From 5298e3b3ca516e0f571cd527c527b86437162b37 Mon Sep 17 00:00:00 2001 From: Ravindranath C K Date: Sat, 18 Feb 2023 13:22:37 +0530 Subject: [PATCH 1/3] This document describes the SONiC ACL optimization for using IPv4 ACL rules in L3V6 ACL tables on platforms optimized for this. --- doc/acl/Extend-L3V6ACLs.md | 308 +++++++++++++++++++++++++++++++ doc/acl/img/acl-dont-merge.png | Bin 0 -> 40802 bytes doc/acl/img/acl-hw-merge.png | Bin 0 -> 35748 bytes doc/acl/img/acl-merge.png | Bin 0 -> 28140 bytes doc/acl/img/acl-mirror-merge.png | Bin 0 -> 33308 bytes 5 files changed, 308 insertions(+) create mode 100644 doc/acl/Extend-L3V6ACLs.md create mode 100644 doc/acl/img/acl-dont-merge.png create mode 100644 doc/acl/img/acl-hw-merge.png create mode 100644 doc/acl/img/acl-merge.png create mode 100644 doc/acl/img/acl-mirror-merge.png diff --git a/doc/acl/Extend-L3V6ACLs.md b/doc/acl/Extend-L3V6ACLs.md new file mode 100644 index 0000000000..c21948c743 --- /dev/null +++ b/doc/acl/Extend-L3V6ACLs.md @@ -0,0 +1,308 @@ +# Combine L3 ACL and L3V6 ACL Tables on supported platforms + +## Introduction to L3 and L3V6 ACL Table Types +SONiC supports different in-built ACL Table types. These ACL table types have pre-defined set of ACL match-fields, ACL actions and bind points. L3 and L3V6 are such in-built ACL Table types. These ACL tables support packet actions like drop, redirect etc. + +L3 ACL Table type supports matching IPv4 fields like Source IPv4 address, Destination IPv4 address etc. + Similarly, L3V6 ACL Table type supports matching IPv6 fields like Source IPv6 address, Destination IPv6 address etc. + +## Problem overview +Currently SONiC creates separate SAI ACL tables for L3 and L3V6 ACLs. In some ASICs, if a user wants both v4 and v6 rules, they would end up using two hardware ACL tables instead of one. This is sub-optimal in ASICs where both v4 and v6 ACLs can be supported using the same hardware ACL table. + +The proposal is to give the operator an ability to configure L3 and L3V6 ACLs in the same hardware ACL Table wherever the underlying platform supports it. + +**Note**: SONiC already supports this optimization for MIRROR and MIRRORV6 ACL tables. Only L3 and L3V6 ACL tables have not been optimized so far. + + +## Table of Contents +- [Combine L3 ACL and L3V6 ACL Tables on supported platforms](#combine-l3-acl-and-l3v6-acl-tables-on-supported-platforms) + - [Introduction to L3 and L3V6 ACL Table Types](#introduction-to-l3-and-l3v6-acl-table-types) + - [Problem overview](#problem-overview) + - [Table of Contents](#table-of-contents) + - [Revision](#revision) + - [Scope](#scope) + - [Terminology](#terminology) + - [Overview](#overview) + - [Requirements](#requirements) + - [Architecture Design](#architecture-design) + - [High-Level Design](#high-level-design) + - [Option-A: Follow the _existing_ optimization for Mirror ACL table](#option-a-follow-the-existing-optimization-for-mirror-acl-table) + - [Pros](#pros) + - [Cons](#cons) + - [Option-B: Include IPv4 match fields in table type L3V6](#option-b-include-ipv4-match-fields-in-table-type-l3v6) + - [Pros](#pros-1) + - [Cons](#cons-1) + - [Option-C: Create a new ACL Table Type L3V4V6](#option-c-create-a-new-acl-table-type-l3v4v6) + - [Pros and Cons](#pros-and-cons) + - [Implementation](#implementation) + - [Orchagent](#orchagent) + - [STATE\_DB](#state_db) + - [SAI API](#sai-api) + - [Configuration and management](#configuration-and-management) + - [Warmboot and Fastboot Design Impact](#warmboot-and-fastboot-design-impact) + - [Restrictions/Limitations](#restrictionslimitations) + - [Testing Requirements/Design](#testing-requirementsdesign) + - [Unit Test cases](#unit-test-cases) + - [System Test cases](#system-test-cases) + +### Revision + +| Rev | Date | Author | Change Description | +|:---:|:--------:|:---------------:|--------------------| +| 0.1 | 18/Feb/23 | Ravindranath (**Marvell**) | Initial Version. | + +### Scope + + +This document provides the high level design in SONiC to combine L3 and L3V6 ACL tables in SAI on supported hardware. + +### Terminology + + + +| SONiC User ACL Table Types | Description | +|---------------|--------------------| +| __L3__ ACL table type | A built-in ACL table type in SONiC that can match __IPv4__ fields along with incoming port and support ACL redirect and packet ACL actions.| +| __L3V6__ ACL table type | A built-in ACL table type in SONiC that can match __IPv6__ fields along with incoming port and support redirect and packet ACL actions.| +| __Mirror__ ACL table type | A built-in ACL table type in SONiC that can match __IPv4__ fields and supports __Mirror__ ACL action. | +| __MirrorV6__ ACL table type | A built-in ACL table type in SONiC that can match __IPv6__ fields and supports __Mirror__ ACL action. | +| __Custom__ ACL table types | A recent enhancement where one or more ACL table types can be created by the user specifying the match-field list, action-list and the bindpoint-types list.| + + +### Overview + +This document describes the orchagent support by which user created L3 ACL table and L3V6 ACL tables are combined into a single SAI/ASIC ACL table on platforms optimized for this feature. + +In several ASICs, IPv4 and IPv6 ACL rules can be supported in the same ACL table. Further, in many hardware, when the hardware tables (TCAMs) are configured to match IPv6 addresses, the hardware can use the same resources to match the corresponding IPv4 packet fields without incurring additional hardware resources. For example, IPv6 Destination address (128b) and IPv4 Destination address (32b) keys can be fit using only 128 bits instead of 128 + 32bits. + + +

+Hardware optimization for matching v4 in V6 ACL Table optimization +

+ + + So in these types of hardware, during ACL table creation, when a v6 match field is added, it is desirable to add the corresponding v4 match field. This does not cost any extra hardware resource and at the same time gives the user the flexibility to create IPv4 ACL rules in these ACL tables. + +Note: SAI lacks a mechanism to identify this platform capability and it is left for the NOS to customise the ACL tables based on the platform type. +Refer https://github.com/opencomputeproject/SAI/pull/1408#issue-1126526787 + +### Requirements + +1. Support v6 and v4 ACL rules with a single underlying SAI ACL table. + * This will be enabled only on platforms needing this optimization. +2. Allow the operator the flexibility to choose when to use this optimization +3. Reduce the amount of changes that the operator must do to their existing ACL configuration to use this optimization. + + +### Architecture Design + + ACL Orchagent is enhanced to achieve these requirements. This design is largely similar to the existing optimization done in SONiC for Mirror ACL tables. There are no architecture changes to current SONiC. + +### High-Level Design + +The following design options were considered for implementing this solution: +- **Option-A**: Follow the existing SONiC behavior to combine Mirror ACL table and MirrorV6 ACL table. +- **Option-B**: Extend the existing L3V6 ACL table type to include v4 fields. +- **Option-C**: Create a new ACL table type that combines v4 and v6 say L3V4V6. + + +#### Option-A: Follow the _existing_ optimization for Mirror ACL table + +Today, Orchagent already optimizes Mirror and MirrorV6 ACL table creation for platforms that support it. Orchagent does this by using a static compile time check to determine platforms that support v4 and v6 Mirror ACL rules in the same ACL table. On these platforms, when user creates a MirrorV4 (or a MirrorV6) ACL table in the CONFIG_DB, orchagent creates a single SAI ACL Table that has both v4 and v6 match fields. Later, when the user creates another MirrorV6 (or a MirrorV4) ACL table with the same ACL direction in CONFIG_DB, orchagent reuses the previously created SAI ACL table. + +The below diagram illustrates the behavior of the optimization in supported platforms when both these ACL tables are created in the same ACL direction, say ingress. +The user sees two different ACL tables irrespective of the platform. Orchagent, internally enables the optimization based on the platform and this is transparent to the end user. + +

+Current Mirror ACL Table optimization +

+ +##### Pros +- Ease for the operator: the operator does not need to change their ACL configuration based on the platform. The operator configuration remains identical, and orchagent internally does the merging based on the platform type. + +##### Cons +However, this mechanism has several disadvantages + +- Today, the MirrorV4 and v6 ACL tables are combined based on platform specific checks done at compile time. These are done using platform names since SAI does not have a mechanism to detect the ASIC capability to combine tables. The flip side of these platform checks is that the platform vendor has to decide at compile time between these two choices: either always combine or never combine. There is no mechanism to configure this based on the deployments/customers. In some deployments, when the operator has no v6 rules, we would need the optimization disabled so that the hardware TCAM tables width can be reduced. However disabling this optimization would need a new build. + +- SONiC cannot support more than one ACL table type of Mirror. If Orchagent has to support multiple mirror ACL tables, then orchagent has to identify which Mirror table is to be combined with which MirrorV6 table. This would need additional inputs from the operator. + +- With the optimization enabled, the user configuration in CONFIG_DB and the actual ASIC_DB configuration are different. Say the user configures the Mirror ACL table to ports P1 and P2 and MirrorV6 table to port P3 and P4. Orchagent configures the ASIC to bind the combined table to only the ports configured on Mirror ACL table i.e., ports P1 and P2. Ports P3 and P4 do not undergo the ACL table lookup contrary to user's configuration. +- Similarly, when the user deletes one of the ACL tables, orchagent deletes the combined ACL table from the hardware even though the user expects the other ACL table to still be present and bound to the attached ports. + + +#### Option-B: Include IPv4 match fields in table type L3V6 + +As explained before, in several ASIC platforms, including v4 matchfields along with v6 matchfields does not cost extra hardware resources. Hence, on these platforms, v4 matchfields will be included in table type L3V6. In the below table, the second column shows the matchfields in current L3V6 ACL table. The third column shows the matchfields that will be added to L3V6 on platforms that needs this optimization. + + /* + * Type of Tables and Supported Match Types + * |----------------------------------------------------| + * | | Original | New L3V6 on | + * | Match Type | L3V6 | optimized | + * | | | platforms | + * |----------------------------------------------------| + * | MATCH_OUTER_VLAN_ID | √ | √ | + * |----------------------------------------------------| + * | MATCH_ACL_IP_TYPE | √ | √ | + * | MATCH_ETHER_TYPE | | √ | + * |----------------------------------------------------| + * | MATCH_SRC_IPV6 | √ | √ | + * | MATCH_DST_IPV6 | √ | √ | + * | MATCH_SRC_IP | | √ | + * | MATCH_DST_IP | | √ | + * |----------------------------------------------------| + * | MATCH_ICMPV6_TYPE | √ | √ | + * | MATCH_ICMPV6_CODE | √ | √ | + * | MATCH_ICMP_TYPE | | √ | + * | MATCH_ICMP_CODE | | √ | + * |----------------------------------------------------| + * | MATCH_IP_PROTOCOL | √ | √ | + * | MATCH_NEXT_HEADER | √ | √ | + * | ---------------------------------------------------| + * | MATCH_L4_SRC_PORT | √ | √ | + * | MATCH_L4_DST_PORT | √ | √ | + * | MATCH_TCP_FLAGS | √ | √ | + * |----------------------------------------------------| + */ + +##### Pros + + +- Operator can create multiple L3 and L3V6 ACL tables. This would not be possible if we use option-A. +- Gives the flexibility to the operator to utilize unused space in L3V6 ACL table for L3 ACL rules. +

+New L3/L3V6 ACL Table optimization +

+ +- If there are many v4 rules and many v6 rules, the user can continue to use separate L3 and L3V6 ACL Tables. + +

+New L3/L3V6 ACL Table optimization +

+ +- No impact on other platforms + +##### Cons +- If the operator decides to use the optimization, the operator needs to modify the ACL configuration, i.e., operator must modify the V4 ACL rules that need to be placed in L3V6 ACL table- the rule's ACL Table is renamed to the L3V6 ACL table. + +#### Option-C: Create a new ACL Table Type L3V4V6 + +Create a new built-in table type called L3V4V6 with the following match types: + + + /* + * Supported Match Types in a new table type L3V4V6 + * |-------------------------------------| + * | | | + * | Match Type | New L3V4V6 | + * | | | + * |-------------------------------------| + * | MATCH_OUTER_VLAN_ID | √ | + * |-------------------------------------| + * | MATCH_ACL_IP_TYPE | √ | + * | MATCH_ETHER_TYPE | √ | + * |-------------------------------------| + * | MATCH_SRC_IPV6 | √ | + * | MATCH_DST_IPV6 | √ | + * | MATCH_SRC_IP | √ | + * | MATCH_DST_IP | √ | + * |-------------------------------------| + * | MATCH_ICMPV6_TYPE | √ | + * | MATCH_ICMPV6_CODE | √ | + * | MATCH_ICMP_TYPE | √ | + * | MATCH_ICMP_CODE | √ | + * |-------------------------------------| + * | MATCH_IP_PROTOCOL | √ | + * | MATCH_NEXT_HEADER | √ | + * | ------------------------------------| + * | MATCH_L4_SRC_PORT | √ | + * | MATCH_L4_DST_PORT | √ | + * | MATCH_TCP_FLAGS | √ | + * |-------------------------------------| + */ + + +##### Pros and Cons +All the pros and cons of option-B (extending L3V6 ACL table) applies here as well. +Additionally, option-C has the below cons: +- Need platform checks to determine which platforms can support combined v4 and v6 ACL table. +- Even on platforms that support combined v4 and v6 ACL tables, we need additional checks to identify which platforms are optimized to have v4 and v6 in the same ACL table. + +#### Implementation + +Based on the above design considerations, option-B is implemented. +Additionally, a new field is added to the ACL capability in STATE_DB to help applications identify the platforms where v4 fields can be matched in L3V6 ACL tables without additional hardware costs. + +##### Orchagent + +Today, during the initialization of AclOrch, the default built-in ACL table types are created. In this proposal, using platform specific checks, AclOrch identifies platforms where v4 fields can be matched in L3V6 ACL tables without additional hardware costs. On these identified platforms v4 matchfields are supported in L3V6 table. + + ``` aclorch::init() -> initDefaultTableTypes() -> addAclTableType(TABLE_TYPE_L3V6) {``` + + ``` + + : + : + if ( /* platform optimizes v4 in L3V6Table */) { + .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE)) + .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_SRC_IP)) + .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_DST_IP)) + .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE)) + .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_ICMP_CODE)) + } + : + : + } + + ``` + + +##### STATE_DB + +A new field called `optimized_V4_in_L3V6` is added to the ACL capability in STATE_DB. This field is set to true by orchagent during AclOrch init on platforms where v4 fields can be matched in L3V6 ACL tables without additional hardware costs. This provides an interface to the operator to identify the platforms where the operator can choose to add IPv4 ACL rules in L3V6 ACL tables. In the future, this field can be used to validate configuration workflows to prevent a user from adding L3 ACL rules to L3V6 ACL table on unsupported platforms. + +``` +127.0.0.1:6379[6]> hgetall "ACL_STAGE_CAPABILITY_TABLE|INGRESS" + : + : +5) "optimized_V4_in_L3V6" +6) "true" + + +127.0.0.1:6379[6]> hgetall "ACL_STAGE_CAPABILITY_TABLE|EGRESS" + : + : +5) "optimized_V4_in_L3V6" +6) "true" +``` + +### SAI API + +There are no new SAI APIs required for this feature. + +### Configuration and management +No new CLI or datamodel changes are introduced. + +### Warmboot and Fastboot Design Impact +There is no impact on warmboot or fastboot. + +### Restrictions/Limitations +None. + +### Testing Requirements/Design + +#### Unit Test cases +- Verify ACL Capability in STATE_DB on supported platforms. + - The new field `optimized_V4_in_L3V6` must be true. +- Verify ACL Capability in STATE_DB on non-supported platforms. + - The new field `optimized_V4_in_L3V6` must be false. +- Create IPv4 ACL rules (match SRC-IP, DST-IP, ICMP Type, ICMP Code, EtherType) on L3V6 ACL table. + - This MUST pass in supported platforms + - This should fail with meaningful error messages in non-supported platforms. +- On supported platforms, test full ACL workflow: create V4 and V6 ACL Rules on L3V6 ACL Table type, set packet action, get the ACL rules and counters, delete ACL rules and then delete the ACL table. + +#### System Test cases +* Modify existing sonic-mgmt(PTF) __test_acl.py__ to test v4 ACL rules using L3V6 ACL table *on supported platforms* + * Traffic Testing must pass for v4 and v6 + diff --git a/doc/acl/img/acl-dont-merge.png b/doc/acl/img/acl-dont-merge.png new file mode 100644 index 0000000000000000000000000000000000000000..e1e59cb6cf1e1f94da6753fa4fc0f73c6cba99c1 GIT binary patch literal 40802 zcmeFZgJhNxdtTlTt`>cd0$cdxBC3p)52Zt^xA)*8ahmZmX2cL-i=H(X_ ztYm_h3f@UcTnMgWlnC8T zPg@C|_TPOF;NXHR;1K`aNAsor`;vG$Ue5k^{VEIoe@Dzh_)l+yl&n|(X~QS}J?+S= zV*I5-v6s+rf`dcF`Fp^_rGh@f!3n}iihNUXhd)Y30THXFT$j!r-DgA#3Vnj_YD4L- zK;RDMrr!kQ{6sw%&KjlNx+xy!jO3=z-1^!0i8}`a(D>yoXFqjTSs)_{8QFbXWxAZ* z+GV9yp)%0vx149w?|Tp5_Py^j#ma?pk5*o%UUI6UF(ZgF9sjQ^S)6{Un;M{QL~uX{ zVgk&^qPDJBYj$1e9^gk&?_igxn|KY~L1*l?X_j&E41mh`f$tue;0pW8E?J+CCqpJt zCv}UHQ{27^W!NE5D||(KQ&hkqO**EyrN(fK3rXPG)yZc~G`d60V@DC6n!QJ4Qv2ZZ zDWYFFfhFOI5n>Brhjc5YPiwiBe;+<~63cjtrpUc?S;2c5ME7Wyzm)Gq*>L=kZhnHG zNwh0_(1azyJq!w-mYD}C!HPvvIHa~2dfM`21mbt!_sgVL#H~N0hPcQ^R~as)4a~5$ zV-_dRh=yL==^!d(EcoU+M;?k5Oa3&XGhNMBa3sO`;urc!Az!m1ra`h^gRM+eYM!#KljMg-&r6M4vzd`Yfyfoz2~$iw1uh z`(L4r5~=QIq8~mR1nv6Bq<+TA=9lW4$djy`PRpuEOjs#gB+A_9L~p08W>k}ye+!A4 z48aD~9y3aHbZ+r>_%LA+1IwMm|M+yC-xsJ1uNI?$a0scuaA@(9u3&20cy?(s$)nTr z$%RR8iz??&V#H4MoJ0~Dx&>CqGKybOsh+Z|lY-3`WwH!W<_F5=b>8+H5 zcJRyw`9h~o8)T|ta@RclydHa>gWy!!k{}1~v&zsS?mQx8g3DOw#o6dO`&17WLs-V~yEV6IHsjbyR zEdJMPTdZQxTUU$9U$t&6B9A|(iYGWr7XC=U8}U>`>p!4}T1I=IYN2lzgL`ayjI{SZ1Yce}*Swx%1dbhtnB8yNM-4&5$%R5?= zzC%Nb;C0H+l(fnplT=TD@`T)3le!prXS1qz2|XrRg17~!juZQnDwe`hO`C&3WCx=S z>oWS;MC5q!-O+@2kw_+tv5g_j@&(V5!r_F}JJDtVb%HQ0l-yy%;mz>kOhPs}jiCI= zi-{0U|hxN#uKQ%|vGt?<*gxkV{5n;F$*f@rP@q!6;zXD|WX#YOCcd z{&PU!$GOCw^ZB++D>fm& zo_65WkgS;?z$q(mEB1Vd&3IvqY6`6)PNLhdSLl($;-QX{3Wu016xIKL@;IF!&{6X3 zj&|ZO=1#}qGGzoe7FQ=c${QmhNc%5D^val`DX!u=rIdW!5OKR{W)osu`Qv9{;IlH! z|4&4m4X+%%alWlrwh>$;r#dIAh~Jlnq%@u@bPkOO*DsNHyK9qVE^CN=qc>Ex+tO4Q zK9WE67C8%2+??sL%=Gi$U!UKw%8^9Q%o>9rL3zbWWcMMaju-((+b9uE+KwP27OKG< zl7O=L>s`%6r;D~S{GMz4g$1Sq=qnT?;${u0^ups!1jEQa%p_J&6tba2?HI= z_k+96%r-Y^kg`|a3AccX^Mg28quWh#FYc382EOy5XPm0LKEjT87WkoLn?Us)JV@wh zW^w>qZW@T~8pSHetp--;vX`ojK=oY=MynzURQA^)b5KUv>G?W?Q{}lvJE+%p5GDXbETj9Q#H7^M!Jk=DZpM@V%|mbUPil`Yk9YFkY&4ElC~z{NrYi@G z4jf%b@d>z^ciJ;%g)2l=@C(p-)k5Jz1m0*PWya|;7_2m{4ih|BA(%*Hfzb}P=~XfO zno15dA*$FM)<;jnS*@9qR;(irE|XIOElNmBap4@6!L>27BC=ciL`55Qtx8})PX$;O zR0jq1km_fmF3pyjRDiWPz$q+{v;0PiMk3xf6slYN{=N>NL(>_@O+v#*_n}td=0qQN zwpE0J6LCHzrPHS!srDGsW#91yRDDu|`@!4)7X^=S>ZjLRWAKr?G1&K5G)~zfIHpza z0=ARUW(%+)@8HSE`o3_++KsoQVFRfL+yVoGq)Vwju0KS?fTu7_Gts5#8>r-8cROh8 zgXo>*O!1bc_K@yzO2^PHo>t4af}}EI3nbcOb|nn%F}GWcS9)ekKeOY|3cTE)YE*MY zKauUvo3*&5azf0j>$JNv5@scQsnQu^n6-=8G-DZ+D!xM~EkqL={oDdpDutM0a3u<< zUT=!%iyYO=HPd9&o(3J4N>evsX;Wg|Y0@d4#$b;gMo|&Pd2<+y9O&a&zTMlShrmN# z7mG=0IRUwdt$$coP`f2QL4lpL&tMOmBcJ`2F>->6VNjD9@N+y&yAxB75OJOUV z5QsBJixnfaBp(+tW+hR_A``?rMoCeLib4>X7#Y)59iRFkN^X+*{`N-6CXv6y0*xl# zX%`oT=3ZLqn(cl>YG@UgD#4gY0Af_ga*y^MG}p-_E2fKvqS4*4ft+92uXN3oa0nWv zXEIegdg#{;guLPtV5bfkk@_&`;{OOz|)itEIk#` z_9E2M&(sNqoQHc7+l7%LLh|vmlAS+=pHZm7W7XGICOf~}BQa*W{#vk$7ZCpW3V{zDueka(pbGSS;gP> zt?5}1^_{uX5#cp8+~~0iBsn~Q$RFdTsUL;9q_}hs6QYbFJZp|Krr-o><{O)cfU;u6S^Pwa8frr3a1M=b<(u3!5=s4ZHdBq(V##QUBaPgoFg zh#7Vt!A=I#!e6T}YYgXOG2@?wb?U3#vhv46%Je(VZx%diIG?*CSZtPg8wU^x3t~1$xN@k62x@lySxL(Bw4kL@Femc zwKY@1l~?8SzP)f_ec5}USsG>t@Tm`+Z^FK;;ZjI4i}M)vRRSw_`JsF-jq#$|%{`}iiPkQ?S0I_eD7Ke0PJ2&OecP8+ zNTW9P7Ye~9qHRJKx9;SvcpiQ6__d|0+&x47Njz2@%UQZMCph{nS1vEiy?)CXed)jRq}iom+|1d)xt0-q68i=8 zNQHfgCG-64?e{@Xu0RrWRLbrRf|^K$lP!X0a{w^)A7V_kNd8Xwfs!oPgR{OHf4VEf zed)CDj>^$rW(iJqdr&Xe+4l2Po+X{lwpml1BGV2YV3(9Gf-c%ZBsR!kk!c(e@9IXH z(~Bj)&Z&67mEzGp#QWnECSd)Nc6B9-YY`HV~UN)V1 zKWncxqaOnFM#=$uJiAI7ZzCO-?Paila;H(=s2lyAteJ{$?yZ#C(2Aj+5xL&Io)-=o zIUWnXix&yXpNVH#@>quq@6l{Gh=>avMhCPLPa8+wv->Igc#+;uqOc2xV>cmJ*y>vQXv#84m4_RaV|&WbD{ zCR)OP<;aZu;y@z`KWmUdiW)RQ`)AjND9sk^wjE>>lJM(s3)vC4VsR7=N z5e^VXkxvK5j=o$Pw?|i1$X1^iPG1y+!1A#!KE2tsPpi%KvB3OETH4imsliEJT5Cw_ zKDKtifkm)y`D0Z zFBMR)LoTbP;9wAhHr=Z!V!e$toe&>kB$~_V-@wa(nC>9r`$e^MRlSY-9P*N}_V-+= z=nQkV$v1z-1RSMARk+2efXmxIHuFNsIy`8_YYkKbGJ`(6YDr=^I8&zfN`EtPA{-LVL3CEl#sh`v(VM#GJP?_MG)#nJrBIk_gwAOZ1 zT^$!GU>PkmNNOqootJ9X7v;AF!{vn05+cwX@~W87pYVPr{9&StrB^xVjnw3sPOd=b zBYb3h5k1y}2f{}u1~e)YLWXsO;ZC^q-%P8_EYGr0UCYq%Zf|WBn5la)uE_tmRERX~ zNe^0)FR&}?ylHByCT;zIkC3p*p<TjjHC zxvrpAu-G$Dv-8zs9D6wtY<7R+s@io`($LUw(oI7w;3arnu}N3pVl^k);%Fw`y?V5e z!4HSf{bt6Zxa8JFA&8V8*ghvj?D7X{5H*(W76IV1hwHi7C%=nKBPsu-W{R*P_=z7g zvm*Smijcis9yjIGbLU=r?)1d)rl~^D=$WZ{`7v;@VRqJON>K(hXqEwFDzUH)EIb+c}+9q=)?vEVxW^nJo8 z%#@Uaufedg9}%1)=uOg~+UqetLJN~QUzlT9+XLIp;Wm%Ctfk(Y4eXq7On+BXoeR{d z-QO{p=#CN~)ZwkAPi4ta;Ysq7RYMb}Jm17JhCaa3Cn%!$aj|B2H|BFURr7Ad z)yis{2aDo8UFWWwm)m4J`rOtQ+aZsTd+nQ(C8ZOm6)pcKHBZ=im8EIcP>ejM z%rsIP?Rr+&pA^^6UY0Z){qn>U1bj7)O}B@1zFetCQ5l-gonJa*;H2sThfEOQ=z0rQ>a{&Q>Z( ztIcpO&};S)u5<0~H9rP3a$RyxAP)LH*Hoq77wfT~j^VjG~jY z)%5JFO)12=)2X*X#Hzt{&D9Mol&-!W)0Y|Qda{a73^1{GhFRq1(!