From 3b27c5c7043021b100e8503167dc359eaf25edc8 Mon Sep 17 00:00:00 2001
From: "M. Mert Yildiran" <mehmet@up9.com>
Date: Tue, 31 May 2022 00:10:32 +0300
Subject: [PATCH] Fix the mixed offsets and dissection preparation

---
 tap/extensions/http/main.go        |   2 ++
 tap/tlstapper/bpf/golang_uprobes.c |   2 +-
 tap/tlstapper/golang_hooks.go      |   6 +++---
 tap/tlstapper/golang_offsets.go    |   4 ++--
 tap/tlstapper/tls_poller.go        |  13 ++++++++++++-
 tap/tlstapper/tlstapper_bpfeb.o    | Bin 125296 -> 125344 bytes
 tap/tlstapper/tlstapper_bpfel.o    | Bin 125296 -> 125344 bytes
 7 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/tap/extensions/http/main.go b/tap/extensions/http/main.go
index 6bc18086b..8365333b0 100644
--- a/tap/extensions/http/main.go
+++ b/tap/extensions/http/main.go
@@ -186,6 +186,8 @@ func (d dissecting) Dissect(b *bufio.Reader, reader api.TcpReader, options *api.
 			}
 		} else {
 			switchingProtocolsHTTP2, err = handleHTTP1ServerStream(b, reader.GetReadProgress(), reader.GetParent().GetOrigin(), reader.GetTcpID(), reader.GetCounterPair(), reader.GetCaptureTime(), reader.GetEmitter(), options, reqResMatcher)
+			// TODO: Golang TLS malformed HTTP response
+			fmt.Printf("err: %v\n", err)
 			if err == io.EOF || err == io.ErrUnexpectedEOF {
 				break
 			} else if err != nil {
diff --git a/tap/tlstapper/bpf/golang_uprobes.c b/tap/tlstapper/bpf/golang_uprobes.c
index 3514cc807..8c979ebc3 100644
--- a/tap/tlstapper/bpf/golang_uprobes.c
+++ b/tap/tlstapper/bpf/golang_uprobes.c
@@ -137,7 +137,7 @@ static __always_inline int golang_net_http_dialconn_uprobe(struct pt_regs *ctx)
     __u64 key_socket = (pid << 32) + ctx->r14;
     status = bpf_map_update_elem(&golang_socket_dials, &key_socket, &b, BPF_ANY);
     if (status != 0) {
-        bpf_printk("[golang_net_socket_uprobe] error setting socket: %d", status);
+        bpf_printk("[golang_net_http_dialconn_uprobe] error setting socket: %d", status);
     }
 
     return 0;
diff --git a/tap/tlstapper/golang_hooks.go b/tap/tlstapper/golang_hooks.go
index d04da4f57..4f4a5537f 100644
--- a/tap/tlstapper/golang_hooks.go
+++ b/tap/tlstapper/golang_hooks.go
@@ -34,7 +34,7 @@ func (s *golangHooks) installHooks(bpfObjects *tlsTapperObjects, ex *link.Execut
 	// Relative offset points to
 	// [`net/http.(*Transport).dialConn+412`](https://github.com/golang/go/blob/fe4de36198794c447fbd9d7cc2d7199a506c76a5/src/net/http/transport.go#L1564)
 	s.golangDialProbe, err = ex.Uprobe(golangDialSymbol, bpfObjects.GolangNetHttpDialconnUprobe, &link.UprobeOptions{
-		Offset: offsets.GolangWriteOffset + 0x19c,
+		Offset: offsets.GolangDialOffset + 0x19c,
 	})
 
 	if err != nil {
@@ -44,7 +44,7 @@ func (s *golangHooks) installHooks(bpfObjects *tlsTapperObjects, ex *link.Execut
 	// Relative offset points to
 	// [`net.socket+127`](https://github.com/golang/go/blob/fe4de36198794c447fbd9d7cc2d7199a506c76a5/src/net/sock_posix.go#L23)
 	s.golangSocketProbe, err = ex.Uprobe(golangSocketSymbol, bpfObjects.GolangNetSocketUprobe, &link.UprobeOptions{
-		Offset: offsets.GolangWriteOffset + 0x7f,
+		Offset: offsets.GolangSocketOffset + 0x7f,
 	})
 
 	if err != nil {
@@ -63,7 +63,7 @@ func (s *golangHooks) installHooks(bpfObjects *tlsTapperObjects, ex *link.Execut
 
