From f38d5ee43f02f67cac5e780571f32d4c084ece2f Mon Sep 17 00:00:00 2001
From: "M. Mert Yildiran" <mehmet@up9.com>
Date: Wed, 8 Jun 2022 06:57:16 +0300
Subject: [PATCH] Add `go_abi_internal.h`

---
 tap/tlstapper/bpf/golang_uprobes.c          |  13 +-
 tap/tlstapper/bpf/include/go_abi_internal.h | 126 ++++++++++++++++++++
 tap/tlstapper/tlstapper_bpfeb.o             | Bin 152416 -> 152480 bytes
 tap/tlstapper/tlstapper_bpfel.o             | Bin 153232 -> 153296 bytes
 4 files changed, 132 insertions(+), 7 deletions(-)
 create mode 100644 tap/tlstapper/bpf/include/go_abi_internal.h

diff --git a/tap/tlstapper/bpf/golang_uprobes.c b/tap/tlstapper/bpf/golang_uprobes.c
index 4b5a35f71..6476d1b66 100644
--- a/tap/tlstapper/bpf/golang_uprobes.c
+++ b/tap/tlstapper/bpf/golang_uprobes.c
@@ -39,6 +39,7 @@ A Quick Guide to Go's Assembler: https://go.googlesource.com/go/+/refs/heads/dev
 #include "include/logger_messages.h"
 #include "include/pids.h"
 #include "include/common.h"
+#include "include/go_abi_internal.h"
 
 
 SEC("uprobe/golang_crypto_tls_write")
@@ -51,9 +52,8 @@ static int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) {
 
     struct ssl_info info = lookup_ssl_info(ctx, &ssl_write_context, pid_tgid);
 
-    // TODO: Try to make these architecture independent using macros
-    info.buffer_len = ctx->rcx;
-    info.buffer = (void*)ctx->rbx;
+    info.buffer_len = GO_ABI_INTERNAL_PT_REGS_R2(ctx);
+    info.buffer = (void*)GO_ABI_INTERNAL_PT_REGS_R4(ctx);
 
     long err = bpf_map_update_elem(&ssl_write_context, &pid_tgid, &info, BPF_ANY);
 
@@ -74,9 +74,9 @@ static int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
         return 0;
     }
 
-    void* stack_addr = (void*)ctx->rsp;
+    void* stack_addr = (void*)GO_ABI_INTERNAL_PT_REGS_SP(ctx);
     __u64 data_p;
-    // Address at ctx->rsp + 0xd8 holds the data
+    // Address at stack pointer + 0xd8 holds the data (*fragile* and probably specific to x86-64)
     __u32 status = bpf_probe_read(&data_p, sizeof(data_p), stack_addr + 0xd8);
     if (status < 0) {
         log_error(ctx, LOG_ERROR_GOLANG_READ_READING_DATA_POINTER, pid_tgid, status, 0l);
@@ -85,8 +85,7 @@ static int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
 
     struct ssl_info info = lookup_ssl_info(ctx, &ssl_read_context, pid_tgid);
 
-    // TODO: Try to make these architecture independent using macros
-    info.buffer_len = ctx->rcx;
+    info.buffer_len = GO_ABI_INTERNAL_PT_REGS_R2(ctx);
     info.buffer = (void*)data_p;
 
     long err = bpf_map_update_elem(&ssl_read_context, &pid_tgid, &info, BPF_ANY);
diff --git a/tap/tlstapper/bpf/include/go_abi_internal.h b/tap/tlstapper/bpf/include/go_abi_internal.h
new file mode 100644
index 000000000..8bcf1bb35
--- /dev/null