~|J7+RRI`DIX5 z8TGB2&m5#{TBt&YTlR8$q=UrF(p??LzIRz2enr@E%{;6|XYT&skeTb1oIVU#=3062 zXnU6xQ-HI#%gDviOT*++_~;iKYUw<^pPm#egnKbVG19(p67bSqa$SAD)3jng4%ua1 z!m4k;y+Mph;pa^SxauEqKAkU&C@Nn*jV`M99Gc0H5TO%l6VCLf*eEB;F5QTQeLoIu zIJFFwOJM^L@U`%JT5immPc>xta?svq-zJ*+9q&j!#jFC?awp0t#KrAetUa0MdP_O{ zCXvwyzmtw+uyK#_np{MicZO-@ES)~A?f>Gc{jdPi)Fc~K{fg*$z_0dI(6c&cd5cJSt% zX!F|&>z@}J=5Nx#f*En1+U0Q=0p+#%o~xSJ+oblDZIUKi{14*#*JX+hYn!2^jSSX*b;1|_ z!)MSiD;{|)&NP(IWjTw}BaC|=uLj;_#z89)tBC(VAtLevZnXI`>}4hG8h}_L6~!N> zUqpmkV%dUD)sdvg*ZSezV_63QX%bv+!?W>VXpd(W5+UoCDa6*&PUbXb(tg#5enYDg5x8n1*HVJ=tBx0wmMVW%aawT(F zfGolplAdtLeF-&(GiChh@?}flKsXMAR9qYC@i}CB?WKVuE3cU)BLwPk!oNeOth&Qw z+Zuo3QJIyok1+&L7lH<}J==GSHe9N^9C5CuxqzjvG?-ZDKceq7UvrbB{zJ_df+h>z zV9|z2>?-gjci+={aPzi^0K1BSijt|5P78mwi!VH+-OLw&r#;&SSx%9pr9P@HNKS&< zOd|)-5m0VYLma7igPh(Ymo+xCS!GCuZX@FyJ?LMH{>M0=wueLXTpq~txCd?ZITsz| zs5WomWQz!)PY+(p?fgffee_eol}fj?F=2f+JCsSR7EXm)O{l6s{Vcm?F8kQS0k zUIdZe(kop5iU()9#~_a@+)Vmo%PkE~e!zGc(uU*n%E1BKF4O5Yh4_I}nd&)1`$cQM zpObZW8A)0_0!Gxj2jxz`(!>#RBeBq+>0MfI z^5_8zB5VnT~Q`?2h^H(g@&}de9>(zSP0|@Z>DdX&>u6r>s4Ek%uIJiK=87Wzb*1>@0frC=-TT&U;a&j?L=mLo$6u7&X}T(jp~C-kq!(n^Uh_0 zQ;GSGG@svlBL}Pni5gi_nqJsORZAJmY7oT~NP1=|n%a`^+GQ!4juDU#Q#)WOYEH{h zgi*NG=>F~|t){`<_MKzE8)w-&LlIq`S#I!>cY>-%j%Tbf^ughYc zJcFqB9B}3{1*_#5otVz8yEyAF0xHLkX9<;dnb)w|mASopY-@EdZ;T@^Gp+it!2IV5 zpHH)QS9xq6)`M@vl-ZMB@vpU*&y1Q|#QbhNTZORfg@-m`T=e4U;w9T?zcPcAdK!sM zi~GlVJ&?GlZc#8WSFV0od+shwYrohBANBCaWcqH-=U_fQo#Gs#`k+Uv;YF%R@1|y_ z1pVYG`^47CfP*wW^9K`|rr#J7Ykvtt9$|i!x9yszk zL#}{HWUA?4ZqQy zBAE?Kay~zW9O8WpFt;`Ji4o#mdT}xhA=_gdKy7^QC0#qGw$U7I)>DP82Z7>|(&p!BhKOV`BN0;ud6_GZqH)BoAa4B0l+ z&h-!Q@=Ct0;zfZb$7u}iI_YDf(9c|OB^%s%Pb5;aS+FOxr7D1eKFIt)#a5I~bqH~E zOy_BPoXSrr;#?uO2lO3w@%t`BVmw>iIn#;#Mg>WcBWmBe-wF6e|Ev{L_IARGilE+k zcb6vvc7E|)44WyiU{LFIdY7tDf#Jv z9)De^F4kt)?I~J5t=Oh$bRo3kLAw_{P(q^7V|#Fm^#w1022V6ZRqEEKD0ZSjG41IF z`sFYAU+e(s_g3nt*jJ;sg!1?fcOCF9fe1u@LkUI{D3bDZH1i+Ib%60IzS8EXSXv~UGGsfx0N5`O^>LHT3 zIJ!r(^w*tWqjj~m(8ah)VfP!$GKGbYsye5mas<})3tO!i@Or!bN(Jv94uijHlI}7t zU~!BT&UwVI>JX-$&AXR#6e$l`}`0aEAO*H~AEQk^U8 z6g|#s(P41}Aeo9J`&9`&SBwBMM8?t*Qpv0ou8Me>@->0+7Lic z%(9?C+U95ze*coNoQf0e=o{c0m$jw$*T6UR*(;r&RZP`}{a-H)2ml*mP}zYDdopX! zM#v608BDWhpGv;9S67GNWa!|5)L;hZa$2zJ8Z=;zgG!UeUk`C8&L=4eRK(ssDc7S> z)}Ghm@wmz3n6bPY$DgfYqvGtDj5t9piaQcq3eW{gZq4Dw3IkTR%d%IAwh{O_VAX-R z4ucU}{16tmZcHpOSc+5mFL;;kg?v5!xy?EU8-ntF1`LjGT2J%sPi2yj&&0jV+&13J zRDM=>+^;`;oP55jQQOrk5Qfj#7wm``#^B_gNJ6pC2KG$AR=I6NLL54EV=Ya|mAEuV zabpJW2F2cehkDP+0A zS4pje;DrW^Ww{m{O3*$F2JssA1)(+;Vb84>xXxA^<&YVQ8MBBe(`AAMYR#KdJ2Z2Z zr`$E%Y zZO|eTN}VrQWu#+cDqn;)iko#R{ttEKS`9~A$2fBg_2p54;1hZAz<3>!PQ4* zrX_qm{Sa!Ik+$es1;Z90R8+hYsF^~yRkIN5d!*lm;pQi>@`!T*pA65vHDCMB!ayON zeJ4>IY>w&#$+e2{4S{WxZUfesA$R)Br#u!)SdfALjQHS-J{O${hk5g>ayCF)oK^{s zJT5Q5+~fi2`xK6tN$TKlN?+pv9B{{x3SvAHN6Tao2l%Wq>Jl(aW4CBu7W{5=+9ASx zMpAzI9V)3X3bP($0Lh_|J;&rijD@P;8$y{^_8?Kac_sYC?@8##SXiLiqdivk82a-OO{u^{O+EU7U9K<0 zG2_;4sNL=$y?imN0&A+CWDlB@A2gy~=ZvBO| zbsb(6eZd%&6psuhg=PnQYC#W}O@hQ-DPpx6h8G#yv#Zg_?tCVE`og5!TH6}6{oMtf z`+2+CAq*`>u7YO)m*jRM8-KOH@AY0dE~%!AyA<)3HqAxKspdPggB;RX;aYZJYnX9oW{h zxeXc%;GNgKQv0(XMW@GRt7OK_o1bz@&Ldd~kAf?HS)*BDzU!g*3~rjonc0TVrm_?| zMKQB(cq-r0pL`$LJ;LxuZi0t1#Lzg6y=f&FYIt`b@f&`XOBxziGnIHMtqb8L;ef~K ze>dMyN_XPRDf{@!gOlpxBN*#315+L(`-EKBob&612bzgCOZ3EexIOYAU|ZFftfmjJ zK|E{VAqT8bJdC3@({!hfz|Z4wKe~tM_AkwJ<6B<$cK$K&7CFT)pv&|rpedF&ZJODHh-UGtzBbIusa;?+JtDcGTl*4XpO^N(iBJqjO)AlFT6HvH0}G96YTx|hg!fpha*c=4pJf+rmE#X zT|Jy$I(_>FpFq;KPT5v)m{;316ttUfy2Fv@g~?8UrN;J6&PkO~o{A~WCjQI9v_n!- z$N5z67Q@8U3SnZpsHbod!Ari6$*rSGg?DgodT~xzAE#z$^px38#S3kx2wQChq3cSy zjAOc-k0Zix{IoMQcON3!hjTB(_BH)S<;fE^vW44n;@F=M`zq!-7T!!5FWuPmG`9 z$I2V{A#SbCI$-vc^P4tTO)v5}KLP%w^BLh|7N_ttdaCf>zgl)$2F^(xb)_ z95j+7uOMNxuhX>l&{@1GG(45~?ZIiS>`A<39%OYU@hH86Ak7*Z_VqMpxM7Cy zhVP0f2NA;SOueVas<)iYtBV|d*|)c{iE7PV+uPj}f!7&SQ0km$uZ*1e4fx$9r+KcVok!LW zQ|H;9S1KZ=-J$}l-vVlriuQRQHS&0E#dt*plrT6ZR?9t=W=s(t6X5nl>`%Be+EWB< zrDsYyxFpw(#-C%_HpU=0F@ztQq_zCPzYz;V4yCV^rydl2boaGH9!$~s($f!d zV&aJ_L^nEfpfGhjm(Ji%lkv}mcnyE%G%5(S{hJc2B3cyqeflLly4g~9Zdsib>@y_C z*uCLD1Nk(|=GsTJQaw%`9x4nHKJZf!B?prE&ZljE-28PBJxTu>-d*0bDwxSP6?48nqP|MbggT6@1zq$Oy%-n-Fm``b@6nfoue1Used{Ir6JU1rvz0|j7Ze>%{Ij*VS~WbGeBA3 zqmtNucf2m&(f~js4J$K~*JPElkM*8chFK3|Ypo5E63U4=2`<}zxsyjS79 zl;32!Ba?eCNAzQmK2qT3!6Tms?rI(Olj7sa-iBxQMcwo`kmh*520$dAp+2~Z0e<_A zNWZntIe@8*i(!5!|OVvgR07!WDTk(28@unf*+GPUwYsWHJ{yD;_9&f)Gf zHx^t@I_vK9>_A$YKw#*D_u=6%_vFqF;oehRB@^!%PPn&-mw!Mo!qfuZL3EHoTaCl# zG@=%n+>1t(_f$V}6UQ{9nZsX@qqO;ZEOHr!qbBOq{A)MqPh?HNWIJHGhPao3sMv+* zyPE^d!__0mFDZBqYHt;QhGSB@^?NPbd5Ms^Urj(Rm(&`EV#%$;z3P0foP+w*HTWuEVPEBCvB#qHK4!k1a?eWZ6r4low)ZNvadbz(0F8Y6++L5153(FI&b{za{YG^+(V8pkCQZSE&y}cG8InQl&3cO zpMMfx9M~SowljpLoB>5@AM81l@^iw0b~XYp14*Ok|i zx9t}&Dmp4OQ;|Hr5Xr38i{p4CGB32140tM9-Y&jn4kZD7ZszHu$-3o+@5R$UxS~hO zpcdz4)Jhxjx6um|e=)!Qr$|vLG{ng8uk`tIIzdr*+6248RJu#UYd9j^{Le>}+BCbu zOuy<%)-gEHPThGV2Q#;v0T!pA0SLObBMfNn=-8(e_uVg^LFkPP^P$6kAt+v=BJrY> zEG-ROD?zc9sd?>!LQY)rzl_NA%rW*JQ+Sa@pmBTt4gHA|mC zF^ceeEP|3&ViSF`X#WG-_}7%PoDc`eV+W?zMcz#@d##of4v~VIziy&ZLM!ql)7p}t zztJMs9f3|RGrfVguj^X$(_5O_LeJLqpdZK>@ko$!%Gz7%7@6$Ge`s=*$1~HgFA*LS zN$>qPmn4wm1L7oger_eVnsIykiO7A*ERoW>?SdcLvm~LhdpPr$bJeYu>3c3 z2@p&sv{%{EHkJN|wl9srfFJ3@jte*yLI2r@KTx1#2(Ezp@lj~Of9=kucQ5f5Ca#W^G2=>e{k7?j_o|A~|PrgX>p+$RXyWu&^&qv#YnAHSIXQY10ZI;@4O zZ7gBzYgVO*_)EAsNj`wSh1zP)Zo3l0*yKJVTu8Wyir+<8C(nafXR$&!0-Ru$T=tHEUDeoK&v8 za?~bg0U)U~MnKim#j;shZpdz;0{@Qv-R*KJ@e)mqVxVwT`>K$j9??Q`PRRj3z zSA$5?2-%Ko9wfNzRIZlwbeijm>#t>{Q)!N1LtUzjJK76vn!nBVTBlnYT`Z?nRPQ&W z7J8e0>)i{gPP?8?nv^r>YPOU$DIFYprV8>Sj6ry{YYQwTm6eyah}P~dxLPleZ~4_o z?vGAHZ6?n9h_y%(iqAA3PFBUQF-X~Ojdpy>OZ+YuU*A}#v);3nr==pLPqdhr95==Y zmsnYCX?$oS9BhV(L}r58TXqK0<5CwFOZcHsU*CtM9i6SndP3hnJ@RaAL zW=qjn-9dMakl=ph4}w1=9v%XiIqc?J%(gD5Y?PlJ@B6&*%6>e~F3`jH=QIp;l3wsH zKJ``9+$W7(6LrGWE;^l$Re3Mi7V#T?=K zT3}|iM>hkpbk~{iA1e>dummZtEPlW2DLlFTGe>V@)Mzfx3)`gm zZEMr)?IwI#&?=i2G&3{%{l2ldj&H&DaOf~}m%sgs=7r6ls;W_irqhsWKFpq$y+*-C+@TFmw)Z1!^c z=2)7Rjlk}MlC;y03Nzl&7=Lz^2m&Q70btje`T7r-`43~BF9_M~hb6Mjxp?1?Ep;Y& z+f=C-tu2dz#IjsS-z_~p_k306$vR$h4)U4l$C~k{kt-=B<}y@x%vSC@NG=YGO1~&7 zwwhQ&`SsLoHESDz+tOH3UtMf72XnC*DQC2~{Lsl;+I|UPUON4Ybg&>#;!KLFC<_fl zBgRg5>9v>`C-ZN1%Li6D=Olg{-I*Hu{BEW}6x#XuhWY|pF+Vn7OiiP2r3&3mEtxG% z*r-Y@T3j_rUHldvW+6O1dmWrX-d?XnazW?fB=3HSzBi*PZdRu%s#f117F1U!!fz`T zu;6(f68KT;H_ zIYXNjLz80MkkP#*{C#d`ZsqU%84e5le-0MECx^ zP1I3nsWZKgyyvS=9Sqsq<`_lAB~9g^keBqkz1A)8zk|`N@Hu=liZjD6NHZd54W_^1 z3U2KO=~u)34#&usApYm1+@606q-n^2j)`Ti2fW-|LGI zbWwG&`TgPKr)*XdO8n)y4NYwlCPwAzzsT-|a%5vkuw!TD#%z?d%JVV~SDTmFanGD3 zO)V$I-v0{Amvk>mc%GDW#NDI+Mk)57G-gUUh>aTj6UH7#LMhW}r_=l|U<}Y6wN(-r z@c#tH!kqMGH?bfYe4=!p#eMU^Z3`;q!*J^HDMZ(! zdBSqdR^`%{2U5z7cbz+Ae7|f;?gV1#>xvkxpvmW+OOb{}s z=@zGLc;2uebO+9e*P2B{{`MT)CY$()_gm!m+Fknuij!#)8wyW~NvoGO*T0BcL3ws& zBrl$%ty-ha_@6L}f9 zMltc8Eo!N=tWjt0?cS#j2k+^l7)4px$P|-U6^Puf$>!||z+fT8@=UH2Qz|n?cOm3; z?QgfAiLKwcYj8~By}mc>yi!_dyD43U2m8EG<{oFh$;z$H>ZW49>$31fV2X}fAsf+j zjNrq}jJRTxPkReCXqeez?O7o;ZtLT1gxF;9Qgy_cDWW=O^lwPz{{n0U>7^;sf zcjYv~+wIcH7T*LP%GPSZwv&u2?(%gWB{gT(CWReuVOTnJ4Lh>+MH|i{#a6E~Zi3a_ zwOa`+UjaSiEVxNIm_kc(OKuXj0u!6#26B}-4b`N4nG`&>`=k zro}|z!Dj-Jz7(wmMD)(lF1MJBzLkHj(V{UD=#Mc&N~~WryZyHa%>=GuFI;gERb=W$ z9E=ov?3n##qDH4$w46TdRuXA5DfZ%W%u=av{YCE@!&)uzx{&gcR5I`|Z2L51fuatZ zy!X=6(1foFgS?tFAy~ggAlN*ETsHPEocJ-igP;{@3i$PYBk~j}jaOu&q%}g-EPksX zu{KVFLSIb+Q<~Ld6IqA;Lrpi^W%HyA#1eu5>BGiSJUX7Nq)J^Ii<=a4`YOjbv_=P1 zeLG~q+E5L9#Dj25+D!6Lq6O`ipR2!rOb^scVv;PF^2fB;9HiW!M;~xg$vL%f&xvoS zH2-OW@h5UtDBiKt?}gT7<~0H`Z*i|*bu&<@uY5L{ z6P28}!yef>Dvgq0Q{rcENuw=P1S?ra|2#&a_>0MaG9&P~ohVW&r_WhakM|)@A6D5~ zgit4KnI_c6-C4qSr`&0f-)9Y=#0jI!?bY`^u_g-nvs?YatQIL>%WXW?p5OFkIOA4Z7C++nI#JMZ%#-Bxsxsy^}85W$mnSnPotsC7t%FaJbW8Cg z;L$#**I{1+Y1o%}Lg&-RNUnQ7Y8%k8okV8Rg$CWyAD>Oql~s{BO(?G>qI%{y8&F8W3k;N2SdOt%re zp11yvT|xwMdmlCxTnjzL9-Z)*bS{?l41#i@7!ipl^7}1Z>r#2sOSVV}U+^W%xLxU| zy!BS+R!dE$e_$lgV_eD1+nC=72ePLynVc~X{-H?4qlDE3ZslF()olo7QdQe%1Xcg% zzW_+r^%z^lyFNavq4aXzbEZruARF^Dn550metTizVSZAc=%g!(+2a3zUB+J_Hclkv zqO0ZyuRnfUj8-`-B$$;SB=yb8oVg8$WWQG@k#0JkU-u!v&2gRB)h|rKHDTmzM8a%)Nd)y=|1Uy zXkUbkpju)A)NxT!9#NlDuOBR_oVo1RQC{}RSD33PJN03pB{O&^f}db`@ukbAeQDG` ziHjn_PxqNF(yg@Xl=^-)ya*`gQLH4xR;;+8aUn`U3lZ|+!5`z8k4vqlz?U!l8p(p+ zK-w4P!k9F9?FjG_W|fEi_?7FJ`3nao32{?uB9H@I0kr_$R!WLQ_3)Ewlnq;RlSLu~ ze`FzNyEi8MPWA}&Wv5J9Lxy7AtynJ_i? z^^lubTEl4sM#81@_B7dFn9+nX^GW-I0S=P5I1zwSv$^T(3qIhuT9`|9h=|)jfwihl zleo3yMR#p5KQGaln5=I`b^OSiMa^wAx*u%$S)-OmGtZ<3y)YIQiLXeCuH<7aZzNr3 zxs_o)aG>K5M~bnszu_`5h5EZ^DOyJ?IfKteoz+5Sf8v7@4~CvPm`}5v%C{TuArQSH zqR5MkkUx*TB%vF93-`Rrg%O_E!o-3zcAhZrB|9zO?6wf?3tG=&z4gT`_Y5qI~KRgGJSTO{Ynn$$xtzKS8A z5qsorL9BhqD<3BhQ>swnG=bZS^XjAT%aQ^bLL6Um#AJu*ooxWbpyjfK4AvK8-7kaU zhq5x2cx3_ijg5OMsPo0gBVq&QIhtP~;`!x|G$YnW%uilYUL5IqtOybrikh`bc|$vy zVuRx_$?9wN>O7t{m8#EXwk~@@kW0twxfRDnFenVZI=*Wo8IruMvgrKm99Ct7{$U*8P^SkQjBH69_dev$ng6?^%k=91# zpi z4d++A*hEQzxZndUbnC>b^OSFeKK@3m4E57g1g9?nbIleY^n1icnXfFlr+fM@#>7<` zlPB`HSP%QXQUZR;M+rm1+G9$p@c+Z!TL#6|bm5}Gg9iu+PJ#>?Tm}ybK?f&+-~@Mf z3xOaBKDfJtz+k~;@Zc~wgNDEacegul?ESuT>z+Dw>)!M0RPEZ;FtGRT-m9N}*0WZx ziMx4y;mG4`#j`bFSjB_5k z?i_ci{qirVr=5}CHH1p1-a>I)0FqIWtG&cytv;5+c z&!=?NuK+rpH-vF@(40*5pix(rJuuw{6` z87BYhl^;f_t7Mp1V9UNoYFb~Vi(dOjQ;AW{ma;|_eK!&M($?Eal*;o;Rh?XMx2?@2 zWo_%3;_P=Jl~i#{S(mSM0glyiJPtH7HA`v1PBJVo?}C(z5N4dY0#Po{SMyjDU&QLe znb`(!NV=kJb9EaS2Ed1D_Q|@dz$edgLeooS(LredDtmIrmg@^GGnEb#d)v)E&!Q~A714qr`S z)jm_B^mVpwB~zcwPEoo@+Jv&ij5wG%>S4zLg)OaeVN8ZVnTCWi@y?Wkr#38$Zt+Jl>*>U*qr%uSl(??FAlIuWHHrorC%X!e zxM_pTxE*k4ih$g&HG~ZH$Whd-d#|qLiB<4Ig@|*Q9vGNYL0=@=2Kb8IIf=}U4e7X# z(dE{^oCjHp3BijfP^O@gky#hoPDzh#_|s3BbMuYtte8C@j>** zYoI^x#9~}aJ}^Sc*O7p5qJ~IJ5w7yW#gU8h+YW|RFr_|ix(9lMW4-Or(ekJU|D`5d zd!wFd$+X31x>}}B62+y5=zZL=o^qAsmv8o|Yd->PhO+cv)_K*rS6Kxi@|UytITrB+ zA+pI;&*{S)JNZJe@pluXaLFEzA09>KRmb_?4s5`Pg~}!f5s2QS-_`mf?2NMqw$* zu|rEaLRD3|61bZ{kMEOp`Y_&FX(e-y@&ZSDohUKjbCQ#1Vt2k6SsQNw)y>l!F0vy> z0!7zac1TKCYK9v{Jz87Sv_hWn6;@5HU<5ZY92T+lmhBqt)6=Xl~O+AcdN#p@`4 zKt8n6uhv43-@}p_NZyBcOgLsFOPwg2t?wWUDIDL%U(FAZQm7)&Lxecye9d3e`P`IU z#-6yAVJ%S(fx&Zor)z!)0+Sf-J9DkPKT@|zWj2qA^9>JL75lj;RWd#$5mFrI^Tb*S z+aFnst-d#yX8?GR*8T*Zn$s)?cJQdNNKE^LOk|dFHh_)I9~H+vl=JWNA^a8&R+kF*`RUswbP`Xzm6igm4Q3x!fupYcGTpR26XyOW(ZLboW`V%L}61+RoLuAxJ z`a)zqlxROt{7A;fZNCPX4sa}R6m?8{rtaw=-kS&2wfT6=`Z%STJFWXrnSyee;lRaf zHYS4i2a{VlA61swy1Kb(%16(3>XnyLqUhCy+$7*fgga)!uzTiP!L*akpED{630$*Z zR-3&CwFgSnZ;-dnvar~6n^5qHXe$fDsHb%6)!lg5+!yQDe!1n>K~OjTv2VZwr~O$5 zudf9p+jGTt8GQ*I!yN=1^Cs#F?cJ^|J4!*Pr(1?z{eTxoV2$34-a6r{usRG!)CCNP>_sou`q*u215H0r!W?cUIY6{Mp7YwPj`_#ch&u z3Pp2Mx%IuPRS5awt$;OTgy&102W2W5kA_X9w3J~T;=t%^pc)9KsgV&q+0)_Fu1V&2jxQ+s;!{Wj5t^gE-^FOaU~zKcgAagR+h6>m-` zP`c?#bnLc*(aUfDBos>vHd$WFxMM6w!O6H-Bx^Qnq2_PY8|gu_x-7NNn#XAER$MPs z>nua7VxxFKk>}#66I(bdM=1_G>^#my*hZ%Fq?8x45dek&nQ`BFleGTHM7})vB)+_y z4OE|0wwNS%Zg%)+cq4+mC*I7b#xk*nyJm@qse{_9nJAJ@iCJ;gXFYV-2D879My$$0 zr&@A#1rnv0vKsa#HlajElDVg24!zQg?fcMojo*Q^A`R4@*7e}&#JV-K9?dzxQuIV` zucZyFkm9*SAC*qqAXNyd3^Pz^X69>$U^6$>*t2eLI?q_9Ok>i?#OvnW@<_9Z+-Xe@ zoKgv~sO|R0$|5NP2x|#ol@9>y1tWdbd<{}>osNl0U$`b;gDVO6M{BiJs(#i0&CGU0 ziIIqjXd1}WuW0Wj#;-5Wj)PB^%VWNn++-GdBxuu zg*MmgUnRU`^U1Oa;bc?T;v#kC=-}yUAA06$fCJFPD zcrs)%c;N~4%mn4u!7n}Wx2l-=v|cz_#$t>!7T_j<3TgX;W5_6CRta{TvGcjiml*$a z8|K9fv$Uc$J>o@v|3E&)*~iyPIlZZNk1TV|4<}&x#EUC8`A3w+(SxvoQ#lzqwmgwM z?|egJ{%5|Ci5~DRNWKnZ>c4@#q^A!8oWf07p1Fz&7b7ewh({SJJ>LhZduDew;(R@Q zzAnrHZ}}WVncoXrB_>#YsV3g|ls6-xEY6{6k^WlWt2Jms_NUUp)uSMh@QLAnytE6? zVz#g!M={e%RsL=C(OW;N-n8P!MDjETkLAxFu)t4Pm+{u`BP)T_9{K0%!awGo;fHg)0q?#E9r~mEB_tQx7gpE8v5eJ1kWxKX!=4Pa9H=3eYbT}n_7!vVl%ykhp56Cp zPBNAGkK%-=|D7nT@4)K5H3|NRb)md6JXI z3Fx2uyqpay%wr)YBpwa2`_JI)S32l(j#UdjMPn&~K)oWOmO$6|afanbB=ZBN5cO|_ zj0dCDeic%!1MzA#qu&=;N8O!YoD6)n%qcX84Gq5m3BUHzr+Bm+9UNLLZToKzNBptl ztQnj=D;31EmnVpo=q!Qpw}54-gU+)sH4g7);@d~QDi`rmE(hMkO6E1T>Zq#nDM%7FfMOPj7jj~+3CSy|S`)l6B?QFnD^cd}fUOO2C+fL$>QkI5sH6A5C9hH+S^Nqq|o!s-NM z|A=JBj{G=9hY@HCwIefv1=6|=XNcrrj$GVSqc8TSZzL?SxWy6=67onYy929I)5BlDN~#%9=X55KNkW47Yz-%_7B#Par;tUWQ7JprYbzQcO}18-VtAP zD=X_s7lU<<8Fa5GXw7zG&g17+uqRE;n#okwHQ;2l58z)2aX}E!?44ROH8mwA;sjS6?$3JoR*GsxFUpfqKwVt4<@X8J2`@Dg2HN89dGS)_Iia_1Ur9!DYQuFXt? z?{N3v;GnDPsIjS9KEXsecm^ee>Gut&0w#Z;_y%~)&zVo1)GHoh9vh%;3fe?!!&3xo z=XJX}22K;`k-GkBou)3+uLYTdp6gU|io@2z;^J&$q7i<=*U;P44{gZOXDr`aB^|Bq zI9X`0)8lKd&lgP}_@vMHJwEkUe#=urBH-}{h=iDv)G@Zb-wJoj>G3^hNP+iVQNi8( zwHV`*g`4TjlmfdMs#1@GR`Kpc?EWFDUiL=4Z#cgozy%9AAUUn`P4)Tv3zvvm;hY)j zAU!j8lBK$?HXEz?Dknr)bN>{iM7Ttk8l<(?MfC@rjyzE}AIvrT%*8-nH`(fJzUWV| z|3oWMR%Z1zTGH3Au{ppu@D7A6{@GHH;GBcj_S+v48fT2T(i0krsRDIt(Y?93qq$fzXjprzhR8Q29&pcg zvBlTC+F?H>AzehLR#32ZNT>PJcIf1!#i)VZ?eyzrgZ_4YWM)ND6yn#G!6Q}Fp5}dP z`;rn!gRF8!>+7g>g7FTL)tll~@dl=**IjqVHDppZuxi9c<}|)!)pK8n6IPMxbRYg_ ze$s!gHUFpmzcd1m?s*hS>yrWw@XT4R(O^ZQhnG4Bl+|sTC$$kLCx5qd9vPq-OcpHC z4X&fVv+eU%j=7q$@=JA*j@_lgN5}z-R!tx(rhd%x%=jDKNHM=s)7|*IS@q~{=@A&F z%ovG9HWVjcp%&Sg`*Oq;842NJnBzm29 zd*vBX?r+5A)4%AmX)$A9T4EKHOwG?LtyyaQY6v5p9H5Ru=N`O@Y zBrwwq9I}++GQGdc)*(P((wQ0?@o_ZazEUAOxJ!w9+rBclV?Mj6Qr!r8rQ-?&9>^qGpu>x zj^ry*vYFA$ynKnnBWLc6RCl)=!YqR|<@v%E*!7t6OQlIP6(r*Qo~VXE6bxbj#}t@! z>jbBQyZmB83%h^_BC9|bN0+vKyjj&S%n~rT_AC8!JZ8w>WC(Hiw{%oqJy036L zs=hqhywEN~{g787@sZlyNQZ+}Eg^k??(IKY`+km}SKu8YW-1J-Z2DNow8CnlcrSUn z#W!IVh%%(AHEL)-AzLM7V%;L;*G-PebokEX;+o=(kyk)>ub^^{XZ4HrFzn!!-mA-e zbFgCpZK8t~%&iEZoqq`nqqxoK;Xp zr#?AK;nh`8Fi^!f))Et_1SF9{sX!qfBDZV{_%sP5Xd|#p2ui14o{okjfx}ji!4@K4 ziV`L+kvCh<~w6^9Iy&gnt%8zz-_kw7X;`RM>) zGVlYZtaUy%G3F^hvED-mE^~#?yP5fhW9_n$%lz{65?g^4&BF?fc_gt?lh7n@-;Y=#8@Ye^CN{Kc|Gi1m^b&91o<;0B2Y%RF zOc~R(?t1%`aE!~3(hlvxAwi!XE8+DwG0I82>>!5?Gf?GduTv67?rY``k;M$VD>yvj z@yHTT#HD#M&lC~sz&tZqPdvnX80PQ|)T)pZM)OZB>dL#$iH80BrYzq@j+OBTEiQNi1g%y=WTiM3GcEFh z$&{XRrKLYuUyY6ifggm6k}2uTGB@7ucbjzJz+}MvrcoN_V6({9tnZa6rQuW@*Kemu zx9O+Db6DDYuLt|`EuYLq8ai59Q@J=H zbHbu6-dOXbi$R4h(_NBXih_QITiTy#>`e}sgczi8=lHcrZgcStqsK^o7UyMNclVCn zY^3lLx5lQbbCsJNq&OHMj67xn@00N5VK?2UKlnf-38K6NUpKI%CsA;AJ3Nnd&k0tD zbp)!|!;pd1p80<5B;ySe%kVfzWXemwS9*Rgog)62P|sZuEQKR3RGi2|ZZkKf`yKDw z+^}Y0-cbM70^2Ga6MO`;o}U;#D{a_}KhfvfM1T~>e0(CL#%(KIf{uzbzS>QIHV*hL zQ;tYj$SgHY*8@z}B&^PkO`68rx*1kJkE149hz>IIv(a>^2G8unKCok8srOc>-Xt=R zEs=fmS*=`Si1}*HmD3OOzlxE)l(3iQ899EGN&4mtR5`M#hI@Etgd5hbq3u;Yz7lz{ zK-U(vtu&#o|Cqk6@yMPEu0|3Q`RAu@2e?uGk4RkKJ+C2RG|`j7hs3uqZ^tlm4l;Y6?=pJYjYSu+MXn#ih8eeT z*8ReYHZX`yRo9BuI2yIW25zfdzI5^h2P$5q!{ErM+jzV%3Cn;v8b3X4hfzw;jYV8& zdF60soYrt-p6+DwO5}CCizI`gwJyPN!&Gl#EK{tvLLpn zqKzEWcXFma+4+y;aQ-4$z=lSsj$u$$h$(Mht>|X(HXqC0gheBDP6fG|AxxZp_^VWY z6{tp)vyVJYEcdI+2GJOYQZqbW#gh=b8_C#~zxUCT?%xUiQKN z3Z^RE=o~8Z9`PfWAIJ9}4;tt(C>tcrKddN5Q0@6@rS*e zxnFBvX=jEX_R6&E1y%Jn>E!v@PF#C!Ht+u)*LyE`F_!5p-$(=-VUlCTtQZD%dUq~n ztat$RECuCL^Q#yl$y;9f*YGJ*u+I>qE~n;TzWHq|*D+9;FQfMI0$29@SJq+wC`&}e zZ24mhDNhaJ?4lFoEmtVvnhJ^Xsd)zStuZ(=?1Mg;E^*b*8lE?3vYH&HoIhU23){!a zPi4rl0>0Rd9*P0T;pS(`E6cToR$iyOG5#cd@sY^WyBt2TX{$k> zIe*GNQ&=TJZWyp)Fj+3&Ze+5c7UmNd_S~&LsN%|*c)eDRP!?#*o*E^YZCX9;m(ZN9 z$&BTy%`ngMy1uQszNq&$otC+WbBx_|a8tg{g6&I&=B5FnlLhQW5T7h&68k|MluFumh~C(}5TW z6Wd)8{`4EbnX6n&f2>bi*kdnGt5^Y@=Tu)!iHDHAx}OG0%YDc|MVm%s6CM=!kt7H$ zzTZK+c%@d2*PwJCnW_>ya9MFbAv4#J&Z{KPE6ghf@snbO2G^6_*8zO-5KUQ7A`XS= zQw{fC;f)#Q9wll}^s8{DeMf;k#bzQY+(W39FIu6?WPD|PP;>6Qud&9omD#EQ;~0sq zJkNEoi|rP6njw;B*qs6=Llg>H6F|I4$$86M4|znAvC}u6#fc98X3!VhC^@fze$x(N z%uE8@ycW03`o_u(>fh^S+5HCA1rqDHxZ(Mu6Akfhv|g%HVA`eI7S!Z~6Pz zkZyaherDb^ExzMWIRg336}`xmB`<8IZ9UjIag8YN*Gun5{du^lkg!H@kTAZZTNtX@ zVQ$#fyjpIx%sZ@`UTqe#NEQOVOO!?+Z)k2ZmsFdl7)$a)%-gaUEHL(DO#ebM!woz6 zjsEi+QQgNFJ-$9X_BuRAS$C0{oG$PlDYhI+PPAI@=DQWpvGM^_(_oomYPMlbxPZf?avgJ1D-die10cI9D} zx$$hVN6*kEUoaectY5>t88!l*`(y{bzZT}_U0-~I{^_IXp3fiJ6@o5pks4+;`u$RJ z{XTY2?r*u0S8;mUoiQiDa(QHlYn3NWHm&AfF$nRPIMnz>HJ2@)h_Tf7^3?oaSup?9 zf_}gCGy!|nSDSuH?o{ESY>!-&LYGY)&yr1*qC~XclZprze2e&UXbiJ$%41}m>+}lV zxN`?=#Hk2OF-&Rv9{t6~(u8S3CIw>#9U|nGlaF@}Y<@msfVlEoGZS{c5FRD)rYyGk zUJp!NO?bAT*Dd!}-(io8IG*7`j*kQWfCWV+EOh1r`~Dp@absi|pQ${arO?3y{kXbJ z16BI5+He$*;}}&r`#`pZaHvolchO)Y_%9X52V$Za3Xxy+YR%Zq?opwn3=e zK1)4R>U@g#`+!EHfS-|seq0`0s$ny!NgmiDu*cFIv+-slHjKT(Zu^54d^IQX4}mjcw%-_Niq}_TO%U zrq`@WeLvq~iq9@RA1C3yhxY4Gh(^(b3}KL<3E_nkz6}evy?q;%=%uLb#tIKnPm!A4 zl?0N%dP~7uTsQm5*p#&;!L@79_`4kt)9XE(oqw>`K>TP8vevgXAX;7UfsJ2&bS$SluR41OZF+b??rT&jB5O_?=< zjxU9Xe)ogB9GxPmogXsQu(LX|a2M2$SF6Zi^;wH`XOS$W*K~WuDmjzWrU%BC6sm}^ z85n#$wGKNEtCpzm7f)>#*F;HIFZ}U6YmwVE&2DO4cTHlP?GrXfFc_oYXg+I#J~f$0f>%-Jv)!P zEx2K1p#lFMWEBAuLf=BT2sbv(HWvf=A9G9M9qByFc$64p+5N}xM7!~lY%Vqyhs$n= zcHT?h2|7)QCFMb2HzzhFQ>rXxC>16Z!!lILSXM>!6mr;vlD}wtjA2lnCb?TaQ zLaKZI>-zj$U)_!2?hnqsfWyeNa`47?`Sfx)gdbA=eh>I)oY^}PH`|&dfH#jYyT3k- z9pENTHbSM~fcqrYv~%nz%Du=x$I8_gZ%fciaK;6tm=lB?qZ8h$GcUxsv+d+mgWH`BwRF{SSD$Vq0Qj2psmpA~W>*z9NqjZN+LqJcgIatymTfT0Zcr^$d+FTQwS|)5jo~wL*;t`$ zJ59i^H(MTxcUIr;43!x0WD~_*xEt7slRu_MEqq&AO|88C$&^G>R#7y9#LyRbe-h(1 z+Co9L6B@)F&EVWV_X))JbJPse@XoAe9ahV`1vE1500Ip{6xt;A*6(xXJ0@3lz+TE} zO4zg84t~=XSZkYHGKd%4CyYiiM1jb6fzV+qagy*=LvXgXUnlg9&7<3((KkNMJYRmz zsTXgSf}IjhRW5|&NF>0L9aFQd!LCayBP{xoD^bfPdzsu$t_Qq(kE%PScFNQ)rVxbz z{_{6?Y;aTCHlfZJiE9Qy@a(cIeZ_eosXhk0*~57!GBVn?mu&*K zZ{`@rysis_f1>1q?gk(Mka`?1G?8!iF3dV2zL*N@G+?E7-T{xS%t@cnb#bw{^`TYT zv#!Is*_8jZPOSlakdfc!m$f=kIHjcTA;RsD(EkT3r+{>GkhhaZX@LJ#Nl&~6kqF?C2mK_`q1B?NEQ$fH97_H+F(6{irRxzz1u#}mGH>+a*pay-|m-IGB=u4 z;K#w`W9!NXso17;f57A}{?<@^hRP5^Q|iN_I!8BaIWtM6y@Pmb?cDBjWu$cqAg%M+ zVhc$8mvzQr3RqM5lO5j%CAKS5Y=5lWV4aNrcn~C{i5H$2z>vIRDzNfvMu|Sa+v<2B zO1OaK&-SpIK0h;4grbba)-Pd)9tlQ`)rz@ugc+FrAqMS^dv~ghNhlTw*aD7+p&d(} znjzOqLQC?SHfQ$-0^DrmI~tAj>hQ#|+@IDabw*ydSv%Q82|d{OqNcZDx<|1`;g8h= z)%|h55%vS|ys&-V0pNpw^Dx{U|DnQl!}#%m^hg-?Ey~_~2Oqr*-1#^3ZcVh2@2Cw0 z9h$(|JB0H9DKrVChWZEQK9CE$dKqTwYHsTgr&)?=U~npif?*}7RR54NH1M*4XSAwDRS?MXUvTz~$Za9en{X1S0EuCTRNr<=-L`5?RMuzJ9zSzr z*dMm3U1p(h5La2C-u zGv@LgPh@`yBSaDw8w_2C`*$7lwS4Aug{xm#t7JPM53q z%mxI(<9ziCr%t&&=<3w85YJp&99(xp^1F-^Fi5ISM1AwGG3#il>{*irGLb8kGk46y zJjK$Dz9UeClbw1frwJ=Vw+4&cJ6e2`XQ6wKI!Uiv!02XJ4bt^U$(=P_LSJ5N3*(j< zKL5dQxJ`EFWvz3#q7jA+r&iI< zkqyeR1FCETcYZ-=lp~tN$^|G%AD^VcgUt%oD{ZrN(;w!MG(ZW31aPDhtd zrYgH))O|wLLsB1na4Hitr0x5l$ALoyR9T{@4oz3(#KX_{1o`8zwR}GyPD0mk_X?kP zMwGTJ81b~w<8ee;cQdx`%XIYqr>%7f1j4fvYbTqc?bm_fVzQY+X;VTiWT3p}R{hjl z@MySX+D$gqlGY-p>-@32q09jlo)e_cQvEL(X2(I}_e@$?HZjN@?0n{ix?-yW7v~#4 z7^Y=P@HJOyp&`J~1o|r4@Jv79FbfG=!-AgM;AM1t?_xOKUINzCf6_93KnlOoU6ff~ zT(aXL&p_?QD<2N9yEnGv$0a9D268!hKW1dkE*w{3ph4;00suh&c;imCaF%8opH`rXG5uMdU8Z$DHH4_`jfIe{o!KKp?) zm5^Wh;3i;56Ph=`t+(7rR`XVWpT}*I0S24kAyFcE*ux!mlN>W17c0N7D z&^=K}F;+b7_Y{fjL<5*`HcgdN!nAPXWyzw;reOSR_30bRB45sIyBtrF@gzA@yLpQ^ zHgyStPn--Q<2l7}BGi zVsUeS=-od^OxF8ORCaUAfkBGbH9Zxw z;K^Ez?O=Ip@2A7s1x{hTs1?nJgDXF=r-b_lMMOaQ^THpi<2PWab?MYhQ^?Nl{cGe} zxKN^mkk$GB)YbYg@9BTMvSdFQ-$L zjI5vGkZGWU6x8b414-CA-WJ&M8~=uzHe=!uNWfe7zNTNex{w7^+9b{sUu&d!#Khq&{gyK;$1?hnZq4XjJ5XK zWnHZ}?g;QUmNFXRL;*;UmbtjP&31CQq*3I^N2>YawnRY1OL6#Jpn?v>+FQc6;O%MW z%PESB(cH@jedD^;M4eOj4-pnFJ`iiHY5b-g@KVo6_`cJas7#}Htoa5Wfghy}YU?}Y zc8M%$2%_Nx>4W_tjQ23j90#5|2qtyv;R5(u14*HKi5JO+mlzJN#i?Ag=9J~FnH@fL zZ`$s`ml(Cys(!at>r0+%s*dkX!I_U;X%^6O z7s*c6*Cu`E+a1MfPsd@G+n&v}B2OdIi^4-vh5ZVh7>37f@ssy8Wgs;ST4rG z^0ok6a=aTrF07>ND8YMg1UDD$@ z|Ln1o{FSn}47hm*8K+=JuKTSJ%zQ&C_(14z`&hZnItfRbdNVY;beT3iW3zjwtprE@ zx8*})?Ut19dhjM0l4sIz(8zJQvB1mB?DY30a+g`nYCT@e>`TgPw&8(m#*C<^$*j(V zPw*Wi>X4ON%YQn|2t5*x5dJIxj>bb_QADQBfOU8c(Q#qBVA~-DfJKI2B0<~Ai$yUq zB9Y*sLUSnW`*ej>?Cbtr*xKBs9{l`>o9Omo5%w3kn3Cqjcaq&%aFy!$$rHcTWtX~g z7vYZwG#*YfG@OE_XJuWo87!HbzLMr;lm4{fUii3|x`a_MMB!`OKMF#E3mPEtkb=03 z%@r(UJnO){$ZBdyq3!wk*lpeMv>m^c+V#rS^7Q5B<;{y$yoq4{ap#@hf@))@Mx)0y z)b2`~Kuvk;aiO!>I&%FexvE1!P>bRl5JObpLnwAR_4s$#fmOLlNlT0bYE_%Bas6>I3e z*m`iB)-$%8TdFj)T=NRW5zAPga9LG6V_e zUCEkqqw`hd(Q9)#R*b444~*oV^WO50OicCTr5@y+plKAQT6dnODO@?pi!8PLBbG4s zzs+==%XaMLhPTSJVuilG4KiK2u!p^`b6Q;-v?g@nSMMy%nr;d)D zi!rSsEG!30`_w?CqkYk6RG!jPxrugS6YsCHOeaql0CL({NqO3p^ z@M98|+q%`5f`{IAN&#e>GXZuiZweW@?IHAoSl zk2mN+L|H~x-};89oOHY{vhTfXZd{|vtbWw~VNgg1LlHOlLrMI$R&wyll6X}y?1@`fTDxowV$c-DL*ZL?-V zU%$-Qvx?q{Y@|mzwcKV-PvP5z7S2s4Vr9n4oR@?}`1wr%uzjoWFR3rdr#-JfXJjeV zmk*EMnEF5<-H(P{w^Mokyb(im%!K@1p8Qt-W?Qu}HW0c1M!y@o%ya6J=G`zp7x|4X z1UC)*NrG7j+xwwGFW$Km{$ts8^jbK#BJCizo@pv(i`CA9A=9o&B~9LIP$6RLesfvr ziM!JLnsuhWarL}XL2JpER@NR>7d%KuyYaxqib z?7tTvq$EGm1#PQt4|);=i7XF`4b=mOntNP&Y^D~%s~_kJn$btvWicL$hYx8- zM*dbju?-Ck)_&AhoaqhwMXcbF@tKY8uStq<=J*XQZgP)qk*ID2d} zyTBa@kLnicIdIY?UBH_)SOz8_EF!-Y4Nr-l62DZAt(ThL(fy@|Lz(eD_g73osrLjO zUQ|(2j+OI*EO*Izwq;h*j6H>v&AANbB}5YfPsprQGa)@1H1Ni&XQzKediHh9g2#pu z9u!y9e%L($ne}t`7BKw8?HSMT1_G2Nc^BHcck-9-^=Sr{q?pGG;P!Zl*q|o1F||#M zQgGaC5sI{bFw8V=%d1g85=N9!Eg{YderZ2GFBb4_#a9ORoX&WC{t?03<7G76GEtqE z;SL<*dnH7R*g74)dtyLr;VvCZT@rCEHv+FMt0M`Vp+NQiiU%?sPxcJ#;ymbAtCkEc zGKV=DPH5l=z!{y(2fwLpvTjJ*#bTSYphROMA$&OSRI(YeU@w8TF?UT%-htSr&w{U6 zUyh1Dr{rF^lynz?+AWDTOGpI&>2@cSjC?xG@dgL*{9)U%A)OmGJ1!i$3mrCUm^HiB z86ohOTg0TXjx}z54o$+K@i#Xj$iE&6poq$SLuc`eX1RR6lb!z#x-t*c;fiIx*r(F)Z2EtZA;r3X_Z@n?1p}N}*bHJGPqevt4I=m2m;d~WCwb{%q z*Z7J1N5Ob{D?-0zR6Oxwt8!j6Q?VbKzvSqD$JfKxP7vJaH>G%*eYqv(cgLzeR)oTl z%(cf)F?ahr%*`Zs(A!XAH-EXQ=NtKfFx3=d42IYe-=o>S^DnLD=Hd$DE<*=@C`{Z3 z1-Ibcpt`M=bki1JHQBka5a!IU=q6hQW53&Gde<9cPwbCVqljTl=x}+rNR@lZ$CC!MM6q`D)^DS75P(DY~t9i1a>$U7zha3;mV;!SySdDPL+%dIb z><=>io{((m=I(}h_SBWABQ3Dj@E1w)k;~PZtyi-(tnf@`_~7A8wepO=&rB=TYVki& z32~C^GI$3y+_}+d69~?x))_I(gd|W$>fIu~Kg=Ke1~;s1_(Um1?Oi=Qg4ca;1sH<| zR4Ed&J;l1FfklHFnS_fYwa6Dnv9+8@z&a-_138K0 zhKha%?&=iFN=AMb7k*cUeI4Q3a;hcy^swz+BY8{f2l|_w3V|g$fLDO`oAEVfMvZbX z&!tT(L>=IV9lpcu_R?{3Q}dm0%HWSJ5;9(&d(-w|%WsMwsxIIh8rH&I_3tKZyH%)L zo_VnB7S7>UU`u?}D5 zbpZzIYhj9iguUFlU{6>ZC6(imL2%0aigAH#(8l_X6w6YK)Q-45!)>Tc=QYy-68ySy zJi7Zl8@hf<^9-t2tM=pK9Xi+k4LN6-ORh;6t$}HHZSPil}1}*`Rvj z&O*(kevxwa#PFL7&Dlm1z)QosTQ*7zJPNX)UbGe{7Q^sEIZjKc?dTd|0X=G-n&NkB zc*2iazcYJk$9lXlS>v{TYxtul@1SeRd7ozQ=7$rO!*M-eR3qdKduH~DuV6Cuy7Q}o ziTb4RdZE%kUW^pknRk6(ytZbeC>-#lMP6TH8G#!S(biem>t_?iaFae1(gsRGDN9I3 z*6U=8Q*w9xp^NxYvbuKlSs8^yX$4)2mH>mq75wRmQ8Za^#n3*It+`ChX!c8>f`{>q zbfyW0-g=I(?BtJnZ;S0d2-J74U4d`&d%9pulJ+Y=<0rkLdDAbIa!)81Hg2nioY^z7 zZ_GEx=;h34C1ezra~-`e*# z)W;WTuU`@qC)7uUyj92^6U(Z%X5Zo+cZH5_S=?apr#SwNk%FYqYI)beNNu?Cz{}xy z`{SPG8GAT`9do+x@wpk75hb6vvJ5!S9vPX>srpInYJa#W!I8$;1fpxMF@IXfm3_|L zL<;IIXir>{v>{h*p>y7;u+*OzPk`kLa|3**;vj&48IpTxisxWsOY2n zB^>Z@t-EH}rFOdF`cn1;5QwAS5*}$9M{kz-VzFG)zNLjG7{1%uC^2$sqOieP42X5nv$WUgcbx! z^S9jlRR00Q0)~|W_$k=04)6C@RDi0oWqffiC#|C|E7KM&v9>!p@ezt`P9qkX zV=I#ZU;6GSsMjD=hIhZ%o_lRY2;}(d)8z_#bq3goHd$jVg6Z60Nm}FE#x{TE+Y+v9I=Qu=2EF7z83ybE znELG?&|89l3fViYZNRCH<#J#T3TP;A${wqswVaDX05LuFG~!|qRGWy|da?h}6(PkA zH~7Lw1bOWIhb@w69bxL~!O5?L`z!ADc-?5>@eLV&?mt6jXh0XCQqD%YXY(5^m5@3f zFF#`)h@bs+P{d~wrD>hSuwOGFJUhUaY!knnXzp%LhpFKi^{{taDpJW;&eK#B#l-6+4E;GfFX;56_~#y|9q3#NJ9tXuC?Out*`?3&@c z^!Uf>yLn^c3_{l@^kk;7ce1l=$yVapXdN zDYwr(Py+~W7ZsfSvh91fL1#-t+D|d-RxGQVowa4{NUL9`&3Ndo$P$DL%SMFSY9Q-P zYS`Pb_^?eeLwJBnM;I(*YBx+gj`TD0P!