 	// Relative offset points to
 	// [`net/http.(*persistConn).Read+92`](https://github.com/golang/go/blob/fe4de36198794c447fbd9d7cc2d7199a506c76a5/src/net/http/transport.go#L1929)
-	s.golangReadProbe, err = ex.Uprobe(golangWriteSymbol, bpfObjects.GolangNetHttpReadUprobe, &link.UprobeOptions{
+	s.golangReadProbe, err = ex.Uprobe(golangReadSymbol, bpfObjects.GolangNetHttpReadUprobe, &link.UprobeOptions{
 		Offset: offsets.GolangReadOffset + 0x5c,
 	})
 
diff --git a/tap/tlstapper/golang_offsets.go b/tap/tlstapper/golang_offsets.go
index ec4622f55..183aa5e48 100644
--- a/tap/tlstapper/golang_offsets.go
+++ b/tap/tlstapper/golang_offsets.go
@@ -67,10 +67,10 @@ func findGolangOffsets(filePath string) (golangOffsets, error) {
 	}
 
 	return golangOffsets{
+		GolangDialOffset:   dialOffset,
+		GolangSocketOffset: socketOffset,
 		GolangWriteOffset:  writeOffset,
 		GolangReadOffset:   readOffset,
-		GolangSocketOffset: socketOffset,
-		GolangDialOffset:   dialOffset,
 	}, nil
 }
 
diff --git a/tap/tlstapper/tls_poller.go b/tap/tlstapper/tls_poller.go
index b3845c62c..871ecdcba 100644
--- a/tap/tlstapper/tls_poller.go
+++ b/tap/tlstapper/tls_poller.go
@@ -172,6 +172,16 @@ func (p *tlsPoller) pollGolangReadWrite(rd *ringbuf.Reader, emitter api.Emitter,
 		}
 
 		if connection.GotRequest && connection.GotResponse {
+			// TODO: Remove these comments
+			// fmt.Printf("\n\nconnection.Pid: %v\n", connection.Pid)
+			// fmt.Printf("connection.ConnAddr: 0x%x\n", connection.ConnAddr)
+			// fmt.Printf("connection.AddressPair.srcIp: %v\n", connection.AddressPair.srcIp)
+			// fmt.Printf("connection.AddressPair.srcPort: %v\n", connection.AddressPair.srcPort)
+			// fmt.Printf("connection.AddressPair.dstIp: %v\n", connection.AddressPair.dstIp)
+			// fmt.Printf("connection.AddressPair.dstPort: %v\n", connection.AddressPair.dstPort)
+			// fmt.Printf("connection.Request:\n%v\n", unix.ByteSliceToString(connection.Request))
+			// fmt.Printf("connection.Response:\n%v\n", unix.ByteSliceToString(connection.Response))
+
 			tcpid := p.buildTcpId(&connection.AddressPair)
 
 			tlsEmitter := &tlsEmitter{
@@ -188,7 +198,7 @@ func (p *tlsPoller) pollGolangReadWrite(rd *ringbuf.Reader, emitter api.Emitter,
 				extension:     p.extension,
 				emitter:       tlsEmitter,
 				counterPair:   &api.CounterPair{},
-				reqResMatcher: p.reqResMatcher,
+				reqResMatcher: p.extension.Dissector.NewResponseRequestMatcher(),
 			}
 
 			stream := &tlsStream{
@@ -211,6 +221,7 @@ func (p *tlsPoller) pollGolangReadWrite(rd *ringbuf.Reader, emitter api.Emitter,
 				SrcPort: reader.tcpID.DstPort,
 				DstPort: reader.tcpID.SrcPort,
 			}
+			reader.progress = &api.ReadProgress{}
 
 			err = p.extension.Dissector.Dissect(bufio.NewReader(bytes.NewReader(connection.Response)), reader, options)
 
