWbMmX;LqN2LIpaZg{P*W}sW zs`Z3ftMsRi!mw3)gEL*VlZ$4drwi)_{r@a5}m|{aeq498}1>- z?Z3PH0DfW0|m_~QW1wh-MPIi;`J9F#p? zI3mj)8_PD|*r0a3*>ZX76H>%5Gux9`X7Vup9)C|u5R!9UAgTpi*uPGq!=GMY(T;ghbUg4h@{IlPZZ_29yF<+=plzpLiU1 zpoZ7=B*KQP4ay=K3J)t-YX{W|v~0W2$usOwiZuG~2qPEneeY3s`0lX(S3o-AhV|H zh*TUa$qcGR{vFha8?_a}lOqB7F-@6@$^~NwzdXRQFC*T3Mou%j zd<*lmc47_mdX`f(J;YOSs{AkA*8H6Cn3tec+Bfw%ioBy|ecW{mQs2HGEWLk%?YHv% zRA0S(mRP%W;G4{s0JuX@^C3J0cewCepRQ-)ZAc9)+|H;vjD3|$hcg~~wzZR&&ZT>2 zJ4TKV{s`_c4dN0w$3;O9{9j^+bh_|>7vb)eE%!0}y(_?3%D?=@-#Q zyp@XS%J<83G)ZfgOmWXL^X?dYW0`vC*Z0HPcc1Yb&5f9!GP1wQi189z_SmHZqT(O*o~-ajO##ksQ2*;2Zr* zfjTi4G~i?sQ|aJzMiMd-0cMaX8Vjv=?Ao(8L~CRnm1L?ynwpYJl71!Ek=9@-2dm(u zTIQ%nk;p9}A+-x>@Q`C06R(TAz(;4WLAXXWS=$}qv=I&<9-ojh?^72*N{y;Fq^KAg zBSJubpmxlPRhEGRya&D)v2m0D67rqVv*et5d+F?zlo2cYcnA*;t&WK#Z-m8%Sk;mW z)c-OhDi@<}jo_l(idR~PV+I1wklp0%eZlK82j0cYS27JI;Po$hRZkL~Py2Qn=ubLC-AX9oTIMude|+1vRpVf4%jBU@ON-$6A6o)PP6hCQAr z1Jo^y=cO%kSq+$ZqeLNTD28&_FHRvT7!q^l2Ye)yOi4 zjdo>k=|7q%pb%zgqMREJ-6apY<8sSpZ%777isMy;uET@d7U6yJ)P|2Fb>IT?og1~& z^12P*3w*h}Mi0C3$#my*1QoM<@NMx}@I@y}#5% zaLMGVx^JBg@q_k6)jYrv=CD%rAg01o;yzK=he`5MCMKKa0w|pQp=xM3`!!3O(3a{yW@EIYzvGetcf}E3F-CXJ zMgPnW++!0IbGXBgs0ulfse05D6*MRivPDlxEM`)L(@->SOlvj^%yUH5lpI?}JCh|8 z2-rIeEm4rWzN0n3?Q|N?NeCTNxu^56-4<`(CaP~?7ZX9eSC2j_0SF$VdF&BWRh01h zV_x;}Hu~bM26MXQg=|XXw8I=#1Cgf3vDs4KQJ|Eot)V9xw?&pqtI!^0OG;qpxe7aE znkxIj%ImqR(3Op37*El@l0>bmf16tJ|*zGv4MXm>5X`!bMHJkY^{o;jkFEh3R+-fz%ANqB)1)0^8Z!q#x zS8{NDDcog9b*gfq318ArCfC6VDoyGqkvFb>*pc8#C15#~#8xD%zodgCHC`SoF#Czh zaoqL-x%ohiNY-W8G>-bqJ14`zMsmq;&^n=T^mR#9igqaMUCVZcDMPhJwsM7(#{q`; z!CXGJIXFK?Vq*ODmmw5U4oh6w?6MO-79fTkcrjjPXKfp$+L+It6V0g8BxeoWZozMO zX1QMNwlV_@E}2nkAkU1a%x7PnBquw!mlC#WHT4{@QoK!z?O` zO_UMqNf4O8xC`)h~*7rR*Lr+YwWur7L3ZUO1iviL63-bdw6m3>4a>@Flf~vrD&d z<)#W1uibg5kxsA*_7juktkr~Be~H32paT{rVGh5?)RZ3tP>EuGxHbS*0?&-I{5hIJ z?ol+HxJyxgSVwBEh|{CpBLQ;q?Vd0(RD=%uz}D8eMy1QY7OrqqJKaQE zvZWg%ff1Ojj1`<1;{I_pW7$X-`Zucc?kE?FS~63{G<4#fQhlx~RB-4ToR8mA&%tq>jku$=%O zwigB;wlmdI;LoSS;dMX8dHVNljigKGE2oB@E4=p@t5bB^lD?^z z>jve7Kr05N6cEsy6@juTE2BJOiarV(wr-JoKXF39H8mZB^K2tNe0pxt(Zd*;JY^cl zA{EouVMmBZM(cb&RC$-`oz+Ho1!{V(1expGYxGtm-cAC2JmI%3dRx_SbcgWH@h)G8 z%E{{;(S5PDS`|}@2qX*kyWL|#0?J4<+=RaF2821)6CQz&`6w+;ybz305Uaab+K%DA|&PYhCKnt&J%vR_5Rw{j)9%}Mcg!&8?1An6dusc(6*MuX z5>@=BZ}9}eFjS>ie28rjokeVbLh*3p)P3@QJUsi$UhjMI|J8Q8ljZ-<*18Y;|GVh_ zBi$WZ2i}kvyP^h7`&AwUC#mpMOeZF#BpZnRJweAcZ4Sb&3n*>{afMdnd7~{VomT5v zz169Ao>$}Qu$1R<*|;FFSOM%HQzgfG1=L|taC*>FOkY$$CRx5sxeA;r^wAx>P;v^p zYigXflkDlnq)FR~_{ax$!fX@{j)t~gZ+GhL#fG*jhsIKtWEERm;hEa>$QHFaDVt=n zLe5Wp6&2=$e2V{c>#uJy6_%kud!R|*6cL{A+G9>kui&4U|Rx(N*g*1xBgYv5t?hTt?%B4P3@B${Uu zudNsL*7`zt?MS?0qDH2d{k>oov8*a$iS-B=a1d{tq$_mdOapnMuo0goq+ZwqJp69E zlW8b%6aYL^ZC&W7hf7+MGab7E9mPbxwuPsq_jl8UC%%Ok%b2;i5@|lmv3;<=oUVK6 z+qf2u(88lCzJ5)fpmW50#^BQ2>_`7}MY=-7&nX%Faq zOjT%l#=IUB%tZ=c5PFk1Obgn_y<{z(mkL=ksu-OLQ)XGNsBC3gsv_mO)+I#(Ac!F) zl1QY^6y&kJCSc#XDRzn8D9SSE!^sy?j+j?Gabr->I z>xIOw>ROC3W;&9-Qn(!J{wLUc-~}Nv6BtqiD#p1EbybHz=q$vRThC;N5&<-Ib}q4saa|&5;w(p*d*avj_44O&i>!(JlKD}%fCk&{7;nk%?**5`q~93{vFDC z)oit!tyR%_vC&!EXm^A&{Y&g!O+*>0!T(hyt@mc{;6QANSM=qT22!sd_y(WIc@_V9 zrAgHXp7OU>n$~;w^X~phFUm%WUIC>WONkMrIrX_R+Do-T)BLeI0)nP{$~&cu_^)Vl z11+HTQ?AI?s$w(YUNF6suR+E?7d$ge(P);-0AUkgz1{xjUR9J|Z5EWQrs2C5IuEF~ z-=R+nc1UhDHpKrVEIqL0|2F==f7mK$~_&snIk%cVG{vzEu(xT?8Y`ad2m4Pr_YxvlgkbVSW@4bCUgv|2b=2757Yo*{ z*!`ZUhp;n0Ra1mjwGT&>XI&4;_6;)<%~|LV4E%pB|7V(N-aG$)wzf8l|Kq;||8FDz zhpzk|vG&0K|GVa2GK6|C`rGHf-O1;FUh8z%ALRdc+5i0@n&-CL3`VpORGx==^i5aH zzb1ufO<8?t+xJLN$N&fpCH{VIw@=nYWo(DdX=po5t`#VfY6PQdgW8Id%eG&*>@oMy}_0!)vO4jN&>VqZqroYm|4lCX*-E5~+u4Y>7oV zOIZq49%i<3g#kcQret=AQbBfB-1d{Aqd?BB_*^ee!=qr6y=gO@BkXLuEGzEZ@gt z))(X|QUqT^M8R7;5eSez;sBSq8Nev0e39-*amv_=&IVRIl}i&M9fFjq8DU(GI0?2- zvE;s4|h!vK?YNLxoLt2L=0Tb!-9w0#D!ZKcuhzf7m&`i$` zw@T&Ds;&B$616{JFPVNGcn)$Nz}zUnkaASf83yJ11|*KLAZ-`0(57IwqOjbH23~53 z0~%l8=&+r)zfvpX3uwofsHZ!}^wgN((-E+)=*642N4xwEAJc2^(v4pq{dOo{!()0q z^kcAZemRkl@iDx{>4;wUPEYpvH9dyc{#d;`c}p++F+3fAGHpK^z(05QPk0RY7|}&h zOc+O`lBI2xO7X+K?ho++&a*K#0S043j+7rogBGYH$WhWOIVAa=Ix4^WW3J1c7WD!2 z^dj9t;2T)d3_|*2`>Hb<2m8MlSEX{hgvr&e#MvfHtQMuiDYs!>wWYdI6>-;j%1V4! zYcR40A%DeaEZd!0o0}R`F{?tg75Y=_meS*@D8xj$lW%7x5D$SUoRuRYxf_rn0#V2= zN2GK&AVF2cvs8`EC6@D z062h!%bq9&$f+cVRJb4>Ez*{jkjlz!euUS2!J|jaqYO|~T)N%D6PKRER-pKpwo(*JWeGxHAE?1_JSnN9i~wj%%9EiZONK_sS|wwO03II+ zGHcR)bx9XFz;lc60{FTX=emhL4j2ZTuI1RIdNKz=qS%H^|Bqi|te48LNZI_kW7Ri2c{KwZ8v z4W_z7Vy?mK`v=4+ArJtSqBSdX!0o^8Z7nZp%Nl+G9RU8+%b(+yUr-D1;+J1gr|wbk z@(4N!$|9*tnEgp$sU|IJnpaHJjaSA{6OWfQ)cfi}qWLrT=SvdTubQtOzZx#fAOCs` zzX8p%ZI2t*P!U6QcWZe$7WL&vq7GVWOPmRk^h;4GsHwhxDSvJQge7LVlHMeC;zA{a zp~ac`^;}(nYZZeBWXDb$(|rnPa_Xu#a)0X3+3*fuKvQJQyUZsv??*h zQAIM0;5|~h?SRTb<{_UY!sW;#cMINLB$z~D6Ye5dR6d3-p4OmT64FSJ1XvS)Vphy? zBxq3BV$>;BgZjyev017#2P=^Z)%ZHD0w59#aP#Zg%6vd~;48QFXko@u2ndjT2&*i` zNt}ojLCQHvq2Gu}l6J8~b&|@}Qlsw4LbR`q2sT$z(_|+!Qs`RR{n-EcPh&W>g5dA9 z|F_%SXYH*2e{F5O^S?~YlO9vfA>n6SfWCFpYR2ndNhcT5S9sX`~;5{HgR!vH%9RB#KKShlAa z7VZw>jk&ruFuIhK$v!}-m+}JfGNMMY?o`eyOT!@K$py^#B()1jhuCB07^MJ0QS*}1sMBXsfT zVt{!P>0Q7p?;KC4aJDcaR_F&N(A3&DQ?-H)rI62wf3mCzBSxi1=SW@h z25XU(wp4DFQU;dBO0!1h6iPq8Rr;X4<6E}ME%E;77%z!D)3hT>&`j{tw5{Bni7EN; zu{=iqTR_29q>>#?ELk2TgGF&p^-)dK>zD;TeI)BschPz68*0L4EFe-!MAOs|6n7zAPzeVV<-AE!)Q$YPg5MI?{>X(BOH7f*hXNNz7f zr#qs(hSasQ(+7I(|NL(MU{~;+R2aVLb0i1(N+PL;lJkv?VYw*foa>tSn5@3cb=WQ+5ZGk7HZgX?;B(X(6Lqq!T3Obw z!DAx!TCEz-An{Eca;5tD3t%roiMB+Go^FUS#1Q^7p1+VrT>;F?h>=$(4~#-#RlIDP z)2_x$QfxarG#?4l= zxS>=luGd%7*B>BHWS0-pVXcPV$aHbU9KBnim+5yBy;y)qSm{3)EfNJ+4=@|ZRH-Ps zIKBpb4A#t1?}{T#P(aE(1^O(fu8pjMHh`7kNdL=z<$6ZLpN2zt+_224c;4)+HeakZ zs<>P#gaSZNvjGYh?lY;e++0KmIo>{fvsK2=4ONAB5{Wr{Ol#-e;r83T{@d-HH~WWs zTOTVt0`#VLV!$88&5cNxl;<~P{gb_ez3pD2zCWwJDw(d|`=fWd_cpE`WU9yYWyy4P zc_&9)|6*42s-&t<2B#3XjpyUe6_>X?bV;pn(S<@v5U#j$5PYN$=+ZC<8x3a~z#OVI zSt@@{q3Fwodcb{-e@h(14`i=kbxKjSvT<#t6PQ`N|tnv3YYMf8t5x3m_WM!Iz5Zfo7K&A~1%bUR40M#_P{N)zyJ$ zU@~0BA9p)(8Tgqm0$8_KGH~c&R3w;2~Wih=HutTS0VnL7;D|m4b9`t70wj~d<!u`9%dFWccw-v{P=rulLVjxBQ_&kxig@Q#|C(@w@)% zAIE$3x7&yBUT^Q5zB}1FssD5D1KC8_brZrN{??4jVJfZyj%H zYPFL+Ui;jzja#htJZ=h zN{`L@<14&89ZH6G*oSIlhixzf+( zmVTBf&a4v`Y-&Fi$S;!FpDr2^Ke4_=THZ@vM@De9U%3D#FF=dRrYfV05e9oXm-)|&e%Jbw}X2`+Y0C_&F+g<5|Z70*1~-Q!LZn9ou9k$#>swfXJw<^c;9Mw&Y(VOs(}3&twC=lg>}A_Qsq2`n%toZ;y|Y9UM(2db`oCkL(b2Gx$5b z8c!w}2+~%BBfMI{>cAS`?)UP)dvA~XyE}FDn0TB1$+BKuPE0#!bsLuxeQ@5;2aU1q zh{~Ss!xrszLu`MtIKWytw*eY$k`MO}_8JM1`LWVu(-Iq}(qFB42ew;5=XTxyUyZXBKGKkHWF^@MN-*7=c#gF)yKSg-4{h7e*C$3%Be>Z_IdQ+k zTUXSzZD5{B8Q~ebY-?-_mnIMyb$F?hcQW$*!j^!9CPG|?{oWhhH)AKUb)_32I>XRp z#ATxR3Jh`Q=nAM$(i)#Q*V3R))+`Ex@A0TvdJ~Y<#w_f2?*}!E8MXoN1_)OSv^5g- zPak6|K+nPx5-T^oRV<&~IVnTs$IOoPANoXhF}m>p^ouDbE|fbO=`+?dK1@c#$JIu= z(XIdEV7XxQQ`ZY_9eTalFCKR{J?>b-N3d^|DN`5M^lGC+asYs2jmDVl6t8Yhm`!lNXoM)ufG#E|t7-xX+a$;RAhIKX$-j{yHrj)=Ar}3fgxAx&F@68=M z3>}UZpfv65HdYoqjvi(x(vEat`vA#Nw@gvMuBarw^FbmyjvLCVB^nVP)Pc6u537Vn zWpRrirh=Mu<5=d!~D)hk@PPhkc&Q-6lHIUHvlM)z$U#D`#v4 z%f*{tIv{u>T_JU-k8wqsg&mCV=P!x~h|#d5LU_`rJt3$|RX z1iwp?_GmZ-QJ8COZfCveT^=4iB(sC5M;D*-qh_m3%s@QADVTUbUPN2}l0wbdn>S2V zNZT9FhJ(H{VBM~bu-xm|(Zee!r8T4ul&-SE+b2`Zg4kv3 zi%N(q73?sR$F#MnrzMJX#kU6yg$zH2 z)R8mkNg5HYg-X}OMfo{Hw%^?6EZWRUh3V$CPiZy|yY%2w5n*HY`B8VdG66}O=omdG zyYJ!RP;Vih>Y{ej#Jyl`0>wQ2x^SbqRb-m=MyGJzslN>KQc>4_SUkKm)`N=JdB71mqrn3w|Jk?uCe;l?Oav3#zs)1j z=#o;0`j z;^^~t=CwiOXh8`@&Ve(U_ZZZZmke0?1U!XwS6_3T15Oyp;;qp6GM`Og57CP->2r8} zVd(i>)-tyNwW`va1pcZcnP`J>{1#0OvJ7XXfjAX3M~cU=Oxg^~1;lf_+hKkPV!=w9 zliR53WLNyD?=?HS^~+NE$|}{%S=ycOh?T9fRl=(*|D^=Kz%}jktk7!UBdN!co-z3z z3|VY$>7&PPhhGWtjMdnk^N^*w!fn>SA8~JI~g@fp(R7QE%n`uFF6MMDE zHIKWsZ5%{BtaKE;icTmNE|WD1_BZ*Q+)TVmd5aN85n@R}NF`zaMPIq>3p{3tCzVnJ zoJX&~SAspb1wm&6-lBApA*<&%{EN~Uce}*%yHh)pe-55-#WwlQi??HTeNZIY|&O>zv~s;<9}6fkM;b7GO8 z_|)7#>Y^7*^FZ|x8F|nNmT#atv9F$C`L>ey?hht)fl>n~A~&9w7={`B<-7Rl1=2E|7Jp64#kMU5Be?8aX2c zoyXg#zLcklfbcW45%JT&x^NHY0dxFRknw4;Crape;n}I`emm4W-tGCM?Vq$wvvvcU zGYf_`*$`;G?3)~3;M=bLDWUN_j)Z?fP?_$nGe=uU)I}^3GePbJ3ipt+b}~UZJ9eZhb zCE!raXI!Jiy0qomC+DY)!*CH*B{&-1pr{;IV&M*<5DC+v;rOb*@P_>sA?9nqGF^R( znD#n3q2hvo`2miO8!J*RJl#Uu6+;a677K_mqNZ$opk_+7K_LMw1C_(QOod0tS+KtU z>WF&lv5db-vm)Bd5gML<&U5&bzQ()%r~PEVk3UN~IjG z;x4Ho0P@0BmehDMzaZ5$>A-)8n-x@p8zyGOmW_+i*#D)=;>oZm14Xa?TwFsljmAmq zti8h$ucK;I2&vsAmkivZ19!0e@4&Z20TBb>m&aicAY9y?m2*d3{+28dC8fJ5YQ}u| zAS^Ofid)4Tcd8ST(sBz(%EY?RPO*`a+zK@T3TIf#7*e!Q&{2R#296QsV&=VIHx5TZ zrJH6Om~Ho{v0eKYfrGiuWZ{h-rQTKODG56db+0;~u$ZJFp84updon}#Hc?&V{CRY=fQ&Xr7v0x>NS7xPW3Ni~MX)gj_2Ue35Qr^S1xtgKiwg$VarlR`PvhjL;c zOnYl-6``=De~29@ljwg+bruC-F5X87`(#8hX=#lq8CYvpwa2WbJz8c=iRqc~qVh7h z<0zM(+V17cS6Awbh?A@FG9@ajB=w5Ln2NbqySusiQR}cU?8MX>Po3yh`)-N@kiku; zQksgs`_BwLpLl~Pp_)R-(7d4zX-oCMs^9{{Bcj1CpF>q1Tj;mVCtuHKlqU!4bT+5~vUO7oOM^rBN^8dNw;Q~t{NtRGWL!%nFgjB8E=ZqlyIg6(5&A=Q9 zr5+3M(M*N-Sf+w;0B3Ez@AFs1rQKEg`q?6F(er}UDQudlR}OUYJZMO1VEpATH*sia z!uh)OU0Z2il=N1-uchxdPx-P=90`|KSjcZtgQ$mBX(sx&=l_HY$2q#Q_|D+dzZemx zkE}pS!f<;q3p*7ARKBV7|TX&Jvg%<@;DLTo(8;^$W@S&c(?oD1KABL{~r^zRESM(m)+W5;+Z5K;sffPC1{!zc(OF&NG;OvG^n01QQ&%`ubV!m}_5uf!Rj zOy){L5hdXq5D`%mVqFtFr=N6<(m5*GaRi*`^{Bt;1N6gQvJeiTE3ykZ{Vq?Lg4<%} z8hTN9&0sGGxIlvRBKQ{H;}WL5;8$ir<$B?VJ~_3}c~Q7zsVn?12Z#Bs^4!W9D>GO} zN+~*5{okjGEFg?HF(Z)H#~iu>`0-HbSnfQ+uk0t$Df$6bc(l^HB{X2|P!U|Gh&p2+ zwN4Po&1!wXqJ}=u37s?+Z9bL{s8a3{$#tk1DD`IJ z@7gH@Ia-I-WYiz^&Hci!M&)vUaf~SEeb+%wr#9?E`J+!-g$nyHykQsom?OxMd7z}` zI5LW7{=n&x6E5niHET`x-G}CWqub4HI1fPBa*b+ zO}O@(6<=>i-#ToQa-pTxF>7#qtQZ8Cl&?({9%7}>)~i?SC#F_kR$p`q2UsH16vCvU zzn1#$Nw>ntYJ2_-DLxt4#+|N~KibqtqJE zM=1$@l+xjkQVIZ4N`XM)Zk)UkGYnG71ca2*p^#FEU`Qzq4k@()AX3T*iIfU~BBesG zNU10=QpyC4l+wVFQek+cR2U#BX{&gDW~=-kEh!l-N$##x3M5aMrzyy7@MXXD=1v|x zS}; zJL`5glo+fZz36P|Ay{TIAHrl5xSIq*hJ%o;XVzD3hKA3VXhvi#&XAa}D!j_804h+Z z^Y9tDo6@k=W|F8q)V90Z)i6E&G&-5(_ z*R-8Cf3c^F%U^o=->-7@O;$j!>jFF?bCddU{$TcE&hl^}+=MwUUk7g3doKfNSDNA? z!&Cq#T6;CU0-DR0RnSW>Dau_om@=Q-Oxdt}(H9U||!&HJN;ECQJ_sQ{c0APPEv7u#jL5g+PWp~a=Sc|X z-lNB(FrbipX$9sezr}hr9G&Mmzb)V%WsW$e%G?l#u#e@V7Dh9u0mSF-@PQJ_a3I~u zVBp=MT68kNfYGX-o&rI%(PbCId&CeGDgvX*BPcA)pgbddZknyKWm!tmCfu+%pPqQb zIUWzhg}H(ioAh%h-BbQ0j&P6IHiT2(Xg~oQ=6eoC^#ind2tUt z-~c($5IxLsvY1eNZY@z+`xL@qL&k|l>?_4!$l;p_Z!@REVJ)}Jl2P}l^_=VbWz^sC zkZAzK9q3*WjS2PA7LS`8ba^a+e#I>8ew zIwxwFpJ`qyR#`*i&Wm72kt?@g-&j03d>D;;=Q;pmuyR8C$O?t&CVOL|aJ}q9f@~aE z+l4f(;sA6s&aM1t>Q_dq`G-Sm_LOS|6+@Pl+rc1*EOyLTWmqd#Yuid|*#OqfUk^|s zuKwmPM;wjJ%8BK*sS%^Qd6eST$`sjdv$+zR-RO1(-J<-2u@?Nf#<5%iI zvQxv@>rcG?ueSl%sc#6i>j8S{2WJ3W8`GEY3}i|ckGjGk{E&B%6%Y#_{PSI_#d@Rr z-lNAhr}n0QD2YOFnh=;=?*=3ng_wY>LcI_h!YOKaRnVw0jZRE&+y zK;ra+A4H^Sjxf0^AbI{FpY53*zQ}1$tF^6S@Bn&q(k5=axv6vvu{N!lgL&P6r$84( zAxk++E`MQHImZ7MAV2h10QAG&sFZ+xYltx+)dwv}jf?v*LHrW~1JAqmOvqQ2=ihjr zo>ZB9Spz&M6I&7NGq$Cz#Fot8B4?O%MV486^g$?(c@m=i8RK&M@aUp*ZZrhh*Xlrl zWJlSt4J*7-jNrhVffeJg5^8s(m@A%D5MKK#%m&x%=2;uxH;tp#{ohuj$Aiwpy%sRPH|FbL)pm2uO5rL) z>24KT(($5SB%jiLs;x6%Xn8!qbt!c3Hmv>o^n)B1*@5=E6fuWZu6}&@v7HaF z%$0>daUb(oX5wu}HVpE1WDYs`9V7t%DJ~fCi9Ye&j8AjH(+e%;r_W_B*RlOj@01Q~ zihY6CaXi4kUg|ZLi9kyNQ}&(x$wPhL39!ZRXCFBWu8X*;N#!%{^+^iecV4hos{!vu zk5&jn@5X`uM>B8iJ0SKhZ3W)r#UB5$M-z8R6Z~_VTLCt`tPzsH8PE+7k^L38#iei) z-F7Emt+&rxho^ac`FRgj{-qXEXO_JFfX-G7ovn4~(1`@R|E@RnCjG~FB-WWIk?g5$ zq7~u7>k>Wa&F+U9P^=%)a4m@SsYo&@yqCH2NzV7D|MzjHjtM#{RS>RgudeibWwEBi zshy5FlO&!~xSx?(fNtb}a}A!U*d>H{3}5UFg^$~(`OANOys96c9JkL-S|Zw9ohsLx z<>x)O?~L=V_a%9Tjwddrfex)KVhyy~f6KcQ*Mky^NN@Jrm@&Lge%qQnaO2^Nyf<{l zaEcjkIS1`R&J?>5vxGvLxP0=sTBDx(%GV2|<&8frP~eqpo^)l$80_cvbV0@;;RkN9 z3aUY#VHJL9oAb=0_=SXmK@hPYRR`V&UTxxMkQBORH8qNCj8+)XORG#hq>Z6&1Pnan zNa9n{5Wix)G^RK$F;S+4vOizV0V*->DG#i`f2WMZe1UI@RQHER9n$RUiWV_r=-CW) zA89tpb9tExeBzb!&RAPwA~`a@=Vp#4LTZ%h+WoY8!iyh2>ddhxx9;$FXe+zPN|@UF znb~CeXR_%My^UqgDec35pM&H`mOd3t5I+yMTk6jjbF# zxW;7VMB_O(a;I;+ep-!WNORF7ZNUNH5EG`-BE7+l%stkB!B6@o>ytqQmy3lK4GvkjciG^R%8)0aS zP$z^LlK#;rt=sL*#yUPUJi_Em;fE;qXVpH3(>SF~jq0sYz!(w!L3y^&=_*iP(djf0 zJ$5>0d@1~(bQf_jnrDZU+!GyZefXZx8%FIZGl({9VQE8V;GyAZXn)O>5l0!TM8J_-zRkINbHRh$IzhJ#if9wkfV7<>TWUmOX#AxUyGI)7eoy_uC zK05z!);!wlsNmWxRIsOq(xG zxJ@qXITM^2ju?UJL}yLr9}8E)JmJ!Y!md4@W)`mHyQ`-!%CPv#S+=vois(X;GLLyW ze<+9h$-zXHQ!i=Mk@!~3uGdp<^?BlR#jGJjfbIP3+JQ1fIM961Rcrx-9$ zg@Wg;ggrehIes(V7mUX`(S7uMYM?7a?AizI&#&8>;m;$*&UTmoBp)5=dRA6vx!uU* zd^pRKMmp!}4DT4Je8e0>lb9X-VObc_#pVW1iLmS(8PCCzLILd_7xj*;e<^@0Ms@0r zqtOIs(_^O9bvzxrU>b$jbmLB;qWUrLnTUD=U>HyX3DqnSH9Y8{MEjFEk_{%Jr<2jf z(h~e_oDHXqczm`rnw~7d^AcxYDin6PxP}I8LD7sVF9P{PZKD1d7~N~9;+h(9eD(yb z8nEmsBKRd9#L(b`w4Z|EwHrE}z~c4pM>zVPolk%-F2Lyx7$Cfc1i+8EJ@pYQ^!y~v zeS+(bU3!sSC+mcg?o}A}!d}6x0~Lv&?!Gsmuu3HkBF~oY=a!kKLcv^DZz&@JA5{GN zpijzm%=AH*8M|f1w=0vlWs=*Kxp2!|+)$>Fi3LHWGpQ*lzppid|EQFknkrE+OsxM8 z%jr+~m2kjPzr>tariFCmMz>h%Q(lGiDbqyrX;x+0XLwF!@+q%mmJ*winNR5f^{wf* zGH3aM?^t6iqkUFzkKM}2AP4b+cj|V&8%-(Ne2E&iaC_Q|fv&5IU>qUY1Hy7og%?48 z12}+QuYQiI_NB{lGzsfy#!U%{Dovt6hdeJ!fk3aYi zSn1}2wKe>0tv*=B-!=FjrDNL4a_c`@t+f^SxDGk~quE+-t}OqDYW~Mx@NbG!q11nL zlkVJnL)fJLu z=i?~s4S+v;d@4^rq3ei75H$wTq!IR}D3#iQO>`0h%C;UoTB$eJ>aBH1eLX$tM_t(E z$utlW7Iz_w*OuCa!dN44C|g@xtss8kzs(m$5i?CY9V<<71CR@!y z0R^YH6brq$KrV_W>U0Qus16Rbv4~%bu7iSP>2DkFmX_`YyS_`E4T z1(NgVbV9rZx<){`vX;r7xm*}PaF-2v4l={{YlrWs$$CmN3Wla>t>c( zY8_Hyz`sKl+<}+!)Xcpee1zdtHk0)w%wOF0z=qlnfO!~?w-$daxH_xz>qFfqGZTvf zqG0_`7xeGUFoFZ<$~zS# z>dQ4E?euq*{;tvAb^7~&{ywC?k7`KGn*;_OajB#DbV3*T&*SNktF5WsVHf2KmPw); zzt(cSwN^qRaE#|k@|y#{WjG|E#HAa-$*e**ID8!1-rG|z_TQ*Ps%RA0GY{-gaCqy6 zcy#Ayu}uHq703pW~?0_8tz|b8iIwPG3kz= zvoVurlMano%Q!^4!f|vmg<~(!L#T8KHk?7+i%xMvh9np{F@!_oxI`a{vCbFh{|Z=G z*=_ftZa9PuC_p(6q$KCC3!WetEHG9=|+zbF8-ae^b9~A0BS+ zAOE&VH>IdfgieqM63zkeCJOpA4u+F!XgUCR)jr&L2_?3l?(Xd#|ArTS&v%da+eb(0 z`N5&uR}?;a*KZDA9~`w|ZjVAbe?$2>V|z-ogPOtNB#8P6_xU%NPB-c| z@Kzxl_IiMVU06>y&lwtHk*f!~3!XSbxQUxHpj%DRQAE3j@@5lCr&m}_0Uvc7!tjLZ zbw7XwQCCM(1hBHw#6f-vhgi(~YFjmzTdh{TwbF#e{N`x8K>|aH0zL}65wtbD>V_jN zh?w7z8a5Zu1VA{LZ5JQnCLEJ^d1@>nRDkUXMsx`E;tKSrmPnV#-5WBSs1pRNYK*yR zw3Y_JwYeYFYew)s!SlUo3w46l5mkz1r!uYNaSOR1nk|x4QuAm$L~KQZA(7hs2!9V5^A- zxc71I`Y^BQ1tr5Ds)olU;5E zAVrK6gj$gKCbHG>V54wv0lnVi?LnP_pl#Eg>tX%ib^CDpcz6GWh<6HPzz;=}n63>H zoMjf5Uc&gD!p>AD$}%4;t3BmG-=!6DIYufBZD&8hu*I=r4&(Bv-xC3sYQITg7*UH~6rj7Mtqr!RzDQgZ=l2vGrHavA56;eV%eNZ13%E9~BBa z^9Tgn;ua2AX$TU4eL!&*96HZy+JB$^r`KzQXRH25^l`|Y59FUP^sWSQy9R&$;GQd}yoijsD zGHp$hS$oW@eX-@cs5Uj&RyxfmnH0-wc;@fX%r`4;R|XLcnPEA&CwRA5uw6lLtqMV{ zdZi~Z?l;40Q#_efUex-4QAf?NNoc*U(iVD#oHy+|NL64W?<)0o z<+p#UzpvKm@4L$4(z|6eo9EHg<#{=Yo-ZP@@pXYOz^IQ0_3n8PCxQV`W8D;{l#?Kd zx*eJKJ2j`Jy_VC2O9eN9d!^8|1r&K-&~eXI?l?87^`*K7Ls#gKZBvUB z?X2HJ6J2x$ZRbd&0a9Or>kw(^Nl41~X%$-Zy^ByLj5P2ifnoj_x?4vt?4mRhCbzzV zQRFY<@kgN7zl7vVnu^=%i4g(Jot_3{w=%w|1!Cb#VDRv-FMW;A;7pUrAhjXL!f3Kk zPo~2vVFJ4Qe9aDlor~&jpTa^B7f3=3Or-r@lN=#d>}3gcWQcU4dL})H?hZY(S{OZ! zx@#-ToZ&3u-x&F2awk_0CS2gbO0!81EBc{_@!q)xF*fDG)8X6YmDTqe00l7^(5L8x ze^E7$h&oaDDB)T~83mvElQ_}kt!*rq?T!V;WkSv2rmw8)=C$NO;t;_zL3!I+UZFOL z28C`brHp$7D;@xo$bCD*zo=mp(4IGmbaT#OTaPGrFYb>3+qkZ?bG~+kmosAc5$wr; zT1vSGK+x${K!z1<7O1aRQGzoLiv#}p%ahzd(p)AHf$E~wGPU$$gg=*Imwuw*39uoz z0Mmu@T1CHIj&;rTiz{3a$(*7X&Z(-io7heU?3(@r&nu1Pi?s}>6op`~3=h}qz)q7k zA^99J@K#gsR{tP8j5+>x6?IbuuoRCIue{`x-wTHE2kX7C_1;s@NRt{kwX@JN&yhaH zQ%`YAqq9%r57u2xjp6bifj8}aBzRv808m%A2OgIjf2cLxesq=797rAkt!20TXX9XW z?$rLrnvVv#Wz5Xt7hlB}YsEGB+1PO*VY;0E`mZJg|lMqCX7qphg?P zaKif8+16SkYymK!z=jJBclInKQIW`7_z)D1QMBjrWj-UtJDkry;AVGE9h&_X*)hst z)5KT~INJlOmGm-o|kfc_NI7M1ww%mnDa2_M&MKw?S z3D#HPXRxw7#vhDAO+Og98Xg|fJLwa{Z!qrKXiSO{2K+aC+dp~Fk8e-K-0Pz^C8zbl^<9BP9>g!{)}*lI3wE8uB`p0E@`TYmIW@~=IlUOb}C zoIk{D{Nd{1I;4z7-4kpKG6Cj+cAn(?gnvxcXpyTv>F{&rsU=U#CJjTd+Q*?&9LADg z$d#@7qysVm34Hk8zOJq7XY{4}cKyM7w^(?w{`SE`opc%U*bkG|I{wNU$4;+2Xi^X8 z51Q5LF=W$4^~pxQkT0zVYfWrcFB!GgudXmhZ`5kZxU|;gfl&e;Xh-LiurDz9H6HV+ z)_F6TCs!+voX1qji}5N?ru*tt1PLwwdyBsNFxHwn&)B>(5M=BmGr2BM^4kw5<`M4; zvdsJBD`6?s`ootyt=3X&xpDh?kbVvEY%5hhgese|tdS2~U4JjHD?duj zE3|$FYrNq8Nvrt^jW6%Tc8T^2oXVvT*@Mty(-a_aj`w^+??S!6AuO2c` z{Yjrw8~|u#R+Wd7P;w9Y=INr!;Ps9|Z@j0ZT7q_Z_)+#4?l6>MNU*2S1Dr2M{J<_r zJQze!xf6g8^spvf;J|fNy$#9JnmpkS<%7DCYOd+m{U9Swdl!!@?Ox_l`i?u8Jfyoy z{)ek}GjpC>=6Tsk$1N=j0(Uo)g=XEI7Yb)sO>J^+!rHoh(;Hn54B7AeFSPCPxL)_h zf#3~nfjl(atl@}za|L@>dZsiljNfT{@;{q>fZ^dTC}YV9V*OurH_;pjvJ_ndisVTF#BJMTHwmyGnMWZv{}l3p`>zj+c4qp9n>J@! zp-k{C>aNJLlwaJj{qkayFWJ{tdB)6xI6|*hW{_Wff2fH%Qe5v!R_;xciR@@}C5C(#!H0uAe8_^~o%TTDx+Byu}0NwD1QdS-9dR zle(miy7G_&r_dL8KnvedH}`bZWC#X&&KZiAtj&ZJ^*lPwW+YM@40_V&X)n?xdhtmJ zn@N5P0Bknrg3h}!xGk})Q=#Ma5{wzQz zgY$m21nwF9O?QSILP(kDjE)ZYTc34S^|?yQ%iY1JUYy)m3~QBQE)YZk26J^Q5aMEp z0gwc9_DIs_oDNH|TqMtybVhf2HM78|uV*7bHyxD!B~XvYM5GVszGR z<%nFg*l$jxw+VCUa{31i#^OM_Hbq~;B=UA$rjUrr1je75Wcot zUcXGl-@HO^yOY1am%z+9W#vnLbtKlF4ri_g%waNQqnmB+Tfc{_Ix%FpmyA^fPNpu%Zi&u9m5r_?tJL!jqqHG#^6CIJt64 zSEY27^2}(iQ{1gRJQ>8p*%aRHSd>v0>R%;Mwge^D>2GHJ@Z}StCQtWZ5M0e7N}Sh3 z8f!hI={q=Tv!pIgLi51sGrElNWRoP;WIIkY%+ssohs~TV(=`K^tY_gcn%U5yUJ+-5 zs5_3c+32LjAG3SF`AT!GNjF>OqQx(*4=-}9m3t9G=dSZX&T8iqS*q+Ham!uh(wDq~ zS4?lX5o=8 z@zKiHX%>xfYi0d`^w~?P+zE;qw}*F}xlus3?)rL2yVqH9GQ`R04UJ*Kd1}k#k-1C> z$VI_?s1VBRwH^Tef;%fBR>MkfyQ@(ADZ61iG4q`3E6p048z&4|QE4g`4?%xQ;MpoW}7* zUm)_ME>yorh#$kBTOH*wqg(zgUO`zs{@kiOW^~J=xBW{3Ay2o0B6%~TS|2g2Q9hux z44{z%g;{O zR%um-q)0V;6^<@IUq$=J`u7Vi$QM|gS*_cM(%FvN_>5YIAQcsl)U@V;xCMZfYJE0I z@^9hYg-=D7SSV^W3K-xY2baD99OUY5U~>KAa5^yrWWWKUbg_6C!MSP1%#36Fk&+lD zU6)F7WkGo>9dqhZ7s=d>iSl3Q+{5m8rI~w#5J&qt1b-M#fc;$IxbZi(jdRt@i8V@FeWJSYk?&&K&+cpkow1Jv2{`^7>%>GMc7bTGbMKX*FjQYpyis79^cL zyk?4$E`6Ov3TMLTUOdRD8WPb3a+Y9-+Toze3WziMI^^)tIiy!JO;zR7UpV@adnpki zxct>}mQZIit>jVc;rU8)=6rZ3r0$iS;PbbuYwz>RJ)Bn#@ag)|dL9Zt(g9-h6kt}n zByU%UGwRB;^WYit%|3?hHNN&V%!NleGDy4zBdtrF$v8aD+fnp4$sCW?% zIcM+qW0c3!k}!hRF-ROSb3wqCG*b)_C$r@Ko@kx2NfF@b<$V2R;sS{XG(+^^&Yxxa zM<+QP3*T%{CXvZ>GNUIZkFi=pwf#1BbXAXcqYv>Yr1qz`?#z*?IPBiQa_WBvz z*r@9lhZ#f&SZu)9z8?6TDH#pD^-dSmm2@7`R4@n0h0&;+ zn`P9so2|x5$q#*)QR2>>ARRP&l^#td{ElIIoey>XlG9^z2S2N^q7>oPkT(ey(w#ez z%sMmKQD#2uj!fEk@D^3FW*r&CX}r!nANT@&J(KIfAe@Y^Z(P9XOYX@^4&6lso>?`q(u}CgEZ< z4_kcL?BY|-(G60avzw#Cdl6jaNJhmKboQusk#{BK=e{sx`C>Gxe!94V|JR*Bd)j8! z*P~f!w(6(Tzekf~n$Ag}m|V|370sgT@-|a<O<50>Pe7eS?=v~3FlM&NxC2lDq^t53;Ul0@wRpo)GkxOCJ zEKh1;DQ3JYkKk|&B)q{>bejn>hu)hGx||Wt#J9M6gcqeut1{*8#*peRWoIA$ORN{P6`iIUo@XdcA6(ly&j5Y4 zAziiJi_YM@(Z8FZ9u9a?u2EeA)U~HPq@II8+(Yy5yMi<&0ciJR-~g@U+7h~btZNTE zxfX^wfwMT4z*P}wO%Z((TosEtet;{yRVmLJ1N1q=B-ag=pxsEhLA=pJAbFTUV_mVg z>9Ls!_-6wxb)kf z4g+y;AXyB;;`8;uZ;|LnSIu)zUg)yS_+gMoX5u(=e42uUAKV1GN1(hHSHOnJ6LF~A zcT_QCM-DP7gNqahG6Kg3yg{;U81<)#9$|hMPk4&1cpki=iewzv$UwR@(T^BENY{y-fGZqYQ=neO%3rGOrZn-D$Cz;^NjbNMpD z;UG0TqB$W|J6><<)2q=14^yZ?jzYaadLMl-WXi8U>L%&Hp*#u{_|r^R*z*DC5MZ(n zK1LJm1w^2ZbSuqW6E6nOIS*OC3_^Bt7S5wKH_#d;q5lwP0<(5?YQC1&J6b0*H9v-v zc##fJnTtgHWN5jGIO@3-VYOOsv0br>JKs0y(P2cmc=&Ma53%?pkP*HjggTj?$y%b# zgg-rUrrpDppldMUQmE)zB<^cO4M1=YFA^E2CBvlDF8!X6|52 zd)IE*pDB;trkB&D*KbjJU6)>QN(-XvY2{aPL+7}Y=-NG;-b~@-bQ~x4qr5wx-A{%u zn1mlqy46Nt5nA4dpc`3#6xPb7Zq2z;1-cWx&L@e-eHctmmQ}@Ge55bhC68?-JR5f7 zHTsVpUxZ%dAYPT^{t-9pHR8hf>4urXOrNlA?vzIENO(*Y?D`W?qDm_@*O8p&en1W* z7aDw6$uDs|tBiPMC1+?|a-l(NOx^M^!