-?N_vARD>`IW*xeZKw&V>Z634LJucB zuiiKGeuSGpFXZB`$KP_sy&?b!M5IGEU0W_1Xtvyu{BV0Z0W(VQ^;pR<8?@!PVWU2+ zb;T<}F253eYfahI?ES9|9b)l~MVaVZ9+I>R_1)q+7qG*J>jz@Q?GO0$AP zAVEL{f`FliBou*BDdQj#x>5u|5|9o75>TQd#ZUr-5{yy;Az+XIf$)zr>i^!m*1b=6 zt^0D%(|I`SthMX;?eF`}-V@>HX+-R5-B4^^Rt9=;t-pD5BfJd5s?EthYOLm=j)R8RAbz^i;R+6w$Xg*%zXX76Hjg^3WAKL^i?ZR9XE@lfYEpJ zo5{_JOOR@5WqJn1;x*`}vM~p0%^kZ<%34gEyj~<0zgcw6S2qs-lxvJc0XioE1nIWX zvI%>iWt!_RiR*9a&^%N|gw0`}_VfKK+UJK3a>{uJeSpBk!0^GP+KcC$Z0z3>SMEih z&CygZ?G&5^jbp+*4ezcT2}u;|n1v@1!0wJBhR25n>|nWGfm@b+wdTeF5Y?rjveY(I zj(}nauLPN0=q>mD%lHpHCDER>wFl>8^|IiV^@}6q94&Djq@T`UV0JIduY|Avg36F> z6HBxci+q9-#{6zr_=r}|Z8{YqN7h(|W+={Lt~=Ja6A5 zSY#>AP}=O-c9)i996nm#!%4PzQ}P!iK%V?yUVV4`p26kQo&+1uX5H4Xf)44{J8wW+ zgSK}Nj=)Vn^OJiyq2lD&ehj?B;LSE==hhTsx56hm=k&iUTnHO>LFO9K2mX)}`;T|p z+o?dPOAZ)YtGdwDYTSZx&)h7Cz{x8Y=(9{6707K6DxV|~4ZP6M&6xV+RZGj=n69Wg z{Iz^o?RX9{q(oqs9FjC5<6>VwYX8=M|GU`l4P2J52HJlF2ZbM;N2}=zP6|^O0t*V? zeCR6>?fgW(P*dB`Yjee0oCM;IHFq4JBTXJX^Fo9&lC6&U^rVgLRqzn)#OxfqNg@wU z+$(VXc?s0({i4HXhi5N;of!C-!3yDitnVwGxz0=?Mb50vh?gohL*TlRZjXk!=kN*fJ1A?h_W0m}8Q(mQcUFWNqtW+TJ0hmD)_5=x-q}$~7;_c5q(SbA=j3 zlKJZW@E!9iSOo-Ly=g)#sfa!HidE8LjLiLVrB*f@fQZD67e6lt*UI+C*B|lvnXBiK z>@bseH{F7~c}v z>S|Lw+s0i%IVOwB=re4A&P#*tt{#KS2JXG@)m6l2-f=-Y_4ZL=4}WqQR-KONbwHtl zi&r^)j^4GZt1B2>`utQ$n%nI0N@U%!-mk(eQzWw@WxFC)P@*FH>0NKqibIv z#7VpsoJi^39L+>@$+qk&+v0dn*4z_pk|fNEQ?X{PnmP}A{C&}R@EPFNc#Ct#LPhG> z9c@a`{B;5#N6JCTS>m?v`hXHNF6pFmUEZ-`(0(B}Qyy4m7uyw4QV6t-B}L&CW+*h* zKbK9jMis{*_D~oDGf@oTUL*Bk!673>4UEn5rh^KNA7Wqd%^u=@rH6{Pkz*TK7(ZF- z7^N1(cty9q2Jb4X&gN25?1>itMwo9@4@)OxQ}yO#B7?dU{71 zi9K%foStwo42+U!{NOQb;2CV%?tu&&yoE?TGh$s-ek6tcIJ*Zt7wh)eNepD$9FEJW zR0FsZEjmo0cyrt4`6f}(DP2;xyUFr0+sB1`N$jVmlU_R5j%Xp3;O>irhgr8*XH6~TKWe+-on!?(Q1eDKC5+ec`ViWp@b9RO-Z=+)(2YlEqtzmHXx_m1r2|+?ixYs>-xd?U_+L6vFR4z4&bfe$Txk($dj%uQ`!aZBJWeAJ4Kj?as&9cR4J<* zm|hb}%g{+H(~xXTbQMT~?>}Nv>#mN6LTpy>=}!`}<| zOR8p}hXdSmi<6F0u_~0l0-VApStR+_VZ3psWTL;cYV_(N-dqF0PEl{0-_m z-rr#FE+g@UHqY=;^r>Jw%T<&@QhLr0o6*gSf_ROlq%?eEsa7r4VIe6Ro1jm%m;!?K z4{6NuU5mg~SN17M3L5^poHqupLg?Q(?;lT!^4*oQ35cs+SGC@f)lQ=1zm*72|=o*lIg+E`ZCYjqZ5Lq?gDR{F32 z{-BWOvw*fMtR>yysclDZqMP;bJ?%JB$*NIqmni{6X zSDo;1M{?Z#L>LoY%I@zwp)@1`jqo);+Ud^T)jdw1moyR!U412=xPIWpdv&E*U(#{5 zm_}go^}J55TQ62Cyb-G$F2Q*_|6BO&0rU5siNt&t`uNnb4HtpCYj&w(p&GU)|Gm@gWc-qO7oB|5$}evvZx2Aqb9z#KgB>UX`5%@^gE!n}CLY_s3Ea<{I&tgt%d&LP z5_>)WnU@`-wvB&jLKXFI#EoKcF7zqRLPqOv zb7yL9v~PHRUj0tX+oaei%AK~9Lf@7q*35b3)@Q84K{HKrSS7O9g%skY$xR5xC%y*7zE7)0<6_~T&aDnv3vl&C@ z4IYarCm&B9{7$_uDZ4>syC>%%A3h$M4BO4Mn|skU@dc@NkZl=9IGKS>f6pTfF~Hc4 zLHT6X^{DCN%46G~2mIl}=NaJ8Te>`QA={q|?%BH4$v#80=8KO^>uYrx59NTXa@fzM zAyg7K>ugdLzQ!>{Gef)|uW3KFq$b#)8ng0z#5$KD{?Ca!Gi_*vCG{9JUF8Pb)tfnK zF>tri*-y2;r)joHDbpz?getuN65-E^u6!A2H*dodptVo)8ySfC0J%wu7_b_)sxu#m u|L;KRe{>}OD|P+(Jj literal 0 HcmV?d00001 diff --git a/doc/acl/img/acl-hw-merge.png b/doc/acl/img/acl-hw-merge.png new file mode 100644 index 0000000000000000000000000000000000000000..afe4374ca96461ce7b49bf7d810e957815f7b562 GIT binary patch literal 35748 zcmeFZWkVcYw=Ie^794`RHSX^2?(Xgm!65_)!QCan-Q6WvV}anB;O-FoGI;|GgmaT9X=>VBvfDEY&f{tek1;0LF zY$cSu?RRTKV^TUPQb-KakbF{;xs}*shN``Wt7O|Bg&qBu+1rt9ili9c-Z!87c7Z|9 zj$a)%nzX-}sTUe}e3Ou*PCm%mn@E5_h!@c%k5BP2sApG(Z$5}0ElVh8KWi|1wGFmb; zblvrzYdLwaO}P+b4Jl$#7XYGv3HAG+j&^KX&@5XockZ4WHMk08yif!Ki?-??t$GJ`$FO zXV5HCWFcZ`B8DV5M5>?ZaZ>@sqBe4B z%MalwBdSR{`y^|n)y$ydDUwUlBZWdV!O+|hbUTzf)9ni5bDpzPZ*l`!W-O>>M7ShJ z?iMYb!!348#7EYEeUdU2xKzF~!Y&*?T>q)!gtt%{8E?6uU878AeRUvm+yU=#%_@V% zJZsqgLn7cw6oRp(bc_AY(ai7+b#r`xA|%LoUZTCRbpM^aZ~|kN7jaV00%3e4dy9N{ zoF^mx!*4V4o341WC8P4aJtsTb6MU>7!#ILcbxtWKLIdSxu1eA$JK5o@w_UbwAW+n{ zj9womY8$Cb1mH{LThEIrGZbja^8?^eV&mu~Q7aj+IYo`fm5nyUGUsLE%@1_zy|PfQ zRS#y!b@4Ug=;!sNYIIxmjCQ_duUTPXexqbXVXR1S(=hJe$E(z4)T%xeigCY|FOP)zVrLd<;R>+u zamXef!OkVMoY_*(CFZT}kpg6xTmF+2lel5KqM=ecHzeCj{h z4{Tj3Mp#}|o2wP5MGqc!smhS5092;Ti{<6^(LWD17SBfsT|4D@6Cwfh=9O7s=YE-I zxShBo?(`-g$!by9i=>s;d!kA`ZKr-(l$kY8^%C$#v@y$`B^`(mGqpUKr(kotCf{23 zx#9KP`Mu6rMp?j5oPi7`SXm$=B-=qDtR{BooL|gBzSW0C1r)#!A1ah{8`|pzt0^S%K7uRk+PpR zBWLZRo-k+m$o#Qm(69QyvWOgcp6{t~@#aovh2N6n7UD%z5p-_+RcrP$%f#?Lz_wiA=7LV!ZD4M(!%c+fUIAot zbIGXDq6mr?mspMRjZ%{#-2~VS!aSkZLO21YZMbc3QFseuJ`^xHlILV;CIg#(TQ+f3 z_Gv!9pvM$>hDywKgok&acCS$4+?3N|c|_xH`*K35!ZB-jKa~tsdC7Neir=*p4=ol_ zx62f^yRP31Vd%D;l*$4G{YhR+3Va~Cb(xjxft7nxPkF|OgRXf^BWQteF&lj>4PEYkKgNW8cX@eZ7wFYZ3-ycOnH zS5Q*&WxmMrc_=AGmR*Aawtsw~pqCk!+W8g74&$D*vYXI!O4(;VHgr)B(Ikl@eX&vW3W_z;vh8^w!N8e-7$_S?URuJ z{7}isf>d`jlJ#?3ogLg9=_ghljk<*!8`9No<_V5>x3RFWo7zyv8CUd9R=bf92DHKtrcnk(Rh3P2 z!y{V@Txp&wabsDB^{pSCzZ#_Vnsn?<6b(((HxGrm!rf1GfILZ`Ma!}^l$Z|G<(m&o zuKQ&w@uN8DC68JoY}&Ne7|0$`^H`D!H$x$-`m9S=cJ8jcvRqxjrW>2vf){j_5J;56 z{NlbgMrqo#** zL`#QK4-pOEzdKxBpsq@y?KxrKpuVp4DL>-2A6UDF@hh}F0UXR#Czf?2{K;^n&k(SB zYS2#nSsL0azrC>>Z<7X^s&)j5&`u(B93Qynz3q&b6urfTPb24@#t6}mwo$9Ew`%O^ zgm~PQ=+sk33`r$rM=^%Ej}9>=4n%rVRayqPhAi8pekj@T+SFBPIc38qX;`gseMjc6 zYpS{3UyC@@wDYbpbuTxj7VryPizgir4svGoRw{C4KRilbec~_Ov1(JbwhHy59{Tju zWY?4N0|T=x-#Sk0FKO7!5Rr;)3DeZp+e(%;oEiMUYx2a3)b<;VV{k`%;k6u=0RO;5 zr@1oC#CN3PX#~pQ-(cXT~i^qkhJb(FHQ1V{oaG=P;A|~X91E7b)n*75j`*%a6R6?b?uxR z65ss=IQjIB5~3v&HE7YniaY9}9``7LV^1e?|FUHLs>yYj)#qtIlNi)2R+1|v&uZ1& zsb?r^uN}!L=WyEW^w#-;()zlapux7>udOGwiyolmj?@K=_J5ABC8{&&#oNo>_ z=_IsTZk!(ypCbDY2NA~Pxv4P`#z|jF5rl&7&`P0i+`&r97CAR^(A?k+kKIk@Uu^o;K;oj=SMgeM(ZcGR zkC8H@p5@sN0_@aZ4&Y)uTpE<;Juuls}P1?N$}r}HX&gz4ieOOM1fyCYIT_PU7oItJ9hfn?bC@nyie_&hki7bW|@3bnlEcHomPD# zt-$~Zr>^{vCwc3NPlyF`1x-$fy)AkzPxuuY-3Inlaoyk-_Es9A6_e4t>tmB;!(h@E!qgb!VQLn&qA z5iXo$Xd*zcao4*!%%U*e!g$eK!DZer)QTVn_BVU-bwt{}S(kPF05tv{})az}RCH zD+Y+0&w75fguUju>0z5ks1ex16BwhEkYlw~Kb3qj+cNgJ;WU2@IdMQ?$kDz7nQGLgjbk>~D9>{?dMR;%gfX04j|F9@o;L>^OF^7~a zj~NW-sFw1y*bKuNw}inPmzePph7S$|tNyjkKQ5vfJa6jUgxbRVN;zqxZcN?SlKm*r zbfEmWCUNF(LIPmN*Sw)zI;7*$O70-l`q(&r>Cv9e%htIq@4Hc5UNY%)rUqS(2K{`s5K9j5p+;1E^YbL7 z59P$wgUe*d?tKTnZ^wLKC`sLw&F)@6`3*G=YBnDu;onzJKgPA1SN zW?1B{$D|>f6f6oy=h{wJMiGw>Lh#)k=8Ey(-Cf3dku1 z1QcNRql~!!f<0*nn*;=`cFk=HB?E&3Sg;gncgR`ppMIc!liHg>P#n8YQ`x+`;+vJR zDTZWNm}9aL!21pf;J&no1mwJtg+%(`ute+3xHGlf7S(s@gJH>2+?|4cDki?yqpBkT ztO0$UQ-co@Z*%)qJm0UvB9h6w-bj+dDDbyE(JAN=!lxG*bEvRG<8##Y@`v;d&-EFP zsnFrKyQ`=H_N{c)EHa$F!Z%i?k4fbE!!D zTV#P#>tyTw$M^rx9I*tE9wnu%lMZ3;QC`DxIrpldUuHdy&h3a1%$_{tkC#G!u3!1^ zwp?#gDP~lM75E8J@OXU_9M*Dx+{o1>U7u2761>SN^sx^fH;b6($JRrYTAsSUhU(l)Z`t))xA~AUqB8wDk;W_ zA%h!WSs|Or_pR)7ai<51Wu@kQ5V84%3D0__QAcUnb}geSwQsFLUc(~2a@kF18ga2rSJLP50UM}Pkm>3c#dY{~!TDwEx!!99-ByF% zi0(k}17gEzi2h$R!2vU``zVg9(KHC7Z`QlfS?L#dM!I$PwSIO;(sn`=(@HY%>R()F>Z z2|!FBECb@@ufcuB*q{BHSZ0hf1F2lO@ zw?%!2qtX?MZBWL_1R`FS`;>qEa&|-Dp;ioQ$5AthXPeCnPf*MFAL|+{s)gITqQ~tO zVXq9Mwrk9#UCCH@o6)ZFAfmR*W4@s^jJ$txTi&%0DZ?2Fsp~RZUkL9rVI!0D z$bY;+@TyQY??V+{SC&NXD!A4~?KHlyo~AC|HKE+?1O#6*_?$Lye)NW2{cTz+O5R9@ zjvTIyT1pY{Gk>s<0j>2(|Hhx)k-`7+VfW2{v($Q(Zed&Vt%W5CBIphOdgB0#?0eFS z<74cQ(SE@i16r}qbjH&-shV3vp+ySij2 zY#D_HbR6@>`^kpNVP!8+7?&E>dsM<~Pt?qV%on&8T!~qi%MFy7ggcr$1x#}eM6a=} zl%pQsh8ax`P%98^DS>>VI}q*Nun{C2fLgieq2pgQ5a2_yI2)ngNk#imUAJ8y*i>b> zfbEnI;v!C+DsfIR?Xr_g+Z~lkvoqfkKV!VZ_tHqy&wpDh!NLgB=~vW_yD1S6R#Ah0 zxa4cCvJF|xEu9@%b4t5hZB!-Wbn9bvb$YhaBX@-gsD6u}4Kvw<+(_20qg(0uozBi# zv2;FXQrJ#5a-Ya0+2`q(n(wP^&vZ9=JV|t}vQ~bzb-cw+Jt3?%RZje;8yJ9NBkXj8 zF~d!}*CA~J1;M!5k6;^JhdcGr8IFjxN;g!9^?Y5CubQ=r^7S>IY%e+sY>@5F?NFbb zt@Few%?hF?YKaL@_`Ji&p#4$c?_P%i6yXM8z>aTsVe&LMQn8~W7%)6;++|(&+!Y2E zFssTKbMBI^+!bXo4pob?@QxAju|^s;?_Do*RuM5HdqVIR%13?q=g-Y`?K6>lZy=n8|J^rDRE^BvoMQ#MTHKVk;{_wP^SS46qT8=lyTn==u z0ePb@z=LF*E1>+BfJlOYl}a-8;6b9-t}3U=Ca-(i-S{#JB{t$$INl&jEL4L*vwgC~ z5KpI{v7ey}SAVP3a*ba5uXwzvU{+M-=ZX}E`MyJzq+7y6xpl;1E_hyTaP`zMH?nDUB`EuV3h@i3z#h zRn>`;Z^R3pLrWa_qwd72Wn`@KV#;B*Lt!MoMf!+Ef3)Mro8ZH8^suI&S}j$u(>0Kg zrw66>&4<=r*~{9n4FOxTHPEXkMoOKjBYskORN2YOzY~>Llkgm&oF1v{dxS5+cmosX z8IgLJ={4*jFxWo_2Z$OcM{3Y^+Q==aBv?3pY+7qC0^ z6E(yz@z1IY@^8+dI-_qNF^)g4e^7vWAvc-3dKrtm2cU-3dJPzP4pM5RfF0(2>U61; z7Vy2E=&zSYZT*PvU0G%esa)L4irM8)m-C#gx;akc>;~JE!#_r<*Nz7_K`^Ycog8f9 zhJWo!Ssa62Df~loQ4Jrg0%8v`bTW3+YVKkRF+D+ z^E&+-WB!B`0=_5P8LSZD1F6tUIlX(n81Asckc zY57aXE%P7_Z}ByAFd^!ynIEUJyk)>p=nFW$@!ww)JX^$dXUzJEH7Xz$8v9D}cflf| z_aX`b>EwOA&rD9gcn0A4wsvB@tuqy<(;I=WpNJvN$G;DMAItAvD>90q6y;`oa^j_x z+kdv+Bmz_ZYug;wm58zwhN(B=Kh5+QXpEDr+*V2?M$VjbOZA5Z}m2Tq?>HJm7V8#&~ksh zh~7}@LFrTxafIv*pXJiMj>Tz3C3;QAkIaYJcg~6`npB-?JWdwnOnTc8k9@t!1%M&b zWVP;hLQ9RFC0x75384|K0-CnImpfyUvOby-kG=#&2SA;9GphLEbo%+98Mt7lP6io^ z*Aqw68u@qh;yGByR?>iK-lX&}Nttk^rf$bQp^V!t2RwhTI8sLDC`m9qcZTX2&vlM& zt#qhjo+iaXKRF|3=}{+j5lcJgaouhu6i8&!Z#hfFpQ8im3i9QNed%m$#N4FTwGH~n zAdK)Q1j2XQAUvDovZ0;^2a7C)e&|pyw6dH5*zG(J{VS&F{i{yx&pQxq5?Hv5W29d` zD=f8}*I39VbB);!5O&ea{c4zG?Qic zZtB_kZa;a%RS{?>s4iraF%oEDM?-=}#uMA3TE+&PpXlIFN^taP*L`i`J#01QoqQe$ zk^;B*MlUBR_721bm9|**{aU=vgz1D|>x|ZOI#t-%m6?pr?8$OFo8piJ3hFGZEJ4U| ziYby6-uJ$?b%XBvh(QavKh0#LBEc&^*$8Ssf!}4M$J6JaNK;Ra7`TK%M$J|am`cOQ z1T3x+WlrUID?$lj>NMMR?fdmRC*m3#8TpyyH`-}P#unzprx4s_cKUgh(#ISDaqM}` z#-wFGd`M5G$1$Bzl>L%Y_{kBzXH{eTyGecNY@l||g3?2_ma(0tVscdn%6e1GV=oGgT?x0rBR@GFtF`C`O4RV|c+&e0wLSr7k z_n*5+#P9{!jEAkW?-3=5e1#_z4(zXi-ZppltuYDeoj|X@>t*%vo)Ob->j}DY6YaD- z@|JJmYVy=#2FF#-U0r(cRRZ`HxVubT1n=*sZZ7}4TFJFfp6lp@B>WlLyNY3ru=n$< zrfxBwkqpe~5tZtCYM^hkpLC|CU_Ny)U>){v>&@iHdMQeQaR%)!b-#`z+k=Wv+m73x$Naz&&#q4AKdz5ee+4qR2 zO)Od=Xpc@-Fc}z7{W{H;V;yxd&qDYsz*KhaPkTo&~a!F8t&p|)2IHNJ^>lOOfwI7gB4t5V1vn8BcN0JI!bv`IN9 zG0Z?9X=OuFYp?RG5(n2h)sOSKxNaw8C2>ty-le{8f>yIh_ zSGxiiZ-y_GEA_@!jEfdb-+2yn&x|SDh1->m4gC5iKfJ_Gq@3%4u2BZa(>BU%5qj}c1;jsqrSh4` z9*M-@q2-v*X7%dVgsE&Cif6PuO@Gx=v@`zvX!Mp;j&m1k<)76=5mI=UaRbs)c4e@? z0Se)%%_0l@u0J3exPHNPcU^-ynGkV5GQ+h`)sTRPOApyOzVYyz+2{O$*lH%}iJXM*(4nr$!1OX|59HIjvHF;} zC#l2Ak8jmDIG)O~dN?P;Cg|NW?v8JxnY5*V4gN6!;o}#$cV}k>`!t*0p#Dn;yy4Jb zj?C9h#9yjTD$g+TqsmUuMShg(jO#H12jps4!VO$m`v z%geH;tu&3AY-_Hksa#1n>?nu<3;h#;tK3nRYxB<>yGU3sfJ}&(HW6XST`&m6NA-pU zWD($CD`*Gkq+$1N-gzCi!@C*>_6C0CWI{RRnIO<$+hS$8!khn`mA|z+@4(a@)^K6g zGlM z`EmYh!5N9k5aULmEspwv5UW-3MLZ3PRE5XMj3PhESgc@#XW-T)l8zl@{f>Oi{CxQD|XE^EjW zSqNC_npb~>e5RH^a?? z_kS5+D^u_KXmTu8A*DIasiVH16N$K8aX>#&*YuLTlN*|(lesy$*OOM_%nwq~n`xHi zWFMehC0TI1S*72TldkbB{$(JRpI-!E*#Z{-lp;=F_N|WHItS8Z2?jX3;z_+R_pc%l z4O(V~Dhe)P?SHyPgR)kJ3MsDAoVd-SUiF#{tvbD%GEOk$Cv`lzh89ehpcI1Dve^RG zVYj%9Wn&uH`RCYWgQ{SO0hqZ054T7S&d-ewD!NR39YsEkdT_R+VL74fhd(OYd ztjgp>cbax=@AI*ZyUW-7Nsv|wQz|0tm_dsnS*?1aUusY$VC-K9* zlLh;uNHySl8C_@O2a4R>Ds|=G-yuVv1R1|jffmkKJ@4#MkvO704y=4rb=sP}Q^$x{F9Sg{7uljI5AcA=@rKlGl|)KN zq+NEHTu{*)>MUHnLLz(uhRkTiQSW0g;YN5#Q1`jrjrU?kN5&?P$+{j|Wmo~nF0VCM z8(2FTD#IJ$Z+2__%s#Xa@o6gwa&12UisFVDOH6QOBcYE8c4*2q<~U%gCMHJv69P&W zbPq9~%6^-vf4^4YO@QV$fl%Hu_OM$|zgr2+as^l~JDOP#6ABo>C`=i0E@Cy=`9F*N zQ}&A#c&q)ZAX~Z%H*KHZh^}%a+dDrA{c@K`CijF!dHxvUKceb45 zy{Ovd#5joZ;IPc*YOW$>yFsDuk+sa3l@$S>_Z0tI&Ilw%E&QL~ioYtX!&87Qlqy>A z)9Li|%87TPP?piXy~Htw-k-jkcQlvn@Of>>YTS*Dz@N?OT3EDF4yL&Ga7?)-4^^b& zGMYMps{3oB7s4E_Fpu~cIF6Xs`&YLv|E5olv4u!GpHc+{1tyIX`^8XFNj!Q~bbnCS z$;CU#(!8Tplp+tQ7X!xxEq7!ug=F%P(1Q^zs>&nlUsW<0^t$AIJf3`k8=P|aO zVsv@87`kO@C`P7TV`kLb%uO2n;^`gk-)gx|t*)|{Z7YReYTOD=jvF()K|Wd$JMAg% zcxv+RXmnK5{B1TidhJ87eTowluf%9KQfl8JKcF{S?CrA9O>ud;9me)+cn4T>nDSfk zfhcQ%<=5~G`}WPn)%L7&+UJ&90hk?xw*jNs0+_hmoUN-6fch!PnmezByS{=Eww^6; zp;HipMi**5t6rYVxmf896p0afT|%FphJ7=*+*6j$X4|?4CGt4>`I<|al-HMsaor+f z3De+D(2u^sW_6gbCFc?y%1KD1v!WbnDJR<51uqr(x51n5=d3q3vu>N<@)4rgs&PvW z2?*%mFUTe!uiRzTePAJcbq`QJaMue+8Z5P+il1b(A5-GIw0dd!ksS&Ne}Qd9e*QP2 zB=#BNa3cLuwVGcl)FAM81$P*8F5U>VQ#uQ94JH>iSAeea!@XgIi?iwc4VaI~V)EQu zYRvGm{#{k)ArMBJ*7o*{+m9OyV~Ly{J0o?NL*LO!pf<+!%=?+}rk5RXsu#()g;*7T zUsF8~g@zVt7JxIi0^b-Z665j4?Xh>U^;xHpB8-#JeOG55F1tEV+1NI^WB7G$W$^JJ z&eQF6KabKtKj{aEyHpypt=8Fn)(`HEWJLXJJaMCO53M@;Vz~kCe|9L?vQsg)Ta0Oc z)j7ifW?HlQw7uZA>C*lI(R~fxTc%g} zEjB?tJsu9;g1Dgsmls%>rwq%aE&48r+{h{912bCI4Uj0t5@DO@GS|SQi!vi)$xX#? zkJ$ePhknuF7d`@5PuGAX-4CNRhh#V)orKvNtsQ?)(NprTkR1%O7uj~b$Ao6S3PL_( z;5J?zZPov6QAHOCbO23?TSXc5+eb8Vo8NgI3#$D$8iNi6_Unw->bOxzaD~zgq_HK7xp4&}u zldP_pb2XF&)x6>uTVq+?!*T%;n+7S{JPi}f;|Aj-80YM7fjK;$1`2Qvky0<)VmWX) zi*pODBPP~7)C0Vy&>dLN_@NTA>u0YtKeBL1v9aYa+aK{z(GDFiZ*6|^6QF;YB%~PU z8;TBKfcrFUzV|wh&_V5B(?0J7H-!T$1!1vDgZaQ?IaXc6M@AjKtiOI7UJv20H z`cm&$jPmL=i7%SNt1{Jd^WAv&HsGfC{5$)=r2E8ffZKC{dei9?mwCpcmm_J0?vmTY zfI2|X>Bb&7I{1pR0NW`y)KLKTNxI*wabCaNTys~~f0cF?xs$pNU%J{BddrCL+kKME zya)S~-pi1RT1Oo()m76I&qs&qv1>|wiU0+(XEV zhM!qyhubjiI`~=`s@U_i#Ot@+##^15>PPWU%qGZbKOt%(H5Y0!?4Drx6M`u$YT9>Vm*%v5g%5ttIa04h`U6?n|rSoP|9 za=N5yKS2yJa{Rn-GoI3OG$5Jcs|r!@KQLpTXnLlKIeIZ_8)&TkR&?_`JehX0aw|{I zd2HfvPmUWGadR?xI3v>Se_^KEWt*3Q&=7;N{3_hK|T4#&PNDyvcAr5#{kX^O1x@W^oKMNZNXgkowFu>P%~KE`*)y2e!N zA#f#gZ!Zh-sD+J{0xXi^NrRi&qoYCv${Jpl1(`OxV|{Vhb-bL7^}#a^woMA*)+{d` zL8kL{nKHDa%htt;bsSgL$s$A+D-`)zhXvLp<^Tch;{8Whs09UQ)BBy#D@v8bH}aC` zk->$K3<-sWv9&X;Y7MfM-I&Z+h?z5DSB0K%pPKV&39_;xk(Zz1knEGcott_|&eX)P z7|x}zYOc3l&oVF0YaaXJiX!fzK(OjoOBlj=!m-L$~dQ|Rbr+ZD0^ zV-O+jP35w!e@d)T)TQ^VMTst#iA?`Sehp?z3}zNb#|Fp>KVjQOivFs7he*7 z1qveZT%Ru?^U_b6a{flM;@N~h;LW2l;3$qsj z0&_W)n@?7$V_Cd*;SMOqT69cf70PtTl+^A>-p}9Mo0)-K`nFI(Oa?&uc?WESyC5PI z=cxV51gn!t!l_$+KgL2ez1HTdyj48;fYgB1P z**w2ta@>A(oyJJ+@ZAAy>9yH!BpBF&6HTh`9=Y@dwHmwMbVT#|JyD38>Am$hn6x74A1s_wj$b#u5xegywf6iR`Y3cXhiJD*8%B|ExlxV^_M#!*%Ue2nR;93J~+a#HzgvH?|Buj z=Y2M91U#WC0QqO!D?^Gi(Xwhy9{$iBip|rqI*sD~%@0;Y-3?|6U`|XGJa0(zx2R11 zHJV81YTNT-X z&R13(x43L>g@0G@<~9DP$bGExLelHUEDu<0F-pw^p8eChe+xtzQVX!qLClbzAoxcG z{YUH3$b(yyQdBbP_s@d`|M>tO51c3`wySz2^}i(G7zTJCEDvlijsBxQ|2Yv02fNGS zeSUVT{#TW~RTok(0iJbT-^@;&|MfvUnTR=)1u^Ga1mN{nS%R8$+; zI%#`R;gE0kg~kFERyGW+C1XXX0eELQ{w&~L4fZFtHmJ+djen9-@t*1p%Uc&YZLMr)5FJaDfsc za5o=TPBMjF2A#X}!FEnF{FCJ?Vg!|vggHKHWQb8{xpm0)JT-SY8{IZjqs^^tF~7s~ z{%@!)B%fllirCvZ9kIQ?K?IU)Gl?}q%K+aE(no0guT6ZBfFJ>AZLM6U*el{!f}%bp z;{1J-QUtzrVXMT`0W;o>Wp)#&vI(HU)rMSlLu&)ne|?7DZZE6=$he zf=(=2|7HUfg$8TJZDnPPL7f8LaqMzAtL^AO{B-od*ton;9DM5#z|qzG0IO zd_M6oH*XkV72!RP)#>Ih^N-k&@7~5QUgUr(J~g+mz4KZ~C>8833I>2Pbt`pf8;SUq zRVxwL>Vnb0H$jvsOaGf)A1_jeZW3xx_tiq|?~I~Bl@6m4^64G>FlTybU+8`QZX^cW zkAXnCgj!?hqUvS&ui5+y%|d#?nbtVCr{gLAH_ikDlp?{HrQSar^}j$)hLi=2i!kB* z?*9ufNki1ZzRJ_&^9wT!8eXWC7RLlkYNccYScQzgb(0!HRfb+k4nTl$j}&|*(`RDX zC^0DP5R&dJ@~-ygc;^zuMx}o;!znkZ!52RRGMC~-HsO(eRMwyv+&(okcDX-TS&6UAiH^|`mBWccc)E79HLS}6v)v!NJop)`NwPxA z8#ID67?0aMv92?-G*`-tORKe?YrvV(-XRm0$#i3YQMI)~K3UHKJJTKTGb0Iyi~UBp z4i~oLFe{h{zb*+E^XSgHZ|Zg5H<+=#6z4#hZ=b5h;hUd6I(H{tY^^8#`6OZfN!L|P zjgG+Fsqd-H?KuTU&UcyBcBwt5w-@hq^wDj&3w4yyJDTkW5lRH_UH>d9C}AKXx=&lf zd@}8+nowvYxxg)@JTWJS(cS8WJTHh(tNX#LnZs^owH;=Gi_^1a{NYCWVC{}jwmjWo z(s`|3miXn4Xjd3BXO|`=L%`@VCvC)bCnu9#30Uxf~6wmDU39LWyH|=lif(on%FR zr}TN2*WxgkJGGt;K&%vHmgyue=nca5Ler`!b^-3Y<2b>2}>Ixd3A6(a7LV$Gax)nN@BZ-*f9L{ z+3(2kl`BM9z&{Uc86(?gyCZ3{jX2J?!fG8#f<9L%dw?#rcy6OWE#mvT95<`8z{KQj zj#LE^^g#d78p#T;%O86i@TbteeYNsCgBM$uqtZ$gAi)*q5~Ufxk>sn0SQb%RyY$?Z zmZ(a-I*mzUms~#&_imXf@V_JY=YIi2YwaeqtWmq;R43(GGplVm#BPQn3i^~i-lp>i z2MAB#x-D$@NBDCGbo-x=zV`{d#^ue;WinR2pD}M20K+0U(QLZaye72jVUC>jeDy2a z+p1rFtb_zEg2&njPFtbcf=a)ziuqm_A?SS4ekk64v9!!{Y-?Vh=y((a9a)QV`#F&s z#1&HQ>(}IV&AgUd^R8e_8?Of4G#**Qv25A6sr>M$e0`f8xw7Ql)~WBDjpp@kSS1)v zm!yqvo%~NSQ|kQ>$niM-h^2KXe`_a*Rk_QHjz+rIT*D+|Txm>;>-nQ4)x)ZlsDAkx zuhZch#-M*0hxk6aTsSa~3J&#{d(VI3?84e8wYubvW1-j5WB+?v)^iSjbH_~cnLp=+ z`YhWz{oWQ0Ik}qDdSKoY%at>)H4A>%<=BDsbz;Y9kd8}FeDQ?7T$WeP_=}P!by(r) zihc8het%XUZE944xE~Vj8_c`V0sN~lPdr_|6P`gU-?uOH9oX7JX;1gh_sRI}#X2sR z-gP4VdnEOU`&%@)7Ns#+1?$5s+|+flgn?!(T#cMwQ;Gr zdzwE$cg1$bnjM=37YK7@<;JB(#rQ6DP6C@SrjRn58VHr@<|s4OTefY9c0a~!I~~*) z#NqYgJN7@+f83rygd2f@_S;{q9{?VvZ3$zyDs(^d9YUiUU$G}R3a67Ht93~!uITQa zK6qBd$nT19%CM%QemqfZS*5tRu<5-t^xEE5uhR2$M>k*}=2Z&9h=P)%A zfwD~NP0I^nxOD}U8r#oRAGQAiBWf}z9NC4)d;h2Asn6yQ^0~-r34!Ae<)P+gW<_o( zcEIKuPa)r{?i?=JVI$#h=3!S{-r+4-P zx>lZ3(zA?iX!~n+jHW56(AS4ry24mHQ|bU#9PB;Rn6}@Aqm5s}Ab^Y^dLKvmR%3Xh z+iK;p0@_N-5K$-v2xF+JsmS+u`1y~vWl3(kXI#C#`g9N;KSX}pzWV{^4EolyM<9OM zSZ%$SgoEpgyQNiP6l#!^wf$v#0Ma0yIB1`kJ)|!*PAKi@9qtf9WMpDS=GW>HYD#)~ zb?ld$i0t)(mV+h`Rt6k+wUNm}m`9&{e3)|@H@%g8)M@zxC|M9uJ(TbhI(_`E3TOUw zvGwX5_p@q2rMm0F>yE*Vr~zd%EEJAX1uY~JpUeQOI+C@#rb0>kdz)kVfX0P%L>x1& z*M3)4{<}zTr*R1&OX_X8QK4_wA*h^X<}!&3e_DoV_#=O|wQt5|zlK!LB!K$e@=55^+;$bCnEdl%2WrfRD&2OK*ekzDj9RwZlvB zXnNd(S5-fWEW$HfuA{JoKc-VX=Xfv|c$?%g#QnMEej@jxLEvf;+DaBGy1+f{KIjGL z0`ncoUJ@%Bx$~qL6oa@!q5Ptq*ew)gH%e^gp_IhP;7p*55hKJXckp|fJp`P zbkg5%Y{K#3A$!pq>cv93EYrpO5g6UAoD-;>^rW+{wk`|*<{zSkPW*nuPfs?^4aIto z9f4!PCAv)|fn_(5wsfCqRK}A5`eF2J%^^G8YE{n!%Jo%PO@NXJ|CTR7w|@m__fVc|oOF(&@L_ zdr?n7d-L^u4WJigf?4`^+)Rg`Bu@F5)fpTv%p+hz@zt~ZyS!C_X=gJ6&drbSef})C z)^$UxN{^{XzwLALMW4QP#10>j!9KR1K)r?BWm_l;JRngt-*{m*#?2AKcWge!^+U=? z)XT}F_xEGZ@$j_qruf+)s4$}fO4o+Tp`JkZ`9F4P>1onAV9_0jtK#)M|4e}U`SXbZ zZc}34r$YhM1tZn&$ZQ5W%hmL7lJoO?0cJf_4S8%D>q}B1oU&Q>1_@mbZ5HitImdED z+WUF9qsb(x&SI66E_FHdD)qm(@W}WpJ&rGmD|QDc%u4VJub}XBr1;hz z4MvtCx^XBsWLg62x4k0?e-mBku=>UIVHfpv+KF2x{T;2}>bc`2E@wmyGNRV0Ppxc* zjGo&yqVrtpQWw6wTWQNnz>VyJm16X{RYaHgFL*(x_u~c15P5q0HSHSW z#W>mF=wsC>WMXlNBkJbNnam?b%@5|bHK$!xlw%VO0&S?@&S_h}0%*(5r;F+M>bh0u z{7&P}-HQt)AL>XHU)OnfEk#0zJ><>fV3Jz=Z90crDH2YtTEjq;=- zj%^#_w;)Du95phxob)S-n-4<8#~FMDDxNh2sF=rF^W26y*`#qMf!2nDOjwgz?w4Va z>$z79o-qxGXB%^&!`g*F zZ|SOGk>Hxf-JO~{rj>6)K3yQv%%r9|wyDgS9PaLf6aS>dMcFw|;&ft5jCLWIc2!DB zD5Kt7zHfnD^G0NG>&;tY^}-!Vauf@+#V$ebcgQU4!|il+b8mNXOUwH2H?lD0?tJ1h z!f5)mb1-H{P(1Zmy-@e8+Yl~}TOC$i2qbJuVx-)?9^GYTwjTDTe`F&c{n5pX4F!+i z-&A&1_NtYGC*airb-HduMpLx>7W6rt)-QW(c@m5K!7a|(X2LJSJXS7e0~H9*sD3FN z^RtAsLx8wEB9STq&|_^-^;S(k^tK%|u#xOpR40rr&^nQ<{Y^9G&Gl{cdp3S?o@9|@ z@{l(?;&kp3wa&t_A43IPyu|QndqbpC0Te)UATYm}d(><%P*n4)$8;!pxETut@TBzY zK86ta@cxgGA1_gLYJms#Dh{Q#zl^e#Q)RZaWP9&+C2<$3eHSh;BF!XjrN$n zKngG_t;wh^DT?Hs{bwMtg0a-(hz^UQE>=H1HdIE*0Fj-;q#xUU=9ftD>gjv0|GH4? zW!B1#*O~@&bjJZI?UOr%t-~80uXM9duP0uAHi)|2^?XkLUUNbf)AYNdZ#-fi+rh)v z4LhtB3{mQ=Z2^9`9}m*$2Mld8xnZ#nY*-E77}JF}c{z!Kign5|_|W&cuTb703yH*d zLp^ zF%q2b`Mi#Uy{FDmv)dC5(OA@8D|(pi&q%T~IGmYNh~gfsd}lYk$9UzNtK1oks#Dg`1{(%<$R znZ(6L=JnoEUwqs{-TC8BSFPamVAw&)S<305dY)SK*uD;Fj=)en6`M2;Z^^XziDTq* zaAa^3%k`Y$vo!8XM2!2Ft99|Ua&-C#$6k`HH7KlLj{|kx_#MWoZ{%+1J)5@S#P`#l zjn5l0Z!frxHa;OTcx|mpWECwlFy*+~p_l;?!te9h*Y)844C>8dZx?^|8*q=D5KFW0 zfxtC3x0~O+aTF@kJ3L4HuaKDg+tOF3I?io|83}+;L@eQ+h*(zb|Mqpd+D5>qQKA!r zAO9OqB0NG^pjq@KT-unwU+vBWJn8thu+V?!6|(e*;DC8#AjtaPu+=t02$4-ysc}{1 z6XPa1BazOOz`p|A#}ux3dMjx$qIbs*7Ys}EFP)PQ!*-L@4lE|JISIG%hRT@HRDb?Bj3_?0*BMd0J)r2=gUYAF@MF`8X z(cC2>X*ASRdX>0?Q@y@=AF+Aft*GOefabV5^*D%>1$T~JB9>Qftgr+(;thNg#bWhLrdECK?hyY8rV3vzVTS4D zdHb!sJIObEmU)Bf?I24Y0e0F@lI1FR?4p(M^GLe0 ziI5wIJn>;JGfh<4ku8R6{L$sfb>(AKyx{DGJAcZ=bJh94`zK8b2|3->%qX#hVSi!| zhe!6J4xi1|922UmpH5dhs<+=9j`|mBxO=}a?k@LaiQbp%2MiJHP)0)al6P+XnH6Qo zyN#XKT-*cqy)Ut1JxzhIJAVx|juv7AD0JSY_sd@=Lj=pW7YMlPSvvhU7#U3bE|f5? z7QF8~A-T-;?-x}BA?5kv8_WM5K4fc`e=p(ke}Y#g!BLKiSAp$MWce>#^|JLB{vd#y&oZtl%l@+vLbwe9{w&w1r~4N$ z`Zs0x|E)5gKk)Pn&*2{n3+sAqO|z%gZgFm|MqS2-yeIy0fBE~O%gY18iGrr-Mp|V` zO09X8OmTcE!KB+_*DucuyCecm@f36?Z-(mmM=A`2tl#7%%4A11WZDcve*Gr1MO5eC z+8os|5-B#db50{6&iATB~I5LK}JF&rITn#lnE?w@rGgEo+~qj;co9D#;CVvl4jH=|Aq$YMUAf zm$TURs{hy(M&w#Y7w0R+c*?B%wqizH)i-3PoA@Av*fHOzCpfq zeZ@KJo#dcz3&}2 zeHV6uU8}Qzn+k>XoIPj046qC!qLT*y{-HT_HSbh&SqzdOlk!D`IE!@g0jxUuj6QcTd(t64f~f-{JWkJU-GBzE;i-=P}WN*Oo=de zq~8ac{)hDaw>F1d5~%#M$$!Sf{ynd>OOm$WeJt%?rsY32L+16Rir)gSDg9Gj@6r*W z>}&N&*w9Nu5M@d#KK1-Rz1;sJi&cnB+WdEJ!p>8AxFMUlktw4pc1U*8uvog7#%fOd zN%VHE9nU08hrPu2{;wzMMPF6oo=mD1$Loj|)97JF$?1y%4Stb_@&Kb7Ui&?KLh$q^ zObK^?HQChV<}t<3cy4^Y@uyvr;bgr;jEc1KQXW6n<8TDug^{$XQ6Iju8Z;@!id)X@fqWtJ%I#n4T|lM6`or=eDtr@DrYRS7$Jlvuy|stYIwEj19nUM0?6qZbW}?O5cB_G5fJTMLCAXb zc&aO}bs|rXrgduMV{9d(nA@+$r$|TH_WAs7y z>Gh0B!^Rrt*Uv!y=Y~LrLOs)tN~`n%FgX%Ya2{~~Nzlj#PEz_}44qG&$6HNpn!(Ie z^cZ;FcY2~lO5L6<-FPzblUbC|V(V1i$EY4ZvkjZ?@?F1JV@MIFJQg$ay9>tP-M{Opr0t=CeCWuM!hiRm3`OA)m z&{!<3Tg23>x*Q!dtq=HI6U@XlIwvn56^frtUa4o6EQiSPdV~%`v5|O-r$f z=|t$~LrUhu)D5xftgle4>SSxNS5YphdZC)`+4BRz$#&(-JxWfSK`QK_|3PAxY*`S` z+)`l@sLz$aY^aJM@!o=s0Zf3PoiZ^X_=kK|$ved;!e(pN(h6oZP0Du!EOjZ(?WjnsO{qPBGHwhS(%wXGo6Hq+JZ! zxwVVh$<^SSLrIRmNA+^Qy`uOU-}I*U=K5&9S`z;OT+-Fdf7L|M(lYnj0m;%K#xEwv zx=h?>iCRa58;if#%gwQ?p^t&2-Vrwqz(4BkQa^>~;`^Y;RDVo8jwN1Xw`H&O!u?dz zrs5MV4b58pju{x$Cz_O*<2h35e(bd9ho5LuFKuJTizHo~2OT?p%6YCOuLyOLQaOtd zALhaz^+_kYkF@UB9v?QIoES4|uJ$K4BH)cww#P=&k1&Qd6mCy#r#eI20`~SK_X2$8 zRO_1hEg?hjQ$#iT?L138ChRj<49IvQ3kQz_$1@*Nf-SR7N+?Z=G*Ng*0o#89u(I@&vhrF3~@DHt0W zY>e4G5K6*w2Ue5)#r4;1QS2H0TH22Qx+cy|Z@*z4m2o?uzC~69NdFoh8Vjh8Fd9DO04nBTXwd5SPa~$_(&n^-@N$f20)jFbj|0N zKUuuv`9+%&;(`TzQ5z5`-WkZKLSRbq$rjTmI*Q?HChia1F;?HnsQ_1|d?xPEnz_}8 zg;fye^bvd=C_WYza_rqRH;JqlMf$=BCxiLJfM-lL6wgLHnLY1q ztUm}lPK`|%PE`b?rfKzA_}o+Mg^LY0z4p$K3_TW`!A5&x%t?_v{&fq^OFFIUn?c&Y zDAwA7o)$-s_u#~W$^<;~=aQQICLS3{>w_n4f_UfOF8yljF7+FN@ygf34)!`%5h@nb z%CMk?e#+~XbH2Atdi4S^#_Gpi8eM*`$3&}kL9u=czo6sRD>qV4w;U)Br~H=PKOFB4 zmD`>?c?k>tk#VcAZl4~c&xbPF*BjFA7NdKivDubw*9U0~br&^c_rRBI@aod}eh^rr zu|HMR9d!>wo8Qgw$f4wn5Fib8Napf=;5rgVrMrJ(?$3Oy!MeCUyjPc}$YP7wF4BhX zLE&Je1TsdNwmDU@*a&+kuMfr&#v;xM;s^9f9x73uO7tRjUwP*wK)qAL zYpM*E3qI^f_S*~{#&XD~5_QUZG-YLPeQGgQa_^}Jpg)Qs123dGKsy4a#N{vJ*`kD& zpIyHLOome5z{p;DQY=DEEYi6=5o7zfrLvekny~OrJk_E^^~!v9-a3V}SYBn?RGC|O zwxHf|&ewk10Py!HJ~=5+#hZxl-Q9j3kvJWw(fW~*v@^1Haxn5|sgE*R%l21&(Q&Is z`VX64?Q?Cm7&tohRf&jNtaQB}A*#>_NiOjxrDi>3{3=qoTi+V5GaB)RDBO`&wtNgdXbN z;ni^*Z z8KMTC{1p?|fU*Cz%{>Gtlp`H|b1TB6`GfG7bmyJ)reqJkdX75#Cwm@R`#mGZbklax zwC^vRw}Kd~%rD>s-;7IgmY_kgXs<9+kA??r+lzkA{kLvQ2mK~<{1sBC;3Ve#hwj&$ z9QX97m`{)##n?6R@X$+&L1q6{4jOEKMqGdA5>+Ndek;%mCsc&&Ppx(21Ou|B#J ztXkG;7qW>w$LzGTb!L9D9;Io=*O>O!-ez{KT^y$lURcDuqJ^91vnVGO#1l_Pcw1=9 zoKqNHv<-C9jLRbZ@CSmYWA?chG9_v>4F^2~Dg%Wv1@Shf{^Kfk`}-CYD-EkhM=xAO zdtw0U@bx@Osh)1dFxK9KRf<=GHe4I0{b8?6@&gV&{HA-&%~{2SU)M3Lw2oCdb1h#F zXtJ<$3f;=VArp(@rJ=N@%oav4cN0*=9VG-ZvaT(_*}Pd@KuB$`W$WxrbK*iS@3;EA zy(W6fnM2%3#djaWF3x7i+jgQbPG%$^*6nE$=vl=54wJ=;%L|N&ROg4T#-#E-i|x@@ z|6+E2#1LNazOki=S1u=exZw}wDGa2*%v-Lf`S^>-&$AKgnB+0%rgb;R7f}$!jCavg z6GUCt`HI7JY#JdGV#?7~q!^;xkyB&^71|7uS=kb(%}C_ld75(f4-Xk)I{JH;x&!*fmV! zsue(iR$U}X9fF=nQ!(6WB*=CeypSmL`sZE4qVl9fmDJM@l4rj-e0Ce))p@kHv+}h6 z>^kvbV>;~k@kKoL=NG^5#9{h&_oC4zKl~g;e_?orpuN+ZS-z z5EuU?6CZR+)tRu{!%Guzzzm&Y zhShy9nj&6prefcQ4cSTC;yBM@c#)~|xSt0=P?_31)ny^nKg;!JL`3y#{^y71L4IH& zXL-YI*V8Kz+;$vq9z;ag(-f_0@qRpRHA-By=e1R`t39E2KIS}#|H{Mr%FZr{8)I*s z@-Q*Wz{rlPVd34o`jz_;+#fpwE-o7OK!7kYL}M2ES*1i{@F%7HNyqo z)h9a44({Ejbg(xwlWz*!HAS>4t_)#s?49;*pMMFCrI>4WjBPno z?