diff --git a/tap/tlstapper/tlstapper_bpfeb.o b/tap/tlstapper/tlstapper_bpfeb.o
index b81c2c071a6848448e0785f7475a13e5629d09a0..adddb91cc5accea142a9f4bcbddb8bd2aca0e077 100644
GIT binary patch
delta 3705
zcmb7GeQZ=!7C+~`K|bVTa9L)i4D`_tw|v>6EDVg%LD4h;;xu6^e$ldR11zM}QWYZF
zk`TZM*&%P^b(2-vMEYSgfh|cPF<RI)63xb0S+f0OH#<_dl-+Dn49S*=>Hf~U_cd=O
zVWT&B@1Ea1=bm%V@1FB!#=e@`d1Y#*l5=OP4jh@@Lf&ZTaesg0K>I=g`+6p>$vhC2
zcX{LPu8EvTQQ)Swb&kmU_BQN(wQFKXWLe+Uyu%TBUsGEf*0UnZdh6a+N8}frrdF(9
z7Fn<VvPtCTx|dq8J}7cDyp3p2!`@~Ab&b2WLvda!h<3KMwTRr@)K-V}GyeMa<{fn+
zKeuD=9<29@{7I3#iKgNJ6B84?1C9ri{i8?!5pn-LIM4mdspD>4=R$s^|FzEVLa|FB
zqA9ScAc|bYyvDPq$ba0Er{~`vWx%y~2609)gIboN_fEqbBLR7?`=`^DT;YCyIuaZI
zf9_`IyK`&0i+QH|Vs|8V;jY`dx+Al`L?CmB1w-zq-OD)V-t3N)ug5MMx@h6qu{IY^
zifCc2yP~I<pLI9)L}DNQh$vmy^#}K2Po#YK2Sxe5r+DS~OwG<yL}eRIta&(xFm@jv
zjIyWk64`-V?{4mmwC^@69awp3HULHq9_%W6y#Qwla907oP=G%xz+V;Mk=gV>UclS=
z2Ib)bT<*^8`x!5F*W&$<yS=Y;))Uxo$S!}%J=qtDJ!@7vF~5eV0nZ@1X`6cyyBgga
zeWm;>ch>t6ZtX9Be_GU(Wl{f@OXp|TNC66AGLl3^am+q`lxV@X0lWbhEcE&MY9dF9
z*vFfQN~ZU}@aHdT+flD`a4(UaWK~Uv#hAwYEm<j;M<r|}9*igwh`vZvF97=lTYn>J
zoCS=&n#9rrs6D|pu6xf<fvYrzqz4*=J|<G9mhp)u-|!wRW(y35G>-NV9h7eo4(K^P
zNOTzXl9J%5r9^MzAna&7Wf@VY=qt?rG4<Oe{M;0nM#t3cC7k>P#MqNW=Wt7GqIh@)
z@TlJ9>n)S6+~G%%E#p<9{1H(slV0py^~O>i1>%jRoZN*S{;)f=SCC6t9NfFZ0J%je