~s=oqg?zjxFM7x=gXDWjVBH9(1=x)36r38 zuSm@*HI0rkRb7i>%(>y7dI9|RIO=J4%OC0`B@W`O^*elnS!(3Z8k|kM>#SRx_Jk3I z*EqTT36I1V^MylMZ(!mk8ExwMY~dMJCfWr$w00Ug4rPs(yo(U%FPxR8<8e5g^smvm z;V8iDbr(c%r?2lZ)um z7#+|?>~3{3zP9^e(ev3_WJbH3K(zp-h%~WS5g(%Hz?mGmAdFC)_R)5U_CI(bD3Qfr zZ|Jc+4EApA1=y_yxO()t6l4#P4dwbgX74s9@ddiwCgCiiQ69&{HJ(^%wubdcB6)k#~(e%U_CRYs$|V$s;+L5);-c_ zp@V@1h497^5*abRrIu1$u;Q(EIu=sdFC`uocHDJqHG!2<$H5l zb(3knJ~S;jI8hs@Mz7FiP0UwEvw%i%Vw;18m}Zd;o#qcs@|oRJ*^0t6!D^yb=NWnE zHD6`jne0H?3`TgH<mODAV$(ox8f`ONAZd0a}>xJk^8z4o&pw{K>&;4o=Q zTkVsyh__ya14-@&k{nm8(SkGhr0#8p+43kk1k*&{%-#EmzF(fp2bApdO;5txgX`m- ziJ2y3_dFRXyDS|=-H%kHAD>0+71+sAU~XVbUm(ohS|mp$qwTt&-4MHI zlY^vXUXI?G`<=vU-gj*mVY09c(91LQ>LBr!m0`>qHtlfG4!comFnO|4HLnC;3)_iG z_fOxa*pVD0Hx8sdym!+hnt_)&4mf$m%EFgr-1;7(m@ElqFD){}rQ!$o`XQ$%%1$KI z^8e!ak>CFP?~4D{i@Qr-yN(;;f8swU{#)xmnyuxv<<gtU7UxnFTNyYzLU2Uy@i~sjm{CoT(%(F59Qd*5>Q6V?pi-u=g#W%;#>ko@R zJ}Er@?%BZ(M#xdH??kA0{`$?+z1DcY#;3&EiFAeex{zq-KV&h{rYN8{k+;( zU0Q1I7YoJn2}NMPyu570utz4ukx(FZz_$}9umr7G!u;}n)#y!nMW|P*djib9e#WRI zPl)+{Jc%ao4RCn(_4D0d)ysoljt?F$aVm$ZcpOle+9z^Ycue=Z=vM5>-gNTM$4mBI z=SZewdVdv+KR#a4Z~AL+3i~t1HhNN6cnq8OI82f!&&R=ZcpjgIWA*&tKi?eH)Z=gv zMExfNfb!F6{BfEzPEDRhFMPbj-ybh&5W0pXuL?<$PVnn!dV(=_o-D(%sy83io9mC4 zbQ-j29A2D9c-3?b1?V+O3@oVx5?N6Fq}f=0ykuY9Oqoi!1}6u%D;h?VDCj3o`ZT1e z#8kE85QpSR5@M7a)f)$=lbY(CD7uVKR1Bzi5rvo3CdunUShC%@P2XC#=v%AaT>Gkh zBb?%{<#xmEgqP+{TX2GE@7)Q`C|Xt7tR%xCR9AhHVUglVcokp(zeJtmK`>V0x>{)h zj}PNueBE%W^x;D9Or7-RF1NyCn6XJqMZK*eaM|M+7bh>YU3~3LyNIx6@kyIe#>{JT zG>$O{UmuRJ=usgYsvb%MfDrUdM7_~;jDg)y?jBz0NNKyTDWV$2Z|+0aoR~x$w*tNc zq^KKWU^u)WO%#UC!w?%3sxCk;4Rtf!2&Eo+GtxLIa?Ca2^Idiv0oAlux`;bh=Lgysuk48iz2`m4?b0_8xp1iZ&?VI>tL4jkwP!q^D4E zq%8%H7z#3&h`JPI#%qdkkAcvgptxEDbQvZz8Ul{Oq4D@+ri+0<2fE`pNhBZ}x18h9 z4W-eh=NK1GCqgIs6o$NE^jy(#aTa|j=G-pc@elEiCrm;NSzdEdp@t(5Q$oE!be_`P zT`!!3-F&1tiTW5ErBTqUh8M&#Er_m;8)g@U4JC%9CE%r59lYM02b;&} z95>3$-ex}3B>H!vOzkifq~$Noz>>?bqR$VlrXOh(w)Xd@+u! zh+u1OU`{XIEZsFQ1l{a;(Pt@0+B3;W*uZ5?B+#Gb`V@V`qfgItyjUBhmJ6O--w>#l zu9b#-BR3{TmPb6diHw}i@O&H(C-oiNc+@e9H|2UoK0gICalZ=v-1dUC_9fygUM^g~ zwoZy=!9?bH3YhazO~?H$ml2WxbxR1RAD&K@PJ8{v`DD;93QpW6@8cx`{zO`3NIEbs zh@FV0-_`4|g*eEHafBy{gQ}dMmM{h>Pj);`EE}cwAFg6o!XsN`-IYrL?0&a9>_rz*ZyNMf3yLzognL~)3|kmt zxI#N0i9m65G)rY_dA#HTom;_jx`O4qR`7Vq?~$2-dfg`$r(xJTfx)3^mMM5HX%2xf z)Ioovh?8NT?sS>rIkV7kgU&)B3cd`SC5I8LQTQtim&Orf$B^8Ok^u)!yd9(3C|LAz zu#28rK7SybhTB1=Ve-M{(4B#ahOj~R`?P+&vQD};Kzviz=h&xD3b6Z)!+%VHv6`TO zt&Y_Vu9JWCyZs2sQ<*l`Aq=O4j-5t*b{8xgi#Qif8{uGNKlmC_IM-<(29dTziCRiE zP|696e}$_}x|5MAOI5MNAw4)kasAK@%6hbO{JK&o9P7qtX04{i)1fLhmdw3m5%5s~ z`NJz@if}Buyvb0Iz{hmUj2jt{^GPh8sP(W^G!x?0!m#SV5 zhe$l@(dc3w-k77=TAC)~B??#QltaL&S6vScDc<=+a#9ZCue2Zh8NpysW64*ZGR8n8&RbRsnKF&w=_!KQGEFzUR<#$lhr zUY|~fUF;9nasqpNS9C5&SpgC9OrmmAR-!5W`0R|pVQkfyIUZaOzd4!{w3(g6usfPI zVKUCSj?qnMKBYL1+)}JTqW8Gxj>p-tb&vzU4n~tF_jnTU@vPfbbzt7Fv7r1kx~L3F z)ztgg%~`XSKS|tWcaHXW5a!Q`js;|TMvU)}H~wMIQ7Dixy|L$(UE{FU7)i6?Fl;w< zE0+{&PTK8X+c{bx#vtv=boQ7+TIe`|=5UD-l6XOp_KJ=f2*se$AH#5jy6s~)<={ZL zU3PasXjDfawr*;ei$)#pO}TPIYf0+{HnB54yTO52jN1aT-8hMR#JFXS8|f+18!#Q` z(X;}OuFy|ZwSdBmb8;hl5d~OAqr($!Fp9abxh5H_*hU&YJ&_AGAe8-n!epCuI565W z1I6g<3Y#$qrFlTsk`Q+*(jek<792q*5*;hk0AK++W`FZqQlPT~TAxsx%%M+r5_L^z zPZEt2b8eJck-qaS)J=$ePY%lJhyG-fn$ zIW@iB-uch=@w4{c@%GNaoBd;{h-X63m^MNjW-|#C(7LP|jfSeI-=!+AX+nmw?c!mN zMkvyi7m^~t*|D-Y8&c=AKTXaxJkI)AnyF(9ndWi99?a1s%%X-xErPzB?Gi{5pq-Zx1~K2%vfAanF$_G1tw3s*uOalG}6z<}>ky zuqy#}&n%Xq)3=8XbUPs~jlLyD|E3=f&nD*pO2h>Eb7F~lqRO^yXxt$h0*)TJiFI9R zFbl#)Y79*?fui?`07ZPL89^F0-69sdBU|VfW*x{e9B>c}v54GwBgH{5Gd9TE50u?o z$m}t~*&s1swzIT5vCf6+O~<^i3qv0b!W-BrT(`K;L_rK2|91I3V*V6HskPpjDC{7m zK_Y!`zE@lB3dY=+2h!og>ZZ=uGWle2OTL!Q2k$^V{!BWvTq9UDtoO@E3pVg`VcwF@ z#`nhQ_x^ecycJQ6$CC$1dmRzL;J49Osg6dHi-#V7Qr zg?vWJFsJIJR1bHDMhwK^_9&J()-Rg;;}F;)ysj9)oCRkXC<%^WEcp*lrkS%#`iP4| ze407s(!jg>0L5aW0ieE(bpL_mi%Zqy!#+s83kxbfr!Dp14v@#6#rx-_<8Xc9xj>I2jgAo9 z{Bn6yqKZp6a7&YTX>g6#zyWl;$fPn$A7{}ok?19MO^qgW4`r7C91#^925Rcfv)3Y+ zLHVC^ho&#<8lJ#q2D5{G!DgjSn6z@qn$%qVp$rfJ*yD}Z`*e|bp2p+GjnnHNzAPXb zz@##Ju%&^#T@I7D`!Ny5Se{cSrMX8HK3i=+@9gfkfthbLiJQN1nvU?4%9P*&DM>$$ zM-7ac9^R_swotm8gy$XnQdaerJzC7**>OB>;<#susSsiLCN(QoC+s5J=Nx%^?d_yX zMy@$So{96`JGmRF_XXs+G@mFvlA&l2p?R3O0B4~s8BjIU|3wp+aR|F{Hx!CV#24={ z?n-)*&dnp))abl(fw~RK7=omGeLJG$R;qd@EKum3U<_XT9bMvIijzBsIOR`W@1!39 z8JK}Q)I`p3gCv?Z=;>Irbv(Rs+0GE}5A9WTCYREY(^2m$w%mwfyc@RK0c$< z2I6_x&xfIlz3B8b9FyqHY=pX|JWgjtMo`4%*&)<&bRHD%cFPPQHQ_dcrOxAiFY)vy z0RM$q^W~K|{-knFL1f4fQ{-Hzaw2+V$S#m86WDR%fn~~N3d}7K0web^WK)JbKyH(B zW=_}!JeG|}t(>MPh65d1M{^h0gfFYSV>_kW!zwa356`m`W~3X2YZY@F1a zCgfte$Yt!=eXf@DVTVD$!||~LCwTVG8x8}7_A|s6x0e) z(y(m^xe+vW-n8Ge6BB8Cf}-y3ID!F9t)I=p{d&&7`!kd7r@m)$-YpPd<4t4U}EY43j(MD5p|{~Gkn zBFY~iVfViV)w1(@Cmhiu)Zx9>F8@2s?I+$kJG6EBMC6aqj{AQBg2*0y$&bWFihsbH2T6z->7r#6x`#1?ST~Nl&3XG0ZsG$RC=kX=Lkw^+PWtq^=Lx z76M$Y5TNg(nDfMo9TG3c{pnz6&sr|Kh}X)(bMxsv!&+3h1@$iiFu!Et<%desVRLmE8s45m;iq?EUjJs_N zSsJMIRp8uV32DDMBn=k$aG*gy0w>sqkKvHyAvkMPJlz3OU%*}rr-M|}&EZCFKSdxq zxzp*$=yF17?f=9emFd;2TT4eG){8f=A>nvpgieCjsQNo!Ot#|7U2?C@CgXUD3-dgV zkpx)X>+NB3DR;Kd$9xKfWxAbwgdY6Y6cu~oVeXpOHUqFC1AC2YaLljI#YSy6aEc4M z4|D-4-H|d$HQ3*~NiDEmE!X_@g`eF2Kj!Xh*IH-&px}5B(RZ^0V+H z3Wh6<7N9kn4Lm)1R$gtinl-iFXhPZ%yTp6s*5CkLa(i>j-aU)O;3joT0JP#_{q|kC zM#TSWje5!UVWO)@HxSaSI}9$#kO_d*&tSDj76+RP52lK&1%h?qI!|)0JV<|(^%`j2 z-FC64h%}kS85Wt3Xop*`g6k7fbT$|xTEKv#T20fxX4Z{S&L(74RMo*yF|zPgC>b^c z-H%AtMYp@&3olT@s4uOFLc+H^Qp5WXZ9lF9G9x4QdTQ)R7~N4{frifLMU!T^(H^l^ zg<9K`550OX>S5z0kPZ$(X99!OIi=Bfi;6C+new}O^;>)Y zpr%?iwW@FJb`GBH?!V}~*+td5;sDi&NFSzEgjZI0u|k@n`dm{!tmRw4TD}Pu&~NyE zy+uEGM$>;kqpFKh#>vqxoHu%Q5N6%Ad**@6ErG_)#;umAyb?b!!%}GY z(Xm8(J{^9loYP~NGi)}x1y zYLA+=N3GhU<=Uf_+N0IlqxIUO2en5JXPV*zhsS)V+CMmMZ?KF{M=H|#3UrQ%5@C)L z((y!*hU*_1{Rr#;H(=eEJe{5;`igxV(ruAg_MX+x0F%2viQzouCV7cAQN+5i!HG0@ z(;BUYj?aT=l5%?xkrK}wPX{kV1oImG6?C*jHEYDGSM9@{mr!K;>F(a{@o(6L z=ex)I?V}@LgAUcUdcA#kyu0&eZ~IWaeslQx;HceD>L}FuUGqki0$P!ZLkO7CPq^F2 z>WX?Joy@GFi080jHe3V}pa|6ot0cp?iBhv+JgF)2)Tjl(-W<}Trf|Qe)*h+jki?3w zNqeoXj;07gU!eSGlx zxbxCU>Y&)8!;7|XPai~0PSq;hgOg5lN=4x7LZ{P3-6;I85MH6hjVkUG;iRYY0Z~8| z7jznc0eBpJoex}1N%tME69P96oCw5>UE*03uVD`nL~X z{9M;J5E<}1$TAk)bJ!57P!1ZkNrSNq1AT?72BByaBFD@cA}duUC>>`tA6|c2$bFg_ zP4aBx_z2>GB;*_BW zxdUN|8$#MNYVQ9G8IV7rJYWf(v|R`hjg5>6gEJRA?gSWl%S4A5;4bUc8cmY0e@a6r z{jhHIKOl@@ujGu0c2K}J4Xg#KX9Y{67pwuggM!A;tQogcGD$%B)oC#Hryl*sa$P*} zJJdwckLNL@8zho3o&)RT8bj-=A2Vchj3%D~IG@v@6YGHoCCRNFpmFU-?A6~cBE-y~ zi=>`CRiJx%7i=y#`2XfCYC*fdTq?8o=iyl$?@UY!72QgZC|$I<rY|(zccd-AW z1Jq{sVE@RjWj2)tKpmo|hO?m84te9CkaicOxreY|vOci1OzJNwc4QGq0|I-E=z2ep zt27!Ec1whFr8h#vOBC^a037H*>yT({FnV@$V;2_6(7t8`Nj$mH9*N#!C=mcqa+#)F zdeD*~{b24Lu>E?^BhsEfOL^-(WR`vKEMY&Xloq6wP^ zCTt#Jj0}16Pw>{7C^4@grom?sZtlV=2x$0H5+^3Mb;wHLjz?a`i5m$|(HRtA>+p=M z{8G8GT~tCQDCVs?$f6%gtWfwz4n{a!E#GSI%RLV2hZQ=mF68KxmFwbOAGQ`b;wo9C~O>}DACl)G|NNfeE#>)~! zPMZ`9XhjdF0}~sO0~hm5jwvc5o8OVLDGQQFR{>6`6aXe9wTnPUb3sc28l)gerWj(8 zV;cuV4jbAYV>rF48#$hSsHd24MAa4$dWJ3zG<$^qc}~Q zo~0x$`!Pc%7M6uoTR@|Iy!7IEr@FAw7~IJE>Pxg)<|Jm3HulD|v(y4+Sp<#|uJAl% z_`4(B9@Jp)hf~HZeZs)0t{`B$h!RUeU~4$y#ePUw=@JCHsnM#$tm^M<>JcDzN{M=l z2#+v~VvjJ4`3PXQ)8{jGS~@<-Gr}OBcer)vt}>TF`!*9qO%0`)ymHw$TtW(WK z+O3A#ZWAVzk z;t|Z}T#wy@z=wJr_&p>Ec>W4ut>e9<<_5@|)mn>VY2xe1Ut@TM97=?m6d2|S$H$&q zg!}Xn$U#~&6x4l+1(xtp5L+Y~F%DmA*9sZPh|(2ZmpI>iTq?b5mToyj2*!+(ISbCG z%t*VL*8>2Zz1^pW+lRkFIuM3e=va~WQR}^l_7lAOg;66dj1;Nh>TB9)%GhIcLpOd> zf@=sh;3hr12|sVp&K{5ze%HFaqQe>T%ZT5|0-DM+5!1Amyojktu!pPnh{U6zX)ywUl+nt?*{pY(cIxh>x=gMQ& z^F(he#A(op;=9a|;?pPfojFqgozOQL0i2Fek!M0|KU-Gd%EWl!EWUvwKv&01;8QZ` z27S;~l!<4m$bm+SrYW&-PlO)w=CT>iJ(l#OsQ37yllT~_k7DvAgCczPd`*#y4Zp|^ zCr*+3U}I(N*~g<9eAwq>BCTSKhe)S!KF_4x0r3@vKG|%AqK$qD1~wi_BnI zkiCy&M0w<4U`4QaY(>|w=m1)uR5ke^a)Ywk7rxpgqdQCxj&A z;fPiOHzPqx!J!~XD%6uO$3l{1KQIPIB<&@S)pA%CbduZ9-TmYC;q&dCws8QuoWg!M z%jn%O4P==R?3GhD#W+SwJr zYsSe@Fl!X~VRn;fqq5Vw)QGCvEi!*(yVECG>AqQ^dGZ8r#nGAnNxFdxc>iGfLnf3> zlLv#JdM6V;mGQCH$nBU9F;YA_iS)v&O2HhWu$cJ3^GK-t&t?j3plKFo_<)~Ox+xP5e-zt!QWlCK7*0rSR5M(B6B^62Wjk6v^Z zO*(uDuC`Q@H0a4!r7E`=pmtV?*^w4Y$7~^a_)$M>sMe-aMzXW!09B!*EC3tSP0fcp za%hksd4De~{9X)ty&{<;pb^058YPWJFp|ZZ*ab)`yUR`I1%iDNCt*4>8_uRv$;Y7& zplP#6tJvOv1{pdwleQIulkP@uquE+sSzTLy@bFR5kt+G9@`F2A#?vS4F6Az6A$6FN zg%fD-M^keGOB_~d8AGzeC{Y;Z=0;&bu|5KnEXvS+pA>z}eCt;BzCm|7n^+R-hUs`}QDtk{%$=Vu0H~>M z?%)Nb+&K+q4faWX{*zhxyZQOMJmGxF{o(thL``(3Jq4$i52trmI6pERliFi91U~Q| zf7EhOqu*t(7l|uwejlqJf3)MuE0G-b?nk(Pr ze}9equTZTjnQc|KF(pzu;g~^U%2cU{75Zgtn>fSbZf{W@4=DgC6w z*5!AU)5-!muU;SQ?V->@tF!6^hxs8t;B?qB?9g?xq*FD^q|}Z2uDTMgV|QO)?X*%~ zP_8B65>j8f_G|H`q8Nr?H;6^V{@iqn5JXfRtFv1 zM#r{o+qP}nw(WGRj&0j{C$n3-H8WNFX{+wP@H{up<2gIoH2C4VG<&q<`N`084&AdNA%zIyHvJsj^G)(fK^f z9aY})-)351e7S-6eXTwEnfUai^a3<=K1=}*X`fwc{s7{dZF{30N`X)pIMVm>ZS9IW z78NTS(C@y5Pdo5~VvGW)Pd&`vcs)O*V_>}xRNhbJ-=qh&^f*Q^{9npIrPW4CR~vHR zuC)FYpO2_>r}Y~R6EoEQe1a8_zuq^34t*y+q>wP0@1aEk$UkkEBKdz?{9N0|1<7N1&N%Pm zz7FkQlW(O-*12XIV;i;*-fenut_W@hNshfvk<)jLJzv#6P@EW3bm5W)W{^==m!Hb! zfOT7dq`>P0upeCiedd|ZYlZ#oBLD`>_r1bDz_V4anNfnkj|z*k;$4EkA$!6}go5+L zVa3iLV|INujse-vPcbBCwJz_*rZ1oL>r=_#CPN}wOnk#<68iQ7RWv?`?b5ohRPFQ` z7+(Dgvzx0tPf*Y8nZe7aEdX$rNA_AG^oTBbrin2HmM=5}op%e28%|8PcRI&6DlO!I z3yc6qKBq;)gZ=q@!2BMO2>qQ4IpG1SQkvv+udpqg<&A{(; zymsl3<)y)ZGn3<%UO`+B$|+vSLAm4l#{`gk88czP@c85M#Osui&OpY3$RY7U+bS#f zP`?%M#C?Xc+|VJl1NrZ2tjC|7b1k~~LfUJ$%iEKC4FMkovCf|M0qaa{mQX?dW~j&E zWTVO5^u*dkF(v2`Js_zXql00JwPVoSH0h?~Pc0j1Ag&TAy{G#%eFOvElg##5c&^D? zs3pAkhqXO5Wc4RT(}KFA-v{6gzc)Skt*EUqeG*23_1^t_&EIi#y`a)Njq99*L!RMc z?rU9(VNG40(xpC!vUP;FLvlJqE(7_<&bW(la^B3#GgDVZX=595FY7rudakKy-1K+7 z@_9#2eU_+bK_1oM>ll9Cca*uL>@bxufYldpU*M9;ldQ8k_q(+>EM241khnKJ4JeI~ z4-!lc9Z@X5)#vVt@=*j$YNFklGkJu_<+wwdamd|NWJ|92T=sb+%z*q84nEyXdcJf7sYq{5$W)78&q|ET-QjUo&eL|7?ujx}O_d6%^2uZrt9Z zNERJ?RMw~ z!s!R!mai_(#f5mPI?3i+u40Y4yL#9hUhv#ZR*UL$!O9Fgv>h-M1w=j$kTT3xwz)FNBi|D@d#LsX^%X4TNXQXl!~)-PV99EZo8)7<4ob7AWx9HmO`p z^^4qIHV}w`5t@A5wN0H*i6)m9Nb^&5o}yQ<^~J9K^VP*9_l+Osvi|FQ_rx{hcUosFGo@y5V)z6LVFP$z8nkVc3t~rN7!k zp~$LxNdkrFBfqRxf(y-4*HOtV$n>8~U}T34LdPpD|GG!UN?SA=n1rl|;ERQ1hL}X; ziY8f^frtu{Tu{oSS8$>#Clr?yaGybZJMa6Zit~nzl?^b@a79>?M)ZSpnnZV=dU8u9 zQd)!y;nqo+1460LG>synzuFBL;Y_E&0HiTY!6w`SlG%Il%6Ap3V9=qYg?vp4sPI;# zuwOiQEO4g#hotLqk65*R} zhfx&Z+HFRX)RpmnAt)Sy)h=7L)DAL}s!2ZZ&R9-Yvxgb_P5Y_)V6dVm?Bqqyek}Fz zXn#i_rNL2zv822cc8dj_33$crdO#%4(8pASs^=SleR)d~w)w4c($FbBt)t+Ij=UwVDRwi+oXLLU0|=vl+F-8;tO%Duhx} zunVRGAF=3=^GMI)TZ zH5rd;RCE97{2~&{d6W8w1SHJSi>5%gFiwF8TR&Z(qzSnmB4ET694o{`%^)GnK)7|W3{E&55xw`}k?(Tz+*seq6Svz*M293ai zgSbn2zX}Pit^&4!h{*4{e*c}(nxHITcxc)p@rp6gE(OsQmny(kN*e@`EpR?asMkw= zIrZ~WSz(cJuvS)1zewLzj08=b5Es10r5q;1NZ3^;FAFu@w>=+LpkVLEPQFN73(e(0 zJf(FIFfFT_QFHHwjvv_(6^{4A@W_r2!kCZR zMw0OU{^r)#_Z#OO_(pdhth$BZna{8tMAcXj;bCL}n&kYJX@E#+XkJB6h@e4dg8ZN# zCFK&e>v$CJmRQ0n999yK_^vbrE$kg;EP*s7nix|sQr0e7H9z4IOpyeghysm1-_!`sKG&l@ zKVJbkHNfaB+(x^_#YB)|IzQprFQ&}mX98)1MVAqcS3ID*GAWF2G{t-+V-{$HPb z4+n?4=mCOQOrD$Dx>%Ow&2G5p^|V4)sk|8E1;%d%$9T|2ejlf1DI;<6&@j7kK_hVT zFH9_A^E0+&U(q0+dO4ra0WOYD_}%-Z3FoCHdissqGo-LIQ5)Pa&}C28*dLIQ4DPsL zQ3Iu-Rqyhu*Zk(DnQ;gh1o*-G{=Ccp zSlVRIVRk=CI%|==L$n+hny1<@sWdYw^D|If{;~Rs zpZ|_G)9Ej-T?u8xyqoHlOxk_cR}YP;#Cc{gssxkQ$(DD=rsYbLX?#cQsX;YIg2B?q z5barFF9!WnlHC;q5yjfc6L&<7`6sC6j2V%CN#X;ZC~rZwBHDx`AzdFx6Ana*?P~$y zuZSHn5AlI61dfoi#O!~Q?+6sfUkC!j0sjWP?-W6YGl58@iorZ9E5qdxKw2!2)N6t|s=bZofM)@dEd&wh%$45l zqcfo5wvG6x7OTas~Q@QXNoMOm*7bFLj+%D));AMAJk+Ym=3J2po*iE zyeZxp8gwXm=+{+|6ZWJxur9l`wtL}nye1b?At+*S6?^S~=261gD`LLnr=J1sN? zamyX;We_mkqf}8D=|J`mEh~QeO)Z2cD`b|O-Y}1bP<-H>Yy2Z62d+}{&j-mOi@JbR z{a@WVS7lf9J5zJQ^7FUip)R#TDk2E1f+La-pZd)I6pM>(RW+s$J?f1#D$8y=ly&n)12pJQOPK8IHL4=Cm=a4~AHG%N z_q4hkaVsmlpLR^&fHtnUQOkz*GZraQ>*m3wv{|^V#E!{-xFpW`u)H>m{e-#s*8XIm zSXMC4=ggf>zP$Kxw@~y)5^VkQ&iY)c&P4cFs?Gn1c*zU#*rB)>h|riXJ|Jh;<#xL5 zlS7)LBc+D|5w=c^iiU~tNfXc!x%#Cnp;WXr=M6dw=@JXnS)r+xlGWqxtV%}lNB1Qo zL8LkGkcK0bohoxo3my#Ar&(2sLo3Jr=ulC>zEvN19v^z%+nNVt4-y|~XUxWaUN%Kw z9{v3#Rq%bv;|UC5mp!(YNYA3N4%ENjbI*rbiX zD)p=*v0+^&6yFAT*-a94LUQ0&WqczUXp2P?Y=zH0vaXh5-K5_@bE-?zLmEcQw#_5z zvLnunRFySkP<()hxn{9Pkbu%?#(4tG>0yI5M!Z%T+%Ouw?siy;j)Im}JF|*+m>)_R zl&6ZfmF6u$hpX~$GH7Z;nC1J|k3)%=Z{M(9aOPv&Qc-fT>JJQHq8g z=M0dHWl|_5*~D@qy_*P&Hy-lWXHISPzHG4nEyccRM7{Fy1L*tr;RCzi41n}aE|xig zU+TN5wKw}2aI5d}lm!U$%K?PpeCvEw>Jt6XSl`_~-bw7?*0mYzJ$h;#o)T04C|6>( z>ss*TRkS01<|&?JUCRKEjVD+I&Sr5kee5(5oeJ~g<;pk)sEojimg4zPFnZ01vA|x4 z1^vF+fXcCrM19a`4PS4LpGK}eGk8UONpewc(4KEl?7I#&R=&1t&VF5|^=}b03Ss;M zEj(NRsiWdGy|^~nRN9t0h<^&A*A1m<-Ua(0=yQX?E?kW;$M?ZR;75wujo4*5Q#IV|_5JzpGYIxk1>w-eeI2@IuwFUUhmF$M@K|R#RU|&hjp!OG_@9^6X`+RyEz@FBZ1Nhk<{ki}ER{-GZ z8-VZv&|6&3<`8i$&@KzB-$4vD-~kWi!Z5S>N;r^)(;1cMh|Uerp#9t`$8OGiI(GE& zKf?Vyd?Q8N4D*xLSS!|yGjC+Iy%7>9@kD0&NmIpa=3fd+-gOu?miyFf@$ z4D_qs?$f!=am2A(a}XUSv@uuQjxV`vy(~L|SH@H8T`OXLG&0WIXutzJ6zB@$EQy>RL8%t@e~!BZK{mmT%DoX*{w74)xC z4x22sH8;2NYMT-(b>ZRRkUtg&@?%CGX!@}0A|Jj>gpbDG`xmq->|FxKnF5*^} zAv9w7@JjRR%`7*sg7<0Rs6ut4QgtZKOID5WBKg3=`G*oJ%@}CIh8bjNrE}yieGn}1 z*XEY>tQkkgLcQ^AxL=bxNU7C<;~Y{4g_2mB4qOX|L zRJQ9GE@UO?)$*@p<_qr)(&Ya0j?x#wU@$?M99nzLP+&D|Fq%pYSEV&};Ms zS=C48n`N1FtjSg4sg((Gdc{SR)}Jq+7aoz_<{l+N2shB(NWXV}6-H!cms8e~OVLu^K7ZMozW0ROowHa#*?pdNmG$>btIaucg8pvvV?q{iC!1Fh;Q3r$uT|yZ$r`zq&YJ&;1b~AJq1;ntmTJ62zly= zlcX9wtq~R=ss8+`v|`Yh$l^8Wg+tNWbutKe;BE%#2mw#KRJRnGN{$xe*$;#pIw`5l z5LzWaj8nvPC34`t7qZfxE+&xpXHr*KpTFe;U1bT(SSj3#T%CtZGJ8t{UnZd;PO-}* z$<#&Zbz=%u)&rOD<_MbG@iTK{M9!=H+A1@W{cXFGA&s{OY|BoLhnEcx@$rNf;)|(c zHqYg|%f~%`lAnmhAeHE@+@~7tSKk9L5U63l^`@PKN5D$DwzK(eTYXQ~ncQioe`?Oa z@5%9=k`+Z-RxXE&K7Ni`NS%r-ADc<0QMUGktWuJMUygq0G}+U20b5g6FU z5*n=TIK5zA>@mX0r%wa#-yEvCrIT&cH81b!%-DJRVT}(RrK*|cyti6kAA(;Wx$ocY z;abM*r%p43K)w2*+wIb8b;I6s42@M;-d#E6JBVH@(6Te6=~aqOpu@M~lR3=477d(B zD#p^TQ=fq*b-iG~DL^!mo!<=@8YTT!JyUBF2CR53*?I(N^{Q@`sciUV*b4fCRhuLr z8^|TgIbciYj)j75-k_Oc%hu%NacITS%+{GN!B;0Xj$Z7vrtEK9%er^e=E7!#1)?yD zLSM2ZKD4D$yqzx+^Jt;Zq|HfDwi9?PF*`my!LSKf*j2!AKaA!5n6RB|hxEHEu6N=# zha3Zqs>_Hf%L$h!-?{Q9Cf_x2vJq|k)tWr|-P>8j%dRIs+UC7@Q<7DJ0#Q_j!geaP zEInB1FFbhgz1CK;I*^L?XdSWFY0_ConP<(^0u}}|xT3t7Ctuy>0DDliej$LkmZO!R z=I`0}^>y~IJiB-PokzdkGl2IZ;7#ouAWn4C3=-cmzA&Dr zM84yDuy%f$%){pa-(eZsh1|s`V>6M9#GBb15j*6i5AQP~dli92Rd)F4N!OQ%WJE_V z9gJDl6kaP)eY;A$i{w>Wnt&^{OUMS(>@((oB0Zg9Ag68F>e4c+H&zDyD26Qgbe(;} z$f)!9=7$_h_OXnp$EDadNkK}yvtX3cdX`MMMkE`2FS=^J@8hQ7JKOQ1CpQ`Xsy+~@ zw6@}T+0AYd>cnWY`8NgrIhl2tCM2@D)9G1rBU0g^rfIT}iwXKIf$WrU61!o>O_V%s zA(E>k1Tp|$ATRCdXp20#W`{ni@qBf=Fpd0L%E_EfLA$%+RCbYR<_Hg@b z5este?|zbNJK{#4ar;5VkK9Y+<-4|z;|0c z_ay~+c&Jc6oC1U;H`M!Ad(~tWTP>ZP&UV|+8T;?*y=FxCbIra59w_I5^*bzZfE~qv zx?fP;K5SXIlz0o9d73Y~aY}7+(6;pR5q#+pSKs%m?Y&QMtckbKY#SPZKYERi!Z!ib z(~Etw4GWI?!j^BwgLv!ZO76RPRmj2)g|aUmIpC)zzl{{k__|g zrs?)(ulMZ*NN(+#sjB>^84H!K1v(;|bMs`kBv0;M>XZ8}p>IopuQ5(0zI9(l_>-Hp zY1NyULpyjBLM!-$5A}Ao|+;_O`P@{it_Un{oT8cUZRu z-QKe&=1E+~Ux+3xHFSsJWh8=iCA|2?vZReYCv1sp+6Sy^d(1F`_K zcAo(DZvZX;5CiCA2Fw=Y%4pbJj`Y1V)aSwj2KNBzFHGMstb+-RD*QOIb%7H=Q5k+o z?U=Y)f|%oK+!miVyee}?qGpN^+tu0-s*NNs_$F6}eTo(THUZ0PTl|)U1a7*mZFwnU zEl`qQwUY_X7BeY!VCnB-9#70bAwe(R+$iTwjkL|AieaarWURdCkOJ}{i7{0qCUav~D z^2bNymFT^<81}W}7to1IK`lkBj?T7SA515mygdA`F(XTfb+A~m9YW=U&Y-8cHhVyJ`*n)e*UywEp0U32w| znUJBI*3VIR(-Av=p(95PjUB_w3`Yw8vvUC|;Rm_Ct!Bm^P0Lz3G8m7wo1nM->uPy0 zeD_oXsn@2-R1B)Y*)#V{n}gg-VW)L*!!9E=&K=6C8eC}b~R+-$4@hnYuON!om7-9B;M@SiS<>;g2h#T`S>r^;!m)70qN<#&% zY2G`id-B9+=jcY=(E$fpUWGzdW#7B`Vu&W-X@r z!J7sE&F=#ma=OGIpo3`e1_Ic9+ z?m5lq#_xS8X9+ih!e2zf*`ibP*45czl#kXC${O1_PN`wS86*7&u!{3{!!d&1>#(&` z{I~6^!$aCQATrA3Je!Fc2}8h|Q?tX+SWATU> z6>3Z%D3%kvz1n&+IhW!(}_LqJH=ISF2C zkeyxCF{8>k)NMYQ!GBJ7Sq$4NDI9byDC3Ev$~>&0n{ri|0&{Qyhh+O}F|%T67*)Cw z`Q%TmOZ%uAR8+7+(z6rVQd-@dSVOE8oP?tKu5(MED#Y0r0K{eyQ5fCkq ztEKWV&qh>pxaTE5J@5y0WaaPlttl45pwjGTH|6yjhD+$5yx`Eak;I$>k0eR0e>UQ4 z`o$V3effcc!Mw}qu^ zd7k*KJHJCr0ncd@9?^uq#<(bSeaZBgU90lkQbbl4n$9nh1_d4!u17TOW$VDHaw$ke5E za%+}vKK#o1YrC6@=e@mwJ&3%!K0@Go z8=svb?(LczF{$`lpEzs16YWaHwai67ZYuV)BIL@q!on=iw>LH`C2%uAmd{LTmN2Pw zm*J0WHxM@sT~oM31mn6`X3X;pn6{cE z(q%nCD)($_(*|PDo^!GVWy$Ki0T)}wk;<8;%bEv@lGrKPnnp^Jc{ard2}b3mq@aJu zWC|o4GfGObGm%sAEPuZr-JwLgNDAqOt((#9295by>pXwR8Qczy_&4}7;flq-yeoi7 zN6U(L{2gH7{rE@t*9fpr9-QJfKC7>Eof$)>6Jmk>cLsS7cYbHVB14z@M=cz}AuIs1?^b42PUdTVD%?JL+0%=%xzqg(N*A(cxL4`A@Ja5}Gkw z9)1+6n2UYMl_56loPX?&3<3i=<~_;bm&mUu0}kSvcL4pXICiRZEOIArwmf_~F`jE( z*Oxn33YZlAe)|iGr%N#`>pA~ho6 zG7RDh;lRZ@RWCbX|AVJhjS6*hYT90vrmoIVc2%6FmHheqP|6DE>$AB}Pskf#4Ncvk z#OJ`!({c)W@V)*Uu|IYHy{1=vV0|iKi)uySQA^k@97F1==7kkvLFb^RlL>fk0};)- zi~9gfR!xct5Td?X*3@lFNR0PCZLI*87#s7Nw#Tg%~W6nkx0{_Fr zz|lb}?)y2G9W|EXMPEF5W5j=xLAoa_r?Q5T81qDcHNE)@vJQW=gjg2`4O(NKGmjix z5n*euSd91|0A%F844oEZVq$h}&@Ww@bw=|}#XF}oXNonP{U37v1G*l_07C}wR`M2h zD*JuN!7bq;gJ2gPEWKnX+2bq*wfd7;f!7FmkFuO{2kW1_Xlj{@mpMxy1MPU?>TcWd zry^_=Hi4i*CEPY7JC8SLgk}x6dBU3=xu}3*vClW&X7Tk<&u8Bbl7yN3BE)vzubD3gf5z~GfXA2a?_l7K$-zCaudV6wh+b9dQ%%&aWTh;D;cXNr zSKYP83&3TIJ`#d|6a9rDE6>f`Zxt2UX$Bz0GCHCQ6^!aP(I1Oe*p7Sgv|8YwTwiTQ z3h#VYhU5ujx$v^qCH}t@pHOwjsB~YxEaBvz6Iuc2%kV|M8eAzPXx}Eo9Sl!;X~yj_ zl=^9ox96K2ILlSo2Wz6BJk|Mcq!8o<%$k8*pY@XC0~Il~F=4p`p>YcKmLWRezka6O z)to1?LGy(gNolE~MLRxSpU=I%G5HQ$Ougc2|$DXmzVBU>VT`5i&2ef&y#Zletm z#XFxsUDm8Amy2X>CQ$uHdzeHa2e%~vbnnB8DX<8lt~&z~uMzc~tkLv-4nCFEFTsxW ze1ANf(Q0;wwm5E&o**mz#X<4cZ0>5*{!u&`NYW9&}C_c z_yZ`kl^DI?I7A~lbXzZ!EK(1qCvrC*F&vB%8V$#0dCFXbXv z`HWos-3!o*SY2q;cgp7ntdT6akbKug3)-Bx5Q+*@&W{SdB-0ZBH3^ldVl~GfH8y{k zeW~eyCj~t~&8m#XHka;#SIBFWEgNX!K^p72V8jES zLdx>V+z>$Z`A~XA8NzzxSXwZx?7+BHBx`5Q?d$1Dqb_o_f4Qpc5F`H4I{serl}QhB z6}j;5z&g)FuD|Q^Hg|qb*9q=l(JVf{Kg$51@W!qlV#kqqVWf6M* znSTK-1%DA+Jq0E*2UAH*f_}h5kHX@k$>N*vaE|QI{6A}FlbFa-Qs7b4ZRi|3D4r?( zv)Wc}+Wc*r!Ve>32yT~7ep)y`L4BjQ@8A7*?bPb+cPn?MRru%ZD;?%YI>e7MmN~mL z4(YrxcAT~g1PUSCMWXENFs)vjJf+nMFX5|PD$~v-N>9~t;35)Q7q?mCz*v%c z{4ECtETWJ57Yil>1#Yj0kkK(P{_emUOs6@dPWf|}U_PkY3`C(ecmWtA|43)bU8Ng! z=!Ve%VG|t3&s_m%vUc3TfP`p%wk5t=g=F<#-nmkj;u7nB@rTKgqjv0DU*Il0uBnZU zUotu26t~Zk**$*0$4hppo67c_K_%qpA!1@^Mgl1^^ z_TrnA3(55S=xTOdLe#lZ=W?PI1QUn1ehXkj|5^Iuw-C>ZD!|FR zQKIAaDX_W8erh^8)PsNtYgcMGfe|4X8>Q;e@O+7+33_)MM1a1wm(u9J8)yoGN5K%| z<&D-MH#)YKFoWXK9zLbYA}i=|;29he;o;@3vq>tr695;1J+1{FEaT1b>n!P z%zLW(`oW5n-YDg}H>${Sso!RC)Q2yMdCxh(iI*={*AkK1Kz*c$sR7E>KghJ4VWfq5 zyuMr!#q;MfBm1V$9Gxyf?N9WdLc1l{wclhNQZdO71t0hbZIx-+vyX>NJgh3b(>ieP z#wCpN*PXh5zP)#jn^{0*>gjxx*R$Q05Wj+^Z_bmS~uxtjt~i#4jQqp+Kfv|gN%*iJe9f?SXvtg>@+G2o7!<*TUhEg~37vV{iy z)~7%k`kQk4`XeXUA%?wB zn?RhdFQ6xGoF-flbgrO6To9cfZQfqqJjR`z*tgcf^-?DnTA6q8H-a>P6i@6lXEd5? z8bip1d-u^=ulvFP;~tm#-tYjNHvNa{QZSk~EzA%=^g7Ie2pBcW6ykK5dy7HO*%kh+ z^+gowL>PyhPjZWVm=J3VW-i_gDFjxGe@<3ZA5|VAq&3{ZNU|J1Pc5-oyX!ah|HF16 zfdW_VKO>{jEwDd6tbRW|5qtg&Pf+fv)4jO@;c@tC`+>VEw!U(D*k@f|^p?>2ANv4lv~n0J&ELSC=+7y_Wn|zs%I{_ z55d9RV(BL?i`9SpFQixG##ME_$+f)>4am6n zdo}22`S^$Rs_J;&&H7%|D+W9TmS(=TV}97-j6(x|ncI~c{fp=vU?2clonMs(w$Uk% zmr~V)9@!K+?%#p{h7(#-@Vb=75g+vKJ2Lc;x~SNX(o4ef;XbS_&*J!D zr^>i>Bwg$n+E7yC!=ia(7u=Ao`2Rq5$XNw&@;5lS|XR2BpLpsDnw0~_04Dm5&r5elvE>Dnhf zr_SLBzqvmk@pr*u5n*1O$z)L&isvcM19J_x(>D0qxa({9cYNkOpxH9|CLp=~d_93a#$8r+Zv9wi(aFs3$zO3T4L zm4hV4unwAWI9gAhl=TG&NEDX@ELfiIP$zh&#nAx;T(`aPlS)LaG~H86!UYlN)6n*` zE|^>D)1|oiyCIrGutxGoxMFB_M1w%n6bW4gDbN9^uIj)4Ix)%~wD|L+M!n$( zrwe?4p8r;PpBzMcj|eO9$2$PWYu zfq~~iBYlqT4z|`zD#)I3*__qc-`Sb5kl8k>fZu0w4NCtV=;Ya)qQ0kJIQ%)?