+++ b/tap/tlstapper/bpf/include/go_abi_internal.h
@@ -0,0 +1,126 @@
+/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */
+#ifndef __GOLANG_ABI_INTERNAL__
+#define __GOLANG_ABI_INTERNAL__
+
+/*
+Go internal ABI specification
+https://go.googlesource.com/go/+/refs/heads/master/src/cmd/compile/abi-internal.md
+*/
+
+/* Scan the ARCH passed in from ARCH env variable */
+#if defined(__TARGET_ARCH_x86)
+	#define bpf_target_x86
+	#define bpf_target_defined
+#elif defined(__TARGET_ARCH_s390)
+	#define bpf_target_s390
+	#define bpf_target_defined
+#elif defined(__TARGET_ARCH_arm)
+	#define bpf_target_arm
+	#define bpf_target_defined
+#elif defined(__TARGET_ARCH_arm64)
+	#define bpf_target_arm64
+	#define bpf_target_defined
+#elif defined(__TARGET_ARCH_mips)
+	#define bpf_target_mips
+	#define bpf_target_defined
+#elif defined(__TARGET_ARCH_powerpc)
+	#define bpf_target_powerpc
+	#define bpf_target_defined
+#elif defined(__TARGET_ARCH_sparc)
+	#define bpf_target_sparc
+	#define bpf_target_defined
+#else
+	#undef bpf_target_defined
+#endif
+
+/* Fall back to what the compiler says */
+#ifndef bpf_target_defined
+#if defined(__x86_64__)
+	#define bpf_target_x86
+#elif defined(__s390__)
+	#define bpf_target_s390
+#elif defined(__arm__)
+	#define bpf_target_arm
+#elif defined(__aarch64__)
+	#define bpf_target_arm64
+#elif defined(__mips__)
+	#define bpf_target_mips
+#elif defined(__powerpc__)
+	#define bpf_target_powerpc
+#elif defined(__sparc__)
+	#define bpf_target_sparc
+#endif
+#endif
+
+#if defined(bpf_target_x86)
+
+#ifdef __i386__
+
+/*
+https://go.googlesource.com/go/+/refs/heads/dev.regabi/src/cmd/compile/internal-abi.md#amd64-architecture
+https://github.com/golang/go/blob/go1.17.6/src/cmd/compile/internal/ssa/gen/AMD64Ops.go#L100
+*/
+#define GO_ABI_INTERNAL_PT_REGS_R1(x) ((x)->eax)
+#define GO_ABI_INTERNAL_PT_REGS_P2(x) ((x)->ecx)
+#define GO_ABI_INTERNAL_PT_REGS_P3(x) ((x)->edx)
+#define GO_ABI_INTERNAL_PT_REGS_P4(x) 0
+#define GO_ABI_INTERNAL_PT_REGS_P5(x) 0
+#define GO_ABI_INTERNAL_PT_REGS_P6(x) 0
+#define GO_ABI_INTERNAL_PT_REGS_SP(x) ((x)->esp)
+
+#else
+
+#define GO_ABI_INTERNAL_PT_REGS_R1(x) ((x)->rax)
+#define GO_ABI_INTERNAL_PT_REGS_R2(x) ((x)->rcx)
+#define GO_ABI_INTERNAL_PT_REGS_R3(x) ((x)->rdx)
+#define GO_ABI_INTERNAL_PT_REGS_R4(x) ((x)->rbx)
+#define GO_ABI_INTERNAL_PT_REGS_R5(x) ((x)->rbp)
+#define GO_ABI_INTERNAL_PT_REGS_R6(x) ((x)->rsi)
+#define GO_ABI_INTERNAL_PT_REGS_SP(x) ((x)->rsp)
+
+#endif
+
+#elif defined(bpf_target_arm)
+
+/*
+https://go.googlesource.com/go/+/refs/heads/master/src/cmd/compile/abi-internal.md#arm64-architecture
+https://github.com/golang/go/blob/go1.17.6/src/cmd/compile/internal/ssa/gen/ARM64Ops.go#L129-L131
+*/
+#define GO_ABI_INTERNAL_PT_REGS_R1(x) ((x)->uregs[0])
+#define GO_ABI_INTERNAL_PT_REGS_R2(x) ((x)->uregs[1])