zb3-N?$mLKzxg3HnKrYXmBv+kS#-|LGJQIhy8<j=-iR1ZHa+y#io^f1I$%%X_IVF0N
zbkQYsa=A_t;?3ogRPvU5DtSvjm7d<GazTvvc_b5{k{bh5F4(3Ht<X^*e!b$ZRB{Ur
z?v?*yB!Cf*;#r6C5P%4RrB06-Dkrg_Qn1u%#!wlLs&}gRRJ*?{R9-f2Unc5}0HaF1
zFoMItLk7P^^uc`KTma7jM%7N*V?Se$htHw@gz74drJg<#suM)_h`~Zz^;Po5DO$V@
z@fnCxK$nrV*W{1GJ%(qU@gn7AeXAhrTLoF)$<O);xEC_+NY+{H*7Gl~Art0vV#fg<
z)7U<U+7SD3jTgn$p_QDJLqog>@#i8wL!6Rajh97T#MKtC@q*krExG$%uBw#}>eLrq
zRfitrq}+%<?39iLDtHi7*wq>r|AcraddjX3U_`N74BklGf++U>0({KiJ;aAm#&)N{
zM~Q#)81NaQcHy|#H#i?KkN`P@uMqzZzYg}O#xr&h_Z9)0G>iX5+$nfm>&XmhZ1L~e
zJ4B&y07DmY@Fyd9fKY`taHbJ|AO>lTg~xNqFtpX^Yt_w%&`9v@)T)|Qyk_%N#4OWs
z#iR2bS%?-a8*5&E*;w-sLB2a;kNU9U`DJ68#fl@aUp9-^khNTzVN`F6zf9IDX&%Fb
zhb8W~(Z5Aj0`|B~FHBr8nuifu!s26WJuF`s?3u*!g>i^h%Yq+Jy2ry$leIxAZmY&%
z#@d7fa=p>Nr<SbN6}I?2bpWDiE^8~!P=cRBT8{@qyp=paR)+v{9DGu&!v!oIE@0_+
zK1-&#tm6Te#G^NcOc?wUpI?j>!xEay8Wj6+qradyp_{AZf?5wznyci$WDNzHt29Mc
z4pkXwE^Aa$H(p9x)!Bqj9U`y2YjfF~K!x92rDw^yb1!gOpT)!QYS(Lw-mt^cJeLhV
zO12}-V{)6+=K^}1Qfgl}*A=oW&^&?Sw^yNALP$~Wp!Ba~FBj}+OlE|tG)D8-tDp-d
z0vOIi)f)Q;@OuTlV<$wvpCVoWl!z_Ab)gQuq4bujS*M!^;@Ndvqd3V&cx>QUl51m@
zMFY7ly!uTDDw^XpT%poAew5Fsj7$lYm1$6gzxJlIOf4!S)7vVGX+}NiF-$7;cb=~*
zud&0`Dt!$m`&CA!H&hnWj1$_ha=^D7hUEs89_B}^WK?B_VLGU?GUZhG8%!yc{szkD
zNo54qtE|9njtc)1utTL~N~w%Yohpk-{d$DMs(6H})R!XFi8SXrPg80HWp_qpM_`M5
suESA-qte$sM;VzATc(r>k9v#gQP?ygw!o~)%7la6z-o4pO5b4Te<kTw@c;k-