_O?!m zfYeN(uF?Pc2iTO~ZYb;4Gj`~5I*mA^)w{(;C-Bmg5?#DGQNxglD`gq7?2h>Q$# zD#CDG!OlQY8hji;()~xw7NnzmanT-bxOett912P&aoLzVlKkCP*AIEKY!3n@{2rI& z&o48&-vQ**Sa}I7lIIa6m_0A3D; zJaATxyldxT&^O&bNPX z!4Jh5f(95ilH%j@Js}wiwV0~{wiNMuVnWD7BZNhUA=NO-nEAA}<977u;k~8VM-{D4KmP|T@zZx>oX?zIuDuEkCGm&y2+mR2T?n#MFxZp>bP8cR?Oi^bE zCG2U1MFRcOmoYwnE=l;%BL#GHL2YiEbggSCM@&#-Ul*D9(x}bi2*N$~!y;4!l6N&V zrqgs*hUlm9kjbV*q#k%H4ThwuAmrjSYa9nfzveOsn8=}y4v^mCeoebw{acX@i*mi> zd0{h&L$N0R`y#L5l*1F@d4$wNRUD28cIu}}juX(|0c`rr)O-Q^>ez3opLDe!Ut=N3 z!4ug@h_1olwAJ1}R=l)?D2H4ki%sn+2meegnS@6oKSZey^g!B7!B`kK1XdmaEP?wQ zhglnJh;H5|iiyAgDcfGBO-TUMdmnj&cu8i?2!SPW1%oxMb;W6y3TtR$DCF1}#?g!u ze~=C{4?bcFd6I?|MpBS5O0iyov0)rr562Hr1G5xgKc;^s_}9uEams8NSSAZ~_b+tT z)TU&8`aV3%<_9B(x9QOvt;$EE2;A>zA>`cPW;6*ZpfTfKz2vL#-@tm|(}nX9%om}C zkNF+HEq6bPthCdHY0_=LUYqpS^KMIT_3T^`H@eA)^ti2>#v0GQ2(ZyjDXq?3K5o&s zHL>)RH<<|e4)AM)OiY7ceYEQr>^dLF)I=8y)W<~@6()=WRG8#**m6mIR9xM9oLL6;YIDT`0 z=4zKD{Cz!@0S0)l+N` znC=^ar_JI3;mkzd)e%}hb`2qZ83<*F5`+>2RD&bYOmq=v!IkS7^5)Udl=LgLK@m9t z8LpOln3%r5?fOmKc!rZCb!{IVnX8zOy!IA6%qeR$eoabqRQT6h<7hS(4(d^iH(nfS z&3!-+BziuAIa32oJjOAQ5C{a?tv@fpq_z`I$MO6<0wN|%=S8uoZqQPLxsn7P-XwUQ z2q)NWRunN2M9|ICW?YV6}Y~4Q^;jgC<;u0UgAhm&ROzBb!-(t}c zfl53LFN3y(kl>&cVI(FH!@QaK`Ak_oyREdu9)IMMYupXF!@k(`9(fpI z%V1tn415lr5|1Qecf+2Wld(ojyc}pARiGMZx^FBM4;slH!T)$lFW<($GvdUEC%y%= z_9GaV(GGCCl#!xbpLq$G1Aq}t-%LhADml9yDE;_}!BxvV>6cPLJr|);&e(v%_9!da z>De=fMdpd)T$k{Ov!bDD$(;RD7<{f0c0m`)gL-cTNFg|MC<+v`$F!Ea&-Bq^ACW_2 z`(kRNWTSbGz5n_IMx4oeeKHtV#NjtGz=mZ#+|RkO2d(s72n2Oy@vRwq*LG^qxjXry z=Ucl|RjXX9=bkDM%1|7S{vKItT2owNMls@CPe40TM5Bk4)fr@16p0Qbh4y-e2$>0H zqHWK7>*CXx8W=S~6A$QIgeG?cAX-&x=OQRbt5%?$3dH!xa@Fs0H4p5D?+Gk_A`b=_ zq*!8Q>G^#vXGez4HFAgo%lT22E$KCzq~Sb-5N!3rhDA3@@g$cU_w14wkzsO`c)4qn|~=bXyDPx#LeOmZ2(lEDlt~$ujW@ z($rR5+P{%9fCfP29?Qh~uK8|x^tOHNL$S?bAlx{Ph)n$zG<*co*2wqk?(03M@el+! zDWT7*mN8?;&u(K^UC=Il`Z6oI+CIPSrUGx)1kf@wm>-ySg63tY4QVysye1|;&u|)@ zY<6XUwA*i}F`x}Gb17Ejzr5r}DFG*?=Tl@Gu(OP5?#TiN@Uzo#)OHfL58>oO zgUX;KzX7vu#j(qqAC&iD*>@^dYfw^)K_pJmlnps%v8Z(p2h&Gy?vP7AbJi3I`_r>C zzem$@G+)x$max|e7D{oQ2%pUNu^1B0SAFiPj|96eBUFTWq+07H--N6Cz)8|Ow;JxO zmAjX6YN?$ptbKD?kZWlmR;6*B4wXMWX8e~f-SS7mjKWszO>t+8g2-?h(uPcZ2ef>V zz#HC%{lNa5GOZM10p}B#4ZJ8Fm3l&qOOzmf8VwcF0S(qXM`6$kz{y>+hPUN#C}=)9 z3}8BLs8$!dYcAQPbMVDncL;&hveT2L1YZmcv}I&V+K}gLx&0i35iXTN(t*_c6Yy*z zkRBVT4Is((z`#j785V@^j!Cse!S5Ik`@tcV=fV(}`~93)&sw!k?VUR^>YS|12y8TkHrzIdZXdq%SPRYQ;Q>kW zjw*H>7!k^(p#0yb!YQMO4$z!jt7!xIH%H{`jxwKK)?Zt8*jg-UVDeL37%uG6Ss*7w z0?}GE_5QB)U~=HvdgOznIX`E{#e#=S>*UJl>Fzqs(Z(px5~l`WF!p~(Pfn&g+ID}P zb#-5HGRe0|?KgtU6wq3|brfulOXaCfef0ma8^V@I-ei_!Cia%UPiUJi(65 zU6MtwX%iH?p<;eZoIQi%q>Gd0;34D)IXN0$`vXqecZ9CI_HTlm8CX~Z$}hD6C{l(H z9~*VO@bNmoEVNcwuFNR)nrMV+$wStp3kF3$wcZ|M8)U9H8Y)KmiP*;pe+*A(nF))DplQzI9Jm)rv;EOo=Ibv`5)AuQy3D z{{eGGV7*pTd=UW(A01nve?@f;H;w>bfl&}0>7BOZs?2fkFhOvCZu?2v#tTMjnaWG0$Q))$gT9=o>}t<#!g_nY z_AXX0$mGXdH77~f2D36r+v~~sHTMqu)m8nI6#^o@3iHH;aNntJd4fLRX_1|7TCt`j}nd zDV+qMqnZ9EqhfK;n;?802>tk8_~F#4Lu0EotJKW*!nm0Rt}%Y7cJ^=~1-CYHf%^@p z>9EPNnyL&qj|SMeEGV>(7P@JYjSUA@=bA5j`76T?%m|O%sOMB@`xfpv&C#NC#$Y>0gA}_ zYOLJs7K*gj+Z(r(9f7J5xg|fh>Ul^}#1r{~JP>+i8TatWU$sD- zkgq;fU!pl$9f`5XL0l#yR$ftP-s<%}5NCZYlcr|(&y3CQD{Oqlj8irTyc*yNr|PTF zu}*-paFos(&eW(lWAOr-^f{yuuC8LG(c>z$V|Meui8F0!8_OH9=zs-=%IzGz(H$X> zEVL!=vV^}4JhEm_c`^zx*o*NUHdnG^=6ZW<{p*%TEJeq`RZAAp$j%&bP9~w7u+35_ z3O|sdheKb9bIA8;H|bvCcs0V8nlZr(e77Yi6e$fRBs`Xys>Oh*3X(#D$%+JoX=Iz% zJ?`$RV@RP2dLbbmsDE4z3ZB+WXefo3r7~58jpkVq8jnyco=%O52}q>(YcqW5-Req>>m|=bUSkZ$}{Q@gWE=CsTQwiwDZf z*N#&Wp8yj}gag(%6CKI`G>UmpF`7@eN-!OfG znX+hv>}oOZlf;!>G!oK9NUJAE#y#qPfYeZwo}=QimkBTO-|M5% zGnE`!1O3gCZ#udI`XgOm@;JD9o1P@7Hl>j4XmM0tbyRUM2m9|@xF@6>k9Rcbv^J1xb!swrda6Q!-x35O2XQ8dQ~a;v%Nm$0cM zOlT+?!?eqgv4gRt5!u}-=7XE(Yl^fca{=*t@QXP? z?=Z=oSvbU)T^<7pwPWwnAJf%uqjkH?59kXSGkz3mU64BD&ubmBqHPDWq-~|Y(ad+ByJ;G4kY zud{hYi5k88Pgw$KWKT+N#?Lv?cAbIaHd?*x5>c`?6yhhaV3X{}i3ze{av;_z)V0lVZn7khEgFyP!=KT!5Qp>1@s|)uuP8& z&CoEV9eW;OsxNL@|C=&%W+#L7G`&8Hz&wXj-bC^Z8 zp=E?&QUN*}_ffq^N|?6i0Fd3vwltP*9(elumS;19|9CWAN+c=S2^{kYpCDmk!o_s+ z*Vc+wU{j`_D_JUUE0+Vix+(g4$L}Uqz!SnZ;rpRs5Y6u2*J7nSidrC-;6|cFyvEVY zpZvCBg^iHa{15)k5U~|Ejdv)D>Ch#ql*rjCUg(kWfk^Xv%xWxSBLzsWEL{a}ZDPn^ zdFnIp-7pR!bh29A2`8J%&>6$1r$s{<>$CuCNq~L+Sl2>Hf-w(P3P#_RiHHtgt!#N zq2kE0#Uy=g;u3m|i?xIhg$&e&q1HC)DxCK~+$}X9Q&u67&p%g`^?2~qy{9>I{tpoN z>u6;nTaXK2W-I7AynexkH{OVuK~1k|LUz~(?5DY2XrmUF%`bUJ-ozs;q0v1e>C)Rr zFV2C@r3y0!9H7mL^V=JKFDU1`=IENROfR=wnLjCN@2N;UNpeHficZdF;gxW*g-ywD-Ls%eNM-tk$h`ijFw6#srGyW zxJrUps{arvuOpxiQWwkunB^!qo}SS@Wtc(*mbN@Zk6Q&&p|nab!5DOY6(4hnZy<>2xhGA1OX~}d3+u5{ zUIk&_ScWOtV7A9!gNvYySlWl6w~Eu@*En62<9*5s-Aor=2Lo?rz`}@}-IJ47Y7DB& zWzG@a(-t@6^M{gBD3`AwV948s1`YSPU=v$R^(V}^7kEu{>XybVU|5g)1i*^_fXcl0 zdYzD(jGCHq0p6h6jvD_pno|P?(v2K&Pw&26o9~cLzzu?8SE^yQ<^1(bS7C~a>jj-T zjG>1zYyttWdns(Vft!rJg5l&3qB8P8VrZX+FlAn0l{^=F?@D0nWLw0W<`u!^C}?Nm z^`&XfVmFg{>`qTiarqll2#mb+a1|D}w{h-61gM5<#|N@4<9J znUTq_GaX{<)U?0C1+UMy?2EmdCe_UX)zk;_0%HQee zF&Qp|&3*nXf_&~zkq`MUAv`-tj61c?bh~pTbDVC|_ zBy+aWw&V8s+@yG5wdM!Kjqh++j`d-^71tMx=4=L%g&%rBsJ=B5B6s&d@ml`LW598( z=}pOXv`NQ3+-$KBA9`I7(1`;83~jHx?1fm>62!e?J8AE#%MHPT755;zBKi=V0b(TM zhug_%Ez`hRL?Dj1&2573T5rgqa=7XoA|<@nlh=onDs_vwc24IUR5d&`flLjAI@`7`gjE_};Uu{t30xnZKiXF!dYXIDrtWXx z%1Aj1&sy4$ay+C?PdK99)QK)ShH^yh4TTX?ub@lVFJ3Lw5_g2ha{^&=98V`}QTUsd zK+YoOSd>iGr64I~$DG6`=WK-K)U?wNwH)Q&YJZ6H${JQ{z)N1UtBhA>Ax6+hj+QAn19FxaUtLcbQ| z`d!>Zbtt_tT^RjHTq=yFctj(+X|Wc(mShSk=0t+Ld82(d+#S_Rhs9d({xkTf29Zlk(ty*BK9HZ1)H689i87!i`JJ=n~l#+tyx4drFUaFK>+fp|Sp(tRPX zD;sj?GXn+6`!VHl;q%=P!At8kHGdN-l{0_@zGcgv`5K+6T7RR*g?(ZTs}W~}8`T|O z7}+8CoqT;Pc#gPU%n7p*^OZSt@e{E9$zbcZH&gw+xtBF^Q#Kw~fRkD3jWOnDwRURb z{_{wYMz+FtLOW&pj;0;EgD8`?lIN1=EG6o<7w7bbYkMMD^w6-W^Y}a*NRg)zrM21i zH6ePf_++CpYGOFqVfGbinF&)ocSX$1;oaym(1ItI%`d>|o?-ri+ZGq=(oAh^I$UwY zBt5n)OzS^BPJAi*rY_vO!Qsv5C}EgkJOr53YQros;^EMI%wSlsapfVD?Fh8IESuvw zufcqV&Qf+-w(Qb;ja&-Xw@jA!L zJ1AzG$!54?(@<9IZ0MRD3}&gQQj7@MF}v$Noz`F!7ZPMlQxh*ZPbfXD+KT$u^gi$KgfAndFDp;4ySMSrJa}r@N-*`&;9J68y7JxSHSo`! zSd8^(Jna!`_nS|(@8^7M7!l;`UX;!wTgnt;_=Y@c*h8~BATUhy4U$TANq8NFwc}lS zCRnH%|J@|64xuWr#MIB>T#ujS=Z*j$uT{2R4(IXM52)s|J_*W?n@dg0H_i8r9@0;n zd`;y5`SlA{{hc8_aCe8H+(H1#rvcc#UM{~cwIR_XFCO^fo(BxEIuGCLESp%OfkRtc z0eZ~ReWRu=E8f4opBj^8@Aihq&W80*yAaWUsKg(7Y>IPFN?q*i`k)(971?%8~p?Kw$W!d+V?#X zh_V5ouGC>@1AL|_f^1k)yMUYDX~D|Eg=^;!a5^TF$_iB(8a4S4Rqf$C>DgW|d~0Io zYH6BYh%qt;M48$Vj-ofW7tK^F%MeR}c5dW52zAq~L&|^9AX;2rm@x*pwaFXRvTbp= zfPXJj7C!>7?LCZ3_8y}>?#uqRuOlIT|FG|UC!O{|X1=3bp+$u1nAV zq<~K!***T$y}I3SwKyaGNlSbftTz8j&Po7*p8qgoW&!^G^{ZA>4F(*}2EhQjgc`)v~3dZO^BL5!^Rx6E^d?#W=4? z?&$bd7wPBh_OI%zHC{`bW|rs8io`kY^uMYfZbg3_a}R&Qdd|z#sJ@?9XQ z%4D-!?1j6 zNKUA6RoL+YeY8N~xml$#erl`aYgBD4A}{h4p0n;H4)@jn+P$>l!<3x6-{nQ^2%p-4 ze3-w!05&j;ck#K=AwnAKH+Wh)G$4}lwaBwYK|kH(dbW9eDFl+-VE1@%_)Iwizpv8| zRteVs4oE^L%DQcy8Ch>SG^#+!cGjEZ=7{eqHs+s0MVNsx+PsBvgCj?oet(1cM(CHc>7p)N6pu>_@zGc)?o9Z}lnK65?7noY(9lZn--O=T3_{EShG; zoJhV+Z&TW&YP*?K)L|ViAsjgaGlMr?@pE^S#g-CjW-SsJB0!JFOG7P4dLl2iiO5Y5Bk=Qu#q_o zLDn_A9E2CLRRq{07kJUT#0oL|qI}X@O!omN1~4lmVku-Hyrwar3w-b&Mk>kgS$_lP z7%O-`m&ZZ8xTmfE*$~6Q9MNli`A)hr9HGOQ5YKPnMn0?$v8gAvr$<2cHQ4?yg&3Da5%zt6; zG@nZt4I^*HOj1g=x*7*-k&Y;*W)1Q0_Ia^A^Fcv(DgQO#Gtg+;-5`x*txQe_K{Eiy zYKHJ*Md5jKSK)_(Xzj4OUt2PHOfGa0eD%m9(Wk904z4Z1G#z>ZN=ZYub->Lqx$P-amt1d4oW zj1SSB?((8H@nxQA5L(suE|^!c_5Dsi#X&l&*zX1AM76y5krE2{fzT;?DA4(|jB79z z1DmlXMVY-lDOgoCmrLH(cdK{`!c}RNeB1)WZ0>L=4pCI|M>i+f{uzB=-PraM@Y}ZT zGq38&nR#w93;Q+H@!Z@P%F7Ar>A5m`Z+H6Ku<~5>`M1rt?bF-U6eHRNV^Q`{+2iwg zT>k~tdv`I9z)zxH2mAc1@f_B-_wfBp1=RR+tny*+29Bp^*Jq1oNk4Yg^L&ve@2~5s z*W&SnKQVH>BgQ;Gc`U>M;#m-8Y&B-DY)bC%$%{-iL(0$>+-2Z>w=_2@_yC+_KmOu@ z90O>lAgiAfpM)iBRgPWsYFob0<#=1G_%}e#jiy=G_lti`A}~w@bJ^`kvr>(iy;^j}qz%^7%^@5A)Q@iRiX zdvxQA?68BtKe#Aaf$FYs<=e%w!9r(o0bu%wP~$V5x2v7h?E}AMx0I4|Ly4Y`;2Gnk zI?lzqo4-<0HK<{HI*HjXA(xgCH>Uj1 zuR=@uz9LO_`K-rm9#r$)oSI0b;)@!ZE4~%p{SP`HU@D}G^cj+spg_|gZm=)^>sI9O zT-)AwIHNBFr%Brvoi}RVIunI{kJZ+EX{{X^&anO2pf80q)3Z{4GvtI`f(3v-L6x2k zVLTM%Fc%x+s-9B;Up#h;s*&7t5->v$E9aD}G+vzWz!di3b~!$==HMWp_`?Q{dn`HN ztdCOPK(4T5xj$EyX%*@u6qhrxy^y8V8K#aF`X|vO`#g0E-3(|UhQ!~14m@@7uB&+t zrw*gW8SDa;#wCn(W1SJ_1;FCrypQz}It6G41yE-jMdgTfYhba6eOAEM0X{KI59td1 zjnV>Sz^|=bVE2kS2l)OiOfX~qkH(9^riD$9*5<~R-3^}m#H1~wntZos+i9|w7+It8 z`F$6m9Y!g{4Ti3SGNbp)o{qv1O5UPlAt0p`2x~S9+$XAi$^h|Y{7<8C6!}q_{fv9H z^pX0n*>UzE->A_8Wd9Phvvb8?x7`KYP0xCP{ujk$f!)hp4;v+c7{i9_MY~GcoJyE3 zTKgyvK#dR?pNh(GzPy1UF46aNTH1YOUmfB3k_`LXupqd#;R&-?%vdw)=wZQE7^;Xt zX@bwVLrKVgD>saRgC0s2o4!toSoI#jRJRxk_6C6Q;}m-bv7Vo=IN78d;In-Z9p5kv zE209TFHIPDZdp5w4~Ev}j&6=$33L59-*!%KYBNXLu%}qSk1>FqG{DN*)?XZ(vuI3w zZ{2c{PX-bRv_jr-Y0a06JR?-59t+rTc`9Fq51N?-`PAA&v=0=b6Ej!rh!cE@J}0>q z-UL&NHu(wUXn{Y`&;57_P#Wk%bKT+LLpCW7G?zfSuQaYE)~V5q9FAR?ZvI%Ky~?q+ zZ-=(C=d4j)TAf5#0Nc?LH{Rtr-)HbP5dBALt|IvmOJA50Y@&p=rNRB0;W|Qt7N?vUGYyf~7Tu?`vuH_M(ZZ`j{Hp$hfhVHRlT|h=Emt#QMh{IJK?=Vh`Q+Db^h>A+rWpmwX{^ z34$T4B%SkAp10KL>{w#Dw((^8+a1DKNu7UTkG0UdY3c@kWp;Jxde8=7I)3 zNfK>`LPFhL4g^>I;ZPmmQQ?L8#w{0mVnjE(4R!+X4(-*v(?lKV*Fuy%ccH(kV)YLE zdUnKiIt35xC&Kr2kWcf(eJ7PUg0h%n^BOaa45W76wzuNb@{zQ~Cl{{|{VN|QE zsX@2?7Iirb>troIn4h0vS&sO$b+7m!Wr-Ej@F!=aqv6biE}8idecHO!InwC}DEx4n zywSW#&7stxe{vHtNARPrAp52)Y_VX5iQE?JR=r( z#7sNOOd$+yqEc;6BVwWJ1YB+}FG5EAJ6MTdLR!Qcn%Un-D6fqS>u}Q!uhm6fu^VY# zZfG=tr#`B1$qa^(LyC<`Meh)^3MtDCa2^tIdnCx0U+t zVo~cD!oQlRC&pUQx7tFF;EH0NPsdm#z z;uC)}NT3^;hANqr1^sfELWn=$U8qmM?$8a;p!h4X9gYYQegQhLB+C&CpeC?qpz~mXxZ8=O0aWceP;3UJf ztIW3=1a)sDFo%}lXYdZiP~D&h>OPEqUykjl+0rED?Uv&)E>t$(>yqw(*h%iGzU zHM+u%wdXqdlqHIi<$yk-dkIP*|6yV=+vai3%r$khF%!-bWl>#))b zL>B!Po}s;jm4%AfxFJMY`3dRs8XR=nfumAU*x`rU7ja@*Be^}tId%N>o?6)Z{H`t> zeETxIf1d4d(w;nid`>=^6z^(j<~#Rvof03Et*-s}FsG}KW*_<^x!pg7lz3XvTVc^t zRcF}akd!k@^^SQ%FR?@j6DscKXTzvsjxyJyLKmwdBM?vlLO8QXr;r%D{NE4yJ*6RM zG$67WB#idaITx-@Fdt1K)B;m?g&MK^mVz~v8HCGL?GH5!b zF2{6s-}j8req{wuCI7`+~57;{JGGFAe)C~^z~)s>i}ah z;vxU`dj57`0o`}6f6umZ|BacvsSU58m2AqBm_$PPDw=3m@EKG}#CVaSY*z*zXT zrYflD!*P+{yM(x!PM-G4p*FDY4!)1_QLJ2@zk7CQMK087otwXF%9)vber8&#ca@U% zoHO`)Ln4R)HkeSlnHiS{7%AWLrmt;8**DEhwYjhKlmmNo${J(cMw0Wl+p_OhFPcVW z10Q?%z^ab5je=dPDKsWC9@mPJ!K&EpCC=%X3{&=4cJ_{mJgv4Ayu=jQy{Qk{Nw1B6%YkB6jIWZ(;0|k z0N?gNkg(4mP8}7`Yk(Mi>`s_Zsr3S+0*+@;gW!^2J5(9IBE=(VzJIKJ$7$QsA+0ZO z^wo~2xL;GRAk58v);oEY1#+dgWSe+=;c+N?p z%;B*2kbCi&Yja9DGSX9ZgEB1c_R!UZZ{W zN)Nz_j}qXF&3-m*emt}QIAeKRKKaOAUO6ja;B>HUdKoW8IYV13&ks#k2Umjw7ti1G z^SXfFMGUJxU*0b(u-z^I>U+y}Vm~8iVq9Z&IWV)i3vLe!-!31^7d_7kdrvd0CqrSs zQ)@hywtx*)bESQaJIK$mM-|2m*>03WC7{6(I??pR(7UWk$vE_u@fa-bT^q zJuMPKuGfd_U^|40cru*i3+s$_X!TV17ZchH8~N(!-s*D#9LX&7-N7fS=YA0)eHlT$DQ`S&1R#EP;jL^|?_=V)qG^xp(QDIE` zE$ESW3!aCRx`%+S5mXsKhlr%|f(^4#CmN!9@tnj=&X{8zgvcB!hc_FWj0B^S!uj?T z_zYM~U7b(n2E4*yGI8?5RRKfA3s>8j%~p5W%0YNwJJGx6M5S;I$hU?)H@WHxEXDdt z2PN7D0HN1bQim6M#u^qFdfUIAJr`E-^jx8 z66vWf6mvc>6x5~qn=y`;B}%O^Bmw#(_Y_<3_&PB9(sB&%(0~fbOWJ^4o9zlqeIM`o zhEz~v}l=^u9ro>DEF6U0&}Dd93woe|i4uvJ*Ig7^vjuXeZ#f!#L5yRnTjrZZTa zysa_?R5pmzra>Maw2BkUqQCEJe560<6f5&xEFN+*wOLgmiRWG8b+_HfW)_BuNzVUkBcORB)&S#Z2q0VNmg6BB8 zN;MCR?Q}CuKFo6O0&qn`&c|;FgDuG9R8fK3t^dZe= z1mO2w+1<|PxzE7gWLV;*B!DyADmiaA(N5NQGszZJY13?|;Oci9eLH|Dr4YK$cRYXo zWZXnf-8hAro%CWgnkD|X-QQ5?dVJyc@dkF<7*e}vl8m3=@>iXu znkixz+8`=re5(D%P(q+FZz@R_*%rF#!5-`q?YOP)QwaftkH6~P9?>>&+O8)S2xe+Z zJlYP&-HAhO0Z0)2I_PtMwgbbM%Amj;fqVFow-yuP_w16(9voP})58U61?{ixWloNBwpa`K+5AEewXsC?vY{(Nj(1f8h0!qmr0Y!WajvMNSI;vVg5fDX;Q!! zM>y8jbk6ns-wt3cbLFJNKoncqp8I7*OnW@-uA?fVcYZOp0O#A66WM+ddzhbTDalFj z^s659b%OlT^b4~md=8Z37^DfJV(It)!uJ(_&5E|{V@e>l40_Si@gLNhV@?LwQk%Sk z?#q5rxg$O?YJ+?yz6`kgi}6m1M2a>N!n*|%N4@{nAx+)4A@-1b7FOH;C=#_PL@R*+M+G51uK!E-!ce!pQ6P{~>Jqh)+9 zH76rcwqD3$;eWAr$aNAOWbViKL$p?Hij|p^D&uIjU0m8!viqMJ>DQxuE`!1nnZc=^!AC`~s{Fr+V65XKw{@-2Bz_$W2#Lzps9l!^p%81|e7_=S(K?vUWTq!BTgTwXsECqMp=~UoDRm$+?!#+nmjS(Bk5 zsTLs;T^|8;*C7zYND(y*}l!3O`TM3EQMKJO2u(af zohASGnly(e6w6AEuPG^Kv1N(>3#B9e|FNLQb3i(rY2w%S;gn19$%uz|46bhiLzH!2 zx0n)M>G2XH>q6n<{}zyCIkcJp7D1}>|1*C^YOGnfOEoNNTKe7jZyvewo^Jh@UcY8*C|3#QFYr@#n$Ij*3DG!Y;9e%=3Rd z^&f6{+i#sb9RfN;M3SIP{|kZPoMzMF8oKb4ikURe@8*Kx_&(eyG<{r!fJ-KcuTlBd z5sW7jIMf=IcjY?cQ+}-vL#hE>XpLo9+PdRgf(q%3S*AMB8i_|89Zz(|Ea%g5U_84H zy!A8qgf#N`z$;c{~;bmpr;Yd^zlDRk~^qAZj=B0 zIUHZL23g_uvs`eec5SkTqL=o|S>+RjMbWt;4^^G>(rJ!OziC^>kiGx^;ymoJe=YK9 zT%+X8veO|W**TC+H~ZM^Zu@_XzCO?_GahT&!e|vE6LwIKmG`H}uh5ofKH`s9LYqG? z_l}Rc_1_q83F)g*f-OQrYKCYzr>>Ckm+Y?9+gbB)T$P0l{taF<5}T{| zcduAkhQl`)y~aq4dxAKeAvxGs&9L^6H_eCAN7bHdYufm+YwDbmPHQTr_;5q9f)5lN zFE7NCCpS_s2k-DQbNZoq)$!g5;f#7#?ncbva(^5k+V)PRd!j)A8f5$HQJt+-w~!Ff z8o*0z0!1>tAK&GUzJdMknAlSR%O3EWYr^#~LJPwHSX9(yV6POK(qLl}0jfyOwXo&p z@hz8@ue&aGsD5VVNSLkDS zLj=aa#F6y@c&H8}2D>R0tA;s7yilVx2&}xznyThpD)f)1?5Kjns@^@jodc=qT2U5G z12rSj^Sl2F&A8d|st=$Sfh0W!o$uL~KM)}F_mxJUgLdDEv&Gol)?^M$_zlkHn_R|Q zDb}ZeB-H=l7^jj7YOK`&4h9bbs#Ua0!X_^R$0p7JWgYpE-6UFHxC$n;c$)r@_>p($ z82dTSj8C1>zZ;Ma;Sy8(TP3kyUr<#9l7wE<7X>--6+Lv&@_t7~QIAru=R+4)HeGv4 z5D1k|ZvO*+HQHjpIQLp35_7*@6?>7?IvgrOs~82B2*rL^YCAzuWTomz%4oo6n1Ovm zr?-;FcFqZAraA!39Ny`EjmDy|paiGYaL!WC-hdw;mA$UNcM!++ckOq{usx*t3^>DA zHEu$e8`FX1PhJ{7fRD_?5CF1M>!Nq-R`TRrcsfpPWIT-pdVU^ z`L&kY+GmC~YFG{3q79A$u^&KW3o&(Q+(EqED(rE;m%ifbUs%0ik3>Jw(0tVKYF`q| zXU3FvYBnmxZr(Sib*ttlmxJXFgOR|BlvSIvvMW-c-aKrL>)yO`l$?ubT#1GXk&GvC z!s3OEgiCCyDFj2G6OanhFU!7(ua}UVP=p|c6afLy4%VSN8U#uZ*a8!hAG?&D#ba@m z&Dq!zv0b0;Q3vQ$dGiOHw3k^V6}|%qyCkU>?JCN3CIcznaV$*DbkCY#9?>tqr55Mz zcV>r~*P?k_S%Kw9;>Eg7N|K@t^`2;Qk1S*UV!>QTw|+#;o4ZTgDl@peX0rXTfC-r& ztICXBs(Mf1yvULNwZE8?ahB%mU;wCX>{On&VNtE~1oK`OULrc7f;w*g;fd2*0f)Kp z4A{3(k41wG&l%a__%Vy_|MPisLmDthI5j0x0H2`uk3x3ldIU$n49d6wI!Mw<;seV` z#yAci*JVB}F^pJrEl(cg3W3^pQwbc{`6XD}fO#0=W)2y>N8Q+Yoj5&5+XrT3gUbK< zV6%{hA$NFn0;dBZO*P(Zf?d`4yZ;&@I*1yQrM>6zSdHDV4LNjgC}>oe$9HpWTOjSa z-nd1@aRQT^OgGsW1nV(yJ{XIwTeW`Z1#$CgWJRS&-aRO0t^YQ`4o=sIy!+*p_4aCZ zBTS3W?xx4$z^cF=+iKD--QOG=4%}D!#Br6~YH4W(_ERjDEnm5WREyVU4H!V4ULH#l zCxpPc6Hjl!pcw6bRK_UcPjt-~t-iQinJP$7jqfON+7~m2F6-)KkSVi0{=C%C7`zTU zimP#YIL#V|Tnp4ZPBF)pwpn5PW z-JVl!AOoc%dYJXHkohcR{c)6KzgiA7rZwGDx>)z=E4eQ`mKrPhrgPxK0X((<1byNw z_!9#(4B_Os$B_mD-`=j3f5!ve;{bFPwfd~52U-oVS3P6rZk85UMy}vOZf3>F zj{`wBm{@7zGOfpF2b>5H*ktYdW?8FBiHR60@)mFJ(&chOE)lny{jzXKiJ&3B1`5krulAia0$!%>{G zu|NK*6ck{E=$BXR-Jw*7N8`$H{1e0-PIUhe9ZpEbwDAD3f+$1&0A-C!1Fu^r!H1hA z7=!HKIy~ic=o2-wO6!In801 zPt*%+LU4*nLWlN<(okYuiBEV=kNa=7Q|Ia5li?7)_N0$eM-Dvpq^Rq!mso%;;&fO@ zDh4>-dUl3DnPC_>_?WyV9Lz?5$L=_84Vs%o{n+FXjfAXAc81KKDsiI=r*l*{b{HXR zfzJq$p=1sk|5-+C2R5x$x^bejR8ca)%qv6s_1*a(q0#g+QS8g~1|;BTsRzaA!u)(9+;rYH!$i??|<&VvX@1dhq%%&~{{ayysTJWBhEV$agU7EZRnr`ac0 zYsjw<2EeP7&qo9E4a^b7;Vv`5$@;@D$5{>-Q{J0oCKx@D*kL@b$ZiN}Zad`nGy&o7N=AP4 ziTvcVYkze~`MtK>w}1OzoK~MP2x`Fd`BEn)(ZNC%brB9H|HW4uFHG3A>HBY2!DP3^ zN8fk6*k+hJH(ckVl~GF4D4hbjYuB8{Q|TUj6(;@_*}7CzSjdTPL{YHBwdd;syEbVH z`p|T@#?@XJgjX~0q&A0EOH9XvtU)g7^Gw=9bs`da6z{1lb1BaIH_y=2B>9NU^)A8*4CIOie#K34cph^b##MU)B8c-J}U>)UMpY- z=rAl{X6K&yzmBPRd!spLG0@~#0-sgMl;VFgG|+vWIP!xFrEA(CyD zL}_dB9h%&uAe;iS)OULus^6oyYpna&+^=Z!(Dx0oc;M?m?HLy0Yhc>kJNqp7ODJs6 z%5sCRMm|Ld7a-?e*odtlgNw^)T-6`s49@RsZL~+ujWRi3Sn)EOD3cUwoaPRLIt%4u zignotyIIjv^j7Pty^`}NmJ%YDSNK$3^M)GR9w)GZFiL09m8x?EjNM?Lw z#|gu_OcJ=B_2XgjeiS3nc z&D3f#0i*|IkXhS*Gzr`nc4y9gJ0V_E75!k&5$SPK4_n^VPN{APU~2n4%I5HqU5Hmok}BJ7_vAoIe{Mz%3>$ilYQ%Y5VjmDZI~e3Gw@= z(r9fpWe^n*y2@PTOU2Sdv)RwV&^5Pi4UHXxt$9SHSXb8U&&L+?RjivE*u7t}8!;Hj ztwbK}Dqp3jax@GOXVmbqMop~)B{VZJNnmrD){V_6J|?n2>~h5;@Xd0`MXBTvw@lN+ zL)U;IsJMlz$HwsOZ?vQ>wzz&PC+G$@Z`-?;u@lztu^Bmj4<8k&EJL z$BN&Swkyj26^Tu1ebK(cuN?k*?Mf`2#trLhTa6>vq9m0PdqWd)Rq0H!?A~In==J5w>W96ZT zf~f{hLs+7s!mI#fP0`YVAw_NWRge;bAY45~N=an7rhKVwMeje~(C(52B^a9i}{n4%v{U2SRxHA)IInU={M9Q1P~jX}*osnH0w~y!NAI_Fe*eCpbNY z44|*Kf>bE}*R}YKNzPnb7uxN$15KLwH?>pC9OaESKk%I-=G5zRIu3hOVjIB&RtdU1caq?w`}z`^m67F6JV={x+bo~%(lKqSo9PP>N07ck*KY zr^TG%MfP2iTvMpM>&JdEo^J40_wUCxEI!e22)7jaGN1RwXfRWRQF#EEkKj8muCCd* zR@A-O(!w(3TcijsT5#I;znvY)YXJs@*9yhEwI zs``XKLzyJkpmEF?`z=BR-W0a-nck3qO-IXqp#-6$nfmmAJ}HNYs!I$Ufi~vBYU$e| zWXIxfAced2do3MZBR*!Fl0mFB{G?aR)cxaFetyy?#BRaIN!hLtQ>EEJj|sC zJbI8gg6LnpKux{?PPGSB*3y)OmBPAyrZgv>K|9ybt!3fR#vMlPA&b8fP0JKI$(c3n zeALK6OE&X7tmt7EM{NFhVrX=!;}?rcjcgmD%q<tv2O-jqTN!f!1r7YmW zBY*J`0PQJ!pt-sU_sXGMx+#8ScA6gjqnvm;28tCwhF?+k&z6CYt*<0~VS)k3sN+IeLl|qp!o$W^hRj<-RggnTTNAU3` zEz0uw+EoB-f*EGcm@YjC!#{aGQkFKv6L6(2lJq?ztSz-_F4?$=XDWJG+TQ=!RN75f z^onrq7N$saIvkuq$ib3>20JNKs3{>Q*>eV}>dXIGDnkZ!*zCUT4&rnM7{Z0y4Zn+G zWi5(7-Ys@VqF+=I~M?e{7=#=*H)wna}kXSJQoQ{8Sd3zFDt@k454dtt0Csx$$h7 z+G*xYO+k3DttC!ydUcZT^n>s`j`HsCpvh_HnTBwxxe5AP!uCk7ckSb|7eGw~M(4}K zXO}FCDt1BsQ7B{}#io*z_DHgh={y@ z`aM4G{zEa^cVG}Hs2Q59=3v!eIcc zLo}{87mAo5YY|$r9V)DRFMw&++HdgpJu_}TKHho62gg2VJ; zt1S2C8;HhddvfKQ%%?V5D7jAYNDEd?b`JfTHLa7$vXK-Ui|nk_z+MxD!@e0y`AlG| zudWw>htW8!Ml}sDy9WE^wKb8M&9w5CapPiG?*{MD!wP^(ar@LzNC!Jxz zgWSu?SfDLh+yLZlCkQ=tO)PY|)zF5v%k+u4wlQ2ux0JL$wr!|19StxQmC5qo7Ir%R z8?O2D0(c>`-QI0hdsF@19-~DWK>T<)t8MfanluzSAfQIwnLHSl7*cp7ytVdd*8EBc z-=!m9l*tMh87FG-5|6`CzwXc7Zb6Db9$Y{l_16P!iibyhCL2IBiBivECNpA6o1=-* zi%;9;PkLg==bE~N{LsLkEa2l_G+V~|wFb94S}9qeNk6YWiv^C}r_;&R^+aa5lO{1t zgN*@B80v>hErR^7 zWdYN}Xsnf;pxF&Gj7N9M%a0XQ4#!nX2;`Z~bXgXH1;v@~AhbTa%*~cHI zG+Lw^^7&^SYW$>TH0hJA!&xDL+!0jm;YGTIaIxMVEI5uc{?Np4e_vht!t0B5adcgT zS%kBhF&O$4rY{`IfziAsFls4*BtvpJV43y{ytLIi7`+Vmw*D2Of^Ol(4pBM_NKT*& zCh7OXu}HoVnd4Zl0**lHflLljy7px>7gCFCAU~Mj-;1@;O0J5l>KdPX7`HIb^N{<1 zNg*}#L6a)N=AJ7rjEEtsun2CM0s$)fQ9*^D{;FBt(18N8<{3e4p4%XB$-G}XY%sD0 ziRqT`q49iJ{$(^pc6x-1r=-GqDDI<9%Y?mjn)ih!*SU#e^IIZle1GAbi`SbN&j^4O zq34W~BTt2pS-p-6F*lVN$t00$T*+)wKlH_k_XL`*(7t~YaKzZxLe<>)w1zbgxYK$s zPL(=CgECO9O!yv9E1}fGTNTDeoL#0R!sX})CtWN}BH%Pbj$9--PjcbkkkiWW$Y_r7 ze$hfl~)PCkAH9$bF#&=)g`gr;~dP+(txLLLY4az9y~a*2x3v9 z-EJ<6+Vq2MWSdS!2%TO3nmK2Xw6WVdcX#(YyOb%S8Z%`E|Le|R~gNX zlytf&f)kHiF93*`8KMCylhXGybBLlJ`&%Muws{lLaskNUnMD0YmolXi)z7#AWk6%li9()-)le+8A?-;fL$P`1oE`?R z2YA?6jhre`O6DS*_ipKa`c?Ry;2a5d4*z%xM$mRCEV{$2qO|XR_c%mc;uEQUI2UZS z_sq)=Z*BcVB4kwO+{JGD??Ve{05N@yhbt3yfU!>3{lzoOW?1&kuDqHXH%_A|Q>qI% zLu>8x^HD9EE5&GU)P=a{UvINiokwTw0=nwE z`WcRrEV=F9=7|A^i^-lfs>KHW2g7{592L=34UC*qt^SJ8!x zq#izGZA6m@82^Yq(Q*x^-nJS zwJg}0hme~qFYYa`0hjVVkex7kwGm(Lx=o>lmZ5VRv!P+)xuiiA1qP)=&(hAO9P-vs zh+5wy0(MG}A!0GEnP1_=mTL>9zE$pU>wkXk>0!JMb{)q;xe6VPROm+u|-wg9@8K@e> zut)F7MxCe;*lH4oWRTlB5E7+!N3asOYPPO!dw9&P{TW{Cm=}aK+t?dqSFyyL*zw3J zP%7NteMs?THCb=)sJ?!xkobp2=)YB|AyG zHzWwTdC|m-%}BtZ>CM1Q;Ro;;;;KUTuiyF~7sS6vA+5g_I^EZ7Zwg zJg$|9hVFFxEBF<1&(xA1f!HWC>qo0vKy`wII&NSQNmnQt+5JNpNd%Z^E3MqPW+$rJ zzWS$_x)%JFXQGfdguCfF0qxC~*};MO-STiaisnfiatcOYFKuWQ0=_9cdOCrSIgmv! zY3{K3WTki{Ld}8O@PHV(cPn*Q!j_DbNma=C@T!iKTj@-D!029m!6?dN-$>~=0e^*% zY$;hw={yQ<5vlQk=gO*dgse&C&3O!<(@6Z05jmXE0xOoWMIQPzm~?40F01<#98h;E zE;MrKFz0t}@`tpA`V}8oPTcUhFx0yi9jef^Y1x{`x*2L6I==NEYuk84YdR4(6BDqi?7UHTaSLF^y*p_0&)( zcH37@&gZo6XyGkvB`4Mr!