+#define GO_ABI_INTERNAL_PT_REGS_R3(x) ((x)->uregs[2])
+#define GO_ABI_INTERNAL_PT_REGS_R4(x) ((x)->uregs[3])
+#define GO_ABI_INTERNAL_PT_REGS_R5(x) ((x)->uregs[4])
+#define GO_ABI_INTERNAL_PT_REGS_R6(x) ((x)->uregs[5])
+#define GO_ABI_INTERNAL_PT_REGS_SP(x) ((x)->uregs[14])
+
+#elif defined(bpf_target_arm64)
+
+/* arm64 provides struct user_pt_regs instead of struct pt_regs to userspace */
+struct pt_regs;
+#define PT_REGS_ARM64 const volatile struct user_pt_regs
+#define GO_ABI_INTERNAL_PT_REGS_R1(x) (((PT_REGS_ARM64 *)(x))->regs[0])
+#define GO_ABI_INTERNAL_PT_REGS_R2(x) (((PT_REGS_ARM64 *)(x))->regs[1])
+#define GO_ABI_INTERNAL_PT_REGS_R3(x) (((PT_REGS_ARM64 *)(x))->regs[2])
+#define GO_ABI_INTERNAL_PT_REGS_R4(x) (((PT_REGS_ARM64 *)(x))->regs[3])
+#define GO_ABI_INTERNAL_PT_REGS_R5(x) (((PT_REGS_ARM64 *)(x))->regs[4])
+#define GO_ABI_INTERNAL_PT_REGS_R6(x) (((PT_REGS_ARM64 *)(x))->regs[5])
+#define GO_ABI_INTERNAL_PT_REGS_SP(x) (((PT_REGS_ARM64 *)(x))->regs[30])
+
+#elif defined(bpf_target_powerpc)
+
+/*
+https://go.googlesource.com/go/+/refs/heads/master/src/cmd/compile/abi-internal.md#ppc64-architecture
+https://github.com/golang/go/blob/go1.17.6/src/cmd/compile/internal/ssa/gen/PPC64Ops.go#L125-L127
+*/
+#define GO_ABI_INTERNAL_PT_REGS_R1(x) ((x)->gpr[3])
+#define GO_ABI_INTERNAL_PT_REGS_R2(x) ((x)->gpr[4])
+#define GO_ABI_INTERNAL_PT_REGS_R3(x) ((x)->gpr[5])
+#define GO_ABI_INTERNAL_PT_REGS_R4(x) ((x)->gpr[6])
+#define GO_ABI_INTERNAL_PT_REGS_R5(x) ((x)->gpr[7])
+#define GO_ABI_INTERNAL_PT_REGS_R6(x) ((x)->gpr[8])
+#define GO_ABI_INTERNAL_PT_REGS_SP(x) ((x)->sp)
+
+#endif
+
+#endif
diff --git a/tap/tlstapper/tlstapper_bpfeb.o b/tap/tlstapper/tlstapper_bpfeb.o
index 405dad161869cdfd6e2faacde72f990b00304a7a..e946989b132f2e576e6988e2818f7186648b5e0d 100644
GIT binary patch
delta 4047
zcmb7GYiv}<6+UO~0(QW}4z|}ews$v$;5rW+*Vs!F@Df36z&2jvQqsh-qax%IOHcu-
zm4NIDltP7wqfI@oR3%Q-Qb$coz^G0mlx$LdxD^t{<U#Y&2328c`fw3dsj$?3XYTBB
zcO_TtNOSLe=P_r_ch8yK#EIO|pXUy(<ix3(-=0@@&maHC`4v8XHdb-bU;46-XdV$&
z5fz@n`+iJ}!t=4#i~i*aELUR2A^9WT&@x_yf6BoV;{mK^Vn;7NP+PQMk*li_xsnIb
z*NBQg{BHsB60k}Kh~-TO_{-S+)Be(tIla23{dvE-?Nu@n`~LL3Yu>ieS3{GE{xDHl
z5c@a~mEfQm=|Oe}W&}2?V%MfCYs*&KE!IGs+5+l|WB<odx-JFymDs^c{^jrfPl11P
zDKPM%jk|#;RBdAw;t0=RF2uwL)#D-SAl8j`9l?9hu6rQgWY>^|Iu`?AG-2X{g}Sov
z?%Q~qF&MlpFnA;jpUA?evhZXU{xtT>_g1uCvC^nL#+P@xH6lkVkOxK($NM|vc7*=r
zvFWfvuyQw#hu(jspt5O8_qs<mc5iI!+|bdsuBE%Zv%6zM)7I{e+Ny8w>yHJll?UcD
zsS}g0#@1b{jy>_0{Mggi0^?0r>v&Fwt?kBP{7~}vodZ9`S)}%5R1*~y<DJ3}qRwx5
z@G2DCMGyWus!Tpl%6=`%N~$r1A0ettdhnxI=VPA0%)`VOAG$djeeexgqWAKl&F>{T
zE2lthr?D*(gMW;^)lY8XlLhB;VRqS?y-)PsL})Yj@PHr9VZ95M5q(kw9CXbJ9w$na
z0atl2zL^uYSnS1ryTv~uO5#*bzs1OB24S5+i)V>$GyoqV@_mf?H=^NIUc<9`Z7Xl#
zM<<TAvR+gGn%RfbVn`Bqy{qfL#edzlL=o2oAe?gLOV$xbq`DIpr}PLbenu}{bkpJ?