delta 3841
zcmbtWeQXrh5ue#Tmybd?2*hXmY_GqB6O;H#9q>mRj<3clq!@?;h!9M$MJNbgsH=jC
z<dy0oP^qxAm0uJk${{txpj2{kBrFBBrzC$k3Nohs$CapZ35l^4C2}GvMXA;FH~Zc?
zdnXYo%9D2A{AOln-u!lE@6!LAH}j8q{q;Qb*Tl)w3!>z&gBQFjr%(143AhTKQ`1QY
zFMOR990NYm)zd7p^Q-QIzrFDFM4<0EeC&|cclAI&9_WuB?>;Va*FL8U`q4n2I^O-P
zukYFaYv?n99$}9Vl@T55>e&y&NMJZ{?9hIZ_a5p#>ZLZ8bHnibGw&CAhchcYJKg7<
zNyj-g{A&8Yk@hzuL<MlIB`O@lzE+-tJc-*<TuEF<af#lA{wwTFxH6FchaGyx7K_Zs
z9jg)YLhnDX*0)zI(k7n*OIv?RRP_1x$>^QDSl(V>B0nZUP2}}NC0D*%<Pss+)KYTO
z`}AVn=6{*U8$*$QMpW92$ToDbd$Ux!4R)U;Z|R@!_foG#+IO00kB6fD9PM!Nd!6&$
z*UC3vGm*E1BL9M@;?{RQXL2yI_;V8t6;yBXwhtEewju5^Tn;pQjGV;&10#1p-)UqQ
z^0E5>u(snuJ5>KB51-A$FXrJZxp+r)CRb7YULJlw4}X!1YZm0;GOy{<O0Mz_;J(T`
zd#S2Mn#VMFO)F%Xunt^OuIOE&nw{RwONG44o5oZ7yrq|`iViN(O$`TnMs8T(yynR8
z6PM@5%z!N${@q(6_iazWCbJ={g{XK1_5iO#yM7YFo6uxJXkf>QoUstzN>phLpS$_q
zQ@!}GEWw*9e2%Qd0z84whhYAKtRx<fN!of`Sh1bBeyQss45(o17E$M77!hX<!zR5g
z*hV==<*0}wcy3{`>2E}8td9TK6*x*m-~c&}6B@_TM5jt&pD}??5%s}eN)-QjRYWh~
zAna&dP)C#&d#!nXT8%!)dkf$in^v_CaZ5YIA~5#`-Vd8BK3)hsrJoAymMOOg&s>9S
znW&QG9b~agc|}T%JfyQgjMZ_=VLTBm+tpD)E{)^h{yPkjTij&cn8^lmIg(2*`(MUy
z$mK<I<f?0R{EDHH7kvwr#m^JRbE)L&Tq?OSmr72Cs4RX{Wmf4TAvzDwQOQr{Qpr!|
zQt8_RDod6TKb=b@cZR4e*`<aa)>$A%AGs%$oC1}8`&Ve9<2Xh9$7m0M$RJqy^o*f$
z4#OsWDp>lo-%uG}s;(#amEJ%tRE}!5csJ2tAuzhsPa`-AjQ;WQd7{@J0M3T+5@2-g
zoIjptJmcfPp#OyGgvQcO*M#aud>ws<Sv675TMDG4Syh|hEqfqJ1C63;f5`n`7yWqY
zSwB-w)pzr%zMEI|Y;M(?P1Unf^|%fTNiS1n>D$DP1C^=DK7}z8|1Y(F*$OrEBW{sH
zL!5#5sE9j=lTxdRQuZQoD}Ha;L_zJ`Cbb7q##F~@U3%G=8d}XQ@<xJXCv`4R!5L6t
zw`yFzi1@jB;EoVR7CU9|CgK#b*eCMv8H2ls`-FqE!7lNiHUJM1^~xJ54;)594w4{i
z@O9#s@OxoTX}s_d@nA8qDYN`Gaayn`lgyIAmiWHEgWrK@2*Va}@P8nDfJm)&aG3aY
zacI+6czgpDMs^$fHsv&6kPzG1rrZWz`-J=!RO`GF(YZ?&vW45mTAtfB)^cPB4T}}e
zZ5uNzRvd|gwy8*vwMvFzN*@HnV>QU|7$$ryc?}cs^JF!`A8%6+hhPj3Befh8A7kq$
z*n{Emv3y}1qBY_WB$Vm#aT{5iq~i<|V8+^t19FG4zpQqz(H&OtvKoYFhRfQGGgRWG
z(t2E260LG2S*`$c9DGu&zC4!t@>n{T%aR!`>s*K>iRiBhljZ<fBNfmXmM~maM*Iy+
zl~+`vQ4bfy6hs-W${DgILc>+nL{=6BgoewSlG06-sv|1fs7r^KXu9Wc*;_$HFkDra
z$(sEkaGO4>j}g`G&=|8}M{yc^)L@rvX9KXQZO)zz*>OtgeLY;)$*#rlgqq)Oz_3JO
zCgC{Qs{}h5lUb33#uy&E0k%kE2qSo;Rpa0Q!K`3*>_)MlphEv8qeX1_t&6z&fvQiH
z+pLENVz!yLtJN+1dmg_!(!x&_S)9EZZRa(AfS_8lyq4!HH_Pj|Uu9&A4SaxmS|#=7
z%GRbbvYi<Ckk>6tl3uq+rT)zisQn+Z!;W%c6Gzz&4BUoem-ee43LJ04afNbk^J7-?
zl*+(|`v*S4eMlu`iz@dc*!GUAjKIXe$3XjLRPtk>Hs#6|RT<e*1C!#RlCr^sO|6@R
z^~NN$y&^5S1L^ORDDUw*yw-YlM!9!<=ZtLq15>z1RZ=ztm_n*fBo>$+n8qE4nuhYm
JXUd&s=l@xUJV*cl