%WD~_{H(cl*3+K9htSbH%snrpRlwo5w@NL>GxK6;Pw3< zQdlf=x&Vft%fk;bns0)J`k?o^A_Ui`LzZfL;K0rE^1gPai}d_nU!V7c6|uz1PXsxR z*WtheN{MFdF9C7vP{|IM5#fakYVELbu@d_t!d1E|;oD`s>FqB>lDWz|;w=wUCEXaLD;s<{(DmG2RxdF~ ztjSN1PYq(cyy-US5Bx1^o`biCii29L5P}{&bHsMdvQVJ)m@zl9kJ+VG%Wl%0(4!ve z#g7#CZ9AHqHl0iArtTe%ZTdZT7n+`oC1W~|S0>9_o4XyuJLzOI3eM8{0UV=CY)N~` zz@iWCxv1Ig>Rv@tvA1=M&i7cS79CSdxgSvD(I>tXuCeoP&ka$RRn zti-@}m$sPLzmoLqd|71WAM^2!^as+`60j9el`~e0s4Q+!36)Dj+$oQe;@Bk<&POuk z`5tM6Pex|o8BM)KoscOg3Rz@y&=$2B{#Ki4Ta%YUa`LA)H6Ns^@7=G;^9oBpA^Qkz zEp7XBE%G#{T$D1;*#6Heuq)mxi{OG-U>Ue1$H#2_=bXJ`lsx_BQ2{6M{THP zl2$QRJHyNtic)x4@-7haw#6KNzgNk|e6pR;#*c~6h96_Z+YWUHZFzUA7SRyf`_5t4 z@1rOGmwG~eo%DzQYQ(KbX@NludDdP8WdhnzBntm@mAf<=1M3g?tLUg7X`u(O^9Aq$ zrpQ+@qqyIh)gPxKE^aRQ2zqROce78N{!2(j=j`2ooceZnzZ{U=0~9I)6gU&SJW>r}dIzrH z1YsgkX%y@ut%g2h*fU~n{t0f@NHro?Ilnr@{%5snlrXxg2g4h^6)(#rB@1B#yv~?t z{m-yDcz{Mod+uF`16EV<3fwJ2PX0WS{O=fz_y#L-yioyz9QXv_LeEKekmFQ}rjXT8 zT-7$omJHmde1|k6@C-UVbW;XE%|(heyJO15I*;?~@En?+JYuzB^&o`Y^IC=C7qZ+H z#h>G^YEWF^NZ~rsMy9OxNP!EIx0%5!45c~^@$RQ!p%SenBmw_N5 zifKh7uzuF3FA|b1gP2|nK6!A^T?kLMA-K*y4rBP)TMGhmPmUgN03e+|p+9~82|zJ8 zxMALhKVv?4@a_NB_59n@h%yH!6K1@{k~UrVRaqYa!|e_#vGZ~l77u^ye!H(0Iex2b zU;n%#+0@Xh zMg;Je-Bev%aKHTdJ|1t{{U+XW^z;_e7M0%|#PZN*()j|`3gq*Cc)!{xEdCK)W@aNnBPaK;-8>3=*#UJGXdzy%jzD7}}mg z?0-NAO-M}m9p>w>SE{TC6GMUWwxuCQzC4(MlXyG9souo(Xx!!~BM+V@7kqZ{!L!hdR4O!ti8W z5FM*o9^0AP>W8Ju%wkdqMnfO}+v8L>itIF#Rd{=>x16-xHr%#+e!hXEP|I!qbVx`Y z_v3k^@Tqh}p0_{4Wqw)E7Q&vQ0tE;%21gcUp=cv1QHB zW05%6mj!cndo<6mRV|!k($)J2WgA$G-JZj(|4V)KkYB1IQ7zK$6EjbFj)@U znu>PA{F>1heF!$$t*)EV36@rf!6cqBqvPhSGem;-k>}a)`D)xs{%dV513(Uc6;0B? zrMk!Q-i)O=@{+GPyOo4&2>A zA|~@bBrtVIlahV`GHv=NQTq5_hxR}$Ur1EGyP1^w>Oqkl)m*A4d5{#U$lU}koIzaP zz}FQLIsOqJui1K3U;y%ij7PO_24YXR%}%zChrP%)EHGlLzau}CC#whj0XdMk_G6_j zswn;GBp!VU+G8S9(ug!!m^a8Pz~RibuxlHZ)lPnPn;TMHWlXN{?|!?w_fWN4Ii;ed?JWt@^VISXG;lp5`=X6 zA;YtA-$3TrbYDB8{kM$+(x?M zil`rDZ8|i@=)biuSjJ!v5+WMG)u-Jvepscx3<;=1UCq5utsPO*fJm1& z@1GRHq>kwl5?C=ZB7+a5w+-YduWfyhwZe^%j`eHT7S1_NZ3fU01wevr0&Yc(d9PhN zVFjU7--Ym`)TRh-v6_s5-l6k0Fs7h^fod*Bpc#$ZC8a9IM&>-ZMu{FccgKxU@s~(@ z4L1g727x#H%03-bg1J-rFP}Mj7SjOx9NI1OMQ+529zK4Zc4QmVL#=d&{q?4dxdVTvs6p{gJQvmK~vk0Y5;5Y5DHnAdek6#LG!tf#2BE2&Rcvk17ok zlLTaayl@6LZ+WQntzWdfZ{ndnkPN`KkNJdnudl-Z-k)mhpgp;7GOmvcbcsLnC3upd zUbiyLrl5JkK7UbQ3WKR!NDEOL$t+TGG_m4qhJGbboXJeJ8lOueH=xgED5|+Sr<{kT zJyMVj3swypQ}{Wsae+<`wZGZJradr-R5;R~9M~k4BLEi*)<>u4A2}i!9x)6v&0W@% z!0ZynZla_r0PDU^Brx%tSAiYL5{^P0xC)@qF47%rXsPQ)q=uucH}U6w3KdW*^TFv} zOq;)(p%`jjvPWR~hVG4ndfH%)^Z}plk3WAJ*g|6gL3TOXj3+O1ba+kj&}RjZ==5UL6c9V2lOjG-tGldZ>uKeO7! zcxBkFeGKa7Dnz$^fdxjXNiC1U7Zqj^Edl&MaqGWcOf%H7u1`I>w#p10GC3K3oKrLB zakj^z&)yzFH&T~7&EYQi0-zRV>sW+*Ol=cd2xOK69NQj4orQyo{70(Ic>eKJ-&XMP z4aS^<4NE0pkPh?fe@M-Y3YI+D41LuX!F$u-1LkFh8;}IihF(5Ytbh2nquw}*T zm+Y6wZdX~#7DSVSp%OjR{TXTlNLO9?C!4dF+2EuBv;=?x5pjQj%c0X9n_F2Us9VTH zDlrxJ7J68nt{XRaU2N-yhlKam;E?UdlYNXD-}>^=pZqZ3I5Zp)a&q{wAD)@5zlb~z4PG~M`&L-$i z^*x2MhuFQ1Kd|K`XVYIF#?DhbcKjH6AZAgWh>#L^Y{Fd_H|35l$pnF0kr?8C!8_V> z0wQ$>o6@f_ohd7g*OQ%>(XV z$w@!hAdZUFbl`%NlFqWOh3x=;29RwnNVhy@TKFi^C`HEg;;8oUh6aNkFjs8>VX?{} zGFCecu}f+ocj%w$Id}_jhSkHr`Xh~?#s>HKqTJ4niA4w`g$4KJ$?lE~M0fO5@OMyR zvt7b@wJDaRmPV`NGP-)+t>zWp@6Al)mHz_MTLoh*hA z(H7d8d7i)CYfw!|LR;Bf`s8H;o`<}GS^n{x~01#@|JBm@l#RdEF(*+8xV%G*M$xmG}GWo7F1$JTVr zY4LLJAS~_HvV{o7kVBKjdf6nzRDt>Gj{De+j?ROC2_E1L_S<8r2Ia4@LI$Vn|3 zn{Z0(4iN>HDBu2XI(10ZyX@@-!VEnL5!CSf(L+b@+u$Ztid+UC&0GmkL{nLQUGNcG z(|mh@o7AwEF#Ir5cphmzmN9Ly_e0ezDjZC8Ay{%{P+$+|TOS~X`k#qsfMqI5Jrnt5 zl(pbIjcmp_KB+VBR6y@fg8EXN@CI%-m(~TKaO-(`K65PD(gO0-?ky08XnrTG#vWv2 z0;bZFGlV~V7^A#qFy%sqJjBgh`rUY(a1?70=V@DCUm{D+?L9856MBRK+=_cu5@`98 z%Sy$ro=56BsUKzn4(d*Lp@W|=5O7fmjp1U4=iNzOY`!!95K9~P`%!TYM)muKA|>1D zkx>*JnLAb`3xuytSGY(Ig3D^1iak<5*0R zGsIv2U~Z)i8?LRoq~~0Z^$hfYr^V{ub?Gz6R?-|^foP!F|Nssww^SYG6iLaO?{l!_OBK_r! zt^vN5!=N6qLXuf3w8RYMq>-}vM~fNk*@fOYTl=xUH*xo6)3SM{4hFdLBjHW-=pc59 zA&VR3pijhz8KGUhA~ zYi)2LnxF)oDddzRVr36eFJnu9pI1`W-O?YDHKaP1XQdLWuCQ5GJ>?*9`Jc53uY&-$ z7@zX@LO;3Ac|lbF``S629iSbaS1}??=lynaj4XomeeV4;nT{o}PuMJ|j(1KxH$I?+ zfjQ~+GnAyeUo7VUe0qRH5;Y82tryng-m@S18Jc7zzHo2ZO+x4=;Zj}ICDsuNcPcsl z4GmWOpFDwvS!8gR>dLta8EyD+-_GsuWI=s-OvB<3n7QoE3=hI0IriWe)m0+p&Q9aF zZ<*(@Rf!55rQ)eXNlhk6y<|x#F&VvFJt>Qqn?5d5cpF6Y6kY0=0;yWWhUcq1DY_!j zMwXUxF{b!W*#-u~3g@pd#z72mNg{7%cB0cw&9T{ZrC!vniu7To@1D<=2R|=J5!&Qs zhRL>vrNh_vGFAQpk&ma9$-y4BKF2y-mD8S~^v&a$MG(`Z4w6Ip!-ptB zuFy6A<@E3x~0a{@d#ShplUa@5*+x0lEE&_6x2rj(cVDb zUya@adU2=1_i!Hy3QnSrxHSf1zIMm6Kr5YQ=pdix-{z+}00FhR{AfOH?9OCVOcXOL zwgl0jL>Zd^}v+J19xw$^!Y)O%t{yz^e6>M3wpgt=XEc|oCL zo;rPRP0Fsc{nx}Z0rBvr7#?=Jx|p_N6U}SF+#=ao1^<$`c8BOsI4Y8wy z*}PcAKycj;K?1l1M_FFswy#`c-CDbJlH(o!y_>K-5=5qKQe0Ao}=Sb=x`6V&4%gmGpoDiSC}1n1#B5Sy#7ZH%IhQ2*ty3T`Gz5X7*b=Q z<=8Jx_bTnwFOkp-g&qz2<)M8`B!=$!LeALPcmz>};fRq4J>MNdw3ayO1&CvU$di6BS*~D)MOv8H4a-04pX*@PYSj%ssEI@2rTH|2OfB}|Lt@VdRzpOjeDQnsOD$DKa+$pPC`wW9**q)#I@;h;QN_?NJc zmcx1?CR`5hcu0O`>H)ZroW+mfdLda5FrPi5lHrJKZed4rtbeuSTuM)O5QJ&hPO>fEGe2fH+MIcqj1(Owb)|%62<=K#c?S?#9!&2ng zcgh)x=mXH%3DTn&H!>drx1Om!foIR*3FZO}#b-V{IY69FA4=KwPk)9%-@RWtN5XHj z>ER#l8N}h8+%E$);5&GED7GoyPJJ?*{KAtdcE^Sen=;bfgODwcS6K~@ljQ$EVPqI@ zeFnITBS4t|n&o@BFY)nktzKXAS>3p-_Yo?r+8=Z59_9xc-EL#YZTYe)dui~zKVb`Z*NFoxkE%NFf-k|-EA;0$#muU`DgU3k9~zxho7o~59fq^uXT3Yx1_{A!3Ll~6Wu`KWw`T{L5y?i;T zzs|t0V*y|`_@i4#?^C1B+Qt>m3E#SxK`{houTI?T%KX3kGEcUp+^Co}vUvQHx4GQD zH#(b?L6SkmLPhp|=E969mWMe0U^0bI*C9Ol`ipWEL$zIZF*?huB(QP+Z`jp4!X2io z2{orF#Ga_D!h&Er;+ubr!edt zpC93NuLrCo58~{lDyL)s7N>U`=ryz|g~K#J15d)dVLG~y9IC=;fK3Og)%m$!bbp^9 zntz2X1wxi`T2vj%sZ|LDDve}Bg$iZ3I2%IKgTMBDJqjT;D0eU>MBhwWaqZf98IdhXi z@r*YM%(p+bLy9;beFizdE4YUhWTf(2?AtKuvrWY{JIgxexFMX&6!mCpzp51J6T~n@ zqX|M0;Nray8Snv`%|TueL_({BQSm*B@O~*``)v?fM=`-2lfeym1KO1go8VT>LvnGp zQalPV4VHsAH~%{9Yp2#G%aY1qJ~t(X$w>alQj?tpA{KmaR#1P{m@hhS(>0MnyVFsnY@C|iKLxQ5%S zt`{mee{;~H7QRYy<|5C_HQ!fK<$Nmi7}6~sn;!jJABV~E!q%<%;>>7y{=sTH_7xMW z`J&9$^x~^p`O8|j^37selQUM+VmDmdLX6UE!)$%^0~uSB6Je61JXrGQJIkZ#`Jcf| z;)_}^uhoywYtu71llc`#fgO3h`4wqgYqOl}JeM0a2(Q>8ItnEC77QPH16&vVjf%CBoYYSY1yP246nks= zz0{Cu(0sM3(i~rsBc5%|Zg$h26&wB_4F>|Vx25*o_z&Fy`=Wj;GeqL!cXRP1564vU zM-Hd~(rJi(Dk1`ulVm~^6t~RmU-g*yG#N^D=?bDFx=&K0ednlHBT=IjM-xplm;?Cr z(bW8lL6qRO(Rh36S42eU2RKKIqHA$%f9hfaMV3Nrm58TpZKDif6@`D+_EC1X z*U|NYkSTw;Y9n=#q!pr802(CjRBu*MQx4;o>foMRUCN6Y&5o))J<8|Et7tgvTVZlA z@}n-&p9p8r%Zrdq{IWx>YSN7MldfX)#$aG3wcbTNugHCr8)+do=}?Kf`l#=?DZp7J16~Vk9@g z8ZpJjxKlxDuj;cOeRpzuonE;&D!V z2-Ix;Ivmr`oX34v*W;{o1+(MSW-02$xqke~oWzN(lCGAYO9AX~0%J#!J2)r-F{BKr zCq+p8f%G`-jjV%STPbVr8oTTW+;~sQ{u3PI*ZA{WH;?hEkDrBj){BnhNNP|HLPL0g z_bfU?;DhbVpE3bS{#A@6PYtDtXby!)*zuCT4Hxo2uN73gjXaMl19^L#!u6plc*`#T zxsh%DK1?cDHga3zlf4!YTY80fJTNRJ%vNB8&Q`WNm9;yr6;cW*Zh56IIFuIpOLDlD zi$t=nqWPwGOG~)EaN;gA7U)KFRl1)a>_`Py91}4Du!SpY7Z%#CG&>y`qVo0wN5X=> zLlbkHD&_=9As+ZGgh5_W0x^lq33(?3eqH z4s}=be%XMX(r?X`)oyapC!8c8Qa0md*>v(uJhlB<>j$Hc6Yx7PyZtF2zL0bnV23<* znMXU!!0Z2=V(guIqLI91fNg>@Iqlj0w%a8P^LNvy9RCV{G}pa<=>l}wx@!tk@@gIm zZZJ=~KFnXSp5xodb6IAhi~_>H(T{(4FcS8~iHF;}=@rNuTBdyp znP)%Qpvr_-j3qHFnMd=eXN z&RyO`WBb}?y`+bLlb0)^?Hm8~P}tYKSC94&f!5}_53TM^gw1^UisEREE&FI%)|N&2 zEnD#2&MR~JmogiYa1l7zk7tUOukkZT+{{qiezhZ6 zW}$8(u%E;0dCM!@h}AR$1CT1%_f?x`hQ1HTIgFrimHh|Yq6zkJFe@EoM`iCK-x?nR ze5F;|g~dh1^MEt+Cm|tdIYjWfxOO23f2L~^>C#4lXVs!zFKG{94JAr4%objN=X0a@ zcSsa<*d5Gv(|6UQpTl}f7}R?!0kpCTnaFN(;VL=KEDHGo?^g9Ag|9G*`|+~*XbbSL&D3#s!BDWo;?-I zyQ!UD(gEINTfXCi-Wol=%VQ@9gJyqv6KiIadzd0gDs;xJ)dv#%pkt^jjTwhBFxL7$ z;x=@qnjITtV5kcB>C%2a7%L*;5+Yx3^Bv+INTN5ZY+0O1D|EF;!-Lakh9sM@{Q;Yd z(`eU@QX$+T?3oF*4`h5bimlilT@dT$?|BZfDN}>}V~EB}@jHfrU^IN#pt_l1EU@lvFO53dQ92s`a34oSSd0 z%A$ISfKFsSS-H|jZqmNzGWKKjhAhOXjZvVg_Wis%?B!yTP2`94qEvZx_Q6aXlf@Dl zNn6^3nM{_lL=}Vq)DM^9{0LRri7N8<|@Ae%L2d8 zU%QuCfEk{_&=kA%DwpV0&(o-$q*LBW9klNJsaK`q|GxBJ_g|^60p5Y@ zEQKaFM>eA;>jg}rfXz)><~GyPH27p_*A8!Ve~`TQZ$i;10L!a>E>S6r$FB0{9!&&L zPc{Ep>79!~bhu=M6>|j-3J_6sK!CsIr~r{8BN?Td0{w6c0Qz`H7*8sfI&*S;rW*7# zsRjG2pZ~@(D2NzsM7%XFnqSs8Mz_#SKMj;~tBepvsqn0SmgFiaOnN&F4?!V`b!5aI zy-A2A=AIDI>$AIp{3Zl>Zvq|HU)1-)N{&7jl!8<5d?+J3+>b2KvAkriX!3oiSO!jd zUwu0jWI@9qg4pzF+ilDrAVHjvAa{T(aZaYdPg!gDg3QPuCjxZWO?6X!C6~`X7 zI}#_5#`|lK;2)GJ(4+grZdBZq1ilClnYwj`fARo<`}b&sRy%e#v1OW0Qze5vJ}(Tq zx?CQ+3DtxueLl`5jw7k9O5_3V5CC`}0Eck6=#2?TT1m*K`OfEaWAqz1qtA?eal+nI z?TYH7QGd`=R?T-Ip{yKD|3o>;MLji^r%ByPUKe6ZE47ihv?=qC*engmK9?-VRS+64 z{D6QOTXP2iHBybB_YPCMl>2P1`NU$d7xW;wQ7=P~2o_^7=D@_ehk7EozqBS3glpD} zap7Ndr(T#M!0Go#7XrS%_a3*PCAzuyENdGuK(eIc#(Zv1<$?C`$?|}|5^L)SWyB>L zP5hpKD8dX2-l`c!|LuAQ2K?6lpPY*98peOj!T#+nO!z*{J>^Xrv~{x$tnezxu7xSkpb#td|%0}2%_zJ z4);afs>qk!4s5=Rf#|%OfDCdCauZ;_w0e~&eNLB&?)00X+C>xNh3hv}0j|y4f9J>CZJ2FtdOQ4Gb|gX1$d;A0#cHG{hfgJM?g6 zBRH}w5%H8ge@tKiBIYQJBKL3yKK0*;Qct zBMO8KP&9drSbRha#sev(uyXF)%b%k%6XpQ)w%Z;yJXp6^4foyS3Y0M_9JDUH@3iR{}3{muvn3a3eX}&d0mDL-tla zY%L*5<`_Pqt&d3+Xt0CZ2~I>}--kde0Yc3lfElguyySDt`L5}kU+=~GIN=g%>^x%r z?b}A}c_(pq#wOvk)NvBdPc%|`){2W zF*!F~24j+|DvqmBzvL~4G}xYxByW?+RDO+p{Jk5Zd*2$N3U#p|Ykw~)`>|5t;^5QK z{pIiLi)cDWAr7c9L+S(d6d82)d~_X}P1PrU;U)8PbU`w}>Fw)9IV;eg>G^-%*=T|m zZ@u}R%RfNS1uxJG10t3dDe6j-q%EI7OH81UJ{naC?oN66*dG?jNe)I#GucdD`AgSM5?LTLE zCZ7bmt@MX|W|8FL4C^Q{*w-{e>*I?E&*o(J*8JyJ(Hj}+xlqtJC3v>@ZXYF<>!2}# z`zp5dZ_wQ+{ipPhIC?pc_ubzcN-K2l%G24AS3zzUN>Xhp$TX#al4Se;nwv+zU-KVV zdWh>iH}fsXi7x|hkDzngA#s}bVPc&2eS$QfTRaeB)O{a}cFJWPJvll;I# zepbuTD8Iq9{WoNl0MbMK~w-r24>6rhLydDk;-_lOw3u zx=SjjvAF#2!YZbmbi0s7UKLUEjZ0y*(1(WjubIo@k+tGeJW1X4Btyc4^hhCC?R>wO z-yZ;Vkm}pL)B8*PuP==re`+26#nI9eudG8Xd#xXqOjt$Zy$SwgII3c2(K-eJ<|BP@da`s$G)bI# zSZuVSOwtKcN+eAv<21kKh|_Q5>wjG2QO3WZ@j_IL2>x#Eu`kk<37Yu5eI3}tsxhPX z`4XOE`6J{3pCqc-hA5hd{X`01MGF}ebRQ1`nd;%*AR02Ra?!%{;(Lq4bn~@1v>}`p zZg4MtawtO*7j?@*I(+uj%yQ|%PLfJ#*`*S)b3H+1RIbCgvaJGsF0H>_G&{VhH+Yk7 zaYtRF_ghBeF?1dC|1pUBs_csBD$Y#WtkBL~7#CW11IMet*6(wT~g*4=f z1Wgg|i&ds+j^u#DbL=LNO?Vxr;{GkLsFexB>(i5CzB)6`*<+QJ2v@& zbIR|Jp+R~oQI|-1B2kM#IAsGceD6%1fB$%Vyzbt%ce&O7@X&$*JVWfdn{5GFNBbv4 zWf19d-ROLVI(M0Vx8DZprUP)FFTwgrF$yA-K7JB{LEMsaQRYEYVk$~H;n+tFc44gy zMI}JY=m>27_P_M=$jsh#8>I*=fN75aoB_S~u=RT}$$1ixF?aedZqe)S3GEuSU?;+5 zcLHGB+WWk+^*C-NfCge4dj!de#{+7=>#)mE3tSj=!$nGkAX6{(Qvs~y>|=<1s{lA) zPf@^hz~iQmeee3%x%sCllyib6BAp^`y)pw*tEK~`Q->Mx_PA|1WH{1gV^c^rU?{LG zj#^!!Xa)~#hEW+YnIqVi8g)-|EmF>jUY;bA1(YeuJ^JV8dH~E0qA~U=Wwbk2F1_Y& z4-HE$8=au-++Dkhr)>q?psW9Nj?^j-S0u_0Vz9by21(ObmrQrf!wlt*EmI&Dj&hkOGPZyk!1?DgZ#u>=0xvbNl8+f(-`U^^DUx zw%nKPP-VrgZ<#e1Znz&|~)hcGY({%m-^o$<=NFNC9c z+h-)Xwwfp7Ks3=Dwb|cy;Xx<1-AT^no3XpAFz}Yx1@KXvIXX}mx)|XG+l9I&d(LX> zhwq-rXZUBm5Y8Gk8)bDCuX+QeG^7{Cu6{=yEal9i`lQbwLOJfTgNWOJEzlQal{HtV zMI%3M?pHj3oRTmUr24y7g1YPZ)fZSDu9!3hF(IjKm|gCOUn}M3A8&%*c?y0fd6k`X z&AH{3O%WSi_eL-7!cPlu`r}x8IF-Fn_=kr8kN!mmE$p=8_QRnmeLRrEgJ*0 zfZ`fk-*thapI%G+qw8Zf%P`ASkTx{5M833WrPvY?R8o&0X=?o#T<{V@7T8f2I&?9_ zV%ujWz|R6mN?`-TDq0bYLhWo5Z{)aTVb6AP z%)Lq18IEQbC$x8>X>VZ*L(wXJsl9#MXaS(LLT#Lv&4ddQn*cdJJ#bh@6$wulM)$3zV@#yeQlZD(hD!wH~{pNE71>P0=Z!AUm-fLo#LgB(}6|} zU3n@+)A-JZ{a-CQ+c+<8e*bU+vr}5BsoV71hIwH|8Rq?(f~p&c!9fTxy;!~VcI|_# z(S!;G$psPOLM{vLY6ED9eiQqW7a?=;xYle!$Y#AwmH=2>COf;(Ei1|3AvM7KU z1%TfenXSCSz3B`muG7B(_`uTvE8VZkdo*#VEg-gUS6;oX)~dBl_*(T>YVynJzu{|v z3w!FtR(6JIHT_~Z`FGTxwJJV^jZxIYBiY$K0w(nrJTWt@LJt|vZ0h68KW;Uuje1y; zK;RRck4taNP#KVMZs*n3-u70f-2$=)Xc8#CP)Xt*&EU(QI&ibl zq6*|KR(}6~ofqAo+ee+%_{c@+(B*gIl zU~mtr*M!>E;dAUxpaT~HUZH?<8xOrHZAoD7R(@}Mn_qd7|4`<4TB`5y1&Q7eU`xSR zVJA3eE=LaTtE1>$;0xUzrHeZF__wA*?0v~wJ4 zb^rrRw;NIMk>AzheJ6#jV?Xe&f#c>Pf_@4mKP6#H4%g;z>-Yt*{BA!G+eh$wi^Sl4 z!m&g-$1vXQb7$hfrEMaPoY5I_d(6fSUAVPRf>yyf?E(EeJNN$met0qR$G=U2>Fo0A z`sP0cS#+;`d<-krDr`O71{(JK#qK|U+IzWwaQJ^mo#R(O|ML3R|EG&es4G?@D;6AC zwC|mHQ)s{5SbMPkaO1o0e^5Y(!&D&lED&5tUAy75PDqr)uj&&N?^n&Y7M!7Or+v6} zv~_%NB=_6hgtwJEV4m8kH>w5ad6pintW;^EQMSmF9Jiha3iQ~@?ww!weeo?zR#hVO zpomSk^0g5le?$#%+Bd7f_vvEk`&+^OH(t)JA*t9$qWq-(OtX zt%7cGWdS@L9ay-u3cR(F)(~(@Juh(K0z)DXIKJ)#PT~K-O$E2K7qAFvLZ}}KUm~_g zDV0Bg<2ms!2t^I0sKYr0bkFTopgAN2#odAEZgsjei@$8`{UojsT95c2=0WfhOoJ#R zX6HwqzC;6vP*8@aQ3}wHz~!%44|?TZjHfp&*r}Fsba!nPa)lgZxAG#Nzr&Z`JWk9r z4<_IWb{L99CWvqLeE+?Yo&c&n$IW!*s!KkKg+hKOaK~`Cr}*T>x9Yk?AaCBjt(~lj z5-!KZ4NT{t1$p{$hM9#fc4!6u*%b86-dD_h23?H93hh#Ej)W>y*np7}=2HgMAf(P; zTUDJu(fPHNx+ zpTg4J;4IQoqnr^?_dB2&+XpXSZtd?BNC8T#cLlCo4gv}*dWsT06vG+oV&IwU6+I5( z#myt4XCIG(s&N+&YTl?7K}KOtlbxj_|PT;7A1kCOYzUl03 z?LVh~UTr;Zi@ojc*3QmRyVIesdwck?eXzH;bxfJt$G;xZm))KA{_*a!-R-SoU`H6z zcK2m_tMlrp{Sxx{XQu;D3D!%v;vH`t{fgiBw_XyE{Z}vBN4wkj^>FL3eWbt~xA)qI zFYr!?KXzZX`Sc*l#o>R8+e96kcl^F7r=+#5IVwGsBo)h-3?ebVhDk6!dTEHTupkc@ zZzWBF1A!0fDu^>31ZW)A1a7H?w?*e|sgM9ar-dD_-%;^8{57yjb@gqrTCGC0cX)nY zL$Y~g(Ln!GvF$u!!9V`Ut;hih=l~|sl+;jSRXf4|R^OItt1AWZ_79XW zir1>p>$k;P?QJO~2Uh{ot0seqtr3cmElFt|is)+pf@QE9eG9GDerKhkpoWrl{{9<& ze87Kd|9Xve;6Lm~*0LoS-Q1!<4N6pNo8q^^JDk_;9mF!#T)0Cy1=(O)4rCujez(z* z7gj5E%}6y6wyGn=ZAQ|Xl(@;lyj#sG;#(oNOr#nxO~2>pMzPIzQh9IX5`wgrdj6Q6 zh(aV^=C>cj<6%$l0Sn^cC1!~4alp~Y%PQ_I1P2K5;*@wJdVunPYZnDr$pT7q+zHA( z2nv?1a9OVB4Dd4GIzZ~^_bi~xIyX%FA2tNA8+`^xKuEmKucCl-@Lfu_D@)2ZR6q-X zDC`%AH*-90CAk+gT0IuybxL-G#Z=B1?=k^_fZLfj#1e%{LG))6Qi3%F_w)kmOcez6 zKI#Co20W!RBq&7Pohdg9u&b0>JaYc+h$HdB0kFt)1#tC;)puF!4;MS`&!ICLiZ*0T z@UhHip#woskGeE2eAT>=w`_6l4#&)y9y-mIMP;A<^ND2PYlCNs~v z68MMZ;k@0iNHMtJ*%|rr=c)W`TB-Xw)%VA7fQU#6=8Hk0i<0{hU=@jh3Xnw|x);39i&CaJlEeh7sl80h zC!zu=>b!ELP8;!sYA^b55%y3?j-IW2L86|m+0@6oA%b${i5TJ)Vib5&e4Qt0su$3k zR#oJyHG5)tkK&-^`@a{+D;m?gp%b9k?c&1WLxuB`gP9@PEUyCZ)Uc57zB5R&zBT~$ zug$%3N(e3aX^>=<6H;W>j%*3mo0Ol&Exs$U&>9ZVHA!76BYILZvI^I4dj%zt>A|&0 zRxjKsY;NAUCx7yz{OAlNL~x(&DQQcUuUbOLP80wb-M{eG0$->#*|9=pRM66$KcAU0 zpz>I!ZyP<=7jl+X$i6Cq!4H9=}O zu^2}LwL9YWacc&o+Hvmiah1Y>`w)f!ZT z>ESl;mtDcScyOg_xJk@GTdaQBD#*fxT=+md44}!qIn{aQg6>|IwWV5n=H)Jur-Xq< zo8fISI2V;3V3mU60E}atUul@n()wwdvuf46*7d-a@36e7!RV3yDyt=A&5?2dsLk9R zLUpp}I~?Y)Pb`7a-vYH8lY!s)@y8$E1lK34rRL`5YKi81bCclF=mZUdUjk?&5f)SD z239Ckc_kUB+b5*z27%NzyKu(H7)~erDu6oVD6#YUVjB)EUu(4`LMzX+hpf}hH>&@Xecl*~${%biX+(|NRCpeGv=G$+^<9Ti7h!fd>4Mpuc@;w+| zt}dV#&KXK#Spkq)4b3z_zJo0JU^Zm#cj^NKxQigy!nSF!R`{64N^Hmp$k(Z7yL;`9 zaHqX0y)C;=U$O~+)bFX{d=cS&5C~F^gVw6_2=1S?^0`o5^9s->yaDRO|9N2aD#;%%?*%+tbX?T6Lp=nvtVRzsKykWLe~`1S-RpvPJ=aE&Y~BNnwc> z?X4YHbF+j@3d;aL{8I!9C50uV6tZKKP)Sf|1;x56PjWdQb>h&7n^-8gYR;IK8kOuT zK5dQ0Z|`#X+@i-rtr`1_UV~W&*3$CCnZI!QC;&w%^IW~&yvk=oTf2lzTihr0pve!V z^bFU^zs!$bx@TbBlqJx;-jX%2SM&he{u7& z21u-}b#dX3ly20$2oKN1RXz3C&WXeWxb5)X@6pl4hARlNg){f2dE9<^h@#e$+#Qtb z7|X>^^w!Yncw;?+!kgq{;7HqUf|T2iH33ZBin&#zW#sM*OUZ;>?uhXn$;Q!e8@^N= ziB6uJjb>GUa`w0yZtM9cjW@O25U{P^<}@m^&mCa2oYp#E6$n6a^AQ^wscZRzPl}3p zLpMi*>pGLOKq=~=My;sTHu3Tf<@0afy1dwz!R2Q-sqz^%P1qi%adQbvR*9qR_NE=!!!z~xYJJV4!Hv{*+g6L)gq zY2t~pv@*WU0r@<|w+}p97k=Lx+@RKap0umRSN&FDg})SX!K8;*(ZULUDdcwdVUhOs zAVq#FWLCLA4SV3~X%Az+=~_MTLO~rqP|HJoB_BWO+0ws6qc+LED~gB`p&PRtse%KG z#yF1Nt`b`yl8Kd+B3l3~El@+elah_dJrr@)`TfCS+$xpTmQ*E0O($j{`9cYo@`jQn zE7i%uJEJIUqF7NXC^am@!oj&Wn9@77P;ZctCRZ8}z$hhL_N zqH}Qyh!q{6@J<7cqLDiWLJLewT>>kRB$srlyb;RvnFm=YThv{K{_q6RVx1@L5@MF@ zJ@OkCW**`X%}uCp>Wlp34|>0ZZ>*w5Y0(x61hdzhowjvW_dVo{(&Z&xhL7ST?a%trK5V`?k5 zSX)u3k9rczA>k(VGY>r-`4uUbr|;1CjFBFhw~M6qXqt#WGc(oX$|E~-pX^4cD>G?#GcV!EPfk-DI=Rn!DvS+On#Vi(tdZ0pwrU?PPz zkeJQv0yy#V8dQR@?R;1X6+(Rbd#dG##QfffrC@4J$(P2}CdItj_iV z<(rNn>Iju3aZ;epr91N6Q4eohxGhC!tBN)vaPNYfC@OfOq3w;HE`BJYS6I}62w;Mo zGc>xK;%f}aM&O$}kp{WwJEYIz5nN|&62aF~DsKp`YSW7`*^QHTFYf~F_^4I&E{qHP z0`)?14Csr5Bs$Je+0<%N1uVGFY6;FX?6f0-3w&?B@DCUp}Jm zAL<#Abp(w~yY*0`1u||neOpMmm-rMDl@w zZL)xa#`pbu^s0gOdQx?$uXSN?sw|2CGb-(INL$X=k`5);Vi2;rH!$93;oO;^s>++g zIjIP7TZ~;LC!L~;+fvWc}%?c6U-gk%IMXT`5-R|9c_}Ii;4yrq#qZ*tg z=Ka(DZAx2o?U!O@1=W_SI8&PWB2M)#GpsAB(VVT3eK(?^ZI;{qY3q5LR8p~2_$yxK zcoR``2Lg% z7(eV1I@fOXCLlj7)Uf_;Fy9~c%_7!M zV>CX`1%H~*2fhSNU&5U8>BW$8aDP(G^mw6Q31hM(lCm zQy^yXXPAzryLVUc-!P3ed+tgnY?1VRnZ6%MKbGmnen$s9cgYQpu_KWe>5`2ZY|HS6 zF@HWFAXy;%9_BNXt4f%^BCSaH(YAZznQ9rnMstCS>iZK_fPY2H_`2(Uq~F}*$XKXB z^(~U8nlpYxO89CT{Ma0*(Z}Y7S`5F(@>Q$W&sZrxoL;l-ZP*#x#;(|Ywzu^h)|o$z z)!&gB@{3X9@KDu}-@-h+%uKu3hWcjgv)AqRYusn_8KxgR{U@dKXP7RZJ-UZS2hWeT zUfx}aB*aU0wvToXkHdoeJ6>*Q>v$_Hg};p69Jcp69iVygOPB*c_(;ev2HeAEyRW;D z+=Vd!VDo2K>gBJU|C12(R|ER?@u37SzeVBiJT<}duY@w~*IO?Sfom`dsw9K*ZEwle z)HgeCcYk|NX3|${^=aY56eN^)SMXnBtvRu6r%J2xyUJyNk#ij89mjG*ukPCEr*aB{ zD*3wL+m+hu+Bh#F+{_=+>0VE~Mu(u^Juvi%*rE%yhvZ#SF;GUCg))I2nc^YiO3oP; z+oET!w?GbH>02p|Ft4ZMuKp&vVd7npHw|detDHY*sR=FA{)Kb>re68sWObz$)bLlW zUK>14$6X(w$I+%fu>BeAu=FI79$35{g*>^I;{N8KR%Gu;R*kE!V(7t4;zb9QAUuj=F6mpHWqOA z?@MV#&ak`a`9tzduAHJyLhmA1=l)QdasW_W`rW3scXny27$42#f$WA)~aI9a7G(6?6YcbM|#>RUZI&DC17 zCezd$g=uP{REqK()FNnau{K&PVbPTu6)>_fzT|>iQ8B>RpZbb8$ zt$_w9FJc;Jwosj`LQ3<^vln~YC-lU1;rH1`2;^>RcQK)u)2NR{<8V$^o2w-%-`qn_ zu+42uSd6)Mr92j)NvPF12s^EK7I`i9^Q2Oe)7PprD`E1gPL@!c3c5EkX91s{O$%vh z_1t974&qvMN?SwsOlxTMYK?BKQ7wwJ8#pmK!*Xi(s9%9UoAj`F*kS#aih#PLZ5gyE zO@&k8mwi9#+-(qQ=JH$&T6xCYa19;hwdXdNk$Y@&u7t*<7QpsoF~O+RWl?%y)L)jE z-a*S1me@$Mb!mMit&&U9U`$&nQz0paI(5a)L8lT-Z-#D}Kqr~AYse>#LoNh#eUD7qVX9yxd!}lu1 zVX9^py{cO+OIM=|YZfTw!ctj`U4J}OPPEab(`+)HcmYcU(J@t1)VRNO^Zd5@jI_jptzo zo0TTH`ECO0V6HEYI`qb}6ta*JLqo5X&>)K~opl#1duJn^HO;E4XnXv&RI9COL*$6< zbEF1ZKx455MdpH-Zz^qe-n5rCx{C(TVTZHXO-rk3tg*-*+9;k8@a;^j1&6o7m1ABS z7_6M(sZ;s@A>We~b|6BYJ!&%3B%R^Yg|g{Gqi8<$Y(5h{QB=lZF?_)x^J!_+0%?-c zu_j}4Ge+g?j?vD2Tj1{fM!PUP58M&i6IE7}!=%hA$f>zL2CbEEoE`323Kt zoC4n7=6?8~pE2WSBO4DP-|E8mISphH7csBqB0hqIAAk~w2V{3XGDL(z6i79yC5idF z!EAtjFNw|e$GTbUlNca;}Sx5u4h_kE{M@BNiC>1(Hd-q4%gG;@(|*!@yIRHZ{I zC11d~fK4JuVMRIQ>`R*xvS_brg>P2S*S`_8OiP*pRZI=pC<+7P>5=ZR{t!PlwP!5c zH|j3J26lG)vg`KDY$kPzKhydlXF#ni`q3FWWN@F@YQkJ5_GHoQ*mdVmQqAb3xr2;S zcEw0n(r&fS@KoPpcPOFog3@#i`8dEe#ntx2#+RQ?LZ_Z1?rcc2lV+^xnhuUtM!pY}OYJg_yi?oryAqT&r%> z$(F-_+r`?gO%X{ATzAxxhb$B+8zpMQNuk~HZ@CY-+7tQ8{G>LcPm8Fijx!3`+C~$D>Z@pXEKB5@VS@UnOljLcvme@oC=D*(qnXC+^K<*u}>3}w2@XeV0q(A^`*p{MaeRL2?os~*^ud` z^~Z%XuRT?h^f zjmg0Hjl+OPznd77Arb6<62WG~sb+i;3T2Givqtb1_EGTmoza~_j>Ul*VV+|67a3f( zD#YQ?MZ!govB7NON_nCxkO?XOIo(36uASGIQZbVS;=o5_U&->ba7i|;s+1yG8I`VN zO`GE4(kP|@8?qLDCU_C!viL!WQjIW0O83o-*66XniBM^iWx5mxO$InFlu4O5XGBSn zzTn0aAN|!xZw>@X%V@okG;~EL>tS*_U1}rf`mMUDW#Ar>^uAPX6wg5}~y& z1&E}X!g(kQQaGjfN6;UNq|zr1a3D}UG6N_Zj^ed+8rVwtd`mIM(Wn;{#M%3BfWvc! zf_1=I`ITuQMLgildur0ugAJPFLaedzWi=K}ukNV`@RL@hknT)v&z(K6j@N74Vbn|L>Qj zUIbNtTV&k|x%Bx0dhaW~`B$-YvRa~^pR7uEenM(tY(b%h{QeZauN64tZGZa%{CXgB zcJc+dRHQUvf=z--|87gzAvE$77(eFZxmGJGNJN6x5$M^35e#q12>M|3pj>Z?dxUdX z{{r_knY;;Y&N^~?=!Ro*Q^sQnm8Bt7IShoxMmJsZE7&mNW@tFK}p27Vz3{D7Gz(N3q6V5=m9tFr# zaUTKA@aU^0jZ_8cK9v8(`+El4x3((oi`7~=Z4sWL1Qo3WqM0O6x^S+6f$Ebh)u8pT zo>N4?L?SRx%{z*5leJ0lEXv(I)^xLxC-VeyQtIQBq(Cq#7`4~(Y-TXw$};xM0tjpQ zX!~%F=^>JF2swBo_C{fJm<~Czcm<;(C62Dm#5G8ijvbn;?r~52f-(DmGFhajsUtYe zyZvBwNom;+0zLne^|bct2;(z=N$oFV+@${Xmg6{^=!Q0o#x}+Y=hMAXJH^?{%|lUU zr6MHADyO+7epq)nLNV4J`tVzv%ZSc}vX?FB`LHep<|qp?ywM1qkuoQp1df+ime^E` z`wA~4{l*1lNV4mVazf|(37xljBpKkiYO_wldbiQ97Rg)}dR)AW)Q^>+=Z;KVn`GEI zdi-pthM6!=3vSif9@M!tz&g zUJTHk4f}-cC*5>X3#zAkt%|A^R@IP+`rZ(B*eXFD^fZw9^O!hocEFJkWdXV*17EEV zfSX6g0+RYtxtw}ws;if#I=(R}d5iMu8`&|DFjgxGp|417GNg(yc{&EGZ-i?qhx&`i zbVr;NRbx?ZN$iV8j{en1M?mE;YGV~=$7+D0s-h2y>1^aoT?