>VE#(K40^d(W*fJb|^XIy;K0*NgUr#xqNR4&pr2X3SwU>N2Xkl7Fhi>1IW^YE)Y3v#I_5#-d>Q<{D!na7qqZNC~PN#QiH-0-q#u3wwD3C{4HsbW4)_l6i zCR%lE(#Y%JHs#Fz#k=ZbL9`POx1AL z$jkWsZ;Nk}jnNJNUbgVdy zJ~4i*nCU88Ie5X3PX$ph_*e>Vg-6eMA%%`f;^33WW>z!Dt+V>Bg4o}WFI1nGH6FLA zjUsKTyOFtTTd_dQib%j)$@^<}j+d_(#77qimiX1h6M3BRDjz_Z&4 zCqyMHNx)iQ%jnvfkKtt(FJ~SiBER@GjIdOPw24i(74G>QNuH_po%6-yt7Jk-m(?u% z&zS+Odnk!oTp+!VH30#jCG>88cD!d`^?Wit&MWk*k5A5d;n%kP?`S7z-Sel;lO9so zCZoQRNcf!APLmzf`ytOoPB!xPeg#q|MhBzY!yP?smzOp7-NCAh|+@cnW;j5*LWwvF_C zqlnPH{V(L5hUV5$Eo?p5VI#Kjhys2lkfb5Gxc(9QXxi^R>KMCmn)$uQsvIlV z2$eZ6%10HenjWb$u&CDkzvzDkS8s+F&6 z$gRURp;DaxeQEL!O|th)FS5(07iYo9vca@U>=mU+{ zdW@d;v)f(Y2D`Se=-C?@u+Q@{a$`w;2q5y_G1LM;Hu4Q&OTM)y^=7b>kxp9ip=NmP z{JK%$Bh>A#8fNVGz1=l9`iBnyH|Gv*h3E&JGN0*_nIp@gZJ1Vwas~r#_Rv}G7H*tB z3KqKXuLABMrmCY6_0&B9CaAMH!xr~}rZp)(=fL^1>5JRXYgf+jaVEWO!Mn(gbdL>e zW#kvzfUh}ARE3rjj+j|Xl&%C*n-Ki1t!3uqR9`CAS1s~RMwxO=Op=7_j@Kyf7ftZC zua51fVNmS-JVCNQf@RoA_CF7+IrUi+K3pM^l5KB$Jc>jdyf4-W|3Y@OC4ZCX&xC)! z$aE0@9;7bqDCGUe_ph&tyMsvoebbf8G?}X;ggd{D77G63P8pjR`zu$8@5=n=g(K@q zdIOONy{^K4zPe1@IENG4!^E<7e@q1F14UN4-m(PC^bw!V0DiUsaKZ2Dnh>s&x_Vhm zAZ7uVr!76;G+2ulI*O<<*`QNJmB(_ z*f+SH;P=#2dFnRcM)CWq<0yoyo(Y*Ln(4K9^C9A)hQ?LQGKpioO3hr%HPR=ifMgpz zdpoyX&qsd3HCMTDFGCsuRUpU7a|pL{Yn!58h7wC~`&a6u)1y5IM9(PMul=i)>53m% zqV;^uVaD~dvilWc-;67`oeVfzdeLV@MbO20`gDS$5h%;a#_5N6=och0NEnmJqt>xb zsOFOe_^E{Znr9;ReGr}{LS+W?~r%8z9?`}&o!smBoR^25W;&q^YGWU!e z7sbb7$W!@ALn_I(Pn@F@hifhD)2MAm(}@D6etAPRGiN=zQt+Dy@OppnWyATQrP+28L z9Id+x?C+4uqPwjkL6ehS$VwFXJQ#lQRm0>IUkZcoDf`0HY$On-jr1-ZSLWszJCUd(iYkK}e319>z*sYbaiTS@w z3ALli64GDj$=UdKIhTnVrUYeMb@Ur%{JR?6d_oYbJz8<{-v4QqOja|I$67z)Fiq_5 zVo@0o#0p`EE&fLhdAm%1s+tox4|?A|2Qz!~Ab_7AZxZ2*arWbr?0 zuu4s+!F(-h@E>Be6U4eX>#f7|_Zs}KVMG4cu>TvecRBuN3jSvb{{LYLTEZ}{cE%xS z^?%F>GDPt(hG}xLznl5LO&Nciss3)9|F&NH-_8GPy8o9)NywWU`)WYdnwT3cO-EVa3O^;BU3MFLTa1dZRztR&9Jc2qK&?oM1Zh!_n>YE@XJ~ z^$n--w@u7h;42l)VCR4)3pTm@1upSy}my)FBeb_&m<>X16He<`aj?`TM@^X@`)Et+Wt z28bf%;N~3Qpx}mawm=jJjg407EfhK^*1b@GO_ooHF-n6{ExK;q4p2Rw@ip~P^N~(J zln8pv(l+*{Y+afbz>uh~lqsybok&|?P zEj2^#grp0vg+p!o^O@YaA<@F;2}@RHF>8GNqY8k|)FQbyYduV7$?3rgV zk?cEJ0)7Oy)8Al>$!rmklJ+}0VOsH{Hgm>vL?^)BvciJmD?!yAm7_;X%#Me?OyxIE z7&koEPMzA|_%HXN3N!qsZGV$okf=pyT;-t#TgdWw{G6Oz8{%$1RrDrQ?esCzxj~m1 z_jIi3nap0NbK#k<_=^UE9mUcZy;ELg4z%qGV>eT;c7kgJfM~B@W@ulaC6j>~;P-85 zX*eIZC#L>_brT6-FxG!i<^bWP7?5Pl29<%bHgmt{#j>>)fy$54KM6s`so`)GJb6iN z_PC$QO3sRM6~yYd$&!NFJ1M>2?@GT8W2CX3c+eU!wGvp%}~$NViwyZm8bSbzUuh*gbd-hWQZZt-uS&^%4qt6BEzrHL4TQyH5U-qKzY z)SxVfW2w!^%aO0U^X3m48>V(V57}28y2o92e3%PCIhNRa$kFC|5d$m{xT=aT@UWI~ zPk*)Y0$2wm!PiQ$Y{7TBt2`jVp~#EJ3T{FF*Q98q(@wFlmw>lV%S7_*D3X}WKG<>2 zsl&Z6(wq88VGkylid|%%H&;%>x%OZR}8roRJ)x+aK?lkc&`mNYZG9iI_r z-5SQn4a^6;YiX(bH1H{9`#d1crBrU5y0aR+>^)4od1 zd3rZcTlT|SztO#2bqOU@@NwK#Gul8Vhy3?T$L~-qpyUZqD!w4oomQ|$XKnWF)CNG9V|D6^_>O%? zhBg(T*K^y2q1%eDd)x>91*-kmiYSYi2#sbulUX1guv;B5TJW6xOh& z^D9`+d3tO0WwbZGYy5#ZAn@5VOM0D(cv|iv`FcGmo*U@IVQ$t`AawpU8!$C>ll$#6 zRUf_eviBArNb~rmlm~!0^_#`@fq^pa1kxZB0m*ndph|zT*pHpn;hqj(3^5wTGch>c zE%ndfWj-;mCxFlDw!cZg&#&*lxP7+pn^e`>Q+l6o=7;OYjh(#q=u1#VwpcmdfoN{=rK)G-vj~?f0QqaaV&qe@X zo}N*#^3IEZC60@*{K-bc^?52t%ISW^+6(9k^#-^ zWB1`agXCSC0+IyvP0xv4SCgxshfdZbCamh0wz_I&UZyh~Y@aWG0Xv?g?Cy{jaGw~p zDH3AIcqaIqmR+RqHEq_7bD()12gX zm(=FAhpAWUe9A@cZhobCZ5g+BPSTJYhqnT z;TF^i9X<$M-iiRE;dDAfs{jV4KUcw8UYZ~$JrN~JaiTyRD{tG_cc%3y@G{A0Js|2V z4zomB-Wy**AueqpyyY9flimgi3xy0oj+JWMqG)Czyo?3eLDzsB>4#l4*c*KLV$`4oBkvou$kjM_? zzdZ#^1X#{lFH-}M6id9?3C3S44r473Cy#X8byJG2T)CP3>V>QhE5;!|l9uk4ashAT z+PUGfzT$ZK$km8gwD??BJu&XEXhs@7wxpVHqd%O=%)*HeEUu^BED5`%Y?G06C!l4k zpgCR5Zy`JoK9F9>L=Ang6&e;aC85~nm8hqtal-AM;1Xc(5hC~`y;v7D?EAzeYw){g z%HaXV9e3cJ{|1YI7{Sh{Yi7G)l+IOEZoy0T*jrYGS|yAnA8`5Hpv*fXQ~XiLq~S;y z)E5`-5l?a*{npO0o8Ygxe!oo)T)lKiwn`W6%>><)`WoPLmf4hB^3+ZGmfxPe>&IPE z)>$l@?I~0Vl+uv6wDsqz!bq!~LWqjEpJN;3J5~aJb{t|v!z_-npJloYlLqZvs{zcM ze%mXqEMHmz>(2_fG!I%OAIkQQ*husg$2w%o&(EjxfUN^z_4{^!$3f~#$k+IeSu5Q7+wEJaIeBw}v0@3K7?7_6VV^L%imdq{v# zdARRhEdQ)z@B73O_h|d;+Hv+-RfGiDG-;A-3JO^${k58t7s@5Ab*R_uZ`-{GI%RNz zvM3!c=FCXk?Yk}}eHw=*eGXqoM4-2CtP-(ONq;xVVa)Z{npRFOJ(6v%vSM|7OAfv@ ztPUm|_;QU}`lpC7+uP84x*~3*OV(CkE645woDZFm7;RQ%=2mbJZ?}n^fLFKM+8{}}{*WcLw?KIf0GkL4AKm$<$XhF==|rt^41*($6080O8G~*3yqNbN%&q z#E$1OF}##DT_)7v?{%e>?saX-W#ZteoPd#`i_(LcAnhhUqiMBu+O3&!-o^Q!z{!Km z=y^aTykrQp34p2!SLjIQF!XeZ;m<#}n3l{@6xf@XEj!_UE`p4fC+At6R*c5hs4g3> zhNKaHeSXF$&7|bUDTsX~W?G=XAVDHw6~dQ04z~CHd>^VT?E0=U$E|e`rJQaGX+=IMRBlGO zIYSB11dZkxSbPo@97nYZ?iZytV{gqky%Lb*R_7KsX40(&#L6XD#=vL;FgG?Yg41?^cQf;d=|uCy-}&*)wIISK~woy z`s$Od(rJ7)R=9kembxv&zvamD$dHwnFgSO-qWPL_r#))7I`*%<-l>k?E1|t@A;059|@mQ?oim8dL-NQy0Qcr$yW^T|u(h6tr7DBvkV*R+__9z@~Z1K8Ujni+0FZ3OEM! za@QOtgXit@5jGMwPJ8wV8uSg)D<-f&n`3L%iSf2)u84ij-Hn{-zB8AvieqlUVZh#W z!e)H0c5CqL=Rs=j(ZNRj@*z`qFG9(+$djiA)}j6v)^*i>CDNN(P zz|uz9c7TK%3SH^+3kqHYt2k+%?yzCuJ4eD1(isY}|HRUMU%whuYFGFL_qm{aa~=>m z^J4m??f$Zji5N5Da=QFG<@W#8k1{qS=YR)Go3=rAxSlJ7zgO~VFUp_4e)s3}!QI_mLU0XX@Zj!u^2qzW z_t*V**ZN=$r)RaC?mB&{YS*qNO!=KO1{x6>92^{mtc-*T92`Ozto(?A1p7O6f4C02 zz&oi(i@{Y)knF*}1es~cnky>8y@r)h;1J<)-~fM`z<%N2iQo|bD#O9a!4v4+-n2z&Iu z)mP}1s}WLz>N+`I$6NrfWw~{30`JkMS`5l>k0izTR3>=wMm8q*)q5hu0;@!B zgyF$~Cq-9D*j3hli+kMUr>U8V2o|nXhu?O>^o@$tFIKrmttJDM`0;c$468~!bF@HI zHIdi)28d};DmnJ4?~#3C^J1uJXi|Qn9D0L0uVktXiDKSgT5Q<$EU8_KH_MP4H;eF@ z1bK^re-R3Ns=AAaZsS3HrhU+DQeu!EAq-^*bsl}OpT@Mpsvz5Y0F8cy4V;P%h)pve@BmWm|kNuVO}r^RV~ zil&oJ;lvp%?XyE|&x=<|$v$8;aA~ER^^vsIxRa|^(RzKMKutf=FVbtdEHwLOmeGP_ zNiG-(a4PTxO-s^S1eCrHp(&K8Gb@tUwQXCrMOuOfh|h$Y1k(qtqokmbzqG|YLoJQ$ z>(tevT%mn5Hp!;A7{VhKIpATIqUUE4di(-_+2I%<$?{g~7gRW6e0^tX4J<6+S#hyD-7=Lzf zuLw^&W%Z0A2WLxpwjICnMA1ZHLWDBszT-8_SyxPQ9L%*VHEL>q*F>Q@+>S;b`<>77 z?~SJ0)wMVh5il6uO<^2WC9zA}$0-Xx-5%d^SsW2POf>}Zm|7*lbEGe5c~sSZJHBBh zc>6)wcIck=*2K7m?$FT0Y+qQzT>0A4c6+Y5V52V zdFg>dPEBEtI=Q>SpP>r+yjYXJL}3D@R_Zv|GPEK&g$G6VL(#)&4x9UN%zo_>d)S6w zfZ8@P7Fnk^w={63P1=w=G{~H*a|wTqI844f_mi}(c3_AUHfCnjxDu0eWM=tWNlYmq zktu`eTEAO85kol_veQBWxfo};c75e`nMr8upDFjWg+vEXg3c8^jg2N#3S-VzlD7L% zcA41Uld>wWZHh6^Gx$ICX%XI{CrQT}qCm}X%n|bv?DMsS$x;+C38pj{ewm-9Aof55ijw#*sBYkWO;^t9xk3+@ES5L`PU^RUVf# z@GJ3?QKiw_gO$*`bC}F&l0Wv+B#CG9X)-1_;oB0R?)ILpsy~ee3%v+B|5=1!#rpEo zZwjmd8Y$cz!B5qbe7=J4!)%CW`pi{dktPYyc6le!hC!0CAvK>A;*m)oybb(`HSoTF zN1iAUJ42L=Jz5b%&ELroR^-*aN$9#1*7T3j^38)Y^PyI8)HkL{0M`N5ESan}qGsiq zc4CI!AnbTDdWfLPMTtiu=aOmo$PbIr=8(Sn+tgSh0hXDt0Qc?h*Hl&YT|cBJ?oUQe z|9X61@@!l}o)Gd!q>d9QA-@}oJfyK@f>C!}jN7p_Hav%89I8cj>G0ycw>YZHaZ-0v znN5s2^Ro>5Mk+mXRbV_nc+$5e*_uxrDosOjgKX)eWceHEo zOCj#;IvQtTXUBllK#Uo7py*o~l05JEQSC3lnAZx+4a2*eMtoAgPObP7@%^itT=Zfe zLJLlnr0-N!R{f;;?+8b7EA6k5H<4$T&7>+Qx;!MF=U@D@S0*o**E@0l)6Ur5!-|^xoMzsEU(6Z3u1H`n83u z+T6^HF#B}ULAhGzKq3BGQt{2A0g`1p{&+H;7j*Wsp z5H&!(<24H*YOJIR%FD7(>zwI4nJj(ADzLSj$1fmCp$D&o4$7Ho zh#7t`VNItC`tlHgDz)p2Ak_;-@G;`Vyu^wp?~d(bz;YLTdd5v1l9w%hi#O8Qpd55j zFjA)0DfX<1XC`bi73A!RsP&R+D!$$&Uus0y1YGXF~o%Q;KHXGIo1t_izL`L7n*oVaBBgr1J z1NDv)E`_e7hD1E>F}jibQX&nZLi*KIrzdcj0Z&I20du`(E&SDkP7#<8%P9JK(0*(n zlo~$M_TkVi^i9LRO zdJT#{y<%~2Af-H1J!_NBsd&c6BmmRvQLulf62|S3$WTo@{gL=K@x30atm;UaM5lQX zhRGJ=E10lzpS=30B4Ox*TOSIMKAXYbjAS zfQ_V&o4q|(J+TU2+8htz{&6>-rc{4=_xl48>{JnfqQLRgPFpl;dE(4*-*kRVp>iA$ zGML)is&=}}(hX?J_RDo%)NKej!vNS=zgL>=z~$;f(WRPj37b zt;cooJ7sJOh*;Dh0eLO9Djw8;Bh0ApO7c5VUi+qKLpx7vE*b zyRqG(bd=F5&%q*pZxjM&Yjhr!tSo$ zq}9ZR(MiQq1{Wpk!ZV7&DNA-1jLK_BH2ox~$Rl~A6y#pu9~KE=8G%>ODacp$P`FAA zcY&6)r zq@W@-0#}KiQ3~P+DyGgTU6*qqL5}`W8B||JV4+f{AoT1GQL;gFWM#`IY z#>cgu%pM)eUCmLy=C0dRr2$!4KiTIbZ&Vf1M=TS7700wMvor3QtkXcQGG>P3k$r_S zfse1&jXyTj%0rCYB*pn3tIf~@H=w*jbt+N)2}k2q%g|(gIQ#A~1CSzCdPw??V&(_^ z3l*MpI*HnF9u*KiUfjL)E#dEH>glAjS4=T&y}_qq)wAN$W(B2qxIygj)6#c%=vEB` z4Y(%+I89WfhbZ0za>NIWwQ9s@r+PAm@4n>cwkPe+YrKxw#11-V2K#*iyGGO-$KyC= z{bq~B%q!_smf?+Y!xqaFg3=p;b2Bo7f8UZ6_1mvVe!j;Ww0K-Ji97bB#5$yg&;~i~ zo@-IAiD|M|cF9(QLlqL=&`D0=JHcK^v(bH8L@ApB_u=H@s=q;S9XwJhu<1GiKT4(4 z29hIS`vIL3n>dU`D=OkGz&xjbkYR^hLB6qjD;=Io`5u^2Mt6m4i@!bR>$EENw}Z2w zf~2L<_!qL4nGAGT}YbCpmpON$w)hX~5T!y8-`Z`qIOpY$$(PvO*ucj&5H? zi?D-*ejdD>u8f_n<|Ud+pP@-b9`XRg!wBow`V@StW^KbnEP_%!; z5HqgWbXOrJ?n|$+ajRu9Go8%g&(Uuc zULE1HPoPv{V-ln>2`fvDz}vme#qQ9+JsXehoXU2ZK0ULVK2s+KerL3D&s_PA5MMbN z#ldnfAlv_=;bVq0%Q9|?Ez+2XHV}`fY-HrO1Plb&yaebn@$7a;7R+dv-vz$dEaXso zTz^w?h7y3^^s?s}O(-}bXd9)}(h!FXpD0bMOM3bO^to4%BHDI4(s=!mdnGUv7RFI^GAM4n`7=DUJDjOUDN1ApE{n zMm^T5uZj2#PQvs*!PI&zZ48O=t4TlqLZ-$wCs>rp)o4?5s0gKcjVOuPN?>L)c7NCS z=X-?Z0$~DdXB+Wa#fcI!h?&dBYHX;42PWPSIve!1=)^0xxhMI$F-QsRqPZ6P<~jGl zh8%g1bq%^vuIs#AteH~+H3mNm+m~AJwGsCkUEdi5ksZ4dm-RC>w5S8X z*;4r8{xyf0%8uLyvvK{&?95}~iZl$_)*6APKFrYUjfn(6rOzQs$ECpOmc5Uoa zExT&##koFCT9M%L4WLP3T2OFCJK=5yG3;_+GvYp{i|MW9t3A8#$8T%o z#!hM8y_5&*E79gKFLi~lkWZfwKnEP#5b|5WDjfo|k9H-S?o&sOP#fB>ZIvj2L2r6+ za#OHJnb2Zc!BP(1zbEHAdBF$d)QD!nY(Y*z>;pHf2v1F&Xmob+mm3)pJdCsb5Sy^` z&n^Fnq46^Vd}hvDU(i`ba%gz9pbfjBe|jHA&xZZiMZuq zo5l<7_CUcZPg_0A0qPP^I7-m#`)zL7Gx28Vy%y2YA4uqVhROs9MT2(lQs`qD2UUsX zOkAUatR91z5U1CeUwom#;`fK=ky=n?pt%JWdbdoL!i{*dv+N#P-2`xxWR$8t$`*fZ z)pO4sGcK-Rl%m=)!FKYFC4RBw@H#+^_o&;wHJ76RW*fvBWX z^V%?HQy3le@uxlf9`hK^H?K(lu6Y&XIDd!F-r^MFe%LYvdejbH1@y=5lzDoQ;?B?E z&YP;Mx^We$Jcij31x0={vKoEzHh(Qy)c@}9EHbwsz} zcWhxBOM*#o4^|QX9r37(Lk{87#K^fdeD4LIhpVT$CljIP?R~am2hFX~eupY6Q`?MU z=LUS>m$qjXZgp^mIm#vWLul8jXDhpc2(P(}Uw~_4qCK!kv+Cqywluy?O9UruiX=#X zFkt)-n0nwm$u2oE+mPyq=<&r_{9wStDQQx&;w*-Gd#^3Z0 zsteLLc_*ptT9)BK7o%sUXb?#B>6fA=MKv!b?)P0M%lcgu(OV_l*pYodYcQg#rbj-~ zGkFuBtSfal@ljlo(>KO?(?m5XAJyThLTf%OO7cpIY@>t1L7z8+8mM6AUqi zn8lpJhG$UMAH;2q2n?-K5tr=5U*Ht{>`!Auxi$@2If*a^HM|cr=9A?=3pw15_;FI~ zIEo*cGK{e0T_i&XWFGF%j~Y4VJR z_{|Rs-o&E>JMv)a)i3k_?pr7v<8YwE(Bl^lx*~^|Aq*I@%zxHa#&bxY77iz*R=yg4 z!HLt*$46ii;CH6?k`WflvbWJW6AUk@pNFa3xeqxN^{-vqVLBa}RTqpzw@#3Z zsql{mR8{=M4Zr*-gdLOZRVErwkpV;iNRO0yzjy7A_^U+XC$)=|X9BYsWtc6Dq~if?)a|>@C0LsQ4q3J5f_mD3ABfkYV~@uLliV zHxm@MdxYNsgQO1{Mu<+rFpu9|IR^v8MmafrMiAeQFWL;!6>S+lZ}ERJ-Vi|W(WT`^ zImU-YenOpd%S8=`^uK*((Uv7CdYB<#uU3|f>o9oY$+MqZR!4J(HrZrGDfFg{7EBx$ z7?S|!rZC-G^qRD_sB^IV@OHV{9L7xSF}D&pRN}L1&W24H!~E2YXwO{&&c5qY{?S-} zKN&Qar8oZ&4pWqbpmGD`-iToWYAim3RO%c+Ss#bTATGD=OwhCLjrBhL7#jY7Idi9~ zf0GXtZK=sTdN&*;*>h*`iAcZZ7M2wK>1fa~O24U_Wc*dk7m2!SI(R^YdnC37_Bv%> zd}XM;^k`7h)rJy*q=rXmhnh`XDA`Xdex^djn1y*Fk`Ns7w;r;=H z?mb2ifBCf%&DQ#no=1<*HE#NQQHdrBtzc$Y7$b&cY6O+b?e`#Y-t-I%XDNEUE-i8gv zb{R%bvF?x2m%Xm(Ut%-NckW+GV?&2bGzes~8m{F8_I8Nnz72KmKBUBYWT4whL{?gC z2<7w|?meYfggLgnbNxY1D0yrskk5RKt~NTq1kn!vWf=YrWE%Z%V|V^HaZ&-8eIi94 zd{#I6B9x97O9yQa=IM{MnjL2+`ltCTcmb;|uKEjA9mWv-oe8(O`O4eNg!xP-i&GK^ zPx5)8bPQQ5ZKn5H-D=(fShr(?|9Ad@z5aa%=JL+VGVe-31NAJ`6fHuekH&2y)-*>B z)BT~>zvmut2tVgZM}gMdN{z+i%R?|K6eVhc3OZRvP08419g|e)W%Pl4SyNf8d572qX{{0YMvz~{C4H8E)bsk{0n^3b?7 z4q%q3(ou>EtC++K8X%j!)}A&aLtg;|oUn>ld+of-tSnaun`I0RRf7!_YCS)F2DB&r z_!9yfXO!y)_~VKDEI2yP>-&&M{Xl8Uz-;Ne<=efjIiX8;nQwm2V4_ilseg+kKz_Upl9l?EO@AJ6tnE9q;u*@_JSda9yG zcUQmDY=oRerc2kmOk=_X@Dz4FKLG14+-J>v#CwemB*&C|>+4BELtG9pD_z^iizjy! zowS^?8oFSE>#e`7=xyk-V5#GX)NEXFb({7$tbtC&VGMsmO>bMtdzH3Gxm@Lbxn#QZ z>vp*I2LVmvSXKgwa~HVdvK-YyOg=`_#U*pUg*#X1-BJ&*E@|_-#?oR>=xBeVDw4Nv zV%|IbfmF=dzOJy0G(#gC0}fanNizOFsUd%)O4qtw?=oEq+sd zHSO*$z}KiiJ^H{r$&rMYEM0OYr)NhIgA9+SmdIT4|tNIPl`ld`FdbtAN z+<@VBD&o@_n6yTp?Ng0${k28WZtwK5;D|G2!(5e;_P%*q@`YSeMUwt<%Z5(dU zsy{w>eBwAV$*fE2!=Ekqw?bAn0hY<{xAp6p4CX64HQ^i0wMhnlEwAJRyu~S1Xe#CU zJ6g5RS;e}SVSk)na7Fl&mqlOO@E+rkf~Aa)x>`5ooopo;amT9#s?gj7vX2Mf742@% zdm$`6mFWMPRU@P&FhJd_#seBlHhhmo9yjJ|t?qaT{gTeX z)n&LP(D(-o({!MyGqvK z09@o9U>DC$nT)Nc{X5%&YPZRWVfa>{+#TcEhyOOHRdE4nRnc=+7B_{V+qRaoo`KsGGX<~5d1@JncBsikhV;hb4Lf>IC z$Q*6lOpVf=5WnMD+qrolmVXQS+${0*chvJAfeej`D3;MobCS{BPJLg7HUx>wYnE%L z2yzzO+{e3uR^8dCuyV?@>fbHTjmA^9x+=MntnzrAG!H=bpLEnEUa_8`C1fQmVLCgEC-yVz^ zL8!4vrz}w%*Einjs7IPfua@#2l+O;w<6B=I^|Q)8uSGG1I}qLf>yQ1l7v5Urm}}r{ z7M>an3n_Khi}s^8oXgtaVIIx15c1VoU{W3iLGGXiPPk-7i`r5qd{{j}5C8G#U?WVu zC;S$cBmr!z*1aAP%53BJLA`RN=BYrdD4y(8YzsURkg)Z$F<`ah{VX_kHtZH9>*;!& z!F1g`pR#@Q9=g`ocr3u2LMC44HQ!=-Oo{|O3Vpb5uN8OwZ&B`^0M%AyNZwX?orSqY zuLa#8XB(!H)GYs85kTKz)=E10by$vcIaII#?r%)C>6mRBpCUs&7KV~Wuqhc97NzsN zYF4Oh_yV?5KPt93(tel+IK^w4Gt09JqMp|rnk{`gTCJ5on&tI|&?awQ5oeXn95{Yz z6ZE;IV@embYlLuijW`qdID{f+zNUSk+&~9!_%6vM$@7)@o`;6qyKbJh#k(Y`zA~iw zN;<##hO5|+Sl|Br_Thy&LdVC8Pir1`eWMY1Ag@2D8xx@Syn$}K)rB>3ub-|ckxKjNs!+}NDRT@omT&8dL+Q(^YuJ z`@v)moXF1Btfi(y5^_+aVo-|7&i#w^M4puG5%fKFyz5m5#hOxs@<4~-k`Ld~HFqdR zFY#Xmq2s*RD-8Rtat}M~4=~AR^rb%RykOl=c#!&F_;^ZGcpqeOxtQ45hNxqO#Lo@@ z+`B4XEjk$WXbzD18lPiHo&2P;JN`LN?&3|RP$Py;!M59ryOK9K-=lS+m1BMVUC<7G zQKQvq`5?J;QOA8_69<%@7kVi-U^A<_skO6WKb2!4p)KNJG8g_;`jgikRt7ISk6&j+ z9rKteVs9*4_GuZMUs{}c+O@@)VN%;$Cyxn`*#l{QX78YZPU1CRV3WeY=7+Om>Ftuk zQFJ;+H|EzCdQ4if$e+KZ#qrvGPlI+=c$HHWc(Z*$*0@1Kd$vjbSWvkjOhRVvv0YD# zsL6ffiLNAQf3k^Lv2Pe-$#q9D=?bGdy4{%T=#8Tg2 znsp1BO|}EZ3UzS^4>=BhQ?3GM20=lY!?BQJ>bW zr#5o}dB;|V@W}#IM1jctbY;3vrwxuSfdgHvvUY_21*So3csRh>xTXHys>mIS0YO)6 z&pi#cptrc|;wIbfJ};v(Tlto%N0V~j2G@kojy8omN4$dcxCevB4sTdk21WL2^S1Wa z%1r5M`bUX0&)-Ij4ZJ3>cm7$k$PKJ{3yYB}HAg#s1rp;3i zo!hkqFN2flwi3Szpg;04Kd%MF+1b^>aaO(YL0b9mH;4@%#I0tZB54d?-K}ESh3qH5 z-tj{G@Qz_9{Wh&qd(G*25{=RHhok`bmW9iH`h_o`RLc>3pekKx@yFHU!>bpCQ^neS@ZEXOu!FY#h;R=d%-{N4VW6qi|-p{C0a*Ue8=XY-m!6r8$# zMjY&c0Yj|IGkj6x#Xmh$iiv9Qoo~anu`9f?s8h+?9fCM80C5gi+AM2h22<|n1X4%t ztK0qMyoyQe=GDLMs!gP=2kn12FeeVCjyA==i5K^_Z*?mjebkO72ockxY_zy;(QB?2 z)nkBo&CVyrEf~nUcIsrqKP4vLU2Mwhcx=zggJknUub0?&&y@UD=Axv2;Xy8qen-x` z^~VX2Wp{Rq(CCeb&?ve$TCn&?#j{Xpu-F%`P8XtM!5!h&!#Thax{M z*3PQ`eiA<-2YXLaHirc#y>~?=`%+_{a9r9O@h5m61*{TyIa+h!%HW*p0%8T3vf$O8#a%x`b3H}a>l(4NQ z4~+{(J=&py#%(N;`3SF&XuHzkvyl*#hhNtrW3g(HVw z>vuCNJ{<>+#}q!HYe=#9O~wT;!3!n)HZhc_*TP%4O`gxj)P365D?S;ZB>Rxu;kSu@ zL^BPnk{f)y7~(%vW7hwEGo{Z?(>w@XL6%9|0Q3fCM!B*HbC)3+QLLplK~;5Q({iPgaPp%oS*n+P!PJ~|xv$h2 z?doT+Y9LE#G4RSbA{1ZhNqex-mi^_!`O_k*t`R*cn3FJ9JvgkTF@bogwx`oa1FQLa zrkC&HTF(ho@>;>uW?dHs42CAV$nIn$+;2GZ-QUmS%#-y5I<6QFwfpH>S*KXD+q~ha z;C@TwvceW+lb88PQDUBd-n$KraL}o}#w^k((m`NBhp^bj;|FV`)V{d8kG^VyqtlnP zTXB6i;Wvg@ePu%qA{-lU)5>QmG%uv$Day#!z9oq}g9boeb(y#R7PKEWj3qSmhn)_g zgv~diOGn$?!r&G7!BaV_jK=mm9uAyrZ*w_LiwPUjn}Wmo&Ns7_9YU>iKAzVyAz16L z7ft3#txF(>)f_9KBO-$bc1XKVWE#lu*}f0g)aQ=+=B?17cK1+o3n9b>d8O6L$c8lH z?A=~VF?XG3LZLT9xK}nFu*j(J`D)`qwqX7||5ifPEQz1g8O7>42uwXp@JVNrE1s(^ zQ>;_U8fPz09T{i@6nB0QH*B@tJosem;XV=K<(chk<}e{ck`ut4&5lhi>xe2!V2ToZ1!AW9AG3M%#%Wts4u?OfJ)ZWmkD!IToEMf_6l?zuZ#)~#vhuP8 z3x_)HJ|XTSSVm0M!#&Btsps2Tv-(UI*0trpS=&)JP>TA&NGk!$G^+0ek>_UV-M}x` zW$xrYp`^&*$YauJnGB)pa%gc;wk-cVn-b=#xew<@u}xHbT!`Nmp;ntGq{ei%2Kwc; zl6L;lU4&C&XYKa zJLzRBoRf2^I+`74D!+FV*f>HsNX)O+g?p#u+zyn@pL+3KdRcUcq1_YE7jN+{JnxVP zK$;bx`Bih=DCcAj5Sio9LVw5jC@OBghtC5F6a3awVsKP!zGpGw4#WX=Xoy>LlicqGOevObvE;>SKL!2nJ5G0!&QY-OF2#w#;E!w`0l4E73s> z!5+AhjKdYSAw`AfQNqS;U&kKn(BqR_W_R@(rZq5kr0jux;-PHvQkQmHbIw)!E~OF( zu(Hfib^~4W?Uk1R2v9z+4zXKgz13ex?0=k0qxs=la`uE6Zzb|c|%#${| zw*!rkjl4fHpFQ>71aOh&y2(Rr3$$uH|TAV*I}yt}WM z^{H3CA)eF8wCVTsFau;8LCGCr#j<@(RM^K=v23i@tG{RoCfXm|q&MgXJrU%Gz{0!;Cwt1-!3=Q-aW@Y zG7C=H-I5+U&SQ>9dX89HW8C)P_r8IV;28c&v|o#};v5}r=yo!n88rT05sxbS>|6>YD{f2Pl+)s?=YC_}RZvo5yGmfN60 zOf0vAvJKU>*)7mQYosQ};O;o}K$9!Nv@rrrZ^^>gmyIwAlI?$1fGmuS)r>+xXKyh9=#DN)=y2jiFj*r&FwmjkI^%j1sE%_Dd4PTn~ zg#EXSvXT)*LzlnL&D`xN0!YgzliHekmT$bQjJB*_!eV!@qO z%5LOr#2EJ;lwlUw6O@9xBw0pPvW&|AD?aF;@ zMjL$wQgTniWILF+4ig$NcR<|ePAyX=fQV{!n=oZmYOqZCL^tcdifRUZzKG*rlWWZH z4W}*rLVQ20rBMaqsh(4L^j_6QxEkrJx~tZZ2QWCSyJ`8G0f^L8h;$o8?-%*A{Y7z>l7E2 zb&=F9=d7R#YO~QtBLd6w%yF%tdU zjvWdgz?#9ZtE0-=;^%V)%ZRHxf@chbn@Inm7Z(r-cyD9$^I-!_ z4lMg%$Pj?IHmSvo0qLbczve~SUNA>moRkTWP*mAAy_$l#pry2pw1cGsooMwl%XKWwa5uOly%WCB zE1GQhzBZtaPk(U1aoBw3s$^lk`9en5ih5_ye=OKj1*Q5)j{U5F*1pbKG5Hh)9Lo|A z_Bd;19RAIBYj|73QQ%{q<4U;uqbSrsx&VJWS3E(8?nt>6!(}vWyh{}McY;F4PB(OT zP-C}X+IaQbV!t{E^?;s3psk6?$e!kAsngqSMkrHJnV8i`Ikn+x1a2gmyfIPD#P4*pC=ulvQWZ3=s?`<_4cIwbKjwaaEpD&M z`b?5Mlw%qZ-4edV=-tF`J2vjNk}~5`p>*}56h$f;wCWIMKe;RjkWZEmGY9paH+34Aw^B4b>&L}zvRjdI zgfWZsirQ%dA~aY$$hg@|x@=-}N==<#A=zRq>vt;}fxtf8HGzsPCMOK@oM6J;()%Ql zPU;rgMy0H**72O+Qs+~3Q={|Kj|Z>kj!MQv%m}}2yC>N~H5vd(3{k`;%^Qh_=C%r3 z#8sj_)DM(n3A!89zXb0leUMSsTgT)&ooC}%es6fX2Q-$PFZtW&31Lxa$#He%v{q(O zHKYby^}z+Q?YQW};wQFBHky@eWR)d@_0}b1fLT!GM^^@D5|!6pYm%V7id+rPT!?)~ zy4&V8H0no$bnRDZt(w=N=j>gIZPd~i!?-3%gqF*|i-g==;~WTiug!swff=DgQ#jct2V`$m>sf-8k2u5%77@dZh+YJW6Xc>SL?}G>wic0%_)i(lO#Ig7H+tm4BKJg z{zx))L!EbVbD%Z%#+*8PVng2srLqo{O*8t(Is4d$fRwNfMZ3=y1@YI@r$nS{(k}OT z=Wjh2=q9W?|H-uY6Da3L1H7qre$`Qqvo3z~sUxU+j?E6TQ)^@A!Nox zq)l?@G;lnKzTmf=1aTk-V1=w-LLXLkI-4RgSd5Q^#(ey=ktjLUv$fMX{LGGgLfc-2 zUbAd@F+J+vK|x=70W69A(%p=e7S{u83MU<9M&8?K*D?RS0CvC|W11enT>Q2hvm%g# z_db2{2_xy*&awd=WTJ2kDjxHCB~NDI|BAm)4T&h)@Z1~yO`eEAII0F^3CIm}Ssbll z81~!SKfKg<)4^Z76f8NGXpXk%*!Nd|y6tLRfNN_Qj1y3ch9?e7+MK5S@<)oWbW^Xk z=M=1l)_2X~u-e3a|ERtiOGheL-I&PW2a!pHj_-MsvH4z=0j&$lzqJO}+TQ>I0y5&7 zJTKF*8?2E=%#D&J(`%X?#ki(k5q>+EX4!jVZ<>8&!~i3LBP?>3SC)X#NC`v1avu=U zfnl4eHiSEWOry*|-_Tr+o(lj84d|CoZp<9e$Sufh-DT1^>{5o2-N6a{>S~z*$z(8= z_E*L&ddV7xW)mMEBBgjLxpTv~BO#V00Ifkj5{YRUfwGvUx~vgCIpdhE0~TrCIa!XZv45LZBx% z*vR7VTULa^m7Xrq?*~uokFMR-52S|#7%9iAFa1Y_0F*89XSY zy3S1e`=+`#&7mC@P|c)mgfQ%$N6`6H=ts-bH@{A>ev8}j99fgKlaKpeeetk?exaU& zZq4BQvfL*9k;d~VJ$br^v2Z4j5R76@>fLsIW&E>XzK~YnaN2$ra18?)GBvMah?*`Z z06J~)<{DEP7?LrXo9lRyOfNn}MYhe_*$)yh?7A)f3u0|z#+ zzu{u0c91E%m~-(9-6wav2U+#g=vA2wQ3Ubkx2 zVbVNXa>3~Ifd;g=ogRCKX6{!KvAd7EObQ;K7dir4^FOk89Z-|`oCW7gPtG=yJB+m) ztI+Sb)O7stnElpSKL1?<2opNwQNiinIOokk={vQyK~#d6Lmf@O@t-Y{rPqfK7l78; zcFyPSmdATgCo&pU0znvZ<5GN34Brv!@Kxp;{%kM=|}P zia@W+--{-x6X{2*t=kis`;8NC(gMZ_QA$_kn=p$eb(RaPIV~<0-e^|$kD`(@2Y=LVbakouun}ois>$qKp^@zgOUlR%Jp52H@FzQk zk2;Rbgu!)x#@;mL-2u3sZf~j30HRz^t+5f#Pk&(Usx-IKS)v-VvpjO!U!slht4j6@<5Pern=GCjR4hf92)5Xu05~{S4WCfjK8|SA*>3}Qf$yqA+#ig;TO4slOvtKh*3mB zE#8A$Nkr;Wyzf;F9nvu!;+_{|?2ffW5DHtVFnseIeNH3lYJD;dw-MMv8b(BlTA-g@ zE=P6SZ!s{2Z$I`KFNQ3LjB);|BDCxT-Ux*qUN5v*{IzOxuByQ>g6wstuFuDPOkr=a z(-n)j(gNNN`yb2NB!rGf{Usf>6nNs#vs=scUjlTDV3`ptB#4dOf0m=%3xo+{BXG0u zOTa5rSPgpo!Pmbg4atOcfjpwLJeud+0&lvLww-n|{<@{>cvrY2SHio@{Ri44SD(aH zJ}%`{_)3~r+XEbbHNYGd>Af>$&b)3+75L5gGa7bi!{{FZ-^dB+ig)i^-w49UZL2bE>@|H#|MnKw4A&%&SY2rOslK(mZS($@=QI# zuHar?OlZyf_@e$WzfP(2V^gMW+J8*9@}~fCJU`hW@}XzUTv}mj_irP923<0*HKWyf zE)hbg;xTwWreBR(hZ*28xP7s2jD_enWZ7tGr?EsNohO^`tZ`EhMwr0Pm-?hjslRcK z{unq3XsDWd8hL)R@ew}yNqXVkACK&>rNK_&&CFWHfb(55S&XzYDA+mHnI9CtNu*aQ z^R455Skwu~e4(+WqsktueR~%+C2fRQrm<95$Sn&loY_GwLbbC~nOKr<%S*e6KM^;+ zuJa&Czs~m+F#oghy@BjSC(=m{KJunHoPJU_4fgi9X#56Ngb{(Jy`qNbwgpWk&W2io z{4LYLEp6LeC&D8mBa;htpUa_OsvH5@Sx6X{=9l9kRgrbUmJcPr(G1?|G27+xzLUDU zT~qkf1X=W~*-)6HLnL5&Q);UF`cb`$WP>l@$zDNM9+YF%3$HunPoLx#Y;U6`mHD8b zSM?|BcLoUndjDI>hgHc5Gx12pSR$(_Sy}yq_e5i_nyv1!M$eb`zifEJKf2g8>**IH zPsg;pu5VH~ry4I$B5kPoR{E;j>`kG}*TwLAE22)NeKPuMo*u=X`kp-mC^8}2q+M`W zk0iq08vTRHF8xU*=JO;XYnMaMWYA*}MZrGG-dS^*oQmJoy0j$$Q;0U7eE1L5EkZ{t z@-3*fZdzGRZ*@VWFq$8J2j$eUmM4?{lN|zJze0>-Q9G^^H+qC->7DVNr*eL$$dhQ# z4z)gq9b*N+uBix}ijC(kgZ8;B}R61{1FZH@I`lkEhv1E15*7}hmn|@n=>=d;VZ;J#a5tSfh3GrdpoEHD*vat?~H0{?Yf0fqy!8-bV3g` zbdYLjp+o4>K?I})5a}h5fFRPVAc!=vP?Rnu1nCHf4Urb5iBbfV4mWzvdCxn>H^%+( zjr-^3-%iHZ``J%fYp%K0nql(@O2sX8%l_09Xe|a!l|eP9axcM4+tMt=5+k>&8xXOA znj8H7Hn7MQs+SWW?{98!$GQZezI(YVdg$OyhPDrk=SFa8Qa6h4GNh-E@%(NP9NoGB z8tei>vvXM~z!(}z&LowAH`17LKq$(X*1)o@`eLqrnGH26`W9&EYQ%dQaSR*zR5txS z2}InZQuLk3xcJVNwCjPaG9AP3-i)`xWN!3s(cu=FgE-tXb9J&ek_) z*oS+O2U@a@fL+%v6CRzw;wUWAv!k#xz@!Q%Ixi&oZHcc8u&91j8*n;_f$N zc?;VQ+97ua}ixJ>~@RI`8uu@*`D)A&$Xw$lN}buUsR%@_ak48y8?N5lWMLX?*E0X+RlrR+hE(YlpCMn4V3J{ z%?nv{lM=VP5Nw^x;1q~tK<%ZrgDi6|s^qvhm%y}ff6q4=yfuVqQ=v2+DY11z*-knX z_UQHLWi9-oN}WvM@y3${Pk8xlw9ek0V6b;q3M9_V2ws3tj>o|Hn&LBXVRK=QaLL4yg>aBcq=`3H^XrfG`o?T`~%n}bY zvmhu*=K4LY8N1j@5+6h{%Nh9u!>uxiF#|o*yukhAhajW(_si>wEE0%TY$U>LQaTCP zIVUZ_yk;3kS_i{D+@~Xux>adK4xI75{gJQb+*T%;d0}&UuHsH0)mj}>!erbHBWyFi z0#8HAJ>Zn-$4fQAw#eNH$y~L8AXEm64p(K+o%J-g$ydO5>`K2(s>hE-dPqLXIPr(F zMb}boHX2LpJAlYwEI{P4O|>VBXHqdz zzns6`mR#gG`3*UNzvG#C63y4as%14nwlkbbZC%uQdj6>E&np}Q5Mb(XXzEp*vXIG* z;Pokyk#0n|jVm8}A>4FI8yqi^A&>oLU33Ce3@W=7tCExSi#5kRhTmoA9C}#K3JxD< zo(H8f{%r-oq9;%&}6087x|dpTuB zIxzE;;^gFOI`+`}8L9yX=2}YJF=pEYrVgEAPRcjDhI%Scw#+UD(jGE;z}@vtJQ|=k zX-07a_0yR^VoT9<)!IP{|^AR?rLp|7#j?t=mm7WFa5!+c7zC((b*e*2iP2 zC~9!(0^>RcE^Ei2MB_lsRdbB-z~Dku1`nC5YPuJw_X6AE-5iYPt(Lm*Zh+7WgxNwU zsx!-lnijJK@)k#?ZC_dIt9f_pBJ~3E=i8q-Y0AX4&a&_U_zJjC6=NvM{am+D^g9HV zts$f)&{Qd5K)VVj08)Y?IR~W6-ixd0Q&Ecj_}$5RJp*0#*x(H|1Y;3# zH_Y#mhoeU{z^w8TkaCHFuu@VV&Mc!HlQ1BSAST1F!N2DEAWtuPe0G5%fn&g69yTR$Zgmx~2or<^1%CUBKrAf3Z zwqgmflS)@z+)7Y)a5AU&QEl6yZjF=IFs9AADu#Df$knymEW=H4i%?r-bW$Fovnmwx z`8+f7Okau(AYy4WYUD!!_J1QwMfTyb5677gMft=s*v=N}B!ccOpjFySk=2Bv90A>e zn!&AFv&H1H@Ggg7HSM6lp*{+OGH>1~>u|4e+mjmevLUQnM(5+#!>9C9TT<}FOR3L( zH!E?tyAtV2lk((kC$wgGW111!#o-u8ze%ms3HA3U+gQ96v8_MxswN~&ZfE6cZLG|# z)Zw40g4_cac6#-^`jqcdI`p%by^nN3&k(Lxkz8!-%%^nssCT|J@P%lZsY5`qX}Xn0 z70(Gurirp+oZ5<&)3Z5GrMZ$(z)_X)F|RS*a?Q7JFf&uy)wDO3Q#ul*d}DXs#%0CJ zoQAo%(x~W$P2UO(9p)*t2{bRFTO?PvIw*(PAEY(Z;6_YU;Ab(IU2;kwy{k=2Q@Z)Q z`VI=eAuUgJ;^60V7-+q%LZBf;yQSj#M|*G!)FC-SlQcb`m9` zIF~i1#6eHEMDDR1Ap*k5Hf5dqjY4eO1@P%|94LTAS&5#}(4br+YwMic=5h}|Z1NRo zu`VNXYc^|!NNj1*$$$o4ym>1;P-|xg)ox*WzZA_Gw^B79IHYcSPysV=t-<{8%bm2c zF9*gkXh6P0T+P*pXG2~W9F-Mt$5c1ghcjCtmb3Ye9=G1bxbAO>NGT5pKw1*gH3er+ zE*4+r@*1aG(YiVPY}KGKvM4HmIh}2QitEiPMg*Gz5WmkiI`MUih@n@$-p%Q_>uceW znDCBg)=#cSl7j7R0lD!0Q%faN-jiPIY`UG8LmO&M5YatlO0~VJ6^0X5v};0Z;UZ>kf{9Q7=12)TgC#;`8YA|fUr12 zCgc3uS+)qcefh@WRE)#O3XfTM>Zpb`Aqta01zZDOD`Ux=%paJn?&&{jvNA9OU8B-u zEJW#1dsW4%{5i*kq;)Z8OERlLa|1g_j%nx3CLowCvx0npeV{;<0vJCI4-p!pPU{lD ziWgf#21?_Mmmt5Wd;D)JXP>L`a1=T>7FWI?~W+^4CdNxE)Y6}2qJ_u#xEC4NWK>t z7n&I=WBh}dMo9+PJfuE^{8qN&>6ElhjQtJ=N{`d^U}1ui~%f&b9D%!`;wHU;MdQM2gS7kt@0j=sW)hLL^9E1H>EL%;G(Q>J{ z8vm>yd69(KY@MHSC9M>#H24j;{%uOuo_P85crNiyVbBFus=X>xs_gpo1?aQOx7gyl z>tLSW`T3G*G0=^1N^$+{QGaP<6M<{c3!hgd~pjuCoKhV-hpLG&e*eafRgjyCTn+(Cy% z2JNbTRU<*soL=!vZeit{bfPkx8h|8f@p^TON+h!F|9UTfkol}{KM`|?dKyDa8;gyZH9 zn(xwTEaJqPpZ~grcNvhYHsD7GJFwq9xRu|F)o4-quRTG0C=PhzD&cW-V4)zex?AsIv+K`8nmLH)_!zT)fZJLd)D`>QA~knQ$t{T>U-j2tD46?`oL(L z7&qPRN#S3^;wdJAW5a*dxhE?f51Dv{6kOy8v?6gVuo5xJW<}|p?C;y5 zoEp%f@zN?i_J{p>FDGt4&av$7=G!m82l;^i3Ao|EB!3~7=P~Ed_H&Rh^%jfaFumb6 z6M>TO0sk5b~+(ziNH7hI`UX)m_zZ`xho z4%Z4x0xbnZTuX{~-1)H*wcbzS1eK@qqCt2O*h$qXKi|V&f|Q}fn*Uzp87Ntvok4V2 zo161d0Zx^P=)4`+_S(u=hTgmno7TwwCGaA=?<6YORfbH6eJD)kd!^%`p33ovrb{^g z6oo*RNb$bOPt}orl4#3^Mxl*ax61cRU=HBYfs6U7+Jz#-8d6HO)i5kyMdD!HUwqPA zX0o(p7p7^vrv+gZZwDC)kBAjtES1_`J(nejLd5kELA9tZqB9-^>|XBPSh-hqelJrp zIS^#Ia2XK%qQMYscpvDNykUxt{A$_RXY;7u%~{RpFmN5O66O62ciK(`j^u^ zDV@4_b9wDTh^kbyvDqnCy%c~brQ~A8ag$rcG>*;AdtKOWMuzM#?Pc2wCl*|0)bH2~ zbDN;a&+RM~U^?PD-OtunD8G5V9h^uSXY}*a2)E!{TB4xPt-tkA9y(FBtSnv8tV<0y8*1BLRa!YnS*EK1P75KE8GT5$d7J7p zuO;`jpc1>K@+~FmmpPlp5USlnccOM8U+BkymL?C%9rhGQJ7QczVajMK3v-~tQ)8tx z(6?SFzuVH)!W$^at@_Fnn;s4w&-(ewK+5(8ebgtW|7^+TK@x|%Kg8zRY2{^JSd*w;uI2=P%9aka`H-vV z>KbQkC;4QAbqTf0zBYC8MDlKk|COVLhxrvts|z35;axc0A>Dkld7))N^bIGh2Zhwx zSGbLH)`QEgc|lhcWtmpW7Ba9(6jBFWSTBmRF4)2Szm$8%w7$vWrcYuBuyU`r%r-Ud z!yL>{7-dTZdO?xxGHrwc|5xt8_xNRgnHtRHym@I`9WXQj?