diff --git a/tap/tlstapper/tlstapper_bpfel.o b/tap/tlstapper/tlstapper_bpfel.o
index fa615255e1b8d3be3c2d7ea4d8084438fc995ce9..357ba0b0c9b8ab25cdb903ff7c578569c8824672 100644
GIT binary patch
delta 3839
zcma);e@vBC7{{OUUVhxGf>73l8_Gq+&?xaoa)ZiiS%EsyGBq;5fNANFh>S@IZBE6^
zvEJ74kEYj6MVd7V8?rTH)RxpAkw&rB>L!Yq%UE-1>7?&--t%&QY&y?&-g7?B^PK0L
z^SsaV-aC9MK5#m|IZFgTncleF6;G;_Z!tgJUe_>D!K+)&jPRsG5M@>nZSVvYr+{DG
zRK9_Am9=@^dQX2yURhhq@|UXCLEbwmf5BT>!}6L<HISbil~<L%R&B{&tgQERS@Jd5
zptRzpwXE1!zNxC-b3C-5vbL1v>uYPP>pg9w^5@rW+Q{;?RqIOYJx7%Mivuhniif`=
zBO@an22p<dxgBTR=EbfF<`4UKo23Ddc)fi~;95*-x0@)IC?*Rl`Y_K`Yl;3e_Z)I(
ziWH)UAn8Jn#awCOcP!>;P9Gl0<~N6C&dP!Wig9^Lp&rH~7_O$?!hd3<f3xWDBr(pc
zI_ysEyyq6n6261hK32ckefT~RG%p=?XD+}ibl@_4x`@l*V#$#C(N~%?TGD3~!;+8t
z6ePMCi!k}fd;9zDYe^ShnkQP^nFATOv+sW`=?zz5$@>;zuf<cXy(VA|8Qp=-Z58A^
z_oA2SxgYa5be5N)Z_x5a%wNMCEpa&>>}P8fH;1@E85{@+6n94P*HL^biU*_k-zZMX
z<nx3MlxeXLWV%}?i5cd+)_cVqv!r!O!V^&0Z>GrH)9Oww){+1`yop|p-i2Obp1`UK
zbFg(v>dUafO~*q_CHz2(L9c0_{NdOXo#vkQ72TgDF3+_RQ`zL>ndY&g#De+ge<PPT
zYTOp0Z?G~$aRHuv-jIF?*wtSA{kJO{oLEzY1FT1CxpE8|*8Dd{;Wvo4ovEA<6=VJi
z=VTd51_SdisLF&2qNFf(g4vAqG05Y)P}@10F{tLl^8}H3z3-g{+b#}vy^u58tzUBs
zWE0;Y8rJ*<{Kjnq;GAqf1>eAgy+mHk_r*dVAj;A_44YX8iG1MsF+|UxC&FKWAlWuu
zEQn<%!}6c$BL7*QK8boyK1S59*E5d+4}~%7owz^S7env-9Q$cj`+tRdYu+cf&k)b6
zUG~Yr86scZ8s}H75w~G4D(VOUzufSs`@wwGh^WVi$f$$iLitfqA17`Wb^43w-5;AO