|196ny8PBSlkiRDgqY z0xN`+(yw{%!W9f|Rd}zk15*Wl)G?bc!?JR8BA3IGQbo`R{Ms9aAc4g3nP0Lo5~uI940&LvDG4W4dpX562V-{m(?LK|lM zYw2lY)3c z3Xr-z1a?KL0h{h7ki5SN&{JTU_{016>6+|NlqfuUWQI(h^Ug_cmp#y9Ap3?H9E%mS zXzIiBh5MK-G`&FGrpN^}-k~QmY3C`lZxik=zjvoaBl*YjZ|T7H3we5q$ zUypX5zc~JkZJ;0NjrDc>Y^;B`hMy1Nf0T}C-_^hSN2BrZ0c37KiGS1^57su;{vqmL zV*=p5?M#IDM=$8jEjKzFd4I$84}AqzfZ>N9WU$RwNa<6K94k?baJ&YvwZ3HK$x4Z& zU4G9WYOlRgm3T0OvxvxaF!ZnJVN(PgIjkyc%0n(sGE@P$`|k7^mcRVLgjd8U_UF^- zxLK=RU0qcH_YKfZVy%BOs$HGc&`CO6hiWvIiu_eYJ5Zt+1|)IxZ2MuO-XNmQ-`8Yt zM&vnzlCYc;_Q*Nm!^&E{0T}Gr#F>rG{Q@lkZoxKtGiap86 zdI{qWho|FQodX@0q35SM@+ybO>j^3cy*lH+W!?L^haC!$G>h89l_^u49>>1 z1vVu5EQG;KoY9oRpS)}zZNGr>TTgfQc8`CBZs(ru9`9q&re_C7Vhbg8$Gh9F_O_11 z;j5#=gHF2&H+ff2YRYUXM_@U*MPQ`A!V=2&cXFK$ES&4{6TAw>l5wTT#R?8DH#KH& z6A2+u*fPE>h)2fGm;OO(Lk1Ak9#=ns%ti6PA#MLk_`gx#`0haj|F7f6690dNKT`?b z8(DhrGV-DEh7O1X-PE#s99E0Z0e~Hr=>Z?uz+H>j?Ogc;f8BZGQOutPjQtoB$ak0I|9DU! z1l0FsYPau?C!=Y#5Cy$+aCo$Tym;(`-e@{pH122H`^S4(#(d_YyQb;s&4PhHZvz7D z96$Ya-sr5rYMZE-|2ZzTQy9w~Rh}PzJ65;I~>_5*05}&X9LEpKV4-;eJ9X#9F z`gJkTb0AHm(>e#@i_Y;;`{?N4XfZh4;@#2Icjkbj-MxQ&u(fzqU^`B4#%{1^U3T}6 zG4fz1!^%7YTz}?{7D3$Gefqq;pJk;-!LXoN#$sg%ze`Er_B(rvfdTjA4=*ivoRkRi zsNFf(`*|_c!0)|xrxsLBN`%@u*#4<~oMj>}ylJp_B46$vXIYqc7w!eVCe7J7FWWC) z9{il)Gy^Dqa@GfLkKmN`PZtdjj@i!B zEGGh>;kgC+lmR52-rY!V6*k+L3!XGh8AUncx!j$P9PtWP^IVl^G^3c@~(s?wMg`;X(*# zRyJfd^57IM0{Lox7fxZ8BdD48)V==mA?&2%XAw~3UbWw+fG4Z~f&L^p7Ln3~!V9_6 zd+(gNhPFLiJ*H+GF~4&O4Gr*NZ=_@ShH#SrB{1$b3=~}{X-x)re3B9%;#(T)c(MLQ z<{nB1e+eLO(Jkrw&jjMAkg(I)WF&C!As}@A=?poX6NWh`0=EqW23F`DK0FjGX6^{6 z%kFdBjS0O|5S_^xY$aS{Mf*$;51L~JTAs&SZmkLKfy_=1st61710Mo`|8Zs*!nBW5MKW=xL)-{~S z_wEfUkKnFDd#j;q^ppb_|Kd#0k9w2Ct>wr>zpvsU8`b!M6P?-MeEJi70ah~3s@U-Y zM|j$mh!)^E&odq{;}${<)eZ`e}A&* zP-+rJWrw2i@zO&Rq!J&d!@H#b5rD*Hh?(XgU5sdUSjrKzjDM~q(S&J<5;H)aCrpgM zC23;D&Zfx|6F{OsF(cGekzxd_mMLa|n<`Z_foid07Ko{WMH8ZyEM{4xxw1tYsuC_{ z0Xs*$XaZI8#Vlh_l`uvQ6AKx$9HvEb#yDUWHD-dnK-w6G%~!@uNMMf4(VkrvI%b*O z6tSZTPRbp#EdLzIV+10J9y4|@LHHPf)`1CZe5Cx*0)+y|ECWp!L7L#C3^F6Yc~Zy- zR4sO^|#C$_6Vm`5mSvWi!Dixb46$Vvz;gtbCR8Q4 z%yJG=WS1s5DZCVo&o91|&BWxFBA>s#2r~kVZVY)PUdVr%I5Ps9Ph1EcBOB*GO}rUt zLCQDh58yUkmaQm|i9)nb5`HGbU3;)Dii3U^y>YCT zK0*+h4ECWYvYt2@JEPOI81P#NM^zh!bTs`$f24d=wh3<6{J+ zAyAf;#-aX&#HC?p6&y@mYWy#f|Ed6spI83--NT1z`v3SBmH&PR+2Y|+{`)7czY4JV z>6*X`>_65XZaj>v{{|#3<^Nyf?;Zu)TiNY5g|Xn}OJJ$i(ePoT)>x~p)kUM;Y^*ic z*Tr!5AJM)ZixsE_|5ueb+MH;KC-mh>E+_r}wRD(>T4_B}$t-}spG3kenfaU& zmSA27N~{!35T)GqHdfo-ej=km;V=I7M8<)_6#n)^#plB$^Gfg}r#N9FLnh%Q!f6~1 zyTLh6qWT4Ej&ag35kH>@9mtBhB)>mVfv+%8etklr&?o^upNJp3Dhu|VH|U9YrN}3+Bu>ya^DX;FE^7DOI)78JZ8q=*VIn{Y zH=f+w=7_?Q&IjrDl)>6_d!B~kIk$`h;JN>OedEQoso=Pb-O8|h_j zq-R$8OBto6(|@DKUzGkoc(Cy>YX7s*Sla)5t@r=j(gbvA0=hH-{ckq`WswJba9o&> zL{*gEFlHyhJSZ!RhkHG?xpkS99a!il9)#~|b+{6Ik5_^R51Q-W!BrqEb>v=pxD%Ri zfoQC$tXl4#5{uE}nO{ABY$x&Kmyu>DDHy3*1aH-r&ooAwJDH54jgUyyPScO-W;sI& z7D?96E79UC(=$@zDb^#e)di_FVb6y%iHt}o0ofqwAvy1jp!bF zm>F1Av~gbuTPyN}8XR=BaaZv=GbY3J1;DME*}n9IQa=HnnWBWJ-?b=*OB z;J=>*NtpxB9rlATAI?C9{*)s%QTfJWr~ z`>*!)bmmX(Uo9Ycq7{<}g!a*~S;{ID4lbC^dgzY&qlbrs!(C3oTo#%~xalsee~{zY zIY>;6VIhLTr<6Aj>L(n&08Xn(U;FOq>}*s0s;#oOK}uB)gj7f^8}jPVKO>K{xx`#~ zTTgBi?)S)8Y^pW~L+4D_Om3}z3S?)psk_-fMLNV$byBO0ugsA_6?8#Lg6`BR2+(SU zTA150RL~2n;4f7Nmo8!av;KH9{DpJQj232y9uUeAFes|MNZn~Kr7mR9vzD7)H|R}` z%0^wx&<&^54Tg5ROrm_)@#1)|Q-fQ1`W*Ef-YLm>dYeSE-n%zcPc=E7c$XNA0n$@j zf`hK>pxP_^_6A-Lt0fOC+=!|bdVZwfqbXG`oa-KPV!8@Cu0l^e(H!F@Up)Q<+urB{dZUnb( zSW^DNqIxXTu&6(zg6720b%>Y<@$nO9AbViad!!=paqtkD1VWCwW`T3&7I~YmPMzRA zqLz}v_4HmydFSqMJiVU2IT0;=eagRK?mswrJ9<0Hhv_o8X(b9#ITx`%;&KsqwCsAk ztONJLF}-q**h^j@E~GSB+YrOan=;$bkIXFviOo-0^3iw zTNN$>YD8g;#UsQ5BVU7(hnXFNBjb-qq6j3}L0^~a-#z%D6a^B*N2c&CN;4I{jaHkc zS3BNLtu;%p^=c=z)@8gFFl`g^g)GmwpfipY6F9~}qLT>S0#MJityY1&=pQo$>`ES2 z2zCDx>LG!JJC-D~kCB}qqMJ~Z=F*gAK|A%xE4Wf%3i1-RmFkfd3mh3 z$B^KXQ&Q;bEMZZQ%0{Z1gm-RLVhyaSlmO>-dn-sNj-qK;)9{#w@!rBZY7+TFLx3#F zt`1n6s|Yxv4>!;<=0z^uqWDc9z6tPLmo1T$$j9!^c_7vJ_R{WlMJc5TXo0YKQxIHv z)u&$-xFo=7yhJQk6@;xLO)Au1R+zr5lc>QDwN(O+^h0}i>>?c!MdCXq?iAH*6zRYu zPj=KBKpCL)Rb(OW-xoxxMM(zZl=4AWhn*62BaQbOGecIpFZ(aGR`VO)fh3bfyfJ99LmK_@Y~P; z6CThaZrgbI065#TqU@|W8rK=k#*qv=@d9ef8I~z{D2n=fYzUi06>5W_EQ%%#OF6Cv_lst&~%oasMb`Sg0_tjOu zXdYi)-?AD`OH>->WWY)*HXc8sXB{_;xlyo8RU%`6g+l@olTyiR~v0=V9(*yWVCl`<^zA7v@Hq zFt@m@iR?*Pen+Mvg52l*ai#H{Kl7Y{?7ON%!_m%w{-HFB;yDkk1-aQk`nn;cKgT=#L2(K*GmJB zB1z6m(X~riKbxY2-;h^Lo@JO}ruAiUUw+(mojf3wf8bl)PhL@{=gT2N*8TCVmIedoN%U? zJuKrUo5tn}1rFsu<*;IJzQ&9pEyCyKsX+5di}Ii>wz#>;W$Gru`kgeKqmxGCxf!T3ESy1%1{4S7po=Nd!_ z>L1E>E^>G2xyXyA=Z>$^^YWY=%K>7NmIXI~G0T_?k# z=3TcL<89ICNs4&Yid%?99d|+Zq57sy#6uZNq@xo{l;S!oF}#NHW44*2ZeR3%9cF}= zF8OwC)X{e>^5@cX^biA-x?aVK>)VvovJ~!O z@ttRT$6e9@?xJ54vy6OQwaV-~MU`c<6bW=ArCxQ~M`jt4qv486VPAqEZs zS1cm#F1nYqBBQq;ngh5+C2t1KAMl^tsJI{>L}6E*qKOgg)?%+qdwLT0mqu zrwPpdDCipm-OwsXf*xYnkDaFPno1*KUONh1e?mjwb3;r;<~8MfVnaX3h7iTiZHG-} zKKfYJn~8P!aoj?|$-qhO+lXa;$R+k6int2vg{DHt^a7oW4^h(0mMDh5S}pZtUHUO3 zrJ|``vNtm}zfox3w#DQIH#Va$V)GmBCpJ9qB&R_dCPE5%iR7J;1}#X0M*P*c-)03e zO$37MTy_|S2ZWryJ>PqMaqOP(6KkU6A?UzA14;+O8hPk+3If6`?^N%wUrC}wE* zoGJ?6z!bw}{qB50kkBn>5D9(qDICWp3MZkc*w~gc^}Ql@sD$G$MM`IzjNK6#xT6jT z0HScZI1687M3=D<+3!r*H_^ETN#0qaz%!uB*nr|vsk?^M;jSU@xEqSAa*-2-vZvfX#b!og>3XA_I!oULBNBbop~ec-bfFVaJlSW(mKbU7dP#` zDKr^-+afsl0ArOa(^boYQk*;I#zFbx4}fiT=J8r--lH0tWKGp8tue>HX2pZWQpFfrO%r~~(ze)h9+tEY-iK)8PQTy11j_ACy55LGbbJ1&>#~topo$Hq ztX(fM_Y(no?x*xL6qZl&ql$Yc2SWtTF@wP+&+3a zx4`cHaamXebRYZdvj#ny#Mjw;X1B$_;k$ez{#0L=J&^LsI*Ka4iv4HMn|R}CQ2U&1 z+|K{UcjW*1;ri15$Dd*UJ3Jc?tJCZ0SM>kA@!i_PnE&tZmiE72!MP9{L?0dv1`^ zZrP-jB%tCRao%iW+5?($h5}NLf|=7@WjOS&$aojVOLnZ5hqo-IoaCJfmRUAjXDz?I+ zd*EC`VaJACGs?5vf(_Cp8TH{qbIEx)T>S4uS5R4N@^Febaw?-mw)XU?xK?`VVn9P|mo;gh@`K}w`qn|q&I6YU{(f4z5 z_2fu+E3&D*+=SH6D-U2G$JuAw09~P);}wK`i_cb6MT zV|RVK?ESe*%5(t829wL|=g#{AZ9G3J_&A?+-+lW-yw>JI0@9*enJ+tA5H zGvS~98}$LneV_DUU<^^uiPbSS<;SV&UXtt2o3s)Bh9uT`Pz*d|taiLN8OaD^Gs z@3Nmt=~u$`P@s_!^axjlojg!cIf((}Ns_<{F!(jT~jc1eQ>ktmMXo1y~{U`7ITO@S&d0i9Ra zBjjkqpV076!{O^qRb~V|Le@*pT?)J5lhogwIpOe7PlwW*t23oVpk4T&Dh?P?AWlKP zPjXANanX~A2My3MR+Q@nJ7#@Gj#(A5GO-OgKV^Dr&NA)-gBye22K1a`I((JBNCG`| zHf4$&>tF`NhdYpCZ>2na$~y}kp5D0+(-GN4W#t&v=vP0dJ0=+b@=3vL?g;k(1O_w= zZGd6rrCf5t9sqJf2U?smkLgG!Isy4>2`d91n?EEs_uo zCd9pRiEg`ixWv#MolVc-cyYuV_G&AqXy7BmjQ(5IL3-|85)*L&)nVhqa9|dAGr0~- zn|T_|HKYZQ=fGfDh&4r0H*lS!@DIn1%!iC2gCKalQN44HT@=pZdQV2DrOD{*d!(T@97cT0rZ{Dl1?dL_63$N4GhGu&z6Ox^?pn(xp& zIl#lua3zS^T)VxQ$wsjUqi7Y)cwFt>1@W$U8;Y{QY9A@)#JKt7w7GngYsW>9 zcP_JP=H$!z53|CCi-K`K(SQYja?j4%=BC>ACNW%BYY(!q)6_`X07ckQV z$Ua^zT#SOCu0*(M1w3yTnJpO2SqcHLnc`4JP1;TE~75+B! zCd_I`MupM3@f>7dTl7ZBNvR<*i#R{jn)Kf9UQcmyX{a%Hd^SfeGAcA7zL2g&2@c~m zH~B!QmTjbI3Ln&gli~+HauR)E&1?rR>7Fc#yL2FNI!VIAcf$34olkz+Vu*`bKxz<7 zNEF?gi_~x;QV|tTK;NyZJDt^=26JlEs9Mu#_Yi{FL&*i)20`Sc1%$>C$;hFETlS&B z9O)~!#UKH>gHbCyA+J21EAcBzi=~{&6msO$kwTdW_0>}d90gm$5TN3qc*XgiDf4nk zjUi)YOt@sNWk!T$$XOJ|ydpSK5@uk)1dcDKZVEc6}EGDa_iqJz5;peeCOpnYxzaMeU%D;%0&>`lC>!r+QN${I{ipszVV zmFOE1DzG0+5(3E}MA%_iVIX9<4+uB(+=-MwwUMP)7#3FY%tJ4p4n5$&TFhVqa7k1N z_LM~^&OGYCo#G+Uo;IP!3SFu5ORBJF&%+=Lf}D8{^T?Si*QTm^K1YHLm*if^?paY} zB>sga^obSL^H0ur{*k^`sXw^OwU<^+fhH`_h;$)0-=C|ouhhf|d*X8D#D!ugnnApu z+OvO)mmV#4JNHrCggsAvI!gf}Sa_9rgi@#(ALRVq0UPxChCJ`~A*b)=08P+p3}z@z z(I+nZlOJ%o!y#>so3dO`Y@;CE@Ak-j7d_t5qLLdb2k%yLiNiyY!<&Rd_|ch7&;5z_ zAI1_$X>nxu^2swy?Wmgaj+fJ~HJ|YQj|bSTecm_bkBI+L|E{sr|M)ZXKY0Bi312;X zUqk<6eQjes>i>QH;rhl>|6}R@ed+&w>HmG{|2?DscXGk5FgKiKU?otW-5ZC8uPn}} z3sZR@y?&r7F7^SR>;e9VX2b9RZ~3r$5T@e;<>h?;V5j}`)pK%M zMUfMC4?|BMx|EqH8V}ZV-&Ln3at{c!c&U7%!&>rrAbrwa244ToNh?p`%G6G$SY;0q zx229%mJglte!5d*vv=GHly9O(;OPbZ4Bj;A=ome*%&Pu@6am%sr1xN1T1M8Ceu93I z&7Fv6dk4RCca9DYMduh;u%`HCOh!Rr-#1PFqBvZfQ5tV(VIzwE~0#cfT|ky5vGqQ>4~B>i;$VKJ+G&>;WBzd0cxOhvzS^N z4l)dSA*qCEnEZKhczb{6vtsa&tP}l%p`vka(;6C^zv6W=)P`*0Pp&8n*K3tVPR0KS z>lq|e(@^sKc5VEUQ_nx}l8E94o2C-Ejl>_KMLk8;vX*FkpOhJ}L#Sfo(IZ{BRJMJk z7vmQL=A&>Y6g7v?YSl~8ZE@lEXBgjY1+?(;g$6DBiZG6 zRz4{#OT1Rh#YZY1C1M~JyCm*&HIJ%pgP6wW?>)miG)LzevdW1}f+u4*nM^!G&=k(8rsuat}{apX9M za)FKc(d1K4lu;#-qhC#8>Dh1QWFk8ha^yKoWgijjV16KMQ)ZlKI^lS7&R?mFO zLrz&bel(703OhVReivs`@@1AAi9u{@$ZYAV3f<@Ax7@WeP;lbE-`<2<)MxnZ;w3`Td4M4B(tMsKTW>ELR8YVF9mMfu?y?(16L4Z`V@>q$W zfpgl3x&lSt1zeGlRAU1XQ)?~Gfc3?)|08;IddyTNN{Zl;vg(*`%P<{9u8!LQseKjl<&w|-dGuhaIyh_L*R*! zXN!ZH22|ICWJU8_0FYj0;!o*A% zte14Z8KEyB;RdqejRE(yWY_RV{60yn;)Q$ByBK2)MEcmCL>6TWb(F zpP(6gHdLfuTnro-?-Jc%xS@Cfdu9_Edt*q*p8MQWLYgsR5K2wYT&AL4U+X4^7}gR~ z6J?UuRXg~WNx)c881_l*l4Z`NvE^7 z-M8BAe}=Y`W5B3mW(lk32)93^O0*@YmWb_lUBrG^mRtJ1d_aze*q9SBCaJ|_^x)5? zz)*xz6l>&CF5MCd;&sk9gz*`URZ+zcim=Z?5}cHQCQVoetUqJBAh$2Eco3yOu@+m6#PEweVl8KkRWr~t z9`W%_QPoLg=F<=GW*VF%ERhM0TFMa5@oJm>ODWxtmF~|etz6_F05lm`qgWblO$ zXQ!0a5{p(;hLJYVFs_A3w$cU~E8XYPCez@J0(9K2^)9UEoDhWwH7N5rc{2flCO__m zIpNE$jZ@UA#!S_g&Bs}9+`?GE&0OMvQ}XPDD5a)|U_xIubEy~oIESMn=J@Zmb$i;A zn7QfiPbB*zKcuLeQxn3t8Ef8BKl}EA8wLBaVDio|A<_W|A=9(a@pdK zl2NoO3q;7^TwYO6SDah?7>@B{xW>7hqq#t(WZou)do))pW6h9*oY)B&>k}6_(ckCP zn!`z&8z@7JI=Qo}*}2IK9HqH8KSLkVMLfp)d@>7^at4xF(S);*DCfz>tD2AIYmtde zdNx<8b>E<0ael-_FV(F5FiX{b!2XtP#R0CAtpS z#^U{=)s0d*9+1xJ=|;9i9t$ag}AV6j-=0?r-i~eySSkd z5sLa3$r3eh7M-2NRWnukFh{cQbLfRWEY_;5q-dtp?MP1owpuq@l`Oc?S%mWq4u~OeI!iL$*?&|<9;(6 zNiyK62Rt$enFiCzn+J`PGJRXauMs_ssD>mI8{m6mk!zI21Jq&s<~R{e4t?Nm6%n_M;f(A%e8$|>qhS7Gk3}tSS)a;6%hofDeahQI2eS{l^hn8 zJ~DN3^s9OlZZUdIR!`|E95+tu_o1neSmhSeira=k80}{ae3A8#j?h-eV+vA(pj3d0 zh>DIVj>m86C->{ugL+9kek|5E<1DG6(6f8^bNi^Xd$7;XrLy72EwNTt0bz`X4w#wq z{sc=%fkRO@S09vC*Uk7LTH2$^LdnKStbif(fdW6o3mDR@@%Y=uTC70dF0c_RpgC~a z-wo{V(`ThekG?Pc0l&XHiAZkdDH|AYiOdN(=j$g5+{2U2q|(gmsy?jg;tx(rq9Ug? zNi1otTzKtOHh;(4houNY!00}y<}2bKK!dQS02^#L=y2)LAp@ zJUB^bqD+=AWtuY&%wWl)#$}qTq_qeS`g%Qf&T&;68;Fp2G2t%re#)P)KQ?o5EVnuy z`VMe6tK-dFatuX@H?+~DR5WwTSTsZK4CL`3!v0|I6sp-cF}9$E zO5{HMJ_V7;?6vh2TxKCXL?Y|B#zn$zko2rxnumbu_8YG#ZpxuP;!$muQnmo20UTlE z?BnURlM{}(I_7pkKHF)}gbSO0ad3EWc-+a<)K2F(bJ=G{ThCv%_m4{=OX;J7SI2Pq zj1DAzu45P~RzPo`H}!-wF1I8qV17?4{st8|#rLIBf@l>z`g)_88$I^9Iq$I_7Krb1 zAF&s3iE|5PkoHRq3Db$5H)T;gNfiuK$-f)P)Ua>YT8q>&@#S2h$1O199LB@KYKd04 zmahDt;Q!~P^WH_z=v8m@#r^-(*EYUuMEw6eY^*QiKYf+IdpY=@AcqRZqLWXBHT0>l zQERN#>J8EOzPa|W`EVojsQ}gB|Ef~1^P;`C2fOi77$gi9> z@%^chE`JiF5DKMSII21R_9Q30bjZ~3*OQz->|2?&Sum-|6q=LMnK$fnUNx87-R~T4 z@l?vMPgGhLFzEB6t(QigN(#&DY#ncz1@L#6+u1(aJv=t^IVCLdqP?}#K7tY}MH56R zx4n(kwzr?;+OON~*93&WJ;@zB{ijUfZ%=ZETiZWvJ#S-@{My~$df9%GlQ%#!Lnh%Q zl9$>pY0Nwcf5DpXw4Ze_5kH@Z-1gz&v%Rh7l%&2t$?fgvMEMoccAs(rd_I9Tx3>=E z*G^|oeFK`rUn_gnY7JIdREE+gmP|l*ERaYaFck+hiIrbaW4Ce!lefKxtyFfa_#gkn zaCVLQ)H;=YlG|2YT`3Z{5=}T{;TIfbDVICmI(ptd#zKsw2|L479Ac6>dID#^!-VD3 zt@_F{il5uwYj5qND2|)KVhCJ91^CeWrj^hey3VMXyEC~El>zolLx4q$!oC1_a&nt;mV4>2;G5i#0Jo>gQ;%p_ zLf174hDtbJ2u#(?<-Ughzw@sW|FOQdz83fY*I3g3rT@RB|G%aGzoq}b?Ee4oi9z9R zIL$ILd*AI1or$Ak0r7b!qXVij*YzKjFdeR)XK}bDAs;D&!((ZFY-#dh*rmH%vKG3W zdwJLe%z&OIUW6{^%tW0kWYYd&V{2#UsImRx)&5T%@x4eZu{O8F;la_dEFjjBN~|G_ z`6U*@c%X9e4@%_F>mZI>ODMyKAN5kITuBH^`85=WY8}@w$yQ}GB&UXMu94ceQ&}2o z=rD$frV?wIszi=S3fpD!K#8gvP#|!%FQ%}z)XUM5c)Rx4xfwdZ39>8pc*P0eTY2GZ6>XtviTHp1ru^sLwmKPTz>M5WUIG$ zv1%JNg>zx(&?+s6giNjJw4lV9KTR#cicsO2HAL$%`!3S&C~({}JZ& z$K2Sgg#%BTwJ_!G}TgdFTLZeixSo!`BkhOnwwizXYu;- z<$5zxUt51HsxK`Wbo8;MxjY@6ko|llBaIfYSBH zQ;L6PshiImzo)CKjpI!{j&{k$g1CS51_}WvBbiO>iIO%DZ#bd`zMMa?iUF)Pqc56J zoWhY2*R9)#C>AIQb(AE8$^zshqOoz3TB0A803xm;P#0frZ6m#Gzebu^N(F!6^xn(^ zuJYxp+y_f>C=H7w=@=XsmAdhp5#K#2TgUc| z5y_M)TFH5qLmN9!xg<)gsN4~$w{YB?Fj$Yd#*}VK8xK{9f8rfV28}W|YqX=LnUkie z(@jf-2N(1c{Pf~tP_x<#m=K@h2W-=Tc3T%12@WrEsfsz$1xC8Zi_NIpBT!#KyM9~txG6mFW4s@@sg*yB+@t{iWgDHaGO2R4@{U9MfAq>iAh=XE=L1`bqXdiW7>>Ta2_nBTa*6qyWUk}^e-9zbJ@4Ehdy`E6u z`}$hr|ER$Cjl=@Ghd*yHgzq={{V?px&fanNXzLeUL;j{uHp9{3Vq}TKql2daZ>Mv7 zr2K6g58(MoIjL_!h4Yv7>Vtd;X?u&feA9C`>cL=C&Fa{_$QuQBc8{#<3wBLs|J439 z0w~`DY(0uXfvK>|S;frjAY7nklaF6xTwx_Fa7VKX#*JOPq$)`}&kp?ia<{YH0$R@r z2hX1E!MSR!sf3-a_RE9));io=4Ip%Vl@~ouJ{a?x%kQD#lBNH7hCVLeJW%SNkpenI z_?yG6;}_kRTd%)uB$r$rcta?goCjRl5H95YB=O=O%J`!h>IK14l4q)N>H_9NT$MWv1CfciN=>v<)tJU3Kxn_*Tj`pAyb@p+QuK^a!B40 z@`sj20z$TB#H*CJY394Y)xy5xf~)j%QU1ne&UR5BX(1H*v4LU4n$NwSc6qFN&u*+o zN{z`U>tkuxBxd1?Zql4T8}rU<3U$lB+%aRY%@*FE(ZPdJm4bJ zGy6kaxAc5|vfR{&-jYy$awIV$a#kYUKrdw7u`}6BEG2))Qkb-|CLm1bstPF1}d$=1nK4O-rjDfy?wC1(Gu9krm~%bS4Z1zU@O<@>7@fD*ON=`v^&SU`&-Ar24*SFfREuO-ofV_{I4w5 z7J|-Jf$T!I5B7F<+WW`5&vx5KWzk43x_h|2x7Fz!JnOWNe%{?~rxrxj;`Z@Qd+&H_ z`{337aq7qpwvS`w#D~(GkP^!t~$o`UVsfymDK-tI& zMPaoBI5xt|2x%i7QieW-+%pLnNY45RL4xUpdlq1v>+qe38NAggaH%L@QP1TVFs@4; zL1Zx;6^e!FMLq1;)c1!HCYGj~^`~^K80n4_Hc18)^UmGjcnY^LU_|vZRsKz-e|{KD zXO}19O=T#gyy4{SC=9QcPcYkkQyB;r2Vp%glp_66nb5^6Bb4Be%Jh%Q41oa0tYk=U znz*1Rc71*h3Yrn1Q16kh_?U+*e~BVom7Upe%6EfvKbSVxzkBdQDGH(=Q^lK&@MWv- zxEKB?T6!QJ!F53n|1mjd!f&WlfTF{`Qe2DHJCC+P&oHp zw|Z6;?)1DK8_iHWlFRs5x-91*fjb}(|UXqxfAn+>WO?!K)blkt3$--7Pug$xzd}ClF$t;qQ^LS3<#TDAOeKKa64!#8$k5GRzbZrg(EM2ol96 zf}jkzwQp|)3DwY=4|be4c^uuu-h>dqjZrsYvs83AyoB%^w&+eT$HnQpGu(kSPxN)7{e_W1q44- z+(LE;Cc;RYkg1h3PF?X0%+)to{q2b8QWI0Y31XhfqEAF+(M1E`cDGv=iiVXn$r(QWSg6Ri5bR*-CE~$T)`MZnm z<|puPLSewi7dM6v7t=-FkEWx%X6TtO&G{XNT9WS6yjaxR1s>OuJ&YLMMI6)ZemF>S zUZciTN^ohn+Q2wZRy*I$sR1aeSEDMC)?fmqtDIu2LcLcH?B&GK%mu(lfECo0 zZ%Yev&8@9EUDlgFyEo$avZZgJ+wG)Vt)9)v{FRnZb?UFRejlRYDQE)Eoj}cOXEk;Qt`tH!3x(TuUBHjpPAP0URX0SzrjSsy-&>Lt)WocHjG$ckkK3_(hN9)7AZQ|h_X9LVn`zn-J-#+`q6~BoGSaW zOQHvl8YLrahn%lcQmiP&Wdu`HU1oKZ^yA(0XLyYZ<{n^!C#!ERkM{q_(bn-`J`o$l z&!AaWwCbA)xylAOn(M}c##!DVQ|^goEE03Gb_c^5Minx*tc=!YoUAAdVr_Ro7!F)( z`zWwT^kd#7sXodlg6YJaO#Dfal)`mTrWL_c{y})#H)FtG)2lXvPx5A@vkgR$tFojk&>ik(zVqNuwaH9 zi~80~6epE=z&zN`AY%FZiakiW^Y!lB$rt4!3lHMsD}9-Zc`@EnC1EL3qG;C5k9m zGEpS)b6M04O%r9%1VAsw{%}Zmb^?c3@x!*|UWOx}M^u*DGNnYx3l!s>KYwz#Oi|3b ztojM#4a$j8TY{;!=|Y=0SU~huxq9w8eRq;tMZuN+|4K1Op=@@AA(RjUpfaL6K~>wb zHfT$*GF4ox8RsbCk!^K6-b`{MXSk4yEdMI`e2FZ6lEjFtnBgnO2M$pWE4amdO|2nBK6QsAOvJ~hT2Uy|CPsFKm1KUxTthyY9B-n6lIh) z!r|F4>Gq^7*}|Ka%xs03n>v(MypRo2P8#gl;Jr6Sojw*v`2+O8s`jnHAp}?6vgy^l2v5iRwFueHqrYP7W$yH3=XC`7v*xFDjtwgx?@jSCn zA8M<-FO{RpP?|edzMm3M1jYY~1p377%w7nz(eQS+3l_Xje(bcFK_gI)K57WfzFqRI*U5qTb+o_nLSKvb*MM5(=`t{A=e zji#(8=J+J%eAkG!&PRdy2o=}*M;RcSQ=4_`;fDH+H)Dg!17%z;DhNlO#~ zmKKwE#qFqY-*Y8yW=wD;sY|LDVF$=#tlLA^ZVuTIS!av;LrlB67s(_YOuT5Y5~3mx zcgdVWDQ_T;BjUd8u*M+8ILAq>@#A_at|%;f5xRxI(7p8-{Yoe%!Y!+2}=*9)v%j>DCgj5%*F_8?LP-SkG7IFXN%rYK#|9tZGkYr%Y`KN z*Buu{1I9?s9|$wRCC0yW+2CpDjoiCY@liB(><5u@G3tB4*a2cO|7xU4vGv`cuiWnj z@5}NoNf(CbWpZ_F-661ya*wYl6kVV~@Z-v3Oey1+-U#k>8jCRpFG^8Xx6&}Ffr$VS z=~&=X#RUSJQz(Y2oMCM6Nl|vElth?}KGb7e_MG#bu>WMQ8>-hR_wxsAt;6nbQ0PGI zBI-{WgEfx$k>EQw0V$T|vqGDL11!jjx~VD;yk{q(&^Lb9~65J)${oLm(k76!93- zMBcZYt(AUkG!0>)=|PB&zU+^3B4p33Ue1;%ysZ}!-`I;>h9`dL`|p8?aW9JtXWN?b zNadLDFnOX=COe8;Gwqh4cWG=DEhH$b>CGVO(tnM59hUDRSgpl3UDDeG5{$bs`e08^ z*vW5#a3hXC!yY8d4`Ze@-j{NVmc-D2+Tj?yH|MXEO{k&vn1W~ehO$a%QA1;WJ~qd8 zwvJzRkDhHe*1v!7X^nlK+E&s%GXh?Ekemm<9uc-{(!(~?ciF@z!Y$%P#cA*P7h}?k zGNv7FJn|Ph?bY-!*ABq=^5TR3CbPi0eAKR-@(mj(m9=HU-NEvEV6ut=x zX$k_#iUD#aj6M7ziD`|};IL8b!e?pLT&ZYtj2!UnmF2D?WeIr{BTZQTwN1RNt`I+- z!bZlT5`mVQn!7Q#n9W5bL&{4EW$AV_lc_;o;E}n|_7t$l{m8Im-}P0y`%Ce3j$`{@lolGU%q3vF#dj)f=3PR;YCw^L@EG zT`$8w8=J`9geW0J;#}Bm-AlMp`4fr{G`XNzC&?g2 z|51C#usWX5cE|m8o z6?{9(22;R3{f#_aK?)xY7;WK*_=N>mu*IX$zGKR?crumNaWi@e(+bL1pY|!LwUO%@ zASS_V09{GfRW26CEf~n8cRt}BltrOgK;Br|LPaJ3WozRWR*BajbxZ26GxfdV_}fOQ z^f-ZKp-T>4UeYy-?y{6C7v08Ck=GWTkL(|8=H|F0F(eA;m?U;lqBVjXSokTv>*7a5 z{{xe%(lLm>K$||BBL&G7h*3~GaJI@x@6EcL^5&cXQTl7v5S9PtTwHP(9$US8aCDG? zr-K(NqdHC;kFr9JxR1R`CWz_hD&D2&AxrB~rn9E|3Z2B8*XA6>&&Ye$hp0Q2w26#Q zVq|KvF$qbKv&=>2d5F(JIDTX7CL*<{c3eEpUA}PMyP6=$$+!@gT9BlT^Z``IM8z0g6jk%pyK_O6qING`Cde(JKt*Vy zF%JY}0H9b(Yy=-Ort9(a4NTvNYPaQ}wPw!bJ^X_$j*J8}Q=49l^OClta9qk|*GT*KvHbmodHfAXGOi+ht) zPBz0ONkv{Uh2PSJpEbMmq8+$X`Kqm`ihScXbp|*?!Y~FUA1?_IbM;oqvXsYd#>7Cj z-!J9#D<3-Y(v?tGjN&2zgFNaF!!Qq=S`?k#=RfW4?UfDZnX>CfiR1Rs%lRdC(M76V zLbXr(RqDe|tgUHX9PdjP_i?Tw`Tn3FlY~XNm5*LF8W{|PK~LO z+b|%)r3=xhn2lqnz!XlZLe)9wK*_8o7ey7=pc;y8%tuiv7&R6LqwE!9a#MLBda?C$ zyGwBao*lK@+Xp-CQ1C{=IjG$8`z{KBbi?DxnR)I*!o_lLrYWkllIP{-&_`8PT3D!` zOyDfSbgQZxQKDvbOzOs`kUeW+sk{<6#wXUwHme$H*~Xp?)w6Lq%`(bwp$=ke^;Sid z)u@z<$P{umSTChf=u;P8>Bc5ulu0681a+Ioc1s1__I#$4?k%;L`eGSzVudfI?w+Rd zZXwWBinKTtJe9_wmbi}lg1JTHPty?F8slR-4 zV!i64RYAfyk;a|ltSUFfRNCoH?Vv_O%f52Hpuri?Sq8&3%i>WB$3zgqaX=CBD4##S?2m^{uQ_SdGFq&)j|nR zY90xm(sO~?OUsn^`?Llw#%FP36}^3j~3;e10(e0txDvzC-1yjknou> zLDj962-TX|)<9IPd{}i=eeI!EIY_h%ClFSFsMF#| z4BjYqGt-BGs z8!jfWn&kQ4P6lQ%kB?H}`zhh?`bo)TN})8yfEGRf;sVhtJ{BvyE39)N6)X`-i^G+6 z5lI(`LLlfeB$W{}mhVf%UMh*lElY->G)Nre@P5xlYz*p6k!aB&iV9$wIY&L&yny5U z*^2V1vSN1DjIZ{kIXZg$XT<(2&+*=zYQmv-sax1l&^Q~ZbqCpPtiYzisSf|jtz$2ZidQ%jK;o^w?&K5j!a8ci9GRE%a9r@$GZO7*-(xSm@P{C3cW(Kkto}jwrsJkGr)cdK<5AcXjy@kGr}CiV3MNm zDtD~aD!eTeN~FFKCglsIWTOp>@eLKPxZ<~s1_>I3 z8M-7&w>DJdS@RNSO{^9pmxDAnP6NgG=`a&l&Sd0`&YI!1MieR@ur39GV#i5}YlFzk ze&U!?4?}dYQGQep12`fXJX^7#x-F4y!p3vA?){ed{}Qe&3!zTF&N58C?lL4EYAHb5 zOd2mL&0LHPL|MVN9h9#m4;#y)iE?a}v!063a~h0iICiGzVdD{?VxCPv(hA7;CZ|WY z7$T#n?Yl^&Bb@n6N*zY1m5)LI!<7B31P8ao?B_9XnJAHjc1M8;QhKFjAGXi~15+&m zIlUc7Ek{X*IJ+IhS38FpC-E``u#|a3-B2aKNwI9_wNRJs*xP$;6%CiyT({3=!6j3OZEV@Nt_^9(MGn0oKWc?6{f|7s$9o;A z@7A=H-;$mH`Oo!T#>{)?W8`>*#s=IG2+m z)Kk&R!W6dw{H|&k_Iz(7T718zPvE$q(B-tO>p9w)eN5?zM~F_;RD1dxJ3qU9xPe zV2a5fvb`In7HKWu>v~B8#F~9CNT@1PxvDIFf^89-l3!uSm(DN`qz~ZSxIu{ux8NHY zd#{#A!2nW5zMvF0aC+jTEZ)denD89>4tIm8SfPem2xk+?<0yA$`|$AD-q!O@D__|m zM=)YVCFOGikLL&3zts7`Sfuv+P;}DR{7`DroY=+HoS4NI&IuN_=Y°Sl%IiZG9 z=fnufYR-)6EoSfSKEybo(DH& z+~)lM6M;xnZ+GYcYGuK0m**Alw(hj+2XtP0H)mJgsAQk9Uv~HR6HgZ^kG1kw2+&Sc zM=p{DhkdmashwUqRu|DkF71?(Idm>OrQ|8VIHcAom9r2#rz8W@m`5FryXb=zbMzwX z8IK<56&yhPC~FZ<+8LsHsi%i??R_S0ad`C9?(T2zC2lsOT*5vJWkqSlaLY+KkeB0s z<;GLgB^VkM3P?Sza-k5zjIumNg6_jVs#3{XY-ACPwT7Q>-r!=NoJ5FP6pScRaBnDD z#^u0NIK=&uLBX!o+(-g;%@iyc5&?rxAQrIsh;Ut_P)g@%;ubBfcT$AfK`A13YGdSA zP$dYpN1$?kGu&{=Yoe=NuW&7ERuo&7j4hvj;C}wbBDiBXK!_u_Y$O0AOFcBln6Vsc&+T{;$Yy z0vI1y>dLS;xfxG=)j5lY(w33&L9jRpTRM39&sJWWL{@##KPNF)P-UQSEwOhTSsfJL zKwW+MuAD$j+}~!fO5}KHHbw95BqhFdydfUh6B_(UNZb->8zgpKJ?$J99`3aPmV517jEAma z5ZXTtE13Is=V`*WH8+Rup|L&GjUcvTxSL7Is&BNJ6zgDJx5DLnL$vy&ENuTjl?Qrrru~U5GOvVlz zKzCX_7lYntI)qPeG)1>80el^L7v2=VKnd83^ogaR3j7GBeVAJMGVw-d_~j<31wJ~; zlRr?62)@on9u$TztZ+w=PtV*DiBRkTVAFkf5R|2=@@(S5cU0+$ z(R7aSD>?V=?Eb%Y_t=<#O zLoI3>OX;FOwJoSn@{PjjAv{77`AvYa(|)$Q-!8r(;j822tIzUp`M3OA g{w@EOf6Kq+-|}zyxBOfF{ZIY<|7{OPssNY`0CZ=JNdN!