z;_d6PH*`jC>?fXnoZEPyNAkFx7xxGc5o`Dv@ebjk*@K0LRNl*ojla!%$-jyF5X2dA
z?F*8``-F#4i)V@Zg@>^;54x#~*ZM@Rk9Kj3FG_rP;tyTCn|WwrV>f?gVVkM8dyx)C
z5$?F6cA_2uIWAVeC)y#Eg2<vb7&@s9gRc|yAuFm8tl!+lFYZjs=R-c_+F|96%PuZ@
zmgqnQL^Ce--9>a5_ENawzu+X%2;y?k#q%bJMnzv`{V(XZp5jgO#kS~zUfjpk+hkq5
zoahW#<hW~R@EySR9BF;h>fv)1`6x{BmpJDTN99}nL4CZ>#wk9iKSP`Wu}cm4T7o%&
zRB?FItsXx80o#jqfAGh?Og`BMorh0el;$%P1@AECYnY#szOajren*0;>%@z2*ttmd
zf0MX8lVn~dB*I1fK{AIkN#=;?t6aVRW#aYvou{}dSIk{l(8ntt69_7~Gm~oW%%s}Y
zC+%)GiJw5K9;$f<qNS)VSwq~bpYOBLT=+Sn%|$rxK_ccl3?U(ml7AAFmZFdZAd+Ay
z*dvzkG=@$HHy8yxWC<6X9v;FQ_wWw~WG}H5z9((0ZxD_7fl*xITPhfZBR8VK`|-`>
zB29R({36YG?BOqWhp~^Lc;$Q4xLAtutb7lgWxg@EqT9a9o99WaEBZw&AH$Nd{UoR`
zzXZ7PWr%gzZWAekiW^x}+{mJ0Hcf@D-or0#z&4WgtYkgqZfo|Jht0C=RpMX}*k*-R
z<|?tjX^(MB-?Nt=l0%o>(mSzSh2_#P?pevz?z(i4xLE-wT`%O$?UK9Qb?F)X!Cp6Y
zEbrOJ56Krv4X4KS0u>ww6>{kc1xwK(y(@v+Js44(9v7Ea6YoJ3r#B1tTf7-prd-NH
z7Vji}0Ter<L<16_JY_KEF^~XL7M~{m3I41&maK&<h{xpCPgwo$h(`t6w8;*~l4tCL
zxX~e(cn0SH=Tn0bqz>RKu^V0`eoYJ_E*2ioAVXiXiz`;?;r%X;Sbnje8(QTL!!k?^
z2~qKpX-RL{sKU&$QH6-$=^#~}SvIy=R5=2t%BHfI)P2$nmI*YAs`CRU+^`1c11Bxs
zPbw_-Gaf9>W0}GAqaK#)2O>GP!E*gzk9rZL0?KV>a6PH@QgN0EFr!*<KyJ7CL;9`n
zxy)1^(u@1k&84;@hWQ&6K`ac}Es#fQPym<^jC)2M&SL2>bY7N@WwNwU+^&;4=3z;8
zG{dqKXd?AS2olQznoGsS-m(xFA$6`+SMTM9Tsf5scLA;z_yMWQo+b+hNF_3xOeKW^
zyL&K7>d&?MqrJF;;cj8|K5m$!*_;+nvjvAp&EkKe6LBdq7`w|q9H9uM>f}o^y>9VN
z{3(=Xif8F3J$mUSoX%~w)8tf1Guh<P3{D-IC)FImUz2m6VEau#lNqVrF!n*{G37u8
z!`4@mc>rJ7;;XnwMBhVx<A9QJBFM<s>ly?v=`WsfO9spO100<=c7Sh9sneuunpLrW
zsZ|B}IUR3Rjr{s>8=gmWL|$WhuuZL1KP%C3ftQE3;MuGrTOfQjM-K|@*KvWr2oJX#
zkBGc_^<X=MC*de?aySZfs!B(qs!_ikRXO?xQ5EJ%9T!1k2LuZ`AVAy>SdL@w4zpWa
QV7O#>D^QD$Y*oSk0HTqkmjD0&

delta 3922
zcmb7Ge{9v&6+h>GAJ|Hf7TdnI^vCx_3|%Ww8QQu^eOn|{prt<y!HsTJYgbfw6)I_@
zrf;!{Y-0p{*o#p{1CBKlhogi#NAzv;k7gmHEtoX2xR)$uZ^^P%)+NnGGC${j?<?Q;
z5{%yTe!ur~&bjB@^ZA~0`$m45oj9F+WG#>Ursj{AROt6(|GBg(z&m1PQ^De$0is1j
zR7sQ{!Fx3(M*hpOrm5iFZ(z9=GY-iKyrE^h@_&(qC&n7A-;VuwYR$U*Kje728j&k`
z5Pg%V@YOF1urw_|Z0U3bpN_4b4i>lHa#zQ6aOp1iw#O>k8~f38^@bO0^amuYjs74}
z@iq8yAS%K^)6#?NcFZtrW@CS!E?-wXXI*T7IOPKBvQ1y(C>>WSxFh!BmEhekex<;_