zc}q5pgXzrzUx%$HrisYFPel}TAXMNH)ri3R#c1HW<(_PP@osr3J3PEAL}Ylu5#a^f
z;Y~$$JMqgB5#9=1P=~ifZoOacQX+r7|5o9x7OGY<RN#@QX+(MGw9QItW|h=Ct)#Zu
z3Fh!JtME2kNzH6GA0|j@9o`1pG!CXGA!go;?mlAWxy?!7eyx8W`n!)31;cnecsOc(
z62i~xkD(_Z4|6oDy!%|`dAu@kOq4A%#iBSi#{3HA#XMK3hEwr(;&C|V#`0z`@8;C3
zVsSYt7T}0jT(@IkUhLcV1iMjb1#z!-gF!X>p5I^_FLK7dm#SwJ>s46s`ZT$9mdKB_
zrYA6ckf+a0!flaUT$RiRzy?Z~zgo=d_RHW!bDw-*wpgsZ^vSKWkrr%aH$PIJS%soY
zP=V$<(@}lv1(k)d0j}1(82Y$sL3L5QQ}agXleY;9Xx;&S>^(tk4r)*v+6KqN3=9|q
zHJ`?U#1Bvnn%9jX@*Kf6HU9y<CxB~ewlCzwM~yGU_FmX0g|QRtjlmxuHn0znr45{3
zyzrxfmT6XTJSJ$h=9Ti&9F!L?T`8B&6}e0Muwts-m&Mn>lw?Gv%>+Yzp;*sp<OD~g
zO`4&;P$_AgHlcEX*iM_=43tB*K|}D)ZdCcq#m`h2CxPv>QRU;qUOEAo$Ag`k)o1--
z94m~+fW3m|sSWH6@kLX-Dgzm}(4f_tRb-YJRHpf$oHkEq*g?4&(@=4(Hpn%ZXaSDO
zjgS8Tm>Q#^v@I%1;D{*g4v$i(xFEKpr2OO2ueVu`Z8DCBqNIweD-@+pc_UXBSEqc`
zr;F<fRweWsqs8T)g5nBVe+l^T>gq%AqOV>fKlbUX*T@_2a`WO^;utNiPvCXzb%U1a
z++~gf+r_3*Gs!_GwO$pE*FpW7ZM|J9tT&)X?pwvBiYLnvk^G*y4ocCv{1Z0xWIIp{
z);qC-m!nw~5A1zm>;xBRwhv&}imDx-gX&`N7iu(4eg`$`1()U0JY77O<;QvAX*rT7
z-V(zdZ{>?ssRkJxKd%t;-o_u1<-dt^nG+N#B1;wq#eC5wn|Sca9v-@+>vuI2@=z_C
zc-Sj@Fu2P0TlW}{$!A2aD3FC`psbTkJT%E346b(qmQ9CD9)Qh4SvVl(8!7p6*MN8w
z-g|%|C|zeU_+=pmgVxAhXQ3>UJ&fKGIp!R&Q5K$4Mol~fWDf?pb5Kl>X@eqLp5)mY
z%tW(n8iYlg?BM|yIL}_n<)ZV-OB0Yc=D{yrLm1#1gF%&Y*AQ%aWe-bnstb@#>XnNw
Hh-v==OrKbx