< literal 0 HcmV?d00001 diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index be99029f424..6bbf6618fd4 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -403,6 +403,13 @@ data: # flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, we consider tcp as default. # Defaults to "". #flowCollectorAddr: "" + + # Provide flow exporter poll and export interval in format "0s:0s". This determines how often flow exporter polls connections + # in conntrack module and exports IPFIX flow records that are built from connection store. + # Any value in range [1s, ExportInterval(s)) for poll interval is acceptable. + # Any value in range (PollInterval(s), 600s] for export interval is acceptable. + # Defaults to "5s:60s". Follow the time units of duration. + #pollAndExportInterval: "" antrea-cni.conflist: | { "cniVersion":"0.3.0", @@ -443,7 +450,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-b2h6hh8cbb + name: antrea-config-67ktmhfcmm namespace: kube-system --- apiVersion: v1 @@ -548,7 +555,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-b2h6hh8cbb + name: antrea-config-67ktmhfcmm name: antrea-config - name: antrea-controller-tls secret: @@ -762,7 +769,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-b2h6hh8cbb + name: antrea-config-67ktmhfcmm name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 75479e53fcf..22c13b66b63 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -403,6 +403,13 @@ data: # flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, we consider tcp as default. # Defaults to "". #flowCollectorAddr: "" + + # Provide flow exporter poll and export interval in format "0s:0s". This determines how often flow exporter polls connections + # in conntrack module and exports IPFIX flow records that are built from connection store. + # Any value in range [1s, ExportInterval(s)) for poll interval is acceptable. + # Any value in range (PollInterval(s), 600s] for export interval is acceptable. + # Defaults to "5s:60s". Follow the time units of duration. + #pollAndExportInterval: "" antrea-cni.conflist: | { "cniVersion":"0.3.0", @@ -443,7 +450,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-6fch497g6d + name: antrea-config-mt828fc4db namespace: kube-system --- apiVersion: v1 @@ -548,7 +555,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-6fch497g6d + name: antrea-config-mt828fc4db name: antrea-config - name: antrea-controller-tls secret: @@ -760,7 +767,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-6fch497g6d + name: antrea-config-mt828fc4db name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index e965a885176..67a5f1d7d5c 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -403,6 +403,13 @@ data: # flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, we consider tcp as default. # Defaults to "". #flowCollectorAddr: "" + + # Provide flow exporter poll and export interval in format "0s:0s". This determines how often flow exporter polls connections + # in conntrack module and exports IPFIX flow records that are built from connection store. + # Any value in range [1s, ExportInterval(s)) for poll interval is acceptable. + # Any value in range (PollInterval(s), 600s] for export interval is acceptable. + # Defaults to "5s:60s". Follow the time units of duration. + #pollAndExportInterval: "" antrea-cni.conflist: | { "cniVersion":"0.3.0", @@ -443,7 +450,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-5972td7g8f + name: antrea-config-thb9ff9g6t namespace: kube-system --- apiVersion: v1 @@ -557,7 +564,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-th9cdgt9c6 + name: antrea-config-thb9ff9g6t name: antrea-config - name: antrea-controller-tls secret: @@ -804,7 +811,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-5972td7g8f + name: antrea-config-thb9ff9g6t name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index a47bdbf7059..e0b42fbc3e2 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -403,6 +403,13 @@ data: # flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, we consider tcp as default. # Defaults to "". #flowCollectorAddr: "" + + # Provide flow exporter poll and export interval in format "0s:0s". This determines how often flow exporter polls connections + # in conntrack module and exports IPFIX flow records that are built from connection store. + # Any value in range [1s, ExportInterval(s)) for poll interval is acceptable. + # Any value in range (PollInterval(s), 600s] for export interval is acceptable. + # Defaults to "5s:60s". Follow the time units of duration. + #pollAndExportInterval: "" antrea-cni.conflist: | { "cniVersion":"0.3.0", @@ -443,7 +450,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-chk67fb6cb + name: antrea-config-7884cbfgfh namespace: kube-system --- apiVersion: v1 @@ -548,7 +555,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-chk67fb6cb + name: antrea-config-7884cbfgfh name: antrea-config - name: antrea-controller-tls secret: @@ -760,7 +767,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-chk67fb6cb + name: antrea-config-7884cbfgfh name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/base/conf/antrea-agent.conf b/build/yamls/base/conf/antrea-agent.conf index 64f1b66fec0..0e4cfb06ae6 100644 --- a/build/yamls/base/conf/antrea-agent.conf +++ b/build/yamls/base/conf/antrea-agent.conf @@ -57,3 +57,10 @@ # flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, we consider tcp as default. # Defaults to "". #flowCollectorAddr: "" + +# Provide flow exporter poll and export interval in format "0s:0s". This determines how often flow exporter polls connections +# in conntrack module and exports IPFIX flow records that are built from connection store. +# Any value in range [1s, ExportInterval(s)) for poll interval is acceptable. +# Any value in range (PollInterval(s), 600s] for export interval is acceptable. +# Defaults to "5s:60s". Follow the time units of duration. +#pollAndExportInterval: "" diff --git a/cmd/antrea-agent/agent.go b/cmd/antrea-agent/agent.go index 22a1cda62c8..cf13859da81 100644 --- a/cmd/antrea-agent/agent.go +++ b/cmd/antrea-agent/agent.go @@ -197,13 +197,18 @@ func run(o *Options) error { // Initialize flow exporter and start functions to poll conntrack flows and export IPFIX flow records if o.flowCollector != nil { - connTrack := connections.NewConnTrack(nodeConfig, serviceCIDRNet, connections.NewConnTrackPoller()) - connStore := connections.NewConnectionStore(connTrack, ifaceStore) + var connTrack connections.ConnTrack + if o.config.OVSDatapathType == ovsconfig.OVSDatapathSystem { + connTrack = connections.NewConnTrack(connections.NewCTPollerSystem(), nodeConfig, serviceCIDRNet, o.config.OVSDatapathType) + } else if o.config.OVSDatapathType == ovsconfig.OVSDatapathNetdev { + connTrack = connections.NewConnTrack(connections.NewCTPollerNetdev(), nodeConfig, serviceCIDRNet, o.config.OVSDatapathType) + } + + connStore := connections.NewConnectionStore(connTrack, ifaceStore, o.pollingInterval) flowRecords := flowrecords.NewFlowRecords(connStore) - flowExporter, err := exporter.InitFlowExporter(o.flowCollector, flowRecords) + flowExporter, err := exporter.InitFlowExporter(o.flowCollector, flowRecords, o.exportInterval) if err != nil { - // Antrea agent do not exit, if flow exporter cannot be initialized. - // Currently, only logging the error. + // Antrea agent does not exit, if flow exporter cannot be initialized; only error is logged. klog.Errorf("error when initializing flow exporter: %v", err) } else { go connStore.Run(stopCh) diff --git a/cmd/antrea-agent/config.go b/cmd/antrea-agent/config.go index eed9251e1aa..361cf52ac78 100644 --- a/cmd/antrea-agent/config.go +++ b/cmd/antrea-agent/config.go @@ -90,4 +90,10 @@ type AgentConfig struct { // flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, we consider tcp as default. // Defaults to "". FlowCollectorAddr string `yaml:"flowCollectorAddr,omitempty"` + // Provide flow exporter poll and export interval in format "0s:0s". This determines how often flow exporter polls connections + // in conntrack module and exports IPFIX flow records that are built from connection store. + // Any value in range [1s, ExportInterval(s)) for poll interval is acceptable. + // Any value in range (PollInterval(s), 600s] for export interval is acceptable. + // Defaults to "5s:60s". Follow the time units of duration. + PollAndExportInterval string `yaml:"pollAndExportInterval,omitempty"` } diff --git a/cmd/antrea-agent/options.go b/cmd/antrea-agent/options.go index d3f98137139..ac109f98842 100644 --- a/cmd/antrea-agent/options.go +++ b/cmd/antrea-agent/options.go @@ -19,6 +19,7 @@ import ( "io/ioutil" "net" "strings" + "time" "github.com/spf13/pflag" "gopkg.in/yaml.v2" @@ -52,6 +53,10 @@ type Options struct { config *AgentConfig // IPFIX flow collector flowCollector net.Addr + // Flow exporter polling interval + pollingInterval time.Duration + // Flow exporter export interval + exportInterval time.Duration } func newOptions() *Options { @@ -106,41 +111,55 @@ func (o *Options) validate(args []string) error { return fmt.Errorf("IPSec tunnel may only be enabled on %s mode", config.TrafficEncapModeEncap) } if o.config.FlowCollectorAddr != "" { - if o.config.OVSDatapathType == ovsconfig.OVSDatapathNetdev { - return fmt.Errorf("exporting flows is not supported for OVS datapath type %s", o.config.OVSDatapathType) - } else { - // Check if it is TCP or UDP - strSlice := strings.Split(o.config.FlowCollectorAddr, ":") - var proto string - if len(strSlice) == 2 { - // No separator "." and proto is given - proto = "tcp" - } else if len(strSlice) > 2 { - if strSlice[2] == "udp" { - proto = "udp" - } else { - // All other cases default proto is tcp - proto = "tcp" - } + // Check if it is TCP or UDP + strSlice := strings.Split(o.config.FlowCollectorAddr, ":") + var proto string + if len(strSlice) == 2 { + // No separator "." and proto is given + proto = "tcp" + } else if len(strSlice) > 2 { + if strSlice[2] == "udp" { + proto = "udp" } else { - return fmt.Errorf("IPFIX flow collector is given in invalid format: %v", err) + // All other cases default proto is tcp + proto = "tcp" } - // Convert the string input in net.Addr format - hostPortAddr := strSlice[0]+":"+strSlice[1] - _, _, err := net.SplitHostPort(hostPortAddr) + } else { + return fmt.Errorf("IPFIX flow collector is given in invalid format: %v", err) + } + // Convert the string input in net.Addr format + hostPortAddr := strSlice[0] + ":" + strSlice[1] + _, _, err := net.SplitHostPort(hostPortAddr) + if err != nil { + return fmt.Errorf("IPFIX flow collector is given in invalid format: %v", err) + } + if proto == "udp" { + o.flowCollector, err = net.ResolveUDPAddr("udp", hostPortAddr) if err != nil { - return fmt.Errorf("IPFIX flow collector is given in invalid format: %v", err) + return fmt.Errorf("IPFIX flow collector over UDP proto is not resolved: %v", err) } - if proto == "udp" { - o.flowCollector, err = net.ResolveUDPAddr("udp", hostPortAddr) - if err != nil { - return fmt.Errorf("IPFIX flow collector over UDP proto is not resolved. Error: %v", err) - } - } else { - o.flowCollector, err = net.ResolveTCPAddr("tcp", hostPortAddr) - if err != nil { - return fmt.Errorf("IPFIX flow collector server TCP proto is not resolved. Error: %v", err) - } + } else { + o.flowCollector, err = net.ResolveTCPAddr("tcp", hostPortAddr) + if err != nil { + return fmt.Errorf("IPFIX flow collector server TCP proto is not resolved: %v", err) + } + } + + if o.config.PollAndExportInterval != "" { + intervalSlice := strings.Split(o.config.PollAndExportInterval, ":") + if len(intervalSlice) != 2 { + return fmt.Errorf("flow exporter intervals %s is not in acceptable format \"OOs:OOs\"", o.config.PollAndExportInterval) + } + o.pollingInterval, err = time.ParseDuration(intervalSlice[0]) + if err != nil { + return fmt.Errorf("poll interval is not provided in right format: %v", err) + } + o.exportInterval, err = time.ParseDuration(intervalSlice[1]) + if err != nil { + return fmt.Errorf("export interval is not provided in right format: %v", err) + } + if o.pollingInterval > o.exportInterval { + return fmt.Errorf("poll interval should be less than or equal to export interval") } } } @@ -212,4 +231,9 @@ func (o *Options) setDefaults() { if o.config.APIPort == 0 { o.config.APIPort = apis.AntreaAgentAPIPort } + + if o.config.FlowCollectorAddr != "" && o.config.PollAndExportInterval == "" { + o.pollingInterval = 5 * time.Second + o.exportInterval = 60 * time.Second + } } diff --git a/pkg/agent/flowexporter/connections/connections.go b/pkg/agent/flowexporter/connections/connections.go index 07c7f85449d..69a19db2411 100644 --- a/pkg/agent/flowexporter/connections/connections.go +++ b/pkg/agent/flowexporter/connections/connections.go @@ -34,17 +34,19 @@ type ConnectionStore interface { } type connectionStore struct { - connections map[flowexporter.ConnectionKey]flowexporter.Connection // Add 5-tuple as string array - connTrack ConnTrack - ifaceStore interfacestore.InterfaceStore - mutex sync.Mutex + connections map[flowexporter.ConnectionKey]flowexporter.Connection // Add 5-tuple as string array + connTrack ConnTrack + ifaceStore interfacestore.InterfaceStore + pollInterval time.Duration + mutex sync.Mutex } -func NewConnectionStore(connTrack ConnTrack, ifaceStore interfacestore.InterfaceStore) *connectionStore { +func NewConnectionStore(connTrack ConnTrack, ifaceStore interfacestore.InterfaceStore, interval time.Duration) *connectionStore { return &connectionStore{ - connections: make(map[flowexporter.ConnectionKey]flowexporter.Connection), - connTrack: connTrack, - ifaceStore: ifaceStore, + connections: make(map[flowexporter.ConnectionKey]flowexporter.Connection), + connTrack: connTrack, + ifaceStore: ifaceStore, + pollInterval: interval, } } @@ -53,7 +55,7 @@ func NewConnectionStore(connTrack ConnTrack, ifaceStore interfacestore.Interface func (cs *connectionStore) Run(stopCh <-chan struct{}) { klog.Infof("Starting conntrack polling") - ticker := time.NewTicker(flowexporter.PollInterval) + ticker := time.NewTicker(cs.pollInterval) defer ticker.Stop() for { select { @@ -96,6 +98,7 @@ func (cs *connectionStore) addOrUpdateConn(conn *flowexporter.Connection) { if !srcFound && !dstFound { klog.Warningf("Cannot map any of the IP %s or %s to a local Pod", conn.TupleOrig.SourceAddress.String(), conn.TupleReply.SourceAddress.String()) } + // sourceIP/destinationIP are mapped only to local pods and not remote pods. if srcFound && sIface.Type == interfacestore.ContainerInterface { conn.SourcePodName = sIface.ContainerInterfaceConfig.PodName conn.SourcePodNamespace = sIface.ContainerInterfaceConfig.PodNamespace @@ -125,10 +128,9 @@ func (cs *connectionStore) IterateCxnMapWithCB(updateCallback flowexporter.FlowR cs.mutex.Unlock() err := updateCallback(k, v) if err != nil { - klog.Errorf("flow record update and send failed for flow with key: %v, cxn: %v", k, v) + klog.Errorf("Update callback failed for flow with key: %v, conn: %v, k, v: %v", k, v, err) return err } - klog.V(2).Infof("Flow record added or updated") cs.mutex.Lock() } return nil diff --git a/pkg/agent/flowexporter/connections/conntrack_linux.go b/pkg/agent/flowexporter/connections/conntrack_linux.go index 03dd3e6181b..21d87b40b58 100644 --- a/pkg/agent/flowexporter/connections/conntrack_linux.go +++ b/pkg/agent/flowexporter/connections/conntrack_linux.go @@ -17,8 +17,12 @@ package connections import ( + "fmt" "net" "os" + "os/exec" + "strconv" + "strings" "github.com/ti-mo/conntrack" "k8s.io/klog" @@ -26,22 +30,26 @@ import ( "github.com/vmware-tanzu/antrea/pkg/agent/config" "github.com/vmware-tanzu/antrea/pkg/agent/flowexporter" "github.com/vmware-tanzu/antrea/pkg/agent/openflow" + "github.com/vmware-tanzu/antrea/pkg/ovs/ovsconfig" + "github.com/vmware-tanzu/antrea/pkg/util/ip" "github.com/vmware-tanzu/antrea/pkg/util/sysctl" ) var _ ConnTrack = new(connTrack) type connTrack struct { + connTrackPoller ConnTrackPoller nodeConfig *config.NodeConfig serviceCIDR *net.IPNet - connTrackPoller ConnTrackPoller + datapathType string } -func NewConnTrack(nodeConfig *config.NodeConfig, serviceCIDR *net.IPNet, ctPoller ConnTrackPoller) *connTrack { +func NewConnTrack(ctPoller ConnTrackPoller, nodeConfig *config.NodeConfig, serviceCIDR *net.IPNet, dpType string) *connTrack { return &connTrack{ + ctPoller, nodeConfig, serviceCIDR, - ctPoller, + dpType, } } @@ -64,16 +72,14 @@ func (ct *connTrack) DumpFlows(zoneFilter uint16) ([]*flowexporter.Connection, e } else { klog.Errorf("Permission denied to access net.netfilter.nf_conntrack_acct: Counters in flow records may not update") } - } else { - if connTrackAcct == 0 { - err = sysctl.SetSysctlNet("netfilter/nf_conntrack_acct", 1) - if err != nil { - if !os.IsPermission(err) { - klog.Errorf("Error when setting net.netfilter.nf_conntrack_acct") - return nil, err - } else { - klog.Errorf("Permission denied to access net.netfilter.nf_conntrack_acct: Counters in flow records may not update") - } + } else if connTrackAcct == 0 { + err = sysctl.SetSysctlNet("netfilter/nf_conntrack_acct", 1) + if err != nil { + if !os.IsPermission(err) { + klog.Errorf("Error when setting net.netfilter.nf_conntrack_acct") + return nil, err + } else { + klog.Errorf("Permission denied to access net.netfilter.nf_conntrack_acct: Counters in flow records may not update") } } } @@ -81,21 +87,45 @@ func (ct *connTrack) DumpFlows(zoneFilter uint16) ([]*flowexporter.Connection, e // ZoneID filter is not supported currently in tl-mo/conntrack library. // Link to issue: https://github.com/ti-mo/conntrack/issues/23 // Dump all flows in the conntrack table for now. - conns, err := ct.connTrackPoller.DumpFilter(conntrack.Filter{}) - if err != nil { - klog.Errorf("Error when dumping flows from conntrack: %v", err) - return nil, err + var conns []*flowexporter.Connection + if ct.datapathType == ovsconfig.OVSDatapathSystem { + conns, err = ct.connTrackPoller.DumpFilter(conntrack.Filter{}) + if err != nil { + klog.Errorf("Error when dumping flows from conntrack: %v", err) + return nil, err + } + } else if ct.datapathType == ovsconfig.OVSDatapathNetdev { + // This is supported for kind clusters. Ovs-appctl access in kind clusters is unstable currently. + // This will be used once the issue with Ovs-appctl is fixed on kind cluster nodes. + conns, err = ct.connTrackPoller.DumpFilter(uint16(openflow.CtZone)) + if err != nil { + klog.Errorf("Error when dumping flows from conntrack: %v", err) + return nil, err + } } filteredConns := make([]*flowexporter.Connection, 0, len(conns)) - for _, conn := range conns { - if conn.Zone != openflow.CtZone { + for i := 0; i < len(conns); i++ { + if conns[i].Zone != openflow.CtZone { + // Delete the element from the slice + conns[i] = conns[len(conns)-1] + conns[len(conns)-1] = nil + conns = conns[:len(conns)-1] + // Decrement i to iterate over swapped element + i = i - 1 continue } - srcIP := conn.TupleOrig.IP.SourceAddress - dstIP := conn.TupleReply.IP.SourceAddress + srcIP := conns[i].TupleOrig.SourceAddress + dstIP := conns[i].TupleReply.SourceAddress + // Only get Pod-to-Pod flows. Pod-to-ExternalService flows are ignored for now. if srcIP.Equal(ct.nodeConfig.GatewayConfig.IP) || dstIP.Equal(ct.nodeConfig.GatewayConfig.IP) { + // Delete the element from the slice + conns[i] = conns[len(conns)-1] + conns[len(conns)-1] = nil + conns = conns[:len(conns)-1] + // Decrement i to iterate over swapped element + i = i - 1 continue } @@ -108,9 +138,15 @@ func (ct *connTrack) DumpFlows(zoneFilter uint16) ([]*flowexporter.Connection, e // Conntrack flows will be different for Pod-to-Service flows w/ Antrea-proxy. This implementation will be simpler, when the // Antrea proxy is supported. if ct.serviceCIDR.Contains(srcIP) || ct.serviceCIDR.Contains(dstIP) { + // Delete element from the slice + conns[i] = conns[len(conns)-1] + conns[len(conns)-1] = nil + conns = conns[:len(conns)-1] + // Decrement i to iterate over swapped element + i = i - 1 continue } - filteredConns = append(filteredConns, createAntreaConn(&conn)) + filteredConns = append(filteredConns, conns[i]) } klog.V(2).Infof("Finished poll cycle -- total flows: %d flows in Antrea zoneID: %d", len(conns), len(filteredConns)) @@ -120,39 +156,170 @@ func (ct *connTrack) DumpFlows(zoneFilter uint16) ([]*flowexporter.Connection, e // ConnTrackPoller is an interface created to consume the required functions from the third party // conntrack library. This is helpful in writing unit tests. -var _ ConnTrackPoller = new(connTrackPoller) +var _ ConnTrackPoller = new(connTrackSystem) +var _ ConnTrackPoller = new(connTrackNetdev) type ConnTrackPoller interface { Dial() error - DumpFilter(filter conntrack.Filter) ([]conntrack.Flow, error) + DumpFilter(filter interface{}) ([]*flowexporter.Connection, error) } -type connTrackPoller struct { +type connTrackSystem struct { netlinkConn *conntrack.Conn } -func NewConnTrackPoller() *connTrackPoller { - return &connTrackPoller{} +func NewCTPollerSystem() *connTrackSystem { + return &connTrackSystem{} } -func (cp *connTrackPoller) Dial() error { +type connTrackNetdev struct{} + +func NewCTPollerNetdev() *connTrackNetdev { + return &connTrackNetdev{} +} + +func (ctnl *connTrackSystem) Dial() error { // Get conntrack in current namespace conn, err := conntrack.Dial(nil) if err != nil { klog.Errorf("Error when dialing conntrack: %v", err) return err } - cp.netlinkConn = conn + ctnl.netlinkConn = conn return nil } -func (cp *connTrackPoller) DumpFilter(filter conntrack.Filter) ([]conntrack.Flow, error) { - conns, err := cp.netlinkConn.DumpFilter(filter) +func (ctnl *connTrackSystem) DumpFilter(filter interface{}) ([]*flowexporter.Connection, error) { + netlinkFilter, ok := filter.