+Zh6o3asP2~-4VxuZ{j zOJ6khwUUA*yPjn5^;Ac`qpz%o9)a!tDZ9)&N>y}5)>L{eRd^r@`ThZh>DTCWu5)+T z{3N&7iFu(!G*Q^2P~hrv7jjmLC;+3s=zd-m|GF@*ABl1+g*b{k3ZWRbq`&i_%0tRa zpeK5T;?a&;rGYoHHHXzNyMFqNw(=s@#{PC4k0!L@tRsr!Nr%*WTcE0DX}cy2n{nEa zN|!v(rOZb-v0tz<06l*HaHN)MMp9~ z8P+}uNZ|NTnl0V2VOTBhKI8fl`Ds!7cd1S(jB(fO?ty=SBNGFZeO8HkVmiym| zbn3-A;jWw1!R2bX$KCgb+M4phN9d<=yU(18yfqV!s~gmQj(%J!)d6Z8o$)bv8mjo0 zKg^)r`=SiU!ks?1Xq#0;bq@J{jRyiP%UXx`qA>V1hL+;z=N!Rxy10+u0ITesFCW3_IDV2iq#>4a5x-8OA)duq~Ct zGtp?BHd{VmDtn4L^TaQauN>qnxpv*PBtc=+HB<{ki&@CORP0hYKBuV518g;`B2@3? zb%L!>+tTQ5X$;@X{(<*f%)+ml@jn21a}@Y8Of=HeVaRp}QR(7~-6dyDS}ZS7y!z>> z-+v2CEqRe>do;&q^C0L61W#d$l@s!9vW8JF~)>Jgx{x)lp>IROZZj$G_ttO@o>^F zG>}>7s_%*02Pl1oXEOB{L29nh`e&sfF?P16IXHI~xso zZ)^?GwCkfEVvp|Cb64G*&h=-4zGG!f=I$|(71KKXg7G^}Z7w%|@!V6@?|+rt`3r~r zPrT*&|M+f~6v=FBkE5T}PqSH%xUHEBMLI8jnv{g*UEj)Y`Vlp9GA9YWe{bou@kqv? z(5_NbRXp8H+FATW_uwwfQR~3{)j18X5D`24GpSdS(H>SCukaY-pA%x8=F>=lABkd# zfsAnm4>3(QqFO8O)Qj$pIv}-5J8cmk@_`dw@8-9;*B4g5UVJn`MTmO$e7Q_KGkN#U zgtof`W4Ggf(nc_{r!R3{*3wL};<1g}>V$wsciNMfR=z+*Uxk_Cr_X0mM&J~%d06hJ zcn(BZ;|$SZGqF;uW9)ue#_#%9qgDUF$2VF%anlt_IS zlVIXukYagHH55+p#b3m<(r&TZ)gHdsRw6y@+&(LjHt5bgvbXLuP<8+dM_X!ji^AHO zlFRiDjn~EBUJbz#;f5LJ(Kj@p3@(upK353|mH_56KJzfk zna4}*9cBd%sRAwf7a8WExMgen20nkpRBTZb>q2X$gYEtJ7=K=Q$!20PF3c?tClhIR zP%>#&$ajLY6N$FA6Te!O!_3P{&(gx`%vi_D!<2yWI52~bGq$jKe=x%?!$CF~nhxIQUi^+rw{k z=#T`ppZE({KCZq)d;)XekkG_aIB2B9LMtwVMC5?*u)y3n-CEEmku5b6Zz;b=7wiUx0m^{An|YXg z!d~8miX_>@+&9ig@0rtCp{HmcioxM3lLDe)RemMI7-szKIKb-l+R(+pFdag)Gw|}v zi9TrsQ;}%Hj*>Q2((>F+&gO{KU{I&hJM1NG`&A>}CC7-Nee8YFMWmG8;-vf;L%T1g z*C$-HJ-3fH-W{nRkj2#hpYWp#26N{AsC)2y`|1o-c%Bw{?pDjmwRf=w&9?k3LBViZ z_?<$3uj?_U!3NjRVWg$O=Njz}GS>*%LX;P}wmrLkXhxWkC(s55nw~l>yU)6Y`{%8X zgx(!_-DO)W(c7ot66vzcY8k%BUSvJZFp`)Sm#lk1mj=&q_0*9B}F!4dG7?1F~ zxW)(baa4%4K-g4ZEBcA*}(gZVBJ4RKv40M@bZyj9Ql49n%1;($AJU4}r$e z!?2CN%nDI5f1s+r@f1v(L_rCEuk64glC25m)0RC7PI$tophI0yebz?*hgrnMojO4= z9-KSf`H`PP_@jU_zp^G5aC6#IU74SS84>Wizd5Td%Z64h)p27PEvcO>J&_2x(8S9` zx^n`0GrPt4vE%c1jC#W7gsO$d}XMukT zxE&&+Q4iZ;K=1wvMxVX;aByM`Q!xN1)LemU|E-5kEbF5so9(;VyzPb-(XVIFqXj$r z<(w6OXp{Oj01+?_yS(EnkWESTNJg|h5vzk|C7NYrUP>-|((@5UA z4Lp661%HTVcB{n2Wb`lvFg%0vuDvOvNIS8cbdqotbk0oBlrLizrYY|X8|^7*cmYaR zN|N2U`0PsQ7B=4LpM|?dEEG91P%v=yywHbEIlS!V1sTfP0VSj5)PH(7IzovF%^O*( zis+_AN75n*zsnL7M42Wg# zc4?Y5GT3?;@!u5U;IO^JoGi05sL-;ju>g29j)9fB{G?#{yabmY!%JERcSP0p{bRt0 z)tkK}ly8*FZA+W<4F{J-#8|$zFu8k}_L^KRgn!cENXy#P#p{H!M(X%%%MN>edZYS| z$t69_oPQ?KTz@vb1gTjy!#TzB<(B;6j9!er#}javc5W%l3_PJciPYF3GXUNa-L`6X z?I&{i$Yo8LiFcHbf~Hw0%6NG2M?zxsl*ycc$e)nDe3o-xeVv@k_dK_q09+>QfC;z`vYX3Wk_h^_z8rAgg zjqkX0C|l}mE2Oukf`U6g|6(f@%dYOyH!;6p#(0oQ?b7m*k&ttv^Q8FM-(mEh$39e{ z9Es`uHFy1ROw#Yvdc;h{|7T49>cfrb#uXAbBhN;fHcunkptBLVNgK2A5jg_m-~3t^ z43%~%c=xvgVPpzU6Tl=fm^D zU+0dAye?!Mlkt>_ATqXH6;tuD<*BKOT4LP|sVUZCTVO2V7}9D|oVEH>q;ELWi>WNW z#`WQJPQO8ek_2{;5CN8`ewMkqT_?raQe)B$<=IVJ$jNk=>T*{Su8;qU0+&#U^Budy zU%N5SMCla*K#LO@M3&L^-pa9zK8CaX-|K$g^Z zV|~8Kr3{DK6h);ds(7la1dyhfESe0R@E?$Vmh>ny&`Bu&GboNpT%7MBzf>7sK;()- zFg`4rdoqA-q4(3B_AAlLdnm`Eh1-hQF?X=d%F65a{4)Koj~jqV+U}}D(2uQ?-(KGN zispU#)^|xgdyCFqROZpm$R>peX8Yv)pC#EV9Q*k}1)Uw=hrQ0ok;B|+ zSaVsd+EwT_-2SjfxStn&Xw&Z7XzmngOfm7;3fzcJA zD(*+^`Te#dNgtb3zJ97od$IJ+b7I^vFf1Ivn(I4J(N(+W8xs9>NnVB?E{Pk=Z~jr$ zRn_#^dm@3EpvTLxUG!4p1ZiyWXE5(ypi9=~sF)!A&Ze&!UFv<#c9dF?#f@!1FQXpmi@tI8Lz!u z%6nJv`ipCO`#nETgV(2}_(DFZH!>oh1Uetd>uGW}Ail2#4$l7BrmjxFrT6~sg9@*3 z3l)dOOpkXLmB5rxyU2b6xLDU)6uy=24irR z`ZC51NO|2r6MS8n1$lChETcCl69KvRL2#n2i!!*QuswQ(BjT(vV&hWayD-66Do@vg63!jzLRWex)?4{_h>mY z<@fo+?8ZFHoju}?$}Y!j&>R)?xdxHbepIb(cBB5%ey3e3BJ^Vp(?{kq6${`l0gj-* zpnb<4!g2BDMA0O+hncDrJ&hSx_?a+OsTC~?<@GBWXRLsKTA#Ny1$`m zm-8o~da0|jBhQ&dupM^_zN>fbA@9nRUiJ!gxj{*D7D*bgh|2Av? fUw^B`%YMLQ@@QgH@RYzxLi`x$n(EZST@(HfC5E{d literal 0 HcmV?d00001 diff --git a/doc/acl/img/acl-mirror-merge.png b/doc/acl/img/acl-mirror-merge.png new file mode 100644 index 0000000000000000000000000000000000000000..027a89620c28ba22970061612c32cb474754d3a0 GIT binary patch literal 33308 zcmdqJWmFtb^eqYmcMI1s;jH!oZ4rf-9)LY%A+9@Awxkyp#cLpBeVf=4Jr4Z&L81~RCQW@-vxk7 ztMRP2UI=BKnJe3bisJCH*z4)F{46}?f4>Tpkg5Bo7ynr9Va!T zy@eCK$9*lsmw&RGtdsl<@D0Y@4-D60O_+kyTQ^3w`Fh?S9dFy2B*t9Q|f9Av?^VeNU>^^FvPy->3?r;sP~T zC5l{p7}kI#BqY@pm+svGWpK|G=@bgjv%17uiK}1aSWze-h{8xQTIy%6@CtSwU=lXG z?7J*T8Zb*$aI6sTP2Q6yeISnvpn%M88s1rn3Um7v z_o}oerVLT)_+EP^ZX=-+kkKF%Tb_TFu47@Z8~Ds6a*buyy%!`Oy|kzWY=nklZ?6*F z4+3-_OHbJWN<}2-?Ep!uwSaCH8pbWjsohlWUh+Fqp~>wk(5*2yKop=c?3;({sFrk} zs5n{X1GCcQH{+Xer7Yhbgv5x-3Z9n%>R;L^`0sO?F;drMD@5OPsQJP%qCmc|Xf(k= zfw*){GndP=azRTb>n&T)F$ari?(tS+JorCL#Pf38$fa(O0n-4D;6n8psyt;Txbb{C zS?>uNVBeiC5E0pj$4EOdop}6aLc^$es+4MapFMv?E?P>4*&BY;EXdBOq6TAHa1%9( zM%J6d{W5NsdyhfZPCe21He=s!$lHiKh%jFSy%?vCoiZF+L@wIdD{;tu*sDk8z$Xh8pA?cbe)Tl3z@nABrU?9eqoa)Pptvh>nd==8nbM zgzXpJ2;yb55Miw8CfFz=s3k9_22q}q$~?1LhPnUlcu?rZZD*smG=ottgoYKP?Yxz5 zt;n|~dasVTiUBePUCaw1Q&$TIdORyde?)@grisN3M@42JWt0(%X)dml88ydY?6H$) zf(u_cz33U4j9BJR+0-WxeI$ybO-q)bZ*Ec+$`p9Ey24SFZbmY$aYfDW%RQHf>Lj zKyxqVWjMQ`WCTlcFlP2TpfLsttUnyl$cCVjVG<_%{4{J3WKzT|5>ztT$V@6vFz$j# zF-jqu31o?4pPIvz6Wr?TJcpy+j})MEsuK`|&Wg$t$!4YV#TrQ6%*btog_}DDm4a>? z>17XB;~m|ppYnLZ8c-OKH-i-3C2fLnahY%w%wW}Vy7yQV-t~5GcJ^<%Vea>W5HHbz zxFY5XlngYKXV$9fC?5+kbx{b!q=^*nQ}5+ScjGn^vS)ojCW#;4!osaj4`pG#iIevU ze&GAvFDXqr&o{|2|`5J34`;XL3x08{LFyaaHFO&~b)DUjxAYR^TS zG>9+XZwd>ZDXF1xa&$^snotw~?ZgKUj*gcFp^d&97`!u8gZc4+WlWl4k>IV}^W~Oi zCWC!Lu}1>8FM*moE)8&-UCT)uilMJcYo5!0<|7dk!<8{@9IdR`q0&7k<7$Q?auQs} z#^*n43aw#9G7d7#F+ZW<)>lC1AcnoeM&Gzoq1XpCQsc%8G0J!+xuh0`X-90`Wjx>=(~%hxU=qKPF(^lkE2yt)62NN-pU?L*269o3Z!@b zIUfE24aX2jyGd@yI_XZC^YKgxYiiM1{kgb$QO#pzLKC;F!lN))uBdo!+I>a6vJm0m zvpz-pDjiHXXGm9O7ZeLE8l7x+8Q$aPXK^6zQYMtGD!7C=N5P3owm{wJJ!6muL6m!l zx3S9S=b+ZHJ)81#28@z@SeJ-(gl=cx3@Q*nxei~Mkk_p{{o+|fVU^-YX#_$#L2i{} zwZq;QnhF9~F7In$DQ*5zm*cV*YbAhwbTxM&gJHx?!&fMv>KDJY21NkQ)q<$^Ye9Rp z3rf*ePz3oYpd=7RQn9nc7mD^9fQGj}Ao^o_EUpSk9>9stA(DcXgWz^H2Ij_c$`#mX z4~hu@d7IGfGfWLD=q3-*ec9b33BODMAv%dxvhQmT*g4-vHn3&M@o&_M)u(m}<+`_a zd9{XLAxv3QEf%)d{asT{v6SUi1ATEqoSvxh(a3$d5;`$sZeTyYrz3NaPEz}*`3y4u1$KA|0LsK zUO0KomPV|~x=|ZQlgK7Uk+yuc@;%v;I*lt#_3U{Zpc%KTa9R!$0|7<$EO;3or7TD7 zS@WtoOaEj$GP|XG-m5@&f;Xbhy;Pul18`xTZlCl<=80RdU! zYH4HPfrZ`~u{r(-;A;b)Zg~izB9iY)AnRq<^C+rB|Cz^jrj`(78=0?ljK6z(UHR7S zWU3%u6_X9wHMgpN=9}Xdw972=DyjTIRYy_lz_&@z8U1uotI;8DAQpXfw}zjT88TZL ztcyH>tz>(n<3(V=W2v~0%;RXO7vhSvnP3*~^Cn;xPTXiNdCvW9iR+~6ym2oxIE_!a zZsMYrc@$BeSz`;+%)L)odAss{lezax4Ax_2H1TT0)z|;I3qA#1C+Z@jK<{2V^qBKnR*dfXD9&9!w1%>BoNTCIOPVgo&A1lWl7#&S8%ev zrjCDNw4qhxO!O7$1`EO*?!%`ub#qba)%47Kv2b;4SkK@@=K4U%h#J9|B_BUk&>Fm| zcCrW>(`yS4k;tu5;4Cp_&P;kiV0fL_zSBS5uN4bj; zu@A^%OdXCTXeknu84pyy6_vgx-KPg>0E+8TyHCka!{+t!(>2GzPLik1!>;Li>??UlwG`iC?pn zaQ`UQDv`TgoVw=+9F}P9dSbPe$Js@zEE16zucei3Hc8oh__@PPl99M6><OJ&60mK~@#_%-0$@8KMNWwkBOG2mBMu|QA213L+1&61GBXNY_$*fB$ z9zsK0*W>-*oh~R*64V0m1Pqu7NyQvXl1y>YEQO}AXCi@>y>%aCiBkFZKe33MR~fMe zP4xq&z##90rNR#=0){2#Ey^BO$+91;iI`B^rCh0yIu(>z$3$<*ZIx%;v#Va(U#Z)Mh zDVE6CRHgR=XhdFd2^BkgC*X!-1ZGKFK*N=AtGjTnykG-v&PY&^ZQ%r7615baghGgI zDH#%7j0+?~$O(|xflk24mfK~SoAnoSAZ}pd38*3~k771OiZ3x6S+}L~F2(ffA$#(P z>Gw5Enz)Tc;!f)pYirbvXT@;J!D@#)`pX+FN27iJumhpsF>VE~&&xCg%C3jz?x#}n z{?=R2UM0i=3ZWlQpV{{rf&TIe1dOqSffB*=Jre%;lxb6{`DaN;3(3JF4d49{B35`{ zNcYb#6*?)N1_^MHW6R@qUjdPKl)aFA zjsdU2x^(-4E^l!QsWX?7Bhw^BE@>b|v69(vA3>g{Kr)>WeMruNp+ZA5QI5ICn|c$b&ner*I$2%-#llVJT z|C2j##@msaR2dn-Npj1MQ^yL;$MAjIE^gv?Y)E091`09~?vF`Zc_HzdmYUNGql*rvbhQ8Nq*Fh3V zlIpHKtpd!h9SWK69eDbbXojLQG=nK+Lm(y*NLfqOm_`B$PC^ICBcuN21<8UUKqcYw zHXLl!FJw%!(|3%JIPXbel0-+*m)!;f*jPA`rs87jr8G9#4x6N6E7187w{Z{vI#ifE zE#fWQ0{zgw(p~MvYD9BZpq)jIegD=*ZR$6XsLH(U&%&5HkOKRyvCL2pti2-COEAlr z3PoP=4dFg3#7z~O_OVYdLVN=XAcyG`2!%-A8NWs;TV%=X6AF_r6>T!<0N zati%DS?eItQfyG7_mymnD%Gtp(0ZAUlo$c1TI89&WrX5-0{kK}kX5 zLvh`*;!>Q}kc3coM;je-jd+gJ)O5YA1JK1eOOHAPWhiT>b5!Rz|mwYBS#y@FJGHz4-LEUa`{kzRqBU~}<3 zaApEqfl@80$Ea%BWjbtKe$f`VA4Hcon0%tsa$I=%7DTU5idu{#66#(~IBq6ms%N@T z`lS?yHv+2FSUK8>b}b5A1_#2NF^*3f^5d9DNPYzi6EH~L8rh&oBd;0QO+ zEUsD~+9{t$LM|~2M;~W)dGVf5&t6$cNj7mV76RhJU`qCV&5i(t2tkb}NMIg$^JDw_ z>MNVxUAzBVzDiZO%OPOORVzpTf4D53sNnCU9e|MY-hW_b!WF4b(xzoCUvuo0@2X>h zcn6*SpCO#D1egIEq{Mpj%WWv@l?v0L?Sk+BEFj47dM}A#NU3x?&`(wH@Amr{5^CtZ zrAHWe?dC%Zq|~tNG|p)KieU88ponp+Hn+O|j)FA;aG6{?+~h9O-?(Pgy6NC z!fi-t%C%FpJolA@Gu4K%SN{^7^2YqNn+8Kj$>5|3!j`;_?u%kDTC}!{tLbYuA?ZrN zXo|y6e{x-4M;EM(WXf(=p49u0aM0;{Gl*{HAcaDw*2X((Lp6Z)56Ol2A_-Uw4t$Aa zxgqot<7eS#X6NJJ;jnpr_!g8EaI@U~;7JG8GSViE)$@DU;};itdG?ElCrs6KVp@3f zI@n+&f!tte)STK~+@BFw|fUJ*?g}#kXZ5QTCt|I1iNtz{Tum;lY9J3(CVyW`phN?#-8l z#w#H%F1rgiWclsg?KVMnv3SCNw^xAi(} zB>i$|YM1|aep6FZr2VulFCk&4N#`0a3_sp~LvVa;zfD`pfoa*aEXrn7e10)U-*UM8 zZHqTPKcB2$ARQN9V73doFA4%kUZ;GFcD9V>((W#-9o?s!Uf~KgYe12~K^6YBlZSm)+VWp)%mt9Zi*5I?N9(rBL%#wJi6)?Q$ zY&<(`N`;wx_~52kEIkF(F(e7Y$G5UfP*emEp8YTfSmteB-SFf0x~hVscKyxcVm%$f z0JdY?-8%`lpZs&CS|$XZ5upohXp`h5jKSNv-TSh&E#&kv=JIs!`@Ie%%+hjo zs0kuhWMLc|6L_4uJRTHap;GbY+|8luvfCw{JQ$^7->;X9wJXr+}ai z&&@sS>|YnmA0Ae{DsI22hO*)Nl9M}py<0+uJ&U>AOLwr$TWV8tPy6mN#_#!q;JUph z(@BwWZFz&~t}LHsaqGLZ(Do^j;B|J%LkgaHG}BY)VekNP_nGX;V>{Ap2rEOud^iUJPZmJO?R%;2KX?Y*7%mow&XU#F_yBy8FW2-}H=NMia1 ziHm}x8hgKcdVlh#7Fg3Gwx{ml-Xb<(*ZsjCr;x8rR^KM6f4)DSXEO%)@DM+FX*Ci= zF{#CrUi0n|i*@uXEkA!yUFAc~UV5^Q&pVlN?+)gH4#5FIkdg4qR>RP{JW&ULA{eml z|C@$T#6!wv}*#$*()fAo15?5dvw>L+0bR1k&_EB%G6!J zo7dK!y;cp@65su@+dvb9nQ-KqUmNNa;)h6>?rHym6zWPXRAZgtc=# zU563V8K;q~@z#7P8vh#f&t27tLbrJh@zVk9bR7}(uKS%jSuz_dtbVNzg!PW=$rXAO z8ux{H>+fU*@cP00z#uj7X)_e+5LuQfOi*p+k1^Jp?{c~!QcS7Sn(dTwN$GK-!{{X# zY5m+WF&Q*<{sqYCWtm*@MTp-eqYo|`>FFKw^W4!mo{7C0KG@gme5yJABVB%Ugt!{6 zHS*ASK%$XheAgDVMzL1}l!k^rtJtcmqP=LgmnxC_)urnnZBiMY?E=>e{>xv~(LwS% z5l!^&c&lV5?^i!t)W2A0R15eWEcf-CBlV0c(Odbu$$+*~HNbD*-})52hqcMqhF;GUskz; zUYnWW=eao^Y0)f|x}Ctt`#3cughP9|xI^7iY#x@dH%+PTe>(^$8cPnS{Diiclv>`$ zDzuchkQ1I(SOl zD;Y4uX~H~BmlSr1-w<~eVDeu_VP;I!D$b;T{_(Qk&Q%I7U!B#QP`u7N;uOFWGLkOXhp-w9$%G5J`&KjQVD0(X(O_Yv6c3xXtgI) z@wWJ@;<=h)$kZcU+_2q@fA|iohnSz4Hu6p}Qjk;Lo~n=2yi2b^{fCp*!sb!ypEc&m zcpjruZk%PRVc`2#76vw?=NU{*l_$v1B#TPQ<-F9UE`O2^fW8z*$HrmapvL1-`-L%* z7FRCP76;q1-fBNiOnl#LXAs}^aT{mize^ZJ{34uL61I{NcwT}>VfjH<`guVroEzD% z@xx_ki<9+Ohfzg__j`AQd+1H-=wW8K3s_Y7ATB5jlgbej9phbTAJv?3*BItLa7y^l zQ{Vs*5}QT-aLI$88o|kM$eZ%Zp?>Yumw}r&Ox+t)&DAQ{t{{8WU^@mr`J)B=FVvxv zQA_>oYKYh-z;fa2s+z){Hv^less5#Ti&F$-<4joNFR5R`G!#{gSK@Qi3M8mYiA9xw1ZH9n?^=*HF41NoN=7N{wh#Q@K-M60k-;cZMNY;Z}#;&5JNroj3FLvj1>8 z^}Ewm0l`be+tVQ0-IzuM*VH9I1V``LlsRF4G-pTzm#w2-J+t(A6>0pJK)mB?mhZH| zL|gaLpA3-i=P2F?!J&xG62z;gSOKk~`ms1}jvG$u2Pg-{A5%1@Z@#BwwHN}S1%UK7G`8Wcp7+R(N8gsSC*z`D^M;? znlJh5D2tm;tikNhbE;nzE+J>@aWk~{O1z9tQJ3p6Muimaq(C^9)&}GWi zK$bUH3A1e50D0}*wJm=>?OO9la3J-JnS9hN zkEQ-8Bzw2cFh~v8(Jvfrq<;{>sQHZ1pclWKYs${+FOywAChNmwLWRKTnd!jq;Tzvbokv zk6xrgs4R(IK1zb699=^{8ns?&o+ntLfb)d7?1|W<<33I2=?u ztcRV{I}K@RXlq5uf2dl&p(=j&M4pPO`d%`y`wS9S<_kZliv5sJf#q-{|LEz;7(`NL zQaHeOI6Hu30xu3v?h1NXKa|kZng;hH3&nF_DT+1=>6*4IU=q(7B$n+ksCW!nrA=3n-){73{@q& z{1F-2hQZ#t{Y=cBBXT^)a|^bdNJXjy*tpfSTXkuFGs*e>Vvktk!*`uTE#H-@n;*MdST2%eb7j)2gIGTNBLV_6y(1FXjW3__+oZrYAF{t}ubrqE zzfF7l?0Dh`Hgx%r|C9nzj0tD%o~m{ZvQ6jKQcn8dtGZ|IzBq09Vqyx zx$e?sKOx~SBSN>{4twONZqS6Ln_Vkra?xvqJ?x$g>Q zVyf4J^lvplkiW$%9l-&;OKa*CdU3Rw6|~oJE&O%r8+}6C)))f%k${$+(f)kC;nc<= zg0V4BUw`(y_8|mN;gb%={)_ErV2@TKurUeLMR#`05&|F2hsLMXtVBe%2juB}eSA*l zeY`C)($bsQ*_lt3v94zPe4Z~4cE>x5;#ms*@-dmgm)LcFXmAX5wU47)YX(acujAr-B%!iJ(1P>ZdDC)z&F;~Bb7GsIIxHj2uu=kGo z%A&}>G`>Z7Q3FlY8f=&V&e?l2|JJM^lj!O106 z4u(vHpYM%ea-F^mr$}?Fbe+JLUfz)gdHp){^!%wYea_VkL@Rx%Q%XaM_wca;+_05| zpKgIM-q;wG)c%n8U`M7GhS4@_MvnNUAUx{;y5SCU4%pLbz}+eOIV?ow`xeUwH&o8b z`egyiu^7*pUe)+S!&z9~4k{*!p>^&kGfRrTTD(Mbrb39w--{2qnyMdO{^59Epj zsij!3Ti``+p2&0vHf}pSRuye~L-i+ud|ud)lTJ_VaI}#=Ri$3)2Rk2O50C*Zsq~#1 z3IpuJl(~!emo)b^>xeNVhz97O!jm$iPJA$Q5?UBGJt^s{#oRa4H^Uwj_D6BuQ_e7B z`A%oObOje_`;8>1``iB0XQz&*^bqSf%In&>0z-IYvY11&qz>tZdd%-K9Xw*q>5_yl z#tgGU%Qn0l$mc^&gLZS~LuEw$ZNzFzu!FoE28<8Y3g+RYr1fh<)(LUn-51HF0djm;%iqS-YqQ2!!a@RV)AOm> zD-r9jk+Jg(V%!In6(` z%y5i9JwVg?+R`gD+2uePKiiF~wW6?MXC=sKY4P{g`E)|u1-Hl>#dMr|&N4PAy9!dNJ zibId_=QexUo`f#bC7mgM}*B}_55!IulamQx!rxSJoQ|8(!Y zw4C%fW0Bf(WMYM&9ini(4ODV=`{Q3iAYu+q^2xZ2JKRw|k#8x(4@D|)1!A^D(eiVu#2dcbWa*buffZP;_NkFP>0|BhqqcpIJ_!-&LrV&g(q zit!n*g)n6)ZhV~9lxayi}_6>mRLxz4-+uNS_o?Z4CNHb4LiiX|eoGIbLTZ)d# z$vZ%obf1u6mfCkj=iR6`$BL2TkaqMbbrRgOH#`!%#TE4>{%&9wu<9;BGFPs3i$i+s z`cagHj>G6TnVUH`U@}B+<7cY*(IJ%66_xZXr_w}@Xpn+D|M5d~#$4Pb+Ags}e%*EB ze>_sd#(cHbjXM1OOrBW&Ld989iTi|L^%HM`sx3h(`b-O{3UvhsaiAYCe@~k9Izt0G z-Xvtt3#kYxjzBe6rlfAh^>m#eTi4YSzr$hhqTl+LEyj)Z!+d_h5buaa9LkMO_9l!C z46&SR7Is6DIA3wz*BJBWdI0)ER?e?k7uxGl_k=(A0Y3`C&PMV{$=XyL<8=A9rpz}M z(c?{7#*YS<=cpHzwjvETMZAa*3IubP?c-37^W}{T-lcr5aD)JRBKI+`{Ax;>SH8vr%ys39NSb_cCAF% za_zvHNibPzhm5@_j^Ptm=(zhxC32w>ghB(qDaoRa5+@C)smk^xzIX5HT{ne)3DFFH zkEPO{O7$T7!OO4ThF@jGKO)_urCu$J3j@wggJNOz8nZN~)DhpS7*c;6k;d7JNH9zT^0{ulCzR*8Pv9k`;M$J1rhd zlhE&OKzO;7*tEtD<>TGBGPW-X;oG_+qU^o(Tako^91IIyhOC*i% z@hyNQ*Ye&b`j%N*jc zj+ryKQhaUZ`ehP$8CQK_9m-<#d<{!*EpjgKY<+9nD;gm-&6*17(e|rqc z6yZ#RuemS9voCFwA1c1#P#r`zFt1)f5;v^OZ0J)D1fQVV-V+Io{h{x=8+abMi;JU& z;7r%SNQ4?uUy8dIOv|ejLvO&imw_z&ZotzC2HiYo0oP%?`RZy-=jV=ya<-0KG{xU; zpVJChMuxCg!K+pX5qftXap>`vDkYPPTavmz`S}3ta3M=8g}85Vo6^sV(Qh?~gI2f{ zjdO$!+*`XdQEd+LnOn5Ab#N`p%aA%J)ODjhzs1>^S$#jdo_28l1FNH*?gn-#P5^BY zlk=C4^T$hBd4+PVe-0F{d2spGR`Jz-KP^!Dfj{P&w?}FveH#ytW+FnYZK$LKEYzus zYmv){c)=*Vcf-GSS{eub~}gPB7944NXqk zOrDO5CDCyu(2)6_FJ@wmp?|!LyY#2j9paBKwz?sT<|}%|>%Y#XcQQA>x<1_nw3f%^ zcx#uwLkoB~VyfA`-F zxO&e0*;l+9Sh8v25s8>l|H}1snH=o%r}_6!`qLVg+M~jFmeF{2L?jGj&%-Bv_LjgN zg!_xcG_-8YB zQAbxrd7t6bcT+G#$;J@;qBD%;R|?GFfk{;*BE{2jnhK`TK2ab@PHtYzyev26=QDco8RTW-Izl`JkIY+8f z?a$3Tw0)tnQu*!KsBK<7KkpvcG&{`CHow0-{b^0$YHa`VMEr{?9-YWo`(?||hTtt~ zaNuf{?$g7z#r4yUbG+wy2Le+>c>$vz&sVpP`43w5589kFmkR~LG9NO>{oJf%MV)>% zEwZ_9<%l9wMdSh4CBf&L{^r7Si26G@m_z((ZO-6&*3zY-Un_;nTpup_WTGRrJzC>Z z(Nc$|n0OOI2s|pjTF~9|N@EG|fr*OAzqh`9t4ciJY4~=rR^^w;gX3j$GHH$9GwV@C zng$P;MtHchxSgxGxLu^e2Q&Vf`I)Js-TfWT(!N+87j3IP0X9H0&xuQLO@T#4 zEI-F7dk`a$F4RT>3gW~XtaQa3e(bv3_YsZB?t6(^eaU+0I(QO=>02DOEO%561y)hpS)Y zd>T_@`}ZMXZ{apponN^KrnvL(5$Lw2rw8;r-znQ({e0hXbDo2$;2ls{dRm$nl^1(< zLbABy#cW9&vFirs|Kz~m!=PtDsLVodav*vEA`5#}WFl0vzW&>j8n_1{kfWD%(MPvr@*s` zeJ%#L-lXW;8W&4Yxn(r^sURNMYY^;ZwQ~9RmE1G%KFocW`riNq*k5yELCx!z8Vy^D z3K_gU2cCb2dDR;ur8LH-HJbM_0VOxO`-CIpyrU_7!OD@R{g(aUUp-3=ED2D0vZt?aV3zqAk=*yX)S81{)~}%Uza_jw5(t-c2~;ML z{x{7P5H>@2`!EJ`?XLia1A3kYqMhOGBp%Fuo!oWzS7H7N{RZM+osD4%L?1K%=t%Nc z#S=V@Wg5EaUJypz_g5&Q0#UsfUbeY>`Fk%_d5G#|IsiK!^Y7&ILgYIxqo)J)R)6&< zq!7W5>J30Z>MxS`|LCUcX2&1cA33(VmqnTos!7=*{?4H(%pCptzW&p0tl!tcchnZE zFbhPuf~f!I3v+p^KkGkr^%tpET@QyV#XmIE1s{I---~#9;jcO((=Ca=jFECM8uIR6 zItZd$LVndPb^i$YD^tmYR2zHques^lR|(O_q&NS`xA_=y5&kuY*d0W&1V@d~^E%C@ zkZJ-L|C$GDBi2dQBg>(O{j-FHLT9qSdLItxDojWo@og*#;y?SVliU#bE9ZfzqbMOO z%tRoF`R|ELLwkJw|NB5)y-Y>U6v|!5usa>8uF}RK4-?7BLt<&$Zz**UzxKm#6y5x& zs=-TJU2Q!+{?!~LV5vAWhldi1&Ot^B4cHLX*e8ho_WV<4i{}QT1+YCqDknhc8!B8 zuqzvOXGB<(UcA%aUwND?Kd`814mG6Ury+Rf9Q-D+0Gh{8xAlvr&>rZ%9@pg483DGV{V z^c@mEj!8J>G1Pv+>)+N!3)FdlvSoUEr*Eh^`Elcr4#)XJ`QvK!LkD^OZJ)d)t!2PS z>DJ(Q;Ntbfw;K{}uYwh$1gLvu9oe&pMlK_Rle>uhovC}BaqKBEW2@X95<5n3 z@W`}}Hyib1qp~g zU{%n}I7mY#uJa5^+Oh(oQqW3FW~C}|9ivv=z$Dyb%x@Rcx%JtX(U(nAfY5M(zIlF`l2sb5a*#a;dsWqO2slir{I*n^Wg z^1$wzFpb^$>WT1}$VRzKka}tUD04{hBzVqPU4iEnb z)K&y>P)m=?9^_^I_)W3zQJayfeBtbLA}QbFnojgQnk{R6E?K>q0Rbs)2= zn<#)mvFnN+WE87*QQsHkJ|rDQiz~(#6)bH%v?jh=<0K*~8t>n_cSu{6QHx>^RJ=9I zpa=%U1QyNZe9KJNq(jeR15Sx$+A;zSlA!lz$4s;|RLqaN?e`7cWE{G40*~8>f3-u> zqN7S2blU@C1UzwBZk^W74FrqS%CPr)GPa&k429Y9ITY;YuX+NJgUjGOkCUF1D}Q91 zQLPWHRBa^$WbJK1gWvSQx@}Nc7Cg!h((P|ULy53aH=0*BqR)vY7$fh2U*_c^PJ>T1 z-h``VO5h+ZG=6eDU9i!8ei$#JE!%uNnt^*s%y+YU?D)-AaIxS(Ki1NX&ISk`a;n0> zGM0xg(FD~ti%=@~19)M1bd4r?WjOJI%C}Hv)LGv0aEiWYe#Mrn{QOhtI3AoCQ#lTQ zai6VKpJz)`VWv#JXj~|6eRXHHxz^BQQ0wocnXTu=A%D)_>=qe`a)b4>`LXY-!+vyU zjLjL8#o?q#zrqHI+%CAAQ=mG@jvcXF_0GJwu;J@KH6#7^TQZd>4DrJy*dtp=GAK?# zNhrG&lH`0ZEQ8O}C;s5!2=mtRZOB|c+zb8No~CQNYMy}WC^XDp3EMG}d7*DH?a(by zP+JD`)g3S7>;4(3M;p3xBTn>K*jM>O1_My zm$Yn(XoaKKlVtWU8P#n(Mv75X*n3tw{BG z33KDVsN97@W_>c11M=Q?A)Tpi=*8Ay!jlqvkUA-}m^F+FZLkzk=h5U=_?Qpr)6oE8 z9rvB(`6A4wAsafwd4v5^Co>g}o4dY8CfF&4`L1-lNIMk@C0m zx_SVTqk^XTesCT$KNn^r!m3z5RhpAitz0OfQMXP6eVjA{F30T>Ky~%N<|YM8qYcF* zbS}Cq7T3-_)?MxT%{Ze!=Iz}KW*?t+o^^)D%$`6{?Fg2DZ&?_f0Fj*X9S}j_USp1& zi-$YQudM#$Z_-}F?d`oXMgB~L>sya0>Eu}Irc@N}AdaP~RH1!NsUxZ1k!&{VK$~JZ zc-TS=*}0m>_GMYM&yx}}jkMg|-?(v{5uqc9QXM)^n?C`Kp4M!dW)I@X1BTD+51f2T zK+Q+VO*=t`ZMsvGnYX1i5~i#kzL3{b^W;^OzGJ#Kn>VvtEsYZ_s)`7w&xc~9+w=66xerS?Og-<;P zv^5Q6>j3H)kR3qcs4(cs9vd9eKupJo8?vam)!%k>!RU68t#`W#y@Ep%hRwCBUVKV~ z9myukoC;|!+sU@(C7FMga>e(->+`s!-$T^# zmeWR442XX?eMzG8)U+1KZfR}!gCof!A{Ye^EpnroEJ2Qng5xX)gKk7}u@myracFU| zKM0Xn2J|o&j6O-jFflS>@f-T@D)FQ|-~T%8JpU?OzLHIMdOq2Rq#UsIWAcPLLZ22Z zGbLnk-&Q(A48fh(^j~uO>jSik7N%gEksoUT?`{n^L6E(LCuL>Em0{^-2$GlHpaxge zXJU_pN`4~{`ZIdRd7WG8=%@R{gvYi=U|kvXXAt&)%5+}Ccq!5_XmH^aU-a@%YA65c zlZ8T0BLEB*6JB0f8IDFqen`*I9e^m&Uo6avO9$qYgDYY10_e+R4t0sJ_jUb@3fk_$ zkZiSkhWxQ#X`4v4Uu}EBPVM{IqoDmUdAjvjScrUhK&73D+hxA{-TX`Y9nt~&zC3R- zx|~AVbI9{By@+?O+ZbZp@4sP(DaaMB41QIf}F|7)cO`CP^Loz4qy zFx|&H$TWn#TrIM9CgtNe7(3jO&>X2_KxY#bv*-iY5I_5Vbot?+8{Z}!e6Exi4Y5T< z)4DarHK>BM|5e^w2F2CA+k-%GO@QF;?(PJ4cXxMp0s(?UfZ*;B+}+*1akpSW8)url z@4fT8HC6NRPEGy0_|kNrv(MRQ%X-$cp4BHLz2!(tVqq7lBup2rT-ujQI?oqlqANZH zcfCBvEMS$mY8ykx80 z;dT<5%`t?YoOCjEF~^T25>6k@_hbU04Z)xHf^HHN9(w$M#7S}XrNgo`0eN&#yUnt2 zCpmz>(oZa*Qt1P>zkUgpaKr#%jV}Vn&7=1a_T^lbtW%0QZm2M}?AV13P}OQS^1+D0 z5awM8q=l_@jTA8a_F&z;C+4@JcmL*9YaMT?D}?p=!w9Kj|ZfA(LN=H4$0|H z;t`QNkW@a?>1lor(VmW2vfUVvc*cqp(cYfg=H7ScWRe&A53$KjOU#@ez}bkai0PfY zoldRe18<^gow0=v8IgMHZ<&|KN7fRw4TP*ieoH}<0!Cy z7}nOF(C85C*eQ8*(Fc{`lO)c1nF1A^OtN9kptd>v1=~#68$Wcu<~i16s1psoUd44# z!dpkdRo0xQc%yv&^#w5)m2jIBkQ4YZvixK9Q}yWPCa2gPG^vN)Z3I9Vpy>-v5)}?C59bX;_QgF)`c6+8jlhZ-b);v>=6rJ zmD=L%^(-H}PoJ_3lyea^&PBwbf+!eH8DsZPW*{knja_**-?0>YMh)EjX+bzvlG#EQ zhIzD^8#8N+ZBQ`iXTOCJM5SmqNU_7CpeJA_y!|if7+5DrKA}iUUAl!6fz5HMn;w|$ zgs^d%R|jo2HluqWjc3A*?9y{Y!W@7Zhh= z3jxckTI^hn^UWR8Ct z-ld21SI<5`&4ri~{2lXiXTs%BoH0HfJZRth1mRwl8-*k2yo>9CVL^7z|GZP6q~hkX zkyb-fE{UZFGNECU=9bWB+gwjV})fto0%S9L-8pN8frr6!d9|e49w+=X*TpZxe{w? zVUS~02a_)1F=`%P&?g<|1o~5v*p-i=ly9=^1kL&3h+kZAlk^Ck7f>*5c=FB-AUP5@q@Y<3*{8|XMx zh!L&OAi*Ejut$=~t1o$5;yoK(`MD;q!>Ptj5!R@2c)y2)0>ZQ>Bd=5tM~QK~e|5kF zVBwor8kk&v3Kovvmg);R`B%bNcyQHwi=X751c^g{_^`hzJ5aKP=g0B!23Y+*wLvL9 z2q93`(KSQ0^sC|d$j{BjFvK<^M{!ftZ@KHeNmS0dnL*u3Ea+zQ{of`ZD%q~AH%Ic) zJnhKxiILzZK|U>r-}$UxHlB`&D^w=fLs2My5KDi*`Fx~1bi_zqx?E@sx8P}?zkIbl zp8-u@WX?0r{@^XqdPBj$vY3aQ!GrsjmhKCJ!YP4$h!JUU2U&4hb_MF2doC1)#NhLy zchdzuAh|OQ{*HBU?V)IH^KS6VXbJT)q!|O?#q|66qhr7X-scLzW$G%o3T;Kl4zBN7T3$qAVrC%FMYT=P73 z2ES+Ye^3!1Ja7&NowqRC;9nS}P6BF9nur_g{dgf6N<*Oh1LMY1mVHwhiIyQ>XZt-sWMvXdBH>A#jl-Kk2iN1_5j8f53^(|^A(F4be&dka&S zMDMk0<&~(Fzd~CMDJY@?xkTOsbf}>Ft(lzNWTlmaFZE#FVK_5%S1)%-ykOl|#Ai~} zUZr1rI%E7>pp6;a;$6`=TPm@p&FRtP&AAA{q|hO;{a!)DMavhHybG%C& ztPxPSL!UDVn9zdq(D<^QnIl6eIak9Cy!fTnnbut)pL>UHIa6 z9w+0kU!=M}VXQ37{4uZ{C2ecagwTZ0hrbKE_;g0;UW~&r8}xKr|BdeszsFl!GwxDh zs0}L(DkvuUMeOp z3rG)VJ)A`eUhkv{Sk5ykrpoC&f?5Xp$6t9lG9c7XU&knUHGw>@yrFK=+Cmo{FvmdD6~fA z&Tl_AhonbgF%dL7o0um~S$`isWWWI;->0SDdwyy`ZGl+N+bzw4Azp#b*EQQ9=R$#- z+iM9Q;50mzA?WUq3OT(71wyO}w$f~%$4I`}5hbT#7j!$i*rKMYS;ZY^hbdXYZ8#)x zis6-l*k2Q6TquQ%>z2!^Pj4sE@!2G39bd`j_w4)j`>SF_rsA49I4`N=kbk(^Fx(%{ zr|}l^4R>-^-TLbeLfE@}Gtodq!;pAVpyxcGSFFObr$8{pQjd@#<7Yg4mX^=TWEp&QxjQJEFdB4%Q-lf%!C8RHinEa)mTUTMtnd z$2q|=#gT6CEW`L#QGU;dj?yBRKC$glaie;%MpRSCv+Q2b8Xgh|swb>g7xt-}t#f$wRny*l8_*Bnh~)(KC~0u(sR-aWGqS_Dv!iwm%UZ z@s{6)X>b+~qk?U~{O4y(gv{bFzZJ-aPlqSw@10||)?b6GpHlP3b#{B6y9qJvl=V6! zOz>i(%4XtVIh*d8nw)h+l~)OI5F#jabr_%hb|a`KjUV0qP6_-2`Iy&;Fh3Z%a-@3@nhY z>|JDsApT8Q7CY=&xvzQ;L`p!Q;V%Tm>sv0`{Msuhf^%@l9EtxKjg*jWv;4lIfD{U3 zz$QXY+4Y*s3l!x9d48|A`{Ox2KK=wZo~Deeh|%HEE9o0~Z{_Vcr<3(11&8JA;)g;3 zws|`%^{Y#+vfTOe(ng}vBbmVX;i7{|7(s}0?gnbq&aY`yU8DQZ4-{lwPDC!+bK zOf}5G)^yIiTcDykD}ZCOrf>qW+yX4!_fRQDENMjUEVZ)nAc?u96n!I#7yYb{zu4xC zbawRTTQ*iS`*@_pMQ8!}1VKu60Jc-j(CsG7DAZ6f3r?fehoGqO9iq3gg%yu0b~H=6 zcd3%-&3^2mZE*`la5DYlYfn&n(ARyl{mjyM2&4(Ma~@zqkCCw8I_Fc2n8*;~j$8xo zlUe3X3&G)oonDe29^;`&gPb(O4; z?{gV41lq^)VaO1y^f>j|nD0r0O+(WqQBUJ{21R2(JtRfH! z!ef=tQB;BivWCR#(U>p*A_TRJ6^bp3j|v4wGg#~xgxj=PSnI;iGOyF7i>XoMh~t@r zrqZmK-c}ws(KmE8lIZcH;MaLj#cvDh6Kc5)!go;A$FABYH3-cAK zG^i%fmLn!hS5`^&BW`CD7cLd~ z9-1~rd2ES2EKprwwNc!tQhj)$<<3r9bnf4u?+-2F8vmtGxO~q{tk2F)&Aovr5-|fF z3pDYo`A`f$kk>%DcS0>6I%mC`fMA6=#LHkq>OFX`l8~Ki9QMbfXphrU*>nQoh|Fy% z>uR!Q16aC#p8>~~6uA0WuwNsG)Sosb=(PDv(AMe})3pbwX;VqwJ(S4ti#ZSjUQ(GmxT1u}HTnRfqGtB@N4z6T0A0GP}&6n0;kJMu- zf`xuI8TYOQ97M1QCC&nA0dXL0QN%>F4xm63$f_efpR}4sVF3>P z65tMU%uC~{ve)_%(Gv!q*(=St_sL71`ggIGyJifTO#05>YwoaRs+3qu>F9a*4#OK= z==?%on89V>xPFD!dOx%Z;mokp(BF;&YJb!Upc_30sub7_9WA2>_-%TCWGwo0>-T_X z*ym;zR`a3C2&spM{asQXa!-zWg~EqVHF^=#7S5+r_`QPNCrd2~L$WpN>0En1WkE~d z{zKSn)fk~oqe9_}JT#i;jkdb?lc$6IoPcvnSh|ka&TE0jMT+-zAsXSs)X2|gBW>js zOh$qAi>;a;oG*R7d|y`Q#>IXNPO4Z*t^Jm!JxCFPud5Yvm$qi+*_yFnF_Yd~Y|YyB zk??O3yEj1I4?<%eRB%+ zcFxDe!O0uIb|>4@aS4oR^Bpy5%FMhi^bef+R|H}O3##@huS_)YF>LK(W#>LyZi%JC zN^$106P0xpMN_9OJF)vOam_EO?ow;2MOmz{fqyvAJ90&zL&B%d^v%BxDuxgf-$6Dh z<~PjT)PJu=0%VM`Bl-Aj{}TxbH*zc(5V zZt=25;UE>yK>vG(k>p#u^qr|3+$TyhV1F>We<~Ua{_|KA8NuzZ$}m5HVyM6Wka-tt zd_#TuZ&#OU;nM$;KlRky8PWGgz7Q;X`@K%c`>g?vKIOf5&!;1K^WR8Oj&iF}z{<;Z zF4#&F_MKX0J@>WOv{%=+HMBIGeFj>*u{@o(1Ov}xeM?)*c(8K4{?hu^Pd=$ zE9ie3;8gz~VSr=uKMZg*{x!h)Z%v*cxCAyjFuKeBK|XRQF?|um;NSW<7gSK#aV)sE zla#Lhc1%$w){%LZpp)i|U0q{T6EJSi-7Wo0zFkt0i+z$F{X82`{@gP9-O|0vC_Q5_|b z_ABF6s<>MPt-y^+Z&0q@1c(3*RWL|s4AfLsndzCFIVCxkfLbvF;O{k3_oMgvJT8z0 zQ7Sv!xDWMy=<}ELq=A9Y9kgS#p07%1Ti!?fS7qg5g|V?iG42)X0x2xy);4HCyAr7& zaVUr&{p-&%&YQg|lzBx!YLCZbKlluT+Q8fasw`bqNtn%oxBL9O;lV55uMd*frDJ~O z+>q)zoqm0e4PLEh_=DiEe}RcZaw8xxK^yNbFQ-+*5-o#nZWejETS{&Q6;imp-HK^0 zANkrlskFV+K=i&<#432-1qrGzLQW*w>^LC!+qHzMJM_G)J7hXSA7k~=oWF08a5PX$y2=(#&c zKN;PL8q;eI6RES;5xSn(hS?cMg7lmPRiP+Mqa zpjxxVZYwcl+%D&A-+7Ge9azjiw6B@%5Xv46$dd#9O_~M5-xRR`@f?+oLU&gCxt&wy zT~LLXd$M|j15FJQ*4!&jSV$;mdAhlkd7d3WZl4`9#AH!p@Ebov*|iaw2L#Aw3^RQG z>j~nDh}zRhkQcG0aF|5BeI_}op|7UV%)-#fm8T$fadFt->7*@4plplKOV29XhMNeJ z-NGAwGZDJuZ}fNq$0^%R!`*44t0j_c_BJV!