zy;3pws*Ssm$o<U5%Eu87U@pPLa6iXG)-L}3Yu91Cqjud%6q2tfHc_mX-GK$hCQN*=
zP*Dc1x{0?NgZi5SgWEIk;~Dtb4E$0CJ{EiD>Z+#WR@!QhaeA3oBXYDnd0@CW-Wka4
z2%Y!Yv{@lo30)iueS9*n`pLfj)eU=}?5`&mW7nSU$eJgf@9utTue-sm+#lK1RrL+e
z<ca>V(!c$Tvplq~cWfegc-iCo;ZZ7BMipve3hxxY7u9;fhwnq#9P;6B5tRtZDf<Q#
zhtyOGe}}02)Y$m^2d(#>hnUbKxw)7<MDG;>qXrkS{g?*7PIOV9-ppt7;@L2pv1T6=
zO^$bO;Z7bbMG@QGc`J$jTmbBPW_b@2B`Sc?z~aqdaO>1rEcUX0hs8f6O2W?RxA=Xc
zS%h_>7GEZss|7wt6u5@@FCx9Mi8t_N{ZbQe<D&5^O{{bBz$D|l$dI_pkLm;8<$rEp
zewBDVV$!6Q-yjZ4873@F>61Ral>5Ag@7zMX1358#8o$PV{KM~YGY@u2A~zG`E+Hap
zH@;5XQv%%R!$L$V@s-48zfJtk_lbLjh-0389&o=9F=Fv$;sGIIbb$zcsDm2<BG;EY
zcxxbs_~3Z?_c_9Rbo}rS_^u_*rl6{k4o3bQQ2{=5r+_REt3MHSEd@qo(Hjh%xu67J
zCwdlHQH|*J|DWcc?=p5GUkv%Aw+}0C%y_uq+e8Cp5Y2ixu$*WJ_EMX&|F*M4#}JoY
z4=)-g8WDY^-TxD!xAX^lcvH4Hwt;s<c-3PDCWy|1OO9J>!M6k3(-friNvlW1i^xi0
z%6^IV5u&MF4;R)EP3XfB8_k2CBHGhpof`7x1T(x(A`#P^K5h#?v8`vLfJ+XfbISqf
zeB5$QI=9{8ADnXzPIoJAgUg9a)4Ao9!X38AesIfm>D+Qy^p&1IxKsab4{u&9wpcHT
zaMgBMgEf9MomGA`omEetw0_2jcOoAjtK5Y+DOQ8?`lpdpoOyi>ac;#Y_u}y8atk2|
zjG}XxS5Y$p5JRxk=0VHn0)|fbH26Bv5zA-MIUVWc6N9o%#6stUXI6}lJ{kl@vB)-q
zA(M;F;2NScaz7?~82<#Mlo#x=Uv310n^Am1H}(mZ;<_kwqo@`egX22(9B)}9v5xD%
zV)+=B4EGbr+Faqds%40ENtKC|mi1gl)^izI-$>7TBiu;VHzeyx&#mz<51VC47qROC
z+pN%_Tq*YR_81rRGyAw+4qb9Vzm4U6vivu0Ps!DKT~SZmsDP8+F67QFlDqY~BBEFH
zd8uRhOdr?F7fB7L#@hudI1Vc0DisP=yo0NAEpUquBZ|{$@n^Uy5yk1r!2KRBT}(VA
zSM3ptL&Qfxu`@z6C;=7>MtuenVAA5<#Bbuaf@8^AvWj?A?(&4y4-t<DwrP_cjwR37
zySS$zmv{ze0q0V!5u^?fD6$Su5}y%+u!n`m^T;sJX!W!D+VdWdrL($vKi4)z;Cm$|
zhJ+}4&GenWY*c=F*{FO(@HLAnO)neUEDDEPD4Vh=QujzRSSHXcYP~d1!V7C~E^yM~
z8d7y)KkLKNJeHY)1gQt*j)6#yZLr)i@NvJ%!v>Vg%HYpQJuDSxnE*3tD-Oslp1!<6
zJN+IrShiznn@jCLjPg^66UM|4Z{-uDq5{B#U|cC`D1)UT==>}lN@wX2*>;`OAs<WP
z(G1H{g(CG{2olQznoGsS-m*~9PU@p|I<k*zv*FIdvw#l>e1+7EugNMtA(cRN`kG87
zg#zo{%^~%Vb-JPt|Gu!@!bl(2-lEx@t-fY+w~)GlUj<Isqr_l%m)|Wy5vsw-m1cU^
z;t+o8Ni)SW^b<b4^b$_zHQR1-Dy5lh@@NKUJ(?%g9PV@E+#}e26VPNvsyB?i3q7VB
z$Y9t8YSIr7sI&MaE)vmqQqXKb$v9zT6zK5`+{3zhz$+On4-9Z?Y~<3S@k;~zze%;5
zbZ?_7)PHGGE^i)gRu6Hn4$G@iN9EO{<ISo;y)`qu4d|E-%PUJqw?Q~Mq2mJUhFgGs