(conntrack.Filter) + if !ok { + return nil, fmt.Errorf("error: filter should be of type conntrack.Filter") + } + conns, err := ctnl.netlinkConn.DumpFilter(netlinkFilter) if err != nil { klog.Errorf("Error when dumping flows from conntrack: %v", err) return nil, err } - return conns, nil + antreaConns := make([]*flowexporter.Connection, len(conns)) + for i, conn := range conns { + antreaConns[i] = createAntreaConn(&conn) + } + return antreaConns, nil +} + +func (ctnd *connTrackNetdev) Dial() error { + return nil +} + +func (ctnd *connTrackNetdev) DumpFilter(filter interface{}) ([]*flowexporter.Connection, error) { + zoneFilter, ok := filter.(uint16) + if !ok { + return nil, fmt.Errorf("error: filter should be of type uint16") + } + + // Dump conntrack using ovs-appctl dpctl/dump-conntrack + args := []string{"-t", "/var/run/openvswitch/ovs-vswitchd.*.ctl", "dpctl/dump-conntrack", "-m", "-s"} + netdevDumpCT := exec.Command("ovs-appctl", args...) + cmdOutput, err := netdevDumpCT.Output() + if err != nil { + return nil, fmt.Errorf("error when executing dump command: %v", err) + } + + // Parse the output to get the flows + antreaConns := make([]*flowexporter.Connection, 0) + outputFlow := strings.Fields(string(cmdOutput)) + for _, flow := range outputFlow { + conn := flowexporter.Connection{ + SourcePodNamespace: "", + SourcePodName: "", + DestinationPodNamespace: "", + DestinationPodName: "", + } + flowSlice := strings.Split(flow, ",") + isReply := false + inZone := true + for _, fs := range flowSlice { + // Indicator to populate reply or reverse fields + if strings.Contains(fs, "reply") { + isReply = true + } + if !strings.Contains(fs, "=") { + // Proto identifier + conn.TupleOrig.Protocol, err = ip.LookupProtocolMap(fs) + if err != nil { + return nil, err + } + conn.TupleReply.Protocol = conn.TupleOrig.Protocol + } else if strings.Contains(fs, "src") { + fields := strings.Split(fs, "=") + if !isReply { + conn.TupleOrig.SourceAddress = net.ParseIP(fields[len(fields)-1]) + } else { + conn.TupleReply.SourceAddress = net.ParseIP(fields[len(fields)-1]) + } + } else if strings.Contains(fs, "dst") { + fields := strings.Split(fs, "=") + if !isReply { + conn.TupleOrig.DestinationAddress = net.ParseIP(fields[len(fields)-1]) + } else { + conn.TupleReply.DestinationAddress = net.ParseIP(fields[len(fields)-1]) + } + } else if strings.Contains(fs, "sport") { + fields := strings.Split(fs, "=") + val, err := strconv.Atoi(fields[len(fields)-1]) + if err != nil { + return nil, err + } + if !isReply { + conn.TupleOrig.SourcePort = uint16(val) + } else { + conn.TupleReply.SourcePort = uint16(val) + } + } else if strings.Contains(fs, "dport") { + // dport field could be the last tuple field in ovs-dpctl output format. + fs = strings.TrimSuffix(fs, ")") + + fields := strings.Split(fs, "=") + val, err := strconv.Atoi(fields[len(fields)-1]) + if err != nil { + return nil, err + } + if !isReply { + conn.TupleOrig.DestinationPort = uint16(val) + } else { + conn.TupleReply.DestinationPort = uint16(val) + } + } else if strings.Contains(fs, "zone") { + fields := strings.Split(fs, "=") + val, err := strconv.Atoi(fields[len(fields)-1]) + if err != nil { + return nil, err + } + if zoneFilter != uint16(val) { + inZone = false + break + } + } else if strings.Contains(fs, "timeout") { + fields := strings.Split(fs, "=") + val, err := strconv.Atoi(fields[len(fields)-1]) + if err != nil { + return nil, err + } + conn.Timeout = uint32(val) + } else if strings.Contains(fs, "id") { + fields := strings.Split(fs, "=") + val, err := strconv.Atoi(fields[len(fields)-1]) + if err != nil { + return nil, err + } + conn.ID = uint32(val) + } + } + if inZone { + antreaConns = append(antreaConns, &conn) + } + } + + return antreaConns, nil } func createAntreaConn(conn *conntrack.Flow) *flowexporter.Connection { diff --git a/pkg/agent/flowexporter/connections/conntrack_test.go b/pkg/agent/flowexporter/connections/conntrack_test.go index 67c34169ecb..952dd16eb62 100644 --- a/pkg/agent/flowexporter/connections/conntrack_test.go +++ b/pkg/agent/flowexporter/connections/conntrack_test.go @@ -25,105 +25,83 @@ import ( "github.com/ti-mo/conntrack" "github.com/vmware-tanzu/antrea/pkg/agent/config" + "github.com/vmware-tanzu/antrea/pkg/agent/flowexporter" connectionstest "github.com/vmware-tanzu/antrea/pkg/agent/flowexporter/connections/testing" "github.com/vmware-tanzu/antrea/pkg/agent/openflow" + "github.com/vmware-tanzu/antrea/pkg/ovs/ovsconfig" ) var ( - tuple3 = conntrack.Tuple{ - IP: conntrack.IPTuple{ - SourceAddress: net.IP{1, 2, 3, 4}, - DestinationAddress: net.IP{4, 3, 2, 1}, - }, - Proto: conntrack.ProtoTuple{ - Protocol: 6, - SourcePort: 65280, - DestinationPort: 255, - }, + tuple3 = flowexporter.Tuple{ + SourceAddress: net.IP{1, 2, 3, 4}, + DestinationAddress: net.IP{4, 3, 2, 1}, + Protocol: 6, + SourcePort: 65280, + DestinationPort: 255, } - revTuple3 = conntrack.Tuple{ - IP: conntrack.IPTuple{ - SourceAddress: net.IP{4, 3, 2, 1}, - DestinationAddress: net.IP{1, 2, 3, 4}, - }, - Proto: conntrack.ProtoTuple{ - Protocol: 6, - SourcePort: 255, - DestinationPort: 65280, - }, + revTuple3 = flowexporter.Tuple{ + SourceAddress: net.IP{4, 3, 2, 1}, + DestinationAddress: net.IP{1, 2, 3, 4}, + Protocol: 6, + SourcePort: 255, + DestinationPort: 65280, } - tuple4 = conntrack.Tuple{ - IP: conntrack.IPTuple{ - SourceAddress: net.IP{5, 6, 7, 8}, - DestinationAddress: net.IP{8, 7, 6, 5}, - }, - Proto: conntrack.ProtoTuple{ - Protocol: 6, - SourcePort: 60001, - DestinationPort: 200, - }, + tuple4 = flowexporter.Tuple{ + SourceAddress: net.IP{5, 6, 7, 8}, + DestinationAddress: net.IP{8, 7, 6, 5}, + Protocol: 6, + SourcePort: 60001, + DestinationPort: 200, } - revTuple4 = conntrack.Tuple{ - IP: conntrack.IPTuple{ - SourceAddress: net.IP{8, 7, 6, 5}, - DestinationAddress: net.IP{5, 6, 7, 8}, - }, - Proto: conntrack.ProtoTuple{ - Protocol: 6, - SourcePort: 200, - DestinationPort: 60001, - }, + revTuple4 = flowexporter.Tuple{ + SourceAddress: net.IP{8, 7, 6, 5}, + DestinationAddress: net.IP{5, 6, 7, 8}, + Protocol: 6, + SourcePort: 200, + DestinationPort: 60001, } - tuple5 = conntrack.Tuple{ - IP: conntrack.IPTuple{ - SourceAddress: net.IP{1, 2, 3, 4}, - DestinationAddress: net.IP{100, 50, 25, 5}, - }, - Proto: conntrack.ProtoTuple{ - Protocol: 6, - SourcePort: 60001, - DestinationPort: 200, - }, + tuple5 = flowexporter.Tuple{ + SourceAddress: net.IP{1, 2, 3, 4}, + DestinationAddress: net.IP{100, 50, 25, 5}, + Protocol: 6, + SourcePort: 60001, + DestinationPort: 200, } - revTuple5 = conntrack.Tuple{ - IP: conntrack.IPTuple{ - SourceAddress: net.IP{100, 50, 25, 5}, - DestinationAddress: net.IP{1, 2, 3, 4}, - }, - Proto: conntrack.ProtoTuple{ - Protocol: 6, - SourcePort: 200, - DestinationPort: 60001, - }, + revTuple5 = flowexporter.Tuple{ + SourceAddress: net.IP{100, 50, 25, 5}, + DestinationAddress: net.IP{1, 2, 3, 4}, + Protocol: 6, + SourcePort: 200, + DestinationPort: 60001, } ) -func TestConnTrack_DumpFilter(t *testing.T) { +func TestConnTrack_DumpFlows(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() // Create flows to test - antreaFlow := conntrack.Flow{ + antreaFlow := &flowexporter.Connection{ TupleOrig: tuple3, TupleReply: revTuple3, Zone: openflow.CtZone, } - antreaServiceFlow := conntrack.Flow{ + antreaServiceFlow := &flowexporter.Connection{ TupleOrig: tuple5, TupleReply: revTuple5, Zone: openflow.CtZone, } - antreaGWFlow := conntrack.Flow{ + antreaGWFlow := &flowexporter.Connection{ TupleOrig: tuple4, TupleReply: revTuple4, Zone: openflow.CtZone, } - nonAntreaFlow := conntrack.Flow{ + nonAntreaFlow := &flowexporter.Connection{ TupleOrig: tuple4, TupleReply: revTuple4, Zone: 100, } - testFlows := []conntrack.Flow{antreaFlow, antreaServiceFlow, antreaGWFlow, nonAntreaFlow} + testFlows := []*flowexporter.Connection{antreaFlow, antreaServiceFlow, antreaGWFlow, nonAntreaFlow} // Create mock ConnTrackPoller interface mockCTPoller := connectionstest.NewMockConnTrackPoller(ctrl) @@ -145,7 +123,7 @@ func TestConnTrack_DumpFilter(t *testing.T) { mockCTPoller.EXPECT().Dial().Return(nil) mockCTPoller.EXPECT().DumpFilter(conntrack.Filter{}).Return(testFlows, nil) - connTrack := NewConnTrack(nodeConfig, serviceCIDR, mockCTPoller) + connTrack := NewConnTrack(mockCTPoller, nodeConfig, serviceCIDR, ovsconfig.OVSDatapathSystem) conns, err := connTrack.DumpFlows(openflow.CtZone) if err != nil { t.Errorf("Dump flows function returned error: %v", err) diff --git a/pkg/agent/flowexporter/connections/conntrack_windows.go b/pkg/agent/flowexporter/connections/conntrack_windows.go index 8413669d1c5..56bb9a66e8a 100644 --- a/pkg/agent/flowexporter/connections/conntrack_windows.go +++ b/pkg/agent/flowexporter/connections/conntrack_windows.go @@ -26,28 +26,37 @@ import ( var _ ConnTrack = new(connTrack) type connTrack struct { + connTrackPoller ConnTrackPoller nodeConfig *config.NodeConfig serviceCIDR *net.IPNet - connTrackPoller ConnTrackPoller + datapathType string } -func NewConnTrack(nodeConfig *config.NodeConfig, serviceCIDR *net.IPNet, ctPoller ConnTrackPoller) *connTrack { +func NewConnTrack(ctPoller ConnTrackPoller, nodeConfig *config.NodeConfig, serviceCIDR *net.IPNet, dpType string) *connTrack { return &connTrack{ + ctPoller, nodeConfig, serviceCIDR, - ctPoller, + dpType, } } // TODO: These will be defined when polling from ovs-dpctl dump conntrack is supported -var _ ConnTrackPoller = new(connTrackPoller) +var _ ConnTrackPoller = new(connTrackSystem) +var _ ConnTrackPoller = new(connTrackNetdev) type ConnTrackPoller interface{} -type connTrackPoller struct{} +type connTrackSystem struct{} + +func NewCTPollerSystem() *connTrackSystem { + return &connTrackSystem{} +} + +type connTrackNetdev struct{} -func NewConnTrackPoller() *connTrackPoller { - return &connTrackPoller{} +func NewCTPollerNetdev() *connTrackNetdev { + return &connTrackNetdev{} } func (cp *connTrack) DumpFlows(zoneFilter uint16) ([]*flowexporter.Connection, error) { diff --git a/pkg/agent/flowexporter/connections/testing/mock_connections.go b/pkg/agent/flowexporter/connections/testing/mock_connections.go index 6ff35163bc6..731c9dba9a3 100644 --- a/pkg/agent/flowexporter/connections/testing/mock_connections.go +++ b/pkg/agent/flowexporter/connections/testing/mock_connections.go @@ -21,7 +21,6 @@ package testing import ( gomock "github.com/golang/mock/gomock" - conntrack "github.com/ti-mo/conntrack" flowexporter "github.com/vmware-tanzu/antrea/pkg/agent/flowexporter" reflect "reflect" ) @@ -64,10 +63,10 @@ func (mr *MockConnTrackPollerMockRecorder) Dial() *gomock.Call { } // DumpFilter mocks base method -func (m *MockConnTrackPoller) DumpFilter(arg0 conntrack.Filter) ([]conntrack.Flow, error) { +func (m *MockConnTrackPoller) DumpFilter(arg0 interface{}) ([]*flowexporter.Connection, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "DumpFilter", arg0) - ret0, _ := ret[0].([]conntrack.Flow) + ret0, _ := ret[0].([]*flowexporter.Connection) ret1, _ := ret[1].(error) return ret0, ret1 } diff --git a/pkg/agent/flowexporter/exporter/exporter.go b/pkg/agent/flowexporter/exporter/exporter.go index 79cbe523c36..5bb19b6cb7e 100644 --- a/pkg/agent/flowexporter/exporter/exporter.go +++ b/pkg/agent/flowexporter/exporter/exporter.go @@ -1,11 +1,25 @@ +// Copyright 2020 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package exporter import ( "fmt" "github.com/vmware-tanzu/antrea/pkg/agent/flowexporter/ipfix" + "github.com/vmware-tanzu/antrea/pkg/util/env" "hash/fnv" "net" - "os" "strings" "time" "unicode" @@ -50,29 +64,15 @@ type FlowExporter interface { } type flowExporter struct { - flowRecords flowrecords.FlowRecords - process ipfix.IPFIXExportingProcess - elementsList []*ipfixentities.InfoElement - templateID uint16 -} - -func getNodeName() (string, error) { - const nodeNameEnvKey = "NODE_NAME" - nodeName := os.Getenv(nodeNameEnvKey) - if nodeName != "" { - return nodeName, nil - } - klog.Infof("Environment variable %s not found, using hostname instead", nodeNameEnvKey) - var err error - nodeName, err = os.Hostname() - if err != nil { - return "", fmt.Errorf("failed to get local hostname: %v", err) - } - return nodeName, nil + flowRecords flowrecords.FlowRecords + process ipfix.IPFIXExportingProcess + elementsList []*ipfixentities.InfoElement + exportInterval time.Duration + templateID uint16 } func genObservationID() (uint32, error) { - name, err := getNodeName() + name, err := env.GetNodeName() if err != nil { return 0, err } @@ -81,7 +81,7 @@ func genObservationID() (uint32, error) { return h.Sum32(), nil } -func InitFlowExporter(collector net.Addr, records flowrecords.FlowRecords) (*flowExporter, error) { +func InitFlowExporter(collector net.Addr, records flowrecords.FlowRecords, expInterval time.Duration) (*flowExporter, error) { // Create IPFIX exporting expProcess and initialize registries and other related entities obsID, err := genObservationID() if err != nil { @@ -98,6 +98,7 @@ func InitFlowExporter(collector net.Addr, records flowrecords.FlowRecords) (*flo records, expProcess, nil, + expInterval, 0, } @@ -115,12 +116,15 @@ func InitFlowExporter(collector net.Addr, records flowrecords.FlowRecords) (*flo func (exp *flowExporter) Run(stopCh <-chan struct{}) { klog.Infof("Start exporting IPFIX flow records") + ticker := time.NewTicker(exp.exportInterval) + defer ticker.Stop() + for { select { case <-stopCh: exp.process.CloseConnToCollector() break - case <-time.After(flowexporter.FlowExportInterval): + case <-ticker.C: err := exp.flowRecords.BuildFlowRecords() if err != nil { klog.Errorf("Error when building flow records: %v", err) diff --git a/pkg/agent/flowexporter/exporter/exporter_test.go b/pkg/agent/flowexporter/exporter/exporter_test.go index 6a88b6c791a..ebc7a5cda95 100644 --- a/pkg/agent/flowexporter/exporter/exporter_test.go +++ b/pkg/agent/flowexporter/exporter/exporter_test.go @@ -1,3 +1,17 @@ +// Copyright 2020 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package exporter import ( @@ -25,6 +39,7 @@ func TestFlowExporter_sendTemplateRecord(t *testing.T) { nil, mockIPFIXExpProc, nil, + 60 * time.Second, 256, } // Following consists of all elements that are in IANAInfoElements and AntreaInfoElements (globals) @@ -131,6 +146,7 @@ func TestFlowExporter_sendDataRecord(t *testing.T) { nil, mockIPFIXExpProc, elemList, + 60 * time.Second, 256, } // Expect calls required diff --git a/pkg/agent/flowexporter/flowrecords/flowrecords.go b/pkg/agent/flowexporter/flowrecords/flowrecords.go index b124fd2a7cc..3fd89b02423 100644 --- a/pkg/agent/flowexporter/flowrecords/flowrecords.go +++ b/pkg/agent/flowexporter/flowrecords/flowrecords.go @@ -1,3 +1,17 @@ +// Copyright 2020 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package flowrecords import ( diff --git a/pkg/agent/flowexporter/ipfix/ipfixprocess.go b/pkg/agent/flowexporter/ipfix/ipfixprocess.go index 90093725894..6e3ee65172a 100644 --- a/pkg/agent/flowexporter/ipfix/ipfixprocess.go +++ b/pkg/agent/flowexporter/ipfix/ipfixprocess.go @@ -1,3 +1,17 @@ +// Copyright 2020 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package ipfix import ( diff --git a/pkg/agent/flowexporter/ipfix/ipfixrecord.go b/pkg/agent/flowexporter/ipfix/ipfixrecord.go index ebb6708db1d..536135b9564 100644 --- a/pkg/agent/flowexporter/ipfix/ipfixrecord.go +++ b/pkg/agent/flowexporter/ipfix/ipfixrecord.go @@ -1,3 +1,17 @@ +// Copyright 2020 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package ipfix import ( diff --git a/pkg/agent/flowexporter/types.go b/pkg/agent/flowexporter/types.go index 8e5f5b7329a..b38e9bfc294 100644 --- a/pkg/agent/flowexporter/types.go +++ b/pkg/agent/flowexporter/types.go @@ -20,11 +20,6 @@ import ( "time" ) -const ( - PollInterval = 5 * time.Second - FlowExportInterval = 120 * time.Second -) - type ConnectionKey [5]string type FlowRecordUpdate func(key ConnectionKey, cxn