(>|N8^AQQD(IRRQfBcgM(3bqs9TuI? zCleK_FlqE8%$kletd=%vGip1>R_S&py=#j_7`HXsR3 zk{Sd%5>|;1v_vF`)c-8!qv%G{=5tliFzYh>P_mI}Mb z(fEV+8Q0lfN*E-7XM;XpNy3Ft_q$wWqz)fR!1Q~%`aSrqXNn63Tvj_O&x_&?9ewR6 z5d~#B@?WovVbA8sS5=q5U(4AQSm-jlHycH4;G~613+EfWS!yI%Z`4{=SMVr*RHNW} zef{Lh0P^gp_t^rq9q(2*Q38Up%v8TU(hxMxhSCmGE?lewLi|<aco9ERD+gRyR%@mqaj55Em_POL}DHD??Sl<)a+vCR;p$f^eNwb(Hq$?p1bJ+ShD zTl%b^KF=Lxbm!Je`V8iU62G@SX)DGIopuls(`-Jh)>tEShX8G-5N|)bwKvJ%*2&cc z&0_Vz_7VcQPVAE-X!PU>AW<%+L2|?i3ll=8Wwa_CK2KMMN+sIdEv-=1Z)li*{+WK8 zpyha{Uy@zCgYs@_!N$>K6@atwx$@D=CabSnBT+4dK*4ST(@B#)6a@b;u1j^?ztn+z zC9+ieY8_GZmeoa}e_KIn6au{W)^ht7iO8RAxoIy-ALZV%o0U3_zajgeuJL4N;;L_ z_7-hH7PDr`O1>b+WW!)oI;>n~8EO$UNDf^_+WjNds(2nQm%$*o`!-w#Z&)&TsGW#Y|4 zliX}qLY-_F;LE(HXztVZno{eoTiNFKkBw<>W9$!q>Iyr&@)rRI1Yk9Bz#~7R>+tfv zYIrV<4jSsln_DH$Y`_zDuP7RFG$i91gYw^fmi&24CcZ)K1Oo^CO~6_*P|+S#o_GN#^?;9ZC;rNdD)Q-q%xlXF$HnvWH~xpQ26Qb2 z&A+6%P#}oFAcz!mA=xk!=M!%pZ~CDU1PKF<{1wjk&%9D7Cb;~&tZky7lKR;HIl14* zX&yxSlq@E}NeV2(bK3b!+* z<*23B(xSjZlYD^EE&s#=8U>|ORh>Hn=Ibo%A9Q{FB>Qml5xXYQ4a@6%@|>0&L_7lD z?v)iD0TvSP13{iB9EPdAAA~mhLAL@TE3vO^ytGXf!F7GPkMzF}hL@_Lz}X=Mjx|(# zUz|TgEV*sUSEuQ`l$xE|{enEKF211_= zasT3+h@M1tm@4MAywMGu;Lce4f@oVZyg^=K9X0z6uduPK%z5p@@#3_IYq7#-?NduJ zN-pXpacS;nv_iZX$zfD_s!y6j-boiD$$7sK6k#E0;sOu&(ft>vx-z|NZxW60*Vpux z6dlOP89A#6ZY8tGnBi(UG$}nj+ZZ!>E-DyAhEQUvggEZ45y<`^?sFSGy;yrIi4R=y z4gP6VE8L2I&Pyi!kX+oUyo|Ye5C7_jg@No5Ai$7N%L~7)kwUoNL_2siG!aZA<#m#D z9(F>MLkW=vRNM#}>4j!hrUOmj!EP9dx*g%7t}V=aubmcE%9I4v zUZ&-oJAaR0lmhMpxD2tPQIIkGcd>5*%teRQC=mPP-CC&JFupuu=$#(}bjmtSE%}Xd zl5c<6#Vg+!2#l0^zOgpPpdZ>iuS6^q?C*rOIS_$~R)iq%Lkh zJ|>9f>(BYQ5yZ;qUsH8o#Zvruwz(!_n|suok)K7+cAy@g@}~x!q=+dLi}0G?+J|>$ z=u=RykRgVMkc+TZ*E7tN3UTh&GFYwfwu?yukI}xlU=yz%p{-8HAiiiT4>XpDd{~#k z{xtoVM8S;)NyTQ&-2+onmfGvmVxy?Og{IWx64^s8_)8@m_txy3#6{Scg@K@+R}{)N z+%L!w%a!tG$G#YaP?fv8WNOh0Qwdjj)goDFP9XyuKb1d?0izkCp7!OWx($g8rQRnd zl1vk_OjH-QJbghD0*7nbpPnPhhJB^;Dj6a9wy|YwGlX!-1js@;InJ6pAmp*@N!sAA zCOW)dlnXSg;g$1!R5?Vko8S7SdP$ZJ>3L^QRPMc&n=$*9qHq;yj5uO!r@eiH@mYH3@)~OWv=RQ6$)_lN4H;fcOI>CN;KwhxT@i+S* z(%h!auULGxR(m!WewxW6kY24+=wS{J6mM1+?QUV}upd1$7Up&)musJ1kw{Zg3#+Bn zFD}rSC~K2+)3gPI@*mUMT58%#9Lar3NOOtJQFW_BQ}Kb4GTRqyZugDJN9yYQ9W-C( zbq9xXNp>5msknj;k4d>IU1-F`i@O`A;VRt-aAVLaP~vSg`j~JF9B_iGjx9T07Ifb#UGhko1&ZK$7nw0-h4Ss<^U>} zaji---a+EPw~4B_wj|FCPf;;7)gp*4QLa&s<>jj`hk3*L`eyjzv`N|)RKn|RTXose z!P~C&ZROVWktxzqDX6+(R3bwY1Haw#;fB>%tlmicxQ{l^t;vjSqyLFq&Uh+iOQS*| z8?gv*R)=sp zL`1#N^;zODS6OIz)i>vlt0cHwUwluJ*a6wFAXgC^uTsYBrCx{ z4QKSxC&x*95dMekutRH+leeeE+2adLE@jM3X zen`;LTFVP2L#$0bA3Kz7qQkPiTD-xz0L_&=PZvE9lJt7~Q`pPSwAQ!1Y)~s!y!V}a z9@p3)8uP*8_q28b9Zu1zH;(Kt$jD?#>C@s;Rv*wP_Jp z$Qjljee|*zx3<={OfG=yJ{-rR}xV#F~v z#D|%WJCHs+<4@6n+K77E!T6zP2{JUqPf?+30_nL$BzIJz)z1ivZ-9!PKsTjN%ymax zUHfzN2Pr|3kr6hNL(yrAe)TgCvR#l*vG`vN7_fXu+PkM+0g;4>_-oR}Bpz~IwJ+)In3U~^^z4EdZ77FhkIcX9_e^6etgs&uLK-_C! zvDKNv!sMpmXRHhk%!0KP*c(83o5&J7v8u}o$v2rQj_fE5F~!TkL$IDl$41AEq}h(qESg)Dk@3<;vgv5==uUepNp^2sYS;?BB-0u3QjMdBb55gIw!qS(y2 z`|%l2Y%t7+cb6k#C#~y<5BX{f@tKC| zs?YECSh}l2@EoNxH4aslTgm#;3+Ju#Z0Df1#qAK|(wW;<7z|Pf4Dv=Mrx(&}>ZgG& z^}53p;HZCV?R4$uw-U>Jp<8YLIf`~cca<^s=-Qh|Wcm;9;PWHXJAU)MIp{he-0-pW zH6J{Sng8hXh|a~ugI9)gR5vg<3bMWT+-qm(Sh)yGNqLn8z`P&$^1e39fBSYv!h9_M z^@8OE!ta2Ov;K*LyJ!gjo}guF_>NS;ATT6_uC4ki?HQK7s}Ml-xx_?EV>Q@c9w^~$ zjzKKvj$nuex}*SB(WA@MCC7A>vhHIa7tz-d@;@gpd>`S5=!cnFimO%lsRn&0EEEgL zc9HuF(BZfn)6fR|rT-{$aS!P49FZy|rPAE{F5mE|U*}RiV9UV&NahJ*OJ&L14Kdx^iy(;4Hrj-zSDY2IH3PM7^WpewBpW4^&?O-Dhdtj`#@K@wwqC>yD z*i=Yg#oo+suh%~wR|wgHSKJ#Ipi2^B_xhib8ivt`PoDuhs-s<#_Zc@}@v{*C%o_NYj zf-4IH#`HOQ_T?&2Lk7p)SUCPV4qZ(Vpe6U9c;7cT6DWwQsRMt- zy9DE@!r=)21PyIkNk$0TMoWGpDCFOqS8*-iqgq2S-qoM!yrwpua3D`scJhBzfSLb+ z>gYu9Bm>tpkmtutvP>u2xyHf!TgnM%m(r$1Dn3z*j5~1uD!9gMG5*9D0YV#f+IBc{ zpuk~l+ro$Kxr;nM%cspp^gd~)-pyR$lu(mCUkwr$Fx>ji~Pp0rB>o58ohg60*O?_n*aBduiMg3kbrS(Il!(x{vDD$#N zeZ5Z@6>ai-xTEN?b8@GmazQRK5fD%joSo>i5&A7e=VT*d@jY?nF()!KF6*eUe4rJ#h3oO=Amr#Wb7S#Um zzH84&Er7H46)}cse0$rk6xjRo%iHdueh`LxdT6ft8wTZTvwLJ7ByNI7^w|;REe&9V z0T|ItzefAuY*6o7Ne$O0iW-WO6+_b9r?0CpNj;-0C_T6kLGsZhQwtpdZ;sA1B6NN^46$A`tt;I^?^wOtD~A{-p(^*wE`z6>uLBtSH95PDjxGb+BzXUmcv#}E^U z%RKxsvJ@{CNge5fS+u#(DQ{+##+q$H7~!z3xD;Lg;}rxRxPLD{ubmYZ7>%Spu&pIC zDoaV?Nf{CjvY;i{t2u+zu}nZAJ!OfMoj*pKd!)WOWMy7vT8`R(wDXk{fLKz4qMaLD!r=w|W9`Bj5*djWY=e4M5hqIWz!7G`O@62ba z9$Q4VX)3cAN?GhuPSiW4XhF@|Hm3GK=8Flc~REgPnCDtKAsBFaQ*`MsZ)`NZ- zs!UAmjy>@f)l37jYGych;jn1XNUJOkE&B!cc-gtDzh3kK=v70E5aDGmsZVZ@+8=2W z>cs11hX^Fn^eMqsPQkP%T&ntlKr~l-WwlaA$3Ex|i0gJrpU6%qmi1``#BZ$?Zm4YV zZ&ut<8&7`2*jtz8{&VTGps%I_vo9os1U}*OUvaq^9+tW_@vY*DyITKbQg8rOh?t zBSX3dcd;o=kv^P-*pbQYgN5}c)|2GAQB=c{-xbn%DPfKCps_|1Bj1UvhKk5oIVN8Y zFQscIR(0nv+G>|fTq}qwJ1LbpaHvuf4HbfeVSJL8h zm4M!H6L9FI2i=IPnW!oUBRQ9OZGpQ`BNTEB za#$Jkqis!1?Pwc10e6*5)!h>@#pBypFvdH@8b}RdhWAA!Eg4Z0&ehe`Q~kdRxMbn3 z_^obfJdr!)4Zkh6PD3l}KI)7wxgNfBVX9L2PL3MGu<%9!6O%m{buF$p$sgpv zL1+JZ^|6GhxP5Ingf$uZwe>`j32y9~t&jHm6fR<@O;UOD>wLRif}P4?hl@T#6Ak{2meoO@NpV6qQlzH zfqR5+9*rM@ydJ1BAoLDGK7`=5!!qGhlK}o z#B}~PGV9=!KPf4HT~d!>=DE(g#Z%*)&Bg)@MLop(AwoibLtno9$c#Vf9cAiT)tAFd z*L%?J4qQhkf9VX94euwfSD(J^H$N+Hzehx%<0)vyjL_8P|=9O0Z1<@K6b zNk;*#)3^VX^vTuJYAwgT(Y?_qyhh3-1|Qz9dT;k}FIxTUJ4J3H17aITCPuD{h%4@2 z`@G3m)kY~9NqR|#uKdgIZyv3)A39?Jh(=37o~v81JkaZ@{8Q^Wv5IC|LLIYcOnuSfie@J>`XA^M;=aX zowJUXjt=Gj9U6Z++w{*-b~gTv;C|Ow9NP8Li}b+P_-|K{D-zFzb}iRg@)K)K_0H5B z&S4*T{#W?B-04!jIZ?HZ_1|q}bNo_3wEX<{PP_Y1r+tS{jBukK|Eu4@gl7&fg8p`6 z;J~NA9L+U_Q0VuBNuU6nkmAilTaMcMS3zkZA}S1ELT=CdyBr0GkLZ4{4F8-~6Av6V zV&KKplId@+B!EGRWp^QHL;a00CBTA=odmIQ5Z~WDlKn3?_h(oIj8Su2fS7*WI!J&J zvjXDpB&I?Emw>r^=~o)LC@T#{@3yAOMf_(dkbon4QImZ6`z+QeyI=m0t{l{x7#3IfMWJ literal 0 HcmV?d00001 From 384d8430d38422658a7f74643cfc3b6969fbd566 Mon Sep 17 00:00:00 2001 From: Ravindranath C K Date: Tue, 21 Mar 2023 23:41:16 +0530 Subject: [PATCH 2/3] Address comments received during the community discussion and offline comments. --- doc/acl/Extend-L3V6ACLs.md | 224 ++++++++++++++++++++++++++++--------- doc/acl/img/acl-v4v6.png | Bin 0 -> 55239 bytes 2 files changed, 172 insertions(+), 52 deletions(-) create mode 100644 doc/acl/img/acl-v4v6.png diff --git a/doc/acl/Extend-L3V6ACLs.md b/doc/acl/Extend-L3V6ACLs.md index c21948c743..e5d74cb0c7 100644 --- a/doc/acl/Extend-L3V6ACLs.md +++ b/doc/acl/Extend-L3V6ACLs.md @@ -1,7 +1,7 @@ -# Combine L3 ACL and L3V6 ACL Tables on supported platforms +# Support a new ACL Table Type that combines L3 ACL and L3V6 ACL Tables ## Introduction to L3 and L3V6 ACL Table Types -SONiC supports different in-built ACL Table types. These ACL table types have pre-defined set of ACL match-fields, ACL actions and bind points. L3 and L3V6 are such in-built ACL Table types. These ACL tables support packet actions like drop, redirect etc. +SONiC supports different in-built ACL Table types. These ACL table types have a pre-defined set of ACL match-fields, ACL actions and bind points. _L3_ and _L3V6_ are such in-built ACL Table types. These ACL tables support packet actions like drop, redirect etc. L3 ACL Table type supports matching IPv4 fields like Source IPv4 address, Destination IPv4 address etc. Similarly, L3V6 ACL Table type supports matching IPv6 fields like Source IPv6 address, Destination IPv6 address etc. @@ -15,7 +15,7 @@ The proposal is to give the operator an ability to configure L3 and L3V6 ACLs i ## Table of Contents -- [Combine L3 ACL and L3V6 ACL Tables on supported platforms](#combine-l3-acl-and-l3v6-acl-tables-on-supported-platforms) +- [Support a new ACL Table Type that combines L3 ACL and L3V6 ACL Tables](#support-a-new-acl-table-type-that-combines-l3-acl-and-l3v6-acl-tables) - [Introduction to L3 and L3V6 ACL Table Types](#introduction-to-l3-and-l3v6-acl-table-types) - [Problem overview](#problem-overview) - [Table of Contents](#table-of-contents) @@ -29,16 +29,21 @@ The proposal is to give the operator an ability to configure L3 and L3V6 ACLs i - [Option-A: Follow the _existing_ optimization for Mirror ACL table](#option-a-follow-the-existing-optimization-for-mirror-acl-table) - [Pros](#pros) - [Cons](#cons) - - [Option-B: Include IPv4 match fields in table type L3V6](#option-b-include-ipv4-match-fields-in-table-type-l3v6) + - [Option-B: Include IPv4 match fields in _existing_ table type L3V6](#option-b-include-ipv4-match-fields-in-existing-table-type-l3v6) - [Pros](#pros-1) - [Cons](#cons-1) - - [Option-C: Create a new ACL Table Type L3V4V6](#option-c-create-a-new-acl-table-type-l3v4v6) - - [Pros and Cons](#pros-and-cons) + - [Option-C: Create a _new_ ACL Table Type *L3V4V6*](#option-c-create-a-new-acl-table-type-l3v4v6) + - [Phase 1:](#phase-1) + - [Phase 2:](#phase-2) + - [Pros](#pros-2) - [Implementation](#implementation) - [Orchagent](#orchagent) - [STATE\_DB](#state_db) - [SAI API](#sai-api) - [Configuration and management](#configuration-and-management) + - [YANG model changes](#yang-model-changes) + - [CLI](#cli) + - [ACL table create CLI](#acl-table-create-cli) - [Warmboot and Fastboot Design Impact](#warmboot-and-fastboot-design-impact) - [Restrictions/Limitations](#restrictionslimitations) - [Testing Requirements/Design](#testing-requirementsdesign) @@ -50,11 +55,12 @@ The proposal is to give the operator an ability to configure L3 and L3V6 ACLs i | Rev | Date | Author | Change Description | |:---:|:--------:|:---------------:|--------------------| | 0.1 | 18/Feb/23 | Ravindranath (**Marvell**) | Initial Version. | +| 0.2 | 21/Mar/23 | Ravindranath (**Marvell**) | Updates based on the community discussion on 21/Feb/23 and other offline comments | ### Scope -This document provides the high level design in SONiC to combine L3 and L3V6 ACL tables in SAI on supported hardware. +This document discusses the various options to combine L3 and L3V6 ACL tables in SAI on supported hardware. It then provides the high level design in SONiC to support a new ACL table type called **L3V4V6**. ### Terminology @@ -71,9 +77,9 @@ This document provides the high level design in SONiC to combine L3 and L3V6 ACL ### Overview -This document describes the orchagent support by which user created L3 ACL table and L3V6 ACL tables are combined into a single SAI/ASIC ACL table on platforms optimized for this feature. +This document describes the orchagent support by which user can create a new ACL table of type L3V4V6 on platforms that support this feature. -In several ASICs, IPv4 and IPv6 ACL rules can be supported in the same ACL table. Further, in many hardware, when the hardware tables (TCAMs) are configured to match IPv6 addresses, the hardware can use the same resources to match the corresponding IPv4 packet fields without incurring additional hardware resources. For example, IPv6 Destination address (128b) and IPv4 Destination address (32b) keys can be fit using only 128 bits instead of 128 + 32bits. +In several ASICs, IPv4 and IPv6 ACL rules can be supported in the same ACL table. Further, in many hardware, when the hardware tables (TCAMs) are configured to match IPv6 addresses, the hardware can use the same resources to match the corresponding IPv4 packet fields without incurring additional hardware resources (like TCAM width). For example, IPv6 Destination address (128b) and IPv4 Destination address (32b) keys can be fit using only 128 bits instead of 128 + 32bits.

@@ -91,19 +97,19 @@ Refer https://github.com/opencomputeproject/SAI/pull/1408#issue-1126526787 1. Support v6 and v4 ACL rules with a single underlying SAI ACL table. * This will be enabled only on platforms needing this optimization. 2. Allow the operator the flexibility to choose when to use this optimization -3. Reduce the amount of changes that the operator must do to their existing ACL configuration to use this optimization. + ### Architecture Design - ACL Orchagent is enhanced to achieve these requirements. This design is largely similar to the existing optimization done in SONiC for Mirror ACL tables. There are no architecture changes to current SONiC. + ACL Orchagent is enhanced to achieve these requirements. There are no architecture changes. ### High-Level Design The following design options were considered for implementing this solution: - **Option-A**: Follow the existing SONiC behavior to combine Mirror ACL table and MirrorV6 ACL table. - **Option-B**: Extend the existing L3V6 ACL table type to include v4 fields. -- **Option-C**: Create a new ACL table type that combines v4 and v6 say L3V4V6. +- **Option-C**: Create a new ACL table type called L3V4V6 that combines v4 and v6. #### Option-A: Follow the _existing_ optimization for Mirror ACL table @@ -131,7 +137,7 @@ However, this mechanism has several disadvantages - Similarly, when the user deletes one of the ACL tables, orchagent deletes the combined ACL table from the hardware even though the user expects the other ACL table to still be present and bound to the attached ports. -#### Option-B: Include IPv4 match fields in table type L3V6 +#### Option-B: Include IPv4 match fields in _existing_ table type L3V6 As explained before, in several ASIC platforms, including v4 matchfields along with v6 matchfields does not cost extra hardware resources. Hence, on these platforms, v4 matchfields will be included in table type L3V6. In the below table, the second column shows the matchfields in current L3V6 ACL table. The third column shows the matchfields that will be added to L3V6 on platforms that needs this optimization. @@ -186,7 +192,7 @@ As explained before, in several ASIC platforms, including v4 matchfields along w ##### Cons - If the operator decides to use the optimization, the operator needs to modify the ACL configuration, i.e., operator must modify the V4 ACL rules that need to be placed in L3V6 ACL table- the rule's ACL Table is renamed to the L3V6 ACL table. -#### Option-C: Create a new ACL Table Type L3V4V6 +#### Option-C: Create a _new_ ACL Table Type *L3V4V6* Create a new built-in table type called L3V4V6 with the following match types: @@ -223,57 +229,94 @@ Create a new built-in table type called L3V4V6 with the following match types: */ -##### Pros and Cons -All the pros and cons of option-B (extending L3V6 ACL table) applies here as well. -Additionally, option-C has the below cons: -- Need platform checks to determine which platforms can support combined v4 and v6 ACL table. -- Even on platforms that support combined v4 and v6 ACL tables, we need additional checks to identify which platforms are optimized to have v4 and v6 in the same ACL table. -#### Implementation +##### Phase 1: +On platforms supporting v4 and v6 in a single SAI ACL table, this _new L3V4V6_ ACL table is supported. -Based on the above design considerations, option-B is implemented. -Additionally, a new field is added to the ACL capability in STATE_DB to help applications identify the platforms where v4 fields can be matched in L3V6 ACL tables without additional hardware costs. +##### Phase 2: +On platforms NOT supporting v4 and v6 in a single SAI ACL table, this new L3V4V6 ACL table will be supported by orchagent's special handling. Orchagent would internally create and manage two SAI ACL tables as shown in the right picture below. The operator is agnostic about the underlying ASIC behavior and only sees a consolidated SONiC ACL table. -##### Orchagent -Today, during the initialization of AclOrch, the default built-in ACL table types are created. In this proposal, using platform specific checks, AclOrch identifies platforms where v4 fields can be matched in L3V6 ACL tables without additional hardware costs. On these identified platforms v4 matchfields are supported in L3V6 table. +

+Hardware optimization for matching v4 in V6 ACL Table optimization +

- ``` aclorch::init() -> initDefaultTableTypes() -> addAclTableType(TABLE_TYPE_L3V6) {``` +Note: +* Due to the lack of SAI APIs to detect this capability, platform checks in orchagent code are used to detect the support. +* Currently, phase-1 is supported. On non-supporting ASICs, when operator creates an ACL table of type L3V4V6, orchagent throws an error in syslog. +* Phase-2 will be implemented in the future release. - ``` - - : - : - if ( /* platform optimizes v4 in L3V6Table */) { - .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE)) - .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_SRC_IP)) - .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_DST_IP)) - .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_ICMP_TYPE)) - .withMatch(make_shared(SAI_ACL_TABLE_ATTR_FIELD_ICMP_CODE)) - } - : - : - } +##### Pros +- Readability: L3V4V6 ACL table type conveys to the operator that the ACL table type supports v4 and v6 match qualifiers. +- Allows the operator the flexibility to use only L3 ACL tables when the deployment does not need v6 rules. +- Using the same config across ASIC families: Once the future plan of orchagent creating separate v4 and v6 SAI ACL tables on unsupported platform is done, the operator can have the same ACL configuration across ASIC platforms. - ``` +#### Implementation + +Based on the above design considerations and feedback from the community, **option-C is implemented**. +New fields are added to the ACL capability in STATE_DB to help applications identify the platforms where the new L3V4V6 ACL table is supported; this is done for both ingress and egress individually. + + +**Matches supported in L3V4V6 table** + +- VLAN_ID +- *IP_TYPE** +- *ETHER_TYPE** +- SRC_IPV6 +- DST_IPV6 +- SRC_IP +- DST_IP +- ICMPV6_TYPE +- ICMPV6_CODE +- ICMP_TYPE +- ICMP_CODE +- IP_PROTOCOL +- NEXT_HEADER +- L4_SRC_PORT +- L4_DST_PORT +- TCP_FLAGS + +***Note**: Every ACL Rule, should include at least one of [*IP_TYPE*, *ETHER_TYPE*] in the matching criteria when matching of L3 header fields. This allows orchestrator to decide in which underlying SAI ACL table to place the rule in. If these fields are not provided in the ACL rule, the rule is placed in the SAI IPv4 ACL table and the behavior is dependent on the platform. + +**Actions allowed in the table of the type L3V4V6** + +The default actions supported in the new table type are the same as L3 and L3V6, viz., + +- PACKET_ACTION +- REDIRECT_ACTION + +Note: The above actions would be added to the ACL table based on the ACL capability. For example, on platforms where REDIRECT_ACTION is not supported in the egress direction, the only action supported will be PACKET_ACTION. This is similar to what is being done today for L3 and L3V6 ACL tables. + +**Bindpoints supported in the table of the type L3V4V6** +The same as L3 and L3V6 ACL table, viz., +- Port +- LAG + +##### Orchagent + + The new ACL table type called L3V4V6 is created during Orchagent initialization. + + ``` aclorch::init() -> initDefaultTableTypes() -> addAclTableType(TABLE_TYPE_L3V4V6) ``` + +Using platform specific checks, AclOrch identifies platforms where L3V4V6 ACL tables can be supported. Creation of an ACL table of type L3V4V6 on an unsupported platform results in orchagent logging an error in the syslog. A SAI ACL table create call is done only on supported platforms; this avoids crashes on unsupported platforms. In the future, orchagent would internally create separate v4 and v6 ACL tables on these unsupported platforms. ##### STATE_DB +A new field called `supported_L3V4V6` is added to the ACL capability in STATE_DB. This field is set to true by orchagent during 'AclOrch init' on platforms where v4 fields and v6 fields can be matched in the same hardware ACL table. This provides an interface to the operator to identify the platforms where the new L3V4V6 ACL table is supported. In the future, this field will be used by Orchagent to implement a single user configured L3V4V6 ACL table as two underlying SAI ACL tables on platforms where v4 fields and v6 fields cannot be matched in the same hardware ACL table. -A new field called `optimized_V4_in_L3V6` is added to the ACL capability in STATE_DB. This field is set to true by orchagent during AclOrch init on platforms where v4 fields can be matched in L3V6 ACL tables without additional hardware costs. This provides an interface to the operator to identify the platforms where the operator can choose to add IPv4 ACL rules in L3V6 ACL tables. In the future, this field can be used to validate configuration workflows to prevent a user from adding L3 ACL rules to L3V6 ACL table on unsupported platforms. ``` 127.0.0.1:6379[6]> hgetall "ACL_STAGE_CAPABILITY_TABLE|INGRESS" : : -5) "optimized_V4_in_L3V6" -6) "true" +1) "supported_L3V4V6" +2) "true" 127.0.0.1:6379[6]> hgetall "ACL_STAGE_CAPABILITY_TABLE|EGRESS" : : -5) "optimized_V4_in_L3V6" +5) "supported_L3V4V6" 6) "true" ``` @@ -282,27 +325,104 @@ A new field called `optimized_V4_in_L3V6` is added to the ACL capability in STAT There are no new SAI APIs required for this feature. ### Configuration and management -No new CLI or datamodel changes are introduced. - + +#### YANG model changes + +``` +--- a/models/yang/sonic/sonic-acl.yang ++++ b/models/yang/sonic/sonic-acl.yang + + container sonic-acl { + + container ACL_TABLE { + : + : + leaf type { + type enumeration { + enum MIRROR; + enum MIRRORV6; + enum L3; + enum L3V6; ++ enum L3V4V6; + } + } + + : + : + } + } + } + + +``` + + + +**Example:** +``` +{ + "ACL_TABLE": { + "DATAACL": { + "STAGE": "INGRESS", + "TYPE" : "L3V4V6", + "PORTS": [ + "Ethernet0", + "Ethernet1" + ] + } + }, + "ACL_RULE": { + "DATAACL|RULE1": { + "ETHER_TYPE": "0x0800", + "PRIORITY": "5", + "DST_IP": "20.2.2.2/32", + "PACKET_ACTION": "DROP" + } + "DATAACL|RULE2": { + "IP_TYPE": "IPV6ANY", + "PRIORITY": "6", + "DST_IPV6": "2001::2/64", + "PACKET_ACTION": "DROP" + } + } +} +``` +### CLI + +##### ACL table create CLI +The existing CLI is extended to support the new table type. +``` +config acl add table -s -p +``` +_table_type_ needs to be passed as _"L3V4V6"_ to create a table of the new L3V4V6 type. +``` +Example : config acl add table -s ingress -p Ethernet0 DATAACL L3V4V6 +``` + + ### Warmboot and Fastboot Design Impact There is no impact on warmboot or fastboot. ### Restrictions/Limitations -None. +* SONiC does not specify the ACL table priority when an ACL table is being created in SAI. (Refer SAI_ACL_TABLE_GROUP_MEMBER_ATTR_PRIORITY). So, when more than one ACL table is bound to a port, and if these ACL tables result in conflicting actions, the winner is not predictable. This will be addressed in phase-2 by enhancing config DB to let the operator configure the ACL table priority. +* "IP_TYPE" or "ETHER_TYPE" must be specified for ACL rules added in L3V4V6 ACL table. This will be used in phase-2 to decide on which underlying SAI ACL table a given ACL rule should be placed in. ### Testing Requirements/Design #### Unit Test cases - Verify ACL Capability in STATE_DB on supported platforms. - - The new field `optimized_V4_in_L3V6` must be true. + - The new field `supported_L3V4V6` must be true. - Verify ACL Capability in STATE_DB on non-supported platforms. - - The new field `optimized_V4_in_L3V6` must be false. -- Create IPv4 ACL rules (match SRC-IP, DST-IP, ICMP Type, ICMP Code, EtherType) on L3V6 ACL table. + - The new field `supported_L3V4V6` must be false. +- Create IPv4 ACL rules (match SRC-IP, DST-IP, ICMP Type, ICMP Code, EtherType) on L3V4V6 ACL table. + - This MUST pass in supported platforms + - This should fail with meaningful error messages in non-supported platforms. +- Create IPv6 ACL rules (match SRC-IPv6, DST-IPv6, ICMPv6 Type, ICMPv6 Code, EtherType) on L3V4V6 ACL table. - This MUST pass in supported platforms - This should fail with meaningful error messages in non-supported platforms. -- On supported platforms, test full ACL workflow: create V4 and V6 ACL Rules on L3V6 ACL Table type, set packet action, get the ACL rules and counters, delete ACL rules and then delete the ACL table. +- On supported platforms, test full ACL workflow: create V4 and V6 ACL Rules on L3V4V6 ACL Table type, set packet action, get the ACL rules and counters, delete ACL rules and then delete the ACL table. #### System Test cases -* Modify existing sonic-mgmt(PTF) __test_acl.py__ to test v4 ACL rules using L3V6 ACL table *on supported platforms* +* Modify existing sonic-mgmt(PTF) __test_acl.py__ to test the L3V4V6 ACL table on ingress and egress *on supported platforms* * Traffic Testing must pass for v4 and v6 diff --git a/doc/acl/img/acl-v4v6.png b/doc/acl/img/acl-v4v6.png new file mode 100644 index 0000000000000000000000000000000000000000..aaa81e7941da4211fb6a1ceefc1c53406887ad8c GIT binary patch literal 55239 zcmZsD1y~))wlx;q3GN<(dvFNuZb5>(yL)g5?v@bTIRtliC%C&i1pk|v%zO9E{qxn~ z^y%*E@?C4Ky*ptFa^gtvc<^9gU`Ub@B1&LjkYQk8;Crypz?m)F;y~bsq`9!Lf~2r8 ziGqWziMf?A7}&d5Lp?ooNxFCa`uci${UfwA@D8p@p`npVdcLFW!z9BbgCw2p87bP@ zYdENDkSd*Exr!ZimWYug_tgyjbpEqp?