zHLt@hW=B+Bl{zlcU(XD;0v*)hR-kv2Ix4VH$MMo1wyG?BTbrtb$8Z}254Az?a+|7E
Y=inO>?ip^!zS<cbZU@TI(RSs20jf!od;kCd

diff --git a/tap/tlstapper/tlstapper_bpfel.o b/tap/tlstapper/tlstapper_bpfel.o
index 10fcf1b8b1fcf390c5a2647539d4ce7c0a929cee..7d1f8a6fd00bcf47684f3573d1d066fe16630368 100644
GIT binary patch
delta 4098
zcmbuBYfMx}6vyY>#dQ_YT_2#U$ZE9$(ux)o#m8c#;G?i0D6O?%wGC7wG*O{d1Bu3%
z)(<3GGnh23Hl|VIqY4ocO{B&T_K}EDabq7Lrimb=qA`&Mn)ZL@&V{?1khF1<xii0W
z&OI}8?m4qte{NLUxl#3rhI{SB<QKOL=gh`e+Fp&SJv3f$8<V64^)ON}oR}!Y2qB^p
zF>k{BHLd>{^U;|5(O00eybiqs@_86r(f_dQNr=aoqq$zkqt~313v)j@TJYxG_~Mb1
zgn;RoR8z)J;|)CS$G*fKf=lit6nDb|drq@?UW9qW<p1aSJnXI0H3!e%o4foPB<y*y
z&GS;seO@6Ph#S<y#x30&jBB4>ycnkJVwuf_AM+#eFSEJN+7p(40}t#u%jS6%=GUkH
zr_DWTpI&<(rtBgcuO-hgH^iTBFM2dOw}p`N+=sqG&;6L!p|iXUeT|maVP1qe+SnXC
z2z_$|R}S$8Wl%RHP}~r~-$wAo2)-G?zXc!MpOg1cOAGWiy1^vGIH2(G1I>s2)U;Fb
zzic*zY=9PpPBR<xLnl4cbMi~GR<15xomZ4yn3uJ#G*DDpn4Pn}v~WS<)?GEh{GMqE
z!<wYANmB6Rp5)+>UU%?JPeNn$<1`xfh4lgTLStk1=i|1VMEzp(swLwYYu1wD`FQr5
z6`(jB&)a6+Dqe!;8Z!wMFUPaVOdZ85@$78;y1%txehW$%<aP^Djvjke2+nYeqrpDS
z$DsGN%KEqHg6D=1AuYZKarWKjKpwqE6elm_)6{}Z2)DOGh*VSzyJGf${hDWi<9<aV
zX+8>ecOt<wcY;Ut3UOHTfSekjd>WA3d3dw=N`T}T4~Hm9$B0+CF1K!`CmW3kLL{V-
zXww_a0_XTiV12b2OON#wvwkA<eVXgRt4c_?;hNoQ`^MXUXOsN1lw7rOWfXRlN#I<)
z)!*^9cN>X-jXhxNsOspjw~qP`?A<#^9Je2R7l~8W(GiM8H6*?R|ANeX5+&sBGFs*w
zPzu>nMr)h}sNgvVn_XL|lBmA9=6#wOoyQq77iZ$O81n$SC^Nq|^N)rQG25`Z)-$`n
z{QX(~3_NKEKBD5IW%Shtme>g~hnLxEoDa;0(Bt>vM?v#=Y}$DcfN-+@!bmLJAcRkI
zGk%Sn$Aw7Ld`oukq_rd1^p?!5q`AdBosD$&GzoE2TQQFYhiuIHUd@Z4cOiM*I0V11
zR=I)0Y2GidRO(gs%jhba`w?4NtsKE-?tnMKLAluMp-hNlOH!r7b}E!eMK`1tyTD<g
z97DEHZf7%&uoL3pLb(yk#80E}P|o5#*+Q8?;i2@?U?@-E{rRg%KHW*#(Y&A~$f~5-
zn^>U2T14St1&4(dY=yNC9$oL^p!TpLyREP;!-><&Nq%3cSF{A4Dw;ifh^t85Uo&+4
zU%<<hDFCDm-%iXb#D~pnwb%vb5HqW6tv9pv#bnObT1)JN_@*{1hTFJPX7;k4*$ob9
z{cdpVS$ugLj|2Bcyw8^dzaNBs4Dv2jv&u8%9lnZF89bDGcOlW(_M!X<(|35P5(|6c
zTY4p2b7OfWnAdV?R;PX*acVG3hfY0UKlNI6qY?|^Hf@GMwGf`HKaFL4J~OeHRgIzm
z`?S6v`uQm&R}-bHt@q2|9?DE-+l;9=F_Mf^gt-oE<eDkMtRfJAFRgEqj%po%Cb_<v
zGSzo6_hbGd@LMV%t>!h#{0v^_m7CY5#Rj+vmC2ku4W)y$sfl3z#bEtf=sgF`YnAy!