Connection) error @@ -40,12 +35,13 @@ type Tuple struct { type Connection struct { // Fields from conntrack flows - ID uint32 - Timeout uint32 - StartTime time.Time - StopTime time.Time - Zone uint16 - StatusFlag uint32 + ID uint32 + Timeout uint32 + StartTime time.Time + StopTime time.Time + Zone uint16 + StatusFlag uint32 + // TODO: Have a separate field for protocol. No need to keep it in Tuple. TupleOrig, TupleReply Tuple OriginalPackets, OriginalBytes uint64 ReversePackets, ReverseBytes uint64 diff --git a/pkg/agent/flowexporter/utils.go b/pkg/agent/flowexporter/utils.go index 59f9a55f29a..f74e97e6589 100644 --- a/pkg/agent/flowexporter/utils.go +++ b/pkg/agent/flowexporter/utils.go @@ -14,7 +14,9 @@ package flowexporter -import "strconv" +import ( + "strconv" +) // NewConnectionKey creates 5-tuple of flow as connection key func NewConnectionKey(conn *Connection) ConnectionKey { diff --git a/pkg/util/ip/ip.go b/pkg/util/ip/ip.go index 2af91343451..b2eecf733ba 100644 --- a/pkg/util/ip/ip.go +++ b/pkg/util/ip/ip.go @@ -19,6 +19,7 @@ import ( "fmt" "net" "sort" + "strings" "github.com/vmware-tanzu/antrea/pkg/apis/networking/v1beta1" ) @@ -28,6 +29,15 @@ const ( v6BitLen = 8 * net.IPv6len ) +// Following map is for converting protocol name (string) to protocol identifier +var protocols = map[string]uint8{ + "icmp": 1, + "igmp": 2, + "tcp": 6, + "udp": 17, + "ipv6-icmp": 58, +} + // This function takes in one allow CIDR and multiple except CIDRs and gives diff CIDRs // in allowCIDR eliminating except CIDRs. It currently supports only IPv4. except CIDR input // can be changed. @@ -141,8 +151,18 @@ func IPNetToNetIPNet(ipNet *v1beta1.IPNet) *net.IPNet { return &net.IPNet{IP: ip, Mask: net.CIDRMask(int(ipNet.PrefixLength), bits)} } -// Function to transform net.IPNet to Antrea IPNet +// NetIPNetToIPNet transforms net.IPNet to Antrea IPNet func NetIPNetToIPNet(ipNet *net.IPNet) *v1beta1.IPNet { prefix, _ := ipNet.Mask.Size() return &v1beta1.IPNet{IP: v1beta1.IPAddress(ipNet.IP), PrefixLength: int32(prefix)} } + +// LookupProtocolMap return protocol identifier given protocol name +func LookupProtocolMap(name string) (uint8, error) { + lowerCaseStr := strings.ToLower(name) + proto, found := protocols[lowerCaseStr] + if !found { + return 0, fmt.Errorf("unknown IP protocol specified: %s", name) + } + return proto, nil +} \ No newline at end of file diff --git a/test/e2e/bandwidth_test.go b/test/e2e/bandwidth_test.go index 5bedb4b292e..b0bd6151039 100644 --- a/test/e2e/bandwidth_test.go +++ b/test/e2e/bandwidth_test.go @@ -32,13 +32,13 @@ func TestBenchmarkBandwidthIntraNode(t *testing.T) { t.Fatalf("Error when setting up test: %v", err) } defer teardownTest(t, data) - if err := data.createPodOnNode("perftest-a", masterNodeName(), perftoolImage, nil, nil, nil, nil); err != nil { + if err := data.createPodOnNode("perftest-a", masterNodeName(), perftoolImage, nil, nil, nil, nil, false); err != nil { t.Fatalf("Error when creating the perftest client Pod: %v", err) } if err := data.podWaitForRunning(defaultTimeout, "perftest-a", testNamespace); err != nil { t.Fatalf("Error when waiting for the perftest client Pod: %v", err) } - if err := data.createPodOnNode("perftest-b", masterNodeName(), perftoolImage, nil, nil, nil, []v1.ContainerPort{{Protocol: v1.ProtocolTCP, ContainerPort: iperfPort}}); err != nil { + if err := data.createPodOnNode("perftest-b", masterNodeName(), perftoolImage, nil, nil, nil, []v1.ContainerPort{{Protocol: v1.ProtocolTCP, ContainerPort: iperfPort}}, false); err != nil { t.Fatalf("Error when creating the perftest server Pod: %v", err) } podBIP, err := data.podWaitForIP(defaultTimeout, "perftest-b", testNamespace) @@ -64,13 +64,13 @@ func benchmarkBandwidthService(t *testing.T, endpointNode, clientNode string) { if err != nil { t.Fatalf("Error when creating perftest service: %v", err) } - if err := data.createPodOnNode("perftest-a", clientNode, perftoolImage, nil, nil, nil, nil); err != nil { + if err := data.createPodOnNode("perftest-a", clientNode, perftoolImage, nil, nil, nil, nil, false); err != nil { t.Fatalf("Error when creating the perftest client Pod: %v", err) } if err := data.podWaitForRunning(defaultTimeout, "perftest-a", testNamespace); err != nil { t.Fatalf("Error when waiting for the perftest client Pod: %v", err) } - if err := data.createPodOnNode("perftest-b", endpointNode, perftoolImage, nil, nil, nil, []v1.ContainerPort{{Protocol: v1.ProtocolTCP, ContainerPort: iperfPort}}); err != nil { + if err := data.createPodOnNode("perftest-b", endpointNode, perftoolImage, nil, nil, nil, []v1.ContainerPort{{Protocol: v1.ProtocolTCP, ContainerPort: iperfPort}}, false); err != nil { t.Fatalf("Error when creating the perftest server Pod: %v", err) } if err := data.podWaitForRunning(defaultTimeout, "perftest-b", testNamespace); err != nil { diff --git a/test/e2e/fixtures.go b/test/e2e/fixtures.go index 82f6d31567c..0ca3df0e0e0 100644 --- a/test/e2e/fixtures.go +++ b/test/e2e/fixtures.go @@ -22,6 +22,11 @@ import ( "time" ) +const ( + ipfixCollectorImage = "antrea/ipfixcollector" + ipfixCollectorPort = "4739" +) + func skipIfNotBenchmarkTest(tb testing.TB) { if !testOptions.withBench { tb.Skipf("Skipping benchmark test: %s", tb.Name()) @@ -74,6 +79,41 @@ func setupTest(tb testing.TB) (*TestData, error) { return data, nil } +func setupTestWithIPFIXCollector(tb testing.TB) (*TestData, error) { + data := &TestData{} + tb.Logf("Creating K8s clientset") + // TODO: it is probably not needed to re-create the clientset in each test, maybe we could + // just keep it in clusterInfo? + if err := data.createClient(); err != nil { + return nil, err + } + tb.Logf("Creating '%s' K8s Namespace", testNamespace) + if err := data.createTestNamespace(); err != nil { + return nil, err + } + // Create pod using ipfix collector image + if err := data.createPodOnNode("ipfix-collector", masterNodeName(), ipfixCollectorImage, nil, nil, nil, nil, true); err != nil { + tb.Fatalf("Error when creating the ipfix collector Pod: %v", err) + } + ipfixCollIP, err := data.podWaitForIP(defaultTimeout, "ipfix-collector", testNamespace) + if err != nil { + tb.Fatalf("Error when waiting to get ipfix collector Pod IP: %v", err) + } + tb.Logf("Applying Antrea YAML with ipfix collector address") + if err := data.deployAntreaFlowExporter(ipfixCollIP + ":" + ipfixCollectorPort + ":tcp"); err != nil { + return data, err + } + tb.Logf("Waiting for all Antrea DaemonSet Pods") + if err := data.waitForAntreaDaemonSetPods(defaultTimeout); err != nil { + return data, err + } + tb.Logf("Checking CoreDNS deployment") + if err := data.checkCoreDNSPods(defaultTimeout); err != nil { + return data, err + } + return data, nil +} + func logsDirForTest(testName string) string { // a filepath-friendly timestamp format. const timeFormat = "Jan02-15-04-05" diff --git a/test/e2e/flowexporter_test.go b/test/e2e/flowexporter_test.go new file mode 100644 index 00000000000..ef11bf95238 --- /dev/null +++ b/test/e2e/flowexporter_test.go @@ -0,0 +1,134 @@ +// Copyright 2020 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package e2e + +import ( + "encoding/hex" + "fmt" + "math" + "regexp" + "strconv" + "strings" + "testing" + + "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" +) + +// TestFlowExporter runs flow exporter to export flow records for flows. +// Flows are deployed between Pods on same node. +func TestFlowExporter(t *testing.T) { + skipIfProviderIs(t, "kind", "flow exporter is not supported for OVS datatype netdev") + // Should I add skipBenchmark as this runs iperf? + + data, err := setupTestWithIPFIXCollector(t) + if err != nil { + t.Fatalf("Error when setting up test: %v", err) + } + defer teardownTest(t, data) + + if err := data.createPodOnNode("perftest-a", masterNodeName(), perftoolImage, nil, nil, nil, nil, false); err != nil { + t.Fatalf("Error when creating the perftest client Pod: %v", err) + } + podAIP, err := data.podWaitForIP(defaultTimeout, "perftest-a", testNamespace) + if err != nil { + t.Fatalf("Error when waiting for the perftest client Pod: %v", err) + } + if err := data.createPodOnNode("perftest-b", masterNodeName(), perftoolImage, nil, nil, nil, []v1.ContainerPort{{Protocol: v1.ProtocolTCP, ContainerPort: iperfPort}}, false); err != nil { + t.Fatalf("Error when creating the perftest server Pod: %v", err) + } + podBIP, err := data.podWaitForIP(defaultTimeout, "perftest-b", testNamespace) + if err != nil { + t.Fatalf("Error when getting the perftest server Pod's IP: %v", err) + } + + stdout, _, err := data.runCommandFromPod(testNamespace, "perftest-a", "perftool", []string{"bash", "-c", fmt.Sprintf("iperf3 -c %s|grep sender|awk '{print $7,$8}'", podBIP)}) + if err != nil { + t.Fatalf("Error when running iperf3 client: %v", err) + } + bandwidth := strings.TrimSpace(stdout) + + rc, collectorOutput, _, err := provider.RunCommandOnNode(masterNodeName(), fmt.Sprintf("kubectl logs ipfix-collector -n antrea-test")) + if err != nil || rc != 0 { + t.Fatalf("error when getting logs %v, rc: %v", err, rc) + } + + // Manipulate IPFIX collector output + re := regexp.MustCompile("(?m)^.*" + "#" + ".*$[\r\n]+") + collectorOutput = re.ReplaceAllString(collectorOutput, "") + collectorOutput = strings.TrimSpace(collectorOutput) + recordSlices := strings.Split(collectorOutput, "IPFIX-HDR:") + // Delete the first element from recordSlices + recordSlices[0] = recordSlices[len(recordSlices)-1] + recordSlices[len(recordSlices)-1] = "" + recordSlices = recordSlices[:len(recordSlices)-1] + // Iterate over recordSlices and build some results to test with expected results + templateRecords := 0 + dataRecordsIntraNode := 0 + for _, record := range recordSlices { + if strings.Contains(record, "TEMPLATE RECORD") { + templateRecords = templateRecords + 1 + } + + if strings.Contains(record, podAIP) && strings.Contains(record, podBIP) { + dataRecordsIntraNode = dataRecordsIntraNode + 1 + // Check if records have both Pod name and Pod namespace or not + if !strings.Contains(record, hex.EncodeToString([]byte("perftest-a"))) { + t.Fatalf("Records with podAIP does not have pod name") + } + if !strings.Contains(record, hex.EncodeToString([]byte("perftest-b"))) { + t.Fatalf("Records with podBIP does not have pod name") + } + if !strings.Contains(record, hex.EncodeToString([]byte(testNamespace))) { + t.Fatalf("Records with podAIP and podBIP does not have pod namespace") + } + // Check the bandwidth using octetDeltaCount in data records sent in second ipfix interval + if strings.Contains(record, "seqno=2") || strings.Contains(record, "seqno=3") { + // One of them has no bytes ignore that + if !strings.Contains(record, "octetDeltaCount: 0") { + //split the record in lines to compute bandwidth + splitLines := strings.Split(record, "\n") + for _, line := range splitLines { + if strings.Contains(line, "octetDeltaCount") { + lineSlice := strings.Split(line, ":") + deltaBytes, err := strconv.ParseFloat(strings.TrimSpace(lineSlice[1]), 64) + if err != nil { + t.Fatalf("Error in converting octetDeltaCount to int type") + } + // compute the bandwidth using 5s as interval + recBandwidth := (deltaBytes * 8.0) / (5.0 * math.Pow10(9)) + // bandwidth from iperf output + bwSlice := strings.Split(bandwidth, " ") + iperfBandwidth, err := strconv.ParseFloat(bwSlice[0], 64) + if err != nil { + t.Fatalf("Error in converting iperf bandwidth to float64 type") + } + // Check if at least the first digit is equal, i.e., 42 Gb/s and 48 Gb/s are considered equal + // we cannot guarantee both will be exactly same. Logging both values to give visibility. + t.Logf("Iperf bandwidth: %v", iperfBandwidth) + t.Logf("IPFIX record bandwidth: %v", recBandwidth) + assert.Equal(t, int(recBandwidth/10), int(float64(iperfBandwidth)/10), "Iperf bandwidth and IPFIX record bandwidth should be similar") + break + } + } + } + } + } + } + assert.Equal(t, templateRecords, clusterInfo.numNodes, "Each agent should send out template record") + // Single iperf resulting in two connections with separate ports. Suspecting second flow to be control flow to exchange + // stats info. As 5s is export interval and iperf traffic runs for 10s, we expect 4 records. + assert.Equal(t, dataRecordsIntraNode, 4, "Iperf flow should have expected number of connections") +} diff --git a/test/e2e/framework.go b/test/e2e/framework.go index a57e2fd420e..08935d0a7da 100644 --- a/test/e2e/framework.go +++ b/test/e2e/framework.go @@ -43,7 +43,7 @@ import ( ) const ( - defaultTimeout time.Duration = 90 * time.Second + defaultTimeout = 90 * time.Second // antreaNamespace is the K8s Namespace in which all Antrea resources are running. antreaNamespace string = "kube-system" @@ -282,6 +282,7 @@ func (data *TestData) deployAntreaCommon(yamlFile string, extraOptions string) e if err != nil || rc != 0 { return fmt.Errorf("error when waiting for Antrea rollout to complete") } + return nil } @@ -295,6 +296,46 @@ func (data *TestData) deployAntreaIPSec() error { return data.deployAntreaCommon(antreaIPSecYML, "") } +// deployAntreaFlowExporter deploys Antrea with flow exporter config params enabled. +func (data *TestData) deployAntreaFlowExporter(ipfixCollector string) error { + // This is to add ipfixCollector address and pollAndExportInterval config params to antrea agent configmap + cmd := fmt.Sprintf("sed -i.bak -E 's|#flowCollectorAddr: \"\"|flowCollectorAddr: \"%s\"|g' %s", ipfixCollector, antreaYML) + rc, _, _, err := provider.RunCommandOnNode(masterNodeName(), cmd) + if err != nil || rc != 0 { + return fmt.Errorf("error when changing yamlFile %s on the master Node %s: %v rc: %v", antreaYML, masterNodeName(), err, rc) + } + // pollAndExportInterval is added as harcoded value "1s:5s" + cmd = fmt.Sprintf("sed -i.bak -E 's|#pollAndExportInterval: \"\"|pollAndExportInterval: \"1s:5s\"|g' %s", antreaYML) + rc, _, _, err = provider.RunCommandOnNode(masterNodeName(), cmd) + if err != nil || rc != 0 { + return fmt.Errorf("error when changing yamlFile %s on the master Node %s: %v rc: %v", antreaYML, masterNodeName(), err, rc) + } + + // Delete and re-deploy antrea for config map settings to take effect. + // Question: Can end-to-end tests run in parallel? Is there an issue deleting Antrea daemon set? + // TODO: Remove this when configmap can be changed runtime + if err := data.deleteAntrea(defaultTimeout); err != nil { + return err + } + if err := data.deployAntreaCommon(antreaYML, ""); err != nil { + return err + } + + // Change the yaml file back for others to consume + cmd = fmt.Sprintf("sed -i.bak -E 's|flowCollectorAddr: \"%s\"|#flowCollectorAddr: \"\"|g' %s", ipfixCollector, antreaYML) + rc, _, _, err = provider.RunCommandOnNode(masterNodeName(), cmd) + if err != nil || rc != 0 { + return fmt.Errorf("error when changing yamlFile %s back on the master Node %s: %v rc: %v", antreaYML, masterNodeName(), err, rc) + } + cmd = fmt.Sprintf("sed -i.bak -E 's|pollAndExportInterval: \"1s:5s\"|#pollAndExportInterval: \"\"|g' %s", antreaYML) + rc, _, _, err = provider.RunCommandOnNode(masterNodeName(), cmd) + if err != nil || rc != 0 { + return fmt.Errorf("error when changing yamlFile %s back on the master Node %s: %v rc: %v", antreaYML, masterNodeName(), err, rc) + } + + return nil +} + // waitForAntreaDaemonSetPods waits for the K8s apiserver to report that all the Antrea Pods are // available, i.e. all the Nodes have one or more of the Antrea daemon Pod running and available. func (data *TestData) waitForAntreaDaemonSetPods(timeout time.Duration) error { @@ -451,10 +492,13 @@ func getImageName(uri string) string { // createPodOnNode creates a pod in the test namespace with a container whose type is decided by imageName. // Pod will be scheduled on the specified Node (if nodeName is not empty). -func (data *TestData) createPodOnNode(name string, nodeName string, image string, command []string, args []string, env []v1.EnvVar, ports []v1.ContainerPort) error { +func (data *TestData) createPodOnNode(name string, nodeName string, image string, command []string, args []string, env []v1.EnvVar, ports []v1.ContainerPort, hostNetwork bool) error { // image could be a fully qualified URI which can't be used as container name and label value, // extract the image name from it. imageName := getImageName(image) + if strings.Contains(image, "ipfix") { + imageName = "ipfixcollector" + } podSpec := v1.PodSpec{ Containers: []v1.Container{ { @@ -468,6 +512,7 @@ func (data *TestData) createPodOnNode(name string, nodeName string, image string }, }, RestartPolicy: v1.RestartPolicyNever, + HostNetwork: hostNetwork, } if nodeName != "" { podSpec.NodeSelector = map[string]string{ @@ -503,7 +548,7 @@ func (data *TestData) createPodOnNode(name string, nodeName string, image string // Pod will be scheduled on the specified Node (if nodeName is not empty). func (data *TestData) createBusyboxPodOnNode(name string, nodeName string) error { sleepDuration := 3600 // seconds - return data.createPodOnNode(name, nodeName, "busybox", []string{"sleep", strconv.Itoa(sleepDuration)}, nil, nil, nil) + return data.createPodOnNode(name, nodeName, "busybox", []string{"sleep", strconv.Itoa(sleepDuration)}, nil, nil, nil, false) } // createBusyboxPod creates a Pod in the test namespace with a single busybox container. @@ -514,7 +559,7 @@ func (data *TestData) createBusyboxPod(name string) error { // createNginxPodOnNode creates a Pod in the test namespace with a single nginx container. The // Pod will be scheduled on the specified Node (if nodeName is not empty). func (data *TestData) createNginxPodOnNode(name string, nodeName string) error { - return data.createPodOnNode(name, nodeName, "nginx", []string{}, nil, nil, nil) + return data.createPodOnNode(name, nodeName, "nginx", []string{}, nil, nil, nil, false) } // createNginxPod creates a Pod in the test namespace with a single nginx container. @@ -533,7 +578,7 @@ func (data *TestData) createServerPod(name string, portName string, portNum int, // If hostPort is to be set, it must match the container port number. port.HostPort = int32(portNum) } - return data.createPodOnNode(name, "", image, nil, []string{cmd}, []v1.EnvVar{env}, []v1.ContainerPort{port}) + return data.createPodOnNode(name, "", image, nil, []string{cmd}, []v1.EnvVar{env}, []v1.ContainerPort{port}, false) } // deletePod deletes a Pod in the test namespace.