delta 3875
zcmbtWeN0qG5Z`@w90v*>Mhad*kKzX^$Z08Z&<gm`62CwxqOm9nSG823mPQZ_my{Sx
zo7Ci*Y-4J?G}Wq+1VN*yP3T7&5)D1uq@jsMDvHp?291A|*0lZ2zJ2iS5=}o|vODve
znVs30H}mcS-$#yo7kN01x1XKkI~c{8e5#!Oj)M)&Qzf_np=)L}t8(`LMS?`aZ`W24
zU*oOMZF2UR<lcIc*YDiDy~!CIlY1*%UXt(GQ@f|h*)uM$-|`O0>-N-cYjSpv$#;9}
zx3K9@AWlt_^WvCd)Argo>A=?A+qd}ZmL~D6&WP6A3I3hk@qSC7#orp3%Ii8m3H)I#
zyPUvS1Y_1TnD>HTMCb4ff{z0&z#?BH_hJ1Gxd*fx>re0`XUNr>NDQ;*V2k!YJf68e
z1rjJG=1PU!w3k30pkV(!qJQs+X=M>k-SuLV>q77y&;C2tJ+L>Dx$gh@#JuJoA)!kz
zHF<s+d~Pyh7M10b%2W&+qfB%heqxBet}(V8v=n;s{R#>7M_U1U!Zmj5h5zUsgkJlb
z&!+FZ0vF_ZrS6t?Z4I^?DgW=<tKs7Te30*A@XP#bP9`*$%wTLXkPB<0;tRmrut;8s
zRjuSc@Vmj|iCv2gp4i?nd?*Yb3Bw(scpd8w6|k#e_*NKx7>1)}(tXA+G|iuVYBo>x
zZ^oYPKX@v2=3-bF?Oz0b8_X-QHe!+7hgItDJ(a-A{ew7F;g3C?I<*RxNN^IAY%^_m
ztXMUjD^5>HRO2_f^W87c$F6nj;~{PGu*d5?Epa~fU-V9tcp3I;y?Z1s!rtrBi%Ei2
zSX$?y>sQzBav**&F0cc$8RgbkP~nH5yg*|VHj~caDFy!q7G-8v_y(FarkXK_3EP3m
zjO?wLf_Quo+=Rs!Y5Z8TA+|vrRAwOZ>BCO?09NvT#zqw04>z_J09=dosgVf#5n4*&
zc@fYD7)w)l7&Z$&Wh@6c--<I>vG7;KnYcBF7e<hiVKH+q&nqJ~A0L^xbBy(=^Ms>;
zhfJ9CcBD)8rO?~2AfCc9{?|xTVIj`X<(p&_A>!xpyq$E)czno)uq-l4K=0CAWDhW<
z8d78{4=pk<xg<Zb$P>A#$X-KigZN2BehXoelXz&6XCPyhv@9|z7*gZ{K33$*;`4Ns
z<YkeZVJ_vXJhYU+A*BR1N;w&gYkv)1&84hHG76WAwhR@eT*S<OS}E(e9D@{9=eQ)s
zp2uP>dcP8u{o1PctAXvnR7%3Kl!x_xjT2|*qhAfN4dNbURtwXFlY0M>p0ESBPw77Z
ze&!5g{U$sKcqHsRjUSzF!-_$FxfPcEbVc@Wq%?S(B!0-`D{N#8ewLfB*hsu=A>4|_
zeJPyNL-Iqw6wR)%%==MT-oPPwKQ`yRoZL`3Y!C;P8xZ*zd47d3F7$_ymz+}!;cu{_
z^YNl>0ndxj+52E$Aa>m}WQ#_kX(N0DSi@+Jn6oc|7lnI8#X`PPdg&Ey3wfS=C+aG!
z0CyxWvJ~B%6)8Lse|0i<a8_x;8gQM$%b>T_an=xqTNU;~AJ@WJKw%&7k`Fm+x3Fdz
z&@i}YGSFbqukbY-i2WFyukiM0#+)aSrosczI|E2lVIv_sK30?v*}GuxFkw5e%Zk4Z
zWMEt%O&M?(UicZ#N)(n|bdIwP3KxsyEQ}HzEfxo|_@dSHt1v^wCGjI*=FmdhW{M`i
zJfx>KvIB>-O%i@4a4dXWAU4{@oq};l*Vqu5!HpcBEN!f9<oEy^Z6n7g2eDKG5S|2V
zS6F_oU&OUcI2zc+S+)#d1jN@%;*u0}+%k=AP*_%GmBuO+J}SzxRfioF$H9&d*9MJg
z&oNertJ6c*pAF1>VO44gs}gWXmEJd3X?(aKHmW53W9w64wjxZ*#qlc1;p!f*QisUM
zQNz_Cc7c_{HG)$yecIS?c~UW4{qSN=eF$C@t`RqLRO&S%!}GM^T4fm<uG8>3;jzX_
zRPPeD0UN_6Thn1-JxVW!$7NxC3LAQ3R!FZwkKWgZOAb$(C8YVCSr(S4dO3)I&U6cg
zL4PMk@!Sf_;emaQ3EP2-6gDnk%nEm*vvVx0!HR!E^pa(Z6j+!~9k?$J<f`GhFK*`Y
zb;6y;eLQ&KY#uM4s`c{=(PcdQJuqTPKhNfN(b&)P`C-vTBvFhK2?)<mk~9)25nV(Y
z#3)Eq!7)9D8=~+wU&LLa@wRS5WUCkjiSh<?n|4t+0GoKxIKcC@p<HokfG<X@Q9#}<
zJa<4Gq7g(3ZW5R7K<O5v1V<`F?p?qV(Rf!HbrGo(qeR@oGYA45h{ze_Q^d7Fo-P`Q
zn|P0>BZTK3dD$lR-IHFr04XpLhwu#P$3e7UwYW3{n}8T4DQ-0k>9604eZzd#-<<_F
A2mk;8