z@X9aLHCh{H(4t>p0|N#fnlFLJeo3NJ^Bnx~@t(plHU9v;_c)HJ**cI5*Bvj&_CDCV
zZR`U3qB6pFn5YdN!J+FcemFF%I5v?e(VQMHZ`9zfXXltt{Dc<f@sIi}y)w%mfVnoq
z(r2Qf?j_c%D;|ug+N3I)X@<I&B8vuMD}7?|pD{MY7%UQ1L}|ugk*Fd9cWSq)h%$`9
zqG28f?$dg8>nz0;qEkd&=3o@nLbWez!9;Da5F3bDWr$qODmLp3fizS02W0oBI>!#k
z%)Ry^E5Ww#wjWD#<0!-=U{V(mrGpVs0*6KEh&@U}MFz1ICFLKFkX|MS%gksQih?S#
z)}bggK)>LIp^7Y;_hku=?V<Ec7PP}6CWN@_V<z~JqaE;Q4?`zBYA%3&L60FvRpa($
z2bSRNYDyoz?AAHdzZZU?9v-3x5Llhn%uaBLW>r>hhiKKT%F5>uZ4vsAO>aPt|I}vL
zsj^CR2z!}$(;S0kav2MHQygNl&U&GnRVAvdV4te>%r3BBv$ero&8n(09HJ@;zg&Dm
zl{$WhsL=*@<b+zCI(OvOS}JP3T1(H{=#sn`Fc#4@*%dHWP=`z^z|bNqcnHbUJmktQ
z42J8BOfEE*Q;n=B1ZJF-XBbb(E+Cc5r1k2R3LYBdX&&$<4}CJJ2t$di;GspH=Aln^
j@lYd^ij}YegOPDro+*aYknCb<u1wm1VV|tnV9fa!NSK^1

delta 4041
zcmbuBYfMx}6vt=o!gdjm#mYm9vb3Zu4;5R`tthSrBN0UqA+$k*iWZEzhzj^<AgM`>
zwZ@8eFs+u<)<D#1g#tA;p^YC%Kj@l>-DuPBp{8g}#FnI_rAhy1?p*fnwj^zwaA)Rs
z&beo1&OK)q@1?Ng_;YIBm0zU)eoOl%x$7nG%OTAb(-^ggG&#sl%fwJQov~2HLY$a;
zFrTgT?_fR!b2pwPcu3xY=R?TnV(iEBv0={{`wVk5+Z=Qk^f|X-?#6@GI&f!Z*|(6x
zG$KovQLnv<?nLY}?4fnxU{cw6cp%T&CeI5nFOC0yo@-%moUXq0^TCX~{g9C7*G!%l
zVSaxGV-~~>>Ph1^GNU!_?yRy=n39XdCKqnZSIm5t%^kU$l(!xp$n#Q@=X}iHn)RPH
z_w(IZ%_m?=E|%l92M&Eh^!X0p3CBb2sY9P*V1KB&8}k-CWK)GFG+CdwU>=1z+SC>3
z;G4w<ak`(&r9rM=Ah|S%HwN+cAbvZD+gk5^pIUTANlVl=&VxC22V~LIp*iqe)a|6a
z+hntr4A4UGTu<&=<NGu^WAmP-*?IMwn{t^0t#;>D&zwzrw{G21?^x_`Hh5~Q)6;a5
zO-)^^9=*qHI_<9O8vEtlsErM%LTo{{bo96NijX`HeUF~Ul5@}>)w56XLiC{t{`d31
z9z6l1ei{06T|fQVUox*7g$T0S8LPn)+lOyp;&8A-@oDH2u8YCd{Bm?ZV?HGwgm}5P
z_f!$zz;`760DB}m`Ab3MV!%$t`QW4>#<ENt4R)LC>HR9jZ^GU_jNDOt4IDPY*kQ#t
zMO86h!*7Z!G{pCma1jwrVGB`lqfML?9qaj%vO5r`WOL?Kn;r+RaC3&`<z5XvmXl2S
z>ClfUE_|M`{0h$Oa7}KdeedH9ShzW{ng^UA23(-_cpC2|)Nod8;%KmOMv4)=KXFFb
z+v_-MH=ntQvkv3TuwQVHvn$~H$hIdTOkAtti>)`MLi|<5S6U;GDyfHiS8wDV&QJD!