_nPDXI<*1kKC<(4f_`ny|K&tfkh3uFCdr^ ztF55Y+1{Q4VMLpp{MK)dP_R}4ZCp|Ch5(g^uyX~>fLdryyxrnsK!*PjzF@7OgBaO3 zVlTE}tsHus8#g+>1taX)7g3zl^mH1i0xaWvEDSrQq8y5!-=Rc!cCl4}Go}geK0pZ5 zsCKY2YRZdu^tbn?_=CUQL7mACY}X%nSBpZL)E4C5v4IZ>c_|X4G5Hoc_}Cf|5xox8 z;Qb{I&TlOooLa*75_D2QJbvf+()MXpXh9=}W9{u8w=XYac!-Ec7`Qmka*r=Bw;L}n zFAUIWzUlt!f|Ou`M*34mXZ@!@->MmFNSesXg1rZhVZp#d%)y|5BXHn@2Yi5GhzkaT z0lv|Jk4O&0KUX2cav=XX2H$(VQAk->QWE%9HgqsHwsADGbqZN>2>~AU%UngnNkdkK z+tAjULEp&Mz?i|!+U_+A7_S>QaA+OCgEUUVqhZUhbJK+;dL-F;Z_n6`;#5`#Ybl50A=vA zefYrp*Zu!><$p{3kDMC+o0E%){XcX5$CZEQRCP3V5Vo}jige=t-;w!~`9ClI$;iw2 z+VcPCiNCw~ud_fu^TYEp{?C~4!@qfBLIVaS2qq~aq~ZpClnLXd(sR>?5(6~}8x%M0 zc?yf=p;}2UdepKGdO9``674n>IzkzmG8GDk2>(t7t0cPLa;q!s$ENqP%c-9c7e;0E*xp3DEj?(WnV9DVDnnw84ID45K+`Vb-=%-d0*mU7d4Wg$uLfpN36h_)A=t$J>xy7MMouiw#bi$ze@mVGv^#8XZ;OMaK5Nzne&$NPI|E{rJ8c_TcUA^ePdy7=wPt2g-_YLg- zr@wMy-O}FF{kw@ITR^WM-c^8s|9hm`&4J?OL9hp9%T2CBmHJ&qBWdhH%knOx0}7hI8<*_5OeWfk7n`!`S+JgU({DhywKk)LF*w?3YJzWFlUi4^bx42tk5q zAyWR+!%_%Q?UA^wM$?6gqlY~`J(3~Fgj*XCj7emo;VDnb1#*eyI!$RWzg<_o>p-Of z)<<(y!n*F;m^6ytgPQMl(oL6YuCAPb16!kxfH%GG%9ZlM*~}+JY?_Wa!lI)1Ha*z;-ndv$KIN%kjlePHAJskAxN4>!^9nD0LbJPZZnIm+p%H@R4g zySdfhc}>Z3W-4O5Je~UT9FBLW!Z(19I9IJqP+^b>-i4qLCm9bVr79XkV%g4B3Z2w%B2T=OH>je; z^)YR7I_?a|9P#kTLQtSCK;7RQ)24G+$3em%_fuzkk%>nWFmn&A7VQZZ3eFZ)(OS-y zC*ED|N*fvd@VeVhu68|L@nZMA*c!O##*hz1W*eH!lLpG7uXevQ(X2A~0?bI^6`u!d zTmc`i)&ryUPEtQl6vF6J@Gnqak|e{)iB$|QBw(DWeZ;=n5b63n23nP?a8ui>ASZqg92ymkV>sy?z`?QNnPGg_lFhRV*)P;nLMsi z%Z<+4z;Eozp8<_)K1(&`%DHC~vqFK;1D>ZXrid2Zq`X(-!o9MR;t6k-oRZY}AC6d+ zPbYH4kvwY@P2sJ720Rtwud?&%Ejf=*2HS3eojEPz{4L!Iw{sCP3$OM-=w^-Yyg7OUq z?}Jn`fL>tnzIU2$^=@(;XQ!kTeZD_rH2+naYA^Y7x2aX&u3`%a4wHb-9=L4clX8=lLB^*U=+Q^L1N1xDNZEp{vf1-arzrHvB5n zO81A?hBP?ryu=x#|J@FR1N&+l~@$0OgDhtEk9+uyIsaohTur9>=y*9z%oo~97nFFDEiKF3aonj=@RuZyDwS{wf4U3SUvt8suL+5 zi$5)Q+g*EW6_JFME08HZEPJkxA|&fC`6lEx6=Cpk0-N1qjGr^7sxX7};n`yJs^lZ` z$1@&8ov>Be<};p%)enSQj#&lvXC~Rm(A?8z_U$?t#%!Z2npB+2>m#RSpzqooPQS(; zvkoEKK+{d9t(FVl0~1HR%klT9?+e7T4o~P7_pp5y%lzP+9BgE)G-q9HM~A-34cX#f zcmxa8!#kyxxH+_4iE%EPB6@vp$96uHsc6719}}^&4z}rK#l5OS9!zK9?mv7)UT8d9 z@@qVM1}s0f6Vn{8?Rrx_bm_#p1zp;X=Ou6ODaFTxaRy%BZ$vear%s&CPgp@a9NMSv zfC;cHp~8s~68$mtW$SmW-yAUxZ+D4S@q7WRX?`S?6La=COmISp11^hEC{3;nRet1X zLh4xgx#dBeLG*e^i+)#duUWvwm%Y%;u*7Z@JfDoqxTQ#u$9A$4B~v^;wLoI&$I7x# zKL+{Bz>u6C~@zz&0j8xi%o7B9DLh@MTq(_Qq9%&t&-2TudxD*LtxwKV!z1 z`*LqQRm3wKcQ^=qs@dIfw{^)WgtM(~G~8jXl6(27&I0y_@PI@A?)-uvi_0s$?DKFOT<3A0;$6#tV>gvA%L>@FegGWV4jv#@&wmwI z;r+V4fRpnpReIME>ff+SGW_j!B@v@!#dDy02W?gsV%PBTgsv&7{>F|THJfHE3BBOS^woc_R z_%rD%NEe{=v&tHe7&o>Mwfq~( zn&w8g!xZ7l<4W3~<8R1Jgv_tCq&#^gS0~Gh^`m5ldDH{at{Vg;1=`o9x-z^v2oD$B zug18dacMDTku}nDzL|e>AyogTmBZvZ_qfH9pCWNqQ4BrSDt>)u3w&oPhwt%qUOu`Lz)+YlUp5C}PS=@$wr z3Zbp7>*&Z-Un4_DmFN{gWSTpi1dy6Ui4z1m_-pj!kQ)E=AcEm3xGYb*!r@RH(7^%2^l2%+^ z+auyh@s8ag1#%KUtu`Yzpd4p9< zF*XA_>~m#{*#wy>3kHs?LU4HiF=6B=){nVXLo`<-SLbA6-^YogYI2j4zLqD%?XNO9 zDUzZu9q^jxsK2Ao1p8BQx_^yN<9yXl-_S({1-dD81VSVvVN&S$6%NHOCsw#Rb1`o- zPwtho9SzeEm7m!K3BF{Q*j+j+Vp09Y9;m=hlL4snSXv&=?(^CET2(06x^y67RcB9% zXDW2i@voWcVUg2_3D4_SiNz9ENoxMd=gq*0-W-{5Vhxy8 ziyB;d?TRgUx$8ED5)AueeI|(^)>}dr!yTha!FeH4@3Rh=oe)IU7`w8LVVr{wv*g1e zY-lpE<(LLmYX2r^ZR=?PfpkmS>a0#AbaL3ItHX_^ieO zyk=gk_jJ6VfLf&=H;1!h?+AwlM>2V4ab)o#Z3Y`(I$-m3a#2_vexrT) z2GelTcnEbuidtXWsnGqkt{{c8o_7Ucl)cMhtUeP3kT!U=tXwS8Rm z;(f@6x5FkIy!9#V*6_I-p`_jSF*u1M(rXI=lyq#&QHmNG)sS>myunl`s5MBvOxmCI zhAqD1VW|5X?h*fL=)Qep>G%y<{%NEHiT5wn#a{}n?VCmbtS;L)(r?*cA{3guW`CRC zMi9V$T_eR&nm^>&R!+xb?nyUk_W&%&$|rY%%q)wBL}Dn6C^0_rd;Bh|{vgTxxZHZ64^0$)d@U zN}ZCahlw_ZW}}l1>F%9I)<Aq$jLO zMxN-Z=sUU_UQ5cVKKVEcfyRnfEpC12xE6CfB|`6QRZa2{SL_91?@*+36kY|L_Rny8 z!x4AOlOg-s>3jQi%3bus4ddjfdtmIt8EuIgtzgpnYp%;ux{Y1wt6EyvD^*Ydhqj=@ z+8qo#ELGvY1dy}=7fQV~iE;@Zl9=gY<5{HNE?5c15zPuym9frh3*V`XbJ~NqeG5nJ zrAM%0vSMzN)k`dmZj^o3n8`a)zLhYG(2i+jZ>Z(Q)^FDUlmTNTt@+8%_ zJAR?6>Bx)Rx@ryx%i{c5-Auw6q|NU1iC zXjf?BVMDF%Fva{2D!Za~_EEL98~@htC@Zk{2z6*z3K*ErHv_LBYRP+ZR31~^N&XB zcM9v4o30Zj(jBcNK{5`T@pL7ZbDeTb`3l|sPwI~ajHaVV7bJy(9n_iXEeXJ*OBOY^nJPYMJFUY#vnfj$Zxh{ z3K|-k!^M`Q`BHtAqKi+YpDg*`ed_Op;dVK~X$+_*{LJWIi3J$2b=|%J+F9@3=Bn?D z&hz8tm{(mG^{YH9D1?#IWG;k(e0Fc!xKHH{2uz^sjVXBnc6b{=X{+{q@i7O!Ygv|r z{&dMV2|YmXngj$PL&U}#-`+@ElT{3PUQ$3Ri>)&3Yb4s?_-o=K0l3!3k@gWp+V*^3 zGMvH1sQ}iA?Ra*R%kki(_nurRp#~sb zcqMH<{xuZOAN@}9pB<=2zZ2TFJ=L}!gFJ6fSghul=Bte(YRo1+61lB`56FU(%AH@1 z2_(B;?nrugG)@;OixYXB2^HzKGzxYAa;c}o?=yYYgS&BI6v--s9+}K~qPL$N9IEvM z1_dtq$v5miY#mm#ag?+2xSp_yZC%fPW(0PsERgHrY(?^{uIGq0%xp0J(X#6*y=*!M z`vY_1J+N){|B#HADJ4JXy9+H4K@|7$YPP?76?s9UfF?R{w%%n7=&VZLMc^6^ic7YF z@onsgcA@{Ql6s8Fd$YB6|BFT2wgEu#%X8YF6brdJm>FtuOBx$j-0b_xdC$SYp~ld1 zrIec<{+5OeP;$z>ZkJv2d7Ut7nM>-;r>J(H<@xVK@?}!VfHqdVihCSZb9z_jfFK!l zV!7P-lM8y;=1n8^weV*He0Q*C0D=s{5PRv}+#bzOS>=8P)_!ask>_wXA2K2Lw04tf zi5dhUJ}$0#$=d^YYIqx9veaXY!+1*hVVJG9w&YsPS4S5XzWYmd{%JYuvghqmII*kX ziZ#WfDrU0k`+P}kYRm2)C2R^t2uOJxjH>*|nYd17eyxV18C=mG*9Tmc@<@!JGW(Ed zKv7M%X2&5cZXR~Y=JzJROWv!$7^EFxFIFwt8BalQ)YZ^P*#x@BS$C=y@|gZpO`-X1 z?pOYU$_LAtV&n26si|g5#Jt?kZ9e(BHQ2KvnFv^POwJZwA&|!(@gHuE5BKJ(a*ME! z|8XA)%0ZQ`_>TtgTg+GI2_qF+HKKFZe*6MIYT-0Knc&~r2&i&|s>LeI*`EP7fwCBk zcof4IqH^tq>WO#@I__7$KnU_uS~VuE8ruUqc!n^H7~w&z;T5w}0djL13%B5bgtWAy zF7~lt!`Yc#2p(uh2gZ_ct^%?!S}9K|^^l5!BIR;|WA9T&Apdv17SCIkU*b>uA{|J8 zfk1&`dJu-QgHS;IeI5cai7Paf&U4y4b%f7s5Oimi_^l-NH^7d$*_zTox5B}Q%)5Jg zg^t9LVmPrUN{kL497j4GwvCkAP;HI`$g`DA~Ilue#S?umA(R zb0oG^wQ@t4A=@=$C1vHNlenbaAB|py3@VH9x{%z>Y2W|9?Q&~xA zn7QdQsDhh?g@quEZ^rzG#f=IKqU4@l4N5N)bO7meHZVm*ScUWW)VI$q3Jq{m~7ky0-p}^>X7(b62LC zDV8Xb?q+^?rbT<2;iK>$>*$W=w*CcM1cpzRd9Op7p+O|aFeYUrzMb#wNiHh;piF(R z$C*)tz?D<^1Al!m+0n*=Wd$bt#;|^U!gpCzc9xN*CrIom!0FYw1up3J1(O%D5ZvPG z8*(l8^To|D{Etf*E zCqkX|o)fd8m<$z0%`F7wj$Y@dv6+)`f3%D~NBLu~wnW=i`*KQW47v8@GoRv3v)p?V zx=5%I*)qe}?C;!lhMqn+QUCCHy4OVhhBWSc(um=KCYIAwF97K_ne9Svcp&fU@hAg9 zu@=^DUeYt^W1r+ZXTGf=)1mw%|XnrF$@4NUyoOBw_XUQ*{UnT_Z9uA=q6 z*z8@fOeVK#5}hWQ1iT}a0TQRDtX4>49DL+Nz;tFk)^!2ps4KAcTmfLP90s*#TB^F& zNK)baQp51$WO=fi@w+`76=?6(r^FKKp%iMjJzXz)I|cIYbzbYe0K8w^UxhkkQhP|Xw~ZLw(}RHfz?LJns5$4$JtzkbqJOOLeHt2;*zmB+o-ksk%B-UTk1@^m{?#o~pL9FJu~0GKzLn*9!aU?n zLiphaAn3L>LLL64xS_)uKroFrx*WgPsD^_~4;Amekj`=SHN@e`OPJ6}-)(+EK7Wf7MaZP*M?!-HW&QD~uq&LeuXVR}HL2>f zmQKv(xl!xKInGl1iDD|Df1tJ*!w{DbXy(F7+`Qdvz0U)@#cZF-qH_3@wlTdTNX z9&|nSDM1XU>9(yjZu<0}b!HB`x@UqDR!ankHy0YasL(W#9D9me z*n$w86yNQgIh}1oT9OK$=0b3#noH*_7dRArKe4=u8fPLou+>=}-0j}}!a2er$W)&1 zszXnfo7CCZYjJ-%opu10If{9&m<{#T@6rj0GMC^SSLm_a7}YXVLjWg(iHdX%Ms&yg z$920uWPs)Typ-*NKTFnv>(LzZ6w&Mt-aX=kOjWlJ*qVDx>EV_h78rwnalBWWhc3uV zipWJF5QvQkP2gO%P8TtfOQ)^44u6mqhX3%5=UWI9ekc6$q8>0`LnGo*;~m*q$3c{EJ^yj20BvnI`?Gv^XBt`lf$t|wU|W{c`|AQ) zW1Dy|I1Pw578C~%phn%Wkpj>u#K& zg@?)al$yx+PESXMQ>cp9+h`#sC|SCOyc9qCH>OXTo%hfWHX+xCw?9oei!q&oGy+~{ z4Ma8&KhfS6vRe#e2dUHG@MXGKQ`$hTY{;{Gq4V%B!ITkpT;l4D=&!$lH0s$aae1US z`V)!bCDNWOMm8&XH6g3d{x9-Dfr|KgbC-@0@t=M8AMzp5E)HC|hova_du{$NtMb<) zQOKE>4FpGh_=m}~lGxEj&C7as#5(_Nkld)+Q$)tJ>;H?>NUYHTUX_Z$$zSVN$H68QWKfM8K1;OKDm8?peEG;!y)qVo2 zCI44;yHU8H%u6h{2|o;Kxqbl4zj8385;gjUjd0p6AaW$};iO3(h+i?YctxbIAp}Z* z;Ld1ag!ZRifN4LRElV_4_Dzo5#GTCD-Hy}v7O>=gczvp=&9<4|yP}1Z ziKkx;8_!>qwr=oq1m{3ArIyihFyR-MWxW;!ZSBanv{aMTitG*Fr7_G`a-=F<5})9~ zAw&t@znK}^+A_*kSuRm$Ol2_+2bBZ1W+;Qp5vtd)&Su%DFPf0W_t~rAycd5v5QX0^ zY4dNYB4~#Z8Wn|IIm zX=I=s`q%?@i>zyQO`$Wixu3U{%}kHt^VK|(-_hSo8F@8}^d%#;Mq@dAos=KhC?Hs( z?sGj&V5vg8*br8iFldPTvV^Y7paPc=5pkwD`?MmF!ETv!bu_Qcr0lk6T{rMuG-B(x zZj}S<)hGPQx7tTrfCvR+fRt8yKe*6*V#{eU^LBC6M0=epP(1z$tmqXD8|Zfrrwtdw zj*OB3cihg@uNXQ|rOmT$ie_=?q{!@fM}>g>NY2+-8@~(PLiXaZH=*|eU+H^C!6a^q zobBNpnNX%GKKQFBeGH_@D*%OTz50Fte^$EUM0UH}a&dcCC5h6Xm26F#eByLjR=q;k znj{K``Q!US=@Ir>ZE_$wgq1af36)ed{B5i>V~dK<-8MFt-I||b#tzsknte@zsAw7> zle{Zs&dG-p-~OxOB>uhIy7u@bx?|9^O&Dean2q&tB(a6 zr;p||$(*p#lq#X5RExrBa3HfJrK_U1D7GspCm7E;OjePn!;?kTh7pau#mT^Bm z5Qa~->HFCLu^YZ@w7_2@^fN5ZrZFBn$B_ULI|#L6SUR?S9_{QQRmACZYarfaXWYg4 zbfqO=I6qXlrdq!Xx@q7RmAq1~ha(l_Rx+$pE&Ho<71yAJG3BJUM^sv)ifppj9OESls_1*QM9AVf8!wBR ztNj&;lSAKcUn_bK0Q1>QdA5*#+JBJ{Dj&KiIU5!bRz+AL@f*YI4)N zV<{parpiV>Iow>(B!tVr^;bxjfqetaIQHZyHZC>xQ&Z;m zJ!zXJPV3@;!u5|ylXPlv1uRH>o^eqdvH^r4H6tsu z!FT8tW%y(;LQh<=PD1mkrvDEVq#XdTq4CoKJB!IQ=f(JwD?-vB&RILT`*d&DH$f7b{ZN(hRqJqHR6pb% zzHc#pZ5U^spBt6qPvYEVqxrh`3|`Yq9{8H&gbU&ttLl`RVCH6hw z+V`HJytp6laFAVnj!WscTK#rDqR05U$G6u(h2Ph5ug=zb-8sy+`L-bv@qS46H>+?t zZMl^KLWm;K%x};6>R}_Z8z<=;(X?COk5+>AtI6vb0rk|slbp%1m#s*xCAj(G0Dm4) zq=t-?Sy7kxrgfB#D3%Lk@>aLYjqt5sXxP-({ zwYlCLboeIiFMLd_&uJ1^7JypaY<&gA@L$^-*-P?N4-qJM$;kR5HrxP_(5UO)nJa1i zAK=g*<+q9-*5rE1(Q(UeG2LHAOl2AXt6`gGdWzrScJk!i5aOJ{{Ep<3W54Qmf*kKwW~$0p!(1 zs>_|x(Vw|}@&ufXtg|0^B_K>C*XBzsr7nxBSj?87HEY?qw5&7ndWP6{6O#w?q*Dy{ zspSTVX;B6WrfT7#abH|*F~Z;(-;epU$*Eb770Y*qW5#|xHG5ap)3w!6p*9d5Xg+#h zl0ZXRaaBe>VKM#Ga$bq}WS`5Gw0i$OiGhK$uH>C;Nw*Z7HH=Z;H#Yaj#hJJ`mr1W3 zVsuzl2p?OD1$;-qGqot&3c&Nf_PTy_oV#o60PHVNqwM}078;oJN+O*zIgZI27VUg< zWySL?%19O8KT(jD*K1FH(7mB77;?RI*>CJKS8Ds1P*b7BogO<^Y9SdGftZ|d6<@t; z=aF=9dZMCf5RT3I@Lk%dbyL{qfR-4WwBn|Ow#vijQ?I0E)n(`}Tq@N~X$d2d6udCa ziqt%CKxifvY(I_awk&TDlLLZgXF}g4wE=Nwu>Om^46h&_3@(Vwe|E)7+~ss(TXnWc zXQ`{ifldVCjnLX}`w$r|XNCOI4%vESURSxc6&A>#)&eh79 zXX-3bQR`%MFcfPIvRVFW6gK%aQClV3GC5i35c!m{%_nfJvzq^%8I|)yHa5A}Hs*&R zZazbOMt-rr6sf-gH886UfVk`1z`vE5Gf^=>J+wLsa=%mDCtjj>@AgIk{~|AYoW_%0j4z@^;?DhACwP2 zOs7f@sXVnli@2egYw?UuUrrEfWkQp=j0>`9{0@PlFe7(T2f|8=ii(_&xp1w8923%sSd!n{Bq$vctW8%USs_ZLA;__+I{{WpbQ!x)Gi; zty~W=5x8~(!Vho0eT8g34pOW)u9$KFh ze@oEhKUdfp(_`S1J~2oov|>|8X=Ub#Xwd*{gv>`E-i?ZrhK5Fx0SI1sjgHZFnKw37 zdNT$`3gJvEHWah+(|9{N_hQL)Ub(lg1VTvf;SG0j*l&dX+Q1@~jjzXI?$=g|YA05o zB{7%L+})S%t+p6!HFa&Q)rFq5z26NLzK2KN(^YL`dq>~r+w7&H3}Mlj@$zKJi0(BK))1U#`o$wLHz_3+;UeuoW&)aKiba+u5G5MZ;KEJ zhCYng^ern)t7cYOj*k=r>!_A^X8S6qrc_Odp%{~zJpV1)uwZRb{JzEgZkjNjO@d}k z099&3wK13DW4!rdo{CdF2zeIC_JFo1RfaT{d+$MH?7(F4c|I|rFwFAT;KcN%3-+oc z2?gBm(}YkI8yMEidoTl76*OHL$Wvz#=8XjKy_M}O3qR*^G`YQ^YfmL8XdITGeD<2o zVRX7Gwa4U*RQt`%&E$*^;&g%t z>Y^zEX-j@e0|md|Hy*Fh)wR?L9YSw4&U&Cxw-7dg^)Ch}=yxBp8t5oQB8t&jI;|rdWL_#DGS7g)T6YJEB(@xq{dA_StDaCp*J~iD!Nva&^ zK-tu|ab4DXz2NFel3l`g{9ZS!Qiy*tMPita%EBQtB0a&rEN+nkH4ZAkfr^>pl!8Y` z4~pZ6iz;{LIEmP43xlT0l1gL%|LHJo*g|zktZq_Z8Hhiqt`)VZ+V_^WcTP8qv?8H=S-7<_TQlEArCl&9^^EEYp zc2}^)XXWVT>a9e#H32TUal;u_-bQG}T}-Sqn)s8oqu2r=GHZAO&y!nQ_G(5g$9t zAyu=e=;v+YkF%5c=4MGyRH=nT)A4)Q=Dxjrq^-I>-ZvL@71>;i^@4# zq%lDW&@P>UFxkvzmXsCuaZ@a;sbnIMRbgsJYX_1rp!82vUMM;c8Ip+0o?}_N@nF*u zTsrD-Dv;U5&L($xxg^vSN5wOJ1$-x&vDZGI(`q z{k8v)q80u)MB=E>ReIK_l8??a!P6<5fvtgSL>!SnN!UJScBP-(YU%bA(k}>?(%6QyVS~3uQUWng3RvuNHksw|V3& z*^7kvux1RYu0ks*&bl?02y-NU*~-ZE3n#2;M!N4wL-$%g6~RdSIOn7c#i@)eligo? zTZvL;M+K)sImtBG#;AcrAVx40?E~K|u>ql}t0aj4RPA2jW;mg^Q2}0nnvJD8jkE*K zA>P!wN@pqp`!XlgehV`XY>^h}r^aHI0QCFS;VB!=otztQ@a%!rjB+s(Qqzj8E`MvO)%M~d$#XNEYd{Sy~pGe>Zq()VAk*) zkMH12ZcxLkTSnh~WTG|O=4M|a5uc16x+|!zQ>9D9C0W%4<%pU0{%qrcPS` zM6ZrE0=TS%S!h_gD z@q_5=J_|D+#bKS8k|J2N-C|izvd3O2hZ!#o)%)n?Z9n){YD8yG2A20#W~zJJ`2%e$ z6hhE(Uo&e|pLK3S7Kj(DM2D3kuS#iTdpq+v_3Z3u2o35m%BT$hzP-yd7a`FOWRPi= zYkb;@f&?`godKnV>H zH4UqrK*e*rtO|?zV1G#=S5`9fzO1($-*TeQf^>fg0tgi@2+ZGa91nPXB@ytYOGaSP z57SG^%O}40! zFb!=2@$w|>0^PzTBW_a^$0O2BdZ~$Kho}g72+0i&w_jVehW_DOM9%2T17neDQ+WbS z`kk-$R4-Ds=j|w6=6lumx(741dN+KWdzf5dJ<6{zQC75jCZw0Mrp@j}ny8MD-QFNwZ~NhWL89$Wc~50FnHFDgtgJ=<>R^OO zX@@yQj!%X`N{BV|i78)ZWaewQ?)9lQxSOPF3E&)wY>4H((X29V=q401a5co$)V;hX+}xvt^vkxGH7dlpKe$r!qNcl0o*T^V?&HtWD&Fi3j=o3F(X=tC{-RsQjv2wQ0%spgV z=n2*@R08S{@Kw;^LVvzqzeT*OLUL;7qTf(HRj$j7;N=NNv(ZieOi1tRe^zy1U;rH- zKiw2Pt-E`;H1?f5DPS}Gez#IE{wnB$`XNiSDa#XcPG7g?3D{eES-g;yaT8p0SZxTk zww^vy9qgGFaXWVU&-_AG?zfw-?%Ka5t~(kaA5;Nij>FlS5Ypf(JsccdzCf8)U6SjH zyLh6WyXgxM#A8`oqF!;b)b|?B@S0$;ATZynB<$_sXtr30CNc0m9g!HmUC5NM0oiYQ zn7iv*HbtENnK&_w5RG_Iz7fuZ&QX%38dcwyJPyl7=eo$nqx*rE;~4C?%2bNtd|gA! z{)u*CCGiW=K*HyYC8qLX1Y~*FU*nh6wA;P~e-$)jAbd`3!so)j^508%+#J!oMszG{pi}{RECi%| zPdH{835785<{TyPhUJG-+CK;rir#-zr)kI!h6s)B%LGWv(|o+LsytOgd=mv_Xb^MA zsIDB1fQX2}7SVI8A=+TPQ?Cy`v3*&Gc8D@+uwPN<;kI>5{goQbm!k+D^>Se58DGy$ z&9|cz4A~Cd3Qpc2rwhY z<#nr!Bo@%km(RAbLDRNf(+#I9cnw<`2*CSz8?E!V&kt4zB2bs;y-t%3nXs;pZW6uL zhBi4f;Am)cYSPdpc(g527dT9-APo)ExgiC|@y$HwNoV)dx6@JKk@HdS8dEjM?c7S_ zcmCn9FC$DV8YM}0o}j?;(Z)hqsP;&n9a_hJ!wqtMaNNE6?yGoze?k9%=2x5L&Hqft{%*MlY-^!KgA4B9R+ zBK=eHgO@7@w2W33gdtcf6B`|LeHGtyJU{lUv%0|Q#&j$7YzJ!LrCf)c{&sS&wU8u{wN>_&nYJ39N@(nbeUGucQrbMR4w;Mx+d$;*gT*L= zA<2ec`6z{N3C}y-H>B!6rN$4Fm_dn!#GqsW#%1cyW5a9=Iu-7w1yUx^Y~M>Zt>gds zzW_88JFK=+?wYofMIW>yjONQf(|kHP(9kSSq}Mm$zum*@&fPsuDzafM)RfzRL5C%K zohAnR5x~2W9$yGf3PNRrCV#~EF~aVtOMMRy8K|n+bYNKigsQT78X%HdZP4~u{lPRZ zSmUdi^=Xd%;l)q2TtqMuZ=EGy76o)|gV zhhN-c08Q2wjzm)HYx!}r&F9nBr|qtSxK}`F;F-5>gq~+Xg+X6E5nrYP7cCUCI^J46C*H7z;+6nv1=^T5iKgT5BNEa zqt$kpA`)bLFoVGzub~kjE&Hi{tiC1db3sDFC)FbV7}c_rqn} zQ?EqnTlG$&(F8R)CWxnOaxDPCt-9$9t5Hn0NJUS~qB&GM(S@2~S-Z)*x3 zv9?#$z_=)y;ZvBpYh3yw6&|F0YhzCH(;*fH>}M%cs0W?@$KG2o)vDuwdNXg zj4=~*7Gx~cte4<%h7qRm-MI!h)*>y>=EqACS6AjRvu$wzh;o$I=S`32N<_L!S(5&CQ9q_JaT6`-ZM9AIXp~KJFcpi;n!v|9Z%2lsJ5idJC1+7$W1-$@+l>wz=|=2uKktEd14nA zL#D}Rn+)j}|FYh;J)DJxVX{cRh_sETYH2iT6LRT~n$Kl}LqcGentrC;#_}J+Dkutw z@x~}JI?&|kkLRhRI27QecZ)YGp^b~k-xH+rJY08$L$G~@4r@XDTzgy1Q_D!csxhY; zYh+e27rTNrnS0qnp%G?YOcQub8mG5m>8M>=w5`+SbQ?j$_z+KHCqKU}A-^2Xxi&9x zAB?DA5U&9~4Dw($G>_PJDGIy?QmBV-?T^<>v^;bzg0yYm_$qZ4kAk6ChK?nV-5lSfM;CY_UnP?JVFE`^jghWXw!_ypQ@J$@K$caOO3I>Qcxuy+*qmxMhM1PCUxi0b-?ayeJo)zxDEmTFouh4_I;Bylv z*JP-A2Vztw`&34bZl=3`Z-i`ZhMhL3qmb({tg_w@#j#i-z92u42)?Jw;UGgPG-K1# z6QE|^XZ;j!h{yM%eHO_F_os6ZLoI=oft`c_*?z*T9^*4X3{%iOuC#lA&IgdpoMC2 z#4l%Z4&O0dYZpkY(~E~$6u9Wxunzs6yKrH3j^?*P0E)|9EA2yCDdrG2GS=E`OU!RX z*X|a3H^k>)I znpF6&B)6rvoBaQBZ=4}6C+meo<#tkC_hZ2Rlrl&P35TT0h;dY-B^r$(u-#mnCKUxM^2@i4Ck0ty35R)`t0{p5G>=!k9%(3JYwQ zf|4d~w~ITj`*FfaNY?%B`@ z!%{Xmc2n~k>mwl{;(V4ziQiIwshw|wW-doHhM2qF;}k1qA)?T`H7b{43>PM4reZA| zK27nEw-CT<&E`2*e$6(n*732(B3YFS=UJYRaNmwL#u4U2)6%3~s^dZ?Q^*fkGlWK| z-*$=jKR^#2sSJm}4IVN}eeF4wMw>e$vB$M_EDufpOYIR1TS|7jpiZMtMonga(VVE#QM-^~vYW-M+#(GT&%7A}ctxp7PK zsLtp{PR82BY^tQj*Oq{f=@=^X}2(n{(HwgD~c&yA&qB z#oDZ+MjbIe3=tkp2E&@{UHiczl=t%E-5W1 z>f=u;m6%qM;%UU@$cXw&sLRjd_+MZkff`no@ue->Z0wABjX7=a(cr0?KhVRkS)iuUTg)|* znZ0{<=jbQ{fpfiY!Y+d93;tFgku(Pp_?cU2apC;XJuJ6f(h zfUb#d*u33F1?I08f~%HF2C>ZY=@QHS_Gb~#hpUUbZ&Z$p%(r5JvCuKmnq?F)D|)|O z%x5vA*gNZ0;6ZtV`<75slfLRpS59ufmVMoK!;SLGK*PkwVSLicGYYne)Ie|#(V8@I zoo~A`DJ|ttA_WRjbC5f?a3sdhKyPvUAJENLTU=oGY1;CnAxET^&Mv{f`(#|`o0cem zA|&Iw7EH#?oZ2Mb&IRE_u!50~^s_$gGM}`>H|mR6Og;YCV2EWuWJULKN2v?HbKd3}U-P)Lp#;ZUbuGQ7#%=uM-8YL==5~onrhDK|qM(q=H+rPn z2g;vo_c&NX=Lu7N7aRxh9cbFDwi(nK&VdqRZ(nheuudi>$R^iRlVh%aveS_)KT2)d zt^S2P$p>lGeCzaV`a$FGE(D<((k=q&;~Z_3ex_)Ktf0}!;}Fa2w58y$#;?nTTZJq4 zx|npQ0YsFnG) zIw9lp?ArLL$Cqd~TKC(IoJ_{N{3DB5PF~SHJg5VDnw3T&+v%oUBc*P#?9=*>A*Q7p z)2gAx9|m{6N=toCn4h_&w@k9IRnf4Gq5hb}{9Eb=46{Tg!(9f>B> zydk0{IXu8Su<%5WK6Ri8o5Z$(ITK5kZ8V_nwspt-ASQQ|TmKeZ=Zb_L;2tge?#i9= zrza4+PjV}FUaE;5#MbI_0F!1j6`uDhk9-i4!MDC1U1It}Jz|uCz=D)hIIuC9hJ08O zKUi*SV>bE0vNebT0ZwcMtf7ol3l(#79Cjznml{Cp{{d(?eal;M$V^RVk(D#G3n?hh zcFFMiAKIQ77fTeF>>JYgkD2DZogfF|C@4$;I_SqN_)%Uro%G2vwXr}JFeMT>`b+k$ zQm*yi4Fe|j)O;G03GKg^bVxmJt8$w~(ja!kWjs=KS#i+mqAeEG?KJw_i43Z(uD z*lT?{YXdkh@iJQzU0twe7xr|pMo1LIHX`w)XR|qmNI2Rc`UfBW0pB;{t)|L+CNRnT z5Dm!C^<6A4y7*aHKIZ9fu3H&b@}z;Rj9h0W>OK07*`;`i*c|){@^xQzN_(b z7a;KE$6vW-3huLV8|Ar12L*9?0Ja6W2K~`s(}_F_k5%>001LNq#()UL?FIG8P|R*r8Nz4j`IjHi<;==0>4$T72yxS0Zis1O}{gaAais4P%&) z{WelaIzzIH^Rv_0>ik93->FSYEu>EB|HwcR~op@GT-;dMc7zjmOg@w ziB|$4S5z7;_f^W(r<%K6U#Nt?2u{|%#rNMV$M*$U8%s(Giu919o|N)cdlnz4Hwxo6 zoFn;0$pWKJDBqQ-C=VwqD@$8Yq-G6`RByS0K5NhTU2+)yh{x}E5RHfM*)z8sull`-gW##LM#}3Bp>|u42+q(P z&7R5lp{AQ>wr6KQReyC~3`Ly{c_5Lap+$`{+0o+Kh^|EuiM^n;(P?S4aa5`xyUl^k z1uk3|N(ioN(!p@KaL_m$=7h`^_L3TT2i(N-kJIC2Qj`IxkvDf7!aY)G_`dS2NUMh5 zgjt)M4=2AovKOk?Bnf|_)AFfSbF4u0sbqIPCB3!XQ=Dyjt{^7CfvKfMHS=Cu(_`+) z5+4-(4Y~iBG1N43ZM!>`zYin$3;7LTMi*PR?4`k4pj}to)z#H!S+__U$$b_SOEdV& zQG&3%VJ8ANh z1f<}wc-N3_KI?Yj5*L21RPSJb<(ve@uuc*vjTCFDH13u&=uJmba3t@kbi{(opW6_} zzk&9TjjDG!)!PM_?Y1-kx?VC_uFW@yBO@adxB4@1kgB|y5O9c#Rmc`K+jY-KVEcl9}_tGv}Q?f~RC+ z+^rvf0Yk5rDKP+6eM(b3y-X^2EffObX#kR)Sk4>`9&a-32d6&oa#)yfL5|1B)q zkiIOL)N0@y0|SGEl?Nme$&J}wKtjB&_8rPE^i^2*(jsP}s?B9s%ge46a0=Da(}(Og zjljL6ePh^j8a6>@|F1XcnLvgK??75imP`^egXkI{akguDilz7*cIFVNHgrjh`{IH5 za*|gB2sk)Izs)COm%VP)7#%PQQXr4==4-8@0M71~lK=hRP!-2leOX|gcE`I7s9&^M zwq)HUS;g3#4&quKry}+TS)sIyWrbzE4gbpTI|MV1Yo-UmxuKgQ8s+iB$*e~EQ_J4N zQTz8_4X>Pc-E3>u|07IaLLgt0Kh0Z7jFpg;<&BvDr=A0rS%WpxTINQd24gAoLGAot z2x?znbYTPbZe!{|g%-C`DFmhaD0?cndFxpoi#-c@q)wddRJ)Cq>&0Ei5D?d?}pH z$Xsx}e${Z7)cRr)y3)LRfb!=)eZ(LLjESv)3=|O4(*mk(27Y>bmzDO{6xyxL{s93P z*@*iTz^~Gd@^IT27bIQ^cYiO19%R2g6s=yfFRrHtW&ip5XqIRdaTU;?n4Y_i93=KM z<=Ms zpw)l1?2uT#tJaSiZeN$aJ}C-~Npj%O*SsaXdffizoMU|bQFi*XM#R6BzLh^E;vQ1#Eg%A!7U@a1F;R}lpo*PxIWLEk{>nL> zl$&~z$Ng~p|Dxs&#?!Icq5y>Jky5yC@eP~DjkwopD2+wvE(U|iD4`^O$ti8~Z}Ax-nZJO>_qEUoX#c*CE`~G-OSQoc zrBE|BDJMU_kaxkv2*Gv*m^q{K(>)m~tZDxdP61WlRzT8e9k-o>O0;SeBd{e{ zn^q%2Y7p_@S7jdf`}fAwQFB>Y5Uac}<_UBN^jx^Uq(IZfmN zwj|I0r7-IR?3*hqg3sOlzV`q3bEWr1x_3IPJMnku{_kf-1>m4eZL!vj`{%y@($xNZ z-Y~qlYIxYsF#i){|GXcsk;p9oiQD^R_HqEt|5xz$_luV_U?PIIjLiz{sQ#|i|9-+I z1M0g@(vkiDwwCt61FWTYdf5X1wG{a~(Z9^~|DXGJ5L9N+9NLzqW9s^++YW7(he!Vo z+iSrLk3#5M51sQ@rj|C$_LIlShLamK9b*_*e-xjBKlmGf!YrR$`f(i(-I_c_!4wG@ z8Jg1Xl7Hot#DHms4*7wMBz!_GIP>pWeZ?{~HT_31Wt=~!XBvq7*P|jvxOowJKJgg9 z|JS1uZ#RC4mJcLU|I41d{l%XA^7V$F zee>U8bb~s39lo+GboFn* z{pX|}fSpd(s66*DO z_y&O3MM6T-y>5H-Z!#!Pa?%^ye|AIkd^YpQmoF0+`0N;&lc(tI2HEu|^+E81gcuOl zY;-6Ds(}ORmIHl#Kj_*X6y?AFOH?4XNoqeclrlKjiOP4bx5&-UA7s<^q#XoNJIxNt z{GIycNfA(?Qv+A)jD|7Qzy`r7?6!iffV!4?m>1AehG8cbK4fKQS7EQe`zOQ!@d^FM z=@KoHK@cryoh)Lo{#evlz;ObH0I;nF6`nb(*(h3mVO;=HtiitW zw!ZU5v>H>ob(7!&~Qk|@-6Rr%Y$Fa7h&i+=51?e<%8w!*9Q;bI*!RRo(P-Q!6Hgd9@zBrPr; zn>Va3?`=fz6aMA(L2!9V;okZ;nF6ldP~{aBLt9#a+SJ#1dPeV`Q6V>gxZGnyXbwpo zPv@a)0{_skIikHDyf9=m9wSw2HY>*FcG*~9Ar>#gR;5%4LA4dHx>L@X?jFu@{YEJ; zUiIMkZMpd2^em6LO=C%(@`3R+L(G?(FD@c~pAtVlK%?camkOBgd66k+)R7JJ2dyD# zF=|Pwlu-jnU%-42ezUsU0K-JF{<|xwfwDtIW*(WhJRYun=%EiNOeGL68e237jtXt3}!JyI3=)vGuO-Dz(U}&4i z+ap!)fi6Cfc!Q`631_Rt(@KRyD>ODwh1?abHX#~wAuU~DCHhe3vGVHDqWqoJZIVSF zW-yR_A*1^Ow$lAkyM9pba{$R12ky4-3c-uM6@&dil|!xB-@n_gdM4g^%2A2Vu`U8V zKX-sCQd3ZWEdGaDyxhwy`cXe*1mbevvEhNmStWvO=oX+76@4Y^U4QagDKl;Z0c7@E z#p3r5ErkLTygMN|;rm^-8yR8uE3Fy3@#bPTEq1vIF7ufuiwl zUV9S&D@YU9>8bZpysz9-y2H+l$lX<&mSk^y6ye<{?1gdf$k#V2-n`{Uxr0vFQFd_2 zbF`-|2rvgIV}HQs6>Y$P&T{ zNReDDS!1w^*5VEQ*gI_U*V-Och+M5jS=tj+D91{?qq5x!)r z$?EG%4fIv=L8d+lm&{x=Q000>4vs*=jh?>tt;ej{Ecf1mJrb!Pu3o(!c&GgVPYE$> znFddXB9;=uOrS$F9P^KI5@;C^01=3G$_F7=?7q8HP2Y%|`c30o7rap{Z(j8Z?~5kz zDZS;~C$ebZ>Bjd$3!jG{3IBp{yeR|v3xdF>!M%ZjqT-`F=SAgd;E15gI@+64nGTsj z5paXgxIpF1K@f!4j!_dem+JNnF zrjiKi-Mi^qDJiMqwr+N_FA&i=Z>QF#j(LZR$R1z6evLr?)|YO}TaxVNmSR>W204p@ zaWa2I+ilKPpIKB@O6}bk9j9#FJ8g{^pNsBkDW_^96l^=|FseWu2NQxa##(IH+{E`x zlPO&@GhdSEbp>0*!(zKKmcFm(&_IBP0t^@eYU)uzD)T?Q$k(0_tO-HACN);=;Q|?B zkXg6498V#4F|rt^w+%!rshxKp&6wY%%rrwja1e|~r1G&H%cy5KgcYOuEOcqq56qb9 zRcTy00RLbNnH=fuw|czS!0oZYPU#u%x$Z{Nfew75ccfGO8hw0lAdtzv%A9SR*%D`P ze}Jk43u%FLbIkRe>BSRmGLDkH+heLa0jNzUU9XqVv67q)g_Eas$e?{*LHqc)BLR_A z4=7^YZdL;+C@DjLh99`U^^?eKhY}d70Xj2vJ$@Vdlpfi>MvQX#Out#c9`Ls_ zgeQYr;TJpUPyA624=J9bo_n!XTjD7S`aR=wEL0Tl2Bl^N13mFyLEx`|AV1_1OS+f> z)AkO4$K(T!f>K0hBk_R11_IuoYBe!PR1 zp9f_AMKyR>q!15t0v%6j8|#(@s-#la5-lw)^v)9yUBRt4cFX=Z?h5vovOm(v`gxLs zHl9OYY0Eu*HH{co$YVmFS6WN@Y_WMTmi?}~xA(KHttI^T+QnMS^M}!u52*p1FT(*G z?Ewe~bh>p%JQTFDY3ViFVJPR^-iXc~Uc6pkkuHzXh2=av{hjisw~%l*WZEz>q=b;Z z_4f{5SVcvt%37BWmDnEzTm)-QWTw*b*bAw`uAtqfN1~3OFXLHO6wI!#?+$1k7UY~! zFP=Z~Qc{$c*@u&VulpF8`x-{z6Y^SigfW`Rc=Tfa?z}d5_kbhoZcZzo|G)&vcVp(2 zo0B@)oO71{)1Beh^}!jfRfosis84uX#RH`!98y%*n-fjN?DkM|Iu(Usnz^^2 zvX3&Q8IPt_1Ky8wfXNR{5U^GdB^HxMr=)1^qqFk2D?ot|F=U?(Ru6+JrW=Lj6Uu>19b9Cl6q3yJz6!PF-y_<0VF2ajm1DF%|XKb zZn%JbE=^1N`R2|hbxVr}Kl%tAL&*GUd!m>Rr`+*jiHdW)9#>as*l4l0ja@iU7Bv2R zbR_ijpyT>bEEJohrnv7R=N0AZt|A9}cAE2!S27pb6-APuIa>Q|-bG}FxEIWi9~Q2O zw>FOw>h*_8rTdjYv#6Cc$h_hDU@h;DeSiPDFM z5B75GPU@Z;N)*G(DKg8J!z#E5Ipp4MyLkq=la3bKV)wIB4h)RV8t9iH@D_@QZ`3*_ znuY9E4S9Z=V7R}#WYo9$M1{|*q~HkJqLs-Wes><%N&f>SFgdWh;PLMKw8aocNi{uN zxzM%R;}~P^=aM8KEE(#jIwwAD?mC>;+kX1))#g2Vm#?FLLSraDSs7?uo zx|9&omuh(*9;9-Nt`UJUPQ{l?LFZ)RgEowgDH3(y8d#6&+erG6%u3tFrXnfQWiw87 zd?1cWStg!ZO|Ul-kF4M74ruGbVSA{+VodVu$M0eSbGx2h$;<57HX-}~D7W9HTVK2o z5u`3pCpK#$F4yFL47z_W*4GocIAv6eVj58*f4@<%(MV_U$Ua2WH5y8JLtq~w6ew(^ z59N53;1Z%2T6r*^sL)k-D5EP~V-*AktiyFA2-w(y+FnfwwCVK0D&?AG?9>|Ig!J^@ z9k#Yd93D2~vUzaj^hxZSTV_6zL8PpB+q@yWqUM?TXn3#rK;G7TI!B9RV-9Mq0cYb& zLXNy)xY+nBE{<4bgRv3K!3H?bhOqDu!cgbrvRy=E@u)2u#aTN0F48MgI_=%;*ceHH z*yA<0$6N8&JU6yQKLrhQHN_`jCMy)aeCWx-52;{EXPjN3(zDi-*;`KIZ7QdG^wJ}9 zOuLFi&oq3V6i_g;2&Z=kEo&xPDIjbveE%fOk)K(~k{CXARu(-PvK`8YUE|NO9j`Q| zG03!Isv=2HCekjS)-^t^cy@Z437C`m7Zn%By;G>w*Vq3o)#wnOvVI)N5~FFJP-|t5 z2_`+3rOWXHQ|30qZQ|{S%#ZS&h}cSnFt<=!u>UYNg%->F^;LhJdj5{C_&PoFh~bGj z%N%`Fu20@xta|+?`-OzTW2Og-H33K{y{w5?@X*~}gp+305KJz0i?sK$@VX z%Q5sSKWb5M7x|pyarU0B_+^Xe|$CNE14ncaizGWpf^8Cr&w z>dL(|E3g_it*=-KcJ8DslbeinQLi3-nn?4IuDB@kPpR~yv3`$=p!>u_f9}ESIM*PAX)+yhxvU{B08VDc;q^#hwOS|;lv-a~ zi}g#0i4g+qH?x3dN0{t3_<#e@;H5h}jRhhEoLWpbY<-fDgox;=CSuEnO+1GvPi{K= z-hd@rzxGorUyG}l9Olw2bNq2?O(H1XVPB&}mM7aOd`iSGjGph^ z1_wdgFatKM+o2CMQsg*SF=J_HMH7$TU~EBbDtC=QC$wr}`Wr?=ff$o2Rff9y5K2sF zy2-K*<3Z#f{vz7kzan{?>hO37?KNksG?lc3mhDWcXlCP#7)9MHU+c(6@3shrb!FA} z-wO`-LUfgNv zl1#=9Eyk3O==44SqAd;hfqm8z*)8&Z+}Ezw@BNrdKEMI+>5R~Lsd0`N!Zh;Y^khI1 ztMHnM8CC^#q~%QRFillZ4K1{^-Z@8`{KdIn4vaoB$jEw2aR*>y7R7gto24zAzzSjL zUSSWMwwBP}*=Iq(T>b)|II_A^RGm@nQl`m!od=;eerL+-U%-HVNpwsgH(bdvWCP(2 zWTwA5a$FupiJ$X5%Hw#QFQ1!iM_4lJZJ;}jv{ZSAZ|7rZV#*=UxMwAR*&BjL+i)@R z!O>>(ccXAdMCn8D$DN1-YZTE31%&%Ul8Yq_w#0Pz%T}YSuA4Ra1UrM^C$Gd=^7@{K z=Gpeu3c|CqrNnd|!lkslX-)-xf)S~Vuy+_g`qhlp-5%M4vr7ReGQJtC+irmv4Y4jt zLpjp2c`1*IByG~S4zPK;77bqJu2_b)AbR8|mIu9zSw6ubkWjx~KAJ0mhqEQ>V^9~1 z8}-dc2rDUmcQ4sQ&eXV$v5VDr$74j^4{u~z-Cz&r8dBfFizApl^zKCr9Vxp)Ry*CB>uR6f>oD_0`2`&%LuNShh)H{6+gq zgC?Cojhci(%~@8Oums-?H~@vet$nMHu%Lm_l16lH^s~y<{ij=*!kT-Aj#) zJ#T{X8$rmEm)jn1!B4B?RbcXCBtqpan{kJ$icLe%aG6p85m}!@gY(V)HX*8T9@_ak$U67L_Y{)u1I+_nOH7nG@0yt=Q z(sFXnky^r3$*KJMCH=)i1o`R-W4~xgb7hHS{RAKbB^540P+6tWVBYOC9yB637et_NM-M; zu=eWjq@rj%C_ zTP3Erg%$EiIpG83S~tkGFv;W=W@G?T1Z#YzlEfZMgm^Wr1(J(3q?h&$GBC6Xpt_Tj z6Zx2VHlGnW&>$cp@PDD3gZ+^f`wDxz=crJd6t?6Q zPGQX$V^G+l)3`FMC}M&%Nd$=8Pa zmqS8BsYm5tBv7L47r&B%jmZujpbj^~#t6X?ntWGlL9u7n)jYQW+H-@&oCRIXKOtn! z(QD)jyM*favTH^3B=Zm1!u9#?)9b)81y{~ zn{E`qTo9}OgQ?`~l?$0O_{k8YE_ zq=j%V^=f$@J~nIVOrdx1^11@AWfB}%JkK|`L*xQK9$h{>5Ru)HE4Ah4tyV@bMMNB6 zW_|Et#8cpAmw1?`{mzEys#{BTHcm@-ygn52mD1gZ8D9G}9a@Ev_My3bs9$V!!Z2*= zB}0Q4o63;^9H+u7R{Ms#bVnGeIAPZ4ONS4}jh{$PJtGud-PF-?*?E~-iebN&u8Ppl zCATCjTlE(zJ8D=yyF9v%s+7i5juAtA<=|__a=s{V9PY)E8>d!TvBtt37F|U0YIQFN z+p>!$26O2WO)638@Q5J=M;G*C+7}dBgxabxZicAdKAqxBMx&l)whnwD2-!a4*$#g{ zcPWFRQEuaM$(hDU)PUNR%>Es2Ue6!&%ji@SZ;02r9du?{^H>QLNFMo&=Y#&uCo{GS zXj1npl&)1AfPpg)=K=N?OPa;u!#duxH~|5HnQK^ad8>L<{4LNnGq`65YI3{~hPgY5 zdUi`#A{I{`@$~K9G?`m6(`>-a^wY9zry$Afa3@Z~#rshafH0up7V0Y4&W5aA- z?KFa@B5CLqT4G&o(o12ekfKvduTsUJs3ES(g_jQGT1Nn?dlGdq^qy{FAwDf1XTDC+ zuI>oia$O?wX%`;Y-zg93YI+YtLWymWkrIonN*X%rs4b zrv6SOv>_)P+XCU2V{}mGE8cdfg4rxa@U&#;(3}7s=G@yqq(X4O7vczua7RpMd!kr(Em-iL_Uk z{+@g={=iVKT>5>3|GjkQcafaqX}eZm_^C8`bM?8VbqQ7#al+iRO5cHVYBjmbv#BEH z5!YWT!@+Uj?l05>^KG;H`7-Wf>C2OqEb%DaKl8IpkjOfsDpXD>C6f&(;^kP43bXdj zo1T_#jvgTAPF|VSGK+|a9yju;#J9|zr-mRUt z%097~2z9exz%#6+_9bA_$~{6ZHv=UPWL-Viw^mVVR9%^|Ar((ou{l(l%XmejMgDH1 z?wb>~eryahTpTfO&M4a`jDXbvrM@w z^T5e`|I(qR+~lNen`mvV5u5K-Y0dTEKD0K239@||zBw~7riYkD7Xr(>2VWy{3=u#6 zb!bSaL@h9;v(tWB+~*bS%w?2^hgcS*O|=F-M>;wj6d_A?%I%m)-WA8+Bjdw$OR~DF zS4;%8wB2*gc=i)1M((U8&ak@2nawUzM!R6x`%Is?+qwK965|q(4Zmeusa(Gwr8zmc zOkRvQqAN5~N)HJu@b|5qCmdOSwF`u=+n}qm)6Mm@OWx0lYR5NC36&(ec~47e1L$8D1@}oC zJ7>&l1~Br}q!|Ae7g^edGl=62^|-4`nXbEYug< zuV5Nm=9(E7X$MsmKJ0VRlFf0^O8Rrh;|m6ZV^NfrVWP)QuiKt^px!2NQ{3qT3E~xW zj%~EhZuwz_bAs0zz5K0t3CnGNIsEzD7t7f__o+PPnLE+vm2)1R`5BKssZL*v^5cSO z%oblE&Cf1rejpZjI>;&iN;n97d`P?7+uQX{>s^B>nB>vXWu6o7hX>{eW7HN{h!<@3 zm&Xe>o5t-L4S2^3LveR3fy7xSv>*3W<&i8qI$A?Xe|<3rf3d;>pY2i+Ws+W%wA*Rv zmyA`Q?gy{Ej2w%vg_l!4-Z_h=KixAT9%-#o|zx{Gyxe%`ws zqFnq|pnvuS(EPzZtQGAgJ+B7(?n+8ZW&w74-vQ!WD#JKTvM;6YUoe(G6zS$-9X{6Y z=HmQ0$1&NdV0(LEdMSs6LW6>#km)65?ru^Ooj^T&weaBuKK>y3f;UuGGi#mHku3rZ ze_^YJq+&Oi!E&IUdce~`3B8E8()S;z_Z4&kbWT1_{t=Jc*g@0rXD$!V$D7+(*+ci$ zTvgMaOVzRd7&XdZxP*W1#wU|I`043MNl{PzlS(5kC#O110KsyNFzZX(8<{`5s+TkS zB>HgkNlA_J@nr*b5GmcDo4Z7$S!^D=84p(8e^G8=r4UxTKe;(wuXZfn?O^qKaB%}5 zsvV$woefx(o+ruSPBv7TQoM0K{!)$i4>-;Y0lw0mJJqkY+@~{}p0QQ^wSWF30l(zU z_IOn1T(oVhsEBsx;NkaY@aj2UHl9FrBQF@4Og*;i`M&M>v*haY(>0%@oLoN8=SA8T zZLwKy%maW$UXB70owb}|)6TB`YW?K?zPtN(&%zR^O}~2ap5htDCwAl_pTfJEp#Q)q zFGz|`0Y~uC($WRcY(&FNwo``9a!weqJ_Hx#S0@$a2y#W4P2l+J} zP_Md}okqpZLMW4%7440{&6K}<_)vxYGaf{Aa^ooRX=PmkfZ6-3R1O3r2$=Q7nQ4~Y zlTgp?q!AEIg821&rS*HXg|0hor%80kNyfC;h)GH3xcnbq!tKxD1Wim#I?Lg=c!^lA zFO40(kEpdw!E7yoY007I-cNhjxv}#K_Tm(OwAQlFZ^W$0+_U!mS=LCDSM|2PT+B57372fQ z=y29^UiA@8gR98ZcfN=+Msa)pP{3;`ZS?th;5IJ{nP~g_9M3V*G7j*ckFiy$@~UE z@WV~HSgx+MnNWP`S+^8wtiBh!=tHYKQIi~<=^ia}ips+rb7?BV=~hEo`uPLo9IQTR zsZ#-0spOe$Uaoyc7+_=-fhLoeZBhmlOl(}-cvzw8L|*v*;gVx}?zckw_%f%+^>$YX zyiy*4GcqKcJt08F@D2s^`&WtcbqZhq!*D!`IQ-QoP;9c+*?x-7(&|_(+-;?5Wqrxh z`Ng!mYxQc5kYzzLQpmToP=z)CLi~*>1g|+8+~WkFU8iF7EBb4`Ig3=-jBjh2lA8UL zRRP$^x6N9ksDxAO_XF+37nqB4C4JPMh#n;Smh+cllOLu60#J{aVq0{GQ75Vlf6&%L zy6 zTl{=BC2VuX;UY0fzHxZvOYtV#L@(V5C{&b6Qt68v^?q%*IOUA7D{Skw?&%q;pe5KC z9z{JBrJaeE39Xw?_nzUQ^*O>smP?(xSJXIa`YaN6al2)qUfEPjnA!HOwdt*Iy^VIG zrxNw$K0?4B&zl*d2G|DEeZxu`G|lwa&4AA}xF-{Gm&JrI+Cy(u?A8=mt9 z+xM*Mw`MnkMLRWR`D!7YGG&(yE0qt~Ih83FUtmeD5SO-F5|NrP2RBGVw&Q`3ZZz+{ z$61~rSR-PJ4}QFn+X5@J9mT>0JprL43`R^YUSYc6mE;;nF}&tj)YI|$V-02u`f7eH z0Exv`W?6e6Jl-Y=yKOMd+hZOl{|Xi*2~^~u3cQyC+0A+l@Z)+}BJn(!9)ismp|NNs z+T|tn0H#1;PL989DyN98tu5^=fr-*N;ttZf90NA0lDtayRJ9`J5{JKNRgH8xvFy>b zmYUu9tozLxyqI!A;iPzMOC89VS!z=U#R3&*dk@LaFP0%Ty7chi5pQQFt6)K$md?pM zd{z@HB(q zS`lFyyD#50G$M-K|F|U!Ioz0N2T}z;gP2t+o>L~1;@vp~OR+!eX}++a>FNl~;bW|^ zLSC;4;nGhuG~CbYrP}#AcU;C3DEa~DnB#KOBm0P0Tg9J*8@9$q;m1!G7(-yrGpA>e zf%PQ%rjckiSAFcp;SEGyJ=Ztp3y_9YCa`x+;;<*(+}_5@nJUPuLO_rz?c?;SD4TN^ z^+XdHo8R~7Q-%mU3ZmXzzr$0nsY-krEAeB5H{3rJGz2W){ifFKUV6DKNW6m7;6 zS(bS=V;x_G;?7VHwlmF$&KF8ISw{TTRct}TWc`s`G6dPS1bN$0mkkn8d5=gR*;C_t z5_s8@(%F~K{)nU_SXdR$n4`VppJHvvN)T7CF4Jqi7vs_D^ zPwu;6yqpn&bpw8>bBZQh^)JkHJXkrri7buk*Hu!sROBQA2)$F&y7P`O>@{SkK%=P) zpjpf;>0<;A*W5yz`?VF=d1wo2W)~Hb-T0M8pY-m4hy?f0RK;2dW}KUcjv~3`jJ2C- zh@o7z_!hXuW|(m`8qECiWVd)%|nD$+veNka9P=)+6M2zkvEf>`eezy6;-B? z>`1X*y-Pfgp91eB3npE?DTgFXh?RbWs^OU_{Nf!x5Z+D<&SE~Iwl)#^ZX~>N^N@^o z^ENH;j5C6gpv+V1-1=TN4jH<88H?60A6)5I&2l6nAcY65iYmLa6G zMHWLcQLN?2LV2X>4xuf*@~`=jJzAP~ zbGv&@wT&vB67Q%>{Xt*e2fepiU}4pw2%2XXzD=g#;Ks>|-Wrlt`D|E{Y(8SHKT9(v zOjz5aqT4``I6RiZ=yumc1Txe0izu>gWyd^x#Ai$ z3zfp`(`G)qGYK>N0AJ!a`~kiDn-3P!&ipab-Dnful$k5QmNCmtOUI$Ur@FmuFyD6C z>&z@5Ajkwg-q_hf>bcU!_bJFySGkDMw$&kg|PB$ev>oRm;*8gkl8AH~G^@gq$nd$Xw6DDf>2P#z%Vd%@KpxB54#5oO4m4n}v3m zQ1&(4T}Pd&cWnp`W$6eLW6-TXG7S%ubJZGPh6Wi7!L3#j4|)a%scLTVY$YG;o8dhH zSi5W~vAT1|)8oBqR}i8D(2-+op~0ReFf=qYuD4PyotK!P2m#?2^2xcWlo01T4X1u? z-j+T^)SodzCW!f1@h*=?DJxrcTDa@U+F%-Z?Z?}Qr;o)M*}+-dK>BD7@$M>ryk6nk z&X&e;2Aa0luw8w9eUMd}EzafMVtnh}6WO4bM*};Anrj}~k=2;j06oS)k65CdmE7B^ z&g+qqB_$PQeFjC^wM|Bg{yGhN(^qXLkp`m%fhR{LK_CU;3bacd!_`5W{GEx*+Ue&S zWz;K-NPf~tntlzNXOzKoi$Z`9Lrg2skYLc@8XAd97wB?(-2-Lyf8RclLb-1s;`UveSXH`0DRp|JtC#?WP z&vHizz^-yf&if9zRITcJ1Ym{s!mH4+*_KE79yOSmH=(ttwSU~3nip760z(Y$O!*}W z29i)$u|Z7XER!X6>hHKMtYfSErKNse*m~;e%JQH?1k)mA`KhI7J{XMCiGXU(W&v^p z0NLIJ%nrMa_ik_dw4bz!tyT}`CceS*N$yXTWmT{D{-5^VI;hU2=@$(If&_vG5AFd1 z!QI{6Ns!>~4hin=?!JKFngq9nyX(RU?&Lfqd+&GGd+)8fb?Th|z7(};)ynhCO!xH6 z^mO;H+nlgdYy;lZ0nP%PakXl-WlWuTz(gT|(V5SqY}AB^=2e`aBb=v&|wso0zJK=9G)Ph_PY!d9q$(^7Nh- zs)4CoWDd%VTLtgHnCeOiY+^FPUF*_(-)^u6%D^^5k$gAn>J(*%i_eDKBoD(T*GL3w zt423ENr?qTtH395f4MO)s9nO{@_P;?J=e>!5A>e1z@^3X1$5EP&0M<|Oo);xJ+GS^ z5|AW{Wp9>7(5sg}g37iuJGN_3DbLK)v!u1Gqv>tLGQ{{@R~YpOnp=P3O`ul2L{n$E zi*s2pmZmdt_{>HEry-|K=8dktTnT0(>b`*vD8RZKJIzzefQGwVZpmhK8MKObQ~YeUmJBCZk8!nO$7w&t)cJJ2Apz# z)@?W#-!S%Pmto`jpv#rg__|q&c%R(m(egBVMMoj}@O3)8VKr9rp>J>DgA#T_2kOlV zrKF_P0-#wfUb0_tLs|U#hte{RtwlxC!&M(Sple3U`?xY&KGN3|+ts@vmyzqSs2MSU zxG$iB_S0$0Rro6npe{Fw^by8fJ)8o$ih_xHQdQY$yMk&vf?p_!bkY|8Tq8n#=J%R1 zda{5ngCj=LLan0M$;8c@A^BIx{0t4$$cUD0Y8441q+Tz7kW;zDABb02I~}i_pqTPj zL>1kH)x`v#?R~pJ)X*;?j4_FcM}bu&Ti42BRy#+`o#w(NGnxHKjF=mYL?SB~Z^c=u zOLb=)u0a=UpBc_;WjRn!$((5HCC_9%i#IdxcI{{dZFLPrVpyV?UtHXmv$egsIT}qO zEWr~Br1WC}ipf63Dge;`xFK}{PJ8l)>y4;aZB&R3ub_oLwMs2f={X4|oUjyK)m#Wu z!-m3w<0=~FQA!^v(Le1SAC|<<&$j6Kcnhy|8&D-0?0cLXxmSF)Uksxkwb%7h6RalR ztN5(tMQ$eKpaH9l&6qEn#h<vluyREO^)fiK%>7|N4;d9c-dE^XT&9Cw1@bdUoQ zbsX(sS+*ZMSCeR0Oe&2f{;A$T-qrIyvZzs@B+D)kb{Faw1jk4{C~eGhwdfG};WM*N zxPb6LhQ?}n0vocQ#_|9y!Ii;Gw5mc2XmYol(^BLTIJnIrd;F|nwcc5tGl151_he&Q zeFHOpc6L^F{CZ*|>ON)~q%8}C>!~3pK_C|sHu*)FDS+ZKD)nRyc;+XD23#^UG&K6& z5Xs-(?t|P&M)A0u4{-XQ%S|g|Mv=n&W$O^gX7Ky*1KL~9ef%Ee{o#2$4}Vl@Ru*AD z{>Vu4w<@^b!Gh_&IosrX59bp=ty|*QDrH5)7N>nNW_dKk+_WeImOplrY&~d3o;&gg zz(iGKu}NL+)0oJTu{=& zIIMwA9m`4JF@)BzY%P&%1Q)p6C(&z*b$55y+N|(lIpYx!$V~gx$dPtkz&lEY2iDE@ zH>;MruYD}s5=}2RFMb6Wp|JcC29uN|?GOr%7Rr9ek-3=>?RT8lZm6kq{@SkFxKmJd zPCQeelr`5-bqx%>kbmcC!Bm+JdZ}w{$w{Pn$I1+ZOFo6+vY5p_O#eh9D-Z@XkZ@>( z`GVB7ON;B^@GE2m%H5OBgKZAYS04e6MG&I`E?Wc)su_<$w5+TL59j<)`DrEZPh0^# zxGP^&ZQwX>1QG76v^51Wde5CtQ`vNQ!^;A3>o##KS?aZ77rK`R752&XEDi12>=54S z)I}|8B}?V--r_Z&F{quzX|s<%pMV=xHS}oI7#t-aLwgr%Fp;`Xj#na|rZsbTH@-W< z=p~Ji*TZ_DlzuD#-8)^Gjs3_GaC>EoY)rT@;P+*NG|axP+9`%(uWc~~c#(EdrC6eI zHRg&h$>v(DE56rbpsHPeQNV;~GoN#l279Zg$ z6sJWzffZN+M7@%e6m`OlTJ8F#{XUpgtrEWKDD$R6J6@l|dNWI8t*0+H5 zIb$1~QRb@azFS~!CBo0oUw~7o-;sHGdP)rh1p{TI1%OK9;BQz?rj*bQ{EGt8E=I~C z^8OiY80#;>u*#NIJJEN(F9fo?GRQsi+otrjow!B#wGq-WY5{7^m&3E&C6-#RLwoSt zx=9fRs&#EZAh@BM5J;($c5&PHtSl-AM6>Vm3%fxH+%zmDblcR^{45N&#UkFL* z>^5(B&xYR9mJHwDoLLa|23nx?4bbFr5|tNB#$hR7YUfyVmtwCe%M$T82-7VRHo*8b z!(@|B8|NO*)j4qMGCAXPce`ZE^ZiO}b^`JGG=9#?0(IOnxBWbbbKJ@=+v$|=7-wKT z2OK3H>j^}CR4nPOxdtlQ&_5RNn`OZYZvCe8O77b%2^m8wlIEEownh_#WcD}0?No^} z!nn7O4ENV}rrPH#;=9}56c&Jf{xn@4O2||21PTo)*t5D*(2Ju+rtLR%y)h&zK#3n@{HwFK*AKY&dNcq z;tTblPNUH42{E=Md%T_m*Z|><50;#-ipUZ~iu9q$SXmS9A0EsAJk$j`0l#WKJ2cO*gA3XK1drQ^6YaJwmr?f8yzRnp8Nt!RauDj!n zVo2+81iq7k^4q4eC3YeLycEj6pe~WimBI#l^ab^OZa5EDI-=aKc4zLfEd01d#9` zz~!Y;HbT*i5dpkpOYFDYc2^34$cJH%*UiX&)jl2A0wUWd+`+j^FP}`QPbbe70!Ldc zhxH;yLiPEw$1#QE7B7(b2UvDBjxyff?NT~ql2$-+>PjJHdbktVzs{1y_-}ym-?nF5 z!hLnQWj0Skc1EUY8Bh|$f30`1qMLI$&PsTDzi6bPVZr~?O{(vN33~z}qjr6`b?b?k zF`Cs(Wrh~Ca4c5ed@wVdB6Ipc{oA0J=;#kiVwPY2_z$R|$SX@a4AtLi3pEV4>hbb- zF4Pr)TVVp<#nquHD__MLaUdfi7GhbjD;N29-M;Kp{KKvy%GJIu)<6aH0(QXOAqM0$ z;;GPSiUn#ZNdlW)UcJ?Vl8g+JY$i|28`o8+JwRbsb|IjJ`+e%JYCtQX<8Qm&&nmj_ z2AG&$3>e2}cs<_W5)ull%e4o3yZrhxS*b7U>0^*v9-^O2Fln9jMUBYyQBW>HVl@sU9Y`AG|S2BY;E zcr-CP+~bdf2*=NtETOAj%=FzJ{9ii3Kgt2|C^N8G)FYWJ{yiywJUhTAlHfC`T#{yl z1eo8#^GAf9KK&AbHCk=VvBB`4X8tG}AK(G9k;i0<$$w)I{y4vWf7T*FQHRiX;=26p zcKJ&rpFs(u`o@|DTMJSA8T&uo3uGI^3rJexf*W7{cVjpJeImk+7_AGbw{X z+aBHjH1n5$q5@>%<)$e}{?qYaUrcd43DKZ5@6#sZ0ftq66=U+Rw|>K|{LufQNM z=2_-+yWgIn|1btX#J~V#2JTR*p#LS}|BOQ`@M%ug!dw2+%pdmnk^p3~h_L6x{x>&) zso~MyX1hE-JsC&3b?ryEqgwsro%78>5D9djxbxYy*4HNGhQG-9#ltl#Sistr%m&d&_14^|1P(#-#So5{e~pg8S3p5w6jo=7D`^u`r5+q% zr~c>l24YmS^}{M>(#6S-)QYJ8j|s>ECSc==MC)%I^Pi!=A_I8#Kd<}`$NshU0g1=? z-w_z!qLVb=*Z)~B0#?vr>c@rghrOoa=3HA_STlUV6_gn82*|nhR$#@BBSOO+}f;E+`aGB+%Ez)PD72x5{8X-Ox_MObr&Werg_m zr~FICIU<225xs$Eu^nrVNSk)^idqleawSPlzV-BZ#>FKGXw?=mGK$KE-{)JC1ayLN zL8<@v`=XKqBg(pp@@%R{+q#9;QJbYWIr;Y6=NX-i&3!Q{SN8kWQ-QtHD@2W{FV5}d zg++9QB33Za)|am1@HsG~44(Vi;`}+_+zU%OrMsa{od|zfbzNGon*I!tcH}k!#n_mL;+x+z z`H}!_vKTe6N*5fv-y04Lfbtvtgi{MVF}0F>U40QF-{d-UyPaQj9G7@}etFQe&qy?Z z5D6XJ+h{(v9ABN_vq`Kd**+LqvHfgMf&wkXA~i2a;cs^N3WT9u;|C>WR-XHQo;B!_ zWsiNg9GvM@BKrYH5+GM1&7N*SNYFAMGNBr4u8c@gpjbMxLQP%PWBD%{^ZU%vMrG%H`$fr&M9B0H>7B2E61sy*OLL7wbi^^cs@Td zz4X(5f7-M3&pt~aArL$1h!c*g3`c5ZuQ-s`cP3E4s3S@)iQJ>Qe^rR5&4aCS`+U3x zrV2*v>CIHXZ$DJ;Odl>;=Ia^1fHxCZItdp+ebJ)=r>iOu;9^*`i{U=zn|X2s2Sxt^ z(1+ZiYY6;|m_%b!r;llOzX%<@JUPJgaznyZkL||XD81-SnEaN|ljwkIr9%%mt|BqO z_CnCwSD!}pw;x4Jygd8gQ>P2vy(*N*=X8;fH`^_~vMoKM|D`8uMK`dU0tfQ1*+Ffl z2J8m_HqD4oq+^Fe94pA4A@&c}6h}`o-U*edlEMBR$F==#6e!V>{eIT|UE(MDS5gLF z*G1QcML!$`;qRnjc|>owraY5&4GMN4@ab_PmK1+jO&4WpwGnrZOc4Ejl5jltBP`j) zoOX$RuLA4z0s3+6(6kqvg*;+lV*a8hA?_kKyds0)U41%|McdT(^e*?4)$I4^jSq}3 zO+OAWN#U@*$|0to6hz-cO);S1 z03kxI_s!&cD@?(e*SGM8av)x8MxMSjZ&v2SK=K!HQAxX^ykwyCWvvuV$l}Wi#~|nS z^C4ti8o)yG7cjGJG}kucIRbg_i_xzW&7X+u?6bUA~ znO9eel5S2wA~Hv$LR?|e5(obd+K$lu7T$_rzNKW*UbzHCVJna_u`>s~-!>B?hn0gO zQy%(kJ)>~JG@JQ@ZuN3(q}DC$Z#C;kN+7HZHs@1aU>T$ zSm|d`8G7GHFB3@rYj2Nob`+e4!+e!`Z>Mg{_ucu!t?wJTR`{oEbY{1Rq2f1wgWRRn z(cJ^u&VsORXE*AXuZn1r#CGMaPOthhf#Su7Qzj!@E5!B3CBS)p<2y1zoR5wSw)j(>4=R6pt(lowKzv3^Qsv=eBj|ox!l; ziQ!H|n&1dnafgAO5}QZ`C^|b*bbBrE^7mV#4+g>AXVehg>G$D@hkRB|B5pn6B6Jk? ze}yn?nIR$n%*7SXqmJc;pw5u4;wUFtFbP_uM+*pgGmWQnYjz}$D`InNRwxiY$-V6> zXd1XvGjFLxiY~?tnUn&9%WXTap9_5FC%j%Ih93NbP3r}oE^3UihRb@CQ3b8%EB!g; zq+!n6THtPM2$h1vB|+Qmgk1r#l+{Re8RvVDkm}-cWAbDNua`4`QG4i;tHX1>@Rg|Z z*~_M8WfMzo^RcOvX`l|a7ZgU!O?S|YdUuoE-6FeDA}&KL8hBmobvj~n86MXAJ_~CE z+lRv(L3Eh0Bo~M}7@a7O7t#p>)X$kc`PvtMYuVpI;DfcOKKedkjm%ZG6oq>oM(DzC zO9vL2_|=|?JHM8<#F^j1Y7EFz#FzD0C*d0x;A(VoqLXQgf10#SF4V- zl4iEh;z{(;jnBMXBnQax zO?4)kh8bD06+AKaM-uI7asHQuH*wN)&uPz4Nh;-^trb?T^qP|Vtx^lnp}LydLr1J) zd$hHFWt&*nojguDE>j*+XfXB39K;dJDj!h_s@qpT9)Tpe=Hkf7*#Aa`O#;X;$sZ5I zJ*314LEFpYvco1*=6ZhsUo`;WOHBgSSQT>}BKjp($ZWX%J?7w&I0QxAI{qjC@MlWkf!#6hsg%KR zh9}BAlH8hU{`^-X3zRFmZnMW2hd6rlJ5&>SLx$-e#Bz1kj7HrtJPNOWQz!5MGcK1j zv5e6j-`y|Ca&ytgfll!~(UPMtl(^$u{Dp^d5{}On)NjPqb+@k3bTY@OLDX2og2N7s ziF5!?lz`@x=6tW7FyQ*nH2xb>g-_N4#e^Ol&gPL4loElmFcg}R#3>mWo^|YMdB3qh zcD`MTw51uoT{ZR>qDpUiX_HCE;Tua2n{9DzFm+(YoGD4J@lHkJfWYGCXFMU+W5cFK zUNCr4Gm8p%XOc;^MJwT42n*OZ{_BoEL|@mr_Uyt`}c zpq?yGq!-h#ynh-(Qv>K~+lC=de@ z%_H)#<)D4}@gG)2=M9}Mzt0`N*W^_nCM310`W-vFsQGUf;>ov=n?KsJw6*SNWTavy zs!gbQ?-C`W$^hc1*dkzaVb7rXZtG?=10xM-$4Ch;Y`}an%*VjUmzIicHXpuE3CFFw z(4WG|+LusHkhr00yoM!ki1PufLs+MK+f0wFH}tc5CgEa|Z$G0<=;?#aD+&VpD0C#jK&I&Zpo;lIW0ym<&$n-f1jEvfOkI7Thrj?h>! zfBWm36i%;QJ@tM8_ODU><@Y*-as8`&dWGj(xcAQ)OTLQRT?f^jZ(M|sFXn%S6r`^Q zh4)$A+dhRp^FA|L0f&>8e(cQWm9BG2nFW+GU=uU-h8F)i=t|Es@v_YyW*+0Pz=y>n z6!5tj1>7{-s^PIVd5It`@m7A(;u5^{aS4j8O4XQD=OW%Rfe%81-{*XAqN#1};wbeYmL zLfeC(eI74!6Ii$^9}whoEv^`~AkUxy!dEi9y(_;dfZx`e-rdMJ7&J|6BUru*vXe;I zguAM&wqvtsaQ}t72mUBVHXC}+5EQyY#vOQ)s!h6&vQ-A_Vl4N=DM_T*%cfGIh@wSi zx3s|X@O$>F^*`5qztDzS78egPibd9Huw`w5X64;Bk4FQ*O1lVMs_! z!)y?2y$_&_b?wOvu3mjDC-J@sL^C!V*a@p*c1irHibQL>q_j)C{JLTr=KW*4l^N=a zGAw!bAB4hif0ND=ITPEw!lqLol%gNW37-x9Fc6Ya3p~J1L-~D(JOu>S-h)owup(q zjfQLdXty!|F-6Qh!0tYMTN8zV_*)%j;r8RV&y5z6dz;(O1?J$Yu?PUTL^Ml8TRF?j!=CI`^hF_^eQp=fwQUL>| z14)W?_nFJD>sRKIVb==!#+Inv4mX)+h}q6w?633_FOWr>7KaSwmQ7eOs48Pwl-}Z;RVs=$K2))5|qPdP{R7Ch`Bdcw`Vw@(1&a!oJ zA2jg;eoK^Sod70upi~u_v?PL!a`XLXVZo~!_G@gt@Z~RtY!tQ1q(S+|rguiF}hR>8!{F>c@A!-Q`Rw<<3ql?%-?wZ2w;Q*|v8xA#KF3w%ImP^e#}&fF z5yIX@9rc|@!&zHHdAUX@(;eho!*4hbo2;)$&-^-S*uiNLs0lnoW4Cw+`Uy2&H;p(H z;CPj3ZtvG8+&^lTI1}^Pr>|a*oc9R3(T?~L#NBz_N!Q=Ty;JtFk*_lnt7EV)$*I>~ zdA$Hxqu+9* zr>GkejESFtrI;cQaVCGiTtN_9V`LJU+EPr1rw{OJ(f?b?fhCu7t#yyF_Ha^p-}4u* zC{bQ{ec?#-E$3EO;6?{2vMVqytHn@WGE8n4%yCCP{6V_VzN5&tkUH#|&`=y{6{V3D zl9yM@)OYUIyHQdTHtb!tV{(mGWodi7-1`i?@kHwdg88OD3|?H14*JXBSn6eA1Ug*f zS6Em8YVrNB141ZWsacig?!@b2!tRrYn)B`val}cK`|ZvEme@g@k8%$5Ifd&Ln4khm z)$}cu&9Aa^wJC9P!TG1@flz%MP<6=@ItkHT;HyoP4k@ zo)@3oAA7v5?$b53!Dg)H6KQqDN$%{~Rg*f;#Ptlur zl`Z#}ix_l{hg#|oQVWeHObR<36W+7!DonH!wY>rX3aOvUXVA3|sR4>Yau(%=inVb+ z0qgqeDGa3!XG-U|ObiM#s~S(p7!wn6M&QODd#|<7w`eH?wxCfUD?_cKE;&lO-*Y%p z|3bxD+gN&NSxLk8P%Lgmbc(a2VAtmq2f}d;>c*${@$%<|=(9iOY#Mt(bW#z`*(YJh2FD+J*FHw^L%n(Q0xfo{iE%4Zi%Kr`z3JuME-$c;7!seeE%xo| zq$bsq0$63t3QBS0^=4kk{z$(}7|Q?ki?t zvD9HZT4B@?jAuUvzV>!0v&_gpO3mF}cY<|pc_;>N9iN$`j3NkB7FQLejP8a*5 zmBwr+>;Cqgo5OfAt(^Q)vT@ntcZi33eRax5OQIq+8*1d+7nf>KbWXeDq89J@1Xn-9v#>=pwfdO#8{#>TDUu%+Bq#3U$Gy-!LfEQe zs-P&h<^htCGmLlZC7R_8%M{@|z@k^F4hwFF*v{0fAI zhTa9q^GPd%vINm$VoJTFeM(JWU6V*gJ&{k=x(B++w6pv`H%H#>o4p|E+-JbmV0~ZM zIU?>0hwx=M$rz9}$V_Vps1h`4X6y#!~l-W1E~$jIgtFwdYl!Xk|{PLn zNC5K#y47^qYH7bh=93;QFW1T@QnibL;aw}!1`yp{wQ_-gqa?Z5=E2VU>;CL~LY`k! z$h0Q{UwooSULC>eDUpJ@o*MusG**g@ z6ovJeuM+;J^@dB zBr4FXgO5FaS|u=1!xAe2%I-31EUu5)1h-M=)X|GRts8ZHFHs<`9bwQY%&4+FujoXf zY@UPzd<1pm-=6qqP~QDWHsT$R!!}bZV`M?9YRdiA%|<6th$E9_plllDq6wADcb5lK zz4S52GDsx)YDX+h!e;|FB`0noRKp4k|Z_lugXjzc|_Bp2e z`e*Uo_vufqFs8AOL#w?uUS4la(pT}(c7BunijZ6P8X3ub%b53v$}sjZxFDo$K{+Z} zAarxfU+zRnoD}Mwl&@Oe#n++3*y~M{CeinXBtGDs$w8U`8>n>k|aJmzjMSO(16we>p|Q97br;> zm*4rcM$d*pzQH4+!oF&R6+WFk1GkvBVcDIIkjFLp5y%gsq@zRd1RZ5@KG4{k0THzU zDSuy>Bb5FDv_6BTm;bQ3nsfd``pop|apSy0z9S#sWVtZcL93mz!lM^8^EsshJVm;V zw-g)UFjJdR)WIhuf&yozkIM)BKw_pF3Xi!rccDpS+N65v3*uc0Fe6lpNvbk%HPWgQ zrR8&Ul9J`dNHYz&djwlaY9*+mn%oUOLRA-L<}FVEB_LISRQS)0cXNnbol?d|(duMmo_lc)dk5Q1cEr^}LEe$>rCN z(}3_;^?G4&jj=wE#h*6)GNN%iIo0`s{$;n?BCb~X=dKtG(ynCuBLWIaQOi-Y^aCNM zeOK(9q=>0M>>9&IzgAysN~ARcO|Sb9w5x4i^#w4-s@U!%gp!fMx~4lLKyDBVKB zMwA8uoiNeSg=X~FBlJ8r2pdG$NI7NP#_Nl)V%|E`hR$RpVDH-<=-!*3Np_Q`wuO>5 zmCLXiyOBAK!9FSvgg7h%Xr(iPu(xky>CdaAYkdfh3nqQQQQ`>@2#wk^kDeFfTWy_Y zchx_*Sd-bPwd&l4{XA0}c5p&2ZI7`sOnDmIpy`OUBiW)%YUM<$Ha^4WS5a~Q0WA4{ zHeVZf0xa39tCI0q#|2;g><;LiblshyNqz)}B*f<3OCrJU@t(C=t9wM2s)8 zyZ*UGK4>T)uqp&EG1TFY*KcAGsu2kpIuOISOA*REm=a~)=XEh;mLz=vTzh>zFlOs7 zu<_i@7;leTY^I@4_7|-4)gj=VEcSw*c%fmtejdlUO^m$y`vfj?jo}cFkaEuGB0l!2 zb#nB4KpKIlY3`)CPMUO9D~bp zxkN6h+m+n`*XBVMUX-G#m(m<-j(T{8x2vX?Y$=#)I||2I5QEMe_yc}LA#I?NCgUYy zWA_^=_dM_3L}j(9Wnw`^UtpxB&Y9?!#;=P(VYb2O3<(n}Y~)vf zro!?bN|S7CVj}L-k`ri4j{or|eT7E7e>0^^UKHfaPLFg$9dHnHhIF)Dd4mz(eBhj! z>gZc!IEfCH*(EAL_upCINfqWmap=>P%Q1UQd`tK3c*MNq<%8Ssi7rxHhv9LiD+@kZ z0@rcO_F+7#mi9Q`=y{C~LeShmmL7O|r{U)kF5vTl8QoBhogAk^o&t@RubM&35E9KD zH$=Io8CF}-IUG!D>laSV_VESy`SOgQx3&*(&3JT7F8g1jZ7yGL4 z!;>Y-yTj}j+6uZg*ki?F7&zT1UXqFo%sD0;USO%L3kSzjiWn9Pm2jybhA;|<9lR3! z2ue)j{bhROEdVfekbo=Vgfzg~=!)@ZCq#?0jB75CetF8DIxI_kw<#GK8B*YUD2oPv z>QU&1r0;!!99!^CrJElR`Sp+PSIQdJikdqv*gifG3O9jJodV7*j|KE-p|M|M7I z7^UehgFY|OSVAeC_%;WFN^TS=-&B71qbLnyRNL72A!j+A&=RnBnxli`u6$TYwP=F1 zT^V|Tl#eBtqdDn|A9_ZqS)25^8?Bf$O$z-FHtXu1kSfD%x7U!i32by$>mUBU4w7!>G&n@3j;kDW$`XkA>gyCz!S~kJ z`BW>#pHu78gVY%Kv;%$X)rzQtTgDM3dBUtzv{IX|I$BM*=N%iPor|zbstNvrX0ees zMFiu>2)VvBO;PGDqd$9dCM(>2BwN*M{G=iRX+S9aKV2ToB}U!=InWY5C#R>&ynOvu zLE321aYFX|bdYi4*!zn6RSpv`3_bR0*uoz;>%Fi#0B1GJo}(RPy2|4m{t9@{gUU2E z$b}byB##tU(2dj{HuNK=uRj3{f2*NL4d2M?R|d)`{UHIu;f@D(3$Zk|O7#(N2j7hh zJzE;PwZcLM`cWt@@v~ZXj4g)@|Z#S6mXoO*;Z0s+EZiHL#oHnndsTVn)IUTlslF;j_^mz zgrb}RI@&?Ev=7W^lD6Df(Y}>@XBB_~tK;#Ld4nH2eEvwc&eDSXu**90U?pVN1jJ(Pp_b@3<)2? z_7(=e=618^wHM?;qd-A81rJ^L;dD+1m0^94Lslsnnf&W(S9hRZA%HIyp-=kg`za@M zSVlm}KdgMC3#RNcQ*lL9aZ<>^Nc=M*C#lvzFDtBK#%%a6;tZ$vKSalfS9@S?FM*`# z?pyjQoncl*mKuW-?{jx5uK04LUm(>g(7b({4FsPPHao6<&{Lvau34GtAQw&D)*C>F zu76#kpJ0wiBOA#)tjRN^Nl0|-*pZsXK$49fLW-D69e?KL^1(`ETfL&E!ThB-rbx&9hhgH@g$M89A@6$NE$m!A(5)v}mW*fbTz zBqxz?Ryoi1JkMZj{DXpBv-H+P*qIZATE%KKJQ%@&smdy%C7)1AxX^ypa`~A%WbGEc zZm*;La#yMp(IM?d6aKzCL8aiLx+ILg{evb~L3)x{jPbix*U%xrtC8A^rj#m?OBUm> zO{b^jn$C9GoK>Tj>zYcjV3r+4RZvAzFyF%?HZgTQql$nt9)~kX!ZJ5E7oU<+GA((3 z?DMOPIW6)HZ)zYi{-<5KVUHa-5|+fC4QYC4^wRgVoH~aX6pC-IyYGpS&rh=bBy(#0 zCNje$#JFRI-c!<5&YN!gM1z}Cpz>T%Z4IFtmiWRpLD|GvkiDR3lC`xp!IAcBW@LQ6 zQZSSHa<%CKjaEH(5F|WprL+RC<;f?d%yj;Jzgt{k)hvbyEz}YcC+x*0FHBseK z-Rs$f(tBJ#y1G=t@%W*-48x`(Aw7l>Bzt&y#nm5d?3!1%i?i z(G6OXh38?2UG~BDJs-l5VZ(bnj zYBnNo9lfjF+sYA!8F+cHQpwgjv{ORjzqV1gp6GGdPqB9cF^S@ftj5nhE z?f(94Z-IZ>;RBcKdI|SH+1Ud0E+3aP5OQMNLdnF^M^-<1y{cdO;+rL}jW^CYJFbzk zl7p=|VBl&GPd}eo_B!&NGsqC-9a>PMSo|pWrG>xD&>zOqwf)RAjM^Y>5E zN@D#7f%Rmg`4Hy&kvF6s572}@gncvKuB)1UGX&be)#*gApuDn@*Uh`9NrYS+ZVl=0 zU$@2p=zn%a=G;*GIfg!Inp8N>wFte@Aa zbYJcq*4>R|dZBEKc$%pjE%9kARL6bQp96k8_IpLt#Nd^1`_ zQ+o$+bdbshs;A8uc{Kh$ISkS%}z^xY9i*=^i?e0bP`xA z(!)+nsj0FZSRl~aSzxWQsJBq#1iR(`g+2WI*?fe_`UH_>EwF|Ks;e62=wYEq1qV+Y zYVD9v`<+w^F?17<0q|Ht-u?7SU4QffY(LiKbLZcy%F~nZ)e(M1xJL~nf#SY*HN&A; zkq)9o14?tZ!pj48e@64o574=bQ$?$id!`lzvSpvkX~;{!`z?A;3LA34*F?@Qq)Jp? zQjXfY*5Tpu?%j_~_$tg<-g**$s6akO*ZV{sR5&yLf+7yhkS-({*SiEc6M=8rzQ;=)YLT z>O@{M)S88clq!=iIg?Ggx^Niuz>By_&lg(kqVojIY)X^4v$YCbv2p*MKz*oQmma@TyVdhh1 ze2TP>ja8H;o(11!OY50TFBO0F`@vXj9h0x1?SnE{uiFRg;bpDq*tRK~7QG`X^2=OE z8_e%UzI}t42Hh!e-cEfn-Uj)+nZ;YY=JnhCTGaB@^o#gcP$u`{oH}ShUHW6@go&IB zq#ARYS;hhtJ;-d{okGC(85A@n$BI`Q^;Q((ge$^ZVdel$m_MGqCggvq9B$#0OJk)+s)|$u3 zXM$^twkz8ldvzAe9<6=QNk9QRXqa2lQBR(qeb`q?4;c7^0s4 zow_md<`iv0@1uuj2Za0*e&_H3&2tKIw`{8c!jPEcb9={pwX(l;arP!|Y+pn@Dk5=f&^lgMo9Kvd zI~TbqnPGbK!ON-nE9lWgpZ>M2-#+AOx@%f?saFSSV_D1h(-?oGr(AAyqp7zIj{mo` ziLYDIE7yX!bN4aKY)6BGUy{EMUs>`Yo=#_h`ZzRuJ@|m{gi_4Df^}D3WTg_f}5gL7ASlmbx8E3IwC^X?ft@nR06J z_9_Ql?#P-=+RB_wBjvDNnod+{P@LO;qIiuz<*onk>ucE+;keTh~ z6~S|~2^@XZbr=F243iS{r!j864(4eTlNf5l4)nelE-5Mk%Oxb~aWC*j-ZDZMQQ9P7 zzU@`R4SHqdfzu$wM`?=(OxS3}<|=5Y=w(&3Qcr{;!1{Oj3x73wq9Yg^6@5cimHdgE zbm$n8F&A`)Bd9XU-%Ifi_XMy2o*ECM70U`=}cKcl%H8 za{@z8clc`l?>_!b+F$PjqzD;+n>1Pf-A5@re2A(B)}LMG&w~PTP$W!{#q!jD_n`{o z-$h#-*+~!U zWy)LKS*=Vv#*O?>6Rm=N{c~30X8Cz27tK$IQi*D)#Yq<(K4FwUYn)@H#{g7U*pUSm($Ki;Tp#FPLJADZsa${2b{NGaNj{qO? zF&^>h&A%mnavTyYNzvf(F#Bd6P{w>6PjH~Sb_xt@nOve99bKhF# Xl5qW1M3POP0skaL Date: Sun, 30 Apr 2023 14:41:34 +0530 Subject: [PATCH 3/3] Address review comments on Ether-type and IP-type Ether-type and IP type is not enforced in SWSS. The underlying SAI platform handles the case when both of these fields are not provided. --- doc/acl/Extend-L3V6ACLs.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/acl/Extend-L3V6ACLs.md b/doc/acl/Extend-L3V6ACLs.md index e5d74cb0c7..e1cb2fa629 100644 --- a/doc/acl/Extend-L3V6ACLs.md +++ b/doc/acl/Extend-L3V6ACLs.md @@ -277,7 +277,10 @@ New fields are added to the ACL capability in STATE_DB to help applications iden - L4_DST_PORT - TCP_FLAGS -***Note**: Every ACL Rule, should include at least one of [*IP_TYPE*, *ETHER_TYPE*] in the matching criteria when matching of L3 header fields. This allows orchestrator to decide in which underlying SAI ACL table to place the rule in. If these fields are not provided in the ACL rule, the rule is placed in the SAI IPv4 ACL table and the behavior is dependent on the platform. +***Note**: It is recommended that every ACL Rule should include at least one of [*IP_TYPE*, *ETHER_TYPE*] in the matching criteria when matching of L3 header fields. When we handle unsupported platforms by adding two ACL tables in SAI, this allows orchestrator to decide in which underlying SAI ACL table to place the rule in. In phase-1, if these fields are not provided in the ACL rule, the underlying SAI platform must do one of the following: +1) install a single rule if the hardware supports it, or +2) make multiple rules (one rule per IP type), or +3) throw error as unsupported. **Actions allowed in the table of the type L3V4V6**