zy@|gVUPSqmfzwbM#XLL)lPdk|6Mv^M7Fmtem7drJj#vCEIA%M(o@6n5CqKJ|-Xpmc
za*8am(I`ELmtvin2N@etJPo_H9s(eeq`&+e)@?)9DDK5ijI|wEqxgu(^6<h?GCd+%
zJUpX}rbF-=-Obp5vLc=W_L-RUBZ^0%w_V5Suv>axu5tsXQ|$VnPA%dR#dSPm8yOj`
z2EisCf-{bDQt6pPc@IqIp+X`%8A>Ff-NZI<Kqw>lzlRd?$wE0T4xvosfuT&HO_@UJ
z;(?)b^NCPais4=Al$F9&&oj#9sVJ1|cwi{O0igsNq3psgY?U~jIh06YBa~xt;;VXO
zA^FBUY&TDzJeo*#y10@lfM{1Sze8a{f>1PxWi$`#iD|G6OlHI~F^}tsc{N@pX0su;
zLO!7E?D%bs>(CRG^u%_sPwBJ3u@~``O&kRt33}g-Xw&;eu#fD<x{75=A;s_ktkU3&
z=--2IlkFK{-^&Z%ps7qE?1}E@WpGW6<mq5q%cfW!do<|SV3_)kJsxoELh>W)5pu7x
z!yuavJ?X2lj>DlR5wWaC6x*26_dq`{lZ#`V=g7VH2wwxw%^}<0po>I8QECw9zJPzr
z3iQ+<mLVvHFQxa0f<_eqk7#S;x$?v4`_b=xdP_#6U%xYnFTv~F8vTwmSOeFg42d5=
zZ$;uX1u^|Dklvbzgg&I-p~T7HWhdpG*&JZdr(Pff4F*GscYvpU#M!XoRQ%_X(1Bwr
zJ_LP2JC3Q?IFJoj8!bro4%pjGYy&$&T!A}uDuYkp&~_2O5{hLUyE&^+Jd!BF_MxQ6
zIp(kL<MWH?_dG?dO!8A;s>y)-nXbu8i1hM42V*KXDa$5Nlb6sx$_8>He{REXY^F9*
zCbEpOwTUv3Wdt5peq|ZCw287IjslM<y}Y>>;qFj5B5!Um%4)vcn6aQ!89c=XBJ(v?
zpjZZHmBx@~(mqdQ9Z*S@Ct5J|msy3z&f%X{H<qSGVHg0jmY^^l3JMcAAWTOC!sIVA
z$c-?`1<?7_I$9DEug@O_S!VtIFqA_7$_-7HSvYOX5d7G{b8<=WJ}e@A2)sJyJ+L+e
zkLEZG!=vH|2RuI3L{TGOE<GB8vyD7w^1@qXk^ijFiiPkHK90z$ye77SD-_GZvRhcc
zVp&)Y3-bo)eI~sIJ^n4$3r`l7)56S!l8|kgD3o1TFd@^z;#J-=)r>lkg$4U8r6;z5
z-HMG37ATf=<+8B45d3D*31#lMEv!iy91|7IDtC^Fj%L2D)q5+ncf6U8dif6Vv{+lf
z_lvX=Z3%A|wKOz|P8!<8LmF%%ZLPLM8|W0<)@pg&B{~VmE{I2jH6pDPMov*nL!0QN
zp+Y>Q0dKCu&?jnXh!>qSG>M10Fs%&a616m7MGV^5m*P<woVJOya!75WmWD;5vs_F4
E8^c|OCIA2c